Annotation of /trunk/kernel-alx/patches-3.10/0160-3.10.61-all-fixes.patch
Parent Directory | Revision Log
Revision 2648 -
(hide annotations)
(download)
Tue Jul 21 16:20:21 2015 UTC (9 years, 2 months ago) by niro
File size: 139954 byte(s)
Tue Jul 21 16:20:21 2015 UTC (9 years, 2 months ago) by niro
File size: 139954 byte(s)
-linux-3.10.61
1 | niro | 2648 | diff --git a/Makefile b/Makefile |
2 | index 9d4f30d0d201..0d5ba80786b8 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,6 +1,6 @@ | ||
6 | VERSION = 3 | ||
7 | PATCHLEVEL = 10 | ||
8 | -SUBLEVEL = 60 | ||
9 | +SUBLEVEL = 61 | ||
10 | EXTRAVERSION = | ||
11 | NAME = TOSSUG Baby Fish | ||
12 | |||
13 | diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c | ||
14 | index 0c4132dd3507..98838a05ba6d 100644 | ||
15 | --- a/arch/alpha/mm/fault.c | ||
16 | +++ b/arch/alpha/mm/fault.c | ||
17 | @@ -89,8 +89,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr, | ||
18 | const struct exception_table_entry *fixup; | ||
19 | int fault, si_code = SEGV_MAPERR; | ||
20 | siginfo_t info; | ||
21 | - unsigned int flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
22 | - (cause > 0 ? FAULT_FLAG_WRITE : 0)); | ||
23 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
24 | |||
25 | /* As of EV6, a load into $31/$f31 is a prefetch, and never faults | ||
26 | (or is suppressed by the PALcode). Support that for older CPUs | ||
27 | @@ -115,7 +114,8 @@ do_page_fault(unsigned long address, unsigned long mmcsr, | ||
28 | if (address >= TASK_SIZE) | ||
29 | goto vmalloc_fault; | ||
30 | #endif | ||
31 | - | ||
32 | + if (user_mode(regs)) | ||
33 | + flags |= FAULT_FLAG_USER; | ||
34 | retry: | ||
35 | down_read(&mm->mmap_sem); | ||
36 | vma = find_vma(mm, address); | ||
37 | @@ -142,6 +142,7 @@ retry: | ||
38 | } else { | ||
39 | if (!(vma->vm_flags & VM_WRITE)) | ||
40 | goto bad_area; | ||
41 | + flags |= FAULT_FLAG_WRITE; | ||
42 | } | ||
43 | |||
44 | /* If for any reason at all we couldn't handle the fault, | ||
45 | diff --git a/arch/arc/mm/fault.c b/arch/arc/mm/fault.c | ||
46 | index 331a0846628e..50533b750a99 100644 | ||
47 | --- a/arch/arc/mm/fault.c | ||
48 | +++ b/arch/arc/mm/fault.c | ||
49 | @@ -59,8 +59,7 @@ void do_page_fault(struct pt_regs *regs, int write, unsigned long address, | ||
50 | struct mm_struct *mm = tsk->mm; | ||
51 | siginfo_t info; | ||
52 | int fault, ret; | ||
53 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
54 | - (write ? FAULT_FLAG_WRITE : 0); | ||
55 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
56 | |||
57 | /* | ||
58 | * We fault-in kernel-space virtual memory on-demand. The | ||
59 | @@ -88,6 +87,8 @@ void do_page_fault(struct pt_regs *regs, int write, unsigned long address, | ||
60 | if (in_atomic() || !mm) | ||
61 | goto no_context; | ||
62 | |||
63 | + if (user_mode(regs)) | ||
64 | + flags |= FAULT_FLAG_USER; | ||
65 | retry: | ||
66 | down_read(&mm->mmap_sem); | ||
67 | vma = find_vma(mm, address); | ||
68 | @@ -115,12 +116,12 @@ good_area: | ||
69 | if (write) { | ||
70 | if (!(vma->vm_flags & VM_WRITE)) | ||
71 | goto bad_area; | ||
72 | + flags |= FAULT_FLAG_WRITE; | ||
73 | } else { | ||
74 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) | ||
75 | goto bad_area; | ||
76 | } | ||
77 | |||
78 | -survive: | ||
79 | /* | ||
80 | * If for any reason at all we couldn't handle the fault, | ||
81 | * make sure we exit gracefully rather than endlessly redo | ||
82 | @@ -200,14 +201,12 @@ no_context: | ||
83 | die("Oops", regs, address, cause_code); | ||
84 | |||
85 | out_of_memory: | ||
86 | - if (is_global_init(tsk)) { | ||
87 | - yield(); | ||
88 | - goto survive; | ||
89 | - } | ||
90 | up_read(&mm->mmap_sem); | ||
91 | |||
92 | - if (user_mode(regs)) | ||
93 | - do_group_exit(SIGKILL); /* This will never return */ | ||
94 | + if (user_mode(regs)) { | ||
95 | + pagefault_out_of_memory(); | ||
96 | + return; | ||
97 | + } | ||
98 | |||
99 | goto no_context; | ||
100 | |||
101 | diff --git a/arch/arm/include/asm/bug.h b/arch/arm/include/asm/bug.h | ||
102 | index 7af5c6c3653a..b274bde24905 100644 | ||
103 | --- a/arch/arm/include/asm/bug.h | ||
104 | +++ b/arch/arm/include/asm/bug.h | ||
105 | @@ -2,6 +2,8 @@ | ||
106 | #define _ASMARM_BUG_H | ||
107 | |||
108 | #include <linux/linkage.h> | ||
109 | +#include <linux/types.h> | ||
110 | +#include <asm/opcodes.h> | ||
111 | |||
112 | #ifdef CONFIG_BUG | ||
113 | |||
114 | @@ -12,10 +14,10 @@ | ||
115 | */ | ||
116 | #ifdef CONFIG_THUMB2_KERNEL | ||
117 | #define BUG_INSTR_VALUE 0xde02 | ||
118 | -#define BUG_INSTR_TYPE ".hword " | ||
119 | +#define BUG_INSTR(__value) __inst_thumb16(__value) | ||
120 | #else | ||
121 | #define BUG_INSTR_VALUE 0xe7f001f2 | ||
122 | -#define BUG_INSTR_TYPE ".word " | ||
123 | +#define BUG_INSTR(__value) __inst_arm(__value) | ||
124 | #endif | ||
125 | |||
126 | |||
127 | @@ -33,7 +35,7 @@ | ||
128 | |||
129 | #define __BUG(__file, __line, __value) \ | ||
130 | do { \ | ||
131 | - asm volatile("1:\t" BUG_INSTR_TYPE #__value "\n" \ | ||
132 | + asm volatile("1:\t" BUG_INSTR(__value) "\n" \ | ||
133 | ".pushsection .rodata.str, \"aMS\", %progbits, 1\n" \ | ||
134 | "2:\t.asciz " #__file "\n" \ | ||
135 | ".popsection\n" \ | ||
136 | @@ -48,7 +50,7 @@ do { \ | ||
137 | |||
138 | #define __BUG(__file, __line, __value) \ | ||
139 | do { \ | ||
140 | - asm volatile(BUG_INSTR_TYPE #__value); \ | ||
141 | + asm volatile(BUG_INSTR(__value) "\n"); \ | ||
142 | unreachable(); \ | ||
143 | } while (0) | ||
144 | #endif /* CONFIG_DEBUG_BUGVERBOSE */ | ||
145 | diff --git a/arch/arm/kernel/kprobes-common.c b/arch/arm/kernel/kprobes-common.c | ||
146 | index 18a76282970e..380c20fb9c85 100644 | ||
147 | --- a/arch/arm/kernel/kprobes-common.c | ||
148 | +++ b/arch/arm/kernel/kprobes-common.c | ||
149 | @@ -14,6 +14,7 @@ | ||
150 | #include <linux/kernel.h> | ||
151 | #include <linux/kprobes.h> | ||
152 | #include <asm/system_info.h> | ||
153 | +#include <asm/opcodes.h> | ||
154 | |||
155 | #include "kprobes.h" | ||
156 | |||
157 | @@ -305,7 +306,8 @@ kprobe_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi) | ||
158 | |||
159 | if (handler) { | ||
160 | /* We can emulate the instruction in (possibly) modified form */ | ||
161 | - asi->insn[0] = (insn & 0xfff00000) | (rn << 16) | reglist; | ||
162 | + asi->insn[0] = __opcode_to_mem_arm((insn & 0xfff00000) | | ||
163 | + (rn << 16) | reglist); | ||
164 | asi->insn_handler = handler; | ||
165 | return INSN_GOOD; | ||
166 | } | ||
167 | @@ -334,13 +336,14 @@ prepare_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi, | ||
168 | #ifdef CONFIG_THUMB2_KERNEL | ||
169 | if (thumb) { | ||
170 | u16 *thumb_insn = (u16 *)asi->insn; | ||
171 | - thumb_insn[1] = 0x4770; /* Thumb bx lr */ | ||
172 | - thumb_insn[2] = 0x4770; /* Thumb bx lr */ | ||
173 | + /* Thumb bx lr */ | ||
174 | + thumb_insn[1] = __opcode_to_mem_thumb16(0x4770); | ||
175 | + thumb_insn[2] = __opcode_to_mem_thumb16(0x4770); | ||
176 | return insn; | ||
177 | } | ||
178 | - asi->insn[1] = 0xe12fff1e; /* ARM bx lr */ | ||
179 | + asi->insn[1] = __opcode_to_mem_arm(0xe12fff1e); /* ARM bx lr */ | ||
180 | #else | ||
181 | - asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */ | ||
182 | + asi->insn[1] = __opcode_to_mem_arm(0xe1a0f00e); /* mov pc, lr */ | ||
183 | #endif | ||
184 | /* Make an ARM instruction unconditional */ | ||
185 | if (insn < 0xe0000000) | ||
186 | @@ -360,12 +363,12 @@ set_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi, | ||
187 | if (thumb) { | ||
188 | u16 *ip = (u16 *)asi->insn; | ||
189 | if (is_wide_instruction(insn)) | ||
190 | - *ip++ = insn >> 16; | ||
191 | - *ip++ = insn; | ||
192 | + *ip++ = __opcode_to_mem_thumb16(insn >> 16); | ||
193 | + *ip++ = __opcode_to_mem_thumb16(insn); | ||
194 | return; | ||
195 | } | ||
196 | #endif | ||
197 | - asi->insn[0] = insn; | ||
198 | + asi->insn[0] = __opcode_to_mem_arm(insn); | ||
199 | } | ||
200 | |||
201 | /* | ||
202 | diff --git a/arch/arm/kernel/kprobes-thumb.c b/arch/arm/kernel/kprobes-thumb.c | ||
203 | index 6123daf397a7..b82e798983c4 100644 | ||
204 | --- a/arch/arm/kernel/kprobes-thumb.c | ||
205 | +++ b/arch/arm/kernel/kprobes-thumb.c | ||
206 | @@ -163,9 +163,9 @@ t32_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi) | ||
207 | enum kprobe_insn ret = kprobe_decode_ldmstm(insn, asi); | ||
208 | |||
209 | /* Fixup modified instruction to have halfwords in correct order...*/ | ||
210 | - insn = asi->insn[0]; | ||
211 | - ((u16 *)asi->insn)[0] = insn >> 16; | ||
212 | - ((u16 *)asi->insn)[1] = insn & 0xffff; | ||
213 | + insn = __mem_to_opcode_arm(asi->insn[0]); | ||
214 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn >> 16); | ||
215 | + ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0xffff); | ||
216 | |||
217 | return ret; | ||
218 | } | ||
219 | @@ -1153,7 +1153,7 @@ t16_decode_hiregs(kprobe_opcode_t insn, struct arch_specific_insn *asi) | ||
220 | { | ||
221 | insn &= ~0x00ff; | ||
222 | insn |= 0x001; /* Set Rdn = R1 and Rm = R0 */ | ||
223 | - ((u16 *)asi->insn)[0] = insn; | ||
224 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn); | ||
225 | asi->insn_handler = t16_emulate_hiregs; | ||
226 | return INSN_GOOD; | ||
227 | } | ||
228 | @@ -1182,8 +1182,10 @@ t16_decode_push(kprobe_opcode_t insn, struct arch_specific_insn *asi) | ||
229 | * and call it with R9=SP and LR in the register list represented | ||
230 | * by R8. | ||
231 | */ | ||
232 | - ((u16 *)asi->insn)[0] = 0xe929; /* 1st half STMDB R9!,{} */ | ||
233 | - ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */ | ||
234 | + /* 1st half STMDB R9!,{} */ | ||
235 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe929); | ||
236 | + /* 2nd half (register list) */ | ||
237 | + ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff); | ||
238 | asi->insn_handler = t16_emulate_push; | ||
239 | return INSN_GOOD; | ||
240 | } | ||
241 | @@ -1232,8 +1234,10 @@ t16_decode_pop(kprobe_opcode_t insn, struct arch_specific_insn *asi) | ||
242 | * and call it with R9=SP and PC in the register list represented | ||
243 | * by R8. | ||
244 | */ | ||
245 | - ((u16 *)asi->insn)[0] = 0xe8b9; /* 1st half LDMIA R9!,{} */ | ||
246 | - ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */ | ||
247 | + /* 1st half LDMIA R9!,{} */ | ||
248 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe8b9); | ||
249 | + /* 2nd half (register list) */ | ||
250 | + ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff); | ||
251 | asi->insn_handler = insn & 0x100 ? t16_emulate_pop_pc | ||
252 | : t16_emulate_pop_nopc; | ||
253 | return INSN_GOOD; | ||
254 | diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c | ||
255 | index 170e9f34003f..1c6ece51781c 100644 | ||
256 | --- a/arch/arm/kernel/kprobes.c | ||
257 | +++ b/arch/arm/kernel/kprobes.c | ||
258 | @@ -26,6 +26,7 @@ | ||
259 | #include <linux/stop_machine.h> | ||
260 | #include <linux/stringify.h> | ||
261 | #include <asm/traps.h> | ||
262 | +#include <asm/opcodes.h> | ||
263 | #include <asm/cacheflush.h> | ||
264 | |||
265 | #include "kprobes.h" | ||
266 | @@ -62,10 +63,10 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) | ||
267 | #ifdef CONFIG_THUMB2_KERNEL | ||
268 | thumb = true; | ||
269 | addr &= ~1; /* Bit 0 would normally be set to indicate Thumb code */ | ||
270 | - insn = ((u16 *)addr)[0]; | ||
271 | + insn = __mem_to_opcode_thumb16(((u16 *)addr)[0]); | ||
272 | if (is_wide_instruction(insn)) { | ||
273 | - insn <<= 16; | ||
274 | - insn |= ((u16 *)addr)[1]; | ||
275 | + u16 inst2 = __mem_to_opcode_thumb16(((u16 *)addr)[1]); | ||
276 | + insn = __opcode_thumb32_compose(insn, inst2); | ||
277 | decode_insn = thumb32_kprobe_decode_insn; | ||
278 | } else | ||
279 | decode_insn = thumb16_kprobe_decode_insn; | ||
280 | @@ -73,7 +74,7 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) | ||
281 | thumb = false; | ||
282 | if (addr & 0x3) | ||
283 | return -EINVAL; | ||
284 | - insn = *p->addr; | ||
285 | + insn = __mem_to_opcode_arm(*p->addr); | ||
286 | decode_insn = arm_kprobe_decode_insn; | ||
287 | #endif | ||
288 | |||
289 | diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c | ||
290 | index d6a0fdb6c2ee..a2a2804b1bc2 100644 | ||
291 | --- a/arch/arm/kernel/traps.c | ||
292 | +++ b/arch/arm/kernel/traps.c | ||
293 | @@ -347,15 +347,17 @@ void arm_notify_die(const char *str, struct pt_regs *regs, | ||
294 | int is_valid_bugaddr(unsigned long pc) | ||
295 | { | ||
296 | #ifdef CONFIG_THUMB2_KERNEL | ||
297 | - unsigned short bkpt; | ||
298 | + u16 bkpt; | ||
299 | + u16 insn = __opcode_to_mem_thumb16(BUG_INSTR_VALUE); | ||
300 | #else | ||
301 | - unsigned long bkpt; | ||
302 | + u32 bkpt; | ||
303 | + u32 insn = __opcode_to_mem_arm(BUG_INSTR_VALUE); | ||
304 | #endif | ||
305 | |||
306 | if (probe_kernel_address((unsigned *)pc, bkpt)) | ||
307 | return 0; | ||
308 | |||
309 | - return bkpt == BUG_INSTR_VALUE; | ||
310 | + return bkpt == insn; | ||
311 | } | ||
312 | |||
313 | #endif | ||
314 | diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig | ||
315 | index c21082d664ed..c6926eae4fe0 100644 | ||
316 | --- a/arch/arm/mm/Kconfig | ||
317 | +++ b/arch/arm/mm/Kconfig | ||
318 | @@ -778,6 +778,7 @@ config NEED_KUSER_HELPERS | ||
319 | |||
320 | config KUSER_HELPERS | ||
321 | bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS | ||
322 | + depends on MMU | ||
323 | default y | ||
324 | help | ||
325 | Warning: disabling this option may break user programs. | ||
326 | diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c | ||
327 | index 5dbf13f954f6..160da6d65546 100644 | ||
328 | --- a/arch/arm/mm/fault.c | ||
329 | +++ b/arch/arm/mm/fault.c | ||
330 | @@ -261,9 +261,7 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) | ||
331 | struct task_struct *tsk; | ||
332 | struct mm_struct *mm; | ||
333 | int fault, sig, code; | ||
334 | - int write = fsr & FSR_WRITE; | ||
335 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
336 | - (write ? FAULT_FLAG_WRITE : 0); | ||
337 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
338 | |||
339 | if (notify_page_fault(regs, fsr)) | ||
340 | return 0; | ||
341 | @@ -282,6 +280,11 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) | ||
342 | if (in_atomic() || !mm) | ||
343 | goto no_context; | ||
344 | |||
345 | + if (user_mode(regs)) | ||
346 | + flags |= FAULT_FLAG_USER; | ||
347 | + if (fsr & FSR_WRITE) | ||
348 | + flags |= FAULT_FLAG_WRITE; | ||
349 | + | ||
350 | /* | ||
351 | * As per x86, we may deadlock here. However, since the kernel only | ||
352 | * validly references user space from well defined areas of the code, | ||
353 | @@ -349,6 +352,13 @@ retry: | ||
354 | if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) | ||
355 | return 0; | ||
356 | |||
357 | + /* | ||
358 | + * If we are in kernel mode at this point, we | ||
359 | + * have no context to handle this fault with. | ||
360 | + */ | ||
361 | + if (!user_mode(regs)) | ||
362 | + goto no_context; | ||
363 | + | ||
364 | if (fault & VM_FAULT_OOM) { | ||
365 | /* | ||
366 | * We ran out of memory, call the OOM killer, and return to | ||
367 | @@ -359,13 +369,6 @@ retry: | ||
368 | return 0; | ||
369 | } | ||
370 | |||
371 | - /* | ||
372 | - * If we are in kernel mode at this point, we | ||
373 | - * have no context to handle this fault with. | ||
374 | - */ | ||
375 | - if (!user_mode(regs)) | ||
376 | - goto no_context; | ||
377 | - | ||
378 | if (fault & VM_FAULT_SIGBUS) { | ||
379 | /* | ||
380 | * We had some memory, but were unable to | ||
381 | diff --git a/arch/arm64/lib/clear_user.S b/arch/arm64/lib/clear_user.S | ||
382 | index 6e0ed93d51fe..c17967fdf5f6 100644 | ||
383 | --- a/arch/arm64/lib/clear_user.S | ||
384 | +++ b/arch/arm64/lib/clear_user.S | ||
385 | @@ -46,7 +46,7 @@ USER(9f, strh wzr, [x0], #2 ) | ||
386 | sub x1, x1, #2 | ||
387 | 4: adds x1, x1, #1 | ||
388 | b.mi 5f | ||
389 | - strb wzr, [x0] | ||
390 | +USER(9f, strb wzr, [x0] ) | ||
391 | 5: mov x0, #0 | ||
392 | ret | ||
393 | ENDPROC(__clear_user) | ||
394 | diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c | ||
395 | index f51d669c8ebd..b5d458769b65 100644 | ||
396 | --- a/arch/arm64/mm/fault.c | ||
397 | +++ b/arch/arm64/mm/fault.c | ||
398 | @@ -199,13 +199,6 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, | ||
399 | unsigned long vm_flags = VM_READ | VM_WRITE | VM_EXEC; | ||
400 | unsigned int mm_flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
401 | |||
402 | - if (esr & ESR_LNX_EXEC) { | ||
403 | - vm_flags = VM_EXEC; | ||
404 | - } else if ((esr & ESR_WRITE) && !(esr & ESR_CM)) { | ||
405 | - vm_flags = VM_WRITE; | ||
406 | - mm_flags |= FAULT_FLAG_WRITE; | ||
407 | - } | ||
408 | - | ||
409 | tsk = current; | ||
410 | mm = tsk->mm; | ||
411 | |||
412 | @@ -220,6 +213,16 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, | ||
413 | if (in_atomic() || !mm) | ||
414 | goto no_context; | ||
415 | |||
416 | + if (user_mode(regs)) | ||
417 | + mm_flags |= FAULT_FLAG_USER; | ||
418 | + | ||
419 | + if (esr & ESR_LNX_EXEC) { | ||
420 | + vm_flags = VM_EXEC; | ||
421 | + } else if ((esr & ESR_WRITE) && !(esr & ESR_CM)) { | ||
422 | + vm_flags = VM_WRITE; | ||
423 | + mm_flags |= FAULT_FLAG_WRITE; | ||
424 | + } | ||
425 | + | ||
426 | /* | ||
427 | * As per x86, we may deadlock here. However, since the kernel only | ||
428 | * validly references user space from well defined areas of the code, | ||
429 | @@ -288,6 +291,13 @@ retry: | ||
430 | VM_FAULT_BADACCESS)))) | ||
431 | return 0; | ||
432 | |||
433 | + /* | ||
434 | + * If we are in kernel mode at this point, we have no context to | ||
435 | + * handle this fault with. | ||
436 | + */ | ||
437 | + if (!user_mode(regs)) | ||
438 | + goto no_context; | ||
439 | + | ||
440 | if (fault & VM_FAULT_OOM) { | ||
441 | /* | ||
442 | * We ran out of memory, call the OOM killer, and return to | ||
443 | @@ -298,13 +308,6 @@ retry: | ||
444 | return 0; | ||
445 | } | ||
446 | |||
447 | - /* | ||
448 | - * If we are in kernel mode at this point, we have no context to | ||
449 | - * handle this fault with. | ||
450 | - */ | ||
451 | - if (!user_mode(regs)) | ||
452 | - goto no_context; | ||
453 | - | ||
454 | if (fault & VM_FAULT_SIGBUS) { | ||
455 | /* | ||
456 | * We had some memory, but were unable to successfully fix up | ||
457 | diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c | ||
458 | index b2f2d2d66849..0eca93327195 100644 | ||
459 | --- a/arch/avr32/mm/fault.c | ||
460 | +++ b/arch/avr32/mm/fault.c | ||
461 | @@ -86,6 +86,8 @@ asmlinkage void do_page_fault(unsigned long ecr, struct pt_regs *regs) | ||
462 | |||
463 | local_irq_enable(); | ||
464 | |||
465 | + if (user_mode(regs)) | ||
466 | + flags |= FAULT_FLAG_USER; | ||
467 | retry: | ||
468 | down_read(&mm->mmap_sem); | ||
469 | |||
470 | @@ -228,9 +230,9 @@ no_context: | ||
471 | */ | ||
472 | out_of_memory: | ||
473 | up_read(&mm->mmap_sem); | ||
474 | - pagefault_out_of_memory(); | ||
475 | if (!user_mode(regs)) | ||
476 | goto no_context; | ||
477 | + pagefault_out_of_memory(); | ||
478 | return; | ||
479 | |||
480 | do_sigbus: | ||
481 | diff --git a/arch/cris/mm/fault.c b/arch/cris/mm/fault.c | ||
482 | index 73312ab6c696..1790f22e71a2 100644 | ||
483 | --- a/arch/cris/mm/fault.c | ||
484 | +++ b/arch/cris/mm/fault.c | ||
485 | @@ -58,8 +58,7 @@ do_page_fault(unsigned long address, struct pt_regs *regs, | ||
486 | struct vm_area_struct * vma; | ||
487 | siginfo_t info; | ||
488 | int fault; | ||
489 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
490 | - ((writeaccess & 1) ? FAULT_FLAG_WRITE : 0); | ||
491 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
492 | |||
493 | D(printk(KERN_DEBUG | ||
494 | "Page fault for %lX on %X at %lX, prot %d write %d\n", | ||
495 | @@ -117,6 +116,8 @@ do_page_fault(unsigned long address, struct pt_regs *regs, | ||
496 | if (in_atomic() || !mm) | ||
497 | goto no_context; | ||
498 | |||
499 | + if (user_mode(regs)) | ||
500 | + flags |= FAULT_FLAG_USER; | ||
501 | retry: | ||
502 | down_read(&mm->mmap_sem); | ||
503 | vma = find_vma(mm, address); | ||
504 | @@ -155,6 +156,7 @@ retry: | ||
505 | } else if (writeaccess == 1) { | ||
506 | if (!(vma->vm_flags & VM_WRITE)) | ||
507 | goto bad_area; | ||
508 | + flags |= FAULT_FLAG_WRITE; | ||
509 | } else { | ||
510 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) | ||
511 | goto bad_area; | ||
512 | diff --git a/arch/frv/mm/fault.c b/arch/frv/mm/fault.c | ||
513 | index 331c1e2cfb67..9a66372fc7c7 100644 | ||
514 | --- a/arch/frv/mm/fault.c | ||
515 | +++ b/arch/frv/mm/fault.c | ||
516 | @@ -34,11 +34,11 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear | ||
517 | struct vm_area_struct *vma; | ||
518 | struct mm_struct *mm; | ||
519 | unsigned long _pme, lrai, lrad, fixup; | ||
520 | + unsigned long flags = 0; | ||
521 | siginfo_t info; | ||
522 | pgd_t *pge; | ||
523 | pud_t *pue; | ||
524 | pte_t *pte; | ||
525 | - int write; | ||
526 | int fault; | ||
527 | |||
528 | #if 0 | ||
529 | @@ -81,6 +81,9 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear | ||
530 | if (in_atomic() || !mm) | ||
531 | goto no_context; | ||
532 | |||
533 | + if (user_mode(__frame)) | ||
534 | + flags |= FAULT_FLAG_USER; | ||
535 | + | ||
536 | down_read(&mm->mmap_sem); | ||
537 | |||
538 | vma = find_vma(mm, ear0); | ||
539 | @@ -129,7 +132,6 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear | ||
540 | */ | ||
541 | good_area: | ||
542 | info.si_code = SEGV_ACCERR; | ||
543 | - write = 0; | ||
544 | switch (esr0 & ESR0_ATXC) { | ||
545 | default: | ||
546 | /* handle write to write protected page */ | ||
547 | @@ -140,7 +142,7 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear | ||
548 | #endif | ||
549 | if (!(vma->vm_flags & VM_WRITE)) | ||
550 | goto bad_area; | ||
551 | - write = 1; | ||
552 | + flags |= FAULT_FLAG_WRITE; | ||
553 | break; | ||
554 | |||
555 | /* handle read from protected page */ | ||
556 | @@ -162,7 +164,7 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear | ||
557 | * make sure we exit gracefully rather than endlessly redo | ||
558 | * the fault. | ||
559 | */ | ||
560 | - fault = handle_mm_fault(mm, vma, ear0, write ? FAULT_FLAG_WRITE : 0); | ||
561 | + fault = handle_mm_fault(mm, vma, ear0, flags); | ||
562 | if (unlikely(fault & VM_FAULT_ERROR)) { | ||
563 | if (fault & VM_FAULT_OOM) | ||
564 | goto out_of_memory; | ||
565 | diff --git a/arch/hexagon/mm/vm_fault.c b/arch/hexagon/mm/vm_fault.c | ||
566 | index 1bd276dbec7d..8704c9320032 100644 | ||
567 | --- a/arch/hexagon/mm/vm_fault.c | ||
568 | +++ b/arch/hexagon/mm/vm_fault.c | ||
569 | @@ -53,8 +53,7 @@ void do_page_fault(unsigned long address, long cause, struct pt_regs *regs) | ||
570 | int si_code = SEGV_MAPERR; | ||
571 | int fault; | ||
572 | const struct exception_table_entry *fixup; | ||
573 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
574 | - (cause > 0 ? FAULT_FLAG_WRITE : 0); | ||
575 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
