Contents of /trunk/kernel-alx-legacy/patches-4.9/0383-4.9.284-all-fixes.patch
Parent Directory | Revision Log
Revision 3685 -
(show annotations)
(download)
Mon Oct 24 14:08:00 2022 UTC (19 months, 1 week ago) by niro
File size: 25304 byte(s)
Mon Oct 24 14:08:00 2022 UTC (19 months, 1 week ago) by niro
File size: 25304 byte(s)
-linux-4.9.284
1 | diff --git a/Makefile b/Makefile |
2 | index ef029a28bb53c..9605f840f94b8 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 283 |
9 | +SUBLEVEL = 284 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c |
14 | index 53bb9700cf411..3d88c56d30f91 100644 |
15 | --- a/arch/s390/net/bpf_jit_comp.c |
16 | +++ b/arch/s390/net/bpf_jit_comp.c |
17 | @@ -591,10 +591,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
18 | EMIT4(0xb9080000, dst_reg, src_reg); |
19 | break; |
20 | case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */ |
21 | - if (!imm) |
22 | - break; |
23 | - /* alfi %dst,imm */ |
24 | - EMIT6_IMM(0xc20b0000, dst_reg, imm); |
25 | + if (imm != 0) { |
26 | + /* alfi %dst,imm */ |
27 | + EMIT6_IMM(0xc20b0000, dst_reg, imm); |
28 | + } |
29 | EMIT_ZERO(dst_reg); |
30 | break; |
31 | case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */ |
32 | @@ -616,10 +616,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
33 | EMIT4(0xb9090000, dst_reg, src_reg); |
34 | break; |
35 | case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */ |
36 | - if (!imm) |
37 | - break; |
38 | - /* alfi %dst,-imm */ |
39 | - EMIT6_IMM(0xc20b0000, dst_reg, -imm); |
40 | + if (imm != 0) { |
41 | + /* alfi %dst,-imm */ |
42 | + EMIT6_IMM(0xc20b0000, dst_reg, -imm); |
43 | + } |
44 | EMIT_ZERO(dst_reg); |
45 | break; |
46 | case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ |
47 | @@ -646,10 +646,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
48 | EMIT4(0xb90c0000, dst_reg, src_reg); |
49 | break; |
50 | case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */ |
51 | - if (imm == 1) |
52 | - break; |
53 | - /* msfi %r5,imm */ |
54 | - EMIT6_IMM(0xc2010000, dst_reg, imm); |
55 | + if (imm != 1) { |
56 | + /* msfi %r5,imm */ |
57 | + EMIT6_IMM(0xc2010000, dst_reg, imm); |
58 | + } |
59 | EMIT_ZERO(dst_reg); |
60 | break; |
61 | case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */ |
62 | @@ -710,6 +710,8 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
63 | if (BPF_OP(insn->code) == BPF_MOD) |
64 | /* lhgi %dst,0 */ |
65 | EMIT4_IMM(0xa7090000, dst_reg, 0); |
66 | + else |
67 | + EMIT_ZERO(dst_reg); |
68 | break; |
69 | } |
70 | /* lhi %w0,0 */ |
71 | @@ -802,10 +804,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
72 | EMIT4(0xb9820000, dst_reg, src_reg); |
73 | break; |
74 | case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */ |
75 | - if (!imm) |
76 | - break; |
77 | - /* xilf %dst,imm */ |
78 | - EMIT6_IMM(0xc0070000, dst_reg, imm); |
79 | + if (imm != 0) { |
80 | + /* xilf %dst,imm */ |
81 | + EMIT6_IMM(0xc0070000, dst_reg, imm); |
82 | + } |
83 | EMIT_ZERO(dst_reg); |
84 | break; |
85 | case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */ |
86 | @@ -826,10 +828,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
87 | EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0); |
88 | break; |
89 | case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */ |
90 | - if (imm == 0) |
91 | - break; |
92 | - /* sll %dst,imm(%r0) */ |
93 | - EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); |
94 | + if (imm != 0) { |
95 | + /* sll %dst,imm(%r0) */ |
96 | + EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); |
97 | + } |
98 | EMIT_ZERO(dst_reg); |
99 | break; |
100 | case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */ |
