Annotation of /trunk/kernel-alx-legacy/patches-4.9/0323-4.9.224-all-fixes.patch
Parent Directory | Revision Log
Revision 3608 -
(hide annotations)
(download)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 106010 byte(s)
Fri Aug 14 07:34:29 2020 UTC (4 years, 1 month ago) by niro
File size: 106010 byte(s)
-added kerenl-alx-legacy pkg
1 | niro | 3608 | diff --git a/Makefile b/Makefile |
2 | index 2a923301987e..3e58c142f92f 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,6 +1,6 @@ | ||
6 | VERSION = 4 | ||
7 | PATCHLEVEL = 9 | ||
8 | -SUBLEVEL = 223 | ||
9 | +SUBLEVEL = 224 | ||
10 | EXTRAVERSION = | ||
11 | NAME = Roaring Lionus | ||
12 | |||
13 | @@ -658,20 +658,14 @@ KBUILD_CFLAGS += $(call cc-option,-fdata-sections,) | ||
14 | endif | ||
15 | |||
16 | ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE | ||
17 | -KBUILD_CFLAGS += -Os $(call cc-disable-warning,maybe-uninitialized,) | ||
18 | -else | ||
19 | -ifdef CONFIG_PROFILE_ALL_BRANCHES | ||
20 | -KBUILD_CFLAGS += -O2 $(call cc-disable-warning,maybe-uninitialized,) | ||
21 | +KBUILD_CFLAGS += -Os | ||
22 | else | ||
23 | KBUILD_CFLAGS += -O2 | ||
24 | endif | ||
25 | -endif | ||
26 | - | ||
27 | -KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0409, \ | ||
28 | - $(call cc-disable-warning,maybe-uninitialized,)) | ||
29 | |||
30 | # Tell gcc to never replace conditional load with a non-conditional one | ||
31 | KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) | ||
32 | +KBUILD_CFLAGS += $(call cc-option,-fno-allow-store-data-races) | ||
33 | |||
34 | # check for 'asm goto' | ||
35 | ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC) $(KBUILD_CFLAGS)), y) | ||
36 | @@ -804,6 +798,17 @@ KBUILD_CFLAGS += $(call cc-disable-warning, pointer-sign) | ||
37 | # disable stringop warnings in gcc 8+ | ||
38 | KBUILD_CFLAGS += $(call cc-disable-warning, stringop-truncation) | ||
39 | |||
40 | +# We'll want to enable this eventually, but it's not going away for 5.7 at least | ||
41 | +KBUILD_CFLAGS += $(call cc-disable-warning, zero-length-bounds) | ||
42 | +KBUILD_CFLAGS += $(call cc-disable-warning, array-bounds) | ||
43 | +KBUILD_CFLAGS += $(call cc-disable-warning, stringop-overflow) | ||
44 | + | ||
45 | +# Another good warning that we'll want to enable eventually | ||
46 | +KBUILD_CFLAGS += $(call cc-disable-warning, restrict) | ||
47 | + | ||
48 | +# Enabled with W=2, disabled by default as noisy | ||
49 | +KBUILD_CFLAGS += $(call cc-disable-warning, maybe-uninitialized) | ||
50 | + | ||
51 | # disable invalid "can't wrap" optimizations for signed / pointers | ||
52 | KBUILD_CFLAGS += $(call cc-option,-fno-strict-overflow) | ||
53 | |||
54 | diff --git a/arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts b/arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | ||
55 | index bfd4946cf9fe..8b63b6593d3a 100644 | ||
56 | --- a/arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | ||
57 | +++ b/arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | ||
58 | @@ -81,8 +81,8 @@ | ||
59 | imx27-phycard-s-rdk { | ||
60 | pinctrl_i2c1: i2c1grp { | ||
61 | fsl,pins = < | ||
62 | - MX27_PAD_I2C2_SDA__I2C2_SDA 0x0 | ||
63 | - MX27_PAD_I2C2_SCL__I2C2_SCL 0x0 | ||
64 | + MX27_PAD_I2C_DATA__I2C_DATA 0x0 | ||
65 | + MX27_PAD_I2C_CLK__I2C_CLK 0x0 | ||
66 | >; | ||
67 | }; | ||
68 | |||
69 | diff --git a/arch/arm/boot/dts/r8a73a4.dtsi b/arch/arm/boot/dts/r8a73a4.dtsi | ||
70 | index ca8672778fe0..547032eebd67 100644 | ||
71 | --- a/arch/arm/boot/dts/r8a73a4.dtsi | ||
72 | +++ b/arch/arm/boot/dts/r8a73a4.dtsi | ||
73 | @@ -135,7 +135,14 @@ | ||
74 | cmt1: timer@e6130000 { | ||
75 | compatible = "renesas,cmt-48-r8a73a4", "renesas,cmt-48-gen2"; | ||
76 | reg = <0 0xe6130000 0 0x1004>; | ||
77 | - interrupts = <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>; | ||
78 | + interrupts = <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>, | ||
79 | + <GIC_SPI 121 IRQ_TYPE_LEVEL_HIGH>, | ||
80 | + <GIC_SPI 122 IRQ_TYPE_LEVEL_HIGH>, | ||
81 | + <GIC_SPI 123 IRQ_TYPE_LEVEL_HIGH>, | ||
82 | + <GIC_SPI 124 IRQ_TYPE_LEVEL_HIGH>, | ||
83 | + <GIC_SPI 125 IRQ_TYPE_LEVEL_HIGH>, | ||
84 | + <GIC_SPI 126 IRQ_TYPE_LEVEL_HIGH>, | ||
85 | + <GIC_SPI 127 IRQ_TYPE_LEVEL_HIGH>; | ||
86 | clocks = <&mstp3_clks R8A73A4_CLK_CMT1>; | ||
87 | clock-names = "fck"; | ||
88 | power-domains = <&pd_c5>; | ||
89 | diff --git a/arch/arm/boot/dts/r8a7740.dtsi b/arch/arm/boot/dts/r8a7740.dtsi | ||
90 | index 159e04eb1b9e..41244942f085 100644 | ||
91 | --- a/arch/arm/boot/dts/r8a7740.dtsi | ||
92 | +++ b/arch/arm/boot/dts/r8a7740.dtsi | ||
93 | @@ -467,7 +467,7 @@ | ||
94 | cpg_clocks: cpg_clocks@e6150000 { | ||
95 | compatible = "renesas,r8a7740-cpg-clocks"; | ||
96 | reg = <0xe6150000 0x10000>; | ||
97 | - clocks = <&extal1_clk>, <&extalr_clk>; | ||
98 | + clocks = <&extal1_clk>, <&extal2_clk>, <&extalr_clk>; | ||
99 | #clock-cells = <1>; | ||
100 | clock-output-names = "system", "pllc0", "pllc1", | ||
101 | "pllc2", "r", | ||
102 | diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h | ||
103 | index 58505f01962f..743bd2d77e51 100644 | ||
104 | --- a/arch/x86/include/asm/stackprotector.h | ||
105 | +++ b/arch/x86/include/asm/stackprotector.h | ||
106 | @@ -54,8 +54,13 @@ | ||
107 | /* | ||
108 | * Initialize the stackprotector canary value. | ||
109 | * | ||
110 | - * NOTE: this must only be called from functions that never return, | ||
111 | + * NOTE: this must only be called from functions that never return | ||
112 | * and it must always be inlined. | ||
113 | + * | ||
114 | + * In addition, it should be called from a compilation unit for which | ||
115 | + * stack protector is disabled. Alternatively, the caller should not end | ||
116 | + * with a function call which gets tail-call optimized as that would | ||
117 | + * lead to checking a modified canary value. | ||
118 | */ | ||
119 | static __always_inline void boot_init_stack_canary(void) | ||
120 | { | ||
121 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c | ||
122 | index ef38bc1d1c00..fe5896259c0f 100644 | ||
123 | --- a/arch/x86/kernel/smpboot.c | ||
124 | +++ b/arch/x86/kernel/smpboot.c | ||
125 | @@ -249,6 +249,14 @@ static void notrace start_secondary(void *unused) | ||
126 | |||
127 | wmb(); | ||
128 | cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); | ||
129 | + | ||
130 | + /* | ||
131 | + * Prevent tail call to cpu_startup_entry() because the stack protector | ||
132 | + * guard has been changed a couple of function calls up, in | ||
133 | + * boot_init_stack_canary() and must not be checked before tail calling | ||
134 | + * another function. | ||
135 | + */ | ||
136 | + prevent_tail_call_optimization(); | ||
137 | } | ||
138 | |||
139 | /** | ||
140 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | ||
141 | index 314eb954bdee..0f66f7dd8938 100644 | ||
142 | --- a/arch/x86/kvm/x86.c | ||
143 | +++ b/arch/x86/kvm/x86.c | ||
144 | @@ -3128,7 +3128,7 @@ static int kvm_vcpu_ioctl_x86_setup_mce(struct kvm_vcpu *vcpu, | ||
145 | unsigned bank_num = mcg_cap & 0xff, bank; | ||
146 | |||
147 | r = -EINVAL; | ||
148 | - if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS) | ||
149 | + if (!bank_num || bank_num > KVM_MAX_MCE_BANKS) | ||
150 | goto out; | ||
151 | if (mcg_cap & ~(kvm_mce_cap_supported | 0xff | 0xff0000)) | ||
152 | goto out; | ||
153 | diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c | ||
154 | index 8eca26ef6471..15a90ab3b373 100644 | ||
155 | --- a/arch/x86/xen/smp.c | ||
156 | +++ b/arch/x86/xen/smp.c | ||
157 | @@ -116,6 +116,7 @@ asmlinkage __visible void cpu_bringup_and_idle(int cpu) | ||
158 | #endif | ||
159 | cpu_bringup(); | ||
160 | cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); | ||
161 | + prevent_tail_call_optimization(); | ||
162 | } | ||
163 | |||
164 | void xen_smp_intr_free(unsigned int cpu) | ||
165 | diff --git a/block/blk-core.c b/block/blk-core.c | ||
166 | index bdb906bbfe19..4987f312a95f 100644 | ||
167 | --- a/block/blk-core.c | ||
168 | +++ b/block/blk-core.c | ||
169 | @@ -729,6 +729,9 @@ struct request_queue *blk_alloc_queue_node(gfp_t gfp_mask, int node_id) | ||
170 | |||
171 | kobject_init(&q->kobj, &blk_queue_ktype); | ||
172 | |||
173 | +#ifdef CONFIG_BLK_DEV_IO_TRACE | ||
174 | + mutex_init(&q->blk_trace_mutex); | ||
175 | +#endif | ||
176 | mutex_init(&q->sysfs_lock); | ||
177 | spin_lock_init(&q->__queue_lock); | ||
178 | |||
179 | diff --git a/crypto/lrw.c b/crypto/lrw.c | ||
180 | index d38a382b09eb..fc3d4fec8ddd 100644 | ||
181 | --- a/crypto/lrw.c | ||
182 | +++ b/crypto/lrw.c | ||
183 | @@ -377,7 +377,7 @@ out_put_alg: | ||
184 | return inst; | ||
185 | } | ||
186 | |||
187 | -static void free(struct crypto_instance *inst) | ||
188 | +static void free_inst(struct crypto_instance *inst) | ||
189 | { | ||
190 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
191 | kfree(inst); | ||
192 | @@ -386,7 +386,7 @@ static void free(struct crypto_instance *inst) | ||
193 | static struct crypto_template crypto_tmpl = { | ||
194 | .name = "lrw", | ||
195 | .alloc = alloc, | ||
196 | - .free = free, | ||
197 | + .free = free_inst, | ||
198 | .module = THIS_MODULE, | ||
199 | }; | ||
200 | |||
201 | diff --git a/crypto/xts.c b/crypto/xts.c | ||
202 | index 305343f22a02..e41ed483e8a5 100644 | ||
203 | --- a/crypto/xts.c | ||
204 | +++ b/crypto/xts.c | ||
205 | @@ -329,7 +329,7 @@ out_put_alg: | ||
206 | return inst; | ||
207 | } | ||
208 | |||
209 | -static void free(struct crypto_instance *inst) | ||
210 | +static void free_inst(struct crypto_instance *inst) | ||
211 | { | ||
212 | crypto_drop_spawn(crypto_instance_ctx(inst)); | ||
213 | kfree(inst); | ||
214 | @@ -338,7 +338,7 @@ static void free(struct crypto_instance *inst) | ||
215 | static struct crypto_template crypto_tmpl = { | ||
216 | .name = "xts", | ||
217 | .alloc = alloc, | ||
218 | - .free = free, | ||
219 | + .free = free_inst, | ||
220 | .module = THIS_MODULE, | ||
221 | }; | ||
222 | |||
223 | diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c | ||
224 | index cdc47375178e..25f02f5fe0fd 100644 | ||
225 | --- a/drivers/acpi/video_detect.c | ||
226 | +++ b/drivers/acpi/video_detect.c | ||
227 | @@ -314,17 +314,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = { | ||
228 | DMI_MATCH(DMI_PRODUCT_NAME, "Dell System XPS L702X"), | ||
229 | }, | ||
230 | }, | ||
231 | - { | ||
232 | - /* https://bugzilla.redhat.com/show_bug.cgi?id=1204476 */ | ||
233 | - /* https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1416940 */ | ||
234 | - .callback = video_detect_force_native, | ||
235 | - .ident = "HP Pavilion dv6", | ||
236 | - .matches = { | ||
237 | - DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), | ||
238 | - DMI_MATCH(DMI_PRODUCT_NAME, "HP Pavilion dv6 Notebook PC"), | ||
239 | - }, | ||
240 | - }, | ||
241 | - | ||
242 | { }, | ||
243 | }; | ||
244 | |||
245 | diff --git a/drivers/dma/mmp_tdma.c b/drivers/dma/mmp_tdma.c | ||
246 | index 13c68b6434ce..15b4a44e6006 100644 | ||
247 | --- a/drivers/dma/mmp_tdma.c | ||
248 | +++ b/drivers/dma/mmp_tdma.c | ||
249 | @@ -362,6 +362,8 @@ static void mmp_tdma_free_descriptor(struct mmp_tdma_chan *tdmac) | ||
250 | gen_pool_free(gpool, (unsigned long)tdmac->desc_arr, | ||
251 | size); | ||
252 | tdmac->desc_arr = NULL; | ||
253 | + if (tdmac->status == DMA_ERROR) | ||
254 | + tdmac->status = DMA_COMPLETE; | ||
255 | |||
256 | return; | ||
257 | } | ||
258 | diff --git a/drivers/dma/pch_dma.c b/drivers/dma/pch_dma.c | ||
259 | index df95727dc2fb..8a0c70e4f727 100644 | ||
260 | --- a/drivers/dma/pch_dma.c | ||
261 | +++ b/drivers/dma/pch_dma.c | ||
262 | @@ -876,6 +876,7 @@ static int pch_dma_probe(struct pci_dev *pdev, | ||
263 | } | ||
264 | |||
265 | pci_set_master(pdev); | ||
266 | + pd->dma.dev = &pdev->dev; | ||
267 | |||
268 | err = request_irq(pdev->irq, pd_irq, IRQF_SHARED, DRV_NAME, pd); | ||
269 | if (err) { | ||
270 | @@ -891,7 +892,6 @@ static int pch_dma_probe(struct pci_dev *pdev, | ||
271 | goto err_free_irq; | ||
272 | } | ||
273 | |||
274 | - pd->dma.dev = &pdev->dev; | ||
275 | |||
276 | INIT_LIST_HEAD(&pd->dma.channels); | ||
277 | |||
278 | diff --git a/drivers/gpu/drm/qxl/qxl_image.c b/drivers/gpu/drm/qxl/qxl_image.c | ||
279 | index 7fbcc35e8ad3..c89c10055641 100644 | ||
280 | --- a/drivers/gpu/drm/qxl/qxl_image.c | ||
281 | +++ b/drivers/gpu/drm/qxl/qxl_image.c | ||
282 | @@ -210,7 +210,8 @@ qxl_image_init_helper(struct qxl_device *qdev, | ||
283 | break; | ||
284 | default: | ||
285 | DRM_ERROR("unsupported image bit depth\n"); | ||
286 | - return -EINVAL; /* TODO: cleanup */ | ||
287 | + qxl_bo_kunmap_atomic_page(qdev, image_bo, ptr); | ||
288 | + return -EINVAL; | ||
289 | } | ||
290 | image->u.bitmap.flags = QXL_BITMAP_TOP_DOWN; | ||
291 | image->u.bitmap.x = width; | ||
292 | diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c | ||
293 | index f7d23c1081dc..68eed45b8600 100644 | ||
294 | --- a/drivers/infiniband/core/addr.c | ||
295 | +++ b/drivers/infiniband/core/addr.c | ||
296 | @@ -453,16 +453,15 @@ static int addr6_resolve(struct sockaddr_in6 *src_in, | ||
297 | struct flowi6 fl6; | ||
298 | struct dst_entry *dst; | ||
299 | struct rt6_info *rt; | ||
300 | - int ret; | ||
301 | |||
302 | memset(&fl6, 0, sizeof fl6); | ||
303 | fl6.daddr = dst_in->sin6_addr; | ||
304 | fl6.saddr = src_in->sin6_addr; | ||
305 | fl6.flowi6_oif = addr->bound_dev_if; | ||
306 | |||
307 | - ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6); | ||
308 | - if (ret < 0) | ||
309 | - return ret; | ||
310 | + dst = ipv6_stub->ipv6_dst_lookup_flow(addr->net, NULL, &fl6, NULL); | ||
311 | + if (IS_ERR(dst)) | ||
312 | + return PTR_ERR(dst); | ||
313 | |||
314 | rt = (struct rt6_info *)dst; | ||
315 | if (ipv6_addr_any(&src_in->sin6_addr)) { | ||
316 | @@ -552,6 +551,7 @@ static int addr_resolve(struct sockaddr *src_in, | ||
317 | const struct sockaddr_in6 *dst_in6 = | ||
318 | (const struct sockaddr_in6 *)dst_in; | ||
319 | |||
320 | + dst = NULL; | ||
321 | ret = addr6_resolve((struct sockaddr_in6 *)src_in, | ||
322 | dst_in6, addr, | ||
323 | &dst); | ||
324 | diff --git a/drivers/infiniband/hw/i40iw/i40iw_hw.c b/drivers/infiniband/hw/i40iw/i40iw_hw.c | ||
325 | index 0c92a40b3e86..e4867d6de789 100644 | ||
326 | --- a/drivers/infiniband/hw/i40iw/i40iw_hw.c | ||
327 | +++ b/drivers/infiniband/hw/i40iw/i40iw_hw.c | ||
328 | @@ -479,7 +479,7 @@ void i40iw_manage_arp_cache(struct i40iw_device *iwdev, | ||
329 | int arp_index; | ||
330 | |||
331 | arp_index = i40iw_arp_table(iwdev, ip_addr, ipv4, mac_addr, action); | ||
332 | - if (arp_index == -1) | ||
333 | + if (arp_index < 0) | ||
334 | return; | ||
335 | cqp_request = i40iw_get_cqp_request(&iwdev->cqp, false); | ||
336 | if (!cqp_request) | ||
337 | diff --git a/drivers/infiniband/hw/mlx4/qp.c b/drivers/infiniband/hw/mlx4/qp.c | ||
338 | index 709d6491d243..7284a9176844 100644 | ||
339 | --- a/drivers/infiniband/hw/mlx4/qp.c | ||
340 | +++ b/drivers/infiniband/hw/mlx4/qp.c | ||
341 | @@ -2307,6 +2307,7 @@ static int build_sriov_qp0_header(struct mlx4_ib_sqp *sqp, | ||
342 | int send_size; | ||
343 | int header_size; | ||
344 | int spc; | ||
345 | + int err; | ||
346 | int i; | ||
347 | |||
348 | if (wr->wr.opcode != IB_WR_SEND) | ||
349 | @@ -2341,7 +2342,9 @@ static int build_sriov_qp0_header(struct mlx4_ib_sqp *sqp, | ||
350 | |||
351 | sqp->ud_header.lrh.virtual_lane = 0; | ||
352 | sqp->ud_header.bth.solicited_event = !!(wr->wr.send_flags & IB_SEND_SOLICITED); | ||
353 | - ib_get_cached_pkey(ib_dev, sqp->qp.port, 0, &pkey); | ||
354 | + err = ib_get_cached_pkey(ib_dev, sqp->qp.port, 0, &pkey); | ||
355 | + if (err) | ||
356 | + return err; | ||
357 | sqp->ud_header.bth.pkey = cpu_to_be16(pkey); | ||
358 | if (sqp->qp.mlx4_ib_qp_type == MLX4_IB_QPT_TUN_SMI_OWNER) | ||
359 | sqp->ud_header.bth.destination_qpn = cpu_to_be32(wr->remote_qpn); | ||
360 | @@ -2618,9 +2621,14 @@ static int build_mlx_header(struct mlx4_ib_sqp *sqp, struct ib_ud_wr *wr, | ||
361 | } | ||
362 | sqp->ud_header.bth.solicited_event = !!(wr->wr.send_flags & IB_SEND_SOLICITED); | ||
363 | if (!sqp->qp.ibqp.qp_num) | ||
364 | - ib_get_cached_pkey(ib_dev, sqp->qp.port, sqp->pkey_index, &pkey); | ||
365 | + err = ib_get_cached_pkey(ib_dev, sqp->qp.port, sqp->pkey_index, | ||
366 | + &pkey); | ||
367 | else | ||
368 | - ib_get_cached_pkey(ib_dev, sqp->qp.port, wr->pkey_index, &pkey); | ||
369 | + err = ib_get_cached_pkey(ib_dev, sqp->qp.port, wr->pkey_index, | ||
370 | + &pkey); | ||
371 | + if (err) | ||
372 | + return err; | ||
373 | + | ||
374 | sqp->ud_header.bth.pkey = cpu_to_be16(pkey); | ||
375 | sqp->ud_header.bth.destination_qpn = cpu_to_be32(wr->remote_qpn); | ||
376 | sqp->ud_header.bth.psn = cpu_to_be32((sqp->send_psn++) & ((1 << 24) - 1)); | ||
377 | diff --git a/drivers/infiniband/sw/rxe/rxe_net.c b/drivers/infiniband/sw/rxe/rxe_net.c | ||
378 | index f4f3942ebbd1..d19e003e8381 100644 | ||
379 | --- a/drivers/infiniband/sw/rxe/rxe_net.c | ||
380 | +++ b/drivers/infiniband/sw/rxe/rxe_net.c | ||
381 | @@ -182,10 +182,12 @@ static struct dst_entry *rxe_find_route6(struct net_device *ndev, | ||
382 | memcpy(&fl6.daddr, daddr, sizeof(*daddr)); | ||
383 | fl6.flowi6_proto = IPPROTO_UDP; | ||
384 | |||
385 | - if (unlikely(ipv6_stub->ipv6_dst_lookup(sock_net(recv_sockets.sk6->sk), | ||
