Contents of /trunk/kernel-alx-legacy/patches-4.9/0425-4.9.326-all-fixes.patch
Parent Directory | Revision Log
Revision 3727 -
(show annotations)
(download)
Mon Oct 24 14:08:37 2022 UTC (23 months ago) by niro
File size: 99998 byte(s)
Mon Oct 24 14:08:37 2022 UTC (23 months ago) by niro
File size: 99998 byte(s)
-linux-4.9.326
1 | diff --git a/Makefile b/Makefile |
2 | index 6042ded263475..e12236237dfad 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 325 |
9 | +SUBLEVEL = 326 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/arch/arm/lib/xor-neon.c b/arch/arm/lib/xor-neon.c |
14 | index c691b901092f5..b4feebc385bca 100644 |
15 | --- a/arch/arm/lib/xor-neon.c |
16 | +++ b/arch/arm/lib/xor-neon.c |
17 | @@ -29,8 +29,9 @@ MODULE_LICENSE("GPL"); |
18 | * While older versions of GCC do not generate incorrect code, they fail to |
19 | * recognize the parallel nature of these functions, and emit plain ARM code, |
20 | * which is known to be slower than the optimized ARM code in asm-arm/xor.h. |
21 | + * |
22 | + * #warning This code requires at least version 4.6 of GCC |
23 | */ |
24 | -#warning This code requires at least version 4.6 of GCC |
25 | #endif |
26 | |
27 | #pragma GCC diagnostic ignored "-Wunused-variable" |
28 | diff --git a/arch/ia64/include/asm/processor.h b/arch/ia64/include/asm/processor.h |
29 | index ce53c50d0ba44..9f0f9ecbd74d6 100644 |
30 | --- a/arch/ia64/include/asm/processor.h |
31 | +++ b/arch/ia64/include/asm/processor.h |
32 | @@ -554,7 +554,7 @@ ia64_get_irr(unsigned int vector) |
33 | { |
34 | unsigned int reg = vector / 64; |
35 | unsigned int bit = vector % 64; |
36 | - u64 irr; |
37 | + unsigned long irr; |
38 | |
39 | switch (reg) { |
40 | case 0: irr = ia64_getreg(_IA64_REG_CR_IRR0); break; |
41 | diff --git a/arch/mips/cavium-octeon/octeon-platform.c b/arch/mips/cavium-octeon/octeon-platform.c |
42 | index 2ecc8d1b05395..f295be8763906 100644 |
43 | --- a/arch/mips/cavium-octeon/octeon-platform.c |
44 | +++ b/arch/mips/cavium-octeon/octeon-platform.c |
45 | @@ -130,11 +130,12 @@ static void octeon2_usb_clocks_start(struct device *dev) |
46 | "refclk-frequency", &clock_rate); |
47 | if (i) { |
48 | dev_err(dev, "No UCTL \"refclk-frequency\"\n"); |
49 | + of_node_put(uctl_node); |
50 | goto exit; |
51 | } |
52 | i = of_property_read_string(uctl_node, |
53 | "refclk-type", &clock_type); |
54 | - |
55 | + of_node_put(uctl_node); |
56 | if (!i && strcmp("crystal", clock_type) == 0) |
57 | is_crystal_clock = true; |
58 | } |
59 | diff --git a/arch/mips/kernel/proc.c b/arch/mips/kernel/proc.c |
60 | index 4c01ee5b88c99..85efddd81af16 100644 |
61 | --- a/arch/mips/kernel/proc.c |
62 | +++ b/arch/mips/kernel/proc.c |
63 | @@ -162,7 +162,7 @@ static void *c_start(struct seq_file *m, loff_t *pos) |
64 | { |
65 | unsigned long i = *pos; |
66 | |
67 | - return i < NR_CPUS ? (void *) (i + 1) : NULL; |
68 | + return i < nr_cpu_ids ? (void *) (i + 1) : NULL; |
69 | } |
70 | |
71 | static void *c_next(struct seq_file *m, void *v, loff_t *pos) |
72 | diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c |
73 | index f625fd20b21e6..65fed205383e5 100644 |
74 | --- a/arch/mips/mm/tlbex.c |
75 | +++ b/arch/mips/mm/tlbex.c |
76 | @@ -637,7 +637,7 @@ static __maybe_unused void build_convert_pte_to_entrylo(u32 **p, |
77 | return; |
78 | } |
79 | |
80 | - if (cpu_has_rixi && !!_PAGE_NO_EXEC) { |
81 | + if (cpu_has_rixi && _PAGE_NO_EXEC != 0) { |
82 | if (fill_includes_sw_bits) { |
83 | UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL)); |
84 | } else { |
85 | @@ -2518,7 +2518,7 @@ static void check_pabits(void) |
86 | unsigned long entry; |
87 | unsigned pabits, fillbits; |
88 | |
89 | - if (!cpu_has_rixi || !_PAGE_NO_EXEC) { |
90 | + if (!cpu_has_rixi || _PAGE_NO_EXEC == 0) { |
91 | /* |
92 | * We'll only be making use of the fact that we can rotate bits |
93 | * into the fill if the CPU supports RIXI, so don't bother |
94 | diff --git a/arch/nios2/include/asm/entry.h b/arch/nios2/include/asm/entry.h |
95 | index cf37f55efbc22..bafb7b2ca59fc 100644 |
96 | --- a/arch/nios2/include/asm/entry.h |
97 | +++ b/arch/nios2/include/asm/entry.h |
98 | @@ -50,7 +50,8 @@ |
99 | stw r13, PT_R13(sp) |
100 | stw r14, PT_R14(sp) |
101 | stw r15, PT_R15(sp) |
102 | - stw r2, PT_ORIG_R2(sp) |
103 | + movi r24, -1 |
104 | + stw r24, PT_ORIG_R2(sp) |
105 | stw r7, PT_ORIG_R7(sp) |
106 | |
107 | stw ra, PT_RA(sp) |
108 | diff --git a/arch/nios2/include/asm/ptrace.h b/arch/nios2/include/asm/ptrace.h |
109 | index 6424621448728..9da34c3022a27 100644 |
110 | --- a/arch/nios2/include/asm/ptrace.h |
111 | +++ b/arch/nios2/include/asm/ptrace.h |
112 | @@ -74,6 +74,8 @@ extern void show_regs(struct pt_regs *); |
113 | ((struct pt_regs *)((unsigned long)current_thread_info() + THREAD_SIZE)\ |
114 | - 1) |
115 | |
116 | +#define force_successful_syscall_return() (current_pt_regs()->orig_r2 = -1) |
117 | + |
118 | int do_syscall_trace_enter(void); |
119 | void do_syscall_trace_exit(void); |
120 | #endif /* __ASSEMBLY__ */ |
121 | diff --git a/arch/nios2/kernel/entry.S b/arch/nios2/kernel/entry.S |
122 | index 1e515ccd698e3..af556588248e7 100644 |
123 | --- a/arch/nios2/kernel/entry.S |
124 | +++ b/arch/nios2/kernel/entry.S |
125 | @@ -185,6 +185,7 @@ ENTRY(handle_system_call) |
126 | ldw r5, PT_R5(sp) |
127 | |
128 | local_restart: |
129 | + stw r2, PT_ORIG_R2(sp) |
130 | /* Check that the requested system call is within limits */ |
131 | movui r1, __NR_syscalls |
132 | bgeu r2, r1, ret_invsyscall |
133 | @@ -192,7 +193,6 @@ local_restart: |
134 | movhi r11, %hiadj(sys_call_table) |
135 | add r1, r1, r11 |
136 | ldw r1, %lo(sys_call_table)(r1) |
137 | - beq r1, r0, ret_invsyscall |
138 | |
139 | /* Check if we are being traced */ |
140 | GET_THREAD_INFO r11 |
141 | @@ -213,6 +213,9 @@ local_restart: |
142 | translate_rc_and_ret: |
143 | movi r1, 0 |
144 | bge r2, zero, 3f |
145 | + ldw r1, PT_ORIG_R2(sp) |
146 | + addi r1, r1, 1 |
147 | + beq r1, zero, 3f |
148 | sub r2, zero, r2 |
149 | movi r1, 1 |
150 | 3: |
151 | @@ -255,9 +258,9 @@ traced_system_call: |
152 | ldw r6, PT_R6(sp) |
153 | ldw r7, PT_R7(sp) |
154 | |
155 | - /* Fetch the syscall function, we don't need to check the boundaries |
156 | - * since this is already done. |
157 | - */ |
158 | + /* Fetch the syscall function. */ |
159 | + movui r1, __NR_syscalls |
160 | + bgeu r2, r1, traced_invsyscall |
161 | slli r1, r2, 2 |
162 | movhi r11,%hiadj(sys_call_table) |
163 | add r1, r1, r11 |
164 | @@ -276,6 +279,9 @@ traced_system_call: |
165 | translate_rc_and_ret2: |
166 | movi r1, 0 |
167 | bge r2, zero, 4f |
168 | + ldw r1, PT_ORIG_R2(sp) |
169 | + addi r1, r1, 1 |
170 | + beq r1, zero, 4f |
171 | sub r2, zero, r2 |
172 | movi r1, 1 |
173 | 4: |
174 | @@ -287,6 +293,11 @@ end_translate_rc_and_ret2: |
175 | RESTORE_SWITCH_STACK |
176 | br ret_from_exception |
177 | |
178 | + /* If the syscall number was invalid return ENOSYS */ |
179 | +traced_invsyscall: |
180 | + movi r2, -ENOSYS |
181 | + br translate_rc_and_ret2 |
182 | + |
183 | Luser_return: |
184 | GET_THREAD_INFO r11 /* get thread_info pointer */ |
185 | ldw r10, TI_FLAGS(r11) /* get thread_info->flags */ |
186 | @@ -336,9 +347,6 @@ external_interrupt: |
187 | /* skip if no interrupt is pending */ |
188 | beq r12, r0, ret_from_interrupt |
189 | |
190 | - movi r24, -1 |
191 | - stw r24, PT_ORIG_R2(sp) |
192 | - |
193 | /* |
194 | * Process an external hardware interrupt. |
195 | */ |
196 | diff --git a/arch/nios2/kernel/signal.c b/arch/nios2/kernel/signal.c |
197 | index 20662b0f6c9e3..c1be8e1941385 100644 |
198 | --- a/arch/nios2/kernel/signal.c |
199 | +++ b/arch/nios2/kernel/signal.c |
200 | @@ -240,7 +240,7 @@ static int do_signal(struct pt_regs *regs) |
201 | /* |
202 | * If we were from a system call, check for system call restarting... |
203 | */ |
204 | - if (regs->orig_r2 >= 0) { |
205 | + if (regs->orig_r2 >= 0 && regs->r1) { |
206 | continue_addr = regs->ea; |
207 | restart_addr = continue_addr - 4; |
208 | retval = regs->r2; |
209 | @@ -261,6 +261,7 @@ static int do_signal(struct pt_regs *regs) |
210 | regs->ea = restart_addr; |
211 | break; |
212 | } |
213 | + regs->orig_r2 = -1; |
214 | } |
215 | |
216 | if (get_signal(&ksig)) { |
217 | diff --git a/arch/nios2/kernel/syscall_table.c b/arch/nios2/kernel/syscall_table.c |
218 | index 06e6ac1835b2e..cd10b6eed1283 100644 |
219 | --- a/arch/nios2/kernel/syscall_table.c |
220 | +++ b/arch/nios2/kernel/syscall_table.c |
221 | @@ -25,5 +25,6 @@ |
222 | #define __SYSCALL(nr, call) [nr] = (call), |
223 | |
224 | void *sys_call_table[__NR_syscalls] = { |
225 | + [0 ... __NR_syscalls-1] = sys_ni_syscall, |
226 | #include <asm/unistd.h> |
227 | }; |
228 | diff --git a/arch/nios2/kernel/time.c b/arch/nios2/kernel/time.c |
229 | index 746bf5caaffc7..3ff56008566e1 100644 |
230 | --- a/arch/nios2/kernel/time.c |
231 | +++ b/arch/nios2/kernel/time.c |
232 | @@ -107,7 +107,10 @@ static struct nios2_clocksource nios2_cs = { |
233 | |
234 | cycles_t get_cycles(void) |
235 | { |
236 | - return nios2_timer_read(&nios2_cs.cs); |
237 | + /* Only read timer if it has been initialized */ |
238 | + if (nios2_cs.timer.base) |
239 | + return nios2_timer_read(&nios2_cs.cs); |
240 | + return 0; |
241 | } |
242 | EXPORT_SYMBOL(get_cycles); |
243 | |
244 | diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c |
245 | index 2e68ca1fe0dbc..e46bda49529c7 100644 |
246 | --- a/arch/parisc/kernel/drivers.c |
247 | +++ b/arch/parisc/kernel/drivers.c |
248 | @@ -504,7 +504,6 @@ alloc_pa_dev(unsigned long hpa, struct hardware_path *mod_path) |
249 | dev->id.hversion_rev = iodc_data[1] & 0x0f; |
250 | dev->id.sversion = ((iodc_data[4] & 0x0f) << 16) | |
251 | (iodc_data[5] << 8) | iodc_data[6]; |
252 | - dev->hpa.name = parisc_pathname(dev); |
253 | dev->hpa.start = hpa; |
254 | /* This is awkward. The STI spec says that gfx devices may occupy |
255 | * 32MB or 64MB. Unfortunately, we don't know how to tell whether |
256 | @@ -518,10 +517,10 @@ alloc_pa_dev(unsigned long hpa, struct hardware_path *mod_path) |
257 | dev->hpa.end = hpa + 0xfff; |
258 | } |
259 | dev->hpa.flags = IORESOURCE_MEM; |
260 | - name = parisc_hardware_description(&dev->id); |
261 | - if (name) { |
262 | - strlcpy(dev->name, name, sizeof(dev->name)); |
263 | - } |
264 | + dev->hpa.name = dev->name; |
265 | + name = parisc_hardware_description(&dev->id) ? : "unknown"; |
266 | + snprintf(dev->name, sizeof(dev->name), "%s [%s]", |
267 | + name, parisc_pathname(dev)); |
268 | |
269 | /* Silently fail things like mouse ports which are subsumed within |
270 | * the keyboard controller |
271 | diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c |
272 | index 11b4ecec04eeb..1413d72689d25 100644 |
273 | --- a/arch/powerpc/kernel/prom.c |
274 | +++ b/arch/powerpc/kernel/prom.c |
275 | @@ -682,6 +682,13 @@ void __init early_init_devtree(void *params) |
276 | of_scan_flat_dt(early_init_dt_scan_root, NULL); |
277 | of_scan_flat_dt(early_init_dt_scan_memory_ppc, NULL); |
278 | |
279 | + /* |
280 | + * As generic code authors expect to be able to use static keys |
281 | + * in early_param() handlers, we initialize the static keys just |
282 | + * before parsing early params (it's fine to call jump_label_init() |
283 | + * more than once). |
284 | + */ |
285 | + jump_label_init(); |
286 | parse_early_param(); |
287 | |
288 | /* make sure we've parsed cmdline for mem= before this */ |
289 | diff --git a/arch/powerpc/platforms/powernv/rng.c b/arch/powerpc/platforms/powernv/rng.c |
290 | index dc13ed3f6c2b2..61c0eaafb27a3 100644 |
291 | --- a/arch/powerpc/platforms/powernv/rng.c |
292 | +++ b/arch/powerpc/platforms/powernv/rng.c |
293 | @@ -67,6 +67,8 @@ int powernv_get_random_real_mode(unsigned long *v) |
294 | struct powernv_rng *rng; |
295 | |
296 | rng = raw_cpu_read(powernv_rng); |
297 | + if (!rng) |
298 | + return 0; |
299 | |
300 | *v = rng_whiten(rng, in_rm64(rng->regs_real)); |
301 | |
302 | diff --git a/arch/powerpc/sysdev/fsl_pci.c b/arch/powerpc/sysdev/fsl_pci.c |
303 | index d3a597456b6e5..b381813b21d66 100644 |
304 | --- a/arch/powerpc/sysdev/fsl_pci.c |
305 | +++ b/arch/powerpc/sysdev/fsl_pci.c |
306 | @@ -524,6 +524,7 @@ int fsl_add_bridge(struct platform_device *pdev, int is_primary) |
307 | struct resource rsrc; |
308 | const int *bus_range; |
309 | u8 hdr_type, progif; |
310 | + u32 class_code; |
311 | struct device_node *dev; |
312 | struct ccsr_pci __iomem *pci; |
313 | u16 temp; |
314 | @@ -597,6 +598,13 @@ int fsl_add_bridge(struct platform_device *pdev, int is_primary) |
315 | PPC_INDIRECT_TYPE_SURPRESS_PRIMARY_BUS; |
316 | if (fsl_pcie_check_link(hose)) |
317 | hose->indirect_type |= PPC_INDIRECT_TYPE_NO_PCIE_LINK; |
318 | + /* Fix Class Code to PCI_CLASS_BRIDGE_PCI_NORMAL for pre-3.0 controller */ |
319 | + if (in_be32(&pci->block_rev1) < PCIE_IP_REV_3_0) { |
320 | + early_read_config_dword(hose, 0, 0, PCIE_FSL_CSR_CLASSCODE, &class_code); |
321 | + class_code &= 0xff; |
322 | + class_code |= PCI_CLASS_BRIDGE_PCI_NORMAL << 8; |
323 | + early_write_config_dword(hose, 0, 0, PCIE_FSL_CSR_CLASSCODE, class_code); |
324 | + } |
325 | } else { |
326 | /* |
327 | * Set PBFR(PCI Bus Function Register)[10] = 1 to |
328 | diff --git a/arch/powerpc/sysdev/fsl_pci.h b/arch/powerpc/sysdev/fsl_pci.h |
329 | index 151588530b065..caa05c4aa4272 100644 |
330 | --- a/arch/powerpc/sysdev/fsl_pci.h |
331 | +++ b/arch/powerpc/sysdev/fsl_pci.h |
332 | @@ -23,6 +23,7 @@ struct platform_device; |
333 | |
334 | #define PCIE_LTSSM 0x0404 /* PCIE Link Training and Status */ |
335 | #define PCIE_LTSSM_L0 0x16 /* L0 state */ |
336 | +#define PCIE_FSL_CSR_CLASSCODE 0x474 /* FSL GPEX CSR */ |
337 | #define PCIE_IP_REV_2_2 0x02080202 /* PCIE IP block version Rev2.2 */ |
338 | #define PCIE_IP_REV_3_0 0x02080300 /* PCIE IP block version Rev3.0 */ |
339 | #define PIWAR_EN 0x80000000 /* Enable */ |
340 | diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c |
341 | index 3edafdffa687c..2a5a18ca88379 100644 |
342 | --- a/arch/x86/kvm/emulate.c |
343 | +++ b/arch/x86/kvm/emulate.c |
344 | @@ -1713,16 +1713,6 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt, |
345 | case VCPU_SREG_TR: |
346 | if (seg_desc.s || (seg_desc.type != 1 && seg_desc.type != 9)) |
347 | goto exception; |
348 | - if (!seg_desc.p) { |
349 | - err_vec = NP_VECTOR; |
350 | - goto exception; |
351 | - } |
352 | - old_desc = seg_desc; |
353 | - seg_desc.type |= 2; /* busy */ |
354 | - ret = ctxt->ops->cmpxchg_emulated(ctxt, desc_addr, &old_desc, &seg_desc, |
355 | - sizeof(seg_desc), &ctxt->exception); |
356 | - if (ret != X86EMUL_CONTINUE) |
357 | - return ret; |
358 | break; |
359 | case VCPU_SREG_LDTR: |
360 | if (seg_desc.s || seg_desc.type != 2) |
361 | @@ -1763,6 +1753,15 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt, |
362 | ((u64)base3 << 32))) |
363 | return emulate_gp(ctxt, 0); |
364 | } |
365 | + |
366 | + if (seg == VCPU_SREG_TR) { |
367 | + old_desc = seg_desc; |
368 | + seg_desc.type |= 2; /* busy */ |
369 | + ret = ctxt->ops->cmpxchg_emulated(ctxt, desc_addr, &old_desc, &seg_desc, |
370 | + sizeof(seg_desc), &ctxt->exception); |
371 | + if (ret != X86EMUL_CONTINUE) |
372 | + return ret; |
373 | + } |
374 | load: |
