Contents of /trunk/kernel-alx-legacy/patches-4.9/0287-4.9.188-all-fixes.patch
Parent Directory | Revision Log
Revision 3608 -
(show annotations)
(download)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 41514 byte(s)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 41514 byte(s)
-added kerenl-alx-legacy pkg
1 | diff --git a/Makefile b/Makefile |
2 | index 65ed5dc69ec9..b6b54e6f67e8 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 187 |
9 | +SUBLEVEL = 188 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | @@ -400,6 +400,7 @@ KBUILD_AFLAGS_MODULE := -DMODULE |
14 | KBUILD_CFLAGS_MODULE := -DMODULE |
15 | KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds |
16 | GCC_PLUGINS_CFLAGS := |
17 | +CLANG_FLAGS := |
18 | |
19 | # Read KERNELRELEASE from include/config/kernel.release (if it exists) |
20 | KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) |
21 | @@ -506,7 +507,7 @@ endif |
22 | |
23 | ifeq ($(cc-name),clang) |
24 | ifneq ($(CROSS_COMPILE),) |
25 | -CLANG_FLAGS := --target=$(notdir $(CROSS_COMPILE:%-=%)) |
26 | +CLANG_FLAGS += --target=$(notdir $(CROSS_COMPILE:%-=%)) |
27 | GCC_TOOLCHAIN_DIR := $(dir $(shell which $(CROSS_COMPILE)elfedit)) |
28 | CLANG_FLAGS += --prefix=$(GCC_TOOLCHAIN_DIR) |
29 | GCC_TOOLCHAIN := $(realpath $(GCC_TOOLCHAIN_DIR)/..) |
30 | diff --git a/arch/arm/boot/dts/rk3288-veyron-mickey.dts b/arch/arm/boot/dts/rk3288-veyron-mickey.dts |
31 | index f36f6f459225..365382ab9ebd 100644 |
32 | --- a/arch/arm/boot/dts/rk3288-veyron-mickey.dts |
33 | +++ b/arch/arm/boot/dts/rk3288-veyron-mickey.dts |
34 | @@ -161,10 +161,6 @@ |
35 | }; |
36 | }; |
37 | |
38 | -&emmc { |
39 | - /delete-property/mmc-hs200-1_8v; |
40 | -}; |
41 | - |
42 | &i2c2 { |
43 | status = "disabled"; |
44 | }; |
45 | diff --git a/arch/arm/boot/dts/rk3288-veyron-minnie.dts b/arch/arm/boot/dts/rk3288-veyron-minnie.dts |
46 | index f72d616d1bf8..9647d9b6b299 100644 |
47 | --- a/arch/arm/boot/dts/rk3288-veyron-minnie.dts |
48 | +++ b/arch/arm/boot/dts/rk3288-veyron-minnie.dts |
49 | @@ -125,10 +125,6 @@ |
50 | power-supply = <&backlight_regulator>; |
51 | }; |
52 | |
53 | -&emmc { |
54 | - /delete-property/mmc-hs200-1_8v; |
55 | -}; |
56 | - |
57 | &gpio_keys { |
58 | pinctrl-0 = <&pwr_key_l &ap_lid_int_l &volum_down_l &volum_up_l>; |
59 | |
60 | diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi |
61 | index 17ec2e2d7a60..30f1384f619b 100644 |
62 | --- a/arch/arm/boot/dts/rk3288.dtsi |
63 | +++ b/arch/arm/boot/dts/rk3288.dtsi |
64 | @@ -210,6 +210,7 @@ |
65 | <GIC_PPI 11 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_HIGH)>, |
66 | <GIC_PPI 10 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_HIGH)>; |
67 | clock-frequency = <24000000>; |
68 | + arm,no-tick-in-suspend; |
69 | }; |
70 | |
71 | timer: timer@ff810000 { |
72 | diff --git a/arch/arm/mach-rpc/dma.c b/arch/arm/mach-rpc/dma.c |
73 | index 6d3517dc4772..82aac38fa2cf 100644 |
74 | --- a/arch/arm/mach-rpc/dma.c |
75 | +++ b/arch/arm/mach-rpc/dma.c |
76 | @@ -131,7 +131,7 @@ static irqreturn_t iomd_dma_handle(int irq, void *dev_id) |
77 | } while (1); |
78 | |
79 | idma->state = ~DMA_ST_AB; |
80 | - disable_irq(irq); |
81 | + disable_irq_nosync(irq); |
82 | |
83 | return IRQ_HANDLED; |
84 | } |
85 | @@ -174,6 +174,9 @@ static void iomd_enable_dma(unsigned int chan, dma_t *dma) |
86 | DMA_FROM_DEVICE : DMA_TO_DEVICE); |
87 | } |
88 | |
89 | + idma->dma_addr = idma->dma.sg->dma_address; |
90 | + idma->dma_len = idma->dma.sg->length; |
91 | + |
92 | iomd_writeb(DMA_CR_C, dma_base + CR); |
93 | idma->state = DMA_ST_AB; |
94 | } |
95 | diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c |
96 | index 8ac0e5994ed2..7c6f75c2aa4d 100644 |
97 | --- a/arch/mips/lantiq/irq.c |
98 | +++ b/arch/mips/lantiq/irq.c |
99 | @@ -160,8 +160,9 @@ static int ltq_eiu_settype(struct irq_data *d, unsigned int type) |
100 | if (edge) |
101 | irq_set_handler(d->hwirq, handle_edge_irq); |
102 | |
103 | - ltq_eiu_w32(ltq_eiu_r32(LTQ_EIU_EXIN_C) | |
104 | - (val << (i * 4)), LTQ_EIU_EXIN_C); |
105 | + ltq_eiu_w32((ltq_eiu_r32(LTQ_EIU_EXIN_C) & |
106 | + (~(7 << (i * 4)))) | (val << (i * 4)), |
107 | + LTQ_EIU_EXIN_C); |
108 | } |
109 | } |
110 | |
111 | diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c |
112 | index d86e68d3c794..1912b2671f10 100644 |
113 | --- a/arch/x86/boot/compressed/misc.c |
114 | +++ b/arch/x86/boot/compressed/misc.c |
115 | @@ -15,6 +15,7 @@ |
116 | #include "error.h" |
117 | #include "../string.h" |
118 | #include "../voffset.h" |
119 | +#include <asm/bootparam_utils.h> |
120 | |
121 | /* |
122 | * WARNING!! |
123 | diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h |
124 | index 2728e1b7e4a6..a8789aa647b4 100644 |
125 | --- a/arch/x86/boot/compressed/misc.h |
126 | +++ b/arch/x86/boot/compressed/misc.h |
127 | @@ -19,7 +19,6 @@ |
128 | #include <asm/page.h> |
129 | #include <asm/boot.h> |
130 | #include <asm/bootparam.h> |
131 | -#include <asm/bootparam_utils.h> |
132 | |
133 | #define BOOT_BOOT_H |
134 | #include "../ctype.h" |
135 | diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h |
136 | index 2188b5af8167..f39fd349cef6 100644 |
137 | --- a/arch/x86/include/asm/apic.h |
138 | +++ b/arch/x86/include/asm/apic.h |
139 | @@ -50,7 +50,7 @@ static inline void generic_apic_probe(void) |
140 | |
141 | #ifdef CONFIG_X86_LOCAL_APIC |
142 | |
143 | -extern unsigned int apic_verbosity; |
144 | +extern int apic_verbosity; |
145 | extern int local_apic_timer_c2_ok; |
146 | |
147 | extern int disable_apic; |
148 | diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
149 | index 83b5b2990b49..222cb69e1219 100644 |
150 | --- a/arch/x86/include/asm/kvm_host.h |
151 | +++ b/arch/x86/include/asm/kvm_host.h |
152 | @@ -1309,25 +1309,29 @@ enum { |
153 | #define kvm_arch_vcpu_memslots_id(vcpu) ((vcpu)->arch.hflags & HF_SMM_MASK ? 1 : 0) |
154 | #define kvm_memslots_for_spte_role(kvm, role) __kvm_memslots(kvm, (role).smm) |
155 | |
156 | +asmlinkage void __noreturn kvm_spurious_fault(void); |
157 | + |
158 | /* |
159 | * Hardware virtualization extension instructions may fault if a |
160 | * reboot turns off virtualization while processes are running. |
