Annotation of /trunk/kernel-alx-legacy/patches-4.9/0295-4.9.196-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3608 -
(hide annotations)
(download)
Fri Aug 14 07:34:29 2020 UTC (3 years, 10 months ago) by niro
File size: 45803 byte(s)
Fri Aug 14 07:34:29 2020 UTC (3 years, 10 months ago) by niro
File size: 45803 byte(s)
-added kerenl-alx-legacy pkg
| 1 | niro | 3608 | diff --git a/Makefile b/Makefile |
| 2 | index bee0218e3fb5..194c35eff19c 100644 | ||
| 3 | --- a/Makefile | ||
| 4 | +++ b/Makefile | ||
| 5 | @@ -1,6 +1,6 @@ | ||
| 6 | VERSION = 4 | ||
| 7 | PATCHLEVEL = 9 | ||
| 8 | -SUBLEVEL = 195 | ||
| 9 | +SUBLEVEL = 196 | ||
| 10 | EXTRAVERSION = | ||
| 11 | NAME = Roaring Lionus | ||
| 12 | |||
| 13 | diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c | ||
| 14 | index 5ca207ada852..2539c8f9fb3f 100644 | ||
| 15 | --- a/arch/arm/mm/fault.c | ||
| 16 | +++ b/arch/arm/mm/fault.c | ||
| 17 | @@ -214,7 +214,7 @@ static inline bool access_error(unsigned int fsr, struct vm_area_struct *vma) | ||
| 18 | { | ||
| 19 | unsigned int mask = VM_READ | VM_WRITE | VM_EXEC; | ||
| 20 | |||
| 21 | - if (fsr & FSR_WRITE) | ||
| 22 | + if ((fsr & FSR_WRITE) && !(fsr & FSR_CM)) | ||
| 23 | mask = VM_WRITE; | ||
| 24 | if (fsr & FSR_LNX_PF) | ||
| 25 | mask = VM_EXEC; | ||
| 26 | @@ -284,7 +284,7 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) | ||
| 27 | |||
| 28 | if (user_mode(regs)) | ||
| 29 | flags |= FAULT_FLAG_USER; | ||
| 30 | - if (fsr & FSR_WRITE) | ||
| 31 | + if ((fsr & FSR_WRITE) && !(fsr & FSR_CM)) | ||
| 32 | flags |= FAULT_FLAG_WRITE; | ||
| 33 | |||
| 34 | /* | ||
| 35 | diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h | ||
| 36 | index afc1f84e763b..9bc272642d55 100644 | ||
| 37 | --- a/arch/arm/mm/fault.h | ||
| 38 | +++ b/arch/arm/mm/fault.h | ||
| 39 | @@ -5,6 +5,7 @@ | ||
| 40 | * Fault status register encodings. We steal bit 31 for our own purposes. | ||
| 41 | */ | ||
| 42 | #define FSR_LNX_PF (1 << 31) | ||
| 43 | +#define FSR_CM (1 << 13) | ||
| 44 | #define FSR_WRITE (1 << 11) | ||
| 45 | #define FSR_FS4 (1 << 10) | ||
| 46 | #define FSR_FS3_0 (15) | ||
| 47 | diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c | ||
| 48 | index f7c741358f37..241bf898adf5 100644 | ||
| 49 | --- a/arch/arm/mm/mmu.c | ||
| 50 | +++ b/arch/arm/mm/mmu.c | ||
| 51 | @@ -1168,6 +1168,22 @@ void __init adjust_lowmem_bounds(void) | ||
| 52 | */ | ||
| 53 | vmalloc_limit = (u64)(uintptr_t)vmalloc_min - PAGE_OFFSET + PHYS_OFFSET; | ||
| 54 | |||
| 55 | + /* | ||
| 56 | + * The first usable region must be PMD aligned. Mark its start | ||
| 57 | + * as MEMBLOCK_NOMAP if it isn't | ||
| 58 | + */ | ||
| 59 | + for_each_memblock(memory, reg) { | ||
| 60 | + if (!memblock_is_nomap(reg)) { | ||
| 61 | + if (!IS_ALIGNED(reg->base, PMD_SIZE)) { | ||
| 62 | + phys_addr_t len; | ||
| 63 | + | ||
| 64 | + len = round_up(reg->base, PMD_SIZE) - reg->base; | ||
| 65 | + memblock_mark_nomap(reg->base, len); | ||
| 66 | + } | ||
| 67 | + break; | ||
| 68 | + } | ||
| 69 | + } | ||
| 70 | + | ||
| 71 | for_each_memblock(memory, reg) { | ||
| 72 | phys_addr_t block_start = reg->base; | ||
| 73 | phys_addr_t block_end = reg->base + reg->size; | ||
| 74 | diff --git a/arch/arm64/include/asm/cmpxchg.h b/arch/arm64/include/asm/cmpxchg.h | ||
| 75 | index 0f2e1ab5e166..9b2e2e2e728a 100644 | ||
| 76 | --- a/arch/arm64/include/asm/cmpxchg.h | ||
| 77 | +++ b/arch/arm64/include/asm/cmpxchg.h | ||
| 78 | @@ -73,7 +73,7 @@ __XCHG_CASE( , , mb_8, dmb ish, nop, , a, l, "memory") | ||
| 79 | #undef __XCHG_CASE | ||
| 80 | |||
| 81 | #define __XCHG_GEN(sfx) \ | ||
| 82 | -static inline unsigned long __xchg##sfx(unsigned long x, \ | ||
| 83 | +static __always_inline unsigned long __xchg##sfx(unsigned long x, \ | ||
| 84 | volatile void *ptr, \ | ||
| 85 | int size) \ | ||
| 86 | { \ | ||
| 87 | @@ -115,7 +115,7 @@ __XCHG_GEN(_mb) | ||
| 88 | #define xchg(...) __xchg_wrapper( _mb, __VA_ARGS__) | ||
| 89 | |||
| 90 | #define __CMPXCHG_GEN(sfx) \ | ||
| 91 | -static inline unsigned long __cmpxchg##sfx(volatile void *ptr, \ | ||
| 92 | +static __always_inline unsigned long __cmpxchg##sfx(volatile void *ptr, \ | ||
| 93 | unsigned long old, \ | ||
| 94 | unsigned long new, \ | ||
| 95 | int size) \ | ||
| 96 | @@ -248,7 +248,7 @@ __CMPWAIT_CASE( , , 8); | ||
| 97 | #undef __CMPWAIT_CASE | ||
| 98 | |||
| 99 | #define __CMPWAIT_GEN(sfx) \ | ||
| 100 | -static inline void __cmpwait##sfx(volatile void *ptr, \ | ||
| 101 | +static __always_inline void __cmpwait##sfx(volatile void *ptr, \ | ||
| 102 | unsigned long val, \ | ||
| 103 | int size) \ | ||
| 104 | { \ | ||
| 105 | diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c | ||
| 106 | index 3cc5b2e4263c..47d50197789b 100644 | ||
| 107 | --- a/arch/mips/mm/tlbex.c | ||
| 108 | +++ b/arch/mips/mm/tlbex.c | ||
| 109 | @@ -637,7 +637,7 @@ static __maybe_unused void build_convert_pte_to_entrylo(u32 **p, | ||
| 110 | return; | ||
| 111 | } | ||
| 112 | |||
| 113 | - if (cpu_has_rixi && _PAGE_NO_EXEC) { | ||
| 114 | + if (cpu_has_rixi && !!_PAGE_NO_EXEC) { | ||
| 115 | if (fill_includes_sw_bits) { | ||
| 116 | UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL)); | ||
| 117 | } else { | ||
| 118 | diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h | ||
| 119 | index f4c7467f7465..b73ab8a7ebc3 100644 | ||
| 120 | --- a/arch/powerpc/include/asm/futex.h | ||
| 121 | +++ b/arch/powerpc/include/asm/futex.h | ||
| 122 | @@ -60,8 +60,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, | ||
| 123 | |||
| 124 | pagefault_enable(); | ||
| 125 | |||
| 126 | - if (!ret) | ||
| 127 | - *oval = oldval; | ||
| 128 | + *oval = oldval; | ||
| 129 | |||
| 130 | return ret; | ||
| 131 | } | ||
| 132 | diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S | ||
| 133 | index 92474227262b..0c8b966e8070 100644 | ||
| 134 | --- a/arch/powerpc/kernel/exceptions-64s.S | ||
| 135 | +++ b/arch/powerpc/kernel/exceptions-64s.S | ||
| 136 | @@ -467,6 +467,10 @@ EXC_COMMON_BEGIN(machine_check_handle_early) | ||
| 137 | RFI_TO_USER_OR_KERNEL | ||
| 138 | 9: | ||
| 139 | /* Deliver the machine check to host kernel in V mode. */ | ||
| 140 | +BEGIN_FTR_SECTION | ||
| 141 | + ld r10,ORIG_GPR3(r1) | ||
| 142 | + mtspr SPRN_CFAR,r10 | ||
| 143 | +END_FTR_SECTION_IFSET(CPU_FTR_CFAR) | ||
| 144 | MACHINE_CHECK_HANDLER_WINDUP | ||
| 145 | b machine_check_pSeries | ||
| 146 | |||
| 147 | diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c | ||
| 148 | index 6a3e5de544ce..a309a7a29cc6 100644 | ||
| 149 | --- a/arch/powerpc/kernel/rtas.c | ||
| 150 | +++ b/arch/powerpc/kernel/rtas.c | ||
| 151 | @@ -874,15 +874,17 @@ static int rtas_cpu_state_change_mask(enum rtas_cpu_state state, | ||
| 152 | return 0; | ||
| 153 | |||
| 154 | for_each_cpu(cpu, cpus) { | ||
| 155 | + struct device *dev = get_cpu_device(cpu); | ||
| 156 | + | ||
| 157 | switch (state) { | ||
| 158 | case DOWN: | ||
| 159 | - cpuret = cpu_down(cpu); | ||
| 160 | + cpuret = device_offline(dev); | ||
| 161 | break; | ||
| 162 | case UP: | ||
| 163 | - cpuret = cpu_up(cpu); | ||
| 164 | + cpuret = device_online(dev); | ||
| 165 | break; | ||
| 166 | } | ||
| 167 | - if (cpuret) { | ||
| 168 | + if (cpuret < 0) { | ||
| 169 | pr_debug("%s: cpu_%s for cpu#%d returned %d.\n", | ||
| 170 | __func__, | ||
| 171 | ((state == UP) ? "up" : "down"), | ||
| 172 | @@ -971,6 +973,8 @@ int rtas_ibm_suspend_me(u64 handle) | ||
| 173 | data.token = rtas_token("ibm,suspend-me"); | ||
| 174 | data.complete = &done; | ||
| 175 | |||
| 176 | + lock_device_hotplug(); | ||
| 177 | + | ||
| 178 | /* All present CPUs must be online */ | ||
| 179 | cpumask_andnot(offline_mask, cpu_present_mask, cpu_online_mask); | ||