386 | - recv_sockets.sk6->sk, &ndst, &fl6))) { | ||
387 | + ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk), | ||
388 | + recv_sockets.sk6->sk, &fl6, | ||
389 | + NULL); | ||
390 | + if (unlikely(IS_ERR(ndst))) { | ||
391 | pr_err_ratelimited("no route to %pI6\n", daddr); | ||
392 | - goto put; | ||
393 | + return NULL; | ||
394 | } | ||
395 | |||
396 | if (unlikely(ndst->error)) { | ||
397 | diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c | ||
398 | index 736e550163e1..421cbba9a3bc 100644 | ||
399 | --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c | ||
400 | +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c | ||
401 | @@ -5997,6 +5997,7 @@ static netdev_features_t bnxt_fix_features(struct net_device *dev, | ||
402 | netdev_features_t features) | ||
403 | { | ||
404 | struct bnxt *bp = netdev_priv(dev); | ||
405 | + netdev_features_t vlan_features; | ||
406 | |||
407 | if ((features & NETIF_F_NTUPLE) && !bnxt_rfs_capable(bp)) | ||
408 | features &= ~NETIF_F_NTUPLE; | ||
409 | @@ -6004,12 +6005,14 @@ static netdev_features_t bnxt_fix_features(struct net_device *dev, | ||
410 | /* Both CTAG and STAG VLAN accelaration on the RX side have to be | ||
411 | * turned on or off together. | ||
412 | */ | ||
413 | - if ((features & (NETIF_F_HW_VLAN_CTAG_RX | NETIF_F_HW_VLAN_STAG_RX)) != | ||
414 | - (NETIF_F_HW_VLAN_CTAG_RX | NETIF_F_HW_VLAN_STAG_RX)) { | ||
415 | + vlan_features = features & (NETIF_F_HW_VLAN_CTAG_RX | | ||
416 | + NETIF_F_HW_VLAN_STAG_RX); | ||
417 | + if (vlan_features != (NETIF_F_HW_VLAN_CTAG_RX | | ||
418 | + NETIF_F_HW_VLAN_STAG_RX)) { | ||
419 | if (dev->features & NETIF_F_HW_VLAN_CTAG_RX) | ||
420 | features &= ~(NETIF_F_HW_VLAN_CTAG_RX | | ||
421 | NETIF_F_HW_VLAN_STAG_RX); | ||
422 | - else | ||
423 | + else if (vlan_features) | ||
424 | features |= NETIF_F_HW_VLAN_CTAG_RX | | ||
425 | NETIF_F_HW_VLAN_STAG_RX; | ||
426 | } | ||
427 | @@ -7163,8 +7166,11 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev) | ||
428 | result = PCI_ERS_RESULT_RECOVERED; | ||
429 | } | ||
430 | |||
431 | - if (result != PCI_ERS_RESULT_RECOVERED && netif_running(netdev)) | ||
432 | - dev_close(netdev); | ||
433 | + if (result != PCI_ERS_RESULT_RECOVERED) { | ||
434 | + if (netif_running(netdev)) | ||
435 | + dev_close(netdev); | ||
436 | + pci_disable_device(pdev); | ||
437 | + } | ||
438 | |||
439 | rtnl_unlock(); | ||
440 | |||
441 | @@ -7175,7 +7181,7 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev) | ||
442 | err); /* non-fatal, continue */ | ||
443 | } | ||
444 | |||
445 | - return PCI_ERS_RESULT_RECOVERED; | ||
446 | + return result; | ||
447 | } | ||
448 | |||
449 | /** | ||
450 | diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c | ||
451 | index 781642d47133..751aac54f2d5 100644 | ||
452 | --- a/drivers/net/ethernet/mellanox/mlx4/main.c | ||
453 | +++ b/drivers/net/ethernet/mellanox/mlx4/main.c | ||
454 | @@ -2478,6 +2478,7 @@ static int mlx4_allocate_default_counters(struct mlx4_dev *dev) | ||
455 | |||
456 | if (!err || err == -ENOSPC) { | ||
457 | priv->def_counter[port] = idx; | ||
458 | + err = 0; | ||
459 | } else if (err == -ENOENT) { | ||
460 | err = 0; | ||
461 | continue; | ||
462 | @@ -2527,7 +2528,8 @@ int mlx4_counter_alloc(struct mlx4_dev *dev, u32 *idx) | ||
463 | MLX4_CMD_TIME_CLASS_A, MLX4_CMD_WRAPPED); | ||
464 | if (!err) | ||
465 | *idx = get_param_l(&out_param); | ||
466 | - | ||
467 | + if (WARN_ON(err == -ENOSPC)) | ||
468 | + err = -EINVAL; | ||
469 | return err; | ||
470 | } | ||
471 | return __mlx4_counter_alloc(dev, idx); | ||
472 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c | ||
473 | index 1d5263c46eee..bb142a13d9f2 100644 | ||
474 | --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c | ||
475 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c | ||
476 | @@ -813,7 +813,6 @@ static void cmd_work_handler(struct work_struct *work) | ||
477 | } | ||
478 | |||
479 | cmd->ent_arr[ent->idx] = ent; | ||
480 | - set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state); | ||
481 | lay = get_inst(cmd, ent->idx); | ||
482 | ent->lay = lay; | ||
483 | memset(lay, 0, sizeof(*lay)); | ||
484 | @@ -835,6 +834,7 @@ static void cmd_work_handler(struct work_struct *work) | ||
485 | |||
486 | if (ent->callback) | ||
487 | schedule_delayed_work(&ent->cb_timeout_work, cb_timeout); | ||
488 | + set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state); | ||
489 | |||
490 | /* Skip sending command to fw if internal error */ | ||
491 | if (pci_channel_offline(dev->pdev) || | ||
492 | @@ -847,6 +847,10 @@ static void cmd_work_handler(struct work_struct *work) | ||
493 | MLX5_SET(mbox_out, ent->out, syndrome, drv_synd); | ||
494 | |||
495 | mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true); | ||
496 | + /* no doorbell, no need to keep the entry */ | ||
497 | + free_ent(cmd, ent->idx); | ||
498 | + if (ent->callback) | ||
499 | + free_cmd(ent); | ||
500 | return; | ||
501 | } | ||
502 | |||
503 | diff --git a/drivers/net/ethernet/moxa/moxart_ether.c b/drivers/net/ethernet/moxa/moxart_ether.c | ||
504 | index 0622fd03941b..6fe61d9343cb 100644 | ||
505 | --- a/drivers/net/ethernet/moxa/moxart_ether.c | ||
506 | +++ b/drivers/net/ethernet/moxa/moxart_ether.c | ||
507 | @@ -571,7 +571,7 @@ static int moxart_remove(struct platform_device *pdev) | ||
508 | struct net_device *ndev = platform_get_drvdata(pdev); | ||
509 | |||
510 | unregister_netdev(ndev); | ||
511 | - free_irq(ndev->irq, ndev); | ||
512 | + devm_free_irq(&pdev->dev, ndev->irq, ndev); | ||
513 | moxart_mac_free_memory(ndev); | ||
514 | free_netdev(ndev); | ||
515 | |||
516 | diff --git a/drivers/net/ethernet/natsemi/jazzsonic.c b/drivers/net/ethernet/natsemi/jazzsonic.c | ||
517 | index acf3f11e38cc..68d2f31921ff 100644 | ||
518 | --- a/drivers/net/ethernet/natsemi/jazzsonic.c | ||
519 | +++ b/drivers/net/ethernet/natsemi/jazzsonic.c | ||
520 | @@ -247,13 +247,15 @@ static int jazz_sonic_probe(struct platform_device *pdev) | ||
521 | goto out; | ||
522 | err = register_netdev(dev); | ||
523 | if (err) | ||
524 | - goto out1; | ||
525 | + goto undo_probe1; | ||
526 | |||
527 | printk("%s: MAC %pM IRQ %d\n", dev->name, dev->dev_addr, dev->irq); | ||
528 | |||
529 | return 0; | ||
530 | |||
531 | -out1: | ||
532 | +undo_probe1: | ||
533 | + dma_free_coherent(lp->device, SIZEOF_SONIC_DESC * SONIC_BUS_SCALE(lp->dma_bitmode), | ||
534 | + lp->descriptors, lp->descriptors_laddr); | ||
535 | release_mem_region(dev->base_addr, SONIC_MEM_SIZE); | ||
536 | out: | ||
537 | free_netdev(dev); | ||
538 | diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c | ||
539 | index 92ad43e53c72..35d8c636de12 100644 | ||
540 | --- a/drivers/net/geneve.c | ||
541 | +++ b/drivers/net/geneve.c | ||
542 | @@ -835,7 +835,9 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb, | ||
543 | return dst; | ||
544 | } | ||
545 | |||
546 | - if (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, &dst, fl6)) { | ||
547 | + dst = ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, fl6, | ||
548 | + NULL); | ||
549 | + if (IS_ERR(dst)) { | ||
550 | netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr); | ||
551 | return ERR_PTR(-ENETUNREACH); | ||
552 | } | ||
553 | diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c | ||
554 | index df2ee65a33e3..5defa29069ca 100644 | ||
555 | --- a/drivers/net/macsec.c | ||
556 | +++ b/drivers/net/macsec.c | ||
557 | @@ -1315,7 +1315,8 @@ static struct crypto_aead *macsec_alloc_tfm(char *key, int key_len, int icv_len) | ||
558 | struct crypto_aead *tfm; | ||
559 | int ret; | ||
560 | |||
561 | - tfm = crypto_alloc_aead("gcm(aes)", 0, 0); | ||
562 | + /* Pick a sync gcm(aes) cipher to ensure order is preserved. */ | ||
563 | + tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC); | ||
564 | |||
565 | if (IS_ERR(tfm)) | ||
566 | return tfm; | ||
567 | diff --git a/drivers/net/phy/dp83640.c b/drivers/net/phy/dp83640.c | ||
568 | index 557f6510bad7..7e94526de51c 100644 | ||
569 | --- a/drivers/net/phy/dp83640.c | ||
570 | +++ b/drivers/net/phy/dp83640.c | ||
571 | @@ -1108,7 +1108,7 @@ static struct dp83640_clock *dp83640_clock_get_bus(struct mii_bus *bus) | ||
572 | goto out; | ||
573 | } | ||
574 | dp83640_clock_init(clock, bus); | ||
575 | - list_add_tail(&phyter_clocks, &clock->list); | ||
576 | + list_add_tail(&clock->list, &phyter_clocks); | ||
577 | out: | ||
578 | mutex_unlock(&phyter_clocks_lock); | ||
579 | |||
580 | diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c | ||
581 | index adb38a4ec9ac..1704d9e2ca8d 100644 | ||
582 | --- a/drivers/net/phy/micrel.c | ||
583 | +++ b/drivers/net/phy/micrel.c | ||
584 | @@ -677,8 +677,8 @@ static void kszphy_get_strings(struct phy_device *phydev, u8 *data) | ||
585 | int i; | ||
586 | |||
587 | for (i = 0; i < ARRAY_SIZE(kszphy_hw_stats); i++) { | ||
588 | - memcpy(data + i * ETH_GSTRING_LEN, | ||
589 | - kszphy_hw_stats[i].string, ETH_GSTRING_LEN); | ||
590 | + strlcpy(data + i * ETH_GSTRING_LEN, | ||
591 | + kszphy_hw_stats[i].string, ETH_GSTRING_LEN); | ||
592 | } | ||
593 | } | ||
594 | |||
595 | diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c | ||
596 | index 97f6b8130db3..5755eec00d7f 100644 | ||
597 | --- a/drivers/net/usb/qmi_wwan.c | ||
598 | +++ b/drivers/net/usb/qmi_wwan.c | ||
599 | @@ -950,6 +950,7 @@ static const struct usb_device_id products[] = { | ||
600 | {QMI_FIXED_INTF(0x413c, 0x81b3, 8)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ | ||
601 | {QMI_FIXED_INTF(0x413c, 0x81b6, 8)}, /* Dell Wireless 5811e */ | ||
602 | {QMI_FIXED_INTF(0x413c, 0x81b6, 10)}, /* Dell Wireless 5811e */ | ||
603 | + {QMI_FIXED_INTF(0x413c, 0x81cc, 8)}, /* Dell Wireless 5816e */ | ||
604 | {QMI_FIXED_INTF(0x413c, 0x81d7, 0)}, /* Dell Wireless 5821e */ | ||
605 | {QMI_FIXED_INTF(0x413c, 0x81d7, 1)}, /* Dell Wireless 5821e preproduction config */ | ||
606 | {QMI_FIXED_INTF(0x413c, 0x81e0, 0)}, /* Dell Wireless 5821e with eSIM support*/ | ||
607 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c | ||
608 | index bc4542d9a08d..58ddb6c90418 100644 | ||
609 | --- a/drivers/net/vxlan.c | ||
610 | +++ b/drivers/net/vxlan.c | ||
611 | @@ -1881,7 +1881,6 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan, | ||
612 | bool use_cache = ip_tunnel_dst_cache_usable(skb, info); | ||
613 | struct dst_entry *ndst; | ||
614 | struct flowi6 fl6; | ||
615 | - int err; | ||
616 | |||
617 | if (!sock6) | ||
618 | return ERR_PTR(-EIO); | ||
619 | @@ -1902,11 +1901,10 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan, | ||
620 | fl6.flowi6_mark = skb->mark; | ||
621 | fl6.flowi6_proto = IPPROTO_UDP; | ||
622 | |||
623 | - err = ipv6_stub->ipv6_dst_lookup(vxlan->net, | ||
624 | - sock6->sock->sk, | ||
625 | - &ndst, &fl6); | ||
626 | - if (err < 0) | ||
627 | - return ERR_PTR(err); | ||
628 | + ndst = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk, | ||
629 | + &fl6, NULL); | ||
630 | + if (unlikely(IS_ERR(ndst))) | ||
631 | + return ERR_PTR(-ENETUNREACH); | ||
632 | |||
633 | *saddr = fl6.saddr; | ||
634 | if (use_cache) | ||
635 | diff --git a/drivers/pinctrl/intel/pinctrl-cherryview.c b/drivers/pinctrl/intel/pinctrl-cherryview.c | ||
636 | index e8c08eb97530..d1a99b2e2d4c 100644 | ||
637 | --- a/drivers/pinctrl/intel/pinctrl-cherryview.c | ||
638 | +++ b/drivers/pinctrl/intel/pinctrl-cherryview.c | ||
639 | @@ -1509,11 +1509,15 @@ static void chv_gpio_irq_handler(struct irq_desc *desc) | ||
640 | struct chv_pinctrl *pctrl = gpiochip_get_data(gc); | ||
641 | struct irq_chip *chip = irq_desc_get_chip(desc); | ||
642 | unsigned long pending; | ||
643 | + unsigned long flags; | ||
644 | u32 intr_line; | ||
645 | |||
646 | chained_irq_enter(chip, desc); | ||
647 | |||
648 | + raw_spin_lock_irqsave(&chv_lock, flags); | ||
649 | pending = readl(pctrl->regs + CHV_INTSTAT); | ||
650 | + raw_spin_unlock_irqrestore(&chv_lock, flags); | ||
651 | + | ||
652 | for_each_set_bit(intr_line, &pending, pctrl->community->nirqs) { | ||
653 | unsigned irq, offset; | ||
654 | |||
655 | diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c | ||
656 | index 2aa5b37cc6d2..bf1536f1c90b 100644 | ||
657 | --- a/drivers/ptp/ptp_clock.c | ||
658 | +++ b/drivers/ptp/ptp_clock.c | ||
659 | @@ -171,10 +171,11 @@ static struct posix_clock_operations ptp_clock_ops = { | ||
660 | .read = ptp_read, | ||
661 | }; | ||
662 | |||
663 | -static void delete_ptp_clock(struct posix_clock *pc) | ||
664 | +static void ptp_clock_release(struct device *dev) | ||
665 | { | ||
666 | - struct ptp_clock *ptp = container_of(pc, struct ptp_clock, clock); | ||
667 | + struct ptp_clock *ptp = container_of(dev, struct ptp_clock, dev); | ||
668 | |||
669 | + ptp_cleanup_pin_groups(ptp); | ||
670 | mutex_destroy(&ptp->tsevq_mux); | ||
671 | mutex_destroy(&ptp->pincfg_mux); | ||
672 | ida_simple_remove(&ptp_clocks_map, ptp->index); | ||
673 | @@ -205,7 +206,6 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, | ||
674 | } | ||
675 | |||
676 | ptp->clock.ops = ptp_clock_ops; | ||
677 | - ptp->clock.release = delete_ptp_clock; | ||
678 | ptp->info = info; | ||
679 | ptp->devid = MKDEV(major, index); | ||
680 | ptp->index = index; | ||
681 | @@ -214,17 +214,9 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, | ||
682 | mutex_init(&ptp->pincfg_mux); | ||
683 | init_waitqueue_head(&ptp->tsev_wq); | ||
684 | |||
685 | - /* Create a new device in our class. */ | ||
686 | - ptp->dev = device_create(ptp_class, parent, ptp->devid, ptp, | ||
687 | - "ptp%d", ptp->index); | ||
688 | - if (IS_ERR(ptp->dev)) | ||
689 | - goto no_device; | ||
690 | - | ||
691 | - dev_set_drvdata(ptp->dev, ptp); | ||
692 | - | ||
693 | - err = ptp_populate_sysfs(ptp); | ||
694 | + err = ptp_populate_pin_groups(ptp); | ||
695 | if (err) | ||
696 | - goto no_sysfs; | ||
697 | + goto no_pin_groups; | ||
698 | |||
699 | /* Register a new PPS source. */ | ||
700 | if (info->pps) { | ||
701 | @@ -235,13 +227,24 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, | ||
702 | pps.owner = info->owner; | ||
703 | ptp->pps_source = pps_register_source(&pps, PTP_PPS_DEFAULTS); | ||
704 | if (!ptp->pps_source) { | ||
705 | + err = -EINVAL; | ||
706 | pr_err("failed to register pps source\n"); | ||
707 | goto no_pps; | ||
708 | } | ||
709 | } | ||
710 | |||
711 | - /* Create a posix clock. */ | ||
712 | - err = posix_clock_register(&ptp->clock, ptp->devid); | ||
713 | + /* Initialize a new device of our class in our clock structure. */ | ||
714 | + device_initialize(&ptp->dev); | ||
715 | + ptp->dev.devt = ptp->devid; | ||
716 | + ptp->dev.class = ptp_class; | ||
717 | + ptp->dev.parent = parent; | ||
718 | + ptp->dev.groups = ptp->pin_attr_groups; | ||
719 | + ptp->dev.release = ptp_clock_release; | ||
720 | + dev_set_drvdata(&ptp->dev, ptp); | ||
721 | + dev_set_name(&ptp->dev, "ptp%d", ptp->index); | ||
722 | + | ||
723 | + /* Create a posix clock and link it to the device. */ | ||
724 | + err = posix_clock_register(&ptp->clock, &ptp->dev); | ||
725 | if (err) { | ||
726 | pr_err("failed to create posix clock\n"); | ||
727 | goto no_clock; | ||
728 | @@ -253,10 +256,8 @@ no_clock: | ||
729 | if (ptp->pps_source) | ||
730 | pps_unregister_source(ptp->pps_source); | ||
731 | no_pps: | ||
732 | - ptp_cleanup_sysfs(ptp); | ||
733 | -no_sysfs: | ||
734 | - device_destroy(ptp_class, ptp->devid); | ||
735 | -no_device: | ||
736 | + ptp_cleanup_pin_groups(ptp); | ||
737 | +no_pin_groups: | ||
738 | mutex_destroy(&ptp->tsevq_mux); | ||
739 | mutex_destroy(&ptp->pincfg_mux); | ||
740 | ida_simple_remove(&ptp_clocks_map, index); | ||
741 | @@ -275,10 +276,9 @@ int ptp_clock_unregister(struct ptp_clock *ptp) | ||
742 | /* Release the clock's resources. */ | ||
743 | if (ptp->pps_source) | ||
744 | pps_unregister_source(ptp->pps_source); | ||
745 | - ptp_cleanup_sysfs(ptp); | ||
746 | - device_destroy(ptp_class, ptp->devid); | ||
747 | |||
748 | posix_clock_unregister(&ptp->clock); | ||
749 | + | ||
750 | return 0; | ||
751 | } | ||
752 | EXPORT_SYMBOL(ptp_clock_unregister); | ||
753 | diff --git a/drivers/ptp/ptp_private.h b/drivers/ptp/ptp_private.h | ||
754 | index 9c5d41421b65..15346e840caa 100644 | ||
755 | --- a/drivers/ptp/ptp_private.h | ||
756 | +++ b/drivers/ptp/ptp_private.h | ||
757 | @@ -40,7 +40,7 @@ struct timestamp_event_queue { | ||
758 | |||
759 | struct ptp_clock { | ||
760 | struct posix_clock clock; | ||
761 | - struct device *dev; | ||
762 | + struct device dev; | ||
763 | struct ptp_clock_info *info; | ||
764 | dev_t devid; | ||
765 | int index; /* index into clocks.map */ | ||
766 | @@ -54,6 +54,8 @@ struct ptp_clock { | ||
767 | struct device_attribute *pin_dev_attr; | ||
768 | struct attribute **pin_attr; | ||
769 | struct attribute_group pin_attr_group; | ||
770 | + /* 1st entry is a pointer to the real group, 2nd is NULL terminator */ | ||
771 | + const struct attribute_group *pin_attr_groups[2]; | ||
772 | }; | ||
773 | |||
774 | /* | ||
775 | @@ -94,8 +96,7 @@ uint ptp_poll(struct posix_clock *pc, | ||
776 | |||
777 | extern const struct attribute_group *ptp_groups[]; | ||
778 | |||
779 | -int ptp_cleanup_sysfs(struct ptp_clock *ptp); | ||
780 | - | ||
781 | -int ptp_populate_sysfs(struct ptp_clock *ptp); | ||
