Contents of /trunk/kernel-alx-legacy/patches-4.9/0321-4.9.222-all-fixes.patch
Parent Directory | Revision Log
Revision 3608 -
(show annotations)
(download)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 21283 byte(s)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 21283 byte(s)
-added kerenl-alx-legacy pkg
1 | diff --git a/Makefile b/Makefile |
2 | index b919a66788b5..67c9106594be 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 221 |
9 | +SUBLEVEL = 222 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c |
14 | index c76e4527620c..245bcdb44c64 100644 |
15 | --- a/drivers/acpi/device_pm.c |
16 | +++ b/drivers/acpi/device_pm.c |
17 | @@ -226,13 +226,13 @@ int acpi_device_set_power(struct acpi_device *device, int state) |
18 | end: |
19 | if (result) { |
20 | dev_warn(&device->dev, "Failed to change power state to %s\n", |
21 | - acpi_power_state_string(state)); |
22 | + acpi_power_state_string(target_state)); |
23 | } else { |
24 | device->power.state = target_state; |
25 | ACPI_DEBUG_PRINT((ACPI_DB_INFO, |
26 | "Device [%s] transitioned to %s\n", |
27 | device->pnp.bus_id, |
28 | - acpi_power_state_string(state))); |
29 | + acpi_power_state_string(target_state))); |
30 | } |
31 | |
32 | return result; |
33 | diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c |
34 | index 7dd46cf5ed84..7a028b57a7ef 100644 |
35 | --- a/drivers/dma/dmatest.c |
36 | +++ b/drivers/dma/dmatest.c |
37 | @@ -505,8 +505,8 @@ static int dmatest_func(void *data) |
38 | flags = DMA_CTRL_ACK | DMA_PREP_INTERRUPT; |
39 | |
40 | ktime = ktime_get(); |
41 | - while (!kthread_should_stop() |
42 | - && !(params->iterations && total_tests >= params->iterations)) { |
43 | + while (!(kthread_should_stop() || |
44 | + (params->iterations && total_tests >= params->iterations))) { |
45 | struct dma_async_tx_descriptor *tx = NULL; |
46 | struct dmaengine_unmap_data *um; |
47 | dma_addr_t srcs[src_cnt]; |
48 | diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c |
49 | index a9bf02ea0a3b..5b5970f0e91d 100644 |
50 | --- a/drivers/gpu/drm/drm_edid.c |
51 | +++ b/drivers/gpu/drm/drm_edid.c |
52 | @@ -3970,7 +3970,7 @@ static struct drm_display_mode *drm_mode_displayid_detailed(struct drm_device *d |
53 | struct drm_display_mode *mode; |
54 | unsigned pixel_clock = (timings->pixel_clock[0] | |
55 | (timings->pixel_clock[1] << 8) | |
56 | - (timings->pixel_clock[2] << 16)); |
57 | + (timings->pixel_clock[2] << 16)) + 1; |
58 | unsigned hactive = (timings->hactive[0] | timings->hactive[1] << 8) + 1; |
59 | unsigned hblank = (timings->hblank[0] | timings->hblank[1] << 8) + 1; |
60 | unsigned hsync = (timings->hsync[0] | (timings->hsync[1] & 0x7f) << 8) + 1; |
61 | diff --git a/drivers/gpu/drm/qxl/qxl_cmd.c b/drivers/gpu/drm/qxl/qxl_cmd.c |
62 | index 04270f5d110c..3e6fd393da15 100644 |
63 | --- a/drivers/gpu/drm/qxl/qxl_cmd.c |
64 | +++ b/drivers/gpu/drm/qxl/qxl_cmd.c |
65 | @@ -500,9 +500,10 @@ int qxl_hw_surface_alloc(struct qxl_device *qdev, |
66 | return ret; |
67 | |
68 | ret = qxl_release_reserve_list(release, true); |
69 | - if (ret) |
70 | + if (ret) { |
