Contents of /trunk/kernel-alx-legacy/patches-4.9/0384-4.9.285-all-fixes.patch
Parent Directory | Revision Log
Revision 3686 -
(show annotations)
(download)
Mon Oct 24 14:08:01 2022 UTC (19 months, 1 week ago) by niro
File size: 62845 byte(s)
Mon Oct 24 14:08:01 2022 UTC (19 months, 1 week ago) by niro
File size: 62845 byte(s)
-linux-4.9.285
1 | diff --git a/Makefile b/Makefile |
2 | index 9605f840f94b8..2ed953d8e0f2a 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 284 |
9 | +SUBLEVEL = 285 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/arch/alpha/include/asm/io.h b/arch/alpha/include/asm/io.h |
14 | index 355aec0867f4d..e55a5e6ab4608 100644 |
15 | --- a/arch/alpha/include/asm/io.h |
16 | +++ b/arch/alpha/include/asm/io.h |
17 | @@ -60,7 +60,7 @@ extern inline void set_hae(unsigned long new_hae) |
18 | * Change virtual addresses to physical addresses and vv. |
19 | */ |
20 | #ifdef USE_48_BIT_KSEG |
21 | -static inline unsigned long virt_to_phys(void *address) |
22 | +static inline unsigned long virt_to_phys(volatile void *address) |
23 | { |
24 | return (unsigned long)address - IDENT_ADDR; |
25 | } |
26 | @@ -70,7 +70,7 @@ static inline void * phys_to_virt(unsigned long address) |
27 | return (void *) (address + IDENT_ADDR); |
28 | } |
29 | #else |
30 | -static inline unsigned long virt_to_phys(void *address) |
31 | +static inline unsigned long virt_to_phys(volatile void *address) |
32 | { |
33 | unsigned long phys = (unsigned long)address; |
34 | |
35 | @@ -111,7 +111,7 @@ static inline dma_addr_t __deprecated isa_page_to_bus(struct page *page) |
36 | extern unsigned long __direct_map_base; |
37 | extern unsigned long __direct_map_size; |
38 | |
39 | -static inline unsigned long __deprecated virt_to_bus(void *address) |
40 | +static inline unsigned long __deprecated virt_to_bus(volatile void *address) |
41 | { |
42 | unsigned long phys = virt_to_phys(address); |
43 | unsigned long bus = phys + __direct_map_base; |
44 | diff --git a/arch/arm/include/asm/ftrace.h b/arch/arm/include/asm/ftrace.h |
45 | index 22b73112b75f2..1c30be0f5dd02 100644 |
46 | --- a/arch/arm/include/asm/ftrace.h |
47 | +++ b/arch/arm/include/asm/ftrace.h |
48 | @@ -14,6 +14,9 @@ struct dyn_arch_ftrace { |
49 | #ifdef CONFIG_OLD_MCOUNT |
50 | bool old_mcount; |
51 | #endif |
52 | +#ifdef CONFIG_ARM_MODULE_PLTS |
53 | + struct module *mod; |
54 | +#endif |
55 | }; |
56 | |
57 | static inline unsigned long ftrace_call_adjust(unsigned long addr) |
58 | diff --git a/arch/arm/include/asm/insn.h b/arch/arm/include/asm/insn.h |
59 | index e96065da4daeb..0043bf609f271 100644 |
60 | --- a/arch/arm/include/asm/insn.h |
61 | +++ b/arch/arm/include/asm/insn.h |
62 | @@ -12,18 +12,18 @@ arm_gen_nop(void) |
63 | } |
64 | |
65 | unsigned long |
66 | -__arm_gen_branch(unsigned long pc, unsigned long addr, bool link); |
67 | +__arm_gen_branch(unsigned long pc, unsigned long addr, bool link, bool warn); |
68 | |
69 | static inline unsigned long |
70 | arm_gen_branch(unsigned long pc, unsigned long addr) |
71 | { |
72 | - return __arm_gen_branch(pc, addr, false); |
73 | + return __arm_gen_branch(pc, addr, false, true); |
74 | } |
75 | |
76 | static inline unsigned long |
77 | -arm_gen_branch_link(unsigned long pc, unsigned long addr) |
78 | +arm_gen_branch_link(unsigned long pc, unsigned long addr, bool warn) |
79 | { |
80 | - return __arm_gen_branch(pc, addr, true); |
81 | + return __arm_gen_branch(pc, addr, true, warn); |
82 | } |
83 | |
84 | #endif |
85 | diff --git a/arch/arm/include/asm/module.h b/arch/arm/include/asm/module.h |
86 | index ed2319663a1ec..3cfbe81812242 100644 |
87 | --- a/arch/arm/include/asm/module.h |
88 | +++ b/arch/arm/include/asm/module.h |
89 | @@ -18,8 +18,18 @@ enum { |
90 | }; |
91 | #endif |
92 | |
93 | +#define PLT_ENT_STRIDE L1_CACHE_BYTES |
94 | +#define PLT_ENT_COUNT (PLT_ENT_STRIDE / sizeof(u32)) |
95 | +#define PLT_ENT_SIZE (sizeof(struct plt_entries) / PLT_ENT_COUNT) |
96 | + |
97 | +struct plt_entries { |
98 | + u32 ldr[PLT_ENT_COUNT]; |
99 | + u32 lit[PLT_ENT_COUNT]; |
100 | +}; |
101 | + |
102 | struct mod_plt_sec { |
103 | struct elf32_shdr *plt; |
104 | + struct plt_entries *plt_ent; |
105 | int plt_count; |
106 | }; |
107 | |
108 | diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c |
109 | index 414e60ed02573..b1cf37fec3542 100644 |
110 | --- a/arch/arm/kernel/ftrace.c |
111 | +++ b/arch/arm/kernel/ftrace.c |
112 | @@ -95,9 +95,10 @@ int ftrace_arch_code_modify_post_process(void) |
113 | return 0; |
114 | } |
115 | |
116 | -static unsigned long ftrace_call_replace(unsigned long pc, unsigned long addr) |
117 | +static unsigned long ftrace_call_replace(unsigned long pc, unsigned long addr, |
118 | + bool warn) |
119 | { |
120 | - return arm_gen_branch_link(pc, addr); |
121 | + return arm_gen_branch_link(pc, addr, warn); |
122 | } |
123 | |
124 | static int ftrace_modify_code(unsigned long pc, unsigned long old, |
125 | @@ -136,14 +137,14 @@ int ftrace_update_ftrace_func(ftrace_func_t func) |
126 | int ret; |
127 | |
128 | pc = (unsigned long)&ftrace_call; |
129 | - new = ftrace_call_replace(pc, (unsigned long)func); |
130 | + new = ftrace_call_replace(pc, (unsigned long)func, true); |
131 | |
132 | ret = ftrace_modify_code(pc, 0, new, false); |
133 | |
134 | #ifdef CONFIG_OLD_MCOUNT |
135 | if (!ret) { |
136 | pc = (unsigned long)&ftrace_call_old; |
137 | - new = ftrace_call_replace(pc, (unsigned long)func); |
138 | + new = ftrace_call_replace(pc, (unsigned long)func, true); |
139 | |
140 | ret = ftrace_modify_code(pc, 0, new, false); |
141 | } |
142 | @@ -156,9 +157,21 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) |
143 | { |
144 | unsigned long new, old; |
145 | unsigned long ip = rec->ip; |
146 | + unsigned long aaddr = adjust_address(rec, addr); |
147 | + struct module *mod = NULL; |
148 | + |
149 | +#ifdef CONFIG_ARM_MODULE_PLTS |
150 | + mod = rec->arch.mod; |
151 | +#endif |
152 | |
153 | old = ftrace_nop_replace(rec); |
154 | - new = ftrace_call_replace(ip, adjust_address(rec, addr)); |
155 | + new = ftrace_call_replace(ip, aaddr, !mod); |
156 | +#ifdef CONFIG_ARM_MODULE_PLTS |
157 | + if (!new && mod) { |
158 | + aaddr = get_module_plt(mod, ip, aaddr); |
159 | + new = ftrace_call_replace(ip, aaddr, true); |
160 | + } |
161 | +#endif |
162 | |
163 | return ftrace_modify_code(rec->ip, old, new, true); |
164 | } |
165 | @@ -166,12 +179,29 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) |
166 | int ftrace_make_nop(struct module *mod, |
167 | struct dyn_ftrace *rec, unsigned long addr) |
168 | { |
169 | + unsigned long aaddr = adjust_address(rec, addr); |
170 | unsigned long ip = rec->ip; |
171 | unsigned long old; |
172 | unsigned long new; |
173 | int ret; |
174 | |
175 | - old = ftrace_call_replace(ip, adjust_address(rec, addr)); |
176 | +#ifdef CONFIG_ARM_MODULE_PLTS |
177 | + /* mod is only supplied during module loading */ |
178 | + if (!mod) |
179 | + mod = rec->arch.mod; |
180 | + else |
181 | + rec->arch.mod = mod; |
182 | +#endif |
183 | + |
184 | + old = ftrace_call_replace(ip, aaddr, |
185 | + !IS_ENABLED(CONFIG_ARM_MODULE_PLTS) || !mod); |
186 | +#ifdef CONFIG_ARM_MODULE_PLTS |
187 | + if (!old && mod) { |
188 | + aaddr = get_module_plt(mod, ip, aaddr); |
189 | + old = ftrace_call_replace(ip, aaddr, true); |
190 | + } |
191 | +#endif |
192 | + |
193 | new = ftrace_nop_replace(rec); |
194 | ret = ftrace_modify_code(ip, old, new, true); |
195 | |
196 | @@ -179,7 +209,8 @@ int ftrace_make_nop(struct module *mod, |
197 | if (ret == -EINVAL && addr == MCOUNT_ADDR) { |
198 | rec->arch.old_mcount = true; |
199 | |
200 | - old = ftrace_call_replace(ip, adjust_address(rec, addr)); |
201 | + old = ftrace_call_replace(ip, adjust_address(rec, addr), |
202 | + !IS_ENABLED(CONFIG_ARM_MODULE_PLTS) || !mod); |
203 | new = ftrace_nop_replace(rec); |
204 | ret = ftrace_modify_code(ip, old, new, true); |
205 | } |
206 | diff --git a/arch/arm/kernel/insn.c b/arch/arm/kernel/insn.c |
207 | index b760340b70146..eaded01b7edfc 100644 |
208 | --- a/arch/arm/kernel/insn.c |
209 | +++ b/arch/arm/kernel/insn.c |
210 | @@ -2,8 +2,9 @@ |
211 | #include <linux/kernel.h> |
212 | #include <asm/opcodes.h> |
213 | |
214 | -static unsigned long |
215 | -__arm_gen_branch_thumb2(unsigned long pc, unsigned long addr, bool link) |
216 | +static unsigned long __arm_gen_branch_thumb2(unsigned long pc, |
217 | + unsigned long addr, bool link, |
218 | + bool warn) |
219 | { |
220 | unsigned long s, j1, j2, i1, i2, imm10, imm11; |
221 | unsigned long first, second; |
222 | @@ -11,7 +12,7 @@ __arm_gen_branch_thumb2(unsigned long pc, unsigned long addr, bool link) |
223 | |
224 | offset = (long)addr - (long)(pc + 4); |
225 | if (offset < -16777216 || offset > 16777214) { |
226 | - WARN_ON_ONCE(1); |
227 | + WARN_ON_ONCE(warn); |
228 | return 0; |
229 | } |
230 | |
231 | @@ -32,8 +33,8 @@ __arm_gen_branch_thumb2(unsigned long pc, unsigned long addr, bool link) |
232 | return __opcode_thumb32_compose(first, second); |
233 | } |
234 | |
235 | -static unsigned long |
236 | -__arm_gen_branch_arm(unsigned long pc, unsigned long addr, bool link) |
237 | +static unsigned long __arm_gen_branch_arm(unsigned long pc, unsigned long addr, |
238 | + bool link, bool warn) |
239 | { |
240 | unsigned long opcode = 0xea000000; |
241 | long offset; |
242 | @@ -43,7 +44,7 @@ __arm_gen_branch_arm(unsigned long pc, unsigned long addr, bool link) |
243 | |