375 | ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg); |
376 | if (desc) |
377 | diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
378 | index 03fdeab057d29..c8e18144ecf2f 100644 |
379 | --- a/arch/x86/kvm/svm.c |
380 | +++ b/arch/x86/kvm/svm.c |
381 | @@ -4492,8 +4492,6 @@ static void svm_set_irq(struct kvm_vcpu *vcpu) |
382 | { |
383 | struct vcpu_svm *svm = to_svm(vcpu); |
384 | |
385 | - BUG_ON(!(gif_set(svm))); |
386 | - |
387 | trace_kvm_inj_virq(vcpu->arch.interrupt.nr); |
388 | ++vcpu->stat.irq_injections; |
389 | |
390 | diff --git a/arch/x86/platform/olpc/olpc-xo1-sci.c b/arch/x86/platform/olpc/olpc-xo1-sci.c |
391 | index 7fa8b3b53bc0a..193860d7f2c40 100644 |
392 | --- a/arch/x86/platform/olpc/olpc-xo1-sci.c |
393 | +++ b/arch/x86/platform/olpc/olpc-xo1-sci.c |
394 | @@ -85,7 +85,7 @@ static void send_ebook_state(void) |
395 | return; |
396 | } |
397 | |
398 | - if (!!test_bit(SW_TABLET_MODE, ebook_switch_idev->sw) == state) |
399 | + if (test_bit(SW_TABLET_MODE, ebook_switch_idev->sw) == !!state) |
400 | return; /* Nothing new to report. */ |
401 | |
402 | input_report_switch(ebook_switch_idev, SW_TABLET_MODE, state); |
403 | diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c |
404 | index 2837b2f982135..10ce6533874f2 100644 |
405 | --- a/drivers/acpi/video_detect.c |
406 | +++ b/drivers/acpi/video_detect.c |
407 | @@ -150,7 +150,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
408 | .callback = video_detect_force_native, |
409 | .ident = "Clevo NL5xRU", |
410 | .matches = { |
411 | - DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
412 | DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
413 | }, |
414 | }, |
415 | @@ -158,59 +157,75 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
416 | .callback = video_detect_force_native, |
417 | .ident = "Clevo NL5xRU", |
418 | .matches = { |
419 | - DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
420 | - DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
421 | + DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
422 | + DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
423 | }, |
424 | }, |
425 | { |
426 | .callback = video_detect_force_native, |
427 | .ident = "Clevo NL5xRU", |
428 | .matches = { |
429 | - DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
430 | - DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
431 | + DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
432 | + DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
433 | }, |
434 | }, |
435 | { |
436 | .callback = video_detect_force_native, |
437 | - .ident = "Clevo NL5xRU", |
438 | + .ident = "Clevo NL5xNU", |
439 | .matches = { |
440 | - DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
441 | - DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
442 | + DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
443 | }, |
444 | }, |
445 | + /* |
446 | + * The TongFang PF5PU1G, PF4NU1F, PF5NU1G, and PF5LUXG/TUXEDO BA15 Gen10, |
447 | + * Pulse 14/15 Gen1, and Pulse 15 Gen2 have the same problem as the Clevo |
448 | + * NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2. See the description |
449 | + * above. |
450 | + */ |
451 | { |
452 | .callback = video_detect_force_native, |
453 | - .ident = "Clevo NL5xRU", |
454 | + .ident = "TongFang PF5PU1G", |
455 | .matches = { |
456 | - DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
457 | - DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
458 | + DMI_MATCH(DMI_BOARD_NAME, "PF5PU1G"), |
459 | }, |
460 | }, |
461 | { |
462 | .callback = video_detect_force_native, |
463 | - .ident = "Clevo NL5xNU", |
464 | + .ident = "TongFang PF4NU1F", |
465 | + .matches = { |
466 | + DMI_MATCH(DMI_BOARD_NAME, "PF4NU1F"), |
467 | + }, |
468 | + }, |
469 | + { |
470 | + .callback = video_detect_force_native, |
471 | + .ident = "TongFang PF4NU1F", |
472 | .matches = { |
473 | DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
474 | - DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
475 | + DMI_MATCH(DMI_BOARD_NAME, "PULSE1401"), |
476 | }, |
477 | }, |
478 | { |
479 | .callback = video_detect_force_native, |
480 | - .ident = "Clevo NL5xNU", |
481 | + .ident = "TongFang PF5NU1G", |
482 | .matches = { |
483 | - DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
484 | - DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
485 | + DMI_MATCH(DMI_BOARD_NAME, "PF5NU1G"), |
486 | }, |
487 | }, |
488 | { |
489 | .callback = video_detect_force_native, |
490 | - .ident = "Clevo NL5xNU", |
491 | + .ident = "TongFang PF5NU1G", |
492 | .matches = { |
493 | - DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
494 | - DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
495 | + DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
496 | + DMI_MATCH(DMI_BOARD_NAME, "PULSE1501"), |
497 | + }, |
498 | + }, |
499 | + { |
500 | + .callback = video_detect_force_native, |
501 | + .ident = "TongFang PF5LUXG", |
502 | + .matches = { |
503 | + DMI_MATCH(DMI_BOARD_NAME, "PF5LUXG"), |
504 | }, |
505 | }, |
506 | - |
507 | /* |
508 | * These models have a working acpi_video backlight control, and using |
509 | * native backlight causes a regression where backlight does not work |
510 | diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c |
511 | index 07f96a0321498..d1422aec99139 100644 |
512 | --- a/drivers/ata/libata-eh.c |
513 | +++ b/drivers/ata/libata-eh.c |
514 | @@ -2439,6 +2439,7 @@ const char *ata_get_cmd_descript(u8 command) |
515 | { ATA_CMD_WRITE_QUEUED_FUA_EXT, "WRITE DMA QUEUED FUA EXT" }, |
516 | { ATA_CMD_FPDMA_READ, "READ FPDMA QUEUED" }, |
517 | { ATA_CMD_FPDMA_WRITE, "WRITE FPDMA QUEUED" }, |
518 | + { ATA_CMD_NCQ_NON_DATA, "NCQ NON-DATA" }, |
519 | { ATA_CMD_FPDMA_SEND, "SEND FPDMA QUEUED" }, |
520 | { ATA_CMD_FPDMA_RECV, "RECEIVE FPDMA QUEUED" }, |
521 | { ATA_CMD_PIO_READ, "READ SECTOR(S)" }, |
522 | diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c |
523 | index 89adb49e435ef..bcc42134aa9b8 100644 |
524 | --- a/drivers/atm/idt77252.c |
525 | +++ b/drivers/atm/idt77252.c |
526 | @@ -3777,6 +3777,7 @@ static void __exit idt77252_exit(void) |
527 | card = idt77252_chain; |
528 | dev = card->atmdev; |
529 | idt77252_chain = card->next; |
530 | + del_timer_sync(&card->tst_timer); |
531 | |
532 | if (dev->phy->stop) |
533 | dev->phy->stop(dev); |
534 | diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c |
535 | index 8bff14ae16b0e..f0368d9a0154d 100644 |
536 | --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c |
537 | +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c |
538 | @@ -33,7 +33,7 @@ nvbios_addr(struct nvkm_bios *bios, u32 *addr, u8 size) |
539 | { |
540 | u32 p = *addr; |
541 | |
542 | - if (*addr > bios->image0_size && bios->imaged_addr) { |
543 | + if (*addr >= bios->image0_size && bios->imaged_addr) { |
544 | *addr -= bios->image0_size; |
545 | *addr += bios->imaged_addr; |
546 | } |
547 | diff --git a/drivers/irqchip/irq-tegra.c b/drivers/irqchip/irq-tegra.c |
548 | index 3973a14bb15ba..02ffefd5011ad 100644 |
549 | --- a/drivers/irqchip/irq-tegra.c |
550 | +++ b/drivers/irqchip/irq-tegra.c |
551 | @@ -157,10 +157,10 @@ static int tegra_ictlr_suspend(void) |
552 | lic->cop_iep[i] = readl_relaxed(ictlr + ICTLR_COP_IEP_CLASS); |
553 | |
554 | /* Disable COP interrupts */ |
555 | - writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR); |
556 | + writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_COP_IER_CLR); |
557 | |
558 | /* Disable CPU interrupts */ |
559 | - writel_relaxed(~0ul, ictlr + ICTLR_CPU_IER_CLR); |
560 | + writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_CPU_IER_CLR); |
561 | |
562 | /* Enable the wakeup sources of ictlr */ |
563 | writel_relaxed(lic->ictlr_wake_mask[i], ictlr + ICTLR_CPU_IER_SET); |
564 | @@ -181,12 +181,12 @@ static void tegra_ictlr_resume(void) |
565 | |
566 | writel_relaxed(lic->cpu_iep[i], |
567 | ictlr + ICTLR_CPU_IEP_CLASS); |
568 | - writel_relaxed(~0ul, ictlr + ICTLR_CPU_IER_CLR); |
569 | + writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_CPU_IER_CLR); |
570 | writel_relaxed(lic->cpu_ier[i], |
571 | ictlr + ICTLR_CPU_IER_SET); |
572 | writel_relaxed(lic->cop_iep[i], |
573 | ictlr + ICTLR_COP_IEP_CLASS); |
574 | - writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR); |
575 | + writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_COP_IER_CLR); |
576 | writel_relaxed(lic->cop_ier[i], |
577 | ictlr + ICTLR_COP_IER_SET); |
578 | } |
579 | @@ -321,7 +321,7 @@ static int __init tegra_ictlr_init(struct device_node *node, |
580 | lic->base[i] = base; |
581 | |
582 | /* Disable all interrupts */ |
583 | - writel_relaxed(~0UL, base + ICTLR_CPU_IER_CLR); |
584 | + writel_relaxed(GENMASK(31, 0), base + ICTLR_CPU_IER_CLR); |
585 | /* All interrupts target IRQ */ |
586 | writel_relaxed(0, base + ICTLR_CPU_IEP_CLASS); |
587 | |
588 | diff --git a/drivers/macintosh/adb.c b/drivers/macintosh/adb.c |
589 | index 226179b975a04..1f5db323e5a5d 100644 |
590 | --- a/drivers/macintosh/adb.c |
591 | +++ b/drivers/macintosh/adb.c |
592 | @@ -650,7 +650,7 @@ do_adb_query(struct adb_request *req) |
593 | |
594 | switch(req->data[1]) { |
595 | case ADB_QUERY_GETDEVINFO: |
596 | - if (req->nbytes < 3) |
597 | + if (req->nbytes < 3 || req->data[2] >= 16) |
598 | break; |
599 | mutex_lock(&adb_handler_mutex); |
600 | req->reply[0] = adb_handler[req->data[2]].original_address; |
601 | diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c |
602 | index 3f389b267e048..fe721cd9da74a 100644 |
603 | --- a/drivers/md/dm-raid.c |
604 | +++ b/drivers/md/dm-raid.c |
605 | @@ -3173,7 +3173,7 @@ static void raid_status(struct dm_target *ti, status_type_t type, |
606 | { |
607 | struct raid_set *rs = ti->private; |
608 | struct mddev *mddev = &rs->md; |
609 | - struct r5conf *conf = mddev->private; |
610 | + struct r5conf *conf = rs_is_raid456(rs) ? mddev->private : NULL; |
611 | int i, max_nr_stripes = conf ? conf->max_nr_stripes : 0; |
612 | bool array_in_sync; |
613 | unsigned int raid_param_cnt = 1; /* at least 1 for chunksize */ |
614 | diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c |
615 | index 717787d09e0f8..02e974a588e18 100644 |
616 | --- a/drivers/md/raid10.c |
617 | +++ b/drivers/md/raid10.c |
618 | @@ -1785,9 +1785,12 @@ static int raid10_remove_disk(struct mddev *mddev, struct md_rdev *rdev) |
619 | int err = 0; |
620 | int number = rdev->raid_disk; |
621 | struct md_rdev **rdevp; |
622 | - struct raid10_info *p = conf->mirrors + number; |
623 | + struct raid10_info *p; |
624 | |
625 | print_conf(conf); |
626 | + if (unlikely(number >= mddev->raid_disks)) |
627 | + return 0; |
628 | + p = conf->mirrors + number; |
629 | if (rdev == p->rdev) |
630 | rdevp = &p->rdev; |
631 | else if (rdev == p->replacement) |
632 | diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c |
633 | index b396e78b1b6d3..bea171a5e663b 100644 |
634 | --- a/drivers/md/raid5.c |
635 | +++ b/drivers/md/raid5.c |
636 | @@ -2513,10 +2513,10 @@ static void raid5_end_write_request(struct bio *bi) |
637 | if (!test_and_clear_bit(R5_DOUBLE_LOCKED, &sh->dev[i].flags)) |
638 | clear_bit(R5_LOCKED, &sh->dev[i].flags); |
639 | set_bit(STRIPE_HANDLE, &sh->state); |
640 | - raid5_release_stripe(sh); |
641 | |
642 | if (sh->batch_head && sh != sh->batch_head) |
643 | raid5_release_stripe(sh->batch_head); |
644 | + raid5_release_stripe(sh); |
645 | } |
646 | |
647 | static void raid5_build_block(struct stripe_head *sh, int i, int previous) |
648 | diff --git a/drivers/misc/cxl/irq.c b/drivers/misc/cxl/irq.c |
649 | index dec60f58a7677..99e2bd65825fc 100644 |
650 | --- a/drivers/misc/cxl/irq.c |
651 | +++ b/drivers/misc/cxl/irq.c |
652 | @@ -302,6 +302,7 @@ int afu_allocate_irqs(struct cxl_context *ctx, u32 count) |
653 | |
654 | out: |
655 | cxl_ops->release_irq_ranges(&ctx->irqs, ctx->afu->adapter); |
656 | + bitmap_free(ctx->irq_bitmap); |
657 | afu_irq_name_free(ctx); |
658 | return -ENOMEM; |
659 | } |
660 | diff --git a/drivers/net/can/usb/ems_usb.c b/drivers/net/can/usb/ems_usb.c |
661 | index 4d01b6cbf0ebf..21e559943e341 100644 |
662 | --- a/drivers/net/can/usb/ems_usb.c |
663 | +++ b/drivers/net/can/usb/ems_usb.c |
664 | @@ -206,7 +206,7 @@ struct __packed ems_cpc_msg { |
665 | __le32 ts_sec; /* timestamp in seconds */ |
666 | __le32 ts_nsec; /* timestamp in nano seconds */ |
667 | |
668 | - union { |
669 | + union __packed { |
670 | u8 generic[64]; |
671 | struct cpc_can_msg can_msg; |
672 | struct cpc_can_params can_params; |
673 | diff --git a/drivers/net/ethernet/freescale/fec_ptp.c b/drivers/net/ethernet/freescale/fec_ptp.c |
674 | index 031d4b3a544c0..520ee85849621 100644 |
675 | --- a/drivers/net/ethernet/freescale/fec_ptp.c |
676 | +++ b/drivers/net/ethernet/freescale/fec_ptp.c |
677 | @@ -155,11 +155,7 @@ static int fec_ptp_enable_pps(struct fec_enet_private *fep, uint enable) |
678 | * NSEC_PER_SEC - ts.tv_nsec. Add the remaining nanoseconds |
679 | * to current timer would be next second. |
680 | */ |
681 | - tempval = readl(fep->hwp + FEC_ATIME_CTRL); |
682 | - tempval |= FEC_T_CTRL_CAPTURE; |
683 | - writel(tempval, fep->hwp + FEC_ATIME_CTRL); |
684 | - |
685 | - tempval = readl(fep->hwp + FEC_ATIME); |
686 | + tempval = fep->cc.read(&fep->cc); |
687 | /* Convert the ptp local counter to 1588 timestamp */ |
688 | ns = timecounter_cyc2time(&fep->tc, tempval); |
689 | ts = ns_to_timespec64(ns); |
690 | diff --git a/drivers/net/sungem_phy.c b/drivers/net/sungem_phy.c |
691 | index 92578d72e4ee5..c5efdde21c2e0 100644 |
692 | --- a/drivers/net/sungem_phy.c |
693 | +++ b/drivers/net/sungem_phy.c |
694 | @@ -453,6 +453,7 @@ static int bcm5421_init(struct mii_phy* phy) |
695 | int can_low_power = 1; |
696 | if (np == NULL || of_get_property(np, "no-autolowpower", NULL)) |
697 | can_low_power = 0; |
698 | + of_node_put(np); |
699 | if (can_low_power) { |
700 | /* Enable automatic low-power */ |
701 | sungem_phy_write(phy, 0x1c, 0x9002); |
702 | diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c |
703 | index 460a0294ea97e..48938d00ff7e8 100644 |
704 | --- a/drivers/net/usb/ax88179_178a.c |
705 | +++ b/drivers/net/usb/ax88179_178a.c |
706 | @@ -1703,7 +1703,7 @@ static const struct driver_info ax88179_info = { |
707 | .link_reset = ax88179_link_reset, |
708 | .reset = ax88179_reset, |
709 | .stop = ax88179_stop, |
710 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
711 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
712 | .rx_fixup = ax88179_rx_fixup, |
713 | .tx_fixup = ax88179_tx_fixup, |
714 | }; |
715 | @@ -1716,7 +1716,7 @@ static const struct driver_info ax88178a_info = { |
716 | .link_reset = ax88179_link_reset, |
717 | .reset = ax88179_reset, |
718 | .stop = ax88179_stop, |
719 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
720 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
721 | .rx_fixup = ax88179_rx_fixup, |
722 | .tx_fixup = ax88179_tx_fixup, |
723 | }; |
724 | @@ -1729,7 +1729,7 @@ static const struct driver_info cypress_GX3_info = { |
725 | .link_reset = ax88179_link_reset, |
726 | .reset = ax88179_reset, |
727 | .stop = ax88179_stop, |
728 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
729 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
