Some commands don't work in its example doc. The patch will fix it.

Signed-off-by: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

This patch reverts b01af457.

The original patch was tested with emulated hardware. Real
hardware chokes.

Fixes https://bugzilla.kernel.org/show_bug.cgi?id=47041



Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Acked-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

	Starting from 3.6 we cache output routes for
multicasts only when using route to 224/4. For local receivers
we can set RTCF_LOCAL flag depending on the membership but
in such case we use maddr and saddr which are not caching
keys as before. Additionally, we can not use same place to
cache routes that differ in RTCF_LOCAL flag value.

	Fix it by caching only RTCF_MULTICAST entries
without RTCF_LOCAL (send-only, no loopback). As a side effect,
we avoid unneeded lookup for fnhe when not caching because
multicasts are not redirected and they do not learn PMTU.

	Thanks to Maxime Bizon for showing the caching
problems in __mkroute_output for 3.6 kernels: different
RTCF_LOCAL flag in cache can lead to wrong ip_mc_output or
ip_output call and the visible problem is that traffic can
not reach local receivers via loopback.

Reported-by: Maxime Bizon <mbizon@freebox.fr>
Tested-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pablo Neira Ayuso says:

====================
The following patchset contains two Netfilter fixes:

* Fix buffer overflow in the name of the timeout policy object
  in the cttimeout infrastructure, from Florian Westphal.

* Fix a bug in the hash set in case that IP ranges are
  specified, from Jozsef Kadlecsik.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

Steffen Klassert says:

====================
This pull request is intended for 3.7 and contains a single patch to
fix the IPsec gc threshold value for ipv4.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

Chen Gang reports:
the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side.

And indeed, its used to strcpy to a fixed-sized buffer.

Fortunately, nfnetlink users need CAP_NET_ADMIN.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Due to the missing ininitalization at adding/deleting entries, when
a plain_ip,port,net element was the object, multiple elements were
added/deleted instead. The bug came from the missing dangling
default initialization.

The error-prone default initialization is corrected in all hash:* types.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

There have been some 3.7-rc reports of vm issues, including some kswapd
bugs and, more importantly, some memory "leaks":

	http://www.spinics.net/lists/linux-mm/msg46187.html
	https://bugzilla.kernel.org/show_bug.cgi?id=50181

Commit 1fb3f8ca

 ("mm: compaction: capture a suitable high-order page
immediately when it is made available") took split_free_page() and
reused it for the compaction code.  It does something curious with
capture_free_page() (previously known as split_free_page()):

  int capture_free_page(struct page *page, int alloc_order,
  ...
          __mod_zone_page_state(zone, NR_FREE_PAGES, -(1UL << order));

  -       /* Split into individual pages */
  -       set_page_refcounted(page);
  -       split_page(page, order);
  +       if (alloc_order != order)
  +               expand(zone, page, alloc_order, order,
  +                       &zone->free_area[order], migratetype);

Note that expand() puts the pages _back_ in the allocator, but it does
not bump NR_FREE_PAGES.  We "return" 'alloc_order' worth of pages, but
we accounted for removing 'order' in the __mod_zone_page_state() call.

For the old split_page()-style use (order==alloc_order) the bug will not
trigger.  But, when called from the compaction code where we
occasionally get a larger page out of the buddy allocator than we need,
we will run in to this.

This patch simply changes the NR_FREE_PAGES manipulation to the correct
'alloc_order' instead of 'order'.

I've been able to repeatedly trigger this in my testing environment.
The amount "leaked" very closely tracks the imbalance I see in buddy
pages vs.  NR_FREE_PAGES.  I have confirmed that this patch fixes the
imbalance

Signed-off-by: Dave Hansen <dave@linux.vnet.ibm.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull networking updates from David Miller:

 1) inet6_csk_update_pmtu() must return NULL or non-NULL, so translate
    ERR_PTR to NULL, as needed.  Fix from Eric Dumazet.

 2) Fix copy&paste error in IRDA sir_dev ->set_speed method invocation,
    it was testing the NULL'ness of a different method to guard the
    call.  Fix from Alexander Shiyan.

 3) Fix build regression of xilinx driver, from Jeff Mahoney.

 4) Make XEN netfront (like XEN netback) handle compound pages in SKBs
    properly.  From Ian Campbell.

 5) Fix inverted logic of team_dev_queue_xmit() return value checks,
    from Jiri Pirko and Dan Carpenter.

 6) dma_poll_create() no longer allows a NULL device argument, breaking
    both ixp4xx drivers.  Fix from Xi Wang.