782 | +int ptp_populate_pin_groups(struct ptp_clock *ptp); | ||
783 | +void ptp_cleanup_pin_groups(struct ptp_clock *ptp); | ||
784 | |||
785 | #endif | ||
786 | diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c | ||
787 | index 302e626fe6b0..731d0423c8aa 100644 | ||
788 | --- a/drivers/ptp/ptp_sysfs.c | ||
789 | +++ b/drivers/ptp/ptp_sysfs.c | ||
790 | @@ -46,27 +46,6 @@ PTP_SHOW_INT(n_periodic_outputs, n_per_out); | ||
791 | PTP_SHOW_INT(n_programmable_pins, n_pins); | ||
792 | PTP_SHOW_INT(pps_available, pps); | ||
793 | |||
794 | -static struct attribute *ptp_attrs[] = { | ||
795 | - &dev_attr_clock_name.attr, | ||
796 | - &dev_attr_max_adjustment.attr, | ||
797 | - &dev_attr_n_alarms.attr, | ||
798 | - &dev_attr_n_external_timestamps.attr, | ||
799 | - &dev_attr_n_periodic_outputs.attr, | ||
800 | - &dev_attr_n_programmable_pins.attr, | ||
801 | - &dev_attr_pps_available.attr, | ||
802 | - NULL, | ||
803 | -}; | ||
804 | - | ||
805 | -static const struct attribute_group ptp_group = { | ||
806 | - .attrs = ptp_attrs, | ||
807 | -}; | ||
808 | - | ||
809 | -const struct attribute_group *ptp_groups[] = { | ||
810 | - &ptp_group, | ||
811 | - NULL, | ||
812 | -}; | ||
813 | - | ||
814 | - | ||
815 | static ssize_t extts_enable_store(struct device *dev, | ||
816 | struct device_attribute *attr, | ||
817 | const char *buf, size_t count) | ||
818 | @@ -91,6 +70,7 @@ static ssize_t extts_enable_store(struct device *dev, | ||
819 | out: | ||
820 | return err; | ||
821 | } | ||
822 | +static DEVICE_ATTR(extts_enable, 0220, NULL, extts_enable_store); | ||
823 | |||
824 | static ssize_t extts_fifo_show(struct device *dev, | ||
825 | struct device_attribute *attr, char *page) | ||
826 | @@ -124,6 +104,7 @@ out: | ||
827 | mutex_unlock(&ptp->tsevq_mux); | ||
828 | return cnt; | ||
829 | } | ||
830 | +static DEVICE_ATTR(fifo, 0444, extts_fifo_show, NULL); | ||
831 | |||
832 | static ssize_t period_store(struct device *dev, | ||
833 | struct device_attribute *attr, | ||
834 | @@ -151,6 +132,7 @@ static ssize_t period_store(struct device *dev, | ||
835 | out: | ||
836 | return err; | ||
837 | } | ||
838 | +static DEVICE_ATTR(period, 0220, NULL, period_store); | ||
839 | |||
840 | static ssize_t pps_enable_store(struct device *dev, | ||
841 | struct device_attribute *attr, | ||
842 | @@ -177,6 +159,57 @@ static ssize_t pps_enable_store(struct device *dev, | ||
843 | out: | ||
844 | return err; | ||
845 | } | ||
846 | +static DEVICE_ATTR(pps_enable, 0220, NULL, pps_enable_store); | ||
847 | + | ||
848 | +static struct attribute *ptp_attrs[] = { | ||
849 | + &dev_attr_clock_name.attr, | ||
850 | + | ||
851 | + &dev_attr_max_adjustment.attr, | ||
852 | + &dev_attr_n_alarms.attr, | ||
853 | + &dev_attr_n_external_timestamps.attr, | ||
854 | + &dev_attr_n_periodic_outputs.attr, | ||
855 | + &dev_attr_n_programmable_pins.attr, | ||
856 | + &dev_attr_pps_available.attr, | ||
857 | + | ||
858 | + &dev_attr_extts_enable.attr, | ||
859 | + &dev_attr_fifo.attr, | ||
860 | + &dev_attr_period.attr, | ||
861 | + &dev_attr_pps_enable.attr, | ||
862 | + NULL | ||
863 | +}; | ||
864 | + | ||
865 | +static umode_t ptp_is_attribute_visible(struct kobject *kobj, | ||
866 | + struct attribute *attr, int n) | ||
867 | +{ | ||
868 | + struct device *dev = kobj_to_dev(kobj); | ||
869 | + struct ptp_clock *ptp = dev_get_drvdata(dev); | ||
870 | + struct ptp_clock_info *info = ptp->info; | ||
871 | + umode_t mode = attr->mode; | ||
872 | + | ||
873 | + if (attr == &dev_attr_extts_enable.attr || | ||
874 | + attr == &dev_attr_fifo.attr) { | ||
875 | + if (!info->n_ext_ts) | ||
876 | + mode = 0; | ||
877 | + } else if (attr == &dev_attr_period.attr) { | ||
878 | + if (!info->n_per_out) | ||
879 | + mode = 0; | ||
880 | + } else if (attr == &dev_attr_pps_enable.attr) { | ||
881 | + if (!info->pps) | ||
882 | + mode = 0; | ||
883 | + } | ||
884 | + | ||
885 | + return mode; | ||
886 | +} | ||
887 | + | ||
888 | +static const struct attribute_group ptp_group = { | ||
889 | + .is_visible = ptp_is_attribute_visible, | ||
890 | + .attrs = ptp_attrs, | ||
891 | +}; | ||
892 | + | ||
893 | +const struct attribute_group *ptp_groups[] = { | ||
894 | + &ptp_group, | ||
895 | + NULL | ||
896 | +}; | ||
897 | |||
898 | static int ptp_pin_name2index(struct ptp_clock *ptp, const char *name) | ||
899 | { | ||
900 | @@ -235,40 +268,14 @@ static ssize_t ptp_pin_store(struct device *dev, struct device_attribute *attr, | ||
901 | return count; | ||
902 | } | ||
903 | |||
904 | -static DEVICE_ATTR(extts_enable, 0220, NULL, extts_enable_store); | ||
905 | -static DEVICE_ATTR(fifo, 0444, extts_fifo_show, NULL); | ||
906 | -static DEVICE_ATTR(period, 0220, NULL, period_store); | ||
907 | -static DEVICE_ATTR(pps_enable, 0220, NULL, pps_enable_store); | ||
908 | - | ||
909 | -int ptp_cleanup_sysfs(struct ptp_clock *ptp) | ||
910 | +int ptp_populate_pin_groups(struct ptp_clock *ptp) | ||
911 | { | ||
912 | - struct device *dev = ptp->dev; | ||
913 | - struct ptp_clock_info *info = ptp->info; | ||
914 | - | ||
915 | - if (info->n_ext_ts) { | ||
916 | - device_remove_file(dev, &dev_attr_extts_enable); | ||
917 | - device_remove_file(dev, &dev_attr_fifo); | ||
918 | - } | ||
919 | - if (info->n_per_out) | ||
920 | - device_remove_file(dev, &dev_attr_period); | ||
921 | - | ||
922 | - if (info->pps) | ||
923 | - device_remove_file(dev, &dev_attr_pps_enable); | ||
924 | - | ||
925 | - if (info->n_pins) { | ||
926 | - sysfs_remove_group(&dev->kobj, &ptp->pin_attr_group); | ||
927 | - kfree(ptp->pin_attr); | ||
928 | - kfree(ptp->pin_dev_attr); | ||
929 | - } | ||
930 | - return 0; | ||
931 | -} | ||
932 | - | ||
933 | -static int ptp_populate_pins(struct ptp_clock *ptp) | ||
934 | -{ | ||
935 | - struct device *dev = ptp->dev; | ||
936 | struct ptp_clock_info *info = ptp->info; | ||
937 | int err = -ENOMEM, i, n_pins = info->n_pins; | ||
938 | |||
939 | + if (!n_pins) | ||
940 | + return 0; | ||
941 | + | ||
942 | ptp->pin_dev_attr = kzalloc(n_pins * sizeof(*ptp->pin_dev_attr), | ||
943 | GFP_KERNEL); | ||
944 | if (!ptp->pin_dev_attr) | ||
945 | @@ -292,61 +299,18 @@ static int ptp_populate_pins(struct ptp_clock *ptp) | ||
946 | ptp->pin_attr_group.name = "pins"; | ||
947 | ptp->pin_attr_group.attrs = ptp->pin_attr; | ||
948 | |||
949 | - err = sysfs_create_group(&dev->kobj, &ptp->pin_attr_group); | ||
950 | - if (err) | ||
951 | - goto no_group; | ||
952 | + ptp->pin_attr_groups[0] = &ptp->pin_attr_group; | ||
953 | + | ||
954 | return 0; | ||
955 | |||
956 | -no_group: | ||
957 | - kfree(ptp->pin_attr); | ||
958 | no_pin_attr: | ||
959 | kfree(ptp->pin_dev_attr); | ||
960 | no_dev_attr: | ||
961 | return err; | ||
962 | } | ||
963 | |||
964 | -int ptp_populate_sysfs(struct ptp_clock *ptp) | ||
965 | +void ptp_cleanup_pin_groups(struct ptp_clock *ptp) | ||
966 | { | ||
967 | - struct device *dev = ptp->dev; | ||
968 | - struct ptp_clock_info *info = ptp->info; | ||
969 | - int err; | ||
970 | - | ||
971 | - if (info->n_ext_ts) { | ||
972 | - err = device_create_file(dev, &dev_attr_extts_enable); | ||
973 | - if (err) | ||
974 | - goto out1; | ||
975 | - err = device_create_file(dev, &dev_attr_fifo); | ||
976 | - if (err) | ||
977 | - goto out2; | ||
978 | - } | ||
979 | - if (info->n_per_out) { | ||
980 | - err = device_create_file(dev, &dev_attr_period); | ||
981 | - if (err) | ||
982 | - goto out3; | ||
983 | - } | ||
984 | - if (info->pps) { | ||
985 | - err = device_create_file(dev, &dev_attr_pps_enable); | ||
986 | - if (err) | ||
987 | - goto out4; | ||
988 | - } | ||
989 | - if (info->n_pins) { | ||
990 | - err = ptp_populate_pins(ptp); | ||
991 | - if (err) | ||
992 | - goto out5; | ||
993 | - } | ||
994 | - return 0; | ||
995 | -out5: | ||
996 | - if (info->pps) | ||
997 | - device_remove_file(dev, &dev_attr_pps_enable); | ||
998 | -out4: | ||
999 | - if (info->n_per_out) | ||
1000 | - device_remove_file(dev, &dev_attr_period); | ||
1001 | -out3: | ||
1002 | - if (info->n_ext_ts) | ||
1003 | - device_remove_file(dev, &dev_attr_fifo); | ||
1004 | -out2: | ||
1005 | - if (info->n_ext_ts) | ||
1006 | - device_remove_file(dev, &dev_attr_extts_enable); | ||
1007 | -out1: | ||
1008 | - return err; | ||
1009 | + kfree(ptp->pin_attr); | ||
1010 | + kfree(ptp->pin_dev_attr); | ||
1011 | } | ||
1012 | diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c | ||
1013 | index c924df5538dd..417927b279b6 100644 | ||
1014 | --- a/drivers/scsi/sg.c | ||
1015 | +++ b/drivers/scsi/sg.c | ||
1016 | @@ -695,8 +695,10 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) | ||
1017 | hp->flags = input_size; /* structure abuse ... */ | ||
1018 | hp->pack_id = old_hdr.pack_id; | ||
1019 | hp->usr_ptr = NULL; | ||
1020 | - if (__copy_from_user(cmnd, buf, cmd_size)) | ||
1021 | + if (__copy_from_user(cmnd, buf, cmd_size)) { | ||
1022 | + sg_remove_request(sfp, srp); | ||
1023 | return -EFAULT; | ||
1024 | + } | ||
1025 | /* | ||
1026 | * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV, | ||
1027 | * but is is possible that the app intended SG_DXFER_TO_DEV, because there | ||
1028 | diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c | ||
1029 | index c4226c07e091..16f0def9df82 100644 | ||
1030 | --- a/drivers/spi/spi-dw.c | ||
1031 | +++ b/drivers/spi/spi-dw.c | ||
1032 | @@ -180,9 +180,11 @@ static inline u32 rx_max(struct dw_spi *dws) | ||
1033 | |||
1034 | static void dw_writer(struct dw_spi *dws) | ||
1035 | { | ||
1036 | - u32 max = tx_max(dws); | ||
1037 | + u32 max; | ||
1038 | u16 txw = 0; | ||
1039 | |||
1040 | + spin_lock(&dws->buf_lock); | ||
1041 | + max = tx_max(dws); | ||
1042 | while (max--) { | ||
1043 | /* Set the tx word if the transfer's original "tx" is not null */ | ||
1044 | if (dws->tx_end - dws->len) { | ||
1045 | @@ -194,13 +196,16 @@ static void dw_writer(struct dw_spi *dws) | ||
1046 | dw_write_io_reg(dws, DW_SPI_DR, txw); | ||
1047 | dws->tx += dws->n_bytes; | ||
1048 | } | ||
1049 | + spin_unlock(&dws->buf_lock); | ||
1050 | } | ||
1051 | |||
1052 | static void dw_reader(struct dw_spi *dws) | ||
1053 | { | ||
1054 | - u32 max = rx_max(dws); | ||
1055 | + u32 max; | ||
1056 | u16 rxw; | ||
1057 | |||
1058 | + spin_lock(&dws->buf_lock); | ||
1059 | + max = rx_max(dws); | ||
1060 | while (max--) { | ||
1061 | rxw = dw_read_io_reg(dws, DW_SPI_DR); | ||
1062 | /* Care rx only if the transfer's original "rx" is not null */ | ||
1063 | @@ -212,6 +217,7 @@ static void dw_reader(struct dw_spi *dws) | ||
1064 | } | ||
1065 | dws->rx += dws->n_bytes; | ||
1066 | } | ||
1067 | + spin_unlock(&dws->buf_lock); | ||
1068 | } | ||
1069 | |||
1070 | static void int_error_stop(struct dw_spi *dws, const char *msg) | ||
1071 | @@ -284,18 +290,20 @@ static int dw_spi_transfer_one(struct spi_master *master, | ||
1072 | { | ||
1073 | struct dw_spi *dws = spi_master_get_devdata(master); | ||
1074 | struct chip_data *chip = spi_get_ctldata(spi); | ||
1075 | + unsigned long flags; | ||
1076 | u8 imask = 0; | ||
1077 | u16 txlevel = 0; | ||
1078 | u32 cr0; | ||
1079 | int ret; | ||
1080 | |||
1081 | dws->dma_mapped = 0; | ||
1082 | - | ||
1083 | + spin_lock_irqsave(&dws->buf_lock, flags); | ||
1084 | dws->tx = (void *)transfer->tx_buf; | ||
1085 | dws->tx_end = dws->tx + transfer->len; | ||
1086 | dws->rx = transfer->rx_buf; | ||
1087 | dws->rx_end = dws->rx + transfer->len; | ||
1088 | dws->len = transfer->len; | ||
1089 | + spin_unlock_irqrestore(&dws->buf_lock, flags); | ||
1090 | |||
1091 | spi_enable_chip(dws, 0); | ||
1092 | |||
1093 | @@ -487,6 +495,7 @@ int dw_spi_add_host(struct device *dev, struct dw_spi *dws) | ||
1094 | dws->dma_inited = 0; | ||
1095 | dws->dma_addr = (dma_addr_t)(dws->paddr + DW_SPI_DR); | ||
1096 | snprintf(dws->name, sizeof(dws->name), "dw_spi%d", dws->bus_num); | ||
1097 | + spin_lock_init(&dws->buf_lock); | ||
1098 | |||
1099 | ret = request_irq(dws->irq, dw_spi_irq, IRQF_SHARED, dws->name, master); | ||
1100 | if (ret < 0) { | ||
1101 | diff --git a/drivers/spi/spi-dw.h b/drivers/spi/spi-dw.h | ||
1102 | index c21ca02f8ec5..e80338e6ffa2 100644 | ||
1103 | --- a/drivers/spi/spi-dw.h | ||
1104 | +++ b/drivers/spi/spi-dw.h | ||
1105 | @@ -117,6 +117,7 @@ struct dw_spi { | ||
1106 | size_t len; | ||
1107 | void *tx; | ||
1108 | void *tx_end; | ||
1109 | + spinlock_t buf_lock; | ||
1110 | void *rx; | ||
1111 | void *rx_end; | ||
1112 | int dma_mapped; | ||
1113 | diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c | ||
1114 | index 3f1662b64bab..6420cae820bc 100644 | ||
1115 | --- a/drivers/usb/gadget/configfs.c | ||
1116 | +++ b/drivers/usb/gadget/configfs.c | ||
1117 | @@ -259,6 +259,9 @@ static ssize_t gadget_dev_desc_UDC_store(struct config_item *item, | ||
1118 | char *name; | ||
1119 | int ret; | ||
1120 | |||
1121 | + if (strlen(page) < len) | ||
1122 | + return -EOVERFLOW; | ||
1123 | + | ||
1124 | name = kstrdup(page, GFP_KERNEL); | ||
1125 | if (!name) | ||
1126 | return -ENOMEM; | ||
1127 | diff --git a/drivers/usb/gadget/legacy/audio.c b/drivers/usb/gadget/legacy/audio.c | ||
1128 | index 5d7b3c6a422b..f61936b8baaf 100644 | ||
1129 | --- a/drivers/usb/gadget/legacy/audio.c | ||
1130 | +++ b/drivers/usb/gadget/legacy/audio.c | ||
1131 | @@ -249,8 +249,10 @@ static int audio_bind(struct usb_composite_dev *cdev) | ||
1132 | struct usb_descriptor_header *usb_desc; | ||
1133 | |||
1134 | usb_desc = usb_otg_descriptor_alloc(cdev->gadget); | ||
1135 | - if (!usb_desc) | ||
1136 | + if (!usb_desc) { | ||
1137 | + status = -ENOMEM; | ||
1138 | goto fail; | ||
1139 | + } | ||
1140 | usb_otg_descriptor_init(cdev->gadget, usb_desc); | ||
1141 | otg_desc[0] = usb_desc; | ||
1142 | otg_desc[1] = NULL; | ||
1143 | diff --git a/drivers/usb/gadget/legacy/cdc2.c b/drivers/usb/gadget/legacy/cdc2.c | ||
1144 | index 5ee25beb52f0..dc83e07bb242 100644 | ||
1145 | --- a/drivers/usb/gadget/legacy/cdc2.c | ||
1146 | +++ b/drivers/usb/gadget/legacy/cdc2.c | ||
1147 | @@ -183,8 +183,10 @@ static int cdc_bind(struct usb_composite_dev *cdev) | ||
1148 | struct usb_descriptor_header *usb_desc; | ||
1149 | |||
1150 | usb_desc = usb_otg_descriptor_alloc(gadget); | ||
1151 | - if (!usb_desc) | ||
1152 | + if (!usb_desc) { | ||
1153 | + status = -ENOMEM; | ||
1154 | goto fail1; | ||
1155 | + } | ||
1156 | usb_otg_descriptor_init(gadget, usb_desc); | ||
1157 | otg_desc[0] = usb_desc; | ||
1158 | otg_desc[1] = NULL; | ||
1159 | diff --git a/drivers/usb/gadget/legacy/ncm.c b/drivers/usb/gadget/legacy/ncm.c | ||
1160 | index 2fb4a847dd52..5448cf4ff588 100644 | ||
1161 | --- a/drivers/usb/gadget/legacy/ncm.c | ||
1162 | +++ b/drivers/usb/gadget/legacy/ncm.c | ||
1163 | @@ -162,8 +162,10 @@ static int gncm_bind(struct usb_composite_dev *cdev) | ||
1164 | struct usb_descriptor_header *usb_desc; | ||
1165 | |||
1166 | usb_desc = usb_otg_descriptor_alloc(gadget); | ||
1167 | - if (!usb_desc) | ||
1168 | + if (!usb_desc) { | ||
1169 | + status = -ENOMEM; | ||
1170 | goto fail; | ||
1171 | + } | ||
1172 | usb_otg_descriptor_init(gadget, usb_desc); | ||
1173 | otg_desc[0] = usb_desc; | ||
1174 | otg_desc[1] = NULL; | ||
1175 | diff --git a/drivers/usb/gadget/udc/net2272.c b/drivers/usb/gadget/udc/net2272.c | ||
1176 | index f57d293a1791..4b6797797141 100644 | ||
1177 | --- a/drivers/usb/gadget/udc/net2272.c | ||
1178 | +++ b/drivers/usb/gadget/udc/net2272.c | ||
1179 | @@ -2666,6 +2666,8 @@ net2272_plat_probe(struct platform_device *pdev) | ||
1180 | err_req: | ||
1181 | release_mem_region(base, len); | ||
1182 | err: | ||
1183 | + kfree(dev); | ||
1184 | + | ||
1185 | return ret; | ||
1186 | } | ||
1187 | |||
1188 | diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c | ||
1189 | index b426c83ecb9b..1468dca77fac 100644 | ||
1190 | --- a/drivers/usb/host/xhci-ring.c | ||
1191 | +++ b/drivers/usb/host/xhci-ring.c | ||
1192 | @@ -3347,8 +3347,8 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, | ||
1193 | /* New sg entry */ | ||
1194 | --num_sgs; | ||
1195 | sent_len -= block_len; | ||
1196 | - if (num_sgs != 0) { | ||
1197 | - sg = sg_next(sg); | ||
1198 | + sg = sg_next(sg); | ||
1199 | + if (num_sgs != 0 && sg) { | ||
1200 | block_len = sg_dma_len(sg); | ||
1201 | addr = (u64) sg_dma_address(sg); | ||
1202 | addr += sent_len; | ||
1203 | diff --git a/drivers/usb/serial/garmin_gps.c b/drivers/usb/serial/garmin_gps.c | ||
1204 | index 91e7e3a166a5..c67a17faaa3c 100644 | ||
1205 | --- a/drivers/usb/serial/garmin_gps.c | ||
1206 | +++ b/drivers/usb/serial/garmin_gps.c | ||
1207 | @@ -1161,8 +1161,8 @@ static void garmin_read_process(struct garmin_data *garmin_data_p, | ||
1208 | send it directly to the tty port */ | ||
1209 | if (garmin_data_p->flags & FLAGS_QUEUING) { | ||
1210 | pkt_add(garmin_data_p, data, data_length); | ||
1211 | - } else if (bulk_data || | ||
1212 | - getLayerId(data) == GARMIN_LAYERID_APPL) { | ||
1213 | + } else if (bulk_data || (data_length >= sizeof(u32) && | ||
1214 | + getLayerId(data) == GARMIN_LAYERID_APPL)) { | ||
1215 | |||
1216 | spin_lock_irqsave(&garmin_data_p->lock, flags); | ||
1217 | garmin_data_p->flags |= APP_RESP_SEEN; | ||
1218 | diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c | ||
1219 | index fb6dc16c754a..06916ddc3159 100644 | ||
1220 | --- a/drivers/usb/serial/qcserial.c | ||
1221 | +++ b/drivers/usb/serial/qcserial.c | ||
