Annotation of /trunk/kernel-alx-legacy/patches-4.9/0397-4.9.298-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3699 -
(hide annotations)
(download)
Mon Oct 24 14:08:13 2022 UTC (20 months ago) by niro
File size: 160930 byte(s)
Mon Oct 24 14:08:13 2022 UTC (20 months ago) by niro
File size: 160930 byte(s)
-linux-4.9.298
| 1 | niro | 3699 | diff --git a/Documentation/rbtree.txt b/Documentation/rbtree.txt |
| 2 | index b9d9cc57be189..9fedfedfd85fc 100644 | ||
| 3 | --- a/Documentation/rbtree.txt | ||
| 4 | +++ b/Documentation/rbtree.txt | ||
| 5 | @@ -190,6 +190,39 @@ Example: | ||
| 6 | for (node = rb_first(&mytree); node; node = rb_next(node)) | ||
| 7 | printk("key=%s\n", rb_entry(node, struct mytype, node)->keystring); | ||
| 8 | |||
| 9 | +Cached rbtrees | ||
| 10 | +-------------- | ||
| 11 | + | ||
| 12 | +Computing the leftmost (smallest) node is quite a common task for binary | ||
| 13 | +search trees, such as for traversals or users relying on a the particular | ||
| 14 | +order for their own logic. To this end, users can use 'struct rb_root_cached' | ||
| 15 | +to optimize O(logN) rb_first() calls to a simple pointer fetch avoiding | ||
| 16 | +potentially expensive tree iterations. This is done at negligible runtime | ||
| 17 | +overhead for maintanence; albeit larger memory footprint. | ||
| 18 | + | ||
| 19 | +Similar to the rb_root structure, cached rbtrees are initialized to be | ||
| 20 | +empty via: | ||
| 21 | + | ||
| 22 | + struct rb_root_cached mytree = RB_ROOT_CACHED; | ||
| 23 | + | ||
| 24 | +Cached rbtree is simply a regular rb_root with an extra pointer to cache the | ||
| 25 | +leftmost node. This allows rb_root_cached to exist wherever rb_root does, | ||
| 26 | +which permits augmented trees to be supported as well as only a few extra | ||
| 27 | +interfaces: | ||
| 28 | + | ||
| 29 | + struct rb_node *rb_first_cached(struct rb_root_cached *tree); | ||
| 30 | + void rb_insert_color_cached(struct rb_node *, struct rb_root_cached *, bool); | ||
| 31 | + void rb_erase_cached(struct rb_node *node, struct rb_root_cached *); | ||
| 32 | + | ||
| 33 | +Both insert and erase calls have their respective counterpart of augmented | ||
| 34 | +trees: | ||
| 35 | + | ||
| 36 | + void rb_insert_augmented_cached(struct rb_node *node, struct rb_root_cached *, | ||
| 37 | + bool, struct rb_augment_callbacks *); | ||
| 38 | + void rb_erase_augmented_cached(struct rb_node *, struct rb_root_cached *, | ||
| 39 | + struct rb_augment_callbacks *); | ||
| 40 | + | ||
| 41 | + | ||
| 42 | Support for Augmented rbtrees | ||
| 43 | ----------------------------- | ||
| 44 | |||
| 45 | diff --git a/Makefile b/Makefile | ||
| 46 | index 70a11157b2404..b0f683f18df71 100644 | ||
| 47 | --- a/Makefile | ||
| 48 | +++ b/Makefile | ||
| 49 | @@ -1,6 +1,6 @@ | ||
| 50 | VERSION = 4 | ||
| 51 | PATCHLEVEL = 9 | ||
| 52 | -SUBLEVEL = 297 | ||
| 53 | +SUBLEVEL = 298 | ||
| 54 | EXTRAVERSION = | ||
| 55 | NAME = Roaring Lionus | ||
| 56 | |||
| 57 | diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi | ||
| 58 | index c2557cf43b3dc..d8bf83d732be3 100644 | ||
| 59 | --- a/arch/arm64/boot/dts/qcom/msm8916.dtsi | ||
| 60 | +++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi | ||
| 61 | @@ -25,8 +25,8 @@ | ||
| 62 | #size-cells = <2>; | ||
| 63 | |||
| 64 | aliases { | ||
| 65 | - sdhc1 = &sdhc_1; /* SDC1 eMMC slot */ | ||
| 66 | - sdhc2 = &sdhc_2; /* SDC2 SD card slot */ | ||
| 67 | + mmc0 = &sdhc_1; /* SDC1 eMMC slot */ | ||
| 68 | + mmc1 = &sdhc_2; /* SDC2 SD card slot */ | ||
| 69 | }; | ||
| 70 | |||
| 71 | chosen { }; | ||
| 72 | diff --git a/arch/mips/bcm63xx/clk.c b/arch/mips/bcm63xx/clk.c | ||
| 73 | index 4f375050ab8e9..3be875a45c834 100644 | ||
| 74 | --- a/arch/mips/bcm63xx/clk.c | ||
| 75 | +++ b/arch/mips/bcm63xx/clk.c | ||
| 76 | @@ -342,6 +342,12 @@ struct clk *clk_get_parent(struct clk *clk) | ||
| 77 | } | ||
| 78 | EXPORT_SYMBOL(clk_get_parent); | ||
| 79 | |||
| 80 | +int clk_set_parent(struct clk *clk, struct clk *parent) | ||
| 81 | +{ | ||
| 82 | + return 0; | ||
| 83 | +} | ||
| 84 | +EXPORT_SYMBOL(clk_set_parent); | ||
| 85 | + | ||
| 86 | unsigned long clk_get_rate(struct clk *clk) | ||
| 87 | { | ||
| 88 | return clk->rate; | ||
| 89 | diff --git a/arch/mips/include/asm/octeon/cvmx-bootinfo.h b/arch/mips/include/asm/octeon/cvmx-bootinfo.h | ||
| 90 | index 62787765575ef..ce6e5fddce0bf 100644 | ||
| 91 | --- a/arch/mips/include/asm/octeon/cvmx-bootinfo.h | ||
| 92 | +++ b/arch/mips/include/asm/octeon/cvmx-bootinfo.h | ||
| 93 | @@ -315,7 +315,7 @@ enum cvmx_chip_types_enum { | ||
| 94 | |||
| 95 | /* Functions to return string based on type */ | ||
| 96 | #define ENUM_BRD_TYPE_CASE(x) \ | ||
| 97 | - case x: return(#x + 16); /* Skip CVMX_BOARD_TYPE_ */ | ||
| 98 | + case x: return (&#x[16]); /* Skip CVMX_BOARD_TYPE_ */ | ||
| 99 | static inline const char *cvmx_board_type_to_string(enum | ||
| 100 | cvmx_board_types_enum type) | ||
| 101 | { | ||
| 102 | @@ -404,7 +404,7 @@ static inline const char *cvmx_board_type_to_string(enum | ||
| 103 | } | ||
| 104 | |||
| 105 | #define ENUM_CHIP_TYPE_CASE(x) \ | ||
| 106 | - case x: return(#x + 15); /* Skip CVMX_CHIP_TYPE */ | ||
| 107 | + case x: return (&#x[15]); /* Skip CVMX_CHIP_TYPE */ | ||
| 108 | static inline const char *cvmx_chip_type_to_string(enum | ||
| 109 | cvmx_chip_types_enum type) | ||
| 110 | { | ||
| 111 | diff --git a/arch/mips/lantiq/clk.c b/arch/mips/lantiq/clk.c | ||
| 112 | index 149f0513c4f5d..d1de57b86683c 100644 | ||
| 113 | --- a/arch/mips/lantiq/clk.c | ||
| 114 | +++ b/arch/mips/lantiq/clk.c | ||
| 115 | @@ -165,6 +165,12 @@ struct clk *of_clk_get_from_provider(struct of_phandle_args *clkspec) | ||
| 116 | return NULL; | ||
| 117 | } | ||
| 118 | |||
| 119 | +int clk_set_parent(struct clk *clk, struct clk *parent) | ||
| 120 | +{ | ||
| 121 | + return 0; | ||
| 122 | +} | ||
| 123 | +EXPORT_SYMBOL(clk_set_parent); | ||
| 124 | + | ||
| 125 | static inline u32 get_counter_resolution(void) | ||
| 126 | { | ||
| 127 | u32 res; | ||
| 128 | diff --git a/arch/mips/mm/gup.c b/arch/mips/mm/gup.c | ||
| 129 | index d8c3c159289a2..71a19d20bbb7a 100644 | ||
| 130 | --- a/arch/mips/mm/gup.c | ||
| 131 | +++ b/arch/mips/mm/gup.c | ||
| 132 | @@ -271,7 +271,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 133 | next = pgd_addr_end(addr, end); | ||
| 134 | if (pgd_none(pgd)) | ||
| 135 | goto slow; | ||
| 136 | - if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) | ||
| 137 | + /* | ||
| 138 | + * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 139 | + * because get_user_pages() may need to cause an early COW in | ||
| 140 | + * order to avoid confusing the normal COW routines. So only | ||
| 141 | + * targets that are already writable are safe to do by just | ||
| 142 | + * looking at the page tables. | ||
| 143 | + */ | ||
| 144 | + if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) | ||
| 145 | goto slow; | ||
| 146 | } while (pgdp++, addr = next, addr != end); | ||
| 147 | local_irq_enable(); | ||
| 148 | diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c | ||
| 149 | index 11c91697d5f9e..5b41779de2337 100644 | ||
| 150 | --- a/arch/parisc/kernel/traps.c | ||
| 151 | +++ b/arch/parisc/kernel/traps.c | ||
| 152 | @@ -793,7 +793,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) | ||
| 153 | * unless pagefault_disable() was called before. | ||
| 154 | */ | ||
| 155 | |||
| 156 | - if (fault_space == 0 && !faulthandler_disabled()) | ||
| 157 | + if (faulthandler_disabled() || fault_space == 0) | ||
| 158 | { | ||
| 159 | /* Clean up and return if in exception table. */ | ||
| 160 | if (fixup_exception(regs)) | ||
| 161 | diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi | ||
| 162 | index 7f60b60601764..39b1c1fa0c81f 100644 | ||
| 163 | --- a/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi | ||
| 164 | +++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi | ||
| 165 | @@ -78,6 +78,7 @@ fman0: fman@400000 { | ||
| 166 | #size-cells = <0>; | ||
| 167 | compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; | ||
| 168 | reg = <0xfc000 0x1000>; | ||
| 169 | + fsl,erratum-a009885; | ||
| 170 | }; | ||
| 171 | |||
| 172 | xmdio0: mdio@fd000 { | ||
| 173 | @@ -85,6 +86,7 @@ fman0: fman@400000 { | ||
| 174 | #size-cells = <0>; | ||
| 175 | compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; | ||
| 176 | reg = <0xfd000 0x1000>; | ||
| 177 | + fsl,erratum-a009885; | ||
| 178 | }; | ||
| 179 | |||
| 180 | ptp_timer0: ptp-timer@fe000 { | ||
| 181 | diff --git a/arch/powerpc/kernel/btext.c b/arch/powerpc/kernel/btext.c | ||
| 182 | index 8275858a434d9..2d91ba38b4524 100644 | ||
| 183 | --- a/arch/powerpc/kernel/btext.c | ||
| 184 | +++ b/arch/powerpc/kernel/btext.c | ||
| 185 | @@ -257,8 +257,10 @@ int __init btext_find_display(int allow_nonstdout) | ||
| 186 | rc = btext_initialize(np); | ||
| 187 | printk("result: %d\n", rc); | ||
| 188 | } | ||
| 189 | - if (rc == 0) | ||
| 190 | + if (rc == 0) { | ||
| 191 | + of_node_put(np); | ||
| 192 | break; | ||
| 193 | + } | ||
| 194 | } | ||
| 195 | return rc; | ||
| 196 | } | ||
| 197 | diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c | ||
| 198 | index 1e8c57207346e..df3af10b8cc95 100644 | ||
| 199 | --- a/arch/powerpc/kernel/prom_init.c | ||
| 200 | +++ b/arch/powerpc/kernel/prom_init.c | ||
| 201 | @@ -2528,7 +2528,7 @@ static void __init fixup_device_tree_efika_add_phy(void) | ||
| 202 | |||
| 203 | /* Check if the phy-handle property exists - bail if it does */ | ||
| 204 | rv = prom_getprop(node, "phy-handle", prop, sizeof(prop)); | ||
| 205 | - if (!rv) | ||
| 206 | + if (rv <= 0) | ||
| 207 | return; | ||
| 208 | |||
| 209 | /* | ||
| 210 | diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c | ||
| 211 | index 9c6f3fd580597..31675c1d678b6 100644 | ||
| 212 | --- a/arch/powerpc/kernel/smp.c | ||
| 213 | +++ b/arch/powerpc/kernel/smp.c | ||
| 214 | @@ -759,10 +759,12 @@ void start_secondary(void *unused) | ||
| 215 | BUG(); | ||
| 216 | } | ||
| 217 | |||
| 218 | +#ifdef CONFIG_PROFILING | ||
| 219 | int setup_profiling_timer(unsigned int multiplier) | ||
| 220 | { | ||
| 221 | return 0; | ||
| 222 | } | ||
| 223 | +#endif | ||
| 224 | |||
| 225 | #ifdef CONFIG_SCHED_SMT | ||
| 226 | /* cpumask of CPUs with asymetric SMT dependancy */ | ||
| 227 | diff --git a/arch/powerpc/platforms/cell/iommu.c b/arch/powerpc/platforms/cell/iommu.c | ||
| 228 | index 7ff51f96a00e8..8df43781f5db9 100644 | ||
| 229 | --- a/arch/powerpc/platforms/cell/iommu.c | ||
| 230 | +++ b/arch/powerpc/platforms/cell/iommu.c | ||
| 231 | @@ -1107,6 +1107,7 @@ static int __init cell_iommu_fixed_mapping_init(void) | ||
| 232 | if (hbase < dbase || (hend > (dbase + dsize))) { | ||
| 233 | pr_debug("iommu: hash window doesn't fit in" | ||
| 234 | "real DMA window\n"); | ||
| 235 | + of_node_put(np); | ||
| 236 | return -1; | ||
| 237 | } | ||
| 238 | } | ||
| 239 | diff --git a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c | ||
| 240 | index bf4a125faec66..db2ea6b6889de 100644 | ||
| 241 | --- a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c | ||
| 242 | +++ b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c | ||
| 243 | @@ -220,6 +220,7 @@ void hlwd_pic_probe(void) | ||
| 244 | irq_set_chained_handler(cascade_virq, | ||
| 245 | hlwd_pic_irq_cascade); | ||
| 246 | hlwd_irq_host = host; | ||
| 247 | + of_node_put(np); | ||
| 248 | break; | ||
| 249 | } | ||
| 250 | } | ||
| 251 | diff --git a/arch/powerpc/platforms/powernv/opal-lpc.c b/arch/powerpc/platforms/powernv/opal-lpc.c | ||
| 252 | index e4169d68cb328..d28c4a9269c38 100644 | ||
| 253 | --- a/arch/powerpc/platforms/powernv/opal-lpc.c | ||
| 254 | +++ b/arch/powerpc/platforms/powernv/opal-lpc.c | ||
| 255 | @@ -401,6 +401,7 @@ void opal_lpc_init(void) | ||
| 256 | if (!of_get_property(np, "primary", NULL)) | ||
| 257 | continue; | ||
| 258 | opal_lpc_chip_id = of_get_ibm_chip_id(np); | ||
| 259 | + of_node_put(np); | ||
| 260 | break; | ||
| 261 | } | ||
| 262 | if (opal_lpc_chip_id < 0) | ||
| 263 | diff --git a/arch/s390/mm/gup.c b/arch/s390/mm/gup.c | ||
| 264 | index cf045f56581e3..be1e2ed6405d3 100644 | ||
| 265 | --- a/arch/s390/mm/gup.c | ||
| 266 | +++ b/arch/s390/mm/gup.c | ||
| 267 | @@ -261,7 +261,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 268 | |||
| 269 | might_sleep(); | ||
| 270 | start &= PAGE_MASK; | ||
| 271 | - nr = __get_user_pages_fast(start, nr_pages, write, pages); | ||
| 272 | + /* | ||
| 273 | + * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 274 | + * because get_user_pages() may need to cause an early COW in | ||
| 275 | + * order to avoid confusing the normal COW routines. So only | ||
| 276 | + * targets that are already writable are safe to do by just | ||
| 277 | + * looking at the page tables. | ||
| 278 | + */ | ||
| 279 | + nr = __get_user_pages_fast(start, nr_pages, 1, pages); | ||
| 280 | if (nr == nr_pages) | ||
| 281 | return nr; | ||
| 282 | |||
| 283 | diff --git a/arch/sh/mm/gup.c b/arch/sh/mm/gup.c | ||
| 284 | index 063c298ba56cc..7fec66e34af06 100644 | ||
| 285 | --- a/arch/sh/mm/gup.c | ||
| 286 | +++ b/arch/sh/mm/gup.c | ||
| 287 | @@ -239,7 +239,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 288 | next = pgd_addr_end(addr, end); | ||
| 289 | if (pgd_none(pgd)) | ||
| 290 | goto slow; | ||
| 291 | - if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) | ||
| 292 | + /* | ||
| 293 | + * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 294 | + * because get_user_pages() may need to cause an early COW in | ||
| 295 | + * order to avoid confusing the normal COW routines. So only | ||
| 296 | + * targets that are already writable are safe to do by just | ||
| 297 | + * looking at the page tables. | ||
| 298 | + */ | ||
| 299 | + if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) | ||
| 300 | goto slow; | ||
| 301 | } while (pgdp++, addr = next, addr != end); | ||
| 302 | local_irq_enable(); | ||
| 303 | diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c | ||
| 304 | index cd0e32bbcb1de..685679f879888 100644 | ||
| 305 | --- a/arch/sparc/mm/gup.c | ||
| 306 | +++ b/arch/sparc/mm/gup.c | ||
| 307 | @@ -218,7 +218,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 308 | next = pgd_addr_end(addr, end); | ||
| 309 | if (pgd_none(pgd)) | ||
| 310 | goto slow; | ||
| 311 | - if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) | ||
| 312 | + /* | ||
| 313 | + * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 314 | + * because get_user_pages() may need to cause an early COW in | ||
| 315 | + * order to avoid confusing the normal COW routines. So only | ||
| 316 | + * targets that are already writable are safe to do by just | ||
| 317 | + * looking at the page tables. | ||
| 318 | + */ | ||
| 319 | + if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) | ||
| 320 | goto slow; | ||
| 321 | } while (pgdp++, addr = next, addr != end); | ||
| 322 | |||
| 323 | diff --git a/arch/um/include/shared/registers.h b/arch/um/include/shared/registers.h | ||
| 324 | index a74449b5b0e31..12ad7c435e97f 100644 | ||
| 325 | --- a/arch/um/include/shared/registers.h | ||
| 326 | +++ b/arch/um/include/shared/registers.h | ||
| 327 | @@ -16,8 +16,8 @@ extern int restore_fp_registers(int pid, unsigned long *fp_regs); | ||
| 328 | extern int save_fpx_registers(int pid, unsigned long *fp_regs); | ||
| 329 | extern int restore_fpx_registers(int pid, unsigned long *fp_regs); | ||
| 330 | extern int save_registers(int pid, struct uml_pt_regs *regs); | ||
| 331 | -extern int restore_registers(int pid, struct uml_pt_regs *regs); | ||
| 332 | -extern int init_registers(int pid); | ||
| 333 | +extern int restore_pid_registers(int pid, struct uml_pt_regs *regs); | ||
| 334 | +extern int init_pid_registers(int pid); | ||
| 335 | extern void get_safe_registers(unsigned long *regs, unsigned long *fp_regs); | ||
| 336 | extern unsigned long get_thread_reg(int reg, jmp_buf *buf); | ||
| 337 | extern int get_fp_registers(int pid, unsigned long *regs); | ||
| 338 | diff --git a/arch/um/os-Linux/registers.c b/arch/um/os-Linux/registers.c | ||
| 339 | index 2ff8d4fe83c4f..34a5963bd7efd 100644 | ||
| 340 | --- a/arch/um/os-Linux/registers.c | ||
| 341 | +++ b/arch/um/os-Linux/registers.c | ||
| 342 | @@ -21,7 +21,7 @@ int save_registers(int pid, struct uml_pt_regs *regs) | ||
| 343 | return 0; | ||
| 344 | } | ||
| 345 | |||
| 346 | -int restore_registers(int pid, struct uml_pt_regs *regs) | ||
| 347 | +int restore_pid_registers(int pid, struct uml_pt_regs *regs) | ||
| 348 | { | ||
| 349 | int err; | ||
| 350 | |||
| 351 | @@ -36,7 +36,7 @@ int restore_registers(int pid, struct uml_pt_regs *regs) | ||
| 352 | static unsigned long exec_regs[MAX_REG_NR]; | ||
| 353 | static unsigned long exec_fp_regs[FP_SIZE]; | ||
| 354 | |||
| 355 | -int init_registers(int pid) | ||
| 356 | +int init_pid_registers(int pid) | ||
| 357 | { | ||
| 358 | int err; | ||
| 359 | |||
| 360 | diff --git a/arch/um/os-Linux/start_up.c b/arch/um/os-Linux/start_up.c | ||
| 361 | index 22a358ef1b0cd..dc06933ba63d9 100644 | ||
| 362 | --- a/arch/um/os-Linux/start_up.c | ||
| 363 | +++ b/arch/um/os-Linux/start_up.c | ||
| 364 | @@ -334,7 +334,7 @@ void __init os_early_checks(void) | ||
| 365 | check_tmpexec(); | ||
| 366 | |||
| 367 | pid = start_ptraced_child(); | ||
| 368 | - if (init_registers(pid)) | ||
| 369 | + if (init_pid_registers(pid)) | ||
| 370 | fatal("Failed to initialize default registers"); | ||
| 371 | stop_ptraced_child(pid, 1, 1); | ||
| 372 | } | ||
| 373 | diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c | ||
| 374 | index 82f727fbbbd2c..549f89fb3abc9 100644 | ||
| 375 | --- a/arch/x86/mm/gup.c | ||
| 376 | +++ b/arch/x86/mm/gup.c | ||
| 377 | @@ -454,7 +454,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 378 | next = pgd_addr_end(addr, end); | ||
| 379 | if (pgd_none(pgd)) | ||
| 380 | goto slow; | ||
| 381 | - if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) | ||
| 382 | + /* | ||
| 383 | + * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 384 | + * because get_user_pages() may need to cause an early COW in | ||
| 385 | + * order to avoid confusing the normal COW routines. So only | ||
| 386 | + * targets that are already writable are safe to do by just | ||
| 387 | + * looking at the page tables. | ||
| 388 | + */ | ||
| 389 | + if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) | ||
| 390 | goto slow; | ||
| 391 | } while (pgdp++, addr = next, addr != end); | ||
| 392 | local_irq_enable(); | ||
| 393 | diff --git a/arch/x86/um/syscalls_64.c b/arch/x86/um/syscalls_64.c | ||
| 394 | index e6552275320bc..40ecacb2c54b3 100644 | ||
| 395 | --- a/arch/x86/um/syscalls_64.c | ||
| 396 | +++ b/arch/x86/um/syscalls_64.c | ||
| 397 | @@ -9,6 +9,7 @@ | ||
| 398 | #include <linux/uaccess.h> | ||
| 399 | #include <asm/prctl.h> /* XXX This should get the constants from libc */ | ||
| 400 | #include <os.h> | ||
| 401 | +#include <registers.h> | ||
| 402 | |||
| 403 | long arch_prctl(struct task_struct *task, int code, unsigned long __user *addr) | ||
| 404 | { | ||
| 405 | @@ -32,7 +33,7 @@ long arch_prctl(struct task_struct *task, int code, unsigned long __user *addr) | ||
| 406 | switch (code) { | ||
| 407 | case ARCH_SET_FS: | ||
| 408 | case ARCH_SET_GS: | ||
| 409 | - ret = restore_registers(pid, ¤t->thread.regs.regs); | ||
| 410 | + ret = restore_pid_registers(pid, ¤t->thread.regs.regs); | ||
| 411 | if (ret) | ||
| 412 | return ret; | ||
| 413 | break; | ||
| 414 | diff --git a/drivers/acpi/acpica/exoparg1.c b/drivers/acpi/acpica/exoparg1.c | ||
| 415 | index 007300433cdea..1cea26a741474 100644 | ||
| 416 | --- a/drivers/acpi/acpica/exoparg1.c | ||
| 417 | +++ b/drivers/acpi/acpica/exoparg1.c | ||
| 418 | @@ -1029,7 +1029,8 @@ acpi_status acpi_ex_opcode_1A_0T_1R(struct acpi_walk_state *walk_state) | ||
| 419 | (walk_state, return_desc, | ||
| 420 | &temp_desc); | ||
| 421 | if (ACPI_FAILURE(status)) { | ||
| 422 | - goto cleanup; | ||
| 423 | + return_ACPI_STATUS | ||
| 424 | + (status); | ||
| 425 | } | ||
| 426 | |||
| 427 | return_desc = temp_desc; | ||
| 428 | diff --git a/drivers/acpi/acpica/utdelete.c b/drivers/acpi/acpica/utdelete.c | ||
| 429 | index 03a2282ceb9ca..81a9c47973ce8 100644 | ||
| 430 | --- a/drivers/acpi/acpica/utdelete.c | ||
| 431 | +++ b/drivers/acpi/acpica/utdelete.c | ||
| 432 | @@ -440,6 +440,7 @@ acpi_ut_update_ref_count(union acpi_operand_object *object, u32 action) | ||
| 433 | ACPI_WARNING((AE_INFO, | ||
| 434 | "Obj %p, Reference Count is already zero, cannot decrement\n", | ||
| 435 | object)); | ||
| 436 | + return; | ||
| 437 | } | ||
| 438 | |||
| 439 | ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS, | ||
| 440 | diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c | ||
| 441 | index 4496e7a492352..7164be9710e51 100644 | ||
| 442 | --- a/drivers/block/floppy.c | ||
| 443 | +++ b/drivers/block/floppy.c | ||
| 444 | @@ -994,7 +994,7 @@ static DECLARE_DELAYED_WORK(fd_timer, fd_timer_workfn); | ||
| 445 | static void cancel_activity(void) | ||
| 446 | { | ||
| 447 | do_floppy = NULL; | ||
| 448 | - cancel_delayed_work_sync(&fd_timer); | ||
| 449 | + cancel_delayed_work(&fd_timer); | ||
| 450 | cancel_work_sync(&floppy_work); | ||
| 451 | } | ||
| 452 | |||
| 453 | @@ -3116,6 +3116,8 @@ static void raw_cmd_free(struct floppy_raw_cmd **ptr) | ||
| 454 | } | ||
| 455 | } | ||
| 456 | |||
| 457 | +#define MAX_LEN (1UL << MAX_ORDER << PAGE_SHIFT) | ||
| 458 | + | ||
| 459 | static int raw_cmd_copyin(int cmd, void __user *param, | ||
| 460 | struct floppy_raw_cmd **rcmd) | ||
| 461 | { | ||
| 462 | @@ -3153,7 +3155,7 @@ loop: | ||
| 463 | ptr->resultcode = 0; | ||
| 464 | |||
| 465 | if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) { | ||
| 466 | - if (ptr->length <= 0) | ||
| 467 | + if (ptr->length <= 0 || ptr->length >= MAX_LEN) | ||
| 468 | return -EINVAL; | ||
| 469 | ptr->kernel_data = (char *)fd_dma_mem_alloc(ptr->length); | ||
| 470 | fallback_on_nodma_alloc(&ptr->kernel_data, ptr->length); | ||
| 471 | diff --git a/drivers/bluetooth/bfusb.c b/drivers/bluetooth/bfusb.c | ||
| 472 | index 3bf4ec60e0736..cee2de027e5ad 100644 | ||
| 473 | --- a/drivers/bluetooth/bfusb.c | ||
| 474 | +++ b/drivers/bluetooth/bfusb.c | ||
| 475 | @@ -644,6 +644,9 @@ static int bfusb_probe(struct usb_interface *intf, const struct usb_device_id *i | ||
| 476 | data->bulk_out_ep = bulk_out_ep->desc.bEndpointAddress; | ||
| 477 | data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize); | ||
| 478 | |||
| 479 | + if (!data->bulk_pkt_size) | ||
| 480 | + goto done; | ||
| 481 | + | ||
| 482 | rwlock_init(&data->lock); | ||
| 483 | |||
| 484 | data->reassembly = NULL; | ||
| 485 | diff --git a/drivers/char/mwave/3780i.h b/drivers/char/mwave/3780i.h | ||
| 486 | index 9ccb6b270b071..95164246afd1a 100644 | ||
| 487 | --- a/drivers/char/mwave/3780i.h | ||
| 488 | +++ b/drivers/char/mwave/3780i.h | ||
| 489 | @@ -68,7 +68,7 @@ typedef struct { | ||
| 490 | unsigned char ClockControl:1; /* RW: Clock control: 0=normal, 1=stop 3780i clocks */ | ||
| 491 | unsigned char SoftReset:1; /* RW: Soft reset 0=normal, 1=soft reset active */ | ||
| 492 | unsigned char ConfigMode:1; /* RW: Configuration mode, 0=normal, 1=config mode */ | ||
| 493 | - unsigned char Reserved:5; /* 0: Reserved */ | ||
| 494 | + unsigned short Reserved:13; /* 0: Reserved */ | ||
| 495 | } DSP_ISA_SLAVE_CONTROL; | ||
| 496 | |||
| 497 | |||
| 498 | diff --git a/drivers/char/random.c b/drivers/char/random.c | ||
| 499 | index 2184d87623272..70ee86e034fcd 100644 | ||
| 500 | --- a/drivers/char/random.c | ||
| 501 | +++ b/drivers/char/random.c | ||
| 502 | @@ -845,8 +845,8 @@ static void do_numa_crng_init(struct work_struct *work) | ||
| 503 | crng_initialize(crng); | ||
| 504 | pool[i] = crng; | ||
| 505 | } | ||
| 506 | - mb(); | ||
| 507 | - if (cmpxchg(&crng_node_pool, NULL, pool)) { | ||
| 508 | + /* pairs with READ_ONCE() in select_crng() */ | ||
| 509 | + if (cmpxchg_release(&crng_node_pool, NULL, pool) != NULL) { | ||
| 510 | for_each_node(i) | ||
| 511 | kfree(pool[i]); | ||
| 512 | kfree(pool); | ||
| 513 | @@ -859,8 +859,26 @@ static void numa_crng_init(void) | ||
| 514 | { | ||
| 515 | schedule_work(&numa_crng_init_work); | ||
| 516 | } | ||
| 517 | + | ||
| 518 | +static struct crng_state *select_crng(void) | ||
| 519 | +{ | ||
| 520 | + struct crng_state **pool; | ||
| 521 | + int nid = numa_node_id(); | ||
| 522 | + | ||
| 523 | + /* pairs with cmpxchg_release() in do_numa_crng_init() */ | ||
| 524 | + pool = READ_ONCE(crng_node_pool); | ||
| 525 | + if (pool && pool[nid]) | ||
| 526 | + return pool[nid]; | ||
| 527 | + | ||
| 528 | + return &primary_crng; | ||
| 529 | +} | ||
| 530 | #else | ||
| 531 | static void numa_crng_init(void) {} | ||
| 532 | + | ||
| 533 | +static struct crng_state *select_crng(void) | ||
| 534 | +{ | ||
| 535 | + return &primary_crng; | ||
| 536 | +} | ||
| 537 | #endif | ||
| 538 | |||
| 539 | static void crng_reseed(struct crng_state *crng, struct entropy_store *r) | ||
| 540 | @@ -890,7 +908,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) | ||
| 541 | crng->state[i+4] ^= buf.key[i] ^ rv; | ||
| 542 | } | ||
| 543 | memzero_explicit(&buf, sizeof(buf)); | ||
| 544 | - crng->init_time = jiffies; | ||
| 545 | + WRITE_ONCE(crng->init_time, jiffies); | ||
| 546 | if (crng == &primary_crng && crng_init < 2) { | ||
| 547 | numa_crng_init(); | ||
| 548 | crng_init = 2; | ||
| 549 | @@ -928,12 +946,15 @@ static inline void crng_wait_ready(void) | ||
| 550 | static void _extract_crng(struct crng_state *crng, | ||
| 551 | __u8 out[CHACHA20_BLOCK_SIZE]) | ||
| 552 | { | ||
| 553 | - unsigned long v, flags; | ||
| 554 | - | ||
| 555 | - if (crng_ready() && | ||
| 556 | - (time_after(crng_global_init_time, crng->init_time) || | ||
| 557 | - time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))) | ||
| 558 | - crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL); | ||
| 559 | + unsigned long v, flags, init_time; | ||
| 560 | + | ||
| 561 | + if (crng_ready()) { | ||
| 562 | + init_time = READ_ONCE(crng->init_time); | ||
| 563 | + if (time_after(READ_ONCE(crng_global_init_time), init_time) || | ||
| 564 | + time_after(jiffies, init_time + CRNG_RESEED_INTERVAL)) | ||
| 565 | + crng_reseed(crng, crng == &primary_crng ? | ||
| 566 | + &input_pool : NULL); | ||
| 567 | + } | ||
| 568 | spin_lock_irqsave(&crng->lock, flags); | ||
| 569 | if (arch_get_random_long(&v)) | ||
| 570 | crng->state[14] ^= v; | ||
| 571 | @@ -945,15 +966,7 @@ static void _extract_crng(struct crng_state *crng, | ||
| 572 | |||
| 573 | static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE]) | ||
| 574 | { | ||
| 575 | - struct crng_state *crng = NULL; | ||
| 576 | - | ||
| 577 | -#ifdef CONFIG_NUMA | ||
| 578 | - if (crng_node_pool) | ||
| 579 | - crng = crng_node_pool[numa_node_id()]; | ||
| 580 | - if (crng == NULL) | ||
| 581 | -#endif | ||
| 582 | - crng = &primary_crng; | ||
| 583 | - _extract_crng(crng, out); | ||
