Contents of /trunk/kernel-alx-legacy/patches-4.9/0124-4.9.25-all-fixes.patch
Parent Directory | Revision Log
Revision 3608 -
(show annotations)
(download)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 25435 byte(s)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 25435 byte(s)
-added kerenl-alx-legacy pkg
1 | diff --git a/Makefile b/Makefile |
2 | index 50436f502d81..8e18c63388c4 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 24 |
9 | +SUBLEVEL = 25 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S |
14 | index 6432d4bf08c8..767ef6d68c9e 100644 |
15 | --- a/arch/powerpc/kernel/entry_64.S |
16 | +++ b/arch/powerpc/kernel/entry_64.S |
17 | @@ -689,7 +689,7 @@ resume_kernel: |
18 | |
19 | addi r8,r1,INT_FRAME_SIZE /* Get the kprobed function entry */ |
20 | |
21 | - lwz r3,GPR1(r1) |
22 | + ld r3,GPR1(r1) |
23 | subi r3,r3,INT_FRAME_SIZE /* dst: Allocate a trampoline exception frame */ |
24 | mr r4,r1 /* src: current exception frame */ |
25 | mr r1,r3 /* Reroute the trampoline frame to r1 */ |
26 | @@ -703,8 +703,8 @@ resume_kernel: |
27 | addi r6,r6,8 |
28 | bdnz 2b |
29 | |
30 | - /* Do real store operation to complete stwu */ |
31 | - lwz r5,GPR1(r1) |
32 | + /* Do real store operation to complete stdu */ |
33 | + ld r5,GPR1(r1) |
34 | std r8,0(r5) |
35 | |
36 | /* Clear _TIF_EMULATE_STACK_STORE flag */ |
37 | diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h |
38 | index 0362cd5fa187..0cea7026e4ff 100644 |
39 | --- a/arch/s390/include/asm/pgtable.h |
40 | +++ b/arch/s390/include/asm/pgtable.h |
41 | @@ -1029,6 +1029,8 @@ int get_guest_storage_key(struct mm_struct *mm, unsigned long addr, |
42 | static inline void set_pte_at(struct mm_struct *mm, unsigned long addr, |
43 | pte_t *ptep, pte_t entry) |
44 | { |
45 | + if (pte_present(entry)) |
46 | + pte_val(entry) &= ~_PAGE_UNUSED; |
47 | if (mm_has_pgste(mm)) |
48 | ptep_set_pte_at(mm, addr, ptep, entry); |
49 | else |
50 | diff --git a/arch/x86/kernel/cpu/mcheck/mce-genpool.c b/arch/x86/kernel/cpu/mcheck/mce-genpool.c |
51 | index 93d824ec3120..040af1939460 100644 |
52 | --- a/arch/x86/kernel/cpu/mcheck/mce-genpool.c |
53 | +++ b/arch/x86/kernel/cpu/mcheck/mce-genpool.c |
54 | @@ -85,7 +85,7 @@ void mce_gen_pool_process(void) |
55 | head = llist_reverse_order(head); |
56 | llist_for_each_entry_safe(node, tmp, head, llnode) { |
57 | mce = &node->mce; |
58 | - atomic_notifier_call_chain(&x86_mce_decoder_chain, 0, mce); |
59 | + blocking_notifier_call_chain(&x86_mce_decoder_chain, 0, mce); |
60 | gen_pool_free(mce_evt_pool, (unsigned long)node, sizeof(*node)); |
61 | } |
62 | } |
63 | diff --git a/arch/x86/kernel/cpu/mcheck/mce-internal.h b/arch/x86/kernel/cpu/mcheck/mce-internal.h |
64 | index cd74a3f00aea..de20902ecf23 100644 |
65 | --- a/arch/x86/kernel/cpu/mcheck/mce-internal.h |
66 | +++ b/arch/x86/kernel/cpu/mcheck/mce-internal.h |
67 | @@ -13,7 +13,7 @@ enum severity_level { |
68 | MCE_PANIC_SEVERITY, |
69 | }; |
70 | |
71 | -extern struct atomic_notifier_head x86_mce_decoder_chain; |
72 | +extern struct blocking_notifier_head x86_mce_decoder_chain; |
73 | |
74 | #define ATTR_LEN 16 |
75 | #define INITIAL_CHECK_INTERVAL 5 * 60 /* 5 minutes */ |
76 | diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c |
77 | index a7fdf453d895..22cda29d654e 100644 |
78 | --- a/arch/x86/kernel/cpu/mcheck/mce.c |
79 | +++ b/arch/x86/kernel/cpu/mcheck/mce.c |
80 | @@ -120,7 +120,7 @@ static void (*quirk_no_way_out)(int bank, struct mce *m, struct pt_regs *regs); |
81 | * CPU/chipset specific EDAC code can register a notifier call here to print |
82 | * MCE errors in a human-readable form. |
83 | */ |
84 | -ATOMIC_NOTIFIER_HEAD(x86_mce_decoder_chain); |
85 | +BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain); |
86 | |