71 | + qxl_release_free(qdev, release); |
72 | return ret; |
73 | - |
74 | + } |
75 | cmd = (struct qxl_surface_cmd *)qxl_release_map(qdev, release); |
76 | cmd->type = QXL_SURFACE_CMD_CREATE; |
77 | cmd->flags = QXL_SURF_FLAG_KEEP_DATA; |
78 | @@ -528,8 +529,8 @@ int qxl_hw_surface_alloc(struct qxl_device *qdev, |
79 | /* no need to add a release to the fence for this surface bo, |
80 | since it is only released when we ask to destroy the surface |
81 | and it would never signal otherwise */ |
82 | - qxl_push_command_ring_release(qdev, release, QXL_CMD_SURFACE, false); |
83 | qxl_release_fence_buffer_objects(release); |
84 | + qxl_push_command_ring_release(qdev, release, QXL_CMD_SURFACE, false); |
85 | |
86 | surf->hw_surf_alloc = true; |
87 | spin_lock(&qdev->surf_id_idr_lock); |
88 | @@ -571,9 +572,8 @@ int qxl_hw_surface_dealloc(struct qxl_device *qdev, |
89 | cmd->surface_id = id; |
90 | qxl_release_unmap(qdev, release, &cmd->release_info); |
91 | |
92 | - qxl_push_command_ring_release(qdev, release, QXL_CMD_SURFACE, false); |
93 | - |
94 | qxl_release_fence_buffer_objects(release); |
95 | + qxl_push_command_ring_release(qdev, release, QXL_CMD_SURFACE, false); |
96 | |
97 | return 0; |
98 | } |
99 | diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c |
100 | index a61c0d460ec2..f8a1f84c8838 100644 |
101 | --- a/drivers/gpu/drm/qxl/qxl_display.c |
102 | +++ b/drivers/gpu/drm/qxl/qxl_display.c |
103 | @@ -292,8 +292,8 @@ qxl_hide_cursor(struct qxl_device *qdev) |
104 | cmd->type = QXL_CURSOR_HIDE; |
105 | qxl_release_unmap(qdev, release, &cmd->release_info); |
106 | |
107 | - qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
108 | qxl_release_fence_buffer_objects(release); |
109 | + qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
110 | return 0; |
111 | } |
112 | |
113 | @@ -333,8 +333,8 @@ static int qxl_crtc_apply_cursor(struct drm_crtc *crtc) |
114 | cmd->u.set.visible = 1; |
115 | qxl_release_unmap(qdev, release, &cmd->release_info); |
116 | |
117 | - qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
118 | qxl_release_fence_buffer_objects(release); |
119 | + qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
120 | |
121 | return ret; |
122 | |
123 | @@ -436,8 +436,8 @@ static int qxl_crtc_cursor_set2(struct drm_crtc *crtc, |
124 | cmd->u.set.visible = 1; |
125 | qxl_release_unmap(qdev, release, &cmd->release_info); |
126 | |
127 | - qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
128 | qxl_release_fence_buffer_objects(release); |
129 | + qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
130 | |
131 | /* finish with the userspace bo */ |
132 | ret = qxl_bo_reserve(user_bo, false); |
133 | @@ -497,8 +497,8 @@ static int qxl_crtc_cursor_move(struct drm_crtc *crtc, |
134 | cmd->u.position.y = qcrtc->cur_y + qcrtc->hot_spot_y; |
135 | qxl_release_unmap(qdev, release, &cmd->release_info); |
136 | |
137 | - qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
138 | qxl_release_fence_buffer_objects(release); |
139 | + qxl_push_cursor_ring_release(qdev, release, QXL_CMD_CURSOR, false); |
140 | |
141 | return 0; |
142 | } |