244 | offset = (long)addr - (long)(pc + 8); |
245 | if (unlikely(offset < -33554432 || offset > 33554428)) { |
246 | - WARN_ON_ONCE(1); |
247 | + WARN_ON_ONCE(warn); |
248 | return 0; |
249 | } |
250 | |
251 | @@ -53,10 +54,10 @@ __arm_gen_branch_arm(unsigned long pc, unsigned long addr, bool link) |
252 | } |
253 | |
254 | unsigned long |
255 | -__arm_gen_branch(unsigned long pc, unsigned long addr, bool link) |
256 | +__arm_gen_branch(unsigned long pc, unsigned long addr, bool link, bool warn) |
257 | { |
258 | if (IS_ENABLED(CONFIG_THUMB2_KERNEL)) |
259 | - return __arm_gen_branch_thumb2(pc, addr, link); |
260 | + return __arm_gen_branch_thumb2(pc, addr, link, warn); |
261 | else |
262 | - return __arm_gen_branch_arm(pc, addr, link); |
263 | + return __arm_gen_branch_arm(pc, addr, link, warn); |
264 | } |
265 | diff --git a/arch/arm/kernel/module-plts.c b/arch/arm/kernel/module-plts.c |
266 | index 3d0c2e4dda1d2..ed0e09cc735f0 100644 |
267 | --- a/arch/arm/kernel/module-plts.c |
268 | +++ b/arch/arm/kernel/module-plts.c |
269 | @@ -7,6 +7,7 @@ |
270 | */ |
271 | |
272 | #include <linux/elf.h> |
273 | +#include <linux/ftrace.h> |
274 | #include <linux/kernel.h> |
275 | #include <linux/module.h> |
276 | #include <linux/sort.h> |
277 | @@ -14,10 +15,6 @@ |
278 | #include <asm/cache.h> |
279 | #include <asm/opcodes.h> |
280 | |
281 | -#define PLT_ENT_STRIDE L1_CACHE_BYTES |
282 | -#define PLT_ENT_COUNT (PLT_ENT_STRIDE / sizeof(u32)) |
283 | -#define PLT_ENT_SIZE (sizeof(struct plt_entries) / PLT_ENT_COUNT) |
284 | - |
285 | #ifdef CONFIG_THUMB2_KERNEL |
286 | #define PLT_ENT_LDR __opcode_to_mem_thumb32(0xf8dff000 | \ |
287 | (PLT_ENT_STRIDE - 4)) |
288 | @@ -26,9 +23,11 @@ |
289 | (PLT_ENT_STRIDE - 8)) |
290 | #endif |
291 | |
292 | -struct plt_entries { |
293 | - u32 ldr[PLT_ENT_COUNT]; |
294 | - u32 lit[PLT_ENT_COUNT]; |
295 | +static const u32 fixed_plts[] = { |
296 | +#ifdef CONFIG_DYNAMIC_FTRACE |
297 | + FTRACE_ADDR, |
298 | + MCOUNT_ADDR, |
299 | +#endif |
300 | }; |
301 | |
302 | static bool in_init(const struct module *mod, unsigned long loc) |
303 | @@ -36,14 +35,40 @@ static bool in_init(const struct module *mod, unsigned long loc) |
304 | return loc - (u32)mod->init_layout.base < mod->init_layout.size; |
305 | } |
306 | |
307 | +static void prealloc_fixed(struct mod_plt_sec *pltsec, struct plt_entries *plt) |
308 | +{ |
309 | + int i; |
310 | + |
311 | + if (!ARRAY_SIZE(fixed_plts) || pltsec->plt_count) |
312 | + return; |
313 | + pltsec->plt_count = ARRAY_SIZE(fixed_plts); |
314 | + |
315 | + for (i = 0; i < ARRAY_SIZE(plt->ldr); ++i) |
316 | + plt->ldr[i] = PLT_ENT_LDR; |
317 | + |
318 | + BUILD_BUG_ON(sizeof(fixed_plts) > sizeof(plt->lit)); |
319 | + memcpy(plt->lit, fixed_plts, sizeof(fixed_plts)); |
320 | +} |
321 | + |
322 | u32 get_module_plt(struct module *mod, unsigned long loc, Elf32_Addr val) |
323 | { |
324 | struct mod_plt_sec *pltsec = !in_init(mod, loc) ? &mod->arch.core : |
325 | &mod->arch.init; |
326 | + struct plt_entries *plt; |
327 | + int idx; |
328 | + |
329 | + /* cache the address, ELF header is available only during module load */ |
330 | + if (!pltsec->plt_ent) |
331 | + pltsec->plt_ent = (struct plt_entries *)pltsec->plt->sh_addr; |
332 | + plt = pltsec->plt_ent; |
333 | |
334 | - struct plt_entries *plt = (struct plt_entries *)pltsec->plt->sh_addr; |
335 | - int idx = 0; |
336 | + prealloc_fixed(pltsec, plt); |
337 | + |
338 | + for (idx = 0; idx < ARRAY_SIZE(fixed_plts); ++idx) |
339 | + if (plt->lit[idx] == val) |
340 | + return (u32)&plt->ldr[idx]; |
341 | |
342 | + idx = 0; |
343 | /* |
344 | * Look for an existing entry pointing to 'val'. Given that the |
345 | * relocations are sorted, this will be the last entry we allocated. |
346 | @@ -191,8 +216,8 @@ static unsigned int count_plts(const Elf32_Sym *syms, Elf32_Addr base, |
347 | int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, |
348 | char *secstrings, struct module *mod) |
349 | { |
350 | - unsigned long core_plts = 0; |
351 | - unsigned long init_plts = 0; |
352 | + unsigned long core_plts = ARRAY_SIZE(fixed_plts); |
353 | + unsigned long init_plts = ARRAY_SIZE(fixed_plts); |
354 | Elf32_Shdr *s, *sechdrs_end = sechdrs + ehdr->e_shnum; |
355 | Elf32_Sym *syms = NULL; |
356 | |
357 | @@ -247,6 +272,7 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, |
358 | mod->arch.core.plt->sh_size = round_up(core_plts * PLT_ENT_SIZE, |
359 | sizeof(struct plt_entries)); |
360 | mod->arch.core.plt_count = 0; |
361 | + mod->arch.core.plt_ent = NULL; |
362 | |
363 | mod->arch.init.plt->sh_type = SHT_NOBITS; |
364 | mod->arch.init.plt->sh_flags = SHF_EXECINSTR | SHF_ALLOC; |
365 | @@ -254,6 +280,7 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, |
366 | mod->arch.init.plt->sh_size = round_up(init_plts * PLT_ENT_SIZE, |
367 | sizeof(struct plt_entries)); |
368 | mod->arch.init.plt_count = 0; |
369 | + mod->arch.init.plt_ent = NULL; |
370 | |
371 | pr_debug("%s: plt=%x, init.plt=%x\n", __func__, |
372 | mod->arch.core.plt->sh_size, mod->arch.init.plt->sh_size); |
373 | diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig |
374 | index 2eb8ae1b2d03f..b12275be0e139 100644 |
375 | --- a/arch/arm64/Kconfig |
376 | +++ b/arch/arm64/Kconfig |
377 | @@ -433,7 +433,7 @@ config ARM64_ERRATUM_1024718 |
378 | help |
379 | This option adds work around for Arm Cortex-A55 Erratum 1024718. |
380 | |
381 | - Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect |
382 | + Affected Cortex-A55 cores (all revisions) could cause incorrect |
383 | update of the hardware dirty bit when the DBM/AP bits are updated |
384 | without a break-before-make. The work around is to disable the usage |
385 | of hardware DBM locally on the affected cores. CPUs not affected by |
386 | diff --git a/arch/arm64/boot/dts/marvell/armada-37xx.dtsi b/arch/arm64/boot/dts/marvell/armada-37xx.dtsi |
387 | index f2004b0955f13..1a2f132033559 100644 |
388 | --- a/arch/arm64/boot/dts/marvell/armada-37xx.dtsi |
389 | +++ b/arch/arm64/boot/dts/marvell/armada-37xx.dtsi |
390 | @@ -186,8 +186,15 @@ |
391 | #interrupt-cells = <1>; |
392 | msi-parent = <&pcie0>; |
393 | msi-controller; |
394 | - ranges = <0x82000000 0 0xe8000000 0 0xe8000000 0 0x1000000 /* Port 0 MEM */ |
395 | - 0x81000000 0 0xe9000000 0 0xe9000000 0 0x10000>; /* Port 0 IO*/ |
396 | + /* |
397 | + * The 128 MiB address range [0xe8000000-0xf0000000] is |
398 | + * dedicated for PCIe and can be assigned to 8 windows |
399 | + * with size a power of two. Use one 64 KiB window for |
400 | + * IO at the end and the remaining seven windows |
401 | + * (totaling 127 MiB) for MEM. |
402 | + */ |
403 | + ranges = <0x82000000 0 0xe8000000 0 0xe8000000 0 0x07f00000 /* Port 0 MEM */ |
404 | + 0x81000000 0 0xefff0000 0 0xefff0000 0 0x00010000>; /* Port 0 IO */ |
405 | interrupt-map-mask = <0 0 0 7>; |
406 | interrupt-map = <0 0 0 1 &pcie_intc 0>, |
407 | <0 0 0 2 &pcie_intc 1>, |
408 | diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c |
409 | index e917d119490ce..9c62365f82671 100644 |
410 | --- a/arch/arm64/kernel/process.c |
411 | +++ b/arch/arm64/kernel/process.c |
412 | @@ -57,7 +57,7 @@ |
413 | |
414 | #ifdef CONFIG_CC_STACKPROTECTOR |
415 | #include <linux/stackprotector.h> |
416 | -unsigned long __stack_chk_guard __read_mostly; |
417 | +unsigned long __stack_chk_guard __ro_after_init; |
418 | EXPORT_SYMBOL(__stack_chk_guard); |
419 | #endif |
420 | |
421 | diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S |
422 | index 3b95e3126eebb..1b91b8c8999bc 100644 |
423 | --- a/arch/arm64/mm/proc.S |
424 | +++ b/arch/arm64/mm/proc.S |
425 | @@ -442,8 +442,8 @@ ENTRY(__cpu_setup) |
426 | cmp x9, #2 |
427 | b.lt 1f |
428 | #ifdef CONFIG_ARM64_ERRATUM_1024718 |
429 | - /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */ |
430 | - cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4 |
431 | + /* Disable hardware DBM on Cortex-A55 all versions */ |
432 | + cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(0xf, 0xf), x1, x2, x3, x4 |
433 | cbnz x1, 1f |
434 | #endif |
435 | orr x10, x10, #TCR_HD // hardware Dirty flag update |
436 | diff --git a/arch/m68k/include/asm/raw_io.h b/arch/m68k/include/asm/raw_io.h |
437 | index 932faa35655b1..2238232c360e9 100644 |
438 | --- a/arch/m68k/include/asm/raw_io.h |
439 | +++ b/arch/m68k/include/asm/raw_io.h |
440 | @@ -30,21 +30,21 @@ extern void __iounmap(void *addr, unsigned long size); |
441 | * two accesses to memory, which may be undesirable for some devices. |
442 | */ |
443 | #define in_8(addr) \ |
444 | - ({ u8 __v = (*(__force volatile u8 *) (addr)); __v; }) |
445 | + ({ u8 __v = (*(__force volatile u8 *) (unsigned long)(addr)); __v; }) |
446 | #define in_be16(addr) \ |
447 | - ({ u16 __v = (*(__force volatile u16 *) (addr)); __v; }) |
448 | + ({ u16 __v = (*(__force volatile u16 *) (unsigned long)(addr)); __v; }) |
449 | #define in_be32(addr) \ |
450 | - ({ u32 __v = (*(__force volatile u32 *) (addr)); __v; }) |
451 | + ({ u32 __v = (*(__force volatile u32 *) (unsigned long)(addr)); __v; }) |
452 | #define in_le16(addr) \ |
453 | - ({ u16 __v = le16_to_cpu(*(__force volatile __le16 *) (addr)); __v; }) |
454 | + ({ u16 __v = le16_to_cpu(*(__force volatile __le16 *) (unsigned long)(addr)); __v; }) |
455 | #define in_le32(addr) \ |
456 | - ({ u32 __v = le32_to_cpu(*(__force volatile __le32 *) (addr)); __v; }) |
457 | + ({ u32 __v = le32_to_cpu(*(__force volatile __le32 *) (unsigned long)(addr)); __v; }) |