730 | .rx_fixup = ax88179_rx_fixup, |
731 | .tx_fixup = ax88179_tx_fixup, |
732 | }; |
733 | @@ -1742,7 +1742,7 @@ static const struct driver_info dlink_dub1312_info = { |
734 | .link_reset = ax88179_link_reset, |
735 | .reset = ax88179_reset, |
736 | .stop = ax88179_stop, |
737 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
738 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
739 | .rx_fixup = ax88179_rx_fixup, |
740 | .tx_fixup = ax88179_tx_fixup, |
741 | }; |
742 | @@ -1755,7 +1755,7 @@ static const struct driver_info sitecom_info = { |
743 | .link_reset = ax88179_link_reset, |
744 | .reset = ax88179_reset, |
745 | .stop = ax88179_stop, |
746 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
747 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
748 | .rx_fixup = ax88179_rx_fixup, |
749 | .tx_fixup = ax88179_tx_fixup, |
750 | }; |
751 | @@ -1768,7 +1768,7 @@ static const struct driver_info samsung_info = { |
752 | .link_reset = ax88179_link_reset, |
753 | .reset = ax88179_reset, |
754 | .stop = ax88179_stop, |
755 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
756 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
757 | .rx_fixup = ax88179_rx_fixup, |
758 | .tx_fixup = ax88179_tx_fixup, |
759 | }; |
760 | @@ -1781,7 +1781,7 @@ static const struct driver_info lenovo_info = { |
761 | .link_reset = ax88179_link_reset, |
762 | .reset = ax88179_reset, |
763 | .stop = ax88179_stop, |
764 | - .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP, |
765 | + .flags = FLAG_ETHER | FLAG_FRAMING_AX, |
766 | .rx_fixup = ax88179_rx_fixup, |
767 | .tx_fixup = ax88179_tx_fixup, |
768 | }; |
769 | diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c |
770 | index d8253c6ac2b08..f1cb512c55ac7 100644 |
771 | --- a/drivers/net/usb/usbnet.c |
772 | +++ b/drivers/net/usb/usbnet.c |
773 | @@ -847,13 +847,11 @@ int usbnet_stop (struct net_device *net) |
774 | |
775 | mpn = !test_and_clear_bit(EVENT_NO_RUNTIME_PM, &dev->flags); |
776 | |
777 | - /* deferred work (task, timer, softirq) must also stop. |
778 | - * can't flush_scheduled_work() until we drop rtnl (later), |
779 | - * else workers could deadlock; so make workers a NOP. |
780 | - */ |
781 | + /* deferred work (timer, softirq, task) must also stop */ |
782 | dev->flags = 0; |
783 | del_timer_sync (&dev->delay); |
784 | tasklet_kill (&dev->bh); |
785 | + cancel_work_sync(&dev->kevent); |
786 | if (!pm) |
787 | usb_autopm_put_interface(dev->intf); |
788 | |
789 | @@ -1577,8 +1575,6 @@ void usbnet_disconnect (struct usb_interface *intf) |
790 | net = dev->net; |
791 | unregister_netdev (net); |
792 | |
793 | - cancel_work_sync(&dev->kevent); |
794 | - |
795 | usb_scuttle_anchored_urbs(&dev->deferred); |
796 | |
797 | if (dev->driver_info->unbind) |
798 | diff --git a/drivers/net/wireless/mediatek/mt7601u/usb.c b/drivers/net/wireless/mediatek/mt7601u/usb.c |
799 | index 416c6045ff312..ae83a5c361279 100644 |
800 | --- a/drivers/net/wireless/mediatek/mt7601u/usb.c |
801 | +++ b/drivers/net/wireless/mediatek/mt7601u/usb.c |
802 | @@ -34,6 +34,7 @@ static struct usb_device_id mt7601u_device_table[] = { |
803 | { USB_DEVICE(0x2717, 0x4106) }, |
804 | { USB_DEVICE(0x2955, 0x0001) }, |
805 | { USB_DEVICE(0x2955, 0x1001) }, |
806 | + { USB_DEVICE(0x2955, 0x1003) }, |
807 | { USB_DEVICE(0x2a5f, 0x1000) }, |
808 | { USB_DEVICE(0x7392, 0x7710) }, |
809 | { 0, } |
810 | diff --git a/drivers/pinctrl/nomadik/pinctrl-nomadik.c b/drivers/pinctrl/nomadik/pinctrl-nomadik.c |
811 | index 6e237c46e1bd9..969ee6b7b16b7 100644 |
812 | --- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c |
813 | +++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c |
814 | @@ -1455,8 +1455,10 @@ static int nmk_pinctrl_dt_subnode_to_map(struct pinctrl_dev *pctldev, |
815 | |
816 | has_config = nmk_pinctrl_dt_get_config(np, &configs); |
817 | np_config = of_parse_phandle(np, "ste,config", 0); |
818 | - if (np_config) |
819 | + if (np_config) { |
820 | has_config |= nmk_pinctrl_dt_get_config(np_config, &configs); |
821 | + of_node_put(np_config); |
822 | + } |
823 | if (has_config) { |
824 | const char *gpio_name; |
825 | const char *pin; |
826 | diff --git a/drivers/pinctrl/qcom/pinctrl-msm8916.c b/drivers/pinctrl/qcom/pinctrl-msm8916.c |
827 | index 20ebf244e80de..359f5b43bebc2 100644 |
828 | --- a/drivers/pinctrl/qcom/pinctrl-msm8916.c |
829 | +++ b/drivers/pinctrl/qcom/pinctrl-msm8916.c |
830 | @@ -852,8 +852,8 @@ static const struct msm_pingroup msm8916_groups[] = { |
831 | PINGROUP(28, pwr_modem_enabled_a, NA, NA, NA, NA, NA, qdss_tracedata_b, NA, atest_combodac), |
832 | PINGROUP(29, cci_i2c, NA, NA, NA, NA, NA, qdss_tracedata_b, NA, atest_combodac), |
833 | PINGROUP(30, cci_i2c, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b), |
834 | - PINGROUP(31, cci_timer0, NA, NA, NA, NA, NA, NA, NA, NA), |
835 | - PINGROUP(32, cci_timer1, NA, NA, NA, NA, NA, NA, NA, NA), |
836 | + PINGROUP(31, cci_timer0, flash_strobe, NA, NA, NA, NA, NA, NA, NA), |
837 | + PINGROUP(32, cci_timer1, flash_strobe, NA, NA, NA, NA, NA, NA, NA), |
838 | PINGROUP(33, cci_async, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b), |
839 | PINGROUP(34, pwr_nav_enabled_a, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b), |
840 | PINGROUP(35, pwr_crypto_enabled_a, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b), |
841 | diff --git a/drivers/s390/scsi/zfcp_fc.c b/drivers/s390/scsi/zfcp_fc.c |
842 | index fd622021748f8..237b70463b467 100644 |
843 | --- a/drivers/s390/scsi/zfcp_fc.c |
844 | +++ b/drivers/s390/scsi/zfcp_fc.c |
845 | @@ -144,27 +144,33 @@ void zfcp_fc_enqueue_event(struct zfcp_adapter *adapter, |
846 | |
847 | static int zfcp_fc_wka_port_get(struct zfcp_fc_wka_port *wka_port) |
848 | { |
849 | + int ret = -EIO; |
850 | + |
851 | if (mutex_lock_interruptible(&wka_port->mutex)) |
852 | return -ERESTARTSYS; |
853 | |
854 | if (wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE || |
855 | wka_port->status == ZFCP_FC_WKA_PORT_CLOSING) { |
856 | wka_port->status = ZFCP_FC_WKA_PORT_OPENING; |
857 | - if (zfcp_fsf_open_wka_port(wka_port)) |
858 | + if (zfcp_fsf_open_wka_port(wka_port)) { |
859 | + /* could not even send request, nothing to wait for */ |
860 | wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; |
861 | + goto out; |
862 | + } |
863 | } |
864 | |
865 | - mutex_unlock(&wka_port->mutex); |
866 | - |
867 | - wait_event(wka_port->completion_wq, |
868 | + wait_event(wka_port->opened, |
869 | wka_port->status == ZFCP_FC_WKA_PORT_ONLINE || |
870 | wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE); |
871 | |
872 | if (wka_port->status == ZFCP_FC_WKA_PORT_ONLINE) { |
873 | atomic_inc(&wka_port->refcount); |
874 | - return 0; |
875 | + ret = 0; |
876 | + goto out; |
877 | } |
878 | - return -EIO; |
879 | +out: |
880 | + mutex_unlock(&wka_port->mutex); |
881 | + return ret; |
882 | } |
883 | |
884 | static void zfcp_fc_wka_port_offline(struct work_struct *work) |
885 | @@ -180,9 +186,12 @@ static void zfcp_fc_wka_port_offline(struct work_struct *work) |
886 | |
887 | wka_port->status = ZFCP_FC_WKA_PORT_CLOSING; |
888 | if (zfcp_fsf_close_wka_port(wka_port)) { |
889 | + /* could not even send request, nothing to wait for */ |
890 | wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; |
891 | - wake_up(&wka_port->completion_wq); |
892 | + goto out; |
893 | } |
894 | + wait_event(wka_port->closed, |
895 | + wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE); |
896 | out: |
897 | mutex_unlock(&wka_port->mutex); |
898 | } |
899 | @@ -192,13 +201,15 @@ static void zfcp_fc_wka_port_put(struct zfcp_fc_wka_port *wka_port) |
900 | if (atomic_dec_return(&wka_port->refcount) != 0) |
901 | return; |
902 | /* wait 10 milliseconds, other reqs might pop in */ |
903 | - schedule_delayed_work(&wka_port->work, HZ / 100); |
904 | + queue_delayed_work(wka_port->adapter->work_queue, &wka_port->work, |
905 | + msecs_to_jiffies(10)); |
906 | } |
907 | |
908 | static void zfcp_fc_wka_port_init(struct zfcp_fc_wka_port *wka_port, u32 d_id, |
909 | struct zfcp_adapter *adapter) |
910 | { |
911 | - init_waitqueue_head(&wka_port->completion_wq); |
912 | + init_waitqueue_head(&wka_port->opened); |
913 | + init_waitqueue_head(&wka_port->closed); |
914 | |
915 | wka_port->adapter = adapter; |
916 | wka_port->d_id = d_id; |
917 | diff --git a/drivers/s390/scsi/zfcp_fc.h b/drivers/s390/scsi/zfcp_fc.h |
918 | index a2275825186fe..2da269cd3101b 100644 |
919 | --- a/drivers/s390/scsi/zfcp_fc.h |
920 | +++ b/drivers/s390/scsi/zfcp_fc.h |
921 | @@ -169,7 +169,8 @@ enum zfcp_fc_wka_status { |
922 | /** |
923 | * struct zfcp_fc_wka_port - representation of well-known-address (WKA) FC port |
924 | * @adapter: Pointer to adapter structure this WKA port belongs to |
925 | - * @completion_wq: Wait for completion of open/close command |
926 | + * @opened: Wait for completion of open command |
927 | + * @closed: Wait for completion of close command |
928 | * @status: Current status of WKA port |
929 | * @refcount: Reference count to keep port open as long as it is in use |
930 | * @d_id: FC destination id or well-known-address |
931 | @@ -179,7 +180,8 @@ enum zfcp_fc_wka_status { |
932 | */ |
933 | struct zfcp_fc_wka_port { |
934 | struct zfcp_adapter *adapter; |
935 | - wait_queue_head_t completion_wq; |
936 | + wait_queue_head_t opened; |
937 | + wait_queue_head_t closed; |
938 | enum zfcp_fc_wka_status status; |
939 | atomic_t refcount; |
940 | u32 d_id; |
941 | diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c |
942 | index 0d2bcb33697f3..7de76562678b8 100644 |
943 | --- a/drivers/s390/scsi/zfcp_fsf.c |
944 | +++ b/drivers/s390/scsi/zfcp_fsf.c |
945 | @@ -1582,7 +1582,7 @@ static void zfcp_fsf_open_wka_port_handler(struct zfcp_fsf_req *req) |
946 | wka_port->status = ZFCP_FC_WKA_PORT_ONLINE; |
947 | } |
948 | out: |
949 | - wake_up(&wka_port->completion_wq); |
950 | + wake_up(&wka_port->opened); |
951 | } |
952 | |
953 | /** |
954 | @@ -1640,7 +1640,7 @@ static void zfcp_fsf_close_wka_port_handler(struct zfcp_fsf_req *req) |
955 | } |
956 | |
957 | wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE; |
958 | - wake_up(&wka_port->completion_wq); |
959 | + wake_up(&wka_port->closed); |
960 | } |
961 | |
962 | /** |
963 | diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c |
964 | index 417927b279b67..1178656d90cb0 100644 |
965 | --- a/drivers/scsi/sg.c |
966 | +++ b/drivers/scsi/sg.c |
967 | @@ -196,7 +196,7 @@ static void sg_link_reserve(Sg_fd * sfp, Sg_request * srp, int size); |
968 | static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp); |
969 | static Sg_fd *sg_add_sfp(Sg_device * sdp); |
970 | static void sg_remove_sfp(struct kref *); |
971 | -static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id); |
972 | +static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy); |
973 | static Sg_request *sg_add_request(Sg_fd * sfp); |
974 | static int sg_remove_request(Sg_fd * sfp, Sg_request * srp); |
975 | static Sg_device *sg_get_dev(int dev); |
976 | @@ -418,6 +418,7 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) |
977 | Sg_fd *sfp; |
978 | Sg_request *srp; |
979 | int req_pack_id = -1; |
980 | + bool busy; |
981 | sg_io_hdr_t *hp; |
982 | struct sg_header *old_hdr = NULL; |
983 | int retval = 0; |
984 | @@ -465,25 +466,19 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t * ppos) |
985 | } else |
986 | req_pack_id = old_hdr->pack_id; |
987 | } |
988 | - srp = sg_get_rq_mark(sfp, req_pack_id); |
989 | + srp = sg_get_rq_mark(sfp, req_pack_id, &busy); |
990 | if (!srp) { /* now wait on packet to arrive */ |
991 | - if (atomic_read(&sdp->detaching)) { |
992 | - retval = -ENODEV; |
993 | - goto free_old_hdr; |
994 | - } |
995 | if (filp->f_flags & O_NONBLOCK) { |
996 | retval = -EAGAIN; |
997 | goto free_old_hdr; |
998 | } |
999 | retval = wait_event_interruptible(sfp->read_wait, |
1000 | - (atomic_read(&sdp->detaching) || |
1001 | - (srp = sg_get_rq_mark(sfp, req_pack_id)))); |
1002 | - if (atomic_read(&sdp->detaching)) { |
1003 | - retval = -ENODEV; |
1004 | - goto free_old_hdr; |
1005 | - } |
1006 | - if (retval) { |
1007 | - /* -ERESTARTSYS as signal hit process */ |
1008 | + ((srp = sg_get_rq_mark(sfp, req_pack_id, &busy)) || |
1009 | + (!busy && atomic_read(&sdp->detaching)))); |
1010 | + if (!srp) { |
1011 | + /* signal or detaching */ |
1012 | + if (!retval) |
1013 | + retval = -ENODEV; |
1014 | goto free_old_hdr; |
1015 | } |
1016 | } |
1017 | @@ -936,9 +931,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) |
1018 | if (result < 0) |
1019 | return result; |
1020 | result = wait_event_interruptible(sfp->read_wait, |
1021 | - (srp_done(sfp, srp) || atomic_read(&sdp->detaching))); |
1022 | - if (atomic_read(&sdp->detaching)) |
1023 | - return -ENODEV; |
1024 | + srp_done(sfp, srp)); |
1025 | write_lock_irq(&sfp->rq_list_lock); |
1026 | if (srp->done) { |
1027 | srp->done = 2; |
1028 | @@ -2095,19 +2088,28 @@ sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp) |
1029 | } |
1030 | |
1031 | static Sg_request * |
1032 | -sg_get_rq_mark(Sg_fd * sfp, int pack_id) |
1033 | +sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy) |
1034 | { |
1035 | Sg_request *resp; |
1036 | unsigned long iflags; |
1037 | |
1038 | + *busy = false; |
1039 | write_lock_irqsave(&sfp->rq_list_lock, iflags); |
1040 | list_for_each_entry(resp, &sfp->rq_list, entry) { |
1041 | - /* look for requests that are ready + not SG_IO owned */ |
1042 | - if ((1 == resp->done) && (!resp->sg_io_owned) && |
1043 | + /* look for requests that are not SG_IO owned */ |
1044 | + if ((!resp->sg_io_owned) && |
1045 | ((-1 == pack_id) || (resp->header.pack_id == pack_id))) { |
1046 | - resp->done = 2; /* guard against other readers */ |
1047 | - write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1048 | - return resp; |
1049 | + switch (resp->done) { |
1050 | + case 0: /* request active */ |
1051 | + *busy = true; |
1052 | + break; |
1053 | + case 1: /* request done; response ready to return */ |
1054 | + resp->done = 2; /* guard against other readers */ |
1055 | + write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1056 | + return resp; |
1057 | + case 2: /* response already being returned */ |
1058 | + break; |
1059 | + } |
1060 | } |
1061 | } |
1062 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1063 | @@ -2161,6 +2163,15 @@ sg_remove_request(Sg_fd * sfp, Sg_request * srp) |
1064 | res = 1; |
1065 | } |
1066 | write_unlock_irqrestore(&sfp->rq_list_lock, iflags); |
1067 | + |
1068 | + /* |
1069 | + * If the device is detaching, wakeup any readers in case we just |
1070 | + * removed the last response, which would leave nothing for them to |
1071 | + * return other than -ENODEV. |
1072 | + */ |
1073 | + if (unlikely(atomic_read(&sfp->parentdp->detaching))) |
1074 | + wake_up_interruptible_all(&sfp->read_wait); |
1075 | + |
1076 | return res; |
1077 | } |
1078 | |
1079 | diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c |
1080 | index e9b0cc4cbb4d2..d4ab22b42d69b 100644 |
1081 | --- a/drivers/scsi/ufs/ufshcd-pltfrm.c |
1082 | +++ b/drivers/scsi/ufs/ufshcd-pltfrm.c |
1083 | @@ -126,9 +126,20 @@ out: |
1084 | return ret; |
1085 | } |
1086 | |
