Annotation of /trunk/kernel-alx-legacy/patches-4.9/0383-4.9.284-all-fixes.patch
Parent Directory | Revision Log
Revision 3685 -
(hide annotations)
(download)
Mon Oct 24 14:08:00 2022 UTC (19 months, 1 week ago) by niro
File size: 25304 byte(s)
Mon Oct 24 14:08:00 2022 UTC (19 months, 1 week ago) by niro
File size: 25304 byte(s)
-linux-4.9.284
1 | niro | 3685 | diff --git a/Makefile b/Makefile |
2 | index ef029a28bb53c..9605f840f94b8 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,6 +1,6 @@ | ||
6 | VERSION = 4 | ||
7 | PATCHLEVEL = 9 | ||
8 | -SUBLEVEL = 283 | ||
9 | +SUBLEVEL = 284 | ||
10 | EXTRAVERSION = | ||
11 | NAME = Roaring Lionus | ||
12 | |||
13 | diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c | ||
14 | index 53bb9700cf411..3d88c56d30f91 100644 | ||
15 | --- a/arch/s390/net/bpf_jit_comp.c | ||
16 | +++ b/arch/s390/net/bpf_jit_comp.c | ||
17 | @@ -591,10 +591,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
18 | EMIT4(0xb9080000, dst_reg, src_reg); | ||
19 | break; | ||
20 | case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */ | ||
21 | - if (!imm) | ||
22 | - break; | ||
23 | - /* alfi %dst,imm */ | ||
24 | - EMIT6_IMM(0xc20b0000, dst_reg, imm); | ||
25 | + if (imm != 0) { | ||
26 | + /* alfi %dst,imm */ | ||
27 | + EMIT6_IMM(0xc20b0000, dst_reg, imm); | ||
28 | + } | ||
29 | EMIT_ZERO(dst_reg); | ||
30 | break; | ||
31 | case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */ | ||
32 | @@ -616,10 +616,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
33 | EMIT4(0xb9090000, dst_reg, src_reg); | ||
34 | break; | ||
35 | case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */ | ||
36 | - if (!imm) | ||
37 | - break; | ||
38 | - /* alfi %dst,-imm */ | ||
39 | - EMIT6_IMM(0xc20b0000, dst_reg, -imm); | ||
40 | + if (imm != 0) { | ||
41 | + /* alfi %dst,-imm */ | ||
42 | + EMIT6_IMM(0xc20b0000, dst_reg, -imm); | ||
43 | + } | ||
44 | EMIT_ZERO(dst_reg); | ||
45 | break; | ||
46 | case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ | ||
47 | @@ -646,10 +646,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
48 | EMIT4(0xb90c0000, dst_reg, src_reg); | ||
49 | break; | ||
50 | case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */ | ||
51 | - if (imm == 1) | ||
52 | - break; | ||
53 | - /* msfi %r5,imm */ | ||
54 | - EMIT6_IMM(0xc2010000, dst_reg, imm); | ||
55 | + if (imm != 1) { | ||
56 | + /* msfi %r5,imm */ | ||
57 | + EMIT6_IMM(0xc2010000, dst_reg, imm); | ||
58 | + } | ||
59 | EMIT_ZERO(dst_reg); | ||
60 | break; | ||
61 | case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */ | ||
62 | @@ -710,6 +710,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
63 | if (BPF_OP(insn->code) == BPF_MOD) | ||
64 | /* lhgi %dst,0 */ | ||
65 | EMIT4_IMM(0xa7090000, dst_reg, 0); | ||
66 | + else | ||
67 | + EMIT_ZERO(dst_reg); | ||
68 | break; | ||
69 | } | ||
70 | /* lhi %w0,0 */ | ||
71 | @@ -802,10 +804,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
72 | EMIT4(0xb9820000, dst_reg, src_reg); | ||
73 | break; | ||
74 | case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */ | ||
75 | - if (!imm) | ||
76 | - break; | ||
77 | - /* xilf %dst,imm */ | ||
78 | - EMIT6_IMM(0xc0070000, dst_reg, imm); | ||
79 | + if (imm != 0) { | ||
80 | + /* xilf %dst,imm */ | ||
81 | + EMIT6_IMM(0xc0070000, dst_reg, imm); | ||
82 | + } | ||
83 | EMIT_ZERO(dst_reg); | ||
84 | break; | ||
85 | case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */ | ||
86 | @@ -826,10 +828,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
87 | EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0); | ||
88 | break; | ||
89 | case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */ | ||
90 | - if (imm == 0) | ||
91 | - break; | ||
92 | - /* sll %dst,imm(%r0) */ | ||
93 | - EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); | ||
94 | + if (imm != 0) { | ||
95 | + /* sll %dst,imm(%r0) */ | ||
96 | + EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); | ||