101 | @@ -851,10 +853,10 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
102 | EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0); |
103 | break; |
104 | case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */ |
105 | - if (imm == 0) |
106 | - break; |
107 | - /* srl %dst,imm(%r0) */ |
108 | - EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); |
109 | + if (imm != 0) { |
110 | + /* srl %dst,imm(%r0) */ |
111 | + EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); |
112 | + } |
113 | EMIT_ZERO(dst_reg); |
114 | break; |
115 | case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */ |
116 | diff --git a/block/blk-throttle.c b/block/blk-throttle.c |
117 | index 3a4c9a3c1427f..6435dc25be0aa 100644 |
118 | --- a/block/blk-throttle.c |
119 | +++ b/block/blk-throttle.c |
120 | @@ -1584,6 +1584,7 @@ int blk_throtl_init(struct request_queue *q) |
121 | void blk_throtl_exit(struct request_queue *q) |
122 | { |
123 | BUG_ON(!q->td); |
124 | + del_timer_sync(&q->td->service_queue.pending_timer); |
125 | throtl_shutdown_wq(q); |
126 | blkcg_deactivate_policy(q, &blkcg_policy_throtl); |
127 | kfree(q->td); |
128 | diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c |
129 | index ee63ccaea8d57..8c05e7a5e777b 100644 |
130 | --- a/drivers/base/power/wakeirq.c |
131 | +++ b/drivers/base/power/wakeirq.c |
132 | @@ -320,7 +320,8 @@ void dev_pm_arm_wake_irq(struct wake_irq *wirq) |
133 | return; |
134 | |
135 | if (device_may_wakeup(wirq->dev)) { |
136 | - if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED) |
137 | + if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && |
138 | + !pm_runtime_status_suspended(wirq->dev)) |
139 | enable_irq(wirq->irq); |
140 | |
141 | enable_irq_wake(wirq->irq); |
142 | @@ -342,7 +343,8 @@ void dev_pm_disarm_wake_irq(struct wake_irq *wirq) |
143 | if (device_may_wakeup(wirq->dev)) { |
144 | disable_irq_wake(wirq->irq); |
145 | |
146 | - if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED) |
147 | + if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && |
148 | + !pm_runtime_status_suspended(wirq->dev)) |
149 | disable_irq_nosync(wirq->irq); |
150 | } |
151 | } |
152 | diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c |
153 | index 15eb1501915ca..ef9515e9f213f 100644 |
154 | --- a/drivers/crypto/talitos.c |
155 | +++ b/drivers/crypto/talitos.c |
156 | @@ -816,7 +816,7 @@ static void talitos_unregister_rng(struct device *dev) |
157 | * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP |
158 | */ |
159 | #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1) |
160 | -#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2 |
161 | +#ifdef CONFIG_CRYPTO_DEV_TALITOS2 |
162 | #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE) |
163 | #else |
164 | #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE) |
165 | diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig |
166 | index b0f798244a897..9a6da9b2dad35 100644 |
167 | --- a/drivers/dma/Kconfig |
168 | +++ b/drivers/dma/Kconfig |
169 | @@ -238,7 +238,7 @@ config INTEL_IDMA64 |
170 | |
171 | config INTEL_IOATDMA |
172 | tristate "Intel I/OAT DMA support" |
173 | - depends on PCI && X86_64 |
174 | + depends on PCI && X86_64 && !UML |
175 | select DMA_ENGINE |
176 | select DMA_ENGINE_RAID |
177 | select DCA |
178 | diff --git a/drivers/dma/acpi-dma.c b/drivers/dma/acpi-dma.c |
179 | index 4a748c3435d7d..02149742b334c 100644 |
180 | --- a/drivers/dma/acpi-dma.c |
181 | +++ b/drivers/dma/acpi-dma.c |
182 | @@ -72,10 +72,14 @@ static int acpi_dma_parse_resource_group(const struct acpi_csrt_group *grp, |
183 | |
184 | si = (const struct acpi_csrt_shared_info *)&grp[1]; |
185 | |
186 | - /* Match device by MMIO and IRQ */ |
