[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [linux-linus bisection] complete test-amd64-i386-rumpuserxen-i386



branch xen-unstable
xen branch xen-unstable
job test-amd64-i386-rumpuserxen-i386
test guest-start

Tree: linux git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
Tree: linuxfirmware git://xenbits.xen.org/osstest/linux-firmware.git
Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git
Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git
Tree: rumpuserxen git://xenbits.xen.org/rumpuser-xen.git
Tree: rumpuserxen_buildrumpsh https://github.com/rumpkernel/buildrump.sh.git
Tree: rumpuserxen_netbsdsrc https://github.com/rumpkernel/src-netbsd
Tree: xen git://xenbits.xen.org/xen.git

*** Found and reproduced problem changeset ***

  Bug is in tree:  linux 
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
  Bug introduced:  89453379aaf0608253124057df6cd8ac63948135
  Bug not present: 53429290a054b30e4683297409fc4627b2592315


  commit 89453379aaf0608253124057df6cd8ac63948135
  Merge: 5342929 99a49ce
  Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 15:04:58 2014 -0700
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
      
      Pull networking fixes from David Miller:
       "A bit has accumulated, but it's been a week or so since my last batch
        of post-merge-window fixes, so...
      
         1) Missing module license in netfilter reject module, from Pablo.
            Lots of people ran into this.
      
         2) Off by one in mac80211 baserate calculation, from Karl Beldan.
      
         3) Fix incorrect return value from ax88179_178a driver's set_mac_addr
            op, which broke use of it with bonding.  From Ian Morgan.
      
         4) Checking of skb_gso_segment()'s return value was not all
            encompassing, it can return an SKB pointer, a pointer error, or
            NULL.  Fix from Florian Westphal.
      
            This is crummy, and longer term will be fixed to just return error
            pointers or a real SKB.
      
         6) Encapsulation offloads not being handled by
            skb_gso_transport_seglen().  From Florian Westphal.
      
         7) Fix deadlock in TIPC stack, from Ying Xue.
      
         8) Fix performance regression from using rhashtable for netlink
            sockets.  The problem was the synchronize_net() invoked for every
            socket destroy.  From Thomas Graf.
      
         9) Fix bug in eBPF verifier, and remove the strong dependency of BPF
            on NET.  From Alexei Starovoitov.
      
        10) In qdisc_create(), use the correct interface to allocate
            ->cpu_bstats, otherwise the u64_stats_sync member isn't
            initialized properly.  From Sabrina Dubroca.
      
        11) Off by one in ip_set_nfnl_get_byindex(), from Dan Carpenter.
      
        12) nf_tables_newchain() was erroneously expecting error pointers from
            netdev_alloc_pcpu_stats().  It only returna a valid pointer or
            NULL.  From Sabrina Dubroca.
      
        13) Fix use-after-free in _decode_session6(), from Li RongQing.
      
        14) When we set the TX flow hash on a socket, we mistakenly do so
            before we've nailed down the final source port.  Move the setting
            deeper to fix this.  From Sathya Perla.
      
        15) NAPI budget accounting in amd-xgbe driver was counting descriptors
            instead of full packets, fix from Thomas Lendacky.
      
        16) Fix total_data_buflen calculation in hyperv driver, from Haiyang
            Zhang.
      
        17) Fix bcma driver build with OF_ADDRESS disabled, from Hauke
            Mehrtens.
      
        18) Fix mis-use of per-cpu memory in TCP md5 code.  The problem is
            that something that ends up being vmalloc memory can't be passed
            to the crypto hash routines via scatter-gather lists.  From Eric
            Dumazet.
      
        19) Fix regression in promiscuous mode enabling in cdc-ether, from
            Olivier Blin.
      
        20) Bucket eviction and frag entry killing can race with eachother,
            causing an unlink of the object from the wrong list.  Fix from
            Nikolay Aleksandrov.
      
        21) Missing initialization of spinlock in cxgb4 driver, from Anish
            Bhatt.
      
        22) Do not cache ipv4 routing failures, otherwise if the sysctl for
            forwarding is subsequently enabled this won't be seen.  From
            Nicolas Cavallari"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (131 commits)
        drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
        drivers: net: cpsw: Fix broken loop condition in switch mode
        net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM 
with lengh 0
        stmmac: pci: set default of the filter bins
        net: smc91x: Fix gpios for device tree based booting
        mpls: Allow mpls_gso to be built as module
        mpls: Fix mpls_gso handler.
        r8152: stop submitting intr for -EPROTO
        netfilter: nft_reject_bridge: restrict reject to prerouting and input
        netfilter: nft_reject_bridge: don't use IP stack to reject traffic
        netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
        netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
        netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
        drivers/net: macvtap and tun depend on INET
        drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
        drivers/net: Disable UFO through virtio
        net: skb_fclone_busy() needs to detect orphaned skb
        gre: Use inner mac length when computing tunnel length
        mlx4: Avoid leaking steering rules on flow creation error flow
        net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for 
VXLAN
        ...
  
  commit 99a49ce613057f1934e1c378808374fd683b1541
  Merge: 1e5c4bc 75a916e
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Fri Oct 31 16:18:35 2014 -0400
  
      Merge tag 'master-2014-10-30' of 
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
      
      John W. Linville says:
      
      ====================
      pull request: wireless 2014-10-31
      
      Please pull this small batch of spooky fixes intended for the 3.18
      stream...boo!
      
      Cyril Brulebois adds an rt2x00 device ID.
      
      Dan Carpenter provides a one-line masking fix for an ath9k debugfs
      entry.
      
      Larry Finger gives us a package of small rtlwifi fixes which add some
      bits that were left out of some feature updates that were included
      in the merge window.  Hopefully this isn't a sign that the rtlwifi
      base is getting too big...
      
      Marc Yang brings a fix for a temporary mwifiex stall when doing 11n
      RX reordering.
      
      Please let me know if there are problems!
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e5c4bc497c0a96e1ad2974539d353870f2cb0b6
  Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 13:38:52 2014 -0400
  
      drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
      
      The cpsw driver did not support the IFF_ALLMULTI flag which makes dynamic
      multicast routing not work.  Related to this, when enabling IFF_PROMISC
      in switch mode, all registered multicast addresses are flushed, resulting
      in only broadcast and unicast traffic being received.
      
      A new cpsw_ale_set_allmulti function now scans through the ALE entry
      table and adds/removes the host port from the unregistered multicast
      port mask of each vlan entry depending on the state of IFF_ALLMULTI.
      In promiscious mode, cpsw_ale_set_allmulti is used to force reception
      of all multicast traffic in addition to the unicast and broadcast traffic.
      
      With this change dynamic multicast and promiscious mode both work in
      switch mode.
      
      Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 6f979eb3fcfb4c3f42f230d174db4bbad0080710
  Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 13:28:54 2014 -0400
  
      drivers: net: cpsw: Fix broken loop condition in switch mode
      
      0d961b3b52f566f823070ce2366511a7f64b928c (drivers: net: cpsw: fix buggy
      loop condition) accidentally fixed a loop comparison in too many places
      while fixing a real bug.
      
      It was correct to fix the dual_emac mode section since there 'i' is used
      as an index into priv->slaves which is a 0 based array.
      
      However the other two changes (which are only used in switch mode)
      are wrong since there 'i' is actually the ALE port number, and port 0
      is the host port, while port 1 and up are the slave ports.
      
      Putting the loop condition back in the switch mode section fixes it.
      
      A comment has been added to point out the intent clearly to avoid future
      confusion.  Also a comment is fixed that said the opposite of what was
      actually happening.
      
      Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
      Acked-by: Heiko Schocher <hs@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e0fb6fb6d52686134b2ece144060219591d4f8d3
  Author: Guenter Roeck <linux@xxxxxxxxxxxx>
  Date:   Thu Oct 30 20:50:15 2014 -0700
  
      net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with 
lengh 0
      
      If a driver supports reading EEPROM but no EEPROM is installed in the 
system,
      the driver's get_eeprom_len function returns 0. ethtool will subsequently
      try to read that zero-length EEPROM anyway. If the driver does not support
      EEPROM access at all, this operation will return -EOPNOTSUPP. If the 
driver
      does support EEPROM access but no EEPROM is installed, the operation will
      return -EINVAL. Return -EOPNOTSUPP in both cases for consistency.
      
      Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Tested-by: Andrew Lunn <andrew@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e19e084eae727654052339757ab7f1eaff58bad
  Author: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 18:28:03 2014 +0200
  
      stmmac: pci: set default of the filter bins
      
      The commit 3b57de958e2a brought the support for a different amount of the
      filter bins, but didn't update the PCI driver accordingly. This patch 
appends
      the default values when the device is enumerated via PCI bus.
      
      Fixes: 3b57de958e2a (net: stmmac: Support devicetree configs for mcast 
and ucast filter entries)
      Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
      Cc: stable@xxxxxxxxxxxxxxx
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 7d2911c4381555b31ef0bcae42a0dbf9ade7426e
  Author: Tony Lindgren <tony@xxxxxxxxxxx>
  Date:   Thu Oct 30 09:59:27 2014 -0700
  
      net: smc91x: Fix gpios for device tree based booting
      
      With legacy booting, the platform init code was taking care of
      the configuring of GPIOs. With device tree based booting, things
      may or may not work depending what bootloader has configured or
      if the legacy platform code gets called.
      
      Let's add support for the pwrdn and reset GPIOs to the smc91x
      driver to fix the issues of smc91x not working properly when
      booted in device tree mode.
      
      And let's change n900 to use these settings as some versions
      of the bootloader do not configure things properly causing
      errors.
      
      Reported-by: Kevin Hilman <khilman@xxxxxxxxxx>
      Signed-off-by: Tony Lindgren <tony@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit de05c400f7dfa566f598140f8604a5de8067cd5f
  Author: Pravin B Shelar <pshelar@xxxxxxxxxx>
  Date:   Thu Oct 30 00:50:04 2014 -0700
  
      mpls: Allow mpls_gso to be built as module
      
      Kconfig already allows mpls to be built as module. Following patch
      fixes Makefile to do same.
      
      CC: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx>
      Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f7065f4bd3fe4ad6bf7e49ba7c68baa2c7046146
  Author: Pravin B Shelar <pshelar@xxxxxxxxxx>
  Date:   Thu Oct 30 00:49:57 2014 -0700
  
      mpls: Fix mpls_gso handler.
      
      mpls gso handler needs to pull skb after segmenting skb.
      
      CC: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx>
      Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d59c876dd61f3c151db077f9d73774e605f2b35e
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Fri Oct 31 13:35:57 2014 +0800
  
      r8152: stop submitting intr for -EPROTO
      
      For Renesas USB 3.0 host controller, when unplugging the usb hub which
      has the RTL8153 plugged, the driver would get -EPROTO for interrupt
      transfer. There is high probability to get the information of "HC died;
      cleaning up", if the driver continues to submit the interrupt transfer
      before the disconnect() is called.
      
      [ 1024.197678] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.213673] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.229668] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.245661] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.261653] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.277648] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.293642] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.309638] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.325633] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.341627] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.357621] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.373615] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.383097] usb 9-1: USB disconnect, device number 2
      [ 1024.383103] usb 9-1.4: USB disconnect, device number 6
      [ 1029.391010] xhci_hcd 0000:04:00.0: xHCI host not responding to stop 
endpoint command.
      [ 1029.391016] xhci_hcd 0000:04:00.0: Assuming host is dying, halting 
host.
      [ 1029.392551] xhci_hcd 0000:04:00.0: HC died; cleaning up
      [ 1029.421480] usb 8-1: USB disconnect, device number 2
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e3a88f9c4f79a4d138a0ea464cfbac40ba46644c
  Merge: de11b0e 127917c
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Fri Oct 31 12:29:42 2014 -0400
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
      
      Pablo Neira Ayuso says:
      
      ====================
      netfilter/ipvs fixes for net
      
      The following patchset contains fixes for netfilter/ipvs. This round of
      fixes is larger than usual at this stage, specifically because of the
      nf_tables bridge reject fixes that I would like to see in 3.18. The
      patches are:
      
      1) Fix a null-pointer dereference that may occur when logging
         errors. This problem was introduced by 4a4739d56b0 ("ipvs: Pull
         out crosses_local_route_boundary logic") in v3.17-rc5.
      
      2) Update hook mask in nft_reject_bridge so we can also filter out
         packets from there. This fixes 36d2af5 ("netfilter: nf_tables: allow
         to filter from prerouting and postrouting"), which needs this chunk
         to work.
      
      3) Two patches to refactor common code to forge the IPv4 and IPv6
         reject packets from the bridge. These are required by the nf_tables
         reject bridge fix.
      
      4) Fix nft_reject_bridge by avoiding the use of the IP stack to reject
         packets from the bridge. The idea is to forge the reject packets and
         inject them to the original port via br_deliver() which is now
         exported for that purpose.
      
      5) Restrict nft_reject_bridge to bridge prerouting and input hooks.
         the original skbuff may cloned after prerouting when the bridge stack
         needs to flood it to several bridge ports, it is too late to reject
         the traffic.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 127917c29a432c3b798e014a1714e9c1af0f87fe
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 14:08:17 2014 +0100
  
      netfilter: nft_reject_bridge: restrict reject to prerouting and input
      
      Restrict the reject expression to the prerouting and input bridge
      hooks. If we allow this to be used from forward or any other later
      bridge hook, if the frame is flooded to several ports, we'll end up
      sending several reject packets, one per cloned packet.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 523b929d5446c023e1219aa81455a8c766cac883
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 18:40:26 2014 +0200
  
      netfilter: nft_reject_bridge: don't use IP stack to reject traffic
      
      If the packet is received via the bridge stack, this cannot reject
      packets from the IP stack.
      
      This adds functions to build the reject packet and send it from the
      bridge stack. Comments and assumptions on this patch:
      
      1) Validate the IPv4 and IPv6 headers before further processing,
         given that the packet comes from the bridge stack, we cannot assume
         they are clean. Truncated packets are dropped, we follow similar
         approach in the existing iptables match/target extensions that need
         to inspect layer 4 headers that is not available. This also includes
         packets that are directed to multicast and broadcast ethernet
         addresses.
      
      2) br_deliver() is exported to inject the reject packet via
         bridge localout -> postrouting. So the approach is similar to what
         we already do in the iptables reject target. The reject packet is
         sent to the bridge port from which we have received the original
         packet.
      
      3) The reject packet is forged based on the original packet. The TTL
         is set based on sysctl_ip_default_ttl for IPv4 and per-net
         ipv6.devconf_all hoplimit for IPv6.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 8bfcdf6671b1c8006c52c3eaf9fd1b5dfcf41c3d
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sun Oct 26 12:35:54 2014 +0100
  
      netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
      
      That can be reused by the reject bridge expression to build the reject
      packet. The new functions are:
      
      * nf_reject_ip6_tcphdr_get(): to sanitize and to obtain the TCP header.
      * nf_reject_ip6hdr_put(): to build the IPv6 header.
      * nf_reject_ip6_tcphdr_put(): to build the TCP header.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 052b9498eea532deb5de75277a53f6e0623215dc
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 18:24:57 2014 +0200
  
      netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
      
      That can be reused by the reject bridge expression to build the reject
      packet. The new functions are:
      
      * nf_reject_ip_tcphdr_get(): to sanitize and to obtain the TCP header.
      * nf_reject_iphdr_put(): to build the IPv4 header.
      * nf_reject_ip_tcphdr_put(): to build the TCP header.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 4d87716cd057bde3f90e304289c1fec88d45a1cc
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 12:25:06 2014 +0200
  
      netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
      
      Fixes: 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting 
and postrouting")
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit de11b0e8c569b96c2cf6a811e3805b7aeef498a3
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 03:10:31 2014 +0000
  
      drivers/net: macvtap and tun depend on INET
      
      These drivers now call ipv6_proxy_select_ident(), which is defined
      only if CONFIG_INET is enabled.  However, they have really depended
      on CONFIG_INET for as long as they have allowed sending GSO packets
      from userland.
      
      Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx>
      Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
      Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
      Fixes: b9fb9ee07e67 ("macvtap: add GSO/csum offload support")
      Fixes: 5188cd44c55d ("drivers/net, ipv6: Select IPv6 fragment idents for 
virtio UFO packets")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit c1304b217c7cefa5718fab9d36c59ba0d0133c6e
  Merge: 39bb5e6 5188cd4
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 20:01:27 2014 -0400
  
      Merge branch 'ufo-fix'
      
      Ben Hutchings says:
      
      ====================
      drivers/net,ipv6: Fix IPv6 fragment ID selection for virtio
      
      The virtio net protocol supports UFO but does not provide for passing a
      fragment ID for fragmentation of IPv6 packets.  We used to generate a
      fragment ID wherever such a packet was fragmented, but currently we
      always use ID=0!
      
      v2: Add blank lines after declarations
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Thu Oct 30 18:27:17 2014 +0000
  
      drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
      
      UFO is now disabled on all drivers that work with virtio net headers,
      but userland may try to send UFO/IPv6 packets anyway.  Instead of
      sending with ID=0, we should select identifiers on their behalf (as we
      used to).
      
      Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
      Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Thu Oct 30 18:27:12 2014 +0000
  
      drivers/net: Disable UFO through virtio
      
      IPv6 does not allow fragmentation by routers, so there is no
      fragmentation ID in the fixed header.  UFO for IPv6 requires the ID to
      be passed separately, but there is no provision for this in the virtio
      net protocol.
      
      Until recently our software implementation of UFO/IPv6 generated a new
      ID, but this was a bug.  Now we will use ID=0 for any UFO/IPv6 packet
      passed through a tap, which is even worse.
      
      Unfortunately there is no distinction between UFO/IPv4 and v6
      features, so disable UFO on taps and virtio_net completely until we
      have a proper solution.
      
      We cannot depend on VM managers respecting the tap feature flags, so
      keep accepting UFO packets but log a warning the first time we do
      this.
      
      Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
      Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 39bb5e62867de82b269b07df900165029b928359
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Thu Oct 30 10:32:34 2014 -0700
  
      net: skb_fclone_busy() needs to detect orphaned skb
      
      Some drivers are unable to perform TX completions in a bound time.
      They instead call skb_orphan()
      
      Problem is skb_fclone_busy() has to detect this case, otherwise
      we block TCP retransmits and can freeze unlucky tcp sessions on
      mostly idle hosts.
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Fixes: 1f3279ae0c13 ("tcp: avoid retransmits of TCP packets hanging in 
host queues")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 14051f0452a2c26a3f4791e6ad6a435e8f1945ff
  Author: Tom Herbert <therbert@xxxxxxxxxx>
  Date:   Thu Oct 30 08:40:56 2014 -0700
  
      gre: Use inner mac length when computing tunnel length
      
      Currently, skb_inner_network_header is used but this does not account
      for Ethernet header for ETH_P_TEB. Use skb_inner_mac_header which
      handles TEB and also should work with IP encapsulation in which case
      inner mac and inner network headers are the same.
      
      Tested: Ran TCP_STREAM over GRE, worked as expected.
      
      Signed-off-by: Tom Herbert <therbert@xxxxxxxxxx>
      Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 292dd6542f90126826fe87b302e6afa3b7ada6b8
  Merge: 9cc233f 571e1b2
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 19:49:20 2014 -0400
  
      Merge branch 'mellanox-net'
      
      Or Gerlitz says:
      
      ====================
      mlx4 driver encapsulation/steering fixes
      
      The 1st patch fixes a bug in the TX path that supports offloading the
      TX checksum of (VXLAN) encapsulated TCP packets. It turns out that the
      bug is revealed only when the receiver runs in non-offloaded mode, so
      we somehow missed it so far... please queue it for -stable >= 3.14
      
      The 2nd patch makes sure not to leak steering entry on error flow,
      please queue it to 3.17-stable
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 571e1b2c7a4c2fd5faa1648462a6b65fa26530d7
  Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
  Date:   Thu Oct 30 15:59:28 2014 +0200
  
      mlx4: Avoid leaking steering rules on flow creation error flow
      
      If mlx4_ib_create_flow() attempts to create > 1 rules with the
      firmware, and one of these registrations fail, we leaked the
      already created flow rules.
      
      One example of the leak is when the registration of the VXLAN ghost
      steering rule fails, we didn't unregister the original rule requested
      by the user, introduced in commit d2fce8a9060d "mlx4: Set
      user-space raw Ethernet QPs to properly handle VXLAN traffic".
      
      While here, add dump of the VXLAN portion of steering rules
      so it can actually be seen when flow creation fails.
      
      Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit a4f2dacbf2a5045e34b98a35d9a3857800f25a7b
  Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
  Date:   Thu Oct 30 15:59:27 2014 +0200
  
      net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN
      
      For VXLAN/NVGRE encapsulation, the current HW doesn't support offloading
      both the outer UDP TX checksum and the inner TCP/UDP TX checksum.
      
      The driver doesn't advertize SKB_GSO_UDP_TUNNEL_CSUM, however we are 
wrongly
      telling the HW to offload the outer UDP checksum for encapsulated packets,
      fix that.
      
      Fixes: 837052d0ccc5 ('net/mlx4_en: Add netdev support for TCP/IP
                     offloads of vxlan tunneling')
      Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 9cc233fb0f94b79d07cf141a625e237769d267a1
  Merge: fa19c2b0 e3215f0
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 19:46:33 2014 -0400
  
      Merge branch 'master' of 
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net
      
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Updates 2014-10-30
      
      This series contains updates to e1000, igb and ixgbe.
      
      Francesco Ruggeri fixes an issue with e1000 where in a VM the driver did
      not support unicast filtering.
      
      Roman Gushchin fixes an issue with igb where the driver was re-using
      mapped pages so that packets were still getting dropped even if all
      the memory issues are gone and there is free memory.
      
      Junwei Zhang found where in the ixgbe_clean_rx_ring() we were repeating
      the assignment of NULL to the receive buffer skb and fixes it.
      
      Emil fixes a race condition between setup_link and SFP detection routine
      in the watchdog when setting the advertised speed.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58
  Author: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 30 10:09:53 2014 +0100
  
      ipv4: Do not cache routing failures due to disabled forwarding.
      
      If we cache them, the kernel will reuse them, independently of
      whether forwarding is enabled or not.  Which means that if forwarding is
      disabled on the input interface where the first routing request comes
      from, then that unreachable result will be cached and reused for
      other interfaces, even if forwarding is enabled on them.  The opposite
      is also true.
      
      This can be verified with two interfaces A and B and an output interface
      C, where B has forwarding enabled, but not A and trying
      ip route get $dst iif A from $src && ip route get $dst iif B from $src
      
      Signed-off-by: Nicolas Cavallari 
<nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Julian Anastasov <ja@xxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e327c225c911529898ec300cb96d2088893de3df
  Author: Anish Bhatt <anish@xxxxxxxxxxx>
  Date:   Wed Oct 29 17:54:03 2014 -0700
  
      cxgb4 : Fix missing initialization of win0_lock
      
      win0_lock was being used un-initialized, resulting in warning traces
      being seen when lock debugging is enabled (and just wrong)
      
      Fixes : fc5ab0209650 ('cxgb4: Replaced the backdoor mechanism to access 
the HW
       memory with PCIe Window method')
      
      Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx>
      Signed-off-by: Casey Leedom <leedom@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 83810a9a6af310e413ce649c6ca2df2b4946e5a4
  Merge: d70127e e3bd1a8
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 15:49:05 2014 -0400
  
      Merge branch 'r8152-net'
      
      Hayes Wang says:
      
      ====================
      r8152: patches for autosuspend
      
      There are unexpected processes when enabling autosuspend.
      These patches are used to fix them.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e3bd1a81cd1e3f8ed961e642e97206d715db06c4
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Wed Oct 29 11:12:17 2014 +0800
  
      r8152: check WORK_ENABLE in suspend function
      
      Avoid unnecessary behavior when autosuspend occurs during open().
      The relative processes should only be run after finishing open().
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f4c7476b041d200c3b347f019eebf05e6d0b47f9
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Wed Oct 29 11:12:16 2014 +0800
  
      r8152: reset tp->speed before autoresuming in open function
      
      If (tp->speed & LINK_STATUS) is not zero, the rtl8152_resume()
      would call rtl_start_rx() before enabling the tx/rx. Avoid this
      by resetting it to zero.
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 923e1ee3ff0b585cc4f56cf696c8455708537ffb
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Wed Oct 29 11:12:15 2014 +0800
  
      r8152: clear SELECTIVE_SUSPEND when autoresuming
      
      The flag of SELECTIVE_SUSPEND should be cleared when autoresuming.
      Otherwise, when the system suspend and resume occur, it may have
      the wrong flow.
      
      Besides, because the flag of SELECTIVE_SUSPEND couldn't be used
      to check if the hw enables the relative feature, it should alwayes
      be disabled in close().
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 75a916e1944fea8347d2245c62567187e4eff9dd
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:13 2014 -0500
  
      rtlwifi: rtl8192se: Fix firmware loading
      
      An error in the code makes the allocated space for firmware to be too
      small.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 8ae3c16e41b02db8ffe4121468519d6352baedc1
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:11 2014 -0500
  
      rtlwifi: rtl8192ce: Add missing section to read descriptor setting
      
      The new version of rtlwifi needs code in rtl92ce_get_desc() that returns
      the buffer address for read operations.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 30c5ccc6afee39754cff75ad8d775ad39a2ce989
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:10 2014 -0500
  
      rtlwifi: rtl8192se: Add missing section to read descriptor setting
      
      The new version of rtlwifi needs code in rtl92se_get_desc() that returns
      the buffer address for read operations.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 501479699ff484ba8acc1d07022271f00cfc55a3
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:09 2014 -0500
  
      rtlwifi: rtl8192se: Fix duplicate calls to ieee80211_register_hw()
      
      Driver rtlwifi has been modified to call ieee80211_register_hw()
      from the probe routine; however, the existing call in the callback
      routine for deferred firmware loading was not removed.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit c0386f1584127442d0f2aea41bc948056d6b1337
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:08 2014 -0500
  
      rtlwifi: rtl8192ce: rtl8192de: rtl8192se: Fix handling for missing 
get_btc_status
      
      The recent changes in checking for Bluetooth status added some callbacks 
to code
      in rtlwifi. To make certain that all callbacks are defined, a dummy 
routine has been
      added to rtlwifi, and the drivers that need to use it are modified.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 3a8fede115f12f7b90524d1ba4e709ce398ce8c6
  Author: Marc Yang <yangyang@xxxxxxxxxxx>
  Date:   Wed Oct 29 22:44:34 2014 +0530
  
      mwifiex: restart rxreorder timer correctly
      
      During 11n RX reordering, if there is a hole in RX table,
      driver will not send packets to kernel until the rxreorder
      timer expires or the table is full.
      However, currently driver always restarts rxreorder timer when
      receiving a packet, which causes the timer hardly to expire.
      So while connected with to 11n AP in a busy environment,
      ping packets may get blocked for about 30 seconds.
      
      This patch fixes this timer restarting by ensuring rxreorder timer
      would only be restarted either timer is not set or start_win
      has changed.
      
      Signed-off-by: Chin-Ran Lo <crlo@xxxxxxxxxxx>
      Signed-off-by: Plus Chen <pchen@xxxxxxxxxxx>
      Signed-off-by: Marc Yang <yangyang@xxxxxxxxxxx>
      Signed-off-by: Cathy Luo <cluo@xxxxxxxxxxx>
      Signed-off-by: Avinash Patil <patila@xxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit a017ff755e43de9a3221d4ff4f03184ea7b93733
  Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
  Date:   Wed Oct 29 18:48:05 2014 +0300
  
      ath9k: fix some debugfs output
      
      The right shift operation has higher precedence than the mask so we
      left shift by "(i * 3)" and then immediately right shift by "(i * 3)"
      then we mask.  It should be left shift, mask, and then right shift.
      
      Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 664d6a792785cc677c2091038ce10322c8d04ae1
  Author: Cyril Brulebois <kibi@xxxxxxxxxx>
  Date:   Tue Oct 28 16:42:41 2014 +0100
  
      wireless: rt2x00: add new rt2800usb device
      
      0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle
      
      References: https://bugs.debian.org/766802
      Reported-by: Martin Mokrejs <mmokrejs@xxxxxxxxxxxxxxxxxx>
      Cc: stable@xxxxxxxxxxxxxxx
      Signed-off-by: Cyril Brulebois <kibi@xxxxxxxxxx>
      Acked-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit e3215f0ac77ec23b052cb0bf511143038ac2ad7b
  Author: Emil Tantilov <emil.s.tantilov@xxxxxxxxx>
  Date:   Tue Oct 28 05:50:03 2014 +0000
  
      ixgbe: fix race when setting advertised speed
      
      Following commands:
      
      modprobe ixgbe
      ifconfig ethX up
      ethtool -s ethX advertise 0x020
      
      can lead to "setup link failed with code -14" error due to the setup_link
      call racing with the SFP detection routine in the watchdog.
      
      This patch resolves this issue by protecting the setup_link call with 
check
      for __IXGBE_IN_SFP_INIT.
      
      Reported-by: Scott Harrison <scoharr2@xxxxxxxxx>
      Signed-off-by: Emil Tantilov <emil.s.tantilov@xxxxxxxxx>
      Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit 4d2fcfbcf8141cdf70245a0c0612b8076f4b7e32
  Author: Junwei Zhang <linggao.zjw@xxxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:29:03 2014 +0000
  
      ixgbe: need not repeat init skb with NULL
      
      Signed-off-by: Martin Zhang <martinbj2008@xxxxxxxxx>
      Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit bc16e47f03a7dce9ad68029b21519265c334eb12
  Author: Roman Gushchin <klamm@xxxxxxxxxxxxxx>
  Date:   Thu Oct 23 03:32:27 2014 +0000
  
      igb: don't reuse pages with pfmemalloc flag
      
      Incoming packet is dropped silently by sk_filter(), if the skb was
      allocated from pfmemalloc reserves and the corresponding socket is
      not marked with the SOCK_MEMALLOC flag.
      
      Igb driver allocates pages for DMA with __skb_alloc_page(), which
      calls alloc_pages_node() with the __GFP_MEMALLOC flag. So, in case
      of OOM condition, igb can get pages with pfmemalloc flag set.
      
      If an incoming packet hits the pfmemalloc page and is large enough
      (small packets are copying into the memory, allocated with
      netdev_alloc_skb_ip_align(), so they are not affected), it will be
      dropped.
      
      This behavior is ok under high memory pressure, but the problem is
      that the igb driver reuses these mapped pages. So, packets are still
      dropping even if all memory issues are gone and there is a plenty
      of free memory.
      
      In my case, some TCP sessions hang on a small percentage (< 0.1%)
      of machines days after OOMs.
      
      Fix this by avoiding reuse of such pages.
      
      Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx>
      Tested-by: Aaron Brown "aaron.f.brown@xxxxxxxxx"
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit a22bb0b9b9b09b4cc711f6d577679773e074dde9
  Author: Francesco Ruggeri <fruggeri@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:29:24 2014 +0000
  
      e1000: unset IFF_UNICAST_FLT on WMware 82545EM
      
      VMWare's e1000 implementation does not seem to support unicast filtering.
      This can be observed by configuring a macvlan interface on eth0 in a VM in
      VMWare Fusion 5.0.5, and trying to use that interface instead of eth0.
      Tested on 3.16.
      
      Signed-off-by: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
      Tested-by: Aaron Brown <aaron.f.brown@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit d70127e8a942364de8dd140fe73893efda363293
  Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
  Date:   Tue Oct 28 10:44:01 2014 +0100
  
      inet: frags: remove the WARN_ON from inet_evict_bucket
      
      The WARN_ON in inet_evict_bucket can be triggered by a valid case:
      inet_frag_kill and inet_evict_bucket can be running in parallel on the
      same queue which means that there has been at least one more ref added
      by a previous inet_frag_find call, but inet_frag_kill can delete the
      timer before inet_evict_bucket which will cause the WARN_ON() there to
      trigger since we'll have refcnt!=1. Now, this case is valid because the
      queue is being "killed" for some reason (removed from the chain list and
      its timer deleted) so it will get destroyed in the end by one of the
      inet_frag_put() calls which reaches 0 i.e. refcnt is still valid.
      
      CC: Florian Westphal <fw@xxxxxxxxx>
      CC: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      CC: Patrick McLean <chutzpah@xxxxxxxxxx>
      
      Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue")
      Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx>
      Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 65ba1f1ec0eff1c25933468e1d238201c0c2cb29
  Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
  Date:   Tue Oct 28 10:30:34 2014 +0100
  
      inet: frags: fix a race between inet_evict_bucket and inet_frag_kill
      
      When the evictor is running it adds some chosen frags to a local list to
      be evicted once the chain lock has been released but at the same time
      the *frag_queue can be running for some of the same queues and it
      may call inet_frag_kill which will wait on the chain lock and
      will then delete the queue from the wrong list since it was added in the
      eviction one. The fix is simple - check if the queue has the evict flag
      set under the chain lock before deleting it, this is safe because the
      evict flag is set only under that lock and having the flag set also means
      that the queue has been detached from the chain list, so no need to delete
      it again.
      An important note to make is that we're safe w.r.t refcnt because
      inet_frag_kill and inet_evict_bucket will sync on the del_timer operation
      where only one of the two can succeed (or if the timer is executing -
      none of them), the cases are:
      1. inet_frag_kill succeeds in del_timer
       - then the timer ref is removed, but inet_evict_bucket will not add
         this queue to its expire list but will restart eviction in that chain
      2. inet_evict_bucket succeeds in del_timer
       - then the timer ref is kept until the evictor "expires" the queue, but
         inet_frag_kill will remove the initial ref and will set
         INET_FRAG_COMPLETE which will make the frag_expire fn just to remove
         its ref.
      In the end all of the queue users will do an inet_frag_put and the one
      that reaches 0 will free it. The refcount balance should be okay.
      
      CC: Florian Westphal <fw@xxxxxxxxx>
      CC: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      CC: Patrick McLean <chutzpah@xxxxxxxxxx>
      
      Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue")
      Suggested-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx>
      Tested-by: Patrick McLean <chutzpah@xxxxxxxxxx>
      Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
      Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8f4eb70059ee834522ce90a6fce0aa3078c18620
  Author: Tej Parkash <tej.parkash@xxxxxxxxxx>
  Date:   Tue Oct 28 01:18:15 2014 -0400
  
      cnic: Update the rcu_access_pointer() usages
      
      1. Remove the rcu_read_lock/unlock around rcu_access_pointer
      2. Replace the rcu_dereference with rcu_access_pointer
      
      Signed-off-by: Tej Parkash <tej.parkash@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit cd03cf0158449f9f4c19ecb54dfc97d9bd86eeeb
  Author: Hariprasad Shenai <hariprasad@xxxxxxxxxxx>
  Date:   Mon Oct 27 23:22:10 2014 +0530
  
      cxgb4vf: Replace repetitive pci device ID's with right ones
      
      Replaced repetive Device ID's which got added in commit b961f9a48844ecf3
      ("cxgb4vf: Remove superfluous "idx" parameter of CH_DEVICE() macro")
      
      Signed-off-by: Hariprasad Shenai <hariprasad@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b2ed64a97430a26a63c6ea91c9b50e639a98dfbc
  Author: Lubomir Rintel <lkundrak@xxxxx>
  Date:   Mon Oct 27 17:39:16 2014 +0100
  
      ipv6: notify userspace when we added or changed an ipv6 token
      
      NetworkManager might want to know that it changed when the router 
advertisement
      arrives.
      
      Signed-off-by: Lubomir Rintel <lkundrak@xxxxx>
      Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
      Cc: Daniel Borkmann <dborkman@xxxxxxxxxx>
      Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d56109020d93337545dd257a790cb429a70acfad
  Author: WANG Cong <xiyou.wangcong@xxxxxxxxx>
  Date:   Fri Oct 24 16:55:58 2014 -0700
  
      sch_pie: schedule the timer after all init succeed
      
      Cc: Vijay Subramanian <vijaynsu@xxxxxxxxx>
      Cc: David S. Miller <davem@xxxxxxxxxxxxx>
      Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
      Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
  
  commit 068301f2be36a5c1ee9a2521c94b98e343612a88
  Merge: 9ffa1fc b77e26d
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 17:26:24 2014 -0400
  
      Merge branch 'cdc-ether'
      
      Olivier Blin says:
      
      ====================
      cdc-ether: handle promiscuous mode
      
      Since kernel 3.16, my Lenovo USB network adapters (RTL8153) using
      cdc-ether are not working anymore in a bridge.
      
      This is due to commit c472ab68ad67db23c9907a27649b7dc0899b61f9, which
      resets the packet filter when the device is bound.
      
      The default packet filter set by cdc-ether does not include
      promiscuous, while the adapter seemed to have promiscuous enabled by
      default.
      
      This patch series allows to support promiscuous mode for cdc-ether, by
      hooking into set_rx_mode.
      
      Incidentally, maybe this device should be handled by the r8152 driver,
      but this patch series is still nice for other adapters.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
      Acked-by: Oliver Neukum <oneukum@xxxxxxx>
  
  commit b77e26d191590c73b4a982ea3b3b87194069a56a
  Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
  Date:   Fri Oct 24 19:43:02 2014 +0200
  
      cdc-ether: handle promiscuous mode with a set_rx_mode callback
      
      Promiscuous mode was not supported anymore with my Lenovo adapters
      (RTL8153) since commit c472ab68ad67db23c9907a27649b7dc0899b61f9
      (cdc-ether: clean packet filter upon probe).
      
      It was not possible to use them in a bridge anymore.
      
      Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
      Also-analyzed-by: Loïc Yhuel <loic.yhuel@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d80c679bc1526183f1cf4adc54b0b72e8798555e
  Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
  Date:   Fri Oct 24 19:43:01 2014 +0200
  
      cdc-ether: extract usbnet_cdc_update_filter function
      
      This will be used by the set_rx_mode callback.
      
      Also move a comment about multicast filtering in this new function.
      
      Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1efed2d06c703489342ab6af2951683e07509c99
  Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
  Date:   Fri Oct 24 19:43:00 2014 +0200
  
      usbnet: add a callback for set_rx_mode
      
      To delegate promiscuous mode and multicast filtering to the subdriver.
      
      Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 9ffa1fcaef222026a8e031830f8db29d3f2cfc47
  Merge: ebcf34f 704d33e
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 17:08:56 2014 -0400
  
      Merge branch 'systemport-net'
      
      Florian Fainelli says:
      
      ====================
      net: systemport: RX path and suspend fixes
      
      These two patches fix a race condition where we have our RX interrupts
      enabled, but not NAPI for the RX path, and the second patch fixes an
      issue for packets stuck in RX fifo during a suspend/resume cycle.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 704d33e7006f20f9b4fa7d24a0f08c4b5919b131
  Author: Florian Fainelli <f.fainelli@xxxxxxxxx>
  Date:   Tue Oct 28 11:12:01 2014 -0700
  
      net: systemport: reset UniMAC coming out of a suspend cycle
      
      bcm_sysport_resume() was missing an UniMAC reset which can lead to
      various receive FIFO corruptions coming out of a suspend cycle. If the
      RX FIFO is stuck, it will deliver corrupted/duplicate packets towards
      the host CPU interface.
      
      This could be reproduced on crowded network and when Wake-on-LAN is
      enabled for this particular interface because the switch still forwards
      packets towards the host CPU interface (SYSTEMPORT), and we had to leave
      the UniMAC RX enable bit on to allow matching MagicPackets.
      
      Once we re-enter the resume function, there is a small window during
      which the UniMAC receive is still enabled, and we start queueing
      packets, but the RDMA and RBUF engines are not ready, which leads to
      having packets stuck in the UniMAC RX FIFO, ultimately delivered towards
      the host CPU as corrupted.
      
      Fixes: 40755a0fce17 ("net: systemport: add suspend and resume support")
      Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8edf0047f4b8e03d94ef88f5a7dec146cce03a06
  Author: Florian Fainelli <f.fainelli@xxxxxxxxx>
  Date:   Tue Oct 28 11:12:00 2014 -0700
  
      net: systemport: enable RX interrupts after NAPI
      
      There is currently a small window during which the SYSTEMPORT adapter
      enables its RX interrupts without having enabled its NAPI handler, which
      can result in packets to be discarded during interface bringup.
      
      A similar but more serious window exists in bcm_sysport_resume() during
      which we can have the RDMA engine not fully prepared to receive packets
      and yet having RX interrupts enabled.
      
      Fix this my moving the RX interrupt enable down to
      bcm_sysport_netif_start() after napi_enable() for the RX path is called,
      which fixes both call sites: bcm_sysport_open() and
      bcm_sysport_resume().
      
      Fixes: b02e6d9ba7ad ("net: systemport: add 
bcm_sysport_netif_{enable,stop}")
      Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ebcf34f3d4be11f994340aff629f3c17171a4f65
  Author: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
  Date:   Sun Oct 26 19:14:06 2014 -0700
  
      skbuff.h: fix kernel-doc warning for headers_end
      
      Fix kernel-doc warning in <linux/skbuff.h> by making both headers_start
      and headers_end private fields.
      
      Warning(..//include/linux/skbuff.h:654): No description found for 
parameter 'headers_end[0]'
      
      Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 99d881f993f066c75059d24e44c74f7a3fc199bc
  Author: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Sun Oct 26 14:22:24 2014 -0500
  
      net: phy: Add SGMII Configuration for Marvell 88E1145 Initialization
      
      Marvell phy 88E1145 configuration & initialization was missing a case
      for initializing SGMII mode. This patch adds that case.
      
      Signed-off-by: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 47276fcc2d542e7b15e384c08b1709c1921b06c1
  Author: Mugunthan V N <mugunthanvnm@xxxxxx>
  Date:   Fri Oct 24 18:51:33 2014 +0530
  
      drivers: net:cpsw: fix probe_dt when only slave 1 is pinned out
      
      when slave 0 has no phy and slave 1 connected to phy, driver probe will
      fail as there is no phy id present for slave 0 device tree, so continuing
      even though no phy-id found, also moving mac-id read later to ensure
      mac-id is read from device tree even when phy-id entry in not found.
      
      Signed-off-by: Mugunthan V N <mugunthanvnm@xxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 25946f20b775f5c630d4326dd7a7f1df0576eb57
  Merge: 3923d68 99c8140
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 15:30:15 2014 -0400
  
      Merge tag 'master-2014-10-27' of 
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
      
      John W. Linville says:
      
      ====================
      pull request: wireless 2014-10-28
      
      Please pull this batch of fixes intended for the 3.18 stream!
      
      For the mac80211 bits, Johannes says:
      
      "Here are a few fixes for the wireless stack: one fixes the
      RTS rate, one for a debugfs file, one to return the correct
      channel to userspace, a sanity check for a userspace value
      and the remaining two are just documentation fixes."
      
      For the iwlwifi bits, Emmanuel says:
      
      "I revert here a patch that caused interoperability issues.
      dvm gets a fix for a bug that was reported by many users.
      Two minor fixes for BT Coex and platform power fix that helps
      reducing latency when the PCIe link goes to low power states."
      
      In addition...
      
      Felix Fietkau adds a couple of ath code fixes related to regulatory
      rule enforcement.
      
      Hauke Mehrtens fixes a build break with bcma when CONFIG_OF_ADDRESS
      is not set.
      
      Karsten Wiese provides a trio of minor fixes for rtl8192cu.
      
      Kees Cook prevents a potential information leak in rtlwifi.
      
      Larry Finger also brings a trio of minor fixes for rtlwifi.
      
      RafaÅ? MiÅ?ecki adds a device ID to the bcma bus driver.
      
      Rickard Strandqvist offers some strn* -> strl* changes in brcmfmac
      to eliminate non-terminated string issues.
      
      Sujith Manoharan avoids some ath9k stalls by enabling HW queue control
      only for MCC.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3923d68dc05033aa843b67d73110a6d402ac6e14
  Merge: f89b775 c146b77
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 15:28:30 2014 -0400
  
      Merge branch 'dsa-net'
      
      Andrew Lunn says:
      
      ====================
      DSA tagging mismatches
      
      The second patch is a fix, which should be applied to -rc. It is
      possible to get a DSA configuration which does not work. The patch
      stops this happening.
      
      The first patch detects this situation, and errors out the probe of
      DSA, making it more obvious something is wrong. It is not required to
      apply it -rc.
      
      v2 fixes the use case pointed out by Florian, that a switch driver
      may use DSA_TAG_PROTO_NONE which the patch did not correctly handle.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit c146b7788e5721ec15bc0197bedf75849508e7ea
  Author: Andrew Lunn <andrew@xxxxxxx>
  Date:   Fri Oct 24 23:44:05 2014 +0200
  
      dsa: mv88e6171: Fix tagging protocol/Kconfig
      
      The mv88e6171 can support two different tagging protocols, DSA and
      EDSA. The switch driver structure only allows one protocol to be
      enumerated, and DSA was chosen. However the Kconfig entry ensures the
      EDSA tagging code is built. With a minimal configuration, we then end
      up with a mismatch. The probe is successful, EDSA tagging is used, but
      the switch is configured for DSA, resulting in mangled packets.
      
      Change the switch driver structure to enumerate EDSA, fixing the
      mismatch.
      
      Signed-off-by: Andrew Lunn <andrew@xxxxxxx>
      Fixes: 42f272539487 ("net: DSA: Marvell mv88e6171 switch driver")
      Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ae439286a0dec99cc8029868243689b5b5f3ff75
  Author: Andrew Lunn <andrew@xxxxxxx>
  Date:   Fri Oct 24 23:44:04 2014 +0200
  
      net: dsa: Error out on tagging protocol mismatches
      
      If there is a mismatch between enabled tagging protocols and the
      protocol the switch supports, error out, rather than continue with a
      situation which is unlikely to work.
      
      Signed-off-by: Andrew Lunn <andrew@xxxxxxx>
      cc: alexander.h.duyck@xxxxxxxxx
      Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3d53666b40007b55204ee8890618da79a20c9940
  Author: Alex Gartrell <agartrell@xxxxxx>
  Date:   Mon Oct 6 08:46:19 2014 -0700
  
      ipvs: Avoid null-pointer deref in debug code
      
      Use daddr instead of reaching into dest.
      
      Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Signed-off-by: Alex Gartrell <agartrell@xxxxxx>
      Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
  
  commit f89b7755f517cdbb755d7543eef986ee9d54e654
  Author: Alexei Starovoitov <ast@xxxxxxxxxxxx>
  Date:   Thu Oct 23 18:41:08 2014 -0700
  
      bpf: split eBPF out of NET
      
      introduce two configs:
      - hidden CONFIG_BPF to select eBPF interpreter that classic socket filters
        depend on
      - visible CONFIG_BPF_SYSCALL (default off) that tracing and sockets can 
use
      
      that solves several problems:
      - tracing and others that wish to use eBPF don't need to depend on NET.
        They can use BPF_SYSCALL to allow loading from userspace or select BPF
        to use it directly from kernel in NET-less configs.
      - in 3.18 programs cannot be attached to events yet, so don't force it on
      - when the rest of eBPF infra is there in 3.19+, it's still useful to
        switch it off to minimize kernel size
      
      bloat-o-meter on x64 shows:
      add/remove: 0/60 grow/shrink: 0/2 up/down: 0/-15601 (-15601)
      
      tested with many different config combinations. Hopefully didn't miss 
anything.
      
      Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
      Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8ae3c911b9efcca653c552a9c74957a6cb04a87d
  Merge: 5d26b1f 3bb0626
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 19:00:16 2014 -0400
  
      Merge branch 'cxgb4-net'
      
      Anish Bhatt says:
      
      ====================
      cxgb4 : DCBx fixes for apps/host lldp agents
      
      This patchset  contains some minor fixes for cxgb4 DCBx code. Chiefly, 
cxgb4
      was not cleaning up any apps added to kernel app table when link was lost.
      Disabling DCBx in firmware would automatically set DCBx state to 
host-managed
      and enabled, we now wait for an explicit enable call from an lldp agent 
instead
      
      First patch was originally sent to net-next, but considering it applies to
      correcting behaviour of code already in net, I think it qualifies as a 
bug fix.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3bb062613b1ecbd0c388106f61344d699f7859ec
  Author: Anish Bhatt <anish@xxxxxxxxxxx>
  Date:   Thu Oct 23 14:37:31 2014 -0700
  
      cxgb4 : Handle dcb enable correctly
      
      Disabling DCBx in firmware automatically enables DCBx for control via host
      lldp agents. Wait for an explicit setstate call from an lldp agents to 
enable
       DCBx instead.
      
      Fixes: 76bcb31efc06 ("cxgb4 : Add DCBx support codebase and dcbnl_ops")
      
      Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 2376c879b80c83424a3013834be97fb9fe2d4180
  Author: Anish Bhatt <anish@xxxxxxxxxxx>
  Date:   Thu Oct 23 14:37:30 2014 -0700
  
      cxgb4 : Improve handling of DCB negotiation or loss thereof
      
      Clear out any DCB apps we might have added to kernel table when we lose 
DCB
      sync (or IEEE equivalent event). These were previously left behind and not
      cleaned up correctly. IEEE allows individual components to work 
independently,
       so improve check for IEEE completion by specifying individual components.
      
      Fixes: 10b0046685ab ("cxgb4: IEEE fixes for DCBx state machine")
      
      Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 5d26b1f50a610fb28700cdc3446590495a5f607c
  Merge: 93a35f5 7965ee9
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 18:47:40 2014 -0400
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
      
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Allow to recycle a TCP port in conntrack when the change role from
         server to client, from Marcelo Leitner.
      
      2) Fix possible off by one access in ip_set_nfnl_get_byindex(), patch
         from Dan Carpenter.
      
      3) alloc_percpu returns NULL on error, no need for IS_ERR() in nf_tables
         chain statistic updates. From Sabrina Dubroca.
      
      4) Don't compile ip options in bridge netfilter, this mangles the packet
         and bridge should not alter layer >= 3 headers when forwarding packets.
         Patch from Herbert Xu and tested by Florian Westphal.
      
      5) Account the final NLMSG_DONE message when calculating the size of the
         nflog netlink batches. Patch from Florian Westphal.
      
      6) Fix a possible netlink attribute length overflow with large packets.
         Again from Florian Westphal.
      
      7) Release the skbuff if nfnetlink_log fails to put the final
         NLMSG_DONE message. This fixes a leak on error. This shouldn't ever
         happen though, otherwise this means we miscalculate the netlink batch
         size, so spot a warning if this ever happens so we can track down the
         problem. This patch from Houcheng Lin.
      
      8) Look at the right list when recycling targets in the nft_compat,
         patch from Arturo Borrero.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 7965ee93719921ea5978f331da653dfa2d7b99f5
  Author: Arturo Borrero <arturo.borrero.glez@xxxxxxxxx>
  Date:   Sun Oct 26 12:22:40 2014 +0100
  
      netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops()
      
      The code looks for an already loaded target, and the correct list to 
search
      is nft_target_list, not nft_match_list.
      
      Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 99c814066e75d09e6a38574c6c395f022a04b730
  Merge: fad1dbc 11b2357
  Author: John W. Linville <linville@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 13:38:15 2014 -0400
  
      Merge tag 'mac80211-for-john-2014-10-23' of 
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg <johannes@xxxxxxxxxxxxxxxx> says:
      
      "Here are a few fixes for the wireless stack: one fixes the
      RTS rate, one for a debugfs file, one to return the correct
      channel to userspace, a sanity check for a userspace value
      and the remaining two are just documentation fixes."
      
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit fad1dbc8efb4e51e121c745a99c0fb22b420a5c6
  Merge: 0805420 7f2ac8f
  Author: John W. Linville <linville@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 13:35:59 2014 -0400
  
      Merge tag 'iwlwifi-for-john-2014-10-23' of 
git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
      
      Emmanuel Grumbach <egrumbach@xxxxxxxxx> says:
      
      "I revert here a patch that caused interoperability issues.
      dvm gets a fix for a bug that was reported by many users.
      Two minor fixes for BT Coex and platform power fix that helps
      reducing latency when the PCIe link goes to low power states."
      
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 93a35f59f1b13a02674877e3efdf07ae47e34052
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Thu Oct 23 06:30:30 2014 -0700
  
      net: napi_reuse_skb() should check pfmemalloc
      
      Do not reuse skb if it was pfmemalloc tainted, otherwise
      future frame might be dropped anyway.
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit aa9c5579153535fb317a9d34c7d8eaf02b7ef4cd
  Merge: b71e821 bf1bac5
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Sun Oct 26 22:46:08 2014 -0400
  
      Merge branch 'mellanox'
      
      Eli Cohen says:
      
      ====================
      irq sync fixes
      
      This two patch series fixes a race where an interrupt handler could 
access a
      freed memory.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit bf1bac5b7882daa41249f85fbc97828f0597de5c
  Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 23 15:57:27 2014 +0300
  
      net/mlx4_core: Call synchronize_irq() before freeing EQ buffer
      
      After moving the EQ ownership to software effectively destroying it, call
      synchronize_irq() to ensure that any handler routines running on other CPU
      cores finish execution. Only then free the EQ buffer.
      The same thing is done when we destroy a CQ which is one of the sources
      generating interrupts. In the case of CQ we want to avoid completion 
handlers
      on a CQ that was destroyed. In the case we do the same to avoid receiving
      asynchronous events after the EQ has been destroyed and its buffers freed.
      
      Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 96e4be06cbfcb8c9c2da7c77bacce0e56b581c0b
  Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 23 15:57:26 2014 +0300
  
      net/mlx5_core: Call synchronize_irq() before freeing EQ buffer
      
      After destroying the EQ, the object responsible for generating 
interrupts, call
      synchronize_irq() to ensure that any handler routines running on other CPU
      cores finish execution. Only then free the EQ buffer. This patch solves a 
very
      rare case when we get panic on driver unload.
      The same thing is done when we destroy a CQ which is one of the sources
      generating interrupts. In the case of CQ we want to avoid completion 
handlers
      on a CQ that was destroyed. In the case we do the same to avoid receiving
      asynchronous events after the EQ has been destroyed and its buffers freed.
      
      Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b71e821de50f0ff92f10f33064ee1713e9014158
  Author: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
  Date:   Thu Oct 23 10:25:53 2014 +0200
  
      drivers: net: xgene: Rewrite buggy loop in xgene_enet_ecc_init()
      
      drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c: In function 
â??xgene_enet_ecc_initâ??:
      drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c:126: warning: 
â??dataâ?? may be used uninitialized in this function
      
      Depending on the arbitrary value on the stack, the loop may terminate
      too early, and cause a bogus -ENODEV failure.
      
      Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 013f6579c6e4f9517127a176bfc37bbac0b766cb
  Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
  Date:   Wed Oct 22 20:06:29 2014 -0700
  
      i40e: _MASK vs _SHIFT typo in i40e_handle_mdd_event()
      
      We accidentally mask by the _SHIFT variable.  It means that "event" is
      always zero.
      
      Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Tested-by: Jim Young <jamesx.m.young@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit fe0ca7328d03d36aafecebb3af650e1bb2841c20
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Wed Oct 22 19:43:46 2014 -0700
  
      macvlan: fix a race on port dismantle and possible skb leaks
      
      We need to cancel the work queue after rcu grace period,
      otherwise it can be rescheduled by incoming packets.
      
      We need to purge queue if some skbs are still in it.
      
      We can use __skb_queue_head_init() variant in
      macvlan_process_broadcast()
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Fixes: 412ca1550cbec ("macvlan: Move broadcasts into a work queue")
      Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 349ce993ac706869d553a1816426d3a4bfda02b1
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Thu Oct 23 12:58:58 2014 -0700
  
      tcp: md5: do not use alloc_percpu()
      
      percpu tcp_md5sig_pool contains memory blobs that ultimately
      go through sg_set_buf().
      
      -> sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
      
      This requires that whole area is in a physically contiguous portion
      of memory. And that @buf is not backed by vmalloc().
      
      Given that alloc_percpu() can use vmalloc() areas, this does not
      fit the requirements.
      
      Replace alloc_percpu() by a static DEFINE_PER_CPU() as tcp_md5sig_pool
      is small anyway, there is no gain to dynamically allocate it.
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Fixes: 765cf9976e93 ("tcp: md5: remove one indirection level in 
tcp_md5sig_pool")
      Reported-by: Crestez Dan Leonard <cdleonard@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 4cc40af08032a513e2e68fa6d7818b77179a86af
  Merge: 5345c1d ecf08d2
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 14:15:25 2014 -0400
  
      Merge branch 'xen-netback'
      
      David Vrabel says:
      
      ====================
      xen-netback: guest Rx queue drain and stall fixes
      
      This series fixes two critical xen-netback bugs.
      
      1. Netback may consume all of host memory by queuing an unlimited
         number of skb on the internal guest Rx queue.  This behaviour is
         guest triggerable.
      
      2. Carrier flapping under high traffic rates which reduces
         performance.
      
      The first patch is a prerequite.  Removing support for frontends with
      feature-rx-notify makes it easier to reason about the correctness of
      netback since it no longer has to support this outdated and broken
      mode.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ecf08d2dbb96d5a4b4bcc53a39e8d29cc8fef02e
  Author: David Vrabel <david.vrabel@xxxxxxxxxx>
  Date:   Wed Oct 22 14:08:55 2014 +0100
  
      xen-netback: reintroduce guest Rx stall detection
      
      If a frontend not receiving packets it is useful to detect this and
      turn off the carrier so packets are dropped early instead of being
      queued and drained when they expire.
      
      A to-guest queue is stalled if it doesn't have enough free slots for a
      an extended period of time (default 60 s).
      
      If at least one queue is stalled, the carrier is turned off (in the
      expectation that the other queues will soon stall as well).  The
      carrier is only turned on once all queues are ready.
      
      When the frontend connects, all the queues start in the stalled state
      and only become ready once the frontend queues enough Rx requests.
      
      Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
      Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f48da8b14d04ca87ffcffe68829afd45f926ec6a
  Author: David Vrabel <david.vrabel@xxxxxxxxxx>
  Date:   Wed Oct 22 14:08:54 2014 +0100
  
      xen-netback: fix unlimited guest Rx internal queue and carrier flapping
      
      Netback needs to discard old to-guest skb's (guest Rx queue drain) and
      it needs detect guest Rx stalls (to disable the carrier so packets are
      discarded earlier), but the current implementation is very broken.
      
      1. The check in hard_start_xmit of the slot availability did not
         consider the number of packets that were already in the guest Rx
         queue.  This could allow the queue to grow without bound.
      
         The guest stops consuming packets and the ring was allowed to fill
         leaving S slot free.  Netback queues a packet requiring more than S
         slots (ensuring that the ring stays with S slots free).  Netback
         queue indefinately packets provided that then require S or fewer
         slots.
      
      2. The Rx stall detection is not triggered in this case since the
         (host) Tx queue is not stopped.
      
      3. If the Tx queue is stopped and a guest Rx interrupt occurs, netback
         will consider this an Rx purge event which may result in it taking
         the carrier down unnecessarily.  It also considers a queue with
         only 1 slot free as unstalled (even though the next packet might
         not fit in this).
      
      The internal guest Rx queue is limited by a byte length (to 512 Kib,
      enough for half the ring).  The (host) Tx queue is stopped and started
      based on this limit.  This sets an upper bound on the amount of memory
      used by packets on the internal queue.
      
      This allows the estimatation of the number of slots for an skb to be
      removed (it wasn't a very good estimate anyway).  Instead, the guest
      Rx thread just waits for enough free slots for a maximum sized packet.
      
      skbs queued on the internal queue have an 'expires' time (set to the
      current time plus the drain timeout).  The guest Rx thread will detect
      when the skb at the head of the queue has expired and discard expired
      skbs.  This sets a clear upper bound on the length of time an skb can
      be queued for.  For a guest being destroyed the maximum time needed to
      wait for all the packets it sent to be dropped is still the drain
      timeout (10 s) since it will not be sending new packets.
      
      Rx stall detection is reintroduced in a later commit.
      
      Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
      Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit bc96f648df1bbc2729abbb84513cf4f64273a1f1
  Author: David Vrabel <david.vrabel@xxxxxxxxxx>
  Date:   Wed Oct 22 14:08:53 2014 +0100
  
      xen-netback: make feature-rx-notify mandatory
      
      Frontends that do not provide feature-rx-notify may stall because
      netback depends on the notification from frontend to wake the guest Rx
      thread (even if can_queue is false).
      
      This could be fixed but feature-rx-notify was introduced in 2006 and I
      am not aware of any frontends that do not implement this.
      
      Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
      Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 5345c1d417c1b0caf46fd2766d16bb4357a347d8
  Author: Richard Cochran <richardcochran@xxxxxxxxx>
  Date:   Wed Oct 22 21:35:15 2014 +0200
  
      ptp: restore the makefile for building the test program.
      
      This patch brings back the makefile called testptp.mk which was removed
      in commit adb19fb66eee (Documentation: add makefiles for more targets).
      
      While the idea of that commit was to improve build coverage of the
      examples, the new Makefile is unable to cross compile the testptp program.
      In contrast, the deleted makefile was able to do this just fine.
      
      This patch fixes the regression by restoring the original makefile.
      