1222 | @@ -177,6 +177,7 @@ static const struct usb_device_id id_table[] = { | ||
1223 | {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ | ||
1224 | {DEVICE_SWI(0x413c, 0x81b5)}, /* Dell Wireless 5811e QDL */ | ||
1225 | {DEVICE_SWI(0x413c, 0x81b6)}, /* Dell Wireless 5811e QDL */ | ||
1226 | + {DEVICE_SWI(0x413c, 0x81cc)}, /* Dell Wireless 5816e */ | ||
1227 | {DEVICE_SWI(0x413c, 0x81cf)}, /* Dell Wireless 5819 */ | ||
1228 | {DEVICE_SWI(0x413c, 0x81d0)}, /* Dell Wireless 5819 */ | ||
1229 | {DEVICE_SWI(0x413c, 0x81d1)}, /* Dell Wireless 5818 */ | ||
1230 | diff --git a/drivers/usb/storage/unusual_uas.h b/drivers/usb/storage/unusual_uas.h | ||
1231 | index 0eb8c67ee138..4df15faa66d7 100644 | ||
1232 | --- a/drivers/usb/storage/unusual_uas.h | ||
1233 | +++ b/drivers/usb/storage/unusual_uas.h | ||
1234 | @@ -41,6 +41,13 @@ | ||
1235 | * and don't forget to CC: the USB development list <linux-usb@vger.kernel.org> | ||
1236 | */ | ||
1237 | |||
1238 | +/* Reported-by: Julian Groß <julian.g@posteo.de> */ | ||
1239 | +UNUSUAL_DEV(0x059f, 0x105f, 0x0000, 0x9999, | ||
1240 | + "LaCie", | ||
1241 | + "2Big Quadra USB3", | ||
1242 | + USB_SC_DEVICE, USB_PR_DEVICE, NULL, | ||
1243 | + US_FL_NO_REPORT_OPCODES), | ||
1244 | + | ||
1245 | /* | ||
1246 | * Apricorn USB3 dongle sometimes returns "USBSUSBSUSBS" in response to SCSI | ||
1247 | * commands in UAS mode. Observed with the 1.28 firmware; are there others? | ||
1248 | diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c | ||
1249 | index e7e25a86bbff..e78553d51837 100644 | ||
1250 | --- a/fs/binfmt_elf.c | ||
1251 | +++ b/fs/binfmt_elf.c | ||
1252 | @@ -1100,6 +1100,18 @@ static int load_elf_binary(struct linux_binprm *bprm) | ||
1253 | current->mm->start_stack = bprm->p; | ||
1254 | |||
1255 | if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) { | ||
1256 | + /* | ||
1257 | + * For architectures with ELF randomization, when executing | ||
1258 | + * a loader directly (i.e. no interpreter listed in ELF | ||
1259 | + * headers), move the brk area out of the mmap region | ||
1260 | + * (since it grows up, and may collide early with the stack | ||
1261 | + * growing down), and into the unused ELF_ET_DYN_BASE region. | ||
1262 | + */ | ||
1263 | + if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && | ||
1264 | + loc->elf_ex.e_type == ET_DYN && !interpreter) | ||
1265 | + current->mm->brk = current->mm->start_brk = | ||
1266 | + ELF_ET_DYN_BASE; | ||
1267 | + | ||
1268 | current->mm->brk = current->mm->start_brk = | ||
1269 | arch_randomize_brk(current->mm); | ||
1270 | #ifdef compat_brk_randomized | ||
1271 | diff --git a/fs/char_dev.c b/fs/char_dev.c | ||
1272 | index 23e0477edf7d..1bbb966c0783 100644 | ||
1273 | --- a/fs/char_dev.c | ||
1274 | +++ b/fs/char_dev.c | ||
1275 | @@ -477,6 +477,85 @@ int cdev_add(struct cdev *p, dev_t dev, unsigned count) | ||
1276 | return 0; | ||
1277 | } | ||
1278 | |||
1279 | +/** | ||
1280 | + * cdev_set_parent() - set the parent kobject for a char device | ||
1281 | + * @p: the cdev structure | ||
1282 | + * @kobj: the kobject to take a reference to | ||
1283 | + * | ||
1284 | + * cdev_set_parent() sets a parent kobject which will be referenced | ||
1285 | + * appropriately so the parent is not freed before the cdev. This | ||
1286 | + * should be called before cdev_add. | ||
1287 | + */ | ||
1288 | +void cdev_set_parent(struct cdev *p, struct kobject *kobj) | ||
1289 | +{ | ||
1290 | + WARN_ON(!kobj->state_initialized); | ||
1291 | + p->kobj.parent = kobj; | ||
1292 | +} | ||
1293 | + | ||
1294 | +/** | ||
1295 | + * cdev_device_add() - add a char device and it's corresponding | ||
1296 | + * struct device, linkink | ||
1297 | + * @dev: the device structure | ||
1298 | + * @cdev: the cdev structure | ||
1299 | + * | ||
1300 | + * cdev_device_add() adds the char device represented by @cdev to the system, | ||
1301 | + * just as cdev_add does. It then adds @dev to the system using device_add | ||
1302 | + * The dev_t for the char device will be taken from the struct device which | ||
1303 | + * needs to be initialized first. This helper function correctly takes a | ||
1304 | + * reference to the parent device so the parent will not get released until | ||
1305 | + * all references to the cdev are released. | ||
1306 | + * | ||
1307 | + * This helper uses dev->devt for the device number. If it is not set | ||
1308 | + * it will not add the cdev and it will be equivalent to device_add. | ||
1309 | + * | ||
1310 | + * This function should be used whenever the struct cdev and the | ||
1311 | + * struct device are members of the same structure whose lifetime is | ||
1312 | + * managed by the struct device. | ||
1313 | + * | ||
1314 | + * NOTE: Callers must assume that userspace was able to open the cdev and | ||
1315 | + * can call cdev fops callbacks at any time, even if this function fails. | ||
1316 | + */ | ||
1317 | +int cdev_device_add(struct cdev *cdev, struct device *dev) | ||
1318 | +{ | ||
1319 | + int rc = 0; | ||
1320 | + | ||
1321 | + if (dev->devt) { | ||
1322 | + cdev_set_parent(cdev, &dev->kobj); | ||
1323 | + | ||
1324 | + rc = cdev_add(cdev, dev->devt, 1); | ||
1325 | + if (rc) | ||
1326 | + return rc; | ||
1327 | + } | ||
1328 | + | ||
1329 | + rc = device_add(dev); | ||
1330 | + if (rc) | ||
1331 | + cdev_del(cdev); | ||
1332 | + | ||
1333 | + return rc; | ||
1334 | +} | ||
1335 | + | ||
1336 | +/** | ||
1337 | + * cdev_device_del() - inverse of cdev_device_add | ||
1338 | + * @dev: the device structure | ||
1339 | + * @cdev: the cdev structure | ||
1340 | + * | ||
1341 | + * cdev_device_del() is a helper function to call cdev_del and device_del. | ||
1342 | + * It should be used whenever cdev_device_add is used. | ||
1343 | + * | ||
1344 | + * If dev->devt is not set it will not remove the cdev and will be equivalent | ||
1345 | + * to device_del. | ||
1346 | + * | ||
1347 | + * NOTE: This guarantees that associated sysfs callbacks are not running | ||
1348 | + * or runnable, however any cdevs already open will remain and their fops | ||
1349 | + * will still be callable even after this function returns. | ||
1350 | + */ | ||
1351 | +void cdev_device_del(struct cdev *cdev, struct device *dev) | ||
1352 | +{ | ||
1353 | + device_del(dev); | ||
1354 | + if (dev->devt) | ||
1355 | + cdev_del(cdev); | ||
1356 | +} | ||
1357 | + | ||
1358 | static void cdev_unmap(dev_t dev, unsigned count) | ||
1359 | { | ||
1360 | kobj_unmap(cdev_map, dev, count); | ||
1361 | @@ -488,6 +567,10 @@ static void cdev_unmap(dev_t dev, unsigned count) | ||
1362 | * | ||
1363 | * cdev_del() removes @p from the system, possibly freeing the structure | ||
1364 | * itself. | ||
1365 | + * | ||
1366 | + * NOTE: This guarantees that cdev device will no longer be able to be | ||
1367 | + * opened, however any cdevs already open will remain and their fops will | ||
1368 | + * still be callable even after cdev_del returns. | ||
1369 | */ | ||
1370 | void cdev_del(struct cdev *p) | ||
1371 | { | ||
1372 | @@ -576,5 +659,8 @@ EXPORT_SYMBOL(cdev_init); | ||
1373 | EXPORT_SYMBOL(cdev_alloc); | ||
1374 | EXPORT_SYMBOL(cdev_del); | ||
1375 | EXPORT_SYMBOL(cdev_add); | ||
1376 | +EXPORT_SYMBOL(cdev_set_parent); | ||
1377 | +EXPORT_SYMBOL(cdev_device_add); | ||
1378 | +EXPORT_SYMBOL(cdev_device_del); | ||
1379 | EXPORT_SYMBOL(__register_chrdev); | ||
1380 | EXPORT_SYMBOL(__unregister_chrdev); | ||
1381 | diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c | ||
1382 | index 741b83c59a30..568abcd6d0dd 100644 | ||
1383 | --- a/fs/cifs/cifssmb.c | ||
1384 | +++ b/fs/cifs/cifssmb.c | ||
1385 | @@ -184,6 +184,18 @@ cifs_reconnect_tcon(struct cifs_tcon *tcon, int smb_command) | ||
1386 | * reconnect the same SMB session | ||
1387 | */ | ||
1388 | mutex_lock(&ses->session_mutex); | ||
1389 | + | ||
1390 | + /* | ||
1391 | + * Recheck after acquire mutex. If another thread is negotiating | ||
1392 | + * and the server never sends an answer the socket will be closed | ||
1393 | + * and tcpStatus set to reconnect. | ||
1394 | + */ | ||
1395 | + if (server->tcpStatus == CifsNeedReconnect) { | ||
1396 | + rc = -EHOSTDOWN; | ||
1397 | + mutex_unlock(&ses->session_mutex); | ||
1398 | + goto out; | ||
1399 | + } | ||
1400 | + | ||
1401 | rc = cifs_negotiate_protocol(0, ses); | ||
1402 | if (rc == 0 && ses->need_reconnect) | ||
1403 | rc = cifs_setup_session(0, ses, nls_codepage); | ||
1404 | diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c | ||
1405 | index c018d161735c..3545b237187a 100644 | ||
1406 | --- a/fs/cifs/connect.c | ||
1407 | +++ b/fs/cifs/connect.c | ||
1408 | @@ -551,20 +551,21 @@ static bool | ||
1409 | server_unresponsive(struct TCP_Server_Info *server) | ||
1410 | { | ||
1411 | /* | ||
1412 | - * We need to wait 2 echo intervals to make sure we handle such | ||
1413 | + * We need to wait 3 echo intervals to make sure we handle such | ||
1414 | * situations right: | ||
1415 | * 1s client sends a normal SMB request | ||
1416 | - * 2s client gets a response | ||
1417 | + * 3s client gets a response | ||
1418 | * 30s echo workqueue job pops, and decides we got a response recently | ||
1419 | * and don't need to send another | ||
1420 | * ... | ||
1421 | * 65s kernel_recvmsg times out, and we see that we haven't gotten | ||
1422 | * a response in >60s. | ||
1423 | */ | ||
1424 | - if (server->tcpStatus == CifsGood && | ||
1425 | - time_after(jiffies, server->lstrp + 2 * server->echo_interval)) { | ||
1426 | + if ((server->tcpStatus == CifsGood || | ||
1427 | + server->tcpStatus == CifsNeedNegotiate) && | ||
1428 | + time_after(jiffies, server->lstrp + 3 * server->echo_interval)) { | ||
1429 | cifs_dbg(VFS, "Server %s has not responded in %lu seconds. Reconnecting...\n", | ||
1430 | - server->hostname, (2 * server->echo_interval) / HZ); | ||
1431 | + server->hostname, (3 * server->echo_interval) / HZ); | ||
1432 | cifs_reconnect(server); | ||
1433 | wake_up(&server->response_q); | ||
1434 | return true; | ||
1435 | diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c | ||
1436 | index e8dc28dbe563..0a23b6002ff1 100644 | ||
1437 | --- a/fs/cifs/smb2pdu.c | ||
1438 | +++ b/fs/cifs/smb2pdu.c | ||
1439 | @@ -246,6 +246,18 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon) | ||
1440 | * the same SMB session | ||
1441 | */ | ||
1442 | mutex_lock(&tcon->ses->session_mutex); | ||
1443 | + | ||
1444 | + /* | ||
1445 | + * Recheck after acquire mutex. If another thread is negotiating | ||
1446 | + * and the server never sends an answer the socket will be closed | ||
1447 | + * and tcpStatus set to reconnect. | ||
1448 | + */ | ||
1449 | + if (server->tcpStatus == CifsNeedReconnect) { | ||
1450 | + rc = -EHOSTDOWN; | ||
1451 | + mutex_unlock(&tcon->ses->session_mutex); | ||
1452 | + goto out; | ||
1453 | + } | ||
1454 | + | ||
1455 | rc = cifs_negotiate_protocol(0, tcon->ses); | ||
1456 | if (!rc && tcon->ses->need_reconnect) { | ||
1457 | rc = cifs_setup_session(0, tcon->ses, nls_codepage); | ||
1458 | diff --git a/fs/exec.c b/fs/exec.c | ||
1459 | index bb03b98fd03b..cd5da140f94c 100644 | ||
1460 | --- a/fs/exec.c | ||
1461 | +++ b/fs/exec.c | ||
1462 | @@ -1270,6 +1270,8 @@ int flush_old_exec(struct linux_binprm * bprm) | ||
1463 | */ | ||
1464 | set_mm_exe_file(bprm->mm, bprm->file); | ||
1465 | |||
1466 | + would_dump(bprm, bprm->file); | ||
1467 | + | ||
1468 | /* | ||
1469 | * Release all of the old mmap stuff | ||
1470 | */ | ||
1471 | @@ -1780,8 +1782,6 @@ static int do_execveat_common(int fd, struct filename *filename, | ||
1472 | if (retval < 0) | ||
1473 | goto out; | ||
1474 | |||
1475 | - would_dump(bprm, bprm->file); | ||
1476 | - | ||
1477 | retval = exec_binprm(bprm); | ||
1478 | if (retval < 0) | ||
1479 | goto out; | ||
1480 | diff --git a/fs/ext4/block_validity.c b/fs/ext4/block_validity.c | ||
1481 | index d31d93ee5e76..45c7b0f9a8e3 100644 | ||
1482 | --- a/fs/ext4/block_validity.c | ||
1483 | +++ b/fs/ext4/block_validity.c | ||
1484 | @@ -152,6 +152,7 @@ static int ext4_protect_reserved_inode(struct super_block *sb, u32 ino) | ||
1485 | return PTR_ERR(inode); | ||
1486 | num = (inode->i_size + sb->s_blocksize - 1) >> sb->s_blocksize_bits; | ||
1487 | while (i < num) { | ||
1488 | + cond_resched(); | ||
1489 | map.m_lblk = i; | ||
1490 | map.m_len = num - i; | ||
1491 | n = ext4_map_blocks(NULL, inode, &map, 0); | ||
1492 | diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h | ||
1493 | index 2fc4ba6fa07f..060881478e59 100644 | ||
1494 | --- a/include/linux/blkdev.h | ||
1495 | +++ b/include/linux/blkdev.h | ||
1496 | @@ -445,7 +445,8 @@ struct request_queue { | ||
1497 | unsigned int sg_reserved_size; | ||
1498 | int node; | ||
1499 | #ifdef CONFIG_BLK_DEV_IO_TRACE | ||
1500 | - struct blk_trace *blk_trace; | ||
1501 | + struct blk_trace __rcu *blk_trace; | ||
1502 | + struct mutex blk_trace_mutex; | ||
1503 | #endif | ||
1504 | /* | ||
1505 | * for flush operations | ||
1506 | diff --git a/include/linux/blktrace_api.h b/include/linux/blktrace_api.h | ||
1507 | index cceb72f9e29f..45fb00427306 100644 | ||
1508 | --- a/include/linux/blktrace_api.h | ||
1509 | +++ b/include/linux/blktrace_api.h | ||
1510 | @@ -51,18 +51,26 @@ void __trace_note_message(struct blk_trace *, const char *fmt, ...); | ||
1511 | **/ | ||
1512 | #define blk_add_trace_msg(q, fmt, ...) \ | ||
1513 | do { \ | ||
1514 | - struct blk_trace *bt = (q)->blk_trace; \ | ||
1515 | + struct blk_trace *bt; \ | ||
1516 | + \ | ||
1517 | + rcu_read_lock(); \ | ||
1518 | + bt = rcu_dereference((q)->blk_trace); \ | ||
1519 | if (unlikely(bt)) \ | ||
1520 | __trace_note_message(bt, fmt, ##__VA_ARGS__); \ | ||
1521 | + rcu_read_unlock(); \ | ||
1522 | } while (0) | ||
1523 | #define BLK_TN_MAX_MSG 128 | ||
1524 | |||
1525 | static inline bool blk_trace_note_message_enabled(struct request_queue *q) | ||
1526 | { | ||
1527 | - struct blk_trace *bt = q->blk_trace; | ||
1528 | - if (likely(!bt)) | ||
1529 | - return false; | ||
1530 | - return bt->act_mask & BLK_TC_NOTIFY; | ||
1531 | + struct blk_trace *bt; | ||
1532 | + bool ret; | ||
1533 | + | ||
1534 | + rcu_read_lock(); | ||
1535 | + bt = rcu_dereference(q->blk_trace); | ||
1536 | + ret = bt && (bt->act_mask & BLK_TC_NOTIFY); | ||
1537 | + rcu_read_unlock(); | ||
1538 | + return ret; | ||
1539 | } | ||
1540 | |||
1541 | extern void blk_add_driver_data(struct request_queue *q, struct request *rq, | ||
1542 | diff --git a/include/linux/cdev.h b/include/linux/cdev.h | ||
1543 | index f8763615a5f2..408bc09ce497 100644 | ||
1544 | --- a/include/linux/cdev.h | ||
1545 | +++ b/include/linux/cdev.h | ||
1546 | @@ -4,6 +4,7 @@ | ||
1547 | #include <linux/kobject.h> | ||
1548 | #include <linux/kdev_t.h> | ||
1549 | #include <linux/list.h> | ||
1550 | +#include <linux/device.h> | ||
1551 | |||
1552 | struct file_operations; | ||
1553 | struct inode; | ||
1554 | @@ -26,6 +27,10 @@ void cdev_put(struct cdev *p); | ||
1555 | |||
1556 | int cdev_add(struct cdev *, dev_t, unsigned); | ||
1557 | |||
1558 | +void cdev_set_parent(struct cdev *p, struct kobject *kobj); | ||
1559 | +int cdev_device_add(struct cdev *cdev, struct device *dev); | ||
1560 | +void cdev_device_del(struct cdev *cdev, struct device *dev); | ||
1561 | + | ||
1562 | void cdev_del(struct cdev *); | ||
1563 | |||
1564 | void cd_forget(struct inode *); | ||
1565 | diff --git a/include/linux/compiler.h b/include/linux/compiler.h | ||
1566 | index 7837afabbd78..824b1b97f989 100644 | ||
1567 | --- a/include/linux/compiler.h | ||
1568 | +++ b/include/linux/compiler.h | ||
1569 | @@ -605,4 +605,11 @@ unsigned long read_word_at_a_time(const void *addr) | ||
1570 | # define __kprobes | ||
1571 | # define nokprobe_inline inline | ||
1572 | #endif | ||
1573 | + | ||
1574 | +/* | ||
1575 | + * This is needed in functions which generate the stack canary, see | ||
1576 | + * arch/x86/kernel/smpboot.c::start_secondary() for an example. | ||
1577 | + */ | ||
1578 | +#define prevent_tail_call_optimization() mb() | ||
1579 | + | ||
1580 | #endif /* __LINUX_COMPILER_H */ | ||
1581 | diff --git a/include/linux/fs.h b/include/linux/fs.h | ||
1582 | index c2c04f891785..2d569738eb32 100644 | ||
1583 | --- a/include/linux/fs.h | ||
1584 | +++ b/include/linux/fs.h | ||
1585 | @@ -931,7 +931,7 @@ struct file_handle { | ||
1586 | __u32 handle_bytes; | ||
1587 | int handle_type; | ||
1588 | /* file identifier */ | ||
1589 | - unsigned char f_handle[0]; | ||
1590 | + unsigned char f_handle[]; | ||
1591 | }; | ||
1592 | |||
1593 | static inline struct file *get_file(struct file *f) | ||
1594 | diff --git a/include/linux/pnp.h b/include/linux/pnp.h | ||
1595 | index 2588ca6a9028..acbfe53eb948 100644 | ||
1596 | --- a/include/linux/pnp.h | ||
1597 | +++ b/include/linux/pnp.h | ||
1598 | @@ -219,10 +219,8 @@ struct pnp_card { | ||
1599 | #define global_to_pnp_card(n) list_entry(n, struct pnp_card, global_list) | ||
1600 | #define protocol_to_pnp_card(n) list_entry(n, struct pnp_card, protocol_list) | ||
1601 | #define to_pnp_card(n) container_of(n, struct pnp_card, dev) | ||
1602 | -#define pnp_for_each_card(card) \ | ||
1603 | - for((card) = global_to_pnp_card(pnp_cards.next); \ | ||
1604 | - (card) != global_to_pnp_card(&pnp_cards); \ | ||