187 | + /* Match device by MMIO */ |
188 | if (si->mmio_base_low != lower_32_bits(mem) || |
189 | - si->mmio_base_high != upper_32_bits(mem) || |
190 | - si->gsi_interrupt != irq) |
191 | + si->mmio_base_high != upper_32_bits(mem)) |
192 | + return 0; |
193 | + |
194 | + /* Match device by Linux vIRQ */ |
195 | + ret = acpi_register_gsi(NULL, si->gsi_interrupt, si->interrupt_mode, si->interrupt_polarity); |
196 | + if (ret != irq) |
197 | return 0; |
198 | |
199 | dev_dbg(&adev->dev, "matches with %.4s%04X (rev %u)\n", |
200 | diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dma.c |
201 | index f00652585ee31..d88c53ff7bb69 100644 |
202 | --- a/drivers/dma/xilinx/xilinx_dma.c |
203 | +++ b/drivers/dma/xilinx/xilinx_dma.c |
204 | @@ -2578,7 +2578,7 @@ static int xilinx_dma_probe(struct platform_device *pdev) |
205 | xdev->ext_addr = false; |
206 | |
207 | /* Set the dma mask bits */ |
208 | - dma_set_mask(xdev->dev, DMA_BIT_MASK(addr_width)); |
209 | + dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); |
210 | |
211 | /* Initialize the DMA engine */ |
212 | xdev->common.dev = &pdev->dev; |
213 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c |
214 | index b0ece71aefdee..ce774579c89d1 100644 |
215 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c |
216 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/ctrl.c |
217 | @@ -57,7 +57,7 @@ nvkm_control_mthd_pstate_info(struct nvkm_control *ctrl, void *data, u32 size) |
218 | args->v0.count = 0; |
219 | args->v0.ustate_ac = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; |
220 | args->v0.ustate_dc = NVIF_CONTROL_PSTATE_INFO_V0_USTATE_DISABLE; |
221 | - args->v0.pwrsrc = -ENOSYS; |
222 | + args->v0.pwrsrc = -ENODEV; |
223 | args->v0.pstate = NVIF_CONTROL_PSTATE_INFO_V0_PSTATE_UNKNOWN; |
224 | } |
225 | |
226 | diff --git a/drivers/parisc/dino.c b/drivers/parisc/dino.c |
227 | index d842ae5310f71..bbcff6ae61d66 100644 |
228 | --- a/drivers/parisc/dino.c |
229 | +++ b/drivers/parisc/dino.c |
230 | @@ -160,15 +160,6 @@ struct dino_device |
231 | (struct dino_device *)__pdata; }) |
232 | |
233 | |
234 | -/* Check if PCI device is behind a Card-mode Dino. */ |
235 | -static int pci_dev_is_behind_card_dino(struct pci_dev *dev) |
236 | -{ |
237 | - struct dino_device *dino_dev; |
238 | - |
239 | - dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge)); |
240 | - return is_card_dino(&dino_dev->hba.dev->id); |
241 | -} |
242 | - |
243 | /* |
244 | * Dino Configuration Space Accessor Functions |
245 | */ |
246 | @@ -452,6 +443,15 @@ static void quirk_cirrus_cardbus(struct pci_dev *dev) |
247 | DECLARE_PCI_FIXUP_ENABLE(PCI_VENDOR_ID_CIRRUS, PCI_DEVICE_ID_CIRRUS_6832, quirk_cirrus_cardbus ); |
248 | |
249 | #ifdef CONFIG_TULIP |
250 | +/* Check if PCI device is behind a Card-mode Dino. */ |
251 | +static int pci_dev_is_behind_card_dino(struct pci_dev *dev) |
252 | +{ |
253 | + struct dino_device *dino_dev; |
254 | + |
255 | + dino_dev = DINO_DEV(parisc_walk_tree(dev->bus->bridge)); |
256 | + return is_card_dino(&dino_dev->hba.dev->id); |
257 | +} |
258 | + |
259 | static void pci_fixup_tulip(struct pci_dev *dev) |
260 | { |
261 | if (!pci_dev_is_behind_card_dino(dev)) |
262 | diff --git a/drivers/pwm/pwm-lpc32xx.c b/drivers/pwm/pwm-lpc32xx.c |
263 | index a9b3cff96aaca..ed8e9406b4af2 100644 |
264 | --- a/drivers/pwm/pwm-lpc32xx.c |
265 | +++ b/drivers/pwm/pwm-lpc32xx.c |
266 | @@ -124,17 +124,17 @@ static int lpc32xx_pwm_probe(struct platform_device *pdev) |
267 | lpc32xx->chip.npwm = 1; |
268 | lpc32xx->chip.base = -1; |
269 | |
270 | + /* If PWM is disabled, configure the output to the default value */ |
271 | + val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); |
