Contents of /trunk/kernel-alx-legacy/patches-4.9/0211-4.9.112-all-fixes.patch
Parent Directory | Revision Log
Revision 3608 -
(show annotations)
(download)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 68426 byte(s)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 68426 byte(s)
-added kerenl-alx-legacy pkg
1 | diff --git a/Makefile b/Makefile |
2 | index b10646531fcd..c4544293db10 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 111 |
9 | +SUBLEVEL = 112 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/arch/arm/boot/dts/imx6q.dtsi b/arch/arm/boot/dts/imx6q.dtsi |
14 | index e9a5d0b8c7b0..908b269a016b 100644 |
15 | --- a/arch/arm/boot/dts/imx6q.dtsi |
16 | +++ b/arch/arm/boot/dts/imx6q.dtsi |
17 | @@ -96,7 +96,7 @@ |
18 | clocks = <&clks IMX6Q_CLK_ECSPI5>, |
19 | <&clks IMX6Q_CLK_ECSPI5>; |
20 | clock-names = "ipg", "per"; |
21 | - dmas = <&sdma 11 7 1>, <&sdma 12 7 2>; |
22 | + dmas = <&sdma 11 8 1>, <&sdma 12 8 2>; |
23 | dma-names = "rx", "tx"; |
24 | status = "disabled"; |
25 | }; |
26 | diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S |
27 | index a4fd00064c80..771cfd2e1e6d 100644 |
28 | --- a/arch/s390/kernel/entry.S |
29 | +++ b/arch/s390/kernel/entry.S |
30 | @@ -1187,7 +1187,7 @@ cleanup_critical: |
31 | jl 0f |
32 | clg %r9,BASED(.Lcleanup_table+104) # .Lload_fpu_regs_end |
33 | jl .Lcleanup_load_fpu_regs |
34 | -0: BR_EX %r14 |
35 | +0: BR_EX %r14,%r11 |
36 | |
37 | .align 8 |
38 | .Lcleanup_table: |
39 | @@ -1217,7 +1217,7 @@ cleanup_critical: |
40 | ni __SIE_PROG0C+3(%r9),0xfe # no longer in SIE |
41 | lctlg %c1,%c1,__LC_USER_ASCE # load primary asce |
42 | larl %r9,sie_exit # skip forward to sie_exit |
43 | - BR_EX %r14 |
44 | + BR_EX %r14,%r11 |
45 | #endif |
46 | |
47 | .Lcleanup_system_call: |
48 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
49 | index b0fd028b2eee..7a4279d8a902 100644 |
50 | --- a/arch/x86/kernel/cpu/common.c |
51 | +++ b/arch/x86/kernel/cpu/common.c |
52 | @@ -848,6 +848,13 @@ void get_cpu_cap(struct cpuinfo_x86 *c) |
53 | |
54 | init_scattered_cpuid_features(c); |
55 | init_speculation_control(c); |
56 | + |
57 | + /* |
58 | + * Clear/Set all flags overridden by options, after probe. |
59 | + * This needs to happen each time we re-probe, which may happen |
60 | + * several times during CPU initialization. |
61 | + */ |
62 | + apply_forced_caps(c); |
63 | } |
64 | |
65 | static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
66 | diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c |
67 | index 91c48cdfe81f..516be613bd41 100644 |
68 | --- a/arch/x86/kernel/kprobes/core.c |
69 | +++ b/arch/x86/kernel/kprobes/core.c |
70 | @@ -414,25 +414,38 @@ void free_insn_page(void *page) |
71 | module_memfree(page); |
72 | } |
73 | |
74 | +/* Prepare reljump right after instruction to boost */ |
75 | +static void prepare_boost(struct kprobe *p, int length) |
76 | +{ |
77 | + if (can_boost(p->ainsn.insn, p->addr) && |
78 | + MAX_INSN_SIZE - length >= RELATIVEJUMP_SIZE) { |
79 | + /* |
80 | + * These instructions can be executed directly if it |
81 | + * jumps back to correct address. |
82 | + */ |
83 | + synthesize_reljump(p->ainsn.insn + length, p->addr + length); |
84 | + p->ainsn.boostable = 1; |
85 | + } else { |
86 | + p->ainsn.boostable = -1; |
87 | + } |
88 | +} |
89 | + |
90 | static int arch_copy_kprobe(struct kprobe *p) |
91 | { |
92 | - int ret; |
93 | + int len; |
94 | |
95 | set_memory_rw((unsigned long)p->ainsn.insn & PAGE_MASK, 1); |
96 | |
97 | /* Copy an instruction with recovering if other optprobe modifies it.*/ |
98 | - ret = __copy_instruction(p->ainsn.insn, p->addr); |
99 | - if (!ret) |
100 | + len = __copy_instruction(p->ainsn.insn, p->addr); |
101 | + if (!len) |
102 | return -EINVAL; |
103 | |
104 | /* |
105 | * __copy_instruction can modify the displacement of the instruction, |
106 | * but it doesn't affect boostable check. |
107 | */ |
108 | - if (can_boost(p->ainsn.insn, p->addr)) |
109 | - p->ainsn.boostable = 0; |
110 | - else |
111 | - p->ainsn.boostable = -1; |
112 | + prepare_boost(p, len); |
113 | |
114 | set_memory_ro((unsigned long)p->ainsn.insn & PAGE_MASK, 1); |
115 | |
116 | @@ -897,21 +910,6 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs, |
117 | break; |
118 | } |
119 | |
120 | - if (p->ainsn.boostable == 0) { |
121 | - if ((regs->ip > copy_ip) && |
122 | - (regs->ip - copy_ip) + 5 < MAX_INSN_SIZE) { |
123 | - /* |
124 | - * These instructions can be executed directly if it |
125 | - * jumps back to correct address. |
126 | - */ |
127 | - synthesize_reljump((void *)regs->ip, |
128 | - (void *)orig_ip + (regs->ip - copy_ip)); |
129 | - p->ainsn.boostable = 1; |
130 | - } else { |
131 | - p->ainsn.boostable = -1; |
132 | - } |
133 | - } |
134 | - |
135 | regs->ip += orig_ip - copy_ip; |
136 | |
137 | no_change: |
138 | diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c |
139 | index a11540e51f62..8eca26ef6471 100644 |
140 | --- a/arch/x86/xen/smp.c |
141 | +++ b/arch/x86/xen/smp.c |
142 | @@ -28,6 +28,7 @@ |
143 | #include <xen/interface/vcpu.h> |
144 | #include <xen/interface/xenpmu.h> |
145 | |
146 | +#include <asm/spec-ctrl.h> |
147 | #include <asm/xen/interface.h> |
148 | #include <asm/xen/hypercall.h> |
149 | |
150 | @@ -87,6 +88,8 @@ static void cpu_bringup(void) |
151 | cpu_data(cpu).x86_max_cores = 1; |
152 | set_cpu_sibling_map(cpu); |
153 | |
154 | + speculative_store_bypass_ht_init(); |
155 | + |
156 | xen_setup_cpu_clockevents(); |
157 | |
158 | notify_cpu_starting(cpu); |
159 | @@ -375,6 +378,8 @@ static void __init xen_smp_prepare_cpus(unsigned int max_cpus) |
160 | } |
161 | set_cpu_sibling_map(0); |
162 | |
163 | + speculative_store_bypass_ht_init(); |
164 | + |
165 | xen_pmu_init(0); |
166 | |
167 | if (xen_smp_intr_init(0)) |
168 | diff --git a/drivers/base/power/opp/core.c b/drivers/base/power/opp/core.c |
169 | index a7c5b79371a7..23ee46a0c78c 100644 |
170 | --- a/drivers/base/power/opp/core.c |
171 | +++ b/drivers/base/power/opp/core.c |
172 | @@ -651,7 +651,7 @@ int dev_pm_opp_set_rate(struct device *dev, unsigned long target_freq) |
173 | rcu_read_unlock(); |
174 | |
175 | /* Scaling up? Scale voltage before frequency */ |
176 | - if (freq > old_freq) { |
177 | + if (freq >= old_freq) { |
178 | ret = _set_opp_voltage(dev, reg, u_volt, u_volt_min, |
179 | u_volt_max); |
180 | if (ret) |
181 | diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c |
182 | index c6755c9a0aea..51c233c4e058 100644 |
183 | --- a/drivers/block/drbd/drbd_worker.c |
184 | +++ b/drivers/block/drbd/drbd_worker.c |
185 | @@ -269,8 +269,8 @@ void drbd_request_endio(struct bio *bio) |
186 | what = COMPLETED_OK; |
187 | } |
188 | |
189 | - bio_put(req->private_bio); |
190 | req->private_bio = ERR_PTR(bio->bi_error); |
191 | + bio_put(bio); |
192 | |
193 | /* not req_mod(), we need irqsave here! */ |
194 | spin_lock_irqsave(&device->resource->req_lock, flags); |
195 | diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c |
196 | index 67ea2ce03a23..39d0fdcb17d2 100644 |
197 | --- a/drivers/gpu/drm/udl/udl_fb.c |
198 | +++ b/drivers/gpu/drm/udl/udl_fb.c |
199 | @@ -136,7 +136,10 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, |
200 | |
201 | if (cmd > (char *) urb->transfer_buffer) { |
202 | /* Send partial buffer remaining before exiting */ |
203 | - int len = cmd - (char *) urb->transfer_buffer; |
204 | + int len; |
205 | + if (cmd < (char *) urb->transfer_buffer + urb->transfer_buffer_length) |
206 | + *cmd++ = 0xAF; |
207 | + len = cmd - (char *) urb->transfer_buffer; |
208 | ret = udl_submit_urb(dev, urb, len); |
209 | bytes_sent += len; |
210 | } else |
211 | diff --git a/drivers/gpu/drm/udl/udl_transfer.c b/drivers/gpu/drm/udl/udl_transfer.c |
212 | index 917dcb978c2c..9259a2f8bf3a 100644 |
213 | --- a/drivers/gpu/drm/udl/udl_transfer.c |
214 | +++ b/drivers/gpu/drm/udl/udl_transfer.c |
215 | @@ -152,11 +152,11 @@ static void udl_compress_hline16( |
216 | raw_pixels_count_byte = cmd++; /* we'll know this later */ |
217 | raw_pixel_start = pixel; |
218 | |
219 | - cmd_pixel_end = pixel + (min(MAX_CMD_PIXELS + 1, |
220 | - min((int)(pixel_end - pixel) / bpp, |
221 | - (int)(cmd_buffer_end - cmd) / 2))) * bpp; |
222 | + cmd_pixel_end = pixel + min3(MAX_CMD_PIXELS + 1UL, |
223 | + (unsigned long)(pixel_end - pixel) / bpp, |
224 | + (unsigned long)(cmd_buffer_end - 1 - cmd) / 2) * bpp; |
225 | |
226 | - prefetch_range((void *) pixel, (cmd_pixel_end - pixel) * bpp); |
227 | + prefetch_range((void *) pixel, cmd_pixel_end - pixel); |
228 | pixel_val16 = get_pixel_val16(pixel, bpp); |
229 | |
230 | while (pixel < cmd_pixel_end) { |
231 | @@ -192,6 +192,9 @@ static void udl_compress_hline16( |
232 | if (pixel > raw_pixel_start) { |
233 | /* finalize last RAW span */ |
234 | *raw_pixels_count_byte = ((pixel-raw_pixel_start) / bpp) & 0xFF; |
235 | + } else { |
236 | + /* undo unused byte */ |
237 | + cmd--; |
238 | } |
239 | |
240 | *cmd_pixels_count_byte = ((pixel - cmd_pixel_start) / bpp) & 0xFF; |
241 | diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c |
242 | index acfb522a432a..29423691c105 100644 |
243 | --- a/drivers/hid/hid-debug.c |
244 | +++ b/drivers/hid/hid-debug.c |
245 | @@ -1152,6 +1152,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, |
246 | goto out; |
247 | if (list->tail > list->head) { |
248 | len = list->tail - list->head; |
249 | + if (len > count) |
250 | + len = count; |
251 | |
252 | if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) { |
253 | ret = -EFAULT; |
254 | @@ -1161,6 +1163,8 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, |
255 | list->head += len; |
256 | } else { |
257 | len = HID_DEBUG_BUFSIZE - list->head; |
258 | + if (len > count) |
259 | + len = count; |
260 | |
261 | if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) { |
262 | ret = -EFAULT; |
263 | @@ -1168,7 +1172,9 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer, |
264 | } |
265 | list->head = 0; |
266 | ret += len; |
267 | - goto copy_rest; |