 7) ne2000 driver doesn't hook up the parent device properly, breaking
    udev matching.  Fix from Alan Cox.

 8) Locking and memory leak fixes in Near Field Communications layer.
    From Thierry Escande, Szymon Janc, and Waldemar Rymarkiewicz.

 9) sis900 resume regression, sis900_set_mode() is being called with the
    iomem pointer instead of the expected device private.  Fix from
    Francois Romieu.

10) Fix IBSS regression caused by uninitializing the ibss-internals
    before performing an emptyness check, from Simon WUnderlich.

11) Fix SNIFFER mode regression in iwlwifi driver, from Johannes Berg.

12) Fix task wedges in mwifiex_cmd_timeout_func(), from Bing Zhao.

13) Add back wireless sysfs directory, too much stuff depends upon it
    being there (actually I'd say it never should have been removed to
    begin with).  From Johannes Berg.

14) Fix hang introduced by suspend/resume changes in ath9k.  Fix from
    Sujith Manoharan.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (24 commits)
  team: bcast: convert return value of team_dev_queue_xmit() to bool correctly
  bonding: Bonding driver does not consider the gso_max_size/gso_max_segs setting of slave devices.
  xen/netfront: handle compound page fragments on transmit
  net: fix build failure in xilinx
  irda: sir_dev: Fix copy/paste typo
  ipv6: fix inet6_csk_update_pmtu() return value
  ixp4xx_hss: avoid calling dma_pool_create() with NULL dev
  ixp4xx_eth: avoid calling dma_pool_create() with NULL dev
  ne2000: add the right platform device
  of/net/mdio-gpio: Fix pdev->id issue when using devicetrees.
  NFC: Fix pn533 target mode memory leak
  NFC: pn533: Fix mem leak in pn533_in_dep_link_up
  NFC: pn533: Fix use after free
  NFC: pn533: Fix missing lock while operating on commands list
  NFC: Fix nfc_llcp_local chained list insertion
  ath9k_hw: Fix regression in device reset
  sis900: fix sis900_set_mode call parameters.
  iwlwifi: don't WARN when a non empty queue is disabled
  wireless: add back sysfs directory
  mwifiex: report error to MMC core if we cannot suspend
  ...

The thing is that team_dev_queue_xmit() returns NET_XMIT_* or -E*.
bc_trasmit() should return true in case all went well. So use ! to get
correct retval from team_dev_queue_xmit() result.
This bug caused iface statistics to be badly computed.

This bug was introduced by:
team: add broadcast mode (5fc88991

)

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>

Merge tag 'pinctrl-for-v3.7-late' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pinctrl fix from Linus Walleij:
 "A simple pinctrl Kconfig oneliner arriving late.

  Final (hopefully) oneliner for the pinctrl subsystem targeted at v3.7"

* tag 'pinctrl-for-v3.7-late' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl/samsung: don't allow enabling pinctrl-samsung standalone

Pull selinux RCU fixlet from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  selinux: fix sel_netnode_insert() suspicious rcu dereference

There have the following warning message when running modules install
for sign ko files:

  # make modules_install
  ...
    INSTALL drivers/input/touchscreen/pcap_ts.ko
  Found = in conditional, should be == at scripts/sign-file line 164.
  Found = in conditional, should be == at scripts/sign-file line 161.
  Found = in conditional, should be == at scripts/sign-file line 159.

This patch change replace '=' by '==' in elsif conditions for avoid the
above warning messages.

Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Patch sets the lowest gso_max_size and gso_max_segs values of the slave devices during enslave and detach.

Signed-off-by: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

An SKB paged fragment can consist of a compound page with order > 0.
However the netchannel protocol deals only in PAGE_SIZE frames.

Handle this in xennet_make_frags by iterating over the frames which
make up the page.

This is the netfront equivalent to 6a8ed462

 for netback.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: netdev@vger.kernel.org
Cc: xen-devel@lists.xen.org
Cc: Eric Dumazet <edumazet@google.com>
Cc: Konrad Rzeszutek Wilk <konrad@kernel.org>
Cc: ANNIE LI <annie.li@oracle.com>
Cc: Sander Eikelenboom <linux@eikelenboom.it>
Cc: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless

 into for-davem

John W. Linville says:

====================
This is a batch of fixes intended for 3.7...

Included are two pulls.  Regarding the mac80211 tree, Johannes says:

"Please pull my mac80211.git tree (see below) to get two more fixes for
3.7. Both fix regressions introduced *before* this cycle that weren't
noticed until now, one for IBSS not cleaning up properly and the other
to add back the "wireless" sysfs directory for Fedora's startup scripts."