1605 | - (card) = global_to_pnp_card((card)->global_list.next)) | ||
1606 | +#define pnp_for_each_card(card) \ | ||
1607 | + list_for_each_entry(card, &pnp_cards, global_list) | ||
1608 | |||
1609 | struct pnp_card_link { | ||
1610 | struct pnp_card *card; | ||
1611 | @@ -275,14 +273,9 @@ struct pnp_dev { | ||
1612 | #define card_to_pnp_dev(n) list_entry(n, struct pnp_dev, card_list) | ||
1613 | #define protocol_to_pnp_dev(n) list_entry(n, struct pnp_dev, protocol_list) | ||
1614 | #define to_pnp_dev(n) container_of(n, struct pnp_dev, dev) | ||
1615 | -#define pnp_for_each_dev(dev) \ | ||
1616 | - for((dev) = global_to_pnp_dev(pnp_global.next); \ | ||
1617 | - (dev) != global_to_pnp_dev(&pnp_global); \ | ||
1618 | - (dev) = global_to_pnp_dev((dev)->global_list.next)) | ||
1619 | -#define card_for_each_dev(card,dev) \ | ||
1620 | - for((dev) = card_to_pnp_dev((card)->devices.next); \ | ||
1621 | - (dev) != card_to_pnp_dev(&(card)->devices); \ | ||
1622 | - (dev) = card_to_pnp_dev((dev)->card_list.next)) | ||
1623 | +#define pnp_for_each_dev(dev) list_for_each_entry(dev, &pnp_global, global_list) | ||
1624 | +#define card_for_each_dev(card, dev) \ | ||
1625 | + list_for_each_entry(dev, &(card)->devices, card_list) | ||
1626 | #define pnp_dev_name(dev) (dev)->name | ||
1627 | |||
1628 | static inline void *pnp_get_drvdata(struct pnp_dev *pdev) | ||
1629 | @@ -436,14 +429,10 @@ struct pnp_protocol { | ||
1630 | }; | ||
1631 | |||
1632 | #define to_pnp_protocol(n) list_entry(n, struct pnp_protocol, protocol_list) | ||
1633 | -#define protocol_for_each_card(protocol,card) \ | ||
1634 | - for((card) = protocol_to_pnp_card((protocol)->cards.next); \ | ||
1635 | - (card) != protocol_to_pnp_card(&(protocol)->cards); \ | ||
1636 | - (card) = protocol_to_pnp_card((card)->protocol_list.next)) | ||
1637 | -#define protocol_for_each_dev(protocol,dev) \ | ||
1638 | - for((dev) = protocol_to_pnp_dev((protocol)->devices.next); \ | ||
1639 | - (dev) != protocol_to_pnp_dev(&(protocol)->devices); \ | ||
1640 | - (dev) = protocol_to_pnp_dev((dev)->protocol_list.next)) | ||
1641 | +#define protocol_for_each_card(protocol, card) \ | ||
1642 | + list_for_each_entry(card, &(protocol)->cards, protocol_list) | ||
1643 | +#define protocol_for_each_dev(protocol, dev) \ | ||
1644 | + list_for_each_entry(dev, &(protocol)->devices, protocol_list) | ||
1645 | |||
1646 | extern struct bus_type pnp_bus_type; | ||
1647 | |||
1648 | diff --git a/include/linux/posix-clock.h b/include/linux/posix-clock.h | ||
1649 | index 83b22ae9ae12..b39420a0321c 100644 | ||
1650 | --- a/include/linux/posix-clock.h | ||
1651 | +++ b/include/linux/posix-clock.h | ||
1652 | @@ -104,29 +104,32 @@ struct posix_clock_operations { | ||
1653 | * | ||
1654 | * @ops: Functional interface to the clock | ||
1655 | * @cdev: Character device instance for this clock | ||
1656 | - * @kref: Reference count. | ||
1657 | + * @dev: Pointer to the clock's device. | ||
1658 | * @rwsem: Protects the 'zombie' field from concurrent access. | ||
1659 | * @zombie: If 'zombie' is true, then the hardware has disappeared. | ||
1660 | - * @release: A function to free the structure when the reference count reaches | ||
1661 | - * zero. May be NULL if structure is statically allocated. | ||
1662 | * | ||
1663 | * Drivers should embed their struct posix_clock within a private | ||
1664 | * structure, obtaining a reference to it during callbacks using | ||
1665 | * container_of(). | ||
1666 | + * | ||
1667 | + * Drivers should supply an initialized but not exposed struct device | ||
1668 | + * to posix_clock_register(). It is used to manage lifetime of the | ||
1669 | + * driver's private structure. It's 'release' field should be set to | ||
1670 | + * a release function for this private structure. | ||
1671 | */ | ||
1672 | struct posix_clock { | ||
1673 | struct posix_clock_operations ops; | ||
1674 | struct cdev cdev; | ||
1675 | - struct kref kref; | ||
1676 | + struct device *dev; | ||
1677 | struct rw_semaphore rwsem; | ||
1678 | bool zombie; | ||
1679 | - void (*release)(struct posix_clock *clk); | ||
1680 | }; | ||
1681 | |||
1682 | /** | ||
1683 | * posix_clock_register() - register a new clock | ||
1684 | - * @clk: Pointer to the clock. Caller must provide 'ops' and 'release' | ||
1685 | - * @devid: Allocated device id | ||
1686 | + * @clk: Pointer to the clock. Caller must provide 'ops' field | ||
1687 | + * @dev: Pointer to the initialized device. Caller must provide | ||
1688 | + * 'release' field | ||
1689 | * | ||
1690 | * A clock driver calls this function to register itself with the | ||
1691 | * clock device subsystem. If 'clk' points to dynamically allocated | ||
1692 | @@ -135,7 +138,7 @@ struct posix_clock { | ||
1693 | * | ||
1694 | * Returns zero on success, non-zero otherwise. | ||
1695 | */ | ||
1696 | -int posix_clock_register(struct posix_clock *clk, dev_t devid); | ||
1697 | +int posix_clock_register(struct posix_clock *clk, struct device *dev); | ||
1698 | |||
1699 | /** | ||
1700 | * posix_clock_unregister() - unregister a clock | ||
1701 | diff --git a/include/linux/tty.h b/include/linux/tty.h | ||
1702 | index fe483976b119..15cf871046b3 100644 | ||
1703 | --- a/include/linux/tty.h | ||
1704 | +++ b/include/linux/tty.h | ||
1705 | @@ -64,7 +64,7 @@ struct tty_buffer { | ||
1706 | int read; | ||
1707 | int flags; | ||
1708 | /* Data points here */ | ||
1709 | - unsigned long data[0]; | ||
1710 | + unsigned long data[]; | ||
1711 | }; | ||
1712 | |||
1713 | /* Values for .flags field of tty_buffer */ | ||
1714 | diff --git a/include/net/addrconf.h b/include/net/addrconf.h | ||
1715 | index b8ee8a113e32..019b06c035a8 100644 | ||
1716 | --- a/include/net/addrconf.h | ||
1717 | +++ b/include/net/addrconf.h | ||
1718 | @@ -206,8 +206,10 @@ struct ipv6_stub { | ||
1719 | const struct in6_addr *addr); | ||
1720 | int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex, | ||
1721 | const struct in6_addr *addr); | ||
1722 | - int (*ipv6_dst_lookup)(struct net *net, struct sock *sk, | ||
1723 | - struct dst_entry **dst, struct flowi6 *fl6); | ||
1724 | + struct dst_entry *(*ipv6_dst_lookup_flow)(struct net *net, | ||
1725 | + const struct sock *sk, | ||
1726 | + struct flowi6 *fl6, | ||
1727 | + const struct in6_addr *final_dst); | ||
1728 | void (*udpv6_encap_enable)(void); | ||
1729 | void (*ndisc_send_na)(struct net_device *dev, const struct in6_addr *daddr, | ||
1730 | const struct in6_addr *solicited_addr, | ||
1731 | diff --git a/include/net/ipv6.h b/include/net/ipv6.h | ||
1732 | index 168009eef5e4..1a48e10ec617 100644 | ||
1733 | --- a/include/net/ipv6.h | ||
1734 | +++ b/include/net/ipv6.h | ||
1735 | @@ -856,7 +856,7 @@ static inline struct sk_buff *ip6_finish_skb(struct sock *sk) | ||
1736 | |||
1737 | int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst, | ||
1738 | struct flowi6 *fl6); | ||
1739 | -struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6, | ||
1740 | +struct dst_entry *ip6_dst_lookup_flow(struct net *net, const struct sock *sk, struct flowi6 *fl6, | ||
1741 | const struct in6_addr *final_dst); | ||
1742 | struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, | ||
1743 | const struct in6_addr *final_dst); | ||
1744 | diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h | ||
1745 | index b57a9f37c297..7befec513295 100644 | ||
1746 | --- a/include/net/netfilter/nf_conntrack.h | ||
1747 | +++ b/include/net/netfilter/nf_conntrack.h | ||
1748 | @@ -103,7 +103,7 @@ struct nf_conn { | ||
1749 | struct hlist_node nat_bysource; | ||
1750 | #endif | ||
1751 | /* all members below initialized via memset */ | ||
1752 | - u8 __nfct_init_offset[0]; | ||
1753 | + struct { } __nfct_init_offset; | ||
1754 | |||
1755 | /* If we were expected by an expectation, this will be it */ | ||
1756 | struct nf_conn *master; | ||
1757 | diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h | ||
1758 | index 5432111c8761..2a87128b3075 100644 | ||
1759 | --- a/include/sound/rawmidi.h | ||
1760 | +++ b/include/sound/rawmidi.h | ||
1761 | @@ -76,6 +76,7 @@ struct snd_rawmidi_runtime { | ||
1762 | size_t avail_min; /* min avail for wakeup */ | ||
1763 | size_t avail; /* max used buffer for wakeup */ | ||
1764 | size_t xruns; /* over/underruns counter */ | ||
1765 | + int buffer_ref; /* buffer reference count */ | ||
1766 | /* misc */ | ||
1767 | spinlock_t lock; | ||
1768 | wait_queue_head_t sleep; | ||
1769 | diff --git a/init/main.c b/init/main.c | ||
1770 | index 148843e627a0..d47860dbe896 100644 | ||
1771 | --- a/init/main.c | ||
1772 | +++ b/init/main.c | ||
1773 | @@ -662,6 +662,8 @@ asmlinkage __visible void __init start_kernel(void) | ||
1774 | |||
1775 | /* Do the rest non-__init'ed, we're now alive */ | ||
1776 | rest_init(); | ||
1777 | + | ||
1778 | + prevent_tail_call_optimization(); | ||
1779 | } | ||
1780 | |||
1781 | /* Call all constructor functions linked into the kernel. */ | ||
1782 | diff --git a/ipc/util.c b/ipc/util.c | ||
1783 | index e65ecf3ccbda..76d4afcde7bb 100644 | ||
1784 | --- a/ipc/util.c | ||
1785 | +++ b/ipc/util.c | ||
1786 | @@ -751,21 +751,21 @@ static struct kern_ipc_perm *sysvipc_find_ipc(struct ipc_ids *ids, loff_t pos, | ||
1787 | total++; | ||
1788 | } | ||
1789 | |||
1790 | - *new_pos = pos + 1; | ||
1791 | + ipc = NULL; | ||
1792 | if (total >= ids->in_use) | ||
1793 | - return NULL; | ||
1794 | + goto out; | ||
1795 | |||
1796 | for (; pos < IPCMNI; pos++) { | ||
1797 | ipc = idr_find(&ids->ipcs_idr, pos); | ||
1798 | if (ipc != NULL) { | ||
1799 | rcu_read_lock(); | ||
1800 | ipc_lock_object(ipc); | ||
1801 | - return ipc; | ||
1802 | + break; | ||
1803 | } | ||
1804 | } | ||
1805 | - | ||
1806 | - /* Out of range - return NULL to terminate iteration */ | ||
1807 | - return NULL; | ||
1808 | +out: | ||
1809 | + *new_pos = pos + 1; | ||
1810 | + return ipc; | ||
1811 | } | ||
1812 | |||
1813 | static void *sysvipc_proc_next(struct seq_file *s, void *it, loff_t *pos) | ||
1814 | diff --git a/kernel/time/posix-clock.c b/kernel/time/posix-clock.c | ||
1815 | index e24008c098c6..45a0a26023d4 100644 | ||
1816 | --- a/kernel/time/posix-clock.c | ||
1817 | +++ b/kernel/time/posix-clock.c | ||
1818 | @@ -25,8 +25,6 @@ | ||
1819 | #include <linux/syscalls.h> | ||
1820 | #include <linux/uaccess.h> | ||
1821 | |||
1822 | -static void delete_clock(struct kref *kref); | ||
1823 | - | ||
1824 | /* | ||
1825 | * Returns NULL if the posix_clock instance attached to 'fp' is old and stale. | ||
1826 | */ | ||
1827 | @@ -168,7 +166,7 @@ static int posix_clock_open(struct inode *inode, struct file *fp) | ||
1828 | err = 0; | ||
1829 | |||
1830 | if (!err) { | ||
1831 | - kref_get(&clk->kref); | ||
1832 | + get_device(clk->dev); | ||
1833 | fp->private_data = clk; | ||
1834 | } | ||
1835 | out: | ||
1836 | @@ -184,7 +182,7 @@ static int posix_clock_release(struct inode *inode, struct file *fp) | ||
1837 | if (clk->ops.release) | ||
1838 | err = clk->ops.release(clk); | ||
1839 | |||
1840 | - kref_put(&clk->kref, delete_clock); | ||
1841 | + put_device(clk->dev); | ||
1842 | |||
1843 | fp->private_data = NULL; | ||
1844 | |||
1845 | @@ -206,38 +204,35 @@ static const struct file_operations posix_clock_file_operations = { | ||
1846 | #endif | ||
1847 | }; | ||
1848 | |||
1849 | -int posix_clock_register(struct posix_clock *clk, dev_t devid) | ||
1850 | +int posix_clock_register(struct posix_clock *clk, struct device *dev) | ||
1851 | { | ||
1852 | int err; | ||
1853 | |||
1854 | - kref_init(&clk->kref); | ||
1855 | init_rwsem(&clk->rwsem); | ||
1856 | |||
1857 | cdev_init(&clk->cdev, &posix_clock_file_operations); | ||
1858 | + err = cdev_device_add(&clk->cdev, dev); | ||
1859 | + if (err) { | ||
1860 | + pr_err("%s unable to add device %d:%d\n", | ||
1861 | + dev_name(dev), MAJOR(dev->devt), MINOR(dev->devt)); | ||
1862 | + return err; | ||
1863 | + } | ||
1864 | clk->cdev.owner = clk->ops.owner; | ||
1865 | - err = cdev_add(&clk->cdev, devid, 1); | ||
1866 | + clk->dev = dev; | ||
1867 | |||
1868 | - return err; | ||
1869 | + return 0; | ||
1870 | } | ||
1871 | EXPORT_SYMBOL_GPL(posix_clock_register); | ||
1872 | |||
1873 | -static void delete_clock(struct kref *kref) | ||
1874 | -{ | ||
1875 | - struct posix_clock *clk = container_of(kref, struct posix_clock, kref); | ||
1876 | - | ||
1877 | - if (clk->release) | ||
1878 | - clk->release(clk); | ||
1879 | -} | ||
1880 | - | ||
1881 | void posix_clock_unregister(struct posix_clock *clk) | ||
1882 | { | ||
1883 | - cdev_del(&clk->cdev); | ||
1884 | + cdev_device_del(&clk->cdev, clk->dev); | ||
1885 | |||
1886 | down_write(&clk->rwsem); | ||
1887 | clk->zombie = true; | ||
1888 | up_write(&clk->rwsem); | ||
1889 | |||
1890 | - kref_put(&clk->kref, delete_clock); | ||
1891 | + put_device(clk->dev); | ||
1892 | } | ||
1893 | EXPORT_SYMBOL_GPL(posix_clock_unregister); | ||
1894 | |||
1895 | diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c | ||
1896 | index bfa8bb3a6e19..6d3b432a748a 100644 | ||
1897 | --- a/kernel/trace/blktrace.c | ||
1898 | +++ b/kernel/trace/blktrace.c | ||
1899 | @@ -325,11 +325,12 @@ static void put_probe_ref(void) | ||
1900 | |||
1901 | static void blk_trace_cleanup(struct blk_trace *bt) | ||
1902 | { | ||
1903 | + synchronize_rcu(); | ||
1904 | blk_trace_free(bt); | ||
1905 | put_probe_ref(); | ||
1906 | } | ||
1907 | |||
1908 | -int blk_trace_remove(struct request_queue *q) | ||
1909 | +static int __blk_trace_remove(struct request_queue *q) | ||
1910 | { | ||
1911 | struct blk_trace *bt; | ||
1912 | |||
1913 | @@ -342,6 +343,17 @@ int blk_trace_remove(struct request_queue *q) | ||
1914 | |||
1915 | return 0; | ||
1916 | } | ||
1917 | + | ||
1918 | +int blk_trace_remove(struct request_queue *q) | ||
1919 | +{ | ||
1920 | + int ret; | ||
1921 | + | ||
1922 | + mutex_lock(&q->blk_trace_mutex); | ||
1923 | + ret = __blk_trace_remove(q); | ||
1924 | + mutex_unlock(&q->blk_trace_mutex); | ||
1925 | + | ||
1926 | + return ret; | ||
1927 | +} | ||
1928 | EXPORT_SYMBOL_GPL(blk_trace_remove); | ||
1929 | |||
1930 | static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, | ||
1931 | @@ -546,9 +558,8 @@ err: | ||
1932 | return ret; | ||
1933 | } | ||
1934 | |||
1935 | -int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, | ||
1936 | - struct block_device *bdev, | ||
1937 | - char __user *arg) | ||
1938 | +static int __blk_trace_setup(struct request_queue *q, char *name, dev_t dev, | ||
1939 | + struct block_device *bdev, char __user *arg) | ||
1940 | { | ||
1941 | struct blk_user_trace_setup buts; | ||
1942 | int ret; | ||
1943 | @@ -562,11 +573,24 @@ int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, | ||
1944 | return ret; | ||
1945 | |||
1946 | if (copy_to_user(arg, &buts, sizeof(buts))) { | ||
1947 | - blk_trace_remove(q); | ||
1948 | + __blk_trace_remove(q); | ||
1949 | return -EFAULT; | ||
1950 | } | ||
1951 | return 0; | ||
1952 | } | ||
1953 | + | ||
1954 | +int blk_trace_setup(struct request_queue *q, char *name, dev_t dev, | ||
1955 | + struct block_device *bdev, | ||
1956 | + char __user *arg) | ||
1957 | +{ | ||
1958 | + int ret; | ||
1959 | + | ||
1960 | + mutex_lock(&q->blk_trace_mutex); | ||
1961 | + ret = __blk_trace_setup(q, name, dev, bdev, arg); | ||
1962 | + mutex_unlock(&q->blk_trace_mutex); | ||
1963 | + | ||
1964 | + return ret; | ||
1965 | +} | ||
1966 | EXPORT_SYMBOL_GPL(blk_trace_setup); | ||
1967 | |||
1968 | #if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64) | ||
1969 | @@ -595,7 +619,7 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name, | ||
1970 | return ret; | ||
1971 | |||
1972 | if (copy_to_user(arg, &buts.name, ARRAY_SIZE(buts.name))) { | ||
1973 | - blk_trace_remove(q); | ||
1974 | + __blk_trace_remove(q); | ||
1975 | return -EFAULT; | ||
1976 | } | ||
1977 | |||
1978 | @@ -603,11 +627,13 @@ static int compat_blk_trace_setup(struct request_queue *q, char *name, | ||
1979 | } | ||
1980 | #endif | ||
1981 | |||
1982 | -int blk_trace_startstop(struct request_queue *q, int start) | ||
1983 | +static int __blk_trace_startstop(struct request_queue *q, int start) | ||
1984 | { | ||
1985 | int ret; | ||
1986 | - struct blk_trace *bt = q->blk_trace; | ||
1987 | + struct blk_trace *bt; | ||
1988 | |||
1989 | + bt = rcu_dereference_protected(q->blk_trace, | ||
1990 | + lockdep_is_held(&q->blk_trace_mutex)); | ||
1991 | if (bt == NULL) | ||
1992 | return -EINVAL; | ||
1993 | |||
1994 | @@ -642,8 +668,25 @@ int blk_trace_startstop(struct request_queue *q, int start) | ||
1995 | |||
1996 | return ret; | ||
1997 | } | ||
1998 | + | ||
1999 | +int blk_trace_startstop(struct request_queue *q, int start) | ||
2000 | +{ | ||
2001 | + int ret; | ||
2002 | + | ||
2003 | + mutex_lock(&q->blk_trace_mutex); | ||
2004 | + ret = __blk_trace_startstop(q, start); | ||
2005 | + mutex_unlock(&q->blk_trace_mutex); | ||
2006 | + | ||
2007 | + return ret; | ||
2008 | +} | ||
2009 | EXPORT_SYMBOL_GPL(blk_trace_startstop); | ||
2010 | |||
2011 | +/* | ||
2012 | + * When reading or writing the blktrace sysfs files, the references to the | ||
2013 | + * opened sysfs or device files should prevent the underlying block device | ||
2014 | + * from being removed. So no further delete protection is really needed. | ||
2015 | + */ | ||
2016 | + | ||
2017 | /** | ||
