Annotation of /trunk/kernel-alx/patches-3.14/0115-3.14.16-all-fixes.patch
Parent Directory | Revision Log
Revision 2506 -
(hide annotations)
(download)
Fri Oct 17 07:55:45 2014 UTC (10 years ago) by niro
File size: 56969 byte(s)
Fri Oct 17 07:55:45 2014 UTC (10 years ago) by niro
File size: 56969 byte(s)
-patches for 3.14
1 | niro | 2506 | diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt |
2 | index c584a51add15..afe68ddbe6a4 100644 | ||
3 | --- a/Documentation/x86/x86_64/mm.txt | ||
4 | +++ b/Documentation/x86/x86_64/mm.txt | ||
5 | @@ -12,6 +12,8 @@ ffffc90000000000 - ffffe8ffffffffff (=45 bits) vmalloc/ioremap space | ||
6 | ffffe90000000000 - ffffe9ffffffffff (=40 bits) hole | ||
7 | ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) | ||
8 | ... unused hole ... | ||
9 | +ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks | ||
10 | +... unused hole ... | ||
11 | ffffffff80000000 - ffffffffa0000000 (=512 MB) kernel text mapping, from phys 0 | ||
12 | ffffffffa0000000 - ffffffffff5fffff (=1525 MB) module mapping space | ||
13 | ffffffffff600000 - ffffffffffdfffff (=8 MB) vsyscalls | ||
14 | diff --git a/Makefile b/Makefile | ||
15 | index 188523e9e880..8b22e24a2d8e 100644 | ||
16 | --- a/Makefile | ||
17 | +++ b/Makefile | ||
18 | @@ -1,6 +1,6 @@ | ||
19 | VERSION = 3 | ||
20 | PATCHLEVEL = 14 | ||
21 | -SUBLEVEL = 15 | ||
22 | +SUBLEVEL = 16 | ||
23 | EXTRAVERSION = | ||
24 | NAME = Remembering Coco | ||
25 | |||
26 | diff --git a/arch/arm/boot/dts/dra7-evm.dts b/arch/arm/boot/dts/dra7-evm.dts | ||
27 | index 5babba0a3a75..904dcf5973f3 100644 | ||
28 | --- a/arch/arm/boot/dts/dra7-evm.dts | ||
29 | +++ b/arch/arm/boot/dts/dra7-evm.dts | ||
30 | @@ -182,6 +182,7 @@ | ||
31 | regulator-name = "ldo3"; | ||
32 | regulator-min-microvolt = <1800000>; | ||
33 | regulator-max-microvolt = <1800000>; | ||
34 | + regulator-always-on; | ||
35 | regulator-boot-on; | ||
36 | }; | ||
37 | |||
38 | diff --git a/arch/arm/boot/dts/hi3620.dtsi b/arch/arm/boot/dts/hi3620.dtsi | ||
39 | index ab1116d086be..83a5b8685bd9 100644 | ||
40 | --- a/arch/arm/boot/dts/hi3620.dtsi | ||
41 | +++ b/arch/arm/boot/dts/hi3620.dtsi | ||
42 | @@ -73,7 +73,7 @@ | ||
43 | |||
44 | L2: l2-cache { | ||
45 | compatible = "arm,pl310-cache"; | ||
46 | - reg = <0xfc10000 0x100000>; | ||
47 | + reg = <0x100000 0x100000>; | ||
48 | interrupts = <0 15 4>; | ||
49 | cache-unified; | ||
50 | cache-level = <2>; | ||
51 | diff --git a/arch/arm/crypto/aesbs-glue.c b/arch/arm/crypto/aesbs-glue.c | ||
52 | index 4522366da759..15468fbbdea3 100644 | ||
53 | --- a/arch/arm/crypto/aesbs-glue.c | ||
54 | +++ b/arch/arm/crypto/aesbs-glue.c | ||
55 | @@ -137,7 +137,7 @@ static int aesbs_cbc_encrypt(struct blkcipher_desc *desc, | ||
56 | dst += AES_BLOCK_SIZE; | ||
57 | } while (--blocks); | ||
58 | } | ||
59 | - err = blkcipher_walk_done(desc, &walk, 0); | ||
60 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); | ||
61 | } | ||
62 | return err; | ||
63 | } | ||
64 | @@ -158,7 +158,7 @@ static int aesbs_cbc_decrypt(struct blkcipher_desc *desc, | ||
65 | bsaes_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, | ||
66 | walk.nbytes, &ctx->dec, walk.iv); | ||
67 | kernel_neon_end(); | ||
68 | - err = blkcipher_walk_done(desc, &walk, 0); | ||
69 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); | ||
70 | } | ||
71 | while (walk.nbytes) { | ||
72 | u32 blocks = walk.nbytes / AES_BLOCK_SIZE; | ||
73 | @@ -182,7 +182,7 @@ static int aesbs_cbc_decrypt(struct blkcipher_desc *desc, | ||
74 | dst += AES_BLOCK_SIZE; | ||
75 | src += AES_BLOCK_SIZE; | ||
76 | } while (--blocks); | ||
77 | - err = blkcipher_walk_done(desc, &walk, 0); | ||
78 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); | ||
79 | } | ||
80 | return err; | ||
81 | } | ||
82 | @@ -268,7 +268,7 @@ static int aesbs_xts_encrypt(struct blkcipher_desc *desc, | ||
83 | bsaes_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr, | ||
84 | walk.nbytes, &ctx->enc, walk.iv); | ||
85 | kernel_neon_end(); | ||
86 | - err = blkcipher_walk_done(desc, &walk, 0); | ||
87 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); | ||
88 | } | ||
89 | return err; | ||
90 | } | ||
91 | @@ -292,7 +292,7 @@ static int aesbs_xts_decrypt(struct blkcipher_desc *desc, | ||
92 | bsaes_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, | ||
93 | walk.nbytes, &ctx->dec, walk.iv); | ||
94 | kernel_neon_end(); | ||
95 | - err = blkcipher_walk_done(desc, &walk, 0); | ||
96 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); | ||
97 | } | ||
98 | return err; | ||
99 | } | ||
100 | diff --git a/arch/arm/mm/idmap.c b/arch/arm/mm/idmap.c | ||
101 | index 8e0e52eb76b5..d7a0ee898d24 100644 | ||
102 | --- a/arch/arm/mm/idmap.c | ||
103 | +++ b/arch/arm/mm/idmap.c | ||
104 | @@ -25,6 +25,13 @@ static void idmap_add_pmd(pud_t *pud, unsigned long addr, unsigned long end, | ||
105 | pr_warning("Failed to allocate identity pmd.\n"); | ||
106 | return; | ||
107 | } | ||
108 | + /* | ||
109 | + * Copy the original PMD to ensure that the PMD entries for | ||
110 | + * the kernel image are preserved. | ||
111 | + */ | ||
112 | + if (!pud_none(*pud)) | ||
113 | + memcpy(pmd, pmd_offset(pud, 0), | ||
114 | + PTRS_PER_PMD * sizeof(pmd_t)); | ||
115 | pud_populate(&init_mm, pud, pmd); | ||
116 | pmd += pmd_index(addr); | ||
117 | } else | ||
118 | diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c | ||
119 | index b68c6b22e1c8..f15c22e8bcd5 100644 | ||
120 | --- a/arch/arm/mm/mmu.c | ||
121 | +++ b/arch/arm/mm/mmu.c | ||
122 | @@ -1436,8 +1436,8 @@ void __init early_paging_init(const struct machine_desc *mdesc, | ||
123 | return; | ||
124 | |||
125 | /* remap kernel code and data */ | ||
126 | - map_start = init_mm.start_code; | ||
127 | - map_end = init_mm.brk; | ||
128 | + map_start = init_mm.start_code & PMD_MASK; | ||
129 | + map_end = ALIGN(init_mm.brk, PMD_SIZE); | ||
130 | |||
131 | /* get a handle on things... */ | ||
132 | pgd0 = pgd_offset_k(0); | ||
133 | @@ -1472,7 +1472,7 @@ void __init early_paging_init(const struct machine_desc *mdesc, | ||
134 | } | ||
135 | |||
136 | /* remap pmds for kernel mapping */ | ||
137 | - phys = __pa(map_start) & PMD_MASK; | ||
138 | + phys = __pa(map_start); | ||
139 | do { | ||
140 | *pmdk++ = __pmd(phys | pmdprot); | ||
141 | phys += PMD_SIZE; | ||
142 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig | ||
143 | index 7324107acb40..c718d9f25900 100644 | ||
144 | --- a/arch/x86/Kconfig | ||
145 | +++ b/arch/x86/Kconfig | ||
146 | @@ -966,10 +966,27 @@ config VM86 | ||
147 | default y | ||
148 | depends on X86_32 | ||
149 | ---help--- | ||
150 | - This option is required by programs like DOSEMU to run 16-bit legacy | ||
151 | - code on X86 processors. It also may be needed by software like | ||
152 | - XFree86 to initialize some video cards via BIOS. Disabling this | ||
153 | - option saves about 6k. | ||
154 | + This option is required by programs like DOSEMU to run | ||
155 | + 16-bit real mode legacy code on x86 processors. It also may | ||
156 | + be needed by software like XFree86 to initialize some video | ||
157 | + cards via BIOS. Disabling this option saves about 6K. | ||
158 | + | ||
159 | +config X86_16BIT | ||
160 | + bool "Enable support for 16-bit segments" if EXPERT | ||
161 | + default y | ||
162 | + ---help--- | ||
163 | + This option is required by programs like Wine to run 16-bit | ||
164 | + protected mode legacy code on x86 processors. Disabling | ||
165 | + this option saves about 300 bytes on i386, or around 6K text | ||
166 | + plus 16K runtime memory on x86-64, | ||
167 | + | ||
168 | +config X86_ESPFIX32 | ||
169 | + def_bool y | ||
170 | + depends on X86_16BIT && X86_32 | ||
171 | + | ||
172 | +config X86_ESPFIX64 | ||
173 | + def_bool y | ||
174 | + depends on X86_16BIT && X86_64 | ||
175 | |||
176 | config TOSHIBA | ||
177 | tristate "Toshiba Laptop support" | ||
178 | diff --git a/arch/x86/include/asm/espfix.h b/arch/x86/include/asm/espfix.h | ||
179 | new file mode 100644 | ||
180 | index 000000000000..99efebb2f69d | ||
181 | --- /dev/null | ||
182 | +++ b/arch/x86/include/asm/espfix.h | ||
183 | @@ -0,0 +1,16 @@ | ||
184 | +#ifndef _ASM_X86_ESPFIX_H | ||
185 | +#define _ASM_X86_ESPFIX_H | ||
186 | + | ||
187 | +#ifdef CONFIG_X86_64 | ||
188 | + | ||
189 | +#include <asm/percpu.h> | ||
190 | + | ||
191 | +DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack); | ||
192 | +DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr); | ||
193 | + | ||
194 | +extern void init_espfix_bsp(void); | ||
195 | +extern void init_espfix_ap(void); | ||
196 | + | ||
197 | +#endif /* CONFIG_X86_64 */ | ||
198 | + | ||
199 | +#endif /* _ASM_X86_ESPFIX_H */ | ||
200 | diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h | ||
201 | index bba3cf88e624..0a8b519226b8 100644 | ||
202 | --- a/arch/x86/include/asm/irqflags.h | ||
203 | +++ b/arch/x86/include/asm/irqflags.h | ||
204 | @@ -129,7 +129,7 @@ static inline notrace unsigned long arch_local_irq_save(void) | ||
205 | |||
206 | #define PARAVIRT_ADJUST_EXCEPTION_FRAME /* */ | ||
207 | |||
208 | -#define INTERRUPT_RETURN iretq | ||
209 | +#define INTERRUPT_RETURN jmp native_iret | ||
210 | #define USERGS_SYSRET64 \ | ||
211 | swapgs; \ | ||
212 | sysretq; | ||