272 | + val &= ~PWM_PIN_LEVEL; |
273 | + writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); |
274 | + |
275 | ret = pwmchip_add(&lpc32xx->chip); |
276 | if (ret < 0) { |
277 | dev_err(&pdev->dev, "failed to add PWM chip, error %d\n", ret); |
278 | return ret; |
279 | } |
280 | |
281 | - /* When PWM is disable, configure the output to the default value */ |
282 | - val = readl(lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); |
283 | - val &= ~PWM_PIN_LEVEL; |
284 | - writel(val, lpc32xx->base + (lpc32xx->chip.pwms[0].hwpwm << 2)); |
285 | - |
286 | platform_set_drvdata(pdev, lpc32xx); |
287 | |
288 | return 0; |
289 | diff --git a/drivers/staging/android/ion/ion_system_heap.c b/drivers/staging/android/ion/ion_system_heap.c |
290 | index 22c481f2ae4f1..2a35b99cf628e 100644 |
291 | --- a/drivers/staging/android/ion/ion_system_heap.c |
292 | +++ b/drivers/staging/android/ion/ion_system_heap.c |
293 | @@ -75,7 +75,7 @@ static struct page *alloc_buffer_page(struct ion_system_heap *heap, |
294 | |
295 | page = ion_page_pool_alloc(pool); |
296 | |
297 | - if (cached) |
298 | + if (page && cached) |
299 | ion_pages_sync_for_device(NULL, page, PAGE_SIZE << order, |
300 | DMA_BIDIRECTIONAL); |
301 | return page; |
302 | diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c |
303 | index c974cb5fb9580..02510c191c7db 100644 |
304 | --- a/drivers/thermal/samsung/exynos_tmu.c |
305 | +++ b/drivers/thermal/samsung/exynos_tmu.c |
306 | @@ -1372,6 +1372,7 @@ static int exynos_tmu_probe(struct platform_device *pdev) |
307 | data->sclk = devm_clk_get(&pdev->dev, "tmu_sclk"); |
308 | if (IS_ERR(data->sclk)) { |
309 | dev_err(&pdev->dev, "Failed to get sclk\n"); |
310 | + ret = PTR_ERR(data->sclk); |
311 | goto err_clk; |
312 | } else { |
313 | ret = clk_prepare_enable(data->sclk); |
314 | diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c |
315 | index 0eb2ada032c74..839bccbcc9d65 100644 |
316 | --- a/fs/ceph/caps.c |
317 | +++ b/fs/ceph/caps.c |
318 | @@ -1572,6 +1572,8 @@ static int __mark_caps_flushing(struct inode *inode, |
319 | * try to invalidate mapping pages without blocking. |
320 | */ |
321 | static int try_nonblocking_invalidate(struct inode *inode) |
322 | + __releases(ci->i_ceph_lock) |
323 | + __acquires(ci->i_ceph_lock) |
324 | { |
325 | struct ceph_inode_info *ci = ceph_inode(inode); |
326 | u32 invalidating_gen = ci->i_rdcache_gen; |
327 | diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c |
328 | index e9903bceb2bf1..33fba75aa9f38 100644 |
329 | --- a/fs/nilfs2/sysfs.c |
330 | +++ b/fs/nilfs2/sysfs.c |
331 | @@ -73,11 +73,9 @@ static const struct sysfs_ops nilfs_##name##_attr_ops = { \ |
332 | #define NILFS_DEV_INT_GROUP_TYPE(name, parent_name) \ |
333 | static void nilfs_##name##_attr_release(struct kobject *kobj) \ |
334 | { \ |
335 | - struct nilfs_sysfs_##parent_name##_subgroups *subgroups; \ |
336 | - struct the_nilfs *nilfs = container_of(kobj->parent, \ |
337 | - struct the_nilfs, \ |
338 | - ns_##parent_name##_kobj); \ |
339 | - subgroups = nilfs->ns_##parent_name##_subgroups; \ |
340 | + struct nilfs_sysfs_##parent_name##_subgroups *subgroups = container_of(kobj, \ |
341 | + struct nilfs_sysfs_##parent_name##_subgroups, \ |
342 | + sg_##name##_kobj); \ |
343 | complete(&subgroups->sg_##name##_kobj_unregister); \ |
344 | } \ |
345 | static struct kobj_type nilfs_##name##_ktype = { \ |
346 | @@ -103,12 +101,12 @@ static int nilfs_sysfs_create_##name##_group(struct the_nilfs *nilfs) \ |
347 | err = kobject_init_and_add(kobj, &nilfs_##name##_ktype, parent, \ |
348 | #name); \ |
349 | if (err) \ |
350 | - return err; \ |
351 | - return 0; \ |
352 | + kobject_put(kobj); \ |
353 | + return err; \ |
354 | } \ |