| 180 | cpuret = rtas_online_cpus_mask(offline_mask); | ||
| 181 | @@ -1002,6 +1006,7 @@ int rtas_ibm_suspend_me(u64 handle) | ||
| 182 | __func__); | ||
| 183 | |||
| 184 | out: | ||
| 185 | + unlock_device_hotplug(); | ||
| 186 | free_cpumask_var(offline_mask); | ||
| 187 | return atomic_read(&data.error); | ||
| 188 | } | ||
| 189 | diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c | ||
| 190 | index 3784a7abfcc8..74791e8382d2 100644 | ||
| 191 | --- a/arch/powerpc/platforms/pseries/mobility.c | ||
| 192 | +++ b/arch/powerpc/platforms/pseries/mobility.c | ||
| 193 | @@ -11,6 +11,7 @@ | ||
| 194 | |||
| 195 | #include <linux/kernel.h> | ||
| 196 | #include <linux/kobject.h> | ||
| 197 | +#include <linux/sched.h> | ||
| 198 | #include <linux/smp.h> | ||
| 199 | #include <linux/stat.h> | ||
| 200 | #include <linux/completion.h> | ||
| 201 | @@ -206,7 +207,11 @@ static int update_dt_node(__be32 phandle, s32 scope) | ||
| 202 | |||
| 203 | prop_data += vd; | ||
| 204 | } | ||
| 205 | + | ||
| 206 | + cond_resched(); | ||
| 207 | } | ||
| 208 | + | ||
| 209 | + cond_resched(); | ||
| 210 | } while (rtas_rc == 1); | ||
| 211 | |||
| 212 | of_node_put(dn); | ||
| 213 | @@ -282,8 +287,12 @@ int pseries_devicetree_update(s32 scope) | ||
| 214 | add_dt_node(phandle, drc_index); | ||
| 215 | break; | ||
| 216 | } | ||
| 217 | + | ||
| 218 | + cond_resched(); | ||
| 219 | } | ||
| 220 | } | ||
| 221 | + | ||
| 222 | + cond_resched(); | ||
| 223 | } while (rc == 1); | ||
| 224 | |||
| 225 | kfree(rtas_buf); | ||
| 226 | diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c | ||
| 227 | index adb09ab87f7c..30782859d898 100644 | ||
| 228 | --- a/arch/powerpc/platforms/pseries/setup.c | ||
| 229 | +++ b/arch/powerpc/platforms/pseries/setup.c | ||
| 230 | @@ -298,6 +298,9 @@ static void pseries_lpar_idle(void) | ||
| 231 | * low power mode by ceding processor to hypervisor | ||
| 232 | */ | ||
| 233 | |||
| 234 | + if (!prep_irq_for_idle()) | ||
| 235 | + return; | ||
| 236 | + | ||
| 237 | /* Indicate to hypervisor that we are idle. */ | ||
| 238 | get_lppaca()->idle = 1; | ||
| 239 | |||
| 240 | diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c | ||
| 241 | index 2a17123130d3..224aeda1e8cc 100644 | ||
| 242 | --- a/arch/s390/hypfs/inode.c | ||
| 243 | +++ b/arch/s390/hypfs/inode.c | ||
| 244 | @@ -267,7 +267,7 @@ static int hypfs_show_options(struct seq_file *s, struct dentry *root) | ||
| 245 | static int hypfs_fill_super(struct super_block *sb, void *data, int silent) | ||
| 246 | { | ||
| 247 | struct inode *root_inode; | ||
| 248 | - struct dentry *root_dentry; | ||
| 249 | + struct dentry *root_dentry, *update_file; | ||
| 250 | int rc = 0; | ||
| 251 | struct hypfs_sb_info *sbi; | ||
| 252 | |||
| 253 | @@ -298,9 +298,10 @@ static int hypfs_fill_super(struct super_block *sb, void *data, int silent) | ||
| 254 | rc = hypfs_diag_create_files(root_dentry); | ||
| 255 | if (rc) | ||
| 256 | return rc; | ||
| 257 | - sbi->update_file = hypfs_create_update_file(root_dentry); | ||
| 258 | - if (IS_ERR(sbi->update_file)) | ||
| 259 | - return PTR_ERR(sbi->update_file); | ||
| 260 | + update_file = hypfs_create_update_file(root_dentry); | ||
| 261 | + if (IS_ERR(update_file)) | ||
| 262 | + return PTR_ERR(update_file); | ||
| 263 | + sbi->update_file = update_file; | ||
| 264 | hypfs_update_update(sb); | ||
| 265 | pr_info("Hypervisor filesystem mounted\n"); | ||
| 266 | return 0; | ||
| 267 | diff --git a/drivers/android/binder.c b/drivers/android/binder.c | ||
| 268 | index 8056759073b0..e12288c245b5 100644 | ||
| 269 | --- a/drivers/android/binder.c | ||
| 270 | +++ b/drivers/android/binder.c | ||
| 271 | @@ -334,7 +334,8 @@ enum { | ||
| 272 | BINDER_LOOPER_STATE_EXITED = 0x04, | ||
| 273 | BINDER_LOOPER_STATE_INVALID = 0x08, | ||
| 274 | BINDER_LOOPER_STATE_WAITING = 0x10, | ||
| 275 | - BINDER_LOOPER_STATE_NEED_RETURN = 0x20 | ||
| 276 | + BINDER_LOOPER_STATE_NEED_RETURN = 0x20, | ||
| 277 | + BINDER_LOOPER_STATE_POLL = 0x40, | ||
| 278 | }; | ||
| 279 | |||
| 280 | struct binder_thread { | ||
| 281 | @@ -2628,6 +2629,27 @@ static int binder_free_thread(struct binder_proc *proc, | ||
| 282 | } else | ||
| 283 | BUG(); | ||
| 284 | } | ||
| 285 | + | ||
| 286 | + /* | ||
| 287 | + * If this thread used poll, make sure we remove the waitqueue | ||
| 288 | + * from any epoll data structures holding it with POLLFREE. | ||
| 289 | + * waitqueue_active() is safe to use here because we're holding | ||
| 290 | + * the global lock. | ||
| 291 | + */ | ||
| 292 | + if ((thread->looper & BINDER_LOOPER_STATE_POLL) && | ||
| 293 | + waitqueue_active(&thread->wait)) { | ||
| 294 | + wake_up_poll(&thread->wait, POLLHUP | POLLFREE); | ||
| 295 | + } | ||
| 296 | + | ||
| 297 | + /* | ||
| 298 | + * This is needed to avoid races between wake_up_poll() above and | ||
| 299 | + * and ep_remove_waitqueue() called for other reasons (eg the epoll file | ||
| 300 | + * descriptor being closed); ep_remove_waitqueue() holds an RCU read | ||
| 301 | + * lock, so we can be sure it's done after calling synchronize_rcu(). | ||
| 302 | + */ | ||
| 303 | + if (thread->looper & BINDER_LOOPER_STATE_POLL) | ||
| 304 | + synchronize_rcu(); | ||
| 305 | + | ||
| 306 | if (send_reply) | ||
| 307 | binder_send_failed_reply(send_reply, BR_DEAD_REPLY); | ||
| 308 | binder_release_work(&thread->todo); | ||
| 309 | @@ -2651,6 +2673,8 @@ static unsigned int binder_poll(struct file *filp, | ||
| 310 | return POLLERR; | ||
| 311 | } | ||
| 312 | |||
| 313 | + thread->looper |= BINDER_LOOPER_STATE_POLL; | ||
| 314 | + | ||
| 315 | wait_for_proc_work = thread->transaction_stack == NULL && | ||
| 316 | list_empty(&thread->todo) && thread->return_error == BR_OK; | ||
| 317 | |||
| 318 | diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c | ||
| 319 | index e0a53156b782..82af65818444 100644 | ||
| 320 | --- a/drivers/char/ipmi/ipmi_si_intf.c | ||
| 321 | +++ b/drivers/char/ipmi/ipmi_si_intf.c | ||
| 322 | @@ -283,6 +283,9 @@ struct smi_info { | ||
| 323 | */ | ||
| 324 | bool irq_enable_broken; | ||
| 325 | |||
| 326 | + /* Is the driver in maintenance mode? */ | ||
| 327 | + bool in_maintenance_mode; | ||
| 328 | + | ||
| 329 | /* | ||
| 330 | * Did we get an attention that we did not handle? | ||
| 331 | */ | ||
| 332 | @@ -1093,11 +1096,20 @@ static int ipmi_thread(void *data) | ||
| 333 | spin_unlock_irqrestore(&(smi_info->si_lock), flags); | ||
| 334 | busy_wait = ipmi_thread_busy_wait(smi_result, smi_info, | ||
| 335 | &busy_until); | ||
| 336 | - if (smi_result == SI_SM_CALL_WITHOUT_DELAY) | ||
| 337 | + if (smi_result == SI_SM_CALL_WITHOUT_DELAY) { | ||
| 338 | ; /* do nothing */ | ||
| 339 | - else if (smi_result == SI_SM_CALL_WITH_DELAY && busy_wait) | ||
| 340 | - schedule(); | ||
| 341 | - else if (smi_result == SI_SM_IDLE) { | ||
| 342 | + } else if (smi_result == SI_SM_CALL_WITH_DELAY && busy_wait) { | ||
| 343 | + /* | ||
| 344 | + * In maintenance mode we run as fast as | ||
| 345 | + * possible to allow firmware updates to | ||
| 346 | + * complete as fast as possible, but normally | ||
| 347 | + * don't bang on the scheduler. | ||
| 348 | + */ | ||
| 349 | + if (smi_info->in_maintenance_mode) | ||
| 350 | + schedule(); | ||
| 351 | + else | ||
| 352 | + usleep_range(100, 200); | ||
| 353 | + } else if (smi_result == SI_SM_IDLE) { | ||
| 354 | if (atomic_read(&smi_info->need_watch)) { | ||
| 355 | schedule_timeout_interruptible(100); | ||
| 356 | } else { | ||
| 357 | @@ -1105,8 +1117,9 @@ static int ipmi_thread(void *data) | ||
| 358 | __set_current_state(TASK_INTERRUPTIBLE); | ||
| 359 | schedule(); | ||
| 360 | } | ||
| 361 | - } else | ||
| 362 | + } else { | ||
| 363 | schedule_timeout_interruptible(1); | ||
| 364 | + } | ||
| 365 | } | ||