97 | + } | ||
98 | EMIT_ZERO(dst_reg); | ||
99 | break; | ||
100 | case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */ | ||
101 | @@ -851,10 +853,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i | ||
102 | EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0); | ||
103 | break; | ||
104 | case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */ | ||
105 | - if (imm == 0) | ||
106 | - break; | ||
107 | - /* srl %dst,imm(%r0) */ | ||
108 | - EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); | ||
109 | + if (imm != 0) { | ||
110 | + /* srl %dst,imm(%r0) */ | ||
111 | + EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); | ||
112 | + } | ||
113 | EMIT_ZERO(dst_reg); | ||
114 | break; | ||
115 | case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */ | ||
116 | diff --git a/block/blk-throttle.c b/block/blk-throttle.c | ||
117 | index 3a4c9a3c1427f..6435dc25be0aa 100644 | ||
118 | --- a/block/blk-throttle.c | ||
119 | +++ b/block/blk-throttle.c | ||
120 | @@ -1584,6 +1584,7 @@ int blk_throtl_init(struct request_queue *q) | ||
121 | void blk_throtl_exit(struct request_queue *q) | ||
122 | { | ||
123 | BUG_ON(!q->td); | ||
124 | + del_timer_sync(&q->td->service_queue.pending_timer); | ||
125 | throtl_shutdown_wq(q); | ||
126 | blkcg_deactivate_policy(q, &blkcg_policy_throtl); | ||
127 | kfree(q->td); | ||
128 | diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c | ||
129 | index ee63ccaea8d57..8c05e7a5e777b 100644 | ||
130 | --- a/drivers/base/power/wakeirq.c | ||
131 | +++ b/drivers/base/power/wakeirq.c | ||
132 | @@ -320,7 +320,8 @@ void dev_pm_arm_wake_irq(struct wake_irq *wirq) | ||
133 | return; | ||
134 | |||
135 | if (device_may_wakeup(wirq->dev)) { | ||
136 | - if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED) | ||
137 | + if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && | ||
138 | + !pm_runtime_status_suspended(wirq->dev)) | ||
139 | enable_irq(wirq->irq); | ||
140 | |||
141 | enable_irq_wake(wirq->irq); | ||
142 | @@ -342,7 +343,8 @@ void dev_pm_disarm_wake_irq(struct wake_irq *wirq) | ||
143 | if (device_may_wakeup(wirq->dev)) { | ||
144 | disable_irq_wake(wirq->irq); | ||
145 | |||
146 | - if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED) | ||
147 | + if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && | ||
148 | + !pm_runtime_status_suspended(wirq->dev)) | ||
149 | disable_irq_nosync(wirq->irq); | ||
150 | } | ||
151 | } | ||
152 | diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c | ||
153 | index 15eb1501915ca..ef9515e9f213f 100644 | ||
154 | --- a/drivers/crypto/talitos.c | ||
155 | +++ b/drivers/crypto/talitos.c | ||
156 | @@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev) | ||
157 | * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP | ||
158 | */ | ||
159 | #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1) | ||
160 | -#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2 | ||
161 | +#ifdef CONFIG_CRYPTO_DEV_TALITOS2 | ||
162 | #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE) | ||
163 | #else | ||
164 | #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE) | ||
165 | diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig | ||
166 | index b0f798244a897..9a6da9b2dad35 100644 | ||
167 | --- a/drivers/dma/Kconfig | ||
168 | +++ b/drivers/dma/Kconfig | ||
169 | @@ -238,7 +238,7 @@ config INTEL_IDMA64 | ||
170 | |||
171 | config INTEL_IOATDMA | ||
172 | tristate "Intel I/OAT DMA support" | ||
173 | - depends on PCI && X86_64 | ||
174 | + depends on PCI && X86_64 && !UML | ||
175 | select DMA_ENGINE | ||
176 | select DMA_ENGINE_RAID | ||
177 | select DCA | ||
178 | diff --git a/drivers/dma/acpi-dma.c b/drivers/dma/acpi-dma.c | ||
179 | index 4a748c3435d7d..02149742b334c 100644 | ||
180 | --- a/drivers/dma/acpi-dma.c | ||
181 | +++ b/drivers/dma/acpi-dma.c | ||
182 | @@ -72,10 +72,14 @@ static int acpi_dma_parse_resource_group(const struct acpi_csrt_group *grp, | ||
183 | |||