1087 | +static bool phandle_exists(const struct device_node *np, |
1088 | + const char *phandle_name, int index) |
1089 | +{ |
1090 | + struct device_node *parse_np = of_parse_phandle(np, phandle_name, index); |
1091 | + |
1092 | + if (parse_np) |
1093 | + of_node_put(parse_np); |
1094 | + |
1095 | + return parse_np != NULL; |
1096 | +} |
1097 | + |
1098 | #define MAX_PROP_SIZE 32 |
1099 | static int ufshcd_populate_vreg(struct device *dev, const char *name, |
1100 | - struct ufs_vreg **out_vreg) |
1101 | + struct ufs_vreg **out_vreg) |
1102 | { |
1103 | int ret = 0; |
1104 | char prop_name[MAX_PROP_SIZE]; |
1105 | @@ -141,7 +152,7 @@ static int ufshcd_populate_vreg(struct device *dev, const char *name, |
1106 | } |
1107 | |
1108 | snprintf(prop_name, MAX_PROP_SIZE, "%s-supply", name); |
1109 | - if (!of_parse_phandle(np, prop_name, 0)) { |
1110 | + if (!phandle_exists(np, prop_name, 0)) { |
1111 | dev_info(dev, "%s: Unable to find %s regulator, assuming enabled\n", |
1112 | __func__, prop_name); |
1113 | goto out; |
1114 | diff --git a/drivers/staging/android/ion/ion-ioctl.c b/drivers/staging/android/ion/ion-ioctl.c |
1115 | index a27865b94416b..e020a23d05f2f 100644 |
1116 | --- a/drivers/staging/android/ion/ion-ioctl.c |
1117 | +++ b/drivers/staging/android/ion/ion-ioctl.c |
1118 | @@ -64,14 +64,10 @@ static struct ion_handle *pass_to_user(struct ion_handle *handle) |
1119 | } |
1120 | |
1121 | /* Must hold the client lock */ |
1122 | -static int user_ion_handle_put_nolock(struct ion_handle *handle) |
1123 | +static void user_ion_handle_put_nolock(struct ion_handle *handle) |
1124 | { |
1125 | - int ret; |
1126 | - |
1127 | if (--handle->user_ref_count == 0) |
1128 | - ret = ion_handle_put_nolock(handle); |
1129 | - |
1130 | - return ret; |
1131 | + ion_handle_put_nolock(handle); |
1132 | } |
1133 | |
1134 | static void user_ion_free_nolock(struct ion_client *client, |
1135 | diff --git a/drivers/tty/serial/ucc_uart.c b/drivers/tty/serial/ucc_uart.c |
1136 | index 481eb2989a1e1..ed1658b61e541 100644 |
1137 | --- a/drivers/tty/serial/ucc_uart.c |
1138 | +++ b/drivers/tty/serial/ucc_uart.c |
1139 | @@ -1143,6 +1143,8 @@ static unsigned int soc_info(unsigned int *rev_h, unsigned int *rev_l) |
1140 | /* No compatible property, so try the name. */ |
1141 | soc_string = np->name; |
1142 | |
1143 | + of_node_put(np); |
1144 | + |
1145 | /* Extract the SOC number from the "PowerPC," string */ |
1146 | if ((sscanf(soc_string, "PowerPC,%u", &soc) != 1) || !soc) |
1147 | return 0; |
1148 | diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c |
1149 | index a4b2313607995..345edd7f4f922 100644 |
1150 | --- a/drivers/usb/core/hcd.c |
1151 | +++ b/drivers/usb/core/hcd.c |
1152 | @@ -1803,7 +1803,6 @@ static void usb_giveback_urb_bh(unsigned long param) |
1153 | |
1154 | spin_lock_irq(&bh->lock); |
1155 | bh->running = true; |
1156 | - restart: |
1157 | list_replace_init(&bh->head, &local_list); |
1158 | spin_unlock_irq(&bh->lock); |
1159 | |
1160 | @@ -1817,10 +1816,17 @@ static void usb_giveback_urb_bh(unsigned long param) |
1161 | bh->completing_ep = NULL; |
1162 | } |
1163 | |
1164 | - /* check if there are new URBs to giveback */ |
1165 | + /* |
1166 | + * giveback new URBs next time to prevent this function |
1167 | + * from not exiting for a long time. |
1168 | + */ |
1169 | spin_lock_irq(&bh->lock); |
1170 | - if (!list_empty(&bh->head)) |
1171 | - goto restart; |
1172 | + if (!list_empty(&bh->head)) { |
1173 | + if (bh->high_prio) |
1174 | + tasklet_hi_schedule(&bh->bh); |
1175 | + else |
1176 | + tasklet_schedule(&bh->bh); |
1177 | + } |
1178 | bh->running = false; |
1179 | spin_unlock_irq(&bh->lock); |
1180 | } |
1181 | @@ -1845,7 +1851,7 @@ static void usb_giveback_urb_bh(unsigned long param) |
1182 | void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status) |
1183 | { |
1184 | struct giveback_urb_bh *bh; |
1185 | - bool running, high_prio_bh; |
1186 | + bool running; |
1187 | |
1188 | /* pass status to tasklet via unlinked */ |
1189 | if (likely(!urb->unlinked)) |
1190 | @@ -1856,13 +1862,10 @@ void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status) |
1191 | return; |
1192 | } |
1193 | |
1194 | - if (usb_pipeisoc(urb->pipe) || usb_pipeint(urb->pipe)) { |
1195 | + if (usb_pipeisoc(urb->pipe) || usb_pipeint(urb->pipe)) |
1196 | bh = &hcd->high_prio_bh; |
1197 | - high_prio_bh = true; |
1198 | - } else { |
1199 | + else |
1200 | bh = &hcd->low_prio_bh; |
1201 | - high_prio_bh = false; |
1202 | - } |
1203 | |
1204 | spin_lock(&bh->lock); |
1205 | list_add_tail(&urb->urb_list, &bh->head); |
1206 | @@ -1871,7 +1874,7 @@ void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status) |
1207 | |
1208 | if (running) |
1209 | ; |
1210 | - else if (high_prio_bh) |
1211 | + else if (bh->high_prio) |
1212 | tasklet_hi_schedule(&bh->bh); |
1213 | else |
1214 | tasklet_schedule(&bh->bh); |
1215 | @@ -2880,6 +2883,7 @@ int usb_add_hcd(struct usb_hcd *hcd, |
1216 | |
1217 | /* initialize tasklets */ |
1218 | init_giveback_urb_bh(&hcd->high_prio_bh); |
1219 | + hcd->high_prio_bh.high_prio = true; |
1220 | init_giveback_urb_bh(&hcd->low_prio_bh); |
1221 | |
1222 | /* enable irqs just before we start the controller, |
1223 | diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c |
1224 | index 2b30b5a1b577e..8d53b3ac31c6b 100644 |
1225 | --- a/drivers/usb/gadget/legacy/inode.c |
1226 | +++ b/drivers/usb/gadget/legacy/inode.c |
1227 | @@ -365,6 +365,7 @@ ep_io (struct ep_data *epdata, void *buf, unsigned len) |
1228 | spin_unlock_irq (&epdata->dev->lock); |
1229 | |
1230 | DBG (epdata->dev, "endpoint gone\n"); |
1231 | + wait_for_completion(&done); |
1232 | epdata->status = -ENODEV; |
1233 | } |
1234 | } |
1235 | diff --git a/drivers/usb/host/ohci-ppc-of.c b/drivers/usb/host/ohci-ppc-of.c |
1236 | index 4f87a5c61b085..d22a70363fbfd 100644 |
1237 | --- a/drivers/usb/host/ohci-ppc-of.c |
1238 | +++ b/drivers/usb/host/ohci-ppc-of.c |
1239 | @@ -168,6 +168,7 @@ static int ohci_hcd_ppc_of_probe(struct platform_device *op) |
1240 | release_mem_region(res.start, 0x4); |
1241 | } else |
1242 | pr_debug("%s: cannot get ehci offset from fdt\n", __FILE__); |
1243 | + of_node_put(np); |
1244 | } |
1245 | |
1246 | irq_dispose_mapping(irq); |
1247 | diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c |
1248 | index 881fc3a55edce..5798965f42b50 100644 |
1249 | --- a/drivers/vfio/vfio.c |
1250 | +++ b/drivers/vfio/vfio.c |
1251 | @@ -1793,6 +1793,7 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps, |
1252 | buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL); |
1253 | if (!buf) { |
1254 | kfree(caps->buf); |
1255 | + caps->buf = NULL; |
1256 | caps->size = 0; |
1257 | return ERR_PTR(-ENOMEM); |
1258 | } |
1259 | diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c |
1260 | index 7bc5f6056c77d..4147a95341793 100644 |
1261 | --- a/drivers/video/fbdev/i740fb.c |
1262 | +++ b/drivers/video/fbdev/i740fb.c |
1263 | @@ -399,7 +399,7 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var, |
1264 | u32 xres, right, hslen, left, xtotal; |
1265 | u32 yres, lower, vslen, upper, ytotal; |
1266 | u32 vxres, xoffset, vyres, yoffset; |
1267 | - u32 bpp, base, dacspeed24, mem; |
1268 | + u32 bpp, base, dacspeed24, mem, freq; |
1269 | u8 r7; |
1270 | int i; |
1271 | |
1272 | @@ -641,7 +641,12 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var, |
1273 | par->atc[VGA_ATC_OVERSCAN] = 0; |
1274 | |
1275 | /* Calculate VCLK that most closely matches the requested dot clock */ |
1276 | - i740_calc_vclk((((u32)1e9) / var->pixclock) * (u32)(1e3), par); |
1277 | + freq = (((u32)1e9) / var->pixclock) * (u32)(1e3); |
1278 | + if (freq < I740_RFREQ_FIX) { |
1279 | + fb_dbg(info, "invalid pixclock\n"); |
1280 | + freq = I740_RFREQ_FIX; |
1281 | + } |
1282 | + i740_calc_vclk(freq, par); |
1283 | |
1284 | /* Since we program the clocks ourselves, always use VCLK2. */ |
1285 | par->misc |= 0x0C; |
1286 | diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c |
1287 | index 07f6ba6ccaa72..f9fc618e77f32 100644 |
1288 | --- a/drivers/xen/xenbus/xenbus_dev_frontend.c |
1289 | +++ b/drivers/xen/xenbus/xenbus_dev_frontend.c |
1290 | @@ -122,7 +122,7 @@ static ssize_t xenbus_file_read(struct file *filp, |
1291 | { |
1292 | struct xenbus_file_priv *u = filp->private_data; |
1293 | struct read_buffer *rb; |
1294 | - unsigned i; |
1295 | + ssize_t i; |
1296 | int ret; |
1297 | |
1298 | mutex_lock(&u->reply_mutex); |
1299 | @@ -142,7 +142,7 @@ again: |
1300 | rb = list_entry(u->read_buffers.next, struct read_buffer, list); |
1301 | i = 0; |
1302 | while (i < len) { |
1303 | - unsigned sz = min((unsigned)len - i, rb->len - rb->cons); |
1304 | + size_t sz = min_t(size_t, len - i, rb->len - rb->cons); |
1305 | |
1306 | ret = copy_to_user(ubuf + i, &rb->msg[rb->cons], sz); |
1307 | |
1308 | diff --git a/fs/attr.c b/fs/attr.c |
1309 | index c902b3d535080..509cccc37742b 100644 |
1310 | --- a/fs/attr.c |
1311 | +++ b/fs/attr.c |
1312 | @@ -111,6 +111,8 @@ EXPORT_SYMBOL(setattr_prepare); |
1313 | */ |
1314 | int inode_newsize_ok(const struct inode *inode, loff_t offset) |
1315 | { |
1316 | + if (offset < 0) |
1317 | + return -EINVAL; |
1318 | if (inode->i_size < offset) { |
1319 | unsigned long limit; |
1320 | |
1321 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
1322 | index 46ecb7405af1f..b83e96f51a5f0 100644 |
1323 | --- a/fs/btrfs/disk-io.c |
1324 | +++ b/fs/btrfs/disk-io.c |
1325 | @@ -2774,6 +2774,20 @@ int open_ctree(struct super_block *sb, |
1326 | err = -EINVAL; |
1327 | goto fail_alloc; |
1328 | } |
1329 | + /* |
1330 | + * We have unsupported RO compat features, although RO mounted, we |
1331 | + * should not cause any metadata write, including log replay. |
1332 | + * Or we could screw up whatever the new feature requires. |
1333 | + */ |
1334 | + if (unlikely(features && btrfs_super_log_root(disk_super) && |
1335 | + !btrfs_test_opt(fs_info, NOLOGREPLAY))) { |
1336 | + btrfs_err(fs_info, |
1337 | +"cannot replay dirty log with unsupported compat_ro features (0x%llx), try rescue=nologreplay", |
1338 | + features); |
1339 | + err = -EINVAL; |
1340 | + goto fail_alloc; |
1341 | + } |
1342 | + |
1343 | |
1344 | max_active = fs_info->thread_pool_size; |
1345 | |
1346 | diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
1347 | index 312c050d0dbde..9ddf48ae80225 100644 |
1348 | --- a/fs/btrfs/tree-log.c |
1349 | +++ b/fs/btrfs/tree-log.c |
1350 | @@ -1074,7 +1074,9 @@ again: |
1351 | extref = btrfs_lookup_inode_extref(NULL, root, path, name, namelen, |
1352 | inode_objectid, parent_objectid, 0, |
1353 | 0); |
1354 | - if (!IS_ERR_OR_NULL(extref)) { |
1355 | + if (IS_ERR(extref)) { |
1356 | + return PTR_ERR(extref); |
1357 | + } else if (extref) { |
1358 | u32 item_size; |
1359 | u32 cur_offset = 0; |
1360 | unsigned long base; |
1361 | diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
1362 | index 3ca319e6c9791..3a7087a8f6239 100644 |
1363 | --- a/fs/ext4/inline.c |
1364 | +++ b/fs/ext4/inline.c |
1365 | @@ -40,6 +40,9 @@ static int get_max_inline_xattr_value_size(struct inode *inode, |
1366 | struct ext4_inode *raw_inode; |
1367 | int free, min_offs; |
1368 | |
1369 | + if (!EXT4_INODE_HAS_XATTR_SPACE(inode)) |
1370 | + return 0; |
1371 | + |
1372 | min_offs = EXT4_SB(inode->i_sb)->s_inode_size - |
1373 | EXT4_GOOD_OLD_INODE_SIZE - |
1374 | EXT4_I(inode)->i_extra_isize - |
1375 | diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
1376 | index 754b33828853d..b32fc7e45ba13 100644 |
1377 | --- a/fs/ext4/inode.c |
1378 | +++ b/fs/ext4/inode.c |
1379 | @@ -1659,7 +1659,14 @@ static void mpage_release_unused_pages(struct mpage_da_data *mpd, |
1380 | ext4_lblk_t start, last; |
1381 | start = index << (PAGE_SHIFT - inode->i_blkbits); |
1382 | last = end << (PAGE_SHIFT - inode->i_blkbits); |
1383 | + |
1384 | + /* |
1385 | + * avoid racing with extent status tree scans made by |
1386 | + * ext4_insert_delayed_block() |
1387 | + */ |
1388 | + down_write(&EXT4_I(inode)->i_data_sem); |
1389 | ext4_es_remove_extent(inode, start, last - start + 1); |
1390 | + up_write(&EXT4_I(inode)->i_data_sem); |
1391 | } |
1392 | |
1393 | pagevec_init(&pvec, 0); |
1394 | diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c |
1395 | index edf78728ed322..1281181215aa6 100644 |
1396 | --- a/fs/ext4/namei.c |
1397 | +++ b/fs/ext4/namei.c |
1398 | @@ -51,6 +51,7 @@ static struct buffer_head *ext4_append(handle_t *handle, |
1399 | struct inode *inode, |
1400 | ext4_lblk_t *block) |
1401 | { |
1402 | + struct ext4_map_blocks map; |
1403 | struct buffer_head *bh; |
1404 | int err; |
1405 | |
1406 | @@ -60,6 +61,21 @@ static struct buffer_head *ext4_append(handle_t *handle, |
1407 | return ERR_PTR(-ENOSPC); |
1408 | |
1409 | *block = inode->i_size >> inode->i_sb->s_blocksize_bits; |
1410 | + map.m_lblk = *block; |
1411 | + map.m_len = 1; |
1412 | + |
1413 | + /* |
1414 | + * We're appending new directory block. Make sure the block is not |
1415 | + * allocated yet, otherwise we will end up corrupting the |
1416 | + * directory. |
1417 | + */ |
1418 | + err = ext4_map_blocks(NULL, inode, &map, 0); |
1419 | + if (err < 0) |
1420 | + return ERR_PTR(err); |
1421 | + if (err) { |
1422 | + EXT4_ERROR_INODE(inode, "Logical block already allocated"); |
1423 | + return ERR_PTR(-EFSCORRUPTED); |
1424 | + } |
1425 | |
1426 | bh = ext4_bread(handle, inode, *block, EXT4_GET_BLOCKS_CREATE); |
1427 | if (IS_ERR(bh)) |
1428 | @@ -2777,11 +2793,8 @@ bool ext4_empty_dir(struct inode *inode) |
1429 | de = (struct ext4_dir_entry_2 *) (bh->b_data + |
1430 | (offset & (sb->s_blocksize - 1))); |
1431 | if (ext4_check_dir_entry(inode, NULL, de, bh, |
1432 | - bh->b_data, bh->b_size, offset)) { |
1433 | - offset = (offset | (sb->s_blocksize - 1)) + 1; |
1434 | - continue; |
1435 | - } |
1436 | - if (le32_to_cpu(de->inode)) { |
1437 | + bh->b_data, bh->b_size, offset) || |
1438 | + le32_to_cpu(de->inode)) { |
1439 | brelse(bh); |
1440 | return false; |
1441 | } |
1442 | diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c |
1443 | index c367129dcdc16..e4f02572f69df 100644 |
1444 | --- a/fs/ext4/resize.c |
1445 | +++ b/fs/ext4/resize.c |
1446 | @@ -1446,6 +1446,7 @@ static void ext4_update_super(struct super_block *sb, |
1447 | * Update the fs overhead information |
1448 | */ |
1449 | ext4_calculate_overhead(sb); |
1450 | + es->s_overhead_clusters = cpu_to_le32(sbi->s_overhead); |
1451 | |
1452 | if (test_opt(sb, DEBUG)) |
1453 | printk(KERN_DEBUG "EXT4-fs: added group %u:" |
1454 | @@ -1940,6 +1941,16 @@ int ext4_resize_fs(struct super_block *sb, ext4_fsblk_t n_blocks_count) |
1455 | } |
1456 | brelse(bh); |
1457 | |
1458 | + /* |
1459 | + * For bigalloc, trim the requested size to the nearest cluster |
1460 | + * boundary to avoid creating an unusable filesystem. We do this |
1461 | + * silently, instead of returning an error, to avoid breaking |
1462 | + * callers that blindly resize the filesystem to the full size of |
1463 | + * the underlying block device. |
1464 | + */ |
1465 | + if (ext4_has_feature_bigalloc(sb)) |
1466 | + n_blocks_count &= ~((1 << EXT4_CLUSTER_BITS(sb)) - 1); |
1467 | + |
1468 | retry: |
1469 | o_blocks_count = ext4_blocks_count(es); |