Regarding the iwlwifi tree, Johannes says:

"Please also pull my iwlwifi.git tree, I have two fixes: one to remove a
spurious warning that can actually trigger in legitimate situations, and
the other to fix a regression from when monitor mode was changed to use
the "sniffer" firmware mode."

Also included is an nfc tree pull.  Samuel says:

"We mostly have pn533 fixes here, 2 memory leaks and an early unlocking fix.
Moreover, we also have an LLCP adapter linked list insertion fix."

On top of that, a few more bits...  Albert Pool adds a USB ID
to rtlwifi.  Bing Zhao provides two mwifiex fixes -- one to fix
a system hang during a command timeout, and the other to properly
report a suspend error to the MMC core.  Finally, Sujith Manoharan
fixes a thinko that would trigger an ath9k hang during device reset.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

===============================
[ INFO: suspicious RCU usage. ]
3.5.0-rc1+ #63 Not tainted
-------------------------------
security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by trinity-child1/8750:
 #0:  (sel_netnode_lock){+.....}, at: [<ffffffff812d8f8a>] sel_netnode_sid+0x16a/0x3e0

stack backtrace:
Pid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63
Call Trace:
 [<ffffffff810cec2d>] lockdep_rcu_suspicious+0xfd/0x130
 [<ffffffff812d91d1>] sel_netnode_sid+0x3b1/0x3e0
 [<ffffffff812d8e20>] ? sel_netnode_find+0x1a0/0x1a0
 [<ffffffff812d24a6>] selinux_socket_bind+0xf6/0x2c0
 [<ffffffff810cd1dd>] ? trace_hardirqs_off+0xd/0x10
 [<ffffffff810cdb55>] ? lock_release_holdtime.part.9+0x15/0x1a0
 [<ffffffff81093841>] ? lock_hrtimer_base+0x31/0x60
 [<ffffffff812c9536>] security_socket_bind+0x16/0x20
 [<ffffffff815550ca>] sys_bind+0x7a/0x100
 [<ffffffff816c03d5>] ? sysret_check+0x22/0x5d
 [<ffffffff810d392d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
 [<ffffffff8133b09e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff816c03a9>] system_call_fastpath+0x16/0x1b

This patch below does what Paul McKenney suggested in the previous thread.

Signed-off-by: Dave Jones <davej@redhat.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>

Pull missed powerpc fixes from Benjamin Herrenschmidt:
 "Here are small 52xx fixes that Anatolij asked me to pull a while back
  and that I completely missed.  The stuff is local to that platform
  code, and was in next for a while, so it should still go into 3.7."

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc/mpc5200: move lpbfifo node and fix its interrupt property
  powerpc: 52xx: nop out unsupported critical IRQs
  powerpc/pcm030: add pcm030-audio-fabric to dts

Merge tag 'stable/for-linus-3.7-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen

Pull Xen bug-fix from Konrad Rzeszutek Wilk:
 - Fix regression introduced by commit ceb90fa0 ("xen/privcmd: add
   PRIVCMD_MMAPBATCH_V2 ioctl").

* tag 'stable/for-linus-3.7-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
  xen/privcmd: Correctly return success from IOCTL_PRIVCMD_MMAPBATCH

Pull KVM maintainership update from Avi Kivity:
 "After many years of maintaining KVM, I am moving on.  It was a real
  pleasure for me to work with so many talented and dedicated hackers on
  this project.

  Replacing me will be one of those talented and dedicated hackers,
  Gleb, who has authored hundreds of patches in and around KVM."

* git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: taking co-maintenance
  KVM: Retire as maintainer

Pull IOMMU fixes from Joerg Roedel:
 "Some fixes and a MAINTAINERS update to remove my lost AMD email
  address from the file.  The fixes take care of a resource leak and a
  problem on VT-d with the new IOMMU group code."

* tag 'iommu-fixes-v3.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  intel-iommu: Fix lookup in add device
  iommu/tegra-smmu.c: fix dentry reference leak in smmu_debugfs_stats_show().
  iommu/amd: Update MAINTAINERS entry

Pull reiserfs and ext3 fixes from Jan Kara:
 "Fixes of reiserfs deadlocks when quotas are enabled (locking there was
  completely busted by BKL conversion) and also one small ext3 fix in
  the trim interface."

* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  ext3: Avoid underflow of in ext3_trim_fs()
  reiserfs: Move quota calls out of write lock
  reiserfs: Protect reiserfs_quota_write() with write lock
  reiserfs: Protect reiserfs_quota_on() with write lock
  reiserfs: Fix lock ordering during remount

This is a regression introduced by ceb90fa0

 (xen/privcmd: add
PRIVCMD_MMAPBATCH_V2 ioctl).  It broke xentrace as it used
xc_map_foreign() instead of xc_map_foreign_bulk().