576 | |||
577 | /* | ||
578 | * If we're in an interrupt or have no user context, | ||
579 | @@ -65,6 +64,8 @@ void do_page_fault(unsigned long address, long cause, struct pt_regs *regs) | ||
580 | |||
581 | local_irq_enable(); | ||
582 | |||
583 | + if (user_mode(regs)) | ||
584 | + flags |= FAULT_FLAG_USER; | ||
585 | retry: | ||
586 | down_read(&mm->mmap_sem); | ||
587 | vma = find_vma(mm, address); | ||
588 | @@ -96,6 +97,7 @@ good_area: | ||
589 | case FLT_STORE: | ||
590 | if (!(vma->vm_flags & VM_WRITE)) | ||
591 | goto bad_area; | ||
592 | + flags |= FAULT_FLAG_WRITE; | ||
593 | break; | ||
594 | } | ||
595 | |||
596 | diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c | ||
597 | index 6cf0341f978e..7225dad87094 100644 | ||
598 | --- a/arch/ia64/mm/fault.c | ||
599 | +++ b/arch/ia64/mm/fault.c | ||
600 | @@ -90,8 +90,6 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re | ||
601 | mask = ((((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT) | ||
602 | | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT)); | ||
603 | |||
604 | - flags |= ((mask & VM_WRITE) ? FAULT_FLAG_WRITE : 0); | ||
605 | - | ||
606 | /* mmap_sem is performance critical.... */ | ||
607 | prefetchw(&mm->mmap_sem); | ||
608 | |||
609 | @@ -119,6 +117,10 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re | ||
610 | if (notify_page_fault(regs, TRAP_BRKPT)) | ||
611 | return; | ||
612 | |||
613 | + if (user_mode(regs)) | ||
614 | + flags |= FAULT_FLAG_USER; | ||
615 | + if (mask & VM_WRITE) | ||
616 | + flags |= FAULT_FLAG_WRITE; | ||
617 | retry: | ||
618 | down_read(&mm->mmap_sem); | ||
619 | |||
620 | diff --git a/arch/m32r/mm/fault.c b/arch/m32r/mm/fault.c | ||
621 | index 3cdfa9c1d091..e9c6a8014bd6 100644 | ||
622 | --- a/arch/m32r/mm/fault.c | ||
623 | +++ b/arch/m32r/mm/fault.c | ||
624 | @@ -78,7 +78,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, | ||
625 | struct mm_struct *mm; | ||
626 | struct vm_area_struct * vma; | ||
627 | unsigned long page, addr; | ||
628 | - int write; | ||
629 | + unsigned long flags = 0; | ||
630 | int fault; | ||
631 | siginfo_t info; | ||
632 | |||
633 | @@ -117,6 +117,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, | ||
634 | if (in_atomic() || !mm) | ||
635 | goto bad_area_nosemaphore; | ||
636 | |||
637 | + if (error_code & ACE_USERMODE) | ||
638 | + flags |= FAULT_FLAG_USER; | ||
639 | + | ||
640 | /* When running in the kernel we expect faults to occur only to | ||
641 | * addresses in user space. All other faults represent errors in the | ||
642 | * kernel and should generate an OOPS. Unfortunately, in the case of an | ||
643 | @@ -166,14 +169,13 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, | ||
644 | */ | ||
645 | good_area: | ||
646 | info.si_code = SEGV_ACCERR; | ||
647 | - write = 0; | ||
648 | switch (error_code & (ACE_WRITE|ACE_PROTECTION)) { | ||
649 | default: /* 3: write, present */ | ||
650 | /* fall through */ | ||
651 | case ACE_WRITE: /* write, not present */ | ||
652 | if (!(vma->vm_flags & VM_WRITE)) | ||
653 | goto bad_area; | ||
654 | - write++; | ||
655 | + flags |= FAULT_FLAG_WRITE; | ||
656 | break; | ||
657 | case ACE_PROTECTION: /* read, present */ | ||
658 | case 0: /* read, not present */ | ||
659 | @@ -194,7 +196,7 @@ good_area: | ||
660 | */ | ||
661 | addr = (address & PAGE_MASK); | ||
662 | set_thread_fault_code(error_code); | ||
663 | - fault = handle_mm_fault(mm, vma, addr, write ? FAULT_FLAG_WRITE : 0); | ||
664 | + fault = handle_mm_fault(mm, vma, addr, flags); | ||
665 | if (unlikely(fault & VM_FAULT_ERROR)) { | ||
666 | if (fault & VM_FAULT_OOM) | ||
667 | goto out_of_memory; | ||
668 | diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c | ||
669 | index a563727806bf..eb1d61f68725 100644 | ||
670 | --- a/arch/m68k/mm/fault.c | ||
671 | +++ b/arch/m68k/mm/fault.c | ||
672 | @@ -88,6 +88,8 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, | ||
673 | if (in_atomic() || !mm) | ||
674 | goto no_context; | ||
675 | |||
676 | + if (user_mode(regs)) | ||
677 | + flags |= FAULT_FLAG_USER; | ||
678 | retry: | ||
679 | down_read(&mm->mmap_sem); | ||
680 | |||
681 | diff --git a/arch/metag/mm/fault.c b/arch/metag/mm/fault.c | ||
682 | index 2c75bf7357c5..332680e5ebf2 100644 | ||
683 | --- a/arch/metag/mm/fault.c | ||
684 | +++ b/arch/metag/mm/fault.c | ||
685 | @@ -53,8 +53,7 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, | ||
686 | struct vm_area_struct *vma, *prev_vma; | ||
687 | siginfo_t info; | ||
688 | int fault; | ||
689 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
690 | - (write_access ? FAULT_FLAG_WRITE : 0); | ||
691 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
692 | |||
693 | tsk = current; | ||
694 | |||
695 | @@ -109,6 +108,8 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, | ||
696 | if (in_atomic() || !mm) | ||
697 | goto no_context; | ||
698 | |||
699 | + if (user_mode(regs)) | ||
700 | + flags |= FAULT_FLAG_USER; | ||
701 | retry: | ||
702 | down_read(&mm->mmap_sem); | ||
703 | |||
704 | @@ -121,6 +122,7 @@ good_area: | ||
705 | if (write_access) { | ||
706 | if (!(vma->vm_flags & VM_WRITE)) | ||
707 | goto bad_area; | ||
708 | + flags |= FAULT_FLAG_WRITE; | ||
709 | } else { | ||
710 | if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) | ||
711 | goto bad_area; | ||
712 | @@ -224,8 +226,10 @@ do_sigbus: | ||
713 | */ | ||
714 | out_of_memory: | ||
715 | up_read(&mm->mmap_sem); | ||
716 | - if (user_mode(regs)) | ||
717 | - do_group_exit(SIGKILL); | ||
718 | + if (user_mode(regs)) { | ||
719 | + pagefault_out_of_memory(); | ||
720 | + return 1; | ||
721 | + } | ||
722 | |||
723 | no_context: | ||
724 | /* Are we prepared to handle this kernel fault? */ | ||
725 | diff --git a/arch/microblaze/mm/fault.c b/arch/microblaze/mm/fault.c | ||
726 | index 731f739d17a1..fa4cf52aa7a6 100644 | ||
727 | --- a/arch/microblaze/mm/fault.c | ||
728 | +++ b/arch/microblaze/mm/fault.c | ||
729 | @@ -92,8 +92,7 @@ void do_page_fault(struct pt_regs *regs, unsigned long address, | ||
730 | int code = SEGV_MAPERR; | ||
731 | int is_write = error_code & ESR_S; | ||
732 | int fault; | ||
733 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
734 | - (is_write ? FAULT_FLAG_WRITE : 0); | ||
735 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
736 | |||
737 | regs->ear = address; | ||
738 | regs->esr = error_code; | ||
739 | @@ -121,6 +120,9 @@ void do_page_fault(struct pt_regs *regs, unsigned long address, | ||
740 | die("Weird page fault", regs, SIGSEGV); | ||
741 | } | ||
742 | |||
743 | + if (user_mode(regs)) | ||
744 | + flags |= FAULT_FLAG_USER; | ||
745 | + | ||
746 | /* When running in the kernel we expect faults to occur only to | ||
747 | * addresses in user space. All other faults represent errors in the | ||
748 | * kernel and should generate an OOPS. Unfortunately, in the case of an | ||
749 | @@ -199,6 +201,7 @@ good_area: | ||
750 | if (unlikely(is_write)) { | ||
751 | if (unlikely(!(vma->vm_flags & VM_WRITE))) | ||
752 | goto bad_area; | ||
753 | + flags |= FAULT_FLAG_WRITE; | ||
754 | /* a read */ | ||
755 | } else { | ||
756 | /* protection fault */ | ||
757 | diff --git a/arch/mips/mm/c-r4k.c b/arch/mips/mm/c-r4k.c | ||
758 | index 5495101d32c8..c2ec87e5d1cc 100644 | ||
759 | --- a/arch/mips/mm/c-r4k.c | ||
760 | +++ b/arch/mips/mm/c-r4k.c | ||
761 | @@ -608,6 +608,7 @@ static void r4k_dma_cache_wback_inv(unsigned long addr, unsigned long size) | ||
762 | r4k_blast_scache(); | ||
763 | else | ||
764 | blast_scache_range(addr, addr + size); | ||
765 | + preempt_enable(); | ||
766 | __sync(); | ||
767 | return; | ||
768 | } | ||
769 | @@ -649,6 +650,7 @@ static void r4k_dma_cache_inv(unsigned long addr, unsigned long size) | ||
770 | */ | ||
771 | blast_inv_scache_range(addr, addr + size); | ||
772 | } | ||
773 | + preempt_enable(); | ||
774 | __sync(); | ||
775 | return; | ||
776 | } | ||
777 | diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c | ||
778 | index 0fead53d1c26..0214a43b9911 100644 | ||
779 | --- a/arch/mips/mm/fault.c | ||
780 | +++ b/arch/mips/mm/fault.c | ||
781 | @@ -41,8 +41,7 @@ asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, unsigned long writ | ||
782 | const int field = sizeof(unsigned long) * 2; | ||
783 | siginfo_t info; | ||
784 | int fault; | ||
785 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
786 | - (write ? FAULT_FLAG_WRITE : 0); | ||
787 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
788 | |||
789 | #if 0 | ||
790 | printk("Cpu%d[%s:%d:%0*lx:%ld:%0*lx]\n", raw_smp_processor_id(), | ||
791 | @@ -92,6 +91,8 @@ asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, unsigned long writ | ||
792 | if (in_atomic() || !mm) | ||
793 | goto bad_area_nosemaphore; | ||
794 | |||
795 | + if (user_mode(regs)) | ||
796 | + flags |= FAULT_FLAG_USER; | ||
797 | retry: | ||
798 | down_read(&mm->mmap_sem); | ||
799 | vma = find_vma(mm, address); | ||
800 | @@ -113,6 +114,7 @@ good_area: | ||
801 | if (write) { | ||
802 | if (!(vma->vm_flags & VM_WRITE)) | ||
803 | goto bad_area; | ||
804 | + flags |= FAULT_FLAG_WRITE; | ||
805 | } else { | ||
806 | if (cpu_has_rixi) { | ||
807 | if (address == regs->cp0_epc && !(vma->vm_flags & VM_EXEC)) { | ||
808 | @@ -240,6 +242,8 @@ out_of_memory: | ||
809 | * (which will retry the fault, or kill us if we got oom-killed). | ||
810 | */ | ||
811 | up_read(&mm->mmap_sem); | ||
812 | + if (!user_mode(regs)) | ||
813 | + goto no_context; | ||
814 | pagefault_out_of_memory(); | ||
815 | return; | ||
816 | |||
817 | diff --git a/arch/mn10300/mm/fault.c b/arch/mn10300/mm/fault.c | ||
818 | index d48a84fd7fae..3516cbdf1ee9 100644 | ||
819 | --- a/arch/mn10300/mm/fault.c | ||
820 | +++ b/arch/mn10300/mm/fault.c | ||
821 | @@ -171,6 +171,8 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long fault_code, | ||
822 | if (in_atomic() || !mm) | ||
823 | goto no_context; | ||
824 | |||
825 | + if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) | ||
826 | + flags |= FAULT_FLAG_USER; | ||
827 | retry: | ||
828 | down_read(&mm->mmap_sem); | ||
829 | |||
830 | @@ -345,9 +347,10 @@ no_context: | ||
831 | */ | ||
832 | out_of_memory: | ||
833 | up_read(&mm->mmap_sem); | ||
834 | - printk(KERN_ALERT "VM: killing process %s\n", tsk->comm); | ||
835 | - if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) | ||
836 | - do_exit(SIGKILL); | ||
837 | + if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) { | ||
838 | + pagefault_out_of_memory(); | ||
839 | + return; | ||
840 | + } | ||
841 | goto no_context; | ||
842 | |||
843 | do_sigbus: | ||
844 | diff --git a/arch/openrisc/mm/fault.c b/arch/openrisc/mm/fault.c | ||
845 | index e2bfafce66c5..0703acf7d327 100644 | ||
846 | --- a/arch/openrisc/mm/fault.c | ||
847 | +++ b/arch/openrisc/mm/fault.c | ||
848 | @@ -86,6 +86,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long address, | ||
849 | if (user_mode(regs)) { | ||
850 | /* Exception was in userspace: reenable interrupts */ | ||
851 | local_irq_enable(); | ||
852 | + flags |= FAULT_FLAG_USER; | ||
853 | } else { | ||
854 | /* If exception was in a syscall, then IRQ's may have | ||
855 | * been enabled or disabled. If they were enabled, | ||
856 | @@ -267,10 +268,10 @@ out_of_memory: | ||
857 | __asm__ __volatile__("l.nop 1"); | ||
858 | |||
859 | up_read(&mm->mmap_sem); | ||
860 | - printk("VM: killing process %s\n", tsk->comm); | ||
861 | - if (user_mode(regs)) | ||
862 | - do_exit(SIGKILL); | ||
863 | - goto no_context; | ||
864 | + if (!user_mode(regs)) | ||
865 | + goto no_context; | ||
866 | + pagefault_out_of_memory(); | ||
867 | + return; | ||
868 | |||
869 | do_sigbus: | ||
870 | up_read(&mm->mmap_sem); | ||
871 | diff --git a/arch/parisc/include/uapi/asm/shmbuf.h b/arch/parisc/include/uapi/asm/shmbuf.h | ||
872 | index 0a3eada1863b..f395cde7b593 100644 | ||
873 | --- a/arch/parisc/include/uapi/asm/shmbuf.h | ||
874 | +++ b/arch/parisc/include/uapi/asm/shmbuf.h | ||
875 | @@ -36,23 +36,16 @@ struct shmid64_ds { | ||
876 | unsigned int __unused2; | ||
877 | }; | ||
878 | |||
879 | -#ifdef CONFIG_64BIT | ||
880 | -/* The 'unsigned int' (formerly 'unsigned long') data types below will | ||
881 | - * ensure that a 32-bit app calling shmctl(*,IPC_INFO,*) will work on | ||
882 | - * a wide kernel, but if some of these values are meant to contain pointers | ||
883 | - * they may need to be 'long long' instead. -PB XXX FIXME | ||
884 | - */ | ||
885 | -#endif | ||
886 | struct shminfo64 { | ||
887 | - unsigned int shmmax; | ||
888 | - unsigned int shmmin; | ||
889 | - unsigned int shmmni; | ||
890 | - unsigned int shmseg; | ||
891 | - unsigned int shmall; | ||
892 | - unsigned int __unused1; | ||
893 | - unsigned int __unused2; | ||
894 | - unsigned int __unused3; | ||
895 | - unsigned int __unused4; | ||
896 | + unsigned long shmmax; | ||
897 | + unsigned long shmmin; | ||
898 | + unsigned long shmmni; | ||
899 | + unsigned long shmseg; | ||
900 | + unsigned long shmall; | ||
901 | + unsigned long __unused1; | ||
902 | + unsigned long __unused2; | ||
903 | + unsigned long __unused3; | ||
904 | + unsigned long __unused4; | ||
905 | }; | ||
906 | |||
907 | #endif /* _PARISC_SHMBUF_H */ | ||
908 | diff --git a/arch/parisc/kernel/syscall_table.S b/arch/parisc/kernel/syscall_table.S | ||
909 | index 10a0c2aad8cf..b24732d1bdbf 100644 | ||
910 | --- a/arch/parisc/kernel/syscall_table.S | ||
911 | +++ b/arch/parisc/kernel/syscall_table.S | ||
912 | @@ -286,11 +286,11 @@ | ||
913 | ENTRY_COMP(msgsnd) | ||
914 | ENTRY_COMP(msgrcv) | ||
915 | ENTRY_SAME(msgget) /* 190 */ | ||
916 | - ENTRY_SAME(msgctl) | ||
917 | - ENTRY_SAME(shmat) | ||
918 | + ENTRY_COMP(msgctl) | ||
919 | + ENTRY_COMP(shmat) | ||
920 | ENTRY_SAME(shmdt) | ||
921 | ENTRY_SAME(shmget) | ||
922 | - ENTRY_SAME(shmctl) /* 195 */ | ||
923 | + ENTRY_COMP(shmctl) /* 195 */ | ||
924 | ENTRY_SAME(ni_syscall) /* streams1 */ | ||
925 | ENTRY_SAME(ni_syscall) /* streams2 */ | ||
926 | ENTRY_SAME(lstat64) | ||
927 | @@ -323,7 +323,7 @@ | ||
928 | ENTRY_SAME(epoll_ctl) /* 225 */ | ||
929 | ENTRY_SAME(epoll_wait) | ||
930 | ENTRY_SAME(remap_file_pages) | ||
931 | - ENTRY_SAME(semtimedop) | ||
932 | + ENTRY_COMP(semtimedop) | ||
933 | ENTRY_COMP(mq_open) | ||
934 | ENTRY_SAME(mq_unlink) /* 230 */ | ||
935 | ENTRY_COMP(mq_timedsend) | ||
936 | diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c | ||
937 | index f247a3480e8e..d10d27a720c0 100644 | ||
938 | --- a/arch/parisc/mm/fault.c | ||
939 | +++ b/arch/parisc/mm/fault.c | ||
940 | @@ -180,6 +180,10 @@ void do_page_fault(struct pt_regs *regs, unsigned long code, | ||
941 | if (in_atomic() || !mm) | ||
942 | goto no_context; | ||
943 | |||
944 | + if (user_mode(regs)) | ||
945 | + flags |= FAULT_FLAG_USER; | ||
946 | + if (acc_type & VM_WRITE) | ||
947 | + flags |= FAULT_FLAG_WRITE; | ||
948 | retry: | ||
949 | down_read(&mm->mmap_sem); | ||
950 | vma = find_vma_prev(mm, address, &prev_vma); | ||
951 | @@ -203,8 +207,7 @@ good_area: | ||
952 | * fault. | ||
953 | */ | ||
954 | |||
955 | - fault = handle_mm_fault(mm, vma, address, | ||
956 | - flags | ((acc_type & VM_WRITE) ? FAULT_FLAG_WRITE : 0)); | ||
957 | + fault = handle_mm_fault(mm, vma, address, flags); | ||
958 | |||
959 | if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) | ||
960 | return; | ||
961 | diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c | ||
962 | index 8726779e1409..d9196c9f93d9 100644 | ||
963 | --- a/arch/powerpc/mm/fault.c | ||
964 | +++ b/arch/powerpc/mm/fault.c | ||
965 | @@ -223,9 +223,6 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, | ||
966 | is_write = error_code & ESR_DST; | ||
967 | #endif /* CONFIG_4xx || CONFIG_BOOKE */ | ||
968 | |||
969 | - if (is_write) | ||
970 | - flags |= FAULT_FLAG_WRITE; | ||
971 | - | ||
972 | #ifdef CONFIG_PPC_ICSWX | ||
973 | /* | ||
974 | * we need to do this early because this "data storage | ||
975 | @@ -280,6 +277,9 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, | ||
976 | |||
977 | perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address); | ||
978 | |||
979 | + if (user_mode(regs)) | ||
980 | + flags |= FAULT_FLAG_USER; | ||
981 | + | ||
982 | /* When running in the kernel we expect faults to occur only to | ||
983 | * addresses in user space. All other faults represent errors in the | ||
984 | * kernel and should generate an OOPS. Unfortunately, in the case of an | ||
985 | @@ -408,6 +408,7 @@ good_area: | ||
986 | } else if (is_write) { | ||
987 | if (!(vma->vm_flags & VM_WRITE)) | ||
988 | goto bad_area; | ||
989 | + flags |= FAULT_FLAG_WRITE; | ||
990 | /* a read */ | ||
991 | } else { | ||
992 | /* protection fault */ | ||
993 | diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c | ||
994 | index 047c3e4c59a2..416facec4a33 100644 | ||
995 | --- a/arch/s390/mm/fault.c | ||
996 | +++ b/arch/s390/mm/fault.c | ||
997 | @@ -302,6 +302,8 @@ static inline int do_exception(struct pt_regs *regs, int access) | ||
998 | address = trans_exc_code & __FAIL_ADDR_MASK; | ||
999 | perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address); | ||
1000 | flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1001 | + if (user_mode(regs)) | ||
1002 | + flags |= FAULT_FLAG_USER; | ||
1003 | if (access == VM_WRITE || (trans_exc_code & store_indication) == 0x400) | ||
1004 | flags |= FAULT_FLAG_WRITE; | ||
1005 | down_read(&mm->mmap_sem); | ||
1006 | diff --git a/arch/score/mm/fault.c b/arch/score/mm/fault.c | ||
1007 | index 47b600e4b2c5..52238983527d 100644 | ||
1008 | --- a/arch/score/mm/fault.c | ||
1009 | +++ b/arch/score/mm/fault.c | ||
1010 | @@ -47,6 +47,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long write, | ||
1011 | struct task_struct *tsk = current; | ||
1012 | struct mm_struct *mm = tsk->mm; | ||
1013 | const int field = sizeof(unsigned long) * 2; | ||
1014 | + unsigned long flags = 0; | ||
1015 | siginfo_t info; | ||
1016 | int fault; | ||
1017 | |||
1018 | @@ -75,6 +76,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long write, | ||
1019 | if (in_atomic() || !mm) | ||
1020 | goto bad_area_nosemaphore; | ||
1021 | |||
1022 | + if (user_mode(regs)) | ||
1023 | + flags |= FAULT_FLAG_USER; | ||
1024 | + | ||
1025 | down_read(&mm->mmap_sem); | ||
1026 | vma = find_vma(mm, address); | ||
1027 | if (!vma) | ||
1028 | @@ -95,18 +99,18 @@ good_area: | ||
1029 | if (write) { | ||
1030 | if (!(vma->vm_flags & VM_WRITE)) | ||
1031 | goto bad_area; | ||
1032 | + flags |= FAULT_FLAG_WRITE; | ||
1033 | } else { | ||
1034 | if (!(vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))) | ||
1035 | goto bad_area; | ||
1036 | } | ||
1037 | |||
1038 | -survive: | ||
1039 | /* | ||
1040 | * If for any reason at all we couldn't handle the fault, | ||
1041 | * make sure we exit gracefully rather than endlessly redo | ||
1042 | * the fault. | ||
1043 | */ | ||
1044 | - fault = handle_mm_fault(mm, vma, address, write); | ||
1045 | + fault = handle_mm_fault(mm, vma, address, flags); | ||
1046 | if (unlikely(fault & VM_FAULT_ERROR)) { | ||
1047 | if (fault & VM_FAULT_OOM) | ||
1048 | goto out_of_memory; | ||
1049 | @@ -167,15 +171,10 @@ no_context: | ||
1050 | */ | ||
1051 | out_of_memory: | ||
1052 | up_read(&mm->mmap_sem); | ||
1053 | - if (is_global_init(tsk)) { | ||
1054 | - yield(); | ||
1055 | - down_read(&mm->mmap_sem); | ||
1056 | - goto survive; | ||
1057 | - } | ||
1058 | - printk("VM: killing process %s\n", tsk->comm); | ||
1059 | - if (user_mode(regs)) | ||
1060 | - do_group_exit(SIGKILL); | ||
1061 | - goto no_context; | ||
1062 | + if (!user_mode(regs)) | ||
1063 | + goto no_context; | ||
1064 | + pagefault_out_of_memory(); | ||
1065 | + return; | ||
1066 | |||
1067 | do_sigbus: | ||
1068 | up_read(&mm->mmap_sem); | ||
1069 | diff --git a/arch/sh/mm/fault.c b/arch/sh/mm/fault.c | ||
1070 | index 1f49c28affa9..541dc6101508 100644 | ||
1071 | --- a/arch/sh/mm/fault.c | ||
1072 | +++ b/arch/sh/mm/fault.c | ||
1073 | @@ -400,9 +400,7 @@ asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, | ||
1074 | struct mm_struct *mm; | ||
1075 | struct vm_area_struct * vma; | ||
1076 | int fault; | ||
1077 | - int write = error_code & FAULT_CODE_WRITE; | ||
1078 | - unsigned int flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
1079 | - (write ? FAULT_FLAG_WRITE : 0)); | ||
1080 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1081 | |||
1082 | tsk = current; | ||
1083 | mm = tsk->mm; | ||
1084 | @@ -476,6 +474,11 @@ good_area: | ||
1085 | |||
1086 | set_thread_fault_code(error_code); | ||
1087 | |||
1088 | + if (user_mode(regs)) | ||
1089 | + flags |= FAULT_FLAG_USER; | ||
1090 | + if (error_code & FAULT_CODE_WRITE) | ||
1091 | + flags |= FAULT_FLAG_WRITE; | ||
1092 | + | ||
1093 | /* | ||
1094 | * If for any reason at all we couldn't handle the fault, | ||
1095 | * make sure we exit gracefully rather than endlessly redo | ||
1096 | diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h | ||
1097 | index 905832aa9e9e..a0ed182ae73c 100644 | ||
1098 | --- a/arch/sparc/include/asm/atomic_32.h | ||
1099 | +++ b/arch/sparc/include/asm/atomic_32.h | ||
1100 | @@ -21,7 +21,7 @@ | ||
1101 | |||
1102 | extern int __atomic_add_return(int, atomic_t *); | ||
1103 | extern int atomic_cmpxchg(atomic_t *, int, int); | ||
1104 | -#define atomic_xchg(v, new) (xchg(&((v)->counter), new)) | ||
1105 | +extern int atomic_xchg(atomic_t *, int); | ||
1106 | extern int __atomic_add_unless(atomic_t *, int, int); | ||
1107 | extern void atomic_set(atomic_t *, int); | ||
1108 | |||
1109 | diff --git a/arch/sparc/include/asm/cmpxchg_32.h b/arch/sparc/include/asm/cmpxchg_32.h | ||
1110 | index 1fae1a02e3c2..ae0f9a7a314d 100644 | ||
1111 | --- a/arch/sparc/include/asm/cmpxchg_32.h | ||
1112 | +++ b/arch/sparc/include/asm/cmpxchg_32.h | ||
1113 | @@ -11,22 +11,14 @@ | ||
1114 | #ifndef __ARCH_SPARC_CMPXCHG__ | ||
1115 | #define __ARCH_SPARC_CMPXCHG__ | ||
1116 | |||
1117 | -static inline unsigned long xchg_u32(__volatile__ unsigned long *m, unsigned long val) | ||
1118 | -{ | ||
1119 | - __asm__ __volatile__("swap [%2], %0" | ||
1120 | - : "=&r" (val) | ||
1121 | - : "0" (val), "r" (m) | ||
1122 | - : "memory"); | ||
1123 | - return val; | ||
1124 | -} | ||
1125 | - | ||
1126 | +extern unsigned long __xchg_u32(volatile u32 *m, u32 new); | ||
1127 | extern void __xchg_called_with_bad_pointer(void); | ||
1128 | |||
1129 | static inline unsigned long __xchg(unsigned long x, __volatile__ void * ptr, int size) | ||
1130 | { | ||
1131 | switch (size) { | ||
1132 | case 4: | ||
1133 | - return xchg_u32(ptr, x); | ||
1134 | + return __xchg_u32(ptr, x); | ||
1135 | } | ||
1136 | __xchg_called_with_bad_pointer(); | ||
1137 | return x; | ||
1138 | diff --git a/arch/sparc/include/asm/vio.h b/arch/sparc/include/asm/vio.h | ||
1139 | index 432afa838861..55841c184e6d 100644 | ||
1140 | --- a/arch/sparc/include/asm/vio.h | ||
1141 | +++ b/arch/sparc/include/asm/vio.h | ||
1142 | @@ -118,12 +118,18 @@ struct vio_disk_attr_info { | ||