143 | diff --git a/drivers/gpu/drm/qxl/qxl_draw.c b/drivers/gpu/drm/qxl/qxl_draw.c |
144 | index 9b728edf1b49..d1407d162877 100644 |
145 | --- a/drivers/gpu/drm/qxl/qxl_draw.c |
146 | +++ b/drivers/gpu/drm/qxl/qxl_draw.c |
147 | @@ -241,8 +241,8 @@ void qxl_draw_opaque_fb(const struct qxl_fb_image *qxl_fb_image, |
148 | qxl_bo_physical_address(qdev, dimage->bo, 0); |
149 | qxl_release_unmap(qdev, release, &drawable->release_info); |
150 | |
151 | - qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
152 | qxl_release_fence_buffer_objects(release); |
153 | + qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
154 | |
155 | out_free_palette: |
156 | if (palette_bo) |
157 | @@ -348,9 +348,10 @@ void qxl_draw_dirty_fb(struct qxl_device *qdev, |
158 | goto out_release_backoff; |
159 | |
160 | rects = drawable_set_clipping(qdev, num_clips, clips_bo); |
161 | - if (!rects) |
162 | + if (!rects) { |
163 | + ret = -EINVAL; |
164 | goto out_release_backoff; |
165 | - |
166 | + } |
167 | drawable = (struct qxl_drawable *)qxl_release_map(qdev, release); |
168 | |
169 | drawable->clip.type = SPICE_CLIP_TYPE_RECTS; |
170 | @@ -381,8 +382,8 @@ void qxl_draw_dirty_fb(struct qxl_device *qdev, |
171 | } |
172 | qxl_bo_kunmap(clips_bo); |
173 | |
174 | - qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
175 | qxl_release_fence_buffer_objects(release); |
176 | + qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
177 | |
178 | out_release_backoff: |
179 | if (ret) |
180 | @@ -432,8 +433,8 @@ void qxl_draw_copyarea(struct qxl_device *qdev, |
181 | drawable->u.copy_bits.src_pos.y = sy; |
182 | qxl_release_unmap(qdev, release, &drawable->release_info); |
183 | |
184 | - qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
185 | qxl_release_fence_buffer_objects(release); |
186 | + qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
187 | |
188 | out_free_release: |
189 | if (ret) |
190 | @@ -476,8 +477,8 @@ void qxl_draw_fill(struct qxl_draw_fill *qxl_draw_fill_rec) |
191 | |
192 | qxl_release_unmap(qdev, release, &drawable->release_info); |
193 | |
194 | - qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
195 | qxl_release_fence_buffer_objects(release); |
196 | + qxl_push_command_ring_release(qdev, release, QXL_CMD_DRAW, false); |
197 | |
198 | out_free_release: |
199 | if (ret) |
200 | diff --git a/drivers/gpu/drm/qxl/qxl_ioctl.c b/drivers/gpu/drm/qxl/qxl_ioctl.c |
201 | index 5a4c8c492683..db0afb0613c9 100644 |
202 | --- a/drivers/gpu/drm/qxl/qxl_ioctl.c |
203 | +++ b/drivers/gpu/drm/qxl/qxl_ioctl.c |
204 | @@ -256,11 +256,8 @@ static int qxl_process_single_command(struct qxl_device *qdev, |
205 | apply_surf_reloc(qdev, &reloc_info[i]); |
206 | } |
207 | |
208 | + qxl_release_fence_buffer_objects(release); |
209 | ret = qxl_push_command_ring_release(qdev, release, cmd->type, true); |
210 | - if (ret) |
211 | - qxl_release_backoff_reserve_list(release); |
212 | - else |
213 | - qxl_release_fence_buffer_objects(release); |
214 | |
215 | out_free_bos: |
216 | out_free_release: |
217 | diff --git a/drivers/infiniband/hw/mlx4/main.c b/drivers/infiniband/hw/mlx4/main.c |