| 366 | return 0; | ||
| 367 | } | ||
| 368 | @@ -1285,6 +1298,7 @@ static void set_maintenance_mode(void *send_info, bool enable) | ||
| 369 | |||
| 370 | if (!enable) | ||
| 371 | atomic_set(&smi_info->req_events, 0); | ||
| 372 | + smi_info->in_maintenance_mode = enable; | ||
| 373 | } | ||
| 374 | |||
| 375 | static const struct ipmi_smi_handlers handlers = { | ||
| 376 | diff --git a/drivers/clk/at91/clk-main.c b/drivers/clk/at91/clk-main.c | ||
| 377 | index c813c27f2e58..2f97a843d6d6 100644 | ||
| 378 | --- a/drivers/clk/at91/clk-main.c | ||
| 379 | +++ b/drivers/clk/at91/clk-main.c | ||
| 380 | @@ -27,6 +27,10 @@ | ||
| 381 | |||
| 382 | #define MOR_KEY_MASK (0xff << 16) | ||
| 383 | |||
| 384 | +#define clk_main_parent_select(s) (((s) & \ | ||
| 385 | + (AT91_PMC_MOSCEN | \ | ||
| 386 | + AT91_PMC_OSCBYPASS)) ? 1 : 0) | ||
| 387 | + | ||
| 388 | struct clk_main_osc { | ||
| 389 | struct clk_hw hw; | ||
| 390 | struct regmap *regmap; | ||
| 391 | @@ -119,7 +123,7 @@ static int clk_main_osc_is_prepared(struct clk_hw *hw) | ||
| 392 | |||
| 393 | regmap_read(regmap, AT91_PMC_SR, &status); | ||
| 394 | |||
| 395 | - return (status & AT91_PMC_MOSCS) && (tmp & AT91_PMC_MOSCEN); | ||
| 396 | + return (status & AT91_PMC_MOSCS) && clk_main_parent_select(tmp); | ||
| 397 | } | ||
| 398 | |||
| 399 | static const struct clk_ops main_osc_ops = { | ||
| 400 | @@ -530,7 +534,7 @@ static u8 clk_sam9x5_main_get_parent(struct clk_hw *hw) | ||
| 401 | |||
| 402 | regmap_read(clkmain->regmap, AT91_CKGR_MOR, &status); | ||
| 403 | |||
| 404 | - return status & AT91_PMC_MOSCEN ? 1 : 0; | ||
| 405 | + return clk_main_parent_select(status); | ||
| 406 | } | ||
| 407 | |||
| 408 | static const struct clk_ops sam9x5_main_ops = { | ||
| 409 | @@ -572,7 +576,7 @@ at91_clk_register_sam9x5_main(struct regmap *regmap, | ||
| 410 | clkmain->hw.init = &init; | ||
| 411 | clkmain->regmap = regmap; | ||
| 412 | regmap_read(clkmain->regmap, AT91_CKGR_MOR, &status); | ||
| 413 | - clkmain->parent = status & AT91_PMC_MOSCEN ? 1 : 0; | ||
| 414 | + clkmain->parent = clk_main_parent_select(status); | ||
| 415 | |||
| 416 | hw = &clkmain->hw; | ||
| 417 | ret = clk_hw_register(NULL, &clkmain->hw); | ||
| 418 | diff --git a/drivers/clk/clk-qoriq.c b/drivers/clk/clk-qoriq.c | ||
| 419 | index 80ae2a51452d..cdce49f6476a 100644 | ||
| 420 | --- a/drivers/clk/clk-qoriq.c | ||
| 421 | +++ b/drivers/clk/clk-qoriq.c | ||
| 422 | @@ -540,7 +540,7 @@ static const struct clockgen_chipinfo chipinfo[] = { | ||
| 423 | .guts_compat = "fsl,qoriq-device-config-1.0", | ||
| 424 | .init_periph = p5020_init_periph, | ||
| 425 | .cmux_groups = { | ||
| 426 | - &p2041_cmux_grp1, &p2041_cmux_grp2 | ||
| 427 | + &p5020_cmux_grp1, &p5020_cmux_grp2 | ||
| 428 | }, | ||
| 429 | .cmux_to_group = { | ||
| 430 | 0, 1, -1 | ||
| 431 | diff --git a/drivers/clk/sirf/clk-common.c b/drivers/clk/sirf/clk-common.c | ||
| 432 | index 77e1e2491689..edb7197cc4b4 100644 | ||
| 433 | --- a/drivers/clk/sirf/clk-common.c | ||
| 434 | +++ b/drivers/clk/sirf/clk-common.c | ||
| 435 | @@ -298,9 +298,10 @@ static u8 dmn_clk_get_parent(struct clk_hw *hw) | ||
| 436 | { | ||
| 437 | struct clk_dmn *clk = to_dmnclk(hw); | ||
| 438 | u32 cfg = clkc_readl(clk->regofs); | ||
| 439 | + const char *name = clk_hw_get_name(hw); | ||
| 440 | |||
| 441 | /* parent of io domain can only be pll3 */ | ||
| 442 | - if (strcmp(hw->init->name, "io") == 0) | ||
| 443 | + if (strcmp(name, "io") == 0) | ||
| 444 | return 4; | ||
| 445 | |||
| 446 | WARN_ON((cfg & (BIT(3) - 1)) > 4); | ||
| 447 | @@ -312,9 +313,10 @@ static int dmn_clk_set_parent(struct clk_hw *hw, u8 parent) | ||
| 448 | { | ||
| 449 | struct clk_dmn *clk = to_dmnclk(hw); | ||
| 450 | u32 cfg = clkc_readl(clk->regofs); | ||
| 451 | + const char *name = clk_hw_get_name(hw); | ||
| 452 | |||
| 453 | /* parent of io domain can only be pll3 */ | ||
| 454 | - if (strcmp(hw->init->name, "io") == 0) | ||
| 455 | + if (strcmp(name, "io") == 0) | ||
| 456 | return -EINVAL; | ||
| 457 | |||
| 458 | cfg &= ~(BIT(3) - 1); | ||
| 459 | @@ -354,7 +356,8 @@ static long dmn_clk_round_rate(struct clk_hw *hw, unsigned long rate, | ||
| 460 | { | ||
| 461 | unsigned long fin; | ||
| 462 | unsigned ratio, wait, hold; | ||
| 463 | - unsigned bits = (strcmp(hw->init->name, "mem") == 0) ? 3 : 4; | ||
| 464 | + const char *name = clk_hw_get_name(hw); | ||
| 465 | + unsigned bits = (strcmp(name, "mem") == 0) ? 3 : 4; | ||
| 466 | |||
| 467 | fin = *parent_rate; | ||
| 468 | ratio = fin / rate; | ||
| 469 | @@ -376,7 +379,8 @@ static int dmn_clk_set_rate(struct clk_hw *hw, unsigned long rate, | ||
| 470 | struct clk_dmn *clk = to_dmnclk(hw); | ||
| 471 | unsigned long fin; | ||
| 472 | unsigned ratio, wait, hold, reg; | ||
| 473 | - unsigned bits = (strcmp(hw->init->name, "mem") == 0) ? 3 : 4; | ||
| 474 | + const char *name = clk_hw_get_name(hw); | ||
| 475 | + unsigned bits = (strcmp(name, "mem") == 0) ? 3 : 4; | ||
| 476 | |||
| 477 | fin = parent_rate; | ||
| 478 | ratio = fin / rate; | ||
| 479 | diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c | ||
| 480 | index 327bdf13e8bc..b0beb5e537bc 100644 | ||
| 481 | --- a/drivers/gpu/drm/amd/amdgpu/si.c | ||
| 482 | +++ b/drivers/gpu/drm/amd/amdgpu/si.c | ||
| 483 | @@ -1606,7 +1606,7 @@ static void si_program_aspm(struct amdgpu_device *adev) | ||
| 484 | if (orig != data) | ||
| 485 | si_pif_phy1_wreg(adev,PB1_PIF_PWRDOWN_1, data); | ||
| 486 | |||
| 487 | - if ((adev->family != CHIP_OLAND) && (adev->family != CHIP_HAINAN)) { | ||
| 488 | + if ((adev->asic_type != CHIP_OLAND) && (adev->asic_type != CHIP_HAINAN)) { | ||
| 489 | orig = data = si_pif_phy0_rreg(adev,PB0_PIF_PWRDOWN_0); | ||
| 490 | data &= ~PLL_RAMP_UP_TIME_0_MASK; | ||
| 491 | if (orig != data) | ||
| 492 | @@ -1655,14 +1655,14 @@ static void si_program_aspm(struct amdgpu_device *adev) | ||
| 493 | |||
| 494 | orig = data = si_pif_phy0_rreg(adev,PB0_PIF_CNTL); | ||
| 495 | data &= ~LS2_EXIT_TIME_MASK; | ||
| 496 | - if ((adev->family == CHIP_OLAND) || (adev->family == CHIP_HAINAN)) | ||
| 497 | + if ((adev->asic_type == CHIP_OLAND) || (adev->asic_type == CHIP_HAINAN)) | ||
| 498 | data |= LS2_EXIT_TIME(5); | ||
| 499 | if (orig != data) | ||
| 500 | si_pif_phy0_wreg(adev,PB0_PIF_CNTL, data); | ||
| 501 | |||
| 502 | orig = data = si_pif_phy1_rreg(adev,PB1_PIF_CNTL); | ||
| 503 | data &= ~LS2_EXIT_TIME_MASK; | ||
| 504 | - if ((adev->family == CHIP_OLAND) || (adev->family == CHIP_HAINAN)) | ||
| 505 | + if ((adev->asic_type == CHIP_OLAND) || (adev->asic_type == CHIP_HAINAN)) | ||
| 506 | data |= LS2_EXIT_TIME(5); | ||
| 507 | if (orig != data) | ||
| 508 | si_pif_phy1_wreg(adev,PB1_PIF_CNTL, data); | ||
| 509 | diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c | ||
| 510 | index 80993a8734e0..8b6f8fac92e8 100644 | ||
| 511 | --- a/drivers/gpu/drm/bridge/tc358767.c | ||
| 512 | +++ b/drivers/gpu/drm/bridge/tc358767.c | ||
| 513 | @@ -300,7 +300,7 @@ static ssize_t tc_aux_transfer(struct drm_dp_aux *aux, | ||
| 514 | struct drm_dp_aux_msg *msg) | ||
| 515 | { | ||
| 516 | struct tc_data *tc = aux_to_tc(aux); | ||
| 517 | - size_t size = min_t(size_t, 8, msg->size); | ||
| 518 | + size_t size = min_t(size_t, DP_AUX_MAX_PAYLOAD_BYTES - 1, msg->size); | ||
| 519 | u8 request = msg->request & ~DP_AUX_I2C_MOT; | ||
| 520 | u8 *buf = msg->buffer; | ||
| 521 | u32 tmp = 0; | ||
| 522 | diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c | ||
| 523 | index c5e1aa5f1d8e..efa875120071 100644 | ||
| 524 | --- a/drivers/gpu/drm/radeon/radeon_connectors.c | ||
| 525 | +++ b/drivers/gpu/drm/radeon/radeon_connectors.c | ||
| 526 | @@ -764,7 +764,7 @@ static int radeon_connector_set_property(struct drm_connector *connector, struct | ||