268 | + count -= len; |
269 | + if (count > 0) |
270 | + goto copy_rest; |
271 | } |
272 | |
273 | } |
274 | diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c |
275 | index 2548c5dbdc75..00bce002b357 100644 |
276 | --- a/drivers/hid/i2c-hid/i2c-hid.c |
277 | +++ b/drivers/hid/i2c-hid/i2c-hid.c |
278 | @@ -477,7 +477,7 @@ static void i2c_hid_get_input(struct i2c_hid *ihid) |
279 | return; |
280 | } |
281 | |
282 | - if ((ret_size > size) || (ret_size <= 2)) { |
283 | + if ((ret_size > size) || (ret_size < 2)) { |
284 | dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n", |
285 | __func__, size, ret_size); |
286 | return; |
287 | diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c |
288 | index 700145b15088..b59b15d4caa9 100644 |
289 | --- a/drivers/hid/usbhid/hiddev.c |
290 | +++ b/drivers/hid/usbhid/hiddev.c |
291 | @@ -35,6 +35,7 @@ |
292 | #include <linux/hiddev.h> |
293 | #include <linux/compat.h> |
294 | #include <linux/vmalloc.h> |
295 | +#include <linux/nospec.h> |
296 | #include "usbhid.h" |
297 | |
298 | #ifdef CONFIG_USB_DYNAMIC_MINORS |
299 | @@ -478,10 +479,14 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, |
300 | |
301 | if (uref->field_index >= report->maxfield) |
302 | goto inval; |
303 | + uref->field_index = array_index_nospec(uref->field_index, |
304 | + report->maxfield); |
305 | |
306 | field = report->field[uref->field_index]; |
307 | if (uref->usage_index >= field->maxusage) |
308 | goto inval; |
309 | + uref->usage_index = array_index_nospec(uref->usage_index, |
310 | + field->maxusage); |
311 | |
312 | uref->usage_code = field->usage[uref->usage_index].hid; |
313 | |
314 | @@ -508,6 +513,8 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, |
315 | |
316 | if (uref->field_index >= report->maxfield) |
317 | goto inval; |
318 | + uref->field_index = array_index_nospec(uref->field_index, |
319 | + report->maxfield); |
320 | |
321 | field = report->field[uref->field_index]; |
322 | |
323 | @@ -761,6 +768,8 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
324 | |
325 | if (finfo.field_index >= report->maxfield) |
326 | break; |
327 | + finfo.field_index = array_index_nospec(finfo.field_index, |
328 | + report->maxfield); |
329 | |
330 | field = report->field[finfo.field_index]; |
331 | memset(&finfo, 0, sizeof(finfo)); |
332 | @@ -801,6 +810,8 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
333 | |
334 | if (cinfo.index >= hid->maxcollection) |
335 | break; |
336 | + cinfo.index = array_index_nospec(cinfo.index, |
337 | + hid->maxcollection); |
338 | |
339 | cinfo.type = hid->collection[cinfo.index].type; |
340 | cinfo.usage = hid->collection[cinfo.index].usage; |
341 | diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c |
342 | index 726615e54f2a..c7592fe30e6e 100644 |
343 | --- a/drivers/i2c/busses/i2c-rcar.c |
344 | +++ b/drivers/i2c/busses/i2c-rcar.c |
345 | @@ -700,6 +700,8 @@ static int rcar_i2c_master_xfer(struct i2c_adapter *adap, |
346 | |
347 | pm_runtime_get_sync(dev); |
348 | |
349 | + rcar_i2c_init(priv); |
350 | + |
351 | ret = rcar_i2c_bus_barrier(priv); |
352 | if (ret < 0) |
353 | goto out; |
354 | @@ -857,8 +859,6 @@ static int rcar_i2c_probe(struct platform_device *pdev) |
355 | if (ret < 0) |
356 | goto out_pm_put; |
357 | |
358 | - rcar_i2c_init(priv); |
359 | - |
360 | /* Don't suspend when multi-master to keep arbitration working */ |
361 | if (of_property_read_bool(dev->of_node, "multi-master")) |
362 | priv->flags |= ID_P_PM_BLOCKED; |
363 | diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c |
364 | index 148b313c6471..d30b3b908621 100644 |
365 | --- a/drivers/infiniband/hw/hfi1/chip.c |
366 | +++ b/drivers/infiniband/hw/hfi1/chip.c |
367 | @@ -6717,7 +6717,7 @@ static void rxe_kernel_unfreeze(struct hfi1_devdata *dd) |
368 | for (i = 0; i < dd->n_krcv_queues; i++) { |
369 | rcvmask = HFI1_RCVCTRL_CTXT_ENB; |
370 | /* HFI1_RCVCTRL_TAILUPD_[ENB|DIS] needs to be set explicitly */ |
371 | - rcvmask |= HFI1_CAP_KGET_MASK(dd->rcd[i]->flags, DMA_RTAIL) ? |
372 | + rcvmask |= dd->rcd[i]->rcvhdrtail_kvaddr ? |
373 | HFI1_RCVCTRL_TAILUPD_ENB : HFI1_RCVCTRL_TAILUPD_DIS; |
374 | hfi1_rcvctrl(dd, rcvmask, i); |
375 | } |
376 | @@ -8211,7 +8211,7 @@ static inline int check_packet_present(struct hfi1_ctxtdata *rcd) |
377 | u32 tail; |
378 | int present; |
379 | |
380 | - if (!HFI1_CAP_IS_KSET(DMA_RTAIL)) |
381 | + if (!rcd->rcvhdrtail_kvaddr) |
382 | present = (rcd->seq_cnt == |
383 | rhf_rcv_seq(rhf_to_cpu(get_rhf_addr(rcd)))); |
384 | else /* is RDMA rtail */ |
385 | @@ -11550,7 +11550,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, int ctxt) |
386 | /* reset the tail and hdr addresses, and sequence count */ |
387 | write_kctxt_csr(dd, ctxt, RCV_HDR_ADDR, |
388 | rcd->rcvhdrq_dma); |
389 | - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) |
390 | + if (rcd->rcvhdrtail_kvaddr) |
391 | write_kctxt_csr(dd, ctxt, RCV_HDR_TAIL_ADDR, |
392 | rcd->rcvhdrqtailaddr_dma); |
393 | rcd->seq_cnt = 1; |
394 | @@ -11630,7 +11630,7 @@ void hfi1_rcvctrl(struct hfi1_devdata *dd, unsigned int op, int ctxt) |
395 | rcvctrl |= RCV_CTXT_CTRL_INTR_AVAIL_SMASK; |
396 | if (op & HFI1_RCVCTRL_INTRAVAIL_DIS) |
397 | rcvctrl &= ~RCV_CTXT_CTRL_INTR_AVAIL_SMASK; |
398 | - if (op & HFI1_RCVCTRL_TAILUPD_ENB && rcd->rcvhdrqtailaddr_dma) |
399 | + if ((op & HFI1_RCVCTRL_TAILUPD_ENB) && rcd->rcvhdrtail_kvaddr) |
400 | rcvctrl |= RCV_CTXT_CTRL_TAIL_UPD_SMASK; |
401 | if (op & HFI1_RCVCTRL_TAILUPD_DIS) { |
402 | /* See comment on RcvCtxtCtrl.TailUpd above */ |
403 | diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c |
404 | index bb729764a799..d612f9d94083 100644 |
405 | --- a/drivers/infiniband/hw/hfi1/file_ops.c |
406 | +++ b/drivers/infiniband/hw/hfi1/file_ops.c |
407 | @@ -609,7 +609,7 @@ static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma) |
408 | ret = -EINVAL; |
409 | goto done; |
410 | } |
411 | - if (flags & VM_WRITE) { |
412 | + if ((flags & VM_WRITE) || !uctxt->rcvhdrtail_kvaddr) { |
413 | ret = -EPERM; |
414 | goto done; |
415 | } |
416 | diff --git a/drivers/infiniband/hw/hfi1/init.c b/drivers/infiniband/hw/hfi1/init.c |
417 | index c81c44525dd5..9dc8cf096e2e 100644 |
418 | --- a/drivers/infiniband/hw/hfi1/init.c |
419 | +++ b/drivers/infiniband/hw/hfi1/init.c |
420 | @@ -1618,7 +1618,6 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) |
421 | u64 reg; |
422 | |
423 | if (!rcd->rcvhdrq) { |
424 | - dma_addr_t dma_hdrqtail; |
425 | gfp_t gfp_flags; |
426 | |
427 | /* |
428 | @@ -1641,13 +1640,13 @@ int hfi1_create_rcvhdrq(struct hfi1_devdata *dd, struct hfi1_ctxtdata *rcd) |
429 | goto bail; |
430 | } |
431 | |
432 | - if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL)) { |
433 | + if (HFI1_CAP_KGET_MASK(rcd->flags, DMA_RTAIL) || |
434 | + HFI1_CAP_UGET_MASK(rcd->flags, DMA_RTAIL)) { |
435 | rcd->rcvhdrtail_kvaddr = dma_zalloc_coherent( |
436 | - &dd->pcidev->dev, PAGE_SIZE, &dma_hdrqtail, |
437 | - gfp_flags); |
438 | + &dd->pcidev->dev, PAGE_SIZE, |
439 | + &rcd->rcvhdrqtailaddr_dma, gfp_flags); |
440 | if (!rcd->rcvhdrtail_kvaddr) |
441 | goto bail_free; |
442 | - rcd->rcvhdrqtailaddr_dma = dma_hdrqtail; |
443 | } |
444 | |
445 | rcd->rcvhdrq_size = amt; |
446 | diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c |
447 | index 35fd57fdeba9..c837defb5e4d 100644 |
448 | --- a/drivers/md/dm-bufio.c |
449 | +++ b/drivers/md/dm-bufio.c |
450 | @@ -819,12 +819,14 @@ enum new_flag { |
451 | static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client *c, enum new_flag nf) |
452 | { |
453 | struct dm_buffer *b; |
454 | + bool tried_noio_alloc = false; |
455 | |
456 | /* |
457 | * dm-bufio is resistant to allocation failures (it just keeps |
458 | * one buffer reserved in cases all the allocations fail). |
459 | * So set flags to not try too hard: |
460 | - * GFP_NOIO: don't recurse into the I/O layer |
461 | + * GFP_NOWAIT: don't wait; if we need to sleep we'll release our |
462 | + * mutex and wait ourselves. |
463 | * __GFP_NORETRY: don't retry and rather return failure |
464 | * __GFP_NOMEMALLOC: don't use emergency reserves |
465 | * __GFP_NOWARN: don't print a warning in case of failure |
466 | @@ -834,7 +836,7 @@ static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client |
467 | */ |
468 | while (1) { |
469 | if (dm_bufio_cache_size_latch != 1) { |
470 | - b = alloc_buffer(c, GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); |
471 | + b = alloc_buffer(c, GFP_NOWAIT | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); |
472 | if (b) |
473 | return b; |
474 | } |
475 | @@ -842,6 +844,15 @@ static struct dm_buffer *__alloc_buffer_wait_no_callback(struct dm_bufio_client |
476 | if (nf == NF_PREFETCH) |
477 | return NULL; |
478 | |
479 | + if (dm_bufio_cache_size_latch != 1 && !tried_noio_alloc) { |
480 | + dm_bufio_unlock(c); |
481 | + b = alloc_buffer(c, GFP_NOIO | __GFP_NORETRY | __GFP_NOMEMALLOC | __GFP_NOWARN); |
482 | + dm_bufio_lock(c); |
483 | + if (b) |
484 | + return b; |
485 | + tried_noio_alloc = true; |
486 | + } |
487 | + |
488 | if (!list_empty(&c->reserved_buffers)) { |
489 | b = list_entry(c->reserved_buffers.next, |
490 | struct dm_buffer, lru_list); |
491 | @@ -1587,19 +1598,11 @@ dm_bufio_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) |
492 | static unsigned long |
493 | dm_bufio_shrink_count(struct shrinker *shrink, struct shrink_control *sc) |
494 | { |
495 | - struct dm_bufio_client *c; |
496 | - unsigned long count; |
497 | - unsigned long retain_target; |
498 | - |
499 | - c = container_of(shrink, struct dm_bufio_client, shrinker); |
500 | - if (sc->gfp_mask & __GFP_FS) |
501 | - dm_bufio_lock(c); |
502 | - else if (!dm_bufio_trylock(c)) |
503 | - return 0; |
504 | + struct dm_bufio_client *c = container_of(shrink, struct dm_bufio_client, shrinker); |
505 | + unsigned long count = READ_ONCE(c->n_buffers[LIST_CLEAN]) + |
506 | + READ_ONCE(c->n_buffers[LIST_DIRTY]); |
507 | + unsigned long retain_target = get_retain_buffers(c); |