218 | index adc46b809ef2..0555c939c948 100644 |
219 | --- a/drivers/infiniband/hw/mlx4/main.c |
220 | +++ b/drivers/infiniband/hw/mlx4/main.c |
221 | @@ -1589,8 +1589,9 @@ static int __mlx4_ib_create_default_rules( |
222 | int i; |
223 | |
224 | for (i = 0; i < ARRAY_SIZE(pdefault_rules->rules_create_list); i++) { |
225 | + union ib_flow_spec ib_spec = {}; |
226 | int ret; |
227 | - union ib_flow_spec ib_spec; |
228 | + |
229 | switch (pdefault_rules->rules_create_list[i]) { |
230 | case 0: |
231 | /* no rule */ |
232 | diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c |
233 | index c113e46fdc3a..e6ae8d123984 100644 |
234 | --- a/drivers/iommu/amd_iommu_init.c |
235 | +++ b/drivers/iommu/amd_iommu_init.c |
236 | @@ -2574,7 +2574,7 @@ static int __init parse_amd_iommu_intr(char *str) |
237 | { |
238 | for (; *str; ++str) { |
239 | if (strncmp(str, "legacy", 6) == 0) { |
240 | - amd_iommu_guest_ir = AMD_IOMMU_GUEST_IR_LEGACY; |
241 | + amd_iommu_guest_ir = AMD_IOMMU_GUEST_IR_LEGACY_GA; |
242 | break; |
243 | } |
244 | if (strncmp(str, "vapic", 5) == 0) { |
245 | diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c |
246 | index 8f9957d31a3e..1640298d90fd 100644 |
247 | --- a/drivers/md/dm-verity-fec.c |
248 | +++ b/drivers/md/dm-verity-fec.c |
249 | @@ -447,7 +447,7 @@ int verity_fec_decode(struct dm_verity *v, struct dm_verity_io *io, |
250 | fio->level++; |
251 | |
252 | if (type == DM_VERITY_BLOCK_TYPE_METADATA) |
253 | - block += v->data_blocks; |
254 | + block = block - v->hash_start + v->data_blocks; |
255 | |
256 | /* |
257 | * For RS(M, N), the continuous FEC data is divided into blocks of N |
258 | diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c |
259 | index 0d5b667c0e65..a9f58f3867f0 100644 |
260 | --- a/drivers/vfio/vfio_iommu_type1.c |
261 | +++ b/drivers/vfio/vfio_iommu_type1.c |
262 | @@ -229,8 +229,8 @@ static int vaddr_get_pfn(unsigned long vaddr, int prot, unsigned long *pfn) |
263 | vma = find_vma_intersection(current->mm, vaddr, vaddr + 1); |
264 | |
265 | if (vma && vma->vm_flags & VM_PFNMAP) { |
266 | - *pfn = ((vaddr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff; |
267 | - if (is_invalid_reserved_pfn(*pfn)) |
268 | + if (!follow_pfn(vma, vaddr, pfn) && |
269 | + is_invalid_reserved_pfn(*pfn)) |
270 | ret = 0; |
271 | } |
272 | |
273 | diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c |
274 | index 538f378eea52..a83f353e4418 100644 |
275 | --- a/fs/btrfs/extent-tree.c |
276 | +++ b/fs/btrfs/extent-tree.c |
277 | @@ -10645,7 +10645,7 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, |
278 | path = btrfs_alloc_path(); |
279 | if (!path) { |
280 | ret = -ENOMEM; |
281 | - goto out; |
282 | + goto out_put_group; |
283 | } |
284 | |
285 | /* |
286 | @@ -10684,7 +10684,7 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, |
287 | ret = btrfs_orphan_add(trans, inode); |
288 | if (ret) { |
289 | btrfs_add_delayed_iput(inode); |
290 | - goto out; |
291 | + goto out_put_group; |
292 | } |
293 | clear_nlink(inode); |
294 | /* One for the block groups ref */ |
295 | @@ -10707,13 +10707,13 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, |