355 | static void nilfs_sysfs_delete_##name##_group(struct the_nilfs *nilfs) \ |
356 | { \ |
357 | - kobject_del(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \ |
358 | + kobject_put(&nilfs->ns_##parent_name##_subgroups->sg_##name##_kobj); \ |
359 | } |
360 | |
361 | /************************************************************************ |
362 | @@ -219,14 +217,14 @@ int nilfs_sysfs_create_snapshot_group(struct nilfs_root *root) |
363 | } |
364 | |
365 | if (err) |
366 | - return err; |
367 | + kobject_put(&root->snapshot_kobj); |
368 | |
369 | - return 0; |
370 | + return err; |
371 | } |
372 | |
373 | void nilfs_sysfs_delete_snapshot_group(struct nilfs_root *root) |
374 | { |
375 | - kobject_del(&root->snapshot_kobj); |
376 | + kobject_put(&root->snapshot_kobj); |
377 | } |
378 | |
379 | /************************************************************************ |
380 | @@ -1010,7 +1008,7 @@ int nilfs_sysfs_create_device_group(struct super_block *sb) |
381 | err = kobject_init_and_add(&nilfs->ns_dev_kobj, &nilfs_dev_ktype, NULL, |
382 | "%s", sb->s_id); |
383 | if (err) |
384 | - goto free_dev_subgroups; |
385 | + goto cleanup_dev_kobject; |
386 | |
387 | err = nilfs_sysfs_create_mounted_snapshots_group(nilfs); |
388 | if (err) |
389 | @@ -1047,9 +1045,7 @@ delete_mounted_snapshots_group: |
390 | nilfs_sysfs_delete_mounted_snapshots_group(nilfs); |
391 | |
392 | cleanup_dev_kobject: |
393 | - kobject_del(&nilfs->ns_dev_kobj); |
394 | - |
395 | -free_dev_subgroups: |
396 | + kobject_put(&nilfs->ns_dev_kobj); |
397 | kfree(nilfs->ns_dev_subgroups); |
398 | |
399 | failed_create_device_group: |
400 | diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h |
401 | index b46133a41f55e..c0707e9bd9186 100644 |
402 | --- a/include/net/sctp/structs.h |
403 | +++ b/include/net/sctp/structs.h |
404 | @@ -470,7 +470,7 @@ struct sctp_af { |
405 | int saddr); |
406 | void (*from_sk) (union sctp_addr *, |
407 | struct sock *sk); |
408 | - void (*from_addr_param) (union sctp_addr *, |
409 | + bool (*from_addr_param) (union sctp_addr *, |
410 | union sctp_addr_param *, |
411 | __be16 port, int iif); |
412 | int (*to_addr_param) (const union sctp_addr *, |
413 | diff --git a/kernel/profile.c b/kernel/profile.c |
414 | index 2dbccf2d806c6..9c78e3ab4b420 100644 |
415 | --- a/kernel/profile.c |
416 | +++ b/kernel/profile.c |
417 | @@ -38,7 +38,8 @@ struct profile_hit { |
418 | #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ) |
419 | |
420 | static atomic_t *prof_buffer; |
421 | -static unsigned long prof_len, prof_shift; |
422 | +static unsigned long prof_len; |
423 | +static unsigned short int prof_shift; |
424 | |
425 | int prof_on __read_mostly; |
426 | EXPORT_SYMBOL_GPL(prof_on); |
427 | @@ -64,8 +65,8 @@ int profile_setup(char *str) |
428 | if (str[strlen(sleepstr)] == ',') |
429 | str += strlen(sleepstr) + 1; |
430 | if (get_option(&str, &par)) |
431 | - prof_shift = par; |
432 | - pr_info("kernel sleep profiling enabled (shift: %ld)\n", |
433 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); |
434 | + pr_info("kernel sleep profiling enabled (shift: %u)\n", |
435 | prof_shift); |
436 | #else |
437 | pr_warn("kernel sleep profiling requires CONFIG_SCHEDSTATS\n"); |
438 | @@ -75,21 +76,21 @@ int profile_setup(char *str) |
439 | if (str[strlen(schedstr)] == ',') |
440 | str += strlen(schedstr) + 1; |
441 | if (get_option(&str, &par)) |
442 | - prof_shift = par; |
443 | - pr_info("kernel schedule profiling enabled (shift: %ld)\n", |
444 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); |
445 | + pr_info("kernel schedule profiling enabled (shift: %u)\n", |
446 | prof_shift); |
447 | } else if (!strncmp(str, kvmstr, strlen(kvmstr))) { |