| 584 | + _extract_crng(select_crng(), out); | ||
| 585 | } | ||
| 586 | |||
| 587 | /* | ||
| 588 | @@ -982,15 +995,7 @@ static void _crng_backtrack_protect(struct crng_state *crng, | ||
| 589 | |||
| 590 | static void crng_backtrack_protect(__u8 tmp[CHACHA20_BLOCK_SIZE], int used) | ||
| 591 | { | ||
| 592 | - struct crng_state *crng = NULL; | ||
| 593 | - | ||
| 594 | -#ifdef CONFIG_NUMA | ||
| 595 | - if (crng_node_pool) | ||
| 596 | - crng = crng_node_pool[numa_node_id()]; | ||
| 597 | - if (crng == NULL) | ||
| 598 | -#endif | ||
| 599 | - crng = &primary_crng; | ||
| 600 | - _crng_backtrack_protect(crng, tmp, used); | ||
| 601 | + _crng_backtrack_protect(select_crng(), tmp, used); | ||
| 602 | } | ||
| 603 | |||
| 604 | static ssize_t extract_crng_user(void __user *buf, size_t nbytes) | ||
| 605 | @@ -1914,7 +1919,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) | ||
| 606 | if (crng_init < 2) | ||
| 607 | return -ENODATA; | ||
| 608 | crng_reseed(&primary_crng, &input_pool); | ||
| 609 | - crng_global_init_time = jiffies - 1; | ||
| 610 | + WRITE_ONCE(crng_global_init_time, jiffies - 1); | ||
| 611 | return 0; | ||
| 612 | default: | ||
| 613 | return -EINVAL; | ||
| 614 | diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c | ||
| 615 | index 47e114ac09d01..ff1e788f92767 100644 | ||
| 616 | --- a/drivers/crypto/qce/sha.c | ||
| 617 | +++ b/drivers/crypto/qce/sha.c | ||
| 618 | @@ -544,8 +544,8 @@ static int qce_ahash_register_one(const struct qce_ahash_def *def, | ||
| 619 | |||
| 620 | ret = crypto_register_ahash(alg); | ||
| 621 | if (ret) { | ||
| 622 | - kfree(tmpl); | ||
| 623 | dev_err(qce->dev, "%s registration failed\n", base->cra_name); | ||
| 624 | + kfree(tmpl); | ||
| 625 | return ret; | ||
| 626 | } | ||
| 627 | |||
| 628 | diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c | ||
| 629 | index a505be9ef96da..c15ca560fe60d 100644 | ||
| 630 | --- a/drivers/dma/at_xdmac.c | ||
| 631 | +++ b/drivers/dma/at_xdmac.c | ||
| 632 | @@ -100,6 +100,7 @@ | ||
| 633 | #define AT_XDMAC_CNDC_NDE (0x1 << 0) /* Channel x Next Descriptor Enable */ | ||
| 634 | #define AT_XDMAC_CNDC_NDSUP (0x1 << 1) /* Channel x Next Descriptor Source Update */ | ||
| 635 | #define AT_XDMAC_CNDC_NDDUP (0x1 << 2) /* Channel x Next Descriptor Destination Update */ | ||
| 636 | +#define AT_XDMAC_CNDC_NDVIEW_MASK GENMASK(28, 27) | ||
| 637 | #define AT_XDMAC_CNDC_NDVIEW_NDV0 (0x0 << 3) /* Channel x Next Descriptor View 0 */ | ||
| 638 | #define AT_XDMAC_CNDC_NDVIEW_NDV1 (0x1 << 3) /* Channel x Next Descriptor View 1 */ | ||
| 639 | #define AT_XDMAC_CNDC_NDVIEW_NDV2 (0x2 << 3) /* Channel x Next Descriptor View 2 */ | ||
| 640 | @@ -232,15 +233,15 @@ struct at_xdmac { | ||
| 641 | |||
| 642 | /* Linked List Descriptor */ | ||
| 643 | struct at_xdmac_lld { | ||
| 644 | - dma_addr_t mbr_nda; /* Next Descriptor Member */ | ||
| 645 | - u32 mbr_ubc; /* Microblock Control Member */ | ||
| 646 | - dma_addr_t mbr_sa; /* Source Address Member */ | ||
| 647 | - dma_addr_t mbr_da; /* Destination Address Member */ | ||
| 648 | - u32 mbr_cfg; /* Configuration Register */ | ||
| 649 | - u32 mbr_bc; /* Block Control Register */ | ||
| 650 | - u32 mbr_ds; /* Data Stride Register */ | ||
| 651 | - u32 mbr_sus; /* Source Microblock Stride Register */ | ||
| 652 | - u32 mbr_dus; /* Destination Microblock Stride Register */ | ||
| 653 | + u32 mbr_nda; /* Next Descriptor Member */ | ||
| 654 | + u32 mbr_ubc; /* Microblock Control Member */ | ||
| 655 | + u32 mbr_sa; /* Source Address Member */ | ||
| 656 | + u32 mbr_da; /* Destination Address Member */ | ||
| 657 | + u32 mbr_cfg; /* Configuration Register */ | ||
| 658 | + u32 mbr_bc; /* Block Control Register */ | ||
| 659 | + u32 mbr_ds; /* Data Stride Register */ | ||
| 660 | + u32 mbr_sus; /* Source Microblock Stride Register */ | ||
| 661 | + u32 mbr_dus; /* Destination Microblock Stride Register */ | ||
| 662 | }; | ||
| 663 | |||
| 664 | /* 64-bit alignment needed to update CNDA and CUBC registers in an atomic way. */ | ||
| 665 | @@ -345,9 +346,6 @@ static void at_xdmac_start_xfer(struct at_xdmac_chan *atchan, | ||
| 666 | |||
| 667 | dev_vdbg(chan2dev(&atchan->chan), "%s: desc 0x%p\n", __func__, first); | ||
| 668 | |||
| 669 | - if (at_xdmac_chan_is_enabled(atchan)) | ||
| 670 | - return; | ||
| 671 | - | ||
| 672 | /* Set transfer as active to not try to start it again. */ | ||
| 673 | first->active_xfer = true; | ||
| 674 | |||
| 675 | @@ -363,7 +361,8 @@ static void at_xdmac_start_xfer(struct at_xdmac_chan *atchan, | ||
| 676 | */ | ||
| 677 | if (at_xdmac_chan_is_cyclic(atchan)) | ||
| 678 | reg = AT_XDMAC_CNDC_NDVIEW_NDV1; | ||
| 679 | - else if (first->lld.mbr_ubc & AT_XDMAC_MBR_UBC_NDV3) | ||
| 680 | + else if ((first->lld.mbr_ubc & | ||
| 681 | + AT_XDMAC_CNDC_NDVIEW_MASK) == AT_XDMAC_MBR_UBC_NDV3) | ||
| 682 | reg = AT_XDMAC_CNDC_NDVIEW_NDV3; | ||
| 683 | else | ||
| 684 | reg = AT_XDMAC_CNDC_NDVIEW_NDV2; | ||
| 685 | @@ -428,13 +427,12 @@ static dma_cookie_t at_xdmac_tx_submit(struct dma_async_tx_descriptor *tx) | ||
| 686 | spin_lock_irqsave(&atchan->lock, irqflags); | ||
| 687 | cookie = dma_cookie_assign(tx); | ||
| 688 | |||
| 689 | + list_add_tail(&desc->xfer_node, &atchan->xfers_list); | ||
| 690 | + spin_unlock_irqrestore(&atchan->lock, irqflags); | ||
| 691 | + | ||
| 692 | dev_vdbg(chan2dev(tx->chan), "%s: atchan 0x%p, add desc 0x%p to xfers_list\n", | ||
| 693 | __func__, atchan, desc); | ||
| 694 | - list_add_tail(&desc->xfer_node, &atchan->xfers_list); | ||
| 695 | - if (list_is_singular(&atchan->xfers_list)) | ||
| 696 | - at_xdmac_start_xfer(atchan, desc); | ||
| 697 | |||
| 698 | - spin_unlock_irqrestore(&atchan->lock, irqflags); | ||
| 699 | return cookie; | ||
| 700 | } | ||
| 701 | |||
| 702 | diff --git a/drivers/dma/mmp_pdma.c b/drivers/dma/mmp_pdma.c | ||
| 703 | index eb3a1f42ab065..e8b2d3e31de80 100644 | ||
| 704 | --- a/drivers/dma/mmp_pdma.c | ||
| 705 | +++ b/drivers/dma/mmp_pdma.c | ||
| 706 | @@ -722,12 +722,6 @@ static int mmp_pdma_config(struct dma_chan *dchan, | ||
| 707 | |||
| 708 | chan->dir = cfg->direction; | ||
| 709 | chan->dev_addr = addr; | ||
| 710 | - /* FIXME: drivers should be ported over to use the filter | ||
| 711 | - * function. Once that's done, the following two lines can | ||
| 712 | - * be removed. | ||
| 713 | - */ | ||
| 714 | - if (cfg->slave_id) | ||
| 715 | - chan->drcmr = cfg->slave_id; | ||
| 716 | |||
| 717 | return 0; | ||
| 718 | } | ||
| 719 | diff --git a/drivers/dma/pxa_dma.c b/drivers/dma/pxa_dma.c | ||
| 720 | index 3f56f9ca44824..5bd1ade187d3f 100644 | ||
| 721 | --- a/drivers/dma/pxa_dma.c | ||
| 722 | +++ b/drivers/dma/pxa_dma.c | ||
| 723 | @@ -975,13 +975,6 @@ static void pxad_get_config(struct pxad_chan *chan, | ||
| 724 | *dcmd |= PXA_DCMD_BURST16; | ||
| 725 | else if (maxburst == 32) | ||
| 726 | *dcmd |= PXA_DCMD_BURST32; | ||
| 727 | - | ||
| 728 | - /* FIXME: drivers should be ported over to use the filter | ||
| 729 | - * function. Once that's done, the following two lines can | ||
| 730 | - * be removed. | ||
| 731 | - */ | ||
| 732 | - if (chan->cfg.slave_id) | ||
| 733 | - chan->drcmr = chan->cfg.slave_id; | ||
| 734 | } | ||
| 735 | |||
| 736 | static struct dma_async_tx_descriptor * | ||
| 737 | diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c | ||
| 738 | index 986248f7011aa..c479280590e42 100644 | ||
| 739 | --- a/drivers/gpio/gpiolib-acpi.c | ||
| 740 | +++ b/drivers/gpio/gpiolib-acpi.c | ||
| 741 | @@ -675,10 +675,17 @@ int acpi_dev_gpio_irq_get(struct acpi_device *adev, int index) | ||
| 742 | irq_flags = acpi_dev_get_irq_type(info.triggering, | ||
| 743 | info.polarity); | ||
| 744 | |||
| 745 | - /* Set type if specified and different than the current one */ | ||
| 746 | - if (irq_flags != IRQ_TYPE_NONE && | ||
| 747 | - irq_flags != irq_get_trigger_type(irq)) | ||
| 748 | - irq_set_irq_type(irq, irq_flags); | ||
| 749 | + /* | ||
| 750 | + * If the IRQ is not already in use then set type | ||
| 751 | + * if specified and different than the current one. | ||
| 752 | + */ | ||
| 753 | + if (can_request_irq(irq, irq_flags)) { | ||
| 754 | + if (irq_flags != IRQ_TYPE_NONE && | ||
| 755 | + irq_flags != irq_get_trigger_type(irq)) | ||
| 756 | + irq_set_irq_type(irq, irq_flags); | ||
| 757 | + } else { | ||
| 758 | + dev_dbg(&adev->dev, "IRQ %d already in use\n", irq); | ||
| 759 | + } | ||
| 760 | |||
| 761 | return irq; | ||
| 762 | } | ||
| 763 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | ||
| 764 | index eb79d0d3d34f1..7264169d5f2a7 100644 | ||
| 765 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | ||
| 766 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | ||
| 767 | @@ -404,6 +404,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder) | ||
| 768 | native_mode->vdisplay != 0 && | ||
| 769 | native_mode->clock != 0) { | ||
| 770 | mode = drm_mode_duplicate(dev, native_mode); | ||
| 771 | + if (!mode) | ||
| 772 | + return NULL; | ||
| 773 | + | ||
| 774 | mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER; | ||
| 775 | drm_mode_set_name(mode); | ||
| 776 | |||
| 777 | @@ -418,6 +421,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder) | ||
| 778 | * simpler. | ||
| 779 | */ | ||
| 780 | mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false); | ||
| 781 | + if (!mode) | ||
| 782 | + return NULL; | ||
| 783 | + | ||
| 784 | mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER; | ||
| 785 | DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name); | ||
| 786 | } | ||
| 787 | diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c | ||
| 788 | index 07d2a8e7f78c3..202c00b17df2d 100644 | ||
| 789 | --- a/drivers/gpu/drm/i915/intel_pm.c | ||
| 790 | +++ b/drivers/gpu/drm/i915/intel_pm.c | ||
| 791 | @@ -2274,9 +2274,9 @@ static void snb_wm_latency_quirk(struct drm_device *dev) | ||
| 792 | * The BIOS provided WM memory latency values are often | ||
| 793 | * inadequate for high resolution displays. Adjust them. | ||
| 794 | */ | ||
| 795 | - changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12) | | ||
| 796 | - ilk_increase_wm_latency(dev_priv, dev_priv->wm.spr_latency, 12) | | ||
| 797 | - ilk_increase_wm_latency(dev_priv, dev_priv->wm.cur_latency, 12); | ||
| 798 | + changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12); | ||
| 799 | + changed |= ilk_increase_wm_latency(dev_priv, dev_priv->wm.spr_latency, 12); | ||
| 800 | + changed |= ilk_increase_wm_latency(dev_priv, dev_priv->wm.cur_latency, 12); | ||
| 801 | |||
| 802 | if (!changed) | ||
| 803 | return; | ||
| 804 | diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c b/drivers/gpu/drm/nouveau/nouveau_sgdma.c | ||
| 805 | index db35ab5883acd..d3bfd7912a994 100644 | ||
| 806 | --- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c | ||
| 807 | +++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c | ||
| 808 | @@ -105,12 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev, | ||
| 809 | else | ||
| 810 | nvbe->ttm.ttm.func = &nv50_sgdma_backend; | ||
| 811 | |||
| 812 | - if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page)) | ||
| 813 | - /* | ||
| 814 | - * A failing ttm_dma_tt_init() will call ttm_tt_destroy() | ||
| 815 | - * and thus our nouveau_sgdma_destroy() hook, so we don't need | ||
| 816 | - * to free nvbe here. | ||
| 817 | - */ | ||
| 818 | + if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page)) { | ||
| 819 | + kfree(nvbe); | ||
| 820 | return NULL; | ||
| 821 | + } | ||
| 822 | return &nvbe->ttm.ttm; | ||
| 823 | } | ||
| 824 | diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c | ||
| 825 | index 61000e3b2e793..b55403c99d804 100644 | ||
| 826 | --- a/drivers/gpu/drm/radeon/radeon_kms.c | ||
| 827 | +++ b/drivers/gpu/drm/radeon/radeon_kms.c | ||
| 828 | @@ -630,6 +630,8 @@ void radeon_driver_lastclose_kms(struct drm_device *dev) | ||
| 829 | int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv) | ||
| 830 | { | ||
| 831 | struct radeon_device *rdev = dev->dev_private; | ||
| 832 | + struct radeon_fpriv *fpriv; | ||
| 833 | + struct radeon_vm *vm; | ||
| 834 | int r; | ||
| 835 | |||
| 836 | file_priv->driver_priv = NULL; | ||
| 837 | @@ -642,48 +644,52 @@ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv) | ||
| 838 | |||
| 839 | /* new gpu have virtual address space support */ | ||
| 840 | if (rdev->family >= CHIP_CAYMAN) { | ||
| 841 | - struct radeon_fpriv *fpriv; | ||
| 842 | - struct radeon_vm *vm; | ||
| 843 | |||
| 844 | fpriv = kzalloc(sizeof(*fpriv), GFP_KERNEL); | ||
| 845 | if (unlikely(!fpriv)) { | ||
| 846 | r = -ENOMEM; | ||
| 847 | - goto out_suspend; | ||
| 848 | + goto err_suspend; | ||
| 849 | } | ||
| 850 | |||
| 851 | if (rdev->accel_working) { | ||
| 852 | vm = &fpriv->vm; | ||
| 853 | r = radeon_vm_init(rdev, vm); | ||
| 854 | - if (r) { | ||
| 855 | - kfree(fpriv); | ||
| 856 | - goto out_suspend; | ||
| 857 | - } | ||
| 858 | + if (r) | ||
| 859 | + goto err_fpriv; | ||
| 860 | |||
| 861 | r = radeon_bo_reserve(rdev->ring_tmp_bo.bo, false); | ||
| 862 | - if (r) { | ||
| 863 | - radeon_vm_fini(rdev, vm); | ||
| 864 | - kfree(fpriv); | ||
| 865 | - goto out_suspend; | ||
| 866 | - } | ||
| 867 | + if (r) | ||
| 868 | + goto err_vm_fini; | ||
| 869 | |||
| 870 | /* map the ib pool buffer read only into | ||
| 871 | * virtual address space */ | ||
| 872 | vm->ib_bo_va = radeon_vm_bo_add(rdev, vm, | ||
| 873 | rdev->ring_tmp_bo.bo); | ||
| 874 | + if (!vm->ib_bo_va) { | ||
| 875 | + r = -ENOMEM; | ||
| 876 | + goto err_vm_fini; | ||
| 877 | + } | ||
| 878 | + | ||
| 879 | r = radeon_vm_bo_set_addr(rdev, vm->ib_bo_va, | ||
| 880 | RADEON_VA_IB_OFFSET, | ||
| 881 | RADEON_VM_PAGE_READABLE | | ||
| 882 | RADEON_VM_PAGE_SNOOPED); | ||
| 883 | - if (r) { | ||
| 884 | - radeon_vm_fini(rdev, vm); | ||
| 885 | - kfree(fpriv); | ||
| 886 | - goto out_suspend; | ||
| 887 | - } | ||
| 888 | + if (r) | ||
| 889 | + goto err_vm_fini; | ||
| 890 | } | ||
| 891 | file_priv->driver_priv = fpriv; | ||
| 892 | } | ||
| 893 | |||
| 894 | -out_suspend: | ||
| 895 | + pm_runtime_mark_last_busy(dev->dev); | ||
| 896 | + pm_runtime_put_autosuspend(dev->dev); | ||
| 897 | + return 0; | ||
| 898 | + | ||
| 899 | +err_vm_fini: | ||
| 900 | + radeon_vm_fini(rdev, vm); | ||
| 901 | +err_fpriv: | ||
| 902 | + kfree(fpriv); | ||
| 903 | + | ||
| 904 | +err_suspend: | ||
| 905 | pm_runtime_mark_last_busy(dev->dev); | ||
| 906 | pm_runtime_put_autosuspend(dev->dev); | ||
| 907 | return r; | ||
| 908 | diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c | ||
| 909 | index aee3c00f836e7..e4e24be523533 100644 | ||
| 910 | --- a/drivers/gpu/drm/ttm/ttm_tt.c | ||
| 911 | +++ b/drivers/gpu/drm/ttm/ttm_tt.c | ||
| 912 | @@ -195,7 +195,6 @@ int ttm_tt_init(struct ttm_tt *ttm, struct ttm_bo_device *bdev, | ||
| 913 | |||
| 914 | ttm_tt_alloc_page_directory(ttm); | ||
| 915 | if (!ttm->pages) { | ||
| 916 | - ttm_tt_destroy(ttm); | ||
| 917 | pr_err("Failed allocating page table\n"); | ||
| 918 | return -ENOMEM; | ||
| 919 | } | ||
| 920 | @@ -228,7 +227,6 @@ int ttm_dma_tt_init(struct ttm_dma_tt *ttm_dma, struct ttm_bo_device *bdev, | ||
| 921 | INIT_LIST_HEAD(&ttm_dma->pages_list); | ||
| 922 | ttm_dma_tt_alloc_page_directory(ttm_dma); | ||
| 923 | if (!ttm->pages) { | ||
| 924 | - ttm_tt_destroy(ttm); | ||
| 925 | pr_err("Failed allocating page table\n"); | ||
| 926 | return -ENOMEM; | ||
| 927 | } | ||
| 928 | diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c | ||
| 929 | index 149902619cbc8..0074091c27aa2 100644 | ||
| 930 | --- a/drivers/hid/hid-apple.c | ||
| 931 | +++ b/drivers/hid/hid-apple.c | ||
| 932 | @@ -390,7 +390,7 @@ static int apple_input_configured(struct hid_device *hdev, | ||
| 933 | |||
| 934 | if ((asc->quirks & APPLE_HAS_FN) && !asc->fn_found) { | ||
| 935 | hid_info(hdev, "Fn key not found (Apple Wireless Keyboard clone?), disabling Fn key handling\n"); | ||
| 936 | - asc->quirks = 0; | ||
| 937 | + asc->quirks &= ~APPLE_HAS_FN; | ||
| 938 | } | ||
| 939 | |||
| 940 | return 0; | ||
| 941 | diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c | ||
| 942 | index e60e41e775020..f7705a057f0f4 100644 | ||
| 943 | --- a/drivers/hid/uhid.c | ||
| 944 | +++ b/drivers/hid/uhid.c | ||
| 945 | @@ -33,11 +33,22 @@ | ||
| 946 | |||
| 947 | struct uhid_device { | ||
| 948 | struct mutex devlock; | ||
| 949 | + | ||
| 950 | + /* This flag tracks whether the HID device is usable for commands from | ||
| 951 | + * userspace. The flag is already set before hid_add_device(), which | ||
| 952 | + * runs in workqueue context, to allow hid_add_device() to communicate | ||
| 953 | + * with userspace. | ||
| 954 | + * However, if hid_add_device() fails, the flag is cleared without | ||
| 955 | + * holding devlock. | ||
| 956 | + * We guarantee that if @running changes from true to false while you're | ||
| 957 | + * holding @devlock, it's still fine to access @hid. | ||
| 958 | + */ | ||
| 959 | bool running; | ||
| 960 | |||
| 961 | __u8 *rd_data; | ||
| 962 | uint rd_size; | ||
| 963 | |||
| 964 | + /* When this is NULL, userspace may use UHID_CREATE/UHID_CREATE2. */ | ||
| 965 | struct hid_device *hid; | ||
| 966 | struct uhid_event input_buf; | ||
| 967 | |||
| 968 | @@ -68,9 +79,18 @@ static void uhid_device_add_worker(struct work_struct *work) | ||
| 969 | if (ret) { | ||
| 970 | hid_err(uhid->hid, "Cannot register HID device: error %d\n", ret); | ||
| 971 | |||
| 972 | - hid_destroy_device(uhid->hid); | ||
| 973 | - uhid->hid = NULL; | ||
| 974 | + /* We used to call hid_destroy_device() here, but that's really | ||
| 975 | + * messy to get right because we have to coordinate with | ||
| 976 | + * concurrent writes from userspace that might be in the middle | ||
| 977 | + * of using uhid->hid. | ||
| 978 | + * Just leave uhid->hid as-is for now, and clean it up when | ||
| 979 | + * userspace tries to close or reinitialize the uhid instance. | ||
| 980 | + * | ||
| 981 | + * However, we do have to clear the ->running flag and do a | ||
| 982 | + * wakeup to make sure userspace knows that the device is gone. | ||
| 983 | + */ | ||
| 984 | uhid->running = false; | ||
| 985 | + wake_up_interruptible(&uhid->report_wait); | ||
| 986 | } | ||
| 987 | } | ||
| 988 | |||
| 989 | @@ -479,7 +499,7 @@ static int uhid_dev_create2(struct uhid_device *uhid, | ||
| 990 | void *rd_data; | ||
| 991 | int ret; | ||
| 992 | |||
| 993 | - if (uhid->running) | ||
| 994 | + if (uhid->hid) | ||
| 995 | return -EALREADY; | ||
| 996 | |||
| 997 | rd_size = ev->u.create2.rd_size; | ||
| 998 | @@ -560,7 +580,7 @@ static int uhid_dev_create(struct uhid_device *uhid, | ||
| 999 | |||
| 1000 | static int uhid_dev_destroy(struct uhid_device *uhid) | ||
| 1001 | { | ||
| 1002 | - if (!uhid->running) | ||
| 1003 | + if (!uhid->hid) | ||
| 1004 | return -EINVAL; | ||
| 1005 | |||
| 1006 | uhid->running = false; | ||
| 1007 | @@ -569,6 +589,7 @@ static int uhid_dev_destroy(struct uhid_device *uhid) | ||
| 1008 | cancel_work_sync(&uhid->worker); | ||
| 1009 | |||
| 1010 | hid_destroy_device(uhid->hid); | ||
| 1011 | + uhid->hid = NULL; | ||
| 1012 | kfree(uhid->rd_data); | ||
| 1013 | |||
| 1014 | return 0; | ||
| 1015 | diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c | ||
| 1016 | index fbf14a14bdd43..bfce62dbe0ace 100644 | ||
| 1017 | --- a/drivers/hid/wacom_wac.c | ||
| 1018 | +++ b/drivers/hid/wacom_wac.c | ||
| 1019 | @@ -1693,6 +1693,10 @@ static void wacom_wac_finger_pre_report(struct hid_device *hdev, | ||
| 1020 | struct hid_data* hid_data = &wacom_wac->hid_data; | ||
| 1021 | int i; | ||
| 1022 | |||
| 1023 | + hid_data->cc_report = 0; | ||
| 1024 | + hid_data->cc_index = -1; | ||
| 1025 | + hid_data->cc_value_index = -1; | ||
| 1026 | + | ||
| 1027 | for (i = 0; i < report->maxfield; i++) { | ||
| 1028 | struct hid_field *field = report->field[i]; | ||
| 1029 | int j; | ||
| 1030 | diff --git a/drivers/hsi/hsi_core.c b/drivers/hsi/hsi_core.c | ||
| 1031 | index e9d63b966caff..4a9fd745b8cb4 100644 | ||
| 1032 | --- a/drivers/hsi/hsi_core.c | ||
| 1033 | +++ b/drivers/hsi/hsi_core.c | ||
| 1034 | @@ -115,6 +115,7 @@ struct hsi_client *hsi_new_client(struct hsi_port *port, | ||
| 1035 | if (device_register(&cl->device) < 0) { | ||
| 1036 | pr_err("hsi: failed to register client: %s\n", info->name); | ||
| 1037 | put_device(&cl->device); | ||
| 1038 | + goto err; | ||
| 1039 | } | ||
| 1040 | |||
| 1041 | return cl; | ||
| 1042 | diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c | ||
| 1043 | index 96f8230cd2d33..5c32a7ef476da 100644 | ||
| 1044 | --- a/drivers/i2c/busses/i2c-designware-pcidrv.c | ||
| 1045 | +++ b/drivers/i2c/busses/i2c-designware-pcidrv.c | ||
| 1046 | @@ -49,10 +49,10 @@ enum dw_pci_ctl_id_t { | ||
| 1047 | }; | ||
| 1048 | |||
| 1049 | struct dw_scl_sda_cfg { | ||
| 1050 | - u32 ss_hcnt; | ||
| 1051 | - u32 fs_hcnt; | ||
| 1052 | - u32 ss_lcnt; | ||
| 1053 | - u32 fs_lcnt; | ||
| 1054 | + u16 ss_hcnt; | ||
| 1055 | + u16 fs_hcnt; | ||
| 1056 | + u16 ss_lcnt; | ||
| 1057 | + u16 fs_lcnt; | ||
| 1058 | u32 sda_hold; | ||
| 1059 | }; | ||
| 1060 | |||
| 1061 | diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c | ||
| 1062 | index 0e04b27e3158d..b577c64f3b3ec 100644 | ||
| 1063 | --- a/drivers/i2c/busses/i2c-i801.c | ||
| 1064 | +++ b/drivers/i2c/busses/i2c-i801.c | ||
| 1065 | @@ -762,6 +762,11 @@ static int i801_block_transaction(struct i801_priv *priv, | ||
| 1066 | int result = 0; | ||
| 1067 | unsigned char hostc; | ||
| 1068 | |||
| 1069 | + if (read_write == I2C_SMBUS_READ && command == I2C_SMBUS_BLOCK_DATA) | ||
| 1070 | + data->block[0] = I2C_SMBUS_BLOCK_MAX; | ||
| 1071 | + else if (data->block[0] < 1 || data->block[0] > I2C_SMBUS_BLOCK_MAX) | ||
| 1072 | + return -EPROTO; | ||
| 1073 | + | ||
| 1074 | if (command == I2C_SMBUS_I2C_BLOCK_DATA) { | ||
| 1075 | if (read_write == I2C_SMBUS_WRITE) { | ||
| 1076 | /* set I2C_EN bit in configuration register */ | ||
| 1077 | @@ -775,16 +780,6 @@ static int i801_block_transaction(struct i801_priv *priv, | ||
| 1078 | } | ||
| 1079 | } | ||
| 1080 | |||
| 1081 | - if (read_write == I2C_SMBUS_WRITE | ||
| 1082 | - || command == I2C_SMBUS_I2C_BLOCK_DATA) { | ||
| 1083 | - if (data->block[0] < 1) | ||
| 1084 | - data->block[0] = 1; | ||
| 1085 | - if (data->block[0] > I2C_SMBUS_BLOCK_MAX) | ||
| 1086 | - data->block[0] = I2C_SMBUS_BLOCK_MAX; | ||
| 1087 | - } else { | ||
| 1088 | - data->block[0] = 32; /* max for SMBus block reads */ | ||
| 1089 | - } | ||
| 1090 | - | ||
| 1091 | /* Experience has shown that the block buffer can only be used for | ||
| 1092 | SMBus (not I2C) block transactions, even though the datasheet | ||
| 1093 | doesn't mention this limitation. */ | ||
| 1094 | diff --git a/drivers/i2c/busses/i2c-mpc.c b/drivers/i2c/busses/i2c-mpc.c | ||
| 1095 | index 90e4f839eb1cb..d153fc28e6bfb 100644 | ||
| 1096 | --- a/drivers/i2c/busses/i2c-mpc.c | ||
| 1097 | +++ b/drivers/i2c/busses/i2c-mpc.c | ||
| 1098 | @@ -107,23 +107,30 @@ static irqreturn_t mpc_i2c_isr(int irq, void *dev_id) | ||
| 1099 | /* Sometimes 9th clock pulse isn't generated, and slave doesn't release | ||
| 1100 | * the bus, because it wants to send ACK. | ||
| 1101 | * Following sequence of enabling/disabling and sending start/stop generates | ||
| 1102 | - * the 9 pulses, so it's all OK. | ||
| 1103 | + * the 9 pulses, each with a START then ending with STOP, so it's all OK. | ||
| 1104 | */ | ||
| 1105 | static void mpc_i2c_fixup(struct mpc_i2c *i2c) | ||
| 1106 | { | ||
| 1107 | int k; | ||
| 1108 | - u32 delay_val = 1000000 / i2c->real_clk + 1; | ||
| 1109 | - | ||
| 1110 | - if (delay_val < 2) | ||
| 1111 | - delay_val = 2; | ||
| 1112 | + unsigned long flags; | ||
| 1113 | |||
| 1114 | for (k = 9; k; k--) { | ||
| 1115 | writeccr(i2c, 0); | ||
| 1116 | - writeccr(i2c, CCR_MSTA | CCR_MTX | CCR_MEN); | ||
| 1117 | + writeb(0, i2c->base + MPC_I2C_SR); /* clear any status bits */ | ||
| 1118 | + writeccr(i2c, CCR_MEN | CCR_MSTA); /* START */ | ||
| 1119 | + readb(i2c->base + MPC_I2C_DR); /* init xfer */ | ||
| 1120 | + udelay(15); /* let it hit the bus */ | ||
| 1121 | + local_irq_save(flags); /* should not be delayed further */ | ||
| 1122 | + writeccr(i2c, CCR_MEN | CCR_MSTA | CCR_RSTA); /* delay SDA */ | ||
| 1123 | readb(i2c->base + MPC_I2C_DR); | ||
| 1124 | - writeccr(i2c, CCR_MEN); | ||
| 1125 | - udelay(delay_val << 1); | ||
| 1126 | + if (k != 1) | ||
| 1127 | + udelay(5); | ||
| 1128 | + local_irq_restore(flags); | ||
| 1129 | } | ||
| 1130 | + writeccr(i2c, CCR_MEN); /* Initiate STOP */ | ||
| 1131 | + readb(i2c->base + MPC_I2C_DR); | ||
| 1132 | + udelay(15); /* Let STOP propagate */ | ||
| 1133 | + writeccr(i2c, 0); | ||
| 1134 | } | ||
| 1135 | |||
| 1136 | static int i2c_wait(struct mpc_i2c *i2c, unsigned timeout, int writing) | ||
| 1137 | diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c | ||
| 1138 | index 4b947d5cafe28..c5c175b72f21e 100644 | ||
| 1139 | --- a/drivers/infiniband/core/device.c | ||
| 1140 | +++ b/drivers/infiniband/core/device.c | ||
| 1141 | @@ -870,7 +870,8 @@ int ib_find_gid(struct ib_device *device, union ib_gid *gid, | ||
| 1142 | for (i = 0; i < device->port_immutable[port].gid_tbl_len; ++i) { | ||
| 1143 | ret = ib_query_gid(device, port, i, &tmp_gid, NULL); | ||
| 1144 | if (ret) | ||
| 1145 | - return ret; | ||
| 1146 | + continue; | ||
| 1147 | + | ||
| 1148 | if (!memcmp(&tmp_gid, gid, sizeof *gid)) { | ||
| 1149 | *port_num = port; | ||
| 1150 | if (index) | ||
| 1151 | diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c | ||
| 1152 | index 87bc7b0db892b..2eeac8401c927 100644 | ||
| 1153 | --- a/drivers/infiniband/hw/cxgb4/qp.c | ||
| 1154 | +++ b/drivers/infiniband/hw/cxgb4/qp.c | ||
| 1155 | @@ -1974,6 +1974,7 @@ int c4iw_ib_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, | ||
| 1156 | memset(attr, 0, sizeof *attr); | ||
| 1157 | memset(init_attr, 0, sizeof *init_attr); | ||
| 1158 | attr->qp_state = to_ib_qp_state(qhp->attr.state); | ||
| 1159 | + attr->cur_qp_state = to_ib_qp_state(qhp->attr.state); | ||
| 1160 | init_attr->cap.max_send_wr = qhp->attr.sq_num_entries; | ||
| 1161 | init_attr->cap.max_recv_wr = qhp->attr.rq_num_entries; | ||
| 1162 | init_attr->cap.max_send_sge = qhp->attr.sq_max_sges; | ||
| 1163 | diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c | ||
| 1164 | index 764e35a54457e..0aa2400db8fa0 100644 | ||
| 1165 | --- a/drivers/infiniband/hw/hns/hns_roce_main.c | ||
| 1166 | +++ b/drivers/infiniband/hw/hns/hns_roce_main.c | ||
| 1167 | @@ -475,6 +475,9 @@ static int hns_roce_query_gid(struct ib_device *ib_dev, u8 port_num, int index, | ||
| 1168 | static int hns_roce_query_pkey(struct ib_device *ib_dev, u8 port, u16 index, | ||
| 1169 | u16 *pkey) | ||
| 1170 | { | ||
| 1171 | + if (index > 0) | ||
| 1172 | + return -EINVAL; | ||
| 1173 | + | ||
| 1174 | *pkey = PKEY_ID; | ||
| 1175 | |||
| 1176 | return 0; | ||
| 1177 | @@ -553,7 +556,7 @@ static int hns_roce_mmap(struct ib_ucontext *context, | ||
| 1178 | return -EINVAL; | ||
| 1179 | |||
| 1180 | if (vma->vm_pgoff == 0) { | ||
