Contents of /trunk/kernel-alx/patches-4.14/0160-4.14.61-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3238 -
(show annotations)
(download)
Fri Nov 9 12:14:58 2018 UTC (5 years, 5 months ago) by niro
File size: 33745 byte(s)
Fri Nov 9 12:14:58 2018 UTC (5 years, 5 months ago) by niro
File size: 33745 byte(s)
-added up to patches-4.14.79
| 1 | diff --git a/Makefile b/Makefile |
| 2 | index 5b48ec630990..4bd65eabd298 100644 |
| 3 | --- a/Makefile |
| 4 | +++ b/Makefile |
| 5 | @@ -1,7 +1,7 @@ |
| 6 | # SPDX-License-Identifier: GPL-2.0 |
| 7 | VERSION = 4 |
| 8 | PATCHLEVEL = 14 |
| 9 | -SUBLEVEL = 60 |
| 10 | +SUBLEVEL = 61 |
| 11 | EXTRAVERSION = |
| 12 | NAME = Petit Gorille |
| 13 | |
| 14 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
| 15 | index f7bfa701219b..0fae7096ae23 100644 |
| 16 | --- a/arch/x86/entry/entry_64.S |
| 17 | +++ b/arch/x86/entry/entry_64.S |
| 18 | @@ -933,7 +933,7 @@ ENTRY(\sym) |
| 19 | |
| 20 | call \do_sym |
| 21 | |
| 22 | - jmp error_exit /* %ebx: no swapgs flag */ |
| 23 | + jmp error_exit |
| 24 | .endif |
| 25 | END(\sym) |
| 26 | .endm |
| 27 | @@ -1166,7 +1166,6 @@ END(paranoid_exit) |
| 28 | |
| 29 | /* |
| 30 | * Save all registers in pt_regs, and switch GS if needed. |
| 31 | - * Return: EBX=0: came from user mode; EBX=1: otherwise |
| 32 | */ |
| 33 | ENTRY(error_entry) |
| 34 | UNWIND_HINT_FUNC |
| 35 | @@ -1213,7 +1212,6 @@ ENTRY(error_entry) |
| 36 | * for these here too. |
| 37 | */ |
| 38 | .Lerror_kernelspace: |
| 39 | - incl %ebx |
| 40 | leaq native_irq_return_iret(%rip), %rcx |
| 41 | cmpq %rcx, RIP+8(%rsp) |
| 42 | je .Lerror_bad_iret |
| 43 | @@ -1247,28 +1245,20 @@ ENTRY(error_entry) |
| 44 | |
| 45 | /* |
| 46 | * Pretend that the exception came from user mode: set up pt_regs |
| 47 | - * as if we faulted immediately after IRET and clear EBX so that |
| 48 | - * error_exit knows that we will be returning to user mode. |
| 49 | + * as if we faulted immediately after IRET. |
| 50 | */ |
| 51 | mov %rsp, %rdi |
| 52 | call fixup_bad_iret |
| 53 | mov %rax, %rsp |
| 54 | - decl %ebx |
| 55 | jmp .Lerror_entry_from_usermode_after_swapgs |
| 56 | END(error_entry) |
| 57 | |
| 58 | - |
| 59 | -/* |
| 60 | - * On entry, EBX is a "return to kernel mode" flag: |
| 61 | - * 1: already in kernel mode, don't need SWAPGS |
| 62 | - * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode |
| 63 | - */ |
| 64 | ENTRY(error_exit) |
| 65 | UNWIND_HINT_REGS |
| 66 | DISABLE_INTERRUPTS(CLBR_ANY) |
| 67 | TRACE_IRQS_OFF |
| 68 | - testl %ebx, %ebx |
| 69 | - jnz retint_kernel |
| 70 | + testb $3, CS(%rsp) |
| 71 | + jz retint_kernel |
| 72 | jmp retint_user |
| 73 | END(error_exit) |
| 74 | |
| 75 | diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
| 76 | index ebdcc368a2d3..f48a51335538 100644 |
| 77 | --- a/arch/x86/kernel/apic/apic.c |
| 78 | +++ b/arch/x86/kernel/apic/apic.c |
| 79 | @@ -580,6 +580,9 @@ static u32 skx_deadline_rev(void) |
| 80 | case 0x04: return 0x02000014; |
| 81 | } |
| 82 | |
| 83 | + if (boot_cpu_data.x86_stepping > 4) |