87 | /* Do initial initialization of a struct mce */ |
88 | void mce_setup(struct mce *m) |
89 | @@ -213,13 +213,13 @@ void mce_register_decode_chain(struct notifier_block *nb) |
90 | if (nb != &mce_srao_nb && nb->priority == INT_MAX) |
91 | nb->priority -= 1; |
92 | |
93 | - atomic_notifier_chain_register(&x86_mce_decoder_chain, nb); |
94 | + blocking_notifier_chain_register(&x86_mce_decoder_chain, nb); |
95 | } |
96 | EXPORT_SYMBOL_GPL(mce_register_decode_chain); |
97 | |
98 | void mce_unregister_decode_chain(struct notifier_block *nb) |
99 | { |
100 | - atomic_notifier_chain_unregister(&x86_mce_decoder_chain, nb); |
101 | + blocking_notifier_chain_unregister(&x86_mce_decoder_chain, nb); |
102 | } |
103 | EXPORT_SYMBOL_GPL(mce_unregister_decode_chain); |
104 | |
105 | @@ -272,8 +272,6 @@ struct mca_msr_regs msr_ops = { |
106 | |
107 | static void print_mce(struct mce *m) |
108 | { |
109 | - int ret = 0; |
110 | - |
111 | pr_emerg(HW_ERR "CPU %d: Machine Check Exception: %Lx Bank %d: %016Lx\n", |
112 | m->extcpu, m->mcgstatus, m->bank, m->status); |
113 | |
114 | @@ -309,14 +307,6 @@ static void print_mce(struct mce *m) |
115 | m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid, |
116 | cpu_data(m->extcpu).microcode); |
117 | |
118 | - /* |
119 | - * Print out human-readable details about the MCE error, |
120 | - * (if the CPU has an implementation for that) |
121 | - */ |
122 | - ret = atomic_notifier_call_chain(&x86_mce_decoder_chain, 0, m); |
123 | - if (ret == NOTIFY_STOP) |
124 | - return; |
125 | - |
126 | pr_emerg_ratelimited(HW_ERR "Run the above through 'mcelog --ascii'\n"); |
127 | } |
128 | |
129 | diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
130 | index 9b5403462936..3dfca7b302dc 100644 |
131 | --- a/arch/x86/kernel/cpu/mcheck/mce_amd.c |
132 | +++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
133 | @@ -59,7 +59,7 @@ static const char * const th_names[] = { |
134 | "load_store", |
135 | "insn_fetch", |
136 | "combined_unit", |
137 | - "", |
138 | + "decode_unit", |
139 | "northbridge", |
140 | "execution_unit", |
141 | }; |
142 | diff --git a/drivers/acpi/power.c b/drivers/acpi/power.c |
143 | index fcd4ce6f78d5..1c2b846c5776 100644 |
144 | --- a/drivers/acpi/power.c |
145 | +++ b/drivers/acpi/power.c |
146 | @@ -200,6 +200,7 @@ static int acpi_power_get_list_state(struct list_head *list, int *state) |
147 | return -EINVAL; |
148 | |
149 | /* The state of the list is 'on' IFF all resources are 'on'. */ |
150 | + cur_state = 0; |
151 | list_for_each_entry(entry, list, node) { |
152 | struct acpi_power_resource *resource = entry->resource; |
153 | acpi_handle handle = resource->device.handle; |
154 | diff --git a/drivers/dax/Kconfig b/drivers/dax/Kconfig |
155 | index 3e2ab3b14eea..9e95bf94eb13 100644 |
156 | --- a/drivers/dax/Kconfig |
157 | +++ b/drivers/dax/Kconfig |
158 | @@ -2,6 +2,7 @@ menuconfig DEV_DAX |
159 | tristate "DAX: direct access to differentiated memory" |
160 | default m if NVDIMM_DAX |
161 | depends on TRANSPARENT_HUGEPAGE |
162 | + select SRCU |
163 | help |
164 | Support raw access to differentiated (persistence, bandwidth, |
165 | latency...) memory via an mmap(2) capable character |
166 | diff --git a/drivers/dax/dax.c b/drivers/dax/dax.c |
167 | index 152552d2c306..193224889e41 100644 |
168 | --- a/drivers/dax/dax.c |
169 | +++ b/drivers/dax/dax.c |
170 | @@ -24,6 +24,7 @@ |
171 | #include "dax.h" |
172 | |
173 | static dev_t dax_devt; |
174 | +DEFINE_STATIC_SRCU(dax_srcu); |
175 | static struct class *dax_class; |
176 | static DEFINE_IDA(dax_minor_ida); |
177 | static int nr_dax = CONFIG_NR_DEV_DAX; |
178 | @@ -59,7 +60,7 @@ struct dax_region { |
179 | * @region - parent region |
180 | * @dev - device backing the character device |
181 | * @cdev - core chardev data |