161 | - * Trap the fault and ignore the instruction if that happens. |
162 | + * Usually after catching the fault we just panic; during reboot |
163 | + * instead the instruction is ignored. |
164 | */ |
165 | -asmlinkage void kvm_spurious_fault(void); |
166 | - |
167 | -#define ____kvm_handle_fault_on_reboot(insn, cleanup_insn) \ |
168 | - "666: " insn "\n\t" \ |
169 | - "668: \n\t" \ |
170 | - ".pushsection .fixup, \"ax\" \n" \ |
171 | - "667: \n\t" \ |
172 | - cleanup_insn "\n\t" \ |
173 | - "cmpb $0, kvm_rebooting \n\t" \ |
174 | - "jne 668b \n\t" \ |
175 | - __ASM_SIZE(push) " $666b \n\t" \ |
176 | - "jmp kvm_spurious_fault \n\t" \ |
177 | - ".popsection \n\t" \ |
178 | - _ASM_EXTABLE(666b, 667b) |
179 | +#define ____kvm_handle_fault_on_reboot(insn, cleanup_insn) \ |
180 | + "666: \n\t" \ |
181 | + insn "\n\t" \ |
182 | + "jmp 668f \n\t" \ |
183 | + "667: \n\t" \ |
184 | + "call kvm_spurious_fault \n\t" \ |
185 | + "668: \n\t" \ |
186 | + ".pushsection .fixup, \"ax\" \n\t" \ |
187 | + "700: \n\t" \ |
188 | + cleanup_insn "\n\t" \ |
189 | + "cmpb $0, kvm_rebooting\n\t" \ |
190 | + "je 667b \n\t" \ |
191 | + "jmp 668b \n\t" \ |
192 | + ".popsection \n\t" \ |
193 | + _ASM_EXTABLE(666b, 700b) |
194 | |
195 | #define __kvm_handle_fault_on_reboot(insn) \ |
196 | ____kvm_handle_fault_on_reboot(insn, "") |
197 | diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
198 | index 4f2af1ee09cb..cc9a6f680225 100644 |
199 | --- a/arch/x86/kernel/apic/apic.c |
200 | +++ b/arch/x86/kernel/apic/apic.c |
201 | @@ -183,7 +183,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR; |
202 | /* |
203 | * Debug level, exported for io_apic.c |
204 | */ |
205 | -unsigned int apic_verbosity; |
206 | +int apic_verbosity; |
207 | |
208 | int pic_mode; |
209 | |
210 | diff --git a/arch/x86/math-emu/fpu_emu.h b/arch/x86/math-emu/fpu_emu.h |
211 | index afbc4d805d66..df5aee5402c4 100644 |
212 | --- a/arch/x86/math-emu/fpu_emu.h |
213 | +++ b/arch/x86/math-emu/fpu_emu.h |
214 | @@ -176,7 +176,7 @@ static inline void reg_copy(FPU_REG const *x, FPU_REG *y) |
215 | #define setexponentpos(x,y) { (*(short *)&((x)->exp)) = \ |
216 | ((y) + EXTENDED_Ebias) & 0x7fff; } |
217 | #define exponent16(x) (*(short *)&((x)->exp)) |
218 | -#define setexponent16(x,y) { (*(short *)&((x)->exp)) = (y); } |
219 | +#define setexponent16(x,y) { (*(short *)&((x)->exp)) = (u16)(y); } |
220 | #define addexponent(x,y) { (*(short *)&((x)->exp)) += (y); } |
221 | #define stdexp(x) { (*(short *)&((x)->exp)) += EXTENDED_Ebias; } |
222 | |
223 | diff --git a/arch/x86/math-emu/reg_constant.c b/arch/x86/math-emu/reg_constant.c |
224 | index 00548354912f..382093c5072b 100644 |
225 | --- a/arch/x86/math-emu/reg_constant.c |
226 | +++ b/arch/x86/math-emu/reg_constant.c |
227 | @@ -17,7 +17,7 @@ |
228 | #include "control_w.h" |
229 | |
230 | #define MAKE_REG(s, e, l, h) { l, h, \ |
231 | - ((EXTENDED_Ebias+(e)) | ((SIGN_##s != 0)*0x8000)) } |
232 | + (u16)((EXTENDED_Ebias+(e)) | ((SIGN_##s != 0)*0x8000)) } |
233 | |
234 | FPU_REG const CONST_1 = MAKE_REG(POS, 0, 0x00000000, 0x80000000); |
235 | #if 0 |
236 | diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c |
237 | index 1680768d392c..d7db45bdfb3b 100644 |
238 | --- a/arch/x86/mm/gup.c |
239 | +++ b/arch/x86/mm/gup.c |
240 | @@ -97,6 +97,20 @@ static inline int pte_allows_gup(unsigned long pteval, int write) |
241 | return 1; |
242 | } |
243 | |
244 | +/* |
245 | + * Return the compund head page with ref appropriately incremented, |
246 | + * or NULL if that failed. |
247 | + */ |
248 | +static inline struct page *try_get_compound_head(struct page *page, int refs) |
249 | +{ |
250 | + struct page *head = compound_head(page); |
251 | + if (WARN_ON_ONCE(page_ref_count(head) < 0)) |
252 | + return NULL; |
253 | + if (unlikely(!page_cache_add_speculative(head, refs))) |
254 | + return NULL; |
255 | + return head; |
256 | +} |
257 | + |
258 | /* |
259 | * The performance critical leaf functions are made noinline otherwise gcc |
260 | * inlines everything into a single function which results in too much |
261 | @@ -112,7 +126,7 @@ static noinline int gup_pte_range(pmd_t pmd, unsigned long addr, |
262 | ptep = pte_offset_map(&pmd, addr); |
263 | do { |
264 | pte_t pte = gup_get_pte(ptep); |
265 | - struct page *page; |
266 | + struct page *head, *page; |
267 | |
268 | /* Similar to the PMD case, NUMA hinting must take slow path */ |
269 | if (pte_protnone(pte)) { |
270 | @@ -138,7 +152,21 @@ static noinline int gup_pte_range(pmd_t pmd, unsigned long addr, |
271 | } |
272 | VM_BUG_ON(!pfn_valid(pte_pfn(pte))); |
273 | page = pte_page(pte); |
274 | - get_page(page); |
275 | + |
276 | + head = try_get_compound_head(page, 1); |
277 | + if (!head) { |
278 | + put_dev_pagemap(pgmap); |
279 | + pte_unmap(ptep); |
280 | + return 0; |
281 | + } |
282 | + |
283 | + if (unlikely(pte_val(pte) != pte_val(*ptep))) { |
284 | + put_page(head); |
285 | + put_dev_pagemap(pgmap); |
286 | + pte_unmap(ptep); |
287 | + return 0; |
288 | + } |
289 | + |
290 | put_dev_pagemap(pgmap); |
291 | SetPageReferenced(page); |
292 | pages[*nr] = page; |
293 | diff --git a/drivers/android/binder.c b/drivers/android/binder.c |
294 | index 29632a6dd1c6..8056759073b0 100644 |
295 | --- a/drivers/android/binder.c |
296 | +++ b/drivers/android/binder.c |
297 | @@ -581,6 +581,12 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate, |
298 | |
299 | if (mm) { |
300 | down_write(&mm->mmap_sem); |
301 | + if (!mmget_still_valid(mm)) { |
302 | + if (allocate == 0) |
303 | + goto free_range; |
304 | + goto err_no_vma; |
305 | + } |
306 | + |
307 | vma = proc->vma; |
308 | if (vma && mm != proc->vma_vm_mm) { |
309 | pr_err("%d: vma mm and task mm mismatch\n", |
310 | diff --git a/drivers/dma/sh/rcar-dmac.c b/drivers/dma/sh/rcar-dmac.c |
311 | index f37a6ef4f544..e4fe24be3d7a 100644 |
312 | --- a/drivers/dma/sh/rcar-dmac.c |
313 | +++ b/drivers/dma/sh/rcar-dmac.c |
314 | @@ -1111,7 +1111,7 @@ rcar_dmac_prep_slave_sg(struct dma_chan *chan, struct scatterlist *sgl, |
315 | struct rcar_dmac_chan *rchan = to_rcar_dmac_chan(chan); |
316 | |