| 1181 | - vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); | ||
| 1182 | + vma->vm_page_prot = pgprot_device(vma->vm_page_prot); | ||
| 1183 | if (io_remap_pfn_range(vma, vma->vm_start, | ||
| 1184 | to_hr_ucontext(context)->uar.pfn, | ||
| 1185 | PAGE_SIZE, vma->vm_page_prot)) | ||
| 1186 | diff --git a/drivers/infiniband/sw/rxe/rxe_opcode.c b/drivers/infiniband/sw/rxe/rxe_opcode.c | ||
| 1187 | index 61927c165b598..e67ed9141cd8a 100644 | ||
| 1188 | --- a/drivers/infiniband/sw/rxe/rxe_opcode.c | ||
| 1189 | +++ b/drivers/infiniband/sw/rxe/rxe_opcode.c | ||
| 1190 | @@ -137,7 +137,7 @@ struct rxe_opcode_info rxe_opcode[RXE_NUM_OPCODE] = { | ||
| 1191 | } | ||
| 1192 | }, | ||
| 1193 | [IB_OPCODE_RC_SEND_MIDDLE] = { | ||
| 1194 | - .name = "IB_OPCODE_RC_SEND_MIDDLE]", | ||
| 1195 | + .name = "IB_OPCODE_RC_SEND_MIDDLE", | ||
| 1196 | .mask = RXE_PAYLOAD_MASK | RXE_REQ_MASK | RXE_SEND_MASK | ||
| 1197 | | RXE_MIDDLE_MASK, | ||
| 1198 | .length = RXE_BTH_BYTES, | ||
| 1199 | diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c | ||
| 1200 | index 386215245dfe2..85273da5da206 100644 | ||
| 1201 | --- a/drivers/md/persistent-data/dm-btree.c | ||
| 1202 | +++ b/drivers/md/persistent-data/dm-btree.c | ||
| 1203 | @@ -83,14 +83,16 @@ void inc_children(struct dm_transaction_manager *tm, struct btree_node *n, | ||
| 1204 | } | ||
| 1205 | |||
| 1206 | static int insert_at(size_t value_size, struct btree_node *node, unsigned index, | ||
| 1207 | - uint64_t key, void *value) | ||
| 1208 | - __dm_written_to_disk(value) | ||
| 1209 | + uint64_t key, void *value) | ||
| 1210 | + __dm_written_to_disk(value) | ||
| 1211 | { | ||
| 1212 | uint32_t nr_entries = le32_to_cpu(node->header.nr_entries); | ||
| 1213 | + uint32_t max_entries = le32_to_cpu(node->header.max_entries); | ||
| 1214 | __le64 key_le = cpu_to_le64(key); | ||
| 1215 | |||
| 1216 | if (index > nr_entries || | ||
| 1217 | - index >= le32_to_cpu(node->header.max_entries)) { | ||
| 1218 | + index >= max_entries || | ||
| 1219 | + nr_entries >= max_entries) { | ||
| 1220 | DMERR("too many entries in btree node for insert"); | ||
| 1221 | __dm_unbless_for_disk(value); | ||
| 1222 | return -ENOMEM; | ||
| 1223 | diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c | ||
| 1224 | index ca09ad2a639c4..6fa4a68e78b0d 100644 | ||
| 1225 | --- a/drivers/md/persistent-data/dm-space-map-common.c | ||
| 1226 | +++ b/drivers/md/persistent-data/dm-space-map-common.c | ||
| 1227 | @@ -279,6 +279,11 @@ int sm_ll_lookup_bitmap(struct ll_disk *ll, dm_block_t b, uint32_t *result) | ||
| 1228 | struct disk_index_entry ie_disk; | ||
| 1229 | struct dm_block *blk; | ||
| 1230 | |||
| 1231 | + if (b >= ll->nr_blocks) { | ||
| 1232 | + DMERR_LIMIT("metadata block out of bounds"); | ||
| 1233 | + return -EINVAL; | ||
| 1234 | + } | ||
| 1235 | + | ||
| 1236 | b = do_div(index, ll->entries_per_block); | ||
| 1237 | r = ll->load_ie(ll, index, &ie_disk); | ||
| 1238 | if (r < 0) | ||
| 1239 | diff --git a/drivers/media/common/saa7146/saa7146_fops.c b/drivers/media/common/saa7146/saa7146_fops.c | ||
| 1240 | index 930d2c94d5d30..2c9365a39270a 100644 | ||
| 1241 | --- a/drivers/media/common/saa7146/saa7146_fops.c | ||
| 1242 | +++ b/drivers/media/common/saa7146/saa7146_fops.c | ||
| 1243 | @@ -524,7 +524,7 @@ int saa7146_vv_init(struct saa7146_dev* dev, struct saa7146_ext_vv *ext_vv) | ||
| 1244 | ERR("out of memory. aborting.\n"); | ||
| 1245 | kfree(vv); | ||
| 1246 | v4l2_ctrl_handler_free(hdl); | ||
| 1247 | - return -1; | ||
| 1248 | + return -ENOMEM; | ||
| 1249 | } | ||
| 1250 | |||
| 1251 | saa7146_video_uops.init(dev,vv); | ||
| 1252 | diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c | ||
| 1253 | index 0418b5a0fb645..32a2e6ffdb097 100644 | ||
| 1254 | --- a/drivers/media/dvb-core/dmxdev.c | ||
| 1255 | +++ b/drivers/media/dvb-core/dmxdev.c | ||
| 1256 | @@ -1225,7 +1225,7 @@ static const struct dvb_device dvbdev_dvr = { | ||
| 1257 | }; | ||
| 1258 | int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter) | ||
| 1259 | { | ||
| 1260 | - int i; | ||
| 1261 | + int i, ret; | ||
| 1262 | |||
| 1263 | if (dmxdev->demux->open(dmxdev->demux) < 0) | ||
| 1264 | return -EUSERS; | ||
| 1265 | @@ -1243,14 +1243,26 @@ int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter) | ||
| 1266 | DMXDEV_STATE_FREE); | ||
| 1267 | } | ||
| 1268 | |||
| 1269 | - dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev, | ||
| 1270 | + ret = dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev, | ||
| 1271 | DVB_DEVICE_DEMUX, dmxdev->filternum); | ||
| 1272 | - dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr, | ||
| 1273 | + if (ret < 0) | ||
| 1274 | + goto err_register_dvbdev; | ||
| 1275 | + | ||
| 1276 | + ret = dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr, | ||
| 1277 | dmxdev, DVB_DEVICE_DVR, dmxdev->filternum); | ||
| 1278 | + if (ret < 0) | ||
| 1279 | + goto err_register_dvr_dvbdev; | ||
| 1280 | |||
| 1281 | dvb_ringbuffer_init(&dmxdev->dvr_buffer, NULL, 8192); | ||
| 1282 | |||
| 1283 | return 0; | ||
| 1284 | + | ||
| 1285 | +err_register_dvr_dvbdev: | ||
| 1286 | + dvb_unregister_device(dmxdev->dvbdev); | ||
| 1287 | +err_register_dvbdev: | ||
| 1288 | + vfree(dmxdev->filter); | ||
| 1289 | + dmxdev->filter = NULL; | ||
| 1290 | + return ret; | ||
| 1291 | } | ||
| 1292 | |||
| 1293 | EXPORT_SYMBOL(dvb_dmxdev_init); | ||
| 1294 | diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c | ||
| 1295 | index ddf9c44877a25..ea2eab2d5be91 100644 | ||
| 1296 | --- a/drivers/media/dvb-frontends/dib8000.c | ||
| 1297 | +++ b/drivers/media/dvb-frontends/dib8000.c | ||
| 1298 | @@ -4462,8 +4462,10 @@ static struct dvb_frontend *dib8000_init(struct i2c_adapter *i2c_adap, u8 i2c_ad | ||
| 1299 | |||
| 1300 | state->timf_default = cfg->pll->timf; | ||
| 1301 | |||
| 1302 | - if (dib8000_identify(&state->i2c) == 0) | ||
| 1303 | + if (dib8000_identify(&state->i2c) == 0) { | ||
| 1304 | + kfree(fe); | ||
| 1305 | goto error; | ||
| 1306 | + } | ||
| 1307 | |||
| 1308 | dibx000_init_i2c_master(&state->i2c_master, DIB8000, state->i2c.adap, state->i2c.addr); | ||
| 1309 | |||
| 1310 | diff --git a/drivers/media/pci/b2c2/flexcop-pci.c b/drivers/media/pci/b2c2/flexcop-pci.c | ||
| 1311 | index 4cac1fc233f28..98e94cd8bfad7 100644 | ||
| 1312 | --- a/drivers/media/pci/b2c2/flexcop-pci.c | ||
| 1313 | +++ b/drivers/media/pci/b2c2/flexcop-pci.c | ||
| 1314 | @@ -184,6 +184,8 @@ static irqreturn_t flexcop_pci_isr(int irq, void *dev_id) | ||
| 1315 | dma_addr_t cur_addr = | ||
| 1316 | fc->read_ibi_reg(fc,dma1_008).dma_0x8.dma_cur_addr << 2; | ||
| 1317 | u32 cur_pos = cur_addr - fc_pci->dma[0].dma_addr0; | ||
| 1318 | + if (cur_pos > fc_pci->dma[0].size * 2) | ||
| 1319 | + goto error; | ||
| 1320 | |||
| 1321 | deb_irq("%u irq: %08x cur_addr: %llx: cur_pos: %08x, " | ||
| 1322 | "last_cur_pos: %08x ", | ||
| 1323 | @@ -225,6 +227,7 @@ static irqreturn_t flexcop_pci_isr(int irq, void *dev_id) | ||
| 1324 | ret = IRQ_NONE; | ||
| 1325 | } | ||
| 1326 | |||
| 1327 | +error: | ||
| 1328 | spin_unlock_irqrestore(&fc_pci->irq_lock, flags); | ||
| 1329 | return ret; | ||
| 1330 | } | ||
| 1331 | diff --git a/drivers/media/pci/saa7146/hexium_gemini.c b/drivers/media/pci/saa7146/hexium_gemini.c | ||
| 1332 | index be85a2c4318e7..be91a2de81dcc 100644 | ||
| 1333 | --- a/drivers/media/pci/saa7146/hexium_gemini.c | ||
| 1334 | +++ b/drivers/media/pci/saa7146/hexium_gemini.c | ||
| 1335 | @@ -296,7 +296,12 @@ static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_d | ||
| 1336 | hexium_set_input(hexium, 0); | ||
| 1337 | hexium->cur_input = 0; | ||
| 1338 | |||
| 1339 | - saa7146_vv_init(dev, &vv_data); | ||
| 1340 | + ret = saa7146_vv_init(dev, &vv_data); | ||
| 1341 | + if (ret) { | ||
| 1342 | + i2c_del_adapter(&hexium->i2c_adapter); | ||
| 1343 | + kfree(hexium); | ||
| 1344 | + return ret; | ||
| 1345 | + } | ||
| 1346 | |||
| 1347 | vv_data.vid_ops.vidioc_enum_input = vidioc_enum_input; | ||
| 1348 | vv_data.vid_ops.vidioc_g_input = vidioc_g_input; | ||
| 1349 | diff --git a/drivers/media/pci/saa7146/hexium_orion.c b/drivers/media/pci/saa7146/hexium_orion.c | ||
| 1350 | index dc07ca37ebd06..e8e96c7a57844 100644 | ||
| 1351 | --- a/drivers/media/pci/saa7146/hexium_orion.c | ||
| 1352 | +++ b/drivers/media/pci/saa7146/hexium_orion.c | ||
| 1353 | @@ -366,10 +366,16 @@ static struct saa7146_ext_vv vv_data; | ||
| 1354 | static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info) | ||
| 1355 | { | ||
| 1356 | struct hexium *hexium = (struct hexium *) dev->ext_priv; | ||
| 1357 | + int ret; | ||
| 1358 | |||
| 1359 | DEB_EE("\n"); | ||
| 1360 | |||
| 1361 | - saa7146_vv_init(dev, &vv_data); | ||
| 1362 | + ret = saa7146_vv_init(dev, &vv_data); | ||
| 1363 | + if (ret) { | ||
| 1364 | + pr_err("Error in saa7146_vv_init()\n"); | ||
| 1365 | + return ret; | ||
| 1366 | + } | ||
| 1367 | + | ||
| 1368 | vv_data.vid_ops.vidioc_enum_input = vidioc_enum_input; | ||
| 1369 | vv_data.vid_ops.vidioc_g_input = vidioc_g_input; | ||
| 1370 | vv_data.vid_ops.vidioc_s_input = vidioc_s_input; | ||
| 1371 | diff --git a/drivers/media/pci/saa7146/mxb.c b/drivers/media/pci/saa7146/mxb.c | ||
| 1372 | index 3e8753c9e1e47..849c2a1d09f99 100644 | ||
| 1373 | --- a/drivers/media/pci/saa7146/mxb.c | ||
| 1374 | +++ b/drivers/media/pci/saa7146/mxb.c | ||
| 1375 | @@ -694,10 +694,16 @@ static struct saa7146_ext_vv vv_data; | ||
| 1376 | static int mxb_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info) | ||
| 1377 | { | ||
| 1378 | struct mxb *mxb; | ||
| 1379 | + int ret; | ||
| 1380 | |||
| 1381 | DEB_EE("dev:%p\n", dev); | ||
| 1382 | |||
| 1383 | - saa7146_vv_init(dev, &vv_data); | ||
| 1384 | + ret = saa7146_vv_init(dev, &vv_data); | ||
| 1385 | + if (ret) { | ||
| 1386 | + ERR("Error in saa7146_vv_init()"); | ||
| 1387 | + return ret; | ||
| 1388 | + } | ||
| 1389 | + | ||
| 1390 | if (mxb_probe(dev)) { | ||
| 1391 | saa7146_vv_release(dev); | ||
| 1392 | return -1; | ||
| 1393 | diff --git a/drivers/media/rc/igorplugusb.c b/drivers/media/rc/igorplugusb.c | ||
| 1394 | index 5cf983be07a20..0f4c4c39bf6da 100644 | ||
| 1395 | --- a/drivers/media/rc/igorplugusb.c | ||
| 1396 | +++ b/drivers/media/rc/igorplugusb.c | ||
| 1397 | @@ -73,9 +73,11 @@ static void igorplugusb_irdata(struct igorplugusb *ir, unsigned len) | ||
| 1398 | if (start >= len) { | ||
| 1399 | dev_err(ir->dev, "receive overflow invalid: %u", overflow); | ||
| 1400 | } else { | ||
| 1401 | - if (overflow > 0) | ||
| 1402 | + if (overflow > 0) { | ||
| 1403 | dev_warn(ir->dev, "receive overflow, at least %u lost", | ||
| 1404 | overflow); | ||
| 1405 | + ir_raw_event_reset(ir->rc); | ||
| 1406 | + } | ||
| 1407 | |||
| 1408 | do { | ||
| 1409 | rawir.duration = ir->buf_in[i] * 85333; | ||
| 1410 | diff --git a/drivers/media/rc/mceusb.c b/drivers/media/rc/mceusb.c | ||
| 1411 | index b78d70685b1c3..49122f442b872 100644 | ||
| 1412 | --- a/drivers/media/rc/mceusb.c | ||
| 1413 | +++ b/drivers/media/rc/mceusb.c | ||
| 1414 | @@ -1129,7 +1129,7 @@ static void mceusb_gen1_init(struct mceusb_dev *ir) | ||
| 1415 | */ | ||
| 1416 | ret = usb_control_msg(ir->usbdev, usb_rcvctrlpipe(ir->usbdev, 0), | ||
| 1417 | USB_REQ_SET_ADDRESS, USB_TYPE_VENDOR, 0, 0, | ||
| 1418 | - data, USB_CTRL_MSG_SZ, HZ * 3); | ||
| 1419 | + data, USB_CTRL_MSG_SZ, 3000); | ||
| 1420 | dev_dbg(dev, "set address - ret = %d", ret); | ||
| 1421 | dev_dbg(dev, "set address - data[0] = %d, data[1] = %d", | ||
| 1422 | data[0], data[1]); | ||
| 1423 | @@ -1137,20 +1137,20 @@ static void mceusb_gen1_init(struct mceusb_dev *ir) | ||
| 1424 | /* set feature: bit rate 38400 bps */ | ||
| 1425 | ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0), | ||
| 1426 | USB_REQ_SET_FEATURE, USB_TYPE_VENDOR, | ||
| 1427 | - 0xc04e, 0x0000, NULL, 0, HZ * 3); | ||
| 1428 | + 0xc04e, 0x0000, NULL, 0, 3000); | ||
| 1429 | |||
| 1430 | dev_dbg(dev, "set feature - ret = %d", ret); | ||
| 1431 | |||
| 1432 | /* bRequest 4: set char length to 8 bits */ | ||
| 1433 | ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0), | ||
| 1434 | 4, USB_TYPE_VENDOR, | ||
| 1435 | - 0x0808, 0x0000, NULL, 0, HZ * 3); | ||
| 1436 | + 0x0808, 0x0000, NULL, 0, 3000); | ||
| 1437 | dev_dbg(dev, "set char length - retB = %d", ret); | ||
| 1438 | |||
| 1439 | /* bRequest 2: set handshaking to use DTR/DSR */ | ||
| 1440 | ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0), | ||
| 1441 | 2, USB_TYPE_VENDOR, | ||
| 1442 | - 0x0000, 0x0100, NULL, 0, HZ * 3); | ||
| 1443 | + 0x0000, 0x0100, NULL, 0, 3000); | ||
| 1444 | dev_dbg(dev, "set handshake - retC = %d", ret); | ||
| 1445 | |||
| 1446 | /* device resume */ | ||
| 1447 | diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c | ||
| 1448 | index 05ba47bc0b613..5f3c1c204f643 100644 | ||
| 1449 | --- a/drivers/media/rc/redrat3.c | ||
| 1450 | +++ b/drivers/media/rc/redrat3.c | ||
| 1451 | @@ -427,7 +427,7 @@ static int redrat3_send_cmd(int cmd, struct redrat3_dev *rr3) | ||
| 1452 | udev = rr3->udev; | ||
| 1453 | res = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), cmd, | ||
| 1454 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, | ||
| 1455 | - 0x0000, 0x0000, data, sizeof(u8), HZ * 10); | ||
| 1456 | + 0x0000, 0x0000, data, sizeof(u8), 10000); | ||
| 1457 | |||
| 1458 | if (res < 0) { | ||
| 1459 | dev_err(rr3->dev, "%s: Error sending rr3 cmd res %d, data %d", | ||
| 1460 | @@ -493,7 +493,7 @@ static u32 redrat3_get_timeout(struct redrat3_dev *rr3) | ||
| 1461 | pipe = usb_rcvctrlpipe(rr3->udev, 0); | ||
| 1462 | ret = usb_control_msg(rr3->udev, pipe, RR3_GET_IR_PARAM, | ||
| 1463 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, | ||
| 1464 | - RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, HZ * 5); | ||
| 1465 | + RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, 5000); | ||
| 1466 | if (ret != len) | ||
| 1467 | dev_warn(rr3->dev, "Failed to read timeout from hardware\n"); | ||
| 1468 | else { | ||
| 1469 | @@ -523,7 +523,7 @@ static int redrat3_set_timeout(struct rc_dev *rc_dev, unsigned int timeoutns) | ||
| 1470 | ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), RR3_SET_IR_PARAM, | ||
| 1471 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, | ||
| 1472 | RR3_IR_IO_SIG_TIMEOUT, 0, timeout, sizeof(*timeout), | ||
| 1473 | - HZ * 25); | ||
| 1474 | + 25000); | ||
| 1475 | dev_dbg(dev, "set ir parm timeout %d ret 0x%02x\n", | ||
| 1476 | be32_to_cpu(*timeout), ret); | ||
| 1477 | |||
| 1478 | @@ -557,32 +557,32 @@ static void redrat3_reset(struct redrat3_dev *rr3) | ||
| 1479 | *val = 0x01; | ||
| 1480 | rc = usb_control_msg(udev, rxpipe, RR3_RESET, | ||
| 1481 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, | ||
| 1482 | - RR3_CPUCS_REG_ADDR, 0, val, len, HZ * 25); | ||
| 1483 | + RR3_CPUCS_REG_ADDR, 0, val, len, 25000); | ||
| 1484 | dev_dbg(dev, "reset returned 0x%02x\n", rc); | ||
| 1485 | |||
| 1486 | *val = length_fuzz; | ||
| 1487 | rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, | ||
| 1488 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, | ||
| 1489 | - RR3_IR_IO_LENGTH_FUZZ, 0, val, len, HZ * 25); | ||
| 1490 | + RR3_IR_IO_LENGTH_FUZZ, 0, val, len, 25000); | ||
| 1491 | dev_dbg(dev, "set ir parm len fuzz %d rc 0x%02x\n", *val, rc); | ||
| 1492 | |||
| 1493 | *val = (65536 - (minimum_pause * 2000)) / 256; | ||
| 1494 | rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, | ||
| 1495 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, | ||
| 1496 | - RR3_IR_IO_MIN_PAUSE, 0, val, len, HZ * 25); | ||
| 1497 | + RR3_IR_IO_MIN_PAUSE, 0, val, len, 25000); | ||
| 1498 | dev_dbg(dev, "set ir parm min pause %d rc 0x%02x\n", *val, rc); | ||
| 1499 | |||
| 1500 | *val = periods_measure_carrier; | ||
| 1501 | rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, | ||
| 1502 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, | ||
| 1503 | - RR3_IR_IO_PERIODS_MF, 0, val, len, HZ * 25); | ||
| 1504 | + RR3_IR_IO_PERIODS_MF, 0, val, len, 25000); | ||
| 1505 | dev_dbg(dev, "set ir parm periods measure carrier %d rc 0x%02x", *val, | ||
| 1506 | rc); | ||
| 1507 | |||
| 1508 | *val = RR3_DRIVER_MAXLENS; | ||
| 1509 | rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, | ||
| 1510 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, | ||
| 1511 | - RR3_IR_IO_MAX_LENGTHS, 0, val, len, HZ * 25); | ||
| 1512 | + RR3_IR_IO_MAX_LENGTHS, 0, val, len, 25000); | ||
| 1513 | dev_dbg(dev, "set ir parm max lens %d rc 0x%02x\n", *val, rc); | ||
| 1514 | |||
| 1515 | kfree(val); | ||
| 1516 | @@ -602,7 +602,7 @@ static void redrat3_get_firmware_rev(struct redrat3_dev *rr3) | ||
| 1517 | rc = usb_control_msg(rr3->udev, usb_rcvctrlpipe(rr3->udev, 0), | ||
| 1518 | RR3_FW_VERSION, | ||
| 1519 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, | ||
| 1520 | - 0, 0, buffer, RR3_FW_VERSION_LEN, HZ * 5); | ||
| 1521 | + 0, 0, buffer, RR3_FW_VERSION_LEN, 5000); | ||
| 1522 | |||
| 1523 | if (rc >= 0) | ||
| 1524 | dev_info(rr3->dev, "Firmware rev: %s", buffer); | ||
| 1525 | @@ -842,14 +842,14 @@ static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, | ||
| 1526 | |||
| 1527 | pipe = usb_sndbulkpipe(rr3->udev, rr3->ep_out->bEndpointAddress); | ||
| 1528 | ret = usb_bulk_msg(rr3->udev, pipe, irdata, | ||
| 1529 | - sendbuf_len, &ret_len, 10 * HZ); | ||
| 1530 | + sendbuf_len, &ret_len, 10000); | ||
| 1531 | dev_dbg(dev, "sent %d bytes, (ret %d)\n", ret_len, ret); | ||
| 1532 | |||
| 1533 | /* now tell the hardware to transmit what we sent it */ | ||
| 1534 | pipe = usb_rcvctrlpipe(rr3->udev, 0); | ||
| 1535 | ret = usb_control_msg(rr3->udev, pipe, RR3_TX_SEND_SIGNAL, | ||
| 1536 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, | ||
| 1537 | - 0, 0, irdata, 2, HZ * 10); | ||
| 1538 | + 0, 0, irdata, 2, 10000); | ||
| 1539 | |||
| 1540 | if (ret < 0) | ||
| 1541 | dev_err(dev, "Error: control msg send failed, rc %d\n", ret); | ||
| 1542 | diff --git a/drivers/media/tuners/msi001.c b/drivers/media/tuners/msi001.c | ||
| 1543 | index 3a12ef35682b5..64d98517f470f 100644 | ||
| 1544 | --- a/drivers/media/tuners/msi001.c | ||
| 1545 | +++ b/drivers/media/tuners/msi001.c | ||
| 1546 | @@ -464,6 +464,13 @@ static int msi001_probe(struct spi_device *spi) | ||
| 1547 | V4L2_CID_RF_TUNER_BANDWIDTH_AUTO, 0, 1, 1, 1); | ||
| 1548 | dev->bandwidth = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops, | ||
| 1549 | V4L2_CID_RF_TUNER_BANDWIDTH, 200000, 8000000, 1, 200000); | ||
| 1550 | + if (dev->hdl.error) { | ||
| 1551 | + ret = dev->hdl.error; | ||
| 1552 | + dev_err(&spi->dev, "Could not initialize controls\n"); | ||
| 1553 | + /* control init failed, free handler */ | ||
| 1554 | + goto err_ctrl_handler_free; | ||
| 1555 | + } | ||
| 1556 | + | ||
| 1557 | v4l2_ctrl_auto_cluster(2, &dev->bandwidth_auto, 0, false); | ||
| 1558 | dev->lna_gain = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops, | ||
| 1559 | V4L2_CID_RF_TUNER_LNA_GAIN, 0, 1, 1, 1); | ||
| 1560 | diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c | ||
| 1561 | index 72a47da0db2ae..e56837414e2c7 100644 | ||
| 1562 | --- a/drivers/media/tuners/si2157.c | ||
| 1563 | +++ b/drivers/media/tuners/si2157.c | ||
| 1564 | @@ -89,7 +89,7 @@ static int si2157_init(struct dvb_frontend *fe) | ||
| 1565 | dev_dbg(&client->dev, "\n"); | ||
| 1566 | |||
| 1567 | /* Try to get Xtal trim property, to verify tuner still running */ | ||
| 1568 | - memcpy(cmd.args, "\x15\x00\x04\x02", 4); | ||
| 1569 | + memcpy(cmd.args, "\x15\x00\x02\x04", 4); | ||
| 1570 | cmd.wlen = 4; | ||
| 1571 | cmd.rlen = 4; | ||
| 1572 | ret = si2157_cmd_execute(client, &cmd); | ||
| 1573 | diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c | ||
| 1574 | index a93fc1839e139..3d6e991df9261 100644 | ||
| 1575 | --- a/drivers/media/usb/b2c2/flexcop-usb.c | ||
| 1576 | +++ b/drivers/media/usb/b2c2/flexcop-usb.c | ||
| 1577 | @@ -87,7 +87,7 @@ static int flexcop_usb_readwrite_dw(struct flexcop_device *fc, u16 wRegOffsPCI, | ||
| 1578 | 0, | ||
| 1579 | fc_usb->data, | ||
| 1580 | sizeof(u32), | ||
| 1581 | - B2C2_WAIT_FOR_OPERATION_RDW * HZ); | ||
| 1582 | + B2C2_WAIT_FOR_OPERATION_RDW); | ||
| 1583 | |||
| 1584 | if (ret != sizeof(u32)) { | ||
| 1585 | err("error while %s dword from %d (%d).", read ? "reading" : | ||
| 1586 | @@ -155,7 +155,7 @@ static int flexcop_usb_v8_memory_req(struct flexcop_usb *fc_usb, | ||
| 1587 | wIndex, | ||
| 1588 | fc_usb->data, | ||
| 1589 | buflen, | ||
| 1590 | - nWaitTime * HZ); | ||
| 1591 | + nWaitTime); | ||
| 1592 | if (ret != buflen) | ||
| 1593 | ret = -EIO; | ||
| 1594 | |||
| 1595 | @@ -249,13 +249,13 @@ static int flexcop_usb_i2c_req(struct flexcop_i2c_adapter *i2c, | ||
| 1596 | /* DKT 020208 - add this to support special case of DiSEqC */ | ||
| 1597 | case USB_FUNC_I2C_CHECKWRITE: | ||
| 1598 | pipe = B2C2_USB_CTRL_PIPE_OUT; | ||
| 1599 | - nWaitTime = 2; | ||
| 1600 | + nWaitTime = 2000; | ||
| 1601 | request_type |= USB_DIR_OUT; | ||
| 1602 | break; | ||
| 1603 | case USB_FUNC_I2C_READ: | ||
| 1604 | case USB_FUNC_I2C_REPEATREAD: | ||
| 1605 | pipe = B2C2_USB_CTRL_PIPE_IN; | ||
| 1606 | - nWaitTime = 2; | ||
| 1607 | + nWaitTime = 2000; | ||
| 1608 | request_type |= USB_DIR_IN; | ||
| 1609 | break; | ||
| 1610 | default: | ||
| 1611 | @@ -282,7 +282,7 @@ static int flexcop_usb_i2c_req(struct flexcop_i2c_adapter *i2c, | ||
| 1612 | wIndex, | ||
| 1613 | fc_usb->data, | ||
| 1614 | buflen, | ||
| 1615 | - nWaitTime * HZ); | ||
| 1616 | + nWaitTime); | ||
| 1617 | |||
| 1618 | if (ret != buflen) | ||
| 1619 | ret = -EIO; | ||
| 1620 | diff --git a/drivers/media/usb/b2c2/flexcop-usb.h b/drivers/media/usb/b2c2/flexcop-usb.h | ||
| 1621 | index 25ad43166e78c..247c7dbc8a619 100644 | ||
| 1622 | --- a/drivers/media/usb/b2c2/flexcop-usb.h | ||
| 1623 | +++ b/drivers/media/usb/b2c2/flexcop-usb.h | ||
| 1624 | @@ -90,13 +90,13 @@ typedef enum { | ||
| 1625 | UTILITY_SRAM_TESTVERIFY = 0x16, | ||
| 1626 | } flexcop_usb_utility_function_t; | ||
| 1627 | |||
| 1628 | -#define B2C2_WAIT_FOR_OPERATION_RW (1*HZ) | ||
| 1629 | -#define B2C2_WAIT_FOR_OPERATION_RDW (3*HZ) | ||
| 1630 | -#define B2C2_WAIT_FOR_OPERATION_WDW (1*HZ) | ||
| 1631 | +#define B2C2_WAIT_FOR_OPERATION_RW 1000 | ||
| 1632 | +#define B2C2_WAIT_FOR_OPERATION_RDW 3000 | ||
| 1633 | +#define B2C2_WAIT_FOR_OPERATION_WDW 1000 | ||
| 1634 | |||
| 1635 | -#define B2C2_WAIT_FOR_OPERATION_V8READ (3*HZ) | ||
| 1636 | -#define B2C2_WAIT_FOR_OPERATION_V8WRITE (3*HZ) | ||
| 1637 | -#define B2C2_WAIT_FOR_OPERATION_V8FLASH (3*HZ) | ||
| 1638 | +#define B2C2_WAIT_FOR_OPERATION_V8READ 3000 | ||
| 1639 | +#define B2C2_WAIT_FOR_OPERATION_V8WRITE 3000 | ||
| 1640 | +#define B2C2_WAIT_FOR_OPERATION_V8FLASH 3000 | ||
| 1641 | |||
| 1642 | typedef enum { | ||
| 1643 | V8_MEMORY_PAGE_DVB_CI = 0x20, | ||
| 1644 | diff --git a/drivers/media/usb/cpia2/cpia2_usb.c b/drivers/media/usb/cpia2/cpia2_usb.c | ||
| 1645 | index 4f4a130f17af3..447d6a52af3b8 100644 | ||
| 1646 | --- a/drivers/media/usb/cpia2/cpia2_usb.c | ||
| 1647 | +++ b/drivers/media/usb/cpia2/cpia2_usb.c | ||
| 1648 | @@ -565,7 +565,7 @@ static int write_packet(struct usb_device *udev, | ||
| 1649 | 0, /* index */ | ||
| 1650 | buf, /* buffer */ | ||
| 1651 | size, | ||
| 1652 | - HZ); | ||
| 1653 | + 1000); | ||
| 1654 | |||
| 1655 | kfree(buf); | ||
| 1656 | return ret; | ||
| 1657 | @@ -597,7 +597,7 @@ static int read_packet(struct usb_device *udev, | ||
| 1658 | 0, /* index */ | ||
| 1659 | buf, /* buffer */ | ||
| 1660 | size, | ||
| 1661 | - HZ); | ||
| 1662 | + 1000); | ||
| 1663 | |||
| 1664 | if (ret >= 0) | ||
| 1665 | memcpy(registers, buf, size); | ||
| 1666 | diff --git a/drivers/media/usb/dvb-usb/dib0700_core.c b/drivers/media/usb/dvb-usb/dib0700_core.c | ||
| 1667 | index 4a5ea74c91d45..1b56824fbe51e 100644 | ||
| 1668 | --- a/drivers/media/usb/dvb-usb/dib0700_core.c | ||
| 1669 | +++ b/drivers/media/usb/dvb-usb/dib0700_core.c | ||
| 1670 | @@ -610,8 +610,6 @@ int dib0700_streaming_ctrl(struct dvb_usb_adapter *adap, int onoff) | ||
| 1671 | deb_info("the endpoint number (%i) is not correct, use the adapter id instead", adap->fe_adap[0].stream.props.endpoint); | ||
| 1672 | if (onoff) | ||
| 1673 | st->channel_state |= 1 << (adap->id); | ||
| 1674 | - else | ||
| 1675 | - st->channel_state |= 1 << ~(adap->id); | ||
| 1676 | } else { | ||
| 1677 | if (onoff) | ||
| 1678 | st->channel_state |= 1 << (adap->fe_adap[0].stream.props.endpoint-2); | ||
| 1679 | diff --git a/drivers/media/usb/dvb-usb/m920x.c b/drivers/media/usb/dvb-usb/m920x.c | ||
| 1680 | index eafc5c82467f4..5b806779e2106 100644 | ||
| 1681 | --- a/drivers/media/usb/dvb-usb/m920x.c | ||
| 1682 | +++ b/drivers/media/usb/dvb-usb/m920x.c | ||
| 1683 | @@ -284,6 +284,13 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu | ||
| 1684 | /* Should check for ack here, if we knew how. */ | ||
| 1685 | } | ||
| 1686 | if (msg[i].flags & I2C_M_RD) { | ||
| 1687 | + char *read = kmalloc(1, GFP_KERNEL); | ||
| 1688 | + if (!read) { | ||
| 1689 | + ret = -ENOMEM; | ||
| 1690 | + kfree(read); | ||
| 1691 | + goto unlock; | ||
| 1692 | + } | ||
| 1693 | + | ||
| 1694 | for (j = 0; j < msg[i].len; j++) { | ||
| 1695 | /* Last byte of transaction? | ||
| 1696 | * Send STOP, otherwise send ACK. */ | ||
| 1697 | @@ -291,9 +298,12 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu | ||
| 1698 | |||
| 1699 | if ((ret = m920x_read(d->udev, M9206_I2C, 0x0, | ||
| 1700 | 0x20 | stop, | ||
| 1701 | - &msg[i].buf[j], 1)) != 0) | ||
| 1702 | + read, 1)) != 0) | ||
| 1703 | goto unlock; | ||
| 1704 | + msg[i].buf[j] = read[0]; | ||
| 1705 | } | ||
| 1706 | + | ||
| 1707 | + kfree(read); | ||
| 1708 | } else { | ||
| 1709 | for (j = 0; j < msg[i].len; j++) { | ||
| 1710 | /* Last byte of transaction? Then send STOP. */ | ||
| 1711 | diff --git a/drivers/media/usb/em28xx/em28xx-core.c b/drivers/media/usb/em28xx/em28xx-core.c | ||
| 1712 | index eebd5d7088d00..fb3008a7233fe 100644 | ||
| 1713 | --- a/drivers/media/usb/em28xx/em28xx-core.c | ||
| 1714 | +++ b/drivers/media/usb/em28xx/em28xx-core.c | ||
| 1715 | @@ -99,7 +99,7 @@ int em28xx_read_reg_req_len(struct em28xx *dev, u8 req, u16 reg, | ||
| 1716 | mutex_lock(&dev->ctrl_urb_lock); | ||
| 1717 | ret = usb_control_msg(dev->udev, pipe, req, | ||
| 1718 | USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, | ||
| 1719 | - 0x0000, reg, dev->urb_buf, len, HZ); | ||
| 1720 | + 0x0000, reg, dev->urb_buf, len, 1000); | ||
| 1721 | if (ret < 0) { | ||
| 1722 | if (reg_debug) | ||
| 1723 | printk(" failed!\n"); | ||
| 1724 | @@ -182,7 +182,7 @@ int em28xx_write_regs_req(struct em28xx *dev, u8 req, u16 reg, char *buf, | ||
| 1725 | memcpy(dev->urb_buf, buf, len); | ||
| 1726 | ret = usb_control_msg(dev->udev, pipe, req, | ||
| 1727 | USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, | ||
| 1728 | - 0x0000, reg, dev->urb_buf, len, HZ); | ||
| 1729 | + 0x0000, reg, dev->urb_buf, len, 1000); | ||
| 1730 | mutex_unlock(&dev->ctrl_urb_lock); | ||
| 1731 | |||
| 1732 | if (ret < 0) | ||