508 | |
509 | - count = c->n_buffers[LIST_CLEAN] + c->n_buffers[LIST_DIRTY]; |
510 | - retain_target = get_retain_buffers(c); |
511 | - dm_bufio_unlock(c); |
512 | return (count < retain_target) ? 0 : (count - retain_target); |
513 | } |
514 | |
515 | diff --git a/drivers/media/i2c/cx25840/cx25840-core.c b/drivers/media/i2c/cx25840/cx25840-core.c |
516 | index d558ed3e59c6..cc5666050282 100644 |
517 | --- a/drivers/media/i2c/cx25840/cx25840-core.c |
518 | +++ b/drivers/media/i2c/cx25840/cx25840-core.c |
519 | @@ -467,8 +467,13 @@ static void cx23885_initialize(struct i2c_client *client) |
520 | { |
521 | DEFINE_WAIT(wait); |
522 | struct cx25840_state *state = to_state(i2c_get_clientdata(client)); |
523 | + u32 clk_freq = 0; |
524 | struct workqueue_struct *q; |
525 | |
526 | + /* cx23885 sets hostdata to clk_freq pointer */ |
527 | + if (v4l2_get_subdev_hostdata(&state->sd)) |
528 | + clk_freq = *((u32 *)v4l2_get_subdev_hostdata(&state->sd)); |
529 | + |
530 | /* |
531 | * Come out of digital power down |
532 | * The CX23888, at least, needs this, otherwise registers aside from |
533 | @@ -504,8 +509,13 @@ static void cx23885_initialize(struct i2c_client *client) |
534 | * 50.0 MHz * (0xb + 0xe8ba26/0x2000000)/4 = 5 * 28.636363 MHz |
535 | * 572.73 MHz before post divide |
536 | */ |
537 | - /* HVR1850 or 50MHz xtal */ |
538 | - cx25840_write(client, 0x2, 0x71); |
539 | + if (clk_freq == 25000000) { |
540 | + /* 888/ImpactVCBe or 25Mhz xtal */ |
541 | + ; /* nothing to do */ |
542 | + } else { |
543 | + /* HVR1850 or 50MHz xtal */ |
544 | + cx25840_write(client, 0x2, 0x71); |
545 | + } |
546 | cx25840_write4(client, 0x11c, 0x01d1744c); |
547 | cx25840_write4(client, 0x118, 0x00000416); |
548 | cx25840_write4(client, 0x404, 0x0010253e); |
549 | @@ -548,9 +558,15 @@ static void cx23885_initialize(struct i2c_client *client) |
550 | /* HVR1850 */ |
551 | switch (state->id) { |
552 | case CX23888_AV: |
553 | - /* 888/HVR1250 specific */ |
554 | - cx25840_write4(client, 0x10c, 0x13333333); |
555 | - cx25840_write4(client, 0x108, 0x00000515); |
556 | + if (clk_freq == 25000000) { |
557 | + /* 888/ImpactVCBe or 25MHz xtal */ |
558 | + cx25840_write4(client, 0x10c, 0x01b6db7b); |
559 | + cx25840_write4(client, 0x108, 0x00000512); |
560 | + } else { |
561 | + /* 888/HVR1250 or 50MHz xtal */ |
562 | + cx25840_write4(client, 0x10c, 0x13333333); |
563 | + cx25840_write4(client, 0x108, 0x00000515); |
564 | + } |
565 | break; |
566 | default: |
567 | cx25840_write4(client, 0x10c, 0x002be2c9); |
568 | @@ -580,7 +596,7 @@ static void cx23885_initialize(struct i2c_client *client) |
569 | * 368.64 MHz before post divide |
570 | * 122.88 MHz / 0xa = 12.288 MHz |
571 | */ |
572 | - /* HVR1850 or 50MHz xtal */ |
573 | + /* HVR1850 or 50MHz xtal or 25MHz xtal */ |
574 | cx25840_write4(client, 0x114, 0x017dbf48); |
575 | cx25840_write4(client, 0x110, 0x000a030e); |
576 | break; |
577 | diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c |
578 | index 33d025e42793..de35a2a362f9 100644 |
579 | --- a/drivers/mtd/chips/cfi_cmdset_0002.c |
580 | +++ b/drivers/mtd/chips/cfi_cmdset_0002.c |
581 | @@ -42,7 +42,7 @@ |
582 | #define AMD_BOOTLOC_BUG |
583 | #define FORCE_WORD_WRITE 0 |
584 | |
585 | -#define MAX_WORD_RETRIES 3 |
586 | +#define MAX_RETRIES 3 |
587 | |
588 | #define SST49LF004B 0x0060 |
589 | #define SST49LF040B 0x0050 |
590 | @@ -1643,7 +1643,7 @@ static int __xipram do_write_oneword(struct map_info *map, struct flchip *chip, |
591 | map_write( map, CMD(0xF0), chip->start ); |
592 | /* FIXME - should have reset delay before continuing */ |
593 | |
594 | - if (++retry_cnt <= MAX_WORD_RETRIES) |
595 | + if (++retry_cnt <= MAX_RETRIES) |
596 | goto retry; |
597 | |
598 | ret = -EIO; |
599 | @@ -2102,7 +2102,7 @@ static int do_panic_write_oneword(struct map_info *map, struct flchip *chip, |
600 | map_write(map, CMD(0xF0), chip->start); |
601 | /* FIXME - should have reset delay before continuing */ |
602 | |
603 | - if (++retry_cnt <= MAX_WORD_RETRIES) |
604 | + if (++retry_cnt <= MAX_RETRIES) |
605 | goto retry; |
606 | |
607 | ret = -EIO; |
608 | @@ -2237,6 +2237,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) |
609 | unsigned long int adr; |
610 | DECLARE_WAITQUEUE(wait, current); |
611 | int ret = 0; |
612 | + int retry_cnt = 0; |
613 | |
614 | adr = cfi->addr_unlock1; |
615 | |
616 | @@ -2254,6 +2255,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) |
617 | ENABLE_VPP(map); |
618 | xip_disable(map, chip, adr); |
619 | |
620 | + retry: |
621 | cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); |
622 | cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); |
623 | cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); |
624 | @@ -2290,12 +2292,13 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) |
625 | chip->erase_suspended = 0; |
626 | } |
627 | |
628 | - if (chip_ready(map, adr)) |
629 | + if (chip_good(map, adr, map_word_ff(map))) |
630 | break; |
631 | |
632 | if (time_after(jiffies, timeo)) { |
633 | printk(KERN_WARNING "MTD %s(): software timeout\n", |
634 | __func__ ); |
635 | + ret = -EIO; |
636 | break; |
637 | } |
638 | |
639 | @@ -2303,12 +2306,15 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip) |
640 | UDELAY(map, chip, adr, 1000000/HZ); |
641 | } |
642 | /* Did we succeed? */ |
643 | - if (!chip_good(map, adr, map_word_ff(map))) { |
644 | + if (ret) { |
645 | /* reset on all failures. */ |
646 | map_write( map, CMD(0xF0), chip->start ); |
647 | /* FIXME - should have reset delay before continuing */ |
648 | |
649 | - ret = -EIO; |
650 | + if (++retry_cnt <= MAX_RETRIES) { |
651 | + ret = 0; |
652 | + goto retry; |
653 | + } |
654 | } |
655 | |
656 | chip->state = FL_READY; |
657 | @@ -2327,6 +2333,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, |
658 | unsigned long timeo = jiffies + HZ; |
659 | DECLARE_WAITQUEUE(wait, current); |
660 | int ret = 0; |
661 | + int retry_cnt = 0; |
662 | |
663 | adr += chip->start; |
664 | |
665 | @@ -2344,6 +2351,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, |
666 | ENABLE_VPP(map); |
667 | xip_disable(map, chip, adr); |
668 | |
669 | + retry: |
670 | cfi_send_gen_cmd(0xAA, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); |
671 | cfi_send_gen_cmd(0x55, cfi->addr_unlock2, chip->start, map, cfi, cfi->device_type, NULL); |
672 | cfi_send_gen_cmd(0x80, cfi->addr_unlock1, chip->start, map, cfi, cfi->device_type, NULL); |
673 | @@ -2380,7 +2388,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, |
674 | chip->erase_suspended = 0; |
675 | } |
676 | |
677 | - if (chip_ready(map, adr)) { |
678 | + if (chip_good(map, adr, map_word_ff(map))) { |
679 | xip_enable(map, chip, adr); |
680 | break; |
681 | } |
682 | @@ -2389,6 +2397,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, |
683 | xip_enable(map, chip, adr); |
684 | printk(KERN_WARNING "MTD %s(): software timeout\n", |
685 | __func__ ); |
686 | + ret = -EIO; |
687 | break; |
688 | } |
689 | |
690 | @@ -2396,12 +2405,15 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, |
691 | UDELAY(map, chip, adr, 1000000/HZ); |
692 | } |
693 | /* Did we succeed? */ |
694 | - if (!chip_good(map, adr, map_word_ff(map))) { |
695 | + if (ret) { |
696 | /* reset on all failures. */ |
697 | map_write( map, CMD(0xF0), chip->start ); |
698 | /* FIXME - should have reset delay before continuing */ |
699 | |
700 | - ret = -EIO; |
701 | + if (++retry_cnt <= MAX_RETRIES) { |
702 | + ret = 0; |
703 | + goto retry; |
704 | + } |
705 | } |
706 | |
707 | chip->state = FL_READY; |
708 | diff --git a/drivers/mtd/nand/mxc_nand.c b/drivers/mtd/nand/mxc_nand.c |
709 | index 0c84ee80e5b6..5c44eb57885b 100644 |
710 | --- a/drivers/mtd/nand/mxc_nand.c |
711 | +++ b/drivers/mtd/nand/mxc_nand.c |
712 | @@ -48,7 +48,7 @@ |
713 | #define NFC_V1_V2_CONFIG (host->regs + 0x0a) |
714 | #define NFC_V1_V2_ECC_STATUS_RESULT (host->regs + 0x0c) |
715 | #define NFC_V1_V2_RSLTMAIN_AREA (host->regs + 0x0e) |
716 | -#define NFC_V1_V2_RSLTSPARE_AREA (host->regs + 0x10) |
717 | +#define NFC_V21_RSLTSPARE_AREA (host->regs + 0x10) |
718 | #define NFC_V1_V2_WRPROT (host->regs + 0x12) |
719 | #define NFC_V1_UNLOCKSTART_BLKADDR (host->regs + 0x14) |
720 | #define NFC_V1_UNLOCKEND_BLKADDR (host->regs + 0x16) |
721 | @@ -1121,6 +1121,9 @@ static void preset_v2(struct mtd_info *mtd) |
722 | writew(config1, NFC_V1_V2_CONFIG1); |
723 | /* preset operation */ |
724 | |
725 | + /* spare area size in 16-bit half-words */ |
726 | + writew(mtd->oobsize / 2, NFC_V21_RSLTSPARE_AREA); |
727 | + |
728 | /* Unlock the internal RAM Buffer */ |
729 | writew(0x2, NFC_V1_V2_CONFIG); |
730 | |
731 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c |
732 | index d50350c7adc4..22a5916e477e 100644 |
733 | --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c |
734 | +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c |
735 | @@ -4187,10 +4187,6 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *dev, |
736 | if (netif_is_lag_port(dev) && is_vlan_dev(upper_dev) && |
737 | !netif_is_lag_master(vlan_dev_real_dev(upper_dev))) |
738 | return -EINVAL; |
739 | - if (!info->linking) |
740 | - break; |
741 | - if (netdev_has_any_upper_dev(upper_dev)) |
742 | - return -EINVAL; |
743 | break; |
744 | case NETDEV_CHANGEUPPER: |
745 | upper_dev = info->upper_dev; |
746 | @@ -4566,6 +4562,8 @@ static int mlxsw_sp_netdevice_vport_event(struct net_device *dev, |
747 | return -EINVAL; |
748 | if (!info->linking) |
749 | break; |
750 | + if (netdev_has_any_upper_dev(upper_dev)) |
751 | + return -EINVAL; |
752 | /* We can't have multiple VLAN interfaces configured on |
753 | * the same port and being members in the same bridge. |
754 | */ |
755 | diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c |
756 | index 2032a6de026b..707190d3ada0 100644 |
757 | --- a/drivers/net/phy/micrel.c |
758 | +++ b/drivers/net/phy/micrel.c |
759 | @@ -801,9 +801,6 @@ static struct phy_driver ksphy_driver[] = { |
760 | .read_status = genphy_read_status, |