458 | |
459 | -#define out_8(addr,b) (void)((*(__force volatile u8 *) (addr)) = (b)) |
460 | -#define out_be16(addr,w) (void)((*(__force volatile u16 *) (addr)) = (w)) |
461 | -#define out_be32(addr,l) (void)((*(__force volatile u32 *) (addr)) = (l)) |
462 | -#define out_le16(addr,w) (void)((*(__force volatile __le16 *) (addr)) = cpu_to_le16(w)) |
463 | -#define out_le32(addr,l) (void)((*(__force volatile __le32 *) (addr)) = cpu_to_le32(l)) |
464 | +#define out_8(addr,b) (void)((*(__force volatile u8 *) (unsigned long)(addr)) = (b)) |
465 | +#define out_be16(addr,w) (void)((*(__force volatile u16 *) (unsigned long)(addr)) = (w)) |
466 | +#define out_be32(addr,l) (void)((*(__force volatile u32 *) (unsigned long)(addr)) = (l)) |
467 | +#define out_le16(addr,w) (void)((*(__force volatile __le16 *) (unsigned long)(addr)) = cpu_to_le16(w)) |
468 | +#define out_le32(addr,l) (void)((*(__force volatile __le32 *) (unsigned long)(addr)) = cpu_to_le32(l)) |
469 | |
470 | #define raw_inb in_8 |
471 | #define raw_inw in_be16 |
472 | diff --git a/arch/parisc/include/asm/page.h b/arch/parisc/include/asm/page.h |
473 | index 80e742a1c162f..088888fcf8df3 100644 |
474 | --- a/arch/parisc/include/asm/page.h |
475 | +++ b/arch/parisc/include/asm/page.h |
476 | @@ -174,7 +174,7 @@ extern int npmem_ranges; |
477 | #include <asm-generic/getorder.h> |
478 | #include <asm/pdc.h> |
479 | |
480 | -#define PAGE0 ((struct zeropage *)__PAGE_OFFSET) |
481 | +#define PAGE0 ((struct zeropage *)absolute_pointer(__PAGE_OFFSET)) |
482 | |
483 | /* DEFINITION OF THE ZERO-PAGE (PAG0) */ |
484 | /* based on work by Jason Eckhardt (jason@equator.com) */ |
485 | diff --git a/arch/sparc/kernel/mdesc.c b/arch/sparc/kernel/mdesc.c |
486 | index 8a6982dfd7334..5aa33bf7139eb 100644 |
487 | --- a/arch/sparc/kernel/mdesc.c |
488 | +++ b/arch/sparc/kernel/mdesc.c |
489 | @@ -37,6 +37,7 @@ struct mdesc_hdr { |
490 | u32 node_sz; /* node block size */ |
491 | u32 name_sz; /* name block size */ |
492 | u32 data_sz; /* data block size */ |
493 | + char data[]; |
494 | } __attribute__((aligned(16))); |
495 | |
496 | struct mdesc_elem { |
497 | @@ -369,7 +370,7 @@ out: |
498 | |
499 | static struct mdesc_elem *node_block(struct mdesc_hdr *mdesc) |
500 | { |
501 | - return (struct mdesc_elem *) (mdesc + 1); |
502 | + return (struct mdesc_elem *) mdesc->data; |
503 | } |
504 | |
505 | static void *name_block(struct mdesc_hdr *mdesc) |
506 | diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c |
507 | index 21e01fc632adb..5c3a3227cb2b1 100644 |
508 | --- a/arch/x86/xen/enlighten.c |
509 | +++ b/arch/x86/xen/enlighten.c |
510 | @@ -872,8 +872,8 @@ static void xen_write_idt_entry(gate_desc *dt, int entrynum, const gate_desc *g) |
511 | preempt_enable(); |
512 | } |
513 | |
514 | -static void xen_convert_trap_info(const struct desc_ptr *desc, |
515 | - struct trap_info *traps) |
516 | +static unsigned xen_convert_trap_info(const struct desc_ptr *desc, |
517 | + struct trap_info *traps, bool full) |
518 | { |
519 | unsigned in, out, count; |
520 | |
521 | @@ -883,17 +883,18 @@ static void xen_convert_trap_info(const struct desc_ptr *desc, |
522 | for (in = out = 0; in < count; in++) { |
523 | gate_desc *entry = (gate_desc*)(desc->address) + in; |
524 | |
525 | - if (cvt_gate_to_trap(in, entry, &traps[out])) |
526 | + if (cvt_gate_to_trap(in, entry, &traps[out]) || full) |
527 | out++; |
528 | } |
529 | - traps[out].address = 0; |
530 | + |
531 | + return out; |
532 | } |
533 | |
534 | void xen_copy_trap_info(struct trap_info *traps) |
535 | { |
536 | const struct desc_ptr *desc = this_cpu_ptr(&idt_desc); |
537 | |
538 | - xen_convert_trap_info(desc, traps); |
539 | + xen_convert_trap_info(desc, traps, true); |
540 | } |
541 | |
542 | /* Load a new IDT into Xen. In principle this can be per-CPU, so we |
543 | @@ -903,6 +904,7 @@ static void xen_load_idt(const struct desc_ptr *desc) |
544 | { |
545 | static DEFINE_SPINLOCK(lock); |
546 | static struct trap_info traps[257]; |
547 | + unsigned out; |
548 | |
549 | trace_xen_cpu_load_idt(desc); |
550 | |
551 | @@ -910,7 +912,8 @@ static void xen_load_idt(const struct desc_ptr *desc) |
552 | |
553 | memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc)); |
554 | |
555 | - xen_convert_trap_info(desc, traps); |
556 | + out = xen_convert_trap_info(desc, traps, false); |
557 | + memset(&traps[out], 0, sizeof(traps[0])); |
558 | |
559 | xen_mc_flush(); |
560 | if (HYPERVISOR_set_trap_table(traps)) |
561 | diff --git a/drivers/cpufreq/cpufreq_governor_attr_set.c b/drivers/cpufreq/cpufreq_governor_attr_set.c |
562 | index 52841f807a7eb..45fdf30cade39 100644 |
563 | --- a/drivers/cpufreq/cpufreq_governor_attr_set.c |
564 | +++ b/drivers/cpufreq/cpufreq_governor_attr_set.c |
565 | @@ -77,8 +77,8 @@ unsigned int gov_attr_set_put(struct gov_attr_set *attr_set, struct list_head *l |
566 | if (count) |
567 | return count; |
568 | |
569 | - kobject_put(&attr_set->kobj); |
570 | mutex_destroy(&attr_set->update_lock); |
571 | + kobject_put(&attr_set->kobj); |
572 | return 0; |
573 | } |
574 | EXPORT_SYMBOL_GPL(gov_attr_set_put); |
575 | diff --git a/drivers/edac/synopsys_edac.c b/drivers/edac/synopsys_edac.c |
576 | index fc153aea2f6cf..091f03852dcac 100644 |
577 | --- a/drivers/edac/synopsys_edac.c |
578 | +++ b/drivers/edac/synopsys_edac.c |
579 | @@ -371,7 +371,7 @@ static int synps_edac_init_csrows(struct mem_ctl_info *mci) |
580 | |
581 | for (j = 0; j < csi->nr_channels; j++) { |
582 | dimm = csi->channels[j]->dimm; |
583 | - dimm->edac_mode = EDAC_FLAG_SECDED; |
584 | + dimm->edac_mode = EDAC_SECDED; |
585 | dimm->mtype = synps_edac_get_mtype(priv->baseaddr); |
586 | dimm->nr_pages = (size >> PAGE_SHIFT) / csi->nr_channels; |
587 | dimm->grain = SYNPS_EDAC_ERR_GRAIN; |
588 | diff --git a/drivers/hid/hid-betopff.c b/drivers/hid/hid-betopff.c |
589 | index 69cfc8dc6af1e..9b60efe6ec441 100644 |
590 | --- a/drivers/hid/hid-betopff.c |
591 | +++ b/drivers/hid/hid-betopff.c |
592 | @@ -59,15 +59,22 @@ static int betopff_init(struct hid_device *hid) |
593 | { |
594 | struct betopff_device *betopff; |
595 | struct hid_report *report; |
596 | - struct hid_input *hidinput = |
597 | - list_first_entry(&hid->inputs, struct hid_input, list); |
598 | + struct hid_input *hidinput; |
599 | struct list_head *report_list = |
600 | &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
601 | - struct input_dev *dev = hidinput->input; |
602 | + struct input_dev *dev; |
603 | int field_count = 0; |
604 | int error; |
605 | int i, j; |
606 | |
607 | + if (list_empty(&hid->inputs)) { |
608 | + hid_err(hid, "no inputs found\n"); |
609 | + return -ENODEV; |
610 | + } |
611 | + |
612 | + hidinput = list_first_entry(&hid->inputs, struct hid_input, list); |
613 | + dev = hidinput->input; |
614 | + |
615 | if (list_empty(report_list)) { |
616 | hid_err(hid, "no output reports found\n"); |
617 | return -ENODEV; |
618 | diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c |
619 | index b6600329a272d..368f849decd1f 100644 |
620 | --- a/drivers/hid/usbhid/hid-core.c |
621 | +++ b/drivers/hid/usbhid/hid-core.c |
622 | @@ -500,7 +500,7 @@ static void hid_ctrl(struct urb *urb) |
623 | |
624 | if (unplug) { |
625 | usbhid->ctrltail = usbhid->ctrlhead; |
626 | - } else { |
627 | + } else if (usbhid->ctrlhead != usbhid->ctrltail) { |
628 | usbhid->ctrltail = (usbhid->ctrltail + 1) & (HID_CONTROL_FIFO_SIZE - 1); |
629 | |
630 | if (usbhid->ctrlhead != usbhid->ctrltail && |
631 | @@ -1185,9 +1185,20 @@ static void usbhid_stop(struct hid_device *hid) |
632 | usbhid->intf->needs_remote_wakeup = 0; |
633 | |
634 | clear_bit(HID_STARTED, &usbhid->iofl); |
635 | + |
636 | spin_lock_irq(&usbhid->lock); /* Sync with error and led handlers */ |
637 | set_bit(HID_DISCONNECTED, &usbhid->iofl); |
638 | + while (usbhid->ctrltail != usbhid->ctrlhead) { |
639 | + if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_OUT) { |
640 | + kfree(usbhid->ctrl[usbhid->ctrltail].raw_report); |
641 | + usbhid->ctrl[usbhid->ctrltail].raw_report = NULL; |
642 | + } |
643 | + |
644 | + usbhid->ctrltail = (usbhid->ctrltail + 1) & |
645 | + (HID_CONTROL_FIFO_SIZE - 1); |
646 | + } |
647 | spin_unlock_irq(&usbhid->lock); |
648 | + |
649 | usb_kill_urb(usbhid->urbin); |
650 | usb_kill_urb(usbhid->urbout); |
651 | usb_kill_urb(usbhid->urbctrl); |
652 | diff --git a/drivers/hwmon/tmp421.c b/drivers/hwmon/tmp421.c |
653 | index bfb98b96c7813..324e7aaeb0b15 100644 |
654 | --- a/drivers/hwmon/tmp421.c |
655 | +++ b/drivers/hwmon/tmp421.c |
656 | @@ -83,23 +83,17 @@ struct tmp421_data { |
657 | s16 temp[4]; |
658 | }; |
659 | |
660 | -static int temp_from_s16(s16 reg) |
661 | +static int temp_from_raw(u16 reg, bool extended) |
662 | { |
663 | /* Mask out status bits */ |
664 | int temp = reg & ~0xf; |
665 | |
666 | - return (temp * 1000 + 128) / 256; |
667 | -} |
668 | - |
669 | -static int temp_from_u16(u16 reg) |
670 | -{ |
671 | - /* Mask out status bits */ |
672 | - int temp = reg & ~0xf; |
673 | - |
674 | - /* Add offset for extended temperature range. */ |
675 | - temp -= 64 * 256; |
676 | + if (extended) |
677 | + temp = temp - 64 * 256; |
678 | + else |
679 | + temp = (s16)temp; |
680 | |
681 | - return (temp * 1000 + 128) / 256; |
682 | + return DIV_ROUND_CLOSEST(temp * 1000, 256); |
683 | } |
684 | |
685 | static struct tmp421_data *tmp421_update_device(struct device *dev) |