| 84 | + return 0; |
| 85 | + |
| 86 | return ~0U; |
| 87 | } |
| 88 | |
| 89 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
| 90 | index 90747865205d..8d000fde1414 100644 |
| 91 | --- a/arch/x86/kvm/vmx.c |
| 92 | +++ b/arch/x86/kvm/vmx.c |
| 93 | @@ -7354,6 +7354,8 @@ static int enter_vmx_operation(struct kvm_vcpu *vcpu) |
| 94 | HRTIMER_MODE_REL_PINNED); |
| 95 | vmx->nested.preemption_timer.function = vmx_preemption_timer_fn; |
| 96 | |
| 97 | + vmx->nested.vpid02 = allocate_vpid(); |
| 98 | + |
| 99 | vmx->nested.vmxon = true; |
| 100 | return 0; |
| 101 | |
| 102 | @@ -9802,10 +9804,8 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) |
| 103 | goto free_vmcs; |
| 104 | } |
| 105 | |
| 106 | - if (nested) { |
| 107 | + if (nested) |
| 108 | nested_vmx_setup_ctls_msrs(vmx); |
| 109 | - vmx->nested.vpid02 = allocate_vpid(); |
| 110 | - } |
| 111 | |
| 112 | vmx->nested.posted_intr_nv = -1; |
| 113 | vmx->nested.current_vmptr = -1ull; |
| 114 | @@ -9822,7 +9822,6 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) |
| 115 | return &vmx->vcpu; |
| 116 | |
| 117 | free_vmcs: |
| 118 | - free_vpid(vmx->nested.vpid02); |
| 119 | free_loaded_vmcs(vmx->loaded_vmcs); |
| 120 | free_msrs: |
| 121 | kfree(vmx->guest_msrs); |
| 122 | diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c |
| 123 | index c939f18f70cc..7685f557dcc0 100644 |
| 124 | --- a/drivers/crypto/padlock-aes.c |
| 125 | +++ b/drivers/crypto/padlock-aes.c |
| 126 | @@ -266,6 +266,8 @@ static inline void padlock_xcrypt_ecb(const u8 *input, u8 *output, void *key, |
| 127 | return; |
| 128 | } |
| 129 | |
| 130 | + count -= initial; |
| 131 | + |
| 132 | if (initial) |
| 133 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ |
| 134 | : "+S"(input), "+D"(output) |
| 135 | @@ -273,7 +275,7 @@ static inline void padlock_xcrypt_ecb(const u8 *input, u8 *output, void *key, |
| 136 | |
| 137 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ |
| 138 | : "+S"(input), "+D"(output) |
| 139 | - : "d"(control_word), "b"(key), "c"(count - initial)); |
| 140 | + : "d"(control_word), "b"(key), "c"(count)); |
| 141 | } |
| 142 | |
| 143 | static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
| 144 | @@ -284,6 +286,8 @@ static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
| 145 | if (count < cbc_fetch_blocks) |
| 146 | return cbc_crypt(input, output, key, iv, control_word, count); |
| 147 | |
| 148 | + count -= initial; |
| 149 | + |
| 150 | if (initial) |
| 151 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ |
| 152 | : "+S" (input), "+D" (output), "+a" (iv) |
| 153 | @@ -291,7 +295,7 @@ static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
| 154 | |
| 155 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ |
| 156 | : "+S" (input), "+D" (output), "+a" (iv) |
| 157 | - : "d" (control_word), "b" (key), "c" (count-initial)); |
| 158 | + : "d" (control_word), "b" (key), "c" (count)); |
| 159 | return iv; |
| 160 | } |
| 161 | |
| 162 | diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c |