      Signed-off-by: Richard Cochran <richardcochran@xxxxxxxxx>
      Acked-by: Peter Foley <pefoley2@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b51d3fa364885a2c1e1668f88776c67c95291820
  Author: Houcheng Lin <houcheng@xxxxxxxxx>
  Date:   Thu Oct 23 10:36:08 2014 +0200
  
      netfilter: nf_log: release skbuff on nlmsg put failure
      
      The kernel should reserve enough room in the skb so that the DONE
      message can always be appended.  However, in case of e.g. new attribute
      erronously not being size-accounted for, __nfulnl_send() will still
      try to put next nlmsg into this full skbuf, causing the skb to be stuck
      forever and blocking delivery of further messages.
      
      Fix issue by releasing skb immediately after nlmsg_put error and
      WARN() so we can track down the cause of such size mismatch.
      
      [ fw@xxxxxxxxx: add tailroom/len info to WARN ]
      
      Signed-off-by: Houcheng Lin <houcheng@xxxxxxxxx>
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Thu Oct 23 10:36:07 2014 +0200
  
      netfilter: nfnetlink_log: fix maximum packet length logged to userspace
      
      don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work.
      The nla length includes the size of the nla struct, so anything larger
      results in u16 integer overflow.
      
      This patch is similar to
      9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage).
      
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Thu Oct 23 10:36:06 2014 +0200
  
      netfilter: nf_log: account for size of NLMSG_DONE attribute
      
      We currently neither account for the nlattr size, nor do we consider
      the size of the trailing NLMSG_DONE when allocating nlmsg skb.
      
      This can result in nflog to stop working, as __nfulnl_send() re-tries
      sending forever if it failed to append NLMSG_DONE (which will never
      work if buffer is not large enough).
      
      Reported-by: Houcheng Lin <houcheng@xxxxxxxxx>
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 7677e86843e2136a9b05549a9ca47d4f744565b6
  Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
  Date:   Sat Oct 4 22:18:02 2014 +0800
  
      bridge: Do not compile options in br_parse_ip_options
      
      Commit 462fb2af9788a82a534f8184abfde31574e1cfa0
      
        bridge : Sanitize skb before it enters the IP stack
      
      broke when IP options are actually used because it mangles the
      skb as if it entered the IP stack which is wrong because the
      bridge is supposed to operate below the IP stack.
      
      Since nobody has actually requested for parsing of IP options
      this patch fixes it by simply reverting to the previous approach
      of ignoring all IP options, i.e., zeroing the IPCB.
      
      If and when somebody who uses IP options and actually needs them
      to be parsed by the bridge complains then we can revisit this.
      
      Reported-by: David Newall <davidn@xxxxxxxxxxxxxxx>
      Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
      Tested-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 7f2ac8fb31896c9fb70dbd2a2e6642b79996fc13
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Thu Oct 23 08:53:21 2014 +0300
  
      iwlwifi: pcie: fix polling in various places
      
      iwl_poll_bit may return a strictly positive value when the
      poll doesn't match on the first try.
      This was caught when WoWLAN started failing upon resume
      even if the poll_bit actually succeeded.
      
      Also change a wrong print. If we reach the end of
      iwl_pcie_prepare_card_hw, it means that we couldn't
      get the devices.
      
      Reviewed-by: Johannes Berg <johannes.berg@xxxxxxxxx>
      Reviewed-by: Luciano Coelho <luciano.coelho@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 1ffde699aae127e7abdb98dbdedc2cc6a973a1a1
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Mon Oct 20 08:29:55 2014 +0300
  
      Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
      
      This reverts commit aa11bbf3df026d6b1c6b528bef634fd9de7c2619.
      This commit was causing connection issues and is not needed
      if IWL_MVM_RS_RSSI_BASED_INIT_RATE is set to false by default.
      
      Regardless of the issues mentioned above, this patch added the
      following WARNING:
      
      WARNING: CPU: 0 PID: 3946 at drivers/net/wireless/iwlwifi/mvm/tx.c:190 
iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]()
      Got an HT rate for a non data frame 0x8
      CPU: 0 PID: 3946 Comm: wpa_supplicant Tainted: G           O   3.17.0+ #6
      Hardware name: LENOVO 20ANCTO1WW/20ANCTO1WW, BIOS GLET71WW (2.25 ) 
07/02/2014
       0000000000000009 ffffffff814fa911 ffff8804288db8f8 ffffffff81064f52
       0000000000001808 ffff8804288db948 ffff88040add8660 ffff8804291b5600
       0000000000000000 ffffffff81064fb7 ffffffffa07b73d0 0000000000000020
      Call Trace:
       [<ffffffff814fa911>] ? dump_stack+0x41/0x51
       [<ffffffff81064f52>] ? warn_slowpath_common+0x72/0x90
       [<ffffffff81064fb7>] ? warn_slowpath_fmt+0x47/0x50
       [<ffffffffa07a39ea>] ? iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]
       [<ffffffffa07a3cf8>] ? iwl_mvm_tx_skb+0x48/0x3c0 [iwlmvm]
       [<ffffffffa079cb9b>] ? iwl_mvm_mac_tx+0x7b/0x180 [iwlmvm]
       [<ffffffffa0746ce9>] ? __ieee80211_tx+0x2b9/0x3c0 [mac80211]
       [<ffffffffa07492f3>] ? ieee80211_tx+0xb3/0x100 [mac80211]
       [<ffffffffa0749c49>] ? ieee80211_subif_start_xmit+0x459/0xca0 [mac80211]
       [<ffffffff814116e7>] ? dev_hard_start_xmit+0x337/0x5f0
       [<ffffffff81430d46>] ? sch_direct_xmit+0x96/0x1f0
       [<ffffffff81411ba3>] ? __dev_queue_xmit+0x203/0x4f0
       [<ffffffff8142f670>] ? ether_setup+0x70/0x70
       [<ffffffff814e96a1>] ? packet_sendmsg+0xf81/0x1110
       [<ffffffff8140625c>] ? skb_free_datagram+0xc/0x40
       [<ffffffff813f7538>] ? sock_sendmsg+0x88/0xc0
       [<ffffffff813f7274>] ? move_addr_to_kernel.part.20+0x14/0x60
       [<ffffffff811c47c2>] ? __inode_wait_for_writeback+0x62/0xb0
       [<ffffffff813f7a91>] ? SYSC_sendto+0xf1/0x180
       [<ffffffff813f88f9>] ? __sys_recvmsg+0x39/0x70
       [<ffffffff8150066d>] ? system_call_fastpath+0x1a/0x1f
      ---[ end trace cc19a150d311fc63 ]---
      
      which was reported here: https://bugzilla.kernel.org/show_bug.cgi?id=85691
      
      CC: <stable@xxxxxxxxxxxxxxx> [3.13+]
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit a0855054e59b0c5b2b00237fdb5147f7bcc18efb
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Sun Oct 5 09:11:14 2014 +0300
  
      iwlwifi: dvm: drop non VO frames when flushing
      
      When mac80211 wants to ensure that a frame is sent, it calls
      the flush() callback. Until now, iwldvm implemented this by
      waiting that all the frames are sent (ACKed or timeout).
      In case of weak signal, this can take a significant amount
      of time, delaying the next connection (in case of roaming).
      Many users have reported that the flush would take too long
      leading to the following error messages to be printed:
      
      iwlwifi 0000:03:00.0: fail to flush all tx fifo queues Q 2
      iwlwifi 0000:03:00.0: Current SW read_ptr 161 write_ptr 201
      iwl data: 00000000: 00 00 00 00 00 00 00 00 fe ff 01 00 00 00 00 00
      [snip]
      iwlwifi 0000:03:00.0: FH TRBs(0) = 0x00000000
      [snip]
      iwlwifi 0000:03:00.0: Q 0 is active and mapped to fifo 3 ra_tid 0x0000 
[9,9]
      [snip]
      
      Instead of waiting for these packets, simply drop them. This
      significantly improves the responsiveness of the network.
      Note that all the queues are flushed, but the VO one. This
      is not typically used by the applications and it likely
      contains management frames that are useful for connection
      or roaming.
      
      This bug is tracked here:
      https://bugzilla.kernel.org/show_bug.cgi?id=56581
      
      But it is duplicated in distributions' trackers.
      A simple search in Ubuntu's database led to these bugs:
      
      https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1270808
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1305406
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1356236
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1360597
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1361809
      
      Cc: <stable@xxxxxxxxxxxxxxx>
      Depends-on: 77be2c54c5bd ("mac80211: add vif to flush call")
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit a6cc5163149532734b84c86cbffa4994e527074b
  Author: Matti Gottlieb <matti.gottlieb@xxxxxxxxx>
  Date:   Mon Sep 29 11:46:04 2014 +0300
  
      iwlwifi: mvm: ROC - bug fixes around time events and locking
      
      Don't add the time event to the list. We added it several
      times the same time event, which leads to an infinite loop
      when walking the list.
      
      Since we (currently) don't support more than one ROC for STA
      vif at a time, enforce this and don't add the time event
      to any list.
      
      We were also missing the locking of the mutex which led to
      a lockdep splat - fix that.
      
      Signed-off-by: Matti Gottlieb <matti.gottlieb@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 79b7a69d730180d8bf535e52fe2b4f3dd5904007
  Author: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx>
  Date:   Sun Sep 14 12:40:00 2014 +0300
  
      iwlwifi: mvm: Add tx power condition to bss_info_changed_ap_ibss
      
      The tx power should be limited from many reasons.
      currently, setting the tx power is available by the mvm only for
      station interface. Adding the tx power condition to
      bss_info_changed_ap_ibss make it available also for AP.
      
      Signed-off-by: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 3856b78c1be32a2afe0618c7a84e05ff8c03cf10
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Mon Sep 22 12:03:41 2014 +0300
  
      iwlwifi: mvm: BT coex - fix BT prio for probe requests
      
      The probe requests sent during scan must get BT prio 3.
      Fix that.
      
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit d14b28fd2c61af0bf310230472e342864d799c98
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Mon Sep 22 16:12:24 2014 +0300
  
      iwlwifi: mvm: BT Coex - update the MPLUT Boost register value
      
      Cc: <stable@xxxxxxxxxxxxxxx> [3.16+]
      Fixes: 2adc8949efab ("iwlwifi: mvm: BT Coex - fix boost register / LUT 
values")
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 405b7338abc5ceac4a420ce7f49cc9b530d4e78b
  Author: Liad Kaufman <liad.kaufman@xxxxxxxxx>
  Date:   Tue Sep 23 15:15:17 2014 +0300
  
      iwlwifi: 8000: fix string given to MODULE_FIRMWARE
      
      I changed the string but forgot to update the fix also to
      MODULE_FIRMWARE().
      
      Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 9180ac50716a097a407c6d7e7e4589754a922260
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Tue Sep 23 23:02:41 2014 +0300
  
      iwlwifi: configure the LTR
      
      The LTR is the handshake between the device and the root
      complex about the latency allowed when the bus exits power
      save. This configuration was missing and this led to high
      latency in the link power up. The end user could experience
      high latency in the network because of this.
      
      Cc: <stable@xxxxxxxxxxxxxxx> [3.10+]
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 08054200117a95afc14c3d2ed3a38bf4e345bf78
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Thu Oct 23 11:27:09 2014 -0500
  
      rtlwifi: Add check for get_btc_status callback
      
      Drivers that do not use the get_btc_status() callback may not define a
      dummy routine. The caller needs to check before making the call.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Cc: Mike Galbraith <umgwanakikbuti@xxxxxxxxx>
      Cc: Thadeu Cascardo <cascardo@xxxxxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 763254516187015cb5b391553af35c6ed1f4bb36
  Author: Felix Fietkau <nbd@xxxxxxxxxxx>
  Date:   Wed Oct 22 18:17:35 2014 +0200
  
      ath9k_common: always update value in ath9k_cmn_update_txpow
      
      In some cases the limit may be the same as reg->power_limit, but the
      actual value that the hardware uses is not up to date. In that case, a
      wrong value for current tx power is tracked internally.
      Fix this by unconditionally updating it.
      
      Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 4f2b244c7d5b81ce4f0c6c0382f3a3b7c2dbec1c
  Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:47:34 2014 +0200
  
      rtl8192cu: Prevent Ooops under rtl92c_set_fw_rsvdpagepkt
      
      rtl92c_set_fw_rsvdpagepkt is used by rtl8192cu and its pci sibling 
rtl8192ce.
      rtl_cmd_send_packet crashes when called inside rtl8192cu because it works 
on
      memory allocated only by rtl8192ce.
      Fix the crash by calling a dummy function when used in rtl8192cu.
      Comparision with the realtek vendor driver makes me think, something is 
missing in
      the dummy function.
      Short test as WPA2 station show good results connected to an 802.11g 
basestation.
      Traffic stops after few MBytes as WPA2 station connected to an 802.11n 
basestation.
      
      Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
      Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit cefe3dfdb9f5f498cae9871f7e52800f5e22c614
  Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:47:33 2014 +0200
  
      rtl8192cu: Call ieee80211_register_hw from rtl_usb_probe
      
      In a previous patch the call to ieee80211_register_hw was moved from the
      load firmware callback to the rtl_pci_probe only.
      rt8192cu also uses this callback. Currently it doesnt create a wlan%d 
device.
      Fill in the call to ieee80211_register_hw in rtl_usb_probe.
      
      Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
      Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit b2d624a5810203a1a8b7735e1ec5685109b22fc3
  Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:47:32 2014 +0200
  
      rtl8192cu: Fix for rtlwifi's bluetooth coexist functionality
      
      Initialize function pointer with a function indicating bt coexist is not 
there.
      Prevents Ooops.
      
      Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
      Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 94e05900770c0abe31200881df93e41d296fe8bd
  Author: Felix Fietkau <nbd@xxxxxxxxxxx>
  Date:   Wed Oct 22 15:27:53 2014 +0200
  
      ath: use CTL region from cfg80211 if unset in EEPROM
      
      Many AP devices do not have the proper regulatory domain programmed in
      EEPROM. Instead they expect the software to set the appropriate region.
      For these devices, the country code defaults to US, and the driver uses
      the US CTL tables as well.
      On devices bought in Europe this can lead to tx power being set too high
      on the band edges, even if the cfg80211 regdomain is set correctly.
      Fix this issue by taking into account the DFS region, but only when the
      EEPROM regdomain is set to default.
      
      Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit d514aefb8ce89562ef2d7dcddc530e5de6287c4b
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Tue Oct 21 10:52:51 2014 -0500
  
      rtlwifi: rtl8821ae: Fix possible array overrun
      
      The kbuild test robot reported a possible array overrun. The affected code
      checks for overruns, but fails to take the steps necessary to fix them.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 868caae3fe2e35e2353d86af95e03eeaa9439d97
  Author: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 19:23:02 2014 +0530
  
      ath9k: Enable HW queue control only for MCC
      
      Enabling HW queue control for normal (non-mcc) mode
      causes problems with queue management, resulting
      in traffic stall. Since it is mainly required for
      fairness in MCC mode, disable it for the general case.
      
      Bug: https://dev.openwrt.org/ticket/18164
      
      Cc: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 598a0df07fc6c4642f9b0497cef1233e41d4c987
  Author: Kees Cook <keescook@xxxxxxxxxxxx>
  Date:   Mon Oct 20 14:57:08 2014 -0700
  
      rtlwifi: prevent format string usage from leaking
      
      Use "%s" in the workqueue allocation to make sure the rtl_hal_cfg name
      can never accidentally leak information via a format string.
      
      Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 34b6d4299923ec9101bbf364440cee36420b3fc0
  Author: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx>
  Date:   Wed Oct 15 07:51:44 2014 +0200
  
      bcma: add another PCI ID of device with BCM43228
      
      It was found attached to the BCM47081A0 SoC. Log:
      bcma: bus0: Found chip with id 43228, rev 0x00 and package 0x08
      
      Signed-off-by: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 59dfdd92288e55bed374309a9944c3a95b4e13c9
  Author: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx>
  Date:   Sun Oct 12 13:42:14 2014 +0200
  
      brcmfmac: dhd_sdio.c: Cleaning up missing null-terminate in conjunction 
with strncpy
      
      Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
      And changed from using strncat to strlcat to simplify code.
      
      Signed-off-by: Rickard Strandqvist 
<rickard_strandqvist@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 47481d977cb2987ab363202c68a79ec1bccd357c
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Sat Oct 11 12:59:53 2014 -0500
  
      rtlwifi: rtl8192ee: Prevent log spamming for switch statements
      
      The driver logs a message when the default branch of switch statements are
      taken. Such information is useful when debugging, but these log items 
should
      not be seen for standard usage.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 78afe83c3b008e25123bd1be36ee4b6595e595d1
  Author: Hauke Mehrtens <hauke@xxxxxxxxxx>
  Date:   Thu Oct 9 23:39:41 2014 +0200
  
      bcma: fix build when CONFIG_OF_ADDRESS is not set
      
      Commit 2101e533f41a ("bcma: register bcma as device tree driver")
      introduces a hard dependency on OF_ADDRESS into the bcma driver.
      OF_ADDRESS is specifically disabled for the sparc architecture.
      This results in the following error when building sparc64:allmodconfig.
      
      drivers/bcma/main.c: In function 'bcma_of_find_child_device':
      drivers/bcma/main.c:150:3: error: implicit declaration of function 
'of_translate_address'
      
      Fixes: 2101e533f41a ("bcma: register bcma as device tree driver")
      Reported-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Signed-off-by: Hauke Mehrtens <hauke@xxxxxxxxxx>
      Reviewed-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 942396b01989d54977120f3625e5ba31afe7a75c
  Author: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
  Date:   Wed Oct 22 13:47:18 2014 -0700
  
      hyperv: Fix the total_data_buflen in send path
      
      total_data_buflen is used by netvsc_send() to decide if a packet can be 
put
      into send buffer. It should also include the size of RNDIS message before 
the
      Ethernet frame. Otherwise, a messge with total size bigger than 
send_section_size
      may be copied into the send buffer, and cause data corruption.
      
      [Request to include this patch to the Stable branches]
      
      Signed-off-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
      Reviewed-by: K. Y. Srinivasan <kys@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f765678e325b4ae3e2fbdb304fc2d5ee018aa860
  Merge: 81f35ff 55ca6bc
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Wed Oct 22 17:50:39 2014 -0400
  
      Merge branch 'amd-xgbe'
      
      Tom Lendacky says:
      
      ====================
      amd-xgbe: AMD XGBE driver fixes 2014-10-22
      
      The following series of patches includes fixes to the driver.
      
      - Properly handle feature changes via ethtool by using correctly sized
        variables
      - Perform proper napi packet counting and budget checking
      
      This patch series is based on net.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 55ca6bcd733b739d5667d48d7591899f376dcfb8
  Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx>
  Date:   Wed Oct 22 11:26:17 2014 -0500
  
      amd-xgbe: Fix napi Rx budget accounting
      
      Currently the amd-xgbe driver increments the packets processed counter
      each time a descriptor is processed.  Since a packet can be represented
      by more than one descriptor incrementing the counter in this way is not
      appropriate.  Also, since multiple descriptors cause the budget check
      to be short circuited, sometimes the returned value from the poll
      function would be larger than the budget value resulting in a WARN_ONCE
      being triggered.
      
      Update the polling logic to properly account for the number of packets
      processed and exit when the budget value is reached.
      
      Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 386f1c9650b7fe4849d2942bd42f41f0ca3aedfb
  Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx>
  Date:   Wed Oct 22 11:26:11 2014 -0500
  
      amd-xgbe: Properly handle feature changes via ethtool
      
      The ndo_set_features callback function was improperly using an unsigned
      int to save the current feature value for features such as NETIF_F_RXCSUM.
      Since that feature is in the upper 32 bits of a 64 bit variable the
      result was always 0 making it not possible to actually turn off the
      hardware RX checksum support.  Change the unsigned int type to the
      netdev_features_t type in order to properly capture the current value
      and perform the proper operation.
      
      Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 81f35ffde0e95ee18de83646bbf93dda55d9cc8b
  Author: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 16:34:35 2014 +0200
  
      net: fec: ptp: fix NULL pointer dereference if ptp_clock is not set
      
      Since commit 278d24047891 (net: fec: ptp: Enable PPS output based on ptp 
clock)
      fec_enet_interrupt calls fec_ptp_check_pps_event unconditionally, which 
calls
      into ptp_clock_event. If fep->ptp_clock is NULL, ptp_clock_event tries to
      dereference the NULL pointer.
      Since on i.MX53 fep->bufdesc_ex is not set, fec_ptp_init is never called,
      and fep->ptp_clock is NULL, which reliably causes a kernel panic.
      
      This patch adds a check for fep->ptp_clock == NULL in fec_enet_interrupt.
      
      Signed-off-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 9e7ceb060754f134231f68cb29d5db31419fe1ed
  Author: Sathya Perla <sathya.perla@xxxxxxxxxx>
  Date:   Wed Oct 22 21:42:01 2014 +0530
  
      net: fix saving TX flow hash in sock for outgoing connections
      
      The commit "net: Save TX flow hash in sock and set in skbuf on xmit"
      introduced the inet_set_txhash() and ip6_set_txhash() routines to 
calculate
      and record flow hash(sk_txhash) in the socket structure. sk_txhash is used
      to set skb->hash which is used to spread flows across multiple TXQs.
      
      But, the above routines are invoked before the source port of the 
connection
      is created. Because of this all outgoing connections that just differ in 
the
      source port get hashed into the same TXQ.
      
      This patch fixes this problem for IPv4/6 by invoking the the above 
routines
      after the source port is available for the socket.
      
      Fixes: b73c3d0e4("net: Save TX flow hash in sock and set in skbuf on 
xmit")
      
      Signed-off-by: Sathya Perla <sathya.perla@xxxxxxxxxx>
      Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 789f202326640814c52f82e80cef3584d8254623
  Author: Li RongQing <roy.qing.li@xxxxxxxxx>
  Date:   Wed Oct 22 17:09:53 2014 +0800
  
      xfrm6: fix a potential use after free in xfrm6_policy.c
      
      pskb_may_pull() maybe change skb->data and make nh and exthdr pointer
      oboslete, so recompute the nd and exthdr
      
      Signed-off-by: Li RongQing <roy.qing.li@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8751b12cd93cc37337256f650e309b8364d40b35
  Author: LEROY Christophe <christophe.leroy@xxxxxx>
  Date:   Wed Oct 22 09:05:47 2014 +0200
  
      net: fs_enet: set back promiscuity mode after restart
      
      After interface restart (eg: after link disconnection/reconnection), the 
bridge
      function doesn't work anymore. This is due to the promiscuous mode being 
cleared
      by the restart.
      
      The mac-fcc already includes code to set the promiscuous mode back during 
the restart.
      This patch adds the same handling to mac-fec and mac-scc.
      
      Tested with bridge function on MPC885 with FEC.
      
      Reported-by: Germain Montoies <germain.montoies@xxxxxx>
      Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit a63ba13eec092b70d4e5522d692eaeb2f9747387
  Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 16:06:05 2014 +0200
  
      net: tso: fix unaligned access to crafted TCP header in helper API
      
      The crafted header start address is from a driver supplied buffer, which
      one can reasonably expect to be aligned on a 4-bytes boundary.
      However ATM the TSO helper API is only used by ethernet drivers and
      the tcp header will then be aligned to a 2-bytes only boundary from the
      header start address.
      
      Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
      Cc: Ezequiel Garcia <ezequiel.garcia@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8fc963515e893867330dec87464e9edc5204c024
  Author: Jon Cooper <jcooper@xxxxxxxxxxxxxx>
  Date:   Tue Oct 21 14:50:29 2014 +0100
  
      sfc: remove incorrect EFX_BUG_ON_PARANOID check
      
      write_count and insert_count can wrap around, making > check invalid.
      
      Fixes: 70b33fb0ddec827cbbd14cdc664fc27b2ef4a6b6 ("sfc: add support for
       skb->xmit_more").
      
      Signed-off-by: Edward Cree <ecree@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit c123bb7163043bb8f33858cf8e45b01c17dbd171
  Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 11:08:21 2014 +0200
  
      netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats 
allocation
      
      alloc_percpu returns NULL on failure, not a negative error code.
      
      Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic 
routines")
      Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5
  Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
  Date:   Tue Oct 21 11:28:12 2014 +0300
  
      netfilter: ipset: off by one in ip_set_nfnl_get_byindex()
      
      The ->ip_set_list[] array is initialized in ip_set_net_init() and it
      has ->ip_set_max elements so this check should be >= instead of >
      otherwise we are off by one.
      
      Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit e37ad9fd636071e45368d1d9cc3b7b421281ce7f
  Author: Marcelo Leitner <mleitner@xxxxxxxxxx>
  Date:   Mon Oct 13 13:09:28 2014 -0300
  
      netfilter: nf_conntrack: allow server to become a client in TW handling
      
      When a port that was used to listen for inbound connections gets closed
      and reused for outgoing connections (like rsh ends up doing for stderr
      flow), current we may reject the SYN/ACK packet for the new connection
      because tcp_conntracks states forbirds a port to become a client while
      there is still a TIME_WAIT entry in there for it.
      
      As TCP may expire the TIME_WAIT socket in 60s and conntrack's timeout
      for it is 120s, there is a ~60s window that the application can end up
      opening a port that conntrack will end up blocking.
      
      This patch fixes this by simply allowing such state transition: if we
      see a SYN, in TIME_WAIT state, on REPLY direction, move it to sSS. Note
      that the rest of the code already handles this situation, more
      specificly in tcp_packet(), first switch clause.
      
      Signed-off-by: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
      Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 7c1c97d54f9bfc810908d3903cb8bcacf734df18
  Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 11:23:30 2014 +0200
  
      net: sched: initialize bstats syncp
      
      Use netdev_alloc_pcpu_stats to allocate percpu stats and initialize syncp.
      
      Fixes: 22e0f8b9322c "net: sched: make bstats per cpu and estimator RCU 
safe"
      Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
      Acked-by: Cong Wang <cwang@xxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 32bf08a6257b9c7380dcd040af3c0858eee3ef05
  Author: Alexei Starovoitov <ast@xxxxxxxxxxxx>
  Date:   Mon Oct 20 14:54:57 2014 -0700
  
      bpf: fix bug in eBPF verifier
      
      while comparing for verifier state equivalency the comparison
      was missing a check for uninitialized register.
      Make sure it does so and add a testcase.
      
      Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier")
      Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
      Acked-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 78fd1d0ab072d4d9b5f0b7c14a1516665170b565
  Author: Thomas Graf <tgraf@xxxxxxx>
  Date:   Tue Oct 21 22:05:38 2014 +0200
  
      netlink: Re-add locking to netlink_lookup() and seq walker
      
      The synchronize_rcu() in netlink_release() introduces unacceptable
      latency. Reintroduce minimal lookup so we can drop the
      synchronize_rcu() until socket destruction has been RCUfied.
      