317 | /* Someone calling slave DMA on a generic channel? */ |
318 | - if (rchan->mid_rid < 0 || !sg_len) { |
319 | + if (rchan->mid_rid < 0 || !sg_len || !sg_dma_len(sgl)) { |
320 | dev_warn(chan->device->dev, |
321 | "%s: bad parameter: len=%d, id=%d\n", |
322 | __func__, sg_len, rchan->mid_rid); |
323 | diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c |
324 | index a3251faa3ed8..d3675819f561 100644 |
325 | --- a/drivers/gpio/gpiolib.c |
326 | +++ b/drivers/gpio/gpiolib.c |
327 | @@ -817,9 +817,11 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) |
328 | } |
329 | |
330 | if (eflags & GPIOEVENT_REQUEST_RISING_EDGE) |
331 | - irqflags |= IRQF_TRIGGER_RISING; |
332 | + irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? |
333 | + IRQF_TRIGGER_FALLING : IRQF_TRIGGER_RISING; |
334 | if (eflags & GPIOEVENT_REQUEST_FALLING_EDGE) |
335 | - irqflags |= IRQF_TRIGGER_FALLING; |
336 | + irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? |
337 | + IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; |
338 | irqflags |= IRQF_ONESHOT; |
339 | irqflags |= IRQF_SHARED; |
340 | |
341 | diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c |
342 | index 8d59a5905ee8..7ccf7225f75a 100644 |
343 | --- a/drivers/infiniband/hw/mlx4/main.c |
344 | +++ b/drivers/infiniband/hw/mlx4/main.c |
345 | @@ -1172,6 +1172,8 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext) |
346 | * mlx4_ib_vma_close(). |
347 | */ |
348 | down_write(&owning_mm->mmap_sem); |
349 | + if (!mmget_still_valid(owning_mm)) |
350 | + goto skip_mm; |
351 | for (i = 0; i < HW_BAR_COUNT; i++) { |
352 | vma = context->hw_bar_info[i].vma; |
353 | if (!vma) |
354 | @@ -1190,7 +1192,7 @@ static void mlx4_ib_disassociate_ucontext(struct ib_ucontext *ibcontext) |
355 | /* context going to be destroyed, should not access ops any more */ |
356 | context->hw_bar_info[i].vma->vm_ops = NULL; |
357 | } |
358 | - |
359 | +skip_mm: |
360 | up_write(&owning_mm->mmap_sem); |
361 | mmput(owning_mm); |
362 | put_task_struct(owning_process); |
363 | diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c |
364 | index b1daf5c16117..f94df0e6a0f2 100644 |
365 | --- a/drivers/infiniband/hw/mlx5/main.c |
366 | +++ b/drivers/infiniband/hw/mlx5/main.c |
367 | @@ -1307,6 +1307,8 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext) |
368 | * mlx5_ib_vma_close. |
369 | */ |
370 | down_write(&owning_mm->mmap_sem); |
371 | + if (!mmget_still_valid(owning_mm)) |
372 | + goto skip_mm; |
373 | list_for_each_entry_safe(vma_private, n, &context->vma_private_list, |
374 | list) { |
375 | vma = vma_private->vma; |
376 | @@ -1321,6 +1323,7 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext) |
377 | list_del(&vma_private->list); |
378 | kfree(vma_private); |
379 | } |
380 | +skip_mm: |
381 | up_write(&owning_mm->mmap_sem); |
382 | mmput(owning_mm); |
383 | put_task_struct(owning_process); |
384 | diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c |
385 | index f89489b28575..a7bc89f5dae7 100644 |
386 | --- a/drivers/infiniband/hw/mlx5/qp.c |
387 | +++ b/drivers/infiniband/hw/mlx5/qp.c |
388 | @@ -1421,7 +1421,6 @@ static int create_rss_raw_qp_tir(struct mlx5_ib_dev *dev, struct mlx5_ib_qp *qp, |
389 | } |
390 | |
391 | MLX5_SET(tirc, tirc, rx_hash_fn, MLX5_RX_HASH_FN_TOEPLITZ); |
392 | - MLX5_SET(tirc, tirc, rx_hash_symmetric, 1); |
393 | memcpy(rss_key, ucmd.rx_hash_key, len); |
394 | break; |
395 | } |
396 | diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c |
397 | index a37b9b6a315a..2eef811764ad 100644 |
398 | --- a/drivers/misc/eeprom/at24.c |
399 | +++ b/drivers/misc/eeprom/at24.c |
400 | @@ -777,7 +777,7 @@ static int at24_probe(struct i2c_client *client, const struct i2c_device_id *id) |
401 | at24->nvmem_config.name = dev_name(&client->dev); |
402 | at24->nvmem_config.dev = &client->dev; |
403 | at24->nvmem_config.read_only = !writable; |
404 | - at24->nvmem_config.root_only = true; |
405 | + at24->nvmem_config.root_only = !(chip.flags & AT24_FLAG_IRUGO); |
406 | at24->nvmem_config.owner = THIS_MODULE; |
407 | at24->nvmem_config.compat = true; |
408 | at24->nvmem_config.base_dev = &client->dev; |
409 | diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c |
410 | index e10a00d0d44d..d9c7fd0cabaf 100644 |
411 | --- a/drivers/mmc/host/dw_mmc.c |
412 | +++ b/drivers/mmc/host/dw_mmc.c |
413 | @@ -1864,8 +1864,7 @@ static void dw_mci_tasklet_func(unsigned long priv) |
414 | * delayed. Allowing the transfer to take place |
415 | * avoids races and keeps things simple. |
416 | */ |
417 | - if ((err != -ETIMEDOUT) && |
418 | - (cmd->opcode == MMC_SEND_TUNING_BLOCK)) { |
419 | + if (err != -ETIMEDOUT) { |
420 | state = STATE_SENDING_DATA; |
421 | continue; |
422 | } |
423 | diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c |
424 | index b2eeecb26939..289560b0f643 100644 |
425 | --- a/drivers/net/ethernet/emulex/benet/be_main.c |
426 | +++ b/drivers/net/ethernet/emulex/benet/be_main.c |
427 | @@ -4701,8 +4701,12 @@ int be_update_queues(struct be_adapter *adapter) |
428 | struct net_device *netdev = adapter->netdev; |
429 | int status; |
430 | |
431 | - if (netif_running(netdev)) |
432 | + if (netif_running(netdev)) { |
433 | + /* device cannot transmit now, avoid dev_watchdog timeouts */ |
434 | + netif_carrier_off(netdev); |
435 | + |
436 | be_close(netdev); |
437 | + } |
438 | |
439 | be_cancel_worker(adapter); |
440 | |
441 | diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c |
442 | index af82edc7fa5c..9b899af86cd5 100644 |
443 | --- a/drivers/perf/arm_pmu.c |
444 | +++ b/drivers/perf/arm_pmu.c |
445 | @@ -804,8 +804,8 @@ static int cpu_pm_pmu_notify(struct notifier_block *b, unsigned long cmd, |
446 | cpu_pm_pmu_setup(armpmu, cmd); |
447 | break; |
448 | case CPU_PM_EXIT: |
449 | - cpu_pm_pmu_setup(armpmu, cmd); |
450 | case CPU_PM_ENTER_FAILED: |
451 | + cpu_pm_pmu_setup(armpmu, cmd); |
452 | armpmu->start(armpmu); |
453 | break; |
454 | default: |
455 | diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c |
456 | index f32fc704cb7e..28c45db45aba 100644 |
457 | --- a/drivers/rapidio/devices/rio_mport_cdev.c |