184 | si = (const struct acpi_csrt_shared_info *)&grp[1]; | ||
185 | |||
186 | - /* Match device by MMIO and IRQ */ | ||
187 | + /* Match device by MMIO */ | ||
188 | if (si->mmio_base_low != lower_32_bits(mem) || | ||
189 | - si->mmio_base_high != upper_32_bits(mem) || | ||
190 | - si->gsi_interrupt != irq) | ||
191 | + si->mmio_base_high != upper_32_bits(mem)) | ||
192 | + return 0; | ||
193 | + | ||
194 | + /* Match device by Linux vIRQ */ | ||
195 | + ret = acpi_register_gsi(NULL, si->gsi_interrupt, si->interrupt_mode, si->interrupt_polarity); | ||
196 | + if (ret != irq) | ||
197 | return 0; | ||
198 | |||
199 | dev_dbg(&adev->dev, "matches with %.4s%04X (rev %u)\n", | ||
200 | diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dma.c | ||
201 | index f00652585ee31..d88c53ff7bb69 100644 | ||
202 | --- a/drivers/dma/xilinx/xilinx_dma.c | ||
203 | +++ b/drivers/dma/xilinx/xilinx_dma.c | ||
204 | @@ -2578,7 +2578,7 @@ static int xilinx_dma_probe(struct platform_device *pdev) | ||
205 | xdev->ext_addr = false; | ||
206 | |||
207 | /* Set the dma mask bits */ | ||
208 | - dma_set_mask(xdev->dev, DMA_BIT_MASK(addr_width)); | ||
209 | + dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); | ||
210 | |||
211 | /* Initialize the DMA engine */ | ||
212 | xdev->common.dev = &pdev->dev; | ||
213 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c | ||
214 | index b0ece71aefdee..ce774579c89d1 100644 | ||
215 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c | ||
216 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c | ||
217 | @@ -57,7 +57,7 @@ nvkm_control_mthd_pstate_info(struct nvkm_control *ctrl, void *data, u32 size) | ||
218 | args->v0.count = 0; | ||
219 | args->v0.ustate_ac = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; | ||
220 | args->v0.ustate_dc = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; | ||
221 | - args->v0.pwrsrc = -ENOSYS; | ||
222 | + args->v0.pwrsrc = -ENODEV; | ||
223 | args->v0.pstate = NVIF_CONTROL_PSTATE_INFO_V0_PSTATE_UNKNOWN; | ||
224 | } | ||
225 | |||
226 | diff --git a/drivers/parisc/dino.c b/drivers/parisc/dino.c | ||
227 | index d842ae5310f71..bbcff6ae61d66 100644 | ||
228 | --- a/drivers/parisc/dino.c | ||
229 | +++ b/drivers/parisc/dino.c | ||
230 | @@ -160,15 +160,6 @@ struct dino_device | ||
231 | (struct dino_device *)__pdata; }) | ||
232 | |||
233 | |||
234 | -/* Check if PCI device is behind a Card-mode Dino. */ | ||
235 | -static int pci_dev_is_behind_card_dino(struct pci_dev *dev) | ||
236 | -{ | ||
237 | - struct dino_device *dino_dev; | ||
238 | - | ||
239 | - dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge)); | ||
240 | - return is_card_dino(&dino_dev->hba.dev->id); | ||
241 | -} | ||
242 | - | ||
243 | /* | ||
244 | * Dino Configuration Space Accessor Functions | ||
245 | */ | ||
246 | @@ -452,6 +443,15 @@ static void quirk_cirrus_cardbus(struct pci_dev *dev) | ||
247 | DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_6832, quirk_cirrus_cardbus ); | ||
248 | |||
249 | #ifdef CONFIG_TULIP | ||
250 | +/* Check if PCI device is behind a Card-mode Dino. */ | ||
251 | +static int pci_dev_is_behind_card_dino(struct pci_dev *dev) | ||
252 | +{ | ||
253 | + struct dino_device *dino_dev; | ||
254 | + | ||
255 | + dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge)); | ||
256 | + return is_card_dino(&dino_dev->hba.dev->id); | ||
257 | +} | ||
258 | + | ||
259 | static void pci_fixup_tulip(struct pci_dev *dev) | ||
260 | { | ||
261 | if (!pci_dev_is_behind_card_dino(dev)) | ||
262 | diff --git a/drivers/pwm/pwm-lpc32xx.c b/drivers/pwm/pwm-lpc32xx.c | ||
263 | index a9b3cff96aaca..ed8e9406b4af2 100644 | ||
264 | --- a/drivers/pwm/pwm-lpc32xx.c | ||
265 | +++ b/drivers/pwm/pwm-lpc32xx.c | ||
266 | @@ -124,17 +124,17 @@ static int lpc32xx_pwm_probe(struct platform_device *pdev) | ||
267 | lpc32xx->chip.npwm = 1; | ||
268 | lpc32xx->chip.base = -1; | ||
269 | |||
270 | + /* If PWM is disabled, configure the output to the default value */ | ||