761 | .ack_interrupt = kszphy_ack_interrupt, |
762 | .config_intr = kszphy_config_intr, |
763 | - .get_sset_count = kszphy_get_sset_count, |
764 | - .get_strings = kszphy_get_strings, |
765 | - .get_stats = kszphy_get_stats, |
766 | .suspend = genphy_suspend, |
767 | .resume = genphy_resume, |
768 | }, { |
769 | @@ -948,9 +945,6 @@ static struct phy_driver ksphy_driver[] = { |
770 | .read_status = genphy_read_status, |
771 | .ack_interrupt = kszphy_ack_interrupt, |
772 | .config_intr = kszphy_config_intr, |
773 | - .get_sset_count = kszphy_get_sset_count, |
774 | - .get_strings = kszphy_get_strings, |
775 | - .get_stats = kszphy_get_stats, |
776 | .suspend = genphy_suspend, |
777 | .resume = genphy_resume, |
778 | }, { |
779 | @@ -960,6 +954,7 @@ static struct phy_driver ksphy_driver[] = { |
780 | .features = (PHY_GBIT_FEATURES | SUPPORTED_Pause), |
781 | .flags = PHY_HAS_MAGICANEG | PHY_HAS_INTERRUPT, |
782 | .driver_data = &ksz9021_type, |
783 | + .probe = kszphy_probe, |
784 | .config_init = ksz9021_config_init, |
785 | .config_aneg = genphy_config_aneg, |
786 | .read_status = genphy_read_status, |
787 | @@ -979,6 +974,7 @@ static struct phy_driver ksphy_driver[] = { |
788 | .features = (PHY_GBIT_FEATURES | SUPPORTED_Pause), |
789 | .flags = PHY_HAS_MAGICANEG | PHY_HAS_INTERRUPT, |
790 | .driver_data = &ksz9021_type, |
791 | + .probe = kszphy_probe, |
792 | .config_init = ksz9031_config_init, |
793 | .config_aneg = genphy_config_aneg, |
794 | .read_status = ksz9031_read_status, |
795 | @@ -998,9 +994,6 @@ static struct phy_driver ksphy_driver[] = { |
796 | .config_init = kszphy_config_init, |
797 | .config_aneg = ksz8873mll_config_aneg, |
798 | .read_status = ksz8873mll_read_status, |
799 | - .get_sset_count = kszphy_get_sset_count, |
800 | - .get_strings = kszphy_get_strings, |
801 | - .get_stats = kszphy_get_stats, |
802 | .suspend = genphy_suspend, |
803 | .resume = genphy_resume, |
804 | }, { |
805 | @@ -1012,9 +1005,6 @@ static struct phy_driver ksphy_driver[] = { |
806 | .config_init = kszphy_config_init, |
807 | .config_aneg = genphy_config_aneg, |
808 | .read_status = genphy_read_status, |
809 | - .get_sset_count = kszphy_get_sset_count, |
810 | - .get_strings = kszphy_get_strings, |
811 | - .get_stats = kszphy_get_stats, |
812 | .suspend = genphy_suspend, |
813 | .resume = genphy_resume, |
814 | }, { |
815 | @@ -1026,9 +1016,6 @@ static struct phy_driver ksphy_driver[] = { |
816 | .config_init = kszphy_config_init, |
817 | .config_aneg = ksz8873mll_config_aneg, |
818 | .read_status = ksz8873mll_read_status, |
819 | - .get_sset_count = kszphy_get_sset_count, |
820 | - .get_strings = kszphy_get_strings, |
821 | - .get_stats = kszphy_get_stats, |
822 | .suspend = genphy_suspend, |
823 | .resume = genphy_resume, |
824 | } }; |
825 | diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c |
826 | index 0f81d739f9e9..2065a0f9dca6 100644 |
827 | --- a/drivers/scsi/sg.c |
828 | +++ b/drivers/scsi/sg.c |
829 | @@ -51,6 +51,7 @@ static int sg_version_num = 30536; /* 2 digits for each component */ |
830 | #include <linux/atomic.h> |
831 | #include <linux/ratelimit.h> |
832 | #include <linux/uio.h> |
833 | +#include <linux/cred.h> /* for sg_check_file_access() */ |
834 | |
835 | #include "scsi.h" |
836 | #include <scsi/scsi_dbg.h> |
837 | @@ -210,6 +211,33 @@ static void sg_device_destroy(struct kref *kref); |
838 | sdev_prefix_printk(prefix, (sdp)->device, \ |
839 | (sdp)->disk->disk_name, fmt, ##a) |
840 | |
841 | +/* |
842 | + * The SCSI interfaces that use read() and write() as an asynchronous variant of |
843 | + * ioctl(..., SG_IO, ...) are fundamentally unsafe, since there are lots of ways |
844 | + * to trigger read() and write() calls from various contexts with elevated |
845 | + * privileges. This can lead to kernel memory corruption (e.g. if these |
846 | + * interfaces are called through splice()) and privilege escalation inside |
847 | + * userspace (e.g. if a process with access to such a device passes a file |
848 | + * descriptor to a SUID binary as stdin/stdout/stderr). |
849 | + * |
850 | + * This function provides protection for the legacy API by restricting the |
851 | + * calling context. |
852 | + */ |
853 | +static int sg_check_file_access(struct file *filp, const char *caller) |
854 | +{ |
855 | + if (filp->f_cred != current_real_cred()) { |
856 | + pr_err_once("%s: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n", |
857 | + caller, task_tgid_vnr(current), current->comm); |
858 | + return -EPERM; |
859 | + } |
860 | + if (unlikely(segment_eq(get_fs(), KERNEL_DS))) { |
861 | + pr_err_once("%s: process %d (%s) called from kernel context, this is not allowed.\n", |
862 | + caller, task_tgid_vnr(current), current->comm); |
863 | + return -EACCES; |
864 | + } |
865 | + return 0; |
866 | +} |
867 | + |
868 | static int sg_allow_access(struct file *filp, unsigned char *cmd) |
869 | { |
870 | struct sg_fd *sfp = filp->private_data; |
871 | @@ -394,6 +422,14 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) |
872 | struct sg_header *old_hdr = NULL; |
873 | int retval = 0; |
874 | |
875 | + /* |
876 | + * This could cause a response to be stranded. Close the associated |
877 | + * file descriptor to free up any resources being held. |
878 | + */ |
879 | + retval = sg_check_file_access(filp, __func__); |
880 | + if (retval) |
881 | + return retval; |
882 | + |
883 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
884 | return -ENXIO; |
885 | SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp, |
886 | @@ -581,9 +617,11 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) |
887 | struct sg_header old_hdr; |
888 | sg_io_hdr_t *hp; |
889 | unsigned char cmnd[SG_MAX_CDB_SIZE]; |
890 | + int retval; |
891 | |
892 | - if (unlikely(segment_eq(get_fs(), KERNEL_DS))) |
893 | - return -EINVAL; |
894 | + retval = sg_check_file_access(filp, __func__); |
895 | + if (retval) |
896 | + return retval; |
897 | |
898 | if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp))) |
899 | return -ENXIO; |
900 | diff --git a/drivers/staging/android/ion/ion_heap.c b/drivers/staging/android/ion/ion_heap.c |
901 | index 4e5c0f17f579..c2a7cb95725b 100644 |
902 | --- a/drivers/staging/android/ion/ion_heap.c |
903 | +++ b/drivers/staging/android/ion/ion_heap.c |
904 | @@ -38,7 +38,7 @@ void *ion_heap_map_kernel(struct ion_heap *heap, |
905 | struct page **tmp = pages; |
906 | |
907 | if (!pages) |
908 | - return NULL; |
909 | + return ERR_PTR(-ENOMEM); |
910 | |
911 | if (buffer->flags & ION_FLAG_CACHED) |
912 | pgprot = PAGE_KERNEL; |
913 | diff --git a/drivers/staging/comedi/drivers/quatech_daqp_cs.c b/drivers/staging/comedi/drivers/quatech_daqp_cs.c |
914 | index 802f51e46405..171960568356 100644 |
915 | --- a/drivers/staging/comedi/drivers/quatech_daqp_cs.c |
916 | +++ b/drivers/staging/comedi/drivers/quatech_daqp_cs.c |
917 | @@ -642,7 +642,7 @@ static int daqp_ao_insn_write(struct comedi_device *dev, |
918 | /* Make sure D/A update mode is direct update */ |
919 | outb(0, dev->iobase + DAQP_AUX_REG); |
920 | |
921 | - for (i = 0; i > insn->n; i++) { |
922 | + for (i = 0; i < insn->n; i++) { |
923 | unsigned int val = data[i]; |
924 | int ret; |
925 | |
926 | diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
927 | index 1c70541a1467..0475f9685a41 100644 |
928 | --- a/drivers/tty/n_tty.c |
929 | +++ b/drivers/tty/n_tty.c |
930 | @@ -126,6 +126,8 @@ struct n_tty_data { |
931 | struct mutex output_lock; |
932 | }; |
933 | |
934 | +#define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1)) |
935 | + |
936 | static inline size_t read_cnt(struct n_tty_data *ldata) |
937 | { |
938 | return ldata->read_head - ldata->read_tail; |
939 | @@ -143,6 +145,7 @@ static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i) |
940 | |
941 | static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i) |
942 | { |
943 | + smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */ |
944 | return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)]; |
945 | } |
946 | |
947 | @@ -318,9 +321,7 @@ static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata) |
948 | static void reset_buffer_flags(struct n_tty_data *ldata) |
949 | { |
950 | ldata->read_head = ldata->canon_head = ldata->read_tail = 0; |
951 | - ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0; |
952 | ldata->commit_head = 0; |
953 | - ldata->echo_mark = 0; |
954 | ldata->line_start = 0; |
955 | |
956 | ldata->erasing = 0; |
957 | @@ -619,12 +620,19 @@ static size_t __process_echoes(struct tty_struct *tty) |
958 | old_space = space = tty_write_room(tty); |
959 | |
960 | tail = ldata->echo_tail; |
961 | - while (ldata->echo_commit != tail) { |
962 | + while (MASK(ldata->echo_commit) != MASK(tail)) { |
963 | c = echo_buf(ldata, tail); |
964 | if (c == ECHO_OP_START) { |
965 | unsigned char op; |
966 | int no_space_left = 0; |
967 | |
968 | + /* |
969 | + * Since add_echo_byte() is called without holding |
970 | + * output_lock, we might see only portion of multi-byte |
971 | + * operation. |
972 | + */ |
973 | + if (MASK(ldata->echo_commit) == MASK(tail + 1)) |
974 | + goto not_yet_stored; |
975 | /* |
976 | * If the buffer byte is the start of a multi-byte |
977 | * operation, get the next byte, which is either the |
978 | @@ -636,6 +644,8 @@ static size_t __process_echoes(struct tty_struct *tty) |
979 | unsigned int num_chars, num_bs; |
980 | |
981 | case ECHO_OP_ERASE_TAB: |
982 | + if (MASK(ldata->echo_commit) == MASK(tail + 2)) |
983 | + goto not_yet_stored; |
984 | num_chars = echo_buf(ldata, tail + 2); |
985 | |
986 | /* |
987 | @@ -730,7 +740,8 @@ static size_t __process_echoes(struct tty_struct *tty) |
988 | /* If the echo buffer is nearly full (so that the possibility exists |
989 | * of echo overrun before the next commit), then discard enough |
990 | * data at the tail to prevent a subsequent overrun */ |
991 | - while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { |
992 | + while (ldata->echo_commit > tail && |