182 | - * @alive - !alive + rcu grace period == no new mappings can be established |
183 | + * @alive - !alive + srcu grace period == no new mappings can be established |
184 | * @id - child id in the region |
185 | * @num_resources - number of physical address extents in this device |
186 | * @res - array of physical address ranges |
187 | @@ -437,7 +438,7 @@ static int __dax_dev_pmd_fault(struct dax_dev *dax_dev, |
188 | static int dax_dev_pmd_fault(struct vm_area_struct *vma, unsigned long addr, |
189 | pmd_t *pmd, unsigned int flags) |
190 | { |
191 | - int rc; |
192 | + int rc, id; |
193 | struct file *filp = vma->vm_file; |
194 | struct dax_dev *dax_dev = filp->private_data; |
195 | |
196 | @@ -445,9 +446,9 @@ static int dax_dev_pmd_fault(struct vm_area_struct *vma, unsigned long addr, |
197 | current->comm, (flags & FAULT_FLAG_WRITE) |
198 | ? "write" : "read", vma->vm_start, vma->vm_end); |
199 | |
200 | - rcu_read_lock(); |
201 | + id = srcu_read_lock(&dax_srcu); |
202 | rc = __dax_dev_pmd_fault(dax_dev, vma, addr, pmd, flags); |
203 | - rcu_read_unlock(); |
204 | + srcu_read_unlock(&dax_srcu, id); |
205 | |
206 | return rc; |
207 | } |
208 | @@ -563,11 +564,11 @@ static void unregister_dax_dev(void *dev) |
209 | * Note, rcu is not protecting the liveness of dax_dev, rcu is |
210 | * ensuring that any fault handlers that might have seen |
211 | * dax_dev->alive == true, have completed. Any fault handlers |
212 | - * that start after synchronize_rcu() has started will abort |
213 | + * that start after synchronize_srcu() has started will abort |
214 | * upon seeing dax_dev->alive == false. |
215 | */ |
216 | dax_dev->alive = false; |
217 | - synchronize_rcu(); |
218 | + synchronize_srcu(&dax_srcu); |
219 | unmap_mapping_range(dax_dev->inode->i_mapping, 0, 0, 1); |
220 | cdev_del(cdev); |
221 | device_unregister(dev); |
222 | diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c |
223 | index db7d1d666ac1..7826994c45bf 100644 |
224 | --- a/drivers/input/mouse/elantech.c |
225 | +++ b/drivers/input/mouse/elantech.c |
226 | @@ -1118,6 +1118,7 @@ static int elantech_get_resolution_v4(struct psmouse *psmouse, |
227 | * Asus UX32VD 0x361f02 00, 15, 0e clickpad |
228 | * Avatar AVIU-145A2 0x361f00 ? clickpad |
229 | * Fujitsu LIFEBOOK E544 0x470f00 d0, 12, 09 2 hw buttons |
230 | + * Fujitsu LIFEBOOK E547 0x470f00 50, 12, 09 2 hw buttons |
231 | * Fujitsu LIFEBOOK E554 0x570f01 40, 14, 0c 2 hw buttons |
232 | * Fujitsu T725 0x470f01 05, 12, 09 2 hw buttons |
233 | * Fujitsu H730 0x570f00 c0, 14, 0c 3 hw buttons (**) |
234 | @@ -1524,6 +1525,13 @@ static const struct dmi_system_id elantech_dmi_force_crc_enabled[] = { |
235 | }, |
236 | }, |
237 | { |
238 | + /* Fujitsu LIFEBOOK E547 does not work with crc_enabled == 0 */ |
239 | + .matches = { |
240 | + DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"), |
241 | + DMI_MATCH(DMI_PRODUCT_NAME, "LIFEBOOK E547"), |
242 | + }, |
243 | + }, |
244 | + { |
245 | /* Fujitsu LIFEBOOK E554 does not work with crc_enabled == 0 */ |
246 | .matches = { |
247 | DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"), |
248 | diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c |
249 | index 7123ef96ed18..445fc47dc3e7 100644 |
250 | --- a/drivers/mmc/host/sdhci-esdhc-imx.c |
251 | +++ b/drivers/mmc/host/sdhci-esdhc-imx.c |
252 | @@ -830,6 +830,7 @@ static int esdhc_change_pinstate(struct sdhci_host *host, |
253 | |
254 | switch (uhs) { |
255 | case MMC_TIMING_UHS_SDR50: |
256 | + case MMC_TIMING_UHS_DDR50: |
257 | pinctrl = imx_data->pins_100mhz; |
258 | break; |
259 | case MMC_TIMING_UHS_SDR104: |
260 | diff --git a/drivers/mtd/ubi/upd.c b/drivers/mtd/ubi/upd.c |
261 | index 0134ba32a057..39712560b4c1 100644 |
262 | --- a/drivers/mtd/ubi/upd.c |
263 | +++ b/drivers/mtd/ubi/upd.c |