448 | prof_on = KVM_PROFILING; |
449 | if (str[strlen(kvmstr)] == ',') |
450 | str += strlen(kvmstr) + 1; |
451 | if (get_option(&str, &par)) |
452 | - prof_shift = par; |
453 | - pr_info("kernel KVM profiling enabled (shift: %ld)\n", |
454 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); |
455 | + pr_info("kernel KVM profiling enabled (shift: %u)\n", |
456 | prof_shift); |
457 | } else if (get_option(&str, &par)) { |
458 | - prof_shift = par; |
459 | + prof_shift = clamp(par, 0, BITS_PER_LONG - 1); |
460 | prof_on = CPU_PROFILING; |
461 | - pr_info("kernel profiling enabled (shift: %ld)\n", |
462 | + pr_info("kernel profiling enabled (shift: %u)\n", |
463 | prof_shift); |
464 | } |
465 | return 1; |
466 | @@ -465,7 +466,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) |
467 | unsigned long p = *ppos; |
468 | ssize_t read; |
469 | char *pnt; |
470 | - unsigned int sample_step = 1 << prof_shift; |
471 | + unsigned long sample_step = 1UL << prof_shift; |
472 | |
473 | profile_flip_buffers(); |
474 | if (p >= (prof_len+1)*sizeof(unsigned int)) |
475 | diff --git a/kernel/sys.c b/kernel/sys.c |
476 | index 546cdc911dad4..2e1def48ed73b 100644 |
477 | --- a/kernel/sys.c |
478 | +++ b/kernel/sys.c |
479 | @@ -1774,13 +1774,6 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map) |
480 | |
481 | error = -EINVAL; |
482 | |
483 | - /* |
484 | - * @brk should be after @end_data in traditional maps. |
485 | - */ |
486 | - if (prctl_map->start_brk <= prctl_map->end_data || |
487 | - prctl_map->brk <= prctl_map->end_data) |
488 | - goto out; |
489 | - |
490 | /* |
491 | * Neither we should allow to override limits if they set. |
492 | */ |
493 | diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c |
494 | index f88911cffa1ad..c6a46e8e9eda5 100644 |
495 | --- a/net/9p/trans_virtio.c |
496 | +++ b/net/9p/trans_virtio.c |
497 | @@ -602,7 +602,7 @@ static int p9_virtio_probe(struct virtio_device *vdev) |
498 | chan->vc_wq = kmalloc(sizeof(wait_queue_head_t), GFP_KERNEL); |
499 | if (!chan->vc_wq) { |
500 | err = -ENOMEM; |
501 | - goto out_free_tag; |
502 | + goto out_remove_file; |
503 | } |
504 | init_waitqueue_head(chan->vc_wq); |
505 | chan->ring_bufs_avail = 1; |
506 | @@ -620,6 +620,8 @@ static int p9_virtio_probe(struct virtio_device *vdev) |
507 | |
508 | return 0; |
509 | |
510 | +out_remove_file: |
511 | + sysfs_remove_file(&vdev->dev.kobj, &dev_attr_mount_tag.attr); |
512 | out_free_tag: |
513 | kfree(tag); |
514 | out_free_vq: |
515 | diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c |
516 | index dc4335d817d80..dd9532c5c19dd 100644 |
517 | --- a/net/sctp/bind_addr.c |
518 | +++ b/net/sctp/bind_addr.c |
519 | @@ -285,20 +285,16 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, |
520 | rawaddr = (union sctp_addr_param *)raw_addr_list; |
521 | |
522 | af = sctp_get_af_specific(param_type2af(param->type)); |
523 | - if (unlikely(!af)) { |
524 | + if (unlikely(!af) || |
525 | + !af->from_addr_param(&addr, rawaddr, htons(port), 0)) { |
526 | retval = -EINVAL; |
527 | - sctp_bind_addr_clean(bp); |
528 | - break; |
529 | + goto out_err; |
530 | } |
531 | |
532 | - af->from_addr_param(&addr, rawaddr, htons(port), 0); |
533 | retval = sctp_add_bind_addr(bp, &addr, sizeof(addr), |
534 | SCTP_ADDR_SRC, gfp); |
535 | - if (retval) { |
536 | - /* Can't finish building the list, clean up. */ |
537 | - sctp_bind_addr_clean(bp); |
538 | - break; |
539 | - } |
540 | + if (retval) |
541 | + goto out_err; |
542 | |
543 | len = ntohs(param->length); |
544 | addrs_len -= len; |
545 | @@ -306,6 +302,12 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, |
546 | } |
547 | |
548 | return retval; |
549 | + |
550 | +out_err: |