| 1733 | diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c | ||
| 1734 | index 0cb8dd5852357..40535db585a0e 100644 | ||
| 1735 | --- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c | ||
| 1736 | +++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c | ||
| 1737 | @@ -1488,7 +1488,7 @@ static int pvr2_upload_firmware1(struct pvr2_hdw *hdw) | ||
| 1738 | for (address = 0; address < fwsize; address += 0x800) { | ||
| 1739 | memcpy(fw_ptr, fw_entry->data + address, 0x800); | ||
| 1740 | ret += usb_control_msg(hdw->usb_dev, pipe, 0xa0, 0x40, address, | ||
| 1741 | - 0, fw_ptr, 0x800, HZ); | ||
| 1742 | + 0, fw_ptr, 0x800, 1000); | ||
| 1743 | } | ||
| 1744 | |||
| 1745 | trace_firmware("Upload done, releasing device's CPU"); | ||
| 1746 | @@ -1627,7 +1627,7 @@ int pvr2_upload_firmware2(struct pvr2_hdw *hdw) | ||
| 1747 | ((u32 *)fw_ptr)[icnt] = swab32(((u32 *)fw_ptr)[icnt]); | ||
| 1748 | |||
| 1749 | ret |= usb_bulk_msg(hdw->usb_dev, pipe, fw_ptr,bcnt, | ||
| 1750 | - &actual_length, HZ); | ||
| 1751 | + &actual_length, 1000); | ||
| 1752 | ret |= (actual_length != bcnt); | ||
| 1753 | if (ret) break; | ||
| 1754 | fw_done += bcnt; | ||
| 1755 | @@ -3486,7 +3486,7 @@ void pvr2_hdw_cpufw_set_enabled(struct pvr2_hdw *hdw, | ||
| 1756 | 0xa0,0xc0, | ||
| 1757 | address,0, | ||
| 1758 | hdw->fw_buffer+address, | ||
| 1759 | - 0x800,HZ); | ||
| 1760 | + 0x800,1000); | ||
| 1761 | if (ret < 0) break; | ||
| 1762 | } | ||
| 1763 | |||
| 1764 | @@ -4011,7 +4011,7 @@ void pvr2_hdw_cpureset_assert(struct pvr2_hdw *hdw,int val) | ||
| 1765 | /* Write the CPUCS register on the 8051. The lsb of the register | ||
| 1766 | is the reset bit; a 1 asserts reset while a 0 clears it. */ | ||
| 1767 | pipe = usb_sndctrlpipe(hdw->usb_dev, 0); | ||
| 1768 | - ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,HZ); | ||
| 1769 | + ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,1000); | ||
| 1770 | if (ret < 0) { | ||
| 1771 | pvr2_trace(PVR2_TRACE_ERROR_LEGS, | ||
| 1772 | "cpureset_assert(%d) error=%d",val,ret); | ||
| 1773 | diff --git a/drivers/media/usb/s2255/s2255drv.c b/drivers/media/usb/s2255/s2255drv.c | ||
| 1774 | index f7bb78c1873c9..fb5636f07e7eb 100644 | ||
| 1775 | --- a/drivers/media/usb/s2255/s2255drv.c | ||
| 1776 | +++ b/drivers/media/usb/s2255/s2255drv.c | ||
| 1777 | @@ -1913,7 +1913,7 @@ static long s2255_vendor_req(struct s2255_dev *dev, unsigned char Request, | ||
| 1778 | USB_TYPE_VENDOR | USB_RECIP_DEVICE | | ||
| 1779 | USB_DIR_IN, | ||
| 1780 | Value, Index, buf, | ||
| 1781 | - TransferBufferLength, HZ * 5); | ||
| 1782 | + TransferBufferLength, USB_CTRL_SET_TIMEOUT); | ||
| 1783 | |||
| 1784 | if (r >= 0) | ||
| 1785 | memcpy(TransferBuffer, buf, TransferBufferLength); | ||
| 1786 | @@ -1922,7 +1922,7 @@ static long s2255_vendor_req(struct s2255_dev *dev, unsigned char Request, | ||
| 1787 | r = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0), | ||
| 1788 | Request, USB_TYPE_VENDOR | USB_RECIP_DEVICE, | ||
| 1789 | Value, Index, buf, | ||
| 1790 | - TransferBufferLength, HZ * 5); | ||
| 1791 | + TransferBufferLength, USB_CTRL_SET_TIMEOUT); | ||
| 1792 | } | ||
| 1793 | kfree(buf); | ||
| 1794 | return r; | ||
| 1795 | diff --git a/drivers/media/usb/stk1160/stk1160-core.c b/drivers/media/usb/stk1160/stk1160-core.c | ||
| 1796 | index bc029478065a0..a526ea2fe587a 100644 | ||
| 1797 | --- a/drivers/media/usb/stk1160/stk1160-core.c | ||
| 1798 | +++ b/drivers/media/usb/stk1160/stk1160-core.c | ||
| 1799 | @@ -76,7 +76,7 @@ int stk1160_read_reg(struct stk1160 *dev, u16 reg, u8 *value) | ||
| 1800 | return -ENOMEM; | ||
| 1801 | ret = usb_control_msg(dev->udev, pipe, 0x00, | ||
| 1802 | USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, | ||
| 1803 | - 0x00, reg, buf, sizeof(u8), HZ); | ||
| 1804 | + 0x00, reg, buf, sizeof(u8), 1000); | ||
| 1805 | if (ret < 0) { | ||
| 1806 | stk1160_err("read failed on reg 0x%x (%d)\n", | ||
| 1807 | reg, ret); | ||
| 1808 | @@ -96,7 +96,7 @@ int stk1160_write_reg(struct stk1160 *dev, u16 reg, u16 value) | ||
| 1809 | |||
| 1810 | ret = usb_control_msg(dev->udev, pipe, 0x01, | ||
| 1811 | USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, | ||
| 1812 | - value, reg, NULL, 0, HZ); | ||
| 1813 | + value, reg, NULL, 0, 1000); | ||
| 1814 | if (ret < 0) { | ||
| 1815 | stk1160_err("write failed on reg 0x%x (%d)\n", | ||
| 1816 | reg, ret); | ||
| 1817 | diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c | ||
| 1818 | index 1d724e86f3780..2a7d178a9d069 100644 | ||
| 1819 | --- a/drivers/media/usb/uvc/uvc_video.c | ||
| 1820 | +++ b/drivers/media/usb/uvc/uvc_video.c | ||
| 1821 | @@ -1716,6 +1716,10 @@ static int uvc_init_video(struct uvc_streaming *stream, gfp_t gfp_flags) | ||
| 1822 | if (ep == NULL) | ||
| 1823 | return -EIO; | ||
| 1824 | |||
| 1825 | + /* Reject broken descriptors. */ | ||
| 1826 | + if (usb_endpoint_maxp(&ep->desc) == 0) | ||
| 1827 | + return -EIO; | ||
| 1828 | + | ||
| 1829 | ret = uvc_init_video_bulk(stream, ep, gfp_flags); | ||
| 1830 | } | ||
| 1831 | |||
| 1832 | diff --git a/drivers/mfd/intel-lpss-acpi.c b/drivers/mfd/intel-lpss-acpi.c | ||
| 1833 | index 6bf8d643d9428..31fbfd9c4b11c 100644 | ||
| 1834 | --- a/drivers/mfd/intel-lpss-acpi.c | ||
| 1835 | +++ b/drivers/mfd/intel-lpss-acpi.c | ||
| 1836 | @@ -84,6 +84,7 @@ static int intel_lpss_acpi_probe(struct platform_device *pdev) | ||
| 1837 | { | ||
| 1838 | struct intel_lpss_platform_info *info; | ||
| 1839 | const struct acpi_device_id *id; | ||
| 1840 | + int ret; | ||
| 1841 | |||
| 1842 | id = acpi_match_device(intel_lpss_acpi_ids, &pdev->dev); | ||
| 1843 | if (!id) | ||
| 1844 | @@ -97,10 +98,14 @@ static int intel_lpss_acpi_probe(struct platform_device *pdev) | ||
| 1845 | info->mem = platform_get_resource(pdev, IORESOURCE_MEM, 0); | ||
| 1846 | info->irq = platform_get_irq(pdev, 0); | ||
| 1847 | |||
| 1848 | + ret = intel_lpss_probe(&pdev->dev, info); | ||
| 1849 | + if (ret) | ||
| 1850 | + return ret; | ||
| 1851 | + | ||
| 1852 | pm_runtime_set_active(&pdev->dev); | ||
| 1853 | pm_runtime_enable(&pdev->dev); | ||
| 1854 | |||
| 1855 | - return intel_lpss_probe(&pdev->dev, info); | ||
| 1856 | + return 0; | ||
| 1857 | } | ||
| 1858 | |||
| 1859 | static int intel_lpss_acpi_remove(struct platform_device *pdev) | ||
| 1860 | diff --git a/drivers/misc/lattice-ecp3-config.c b/drivers/misc/lattice-ecp3-config.c | ||
| 1861 | index 626fdcaf25101..645d26536114f 100644 | ||
| 1862 | --- a/drivers/misc/lattice-ecp3-config.c | ||
| 1863 | +++ b/drivers/misc/lattice-ecp3-config.c | ||
| 1864 | @@ -81,12 +81,12 @@ static void firmware_load(const struct firmware *fw, void *context) | ||
| 1865 | |||
| 1866 | if (fw == NULL) { | ||
| 1867 | dev_err(&spi->dev, "Cannot load firmware, aborting\n"); | ||
| 1868 | - return; | ||
| 1869 | + goto out; | ||
| 1870 | } | ||
| 1871 | |||
| 1872 | if (fw->size == 0) { | ||
| 1873 | dev_err(&spi->dev, "Error: Firmware size is 0!\n"); | ||
| 1874 | - return; | ||
| 1875 | + goto out; | ||
| 1876 | } | ||
| 1877 | |||
| 1878 | /* Fill dummy data (24 stuffing bits for commands) */ | ||
| 1879 | @@ -108,7 +108,7 @@ static void firmware_load(const struct firmware *fw, void *context) | ||
| 1880 | dev_err(&spi->dev, | ||
| 1881 | "Error: No supported FPGA detected (JEDEC_ID=%08x)!\n", | ||
| 1882 | jedec_id); | ||
| 1883 | - return; | ||
| 1884 | + goto out; | ||
| 1885 | } | ||
| 1886 | |||
| 1887 | dev_info(&spi->dev, "FPGA %s detected\n", ecp3_dev[i].name); | ||
| 1888 | @@ -121,7 +121,7 @@ static void firmware_load(const struct firmware *fw, void *context) | ||
| 1889 | buffer = kzalloc(fw->size + 8, GFP_KERNEL); | ||
| 1890 | if (!buffer) { | ||
| 1891 | dev_err(&spi->dev, "Error: Can't allocate memory!\n"); | ||
| 1892 | - return; | ||
| 1893 | + goto out; | ||
| 1894 | } | ||
| 1895 | |||
| 1896 | /* | ||
| 1897 | @@ -160,7 +160,7 @@ static void firmware_load(const struct firmware *fw, void *context) | ||
| 1898 | "Error: Timeout waiting for FPGA to clear (status=%08x)!\n", | ||
| 1899 | status); | ||
| 1900 | kfree(buffer); | ||
| 1901 | - return; | ||
| 1902 | + goto out; | ||
| 1903 | } | ||
| 1904 | |||
| 1905 | dev_info(&spi->dev, "Configuring the FPGA...\n"); | ||
| 1906 | @@ -186,7 +186,7 @@ static void firmware_load(const struct firmware *fw, void *context) | ||
| 1907 | release_firmware(fw); | ||
| 1908 | |||
| 1909 | kfree(buffer); | ||
| 1910 | - | ||
| 1911 | +out: | ||
| 1912 | complete(&data->fw_loaded); | ||
| 1913 | } | ||
| 1914 | |||
| 1915 | diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c | ||
| 1916 | index 2b721ed392adb..0d9226bdf6614 100644 | ||
| 1917 | --- a/drivers/net/bonding/bond_main.c | ||
| 1918 | +++ b/drivers/net/bonding/bond_main.c | ||
| 1919 | @@ -782,14 +782,14 @@ static bool bond_should_notify_peers(struct bonding *bond) | ||
| 1920 | slave = rcu_dereference(bond->curr_active_slave); | ||
| 1921 | rcu_read_unlock(); | ||
| 1922 | |||
| 1923 | - netdev_dbg(bond->dev, "bond_should_notify_peers: slave %s\n", | ||
| 1924 | - slave ? slave->dev->name : "NULL"); | ||
| 1925 | - | ||
| 1926 | if (!slave || !bond->send_peer_notif || | ||
| 1927 | !netif_carrier_ok(bond->dev) || | ||
| 1928 | test_bit(__LINK_STATE_LINKWATCH_PENDING, &slave->dev->state)) | ||
| 1929 | return false; | ||
| 1930 | |||
| 1931 | + netdev_dbg(bond->dev, "bond_should_notify_peers: slave %s\n", | ||
| 1932 | + slave ? slave->dev->name : "NULL"); | ||
| 1933 | + | ||
| 1934 | return true; | ||
| 1935 | } | ||
| 1936 | |||
| 1937 | diff --git a/drivers/net/can/softing/softing_cs.c b/drivers/net/can/softing/softing_cs.c | ||
| 1938 | index cdc0c7433a4b5..9fbed88d6c821 100644 | ||
| 1939 | --- a/drivers/net/can/softing/softing_cs.c | ||
| 1940 | +++ b/drivers/net/can/softing/softing_cs.c | ||
| 1941 | @@ -304,7 +304,7 @@ static int softingcs_probe(struct pcmcia_device *pcmcia) | ||
| 1942 | return 0; | ||
| 1943 | |||
| 1944 | platform_failed: | ||
| 1945 | - kfree(dev); | ||
| 1946 | + platform_device_put(pdev); | ||
| 1947 | mem_failed: | ||
| 1948 | pcmcia_bad: | ||
| 1949 | pcmcia_failed: | ||
| 1950 | diff --git a/drivers/net/can/softing/softing_fw.c b/drivers/net/can/softing/softing_fw.c | ||
| 1951 | index 52fe50725d749..a74c779feb90e 100644 | ||
| 1952 | --- a/drivers/net/can/softing/softing_fw.c | ||
| 1953 | +++ b/drivers/net/can/softing/softing_fw.c | ||
| 1954 | @@ -576,18 +576,19 @@ int softing_startstop(struct net_device *dev, int up) | ||
| 1955 | if (ret < 0) | ||
| 1956 | goto failed; | ||
| 1957 | } | ||
| 1958 | - /* enable_error_frame */ | ||
| 1959 | - /* | ||
| 1960 | + | ||
| 1961 | + /* enable_error_frame | ||
| 1962 | + * | ||
| 1963 | * Error reporting is switched off at the moment since | ||
| 1964 | * the receiving of them is not yet 100% verified | ||
| 1965 | * This should be enabled sooner or later | ||
| 1966 | - * | ||
| 1967 | - if (error_reporting) { | ||
| 1968 | + */ | ||
| 1969 | + if (0 && error_reporting) { | ||
| 1970 | ret = softing_fct_cmd(card, 51, "enable_error_frame"); | ||
| 1971 | if (ret < 0) | ||
| 1972 | goto failed; | ||
| 1973 | } | ||
| 1974 | - */ | ||
| 1975 | + | ||
| 1976 | /* initialize interface */ | ||
| 1977 | iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 2]); | ||
| 1978 | iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 4]); | ||
| 1979 | diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c | ||
| 1980 | index d21c68882e867..75399aa1ba951 100644 | ||
| 1981 | --- a/drivers/net/can/usb/gs_usb.c | ||
| 1982 | +++ b/drivers/net/can/usb/gs_usb.c | ||
| 1983 | @@ -328,7 +328,7 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) | ||
| 1984 | |||
| 1985 | /* device reports out of range channel id */ | ||
| 1986 | if (hf->channel >= GS_MAX_INTF) | ||
| 1987 | - goto resubmit_urb; | ||
| 1988 | + goto device_detach; | ||
| 1989 | |||
| 1990 | dev = usbcan->canch[hf->channel]; | ||
| 1991 | |||
| 1992 | @@ -413,6 +413,7 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) | ||
| 1993 | |||
| 1994 | /* USB failure take down all interfaces */ | ||
| 1995 | if (rc == -ENODEV) { | ||
| 1996 | + device_detach: | ||
| 1997 | for (rc = 0; rc < GS_MAX_INTF; rc++) { | ||
| 1998 | if (usbcan->canch[rc]) | ||
| 1999 | netif_device_detach(usbcan->canch[rc]->netdev); | ||
| 2000 | @@ -514,6 +515,8 @@ static netdev_tx_t gs_can_start_xmit(struct sk_buff *skb, | ||
| 2001 | |||
| 2002 | hf->echo_id = idx; | ||
| 2003 | hf->channel = dev->channel; | ||
| 2004 | + hf->flags = 0; | ||
| 2005 | + hf->reserved = 0; | ||
| 2006 | |||
| 2007 | cf = (struct can_frame *)skb->data; | ||
| 2008 | |||
| 2009 | diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c | ||
| 2010 | index e680bab27dd7e..ef24b619e0e57 100644 | ||
| 2011 | --- a/drivers/net/can/xilinx_can.c | ||
| 2012 | +++ b/drivers/net/can/xilinx_can.c | ||
| 2013 | @@ -1302,7 +1302,12 @@ static int xcan_probe(struct platform_device *pdev) | ||
| 2014 | spin_lock_init(&priv->tx_lock); | ||
| 2015 | |||
| 2016 | /* Get IRQ for the device */ | ||
| 2017 | - ndev->irq = platform_get_irq(pdev, 0); | ||
| 2018 | + ret = platform_get_irq(pdev, 0); | ||
| 2019 | + if (ret < 0) | ||
| 2020 | + goto err_free; | ||
| 2021 | + | ||
| 2022 | + ndev->irq = ret; | ||
| 2023 | + | ||
| 2024 | ndev->flags |= IFF_ECHO; /* We support local echo */ | ||
| 2025 | |||
| 2026 | platform_set_drvdata(pdev, ndev); | ||
| 2027 | diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 2028 | index fae5517770834..6676924d5f3e7 100644 | ||
| 2029 | --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 2030 | +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 2031 | @@ -3358,10 +3358,12 @@ static int bcmgenet_probe(struct platform_device *pdev) | ||
| 2032 | |||
| 2033 | /* Request the WOL interrupt and advertise suspend if available */ | ||
| 2034 | priv->wol_irq_disabled = true; | ||
| 2035 | - err = devm_request_irq(&pdev->dev, priv->wol_irq, bcmgenet_wol_isr, 0, | ||
| 2036 | - dev->name, priv); | ||
| 2037 | - if (!err) | ||
| 2038 | - device_set_wakeup_capable(&pdev->dev, 1); | ||
| 2039 | + if (priv->wol_irq > 0) { | ||
| 2040 | + err = devm_request_irq(&pdev->dev, priv->wol_irq, | ||
| 2041 | + bcmgenet_wol_isr, 0, dev->name, priv); | ||
| 2042 | + if (!err) | ||
| 2043 | + device_set_wakeup_capable(&pdev->dev, 1); | ||
| 2044 | + } | ||
| 2045 | |||
| 2046 | /* Set the needed headroom to account for any possible | ||
| 2047 | * features enabling/disabling at runtime | ||
| 2048 | diff --git a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | ||
| 2049 | index d04a6c1634452..da8d10475a08e 100644 | ||
| 2050 | --- a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | ||
| 2051 | +++ b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | ||
| 2052 | @@ -32,6 +32,7 @@ | ||
| 2053 | |||
| 2054 | #include <linux/tcp.h> | ||
| 2055 | #include <linux/ipv6.h> | ||
| 2056 | +#include <net/inet_ecn.h> | ||
| 2057 | #include <net/route.h> | ||
| 2058 | #include <net/ip6_route.h> | ||
| 2059 | |||
| 2060 | @@ -99,7 +100,7 @@ cxgb_find_route(struct cxgb4_lld_info *lldi, | ||
| 2061 | |||
| 2062 | rt = ip_route_output_ports(&init_net, &fl4, NULL, peer_ip, local_ip, | ||
| 2063 | peer_port, local_port, IPPROTO_TCP, | ||
| 2064 | - tos, 0); | ||
| 2065 | + tos & ~INET_ECN_MASK, 0); | ||
| 2066 | if (IS_ERR(rt)) | ||
| 2067 | return NULL; | ||
| 2068 | n = dst_neigh_lookup(&rt->dst, &peer_ip); | ||
| 2069 | diff --git a/drivers/net/ethernet/freescale/fman/mac.c b/drivers/net/ethernet/freescale/fman/mac.c | ||
| 2070 | index 81021f87e4f39..93b7ed361b82e 100644 | ||
| 2071 | --- a/drivers/net/ethernet/freescale/fman/mac.c | ||
| 2072 | +++ b/drivers/net/ethernet/freescale/fman/mac.c | ||
| 2073 | @@ -96,14 +96,17 @@ static void mac_exception(void *handle, enum fman_mac_exceptions ex) | ||
| 2074 | __func__, ex); | ||
| 2075 | } | ||
| 2076 | |||
| 2077 | -static void set_fman_mac_params(struct mac_device *mac_dev, | ||
| 2078 | - struct fman_mac_params *params) | ||
| 2079 | +static int set_fman_mac_params(struct mac_device *mac_dev, | ||
| 2080 | + struct fman_mac_params *params) | ||
| 2081 | { | ||
| 2082 | struct mac_priv_s *priv = mac_dev->priv; | ||
| 2083 | |||
| 2084 | params->base_addr = (typeof(params->base_addr)) | ||
| 2085 | devm_ioremap(priv->dev, mac_dev->res->start, | ||
| 2086 | resource_size(mac_dev->res)); | ||
| 2087 | + if (!params->base_addr) | ||
| 2088 | + return -ENOMEM; | ||
| 2089 | + | ||
| 2090 | memcpy(¶ms->addr, mac_dev->addr, sizeof(mac_dev->addr)); | ||
| 2091 | params->max_speed = priv->max_speed; | ||
| 2092 | params->phy_if = priv->phy_if; | ||
| 2093 | @@ -114,6 +117,8 @@ static void set_fman_mac_params(struct mac_device *mac_dev, | ||
| 2094 | params->event_cb = mac_exception; | ||
| 2095 | params->dev_id = mac_dev; | ||
| 2096 | params->internal_phy_node = priv->internal_phy_node; | ||
| 2097 | + | ||
| 2098 | + return 0; | ||
| 2099 | } | ||
| 2100 | |||
| 2101 | static int tgec_initialization(struct mac_device *mac_dev) | ||
| 2102 | @@ -125,7 +130,9 @@ static int tgec_initialization(struct mac_device *mac_dev) | ||
| 2103 | |||
| 2104 | priv = mac_dev->priv; | ||
| 2105 | |||
| 2106 | - set_fman_mac_params(mac_dev, ¶ms); | ||
| 2107 | + err = set_fman_mac_params(mac_dev, ¶ms); | ||
| 2108 | + if (err) | ||
| 2109 | + goto _return; | ||
| 2110 | |||
| 2111 | mac_dev->fman_mac = tgec_config(¶ms); | ||
| 2112 | if (!mac_dev->fman_mac) { | ||
| 2113 | @@ -171,7 +178,9 @@ static int dtsec_initialization(struct mac_device *mac_dev) | ||
| 2114 | |||
| 2115 | priv = mac_dev->priv; | ||
| 2116 | |||
| 2117 | - set_fman_mac_params(mac_dev, ¶ms); | ||
| 2118 | + err = set_fman_mac_params(mac_dev, ¶ms); | ||
| 2119 | + if (err) | ||
| 2120 | + goto _return; | ||
| 2121 | |||
| 2122 | mac_dev->fman_mac = dtsec_config(¶ms); | ||
| 2123 | if (!mac_dev->fman_mac) { | ||
| 2124 | @@ -220,7 +229,9 @@ static int memac_initialization(struct mac_device *mac_dev) | ||
| 2125 | |||
| 2126 | priv = mac_dev->priv; | ||
| 2127 | |||
| 2128 | - set_fman_mac_params(mac_dev, ¶ms); | ||
| 2129 | + err = set_fman_mac_params(mac_dev, ¶ms); | ||
| 2130 | + if (err) | ||
| 2131 | + goto _return; | ||
| 2132 | |||
| 2133 | if (priv->max_speed == SPEED_10000) | ||
| 2134 | params.phy_if = PHY_INTERFACE_MODE_XGMII; | ||
| 2135 | diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c | ||
| 2136 | index 9fd68cfdd9734..fc721a59a4086 100644 | ||
| 2137 | --- a/drivers/net/ethernet/freescale/gianfar.c | ||
| 2138 | +++ b/drivers/net/ethernet/freescale/gianfar.c | ||
| 2139 | @@ -2939,29 +2939,21 @@ static bool gfar_add_rx_frag(struct gfar_rx_buff *rxb, u32 lstatus, | ||
| 2140 | { | ||
| 2141 | int size = lstatus & BD_LENGTH_MASK; | ||
| 2142 | struct page *page = rxb->page; | ||
| 2143 | - bool last = !!(lstatus & BD_LFLAG(RXBD_LAST)); | ||
| 2144 | - | ||
| 2145 | - /* Remove the FCS from the packet length */ | ||
| 2146 | - if (last) | ||
| 2147 | - size -= ETH_FCS_LEN; | ||
| 2148 | |||
| 2149 | if (likely(first)) { | ||
| 2150 | skb_put(skb, size); | ||
| 2151 | } else { | ||
| 2152 | /* the last fragments' length contains the full frame length */ | ||
| 2153 | - if (last) | ||
| 2154 | + if (lstatus & BD_LFLAG(RXBD_LAST)) | ||
| 2155 | size -= skb->len; | ||
| 2156 | |||
| 2157 | - /* Add the last fragment if it contains something other than | ||
| 2158 | - * the FCS, otherwise drop it and trim off any part of the FCS | ||
| 2159 | - * that was already received. | ||
| 2160 | - */ | ||
| 2161 | - if (size > 0) | ||
| 2162 | - skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, | ||
| 2163 | - rxb->page_offset + RXBUF_ALIGNMENT, | ||
| 2164 | - size, GFAR_RXB_TRUESIZE); | ||
| 2165 | - else if (size < 0) | ||
| 2166 | - pskb_trim(skb, skb->len + size); | ||
| 2167 | + WARN(size < 0, "gianfar: rx fragment size underflow"); | ||
| 2168 | + if (size < 0) | ||
| 2169 | + return false; | ||
| 2170 | + | ||
| 2171 | + skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, | ||
| 2172 | + rxb->page_offset + RXBUF_ALIGNMENT, | ||
| 2173 | + size, GFAR_RXB_TRUESIZE); | ||
| 2174 | } | ||
| 2175 | |||
| 2176 | /* try reuse page */ | ||
| 2177 | @@ -3074,6 +3066,9 @@ static void gfar_process_frame(struct net_device *ndev, struct sk_buff *skb) | ||
| 2178 | if (priv->padding) | ||
| 2179 | skb_pull(skb, priv->padding); | ||
| 2180 | |||
| 2181 | + /* Trim off the FCS */ | ||
| 2182 | + pskb_trim(skb, skb->len - ETH_FCS_LEN); | ||
| 2183 | + | ||
| 2184 | if (ndev->features & NETIF_F_RXCSUM) | ||
| 2185 | gfar_rx_checksum(skb, fcb); | ||
| 2186 | |||
| 2187 | @@ -3117,6 +3112,17 @@ int gfar_clean_rx_ring(struct gfar_priv_rx_q *rx_queue, int rx_work_limit) | ||
| 2188 | if (lstatus & BD_LFLAG(RXBD_EMPTY)) | ||
| 2189 | break; | ||
| 2190 | |||
| 2191 | + /* lost RXBD_LAST descriptor due to overrun */ | ||
| 2192 | + if (skb && | ||
| 2193 | + (lstatus & BD_LFLAG(RXBD_FIRST))) { | ||
| 2194 | + /* discard faulty buffer */ | ||
| 2195 | + dev_kfree_skb(skb); | ||
| 2196 | + skb = NULL; | ||
| 2197 | + rx_queue->stats.rx_dropped++; | ||
| 2198 | + | ||
| 2199 | + /* can continue normally */ | ||
| 2200 | + } | ||
| 2201 | + | ||
| 2202 | /* order rx buffer descriptor reads */ | ||
| 2203 | rmb(); | ||
| 2204 | |||
| 2205 | diff --git a/drivers/net/ethernet/freescale/xgmac_mdio.c b/drivers/net/ethernet/freescale/xgmac_mdio.c | ||
| 2206 | index c82c85ef5fb34..c37aea7ba8502 100644 | ||
| 2207 | --- a/drivers/net/ethernet/freescale/xgmac_mdio.c | ||
| 2208 | +++ b/drivers/net/ethernet/freescale/xgmac_mdio.c | ||
| 2209 | @@ -301,9 +301,10 @@ err_ioremap: | ||
| 2210 | static int xgmac_mdio_remove(struct platform_device *pdev) | ||
| 2211 | { | ||
| 2212 | struct mii_bus *bus = platform_get_drvdata(pdev); | ||
| 2213 | + struct mdio_fsl_priv *priv = bus->priv; | ||
| 2214 | |||
| 2215 | mdiobus_unregister(bus); | ||
| 2216 | - iounmap(bus->priv); | ||
| 2217 | + iounmap(priv->mdio_base); | ||
| 2218 | mdiobus_free(bus); | ||
| 2219 | |||
| 2220 | return 0; | ||
| 2221 | diff --git a/drivers/net/ethernet/i825xx/sni_82596.c b/drivers/net/ethernet/i825xx/sni_82596.c | ||
| 2222 | index 2af7f77345fbd..e4128e151b854 100644 | ||
| 2223 | --- a/drivers/net/ethernet/i825xx/sni_82596.c | ||
| 2224 | +++ b/drivers/net/ethernet/i825xx/sni_82596.c | ||
| 2225 | @@ -122,9 +122,10 @@ static int sni_82596_probe(struct platform_device *dev) | ||
| 2226 | netdevice->dev_addr[5] = readb(eth_addr + 0x06); | ||
| 2227 | iounmap(eth_addr); | ||
| 2228 | |||
| 2229 | - if (!netdevice->irq) { | ||
| 2230 | + if (netdevice->irq < 0) { | ||
| 2231 | printk(KERN_ERR "%s: IRQ not found for i82596 at 0x%lx\n", | ||
| 2232 | __FILE__, netdevice->base_addr); | ||
| 2233 | + retval = netdevice->irq; | ||
| 2234 | goto probe_failed; | ||
| 2235 | } | ||
| 2236 | |||
| 2237 | diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c | ||
| 2238 | index 46fcf3ec2caf7..46998a58e3d96 100644 | ||
| 2239 | --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c | ||
| 2240 | +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c | ||
| 2241 | @@ -278,6 +278,16 @@ static int axienet_dma_bd_init(struct net_device *ndev) | ||
| 2242 | axienet_dma_out32(lp, XAXIDMA_TX_CR_OFFSET, | ||
| 2243 | cr | XAXIDMA_CR_RUNSTOP_MASK); | ||
| 2244 | |||
| 2245 | + /* Wait for PhyRstCmplt bit to be set, indicating the PHY reset has finished */ | ||
| 2246 | + ret = read_poll_timeout(axienet_ior, value, | ||
| 2247 | + value & XAE_INT_PHYRSTCMPLT_MASK, | ||
| 2248 | + DELAY_OF_ONE_MILLISEC, 50000, false, lp, | ||
| 2249 | + XAE_IS_OFFSET); | ||
| 2250 | + if (ret) { | ||
| 2251 | + dev_err(lp->dev, "%s: timeout waiting for PhyRstCmplt\n", __func__); | ||
| 2252 | + return ret; | ||
| 2253 | + } | ||
| 2254 | + | ||
| 2255 | return 0; | ||
| 2256 | out: | ||
| 2257 | axienet_dma_bd_release(ndev); | ||
| 2258 | @@ -670,7 +680,7 @@ axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev) | ||
| 2259 | num_frag = skb_shinfo(skb)->nr_frags; | ||
| 2260 | cur_p = &lp->tx_bd_v[lp->tx_bd_tail]; | ||
| 2261 | |||
| 2262 | - if (axienet_check_tx_bd_space(lp, num_frag)) { | ||
| 2263 | + if (axienet_check_tx_bd_space(lp, num_frag + 1)) { | ||
| 2264 | if (netif_queue_stopped(ndev)) | ||
| 2265 | return NETDEV_TX_BUSY; | ||
| 2266 | |||
| 2267 | @@ -680,7 +690,7 @@ axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev) | ||
| 2268 | smp_mb(); | ||
| 2269 | |||
| 2270 | /* Space might have just been freed - check again */ | ||
| 2271 | - if (axienet_check_tx_bd_space(lp, num_frag)) | ||
| 2272 | + if (axienet_check_tx_bd_space(lp, num_frag + 1)) | ||
| 2273 | return NETDEV_TX_BUSY; | ||
| 2274 | |||
| 2275 | netif_wake_queue(ndev); | ||
| 2276 | diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c | ||
| 2277 | index 92fb664b56fbb..0fa6e2da4b5a2 100644 | ||
| 2278 | --- a/drivers/net/phy/mdio_bus.c | ||
| 2279 | +++ b/drivers/net/phy/mdio_bus.c | ||
| 2280 | @@ -347,7 +347,7 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner) | ||
| 2281 | } | ||
| 2282 | |||
| 2283 | bus->state = MDIOBUS_REGISTERED; | ||
| 2284 | - pr_info("%s: probed\n", bus->name); | ||
| 2285 | + dev_dbg(&bus->dev, "probed\n"); | ||
| 2286 | return 0; | ||
| 2287 | |||
| 2288 | error: | ||
| 2289 | diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c | ||
| 2290 | index 0a29844676f92..6287d2ad77c6d 100644 | ||
| 2291 | --- a/drivers/net/ppp/ppp_generic.c | ||
| 2292 | +++ b/drivers/net/ppp/ppp_generic.c | ||
| 2293 | @@ -71,6 +71,8 @@ | ||
| 2294 | #define MPHDRLEN 6 /* multilink protocol header length */ | ||
| 2295 | #define MPHDRLEN_SSN 4 /* ditto with short sequence numbers */ | ||
| 2296 | |||
| 2297 | +#define PPP_PROTO_LEN 2 | ||
| 2298 | + | ||
| 2299 | /* | ||
| 2300 | * An instance of /dev/ppp can be associated with either a ppp | ||
| 2301 | * interface unit or a ppp channel. In both cases, file->private_data | ||
| 2302 | @@ -500,6 +502,9 @@ static ssize_t ppp_write(struct file *file, const char __user *buf, | ||
| 2303 | |||
| 2304 | if (!pf) | ||
| 2305 | return -ENXIO; | ||
| 2306 | + /* All PPP packets should start with the 2-byte protocol */ | ||
| 2307 | + if (count < PPP_PROTO_LEN) | ||
| 2308 | + return -EINVAL; | ||
| 2309 | ret = -ENOMEM; | ||
| 2310 | skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL); | ||
| 2311 | if (!skb) | ||
| 2312 | @@ -1563,7 +1568,7 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) | ||
| 2313 | } | ||
| 2314 | |||
| 2315 | ++ppp->stats64.tx_packets; | ||
| 2316 | - ppp->stats64.tx_bytes += skb->len - 2; | ||
| 2317 | + ppp->stats64.tx_bytes += skb->len - PPP_PROTO_LEN; | ||
| 2318 | |||
| 2319 | switch (proto) { | ||
| 2320 | case PPP_IP: | ||
| 2321 | diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c | ||
| 2322 | index 4f345bd4e6e29..95151b46f2001 100644 | ||
| 2323 | --- a/drivers/net/usb/mcs7830.c | ||
| 2324 | +++ b/drivers/net/usb/mcs7830.c | ||
| 2325 | @@ -121,8 +121,16 @@ static const char driver_name[] = "MOSCHIP usb-ethernet driver"; | ||
| 2326 | |||
| 2327 | static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data) | ||
| 2328 | { | ||