213 | diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h | ||
214 | index c883bf726398..7166e25ecb57 100644 | ||
215 | --- a/arch/x86/include/asm/pgtable_64_types.h | ||
216 | +++ b/arch/x86/include/asm/pgtable_64_types.h | ||
217 | @@ -61,6 +61,8 @@ typedef struct { pteval_t pte; } pte_t; | ||
218 | #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) | ||
219 | #define MODULES_END _AC(0xffffffffff000000, UL) | ||
220 | #define MODULES_LEN (MODULES_END - MODULES_VADDR) | ||
221 | +#define ESPFIX_PGD_ENTRY _AC(-2, UL) | ||
222 | +#define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) | ||
223 | |||
224 | #define EARLY_DYNAMIC_PAGE_TABLES 64 | ||
225 | |||
226 | diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h | ||
227 | index d62c9f809bc5..75b14ca135be 100644 | ||
228 | --- a/arch/x86/include/asm/setup.h | ||
229 | +++ b/arch/x86/include/asm/setup.h | ||
230 | @@ -65,6 +65,8 @@ static inline void x86_ce4100_early_setup(void) { } | ||
231 | |||
232 | #ifndef _SETUP | ||
233 | |||
234 | +#include <asm/espfix.h> | ||
235 | + | ||
236 | /* | ||
237 | * This is set up by the setup-routine at boot-time | ||
238 | */ | ||
239 | diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile | ||
240 | index cb648c84b327..56bac868cb91 100644 | ||
241 | --- a/arch/x86/kernel/Makefile | ||
242 | +++ b/arch/x86/kernel/Makefile | ||
243 | @@ -29,6 +29,7 @@ obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o | ||
244 | obj-y += syscall_$(BITS).o | ||
245 | obj-$(CONFIG_X86_64) += vsyscall_64.o | ||
246 | obj-$(CONFIG_X86_64) += vsyscall_emu_64.o | ||
247 | +obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o | ||
248 | obj-$(CONFIG_SYSFS) += ksysfs.o | ||
249 | obj-y += bootflag.o e820.o | ||
250 | obj-y += pci-dma.o quirks.o topology.o kdebugfs.o | ||
251 | diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S | ||
252 | index c87810b1b557..c5a9cb94dee6 100644 | ||
253 | --- a/arch/x86/kernel/entry_32.S | ||
254 | +++ b/arch/x86/kernel/entry_32.S | ||
255 | @@ -529,6 +529,7 @@ syscall_exit: | ||
256 | restore_all: | ||
257 | TRACE_IRQS_IRET | ||
258 | restore_all_notrace: | ||
259 | +#ifdef CONFIG_X86_ESPFIX32 | ||
260 | movl PT_EFLAGS(%esp), %eax # mix EFLAGS, SS and CS | ||
261 | # Warning: PT_OLDSS(%esp) contains the wrong/random values if we | ||
262 | # are returning to the kernel. | ||
263 | @@ -539,6 +540,7 @@ restore_all_notrace: | ||
264 | cmpl $((SEGMENT_LDT << 8) | USER_RPL), %eax | ||
265 | CFI_REMEMBER_STATE | ||
266 | je ldt_ss # returning to user-space with LDT SS | ||
267 | +#endif | ||
268 | restore_nocheck: | ||
269 | RESTORE_REGS 4 # skip orig_eax/error_code | ||
270 | irq_return: | ||
271 | @@ -551,6 +553,7 @@ ENTRY(iret_exc) | ||
272 | .previous | ||
273 | _ASM_EXTABLE(irq_return,iret_exc) | ||
274 | |||
275 | +#ifdef CONFIG_X86_ESPFIX32 | ||
276 | CFI_RESTORE_STATE | ||
277 | ldt_ss: | ||
278 | #ifdef CONFIG_PARAVIRT | ||
279 | @@ -594,6 +597,7 @@ ldt_ss: | ||
280 | lss (%esp), %esp /* switch to espfix segment */ | ||
281 | CFI_ADJUST_CFA_OFFSET -8 | ||
282 | jmp restore_nocheck | ||
283 | +#endif | ||
284 | CFI_ENDPROC | ||
285 | ENDPROC(system_call) | ||
286 | |||
287 | @@ -706,6 +710,7 @@ END(syscall_badsys) | ||
288 | * the high word of the segment base from the GDT and swiches to the | ||
289 | * normal stack and adjusts ESP with the matching offset. | ||
290 | */ | ||
291 | +#ifdef CONFIG_X86_ESPFIX32 | ||
292 | /* fixup the stack */ | ||
293 | mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */ | ||
294 | mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */ | ||
295 | @@ -715,8 +720,10 @@ END(syscall_badsys) | ||
296 | pushl_cfi %eax | ||
297 | lss (%esp), %esp /* switch to the normal stack segment */ | ||
298 | CFI_ADJUST_CFA_OFFSET -8 | ||
299 | +#endif | ||
300 | .endm | ||
301 | .macro UNWIND_ESPFIX_STACK | ||
302 | +#ifdef CONFIG_X86_ESPFIX32 | ||
303 | movl %ss, %eax | ||
304 | /* see if on espfix stack */ | ||
305 | cmpw $__ESPFIX_SS, %ax | ||
306 | @@ -727,6 +734,7 @@ END(syscall_badsys) | ||
307 | /* switch to normal stack */ | ||
308 | FIXUP_ESPFIX_STACK | ||
309 | 27: | ||
310 | +#endif | ||
311 | .endm | ||
312 | |||
313 | /* | ||
314 | @@ -1357,11 +1365,13 @@ END(debug) | ||
315 | ENTRY(nmi) | ||
316 | RING0_INT_FRAME | ||
317 | ASM_CLAC | ||
318 | +#ifdef CONFIG_X86_ESPFIX32 | ||
319 | pushl_cfi %eax | ||
320 | movl %ss, %eax | ||
321 | cmpw $__ESPFIX_SS, %ax | ||
322 | popl_cfi %eax | ||
323 | je nmi_espfix_stack | ||
324 | +#endif | ||
325 | cmpl $ia32_sysenter_target,(%esp) | ||
326 | je nmi_stack_fixup | ||
327 | pushl_cfi %eax | ||
328 | @@ -1401,6 +1411,7 @@ nmi_debug_stack_check: | ||
329 | FIX_STACK 24, nmi_stack_correct, 1 | ||
330 | jmp nmi_stack_correct | ||
331 | |||
332 | +#ifdef CONFIG_X86_ESPFIX32 | ||
333 | nmi_espfix_stack: | ||
334 | /* We have a RING0_INT_FRAME here. | ||
335 | * | ||
336 | @@ -1422,6 +1433,7 @@ nmi_espfix_stack: | ||
337 | lss 12+4(%esp), %esp # back to espfix stack | ||
338 | CFI_ADJUST_CFA_OFFSET -24 | ||
339 | jmp irq_return | ||
340 | +#endif | ||
341 | CFI_ENDPROC | ||
342 | END(nmi) | ||
343 | |||
344 | diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S | ||
345 | index 1e96c3628bf2..03cd2a8f6009 100644 | ||
346 | --- a/arch/x86/kernel/entry_64.S | ||
347 | +++ b/arch/x86/kernel/entry_64.S | ||
348 | @@ -58,6 +58,7 @@ | ||
349 | #include <asm/asm.h> | ||
350 | #include <asm/context_tracking.h> | ||
351 | #include <asm/smap.h> | ||
352 | +#include <asm/pgtable_types.h> | ||
353 | #include <linux/err.h> | ||
354 | |||
355 | /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ | ||
356 | @@ -1041,12 +1042,45 @@ restore_args: | ||
357 | |||
358 | irq_return: | ||
359 | INTERRUPT_RETURN | ||
360 | - _ASM_EXTABLE(irq_return, bad_iret) | ||
361 | |||
362 | -#ifdef CONFIG_PARAVIRT | ||
363 | ENTRY(native_iret) | ||
364 | + /* | ||
365 | + * Are we returning to a stack segment from the LDT? Note: in | ||
366 | + * 64-bit mode SS:RSP on the exception stack is always valid. | ||
367 | + */ | ||
368 | +#ifdef CONFIG_X86_ESPFIX64 | ||
369 | + testb $4,(SS-RIP)(%rsp) | ||
370 | + jnz native_irq_return_ldt | ||
371 | +#endif | ||
372 | + | ||
373 | +native_irq_return_iret: | ||
374 | iretq | ||
375 | - _ASM_EXTABLE(native_iret, bad_iret) | ||
376 | + _ASM_EXTABLE(native_irq_return_iret, bad_iret) | ||
377 | + | ||
378 | +#ifdef CONFIG_X86_ESPFIX64 | ||
379 | +native_irq_return_ldt: | ||
380 | + pushq_cfi %rax | ||
381 | + pushq_cfi %rdi | ||
382 | + SWAPGS | ||
383 | + movq PER_CPU_VAR(espfix_waddr),%rdi | ||
384 | + movq %rax,(0*8)(%rdi) /* RAX */ | ||
385 | + movq (2*8)(%rsp),%rax /* RIP */ | ||
386 | + movq %rax,(1*8)(%rdi) | ||
387 | + movq (3*8)(%rsp),%rax /* CS */ | ||
388 | + movq %rax,(2*8)(%rdi) | ||
389 | + movq (4*8)(%rsp),%rax /* RFLAGS */ | ||
390 | + movq %rax,(3*8)(%rdi) | ||
391 | + movq (6*8)(%rsp),%rax /* SS */ | ||
392 | + movq %rax,(5*8)(%rdi) | ||
393 | + movq (5*8)(%rsp),%rax /* RSP */ | ||
394 | + movq %rax,(4*8)(%rdi) | ||
395 | + andl $0xffff0000,%eax | ||
396 | + popq_cfi %rdi | ||
397 | + orq PER_CPU_VAR(espfix_stack),%rax | ||
398 | + SWAPGS | ||
399 | + movq %rax,%rsp | ||
400 | + popq_cfi %rax | ||
401 | + jmp native_irq_return_iret | ||
402 | #endif | ||
403 | |||
404 | .section .fixup,"ax" | ||
405 | @@ -1110,9 +1144,40 @@ ENTRY(retint_kernel) | ||
406 | call preempt_schedule_irq | ||
407 | jmp exit_intr | ||
408 | #endif | ||
409 | - | ||
410 | CFI_ENDPROC | ||
411 | END(common_interrupt) | ||
412 | + | ||
413 | + /* | ||
414 | + * If IRET takes a fault on the espfix stack, then we | ||
415 | + * end up promoting it to a doublefault. In that case, | ||
416 | + * modify the stack to make it look like we just entered | ||
417 | + * the #GP handler from user space, similar to bad_iret. | ||
418 | + */ | ||
419 | +#ifdef CONFIG_X86_ESPFIX64 | ||
420 | + ALIGN | ||
421 | +__do_double_fault: | ||
422 | + XCPT_FRAME 1 RDI+8 | ||
423 | + movq RSP(%rdi),%rax /* Trap on the espfix stack? */ | ||
424 | + sarq $PGDIR_SHIFT,%rax | ||
425 | + cmpl $ESPFIX_PGD_ENTRY,%eax | ||
426 | + jne do_double_fault /* No, just deliver the fault */ | ||
427 | + cmpl $__KERNEL_CS,CS(%rdi) | ||
428 | + jne do_double_fault | ||
429 | + movq RIP(%rdi),%rax | ||
430 | + cmpq $native_irq_return_iret,%rax | ||
431 | + jne do_double_fault /* This shouldn't happen... */ | ||
432 | + movq PER_CPU_VAR(kernel_stack),%rax | ||
433 | + subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ | ||
434 | + movq %rax,RSP(%rdi) | ||
435 | + movq $0,(%rax) /* Missing (lost) #GP error code */ | ||
436 | + movq $general_protection,RIP(%rdi) | ||
437 | + retq | ||
438 | + CFI_ENDPROC | ||
439 | +END(__do_double_fault) | ||
440 | +#else | ||
441 | +# define __do_double_fault do_double_fault | ||
442 | +#endif | ||
443 | + | ||
444 | /* | ||
445 | * End of kprobes section | ||
446 | */ | ||
447 | @@ -1314,7 +1379,7 @@ zeroentry overflow do_overflow | ||
448 | zeroentry bounds do_bounds | ||
449 | zeroentry invalid_op do_invalid_op | ||
450 | zeroentry device_not_available do_device_not_available | ||
451 | -paranoiderrorentry double_fault do_double_fault | ||
452 | +paranoiderrorentry double_fault __do_double_fault | ||
453 | zeroentry coprocessor_segment_overrun do_coprocessor_segment_overrun | ||
454 | errorentry invalid_TSS do_invalid_TSS | ||