      Cc: David S. Miller <davem@xxxxxxxxxxxxx>
      Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      Reported-by: Steinar H. Gunderson <sgunderson@xxxxxxxxxxx>
      Reported-and-tested-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx>
      Signed-off-by: Thomas Graf <tgraf@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1a194c2d59c55c37cb4c0c459d5418071a141341
  Author: Ying Xue <ying.xue@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 14:46:35 2014 +0800
  
      tipc: fix lockdep warning when intra-node messages are delivered
      
      When running tipcTC&tipcTS test suite, below lockdep unsafe locking
      scenario is reported:
      
      [ 1109.997854]
      [ 1109.997988] =================================
      [ 1109.998290] [ INFO: inconsistent lock state ]
      [ 1109.998575] 3.17.0-rc1+ #113 Not tainted
      [ 1109.998762] ---------------------------------
      [ 1109.998762] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
      [ 1109.998762] swapper/7/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
      [ 1109.998762]  (slock-AF_TIPC){+.?...}, at: [<ffffffffa0011969>] 
tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762] {SOFTIRQ-ON-W} state was registered at:
      [ 1109.998762]   [<ffffffff810a4770>] __lock_acquire+0x6a0/0x1d80
      [ 1109.998762]   [<ffffffff810a6555>] lock_acquire+0x95/0x1e0
      [ 1109.998762]   [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80
      [ 1109.998762]   [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]   [<ffffffffa0004fe8>] tipc_link_xmit+0xa8/0xc0 [tipc]
      [ 1109.998762]   [<ffffffffa000ec6f>] tipc_sendmsg+0x15f/0x550 [tipc]
      [ 1109.998762]   [<ffffffffa000f165>] tipc_connect+0x105/0x140 [tipc]
      [ 1109.998762]   [<ffffffff817676ee>] SYSC_connect+0xae/0xc0
      [ 1109.998762]   [<ffffffff81767b7e>] SyS_connect+0xe/0x10
      [ 1109.998762]   [<ffffffff817a9788>] compat_SyS_socketcall+0xb8/0x200
      [ 1109.998762]   [<ffffffff81a306e5>] sysenter_dispatch+0x7/0x1f
      [ 1109.998762] irq event stamp: 241060
      [ 1109.998762] hardirqs last  enabled at (241060): [<ffffffff8105a4ad>] 
__local_bh_enable_ip+0x6d/0xd0
      [ 1109.998762] hardirqs last disabled at (241059): [<ffffffff8105a46f>] 
__local_bh_enable_ip+0x2f/0xd0
      [ 1109.998762] softirqs last  enabled at (241020): [<ffffffff81059a52>] 
_local_bh_enable+0x22/0x50
      [ 1109.998762] softirqs last disabled at (241021): [<ffffffff8105a626>] 
irq_exit+0x96/0xc0
      [ 1109.998762]
      [ 1109.998762] other info that might help us debug this:
      [ 1109.998762]  Possible unsafe locking scenario:
      [ 1109.998762]
      [ 1109.998762]        CPU0
      [ 1109.998762]        ----
      [ 1109.998762]   lock(slock-AF_TIPC);
      [ 1109.998762]   <Interrupt>
      [ 1109.998762]     lock(slock-AF_TIPC);
      [ 1109.998762]
      [ 1109.998762]  *** DEADLOCK ***
      [ 1109.998762]
      [ 1109.998762] 2 locks held by swapper/7/0:
      [ 1109.998762]  #0:  (rcu_read_lock){......}, at: [<ffffffff81782dc9>] 
__netif_receive_skb_core+0x69/0xb70
      [ 1109.998762]  #1:  (rcu_read_lock){......}, at: [<ffffffffa0001c90>] 
tipc_l2_rcv_msg+0x40/0x260 [tipc]
      [ 1109.998762]
      [ 1109.998762] stack backtrace:
      [ 1109.998762] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 3.17.0-rc1+ #113
      [ 1109.998762] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
      [ 1109.998762]  ffffffff82745830 ffff880016c03828 ffffffff81a209eb 
0000000000000007
      [ 1109.998762]  ffff880017b3cac0 ffff880016c03888 ffffffff81a1c5ef 
0000000000000001
      [ 1109.998762]  ffff880000000001 ffff880000000000 ffffffff81012d4f 
0000000000000000
      [ 1109.998762] Call Trace:
      [ 1109.998762]  <IRQ>  [<ffffffff81a209eb>] dump_stack+0x4e/0x68
      [ 1109.998762]  [<ffffffff81a1c5ef>] print_usage_bug+0x1f1/0x202
      [ 1109.998762]  [<ffffffff81012d4f>] ? save_stack_trace+0x2f/0x50
      [ 1109.998762]  [<ffffffff810a406c>] mark_lock+0x28c/0x2f0
      [ 1109.998762]  [<ffffffff810a3440>] ? 
print_irq_inversion_bug.part.46+0x1f0/0x1f0
      [ 1109.998762]  [<ffffffff810a467d>] __lock_acquire+0x5ad/0x1d80
      [ 1109.998762]  [<ffffffff810a70dd>] ? trace_hardirqs_on+0xd/0x10
      [ 1109.998762]  [<ffffffff8108ace8>] ? sched_clock_cpu+0x98/0xc0
      [ 1109.998762]  [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30
      [ 1109.998762]  [<ffffffff810a10dc>] ? 
lock_release_holdtime.part.29+0x1c/0x1a0
      [ 1109.998762]  [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90
      [ 1109.998762]  [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc]
      [ 1109.998762]  [<ffffffff810a6555>] lock_acquire+0x95/0x1e0
      [ 1109.998762]  [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]  [<ffffffff810a6fb6>] ? trace_hardirqs_on_caller+0xa6/0x1c0
      [ 1109.998762]  [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80
      [ 1109.998762]  [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]  [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc]
      [ 1109.998762]  [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]  [<ffffffffa00076bd>] tipc_rcv+0x5ed/0x960 [tipc]
      [ 1109.998762]  [<ffffffffa0001d1c>] tipc_l2_rcv_msg+0xcc/0x260 [tipc]
      [ 1109.998762]  [<ffffffffa0001c90>] ? tipc_l2_rcv_msg+0x40/0x260 [tipc]
      [ 1109.998762]  [<ffffffff81783345>] __netif_receive_skb_core+0x5e5/0xb70
      [ 1109.998762]  [<ffffffff81782dc9>] ? __netif_receive_skb_core+0x69/0xb70
      [ 1109.998762]  [<ffffffff81784eb9>] ? dev_gro_receive+0x259/0x4e0
      [ 1109.998762]  [<ffffffff817838f6>] __netif_receive_skb+0x26/0x70
      [ 1109.998762]  [<ffffffff81783acd>] netif_receive_skb_internal+0x2d/0x1f0
      [ 1109.998762]  [<ffffffff81785518>] napi_gro_receive+0xd8/0x240
      [ 1109.998762]  [<ffffffff815bf854>] e1000_clean_rx_irq+0x2c4/0x530
      [ 1109.998762]  [<ffffffff815c1a46>] e1000_clean+0x266/0x9c0
      [ 1109.998762]  [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30
      [ 1109.998762]  [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90
      [ 1109.998762]  [<ffffffff817842b1>] net_rx_action+0x141/0x310
      [ 1109.998762]  [<ffffffff810bd710>] ? handle_fasteoi_irq+0xe0/0x150
      [ 1109.998762]  [<ffffffff81059fa6>] __do_softirq+0x116/0x4d0
      [ 1109.998762]  [<ffffffff8105a626>] irq_exit+0x96/0xc0
      [ 1109.998762]  [<ffffffff81a30d07>] do_IRQ+0x67/0x110
      [ 1109.998762]  [<ffffffff81a2ee2f>] common_interrupt+0x6f/0x6f
      [ 1109.998762]  <EOI>  [<ffffffff8100d2b7>] ? default_idle+0x37/0x250
      [ 1109.998762]  [<ffffffff8100d2b5>] ? default_idle+0x35/0x250
      [ 1109.998762]  [<ffffffff8100dd1f>] arch_cpu_idle+0xf/0x20
      [ 1109.998762]  [<ffffffff810999fd>] cpu_startup_entry+0x27d/0x4d0
      [ 1109.998762]  [<ffffffff81034c78>] start_secondary+0x188/0x1f0
      
      When intra-node messages are delivered from one process to another
      process, tipc_link_xmit() doesn't disable BH before it directly calls
      tipc_sk_rcv() on process context to forward messages to destination
      socket. Meanwhile, if messages delivered by remote node arrive at the
      node and their destinations are also the same socket, tipc_sk_rcv()
      running on process context might be preempted by tipc_sk_rcv() running
      BH context. As a result, the latter cannot obtain the socket lock as
      the lock was obtained by the former, however, the former has no chance
      to be run as the latter is owning the CPU now, so headlock happens. To
      avoid it, BH should be always disabled in tipc_sk_rcv().
      
      Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx>
      Reviewed-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 7b8613e0a1502b43b3b36c93c66f835c891f63b3
  Author: Ying Xue <ying.xue@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 14:44:25 2014 +0800
  
      tipc: fix a potential deadlock
      
      Locking dependency detected below possible unsafe locking scenario:
      
                 CPU0                          CPU1
      T0:  tipc_named_rcv()                tipc_rcv()
      T1:  [grab nametble write lock]*     [grab node lock]*
      T2:  tipc_update_nametbl()           tipc_node_link_up()
      T3:  tipc_nodesub_subscribe()        tipc_nametbl_publish()
      T4:  [grab node lock]*               [grab nametble write lock]*
      
      The opposite order of holding nametbl write lock and node lock on
      above two different paths may result in a deadlock. If we move the
      the updating of the name table after link state named out of node
      lock, the reverse order of holding locks will be eliminated, and
      as a result, the deadlock risk.
      
      Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx>
      Signed-off-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 73829bf6fec70703f10e360676d81d327f21ebf6
  Merge: d10845f 39dc90c
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 21 15:24:30 2014 -0400
  
      Merge branch 'enic'
      
      Govindarajulu Varadarajan says:
      
      ====================
      enic: Bug fixes
      
      This series fixes the following problem.
      
      Please apply this to net.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 39dc90c159c1bcc0fdd42913a7d560b1a1cd3acf
  Author: Govindarajulu Varadarajan <_govind@xxxxxxx>
  Date:   Sun Oct 19 14:20:28 2014 +0530
  
      enic: Do not call napi_disable when preemption is disabled.
      
      In enic_stop, we disable preemption using local_bh_disable(). We disable
      preemption to wait for busy_poll to finish.
      
      napi_disable should not be called here as it might sleep.
      
      Moving napi_disable() call out side of local_bh_disable.
      
      BUG: sleeping function called from invalid context at 
include/linux/netdevice.h:477
      in_atomic(): 1, irqs_disabled(): 0, pid: 443, name: ifconfig
      INFO: lockdep is turned off.
      Preemption disabled at:[<ffffffffa029c5c4>] 
enic_rfs_flw_tbl_free+0x34/0xd0 [enic]
      
      CPU: 31 PID: 443 Comm: ifconfig Not tainted 3.17.0-netnext-05504-g59f35b8 
#268
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
       ffff8800dac10000 ffff88020b8dfcb8 ffffffff8148a57c 0000000000000000
       ffff88020b8dfcd0 ffffffff8107e253 ffff8800dac12a40 ffff88020b8dfd10
       ffffffffa029305b ffff88020b8dfd48 ffff8800dac10000 ffff88020b8dfd48
      Call Trace:
       [<ffffffff8148a57c>] dump_stack+0x4e/0x7a
       [<ffffffff8107e253>] __might_sleep+0x123/0x1a0
       [<ffffffffa029305b>] enic_stop+0xdb/0x4d0 [enic]
       [<ffffffff8138ed7d>] __dev_close_many+0x9d/0xf0
       [<ffffffff8138ef81>] __dev_close+0x31/0x50
       [<ffffffff813974a8>] __dev_change_flags+0x98/0x160
       [<ffffffff81397594>] dev_change_flags+0x24/0x60
       [<ffffffff814085fd>] devinet_ioctl+0x63d/0x710
       [<ffffffff81139c16>] ? might_fault+0x56/0xc0
       [<ffffffff81409ef5>] inet_ioctl+0x65/0x90
       [<ffffffff813768e0>] sock_do_ioctl+0x20/0x50
       [<ffffffff81376ebb>] sock_ioctl+0x20b/0x2e0
       [<ffffffff81197250>] do_vfs_ioctl+0x2e0/0x500
       [<ffffffff81492619>] ? sysret_check+0x22/0x5d
       [<ffffffff81285f23>] ? __this_cpu_preempt_check+0x13/0x20
       [<ffffffff8109fe19>] ? trace_hardirqs_on_caller+0x119/0x270
       [<ffffffff811974ac>] SyS_ioctl+0x3c/0x80
       [<ffffffff814925ed>] system_call_fastpath+0x1a/0x1f
      
      Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b6931c9ba728d60c542c39ff037fe6f595c074a2
  Author: Govindarajulu Varadarajan <_govind@xxxxxxx>
  Date:   Sun Oct 19 14:20:27 2014 +0530
  
      enic: fix possible deadlock in enic_stop/ enic_rfs_flw_tbl_free
      
      The following warning is shown when spinlock debug is enabled.
      
      This occurs when enic_flow_may_expire timer function is running and
      enic_stop is called on same CPU.
      
      Fix this by using spink_lock_bh().
      
      =================================
      [ INFO: inconsistent lock state ]
      3.17.0-netnext-05504-g59f35b8 #268 Not tainted
      ---------------------------------
      inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
      ifconfig/443 [HC0[0]:SC0[0]:HE1:SE1] takes:
       (&(&enic->rfs_h.lock)->rlock){+.?...}, at:
      enic_rfs_flw_tbl_free+0x34/0xd0 [enic]
      {IN-SOFTIRQ-W} state was registered at:
        [<ffffffff810a25af>] __lock_acquire+0x83f/0x21c0
        [<ffffffff810a45f2>] lock_acquire+0xa2/0xd0
        [<ffffffff814913fc>] _raw_spin_lock+0x3c/0x80
        [<ffffffffa029c3d5>] enic_flow_may_expire+0x25/0x130[enic]
        [<ffffffff810bcd07>] call_timer_fn+0x77/0x100
        [<ffffffff810bd8e3>] run_timer_softirq+0x1e3/0x270
        [<ffffffff8105f9ae>] __do_softirq+0x14e/0x280
        [<ffffffff8105fdae>] irq_exit+0x8e/0xb0
        [<ffffffff8103da0f>] smp_apic_timer_interrupt+0x3f/0x50
        [<ffffffff81493742>] apic_timer_interrupt+0x72/0x80
        [<ffffffff81018143>] default_idle+0x13/0x20
        [<ffffffff81018a6a>] arch_cpu_idle+0xa/0x10
        [<ffffffff81097676>] cpu_startup_entry+0x2c6/0x330
        [<ffffffff8103b7ad>] start_secondary+0x21d/0x290
      irq event stamp: 2997
      hardirqs last  enabled at (2997): [<ffffffff81491865>] 
_raw_spin_unlock_irqrestore+0x65/0x90
      hardirqs last disabled at (2996): [<ffffffff814915e6>] 
_raw_spin_lock_irqsave+0x26/0x90
      softirqs last  enabled at (2968): [<ffffffff813b57a3>] 
dev_deactivate_many+0x213/0x260
      softirqs last disabled at (2966): [<ffffffff813b5783>] 
dev_deactivate_many+0x1f3/0x260
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&enic->rfs_h.lock)->rlock);
        <Interrupt>
          lock(&(&enic->rfs_h.lock)->rlock);
      
       *** DEADLOCK ***
      
      Reported-by: Jan Stancek <jstancek@xxxxxxxxxx>
      Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d10845fc85b2e690b5f6425c5ba4df33a073fbc9
  Merge: ce8ec48 f993bc2
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 12:38:19 2014 -0400
  
      Merge branch 'gso_encap_fixes'
      
      Florian Westphal says:
      
      ====================
      net: minor gso encapsulation fixes
      
      The following series fixes a minor bug in the gso segmentation handlers
      when encapsulation offload is used.
      
      Theoretically this could cause kernel panic when the stack tries
      to software-segment such a GRE offload packet, but it looks like there
      is only one affected call site (tbf scheduler) and it handles NULL
      return value.
      
      I've included a followup patch to add IS_ERR_OR_NULL checks where needed.
      
      While looking into this, I also found that size computation of the 
individual
      segments is incorrect if skb->encapsulation is set.
      
      Please see individual patches for delta vs. v1.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f993bc25e5196e60514c216d0bca0f600de64af8
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Mon Oct 20 13:49:18 2014 +0200
  
      net: core: handle encapsulation offloads when computing segment lengths
      
      if ->encapsulation is set we have to use inner_tcp_hdrlen and add the
      size of the inner network headers too.
      
      This is 'mostly harmless'; tbf might send skb that is slightly over
      quota or drop skb even if it would have fit.
      
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 330966e501ffe282d7184fde4518d5e0c24bc7f8
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Mon Oct 20 13:49:17 2014 +0200
  
      net: make skb_gso_segment error handling more robust
      
      skb_gso_segment has three possible return values:
      1. a pointer to the first segmented skb
      2. an errno value (IS_ERR())
      3. NULL.  This can happen when GSO is used for header verification.
      
      However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL
      and would oops when NULL is returned.
      
      Note that these call sites should never actually see such a NULL return
      value; all callers mask out the GSO bits in the feature argument.
      
      However, there have been issues with some protocol handlers erronously not
      respecting the specified feature mask in some cases.
      
      It is preferable to get 'have to turn off hw offloading, else slow' 
reports
      rather than 'kernel crashes'.
      
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e16aa3ddf863c6b9f37eddf52503230a62dedb3
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Mon Oct 20 13:49:16 2014 +0200
  
      net: gso: use feature flag argument in all protocol gso handlers
      
      skb_gso_segment() has a 'features' argument representing offload features
      available to the output path.
      
      A few handlers, e.g. GRE, instead re-fetch the features of skb->dev and 
use
      those instead of the provided ones when handing encapsulation/tunnels.
      
      Depending on dev->hw_enc_features of the output device skb_gso_segment() 
can
      then return NULL even when the caller has disabled all GSO feature bits,
      as segmentation of inner header thinks device will take care of 
segmentation.
      
      This e.g. affects the tbf scheduler, which will silently drop GRE-encap 
GSO skbs
      that did not fit the remaining token quota as the segmentation does not 
work
      when device supports corresponding hw offload capabilities.
      
      Cc: Pravin B Shelar <pshelar@xxxxxxxxxx>
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ce8ec4896749783bd6cdc457e6012cfc18e09c8b
  Merge: 95ff886 1e2d56a
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 11:57:47 2014 -0400
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
      
      Pablo Neira Ayuso says:
      
      ====================
      netfilter fixes for net
      
      The following patchset contains netfilter fixes for your net tree,
      they are:
      
      1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules.
      
      2) Restrict nat and masq expressions to the nat chain type. Otherwise,
         users may crash their kernel if they attach a nat/masq rule to a non
         nat chain.
      
      3) Fix hook validation in nft_compat when non-base chains are used.
         Basically, initialize hook_mask to zero.
      
      4) Make sure you use match/targets in nft_compat from the right chain
         type. The existing validation relies on the table name which can be
         avoided by
      
      5) Better netlink attribute validation in nft_nat. This expression has
         to reject the configuration when no address and proto configurations
         are specified.
      
      6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set.
         Yet another sanity check to reject incorrect configurations from
         userspace.
      
      7) Conditional NAT attribute dumping depending on the existing
         configuration.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 11b2357d5dbce999803e9055f8c09829a8a87db4
  Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
  Date:   Mon Oct 20 10:54:36 2014 +0200
  
      mac80211: minstrels: fix buffer overflow in HT debugfs rc_stats
      
      ATM an HT rc_stats line is 106 chars.
      Times 8(MCS_GROUP_RATES)*3(SS)*2(GI)*2(BW) + CCK(4), i.e. x100, this is
      well above the current 8192 - sizeof(*ms) currently allocated.
      
      Fix this by squeezing the output as follows (not that we're short on
      memory but this also improves readability and range, the new format adds
      one more digit to *ok/*cum and ok/cum):
      
      - Before (HT) (106 ch):
      type           rate     throughput  ewma prob   this prob  retry   this 
succ/attempt   success    attempts
      CCK/LP          5.5M           0.0        0.0         0.0      0          
    0(  0)         0           0
      HT20/LGI ABCDP MCS0            0.0        0.0         0.0      1          
    0(  0)         0           0
      - After (75 ch):
      type           rate     tpt eprob *prob ret  *ok(*cum)        ok(      
cum)
      CCK/LP          5.5M    0.0   0.0   0.0   0    0(   0)         0(        
0)
      HT20/LGI ABCDP MCS0     0.0   0.0   0.0   1    0(   0)         0(        
0)
      
      - Align non-HT format Before (non-HT) (83 ch):
      rate      throughput  ewma prob  this prob  this succ/attempt   success   
 attempts
      ABCDP  6         0.0        0.0        0.0             0(  0)         0   
        0
            54         0.0        0.0        0.0             0(  0)         0   
        0
      - After (61 ch):
      rate          tpt eprob *prob  *ok(*cum)        ok(      cum)
      ABCDP  1      0.0   0.0   0.0    0(   0)         0(        0)
            54      0.0   0.0   0.0    0(   0)         0(        0)
      
      *This also adds dynamic checks for overflow, lowers the size of the
      non-HT request (allowing > 30 entries) and replaces the buddy-rounded
      allocations (s/sizeof(*ms) + 8192/8192).
      
      Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
      Acked-by: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit 95ff88688781db2f64042e69bd499e518bbb36e5
  Author: Ian Morgan <imorgan@xxxxxxxxxxxxx>
  Date:   Sun Oct 19 08:05:13 2014 -0400
  
      ax88179_178a: fix bonding failure
      
      The following patch fixes a bug which causes the ax88179_178a driver to be
      incapable of being added to a bond.
      
      When I brought up the issue with the bonding maintainers, they indicated
      that the real problem was with the NIC driver which must return zero for
      success (of setting the MAC address). I see that several other NIC drivers
      follow that pattern by either simply always returing zero, or by passing
      through a negative (error) result while rewriting any positive return code
      to zero. With that same philisophy applied to the ax88179_178a driver, it
      allows it to work correctly with the bonding driver.
      
      I believe this is suitable for queuing in -stable, as it's a small, 
simple,
      and obvious fix that corrects a defect with no other known workaround.
      
      This patch is against vanilla 3.17(.0).
      
      Signed-off-by: Ian Morgan <imorgan@xxxxxxxxxxxxx>
      
       drivers/net/usb/ax88179_178a.c |    7 ++++++-
       1 file changed, 6 insertions(+), 1 deletion(-)
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e2d56a5d33a7e1fcd21ed3859f52596d02708b0
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Thu Oct 16 00:24:14 2014 +0200
  
      netfilter: nft_nat: dump attributes if they are set
      
      Dump NFTA_NAT_REG_ADDR_MIN if this is non-zero. Same thing with
      NFTA_NAT_REG_PROTO_MIN.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 61cfac6b42af98ab46bcb3a47e150e7b20d5015e
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Thu Oct 16 00:19:35 2014 +0200
  
      netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MIN
      
      Interpret NFTA_NAT_REG_ADDR_MAX if NFTA_NAT_REG_ADDR_MIN is present,
      otherwise, skip it. Same thing with NFTA_NAT_REG_PROTO_MAX.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 5c819a39753d6a3ae9c0092236f59730a369b619
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Thu Oct 16 00:16:57 2014 +0200
  
      netfilter: nft_nat: insufficient attribute validation
      
      We have to validate that we at least get an NFTA_NAT_REG_ADDR_MIN or
      NFTA_NFT_REG_PROTO_MIN attribute. Reject the configuration if none
      of them are present.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit f3f5ddeddd6aeadcef523d55ea9288e3d5c1cbc3
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Tue Oct 14 10:13:48 2014 +0200
  
      netfilter: nft_compat: validate chain type in match/target
      
      We have to validate the real chain type to ensure that matches/targets
      are not used out from their scope (eg. MASQUERADE in nat chain type).
      The existing validation relies on the table name, but this is not
      sufficient since userspace can fool us by using the appropriate table
      name with a different chain type.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 493618a92c6afdd3f6224ab586f169d6a259bb06
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Tue Oct 14 12:43:50 2014 +0200
  
      netfilter: nft_compat: fix hook validation for non-base chains
      
      Set hook_mask to zero for non-base chains, otherwise people may hit
      bogus errors from the xt_check_target() and xt_check_match() when
      validating the uninitialized hook_mask.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit c7abf25af0f41be4b50d44c5b185d52eea360cb8
  Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
  Date:   Mon Oct 13 14:34:41 2014 +0200
  
      mac80211: fix typo in starting baserate for rts_cts_rate_idx
      
      It affects non-(V)HT rates and can lead to selecting an rts_cts rate
      that is not a basic rate or way superior to the reference rate (ATM
      rates[0] used for the 1st attempt of the protected frame data).
      
      E.g, assuming drivers register growing (bitrate) sorted tables of
      ieee80211_rate-s, having :
      - rates[0].idx == d'2 and basic_rates == b'10100
      will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise
      - rates[0].idx == d'2 and basic_rates == b'10001
      will select rts_cts idx b'10000
      The first is not a basic rate and the second is > rates[0].
      
      Also, wrt severity of the addressed misbehavior, ATM we only have one
      rts_cts_rate_idx rather than one per rate table entry, so this idx might
      still point to bitrates > rates[1..MAX_RATES].
      
      Fixes: 5253ffb8c9e1 ("mac80211: always pick a basic rate to tx RTS/CTS 
for pre-HT rates")
      Cc: stable@xxxxxxxxxxxxxxx
      Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit 7210e4e38f945dfa173c4a4e59ad827c9ecad541
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Mon Oct 13 19:50:22 2014 +0200
  
      netfilter: nf_tables: restrict nat/masq expressions to nat chain type
      
      This adds the missing validation code to avoid the use of nat/masq from
      non-nat chains. The validation assumes two possible configuration
      scenarios:
      
      1) Use of nat from base chain that is not of nat type. Reject this
         configuration from the nft_*_init() path of the expression.
      
      2) Use of nat from non-base chain. In this case, we have to wait until
         the non-base chain is referenced by at least one base chain via
         jump/goto. This is resolved from the nft_*_validate() path which is
         called from nf_tables_check_loops().
      
      The user gets an -EOPNOTSUPP in both cases.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit ab2d7251d666995740da17b2a51ca545ac5dd037
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Fri Oct 10 11:25:20 2014 +0200
  
      netfilter: missing module license in the nf_reject_ipvX modules
      
      [   23.545204] nf_reject_ipv4: module license 'unspecified' taints kernel.
      
      Fixes: c8d7b98 ("netfilter: move nf_send_resetX() code to nf_reject_ipvX 
modules")
      Reported-by: Dave Young <dyoung@xxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 252e07ca5f64dd31fdfca8027287e7d75fefdab1
  Author: Luciano Coelho <luciano.coelho@xxxxxxxxx>
  Date:   Wed Oct 8 09:48:34 2014 +0300
  
      nl80211: sanity check the channel switch counter value
      
      The nl80211 channel switch count attribute
      (NL80211_ATTR_CH_SWITCH_COUNT) is specified as u32, but the
      specification uses u8 for the counter.  To make sure strange things
      don't happen without informing the user, sanity check the value and
      return -EINVAL if it doesn't fit in u8.
      
      Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit bc37b16870a382e8b71d881444c19a16de1c1a7f
  Author: Fabian Frederick <fabf@xxxxxxxxx>
  Date:   Tue Oct 7 22:20:23 2014 +0200
  
      net: rfkill: kernel-doc warning fixes
      
      Correct the kernel-doc, the parameter is called "blocked" not "state".
      
      Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit c12bc4885f4b3bab0ed779c69d5d7e3223fa5003
  Author: Luciano Coelho <luciano.coelho@xxxxxxxxx>
  Date:   Tue Sep 30 07:08:02 2014 +0300
  
      mac80211: return the vif's chandef in ieee80211_cfg_get_channel()
      
      The chandef of the channel context a vif is using may be different
      than the chandef of the vif itself.  For instance, the bandwidth used
      by the vif may be narrower than the one configured in the channel
      context.  To avoid confusion, return the vif's chandef in
      ieee80211_cfg_get_channel() instead of the chandef of the channel
      context.
      
      Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit 8975ae88e137ea02a71b7a86af2f8eb790c2f1e7
  Author: Liad Kaufman <liad.kaufman@xxxxxxxxx>
  Date:   Sun Sep 14 21:48:28 2014 +0300
  
      mac80211: fix warning on htmldocs for last_tdls_pkt_time
      
      Forgot to add an entry to the struct description of sta_info.
      
      Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx>
      Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>


For bisection revision-tuple graph see:
   
http://www.chiark.greenend.org.uk/~xensrcts/results/bisect.linux-linus.test-amd64-i386-rumpuserxen-i386.guest-start.html
Revision IDs in each graph node refer, respectively, to the Trees above.

----------------------------------------
Searching for failure / basis pass:
 31352 fail [host=bush-cricket] / 31282 [host=worm-moth] 31266 ok.
Failure / basis pass flights: 31352 / 31266
(tree with no url: seabios)
Tree: linux git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
Tree: linuxfirmware git://xenbits.xen.org/osstest/linux-firmware.git
Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git
Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git
Tree: rumpuserxen git://xenbits.xen.org/rumpuser-xen.git
Tree: rumpuserxen_buildrumpsh https://github.com/rumpkernel/buildrump.sh.git
Tree: rumpuserxen_netbsdsrc https://github.com/rumpkernel/src-netbsd
Tree: xen git://xenbits.xen.org/xen.git
Latest 0df1f2487d2f0d04703f142813d53615d62a1da4 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
Basis pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2ee4e55123b64feb79d8c824668a86e717ba47f8 
94c092b906e348acd512744536d28e4f06e4c1ef 
3687f55f417008a1fcdc04195644009232ae609d 
6688825c240586708129df8887ad9b12a1708497
Generating revisions with ./adhoc-revtuple-generator  
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git#a7ca10f263d7e673c74d8e0946d6b9993405cc9c-0df1f2487d2f0d04703f142813d53615d62a1da4
 
git://xenbits.xen.org/osstest/linux-firmware.git#c530a75c1e6a472b0eb9558310b518f0dfcd8860-c530a75c1e6a472b0eb9558310b518f0dfcd8860
 
git://xenbits.xen.org/staging/qemu-xen-unstable.git#b0d42741f8e9a00854c3b3faca1da84bfc69bf22-b0d42741f8e9a00854c3b3faca1da84bfc69bf22
 
git://xenbits.xen.org/staging/qemu-upstream-unstable.git#ca78cc83650b535d7e24baeaea32947be0141534-ca78cc83650b535d7e24baeaea32947be0141534
 
git://xenbits.xen.org/rumpuser-xen.git#2ee4e55123b64feb79d8c824668a86e717ba47f8-ccc8df17b7e7e785e28bee8ae90d0f00f93208ca
 
https://github.com/rumpkernel/buildrump.sh.git#94c092b906e348acd512744536d28e4f06e4c1ef-e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b
 
https://github.com/rumpkernel/src-netbsd#3687f55f417008a1fcdc04195644009232ae609d-3687f55f417008a1fcdc04195644009232ae609d
 
git://xenbits.xen.org/xen.git#6688825c240586708129df8887ad9b12a1708497-0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/linux-2.6
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/rumpuser-xen
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://xenbits.xen.org/rumpuser-xen.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/buildrump.sh
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/https://github.com/rumpkernel/buildrump.sh.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/xen
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://xenbits.xen.org/xen.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
From git://drall.uk.xensource.com:9419/git://xenbits.xen.org/xen
   816f5bb..5a430ec  staging    -> origin/staging
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/linux-2.6
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/rumpuser-xen
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://xenbits.xen.org/rumpuser-xen.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/buildrump.sh
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/https://github.com/rumpkernel/buildrump.sh.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
+ exec
+ sh -xe
+ cd /export/home/osstest/repos/xen
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://xenbits.xen.org/xen.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value $parents in array dereference at 
./adhoc-revtuple-generator line 461.
Use of uninitialized value in concatenation (.) or string at 
./adhoc-revtuple-generator line 461.
Loaded 123760 nodes in revision graph
Searching for test results:
 31266 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2ee4e55123b64feb79d8c824668a86e717ba47f8 
94c092b906e348acd512744536d28e4f06e4c1ef 
3687f55f417008a1fcdc04195644009232ae609d 
6688825c240586708129df8887ad9b12a1708497
 31282 [host=worm-moth]
 31334 fail 12d7aacab56e9ef185c3a5512e867bfd3a9504e4 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31352 fail 0df1f2487d2f0d04703f142813d53615d62a1da4 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31416 pass 53429290a054b30e4683297409fc4627b2592315 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31401 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2ee4e55123b64feb79d8c824668a86e717ba47f8 
94c092b906e348acd512744536d28e4f06e4c1ef 
3687f55f417008a1fcdc04195644009232ae609d 
6688825c240586708129df8887ad9b12a1708497
 31418 fail 89453379aaf0608253124057df6cd8ac63948135 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31402 fail 0df1f2487d2f0d04703f142813d53615d62a1da4 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31420 pass 53429290a054b30e4683297409fc4627b2592315 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31404 pass 3a2f22b7d0cc64482a91529e23c2570aa0602fa6 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2d0d163ae7cdabe002fd8a4ba441d9e7eb731fcf 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31421 fail 89453379aaf0608253124057df6cd8ac63948135 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31405 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
06ca11260277a9099a5ebeb04669fa0abf694106 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31407 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2ee4e55123b64feb79d8c824668a86e717ba47f8 
af97653924fa6f230f517d2efa850fd3c366054f 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31408 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2ee4e55123b64feb79d8c824668a86e717ba47f8 
05c06de524743a92d1d7b610dc9b4e23421f5e54 
3687f55f417008a1fcdc04195644009232ae609d 
912054bbbc5914174b6f90c6bcd0a5c4f370bdbe
 31422 pass 53429290a054b30e4683297409fc4627b2592315 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31410 pass a7ca10f263d7e673c74d8e0946d6b9993405cc9c 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
2ee4e55123b64feb79d8c824668a86e717ba47f8 
a55697c828687a7ff09b1fc93a42b73685368717 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31412 pass f5fa363026c3508735c6ab2f1029110d2c4966a2 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31424 fail 89453379aaf0608253124057df6cd8ac63948135 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
 31414 fail 32e8fd2f8eac3262e7000d9a219d70ace10e0adf 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
Searching for interesting versions
 Result found: flight 31266 (pass), for basis pass
 Result found: flight 31352 (fail), for basis failure
 Repro found: flight 31401 (pass), for basis pass
 Repro found: flight 31402 (fail), for basis failure
 0 revisions at 53429290a054b30e4683297409fc4627b2592315 
c530a75c1e6a472b0eb9558310b518f0dfcd8860 
b0d42741f8e9a00854c3b3faca1da84bfc69bf22 
ca78cc83650b535d7e24baeaea32947be0141534 
ccc8df17b7e7e785e28bee8ae90d0f00f93208ca 
e8eb61896d1f68884b9c39b61e7e1ddb41e90c0b 
3687f55f417008a1fcdc04195644009232ae609d 
0f2bde078ace619fe8e26730495b6ef2c3a2e9bf
No revisions left to test, checking graph state.
 Result found: flight 31416 (pass), for last pass
 Result found: flight 31418 (fail), for first failure
 Repro found: flight 31420 (pass), for last pass
 Repro found: flight 31421 (fail), for first failure
 Repro found: flight 31422 (pass), for last pass
 Repro found: flight 31424 (fail), for first failure

*** Found and reproduced problem changeset ***

  Bug is in tree:  linux 
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
  Bug introduced:  89453379aaf0608253124057df6cd8ac63948135
  Bug not present: 53429290a054b30e4683297409fc4627b2592315

+ exec
+ sh -xe
+ cd /export/home/osstest/repos/linux-2.6
+ git remote set-url origin 
git://drall.uk.xensource.com:9419/git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
+ git fetch -p origin +refs/heads/*:refs/remotes/origin/*

  commit 89453379aaf0608253124057df6cd8ac63948135
  Merge: 5342929 99a49ce
  Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 15:04:58 2014 -0700
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
      
      Pull networking fixes from David Miller:
       "A bit has accumulated, but it's been a week or so since my last batch
        of post-merge-window fixes, so...
      