| 2329 | - return usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ, | ||
| 2330 | - 0x0000, index, data, size); | ||
| 2331 | + int ret; | ||
| 2332 | + | ||
| 2333 | + ret = usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ, | ||
| 2334 | + 0x0000, index, data, size); | ||
| 2335 | + if (ret < 0) | ||
| 2336 | + return ret; | ||
| 2337 | + else if (ret < size) | ||
| 2338 | + return -ENODATA; | ||
| 2339 | + | ||
| 2340 | + return ret; | ||
| 2341 | } | ||
| 2342 | |||
| 2343 | static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, const void *data) | ||
| 2344 | diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c | ||
| 2345 | index 9f4ee1d125b68..0c6b33c464cd9 100644 | ||
| 2346 | --- a/drivers/net/wireless/ath/ar5523/ar5523.c | ||
| 2347 | +++ b/drivers/net/wireless/ath/ar5523/ar5523.c | ||
| 2348 | @@ -153,6 +153,10 @@ static void ar5523_cmd_rx_cb(struct urb *urb) | ||
| 2349 | ar5523_err(ar, "Invalid reply to WDCMSG_TARGET_START"); | ||
| 2350 | return; | ||
| 2351 | } | ||
| 2352 | + if (!cmd->odata) { | ||
| 2353 | + ar5523_err(ar, "Unexpected WDCMSG_TARGET_START reply"); | ||
| 2354 | + return; | ||
| 2355 | + } | ||
| 2356 | memcpy(cmd->odata, hdr + 1, sizeof(u32)); | ||
| 2357 | cmd->olen = sizeof(u32); | ||
| 2358 | cmd->res = 0; | ||
| 2359 | diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c | ||
| 2360 | index ae5b33fe5ba82..374ce35940d07 100644 | ||
| 2361 | --- a/drivers/net/wireless/ath/ath10k/htt_tx.c | ||
| 2362 | +++ b/drivers/net/wireless/ath/ath10k/htt_tx.c | ||
| 2363 | @@ -158,6 +158,9 @@ void ath10k_htt_tx_dec_pending(struct ath10k_htt *htt) | ||
| 2364 | htt->num_pending_tx--; | ||
| 2365 | if (htt->num_pending_tx == htt->max_num_pending_tx - 1) | ||
| 2366 | ath10k_mac_tx_unlock(htt->ar, ATH10K_TX_PAUSE_Q_FULL); | ||
| 2367 | + | ||
| 2368 | + if (htt->num_pending_tx == 0) | ||
| 2369 | + wake_up(&htt->empty_tx_wq); | ||
| 2370 | } | ||
| 2371 | |||
| 2372 | int ath10k_htt_tx_inc_pending(struct ath10k_htt *htt) | ||
| 2373 | diff --git a/drivers/net/wireless/ath/ath10k/txrx.c b/drivers/net/wireless/ath/ath10k/txrx.c | ||
| 2374 | index beeb6be06939b..b6c050452b757 100644 | ||
| 2375 | --- a/drivers/net/wireless/ath/ath10k/txrx.c | ||
| 2376 | +++ b/drivers/net/wireless/ath/ath10k/txrx.c | ||
| 2377 | @@ -89,8 +89,6 @@ int ath10k_txrx_tx_unref(struct ath10k_htt *htt, | ||
| 2378 | |||
| 2379 | ath10k_htt_tx_free_msdu_id(htt, tx_done->msdu_id); | ||
| 2380 | ath10k_htt_tx_dec_pending(htt); | ||
| 2381 | - if (htt->num_pending_tx == 0) | ||
| 2382 | - wake_up(&htt->empty_tx_wq); | ||
| 2383 | spin_unlock_bh(&htt->tx_lock); | ||
| 2384 | |||
| 2385 | dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE); | ||
| 2386 | diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c | ||
| 2387 | index 7c409cd43b709..33a6be0f21cac 100644 | ||
| 2388 | --- a/drivers/net/wireless/ath/ath9k/hif_usb.c | ||
| 2389 | +++ b/drivers/net/wireless/ath/ath9k/hif_usb.c | ||
| 2390 | @@ -588,6 +588,13 @@ static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev, | ||
| 2391 | return; | ||
| 2392 | } | ||
| 2393 | |||
| 2394 | + if (pkt_len > 2 * MAX_RX_BUF_SIZE) { | ||
| 2395 | + dev_err(&hif_dev->udev->dev, | ||
| 2396 | + "ath9k_htc: invalid pkt_len (%x)\n", pkt_len); | ||
| 2397 | + RX_STAT_INC(skb_dropped); | ||
| 2398 | + return; | ||
| 2399 | + } | ||
| 2400 | + | ||
| 2401 | pad_len = 4 - (pkt_len & 0x3); | ||
| 2402 | if (pad_len == 4) | ||
| 2403 | pad_len = 0; | ||
| 2404 | diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c | ||
| 2405 | index 914c210c9e605..da2f442cab271 100644 | ||
| 2406 | --- a/drivers/net/wireless/ath/wcn36xx/smd.c | ||
| 2407 | +++ b/drivers/net/wireless/ath/wcn36xx/smd.c | ||
| 2408 | @@ -2052,7 +2052,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn, | ||
| 2409 | wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n", | ||
| 2410 | tmp->bss_index); | ||
| 2411 | vif = wcn36xx_priv_to_vif(tmp); | ||
| 2412 | - ieee80211_connection_loss(vif); | ||
| 2413 | + ieee80211_beacon_loss(vif); | ||
| 2414 | } | ||
| 2415 | return 0; | ||
| 2416 | } | ||
| 2417 | @@ -2067,7 +2067,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn, | ||
| 2418 | wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n", | ||
| 2419 | rsp->bss_index); | ||
| 2420 | vif = wcn36xx_priv_to_vif(tmp); | ||
| 2421 | - ieee80211_connection_loss(vif); | ||
| 2422 | + ieee80211_beacon_loss(vif); | ||
| 2423 | return 0; | ||
| 2424 | } | ||
| 2425 | } | ||
| 2426 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
| 2427 | index d46efa8d70732..f8c225a726bd4 100644 | ||
| 2428 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
| 2429 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
| 2430 | @@ -1599,6 +1599,7 @@ static void iwl_mvm_recalc_multicast(struct iwl_mvm *mvm) | ||
| 2431 | struct iwl_mvm_mc_iter_data iter_data = { | ||
| 2432 | .mvm = mvm, | ||
| 2433 | }; | ||
| 2434 | + int ret; | ||
| 2435 | |||
| 2436 | lockdep_assert_held(&mvm->mutex); | ||
| 2437 | |||
| 2438 | @@ -1608,6 +1609,22 @@ static void iwl_mvm_recalc_multicast(struct iwl_mvm *mvm) | ||
| 2439 | ieee80211_iterate_active_interfaces_atomic( | ||
| 2440 | mvm->hw, IEEE80211_IFACE_ITER_NORMAL, | ||
| 2441 | iwl_mvm_mc_iface_iterator, &iter_data); | ||
| 2442 | + | ||
| 2443 | + /* | ||
| 2444 | + * Send a (synchronous) ech command so that we wait for the | ||
| 2445 | + * multiple asynchronous MCAST_FILTER_CMD commands sent by | ||
| 2446 | + * the interface iterator. Otherwise, we might get here over | ||
| 2447 | + * and over again (by userspace just sending a lot of these) | ||
| 2448 | + * and the CPU can send them faster than the firmware can | ||
| 2449 | + * process them. | ||
| 2450 | + * Note that the CPU is still faster - but with this we'll | ||
| 2451 | + * actually send fewer commands overall because the CPU will | ||
| 2452 | + * not schedule the work in mac80211 as frequently if it's | ||
| 2453 | + * still running when rescheduled (possibly multiple times). | ||
| 2454 | + */ | ||
| 2455 | + ret = iwl_mvm_send_cmd_pdu(mvm, ECHO_CMD, 0, 0, NULL); | ||
| 2456 | + if (ret) | ||
| 2457 | + IWL_ERR(mvm, "Failed to synchronize multicast groups update\n"); | ||
| 2458 | } | ||
| 2459 | |||
| 2460 | static u64 iwl_mvm_prepare_multicast(struct ieee80211_hw *hw, | ||
| 2461 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
| 2462 | index fa97432054912..a8470817689cf 100644 | ||
| 2463 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
| 2464 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
| 2465 | @@ -1260,7 +1260,7 @@ static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type) | ||
| 2466 | return -EIO; | ||
| 2467 | } | ||
| 2468 | |||
| 2469 | -#define SCAN_TIMEOUT 20000 | ||
| 2470 | +#define SCAN_TIMEOUT 30000 | ||
| 2471 | |||
| 2472 | void iwl_mvm_scan_timeout_wk(struct work_struct *work) | ||
| 2473 | { | ||
| 2474 | diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c | ||
| 2475 | index 2c4225e57c396..3a26add665ca0 100644 | ||
| 2476 | --- a/drivers/net/wireless/marvell/mwifiex/usb.c | ||
| 2477 | +++ b/drivers/net/wireless/marvell/mwifiex/usb.c | ||
| 2478 | @@ -132,7 +132,8 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter, | ||
| 2479 | default: | ||
| 2480 | mwifiex_dbg(adapter, ERROR, | ||
| 2481 | "unknown recv_type %#x\n", recv_type); | ||
| 2482 | - return -1; | ||
| 2483 | + ret = -1; | ||
| 2484 | + goto exit_restore_skb; | ||
| 2485 | } | ||
| 2486 | break; | ||
| 2487 | case MWIFIEX_USB_EP_DATA: | ||
| 2488 | diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c | ||
| 2489 | index 39a6bd314ca3b..264c1d57e10bc 100644 | ||
| 2490 | --- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c | ||
| 2491 | +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c | ||
| 2492 | @@ -1037,6 +1037,7 @@ int rtl92cu_hw_init(struct ieee80211_hw *hw) | ||
| 2493 | _InitPABias(hw); | ||
| 2494 | rtl92c_dm_init(hw); | ||
| 2495 | exit: | ||
| 2496 | + local_irq_disable(); | ||
| 2497 | local_irq_restore(flags); | ||
| 2498 | return err; | ||
| 2499 | } | ||
| 2500 | diff --git a/drivers/parisc/pdc_stable.c b/drivers/parisc/pdc_stable.c | ||
| 2501 | index 3651c3871d5b4..1b4aacf2ff9a5 100644 | ||
| 2502 | --- a/drivers/parisc/pdc_stable.c | ||
| 2503 | +++ b/drivers/parisc/pdc_stable.c | ||
| 2504 | @@ -992,8 +992,10 @@ pdcs_register_pathentries(void) | ||
| 2505 | entry->kobj.kset = paths_kset; | ||
| 2506 | err = kobject_init_and_add(&entry->kobj, &ktype_pdcspath, NULL, | ||
| 2507 | "%s", entry->name); | ||
| 2508 | - if (err) | ||
| 2509 | + if (err) { | ||
| 2510 | + kobject_put(&entry->kobj); | ||
| 2511 | return err; | ||
| 2512 | + } | ||
| 2513 | |||
| 2514 | /* kobject is now registered */ | ||
| 2515 | write_lock(&entry->rw_lock); | ||
| 2516 | diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c | ||
| 2517 | index 3ff2971102b61..8d34c6d0de796 100644 | ||
| 2518 | --- a/drivers/pci/quirks.c | ||
| 2519 | +++ b/drivers/pci/quirks.c | ||
| 2520 | @@ -3916,6 +3916,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9120, | ||
| 2521 | quirk_dma_func1_alias); | ||
| 2522 | DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9123, | ||
| 2523 | quirk_dma_func1_alias); | ||
| 2524 | +/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c136 */ | ||
| 2525 | +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9125, | ||
| 2526 | + quirk_dma_func1_alias); | ||
| 2527 | DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128, | ||
| 2528 | quirk_dma_func1_alias); | ||
| 2529 | /* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */ | ||
| 2530 | diff --git a/drivers/pcmcia/cs.c b/drivers/pcmcia/cs.c | ||
| 2531 | index c3b615c94b4bf..a92cbc952b70b 100644 | ||
| 2532 | --- a/drivers/pcmcia/cs.c | ||
| 2533 | +++ b/drivers/pcmcia/cs.c | ||
| 2534 | @@ -665,18 +665,16 @@ static int pccardd(void *__skt) | ||
| 2535 | if (events || sysfs_events) | ||
| 2536 | continue; | ||
| 2537 | |||
| 2538 | + set_current_state(TASK_INTERRUPTIBLE); | ||
| 2539 | if (kthread_should_stop()) | ||
| 2540 | break; | ||
| 2541 | |||
| 2542 | - set_current_state(TASK_INTERRUPTIBLE); | ||
| 2543 | - | ||
| 2544 | schedule(); | ||
| 2545 | |||
| 2546 | - /* make sure we are running */ | ||
| 2547 | - __set_current_state(TASK_RUNNING); | ||
| 2548 | - | ||
| 2549 | try_to_freeze(); | ||
| 2550 | } | ||
| 2551 | + /* make sure we are running before we exit */ | ||
| 2552 | + __set_current_state(TASK_RUNNING); | ||
| 2553 | |||
| 2554 | /* shut down socket, if a device is still present */ | ||
| 2555 | if (skt->state & SOCKET_PRESENT) { | ||
| 2556 | diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c | ||
| 2557 | index 5ef7b46a25786..2e96d9273b780 100644 | ||
| 2558 | --- a/drivers/pcmcia/rsrc_nonstatic.c | ||
| 2559 | +++ b/drivers/pcmcia/rsrc_nonstatic.c | ||
| 2560 | @@ -693,6 +693,9 @@ static struct resource *__nonstatic_find_io_region(struct pcmcia_socket *s, | ||
| 2561 | unsigned long min = base; | ||
| 2562 | int ret; | ||
| 2563 | |||
| 2564 | + if (!res) | ||
| 2565 | + return NULL; | ||
| 2566 | + | ||
| 2567 | data.mask = align - 1; | ||
| 2568 | data.offset = base & data.mask; | ||
| 2569 | data.map = &s_data->io_db; | ||
| 2570 | @@ -812,6 +815,9 @@ static struct resource *nonstatic_find_mem_region(u_long base, u_long num, | ||
| 2571 | unsigned long min, max; | ||
| 2572 | int ret, i, j; | ||
| 2573 | |||
| 2574 | + if (!res) | ||
| 2575 | + return NULL; | ||
| 2576 | + | ||
| 2577 | low = low || !(s->features & SS_CAP_PAGE_REGS); | ||
| 2578 | |||
| 2579 | data.mask = align - 1; | ||
| 2580 | diff --git a/drivers/power/supply/bq25890_charger.c b/drivers/power/supply/bq25890_charger.c | ||
| 2581 | index f993a55cde20f..faf2a62435674 100644 | ||
| 2582 | --- a/drivers/power/supply/bq25890_charger.c | ||
| 2583 | +++ b/drivers/power/supply/bq25890_charger.c | ||
| 2584 | @@ -521,12 +521,12 @@ static void bq25890_handle_state_change(struct bq25890_device *bq, | ||
| 2585 | |||
| 2586 | if (!new_state->online) { /* power removed */ | ||
| 2587 | /* disable ADC */ | ||
| 2588 | - ret = bq25890_field_write(bq, F_CONV_START, 0); | ||
| 2589 | + ret = bq25890_field_write(bq, F_CONV_RATE, 0); | ||
| 2590 | if (ret < 0) | ||
| 2591 | goto error; | ||
| 2592 | } else if (!old_state.online) { /* power inserted */ | ||
| 2593 | /* enable ADC, to have control of charge current/voltage */ | ||
| 2594 | - ret = bq25890_field_write(bq, F_CONV_START, 1); | ||
| 2595 | + ret = bq25890_field_write(bq, F_CONV_RATE, 1); | ||
| 2596 | if (ret < 0) | ||
| 2597 | goto error; | ||
| 2598 | } | ||
| 2599 | diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c | ||
| 2600 | index b962dbe51750d..1dbd8419df7d7 100644 | ||
| 2601 | --- a/drivers/rtc/rtc-cmos.c | ||
| 2602 | +++ b/drivers/rtc/rtc-cmos.c | ||
| 2603 | @@ -342,7 +342,10 @@ static int cmos_set_alarm(struct device *dev, struct rtc_wkalrm *t) | ||
| 2604 | min = t->time.tm_min; | ||
| 2605 | sec = t->time.tm_sec; | ||
| 2606 | |||
| 2607 | + spin_lock_irq(&rtc_lock); | ||
| 2608 | rtc_control = CMOS_READ(RTC_CONTROL); | ||
| 2609 | + spin_unlock_irq(&rtc_lock); | ||
| 2610 | + | ||
| 2611 | if (!(rtc_control & RTC_DM_BINARY) || RTC_ALWAYS_BCD) { | ||
| 2612 | /* Writing 0xff means "don't care" or "match all". */ | ||
| 2613 | mon = (mon <= 12) ? bin2bcd(mon) : 0xff; | ||
| 2614 | diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c | ||
| 2615 | index 9b63e46edffcc..a2a4c6e22c68d 100644 | ||
| 2616 | --- a/drivers/scsi/sr.c | ||
| 2617 | +++ b/drivers/scsi/sr.c | ||
| 2618 | @@ -882,7 +882,7 @@ static void get_capabilities(struct scsi_cd *cd) | ||
| 2619 | |||
| 2620 | |||
| 2621 | /* allocate transfer buffer */ | ||
| 2622 | - buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); | ||
| 2623 | + buffer = kmalloc(512, GFP_KERNEL); | ||
| 2624 | if (!buffer) { | ||
| 2625 | sr_printk(KERN_ERR, cd, "out of memory.\n"); | ||
| 2626 | return; | ||
| 2627 | diff --git a/drivers/scsi/sr_vendor.c b/drivers/scsi/sr_vendor.c | ||
| 2628 | index 11a238cb22223..629bfe1b20263 100644 | ||
| 2629 | --- a/drivers/scsi/sr_vendor.c | ||
| 2630 | +++ b/drivers/scsi/sr_vendor.c | ||
| 2631 | @@ -118,7 +118,7 @@ int sr_set_blocklength(Scsi_CD *cd, int blocklength) | ||
| 2632 | density = (blocklength > 2048) ? 0x81 : 0x83; | ||
| 2633 | #endif | ||
| 2634 | |||
| 2635 | - buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); | ||
| 2636 | + buffer = kmalloc(512, GFP_KERNEL); | ||
| 2637 | if (!buffer) | ||
| 2638 | return -ENOMEM; | ||
| 2639 | |||
| 2640 | @@ -166,7 +166,7 @@ int sr_cd_check(struct cdrom_device_info *cdi) | ||
| 2641 | if (cd->cdi.mask & CDC_MULTI_SESSION) | ||
| 2642 | return 0; | ||
| 2643 | |||
| 2644 | - buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); | ||
| 2645 | + buffer = kmalloc(512, GFP_KERNEL); | ||
| 2646 | if (!buffer) | ||
| 2647 | return -ENOMEM; | ||
| 2648 | |||
| 2649 | diff --git a/drivers/scsi/ufs/tc-dwc-g210-pci.c b/drivers/scsi/ufs/tc-dwc-g210-pci.c | ||
| 2650 | index c09a0fef0fe60..a1785b0239667 100644 | ||
| 2651 | --- a/drivers/scsi/ufs/tc-dwc-g210-pci.c | ||
| 2652 | +++ b/drivers/scsi/ufs/tc-dwc-g210-pci.c | ||
| 2653 | @@ -140,7 +140,6 @@ tc_dwc_g210_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) | ||
| 2654 | return err; | ||
| 2655 | } | ||
| 2656 | |||
| 2657 | - pci_set_drvdata(pdev, hba); | ||
| 2658 | pm_runtime_put_noidle(&pdev->dev); | ||
| 2659 | pm_runtime_allow(&pdev->dev); | ||
| 2660 | |||
| 2661 | diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c | ||
| 2662 | index b47decc1fb5ba..e9b0cc4cbb4d2 100644 | ||
| 2663 | --- a/drivers/scsi/ufs/ufshcd-pltfrm.c | ||
| 2664 | +++ b/drivers/scsi/ufs/ufshcd-pltfrm.c | ||
| 2665 | @@ -350,8 +350,6 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, | ||
| 2666 | goto dealloc_host; | ||
| 2667 | } | ||
| 2668 | |||
| 2669 | - platform_set_drvdata(pdev, hba); | ||
| 2670 | - | ||
| 2671 | pm_runtime_set_active(&pdev->dev); | ||
| 2672 | pm_runtime_enable(&pdev->dev); | ||
| 2673 | |||
| 2674 | diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c | ||
| 2675 | index a767d942bfca5..cf7946c840165 100644 | ||
| 2676 | --- a/drivers/scsi/ufs/ufshcd.c | ||
| 2677 | +++ b/drivers/scsi/ufs/ufshcd.c | ||
| 2678 | @@ -6766,6 +6766,13 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq) | ||
| 2679 | struct Scsi_Host *host = hba->host; | ||
| 2680 | struct device *dev = hba->dev; | ||
| 2681 | |||
| 2682 | + /* | ||
| 2683 | + * dev_set_drvdata() must be called before any callbacks are registered | ||
| 2684 | + * that use dev_get_drvdata() (frequency scaling, clock scaling, hwmon, | ||
| 2685 | + * sysfs). | ||
| 2686 | + */ | ||
| 2687 | + dev_set_drvdata(dev, hba); | ||
| 2688 | + | ||
| 2689 | if (!mmio_base) { | ||
| 2690 | dev_err(hba->dev, | ||
| 2691 | "Invalid memory reference for mmio_base is NULL\n"); | ||
| 2692 | diff --git a/drivers/spi/spi-meson-spifc.c b/drivers/spi/spi-meson-spifc.c | ||
| 2693 | index 616566e793c62..28975b6f054fa 100644 | ||
| 2694 | --- a/drivers/spi/spi-meson-spifc.c | ||
| 2695 | +++ b/drivers/spi/spi-meson-spifc.c | ||
| 2696 | @@ -357,6 +357,7 @@ static int meson_spifc_probe(struct platform_device *pdev) | ||
| 2697 | return 0; | ||
| 2698 | out_clk: | ||
| 2699 | clk_disable_unprepare(spifc->clk); | ||
| 2700 | + pm_runtime_disable(spifc->dev); | ||
| 2701 | out_err: | ||
| 2702 | spi_master_put(master); | ||
| 2703 | return ret; | ||
| 2704 | diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c | ||
| 2705 | index 9d4e3b0d366f4..fbaf3c407989d 100644 | ||
| 2706 | --- a/drivers/staging/wlan-ng/hfa384x_usb.c | ||
| 2707 | +++ b/drivers/staging/wlan-ng/hfa384x_usb.c | ||
| 2708 | @@ -3848,18 +3848,18 @@ static void hfa384x_usb_throttlefn(unsigned long data) | ||
| 2709 | |||
| 2710 | spin_lock_irqsave(&hw->ctlxq.lock, flags); | ||
| 2711 | |||
| 2712 | - /* | ||
| 2713 | - * We need to check BOTH the RX and the TX throttle controls, | ||
| 2714 | - * so we use the bitwise OR instead of the logical OR. | ||
| 2715 | - */ | ||
| 2716 | pr_debug("flags=0x%lx\n", hw->usb_flags); | ||
| 2717 | - if (!hw->wlandev->hwremoved && | ||
| 2718 | - ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && | ||
| 2719 | - !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) | | ||
| 2720 | - (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && | ||
| 2721 | - !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags)) | ||
| 2722 | - )) { | ||
| 2723 | - schedule_work(&hw->usb_work); | ||
| 2724 | + if (!hw->wlandev->hwremoved) { | ||
| 2725 | + bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && | ||
| 2726 | + !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags); | ||
| 2727 | + bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && | ||
| 2728 | + !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags); | ||
| 2729 | + /* | ||
| 2730 | + * We need to check BOTH the RX and the TX throttle controls, | ||
| 2731 | + * so we use the bitwise OR instead of the logical OR. | ||
| 2732 | + */ | ||
| 2733 | + if (rx_throttle | tx_throttle) | ||
| 2734 | + schedule_work(&hw->usb_work); | ||
| 2735 | } | ||
| 2736 | |||
| 2737 | spin_unlock_irqrestore(&hw->ctlxq.lock, flags); | ||
| 2738 | diff --git a/drivers/tty/serial/amba-pl010.c b/drivers/tty/serial/amba-pl010.c | ||
| 2739 | index 5d41d5b92619a..7f4ba92739663 100644 | ||
| 2740 | --- a/drivers/tty/serial/amba-pl010.c | ||
| 2741 | +++ b/drivers/tty/serial/amba-pl010.c | ||
| 2742 | @@ -465,14 +465,11 @@ pl010_set_termios(struct uart_port *port, struct ktermios *termios, | ||
| 2743 | if ((termios->c_cflag & CREAD) == 0) | ||
| 2744 | uap->port.ignore_status_mask |= UART_DUMMY_RSR_RX; | ||
| 2745 | |||
| 2746 | - /* first, disable everything */ | ||
| 2747 | old_cr = readb(uap->port.membase + UART010_CR) & ~UART010_CR_MSIE; | ||
| 2748 | |||
| 2749 | if (UART_ENABLE_MS(port, termios->c_cflag)) | ||
| 2750 | old_cr |= UART010_CR_MSIE; | ||
| 2751 | |||
| 2752 | - writel(0, uap->port.membase + UART010_CR); | ||
| 2753 | - | ||
| 2754 | /* Set baud rate */ | ||
| 2755 | quot -= 1; | ||
| 2756 | writel((quot & 0xf00) >> 8, uap->port.membase + UART010_LCRM); | ||
| 2757 | diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c | ||
| 2758 | index e91bdd7d4c054..ad1d665e9962f 100644 | ||
| 2759 | --- a/drivers/tty/serial/amba-pl011.c | ||
| 2760 | +++ b/drivers/tty/serial/amba-pl011.c | ||
| 2761 | @@ -2090,32 +2090,13 @@ static const char *pl011_type(struct uart_port *port) | ||
| 2762 | return uap->port.type == PORT_AMBA ? uap->type : NULL; | ||
| 2763 | } | ||
| 2764 | |||
| 2765 | -/* | ||
| 2766 | - * Release the memory region(s) being used by 'port' | ||
| 2767 | - */ | ||
| 2768 | -static void pl011_release_port(struct uart_port *port) | ||
| 2769 | -{ | ||
| 2770 | - release_mem_region(port->mapbase, SZ_4K); | ||
| 2771 | -} | ||
| 2772 | - | ||
| 2773 | -/* | ||
| 2774 | - * Request the memory region(s) being used by 'port' | ||
| 2775 | - */ | ||
| 2776 | -static int pl011_request_port(struct uart_port *port) | ||
| 2777 | -{ | ||
| 2778 | - return request_mem_region(port->mapbase, SZ_4K, "uart-pl011") | ||
| 2779 | - != NULL ? 0 : -EBUSY; | ||
| 2780 | -} | ||
| 2781 | - | ||
| 2782 | /* | ||
| 2783 | * Configure/autoconfigure the port. | ||
| 2784 | */ | ||
| 2785 | static void pl011_config_port(struct uart_port *port, int flags) | ||
| 2786 | { | ||
| 2787 | - if (flags & UART_CONFIG_TYPE) { | ||
| 2788 | + if (flags & UART_CONFIG_TYPE) | ||
| 2789 | port->type = PORT_AMBA; | ||
| 2790 | - pl011_request_port(port); | ||
| 2791 | - } | ||
| 2792 | } | ||
| 2793 | |||
| 2794 | /* | ||
| 2795 | @@ -2130,6 +2111,8 @@ static int pl011_verify_port(struct uart_port *port, struct serial_struct *ser) | ||
| 2796 | ret = -EINVAL; | ||
| 2797 | if (ser->baud_base < 9600) | ||
| 2798 | ret = -EINVAL; | ||
| 2799 | + if (port->mapbase != (unsigned long) ser->iomem_base) | ||
| 2800 | + ret = -EINVAL; | ||
| 2801 | return ret; | ||
| 2802 | } | ||
| 2803 | |||
| 2804 | @@ -2147,8 +2130,6 @@ static struct uart_ops amba_pl011_pops = { | ||
| 2805 | .flush_buffer = pl011_dma_flush_buffer, | ||
| 2806 | .set_termios = pl011_set_termios, | ||
| 2807 | .type = pl011_type, | ||
| 2808 | - .release_port = pl011_release_port, | ||
| 2809 | - .request_port = pl011_request_port, | ||
| 2810 | .config_port = pl011_config_port, | ||
| 2811 | .verify_port = pl011_verify_port, | ||
| 2812 | #ifdef CONFIG_CONSOLE_POLL | ||
| 2813 | @@ -2178,8 +2159,6 @@ static const struct uart_ops sbsa_uart_pops = { | ||
| 2814 | .shutdown = sbsa_uart_shutdown, | ||
| 2815 | .set_termios = sbsa_uart_set_termios, | ||
| 2816 | .type = pl011_type, | ||
| 2817 | - .release_port = pl011_release_port, | ||
| 2818 | - .request_port = pl011_request_port, | ||
| 2819 | .config_port = pl011_config_port, | ||
| 2820 | .verify_port = pl011_verify_port, | ||
| 2821 | #ifdef CONFIG_CONSOLE_POLL | ||
| 2822 | diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c | ||
| 2823 | index 4a7eb85f7c857..5dd04a1145b40 100644 | ||
| 2824 | --- a/drivers/tty/serial/atmel_serial.c | ||
| 2825 | +++ b/drivers/tty/serial/atmel_serial.c | ||
| 2826 | @@ -928,6 +928,13 @@ static void atmel_tx_dma(struct uart_port *port) | ||
| 2827 | desc->callback = atmel_complete_tx_dma; | ||
| 2828 | desc->callback_param = atmel_port; | ||
| 2829 | atmel_port->cookie_tx = dmaengine_submit(desc); | ||
| 2830 | + if (dma_submit_error(atmel_port->cookie_tx)) { | ||
| 2831 | + dev_err(port->dev, "dma_submit_error %d\n", | ||
| 2832 | + atmel_port->cookie_tx); | ||
| 2833 | + return; | ||
| 2834 | + } | ||
| 2835 | + | ||
| 2836 | + dma_async_issue_pending(chan); | ||
| 2837 | } | ||
| 2838 | |||
| 2839 | if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS) | ||
| 2840 | @@ -1186,6 +1193,13 @@ static int atmel_prepare_rx_dma(struct uart_port *port) | ||
| 2841 | desc->callback_param = port; | ||
| 2842 | atmel_port->desc_rx = desc; | ||
| 2843 | atmel_port->cookie_rx = dmaengine_submit(desc); | ||
| 2844 | + if (dma_submit_error(atmel_port->cookie_rx)) { | ||
| 2845 | + dev_err(port->dev, "dma_submit_error %d\n", | ||
| 2846 | + atmel_port->cookie_rx); | ||
| 2847 | + goto chan_err; | ||
| 2848 | + } | ||
| 2849 | + | ||
| 2850 | + dma_async_issue_pending(atmel_port->chan_rx); | ||
| 2851 | |||
| 2852 | return 0; | ||
| 2853 | |||
| 2854 | diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c | ||
| 2855 | index e97961dc3622d..ec458add38833 100644 | ||
| 2856 | --- a/drivers/tty/serial/serial_core.c | ||
| 2857 | +++ b/drivers/tty/serial/serial_core.c | ||
| 2858 | @@ -2349,7 +2349,8 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, | ||
| 2859 | * We probably don't need a spinlock around this, but | ||
| 2860 | */ | ||
| 2861 | spin_lock_irqsave(&port->lock, flags); | ||
| 2862 | - port->ops->set_mctrl(port, port->mctrl & TIOCM_DTR); | ||
| 2863 | + port->mctrl &= TIOCM_DTR; | ||
| 2864 | + port->ops->set_mctrl(port, port->mctrl); | ||
| 2865 | spin_unlock_irqrestore(&port->lock, flags); | ||
| 2866 | |||
| 2867 | /* | ||
| 2868 | diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c | ||
| 2869 | index 1dd4c65e9188a..2246731d96b0e 100644 | ||
| 2870 | --- a/drivers/usb/core/hcd.c | ||
| 2871 | +++ b/drivers/usb/core/hcd.c | ||
| 2872 | @@ -760,6 +760,7 @@ void usb_hcd_poll_rh_status(struct usb_hcd *hcd) | ||
| 2873 | { | ||
| 2874 | struct urb *urb; | ||
| 2875 | int length; | ||
| 2876 | + int status; | ||
| 2877 | unsigned long flags; | ||
| 2878 | char buffer[6]; /* Any root hubs with > 31 ports? */ | ||
| 2879 | |||
| 2880 | @@ -777,11 +778,17 @@ void usb_hcd_poll_rh_status(struct usb_hcd *hcd) | ||
| 2881 | if (urb) { | ||
| 2882 | clear_bit(HCD_FLAG_POLL_PENDING, &hcd->flags); | ||
| 2883 | hcd->status_urb = NULL; | ||
| 2884 | + if (urb->transfer_buffer_length >= length) { | ||
| 2885 | + status = 0; | ||
| 2886 | + } else { | ||
| 2887 | + status = -EOVERFLOW; | ||
| 2888 | + length = urb->transfer_buffer_length; | ||
| 2889 | + } | ||
| 2890 | urb->actual_length = length; | ||
| 2891 | memcpy(urb->transfer_buffer, buffer, length); | ||
| 2892 | |||
| 2893 | usb_hcd_unlink_urb_from_ep(hcd, urb); | ||
| 2894 | - usb_hcd_giveback_urb(hcd, urb, 0); | ||
| 2895 | + usb_hcd_giveback_urb(hcd, urb, status); | ||
| 2896 | } else { | ||
| 2897 | length = 0; | ||
| 2898 | set_bit(HCD_FLAG_POLL_PENDING, &hcd->flags); | ||
| 2899 | diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c | ||
| 2900 | index 0abcf8bbb73fe..33bf5ba438397 100644 | ||
| 2901 | --- a/drivers/usb/core/hub.c | ||
| 2902 | +++ b/drivers/usb/core/hub.c | ||
| 2903 | @@ -1070,7 +1070,10 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) | ||
| 2904 | } else { | ||
| 2905 | hub_power_on(hub, true); | ||
| 2906 | } | ||
| 2907 | - } | ||
| 2908 | + /* Give some time on remote wakeup to let links to transit to U0 */ | ||
| 2909 | + } else if (hub_is_superspeed(hub->hdev)) | ||
| 2910 | + msleep(20); | ||
| 2911 | + | ||
| 2912 | init2: | ||
| 2913 | |||
| 2914 | /* | ||