264 | @@ -148,11 +148,11 @@ int ubi_start_update(struct ubi_device *ubi, struct ubi_volume *vol, |
265 | return err; |
266 | } |
267 | |
268 | - if (bytes == 0) { |
269 | - err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL); |
270 | - if (err) |
271 | - return err; |
272 | + err = ubi_wl_flush(ubi, UBI_ALL, UBI_ALL); |
273 | + if (err) |
274 | + return err; |
275 | |
276 | + if (bytes == 0) { |
277 | err = clear_update_marker(ubi, vol, 0); |
278 | if (err) |
279 | return err; |
280 | diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h |
281 | index 203287f86525..94661cf77ae8 100644 |
282 | --- a/fs/cifs/cifsglob.h |
283 | +++ b/fs/cifs/cifsglob.h |
284 | @@ -930,7 +930,6 @@ struct cifs_tcon { |
285 | bool use_persistent:1; /* use persistent instead of durable handles */ |
286 | #ifdef CONFIG_CIFS_SMB2 |
287 | bool print:1; /* set if connection to printer share */ |
288 | - bool bad_network_name:1; /* set if ret status STATUS_BAD_NETWORK_NAME */ |
289 | __le32 capabilities; |
290 | __u32 share_flags; |
291 | __u32 maximal_access; |
292 | diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c |
293 | index fc537c29044e..87b87e091e8e 100644 |
294 | --- a/fs/cifs/smb1ops.c |
295 | +++ b/fs/cifs/smb1ops.c |
296 | @@ -1015,6 +1015,15 @@ cifs_dir_needs_close(struct cifsFileInfo *cfile) |
297 | return !cfile->srch_inf.endOfSearch && !cfile->invalidHandle; |
298 | } |
299 | |
300 | +static bool |
301 | +cifs_can_echo(struct TCP_Server_Info *server) |
302 | +{ |
303 | + if (server->tcpStatus == CifsGood) |
304 | + return true; |
305 | + |
306 | + return false; |
307 | +} |
308 | + |
309 | struct smb_version_operations smb1_operations = { |
310 | .send_cancel = send_nt_cancel, |
311 | .compare_fids = cifs_compare_fids, |
312 | @@ -1049,6 +1058,7 @@ struct smb_version_operations smb1_operations = { |
313 | .get_dfs_refer = CIFSGetDFSRefer, |
314 | .qfs_tcon = cifs_qfs_tcon, |
315 | .is_path_accessible = cifs_is_path_accessible, |
316 | + .can_echo = cifs_can_echo, |
317 | .query_path_info = cifs_query_path_info, |
318 | .query_file_info = cifs_query_file_info, |
319 | .get_srv_inum = cifs_get_srv_inum, |
320 | diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c |
321 | index 7080dac3592c..802185386851 100644 |
322 | --- a/fs/cifs/smb2pdu.c |
323 | +++ b/fs/cifs/smb2pdu.c |
324 | @@ -1084,9 +1084,6 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, |
325 | else |
326 | return -EIO; |
327 | |
328 | - if (tcon && tcon->bad_network_name) |
329 | - return -ENOENT; |
330 | - |
331 | if ((tcon && tcon->seal) && |
332 | ((ses->server->capabilities & SMB2_GLOBAL_CAP_ENCRYPTION) == 0)) { |
333 | cifs_dbg(VFS, "encryption requested but no server support"); |
334 | @@ -1188,8 +1185,6 @@ SMB2_tcon(const unsigned int xid, struct cifs_ses *ses, const char *tree, |
335 | tcon_error_exit: |
336 | if (rsp->hdr.Status == STATUS_BAD_NETWORK_NAME) { |
337 | cifs_dbg(VFS, "BAD_NETWORK_NAME: %s\n", tree); |
338 | - if (tcon) |
339 | - tcon->bad_network_name = true; |
340 | } |
341 | goto tcon_exit; |
342 | } |
343 | diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c |
344 | index ca16c5d7bab1..87ab02e2d666 100644 |
345 | --- a/fs/ubifs/dir.c |
346 | +++ b/fs/ubifs/dir.c |
347 | @@ -622,6 +622,11 @@ static int ubifs_link(struct dentry *old_dentry, struct inode *dir, |
348 | return err; |
349 | |
350 | lock_2_inodes(dir, inode); |
351 | + |
352 | + /* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */ |
353 | + if (inode->i_nlink == 0) |
354 | + ubifs_delete_orphan(c, inode->i_ino); |
355 | + |
356 | inc_nlink(inode); |
357 | ihold(inode); |
358 | inode->i_ctime = ubifs_current_time(inode); |
359 | @@ -641,6 +646,8 @@ static int ubifs_link(struct dentry *old_dentry, struct inode *dir, |