686 | @@ -136,10 +130,8 @@ static int tmp421_read(struct device *dev, enum hwmon_sensor_types type, |
687 | |
688 | switch (attr) { |
689 | case hwmon_temp_input: |
690 | - if (tmp421->config & TMP421_CONFIG_RANGE) |
691 | - *val = temp_from_u16(tmp421->temp[channel]); |
692 | - else |
693 | - *val = temp_from_s16(tmp421->temp[channel]); |
694 | + *val = temp_from_raw(tmp421->temp[channel], |
695 | + tmp421->config & TMP421_CONFIG_RANGE); |
696 | return 0; |
697 | case hwmon_temp_fault: |
698 | /* |
699 | diff --git a/drivers/ipack/devices/ipoctal.c b/drivers/ipack/devices/ipoctal.c |
700 | index 75dd15d66df6f..f558aeb8f8884 100644 |
701 | --- a/drivers/ipack/devices/ipoctal.c |
702 | +++ b/drivers/ipack/devices/ipoctal.c |
703 | @@ -38,6 +38,7 @@ struct ipoctal_channel { |
704 | unsigned int pointer_read; |
705 | unsigned int pointer_write; |
706 | struct tty_port tty_port; |
707 | + bool tty_registered; |
708 | union scc2698_channel __iomem *regs; |
709 | union scc2698_block __iomem *block_regs; |
710 | unsigned int board_id; |
711 | @@ -86,22 +87,34 @@ static int ipoctal_port_activate(struct tty_port *port, struct tty_struct *tty) |
712 | return 0; |
713 | } |
714 | |
715 | -static int ipoctal_open(struct tty_struct *tty, struct file *file) |
716 | +static int ipoctal_install(struct tty_driver *driver, struct tty_struct *tty) |
717 | { |
718 | struct ipoctal_channel *channel = dev_get_drvdata(tty->dev); |
719 | struct ipoctal *ipoctal = chan_to_ipoctal(channel, tty->index); |
720 | - int err; |
721 | - |
722 | - tty->driver_data = channel; |
723 | + int res; |
724 | |
725 | if (!ipack_get_carrier(ipoctal->dev)) |
726 | return -EBUSY; |
727 | |
728 | - err = tty_port_open(&channel->tty_port, tty, file); |
729 | - if (err) |
730 | - ipack_put_carrier(ipoctal->dev); |
731 | + res = tty_standard_install(driver, tty); |
732 | + if (res) |
733 | + goto err_put_carrier; |
734 | + |
735 | + tty->driver_data = channel; |
736 | + |
737 | + return 0; |
738 | + |
739 | +err_put_carrier: |
740 | + ipack_put_carrier(ipoctal->dev); |
741 | + |
742 | + return res; |
743 | +} |
744 | + |
745 | +static int ipoctal_open(struct tty_struct *tty, struct file *file) |
746 | +{ |
747 | + struct ipoctal_channel *channel = tty->driver_data; |
748 | |
749 | - return err; |
750 | + return tty_port_open(&channel->tty_port, tty, file); |
751 | } |
752 | |
753 | static void ipoctal_reset_stats(struct ipoctal_stats *stats) |
754 | @@ -269,7 +282,6 @@ static int ipoctal_inst_slot(struct ipoctal *ipoctal, unsigned int bus_nr, |
755 | int res; |
756 | int i; |
757 | struct tty_driver *tty; |
758 | - char name[20]; |
759 | struct ipoctal_channel *channel; |
760 | struct ipack_region *region; |
761 | void __iomem *addr; |
762 | @@ -360,8 +372,11 @@ static int ipoctal_inst_slot(struct ipoctal *ipoctal, unsigned int bus_nr, |
763 | /* Fill struct tty_driver with ipoctal data */ |
764 | tty->owner = THIS_MODULE; |
765 | tty->driver_name = KBUILD_MODNAME; |
766 | - sprintf(name, KBUILD_MODNAME ".%d.%d.", bus_nr, slot); |
767 | - tty->name = name; |
768 | + tty->name = kasprintf(GFP_KERNEL, KBUILD_MODNAME ".%d.%d.", bus_nr, slot); |
769 | + if (!tty->name) { |
770 | + res = -ENOMEM; |
771 | + goto err_put_driver; |
772 | + } |
773 | tty->major = 0; |
774 | |
775 | tty->minor_start = 0; |
776 | @@ -377,8 +392,7 @@ static int ipoctal_inst_slot(struct ipoctal *ipoctal, unsigned int bus_nr, |
777 | res = tty_register_driver(tty); |
778 | if (res) { |
779 | dev_err(&ipoctal->dev->dev, "Can't register tty driver.\n"); |
780 | - put_tty_driver(tty); |
781 | - return res; |
782 | + goto err_free_name; |
783 | } |
784 | |
785 | /* Save struct tty_driver for use it when uninstalling the device */ |
786 | @@ -389,7 +403,9 @@ static int ipoctal_inst_slot(struct ipoctal *ipoctal, unsigned int bus_nr, |
787 | |
788 | channel = &ipoctal->channel[i]; |
789 | tty_port_init(&channel->tty_port); |
790 | - tty_port_alloc_xmit_buf(&channel->tty_port); |
791 | + res = tty_port_alloc_xmit_buf(&channel->tty_port); |
792 | + if (res) |
793 | + continue; |
794 | channel->tty_port.ops = &ipoctal_tty_port_ops; |
795 | |
796 | ipoctal_reset_stats(&channel->stats); |
797 | @@ -397,13 +413,15 @@ static int ipoctal_inst_slot(struct ipoctal *ipoctal, unsigned int bus_nr, |
798 | spin_lock_init(&channel->lock); |
799 | channel->pointer_read = 0; |
800 | channel->pointer_write = 0; |
801 | - tty_dev = tty_port_register_device(&channel->tty_port, tty, i, NULL); |
802 | + tty_dev = tty_port_register_device_attr(&channel->tty_port, tty, |
803 | + i, NULL, channel, NULL); |
804 | if (IS_ERR(tty_dev)) { |
805 | dev_err(&ipoctal->dev->dev, "Failed to register tty device.\n"); |
806 | + tty_port_free_xmit_buf(&channel->tty_port); |
807 | tty_port_destroy(&channel->tty_port); |
808 | continue; |
809 | } |
810 | - dev_set_drvdata(tty_dev, channel); |
811 | + channel->tty_registered = true; |
812 | } |
813 | |
814 | /* |
815 | @@ -415,6 +433,13 @@ static int ipoctal_inst_slot(struct ipoctal *ipoctal, unsigned int bus_nr, |
816 | ipoctal_irq_handler, ipoctal); |
817 | |
818 | return 0; |
819 | + |
820 | +err_free_name: |
821 | + kfree(tty->name); |
822 | +err_put_driver: |
823 | + put_tty_driver(tty); |
824 | + |
825 | + return res; |
826 | } |
827 | |
828 | static inline int ipoctal_copy_write_buffer(struct ipoctal_channel *channel, |
829 | @@ -655,6 +680,7 @@ static void ipoctal_cleanup(struct tty_struct *tty) |
830 | |
831 | static const struct tty_operations ipoctal_fops = { |
832 | .ioctl = NULL, |
833 | + .install = ipoctal_install, |
834 | .open = ipoctal_open, |
835 | .close = ipoctal_close, |
836 | .write = ipoctal_write_tty, |
837 | @@ -697,12 +723,17 @@ static void __ipoctal_remove(struct ipoctal *ipoctal) |
838 | |
839 | for (i = 0; i < NR_CHANNELS; i++) { |
840 | struct ipoctal_channel *channel = &ipoctal->channel[i]; |
841 | + |
842 | + if (!channel->tty_registered) |
843 | + continue; |
844 | + |
845 | tty_unregister_device(ipoctal->tty_drv, i); |
846 | tty_port_free_xmit_buf(&channel->tty_port); |
847 | tty_port_destroy(&channel->tty_port); |
848 | } |
849 | |
850 | tty_unregister_driver(ipoctal->tty_drv); |
851 | + kfree(ipoctal->tty_drv->name); |
852 | put_tty_driver(ipoctal->tty_drv); |
853 | kfree(ipoctal); |
854 | } |
855 | diff --git a/drivers/mcb/mcb-core.c b/drivers/mcb/mcb-core.c |
856 | index 921a5d2a802bf..96801137a1445 100644 |
857 | --- a/drivers/mcb/mcb-core.c |
858 | +++ b/drivers/mcb/mcb-core.c |
859 | @@ -280,8 +280,8 @@ struct mcb_bus *mcb_alloc_bus(struct device *carrier) |
860 | |
861 | bus_nr = ida_simple_get(&mcb_ida, 0, 0, GFP_KERNEL); |
862 | if (bus_nr < 0) { |
863 | - rc = bus_nr; |
864 | - goto err_free; |
865 | + kfree(bus); |
866 | + return ERR_PTR(bus_nr); |
867 | } |
868 | |
869 | bus->bus_nr = bus_nr; |
870 | @@ -296,12 +296,12 @@ struct mcb_bus *mcb_alloc_bus(struct device *carrier) |
871 | dev_set_name(&bus->dev, "mcb:%d", bus_nr); |
872 | rc = device_add(&bus->dev); |
873 | if (rc) |
874 | - goto err_free; |
875 | + goto err_put; |
876 | |
877 | return bus; |
878 | -err_free: |
879 | - put_device(carrier); |
880 | - kfree(bus); |
881 | + |
882 | +err_put: |
883 | + put_device(&bus->dev); |
884 | return ERR_PTR(rc); |
885 | } |
886 | EXPORT_SYMBOL_GPL(mcb_alloc_bus); |
887 | diff --git a/drivers/net/ethernet/i825xx/82596.c b/drivers/net/ethernet/i825xx/82596.c |
888 | index ce235b776793d..299628931bdb0 100644 |
889 | --- a/drivers/net/ethernet/i825xx/82596.c |
890 | +++ b/drivers/net/ethernet/i825xx/82596.c |
891 | @@ -1155,7 +1155,7 @@ struct net_device * __init i82596_probe(int unit) |
892 | err = -ENODEV; |
893 | goto out; |
894 | } |
895 | - memcpy(eth_addr, (void *) 0xfffc1f2c, ETH_ALEN); /* YUCK! Get addr from NOVRAM */ |
896 | + memcpy(eth_addr, absolute_pointer(0xfffc1f2c), ETH_ALEN); /* YUCK! Get addr from NOVRAM */ |
897 | dev->base_addr = MVME_I596_BASE; |
898 | dev->irq = (unsigned) MVME16x_IRQ_I596; |
899 | goto found; |
900 | diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c |
901 | index 9035cb5fc70d3..aa556e4f9051e 100644 |
902 | --- a/drivers/net/ethernet/intel/e100.c |
903 | +++ b/drivers/net/ethernet/intel/e100.c |
904 | @@ -2462,11 +2462,15 @@ static void e100_get_drvinfo(struct net_device *netdev, |
905 | sizeof(info->bus_info)); |
906 | } |
907 | |
908 | -#define E100_PHY_REGS 0x1C |
909 | +#define E100_PHY_REGS 0x1D |
910 | static int e100_get_regs_len(struct net_device *netdev) |
911 | { |
912 | struct nic *nic = netdev_priv(netdev); |
913 | - return 1 + E100_PHY_REGS + sizeof(nic->mem->dump_buf); |
914 | + |
915 | + /* We know the number of registers, and the size of the dump buffer. |
916 | + * Calculate the total size in bytes. |
917 | + */ |
918 | + return (1 + E100_PHY_REGS) * sizeof(u32) + sizeof(nic->mem->dump_buf); |
919 | } |
920 | |
921 | static void e100_get_regs(struct net_device *netdev, |
922 | @@ -2480,14 +2484,18 @@ static void e100_get_regs(struct net_device *netdev, |
923 | buff[0] = ioread8(&nic->csr->scb.cmd_hi) << 24 | |
924 | ioread8(&nic->csr->scb.cmd_lo) << 16 | |
925 | ioread16(&nic->csr->scb.status); |
926 | - for (i = E100_PHY_REGS; i >= 0; i--) |
927 | - buff[1 + E100_PHY_REGS - i] = |
928 | - mdio_read(netdev, nic->mii.phy_id, i); |
929 | + for (i = 0; i < E100_PHY_REGS; i++) |
930 | + /* Note that we read the registers in reverse order. This |
931 | + * ordering is the ABI apparently used by ethtool and other |
932 | + * applications. |
