Merge 4.14.107 into android-4.14-p

Changes in 4.14.107
	ACPICA: Reference Counts: increase max to 0x4000 for large servers
	perf tools: Fix compile error with libunwind x86
	gro_cells: make sure device is up in gro_cells_receive()
	ipv4/route: fail early when inet dev is missing
	l2tp: fix infoleak in l2tp_ip6_recvmsg()
	net: hsr: fix memory leak in hsr_dev_finalize()
	net/hsr: fix possible crash in add_timer()
	net: sit: fix UBSAN Undefined behaviour in check_6rd
	net/x25: fix use-after-free in x25_device_event()
	net/x25: reset state in x25_connect()
	pptp: dst_release sk_dst_cache in pptp_sock_destruct
	ravb: Decrease TxFIFO depth of Q3 and Q2 to one
	route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
	rxrpc: Fix client call queueing, waiting for channel
	tcp: Don't access TCP_SKB_CB before initializing it
	tcp: handle inet_csk_reqsk_queue_add() failures
	vxlan: Fix GRO cells race condition between receive and link delete
	vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
	net/mlx4_core: Fix reset flow when in command polling mode
	net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling
	net/mlx4_core: Fix qp mtt size calculation
	net/x25: fix a race in x25_bind()
	mdio_bus: Fix use-after-free on device_register fails
	net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
	bonding: fix PACKET_ORIGDEV regression
	missing barriers in some of unix_sock ->addr and ->path accesses
	ipvlan: disallow userns cap_net_admin to change global mode/flags
	perf/x86: Fixup typo in stub functions
	ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
	ALSA: firewire-motu: fix construction of PCM frame for capture direction
	perf/x86/intel: Fix memory corruption
	perf/x86/intel: Make dev_attr_allow_tsx_force_abort static
	It's wrong to add len to sector_nr in raid10 reshape twice
	vhost/vsock: fix vhost vsock cid hashing inconsistent
	Linux 4.14.107

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

diff --combined Makefile
index a4d07d23bdbe4f568b5b12ad7b3dee8edda8d55d,e3e2121718a8cd62286b6f764ca5dcc68f21456b..90756a2e8f54c5ad67439e89f0a24d74a062bdf2
--- 1/Makefile
--- 2/Makefile
+++ b/Makefile
@@@ -1,7 -1,7 +1,7 @@@
  # SPDX-License-Identifier: GPL-2.0
  VERSION = 4
  PATCHLEVEL = 14
- SUBLEVEL = 106
+ SUBLEVEL = 107
  EXTRAVERSION =
  NAME = Petit Gorille
  
@@@ -372,7 -372,6 +372,7 @@@ HOST_LOADLIBES := $(HOST_LFS_LIBS
  # Make variables (CC, etc...)
  AS            = $(CROSS_COMPILE)as
  LD            = $(CROSS_COMPILE)ld
 +LDGOLD                = $(CROSS_COMPILE)ld.gold
  CC            = $(CROSS_COMPILE)gcc
  CPP           = $(CC) -E
  AR            = $(CROSS_COMPILE)ar
@@@ -480,8 -479,7 +480,8 @@@ endi
  
  ifeq ($(cc-name),clang)
  ifneq ($(CROSS_COMPILE),)
 -CLANG_FLAGS   := --target=$(notdir $(CROSS_COMPILE:%-=%))
 +CLANG_TRIPLE  ?= $(CROSS_COMPILE)
 +CLANG_FLAGS   := --target=$(notdir $(CLANG_TRIPLE:%-=%))
  GCC_TOOLCHAIN_DIR := $(dir $(shell which $(LD)))
  CLANG_FLAGS   += --prefix=$(GCC_TOOLCHAIN_DIR)
  GCC_TOOLCHAIN := $(realpath $(GCC_TOOLCHAIN_DIR)/..)
@@@ -640,20 -638,6 +640,20 @@@ CFLAGS_GCOV      := -fprofile-arcs -ftest-co
  CFLAGS_KCOV   := $(call cc-option,-fsanitize-coverage=trace-pc,)
  export CFLAGS_GCOV CFLAGS_KCOV
  