296 | |
297 | ret = btrfs_search_slot(trans, tree_root, &key, path, -1, 1); |
298 | if (ret < 0) |
299 | - goto out; |
300 | + goto out_put_group; |
301 | if (ret > 0) |
302 | btrfs_release_path(path); |
303 | if (ret == 0) { |
304 | ret = btrfs_del_item(trans, tree_root, path); |
305 | if (ret) |
306 | - goto out; |
307 | + goto out_put_group; |
308 | btrfs_release_path(path); |
309 | } |
310 | |
311 | @@ -10871,9 +10871,9 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, |
312 | |
313 | ret = remove_block_group_free_space(trans, root->fs_info, block_group); |
314 | if (ret) |
315 | - goto out; |
316 | + goto out_put_group; |
317 | |
318 | - btrfs_put_block_group(block_group); |
319 | + /* Once for the block groups rbtree */ |
320 | btrfs_put_block_group(block_group); |
321 | |
322 | ret = btrfs_search_slot(trans, root, &key, path, -1, 1); |
323 | @@ -10883,6 +10883,10 @@ int btrfs_remove_block_group(struct btrfs_trans_handle *trans, |
324 | goto out; |
325 | |
326 | ret = btrfs_del_item(trans, root, path); |
327 | + |
328 | +out_put_group: |
329 | + /* Once for the lookup reference */ |
330 | + btrfs_put_block_group(block_group); |
331 | out: |
332 | btrfs_free_path(path); |
333 | return ret; |
334 | diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
335 | index e049dc682e57..d8780e04aaf0 100644 |
336 | --- a/fs/ext4/inode.c |
337 | +++ b/fs/ext4/inode.c |
338 | @@ -4494,7 +4494,7 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino, |
339 | gid_t i_gid; |
340 | projid_t i_projid; |
341 | |
342 | - if (((flags & EXT4_IGET_NORMAL) && |
343 | + if ((!(flags & EXT4_IGET_SPECIAL) && |
344 | (ino < EXT4_FIRST_INO(sb) && ino != EXT4_ROOT_INO)) || |
345 | (ino < EXT4_ROOT_INO) || |
346 | (ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count))) { |
347 | diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c |
348 | index 720d92f5abfb..6c378435fa29 100644 |
349 | --- a/fs/nfs/nfs3acl.c |
350 | +++ b/fs/nfs/nfs3acl.c |
351 | @@ -252,37 +252,45 @@ int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl, |
352 | |
353 | int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type) |
354 | { |
355 | - struct posix_acl *alloc = NULL, *dfacl = NULL; |
356 | + struct posix_acl *orig = acl, *dfacl = NULL, *alloc; |
357 | int status; |
358 | |
359 | if (S_ISDIR(inode->i_mode)) { |
360 | switch(type) { |
361 | case ACL_TYPE_ACCESS: |
362 | - alloc = dfacl = get_acl(inode, ACL_TYPE_DEFAULT); |
363 | + alloc = get_acl(inode, ACL_TYPE_DEFAULT); |
364 | if (IS_ERR(alloc)) |
365 | goto fail; |
366 | + dfacl = alloc; |
367 | break; |
368 | |
369 | case ACL_TYPE_DEFAULT: |
370 | - dfacl = acl; |
371 | - alloc = acl = get_acl(inode, ACL_TYPE_ACCESS); |
372 | + alloc = get_acl(inode, ACL_TYPE_ACCESS); |
373 | if (IS_ERR(alloc)) |
374 | goto fail; |
375 | + dfacl = acl; |
376 | + acl = alloc; |
377 | break; |
378 | } |
379 | } |
380 | |
381 | if (acl == NULL) { |
382 | - alloc = acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); |
383 | + alloc = posix_acl_from_mode(inode->i_mode, GFP_KERNEL); |
384 | if (IS_ERR(alloc)) |
385 | goto fail; |