| 2915 | @@ -1185,7 +1188,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) | ||
| 2916 | */ | ||
| 2917 | if (portchange || (hub_is_superspeed(hub->hdev) && | ||
| 2918 | port_resumed)) | ||
| 2919 | - set_bit(port1, hub->change_bits); | ||
| 2920 | + set_bit(port1, hub->event_bits); | ||
| 2921 | |||
| 2922 | } else if (udev->persist_enabled) { | ||
| 2923 | #ifdef CONFIG_PM | ||
| 2924 | diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c | ||
| 2925 | index 0336392686935..e4826454de1a7 100644 | ||
| 2926 | --- a/drivers/usb/gadget/function/f_fs.c | ||
| 2927 | +++ b/drivers/usb/gadget/function/f_fs.c | ||
| 2928 | @@ -608,7 +608,7 @@ static int ffs_ep0_open(struct inode *inode, struct file *file) | ||
| 2929 | file->private_data = ffs; | ||
| 2930 | ffs_data_opened(ffs); | ||
| 2931 | |||
| 2932 | - return 0; | ||
| 2933 | + return stream_open(inode, file); | ||
| 2934 | } | ||
| 2935 | |||
| 2936 | static int ffs_ep0_release(struct inode *inode, struct file *file) | ||
| 2937 | @@ -1071,7 +1071,7 @@ ffs_epfile_open(struct inode *inode, struct file *file) | ||
| 2938 | file->private_data = epfile; | ||
| 2939 | ffs_data_opened(epfile->ffs); | ||
| 2940 | |||
| 2941 | - return 0; | ||
| 2942 | + return stream_open(inode, file); | ||
| 2943 | } | ||
| 2944 | |||
| 2945 | static int ffs_aio_cancel(struct kiocb *kiocb) | ||
| 2946 | diff --git a/drivers/usb/misc/ftdi-elan.c b/drivers/usb/misc/ftdi-elan.c | ||
| 2947 | index 9a82f8308ad7f..0738078fe8b82 100644 | ||
| 2948 | --- a/drivers/usb/misc/ftdi-elan.c | ||
| 2949 | +++ b/drivers/usb/misc/ftdi-elan.c | ||
| 2950 | @@ -206,6 +206,7 @@ static void ftdi_elan_delete(struct kref *kref) | ||
| 2951 | mutex_unlock(&ftdi_module_lock); | ||
| 2952 | kfree(ftdi->bulk_in_buffer); | ||
| 2953 | ftdi->bulk_in_buffer = NULL; | ||
| 2954 | + kfree(ftdi); | ||
| 2955 | } | ||
| 2956 | |||
| 2957 | static void ftdi_elan_put_kref(struct usb_ftdi *ftdi) | ||
| 2958 | diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c | ||
| 2959 | index 5e348d38ec5c9..f4cf54c256fd8 100644 | ||
| 2960 | --- a/drivers/w1/slaves/w1_ds28e04.c | ||
| 2961 | +++ b/drivers/w1/slaves/w1_ds28e04.c | ||
| 2962 | @@ -39,7 +39,7 @@ static int w1_strong_pullup = 1; | ||
| 2963 | module_param_named(strong_pullup, w1_strong_pullup, int, 0); | ||
| 2964 | |||
| 2965 | /* enable/disable CRC checking on DS28E04-100 memory accesses */ | ||
| 2966 | -static char w1_enable_crccheck = 1; | ||
| 2967 | +static bool w1_enable_crccheck = true; | ||
| 2968 | |||
| 2969 | #define W1_EEPROM_SIZE 512 | ||
| 2970 | #define W1_PAGE_COUNT 16 | ||
| 2971 | @@ -346,32 +346,18 @@ static BIN_ATTR_RW(pio, 1); | ||
| 2972 | static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr, | ||
| 2973 | char *buf) | ||
| 2974 | { | ||
| 2975 | - if (put_user(w1_enable_crccheck + 0x30, buf)) | ||
| 2976 | - return -EFAULT; | ||
| 2977 | - | ||
| 2978 | - return sizeof(w1_enable_crccheck); | ||
| 2979 | + return sysfs_emit(buf, "%d\n", w1_enable_crccheck); | ||
| 2980 | } | ||
| 2981 | |||
| 2982 | static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr, | ||
| 2983 | const char *buf, size_t count) | ||
| 2984 | { | ||
| 2985 | - char val; | ||
| 2986 | - | ||
| 2987 | - if (count != 1 || !buf) | ||
| 2988 | - return -EINVAL; | ||
| 2989 | + int err = kstrtobool(buf, &w1_enable_crccheck); | ||
| 2990 | |||
| 2991 | - if (get_user(val, buf)) | ||
| 2992 | - return -EFAULT; | ||
| 2993 | + if (err) | ||
| 2994 | + return err; | ||
| 2995 | |||
| 2996 | - /* convert to decimal */ | ||
| 2997 | - val = val - 0x30; | ||
| 2998 | - if (val != 0 && val != 1) | ||
| 2999 | - return -EINVAL; | ||
| 3000 | - | ||
| 3001 | - /* set the new value */ | ||
| 3002 | - w1_enable_crccheck = val; | ||
| 3003 | - | ||
| 3004 | - return sizeof(w1_enable_crccheck); | ||
| 3005 | + return count; | ||
| 3006 | } | ||
| 3007 | |||
| 3008 | static DEVICE_ATTR_RW(crccheck); | ||
| 3009 | diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c | ||
| 3010 | index bb008ac507fe3..16169b35ab6e5 100644 | ||
| 3011 | --- a/fs/btrfs/backref.c | ||
| 3012 | +++ b/fs/btrfs/backref.c | ||
| 3013 | @@ -1271,7 +1271,12 @@ again: | ||
| 3014 | ret = btrfs_search_slot(trans, fs_info->extent_root, &key, path, 0, 0); | ||
| 3015 | if (ret < 0) | ||
| 3016 | goto out; | ||
| 3017 | - BUG_ON(ret == 0); | ||
| 3018 | + if (ret == 0) { | ||
| 3019 | + /* This shouldn't happen, indicates a bug or fs corruption. */ | ||
| 3020 | + ASSERT(ret != 0); | ||
| 3021 | + ret = -EUCLEAN; | ||
| 3022 | + goto out; | ||
| 3023 | + } | ||
| 3024 | |||
| 3025 | #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS | ||
| 3026 | if (trans && likely(trans->type != __TRANS_DUMMY) && | ||
| 3027 | @@ -1432,10 +1437,18 @@ again: | ||
| 3028 | goto out; | ||
| 3029 | if (!ret && extent_item_pos) { | ||
| 3030 | /* | ||
| 3031 | - * we've recorded that parent, so we must extend | ||
| 3032 | - * its inode list here | ||
| 3033 | + * We've recorded that parent, so we must extend | ||
| 3034 | + * its inode list here. | ||
| 3035 | + * | ||
| 3036 | + * However if there was corruption we may not | ||
| 3037 | + * have found an eie, return an error in this | ||
| 3038 | + * case. | ||
| 3039 | */ | ||
| 3040 | - BUG_ON(!eie); | ||
| 3041 | + ASSERT(eie); | ||
| 3042 | + if (!eie) { | ||
| 3043 | + ret = -EUCLEAN; | ||
| 3044 | + goto out; | ||
| 3045 | + } | ||
| 3046 | while (eie->next) | ||
| 3047 | eie = eie->next; | ||
| 3048 | eie->next = ref->inode_list; | ||
| 3049 | diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c | ||
| 3050 | index 3a7f401e943c1..ffab7dc881574 100644 | ||
| 3051 | --- a/fs/dlm/lock.c | ||
| 3052 | +++ b/fs/dlm/lock.c | ||
| 3053 | @@ -3975,6 +3975,14 @@ static int validate_message(struct dlm_lkb *lkb, struct dlm_message *ms) | ||
| 3054 | int from = ms->m_header.h_nodeid; | ||
| 3055 | int error = 0; | ||
| 3056 | |||
| 3057 | + /* currently mixing of user/kernel locks are not supported */ | ||
| 3058 | + if (ms->m_flags & DLM_IFL_USER && ~lkb->lkb_flags & DLM_IFL_USER) { | ||
| 3059 | + log_error(lkb->lkb_resource->res_ls, | ||
| 3060 | + "got user dlm message for a kernel lock"); | ||
| 3061 | + error = -EINVAL; | ||
| 3062 | + goto out; | ||
| 3063 | + } | ||
| 3064 | + | ||
| 3065 | switch (ms->m_type) { | ||
| 3066 | case DLM_MSG_CONVERT: | ||
| 3067 | case DLM_MSG_UNLOCK: | ||
| 3068 | @@ -4003,6 +4011,7 @@ static int validate_message(struct dlm_lkb *lkb, struct dlm_message *ms) | ||
| 3069 | error = -EINVAL; | ||
| 3070 | } | ||
| 3071 | |||
| 3072 | +out: | ||
| 3073 | if (error) | ||
| 3074 | log_error(lkb->lkb_resource->res_ls, | ||
| 3075 | "ignore invalid message %d from %d %x %x %x %d", | ||
| 3076 | diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c | ||
| 3077 | index 75fff707beb6a..e7384a6e6a083 100644 | ||
| 3078 | --- a/fs/ext4/ioctl.c | ||
| 3079 | +++ b/fs/ext4/ioctl.c | ||
| 3080 | @@ -760,8 +760,6 @@ resizefs_out: | ||
| 3081 | sizeof(range))) | ||
| 3082 | return -EFAULT; | ||
| 3083 | |||
| 3084 | - range.minlen = max((unsigned int)range.minlen, | ||
| 3085 | - q->limits.discard_granularity); | ||
| 3086 | ret = ext4_trim_fs(sb, &range); | ||
| 3087 | if (ret < 0) | ||
| 3088 | return ret; | ||
| 3089 | diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c | ||
| 3090 | index 807331da9dfc1..2a7fb2cf19b81 100644 | ||
| 3091 | --- a/fs/ext4/mballoc.c | ||
| 3092 | +++ b/fs/ext4/mballoc.c | ||
| 3093 | @@ -5224,6 +5224,7 @@ out: | ||
| 3094 | */ | ||
| 3095 | int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) | ||
| 3096 | { | ||
| 3097 | + struct request_queue *q = bdev_get_queue(sb->s_bdev); | ||
| 3098 | struct ext4_group_info *grp; | ||
| 3099 | ext4_group_t group, first_group, last_group; | ||
| 3100 | ext4_grpblk_t cnt = 0, first_cluster, last_cluster; | ||
| 3101 | @@ -5242,6 +5243,13 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) | ||
| 3102 | start >= max_blks || | ||
| 3103 | range->len < sb->s_blocksize) | ||
| 3104 | return -EINVAL; | ||
| 3105 | + /* No point to try to trim less than discard granularity */ | ||
| 3106 | + if (range->minlen < q->limits.discard_granularity) { | ||
| 3107 | + minlen = EXT4_NUM_B2C(EXT4_SB(sb), | ||
| 3108 | + q->limits.discard_granularity >> sb->s_blocksize_bits); | ||
| 3109 | + if (minlen > EXT4_CLUSTERS_PER_GROUP(sb)) | ||
| 3110 | + goto out; | ||
| 3111 | + } | ||
| 3112 | if (end >= max_blks) | ||
| 3113 | end = max_blks - 1; | ||
| 3114 | if (end <= first_data_blk) | ||
| 3115 | diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c | ||
| 3116 | index bce2d696d6b9c..6967ab3306e7d 100644 | ||
| 3117 | --- a/fs/ext4/migrate.c | ||
| 3118 | +++ b/fs/ext4/migrate.c | ||
| 3119 | @@ -462,12 +462,12 @@ int ext4_ext_migrate(struct inode *inode) | ||
| 3120 | percpu_down_write(&sbi->s_writepages_rwsem); | ||
| 3121 | |||
| 3122 | /* | ||
| 3123 | - * Worst case we can touch the allocation bitmaps, a bgd | ||
| 3124 | - * block, and a block to link in the orphan list. We do need | ||
| 3125 | - * need to worry about credits for modifying the quota inode. | ||
| 3126 | + * Worst case we can touch the allocation bitmaps and a block | ||
| 3127 | + * group descriptor block. We do need need to worry about | ||
| 3128 | + * credits for modifying the quota inode. | ||
| 3129 | */ | ||
| 3130 | handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, | ||
| 3131 | - 4 + EXT4_MAXQUOTAS_TRANS_BLOCKS(inode->i_sb)); | ||
| 3132 | + 3 + EXT4_MAXQUOTAS_TRANS_BLOCKS(inode->i_sb)); | ||
| 3133 | |||
| 3134 | if (IS_ERR(handle)) { | ||
| 3135 | retval = PTR_ERR(handle); | ||
| 3136 | @@ -484,6 +484,13 @@ int ext4_ext_migrate(struct inode *inode) | ||
| 3137 | ext4_journal_stop(handle); | ||
| 3138 | goto out_unlock; | ||
| 3139 | } | ||
| 3140 | + /* | ||
| 3141 | + * Use the correct seed for checksum (i.e. the seed from 'inode'). This | ||
| 3142 | + * is so that the metadata blocks will have the correct checksum after | ||
| 3143 | + * the migration. | ||
| 3144 | + */ | ||
| 3145 | + ei = EXT4_I(inode); | ||
| 3146 | + EXT4_I(tmp_inode)->i_csum_seed = ei->i_csum_seed; | ||
| 3147 | i_size_write(tmp_inode, i_size_read(inode)); | ||
| 3148 | /* | ||
| 3149 | * Set the i_nlink to zero so it will be deleted later | ||
| 3150 | @@ -492,7 +499,6 @@ int ext4_ext_migrate(struct inode *inode) | ||
| 3151 | clear_nlink(tmp_inode); | ||
| 3152 | |||
| 3153 | ext4_ext_tree_init(handle, tmp_inode); | ||
| 3154 | - ext4_orphan_add(handle, tmp_inode); | ||
| 3155 | ext4_journal_stop(handle); | ||
| 3156 | |||
| 3157 | /* | ||
| 3158 | @@ -517,17 +523,10 @@ int ext4_ext_migrate(struct inode *inode) | ||
| 3159 | |||
| 3160 | handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, 1); | ||
| 3161 | if (IS_ERR(handle)) { | ||
| 3162 | - /* | ||
| 3163 | - * It is impossible to update on-disk structures without | ||
| 3164 | - * a handle, so just rollback in-core changes and live other | ||
| 3165 | - * work to orphan_list_cleanup() | ||
| 3166 | - */ | ||
| 3167 | - ext4_orphan_del(NULL, tmp_inode); | ||
| 3168 | retval = PTR_ERR(handle); | ||
| 3169 | goto out_tmp_inode; | ||
| 3170 | } | ||
| 3171 | |||
| 3172 | - ei = EXT4_I(inode); | ||
| 3173 | i_data = ei->i_data; | ||
| 3174 | memset(&lb, 0, sizeof(lb)); | ||
| 3175 | |||
| 3176 | diff --git a/fs/ext4/super.c b/fs/ext4/super.c | ||
| 3177 | index ca89590d1df57..e17a6396bde6c 100644 | ||
| 3178 | --- a/fs/ext4/super.c | ||
| 3179 | +++ b/fs/ext4/super.c | ||
| 3180 | @@ -5602,7 +5602,7 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type, | ||
| 3181 | struct buffer_head *bh; | ||
| 3182 | handle_t *handle = journal_current_handle(); | ||
| 3183 | |||
| 3184 | - if (EXT4_SB(sb)->s_journal && !handle) { | ||
| 3185 | + if (!handle) { | ||
| 3186 | ext4_msg(sb, KERN_WARNING, "Quota write (off=%llu, len=%llu)" | ||
| 3187 | " cancelled because transaction is not started", | ||
| 3188 | (unsigned long long)off, (unsigned long long)len); | ||
| 3189 | diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c | ||
| 3190 | index ec85765502f1f..990529da5354d 100644 | ||
| 3191 | --- a/fs/fuse/acl.c | ||
| 3192 | +++ b/fs/fuse/acl.c | ||
| 3193 | @@ -19,6 +19,9 @@ struct posix_acl *fuse_get_acl(struct inode *inode, int type) | ||
| 3194 | void *value = NULL; | ||
| 3195 | struct posix_acl *acl; | ||
| 3196 | |||
| 3197 | + if (fuse_is_bad(inode)) | ||
| 3198 | + return ERR_PTR(-EIO); | ||
| 3199 | + | ||
| 3200 | if (!fc->posix_acl || fc->no_getxattr) | ||
| 3201 | return NULL; | ||
| 3202 | |||
| 3203 | @@ -53,6 +56,9 @@ int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type) | ||
| 3204 | const char *name; | ||
| 3205 | int ret; | ||
| 3206 | |||
| 3207 | + if (fuse_is_bad(inode)) | ||
| 3208 | + return -EIO; | ||
| 3209 | + | ||
| 3210 | if (!fc->posix_acl || fc->no_setxattr) | ||
| 3211 | return -EOPNOTSUPP; | ||
| 3212 | |||
| 3213 | diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c | ||
| 3214 | index b41cc537eb311..c40bdfab0a859 100644 | ||
| 3215 | --- a/fs/fuse/dir.c | ||
| 3216 | +++ b/fs/fuse/dir.c | ||
| 3217 | @@ -187,7 +187,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags) | ||
| 3218 | int ret; | ||
| 3219 | |||
| 3220 | inode = d_inode_rcu(entry); | ||
| 3221 | - if (inode && is_bad_inode(inode)) | ||
| 3222 | + if (inode && fuse_is_bad(inode)) | ||
| 3223 | goto invalid; | ||
| 3224 | else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || | ||
| 3225 | (flags & LOOKUP_REVAL)) { | ||
| 3226 | @@ -364,6 +364,9 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry, | ||
| 3227 | bool outarg_valid = true; | ||
| 3228 | bool locked; | ||
| 3229 | |||
| 3230 | + if (fuse_is_bad(dir)) | ||
| 3231 | + return ERR_PTR(-EIO); | ||
| 3232 | + | ||
| 3233 | locked = fuse_lock_inode(dir); | ||
| 3234 | err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name, | ||
| 3235 | &outarg, &inode); | ||
| 3236 | @@ -504,6 +507,9 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, | ||
| 3237 | struct fuse_conn *fc = get_fuse_conn(dir); | ||
| 3238 | struct dentry *res = NULL; | ||
| 3239 | |||
| 3240 | + if (fuse_is_bad(dir)) | ||
| 3241 | + return -EIO; | ||
| 3242 | + | ||
| 3243 | if (d_in_lookup(entry)) { | ||
| 3244 | res = fuse_lookup(dir, entry, 0); | ||
| 3245 | if (IS_ERR(res)) | ||
| 3246 | @@ -551,6 +557,9 @@ static int create_new_entry(struct fuse_conn *fc, struct fuse_args *args, | ||
| 3247 | int err; | ||
| 3248 | struct fuse_forget_link *forget; | ||
| 3249 | |||
| 3250 | + if (fuse_is_bad(dir)) | ||
| 3251 | + return -EIO; | ||
| 3252 | + | ||
| 3253 | forget = fuse_alloc_forget(); | ||
| 3254 | if (!forget) | ||
| 3255 | return -ENOMEM; | ||
| 3256 | @@ -672,6 +681,9 @@ static int fuse_unlink(struct inode *dir, struct dentry *entry) | ||
| 3257 | struct fuse_conn *fc = get_fuse_conn(dir); | ||
| 3258 | FUSE_ARGS(args); | ||
| 3259 | |||
| 3260 | + if (fuse_is_bad(dir)) | ||
| 3261 | + return -EIO; | ||
| 3262 | + | ||
| 3263 | args.in.h.opcode = FUSE_UNLINK; | ||
| 3264 | args.in.h.nodeid = get_node_id(dir); | ||
| 3265 | args.in.numargs = 1; | ||
| 3266 | @@ -708,6 +720,9 @@ static int fuse_rmdir(struct inode *dir, struct dentry *entry) | ||
| 3267 | struct fuse_conn *fc = get_fuse_conn(dir); | ||
| 3268 | FUSE_ARGS(args); | ||
| 3269 | |||
| 3270 | + if (fuse_is_bad(dir)) | ||
| 3271 | + return -EIO; | ||
| 3272 | + | ||
| 3273 | args.in.h.opcode = FUSE_RMDIR; | ||
| 3274 | args.in.h.nodeid = get_node_id(dir); | ||
| 3275 | args.in.numargs = 1; | ||
| 3276 | @@ -786,6 +801,9 @@ static int fuse_rename2(struct inode *olddir, struct dentry *oldent, | ||
| 3277 | struct fuse_conn *fc = get_fuse_conn(olddir); | ||
| 3278 | int err; | ||
| 3279 | |||
| 3280 | + if (fuse_is_bad(olddir)) | ||
| 3281 | + return -EIO; | ||
| 3282 | + | ||
| 3283 | if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE)) | ||
| 3284 | return -EINVAL; | ||
| 3285 | |||
| 3286 | @@ -921,7 +939,7 @@ static int fuse_do_getattr(struct inode *inode, struct kstat *stat, | ||
| 3287 | if (!err) { | ||
| 3288 | if (fuse_invalid_attr(&outarg.attr) || | ||
| 3289 | (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { | ||
| 3290 | - make_bad_inode(inode); | ||
| 3291 | + fuse_make_bad(inode); | ||
| 3292 | err = -EIO; | ||
| 3293 | } else { | ||
| 3294 | fuse_change_attributes(inode, &outarg.attr, | ||
| 3295 | @@ -1114,6 +1132,9 @@ static int fuse_permission(struct inode *inode, int mask) | ||
| 3296 | bool refreshed = false; | ||
| 3297 | int err = 0; | ||
| 3298 | |||
| 3299 | + if (fuse_is_bad(inode)) | ||
| 3300 | + return -EIO; | ||
| 3301 | + | ||
| 3302 | if (!fuse_allow_current_process(fc)) | ||
| 3303 | return -EACCES; | ||
| 3304 | |||
| 3305 | @@ -1251,7 +1272,7 @@ retry: | ||
| 3306 | dput(dentry); | ||
| 3307 | goto retry; | ||
| 3308 | } | ||
| 3309 | - if (is_bad_inode(inode)) { | ||
| 3310 | + if (fuse_is_bad(inode)) { | ||
| 3311 | dput(dentry); | ||
| 3312 | return -EIO; | ||
| 3313 | } | ||
| 3314 | @@ -1349,7 +1370,7 @@ static int fuse_readdir(struct file *file, struct dir_context *ctx) | ||
| 3315 | u64 attr_version = 0; | ||
| 3316 | bool locked; | ||
| 3317 | |||
| 3318 | - if (is_bad_inode(inode)) | ||
| 3319 | + if (fuse_is_bad(inode)) | ||
| 3320 | return -EIO; | ||
| 3321 | |||
| 3322 | req = fuse_get_req(fc, 1); | ||
| 3323 | @@ -1409,6 +1430,9 @@ static const char *fuse_get_link(struct dentry *dentry, | ||
| 3324 | if (!dentry) | ||
| 3325 | return ERR_PTR(-ECHILD); | ||
| 3326 | |||
| 3327 | + if (fuse_is_bad(inode)) | ||
| 3328 | + return ERR_PTR(-EIO); | ||
| 3329 | + | ||
| 3330 | link = kmalloc(PAGE_SIZE, GFP_KERNEL); | ||
| 3331 | if (!link) | ||
| 3332 | return ERR_PTR(-ENOMEM); | ||
| 3333 | @@ -1707,7 +1731,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, | ||
| 3334 | |||
| 3335 | if (fuse_invalid_attr(&outarg.attr) || | ||
| 3336 | (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { | ||
| 3337 | - make_bad_inode(inode); | ||
| 3338 | + fuse_make_bad(inode); | ||
| 3339 | err = -EIO; | ||
| 3340 | goto error; | ||
| 3341 | } | ||
| 3342 | @@ -1763,6 +1787,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) | ||
| 3343 | struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; | ||
| 3344 | int ret; | ||
| 3345 | |||
| 3346 | + if (fuse_is_bad(inode)) | ||
| 3347 | + return -EIO; | ||
| 3348 | + | ||
| 3349 | if (!fuse_allow_current_process(get_fuse_conn(inode))) | ||
| 3350 | return -EACCES; | ||
| 3351 | |||
| 3352 | @@ -1821,6 +1848,9 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, | ||
| 3353 | struct inode *inode = d_inode(entry); | ||
| 3354 | struct fuse_conn *fc = get_fuse_conn(inode); | ||
| 3355 | |||
| 3356 | + if (fuse_is_bad(inode)) | ||
| 3357 | + return -EIO; | ||
| 3358 | + | ||
| 3359 | if (!fuse_allow_current_process(fc)) | ||
| 3360 | return -EACCES; | ||
| 3361 | |||
| 3362 | diff --git a/fs/fuse/file.c b/fs/fuse/file.c | ||
| 3363 | index cea2317e01380..8aef8e56eb1b6 100644 | ||
| 3364 | --- a/fs/fuse/file.c | ||
| 3365 | +++ b/fs/fuse/file.c | ||
| 3366 | @@ -206,6 +206,9 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir) | ||
| 3367 | fc->atomic_o_trunc && | ||
| 3368 | fc->writeback_cache; | ||
| 3369 | |||
| 3370 | + if (fuse_is_bad(inode)) | ||
| 3371 | + return -EIO; | ||
| 3372 | + | ||
| 3373 | err = generic_file_open(inode, file); | ||
| 3374 | if (err) | ||
| 3375 | return err; | ||
| 3376 | @@ -411,7 +414,7 @@ static int fuse_flush(struct file *file, fl_owner_t id) | ||
| 3377 | struct fuse_flush_in inarg; | ||
| 3378 | int err; | ||
| 3379 | |||
| 3380 | - if (is_bad_inode(inode)) | ||
| 3381 | + if (fuse_is_bad(inode)) | ||
| 3382 | return -EIO; | ||
| 3383 | |||
| 3384 | if (fc->no_flush) | ||
| 3385 | @@ -459,7 +462,7 @@ int fuse_fsync_common(struct file *file, loff_t start, loff_t end, | ||
| 3386 | struct fuse_fsync_in inarg; | ||
| 3387 | int err; | ||
| 3388 | |||
| 3389 | - if (is_bad_inode(inode)) | ||
| 3390 | + if (fuse_is_bad(inode)) | ||
| 3391 | return -EIO; | ||
| 3392 | |||
| 3393 | inode_lock(inode); | ||
| 3394 | @@ -771,7 +774,7 @@ static int fuse_readpage(struct file *file, struct page *page) | ||
| 3395 | int err; | ||
| 3396 | |||
| 3397 | err = -EIO; | ||
| 3398 | - if (is_bad_inode(inode)) | ||
| 3399 | + if (fuse_is_bad(inode)) | ||
| 3400 | goto out; | ||
| 3401 | |||
| 3402 | err = fuse_do_readpage(file, page); | ||
| 3403 | @@ -898,7 +901,7 @@ static int fuse_readpages(struct file *file, struct address_space *mapping, | ||
| 3404 | int nr_alloc = min_t(unsigned, nr_pages, FUSE_MAX_PAGES_PER_REQ); | ||
| 3405 | |||
| 3406 | err = -EIO; | ||
| 3407 | - if (is_bad_inode(inode)) | ||
| 3408 | + if (fuse_is_bad(inode)) | ||
| 3409 | goto out; | ||
| 3410 | |||
| 3411 | data.file = file; | ||
| 3412 | @@ -928,6 +931,9 @@ static ssize_t fuse_file_read_iter(struct kiocb *iocb, struct iov_iter *to) | ||
| 3413 | struct inode *inode = iocb->ki_filp->f_mapping->host; | ||
| 3414 | struct fuse_conn *fc = get_fuse_conn(inode); | ||
| 3415 | |||
| 3416 | + if (fuse_is_bad(inode)) | ||
| 3417 | + return -EIO; | ||
| 3418 | + | ||
| 3419 | /* | ||
| 3420 | * In auto invalidate mode, always update attributes on read. | ||
| 3421 | * Otherwise, only update if we attempt to read past EOF (to ensure | ||
| 3422 | @@ -1123,7 +1129,7 @@ static ssize_t fuse_perform_write(struct file *file, | ||
| 3423 | int err = 0; | ||
| 3424 | ssize_t res = 0; | ||
| 3425 | |||
| 3426 | - if (is_bad_inode(inode)) | ||
| 3427 | + if (fuse_is_bad(inode)) | ||
| 3428 | return -EIO; | ||
| 3429 | |||
| 3430 | if (inode->i_size < pos + iov_iter_count(ii)) | ||
| 3431 | @@ -1180,6 +1186,9 @@ static ssize_t fuse_file_write_iter(struct kiocb *iocb, struct iov_iter *from) | ||
| 3432 | ssize_t err; | ||
| 3433 | loff_t endbyte = 0; | ||
| 3434 | |||
| 3435 | + if (fuse_is_bad(inode)) | ||
| 3436 | + return -EIO; | ||
| 3437 | + | ||
| 3438 | if (get_fuse_conn(inode)->writeback_cache) { | ||
| 3439 | /* Update size (EOF optimization) and mode (SUID clearing) */ | ||
| 3440 | err = fuse_update_attributes(mapping->host, NULL, file, NULL); | ||
| 3441 | @@ -1415,7 +1424,7 @@ static ssize_t __fuse_direct_read(struct fuse_io_priv *io, | ||
| 3442 | struct file *file = io->file; | ||
| 3443 | struct inode *inode = file_inode(file); | ||
| 3444 | |||
| 3445 | - if (is_bad_inode(inode)) | ||
| 3446 | + if (fuse_is_bad(inode)) | ||
| 3447 | return -EIO; | ||
| 3448 | |||
| 3449 | res = fuse_direct_io(io, iter, ppos, 0); | ||
| 3450 | @@ -1438,7 +1447,7 @@ static ssize_t fuse_direct_write_iter(struct kiocb *iocb, struct iov_iter *from) | ||
| 3451 | struct fuse_io_priv io = FUSE_IO_PRIV_SYNC(file); | ||
| 3452 | ssize_t res; | ||
| 3453 | |||
| 3454 | - if (is_bad_inode(inode)) | ||
| 3455 | + if (fuse_is_bad(inode)) | ||
| 3456 | return -EIO; | ||
| 3457 | |||
| 3458 | /* Don't allow parallel writes to the same file */ | ||
| 3459 | @@ -1911,7 +1920,7 @@ static int fuse_writepages(struct address_space *mapping, | ||
| 3460 | int err; | ||
| 3461 | |||
| 3462 | err = -EIO; | ||
| 3463 | - if (is_bad_inode(inode)) | ||
| 3464 | + if (fuse_is_bad(inode)) | ||
| 3465 | goto out; | ||
| 3466 | |||
| 3467 | data.inode = inode; | ||
| 3468 | @@ -2687,7 +2696,7 @@ long fuse_ioctl_common(struct file *file, unsigned int cmd, | ||
| 3469 | if (!fuse_allow_current_process(fc)) | ||
| 3470 | return -EACCES; | ||
| 3471 | |||
| 3472 | - if (is_bad_inode(inode)) | ||
| 3473 | + if (fuse_is_bad(inode)) | ||
| 3474 | return -EIO; | ||
| 3475 | |||
| 3476 | return fuse_do_ioctl(file, cmd, arg, flags); | ||
| 3477 | diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h | ||
| 3478 | index f84dd6d87d90f..7e4b0e298bc73 100644 | ||
| 3479 | --- a/fs/fuse/fuse_i.h | ||
| 3480 | +++ b/fs/fuse/fuse_i.h | ||
| 3481 | @@ -115,6 +115,8 @@ enum { | ||
| 3482 | FUSE_I_INIT_RDPLUS, | ||
| 3483 | /** An operation changing file size is in progress */ | ||
| 3484 | FUSE_I_SIZE_UNSTABLE, | ||
| 3485 | + /* Bad inode */ | ||
| 3486 | + FUSE_I_BAD, | ||
| 3487 | }; | ||
| 3488 | |||
| 3489 | struct fuse_conn; | ||
| 3490 | @@ -688,6 +690,17 @@ static inline u64 get_node_id(struct inode *inode) | ||
| 3491 | return get_fuse_inode(inode)->nodeid; | ||
| 3492 | } | ||
| 3493 | |||
| 3494 | +static inline void fuse_make_bad(struct inode *inode) | ||
| 3495 | +{ | ||
| 3496 | + remove_inode_hash(inode); | ||
| 3497 | + set_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state); | ||
| 3498 | +} | ||
| 3499 | + | ||
| 3500 | +static inline bool fuse_is_bad(struct inode *inode) | ||
| 3501 | +{ | ||
| 3502 | + return unlikely(test_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state)); | ||
| 3503 | +} | ||
| 3504 | + | ||
| 3505 | /** Device operations */ | ||
| 3506 | extern const struct file_operations fuse_dev_operations; | ||
| 3507 | |||
| 3508 | diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c | ||
| 3509 | index 7a9b1069d267b..77b8f0f264078 100644 | ||
| 3510 | --- a/fs/fuse/inode.c | ||
| 3511 | +++ b/fs/fuse/inode.c | ||
| 3512 | @@ -316,7 +316,7 @@ struct inode *fuse_iget(struct super_block *sb, u64 nodeid, | ||
| 3513 | unlock_new_inode(inode); | ||
| 3514 | } else if ((inode->i_mode ^ attr->mode) & S_IFMT) { | ||
| 3515 | /* Inode has changed type, any I/O on the old should fail */ | ||
| 3516 | - make_bad_inode(inode); | ||
| 3517 | + fuse_make_bad(inode); | ||
| 3518 | iput(inode); | ||
| 3519 | goto retry; | ||
| 3520 | } | ||
| 3521 | diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c | ||
| 3522 | index 3caac46b08b0e..134bbc432ae60 100644 | ||
| 3523 | --- a/fs/fuse/xattr.c | ||
| 3524 | +++ b/fs/fuse/xattr.c | ||
| 3525 | @@ -113,6 +113,9 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) | ||
| 3526 | struct fuse_getxattr_out outarg; | ||
| 3527 | ssize_t ret; | ||
| 3528 | |||
| 3529 | + if (fuse_is_bad(inode)) | ||
| 3530 | + return -EIO; | ||
| 3531 | + | ||
| 3532 | if (!fuse_allow_current_process(fc)) | ||
| 3533 | return -EACCES; | ||
| 3534 | |||
| 3535 | @@ -178,6 +181,9 @@ static int fuse_xattr_get(const struct xattr_handler *handler, | ||
| 3536 | struct dentry *dentry, struct inode *inode, | ||
| 3537 | const char *name, void *value, size_t size) | ||
| 3538 | { | ||
| 3539 | + if (fuse_is_bad(inode)) | ||
| 3540 | + return -EIO; | ||
| 3541 | + | ||
| 3542 | return fuse_getxattr(inode, name, value, size); | ||
| 3543 | } | ||
| 3544 | |||
| 3545 | @@ -186,6 +192,9 @@ static int fuse_xattr_set(const struct xattr_handler *handler, | ||
| 3546 | const char *name, const void *value, size_t size, | ||
| 3547 | int flags) | ||
| 3548 | { | ||
| 3549 | + if (fuse_is_bad(inode)) | ||
| 3550 | + return -EIO; | ||
| 3551 | + | ||
| 3552 | if (!value) | ||
| 3553 | return fuse_removexattr(inode, name); | ||
| 3554 | |||
| 3555 | diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c | ||
| 3556 | index c12476e309c67..eb4e4d784d26e 100644 | ||
| 3557 | --- a/fs/jffs2/file.c | ||
| 3558 | +++ b/fs/jffs2/file.c | ||
| 3559 | @@ -135,20 +135,15 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, | ||
| 3560 | struct page *pg; | ||
| 3561 | struct inode *inode = mapping->host; | ||