| 527 | |||
| 528 | radeon_encoder->output_csc = val; | ||
| 529 | |||
| 530 | - if (connector->encoder->crtc) { | ||
| 531 | + if (connector->encoder && connector->encoder->crtc) { | ||
| 532 | struct drm_crtc *crtc = connector->encoder->crtc; | ||
| 533 | const struct drm_crtc_helper_funcs *crtc_funcs = crtc->helper_private; | ||
| 534 | struct radeon_crtc *radeon_crtc = to_radeon_crtc(crtc); | ||
| 535 | diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c | ||
| 536 | index 30bd4a6a9d46..3ccf5b28b326 100644 | ||
| 537 | --- a/drivers/gpu/drm/radeon/radeon_drv.c | ||
| 538 | +++ b/drivers/gpu/drm/radeon/radeon_drv.c | ||
| 539 | @@ -366,11 +366,19 @@ radeon_pci_remove(struct pci_dev *pdev) | ||
| 540 | static void | ||
| 541 | radeon_pci_shutdown(struct pci_dev *pdev) | ||
| 542 | { | ||
| 543 | + struct drm_device *ddev = pci_get_drvdata(pdev); | ||
| 544 | + | ||
| 545 | /* if we are running in a VM, make sure the device | ||
| 546 | * torn down properly on reboot/shutdown | ||
| 547 | */ | ||
| 548 | if (radeon_device_is_virtual()) | ||
| 549 | radeon_pci_remove(pdev); | ||
| 550 | + | ||
| 551 | + /* Some adapters need to be suspended before a | ||
| 552 | + * shutdown occurs in order to prevent an error | ||
| 553 | + * during kexec. | ||
| 554 | + */ | ||
| 555 | + radeon_suspend_kms(ddev, true, true, false); | ||
| 556 | } | ||
| 557 | |||
| 558 | static int radeon_pmops_suspend(struct device *dev) | ||
| 559 | diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c | ||
| 560 | index 65a0c79f212e..31c087e1746d 100644 | ||
| 561 | --- a/drivers/hid/hid-apple.c | ||
| 562 | +++ b/drivers/hid/hid-apple.c | ||
| 563 | @@ -55,7 +55,6 @@ MODULE_PARM_DESC(swap_opt_cmd, "Swap the Option (\"Alt\") and Command (\"Flag\") | ||
| 564 | struct apple_sc { | ||
| 565 | unsigned long quirks; | ||
| 566 | unsigned int fn_on; | ||
| 567 | - DECLARE_BITMAP(pressed_fn, KEY_CNT); | ||
| 568 | DECLARE_BITMAP(pressed_numlock, KEY_CNT); | ||
| 569 | }; | ||
| 570 | |||
| 571 | @@ -182,6 +181,8 @@ static int hidinput_apple_event(struct hid_device *hid, struct input_dev *input, | ||
| 572 | { | ||
| 573 | struct apple_sc *asc = hid_get_drvdata(hid); | ||
| 574 | const struct apple_key_translation *trans, *table; | ||
| 575 | + bool do_translate; | ||
| 576 | + u16 code = 0; | ||
| 577 | |||
| 578 | if (usage->code == KEY_FN) { | ||
| 579 | asc->fn_on = !!value; | ||
| 580 | @@ -190,8 +191,6 @@ static int hidinput_apple_event(struct hid_device *hid, struct input_dev *input, | ||
| 581 | } | ||
| 582 | |||
| 583 | if (fnmode) { | ||
| 584 | - int do_translate; | ||
| 585 | - | ||
| 586 | if (hid->product >= USB_DEVICE_ID_APPLE_WELLSPRING4_ANSI && | ||
| 587 | hid->product <= USB_DEVICE_ID_APPLE_WELLSPRING4A_JIS) | ||
| 588 | table = macbookair_fn_keys; | ||
| 589 | @@ -203,25 +202,33 @@ static int hidinput_apple_event(struct hid_device *hid, struct input_dev *input, | ||
| 590 | trans = apple_find_translation (table, usage->code); | ||
| 591 | |||
| 592 | if (trans) { | ||
| 593 | - if (test_bit(usage->code, asc->pressed_fn)) | ||
| 594 | - do_translate = 1; | ||
| 595 | - else if (trans->flags & APPLE_FLAG_FKEY) | ||
| 596 | - do_translate = (fnmode == 2 && asc->fn_on) || | ||
| 597 | - (fnmode == 1 && !asc->fn_on); | ||
| 598 | - else | ||
| 599 | - do_translate = asc->fn_on; | ||
| 600 | - | ||
| 601 | - if (do_translate) { | ||
| 602 | - if (value) | ||
| 603 | - set_bit(usage->code, asc->pressed_fn); | ||
| 604 | - else | ||
| 605 | - clear_bit(usage->code, asc->pressed_fn); | ||
| 606 | - | ||
| 607 | - input_event(input, usage->type, trans->to, | ||
| 608 | - value); | ||
| 609 | - | ||
| 610 | - return 1; | ||
| 611 | + if (test_bit(trans->from, input->key)) | ||
| 612 | + code = trans->from; | ||
| 613 | + else if (test_bit(trans->to, input->key)) | ||
| 614 | + code = trans->to; | ||
| 615 | + | ||
| 616 | + if (!code) { | ||
| 617 | + if (trans->flags & APPLE_FLAG_FKEY) { | ||
| 618 | + switch (fnmode) { | ||
| 619 | + case 1: | ||
| 620 | + do_translate = !asc->fn_on; | ||
| 621 | + break; | ||
| 622 | + case 2: | ||
| 623 | + do_translate = asc->fn_on; | ||
| 624 | + break; | ||
| 625 | + default: | ||
| 626 | + /* should never happen */ | ||
| 627 | + do_translate = false; | ||
| 628 | + } | ||
| 629 | + } else { | ||
| 630 | + do_translate = asc->fn_on; | ||
| 631 | + } | ||
| 632 | + | ||
| 633 | + code = do_translate ? trans->to : trans->from; | ||
| 634 | } | ||
| 635 | + | ||
| 636 | + input_event(input, usage->type, code, value); | ||
| 637 | + return 1; | ||
| 638 | } | ||
| 639 | |||
| 640 | if (asc->quirks & APPLE_NUMLOCK_EMULATION && | ||
| 641 | diff --git a/drivers/mfd/intel-lpss-pci.c b/drivers/mfd/intel-lpss-pci.c | ||
| 642 | index 9ff243970e93..5b41111e62fd 100644 | ||
| 643 | --- a/drivers/mfd/intel-lpss-pci.c | ||
| 644 | +++ b/drivers/mfd/intel-lpss-pci.c | ||
| 645 | @@ -39,6 +39,8 @@ static int intel_lpss_pci_probe(struct pci_dev *pdev, | ||
| 646 | info->mem = &pdev->resource[0]; | ||
| 647 | info->irq = pdev->irq; | ||
| 648 | |||
| 649 | + pdev->d3cold_delay = 0; | ||
| 650 | + | ||
| 651 | /* Probably it is enough to set this for iDMA capable devices only */ | ||
| 652 | pci_set_master(pdev); | ||
| 653 | |||
| 654 | diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | ||
| 655 | index 23d6c44dc459..9ce1ad3d950c 100644 | ||
| 656 | --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | ||
| 657 | +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | ||
| 658 | @@ -137,13 +137,12 @@ static int uldrx_handler(struct sge_rspq *q, const __be64 *rsp, | ||
| 659 | static int alloc_uld_rxqs(struct adapter *adap, | ||
| 660 | struct sge_uld_rxq_info *rxq_info, bool lro) | ||
| 661 | { | ||
| 662 | - struct sge *s = &adap->sge; | ||
| 663 | unsigned int nq = rxq_info->nrxq + rxq_info->nciq; | ||
| 664 | + int i, err, msi_idx, que_idx = 0, bmap_idx = 0; | ||
| 665 | struct sge_ofld_rxq *q = rxq_info->uldrxq; | ||
| 666 | unsigned short *ids = rxq_info->rspq_id; | ||
| 667 | - unsigned int bmap_idx = 0; | ||
| 668 | + struct sge *s = &adap->sge; | ||
| 669 | unsigned int per_chan; | ||
| 670 | - int i, err, msi_idx, que_idx = 0; | ||
| 671 | |||
| 672 | per_chan = rxq_info->nrxq / adap->params.nports; | ||
| 673 | |||
| 674 | @@ -161,6 +160,10 @@ static int alloc_uld_rxqs(struct adapter *adap, | ||
| 675 | |||
| 676 | if (msi_idx >= 0) { | ||
| 677 | bmap_idx = get_msix_idx_from_bmap(adap); | ||
| 678 | + if (bmap_idx < 0) { | ||
| 679 | + err = -ENOSPC; | ||
| 680 | + goto freeout; | ||
| 681 | + } | ||
| 682 | msi_idx = adap->msix_info_ulds[bmap_idx].idx; | ||
| 683 | } | ||
| 684 | err = t4_sge_alloc_rxq(adap, &q->rspq, false, | ||
| 685 | diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c b/drivers/net/ethernet/qlogic/qla3xxx.c | ||
| 686 | index 355c5fb802cd..c653b97d84d5 100644 | ||
| 687 | --- a/drivers/net/ethernet/qlogic/qla3xxx.c | ||
| 688 | +++ b/drivers/net/ethernet/qlogic/qla3xxx.c | ||
| 689 | @@ -2783,6 +2783,7 @@ static int ql_alloc_large_buffers(struct ql3_adapter *qdev) | ||
| 690 | netdev_err(qdev->ndev, | ||
| 691 | "PCI mapping failed with error: %d\n", | ||
| 692 | err); | ||
| 693 | + dev_kfree_skb_irq(skb); | ||
| 694 | ql_free_large_buffers(qdev); | ||
| 695 | return -ENOMEM; | ||
| 696 | } | ||
| 697 | diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c | ||
| 698 | index 66ae647b712e..27fc699d8be5 100644 | ||
| 699 | --- a/drivers/net/usb/hso.c | ||
| 700 | +++ b/drivers/net/usb/hso.c | ||
| 701 | @@ -2635,14 +2635,18 @@ static struct hso_device *hso_create_bulk_serial_device( | ||
| 702 | */ | ||
| 703 | if (serial->tiocmget) { | ||
| 704 | tiocmget = serial->tiocmget; | ||
| 705 | + tiocmget->endp = hso_get_ep(interface, | ||