2018 | * blk_trace_ioctl: - handle the ioctls associated with tracing | ||
2019 | * @bdev: the block device | ||
2020 | @@ -661,12 +704,12 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) | ||
2021 | if (!q) | ||
2022 | return -ENXIO; | ||
2023 | |||
2024 | - mutex_lock(&bdev->bd_mutex); | ||
2025 | + mutex_lock(&q->blk_trace_mutex); | ||
2026 | |||
2027 | switch (cmd) { | ||
2028 | case BLKTRACESETUP: | ||
2029 | bdevname(bdev, b); | ||
2030 | - ret = blk_trace_setup(q, b, bdev->bd_dev, bdev, arg); | ||
2031 | + ret = __blk_trace_setup(q, b, bdev->bd_dev, bdev, arg); | ||
2032 | break; | ||
2033 | #if defined(CONFIG_COMPAT) && defined(CONFIG_X86_64) | ||
2034 | case BLKTRACESETUP32: | ||
2035 | @@ -677,17 +720,17 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) | ||
2036 | case BLKTRACESTART: | ||
2037 | start = 1; | ||
2038 | case BLKTRACESTOP: | ||
2039 | - ret = blk_trace_startstop(q, start); | ||
2040 | + ret = __blk_trace_startstop(q, start); | ||
2041 | break; | ||
2042 | case BLKTRACETEARDOWN: | ||
2043 | - ret = blk_trace_remove(q); | ||
2044 | + ret = __blk_trace_remove(q); | ||
2045 | break; | ||
2046 | default: | ||
2047 | ret = -ENOTTY; | ||
2048 | break; | ||
2049 | } | ||
2050 | |||
2051 | - mutex_unlock(&bdev->bd_mutex); | ||
2052 | + mutex_unlock(&q->blk_trace_mutex); | ||
2053 | return ret; | ||
2054 | } | ||
2055 | |||
2056 | @@ -698,10 +741,14 @@ int blk_trace_ioctl(struct block_device *bdev, unsigned cmd, char __user *arg) | ||
2057 | **/ | ||
2058 | void blk_trace_shutdown(struct request_queue *q) | ||
2059 | { | ||
2060 | - if (q->blk_trace) { | ||
2061 | - blk_trace_startstop(q, 0); | ||
2062 | - blk_trace_remove(q); | ||
2063 | + mutex_lock(&q->blk_trace_mutex); | ||
2064 | + if (rcu_dereference_protected(q->blk_trace, | ||
2065 | + lockdep_is_held(&q->blk_trace_mutex))) { | ||
2066 | + __blk_trace_startstop(q, 0); | ||
2067 | + __blk_trace_remove(q); | ||
2068 | } | ||
2069 | + | ||
2070 | + mutex_unlock(&q->blk_trace_mutex); | ||
2071 | } | ||
2072 | |||
2073 | /* | ||
2074 | @@ -722,10 +769,14 @@ void blk_trace_shutdown(struct request_queue *q) | ||
2075 | static void blk_add_trace_rq(struct request_queue *q, struct request *rq, | ||
2076 | unsigned int nr_bytes, u32 what) | ||
2077 | { | ||
2078 | - struct blk_trace *bt = q->blk_trace; | ||
2079 | + struct blk_trace *bt; | ||
2080 | |||
2081 | - if (likely(!bt)) | ||
2082 | + rcu_read_lock(); | ||
2083 | + bt = rcu_dereference(q->blk_trace); | ||
2084 | + if (likely(!bt)) { | ||
2085 | + rcu_read_unlock(); | ||
2086 | return; | ||
2087 | + } | ||
2088 | |||
2089 | if (rq->cmd_type == REQ_TYPE_BLOCK_PC) { | ||
2090 | what |= BLK_TC_ACT(BLK_TC_PC); | ||
2091 | @@ -736,6 +787,7 @@ static void blk_add_trace_rq(struct request_queue *q, struct request *rq, | ||
2092 | __blk_add_trace(bt, blk_rq_pos(rq), nr_bytes, req_op(rq), | ||
2093 | rq->cmd_flags, what, rq->errors, 0, NULL); | ||
2094 | } | ||
2095 | + rcu_read_unlock(); | ||
2096 | } | ||
2097 | |||
2098 | static void blk_add_trace_rq_abort(void *ignore, | ||
2099 | @@ -785,13 +837,18 @@ static void blk_add_trace_rq_complete(void *ignore, | ||
2100 | static void blk_add_trace_bio(struct request_queue *q, struct bio *bio, | ||
2101 | u32 what, int error) | ||
2102 | { | ||
2103 | - struct blk_trace *bt = q->blk_trace; | ||
2104 | + struct blk_trace *bt; | ||
2105 | |||
2106 | - if (likely(!bt)) | ||
2107 | + rcu_read_lock(); | ||
2108 | + bt = rcu_dereference(q->blk_trace); | ||
2109 | + if (likely(!bt)) { | ||
2110 | + rcu_read_unlock(); | ||
2111 | return; | ||
2112 | + } | ||
2113 | |||
2114 | __blk_add_trace(bt, bio->bi_iter.bi_sector, bio->bi_iter.bi_size, | ||
2115 | bio_op(bio), bio->bi_opf, what, error, 0, NULL); | ||
2116 | + rcu_read_unlock(); | ||
2117 | } | ||
2118 | |||
2119 | static void blk_add_trace_bio_bounce(void *ignore, | ||
2120 | @@ -836,11 +893,14 @@ static void blk_add_trace_getrq(void *ignore, | ||
2121 | if (bio) | ||
2122 | blk_add_trace_bio(q, bio, BLK_TA_GETRQ, 0); | ||
2123 | else { | ||
2124 | - struct blk_trace *bt = q->blk_trace; | ||
2125 | + struct blk_trace *bt; | ||
2126 | |||
2127 | + rcu_read_lock(); | ||
2128 | + bt = rcu_dereference(q->blk_trace); | ||
2129 | if (bt) | ||
2130 | __blk_add_trace(bt, 0, 0, rw, 0, BLK_TA_GETRQ, 0, 0, | ||
2131 | NULL); | ||
2132 | + rcu_read_unlock(); | ||
2133 | } | ||
2134 | } | ||
2135 | |||
2136 | @@ -852,27 +912,35 @@ static void blk_add_trace_sleeprq(void *ignore, | ||
2137 | if (bio) | ||
2138 | blk_add_trace_bio(q, bio, BLK_TA_SLEEPRQ, 0); | ||
2139 | else { | ||
2140 | - struct blk_trace *bt = q->blk_trace; | ||
2141 | + struct blk_trace *bt; | ||
2142 | |||
2143 | + rcu_read_lock(); | ||
2144 | + bt = rcu_dereference(q->blk_trace); | ||
2145 | if (bt) | ||
2146 | __blk_add_trace(bt, 0, 0, rw, 0, BLK_TA_SLEEPRQ, | ||
2147 | 0, 0, NULL); | ||
2148 | + rcu_read_unlock(); | ||
2149 | } | ||
2150 | } | ||
2151 | |||
2152 | static void blk_add_trace_plug(void *ignore, struct request_queue *q) | ||
2153 | { | ||
2154 | - struct blk_trace *bt = q->blk_trace; | ||
2155 | + struct blk_trace *bt; | ||
2156 | |||
2157 | + rcu_read_lock(); | ||
2158 | + bt = rcu_dereference(q->blk_trace); | ||
2159 | if (bt) | ||
2160 | __blk_add_trace(bt, 0, 0, 0, 0, BLK_TA_PLUG, 0, 0, NULL); | ||
2161 | + rcu_read_unlock(); | ||
2162 | } | ||
2163 | |||
2164 | static void blk_add_trace_unplug(void *ignore, struct request_queue *q, | ||
2165 | unsigned int depth, bool explicit) | ||
2166 | { | ||
2167 | - struct blk_trace *bt = q->blk_trace; | ||
2168 | + struct blk_trace *bt; | ||
2169 | |||
2170 | + rcu_read_lock(); | ||
2171 | + bt = rcu_dereference(q->blk_trace); | ||
2172 | if (bt) { | ||
2173 | __be64 rpdu = cpu_to_be64(depth); | ||
2174 | u32 what; | ||
2175 | @@ -884,14 +952,17 @@ static void blk_add_trace_unplug(void *ignore, struct request_queue *q, | ||
2176 | |||
2177 | __blk_add_trace(bt, 0, 0, 0, 0, what, 0, sizeof(rpdu), &rpdu); | ||
2178 | } | ||
2179 | + rcu_read_unlock(); | ||
2180 | } | ||
2181 | |||
2182 | static void blk_add_trace_split(void *ignore, | ||
2183 | struct request_queue *q, struct bio *bio, | ||
2184 | unsigned int pdu) | ||
2185 | { | ||
2186 | - struct blk_trace *bt = q->blk_trace; | ||
2187 | + struct blk_trace *bt; | ||
2188 | |||
2189 | + rcu_read_lock(); | ||
2190 | + bt = rcu_dereference(q->blk_trace); | ||
2191 | if (bt) { | ||
2192 | __be64 rpdu = cpu_to_be64(pdu); | ||
2193 | |||
2194 | @@ -900,6 +971,7 @@ static void blk_add_trace_split(void *ignore, | ||
2195 | BLK_TA_SPLIT, bio->bi_error, sizeof(rpdu), | ||
2196 | &rpdu); | ||
2197 | } | ||
2198 | + rcu_read_unlock(); | ||
2199 | } | ||
2200 | |||
2201 | /** | ||
2202 | @@ -919,11 +991,15 @@ static void blk_add_trace_bio_remap(void *ignore, | ||
2203 | struct request_queue *q, struct bio *bio, | ||
2204 | dev_t dev, sector_t from) | ||
2205 | { | ||
2206 | - struct blk_trace *bt = q->blk_trace; | ||
2207 | + struct blk_trace *bt; | ||
2208 | struct blk_io_trace_remap r; | ||
2209 | |||
2210 | - if (likely(!bt)) | ||
2211 | + rcu_read_lock(); | ||
2212 | + bt = rcu_dereference(q->blk_trace); | ||
2213 | + if (likely(!bt)) { | ||
2214 | + rcu_read_unlock(); | ||
2215 | return; | ||
2216 | + } | ||
2217 | |||
2218 | r.device_from = cpu_to_be32(dev); | ||
2219 | r.device_to = cpu_to_be32(bio->bi_bdev->bd_dev); | ||
2220 | @@ -932,6 +1008,7 @@ static void blk_add_trace_bio_remap(void *ignore, | ||
2221 | __blk_add_trace(bt, bio->bi_iter.bi_sector, bio->bi_iter.bi_size, | ||
2222 | bio_op(bio), bio->bi_opf, BLK_TA_REMAP, bio->bi_error, | ||
2223 | sizeof(r), &r); | ||
2224 | + rcu_read_unlock(); | ||
2225 | } | ||
2226 | |||
2227 | /** | ||
2228 | @@ -952,11 +1029,15 @@ static void blk_add_trace_rq_remap(void *ignore, | ||
2229 | struct request *rq, dev_t dev, | ||
2230 | sector_t from) | ||
2231 | { | ||
2232 | - struct blk_trace *bt = q->blk_trace; | ||
2233 | + struct blk_trace *bt; | ||
2234 | struct blk_io_trace_remap r; | ||
2235 | |||
2236 | - if (likely(!bt)) | ||
2237 | + rcu_read_lock(); | ||
2238 | + bt = rcu_dereference(q->blk_trace); | ||
2239 | + if (likely(!bt)) { | ||
2240 | + rcu_read_unlock(); | ||
2241 | return; | ||
2242 | + } | ||
2243 | |||
2244 | r.device_from = cpu_to_be32(dev); | ||
2245 | r.device_to = cpu_to_be32(disk_devt(rq->rq_disk)); | ||
2246 | @@ -965,6 +1046,7 @@ static void blk_add_trace_rq_remap(void *ignore, | ||
2247 | __blk_add_trace(bt, blk_rq_pos(rq), blk_rq_bytes(rq), | ||
2248 | rq_data_dir(rq), 0, BLK_TA_REMAP, !!rq->errors, | ||
2249 | sizeof(r), &r); | ||
2250 | + rcu_read_unlock(); | ||
2251 | } | ||
2252 | |||
2253 | /** | ||
2254 | @@ -982,10 +1064,14 @@ void blk_add_driver_data(struct request_queue *q, | ||
2255 | struct request *rq, | ||
2256 | void *data, size_t len) | ||
2257 | { | ||
2258 | - struct blk_trace *bt = q->blk_trace; | ||
2259 | + struct blk_trace *bt; | ||
2260 | |||
2261 | - if (likely(!bt)) | ||
2262 | + rcu_read_lock(); | ||
2263 | + bt = rcu_dereference(q->blk_trace); | ||
2264 | + if (likely(!bt)) { | ||
2265 | + rcu_read_unlock(); | ||
2266 | return; | ||
2267 | + } | ||
2268 | |||
2269 | if (rq->cmd_type == REQ_TYPE_BLOCK_PC) | ||
2270 | __blk_add_trace(bt, 0, blk_rq_bytes(rq), 0, 0, | ||
2271 | @@ -993,6 +1079,7 @@ void blk_add_driver_data(struct request_queue *q, | ||
2272 | else | ||
2273 | __blk_add_trace(bt, blk_rq_pos(rq), blk_rq_bytes(rq), 0, 0, | ||
2274 | BLK_TA_DRV_DATA, rq->errors, len, data); | ||
2275 | + rcu_read_unlock(); | ||
2276 | } | ||
2277 | EXPORT_SYMBOL_GPL(blk_add_driver_data); | ||
2278 | |||
2279 | @@ -1485,6 +1572,7 @@ static int blk_trace_remove_queue(struct request_queue *q) | ||
2280 | return -EINVAL; | ||
2281 | |||
2282 | put_probe_ref(); | ||
2283 | + synchronize_rcu(); | ||
2284 | blk_trace_free(bt); | ||
2285 | return 0; | ||
2286 | } | ||
2287 | @@ -1646,6 +1734,7 @@ static ssize_t sysfs_blk_trace_attr_show(struct device *dev, | ||
2288 | struct hd_struct *p = dev_to_part(dev); | ||
2289 | struct request_queue *q; | ||
2290 | struct block_device *bdev; | ||
2291 | + struct blk_trace *bt; | ||
2292 | ssize_t ret = -ENXIO; | ||
2293 | |||
2294 | bdev = bdget(part_devt(p)); | ||
2295 | @@ -1656,26 +1745,28 @@ static ssize_t sysfs_blk_trace_attr_show(struct device *dev, | ||
2296 | if (q == NULL) | ||
2297 | goto out_bdput; | ||
2298 | |||
2299 | - mutex_lock(&bdev->bd_mutex); | ||
2300 | + mutex_lock(&q->blk_trace_mutex); | ||
2301 | |||
2302 | + bt = rcu_dereference_protected(q->blk_trace, | ||
2303 | + lockdep_is_held(&q->blk_trace_mutex)); | ||
2304 | if (attr == &dev_attr_enable) { | ||
2305 | - ret = sprintf(buf, "%u\n", !!q->blk_trace); | ||
2306 | + ret = sprintf(buf, "%u\n", !!bt); | ||
2307 | goto out_unlock_bdev; | ||
2308 | } | ||
2309 | |||
2310 | - if (q->blk_trace == NULL) | ||
2311 | + if (bt == NULL) | ||
2312 | ret = sprintf(buf, "disabled\n"); | ||
2313 | else if (attr == &dev_attr_act_mask) | ||
2314 | - ret = blk_trace_mask2str(buf, q->blk_trace->act_mask); | ||
2315 | + ret = blk_trace_mask2str(buf, bt->act_mask); | ||
2316 | else if (attr == &dev_attr_pid) | ||
2317 | - ret = sprintf(buf, "%u\n", q->blk_trace->pid); | ||
2318 | + ret = sprintf(buf, "%u\n", bt->pid); | ||
2319 | else if (attr == &dev_attr_start_lba) | ||
2320 | - ret = sprintf(buf, "%llu\n", q->blk_trace->start_lba); | ||
2321 | + ret = sprintf(buf, "%llu\n", bt->start_lba); | ||
2322 | else if (attr == &dev_attr_end_lba) | ||
2323 | - ret = sprintf(buf, "%llu\n", q->blk_trace->end_lba); | ||
2324 | + ret = sprintf(buf, "%llu\n", bt->end_lba); | ||
2325 | |||
2326 | out_unlock_bdev: | ||
2327 | - mutex_unlock(&bdev->bd_mutex); | ||
2328 | + mutex_unlock(&q->blk_trace_mutex); | ||
2329 | out_bdput: | ||
2330 | bdput(bdev); | ||
2331 | out: | ||
2332 | @@ -1689,6 +1780,7 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev, | ||
2333 | struct block_device *bdev; | ||
2334 | struct request_queue *q; | ||
2335 | struct hd_struct *p; | ||
2336 | + struct blk_trace *bt; | ||
2337 | u64 value; | ||
2338 | ssize_t ret = -EINVAL; | ||
2339 | |||
2340 | @@ -1717,10 +1809,12 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev, | ||
2341 | if (q == NULL) | ||
2342 | goto out_bdput; | ||
2343 | |||
2344 | - mutex_lock(&bdev->bd_mutex); | ||
2345 | + mutex_lock(&q->blk_trace_mutex); | ||
2346 | |||
2347 | + bt = rcu_dereference_protected(q->blk_trace, | ||
2348 | + lockdep_is_held(&q->blk_trace_mutex)); | ||
2349 | if (attr == &dev_attr_enable) { | ||
2350 | - if (!!value == !!q->blk_trace) { | ||
2351 | + if (!!value == !!bt) { | ||
2352 | ret = 0; | ||
2353 | goto out_unlock_bdev; | ||
2354 | } | ||
2355 | @@ -1732,22 +1826,25 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev, | ||
2356 | } | ||
2357 | |||
2358 | ret = 0; | ||
2359 | - if (q->blk_trace == NULL) | ||
2360 | + if (bt == NULL) { | ||
2361 | ret = blk_trace_setup_queue(q, bdev); | ||
2362 | + bt = rcu_dereference_protected(q->blk_trace, | ||
2363 | + lockdep_is_held(&q->blk_trace_mutex)); | ||
2364 | + } | ||
2365 | |||
2366 | if (ret == 0) { | ||
2367 | if (attr == &dev_attr_act_mask) | ||
2368 | - q->blk_trace->act_mask = value; | ||
2369 | + bt->act_mask = value; | ||
2370 | else if (attr == &dev_attr_pid) | ||
2371 | - q->blk_trace->pid = value; | ||
2372 | + bt->pid = value; | ||
2373 | else if (attr == &dev_attr_start_lba) | ||
2374 | - q->blk_trace->start_lba = value; | ||
2375 | + bt->start_lba = value; | ||
2376 | else if (attr == &dev_attr_end_lba) | ||
2377 | - q->blk_trace->end_lba = value; | ||
2378 | + bt->end_lba = value; | ||
2379 | } | ||
2380 | |||
2381 | out_unlock_bdev: | ||
2382 | - mutex_unlock(&bdev->bd_mutex); | ||
2383 | + mutex_unlock(&q->blk_trace_mutex); | ||
2384 | out_bdput: | ||
2385 | bdput(bdev); | ||
2386 | out: | ||
2387 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c | ||
2388 | index 6a170a78b453..b2fb25aefb2f 100644 | ||
2389 | --- a/kernel/trace/trace.c | ||
2390 | +++ b/kernel/trace/trace.c | ||
2391 | @@ -7032,6 +7032,19 @@ static int allocate_trace_buffers(struct trace_array *tr, int size) | ||
2392 | */ | ||
2393 | allocate_snapshot = false; | ||
2394 | #endif | ||
2395 | + | ||
2396 | + /* | ||
2397 | + * Because of some magic with the way alloc_percpu() works on | ||
2398 | + * x86_64, we need to synchronize the pgd of all the tables, | ||
2399 | + * otherwise the trace events that happen in x86_64 page fault | ||
2400 | + * handlers can't cope with accessing the chance that a | ||
2401 | + * alloc_percpu()'d memory might be touched in the page fault trace | ||
2402 | + * event. Oh, and we need to audit all other alloc_percpu() and vmalloc() | ||
2403 | + * calls in tracing, because something might get triggered within a | ||
2404 | + * page fault trace event! | ||
2405 | + */ | ||
2406 | + vmalloc_sync_mappings(); | ||
2407 | + | ||
2408 | return 0; | ||
2409 | } | ||
2410 | |||
2411 | diff --git a/mm/page_alloc.c b/mm/page_alloc.c | ||
2412 | index ef710e387862..de00e0fec484 100644 | ||
2413 | --- a/mm/page_alloc.c | ||
2414 | +++ b/mm/page_alloc.c | ||
2415 | @@ -1408,6 +1408,7 @@ void set_zone_contiguous(struct zone *zone) | ||
2416 | if (!__pageblock_pfn_to_page(block_start_pfn, | ||
2417 | block_end_pfn, zone)) | ||
2418 | return; | ||
2419 | + cond_resched(); | ||
2420 | } | ||
2421 | |||
2422 | /* We confirm that there is no hole */ | ||
2423 | diff --git a/mm/shmem.c b/mm/shmem.c | ||
2424 | index 90ccbb35458b..31b0c09fe6c6 100644 | ||
2425 | --- a/mm/shmem.c | ||
2426 | +++ b/mm/shmem.c | ||
2427 | @@ -2082,7 +2082,11 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user) | ||
2428 | struct shmem_inode_info *info = SHMEM_I(inode); | ||
2429 | int retval = -ENOMEM; | ||
2430 | |||
2431 | - spin_lock_irq(&info->lock); | ||
2432 | + /* | ||
2433 | + * What serializes the accesses to info->flags? | ||
2434 | + * ipc_lock_object() when called from shmctl_do_lock(), | ||
2435 | + * no serialization needed when called from shm_destroy(). | ||
2436 | + */ | ||
2437 | if (lock && !(info->flags & VM_LOCKED)) { | ||
2438 | if (!user_shm_lock(inode->i_size, user)) | ||
2439 | goto out_nomem; | ||
2440 | @@ -2097,7 +2101,6 @@ int shmem_lock(struct file *file, int lock, struct user_struct *user) | ||
2441 | retval = 0; | ||
2442 | |||
2443 | out_nomem: | ||
2444 | - spin_unlock_irq(&info->lock); | ||
2445 | return retval; | ||
2446 | } | ||
2447 | |||
2448 | diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c | ||
2449 | index b0cae59bd327..d2e6885479cb 100644 | ||
2450 | --- a/net/batman-adv/bat_v_ogm.c | ||
2451 | +++ b/net/batman-adv/bat_v_ogm.c | ||
2452 | @@ -709,7 +709,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset, | ||
2453 | |||
2454 | orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig); | ||
2455 | if (!orig_node) | ||
2456 | - return; | ||
2457 | + goto out; | ||
2458 | |||
2459 | neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming, | ||
2460 | ethhdr->h_source); | ||
2461 | diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c | ||
2462 | index a7b5cf08d363..09549885cd14 100644 | ||
2463 | --- a/net/batman-adv/network-coding.c | ||
2464 | +++ b/net/batman-adv/network-coding.c | ||
2465 | @@ -1012,15 +1012,8 @@ static struct batadv_nc_path *batadv_nc_get_path(struct batadv_priv *bat_priv, | ||