386 | + acl = alloc; |
387 | } |
388 | status = __nfs3_proc_setacls(inode, acl, dfacl); |
389 | - posix_acl_release(alloc); |
390 | +out: |
391 | + if (acl != orig) |
392 | + posix_acl_release(acl); |
393 | + if (dfacl != orig) |
394 | + posix_acl_release(dfacl); |
395 | return status; |
396 | |
397 | fail: |
398 | - return PTR_ERR(alloc); |
399 | + status = PTR_ERR(alloc); |
400 | + goto out; |
401 | } |
402 | |
403 | const struct xattr_handler *nfs3_xattr_handlers[] = { |
404 | diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c |
405 | index 81695a492ebe..3c775d6b7317 100644 |
406 | --- a/kernel/power/hibernate.c |
407 | +++ b/kernel/power/hibernate.c |
408 | @@ -892,6 +892,13 @@ static int software_resume(void) |
409 | error = freeze_processes(); |
410 | if (error) |
411 | goto Close_Finish; |
412 | + |
413 | + error = freeze_kernel_threads(); |
414 | + if (error) { |
415 | + thaw_processes(); |
416 | + goto Close_Finish; |
417 | + } |
418 | + |
419 | error = load_image_and_restore(); |
420 | thaw_processes(); |
421 | Finish: |
422 | diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c |
423 | index 772df402c495..a2b63a6a33c7 100644 |
424 | --- a/security/selinux/hooks.c |
425 | +++ b/security/selinux/hooks.c |
426 | @@ -5002,39 +5002,59 @@ static int selinux_tun_dev_open(void *security) |
427 | |
428 | static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) |
429 | { |
430 | - int err = 0; |
431 | - u32 perm; |
432 | + int rc = 0; |
433 | + unsigned int msg_len; |
434 | + unsigned int data_len = skb->len; |
435 | + unsigned char *data = skb->data; |
436 | struct nlmsghdr *nlh; |
437 | struct sk_security_struct *sksec = sk->sk_security; |
438 | + u16 sclass = sksec->sclass; |
439 | + u32 perm; |
440 | |
441 | - if (skb->len < NLMSG_HDRLEN) { |
442 | - err = -EINVAL; |
443 | - goto out; |
444 | - } |
445 | - nlh = nlmsg_hdr(skb); |
446 | + while (data_len >= nlmsg_total_size(0)) { |
447 | + nlh = (struct nlmsghdr *)data; |
448 | |
449 | - err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); |
450 | - if (err) { |
451 | - if (err == -EINVAL) { |
452 | + /* NOTE: the nlmsg_len field isn't reliably set by some netlink |
453 | + * users which means we can't reject skb's with bogus |
454 | + * length fields; our solution is to follow what |
455 | + * netlink_rcv_skb() does and simply skip processing at |
456 | + * messages with length fields that are clearly junk |
457 | + */ |
458 | + if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len) |
459 | + return 0; |
460 | + |
461 | + rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm); |
462 | + if (rc == 0) { |
463 | + rc = sock_has_perm(current, sk, perm); |
464 | + if (rc) |
465 | + return rc; |
466 | + } else if (rc == -EINVAL) { |
467 | + /* -EINVAL is a missing msg/perm mapping */ |
468 | pr_warn_ratelimited("SELinux: unrecognized netlink" |
469 | - " message: protocol=%hu nlmsg_type=%hu sclass=%s" |
470 | - " pig=%d comm=%s\n", |
471 | - sk->sk_protocol, nlh->nlmsg_type, |
472 | - secclass_map[sksec->sclass - 1].name, |
473 | - task_pid_nr(current), current->comm); |