458 | +++ b/drivers/rapidio/devices/rio_mport_cdev.c |
459 | @@ -1743,6 +1743,7 @@ static int rio_mport_add_riodev(struct mport_cdev_priv *priv, |
460 | |
461 | if (copy_from_user(&dev_info, arg, sizeof(dev_info))) |
462 | return -EFAULT; |
463 | + dev_info.name[sizeof(dev_info.name) - 1] = '\0'; |
464 | |
465 | rmcd_debug(RDEV, "name:%s ct:0x%x did:0x%x hc:0x%x", dev_info.name, |
466 | dev_info.comptag, dev_info.destid, dev_info.hopcount); |
467 | @@ -1874,6 +1875,7 @@ static int rio_mport_del_riodev(struct mport_cdev_priv *priv, void __user *arg) |
468 | |
469 | if (copy_from_user(&dev_info, arg, sizeof(dev_info))) |
470 | return -EFAULT; |
471 | + dev_info.name[sizeof(dev_info.name) - 1] = '\0'; |
472 | |
473 | mport = priv->md->mport; |
474 | |
475 | diff --git a/drivers/s390/block/dasd_alias.c b/drivers/s390/block/dasd_alias.c |
476 | index e453d2a7d7f9..f40d606f86c9 100644 |
477 | --- a/drivers/s390/block/dasd_alias.c |
478 | +++ b/drivers/s390/block/dasd_alias.c |
479 | @@ -382,6 +382,20 @@ suborder_not_supported(struct dasd_ccw_req *cqr) |
480 | char msg_format; |
481 | char msg_no; |
482 | |
483 | + /* |
484 | + * intrc values ENODEV, ENOLINK and EPERM |
485 | + * will be optained from sleep_on to indicate that no |
486 | + * IO operation can be started |
487 | + */ |
488 | + if (cqr->intrc == -ENODEV) |
489 | + return 1; |
490 | + |
491 | + if (cqr->intrc == -ENOLINK) |
492 | + return 1; |
493 | + |
494 | + if (cqr->intrc == -EPERM) |
495 | + return 1; |
496 | + |
497 | sense = dasd_get_sense(&cqr->irb); |
498 | if (!sense) |
499 | return 0; |
500 | @@ -446,12 +460,8 @@ static int read_unit_address_configuration(struct dasd_device *device, |
501 | lcu->flags &= ~NEED_UAC_UPDATE; |
502 | spin_unlock_irqrestore(&lcu->lock, flags); |
503 | |
504 | - do { |
505 | - rc = dasd_sleep_on(cqr); |
506 | - if (rc && suborder_not_supported(cqr)) |
507 | - return -EOPNOTSUPP; |
508 | - } while (rc && (cqr->retries > 0)); |
509 | - if (rc) { |
510 | + rc = dasd_sleep_on(cqr); |
511 | + if (rc && !suborder_not_supported(cqr)) { |
512 | spin_lock_irqsave(&lcu->lock, flags); |
513 | lcu->flags |= NEED_UAC_UPDATE; |
514 | spin_unlock_irqrestore(&lcu->lock, flags); |
515 | diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c |
516 | index abe460eac712..cc62d8cc8cfd 100644 |
517 | --- a/drivers/s390/scsi/zfcp_erp.c |
518 | +++ b/drivers/s390/scsi/zfcp_erp.c |
519 | @@ -10,6 +10,7 @@ |
520 | #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt |
521 | |
522 | #include <linux/kthread.h> |
523 | +#include <linux/bug.h> |
524 | #include "zfcp_ext.h" |
525 | #include "zfcp_reqlist.h" |
526 | |
527 | @@ -244,6 +245,12 @@ static struct zfcp_erp_action *zfcp_erp_setup_act(int need, u32 act_status, |
528 | struct zfcp_erp_action *erp_action; |
529 | struct zfcp_scsi_dev *zfcp_sdev; |
530 | |
531 | + if (WARN_ON_ONCE(need != ZFCP_ERP_ACTION_REOPEN_LUN && |
532 | + need != ZFCP_ERP_ACTION_REOPEN_PORT && |
533 | + need != ZFCP_ERP_ACTION_REOPEN_PORT_FORCED && |
534 | + need != ZFCP_ERP_ACTION_REOPEN_ADAPTER)) |
535 | + return NULL; |
536 | + |
537 | switch (need) { |
538 | case ZFCP_ERP_ACTION_REOPEN_LUN: |
539 | zfcp_sdev = sdev_to_zfcp(sdev); |
540 | diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c |
541 | index 5d04b362837d..9fdb39f377db 100644 |
542 | --- a/drivers/xen/swiotlb-xen.c |
543 | +++ b/drivers/xen/swiotlb-xen.c |
544 | @@ -365,8 +365,8 @@ xen_swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr, |
545 | /* Convert the size to actually allocated. */ |
546 | size = 1UL << (order + XEN_PAGE_SHIFT); |
547 | |
548 | - if (((dev_addr + size - 1 <= dma_mask)) || |
549 | - range_straddles_page_boundary(phys, size)) |
550 | + if (!WARN_ON((dev_addr + size - 1 > dma_mask) || |
551 | + range_straddles_page_boundary(phys, size))) |
552 | xen_destroy_contiguous_region(phys, order); |
553 | |
554 | xen_free_coherent_pages(hwdev, size, vaddr, (dma_addr_t)phys, attrs); |
555 | diff --git a/fs/adfs/super.c b/fs/adfs/super.c |
556 | index c9fdfb112933..e42c30001509 100644 |
557 | --- a/fs/adfs/super.c |
558 | +++ b/fs/adfs/super.c |
559 | @@ -368,6 +368,7 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent) |
560 | struct buffer_head *bh; |
561 | struct object_info root_obj; |
562 | unsigned char *b_data; |
563 | + unsigned int blocksize; |
564 | struct adfs_sb_info *asb; |
565 | struct inode *root; |
566 | int ret = -EINVAL; |
567 | @@ -419,8 +420,10 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent) |
568 | goto error_free_bh; |
569 | } |
570 | |
571 | + blocksize = 1 << dr->log2secsize; |
572 | brelse(bh); |
573 | - if (sb_set_blocksize(sb, 1 << dr->log2secsize)) { |
574 | + |
575 | + if (sb_set_blocksize(sb, blocksize)) { |
576 | bh = sb_bread(sb, ADFS_DISCRECORD / sb->s_blocksize); |
577 | if (!bh) { |
578 | adfs_error(sb, "couldn't read superblock on " |
579 | diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c |
580 | index a45f26ac5da7..d9e49705a289 100644 |
581 | --- a/fs/btrfs/send.c |
582 | +++ b/fs/btrfs/send.c |
583 | @@ -5835,68 +5835,21 @@ static int changed_extent(struct send_ctx *sctx, |
584 | { |
585 | int ret = 0; |
586 | |
587 | - if (sctx->cur_ino != sctx->cmp_key->objectid) { |
588 | - |
589 | - if (result == BTRFS_COMPARE_TREE_CHANGED) { |
590 | - struct extent_buffer *leaf_l; |
591 | - struct extent_buffer *leaf_r; |
592 | - struct btrfs_file_extent_item *ei_l; |
593 | - struct btrfs_file_extent_item *ei_r; |
594 | - |
595 | - leaf_l = sctx->left_path->nodes[0]; |
596 | - leaf_r = sctx->right_path->nodes[0]; |
597 | - ei_l = btrfs_item_ptr(leaf_l, |
598 | - sctx->left_path->slots[0], |
599 | - struct btrfs_file_extent_item); |
600 | - ei_r = btrfs_item_ptr(leaf_r, |
601 | - sctx->right_path->slots[0], |
602 | - struct btrfs_file_extent_item); |
603 | - |
604 | - /* |
605 | - * We may have found an extent item that has changed |
606 | - * only its disk_bytenr field and the corresponding |
607 | - * inode item was not updated. This case happens due to |
608 | - * very specific timings during relocation when a leaf |
609 | - * that contains file extent items is COWed while |