         1) Missing module license in netfilter reject module, from Pablo.
            Lots of people ran into this.
      
         2) Off by one in mac80211 baserate calculation, from Karl Beldan.
      
         3) Fix incorrect return value from ax88179_178a driver's set_mac_addr
            op, which broke use of it with bonding.  From Ian Morgan.
      
         4) Checking of skb_gso_segment()'s return value was not all
            encompassing, it can return an SKB pointer, a pointer error, or
            NULL.  Fix from Florian Westphal.
      
            This is crummy, and longer term will be fixed to just return error
            pointers or a real SKB.
      
         6) Encapsulation offloads not being handled by
            skb_gso_transport_seglen().  From Florian Westphal.
      
         7) Fix deadlock in TIPC stack, from Ying Xue.
      
         8) Fix performance regression from using rhashtable for netlink
            sockets.  The problem was the synchronize_net() invoked for every
            socket destroy.  From Thomas Graf.
      
         9) Fix bug in eBPF verifier, and remove the strong dependency of BPF
            on NET.  From Alexei Starovoitov.
      
        10) In qdisc_create(), use the correct interface to allocate
            ->cpu_bstats, otherwise the u64_stats_sync member isn't
            initialized properly.  From Sabrina Dubroca.
      
        11) Off by one in ip_set_nfnl_get_byindex(), from Dan Carpenter.
      
        12) nf_tables_newchain() was erroneously expecting error pointers from
            netdev_alloc_pcpu_stats().  It only returna a valid pointer or
            NULL.  From Sabrina Dubroca.
      
        13) Fix use-after-free in _decode_session6(), from Li RongQing.
      
        14) When we set the TX flow hash on a socket, we mistakenly do so
            before we've nailed down the final source port.  Move the setting
            deeper to fix this.  From Sathya Perla.
      
        15) NAPI budget accounting in amd-xgbe driver was counting descriptors
            instead of full packets, fix from Thomas Lendacky.
      
        16) Fix total_data_buflen calculation in hyperv driver, from Haiyang
            Zhang.
      
        17) Fix bcma driver build with OF_ADDRESS disabled, from Hauke
            Mehrtens.
      
        18) Fix mis-use of per-cpu memory in TCP md5 code.  The problem is
            that something that ends up being vmalloc memory can't be passed
            to the crypto hash routines via scatter-gather lists.  From Eric
            Dumazet.
      
        19) Fix regression in promiscuous mode enabling in cdc-ether, from
            Olivier Blin.
      
        20) Bucket eviction and frag entry killing can race with eachother,
            causing an unlink of the object from the wrong list.  Fix from
            Nikolay Aleksandrov.
      
        21) Missing initialization of spinlock in cxgb4 driver, from Anish
            Bhatt.
      
        22) Do not cache ipv4 routing failures, otherwise if the sysctl for
            forwarding is subsequently enabled this won't be seen.  From
            Nicolas Cavallari"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (131 commits)
        drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
        drivers: net: cpsw: Fix broken loop condition in switch mode
        net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM 
with lengh 0
        stmmac: pci: set default of the filter bins
        net: smc91x: Fix gpios for device tree based booting
        mpls: Allow mpls_gso to be built as module
        mpls: Fix mpls_gso handler.
        r8152: stop submitting intr for -EPROTO
        netfilter: nft_reject_bridge: restrict reject to prerouting and input
        netfilter: nft_reject_bridge: don't use IP stack to reject traffic
        netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
        netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
        netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
        drivers/net: macvtap and tun depend on INET
        drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
        drivers/net: Disable UFO through virtio
        net: skb_fclone_busy() needs to detect orphaned skb
        gre: Use inner mac length when computing tunnel length
        mlx4: Avoid leaking steering rules on flow creation error flow
        net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for 
VXLAN
        ...
  
  commit 99a49ce613057f1934e1c378808374fd683b1541
  Merge: 1e5c4bc 75a916e
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Fri Oct 31 16:18:35 2014 -0400
  
      Merge tag 'master-2014-10-30' of 
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
      
      John W. Linville says:
      
      ====================
      pull request: wireless 2014-10-31
      
      Please pull this small batch of spooky fixes intended for the 3.18
      stream...boo!
      
      Cyril Brulebois adds an rt2x00 device ID.
      
      Dan Carpenter provides a one-line masking fix for an ath9k debugfs
      entry.
      
      Larry Finger gives us a package of small rtlwifi fixes which add some
      bits that were left out of some feature updates that were included
      in the merge window.  Hopefully this isn't a sign that the rtlwifi
      base is getting too big...
      
      Marc Yang brings a fix for a temporary mwifiex stall when doing 11n
      RX reordering.
      
      Please let me know if there are problems!
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e5c4bc497c0a96e1ad2974539d353870f2cb0b6
  Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 13:38:52 2014 -0400
  
      drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
      
      The cpsw driver did not support the IFF_ALLMULTI flag which makes dynamic
      multicast routing not work.  Related to this, when enabling IFF_PROMISC
      in switch mode, all registered multicast addresses are flushed, resulting
      in only broadcast and unicast traffic being received.
      
      A new cpsw_ale_set_allmulti function now scans through the ALE entry
      table and adds/removes the host port from the unregistered multicast
      port mask of each vlan entry depending on the state of IFF_ALLMULTI.
      In promiscious mode, cpsw_ale_set_allmulti is used to force reception
      of all multicast traffic in addition to the unicast and broadcast traffic.
      
      With this change dynamic multicast and promiscious mode both work in
      switch mode.
      
      Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 6f979eb3fcfb4c3f42f230d174db4bbad0080710
  Author: Lennart Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 13:28:54 2014 -0400
  
      drivers: net: cpsw: Fix broken loop condition in switch mode
      
      0d961b3b52f566f823070ce2366511a7f64b928c (drivers: net: cpsw: fix buggy
      loop condition) accidentally fixed a loop comparison in too many places
      while fixing a real bug.
      
      It was correct to fix the dual_emac mode section since there 'i' is used
      as an index into priv->slaves which is a 0 based array.
      
      However the other two changes (which are only used in switch mode)
      are wrong since there 'i' is actually the ALE port number, and port 0
      is the host port, while port 1 and up are the slave ports.
      
      Putting the loop condition back in the switch mode section fixes it.
      
      A comment has been added to point out the intent clearly to avoid future
      confusion.  Also a comment is fixed that said the opposite of what was
      actually happening.
      
      Signed-off-by: Len Sorensen <lsorense@xxxxxxxxxxxxxxxxxxx>
      Acked-by: Heiko Schocher <hs@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e0fb6fb6d52686134b2ece144060219591d4f8d3
  Author: Guenter Roeck <linux@xxxxxxxxxxxx>
  Date:   Thu Oct 30 20:50:15 2014 -0700
  
      net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with 
lengh 0
      
      If a driver supports reading EEPROM but no EEPROM is installed in the 
system,
      the driver's get_eeprom_len function returns 0. ethtool will subsequently
      try to read that zero-length EEPROM anyway. If the driver does not support
      EEPROM access at all, this operation will return -EOPNOTSUPP. If the 
driver
      does support EEPROM access but no EEPROM is installed, the operation will
      return -EINVAL. Return -EOPNOTSUPP in both cases for consistency.
      
      Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Tested-by: Andrew Lunn <andrew@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e19e084eae727654052339757ab7f1eaff58bad
  Author: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 18:28:03 2014 +0200
  
      stmmac: pci: set default of the filter bins
      
      The commit 3b57de958e2a brought the support for a different amount of the
      filter bins, but didn't update the PCI driver accordingly. This patch 
appends
      the default values when the device is enumerated via PCI bus.
      
      Fixes: 3b57de958e2a (net: stmmac: Support devicetree configs for mcast 
and ucast filter entries)
      Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
      Cc: stable@xxxxxxxxxxxxxxx
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 7d2911c4381555b31ef0bcae42a0dbf9ade7426e
  Author: Tony Lindgren <tony@xxxxxxxxxxx>
  Date:   Thu Oct 30 09:59:27 2014 -0700
  
      net: smc91x: Fix gpios for device tree based booting
      
      With legacy booting, the platform init code was taking care of
      the configuring of GPIOs. With device tree based booting, things
      may or may not work depending what bootloader has configured or
      if the legacy platform code gets called.
      
      Let's add support for the pwrdn and reset GPIOs to the smc91x
      driver to fix the issues of smc91x not working properly when
      booted in device tree mode.
      
      And let's change n900 to use these settings as some versions
      of the bootloader do not configure things properly causing
      errors.
      
      Reported-by: Kevin Hilman <khilman@xxxxxxxxxx>
      Signed-off-by: Tony Lindgren <tony@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit de05c400f7dfa566f598140f8604a5de8067cd5f
  Author: Pravin B Shelar <pshelar@xxxxxxxxxx>
  Date:   Thu Oct 30 00:50:04 2014 -0700
  
      mpls: Allow mpls_gso to be built as module
      
      Kconfig already allows mpls to be built as module. Following patch
      fixes Makefile to do same.
      
      CC: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx>
      Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f7065f4bd3fe4ad6bf7e49ba7c68baa2c7046146
  Author: Pravin B Shelar <pshelar@xxxxxxxxxx>
  Date:   Thu Oct 30 00:49:57 2014 -0700
  
      mpls: Fix mpls_gso handler.
      
      mpls gso handler needs to pull skb after segmenting skb.
      
      CC: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: Pravin B Shelar <pshelar@xxxxxxxxxx>
      Acked-by: Simon Horman <simon.horman@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d59c876dd61f3c151db077f9d73774e605f2b35e
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Fri Oct 31 13:35:57 2014 +0800
  
      r8152: stop submitting intr for -EPROTO
      
      For Renesas USB 3.0 host controller, when unplugging the usb hub which
      has the RTL8153 plugged, the driver would get -EPROTO for interrupt
      transfer. There is high probability to get the information of "HC died;
      cleaning up", if the driver continues to submit the interrupt transfer
      before the disconnect() is called.
      
      [ 1024.197678] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.213673] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.229668] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.245661] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.261653] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.277648] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.293642] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.309638] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.325633] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.341627] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.357621] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.373615] r8152 9-1.4:1.0 eth0: intr status -71
      [ 1024.383097] usb 9-1: USB disconnect, device number 2
      [ 1024.383103] usb 9-1.4: USB disconnect, device number 6
      [ 1029.391010] xhci_hcd 0000:04:00.0: xHCI host not responding to stop 
endpoint command.
      [ 1029.391016] xhci_hcd 0000:04:00.0: Assuming host is dying, halting 
host.
      [ 1029.392551] xhci_hcd 0000:04:00.0: HC died; cleaning up
      [ 1029.421480] usb 8-1: USB disconnect, device number 2
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e3a88f9c4f79a4d138a0ea464cfbac40ba46644c
  Merge: de11b0e 127917c
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Fri Oct 31 12:29:42 2014 -0400
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
      
      Pablo Neira Ayuso says:
      
      ====================
      netfilter/ipvs fixes for net
      
      The following patchset contains fixes for netfilter/ipvs. This round of
      fixes is larger than usual at this stage, specifically because of the
      nf_tables bridge reject fixes that I would like to see in 3.18. The
      patches are:
      
      1) Fix a null-pointer dereference that may occur when logging
         errors. This problem was introduced by 4a4739d56b0 ("ipvs: Pull
         out crosses_local_route_boundary logic") in v3.17-rc5.
      
      2) Update hook mask in nft_reject_bridge so we can also filter out
         packets from there. This fixes 36d2af5 ("netfilter: nf_tables: allow
         to filter from prerouting and postrouting"), which needs this chunk
         to work.
      
      3) Two patches to refactor common code to forge the IPv4 and IPv6
         reject packets from the bridge. These are required by the nf_tables
         reject bridge fix.
      
      4) Fix nft_reject_bridge by avoiding the use of the IP stack to reject
         packets from the bridge. The idea is to forge the reject packets and
         inject them to the original port via br_deliver() which is now
         exported for that purpose.
      
      5) Restrict nft_reject_bridge to bridge prerouting and input hooks.
         the original skbuff may cloned after prerouting when the bridge stack
         needs to flood it to several bridge ports, it is too late to reject
         the traffic.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 127917c29a432c3b798e014a1714e9c1af0f87fe
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 14:08:17 2014 +0100
  
      netfilter: nft_reject_bridge: restrict reject to prerouting and input
      
      Restrict the reject expression to the prerouting and input bridge
      hooks. If we allow this to be used from forward or any other later
      bridge hook, if the frame is flooded to several ports, we'll end up
      sending several reject packets, one per cloned packet.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 523b929d5446c023e1219aa81455a8c766cac883
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 18:40:26 2014 +0200
  
      netfilter: nft_reject_bridge: don't use IP stack to reject traffic
      
      If the packet is received via the bridge stack, this cannot reject
      packets from the IP stack.
      
      This adds functions to build the reject packet and send it from the
      bridge stack. Comments and assumptions on this patch:
      
      1) Validate the IPv4 and IPv6 headers before further processing,
         given that the packet comes from the bridge stack, we cannot assume
         they are clean. Truncated packets are dropped, we follow similar
         approach in the existing iptables match/target extensions that need
         to inspect layer 4 headers that is not available. This also includes
         packets that are directed to multicast and broadcast ethernet
         addresses.
      
      2) br_deliver() is exported to inject the reject packet via
         bridge localout -> postrouting. So the approach is similar to what
         we already do in the iptables reject target. The reject packet is
         sent to the bridge port from which we have received the original
         packet.
      
      3) The reject packet is forged based on the original packet. The TTL
         is set based on sysctl_ip_default_ttl for IPv4 and per-net
         ipv6.devconf_all hoplimit for IPv6.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 8bfcdf6671b1c8006c52c3eaf9fd1b5dfcf41c3d
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sun Oct 26 12:35:54 2014 +0100
  
      netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
      
      That can be reused by the reject bridge expression to build the reject
      packet. The new functions are:
      
      * nf_reject_ip6_tcphdr_get(): to sanitize and to obtain the TCP header.
      * nf_reject_ip6hdr_put(): to build the IPv6 header.
      * nf_reject_ip6_tcphdr_put(): to build the TCP header.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 052b9498eea532deb5de75277a53f6e0623215dc
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 18:24:57 2014 +0200
  
      netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
      
      That can be reused by the reject bridge expression to build the reject
      packet. The new functions are:
      
      * nf_reject_ip_tcphdr_get(): to sanitize and to obtain the TCP header.
      * nf_reject_iphdr_put(): to build the IPv4 header.
      * nf_reject_ip_tcphdr_put(): to build the TCP header.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 4d87716cd057bde3f90e304289c1fec88d45a1cc
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 12:25:06 2014 +0200
  
      netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
      
      Fixes: 36d2af5 ("netfilter: nf_tables: allow to filter from prerouting 
and postrouting")
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit de11b0e8c569b96c2cf6a811e3805b7aeef498a3
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Fri Oct 31 03:10:31 2014 +0000
  
      drivers/net: macvtap and tun depend on INET
      
      These drivers now call ipv6_proxy_select_ident(), which is defined
      only if CONFIG_INET is enabled.  However, they have really depended
      on CONFIG_INET for as long as they have allowed sending GSO packets
      from userland.
      
      Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx>
      Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
      Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
      Fixes: b9fb9ee07e67 ("macvtap: add GSO/csum offload support")
      Fixes: 5188cd44c55d ("drivers/net, ipv6: Select IPv6 fragment idents for 
virtio UFO packets")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit c1304b217c7cefa5718fab9d36c59ba0d0133c6e
  Merge: 39bb5e6 5188cd4
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 20:01:27 2014 -0400
  
      Merge branch 'ufo-fix'
      
      Ben Hutchings says:
      
      ====================
      drivers/net,ipv6: Fix IPv6 fragment ID selection for virtio
      
      The virtio net protocol supports UFO but does not provide for passing a
      fragment ID for fragmentation of IPv6 packets.  We used to generate a
      fragment ID wherever such a packet was fragmented, but currently we
      always use ID=0!
      
      v2: Add blank lines after declarations
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 5188cd44c55db3e92cd9e77a40b5baa7ed4340f7
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Thu Oct 30 18:27:17 2014 +0000
  
      drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
      
      UFO is now disabled on all drivers that work with virtio net headers,
      but userland may try to send UFO/IPv6 packets anyway.  Instead of
      sending with ID=0, we should select identifiers on their behalf (as we
      used to).
      
      Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
      Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4
  Author: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
  Date:   Thu Oct 30 18:27:12 2014 +0000
  
      drivers/net: Disable UFO through virtio
      
      IPv6 does not allow fragmentation by routers, so there is no
      fragmentation ID in the fixed header.  UFO for IPv6 requires the ID to
      be passed separately, but there is no provision for this in the virtio
      net protocol.
      
      Until recently our software implementation of UFO/IPv6 generated a new
      ID, but this was a bug.  Now we will use ID=0 for any UFO/IPv6 packet
      passed through a tap, which is even worse.
      
      Unfortunately there is no distinction between UFO/IPv4 and v6
      features, so disable UFO on taps and virtio_net completely until we
      have a proper solution.
      
      We cannot depend on VM managers respecting the tap feature flags, so
      keep accepting UFO packets but log a warning the first time we do
      this.
      
      Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
      Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 39bb5e62867de82b269b07df900165029b928359
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Thu Oct 30 10:32:34 2014 -0700
  
      net: skb_fclone_busy() needs to detect orphaned skb
      
      Some drivers are unable to perform TX completions in a bound time.
      They instead call skb_orphan()
      
      Problem is skb_fclone_busy() has to detect this case, otherwise
      we block TCP retransmits and can freeze unlucky tcp sessions on
      mostly idle hosts.
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Fixes: 1f3279ae0c13 ("tcp: avoid retransmits of TCP packets hanging in 
host queues")
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 14051f0452a2c26a3f4791e6ad6a435e8f1945ff
  Author: Tom Herbert <therbert@xxxxxxxxxx>
  Date:   Thu Oct 30 08:40:56 2014 -0700
  
      gre: Use inner mac length when computing tunnel length
      
      Currently, skb_inner_network_header is used but this does not account
      for Ethernet header for ETH_P_TEB. Use skb_inner_mac_header which
      handles TEB and also should work with IP encapsulation in which case
      inner mac and inner network headers are the same.
      
      Tested: Ran TCP_STREAM over GRE, worked as expected.
      
      Signed-off-by: Tom Herbert <therbert@xxxxxxxxxx>
      Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 292dd6542f90126826fe87b302e6afa3b7ada6b8
  Merge: 9cc233f 571e1b2
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 19:49:20 2014 -0400
  
      Merge branch 'mellanox-net'
      
      Or Gerlitz says:
      
      ====================
      mlx4 driver encapsulation/steering fixes
      
      The 1st patch fixes a bug in the TX path that supports offloading the
      TX checksum of (VXLAN) encapsulated TCP packets. It turns out that the
      bug is revealed only when the receiver runs in non-offloaded mode, so
      we somehow missed it so far... please queue it for -stable >= 3.14
      
      The 2nd patch makes sure not to leak steering entry on error flow,
      please queue it to 3.17-stable
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 571e1b2c7a4c2fd5faa1648462a6b65fa26530d7
  Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
  Date:   Thu Oct 30 15:59:28 2014 +0200
  
      mlx4: Avoid leaking steering rules on flow creation error flow
      
      If mlx4_ib_create_flow() attempts to create > 1 rules with the
      firmware, and one of these registrations fail, we leaked the
      already created flow rules.
      
      One example of the leak is when the registration of the VXLAN ghost
      steering rule fails, we didn't unregister the original rule requested
      by the user, introduced in commit d2fce8a9060d "mlx4: Set
      user-space raw Ethernet QPs to properly handle VXLAN traffic".
      
      While here, add dump of the VXLAN portion of steering rules
      so it can actually be seen when flow creation fails.
      
      Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit a4f2dacbf2a5045e34b98a35d9a3857800f25a7b
  Author: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
  Date:   Thu Oct 30 15:59:27 2014 +0200
  
      net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN
      
      For VXLAN/NVGRE encapsulation, the current HW doesn't support offloading
      both the outer UDP TX checksum and the inner TCP/UDP TX checksum.
      
      The driver doesn't advertize SKB_GSO_UDP_TUNNEL_CSUM, however we are 
wrongly
      telling the HW to offload the outer UDP checksum for encapsulated packets,
      fix that.
      
      Fixes: 837052d0ccc5 ('net/mlx4_en: Add netdev support for TCP/IP
                     offloads of vxlan tunneling')
      Signed-off-by: Or Gerlitz <ogerlitz@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 9cc233fb0f94b79d07cf141a625e237769d267a1
  Merge: fa19c2b0 e3215f0
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 19:46:33 2014 -0400
  
      Merge branch 'master' of 
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net
      
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Updates 2014-10-30
      
      This series contains updates to e1000, igb and ixgbe.
      
      Francesco Ruggeri fixes an issue with e1000 where in a VM the driver did
      not support unicast filtering.
      
      Roman Gushchin fixes an issue with igb where the driver was re-using
      mapped pages so that packets were still getting dropped even if all
      the memory issues are gone and there is free memory.
      
      Junwei Zhang found where in the ixgbe_clean_rx_ring() we were repeating
      the assignment of NULL to the receive buffer skb and fixes it.
      
      Emil fixes a race condition between setup_link and SFP detection routine
      in the watchdog when setting the advertised speed.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit fa19c2b050ab5254326f5fc07096dd3c6a8d5d58
  Author: Nicolas Cavallari <nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 30 10:09:53 2014 +0100
  
      ipv4: Do not cache routing failures due to disabled forwarding.
      
      If we cache them, the kernel will reuse them, independently of
      whether forwarding is enabled or not.  Which means that if forwarding is
      disabled on the input interface where the first routing request comes
      from, then that unreachable result will be cached and reused for
      other interfaces, even if forwarding is enabled on them.  The opposite
      is also true.
      
      This can be verified with two interfaces A and B and an output interface
      C, where B has forwarding enabled, but not A and trying
      ip route get $dst iif A from $src && ip route get $dst iif B from $src
      
      Signed-off-by: Nicolas Cavallari 
<nicolas.cavallari@xxxxxxxxxxxxxxxxxxxxxxx>
      Reviewed-by: Julian Anastasov <ja@xxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e327c225c911529898ec300cb96d2088893de3df
  Author: Anish Bhatt <anish@xxxxxxxxxxx>
  Date:   Wed Oct 29 17:54:03 2014 -0700
  
      cxgb4 : Fix missing initialization of win0_lock
      
      win0_lock was being used un-initialized, resulting in warning traces
      being seen when lock debugging is enabled (and just wrong)
      
      Fixes : fc5ab0209650 ('cxgb4: Replaced the backdoor mechanism to access 
the HW
       memory with PCIe Window method')
      
      Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx>
      Signed-off-by: Casey Leedom <leedom@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 83810a9a6af310e413ce649c6ca2df2b4946e5a4
  Merge: d70127e e3bd1a8
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Thu Oct 30 15:49:05 2014 -0400
  
      Merge branch 'r8152-net'
      
      Hayes Wang says:
      
      ====================
      r8152: patches for autosuspend
      
      There are unexpected processes when enabling autosuspend.
      These patches are used to fix them.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit e3bd1a81cd1e3f8ed961e642e97206d715db06c4
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Wed Oct 29 11:12:17 2014 +0800
  
      r8152: check WORK_ENABLE in suspend function
      
      Avoid unnecessary behavior when autosuspend occurs during open().
      The relative processes should only be run after finishing open().
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f4c7476b041d200c3b347f019eebf05e6d0b47f9
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Wed Oct 29 11:12:16 2014 +0800
  
      r8152: reset tp->speed before autoresuming in open function
      
      If (tp->speed & LINK_STATUS) is not zero, the rtl8152_resume()
      would call rtl_start_rx() before enabling the tx/rx. Avoid this
      by resetting it to zero.
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 923e1ee3ff0b585cc4f56cf696c8455708537ffb
  Author: hayeswang <hayeswang@xxxxxxxxxxx>
  Date:   Wed Oct 29 11:12:15 2014 +0800
  
      r8152: clear SELECTIVE_SUSPEND when autoresuming
      
      The flag of SELECTIVE_SUSPEND should be cleared when autoresuming.
      Otherwise, when the system suspend and resume occur, it may have
      the wrong flow.
      
      Besides, because the flag of SELECTIVE_SUSPEND couldn't be used
      to check if the hw enables the relative feature, it should alwayes
      be disabled in close().
      
      Signed-off-by: Hayes Wang <hayeswang@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 75a916e1944fea8347d2245c62567187e4eff9dd
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:13 2014 -0500
  
      rtlwifi: rtl8192se: Fix firmware loading
      
      An error in the code makes the allocated space for firmware to be too
      small.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 8ae3c16e41b02db8ffe4121468519d6352baedc1
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:11 2014 -0500
  
      rtlwifi: rtl8192ce: Add missing section to read descriptor setting
      
      The new version of rtlwifi needs code in rtl92ce_get_desc() that returns
      the buffer address for read operations.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 30c5ccc6afee39754cff75ad8d775ad39a2ce989
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:10 2014 -0500
  
      rtlwifi: rtl8192se: Add missing section to read descriptor setting
      
      The new version of rtlwifi needs code in rtl92se_get_desc() that returns
      the buffer address for read operations.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 501479699ff484ba8acc1d07022271f00cfc55a3
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:09 2014 -0500
  
      rtlwifi: rtl8192se: Fix duplicate calls to ieee80211_register_hw()
      
      Driver rtlwifi has been modified to call ieee80211_register_hw()
      from the probe routine; however, the existing call in the callback
      routine for deferred firmware loading was not removed.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit c0386f1584127442d0f2aea41bc948056d6b1337
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Wed Oct 29 23:17:08 2014 -0500
  
      rtlwifi: rtl8192ce: rtl8192de: rtl8192se: Fix handling for missing 
get_btc_status
      
      The recent changes in checking for Bluetooth status added some callbacks 
to code
      in rtlwifi. To make certain that all callbacks are defined, a dummy 
routine has been
      added to rtlwifi, and the drivers that need to use it are modified.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 3a8fede115f12f7b90524d1ba4e709ce398ce8c6
  Author: Marc Yang <yangyang@xxxxxxxxxxx>
  Date:   Wed Oct 29 22:44:34 2014 +0530
  
      mwifiex: restart rxreorder timer correctly
      
      During 11n RX reordering, if there is a hole in RX table,
      driver will not send packets to kernel until the rxreorder
      timer expires or the table is full.
      However, currently driver always restarts rxreorder timer when
      receiving a packet, which causes the timer hardly to expire.
      So while connected with to 11n AP in a busy environment,
      ping packets may get blocked for about 30 seconds.
      
      This patch fixes this timer restarting by ensuring rxreorder timer
      would only be restarted either timer is not set or start_win
      has changed.
      
      Signed-off-by: Chin-Ran Lo <crlo@xxxxxxxxxxx>
      Signed-off-by: Plus Chen <pchen@xxxxxxxxxxx>
      Signed-off-by: Marc Yang <yangyang@xxxxxxxxxxx>
      Signed-off-by: Cathy Luo <cluo@xxxxxxxxxxx>
      Signed-off-by: Avinash Patil <patila@xxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit a017ff755e43de9a3221d4ff4f03184ea7b93733
  Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
  Date:   Wed Oct 29 18:48:05 2014 +0300
  
      ath9k: fix some debugfs output
      
      The right shift operation has higher precedence than the mask so we
      left shift by "(i * 3)" and then immediately right shift by "(i * 3)"
      then we mask.  It should be left shift, mask, and then right shift.
      
      Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 664d6a792785cc677c2091038ce10322c8d04ae1
  Author: Cyril Brulebois <kibi@xxxxxxxxxx>
  Date:   Tue Oct 28 16:42:41 2014 +0100
  
      wireless: rt2x00: add new rt2800usb device
      
      0x1b75 0xa200 AirLive WN-200USB wireless 11b/g/n dongle
      
      References: https://bugs.debian.org/766802
      Reported-by: Martin Mokrejs <mmokrejs@xxxxxxxxxxxxxxxxxx>
      Cc: stable@xxxxxxxxxxxxxxx
      Signed-off-by: Cyril Brulebois <kibi@xxxxxxxxxx>
      Acked-by: Stanislaw Gruszka <sgruszka@xxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit e3215f0ac77ec23b052cb0bf511143038ac2ad7b
  Author: Emil Tantilov <emil.s.tantilov@xxxxxxxxx>
  Date:   Tue Oct 28 05:50:03 2014 +0000
  
      ixgbe: fix race when setting advertised speed
      
      Following commands:
      
      modprobe ixgbe
      ifconfig ethX up
      ethtool -s ethX advertise 0x020
      
      can lead to "setup link failed with code -14" error due to the setup_link
      call racing with the SFP detection routine in the watchdog.
      
      This patch resolves this issue by protecting the setup_link call with 
check
      for __IXGBE_IN_SFP_INIT.
      