| 163 | index 77c56264c05b..17590cb2b80d 100644 |
| 164 | --- a/drivers/gpu/drm/vc4/vc4_plane.c |
| 165 | +++ b/drivers/gpu/drm/vc4/vc4_plane.c |
| 166 | @@ -352,6 +352,9 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) |
| 167 | vc4_state->x_scaling[0] = VC4_SCALING_TPZ; |
| 168 | if (vc4_state->y_scaling[0] == VC4_SCALING_NONE) |
| 169 | vc4_state->y_scaling[0] = VC4_SCALING_TPZ; |
| 170 | + } else { |
| 171 | + vc4_state->x_scaling[1] = VC4_SCALING_NONE; |
| 172 | + vc4_state->y_scaling[1] = VC4_SCALING_NONE; |
| 173 | } |
| 174 | |
| 175 | vc4_state->is_unity = (vc4_state->x_scaling[0] == VC4_SCALING_NONE && |
| 176 | diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c |
| 177 | index b8229d7b0ff5..f836ed1dd300 100644 |
| 178 | --- a/drivers/infiniband/core/uverbs_cmd.c |
| 179 | +++ b/drivers/infiniband/core/uverbs_cmd.c |
| 180 | @@ -1981,15 +1981,64 @@ static int modify_qp(struct ib_uverbs_file *file, |
| 181 | goto release_qp; |
| 182 | } |
| 183 | |
| 184 | - if ((cmd->base.attr_mask & IB_QP_AV) && |
| 185 | - !rdma_is_port_valid(qp->device, cmd->base.dest.port_num)) { |
| 186 | - ret = -EINVAL; |
| 187 | - goto release_qp; |
| 188 | + if ((cmd->base.attr_mask & IB_QP_AV)) { |
| 189 | + if (!rdma_is_port_valid(qp->device, cmd->base.dest.port_num)) { |
| 190 | + ret = -EINVAL; |
| 191 | + goto release_qp; |
| 192 | + } |
| 193 | + |
| 194 | + if (cmd->base.attr_mask & IB_QP_STATE && |
| 195 | + cmd->base.qp_state == IB_QPS_RTR) { |
| 196 | + /* We are in INIT->RTR TRANSITION (if we are not, |
| 197 | + * this transition will be rejected in subsequent checks). |
| 198 | + * In the INIT->RTR transition, we cannot have IB_QP_PORT set, |
| 199 | + * but the IB_QP_STATE flag is required. |
| 200 | + * |
| 201 | + * Since kernel 3.14 (commit dbf727de7440), the uverbs driver, |
| 202 | + * when IB_QP_AV is set, has required inclusion of a valid |
| 203 | + * port number in the primary AV. (AVs are created and handled |
| 204 | + * differently for infiniband and ethernet (RoCE) ports). |
| 205 | + * |
| 206 | + * Check the port number included in the primary AV against |
| 207 | + * the port number in the qp struct, which was set (and saved) |
| 208 | + * in the RST->INIT transition. |
| 209 | + */ |
| 210 | + if (cmd->base.dest.port_num != qp->real_qp->port) { |
| 211 | + ret = -EINVAL; |
| 212 | + goto release_qp; |
| 213 | + } |
| 214 | + } else { |
| 215 | + /* We are in SQD->SQD. (If we are not, this transition will |
| 216 | + * be rejected later in the verbs layer checks). |
| 217 | + * Check for both IB_QP_PORT and IB_QP_AV, these can be set |
| 218 | + * together in the SQD->SQD transition. |
| 219 | + * |
| 220 | + * If only IP_QP_AV was set, add in IB_QP_PORT as well (the |
| 221 | + * verbs layer driver does not track primary port changes |
| 222 | + * resulting from path migration. Thus, in SQD, if the primary |
| 223 | + * AV is modified, the primary port should also be modified). |
| 224 | + * |
| 225 | + * Note that in this transition, the IB_QP_STATE flag |