360 | dir->i_size -= sz_change; |
361 | dir_ui->ui_size = dir->i_size; |
362 | drop_nlink(inode); |
363 | + if (inode->i_nlink == 0) |
364 | + ubifs_add_orphan(c, inode->i_ino); |
365 | unlock_2_inodes(dir, inode); |
366 | ubifs_release_budget(c, &req); |
367 | iput(inode); |
368 | @@ -1088,9 +1095,6 @@ static int do_rename(struct inode *old_dir, struct dentry *old_dentry, |
369 | struct timespec time; |
370 | unsigned int uninitialized_var(saved_nlink); |
371 | |
372 | - if (flags & ~RENAME_NOREPLACE) |
373 | - return -EINVAL; |
374 | - |
375 | /* |
376 | * Budget request settings: deletion direntry, new direntry, removing |
377 | * the old inode, and changing old and new parent directory inodes. |
378 | diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
379 | index f30847af7310..f5c016e8fc88 100644 |
380 | --- a/kernel/trace/ring_buffer.c |
381 | +++ b/kernel/trace/ring_buffer.c |
382 | @@ -3435,11 +3435,23 @@ EXPORT_SYMBOL_GPL(ring_buffer_iter_reset); |
383 | int ring_buffer_iter_empty(struct ring_buffer_iter *iter) |
384 | { |
385 | struct ring_buffer_per_cpu *cpu_buffer; |
386 | + struct buffer_page *reader; |
387 | + struct buffer_page *head_page; |
388 | + struct buffer_page *commit_page; |
389 | + unsigned commit; |
390 | |
391 | cpu_buffer = iter->cpu_buffer; |
392 | |
393 | - return iter->head_page == cpu_buffer->commit_page && |
394 | - iter->head == rb_commit_index(cpu_buffer); |
395 | + /* Remember, trace recording is off when iterator is in use */ |
396 | + reader = cpu_buffer->reader_page; |
397 | + head_page = cpu_buffer->head_page; |
398 | + commit_page = cpu_buffer->commit_page; |
399 | + commit = rb_page_commit(commit_page); |
400 | + |
401 | + return ((iter->head_page == commit_page && iter->head == commit) || |
402 | + (iter->head_page == reader && commit_page == head_page && |
403 | + head_page->read == commit && |
404 | + iter->head == rb_page_commit(cpu_buffer->reader_page))); |
405 | } |
406 | EXPORT_SYMBOL_GPL(ring_buffer_iter_empty); |
407 | |
408 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
409 | index 862bc8805d97..83c60f9013cb 100644 |
410 | --- a/kernel/trace/trace.c |
411 | +++ b/kernel/trace/trace.c |
412 | @@ -6481,11 +6481,13 @@ ftrace_trace_snapshot_callback(struct ftrace_hash *hash, |
413 | return ret; |
414 | |
415 | out_reg: |
416 | - ret = register_ftrace_function_probe(glob, ops, count); |
417 | + ret = alloc_snapshot(&global_trace); |
418 | + if (ret < 0) |
419 | + goto out; |
420 | |
421 | - if (ret >= 0) |
422 | - alloc_snapshot(&global_trace); |
423 | + ret = register_ftrace_function_probe(glob, ops, count); |
424 | |
425 | + out: |
426 | return ret < 0 ? ret : 0; |
427 | } |
428 | |
429 | diff --git a/mm/migrate.c b/mm/migrate.c |
430 | index 66ce6b490b13..6850f62998cd 100644 |
431 | --- a/mm/migrate.c |
432 | +++ b/mm/migrate.c |
433 | @@ -183,9 +183,9 @@ void putback_movable_pages(struct list_head *l) |
434 | unlock_page(page); |
435 | put_page(page); |
436 | } else { |
437 | - putback_lru_page(page); |
438 | dec_node_page_state(page, NR_ISOLATED_ANON + |
439 | page_is_file_cache(page)); |
440 | + putback_lru_page(page); |
441 | } |
442 | } |
443 | } |
444 | diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c |
445 | index a697ddf56334..acaaf616da71 100644 |
446 | --- a/net/mac80211/rx.c |
447 | +++ b/net/mac80211/rx.c |
448 | @@ -208,6 +208,51 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local, |
449 | return len; |
450 | } |
451 | |
452 | +static void ieee80211_handle_mu_mimo_mon(struct ieee80211_sub_if_data *sdata, |
453 | + struct sk_buff *skb, |
454 | + int rtap_vendor_space) |
455 | +{ |
456 | + struct { |
457 | + struct ieee80211_hdr_3addr hdr; |
458 | + u8 category; |
459 | + u8 action_code; |
460 | + } __packed action; |
461 | + |