271 | + val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); | ||
272 | + val &= ~PWM_PIN_LEVEL; | ||
273 | + writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); | ||
274 | + | ||
275 | ret = pwmchip_add(&lpc32xx->chip); | ||
276 | if (ret < 0) { | ||
277 | dev_err(&pdev->dev, "failed to add PWM chip, error %d\n", ret); | ||
278 | return ret; | ||
279 | } | ||
280 | |||
281 | - /* When PWM is disable, configure the output to the default value */ | ||
282 | - val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); | ||
283 | - val &= ~PWM_PIN_LEVEL; | ||
284 | - writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); | ||
285 | - | ||
286 | platform_set_drvdata(pdev, lpc32xx); | ||
287 | |||
288 | return 0; | ||
289 | diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c | ||
290 | index 22c481f2ae4f1..2a35b99cf628e 100644 | ||
291 | --- a/drivers/staging/android/ion/ion_system_heap.c | ||
292 | +++ b/drivers/staging/android/ion/ion_system_heap.c | ||
293 | @@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap, | ||
294 | |||
295 | page = ion_page_pool_alloc(pool); | ||
296 | |||
297 | - if (cached) | ||
298 | + if (page && cached) | ||
299 | ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order, | ||
300 | DMA_BIDIRECTIONAL); | ||
301 | return page; | ||
302 | diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c | ||
303 | index c974cb5fb9580..02510c191c7db 100644 | ||
304 | --- a/drivers/thermal/samsung/exynos_tmu.c | ||
305 | +++ b/drivers/thermal/samsung/exynos_tmu.c | ||
306 | @@ -1372,6 +1372,7 @@ static int exynos_tmu_probe(struct platform_device *pdev) | ||
307 | data->sclk = devm_clk_get(&pdev->dev, "tmu_sclk"); | ||
308 | if (IS_ERR(data->sclk)) { | ||
309 | dev_err(&pdev->dev, "Failed to get sclk\n"); | ||
310 | + ret = PTR_ERR(data->sclk); | ||
311 | goto err_clk; | ||
312 | } else { | ||
313 | ret = clk_prepare_enable(data->sclk); | ||
314 | diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c | ||
315 | index 0eb2ada032c74..839bccbcc9d65 100644 | ||
316 | --- a/fs/ceph/caps.c | ||
317 | +++ b/fs/ceph/caps.c | ||
318 | @@ -1572,6 +1572,8 @@ static int __mark_caps_flushing(struct inode *inode, | ||
319 | * try to invalidate mapping pages without blocking. | ||
320 | */ | ||
321 | static int try_nonblocking_invalidate(struct inode *inode) | ||
322 | + __releases(ci->i_ceph_lock) | ||
323 | + __acquires(ci->i_ceph_lock) | ||
324 | { | ||
325 | struct ceph_inode_info *ci = ceph_inode(inode); | ||
326 | u32 invalidating_gen = ci->i_rdcache_gen; | ||
327 | diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c | ||
328 | index e9903bceb2bf1..33fba75aa9f38 100644 | ||
329 | --- a/fs/nilfs2/sysfs.c | ||
330 | +++ b/fs/nilfs2/sysfs.c | ||
331 | @@ -73,11 +73,9 @@ static const struct sysfs_ops nilfs_##name##_attr_ops = { \ | ||
332 | #define NILFS_DEV_INT_GROUP_TYPE(name, parent_name) \ | ||
333 | static void nilfs_##name##_attr_release(struct kobject *kobj) \ | ||
334 | { \ | ||
335 | - struct nilfs_sysfs_##parent_name##_subgroups *subgroups; \ | ||
336 | - struct the_nilfs *nilfs = container_of(kobj->parent, \ | ||
337 | - struct the_nilfs, \ | ||
338 | - ns_##parent_name##_kobj); \ | ||
339 | - subgroups = nilfs->ns_##parent_name##_subgroups; \ | ||
340 | + struct nilfs_sysfs_##parent_name##_subgroups *subgroups = container_of(kobj, \ | ||
341 | + struct nilfs_sysfs_##parent_name##_subgroups, \ | ||
342 | + sg_##name##_kobj); \ | ||
343 | complete(&subgroups->sg_##name##_kobj_unregister); \ | ||
344 | } \ | ||
345 | static struct kobj_type nilfs_##name##_ktype = { \ | ||
346 | @@ -103,12 +101,12 @@ static int nilfs_sysfs_create_##name##_group(struct the_nilfs *nilfs) \ | ||
347 | err = kobject_init_and_add(kobj, &nilfs_##name##_ktype, parent, \ | ||
348 | #name); \ | ||
349 | if (err) \ | ||
350 | - return err; \ | ||
351 | - return 0; \ | ||
352 | + kobject_put(kobj); \ | ||
353 | + return err; \ | ||
354 | } \ | ||
