Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Various VTI tunnel (mark handling, PMTU) bug fixes from Alexander
    Duyck and Steffen Klassert.

 2) Revert ethtool PHY query change, it wasn't correct.  The PHY address
    selected by the driver running the PHY to MAC connection decides
    what PHY address GET ethtool operations return information from.

 3) Fix handling of sequence number bits for encryption IV generation in
    ESP driver, from Herbert Xu.

 4) UDP can return -EAGAIN when we hit a bad checksum on receive, even
    when there are other packets in the receive queue which is wrong.
    Just respect the error returned from the generic socket recv
    datagram helper.  From Eric Dumazet.

 5) Fix BNA driver firmware loading on big-endian systems, from Ivan
    Vecera.

 6) Fix regression in that we were inheriting the congestion control of
    the listening socket for new connections, the intended behavior
    always was to use the default in this case.  From Neal Cardwell.

 7) Fix NULL deref in brcmfmac driver, from Arend van Spriel.

 8) OTP parsing fix in iwlwifi from Liad Kaufman.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (26 commits)
  vti6: Add pmtu handling to vti6_xmit.
  Revert "net: core: 'ethtool' issue with querying phy settings"
  bnx2x: Move statistics implementation into semaphores
  xen: netback: read hotplug script once at start of day.
  xen: netback: fix printf format string warning
  Revert "netfilter: ensure number of counters is >0 in do_replace()"
  net: dsa: Properly propagate errors from dsa_switch_setup_one
  tcp: fix child sockets to use system default congestion control if not set
  udp: fix behavior of wrong checksums
  sfc: free multiple Rx buffers when required
  bna: fix soft lock-up during firmware initialization failure
  bna: remove unreasonable iocpf timer start
  bna: fix firmware loading on big-endian machines
  bridge: fix br_multicast_query_expired() bug
  via-rhine: Resigning as maintainer
  brcmfmac: avoid null pointer access when brcmf_msgbuf_get_pktid() fails
  mac80211: Fix mac80211.h docbook comments
  iwlwifi: nvm: fix otp parsing in 8000 hw family
  iwlwifi: pcie: fix tracking of cmd_in_flight
  ip_vti/ip6_vti: Preserve skb->mark after rcv_cb call
  ...

15 files changed, 73 insertions, 37 deletions

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index a3abe6ed111e..22fd0419b314 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1822,7 +1822,7 @@ static void br_multicast_query_expired(struct net_bridge *br,
         if (query->startup_sent < br->multicast_startup_query_count)
                 query->startup_sent++;
 
-        RCU_INIT_POINTER(querier, NULL);
+        RCU_INIT_POINTER(querier->port, NULL);
         br_multicast_send_query(br, NULL, query);
         spin_unlock(&br->multicast_lock);
 }
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 24c7c96bf5f8..91180a7fc943 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1117,8 +1117,6 @@ static int do_replace(struct net *net, const void __user *user,
                 return -ENOMEM;
         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
                 return -ENOMEM;
-        if (tmp.num_counters == 0)
-                return -EINVAL;
 
         tmp.name[sizeof(tmp.name) - 1] = 0;
 
@@ -2161,8 +2159,6 @@ static int compat_copy_ebt_replace_from_user(struct ebt_replace *repl,
                 return -ENOMEM;
         if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
                 return -ENOMEM;
-        if (tmp.num_counters == 0)
-                return -EINVAL;
 
         memcpy(repl, &tmp, offsetof(struct ebt_replace, hook_entry));
 
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 1347e11f5cc9..1d00b8922902 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -359,15 +359,7 @@ static int ethtool_get_settings(struct net_device *dev, void __user *useraddr)
         int err;
         struct ethtool_cmd cmd;
 
-        if (!dev->ethtool_ops->get_settings)
-                return -EOPNOTSUPP;
-
-        if (copy_from_user(&cmd, useraddr, sizeof(cmd)))
-                return -EFAULT;
-
-        cmd.cmd = ETHTOOL_GSET;
-
-        err = dev->ethtool_ops->get_settings(dev, &cmd);
+        err = __ethtool_get_settings(dev, &cmd);
         if (err < 0)
                 return err;
 
diff --git a/net/dsa/dsa.c b/net/dsa/dsa.c
index e6f6cc3a1bcf..392e29a0227d 100644
--- a/net/dsa/dsa.c
+++ b/net/dsa/dsa.c
@@ -359,7 +359,7 @@ dsa_switch_setup(struct dsa_switch_tree *dst, int index,
          */
         ds = kzalloc(sizeof(*ds) + drv->priv_size, GFP_KERNEL);
         if (ds == NULL)
-                return NULL;
+                return ERR_PTR(-ENOMEM);
 
         ds->dst = dst;
         ds->index = index;
@@ -370,7 +370,7 @@ dsa_switch_setup(struct dsa_switch_tree *dst, int index,
 
         ret = dsa_switch_setup_one(ds, parent);
         if (ret)
-                return NULL;
+                return ERR_PTR(ret);
 
         return ds;
 }
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 421a80b09b62..30b544f025ac 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -256,7 +256,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
         aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
         aead_givcrypt_set_assoc(req, asg, assoclen);
         aead_givcrypt_set_giv(req, esph->enc_data,
-                              XFRM_SKB_CB(skb)->seq.output.low);
+                              XFRM_SKB_CB(skb)->seq.output.low +
+                              ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
 