| 226 | + * is not allowed. |
| 227 | + */ |
| 228 | + if (((cmd->base.attr_mask & (IB_QP_AV | IB_QP_PORT)) |
| 229 | + == (IB_QP_AV | IB_QP_PORT)) && |
| 230 | + cmd->base.port_num != cmd->base.dest.port_num) { |
| 231 | + ret = -EINVAL; |
| 232 | + goto release_qp; |
| 233 | + } |
| 234 | + if ((cmd->base.attr_mask & (IB_QP_AV | IB_QP_PORT)) |
| 235 | + == IB_QP_AV) { |
| 236 | + cmd->base.attr_mask |= IB_QP_PORT; |
| 237 | + cmd->base.port_num = cmd->base.dest.port_num; |
| 238 | + } |
| 239 | + } |
| 240 | } |
| 241 | |
| 242 | if ((cmd->base.attr_mask & IB_QP_ALT_PATH) && |
| 243 | (!rdma_is_port_valid(qp->device, cmd->base.alt_port_num) || |
| 244 | - !rdma_is_port_valid(qp->device, cmd->base.alt_dest.port_num))) { |
| 245 | + !rdma_is_port_valid(qp->device, cmd->base.alt_dest.port_num) || |
| 246 | + cmd->base.alt_port_num != cmd->base.alt_dest.port_num)) { |
| 247 | ret = -EINVAL; |
| 248 | goto release_qp; |
| 249 | } |
| 250 | diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
| 251 | index 00245b73c224..15aedb64a02b 100644 |
| 252 | --- a/drivers/net/bonding/bond_main.c |
| 253 | +++ b/drivers/net/bonding/bond_main.c |
| 254 | @@ -1687,6 +1687,8 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev) |
| 255 | goto err_upper_unlink; |
| 256 | } |
| 257 | |
| 258 | + bond->nest_level = dev_get_nest_level(bond_dev) + 1; |
| 259 | + |
| 260 | /* If the mode uses primary, then the following is handled by |
| 261 | * bond_change_active_slave(). |
| 262 | */ |
| 263 | @@ -1734,7 +1736,6 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev) |
| 264 | if (bond_mode_uses_xmit_hash(bond)) |
| 265 | bond_update_slave_arr(bond, NULL); |
| 266 | |
| 267 | - bond->nest_level = dev_get_nest_level(bond_dev); |
| 268 | |
| 269 | netdev_info(bond_dev, "Enslaving %s as %s interface with %s link\n", |
| 270 | slave_dev->name, |
| 271 | @@ -3379,6 +3380,13 @@ static void bond_fold_stats(struct rtnl_link_stats64 *_res, |
| 272 | } |
| 273 | } |
| 274 | |
| 275 | +static int bond_get_nest_level(struct net_device *bond_dev) |
| 276 | +{ |
| 277 | + struct bonding *bond = netdev_priv(bond_dev); |
| 278 | + |
| 279 | + return bond->nest_level; |
| 280 | +} |
| 281 | + |
| 282 | static void bond_get_stats(struct net_device *bond_dev, |
| 283 | struct rtnl_link_stats64 *stats) |
| 284 | { |
| 285 | @@ -3387,7 +3395,7 @@ static void bond_get_stats(struct net_device *bond_dev, |
| 286 | struct list_head *iter; |
| 287 | struct slave *slave; |
| 288 | |
| 289 | - spin_lock(&bond->stats_lock); |
| 290 | + spin_lock_nested(&bond->stats_lock, bond_get_nest_level(bond_dev)); |
| 291 | memcpy(stats, &bond->bond_stats, sizeof(*stats)); |
| 292 | |
| 293 | rcu_read_lock(); |
| 294 | @@ -4182,6 +4190,7 @@ static const struct net_device_ops bond_netdev_ops = { |
| 295 | .ndo_neigh_setup = bond_neigh_setup, |
| 296 | .ndo_vlan_rx_add_vid = bond_vlan_rx_add_vid, |
| 297 | .ndo_vlan_rx_kill_vid = bond_vlan_rx_kill_vid, |
| 298 | + .ndo_get_lock_subclass = bond_get_nest_level, |
| 299 | #ifdef CONFIG_NET_POLL_CONTROLLER |