933 | + */ |
934 | + buff[1 + i] = mdio_read(netdev, nic->mii.phy_id, |
935 | + E100_PHY_REGS - 1 - i); |
936 | memset(nic->mem->dump_buf, 0, sizeof(nic->mem->dump_buf)); |
937 | e100_exec_cb(nic, NULL, e100_dump); |
938 | msleep(10); |
939 | - memcpy(&buff[2 + E100_PHY_REGS], nic->mem->dump_buf, |
940 | - sizeof(nic->mem->dump_buf)); |
941 | + memcpy(&buff[1 + E100_PHY_REGS], nic->mem->dump_buf, |
942 | + sizeof(nic->mem->dump_buf)); |
943 | } |
944 | |
945 | static void e100_get_wol(struct net_device *netdev, struct ethtool_wolinfo *wol) |
946 | diff --git a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c |
947 | index 543f30dec4a0c..dbb65145b35ec 100644 |
948 | --- a/drivers/net/ethernet/mellanox/mlx4/en_netdev.c |
949 | +++ b/drivers/net/ethernet/mellanox/mlx4/en_netdev.c |
950 | @@ -309,6 +309,9 @@ mlx4_en_filter_rfs(struct net_device *net_dev, const struct sk_buff *skb, |
951 | int nhoff = skb_network_offset(skb); |
952 | int ret = 0; |
953 | |
954 | + if (skb->encapsulation) |
955 | + return -EPROTONOSUPPORT; |
956 | + |
957 | if (skb->protocol != htons(ETH_P_IP)) |
958 | return -EPROTONOSUPPORT; |
959 | |
960 | diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c |
961 | index dbd56fefa2f3f..0a7ff854d1c34 100644 |
962 | --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c |
963 | +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c |
964 | @@ -178,7 +178,7 @@ static void stmmac_clk_csr_set(struct stmmac_priv *priv) |
965 | priv->clk_csr = STMMAC_CSR_100_150M; |
966 | else if ((clk_rate >= CSR_F_150M) && (clk_rate < CSR_F_250M)) |
967 | priv->clk_csr = STMMAC_CSR_150_250M; |
968 | - else if ((clk_rate >= CSR_F_250M) && (clk_rate < CSR_F_300M)) |
969 | + else if ((clk_rate >= CSR_F_250M) && (clk_rate <= CSR_F_300M)) |
970 | priv->clk_csr = STMMAC_CSR_250_300M; |
971 | } |
972 | } |
973 | diff --git a/drivers/net/hamradio/6pack.c b/drivers/net/hamradio/6pack.c |
974 | index e510dbda77e58..96fb2a2a59f02 100644 |
975 | --- a/drivers/net/hamradio/6pack.c |
976 | +++ b/drivers/net/hamradio/6pack.c |
977 | @@ -68,9 +68,9 @@ |
978 | #define SIXP_DAMA_OFF 0 |
979 | |
980 | /* default level 2 parameters */ |
981 | -#define SIXP_TXDELAY (HZ/4) /* in 1 s */ |
982 | +#define SIXP_TXDELAY 25 /* 250 ms */ |
983 | #define SIXP_PERSIST 50 /* in 256ths */ |
984 | -#define SIXP_SLOTTIME (HZ/10) /* in 1 s */ |
985 | +#define SIXP_SLOTTIME 10 /* 100 ms */ |
986 | #define SIXP_INIT_RESYNC_TIMEOUT (3*HZ/2) /* in 1 s */ |
987 | #define SIXP_RESYNC_TIMEOUT 5*HZ /* in 1 s */ |
988 | |
989 | diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c |
990 | index 5066b7bc67da6..bde19425e9c10 100644 |
991 | --- a/drivers/net/usb/hso.c |
992 | +++ b/drivers/net/usb/hso.c |
993 | @@ -2715,14 +2715,14 @@ struct hso_device *hso_create_mux_serial_device(struct usb_interface *interface, |
994 | |
995 | serial = kzalloc(sizeof(*serial), GFP_KERNEL); |
996 | if (!serial) |
997 | - goto exit; |
998 | + goto err_free_dev; |
999 | |
1000 | hso_dev->port_data.dev_serial = serial; |
1001 | serial->parent = hso_dev; |
1002 | |
1003 | if (hso_serial_common_create |
1004 | (serial, 1, CTRL_URB_RX_SIZE, CTRL_URB_TX_SIZE)) |
1005 | - goto exit; |
1006 | + goto err_free_serial; |
1007 | |
1008 | serial->tx_data_length--; |
1009 | serial->write_data = hso_mux_serial_write_data; |
1010 | @@ -2738,11 +2738,9 @@ struct hso_device *hso_create_mux_serial_device(struct usb_interface *interface, |
1011 | /* done, return it */ |
1012 | return hso_dev; |
1013 | |
1014 | -exit: |
1015 | - if (serial) { |
1016 | - tty_unregister_device(tty_drv, serial->minor); |
1017 | - kfree(serial); |
1018 | - } |
1019 | +err_free_serial: |
1020 | + kfree(serial); |
1021 | +err_free_dev: |
1022 | kfree(hso_dev); |
1023 | return NULL; |
1024 | |
1025 | diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c |
1026 | index 8d10b35caed52..aed17f958448d 100644 |
1027 | --- a/drivers/scsi/scsi_transport_iscsi.c |
1028 | +++ b/drivers/scsi/scsi_transport_iscsi.c |
1029 | @@ -429,9 +429,7 @@ static umode_t iscsi_iface_attr_is_visible(struct kobject *kobj, |
1030 | struct iscsi_transport *t = iface->transport; |
1031 | int param = -1; |
1032 | |
1033 | - if (attr == &dev_attr_iface_enabled.attr) |
1034 | - param = ISCSI_NET_PARAM_IFACE_ENABLE; |
1035 | - else if (attr == &dev_attr_iface_def_taskmgmt_tmo.attr) |
1036 | + if (attr == &dev_attr_iface_def_taskmgmt_tmo.attr) |
1037 | param = ISCSI_IFACE_PARAM_DEF_TASKMGMT_TMO; |
1038 | else if (attr == &dev_attr_iface_header_digest.attr) |
1039 | param = ISCSI_IFACE_PARAM_HDRDGST_EN; |
1040 | @@ -471,7 +469,9 @@ static umode_t iscsi_iface_attr_is_visible(struct kobject *kobj, |
1041 | if (param != -1) |
1042 | return t->attr_is_visible(ISCSI_IFACE_PARAM, param); |
1043 | |
1044 | - if (attr == &dev_attr_iface_vlan_id.attr) |
1045 | + if (attr == &dev_attr_iface_enabled.attr) |
1046 | + param = ISCSI_NET_PARAM_IFACE_ENABLE; |
1047 | + else if (attr == &dev_attr_iface_vlan_id.attr) |
1048 | param = ISCSI_NET_PARAM_VLAN_ID; |
1049 | else if (attr == &dev_attr_iface_vlan_priority.attr) |
1050 | param = ISCSI_NET_PARAM_VLAN_PRIORITY; |
1051 | diff --git a/drivers/spi/spi-tegra20-slink.c b/drivers/spi/spi-tegra20-slink.c |
1052 | index 9f14560686b68..88bfe7682a9eb 100644 |
1053 | --- a/drivers/spi/spi-tegra20-slink.c |
1054 | +++ b/drivers/spi/spi-tegra20-slink.c |
1055 | @@ -1210,7 +1210,7 @@ static int tegra_slink_resume(struct device *dev) |
1056 | } |
1057 | #endif |
1058 | |
1059 | -static int tegra_slink_runtime_suspend(struct device *dev) |
1060 | +static int __maybe_unused tegra_slink_runtime_suspend(struct device *dev) |
1061 | { |
1062 | struct spi_master *master = dev_get_drvdata(dev); |
1063 | struct tegra_slink_data *tspi = spi_master_get_devdata(master); |
1064 | @@ -1222,7 +1222,7 @@ static int tegra_slink_runtime_suspend(struct device *dev) |
1065 | return 0; |
1066 | } |
1067 | |
1068 | -static int tegra_slink_runtime_resume(struct device *dev) |
1069 | +static int __maybe_unused tegra_slink_runtime_resume(struct device *dev) |
1070 | { |
1071 | struct spi_master *master = dev_get_drvdata(dev); |
1072 | struct tegra_slink_data *tspi = spi_master_get_devdata(master); |
1073 | diff --git a/drivers/staging/greybus/uart.c b/drivers/staging/greybus/uart.c |
1074 | index c35c9b766a001..d4c7210cdb0eb 100644 |
1075 | --- a/drivers/staging/greybus/uart.c |
1076 | +++ b/drivers/staging/greybus/uart.c |
1077 | @@ -812,6 +812,17 @@ out: |
1078 | gbphy_runtime_put_autosuspend(gb_tty->gbphy_dev); |
1079 | } |
1080 | |
1081 | +static void gb_tty_port_destruct(struct tty_port *port) |
1082 | +{ |
1083 | + struct gb_tty *gb_tty = container_of(port, struct gb_tty, port); |
1084 | + |
1085 | + if (gb_tty->minor != GB_NUM_MINORS) |
1086 | + release_minor(gb_tty); |
1087 | + kfifo_free(&gb_tty->write_fifo); |
1088 | + kfree(gb_tty->buffer); |
1089 | + kfree(gb_tty); |
1090 | +} |
1091 | + |
1092 | static const struct tty_operations gb_ops = { |
1093 | .install = gb_tty_install, |
1094 | .open = gb_tty_open, |
1095 | @@ -834,6 +845,7 @@ static struct tty_port_operations gb_port_ops = { |
1096 | .dtr_rts = gb_tty_dtr_rts, |
1097 | .activate = gb_tty_port_activate, |
1098 | .shutdown = gb_tty_port_shutdown, |
1099 | + .destruct = gb_tty_port_destruct, |
1100 | }; |
1101 | |
1102 | static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1103 | @@ -846,17 +858,11 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1104 | int retval; |
1105 | int minor; |
1106 | |
1107 | - gb_tty = kzalloc(sizeof(*gb_tty), GFP_KERNEL); |
1108 | - if (!gb_tty) |
1109 | - return -ENOMEM; |
1110 | - |
1111 | connection = gb_connection_create(gbphy_dev->bundle, |
1112 | le16_to_cpu(gbphy_dev->cport_desc->id), |
1113 | gb_uart_request_handler); |
1114 | - if (IS_ERR(connection)) { |
1115 | - retval = PTR_ERR(connection); |
1116 | - goto exit_tty_free; |
1117 | - } |
1118 | + if (IS_ERR(connection)) |
1119 | + return PTR_ERR(connection); |
1120 | |
1121 | max_payload = gb_operation_get_payload_size_max(connection); |
1122 | if (max_payload < sizeof(struct gb_uart_send_data_request)) { |
1123 | @@ -864,13 +870,23 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1124 | goto exit_connection_destroy; |
1125 | } |
1126 | |
1127 | + gb_tty = kzalloc(sizeof(*gb_tty), GFP_KERNEL); |
1128 | + if (!gb_tty) { |
1129 | + retval = -ENOMEM; |
1130 | + goto exit_connection_destroy; |
1131 | + } |
1132 | + |
1133 | + tty_port_init(&gb_tty->port); |
1134 | + gb_tty->port.ops = &gb_port_ops; |
1135 | + gb_tty->minor = GB_NUM_MINORS; |
1136 | + |
1137 | gb_tty->buffer_payload_max = max_payload - |
1138 | sizeof(struct gb_uart_send_data_request); |
1139 | |
1140 | gb_tty->buffer = kzalloc(gb_tty->buffer_payload_max, GFP_KERNEL); |
1141 | if (!gb_tty->buffer) { |
1142 | retval = -ENOMEM; |
1143 | - goto exit_connection_destroy; |
1144 | + goto exit_put_port; |
1145 | } |
1146 | |
1147 | INIT_WORK(&gb_tty->tx_work, gb_uart_tx_write_work); |
1148 | @@ -878,7 +894,7 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1149 | retval = kfifo_alloc(&gb_tty->write_fifo, GB_UART_WRITE_FIFO_SIZE, |
1150 | GFP_KERNEL); |
1151 | if (retval) |
1152 | - goto exit_buf_free; |
1153 | + goto exit_put_port; |
1154 | |
1155 | gb_tty->credits = GB_UART_FIRMWARE_CREDITS; |
1156 | init_completion(&gb_tty->credits_complete); |
1157 | @@ -892,7 +908,7 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1158 | } else { |