 +# Make toolchain changes before including arch/$(SRCARCH)/Makefile to ensure
 +# ar/cc/ld-* macros return correct values.
 +ifdef CONFIG_LTO_CLANG
 +# use GNU gold with LLVMgold for LTO linking, and LD for vmlinux_link
 +LDFINAL_vmlinux := $(LD)
 +LD            := $(LDGOLD)
 +LDFLAGS               += -plugin LLVMgold.so
 +# use llvm-ar for building symbol tables from IR files, and llvm-dis instead
 +# of objdump for processing symbol versions and exports
 +LLVM_AR               := llvm-ar
 +LLVM_DIS      := llvm-dis
 +export LLVM_AR LLVM_DIS
 +endif
 +
  # The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default
  # values of the respective KBUILD_* variables
  ARCH_CPPFLAGS :=
@@@ -734,7 -718,6 +734,7 @@@ KBUILD_CPPFLAGS += $(call cc-option,-Qu
  KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier)
  KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
  KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member)
 +KBUILD_CFLAGS += $(call cc-disable-warning, duplicate-decl-specifier)
  # Quiet clang warning: comparison of unsigned expression < 0 is always false
  KBUILD_CFLAGS += $(call cc-disable-warning, tautological-compare)
  # CLANG uses a _MergedGlobals as optimization, but this breaks modpost, as the
@@@ -810,53 -793,6 +810,53 @@@ KBUILD_CFLAGS    += $(call cc-option,-ffun
  KBUILD_CFLAGS += $(call cc-option,-fdata-sections,)
  endif
  
 +ifdef CONFIG_LTO_CLANG
 +lto-clang-flags       := -flto -fvisibility=hidden
 +
 +# allow disabling only clang LTO where needed
 +DISABLE_LTO_CLANG := -fno-lto -fvisibility=default
 +export DISABLE_LTO_CLANG
 +endif
 +
 +ifdef CONFIG_LTO
 +lto-flags     := $(lto-clang-flags)
 +KBUILD_CFLAGS += $(lto-flags)
 +
 +DISABLE_LTO   := $(DISABLE_LTO_CLANG)
 +export DISABLE_LTO
 +
 +# LDFINAL_vmlinux and LDFLAGS_FINAL_vmlinux can be set to override
 +# the linker and flags for vmlinux_link.
 +export LDFINAL_vmlinux LDFLAGS_FINAL_vmlinux
 +endif
 +
 +ifdef CONFIG_CFI_CLANG
 +cfi-clang-flags       += -fsanitize=cfi
 +DISABLE_CFI_CLANG := -fno-sanitize=cfi
 +ifdef CONFIG_MODULES
 +cfi-clang-flags       += -fsanitize-cfi-cross-dso
 +DISABLE_CFI_CLANG += -fno-sanitize-cfi-cross-dso
 +endif
 +ifdef CONFIG_CFI_PERMISSIVE
 +cfi-clang-flags       += -fsanitize-recover=cfi -fno-sanitize-trap=cfi
 +endif
 +
 +# also disable CFI when LTO is disabled
 +DISABLE_LTO_CLANG += $(DISABLE_CFI_CLANG)
 +# allow disabling only clang CFI where needed
 +export DISABLE_CFI_CLANG
 +endif
 +
 +ifdef CONFIG_CFI
 +# cfi-flags are re-tested in prepare-compiler-check
 +cfi-flags     := $(cfi-clang-flags)
 +KBUILD_CFLAGS += $(cfi-flags)
 +
 +DISABLE_CFI   := $(DISABLE_CFI_CLANG)
 +DISABLE_LTO   += $(DISABLE_CFI)
 +export DISABLE_CFI
 +endif
 +
  # arch Makefile may override CC so keep this after arch Makefile is included
  NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
  CHECKFLAGS     += $(NOSTDINC_FLAGS)
@@@ -1180,22 -1116,6 +1180,22 @@@ endi
  # CC_STACKPROTECTOR_STRONG! Why did it build with _REGULAR?!")
  PHONY += prepare-compiler-check
  prepare-compiler-check: FORCE
 +# Make sure we're using a supported toolchain with LTO_CLANG
 +ifdef CONFIG_LTO_CLANG
 +  ifneq ($(call clang-ifversion, -ge, 0500, y), y)
 +      @echo Cannot use CONFIG_LTO_CLANG: requires clang 5.0 or later >&2 && exit 1
 +  endif
 +  ifneq ($(call gold-ifversion, -ge, 112000000, y), y)
 +      @echo Cannot use CONFIG_LTO_CLANG: requires GNU gold 1.12 or later >&2 && exit 1
 +  endif
 +endif
 +# Make sure compiler supports LTO flags
 +ifdef lto-flags
 +  ifeq ($(call cc-option, $(lto-flags)),)
 +      @echo Cannot use CONFIG_LTO: $(lto-flags) not supported by compiler \
 +              >&2 && exit 1
 +  endif
 +endif
  # Make sure compiler supports requested stack protector flag.
  ifdef stackp-name
    ifeq ($(call cc-option, $(stackp-flag)),)
@@@ -1209,11 -1129,6 +1209,11 @@@ ifdef stackp-chec
        @echo Cannot use CONFIG_CC_STACKPROTECTOR_$(stackp-name): \
                    $(stackp-flag) available but compiler is broken >&2 && exit 1
    endif
 +endif
 +ifdef cfi-flags
 +  ifeq ($(call cc-option, $(cfi-flags)),)
 +      @echo Cannot use CONFIG_CFI: $(cfi-flags) not supported by compiler >&2 && exit 1
 +  endif
  endif
        @:
  