| 706 | + USB_ENDPOINT_XFER_INT, | ||
| 707 | + USB_DIR_IN); | ||
| 708 | + if (!tiocmget->endp) { | ||
| 709 | + dev_err(&interface->dev, "Failed to find INT IN ep\n"); | ||
| 710 | + goto exit; | ||
| 711 | + } | ||
| 712 | + | ||
| 713 | tiocmget->urb = usb_alloc_urb(0, GFP_KERNEL); | ||
| 714 | if (tiocmget->urb) { | ||
| 715 | mutex_init(&tiocmget->mutex); | ||
| 716 | init_waitqueue_head(&tiocmget->waitq); | ||
| 717 | - tiocmget->endp = hso_get_ep( | ||
| 718 | - interface, | ||
| 719 | - USB_ENDPOINT_XFER_INT, | ||
| 720 | - USB_DIR_IN); | ||
| 721 | } else | ||
| 722 | hso_free_tiomget(serial); | ||
| 723 | } | ||
| 724 | diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c | ||
| 725 | index 05953e14a064..0d48714c3f28 100644 | ||
| 726 | --- a/drivers/net/usb/qmi_wwan.c | ||
| 727 | +++ b/drivers/net/usb/qmi_wwan.c | ||
| 728 | @@ -940,6 +940,7 @@ static const struct usb_device_id products[] = { | ||
| 729 | {QMI_FIXED_INTF(0x1e2d, 0x0082, 4)}, /* Cinterion PHxx,PXxx (2 RmNet) */ | ||
| 730 | {QMI_FIXED_INTF(0x1e2d, 0x0082, 5)}, /* Cinterion PHxx,PXxx (2 RmNet) */ | ||
| 731 | {QMI_FIXED_INTF(0x1e2d, 0x0083, 4)}, /* Cinterion PHxx,PXxx (1 RmNet + USB Audio)*/ | ||
| 732 | + {QMI_QUIRK_SET_DTR(0x1e2d, 0x00b0, 4)}, /* Cinterion CLS8 */ | ||
| 733 | {QMI_FIXED_INTF(0x413c, 0x81a2, 8)}, /* Dell Wireless 5806 Gobi(TM) 4G LTE Mobile Broadband Card */ | ||
| 734 | {QMI_FIXED_INTF(0x413c, 0x81a3, 8)}, /* Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card */ | ||
| 735 | {QMI_FIXED_INTF(0x413c, 0x81a4, 8)}, /* Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card */ | ||
| 736 | diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c | ||
| 737 | index c31c564b8eab..6d391a268469 100644 | ||
| 738 | --- a/drivers/net/xen-netfront.c | ||
| 739 | +++ b/drivers/net/xen-netfront.c | ||
| 740 | @@ -888,9 +888,9 @@ static int xennet_set_skb_gso(struct sk_buff *skb, | ||
| 741 | return 0; | ||
| 742 | } | ||
| 743 | |||
| 744 | -static RING_IDX xennet_fill_frags(struct netfront_queue *queue, | ||
| 745 | - struct sk_buff *skb, | ||
| 746 | - struct sk_buff_head *list) | ||
| 747 | +static int xennet_fill_frags(struct netfront_queue *queue, | ||
| 748 | + struct sk_buff *skb, | ||
| 749 | + struct sk_buff_head *list) | ||
| 750 | { | ||
| 751 | RING_IDX cons = queue->rx.rsp_cons; | ||
| 752 | struct sk_buff *nskb; | ||
| 753 | @@ -909,7 +909,7 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, | ||
| 754 | if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { | ||
| 755 | queue->rx.rsp_cons = ++cons + skb_queue_len(list); | ||
| 756 | kfree_skb(nskb); | ||
| 757 | - return ~0U; | ||
| 758 | + return -ENOENT; | ||
| 759 | } | ||
| 760 | |||
| 761 | skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, | ||
| 762 | @@ -920,7 +920,9 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, | ||
| 763 | kfree_skb(nskb); | ||
| 764 | } | ||
| 765 | |||
| 766 | - return cons; | ||
| 767 | + queue->rx.rsp_cons = cons; | ||
| 768 | + | ||
| 769 | + return 0; | ||
| 770 | } | ||
| 771 | |||
| 772 | static int checksum_setup(struct net_device *dev, struct sk_buff *skb) | ||
| 773 | @@ -1046,8 +1048,7 @@ err: | ||
| 774 | skb->data_len = rx->status; | ||
| 775 | skb->len += rx->status; | ||
| 776 | |||
| 777 | - i = xennet_fill_frags(queue, skb, &tmpq); | ||
| 778 | - if (unlikely(i == ~0U)) | ||
| 779 | + if (unlikely(xennet_fill_frags(queue, skb, &tmpq))) | ||
| 780 | goto err; | ||
| 781 | |||
| 782 | if (rx->flags & XEN_NETRXF_csum_blank) | ||
| 783 | @@ -1057,7 +1058,7 @@ err: | ||
| 784 | |||
| 785 | __skb_queue_tail(&rxq, skb); | ||
| 786 | |||
| 787 | - queue->rx.rsp_cons = ++i; | ||
| 788 | + i = ++queue->rx.rsp_cons; | ||
| 789 | work_done++; | ||
| 790 | } | ||
| 791 | |||
| 792 | diff --git a/drivers/pci/host/pci-tegra.c b/drivers/pci/host/pci-tegra.c | ||
| 793 | index 8dfccf733241..8e101b19c4d6 100644 | ||
| 794 | --- a/drivers/pci/host/pci-tegra.c | ||
| 795 | +++ b/drivers/pci/host/pci-tegra.c | ||
| 796 | @@ -1898,14 +1898,15 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) | ||
| 797 | err = of_pci_get_devfn(port); | ||
| 798 | if (err < 0) { | ||
| 799 | dev_err(dev, "failed to parse address: %d\n", err); | ||
| 800 | - return err; | ||
| 801 | + goto err_node_put; | ||
| 802 | } | ||
| 803 | |||
| 804 | index = PCI_SLOT(err); | ||
| 805 | |||
| 806 | if (index < 1 || index > soc->num_ports) { | ||
| 807 | dev_err(dev, "invalid port number: %d\n", index); | ||
| 808 | - return -EINVAL; | ||
| 809 | + err = -EINVAL; | ||
| 810 | + goto err_node_put; | ||
| 811 | } | ||
| 812 | |||
| 813 | index--; | ||
| 814 | @@ -1914,12 +1915,13 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) | ||
| 815 | if (err < 0) { | ||
| 816 | dev_err(dev, "failed to parse # of lanes: %d\n", | ||
| 817 | err); | ||
| 818 | - return err; | ||
| 819 | + goto err_node_put; | ||
| 820 | } | ||
| 821 | |||
| 822 | if (value > 16) { | ||
| 823 | dev_err(dev, "invalid # of lanes: %u\n", value); | ||
| 824 | - return -EINVAL; | ||
| 825 | + err = -EINVAL; | ||
| 826 | + goto err_node_put; | ||
| 827 | } | ||
| 828 | |||
| 829 | lanes |= value << (index << 3); | ||
| 830 | @@ -1933,13 +1935,15 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) | ||
| 831 | lane += value; | ||
| 832 | |||
| 833 | rp = devm_kzalloc(dev, sizeof(*rp), GFP_KERNEL); | ||
| 834 | - if (!rp) | ||
| 835 | - return -ENOMEM; | ||
| 836 | + if (!rp) { | ||
| 837 | + err = -ENOMEM; | ||
| 838 | + goto err_node_put; | ||
| 839 | + } | ||
| 840 | |||
| 841 | err = of_address_to_resource(port, 0, &rp->regs); | ||
| 842 | if (err < 0) { | ||
| 843 | dev_err(dev, "failed to parse address: %d\n", err); | ||
| 844 | - return err; | ||
| 845 | + goto err_node_put; | ||
| 846 | } | ||
| 847 | |||
| 848 | INIT_LIST_HEAD(&rp->list); | ||
| 849 | @@ -1966,6 +1970,10 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) | ||
| 850 | return err; | ||
| 851 | |||
| 852 | return 0; | ||
| 853 | + | ||
| 854 | +err_node_put: | ||
| 855 | + of_node_put(port); | ||
| 856 | + return err; | ||
| 857 | } | ||
| 858 | |||
| 859 | /* | ||
| 860 | diff --git a/drivers/pinctrl/tegra/pinctrl-tegra.c b/drivers/pinctrl/tegra/pinctrl-tegra.c | ||
| 861 | index 277622b4b6fb..1d9f63e954c7 100644 | ||
| 862 | --- a/drivers/pinctrl/tegra/pinctrl-tegra.c | ||
| 863 | +++ b/drivers/pinctrl/tegra/pinctrl-tegra.c | ||
| 864 | @@ -52,7 +52,9 @@ static inline u32 pmx_readl(struct tegra_pmx *pmx, u32 bank, u32 reg) | ||
| 865 | |||
| 866 | static inline void pmx_writel(struct tegra_pmx *pmx, u32 val, u32 bank, u32 reg) | ||
| 867 | { | ||
| 868 | - writel(val, pmx->regs[bank] + reg); | ||
| 869 | + writel_relaxed(val, pmx->regs[bank] + reg); | ||
| 870 | + /* make sure pinmux register write completed */ | ||
| 871 | + pmx_readl(pmx, bank, reg); | ||
| 872 | } | ||
| 873 | |||
| 874 | static int tegra_pinctrl_get_groups_count(struct pinctrl_dev *pctldev) | ||
| 875 | diff --git a/drivers/scsi/scsi_logging.c b/drivers/scsi/scsi_logging.c | ||
| 876 | index bd70339c1242..03d9855a6afd 100644 | ||
| 877 | --- a/drivers/scsi/scsi_logging.c | ||
| 878 | +++ b/drivers/scsi/scsi_logging.c | ||
| 879 | @@ -16,57 +16,15 @@ | ||
| 880 | #include <scsi/scsi_eh.h> | ||
| 881 | #include <scsi/scsi_dbg.h> | ||
| 882 | |||
| 883 | -#define SCSI_LOG_SPOOLSIZE 4096 | ||
| 884 | - | ||
| 885 | -#if (SCSI_LOG_SPOOLSIZE / SCSI_LOG_BUFSIZE) > BITS_PER_LONG | ||
| 886 | -#warning SCSI logging bitmask too large | ||
| 887 | -#endif | ||
| 888 | - | ||
| 889 | -struct scsi_log_buf { | ||
| 890 | - char buffer[SCSI_LOG_SPOOLSIZE]; | ||
| 891 | - unsigned long map; | ||
| 892 | -}; | ||
| 893 | - | ||
| 894 | -static DEFINE_PER_CPU(struct scsi_log_buf, scsi_format_log); | ||
| 895 | - | ||