1159 | retval = minor; |
1160 | } |
1161 | - goto exit_kfifo_free; |
1162 | + goto exit_put_port; |
1163 | } |
1164 | |
1165 | gb_tty->minor = minor; |
1166 | @@ -901,9 +917,6 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1167 | init_waitqueue_head(&gb_tty->wioctl); |
1168 | mutex_init(&gb_tty->mutex); |
1169 | |
1170 | - tty_port_init(&gb_tty->port); |
1171 | - gb_tty->port.ops = &gb_port_ops; |
1172 | - |
1173 | gb_tty->connection = connection; |
1174 | gb_tty->gbphy_dev = gbphy_dev; |
1175 | gb_connection_set_data(connection, gb_tty); |
1176 | @@ -911,7 +924,7 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1177 | |
1178 | retval = gb_connection_enable_tx(connection); |
1179 | if (retval) |
1180 | - goto exit_release_minor; |
1181 | + goto exit_put_port; |
1182 | |
1183 | send_control(gb_tty, gb_tty->ctrlout); |
1184 | |
1185 | @@ -938,16 +951,10 @@ static int gb_uart_probe(struct gbphy_device *gbphy_dev, |
1186 | |
1187 | exit_connection_disable: |
1188 | gb_connection_disable(connection); |
1189 | -exit_release_minor: |
1190 | - release_minor(gb_tty); |
1191 | -exit_kfifo_free: |
1192 | - kfifo_free(&gb_tty->write_fifo); |
1193 | -exit_buf_free: |
1194 | - kfree(gb_tty->buffer); |
1195 | +exit_put_port: |
1196 | + tty_port_put(&gb_tty->port); |
1197 | exit_connection_destroy: |
1198 | gb_connection_destroy(connection); |
1199 | -exit_tty_free: |
1200 | - kfree(gb_tty); |
1201 | |
1202 | return retval; |
1203 | } |
1204 | @@ -978,15 +985,10 @@ static void gb_uart_remove(struct gbphy_device *gbphy_dev) |
1205 | gb_connection_disable_rx(connection); |
1206 | tty_unregister_device(gb_tty_driver, gb_tty->minor); |
1207 | |
1208 | - /* FIXME - free transmit / receive buffers */ |
1209 | - |
1210 | gb_connection_disable(connection); |
1211 | - tty_port_destroy(&gb_tty->port); |
1212 | gb_connection_destroy(connection); |
1213 | - release_minor(gb_tty); |
1214 | - kfifo_free(&gb_tty->write_fifo); |
1215 | - kfree(gb_tty->buffer); |
1216 | - kfree(gb_tty); |
1217 | + |
1218 | + tty_port_put(&gb_tty->port); |
1219 | } |
1220 | |
1221 | static int gb_tty_init(void) |
1222 | diff --git a/drivers/tty/serial/mvebu-uart.c b/drivers/tty/serial/mvebu-uart.c |
1223 | index a10e4aa9e18ea..ffd454e4bacfb 100644 |
1224 | --- a/drivers/tty/serial/mvebu-uart.c |
1225 | +++ b/drivers/tty/serial/mvebu-uart.c |
1226 | @@ -108,7 +108,7 @@ static unsigned int mvebu_uart_tx_empty(struct uart_port *port) |
1227 | st = readl(port->membase + UART_STAT); |
1228 | spin_unlock_irqrestore(&port->lock, flags); |
1229 | |
1230 | - return (st & STAT_TX_FIFO_EMP) ? TIOCSER_TEMT : 0; |
1231 | + return (st & STAT_TX_EMP) ? TIOCSER_TEMT : 0; |
1232 | } |
1233 | |
1234 | static unsigned int mvebu_uart_get_mctrl(struct uart_port *port) |
1235 | diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c |
1236 | index 8c74d9ebfc502..9f1573b0e4530 100644 |
1237 | --- a/drivers/tty/vt/vt.c |
1238 | +++ b/drivers/tty/vt/vt.c |
1239 | @@ -886,8 +886,25 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, |
1240 | new_row_size = new_cols << 1; |
1241 | new_screen_size = new_row_size * new_rows; |
1242 | |
1243 | - if (new_cols == vc->vc_cols && new_rows == vc->vc_rows) |
1244 | - return 0; |
1245 | + if (new_cols == vc->vc_cols && new_rows == vc->vc_rows) { |
1246 | + /* |
1247 | + * This function is being called here to cover the case |
1248 | + * where the userspace calls the FBIOPUT_VSCREENINFO twice, |
1249 | + * passing the same fb_var_screeninfo containing the fields |
1250 | + * yres/xres equal to a number non-multiple of vc_font.height |
1251 | + * and yres_virtual/xres_virtual equal to number lesser than the |
1252 | + * vc_font.height and yres/xres. |
1253 | + * In the second call, the struct fb_var_screeninfo isn't |
1254 | + * being modified by the underlying driver because of the |
1255 | + * if above, and this causes the fbcon_display->vrows to become |
1256 | + * negative and it eventually leads to out-of-bound |
1257 | + * access by the imageblit function. |
1258 | + * To give the correct values to the struct and to not have |
1259 | + * to deal with possible errors from the code below, we call |
1260 | + * the resize_screen here as well. |
1261 | + */ |
1262 | + return resize_screen(vc, new_cols, new_rows, user); |
1263 | + } |
1264 | |
1265 | if (new_screen_size > (4 << 20) || !new_screen_size) |
1266 | return -EINVAL; |
1267 | diff --git a/drivers/usb/gadget/udc/r8a66597-udc.c b/drivers/usb/gadget/udc/r8a66597-udc.c |
1268 | index 80503c3604ca5..192d76a1bdd58 100644 |
1269 | --- a/drivers/usb/gadget/udc/r8a66597-udc.c |
1270 | +++ b/drivers/usb/gadget/udc/r8a66597-udc.c |
1271 | @@ -1253,7 +1253,7 @@ static void set_feature(struct r8a66597 *r8a66597, struct usb_ctrlrequest *ctrl) |
1272 | do { |
1273 | tmp = r8a66597_read(r8a66597, INTSTS0) & CTSQ; |
1274 | udelay(1); |
1275 | - } while (tmp != CS_IDST || timeout-- > 0); |
1276 | + } while (tmp != CS_IDST && timeout-- > 0); |
1277 | |
1278 | if (tmp == CS_IDST) |
1279 | r8a66597_bset(r8a66597, |
1280 | diff --git a/drivers/usb/musb/tusb6010.c b/drivers/usb/musb/tusb6010.c |
1281 | index e85cc8e4e7a9c..7e9204fdba4a8 100644 |
1282 | --- a/drivers/usb/musb/tusb6010.c |
1283 | +++ b/drivers/usb/musb/tusb6010.c |
1284 | @@ -193,6 +193,7 @@ tusb_fifo_write_unaligned(void __iomem *fifo, const u8 *buf, u16 len) |
1285 | } |
1286 | if (len > 0) { |
1287 | /* Write the rest 1 - 3 bytes to FIFO */ |
1288 | + val = 0; |
1289 | memcpy(&val, buf, len); |
1290 | musb_writel(fifo, 0, val); |
1291 | } |
1292 | diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c |
1293 | index c5d637848f9bb..dde28ede396bf 100644 |
1294 | --- a/drivers/usb/serial/cp210x.c |
1295 | +++ b/drivers/usb/serial/cp210x.c |
1296 | @@ -231,6 +231,7 @@ static const struct usb_device_id id_table[] = { |
1297 | { USB_DEVICE(0x1FB9, 0x0602) }, /* Lake Shore Model 648 Magnet Power Supply */ |
1298 | { USB_DEVICE(0x1FB9, 0x0700) }, /* Lake Shore Model 737 VSM Controller */ |
1299 | { USB_DEVICE(0x1FB9, 0x0701) }, /* Lake Shore Model 776 Hall Matrix */ |
1300 | + { USB_DEVICE(0x2184, 0x0030) }, /* GW Instek GDM-834x Digital Multimeter */ |
1301 | { USB_DEVICE(0x2626, 0xEA60) }, /* Aruba Networks 7xxx USB Serial Console */ |
1302 | { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */ |
1303 | { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */ |
1304 | diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c |
1305 | index 31ca5d925b364..579595a78257a 100644 |
1306 | --- a/drivers/usb/serial/mos7840.c |
1307 | +++ b/drivers/usb/serial/mos7840.c |
1308 | @@ -126,7 +126,6 @@ |
1309 | #define BANDB_DEVICE_ID_USOPTL4_2P 0xBC02 |
1310 | #define BANDB_DEVICE_ID_USOPTL4_4 0xAC44 |
1311 | #define BANDB_DEVICE_ID_USOPTL4_4P 0xBC03 |
1312 | -#define BANDB_DEVICE_ID_USOPTL2_4 0xAC24 |
1313 | |
1314 | /* This driver also supports |
1315 | * ATEN UC2324 device using Moschip MCS7840 |
1316 | @@ -207,7 +206,6 @@ static const struct usb_device_id id_table[] = { |
1317 | {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_2P)}, |
1318 | {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4)}, |
1319 | {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4P)}, |
1320 | - {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL2_4)}, |
1321 | {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2324)}, |
1322 | {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2322)}, |
1323 | {USB_DEVICE(USB_VENDOR_ID_MOXA, MOXA_DEVICE_ID_2210)}, |
1324 | diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
1325 | index 02ded56bcbc6b..ec8ad931f41e3 100644 |
1326 | --- a/drivers/usb/serial/option.c |
1327 | +++ b/drivers/usb/serial/option.c |
1328 | @@ -1187,6 +1187,14 @@ static const struct usb_device_id option_ids[] = { |
1329 | .driver_info = NCTRL(0) | RSVD(1) }, |
1330 | { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1056, 0xff), /* Telit FD980 */ |
1331 | .driver_info = NCTRL(2) | RSVD(3) }, |
1332 | + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1060, 0xff), /* Telit LN920 (rmnet) */ |
1333 | + .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) }, |
1334 | + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1061, 0xff), /* Telit LN920 (MBIM) */ |
1335 | + .driver_info = NCTRL(0) | RSVD(1) }, |
1336 | + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1062, 0xff), /* Telit LN920 (RNDIS) */ |
1337 | + .driver_info = NCTRL(2) | RSVD(3) }, |
1338 | + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1063, 0xff), /* Telit LN920 (ECM) */ |
1339 | + .driver_info = NCTRL(0) | RSVD(1) }, |
1340 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910), |
1341 | .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) }, |
1342 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM), |
1343 | @@ -1632,7 +1640,6 @@ static const struct usb_device_id option_ids[] = { |
1344 | { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0060, 0xff, 0xff, 0xff) }, |
1345 | { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0070, 0xff, 0xff, 0xff) }, |
1346 | { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0073, 0xff, 0xff, 0xff) }, |
1347 | - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0094, 0xff, 0xff, 0xff) }, |
1348 | { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0130, 0xff, 0xff, 0xff), |
1349 | .driver_info = RSVD(1) }, |
1350 | { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0133, 0xff, 0xff, 0xff), |