      Reported-by: Scott Harrison <scoharr2@xxxxxxxxx>
      Signed-off-by: Emil Tantilov <emil.s.tantilov@xxxxxxxxx>
      Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit 4d2fcfbcf8141cdf70245a0c0612b8076f4b7e32
  Author: Junwei Zhang <linggao.zjw@xxxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:29:03 2014 +0000
  
      ixgbe: need not repeat init skb with NULL
      
      Signed-off-by: Martin Zhang <martinbj2008@xxxxxxxxx>
      Tested-by: Phil Schmitt <phillip.j.schmitt@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit bc16e47f03a7dce9ad68029b21519265c334eb12
  Author: Roman Gushchin <klamm@xxxxxxxxxxxxxx>
  Date:   Thu Oct 23 03:32:27 2014 +0000
  
      igb: don't reuse pages with pfmemalloc flag
      
      Incoming packet is dropped silently by sk_filter(), if the skb was
      allocated from pfmemalloc reserves and the corresponding socket is
      not marked with the SOCK_MEMALLOC flag.
      
      Igb driver allocates pages for DMA with __skb_alloc_page(), which
      calls alloc_pages_node() with the __GFP_MEMALLOC flag. So, in case
      of OOM condition, igb can get pages with pfmemalloc flag set.
      
      If an incoming packet hits the pfmemalloc page and is large enough
      (small packets are copying into the memory, allocated with
      netdev_alloc_skb_ip_align(), so they are not affected), it will be
      dropped.
      
      This behavior is ok under high memory pressure, but the problem is
      that the igb driver reuses these mapped pages. So, packets are still
      dropping even if all memory issues are gone and there is a plenty
      of free memory.
      
      In my case, some TCP sessions hang on a small percentage (< 0.1%)
      of machines days after OOMs.
      
      Fix this by avoiding reuse of such pages.
      
      Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx>
      Tested-by: Aaron Brown "aaron.f.brown@xxxxxxxxx"
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit a22bb0b9b9b09b4cc711f6d577679773e074dde9
  Author: Francesco Ruggeri <fruggeri@xxxxxxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:29:24 2014 +0000
  
      e1000: unset IFF_UNICAST_FLT on WMware 82545EM
      
      VMWare's e1000 implementation does not seem to support unicast filtering.
      This can be observed by configuring a macvlan interface on eth0 in a VM in
      VMWare Fusion 5.0.5, and trying to use that interface instead of eth0.
      Tested on 3.16.
      
      Signed-off-by: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
      Tested-by: Aaron Brown <aaron.f.brown@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
  
  commit d70127e8a942364de8dd140fe73893efda363293
  Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
  Date:   Tue Oct 28 10:44:01 2014 +0100
  
      inet: frags: remove the WARN_ON from inet_evict_bucket
      
      The WARN_ON in inet_evict_bucket can be triggered by a valid case:
      inet_frag_kill and inet_evict_bucket can be running in parallel on the
      same queue which means that there has been at least one more ref added
      by a previous inet_frag_find call, but inet_frag_kill can delete the
      timer before inet_evict_bucket which will cause the WARN_ON() there to
      trigger since we'll have refcnt!=1. Now, this case is valid because the
      queue is being "killed" for some reason (removed from the chain list and
      its timer deleted) so it will get destroyed in the end by one of the
      inet_frag_put() calls which reaches 0 i.e. refcnt is still valid.
      
      CC: Florian Westphal <fw@xxxxxxxxx>
      CC: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      CC: Patrick McLean <chutzpah@xxxxxxxxxx>
      
      Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue")
      Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx>
      Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 65ba1f1ec0eff1c25933468e1d238201c0c2cb29
  Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
  Date:   Tue Oct 28 10:30:34 2014 +0100
  
      inet: frags: fix a race between inet_evict_bucket and inet_frag_kill
      
      When the evictor is running it adds some chosen frags to a local list to
      be evicted once the chain lock has been released but at the same time
      the *frag_queue can be running for some of the same queues and it
      may call inet_frag_kill which will wait on the chain lock and
      will then delete the queue from the wrong list since it was added in the
      eviction one. The fix is simple - check if the queue has the evict flag
      set under the chain lock before deleting it, this is safe because the
      evict flag is set only under that lock and having the flag set also means
      that the queue has been detached from the chain list, so no need to delete
      it again.
      An important note to make is that we're safe w.r.t refcnt because
      inet_frag_kill and inet_evict_bucket will sync on the del_timer operation
      where only one of the two can succeed (or if the timer is executing -
      none of them), the cases are:
      1. inet_frag_kill succeeds in del_timer
       - then the timer ref is removed, but inet_evict_bucket will not add
         this queue to its expire list but will restart eviction in that chain
      2. inet_evict_bucket succeeds in del_timer
       - then the timer ref is kept until the evictor "expires" the queue, but
         inet_frag_kill will remove the initial ref and will set
         INET_FRAG_COMPLETE which will make the frag_expire fn just to remove
         its ref.
      In the end all of the queue users will do an inet_frag_put and the one
      that reaches 0 will free it. The refcount balance should be okay.
      
      CC: Florian Westphal <fw@xxxxxxxxx>
      CC: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      CC: Patrick McLean <chutzpah@xxxxxxxxxx>
      
      Fixes: b13d3cbfb8e8 ("inet: frag: move eviction of queues to work queue")
      Suggested-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      Reported-by: Patrick McLean <chutzpah@xxxxxxxxxx>
      Tested-by: Patrick McLean <chutzpah@xxxxxxxxxx>
      Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
      Reviewed-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8f4eb70059ee834522ce90a6fce0aa3078c18620
  Author: Tej Parkash <tej.parkash@xxxxxxxxxx>
  Date:   Tue Oct 28 01:18:15 2014 -0400
  
      cnic: Update the rcu_access_pointer() usages
      
      1. Remove the rcu_read_lock/unlock around rcu_access_pointer
      2. Replace the rcu_dereference with rcu_access_pointer
      
      Signed-off-by: Tej Parkash <tej.parkash@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit cd03cf0158449f9f4c19ecb54dfc97d9bd86eeeb
  Author: Hariprasad Shenai <hariprasad@xxxxxxxxxxx>
  Date:   Mon Oct 27 23:22:10 2014 +0530
  
      cxgb4vf: Replace repetitive pci device ID's with right ones
      
      Replaced repetive Device ID's which got added in commit b961f9a48844ecf3
      ("cxgb4vf: Remove superfluous "idx" parameter of CH_DEVICE() macro")
      
      Signed-off-by: Hariprasad Shenai <hariprasad@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b2ed64a97430a26a63c6ea91c9b50e639a98dfbc
  Author: Lubomir Rintel <lkundrak@xxxxx>
  Date:   Mon Oct 27 17:39:16 2014 +0100
  
      ipv6: notify userspace when we added or changed an ipv6 token
      
      NetworkManager might want to know that it changed when the router 
advertisement
      arrives.
      
      Signed-off-by: Lubomir Rintel <lkundrak@xxxxx>
      Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
      Cc: Daniel Borkmann <dborkman@xxxxxxxxxx>
      Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d56109020d93337545dd257a790cb429a70acfad
  Author: WANG Cong <xiyou.wangcong@xxxxxxxxx>
  Date:   Fri Oct 24 16:55:58 2014 -0700
  
      sch_pie: schedule the timer after all init succeed
      
      Cc: Vijay Subramanian <vijaynsu@xxxxxxxxx>
      Cc: David S. Miller <davem@xxxxxxxxxxxxx>
      Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
      Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
  
  commit 068301f2be36a5c1ee9a2521c94b98e343612a88
  Merge: 9ffa1fc b77e26d
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 17:26:24 2014 -0400
  
      Merge branch 'cdc-ether'
      
      Olivier Blin says:
      
      ====================
      cdc-ether: handle promiscuous mode
      
      Since kernel 3.16, my Lenovo USB network adapters (RTL8153) using
      cdc-ether are not working anymore in a bridge.
      
      This is due to commit c472ab68ad67db23c9907a27649b7dc0899b61f9, which
      resets the packet filter when the device is bound.
      
      The default packet filter set by cdc-ether does not include
      promiscuous, while the adapter seemed to have promiscuous enabled by
      default.
      
      This patch series allows to support promiscuous mode for cdc-ether, by
      hooking into set_rx_mode.
      
      Incidentally, maybe this device should be handled by the r8152 driver,
      but this patch series is still nice for other adapters.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
      Acked-by: Oliver Neukum <oneukum@xxxxxxx>
  
  commit b77e26d191590c73b4a982ea3b3b87194069a56a
  Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
  Date:   Fri Oct 24 19:43:02 2014 +0200
  
      cdc-ether: handle promiscuous mode with a set_rx_mode callback
      
      Promiscuous mode was not supported anymore with my Lenovo adapters
      (RTL8153) since commit c472ab68ad67db23c9907a27649b7dc0899b61f9
      (cdc-ether: clean packet filter upon probe).
      
      It was not possible to use them in a bridge anymore.
      
      Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
      Also-analyzed-by: Loïc Yhuel <loic.yhuel@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d80c679bc1526183f1cf4adc54b0b72e8798555e
  Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
  Date:   Fri Oct 24 19:43:01 2014 +0200
  
      cdc-ether: extract usbnet_cdc_update_filter function
      
      This will be used by the set_rx_mode callback.
      
      Also move a comment about multicast filtering in this new function.
      
      Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1efed2d06c703489342ab6af2951683e07509c99
  Author: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
  Date:   Fri Oct 24 19:43:00 2014 +0200
  
      usbnet: add a callback for set_rx_mode
      
      To delegate promiscuous mode and multicast filtering to the subdriver.
      
      Signed-off-by: Olivier Blin <olivier.blin@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 9ffa1fcaef222026a8e031830f8db29d3f2cfc47
  Merge: ebcf34f 704d33e
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 17:08:56 2014 -0400
  
      Merge branch 'systemport-net'
      
      Florian Fainelli says:
      
      ====================
      net: systemport: RX path and suspend fixes
      
      These two patches fix a race condition where we have our RX interrupts
      enabled, but not NAPI for the RX path, and the second patch fixes an
      issue for packets stuck in RX fifo during a suspend/resume cycle.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 704d33e7006f20f9b4fa7d24a0f08c4b5919b131
  Author: Florian Fainelli <f.fainelli@xxxxxxxxx>
  Date:   Tue Oct 28 11:12:01 2014 -0700
  
      net: systemport: reset UniMAC coming out of a suspend cycle
      
      bcm_sysport_resume() was missing an UniMAC reset which can lead to
      various receive FIFO corruptions coming out of a suspend cycle. If the
      RX FIFO is stuck, it will deliver corrupted/duplicate packets towards
      the host CPU interface.
      
      This could be reproduced on crowded network and when Wake-on-LAN is
      enabled for this particular interface because the switch still forwards
      packets towards the host CPU interface (SYSTEMPORT), and we had to leave
      the UniMAC RX enable bit on to allow matching MagicPackets.
      
      Once we re-enter the resume function, there is a small window during
      which the UniMAC receive is still enabled, and we start queueing
      packets, but the RDMA and RBUF engines are not ready, which leads to
      having packets stuck in the UniMAC RX FIFO, ultimately delivered towards
      the host CPU as corrupted.
      
      Fixes: 40755a0fce17 ("net: systemport: add suspend and resume support")
      Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8edf0047f4b8e03d94ef88f5a7dec146cce03a06
  Author: Florian Fainelli <f.fainelli@xxxxxxxxx>
  Date:   Tue Oct 28 11:12:00 2014 -0700
  
      net: systemport: enable RX interrupts after NAPI
      
      There is currently a small window during which the SYSTEMPORT adapter
      enables its RX interrupts without having enabled its NAPI handler, which
      can result in packets to be discarded during interface bringup.
      
      A similar but more serious window exists in bcm_sysport_resume() during
      which we can have the RDMA engine not fully prepared to receive packets
      and yet having RX interrupts enabled.
      
      Fix this my moving the RX interrupt enable down to
      bcm_sysport_netif_start() after napi_enable() for the RX path is called,
      which fixes both call sites: bcm_sysport_open() and
      bcm_sysport_resume().
      
      Fixes: b02e6d9ba7ad ("net: systemport: add 
bcm_sysport_netif_{enable,stop}")
      Signed-off-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ebcf34f3d4be11f994340aff629f3c17171a4f65
  Author: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
  Date:   Sun Oct 26 19:14:06 2014 -0700
  
      skbuff.h: fix kernel-doc warning for headers_end
      
      Fix kernel-doc warning in <linux/skbuff.h> by making both headers_start
      and headers_end private fields.
      
      Warning(..//include/linux/skbuff.h:654): No description found for 
parameter 'headers_end[0]'
      
      Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 99d881f993f066c75059d24e44c74f7a3fc199bc
  Author: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx>
  Date:   Sun Oct 26 14:22:24 2014 -0500
  
      net: phy: Add SGMII Configuration for Marvell 88E1145 Initialization
      
      Marvell phy 88E1145 configuration & initialization was missing a case
      for initializing SGMII mode. This patch adds that case.
      
      Signed-off-by: Vince Bridgers <vbridger@xxxxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 47276fcc2d542e7b15e384c08b1709c1921b06c1
  Author: Mugunthan V N <mugunthanvnm@xxxxxx>
  Date:   Fri Oct 24 18:51:33 2014 +0530
  
      drivers: net:cpsw: fix probe_dt when only slave 1 is pinned out
      
      when slave 0 has no phy and slave 1 connected to phy, driver probe will
      fail as there is no phy id present for slave 0 device tree, so continuing
      even though no phy-id found, also moving mac-id read later to ensure
      mac-id is read from device tree even when phy-id entry in not found.
      
      Signed-off-by: Mugunthan V N <mugunthanvnm@xxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 25946f20b775f5c630d4326dd7a7f1df0576eb57
  Merge: 3923d68 99c8140
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 15:30:15 2014 -0400
  
      Merge tag 'master-2014-10-27' of 
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
      
      John W. Linville says:
      
      ====================
      pull request: wireless 2014-10-28
      
      Please pull this batch of fixes intended for the 3.18 stream!
      
      For the mac80211 bits, Johannes says:
      
      "Here are a few fixes for the wireless stack: one fixes the
      RTS rate, one for a debugfs file, one to return the correct
      channel to userspace, a sanity check for a userspace value
      and the remaining two are just documentation fixes."
      
      For the iwlwifi bits, Emmanuel says:
      
      "I revert here a patch that caused interoperability issues.
      dvm gets a fix for a bug that was reported by many users.
      Two minor fixes for BT Coex and platform power fix that helps
      reducing latency when the PCIe link goes to low power states."
      
      In addition...
      
      Felix Fietkau adds a couple of ath code fixes related to regulatory
      rule enforcement.
      
      Hauke Mehrtens fixes a build break with bcma when CONFIG_OF_ADDRESS
      is not set.
      
      Karsten Wiese provides a trio of minor fixes for rtl8192cu.
      
      Kees Cook prevents a potential information leak in rtlwifi.
      
      Larry Finger also brings a trio of minor fixes for rtlwifi.
      
      RafaÅ? MiÅ?ecki adds a device ID to the bcma bus driver.
      
      Rickard Strandqvist offers some strn* -> strl* changes in brcmfmac
      to eliminate non-terminated string issues.
      
      Sujith Manoharan avoids some ath9k stalls by enabling HW queue control
      only for MCC.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3923d68dc05033aa843b67d73110a6d402ac6e14
  Merge: f89b775 c146b77
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 28 15:28:30 2014 -0400
  
      Merge branch 'dsa-net'
      
      Andrew Lunn says:
      
      ====================
      DSA tagging mismatches
      
      The second patch is a fix, which should be applied to -rc. It is
      possible to get a DSA configuration which does not work. The patch
      stops this happening.
      
      The first patch detects this situation, and errors out the probe of
      DSA, making it more obvious something is wrong. It is not required to
      apply it -rc.
      
      v2 fixes the use case pointed out by Florian, that a switch driver
      may use DSA_TAG_PROTO_NONE which the patch did not correctly handle.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit c146b7788e5721ec15bc0197bedf75849508e7ea
  Author: Andrew Lunn <andrew@xxxxxxx>
  Date:   Fri Oct 24 23:44:05 2014 +0200
  
      dsa: mv88e6171: Fix tagging protocol/Kconfig
      
      The mv88e6171 can support two different tagging protocols, DSA and
      EDSA. The switch driver structure only allows one protocol to be
      enumerated, and DSA was chosen. However the Kconfig entry ensures the
      EDSA tagging code is built. With a minimal configuration, we then end
      up with a mismatch. The probe is successful, EDSA tagging is used, but
      the switch is configured for DSA, resulting in mangled packets.
      
      Change the switch driver structure to enumerate EDSA, fixing the
      mismatch.
      
      Signed-off-by: Andrew Lunn <andrew@xxxxxxx>
      Fixes: 42f272539487 ("net: DSA: Marvell mv88e6171 switch driver")
      Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ae439286a0dec99cc8029868243689b5b5f3ff75
  Author: Andrew Lunn <andrew@xxxxxxx>
  Date:   Fri Oct 24 23:44:04 2014 +0200
  
      net: dsa: Error out on tagging protocol mismatches
      
      If there is a mismatch between enabled tagging protocols and the
      protocol the switch supports, error out, rather than continue with a
      situation which is unlikely to work.
      
      Signed-off-by: Andrew Lunn <andrew@xxxxxxx>
      cc: alexander.h.duyck@xxxxxxxxx
      Acked-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3d53666b40007b55204ee8890618da79a20c9940
  Author: Alex Gartrell <agartrell@xxxxxx>
  Date:   Mon Oct 6 08:46:19 2014 -0700
  
      ipvs: Avoid null-pointer deref in debug code
      
      Use daddr instead of reaching into dest.
      
      Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Signed-off-by: Alex Gartrell <agartrell@xxxxxx>
      Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
  
  commit f89b7755f517cdbb755d7543eef986ee9d54e654
  Author: Alexei Starovoitov <ast@xxxxxxxxxxxx>
  Date:   Thu Oct 23 18:41:08 2014 -0700
  
      bpf: split eBPF out of NET
      
      introduce two configs:
      - hidden CONFIG_BPF to select eBPF interpreter that classic socket filters
        depend on
      - visible CONFIG_BPF_SYSCALL (default off) that tracing and sockets can 
use
      
      that solves several problems:
      - tracing and others that wish to use eBPF don't need to depend on NET.
        They can use BPF_SYSCALL to allow loading from userspace or select BPF
        to use it directly from kernel in NET-less configs.
      - in 3.18 programs cannot be attached to events yet, so don't force it on
      - when the rest of eBPF infra is there in 3.19+, it's still useful to
        switch it off to minimize kernel size
      
      bloat-o-meter on x64 shows:
      add/remove: 0/60 grow/shrink: 0/2 up/down: 0/-15601 (-15601)
      
      tested with many different config combinations. Hopefully didn't miss 
anything.
      
      Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
      Acked-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8ae3c911b9efcca653c552a9c74957a6cb04a87d
  Merge: 5d26b1f 3bb0626
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 19:00:16 2014 -0400
  
      Merge branch 'cxgb4-net'
      
      Anish Bhatt says:
      
      ====================
      cxgb4 : DCBx fixes for apps/host lldp agents
      
      This patchset  contains some minor fixes for cxgb4 DCBx code. Chiefly, 
cxgb4
      was not cleaning up any apps added to kernel app table when link was lost.
      Disabling DCBx in firmware would automatically set DCBx state to 
host-managed
      and enabled, we now wait for an explicit enable call from an lldp agent 
instead
      
      First patch was originally sent to net-next, but considering it applies to
      correcting behaviour of code already in net, I think it qualifies as a 
bug fix.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 3bb062613b1ecbd0c388106f61344d699f7859ec
  Author: Anish Bhatt <anish@xxxxxxxxxxx>
  Date:   Thu Oct 23 14:37:31 2014 -0700
  
      cxgb4 : Handle dcb enable correctly
      
      Disabling DCBx in firmware automatically enables DCBx for control via host
      lldp agents. Wait for an explicit setstate call from an lldp agents to 
enable
       DCBx instead.
      
      Fixes: 76bcb31efc06 ("cxgb4 : Add DCBx support codebase and dcbnl_ops")
      
      Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 2376c879b80c83424a3013834be97fb9fe2d4180
  Author: Anish Bhatt <anish@xxxxxxxxxxx>
  Date:   Thu Oct 23 14:37:30 2014 -0700
  
      cxgb4 : Improve handling of DCB negotiation or loss thereof
      
      Clear out any DCB apps we might have added to kernel table when we lose 
DCB
      sync (or IEEE equivalent event). These were previously left behind and not
      cleaned up correctly. IEEE allows individual components to work 
independently,
       so improve check for IEEE completion by specifying individual components.
      
      Fixes: 10b0046685ab ("cxgb4: IEEE fixes for DCBx state machine")
      
      Signed-off-by: Anish Bhatt <anish@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 5d26b1f50a610fb28700cdc3446590495a5f607c
  Merge: 93a35f5 7965ee9
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 18:47:40 2014 -0400
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
      
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Allow to recycle a TCP port in conntrack when the change role from
         server to client, from Marcelo Leitner.
      
      2) Fix possible off by one access in ip_set_nfnl_get_byindex(), patch
         from Dan Carpenter.
      
      3) alloc_percpu returns NULL on error, no need for IS_ERR() in nf_tables
         chain statistic updates. From Sabrina Dubroca.
      
      4) Don't compile ip options in bridge netfilter, this mangles the packet
         and bridge should not alter layer >= 3 headers when forwarding packets.
         Patch from Herbert Xu and tested by Florian Westphal.
      
      5) Account the final NLMSG_DONE message when calculating the size of the
         nflog netlink batches. Patch from Florian Westphal.
      
      6) Fix a possible netlink attribute length overflow with large packets.
         Again from Florian Westphal.
      
      7) Release the skbuff if nfnetlink_log fails to put the final
         NLMSG_DONE message. This fixes a leak on error. This shouldn't ever
         happen though, otherwise this means we miscalculate the netlink batch
         size, so spot a warning if this ever happens so we can track down the
         problem. This patch from Houcheng Lin.
      
      8) Look at the right list when recycling targets in the nft_compat,
         patch from Arturo Borrero.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 7965ee93719921ea5978f331da653dfa2d7b99f5
  Author: Arturo Borrero <arturo.borrero.glez@xxxxxxxxx>
  Date:   Sun Oct 26 12:22:40 2014 +0100
  
      netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops()
      
      The code looks for an already loaded target, and the correct list to 
search
      is nft_target_list, not nft_match_list.
      
      Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 99c814066e75d09e6a38574c6c395f022a04b730
  Merge: fad1dbc 11b2357
  Author: John W. Linville <linville@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 13:38:15 2014 -0400
  
      Merge tag 'mac80211-for-john-2014-10-23' of 
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg <johannes@xxxxxxxxxxxxxxxx> says:
      
      "Here are a few fixes for the wireless stack: one fixes the
      RTS rate, one for a debugfs file, one to return the correct
      channel to userspace, a sanity check for a userspace value
      and the remaining two are just documentation fixes."
      
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit fad1dbc8efb4e51e121c745a99c0fb22b420a5c6
  Merge: 0805420 7f2ac8f
  Author: John W. Linville <linville@xxxxxxxxxxxxx>
  Date:   Mon Oct 27 13:35:59 2014 -0400
  
      Merge tag 'iwlwifi-for-john-2014-10-23' of 
git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes
      
      Emmanuel Grumbach <egrumbach@xxxxxxxxx> says:
      
      "I revert here a patch that caused interoperability issues.
      dvm gets a fix for a bug that was reported by many users.
      Two minor fixes for BT Coex and platform power fix that helps
      reducing latency when the PCIe link goes to low power states."
      
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 93a35f59f1b13a02674877e3efdf07ae47e34052
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Thu Oct 23 06:30:30 2014 -0700
  
      net: napi_reuse_skb() should check pfmemalloc
      
      Do not reuse skb if it was pfmemalloc tainted, otherwise
      future frame might be dropped anyway.
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Signed-off-by: Roman Gushchin <klamm@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit aa9c5579153535fb317a9d34c7d8eaf02b7ef4cd
  Merge: b71e821 bf1bac5
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Sun Oct 26 22:46:08 2014 -0400
  
      Merge branch 'mellanox'
      
      Eli Cohen says:
      
      ====================
      irq sync fixes
      
      This two patch series fixes a race where an interrupt handler could 
access a
      freed memory.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit bf1bac5b7882daa41249f85fbc97828f0597de5c
  Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 23 15:57:27 2014 +0300
  
      net/mlx4_core: Call synchronize_irq() before freeing EQ buffer
      
      After moving the EQ ownership to software effectively destroying it, call
      synchronize_irq() to ensure that any handler routines running on other CPU
      cores finish execution. Only then free the EQ buffer.
      The same thing is done when we destroy a CQ which is one of the sources
      generating interrupts. In the case of CQ we want to avoid completion 
handlers
      on a CQ that was destroyed. In the case we do the same to avoid receiving
      asynchronous events after the EQ has been destroyed and its buffers freed.
      
      Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 96e4be06cbfcb8c9c2da7c77bacce0e56b581c0b
  Author: Eli Cohen <eli@xxxxxxxxxxxxxxxxxx>
  Date:   Thu Oct 23 15:57:26 2014 +0300
  
      net/mlx5_core: Call synchronize_irq() before freeing EQ buffer
      
      After destroying the EQ, the object responsible for generating 
interrupts, call
      synchronize_irq() to ensure that any handler routines running on other CPU
      cores finish execution. Only then free the EQ buffer. This patch solves a 
very
      rare case when we get panic on driver unload.
      The same thing is done when we destroy a CQ which is one of the sources
      generating interrupts. In the case of CQ we want to avoid completion 
handlers
      on a CQ that was destroyed. In the case we do the same to avoid receiving
      asynchronous events after the EQ has been destroyed and its buffers freed.
      
      Signed-off-by: Eli Cohen <eli@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b71e821de50f0ff92f10f33064ee1713e9014158
  Author: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
  Date:   Thu Oct 23 10:25:53 2014 +0200
  
      drivers: net: xgene: Rewrite buggy loop in xgene_enet_ecc_init()
      
      drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c: In function 
â??xgene_enet_ecc_initâ??:
      drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c:126: warning: 
â??dataâ?? may be used uninitialized in this function
      
      Depending on the arbitrary value on the stack, the loop may terminate
      too early, and cause a bogus -ENODEV failure.
      
      Signed-off-by: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 013f6579c6e4f9517127a176bfc37bbac0b766cb
  Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
  Date:   Wed Oct 22 20:06:29 2014 -0700
  
      i40e: _MASK vs _SHIFT typo in i40e_handle_mdd_event()
      
      We accidentally mask by the _SHIFT variable.  It means that "event" is
      always zero.
      
      Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Tested-by: Jim Young <jamesx.m.young@xxxxxxxxx>
      Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit fe0ca7328d03d36aafecebb3af650e1bb2841c20
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Wed Oct 22 19:43:46 2014 -0700
  
      macvlan: fix a race on port dismantle and possible skb leaks
      
      We need to cancel the work queue after rcu grace period,
      otherwise it can be rescheduled by incoming packets.
      
      We need to purge queue if some skbs are still in it.
      
      We can use __skb_queue_head_init() variant in
      macvlan_process_broadcast()
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Fixes: 412ca1550cbec ("macvlan: Move broadcasts into a work queue")
      Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 349ce993ac706869d553a1816426d3a4bfda02b1
  Author: Eric Dumazet <edumazet@xxxxxxxxxx>
  Date:   Thu Oct 23 12:58:58 2014 -0700
  
      tcp: md5: do not use alloc_percpu()
      
      percpu tcp_md5sig_pool contains memory blobs that ultimately
      go through sg_set_buf().
      
      -> sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
      
      This requires that whole area is in a physically contiguous portion
      of memory. And that @buf is not backed by vmalloc().
      
      Given that alloc_percpu() can use vmalloc() areas, this does not
      fit the requirements.
      
      Replace alloc_percpu() by a static DEFINE_PER_CPU() as tcp_md5sig_pool
      is small anyway, there is no gain to dynamically allocate it.
      
      Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Fixes: 765cf9976e93 ("tcp: md5: remove one indirection level in 
tcp_md5sig_pool")
      Reported-by: Crestez Dan Leonard <cdleonard@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 4cc40af08032a513e2e68fa6d7818b77179a86af
  Merge: 5345c1d ecf08d2
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Sat Oct 25 14:15:25 2014 -0400
  
      Merge branch 'xen-netback'
      
      David Vrabel says:
      
      ====================
      xen-netback: guest Rx queue drain and stall fixes
      
      This series fixes two critical xen-netback bugs.
      
      1. Netback may consume all of host memory by queuing an unlimited
         number of skb on the internal guest Rx queue.  This behaviour is
         guest triggerable.
      
      2. Carrier flapping under high traffic rates which reduces
         performance.
      
      The first patch is a prerequite.  Removing support for frontends with
      feature-rx-notify makes it easier to reason about the correctness of
      netback since it no longer has to support this outdated and broken
      mode.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ecf08d2dbb96d5a4b4bcc53a39e8d29cc8fef02e
  Author: David Vrabel <david.vrabel@xxxxxxxxxx>
  Date:   Wed Oct 22 14:08:55 2014 +0100
  
      xen-netback: reintroduce guest Rx stall detection
      
      If a frontend not receiving packets it is useful to detect this and
      turn off the carrier so packets are dropped early instead of being
      queued and drained when they expire.
      
      A to-guest queue is stalled if it doesn't have enough free slots for a
      an extended period of time (default 60 s).
      
      If at least one queue is stalled, the carrier is turned off (in the
      expectation that the other queues will soon stall as well).  The
      carrier is only turned on once all queues are ready.
      
      When the frontend connects, all the queues start in the stalled state
      and only become ready once the frontend queues enough Rx requests.
      
      Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
      Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f48da8b14d04ca87ffcffe68829afd45f926ec6a
  Author: David Vrabel <david.vrabel@xxxxxxxxxx>
  Date:   Wed Oct 22 14:08:54 2014 +0100
  
      xen-netback: fix unlimited guest Rx internal queue and carrier flapping
      
      Netback needs to discard old to-guest skb's (guest Rx queue drain) and
      it needs detect guest Rx stalls (to disable the carrier so packets are
      discarded earlier), but the current implementation is very broken.
      
      1. The check in hard_start_xmit of the slot availability did not
         consider the number of packets that were already in the guest Rx
         queue.  This could allow the queue to grow without bound.
      
         The guest stops consuming packets and the ring was allowed to fill
         leaving S slot free.  Netback queues a packet requiring more than S
         slots (ensuring that the ring stays with S slots free).  Netback
         queue indefinately packets provided that then require S or fewer
         slots.
      
      2. The Rx stall detection is not triggered in this case since the
         (host) Tx queue is not stopped.
      
      3. If the Tx queue is stopped and a guest Rx interrupt occurs, netback
         will consider this an Rx purge event which may result in it taking
         the carrier down unnecessarily.  It also considers a queue with
         only 1 slot free as unstalled (even though the next packet might
         not fit in this).
      