993 | + ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) { |
994 | if (echo_buf(ldata, tail) == ECHO_OP_START) { |
995 | if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB) |
996 | tail += 3; |
997 | @@ -740,6 +751,7 @@ static size_t __process_echoes(struct tty_struct *tty) |
998 | tail++; |
999 | } |
1000 | |
1001 | + not_yet_stored: |
1002 | ldata->echo_tail = tail; |
1003 | return old_space - space; |
1004 | } |
1005 | @@ -750,6 +762,7 @@ static void commit_echoes(struct tty_struct *tty) |
1006 | size_t nr, old, echoed; |
1007 | size_t head; |
1008 | |
1009 | + mutex_lock(&ldata->output_lock); |
1010 | head = ldata->echo_head; |
1011 | ldata->echo_mark = head; |
1012 | old = ldata->echo_commit - ldata->echo_tail; |
1013 | @@ -758,10 +771,12 @@ static void commit_echoes(struct tty_struct *tty) |
1014 | * is over the threshold (and try again each time another |
1015 | * block is accumulated) */ |
1016 | nr = head - ldata->echo_tail; |
1017 | - if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK)) |
1018 | + if (nr < ECHO_COMMIT_WATERMARK || |
1019 | + (nr % ECHO_BLOCK > old % ECHO_BLOCK)) { |
1020 | + mutex_unlock(&ldata->output_lock); |
1021 | return; |
1022 | + } |
1023 | |
1024 | - mutex_lock(&ldata->output_lock); |
1025 | ldata->echo_commit = head; |
1026 | echoed = __process_echoes(tty); |
1027 | mutex_unlock(&ldata->output_lock); |
1028 | @@ -812,7 +827,9 @@ static void flush_echoes(struct tty_struct *tty) |
1029 | |
1030 | static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata) |
1031 | { |
1032 | - *echo_buf_addr(ldata, ldata->echo_head++) = c; |
1033 | + *echo_buf_addr(ldata, ldata->echo_head) = c; |
1034 | + smp_wmb(); /* Matches smp_rmb() in echo_buf(). */ |
1035 | + ldata->echo_head++; |
1036 | } |
1037 | |
1038 | /** |
1039 | @@ -980,14 +997,15 @@ static void eraser(unsigned char c, struct tty_struct *tty) |
1040 | } |
1041 | |
1042 | seen_alnums = 0; |
1043 | - while (ldata->read_head != ldata->canon_head) { |
1044 | + while (MASK(ldata->read_head) != MASK(ldata->canon_head)) { |
1045 | head = ldata->read_head; |
1046 | |
1047 | /* erase a single possibly multibyte character */ |
1048 | do { |
1049 | head--; |
1050 | c = read_buf(ldata, head); |
1051 | - } while (is_continuation(c, tty) && head != ldata->canon_head); |
1052 | + } while (is_continuation(c, tty) && |
1053 | + MASK(head) != MASK(ldata->canon_head)); |
1054 | |
1055 | /* do not partially erase */ |
1056 | if (is_continuation(c, tty)) |
1057 | @@ -1029,7 +1047,7 @@ static void eraser(unsigned char c, struct tty_struct *tty) |
1058 | * This info is used to go back the correct |
1059 | * number of columns. |
1060 | */ |
1061 | - while (tail != ldata->canon_head) { |
1062 | + while (MASK(tail) != MASK(ldata->canon_head)) { |
1063 | tail--; |
1064 | c = read_buf(ldata, tail); |
1065 | if (c == '\t') { |
1066 | @@ -1304,7 +1322,7 @@ n_tty_receive_char_special(struct tty_struct *tty, unsigned char c) |
1067 | finish_erasing(ldata); |
1068 | echo_char(c, tty); |
1069 | echo_char_raw('\n', ldata); |
1070 | - while (tail != ldata->read_head) { |
1071 | + while (MASK(tail) != MASK(ldata->read_head)) { |
1072 | echo_char(read_buf(ldata, tail), tty); |
1073 | tail++; |
1074 | } |
1075 | @@ -1880,30 +1898,21 @@ static int n_tty_open(struct tty_struct *tty) |
1076 | struct n_tty_data *ldata; |
1077 | |
1078 | /* Currently a malloc failure here can panic */ |
1079 | - ldata = vmalloc(sizeof(*ldata)); |
1080 | + ldata = vzalloc(sizeof(*ldata)); |
1081 | if (!ldata) |
1082 | - goto err; |
1083 | + return -ENOMEM; |
1084 | |
1085 | ldata->overrun_time = jiffies; |
1086 | mutex_init(&ldata->atomic_read_lock); |
1087 | mutex_init(&ldata->output_lock); |
1088 | |
1089 | tty->disc_data = ldata; |
1090 | - reset_buffer_flags(tty->disc_data); |
1091 | - ldata->column = 0; |
1092 | - ldata->canon_column = 0; |
1093 | - ldata->num_overrun = 0; |
1094 | - ldata->no_room = 0; |
1095 | - ldata->lnext = 0; |
1096 | tty->closing = 0; |
1097 | /* indicate buffer work may resume */ |
1098 | clear_bit(TTY_LDISC_HALTED, &tty->flags); |
1099 | n_tty_set_termios(tty, NULL); |
1100 | tty_unthrottle(tty); |
1101 | - |
1102 | return 0; |
1103 | -err: |
1104 | - return -ENOMEM; |
1105 | } |
1106 | |
1107 | static inline int input_available_p(struct tty_struct *tty, int poll) |
1108 | @@ -2413,7 +2422,7 @@ static unsigned long inq_canon(struct n_tty_data *ldata) |
1109 | tail = ldata->read_tail; |
1110 | nr = head - tail; |
1111 | /* Skip EOF-chars.. */ |
1112 | - while (head != tail) { |
1113 | + while (MASK(head) != MASK(tail)) { |
1114 | if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) && |
1115 | read_buf(ldata, tail) == __DISABLED_CHAR) |
1116 | nr--; |
1117 | diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c |
1118 | index 9e1ac58e269e..9d3e413f48c6 100644 |
1119 | --- a/drivers/tty/vt/vt.c |
1120 | +++ b/drivers/tty/vt/vt.c |
1121 | @@ -785,7 +785,7 @@ int vc_allocate(unsigned int currcons) /* return 0 on success */ |
1122 | if (!*vc->vc_uni_pagedir_loc) |
1123 | con_set_default_unimap(vc); |
1124 | |
1125 | - vc->vc_screenbuf = kmalloc(vc->vc_screenbuf_size, GFP_KERNEL); |
1126 | + vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_KERNEL); |
1127 | if (!vc->vc_screenbuf) |
1128 | goto err_free; |
1129 | |
1130 | @@ -872,7 +872,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, |
1131 | |
1132 | if (new_screen_size > (4 << 20)) |
1133 | return -EINVAL; |
1134 | - newscreen = kmalloc(new_screen_size, GFP_USER); |
1135 | + newscreen = kzalloc(new_screen_size, GFP_USER); |
1136 | if (!newscreen) |
1137 | return -ENOMEM; |
1138 | |
1139 | diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c |
1140 | index fe22ac7c760a..08bef18372ea 100644 |
1141 | --- a/drivers/usb/class/cdc-acm.c |
1142 | +++ b/drivers/usb/class/cdc-acm.c |
1143 | @@ -1712,6 +1712,9 @@ static const struct usb_device_id acm_ids[] = { |
1144 | { USB_DEVICE(0x11ca, 0x0201), /* VeriFone Mx870 Gadget Serial */ |
1145 | .driver_info = SINGLE_RX_URB, |
1146 | }, |
1147 | + { USB_DEVICE(0x1965, 0x0018), /* Uniden UBC125XLT */ |
1148 | + .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ |
1149 | + }, |
1150 | { USB_DEVICE(0x22b8, 0x7000), /* Motorola Q Phone */ |
1151 | .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ |
1152 | }, |
1153 | diff --git a/drivers/usb/dwc2/hcd_queue.c b/drivers/usb/dwc2/hcd_queue.c |
1154 | index 13754353251f..9669184fb1fe 100644 |
1155 | --- a/drivers/usb/dwc2/hcd_queue.c |
1156 | +++ b/drivers/usb/dwc2/hcd_queue.c |
1157 | @@ -479,7 +479,7 @@ static unsigned long *dwc2_get_ls_map(struct dwc2_hsotg *hsotg, |
1158 | /* Get the map and adjust if this is a multi_tt hub */ |
1159 | map = qh->dwc_tt->periodic_bitmaps; |
1160 | if (qh->dwc_tt->usb_tt->multi) |
1161 | - map += DWC2_ELEMENTS_PER_LS_BITMAP * qh->ttport; |
1162 | + map += DWC2_ELEMENTS_PER_LS_BITMAP * (qh->ttport - 1); |
1163 | |
1164 | return map; |
1165 | } |
1166 | diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c |
1167 | index 46b4dea7a0ec..6f2c77a7c08e 100644 |
1168 | --- a/drivers/usb/serial/cp210x.c |
1169 | +++ b/drivers/usb/serial/cp210x.c |
1170 | @@ -92,6 +92,9 @@ static const struct usb_device_id id_table[] = { |
1171 | { USB_DEVICE(0x10C4, 0x8156) }, /* B&G H3000 link cable */ |
1172 | { USB_DEVICE(0x10C4, 0x815E) }, /* Helicomm IP-Link 1220-DVM */ |
1173 | { USB_DEVICE(0x10C4, 0x815F) }, /* Timewave HamLinkUSB */ |
1174 | + { USB_DEVICE(0x10C4, 0x817C) }, /* CESINEL MEDCAL N Power Quality Monitor */ |
1175 | + { USB_DEVICE(0x10C4, 0x817D) }, /* CESINEL MEDCAL NT Power Quality Monitor */ |
1176 | + { USB_DEVICE(0x10C4, 0x817E) }, /* CESINEL MEDCAL S Power Quality Monitor */ |
1177 | { USB_DEVICE(0x10C4, 0x818B) }, /* AVIT Research USB to TTL */ |
1178 | { USB_DEVICE(0x10C4, 0x819F) }, /* MJS USB Toslink Switcher */ |
1179 | { USB_DEVICE(0x10C4, 0x81A6) }, /* ThinkOptics WavIt */ |
1180 | @@ -109,6 +112,9 @@ static const struct usb_device_id id_table[] = { |
1181 | { USB_DEVICE(0x10C4, 0x826B) }, /* Cygnal Integrated Products, Inc., Fasttrax GPS demonstration module */ |
1182 | { USB_DEVICE(0x10C4, 0x8281) }, /* Nanotec Plug & Drive */ |
1183 | { USB_DEVICE(0x10C4, 0x8293) }, /* Telegesis ETRX2USB */ |
1184 | + { USB_DEVICE(0x10C4, 0x82EF) }, /* CESINEL FALCO 6105 AC Power Supply */ |
1185 | + { USB_DEVICE(0x10C4, 0x82F1) }, /* CESINEL MEDCAL EFD Earth Fault Detector */ |
1186 | + { USB_DEVICE(0x10C4, 0x82F2) }, /* CESINEL MEDCAL ST Network Analyzer */ |
1187 | { USB_DEVICE(0x10C4, 0x82F4) }, /* Starizona MicroTouch */ |
1188 | { USB_DEVICE(0x10C4, 0x82F9) }, /* Procyon AVS */ |
1189 | { USB_DEVICE(0x10C4, 0x8341) }, /* Siemens MC35PU GPRS Modem */ |
1190 | @@ -121,7 +127,9 @@ static const struct usb_device_id id_table[] = { |
1191 | { USB_DEVICE(0x10C4, 0x8470) }, /* Juniper Networks BX Series System Console */ |
1192 | { USB_DEVICE(0x10C4, 0x8477) }, /* Balluff RFID */ |
1193 | { USB_DEVICE(0x10C4, 0x84B6) }, /* Starizona Hyperion */ |
1194 | + { USB_DEVICE(0x10C4, 0x851E) }, /* CESINEL MEDCAL PT Network Analyzer */ |
1195 | { USB_DEVICE(0x10C4, 0x85A7) }, /* LifeScan OneTouch Verio IQ */ |
1196 | + { USB_DEVICE(0x10C4, 0x85B8) }, /* CESINEL ReCon T Energy Logger */ |
1197 | { USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */ |
1198 | { USB_DEVICE(0x10C4, 0x85EB) }, /* AC-Services CIS-IBUS */ |
1199 | { USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */ |
1200 | @@ -131,17 +139,23 @@ static const struct usb_device_id id_table[] = { |
1201 | { USB_DEVICE(0x10C4, 0x8857) }, /* CEL EM357 ZigBee USB Stick */ |
1202 | { USB_DEVICE(0x10C4, 0x88A4) }, /* MMB Networks ZigBee USB Device */ |
1203 | { USB_DEVICE(0x10C4, 0x88A5) }, /* Planet Innovation Ingeni ZigBee USB Device */ |
1204 | + { USB_DEVICE(0x10C4, 0x88FB) }, /* CESINEL MEDCAL STII Network Analyzer */ |
1205 | + { USB_DEVICE(0x10C4, 0x8938) }, /* CESINEL MEDCAL S II Network Analyzer */ |
1206 | { USB_DEVICE(0x10C4, 0x8946) }, /* Ketra N1 Wireless Interface */ |