1143 | u8 vdisk_type; | ||
1144 | #define VD_DISK_TYPE_SLICE 0x01 /* Slice in block device */ | ||
1145 | #define VD_DISK_TYPE_DISK 0x02 /* Entire block device */ | ||
1146 | - u16 resv1; | ||
1147 | + u8 vdisk_mtype; /* v1.1 */ | ||
1148 | +#define VD_MEDIA_TYPE_FIXED 0x01 /* Fixed device */ | ||
1149 | +#define VD_MEDIA_TYPE_CD 0x02 /* CD Device */ | ||
1150 | +#define VD_MEDIA_TYPE_DVD 0x03 /* DVD Device */ | ||
1151 | + u8 resv1; | ||
1152 | u32 vdisk_block_size; | ||
1153 | u64 operations; | ||
1154 | - u64 vdisk_size; | ||
1155 | + u64 vdisk_size; /* v1.1 */ | ||
1156 | u64 max_xfer_size; | ||
1157 | - u64 resv2[2]; | ||
1158 | + u32 phys_block_size; /* v1.2 */ | ||
1159 | + u32 resv2; | ||
1160 | + u64 resv3[1]; | ||
1161 | }; | ||
1162 | |||
1163 | struct vio_disk_desc { | ||
1164 | @@ -259,7 +265,7 @@ static inline u32 vio_dring_avail(struct vio_dring_state *dr, | ||
1165 | unsigned int ring_size) | ||
1166 | { | ||
1167 | return (dr->pending - | ||
1168 | - ((dr->prod - dr->cons) & (ring_size - 1))); | ||
1169 | + ((dr->prod - dr->cons) & (ring_size - 1)) - 1); | ||
1170 | } | ||
1171 | |||
1172 | #define VIO_MAX_TYPE_LEN 32 | ||
1173 | diff --git a/arch/sparc/kernel/pci_schizo.c b/arch/sparc/kernel/pci_schizo.c | ||
1174 | index 8f76f23dac38..f9c6813c132d 100644 | ||
1175 | --- a/arch/sparc/kernel/pci_schizo.c | ||
1176 | +++ b/arch/sparc/kernel/pci_schizo.c | ||
1177 | @@ -581,7 +581,7 @@ static irqreturn_t schizo_pcierr_intr_other(struct pci_pbm_info *pbm) | ||
1178 | { | ||
1179 | unsigned long csr_reg, csr, csr_error_bits; | ||
1180 | irqreturn_t ret = IRQ_NONE; | ||
1181 | - u16 stat; | ||
1182 | + u32 stat; | ||
1183 | |||
1184 | csr_reg = pbm->pbm_regs + SCHIZO_PCI_CTRL; | ||
1185 | csr = upa_readq(csr_reg); | ||
1186 | @@ -617,7 +617,7 @@ static irqreturn_t schizo_pcierr_intr_other(struct pci_pbm_info *pbm) | ||
1187 | pbm->name); | ||
1188 | ret = IRQ_HANDLED; | ||
1189 | } | ||
1190 | - pci_read_config_word(pbm->pci_bus->self, PCI_STATUS, &stat); | ||
1191 | + pbm->pci_ops->read(pbm->pci_bus, 0, PCI_STATUS, 2, &stat); | ||
1192 | if (stat & (PCI_STATUS_PARITY | | ||
1193 | PCI_STATUS_SIG_TARGET_ABORT | | ||
1194 | PCI_STATUS_REC_TARGET_ABORT | | ||
1195 | @@ -625,7 +625,7 @@ static irqreturn_t schizo_pcierr_intr_other(struct pci_pbm_info *pbm) | ||
1196 | PCI_STATUS_SIG_SYSTEM_ERROR)) { | ||
1197 | printk("%s: PCI bus error, PCI_STATUS[%04x]\n", | ||
1198 | pbm->name, stat); | ||
1199 | - pci_write_config_word(pbm->pci_bus->self, PCI_STATUS, 0xffff); | ||
1200 | + pbm->pci_ops->write(pbm->pci_bus, 0, PCI_STATUS, 2, 0xffff); | ||
1201 | ret = IRQ_HANDLED; | ||
1202 | } | ||
1203 | return ret; | ||
1204 | diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c | ||
1205 | index 8565ecd7d48a..173964d5e948 100644 | ||
1206 | --- a/arch/sparc/kernel/smp_64.c | ||
1207 | +++ b/arch/sparc/kernel/smp_64.c | ||
1208 | @@ -821,13 +821,17 @@ void arch_send_call_function_single_ipi(int cpu) | ||
1209 | void __irq_entry smp_call_function_client(int irq, struct pt_regs *regs) | ||
1210 | { | ||
1211 | clear_softint(1 << irq); | ||
1212 | + irq_enter(); | ||
1213 | generic_smp_call_function_interrupt(); | ||
1214 | + irq_exit(); | ||
1215 | } | ||
1216 | |||
1217 | void __irq_entry smp_call_function_single_client(int irq, struct pt_regs *regs) | ||
1218 | { | ||
1219 | clear_softint(1 << irq); | ||
1220 | + irq_enter(); | ||
1221 | generic_smp_call_function_single_interrupt(); | ||
1222 | + irq_exit(); | ||
1223 | } | ||
1224 | |||
1225 | static void tsb_sync(void *info) | ||
1226 | diff --git a/arch/sparc/lib/atomic32.c b/arch/sparc/lib/atomic32.c | ||
1227 | index 1d32b54089aa..8f2f94d53434 100644 | ||
1228 | --- a/arch/sparc/lib/atomic32.c | ||
1229 | +++ b/arch/sparc/lib/atomic32.c | ||
1230 | @@ -40,6 +40,19 @@ int __atomic_add_return(int i, atomic_t *v) | ||
1231 | } | ||
1232 | EXPORT_SYMBOL(__atomic_add_return); | ||
1233 | |||
1234 | +int atomic_xchg(atomic_t *v, int new) | ||
1235 | +{ | ||
1236 | + int ret; | ||
1237 | + unsigned long flags; | ||
1238 | + | ||
1239 | + spin_lock_irqsave(ATOMIC_HASH(v), flags); | ||
1240 | + ret = v->counter; | ||
1241 | + v->counter = new; | ||
1242 | + spin_unlock_irqrestore(ATOMIC_HASH(v), flags); | ||
1243 | + return ret; | ||
1244 | +} | ||
1245 | +EXPORT_SYMBOL(atomic_xchg); | ||
1246 | + | ||
1247 | int atomic_cmpxchg(atomic_t *v, int old, int new) | ||
1248 | { | ||
1249 | int ret; | ||
1250 | @@ -132,3 +145,17 @@ unsigned long __cmpxchg_u32(volatile u32 *ptr, u32 old, u32 new) | ||
1251 | return (unsigned long)prev; | ||
1252 | } | ||
1253 | EXPORT_SYMBOL(__cmpxchg_u32); | ||
1254 | + | ||
1255 | +unsigned long __xchg_u32(volatile u32 *ptr, u32 new) | ||
1256 | +{ | ||
1257 | + unsigned long flags; | ||
1258 | + u32 prev; | ||
1259 | + | ||
1260 | + spin_lock_irqsave(ATOMIC_HASH(ptr), flags); | ||
1261 | + prev = *ptr; | ||
1262 | + *ptr = new; | ||
1263 | + spin_unlock_irqrestore(ATOMIC_HASH(ptr), flags); | ||
1264 | + | ||
1265 | + return (unsigned long)prev; | ||
1266 | +} | ||
1267 | +EXPORT_SYMBOL(__xchg_u32); | ||
1268 | diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c | ||
1269 | index e98bfda205a2..59dbd4645725 100644 | ||
1270 | --- a/arch/sparc/mm/fault_32.c | ||
1271 | +++ b/arch/sparc/mm/fault_32.c | ||
1272 | @@ -177,8 +177,7 @@ asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write, | ||
1273 | unsigned long g2; | ||
1274 | int from_user = !(regs->psr & PSR_PS); | ||
1275 | int fault, code; | ||
1276 | - unsigned int flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
1277 | - (write ? FAULT_FLAG_WRITE : 0)); | ||
1278 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1279 | |||
1280 | if (text_fault) | ||
1281 | address = regs->pc; | ||
1282 | @@ -235,6 +234,11 @@ good_area: | ||
1283 | goto bad_area; | ||
1284 | } | ||
1285 | |||
1286 | + if (from_user) | ||
1287 | + flags |= FAULT_FLAG_USER; | ||
1288 | + if (write) | ||
1289 | + flags |= FAULT_FLAG_WRITE; | ||
1290 | + | ||
1291 | /* | ||
1292 | * If for any reason at all we couldn't handle the fault, | ||
1293 | * make sure we exit gracefully rather than endlessly redo | ||
1294 | @@ -383,6 +387,7 @@ static void force_user_fault(unsigned long address, int write) | ||
1295 | struct vm_area_struct *vma; | ||
1296 | struct task_struct *tsk = current; | ||
1297 | struct mm_struct *mm = tsk->mm; | ||
1298 | + unsigned int flags = FAULT_FLAG_USER; | ||
1299 | int code; | ||
1300 | |||
1301 | code = SEGV_MAPERR; | ||
1302 | @@ -402,11 +407,12 @@ good_area: | ||
1303 | if (write) { | ||
1304 | if (!(vma->vm_flags & VM_WRITE)) | ||
1305 | goto bad_area; | ||
1306 | + flags |= FAULT_FLAG_WRITE; | ||
1307 | } else { | ||
1308 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) | ||
1309 | goto bad_area; | ||
1310 | } | ||
1311 | - switch (handle_mm_fault(mm, vma, address, write ? FAULT_FLAG_WRITE : 0)) { | ||
1312 | + switch (handle_mm_fault(mm, vma, address, flags)) { | ||
1313 | case VM_FAULT_SIGBUS: | ||
1314 | case VM_FAULT_OOM: | ||
1315 | goto do_sigbus; | ||
1316 | diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c | ||
1317 | index ea83f82464da..3841a081beb3 100644 | ||
1318 | --- a/arch/sparc/mm/fault_64.c | ||
1319 | +++ b/arch/sparc/mm/fault_64.c | ||
1320 | @@ -323,7 +323,8 @@ asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) | ||
1321 | bad_kernel_pc(regs, address); | ||
1322 | return; | ||
1323 | } | ||
1324 | - } | ||
1325 | + } else | ||
1326 | + flags |= FAULT_FLAG_USER; | ||
1327 | |||
1328 | /* | ||
1329 | * If we're in an interrupt or have no user | ||
1330 | @@ -426,13 +427,14 @@ good_area: | ||
1331 | vma->vm_file != NULL) | ||
1332 | set_thread_fault_code(fault_code | | ||
1333 | FAULT_CODE_BLKCOMMIT); | ||
1334 | + | ||
1335 | + flags |= FAULT_FLAG_WRITE; | ||
1336 | } else { | ||
1337 | /* Allow reads even for write-only mappings */ | ||
1338 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) | ||
1339 | goto bad_area; | ||
1340 | } | ||
1341 | |||
1342 | - flags |= ((fault_code & FAULT_CODE_WRITE) ? FAULT_FLAG_WRITE : 0); | ||
1343 | fault = handle_mm_fault(mm, vma, address, flags); | ||
1344 | |||
1345 | if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) | ||
1346 | diff --git a/arch/tile/mm/fault.c b/arch/tile/mm/fault.c | ||
1347 | index 3d2b81c163a6..3ff289f422e6 100644 | ||
1348 | --- a/arch/tile/mm/fault.c | ||
1349 | +++ b/arch/tile/mm/fault.c | ||
1350 | @@ -280,8 +280,7 @@ static int handle_page_fault(struct pt_regs *regs, | ||
1351 | if (!is_page_fault) | ||
1352 | write = 1; | ||
1353 | |||
1354 | - flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
1355 | - (write ? FAULT_FLAG_WRITE : 0)); | ||
1356 | + flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1357 | |||
1358 | is_kernel_mode = (EX1_PL(regs->ex1) != USER_PL); | ||
1359 | |||
1360 | @@ -365,6 +364,9 @@ static int handle_page_fault(struct pt_regs *regs, | ||
1361 | goto bad_area_nosemaphore; | ||
1362 | } | ||
1363 | |||
1364 | + if (!is_kernel_mode) | ||
1365 | + flags |= FAULT_FLAG_USER; | ||
1366 | + | ||
1367 | /* | ||
1368 | * When running in the kernel we expect faults to occur only to | ||
1369 | * addresses in user space. All other faults represent errors in the | ||
1370 | @@ -425,12 +427,12 @@ good_area: | ||
1371 | #endif | ||
1372 | if (!(vma->vm_flags & VM_WRITE)) | ||
1373 | goto bad_area; | ||
1374 | + flags |= FAULT_FLAG_WRITE; | ||
1375 | } else { | ||
1376 | if (!is_page_fault || !(vma->vm_flags & VM_READ)) | ||
1377 | goto bad_area; | ||
1378 | } | ||
1379 | |||
1380 | - survive: | ||
1381 | /* | ||
1382 | * If for any reason at all we couldn't handle the fault, | ||
1383 | * make sure we exit gracefully rather than endlessly redo | ||
1384 | @@ -568,15 +570,10 @@ no_context: | ||
1385 | */ | ||
1386 | out_of_memory: | ||
1387 | up_read(&mm->mmap_sem); | ||
1388 | - if (is_global_init(tsk)) { | ||
1389 | - yield(); | ||
1390 | - down_read(&mm->mmap_sem); | ||
1391 | - goto survive; | ||
1392 | - } | ||
1393 | - pr_alert("VM: killing process %s\n", tsk->comm); | ||
1394 | - if (!is_kernel_mode) | ||
1395 | - do_group_exit(SIGKILL); | ||
1396 | - goto no_context; | ||
1397 | + if (is_kernel_mode) | ||
1398 | + goto no_context; | ||
1399 | + pagefault_out_of_memory(); | ||
1400 | + return 0; | ||
1401 | |||
1402 | do_sigbus: | ||
1403 | up_read(&mm->mmap_sem); | ||
1404 | diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c | ||
1405 | index 089f3987e273..5c3aef74237f 100644 | ||
1406 | --- a/arch/um/kernel/trap.c | ||
1407 | +++ b/arch/um/kernel/trap.c | ||
1408 | @@ -30,8 +30,7 @@ int handle_page_fault(unsigned long address, unsigned long ip, | ||
1409 | pmd_t *pmd; | ||
1410 | pte_t *pte; | ||
1411 | int err = -EFAULT; | ||
1412 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
1413 | - (is_write ? FAULT_FLAG_WRITE : 0); | ||
1414 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1415 | |||
1416 | *code_out = SEGV_MAPERR; | ||
1417 | |||
1418 | @@ -42,6 +41,8 @@ int handle_page_fault(unsigned long address, unsigned long ip, | ||
1419 | if (in_atomic()) | ||
1420 | goto out_nosemaphore; | ||
1421 | |||
1422 | + if (is_user) | ||
1423 | + flags |= FAULT_FLAG_USER; | ||
1424 | retry: | ||
1425 | down_read(&mm->mmap_sem); | ||
1426 | vma = find_vma(mm, address); | ||
1427 | @@ -58,12 +59,15 @@ retry: | ||
1428 | |||
1429 | good_area: | ||
1430 | *code_out = SEGV_ACCERR; | ||
1431 | - if (is_write && !(vma->vm_flags & VM_WRITE)) | ||
1432 | - goto out; | ||
1433 | - | ||
1434 | - /* Don't require VM_READ|VM_EXEC for write faults! */ | ||
1435 | - if (!is_write && !(vma->vm_flags & (VM_READ | VM_EXEC))) | ||
1436 | - goto out; | ||
1437 | + if (is_write) { | ||
1438 | + if (!(vma->vm_flags & VM_WRITE)) | ||
1439 | + goto out; | ||
1440 | + flags |= FAULT_FLAG_WRITE; | ||
1441 | + } else { | ||
1442 | + /* Don't require VM_READ|VM_EXEC for write faults! */ | ||
1443 | + if (!(vma->vm_flags & (VM_READ | VM_EXEC))) | ||
1444 | + goto out; | ||
1445 | + } | ||
1446 | |||
1447 | do { | ||
1448 | int fault; | ||
1449 | @@ -124,6 +128,8 @@ out_of_memory: | ||
1450 | * (which will retry the fault, or kill us if we got oom-killed). | ||
1451 | */ | ||
1452 | up_read(&mm->mmap_sem); | ||
1453 | + if (!is_user) | ||
1454 | + goto out_nosemaphore; | ||
1455 | pagefault_out_of_memory(); | ||
1456 | return 0; | ||
1457 | } | ||
1458 | diff --git a/arch/unicore32/mm/fault.c b/arch/unicore32/mm/fault.c | ||
1459 | index f9b5c10bccee..0dc922dba915 100644 | ||
1460 | --- a/arch/unicore32/mm/fault.c | ||
1461 | +++ b/arch/unicore32/mm/fault.c | ||
1462 | @@ -209,8 +209,7 @@ static int do_pf(unsigned long addr, unsigned int fsr, struct pt_regs *regs) | ||
1463 | struct task_struct *tsk; | ||
1464 | struct mm_struct *mm; | ||
1465 | int fault, sig, code; | ||
1466 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
1467 | - ((!(fsr ^ 0x12)) ? FAULT_FLAG_WRITE : 0); | ||
1468 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1469 | |||
1470 | tsk = current; | ||
1471 | mm = tsk->mm; | ||
1472 | @@ -222,6 +221,11 @@ static int do_pf(unsigned long addr, unsigned int fsr, struct pt_regs *regs) | ||
1473 | if (in_atomic() || !mm) | ||
1474 | goto no_context; | ||
1475 | |||
1476 | + if (user_mode(regs)) | ||
1477 | + flags |= FAULT_FLAG_USER; | ||
1478 | + if (!(fsr ^ 0x12)) | ||
1479 | + flags |= FAULT_FLAG_WRITE; | ||
1480 | + | ||
1481 | /* | ||
1482 | * As per x86, we may deadlock here. However, since the kernel only | ||
1483 | * validly references user space from well defined areas of the code, | ||
1484 | @@ -278,6 +282,13 @@ retry: | ||
1485 | (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) | ||
1486 | return 0; | ||
1487 | |||
1488 | + /* | ||
1489 | + * If we are in kernel mode at this point, we | ||
1490 | + * have no context to handle this fault with. | ||
1491 | + */ | ||
1492 | + if (!user_mode(regs)) | ||
1493 | + goto no_context; | ||
1494 | + | ||
1495 | if (fault & VM_FAULT_OOM) { | ||
1496 | /* | ||
1497 | * We ran out of memory, call the OOM killer, and return to | ||
1498 | @@ -288,13 +299,6 @@ retry: | ||
1499 | return 0; | ||
1500 | } | ||
1501 | |||
1502 | - /* | ||
1503 | - * If we are in kernel mode at this point, we | ||
1504 | - * have no context to handle this fault with. | ||
1505 | - */ | ||
1506 | - if (!user_mode(regs)) | ||
1507 | - goto no_context; | ||
1508 | - | ||
1509 | if (fault & VM_FAULT_SIGBUS) { | ||
1510 | /* | ||
1511 | * We had some memory, but were unable to | ||
1512 | diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c | ||
1513 | index b45ac6affa9c..6d6bb6f4fd43 100644 | ||
1514 | --- a/arch/x86/kernel/cpu/perf_event_intel.c | ||
1515 | +++ b/arch/x86/kernel/cpu/perf_event_intel.c | ||
1516 | @@ -2172,6 +2172,9 @@ __init int intel_pmu_init(void) | ||
1517 | case 62: /* IvyBridge EP */ | ||
1518 | memcpy(hw_cache_event_ids, snb_hw_cache_event_ids, | ||
1519 | sizeof(hw_cache_event_ids)); | ||
1520 | + /* dTLB-load-misses on IVB is different than SNB */ | ||
1521 | + hw_cache_event_ids[C(DTLB)][C(OP_READ)][C(RESULT_MISS)] = 0x8108; /* DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK */ | ||
1522 | + | ||
1523 | memcpy(hw_cache_extra_regs, snb_hw_cache_extra_regs, | ||
1524 | sizeof(hw_cache_extra_regs)); | ||
1525 | |||
1526 | diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c | ||
1527 | index 29a8120e6fe8..baa61e7370b7 100644 | ||
1528 | --- a/arch/x86/kernel/ptrace.c | ||
1529 | +++ b/arch/x86/kernel/ptrace.c | ||
1530 | @@ -1475,15 +1475,6 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, | ||
1531 | force_sig_info(SIGTRAP, &info, tsk); | ||
1532 | } | ||
1533 | |||
1534 | - | ||
1535 | -#ifdef CONFIG_X86_32 | ||
1536 | -# define IS_IA32 1 | ||
1537 | -#elif defined CONFIG_IA32_EMULATION | ||
1538 | -# define IS_IA32 is_compat_task() | ||
1539 | -#else | ||
1540 | -# define IS_IA32 0 | ||
1541 | -#endif | ||
1542 | - | ||
1543 | /* | ||
1544 | * We must return the syscall number to actually look up in the table. | ||
1545 | * This can be -1L to skip running any syscall at all. | ||
1546 | @@ -1521,7 +1512,7 @@ long syscall_trace_enter(struct pt_regs *regs) | ||
1547 | if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) | ||
1548 | trace_sys_enter(regs, regs->orig_ax); | ||
1549 | |||
1550 | - if (IS_IA32) | ||
1551 | + if (is_ia32_task()) | ||
1552 | audit_syscall_entry(AUDIT_ARCH_I386, | ||
1553 | regs->orig_ax, | ||
1554 | regs->bx, regs->cx, | ||
1555 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | ||
1556 | index 684f46dc87de..adfc30d9f9f4 100644 | ||
1557 | --- a/arch/x86/kvm/x86.c | ||
1558 | +++ b/arch/x86/kvm/x86.c | ||
1559 | @@ -4834,7 +4834,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu) | ||
1560 | |||
1561 | ++vcpu->stat.insn_emulation_fail; | ||
1562 | trace_kvm_emulate_insn_failed(vcpu); | ||
1563 | - if (!is_guest_mode(vcpu)) { | ||
1564 | + if (!is_guest_mode(vcpu) && kvm_x86_ops->get_cpl(vcpu) == 0) { | ||
1565 | vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; | ||
1566 | vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION; | ||
1567 | vcpu->run->internal.ndata = 0; | ||
1568 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c | ||
1569 | index c1e9e4cbbd76..d8b1ff68dbb9 100644 | ||
1570 | --- a/arch/x86/mm/fault.c | ||
1571 | +++ b/arch/x86/mm/fault.c | ||
1572 | @@ -842,23 +842,15 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, | ||
1573 | force_sig_info_fault(SIGBUS, code, address, tsk, fault); | ||
1574 | } | ||
1575 | |||
1576 | -static noinline int | ||
1577 | +static noinline void | ||
1578 | mm_fault_error(struct pt_regs *regs, unsigned long error_code, | ||
1579 | unsigned long address, unsigned int fault) | ||
1580 | { | ||
1581 | - /* | ||
1582 | - * Pagefault was interrupted by SIGKILL. We have no reason to | ||
1583 | - * continue pagefault. | ||
1584 | - */ | ||
1585 | - if (fatal_signal_pending(current)) { | ||
1586 | - if (!(fault & VM_FAULT_RETRY)) | ||
1587 | - up_read(¤t->mm->mmap_sem); | ||
1588 | - if (!(error_code & PF_USER)) | ||
1589 | - no_context(regs, error_code, address, 0, 0); | ||
1590 | - return 1; | ||
1591 | + if (fatal_signal_pending(current) && !(error_code & PF_USER)) { | ||
1592 | + up_read(¤t->mm->mmap_sem); | ||
1593 | + no_context(regs, error_code, address, 0, 0); | ||
1594 | + return; | ||
1595 | } | ||
1596 | - if (!(fault & VM_FAULT_ERROR)) | ||
1597 | - return 0; | ||
1598 | |||
1599 | if (fault & VM_FAULT_OOM) { | ||
1600 | /* Kernel mode? Handle exceptions or die: */ | ||
1601 | @@ -866,7 +858,7 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code, | ||
1602 | up_read(¤t->mm->mmap_sem); | ||
1603 | no_context(regs, error_code, address, | ||
1604 | SIGSEGV, SEGV_MAPERR); | ||
1605 | - return 1; | ||
1606 | + return; | ||
1607 | } | ||
1608 | |||
1609 | up_read(¤t->mm->mmap_sem); | ||
1610 | @@ -884,7 +876,6 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code, | ||
1611 | else | ||
1612 | BUG(); | ||
1613 | } | ||
1614 | - return 1; | ||
1615 | } | ||
1616 | |||
1617 | static int spurious_fault_check(unsigned long error_code, pte_t *pte) | ||
1618 | @@ -1017,9 +1008,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) | ||
1619 | unsigned long address; | ||
1620 | struct mm_struct *mm; | ||
1621 | int fault; | ||
1622 | - int write = error_code & PF_WRITE; | ||
1623 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | | ||
1624 | - (write ? FAULT_FLAG_WRITE : 0); | ||
1625 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; | ||
1626 | |||
1627 | tsk = current; | ||
1628 | mm = tsk->mm; | ||
1629 | @@ -1089,6 +1078,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) | ||
1630 | if (user_mode_vm(regs)) { | ||
1631 | local_irq_enable(); | ||
1632 | error_code |= PF_USER; | ||
1633 | + flags |= FAULT_FLAG_USER; | ||
1634 | } else { | ||
1635 | if (regs->flags & X86_EFLAGS_IF) | ||
1636 | local_irq_enable(); | ||
1637 | @@ -1113,6 +1103,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) | ||
1638 | return; | ||
1639 | } | ||
1640 | |||
1641 | + if (error_code & PF_WRITE) | ||
1642 | + flags |= FAULT_FLAG_WRITE; | ||
1643 | + | ||
1644 | /* | ||
1645 | * When running in the kernel we expect faults to occur only to | ||
1646 | * addresses in user space. All other faults represent errors in | ||
1647 | @@ -1191,9 +1184,17 @@ good_area: | ||
1648 | */ | ||
1649 | fault = handle_mm_fault(mm, vma, address, flags); | ||
1650 | |||
1651 | - if (unlikely(fault & (VM_FAULT_RETRY|VM_FAULT_ERROR))) { | ||
1652 | - if (mm_fault_error(regs, error_code, address, fault)) | ||
1653 | - return; | ||
1654 | + /* | ||
1655 | + * If we need to retry but a fatal signal is pending, handle the | ||
1656 | + * signal first. We do not need to release the mmap_sem because it | ||
1657 | + * would already be released in __lock_page_or_retry in mm/filemap.c. | ||
1658 | + */ | ||
1659 | + if (unlikely((fault & VM_FAULT_RETRY) && fatal_signal_pending(current))) | ||
1660 | + return; | ||
1661 | + | ||
1662 | + if (unlikely(fault & VM_FAULT_ERROR)) { | ||
1663 | + mm_fault_error(regs, error_code, address, fault); | ||
1664 | + return; | ||
1665 | } | ||
1666 | |||
1667 | /* | ||
1668 | diff --git a/arch/xtensa/include/uapi/asm/unistd.h b/arch/xtensa/include/uapi/asm/unistd.h | ||
1669 | index 51940fec6990..513effd48060 100644 | ||
1670 | --- a/arch/xtensa/include/uapi/asm/unistd.h | ||
1671 | +++ b/arch/xtensa/include/uapi/asm/unistd.h | ||
1672 | @@ -384,7 +384,8 @@ __SYSCALL(174, sys_chroot, 1) | ||
1673 | #define __NR_pivot_root 175 | ||
1674 | __SYSCALL(175, sys_pivot_root, 2) | ||
1675 | #define __NR_umount 176 | ||
1676 | -__SYSCALL(176, sys_umount, 2) | ||
1677 | +__SYSCALL(176, sys_oldumount, 1) | ||
1678 | +#define __ARCH_WANT_SYS_OLDUMOUNT | ||
1679 | #define __NR_swapoff 177 | ||
1680 | __SYSCALL(177, sys_swapoff, 1) | ||
1681 | #define __NR_sync 178 | ||
1682 | diff --git a/arch/xtensa/mm/fault.c b/arch/xtensa/mm/fault.c | ||
1683 | index 4b7bc8db170f..70fa7bc42b4a 100644 | ||
1684 | --- a/arch/xtensa/mm/fault.c | ||
1685 | +++ b/arch/xtensa/mm/fault.c | ||
1686 | @@ -72,6 +72,8 @@ void do_page_fault(struct pt_regs *regs) | ||
1687 | address, exccause, regs->pc, is_write? "w":"", is_exec? "x":""); | ||
1688 | #endif | ||
1689 | |||
1690 | + if (user_mode(regs)) | ||
1691 | + flags |= FAULT_FLAG_USER; | ||
1692 | retry: | ||
1693 | down_read(&mm->mmap_sem); | ||
1694 | vma = find_vma(mm, address); | ||
1695 | diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c | ||
1696 | index c3f09505f795..64150a9ffff3 100644 | ||
1697 | --- a/drivers/ata/ahci.c | ||
1698 | +++ b/drivers/ata/ahci.c | ||
1699 | @@ -61,6 +61,7 @@ enum board_ids { | ||
1700 | /* board IDs by feature in alphabetical order */ | ||
1701 | board_ahci, | ||
1702 | board_ahci_ign_iferr, | ||
1703 | + board_ahci_nomsi, | ||
1704 | board_ahci_noncq, | ||
1705 | board_ahci_nosntf, | ||
1706 | board_ahci_yes_fbs, | ||
1707 | @@ -120,6 +121,13 @@ static const struct ata_port_info ahci_port_info[] = { | ||