355 | static void nilfs_sysfs_delete_##name##_group(struct the_nilfs *nilfs) \ | ||
356 | { \ | ||
357 | - kobject_del(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \ | ||
358 | + kobject_put(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \ | ||
359 | } | ||
360 | |||
361 | /************************************************************************ | ||
362 | @@ -219,14 +217,14 @@ int nilfs_sysfs_create_snapshot_group(struct nilfs_root *root) | ||
363 | } | ||
364 | |||
365 | if (err) | ||
366 | - return err; | ||
367 | + kobject_put(&root->snapshot_kobj); | ||
368 | |||
369 | - return 0; | ||
370 | + return err; | ||
371 | } | ||
372 | |||
373 | void nilfs_sysfs_delete_snapshot_group(struct nilfs_root *root) | ||
374 | { | ||
375 | - kobject_del(&root->snapshot_kobj); | ||
376 | + kobject_put(&root->snapshot_kobj); | ||
377 | } | ||
378 | |||
379 | /************************************************************************ | ||
380 | @@ -1010,7 +1008,7 @@ int nilfs_sysfs_create_device_group(struct super_block *sb) | ||
381 | err = kobject_init_and_add(&nilfs->ns_dev_kobj, &nilfs_dev_ktype, NULL, | ||
382 | "%s", sb->s_id); | ||
383 | if (err) | ||
384 | - goto free_dev_subgroups; | ||
385 | + goto cleanup_dev_kobject; | ||
386 | |||
387 | err = nilfs_sysfs_create_mounted_snapshots_group(nilfs); | ||
388 | if (err) | ||
389 | @@ -1047,9 +1045,7 @@ delete_mounted_snapshots_group: | ||
390 | nilfs_sysfs_delete_mounted_snapshots_group(nilfs); | ||
391 | |||
392 | cleanup_dev_kobject: | ||
393 | - kobject_del(&nilfs->ns_dev_kobj); | ||
394 | - | ||
395 | -free_dev_subgroups: | ||
396 | + kobject_put(&nilfs->ns_dev_kobj); | ||
397 | kfree(nilfs->ns_dev_subgroups); | ||
398 | |||
399 | failed_create_device_group: | ||
400 | diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h | ||
401 | index b46133a41f55e..c0707e9bd9186 100644 | ||
402 | --- a/include/net/sctp/structs.h | ||
403 | +++ b/include/net/sctp/structs.h | ||
404 | @@ -470,7 +470,7 @@ struct sctp_af { | ||
405 | int saddr); | ||
406 | void (*from_sk) (union sctp_addr *, | ||
407 | struct sock *sk); | ||
408 | - void (*from_addr_param) (union sctp_addr *, | ||
409 | + bool (*from_addr_param) (union sctp_addr *, | ||
410 | union sctp_addr_param *, | ||
411 | __be16 port, int iif); | ||
412 | int (*to_addr_param) (const union sctp_addr *, | ||
413 | diff --git a/kernel/profile.c b/kernel/profile.c | ||
414 | index 2dbccf2d806c6..9c78e3ab4b420 100644 | ||
415 | --- a/kernel/profile.c | ||
416 | +++ b/kernel/profile.c | ||
417 | @@ -38,7 +38,8 @@ struct profile_hit { | ||
418 | #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ) | ||
419 | |||
420 | static atomic_t *prof_buffer; | ||
421 | -static unsigned long prof_len, prof_shift; | ||
422 | +static unsigned long prof_len; | ||
423 | +static unsigned short int prof_shift; | ||
424 | |||
425 | int prof_on __read_mostly; | ||
426 | EXPORT_SYMBOL_GPL(prof_on); | ||
427 | @@ -64,8 +65,8 @@ int profile_setup(char *str) | ||
428 | if (str[strlen(sleepstr)] == ',') | ||
429 | str += strlen(sleepstr) + 1; | ||
430 | if (get_option(&str, &par)) | ||
431 | - prof_shift = par; | ||
432 | - pr_info("kernel sleep profiling enabled (shift: %ld)\n", | ||
433 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); | ||
434 | + pr_info("kernel sleep profiling enabled (shift: %u)\n", | ||
435 | prof_shift); | ||
436 | #else | ||
437 | pr_warn("kernel sleep profiling requires CONFIG_SCHEDSTATS\n"); | ||
438 | @@ -75,21 +76,21 @@ int profile_setup(char *str) | ||
439 | if (str[strlen(schedstr)] == ',') | ||
440 | str += strlen(schedstr) + 1; | ||
441 | if (get_option(&str, &par)) | ||
442 | - prof_shift = par; | ||
443 | - pr_info("kernel schedule profiling enabled (shift: %ld)\n", | ||
444 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); | ||
445 | + pr_info("kernel schedule profiling enabled (shift: %u)\n", | ||
446 | prof_shift); | ||
447 | } else if (!strncmp(str, kvmstr, strlen(kvmstr))) { | ||