551 | + if (retval) |
552 | + sctp_bind_addr_clean(bp); |
553 | + |
554 | + return retval; |
555 | } |
556 | |
557 | /******************************************************************** |
558 | diff --git a/net/sctp/input.c b/net/sctp/input.c |
559 | index 8f4574c4aa6ca..9c1670b4a687d 100644 |
560 | --- a/net/sctp/input.c |
561 | +++ b/net/sctp/input.c |
562 | @@ -1051,7 +1051,8 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct net *net, |
563 | if (!af) |
564 | continue; |
565 | |
566 | - af->from_addr_param(paddr, params.addr, sh->source, 0); |
567 | + if (!af->from_addr_param(paddr, params.addr, sh->source, 0)) |
568 | + continue; |
569 | |
570 | asoc = __sctp_lookup_association(net, laddr, paddr, transportp); |
571 | if (asoc) |
572 | @@ -1087,6 +1088,9 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( |
573 | union sctp_addr_param *param; |
574 | union sctp_addr paddr; |
575 | |
576 | + if (ntohs(ch->length) < sizeof(*asconf) + sizeof(struct sctp_paramhdr)) |
577 | + return NULL; |
578 | + |
579 | /* Skip over the ADDIP header and find the Address parameter */ |
580 | param = (union sctp_addr_param *)(asconf + 1); |
581 | |
582 | @@ -1094,7 +1098,8 @@ static struct sctp_association *__sctp_rcv_asconf_lookup( |
583 | if (unlikely(!af)) |
584 | return NULL; |
585 | |
586 | - af->from_addr_param(&paddr, param, peer_port, 0); |
587 | + if (af->from_addr_param(&paddr, param, peer_port, 0)) |
588 | + return NULL; |
589 | |
590 | return __sctp_lookup_association(net, laddr, &paddr, transportp); |
591 | } |
592 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
593 | index 50bc8c4ca9068..01337204d2b6f 100644 |
594 | --- a/net/sctp/ipv6.c |
595 | +++ b/net/sctp/ipv6.c |
596 | @@ -490,15 +490,20 @@ static void sctp_v6_to_sk_daddr(union sctp_addr *addr, struct sock *sk) |
597 | } |
598 | |
599 | /* Initialize a sctp_addr from an address parameter. */ |
600 | -static void sctp_v6_from_addr_param(union sctp_addr *addr, |
601 | +static bool sctp_v6_from_addr_param(union sctp_addr *addr, |
602 | union sctp_addr_param *param, |
603 | __be16 port, int iif) |
604 | { |
605 | + if (ntohs(param->v6.param_hdr.length) < sizeof(struct sctp_ipv6addr_param)) |
606 | + return false; |
607 | + |
608 | addr->v6.sin6_family = AF_INET6; |
609 | addr->v6.sin6_port = port; |
610 | addr->v6.sin6_flowinfo = 0; /* BUG */ |
611 | addr->v6.sin6_addr = param->v6.addr; |
612 | addr->v6.sin6_scope_id = iif; |
613 | + |
614 | + return true; |
615 | } |
616 | |
617 | /* Initialize an address parameter from a sctp_addr and return the length |
618 | diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c |
619 | index b1932fd125dad..02afbe5710083 100644 |
620 | --- a/net/sctp/protocol.c |
621 | +++ b/net/sctp/protocol.c |
622 | @@ -274,14 +274,19 @@ static void sctp_v4_to_sk_daddr(union sctp_addr *addr, struct sock *sk) |
623 | } |
624 | |
625 | /* Initialize a sctp_addr from an address parameter. */ |
626 | -static void sctp_v4_from_addr_param(union sctp_addr *addr, |
627 | +static bool sctp_v4_from_addr_param(union sctp_addr *addr, |
628 | union sctp_addr_param *param, |
629 | __be16 port, int iif) |
630 | { |
631 | + if (ntohs(param->v4.param_hdr.length) < sizeof(struct sctp_ipv4addr_param)) |
632 | + return false; |
633 | + |
634 | addr->v4.sin_family = AF_INET; |
635 | addr->v4.sin_port = port; |
636 | addr->v4.sin_addr.s_addr = param->v4.addr.s_addr; |
637 | memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); |
638 | + |
639 | + return true; |
640 | } |
641 | |
642 | /* Initialize an address parameter from a sctp_addr and return the length |
643 | diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c |
644 | index 0c5aff3bb5391..2e2802f047005 100644 |