@@@ -1674,8 -1589,7 +1674,8 @@@ clean: $(clean-dirs
                -o -name modules.builtin -o -name '.tmp_*.o.*' \
                -o -name '*.c.[012]*.*' \
                -o -name '*.ll' \
 -              -o -name '*.gcno' \) -type f -print | xargs rm -f
 +              -o -name '*.gcno' \
 +              -o -name '*.*.symversions' \) -type f -print | xargs rm -f
  
  # Generate tags for editors
  # ---------------------------------------------------------------------------

diff --combined net/ipv4/tcp_input.c
index ccd94e4f13286314e8cd13f29685b9d3cd7423e2,c8227e07d574fd522d37ae5c1c5c3ef6c76cca9c..44c0b07314cb19e95a19302fe06965ec15d00d60
--- 1/net/ipv4/tcp_input.c
--- 2/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@@ -95,7 -95,6 +95,7 @@@ int sysctl_tcp_min_rtt_wlen __read_most
  int sysctl_tcp_moderate_rcvbuf __read_mostly = 1;
  int sysctl_tcp_early_retrans __read_mostly = 3;
  int sysctl_tcp_invalid_ratelimit __read_mostly = HZ/2;
 +int sysctl_tcp_default_init_rwnd __read_mostly = TCP_INIT_CWND * 2;
  
  #define FLAG_DATA             0x01 /* Incoming frame contained data.          */
  #define FLAG_WIN_UPDATE               0x02 /* Incoming ACK was a window update.       */
@@@ -6407,7 -6406,13 +6407,13 @@@ int tcp_conn_request(struct request_soc
                af_ops->send_synack(fastopen_sk, dst, &fl, req,
                                    &foc, TCP_SYNACK_FASTOPEN);
                /* Add the child socket directly into the accept queue */
-               inet_csk_reqsk_queue_add(sk, req, fastopen_sk);
+               if (!inet_csk_reqsk_queue_add(sk, req, fastopen_sk)) {
+                       reqsk_fastopen_remove(fastopen_sk, req, false);
+                       bh_unlock_sock(fastopen_sk);
+                       sock_put(fastopen_sk);
+                       reqsk_put(req);
+                       goto drop;
+               }
                sk->sk_data_ready(sk);
                bh_unlock_sock(fastopen_sk);
                sock_put(fastopen_sk);

diff --combined net/ipv6/route.c
index 9c40005b2967235f8eec6092c62010eea4654687,00f8fe8cebd50903e29359c532da5d41147b41fa..56624b974d3128cac0e839f592e21d5168511f98
--- 1/net/ipv6/route.c
--- 2/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@@ -2510,7 -2510,8 +2510,7 @@@ static struct rt6_info *rt6_get_route_i
                                           const struct in6_addr *gwaddr,
                                           struct net_device *dev)
  {
 -      u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO;
 -      int ifindex = dev->ifindex;
 +      u32 tb_id = l3mdev_fib_table(dev) ? : addrconf_rt_table(dev, RT6_TABLE_INFO);
        struct fib6_node *fn;
        struct rt6_info *rt = NULL;
        struct fib6_table *table;
@@@ -2525,7 -2526,7 +2525,7 @@@
                goto out;
  
        for (rt = fn->leaf; rt; rt = rt->dst.rt6_next) {
 -              if (rt->dst.dev->ifindex != ifindex)
 +              if (rt->dst.dev->ifindex != dev->ifindex)
                        continue;
                if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY))
                        continue;
@@@ -2557,7 -2558,7 +2557,7 @@@ static struct rt6_info *rt6_add_route_i
                .fc_nlinfo.nl_net = net,
        };
  