610 | - * relocation is ongoing and its in the stage where it |
611 | - * updates data pointers. So when this happens we can |
612 | - * safely ignore it since we know it's the same extent, |
613 | - * but just at different logical and physical locations |
614 | - * (when an extent is fully replaced with a new one, we |
615 | - * know the generation number must have changed too, |
616 | - * since snapshot creation implies committing the current |
617 | - * transaction, and the inode item must have been updated |
618 | - * as well). |
619 | - * This replacement of the disk_bytenr happens at |
620 | - * relocation.c:replace_file_extents() through |
621 | - * relocation.c:btrfs_reloc_cow_block(). |
622 | - */ |
623 | - if (btrfs_file_extent_generation(leaf_l, ei_l) == |
624 | - btrfs_file_extent_generation(leaf_r, ei_r) && |
625 | - btrfs_file_extent_ram_bytes(leaf_l, ei_l) == |
626 | - btrfs_file_extent_ram_bytes(leaf_r, ei_r) && |
627 | - btrfs_file_extent_compression(leaf_l, ei_l) == |
628 | - btrfs_file_extent_compression(leaf_r, ei_r) && |
629 | - btrfs_file_extent_encryption(leaf_l, ei_l) == |
630 | - btrfs_file_extent_encryption(leaf_r, ei_r) && |
631 | - btrfs_file_extent_other_encoding(leaf_l, ei_l) == |
632 | - btrfs_file_extent_other_encoding(leaf_r, ei_r) && |
633 | - btrfs_file_extent_type(leaf_l, ei_l) == |
634 | - btrfs_file_extent_type(leaf_r, ei_r) && |
635 | - btrfs_file_extent_disk_bytenr(leaf_l, ei_l) != |
636 | - btrfs_file_extent_disk_bytenr(leaf_r, ei_r) && |
637 | - btrfs_file_extent_disk_num_bytes(leaf_l, ei_l) == |
638 | - btrfs_file_extent_disk_num_bytes(leaf_r, ei_r) && |
639 | - btrfs_file_extent_offset(leaf_l, ei_l) == |
640 | - btrfs_file_extent_offset(leaf_r, ei_r) && |
641 | - btrfs_file_extent_num_bytes(leaf_l, ei_l) == |
642 | - btrfs_file_extent_num_bytes(leaf_r, ei_r)) |
643 | - return 0; |
644 | - } |
645 | - |
646 | - inconsistent_snapshot_error(sctx, result, "extent"); |
647 | - return -EIO; |
648 | - } |
649 | + /* |
650 | + * We have found an extent item that changed without the inode item |
651 | + * having changed. This can happen either after relocation (where the |
652 | + * disk_bytenr of an extent item is replaced at |
653 | + * relocation.c:replace_file_extents()) or after deduplication into a |
654 | + * file in both the parent and send snapshots (where an extent item can |
655 | + * get modified or replaced with a new one). Note that deduplication |
656 | + * updates the inode item, but it only changes the iversion (sequence |
657 | + * field in the inode item) of the inode, so if a file is deduplicated |
658 | + * the same amount of times in both the parent and send snapshots, its |
659 | + * iversion becames the same in both snapshots, whence the inode item is |
660 | + * the same on both snapshots. |
661 | + */ |
662 | + if (sctx->cur_ino != sctx->cmp_key->objectid) |
663 | + return 0; |
664 | |
665 | if (!sctx->cur_inode_new_gen && !sctx->cur_inode_deleted) { |
666 | if (result != BTRFS_COMPARE_TREE_DELETED) |
667 | diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c |
668 | index 94b61afe996c..70aa22a8a9cc 100644 |
669 | --- a/fs/btrfs/volumes.c |
670 | +++ b/fs/btrfs/volumes.c |
671 | @@ -5072,8 +5072,7 @@ static inline int btrfs_chunk_max_errors(struct map_lookup *map) |
672 | |
673 | if (map->type & (BTRFS_BLOCK_GROUP_RAID1 | |
674 | BTRFS_BLOCK_GROUP_RAID10 | |
675 | - BTRFS_BLOCK_GROUP_RAID5 | |
676 | - BTRFS_BLOCK_GROUP_DUP)) { |
677 | + BTRFS_BLOCK_GROUP_RAID5)) { |
678 | max_errors = 1; |
679 | } else if (map->type & BTRFS_BLOCK_GROUP_RAID6) { |
680 | max_errors = 2; |
681 | diff --git a/fs/ceph/super.h b/fs/ceph/super.h |
682 | index 622d5dd9f616..9bd0d928057b 100644 |
683 | --- a/fs/ceph/super.h |
684 | +++ b/fs/ceph/super.h |
685 | @@ -476,7 +476,12 @@ static inline void __ceph_dir_set_complete(struct ceph_inode_info *ci, |
686 | long long release_count, |
687 | long long ordered_count) |
688 | { |
689 | - smp_mb__before_atomic(); |
690 | + /* |
691 | + * Makes sure operations that setup readdir cache (update page |
692 | + * cache and i_size) are strongly ordered w.r.t. the following |
693 | + * atomic64_set() operations. |
694 | + */ |
695 | + smp_mb(); |
696 | atomic64_set(&ci->i_complete_seq[0], release_count); |
697 | atomic64_set(&ci->i_complete_seq[1], ordered_count); |
698 | } |
699 | diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c |
700 | index 75267cdd5dfd..81144a8c0927 100644 |
701 | --- a/fs/ceph/xattr.c |
702 | +++ b/fs/ceph/xattr.c |
703 | @@ -74,7 +74,7 @@ static size_t ceph_vxattrcb_layout(struct ceph_inode_info *ci, char *val, |
704 | const char *ns_field = " pool_namespace="; |
705 | char buf[128]; |
706 | size_t len, total_len = 0; |
707 | - int ret; |
708 | + ssize_t ret; |
709 | |
710 | pool_ns = ceph_try_get_string(ci->i_layout.pool_ns); |
711 | |
712 | @@ -98,11 +98,8 @@ static size_t ceph_vxattrcb_layout(struct ceph_inode_info *ci, char *val, |
713 | if (pool_ns) |
714 | total_len += strlen(ns_field) + pool_ns->len; |
715 | |
716 | - if (!size) { |
717 | - ret = total_len; |
718 | - } else if (total_len > size) { |
719 | - ret = -ERANGE; |
720 | - } else { |
721 | + ret = total_len; |
722 | + if (size >= total_len) { |
723 | memcpy(val, buf, len); |
724 | ret = len; |
725 | if (pool_name) { |
726 | @@ -757,8 +754,11 @@ ssize_t __ceph_getxattr(struct inode *inode, const char *name, void *value, |
727 | vxattr = ceph_match_vxattr(inode, name); |
728 | if (vxattr) { |
729 | err = -ENODATA; |
730 | - if (!(vxattr->exists_cb && !vxattr->exists_cb(ci))) |
731 | + if (!(vxattr->exists_cb && !vxattr->exists_cb(ci))) { |
732 | err = vxattr->getxattr_cb(ci, value, size); |
733 | + if (size && size < err) |
734 | + err = -ERANGE; |
735 | + } |
736 | return err; |
737 | } |
738 | |
739 | diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c |
740 | index 822629126e89..ff9b5cf8ff01 100644 |
741 | --- a/fs/coda/psdev.c |
742 | +++ b/fs/coda/psdev.c |
743 | @@ -187,8 +187,11 @@ static ssize_t coda_psdev_write(struct file *file, const char __user *buf, |
744 | if (req->uc_opcode == CODA_OPEN_BY_FD) { |
745 | struct coda_open_by_fd_out *outp = |