448 | prof_on = KVM_PROFILING; | ||
449 | if (str[strlen(kvmstr)] == ',') | ||
450 | str += strlen(kvmstr) + 1; | ||
451 | if (get_option(&str, &par)) | ||
452 | - prof_shift = par; | ||
453 | - pr_info("kernel KVM profiling enabled (shift: %ld)\n", | ||
454 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); | ||
455 | + pr_info("kernel KVM profiling enabled (shift: %u)\n", | ||
456 | prof_shift); | ||
457 | } else if (get_option(&str, &par)) { | ||
458 | - prof_shift = par; | ||
459 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); | ||
460 | prof_on = CPU_PROFILING; | ||
461 | - pr_info("kernel profiling enabled (shift: %ld)\n", | ||
462 | + pr_info("kernel profiling enabled (shift: %u)\n", | ||
463 | prof_shift); | ||
464 | } | ||
465 | return 1; | ||
466 | @@ -465,7 +466,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) | ||
467 | unsigned long p = *ppos; | ||
468 | ssize_t read; | ||
469 | char *pnt; | ||
470 | - unsigned int sample_step = 1 << prof_shift; | ||
471 | + unsigned long sample_step = 1UL << prof_shift; | ||
472 | |||
473 | profile_flip_buffers(); | ||
474 | if (p >= (prof_len+1)*sizeof(unsigned int)) | ||
475 | diff --git a/kernel/sys.c b/kernel/sys.c | ||
476 | index 546cdc911dad4..2e1def48ed73b 100644 | ||
477 | --- a/kernel/sys.c | ||
478 | +++ b/kernel/sys.c | ||
479 | @@ -1774,13 +1774,6 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map) | ||
480 | |||
481 | error = -EINVAL; | ||
482 | |||
483 | - /* | ||
484 | - * @brk should be after @end_data in traditional maps. | ||
485 | - */ | ||
486 | - if (prctl_map->start_brk <= prctl_map->end_data || | ||
487 | - prctl_map->brk <= prctl_map->end_data) | ||
488 | - goto out; | ||
489 | - | ||
490 | /* | ||
491 | * Neither we should allow to override limits if they set. | ||
492 | */ | ||
493 | diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c | ||
494 | index f88911cffa1ad..c6a46e8e9eda5 100644 | ||
495 | --- a/net/9p/trans_virtio.c | ||
496 | +++ b/net/9p/trans_virtio.c | ||
497 | @@ -602,7 +602,7 @@ static int p9_virtio_probe(struct virtio_device *vdev) | ||
498 | chan->vc_wq = kmalloc(sizeof(wait_queue_head_t), GFP_KERNEL); | ||
499 | if (!chan->vc_wq) { | ||
500 | err = -ENOMEM; | ||
501 | - goto out_free_tag; | ||
502 | + goto out_remove_file; | ||
503 | } | ||
504 | init_waitqueue_head(chan->vc_wq); | ||
505 | chan->ring_bufs_avail = 1; | ||
506 | @@ -620,6 +620,8 @@ static int p9_virtio_probe(struct virtio_device *vdev) | ||
507 | |||
508 | return 0; | ||
509 | |||
510 | +out_remove_file: | ||
511 | + sysfs_remove_file(&vdev->dev.kobj, &dev_attr_mount_tag.attr); | ||
512 | out_free_tag: | ||
513 | kfree(tag); | ||
514 | out_free_vq: | ||
515 | diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c | ||
516 | index dc4335d817d80..dd9532c5c19dd 100644 | ||
517 | --- a/net/sctp/bind_addr.c | ||
518 | +++ b/net/sctp/bind_addr.c | ||
519 | @@ -285,20 +285,16 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, | ||
520 | rawaddr = (union sctp_addr_param *)raw_addr_list; | ||
521 | |||
522 | af = sctp_get_af_specific(param_type2af(param->type)); | ||
523 | - if (unlikely(!af)) { | ||
524 | + if (unlikely(!af) || | ||
525 | + !af->from_addr_param(&addr, rawaddr, htons(port), 0)) { | ||
526 | retval = -EINVAL; | ||
527 | - sctp_bind_addr_clean(bp); | ||
528 | - break; | ||
529 | + goto out_err; | ||
530 | } | ||
531 | |||
532 | - af->from_addr_param(&addr, rawaddr, htons(port), 0); | ||
533 | retval = sctp_add_bind_addr(bp, &addr, sizeof(addr), | ||
534 | SCTP_ADDR_SRC, gfp); | ||
535 | - if (retval) { | ||
536 | - /* Can't finish building the list, clean up. */ | ||
537 | - sctp_bind_addr_clean(bp); | ||
538 | - break; | ||
539 | - } | ||
540 | + if (retval) | ||
541 | + goto out_err; | ||
542 | |||
543 | len = ntohs(param->length); | ||
544 | addrs_len -= len; | ||
545 | @@ -306,6 +302,12 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, | ||
546 | } | ||
547 | |||
548 | return retval; | ||
549 | + | ||