 -      cfg.fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_INFO,
 +      cfg.fc_table = l3mdev_fib_table(dev) ? : addrconf_rt_table(dev, RT6_TABLE_INFO),
        cfg.fc_dst = *prefix;
        cfg.fc_gateway = *gwaddr;
  
@@@ -2573,7 -2574,7 +2573,7 @@@
  
  struct rt6_info *rt6_get_dflt_router(const struct in6_addr *addr, struct net_device *dev)
  {
 -      u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT;
 +      u32 tb_id = l3mdev_fib_table(dev) ? : addrconf_rt_table(dev, RT6_TABLE_MAIN);
        struct rt6_info *rt;
        struct fib6_table *table;
  
@@@ -2599,7 -2600,7 +2599,7 @@@ struct rt6_info *rt6_add_dflt_router(co
                                     unsigned int pref)
  {
        struct fib6_config cfg = {
 -              .fc_table       = l3mdev_fib_table(dev) ? : RT6_TABLE_DFLT,
 +              .fc_table       = l3mdev_fib_table(dev) ? : addrconf_rt_table(dev, RT6_TABLE_DFLT),
                .fc_metric      = IP6_RT_PRIO_USER,
                .fc_ifindex     = dev->ifindex,
                .fc_flags       = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
@@@ -2623,16 -2624,43 +2623,16 @@@
        return rt6_get_dflt_router(gwaddr, dev);
  }
  
 -static void __rt6_purge_dflt_routers(struct fib6_table *table)
 -{
 -      struct rt6_info *rt;
 -
 -restart:
 -      read_lock_bh(&table->tb6_lock);
 -      for (rt = table->tb6_root.leaf; rt; rt = rt->dst.rt6_next) {
 -              if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
 -                  (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2)) {
 -                      dst_hold(&rt->dst);
 -                      read_unlock_bh(&table->tb6_lock);
 -                      ip6_del_rt(rt);
 -                      goto restart;
 -              }
 -      }
 -      read_unlock_bh(&table->tb6_lock);
 -
 -      table->flags &= ~RT6_TABLE_HAS_DFLT_ROUTER;
 +int rt6_addrconf_purge(struct rt6_info *rt, void *arg) {
 +      if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF) &&
 +          (!rt->rt6i_idev || rt->rt6i_idev->cnf.accept_ra != 2))
 +              return -1;
 +      return 0;
  }
  
  void rt6_purge_dflt_routers(struct net *net)
  {
 -      struct fib6_table *table;
 -      struct hlist_head *head;
 -      unsigned int h;
 -
 -      rcu_read_lock();
 -
 -      for (h = 0; h < FIB6_TABLE_HASHSZ; h++) {
 -              head = &net->ipv6.fib_table_hash[h];
 -              hlist_for_each_entry_rcu(table, head, tb6_hlist) {
 -                      if (table->flags & RT6_TABLE_HAS_DFLT_ROUTER)
 -                              __rt6_purge_dflt_routers(table);
 -              }
 -      }
 -
 -      rcu_read_unlock();
 +      fib6_clean_all(net, rt6_addrconf_purge, NULL);
  }
  
  static void rtmsg_to_fib6_config(struct net *net,
@@@ -3467,7 -3495,7 +3467,7 @@@ static int rt6_fill_node(struct net *ne
                table = rt->rt6i_table->tb6_id;
        else
                table = RT6_TABLE_UNSPEC;
-       rtm->rtm_table = table;
+       rtm->rtm_table = table < 256 ? table : RT_TABLE_COMPAT;
        if (nla_put_u32(skb, RTA_TABLE, table))
                goto nla_put_failure;
        if (rt->rt6i_flags & RTF_REJECT) {