Most code-paths prefer the MMAPBATCH_V2, so this wasn't very obvious
that it broke. The return value is set early on to -EINVAL, and if all
goes well, the "set top bits of the MFN's" never gets called, so the
return value is still EINVAL when the function gets to the end, causing
the caller to think it went wrong (which it didn't!)

Now also including Andres "move the ret = -EINVAL into the error handling
path, as this avoids other similar errors in future.

Signed-off-by: Mats Petersson <mats.petersson@citrix.com>
Acked-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Anatolij 52xx updates:

Patch for pcm030 device tree fixing the probe() in pcm030-audio-fabric
driver. Changes to this driver have been merged in 3.7-rc1 via ASoC
tree, but this required device tree patch was submitted separately to
the linux-ppc list and is still missing in mainline. Without this patch
the probe() in pcm030-audio-fabric driver wrongly returns -ENODEV.

A patch from Wolfram fixing wrong invalid critical irq warnings for
all mpc5200 boards.

Another patch for all mpc5200 device trees fixing wrong L1 cell in
the LPB FIFO interrupt property and moving the LPB FIFO node to the
common mpc5200b.dtsi file so that this common node will be present
in all mpc5200 device trees.

Commit 71c6c837

 (drivers/net: fix tasklet misuse issue) introduced a
build failure in the xilinx driver. axienet_dma_err_handler isn't
declared before its use in axienet_open.

This patch provides the prototype before axienet_open.

Cc: Xiaotian Feng <dannyfeng@tencent.com>
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Alexander Shiyan <shc_work@mail.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>

In case of error, inet6_csk_update_pmtu() should consistently
return NULL.

Bug added in commit 35ad9b9c


(ipv6: Add helper inet6_csk_update_pmtu().)

Reported-by: Lluís Batlle i Rossell <viric@viric.name>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Use &port->netdev->dev instead of NULL since dma_pool_create() doesn't
allow NULL dev.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Use &port->netdev->dev instead of NULL since dma_pool_create() doesn't
allow NULL dev.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Without this udev doesn't have a way to key the ne device to the platform
device.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Samuel says:

"This is the first pull request for 3.7 NFC fixes.

We mostly have pn533 fixes here, 2 memory leaks and an early unlocking fix.
Moreover, we also have an LLCP adapter linked list insertion fix."

Signed-off-by: John W. Linville <linville@tuxdriver.com>

Updating MAINTAINERS file.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

After six and a half years of writing and maintaining KVM, it is time to
move to new things.  Update my MAINTAINERS entry to reflect that.

Signed-off-by: Avi Kivity <avi@redhat.com>

When the mdio-gpio driver is probed via device trees, the platform
device id is set as -1, However the pdev->id is re-used as bus-id for
while creating mdio gpio bus.
So
For device tree case the mdio-gpio bus name appears as "gpio-ffffffff"
where as
for non-device tree case the bus name appears as "gpio-<bus-num>"

Which means the bus_id is fixed in device tree case, so we can't have
two mdio gpio buses via device trees. Assigning a logical bus number
via device tree solves the problem and the bus name is much consistent
with non-device tree bus name.

Without this patch
1. we can't support two mdio-gpio buses via device trees.
2. we should always pass gpio-ffffffff as bus name to phy_connect, very
different to non-device tree bus name.

So, setting up the bus_id via aliases from device tree is the right
solution and other drivers do similar thing.

Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@st.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

In target mode, sent sk_buff were not freed in pn533_tm_send_complete

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

cmd is allocated in pn533_dep_link_up and passed as an arg to
pn533_send_cmd_frame_async together with a complete cb.

arg is passed to the cb and must be kfreed there.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

cmd was freed in pn533_dep_link_up regardless of
pn533_send_cmd_frame_async return code. Cmd is passed as argument to
pn533_in_dep_link_up_complete callback and should be freed there.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

In pn533_wq_cmd command was removed from list without cmd_lock held
(race with pn533_send_cmd_frame_async) which could lead to list
corruption. Delete command from list before releasing lock.

Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

list_add was called with swapped parameters

Signed-off-by: Thierry Escande <thierry.escande@linux.intel.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>

Currently if len argument in ext3_trim_fs() is smaller than one block,
the 'end' variable underflow. Avoid that by returning EINVAL if len is
smaller than file system block.

Also remove useless unlikely().

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>