550 | +out_err: | ||
551 | + if (retval) | ||
552 | + sctp_bind_addr_clean(bp); | ||
553 | + | ||
554 | + return retval; | ||
555 | } | ||
556 | |||
557 | /******************************************************************** | ||
558 | diff --git a/net/sctp/input.c b/net/sctp/input.c | ||
559 | index 8f4574c4aa6ca..9c1670b4a687d 100644 | ||
560 | --- a/net/sctp/input.c | ||
561 | +++ b/net/sctp/input.c | ||
562 | @@ -1051,7 +1051,8 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct net *net, | ||
563 | if (!af) | ||
564 | continue; | ||
565 | |||
566 | - af->from_addr_param(paddr, params.addr, sh->source, 0); | ||
567 | + if (!af->from_addr_param(paddr, params.addr, sh->source, 0)) | ||
568 | + continue; | ||
569 | |||
570 | asoc = __sctp_lookup_association(net, laddr, paddr, transportp); | ||
571 | if (asoc) | ||
572 | @@ -1087,6 +1088,9 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( | ||
573 | union sctp_addr_param *param; | ||
574 | union sctp_addr paddr; | ||
575 | |||
576 | + if (ntohs(ch->length) < sizeof(*asconf) + sizeof(struct sctp_paramhdr)) | ||
577 | + return NULL; | ||
578 | + | ||
579 | /* Skip over the ADDIP header and find the Address parameter */ | ||
580 | param = (union sctp_addr_param *)(asconf + 1); | ||
581 | |||
582 | @@ -1094,7 +1098,8 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( | ||
583 | if (unlikely(!af)) | ||
584 | return NULL; | ||
585 | |||
586 | - af->from_addr_param(&paddr, param, peer_port, 0); | ||
587 | + if (af->from_addr_param(&paddr, param, peer_port, 0)) | ||
588 | + return NULL; | ||
589 | |||
590 | return __sctp_lookup_association(net, laddr, &paddr, transportp); | ||
591 | } | ||
592 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c | ||
593 | index 50bc8c4ca9068..01337204d2b6f 100644 | ||
594 | --- a/net/sctp/ipv6.c | ||
595 | +++ b/net/sctp/ipv6.c | ||
596 | @@ -490,15 +490,20 @@ static void sctp_v6_to_sk_daddr(union sctp_addr *addr, struct sock *sk) | ||
597 | } | ||
598 | |||
599 | /* Initialize a sctp_addr from an address parameter. */ | ||
600 | -static void sctp_v6_from_addr_param(union sctp_addr *addr, | ||
601 | +static bool sctp_v6_from_addr_param(union sctp_addr *addr, | ||
602 | union sctp_addr_param *param, | ||
603 | __be16 port, int iif) | ||
604 | { | ||
605 | + if (ntohs(param->v6.param_hdr.length) < sizeof(struct sctp_ipv6addr_param)) | ||
606 | + return false; | ||
607 | + | ||
608 | addr->v6.sin6_family = AF_INET6; | ||
609 | addr->v6.sin6_port = port; | ||
610 | addr->v6.sin6_flowinfo = 0; /* BUG */ | ||
611 | addr->v6.sin6_addr = param->v6.addr; | ||
612 | addr->v6.sin6_scope_id = iif; | ||
613 | + | ||
614 | + return true; | ||
615 | } | ||
616 | |||
617 | /* Initialize an address parameter from a sctp_addr and return the length | ||
618 | diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c | ||
619 | index b1932fd125dad..02afbe5710083 100644 | ||
620 | --- a/net/sctp/protocol.c | ||
621 | +++ b/net/sctp/protocol.c | ||
622 | @@ -274,14 +274,19 @@ static void sctp_v4_to_sk_daddr(union sctp_addr *addr, struct sock *sk) | ||
623 | } | ||
624 | |||
625 | /* Initialize a sctp_addr from an address parameter. */ | ||
626 | -static void sctp_v4_from_addr_param(union sctp_addr *addr, | ||
627 | +static bool sctp_v4_from_addr_param(union sctp_addr *addr, | ||
628 | union sctp_addr_param *param, | ||
629 | __be16 port, int iif) | ||
630 | { | ||
631 | + if (ntohs(param->v4.param_hdr.length) < sizeof(struct sctp_ipv4addr_param)) | ||
632 | + return false; | ||
633 | + | ||
634 | addr->v4.sin_family = AF_INET; | ||
635 | addr->v4.sin_port = port; | ||
636 | addr->v4.sin_addr.s_addr = param->v4.addr.s_addr; | ||
637 | memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); | ||
638 | + | ||
639 | + return true; | ||
640 | } | ||
641 | |||
642 | /* Initialize an address parameter from a sctp_addr and return the length | ||
643 | diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c | ||
644 | index 0c5aff3bb5391..2e2802f047005 100644 | ||