| 3562 | struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); | ||
| 3563 | + struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); | ||
| 3564 | pgoff_t index = pos >> PAGE_SHIFT; | ||
| 3565 | uint32_t pageofs = index << PAGE_SHIFT; | ||
| 3566 | int ret = 0; | ||
| 3567 | |||
| 3568 | - pg = grab_cache_page_write_begin(mapping, index, flags); | ||
| 3569 | - if (!pg) | ||
| 3570 | - return -ENOMEM; | ||
| 3571 | - *pagep = pg; | ||
| 3572 | - | ||
| 3573 | jffs2_dbg(1, "%s()\n", __func__); | ||
| 3574 | |||
| 3575 | if (pageofs > inode->i_size) { | ||
| 3576 | /* Make new hole frag from old EOF to new page */ | ||
| 3577 | - struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); | ||
| 3578 | struct jffs2_raw_inode ri; | ||
| 3579 | struct jffs2_full_dnode *fn; | ||
| 3580 | uint32_t alloc_len; | ||
| 3581 | @@ -159,7 +154,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, | ||
| 3582 | ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len, | ||
| 3583 | ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); | ||
| 3584 | if (ret) | ||
| 3585 | - goto out_page; | ||
| 3586 | + goto out_err; | ||
| 3587 | |||
| 3588 | mutex_lock(&f->sem); | ||
| 3589 | memset(&ri, 0, sizeof(ri)); | ||
| 3590 | @@ -189,7 +184,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, | ||
| 3591 | ret = PTR_ERR(fn); | ||
| 3592 | jffs2_complete_reservation(c); | ||
| 3593 | mutex_unlock(&f->sem); | ||
| 3594 | - goto out_page; | ||
| 3595 | + goto out_err; | ||
| 3596 | } | ||
| 3597 | ret = jffs2_add_full_dnode_to_inode(c, f, fn); | ||
| 3598 | if (f->metadata) { | ||
| 3599 | @@ -204,13 +199,26 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, | ||
| 3600 | jffs2_free_full_dnode(fn); | ||
| 3601 | jffs2_complete_reservation(c); | ||
| 3602 | mutex_unlock(&f->sem); | ||
| 3603 | - goto out_page; | ||
| 3604 | + goto out_err; | ||
| 3605 | } | ||
| 3606 | jffs2_complete_reservation(c); | ||
| 3607 | inode->i_size = pageofs; | ||
| 3608 | mutex_unlock(&f->sem); | ||
| 3609 | } | ||
| 3610 | |||
| 3611 | + /* | ||
| 3612 | + * While getting a page and reading data in, lock c->alloc_sem until | ||
| 3613 | + * the page is Uptodate. Otherwise GC task may attempt to read the same | ||
| 3614 | + * page in read_cache_page(), which causes a deadlock. | ||
| 3615 | + */ | ||
| 3616 | + mutex_lock(&c->alloc_sem); | ||
| 3617 | + pg = grab_cache_page_write_begin(mapping, index, flags); | ||
| 3618 | + if (!pg) { | ||
| 3619 | + ret = -ENOMEM; | ||
| 3620 | + goto release_sem; | ||
| 3621 | + } | ||
| 3622 | + *pagep = pg; | ||
| 3623 | + | ||
| 3624 | /* | ||
| 3625 | * Read in the page if it wasn't already present. Cannot optimize away | ||
| 3626 | * the whole page write case until jffs2_write_end can handle the | ||
| 3627 | @@ -220,15 +228,17 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, | ||
| 3628 | mutex_lock(&f->sem); | ||
| 3629 | ret = jffs2_do_readpage_nolock(inode, pg); | ||
| 3630 | mutex_unlock(&f->sem); | ||
| 3631 | - if (ret) | ||
| 3632 | - goto out_page; | ||
| 3633 | + if (ret) { | ||
| 3634 | + unlock_page(pg); | ||
| 3635 | + put_page(pg); | ||
| 3636 | + goto release_sem; | ||
| 3637 | + } | ||
| 3638 | } | ||
| 3639 | jffs2_dbg(1, "end write_begin(). pg->flags %lx\n", pg->flags); | ||
| 3640 | - return ret; | ||
| 3641 | |||
| 3642 | -out_page: | ||
| 3643 | - unlock_page(pg); | ||
| 3644 | - put_page(pg); | ||
| 3645 | +release_sem: | ||
| 3646 | + mutex_unlock(&c->alloc_sem); | ||
| 3647 | +out_err: | ||
| 3648 | return ret; | ||
| 3649 | } | ||
| 3650 | |||
| 3651 | diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c | ||
| 3652 | index 727a9e3fa806f..ce58e857ae3bc 100644 | ||
| 3653 | --- a/fs/ubifs/super.c | ||
| 3654 | +++ b/fs/ubifs/super.c | ||
| 3655 | @@ -1695,7 +1695,6 @@ out: | ||
| 3656 | kthread_stop(c->bgt); | ||
| 3657 | c->bgt = NULL; | ||
| 3658 | } | ||
| 3659 | - free_wbufs(c); | ||
| 3660 | kfree(c->write_reserve_buf); | ||
| 3661 | c->write_reserve_buf = NULL; | ||
| 3662 | vfree(c->ileb_buf); | ||
| 3663 | diff --git a/include/linux/mm.h b/include/linux/mm.h | ||
| 3664 | index 7a4c035b187f3..81ee5d0b26424 100644 | ||
| 3665 | --- a/include/linux/mm.h | ||
| 3666 | +++ b/include/linux/mm.h | ||
| 3667 | @@ -1269,6 +1269,8 @@ int copy_page_range(struct mm_struct *dst, struct mm_struct *src, | ||
| 3668 | struct vm_area_struct *vma); | ||
| 3669 | void unmap_mapping_range(struct address_space *mapping, | ||
| 3670 | loff_t const holebegin, loff_t const holelen, int even_cows); | ||
| 3671 | +int follow_pte_pmd(struct mm_struct *mm, unsigned long address, | ||
| 3672 | + pte_t **ptepp, pmd_t **pmdpp, spinlock_t **ptlp); | ||
| 3673 | int follow_pfn(struct vm_area_struct *vma, unsigned long address, | ||
| 3674 | unsigned long *pfn); | ||
| 3675 | int follow_phys(struct vm_area_struct *vma, unsigned long address, | ||
| 3676 | diff --git a/include/linux/rbtree.h b/include/linux/rbtree.h | ||
| 3677 | index e585018498d59..d574361943ea8 100644 | ||
| 3678 | --- a/include/linux/rbtree.h | ||
| 3679 | +++ b/include/linux/rbtree.h | ||
| 3680 | @@ -44,10 +44,25 @@ struct rb_root { | ||
| 3681 | struct rb_node *rb_node; | ||
| 3682 | }; | ||
| 3683 | |||
| 3684 | +/* | ||
| 3685 | + * Leftmost-cached rbtrees. | ||
| 3686 | + * | ||
| 3687 | + * We do not cache the rightmost node based on footprint | ||
| 3688 | + * size vs number of potential users that could benefit | ||
| 3689 | + * from O(1) rb_last(). Just not worth it, users that want | ||
| 3690 | + * this feature can always implement the logic explicitly. | ||
| 3691 | + * Furthermore, users that want to cache both pointers may | ||
| 3692 | + * find it a bit asymmetric, but that's ok. | ||
| 3693 | + */ | ||
| 3694 | +struct rb_root_cached { | ||
| 3695 | + struct rb_root rb_root; | ||
| 3696 | + struct rb_node *rb_leftmost; | ||
| 3697 | +}; | ||
| 3698 | |||
| 3699 | #define rb_parent(r) ((struct rb_node *)((r)->__rb_parent_color & ~3)) | ||
| 3700 | |||
| 3701 | #define RB_ROOT (struct rb_root) { NULL, } | ||
| 3702 | +#define RB_ROOT_CACHED (struct rb_root_cached) { {NULL, }, NULL } | ||
| 3703 | #define rb_entry(ptr, type, member) container_of(ptr, type, member) | ||
| 3704 | |||
| 3705 | #define RB_EMPTY_ROOT(root) (READ_ONCE((root)->rb_node) == NULL) | ||
| 3706 | @@ -69,6 +84,12 @@ extern struct rb_node *rb_prev(const struct rb_node *); | ||
| 3707 | extern struct rb_node *rb_first(const struct rb_root *); | ||
| 3708 | extern struct rb_node *rb_last(const struct rb_root *); | ||
| 3709 | |||
| 3710 | +extern void rb_insert_color_cached(struct rb_node *, | ||
| 3711 | + struct rb_root_cached *, bool); | ||
| 3712 | +extern void rb_erase_cached(struct rb_node *node, struct rb_root_cached *); | ||
| 3713 | +/* Same as rb_first(), but O(1) */ | ||
| 3714 | +#define rb_first_cached(root) (root)->rb_leftmost | ||
| 3715 | + | ||
| 3716 | /* Postorder iteration - always visit the parent after its children */ | ||
| 3717 | extern struct rb_node *rb_first_postorder(const struct rb_root *); | ||
| 3718 | extern struct rb_node *rb_next_postorder(const struct rb_node *); | ||
| 3719 | diff --git a/include/linux/rbtree_augmented.h b/include/linux/rbtree_augmented.h | ||
| 3720 | index d076183e49bec..023d64657e956 100644 | ||
| 3721 | --- a/include/linux/rbtree_augmented.h | ||
| 3722 | +++ b/include/linux/rbtree_augmented.h | ||
| 3723 | @@ -41,7 +41,9 @@ struct rb_augment_callbacks { | ||
| 3724 | void (*rotate)(struct rb_node *old, struct rb_node *new); | ||
| 3725 | }; | ||
| 3726 | |||
| 3727 | -extern void __rb_insert_augmented(struct rb_node *node, struct rb_root *root, | ||
| 3728 | +extern void __rb_insert_augmented(struct rb_node *node, | ||
| 3729 | + struct rb_root *root, | ||
| 3730 | + bool newleft, struct rb_node **leftmost, | ||
| 3731 | void (*augment_rotate)(struct rb_node *old, struct rb_node *new)); | ||
| 3732 | /* | ||
| 3733 | * Fixup the rbtree and update the augmented information when rebalancing. | ||
| 3734 | @@ -57,7 +59,16 @@ static inline void | ||
| 3735 | rb_insert_augmented(struct rb_node *node, struct rb_root *root, | ||
| 3736 | const struct rb_augment_callbacks *augment) | ||
| 3737 | { | ||
| 3738 | - __rb_insert_augmented(node, root, augment->rotate); | ||
| 3739 | + __rb_insert_augmented(node, root, false, NULL, augment->rotate); | ||
| 3740 | +} | ||
| 3741 | + | ||
| 3742 | +static inline void | ||
| 3743 | +rb_insert_augmented_cached(struct rb_node *node, | ||
| 3744 | + struct rb_root_cached *root, bool newleft, | ||
| 3745 | + const struct rb_augment_callbacks *augment) | ||
| 3746 | +{ | ||
| 3747 | + __rb_insert_augmented(node, &root->rb_root, | ||
| 3748 | + newleft, &root->rb_leftmost, augment->rotate); | ||
| 3749 | } | ||
| 3750 | |||
| 3751 | #define RB_DECLARE_CALLBACKS(rbstatic, rbname, rbstruct, rbfield, \ | ||
| 3752 | @@ -148,6 +159,7 @@ extern void __rb_erase_color(struct rb_node *parent, struct rb_root *root, | ||
| 3753 | |||
| 3754 | static __always_inline struct rb_node * | ||
| 3755 | __rb_erase_augmented(struct rb_node *node, struct rb_root *root, | ||
| 3756 | + struct rb_node **leftmost, | ||
| 3757 | const struct rb_augment_callbacks *augment) | ||
| 3758 | { | ||
| 3759 | struct rb_node *child = node->rb_right; | ||
| 3760 | @@ -155,6 +167,9 @@ __rb_erase_augmented(struct rb_node *node, struct rb_root *root, | ||
| 3761 | struct rb_node *parent, *rebalance; | ||
| 3762 | unsigned long pc; | ||
| 3763 | |||
| 3764 | + if (leftmost && node == *leftmost) | ||
| 3765 | + *leftmost = rb_next(node); | ||
| 3766 | + | ||
| 3767 | if (!tmp) { | ||
| 3768 | /* | ||
| 3769 | * Case 1: node to erase has no more than 1 child (easy!) | ||
| 3770 | @@ -254,9 +269,21 @@ static __always_inline void | ||
| 3771 | rb_erase_augmented(struct rb_node *node, struct rb_root *root, | ||
| 3772 | const struct rb_augment_callbacks *augment) | ||
| 3773 | { | ||
| 3774 | - struct rb_node *rebalance = __rb_erase_augmented(node, root, augment); | ||
| 3775 | + struct rb_node *rebalance = __rb_erase_augmented(node, root, | ||
| 3776 | + NULL, augment); | ||
| 3777 | if (rebalance) | ||
| 3778 | __rb_erase_color(rebalance, root, augment->rotate); | ||
| 3779 | } | ||
| 3780 | |||
| 3781 | +static __always_inline void | ||
| 3782 | +rb_erase_augmented_cached(struct rb_node *node, struct rb_root_cached *root, | ||
| 3783 | + const struct rb_augment_callbacks *augment) | ||
| 3784 | +{ | ||
| 3785 | + struct rb_node *rebalance = __rb_erase_augmented(node, &root->rb_root, | ||
| 3786 | + &root->rb_leftmost, | ||
| 3787 | + augment); | ||
| 3788 | + if (rebalance) | ||
| 3789 | + __rb_erase_color(rebalance, &root->rb_root, augment->rotate); | ||
| 3790 | +} | ||
| 3791 | + | ||
| 3792 | #endif /* _LINUX_RBTREE_AUGMENTED_H */ | ||
| 3793 | diff --git a/include/linux/timerqueue.h b/include/linux/timerqueue.h | ||
| 3794 | index 7eec17ad7fa19..42868a9b43657 100644 | ||
| 3795 | --- a/include/linux/timerqueue.h | ||
| 3796 | +++ b/include/linux/timerqueue.h | ||
| 3797 | @@ -11,8 +11,7 @@ struct timerqueue_node { | ||
| 3798 | }; | ||
| 3799 | |||
| 3800 | struct timerqueue_head { | ||
| 3801 | - struct rb_root head; | ||
| 3802 | - struct timerqueue_node *next; | ||
| 3803 | + struct rb_root_cached rb_root; | ||
| 3804 | }; | ||
| 3805 | |||
| 3806 | |||
| 3807 | @@ -28,13 +27,14 @@ extern struct timerqueue_node *timerqueue_iterate_next( | ||
| 3808 | * | ||
| 3809 | * @head: head of timerqueue | ||
| 3810 | * | ||
| 3811 | - * Returns a pointer to the timer node that has the | ||
| 3812 | - * earliest expiration time. | ||
| 3813 | + * Returns a pointer to the timer node that has the earliest expiration time. | ||
| 3814 | */ | ||
| 3815 | static inline | ||
| 3816 | struct timerqueue_node *timerqueue_getnext(struct timerqueue_head *head) | ||
| 3817 | { | ||
| 3818 | - return head->next; | ||
| 3819 | + struct rb_node *leftmost = rb_first_cached(&head->rb_root); | ||
| 3820 | + | ||
| 3821 | + return rb_entry(leftmost, struct timerqueue_node, node); | ||
| 3822 | } | ||
| 3823 | |||
| 3824 | static inline void timerqueue_init(struct timerqueue_node *node) | ||
| 3825 | @@ -44,7 +44,6 @@ static inline void timerqueue_init(struct timerqueue_node *node) | ||
| 3826 | |||
| 3827 | static inline void timerqueue_init_head(struct timerqueue_head *head) | ||
| 3828 | { | ||
| 3829 | - head->head = RB_ROOT; | ||
| 3830 | - head->next = NULL; | ||
| 3831 | + head->rb_root = RB_ROOT_CACHED; | ||
| 3832 | } | ||
| 3833 | #endif /* _LINUX_TIMERQUEUE_H */ | ||
| 3834 | diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h | ||
| 3835 | index 5d5a137b9067f..7ec889291dc48 100644 | ||
| 3836 | --- a/include/net/sch_generic.h | ||
| 3837 | +++ b/include/net/sch_generic.h | ||
| 3838 | @@ -837,6 +837,7 @@ struct psched_ratecfg { | ||
| 3839 | u64 rate_bytes_ps; /* bytes per second */ | ||
| 3840 | u32 mult; | ||
| 3841 | u16 overhead; | ||
| 3842 | + u16 mpu; | ||
| 3843 | u8 linklayer; | ||
| 3844 | u8 shift; | ||
| 3845 | }; | ||
| 3846 | @@ -846,6 +847,9 @@ static inline u64 psched_l2t_ns(const struct psched_ratecfg *r, | ||
| 3847 | { | ||
| 3848 | len += r->overhead; | ||
| 3849 | |||
| 3850 | + if (len < r->mpu) | ||
| 3851 | + len = r->mpu; | ||
| 3852 | + | ||
| 3853 | if (unlikely(r->linklayer == TC_LINKLAYER_ATM)) | ||
| 3854 | return ((u64)(DIV_ROUND_UP(len,48)*53) * r->mult) >> r->shift; | ||
| 3855 | |||
| 3856 | @@ -868,6 +872,7 @@ static inline void psched_ratecfg_getrate(struct tc_ratespec *res, | ||
| 3857 | res->rate = min_t(u64, r->rate_bytes_ps, ~0U); | ||
| 3858 | |||
| 3859 | res->overhead = r->overhead; | ||
| 3860 | + res->mpu = r->mpu; | ||
| 3861 | res->linklayer = (r->linklayer & TC_LINKLAYER_MASK); | ||
| 3862 | } | ||
| 3863 | |||
| 3864 | diff --git a/lib/rbtree.c b/lib/rbtree.c | ||
| 3865 | index eb8a19fee1100..53746be42903b 100644 | ||
| 3866 | --- a/lib/rbtree.c | ||
| 3867 | +++ b/lib/rbtree.c | ||
| 3868 | @@ -95,10 +95,14 @@ __rb_rotate_set_parents(struct rb_node *old, struct rb_node *new, | ||
| 3869 | |||
| 3870 | static __always_inline void | ||
| 3871 | __rb_insert(struct rb_node *node, struct rb_root *root, | ||
| 3872 | + bool newleft, struct rb_node **leftmost, | ||
| 3873 | void (*augment_rotate)(struct rb_node *old, struct rb_node *new)) | ||
| 3874 | { | ||
| 3875 | struct rb_node *parent = rb_red_parent(node), *gparent, *tmp; | ||
| 3876 | |||
| 3877 | + if (newleft) | ||
| 3878 | + *leftmost = node; | ||
| 3879 | + | ||
| 3880 | while (true) { | ||
| 3881 | /* | ||
| 3882 | * Loop invariant: node is red | ||
| 3883 | @@ -417,19 +421,38 @@ static const struct rb_augment_callbacks dummy_callbacks = { | ||
| 3884 | |||
| 3885 | void rb_insert_color(struct rb_node *node, struct rb_root *root) | ||
| 3886 | { | ||
| 3887 | - __rb_insert(node, root, dummy_rotate); | ||
| 3888 | + __rb_insert(node, root, false, NULL, dummy_rotate); | ||
| 3889 | } | ||
| 3890 | EXPORT_SYMBOL(rb_insert_color); | ||
| 3891 | |||
| 3892 | void rb_erase(struct rb_node *node, struct rb_root *root) | ||
| 3893 | { | ||
| 3894 | struct rb_node *rebalance; | ||
| 3895 | - rebalance = __rb_erase_augmented(node, root, &dummy_callbacks); | ||
| 3896 | + rebalance = __rb_erase_augmented(node, root, | ||
| 3897 | + NULL, &dummy_callbacks); | ||
| 3898 | if (rebalance) | ||
| 3899 | ____rb_erase_color(rebalance, root, dummy_rotate); | ||
| 3900 | } | ||
| 3901 | EXPORT_SYMBOL(rb_erase); | ||
| 3902 | |||
| 3903 | +void rb_insert_color_cached(struct rb_node *node, | ||
| 3904 | + struct rb_root_cached *root, bool leftmost) | ||
| 3905 | +{ | ||
| 3906 | + __rb_insert(node, &root->rb_root, leftmost, | ||
| 3907 | + &root->rb_leftmost, dummy_rotate); | ||
| 3908 | +} | ||
| 3909 | +EXPORT_SYMBOL(rb_insert_color_cached); | ||
| 3910 | + | ||
| 3911 | +void rb_erase_cached(struct rb_node *node, struct rb_root_cached *root) | ||
| 3912 | +{ | ||
| 3913 | + struct rb_node *rebalance; | ||
| 3914 | + rebalance = __rb_erase_augmented(node, &root->rb_root, | ||
| 3915 | + &root->rb_leftmost, &dummy_callbacks); | ||
| 3916 | + if (rebalance) | ||
| 3917 | + ____rb_erase_color(rebalance, &root->rb_root, dummy_rotate); | ||
| 3918 | +} | ||
| 3919 | +EXPORT_SYMBOL(rb_erase_cached); | ||
| 3920 | + | ||
| 3921 | /* | ||
| 3922 | * Augmented rbtree manipulation functions. | ||
| 3923 | * | ||
| 3924 | @@ -438,9 +461,10 @@ EXPORT_SYMBOL(rb_erase); | ||
| 3925 | */ | ||
| 3926 | |||
| 3927 | void __rb_insert_augmented(struct rb_node *node, struct rb_root *root, | ||
| 3928 | + bool newleft, struct rb_node **leftmost, | ||
| 3929 | void (*augment_rotate)(struct rb_node *old, struct rb_node *new)) | ||
| 3930 | { | ||
| 3931 | - __rb_insert(node, root, augment_rotate); | ||
| 3932 | + __rb_insert(node, root, newleft, leftmost, augment_rotate); | ||
| 3933 | } | ||
| 3934 | EXPORT_SYMBOL(__rb_insert_augmented); | ||
| 3935 | |||
| 3936 | @@ -485,7 +509,7 @@ struct rb_node *rb_next(const struct rb_node *node) | ||
| 3937 | * as we can. | ||
| 3938 | */ | ||
| 3939 | if (node->rb_right) { | ||
| 3940 | - node = node->rb_right; | ||
| 3941 | + node = node->rb_right; | ||
| 3942 | while (node->rb_left) | ||
| 3943 | node=node->rb_left; | ||
| 3944 | return (struct rb_node *)node; | ||
| 3945 | @@ -517,7 +541,7 @@ struct rb_node *rb_prev(const struct rb_node *node) | ||
| 3946 | * as we can. | ||
| 3947 | */ | ||
| 3948 | if (node->rb_left) { | ||
| 3949 | - node = node->rb_left; | ||
| 3950 | + node = node->rb_left; | ||
| 3951 | while (node->rb_right) | ||
| 3952 | node=node->rb_right; | ||
| 3953 | return (struct rb_node *)node; | ||
| 3954 | diff --git a/lib/timerqueue.c b/lib/timerqueue.c | ||
| 3955 | index 782ae8ca2c06f..4f99b5c3ac0ec 100644 | ||
| 3956 | --- a/lib/timerqueue.c | ||
| 3957 | +++ b/lib/timerqueue.c | ||
| 3958 | @@ -38,9 +38,10 @@ | ||
| 3959 | */ | ||
| 3960 | bool timerqueue_add(struct timerqueue_head *head, struct timerqueue_node *node) | ||
| 3961 | { | ||
| 3962 | - struct rb_node **p = &head->head.rb_node; | ||
| 3963 | + struct rb_node **p = &head->rb_root.rb_root.rb_node; | ||
| 3964 | struct rb_node *parent = NULL; | ||
| 3965 | - struct timerqueue_node *ptr; | ||
| 3966 | + struct timerqueue_node *ptr; | ||
| 3967 | + bool leftmost = true; | ||
| 3968 | |||
| 3969 | /* Make sure we don't add nodes that are already added */ | ||
| 3970 | WARN_ON_ONCE(!RB_EMPTY_NODE(&node->node)); | ||
| 3971 | @@ -48,19 +49,17 @@ bool timerqueue_add(struct timerqueue_head *head, struct timerqueue_node *node) | ||
| 3972 | while (*p) { | ||
| 3973 | parent = *p; | ||
| 3974 | ptr = rb_entry(parent, struct timerqueue_node, node); | ||
| 3975 | - if (node->expires.tv64 < ptr->expires.tv64) | ||
| 3976 | + if (node->expires.tv64 < ptr->expires.tv64) { | ||
| 3977 | p = &(*p)->rb_left; | ||
| 3978 | - else | ||
| 3979 | + } else { | ||
| 3980 | p = &(*p)->rb_right; | ||
| 3981 | + leftmost = false; | ||
| 3982 | + } | ||
| 3983 | } | ||
| 3984 | rb_link_node(&node->node, parent, p); | ||
| 3985 | - rb_insert_color(&node->node, &head->head); | ||
| 3986 | + rb_insert_color_cached(&node->node, &head->rb_root, leftmost); | ||
| 3987 | |||
| 3988 | - if (!head->next || node->expires.tv64 < head->next->expires.tv64) { | ||
| 3989 | - head->next = node; | ||
| 3990 | - return true; | ||
| 3991 | - } | ||
| 3992 | - return false; | ||
| 3993 | + return leftmost; | ||
| 3994 | } | ||
| 3995 | EXPORT_SYMBOL_GPL(timerqueue_add); | ||
| 3996 | |||
| 3997 | @@ -76,16 +75,10 @@ bool timerqueue_del(struct timerqueue_head *head, struct timerqueue_node *node) | ||
| 3998 | { | ||
| 3999 | WARN_ON_ONCE(RB_EMPTY_NODE(&node->node)); | ||
| 4000 | |||
| 4001 | - /* update next pointer */ | ||
| 4002 | - if (head->next == node) { | ||
| 4003 | - struct rb_node *rbn = rb_next(&node->node); | ||
| 4004 | - | ||
| 4005 | - head->next = rbn ? | ||
| 4006 | - rb_entry(rbn, struct timerqueue_node, node) : NULL; | ||
| 4007 | - } | ||
| 4008 | - rb_erase(&node->node, &head->head); | ||
| 4009 | + rb_erase_cached(&node->node, &head->rb_root); | ||
| 4010 | RB_CLEAR_NODE(&node->node); | ||
| 4011 | - return head->next != NULL; | ||
| 4012 | + | ||
| 4013 | + return !RB_EMPTY_ROOT(&head->rb_root.rb_root); | ||
| 4014 | } | ||
| 4015 | EXPORT_SYMBOL_GPL(timerqueue_del); | ||
| 4016 | |||
| 4017 | diff --git a/mm/gup.c b/mm/gup.c | ||
| 4018 | index 301dd96ef176c..0b80bf3878dcf 100644 | ||
| 4019 | --- a/mm/gup.c | ||
| 4020 | +++ b/mm/gup.c | ||
| 4021 | @@ -1567,22 +1567,15 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 4022 | next = pgd_addr_end(addr, end); | ||
| 4023 | if (pgd_none(pgd)) | ||
| 4024 | break; | ||
| 4025 | - /* | ||
| 4026 | - * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 4027 | - * because get_user_pages() may need to cause an early COW in | ||
| 4028 | - * order to avoid confusing the normal COW routines. So only | ||
| 4029 | - * targets that are already writable are safe to do by just | ||
| 4030 | - * looking at the page tables. | ||
| 4031 | - */ | ||
| 4032 | if (unlikely(pgd_huge(pgd))) { | ||
| 4033 | - if (!gup_huge_pgd(pgd, pgdp, addr, next, 1, | ||
| 4034 | + if (!gup_huge_pgd(pgd, pgdp, addr, next, write, | ||
| 4035 | pages, &nr)) | ||
| 4036 | break; | ||
| 4037 | } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) { | ||
| 4038 | if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr, | ||
| 4039 | - PGDIR_SHIFT, next, 1, pages, &nr)) | ||
| 4040 | + PGDIR_SHIFT, next, write, pages, &nr)) | ||
| 4041 | break; | ||
| 4042 | - } else if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) | ||
| 4043 | + } else if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) | ||
| 4044 | break; | ||
| 4045 | } while (pgdp++, addr = next, addr != end); | ||
| 4046 | local_irq_restore(flags); | ||
| 4047 | @@ -1612,7 +1605,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, | ||
| 4048 | int nr, ret; | ||
| 4049 | |||
| 4050 | start &= PAGE_MASK; | ||
| 4051 | - nr = __get_user_pages_fast(start, nr_pages, write, pages); | ||
| 4052 | + /* | ||
| 4053 | + * The FAST_GUP case requires FOLL_WRITE even for pure reads, | ||
| 4054 | + * because get_user_pages() may need to cause an early COW in | ||
| 4055 | + * order to avoid confusing the normal COW routines. So only | ||
| 4056 | + * targets that are already writable are safe to do by just | ||
| 4057 | + * looking at the page tables. | ||
| 4058 | + */ | ||
| 4059 | + nr = __get_user_pages_fast(start, nr_pages, 1, pages); | ||
| 4060 | ret = nr; | ||
| 4061 | |||
| 4062 | if (nr < nr_pages) { | ||
| 4063 | diff --git a/mm/memory.c b/mm/memory.c | ||
| 4064 | index c2890dc104d9e..2b2cc69ddccef 100644 | ||
| 4065 | --- a/mm/memory.c | ||
| 4066 | +++ b/mm/memory.c | ||
| 4067 | @@ -3780,8 +3780,8 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) | ||
| 4068 | } | ||
| 4069 | #endif /* __PAGETABLE_PMD_FOLDED */ | ||
| 4070 | |||
| 4071 | -static int __follow_pte(struct mm_struct *mm, unsigned long address, | ||
| 4072 | - pte_t **ptepp, spinlock_t **ptlp) | ||
| 4073 | +static int __follow_pte_pmd(struct mm_struct *mm, unsigned long address, | ||
| 4074 | + pte_t **ptepp, pmd_t **pmdpp, spinlock_t **ptlp) | ||
| 4075 | { | ||
| 4076 | pgd_t *pgd; | ||
| 4077 | pud_t *pud; | ||
| 4078 | @@ -3798,11 +3798,20 @@ static int __follow_pte(struct mm_struct *mm, unsigned long address, | ||
| 4079 | |||
| 4080 | pmd = pmd_offset(pud, address); | ||
| 4081 | VM_BUG_ON(pmd_trans_huge(*pmd)); | ||
| 4082 | - if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd))) | ||
| 4083 | - goto out; | ||
| 4084 | |||
| 4085 | - /* We cannot handle huge page PFN maps. Luckily they don't exist. */ | ||
| 4086 | - if (pmd_huge(*pmd)) | ||
| 4087 | + if (pmd_huge(*pmd)) { | ||
| 4088 | + if (!pmdpp) | ||
| 4089 | + goto out; | ||
| 4090 | + | ||
| 4091 | + *ptlp = pmd_lock(mm, pmd); | ||
| 4092 | + if (pmd_huge(*pmd)) { | ||
| 4093 | + *pmdpp = pmd; | ||
| 4094 | + return 0; | ||
| 4095 | + } | ||
| 4096 | + spin_unlock(*ptlp); | ||
| 4097 | + } | ||
| 4098 | + | ||
| 4099 | + if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd))) | ||
| 4100 | goto out; | ||
| 4101 | |||
| 4102 | ptep = pte_offset_map_lock(mm, pmd, address, ptlp); | ||
| 4103 | @@ -3825,9 +3834,23 @@ static inline int follow_pte(struct mm_struct *mm, unsigned long address, | ||
| 4104 | |||
| 4105 | /* (void) is needed to make gcc happy */ | ||
| 4106 | (void) __cond_lock(*ptlp, | ||
| 4107 | - !(res = __follow_pte(mm, address, ptepp, ptlp))); | ||
| 4108 | + !(res = __follow_pte_pmd(mm, address, ptepp, NULL, | ||
| 4109 | + ptlp))); | ||
| 4110 | + return res; | ||
| 4111 | +} | ||
| 4112 | + | ||
| 4113 | +int follow_pte_pmd(struct mm_struct *mm, unsigned long address, | ||
| 4114 | + pte_t **ptepp, pmd_t **pmdpp, spinlock_t **ptlp) | ||
| 4115 | +{ | ||
| 4116 | + int res; | ||
| 4117 | + | ||
| 4118 | + /* (void) is needed to make gcc happy */ | ||
| 4119 | + (void) __cond_lock(*ptlp, | ||
| 4120 | + !(res = __follow_pte_pmd(mm, address, ptepp, pmdpp, | ||
| 4121 | + ptlp))); | ||
| 4122 | return res; | ||
| 4123 | } | ||
| 4124 | +EXPORT_SYMBOL(follow_pte_pmd); | ||
| 4125 | |||
| 4126 | /** | ||
| 4127 | * follow_pfn - look up PFN at a user virtual address | ||
| 4128 | diff --git a/mm/shmem.c b/mm/shmem.c | ||
| 4129 | index 31b0c09fe6c60..51aa13f596220 100644 | ||
| 4130 | --- a/mm/shmem.c | ||
| 4131 | +++ b/mm/shmem.c | ||
| 4132 | @@ -436,7 +436,7 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, | ||
| 4133 | struct shmem_inode_info *info; | ||
| 4134 | struct page *page; | ||
| 4135 | unsigned long batch = sc ? sc->nr_to_scan : 128; | ||
| 4136 | - int removed = 0, split = 0; | ||
| 4137 | + int split = 0; | ||
| 4138 | |||
| 4139 | if (list_empty(&sbinfo->shrinklist)) | ||
| 4140 | return SHRINK_STOP; | ||
| 4141 | @@ -451,7 +451,6 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, | ||
| 4142 | /* inode is about to be evicted */ | ||
| 4143 | if (!inode) { | ||
| 4144 | list_del_init(&info->shrinklist); | ||
| 4145 | - removed++; | ||
| 4146 | goto next; | ||
| 4147 | } | ||
| 4148 | |||
| 4149 | @@ -459,12 +458,12 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, | ||
| 4150 | if (round_up(inode->i_size, PAGE_SIZE) == | ||
| 4151 | round_up(inode->i_size, HPAGE_PMD_SIZE)) { | ||
| 4152 | list_move(&info->shrinklist, &to_remove); | ||
| 4153 | - removed++; | ||
| 4154 | goto next; | ||
| 4155 | } | ||
| 4156 | |||
| 4157 | list_move(&info->shrinklist, &list); | ||
| 4158 | next: | ||
| 4159 | + sbinfo->shrinklist_len--; | ||
| 4160 | if (!--batch) | ||
| 4161 | break; | ||
| 4162 | } | ||
| 4163 | @@ -484,7 +483,7 @@ next: | ||
| 4164 | inode = &info->vfs_inode; | ||
| 4165 | |||
| 4166 | if (nr_to_split && split >= nr_to_split) | ||
| 4167 | - goto leave; | ||
| 4168 | + goto move_back; | ||
| 4169 | |||
| 4170 | page = find_get_page(inode->i_mapping, | ||
| 4171 | (inode->i_size & HPAGE_PMD_MASK) >> PAGE_SHIFT); | ||
| 4172 | @@ -498,38 +497,44 @@ next: | ||
| 4173 | } | ||
| 4174 | |||
| 4175 | /* | ||
| 4176 | - * Leave the inode on the list if we failed to lock | ||