1470 | |
1471 | diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
1472 | index ec9beaa69abb5..6b14ecb382df9 100644 |
1473 | --- a/fs/ext4/xattr.c |
1474 | +++ b/fs/ext4/xattr.c |
1475 | @@ -1053,8 +1053,9 @@ int ext4_xattr_ibody_find(struct inode *inode, struct ext4_xattr_info *i, |
1476 | struct ext4_inode *raw_inode; |
1477 | int error; |
1478 | |
1479 | - if (EXT4_I(inode)->i_extra_isize == 0) |
1480 | + if (!EXT4_INODE_HAS_XATTR_SPACE(inode)) |
1481 | return 0; |
1482 | + |
1483 | raw_inode = ext4_raw_inode(&is->iloc); |
1484 | header = IHDR(inode, raw_inode); |
1485 | is->s.base = is->s.first = IFIRST(header); |
1486 | @@ -1107,8 +1108,9 @@ static int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, |
1487 | struct ext4_xattr_search *s = &is->s; |
1488 | int error; |
1489 | |
1490 | - if (EXT4_I(inode)->i_extra_isize == 0) |
1491 | + if (!EXT4_INODE_HAS_XATTR_SPACE(inode)) |
1492 | return -ENOSPC; |
1493 | + |
1494 | error = ext4_xattr_set_entry(i, s, inode); |
1495 | if (error) |
1496 | return error; |
1497 | diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h |
1498 | index 099c8b670ef56..bbe569142985d 100644 |
1499 | --- a/fs/ext4/xattr.h |
1500 | +++ b/fs/ext4/xattr.h |
1501 | @@ -76,6 +76,19 @@ struct ext4_xattr_entry { |
1502 | |
1503 | #define EXT4_ZERO_XATTR_VALUE ((void *)-1) |
1504 | |
1505 | +/* |
1506 | + * If we want to add an xattr to the inode, we should make sure that |
1507 | + * i_extra_isize is not 0 and that the inode size is not less than |
1508 | + * EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. |
1509 | + * EXT4_GOOD_OLD_INODE_SIZE extra_isize header entry pad data |
1510 | + * |--------------------------|------------|------|---------|---|-------| |
1511 | + */ |
1512 | +#define EXT4_INODE_HAS_XATTR_SPACE(inode) \ |
1513 | + ((EXT4_I(inode)->i_extra_isize != 0) && \ |
1514 | + (EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize + \ |
1515 | + sizeof(struct ext4_xattr_ibody_header) + EXT4_XATTR_PAD <= \ |
1516 | + EXT4_INODE_SIZE((inode)->i_sb))) |
1517 | + |
1518 | struct ext4_xattr_info { |
1519 | int name_index; |
1520 | const char *name; |
1521 | diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
1522 | index 77b8f0f264078..205ee5d3f4d5c 100644 |
1523 | --- a/fs/fuse/inode.c |
1524 | +++ b/fs/fuse/inode.c |
1525 | @@ -173,6 +173,12 @@ void fuse_change_attributes_common(struct inode *inode, struct fuse_attr *attr, |
1526 | inode->i_uid = make_kuid(&init_user_ns, attr->uid); |
1527 | inode->i_gid = make_kgid(&init_user_ns, attr->gid); |
1528 | inode->i_blocks = attr->blocks; |
1529 | + |
1530 | + /* Sanitize nsecs */ |
1531 | + attr->atimensec = min_t(u32, attr->atimensec, NSEC_PER_SEC - 1); |
1532 | + attr->mtimensec = min_t(u32, attr->mtimensec, NSEC_PER_SEC - 1); |
1533 | + attr->ctimensec = min_t(u32, attr->ctimensec, NSEC_PER_SEC - 1); |
1534 | + |
1535 | inode->i_atime.tv_sec = attr->atime; |
1536 | inode->i_atime.tv_nsec = attr->atimensec; |
1537 | /* mtime from server may be stale due to local buffered write */ |
1538 | diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c |
1539 | index 2ea772f596e3c..5baf6ed7732d8 100644 |
1540 | --- a/fs/nfs/nfs4proc.c |
1541 | +++ b/fs/nfs/nfs4proc.c |
1542 | @@ -8229,6 +8229,9 @@ static int nfs41_reclaim_complete_handle_errors(struct rpc_task *task, struct nf |
1543 | rpc_delay(task, NFS4_POLL_RETRY_MAX); |
1544 | /* fall through */ |
1545 | case -NFS4ERR_RETRY_UNCACHED_REP: |
1546 | + case -EACCES: |
1547 | + dprintk("%s: failed to reclaim complete error %d for server %s, retrying\n", |
1548 | + __func__, task->tk_status, clp->cl_hostname); |
1549 | return -EAGAIN; |
1550 | case -NFS4ERR_BADSESSION: |
1551 | case -NFS4ERR_DEADSESSION: |
1552 | diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c |
1553 | index 44a39a099b54e..62b49197e5f67 100644 |
1554 | --- a/fs/ntfs/attrib.c |
1555 | +++ b/fs/ntfs/attrib.c |
1556 | @@ -606,8 +606,12 @@ static int ntfs_attr_find(const ATTR_TYPE type, const ntfschar *name, |
1557 | a = (ATTR_RECORD*)((u8*)ctx->attr + |
1558 | le32_to_cpu(ctx->attr->length)); |
1559 | for (;; a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) { |
1560 | - if ((u8*)a < (u8*)ctx->mrec || (u8*)a > (u8*)ctx->mrec + |
1561 | - le32_to_cpu(ctx->mrec->bytes_allocated)) |
1562 | + u8 *mrec_end = (u8 *)ctx->mrec + |
1563 | + le32_to_cpu(ctx->mrec->bytes_allocated); |
1564 | + u8 *name_end = (u8 *)a + le16_to_cpu(a->name_offset) + |
1565 | + a->name_length * sizeof(ntfschar); |
1566 | + if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end || |
1567 | + name_end > mrec_end) |
1568 | break; |
1569 | ctx->attr = a; |
1570 | if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) || |
1571 | diff --git a/fs/proc/base.c b/fs/proc/base.c |
1572 | index 886e408f47697..2dd4a2b7222c5 100644 |
1573 | --- a/fs/proc/base.c |
1574 | +++ b/fs/proc/base.c |
1575 | @@ -1676,7 +1676,8 @@ const struct inode_operations proc_pid_link_inode_operations = { |
1576 | |
1577 | /* building an inode */ |
1578 | |
1579 | -struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *task) |
1580 | +struct inode *proc_pid_make_inode(struct super_block * sb, |
1581 | + struct task_struct *task, umode_t mode) |
1582 | { |
1583 | struct inode * inode; |
1584 | struct proc_inode *ei; |
1585 | @@ -1690,6 +1691,7 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t |
1586 | |
1587 | /* Common stuff */ |
1588 | ei = PROC_I(inode); |
1589 | + inode->i_mode = mode; |
1590 | inode->i_ino = get_next_ino(); |
1591 | inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); |
1592 | inode->i_op = &proc_def_inode_operations; |
1593 | @@ -2041,7 +2043,9 @@ proc_map_files_instantiate(struct inode *dir, struct dentry *dentry, |
1594 | struct proc_inode *ei; |
1595 | struct inode *inode; |
1596 | |
1597 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1598 | + inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK | |
1599 | + ((mode & FMODE_READ ) ? S_IRUSR : 0) | |
1600 | + ((mode & FMODE_WRITE) ? S_IWUSR : 0)); |
1601 | if (!inode) |
1602 | return -ENOENT; |
1603 | |
1604 | @@ -2050,12 +2054,6 @@ proc_map_files_instantiate(struct inode *dir, struct dentry *dentry, |
1605 | |
1606 | inode->i_op = &proc_map_files_link_inode_operations; |
1607 | inode->i_size = 64; |
1608 | - inode->i_mode = S_IFLNK; |
1609 | - |
1610 | - if (mode & FMODE_READ) |
1611 | - inode->i_mode |= S_IRUSR; |
1612 | - if (mode & FMODE_WRITE) |
1613 | - inode->i_mode |= S_IWUSR; |
1614 | |
1615 | d_set_d_op(dentry, &tid_map_files_dentry_operations); |
1616 | d_add(dentry, inode); |
1617 | @@ -2409,12 +2407,11 @@ static int proc_pident_instantiate(struct inode *dir, |
1618 | struct inode *inode; |
1619 | struct proc_inode *ei; |
1620 | |
1621 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1622 | + inode = proc_pid_make_inode(dir->i_sb, task, p->mode); |
1623 | if (!inode) |
1624 | goto out; |
1625 | |
1626 | ei = PROC_I(inode); |
1627 | - inode->i_mode = p->mode; |
1628 | if (S_ISDIR(inode->i_mode)) |
1629 | set_nlink(inode, 2); /* Use getattr to fix if necessary */ |
1630 | if (p->iop) |
1631 | @@ -3109,11 +3106,10 @@ static int proc_pid_instantiate(struct inode *dir, |
1632 | { |
1633 | struct inode *inode; |
1634 | |
1635 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1636 | + inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | S_IXUGO); |
1637 | if (!inode) |
1638 | goto out; |
1639 | |
1640 | - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; |
1641 | inode->i_op = &proc_tgid_base_inode_operations; |
1642 | inode->i_fop = &proc_tgid_base_operations; |
1643 | inode->i_flags|=S_IMMUTABLE; |
1644 | @@ -3404,11 +3400,10 @@ static int proc_task_instantiate(struct inode *dir, |
1645 | struct dentry *dentry, struct task_struct *task, const void *ptr) |
1646 | { |
1647 | struct inode *inode; |
1648 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1649 | + inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | S_IXUGO); |
1650 | |
1651 | if (!inode) |
1652 | goto out; |
1653 | - inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; |
1654 | inode->i_op = &proc_tid_base_inode_operations; |
1655 | inode->i_fop = &proc_tid_base_operations; |
1656 | inode->i_flags|=S_IMMUTABLE; |
1657 | diff --git a/fs/proc/fd.c b/fs/proc/fd.c |
1658 | index d21dafef31029..4274f83bf1004 100644 |
1659 | --- a/fs/proc/fd.c |
1660 | +++ b/fs/proc/fd.c |
1661 | @@ -183,14 +183,13 @@ proc_fd_instantiate(struct inode *dir, struct dentry *dentry, |
1662 | struct proc_inode *ei; |
1663 | struct inode *inode; |
1664 | |
1665 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1666 | + inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK); |
1667 | if (!inode) |
1668 | goto out; |
1669 | |
1670 | ei = PROC_I(inode); |
1671 | ei->fd = fd; |
1672 | |
1673 | - inode->i_mode = S_IFLNK; |
1674 | inode->i_op = &proc_pid_link_inode_operations; |
1675 | inode->i_size = 64; |
1676 | |
1677 | @@ -322,14 +321,13 @@ proc_fdinfo_instantiate(struct inode *dir, struct dentry *dentry, |
1678 | struct proc_inode *ei; |
1679 | struct inode *inode; |
1680 | |
1681 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1682 | + inode = proc_pid_make_inode(dir->i_sb, task, S_IFREG | S_IRUSR); |
1683 | if (!inode) |
1684 | goto out; |
1685 | |
1686 | ei = PROC_I(inode); |
1687 | ei->fd = fd; |
1688 | |
1689 | - inode->i_mode = S_IFREG | S_IRUSR; |
1690 | inode->i_fop = &proc_fdinfo_file_operations; |
1691 | |
1692 | d_set_d_op(dentry, &tid_fd_dentry_operations); |
1693 | diff --git a/fs/proc/internal.h b/fs/proc/internal.h |
1694 | index c0bdeceaaeb61..5bc057be6fa38 100644 |
1695 | --- a/fs/proc/internal.h |
1696 | +++ b/fs/proc/internal.h |
1697 | @@ -163,7 +163,7 @@ extern int proc_pid_statm(struct seq_file *, struct pid_namespace *, |
1698 | extern const struct dentry_operations pid_dentry_operations; |
1699 | extern int pid_getattr(struct vfsmount *, struct dentry *, struct kstat *); |
1700 | extern int proc_setattr(struct dentry *, struct iattr *); |
1701 | -extern struct inode *proc_pid_make_inode(struct super_block *, struct task_struct *); |
1702 | +extern struct inode *proc_pid_make_inode(struct super_block *, struct task_struct *, umode_t); |
1703 | extern int pid_revalidate(struct dentry *, unsigned int); |
1704 | extern int pid_delete_dentry(const struct dentry *); |
1705 | extern int proc_pid_readdir(struct file *, struct dir_context *); |
1706 | diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c |
1707 | index 51b8b0a8ad91b..766f0c637ad1b 100644 |
1708 | --- a/fs/proc/namespaces.c |
1709 | +++ b/fs/proc/namespaces.c |
1710 | @@ -92,12 +92,11 @@ static int proc_ns_instantiate(struct inode *dir, |
1711 | struct inode *inode; |
1712 | struct proc_inode *ei; |
1713 | |
1714 | - inode = proc_pid_make_inode(dir->i_sb, task); |
1715 | + inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK | S_IRWXUGO); |
1716 | if (!inode) |
1717 | goto out; |
1718 | |
1719 | ei = PROC_I(inode); |
1720 | - inode->i_mode = S_IFLNK|S_IRWXUGO; |
1721 | inode->i_op = &proc_ns_link_inode_operations; |
1722 | ei->ns_ops = ns_ops; |
1723 | |
1724 | diff --git a/include/linux/bpf.h b/include/linux/bpf.h |
1725 | index fe520d40597ff..7a1e6d3d0fd9d 100644 |
1726 | --- a/include/linux/bpf.h |
1727 | +++ b/include/linux/bpf.h |
1728 | @@ -246,6 +246,8 @@ struct bpf_prog *bpf_prog_get_type(u32 ufd, enum bpf_prog_type type); |
1729 | struct bpf_prog *bpf_prog_add(struct bpf_prog *prog, int i); |
1730 | struct bpf_prog *bpf_prog_inc(struct bpf_prog *prog); |
1731 | void bpf_prog_put(struct bpf_prog *prog); |
1732 | +int __bpf_prog_charge(struct user_struct *user, u32 pages); |
1733 | +void __bpf_prog_uncharge(struct user_struct *user, u32 pages); |
1734 | |
1735 | struct bpf_map *bpf_map_get_with_uref(u32 ufd); |
1736 | struct bpf_map *__bpf_map_get(struct fd f); |
1737 | @@ -328,6 +330,15 @@ static inline struct bpf_prog *bpf_prog_inc(struct bpf_prog *prog) |
1738 | return ERR_PTR(-EOPNOTSUPP); |
1739 | } |
1740 | |
1741 | +static inline int __bpf_prog_charge(struct user_struct *user, u32 pages) |
1742 | +{ |
1743 | + return 0; |
1744 | +} |
1745 | + |
1746 | +static inline void __bpf_prog_uncharge(struct user_struct *user, u32 pages) |
1747 | +{ |
1748 | +} |
1749 | + |
1750 | static inline bool unprivileged_ebpf_enabled(void) |
1751 | { |
1752 | return false; |
1753 | diff --git a/include/linux/buffer_head.h b/include/linux/buffer_head.h |
1754 | index 4431ea2c88022..13a63ab47ef55 100644 |
1755 | --- a/include/linux/buffer_head.h |
1756 | +++ b/include/linux/buffer_head.h |
1757 | @@ -113,7 +113,6 @@ static __always_inline int test_clear_buffer_##name(struct buffer_head *bh) \ |
1758 | * of the form "mark_buffer_foo()". These are higher-level functions which |
1759 | * do something in addition to setting a b_state bit. |
1760 | */ |
1761 | -BUFFER_FNS(Uptodate, uptodate) |
1762 | BUFFER_FNS(Dirty, dirty) |
1763 | TAS_BUFFER_FNS(Dirty, dirty) |
1764 | BUFFER_FNS(Lock, locked) |
1765 | @@ -131,6 +130,30 @@ BUFFER_FNS(Meta, meta) |
1766 | BUFFER_FNS(Prio, prio) |
1767 | BUFFER_FNS(Defer_Completion, defer_completion) |
1768 | |
1769 | +static __always_inline void set_buffer_uptodate(struct buffer_head *bh) |
1770 | +{ |
1771 | + /* |
1772 | + * make it consistent with folio_mark_uptodate |
1773 | + * pairs with smp_load_acquire in buffer_uptodate |
1774 | + */ |
1775 | + smp_mb__before_atomic(); |
1776 | + set_bit(BH_Uptodate, &bh->b_state); |
1777 | +} |
1778 | + |
1779 | +static __always_inline void clear_buffer_uptodate(struct buffer_head *bh) |
1780 | +{ |
1781 | + clear_bit(BH_Uptodate, &bh->b_state); |
1782 | +} |
1783 | + |
1784 | +static __always_inline int buffer_uptodate(const struct buffer_head *bh) |
1785 | +{ |
1786 | + /* |
1787 | + * make it consistent with folio_test_uptodate |
1788 | + * pairs with smp_mb__before_atomic in set_buffer_uptodate |
1789 | + */ |
1790 | + return (smp_load_acquire(&bh->b_state) & (1UL << BH_Uptodate)) != 0; |
1791 | +} |
1792 | + |
1793 | #define bh_offset(bh) ((unsigned long)(bh)->b_data & ~PAGE_MASK) |
1794 | |
1795 | /* If we *know* page->private refers to buffer_heads */ |
1796 | diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h |
1797 | index bba5604f3a03e..8ad5e5b6f9df0 100644 |
1798 | --- a/include/linux/pci_ids.h |
1799 | +++ b/include/linux/pci_ids.h |
1800 | @@ -55,6 +55,8 @@ |
1801 | #define PCI_CLASS_BRIDGE_EISA 0x0602 |
1802 | #define PCI_CLASS_BRIDGE_MC 0x0603 |
1803 | #define PCI_CLASS_BRIDGE_PCI 0x0604 |
1804 | +#define PCI_CLASS_BRIDGE_PCI_NORMAL 0x060400 |
1805 | +#define PCI_CLASS_BRIDGE_PCI_SUBTRACTIVE 0x060401 |
1806 | #define PCI_CLASS_BRIDGE_PCMCIA 0x0605 |
1807 | #define PCI_CLASS_BRIDGE_NUBUS 0x0606 |
1808 | #define PCI_CLASS_BRIDGE_CARDBUS 0x0607 |
1809 | diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h |
1810 | index 4920341268763..684fef8e3e599 100644 |
1811 | --- a/include/linux/usb/hcd.h |
1812 | +++ b/include/linux/usb/hcd.h |
1813 | @@ -65,6 +65,7 @@ |
1814 | |
1815 | struct giveback_urb_bh { |
1816 | bool running; |
1817 | + bool high_prio; |
1818 | spinlock_t lock; |
1819 | struct list_head head; |
1820 | struct tasklet_struct bh; |
1821 | diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h |