455 | errorentry segment_not_present do_segment_not_present | ||
456 | @@ -1601,7 +1666,7 @@ error_sti: | ||
457 | */ | ||
458 | error_kernelspace: | ||
459 | incl %ebx | ||
460 | - leaq irq_return(%rip),%rcx | ||
461 | + leaq native_irq_return_iret(%rip),%rcx | ||
462 | cmpq %rcx,RIP+8(%rsp) | ||
463 | je error_swapgs | ||
464 | movl %ecx,%eax /* zero extend */ | ||
465 | diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c | ||
466 | new file mode 100644 | ||
467 | index 000000000000..94d857fb1033 | ||
468 | --- /dev/null | ||
469 | +++ b/arch/x86/kernel/espfix_64.c | ||
470 | @@ -0,0 +1,208 @@ | ||
471 | +/* ----------------------------------------------------------------------- * | ||
472 | + * | ||
473 | + * Copyright 2014 Intel Corporation; author: H. Peter Anvin | ||
474 | + * | ||
475 | + * This program is free software; you can redistribute it and/or modify it | ||
476 | + * under the terms and conditions of the GNU General Public License, | ||
477 | + * version 2, as published by the Free Software Foundation. | ||
478 | + * | ||
479 | + * This program is distributed in the hope it will be useful, but WITHOUT | ||
480 | + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | ||
481 | + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | ||
482 | + * more details. | ||
483 | + * | ||
484 | + * ----------------------------------------------------------------------- */ | ||
485 | + | ||
486 | +/* | ||
487 | + * The IRET instruction, when returning to a 16-bit segment, only | ||
488 | + * restores the bottom 16 bits of the user space stack pointer. This | ||
489 | + * causes some 16-bit software to break, but it also leaks kernel state | ||
490 | + * to user space. | ||
491 | + * | ||
492 | + * This works around this by creating percpu "ministacks", each of which | ||
493 | + * is mapped 2^16 times 64K apart. When we detect that the return SS is | ||
494 | + * on the LDT, we copy the IRET frame to the ministack and use the | ||
495 | + * relevant alias to return to userspace. The ministacks are mapped | ||
496 | + * readonly, so if the IRET fault we promote #GP to #DF which is an IST | ||
497 | + * vector and thus has its own stack; we then do the fixup in the #DF | ||
498 | + * handler. | ||
499 | + * | ||
500 | + * This file sets up the ministacks and the related page tables. The | ||
501 | + * actual ministack invocation is in entry_64.S. | ||
502 | + */ | ||
503 | + | ||
504 | +#include <linux/init.h> | ||
505 | +#include <linux/init_task.h> | ||
506 | +#include <linux/kernel.h> | ||
507 | +#include <linux/percpu.h> | ||
508 | +#include <linux/gfp.h> | ||
509 | +#include <linux/random.h> | ||
510 | +#include <asm/pgtable.h> | ||
511 | +#include <asm/pgalloc.h> | ||
512 | +#include <asm/setup.h> | ||
513 | +#include <asm/espfix.h> | ||
514 | + | ||
515 | +/* | ||
516 | + * Note: we only need 6*8 = 48 bytes for the espfix stack, but round | ||
517 | + * it up to a cache line to avoid unnecessary sharing. | ||
518 | + */ | ||
519 | +#define ESPFIX_STACK_SIZE (8*8UL) | ||
520 | +#define ESPFIX_STACKS_PER_PAGE (PAGE_SIZE/ESPFIX_STACK_SIZE) | ||
521 | + | ||
522 | +/* There is address space for how many espfix pages? */ | ||
523 | +#define ESPFIX_PAGE_SPACE (1UL << (PGDIR_SHIFT-PAGE_SHIFT-16)) | ||
524 | + | ||
525 | +#define ESPFIX_MAX_CPUS (ESPFIX_STACKS_PER_PAGE * ESPFIX_PAGE_SPACE) | ||
526 | +#if CONFIG_NR_CPUS > ESPFIX_MAX_CPUS | ||
527 | +# error "Need more than one PGD for the ESPFIX hack" | ||
528 | +#endif | ||
529 | + | ||
530 | +#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_REPEAT | __GFP_ZERO) | ||
531 | + | ||
532 | +/* This contains the *bottom* address of the espfix stack */ | ||
533 | +DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack); | ||
534 | +DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr); | ||
535 | + | ||
536 | +/* Initialization mutex - should this be a spinlock? */ | ||
537 | +static DEFINE_MUTEX(espfix_init_mutex); | ||
538 | + | ||
539 | +/* Page allocation bitmap - each page serves ESPFIX_STACKS_PER_PAGE CPUs */ | ||
540 | +#define ESPFIX_MAX_PAGES DIV_ROUND_UP(CONFIG_NR_CPUS, ESPFIX_STACKS_PER_PAGE) | ||
541 | +static void *espfix_pages[ESPFIX_MAX_PAGES]; | ||
542 | + | ||
543 | +static __page_aligned_bss pud_t espfix_pud_page[PTRS_PER_PUD] | ||
544 | + __aligned(PAGE_SIZE); | ||
545 | + | ||
546 | +static unsigned int page_random, slot_random; | ||
547 | + | ||
548 | +/* | ||
549 | + * This returns the bottom address of the espfix stack for a specific CPU. | ||
550 | + * The math allows for a non-power-of-two ESPFIX_STACK_SIZE, in which case | ||
551 | + * we have to account for some amount of padding at the end of each page. | ||
552 | + */ | ||
553 | +static inline unsigned long espfix_base_addr(unsigned int cpu) | ||
554 | +{ | ||
555 | + unsigned long page, slot; | ||
556 | + unsigned long addr; | ||
557 | + | ||
558 | + page = (cpu / ESPFIX_STACKS_PER_PAGE) ^ page_random; | ||
559 | + slot = (cpu + slot_random) % ESPFIX_STACKS_PER_PAGE; | ||
560 | + addr = (page << PAGE_SHIFT) + (slot * ESPFIX_STACK_SIZE); | ||
561 | + addr = (addr & 0xffffUL) | ((addr & ~0xffffUL) << 16); | ||
562 | + addr += ESPFIX_BASE_ADDR; | ||
563 | + return addr; | ||
564 | +} | ||
565 | + | ||
566 | +#define PTE_STRIDE (65536/PAGE_SIZE) | ||
567 | +#define ESPFIX_PTE_CLONES (PTRS_PER_PTE/PTE_STRIDE) | ||
568 | +#define ESPFIX_PMD_CLONES PTRS_PER_PMD | ||
569 | +#define ESPFIX_PUD_CLONES (65536/(ESPFIX_PTE_CLONES*ESPFIX_PMD_CLONES)) | ||
570 | + | ||
571 | +#define PGTABLE_PROT ((_KERNPG_TABLE & ~_PAGE_RW) | _PAGE_NX) | ||
572 | + | ||
573 | +static void init_espfix_random(void) | ||
574 | +{ | ||
575 | + unsigned long rand; | ||
576 | + | ||
577 | + /* | ||
578 | + * This is run before the entropy pools are initialized, | ||
579 | + * but this is hopefully better than nothing. | ||
580 | + */ | ||
581 | + if (!arch_get_random_long(&rand)) { | ||
582 | + /* The constant is an arbitrary large prime */ | ||
583 | + rdtscll(rand); | ||
584 | + rand *= 0xc345c6b72fd16123UL; | ||
585 | + } | ||
586 | + | ||
587 | + slot_random = rand % ESPFIX_STACKS_PER_PAGE; | ||
588 | + page_random = (rand / ESPFIX_STACKS_PER_PAGE) | ||
589 | + & (ESPFIX_PAGE_SPACE - 1); | ||
590 | +} | ||
591 | + | ||
592 | +void __init init_espfix_bsp(void) | ||
593 | +{ | ||
594 | + pgd_t *pgd_p; | ||
595 | + pteval_t ptemask; | ||
596 | + | ||
597 | + ptemask = __supported_pte_mask; | ||
598 | + | ||
599 | + /* Install the espfix pud into the kernel page directory */ | ||
600 | + pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)]; | ||
601 | + pgd_populate(&init_mm, pgd_p, (pud_t *)espfix_pud_page); | ||
602 | + | ||
603 | + /* Randomize the locations */ | ||
604 | + init_espfix_random(); | ||
605 | + | ||
606 | + /* The rest is the same as for any other processor */ | ||
607 | + init_espfix_ap(); | ||
608 | +} | ||
609 | + | ||
610 | +void init_espfix_ap(void) | ||
611 | +{ | ||
612 | + unsigned int cpu, page; | ||
613 | + unsigned long addr; | ||
614 | + pud_t pud, *pud_p; | ||
615 | + pmd_t pmd, *pmd_p; | ||
616 | + pte_t pte, *pte_p; | ||
617 | + int n; | ||
618 | + void *stack_page; | ||
619 | + pteval_t ptemask; | ||
620 | + | ||
621 | + /* We only have to do this once... */ | ||
622 | + if (likely(this_cpu_read(espfix_stack))) | ||
623 | + return; /* Already initialized */ | ||
624 | + | ||
625 | + cpu = smp_processor_id(); | ||
626 | + addr = espfix_base_addr(cpu); | ||
627 | + page = cpu/ESPFIX_STACKS_PER_PAGE; | ||
628 | + | ||
629 | + /* Did another CPU already set this up? */ | ||
630 | + stack_page = ACCESS_ONCE(espfix_pages[page]); | ||
631 | + if (likely(stack_page)) | ||
632 | + goto done; | ||
633 | + | ||
634 | + mutex_lock(&espfix_init_mutex); | ||
635 | + | ||
636 | + /* Did we race on the lock? */ | ||
637 | + stack_page = ACCESS_ONCE(espfix_pages[page]); | ||
638 | + if (stack_page) | ||
639 | + goto unlock_done; | ||
640 | + | ||
641 | + ptemask = __supported_pte_mask; | ||
642 | + | ||
643 | + pud_p = &espfix_pud_page[pud_index(addr)]; | ||
644 | + pud = *pud_p; | ||
645 | + if (!pud_present(pud)) { | ||
646 | + pmd_p = (pmd_t *)__get_free_page(PGALLOC_GFP); | ||
647 | + pud = __pud(__pa(pmd_p) | (PGTABLE_PROT & ptemask)); | ||
648 | + paravirt_alloc_pmd(&init_mm, __pa(pmd_p) >> PAGE_SHIFT); | ||
649 | + for (n = 0; n < ESPFIX_PUD_CLONES; n++) | ||
650 | + set_pud(&pud_p[n], pud); | ||
651 | + } | ||
652 | + | ||
653 | + pmd_p = pmd_offset(&pud, addr); | ||
654 | + pmd = *pmd_p; | ||
655 | + if (!pmd_present(pmd)) { | ||
656 | + pte_p = (pte_t *)__get_free_page(PGALLOC_GFP); | ||
657 | + pmd = __pmd(__pa(pte_p) | (PGTABLE_PROT & ptemask)); | ||
658 | + paravirt_alloc_pte(&init_mm, __pa(pte_p) >> PAGE_SHIFT); | ||
659 | + for (n = 0; n < ESPFIX_PMD_CLONES; n++) | ||
660 | + set_pmd(&pmd_p[n], pmd); | ||
661 | + } | ||
662 | + | ||
663 | + pte_p = pte_offset_kernel(&pmd, addr); | ||
664 | + stack_page = (void *)__get_free_page(GFP_KERNEL); | ||
665 | + pte = __pte(__pa(stack_page) | (__PAGE_KERNEL_RO & ptemask)); | ||
666 | + for (n = 0; n < ESPFIX_PTE_CLONES; n++) | ||
667 | + set_pte(&pte_p[n*PTE_STRIDE], pte); | ||
668 | + | ||
669 | + /* Job is done for this CPU and any CPU which shares this page */ | ||
670 | + ACCESS_ONCE(espfix_pages[page]) = stack_page; | ||