1207 | { USB_DEVICE(0x10C4, 0x8962) }, /* Brim Brothers charging dock */ |
1208 | { USB_DEVICE(0x10C4, 0x8977) }, /* CEL MeshWorks DevKit Device */ |
1209 | { USB_DEVICE(0x10C4, 0x8998) }, /* KCF Technologies PRN */ |
1210 | + { USB_DEVICE(0x10C4, 0x89A4) }, /* CESINEL FTBC Flexible Thyristor Bridge Controller */ |
1211 | { USB_DEVICE(0x10C4, 0x8A2A) }, /* HubZ dual ZigBee and Z-Wave dongle */ |
1212 | { USB_DEVICE(0x10C4, 0x8A5E) }, /* CEL EM3588 ZigBee USB Stick Long Range */ |
1213 | { USB_DEVICE(0x10C4, 0x8B34) }, /* Qivicon ZigBee USB Radio Stick */ |
1214 | { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */ |
1215 | { USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */ |
1216 | + { USB_DEVICE(0x10C4, 0xEA63) }, /* Silicon Labs Windows Update (CP2101-4/CP2102N) */ |
1217 | { USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */ |
1218 | { USB_DEVICE(0x10C4, 0xEA71) }, /* Infinity GPS-MIC-1 Radio Monophone */ |
1219 | + { USB_DEVICE(0x10C4, 0xEA7A) }, /* Silicon Labs Windows Update (CP2105) */ |
1220 | + { USB_DEVICE(0x10C4, 0xEA7B) }, /* Silicon Labs Windows Update (CP2108) */ |
1221 | { USB_DEVICE(0x10C4, 0xF001) }, /* Elan Digital Systems USBscope50 */ |
1222 | { USB_DEVICE(0x10C4, 0xF002) }, /* Elan Digital Systems USBwave12 */ |
1223 | { USB_DEVICE(0x10C4, 0xF003) }, /* Elan Digital Systems USBpulse100 */ |
1224 | diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c |
1225 | index d57222894892..8407b07428a6 100644 |
1226 | --- a/fs/cifs/cifssmb.c |
1227 | +++ b/fs/cifs/cifssmb.c |
1228 | @@ -150,8 +150,14 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) |
1229 | * greater than cifs socket timeout which is 7 seconds |
1230 | */ |
1231 | while (server->tcpStatus == CifsNeedReconnect) { |
1232 | - wait_event_interruptible_timeout(server->response_q, |
1233 | - (server->tcpStatus != CifsNeedReconnect), 10 * HZ); |
1234 | + rc = wait_event_interruptible_timeout(server->response_q, |
1235 | + (server->tcpStatus != CifsNeedReconnect), |
1236 | + 10 * HZ); |
1237 | + if (rc < 0) { |
1238 | + cifs_dbg(FYI, "%s: aborting reconnect due to a received" |
1239 | + " signal by the process\n", __func__); |
1240 | + return -ERESTARTSYS; |
1241 | + } |
1242 | |
1243 | /* are we still trying to reconnect? */ |
1244 | if (server->tcpStatus != CifsNeedReconnect) |
1245 | diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c |
1246 | index e0214334769b..4ded64b8b43b 100644 |
1247 | --- a/fs/cifs/smb2pdu.c |
1248 | +++ b/fs/cifs/smb2pdu.c |
1249 | @@ -155,7 +155,7 @@ smb2_hdr_assemble(struct smb2_hdr *hdr, __le16 smb2_cmd /* command */ , |
1250 | static int |
1251 | smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) |
1252 | { |
1253 | - int rc = 0; |
1254 | + int rc; |
1255 | struct nls_table *nls_codepage; |
1256 | struct cifs_ses *ses; |
1257 | struct TCP_Server_Info *server; |
1258 | @@ -166,10 +166,10 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) |
1259 | * for those three - in the calling routine. |
1260 | */ |
1261 | if (tcon == NULL) |
1262 | - return rc; |
1263 | + return 0; |
1264 | |
1265 | if (smb2_command == SMB2_TREE_CONNECT) |
1266 | - return rc; |
1267 | + return 0; |
1268 | |
1269 | if (tcon->tidStatus == CifsExiting) { |
1270 | /* |
1271 | @@ -212,8 +212,14 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) |
1272 | return -EAGAIN; |
1273 | } |
1274 | |
1275 | - wait_event_interruptible_timeout(server->response_q, |
1276 | - (server->tcpStatus != CifsNeedReconnect), 10 * HZ); |
1277 | + rc = wait_event_interruptible_timeout(server->response_q, |
1278 | + (server->tcpStatus != CifsNeedReconnect), |
1279 | + 10 * HZ); |
1280 | + if (rc < 0) { |
1281 | + cifs_dbg(FYI, "%s: aborting reconnect due to a received" |
1282 | + " signal by the process\n", __func__); |
1283 | + return -ERESTARTSYS; |
1284 | + } |
1285 | |
1286 | /* are we still trying to reconnect? */ |
1287 | if (server->tcpStatus != CifsNeedReconnect) |
1288 | @@ -231,7 +237,7 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) |
1289 | } |
1290 | |
1291 | if (!tcon->ses->need_reconnect && !tcon->need_reconnect) |
1292 | - return rc; |
1293 | + return 0; |
1294 | |
1295 | nls_codepage = load_nls_default(); |
1296 | |
1297 | diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c |
1298 | index 6776f4aa3d12..ad13f07cf0d3 100644 |
1299 | --- a/fs/ext4/balloc.c |
1300 | +++ b/fs/ext4/balloc.c |
1301 | @@ -183,7 +183,6 @@ static int ext4_init_block_bitmap(struct super_block *sb, |
1302 | unsigned int bit, bit_max; |
1303 | struct ext4_sb_info *sbi = EXT4_SB(sb); |
1304 | ext4_fsblk_t start, tmp; |
1305 | - int flex_bg = 0; |
1306 | struct ext4_group_info *grp; |
1307 | |
1308 | J_ASSERT_BH(bh, buffer_locked(bh)); |
1309 | @@ -216,22 +215,19 @@ static int ext4_init_block_bitmap(struct super_block *sb, |
1310 | |
1311 | start = ext4_group_first_block_no(sb, block_group); |
1312 | |
1313 | - if (ext4_has_feature_flex_bg(sb)) |
1314 | - flex_bg = 1; |
1315 | - |
1316 | /* Set bits for block and inode bitmaps, and inode table */ |
1317 | tmp = ext4_block_bitmap(sb, gdp); |
1318 | - if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) |
1319 | + if (ext4_block_in_group(sb, tmp, block_group)) |
1320 | ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); |
1321 | |
1322 | tmp = ext4_inode_bitmap(sb, gdp); |
1323 | - if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) |
1324 | + if (ext4_block_in_group(sb, tmp, block_group)) |
1325 | ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); |
1326 | |
1327 | tmp = ext4_inode_table(sb, gdp); |
1328 | for (; tmp < ext4_inode_table(sb, gdp) + |
1329 | sbi->s_itb_per_group; tmp++) { |
1330 | - if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) |
1331 | + if (ext4_block_in_group(sb, tmp, block_group)) |
1332 | ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); |
1333 | } |
1334 | |
1335 | @@ -454,7 +450,16 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) |
1336 | goto verify; |
1337 | } |
1338 | ext4_lock_group(sb, block_group); |
1339 | - if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { |
1340 | + if (ext4_has_group_desc_csum(sb) && |
1341 | + (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { |
1342 | + if (block_group == 0) { |
1343 | + ext4_unlock_group(sb, block_group); |
1344 | + unlock_buffer(bh); |
1345 | + ext4_error(sb, "Block bitmap for bg 0 marked " |
1346 | + "uninitialized"); |
1347 | + err = -EFSCORRUPTED; |
1348 | + goto out; |
1349 | + } |
1350 | err = ext4_init_block_bitmap(sb, bh, block_group, desc); |
1351 | set_bitmap_uptodate(bh); |
1352 | set_buffer_uptodate(bh); |
1353 | diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h |
1354 | index a8a750f59621..43e27d8ec770 100644 |
1355 | --- a/fs/ext4/ext4.h |
1356 | +++ b/fs/ext4/ext4.h |
1357 | @@ -1542,11 +1542,6 @@ static inline struct timespec ext4_current_time(struct inode *inode) |
1358 | static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino) |
1359 | { |
1360 | return ino == EXT4_ROOT_INO || |
1361 | - ino == EXT4_USR_QUOTA_INO || |
1362 | - ino == EXT4_GRP_QUOTA_INO || |
1363 | - ino == EXT4_BOOT_LOADER_INO || |
1364 | - ino == EXT4_JOURNAL_INO || |
1365 | - ino == EXT4_RESIZE_INO || |
1366 | (ino >= EXT4_FIRST_INO(sb) && |
1367 | ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)); |
1368 | } |
1369 | diff --git a/fs/ext4/ext4_extents.h b/fs/ext4/ext4_extents.h |
1370 | index 8ecf84b8f5a1..a284fb28944b 100644 |
1371 | --- a/fs/ext4/ext4_extents.h |
1372 | +++ b/fs/ext4/ext4_extents.h |
1373 | @@ -103,6 +103,7 @@ struct ext4_extent_header { |
1374 | }; |
1375 | |
1376 | #define EXT4_EXT_MAGIC cpu_to_le16(0xf30a) |
1377 | +#define EXT4_MAX_EXTENT_DEPTH 5 |
1378 | |
1379 | #define EXT4_EXTENT_TAIL_OFFSET(hdr) \ |
1380 | (sizeof(struct ext4_extent_header) + \ |
1381 | diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c |
1382 | index 63c702b4b24c..106a5bb3ae68 100644 |
1383 | --- a/fs/ext4/extents.c |
1384 | +++ b/fs/ext4/extents.c |
1385 | @@ -881,6 +881,12 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, |
1386 | |
1387 | eh = ext_inode_hdr(inode); |
1388 | depth = ext_depth(inode); |
1389 | + if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) { |
1390 | + EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d", |
1391 | + depth); |
1392 | + ret = -EFSCORRUPTED; |
1393 | + goto err; |
1394 | + } |
1395 | |
1396 | if (path) { |
1397 | ext4_ext_drop_refs(path); |
1398 | diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c |
1399 | index dcf63daefee0..460866b2166d 100644 |
1400 | --- a/fs/ext4/ialloc.c |
1401 | +++ b/fs/ext4/ialloc.c |
1402 | @@ -152,7 +152,16 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) |
1403 | } |
1404 | |
1405 | ext4_lock_group(sb, block_group); |
1406 | - if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) { |
1407 | + if (ext4_has_group_desc_csum(sb) && |
1408 | + (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) { |
1409 | + if (block_group == 0) { |
1410 | + ext4_unlock_group(sb, block_group); |
1411 | + unlock_buffer(bh); |
1412 | + ext4_error(sb, "Inode bitmap for bg 0 marked " |
1413 | + "uninitialized"); |
1414 | + err = -EFSCORRUPTED; |
1415 | + goto out; |
1416 | + } |
1417 | memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8); |
1418 | ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb), |
1419 | sb->s_blocksize * 8, bh->b_data); |
1420 | @@ -926,7 +935,8 @@ struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir, |
1421 | |
1422 | /* recheck and clear flag under lock if we still need to */ |
1423 | ext4_lock_group(sb, group); |
1424 | - if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { |
1425 | + if (ext4_has_group_desc_csum(sb) && |
1426 | + (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { |
1427 | gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); |
1428 | ext4_free_group_clusters_set(sb, gdp, |
1429 | ext4_free_clusters_after_init(sb, group, gdp)); |