      The internal guest Rx queue is limited by a byte length (to 512 Kib,
      enough for half the ring).  The (host) Tx queue is stopped and started
      based on this limit.  This sets an upper bound on the amount of memory
      used by packets on the internal queue.
      
      This allows the estimatation of the number of slots for an skb to be
      removed (it wasn't a very good estimate anyway).  Instead, the guest
      Rx thread just waits for enough free slots for a maximum sized packet.
      
      skbs queued on the internal queue have an 'expires' time (set to the
      current time plus the drain timeout).  The guest Rx thread will detect
      when the skb at the head of the queue has expired and discard expired
      skbs.  This sets a clear upper bound on the length of time an skb can
      be queued for.  For a guest being destroyed the maximum time needed to
      wait for all the packets it sent to be dropped is still the drain
      timeout (10 s) since it will not be sending new packets.
      
      Rx stall detection is reintroduced in a later commit.
      
      Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
      Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit bc96f648df1bbc2729abbb84513cf4f64273a1f1
  Author: David Vrabel <david.vrabel@xxxxxxxxxx>
  Date:   Wed Oct 22 14:08:53 2014 +0100
  
      xen-netback: make feature-rx-notify mandatory
      
      Frontends that do not provide feature-rx-notify may stall because
      netback depends on the notification from frontend to wake the guest Rx
      thread (even if can_queue is false).
      
      This could be fixed but feature-rx-notify was introduced in 2006 and I
      am not aware of any frontends that do not implement this.
      
      Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx>
      Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 5345c1d417c1b0caf46fd2766d16bb4357a347d8
  Author: Richard Cochran <richardcochran@xxxxxxxxx>
  Date:   Wed Oct 22 21:35:15 2014 +0200
  
      ptp: restore the makefile for building the test program.
      
      This patch brings back the makefile called testptp.mk which was removed
      in commit adb19fb66eee (Documentation: add makefiles for more targets).
      
      While the idea of that commit was to improve build coverage of the
      examples, the new Makefile is unable to cross compile the testptp program.
      In contrast, the deleted makefile was able to do this just fine.
      
      This patch fixes the regression by restoring the original makefile.
      
      Signed-off-by: Richard Cochran <richardcochran@xxxxxxxxx>
      Acked-by: Peter Foley <pefoley2@xxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b51d3fa364885a2c1e1668f88776c67c95291820
  Author: Houcheng Lin <houcheng@xxxxxxxxx>
  Date:   Thu Oct 23 10:36:08 2014 +0200
  
      netfilter: nf_log: release skbuff on nlmsg put failure
      
      The kernel should reserve enough room in the skb so that the DONE
      message can always be appended.  However, in case of e.g. new attribute
      erronously not being size-accounted for, __nfulnl_send() will still
      try to put next nlmsg into this full skbuf, causing the skb to be stuck
      forever and blocking delivery of further messages.
      
      Fix issue by releasing skb immediately after nlmsg_put error and
      WARN() so we can track down the cause of such size mismatch.
      
      [ fw@xxxxxxxxx: add tailroom/len info to WARN ]
      
      Signed-off-by: Houcheng Lin <houcheng@xxxxxxxxx>
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Thu Oct 23 10:36:07 2014 +0200
  
      netfilter: nfnetlink_log: fix maximum packet length logged to userspace
      
      don't try to queue payloads > 0xffff - NLA_HDRLEN, it does not work.
      The nla length includes the size of the nla struct, so anything larger
      results in u16 integer overflow.
      
      This patch is similar to
      9cefbbc9c8f9abe (netfilter: nfnetlink_queue: cleanup copy_range usage).
      
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Thu Oct 23 10:36:06 2014 +0200
  
      netfilter: nf_log: account for size of NLMSG_DONE attribute
      
      We currently neither account for the nlattr size, nor do we consider
      the size of the trailing NLMSG_DONE when allocating nlmsg skb.
      
      This can result in nflog to stop working, as __nfulnl_send() re-tries
      sending forever if it failed to append NLMSG_DONE (which will never
      work if buffer is not large enough).
      
      Reported-by: Houcheng Lin <houcheng@xxxxxxxxx>
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 7677e86843e2136a9b05549a9ca47d4f744565b6
  Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
  Date:   Sat Oct 4 22:18:02 2014 +0800
  
      bridge: Do not compile options in br_parse_ip_options
      
      Commit 462fb2af9788a82a534f8184abfde31574e1cfa0
      
        bridge : Sanitize skb before it enters the IP stack
      
      broke when IP options are actually used because it mangles the
      skb as if it entered the IP stack which is wrong because the
      bridge is supposed to operate below the IP stack.
      
      Since nobody has actually requested for parsing of IP options
      this patch fixes it by simply reverting to the previous approach
      of ignoring all IP options, i.e., zeroing the IPCB.
      
      If and when somebody who uses IP options and actually needs them
      to be parsed by the bridge complains then we can revisit this.
      
      Reported-by: David Newall <davidn@xxxxxxxxxxxxxxx>
      Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
      Tested-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 7f2ac8fb31896c9fb70dbd2a2e6642b79996fc13
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Thu Oct 23 08:53:21 2014 +0300
  
      iwlwifi: pcie: fix polling in various places
      
      iwl_poll_bit may return a strictly positive value when the
      poll doesn't match on the first try.
      This was caught when WoWLAN started failing upon resume
      even if the poll_bit actually succeeded.
      
      Also change a wrong print. If we reach the end of
      iwl_pcie_prepare_card_hw, it means that we couldn't
      get the devices.
      
      Reviewed-by: Johannes Berg <johannes.berg@xxxxxxxxx>
      Reviewed-by: Luciano Coelho <luciano.coelho@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 1ffde699aae127e7abdb98dbdedc2cc6a973a1a1
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Mon Oct 20 08:29:55 2014 +0300
  
      Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate"
      
      This reverts commit aa11bbf3df026d6b1c6b528bef634fd9de7c2619.
      This commit was causing connection issues and is not needed
      if IWL_MVM_RS_RSSI_BASED_INIT_RATE is set to false by default.
      
      Regardless of the issues mentioned above, this patch added the
      following WARNING:
      
      WARNING: CPU: 0 PID: 3946 at drivers/net/wireless/iwlwifi/mvm/tx.c:190 
iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]()
      Got an HT rate for a non data frame 0x8
      CPU: 0 PID: 3946 Comm: wpa_supplicant Tainted: G           O   3.17.0+ #6
      Hardware name: LENOVO 20ANCTO1WW/20ANCTO1WW, BIOS GLET71WW (2.25 ) 
07/02/2014
       0000000000000009 ffffffff814fa911 ffff8804288db8f8 ffffffff81064f52
       0000000000001808 ffff8804288db948 ffff88040add8660 ffff8804291b5600
       0000000000000000 ffffffff81064fb7 ffffffffa07b73d0 0000000000000020
      Call Trace:
       [<ffffffff814fa911>] ? dump_stack+0x41/0x51
       [<ffffffff81064f52>] ? warn_slowpath_common+0x72/0x90
       [<ffffffff81064fb7>] ? warn_slowpath_fmt+0x47/0x50
       [<ffffffffa07a39ea>] ? iwl_mvm_set_tx_params+0x60a/0x6f0 [iwlmvm]
       [<ffffffffa07a3cf8>] ? iwl_mvm_tx_skb+0x48/0x3c0 [iwlmvm]
       [<ffffffffa079cb9b>] ? iwl_mvm_mac_tx+0x7b/0x180 [iwlmvm]
       [<ffffffffa0746ce9>] ? __ieee80211_tx+0x2b9/0x3c0 [mac80211]
       [<ffffffffa07492f3>] ? ieee80211_tx+0xb3/0x100 [mac80211]
       [<ffffffffa0749c49>] ? ieee80211_subif_start_xmit+0x459/0xca0 [mac80211]
       [<ffffffff814116e7>] ? dev_hard_start_xmit+0x337/0x5f0
       [<ffffffff81430d46>] ? sch_direct_xmit+0x96/0x1f0
       [<ffffffff81411ba3>] ? __dev_queue_xmit+0x203/0x4f0
       [<ffffffff8142f670>] ? ether_setup+0x70/0x70
       [<ffffffff814e96a1>] ? packet_sendmsg+0xf81/0x1110
       [<ffffffff8140625c>] ? skb_free_datagram+0xc/0x40
       [<ffffffff813f7538>] ? sock_sendmsg+0x88/0xc0
       [<ffffffff813f7274>] ? move_addr_to_kernel.part.20+0x14/0x60
       [<ffffffff811c47c2>] ? __inode_wait_for_writeback+0x62/0xb0
       [<ffffffff813f7a91>] ? SYSC_sendto+0xf1/0x180
       [<ffffffff813f88f9>] ? __sys_recvmsg+0x39/0x70
       [<ffffffff8150066d>] ? system_call_fastpath+0x1a/0x1f
      ---[ end trace cc19a150d311fc63 ]---
      
      which was reported here: https://bugzilla.kernel.org/show_bug.cgi?id=85691
      
      CC: <stable@xxxxxxxxxxxxxxx> [3.13+]
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit a0855054e59b0c5b2b00237fdb5147f7bcc18efb
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Sun Oct 5 09:11:14 2014 +0300
  
      iwlwifi: dvm: drop non VO frames when flushing
      
      When mac80211 wants to ensure that a frame is sent, it calls
      the flush() callback. Until now, iwldvm implemented this by
      waiting that all the frames are sent (ACKed or timeout).
      In case of weak signal, this can take a significant amount
      of time, delaying the next connection (in case of roaming).
      Many users have reported that the flush would take too long
      leading to the following error messages to be printed:
      
      iwlwifi 0000:03:00.0: fail to flush all tx fifo queues Q 2
      iwlwifi 0000:03:00.0: Current SW read_ptr 161 write_ptr 201
      iwl data: 00000000: 00 00 00 00 00 00 00 00 fe ff 01 00 00 00 00 00
      [snip]
      iwlwifi 0000:03:00.0: FH TRBs(0) = 0x00000000
      [snip]
      iwlwifi 0000:03:00.0: Q 0 is active and mapped to fifo 3 ra_tid 0x0000 
[9,9]
      [snip]
      
      Instead of waiting for these packets, simply drop them. This
      significantly improves the responsiveness of the network.
      Note that all the queues are flushed, but the VO one. This
      is not typically used by the applications and it likely
      contains management frames that are useful for connection
      or roaming.
      
      This bug is tracked here:
      https://bugzilla.kernel.org/show_bug.cgi?id=56581
      
      But it is duplicated in distributions' trackers.
      A simple search in Ubuntu's database led to these bugs:
      
      https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1270808
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1305406
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1356236
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1360597
      https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1361809
      
      Cc: <stable@xxxxxxxxxxxxxxx>
      Depends-on: 77be2c54c5bd ("mac80211: add vif to flush call")
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit a6cc5163149532734b84c86cbffa4994e527074b
  Author: Matti Gottlieb <matti.gottlieb@xxxxxxxxx>
  Date:   Mon Sep 29 11:46:04 2014 +0300
  
      iwlwifi: mvm: ROC - bug fixes around time events and locking
      
      Don't add the time event to the list. We added it several
      times the same time event, which leads to an infinite loop
      when walking the list.
      
      Since we (currently) don't support more than one ROC for STA
      vif at a time, enforce this and don't add the time event
      to any list.
      
      We were also missing the locking of the mutex which led to
      a lockdep splat - fix that.
      
      Signed-off-by: Matti Gottlieb <matti.gottlieb@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 79b7a69d730180d8bf535e52fe2b4f3dd5904007
  Author: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx>
  Date:   Sun Sep 14 12:40:00 2014 +0300
  
      iwlwifi: mvm: Add tx power condition to bss_info_changed_ap_ibss
      
      The tx power should be limited from many reasons.
      currently, setting the tx power is available by the mvm only for
      station interface. Adding the tx power condition to
      bss_info_changed_ap_ibss make it available also for AP.
      
      Signed-off-by: Haim Dreyfuss <haim.dreyfuss@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 3856b78c1be32a2afe0618c7a84e05ff8c03cf10
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Mon Sep 22 12:03:41 2014 +0300
  
      iwlwifi: mvm: BT coex - fix BT prio for probe requests
      
      The probe requests sent during scan must get BT prio 3.
      Fix that.
      
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit d14b28fd2c61af0bf310230472e342864d799c98
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Mon Sep 22 16:12:24 2014 +0300
  
      iwlwifi: mvm: BT Coex - update the MPLUT Boost register value
      
      Cc: <stable@xxxxxxxxxxxxxxx> [3.16+]
      Fixes: 2adc8949efab ("iwlwifi: mvm: BT Coex - fix boost register / LUT 
values")
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 405b7338abc5ceac4a420ce7f49cc9b530d4e78b
  Author: Liad Kaufman <liad.kaufman@xxxxxxxxx>
  Date:   Tue Sep 23 15:15:17 2014 +0300
  
      iwlwifi: 8000: fix string given to MODULE_FIRMWARE
      
      I changed the string but forgot to update the fix also to
      MODULE_FIRMWARE().
      
      Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 9180ac50716a097a407c6d7e7e4589754a922260
  Author: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  Date:   Tue Sep 23 23:02:41 2014 +0300
  
      iwlwifi: configure the LTR
      
      The LTR is the handshake between the device and the root
      complex about the latency allowed when the bus exits power
      save. This configuration was missing and this led to high
      latency in the link power up. The end user could experience
      high latency in the network because of this.
      
      Cc: <stable@xxxxxxxxxxxxxxx> [3.10+]
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
  
  commit 08054200117a95afc14c3d2ed3a38bf4e345bf78
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Thu Oct 23 11:27:09 2014 -0500
  
      rtlwifi: Add check for get_btc_status callback
      
      Drivers that do not use the get_btc_status() callback may not define a
      dummy routine. The caller needs to check before making the call.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Cc: Murilo Opsfelder Araujo <mopsfelder@xxxxxxxxx>
      Cc: Mike Galbraith <umgwanakikbuti@xxxxxxxxx>
      Cc: Thadeu Cascardo <cascardo@xxxxxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 763254516187015cb5b391553af35c6ed1f4bb36
  Author: Felix Fietkau <nbd@xxxxxxxxxxx>
  Date:   Wed Oct 22 18:17:35 2014 +0200
  
      ath9k_common: always update value in ath9k_cmn_update_txpow
      
      In some cases the limit may be the same as reg->power_limit, but the
      actual value that the hardware uses is not up to date. In that case, a
      wrong value for current tx power is tracked internally.
      Fix this by unconditionally updating it.
      
      Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 4f2b244c7d5b81ce4f0c6c0382f3a3b7c2dbec1c
  Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:47:34 2014 +0200
  
      rtl8192cu: Prevent Ooops under rtl92c_set_fw_rsvdpagepkt
      
      rtl92c_set_fw_rsvdpagepkt is used by rtl8192cu and its pci sibling 
rtl8192ce.
      rtl_cmd_send_packet crashes when called inside rtl8192cu because it works 
on
      memory allocated only by rtl8192ce.
      Fix the crash by calling a dummy function when used in rtl8192cu.
      Comparision with the realtek vendor driver makes me think, something is 
missing in
      the dummy function.
      Short test as WPA2 station show good results connected to an 802.11g 
basestation.
      Traffic stops after few MBytes as WPA2 station connected to an 802.11n 
basestation.
      
      Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
      Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit cefe3dfdb9f5f498cae9871f7e52800f5e22c614
  Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:47:33 2014 +0200
  
      rtl8192cu: Call ieee80211_register_hw from rtl_usb_probe
      
      In a previous patch the call to ieee80211_register_hw was moved from the
      load firmware callback to the rtl_pci_probe only.
      rt8192cu also uses this callback. Currently it doesnt create a wlan%d 
device.
      Fill in the call to ieee80211_register_hw in rtl_usb_probe.
      
      Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
      Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit b2d624a5810203a1a8b7735e1ec5685109b22fc3
  Author: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 15:47:32 2014 +0200
  
      rtl8192cu: Fix for rtlwifi's bluetooth coexist functionality
      
      Initialize function pointer with a function indicating bt coexist is not 
there.
      Prevents Ooops.
      
      Signed-off-by: Karsten Wiese <fzuuzf@xxxxxxxxxxxxxx>
      Acked-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 94e05900770c0abe31200881df93e41d296fe8bd
  Author: Felix Fietkau <nbd@xxxxxxxxxxx>
  Date:   Wed Oct 22 15:27:53 2014 +0200
  
      ath: use CTL region from cfg80211 if unset in EEPROM
      
      Many AP devices do not have the proper regulatory domain programmed in
      EEPROM. Instead they expect the software to set the appropriate region.
      For these devices, the country code defaults to US, and the driver uses
      the US CTL tables as well.
      On devices bought in Europe this can lead to tx power being set too high
      on the band edges, even if the cfg80211 regdomain is set correctly.
      Fix this issue by taking into account the DFS region, but only when the
      EEPROM regdomain is set to default.
      
      Signed-off-by: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit d514aefb8ce89562ef2d7dcddc530e5de6287c4b
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Tue Oct 21 10:52:51 2014 -0500
  
      rtlwifi: rtl8821ae: Fix possible array overrun
      
      The kbuild test robot reported a possible array overrun. The affected code
      checks for overruns, but fails to take the steps necessary to fix them.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 868caae3fe2e35e2353d86af95e03eeaa9439d97
  Author: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 19:23:02 2014 +0530
  
      ath9k: Enable HW queue control only for MCC
      
      Enabling HW queue control for normal (non-mcc) mode
      causes problems with queue management, resulting
      in traffic stall. Since it is mainly required for
      fairness in MCC mode, disable it for the general case.
      
      Bug: https://dev.openwrt.org/ticket/18164
      
      Cc: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: Sujith Manoharan <c_manoha@xxxxxxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 598a0df07fc6c4642f9b0497cef1233e41d4c987
  Author: Kees Cook <keescook@xxxxxxxxxxxx>
  Date:   Mon Oct 20 14:57:08 2014 -0700
  
      rtlwifi: prevent format string usage from leaking
      
      Use "%s" in the workqueue allocation to make sure the rtl_hal_cfg name
      can never accidentally leak information via a format string.
      
      Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 34b6d4299923ec9101bbf364440cee36420b3fc0
  Author: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx>
  Date:   Wed Oct 15 07:51:44 2014 +0200
  
      bcma: add another PCI ID of device with BCM43228
      
      It was found attached to the BCM47081A0 SoC. Log:
      bcma: bus0: Found chip with id 43228, rev 0x00 and package 0x08
      
      Signed-off-by: RafaÅ? MiÅ?ecki <zajec5@xxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 59dfdd92288e55bed374309a9944c3a95b4e13c9
  Author: Rickard Strandqvist <rickard_strandqvist@xxxxxxxxxxxxxxxxxx>
  Date:   Sun Oct 12 13:42:14 2014 +0200
  
      brcmfmac: dhd_sdio.c: Cleaning up missing null-terminate in conjunction 
with strncpy
      
      Replacing strncpy with strlcpy to avoid strings that lacks null terminate.
      And changed from using strncat to strlcat to simplify code.
      
      Signed-off-by: Rickard Strandqvist 
<rickard_strandqvist@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 47481d977cb2987ab363202c68a79ec1bccd357c
  Author: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
  Date:   Sat Oct 11 12:59:53 2014 -0500
  
      rtlwifi: rtl8192ee: Prevent log spamming for switch statements
      
      The driver logs a message when the default branch of switch statements are
      taken. Such information is useful when debugging, but these log items 
should
      not be seen for standard usage.
      
      Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 78afe83c3b008e25123bd1be36ee4b6595e595d1
  Author: Hauke Mehrtens <hauke@xxxxxxxxxx>
  Date:   Thu Oct 9 23:39:41 2014 +0200
  
      bcma: fix build when CONFIG_OF_ADDRESS is not set
      
      Commit 2101e533f41a ("bcma: register bcma as device tree driver")
      introduces a hard dependency on OF_ADDRESS into the bcma driver.
      OF_ADDRESS is specifically disabled for the sparc architecture.
      This results in the following error when building sparc64:allmodconfig.
      
      drivers/bcma/main.c: In function 'bcma_of_find_child_device':
      drivers/bcma/main.c:150:3: error: implicit declaration of function 
'of_translate_address'
      
      Fixes: 2101e533f41a ("bcma: register bcma as device tree driver")
      Reported-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Signed-off-by: Hauke Mehrtens <hauke@xxxxxxxxxx>
      Reviewed-by: Guenter Roeck <linux@xxxxxxxxxxxx>
      Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx>
  
  commit 942396b01989d54977120f3625e5ba31afe7a75c
  Author: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
  Date:   Wed Oct 22 13:47:18 2014 -0700
  
      hyperv: Fix the total_data_buflen in send path
      
      total_data_buflen is used by netvsc_send() to decide if a packet can be 
put
      into send buffer. It should also include the size of RNDIS message before 
the
      Ethernet frame. Otherwise, a messge with total size bigger than 
send_section_size
      may be copied into the send buffer, and cause data corruption.
      
      [Request to include this patch to the Stable branches]
      
      Signed-off-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
      Reviewed-by: K. Y. Srinivasan <kys@xxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f765678e325b4ae3e2fbdb304fc2d5ee018aa860
  Merge: 81f35ff 55ca6bc
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Wed Oct 22 17:50:39 2014 -0400
  
      Merge branch 'amd-xgbe'
      
      Tom Lendacky says:
      
      ====================
      amd-xgbe: AMD XGBE driver fixes 2014-10-22
      
      The following series of patches includes fixes to the driver.
      
      - Properly handle feature changes via ethtool by using correctly sized
        variables
      - Perform proper napi packet counting and budget checking
      
      This patch series is based on net.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 55ca6bcd733b739d5667d48d7591899f376dcfb8
  Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx>
  Date:   Wed Oct 22 11:26:17 2014 -0500
  
      amd-xgbe: Fix napi Rx budget accounting
      
      Currently the amd-xgbe driver increments the packets processed counter
      each time a descriptor is processed.  Since a packet can be represented
      by more than one descriptor incrementing the counter in this way is not
      appropriate.  Also, since multiple descriptors cause the budget check
      to be short circuited, sometimes the returned value from the poll
      function would be larger than the budget value resulting in a WARN_ONCE
      being triggered.
      
      Update the polling logic to properly account for the number of packets
      processed and exit when the budget value is reached.
      
      Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 386f1c9650b7fe4849d2942bd42f41f0ca3aedfb
  Author: Lendacky, Thomas <Thomas.Lendacky@xxxxxxx>
  Date:   Wed Oct 22 11:26:11 2014 -0500
  
      amd-xgbe: Properly handle feature changes via ethtool
      
      The ndo_set_features callback function was improperly using an unsigned
      int to save the current feature value for features such as NETIF_F_RXCSUM.
      Since that feature is in the upper 32 bits of a 64 bit variable the
      result was always 0 making it not possible to actually turn off the
      hardware RX checksum support.  Change the unsigned int type to the
      netdev_features_t type in order to properly capture the current value
      and perform the proper operation.
      
      Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 81f35ffde0e95ee18de83646bbf93dda55d9cc8b
  Author: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
  Date:   Wed Oct 22 16:34:35 2014 +0200
  
      net: fec: ptp: fix NULL pointer dereference if ptp_clock is not set
      
      Since commit 278d24047891 (net: fec: ptp: Enable PPS output based on ptp 
clock)
      fec_enet_interrupt calls fec_ptp_check_pps_event unconditionally, which 
calls
      into ptp_clock_event. If fep->ptp_clock is NULL, ptp_clock_event tries to
      dereference the NULL pointer.
      Since on i.MX53 fep->bufdesc_ex is not set, fec_ptp_init is never called,
      and fep->ptp_clock is NULL, which reliably causes a kernel panic.
      
      This patch adds a check for fep->ptp_clock == NULL in fec_enet_interrupt.
      
      Signed-off-by: Philipp Zabel <p.zabel@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 9e7ceb060754f134231f68cb29d5db31419fe1ed
  Author: Sathya Perla <sathya.perla@xxxxxxxxxx>
  Date:   Wed Oct 22 21:42:01 2014 +0530
  
      net: fix saving TX flow hash in sock for outgoing connections
      
      The commit "net: Save TX flow hash in sock and set in skbuf on xmit"
      introduced the inet_set_txhash() and ip6_set_txhash() routines to 
calculate
      and record flow hash(sk_txhash) in the socket structure. sk_txhash is used
      to set skb->hash which is used to spread flows across multiple TXQs.
      
      But, the above routines are invoked before the source port of the 
connection
      is created. Because of this all outgoing connections that just differ in 
the
      source port get hashed into the same TXQ.
      
      This patch fixes this problem for IPv4/6 by invoking the the above 
routines
      after the source port is available for the socket.
      
      Fixes: b73c3d0e4("net: Save TX flow hash in sock and set in skbuf on 
xmit")
      
      Signed-off-by: Sathya Perla <sathya.perla@xxxxxxxxxx>
      Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 789f202326640814c52f82e80cef3584d8254623
  Author: Li RongQing <roy.qing.li@xxxxxxxxx>
  Date:   Wed Oct 22 17:09:53 2014 +0800
  
      xfrm6: fix a potential use after free in xfrm6_policy.c
      
      pskb_may_pull() maybe change skb->data and make nh and exthdr pointer
      oboslete, so recompute the nd and exthdr
      
      Signed-off-by: Li RongQing <roy.qing.li@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8751b12cd93cc37337256f650e309b8364d40b35
  Author: LEROY Christophe <christophe.leroy@xxxxxx>
  Date:   Wed Oct 22 09:05:47 2014 +0200
  
      net: fs_enet: set back promiscuity mode after restart
      
      After interface restart (eg: after link disconnection/reconnection), the 
bridge
      function doesn't work anymore. This is due to the promiscuous mode being 
cleared
      by the restart.
      
      The mac-fcc already includes code to set the promiscuous mode back during 
the restart.
      This patch adds the same handling to mac-fec and mac-scc.
      
      Tested with bridge function on MPC885 with FEC.
      
      Reported-by: Germain Montoies <germain.montoies@xxxxxx>
      Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit a63ba13eec092b70d4e5522d692eaeb2f9747387
  Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 16:06:05 2014 +0200
  
      net: tso: fix unaligned access to crafted TCP header in helper API
      
      The crafted header start address is from a driver supplied buffer, which
      one can reasonably expect to be aligned on a 4-bytes boundary.
      However ATM the TSO helper API is only used by ethernet drivers and
      the tcp header will then be aligned to a 2-bytes only boundary from the
      header start address.
      
      Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
      Cc: Ezequiel Garcia <ezequiel.garcia@xxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 8fc963515e893867330dec87464e9edc5204c024
  Author: Jon Cooper <jcooper@xxxxxxxxxxxxxx>
  Date:   Tue Oct 21 14:50:29 2014 +0100
  
      sfc: remove incorrect EFX_BUG_ON_PARANOID check
      
      write_count and insert_count can wrap around, making > check invalid.
      
      Fixes: 70b33fb0ddec827cbbd14cdc664fc27b2ef4a6b6 ("sfc: add support for
       skb->xmit_more").
      
      Signed-off-by: Edward Cree <ecree@xxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit c123bb7163043bb8f33858cf8e45b01c17dbd171
  Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 11:08:21 2014 +0200
  
      netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats 
allocation
      
      alloc_percpu returns NULL on failure, not a negative error code.
      
      Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic 
routines")
      Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 0f9f5e1b83abd2b37c67658e02a6fc9001831fa5
  Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
  Date:   Tue Oct 21 11:28:12 2014 +0300
  
      netfilter: ipset: off by one in ip_set_nfnl_get_byindex()
      
      The ->ip_set_list[] array is initialized in ip_set_net_init() and it
      has ->ip_set_max elements so this check should be >= instead of >
      otherwise we are off by one.
      
      Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
      Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit e37ad9fd636071e45368d1d9cc3b7b421281ce7f
  Author: Marcelo Leitner <mleitner@xxxxxxxxxx>
  Date:   Mon Oct 13 13:09:28 2014 -0300
  
      netfilter: nf_conntrack: allow server to become a client in TW handling
      
      When a port that was used to listen for inbound connections gets closed
      and reused for outgoing connections (like rsh ends up doing for stderr
      flow), current we may reject the SYN/ACK packet for the new connection
      because tcp_conntracks states forbirds a port to become a client while
      there is still a TIME_WAIT entry in there for it.
      
      As TCP may expire the TIME_WAIT socket in 60s and conntrack's timeout
      for it is 120s, there is a ~60s window that the application can end up
      opening a port that conntrack will end up blocking.
      
      This patch fixes this by simply allowing such state transition: if we
      see a SYN, in TIME_WAIT state, on REPLY direction, move it to sSS. Note
      that the rest of the code already handles this situation, more
      specificly in tcp_packet(), first switch clause.
      
      Signed-off-by: Marcelo Ricardo Leitner <mleitner@xxxxxxxxxx>
      Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 7c1c97d54f9bfc810908d3903cb8bcacf734df18
  Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
  Date:   Tue Oct 21 11:23:30 2014 +0200
  
      net: sched: initialize bstats syncp
      
      Use netdev_alloc_pcpu_stats to allocate percpu stats and initialize syncp.
      
      Fixes: 22e0f8b9322c "net: sched: make bstats per cpu and estimator RCU 
safe"
      Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
      Acked-by: Cong Wang <cwang@xxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 32bf08a6257b9c7380dcd040af3c0858eee3ef05
  Author: Alexei Starovoitov <ast@xxxxxxxxxxxx>
  Date:   Mon Oct 20 14:54:57 2014 -0700
  
      bpf: fix bug in eBPF verifier
      
      while comparing for verifier state equivalency the comparison
      was missing a check for uninitialized register.
      Make sure it does so and add a testcase.
      
      Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier")
      Cc: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
      Acked-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 78fd1d0ab072d4d9b5f0b7c14a1516665170b565
  Author: Thomas Graf <tgraf@xxxxxxx>
  Date:   Tue Oct 21 22:05:38 2014 +0200
  
      netlink: Re-add locking to netlink_lookup() and seq walker
      
      The synchronize_rcu() in netlink_release() introduces unacceptable
      latency. Reintroduce minimal lookup so we can drop the
      synchronize_rcu() until socket destruction has been RCUfied.
      