1708 | .udma_mask = ATA_UDMA6, | ||
1709 | .port_ops = &ahci_ops, | ||
1710 | }, | ||
1711 | + [board_ahci_nomsi] = { | ||
1712 | + AHCI_HFLAGS (AHCI_HFLAG_NO_MSI), | ||
1713 | + .flags = AHCI_FLAG_COMMON, | ||
1714 | + .pio_mask = ATA_PIO4, | ||
1715 | + .udma_mask = ATA_UDMA6, | ||
1716 | + .port_ops = &ahci_ops, | ||
1717 | + }, | ||
1718 | [board_ahci_noncq] = { | ||
1719 | AHCI_HFLAGS (AHCI_HFLAG_NO_NCQ), | ||
1720 | .flags = AHCI_FLAG_COMMON, | ||
1721 | @@ -312,6 +320,11 @@ static const struct pci_device_id ahci_pci_tbl[] = { | ||
1722 | { PCI_VDEVICE(INTEL, 0x8c87), board_ahci }, /* 9 Series RAID */ | ||
1723 | { PCI_VDEVICE(INTEL, 0x8c8e), board_ahci }, /* 9 Series RAID */ | ||
1724 | { PCI_VDEVICE(INTEL, 0x8c8f), board_ahci }, /* 9 Series RAID */ | ||
1725 | + { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H AHCI */ | ||
1726 | + { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H RAID */ | ||
1727 | + { PCI_VDEVICE(INTEL, 0xa105), board_ahci }, /* Sunrise Point-H RAID */ | ||
1728 | + { PCI_VDEVICE(INTEL, 0xa107), board_ahci }, /* Sunrise Point-H RAID */ | ||
1729 | + { PCI_VDEVICE(INTEL, 0xa10f), board_ahci }, /* Sunrise Point-H RAID */ | ||
1730 | |||
1731 | /* JMicron 360/1/3/5/6, match class to avoid IDE function */ | ||
1732 | { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, | ||
1733 | @@ -474,10 +487,10 @@ static const struct pci_device_id ahci_pci_tbl[] = { | ||
1734 | { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ | ||
1735 | |||
1736 | /* | ||
1737 | - * Samsung SSDs found on some macbooks. NCQ times out. | ||
1738 | - * https://bugzilla.kernel.org/show_bug.cgi?id=60731 | ||
1739 | + * Samsung SSDs found on some macbooks. NCQ times out if MSI is | ||
1740 | + * enabled. https://bugzilla.kernel.org/show_bug.cgi?id=60731 | ||
1741 | */ | ||
1742 | - { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_noncq }, | ||
1743 | + { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_nomsi }, | ||
1744 | |||
1745 | /* Enmotus */ | ||
1746 | { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, | ||
1747 | diff --git a/drivers/block/sunvdc.c b/drivers/block/sunvdc.c | ||
1748 | index 5814deb6963d..0ebadf93b6c5 100644 | ||
1749 | --- a/drivers/block/sunvdc.c | ||
1750 | +++ b/drivers/block/sunvdc.c | ||
1751 | @@ -9,6 +9,7 @@ | ||
1752 | #include <linux/blkdev.h> | ||
1753 | #include <linux/hdreg.h> | ||
1754 | #include <linux/genhd.h> | ||
1755 | +#include <linux/cdrom.h> | ||
1756 | #include <linux/slab.h> | ||
1757 | #include <linux/spinlock.h> | ||
1758 | #include <linux/completion.h> | ||
1759 | @@ -22,8 +23,8 @@ | ||
1760 | |||
1761 | #define DRV_MODULE_NAME "sunvdc" | ||
1762 | #define PFX DRV_MODULE_NAME ": " | ||
1763 | -#define DRV_MODULE_VERSION "1.0" | ||
1764 | -#define DRV_MODULE_RELDATE "June 25, 2007" | ||
1765 | +#define DRV_MODULE_VERSION "1.1" | ||
1766 | +#define DRV_MODULE_RELDATE "February 13, 2013" | ||
1767 | |||
1768 | static char version[] = | ||
1769 | DRV_MODULE_NAME ".c:v" DRV_MODULE_VERSION " (" DRV_MODULE_RELDATE ")\n"; | ||
1770 | @@ -32,7 +33,7 @@ MODULE_DESCRIPTION("Sun LDOM virtual disk client driver"); | ||
1771 | MODULE_LICENSE("GPL"); | ||
1772 | MODULE_VERSION(DRV_MODULE_VERSION); | ||
1773 | |||
1774 | -#define VDC_TX_RING_SIZE 256 | ||
1775 | +#define VDC_TX_RING_SIZE 512 | ||
1776 | |||
1777 | #define WAITING_FOR_LINK_UP 0x01 | ||
1778 | #define WAITING_FOR_TX_SPACE 0x02 | ||
1779 | @@ -65,11 +66,9 @@ struct vdc_port { | ||
1780 | u64 operations; | ||
1781 | u32 vdisk_size; | ||
1782 | u8 vdisk_type; | ||
1783 | + u8 vdisk_mtype; | ||
1784 | |||
1785 | char disk_name[32]; | ||
1786 | - | ||
1787 | - struct vio_disk_geom geom; | ||
1788 | - struct vio_disk_vtoc label; | ||
1789 | }; | ||
1790 | |||
1791 | static inline struct vdc_port *to_vdc_port(struct vio_driver_state *vio) | ||
1792 | @@ -79,9 +78,16 @@ static inline struct vdc_port *to_vdc_port(struct vio_driver_state *vio) | ||
1793 | |||
1794 | /* Ordered from largest major to lowest */ | ||
1795 | static struct vio_version vdc_versions[] = { | ||
1796 | + { .major = 1, .minor = 1 }, | ||
1797 | { .major = 1, .minor = 0 }, | ||
1798 | }; | ||
1799 | |||
1800 | +static inline int vdc_version_supported(struct vdc_port *port, | ||
1801 | + u16 major, u16 minor) | ||
1802 | +{ | ||
1803 | + return port->vio.ver.major == major && port->vio.ver.minor >= minor; | ||
1804 | +} | ||
1805 | + | ||
1806 | #define VDCBLK_NAME "vdisk" | ||
1807 | static int vdc_major; | ||
1808 | #define PARTITION_SHIFT 3 | ||
1809 | @@ -94,18 +100,54 @@ static inline u32 vdc_tx_dring_avail(struct vio_dring_state *dr) | ||
1810 | static int vdc_getgeo(struct block_device *bdev, struct hd_geometry *geo) | ||
1811 | { | ||
1812 | struct gendisk *disk = bdev->bd_disk; | ||
1813 | - struct vdc_port *port = disk->private_data; | ||
1814 | + sector_t nsect = get_capacity(disk); | ||
1815 | + sector_t cylinders = nsect; | ||
1816 | |||
1817 | - geo->heads = (u8) port->geom.num_hd; | ||
1818 | - geo->sectors = (u8) port->geom.num_sec; | ||
1819 | - geo->cylinders = port->geom.num_cyl; | ||
1820 | + geo->heads = 0xff; | ||
1821 | + geo->sectors = 0x3f; | ||
1822 | + sector_div(cylinders, geo->heads * geo->sectors); | ||
1823 | + geo->cylinders = cylinders; | ||
1824 | + if ((sector_t)(geo->cylinders + 1) * geo->heads * geo->sectors < nsect) | ||
1825 | + geo->cylinders = 0xffff; | ||
1826 | |||
1827 | return 0; | ||
1828 | } | ||
1829 | |||
1830 | +/* Add ioctl/CDROM_GET_CAPABILITY to support cdrom_id in udev | ||
1831 | + * when vdisk_mtype is VD_MEDIA_TYPE_CD or VD_MEDIA_TYPE_DVD. | ||
1832 | + * Needed to be able to install inside an ldom from an iso image. | ||
1833 | + */ | ||
1834 | +static int vdc_ioctl(struct block_device *bdev, fmode_t mode, | ||
1835 | + unsigned command, unsigned long argument) | ||
1836 | +{ | ||
1837 | + int i; | ||
1838 | + struct gendisk *disk; | ||
1839 | + | ||
1840 | + switch (command) { | ||
1841 | + case CDROMMULTISESSION: | ||
1842 | + pr_debug(PFX "Multisession CDs not supported\n"); | ||
1843 | + for (i = 0; i < sizeof(struct cdrom_multisession); i++) | ||
1844 | + if (put_user(0, (char __user *)(argument + i))) | ||
1845 | + return -EFAULT; | ||
1846 | + return 0; | ||
1847 | + | ||
1848 | + case CDROM_GET_CAPABILITY: | ||
1849 | + disk = bdev->bd_disk; | ||
1850 | + | ||
1851 | + if (bdev->bd_disk && (disk->flags & GENHD_FL_CD)) | ||
1852 | + return 0; | ||
1853 | + return -EINVAL; | ||
1854 | + | ||
1855 | + default: | ||
1856 | + pr_debug(PFX "ioctl %08x not supported\n", command); | ||
1857 | + return -EINVAL; | ||
1858 | + } | ||
1859 | +} | ||
1860 | + | ||
1861 | static const struct block_device_operations vdc_fops = { | ||
1862 | .owner = THIS_MODULE, | ||
1863 | .getgeo = vdc_getgeo, | ||
1864 | + .ioctl = vdc_ioctl, | ||
1865 | }; | ||
1866 | |||
1867 | static void vdc_finish(struct vio_driver_state *vio, int err, int waiting_for) | ||
1868 | @@ -165,9 +207,9 @@ static int vdc_handle_attr(struct vio_driver_state *vio, void *arg) | ||
1869 | struct vio_disk_attr_info *pkt = arg; | ||
1870 | |||
1871 | viodbg(HS, "GOT ATTR stype[0x%x] ops[%llx] disk_size[%llu] disk_type[%x] " | ||
1872 | - "xfer_mode[0x%x] blksz[%u] max_xfer[%llu]\n", | ||
1873 | + "mtype[0x%x] xfer_mode[0x%x] blksz[%u] max_xfer[%llu]\n", | ||
1874 | pkt->tag.stype, pkt->operations, | ||
1875 | - pkt->vdisk_size, pkt->vdisk_type, | ||
1876 | + pkt->vdisk_size, pkt->vdisk_type, pkt->vdisk_mtype, | ||
1877 | pkt->xfer_mode, pkt->vdisk_block_size, | ||
1878 | pkt->max_xfer_size); | ||
1879 | |||
1880 | @@ -192,8 +234,11 @@ static int vdc_handle_attr(struct vio_driver_state *vio, void *arg) | ||
1881 | } | ||
1882 | |||
1883 | port->operations = pkt->operations; | ||
1884 | - port->vdisk_size = pkt->vdisk_size; | ||
1885 | port->vdisk_type = pkt->vdisk_type; | ||
1886 | + if (vdc_version_supported(port, 1, 1)) { | ||
1887 | + port->vdisk_size = pkt->vdisk_size; | ||
1888 | + port->vdisk_mtype = pkt->vdisk_mtype; | ||
1889 | + } | ||
1890 | if (pkt->max_xfer_size < port->max_xfer_size) | ||
1891 | port->max_xfer_size = pkt->max_xfer_size; | ||
1892 | port->vdisk_block_size = pkt->vdisk_block_size; | ||
1893 | @@ -236,7 +281,9 @@ static void vdc_end_one(struct vdc_port *port, struct vio_dring_state *dr, | ||
1894 | |||
1895 | __blk_end_request(req, (desc->status ? -EIO : 0), desc->size); | ||
1896 | |||
1897 | - if (blk_queue_stopped(port->disk->queue)) | ||
1898 | + /* restart blk queue when ring is half emptied */ | ||
1899 | + if (blk_queue_stopped(port->disk->queue) && | ||
1900 | + vdc_tx_dring_avail(dr) * 100 / VDC_TX_RING_SIZE >= 50) | ||
1901 | blk_start_queue(port->disk->queue); | ||
1902 | } | ||
1903 | |||
1904 | @@ -388,12 +435,6 @@ static int __send_request(struct request *req) | ||
1905 | for (i = 0; i < nsg; i++) | ||
1906 | len += sg[i].length; | ||
1907 | |||
1908 | - if (unlikely(vdc_tx_dring_avail(dr) < 1)) { | ||
1909 | - blk_stop_queue(port->disk->queue); | ||
1910 | - err = -ENOMEM; | ||
1911 | - goto out; | ||
1912 | - } | ||
1913 | - | ||
1914 | desc = vio_dring_cur(dr); | ||
1915 | |||
1916 | err = ldc_map_sg(port->vio.lp, sg, nsg, | ||
1917 | @@ -433,21 +474,32 @@ static int __send_request(struct request *req) | ||
1918 | port->req_id++; | ||
1919 | dr->prod = (dr->prod + 1) & (VDC_TX_RING_SIZE - 1); | ||
1920 | } | ||
1921 | -out: | ||
1922 | |||
1923 | return err; | ||
1924 | } | ||
1925 | |||
1926 | -static void do_vdc_request(struct request_queue *q) | ||
1927 | +static void do_vdc_request(struct request_queue *rq) | ||
1928 | { | ||
1929 | - while (1) { | ||
1930 | - struct request *req = blk_fetch_request(q); | ||
1931 | + struct request *req; | ||
1932 | |||
1933 | - if (!req) | ||
1934 | - break; | ||
1935 | + while ((req = blk_peek_request(rq)) != NULL) { | ||
1936 | + struct vdc_port *port; | ||
1937 | + struct vio_dring_state *dr; | ||
1938 | |||
1939 | - if (__send_request(req) < 0) | ||
1940 | - __blk_end_request_all(req, -EIO); | ||
1941 | + port = req->rq_disk->private_data; | ||
1942 | + dr = &port->vio.drings[VIO_DRIVER_TX_RING]; | ||
1943 | + if (unlikely(vdc_tx_dring_avail(dr) < 1)) | ||
1944 | + goto wait; | ||
1945 | + | ||
1946 | + blk_start_request(req); | ||
1947 | + | ||
1948 | + if (__send_request(req) < 0) { | ||
1949 | + blk_requeue_request(rq, req); | ||
1950 | +wait: | ||
1951 | + /* Avoid pointless unplugs. */ | ||
1952 | + blk_stop_queue(rq); | ||
1953 | + break; | ||
1954 | + } | ||
1955 | } | ||
1956 | } | ||
1957 | |||
1958 | @@ -656,25 +708,27 @@ static int probe_disk(struct vdc_port *port) | ||
1959 | if (comp.err) | ||
1960 | return comp.err; | ||
1961 | |||
1962 | - err = generic_request(port, VD_OP_GET_VTOC, | ||
1963 | - &port->label, sizeof(port->label)); | ||
1964 | - if (err < 0) { | ||
1965 | - printk(KERN_ERR PFX "VD_OP_GET_VTOC returns error %d\n", err); | ||
1966 | - return err; | ||
1967 | - } | ||
1968 | - | ||
1969 | - err = generic_request(port, VD_OP_GET_DISKGEOM, | ||
1970 | - &port->geom, sizeof(port->geom)); | ||
1971 | - if (err < 0) { | ||
1972 | - printk(KERN_ERR PFX "VD_OP_GET_DISKGEOM returns " | ||
1973 | - "error %d\n", err); | ||
1974 | - return err; | ||
1975 | + if (vdc_version_supported(port, 1, 1)) { | ||
1976 | + /* vdisk_size should be set during the handshake, if it wasn't | ||
1977 | + * then the underlying disk is reserved by another system | ||
1978 | + */ | ||
1979 | + if (port->vdisk_size == -1) | ||
1980 | + return -ENODEV; | ||
1981 | + } else { | ||
1982 | + struct vio_disk_geom geom; | ||
1983 | + | ||
1984 | + err = generic_request(port, VD_OP_GET_DISKGEOM, | ||
1985 | + &geom, sizeof(geom)); | ||
1986 | + if (err < 0) { | ||
1987 | + printk(KERN_ERR PFX "VD_OP_GET_DISKGEOM returns " | ||
1988 | + "error %d\n", err); | ||
1989 | + return err; | ||
1990 | + } | ||
1991 | + port->vdisk_size = ((u64)geom.num_cyl * | ||
1992 | + (u64)geom.num_hd * | ||
1993 | + (u64)geom.num_sec); | ||
1994 | } | ||
1995 | |||
1996 | - port->vdisk_size = ((u64)port->geom.num_cyl * | ||
1997 | - (u64)port->geom.num_hd * | ||
1998 | - (u64)port->geom.num_sec); | ||
1999 | - | ||
2000 | q = blk_init_queue(do_vdc_request, &port->vio.lock); | ||
2001 | if (!q) { | ||
2002 | printk(KERN_ERR PFX "%s: Could not allocate queue.\n", | ||
2003 | @@ -691,6 +745,10 @@ static int probe_disk(struct vdc_port *port) | ||
2004 | |||
2005 | port->disk = g; | ||
2006 | |||
2007 | + /* Each segment in a request is up to an aligned page in size. */ | ||
2008 | + blk_queue_segment_boundary(q, PAGE_SIZE - 1); | ||
2009 | + blk_queue_max_segment_size(q, PAGE_SIZE); | ||
2010 | + | ||
2011 | blk_queue_max_segments(q, port->ring_cookies); | ||
2012 | blk_queue_max_hw_sectors(q, port->max_xfer_size); | ||
2013 | g->major = vdc_major; | ||
2014 | @@ -704,9 +762,32 @@ static int probe_disk(struct vdc_port *port) | ||
2015 | |||
2016 | set_capacity(g, port->vdisk_size); | ||
2017 | |||
2018 | - printk(KERN_INFO PFX "%s: %u sectors (%u MB)\n", | ||
2019 | + if (vdc_version_supported(port, 1, 1)) { | ||
2020 | + switch (port->vdisk_mtype) { | ||
2021 | + case VD_MEDIA_TYPE_CD: | ||
2022 | + pr_info(PFX "Virtual CDROM %s\n", port->disk_name); | ||
2023 | + g->flags |= GENHD_FL_CD; | ||
2024 | + g->flags |= GENHD_FL_REMOVABLE; | ||
2025 | + set_disk_ro(g, 1); | ||
2026 | + break; | ||
2027 | + | ||
2028 | + case VD_MEDIA_TYPE_DVD: | ||
2029 | + pr_info(PFX "Virtual DVD %s\n", port->disk_name); | ||
2030 | + g->flags |= GENHD_FL_CD; | ||
2031 | + g->flags |= GENHD_FL_REMOVABLE; | ||
2032 | + set_disk_ro(g, 1); | ||
2033 | + break; | ||
2034 | + | ||
2035 | + case VD_MEDIA_TYPE_FIXED: | ||
2036 | + pr_info(PFX "Virtual Hard disk %s\n", port->disk_name); | ||
2037 | + break; | ||
2038 | + } | ||
2039 | + } | ||
2040 | + | ||
2041 | + pr_info(PFX "%s: %u sectors (%u MB) protocol %d.%d\n", | ||
2042 | g->disk_name, | ||
2043 | - port->vdisk_size, (port->vdisk_size >> (20 - 9))); | ||
2044 | + port->vdisk_size, (port->vdisk_size >> (20 - 9)), | ||
2045 | + port->vio.ver.major, port->vio.ver.minor); | ||
2046 | |||
2047 | add_disk(g); | ||
2048 | |||
2049 | @@ -765,6 +846,7 @@ static int vdc_port_probe(struct vio_dev *vdev, const struct vio_device_id *id) | ||
2050 | else | ||
2051 | snprintf(port->disk_name, sizeof(port->disk_name), | ||
2052 | VDCBLK_NAME "%c", 'a' + ((int)vdev->dev_no % 26)); | ||
2053 | + port->vdisk_size = -1; | ||
2054 | |||
2055 | err = vio_driver_init(&port->vio, vdev, VDEV_DISK, | ||
2056 | vdc_versions, ARRAY_SIZE(vdc_versions), | ||
2057 | diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c | ||
2058 | index ac1b43a04285..4f73c727a97a 100644 | ||
2059 | --- a/drivers/firewire/core-cdev.c | ||
2060 | +++ b/drivers/firewire/core-cdev.c | ||
2061 | @@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client, | ||
2062 | _IOC_SIZE(cmd) > sizeof(buffer)) | ||
2063 | return -ENOTTY; | ||
2064 | |||
2065 | - if (_IOC_DIR(cmd) == _IOC_READ) | ||
2066 | - memset(&buffer, 0, _IOC_SIZE(cmd)); | ||
2067 | + memset(&buffer, 0, sizeof(buffer)); | ||
2068 | |||
2069 | if (_IOC_DIR(cmd) & _IOC_WRITE) | ||
2070 | if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd))) | ||
2071 | diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c | ||
2072 | index e62a9ce3e4dc..ead08a49bec0 100644 | ||
2073 | --- a/drivers/gpu/drm/radeon/evergreen.c | ||
2074 | +++ b/drivers/gpu/drm/radeon/evergreen.c | ||
2075 | @@ -2379,6 +2379,7 @@ void evergreen_mc_stop(struct radeon_device *rdev, struct evergreen_mc_save *sav | ||
2076 | WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 1); | ||
2077 | tmp |= EVERGREEN_CRTC_BLANK_DATA_EN; | ||
2078 | WREG32(EVERGREEN_CRTC_BLANK_CONTROL + crtc_offsets[i], tmp); | ||
2079 | + WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 0); | ||
2080 | } | ||
2081 | } else { | ||
2082 | tmp = RREG32(EVERGREEN_CRTC_CONTROL + crtc_offsets[i]); | ||
2083 | diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c | ||
2084 | index 7c5d72a6a26a..19e070f16e6b 100644 | ||
2085 | --- a/drivers/input/mouse/alps.c | ||
2086 | +++ b/drivers/input/mouse/alps.c | ||
2087 | @@ -873,7 +873,13 @@ static psmouse_ret_t alps_process_byte(struct psmouse *psmouse) | ||
2088 | { | ||
2089 | struct alps_data *priv = psmouse->private; | ||
2090 | |||
2091 | - if ((psmouse->packet[0] & 0xc8) == 0x08) { /* PS/2 packet */ | ||
2092 | + /* | ||
2093 | + * Check if we are dealing with a bare PS/2 packet, presumably from | ||
2094 | + * a device connected to the external PS/2 port. Because bare PS/2 | ||
2095 | + * protocol does not have enough constant bits to self-synchronize | ||
2096 | + * properly we only do this if the device is fully synchronized. | ||
2097 | + */ | ||
2098 | + if (!psmouse->out_of_sync_cnt && (psmouse->packet[0] & 0xc8) == 0x08) { | ||
2099 | if (psmouse->pktcnt == 3) { | ||
2100 | alps_report_bare_ps2_packet(psmouse, psmouse->packet, | ||
2101 | true); | ||
2102 | @@ -1816,6 +1822,9 @@ int alps_init(struct psmouse *psmouse) | ||
2103 | /* We are having trouble resyncing ALPS touchpads so disable it for now */ | ||
2104 | psmouse->resync_time = 0; | ||
2105 | |||
2106 | + /* Allow 2 invalid packets without resetting device */ | ||
2107 | + psmouse->resetafter = psmouse->pktsize * 2; | ||
2108 | + | ||
2109 | return 0; | ||
2110 | |||
2111 | init_fail: | ||
2112 | diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c | ||
2113 | index 2dea49c4279e..84cddccc0249 100644 | ||
2114 | --- a/drivers/md/dm-raid.c | ||
2115 | +++ b/drivers/md/dm-raid.c | ||
2116 | @@ -785,8 +785,7 @@ struct dm_raid_superblock { | ||
2117 | __le32 layout; | ||
2118 | __le32 stripe_sectors; | ||
2119 | |||
2120 | - __u8 pad[452]; /* Round struct to 512 bytes. */ | ||
2121 | - /* Always set to 0 when writing. */ | ||
2122 | + /* Remainder of a logical block is zero-filled when writing (see super_sync()). */ | ||
2123 | } __packed; | ||
2124 | |||
2125 | static int read_disk_sb(struct md_rdev *rdev, int size) | ||
2126 | @@ -823,7 +822,7 @@ static void super_sync(struct mddev *mddev, struct md_rdev *rdev) | ||
2127 | test_bit(Faulty, &(rs->dev[i].rdev.flags))) | ||
2128 | failed_devices |= (1ULL << i); | ||
2129 | |||
2130 | - memset(sb, 0, sizeof(*sb)); | ||
2131 | + memset(sb + 1, 0, rdev->sb_size - sizeof(*sb)); | ||
2132 | |||
2133 | sb->magic = cpu_to_le32(DM_RAID_MAGIC); | ||
2134 | sb->features = cpu_to_le32(0); /* No features yet */ | ||
2135 | @@ -858,7 +857,11 @@ static int super_load(struct md_rdev *rdev, struct md_rdev *refdev) | ||
2136 | uint64_t events_sb, events_refsb; | ||
2137 | |||
2138 | rdev->sb_start = 0; | ||
2139 | - rdev->sb_size = sizeof(*sb); | ||
2140 | + rdev->sb_size = bdev_logical_block_size(rdev->meta_bdev); | ||
2141 | + if (rdev->sb_size < sizeof(*sb) || rdev->sb_size > PAGE_SIZE) { | ||
2142 | + DMERR("superblock size of a logical block is no longer valid"); | ||
2143 | + return -EINVAL; | ||
2144 | + } | ||
2145 | |||
2146 | ret = read_disk_sb(rdev, rdev->sb_size); | ||
2147 | if (ret) | ||
2148 | diff --git a/drivers/md/persistent-data/dm-btree-internal.h b/drivers/md/persistent-data/dm-btree-internal.h | ||
2149 | index 37d367bb9aa8..bf2b80d5c470 100644 | ||
2150 | --- a/drivers/md/persistent-data/dm-btree-internal.h | ||
2151 | +++ b/drivers/md/persistent-data/dm-btree-internal.h | ||
2152 | @@ -42,6 +42,12 @@ struct btree_node { | ||
2153 | } __packed; | ||
2154 | |||
2155 | |||
2156 | +/* | ||
2157 | + * Locks a block using the btree node validator. | ||
2158 | + */ | ||
2159 | +int bn_read_lock(struct dm_btree_info *info, dm_block_t b, | ||
2160 | + struct dm_block **result); | ||
2161 | + | ||
2162 | void inc_children(struct dm_transaction_manager *tm, struct btree_node *n, | ||
2163 | struct dm_btree_value_type *vt); | ||
2164 | |||
2165 | diff --git a/drivers/md/persistent-data/dm-btree-spine.c b/drivers/md/persistent-data/dm-btree-spine.c | ||
2166 | index cf9fd676ae44..1b5e13ec7f96 100644 | ||
2167 | --- a/drivers/md/persistent-data/dm-btree-spine.c | ||
2168 | +++ b/drivers/md/persistent-data/dm-btree-spine.c | ||
2169 | @@ -92,7 +92,7 @@ struct dm_block_validator btree_node_validator = { | ||
2170 | |||
2171 | /*----------------------------------------------------------------*/ | ||
2172 | |||
2173 | -static int bn_read_lock(struct dm_btree_info *info, dm_block_t b, | ||
2174 | +int bn_read_lock(struct dm_btree_info *info, dm_block_t b, | ||
2175 | struct dm_block **result) | ||
2176 | { | ||
2177 | return dm_tm_read_lock(info->tm, b, &btree_node_validator, result); | ||
2178 | diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c | ||
2179 | index 35865425e4b4..0a7592e88811 100644 | ||
2180 | --- a/drivers/md/persistent-data/dm-btree.c | ||
2181 | +++ b/drivers/md/persistent-data/dm-btree.c | ||
2182 | @@ -812,22 +812,26 @@ EXPORT_SYMBOL_GPL(dm_btree_find_highest_key); | ||
2183 | * FIXME: We shouldn't use a recursive algorithm when we have limited stack | ||
2184 | * space. Also this only works for single level trees. | ||
2185 | */ | ||
2186 | -static int walk_node(struct ro_spine *s, dm_block_t block, | ||
2187 | +static int walk_node(struct dm_btree_info *info, dm_block_t block, | ||
2188 | int (*fn)(void *context, uint64_t *keys, void *leaf), | ||
2189 | void *context) | ||
2190 | { | ||
2191 | int r; | ||
2192 | unsigned i, nr; | ||
2193 | + struct dm_block *node; | ||
2194 | struct btree_node *n; | ||
2195 | uint64_t keys; | ||
2196 | |||
2197 | - r = ro_step(s, block); | ||
2198 | - n = ro_node(s); | ||
2199 | + r = bn_read_lock(info, block, &node); | ||
2200 | + if (r) | ||
2201 | + return r; | ||
2202 | + | ||
2203 | + n = dm_block_data(node); | ||
2204 | |||
2205 | nr = le32_to_cpu(n->header.nr_entries); | ||
2206 | for (i = 0; i < nr; i++) { | ||
2207 | if (le32_to_cpu(n->header.flags) & INTERNAL_NODE) { | ||
2208 | - r = walk_node(s, value64(n, i), fn, context); | ||
2209 | + r = walk_node(info, value64(n, i), fn, context); | ||
2210 | if (r) | ||
2211 | goto out; | ||
2212 | } else { | ||
2213 | @@ -839,7 +843,7 @@ static int walk_node(struct ro_spine *s, dm_block_t block, | ||
2214 | } | ||
2215 | |||
2216 | out: | ||
2217 | - ro_pop(s); | ||
2218 | + dm_tm_unlock(info->tm, node); | ||
2219 | return r; | ||
2220 | } | ||
2221 | |||
2222 | @@ -847,15 +851,7 @@ int dm_btree_walk(struct dm_btree_info *info, dm_block_t root, | ||
2223 | int (*fn)(void *context, uint64_t *keys, void *leaf), | ||
2224 | void *context) | ||
2225 | { | ||
2226 | - int r; | ||
2227 | - struct ro_spine spine; | ||
2228 | - | ||
2229 | BUG_ON(info->levels > 1); | ||
2230 | - | ||
2231 | - init_ro_spine(&spine, info); | ||
2232 | - r = walk_node(&spine, root, fn, context); | ||
2233 | - exit_ro_spine(&spine); | ||
2234 | - | ||
2235 | - return r; | ||
2236 | + return walk_node(info, root, fn, context); | ||
2237 | } | ||
2238 | EXPORT_SYMBOL_GPL(dm_btree_walk); | ||
2239 | diff --git a/drivers/media/usb/ttusb-dec/ttusbdecfe.c b/drivers/media/usb/ttusb-dec/ttusbdecfe.c | ||