1430 | diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
1431 | index 73cbc01ef5ad..e6ac24de119d 100644 |
1432 | --- a/fs/ext4/inline.c |
1433 | +++ b/fs/ext4/inline.c |
1434 | @@ -434,6 +434,7 @@ static int ext4_destroy_inline_data_nolock(handle_t *handle, |
1435 | |
1436 | memset((void *)ext4_raw_inode(&is.iloc)->i_block, |
1437 | 0, EXT4_MIN_INLINE_DATA_SIZE); |
1438 | + memset(ei->i_data, 0, EXT4_MIN_INLINE_DATA_SIZE); |
1439 | |
1440 | if (ext4_has_feature_extents(inode->i_sb)) { |
1441 | if (S_ISDIR(inode->i_mode) || |
1442 | diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
1443 | index 7c025ee1276f..5c4c9af4aaf4 100644 |
1444 | --- a/fs/ext4/inode.c |
1445 | +++ b/fs/ext4/inode.c |
1446 | @@ -377,9 +377,9 @@ static int __check_block_validity(struct inode *inode, const char *func, |
1447 | if (!ext4_data_block_valid(EXT4_SB(inode->i_sb), map->m_pblk, |
1448 | map->m_len)) { |
1449 | ext4_error_inode(inode, func, line, map->m_pblk, |
1450 | - "lblock %lu mapped to illegal pblock " |
1451 | + "lblock %lu mapped to illegal pblock %llu " |
1452 | "(length %d)", (unsigned long) map->m_lblk, |
1453 | - map->m_len); |
1454 | + map->m_pblk, map->m_len); |
1455 | return -EFSCORRUPTED; |
1456 | } |
1457 | return 0; |
1458 | @@ -4242,7 +4242,8 @@ static int __ext4_get_inode_loc(struct inode *inode, |
1459 | int inodes_per_block, inode_offset; |
1460 | |
1461 | iloc->bh = NULL; |
1462 | - if (!ext4_valid_inum(sb, inode->i_ino)) |
1463 | + if (inode->i_ino < EXT4_ROOT_INO || |
1464 | + inode->i_ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)) |
1465 | return -EFSCORRUPTED; |
1466 | |
1467 | iloc->block_group = (inode->i_ino - 1) / EXT4_INODES_PER_GROUP(sb); |
1468 | diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
1469 | index 14bd37041e1a..53e1890660a2 100644 |
1470 | --- a/fs/ext4/mballoc.c |
1471 | +++ b/fs/ext4/mballoc.c |
1472 | @@ -2444,7 +2444,8 @@ int ext4_mb_add_groupinfo(struct super_block *sb, ext4_group_t group, |
1473 | * initialize bb_free to be able to skip |
1474 | * empty groups without initialization |
1475 | */ |
1476 | - if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { |
1477 | + if (ext4_has_group_desc_csum(sb) && |
1478 | + (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { |
1479 | meta_group_info[i]->bb_free = |
1480 | ext4_free_clusters_after_init(sb, group, desc); |
1481 | } else { |
1482 | @@ -2969,7 +2970,8 @@ ext4_mb_mark_diskspace_used(struct ext4_allocation_context *ac, |
1483 | #endif |
1484 | ext4_set_bits(bitmap_bh->b_data, ac->ac_b_ex.fe_start, |
1485 | ac->ac_b_ex.fe_len); |
1486 | - if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { |
1487 | + if (ext4_has_group_desc_csum(sb) && |
1488 | + (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { |
1489 | gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); |
1490 | ext4_free_group_clusters_set(sb, gdp, |
1491 | ext4_free_clusters_after_init(sb, |
1492 | diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
1493 | index bfb83d76d128..41ef83471ea5 100644 |
1494 | --- a/fs/ext4/super.c |
1495 | +++ b/fs/ext4/super.c |
1496 | @@ -2231,6 +2231,7 @@ static int ext4_check_descriptors(struct super_block *sb, |
1497 | struct ext4_sb_info *sbi = EXT4_SB(sb); |
1498 | ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block); |
1499 | ext4_fsblk_t last_block; |
1500 | + ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1; |
1501 | ext4_fsblk_t block_bitmap; |
1502 | ext4_fsblk_t inode_bitmap; |
1503 | ext4_fsblk_t inode_table; |
1504 | @@ -2263,6 +2264,14 @@ static int ext4_check_descriptors(struct super_block *sb, |
1505 | if (!(sb->s_flags & MS_RDONLY)) |
1506 | return 0; |
1507 | } |
1508 | + if (block_bitmap >= sb_block + 1 && |
1509 | + block_bitmap <= last_bg_block) { |
1510 | + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " |
1511 | + "Block bitmap for group %u overlaps " |
1512 | + "block group descriptors", i); |
1513 | + if (!(sb->s_flags & MS_RDONLY)) |
1514 | + return 0; |
1515 | + } |
1516 | if (block_bitmap < first_block || block_bitmap > last_block) { |
1517 | ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " |
1518 | "Block bitmap for group %u not in group " |
1519 | @@ -2277,6 +2286,14 @@ static int ext4_check_descriptors(struct super_block *sb, |
1520 | if (!(sb->s_flags & MS_RDONLY)) |
1521 | return 0; |
1522 | } |
1523 | + if (inode_bitmap >= sb_block + 1 && |
1524 | + inode_bitmap <= last_bg_block) { |
1525 | + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " |
1526 | + "Inode bitmap for group %u overlaps " |
1527 | + "block group descriptors", i); |
1528 | + if (!(sb->s_flags & MS_RDONLY)) |
1529 | + return 0; |
1530 | + } |
1531 | if (inode_bitmap < first_block || inode_bitmap > last_block) { |
1532 | ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " |
1533 | "Inode bitmap for group %u not in group " |
1534 | @@ -2291,6 +2308,14 @@ static int ext4_check_descriptors(struct super_block *sb, |
1535 | if (!(sb->s_flags & MS_RDONLY)) |
1536 | return 0; |
1537 | } |
1538 | + if (inode_table >= sb_block + 1 && |
1539 | + inode_table <= last_bg_block) { |
1540 | + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " |
1541 | + "Inode table for group %u overlaps " |
1542 | + "block group descriptors", i); |
1543 | + if (!(sb->s_flags & MS_RDONLY)) |
1544 | + return 0; |
1545 | + } |
1546 | if (inode_table < first_block || |
1547 | inode_table + sbi->s_itb_per_group - 1 > last_block) { |
1548 | ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " |
1549 | @@ -2998,13 +3023,22 @@ static ext4_group_t ext4_has_uninit_itable(struct super_block *sb) |
1550 | ext4_group_t group, ngroups = EXT4_SB(sb)->s_groups_count; |
1551 | struct ext4_group_desc *gdp = NULL; |
1552 | |
1553 | + if (!ext4_has_group_desc_csum(sb)) |
1554 | + return ngroups; |
1555 | + |
1556 | for (group = 0; group < ngroups; group++) { |
1557 | gdp = ext4_get_group_desc(sb, group, NULL); |
1558 | if (!gdp) |
1559 | continue; |
1560 | |
1561 | - if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))) |
1562 | + if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)) |
1563 | + continue; |
1564 | + if (group != 0) |
1565 | break; |
1566 | + ext4_error(sb, "Inode table for bg 0 marked as " |
1567 | + "needing zeroing"); |
1568 | + if (sb->s_flags & MS_RDONLY) |
1569 | + return ngroups; |
1570 | } |
1571 | |
1572 | return group; |
1573 | @@ -3622,6 +3656,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1574 | le32_to_cpu(es->s_log_block_size)); |
1575 | goto failed_mount; |
1576 | } |
1577 | + if (le32_to_cpu(es->s_log_cluster_size) > |
1578 | + (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { |
1579 | + ext4_msg(sb, KERN_ERR, |
1580 | + "Invalid log cluster size: %u", |
1581 | + le32_to_cpu(es->s_log_cluster_size)); |
1582 | + goto failed_mount; |
1583 | + } |
1584 | |
1585 | if (le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) > (blocksize / 4)) { |
1586 | ext4_msg(sb, KERN_ERR, |
1587 | @@ -3679,6 +3720,11 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1588 | } else { |
1589 | sbi->s_inode_size = le16_to_cpu(es->s_inode_size); |
1590 | sbi->s_first_ino = le32_to_cpu(es->s_first_ino); |
1591 | + if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) { |
1592 | + ext4_msg(sb, KERN_ERR, "invalid first ino: %u", |
1593 | + sbi->s_first_ino); |
1594 | + goto failed_mount; |
1595 | + } |
1596 | if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || |
1597 | (!is_power_of_2(sbi->s_inode_size)) || |
1598 | (sbi->s_inode_size > blocksize)) { |
1599 | @@ -3755,13 +3801,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1600 | "block size (%d)", clustersize, blocksize); |
1601 | goto failed_mount; |
1602 | } |
1603 | - if (le32_to_cpu(es->s_log_cluster_size) > |
1604 | - (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { |
1605 | - ext4_msg(sb, KERN_ERR, |
1606 | - "Invalid log cluster size: %u", |
1607 | - le32_to_cpu(es->s_log_cluster_size)); |
1608 | - goto failed_mount; |
1609 | - } |
1610 | sbi->s_cluster_bits = le32_to_cpu(es->s_log_cluster_size) - |
1611 | le32_to_cpu(es->s_log_block_size); |
1612 | sbi->s_clusters_per_group = |
1613 | @@ -3782,10 +3821,10 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1614 | } |
1615 | } else { |
1616 | if (clustersize != blocksize) { |
1617 | - ext4_warning(sb, "fragment/cluster size (%d) != " |
1618 | - "block size (%d)", clustersize, |
1619 | - blocksize); |
1620 | - clustersize = blocksize; |
1621 | + ext4_msg(sb, KERN_ERR, |
1622 | + "fragment/cluster size (%d) != " |
1623 | + "block size (%d)", clustersize, blocksize); |
1624 | + goto failed_mount; |
1625 | } |
1626 | if (sbi->s_blocks_per_group > blocksize * 8) { |
1627 | ext4_msg(sb, KERN_ERR, |
1628 | @@ -3839,6 +3878,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1629 | ext4_blocks_count(es)); |
1630 | goto failed_mount; |
1631 | } |
1632 | + if ((es->s_first_data_block == 0) && (es->s_log_block_size == 0) && |
1633 | + (sbi->s_cluster_ratio == 1)) { |
1634 | + ext4_msg(sb, KERN_WARNING, "bad geometry: first data " |
1635 | + "block is 0 with a 1k block and cluster size"); |
1636 | + goto failed_mount; |
1637 | + } |
1638 | + |
1639 | blocks_count = (ext4_blocks_count(es) - |
1640 | le32_to_cpu(es->s_first_data_block) + |
1641 | EXT4_BLOCKS_PER_GROUP(sb) - 1); |
1642 | @@ -3874,6 +3920,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1643 | ret = -ENOMEM; |
1644 | goto failed_mount; |
1645 | } |
1646 | + if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) != |
1647 | + le32_to_cpu(es->s_inodes_count)) { |
1648 | + ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu", |
1649 | + le32_to_cpu(es->s_inodes_count), |
1650 | + ((u64)sbi->s_groups_count * sbi->s_inodes_per_group)); |
1651 | + ret = -EINVAL; |
1652 | + goto failed_mount; |
1653 | + } |
1654 | |
1655 | bgl_lock_init(sbi->s_blockgroup_lock); |
1656 | |
1657 | @@ -4575,6 +4629,14 @@ static int ext4_commit_super(struct super_block *sb, int sync) |
1658 | |