2466 | */ | ||
2467 | static u8 batadv_nc_random_weight_tq(u8 tq) | ||
2468 | { | ||
2469 | - u8 rand_val, rand_tq; | ||
2470 | - | ||
2471 | - get_random_bytes(&rand_val, sizeof(rand_val)); | ||
2472 | - | ||
2473 | /* randomize the estimated packet loss (max TQ - estimated TQ) */ | ||
2474 | - rand_tq = rand_val * (BATADV_TQ_MAX_VALUE - tq); | ||
2475 | - | ||
2476 | - /* normalize the randomized packet loss */ | ||
2477 | - rand_tq /= BATADV_TQ_MAX_VALUE; | ||
2478 | + u8 rand_tq = prandom_u32_max(BATADV_TQ_MAX_VALUE + 1 - tq); | ||
2479 | |||
2480 | /* convert to (randomized) estimated tq again */ | ||
2481 | return BATADV_TQ_MAX_VALUE - rand_tq; | ||
2482 | diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c | ||
2483 | index 31d7e239a1fd..121e9e7d28cc 100644 | ||
2484 | --- a/net/batman-adv/sysfs.c | ||
2485 | +++ b/net/batman-adv/sysfs.c | ||
2486 | @@ -1087,7 +1087,7 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj, | ||
2487 | ret = batadv_parse_throughput(net_dev, buff, "throughput_override", | ||
2488 | &tp_override); | ||
2489 | if (!ret) | ||
2490 | - return count; | ||
2491 | + goto out; | ||
2492 | |||
2493 | old_tp_override = atomic_read(&hard_iface->bat_v.throughput_override); | ||
2494 | if (old_tp_override == tp_override) | ||
2495 | @@ -1120,6 +1120,7 @@ static ssize_t batadv_show_throughput_override(struct kobject *kobj, | ||
2496 | |||
2497 | tp_override = atomic_read(&hard_iface->bat_v.throughput_override); | ||
2498 | |||
2499 | + batadv_hardif_put(hard_iface); | ||
2500 | return sprintf(buff, "%u.%u MBit\n", tp_override / 10, | ||
2501 | tp_override % 10); | ||
2502 | } | ||
2503 | diff --git a/net/core/dev.c b/net/core/dev.c | ||
2504 | index 842654302110..1041523aaa76 100644 | ||
2505 | --- a/net/core/dev.c | ||
2506 | +++ b/net/core/dev.c | ||
2507 | @@ -6939,11 +6939,13 @@ static void netdev_sync_lower_features(struct net_device *upper, | ||
2508 | netdev_dbg(upper, "Disabling feature %pNF on lower dev %s.\n", | ||
2509 | &feature, lower->name); | ||
2510 | lower->wanted_features &= ~feature; | ||
2511 | - netdev_update_features(lower); | ||
2512 | + __netdev_update_features(lower); | ||
2513 | |||
2514 | if (unlikely(lower->features & feature)) | ||
2515 | netdev_WARN(upper, "failed to disable %pNF on %s!\n", | ||
2516 | &feature, lower->name); | ||
2517 | + else | ||
2518 | + netdev_features_change(lower); | ||
2519 | } | ||
2520 | } | ||
2521 | } | ||
2522 | diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c | ||
2523 | index ca2c9c8b9a3e..6d7ff117f379 100644 | ||
2524 | --- a/net/core/drop_monitor.c | ||
2525 | +++ b/net/core/drop_monitor.c | ||
2526 | @@ -159,6 +159,7 @@ static void sched_send_work(unsigned long _data) | ||
2527 | static void trace_drop_common(struct sk_buff *skb, void *location) | ||
2528 | { | ||
2529 | struct net_dm_alert_msg *msg; | ||
2530 | + struct net_dm_drop_point *point; | ||
2531 | struct nlmsghdr *nlh; | ||
2532 | struct nlattr *nla; | ||
2533 | int i; | ||
2534 | @@ -177,11 +178,13 @@ static void trace_drop_common(struct sk_buff *skb, void *location) | ||
2535 | nlh = (struct nlmsghdr *)dskb->data; | ||
2536 | nla = genlmsg_data(nlmsg_data(nlh)); | ||
2537 | msg = nla_data(nla); | ||
2538 | + point = msg->points; | ||
2539 | for (i = 0; i < msg->entries; i++) { | ||
2540 | - if (!memcmp(&location, msg->points[i].pc, sizeof(void *))) { | ||
2541 | - msg->points[i].count++; | ||
2542 | + if (!memcmp(&location, &point->pc, sizeof(void *))) { | ||
2543 | + point->count++; | ||
2544 | goto out; | ||
2545 | } | ||
2546 | + point++; | ||
2547 | } | ||
2548 | if (msg->entries == dm_hit_limit) | ||
2549 | goto out; | ||
2550 | @@ -190,8 +193,8 @@ static void trace_drop_common(struct sk_buff *skb, void *location) | ||
2551 | */ | ||
2552 | __nla_reserve_nohdr(dskb, sizeof(struct net_dm_drop_point)); | ||
2553 | nla->nla_len += NLA_ALIGN(sizeof(struct net_dm_drop_point)); | ||
2554 | - memcpy(msg->points[msg->entries].pc, &location, sizeof(void *)); | ||
2555 | - msg->points[msg->entries].count = 1; | ||
2556 | + memcpy(point->pc, &location, sizeof(void *)); | ||
2557 | + point->count = 1; | ||
2558 | msg->entries++; | ||
2559 | |||
2560 | if (!timer_pending(&data->send_timer)) { | ||
2561 | diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c | ||
2562 | index 2ec86fc552df..22506194bd76 100644 | ||
2563 | --- a/net/core/netprio_cgroup.c | ||
2564 | +++ b/net/core/netprio_cgroup.c | ||
2565 | @@ -237,6 +237,8 @@ static void net_prio_attach(struct cgroup_taskset *tset) | ||
2566 | struct task_struct *p; | ||
2567 | struct cgroup_subsys_state *css; | ||
2568 | |||
2569 | + cgroup_sk_alloc_disable(); | ||
2570 | + | ||
2571 | cgroup_taskset_for_each(p, css, tset) { | ||
2572 | void *v = (void *)(unsigned long)css->cgroup->id; | ||
2573 | |||
2574 | diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c | ||
2575 | index 87c513b5ff2e..9438873fc3c8 100644 | ||
2576 | --- a/net/dccp/ipv6.c | ||
2577 | +++ b/net/dccp/ipv6.c | ||
2578 | @@ -209,7 +209,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req | ||
2579 | final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final); | ||
2580 | rcu_read_unlock(); | ||
2581 | |||
2582 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2583 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2584 | if (IS_ERR(dst)) { | ||
2585 | err = PTR_ERR(dst); | ||
2586 | dst = NULL; | ||
2587 | @@ -280,7 +280,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb) | ||
2588 | security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6)); | ||
2589 | |||
2590 | /* sk = NULL, but it is safe for now. RST socket required. */ | ||
2591 | - dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); | ||
2592 | + dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL); | ||
2593 | if (!IS_ERR(dst)) { | ||
2594 | skb_dst_set(skb, dst); | ||
2595 | ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0); | ||
2596 | @@ -889,7 +889,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | ||
2597 | opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); | ||
2598 | final_p = fl6_update_dst(&fl6, opt, &final); | ||
2599 | |||
2600 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2601 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2602 | if (IS_ERR(dst)) { | ||
2603 | err = PTR_ERR(dst); | ||
2604 | goto failure; | ||
2605 | diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c | ||
2606 | index 0a6f72763beb..71409928763b 100644 | ||
2607 | --- a/net/ipv4/cipso_ipv4.c | ||
2608 | +++ b/net/ipv4/cipso_ipv4.c | ||
2609 | @@ -1272,7 +1272,8 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def, | ||
2610 | return ret_val; | ||
2611 | } | ||
2612 | |||
2613 | - secattr->flags |= NETLBL_SECATTR_MLS_CAT; | ||
2614 | + if (secattr->attr.mls.cat) | ||
2615 | + secattr->flags |= NETLBL_SECATTR_MLS_CAT; | ||
2616 | } | ||
2617 | |||
2618 | return 0; | ||
2619 | @@ -1453,7 +1454,8 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def, | ||
2620 | return ret_val; | ||
2621 | } | ||
2622 | |||
2623 | - secattr->flags |= NETLBL_SECATTR_MLS_CAT; | ||
2624 | + if (secattr->attr.mls.cat) | ||
2625 | + secattr->flags |= NETLBL_SECATTR_MLS_CAT; | ||
2626 | } | ||
2627 | |||
2628 | return 0; | ||
2629 | diff --git a/net/ipv4/route.c b/net/ipv4/route.c | ||
2630 | index b4f24eabfa54..81efd2d3998d 100644 | ||
2631 | --- a/net/ipv4/route.c | ||
2632 | +++ b/net/ipv4/route.c | ||
2633 | @@ -898,7 +898,7 @@ void ip_rt_send_redirect(struct sk_buff *skb) | ||
2634 | /* Check for load limit; set rate_last to the latest sent | ||
2635 | * redirect. | ||
2636 | */ | ||
2637 | - if (peer->rate_tokens == 0 || | ||
2638 | + if (peer->n_redirects == 0 || | ||
2639 | time_after(jiffies, | ||
2640 | (peer->rate_last + | ||
2641 | (ip_rt_redirect_load << peer->n_redirects)))) { | ||
2642 | diff --git a/net/ipv6/addrconf_core.c b/net/ipv6/addrconf_core.c | ||
2643 | index bfa941fc1165..129324b36fb6 100644 | ||
2644 | --- a/net/ipv6/addrconf_core.c | ||
2645 | +++ b/net/ipv6/addrconf_core.c | ||
2646 | @@ -107,15 +107,16 @@ int inet6addr_notifier_call_chain(unsigned long val, void *v) | ||
2647 | } | ||
2648 | EXPORT_SYMBOL(inet6addr_notifier_call_chain); | ||
2649 | |||
2650 | -static int eafnosupport_ipv6_dst_lookup(struct net *net, struct sock *u1, | ||
2651 | - struct dst_entry **u2, | ||
2652 | - struct flowi6 *u3) | ||
2653 | +static struct dst_entry *eafnosupport_ipv6_dst_lookup_flow(struct net *net, | ||
2654 | + const struct sock *sk, | ||
2655 | + struct flowi6 *fl6, | ||
2656 | + const struct in6_addr *final_dst) | ||
2657 | { | ||
2658 | - return -EAFNOSUPPORT; | ||
2659 | + return ERR_PTR(-EAFNOSUPPORT); | ||
2660 | } | ||
2661 | |||
2662 | const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) { | ||
2663 | - .ipv6_dst_lookup = eafnosupport_ipv6_dst_lookup, | ||
2664 | + .ipv6_dst_lookup_flow = eafnosupport_ipv6_dst_lookup_flow, | ||
2665 | }; | ||
2666 | EXPORT_SYMBOL_GPL(ipv6_stub); | ||
2667 | |||
2668 | diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c | ||
2669 | index 8885dbad217b..c6746aaf7fbf 100644 | ||
2670 | --- a/net/ipv6/af_inet6.c | ||
2671 | +++ b/net/ipv6/af_inet6.c | ||
2672 | @@ -702,7 +702,7 @@ int inet6_sk_rebuild_header(struct sock *sk) | ||
2673 | &final); | ||
2674 | rcu_read_unlock(); | ||
2675 | |||
2676 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2677 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2678 | if (IS_ERR(dst)) { | ||
2679 | sk->sk_route_caps = 0; | ||
2680 | sk->sk_err_soft = -PTR_ERR(dst); | ||
2681 | @@ -860,7 +860,7 @@ static struct pernet_operations inet6_net_ops = { | ||
2682 | static const struct ipv6_stub ipv6_stub_impl = { | ||
2683 | .ipv6_sock_mc_join = ipv6_sock_mc_join, | ||
2684 | .ipv6_sock_mc_drop = ipv6_sock_mc_drop, | ||
2685 | - .ipv6_dst_lookup = ip6_dst_lookup, | ||
2686 | + .ipv6_dst_lookup_flow = ip6_dst_lookup_flow, | ||
2687 | .udpv6_encap_enable = udpv6_encap_enable, | ||
2688 | .ndisc_send_na = ndisc_send_na, | ||
2689 | .nd_tbl = &nd_tbl, | ||
2690 | diff --git a/net/ipv6/calipso.c b/net/ipv6/calipso.c | ||
2691 | index 9742abf5ac26..b206415bbde7 100644 | ||
2692 | --- a/net/ipv6/calipso.c | ||
2693 | +++ b/net/ipv6/calipso.c | ||
2694 | @@ -1061,7 +1061,8 @@ static int calipso_opt_getattr(const unsigned char *calipso, | ||
2695 | goto getattr_return; | ||
2696 | } | ||
2697 | |||
2698 | - secattr->flags |= NETLBL_SECATTR_MLS_CAT; | ||
2699 | + if (secattr->attr.mls.cat) | ||
2700 | + secattr->flags |= NETLBL_SECATTR_MLS_CAT; | ||
2701 | } | ||
2702 | |||
2703 | secattr->type = NETLBL_NLTYPE_CALIPSO; | ||
2704 | diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c | ||
2705 | index 956af11e9ba3..58929622de0e 100644 | ||
2706 | --- a/net/ipv6/datagram.c | ||
2707 | +++ b/net/ipv6/datagram.c | ||
2708 | @@ -87,7 +87,7 @@ int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr) | ||
2709 | final_p = fl6_update_dst(&fl6, opt, &final); | ||
2710 | rcu_read_unlock(); | ||
2711 | |||
2712 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2713 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2714 | if (IS_ERR(dst)) { | ||
2715 | err = PTR_ERR(dst); | ||
2716 | goto out; | ||
2717 | diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c | ||
2718 | index 798a0950e9a6..b760ccec44d3 100644 | ||
2719 | --- a/net/ipv6/inet6_connection_sock.c | ||
2720 | +++ b/net/ipv6/inet6_connection_sock.c | ||
2721 | @@ -90,7 +90,7 @@ struct dst_entry *inet6_csk_route_req(const struct sock *sk, | ||
2722 | fl6->fl6_sport = htons(ireq->ir_num); | ||
2723 | security_req_classify_flow(req, flowi6_to_flowi(fl6)); | ||
2724 | |||
2725 | - dst = ip6_dst_lookup_flow(sk, fl6, final_p); | ||
2726 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p); | ||
2727 | if (IS_ERR(dst)) | ||
2728 | return NULL; | ||
2729 | |||
2730 | @@ -144,7 +144,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk, | ||
2731 | |||
2732 | dst = __inet6_csk_dst_check(sk, np->dst_cookie); | ||
2733 | if (!dst) { | ||
2734 | - dst = ip6_dst_lookup_flow(sk, fl6, final_p); | ||
2735 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p); | ||
2736 | |||
2737 | if (!IS_ERR(dst)) | ||
2738 | ip6_dst_store(sk, dst, NULL, NULL); | ||
2739 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c | ||
2740 | index 11407dd6bc7c..d93a98dfe52d 100644 | ||
2741 | --- a/net/ipv6/ip6_output.c | ||
2742 | +++ b/net/ipv6/ip6_output.c | ||
2743 | @@ -1075,19 +1075,19 @@ EXPORT_SYMBOL_GPL(ip6_dst_lookup); | ||
2744 | * It returns a valid dst pointer on success, or a pointer encoded | ||
2745 | * error code. | ||
2746 | */ | ||
2747 | -struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6, | ||
2748 | +struct dst_entry *ip6_dst_lookup_flow(struct net *net, const struct sock *sk, struct flowi6 *fl6, | ||
2749 | const struct in6_addr *final_dst) | ||
2750 | { | ||
2751 | struct dst_entry *dst = NULL; | ||
2752 | int err; | ||
2753 | |||
2754 | - err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6); | ||
2755 | + err = ip6_dst_lookup_tail(net, sk, &dst, fl6); | ||
2756 | if (err) | ||
2757 | return ERR_PTR(err); | ||
2758 | if (final_dst) | ||
2759 | fl6->daddr = *final_dst; | ||
2760 | |||
2761 | - return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0); | ||
2762 | + return xfrm_lookup_route(net, dst, flowi6_to_flowi(fl6), sk, 0); | ||
2763 | } | ||
2764 | EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow); | ||
2765 | |||
2766 | @@ -1112,7 +1112,7 @@ struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6, | ||
2767 | |||
2768 | dst = ip6_sk_dst_check(sk, dst, fl6); | ||
2769 | if (!dst) | ||
2770 | - dst = ip6_dst_lookup_flow(sk, fl6, final_dst); | ||
2771 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_dst); | ||
2772 | |||
2773 | return dst; | ||
2774 | } | ||
2775 | diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c | ||
2776 | index 301978df650e..47acd20d4e1f 100644 | ||
2777 | --- a/net/ipv6/raw.c | ||
2778 | +++ b/net/ipv6/raw.c | ||
2779 | @@ -920,7 +920,7 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) | ||
2780 | |||
2781 | fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); | ||
2782 | |||
2783 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2784 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2785 | if (IS_ERR(dst)) { | ||
2786 | err = PTR_ERR(dst); | ||
2787 | goto out; | ||
2788 | diff --git a/net/ipv6/route.c b/net/ipv6/route.c | ||
2789 | index 2c4743f2d50e..03d1a61b4729 100644 | ||
2790 | --- a/net/ipv6/route.c | ||
2791 | +++ b/net/ipv6/route.c | ||
2792 | @@ -1373,8 +1373,10 @@ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk, | ||
2793 | { | ||
2794 | struct rt6_info *rt6 = (struct rt6_info *)dst; | ||
2795 | |||
2796 | - if (dst_metric_locked(dst, RTAX_MTU)) | ||
2797 | - return; | ||
2798 | + /* Note: do *NOT* check dst_metric_locked(dst, RTAX_MTU) | ||
2799 | + * IPv6 pmtu discovery isn't optional, so 'mtu lock' cannot disable it. | ||
2800 | + * [see also comment in rt6_mtu_change_route()] | ||
2801 | + */ | ||
2802 | |||
2803 | dst_confirm(dst); | ||
2804 | mtu = max_t(u32, mtu, IPV6_MIN_MTU); | ||
2805 | diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c | ||
2806 | index 7a86433d8896..4834015b27f4 100644 | ||
2807 | --- a/net/ipv6/syncookies.c | ||
2808 | +++ b/net/ipv6/syncookies.c | ||
2809 | @@ -230,7 +230,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | ||
2810 | fl6.fl6_sport = inet_sk(sk)->inet_sport; | ||
2811 | security_req_classify_flow(req, flowi6_to_flowi(&fl6)); | ||
2812 | |||
2813 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2814 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2815 | if (IS_ERR(dst)) | ||
2816 | goto out_free; | ||
2817 | } | ||
2818 | diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c | ||
2819 | index 4953466cf98f..7b336b7803ff 100644 | ||
2820 | --- a/net/ipv6/tcp_ipv6.c | ||
2821 | +++ b/net/ipv6/tcp_ipv6.c | ||
2822 | @@ -244,7 +244,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, | ||
2823 | |||
2824 | security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); | ||
2825 | |||
2826 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2827 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2828 | if (IS_ERR(dst)) { | ||
2829 | err = PTR_ERR(dst); | ||
2830 | goto failure; | ||
2831 | @@ -841,7 +841,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 | ||
2832 | * Underlying function will use this to retrieve the network | ||
2833 | * namespace | ||
2834 | */ | ||
2835 | - dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL); | ||
2836 | + dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL); | ||
2837 | if (!IS_ERR(dst)) { | ||
2838 | skb_dst_set(buff, dst); | ||
2839 | ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass); | ||
2840 | diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c | ||
2841 | index 423cb095ad37..28274f397c55 100644 | ||
2842 | --- a/net/l2tp/l2tp_ip6.c | ||
2843 | +++ b/net/l2tp/l2tp_ip6.c | ||
2844 | @@ -620,7 +620,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) | ||
2845 | |||
2846 | fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); | ||
2847 | |||
2848 | - dst = ip6_dst_lookup_flow(sk, &fl6, final_p); | ||
2849 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); | ||