      Cc: David S. Miller <davem@xxxxxxxxxxxxx>
      Cc: Eric Dumazet <eric.dumazet@xxxxxxxxx>
      Reported-by: Steinar H. Gunderson <sgunderson@xxxxxxxxxxx>
      Reported-and-tested-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx>
      Signed-off-by: Thomas Graf <tgraf@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1a194c2d59c55c37cb4c0c459d5418071a141341
  Author: Ying Xue <ying.xue@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 14:46:35 2014 +0800
  
      tipc: fix lockdep warning when intra-node messages are delivered
      
      When running tipcTC&tipcTS test suite, below lockdep unsafe locking
      scenario is reported:
      
      [ 1109.997854]
      [ 1109.997988] =================================
      [ 1109.998290] [ INFO: inconsistent lock state ]
      [ 1109.998575] 3.17.0-rc1+ #113 Not tainted
      [ 1109.998762] ---------------------------------
      [ 1109.998762] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
      [ 1109.998762] swapper/7/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
      [ 1109.998762]  (slock-AF_TIPC){+.?...}, at: [<ffffffffa0011969>] 
tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762] {SOFTIRQ-ON-W} state was registered at:
      [ 1109.998762]   [<ffffffff810a4770>] __lock_acquire+0x6a0/0x1d80
      [ 1109.998762]   [<ffffffff810a6555>] lock_acquire+0x95/0x1e0
      [ 1109.998762]   [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80
      [ 1109.998762]   [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]   [<ffffffffa0004fe8>] tipc_link_xmit+0xa8/0xc0 [tipc]
      [ 1109.998762]   [<ffffffffa000ec6f>] tipc_sendmsg+0x15f/0x550 [tipc]
      [ 1109.998762]   [<ffffffffa000f165>] tipc_connect+0x105/0x140 [tipc]
      [ 1109.998762]   [<ffffffff817676ee>] SYSC_connect+0xae/0xc0
      [ 1109.998762]   [<ffffffff81767b7e>] SyS_connect+0xe/0x10
      [ 1109.998762]   [<ffffffff817a9788>] compat_SyS_socketcall+0xb8/0x200
      [ 1109.998762]   [<ffffffff81a306e5>] sysenter_dispatch+0x7/0x1f
      [ 1109.998762] irq event stamp: 241060
      [ 1109.998762] hardirqs last  enabled at (241060): [<ffffffff8105a4ad>] 
__local_bh_enable_ip+0x6d/0xd0
      [ 1109.998762] hardirqs last disabled at (241059): [<ffffffff8105a46f>] 
__local_bh_enable_ip+0x2f/0xd0
      [ 1109.998762] softirqs last  enabled at (241020): [<ffffffff81059a52>] 
_local_bh_enable+0x22/0x50
      [ 1109.998762] softirqs last disabled at (241021): [<ffffffff8105a626>] 
irq_exit+0x96/0xc0
      [ 1109.998762]
      [ 1109.998762] other info that might help us debug this:
      [ 1109.998762]  Possible unsafe locking scenario:
      [ 1109.998762]
      [ 1109.998762]        CPU0
      [ 1109.998762]        ----
      [ 1109.998762]   lock(slock-AF_TIPC);
      [ 1109.998762]   <Interrupt>
      [ 1109.998762]     lock(slock-AF_TIPC);
      [ 1109.998762]
      [ 1109.998762]  *** DEADLOCK ***
      [ 1109.998762]
      [ 1109.998762] 2 locks held by swapper/7/0:
      [ 1109.998762]  #0:  (rcu_read_lock){......}, at: [<ffffffff81782dc9>] 
__netif_receive_skb_core+0x69/0xb70
      [ 1109.998762]  #1:  (rcu_read_lock){......}, at: [<ffffffffa0001c90>] 
tipc_l2_rcv_msg+0x40/0x260 [tipc]
      [ 1109.998762]
      [ 1109.998762] stack backtrace:
      [ 1109.998762] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 3.17.0-rc1+ #113
      [ 1109.998762] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
      [ 1109.998762]  ffffffff82745830 ffff880016c03828 ffffffff81a209eb 
0000000000000007
      [ 1109.998762]  ffff880017b3cac0 ffff880016c03888 ffffffff81a1c5ef 
0000000000000001
      [ 1109.998762]  ffff880000000001 ffff880000000000 ffffffff81012d4f 
0000000000000000
      [ 1109.998762] Call Trace:
      [ 1109.998762]  <IRQ>  [<ffffffff81a209eb>] dump_stack+0x4e/0x68
      [ 1109.998762]  [<ffffffff81a1c5ef>] print_usage_bug+0x1f1/0x202
      [ 1109.998762]  [<ffffffff81012d4f>] ? save_stack_trace+0x2f/0x50
      [ 1109.998762]  [<ffffffff810a406c>] mark_lock+0x28c/0x2f0
      [ 1109.998762]  [<ffffffff810a3440>] ? 
print_irq_inversion_bug.part.46+0x1f0/0x1f0
      [ 1109.998762]  [<ffffffff810a467d>] __lock_acquire+0x5ad/0x1d80
      [ 1109.998762]  [<ffffffff810a70dd>] ? trace_hardirqs_on+0xd/0x10
      [ 1109.998762]  [<ffffffff8108ace8>] ? sched_clock_cpu+0x98/0xc0
      [ 1109.998762]  [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30
      [ 1109.998762]  [<ffffffff810a10dc>] ? 
lock_release_holdtime.part.29+0x1c/0x1a0
      [ 1109.998762]  [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90
      [ 1109.998762]  [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc]
      [ 1109.998762]  [<ffffffff810a6555>] lock_acquire+0x95/0x1e0
      [ 1109.998762]  [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]  [<ffffffff810a6fb6>] ? trace_hardirqs_on_caller+0xa6/0x1c0
      [ 1109.998762]  [<ffffffff81a2d1ce>] _raw_spin_lock+0x3e/0x80
      [ 1109.998762]  [<ffffffffa0011969>] ? tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]  [<ffffffffa000dec0>] ? tipc_sk_get+0x60/0x80 [tipc]
      [ 1109.998762]  [<ffffffffa0011969>] tipc_sk_rcv+0x49/0x2b0 [tipc]
      [ 1109.998762]  [<ffffffffa00076bd>] tipc_rcv+0x5ed/0x960 [tipc]
      [ 1109.998762]  [<ffffffffa0001d1c>] tipc_l2_rcv_msg+0xcc/0x260 [tipc]
      [ 1109.998762]  [<ffffffffa0001c90>] ? tipc_l2_rcv_msg+0x40/0x260 [tipc]
      [ 1109.998762]  [<ffffffff81783345>] __netif_receive_skb_core+0x5e5/0xb70
      [ 1109.998762]  [<ffffffff81782dc9>] ? __netif_receive_skb_core+0x69/0xb70
      [ 1109.998762]  [<ffffffff81784eb9>] ? dev_gro_receive+0x259/0x4e0
      [ 1109.998762]  [<ffffffff817838f6>] __netif_receive_skb+0x26/0x70
      [ 1109.998762]  [<ffffffff81783acd>] netif_receive_skb_internal+0x2d/0x1f0
      [ 1109.998762]  [<ffffffff81785518>] napi_gro_receive+0xd8/0x240
      [ 1109.998762]  [<ffffffff815bf854>] e1000_clean_rx_irq+0x2c4/0x530
      [ 1109.998762]  [<ffffffff815c1a46>] e1000_clean+0x266/0x9c0
      [ 1109.998762]  [<ffffffff8108ad2b>] ? local_clock+0x1b/0x30
      [ 1109.998762]  [<ffffffff8108aa05>] ? sched_clock_local+0x25/0x90
      [ 1109.998762]  [<ffffffff817842b1>] net_rx_action+0x141/0x310
      [ 1109.998762]  [<ffffffff810bd710>] ? handle_fasteoi_irq+0xe0/0x150
      [ 1109.998762]  [<ffffffff81059fa6>] __do_softirq+0x116/0x4d0
      [ 1109.998762]  [<ffffffff8105a626>] irq_exit+0x96/0xc0
      [ 1109.998762]  [<ffffffff81a30d07>] do_IRQ+0x67/0x110
      [ 1109.998762]  [<ffffffff81a2ee2f>] common_interrupt+0x6f/0x6f
      [ 1109.998762]  <EOI>  [<ffffffff8100d2b7>] ? default_idle+0x37/0x250
      [ 1109.998762]  [<ffffffff8100d2b5>] ? default_idle+0x35/0x250
      [ 1109.998762]  [<ffffffff8100dd1f>] arch_cpu_idle+0xf/0x20
      [ 1109.998762]  [<ffffffff810999fd>] cpu_startup_entry+0x27d/0x4d0
      [ 1109.998762]  [<ffffffff81034c78>] start_secondary+0x188/0x1f0
      
      When intra-node messages are delivered from one process to another
      process, tipc_link_xmit() doesn't disable BH before it directly calls
      tipc_sk_rcv() on process context to forward messages to destination
      socket. Meanwhile, if messages delivered by remote node arrive at the
      node and their destinations are also the same socket, tipc_sk_rcv()
      running on process context might be preempted by tipc_sk_rcv() running
      BH context. As a result, the latter cannot obtain the socket lock as
      the lock was obtained by the former, however, the former has no chance
      to be run as the latter is owning the CPU now, so headlock happens. To
      avoid it, BH should be always disabled in tipc_sk_rcv().
      
      Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx>
      Reviewed-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 7b8613e0a1502b43b3b36c93c66f835c891f63b3
  Author: Ying Xue <ying.xue@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 14:44:25 2014 +0800
  
      tipc: fix a potential deadlock
      
      Locking dependency detected below possible unsafe locking scenario:
      
                 CPU0                          CPU1
      T0:  tipc_named_rcv()                tipc_rcv()
      T1:  [grab nametble write lock]*     [grab node lock]*
      T2:  tipc_update_nametbl()           tipc_node_link_up()
      T3:  tipc_nodesub_subscribe()        tipc_nametbl_publish()
      T4:  [grab node lock]*               [grab nametble write lock]*
      
      The opposite order of holding nametbl write lock and node lock on
      above two different paths may result in a deadlock. If we move the
      the updating of the name table after link state named out of node
      lock, the reverse order of holding locks will be eliminated, and
      as a result, the deadlock risk.
      
      Signed-off-by: Ying Xue <ying.xue@xxxxxxxxxxxxx>
      Signed-off-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 73829bf6fec70703f10e360676d81d327f21ebf6
  Merge: d10845f 39dc90c
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Tue Oct 21 15:24:30 2014 -0400
  
      Merge branch 'enic'
      
      Govindarajulu Varadarajan says:
      
      ====================
      enic: Bug fixes
      
      This series fixes the following problem.
      
      Please apply this to net.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 39dc90c159c1bcc0fdd42913a7d560b1a1cd3acf
  Author: Govindarajulu Varadarajan <_govind@xxxxxxx>
  Date:   Sun Oct 19 14:20:28 2014 +0530
  
      enic: Do not call napi_disable when preemption is disabled.
      
      In enic_stop, we disable preemption using local_bh_disable(). We disable
      preemption to wait for busy_poll to finish.
      
      napi_disable should not be called here as it might sleep.
      
      Moving napi_disable() call out side of local_bh_disable.
      
      BUG: sleeping function called from invalid context at 
include/linux/netdevice.h:477
      in_atomic(): 1, irqs_disabled(): 0, pid: 443, name: ifconfig
      INFO: lockdep is turned off.
      Preemption disabled at:[<ffffffffa029c5c4>] 
enic_rfs_flw_tbl_free+0x34/0xd0 [enic]
      
      CPU: 31 PID: 443 Comm: ifconfig Not tainted 3.17.0-netnext-05504-g59f35b8 
#268
      Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
       ffff8800dac10000 ffff88020b8dfcb8 ffffffff8148a57c 0000000000000000
       ffff88020b8dfcd0 ffffffff8107e253 ffff8800dac12a40 ffff88020b8dfd10
       ffffffffa029305b ffff88020b8dfd48 ffff8800dac10000 ffff88020b8dfd48
      Call Trace:
       [<ffffffff8148a57c>] dump_stack+0x4e/0x7a
       [<ffffffff8107e253>] __might_sleep+0x123/0x1a0
       [<ffffffffa029305b>] enic_stop+0xdb/0x4d0 [enic]
       [<ffffffff8138ed7d>] __dev_close_many+0x9d/0xf0
       [<ffffffff8138ef81>] __dev_close+0x31/0x50
       [<ffffffff813974a8>] __dev_change_flags+0x98/0x160
       [<ffffffff81397594>] dev_change_flags+0x24/0x60
       [<ffffffff814085fd>] devinet_ioctl+0x63d/0x710
       [<ffffffff81139c16>] ? might_fault+0x56/0xc0
       [<ffffffff81409ef5>] inet_ioctl+0x65/0x90
       [<ffffffff813768e0>] sock_do_ioctl+0x20/0x50
       [<ffffffff81376ebb>] sock_ioctl+0x20b/0x2e0
       [<ffffffff81197250>] do_vfs_ioctl+0x2e0/0x500
       [<ffffffff81492619>] ? sysret_check+0x22/0x5d
       [<ffffffff81285f23>] ? __this_cpu_preempt_check+0x13/0x20
       [<ffffffff8109fe19>] ? trace_hardirqs_on_caller+0x119/0x270
       [<ffffffff811974ac>] SyS_ioctl+0x3c/0x80
       [<ffffffff814925ed>] system_call_fastpath+0x1a/0x1f
      
      Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit b6931c9ba728d60c542c39ff037fe6f595c074a2
  Author: Govindarajulu Varadarajan <_govind@xxxxxxx>
  Date:   Sun Oct 19 14:20:27 2014 +0530
  
      enic: fix possible deadlock in enic_stop/ enic_rfs_flw_tbl_free
      
      The following warning is shown when spinlock debug is enabled.
      
      This occurs when enic_flow_may_expire timer function is running and
      enic_stop is called on same CPU.
      
      Fix this by using spink_lock_bh().
      
      =================================
      [ INFO: inconsistent lock state ]
      3.17.0-netnext-05504-g59f35b8 #268 Not tainted
      ---------------------------------
      inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
      ifconfig/443 [HC0[0]:SC0[0]:HE1:SE1] takes:
       (&(&enic->rfs_h.lock)->rlock){+.?...}, at:
      enic_rfs_flw_tbl_free+0x34/0xd0 [enic]
      {IN-SOFTIRQ-W} state was registered at:
        [<ffffffff810a25af>] __lock_acquire+0x83f/0x21c0
        [<ffffffff810a45f2>] lock_acquire+0xa2/0xd0
        [<ffffffff814913fc>] _raw_spin_lock+0x3c/0x80
        [<ffffffffa029c3d5>] enic_flow_may_expire+0x25/0x130[enic]
        [<ffffffff810bcd07>] call_timer_fn+0x77/0x100
        [<ffffffff810bd8e3>] run_timer_softirq+0x1e3/0x270
        [<ffffffff8105f9ae>] __do_softirq+0x14e/0x280
        [<ffffffff8105fdae>] irq_exit+0x8e/0xb0
        [<ffffffff8103da0f>] smp_apic_timer_interrupt+0x3f/0x50
        [<ffffffff81493742>] apic_timer_interrupt+0x72/0x80
        [<ffffffff81018143>] default_idle+0x13/0x20
        [<ffffffff81018a6a>] arch_cpu_idle+0xa/0x10
        [<ffffffff81097676>] cpu_startup_entry+0x2c6/0x330
        [<ffffffff8103b7ad>] start_secondary+0x21d/0x290
      irq event stamp: 2997
      hardirqs last  enabled at (2997): [<ffffffff81491865>] 
_raw_spin_unlock_irqrestore+0x65/0x90
      hardirqs last disabled at (2996): [<ffffffff814915e6>] 
_raw_spin_lock_irqsave+0x26/0x90
      softirqs last  enabled at (2968): [<ffffffff813b57a3>] 
dev_deactivate_many+0x213/0x260
      softirqs last disabled at (2966): [<ffffffff813b5783>] 
dev_deactivate_many+0x1f3/0x260
      
      other info that might help us debug this:
       Possible unsafe locking scenario:
      
             CPU0
             ----
        lock(&(&enic->rfs_h.lock)->rlock);
        <Interrupt>
          lock(&(&enic->rfs_h.lock)->rlock);
      
       *** DEADLOCK ***
      
      Reported-by: Jan Stancek <jstancek@xxxxxxxxxx>
      Signed-off-by: Govindarajulu Varadarajan <_govind@xxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit d10845fc85b2e690b5f6425c5ba4df33a073fbc9
  Merge: ce8ec48 f993bc2
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 12:38:19 2014 -0400
  
      Merge branch 'gso_encap_fixes'
      
      Florian Westphal says:
      
      ====================
      net: minor gso encapsulation fixes
      
      The following series fixes a minor bug in the gso segmentation handlers
      when encapsulation offload is used.
      
      Theoretically this could cause kernel panic when the stack tries
      to software-segment such a GRE offload packet, but it looks like there
      is only one affected call site (tbf scheduler) and it handles NULL
      return value.
      
      I've included a followup patch to add IS_ERR_OR_NULL checks where needed.
      
      While looking into this, I also found that size computation of the 
individual
      segments is incorrect if skb->encapsulation is set.
      
      Please see individual patches for delta vs. v1.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit f993bc25e5196e60514c216d0bca0f600de64af8
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Mon Oct 20 13:49:18 2014 +0200
  
      net: core: handle encapsulation offloads when computing segment lengths
      
      if ->encapsulation is set we have to use inner_tcp_hdrlen and add the
      size of the inner network headers too.
      
      This is 'mostly harmless'; tbf might send skb that is slightly over
      quota or drop skb even if it would have fit.
      
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 330966e501ffe282d7184fde4518d5e0c24bc7f8
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Mon Oct 20 13:49:17 2014 +0200
  
      net: make skb_gso_segment error handling more robust
      
      skb_gso_segment has three possible return values:
      1. a pointer to the first segmented skb
      2. an errno value (IS_ERR())
      3. NULL.  This can happen when GSO is used for header verification.
      
      However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL
      and would oops when NULL is returned.
      
      Note that these call sites should never actually see such a NULL return
      value; all callers mask out the GSO bits in the feature argument.
      
      However, there have been issues with some protocol handlers erronously not
      respecting the specified feature mask in some cases.
      
      It is preferable to get 'have to turn off hw offloading, else slow' 
reports
      rather than 'kernel crashes'.
      
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e16aa3ddf863c6b9f37eddf52503230a62dedb3
  Author: Florian Westphal <fw@xxxxxxxxx>
  Date:   Mon Oct 20 13:49:16 2014 +0200
  
      net: gso: use feature flag argument in all protocol gso handlers
      
      skb_gso_segment() has a 'features' argument representing offload features
      available to the output path.
      
      A few handlers, e.g. GRE, instead re-fetch the features of skb->dev and 
use
      those instead of the provided ones when handing encapsulation/tunnels.
      
      Depending on dev->hw_enc_features of the output device skb_gso_segment() 
can
      then return NULL even when the caller has disabled all GSO feature bits,
      as segmentation of inner header thinks device will take care of 
segmentation.
      
      This e.g. affects the tbf scheduler, which will silently drop GRE-encap 
GSO skbs
      that did not fit the remaining token quota as the segmentation does not 
work
      when device supports corresponding hw offload capabilities.
      
      Cc: Pravin B Shelar <pshelar@xxxxxxxxxx>
      Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit ce8ec4896749783bd6cdc457e6012cfc18e09c8b
  Merge: 95ff886 1e2d56a
  Author: David S. Miller <davem@xxxxxxxxxxxxx>
  Date:   Mon Oct 20 11:57:47 2014 -0400
  
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
      
      Pablo Neira Ayuso says:
      
      ====================
      netfilter fixes for net
      
      The following patchset contains netfilter fixes for your net tree,
      they are:
      
      1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules.
      
      2) Restrict nat and masq expressions to the nat chain type. Otherwise,
         users may crash their kernel if they attach a nat/masq rule to a non
         nat chain.
      
      3) Fix hook validation in nft_compat when non-base chains are used.
         Basically, initialize hook_mask to zero.
      
      4) Make sure you use match/targets in nft_compat from the right chain
         type. The existing validation relies on the table name which can be
         avoided by
      
      5) Better netlink attribute validation in nft_nat. This expression has
         to reject the configuration when no address and proto configurations
         are specified.
      
      6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set.
         Yet another sanity check to reject incorrect configurations from
         userspace.
      
      7) Conditional NAT attribute dumping depending on the existing
         configuration.
      ====================
      
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 11b2357d5dbce999803e9055f8c09829a8a87db4
  Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
  Date:   Mon Oct 20 10:54:36 2014 +0200
  
      mac80211: minstrels: fix buffer overflow in HT debugfs rc_stats
      
      ATM an HT rc_stats line is 106 chars.
      Times 8(MCS_GROUP_RATES)*3(SS)*2(GI)*2(BW) + CCK(4), i.e. x100, this is
      well above the current 8192 - sizeof(*ms) currently allocated.
      
      Fix this by squeezing the output as follows (not that we're short on
      memory but this also improves readability and range, the new format adds
      one more digit to *ok/*cum and ok/cum):
      
      - Before (HT) (106 ch):
      type           rate     throughput  ewma prob   this prob  retry   this 
succ/attempt   success    attempts
      CCK/LP          5.5M           0.0        0.0         0.0      0          
    0(  0)         0           0
      HT20/LGI ABCDP MCS0            0.0        0.0         0.0      1          
    0(  0)         0           0
      - After (75 ch):
      type           rate     tpt eprob *prob ret  *ok(*cum)        ok(      
cum)
      CCK/LP          5.5M    0.0   0.0   0.0   0    0(   0)         0(        
0)
      HT20/LGI ABCDP MCS0     0.0   0.0   0.0   1    0(   0)         0(        
0)
      
      - Align non-HT format Before (non-HT) (83 ch):
      rate      throughput  ewma prob  this prob  this succ/attempt   success   
 attempts
      ABCDP  6         0.0        0.0        0.0             0(  0)         0   
        0
            54         0.0        0.0        0.0             0(  0)         0   
        0
      - After (61 ch):
      rate          tpt eprob *prob  *ok(*cum)        ok(      cum)
      ABCDP  1      0.0   0.0   0.0    0(   0)         0(        0)
            54      0.0   0.0   0.0    0(   0)         0(        0)
      
      *This also adds dynamic checks for overflow, lowers the size of the
      non-HT request (allowing > 30 entries) and replaces the buddy-rounded
      allocations (s/sizeof(*ms) + 8192/8192).
      
      Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
      Acked-by: Felix Fietkau <nbd@xxxxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit 95ff88688781db2f64042e69bd499e518bbb36e5
  Author: Ian Morgan <imorgan@xxxxxxxxxxxxx>
  Date:   Sun Oct 19 08:05:13 2014 -0400
  
      ax88179_178a: fix bonding failure
      
      The following patch fixes a bug which causes the ax88179_178a driver to be
      incapable of being added to a bond.
      
      When I brought up the issue with the bonding maintainers, they indicated
      that the real problem was with the NIC driver which must return zero for
      success (of setting the MAC address). I see that several other NIC drivers
      follow that pattern by either simply always returing zero, or by passing
      through a negative (error) result while rewriting any positive return code
      to zero. With that same philisophy applied to the ax88179_178a driver, it
      allows it to work correctly with the bonding driver.
      
      I believe this is suitable for queuing in -stable, as it's a small, 
simple,
      and obvious fix that corrects a defect with no other known workaround.
      
      This patch is against vanilla 3.17(.0).
      
      Signed-off-by: Ian Morgan <imorgan@xxxxxxxxxxxxx>
      
       drivers/net/usb/ax88179_178a.c |    7 ++++++-
       1 file changed, 6 insertions(+), 1 deletion(-)
      Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
  
  commit 1e2d56a5d33a7e1fcd21ed3859f52596d02708b0
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Thu Oct 16 00:24:14 2014 +0200
  
      netfilter: nft_nat: dump attributes if they are set
      
      Dump NFTA_NAT_REG_ADDR_MIN if this is non-zero. Same thing with
      NFTA_NAT_REG_PROTO_MIN.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 61cfac6b42af98ab46bcb3a47e150e7b20d5015e
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Thu Oct 16 00:19:35 2014 +0200
  
      netfilter: nft_nat: NFTA_NAT_REG_ADDR_MAX depends on NFTA_NAT_REG_ADDR_MIN
      
      Interpret NFTA_NAT_REG_ADDR_MAX if NFTA_NAT_REG_ADDR_MIN is present,
      otherwise, skip it. Same thing with NFTA_NAT_REG_PROTO_MAX.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 5c819a39753d6a3ae9c0092236f59730a369b619
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Thu Oct 16 00:16:57 2014 +0200
  
      netfilter: nft_nat: insufficient attribute validation
      
      We have to validate that we at least get an NFTA_NAT_REG_ADDR_MIN or
      NFTA_NFT_REG_PROTO_MIN attribute. Reject the configuration if none
      of them are present.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit f3f5ddeddd6aeadcef523d55ea9288e3d5c1cbc3
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Tue Oct 14 10:13:48 2014 +0200
  
      netfilter: nft_compat: validate chain type in match/target
      
      We have to validate the real chain type to ensure that matches/targets
      are not used out from their scope (eg. MASQUERADE in nat chain type).
      The existing validation relies on the table name, but this is not
      sufficient since userspace can fool us by using the appropriate table
      name with a different chain type.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 493618a92c6afdd3f6224ab586f169d6a259bb06
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Tue Oct 14 12:43:50 2014 +0200
  
      netfilter: nft_compat: fix hook validation for non-base chains
      
      Set hook_mask to zero for non-base chains, otherwise people may hit
      bogus errors from the xt_check_target() and xt_check_match() when
      validating the uninitialized hook_mask.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit c7abf25af0f41be4b50d44c5b185d52eea360cb8
  Author: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
  Date:   Mon Oct 13 14:34:41 2014 +0200
  
      mac80211: fix typo in starting baserate for rts_cts_rate_idx
      
      It affects non-(V)HT rates and can lead to selecting an rts_cts rate
      that is not a basic rate or way superior to the reference rate (ATM
      rates[0] used for the 1st attempt of the protected frame data).
      
      E.g, assuming drivers register growing (bitrate) sorted tables of
      ieee80211_rate-s, having :
      - rates[0].idx == d'2 and basic_rates == b'10100
      will select rts_cts idx b'10011 & ~d'(BIT(2)-1), i.e. 1, likewise
      - rates[0].idx == d'2 and basic_rates == b'10001
      will select rts_cts idx b'10000
      The first is not a basic rate and the second is > rates[0].
      
      Also, wrt severity of the addressed misbehavior, ATM we only have one
      rts_cts_rate_idx rather than one per rate table entry, so this idx might
      still point to bitrates > rates[1..MAX_RATES].
      
      Fixes: 5253ffb8c9e1 ("mac80211: always pick a basic rate to tx RTS/CTS 
for pre-HT rates")
      Cc: stable@xxxxxxxxxxxxxxx
      Signed-off-by: Karl Beldan <karl.beldan@xxxxxxxxxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit 7210e4e38f945dfa173c4a4e59ad827c9ecad541
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Mon Oct 13 19:50:22 2014 +0200
  
      netfilter: nf_tables: restrict nat/masq expressions to nat chain type
      
      This adds the missing validation code to avoid the use of nat/masq from
      non-nat chains. The validation assumes two possible configuration
      scenarios:
      
      1) Use of nat from base chain that is not of nat type. Reject this
         configuration from the nft_*_init() path of the expression.
      
      2) Use of nat from non-base chain. In this case, we have to wait until
         the non-base chain is referenced by at least one base chain via
         jump/goto. This is resolved from the nft_*_validate() path which is
         called from nf_tables_check_loops().
      
      The user gets an -EOPNOTSUPP in both cases.
      
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit ab2d7251d666995740da17b2a51ca545ac5dd037
  Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  Date:   Fri Oct 10 11:25:20 2014 +0200
  
      netfilter: missing module license in the nf_reject_ipvX modules
      
      [   23.545204] nf_reject_ipv4: module license 'unspecified' taints kernel.
      
      Fixes: c8d7b98 ("netfilter: move nf_send_resetX() code to nf_reject_ipvX 
modules")
      Reported-by: Dave Young <dyoung@xxxxxxxxxx>
      Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
  
  commit 252e07ca5f64dd31fdfca8027287e7d75fefdab1
  Author: Luciano Coelho <luciano.coelho@xxxxxxxxx>
  Date:   Wed Oct 8 09:48:34 2014 +0300
  
      nl80211: sanity check the channel switch counter value
      
      The nl80211 channel switch count attribute
      (NL80211_ATTR_CH_SWITCH_COUNT) is specified as u32, but the
      specification uses u8 for the counter.  To make sure strange things
      don't happen without informing the user, sanity check the value and
      return -EINVAL if it doesn't fit in u8.
      
      Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit bc37b16870a382e8b71d881444c19a16de1c1a7f
  Author: Fabian Frederick <fabf@xxxxxxxxx>
  Date:   Tue Oct 7 22:20:23 2014 +0200
  
      net: rfkill: kernel-doc warning fixes
      
      Correct the kernel-doc, the parameter is called "blocked" not "state".
      
      Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit c12bc4885f4b3bab0ed779c69d5d7e3223fa5003
  Author: Luciano Coelho <luciano.coelho@xxxxxxxxx>
  Date:   Tue Sep 30 07:08:02 2014 +0300
  
      mac80211: return the vif's chandef in ieee80211_cfg_get_channel()
      
      The chandef of the channel context a vif is using may be different
      than the chandef of the vif itself.  For instance, the bandwidth used
      by the vif may be narrower than the one configured in the channel
      context.  To avoid confusion, return the vif's chandef in
      ieee80211_cfg_get_channel() instead of the chandef of the channel
      context.
      
      Signed-off-by: Luciano Coelho <luciano.coelho@xxxxxxxxx>
      Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
  
  commit 8975ae88e137ea02a71b7a86af2f8eb790c2f1e7
  Author: Liad Kaufman <liad.kaufman@xxxxxxxxx>
  Date:   Sun Sep 14 21:48:28 2014 +0300
  
      mac80211: fix warning on htmldocs for last_tdls_pkt_time
      
      Forgot to add an entry to the struct description of sta_info.
      
      Signed-off-by: Liad Kaufman <liad.kaufman@xxxxxxxxx>
      Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
      Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>

Revision graph left in 
/home/xc_osstest/results/bisect.linux-linus.test-amd64-i386-rumpuserxen-i386.guest-start.{dot,ps,png,html}.
----------------------------------------
31424: tolerable FAIL

flight 31424 linux-linus real-bisect [real]
http://www.chiark.greenend.org.uk/~xensrcts/logs/31424/

Failures :-/ but no regressions.

Tests which did not succeed,
including tests which could not be run:
 test-amd64-i386-rumpuserxen-i386  8 guest-start         fail baseline untested


jobs:
 build-i386-rumpuserxen                                       pass    
 test-amd64-i386-rumpuserxen-i386                             fail    


------------------------------------------------------------
sg-report-flight on osstest.cam.xci-test.com
logs: /home/xc_osstest/logs
images: /home/xc_osstest/images

Logs, config files, etc. are available at
    http://www.chiark.greenend.org.uk/~xensrcts/logs

Test harness code can be found at
    http://xenbits.xensource.com/gitweb?p=osstest.git;a=summary


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.