1351 | @@ -2052,6 +2059,8 @@ static const struct usb_device_id option_ids[] = { |
1352 | .driver_info = RSVD(0) | RSVD(1) | RSVD(6) }, |
1353 | { USB_DEVICE(0x0489, 0xe0b5), /* Foxconn T77W968 ESIM */ |
1354 | .driver_info = RSVD(0) | RSVD(1) | RSVD(6) }, |
1355 | + { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0db, 0xff), /* Foxconn T99W265 MBIM */ |
1356 | + .driver_info = RSVD(3) }, |
1357 | { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */ |
1358 | .driver_info = RSVD(4) | RSVD(5) | RSVD(6) }, |
1359 | { USB_DEVICE(0x2cb7, 0x0104), /* Fibocom NL678 series */ |
1360 | diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h |
1361 | index 4a94effb64f77..ed94496cdc5b3 100644 |
1362 | --- a/drivers/usb/storage/unusual_devs.h |
1363 | +++ b/drivers/usb/storage/unusual_devs.h |
1364 | @@ -435,9 +435,16 @@ UNUSUAL_DEV( 0x04cb, 0x0100, 0x0000, 0x2210, |
1365 | USB_SC_UFI, USB_PR_DEVICE, NULL, US_FL_FIX_INQUIRY | US_FL_SINGLE_LUN), |
1366 | |
1367 | /* |
1368 | - * Reported by Ondrej Zary <linux@rainbow-software.org> |
1369 | + * Reported by Ondrej Zary <linux@zary.sk> |
1370 | * The device reports one sector more and breaks when that sector is accessed |
1371 | + * Firmwares older than 2.6c (the latest one and the only that claims Linux |
1372 | + * support) have also broken tag handling |
1373 | */ |
1374 | +UNUSUAL_DEV( 0x04ce, 0x0002, 0x0000, 0x026b, |
1375 | + "ScanLogic", |
1376 | + "SL11R-IDE", |
1377 | + USB_SC_DEVICE, USB_PR_DEVICE, NULL, |
1378 | + US_FL_FIX_CAPACITY | US_FL_BULK_IGNORE_TAG), |
1379 | UNUSUAL_DEV( 0x04ce, 0x0002, 0x026c, 0x026c, |
1380 | "ScanLogic", |
1381 | "SL11R-IDE", |
1382 | diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c |
1383 | index af78de9ef036c..a4a76f1d275cf 100644 |
1384 | --- a/fs/cifs/connect.c |
1385 | +++ b/fs/cifs/connect.c |
1386 | @@ -2960,9 +2960,10 @@ cifs_match_super(struct super_block *sb, void *data) |
1387 | spin_lock(&cifs_tcp_ses_lock); |
1388 | cifs_sb = CIFS_SB(sb); |
1389 | tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb)); |
1390 | - if (IS_ERR(tlink)) { |
1391 | + if (tlink == NULL) { |
1392 | + /* can not match superblock if tlink were ever null */ |
1393 | spin_unlock(&cifs_tcp_ses_lock); |
1394 | - return rc; |
1395 | + return 0; |
1396 | } |
1397 | tcon = tlink_tcon(tlink); |
1398 | ses = tcon->ses; |
1399 | diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c |
1400 | index 6b3a32f75dadb..ae495dbafb187 100644 |
1401 | --- a/fs/ext4/dir.c |
1402 | +++ b/fs/ext4/dir.c |
1403 | @@ -531,7 +531,7 @@ static int ext4_dx_readdir(struct file *file, struct dir_context *ctx) |
1404 | struct dir_private_info *info = file->private_data; |
1405 | struct inode *inode = file_inode(file); |
1406 | struct fname *fname; |
1407 | - int ret; |
1408 | + int ret = 0; |
1409 | |
1410 | if (!info) { |
1411 | info = ext4_htree_create_dir_info(file, ctx->pos); |
1412 | @@ -579,7 +579,7 @@ static int ext4_dx_readdir(struct file *file, struct dir_context *ctx) |
1413 | info->curr_minor_hash, |
1414 | &info->next_hash); |
1415 | if (ret < 0) |
1416 | - return ret; |
1417 | + goto finished; |
1418 | if (ret == 0) { |
1419 | ctx->pos = ext4_get_htree_eof(file); |
1420 | break; |
1421 | @@ -610,7 +610,7 @@ static int ext4_dx_readdir(struct file *file, struct dir_context *ctx) |
1422 | } |
1423 | finished: |
1424 | info->last_pos = ctx->pos; |
1425 | - return 0; |
1426 | + return ret < 0 ? ret : 0; |
1427 | } |
1428 | |
1429 | static int ext4_dir_open(struct inode * inode, struct file * filp) |
1430 | diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c |
1431 | index 2c3e975126b35..5219f4352ad3c 100644 |
1432 | --- a/fs/ocfs2/dlmglue.c |
1433 | +++ b/fs/ocfs2/dlmglue.c |
1434 | @@ -3704,7 +3704,7 @@ static int ocfs2_data_convert_worker(struct ocfs2_lock_res *lockres, |
1435 | oi = OCFS2_I(inode); |
1436 | oi->ip_dir_lock_gen++; |
1437 | mlog(0, "generation: %u\n", oi->ip_dir_lock_gen); |
1438 | - goto out; |
1439 | + goto out_forget; |
1440 | } |
1441 | |
1442 | if (!S_ISREG(inode->i_mode)) |
1443 | @@ -3735,6 +3735,7 @@ static int ocfs2_data_convert_worker(struct ocfs2_lock_res *lockres, |
1444 | filemap_fdatawait(mapping); |
1445 | } |
1446 | |
1447 | +out_forget: |
1448 | forget_all_cached_acls(inode); |
1449 | |
1450 | out: |
1451 | diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c |
1452 | index 781056a0480f4..b3bde1826001b 100644 |
1453 | --- a/fs/qnx4/dir.c |
1454 | +++ b/fs/qnx4/dir.c |
1455 | @@ -14,13 +14,48 @@ |
1456 | #include <linux/buffer_head.h> |
1457 | #include "qnx4.h" |
1458 | |
1459 | +/* |
1460 | + * A qnx4 directory entry is an inode entry or link info |
1461 | + * depending on the status field in the last byte. The |
1462 | + * first byte is where the name start either way, and a |
1463 | + * zero means it's empty. |
1464 | + * |
1465 | + * Also, due to a bug in gcc, we don't want to use the |
1466 | + * real (differently sized) name arrays in the inode and |
1467 | + * link entries, but always the 'de_name[]' one in the |
1468 | + * fake struct entry. |
1469 | + * |
1470 | + * See |
1471 | + * |
1472 | + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578#c6 |
1473 | + * |
1474 | + * for details, but basically gcc will take the size of the |
1475 | + * 'name' array from one of the used union entries randomly. |
1476 | + * |
1477 | + * This use of 'de_name[]' (48 bytes) avoids the false positive |
1478 | + * warnings that would happen if gcc decides to use 'inode.di_name' |
1479 | + * (16 bytes) even when the pointer and size were to come from |
1480 | + * 'link.dl_name' (48 bytes). |
1481 | + * |
1482 | + * In all cases the actual name pointer itself is the same, it's |
1483 | + * only the gcc internal 'what is the size of this field' logic |
1484 | + * that can get confused. |
1485 | + */ |
1486 | +union qnx4_directory_entry { |
1487 | + struct { |
1488 | + const char de_name[48]; |
1489 | + u8 de_pad[15]; |
1490 | + u8 de_status; |
1491 | + }; |
1492 | + struct qnx4_inode_entry inode; |
1493 | + struct qnx4_link_info link; |
1494 | +}; |
1495 | + |
1496 | static int qnx4_readdir(struct file *file, struct dir_context *ctx) |
1497 | { |
1498 | struct inode *inode = file_inode(file); |
1499 | unsigned int offset; |
1500 | struct buffer_head *bh; |
1501 | - struct qnx4_inode_entry *de; |
1502 | - struct qnx4_link_info *le; |
1503 | unsigned long blknum; |
1504 | int ix, ino; |
1505 | int size; |
1506 | @@ -37,27 +72,27 @@ static int qnx4_readdir(struct file *file, struct dir_context *ctx) |
1507 | } |
1508 | ix = (ctx->pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK; |
1509 | for (; ix < QNX4_INODES_PER_BLOCK; ix++, ctx->pos += QNX4_DIR_ENTRY_SIZE) { |
1510 | + union qnx4_directory_entry *de; |
1511 | + |
1512 | offset = ix * QNX4_DIR_ENTRY_SIZE; |
1513 | - de = (struct qnx4_inode_entry *) (bh->b_data + offset); |
1514 | - if (!de->di_fname[0]) |
1515 | + de = (union qnx4_directory_entry *) (bh->b_data + offset); |
1516 | + |
1517 | + if (!de->de_name[0]) |
1518 | continue; |
1519 | - if (!(de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK))) |
1520 | + if (!(de->de_status & (QNX4_FILE_USED|QNX4_FILE_LINK))) |
1521 | continue; |
1522 | - if (!(de->di_status & QNX4_FILE_LINK)) |
1523 | - size = QNX4_SHORT_NAME_MAX; |
1524 | - else |
1525 | - size = QNX4_NAME_MAX; |
1526 | - size = strnlen(de->di_fname, size); |
1527 | - QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname)); |
1528 | - if (!(de->di_status & QNX4_FILE_LINK)) |
1529 | + if (!(de->de_status & QNX4_FILE_LINK)) { |
1530 | + size = sizeof(de->inode.di_fname); |
1531 | ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1; |
1532 | - else { |
1533 | - le = (struct qnx4_link_info*)de; |
1534 | - ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) * |
1535 | + } else { |
1536 | + size = sizeof(de->link.dl_fname); |
1537 | + ino = ( le32_to_cpu(de->link.dl_inode_blk) - 1 ) * |
1538 | QNX4_INODES_PER_BLOCK + |
1539 | - le->dl_inode_ndx; |
1540 | + de->link.dl_inode_ndx; |
1541 | } |
1542 | - if (!dir_emit(ctx, de->di_fname, size, ino, DT_UNKNOWN)) { |
1543 | + size = strnlen(de->de_name, size); |
1544 | + QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, name)); |
1545 | + if (!dir_emit(ctx, de->de_name, size, ino, DT_UNKNOWN)) { |
1546 | brelse(bh); |
1547 | return 0; |
1548 | } |
1549 | diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
1550 | index 824b1b97f989a..10937279b1520 100644 |
1551 | --- a/include/linux/compiler.h |
1552 | +++ b/include/linux/compiler.h |
1553 | @@ -233,6 +233,8 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
1554 | (typeof(ptr)) (__ptr + (off)); }) |
1555 | #endif |
1556 | |
1557 | +#define absolute_pointer(val) RELOC_HIDE((void *)(val), 0) |
1558 | + |
1559 | #ifndef OPTIMIZER_HIDE_VAR |
1560 | #define OPTIMIZER_HIDE_VAR(var) barrier() |
1561 | #endif |
1562 | diff --git a/include/linux/cred.h b/include/linux/cred.h |
1563 | index 4f614042214b2..09debf2e047f4 100644 |
1564 | --- a/include/linux/cred.h |
1565 | +++ b/include/linux/cred.h |
1566 | @@ -234,7 +234,7 @@ static inline struct cred *get_new_cred(struct cred *cred) |
1567 | * @cred: The credentials to reference |
1568 | * |
1569 | * Get a reference on the specified set of credentials. The caller must |
1570 | - * release the reference. |
1571 | + * release the reference. If %NULL is passed, it is returned with no action. |
1572 | * |