1822 | index 9c50d458ee83b..d9e9f86e61072 100644 |
1823 | --- a/include/net/bluetooth/l2cap.h |
1824 | +++ b/include/net/bluetooth/l2cap.h |
1825 | @@ -798,6 +798,7 @@ enum { |
1826 | }; |
1827 | |
1828 | void l2cap_chan_hold(struct l2cap_chan *c); |
1829 | +struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c); |
1830 | void l2cap_chan_put(struct l2cap_chan *c); |
1831 | |
1832 | static inline void l2cap_chan_lock(struct l2cap_chan *chan) |
1833 | diff --git a/include/sound/core.h b/include/sound/core.h |
1834 | index 31079ea5e4846..d5d0e5e53920c 100644 |
1835 | --- a/include/sound/core.h |
1836 | +++ b/include/sound/core.h |
1837 | @@ -457,4 +457,12 @@ snd_pci_quirk_lookup_id(u16 vendor, u16 device, |
1838 | } |
1839 | #endif |
1840 | |
1841 | +/* async signal helpers */ |
1842 | +struct snd_fasync; |
1843 | + |
1844 | +int snd_fasync_helper(int fd, struct file *file, int on, |
1845 | + struct snd_fasync **fasyncp); |
1846 | +void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll); |
1847 | +void snd_fasync_free(struct snd_fasync *fasync); |
1848 | + |
1849 | #endif /* __SOUND_CORE_H */ |
1850 | diff --git a/include/trace/events/spmi.h b/include/trace/events/spmi.h |
1851 | index 62f005ef4c7e5..7c24b99cf43b3 100644 |
1852 | --- a/include/trace/events/spmi.h |
1853 | +++ b/include/trace/events/spmi.h |
1854 | @@ -20,15 +20,15 @@ TRACE_EVENT(spmi_write_begin, |
1855 | __field ( u8, sid ) |
1856 | __field ( u16, addr ) |
1857 | __field ( u8, len ) |
1858 | - __dynamic_array ( u8, buf, len + 1 ) |
1859 | + __dynamic_array ( u8, buf, len ) |
1860 | ), |
1861 | |
1862 | TP_fast_assign( |
1863 | __entry->opcode = opcode; |
1864 | __entry->sid = sid; |
1865 | __entry->addr = addr; |
1866 | - __entry->len = len + 1; |
1867 | - memcpy(__get_dynamic_array(buf), buf, len + 1); |
1868 | + __entry->len = len; |
1869 | + memcpy(__get_dynamic_array(buf), buf, len); |
1870 | ), |
1871 | |
1872 | TP_printk("opc=%d sid=%02d addr=0x%04x len=%d buf=0x[%*phD]", |
1873 | @@ -91,7 +91,7 @@ TRACE_EVENT(spmi_read_end, |
1874 | __field ( u16, addr ) |
1875 | __field ( int, ret ) |
1876 | __field ( u8, len ) |
1877 | - __dynamic_array ( u8, buf, len + 1 ) |
1878 | + __dynamic_array ( u8, buf, len ) |
1879 | ), |
1880 | |
1881 | TP_fast_assign( |
1882 | @@ -99,8 +99,8 @@ TRACE_EVENT(spmi_read_end, |
1883 | __entry->sid = sid; |
1884 | __entry->addr = addr; |
1885 | __entry->ret = ret; |
1886 | - __entry->len = len + 1; |
1887 | - memcpy(__get_dynamic_array(buf), buf, len + 1); |
1888 | + __entry->len = len; |
1889 | + memcpy(__get_dynamic_array(buf), buf, len); |
1890 | ), |
1891 | |
1892 | TP_printk("opc=%d sid=%02d addr=0x%04x ret=%d len=%02d buf=0x[%*phD]", |
1893 | diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h |
1894 | index 1f42d110987a4..51502eabdb051 100644 |
1895 | --- a/include/uapi/linux/swab.h |
1896 | +++ b/include/uapi/linux/swab.h |
1897 | @@ -134,9 +134,9 @@ static inline __attribute_const__ __u32 __fswahb32(__u32 val) |
1898 | |
1899 | static __always_inline unsigned long __swab(const unsigned long y) |
1900 | { |
1901 | -#if BITS_PER_LONG == 64 |
1902 | +#if __BITS_PER_LONG == 64 |
1903 | return __swab64(y); |
1904 | -#else /* BITS_PER_LONG == 32 */ |
1905 | +#else /* __BITS_PER_LONG == 32 */ |
1906 | return __swab32(y); |
1907 | #endif |
1908 | } |
1909 | diff --git a/init/main.c b/init/main.c |
1910 | index 30226a836c8b5..6537f51a0bace 100644 |
1911 | --- a/init/main.c |
1912 | +++ b/init/main.c |
1913 | @@ -487,21 +487,15 @@ asmlinkage __visible void __init start_kernel(void) |
1914 | smp_setup_processor_id(); |
1915 | debug_objects_early_init(); |
1916 | |
1917 | - /* |
1918 | - * Set up the the initial canary ASAP: |
1919 | - */ |
1920 | - add_latent_entropy(); |
1921 | - boot_init_stack_canary(); |
1922 | - |
1923 | cgroup_init_early(); |
1924 | |
1925 | local_irq_disable(); |
1926 | early_boot_irqs_disabled = true; |
1927 | |
1928 | -/* |
1929 | - * Interrupts are still disabled. Do necessary setups, then |
1930 | - * enable them |
1931 | - */ |
1932 | + /* |
1933 | + * Interrupts are still disabled. Do necessary setups, then |
1934 | + * enable them. |
1935 | + */ |
1936 | boot_cpu_init(); |
1937 | page_address_init(); |
1938 | pr_notice("%s", linux_banner); |
1939 | diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c |
1940 | index 9976703f2dbfa..5aeadf79e05e4 100644 |
1941 | --- a/kernel/bpf/core.c |
1942 | +++ b/kernel/bpf/core.c |
1943 | @@ -107,19 +107,29 @@ struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size, |
1944 | gfp_t gfp_flags = GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO | |
1945 | gfp_extra_flags; |
1946 | struct bpf_prog *fp; |
1947 | + u32 pages, delta; |
1948 | + int ret; |
1949 | |
1950 | BUG_ON(fp_old == NULL); |
1951 | |
1952 | size = round_up(size, PAGE_SIZE); |
1953 | - if (size <= fp_old->pages * PAGE_SIZE) |
1954 | + pages = size / PAGE_SIZE; |
1955 | + if (pages <= fp_old->pages) |
1956 | return fp_old; |
1957 | |
1958 | + delta = pages - fp_old->pages; |
1959 | + ret = __bpf_prog_charge(fp_old->aux->user, delta); |
1960 | + if (ret) |
1961 | + return NULL; |
1962 | + |
1963 | fp = __vmalloc(size, gfp_flags, PAGE_KERNEL); |
1964 | - if (fp != NULL) { |
1965 | + if (fp == NULL) { |
1966 | + __bpf_prog_uncharge(fp_old->aux->user, delta); |
1967 | + } else { |
1968 | kmemcheck_annotate_bitfield(fp, meta); |
1969 | |
1970 | memcpy(fp, fp_old, fp_old->pages * PAGE_SIZE); |
1971 | - fp->pages = size / PAGE_SIZE; |
1972 | + fp->pages = pages; |
1973 | fp->aux->prog = fp; |
1974 | |
1975 | /* We keep fp->aux from fp_old around in the new |
1976 | diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c |
1977 | index e30ad1be68412..e0d4e210b1a1a 100644 |
1978 | --- a/kernel/bpf/syscall.c |
1979 | +++ b/kernel/bpf/syscall.c |
1980 | @@ -581,19 +581,39 @@ static void free_used_maps(struct bpf_prog_aux *aux) |
1981 | kfree(aux->used_maps); |
1982 | } |
1983 | |
1984 | +int __bpf_prog_charge(struct user_struct *user, u32 pages) |
1985 | +{ |
1986 | + unsigned long memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; |
1987 | + unsigned long user_bufs; |
1988 | + |
1989 | + if (user) { |
1990 | + user_bufs = atomic_long_add_return(pages, &user->locked_vm); |
1991 | + if (user_bufs > memlock_limit) { |
1992 | + atomic_long_sub(pages, &user->locked_vm); |
1993 | + return -EPERM; |
1994 | + } |
1995 | + } |
1996 | + |
1997 | + return 0; |
1998 | +} |
1999 | + |
2000 | +void __bpf_prog_uncharge(struct user_struct *user, u32 pages) |
2001 | +{ |
2002 | + if (user) |
2003 | + atomic_long_sub(pages, &user->locked_vm); |
2004 | +} |
2005 | + |
2006 | static int bpf_prog_charge_memlock(struct bpf_prog *prog) |
2007 | { |
2008 | struct user_struct *user = get_current_user(); |
2009 | - unsigned long memlock_limit; |
2010 | - |
2011 | - memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; |
2012 | + int ret; |
2013 | |
2014 | - atomic_long_add(prog->pages, &user->locked_vm); |
2015 | - if (atomic_long_read(&user->locked_vm) > memlock_limit) { |
2016 | - atomic_long_sub(prog->pages, &user->locked_vm); |
2017 | + ret = __bpf_prog_charge(user, prog->pages); |
2018 | + if (ret) { |
2019 | free_uid(user); |
2020 | - return -EPERM; |
2021 | + return ret; |
2022 | } |
2023 | + |
2024 | prog->aux->user = user; |
2025 | return 0; |
2026 | } |
2027 | @@ -602,7 +622,7 @@ static void bpf_prog_uncharge_memlock(struct bpf_prog *prog) |
2028 | { |
2029 | struct user_struct *user = prog->aux->user; |
2030 | |
2031 | - atomic_long_sub(prog->pages, &user->locked_vm); |
2032 | + __bpf_prog_uncharge(user, prog->pages); |
2033 | free_uid(user); |
2034 | } |
2035 | |
2036 | diff --git a/net/9p/client.c b/net/9p/client.c |
2037 | index f1517ca8aba3b..237ba7e21771d 100644 |
2038 | --- a/net/9p/client.c |
2039 | +++ b/net/9p/client.c |
2040 | @@ -891,7 +891,7 @@ static struct p9_fid *p9_fid_create(struct p9_client *clnt) |
2041 | unsigned long flags; |
2042 | |
2043 | p9_debug(P9_DEBUG_FID, "clnt %p\n", clnt); |
2044 | - fid = kmalloc(sizeof(struct p9_fid), GFP_KERNEL); |
2045 | + fid = kzalloc(sizeof(struct p9_fid), GFP_KERNEL); |
2046 | if (!fid) |
2047 | return ERR_PTR(-ENOMEM); |
2048 | |
2049 | @@ -902,11 +902,9 @@ static struct p9_fid *p9_fid_create(struct p9_client *clnt) |
2050 | } |
2051 | fid->fid = ret; |
2052 | |
2053 | - memset(&fid->qid, 0, sizeof(struct p9_qid)); |
2054 | fid->mode = -1; |
2055 | fid->uid = current_fsuid(); |
2056 | fid->clnt = clnt; |
2057 | - fid->rdir = NULL; |
2058 | spin_lock_irqsave(&clnt->lock, flags); |
2059 | list_add(&fid->flist, &clnt->fidlist); |
2060 | spin_unlock_irqrestore(&clnt->lock, flags); |
2061 | diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
2062 | index 204b6ebd2a24e..78cf9508b7c1d 100644 |
2063 | --- a/net/bluetooth/l2cap_core.c |
2064 | +++ b/net/bluetooth/l2cap_core.c |
2065 | @@ -113,7 +113,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, |
2066 | } |
2067 | |
2068 | /* Find channel with given SCID. |
2069 | - * Returns locked channel. */ |
2070 | + * Returns a reference locked channel. |
2071 | + */ |
2072 | static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, |
2073 | u16 cid) |
2074 | { |
2075 | @@ -121,15 +122,19 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, |
2076 | |
2077 | mutex_lock(&conn->chan_lock); |
2078 | c = __l2cap_get_chan_by_scid(conn, cid); |
2079 | - if (c) |
2080 | - l2cap_chan_lock(c); |
2081 | + if (c) { |
2082 | + /* Only lock if chan reference is not 0 */ |
2083 | + c = l2cap_chan_hold_unless_zero(c); |
2084 | + if (c) |
2085 | + l2cap_chan_lock(c); |
2086 | + } |
2087 | mutex_unlock(&conn->chan_lock); |
2088 | |
2089 | return c; |
2090 | } |
2091 | |
2092 | /* Find channel with given DCID. |
2093 | - * Returns locked channel. |
2094 | + * Returns a reference locked channel. |
2095 | */ |
2096 | static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, |
2097 | u16 cid) |
2098 | @@ -138,8 +143,12 @@ static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, |
2099 | |
2100 | mutex_lock(&conn->chan_lock); |
2101 | c = __l2cap_get_chan_by_dcid(conn, cid); |
2102 | - if (c) |
2103 | - l2cap_chan_lock(c); |
2104 | + if (c) { |
2105 | + /* Only lock if chan reference is not 0 */ |
2106 | + c = l2cap_chan_hold_unless_zero(c); |
2107 | + if (c) |
2108 | + l2cap_chan_lock(c); |
2109 | + } |
2110 | mutex_unlock(&conn->chan_lock); |
2111 | |
2112 | return c; |
2113 | @@ -164,8 +173,12 @@ static struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, |
2114 | |
2115 | mutex_lock(&conn->chan_lock); |
2116 | c = __l2cap_get_chan_by_ident(conn, ident); |
2117 | - if (c) |
2118 | - l2cap_chan_lock(c); |
2119 | + if (c) { |
2120 | + /* Only lock if chan reference is not 0 */ |
2121 | + c = l2cap_chan_hold_unless_zero(c); |
2122 | + if (c) |
2123 | + l2cap_chan_lock(c); |
2124 | + } |
2125 | mutex_unlock(&conn->chan_lock); |
2126 | |
2127 | return c; |
2128 | @@ -491,6 +504,16 @@ void l2cap_chan_hold(struct l2cap_chan *c) |
2129 | kref_get(&c->kref); |
2130 | } |
2131 | |
2132 | +struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c) |
2133 | +{ |
2134 | + BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); |
2135 | + |
2136 | + if (!kref_get_unless_zero(&c->kref)) |
2137 | + return NULL; |
2138 | + |
2139 | + return c; |
2140 | +} |
2141 | + |
2142 | void l2cap_chan_put(struct l2cap_chan *c) |
2143 | { |
2144 | BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->kref.refcount)); |
2145 | @@ -1781,11 +1804,11 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, |
2146 | bdaddr_t *dst, |
2147 | u8 link_type) |
2148 | { |
2149 | - struct l2cap_chan *c, *c1 = NULL; |
2150 | + struct l2cap_chan *c, *tmp, *c1 = NULL; |
2151 | |
2152 | read_lock(&chan_list_lock); |
2153 | |
2154 | - list_for_each_entry(c, &chan_list, global_l) { |
2155 | + list_for_each_entry_safe(c, tmp, &chan_list, global_l) { |
2156 | if (state && c->state != state) |
2157 | continue; |
2158 | |
2159 | @@ -1803,9 +1826,11 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, |
2160 | src_match = !bacmp(&c->src, src); |
2161 | dst_match = !bacmp(&c->dst, dst); |
2162 | if (src_match && dst_match) { |
2163 | - l2cap_chan_hold(c); |
2164 | - read_unlock(&chan_list_lock); |
2165 | - return c; |
2166 | + c = l2cap_chan_hold_unless_zero(c); |
2167 | + if (c) { |
2168 | + read_unlock(&chan_list_lock); |
2169 | + return c; |
2170 | + } |
2171 | } |
2172 | |
2173 | /* Closest match */ |
2174 | @@ -1818,7 +1843,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, |
2175 | } |
2176 | |
2177 | if (c1) |
2178 | - l2cap_chan_hold(c1); |
2179 | + c1 = l2cap_chan_hold_unless_zero(c1); |
2180 | |
2181 | read_unlock(&chan_list_lock); |
2182 | |
2183 | @@ -4194,6 +4219,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, |
2184 | |
2185 | unlock: |
2186 | l2cap_chan_unlock(chan); |
2187 | + l2cap_chan_put(chan); |
2188 | return err; |
2189 | } |
2190 | |
2191 | @@ -4306,6 +4332,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, |
2192 | |
2193 | done: |
2194 | l2cap_chan_unlock(chan); |
2195 | + l2cap_chan_put(chan); |
2196 | return err; |
2197 | } |
2198 | |
2199 | @@ -5034,6 +5061,7 @@ send_move_response: |
2200 | l2cap_send_move_chan_rsp(chan, result); |
2201 | |
2202 | l2cap_chan_unlock(chan); |
2203 | + l2cap_chan_put(chan); |
2204 | |
2205 | return 0; |
2206 | } |
2207 | @@ -5126,6 +5154,7 @@ static void l2cap_move_continue(struct l2cap_conn *conn, u16 icid, u16 result) |
2208 | } |
2209 | |
2210 | l2cap_chan_unlock(chan); |
2211 | + l2cap_chan_put(chan); |
2212 | } |
2213 | |
2214 | static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, |
2215 | @@ -5155,6 +5184,7 @@ static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, |
2216 | l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); |
2217 | |
2218 | l2cap_chan_unlock(chan); |
2219 | + l2cap_chan_put(chan); |
2220 | } |
2221 | |
2222 | static int l2cap_move_channel_rsp(struct l2cap_conn *conn, |
2223 | @@ -5218,6 +5248,7 @@ static int l2cap_move_channel_confirm(struct l2cap_conn *conn, |
2224 | l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); |
2225 | |
2226 | l2cap_chan_unlock(chan); |
2227 | + l2cap_chan_put(chan); |
2228 | |
2229 | return 0; |
2230 | } |
2231 | @@ -5253,6 +5284,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn, |
2232 | } |
2233 | |
2234 | l2cap_chan_unlock(chan); |
2235 | + l2cap_chan_put(chan); |
2236 | |
2237 | return 0; |
2238 | } |
2239 | @@ -5625,12 +5657,11 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, |
2240 | if (credits > max_credits) { |
2241 | BT_ERR("LE credits overflow"); |
2242 | l2cap_send_disconn_req(chan, ECONNRESET); |
2243 | - l2cap_chan_unlock(chan); |
2244 | |
2245 | /* Return 0 so that we don't trigger an unnecessary |
2246 | * command reject packet. |
2247 | */ |
2248 | - return 0; |
2249 | + goto unlock; |
2250 | } |
2251 | |
2252 | chan->tx_credits += credits; |
2253 | @@ -5643,7 +5674,9 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, |
2254 | if (chan->tx_credits) |
2255 | chan->ops->resume(chan); |
2256 | |
2257 | +unlock: |
2258 | l2cap_chan_unlock(chan); |
2259 | + l2cap_chan_put(chan); |
2260 | |
2261 | return 0; |