671 | + | ||
672 | +unlock_done: | ||
673 | + mutex_unlock(&espfix_init_mutex); | ||
674 | +done: | ||
675 | + this_cpu_write(espfix_stack, addr); | ||
676 | + this_cpu_write(espfix_waddr, (unsigned long)stack_page | ||
677 | + + (addr & ~PAGE_MASK)); | ||
678 | +} | ||
679 | diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c | ||
680 | index dcbbaa165bde..c37886d759cc 100644 | ||
681 | --- a/arch/x86/kernel/ldt.c | ||
682 | +++ b/arch/x86/kernel/ldt.c | ||
683 | @@ -20,8 +20,6 @@ | ||
684 | #include <asm/mmu_context.h> | ||
685 | #include <asm/syscalls.h> | ||
686 | |||
687 | -int sysctl_ldt16 = 0; | ||
688 | - | ||
689 | #ifdef CONFIG_SMP | ||
690 | static void flush_ldt(void *current_mm) | ||
691 | { | ||
692 | @@ -231,16 +229,10 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) | ||
693 | } | ||
694 | } | ||
695 | |||
696 | - /* | ||
697 | - * On x86-64 we do not support 16-bit segments due to | ||
698 | - * IRET leaking the high bits of the kernel stack address. | ||
699 | - */ | ||
700 | -#ifdef CONFIG_X86_64 | ||
701 | - if (!ldt_info.seg_32bit && !sysctl_ldt16) { | ||
702 | + if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { | ||
703 | error = -EINVAL; | ||
704 | goto out_unlock; | ||
705 | } | ||
706 | -#endif | ||
707 | |||
708 | fill_ldt(&ldt, &ldt_info); | ||
709 | if (oldmode) | ||
710 | diff --git a/arch/x86/kernel/paravirt_patch_64.c b/arch/x86/kernel/paravirt_patch_64.c | ||
711 | index 3f08f34f93eb..a1da6737ba5b 100644 | ||
712 | --- a/arch/x86/kernel/paravirt_patch_64.c | ||
713 | +++ b/arch/x86/kernel/paravirt_patch_64.c | ||
714 | @@ -6,7 +6,6 @@ DEF_NATIVE(pv_irq_ops, irq_disable, "cli"); | ||
715 | DEF_NATIVE(pv_irq_ops, irq_enable, "sti"); | ||
716 | DEF_NATIVE(pv_irq_ops, restore_fl, "pushq %rdi; popfq"); | ||
717 | DEF_NATIVE(pv_irq_ops, save_fl, "pushfq; popq %rax"); | ||
718 | -DEF_NATIVE(pv_cpu_ops, iret, "iretq"); | ||
719 | DEF_NATIVE(pv_mmu_ops, read_cr2, "movq %cr2, %rax"); | ||
720 | DEF_NATIVE(pv_mmu_ops, read_cr3, "movq %cr3, %rax"); | ||
721 | DEF_NATIVE(pv_mmu_ops, write_cr3, "movq %rdi, %cr3"); | ||
722 | @@ -50,7 +49,6 @@ unsigned native_patch(u8 type, u16 clobbers, void *ibuf, | ||
723 | PATCH_SITE(pv_irq_ops, save_fl); | ||
724 | PATCH_SITE(pv_irq_ops, irq_enable); | ||
725 | PATCH_SITE(pv_irq_ops, irq_disable); | ||
726 | - PATCH_SITE(pv_cpu_ops, iret); | ||
727 | PATCH_SITE(pv_cpu_ops, irq_enable_sysexit); | ||
728 | PATCH_SITE(pv_cpu_ops, usergs_sysret32); | ||
729 | PATCH_SITE(pv_cpu_ops, usergs_sysret64); | ||
730 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c | ||
731 | index a32da804252e..395be6d8bbde 100644 | ||
732 | --- a/arch/x86/kernel/smpboot.c | ||
733 | +++ b/arch/x86/kernel/smpboot.c | ||
734 | @@ -243,6 +243,13 @@ static void notrace start_secondary(void *unused) | ||
735 | check_tsc_sync_target(); | ||
736 | |||
737 | /* | ||
738 | + * Enable the espfix hack for this CPU | ||
739 | + */ | ||
740 | +#ifdef CONFIG_X86_ESPFIX64 | ||
741 | + init_espfix_ap(); | ||
742 | +#endif | ||
743 | + | ||
744 | + /* | ||
745 | * We need to hold vector_lock so there the set of online cpus | ||
746 | * does not change while we are assigning vectors to cpus. Holding | ||
747 | * this lock ensures we don't half assign or remove an irq from a cpu. | ||
748 | diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c | ||
749 | index 0002a3a33081..3620928631ce 100644 | ||
750 | --- a/arch/x86/mm/dump_pagetables.c | ||
751 | +++ b/arch/x86/mm/dump_pagetables.c | ||
752 | @@ -30,11 +30,13 @@ struct pg_state { | ||
753 | unsigned long start_address; | ||
754 | unsigned long current_address; | ||
755 | const struct addr_marker *marker; | ||
756 | + unsigned long lines; | ||
757 | }; | ||
758 | |||
759 | struct addr_marker { | ||
760 | unsigned long start_address; | ||
761 | const char *name; | ||
762 | + unsigned long max_lines; | ||
763 | }; | ||
764 | |||
765 | /* indices for address_markers; keep sync'd w/ address_markers below */ | ||
766 | @@ -45,6 +47,7 @@ enum address_markers_idx { | ||
767 | LOW_KERNEL_NR, | ||
768 | VMALLOC_START_NR, | ||
769 | VMEMMAP_START_NR, | ||
770 | + ESPFIX_START_NR, | ||
771 | HIGH_KERNEL_NR, | ||
772 | MODULES_VADDR_NR, | ||
773 | MODULES_END_NR, | ||
774 | @@ -67,6 +70,7 @@ static struct addr_marker address_markers[] = { | ||
775 | { PAGE_OFFSET, "Low Kernel Mapping" }, | ||
776 | { VMALLOC_START, "vmalloc() Area" }, | ||
777 | { VMEMMAP_START, "Vmemmap" }, | ||
778 | + { ESPFIX_BASE_ADDR, "ESPfix Area", 16 }, | ||
779 | { __START_KERNEL_map, "High Kernel Mapping" }, | ||
780 | { MODULES_VADDR, "Modules" }, | ||
781 | { MODULES_END, "End Modules" }, | ||
782 | @@ -163,7 +167,7 @@ static void note_page(struct seq_file *m, struct pg_state *st, | ||
783 | pgprot_t new_prot, int level) | ||
784 | { | ||
785 | pgprotval_t prot, cur; | ||
786 | - static const char units[] = "KMGTPE"; | ||
787 | + static const char units[] = "BKMGTPE"; | ||
788 | |||
789 | /* | ||
790 | * If we have a "break" in the series, we need to flush the state that | ||
791 | @@ -178,6 +182,7 @@ static void note_page(struct seq_file *m, struct pg_state *st, | ||
792 | st->current_prot = new_prot; | ||
793 | st->level = level; | ||
794 | st->marker = address_markers; | ||
795 | + st->lines = 0; | ||
796 | seq_printf(m, "---[ %s ]---\n", st->marker->name); | ||
797 | } else if (prot != cur || level != st->level || | ||
798 | st->current_address >= st->marker[1].start_address) { | ||
799 | @@ -188,17 +193,21 @@ static void note_page(struct seq_file *m, struct pg_state *st, | ||
800 | /* | ||
801 | * Now print the actual finished series | ||
802 | */ | ||
803 | - seq_printf(m, "0x%0*lx-0x%0*lx ", | ||
804 | - width, st->start_address, | ||
805 | - width, st->current_address); | ||
806 | - | ||
807 | - delta = (st->current_address - st->start_address) >> 10; | ||
808 | - while (!(delta & 1023) && unit[1]) { | ||
809 | - delta >>= 10; | ||
810 | - unit++; | ||
811 | + if (!st->marker->max_lines || | ||
812 | + st->lines < st->marker->max_lines) { | ||
813 | + seq_printf(m, "0x%0*lx-0x%0*lx ", | ||
814 | + width, st->start_address, | ||
815 | + width, st->current_address); | ||
816 | + | ||
817 | + delta = (st->current_address - st->start_address) >> 10; | ||
818 | + while (!(delta & 1023) && unit[1]) { | ||
819 | + delta >>= 10; | ||
820 | + unit++; | ||
821 | + } | ||
822 | + seq_printf(m, "%9lu%c ", delta, *unit); | ||
823 | + printk_prot(m, st->current_prot, st->level); | ||
824 | } | ||
825 | - seq_printf(m, "%9lu%c ", delta, *unit); | ||
826 | - printk_prot(m, st->current_prot, st->level); | ||
827 | + st->lines++; | ||
828 | |||
829 | /* | ||
830 | * We print markers for special areas of address space, | ||
831 | diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c | ||
832 | index f1d633a43f8e..d6bfb876cfb0 100644 | ||
833 | --- a/arch/x86/vdso/vdso32-setup.c | ||
834 | +++ b/arch/x86/vdso/vdso32-setup.c | ||
835 | @@ -41,7 +41,6 @@ enum { | ||
836 | #ifdef CONFIG_X86_64 | ||
837 | #define vdso_enabled sysctl_vsyscall32 | ||
838 | #define arch_setup_additional_pages syscall32_setup_pages | ||
839 | -extern int sysctl_ldt16; | ||
840 | #endif | ||
841 | |||
842 | /* | ||
843 | @@ -381,13 +380,6 @@ static struct ctl_table abi_table2[] = { | ||
844 | .mode = 0644, | ||
845 | .proc_handler = proc_dointvec | ||
846 | }, | ||
847 | - { | ||
848 | - .procname = "ldt16", | ||
849 | - .data = &sysctl_ldt16, | ||
850 | - .maxlen = sizeof(int), | ||
851 | - .mode = 0644, | ||
852 | - .proc_handler = proc_dointvec | ||
853 | - }, | ||
854 | {} | ||
855 | }; | ||
856 | |||
857 | diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c | ||
858 | index 0982233b9b84..a6a72ce8630f 100644 | ||
859 | --- a/arch/x86/xen/setup.c | ||
860 | +++ b/arch/x86/xen/setup.c | ||
861 | @@ -574,13 +574,7 @@ void xen_enable_syscall(void) | ||
862 | } | ||
863 | #endif /* CONFIG_X86_64 */ | ||
864 | } | ||
865 | -void xen_enable_nmi(void) | ||
866 | -{ | ||
867 | -#ifdef CONFIG_X86_64 | ||
868 | - if (register_callback(CALLBACKTYPE_nmi, (char *)nmi)) | ||
869 | - BUG(); | ||
870 | -#endif | ||
871 | -} | ||
872 | + | ||
873 | void __init xen_pvmmu_arch_setup(void) | ||
874 | { | ||
875 | HYPERVISOR_vm_assist(VMASST_CMD_enable, VMASST_TYPE_4gb_segments); | ||
876 | @@ -595,7 +589,6 @@ void __init xen_pvmmu_arch_setup(void) | ||
877 | |||
878 | xen_enable_sysenter(); | ||
879 | xen_enable_syscall(); | ||
880 | - xen_enable_nmi(); | ||
881 | } | ||
882 | |||
883 | /* This function is not called for HVM domains */ | ||
884 | diff --git a/arch/xtensa/kernel/vectors.S b/arch/xtensa/kernel/vectors.S | ||
885 | index f9e1ec346e35..8453e6e39895 100644 | ||
886 | --- a/arch/xtensa/kernel/vectors.S | ||
887 | +++ b/arch/xtensa/kernel/vectors.S | ||
888 | @@ -376,38 +376,42 @@ _DoubleExceptionVector_WindowOverflow: | ||
889 | beqz a2, 1f # if at start of vector, don't restore | ||
890 | |||
891 | addi a0, a0, -128 | ||
892 | - bbsi a0, 8, 1f # don't restore except for overflow 8 and 12 | ||
893 | - bbsi a0, 7, 2f | ||
894 | + bbsi.l a0, 8, 1f # don't restore except for overflow 8 and 12 | ||
895 | + | ||
896 | + /* | ||
897 | + * This fixup handler is for the extremely unlikely case where the | ||
898 | + * overflow handler's reference thru a0 gets a hardware TLB refill | ||