2240 | index 5c45c9d0712d..9c29552aedec 100644 | ||
2241 | --- a/drivers/media/usb/ttusb-dec/ttusbdecfe.c | ||
2242 | +++ b/drivers/media/usb/ttusb-dec/ttusbdecfe.c | ||
2243 | @@ -156,6 +156,9 @@ static int ttusbdecfe_dvbs_diseqc_send_master_cmd(struct dvb_frontend* fe, struc | ||
2244 | 0x00, 0x00, 0x00, 0x00, | ||
2245 | 0x00, 0x00 }; | ||
2246 | |||
2247 | + if (cmd->msg_len > sizeof(b) - 4) | ||
2248 | + return -EINVAL; | ||
2249 | + | ||
2250 | memcpy(&b[4], cmd->msg, cmd->msg_len); | ||
2251 | |||
2252 | state->config->send_command(fe, 0x72, | ||
2253 | diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c | ||
2254 | index 99cc0b07a713..0513ea0906dd 100644 | ||
2255 | --- a/drivers/misc/mei/bus.c | ||
2256 | +++ b/drivers/misc/mei/bus.c | ||
2257 | @@ -71,7 +71,7 @@ static int mei_cl_device_probe(struct device *dev) | ||
2258 | |||
2259 | dev_dbg(dev, "Device probe\n"); | ||
2260 | |||
2261 | - strncpy(id.name, dev_name(dev), MEI_CL_NAME_SIZE); | ||
2262 | + strlcpy(id.name, dev_name(dev), sizeof(id.name)); | ||
2263 | |||
2264 | return driver->probe(device, &id); | ||
2265 | } | ||
2266 | diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c | ||
2267 | index 4e6877a032a8..bd8800c85525 100644 | ||
2268 | --- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c | ||
2269 | +++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c | ||
2270 | @@ -191,6 +191,39 @@ void mlx4_en_deactivate_tx_ring(struct mlx4_en_priv *priv, | ||
2271 | MLX4_QP_STATE_RST, NULL, 0, 0, &ring->qp); | ||
2272 | } | ||
2273 | |||
2274 | +static void mlx4_en_stamp_wqe(struct mlx4_en_priv *priv, | ||
2275 | + struct mlx4_en_tx_ring *ring, int index, | ||
2276 | + u8 owner) | ||
2277 | +{ | ||
2278 | + __be32 stamp = cpu_to_be32(STAMP_VAL | (!!owner << STAMP_SHIFT)); | ||
2279 | + struct mlx4_en_tx_desc *tx_desc = ring->buf + index * TXBB_SIZE; | ||
2280 | + struct mlx4_en_tx_info *tx_info = &ring->tx_info[index]; | ||
2281 | + void *end = ring->buf + ring->buf_size; | ||
2282 | + __be32 *ptr = (__be32 *)tx_desc; | ||
2283 | + int i; | ||
2284 | + | ||
2285 | + /* Optimize the common case when there are no wraparounds */ | ||
2286 | + if (likely((void *)tx_desc + tx_info->nr_txbb * TXBB_SIZE <= end)) { | ||
2287 | + /* Stamp the freed descriptor */ | ||
2288 | + for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; | ||
2289 | + i += STAMP_STRIDE) { | ||
2290 | + *ptr = stamp; | ||
2291 | + ptr += STAMP_DWORDS; | ||
2292 | + } | ||
2293 | + } else { | ||
2294 | + /* Stamp the freed descriptor */ | ||
2295 | + for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; | ||
2296 | + i += STAMP_STRIDE) { | ||
2297 | + *ptr = stamp; | ||
2298 | + ptr += STAMP_DWORDS; | ||
2299 | + if ((void *)ptr >= end) { | ||
2300 | + ptr = ring->buf; | ||
2301 | + stamp ^= cpu_to_be32(0x80000000); | ||
2302 | + } | ||
2303 | + } | ||
2304 | + } | ||
2305 | +} | ||
2306 | + | ||
2307 | |||
2308 | static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, | ||
2309 | struct mlx4_en_tx_ring *ring, | ||
2310 | @@ -205,8 +238,6 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, | ||
2311 | void *end = ring->buf + ring->buf_size; | ||
2312 | int frags = skb_shinfo(skb)->nr_frags; | ||
2313 | int i; | ||
2314 | - __be32 *ptr = (__be32 *)tx_desc; | ||
2315 | - __be32 stamp = cpu_to_be32(STAMP_VAL | (!!owner << STAMP_SHIFT)); | ||
2316 | struct skb_shared_hwtstamps hwts; | ||
2317 | |||
2318 | if (timestamp) { | ||
2319 | @@ -232,12 +263,6 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, | ||
2320 | skb_frag_size(frag), PCI_DMA_TODEVICE); | ||
2321 | } | ||
2322 | } | ||
2323 | - /* Stamp the freed descriptor */ | ||
2324 | - for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; i += STAMP_STRIDE) { | ||
2325 | - *ptr = stamp; | ||
2326 | - ptr += STAMP_DWORDS; | ||
2327 | - } | ||
2328 | - | ||
2329 | } else { | ||
2330 | if (!tx_info->inl) { | ||
2331 | if ((void *) data >= end) { | ||
2332 | @@ -263,16 +288,6 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, | ||
2333 | ++data; | ||
2334 | } | ||
2335 | } | ||
2336 | - /* Stamp the freed descriptor */ | ||
2337 | - for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; i += STAMP_STRIDE) { | ||
2338 | - *ptr = stamp; | ||
2339 | - ptr += STAMP_DWORDS; | ||
2340 | - if ((void *) ptr >= end) { | ||
2341 | - ptr = ring->buf; | ||
2342 | - stamp ^= cpu_to_be32(0x80000000); | ||
2343 | - } | ||
2344 | - } | ||
2345 | - | ||
2346 | } | ||
2347 | dev_kfree_skb_any(skb); | ||
2348 | return tx_info->nr_txbb; | ||
2349 | @@ -318,8 +333,9 @@ static void mlx4_en_process_tx_cq(struct net_device *dev, struct mlx4_en_cq *cq) | ||
2350 | struct mlx4_en_tx_ring *ring = &priv->tx_ring[cq->ring]; | ||
2351 | struct mlx4_cqe *cqe; | ||
2352 | u16 index; | ||
2353 | - u16 new_index, ring_index; | ||
2354 | + u16 new_index, ring_index, stamp_index; | ||
2355 | u32 txbbs_skipped = 0; | ||
2356 | + u32 txbbs_stamp = 0; | ||
2357 | u32 cons_index = mcq->cons_index; | ||
2358 | int size = cq->size; | ||
2359 | u32 size_mask = ring->size_mask; | ||
2360 | @@ -335,6 +351,7 @@ static void mlx4_en_process_tx_cq(struct net_device *dev, struct mlx4_en_cq *cq) | ||
2361 | index = cons_index & size_mask; | ||
2362 | cqe = &buf[(index << factor) + factor]; | ||
2363 | ring_index = ring->cons & size_mask; | ||
2364 | + stamp_index = ring_index; | ||
2365 | |||
2366 | /* Process all completed CQEs */ | ||
2367 | while (XNOR(cqe->owner_sr_opcode & MLX4_CQE_OWNER_MASK, | ||
2368 | @@ -359,6 +376,12 @@ static void mlx4_en_process_tx_cq(struct net_device *dev, struct mlx4_en_cq *cq) | ||
2369 | priv, ring, ring_index, | ||
2370 | !!((ring->cons + txbbs_skipped) & | ||
2371 | ring->size), timestamp); | ||
2372 | + | ||
2373 | + mlx4_en_stamp_wqe(priv, ring, stamp_index, | ||
2374 | + !!((ring->cons + txbbs_stamp) & | ||
2375 | + ring->size)); | ||
2376 | + stamp_index = ring_index; | ||
2377 | + txbbs_stamp = txbbs_skipped; | ||
2378 | packets++; | ||
2379 | bytes += ring->tx_info[ring_index].nr_bytes; | ||
2380 | } while (ring_index != new_index); | ||
2381 | diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c | ||
2382 | index 398faff8be7a..ade8bdfc03af 100644 | ||
2383 | --- a/drivers/net/ethernet/sun/sunvnet.c | ||
2384 | +++ b/drivers/net/ethernet/sun/sunvnet.c | ||
2385 | @@ -656,7 +656,7 @@ static int vnet_start_xmit(struct sk_buff *skb, struct net_device *dev) | ||
2386 | spin_lock_irqsave(&port->vio.lock, flags); | ||
2387 | |||
2388 | dr = &port->vio.drings[VIO_DRIVER_TX_RING]; | ||
2389 | - if (unlikely(vnet_tx_dring_avail(dr) < 2)) { | ||
2390 | + if (unlikely(vnet_tx_dring_avail(dr) < 1)) { | ||
2391 | if (!netif_queue_stopped(dev)) { | ||
2392 | netif_stop_queue(dev); | ||
2393 | |||
2394 | @@ -704,7 +704,7 @@ static int vnet_start_xmit(struct sk_buff *skb, struct net_device *dev) | ||
2395 | dev->stats.tx_bytes += skb->len; | ||
2396 | |||
2397 | dr->prod = (dr->prod + 1) & (VNET_TX_RING_SIZE - 1); | ||
2398 | - if (unlikely(vnet_tx_dring_avail(dr) < 2)) { | ||
2399 | + if (unlikely(vnet_tx_dring_avail(dr) < 1)) { | ||
2400 | netif_stop_queue(dev); | ||
2401 | if (vnet_tx_dring_avail(dr) > VNET_TX_WAKEUP_THRESH(dr)) | ||
2402 | netif_wake_queue(dev); | ||
2403 | diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c | ||
2404 | index 9e56eb479a4f..2d255ba911d5 100644 | ||
2405 | --- a/drivers/net/macvtap.c | ||
2406 | +++ b/drivers/net/macvtap.c | ||
2407 | @@ -625,6 +625,8 @@ static int macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, | ||
2408 | if (skb->ip_summed == CHECKSUM_PARTIAL) { | ||
2409 | vnet_hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; | ||
2410 | vnet_hdr->csum_start = skb_checksum_start_offset(skb); | ||
2411 | + if (vlan_tx_tag_present(skb)) | ||
2412 | + vnet_hdr->csum_start += VLAN_HLEN; | ||
2413 | vnet_hdr->csum_offset = skb->csum_offset; | ||
2414 | } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { | ||
2415 | vnet_hdr->flags = VIRTIO_NET_HDR_F_DATA_VALID; | ||
2416 | diff --git a/drivers/net/wireless/iwlwifi/iwl-trans.h b/drivers/net/wireless/iwlwifi/iwl-trans.h | ||
2417 | index 72d2ecce0b8d..d8df1d9b0de3 100644 | ||
2418 | --- a/drivers/net/wireless/iwlwifi/iwl-trans.h | ||
2419 | +++ b/drivers/net/wireless/iwlwifi/iwl-trans.h | ||
2420 | @@ -489,6 +489,7 @@ enum iwl_trans_state { | ||
2421 | * Set during transport allocation. | ||
2422 | * @hw_id_str: a string with info about HW ID. Set during transport allocation. | ||
2423 | * @pm_support: set to true in start_hw if link pm is supported | ||
2424 | + * @ltr_enabled: set to true if the LTR is enabled | ||
2425 | * @dev_cmd_pool: pool for Tx cmd allocation - for internal use only. | ||
2426 | * The user should use iwl_trans_{alloc,free}_tx_cmd. | ||
2427 | * @dev_cmd_headroom: room needed for the transport's private use before the | ||
2428 | @@ -513,6 +514,7 @@ struct iwl_trans { | ||
2429 | u8 rx_mpdu_cmd, rx_mpdu_cmd_hdr_size; | ||
2430 | |||
2431 | bool pm_support; | ||
2432 | + bool ltr_enabled; | ||
2433 | |||
2434 | /* The following fields are internal only */ | ||
2435 | struct kmem_cache *dev_cmd_pool; | ||
2436 | diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | ||
2437 | index 81fe45f46be7..ac38ecf13c18 100644 | ||
2438 | --- a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | ||
2439 | +++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h | ||
2440 | @@ -67,7 +67,40 @@ | ||
2441 | /* Power Management Commands, Responses, Notifications */ | ||
2442 | |||
2443 | /** | ||
2444 | - * enum iwl_scan_flags - masks for power table command flags | ||
2445 | + * enum iwl_ltr_config_flags - masks for LTR config command flags | ||
2446 | + * @LTR_CFG_FLAG_FEATURE_ENABLE: Feature operational status | ||
2447 | + * @LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS: allow LTR change on shadow | ||
2448 | + * memory access | ||
2449 | + * @LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH: allow LTR msg send on ANY LTR | ||
2450 | + * reg change | ||
2451 | + * @LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3: allow LTR msg send on transition from | ||
2452 | + * D0 to D3 | ||
2453 | + * @LTR_CFG_FLAG_SW_SET_SHORT: fixed static short LTR register | ||
2454 | + * @LTR_CFG_FLAG_SW_SET_LONG: fixed static short LONG register | ||
2455 | + * @LTR_CFG_FLAG_DENIE_C10_ON_PD: allow going into C10 on PD | ||
2456 | + */ | ||
2457 | +enum iwl_ltr_config_flags { | ||
2458 | + LTR_CFG_FLAG_FEATURE_ENABLE = BIT(0), | ||
2459 | + LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS = BIT(1), | ||
2460 | + LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH = BIT(2), | ||
2461 | + LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3 = BIT(3), | ||
2462 | + LTR_CFG_FLAG_SW_SET_SHORT = BIT(4), | ||
2463 | + LTR_CFG_FLAG_SW_SET_LONG = BIT(5), | ||
2464 | + LTR_CFG_FLAG_DENIE_C10_ON_PD = BIT(6), | ||
2465 | +}; | ||
2466 | + | ||
2467 | +/** | ||
2468 | + * struct iwl_ltr_config_cmd - configures the LTR | ||
2469 | + * @flags: See %enum iwl_ltr_config_flags | ||
2470 | + */ | ||
2471 | +struct iwl_ltr_config_cmd { | ||
2472 | + __le32 flags; | ||
2473 | + __le32 static_long; | ||
2474 | + __le32 static_short; | ||
2475 | +} __packed; | ||
2476 | + | ||
2477 | +/** | ||
2478 | + * enum iwl_power_flags - masks for power table command flags | ||
2479 | * @POWER_FLAGS_POWER_SAVE_ENA_MSK: '1' Allow to save power by turning off | ||
2480 | * receiver and transmitter. '0' - does not allow. | ||
2481 | * @POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK: '0' Driver disables power management, | ||
2482 | diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api.h b/drivers/net/wireless/iwlwifi/mvm/fw-api.h | ||
2483 | index c6384555aab4..4b6730db42a5 100644 | ||
2484 | --- a/drivers/net/wireless/iwlwifi/mvm/fw-api.h | ||
2485 | +++ b/drivers/net/wireless/iwlwifi/mvm/fw-api.h | ||
2486 | @@ -138,6 +138,7 @@ enum { | ||
2487 | |||
2488 | /* Power */ | ||
2489 | POWER_TABLE_CMD = 0x77, | ||
2490 | + LTR_CONFIG = 0xee, | ||
2491 | |||
2492 | /* Scanning */ | ||
2493 | SCAN_REQUEST_CMD = 0x80, | ||
2494 | diff --git a/drivers/net/wireless/iwlwifi/mvm/fw.c b/drivers/net/wireless/iwlwifi/mvm/fw.c | ||
2495 | index e18c92dd60ec..d250d451fd01 100644 | ||
2496 | --- a/drivers/net/wireless/iwlwifi/mvm/fw.c | ||
2497 | +++ b/drivers/net/wireless/iwlwifi/mvm/fw.c | ||
2498 | @@ -443,6 +443,15 @@ int iwl_mvm_up(struct iwl_mvm *mvm) | ||
2499 | if (ret) | ||
2500 | goto error; | ||
2501 | |||
2502 | + if (mvm->trans->ltr_enabled) { | ||
2503 | + struct iwl_ltr_config_cmd cmd = { | ||
2504 | + .flags = cpu_to_le32(LTR_CFG_FLAG_FEATURE_ENABLE), | ||
2505 | + }; | ||
2506 | + | ||
2507 | + WARN_ON(iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, 0, | ||
2508 | + sizeof(cmd), &cmd)); | ||
2509 | + } | ||
2510 | + | ||
2511 | IWL_DEBUG_INFO(mvm, "RT uCode started.\n"); | ||
2512 | |||
2513 | return 0; | ||
2514 | diff --git a/drivers/net/wireless/iwlwifi/mvm/ops.c b/drivers/net/wireless/iwlwifi/mvm/ops.c | ||
2515 | index 388c8a914960..649d301cfa2a 100644 | ||
2516 | --- a/drivers/net/wireless/iwlwifi/mvm/ops.c | ||
2517 | +++ b/drivers/net/wireless/iwlwifi/mvm/ops.c | ||
2518 | @@ -293,6 +293,7 @@ static const char *iwl_mvm_cmd_strings[REPLY_MAX] = { | ||
2519 | CMD(BT_PROFILE_NOTIFICATION), | ||
2520 | CMD(BT_CONFIG), | ||
2521 | CMD(MCAST_FILTER_CMD), | ||
2522 | + CMD(LTR_CONFIG), | ||
2523 | }; | ||
2524 | #undef CMD | ||
2525 | |||
2526 | diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c | ||
2527 | index ff04135d37af..6a5eb2b29418 100644 | ||
2528 | --- a/drivers/net/wireless/iwlwifi/pcie/trans.c | ||
2529 | +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c | ||
2530 | @@ -116,11 +116,13 @@ static void iwl_pcie_set_pwr(struct iwl_trans *trans, bool vaux) | ||
2531 | |||
2532 | /* PCI registers */ | ||
2533 | #define PCI_CFG_RETRY_TIMEOUT 0x041 | ||
2534 | +#define PCI_EXP_DEVCTL2_LTR_EN 0x0400 | ||
2535 | |||
2536 | static void iwl_pcie_apm_config(struct iwl_trans *trans) | ||
2537 | { | ||
2538 | struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); | ||
2539 | u16 lctl; | ||
2540 | + u16 cap; | ||
2541 | |||
2542 | /* | ||
2543 | * HW bug W/A for instability in PCIe bus L0S->L1 transition. | ||
2544 | @@ -131,16 +133,17 @@ static void iwl_pcie_apm_config(struct iwl_trans *trans) | ||
2545 | * power savings, even without L1. | ||
2546 | */ | ||
2547 | pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_LNKCTL, &lctl); | ||
2548 | - if (lctl & PCI_EXP_LNKCTL_ASPM_L1) { | ||
2549 | - /* L1-ASPM enabled; disable(!) L0S */ | ||
2550 | + if (lctl & PCI_EXP_LNKCTL_ASPM_L1) | ||
2551 | iwl_set_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED); | ||
2552 | - dev_info(trans->dev, "L1 Enabled; Disabling L0S\n"); | ||
2553 | - } else { | ||
2554 | - /* L1-ASPM disabled; enable(!) L0S */ | ||
2555 | + else | ||
2556 | iwl_clear_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED); | ||
2557 | - dev_info(trans->dev, "L1 Disabled; Enabling L0S\n"); | ||
2558 | - } | ||
2559 | trans->pm_support = !(lctl & PCI_EXP_LNKCTL_ASPM_L0S); | ||
2560 | + | ||
2561 | + pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_DEVCTL2, &cap); | ||
2562 | + trans->ltr_enabled = cap & PCI_EXP_DEVCTL2_LTR_EN; | ||
2563 | + dev_info(trans->dev, "L1 %sabled - LTR %sabled\n", | ||
2564 | + (lctl & PCI_EXP_LNKCTL_ASPM_L1) ? "En" : "Dis", | ||
2565 | + trans->ltr_enabled ? "En" : "Dis"); | ||
2566 | } | ||
2567 | |||
2568 | /* | ||
2569 | diff --git a/drivers/platform/x86/dell-wmi.c b/drivers/platform/x86/dell-wmi.c | ||
2570 | index fa9a2171cc13..b264d8fe1908 100644 | ||
2571 | --- a/drivers/platform/x86/dell-wmi.c | ||
2572 | +++ b/drivers/platform/x86/dell-wmi.c | ||
2573 | @@ -163,18 +163,24 @@ static void dell_wmi_notify(u32 value, void *context) | ||
2574 | const struct key_entry *key; | ||
2575 | int reported_key; | ||
2576 | u16 *buffer_entry = (u16 *)obj->buffer.pointer; | ||
2577 | + int buffer_size = obj->buffer.length/2; | ||
2578 | |||
2579 | - if (dell_new_hk_type && (buffer_entry[1] != 0x10)) { | ||
2580 | + if (buffer_size >= 2 && dell_new_hk_type && buffer_entry[1] != 0x10) { | ||
2581 | pr_info("Received unknown WMI event (0x%x)\n", | ||
2582 | buffer_entry[1]); | ||
2583 | kfree(obj); | ||
2584 | return; | ||
2585 | } | ||
2586 | |||
2587 | - if (dell_new_hk_type || buffer_entry[1] == 0x0) | ||
2588 | + if (buffer_size >= 3 && (dell_new_hk_type || buffer_entry[1] == 0x0)) | ||
2589 | reported_key = (int)buffer_entry[2]; | ||
2590 | - else | ||
2591 | + else if (buffer_size >= 2) | ||
2592 | reported_key = (int)buffer_entry[1] & 0xffff; | ||
2593 | + else { | ||
2594 | + pr_info("Received unknown WMI event\n"); | ||
2595 | + kfree(obj); | ||
2596 | + return; | ||
2597 | + } | ||
2598 | |||
2599 | key = sparse_keymap_entry_from_scancode(dell_wmi_input_dev, | ||
2600 | reported_key); | ||
2601 | diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c | ||
2602 | index 287667c20c6a..62ed744bbe06 100644 | ||
2603 | --- a/drivers/scsi/hpsa.c | ||
2604 | +++ b/drivers/scsi/hpsa.c | ||
2605 | @@ -1206,8 +1206,8 @@ static void complete_scsi_command(struct CommandList *cp) | ||
2606 | scsi_set_resid(cmd, ei->ResidualCnt); | ||
2607 | |||
2608 | if (ei->CommandStatus == 0) { | ||
2609 | - cmd->scsi_done(cmd); | ||
2610 | cmd_free(h, cp); | ||
2611 | + cmd->scsi_done(cmd); | ||
2612 | return; | ||
2613 | } | ||
2614 | |||
2615 | @@ -1380,8 +1380,8 @@ static void complete_scsi_command(struct CommandList *cp) | ||
2616 | dev_warn(&h->pdev->dev, "cp %p returned unknown status %x\n", | ||
2617 | cp, ei->CommandStatus); | ||
2618 | } | ||
2619 | - cmd->scsi_done(cmd); | ||
2620 | cmd_free(h, cp); | ||
2621 | + cmd->scsi_done(cmd); | ||
2622 | } | ||
2623 | |||
2624 | static void hpsa_pci_unmap(struct pci_dev *pdev, | ||
2625 | diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c | ||
2626 | index f43de1e56420..3668b1b23b5a 100644 | ||
2627 | --- a/drivers/scsi/scsi_error.c | ||
2628 | +++ b/drivers/scsi/scsi_error.c | ||
2629 | @@ -1689,8 +1689,10 @@ static void scsi_restart_operations(struct Scsi_Host *shost) | ||
2630 | * is no point trying to lock the door of an off-line device. | ||
2631 | */ | ||
2632 | shost_for_each_device(sdev, shost) { | ||
2633 | - if (scsi_device_online(sdev) && sdev->locked) | ||
2634 | + if (scsi_device_online(sdev) && sdev->was_reset && sdev->locked) { | ||
2635 | scsi_eh_lock_door(sdev); | ||
2636 | + sdev->was_reset = 0; | ||
2637 | + } | ||
2638 | } | ||
2639 | |||
2640 | /* | ||
2641 | diff --git a/fs/ioprio.c b/fs/ioprio.c | ||
2642 | index e50170ca7c33..31666c92b46a 100644 | ||
2643 | --- a/fs/ioprio.c | ||
2644 | +++ b/fs/ioprio.c | ||
2645 | @@ -157,14 +157,16 @@ out: | ||
2646 | |||
2647 | int ioprio_best(unsigned short aprio, unsigned short bprio) | ||
2648 | { | ||
2649 | - unsigned short aclass = IOPRIO_PRIO_CLASS(aprio); | ||
2650 | - unsigned short bclass = IOPRIO_PRIO_CLASS(bprio); | ||
2651 | + unsigned short aclass; | ||
2652 | + unsigned short bclass; | ||
2653 | |||
2654 | - if (aclass == IOPRIO_CLASS_NONE) | ||
2655 | - aclass = IOPRIO_CLASS_BE; | ||
2656 | - if (bclass == IOPRIO_CLASS_NONE) | ||
2657 | - bclass = IOPRIO_CLASS_BE; | ||
2658 | + if (!ioprio_valid(aprio)) | ||
2659 | + aprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_NORM); | ||
2660 | + if (!ioprio_valid(bprio)) | ||
2661 | + bprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_NORM); | ||
2662 | |||
2663 | + aclass = IOPRIO_PRIO_CLASS(aprio); | ||
2664 | + bclass = IOPRIO_PRIO_CLASS(bprio); | ||
2665 | if (aclass == bclass) | ||
2666 | return min(aprio, bprio); | ||
2667 | if (aclass > bclass) | ||
2668 | diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c | ||
2669 | index 4b49a8c6ccad..ef0c394b7bf5 100644 | ||
2670 | --- a/fs/nfs/delegation.c | ||
2671 | +++ b/fs/nfs/delegation.c | ||
2672 | @@ -108,6 +108,8 @@ again: | ||
2673 | continue; | ||
2674 | if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) | ||
2675 | continue; | ||
2676 | + if (!nfs4_valid_open_stateid(state)) | ||
2677 | + continue; | ||
2678 | if (!nfs4_stateid_match(&state->stateid, stateid)) | ||
2679 | continue; | ||
2680 | get_nfs_open_context(ctx); | ||
2681 | @@ -175,7 +177,11 @@ static int nfs_do_return_delegation(struct inode *inode, struct nfs_delegation * | ||
2682 | { | ||
2683 | int res = 0; | ||
2684 | |||
2685 | - res = nfs4_proc_delegreturn(inode, delegation->cred, &delegation->stateid, issync); | ||
2686 | + if (!test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) | ||
2687 | + res = nfs4_proc_delegreturn(inode, | ||
2688 | + delegation->cred, | ||
2689 | + &delegation->stateid, | ||
2690 | + issync); | ||
2691 | nfs_free_delegation(delegation); | ||
2692 | return res; | ||
2693 | } | ||
2694 | @@ -361,11 +367,13 @@ static int nfs_end_delegation_return(struct inode *inode, struct nfs_delegation | ||
2695 | { | ||
2696 | struct nfs_client *clp = NFS_SERVER(inode)->nfs_client; | ||
2697 | struct nfs_inode *nfsi = NFS_I(inode); | ||
2698 | - int err; | ||
2699 | + int err = 0; | ||
2700 | |||
2701 | if (delegation == NULL) | ||
2702 | return 0; | ||
2703 | do { | ||
2704 | + if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) | ||
2705 | + break; | ||
2706 | err = nfs_delegation_claim_opens(inode, &delegation->stateid); | ||
2707 | if (!issync || err != -EAGAIN) | ||
2708 | break; | ||
2709 | @@ -586,10 +594,23 @@ static void nfs_client_mark_return_unused_delegation_types(struct nfs_client *cl | ||
2710 | rcu_read_unlock(); | ||
2711 | } | ||
2712 | |||
2713 | +static void nfs_revoke_delegation(struct inode *inode) | ||
2714 | +{ | ||
2715 | + struct nfs_delegation *delegation; | ||
2716 | + rcu_read_lock(); | ||
2717 | + delegation = rcu_dereference(NFS_I(inode)->delegation); | ||
2718 | + if (delegation != NULL) { | ||
2719 | + set_bit(NFS_DELEGATION_REVOKED, &delegation->flags); | ||
2720 | + nfs_mark_return_delegation(NFS_SERVER(inode), delegation); | ||
2721 | + } | ||
2722 | + rcu_read_unlock(); | ||
2723 | +} | ||
2724 | + | ||
2725 | void nfs_remove_bad_delegation(struct inode *inode) | ||
2726 | { | ||
2727 | struct nfs_delegation *delegation; | ||
2728 | |||
2729 | + nfs_revoke_delegation(inode); | ||
2730 | delegation = nfs_inode_detach_delegation(inode); | ||
2731 | if (delegation) { | ||
2732 | nfs_inode_find_state_and_recover(inode, &delegation->stateid); | ||
2733 | diff --git a/fs/nfs/delegation.h b/fs/nfs/delegation.h | ||
2734 | index 9a79c7a99d6d..e02b090ab9da 100644 | ||
2735 | --- a/fs/nfs/delegation.h | ||
2736 | +++ b/fs/nfs/delegation.h | ||
2737 | @@ -31,6 +31,7 @@ enum { | ||
2738 | NFS_DELEGATION_RETURN_IF_CLOSED, | ||
2739 | NFS_DELEGATION_REFERENCED, | ||
2740 | NFS_DELEGATION_RETURNING, | ||
2741 | + NFS_DELEGATION_REVOKED, | ||
2742 | }; | ||
2743 | |||
2744 | int nfs_inode_set_delegation(struct inode *inode, struct rpc_cred *cred, struct nfs_openres *res); | ||
2745 | diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c | ||