462 | + if (!sdata) |
463 | + return; |
464 | + |
465 | + BUILD_BUG_ON(sizeof(action) != IEEE80211_MIN_ACTION_SIZE + 1); |
466 | + |
467 | + if (skb->len < rtap_vendor_space + sizeof(action) + |
468 | + VHT_MUMIMO_GROUPS_DATA_LEN) |
469 | + return; |
470 | + |
471 | + if (!is_valid_ether_addr(sdata->u.mntr.mu_follow_addr)) |
472 | + return; |
473 | + |
474 | + skb_copy_bits(skb, rtap_vendor_space, &action, sizeof(action)); |
475 | + |
476 | + if (!ieee80211_is_action(action.hdr.frame_control)) |
477 | + return; |
478 | + |
479 | + if (action.category != WLAN_CATEGORY_VHT) |
480 | + return; |
481 | + |
482 | + if (action.action_code != WLAN_VHT_ACTION_GROUPID_MGMT) |
483 | + return; |
484 | + |
485 | + if (!ether_addr_equal(action.hdr.addr1, sdata->u.mntr.mu_follow_addr)) |
486 | + return; |
487 | + |
488 | + skb = skb_copy(skb, GFP_ATOMIC); |
489 | + if (!skb) |
490 | + return; |
491 | + |
492 | + skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME; |
493 | + skb_queue_tail(&sdata->skb_queue, skb); |
494 | + ieee80211_queue_work(&sdata->local->hw, &sdata->work); |
495 | +} |
496 | + |
497 | /* |
498 | * ieee80211_add_rx_radiotap_header - add radiotap header |
499 | * |
500 | @@ -515,7 +560,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, |
501 | struct net_device *prev_dev = NULL; |
502 | int present_fcs_len = 0; |
503 | unsigned int rtap_vendor_space = 0; |
504 | - struct ieee80211_mgmt *mgmt; |
505 | struct ieee80211_sub_if_data *monitor_sdata = |
506 | rcu_dereference(local->monitor_sdata); |
507 | |
508 | @@ -553,6 +597,8 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, |
509 | return remove_monitor_info(local, origskb, rtap_vendor_space); |
510 | } |
511 | |
512 | + ieee80211_handle_mu_mimo_mon(monitor_sdata, origskb, rtap_vendor_space); |
513 | + |
514 | /* room for the radiotap header based on driver features */ |
515 | rt_hdrlen = ieee80211_rx_radiotap_hdrlen(local, status, origskb); |
516 | needed_headroom = rt_hdrlen - rtap_vendor_space; |
517 | @@ -618,23 +664,6 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb, |
518 | ieee80211_rx_stats(sdata->dev, skb->len); |
519 | } |
520 | |
521 | - mgmt = (void *)skb->data; |
522 | - if (monitor_sdata && |
523 | - skb->len >= IEEE80211_MIN_ACTION_SIZE + 1 + VHT_MUMIMO_GROUPS_DATA_LEN && |
524 | - ieee80211_is_action(mgmt->frame_control) && |
525 | - mgmt->u.action.category == WLAN_CATEGORY_VHT && |
526 | - mgmt->u.action.u.vht_group_notif.action_code == WLAN_VHT_ACTION_GROUPID_MGMT && |
527 | - is_valid_ether_addr(monitor_sdata->u.mntr.mu_follow_addr) && |
528 | - ether_addr_equal(mgmt->da, monitor_sdata->u.mntr.mu_follow_addr)) { |
529 | - struct sk_buff *mu_skb = skb_copy(skb, GFP_ATOMIC); |
530 | - |
531 | - if (mu_skb) { |
532 | - mu_skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME; |
533 | - skb_queue_tail(&monitor_sdata->skb_queue, mu_skb); |
534 | - ieee80211_queue_work(&local->hw, &monitor_sdata->work); |
535 | - } |
536 | - } |
537 | - |
538 | if (prev_dev) { |
539 | skb->dev = prev_dev; |
540 | netif_receive_skb(skb); |
541 | @@ -3617,6 +3646,27 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx) |
542 | !ether_addr_equal(bssid, hdr->addr1)) |
543 | return false; |
544 | } |
545 | + |
546 | + /* |
547 | + * 802.11-2016 Table 9-26 says that for data frames, A1 must be |
548 | + * the BSSID - we've checked that already but may have accepted |
549 | + * the wildcard (ff:ff:ff:ff:ff:ff). |
550 | + * |
551 | + * It also says: |
552 | + * The BSSID of the Data frame is determined as follows: |
553 | + * a) If the STA is contained within an AP or is associated |
554 | + * with an AP, the BSSID is the address currently in use |
555 | + * by the STA contained in the AP. |
556 | + * |
557 | + * So we should not accept data frames with an address that's |