         ESP_SKB_CB(skb)->tmp = tmp;
         err = crypto_aead_givencrypt(req);
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 9f7269f3c54a..0c152087ca15 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -65,7 +65,6 @@ static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,
                         goto drop;
 
                 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel;
-                skb->mark = be32_to_cpu(tunnel->parms.i_key);
 
                 return xfrm_input(skb, nexthdr, spi, encap_type);
         }
@@ -91,6 +90,8 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
         struct pcpu_sw_netstats *tstats;
         struct xfrm_state *x;
         struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4;
+        u32 orig_mark = skb->mark;
+        int ret;
 
         if (!tunnel)
                 return 1;
@@ -107,7 +108,11 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
         x = xfrm_input_state(skb);
         family = x->inner_mode->afinfo->family;
 
-        if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family))
+        skb->mark = be32_to_cpu(tunnel->parms.i_key);
+        ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
+        skb->mark = orig_mark;
+
+        if (!ret)
                 return -EPERM;
 
         skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(skb->dev)));
@@ -216,8 +221,6 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
 
         memset(&fl, 0, sizeof(fl));
 
-        skb->mark = be32_to_cpu(tunnel->parms.o_key);
-
         switch (skb->protocol) {
         case htons(ETH_P_IP):
                 xfrm_decode_session(skb, &fl, AF_INET);
@@ -233,6 +236,9 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
                 return NETDEV_TX_OK;
         }
 
+        /* override mark with tunnel output key */
+        fl.flowi_mark = be32_to_cpu(tunnel->parms.o_key);
+
         return vti_xmit(skb, dev, &fl);
 }
 
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index 7a5ae50c80c8..84be008c945c 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -187,6 +187,7 @@ static void tcp_reinit_congestion_control(struct sock *sk,
 
         tcp_cleanup_congestion_control(sk);
         icsk->icsk_ca_ops = ca;
+        icsk->icsk_ca_setsockopt = 1;
 
         if (sk->sk_state != TCP_CLOSE && icsk->icsk_ca_ops->init)
                 icsk->icsk_ca_ops->init(sk);
@@ -335,8 +336,10 @@ int tcp_set_congestion_control(struct sock *sk, const char *name)
         rcu_read_lock();
         ca = __tcp_ca_find_autoload(name);
         /* No change asking for existing value */
-        if (ca == icsk->icsk_ca_ops)
+        if (ca == icsk->icsk_ca_ops) {
+                icsk->icsk_ca_setsockopt = 1;
                 goto out;
+        }
         if (!ca)
                 err = -ENOENT;
         else if (!((ca->flags & TCP_CONG_NON_RESTRICTED) ||
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index b5732a54f2ad..17e7339ee5ca 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -420,7 +420,10 @@ void tcp_ca_openreq_child(struct sock *sk, const struct dst_entry *dst)
                 rcu_read_unlock();
         }
 
-        if (!ca_got_dst && !try_module_get(icsk->icsk_ca_ops->owner))
+        /* If no valid choice made yet, assign current system default ca. */
+        if (!ca_got_dst &&
+            (!icsk->icsk_ca_setsockopt ||
+             !try_module_get(icsk->icsk_ca_ops->owner)))
                 tcp_assign_congestion_control(sk);
 
         tcp_set_ca_state(sk, TCP_CA_Open);
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index d10b7e0112eb..1c92ea67baef 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1345,10 +1345,8 @@ csum_copy_err:
         }
         unlock_sock_fast(sk, slow);
 
-        if (noblock)
-                return -EAGAIN;
-
-        /* starting over for a new packet */
+        /* starting over for a new packet, but check if we need to yield */
+        cond_resched();
         msg->msg_flags &= ~MSG_TRUNC;
         goto try_again;
 }
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 31f1b5d5e2ef..7c07ce36aae2 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -248,7 +248,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
         aead_givcrypt_set_crypt(req, sg, sg, clen, iv);
         aead_givcrypt_set_assoc(req, asg, assoclen);
         aead_givcrypt_set_giv(req, esph->enc_data,
-                              XFRM_SKB_CB(skb)->seq.output.low);
+                              XFRM_SKB_CB(skb)->seq.output.low +
+                              ((u64)XFRM_SKB_CB(skb)->seq.output.hi << 32));
 
         ESP_SKB_CB(skb)->tmp = tmp;
         err = crypto_aead_givencrypt(req);
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index ed9d681207fa..0224c032dca5 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -322,7 +322,6 @@ static int vti6_rcv(struct sk_buff *skb)
                 }
 
                 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t;
-                skb->mark = be32_to_cpu(t->parms.i_key);
 
                 rcu_read_unlock();
 