474 | - if (!selinux_enforcing || security_get_allow_unknown()) |
475 | - err = 0; |
476 | + " message: protocol=%hu nlmsg_type=%hu sclass=%s" |
477 | + " pid=%d comm=%s\n", |
478 | + sk->sk_protocol, nlh->nlmsg_type, |
479 | + secclass_map[sclass - 1].name, |
480 | + task_pid_nr(current), current->comm); |
481 | + if (selinux_enforcing && !security_get_allow_unknown()) |
482 | + return rc; |
483 | + rc = 0; |
484 | + } else if (rc == -ENOENT) { |
485 | + /* -ENOENT is a missing socket/class mapping, ignore */ |
486 | + rc = 0; |
487 | + } else { |
488 | + return rc; |
489 | } |
490 | |
491 | - /* Ignore */ |
492 | - if (err == -ENOENT) |
493 | - err = 0; |
494 | - goto out; |
495 | + /* move to the next message after applying netlink padding */ |
496 | + msg_len = NLMSG_ALIGN(nlh->nlmsg_len); |
497 | + if (msg_len >= data_len) |
498 | + return 0; |
499 | + data_len -= msg_len; |
500 | + data += msg_len; |
501 | } |
502 | |
503 | - err = sock_has_perm(current, sk, perm); |
504 | -out: |
505 | - return err; |
506 | + return rc; |
507 | } |
508 | |
509 | #ifdef CONFIG_NETFILTER |
510 | diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c |
511 | index 7c5d124d538c..6a7cbad90222 100644 |
512 | --- a/sound/core/oss/pcm_plugin.c |
513 | +++ b/sound/core/oss/pcm_plugin.c |
514 | @@ -211,21 +211,23 @@ static snd_pcm_sframes_t plug_client_size(struct snd_pcm_substream *plug, |
515 | if (stream == SNDRV_PCM_STREAM_PLAYBACK) { |
516 | plugin = snd_pcm_plug_last(plug); |
517 | while (plugin && drv_frames > 0) { |
518 | - if (check_size && drv_frames > plugin->buf_frames) |
519 | - drv_frames = plugin->buf_frames; |
520 | plugin_prev = plugin->prev; |
521 | if (plugin->src_frames) |
522 | drv_frames = plugin->src_frames(plugin, drv_frames); |
523 | + if (check_size && plugin->buf_frames && |
524 | + drv_frames > plugin->buf_frames) |
525 | + drv_frames = plugin->buf_frames; |
526 | plugin = plugin_prev; |
527 | } |
528 | } else if (stream == SNDRV_PCM_STREAM_CAPTURE) { |
529 | plugin = snd_pcm_plug_first(plug); |
530 | while (plugin && drv_frames > 0) { |
531 | plugin_next = plugin->next; |
532 | + if (check_size && plugin->buf_frames && |
533 | + drv_frames > plugin->buf_frames) |
534 | + drv_frames = plugin->buf_frames; |
535 | if (plugin->dst_frames) |
536 | drv_frames = plugin->dst_frames(plugin, drv_frames); |
537 | - if (check_size && drv_frames > plugin->buf_frames) |
538 | - drv_frames = plugin->buf_frames; |
539 | plugin = plugin_next; |
540 | } |
541 | } else |
542 | @@ -251,26 +253,28 @@ static snd_pcm_sframes_t plug_slave_size(struct snd_pcm_substream *plug, |
543 | plugin = snd_pcm_plug_first(plug); |
544 | while (plugin && frames > 0) { |
545 | plugin_next = plugin->next; |
546 | + if (check_size && plugin->buf_frames && |
547 | + frames > plugin->buf_frames) |
548 | + frames = plugin->buf_frames; |
549 | if (plugin->dst_frames) { |
550 | frames = plugin->dst_frames(plugin, frames); |
551 | if (frames < 0) |
552 | return frames; |
553 | } |
554 | - if (check_size && frames > plugin->buf_frames) |
555 | - frames = plugin->buf_frames; |
556 | plugin = plugin_next; |