2746 | index 0bd7a55a5f07..725e87538c98 100644 | ||
2747 | --- a/fs/nfs/direct.c | ||
2748 | +++ b/fs/nfs/direct.c | ||
2749 | @@ -180,6 +180,7 @@ static void nfs_direct_req_free(struct kref *kref) | ||
2750 | { | ||
2751 | struct nfs_direct_req *dreq = container_of(kref, struct nfs_direct_req, kref); | ||
2752 | |||
2753 | + nfs_free_pnfs_ds_cinfo(&dreq->ds_cinfo); | ||
2754 | if (dreq->l_ctx != NULL) | ||
2755 | nfs_put_lock_context(dreq->l_ctx); | ||
2756 | if (dreq->ctx != NULL) | ||
2757 | diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c | ||
2758 | index cd4b9073dd20..e9be01b2cc5a 100644 | ||
2759 | --- a/fs/nfs/inode.c | ||
2760 | +++ b/fs/nfs/inode.c | ||
2761 | @@ -519,7 +519,7 @@ int nfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) | ||
2762 | { | ||
2763 | struct inode *inode = dentry->d_inode; | ||
2764 | int need_atime = NFS_I(inode)->cache_validity & NFS_INO_INVALID_ATIME; | ||
2765 | - int err; | ||
2766 | + int err = 0; | ||
2767 | |||
2768 | /* Flush out writes to the server in order to update c/mtime. */ | ||
2769 | if (S_ISREG(inode->i_mode)) { | ||
2770 | diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c | ||
2771 | index 69fc437be661..78787948f69d 100644 | ||
2772 | --- a/fs/nfs/nfs4proc.c | ||
2773 | +++ b/fs/nfs/nfs4proc.c | ||
2774 | @@ -1416,7 +1416,7 @@ static int nfs4_handle_delegation_recall_error(struct nfs_server *server, struct | ||
2775 | nfs_inode_find_state_and_recover(state->inode, | ||
2776 | stateid); | ||
2777 | nfs4_schedule_stateid_recovery(server, state); | ||
2778 | - return 0; | ||
2779 | + return -EAGAIN; | ||
2780 | case -NFS4ERR_DELAY: | ||
2781 | case -NFS4ERR_GRACE: | ||
2782 | set_bit(NFS_DELEGATED_STATE, &state->flags); | ||
2783 | @@ -1845,6 +1845,28 @@ static int nfs4_open_expired(struct nfs4_state_owner *sp, struct nfs4_state *sta | ||
2784 | return ret; | ||
2785 | } | ||
2786 | |||
2787 | +static void nfs_finish_clear_delegation_stateid(struct nfs4_state *state) | ||
2788 | +{ | ||
2789 | + nfs_remove_bad_delegation(state->inode); | ||
2790 | + write_seqlock(&state->seqlock); | ||
2791 | + nfs4_stateid_copy(&state->stateid, &state->open_stateid); | ||
2792 | + write_sequnlock(&state->seqlock); | ||
2793 | + clear_bit(NFS_DELEGATED_STATE, &state->flags); | ||
2794 | +} | ||
2795 | + | ||
2796 | +static void nfs40_clear_delegation_stateid(struct nfs4_state *state) | ||
2797 | +{ | ||
2798 | + if (rcu_access_pointer(NFS_I(state->inode)->delegation) != NULL) | ||
2799 | + nfs_finish_clear_delegation_stateid(state); | ||
2800 | +} | ||
2801 | + | ||
2802 | +static int nfs40_open_expired(struct nfs4_state_owner *sp, struct nfs4_state *state) | ||
2803 | +{ | ||
2804 | + /* NFSv4.0 doesn't allow for delegation recovery on open expire */ | ||
2805 | + nfs40_clear_delegation_stateid(state); | ||
2806 | + return nfs4_open_expired(sp, state); | ||
2807 | +} | ||
2808 | + | ||
2809 | #if defined(CONFIG_NFS_V4_1) | ||
2810 | static void nfs41_clear_delegation_stateid(struct nfs4_state *state) | ||
2811 | { | ||
2812 | @@ -6974,7 +6996,7 @@ static const struct nfs4_state_recovery_ops nfs41_reboot_recovery_ops = { | ||
2813 | static const struct nfs4_state_recovery_ops nfs40_nograce_recovery_ops = { | ||
2814 | .owner_flag_bit = NFS_OWNER_RECLAIM_NOGRACE, | ||
2815 | .state_flag_bit = NFS_STATE_RECLAIM_NOGRACE, | ||
2816 | - .recover_open = nfs4_open_expired, | ||
2817 | + .recover_open = nfs40_open_expired, | ||
2818 | .recover_lock = nfs4_lock_expired, | ||
2819 | .establish_clid = nfs4_init_clientid, | ||
2820 | .get_clid_cred = nfs4_get_setclientid_cred, | ||
2821 | diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h | ||
2822 | index 7279b94c01da..91aa89e1aaa0 100644 | ||
2823 | --- a/include/linux/clocksource.h | ||
2824 | +++ b/include/linux/clocksource.h | ||
2825 | @@ -285,7 +285,7 @@ extern struct clocksource* clocksource_get_next(void); | ||
2826 | extern void clocksource_change_rating(struct clocksource *cs, int rating); | ||
2827 | extern void clocksource_suspend(void); | ||
2828 | extern void clocksource_resume(void); | ||
2829 | -extern struct clocksource * __init __weak clocksource_default_clock(void); | ||
2830 | +extern struct clocksource * __init clocksource_default_clock(void); | ||
2831 | extern void clocksource_mark_unstable(struct clocksource *cs); | ||
2832 | |||
2833 | extern void | ||
2834 | diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h | ||
2835 | index c6e091bf39a5..bdfc95bddde9 100644 | ||
2836 | --- a/include/linux/kgdb.h | ||
2837 | +++ b/include/linux/kgdb.h | ||
2838 | @@ -283,7 +283,7 @@ struct kgdb_io { | ||
2839 | |||
2840 | extern struct kgdb_arch arch_kgdb_ops; | ||
2841 | |||
2842 | -extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); | ||
2843 | +extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); | ||
2844 | |||
2845 | #ifdef CONFIG_SERIAL_KGDB_NMI | ||
2846 | extern int kgdb_register_nmi_console(void); | ||
2847 | diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h | ||
2848 | index d6183f06d8c1..a3b4812f494f 100644 | ||
2849 | --- a/include/linux/memcontrol.h | ||
2850 | +++ b/include/linux/memcontrol.h | ||
2851 | @@ -124,6 +124,25 @@ extern void mem_cgroup_print_oom_info(struct mem_cgroup *memcg, | ||
2852 | extern void mem_cgroup_replace_page_cache(struct page *oldpage, | ||
2853 | struct page *newpage); | ||
2854 | |||
2855 | +static inline void mem_cgroup_oom_enable(void) | ||
2856 | +{ | ||
2857 | + WARN_ON(current->memcg_oom.may_oom); | ||
2858 | + current->memcg_oom.may_oom = 1; | ||
2859 | +} | ||
2860 | + | ||
2861 | +static inline void mem_cgroup_oom_disable(void) | ||
2862 | +{ | ||
2863 | + WARN_ON(!current->memcg_oom.may_oom); | ||
2864 | + current->memcg_oom.may_oom = 0; | ||
2865 | +} | ||
2866 | + | ||
2867 | +static inline bool task_in_memcg_oom(struct task_struct *p) | ||
2868 | +{ | ||
2869 | + return p->memcg_oom.memcg; | ||
2870 | +} | ||
2871 | + | ||
2872 | +bool mem_cgroup_oom_synchronize(bool wait); | ||
2873 | + | ||
2874 | #ifdef CONFIG_MEMCG_SWAP | ||
2875 | extern int do_swap_account; | ||
2876 | #endif | ||
2877 | @@ -347,6 +366,24 @@ static inline void mem_cgroup_end_update_page_stat(struct page *page, | ||
2878 | { | ||
2879 | } | ||
2880 | |||
2881 | +static inline void mem_cgroup_oom_enable(void) | ||
2882 | +{ | ||
2883 | +} | ||
2884 | + | ||
2885 | +static inline void mem_cgroup_oom_disable(void) | ||
2886 | +{ | ||
2887 | +} | ||
2888 | + | ||
2889 | +static inline bool task_in_memcg_oom(struct task_struct *p) | ||
2890 | +{ | ||
2891 | + return false; | ||
2892 | +} | ||
2893 | + | ||
2894 | +static inline bool mem_cgroup_oom_synchronize(bool wait) | ||
2895 | +{ | ||
2896 | + return false; | ||
2897 | +} | ||
2898 | + | ||
2899 | static inline void mem_cgroup_inc_page_stat(struct page *page, | ||
2900 | enum mem_cgroup_page_stat_item idx) | ||
2901 | { | ||
2902 | diff --git a/include/linux/mm.h b/include/linux/mm.h | ||
2903 | index 7da14357aa76..d4cdac903468 100644 | ||
2904 | --- a/include/linux/mm.h | ||
2905 | +++ b/include/linux/mm.h | ||
2906 | @@ -167,6 +167,7 @@ extern pgprot_t protection_map[16]; | ||
2907 | #define FAULT_FLAG_RETRY_NOWAIT 0x10 /* Don't drop mmap_sem and wait when retrying */ | ||
2908 | #define FAULT_FLAG_KILLABLE 0x20 /* The fault task is in SIGKILL killable region */ | ||
2909 | #define FAULT_FLAG_TRIED 0x40 /* second try */ | ||
2910 | +#define FAULT_FLAG_USER 0x80 /* The fault originated in userspace */ | ||
2911 | |||
2912 | /* | ||
2913 | * vm_fault is filled by the the pagefault handler and passed to the vma's | ||
2914 | diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h | ||
2915 | index 104b62f23ee0..54e351aa4d2e 100644 | ||
2916 | --- a/include/linux/nfs_xdr.h | ||
2917 | +++ b/include/linux/nfs_xdr.h | ||
2918 | @@ -1184,11 +1184,22 @@ struct nfs41_free_stateid_res { | ||
2919 | unsigned int status; | ||
2920 | }; | ||
2921 | |||
2922 | +static inline void | ||
2923 | +nfs_free_pnfs_ds_cinfo(struct pnfs_ds_commit_info *cinfo) | ||
2924 | +{ | ||
2925 | + kfree(cinfo->buckets); | ||
2926 | +} | ||
2927 | + | ||
2928 | #else | ||
2929 | |||
2930 | struct pnfs_ds_commit_info { | ||
2931 | }; | ||
2932 | |||
2933 | +static inline void | ||
2934 | +nfs_free_pnfs_ds_cinfo(struct pnfs_ds_commit_info *cinfo) | ||
2935 | +{ | ||
2936 | +} | ||
2937 | + | ||
2938 | #endif /* CONFIG_NFS_V4_1 */ | ||
2939 | |||
2940 | struct nfs_page; | ||
2941 | diff --git a/include/linux/sched.h b/include/linux/sched.h | ||
2942 | index f87e9a8d364f..00c1d4f45072 100644 | ||
2943 | --- a/include/linux/sched.h | ||
2944 | +++ b/include/linux/sched.h | ||
2945 | @@ -1411,6 +1411,12 @@ struct task_struct { | ||
2946 | unsigned long memsw_nr_pages; /* uncharged mem+swap usage */ | ||
2947 | } memcg_batch; | ||
2948 | unsigned int memcg_kmem_skip_account; | ||
2949 | + struct memcg_oom_info { | ||
2950 | + struct mem_cgroup *memcg; | ||
2951 | + gfp_t gfp_mask; | ||
2952 | + int order; | ||
2953 | + unsigned int may_oom:1; | ||
2954 | + } memcg_oom; | ||
2955 | #endif | ||
2956 | #ifdef CONFIG_HAVE_HW_BREAKPOINT | ||
2957 | atomic_t ptrace_bp_refcnt; | ||
2958 | diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h | ||
2959 | index cd89510eab2a..845ab6decc45 100644 | ||
2960 | --- a/include/net/sctp/sctp.h | ||
2961 | +++ b/include/net/sctp/sctp.h | ||
2962 | @@ -540,6 +540,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat | ||
2963 | asoc->pmtu_pending = 0; | ||
2964 | } | ||
2965 | |||
2966 | +static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk) | ||
2967 | +{ | ||
2968 | + return !list_empty(&chunk->list); | ||
2969 | +} | ||
2970 | + | ||
2971 | /* Walk through a list of TLV parameters. Don't trust the | ||
2972 | * individual parameter lengths and instead depend on | ||
2973 | * the chunk length to indicate when to stop. Make sure | ||
2974 | diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h | ||
2975 | index 2a82d1384706..c4c9458f37cd 100644 | ||
2976 | --- a/include/net/sctp/sm.h | ||
2977 | +++ b/include/net/sctp/sm.h | ||
2978 | @@ -255,9 +255,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *, | ||
2979 | int, __be16); | ||
2980 | struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, | ||
2981 | union sctp_addr *addr); | ||
2982 | -int sctp_verify_asconf(const struct sctp_association *asoc, | ||
2983 | - struct sctp_paramhdr *param_hdr, void *chunk_end, | ||
2984 | - struct sctp_paramhdr **errp); | ||
2985 | +bool sctp_verify_asconf(const struct sctp_association *asoc, | ||
2986 | + struct sctp_chunk *chunk, bool addr_param_needed, | ||
2987 | + struct sctp_paramhdr **errp); | ||
2988 | struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, | ||
2989 | struct sctp_chunk *asconf); | ||
2990 | int sctp_process_asconf_ack(struct sctp_association *asoc, | ||
2991 | diff --git a/include/uapi/linux/netfilter/xt_bpf.h b/include/uapi/linux/netfilter/xt_bpf.h | ||
2992 | index 5dda450eb55b..2ec9fbcd06f9 100644 | ||
2993 | --- a/include/uapi/linux/netfilter/xt_bpf.h | ||
2994 | +++ b/include/uapi/linux/netfilter/xt_bpf.h | ||
2995 | @@ -6,6 +6,8 @@ | ||
2996 | |||
2997 | #define XT_BPF_MAX_NUM_INSTR 64 | ||
2998 | |||
2999 | +struct sk_filter; | ||
3000 | + | ||
3001 | struct xt_bpf_info { | ||
3002 | __u16 bpf_program_num_elem; | ||
3003 | struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; | ||
3004 | diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c | ||
3005 | index b0e99deb6d05..a0f0ab2ac2a8 100644 | ||
3006 | --- a/ipc/ipc_sysctl.c | ||
3007 | +++ b/ipc/ipc_sysctl.c | ||
3008 | @@ -123,7 +123,6 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write, | ||
3009 | void __user *buffer, size_t *lenp, loff_t *ppos) | ||
3010 | { | ||
3011 | struct ctl_table ipc_table; | ||
3012 | - size_t lenp_bef = *lenp; | ||
3013 | int oldval; | ||
3014 | int rc; | ||
3015 | |||
3016 | @@ -133,7 +132,7 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write, | ||
3017 | |||
3018 | rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos); | ||
3019 | |||
3020 | - if (write && !rc && lenp_bef == *lenp) { | ||
3021 | + if (write && !rc) { | ||
3022 | int newval = *((int *)(ipc_table.data)); | ||
3023 | /* | ||
3024 | * The file "auto_msgmni" has correctly been set. | ||
3025 | diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c | ||
3026 | index 43c307dc9453..00c4459f76df 100644 | ||
3027 | --- a/kernel/audit_tree.c | ||
3028 | +++ b/kernel/audit_tree.c | ||
3029 | @@ -154,6 +154,7 @@ static struct audit_chunk *alloc_chunk(int count) | ||
3030 | chunk->owners[i].index = i; | ||
3031 | } | ||
3032 | fsnotify_init_mark(&chunk->mark, audit_tree_destroy_watch); | ||
3033 | + chunk->mark.mask = FS_IN_IGNORED; | ||
3034 | return chunk; | ||
3035 | } | ||
3036 | |||
3037 | diff --git a/kernel/events/core.c b/kernel/events/core.c | ||
3038 | index 0b4733447151..3f63ea6464ca 100644 | ||
3039 | --- a/kernel/events/core.c | ||
3040 | +++ b/kernel/events/core.c | ||
3041 | @@ -39,6 +39,7 @@ | ||
3042 | #include <linux/hw_breakpoint.h> | ||
3043 | #include <linux/mm_types.h> | ||
3044 | #include <linux/cgroup.h> | ||
3045 | +#include <linux/compat.h> | ||
3046 | |||
3047 | #include "internal.h" | ||
3048 | |||
3049 | @@ -3490,6 +3491,25 @@ static long perf_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | ||
3050 | return 0; | ||
3051 | } | ||
3052 | |||
3053 | +#ifdef CONFIG_COMPAT | ||
3054 | +static long perf_compat_ioctl(struct file *file, unsigned int cmd, | ||
3055 | + unsigned long arg) | ||
3056 | +{ | ||
3057 | + switch (_IOC_NR(cmd)) { | ||
3058 | + case _IOC_NR(PERF_EVENT_IOC_SET_FILTER): | ||
3059 | + /* Fix up pointer size (usually 4 -> 8 in 32-on-64-bit case */ | ||
3060 | + if (_IOC_SIZE(cmd) == sizeof(compat_uptr_t)) { | ||
3061 | + cmd &= ~IOCSIZE_MASK; | ||
3062 | + cmd |= sizeof(void *) << IOCSIZE_SHIFT; | ||
3063 | + } | ||
3064 | + break; | ||
3065 | + } | ||
3066 | + return perf_ioctl(file, cmd, arg); | ||
3067 | +} | ||
3068 | +#else | ||
3069 | +# define perf_compat_ioctl NULL | ||
3070 | +#endif | ||
3071 | + | ||
3072 | int perf_event_task_enable(void) | ||
3073 | { | ||
3074 | struct perf_event *event; | ||
3075 | @@ -3961,7 +3981,7 @@ static const struct file_operations perf_fops = { | ||
3076 | .read = perf_read, | ||
3077 | .poll = perf_poll, | ||
3078 | .unlocked_ioctl = perf_ioctl, | ||
3079 | - .compat_ioctl = perf_ioctl, | ||
3080 | + .compat_ioctl = perf_compat_ioctl, | ||
3081 | .mmap = perf_mmap, | ||
3082 | .fasync = perf_fasync, | ||
3083 | }; | ||
3084 | diff --git a/mm/memcontrol.c b/mm/memcontrol.c | ||
3085 | index f45e21ab9cea..eaa3accb01e7 100644 | ||
3086 | --- a/mm/memcontrol.c | ||
3087 | +++ b/mm/memcontrol.c | ||
3088 | @@ -302,6 +302,7 @@ struct mem_cgroup { | ||
3089 | |||
3090 | bool oom_lock; | ||
3091 | atomic_t under_oom; | ||
3092 | + atomic_t oom_wakeups; | ||
3093 | |||
3094 | atomic_t refcnt; | ||
3095 | |||
3096 | @@ -2075,15 +2076,18 @@ static int mem_cgroup_soft_reclaim(struct mem_cgroup *root_memcg, | ||
3097 | return total; | ||
3098 | } | ||
3099 | |||
3100 | +static DEFINE_SPINLOCK(memcg_oom_lock); | ||
3101 | + | ||
3102 | /* | ||
3103 | * Check OOM-Killer is already running under our hierarchy. | ||
3104 | * If someone is running, return false. | ||
3105 | - * Has to be called with memcg_oom_lock | ||
3106 | */ | ||
3107 | -static bool mem_cgroup_oom_lock(struct mem_cgroup *memcg) | ||
3108 | +static bool mem_cgroup_oom_trylock(struct mem_cgroup *memcg) | ||
3109 | { | ||
3110 | struct mem_cgroup *iter, *failed = NULL; | ||
3111 | |||
3112 | + spin_lock(&memcg_oom_lock); | ||
3113 | + | ||
3114 | for_each_mem_cgroup_tree(iter, memcg) { | ||
3115 | if (iter->oom_lock) { | ||
3116 | /* | ||
3117 | @@ -2097,33 +2101,33 @@ static bool mem_cgroup_oom_lock(struct mem_cgroup *memcg) | ||
3118 | iter->oom_lock = true; | ||
3119 | } | ||
3120 | |||
3121 | - if (!failed) | ||
3122 | - return true; | ||
3123 | - | ||
3124 | - /* | ||
3125 | - * OK, we failed to lock the whole subtree so we have to clean up | ||
3126 | - * what we set up to the failing subtree | ||
3127 | - */ | ||
3128 | - for_each_mem_cgroup_tree(iter, memcg) { | ||
3129 | - if (iter == failed) { | ||
3130 | - mem_cgroup_iter_break(memcg, iter); | ||
3131 | - break; | ||
3132 | + if (failed) { | ||
3133 | + /* | ||
3134 | + * OK, we failed to lock the whole subtree so we have | ||
3135 | + * to clean up what we set up to the failing subtree | ||
3136 | + */ | ||
3137 | + for_each_mem_cgroup_tree(iter, memcg) { | ||
3138 | + if (iter == failed) { | ||
3139 | + mem_cgroup_iter_break(memcg, iter); | ||
3140 | + break; | ||
3141 | + } | ||
3142 | + iter->oom_lock = false; | ||
3143 | } | ||
3144 | - iter->oom_lock = false; | ||
3145 | } | ||
3146 | - return false; | ||
3147 | + | ||
3148 | + spin_unlock(&memcg_oom_lock); | ||
3149 | + | ||
3150 | + return !failed; | ||
3151 | } | ||
3152 | |||
3153 | -/* | ||
3154 | - * Has to be called with memcg_oom_lock | ||
3155 | - */ | ||
3156 | -static int mem_cgroup_oom_unlock(struct mem_cgroup *memcg) | ||
3157 | +static void mem_cgroup_oom_unlock(struct mem_cgroup *memcg) | ||
3158 | { | ||
3159 | struct mem_cgroup *iter; | ||
3160 | |||
3161 | + spin_lock(&memcg_oom_lock); | ||
3162 | for_each_mem_cgroup_tree(iter, memcg) | ||
3163 | iter->oom_lock = false; | ||
3164 | - return 0; | ||
3165 | + spin_unlock(&memcg_oom_lock); | ||
3166 | } | ||
3167 | |||
3168 | static void mem_cgroup_mark_under_oom(struct mem_cgroup *memcg) | ||
3169 | @@ -2147,7 +2151,6 @@ static void mem_cgroup_unmark_under_oom(struct mem_cgroup *memcg) | ||
3170 | atomic_add_unless(&iter->under_oom, -1, 0); | ||
3171 | } | ||
3172 | |||
3173 | -static DEFINE_SPINLOCK(memcg_oom_lock); | ||
3174 | static DECLARE_WAIT_QUEUE_HEAD(memcg_oom_waitq); | ||
3175 | |||
3176 | struct oom_wait_info { | ||
3177 | @@ -2177,6 +2180,7 @@ static int memcg_oom_wake_function(wait_queue_t *wait, | ||
3178 | |||
3179 | static void memcg_wakeup_oom(struct mem_cgroup *memcg) | ||
3180 | { | ||
3181 | + atomic_inc(&memcg->oom_wakeups); | ||
3182 | /* for filtering, pass "memcg" as argument. */ | ||
3183 | __wake_up(&memcg_oom_waitq, TASK_NORMAL, 0, memcg); | ||
3184 | } | ||
3185 | @@ -2187,57 +2191,97 @@ static void memcg_oom_recover(struct mem_cgroup *memcg) | ||
3186 | memcg_wakeup_oom(memcg); | ||
3187 | } | ||
3188 | |||
3189 | -/* | ||
3190 | - * try to call OOM killer. returns false if we should exit memory-reclaim loop. | ||
3191 | +static void mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int order) | ||
3192 | +{ | ||
3193 | + if (!current->memcg_oom.may_oom) | ||
3194 | + return; | ||
3195 | + /* | ||
3196 | + * We are in the middle of the charge context here, so we | ||
3197 | + * don't want to block when potentially sitting on a callstack | ||
3198 | + * that holds all kinds of filesystem and mm locks. | ||
3199 | + * | ||
3200 | + * Also, the caller may handle a failed allocation gracefully | ||
3201 | + * (like optional page cache readahead) and so an OOM killer | ||
3202 | + * invocation might not even be necessary. | ||
3203 | + * | ||
3204 | + * That's why we don't do anything here except remember the | ||
3205 | + * OOM context and then deal with it at the end of the page | ||
3206 | + * fault when the stack is unwound, the locks are released, | ||
3207 | + * and when we know whether the fault was overall successful. | ||
3208 | + */ | ||
3209 | + css_get(&memcg->css); | ||
3210 | + current->memcg_oom.memcg = memcg; | ||
3211 | + current->memcg_oom.gfp_mask = mask; | ||
3212 | + current->memcg_oom.order = order; | ||
3213 | +} | ||
3214 | + | ||
3215 | +/** | ||
3216 | + * mem_cgroup_oom_synchronize - complete memcg OOM handling | ||
3217 | + * @handle: actually kill/wait or just clean up the OOM state | ||
3218 | + * | ||
3219 | + * This has to be called at the end of a page fault if the memcg OOM | ||
3220 | + * handler was enabled. | ||
3221 | + * | ||
3222 | + * Memcg supports userspace OOM handling where failed allocations must | ||
3223 | + * sleep on a waitqueue until the userspace task resolves the | ||
3224 | + * situation. Sleeping directly in the charge context with all kinds | ||
3225 | + * of locks held is not a good idea, instead we remember an OOM state | ||
3226 | + * in the task and mem_cgroup_oom_synchronize() has to be called at | ||
3227 | + * the end of the page fault to complete the OOM handling. | ||
3228 | + * | ||
3229 | + * Returns %true if an ongoing memcg OOM situation was detected and | ||
3230 | + * completed, %false otherwise. | ||
3231 | */ | ||
3232 | -static bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask, | ||
3233 | - int order) | ||
3234 | +bool mem_cgroup_oom_synchronize(bool handle) | ||
3235 | { | ||
3236 | + struct mem_cgroup *memcg = current->memcg_oom.memcg; | ||
3237 | struct oom_wait_info owait; | ||
3238 | - bool locked, need_to_kill; | ||
3239 | + bool locked; | ||
3240 | + | ||
3241 | + /* OOM is global, do not handle */ | ||
3242 | + if (!memcg) | ||
3243 | + return false; | ||
3244 | + | ||
3245 | + if (!handle) | ||
3246 | + goto cleanup; | ||
3247 | |||
3248 | owait.memcg = memcg; | ||
3249 | owait.wait.flags = 0; | ||
3250 | owait.wait.func = memcg_oom_wake_function; | ||
3251 | owait.wait.private = current; | ||
3252 | INIT_LIST_HEAD(&owait.wait.task_list); | ||
3253 | - need_to_kill = true; | ||
3254 | - mem_cgroup_mark_under_oom(memcg); | ||
3255 | |||
3256 | - /* At first, try to OOM lock hierarchy under memcg.*/ | ||
3257 | - spin_lock(&memcg_oom_lock); | ||
3258 | - locked = mem_cgroup_oom_lock(memcg); | ||
3259 | - /* | ||
3260 | - * Even if signal_pending(), we can't quit charge() loop without | ||
3261 | - * accounting. So, UNINTERRUPTIBLE is appropriate. But SIGKILL | ||
3262 | - * under OOM is always welcomed, use TASK_KILLABLE here. | ||
3263 | - */ | ||
3264 | prepare_to_wait(&memcg_oom_waitq, &owait.wait, TASK_KILLABLE); | ||
3265 | - if (!locked || memcg->oom_kill_disable) | ||
3266 | - need_to_kill = false; | ||
3267 | + mem_cgroup_mark_under_oom(memcg); | ||
3268 | + | ||
3269 | + locked = mem_cgroup_oom_trylock(memcg); | ||
3270 | + | ||
3271 | if (locked) | ||
3272 | mem_cgroup_oom_notify(memcg); | ||
3273 | - spin_unlock(&memcg_oom_lock); | ||
3274 | |||
3275 | - if (need_to_kill) { | ||
3276 | + if (locked && !memcg->oom_kill_disable) { | ||
3277 | + mem_cgroup_unmark_under_oom(memcg); | ||
3278 | finish_wait(&memcg_oom_waitq, &owait.wait); | ||
3279 | - mem_cgroup_out_of_memory(memcg, mask, order); | ||
3280 | + mem_cgroup_out_of_memory(memcg, current->memcg_oom.gfp_mask, | ||
3281 | + current->memcg_oom.order); | ||
3282 | } else { | ||
3283 | schedule(); | ||
3284 | + mem_cgroup_unmark_under_oom(memcg); | ||
3285 | finish_wait(&memcg_oom_waitq, &owait.wait); | ||
3286 | } | ||
3287 | - spin_lock(&memcg_oom_lock); | ||
3288 | - if (locked) | ||
3289 | - mem_cgroup_oom_unlock(memcg); | ||
3290 | - memcg_wakeup_oom(memcg); | ||