| 300 | .ndo_netpoll_setup = bond_netpoll_setup, |
| 301 | .ndo_netpoll_cleanup = bond_netpoll_cleanup, |
| 302 | @@ -4680,6 +4689,7 @@ static int bond_init(struct net_device *bond_dev) |
| 303 | if (!bond->wq) |
| 304 | return -ENOMEM; |
| 305 | |
| 306 | + bond->nest_level = SINGLE_DEPTH_NESTING; |
| 307 | netdev_lockdep_set_classes(bond_dev); |
| 308 | |
| 309 | list_add_tail(&bond->bond_list, &bn->dev_list); |
| 310 | diff --git a/drivers/net/can/usb/ems_usb.c b/drivers/net/can/usb/ems_usb.c |
| 311 | index b00358297424..d0846ae9e0e4 100644 |
| 312 | --- a/drivers/net/can/usb/ems_usb.c |
| 313 | +++ b/drivers/net/can/usb/ems_usb.c |
| 314 | @@ -1071,6 +1071,7 @@ static void ems_usb_disconnect(struct usb_interface *intf) |
| 315 | usb_free_urb(dev->intr_urb); |
| 316 | |
| 317 | kfree(dev->intr_in_buffer); |
| 318 | + kfree(dev->tx_msg_buffer); |
| 319 | } |
| 320 | } |
| 321 | |
| 322 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c |
| 323 | index 667415301066..f697084937c3 100644 |
| 324 | --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c |
| 325 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c |
| 326 | @@ -1616,7 +1616,7 @@ int mlx5_eswitch_init(struct mlx5_core_dev *dev) |
| 327 | int vport_num; |
| 328 | int err; |
| 329 | |
| 330 | - if (!MLX5_VPORT_MANAGER(dev)) |
| 331 | + if (!MLX5_ESWITCH_MANAGER(dev)) |
| 332 | return 0; |
| 333 | |
| 334 | esw_info(dev, |
| 335 | @@ -1689,7 +1689,7 @@ abort: |
| 336 | |
| 337 | void mlx5_eswitch_cleanup(struct mlx5_eswitch *esw) |
| 338 | { |
| 339 | - if (!esw || !MLX5_VPORT_MANAGER(esw->dev)) |
| 340 | + if (!esw || !MLX5_ESWITCH_MANAGER(esw->dev)) |
| 341 | return; |
| 342 | |
| 343 | esw_info(esw->dev, "cleanup\n"); |
| 344 | diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c |
| 345 | index 8d375e51a526..6a393b16a1fc 100644 |
| 346 | --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c |
| 347 | +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c |
| 348 | @@ -257,7 +257,7 @@ static int stmmac_pci_probe(struct pci_dev *pdev, |
| 349 | return -ENOMEM; |
| 350 | |
| 351 | /* Enable pci device */ |
| 352 | - ret = pcim_enable_device(pdev); |
| 353 | + ret = pci_enable_device(pdev); |
| 354 | if (ret) { |
| 355 | dev_err(&pdev->dev, "%s: ERROR: failed to enable device\n", |
| 356 | __func__); |
| 357 | @@ -300,9 +300,45 @@ static int stmmac_pci_probe(struct pci_dev *pdev, |
| 358 | static void stmmac_pci_remove(struct pci_dev *pdev) |
| 359 | { |
| 360 | stmmac_dvr_remove(&pdev->dev); |
| 361 | + pci_disable_device(pdev); |
| 362 | } |
| 363 | |
| 364 | -static SIMPLE_DEV_PM_OPS(stmmac_pm_ops, stmmac_suspend, stmmac_resume); |
| 365 | +static int stmmac_pci_suspend(struct device *dev) |
| 366 | +{ |
| 367 | + struct pci_dev *pdev = to_pci_dev(dev); |
| 368 | + int ret; |
| 369 | + |
| 370 | + ret = stmmac_suspend(dev); |
| 371 | + if (ret) |
| 372 | + return ret; |
| 373 | + |
| 374 | + ret = pci_save_state(pdev); |
| 375 | + if (ret) |
| 376 | + return ret; |
| 377 | + |
| 378 | + pci_disable_device(pdev); |