2262 | } |
2263 | @@ -6941,6 +6974,7 @@ drop: |
2264 | |
2265 | done: |
2266 | l2cap_chan_unlock(chan); |
2267 | + l2cap_chan_put(chan); |
2268 | } |
2269 | |
2270 | static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, |
2271 | @@ -7345,7 +7379,7 @@ static struct l2cap_chan *l2cap_global_fixed_chan(struct l2cap_chan *c, |
2272 | if (src_type != c->src_type) |
2273 | continue; |
2274 | |
2275 | - l2cap_chan_hold(c); |
2276 | + c = l2cap_chan_hold_unless_zero(c); |
2277 | read_unlock(&chan_list_lock); |
2278 | return c; |
2279 | } |
2280 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
2281 | index 5b6d935a028c2..49061c3fc2183 100644 |
2282 | --- a/net/ipv4/tcp_output.c |
2283 | +++ b/net/ipv4/tcp_output.c |
2284 | @@ -2986,11 +2986,12 @@ begin_fwd: |
2285 | */ |
2286 | void sk_forced_mem_schedule(struct sock *sk, int size) |
2287 | { |
2288 | - int amt; |
2289 | + int delta, amt; |
2290 | |
2291 | - if (size <= sk->sk_forward_alloc) |
2292 | + delta = size - sk->sk_forward_alloc; |
2293 | + if (delta <= 0) |
2294 | return; |
2295 | - amt = sk_mem_pages(size); |
2296 | + amt = sk_mem_pages(delta); |
2297 | sk->sk_forward_alloc += amt * SK_MEM_QUANTUM; |
2298 | sk_memory_allocated_add(sk, amt); |
2299 | |
2300 | diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c |
2301 | index e209ae19fe781..298ac357a132e 100644 |
2302 | --- a/net/ipv6/ping.c |
2303 | +++ b/net/ipv6/ping.c |
2304 | @@ -26,6 +26,11 @@ |
2305 | #include <net/transp_v6.h> |
2306 | #include <net/ping.h> |
2307 | |
2308 | +static void ping_v6_destroy(struct sock *sk) |
2309 | +{ |
2310 | + inet6_destroy_sock(sk); |
2311 | +} |
2312 | + |
2313 | /* Compatibility glue so we can support IPv6 when it's compiled as a module */ |
2314 | static int dummy_ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, |
2315 | int *addr_len) |
2316 | @@ -179,6 +184,7 @@ struct proto pingv6_prot = { |
2317 | .owner = THIS_MODULE, |
2318 | .init = ping_init_sock, |
2319 | .close = ping_close, |
2320 | + .destroy = ping_v6_destroy, |
2321 | .connect = ip6_datagram_connect_v6_only, |
2322 | .disconnect = __udp_disconnect, |
2323 | .setsockopt = ipv6_setsockopt, |
2324 | diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c |
2325 | index 0aad9b8466aa8..4a4dae9929367 100644 |
2326 | --- a/net/netfilter/nf_tables_api.c |
2327 | +++ b/net/netfilter/nf_tables_api.c |
2328 | @@ -119,6 +119,7 @@ static struct nft_trans *nft_trans_alloc(struct nft_ctx *ctx, int msg_type, |
2329 | if (trans == NULL) |
2330 | return NULL; |
2331 | |
2332 | + INIT_LIST_HEAD(&trans->list); |
2333 | trans->msg_type = msg_type; |
2334 | trans->ctx = *ctx; |
2335 | |
2336 | @@ -2514,7 +2515,7 @@ cont: |
2337 | list_for_each_entry(i, &ctx->table->sets, list) { |
2338 | int tmp; |
2339 | |
2340 | - if (!nft_is_active_next(ctx->net, set)) |
2341 | + if (!nft_is_active_next(ctx->net, i)) |
2342 | continue; |
2343 | if (!sscanf(i->name, name, &tmp)) |
2344 | continue; |
2345 | diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c |
2346 | index 66814a9d030cc..80715b495d7c0 100644 |
2347 | --- a/net/netfilter/nfnetlink_queue.c |
2348 | +++ b/net/netfilter/nfnetlink_queue.c |
2349 | @@ -807,11 +807,16 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) |
2350 | } |
2351 | |
2352 | static int |
2353 | -nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e, int diff) |
2354 | +nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, int diff) |
2355 | { |
2356 | struct sk_buff *nskb; |
2357 | |
2358 | if (diff < 0) { |
2359 | + unsigned int min_len = skb_transport_offset(e->skb); |
2360 | + |
2361 | + if (data_len < min_len) |
2362 | + return -EINVAL; |
2363 | + |
2364 | if (pskb_trim(e->skb, data_len)) |
2365 | return -ENOMEM; |
2366 | } else if (diff > 0) { |
2367 | diff --git a/net/rds/ib_recv.c b/net/rds/ib_recv.c |
2368 | index 606a11f681d28..1c927112ff09d 100644 |
2369 | --- a/net/rds/ib_recv.c |
2370 | +++ b/net/rds/ib_recv.c |
2371 | @@ -356,6 +356,7 @@ static int acquire_refill(struct rds_connection *conn) |
2372 | static void release_refill(struct rds_connection *conn) |
2373 | { |
2374 | clear_bit(RDS_RECV_REFILL, &conn->c_flags); |
2375 | + smp_mb__after_atomic(); |
2376 | |
2377 | /* We don't use wait_on_bit()/wake_up_bit() because our waking is in a |
2378 | * hot path and finding waiters is very rare. We don't want to walk |
2379 | diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c |
2380 | index f20373588a99e..ce732ce9f9c98 100644 |
2381 | --- a/net/sched/cls_route.c |
2382 | +++ b/net/sched/cls_route.c |
2383 | @@ -427,6 +427,9 @@ static int route4_set_parms(struct net *net, struct tcf_proto *tp, |
2384 | goto errout; |
2385 | } |
2386 | |
2387 | + if (!nhandle) |
2388 | + return -EINVAL; |
2389 | + |
2390 | h1 = to_hash(nhandle); |
2391 | b = rtnl_dereference(head->table[h1]); |
2392 | if (!b) { |
2393 | @@ -486,6 +489,9 @@ static int route4_change(struct net *net, struct sk_buff *in_skb, |
2394 | int err; |
2395 | bool new = true; |
2396 | |
2397 | + if (!handle) |
2398 | + return -EINVAL; |
2399 | + |
2400 | if (opt == NULL) |
2401 | return handle ? -EINVAL : 0; |
2402 | |
2403 | @@ -534,7 +540,7 @@ static int route4_change(struct net *net, struct sk_buff *in_skb, |
2404 | rcu_assign_pointer(f->next, f1); |
2405 | rcu_assign_pointer(*fp, f); |
2406 | |
2407 | - if (fold && fold->handle && f->handle != fold->handle) { |
2408 | + if (fold) { |
2409 | th = to_hash(fold->handle); |
2410 | h = from_hash(fold->handle >> 16); |
2411 | b = rtnl_dereference(head->table[th]); |
2412 | diff --git a/net/sunrpc/backchannel_rqst.c b/net/sunrpc/backchannel_rqst.c |
2413 | index ac701c28f44f3..a441dd119533f 100644 |
2414 | --- a/net/sunrpc/backchannel_rqst.c |
2415 | +++ b/net/sunrpc/backchannel_rqst.c |
2416 | @@ -69,6 +69,17 @@ static void xprt_free_allocation(struct rpc_rqst *req) |
2417 | kfree(req); |
2418 | } |
2419 | |
2420 | +static void xprt_bc_reinit_xdr_buf(struct xdr_buf *buf) |
2421 | +{ |
2422 | + buf->head[0].iov_len = PAGE_SIZE; |
2423 | + buf->tail[0].iov_len = 0; |
2424 | + buf->pages = NULL; |
2425 | + buf->page_len = 0; |
2426 | + buf->flags = 0; |
2427 | + buf->len = 0; |
2428 | + buf->buflen = PAGE_SIZE; |
2429 | +} |
2430 | + |
2431 | static int xprt_alloc_xdr_buf(struct xdr_buf *buf, gfp_t gfp_flags) |
2432 | { |
2433 | struct page *page; |
2434 | @@ -291,6 +302,9 @@ void xprt_free_bc_rqst(struct rpc_rqst *req) |
2435 | */ |
2436 | spin_lock_bh(&xprt->bc_pa_lock); |
2437 | if (xprt_need_to_requeue(xprt)) { |
2438 | + xprt_bc_reinit_xdr_buf(&req->rq_snd_buf); |
2439 | + xprt_bc_reinit_xdr_buf(&req->rq_rcv_buf); |
2440 | + req->rq_rcv_buf.len = PAGE_SIZE; |
2441 | list_add_tail(&req->rq_bc_pa_list, &xprt->bc_pa_list); |
2442 | xprt->bc_alloc_count++; |
2443 | req = NULL; |
2444 | diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c |
2445 | index 46ff984da6f44..08f8dc436448e 100644 |
2446 | --- a/net/vmw_vsock/af_vsock.c |
2447 | +++ b/net/vmw_vsock/af_vsock.c |
2448 | @@ -1205,7 +1205,14 @@ static int vsock_stream_connect(struct socket *sock, struct sockaddr *addr, |
2449 | * timeout fires. |
2450 | */ |
2451 | sock_hold(sk); |
2452 | - schedule_delayed_work(&vsk->connect_work, timeout); |
2453 | + |
2454 | + /* If the timeout function is already scheduled, |
2455 | + * reschedule it, then ungrab the socket refcount to |
2456 | + * keep it balanced. |
2457 | + */ |
2458 | + if (mod_delayed_work(system_wq, &vsk->connect_work, |
2459 | + timeout)) |
2460 | + sock_put(sk); |
2461 | |
2462 | /* Skip ahead to preserve error code set above. */ |
2463 | goto out_wait; |
2464 | diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c |
2465 | index eb503eccbacc8..ac2381eec27fa 100644 |
2466 | --- a/security/selinux/hooks.c |
2467 | +++ b/security/selinux/hooks.c |
2468 | @@ -231,12 +231,13 @@ static int inode_alloc_security(struct inode *inode) |
2469 | if (!isec) |
2470 | return -ENOMEM; |
2471 | |
2472 | - mutex_init(&isec->lock); |
2473 | + spin_lock_init(&isec->lock); |
2474 | INIT_LIST_HEAD(&isec->list); |
2475 | isec->inode = inode; |
2476 | isec->sid = SECINITSID_UNLABELED; |
2477 | isec->sclass = SECCLASS_FILE; |
2478 | isec->task_sid = sid; |
2479 | + isec->initialized = LABEL_INVALID; |
2480 | inode->i_security = isec; |
2481 | |
2482 | return 0; |
2483 | @@ -247,7 +248,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2484 | /* |
2485 | * Try reloading inode security labels that have been marked as invalid. The |
2486 | * @may_sleep parameter indicates when sleeping and thus reloading labels is |
2487 | - * allowed; when set to false, returns ERR_PTR(-ECHILD) when the label is |
2488 | + * allowed; when set to false, returns -ECHILD when the label is |
2489 | * invalid. The @opt_dentry parameter should be set to a dentry of the inode; |
2490 | * when no dentry is available, set it to NULL instead. |
2491 | */ |
2492 | @@ -1386,7 +1387,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2493 | { |
2494 | struct superblock_security_struct *sbsec = NULL; |
2495 | struct inode_security_struct *isec = inode->i_security; |
2496 | - u32 sid; |
2497 | + u32 task_sid, sid = 0; |
2498 | + u16 sclass; |
2499 | struct dentry *dentry; |
2500 | #define INITCONTEXTLEN 255 |
2501 | char *context = NULL; |
2502 | @@ -1394,12 +1396,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2503 | int rc = 0; |
2504 | |
2505 | if (isec->initialized == LABEL_INITIALIZED) |
2506 | - goto out; |
2507 | + return 0; |
2508 | |
2509 | - mutex_lock(&isec->lock); |
2510 | + spin_lock(&isec->lock); |
2511 | if (isec->initialized == LABEL_INITIALIZED) |
2512 | goto out_unlock; |
2513 | |
2514 | + if (isec->sclass == SECCLASS_FILE) |
2515 | + isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2516 | + |
2517 | sbsec = inode->i_sb->s_security; |
2518 | if (!(sbsec->flags & SE_SBINITIALIZED)) { |
2519 | /* Defer initialization until selinux_complete_init, |
2520 | @@ -1412,12 +1417,18 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2521 | goto out_unlock; |
2522 | } |
2523 | |
2524 | + sclass = isec->sclass; |
2525 | + task_sid = isec->task_sid; |
2526 | + sid = isec->sid; |
2527 | + isec->initialized = LABEL_PENDING; |
2528 | + spin_unlock(&isec->lock); |
2529 | + |
2530 | switch (sbsec->behavior) { |
2531 | case SECURITY_FS_USE_NATIVE: |
2532 | break; |
2533 | case SECURITY_FS_USE_XATTR: |
2534 | if (!(inode->i_opflags & IOP_XATTR)) { |
2535 | - isec->sid = sbsec->def_sid; |
2536 | + sid = sbsec->def_sid; |
2537 | break; |
2538 | } |
2539 | /* Need a dentry, since the xattr API requires one. |
2540 | @@ -1439,7 +1450,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2541 | * inode_doinit with a dentry, before these inodes could |
2542 | * be used again by userspace. |
2543 | */ |
2544 | - goto out_unlock; |
2545 | + goto out_invalid; |
2546 | } |
2547 | |
2548 | len = INITCONTEXTLEN; |
2549 | @@ -1447,7 +1458,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2550 | if (!context) { |
2551 | rc = -ENOMEM; |
2552 | dput(dentry); |
2553 | - goto out_unlock; |
2554 | + goto out; |
2555 | } |
2556 | context[len] = '\0'; |
2557 | rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len); |
2558 | @@ -1458,14 +1469,14 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2559 | rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0); |
2560 | if (rc < 0) { |
2561 | dput(dentry); |
2562 | - goto out_unlock; |
2563 | + goto out; |
2564 | } |
2565 | len = rc; |
2566 | context = kmalloc(len+1, GFP_NOFS); |
2567 | if (!context) { |
2568 | rc = -ENOMEM; |
2569 | dput(dentry); |
2570 | - goto out_unlock; |
2571 | + goto out; |
2572 | } |
2573 | context[len] = '\0'; |
2574 | rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len); |
2575 | @@ -1477,7 +1488,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2576 | "%d for dev=%s ino=%ld\n", __func__, |
2577 | -rc, inode->i_sb->s_id, inode->i_ino); |
2578 | kfree(context); |
2579 | - goto out_unlock; |
2580 | + goto out; |
2581 | } |
2582 | /* Map ENODATA to the default file SID */ |
2583 | sid = sbsec->def_sid; |
2584 | @@ -1507,29 +1518,25 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2585 | } |
2586 | } |
2587 | kfree(context); |
2588 | - isec->sid = sid; |
2589 | break; |
2590 | case SECURITY_FS_USE_TASK: |
2591 | - isec->sid = isec->task_sid; |
2592 | + sid = task_sid; |
2593 | break; |
2594 | case SECURITY_FS_USE_TRANS: |
2595 | /* Default to the fs SID. */ |
2596 | - isec->sid = sbsec->sid; |
2597 | + sid = sbsec->sid; |
2598 | |
2599 | /* Try to obtain a transition SID. */ |
2600 | - isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2601 | - rc = security_transition_sid(isec->task_sid, sbsec->sid, |
2602 | - isec->sclass, NULL, &sid); |
2603 | + rc = security_transition_sid(task_sid, sid, sclass, NULL, &sid); |
2604 | if (rc) |
2605 | - goto out_unlock; |
2606 | - isec->sid = sid; |
2607 | + goto out; |
2608 | break; |
2609 | case SECURITY_FS_USE_MNTPOINT: |
2610 | - isec->sid = sbsec->mntpoint_sid; |
2611 | + sid = sbsec->mntpoint_sid; |
2612 | break; |
2613 | default: |
2614 | /* Default to the fs superblock SID. */ |
2615 | - isec->sid = sbsec->sid; |
2616 | + sid = sbsec->sid; |
2617 | |
2618 | if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) { |
2619 | /* We must have a dentry to determine the label on |
2620 | @@ -1552,26 +1559,39 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent |
2621 | * could be used again by userspace. |
2622 | */ |
2623 | if (!dentry) |
2624 | - goto out_unlock; |
2625 | - isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2626 | - rc = selinux_genfs_get_sid(dentry, isec->sclass, |
2627 | + goto out_invalid; |
2628 | + rc = selinux_genfs_get_sid(dentry, sclass, |
2629 | sbsec->flags, &sid); |
2630 | dput(dentry); |
2631 | if (rc) |
2632 | - goto out_unlock; |
2633 | - isec->sid = sid; |
2634 | + goto out; |
2635 | } |
2636 | break; |
2637 | } |
2638 | |
2639 | - isec->initialized = LABEL_INITIALIZED; |
2640 | +out: |
2641 | + spin_lock(&isec->lock); |
2642 | + if (isec->initialized == LABEL_PENDING) { |
2643 | + if (rc) { |
2644 | + isec->initialized = LABEL_INVALID; |
2645 | + goto out_unlock; |
2646 | + } |
2647 | + isec->initialized = LABEL_INITIALIZED; |
2648 | + isec->sid = sid; |
2649 | + } |
2650 | |
2651 | out_unlock: |
2652 | - mutex_unlock(&isec->lock); |
2653 | -out: |
2654 | - if (isec->sclass == SECCLASS_FILE) |
2655 | - isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2656 | + spin_unlock(&isec->lock); |
2657 | return rc; |
2658 | + |
2659 | +out_invalid: |
2660 | + spin_lock(&isec->lock); |
2661 | + if (isec->initialized == LABEL_PENDING) { |
2662 | + isec->initialized = LABEL_INVALID; |
2663 | + isec->sid = sid; |
2664 | + } |
2665 | + spin_unlock(&isec->lock); |
2666 | + return 0; |
2667 | } |
2668 | |
2669 | /* Convert a Linux signal to an access vector. */ |
2670 | @@ -3200,9 +3220,11 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, |
2671 | } |
2672 | |
2673 | isec = backing_inode_security(dentry); |
2674 | + spin_lock(&isec->lock); |
2675 | isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2676 | isec->sid = newsid; |
2677 | isec->initialized = LABEL_INITIALIZED; |
2678 | + spin_unlock(&isec->lock); |
2679 | |