558 | + * multicast. |
559 | + * |
560 | + * Accepting it also opens a security problem because stations |
561 | + * could encrypt it with the GTK and inject traffic that way. |
562 | + */ |
563 | + if (ieee80211_is_data(hdr->frame_control) && multicast) |
564 | + return false; |
565 | + |
566 | return true; |
567 | case NL80211_IFTYPE_WDS: |
568 | if (bssid || !ieee80211_is_data(hdr->frame_control)) |
569 | diff --git a/security/keys/gc.c b/security/keys/gc.c |
570 | index addf060399e0..9cb4fe4478a1 100644 |
571 | --- a/security/keys/gc.c |
572 | +++ b/security/keys/gc.c |
573 | @@ -46,7 +46,7 @@ static unsigned long key_gc_flags; |
574 | * immediately unlinked. |
575 | */ |
576 | struct key_type key_type_dead = { |
577 | - .name = "dead", |
578 | + .name = ".dead", |
579 | }; |
580 | |
581 | /* |
582 | diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c |
583 | index d580ad06b792..dbbfd7735ce5 100644 |
584 | --- a/security/keys/keyctl.c |
585 | +++ b/security/keys/keyctl.c |
586 | @@ -271,7 +271,8 @@ long keyctl_get_keyring_ID(key_serial_t id, int create) |
587 | * Create and join an anonymous session keyring or join a named session |
588 | * keyring, creating it if necessary. A named session keyring must have Search |
589 | * permission for it to be joined. Session keyrings without this permit will |
590 | - * be skipped over. |
591 | + * be skipped over. It is not permitted for userspace to create or join |
592 | + * keyrings whose name begin with a dot. |
593 | * |
594 | * If successful, the ID of the joined session keyring will be returned. |
595 | */ |
596 | @@ -288,12 +289,16 @@ long keyctl_join_session_keyring(const char __user *_name) |
597 | ret = PTR_ERR(name); |
598 | goto error; |
599 | } |
600 | + |
601 | + ret = -EPERM; |
602 | + if (name[0] == '.') |
603 | + goto error_name; |
604 | } |
605 | |
606 | /* join the session */ |
607 | ret = join_session_keyring(name); |
608 | +error_name: |
609 | kfree(name); |
610 | - |
611 | error: |
612 | return ret; |
613 | } |
614 | @@ -1251,8 +1256,8 @@ long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, |
615 | * Read or set the default keyring in which request_key() will cache keys and |
616 | * return the old setting. |
617 | * |
618 | - * If a process keyring is specified then this will be created if it doesn't |
619 | - * yet exist. The old setting will be returned if successful. |
620 | + * If a thread or process keyring is specified then it will be created if it |
621 | + * doesn't yet exist. The old setting will be returned if successful. |
622 | */ |
623 | long keyctl_set_reqkey_keyring(int reqkey_defl) |
624 | { |
625 | @@ -1277,11 +1282,8 @@ long keyctl_set_reqkey_keyring(int reqkey_defl) |
626 | |
627 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
628 | ret = install_process_keyring_to_cred(new); |
629 | - if (ret < 0) { |
630 | - if (ret != -EEXIST) |
631 | - goto error; |
632 | - ret = 0; |
633 | - } |
634 | + if (ret < 0) |
635 | + goto error; |
636 | goto set; |
637 | |
638 | case KEY_REQKEY_DEFL_DEFAULT: |
639 | diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c |
640 | index 40a885239782..45536c677b05 100644 |
641 | --- a/security/keys/process_keys.c |
642 | +++ b/security/keys/process_keys.c |
643 | @@ -127,13 +127,18 @@ int install_user_keyrings(void) |
644 | } |
645 | |
646 | /* |
647 | - * Install a fresh thread keyring directly to new credentials. This keyring is |
648 | - * allowed to overrun the quota. |
649 | + * Install a thread keyring to the given credentials struct if it didn't have |
650 | + * one already. This is allowed to overrun the quota. |
651 | + * |
652 | + * Return: 0 if a thread keyring is now present; -errno on failure. |
653 | */ |
654 | int install_thread_keyring_to_cred(struct cred *new) |