746 | (struct coda_open_by_fd_out *)req->uc_data; |
747 | - if (!outp->oh.result) |
748 | + if (!outp->oh.result) { |
749 | outp->fh = fget(outp->fd); |
750 | + if (!outp->fh) |
751 | + return -EBADF; |
752 | + } |
753 | } |
754 | |
755 | wake_up(&req->uc_sleep); |
756 | diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
757 | index 5138e781737a..4b207b10db03 100644 |
758 | --- a/fs/proc/task_mmu.c |
759 | +++ b/fs/proc/task_mmu.c |
760 | @@ -1057,6 +1057,24 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf, |
761 | count = -EINTR; |
762 | goto out_mm; |
763 | } |
764 | + /* |
765 | + * Avoid to modify vma->vm_flags |
766 | + * without locked ops while the |
767 | + * coredump reads the vm_flags. |
768 | + */ |
769 | + if (!mmget_still_valid(mm)) { |
770 | + /* |
771 | + * Silently return "count" |
772 | + * like if get_task_mm() |
773 | + * failed. FIXME: should this |
774 | + * function have returned |
775 | + * -ESRCH if get_task_mm() |
776 | + * failed like if |
777 | + * get_proc_task() fails? |
778 | + */ |
779 | + up_write(&mm->mmap_sem); |
780 | + goto out_mm; |
781 | + } |
782 | for (vma = mm->mmap; vma; vma = vma->vm_next) { |
783 | vma->vm_flags &= ~VM_SOFTDIRTY; |
784 | vma_set_page_prot(vma); |
785 | diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c |
786 | index 784d667475ae..8bf425a103f0 100644 |
787 | --- a/fs/userfaultfd.c |
788 | +++ b/fs/userfaultfd.c |
789 | @@ -479,6 +479,8 @@ static int userfaultfd_release(struct inode *inode, struct file *file) |
790 | * taking the mmap_sem for writing. |
791 | */ |
792 | down_write(&mm->mmap_sem); |
793 | + if (!mmget_still_valid(mm)) |
794 | + goto skip_mm; |
795 | prev = NULL; |
796 | for (vma = mm->mmap; vma; vma = vma->vm_next) { |
797 | cond_resched(); |
798 | @@ -501,6 +503,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file) |
799 | vma->vm_flags = new_flags; |
800 | vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; |
801 | } |
802 | +skip_mm: |
803 | up_write(&mm->mmap_sem); |
804 | mmput(mm); |
805 | wakeup: |
806 | @@ -802,6 +805,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, |
807 | goto out; |
808 | |
809 | down_write(&mm->mmap_sem); |
810 | + if (!mmget_still_valid(mm)) |
811 | + goto out_unlock; |
812 | + |
813 | vma = find_vma_prev(mm, start, &prev); |
814 | if (!vma) |
815 | goto out_unlock; |
816 | @@ -947,6 +953,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, |
817 | goto out; |
818 | |
819 | down_write(&mm->mmap_sem); |
820 | + if (!mmget_still_valid(mm)) |
821 | + goto out_unlock; |
822 | + |
823 | vma = find_vma_prev(mm, start, &prev); |
824 | if (!vma) |
825 | goto out_unlock; |
826 | diff --git a/include/linux/acpi.h b/include/linux/acpi.h |
827 | index ca2b4c4aec42..719eb97217a3 100644 |
828 | --- a/include/linux/acpi.h |
829 | +++ b/include/linux/acpi.h |
830 | @@ -309,7 +309,10 @@ void acpi_set_irq_model(enum acpi_irq_model_id model, |
831 | #ifdef CONFIG_X86_IO_APIC |
832 | extern int acpi_get_override_irq(u32 gsi, int *trigger, int *polarity); |
833 | #else |
834 | -#define acpi_get_override_irq(gsi, trigger, polarity) (-1) |
835 | +static inline int acpi_get_override_irq(u32 gsi, int *trigger, int *polarity) |
836 | +{ |
837 | + return -1; |
838 | +} |
839 | #endif |
840 | /* |
841 | * This function undoes the effect of one call to acpi_register_gsi(). |
842 | diff --git a/include/linux/coda.h b/include/linux/coda.h |
843 | index d30209b9cef8..0ca0c83fdb1c 100644 |
844 | --- a/include/linux/coda.h |
845 | +++ b/include/linux/coda.h |
846 | @@ -58,8 +58,7 @@ Mellon the rights to redistribute these changes without encumbrance. |
847 | #ifndef _CODA_HEADER_ |
848 | #define _CODA_HEADER_ |
849 | |
850 | -#if defined(__linux__) |
851 | typedef unsigned long long u_quad_t; |
852 | -#endif |
853 | + |
854 | #include <uapi/linux/coda.h> |
855 | #endif |
856 | diff --git a/include/linux/coda_psdev.h b/include/linux/coda_psdev.h |
857 | index 5b8721efa948..fe1466daf291 100644 |
858 | --- a/include/linux/coda_psdev.h |
859 | +++ b/include/linux/coda_psdev.h |
860 | @@ -19,6 +19,17 @@ struct venus_comm { |
861 | struct mutex vc_mutex; |
862 | }; |
863 | |
864 | +/* messages between coda filesystem in kernel and Venus */ |
865 | +struct upc_req { |
866 | + struct list_head uc_chain; |
867 | + caddr_t uc_data; |
868 | + u_short uc_flags; |
869 | + u_short uc_inSize; /* Size is at most 5000 bytes */ |
870 | + u_short uc_outSize; |
871 | + u_short uc_opcode; /* copied from data to save lookup */ |
872 | + int uc_unique; |
873 | + wait_queue_head_t uc_sleep; /* process' wait queue */ |
874 | +}; |
875 | |
876 | static inline struct venus_comm *coda_vcp(struct super_block *sb) |
877 | { |
878 | diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
879 | index 3050de0dac96..0020ee1cab37 100644 |
880 | --- a/include/linux/compiler.h |
881 | +++ b/include/linux/compiler.h |
882 | @@ -54,6 +54,22 @@ extern void __chk_io_ptr(const volatile void __iomem *); |
883 | |
884 | #ifdef __KERNEL__ |
885 | |
886 | +/* |
887 | + * Minimal backport of compiler_attributes.h to add support for __copy |
888 | + * to v4.9.y so that we can use it in init/exit_module to avoid |
889 | + * -Werror=missing-attributes errors on GCC 9. |
890 | + */ |
891 | +#ifndef __has_attribute |
892 | +# define __has_attribute(x) __GCC4_has_attribute_##x |
893 | +# define __GCC4_has_attribute___copy__ 0 |
894 | +#endif |
895 | + |
896 | +#if __has_attribute(__copy__) |
897 | +# define __copy(symbol) __attribute__((__copy__(symbol))) |
898 | +#else |
899 | +# define __copy(symbol) |
900 | +#endif |
901 | + |
902 | #ifdef __GNUC__ |
903 | #include <linux/compiler-gcc.h> |
904 | #endif |
905 | diff --git a/include/linux/mm.h b/include/linux/mm.h |
906 | index 478466081265..ade072a6fd24 100644 |
907 | --- a/include/linux/mm.h |
908 | +++ b/include/linux/mm.h |
909 | @@ -1192,6 +1192,30 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long address, |
910 | unsigned long size, struct zap_details *); |
911 | void unmap_vmas(struct mmu_gather *tlb, struct vm_area_struct *start_vma, |
912 | unsigned long start, unsigned long end); |