@@ -342,6 +341,8 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)
         struct pcpu_sw_netstats *tstats;
         struct xfrm_state *x;
         struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
+        u32 orig_mark = skb->mark;
+        int ret;
 
         if (!t)
                 return 1;
@@ -358,7 +359,11 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)
         x = xfrm_input_state(skb);
         family = x->inner_mode->afinfo->family;
 
-        if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family))
+        skb->mark = be32_to_cpu(t->parms.i_key);
+        ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
+        skb->mark = orig_mark;
+
+        if (!ret)
                 return -EPERM;
 
         skb_scrub_packet(skb, !net_eq(t->net, dev_net(skb->dev)));
@@ -430,6 +435,7 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
         struct net_device *tdev;
         struct xfrm_state *x;
         int err = -1;
+        int mtu;
 
         if (!dst)
                 goto tx_err_link_failure;
@@ -463,6 +469,19 @@ vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
         skb_dst_set(skb, dst);
         skb->dev = skb_dst(skb)->dev;
 
+        mtu = dst_mtu(dst);
+        if (!skb->ignore_df && skb->len > mtu) {
+                skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu);
+
+                if (skb->protocol == htons(ETH_P_IPV6))
+                        icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+                else
+                        icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+                                  htonl(mtu));
+
+                return -EMSGSIZE;
+        }
+
         err = dst_output(skb);
         if (net_xmit_eval(err) == 0) {
                 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
@@ -495,7 +514,6 @@ vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
         int ret;
 
         memset(&fl, 0, sizeof(fl));
-        skb->mark = be32_to_cpu(t->parms.o_key);
 
         switch (skb->protocol) {
         case htons(ETH_P_IPV6):
@@ -516,6 +534,9 @@ vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
                 goto tx_err;
         }
 
+        /* override mark with tunnel output key */
+        fl.flowi_mark = be32_to_cpu(t->parms.o_key);
+
         ret = vti6_xmit(skb, dev, &fl);
         if (ret < 0)
                 goto tx_err;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index c2ec41617a35..e51fc3eee6db 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -525,10 +525,8 @@ csum_copy_err:
         }
         unlock_sock_fast(sk, slow);
 
-        if (noblock)
-                return -EAGAIN;
-
-        /* starting over for a new packet */
+        /* starting over for a new packet, but check if we need to yield */
+        cond_resched();
         msg->msg_flags &= ~MSG_TRUNC;
         goto try_again;
 }
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 526c4feb3b50..b58286ecd156 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -13,6 +13,8 @@
 #include <net/dst.h>
 #include <net/ip.h>
 #include <net/xfrm.h>
+#include <net/ip_tunnels.h>
+#include <net/ip6_tunnel.h>
 
 static struct kmem_cache *secpath_cachep __read_mostly;
 
@@ -186,6 +188,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
         struct xfrm_state *x = NULL;
         xfrm_address_t *daddr;
         struct xfrm_mode *inner_mode;
+        u32 mark = skb->mark;
         unsigned int family;
         int decaps = 0;
         int async = 0;
@@ -203,6 +206,18 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                                    XFRM_SPI_SKB_CB(skb)->daddroff);
         family = XFRM_SPI_SKB_CB(skb)->family;
 
+        /* if tunnel is present override skb->mark value with tunnel i_key */
+        if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4) {
+                switch (family) {
+                case AF_INET:
+                        mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4->parms.i_key);
+                        break;
+                case AF_INET6:
+                        mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6->parms.i_key);
+                        break;
+                }
+        }
+
         /* Allocate new secpath or COW existing one. */
         if (!skb->sp || atomic_read(&skb->sp->refcnt) != 1) {
                 struct sec_path *sp;
@@ -229,7 +244,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                         goto drop;
                 }
 
-                x = xfrm_state_lookup(net, skb->mark, daddr, spi, nexthdr, family);
+                x = xfrm_state_lookup(net, mark, daddr, spi, nexthdr, family);
                 if (x == NULL) {
                         XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);
                         xfrm_audit_state_notfound(skb, family, spi, seq);
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index dab57daae408..4fd725a0c500 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -99,6 +99,7 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
 
         if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
                 XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
+                XFRM_SKB_CB(skb)->seq.output.hi = 0;
                 if (unlikely(x->replay.oseq == 0)) {
                         x->replay.oseq--;
                         xfrm_audit_state_replay_overflow(x, skb);
@@ -177,6 +178,7 @@ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
 
         if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
                 XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
+                XFRM_SKB_CB(skb)->seq.output.hi = 0;
                 if (unlikely(replay_esn->oseq == 0)) {
                         replay_esn->oseq--;
                         xfrm_audit_state_replay_overflow(x, skb);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index f5e39e35d73a..96688cd0f6f1 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -927,8 +927,8 @@ struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
                         x->id.spi != spi)
                         continue;
 
-                spin_unlock_bh(&net->xfrm.xfrm_state_lock);
                 xfrm_state_hold(x);
+                spin_unlock_bh(&net->xfrm.xfrm_state_lock);
                 return x;
         }
         spin_unlock_bh(&net->xfrm.xfrm_state_lock);