| 896 | static char *scsi_log_reserve_buffer(size_t *len) | ||
| 897 | { | ||
| 898 | - struct scsi_log_buf *buf; | ||
| 899 | - unsigned long map_bits = sizeof(buf->buffer) / SCSI_LOG_BUFSIZE; | ||
| 900 | - unsigned long idx = 0; | ||
| 901 | - | ||
| 902 | - preempt_disable(); | ||
| 903 | - buf = this_cpu_ptr(&scsi_format_log); | ||
| 904 | - idx = find_first_zero_bit(&buf->map, map_bits); | ||
| 905 | - if (likely(idx < map_bits)) { | ||
| 906 | - while (test_and_set_bit(idx, &buf->map)) { | ||
| 907 | - idx = find_next_zero_bit(&buf->map, map_bits, idx); | ||
| 908 | - if (idx >= map_bits) | ||
| 909 | - break; | ||
| 910 | - } | ||
| 911 | - } | ||
| 912 | - if (WARN_ON(idx >= map_bits)) { | ||
| 913 | - preempt_enable(); | ||
| 914 | - return NULL; | ||
| 915 | - } | ||
| 916 | - *len = SCSI_LOG_BUFSIZE; | ||
| 917 | - return buf->buffer + idx * SCSI_LOG_BUFSIZE; | ||
| 918 | + *len = 128; | ||
| 919 | + return kmalloc(*len, GFP_ATOMIC); | ||
| 920 | } | ||
| 921 | |||
| 922 | static void scsi_log_release_buffer(char *bufptr) | ||
| 923 | { | ||
| 924 | - struct scsi_log_buf *buf; | ||
| 925 | - unsigned long idx; | ||
| 926 | - int ret; | ||
| 927 | - | ||
| 928 | - buf = this_cpu_ptr(&scsi_format_log); | ||
| 929 | - if (bufptr >= buf->buffer && | ||
| 930 | - bufptr < buf->buffer + SCSI_LOG_SPOOLSIZE) { | ||
| 931 | - idx = (bufptr - buf->buffer) / SCSI_LOG_BUFSIZE; | ||
| 932 | - ret = test_and_clear_bit(idx, &buf->map); | ||
| 933 | - WARN_ON(!ret); | ||
| 934 | - } | ||
| 935 | - preempt_enable(); | ||
| 936 | + kfree(bufptr); | ||
| 937 | } | ||
| 938 | |||
| 939 | static inline const char *scmd_name(const struct scsi_cmnd *scmd) | ||
| 940 | diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c | ||
| 941 | index f9a75df2d22d..a1a712d18e02 100644 | ||
| 942 | --- a/drivers/vfio/pci/vfio_pci.c | ||
| 943 | +++ b/drivers/vfio/pci/vfio_pci.c | ||
| 944 | @@ -356,11 +356,20 @@ static void vfio_pci_disable(struct vfio_pci_device *vdev) | ||
| 945 | pci_write_config_word(pdev, PCI_COMMAND, PCI_COMMAND_INTX_DISABLE); | ||
| 946 | |||
| 947 | /* | ||
| 948 | - * Try to reset the device. The success of this is dependent on | ||
| 949 | - * being able to lock the device, which is not always possible. | ||
| 950 | + * Try to get the locks ourselves to prevent a deadlock. The | ||
| 951 | + * success of this is dependent on being able to lock the device, | ||
| 952 | + * which is not always possible. | ||
| 953 | + * We can not use the "try" reset interface here, which will | ||
| 954 | + * overwrite the previously restored configuration information. | ||
| 955 | */ | ||
| 956 | - if (vdev->reset_works && !pci_try_reset_function(pdev)) | ||
| 957 | - vdev->needs_reset = false; | ||
| 958 | + if (vdev->reset_works && pci_cfg_access_trylock(pdev)) { | ||
| 959 | + if (device_trylock(&pdev->dev)) { | ||
| 960 | + if (!__pci_reset_function_locked(pdev)) | ||
| 961 | + vdev->needs_reset = false; | ||
| 962 | + device_unlock(&pdev->dev); | ||
| 963 | + } | ||
| 964 | + pci_cfg_access_unlock(pdev); | ||
| 965 | + } | ||
| 966 | |||
| 967 | pci_restore_state(pdev); | ||
| 968 | out: | ||
| 969 | diff --git a/drivers/video/fbdev/ssd1307fb.c b/drivers/video/fbdev/ssd1307fb.c | ||
| 970 | index 2925d5ce8d3e..1267b93c03bd 100644 | ||
| 971 | --- a/drivers/video/fbdev/ssd1307fb.c | ||
| 972 | +++ b/drivers/video/fbdev/ssd1307fb.c | ||
| 973 | @@ -430,7 +430,7 @@ static int ssd1307fb_init(struct ssd1307fb_par *par) | ||
| 974 | if (ret < 0) | ||
| 975 | return ret; | ||
| 976 | |||
| 977 | - ret = ssd1307fb_write_cmd(par->client, 0x0); | ||
| 978 | + ret = ssd1307fb_write_cmd(par->client, par->page_offset); | ||
| 979 | if (ret < 0) | ||
| 980 | return ret; | ||
| 981 | |||
| 982 | diff --git a/fs/fat/dir.c b/fs/fat/dir.c | ||
| 983 | index 81cecbe6d7cf..971e369517a7 100644 | ||
| 984 | --- a/fs/fat/dir.c | ||
| 985 | +++ b/fs/fat/dir.c | ||
| 986 | @@ -1097,8 +1097,11 @@ static int fat_zeroed_cluster(struct inode *dir, sector_t blknr, int nr_used, | ||
| 987 | err = -ENOMEM; | ||
| 988 | goto error; | ||
| 989 | } | ||
| 990 | + /* Avoid race with userspace read via bdev */ | ||
| 991 | + lock_buffer(bhs[n]); | ||
| 992 | memset(bhs[n]->b_data, 0, sb->s_blocksize); | ||
| 993 | set_buffer_uptodate(bhs[n]); | ||
| 994 | + unlock_buffer(bhs[n]); | ||
| 995 | mark_buffer_dirty_inode(bhs[n], dir); | ||
| 996 | |||
| 997 | n++; | ||
| 998 | @@ -1155,6 +1158,8 @@ int fat_alloc_new_dir(struct inode *dir, struct timespec *ts) | ||
| 999 | fat_time_unix2fat(sbi, ts, &time, &date, &time_cs); | ||
| 1000 | |||
| 1001 | de = (struct msdos_dir_entry *)bhs[0]->b_data; | ||
| 1002 | + /* Avoid race with userspace read via bdev */ | ||
| 1003 | + lock_buffer(bhs[0]); | ||
| 1004 | /* filling the new directory slots ("." and ".." entries) */ | ||
| 1005 | memcpy(de[0].name, MSDOS_DOT, MSDOS_NAME); | ||
| 1006 | memcpy(de[1].name, MSDOS_DOTDOT, MSDOS_NAME); | ||
| 1007 | @@ -1177,6 +1182,7 @@ int fat_alloc_new_dir(struct inode *dir, struct timespec *ts) | ||
| 1008 | de[0].size = de[1].size = 0; | ||
| 1009 | memset(de + 2, 0, sb->s_blocksize - 2 * sizeof(*de)); | ||
| 1010 | set_buffer_uptodate(bhs[0]); | ||
| 1011 | + unlock_buffer(bhs[0]); | ||
| 1012 | mark_buffer_dirty_inode(bhs[0], dir); | ||
| 1013 | |||
| 1014 | err = fat_zeroed_cluster(dir, blknr, 1, bhs, MAX_BUF_PER_PAGE); | ||
| 1015 | @@ -1234,11 +1240,14 @@ static int fat_add_new_entries(struct inode *dir, void *slots, int nr_slots, | ||
| 1016 | |||
| 1017 | /* fill the directory entry */ | ||
| 1018 | copy = min(size, sb->s_blocksize); | ||
| 1019 | + /* Avoid race with userspace read via bdev */ | ||
| 1020 | + lock_buffer(bhs[n]); | ||
| 1021 | memcpy(bhs[n]->b_data, slots, copy); | ||
| 1022 | - slots += copy; | ||
| 1023 | - size -= copy; | ||
| 1024 | set_buffer_uptodate(bhs[n]); | ||
| 1025 | + unlock_buffer(bhs[n]); | ||
| 1026 | mark_buffer_dirty_inode(bhs[n], dir); | ||
| 1027 | + slots += copy; | ||
| 1028 | + size -= copy; | ||
| 1029 | if (!size) | ||
| 1030 | break; | ||
| 1031 | n++; | ||
| 1032 | diff --git a/fs/fat/fatent.c b/fs/fat/fatent.c | ||
| 1033 | index a9cad9b60790..0129d4d07a54 100644 | ||
| 1034 | --- a/fs/fat/fatent.c | ||
| 1035 | +++ b/fs/fat/fatent.c | ||
| 1036 | @@ -389,8 +389,11 @@ static int fat_mirror_bhs(struct super_block *sb, struct buffer_head **bhs, | ||
| 1037 | err = -ENOMEM; | ||
| 1038 | goto error; | ||
| 1039 | } | ||
| 1040 | + /* Avoid race with userspace read via bdev */ | ||
| 1041 | + lock_buffer(c_bh); | ||
| 1042 | memcpy(c_bh->b_data, bhs[n]->b_data, sb->s_blocksize); | ||
| 1043 | set_buffer_uptodate(c_bh); | ||
| 1044 | + unlock_buffer(c_bh); | ||
| 1045 | mark_buffer_dirty_inode(c_bh, sbi->fat_inode); | ||
| 1046 | if (sb->s_flags & MS_SYNCHRONOUS) | ||
| 1047 | err = sync_dirty_buffer(c_bh); | ||
| 1048 | diff --git a/fs/ocfs2/dlm/dlmunlock.c b/fs/ocfs2/dlm/dlmunlock.c | ||
| 1049 | index 1082b2c3014b..5f2a120240e5 100644 | ||
| 1050 | --- a/fs/ocfs2/dlm/dlmunlock.c | ||
| 1051 | +++ b/fs/ocfs2/dlm/dlmunlock.c | ||
| 1052 | @@ -105,7 +105,8 @@ static enum dlm_status dlmunlock_common(struct dlm_ctxt *dlm, | ||
| 1053 | enum dlm_status status; | ||
| 1054 | int actions = 0; | ||
| 1055 | int in_use; | ||
| 1056 | - u8 owner; | ||
| 1057 | + u8 owner; | ||
| 1058 | + int recovery_wait = 0; | ||
| 1059 | |||
| 1060 | mlog(0, "master_node = %d, valblk = %d\n", master_node, | ||
| 1061 | flags & LKM_VALBLK); | ||
| 1062 | @@ -208,9 +209,12 @@ static enum dlm_status dlmunlock_common(struct dlm_ctxt *dlm, | ||
| 1063 | } | ||
| 1064 | if (flags & LKM_CANCEL) | ||
| 1065 | lock->cancel_pending = 0; | ||
| 1066 | - else | ||
| 1067 | - lock->unlock_pending = 0; | ||
| 1068 | - | ||
| 1069 | + else { | ||