1573 | * This is used to deal with a committed set of credentials. Although the |
1574 | * pointer is const, this will temporarily discard the const and increment the |
1575 | @@ -245,6 +245,8 @@ static inline struct cred *get_new_cred(struct cred *cred) |
1576 | static inline const struct cred *get_cred(const struct cred *cred) |
1577 | { |
1578 | struct cred *nonconst_cred = (struct cred *) cred; |
1579 | + if (!cred) |
1580 | + return cred; |
1581 | validate_creds(cred); |
1582 | nonconst_cred->non_rcu = 0; |
1583 | return get_new_cred(nonconst_cred); |
1584 | @@ -255,7 +257,7 @@ static inline const struct cred *get_cred(const struct cred *cred) |
1585 | * @cred: The credentials to release |
1586 | * |
1587 | * Release a reference to a set of credentials, deleting them when the last ref |
1588 | - * is released. |
1589 | + * is released. If %NULL is passed, nothing is done. |
1590 | * |
1591 | * This takes a const pointer to a set of credentials because the credentials |
1592 | * on task_struct are attached by const pointers to prevent accidental |
1593 | @@ -265,9 +267,11 @@ static inline void put_cred(const struct cred *_cred) |
1594 | { |
1595 | struct cred *cred = (struct cred *) _cred; |
1596 | |
1597 | - validate_creds(cred); |
1598 | - if (atomic_dec_and_test(&(cred)->usage)) |
1599 | - __put_cred(cred); |
1600 | + if (cred) { |
1601 | + validate_creds(cred); |
1602 | + if (atomic_dec_and_test(&(cred)->usage)) |
1603 | + __put_cred(cred); |
1604 | + } |
1605 | } |
1606 | |
1607 | /** |
1608 | diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c |
1609 | index cb771c76682e9..f85802b551970 100644 |
1610 | --- a/kernel/sched/cpufreq_schedutil.c |
1611 | +++ b/kernel/sched/cpufreq_schedutil.c |
1612 | @@ -353,9 +353,17 @@ static struct attribute *sugov_attributes[] = { |
1613 | NULL |
1614 | }; |
1615 | |
1616 | +static void sugov_tunables_free(struct kobject *kobj) |
1617 | +{ |
1618 | + struct gov_attr_set *attr_set = container_of(kobj, struct gov_attr_set, kobj); |
1619 | + |
1620 | + kfree(to_sugov_tunables(attr_set)); |
1621 | +} |
1622 | + |
1623 | static struct kobj_type sugov_tunables_ktype = { |
1624 | .default_attrs = sugov_attributes, |
1625 | .sysfs_ops = &governor_sysfs_ops, |
1626 | + .release = &sugov_tunables_free, |
1627 | }; |
1628 | |
1629 | /********************** cpufreq governor interface *********************/ |
1630 | @@ -397,12 +405,10 @@ static struct sugov_tunables *sugov_tunables_alloc(struct sugov_policy *sg_polic |
1631 | return tunables; |
1632 | } |
1633 | |
1634 | -static void sugov_tunables_free(struct sugov_tunables *tunables) |
1635 | +static void sugov_clear_global_tunables(void) |
1636 | { |
1637 | if (!have_governor_per_policy()) |
1638 | global_tunables = NULL; |
1639 | - |
1640 | - kfree(tunables); |
1641 | } |
1642 | |
1643 | static int sugov_init(struct cpufreq_policy *policy) |
1644 | @@ -462,7 +468,7 @@ static int sugov_init(struct cpufreq_policy *policy) |
1645 | |
1646 | fail: |
1647 | policy->governor_data = NULL; |
1648 | - sugov_tunables_free(tunables); |
1649 | + sugov_clear_global_tunables(); |
1650 | |
1651 | free_sg_policy: |
1652 | mutex_unlock(&global_tunables_lock); |
1653 | @@ -485,7 +491,7 @@ static void sugov_exit(struct cpufreq_policy *policy) |
1654 | count = gov_attr_set_put(&tunables->attr_set, &sg_policy->tunables_hook); |
1655 | policy->governor_data = NULL; |
1656 | if (!count) |
1657 | - sugov_tunables_free(tunables); |
1658 | + sugov_clear_global_tunables(); |
1659 | |
1660 | mutex_unlock(&global_tunables_lock); |
1661 | |
1662 | diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c |
1663 | index 88eb9261c7b5c..056107787f4a9 100644 |
1664 | --- a/kernel/trace/blktrace.c |
1665 | +++ b/kernel/trace/blktrace.c |
1666 | @@ -1584,6 +1584,14 @@ static int blk_trace_remove_queue(struct request_queue *q) |
1667 | if (bt == NULL) |
1668 | return -EINVAL; |
1669 | |
1670 | + if (bt->trace_state == Blktrace_running) { |
1671 | + bt->trace_state = Blktrace_stopped; |
1672 | + spin_lock_irq(&running_trace_lock); |
1673 | + list_del_init(&bt->running_list); |
1674 | + spin_unlock_irq(&running_trace_lock); |
1675 | + relay_flush(bt->rchan); |
1676 | + } |
1677 | + |
1678 | put_probe_ref(); |
1679 | synchronize_rcu(); |
1680 | blk_trace_free(bt); |
1681 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c |
1682 | index 79249a44e4a3b..860ab2e6544cc 100644 |
1683 | --- a/net/ipv4/udp.c |
1684 | +++ b/net/ipv4/udp.c |
1685 | @@ -886,7 +886,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
1686 | __be16 dport; |
1687 | u8 tos; |
1688 | int err, is_udplite = IS_UDPLITE(sk); |
1689 | - int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; |
1690 | + int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE; |
1691 | int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); |
1692 | struct sk_buff *skb; |
1693 | struct ip_options_data opt_copy; |
1694 | @@ -1167,7 +1167,7 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset, |
1695 | } |
1696 | |
1697 | up->len += size; |
1698 | - if (!(up->corkflag || (flags&MSG_MORE))) |
1699 | + if (!(READ_ONCE(up->corkflag) || (flags&MSG_MORE))) |
1700 | ret = udp_push_pending_frames(sk); |
1701 | if (!ret) |
1702 | ret = size; |
1703 | @@ -2034,9 +2034,9 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname, |
1704 | switch (optname) { |
1705 | case UDP_CORK: |
1706 | if (val != 0) { |
1707 | - up->corkflag = 1; |
1708 | + WRITE_ONCE(up->corkflag, 1); |
1709 | } else { |
1710 | - up->corkflag = 0; |
1711 | + WRITE_ONCE(up->corkflag, 0); |
1712 | lock_sock(sk); |
1713 | push_pending_frames(sk); |
1714 | release_sock(sk); |
1715 | @@ -2143,7 +2143,7 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname, |
1716 | |
1717 | switch (optname) { |
1718 | case UDP_CORK: |
1719 | - val = up->corkflag; |
1720 | + val = READ_ONCE(up->corkflag); |
1721 | break; |
1722 | |
1723 | case UDP_ENCAP: |
1724 | diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c |
1725 | index 3a876a2fdd82d..ab81fb04d967c 100644 |
1726 | --- a/net/ipv6/udp.c |
1727 | +++ b/net/ipv6/udp.c |
1728 | @@ -1028,7 +1028,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
1729 | struct ipcm6_cookie ipc6; |
1730 | int addr_len = msg->msg_namelen; |
1731 | int ulen = len; |
1732 | - int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; |
1733 | + int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE; |
1734 | int err; |
1735 | int connected = 0; |
1736 | int is_udplite = IS_UDPLITE(sk); |
1737 | diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c |
1738 | index 48d0dd0beaa5f..b6942b717a592 100644 |
1739 | --- a/net/mac80211/tx.c |
1740 | +++ b/net/mac80211/tx.c |
1741 | @@ -2064,7 +2064,11 @@ static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local, |
1742 | } |
1743 | |
1744 | vht_mcs = iterator.this_arg[4] >> 4; |
1745 | + if (vht_mcs > 11) |
1746 | + vht_mcs = 0; |
1747 | vht_nss = iterator.this_arg[4] & 0xF; |
1748 | + if (!vht_nss || vht_nss > 8) |
1749 | + vht_nss = 1; |
1750 | break; |
1751 | |
1752 | /* |
1753 | diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c |
1754 | index 7819a2507d395..b4d67ec50e638 100644 |
1755 | --- a/net/mac80211/wpa.c |
1756 | +++ b/net/mac80211/wpa.c |
1757 | @@ -514,6 +514,9 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx, |
1758 | return RX_DROP_UNUSABLE; |
1759 | } |
1760 | |
1761 | + /* reload hdr - skb might have been reallocated */ |
1762 | + hdr = (void *)rx->skb->data; |
1763 | + |
1764 | data_len = skb->len - hdrlen - IEEE80211_CCMP_HDR_LEN - mic_len; |
1765 | if (!rx->sta || data_len < 0) |
1766 | return RX_DROP_UNUSABLE; |
1767 | @@ -744,6 +747,9 @@ ieee80211_crypto_gcmp_decrypt(struct ieee80211_rx_data *rx) |
1768 | return RX_DROP_UNUSABLE; |
1769 | } |
1770 | |
1771 | + /* reload hdr - skb might have been reallocated */ |
1772 | + hdr = (void *)rx->skb->data; |
1773 | + |
1774 | data_len = skb->len - hdrlen - IEEE80211_GCMP_HDR_LEN - mic_len; |
1775 | if (!rx->sta || data_len < 0) |
1776 | return RX_DROP_UNUSABLE; |
1777 | diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h |
1778 | index a4bd2d3a4821b..6641c3e43e2ff 100644 |
1779 | --- a/net/netfilter/ipset/ip_set_hash_gen.h |
1780 | +++ b/net/netfilter/ipset/ip_set_hash_gen.h |
1781 | @@ -102,11 +102,11 @@ htable_size(u8 hbits) |
1782 | { |
1783 | size_t hsize; |
1784 | |
1785 | - /* We must fit both into u32 in jhash and size_t */ |
1786 | + /* We must fit both into u32 in jhash and INT_MAX in kvmalloc_node() */ |
1787 | if (hbits > 31) |
1788 | return 0; |
1789 | hsize = jhash_size(hbits); |
1790 | - if ((((size_t)-1) - sizeof(struct htable)) / sizeof(struct hbucket *) |
1791 | + if ((INT_MAX - sizeof(struct htable)) / sizeof(struct hbucket *) |
1792 | < hsize) |
1793 | return 0; |
1794 | |
1795 | diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c |
1796 | index 096a45103f14c..ecde2102d1adf 100644 |
1797 | --- a/net/netfilter/ipvs/ip_vs_conn.c |
1798 | +++ b/net/netfilter/ipvs/ip_vs_conn.c |
1799 | @@ -1406,6 +1406,10 @@ int __init ip_vs_conn_init(void) |
1800 | int idx; |
1801 | |
1802 | /* Compute size and mask */ |
1803 | + if (ip_vs_conn_tab_bits < 8 || ip_vs_conn_tab_bits > 20) { |
1804 | + pr_info("conn_tab_bits not in [8, 20]. Using default value\n"); |
1805 | + ip_vs_conn_tab_bits = CONFIG_IP_VS_TAB_BITS; |
1806 | + } |
1807 | ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; |
1808 | ip_vs_conn_tab_mask = ip_vs_conn_tab_size - 1; |
1809 |