899 | + * that bumps out the (distinct, aliasing) TLB entry that mapped its | ||
900 | + * prior references thru a9/a13, and where our reference now thru | ||
901 | + * a9/a13 gets a 2nd-level miss exception (not hardware TLB refill). | ||
902 | + */ | ||
903 | + movi a2, window_overflow_restore_a0_fixup | ||
904 | + s32i a2, a3, EXC_TABLE_FIXUP | ||
905 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
906 | + xsr a3, excsave1 | ||
907 | + | ||
908 | + bbsi.l a0, 7, 2f | ||
909 | |||
910 | /* | ||
911 | * Restore a0 as saved by _WindowOverflow8(). | ||
912 | - * | ||
913 | - * FIXME: we really need a fixup handler for this L32E, | ||
914 | - * for the extremely unlikely case where the overflow handler's | ||
915 | - * reference thru a0 gets a hardware TLB refill that bumps out | ||
916 | - * the (distinct, aliasing) TLB entry that mapped its prior | ||
917 | - * references thru a9, and where our reference now thru a9 | ||
918 | - * gets a 2nd-level miss exception (not hardware TLB refill). | ||
919 | */ | ||
920 | |||
921 | - l32e a2, a9, -16 | ||
922 | - wsr a2, depc # replace the saved a0 | ||
923 | - j 1f | ||
924 | + l32e a0, a9, -16 | ||
925 | + wsr a0, depc # replace the saved a0 | ||
926 | + j 3f | ||
927 | |||
928 | 2: | ||
929 | /* | ||
930 | * Restore a0 as saved by _WindowOverflow12(). | ||
931 | - * | ||
932 | - * FIXME: we really need a fixup handler for this L32E, | ||
933 | - * for the extremely unlikely case where the overflow handler's | ||
934 | - * reference thru a0 gets a hardware TLB refill that bumps out | ||
935 | - * the (distinct, aliasing) TLB entry that mapped its prior | ||
936 | - * references thru a13, and where our reference now thru a13 | ||
937 | - * gets a 2nd-level miss exception (not hardware TLB refill). | ||
938 | */ | ||
939 | |||
940 | - l32e a2, a13, -16 | ||
941 | - wsr a2, depc # replace the saved a0 | ||
942 | + l32e a0, a13, -16 | ||
943 | + wsr a0, depc # replace the saved a0 | ||
944 | +3: | ||
945 | + xsr a3, excsave1 | ||
946 | + movi a0, 0 | ||
947 | + s32i a0, a3, EXC_TABLE_FIXUP | ||
948 | + s32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
949 | 1: | ||
950 | /* | ||
951 | * Restore WindowBase while leaving all address registers restored. | ||
952 | @@ -449,6 +453,7 @@ _DoubleExceptionVector_WindowOverflow: | ||
953 | |||
954 | s32i a0, a2, PT_DEPC | ||
955 | |||
956 | +_DoubleExceptionVector_handle_exception: | ||
957 | addx4 a0, a0, a3 | ||
958 | l32i a0, a0, EXC_TABLE_FAST_USER | ||
959 | xsr a3, excsave1 | ||
960 | @@ -464,11 +469,120 @@ _DoubleExceptionVector_WindowOverflow: | ||
961 | rotw -3 | ||
962 | j 1b | ||
963 | |||
964 | - .end literal_prefix | ||
965 | |||
966 | ENDPROC(_DoubleExceptionVector) | ||
967 | |||
968 | /* | ||
969 | + * Fixup handler for TLB miss in double exception handler for window owerflow. | ||
970 | + * We get here with windowbase set to the window that was being spilled and | ||
971 | + * a0 trashed. a0 bit 7 determines if this is a call8 (bit clear) or call12 | ||
972 | + * (bit set) window. | ||
973 | + * | ||
974 | + * We do the following here: | ||
975 | + * - go to the original window retaining a0 value; | ||
976 | + * - set up exception stack to return back to appropriate a0 restore code | ||
977 | + * (we'll need to rotate window back and there's no place to save this | ||
978 | + * information, use different return address for that); | ||
979 | + * - handle the exception; | ||
980 | + * - go to the window that was being spilled; | ||
981 | + * - set up window_overflow_restore_a0_fixup as a fixup routine; | ||
982 | + * - reload a0; | ||
983 | + * - restore the original window; | ||
984 | + * - reset the default fixup routine; | ||
985 | + * - return to user. By the time we get to this fixup handler all information | ||
986 | + * about the conditions of the original double exception that happened in | ||
987 | + * the window overflow handler is lost, so we just return to userspace to | ||
988 | + * retry overflow from start. | ||
989 | + * | ||
990 | + * a0: value of depc, original value in depc | ||
991 | + * a2: trashed, original value in EXC_TABLE_DOUBLE_SAVE | ||
992 | + * a3: exctable, original value in excsave1 | ||
993 | + */ | ||
994 | + | ||
995 | +ENTRY(window_overflow_restore_a0_fixup) | ||
996 | + | ||
997 | + rsr a0, ps | ||
998 | + extui a0, a0, PS_OWB_SHIFT, PS_OWB_WIDTH | ||
999 | + rsr a2, windowbase | ||
1000 | + sub a0, a2, a0 | ||
1001 | + extui a0, a0, 0, 3 | ||
1002 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
1003 | + xsr a3, excsave1 | ||
1004 | + | ||
1005 | + _beqi a0, 1, .Lhandle_1 | ||
1006 | + _beqi a0, 3, .Lhandle_3 | ||
1007 | + | ||
1008 | + .macro overflow_fixup_handle_exception_pane n | ||
1009 | + | ||
1010 | + rsr a0, depc | ||
1011 | + rotw -\n | ||
1012 | + | ||
1013 | + xsr a3, excsave1 | ||
1014 | + wsr a2, depc | ||
1015 | + l32i a2, a3, EXC_TABLE_KSTK | ||
1016 | + s32i a0, a2, PT_AREG0 | ||
1017 | + | ||
1018 | + movi a0, .Lrestore_\n | ||
1019 | + s32i a0, a2, PT_DEPC | ||
1020 | + rsr a0, exccause | ||
1021 | + j _DoubleExceptionVector_handle_exception | ||
1022 | + | ||
1023 | + .endm | ||
1024 | + | ||
1025 | + overflow_fixup_handle_exception_pane 2 | ||
1026 | +.Lhandle_1: | ||
1027 | + overflow_fixup_handle_exception_pane 1 | ||
1028 | +.Lhandle_3: | ||
1029 | + overflow_fixup_handle_exception_pane 3 | ||
1030 | + | ||
1031 | + .macro overflow_fixup_restore_a0_pane n | ||
1032 | + | ||
1033 | + rotw \n | ||
1034 | + /* Need to preserve a0 value here to be able to handle exception | ||
1035 | + * that may occur on a0 reload from stack. It may occur because | ||
1036 | + * TLB miss handler may not be atomic and pointer to page table | ||
1037 | + * may be lost before we get here. There are no free registers, | ||
1038 | + * so we need to use EXC_TABLE_DOUBLE_SAVE area. | ||
1039 | + */ | ||
1040 | + xsr a3, excsave1 | ||
1041 | + s32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
1042 | + movi a2, window_overflow_restore_a0_fixup | ||
1043 | + s32i a2, a3, EXC_TABLE_FIXUP | ||
1044 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
1045 | + xsr a3, excsave1 | ||
1046 | + bbsi.l a0, 7, 1f | ||
1047 | + l32e a0, a9, -16 | ||
1048 | + j 2f | ||
1049 | +1: | ||
1050 | + l32e a0, a13, -16 | ||
1051 | +2: | ||
1052 | + rotw -\n | ||
1053 | + | ||
1054 | + .endm | ||
1055 | + | ||
1056 | +.Lrestore_2: | ||
1057 | + overflow_fixup_restore_a0_pane 2 | ||
1058 | + | ||
1059 | +.Lset_default_fixup: | ||
1060 | + xsr a3, excsave1 | ||
1061 | + s32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
1062 | + movi a2, 0 | ||
1063 | + s32i a2, a3, EXC_TABLE_FIXUP | ||
1064 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE | ||
1065 | + xsr a3, excsave1 | ||
1066 | + rfe | ||
1067 | + | ||
1068 | +.Lrestore_1: | ||
1069 | + overflow_fixup_restore_a0_pane 1 | ||
1070 | + j .Lset_default_fixup | ||
1071 | +.Lrestore_3: | ||
1072 | + overflow_fixup_restore_a0_pane 3 | ||
1073 | + j .Lset_default_fixup | ||
1074 | + | ||
1075 | +ENDPROC(window_overflow_restore_a0_fixup) | ||
1076 | + | ||
1077 | + .end literal_prefix | ||
1078 | +/* | ||
1079 | * Debug interrupt vector | ||
1080 | * | ||
1081 | * There is not much space here, so simply jump to another handler. | ||
1082 | diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S | ||
1083 | index ee32c0085dff..d16db6df86f8 100644 | ||
1084 | --- a/arch/xtensa/kernel/vmlinux.lds.S | ||
1085 | +++ b/arch/xtensa/kernel/vmlinux.lds.S | ||
1086 | @@ -269,13 +269,13 @@ SECTIONS | ||
1087 | .UserExceptionVector.literal) | ||
1088 | SECTION_VECTOR (_DoubleExceptionVector_literal, | ||
1089 | .DoubleExceptionVector.literal, | ||
1090 | - DOUBLEEXC_VECTOR_VADDR - 16, | ||
1091 | + DOUBLEEXC_VECTOR_VADDR - 40, | ||
1092 | SIZEOF(.UserExceptionVector.text), | ||
1093 | .UserExceptionVector.text) | ||
1094 | SECTION_VECTOR (_DoubleExceptionVector_text, | ||
1095 | .DoubleExceptionVector.text, | ||
1096 | DOUBLEEXC_VECTOR_VADDR, | ||
1097 | - 32, | ||
1098 | + 40, | ||
1099 | .DoubleExceptionVector.literal) | ||
1100 | |||
1101 | . = (LOADADDR( .DoubleExceptionVector.text ) + SIZEOF( .DoubleExceptionVector.text ) + 3) & ~ 3; | ||
1102 | diff --git a/crypto/af_alg.c b/crypto/af_alg.c | ||
1103 | index 966f893711b3..6a3ad8011585 100644 | ||
1104 | --- a/crypto/af_alg.c | ||
1105 | +++ b/crypto/af_alg.c | ||
1106 | @@ -21,6 +21,7 @@ | ||
1107 | #include <linux/module.h> | ||
1108 | #include <linux/net.h> | ||
1109 | #include <linux/rwsem.h> | ||
1110 | +#include <linux/security.h> | ||
1111 | |||
1112 | struct alg_type_list { | ||
1113 | const struct af_alg_type *type; | ||
1114 | @@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) | ||
1115 | |||
1116 | sock_init_data(newsock, sk2); | ||
1117 | sock_graft(sk2, newsock); | ||
1118 | + security_sk_clone(sk, sk2); | ||
1119 | |||
1120 | err = type->accept(ask->private, sk2); | ||
1121 | if (err) { | ||
1122 | diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c | ||
1123 | index 199b52b7c3e1..153f4b92cc05 100644 | ||
1124 | --- a/drivers/cpufreq/cpufreq.c | ||
1125 | +++ b/drivers/cpufreq/cpufreq.c | ||
1126 | @@ -1089,10 +1089,12 @@ static int __cpufreq_add_dev(struct device *dev, struct subsys_interface *sif, | ||
1127 | * the creation of a brand new one. So we need to perform this update | ||