3291 | - spin_unlock(&memcg_oom_lock); | ||
3292 | |||
3293 | - mem_cgroup_unmark_under_oom(memcg); | ||
3294 | - | ||
3295 | - if (test_thread_flag(TIF_MEMDIE) || fatal_signal_pending(current)) | ||
3296 | - return false; | ||
3297 | - /* Give chance to dying process */ | ||
3298 | - schedule_timeout_uninterruptible(1); | ||
3299 | + if (locked) { | ||
3300 | + mem_cgroup_oom_unlock(memcg); | ||
3301 | + /* | ||
3302 | + * There is no guarantee that an OOM-lock contender | ||
3303 | + * sees the wakeups triggered by the OOM kill | ||
3304 | + * uncharges. Wake any sleepers explicitely. | ||
3305 | + */ | ||
3306 | + memcg_oom_recover(memcg); | ||
3307 | + } | ||
3308 | +cleanup: | ||
3309 | + current->memcg_oom.memcg = NULL; | ||
3310 | + css_put(&memcg->css); | ||
3311 | return true; | ||
3312 | } | ||
3313 | |||
3314 | @@ -2550,12 +2594,11 @@ enum { | ||
3315 | CHARGE_RETRY, /* need to retry but retry is not bad */ | ||
3316 | CHARGE_NOMEM, /* we can't do more. return -ENOMEM */ | ||
3317 | CHARGE_WOULDBLOCK, /* GFP_WAIT wasn't set and no enough res. */ | ||
3318 | - CHARGE_OOM_DIE, /* the current is killed because of OOM */ | ||
3319 | }; | ||
3320 | |||
3321 | static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask, | ||
3322 | unsigned int nr_pages, unsigned int min_pages, | ||
3323 | - bool oom_check) | ||
3324 | + bool invoke_oom) | ||
3325 | { | ||
3326 | unsigned long csize = nr_pages * PAGE_SIZE; | ||
3327 | struct mem_cgroup *mem_over_limit; | ||
3328 | @@ -2612,14 +2655,10 @@ static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask, | ||
3329 | if (mem_cgroup_wait_acct_move(mem_over_limit)) | ||
3330 | return CHARGE_RETRY; | ||
3331 | |||
3332 | - /* If we don't need to call oom-killer at el, return immediately */ | ||
3333 | - if (!oom_check) | ||
3334 | - return CHARGE_NOMEM; | ||
3335 | - /* check OOM */ | ||
3336 | - if (!mem_cgroup_handle_oom(mem_over_limit, gfp_mask, get_order(csize))) | ||
3337 | - return CHARGE_OOM_DIE; | ||
3338 | + if (invoke_oom) | ||
3339 | + mem_cgroup_oom(mem_over_limit, gfp_mask, get_order(csize)); | ||
3340 | |||
3341 | - return CHARGE_RETRY; | ||
3342 | + return CHARGE_NOMEM; | ||
3343 | } | ||
3344 | |||
3345 | /* | ||
3346 | @@ -2663,6 +2702,9 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm, | ||
3347 | || fatal_signal_pending(current))) | ||
3348 | goto bypass; | ||
3349 | |||
3350 | + if (unlikely(task_in_memcg_oom(current))) | ||
3351 | + goto bypass; | ||
3352 | + | ||
3353 | /* | ||
3354 | * We always charge the cgroup the mm_struct belongs to. | ||
3355 | * The mm_struct's mem_cgroup changes on task migration if the | ||
3356 | @@ -2722,7 +2764,7 @@ again: | ||
3357 | } | ||
3358 | |||
3359 | do { | ||
3360 | - bool oom_check; | ||
3361 | + bool invoke_oom = oom && !nr_oom_retries; | ||
3362 | |||
3363 | /* If killed, bypass charge */ | ||
3364 | if (fatal_signal_pending(current)) { | ||
3365 | @@ -2730,14 +2772,8 @@ again: | ||
3366 | goto bypass; | ||
3367 | } | ||
3368 | |||
3369 | - oom_check = false; | ||
3370 | - if (oom && !nr_oom_retries) { | ||
3371 | - oom_check = true; | ||
3372 | - nr_oom_retries = MEM_CGROUP_RECLAIM_RETRIES; | ||
3373 | - } | ||
3374 | - | ||
3375 | - ret = mem_cgroup_do_charge(memcg, gfp_mask, batch, nr_pages, | ||
3376 | - oom_check); | ||
3377 | + ret = mem_cgroup_do_charge(memcg, gfp_mask, batch, | ||
3378 | + nr_pages, invoke_oom); | ||
3379 | switch (ret) { | ||
3380 | case CHARGE_OK: | ||
3381 | break; | ||
3382 | @@ -2750,16 +2786,12 @@ again: | ||
3383 | css_put(&memcg->css); | ||
3384 | goto nomem; | ||
3385 | case CHARGE_NOMEM: /* OOM routine works */ | ||
3386 | - if (!oom) { | ||
3387 | + if (!oom || invoke_oom) { | ||
3388 | css_put(&memcg->css); | ||
3389 | goto nomem; | ||
3390 | } | ||
3391 | - /* If oom, we never return -ENOMEM */ | ||
3392 | nr_oom_retries--; | ||
3393 | break; | ||
3394 | - case CHARGE_OOM_DIE: /* Killed by OOM Killer */ | ||
3395 | - css_put(&memcg->css); | ||
3396 | - goto bypass; | ||
3397 | } | ||
3398 | } while (ret != CHARGE_OK); | ||
3399 | |||
3400 | diff --git a/mm/memory.c b/mm/memory.c | ||
3401 | index ebe0f285c0e7..0984f398d746 100644 | ||
3402 | --- a/mm/memory.c | ||
3403 | +++ b/mm/memory.c | ||
3404 | @@ -3754,22 +3754,14 @@ unlock: | ||
3405 | /* | ||
3406 | * By the time we get here, we already hold the mm semaphore | ||
3407 | */ | ||
3408 | -int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, | ||
3409 | - unsigned long address, unsigned int flags) | ||
3410 | +static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, | ||
3411 | + unsigned long address, unsigned int flags) | ||
3412 | { | ||
3413 | pgd_t *pgd; | ||
3414 | pud_t *pud; | ||
3415 | pmd_t *pmd; | ||
3416 | pte_t *pte; | ||
3417 | |||
3418 | - __set_current_state(TASK_RUNNING); | ||
3419 | - | ||
3420 | - count_vm_event(PGFAULT); | ||
3421 | - mem_cgroup_count_vm_event(mm, PGFAULT); | ||
3422 | - | ||
3423 | - /* do counter updates before entering really critical section. */ | ||
3424 | - check_sync_rss_stat(current); | ||
3425 | - | ||
3426 | if (unlikely(is_vm_hugetlb_page(vma))) | ||
3427 | return hugetlb_fault(mm, vma, address, flags); | ||
3428 | |||
3429 | @@ -3850,6 +3842,43 @@ retry: | ||
3430 | return handle_pte_fault(mm, vma, address, pte, pmd, flags); | ||
3431 | } | ||
3432 | |||
3433 | +int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, | ||
3434 | + unsigned long address, unsigned int flags) | ||
3435 | +{ | ||
3436 | + int ret; | ||
3437 | + | ||
3438 | + __set_current_state(TASK_RUNNING); | ||
3439 | + | ||
3440 | + count_vm_event(PGFAULT); | ||
3441 | + mem_cgroup_count_vm_event(mm, PGFAULT); | ||
3442 | + | ||
3443 | + /* do counter updates before entering really critical section. */ | ||
3444 | + check_sync_rss_stat(current); | ||
3445 | + | ||
3446 | + /* | ||
3447 | + * Enable the memcg OOM handling for faults triggered in user | ||
3448 | + * space. Kernel faults are handled more gracefully. | ||
3449 | + */ | ||
3450 | + if (flags & FAULT_FLAG_USER) | ||
3451 | + mem_cgroup_oom_enable(); | ||
3452 | + | ||
3453 | + ret = __handle_mm_fault(mm, vma, address, flags); | ||
3454 | + | ||
3455 | + if (flags & FAULT_FLAG_USER) { | ||
3456 | + mem_cgroup_oom_disable(); | ||
3457 | + /* | ||
3458 | + * The task may have entered a memcg OOM situation but | ||
3459 | + * if the allocation error was handled gracefully (no | ||
3460 | + * VM_FAULT_OOM), there is no need to kill anything. | ||
3461 | + * Just clean up the OOM state peacefully. | ||
3462 | + */ | ||
3463 | + if (task_in_memcg_oom(current) && !(ret & VM_FAULT_OOM)) | ||
3464 | + mem_cgroup_oom_synchronize(false); | ||
3465 | + } | ||
3466 | + | ||
3467 | + return ret; | ||
3468 | +} | ||
3469 | + | ||
3470 | #ifndef __PAGETABLE_PUD_FOLDED | ||
3471 | /* | ||
3472 | * Allocate page upper directory. | ||
3473 | diff --git a/mm/oom_kill.c b/mm/oom_kill.c | ||
3474 | index f104c7e9f61e..4d87d7c4ed2e 100644 | ||
3475 | --- a/mm/oom_kill.c | ||
3476 | +++ b/mm/oom_kill.c | ||
3477 | @@ -702,9 +702,12 @@ out: | ||
3478 | */ | ||
3479 | void pagefault_out_of_memory(void) | ||
3480 | { | ||
3481 | - struct zonelist *zonelist = node_zonelist(first_online_node, | ||
3482 | - GFP_KERNEL); | ||
3483 | + struct zonelist *zonelist; | ||
3484 | |||
3485 | + if (mem_cgroup_oom_synchronize(true)) | ||
3486 | + return; | ||
3487 | + | ||
3488 | + zonelist = node_zonelist(first_online_node, GFP_KERNEL); | ||
3489 | if (try_set_zonelist_oom(zonelist, GFP_KERNEL)) { | ||
3490 | out_of_memory(NULL, 0, 0, NULL, false); | ||
3491 | clear_zonelist_oom(zonelist, GFP_KERNEL); | ||
3492 | diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h | ||
3493 | index e696833a31b5..11ab6628027a 100644 | ||
3494 | --- a/net/bridge/br_private.h | ||
3495 | +++ b/net/bridge/br_private.h | ||
3496 | @@ -429,6 +429,16 @@ extern netdev_features_t br_features_recompute(struct net_bridge *br, | ||
3497 | extern int br_handle_frame_finish(struct sk_buff *skb); | ||
3498 | extern rx_handler_result_t br_handle_frame(struct sk_buff **pskb); | ||
3499 | |||
3500 | +static inline bool br_rx_handler_check_rcu(const struct net_device *dev) | ||
3501 | +{ | ||
3502 | + return rcu_dereference(dev->rx_handler) == br_handle_frame; | ||
3503 | +} | ||
3504 | + | ||
3505 | +static inline struct net_bridge_port *br_port_get_check_rcu(const struct net_device *dev) | ||
3506 | +{ | ||
3507 | + return br_rx_handler_check_rcu(dev) ? br_port_get_rcu(dev) : NULL; | ||
3508 | +} | ||
3509 | + | ||
3510 | /* br_ioctl.c */ | ||
3511 | extern int br_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd); | ||
3512 | extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __user *arg); | ||
3513 | diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c | ||
3514 | index 8660ea3be705..bdb459d21ad8 100644 | ||
3515 | --- a/net/bridge/br_stp_bpdu.c | ||
3516 | +++ b/net/bridge/br_stp_bpdu.c | ||
3517 | @@ -153,7 +153,7 @@ void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb, | ||
3518 | if (buf[0] != 0 || buf[1] != 0 || buf[2] != 0) | ||
3519 | goto err; | ||
3520 | |||
3521 | - p = br_port_get_rcu(dev); | ||
3522 | + p = br_port_get_check_rcu(dev); | ||
3523 | if (!p) | ||
3524 | goto err; | ||
3525 | |||
3526 | diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c | ||
3527 | index 6e7a236525b6..06f19b9e159a 100644 | ||
3528 | --- a/net/ceph/crypto.c | ||
3529 | +++ b/net/ceph/crypto.c | ||
3530 | @@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void) | ||
3531 | |||
3532 | static const u8 *aes_iv = (u8 *)CEPH_AES_IV; | ||
3533 | |||
3534 | +/* | ||
3535 | + * Should be used for buffers allocated with ceph_kvmalloc(). | ||
3536 | + * Currently these are encrypt out-buffer (ceph_buffer) and decrypt | ||
3537 | + * in-buffer (msg front). | ||
3538 | + * | ||
3539 | + * Dispose of @sgt with teardown_sgtable(). | ||
3540 | + * | ||
3541 | + * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() | ||
3542 | + * in cases where a single sg is sufficient. No attempt to reduce the | ||
3543 | + * number of sgs by squeezing physically contiguous pages together is | ||
3544 | + * made though, for simplicity. | ||
3545 | + */ | ||
3546 | +static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, | ||
3547 | + const void *buf, unsigned int buf_len) | ||
3548 | +{ | ||
3549 | + struct scatterlist *sg; | ||
3550 | + const bool is_vmalloc = is_vmalloc_addr(buf); | ||
3551 | + unsigned int off = offset_in_page(buf); | ||
3552 | + unsigned int chunk_cnt = 1; | ||
3553 | + unsigned int chunk_len = PAGE_ALIGN(off + buf_len); | ||
3554 | + int i; | ||
3555 | + int ret; | ||
3556 | + | ||
3557 | + if (buf_len == 0) { | ||
3558 | + memset(sgt, 0, sizeof(*sgt)); | ||
3559 | + return -EINVAL; | ||
3560 | + } | ||
3561 | + | ||
3562 | + if (is_vmalloc) { | ||
3563 | + chunk_cnt = chunk_len >> PAGE_SHIFT; | ||
3564 | + chunk_len = PAGE_SIZE; | ||
3565 | + } | ||
3566 | + | ||
3567 | + if (chunk_cnt > 1) { | ||
3568 | + ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); | ||
3569 | + if (ret) | ||
3570 | + return ret; | ||
3571 | + } else { | ||
3572 | + WARN_ON(chunk_cnt != 1); | ||
3573 | + sg_init_table(prealloc_sg, 1); | ||
3574 | + sgt->sgl = prealloc_sg; | ||
3575 | + sgt->nents = sgt->orig_nents = 1; | ||
3576 | + } | ||
3577 | + | ||
3578 | + for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { | ||
3579 | + struct page *page; | ||
3580 | + unsigned int len = min(chunk_len - off, buf_len); | ||
3581 | + | ||
3582 | + if (is_vmalloc) | ||
3583 | + page = vmalloc_to_page(buf); | ||
3584 | + else | ||
3585 | + page = virt_to_page(buf); | ||
3586 | + | ||
3587 | + sg_set_page(sg, page, len, off); | ||
3588 | + | ||
3589 | + off = 0; | ||
3590 | + buf += len; | ||
3591 | + buf_len -= len; | ||
3592 | + } | ||
3593 | + WARN_ON(buf_len != 0); | ||
3594 | + | ||
3595 | + return 0; | ||
3596 | +} | ||
3597 | + | ||
3598 | +static void teardown_sgtable(struct sg_table *sgt) | ||
3599 | +{ | ||
3600 | + if (sgt->orig_nents > 1) | ||
3601 | + sg_free_table(sgt); | ||
3602 | +} | ||
3603 | + | ||
3604 | static int ceph_aes_encrypt(const void *key, int key_len, | ||
3605 | void *dst, size_t *dst_len, | ||
3606 | const void *src, size_t src_len) | ||
3607 | { | ||
3608 | - struct scatterlist sg_in[2], sg_out[1]; | ||
3609 | + struct scatterlist sg_in[2], prealloc_sg; | ||
3610 | + struct sg_table sg_out; | ||
3611 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
3612 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; | ||
3613 | int ret; | ||
3614 | @@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void *key, int key_len, | ||
3615 | |||
3616 | *dst_len = src_len + zero_padding; | ||
3617 | |||
3618 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3619 | sg_init_table(sg_in, 2); | ||
3620 | sg_set_buf(&sg_in[0], src, src_len); | ||
3621 | sg_set_buf(&sg_in[1], pad, zero_padding); | ||
3622 | - sg_init_table(sg_out, 1); | ||
3623 | - sg_set_buf(sg_out, dst, *dst_len); | ||
3624 | + ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); | ||
3625 | + if (ret) | ||
3626 | + goto out_tfm; | ||
3627 | + | ||
3628 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3629 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
3630 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
3631 | - | ||
3632 | memcpy(iv, aes_iv, ivsize); | ||
3633 | + | ||
3634 | /* | ||
3635 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, | ||
3636 | key, key_len, 1); | ||
3637 | @@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void *key, int key_len, | ||
3638 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, | ||
3639 | pad, zero_padding, 1); | ||
3640 | */ | ||
3641 | - ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | ||
3642 | + ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, | ||
3643 | src_len + zero_padding); | ||
3644 | - crypto_free_blkcipher(tfm); | ||
3645 | - if (ret < 0) | ||
3646 | + if (ret < 0) { | ||
3647 | pr_err("ceph_aes_crypt failed %d\n", ret); | ||
3648 | + goto out_sg; | ||
3649 | + } | ||
3650 | /* | ||
3651 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, | ||
3652 | dst, *dst_len, 1); | ||
3653 | */ | ||
3654 | - return 0; | ||
3655 | + | ||
3656 | +out_sg: | ||
3657 | + teardown_sgtable(&sg_out); | ||
3658 | +out_tfm: | ||
3659 | + crypto_free_blkcipher(tfm); | ||
3660 | + return ret; | ||
3661 | } | ||
3662 | |||
3663 | static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, | ||
3664 | @@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, | ||
3665 | const void *src1, size_t src1_len, | ||
3666 | const void *src2, size_t src2_len) | ||
3667 | { | ||
3668 | - struct scatterlist sg_in[3], sg_out[1]; | ||
3669 | + struct scatterlist sg_in[3], prealloc_sg; | ||
3670 | + struct sg_table sg_out; | ||
3671 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
3672 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; | ||
3673 | int ret; | ||
3674 | @@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, | ||
3675 | |||
3676 | *dst_len = src1_len + src2_len + zero_padding; | ||
3677 | |||
3678 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3679 | sg_init_table(sg_in, 3); | ||
3680 | sg_set_buf(&sg_in[0], src1, src1_len); | ||
3681 | sg_set_buf(&sg_in[1], src2, src2_len); | ||
3682 | sg_set_buf(&sg_in[2], pad, zero_padding); | ||
3683 | - sg_init_table(sg_out, 1); | ||
3684 | - sg_set_buf(sg_out, dst, *dst_len); | ||
3685 | + ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); | ||
3686 | + if (ret) | ||
3687 | + goto out_tfm; | ||
3688 | + | ||
3689 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3690 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
3691 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
3692 | - | ||
3693 | memcpy(iv, aes_iv, ivsize); | ||
3694 | + | ||
3695 | /* | ||
3696 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, | ||
3697 | key, key_len, 1); | ||
3698 | @@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, | ||
3699 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, | ||
3700 | pad, zero_padding, 1); | ||
3701 | */ | ||
3702 | - ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, | ||
3703 | + ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, | ||
3704 | src1_len + src2_len + zero_padding); | ||
3705 | - crypto_free_blkcipher(tfm); | ||
3706 | - if (ret < 0) | ||
3707 | + if (ret < 0) { | ||
3708 | pr_err("ceph_aes_crypt2 failed %d\n", ret); | ||
3709 | + goto out_sg; | ||
3710 | + } | ||
3711 | /* | ||
3712 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, | ||
3713 | dst, *dst_len, 1); | ||
3714 | */ | ||
3715 | - return 0; | ||
3716 | + | ||
3717 | +out_sg: | ||
3718 | + teardown_sgtable(&sg_out); | ||
3719 | +out_tfm: | ||
3720 | + crypto_free_blkcipher(tfm); | ||
3721 | + return ret; | ||
3722 | } | ||
3723 | |||
3724 | static int ceph_aes_decrypt(const void *key, int key_len, | ||
3725 | void *dst, size_t *dst_len, | ||
3726 | const void *src, size_t src_len) | ||
3727 | { | ||
3728 | - struct scatterlist sg_in[1], sg_out[2]; | ||
3729 | + struct sg_table sg_in; | ||
3730 | + struct scatterlist sg_out[2], prealloc_sg; | ||
3731 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
3732 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
3733 | char pad[16]; | ||
3734 | @@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void *key, int key_len, | ||
3735 | if (IS_ERR(tfm)) | ||
3736 | return PTR_ERR(tfm); | ||
3737 | |||
3738 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3739 | - sg_init_table(sg_in, 1); | ||
3740 | sg_init_table(sg_out, 2); | ||
3741 | - sg_set_buf(sg_in, src, src_len); | ||
3742 | sg_set_buf(&sg_out[0], dst, *dst_len); | ||
3743 | sg_set_buf(&sg_out[1], pad, sizeof(pad)); | ||
3744 | + ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); | ||
3745 | + if (ret) | ||
3746 | + goto out_tfm; | ||
3747 | |||
3748 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3749 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
3750 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
3751 | - | ||
3752 | memcpy(iv, aes_iv, ivsize); | ||
3753 | |||
3754 | /* | ||
3755 | @@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void *key, int key_len, | ||
3756 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, | ||
3757 | src, src_len, 1); | ||
3758 | */ | ||
3759 | - | ||
3760 | - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | ||
3761 | - crypto_free_blkcipher(tfm); | ||
3762 | + ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); | ||
3763 | if (ret < 0) { | ||
3764 | pr_err("ceph_aes_decrypt failed %d\n", ret); | ||
3765 | - return ret; | ||
3766 | + goto out_sg; | ||
3767 | } | ||
3768 | |||
3769 | if (src_len <= *dst_len) | ||
3770 | @@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void *key, int key_len, | ||
3771 | print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, | ||
3772 | dst, *dst_len, 1); | ||
3773 | */ | ||
3774 | - return 0; | ||
3775 | + | ||
3776 | +out_sg: | ||
3777 | + teardown_sgtable(&sg_in); | ||
3778 | +out_tfm: | ||
3779 | + crypto_free_blkcipher(tfm); | ||
3780 | + return ret; | ||
3781 | } | ||
3782 | |||
3783 | static int ceph_aes_decrypt2(const void *key, int key_len, | ||
3784 | @@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void *key, int key_len, | ||
3785 | void *dst2, size_t *dst2_len, | ||
3786 | const void *src, size_t src_len) | ||
3787 | { | ||
3788 | - struct scatterlist sg_in[1], sg_out[3]; | ||
3789 | + struct sg_table sg_in; | ||
3790 | + struct scatterlist sg_out[3], prealloc_sg; | ||
3791 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); | ||
3792 | struct blkcipher_desc desc = { .tfm = tfm }; | ||
3793 | char pad[16]; | ||
3794 | @@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void *key, int key_len, | ||
3795 | if (IS_ERR(tfm)) | ||
3796 | return PTR_ERR(tfm); | ||
3797 | |||
3798 | - sg_init_table(sg_in, 1); | ||
3799 | - sg_set_buf(sg_in, src, src_len); | ||
3800 | sg_init_table(sg_out, 3); | ||
3801 | sg_set_buf(&sg_out[0], dst1, *dst1_len); | ||
3802 | sg_set_buf(&sg_out[1], dst2, *dst2_len); | ||
3803 | sg_set_buf(&sg_out[2], pad, sizeof(pad)); | ||
3804 | + ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); | ||
3805 | + if (ret) | ||
3806 | + goto out_tfm; | ||
3807 | |||
3808 | crypto_blkcipher_setkey((void *)tfm, key, key_len); | ||
3809 | iv = crypto_blkcipher_crt(tfm)->iv; | ||
3810 | ivsize = crypto_blkcipher_ivsize(tfm); | ||
3811 | - | ||
3812 | memcpy(iv, aes_iv, ivsize); | ||
3813 | |||
3814 | /* | ||
3815 | @@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void *key, int key_len, | ||
3816 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, | ||
3817 | src, src_len, 1); | ||
3818 | */ | ||
3819 | - | ||
3820 | - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); | ||
3821 | - crypto_free_blkcipher(tfm); | ||
3822 | + ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); | ||
3823 | if (ret < 0) { | ||
3824 | pr_err("ceph_aes_decrypt failed %d\n", ret); | ||
3825 | - return ret; | ||
3826 | + goto out_sg; | ||
3827 | } | ||
3828 | |||
3829 | if (src_len <= *dst1_len) | ||
3830 | @@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void *key, int key_len, | ||
3831 | dst2, *dst2_len, 1); | ||
3832 | */ | ||
3833 | |||
3834 | - return 0; | ||
3835 | +out_sg: | ||
3836 | + teardown_sgtable(&sg_in); | ||
3837 | +out_tfm: | ||
3838 | + crypto_free_blkcipher(tfm); | ||
3839 | + return ret; | ||
3840 | } | ||
3841 | |||
3842 | |||
3843 | diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c | ||
3844 | index 250a73e77f57..6c20f4731f1a 100644 | ||
3845 | --- a/net/ipv6/ip6_gre.c | ||
3846 | +++ b/net/ipv6/ip6_gre.c | ||
3847 | @@ -962,8 +962,6 @@ static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu) | ||
3848 | else | ||
3849 | dev->flags &= ~IFF_POINTOPOINT; | ||
3850 | |||
3851 | - dev->iflink = p->link; | ||
3852 | - | ||
3853 | /* Precalculate GRE options length */ | ||
3854 | if (t->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { | ||
3855 | if (t->parms.o_flags&GRE_CSUM) | ||
3856 | @@ -1267,6 +1265,8 @@ static int ip6gre_tunnel_init(struct net_device *dev) | ||
3857 | if (!dev->tstats) | ||
3858 | return -ENOMEM; | ||
3859 | |||
3860 | + dev->iflink = tunnel->parms.link; | ||
3861 | + | ||
3862 | return 0; | ||
3863 | } | ||
3864 | |||
3865 | @@ -1282,7 +1282,6 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) | ||
3866 | dev_hold(dev); | ||
3867 | } | ||
3868 | |||
3869 | - | ||
3870 | static struct inet6_protocol ip6gre_protocol __read_mostly = { | ||
3871 | .handler = ip6gre_rcv, | ||
3872 | .err_handler = ip6gre_err, | ||
3873 | @@ -1458,6 +1457,8 @@ static int ip6gre_tap_init(struct net_device *dev) | ||
3874 | if (!dev->tstats) | ||
3875 | return -ENOMEM; | ||
3876 | |||
3877 | + dev->iflink = tunnel->parms.link; | ||
3878 | + | ||
3879 | return 0; | ||
3880 | } | ||
3881 | |||
3882 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c | ||