655 | { |
656 | struct key *keyring; |
657 | |
658 | + if (new->thread_keyring) |
659 | + return 0; |
660 | + |
661 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
662 | KEY_POS_ALL | KEY_USR_VIEW, |
663 | KEY_ALLOC_QUOTA_OVERRUN, |
664 | @@ -146,7 +151,9 @@ int install_thread_keyring_to_cred(struct cred *new) |
665 | } |
666 | |
667 | /* |
668 | - * Install a fresh thread keyring, discarding the old one. |
669 | + * Install a thread keyring to the current task if it didn't have one already. |
670 | + * |
671 | + * Return: 0 if a thread keyring is now present; -errno on failure. |
672 | */ |
673 | static int install_thread_keyring(void) |
674 | { |
675 | @@ -157,8 +164,6 @@ static int install_thread_keyring(void) |
676 | if (!new) |
677 | return -ENOMEM; |
678 | |
679 | - BUG_ON(new->thread_keyring); |
680 | - |
681 | ret = install_thread_keyring_to_cred(new); |
682 | if (ret < 0) { |
683 | abort_creds(new); |
684 | @@ -169,17 +174,17 @@ static int install_thread_keyring(void) |
685 | } |
686 | |
687 | /* |
688 | - * Install a process keyring directly to a credentials struct. |
689 | + * Install a process keyring to the given credentials struct if it didn't have |
690 | + * one already. This is allowed to overrun the quota. |
691 | * |
692 | - * Returns -EEXIST if there was already a process keyring, 0 if one installed, |
693 | - * and other value on any other error |
694 | + * Return: 0 if a process keyring is now present; -errno on failure. |
695 | */ |
696 | int install_process_keyring_to_cred(struct cred *new) |
697 | { |
698 | struct key *keyring; |
699 | |
700 | if (new->process_keyring) |
701 | - return -EEXIST; |
702 | + return 0; |
703 | |
704 | keyring = keyring_alloc("_pid", new->uid, new->gid, new, |
705 | KEY_POS_ALL | KEY_USR_VIEW, |
706 | @@ -193,11 +198,9 @@ int install_process_keyring_to_cred(struct cred *new) |
707 | } |
708 | |
709 | /* |
710 | - * Make sure a process keyring is installed for the current process. The |
711 | - * existing process keyring is not replaced. |
712 | + * Install a process keyring to the current task if it didn't have one already. |
713 | * |
714 | - * Returns 0 if there is a process keyring by the end of this function, some |
715 | - * error otherwise. |
716 | + * Return: 0 if a process keyring is now present; -errno on failure. |
717 | */ |
718 | static int install_process_keyring(void) |
719 | { |
720 | @@ -211,14 +214,18 @@ static int install_process_keyring(void) |
721 | ret = install_process_keyring_to_cred(new); |
722 | if (ret < 0) { |
723 | abort_creds(new); |
724 | - return ret != -EEXIST ? ret : 0; |
725 | + return ret; |
726 | } |
727 | |
728 | return commit_creds(new); |
729 | } |
730 | |
731 | /* |
732 | - * Install a session keyring directly to a credentials struct. |
733 | + * Install the given keyring as the session keyring of the given credentials |
734 | + * struct, replacing the existing one if any. If the given keyring is NULL, |
735 | + * then install a new anonymous session keyring. |
736 | + * |
737 | + * Return: 0 on success; -errno on failure. |
738 | */ |
739 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
740 | { |
741 | @@ -253,8 +260,11 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
742 | } |
743 | |
744 | /* |
745 | - * Install a session keyring, discarding the old one. If a keyring is not |
746 | - * supplied, an empty one is invented. |
747 | + * Install the given keyring as the session keyring of the current task, |
748 | + * replacing the existing one if any. If the given keyring is NULL, then |
749 | + * install a new anonymous session keyring. |
750 | + * |
751 | + * Return: 0 on success; -errno on failure. |
752 | */ |
753 | static int install_session_keyring(struct key *keyring) |
754 | { |