1128 | * by invoking update_policy_cpu(). | ||
1129 | */ | ||
1130 | - if (frozen && cpu != policy->cpu) | ||
1131 | + if (frozen && cpu != policy->cpu) { | ||
1132 | update_policy_cpu(policy, cpu); | ||
1133 | - else | ||
1134 | + WARN_ON(kobject_move(&policy->kobj, &dev->kobj)); | ||
1135 | + } else { | ||
1136 | policy->cpu = cpu; | ||
1137 | + } | ||
1138 | |||
1139 | policy->governor = CPUFREQ_DEFAULT_GOVERNOR; | ||
1140 | cpumask_copy(policy->cpus, cpumask_of(cpu)); | ||
1141 | diff --git a/drivers/iio/accel/bma180.c b/drivers/iio/accel/bma180.c | ||
1142 | index bfec313492b3..fe83d04784c8 100644 | ||
1143 | --- a/drivers/iio/accel/bma180.c | ||
1144 | +++ b/drivers/iio/accel/bma180.c | ||
1145 | @@ -68,13 +68,13 @@ | ||
1146 | /* Defaults values */ | ||
1147 | #define BMA180_DEF_PMODE 0 | ||
1148 | #define BMA180_DEF_BW 20 | ||
1149 | -#define BMA180_DEF_SCALE 250 | ||
1150 | +#define BMA180_DEF_SCALE 2452 | ||
1151 | |||
1152 | /* Available values for sysfs */ | ||
1153 | #define BMA180_FLP_FREQ_AVAILABLE \ | ||
1154 | "10 20 40 75 150 300" | ||
1155 | #define BMA180_SCALE_AVAILABLE \ | ||
1156 | - "0.000130 0.000190 0.000250 0.000380 0.000500 0.000990 0.001980" | ||
1157 | + "0.001275 0.001863 0.002452 0.003727 0.004903 0.009709 0.019417" | ||
1158 | |||
1159 | struct bma180_data { | ||
1160 | struct i2c_client *client; | ||
1161 | @@ -94,7 +94,7 @@ enum bma180_axis { | ||
1162 | }; | ||
1163 | |||
1164 | static int bw_table[] = { 10, 20, 40, 75, 150, 300 }; /* Hz */ | ||
1165 | -static int scale_table[] = { 130, 190, 250, 380, 500, 990, 1980 }; | ||
1166 | +static int scale_table[] = { 1275, 1863, 2452, 3727, 4903, 9709, 19417 }; | ||
1167 | |||
1168 | static int bma180_get_acc_reg(struct bma180_data *data, enum bma180_axis axis) | ||
1169 | { | ||
1170 | @@ -376,6 +376,8 @@ static int bma180_write_raw(struct iio_dev *indio_dev, | ||
1171 | mutex_unlock(&data->mutex); | ||
1172 | return ret; | ||
1173 | case IIO_CHAN_INFO_LOW_PASS_FILTER_3DB_FREQUENCY: | ||
1174 | + if (val2) | ||
1175 | + return -EINVAL; | ||
1176 | mutex_lock(&data->mutex); | ||
1177 | ret = bma180_set_bw(data, val); | ||
1178 | mutex_unlock(&data->mutex); | ||
1179 | diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c | ||
1180 | index fe25042f056a..0f1d9b2ccdfa 100644 | ||
1181 | --- a/drivers/iio/industrialio-buffer.c | ||
1182 | +++ b/drivers/iio/industrialio-buffer.c | ||
1183 | @@ -953,7 +953,7 @@ static int iio_buffer_update_demux(struct iio_dev *indio_dev, | ||
1184 | |||
1185 | /* Now we have the two masks, work from least sig and build up sizes */ | ||
1186 | for_each_set_bit(out_ind, | ||
1187 | - indio_dev->active_scan_mask, | ||
1188 | + buffer->scan_mask, | ||
1189 | indio_dev->masklength) { | ||
1190 | in_ind = find_next_bit(indio_dev->active_scan_mask, | ||
1191 | indio_dev->masklength, | ||
1192 | diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c | ||
1193 | index 66c5d130c8c2..0e722c103562 100644 | ||
1194 | --- a/drivers/md/dm-bufio.c | ||
1195 | +++ b/drivers/md/dm-bufio.c | ||
1196 | @@ -1541,7 +1541,7 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign | ||
1197 | BUG_ON(block_size < 1 << SECTOR_SHIFT || | ||
1198 | (block_size & (block_size - 1))); | ||
1199 | |||
1200 | - c = kmalloc(sizeof(*c), GFP_KERNEL); | ||
1201 | + c = kzalloc(sizeof(*c), GFP_KERNEL); | ||
1202 | if (!c) { | ||
1203 | r = -ENOMEM; | ||
1204 | goto bad_client; | ||
1205 | diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c | ||
1206 | index c0ad90d91252..735e939a846d 100644 | ||
1207 | --- a/drivers/md/dm-cache-target.c | ||
1208 | +++ b/drivers/md/dm-cache-target.c | ||
1209 | @@ -231,7 +231,7 @@ struct cache { | ||
1210 | /* | ||
1211 | * cache_size entries, dirty if set | ||
1212 | */ | ||
1213 | - dm_cblock_t nr_dirty; | ||
1214 | + atomic_t nr_dirty; | ||
1215 | unsigned long *dirty_bitset; | ||
1216 | |||
1217 | /* | ||
1218 | @@ -493,7 +493,7 @@ static bool is_dirty(struct cache *cache, dm_cblock_t b) | ||
1219 | static void set_dirty(struct cache *cache, dm_oblock_t oblock, dm_cblock_t cblock) | ||
1220 | { | ||
1221 | if (!test_and_set_bit(from_cblock(cblock), cache->dirty_bitset)) { | ||
1222 | - cache->nr_dirty = to_cblock(from_cblock(cache->nr_dirty) + 1); | ||
1223 | + atomic_inc(&cache->nr_dirty); | ||
1224 | policy_set_dirty(cache->policy, oblock); | ||
1225 | } | ||
1226 | } | ||
1227 | @@ -502,8 +502,7 @@ static void clear_dirty(struct cache *cache, dm_oblock_t oblock, dm_cblock_t cbl | ||
1228 | { | ||
1229 | if (test_and_clear_bit(from_cblock(cblock), cache->dirty_bitset)) { | ||
1230 | policy_clear_dirty(cache->policy, oblock); | ||
1231 | - cache->nr_dirty = to_cblock(from_cblock(cache->nr_dirty) - 1); | ||
1232 | - if (!from_cblock(cache->nr_dirty)) | ||
1233 | + if (atomic_dec_return(&cache->nr_dirty) == 0) | ||
1234 | dm_table_event(cache->ti->table); | ||
1235 | } | ||
1236 | } | ||
1237 | @@ -2286,7 +2285,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) | ||
1238 | atomic_set(&cache->quiescing_ack, 0); | ||
1239 | |||
1240 | r = -ENOMEM; | ||
1241 | - cache->nr_dirty = 0; | ||
1242 | + atomic_set(&cache->nr_dirty, 0); | ||
1243 | cache->dirty_bitset = alloc_bitset(from_cblock(cache->cache_size)); | ||
1244 | if (!cache->dirty_bitset) { | ||
1245 | *error = "could not allocate dirty bitset"; | ||
1246 | @@ -2828,7 +2827,7 @@ static void cache_status(struct dm_target *ti, status_type_t type, | ||
1247 | |||
1248 | residency = policy_residency(cache->policy); | ||
1249 | |||
1250 | - DMEMIT("%u %llu/%llu %u %llu/%llu %u %u %u %u %u %u %llu ", | ||
1251 | + DMEMIT("%u %llu/%llu %u %llu/%llu %u %u %u %u %u %u %lu ", | ||
1252 | (unsigned)(DM_CACHE_METADATA_BLOCK_SIZE >> SECTOR_SHIFT), | ||
1253 | (unsigned long long)(nr_blocks_metadata - nr_free_blocks_metadata), | ||
1254 | (unsigned long long)nr_blocks_metadata, | ||
1255 | @@ -2841,7 +2840,7 @@ static void cache_status(struct dm_target *ti, status_type_t type, | ||
1256 | (unsigned) atomic_read(&cache->stats.write_miss), | ||
1257 | (unsigned) atomic_read(&cache->stats.demotion), | ||
1258 | (unsigned) atomic_read(&cache->stats.promotion), | ||
1259 | - (unsigned long long) from_cblock(cache->nr_dirty)); | ||
1260 | + (unsigned long) atomic_read(&cache->nr_dirty)); | ||
1261 | |||
1262 | if (writethrough_mode(&cache->features)) | ||
1263 | DMEMIT("1 writethrough "); | ||
1264 | diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c | ||
1265 | index 0526ddff977d..0fe7674ad100 100644 | ||
1266 | --- a/drivers/net/wireless/ath/ath9k/xmit.c | ||
1267 | +++ b/drivers/net/wireless/ath/ath9k/xmit.c | ||
1268 | @@ -890,6 +890,15 @@ ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq, | ||
1269 | |||
1270 | tx_info = IEEE80211_SKB_CB(skb); | ||
1271 | tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT; | ||
1272 | + | ||
1273 | + /* | ||
1274 | + * No aggregation session is running, but there may be frames | ||
1275 | + * from a previous session or a failed attempt in the queue. | ||
1276 | + * Send them out as normal data frames | ||
1277 | + */ | ||
1278 | + if (!tid->active) | ||
1279 | + tx_info->flags &= ~IEEE80211_TX_CTL_AMPDU; | ||
1280 | + | ||
1281 | if (!(tx_info->flags & IEEE80211_TX_CTL_AMPDU)) { | ||
1282 | bf->bf_state.bf_type = 0; | ||
1283 | return bf; | ||
1284 | diff --git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c | ||
1285 | index c31aa07b3ba5..da1c6cb1a41e 100644 | ||
1286 | --- a/drivers/pnp/pnpacpi/core.c | ||
1287 | +++ b/drivers/pnp/pnpacpi/core.c | ||
1288 | @@ -339,8 +339,7 @@ static int __init acpi_pnp_match(struct device *dev, void *_pnp) | ||
1289 | struct pnp_dev *pnp = _pnp; | ||
1290 | |||
1291 | /* true means it matched */ | ||
1292 | - return !acpi->physical_node_count | ||
1293 | - && compare_pnp_id(pnp->id, acpi_device_hid(acpi)); | ||
1294 | + return pnp->data == acpi; | ||
1295 | } | ||
1296 | |||
1297 | static struct acpi_device * __init acpi_pnp_find_companion(struct device *dev) | ||
1298 | diff --git a/drivers/rapidio/devices/tsi721_dma.c b/drivers/rapidio/devices/tsi721_dma.c | ||
1299 | index 91245f5dbe81..47257b6eea84 100644 | ||
1300 | --- a/drivers/rapidio/devices/tsi721_dma.c | ||
1301 | +++ b/drivers/rapidio/devices/tsi721_dma.c | ||
1302 | @@ -287,6 +287,12 @@ struct tsi721_tx_desc *tsi721_desc_get(struct tsi721_bdma_chan *bdma_chan) | ||
1303 | "desc %p not ACKed\n", tx_desc); | ||
1304 | } | ||
1305 | |||
1306 | + if (ret == NULL) { | ||
1307 | + dev_dbg(bdma_chan->dchan.device->dev, | ||
1308 | + "%s: unable to obtain tx descriptor\n", __func__); | ||
1309 | + goto err_out; | ||
1310 | + } | ||
1311 | + | ||
1312 | i = bdma_chan->wr_count_next % bdma_chan->bd_num; | ||
1313 | if (i == bdma_chan->bd_num - 1) { | ||
1314 | i = 0; | ||
1315 | @@ -297,7 +303,7 @@ struct tsi721_tx_desc *tsi721_desc_get(struct tsi721_bdma_chan *bdma_chan) | ||
1316 | tx_desc->txd.phys = bdma_chan->bd_phys + | ||
1317 | i * sizeof(struct tsi721_dma_desc); | ||
1318 | tx_desc->hw_desc = &((struct tsi721_dma_desc *)bdma_chan->bd_base)[i]; | ||
1319 | - | ||
1320 | +err_out: | ||
1321 | spin_unlock_bh(&bdma_chan->lock); | ||
1322 | |||
1323 | return ret; | ||
1324 | diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c | ||
1325 | index 62ec84b42e31..64e487a8bf59 100644 | ||