| 1070 | + if (!lock->unlock_pending) | ||
| 1071 | + recovery_wait = 1; | ||
| 1072 | + else | ||
| 1073 | + lock->unlock_pending = 0; | ||
| 1074 | + } | ||
| 1075 | } | ||
| 1076 | |||
| 1077 | /* get an extra ref on lock. if we are just switching | ||
| 1078 | @@ -244,6 +248,17 @@ leave: | ||
| 1079 | spin_unlock(&res->spinlock); | ||
| 1080 | wake_up(&res->wq); | ||
| 1081 | |||
| 1082 | + if (recovery_wait) { | ||
| 1083 | + spin_lock(&res->spinlock); | ||
| 1084 | + /* Unlock request will directly succeed after owner dies, | ||
| 1085 | + * and the lock is already removed from grant list. We have to | ||
| 1086 | + * wait for RECOVERING done or we miss the chance to purge it | ||
| 1087 | + * since the removement is much faster than RECOVERING proc. | ||
| 1088 | + */ | ||
| 1089 | + __dlm_wait_on_lockres_flags(res, DLM_LOCK_RES_RECOVERING); | ||
| 1090 | + spin_unlock(&res->spinlock); | ||
| 1091 | + } | ||
| 1092 | + | ||
| 1093 | /* let the caller's final dlm_lock_put handle the actual kfree */ | ||
| 1094 | if (actions & DLM_UNLOCK_FREE_LOCK) { | ||
| 1095 | /* this should always be coupled with list removal */ | ||
| 1096 | diff --git a/include/scsi/scsi_dbg.h b/include/scsi/scsi_dbg.h | ||
| 1097 | index 56710e03101c..1fcf14aee28a 100644 | ||
| 1098 | --- a/include/scsi/scsi_dbg.h | ||
| 1099 | +++ b/include/scsi/scsi_dbg.h | ||
| 1100 | @@ -5,8 +5,6 @@ struct scsi_cmnd; | ||
| 1101 | struct scsi_device; | ||
| 1102 | struct scsi_sense_hdr; | ||
| 1103 | |||
| 1104 | -#define SCSI_LOG_BUFSIZE 128 | ||
| 1105 | - | ||
| 1106 | extern void scsi_print_command(struct scsi_cmnd *); | ||
| 1107 | extern size_t __scsi_format_command(char *, size_t, | ||
| 1108 | const unsigned char *, size_t); | ||
| 1109 | diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug | ||
| 1110 | index 4f561860bf41..bc5ff3a53d4a 100644 | ||
| 1111 | --- a/lib/Kconfig.debug | ||
| 1112 | +++ b/lib/Kconfig.debug | ||
| 1113 | @@ -535,7 +535,7 @@ config DEBUG_KMEMLEAK_EARLY_LOG_SIZE | ||
| 1114 | int "Maximum kmemleak early log entries" | ||
| 1115 | depends on DEBUG_KMEMLEAK | ||
| 1116 | range 200 40000 | ||
| 1117 | - default 400 | ||
| 1118 | + default 16000 | ||
| 1119 | help | ||
| 1120 | Kmemleak must track all the memory allocations to avoid | ||
| 1121 | reporting false positives. Since memory may be allocated or | ||
| 1122 | diff --git a/net/core/sock.c b/net/core/sock.c | ||
| 1123 | index 3041aa6df602..d22493351407 100644 | ||
| 1124 | --- a/net/core/sock.c | ||
| 1125 | +++ b/net/core/sock.c | ||
| 1126 | @@ -1426,8 +1426,6 @@ static void __sk_destruct(struct rcu_head *head) | ||
| 1127 | sk_filter_uncharge(sk, filter); | ||
| 1128 | RCU_INIT_POINTER(sk->sk_filter, NULL); | ||
| 1129 | } | ||
| 1130 | - if (rcu_access_pointer(sk->sk_reuseport_cb)) | ||
| 1131 | - reuseport_detach_sock(sk); | ||
| 1132 | |||
| 1133 | sock_disable_timestamp(sk, SK_FLAGS_TIMESTAMP); | ||
| 1134 | |||
| 1135 | @@ -1450,7 +1448,14 @@ static void __sk_destruct(struct rcu_head *head) | ||
| 1136 | |||
| 1137 | void sk_destruct(struct sock *sk) | ||
| 1138 | { | ||
| 1139 | - if (sock_flag(sk, SOCK_RCU_FREE)) | ||
| 1140 | + bool use_call_rcu = sock_flag(sk, SOCK_RCU_FREE); | ||
| 1141 | + | ||
| 1142 | + if (rcu_access_pointer(sk->sk_reuseport_cb)) { | ||
| 1143 | + reuseport_detach_sock(sk); | ||
| 1144 | + use_call_rcu = true; | ||
| 1145 | + } | ||
| 1146 | + | ||
| 1147 | + if (use_call_rcu) | ||
| 1148 | call_rcu(&sk->sk_rcu, __sk_destruct); | ||
| 1149 | else | ||
| 1150 | __sk_destruct(&sk->sk_rcu); | ||
| 1151 | diff --git a/net/ipv4/route.c b/net/ipv4/route.c | ||
| 1152 | index d558dc076577..d1a302d321fa 100644 | ||
| 1153 | --- a/net/ipv4/route.c | ||
| 1154 | +++ b/net/ipv4/route.c | ||
| 1155 | @@ -903,16 +903,15 @@ void ip_rt_send_redirect(struct sk_buff *skb) | ||
| 1156 | if (peer->rate_tokens == 0 || | ||
| 1157 | time_after(jiffies, | ||
| 1158 | (peer->rate_last + | ||
| 1159 | - (ip_rt_redirect_load << peer->rate_tokens)))) { | ||
| 1160 | + (ip_rt_redirect_load << peer->n_redirects)))) { | ||
| 1161 | __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr); | ||
| 1162 | |||
| 1163 | icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw); | ||
| 1164 | peer->rate_last = jiffies; | ||
| 1165 | - ++peer->rate_tokens; | ||
| 1166 | ++peer->n_redirects; | ||
| 1167 | #ifdef CONFIG_IP_ROUTE_VERBOSE | ||
| 1168 | if (log_martians && | ||
| 1169 | - peer->rate_tokens == ip_rt_redirect_number) | ||
| 1170 | + peer->n_redirects == ip_rt_redirect_number) | ||
| 1171 | net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n", | ||
| 1172 | &ip_hdr(skb)->saddr, inet_iif(skb), | ||
| 1173 | &ip_hdr(skb)->daddr, &gw); | ||
| 1174 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c | ||
| 1175 | index 4ce7f9195151..6b1310d5e808 100644 | ||
| 1176 | --- a/net/ipv6/addrconf.c | ||
| 1177 | +++ b/net/ipv6/addrconf.c | ||
| 1178 | @@ -5443,13 +5443,20 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) | ||
| 1179 | switch (event) { | ||
| 1180 | case RTM_NEWADDR: | ||
| 1181 | /* | ||
| 1182 | - * If the address was optimistic | ||
| 1183 | - * we inserted the route at the start of | ||
| 1184 | - * our DAD process, so we don't need | ||
| 1185 | - * to do it again | ||
| 1186 | + * If the address was optimistic we inserted the route at the | ||
| 1187 | + * start of our DAD process, so we don't need to do it again. | ||
| 1188 | + * If the device was taken down in the middle of the DAD | ||
| 1189 | + * cycle there is a race where we could get here without a | ||
| 1190 | + * host route, so nothing to insert. That will be fixed when | ||
| 1191 | + * the device is brought up. | ||
| 1192 | */ | ||
| 1193 | - if (!rcu_access_pointer(ifp->rt->rt6i_node)) | ||
| 1194 | + if (ifp->rt && !rcu_access_pointer(ifp->rt->rt6i_node)) { | ||
| 1195 | ip6_ins_rt(ifp->rt); | ||
| 1196 | + } else if (!ifp->rt && (ifp->idev->dev->flags & IFF_UP)) { | ||
| 1197 | + pr_warn("BUG: Address %pI6c on device %s is missing its host route.\n", | ||
| 1198 | + &ifp->addr, ifp->idev->dev->name); | ||
| 1199 | + } | ||
| 1200 | + | ||
| 1201 | if (ifp->idev->cnf.forwarding) | ||
| 1202 | addrconf_join_anycast(ifp); | ||
| 1203 | if (!ipv6_addr_any(&ifp->peer_addr)) | ||
| 1204 | diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c | ||
| 1205 | index aacfb4bce153..e726a61ae6dc 100644 | ||
| 1206 | --- a/net/ipv6/ip6_input.c | ||
| 1207 | +++ b/net/ipv6/ip6_input.c | ||
| 1208 | @@ -168,6 +168,16 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt | ||
| 1209 | if (ipv6_addr_is_multicast(&hdr->saddr)) | ||
| 1210 | goto err; | ||
| 1211 | |||
| 1212 | + /* While RFC4291 is not explicit about v4mapped addresses | ||
| 1213 | + * in IPv6 headers, it seems clear linux dual-stack | ||
| 1214 | + * model can not deal properly with these. | ||
| 1215 | + * Security models could be fooled by ::ffff:127.0.0.1 for example. | ||
| 1216 | + * | ||
| 1217 | + * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02 | ||
| 1218 | + */ | ||
| 1219 | + if (ipv6_addr_v4mapped(&hdr->saddr)) | ||
| 1220 | + goto err; | ||
| 1221 | + | ||
| 1222 | skb->transport_header = skb->network_header + sizeof(*hdr); | ||
| 1223 | IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); | ||
| 1224 | |||
| 1225 | diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c | ||
| 1226 | index 22d5a80a8f34..dd59fde1dac8 100644 | ||
| 1227 | --- a/net/nfc/llcp_sock.c | ||
| 1228 | +++ b/net/nfc/llcp_sock.c | ||
| 1229 | @@ -118,9 +118,14 @@ static int llcp_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | ||
| 1230 | llcp_sock->service_name = kmemdup(llcp_addr.service_name, | ||
| 1231 | llcp_sock->service_name_len, | ||
| 1232 | GFP_KERNEL); | ||