| 4177 | - * the page at this time. | ||
| 4178 | + * Move the inode on the list back to shrinklist if we failed | ||
| 4179 | + * to lock the page at this time. | ||
| 4180 | * | ||
| 4181 | * Waiting for the lock may lead to deadlock in the | ||
| 4182 | * reclaim path. | ||
| 4183 | */ | ||
| 4184 | if (!trylock_page(page)) { | ||
| 4185 | put_page(page); | ||
| 4186 | - goto leave; | ||
| 4187 | + goto move_back; | ||
| 4188 | } | ||
| 4189 | |||
| 4190 | ret = split_huge_page(page); | ||
| 4191 | unlock_page(page); | ||
| 4192 | put_page(page); | ||
| 4193 | |||
| 4194 | - /* If split failed leave the inode on the list */ | ||
| 4195 | + /* If split failed move the inode on the list back to shrinklist */ | ||
| 4196 | if (ret) | ||
| 4197 | - goto leave; | ||
| 4198 | + goto move_back; | ||
| 4199 | |||
| 4200 | split++; | ||
| 4201 | drop: | ||
| 4202 | list_del_init(&info->shrinklist); | ||
| 4203 | - removed++; | ||
| 4204 | -leave: | ||
| 4205 | + goto put; | ||
| 4206 | +move_back: | ||
| 4207 | + /* | ||
| 4208 | + * Make sure the inode is either on the global list or deleted | ||
| 4209 | + * from any local list before iput() since it could be deleted | ||
| 4210 | + * in another thread once we put the inode (then the local list | ||
| 4211 | + * is corrupted). | ||
| 4212 | + */ | ||
| 4213 | + spin_lock(&sbinfo->shrinklist_lock); | ||
| 4214 | + list_move(&info->shrinklist, &sbinfo->shrinklist); | ||
| 4215 | + sbinfo->shrinklist_len++; | ||
| 4216 | + spin_unlock(&sbinfo->shrinklist_lock); | ||
| 4217 | +put: | ||
| 4218 | iput(inode); | ||
| 4219 | } | ||
| 4220 | |||
| 4221 | - spin_lock(&sbinfo->shrinklist_lock); | ||
| 4222 | - list_splice_tail(&list, &sbinfo->shrinklist); | ||
| 4223 | - sbinfo->shrinklist_len -= removed; | ||
| 4224 | - spin_unlock(&sbinfo->shrinklist_lock); | ||
| 4225 | - | ||
| 4226 | return split; | ||
| 4227 | } | ||
| 4228 | |||
| 4229 | diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c | ||
| 4230 | index 0bb150e68c53f..e2e580c747f4b 100644 | ||
| 4231 | --- a/net/bluetooth/cmtp/core.c | ||
| 4232 | +++ b/net/bluetooth/cmtp/core.c | ||
| 4233 | @@ -499,9 +499,7 @@ static int __init cmtp_init(void) | ||
| 4234 | { | ||
| 4235 | BT_INFO("CMTP (CAPI Emulation) ver %s", VERSION); | ||
| 4236 | |||
| 4237 | - cmtp_init_sockets(); | ||
| 4238 | - | ||
| 4239 | - return 0; | ||
| 4240 | + return cmtp_init_sockets(); | ||
| 4241 | } | ||
| 4242 | |||
| 4243 | static void __exit cmtp_exit(void) | ||
| 4244 | diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c | ||
| 4245 | index b43f31203a430..40e6e5feb1e06 100644 | ||
| 4246 | --- a/net/bluetooth/hci_core.c | ||
| 4247 | +++ b/net/bluetooth/hci_core.c | ||
| 4248 | @@ -3148,6 +3148,7 @@ int hci_register_dev(struct hci_dev *hdev) | ||
| 4249 | return id; | ||
| 4250 | |||
| 4251 | err_wqueue: | ||
| 4252 | + debugfs_remove_recursive(hdev->debugfs); | ||
| 4253 | destroy_workqueue(hdev->workqueue); | ||
| 4254 | destroy_workqueue(hdev->req_workqueue); | ||
| 4255 | err: | ||
| 4256 | diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c | ||
| 4257 | index f9484755a9baf..17cfd9f8e98e0 100644 | ||
| 4258 | --- a/net/bluetooth/hci_event.c | ||
| 4259 | +++ b/net/bluetooth/hci_event.c | ||
| 4260 | @@ -4967,7 +4967,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) | ||
| 4261 | struct hci_ev_le_advertising_info *ev = ptr; | ||
| 4262 | s8 rssi; | ||
| 4263 | |||
| 4264 | - if (ev->length <= HCI_MAX_AD_LENGTH) { | ||
| 4265 | + if (ev->length <= HCI_MAX_AD_LENGTH && | ||
| 4266 | + ev->data + ev->length <= skb_tail_pointer(skb)) { | ||
| 4267 | rssi = ev->data[ev->length]; | ||
| 4268 | process_adv_report(hdev, ev->evt_type, &ev->bdaddr, | ||
| 4269 | ev->bdaddr_type, NULL, 0, rssi, | ||
| 4270 | @@ -4977,6 +4978,11 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) | ||
| 4271 | } | ||
| 4272 | |||
| 4273 | ptr += sizeof(*ev) + ev->length + 1; | ||
| 4274 | + | ||
| 4275 | + if (ptr > (void *) skb_tail_pointer(skb) - sizeof(*ev)) { | ||
| 4276 | + bt_dev_err(hdev, "Malicious advertising data. Stopping processing"); | ||
| 4277 | + break; | ||
| 4278 | + } | ||
| 4279 | } | ||
| 4280 | |||
| 4281 | hci_dev_unlock(hdev); | ||
| 4282 | diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c | ||
| 4283 | index 7104d5e64abb3..11d4d18012fed 100644 | ||
| 4284 | --- a/net/bridge/br_netfilter_hooks.c | ||
| 4285 | +++ b/net/bridge/br_netfilter_hooks.c | ||
| 4286 | @@ -724,6 +724,9 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff | ||
| 4287 | if (nf_bridge->frag_max_size && nf_bridge->frag_max_size < mtu) | ||
| 4288 | mtu = nf_bridge->frag_max_size; | ||
| 4289 | |||
| 4290 | + nf_bridge_update_protocol(skb); | ||
| 4291 | + nf_bridge_push_encap_header(skb); | ||
| 4292 | + | ||
| 4293 | if (skb_is_gso(skb) || skb->len + mtu_reserved <= mtu) { | ||
| 4294 | nf_bridge_info_free(skb); | ||
| 4295 | return br_dev_queue_push_xmit(net, sk, skb); | ||
| 4296 | @@ -741,8 +744,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff | ||
| 4297 | |||
| 4298 | IPCB(skb)->frag_max_size = nf_bridge->frag_max_size; | ||
| 4299 | |||
| 4300 | - nf_bridge_update_protocol(skb); | ||
| 4301 | - | ||
| 4302 | data = this_cpu_ptr(&brnf_frag_data_storage); | ||
| 4303 | |||
| 4304 | data->vlan_tci = skb->vlan_tci; | ||
| 4305 | @@ -765,8 +766,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff | ||
| 4306 | |||
| 4307 | IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size; | ||
| 4308 | |||
| 4309 | - nf_bridge_update_protocol(skb); | ||
| 4310 | - | ||
| 4311 | data = this_cpu_ptr(&brnf_frag_data_storage); | ||
| 4312 | data->encap_size = nf_bridge_encap_header_len(skb); | ||
| 4313 | data->size = ETH_HLEN + data->encap_size; | ||
| 4314 | diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c | ||
| 4315 | index 7630fa80db92a..48854eae294fd 100644 | ||
| 4316 | --- a/net/core/net_namespace.c | ||
| 4317 | +++ b/net/core/net_namespace.c | ||
| 4318 | @@ -132,8 +132,10 @@ static void ops_exit_list(const struct pernet_operations *ops, | ||
| 4319 | { | ||
| 4320 | struct net *net; | ||
| 4321 | if (ops->exit) { | ||
| 4322 | - list_for_each_entry(net, net_exit_list, exit_list) | ||
| 4323 | + list_for_each_entry(net, net_exit_list, exit_list) { | ||
| 4324 | ops->exit(net); | ||
| 4325 | + cond_resched(); | ||
| 4326 | + } | ||
| 4327 | } | ||
| 4328 | if (ops->exit_batch) | ||
| 4329 | ops->exit_batch(net_exit_list); | ||
| 4330 | diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c | ||
| 4331 | index 553cda6f887ad..b7dc20a65b649 100644 | ||
| 4332 | --- a/net/ipv4/cipso_ipv4.c | ||
| 4333 | +++ b/net/ipv4/cipso_ipv4.c | ||
| 4334 | @@ -534,16 +534,10 @@ int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info) | ||
| 4335 | ret_val = -ENOENT; | ||
| 4336 | goto doi_remove_return; | ||
| 4337 | } | ||
| 4338 | - if (!atomic_dec_and_test(&doi_def->refcount)) { | ||
| 4339 | - spin_unlock(&cipso_v4_doi_list_lock); | ||
| 4340 | - ret_val = -EBUSY; | ||
| 4341 | - goto doi_remove_return; | ||
| 4342 | - } | ||
| 4343 | list_del_rcu(&doi_def->list); | ||
| 4344 | spin_unlock(&cipso_v4_doi_list_lock); | ||
| 4345 | |||
| 4346 | - cipso_v4_cache_invalidate(); | ||
| 4347 | - call_rcu(&doi_def->rcu, cipso_v4_doi_free_rcu); | ||
| 4348 | + cipso_v4_doi_putdef(doi_def); | ||
| 4349 | ret_val = 0; | ||
| 4350 | |||
| 4351 | doi_remove_return: | ||
| 4352 | @@ -600,9 +594,6 @@ void cipso_v4_doi_putdef(struct cipso_v4_doi *doi_def) | ||
| 4353 | |||
| 4354 | if (!atomic_dec_and_test(&doi_def->refcount)) | ||
| 4355 | return; | ||
| 4356 | - spin_lock(&cipso_v4_doi_list_lock); | ||
| 4357 | - list_del_rcu(&doi_def->list); | ||
| 4358 | - spin_unlock(&cipso_v4_doi_list_lock); | ||
| 4359 | |||
| 4360 | cipso_v4_cache_invalidate(); | ||
| 4361 | call_rcu(&doi_def->rcu, cipso_v4_doi_free_rcu); | ||
| 4362 | diff --git a/net/ipv6/calipso.c b/net/ipv6/calipso.c | ||
| 4363 | index b206415bbde74..7628963ddacc3 100644 | ||
| 4364 | --- a/net/ipv6/calipso.c | ||
| 4365 | +++ b/net/ipv6/calipso.c | ||
| 4366 | @@ -97,6 +97,9 @@ struct calipso_map_cache_entry { | ||
| 4367 | |||
| 4368 | static struct calipso_map_cache_bkt *calipso_cache; | ||
| 4369 | |||
| 4370 | +static void calipso_cache_invalidate(void); | ||
| 4371 | +static void calipso_doi_putdef(struct calipso_doi *doi_def); | ||
| 4372 | + | ||
| 4373 | /* Label Mapping Cache Functions | ||
| 4374 | */ | ||
| 4375 | |||
| 4376 | @@ -458,15 +461,10 @@ static int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info) | ||
| 4377 | ret_val = -ENOENT; | ||
| 4378 | goto doi_remove_return; | ||
| 4379 | } | ||
| 4380 | - if (!atomic_dec_and_test(&doi_def->refcount)) { | ||
| 4381 | - spin_unlock(&calipso_doi_list_lock); | ||
| 4382 | - ret_val = -EBUSY; | ||
| 4383 | - goto doi_remove_return; | ||
| 4384 | - } | ||
| 4385 | list_del_rcu(&doi_def->list); | ||
| 4386 | spin_unlock(&calipso_doi_list_lock); | ||
| 4387 | |||
| 4388 | - call_rcu(&doi_def->rcu, calipso_doi_free_rcu); | ||
| 4389 | + calipso_doi_putdef(doi_def); | ||
| 4390 | ret_val = 0; | ||
| 4391 | |||
| 4392 | doi_remove_return: | ||
| 4393 | @@ -522,10 +520,8 @@ static void calipso_doi_putdef(struct calipso_doi *doi_def) | ||
| 4394 | |||
| 4395 | if (!atomic_dec_and_test(&doi_def->refcount)) | ||
| 4396 | return; | ||
| 4397 | - spin_lock(&calipso_doi_list_lock); | ||
| 4398 | - list_del_rcu(&doi_def->list); | ||
| 4399 | - spin_unlock(&calipso_doi_list_lock); | ||
| 4400 | |||
| 4401 | + calipso_cache_invalidate(); | ||
| 4402 | call_rcu(&doi_def->rcu, calipso_doi_free_rcu); | ||
| 4403 | } | ||
| 4404 | |||
| 4405 | diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c | ||
| 4406 | index 422fac2a4a3c8..9a256d0fb957a 100644 | ||
| 4407 | --- a/net/netlabel/netlabel_cipso_v4.c | ||
| 4408 | +++ b/net/netlabel/netlabel_cipso_v4.c | ||
| 4409 | @@ -587,6 +587,7 @@ list_start: | ||
| 4410 | |||
| 4411 | break; | ||
| 4412 | } | ||
| 4413 | + cipso_v4_doi_putdef(doi_def); | ||
| 4414 | rcu_read_unlock(); | ||
| 4415 | |||
| 4416 | genlmsg_end(ans_skb, data); | ||
| 4417 | @@ -595,12 +596,14 @@ list_start: | ||
| 4418 | list_retry: | ||
| 4419 | /* XXX - this limit is a guesstimate */ | ||
| 4420 | if (nlsze_mult < 4) { | ||
| 4421 | + cipso_v4_doi_putdef(doi_def); | ||
| 4422 | rcu_read_unlock(); | ||
| 4423 | kfree_skb(ans_skb); | ||
| 4424 | nlsze_mult *= 2; | ||
| 4425 | goto list_start; | ||
| 4426 | } | ||
| 4427 | list_failure_lock: | ||
| 4428 | + cipso_v4_doi_putdef(doi_def); | ||
| 4429 | rcu_read_unlock(); | ||
| 4430 | list_failure: | ||
| 4431 | kfree_skb(ans_skb); | ||
| 4432 | diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c | ||
| 4433 | index 92c6fbfd51f79..bc59b2b5f9836 100644 | ||
| 4434 | --- a/net/nfc/llcp_sock.c | ||
| 4435 | +++ b/net/nfc/llcp_sock.c | ||
| 4436 | @@ -796,6 +796,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, | ||
| 4437 | |||
| 4438 | lock_sock(sk); | ||
| 4439 | |||
| 4440 | + if (!llcp_sock->local) { | ||
| 4441 | + release_sock(sk); | ||
| 4442 | + return -ENODEV; | ||
| 4443 | + } | ||
| 4444 | + | ||
| 4445 | if (sk->sk_type == SOCK_DGRAM) { | ||
| 4446 | DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, | ||
| 4447 | msg->msg_name); | ||
| 4448 | diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c | ||
| 4449 | index 04ca08f852209..daa24ec7db278 100644 | ||
| 4450 | --- a/net/sched/sch_generic.c | ||
| 4451 | +++ b/net/sched/sch_generic.c | ||
| 4452 | @@ -996,6 +996,7 @@ void psched_ratecfg_precompute(struct psched_ratecfg *r, | ||
| 4453 | { | ||
| 4454 | memset(r, 0, sizeof(*r)); | ||
| 4455 | r->overhead = conf->overhead; | ||
| 4456 | + r->mpu = conf->mpu; | ||
| 4457 | r->rate_bytes_ps = max_t(u64, conf->rate, rate64); | ||
| 4458 | r->linklayer = (conf->linklayer & TC_LINKLAYER_MASK); | ||
| 4459 | r->mult = 1; | ||
| 4460 | diff --git a/net/unix/garbage.c b/net/unix/garbage.c | ||
| 4461 | index 8bbe1b8e4ff7f..4d283e26d8162 100644 | ||
| 4462 | --- a/net/unix/garbage.c | ||
| 4463 | +++ b/net/unix/garbage.c | ||
| 4464 | @@ -197,8 +197,11 @@ void wait_for_unix_gc(void) | ||
| 4465 | { | ||
| 4466 | /* If number of inflight sockets is insane, | ||
| 4467 | * force a garbage collect right now. | ||
| 4468 | + * Paired with the WRITE_ONCE() in unix_inflight(), | ||
| 4469 | + * unix_notinflight() and gc_in_progress(). | ||
| 4470 | */ | ||
| 4471 | - if (unix_tot_inflight > UNIX_INFLIGHT_TRIGGER_GC && !gc_in_progress) | ||
| 4472 | + if (READ_ONCE(unix_tot_inflight) > UNIX_INFLIGHT_TRIGGER_GC && | ||
| 4473 | + !READ_ONCE(gc_in_progress)) | ||
| 4474 | unix_gc(); | ||
| 4475 | wait_event(unix_gc_wait, gc_in_progress == false); | ||
| 4476 | } | ||
| 4477 | @@ -218,7 +221,9 @@ void unix_gc(void) | ||
| 4478 | if (gc_in_progress) | ||
| 4479 | goto out; | ||
| 4480 | |||
| 4481 | - gc_in_progress = true; | ||
| 4482 | + /* Paired with READ_ONCE() in wait_for_unix_gc(). */ | ||
| 4483 | + WRITE_ONCE(gc_in_progress, true); | ||
| 4484 | + | ||
| 4485 | /* First, select candidates for garbage collection. Only | ||
| 4486 | * in-flight sockets are considered, and from those only ones | ||
| 4487 | * which don't have any external reference. | ||
| 4488 | @@ -304,7 +309,10 @@ void unix_gc(void) | ||
| 4489 | |||
| 4490 | /* All candidates should have been detached by now. */ | ||
| 4491 | BUG_ON(!list_empty(&gc_candidates)); | ||
| 4492 | - gc_in_progress = false; | ||
| 4493 | + | ||
| 4494 | + /* Paired with READ_ONCE() in wait_for_unix_gc(). */ | ||
| 4495 | + WRITE_ONCE(gc_in_progress, false); | ||
| 4496 | + | ||
| 4497 | wake_up(&unix_gc_wait); | ||
| 4498 | |||
| 4499 | out: | ||
| 4500 | diff --git a/net/unix/scm.c b/net/unix/scm.c | ||
| 4501 | index df8f636ab1d8c..bf1a8fa8c4f1d 100644 | ||
| 4502 | --- a/net/unix/scm.c | ||
| 4503 | +++ b/net/unix/scm.c | ||
| 4504 | @@ -56,7 +56,8 @@ void unix_inflight(struct user_struct *user, struct file *fp) | ||
| 4505 | } else { | ||
| 4506 | BUG_ON(list_empty(&u->link)); | ||
| 4507 | } | ||
| 4508 | - unix_tot_inflight++; | ||
| 4509 | + /* Paired with READ_ONCE() in wait_for_unix_gc() */ | ||
| 4510 | + WRITE_ONCE(unix_tot_inflight, unix_tot_inflight + 1); | ||
| 4511 | } | ||
| 4512 | user->unix_inflight++; | ||
| 4513 | spin_unlock(&unix_gc_lock); | ||
| 4514 | @@ -76,7 +77,8 @@ void unix_notinflight(struct user_struct *user, struct file *fp) | ||
| 4515 | |||
| 4516 | if (atomic_long_dec_and_test(&u->inflight)) | ||
| 4517 | list_del_init(&u->link); | ||
| 4518 | - unix_tot_inflight--; | ||
| 4519 | + /* Paired with READ_ONCE() in wait_for_unix_gc() */ | ||
| 4520 | + WRITE_ONCE(unix_tot_inflight, unix_tot_inflight - 1); | ||
| 4521 | } | ||
| 4522 | user->unix_inflight--; | ||
| 4523 | spin_unlock(&unix_gc_lock); | ||
| 4524 | diff --git a/scripts/dtc/dtx_diff b/scripts/dtc/dtx_diff | ||
| 4525 | index ec47f95991a3a..971e74f408a77 100755 | ||
| 4526 | --- a/scripts/dtc/dtx_diff | ||
| 4527 | +++ b/scripts/dtc/dtx_diff | ||
| 4528 | @@ -56,12 +56,8 @@ Otherwise DTx is treated as a dts source file (aka .dts). | ||
| 4529 | or '/include/' to be processed. | ||
| 4530 | |||
| 4531 | If DTx_1 and DTx_2 are in different architectures, then this script | ||
| 4532 | - may not work since \${ARCH} is part of the include path. Two possible | ||
| 4533 | - workarounds: | ||
| 4534 | - | ||
| 4535 | - `basename $0` \\ | ||
| 4536 | - <(ARCH=arch_of_dtx_1 `basename $0` DTx_1) \\ | ||
| 4537 | - <(ARCH=arch_of_dtx_2 `basename $0` DTx_2) | ||
| 4538 | + may not work since \${ARCH} is part of the include path. The following | ||
| 4539 | + workaround can be used: | ||
| 4540 | |||
| 4541 | `basename $0` ARCH=arch_of_dtx_1 DTx_1 >tmp_dtx_1.dts | ||
| 4542 | `basename $0` ARCH=arch_of_dtx_2 DTx_2 >tmp_dtx_2.dts | ||
| 4543 | diff --git a/sound/core/jack.c b/sound/core/jack.c | ||
| 4544 | index 5ddf81f091fa9..36cfe1c54109d 100644 | ||
| 4545 | --- a/sound/core/jack.c | ||
| 4546 | +++ b/sound/core/jack.c | ||
| 4547 | @@ -68,10 +68,13 @@ static int snd_jack_dev_free(struct snd_device *device) | ||
| 4548 | struct snd_card *card = device->card; | ||
| 4549 | struct snd_jack_kctl *jack_kctl, *tmp_jack_kctl; | ||
| 4550 | |||
| 4551 | + down_write(&card->controls_rwsem); | ||
| 4552 | list_for_each_entry_safe(jack_kctl, tmp_jack_kctl, &jack->kctl_list, list) { | ||
| 4553 | list_del_init(&jack_kctl->list); | ||
| 4554 | snd_ctl_remove(card, jack_kctl->kctl); | ||
| 4555 | } | ||
| 4556 | + up_write(&card->controls_rwsem); | ||
| 4557 | + | ||
| 4558 | if (jack->private_free) | ||
| 4559 | jack->private_free(jack); | ||
| 4560 | |||
| 4561 | diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c | ||
| 4562 | index 0ce3f42721c4d..440c16e0d0713 100644 | ||
| 4563 | --- a/sound/core/oss/pcm_oss.c | ||
| 4564 | +++ b/sound/core/oss/pcm_oss.c | ||
| 4565 | @@ -2122,7 +2122,7 @@ static int snd_pcm_oss_set_trigger(struct snd_pcm_oss_file *pcm_oss_file, int tr | ||
| 4566 | int err, cmd; | ||
| 4567 | |||
| 4568 | #ifdef OSS_DEBUG | ||
| 4569 | - pcm_dbg(substream->pcm, "pcm_oss: trigger = 0x%x\n", trigger); | ||
| 4570 | + pr_debug("pcm_oss: trigger = 0x%x\n", trigger); | ||
| 4571 | #endif | ||
| 4572 | |||
| 4573 | psubstream = pcm_oss_file->streams[SNDRV_PCM_STREAM_PLAYBACK]; | ||
| 4574 | diff --git a/sound/core/pcm.c b/sound/core/pcm.c | ||
| 4575 | index cdff5f9764808..6ae28dcd79945 100644 | ||
| 4576 | --- a/sound/core/pcm.c | ||
| 4577 | +++ b/sound/core/pcm.c | ||
| 4578 | @@ -857,7 +857,11 @@ EXPORT_SYMBOL(snd_pcm_new_internal); | ||
| 4579 | static void free_chmap(struct snd_pcm_str *pstr) | ||
| 4580 | { | ||
| 4581 | if (pstr->chmap_kctl) { | ||
| 4582 | - snd_ctl_remove(pstr->pcm->card, pstr->chmap_kctl); | ||
| 4583 | + struct snd_card *card = pstr->pcm->card; | ||
| 4584 | + | ||
| 4585 | + down_write(&card->controls_rwsem); | ||
| 4586 | + snd_ctl_remove(card, pstr->chmap_kctl); | ||
| 4587 | + up_write(&card->controls_rwsem); | ||
| 4588 | pstr->chmap_kctl = NULL; | ||
| 4589 | } | ||
| 4590 | } | ||
| 4591 | diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c | ||
| 4592 | index ea1aa07962761..b923059a22276 100644 | ||
| 4593 | --- a/sound/core/seq/seq_queue.c | ||
| 4594 | +++ b/sound/core/seq/seq_queue.c | ||
| 4595 | @@ -257,12 +257,15 @@ struct snd_seq_queue *snd_seq_queue_find_name(char *name) | ||
| 4596 | |||
| 4597 | /* -------------------------------------------------------- */ | ||
| 4598 | |||
| 4599 | +#define MAX_CELL_PROCESSES_IN_QUEUE 1000 | ||
| 4600 | + | ||
| 4601 | void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) | ||
| 4602 | { | ||
| 4603 | unsigned long flags; | ||
| 4604 | struct snd_seq_event_cell *cell; | ||
| 4605 | snd_seq_tick_time_t cur_tick; | ||
| 4606 | snd_seq_real_time_t cur_time; | ||
| 4607 | + int processed = 0; | ||
| 4608 | |||
| 4609 | if (q == NULL) | ||
| 4610 | return; | ||
| 4611 | @@ -285,6 +288,8 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) | ||
| 4612 | if (!cell) | ||
| 4613 | break; | ||
| 4614 | snd_seq_dispatch_event(cell, atomic, hop); | ||
| 4615 | + if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE) | ||
| 4616 | + goto out; /* the rest processed at the next batch */ | ||
| 4617 | } | ||
| 4618 | |||
| 4619 | /* Process time queue... */ | ||
| 4620 | @@ -294,14 +299,19 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) | ||
| 4621 | if (!cell) | ||
| 4622 | break; | ||
| 4623 | snd_seq_dispatch_event(cell, atomic, hop); | ||
| 4624 | + if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE) | ||
| 4625 | + goto out; /* the rest processed at the next batch */ | ||
| 4626 | } | ||
| 4627 | |||
| 4628 | + out: | ||
| 4629 | /* free lock */ | ||
| 4630 | spin_lock_irqsave(&q->check_lock, flags); | ||
| 4631 | if (q->check_again) { | ||
| 4632 | q->check_again = 0; | ||
| 4633 | - spin_unlock_irqrestore(&q->check_lock, flags); | ||
| 4634 | - goto __again; | ||
| 4635 | + if (processed < MAX_CELL_PROCESSES_IN_QUEUE) { | ||
| 4636 | + spin_unlock_irqrestore(&q->check_lock, flags); | ||
| 4637 | + goto __again; | ||
| 4638 | + } | ||
| 4639 | } | ||
| 4640 | q->check_blocked = 0; | ||
| 4641 | spin_unlock_irqrestore(&q->check_lock, flags); | ||
| 4642 | diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c | ||
| 4643 | index 4e67614f15f8e..8976da3e1e288 100644 | ||
| 4644 | --- a/sound/pci/hda/hda_codec.c | ||
| 4645 | +++ b/sound/pci/hda/hda_codec.c | ||
| 4646 | @@ -1608,8 +1608,11 @@ void snd_hda_ctls_clear(struct hda_codec *codec) | ||
| 4647 | { | ||
| 4648 | int i; | ||
| 4649 | struct hda_nid_item *items = codec->mixers.list; | ||
| 4650 | + | ||
| 4651 | + down_write(&codec->card->controls_rwsem); | ||
| 4652 | for (i = 0; i < codec->mixers.used; i++) | ||
| 4653 | snd_ctl_remove(codec->card, items[i].kctl); | ||
| 4654 | + up_write(&codec->card->controls_rwsem); | ||
| 4655 | snd_array_free(&codec->mixers); | ||
| 4656 | snd_array_free(&codec->nids); | ||
| 4657 | } | ||
| 4658 | diff --git a/sound/soc/mediatek/mt8173/mt8173-max98090.c b/sound/soc/mediatek/mt8173/mt8173-max98090.c | ||
| 4659 | index 5524a2c727ec7..cab30cb48366d 100644 | ||
| 4660 | --- a/sound/soc/mediatek/mt8173/mt8173-max98090.c | ||
| 4661 | +++ b/sound/soc/mediatek/mt8173/mt8173-max98090.c | ||
| 4662 | @@ -183,6 +183,9 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev) | ||
| 4663 | if (ret) | ||
| 4664 | dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", | ||
| 4665 | __func__, ret); | ||
| 4666 | + | ||
| 4667 | + of_node_put(codec_node); | ||
| 4668 | + of_node_put(platform_node); | ||
| 4669 | return ret; | ||
| 4670 | } | ||
| 4671 | |||
| 4672 | diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | ||
| 4673 | index 467f7049a2886..52fdd766ee82c 100644 | ||
| 4674 | --- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | ||
| 4675 | +++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c | ||
| 4676 | @@ -228,6 +228,8 @@ static int mt8173_rt5650_rt5514_dev_probe(struct platform_device *pdev) | ||
| 4677 | if (ret) | ||
| 4678 | dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", | ||
| 4679 | __func__, ret); | ||
| 4680 | + | ||
| 4681 | + of_node_put(platform_node); | ||
| 4682 | return ret; | ||
| 4683 | } | ||
| 4684 | |||
| 4685 | diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | ||
| 4686 | index 1b8b2a7788450..5d75b04f074fe 100644 | ||
| 4687 | --- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | ||
| 4688 | +++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | ||
| 4689 | @@ -285,6 +285,8 @@ static int mt8173_rt5650_rt5676_dev_probe(struct platform_device *pdev) | ||
| 4690 | if (ret) | ||
| 4691 | dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", | ||
| 4692 | __func__, ret); | ||
| 4693 | + | ||
| 4694 | + of_node_put(platform_node); | ||
| 4695 | return ret; | ||
| 4696 | } | ||
| 4697 | |||
| 4698 | diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650.c b/sound/soc/mediatek/mt8173/mt8173-rt5650.c | ||
| 4699 | index ba65f4157a7e0..d02a90201b13b 100644 | ||
| 4700 | --- a/sound/soc/mediatek/mt8173/mt8173-rt5650.c | ||
| 4701 | +++ b/sound/soc/mediatek/mt8173/mt8173-rt5650.c | ||
| 4702 | @@ -317,6 +317,8 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev) | ||
| 4703 | if (ret) | ||
| 4704 | dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", | ||
| 4705 | __func__, ret); | ||
| 4706 | + | ||
| 4707 | + of_node_put(platform_node); | ||
| 4708 | return ret; | ||
| 4709 | } | ||
| 4710 | |||
| 4711 | diff --git a/sound/soc/samsung/idma.c b/sound/soc/samsung/idma.c | ||
| 4712 | index 3e408158625db..72014dea75422 100644 | ||
| 4713 | --- a/sound/soc/samsung/idma.c | ||
| 4714 | +++ b/sound/soc/samsung/idma.c | ||
| 4715 | @@ -369,6 +369,8 @@ static int preallocate_idma_buffer(struct snd_pcm *pcm, int stream) | ||
| 4716 | buf->addr = idma.lp_tx_addr; | ||
| 4717 | buf->bytes = idma_hardware.buffer_bytes_max; | ||
| 4718 | buf->area = (unsigned char * __force)ioremap(buf->addr, buf->bytes); | ||
| 4719 | + if (!buf->area) | ||
| 4720 | + return -ENOMEM; | ||
| 4721 | |||
| 4722 | return 0; | ||
| 4723 | } | ||
| 4724 | diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c | ||
| 4725 | index db859b595dba1..d9b7001227e3c 100644 | ||
| 4726 | --- a/virt/kvm/kvm_main.c | ||
| 4727 | +++ b/virt/kvm/kvm_main.c | ||
| 4728 | @@ -1513,15 +1513,24 @@ static bool vma_is_valid(struct vm_area_struct *vma, bool write_fault) | ||
| 4729 | return true; | ||
| 4730 | } | ||
| 4731 | |||
| 4732 | +static int kvm_try_get_pfn(kvm_pfn_t pfn) | ||
| 4733 | +{ | ||
| 4734 | + if (kvm_is_reserved_pfn(pfn)) | ||
| 4735 | + return 1; | ||
| 4736 | + return get_page_unless_zero(pfn_to_page(pfn)); | ||
| 4737 | +} | ||
| 4738 | + | ||
| 4739 | static int hva_to_pfn_remapped(struct vm_area_struct *vma, | ||
| 4740 | unsigned long addr, bool *async, | ||
| 4741 | bool write_fault, bool *writable, | ||
| 4742 | kvm_pfn_t *p_pfn) | ||
| 4743 | { | ||
| 4744 | - unsigned long pfn; | ||
| 4745 | + kvm_pfn_t pfn; | ||
| 4746 | + pte_t *ptep; | ||
| 4747 | + spinlock_t *ptl; | ||
| 4748 | int r; | ||
| 4749 | |||
| 4750 | - r = follow_pfn(vma, addr, &pfn); | ||
| 4751 | + r = follow_pte_pmd(vma->vm_mm, addr, &ptep, NULL, &ptl); | ||
| 4752 | if (r) { | ||
| 4753 | /* | ||
| 4754 | * get_user_pages fails for VM_IO and VM_PFNMAP vmas and does | ||
| 4755 | @@ -1536,14 +1545,19 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma, | ||
| 4756 | if (r) | ||
| 4757 | return r; | ||
| 4758 | |||
| 4759 | - r = follow_pfn(vma, addr, &pfn); | ||
| 4760 | + r = follow_pte_pmd(vma->vm_mm, addr, &ptep, NULL, &ptl); | ||
| 4761 | if (r) | ||
| 4762 | return r; | ||
| 4763 | + } | ||
| 4764 | |||
| 4765 | + if (write_fault && !pte_write(*ptep)) { | ||
| 4766 | + pfn = KVM_PFN_ERR_RO_FAULT; | ||
| 4767 | + goto out; | ||
| 4768 | } | ||
| 4769 | |||
| 4770 | if (writable) | ||
| 4771 | - *writable = true; | ||
| 4772 | + *writable = pte_write(*ptep); | ||
| 4773 | + pfn = pte_pfn(*ptep); | ||
| 4774 | |||
| 4775 | /* | ||
| 4776 | * Get a reference here because callers of *hva_to_pfn* and | ||
| 4777 | @@ -1555,11 +1569,21 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma, | ||
| 4778 | * Whoever called remap_pfn_range is also going to call e.g. | ||
| 4779 | * unmap_mapping_range before the underlying pages are freed, | ||
| 4780 | * causing a call to our MMU notifier. | ||
| 4781 | + * | ||
| 4782 | + * Certain IO or PFNMAP mappings can be backed with valid | ||
| 4783 | + * struct pages, but be allocated without refcounting e.g., | ||
| 4784 | + * tail pages of non-compound higher order allocations, which | ||
| 4785 | + * would then underflow the refcount when the caller does the | ||
| 4786 | + * required put_page. Don't allow those pages here. | ||
| 4787 | */ | ||
| 4788 | - kvm_get_pfn(pfn); | ||
| 4789 | + if (!kvm_try_get_pfn(pfn)) | ||
| 4790 | + r = -EFAULT; | ||
| 4791 | |||
| 4792 | +out: | ||
| 4793 | + pte_unmap_unlock(ptep, ptl); | ||
| 4794 | *p_pfn = pfn; | ||
| 4795 | - return 0; | ||
| 4796 | + | ||
| 4797 | + return r; | ||
| 4798 | } | ||
| 4799 | |||
| 4800 | /* |