1326 | --- a/drivers/scsi/scsi_lib.c | ||
1327 | +++ b/drivers/scsi/scsi_lib.c | ||
1328 | @@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) | ||
1329 | scsi_next_command(cmd); | ||
1330 | return; | ||
1331 | } | ||
1332 | + } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) { | ||
1333 | + /* | ||
1334 | + * Certain non BLOCK_PC requests are commands that don't | ||
1335 | + * actually transfer anything (FLUSH), so cannot use | ||
1336 | + * good_bytes != blk_rq_bytes(req) as the signal for an error. | ||
1337 | + * This sets the error explicitly for the problem case. | ||
1338 | + */ | ||
1339 | + error = __scsi_error_from_host_byte(cmd, result); | ||
1340 | } | ||
1341 | |||
1342 | /* no bidi support for !REQ_TYPE_BLOCK_PC yet */ | ||
1343 | diff --git a/drivers/staging/vt6655/bssdb.c b/drivers/staging/vt6655/bssdb.c | ||
1344 | index d7efd0173a9a..7d7578872a84 100644 | ||
1345 | --- a/drivers/staging/vt6655/bssdb.c | ||
1346 | +++ b/drivers/staging/vt6655/bssdb.c | ||
1347 | @@ -983,7 +983,7 @@ start: | ||
1348 | pDevice->byERPFlag &= ~(WLAN_SET_ERP_USE_PROTECTION(1)); | ||
1349 | } | ||
1350 | |||
1351 | - { | ||
1352 | + if (pDevice->eCommandState == WLAN_ASSOCIATE_WAIT) { | ||
1353 | pDevice->byReAssocCount++; | ||
1354 | /* 10 sec timeout */ | ||
1355 | if ((pDevice->byReAssocCount > 10) && (!pDevice->bLinkPass)) { | ||
1356 | diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c | ||
1357 | index a952df1bf9d6..6f13f0e597f8 100644 | ||
1358 | --- a/drivers/staging/vt6655/device_main.c | ||
1359 | +++ b/drivers/staging/vt6655/device_main.c | ||
1360 | @@ -2430,6 +2430,7 @@ static irqreturn_t device_intr(int irq, void *dev_instance) { | ||
1361 | int handled = 0; | ||
1362 | unsigned char byData = 0; | ||
1363 | int ii = 0; | ||
1364 | + unsigned long flags; | ||
1365 | // unsigned char byRSSI; | ||
1366 | |||
1367 | MACvReadISR(pDevice->PortOffset, &pDevice->dwIsr); | ||
1368 | @@ -2455,7 +2456,8 @@ static irqreturn_t device_intr(int irq, void *dev_instance) { | ||
1369 | |||
1370 | handled = 1; | ||
1371 | MACvIntDisable(pDevice->PortOffset); | ||
1372 | - spin_lock_irq(&pDevice->lock); | ||
1373 | + | ||
1374 | + spin_lock_irqsave(&pDevice->lock, flags); | ||
1375 | |||
1376 | //Make sure current page is 0 | ||
1377 | VNSvInPortB(pDevice->PortOffset + MAC_REG_PAGE1SEL, &byOrgPageSel); | ||
1378 | @@ -2696,7 +2698,8 @@ static irqreturn_t device_intr(int irq, void *dev_instance) { | ||
1379 | MACvSelectPage1(pDevice->PortOffset); | ||
1380 | } | ||
1381 | |||
1382 | - spin_unlock_irq(&pDevice->lock); | ||
1383 | + spin_unlock_irqrestore(&pDevice->lock, flags); | ||
1384 | + | ||
1385 | MACvIntEnable(pDevice->PortOffset, IMR_MASK_VALUE); | ||
1386 | |||
1387 | return IRQ_RETVAL(handled); | ||
1388 | diff --git a/include/dt-bindings/pinctrl/dra.h b/include/dt-bindings/pinctrl/dra.h | ||
1389 | index 002a2855c046..3d33794e4f3e 100644 | ||
1390 | --- a/include/dt-bindings/pinctrl/dra.h | ||
1391 | +++ b/include/dt-bindings/pinctrl/dra.h | ||
1392 | @@ -30,7 +30,8 @@ | ||
1393 | #define MUX_MODE14 0xe | ||
1394 | #define MUX_MODE15 0xf | ||
1395 | |||
1396 | -#define PULL_ENA (1 << 16) | ||
1397 | +#define PULL_ENA (0 << 16) | ||
1398 | +#define PULL_DIS (1 << 16) | ||
1399 | #define PULL_UP (1 << 17) | ||
1400 | #define INPUT_EN (1 << 18) | ||
1401 | #define SLEWCONTROL (1 << 19) | ||
1402 | @@ -38,10 +39,10 @@ | ||
1403 | #define WAKEUP_EVENT (1 << 25) | ||
1404 | |||
1405 | /* Active pin states */ | ||
1406 | -#define PIN_OUTPUT 0 | ||
1407 | +#define PIN_OUTPUT (0 | PULL_DIS) | ||
1408 | #define PIN_OUTPUT_PULLUP (PIN_OUTPUT | PULL_ENA | PULL_UP) | ||
1409 | #define PIN_OUTPUT_PULLDOWN (PIN_OUTPUT | PULL_ENA) | ||
1410 | -#define PIN_INPUT INPUT_EN | ||
1411 | +#define PIN_INPUT (INPUT_EN | PULL_DIS) | ||
1412 | #define PIN_INPUT_SLEW (INPUT_EN | SLEWCONTROL) | ||
1413 | #define PIN_INPUT_PULLUP (PULL_ENA | INPUT_EN | PULL_UP) | ||
1414 | #define PIN_INPUT_PULLDOWN (PULL_ENA | INPUT_EN) | ||
1415 | diff --git a/include/linux/printk.h b/include/linux/printk.h | ||
1416 | index fa47e2708c01..cbf094f993f4 100644 | ||
1417 | --- a/include/linux/printk.h | ||
1418 | +++ b/include/linux/printk.h | ||
1419 | @@ -132,9 +132,9 @@ asmlinkage __printf(1, 2) __cold | ||
1420 | int printk(const char *fmt, ...); | ||
1421 | |||
1422 | /* | ||
1423 | - * Special printk facility for scheduler use only, _DO_NOT_USE_ ! | ||
1424 | + * Special printk facility for scheduler/timekeeping use only, _DO_NOT_USE_ ! | ||
1425 | */ | ||
1426 | -__printf(1, 2) __cold int printk_sched(const char *fmt, ...); | ||
1427 | +__printf(1, 2) __cold int printk_deferred(const char *fmt, ...); | ||
1428 | |||
1429 | /* | ||
1430 | * Please don't use printk_ratelimit(), because it shares ratelimiting state | ||
1431 | @@ -169,7 +169,7 @@ int printk(const char *s, ...) | ||
1432 | return 0; | ||
1433 | } | ||
1434 | static inline __printf(1, 2) __cold | ||
1435 | -int printk_sched(const char *s, ...) | ||
1436 | +int printk_deferred(const char *s, ...) | ||
1437 | { | ||
1438 | return 0; | ||
1439 | } | ||
1440 | diff --git a/init/main.c b/init/main.c | ||
1441 | index 9c7fd4c9249f..58c132d7de4b 100644 | ||
1442 | --- a/init/main.c | ||
1443 | +++ b/init/main.c | ||
1444 | @@ -617,6 +617,10 @@ asmlinkage void __init start_kernel(void) | ||
1445 | if (efi_enabled(EFI_RUNTIME_SERVICES)) | ||
1446 | efi_enter_virtual_mode(); | ||
1447 | #endif | ||
1448 | +#ifdef CONFIG_X86_ESPFIX64 | ||
1449 | + /* Should be run before the first non-init thread is created */ | ||
1450 | + init_espfix_bsp(); | ||
1451 | +#endif | ||
1452 | thread_info_cache_init(); | ||
1453 | cred_init(); | ||
1454 | fork_init(totalram_pages); | ||
1455 | diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c | ||
1456 | index 4dae9cbe9259..8c086e6049b9 100644 | ||
1457 | --- a/kernel/printk/printk.c | ||
1458 | +++ b/kernel/printk/printk.c | ||
1459 | @@ -2468,7 +2468,7 @@ void wake_up_klogd(void) | ||
1460 | preempt_enable(); | ||
1461 | } | ||
1462 | |||
1463 | -int printk_sched(const char *fmt, ...) | ||
1464 | +int printk_deferred(const char *fmt, ...) | ||
1465 | { | ||
1466 | unsigned long flags; | ||
1467 | va_list args; | ||
1468 | diff --git a/kernel/sched/core.c b/kernel/sched/core.c | ||
1469 | index 0aae0fcec026..515e212421c0 100644 | ||
1470 | --- a/kernel/sched/core.c | ||
1471 | +++ b/kernel/sched/core.c | ||
1472 | @@ -1322,7 +1322,7 @@ out: | ||
1473 | * leave kernel. | ||
1474 | */ | ||
1475 | if (p->mm && printk_ratelimit()) { | ||
1476 | - printk_sched("process %d (%s) no longer affine to cpu%d\n", | ||
1477 | + printk_deferred("process %d (%s) no longer affine to cpu%d\n", | ||
1478 | task_pid_nr(p), p->comm, cpu); | ||
1479 | } | ||
1480 | } | ||
1481 | diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c | ||
1482 | index ce852643854b..37dac98c0749 100644 | ||
1483 | --- a/kernel/sched/deadline.c | ||
1484 | +++ b/kernel/sched/deadline.c | ||
1485 | @@ -329,7 +329,7 @@ static void replenish_dl_entity(struct sched_dl_entity *dl_se, | ||
1486 | |||
1487 | if (!lag_once) { | ||
1488 | lag_once = true; | ||
1489 | - printk_sched("sched: DL replenish lagged to much\n"); | ||
1490 | + printk_deferred("sched: DL replenish lagged to much\n"); | ||
1491 | } | ||
1492 | dl_se->deadline = rq_clock(rq) + pi_se->dl_deadline; | ||
1493 | dl_se->runtime = pi_se->dl_runtime; | ||
1494 | diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c | ||
1495 | index 1999021042c7..27b8e836307f 100644 | ||
1496 | --- a/kernel/sched/rt.c | ||
1497 | +++ b/kernel/sched/rt.c | ||
1498 | @@ -837,7 +837,7 @@ static int sched_rt_runtime_exceeded(struct rt_rq *rt_rq) | ||
1499 | |||
1500 | if (!once) { | ||
1501 | once = true; | ||
1502 | - printk_sched("sched: RT throttling activated\n"); | ||
1503 | + printk_deferred("sched: RT throttling activated\n"); | ||
1504 | } | ||
1505 | } else { | ||
1506 | /* | ||
1507 | diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c | ||
1508 | index 086ad6043bcb..60ba1af801c3 100644 | ||
1509 | --- a/kernel/time/clockevents.c | ||
1510 | +++ b/kernel/time/clockevents.c | ||
1511 | @@ -146,7 +146,8 @@ static int clockevents_increase_min_delta(struct clock_event_device *dev) | ||
1512 | { | ||
1513 | /* Nothing to do if we already reached the limit */ | ||
1514 | if (dev->min_delta_ns >= MIN_DELTA_LIMIT) { | ||
1515 | - printk(KERN_WARNING "CE: Reprogramming failure. Giving up\n"); | ||
1516 | + printk_deferred(KERN_WARNING | ||
1517 | + "CE: Reprogramming failure. Giving up\n"); | ||
1518 | dev->next_event.tv64 = KTIME_MAX; | ||
1519 | return -ETIME; | ||
1520 | } | ||
1521 | @@ -159,9 +160,10 @@ static int clockevents_increase_min_delta(struct clock_event_device *dev) | ||
1522 | if (dev->min_delta_ns > MIN_DELTA_LIMIT) | ||
1523 | dev->min_delta_ns = MIN_DELTA_LIMIT; | ||
1524 | |||
1525 | - printk(KERN_WARNING "CE: %s increased min_delta_ns to %llu nsec\n", | ||
1526 | - dev->name ? dev->name : "?", | ||
1527 | - (unsigned long long) dev->min_delta_ns); | ||
1528 | + printk_deferred(KERN_WARNING | ||
1529 | + "CE: %s increased min_delta_ns to %llu nsec\n", | ||
1530 | + dev->name ? dev->name : "?", | ||
1531 | + (unsigned long long) dev->min_delta_ns); | ||
1532 | return 0; | ||
1533 | } | ||
1534 | |||