557 | } |
558 | } else if (stream == SNDRV_PCM_STREAM_CAPTURE) { |
559 | plugin = snd_pcm_plug_last(plug); |
560 | while (plugin) { |
561 | - if (check_size && frames > plugin->buf_frames) |
562 | - frames = plugin->buf_frames; |
563 | plugin_prev = plugin->prev; |
564 | if (plugin->src_frames) { |
565 | frames = plugin->src_frames(plugin, frames); |
566 | if (frames < 0) |
567 | return frames; |
568 | } |
569 | + if (check_size && plugin->buf_frames && |
570 | + frames > plugin->buf_frames) |
571 | + frames = plugin->buf_frames; |
572 | plugin = plugin_prev; |
573 | } |
574 | } else |
575 | diff --git a/sound/isa/opti9xx/miro.c b/sound/isa/opti9xx/miro.c |
576 | index 3a9067db1a84..7fbac24607bc 100644 |
577 | --- a/sound/isa/opti9xx/miro.c |
578 | +++ b/sound/isa/opti9xx/miro.c |
579 | @@ -875,10 +875,13 @@ static void snd_miro_write(struct snd_miro *chip, unsigned char reg, |
580 | spin_unlock_irqrestore(&chip->lock, flags); |
581 | } |
582 | |
583 | +static inline void snd_miro_write_mask(struct snd_miro *chip, |
584 | + unsigned char reg, unsigned char value, unsigned char mask) |
585 | +{ |
586 | + unsigned char oldval = snd_miro_read(chip, reg); |
587 | |
588 | -#define snd_miro_write_mask(chip, reg, value, mask) \ |
589 | - snd_miro_write(chip, reg, \ |
590 | - (snd_miro_read(chip, reg) & ~(mask)) | ((value) & (mask))) |
591 | + snd_miro_write(chip, reg, (oldval & ~mask) | (value & mask)); |
592 | +} |
593 | |
594 | /* |
595 | * Proc Interface |
596 | diff --git a/sound/isa/opti9xx/opti92x-ad1848.c b/sound/isa/opti9xx/opti92x-ad1848.c |
597 | index 0a5266003786..6777ae84b59e 100644 |
598 | --- a/sound/isa/opti9xx/opti92x-ad1848.c |
599 | +++ b/sound/isa/opti9xx/opti92x-ad1848.c |
600 | @@ -327,10 +327,13 @@ static void snd_opti9xx_write(struct snd_opti9xx *chip, unsigned char reg, |
601 | } |
602 | |
603 | |
604 | -#define snd_opti9xx_write_mask(chip, reg, value, mask) \ |
605 | - snd_opti9xx_write(chip, reg, \ |
606 | - (snd_opti9xx_read(chip, reg) & ~(mask)) | ((value) & (mask))) |
607 | +static inline void snd_opti9xx_write_mask(struct snd_opti9xx *chip, |
608 | + unsigned char reg, unsigned char value, unsigned char mask) |
609 | +{ |
610 | + unsigned char oldval = snd_opti9xx_read(chip, reg); |
611 | |
612 | + snd_opti9xx_write(chip, reg, (oldval & ~mask) | (value & mask)); |
613 | +} |
614 | |
615 | static int snd_opti9xx_configure(struct snd_opti9xx *chip, |
616 | long port, |
617 | diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c |
618 | index 7a2943a338bf..e19f447e27ae 100644 |
619 | --- a/sound/pci/hda/patch_hdmi.c |
620 | +++ b/sound/pci/hda/patch_hdmi.c |
621 | @@ -1699,8 +1699,10 @@ static bool check_non_pcm_per_cvt(struct hda_codec *codec, hda_nid_t cvt_nid) |
622 | /* Add sanity check to pass klockwork check. |
623 | * This should never happen. |
624 | */ |
625 | - if (WARN_ON(spdif == NULL)) |
626 | + if (WARN_ON(spdif == NULL)) { |
627 | + mutex_unlock(&codec->spdif_mutex); |
628 | return true; |
629 | + } |
630 | non_pcm = !!(spdif->status & IEC958_AES0_NONAUDIO); |
631 | mutex_unlock(&codec->spdif_mutex); |
632 | return non_pcm; |