645 | --- a/net/sctp/sm_make_chunk.c |
646 | +++ b/net/sctp/sm_make_chunk.c |
647 | @@ -2155,9 +2155,16 @@ static sctp_ierror_t sctp_verify_param(struct net *net, |
648 | break; |
649 | |
650 | case SCTP_PARAM_SET_PRIMARY: |
651 | - if (net->sctp.addip_enable) |
652 | - break; |
653 | - goto fallthrough; |
654 | + if (!net->sctp.addip_enable) |
655 | + goto fallthrough; |
656 | + |
657 | + if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) + |
658 | + sizeof(struct sctp_paramhdr)) { |
659 | + sctp_process_inv_paramlength(asoc, param.p, |
660 | + chunk, err_chunk); |
661 | + retval = SCTP_IERROR_ABORT; |
662 | + } |
663 | + break; |
664 | |
665 | case SCTP_PARAM_HOST_NAME_ADDRESS: |
666 | /* Tell the peer, we won't support this param. */ |
667 | @@ -2335,11 +2342,13 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, |
668 | |
669 | /* Process the initialization parameters. */ |
670 | sctp_walk_params(param, peer_init, init_hdr.params) { |
671 | - if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || |
672 | - param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { |
673 | + if (!src_match && |
674 | + (param.p->type == SCTP_PARAM_IPV4_ADDRESS || |
675 | + param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { |
676 | af = sctp_get_af_specific(param_type2af(param.p->type)); |
677 | - af->from_addr_param(&addr, param.addr, |
678 | - chunk->sctp_hdr->source, 0); |
679 | + if (!af->from_addr_param(&addr, param.addr, |
680 | + chunk->sctp_hdr->source, 0)) |
681 | + continue; |
682 | if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) |
683 | src_match = 1; |
684 | } |
685 | @@ -2533,7 +2542,8 @@ static int sctp_process_param(struct sctp_association *asoc, |
686 | break; |
687 | do_addr_param: |
688 | af = sctp_get_af_specific(param_type2af(param.p->type)); |
689 | - af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); |
690 | + if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0)) |
691 | + break; |
692 | scope = sctp_scope(peer_addr); |
693 | if (sctp_in_scope(net, &addr, scope)) |
694 | if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) |
695 | @@ -2626,15 +2636,13 @@ do_addr_param: |
696 | addr_param = param.v + sizeof(sctp_addip_param_t); |
697 | |
698 | af = sctp_get_af_specific(param_type2af(addr_param->p.type)); |
699 | - if (af == NULL) |
700 | + if (!af) |
701 | break; |
702 | |
703 | - af->from_addr_param(&addr, addr_param, |
704 | - htons(asoc->peer.port), 0); |
705 | + if (!af->from_addr_param(&addr, addr_param, |
706 | + htons(asoc->peer.port), 0)) |
707 | + break; |
708 | |
709 | - /* if the address is invalid, we can't process it. |
710 | - * XXX: see spec for what to do. |
711 | - */ |
712 | if (!af->addr_valid(&addr, NULL, NULL)) |
713 | break; |
714 | |
715 | @@ -3046,7 +3054,8 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, |
716 | if (unlikely(!af)) |
717 | return SCTP_ERROR_DNS_FAILED; |
718 | |
719 | - af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); |
720 | + if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0)) |
721 | + return SCTP_ERROR_DNS_FAILED; |
722 | |
723 | /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast |
724 | * or multicast address. |
725 | @@ -3311,7 +3320,8 @@ static void sctp_asconf_param_success(struct sctp_association *asoc, |
726 | |
727 | /* We have checked the packet before, so we do not check again. */ |
728 | af = sctp_get_af_specific(param_type2af(addr_param->p.type)); |
729 | - af->from_addr_param(&addr, addr_param, htons(bp->port), 0); |
730 | + if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0)) |
731 | + return; |
732 | |
733 | switch (asconf_param->param_hdr.type) { |
734 | case SCTP_PARAM_ADD_IP: |