1659 | if (!sbh || block_device_ejected(sb)) |
1660 | return error; |
1661 | + |
1662 | + /* |
1663 | + * The superblock bh should be mapped, but it might not be if the |
1664 | + * device was hot-removed. Not much we can do but fail the I/O. |
1665 | + */ |
1666 | + if (!buffer_mapped(sbh)) |
1667 | + return error; |
1668 | + |
1669 | /* |
1670 | * If the file system is mounted read-only, don't update the |
1671 | * superblock write time. This avoids updating the superblock |
1672 | diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c |
1673 | index 9e9e0936138b..b320c1ba7fdc 100644 |
1674 | --- a/fs/jbd2/transaction.c |
1675 | +++ b/fs/jbd2/transaction.c |
1676 | @@ -1353,6 +1353,13 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) |
1677 | if (jh->b_transaction == transaction && |
1678 | jh->b_jlist != BJ_Metadata) { |
1679 | jbd_lock_bh_state(bh); |
1680 | + if (jh->b_transaction == transaction && |
1681 | + jh->b_jlist != BJ_Metadata) |
1682 | + pr_err("JBD2: assertion failure: h_type=%u " |
1683 | + "h_line_no=%u block_no=%llu jlist=%u\n", |
1684 | + handle->h_type, handle->h_line_no, |
1685 | + (unsigned long long) bh->b_blocknr, |
1686 | + jh->b_jlist); |
1687 | J_ASSERT_JH(jh, jh->b_transaction != transaction || |
1688 | jh->b_jlist == BJ_Metadata); |
1689 | jbd_unlock_bh_state(bh); |
1690 | @@ -1372,11 +1379,11 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh) |
1691 | * of the transaction. This needs to be done |
1692 | * once a transaction -bzzz |
1693 | */ |
1694 | - jh->b_modified = 1; |
1695 | if (handle->h_buffer_credits <= 0) { |
1696 | ret = -ENOSPC; |
1697 | goto out_unlock_bh; |
1698 | } |
1699 | + jh->b_modified = 1; |
1700 | handle->h_buffer_credits--; |
1701 | } |
1702 | |
1703 | diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c |
1704 | index a17cb1d8415c..01e71812e174 100644 |
1705 | --- a/kernel/trace/trace_functions_graph.c |
1706 | +++ b/kernel/trace/trace_functions_graph.c |
1707 | @@ -830,6 +830,7 @@ print_graph_entry_leaf(struct trace_iterator *iter, |
1708 | struct ftrace_graph_ret *graph_ret; |
1709 | struct ftrace_graph_ent *call; |
1710 | unsigned long long duration; |
1711 | + int cpu = iter->cpu; |
1712 | int i; |
1713 | |
1714 | graph_ret = &ret_entry->ret; |
1715 | @@ -838,7 +839,6 @@ print_graph_entry_leaf(struct trace_iterator *iter, |
1716 | |
1717 | if (data) { |
1718 | struct fgraph_cpu_data *cpu_data; |
1719 | - int cpu = iter->cpu; |
1720 | |
1721 | cpu_data = per_cpu_ptr(data->cpu_data, cpu); |
1722 | |
1723 | @@ -868,6 +868,9 @@ print_graph_entry_leaf(struct trace_iterator *iter, |
1724 | |
1725 | trace_seq_printf(s, "%ps();\n", (void *)call->func); |
1726 | |
1727 | + print_graph_irq(iter, graph_ret->func, TRACE_GRAPH_RET, |
1728 | + cpu, iter->ent->pid, flags); |
1729 | + |
1730 | return trace_handle_return(s); |
1731 | } |
1732 | |
1733 | diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
1734 | index 6ff65c405243..f9e735537c37 100644 |
1735 | --- a/mm/hugetlb.c |
1736 | +++ b/mm/hugetlb.c |
1737 | @@ -2171,6 +2171,7 @@ static void __init gather_bootmem_prealloc(void) |
1738 | */ |
1739 | if (hstate_is_gigantic(h)) |
1740 | adjust_managed_page_count(page, 1 << h->order); |
1741 | + cond_resched(); |
1742 | } |
1743 | } |
1744 | |
1745 | diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
1746 | index 94018ea5f935..28240ce475d6 100644 |
1747 | --- a/mm/page_alloc.c |
1748 | +++ b/mm/page_alloc.c |
1749 | @@ -3642,7 +3642,6 @@ __alloc_pages_slowpath(gfp_t gfp_mask, unsigned int order, |
1750 | * orientated. |
1751 | */ |
1752 | if (!(alloc_flags & ALLOC_CPUSET) || (alloc_flags & ALLOC_NO_WATERMARKS)) { |
1753 | - ac->zonelist = node_zonelist(numa_node_id(), gfp_mask); |
1754 | ac->preferred_zoneref = first_zones_zonelist(ac->zonelist, |
1755 | ac->high_zoneidx, ac->nodemask); |
1756 | } |
1757 | diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c |
1758 | index d476b7950adf..a88dab33cdf6 100644 |
1759 | --- a/net/ipv4/fib_semantics.c |
1760 | +++ b/net/ipv4/fib_semantics.c |
1761 | @@ -980,7 +980,7 @@ fib_convert_metrics(struct fib_info *fi, const struct fib_config *cfg) |
1762 | return -EINVAL; |
1763 | } else { |
1764 | if (nla_len(nla) != sizeof(u32)) |
1765 | - return false; |
1766 | + return -EINVAL; |
1767 | val = nla_get_u32(nla); |
1768 | } |
1769 | if (type == RTAX_ADVMSS && val > 65535 - 40) |
1770 | diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c |
1771 | index ae0485d776f4..fc7ca1e46908 100644 |
1772 | --- a/net/ipv6/sit.c |
1773 | +++ b/net/ipv6/sit.c |
1774 | @@ -659,7 +659,6 @@ static int ipip6_rcv(struct sk_buff *skb) |
1775 | if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6), |
1776 | !net_eq(tunnel->net, dev_net(tunnel->dev)))) |
1777 | goto out; |
1778 | - iph = ip_hdr(skb); |
1779 | |
1780 | err = IP_ECN_decapsulate(iph, skb); |
1781 | if (unlikely(err)) { |
1782 | diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c |
1783 | index ffb9e8ada899..e02fed784cd0 100644 |
1784 | --- a/net/netfilter/nf_log.c |
1785 | +++ b/net/netfilter/nf_log.c |
1786 | @@ -444,14 +444,17 @@ static int nf_log_proc_dostring(struct ctl_table *table, int write, |
1787 | rcu_assign_pointer(net->nf.nf_loggers[tindex], logger); |
1788 | mutex_unlock(&nf_log_mutex); |
1789 | } else { |
1790 | + struct ctl_table tmp = *table; |
1791 | + |
1792 | + tmp.data = buf; |
1793 | mutex_lock(&nf_log_mutex); |
1794 | logger = nft_log_dereference(net->nf.nf_loggers[tindex]); |
1795 | if (!logger) |
1796 | - table->data = "NONE"; |
1797 | + strlcpy(buf, "NONE", sizeof(buf)); |
1798 | else |
1799 | - table->data = logger->name; |
1800 | - r = proc_dostring(table, write, buffer, lenp, ppos); |
1801 | + strlcpy(buf, logger->name, sizeof(buf)); |
1802 | mutex_unlock(&nf_log_mutex); |
1803 | + r = proc_dostring(&tmp, write, buffer, lenp, ppos); |
1804 | } |
1805 | |
1806 | return r; |
1807 | diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c |
1808 | index 0dd5c695482f..9d593ecd8e87 100644 |
1809 | --- a/net/netfilter/nf_tables_core.c |
1810 | +++ b/net/netfilter/nf_tables_core.c |
1811 | @@ -185,7 +185,8 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv) |
1812 | |
1813 | switch (regs.verdict.code) { |
1814 | case NFT_JUMP: |
1815 | - BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE); |
1816 | + if (WARN_ON_ONCE(stackptr >= NFT_JUMP_STACK_SIZE)) |
1817 | + return NF_DROP; |
1818 | jumpstack[stackptr].chain = chain; |
1819 | jumpstack[stackptr].rule = rule; |
1820 | jumpstack[stackptr].rulenum = rulenum; |
1821 | diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include |
1822 | index 179219845dfc..63774307a751 100644 |
1823 | --- a/scripts/Kbuild.include |
1824 | +++ b/scripts/Kbuild.include |
1825 | @@ -8,6 +8,7 @@ squote := ' |
1826 | empty := |
1827 | space := $(empty) $(empty) |
1828 | space_escape := _-_SPACE_-_ |
1829 | +pound := \# |
1830 | |
1831 | ### |
1832 | # Name of target with a '.' as filename prefix. foo/bar.o => foo/.bar.o |
1833 | @@ -241,11 +242,11 @@ endif |
1834 | |
1835 | # Replace >$< with >$$< to preserve $ when reloading the .cmd file |
1836 | # (needed for make) |
1837 | -# Replace >#< with >\#< to avoid starting a comment in the .cmd file |
1838 | +# Replace >#< with >$(pound)< to avoid starting a comment in the .cmd file |
1839 | # (needed for make) |
1840 | # Replace >'< with >'\''< to be able to enclose the whole string in '...' |
1841 | # (needed for the shell) |
1842 | -make-cmd = $(call escsq,$(subst \#,\\\#,$(subst $$,$$$$,$(cmd_$(1))))) |
1843 | +make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1))))) |
1844 | |
1845 | # Find any prerequisites that is newer than target or that does not exist. |
1846 | # PHONY targets skipped in both cases. |
1847 | diff --git a/tools/build/Build.include b/tools/build/Build.include |
1848 | index 1dcb95e76f70..b8165545ddf6 100644 |
1849 | --- a/tools/build/Build.include |
1850 | +++ b/tools/build/Build.include |
1851 | @@ -12,6 +12,7 @@ |
1852 | # Convenient variables |
1853 | comma := , |
1854 | squote := ' |
1855 | +pound := \# |
1856 | |
1857 | ### |
1858 | # Name of target with a '.' as filename prefix. foo/bar.o => foo/.bar.o |
1859 | @@ -43,11 +44,11 @@ echo-cmd = $(if $($(quiet)cmd_$(1)),\ |
1860 | ### |
1861 | # Replace >$< with >$$< to preserve $ when reloading the .cmd file |
1862 | # (needed for make) |
1863 | -# Replace >#< with >\#< to avoid starting a comment in the .cmd file |
1864 | +# Replace >#< with >$(pound)< to avoid starting a comment in the .cmd file |
1865 | # (needed for make) |
1866 | # Replace >'< with >'\''< to be able to enclose the whole string in '...' |
1867 | # (needed for the shell) |
1868 | -make-cmd = $(call escsq,$(subst \#,\\\#,$(subst $$,$$$$,$(cmd_$(1))))) |
1869 | +make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1))))) |
1870 | |
1871 | ### |
1872 | # Find any prerequisites that is newer than target or that does not exist. |
1873 | diff --git a/tools/objtool/Makefile b/tools/objtool/Makefile |
1874 | index e6acc281dd37..8ae824dbfca3 100644 |
1875 | --- a/tools/objtool/Makefile |
1876 | +++ b/tools/objtool/Makefile |
1877 | @@ -35,7 +35,7 @@ CFLAGS += -Wall -Werror $(WARNINGS) -fomit-frame-pointer -O2 -g $(INCLUDES) |
1878 | LDFLAGS += -lelf $(LIBSUBCMD) |
1879 | |
1880 | # Allow old libelf to be used: |
1881 | -elfshdr := $(shell echo '\#include <libelf.h>' | $(CC) $(CFLAGS) -x c -E - | grep elf_getshdr) |
1882 | +elfshdr := $(shell echo '$(pound)include <libelf.h>' | $(CC) $(CFLAGS) -x c -E - | grep elf_getshdr) |
1883 | CFLAGS += $(if $(elfshdr),,-DLIBELF_USE_DEPRECATED) |
1884 | |
1885 | AWK = awk |
1886 | diff --git a/tools/scripts/Makefile.include b/tools/scripts/Makefile.include |
1887 | index 19edc1a7a232..7ea4438b801d 100644 |
1888 | --- a/tools/scripts/Makefile.include |
1889 | +++ b/tools/scripts/Makefile.include |
1890 | @@ -92,3 +92,5 @@ ifneq ($(silent),1) |
1891 | QUIET_INSTALL = @printf ' INSTALL %s\n' $1; |
1892 | endif |
1893 | endif |
1894 | + |
1895 | +pound := \# |