3883 | index a0ecdf596f2f..14f46af17704 100644 | ||
3884 | --- a/net/ipv6/ip6_tunnel.c | ||
3885 | +++ b/net/ipv6/ip6_tunnel.c | ||
3886 | @@ -265,9 +265,6 @@ static int ip6_tnl_create2(struct net_device *dev) | ||
3887 | int err; | ||
3888 | |||
3889 | t = netdev_priv(dev); | ||
3890 | - err = ip6_tnl_dev_init(dev); | ||
3891 | - if (err < 0) | ||
3892 | - goto out; | ||
3893 | |||
3894 | err = register_netdevice(dev); | ||
3895 | if (err < 0) | ||
3896 | @@ -1433,6 +1430,7 @@ ip6_tnl_change_mtu(struct net_device *dev, int new_mtu) | ||
3897 | |||
3898 | |||
3899 | static const struct net_device_ops ip6_tnl_netdev_ops = { | ||
3900 | + .ndo_init = ip6_tnl_dev_init, | ||
3901 | .ndo_uninit = ip6_tnl_dev_uninit, | ||
3902 | .ndo_start_xmit = ip6_tnl_xmit, | ||
3903 | .ndo_do_ioctl = ip6_tnl_ioctl, | ||
3904 | @@ -1514,16 +1512,10 @@ static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev) | ||
3905 | struct ip6_tnl *t = netdev_priv(dev); | ||
3906 | struct net *net = dev_net(dev); | ||
3907 | struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); | ||
3908 | - int err = ip6_tnl_dev_init_gen(dev); | ||
3909 | - | ||
3910 | - if (err) | ||
3911 | - return err; | ||
3912 | |||
3913 | t->parms.proto = IPPROTO_IPV6; | ||
3914 | dev_hold(dev); | ||
3915 | |||
3916 | - ip6_tnl_link_config(t); | ||
3917 | - | ||
3918 | rcu_assign_pointer(ip6n->tnls_wc[0], t); | ||
3919 | return 0; | ||
3920 | } | ||
3921 | diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c | ||
3922 | index fae73b0ef14b..85bc6d498b46 100644 | ||
3923 | --- a/net/mac80211/rx.c | ||
3924 | +++ b/net/mac80211/rx.c | ||
3925 | @@ -1585,11 +1585,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | ||
3926 | sc = le16_to_cpu(hdr->seq_ctrl); | ||
3927 | frag = sc & IEEE80211_SCTL_FRAG; | ||
3928 | |||
3929 | - if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || | ||
3930 | - is_multicast_ether_addr(hdr->addr1))) { | ||
3931 | - /* not fragmented */ | ||
3932 | + if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) | ||
3933 | + goto out; | ||
3934 | + | ||
3935 | + if (is_multicast_ether_addr(hdr->addr1)) { | ||
3936 | + rx->local->dot11MulticastReceivedFrameCount++; | ||
3937 | goto out; | ||
3938 | } | ||
3939 | + | ||
3940 | I802_DEBUG_INC(rx->local->rx_handlers_fragments); | ||
3941 | |||
3942 | if (skb_linearize(rx->skb)) | ||
3943 | @@ -1682,10 +1685,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) | ||
3944 | out: | ||
3945 | if (rx->sta) | ||
3946 | rx->sta->rx_packets++; | ||
3947 | - if (is_multicast_ether_addr(hdr->addr1)) | ||
3948 | - rx->local->dot11MulticastReceivedFrameCount++; | ||
3949 | - else | ||
3950 | - ieee80211_led_rx(rx->local); | ||
3951 | + ieee80211_led_rx(rx->local); | ||
3952 | return RX_CONTINUE; | ||
3953 | } | ||
3954 | |||
3955 | diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c | ||
3956 | index 038eee5c8f85..2bb801e3ee8c 100644 | ||
3957 | --- a/net/netfilter/nf_nat_core.c | ||
3958 | +++ b/net/netfilter/nf_nat_core.c | ||
3959 | @@ -487,6 +487,39 @@ static int nf_nat_proto_remove(struct nf_conn *i, void *data) | ||
3960 | return i->status & IPS_NAT_MASK ? 1 : 0; | ||
3961 | } | ||
3962 | |||
3963 | +static int nf_nat_proto_clean(struct nf_conn *ct, void *data) | ||
3964 | +{ | ||
3965 | + struct nf_conn_nat *nat = nfct_nat(ct); | ||
3966 | + | ||
3967 | + if (nf_nat_proto_remove(ct, data)) | ||
3968 | + return 1; | ||
3969 | + | ||
3970 | + if (!nat || !nat->ct) | ||
3971 | + return 0; | ||
3972 | + | ||
3973 | + /* This netns is being destroyed, and conntrack has nat null binding. | ||
3974 | + * Remove it from bysource hash, as the table will be freed soon. | ||
3975 | + * | ||
3976 | + * Else, when the conntrack is destoyed, nf_nat_cleanup_conntrack() | ||
3977 | + * will delete entry from already-freed table. | ||
3978 | + */ | ||
3979 | + if (!del_timer(&ct->timeout)) | ||
3980 | + return 1; | ||
3981 | + | ||
3982 | + spin_lock_bh(&nf_nat_lock); | ||
3983 | + hlist_del_rcu(&nat->bysource); | ||
3984 | + ct->status &= ~IPS_NAT_DONE_MASK; | ||
3985 | + nat->ct = NULL; | ||
3986 | + spin_unlock_bh(&nf_nat_lock); | ||
3987 | + | ||
3988 | + add_timer(&ct->timeout); | ||
3989 | + | ||
3990 | + /* don't delete conntrack. Although that would make things a lot | ||
3991 | + * simpler, we'd end up flushing all conntracks on nat rmmod. | ||
3992 | + */ | ||
3993 | + return 0; | ||
3994 | +} | ||
3995 | + | ||
3996 | static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) | ||
3997 | { | ||
3998 | struct nf_nat_proto_clean clean = { | ||
3999 | @@ -749,7 +782,7 @@ static void __net_exit nf_nat_net_exit(struct net *net) | ||
4000 | { | ||
4001 | struct nf_nat_proto_clean clean = {}; | ||
4002 | |||
4003 | - nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean); | ||
4004 | + nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); | ||
4005 | synchronize_rcu(); | ||
4006 | nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size); | ||
4007 | } | ||
4008 | diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c | ||
4009 | index 962e9792e317..216261dd32ae 100644 | ||
4010 | --- a/net/netfilter/nfnetlink_log.c | ||
4011 | +++ b/net/netfilter/nfnetlink_log.c | ||
4012 | @@ -45,7 +45,8 @@ | ||
4013 | #define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE | ||
4014 | #define NFULNL_TIMEOUT_DEFAULT 100 /* every second */ | ||
4015 | #define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */ | ||
4016 | -#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */ | ||
4017 | +/* max packet size is limited by 16-bit struct nfattr nfa_len field */ | ||
4018 | +#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN) | ||
4019 | |||
4020 | #define PRINTR(x, args...) do { if (net_ratelimit()) \ | ||
4021 | printk(x, ## args); } while (0); | ||
4022 | @@ -255,6 +256,8 @@ nfulnl_set_mode(struct nfulnl_instance *inst, u_int8_t mode, | ||
4023 | |||
4024 | case NFULNL_COPY_PACKET: | ||
4025 | inst->copy_mode = mode; | ||
4026 | + if (range == 0) | ||
4027 | + range = NFULNL_COPY_RANGE_MAX; | ||
4028 | inst->copy_range = min_t(unsigned int, | ||
4029 | range, NFULNL_COPY_RANGE_MAX); | ||
4030 | break; | ||
4031 | @@ -345,26 +348,25 @@ nfulnl_alloc_skb(u32 peer_portid, unsigned int inst_size, unsigned int pkt_size) | ||
4032 | return skb; | ||
4033 | } | ||
4034 | |||
4035 | -static int | ||
4036 | +static void | ||
4037 | __nfulnl_send(struct nfulnl_instance *inst) | ||
4038 | { | ||
4039 | - int status = -1; | ||
4040 | - | ||
4041 | if (inst->qlen > 1) { | ||
4042 | struct nlmsghdr *nlh = nlmsg_put(inst->skb, 0, 0, | ||
4043 | NLMSG_DONE, | ||
4044 | sizeof(struct nfgenmsg), | ||
4045 | 0); | ||
4046 | - if (!nlh) | ||
4047 | + if (WARN_ONCE(!nlh, "bad nlskb size: %u, tailroom %d\n", | ||
4048 | + inst->skb->len, skb_tailroom(inst->skb))) { | ||
4049 | + kfree_skb(inst->skb); | ||
4050 | goto out; | ||
4051 | + } | ||
4052 | } | ||
4053 | - status = nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, | ||
4054 | - MSG_DONTWAIT); | ||
4055 | - | ||
4056 | + nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, | ||
4057 | + MSG_DONTWAIT); | ||
4058 | +out: | ||
4059 | inst->qlen = 0; | ||
4060 | inst->skb = NULL; | ||
4061 | -out: | ||
4062 | - return status; | ||
4063 | } | ||
4064 | |||
4065 | static void | ||
4066 | @@ -647,7 +649,8 @@ nfulnl_log_packet(struct net *net, | ||
4067 | + nla_total_size(sizeof(u_int32_t)) /* gid */ | ||
4068 | + nla_total_size(plen) /* prefix */ | ||
4069 | + nla_total_size(sizeof(struct nfulnl_msg_packet_hw)) | ||
4070 | - + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)); | ||
4071 | + + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)) | ||
4072 | + + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */ | ||
4073 | |||
4074 | if (in && skb_mac_header_was_set(skb)) { | ||
4075 | size += nla_total_size(skb->dev->hard_header_len) | ||
4076 | @@ -676,8 +679,7 @@ nfulnl_log_packet(struct net *net, | ||
4077 | break; | ||
4078 | |||
4079 | case NFULNL_COPY_PACKET: | ||
4080 | - if (inst->copy_range == 0 | ||
4081 | - || inst->copy_range > skb->len) | ||
4082 | + if (inst->copy_range > skb->len) | ||
4083 | data_len = skb->len; | ||
4084 | else | ||
4085 | data_len = inst->copy_range; | ||
4086 | @@ -690,8 +692,7 @@ nfulnl_log_packet(struct net *net, | ||
4087 | goto unlock_and_release; | ||
4088 | } | ||
4089 | |||
4090 | - if (inst->skb && | ||
4091 | - size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) { | ||
4092 | + if (inst->skb && size > skb_tailroom(inst->skb)) { | ||
4093 | /* either the queue len is too high or we don't have | ||
4094 | * enough room in the skb left. flush to userspace. */ | ||
4095 | __nfulnl_flush(inst); | ||
4096 | diff --git a/net/sctp/associola.c b/net/sctp/associola.c | ||
4097 | index 62e86d98bc36..ca4a1a1b8e69 100644 | ||
4098 | --- a/net/sctp/associola.c | ||
4099 | +++ b/net/sctp/associola.c | ||
4100 | @@ -1659,6 +1659,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack( | ||
4101 | * ack chunk whose serial number matches that of the request. | ||
4102 | */ | ||
4103 | list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) { | ||
4104 | + if (sctp_chunk_pending(ack)) | ||
4105 | + continue; | ||
4106 | if (ack->subh.addip_hdr->serial == serial) { | ||
4107 | sctp_chunk_hold(ack); | ||
4108 | return ack; | ||
4109 | diff --git a/net/sctp/auth.c b/net/sctp/auth.c | ||
4110 | index 7a19117254db..bc2fae7e67be 100644 | ||
4111 | --- a/net/sctp/auth.c | ||
4112 | +++ b/net/sctp/auth.c | ||
4113 | @@ -874,8 +874,6 @@ int sctp_auth_set_key(struct sctp_endpoint *ep, | ||
4114 | list_add(&cur_key->key_list, sh_keys); | ||
4115 | |||
4116 | cur_key->key = key; | ||
4117 | - sctp_auth_key_hold(key); | ||
4118 | - | ||
4119 | return 0; | ||
4120 | nomem: | ||
4121 | if (!replace) | ||
4122 | diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c | ||
4123 | index 3221d073448c..49c58eadbfa2 100644 | ||
4124 | --- a/net/sctp/inqueue.c | ||
4125 | +++ b/net/sctp/inqueue.c | ||
4126 | @@ -147,18 +147,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) | ||
4127 | } else { | ||
4128 | /* Nothing to do. Next chunk in the packet, please. */ | ||
4129 | ch = (sctp_chunkhdr_t *) chunk->chunk_end; | ||
4130 | - | ||
4131 | /* Force chunk->skb->data to chunk->chunk_end. */ | ||
4132 | - skb_pull(chunk->skb, | ||
4133 | - chunk->chunk_end - chunk->skb->data); | ||
4134 | - | ||
4135 | - /* Verify that we have at least chunk headers | ||
4136 | - * worth of buffer left. | ||
4137 | - */ | ||
4138 | - if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { | ||
4139 | - sctp_chunk_free(chunk); | ||
4140 | - chunk = queue->in_progress = NULL; | ||
4141 | - } | ||
4142 | + skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); | ||
4143 | + /* We are guaranteed to pull a SCTP header. */ | ||
4144 | } | ||
4145 | } | ||
4146 | |||
4147 | @@ -194,24 +185,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) | ||
4148 | skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); | ||
4149 | chunk->subh.v = NULL; /* Subheader is no longer valid. */ | ||
4150 | |||
4151 | - if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { | ||
4152 | + if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < | ||
4153 | + skb_tail_pointer(chunk->skb)) { | ||
4154 | /* This is not a singleton */ | ||
4155 | chunk->singleton = 0; | ||
4156 | } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { | ||
4157 | - /* RFC 2960, Section 6.10 Bundling | ||
4158 | - * | ||
4159 | - * Partial chunks MUST NOT be placed in an SCTP packet. | ||
4160 | - * If the receiver detects a partial chunk, it MUST drop | ||
4161 | - * the chunk. | ||
4162 | - * | ||
4163 | - * Since the end of the chunk is past the end of our buffer | ||
4164 | - * (which contains the whole packet, we can freely discard | ||
4165 | - * the whole packet. | ||
4166 | - */ | ||
4167 | - sctp_chunk_free(chunk); | ||
4168 | - chunk = queue->in_progress = NULL; | ||
4169 | - | ||
4170 | - return NULL; | ||
4171 | + /* Discard inside state machine. */ | ||
4172 | + chunk->pdiscard = 1; | ||
4173 | + chunk->chunk_end = skb_tail_pointer(chunk->skb); | ||
4174 | } else { | ||
4175 | /* We are at the end of the packet, so mark the chunk | ||
4176 | * in case we need to send a SACK. | ||
4177 | diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c | ||
4178 | index 87e244be899a..29fc16f3633f 100644 | ||
4179 | --- a/net/sctp/sm_make_chunk.c | ||
4180 | +++ b/net/sctp/sm_make_chunk.c | ||
4181 | @@ -2596,6 +2596,9 @@ do_addr_param: | ||
4182 | addr_param = param.v + sizeof(sctp_addip_param_t); | ||
4183 | |||
4184 | af = sctp_get_af_specific(param_type2af(param.p->type)); | ||
4185 | + if (af == NULL) | ||
4186 | + break; | ||
4187 | + | ||
4188 | af->from_addr_param(&addr, addr_param, | ||
4189 | htons(asoc->peer.port), 0); | ||
4190 | |||
4191 | @@ -3094,50 +3097,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, | ||
4192 | return SCTP_ERROR_NO_ERROR; | ||
4193 | } | ||
4194 | |||
4195 | -/* Verify the ASCONF packet before we process it. */ | ||
4196 | -int sctp_verify_asconf(const struct sctp_association *asoc, | ||
4197 | - struct sctp_paramhdr *param_hdr, void *chunk_end, | ||
4198 | - struct sctp_paramhdr **errp) { | ||
4199 | - sctp_addip_param_t *asconf_param; | ||
4200 | +/* Verify the ASCONF packet before we process it. */ | ||
4201 | +bool sctp_verify_asconf(const struct sctp_association *asoc, | ||
4202 | + struct sctp_chunk *chunk, bool addr_param_needed, | ||
4203 | + struct sctp_paramhdr **errp) | ||
4204 | +{ | ||
4205 | + sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; | ||
4206 | union sctp_params param; | ||
4207 | - int length, plen; | ||
4208 | + bool addr_param_seen = false; | ||
4209 | |||
4210 | - param.v = (sctp_paramhdr_t *) param_hdr; | ||
4211 | - while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { | ||
4212 | - length = ntohs(param.p->length); | ||
4213 | - *errp = param.p; | ||
4214 | - | ||
4215 | - if (param.v > chunk_end - length || | ||
4216 | - length < sizeof(sctp_paramhdr_t)) | ||
4217 | - return 0; | ||
4218 | + sctp_walk_params(param, addip, addip_hdr.params) { | ||
4219 | + size_t length = ntohs(param.p->length); | ||
4220 | |||
4221 | + *errp = param.p; | ||
4222 | switch (param.p->type) { | ||
4223 | + case SCTP_PARAM_ERR_CAUSE: | ||
4224 | + break; | ||
4225 | + case SCTP_PARAM_IPV4_ADDRESS: | ||
4226 | + if (length != sizeof(sctp_ipv4addr_param_t)) | ||
4227 | + return false; | ||
4228 | + addr_param_seen = true; | ||
4229 | + break; | ||
4230 | + case SCTP_PARAM_IPV6_ADDRESS: | ||
4231 | + if (length != sizeof(sctp_ipv6addr_param_t)) | ||
4232 | + return false; | ||
4233 | + addr_param_seen = true; | ||
4234 | + break; | ||
4235 | case SCTP_PARAM_ADD_IP: | ||
4236 | case SCTP_PARAM_DEL_IP: | ||
4237 | case SCTP_PARAM_SET_PRIMARY: | ||
4238 | - asconf_param = (sctp_addip_param_t *)param.v; | ||
4239 | - plen = ntohs(asconf_param->param_hdr.length); | ||
4240 | - if (plen < sizeof(sctp_addip_param_t) + | ||
4241 | - sizeof(sctp_paramhdr_t)) | ||
4242 | - return 0; | ||
4243 | + /* In ASCONF chunks, these need to be first. */ | ||
4244 | + if (addr_param_needed && !addr_param_seen) | ||
4245 | + return false; | ||
4246 | + length = ntohs(param.addip->param_hdr.length); | ||
4247 | + if (length < sizeof(sctp_addip_param_t) + | ||
4248 | + sizeof(sctp_paramhdr_t)) | ||
4249 | + return false; | ||
4250 | break; | ||
4251 | case SCTP_PARAM_SUCCESS_REPORT: | ||
4252 | case SCTP_PARAM_ADAPTATION_LAYER_IND: | ||
4253 | if (length != sizeof(sctp_addip_param_t)) | ||
4254 | - return 0; | ||
4255 | - | ||
4256 | + return false; | ||
4257 | break; | ||
4258 | default: | ||
4259 | - break; | ||
4260 | + /* This is unkown to us, reject! */ | ||
4261 | + return false; | ||
4262 | } | ||
4263 | - | ||
4264 | - param.v += WORD_ROUND(length); | ||
4265 | } | ||
4266 | |||
4267 | - if (param.v != chunk_end) | ||
4268 | - return 0; | ||
4269 | + /* Remaining sanity checks. */ | ||
4270 | + if (addr_param_needed && !addr_param_seen) | ||
4271 | + return false; | ||
4272 | + if (!addr_param_needed && addr_param_seen) | ||
4273 | + return false; | ||
4274 | + if (param.v != chunk->chunk_end) | ||
4275 | + return false; | ||
4276 | |||
4277 | - return 1; | ||
4278 | + return true; | ||
4279 | } | ||
4280 | |||
4281 | /* Process an incoming ASCONF chunk with the next expected serial no. and | ||
4282 | @@ -3146,16 +3162,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc, | ||
4283 | struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, | ||
4284 | struct sctp_chunk *asconf) | ||
4285 | { | ||
4286 | + sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; | ||
4287 | + bool all_param_pass = true; | ||
4288 | + union sctp_params param; | ||
4289 | sctp_addiphdr_t *hdr; | ||
4290 | union sctp_addr_param *addr_param; | ||
4291 | sctp_addip_param_t *asconf_param; | ||
4292 | struct sctp_chunk *asconf_ack; | ||
4293 | - | ||
4294 | __be16 err_code; | ||
4295 | int length = 0; | ||
4296 | int chunk_len; | ||
4297 | __u32 serial; | ||
4298 | - int all_param_pass = 1; | ||
4299 | |||
4300 | chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); | ||
4301 | hdr = (sctp_addiphdr_t *)asconf->skb->data; | ||
4302 | @@ -3183,9 +3200,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, | ||
4303 | goto done; | ||
4304 | |||
4305 | /* Process the TLVs contained within the ASCONF chunk. */ | ||
4306 | - while (chunk_len > 0) { | ||
4307 | + sctp_walk_params(param, addip, addip_hdr.params) { | ||
4308 | + /* Skip preceeding address parameters. */ | ||
4309 | + if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || | ||
4310 | + param.p->type == SCTP_PARAM_IPV6_ADDRESS) | ||
4311 | + continue; | ||
4312 | + | ||
4313 | err_code = sctp_process_asconf_param(asoc, asconf, | ||
4314 | - asconf_param); | ||
4315 | + param.addip); | ||
4316 | /* ADDIP 4.1 A7) | ||
4317 | * If an error response is received for a TLV parameter, | ||
4318 | * all TLVs with no response before the failed TLV are | ||
4319 | @@ -3193,28 +3215,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, | ||
4320 | * the failed response are considered unsuccessful unless | ||
4321 | * a specific success indication is present for the parameter. | ||
4322 | */ | ||
4323 | - if (SCTP_ERROR_NO_ERROR != err_code) | ||
4324 | - all_param_pass = 0; | ||
4325 | - | ||
4326 | + if (err_code != SCTP_ERROR_NO_ERROR) | ||
4327 | + all_param_pass = false; | ||
4328 | if (!all_param_pass) | ||
4329 | - sctp_add_asconf_response(asconf_ack, | ||
4330 | - asconf_param->crr_id, err_code, | ||
4331 | - asconf_param); | ||
4332 | + sctp_add_asconf_response(asconf_ack, param.addip->crr_id, | ||
4333 | + err_code, param.addip); | ||
4334 | |||
4335 | /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add | ||
4336 | * an IP address sends an 'Out of Resource' in its response, it | ||
4337 | * MUST also fail any subsequent add or delete requests bundled | ||
4338 | * in the ASCONF. | ||
4339 | */ | ||
4340 | - if (SCTP_ERROR_RSRC_LOW == err_code) | ||
4341 | + if (err_code == SCTP_ERROR_RSRC_LOW) | ||
4342 | goto done; | ||
4343 | - | ||
4344 | - /* Move to the next ASCONF param. */ | ||
4345 | - length = ntohs(asconf_param->param_hdr.length); | ||
4346 | - asconf_param = (void *)asconf_param + length; | ||
4347 | - chunk_len -= length; | ||
4348 | } | ||
4349 | - | ||
4350 | done: | ||
4351 | asoc->peer.addip_serial++; | ||
4352 | |||
4353 | diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c | ||
4354 | index edc204b05c82..c52763a26297 100644 | ||
4355 | --- a/net/sctp/sm_statefuns.c | ||
4356 | +++ b/net/sctp/sm_statefuns.c | ||
4357 | @@ -177,6 +177,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk, | ||
4358 | { | ||
4359 | __u16 chunk_length = ntohs(chunk->chunk_hdr->length); | ||
4360 | |||
4361 | + /* Previously already marked? */ | ||
4362 | + if (unlikely(chunk->pdiscard)) | ||
4363 | + return 0; | ||
4364 | if (unlikely(chunk_length < required_length)) | ||
4365 | return 0; | ||
4366 | |||
4367 | @@ -3593,9 +3596,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, | ||
4368 | struct sctp_chunk *asconf_ack = NULL; | ||
4369 | struct sctp_paramhdr *err_param = NULL; | ||
4370 | sctp_addiphdr_t *hdr; | ||
4371 | - union sctp_addr_param *addr_param; | ||
4372 | __u32 serial; | ||
4373 | - int length; | ||
4374 | |||
4375 | if (!sctp_vtag_verify(chunk, asoc)) { | ||
4376 | sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, | ||
4377 | @@ -3620,17 +3621,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, | ||
4378 | hdr = (sctp_addiphdr_t *)chunk->skb->data; | ||
4379 | serial = ntohl(hdr->serial); | ||
4380 | |||
4381 | - addr_param = (union sctp_addr_param *)hdr->params; | ||
4382 | - length = ntohs(addr_param->p.length); | ||
4383 | - if (length < sizeof(sctp_paramhdr_t)) | ||
4384 | - return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, | ||
4385 | - (void *)addr_param, commands); | ||
4386 | - | ||
4387 | /* Verify the ASCONF chunk before processing it. */ | ||
4388 | - if (!sctp_verify_asconf(asoc, | ||
4389 | - (sctp_paramhdr_t *)((void *)addr_param + length), | ||
4390 | - (void *)chunk->chunk_end, | ||
4391 | - &err_param)) | ||
4392 | + if (!sctp_verify_asconf(asoc, chunk, true, &err_param)) | ||
4393 | return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, | ||
4394 | (void *)err_param, commands); | ||
4395 | |||
4396 | @@ -3748,10 +3740,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net, | ||
4397 | rcvd_serial = ntohl(addip_hdr->serial); | ||
4398 | |||
4399 | /* Verify the ASCONF-ACK chunk before processing it. */ | ||
4400 | - if (!sctp_verify_asconf(asoc, | ||
4401 | - (sctp_paramhdr_t *)addip_hdr->params, | ||
4402 | - (void *)asconf_ack->chunk_end, | ||
4403 | - &err_param)) | ||
4404 | + if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param)) | ||
4405 | return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, | ||
4406 | (void *)err_param, commands); | ||
4407 | |||
4408 | diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c | ||
4409 | index ebe91440a068..c89a5bf5c00e 100644 | ||
4410 | --- a/sound/usb/mixer_quirks.c | ||
4411 | +++ b/sound/usb/mixer_quirks.c | ||
4412 | @@ -799,6 +799,11 @@ static int snd_ftu_eff_switch_put(struct snd_kcontrol *kctl, | ||
4413 | return changed; | ||
4414 | } | ||
4415 | |||
4416 | +static void kctl_private_value_free(struct snd_kcontrol *kctl) | ||
4417 | +{ | ||
4418 | + kfree((void *)kctl->private_value); | ||
4419 | +} | ||
4420 | + | ||
4421 | static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer, | ||
4422 | int validx, int bUnitID) | ||
4423 | { | ||
4424 | @@ -833,6 +838,7 @@ static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer, | ||
4425 | return -ENOMEM; | ||
4426 | } | ||
4427 | |||
4428 | + kctl->private_free = kctl_private_value_free; | ||
4429 | err = snd_ctl_add(mixer->chip->card, kctl); | ||
4430 | if (err < 0) | ||
4431 | return err; |