2680 | return; |
2681 | } |
2682 | @@ -3299,9 +3321,11 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name, |
2683 | if (rc) |
2684 | return rc; |
2685 | |
2686 | + spin_lock(&isec->lock); |
2687 | isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2688 | isec->sid = newsid; |
2689 | isec->initialized = LABEL_INITIALIZED; |
2690 | + spin_unlock(&isec->lock); |
2691 | return 0; |
2692 | } |
2693 | |
2694 | @@ -3957,8 +3981,11 @@ static void selinux_task_to_inode(struct task_struct *p, |
2695 | struct inode_security_struct *isec = inode->i_security; |
2696 | u32 sid = task_sid(p); |
2697 | |
2698 | + spin_lock(&isec->lock); |
2699 | + isec->sclass = inode_mode_to_security_class(inode->i_mode); |
2700 | isec->sid = sid; |
2701 | isec->initialized = LABEL_INITIALIZED; |
2702 | + spin_unlock(&isec->lock); |
2703 | } |
2704 | |
2705 | /* Returns error only if unable to parse addresses */ |
2706 | @@ -4277,24 +4304,24 @@ static int selinux_socket_post_create(struct socket *sock, int family, |
2707 | const struct task_security_struct *tsec = current_security(); |
2708 | struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock)); |
2709 | struct sk_security_struct *sksec; |
2710 | + u16 sclass = socket_type_to_security_class(family, type, protocol); |
2711 | + u32 sid = SECINITSID_KERNEL; |
2712 | int err = 0; |
2713 | |
2714 | - isec->sclass = socket_type_to_security_class(family, type, protocol); |
2715 | - |
2716 | - if (kern) |
2717 | - isec->sid = SECINITSID_KERNEL; |
2718 | - else { |
2719 | - err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); |
2720 | + if (!kern) { |
2721 | + err = socket_sockcreate_sid(tsec, sclass, &sid); |
2722 | if (err) |
2723 | return err; |
2724 | } |
2725 | |
2726 | + isec->sclass = sclass; |
2727 | + isec->sid = sid; |
2728 | isec->initialized = LABEL_INITIALIZED; |
2729 | |
2730 | if (sock->sk) { |
2731 | sksec = sock->sk->sk_security; |
2732 | - sksec->sid = isec->sid; |
2733 | - sksec->sclass = isec->sclass; |
2734 | + sksec->sclass = sclass; |
2735 | + sksec->sid = sid; |
2736 | err = selinux_netlbl_socket_post_create(sock->sk, family); |
2737 | } |
2738 | |
2739 | @@ -4478,16 +4505,22 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock) |
2740 | int err; |
2741 | struct inode_security_struct *isec; |
2742 | struct inode_security_struct *newisec; |
2743 | + u16 sclass; |
2744 | + u32 sid; |
2745 | |
2746 | err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT); |
2747 | if (err) |
2748 | return err; |
2749 | |
2750 | - newisec = inode_security_novalidate(SOCK_INODE(newsock)); |
2751 | - |
2752 | isec = inode_security_novalidate(SOCK_INODE(sock)); |
2753 | - newisec->sclass = isec->sclass; |
2754 | - newisec->sid = isec->sid; |
2755 | + spin_lock(&isec->lock); |
2756 | + sclass = isec->sclass; |
2757 | + sid = isec->sid; |
2758 | + spin_unlock(&isec->lock); |
2759 | + |
2760 | + newisec = inode_security_novalidate(SOCK_INODE(newsock)); |
2761 | + newisec->sclass = sclass; |
2762 | + newisec->sid = sid; |
2763 | newisec->initialized = LABEL_INITIALIZED; |
2764 | |
2765 | return 0; |
2766 | @@ -6010,9 +6043,9 @@ static void selinux_inode_invalidate_secctx(struct inode *inode) |
2767 | { |
2768 | struct inode_security_struct *isec = inode->i_security; |
2769 | |
2770 | - mutex_lock(&isec->lock); |
2771 | + spin_lock(&isec->lock); |
2772 | isec->initialized = LABEL_INVALID; |
2773 | - mutex_unlock(&isec->lock); |
2774 | + spin_unlock(&isec->lock); |
2775 | } |
2776 | |
2777 | /* |
2778 | diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h |
2779 | index c21e135460a5e..e8dab0f02c727 100644 |
2780 | --- a/security/selinux/include/objsec.h |
2781 | +++ b/security/selinux/include/objsec.h |
2782 | @@ -39,7 +39,8 @@ struct task_security_struct { |
2783 | |
2784 | enum label_initialized { |
2785 | LABEL_INVALID, /* invalid or not initialized */ |
2786 | - LABEL_INITIALIZED /* initialized */ |
2787 | + LABEL_INITIALIZED, /* initialized */ |
2788 | + LABEL_PENDING |
2789 | }; |
2790 | |
2791 | struct inode_security_struct { |
2792 | @@ -52,7 +53,7 @@ struct inode_security_struct { |
2793 | u32 sid; /* SID of this object */ |
2794 | u16 sclass; /* security class of this object */ |
2795 | unsigned char initialized; /* initialization flag */ |
2796 | - struct mutex lock; |
2797 | + spinlock_t lock; |
2798 | }; |
2799 | |
2800 | struct file_security_struct { |
2801 | diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c |
2802 | index ef1226c1c3add..a033306d14eed 100644 |
2803 | --- a/security/selinux/selinuxfs.c |
2804 | +++ b/security/selinux/selinuxfs.c |
2805 | @@ -1301,7 +1301,7 @@ static int sel_make_bools(void) |
2806 | goto out; |
2807 | |
2808 | isec->sid = sid; |
2809 | - isec->initialized = 1; |
2810 | + isec->initialized = LABEL_INITIALIZED; |
2811 | inode->i_fop = &sel_bool_ops; |
2812 | inode->i_ino = i|SEL_BOOL_INO_OFFSET; |
2813 | d_add(dentry, inode); |
2814 | @@ -1835,7 +1835,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) |
2815 | isec = (struct inode_security_struct *)inode->i_security; |
2816 | isec->sid = SECINITSID_DEVNULL; |
2817 | isec->sclass = SECCLASS_CHR_FILE; |
2818 | - isec->initialized = 1; |
2819 | + isec->initialized = LABEL_INITIALIZED; |
2820 | |
2821 | init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO, MKDEV(MEM_MAJOR, 3)); |
2822 | d_add(dentry, inode); |
2823 | diff --git a/sound/core/info.c b/sound/core/info.c |
2824 | index 8a6fa8fd0aabd..b6ec13ccf60c4 100644 |
2825 | --- a/sound/core/info.c |
2826 | +++ b/sound/core/info.c |
2827 | @@ -127,9 +127,9 @@ static loff_t snd_info_entry_llseek(struct file *file, loff_t offset, int orig) |
2828 | entry = data->entry; |
2829 | mutex_lock(&entry->access); |
2830 | if (entry->c.ops->llseek) { |
2831 | - offset = entry->c.ops->llseek(entry, |
2832 | - data->file_private_data, |
2833 | - file, offset, orig); |
2834 | + ret = entry->c.ops->llseek(entry, |
2835 | + data->file_private_data, |
2836 | + file, offset, orig); |
2837 | goto out; |
2838 | } |
2839 | |
2840 | diff --git a/sound/core/misc.c b/sound/core/misc.c |
2841 | index f2e8226c88fbb..efe26b8ca57fe 100644 |
2842 | --- a/sound/core/misc.c |
2843 | +++ b/sound/core/misc.c |
2844 | @@ -25,6 +25,7 @@ |
2845 | #include <linux/time.h> |
2846 | #include <linux/slab.h> |
2847 | #include <linux/ioport.h> |
2848 | +#include <linux/fs.h> |
2849 | #include <sound/core.h> |
2850 | |
2851 | #ifdef CONFIG_SND_DEBUG |
2852 | @@ -153,3 +154,96 @@ snd_pci_quirk_lookup(struct pci_dev *pci, const struct snd_pci_quirk *list) |
2853 | } |
2854 | EXPORT_SYMBOL(snd_pci_quirk_lookup); |
2855 | #endif |
2856 | + |
2857 | +/* |
2858 | + * Deferred async signal helpers |
2859 | + * |
2860 | + * Below are a few helper functions to wrap the async signal handling |
2861 | + * in the deferred work. The main purpose is to avoid the messy deadlock |
2862 | + * around tasklist_lock and co at the kill_fasync() invocation. |
2863 | + * fasync_helper() and kill_fasync() are replaced with snd_fasync_helper() |
2864 | + * and snd_kill_fasync(), respectively. In addition, snd_fasync_free() has |
2865 | + * to be called at releasing the relevant file object. |
2866 | + */ |
2867 | +struct snd_fasync { |
2868 | + struct fasync_struct *fasync; |
2869 | + int signal; |
2870 | + int poll; |
2871 | + int on; |
2872 | + struct list_head list; |
2873 | +}; |
2874 | + |
2875 | +static DEFINE_SPINLOCK(snd_fasync_lock); |
2876 | +static LIST_HEAD(snd_fasync_list); |
2877 | + |
2878 | +static void snd_fasync_work_fn(struct work_struct *work) |
2879 | +{ |
2880 | + struct snd_fasync *fasync; |
2881 | + |
2882 | + spin_lock_irq(&snd_fasync_lock); |
2883 | + while (!list_empty(&snd_fasync_list)) { |
2884 | + fasync = list_first_entry(&snd_fasync_list, struct snd_fasync, list); |
2885 | + list_del_init(&fasync->list); |
2886 | + spin_unlock_irq(&snd_fasync_lock); |
2887 | + if (fasync->on) |
2888 | + kill_fasync(&fasync->fasync, fasync->signal, fasync->poll); |
2889 | + spin_lock_irq(&snd_fasync_lock); |
2890 | + } |
2891 | + spin_unlock_irq(&snd_fasync_lock); |
2892 | +} |
2893 | + |
2894 | +static DECLARE_WORK(snd_fasync_work, snd_fasync_work_fn); |
2895 | + |
2896 | +int snd_fasync_helper(int fd, struct file *file, int on, |
2897 | + struct snd_fasync **fasyncp) |
2898 | +{ |
2899 | + struct snd_fasync *fasync = NULL; |
2900 | + |
2901 | + if (on) { |
2902 | + fasync = kzalloc(sizeof(*fasync), GFP_KERNEL); |
2903 | + if (!fasync) |
2904 | + return -ENOMEM; |
2905 | + INIT_LIST_HEAD(&fasync->list); |
2906 | + } |
2907 | + |
2908 | + spin_lock_irq(&snd_fasync_lock); |
2909 | + if (*fasyncp) { |
2910 | + kfree(fasync); |
2911 | + fasync = *fasyncp; |
2912 | + } else { |
2913 | + if (!fasync) { |
2914 | + spin_unlock_irq(&snd_fasync_lock); |
2915 | + return 0; |
2916 | + } |
2917 | + *fasyncp = fasync; |
2918 | + } |
2919 | + fasync->on = on; |
2920 | + spin_unlock_irq(&snd_fasync_lock); |
2921 | + return fasync_helper(fd, file, on, &fasync->fasync); |
2922 | +} |
2923 | +EXPORT_SYMBOL_GPL(snd_fasync_helper); |
2924 | + |
2925 | +void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll) |
2926 | +{ |
2927 | + unsigned long flags; |
2928 | + |
2929 | + if (!fasync || !fasync->on) |
2930 | + return; |
2931 | + spin_lock_irqsave(&snd_fasync_lock, flags); |
2932 | + fasync->signal = signal; |
2933 | + fasync->poll = poll; |
2934 | + list_move(&fasync->list, &snd_fasync_list); |
2935 | + schedule_work(&snd_fasync_work); |
2936 | + spin_unlock_irqrestore(&snd_fasync_lock, flags); |
2937 | +} |
2938 | +EXPORT_SYMBOL_GPL(snd_kill_fasync); |
2939 | + |
2940 | +void snd_fasync_free(struct snd_fasync *fasync) |
2941 | +{ |
2942 | + if (!fasync) |
2943 | + return; |
2944 | + fasync->on = 0; |
2945 | + flush_work(&snd_fasync_work); |
2946 | + kfree(fasync); |
2947 | +} |
2948 | +EXPORT_SYMBOL_GPL(snd_fasync_free); |
2949 | diff --git a/sound/core/timer.c b/sound/core/timer.c |
2950 | index 596ba572d6c49..1f5f05e76e59b 100644 |
2951 | --- a/sound/core/timer.c |
2952 | +++ b/sound/core/timer.c |
2953 | @@ -74,7 +74,7 @@ struct snd_timer_user { |
2954 | unsigned int filter; |
2955 | struct timespec tstamp; /* trigger tstamp */ |
2956 | wait_queue_head_t qchange_sleep; |
2957 | - struct fasync_struct *fasync; |
2958 | + struct snd_fasync *fasync; |
2959 | struct mutex ioctl_lock; |
2960 | }; |
2961 | |
2962 | @@ -1293,7 +1293,7 @@ static void snd_timer_user_interrupt(struct snd_timer_instance *timeri, |
2963 | } |
2964 | __wake: |
2965 | spin_unlock(&tu->qlock); |
2966 | - kill_fasync(&tu->fasync, SIGIO, POLL_IN); |
2967 | + snd_kill_fasync(tu->fasync, SIGIO, POLL_IN); |
2968 | wake_up(&tu->qchange_sleep); |
2969 | } |
2970 | |
2971 | @@ -1330,7 +1330,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri, |
2972 | spin_lock_irqsave(&tu->qlock, flags); |
2973 | snd_timer_user_append_to_tqueue(tu, &r1); |
2974 | spin_unlock_irqrestore(&tu->qlock, flags); |
2975 | - kill_fasync(&tu->fasync, SIGIO, POLL_IN); |
2976 | + snd_kill_fasync(tu->fasync, SIGIO, POLL_IN); |
2977 | wake_up(&tu->qchange_sleep); |
2978 | } |
2979 | |
2980 | @@ -1397,7 +1397,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri, |
2981 | spin_unlock(&tu->qlock); |
2982 | if (append == 0) |
2983 | return; |
2984 | - kill_fasync(&tu->fasync, SIGIO, POLL_IN); |
2985 | + snd_kill_fasync(tu->fasync, SIGIO, POLL_IN); |
2986 | wake_up(&tu->qchange_sleep); |
2987 | } |
2988 | |
2989 | @@ -1439,6 +1439,7 @@ static int snd_timer_user_release(struct inode *inode, struct file *file) |
2990 | if (tu->timeri) |
2991 | snd_timer_close(tu->timeri); |
2992 | mutex_unlock(&tu->ioctl_lock); |
2993 | + snd_fasync_free(tu->fasync); |
2994 | kfree(tu->queue); |
2995 | kfree(tu->tqueue); |
2996 | kfree(tu); |
2997 | @@ -2026,7 +2027,7 @@ static int snd_timer_user_fasync(int fd, struct file * file, int on) |
2998 | struct snd_timer_user *tu; |
2999 | |
3000 | tu = file->private_data; |
3001 | - return fasync_helper(fd, file, on, &tu->fasync); |
3002 | + return snd_fasync_helper(fd, file, on, &tu->fasync); |
3003 | } |
3004 | |
3005 | static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, |
3006 | diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c |
3007 | index d6e079f4ec09d..351cb1fbb48de 100644 |
3008 | --- a/sound/pci/hda/patch_cirrus.c |
3009 | +++ b/sound/pci/hda/patch_cirrus.c |
3010 | @@ -409,6 +409,7 @@ static const struct snd_pci_quirk cs420x_fixup_tbl[] = { |
3011 | |
3012 | /* codec SSID */ |
3013 | SND_PCI_QUIRK(0x106b, 0x0600, "iMac 14,1", CS420X_IMAC27_122), |
3014 | + SND_PCI_QUIRK(0x106b, 0x0900, "iMac 12,1", CS420X_IMAC27_122), |
3015 | SND_PCI_QUIRK(0x106b, 0x1c00, "MacBookPro 8,1", CS420X_MBP81), |
3016 | SND_PCI_QUIRK(0x106b, 0x2000, "iMac 12,2", CS420X_IMAC27_122), |
3017 | SND_PCI_QUIRK(0x106b, 0x2800, "MacBookPro 10,1", CS420X_MBP101), |
3018 | diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c |
3019 | index 5a3dd06ff105d..49e3002555050 100644 |
3020 | --- a/sound/pci/hda/patch_conexant.c |
3021 | +++ b/sound/pci/hda/patch_conexant.c |
3022 | @@ -238,6 +238,7 @@ enum { |
3023 | CXT_PINCFG_LEMOTE_A1205, |
3024 | CXT_PINCFG_COMPAQ_CQ60, |
3025 | CXT_FIXUP_STEREO_DMIC, |
3026 | + CXT_PINCFG_LENOVO_NOTEBOOK, |
3027 | CXT_FIXUP_INC_MIC_BOOST, |
3028 | CXT_FIXUP_HEADPHONE_MIC_PIN, |
3029 | CXT_FIXUP_HEADPHONE_MIC, |
3030 | @@ -698,6 +699,14 @@ static const struct hda_fixup cxt_fixups[] = { |
3031 | .type = HDA_FIXUP_FUNC, |
3032 | .v.func = cxt_fixup_stereo_dmic, |
3033 | }, |
3034 | + [CXT_PINCFG_LENOVO_NOTEBOOK] = { |
3035 | + .type = HDA_FIXUP_PINS, |
3036 | + .v.pins = (const struct hda_pintbl[]) { |
3037 | + { 0x1a, 0x05d71030 }, |
3038 | + { } |
3039 | + }, |
3040 | + .chain_id = CXT_FIXUP_STEREO_DMIC, |
3041 | + }, |
3042 | [CXT_FIXUP_INC_MIC_BOOST] = { |
3043 | .type = HDA_FIXUP_FUNC, |
3044 | .v.func = cxt5066_increase_mic_boost, |
3045 | @@ -860,7 +869,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { |
3046 | SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC), |
3047 | SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC), |
3048 | SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC), |
3049 | - SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC), |
3050 | + SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_PINCFG_LENOVO_NOTEBOOK), |
3051 | SND_PCI_QUIRK(0x17aa, 0x3978, "Lenovo G50-70", CXT_FIXUP_STEREO_DMIC), |
3052 | SND_PCI_QUIRK(0x17aa, 0x397b, "Lenovo S205", CXT_FIXUP_STEREO_DMIC), |
3053 | SND_PCI_QUIRK_VENDOR(0x17aa, "Thinkpad", CXT_FIXUP_THINKPAD_ACPI), |
3054 | diff --git a/sound/usb/bcd2000/bcd2000.c b/sound/usb/bcd2000/bcd2000.c |
3055 | index d060dddcc52d5..379bdf26e9850 100644 |
3056 | --- a/sound/usb/bcd2000/bcd2000.c |
3057 | +++ b/sound/usb/bcd2000/bcd2000.c |
3058 | @@ -350,7 +350,8 @@ static int bcd2000_init_midi(struct bcd2000 *bcd2k) |
3059 | static void bcd2000_free_usb_related_resources(struct bcd2000 *bcd2k, |
3060 | struct usb_interface *interface) |
3061 | { |
3062 | - /* usb_kill_urb not necessary, urb is aborted automatically */ |
3063 | + usb_kill_urb(bcd2k->midi_out_urb); |
3064 | + usb_kill_urb(bcd2k->midi_in_urb); |
3065 | |
3066 | usb_free_urb(bcd2k->midi_out_urb); |
3067 | usb_free_urb(bcd2k->midi_in_urb); |