1535 | diff --git a/kernel/time/sched_clock.c b/kernel/time/sched_clock.c | ||
1536 | index 4d23dc4d8139..313a662911b1 100644 | ||
1537 | --- a/kernel/time/sched_clock.c | ||
1538 | +++ b/kernel/time/sched_clock.c | ||
1539 | @@ -204,7 +204,8 @@ void __init sched_clock_postinit(void) | ||
1540 | |||
1541 | static int sched_clock_suspend(void) | ||
1542 | { | ||
1543 | - sched_clock_poll(&sched_clock_timer); | ||
1544 | + update_sched_clock(); | ||
1545 | + hrtimer_cancel(&sched_clock_timer); | ||
1546 | cd.suspended = true; | ||
1547 | return 0; | ||
1548 | } | ||
1549 | @@ -212,6 +213,7 @@ static int sched_clock_suspend(void) | ||
1550 | static void sched_clock_resume(void) | ||
1551 | { | ||
1552 | cd.epoch_cyc = read_sched_clock(); | ||
1553 | + hrtimer_start(&sched_clock_timer, cd.wrap_kt, HRTIMER_MODE_REL); | ||
1554 | cd.suspended = false; | ||
1555 | } | ||
1556 | |||
1557 | diff --git a/lib/btree.c b/lib/btree.c | ||
1558 | index f9a484676cb6..4264871ea1a0 100644 | ||
1559 | --- a/lib/btree.c | ||
1560 | +++ b/lib/btree.c | ||
1561 | @@ -198,6 +198,7 @@ EXPORT_SYMBOL_GPL(btree_init); | ||
1562 | |||
1563 | void btree_destroy(struct btree_head *head) | ||
1564 | { | ||
1565 | + mempool_free(head->node, head->mempool); | ||
1566 | mempool_destroy(head->mempool); | ||
1567 | head->mempool = NULL; | ||
1568 | } | ||
1569 | diff --git a/mm/memcontrol.c b/mm/memcontrol.c | ||
1570 | index 5b6b0039f725..9b35da28b587 100644 | ||
1571 | --- a/mm/memcontrol.c | ||
1572 | +++ b/mm/memcontrol.c | ||
1573 | @@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) | ||
1574 | { | ||
1575 | struct mem_cgroup_eventfd_list *ev; | ||
1576 | |||
1577 | + spin_lock(&memcg_oom_lock); | ||
1578 | + | ||
1579 | list_for_each_entry(ev, &memcg->oom_notify, list) | ||
1580 | eventfd_signal(ev->eventfd, 1); | ||
1581 | + | ||
1582 | + spin_unlock(&memcg_oom_lock); | ||
1583 | return 0; | ||
1584 | } | ||
1585 | |||
1586 | diff --git a/mm/page-writeback.c b/mm/page-writeback.c | ||
1587 | index d013dba21429..9f45f87a5859 100644 | ||
1588 | --- a/mm/page-writeback.c | ||
1589 | +++ b/mm/page-writeback.c | ||
1590 | @@ -1324,9 +1324,9 @@ static inline void bdi_dirty_limits(struct backing_dev_info *bdi, | ||
1591 | *bdi_thresh = bdi_dirty_limit(bdi, dirty_thresh); | ||
1592 | |||
1593 | if (bdi_bg_thresh) | ||
1594 | - *bdi_bg_thresh = div_u64((u64)*bdi_thresh * | ||
1595 | - background_thresh, | ||
1596 | - dirty_thresh); | ||
1597 | + *bdi_bg_thresh = dirty_thresh ? div_u64((u64)*bdi_thresh * | ||
1598 | + background_thresh, | ||
1599 | + dirty_thresh) : 0; | ||
1600 | |||
1601 | /* | ||
1602 | * In order to avoid the stacked BDI deadlock we need | ||
1603 | diff --git a/mm/page_alloc.c b/mm/page_alloc.c | ||
1604 | index 7e7f94755ab5..62e400d00e3f 100644 | ||
1605 | --- a/mm/page_alloc.c | ||
1606 | +++ b/mm/page_alloc.c | ||
1607 | @@ -2434,7 +2434,7 @@ static inline int | ||
1608 | gfp_to_alloc_flags(gfp_t gfp_mask) | ||
1609 | { | ||
1610 | int alloc_flags = ALLOC_WMARK_MIN | ALLOC_CPUSET; | ||
1611 | - const gfp_t wait = gfp_mask & __GFP_WAIT; | ||
1612 | + const bool atomic = !(gfp_mask & (__GFP_WAIT | __GFP_NO_KSWAPD)); | ||
1613 | |||
1614 | /* __GFP_HIGH is assumed to be the same as ALLOC_HIGH to save a branch. */ | ||
1615 | BUILD_BUG_ON(__GFP_HIGH != (__force gfp_t) ALLOC_HIGH); | ||
1616 | @@ -2443,20 +2443,20 @@ gfp_to_alloc_flags(gfp_t gfp_mask) | ||
1617 | * The caller may dip into page reserves a bit more if the caller | ||
1618 | * cannot run direct reclaim, or if the caller has realtime scheduling | ||
1619 | * policy or is asking for __GFP_HIGH memory. GFP_ATOMIC requests will | ||
1620 | - * set both ALLOC_HARDER (!wait) and ALLOC_HIGH (__GFP_HIGH). | ||
1621 | + * set both ALLOC_HARDER (atomic == true) and ALLOC_HIGH (__GFP_HIGH). | ||
1622 | */ | ||
1623 | alloc_flags |= (__force int) (gfp_mask & __GFP_HIGH); | ||
1624 | |||
1625 | - if (!wait) { | ||
1626 | + if (atomic) { | ||
1627 | /* | ||
1628 | - * Not worth trying to allocate harder for | ||
1629 | - * __GFP_NOMEMALLOC even if it can't schedule. | ||
1630 | + * Not worth trying to allocate harder for __GFP_NOMEMALLOC even | ||
1631 | + * if it can't schedule. | ||
1632 | */ | ||
1633 | - if (!(gfp_mask & __GFP_NOMEMALLOC)) | ||
1634 | + if (!(gfp_mask & __GFP_NOMEMALLOC)) | ||
1635 | alloc_flags |= ALLOC_HARDER; | ||
1636 | /* | ||
1637 | - * Ignore cpuset if GFP_ATOMIC (!wait) rather than fail alloc. | ||
1638 | - * See also cpuset_zone_allowed() comment in kernel/cpuset.c. | ||
1639 | + * Ignore cpuset mems for GFP_ATOMIC rather than fail, see the | ||
1640 | + * comment for __cpuset_node_allowed_softwall(). | ||
1641 | */ | ||
1642 | alloc_flags &= ~ALLOC_CPUSET; | ||
1643 | } else if (unlikely(rt_task(current)) && !in_interrupt()) | ||
1644 | diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c | ||
1645 | index ec6606325cda..1e05bbde47ba 100644 | ||
1646 | --- a/net/l2tp/l2tp_ppp.c | ||
1647 | +++ b/net/l2tp/l2tp_ppp.c | ||
1648 | @@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, | ||
1649 | int err; | ||
1650 | |||
1651 | if (level != SOL_PPPOL2TP) | ||
1652 | - return udp_prot.setsockopt(sk, level, optname, optval, optlen); | ||
1653 | + return -EINVAL; | ||
1654 | |||
1655 | if (optlen < sizeof(int)) | ||
1656 | return -EINVAL; | ||
1657 | @@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, | ||
1658 | struct pppol2tp_session *ps; | ||
1659 | |||
1660 | if (level != SOL_PPPOL2TP) | ||
1661 | - return udp_prot.getsockopt(sk, level, optname, optval, optlen); | ||
1662 | + return -EINVAL; | ||
1663 | |||
1664 | if (get_user(len, optlen)) | ||
1665 | return -EFAULT; | ||
1666 | diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c | ||
1667 | index c14c16a6d62d..e5a7ac2f3687 100644 | ||
1668 | --- a/net/mac80211/tx.c | ||
1669 | +++ b/net/mac80211/tx.c | ||
1670 | @@ -414,6 +414,9 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx) | ||
1671 | if (ieee80211_has_order(hdr->frame_control)) | ||
1672 | return TX_CONTINUE; | ||
1673 | |||
1674 | + if (ieee80211_is_probe_req(hdr->frame_control)) | ||
1675 | + return TX_CONTINUE; | ||
1676 | + | ||
1677 | if (tx->local->hw.flags & IEEE80211_HW_QUEUE_CONTROL) | ||
1678 | info->hw_queue = tx->sdata->vif.cab_queue; | ||
1679 | |||
1680 | @@ -464,6 +467,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) | ||
1681 | { | ||
1682 | struct sta_info *sta = tx->sta; | ||
1683 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); | ||
1684 | + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; | ||
1685 | struct ieee80211_local *local = tx->local; | ||
1686 | |||
1687 | if (unlikely(!sta)) | ||
1688 | @@ -474,6 +478,15 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) | ||
1689 | !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) { | ||
1690 | int ac = skb_get_queue_mapping(tx->skb); | ||
1691 | |||
1692 | + /* only deauth, disassoc and action are bufferable MMPDUs */ | ||
1693 | + if (ieee80211_is_mgmt(hdr->frame_control) && | ||
1694 | + !ieee80211_is_deauth(hdr->frame_control) && | ||
1695 | + !ieee80211_is_disassoc(hdr->frame_control) && | ||
1696 | + !ieee80211_is_action(hdr->frame_control)) { | ||
1697 | + info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; | ||
1698 | + return TX_CONTINUE; | ||
1699 | + } | ||
1700 | + | ||
1701 | ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n", | ||
1702 | sta->sta.addr, sta->sta.aid, ac); | ||
1703 | if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) | ||
1704 | @@ -532,22 +545,8 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) | ||
1705 | static ieee80211_tx_result debug_noinline | ||
1706 | ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx) | ||
1707 | { | ||
1708 | - struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); | ||
1709 | - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; | ||
1710 | - | ||
1711 | if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED)) | ||
1712 | return TX_CONTINUE; | ||
1713 | - | ||
1714 | - /* only deauth, disassoc and action are bufferable MMPDUs */ | ||
1715 | - if (ieee80211_is_mgmt(hdr->frame_control) && | ||
1716 | - !ieee80211_is_deauth(hdr->frame_control) && | ||
1717 | - !ieee80211_is_disassoc(hdr->frame_control) && | ||
1718 | - !ieee80211_is_action(hdr->frame_control)) { | ||
1719 | - if (tx->flags & IEEE80211_TX_UNICAST) | ||
1720 | - info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; | ||
1721 | - return TX_CONTINUE; | ||
1722 | - } | ||
1723 | - | ||
1724 | if (tx->flags & IEEE80211_TX_UNICAST) | ||
1725 | return ieee80211_tx_h_unicast_ps_buf(tx); | ||
1726 | else | ||
1727 | diff --git a/net/wireless/trace.h b/net/wireless/trace.h | ||
1728 | index fbcc23edee54..b89eb3990f0a 100644 | ||
1729 | --- a/net/wireless/trace.h | ||
1730 | +++ b/net/wireless/trace.h | ||
1731 | @@ -2068,7 +2068,8 @@ TRACE_EVENT(cfg80211_michael_mic_failure, | ||
1732 | MAC_ASSIGN(addr, addr); | ||
1733 | __entry->key_type = key_type; | ||
1734 | __entry->key_id = key_id; | ||
1735 | - memcpy(__entry->tsc, tsc, 6); | ||
1736 | + if (tsc) | ||
1737 | + memcpy(__entry->tsc, tsc, 6); | ||
1738 | ), | ||
1739 | TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT ", key type: %d, key id: %d, tsc: %pm", | ||
1740 | NETDEV_PR_ARG, MAC_PR_ARG(addr), __entry->key_type, |