913 | +/* |
914 | + * This has to be called after a get_task_mm()/mmget_not_zero() |
915 | + * followed by taking the mmap_sem for writing before modifying the |
916 | + * vmas or anything the coredump pretends not to change from under it. |
917 | + * |
918 | + * It also has to be called when mmgrab() is used in the context of |
919 | + * the process, but then the mm_count refcount is transferred outside |
920 | + * the context of the process to run down_write() on that pinned mm. |
921 | + * |
922 | + * NOTE: find_extend_vma() called from GUP context is the only place |
923 | + * that can modify the "mm" (notably the vm_start/end) under mmap_sem |
924 | + * for reading and outside the context of the process, so it is also |
925 | + * the only case that holds the mmap_sem for reading that must call |
926 | + * this function. Generally if the mmap_sem is hold for reading |
927 | + * there's no need of this check after get_task_mm()/mmget_not_zero(). |
928 | + * |
929 | + * This function can be obsoleted and the check can be removed, after |
930 | + * the coredump code will hold the mmap_sem for writing before |
931 | + * invoking the ->core_dump methods. |
932 | + */ |
933 | +static inline bool mmget_still_valid(struct mm_struct *mm) |
934 | +{ |
935 | + return likely(!mm->core_state); |
936 | +} |
937 | |
938 | /** |
939 | * mm_walk - callbacks for walk_page_range |
940 | diff --git a/include/linux/module.h b/include/linux/module.h |
941 | index fd9e121c7b3f..99f330ae13da 100644 |
942 | --- a/include/linux/module.h |
943 | +++ b/include/linux/module.h |
944 | @@ -129,13 +129,13 @@ extern void cleanup_module(void); |
945 | #define module_init(initfn) \ |
946 | static inline initcall_t __maybe_unused __inittest(void) \ |
947 | { return initfn; } \ |
948 | - int init_module(void) __attribute__((alias(#initfn))); |
949 | + int init_module(void) __copy(initfn) __attribute__((alias(#initfn))); |
950 | |
951 | /* This is only required if you want to be unloadable. */ |
952 | #define module_exit(exitfn) \ |
953 | static inline exitcall_t __maybe_unused __exittest(void) \ |
954 | { return exitfn; } \ |
955 | - void cleanup_module(void) __attribute__((alias(#exitfn))); |
956 | + void cleanup_module(void) __copy(exitfn) __attribute__((alias(#exitfn))); |
957 | |
958 | #endif |
959 | |
960 | diff --git a/include/uapi/linux/coda_psdev.h b/include/uapi/linux/coda_psdev.h |
961 | index 79d05981fc4b..e2c44d2f7d5b 100644 |
962 | --- a/include/uapi/linux/coda_psdev.h |
963 | +++ b/include/uapi/linux/coda_psdev.h |
964 | @@ -6,19 +6,6 @@ |
965 | #define CODA_PSDEV_MAJOR 67 |
966 | #define MAX_CODADEVS 5 /* how many do we allow */ |
967 | |
968 | - |
969 | -/* messages between coda filesystem in kernel and Venus */ |
970 | -struct upc_req { |
971 | - struct list_head uc_chain; |
972 | - caddr_t uc_data; |
973 | - u_short uc_flags; |
974 | - u_short uc_inSize; /* Size is at most 5000 bytes */ |
975 | - u_short uc_outSize; |
976 | - u_short uc_opcode; /* copied from data to save lookup */ |
977 | - int uc_unique; |
978 | - wait_queue_head_t uc_sleep; /* process' wait queue */ |
979 | -}; |
980 | - |
981 | #define CODA_REQ_ASYNC 0x1 |
982 | #define CODA_REQ_READ 0x2 |
983 | #define CODA_REQ_WRITE 0x4 |
984 | diff --git a/ipc/mqueue.c b/ipc/mqueue.c |
985 | index d5491a880751..3f7dc5f341f7 100644 |
986 | --- a/ipc/mqueue.c |
987 | +++ b/ipc/mqueue.c |
988 | @@ -369,7 +369,6 @@ static void mqueue_evict_inode(struct inode *inode) |
989 | { |
990 | struct mqueue_inode_info *info; |
991 | struct user_struct *user; |
992 | - unsigned long mq_bytes, mq_treesize; |
993 | struct ipc_namespace *ipc_ns; |
994 | struct msg_msg *msg, *nmsg; |
995 | LIST_HEAD(tmp_msg); |
996 | @@ -392,16 +391,18 @@ static void mqueue_evict_inode(struct inode *inode) |
997 | free_msg(msg); |
998 | } |
999 | |
1000 | - /* Total amount of bytes accounted for the mqueue */ |
1001 | - mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) + |
1002 | - min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) * |
1003 | - sizeof(struct posix_msg_tree_node); |
1004 | - |
1005 | - mq_bytes = mq_treesize + (info->attr.mq_maxmsg * |
1006 | - info->attr.mq_msgsize); |
1007 | - |
1008 | user = info->user; |
1009 | if (user) { |
1010 | + unsigned long mq_bytes, mq_treesize; |
1011 | + |
1012 | + /* Total amount of bytes accounted for the mqueue */ |
1013 | + mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) + |
1014 | + min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) * |
1015 | + sizeof(struct posix_msg_tree_node); |
1016 | + |
1017 | + mq_bytes = mq_treesize + (info->attr.mq_maxmsg * |
1018 | + info->attr.mq_msgsize); |
1019 | + |
1020 | spin_lock(&mq_lock); |
1021 | user->mq_bytes -= mq_bytes; |
1022 | /* |
1023 | diff --git a/kernel/module.c b/kernel/module.c |
1024 | index 2325c9821f2a..fb9e07aec49e 100644 |
1025 | --- a/kernel/module.c |
1026 | +++ b/kernel/module.c |
1027 | @@ -3351,8 +3351,7 @@ static bool finished_loading(const char *name) |
1028 | sched_annotate_sleep(); |
1029 | mutex_lock(&module_mutex); |
1030 | mod = find_module_all(name, strlen(name), true); |
1031 | - ret = !mod || mod->state == MODULE_STATE_LIVE |
1032 | - || mod->state == MODULE_STATE_GOING; |
1033 | + ret = !mod || mod->state == MODULE_STATE_LIVE; |
1034 | mutex_unlock(&module_mutex); |
1035 | |
1036 | return ret; |
1037 | @@ -3515,8 +3514,7 @@ again: |
1038 | mutex_lock(&module_mutex); |
1039 | old = find_module_all(mod->name, strlen(mod->name), true); |
1040 | if (old != NULL) { |
1041 | - if (old->state == MODULE_STATE_COMING |
1042 | - || old->state == MODULE_STATE_UNFORMED) { |
1043 | + if (old->state != MODULE_STATE_LIVE) { |
1044 | /* Wait in case it fails to load. */ |
1045 | mutex_unlock(&module_mutex); |
1046 | err = wait_event_interruptible(module_wq, |
1047 | diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
1048 | index 0043aef0ed8d..77109b9cf733 100644 |
1049 | --- a/kernel/trace/ftrace.c |
1050 | +++ b/kernel/trace/ftrace.c |
1051 | @@ -1631,6 +1631,11 @@ static bool test_rec_ops_needs_regs(struct dyn_ftrace *rec) |
1052 | return keep_regs; |
1053 | } |