2850 | if (IS_ERR(dst)) { | ||
2851 | err = PTR_ERR(dst); | ||
2852 | goto out; | ||
2853 | diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c | ||
2854 | index ffab94d61e1d..eab9c1d70856 100644 | ||
2855 | --- a/net/mpls/af_mpls.c | ||
2856 | +++ b/net/mpls/af_mpls.c | ||
2857 | @@ -497,16 +497,15 @@ static struct net_device *inet6_fib_lookup_dev(struct net *net, | ||
2858 | struct net_device *dev; | ||
2859 | struct dst_entry *dst; | ||
2860 | struct flowi6 fl6; | ||
2861 | - int err; | ||
2862 | |||
2863 | if (!ipv6_stub) | ||
2864 | return ERR_PTR(-EAFNOSUPPORT); | ||
2865 | |||
2866 | memset(&fl6, 0, sizeof(fl6)); | ||
2867 | memcpy(&fl6.daddr, addr, sizeof(struct in6_addr)); | ||
2868 | - err = ipv6_stub->ipv6_dst_lookup(net, NULL, &dst, &fl6); | ||
2869 | - if (err) | ||
2870 | - return ERR_PTR(err); | ||
2871 | + dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL); | ||
2872 | + if (IS_ERR(dst)) | ||
2873 | + return ERR_CAST(dst); | ||
2874 | |||
2875 | dev = dst->dev; | ||
2876 | dev_hold(dev); | ||
2877 | diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c | ||
2878 | index 1bdae8f188e1..d507d0fc7858 100644 | ||
2879 | --- a/net/netfilter/nf_conntrack_core.c | ||
2880 | +++ b/net/netfilter/nf_conntrack_core.c | ||
2881 | @@ -1124,9 +1124,9 @@ __nf_conntrack_alloc(struct net *net, | ||
2882 | *(unsigned long *)(&ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev) = hash; | ||
2883 | ct->status = 0; | ||
2884 | write_pnet(&ct->ct_net, net); | ||
2885 | - memset(&ct->__nfct_init_offset[0], 0, | ||
2886 | + memset(&ct->__nfct_init_offset, 0, | ||
2887 | offsetof(struct nf_conn, proto) - | ||
2888 | - offsetof(struct nf_conn, __nfct_init_offset[0])); | ||
2889 | + offsetof(struct nf_conn, __nfct_init_offset)); | ||
2890 | |||
2891 | nf_ct_zone_add(ct, zone); | ||
2892 | |||
2893 | diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c | ||
2894 | index cb9d1d1210cb..d0cfdff04993 100644 | ||
2895 | --- a/net/netlabel/netlabel_kapi.c | ||
2896 | +++ b/net/netlabel/netlabel_kapi.c | ||
2897 | @@ -748,6 +748,12 @@ int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap, | ||
2898 | if ((off & (BITS_PER_LONG - 1)) != 0) | ||
2899 | return -EINVAL; | ||
2900 | |||
2901 | + /* a null catmap is equivalent to an empty one */ | ||
2902 | + if (!catmap) { | ||
2903 | + *offset = (u32)-1; | ||
2904 | + return 0; | ||
2905 | + } | ||
2906 | + | ||
2907 | if (off < catmap->startbit) { | ||
2908 | off = catmap->startbit; | ||
2909 | *offset = off; | ||
2910 | diff --git a/net/sched/sch_choke.c b/net/sched/sch_choke.c | ||
2911 | index 6125c17cffaf..d13e1de0b3a2 100644 | ||
2912 | --- a/net/sched/sch_choke.c | ||
2913 | +++ b/net/sched/sch_choke.c | ||
2914 | @@ -382,7 +382,8 @@ static void choke_reset(struct Qdisc *sch) | ||
2915 | |||
2916 | sch->q.qlen = 0; | ||
2917 | sch->qstats.backlog = 0; | ||
2918 | - memset(q->tab, 0, (q->tab_mask + 1) * sizeof(struct sk_buff *)); | ||
2919 | + if (q->tab) | ||
2920 | + memset(q->tab, 0, (q->tab_mask + 1) * sizeof(struct sk_buff *)); | ||
2921 | q->head = q->tail = 0; | ||
2922 | red_restart(&q->vars); | ||
2923 | } | ||
2924 | diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c | ||
2925 | index 29b7465c9d8a..4f05956b9216 100644 | ||
2926 | --- a/net/sched/sch_fq_codel.c | ||
2927 | +++ b/net/sched/sch_fq_codel.c | ||
2928 | @@ -428,7 +428,7 @@ static int fq_codel_change(struct Qdisc *sch, struct nlattr *opt) | ||
2929 | q->quantum = max(256U, nla_get_u32(tb[TCA_FQ_CODEL_QUANTUM])); | ||
2930 | |||
2931 | if (tb[TCA_FQ_CODEL_DROP_BATCH_SIZE]) | ||
2932 | - q->drop_batch_size = min(1U, nla_get_u32(tb[TCA_FQ_CODEL_DROP_BATCH_SIZE])); | ||
2933 | + q->drop_batch_size = max(1U, nla_get_u32(tb[TCA_FQ_CODEL_DROP_BATCH_SIZE])); | ||
2934 | |||
2935 | if (tb[TCA_FQ_CODEL_MEMORY_LIMIT]) | ||
2936 | q->memory_limit = min(1U << 31, nla_get_u32(tb[TCA_FQ_CODEL_MEMORY_LIMIT])); | ||
2937 | diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c | ||
2938 | index a8d82cb7f073..633e237a406c 100644 | ||
2939 | --- a/net/sched/sch_sfq.c | ||
2940 | +++ b/net/sched/sch_sfq.c | ||
2941 | @@ -635,6 +635,15 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt) | ||
2942 | if (ctl->divisor && | ||
2943 | (!is_power_of_2(ctl->divisor) || ctl->divisor > 65536)) | ||
2944 | return -EINVAL; | ||
2945 | + | ||
2946 | + /* slot->allot is a short, make sure quantum is not too big. */ | ||
2947 | + if (ctl->quantum) { | ||
2948 | + unsigned int scaled = SFQ_ALLOT_SIZE(ctl->quantum); | ||
2949 | + | ||
2950 | + if (scaled <= 0 || scaled > SHRT_MAX) | ||
2951 | + return -EINVAL; | ||
2952 | + } | ||
2953 | + | ||
2954 | if (ctl_v1 && !red_check_params(ctl_v1->qth_min, ctl_v1->qth_max, | ||
2955 | ctl_v1->Wlog)) | ||
2956 | return -EINVAL; | ||
2957 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c | ||
2958 | index 34ab7f92f064..50bc8c4ca906 100644 | ||
2959 | --- a/net/sctp/ipv6.c | ||
2960 | +++ b/net/sctp/ipv6.c | ||
2961 | @@ -269,7 +269,7 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, | ||
2962 | final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final); | ||
2963 | rcu_read_unlock(); | ||
2964 | |||
2965 | - dst = ip6_dst_lookup_flow(sk, fl6, final_p); | ||
2966 | + dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p); | ||
2967 | if (!asoc || saddr) { | ||
2968 | t->dst = dst; | ||
2969 | memcpy(fl, &_fl, sizeof(_fl)); | ||
2970 | @@ -327,7 +327,7 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, | ||
2971 | fl6->saddr = laddr->a.v6.sin6_addr; | ||
2972 | fl6->fl6_sport = laddr->a.v6.sin6_port; | ||
2973 | final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final); | ||
2974 | - bdst = ip6_dst_lookup_flow(sk, fl6, final_p); | ||
2975 | + bdst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p); | ||
2976 | |||
2977 | if (IS_ERR(bdst)) | ||
2978 | continue; | ||
2979 | diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c | ||
2980 | index 05033ab05b8f..c6ff3de1de37 100644 | ||
2981 | --- a/net/tipc/udp_media.c | ||
2982 | +++ b/net/tipc/udp_media.c | ||
2983 | @@ -187,10 +187,13 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb, | ||
2984 | .saddr = src->ipv6, | ||
2985 | .flowi6_proto = IPPROTO_UDP | ||
2986 | }; | ||
2987 | - err = ipv6_stub->ipv6_dst_lookup(net, ub->ubsock->sk, &ndst, | ||
2988 | - &fl6); | ||
2989 | - if (err) | ||
2990 | + ndst = ipv6_stub->ipv6_dst_lookup_flow(net, | ||
2991 | + ub->ubsock->sk, | ||
2992 | + &fl6, NULL); | ||
2993 | + if (IS_ERR(ndst)) { | ||
2994 | + err = PTR_ERR(ndst); | ||
2995 | goto tx_error; | ||
2996 | + } | ||
2997 | ttl = ip6_dst_hoplimit(ndst); | ||
2998 | err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb, NULL, | ||
2999 | &src->ipv6, &dst->ipv6, 0, ttl, 0, | ||
3000 | diff --git a/scripts/decodecode b/scripts/decodecode | ||
3001 | index d8824f37acce..aae7a035242b 100755 | ||
3002 | --- a/scripts/decodecode | ||
3003 | +++ b/scripts/decodecode | ||
3004 | @@ -98,7 +98,7 @@ faultlinenum=$(( $(wc -l $T.oo | cut -d" " -f1) - \ | ||
3005 | faultline=`cat $T.dis | head -1 | cut -d":" -f2-` | ||
3006 | faultline=`echo "$faultline" | sed -e 's/\[/\\\[/g; s/\]/\\\]/g'` | ||
3007 | |||
3008 | -cat $T.oo | sed -e "${faultlinenum}s/^\(.*:\)\(.*\)/\1\*\2\t\t<-- trapping instruction/" | ||
3009 | +cat $T.oo | sed -e "${faultlinenum}s/^\([^:]*:\)\(.*\)/\1\*\2\t\t<-- trapping instruction/" | ||
3010 | echo | ||
3011 | cat $T.aa | ||
3012 | cleanup | ||
3013 | diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c | ||
3014 | index c8b2309352d7..481c1ad1db57 100644 | ||
3015 | --- a/sound/core/rawmidi.c | ||
3016 | +++ b/sound/core/rawmidi.c | ||
3017 | @@ -108,6 +108,17 @@ static void snd_rawmidi_input_event_work(struct work_struct *work) | ||
3018 | runtime->event(runtime->substream); | ||
3019 | } | ||
3020 | |||
3021 | +/* buffer refcount management: call with runtime->lock held */ | ||
3022 | +static inline void snd_rawmidi_buffer_ref(struct snd_rawmidi_runtime *runtime) | ||
3023 | +{ | ||
3024 | + runtime->buffer_ref++; | ||
3025 | +} | ||
3026 | + | ||
3027 | +static inline void snd_rawmidi_buffer_unref(struct snd_rawmidi_runtime *runtime) | ||
3028 | +{ | ||
3029 | + runtime->buffer_ref--; | ||
3030 | +} | ||
3031 | + | ||
3032 | static int snd_rawmidi_runtime_create(struct snd_rawmidi_substream *substream) | ||
3033 | { | ||
3034 | struct snd_rawmidi_runtime *runtime; | ||
3035 | @@ -125,7 +136,7 @@ static int snd_rawmidi_runtime_create(struct snd_rawmidi_substream *substream) | ||
3036 | runtime->avail = 0; | ||
3037 | else | ||
3038 | runtime->avail = runtime->buffer_size; | ||
3039 | - if ((runtime->buffer = kmalloc(runtime->buffer_size, GFP_KERNEL)) == NULL) { | ||
3040 | + if ((runtime->buffer = kzalloc(runtime->buffer_size, GFP_KERNEL)) == NULL) { | ||
3041 | kfree(runtime); | ||
3042 | return -ENOMEM; | ||
3043 | } | ||
3044 | @@ -650,10 +661,15 @@ int snd_rawmidi_output_params(struct snd_rawmidi_substream *substream, | ||
3045 | return -EINVAL; | ||
3046 | } | ||
3047 | if (params->buffer_size != runtime->buffer_size) { | ||
3048 | - newbuf = kmalloc(params->buffer_size, GFP_KERNEL); | ||
3049 | + newbuf = kzalloc(params->buffer_size, GFP_KERNEL); | ||
3050 | if (!newbuf) | ||
3051 | return -ENOMEM; | ||
3052 | spin_lock_irq(&runtime->lock); | ||
3053 | + if (runtime->buffer_ref) { | ||
3054 | + spin_unlock_irq(&runtime->lock); | ||
3055 | + kfree(newbuf); | ||
3056 | + return -EBUSY; | ||
3057 | + } | ||
3058 | oldbuf = runtime->buffer; | ||
3059 | runtime->buffer = newbuf; | ||
3060 | runtime->buffer_size = params->buffer_size; | ||
3061 | @@ -962,8 +978,10 @@ static long snd_rawmidi_kernel_read1(struct snd_rawmidi_substream *substream, | ||
3062 | long result = 0, count1; | ||
3063 | struct snd_rawmidi_runtime *runtime = substream->runtime; | ||
3064 | unsigned long appl_ptr; | ||
3065 | + int err = 0; | ||
3066 | |||
3067 | spin_lock_irqsave(&runtime->lock, flags); | ||
3068 | + snd_rawmidi_buffer_ref(runtime); | ||
3069 | while (count > 0 && runtime->avail) { | ||
3070 | count1 = runtime->buffer_size - runtime->appl_ptr; | ||
3071 | if (count1 > count) | ||
3072 | @@ -982,16 +1000,19 @@ static long snd_rawmidi_kernel_read1(struct snd_rawmidi_substream *substream, | ||
3073 | if (userbuf) { | ||
3074 | spin_unlock_irqrestore(&runtime->lock, flags); | ||
3075 | if (copy_to_user(userbuf + result, | ||
3076 | - runtime->buffer + appl_ptr, count1)) { | ||
3077 | - return result > 0 ? result : -EFAULT; | ||
3078 | - } | ||
3079 | + runtime->buffer + appl_ptr, count1)) | ||
3080 | + err = -EFAULT; | ||
3081 | spin_lock_irqsave(&runtime->lock, flags); | ||
3082 | + if (err) | ||
3083 | + goto out; | ||
3084 | } | ||
3085 | result += count1; | ||
3086 | count -= count1; | ||
3087 | } | ||
3088 | + out: | ||
3089 | + snd_rawmidi_buffer_unref(runtime); | ||
3090 | spin_unlock_irqrestore(&runtime->lock, flags); | ||
3091 | - return result; | ||
3092 | + return result > 0 ? result : err; | ||
3093 | } | ||
3094 | |||
3095 | long snd_rawmidi_kernel_read(struct snd_rawmidi_substream *substream, | ||
3096 | @@ -1262,6 +1283,7 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream, | ||
3097 | return -EAGAIN; | ||
3098 | } | ||
3099 | } | ||
3100 | + snd_rawmidi_buffer_ref(runtime); | ||
3101 | while (count > 0 && runtime->avail > 0) { | ||
3102 | count1 = runtime->buffer_size - runtime->appl_ptr; | ||
3103 | if (count1 > count) | ||
3104 | @@ -1293,6 +1315,7 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream, | ||
3105 | } | ||
3106 | __end: | ||
3107 | count1 = runtime->avail < runtime->buffer_size; | ||
3108 | + snd_rawmidi_buffer_unref(runtime); | ||
3109 | spin_unlock_irqrestore(&runtime->lock, flags); | ||
3110 | if (count1) | ||
3111 | snd_rawmidi_output_trigger(substream, 1); | ||
3112 | diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c | ||
3113 | index e19f447e27ae..a866a20349c3 100644 | ||
3114 | --- a/sound/pci/hda/patch_hdmi.c | ||
3115 | +++ b/sound/pci/hda/patch_hdmi.c | ||
3116 | @@ -2044,7 +2044,9 @@ static int generic_hdmi_build_controls(struct hda_codec *codec) | ||
3117 | |||
3118 | for (pin_idx = 0; pin_idx < spec->num_pins; pin_idx++) { | ||
3119 | struct hdmi_spec_per_pin *per_pin = get_pin(spec, pin_idx); | ||
3120 | + struct hdmi_eld *pin_eld = &per_pin->sink_eld; | ||
3121 | |||
3122 | + pin_eld->eld_valid = false; | ||
3123 | hdmi_present_sense(per_pin, 0); | ||
3124 | } | ||
3125 | |||
3126 | diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c | ||
3127 | index 000b59d474ab..df6d0211df51 100644 | ||
3128 | --- a/sound/pci/hda/patch_realtek.c | ||
3129 | +++ b/sound/pci/hda/patch_realtek.c | ||
3130 | @@ -4212,8 +4212,6 @@ static void alc_determine_headset_type(struct hda_codec *codec) | ||
3131 | is_ctia = (val & 0x1c02) == 0x1c02; | ||
3132 | break; | ||
3133 | case 0x10ec0225: | ||
3134 | - codec->power_save_node = 1; | ||
3135 | - /* fall through */ | ||
3136 | case 0x10ec0295: | ||
3137 | case 0x10ec0299: | ||
3138 | alc_process_coef_fw(codec, coef0225); | ||
3139 | @@ -4890,6 +4888,7 @@ enum { | ||
3140 | ALC269_FIXUP_HP_LINE1_MIC1_LED, | ||
3141 | ALC269_FIXUP_INV_DMIC, | ||
3142 | ALC269_FIXUP_LENOVO_DOCK, | ||
3143 | + ALC269_FIXUP_LENOVO_DOCK_LIMIT_BOOST, | ||
3144 | ALC269_FIXUP_NO_SHUTUP, | ||
3145 | ALC286_FIXUP_SONY_MIC_NO_PRESENCE, | ||
3146 | ALC269_FIXUP_PINCFG_NO_HP_TO_LINEOUT, | ||
3147 | @@ -5157,6 +5156,12 @@ static const struct hda_fixup alc269_fixups[] = { | ||
3148 | .chained = true, | ||
3149 | .chain_id = ALC269_FIXUP_PINCFG_NO_HP_TO_LINEOUT | ||
3150 | }, | ||
3151 | + [ALC269_FIXUP_LENOVO_DOCK_LIMIT_BOOST] = { | ||
3152 | + .type = HDA_FIXUP_FUNC, | ||
3153 | + .v.func = alc269_fixup_limit_int_mic_boost, | ||
3154 | + .chained = true, | ||
3155 | + .chain_id = ALC269_FIXUP_LENOVO_DOCK, | ||
3156 | + }, | ||
3157 | [ALC269_FIXUP_PINCFG_NO_HP_TO_LINEOUT] = { | ||
3158 | .type = HDA_FIXUP_FUNC, | ||
3159 | .v.func = alc269_fixup_pincfg_no_hp_to_lineout, | ||
3160 | @@ -5820,7 +5825,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { | ||
3161 | SND_PCI_QUIRK(0x17aa, 0x21b8, "Thinkpad Edge 14", ALC269_FIXUP_SKU_IGNORE), | ||
3162 | SND_PCI_QUIRK(0x17aa, 0x21ca, "Thinkpad L412", ALC269_FIXUP_SKU_IGNORE), | ||
3163 | SND_PCI_QUIRK(0x17aa, 0x21e9, "Thinkpad Edge 15", ALC269_FIXUP_SKU_IGNORE), | ||
3164 | - SND_PCI_QUIRK(0x17aa, 0x21f6, "Thinkpad T530", ALC269_FIXUP_LENOVO_DOCK), | ||
3165 | + SND_PCI_QUIRK(0x17aa, 0x21f6, "Thinkpad T530", ALC269_FIXUP_LENOVO_DOCK_LIMIT_BOOST), | ||
3166 | SND_PCI_QUIRK(0x17aa, 0x21fa, "Thinkpad X230", ALC269_FIXUP_LENOVO_DOCK), | ||
3167 | SND_PCI_QUIRK(0x17aa, 0x21f3, "Thinkpad T430", ALC269_FIXUP_LENOVO_DOCK), | ||
3168 | SND_PCI_QUIRK(0x17aa, 0x21fb, "Thinkpad T430s", ALC269_FIXUP_LENOVO_DOCK), | ||
3169 | @@ -5945,6 +5950,7 @@ static const struct hda_model_fixup alc269_fixup_models[] = { | ||
3170 | {.id = ALC269_FIXUP_HEADSET_MODE, .name = "headset-mode"}, | ||
3171 | {.id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC, .name = "headset-mode-no-hp-mic"}, | ||
3172 | {.id = ALC269_FIXUP_LENOVO_DOCK, .name = "lenovo-dock"}, | ||
3173 | + {.id = ALC269_FIXUP_LENOVO_DOCK_LIMIT_BOOST, .name = "lenovo-dock-limit-boost"}, | ||
3174 | {.id = ALC269_FIXUP_HP_GPIO_LED, .name = "hp-gpio-led"}, | ||
3175 | {.id = ALC269_FIXUP_HP_DOCK_GPIO_MIC1_LED, .name = "hp-dock-gpio-mic1-led"}, | ||
3176 | {.id = ALC269_FIXUP_DELL1_MIC_NO_PRESENCE, .name = "dell-headset-multi"}, | ||
3177 | diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c | ||
3178 | index 064f3485a977..0484a8d8a5bb 100644 | ||
3179 | --- a/sound/usb/quirks.c | ||
3180 | +++ b/sound/usb/quirks.c | ||
3181 | @@ -1316,13 +1316,14 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe, | ||
3182 | && (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) | ||
3183 | mdelay(20); | ||
3184 | |||
3185 | - /* Zoom R16/24, Logitech H650e, Jabra 550a needs a tiny delay here, | ||
3186 | - * otherwise requests like get/set frequency return as failed despite | ||
3187 | - * actually succeeding. | ||
3188 | + /* Zoom R16/24, Logitech H650e, Jabra 550a, Kingston HyperX needs a tiny | ||
3189 | + * delay here, otherwise requests like get/set frequency return as | ||
3190 | + * failed despite actually succeeding. | ||
3191 | */ | ||
3192 | if ((chip->usb_id == USB_ID(0x1686, 0x00dd) || | ||
3193 | chip->usb_id == USB_ID(0x046d, 0x0a46) || | ||
3194 | - chip->usb_id == USB_ID(0x0b0e, 0x0349)) && | ||
3195 | + chip->usb_id == USB_ID(0x0b0e, 0x0349) || | ||
3196 | + chip->usb_id == USB_ID(0x0951, 0x16ad)) && | ||
3197 | (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) | ||
3198 | mdelay(1); | ||
3199 | } | ||
3200 | diff --git a/tools/objtool/check.c b/tools/objtool/check.c | ||
3201 | index 360845926f66..b0b8ba9b800c 100644 | ||
3202 | --- a/tools/objtool/check.c | ||
3203 | +++ b/tools/objtool/check.c | ||
3204 | @@ -1264,7 +1264,7 @@ static int update_insn_state_regs(struct instruction *insn, struct insn_state *s | ||
3205 | struct cfi_reg *cfa = &state->cfa; | ||
3206 | struct stack_op *op = &insn->stack_op; | ||
3207 | |||
3208 | - if (cfa->base != CFI_SP) | ||
3209 | + if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) | ||
3210 | return 0; | ||
3211 | |||
3212 | /* push */ |