| 1233 | - | ||
| 1234 | + if (!llcp_sock->service_name) { | ||
| 1235 | + ret = -ENOMEM; | ||
| 1236 | + goto put_dev; | ||
| 1237 | + } | ||
| 1238 | llcp_sock->ssap = nfc_llcp_get_sdp_ssap(local, llcp_sock); | ||
| 1239 | if (llcp_sock->ssap == LLCP_SAP_MAX) { | ||
| 1240 | + kfree(llcp_sock->service_name); | ||
| 1241 | + llcp_sock->service_name = NULL; | ||
| 1242 | ret = -EADDRINUSE; | ||
| 1243 | goto put_dev; | ||
| 1244 | } | ||
| 1245 | diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c | ||
| 1246 | index dbf74afe82fb..ad878302924f 100644 | ||
| 1247 | --- a/net/nfc/netlink.c | ||
| 1248 | +++ b/net/nfc/netlink.c | ||
| 1249 | @@ -973,7 +973,8 @@ static int nfc_genl_dep_link_down(struct sk_buff *skb, struct genl_info *info) | ||
| 1250 | int rc; | ||
| 1251 | u32 idx; | ||
| 1252 | |||
| 1253 | - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) | ||
| 1254 | + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || | ||
| 1255 | + !info->attrs[NFC_ATTR_TARGET_INDEX]) | ||
| 1256 | return -EINVAL; | ||
| 1257 | |||
| 1258 | idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); | ||
| 1259 | @@ -1022,7 +1023,8 @@ static int nfc_genl_llc_get_params(struct sk_buff *skb, struct genl_info *info) | ||
| 1260 | struct sk_buff *msg = NULL; | ||
| 1261 | u32 idx; | ||
| 1262 | |||
| 1263 | - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) | ||
| 1264 | + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || | ||
| 1265 | + !info->attrs[NFC_ATTR_FIRMWARE_NAME]) | ||
| 1266 | return -EINVAL; | ||
| 1267 | |||
| 1268 | idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); | ||
| 1269 | diff --git a/net/rds/ib.c b/net/rds/ib.c | ||
| 1270 | index 0efb3d2b338d..a118686cc1ec 100644 | ||
| 1271 | --- a/net/rds/ib.c | ||
| 1272 | +++ b/net/rds/ib.c | ||
| 1273 | @@ -138,6 +138,9 @@ static void rds_ib_add_one(struct ib_device *device) | ||
| 1274 | atomic_set(&rds_ibdev->refcount, 1); | ||
| 1275 | INIT_WORK(&rds_ibdev->free_work, rds_ib_dev_free); | ||
| 1276 | |||
| 1277 | + INIT_LIST_HEAD(&rds_ibdev->ipaddr_list); | ||
| 1278 | + INIT_LIST_HEAD(&rds_ibdev->conn_list); | ||
| 1279 | + | ||
| 1280 | rds_ibdev->max_wrs = device->attrs.max_qp_wr; | ||
| 1281 | rds_ibdev->max_sge = min(device->attrs.max_sge, RDS_IB_MAX_SGE); | ||
| 1282 | |||
| 1283 | @@ -189,9 +192,6 @@ static void rds_ib_add_one(struct ib_device *device) | ||
| 1284 | device->name, | ||
| 1285 | rds_ibdev->use_fastreg ? "FRMR" : "FMR"); | ||
| 1286 | |||
| 1287 | - INIT_LIST_HEAD(&rds_ibdev->ipaddr_list); | ||
| 1288 | - INIT_LIST_HEAD(&rds_ibdev->conn_list); | ||
| 1289 | - | ||
| 1290 | down_write(&rds_ib_devices_lock); | ||
| 1291 | list_add_tail_rcu(&rds_ibdev->list, &rds_ib_devices); | ||
| 1292 | up_write(&rds_ib_devices_lock); | ||
| 1293 | diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c | ||
| 1294 | index beb554aa8cfb..7a434a5c43fe 100644 | ||
| 1295 | --- a/net/sched/sch_cbq.c | ||
| 1296 | +++ b/net/sched/sch_cbq.c | ||
| 1297 | @@ -1129,6 +1129,26 @@ static const struct nla_policy cbq_policy[TCA_CBQ_MAX + 1] = { | ||
| 1298 | [TCA_CBQ_POLICE] = { .len = sizeof(struct tc_cbq_police) }, | ||
| 1299 | }; | ||
| 1300 | |||
| 1301 | +static int cbq_opt_parse(struct nlattr *tb[TCA_CBQ_MAX + 1], struct nlattr *opt) | ||
| 1302 | +{ | ||
| 1303 | + int err; | ||
| 1304 | + | ||
| 1305 | + if (!opt) | ||
| 1306 | + return -EINVAL; | ||
| 1307 | + | ||
| 1308 | + err = nla_parse_nested(tb, TCA_CBQ_MAX, opt, cbq_policy); | ||
| 1309 | + if (err < 0) | ||
| 1310 | + return err; | ||
| 1311 | + | ||
| 1312 | + if (tb[TCA_CBQ_WRROPT]) { | ||
| 1313 | + const struct tc_cbq_wrropt *wrr = nla_data(tb[TCA_CBQ_WRROPT]); | ||
| 1314 | + | ||
| 1315 | + if (wrr->priority > TC_CBQ_MAXPRIO) | ||
| 1316 | + err = -EINVAL; | ||
| 1317 | + } | ||
| 1318 | + return err; | ||
| 1319 | +} | ||
| 1320 | + | ||
| 1321 | static int cbq_init(struct Qdisc *sch, struct nlattr *opt) | ||
| 1322 | { | ||
| 1323 | struct cbq_sched_data *q = qdisc_priv(sch); | ||
| 1324 | @@ -1136,7 +1156,7 @@ static int cbq_init(struct Qdisc *sch, struct nlattr *opt) | ||
| 1325 | struct tc_ratespec *r; | ||
| 1326 | int err; | ||
| 1327 | |||
| 1328 | - err = nla_parse_nested(tb, TCA_CBQ_MAX, opt, cbq_policy); | ||
| 1329 | + err = cbq_opt_parse(tb, opt); | ||
| 1330 | if (err < 0) | ||
| 1331 | return err; | ||
| 1332 | |||
| 1333 | @@ -1468,10 +1488,7 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t | ||
| 1334 | struct cbq_class *parent; | ||
| 1335 | struct qdisc_rate_table *rtab = NULL; | ||
| 1336 | |||
| 1337 | - if (opt == NULL) | ||
| 1338 | - return -EINVAL; | ||
| 1339 | - | ||
| 1340 | - err = nla_parse_nested(tb, TCA_CBQ_MAX, opt, cbq_policy); | ||
| 1341 | + err = cbq_opt_parse(tb, opt); | ||
| 1342 | if (err < 0) | ||
| 1343 | return err; | ||
| 1344 | |||
| 1345 | diff --git a/net/sched/sch_dsmark.c b/net/sched/sch_dsmark.c | ||
| 1346 | index b56d57984439..551cf193649e 100644 | ||
| 1347 | --- a/net/sched/sch_dsmark.c | ||
| 1348 | +++ b/net/sched/sch_dsmark.c | ||
| 1349 | @@ -346,6 +346,8 @@ static int dsmark_init(struct Qdisc *sch, struct nlattr *opt) | ||
| 1350 | goto errout; | ||
| 1351 | |||
| 1352 | err = -EINVAL; | ||
| 1353 | + if (!tb[TCA_DSMARK_INDICES]) | ||
| 1354 | + goto errout; | ||
| 1355 | indices = nla_get_u16(tb[TCA_DSMARK_INDICES]); | ||
| 1356 | |||
| 1357 | if (hweight32(indices) != 1) | ||
| 1358 | diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c | ||
| 1359 | index 23e5808a0970..e5d5c7fb2dac 100644 | ||
| 1360 | --- a/security/smack/smack_access.c | ||
| 1361 | +++ b/security/smack/smack_access.c | ||
| 1362 | @@ -474,7 +474,7 @@ char *smk_parse_smack(const char *string, int len) | ||
| 1363 | if (i == 0 || i >= SMK_LONGLABEL) | ||
| 1364 | return ERR_PTR(-EINVAL); | ||
| 1365 | |||
| 1366 | - smack = kzalloc(i + 1, GFP_KERNEL); | ||
| 1367 | + smack = kzalloc(i + 1, GFP_NOFS); | ||
| 1368 | if (smack == NULL) | ||
| 1369 | return ERR_PTR(-ENOMEM); | ||
| 1370 | |||
| 1371 | @@ -545,7 +545,7 @@ struct smack_known *smk_import_entry(const char *string, int len) | ||
| 1372 | if (skp != NULL) | ||
| 1373 | goto freeout; | ||
| 1374 | |||
| 1375 | - skp = kzalloc(sizeof(*skp), GFP_KERNEL); | ||
| 1376 | + skp = kzalloc(sizeof(*skp), GFP_NOFS); | ||
| 1377 | if (skp == NULL) { | ||
| 1378 | skp = ERR_PTR(-ENOMEM); | ||
| 1379 | goto freeout; | ||
| 1380 | diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c | ||
| 1381 | index aeb3ba70f907..589c1c2ae6db 100644 | ||
| 1382 | --- a/security/smack/smack_lsm.c | ||
| 1383 | +++ b/security/smack/smack_lsm.c | ||
| 1384 | @@ -268,7 +268,7 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip, | ||
| 1385 | if (!(ip->i_opflags & IOP_XATTR)) | ||
| 1386 | return ERR_PTR(-EOPNOTSUPP); | ||
| 1387 | |||
| 1388 | - buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL); | ||
| 1389 | + buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS); | ||
| 1390 | if (buffer == NULL) | ||
| 1391 | return ERR_PTR(-ENOMEM); | ||
| 1392 | |||
| 1393 | @@ -949,7 +949,8 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) | ||
| 1394 | |||
| 1395 | if (rc != 0) | ||
| 1396 | return rc; | ||
| 1397 | - } else if (bprm->unsafe) | ||
| 1398 | + } | ||
| 1399 | + if (bprm->unsafe & ~LSM_UNSAFE_PTRACE) | ||
| 1400 | return -EPERM; | ||
| 1401 | |||
| 1402 | bsp->smk_task = isp->smk_task; | ||
| 1403 | @@ -4037,6 +4038,8 @@ access_check: | ||
| 1404 | skp = smack_ipv6host_label(&sadd); | ||
| 1405 | if (skp == NULL) | ||
| 1406 | skp = smack_net_ambient; | ||
| 1407 | + if (skb == NULL) | ||
| 1408 | + break; | ||
| 1409 | #ifdef CONFIG_AUDIT | ||
| 1410 | smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); | ||
| 1411 | ad.a.u.net->family = family; |