1054 | |
1055 | +static struct ftrace_ops * |
1056 | +ftrace_find_tramp_ops_any(struct dyn_ftrace *rec); |
1057 | +static struct ftrace_ops * |
1058 | +ftrace_find_tramp_ops_next(struct dyn_ftrace *rec, struct ftrace_ops *ops); |
1059 | + |
1060 | static bool __ftrace_hash_rec_update(struct ftrace_ops *ops, |
1061 | int filter_hash, |
1062 | bool inc) |
1063 | @@ -1759,15 +1764,17 @@ static bool __ftrace_hash_rec_update(struct ftrace_ops *ops, |
1064 | } |
1065 | |
1066 | /* |
1067 | - * If the rec had TRAMP enabled, then it needs to |
1068 | - * be cleared. As TRAMP can only be enabled iff |
1069 | - * there is only a single ops attached to it. |
1070 | - * In otherwords, always disable it on decrementing. |
1071 | - * In the future, we may set it if rec count is |
1072 | - * decremented to one, and the ops that is left |
1073 | - * has a trampoline. |
1074 | + * The TRAMP needs to be set only if rec count |
1075 | + * is decremented to one, and the ops that is |
1076 | + * left has a trampoline. As TRAMP can only be |
1077 | + * enabled if there is only a single ops attached |
1078 | + * to it. |
1079 | */ |
1080 | - rec->flags &= ~FTRACE_FL_TRAMP; |
1081 | + if (ftrace_rec_count(rec) == 1 && |
1082 | + ftrace_find_tramp_ops_any(rec)) |
1083 | + rec->flags |= FTRACE_FL_TRAMP; |
1084 | + else |
1085 | + rec->flags &= ~FTRACE_FL_TRAMP; |
1086 | |
1087 | /* |
1088 | * flags will be cleared in ftrace_check_record() |
1089 | @@ -1960,11 +1967,6 @@ static void print_ip_ins(const char *fmt, const unsigned char *p) |
1090 | printk(KERN_CONT "%s%02x", i ? ":" : "", p[i]); |
1091 | } |
1092 | |
1093 | -static struct ftrace_ops * |
1094 | -ftrace_find_tramp_ops_any(struct dyn_ftrace *rec); |
1095 | -static struct ftrace_ops * |
1096 | -ftrace_find_tramp_ops_next(struct dyn_ftrace *rec, struct ftrace_ops *ops); |
1097 | - |
1098 | enum ftrace_bug_type ftrace_bug_type; |
1099 | const void *ftrace_expected; |
1100 | |
1101 | diff --git a/mm/cma.c b/mm/cma.c |
1102 | index 4ea0f32761c1..7cb569a188c4 100644 |
1103 | --- a/mm/cma.c |
1104 | +++ b/mm/cma.c |
1105 | @@ -268,6 +268,12 @@ int __init cma_declare_contiguous(phys_addr_t base, |
1106 | */ |
1107 | alignment = max(alignment, (phys_addr_t)PAGE_SIZE << |
1108 | max_t(unsigned long, MAX_ORDER - 1, pageblock_order)); |
1109 | + if (fixed && base & (alignment - 1)) { |
1110 | + ret = -EINVAL; |
1111 | + pr_err("Region at %pa must be aligned to %pa bytes\n", |
1112 | + &base, &alignment); |
1113 | + goto err; |
1114 | + } |
1115 | base = ALIGN(base, alignment); |
1116 | size = ALIGN(size, alignment); |
1117 | limit &= ~(alignment - 1); |
1118 | @@ -298,6 +304,13 @@ int __init cma_declare_contiguous(phys_addr_t base, |
1119 | if (limit == 0 || limit > memblock_end) |
1120 | limit = memblock_end; |
1121 | |
1122 | + if (base + size > limit) { |
1123 | + ret = -EINVAL; |
1124 | + pr_err("Size (%pa) of region at %pa exceeds limit (%pa)\n", |
1125 | + &size, &base, &limit); |
1126 | + goto err; |
1127 | + } |
1128 | + |
1129 | /* Reserve memory */ |
1130 | if (fixed) { |
1131 | if (memblock_is_region_reserved(base, size) || |
1132 | diff --git a/mm/khugepaged.c b/mm/khugepaged.c |
1133 | index e0cfc3a54b6a..8217ee5d66ef 100644 |
1134 | --- a/mm/khugepaged.c |
1135 | +++ b/mm/khugepaged.c |
1136 | @@ -1004,6 +1004,9 @@ static void collapse_huge_page(struct mm_struct *mm, |
1137 | * handled by the anon_vma lock + PG_lock. |
1138 | */ |
1139 | down_write(&mm->mmap_sem); |
1140 | + result = SCAN_ANY_PROCESS; |
1141 | + if (!mmget_still_valid(mm)) |
1142 | + goto out; |
1143 | result = hugepage_vma_revalidate(mm, address, &vma); |
1144 | if (result) |
1145 | goto out; |
1146 | diff --git a/mm/mmap.c b/mm/mmap.c |
1147 | index 3f2314ad6acd..19368fbba42a 100644 |
1148 | --- a/mm/mmap.c |
1149 | +++ b/mm/mmap.c |
1150 | @@ -2448,7 +2448,8 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) |
1151 | vma = find_vma_prev(mm, addr, &prev); |
1152 | if (vma && (vma->vm_start <= addr)) |
1153 | return vma; |
1154 | - if (!prev || expand_stack(prev, addr)) |
1155 | + /* don't alter vm_end if the coredump is running */ |
1156 | + if (!prev || !mmget_still_valid(mm) || expand_stack(prev, addr)) |
1157 | return NULL; |
1158 | if (prev->vm_flags & VM_LOCKED) |
1159 | populate_vma_page_range(prev, addr, prev->vm_end, NULL); |
1160 | @@ -2474,6 +2475,9 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr) |
1161 | return vma; |
1162 | if (!(vma->vm_flags & VM_GROWSDOWN)) |
1163 | return NULL; |
1164 | + /* don't alter vm_start if the coredump is running */ |
1165 | + if (!mmget_still_valid(mm)) |
1166 | + return NULL; |
1167 | start = vma->vm_start; |
1168 | if (expand_stack(vma, addr)) |
1169 | return NULL; |
1170 | diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c |
1171 | index c483de590ba3..af9cc839856f 100644 |
1172 | --- a/security/selinux/ss/policydb.c |
1173 | +++ b/security/selinux/ss/policydb.c |
1174 | @@ -266,6 +266,8 @@ static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) |
1175 | return v; |
1176 | } |
1177 | |
1178 | +static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap); |
1179 | + |
1180 | /* |
1181 | * Initialize a policy database structure. |
1182 | */ |
1183 | @@ -313,8 +315,10 @@ static int policydb_init(struct policydb *p) |
1184 | out: |
1185 | hashtab_destroy(p->filename_trans); |
1186 | hashtab_destroy(p->range_tr); |
1187 | - for (i = 0; i < SYM_NUM; i++) |
1188 | + for (i = 0; i < SYM_NUM; i++) { |
1189 | + hashtab_map(p->symtab[i].table, destroy_f[i], NULL); |
1190 | hashtab_destroy(p->symtab[i].table); |
1191 | + } |
1192 | return rc; |
1193 | } |
1194 | |
1195 | diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c |
1196 | index dd4ed7c3c062..d84c28eac262 100644 |
1197 | --- a/tools/objtool/elf.c |
1198 | +++ b/tools/objtool/elf.c |
1199 | @@ -305,7 +305,7 @@ static int read_symbols(struct elf *elf) |
1200 | if (sym->type != STT_FUNC) |
1201 | continue; |
1202 | sym->pfunc = sym->cfunc = sym; |
1203 | - coldstr = strstr(sym->name, ".cold."); |
1204 | + coldstr = strstr(sym->name, ".cold"); |
1205 | if (!coldstr) |
1206 | continue; |
1207 |