645 | --- a/net/sctp/sm_make_chunk.c | ||
646 | +++ b/net/sctp/sm_make_chunk.c | ||
647 | @@ -2155,9 +2155,16 @@ static sctp_ierror_t sctp_verify_param(struct net *net, | ||
648 | break; | ||
649 | |||
650 | case SCTP_PARAM_SET_PRIMARY: | ||
651 | - if (net->sctp.addip_enable) | ||
652 | - break; | ||
653 | - goto fallthrough; | ||
654 | + if (!net->sctp.addip_enable) | ||
655 | + goto fallthrough; | ||
656 | + | ||
657 | + if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) + | ||
658 | + sizeof(struct sctp_paramhdr)) { | ||
659 | + sctp_process_inv_paramlength(asoc, param.p, | ||
660 | + chunk, err_chunk); | ||
661 | + retval = SCTP_IERROR_ABORT; | ||
662 | + } | ||
663 | + break; | ||
664 | |||
665 | case SCTP_PARAM_HOST_NAME_ADDRESS: | ||
666 | /* Tell the peer, we won't support this param. */ | ||
667 | @@ -2335,11 +2342,13 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, | ||
668 | |||
669 | /* Process the initialization parameters. */ | ||
670 | sctp_walk_params(param, peer_init, init_hdr.params) { | ||
671 | - if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || | ||
672 | - param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { | ||
673 | + if (!src_match && | ||
674 | + (param.p->type == SCTP_PARAM_IPV4_ADDRESS || | ||
675 | + param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { | ||
676 | af = sctp_get_af_specific(param_type2af(param.p->type)); | ||
677 | - af->from_addr_param(&addr, param.addr, | ||
678 | - chunk->sctp_hdr->source, 0); | ||
679 | + if (!af->from_addr_param(&addr, param.addr, | ||
680 | + chunk->sctp_hdr->source, 0)) | ||
681 | + continue; | ||
682 | if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) | ||
683 | src_match = 1; | ||
684 | } | ||
685 | @@ -2533,7 +2542,8 @@ static int sctp_process_param(struct sctp_association *asoc, | ||
686 | break; | ||
687 | do_addr_param: | ||
688 | af = sctp_get_af_specific(param_type2af(param.p->type)); | ||
689 | - af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); | ||
690 | + if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0)) | ||
691 | + break; | ||
692 | scope = sctp_scope(peer_addr); | ||
693 | if (sctp_in_scope(net, &addr, scope)) | ||
694 | if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) | ||
695 | @@ -2626,15 +2636,13 @@ do_addr_param: | ||
696 | addr_param = param.v + sizeof(sctp_addip_param_t); | ||
697 | |||
698 | af = sctp_get_af_specific(param_type2af(addr_param->p.type)); | ||
699 | - if (af == NULL) | ||
700 | + if (!af) | ||
701 | break; | ||
702 | |||
703 | - af->from_addr_param(&addr, addr_param, | ||
704 | - htons(asoc->peer.port), 0); | ||
705 | + if (!af->from_addr_param(&addr, addr_param, | ||
706 | + htons(asoc->peer.port), 0)) | ||
707 | + break; | ||
708 | |||
709 | - /* if the address is invalid, we can't process it. | ||
710 | - * XXX: see spec for what to do. | ||
711 | - */ | ||
712 | if (!af->addr_valid(&addr, NULL, NULL)) | ||
713 | break; | ||
714 | |||
715 | @@ -3046,7 +3054,8 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, | ||
716 | if (unlikely(!af)) | ||
717 | return SCTP_ERROR_DNS_FAILED; | ||
718 | |||
719 | - af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); | ||
720 | + if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0)) | ||
721 | + return SCTP_ERROR_DNS_FAILED; | ||
722 | |||
723 | /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast | ||
724 | * or multicast address. | ||
725 | @@ -3311,7 +3320,8 @@ static void sctp_asconf_param_success(struct sctp_association *asoc, | ||
726 | |||
727 | /* We have checked the packet before, so we do not check again. */ | ||
728 | af = sctp_get_af_specific(param_type2af(addr_param->p.type)); | ||
729 | - af->from_addr_param(&addr, addr_param, htons(bp->port), 0); | ||
730 | + if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0)) | ||
731 | + return; | ||
732 | |||
733 | switch (asconf_param->param_hdr.type) { | ||
734 | case SCTP_PARAM_ADD_IP: |