| 379 | + pci_wake_from_d3(pdev, true); |
| 380 | + return 0; |
| 381 | +} |
| 382 | + |
| 383 | +static int stmmac_pci_resume(struct device *dev) |
| 384 | +{ |
| 385 | + struct pci_dev *pdev = to_pci_dev(dev); |
| 386 | + int ret; |
| 387 | + |
| 388 | + pci_restore_state(pdev); |
| 389 | + pci_set_power_state(pdev, PCI_D0); |
| 390 | + |
| 391 | + ret = pci_enable_device(pdev); |
| 392 | + if (ret) |
| 393 | + return ret; |
| 394 | + |
| 395 | + pci_set_master(pdev); |
| 396 | + |
| 397 | + return stmmac_resume(dev); |
| 398 | +} |
| 399 | + |
| 400 | +static SIMPLE_DEV_PM_OPS(stmmac_pm_ops, stmmac_pci_suspend, stmmac_pci_resume); |
| 401 | |
| 402 | /* synthetic ID, no official vendor */ |
| 403 | #define PCI_VENDOR_ID_STMMAC 0x700 |
| 404 | diff --git a/drivers/net/wireless/intel/iwlwifi/cfg/9000.c b/drivers/net/wireless/intel/iwlwifi/cfg/9000.c |
| 405 | index 73da5e63a609..2c80c722feca 100644 |
| 406 | --- a/drivers/net/wireless/intel/iwlwifi/cfg/9000.c |
| 407 | +++ b/drivers/net/wireless/intel/iwlwifi/cfg/9000.c |
| 408 | @@ -177,6 +177,17 @@ const struct iwl_cfg iwl9260_2ac_cfg = { |
| 409 | .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K, |
| 410 | }; |
| 411 | |
| 412 | +const struct iwl_cfg iwl9260_killer_2ac_cfg = { |
| 413 | + .name = "Killer (R) Wireless-AC 1550 Wireless Network Adapter (9260NGW)", |
| 414 | + .fw_name_pre = IWL9260A_FW_PRE, |
| 415 | + .fw_name_pre_b_or_c_step = IWL9260B_FW_PRE, |
| 416 | + IWL_DEVICE_9000, |
| 417 | + .ht_params = &iwl9000_ht_params, |
| 418 | + .nvm_ver = IWL9000_NVM_VERSION, |
| 419 | + .nvm_calib_ver = IWL9000_TX_POWER_VERSION, |
| 420 | + .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K, |
| 421 | +}; |
| 422 | + |
| 423 | const struct iwl_cfg iwl9270_2ac_cfg = { |
| 424 | .name = "Intel(R) Dual Band Wireless AC 9270", |
| 425 | .fw_name_pre = IWL9260A_FW_PRE, |
| 426 | @@ -266,6 +277,34 @@ const struct iwl_cfg iwl9560_2ac_cfg_soc = { |
| 427 | .soc_latency = 5000, |
| 428 | }; |
| 429 | |
| 430 | +const struct iwl_cfg iwl9560_killer_2ac_cfg_soc = { |
| 431 | + .name = "Killer (R) Wireless-AC 1550i Wireless Network Adapter (9560NGW)", |
| 432 | + .fw_name_pre = IWL9000A_FW_PRE, |
| 433 | + .fw_name_pre_b_or_c_step = IWL9000B_FW_PRE, |
| 434 | + .fw_name_pre_rf_next_step = IWL9000RFB_FW_PRE, |
| 435 | + IWL_DEVICE_9000, |
| 436 | + .ht_params = &iwl9000_ht_params, |
| 437 | + .nvm_ver = IWL9000_NVM_VERSION, |
| 438 | + .nvm_calib_ver = IWL9000_TX_POWER_VERSION, |
| 439 | + .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K, |
| 440 | + .integrated = true, |
| 441 | + .soc_latency = 5000, |
| 442 | +}; |
| 443 | + |
| 444 | +const struct iwl_cfg iwl9560_killer_s_2ac_cfg_soc = { |
| 445 | + .name = "Killer (R) Wireless-AC 1550s Wireless Network Adapter (9560NGW)", |
| 446 | + .fw_name_pre = IWL9000A_FW_PRE, |
| 447 | + .fw_name_pre_b_or_c_step = IWL9000B_FW_PRE, |
| 448 | + .fw_name_pre_rf_next_step = IWL9000RFB_FW_PRE, |
| 449 | + IWL_DEVICE_9000, |
| 450 | + .ht_params = &iwl9000_ht_params, |
| 451 | + .nvm_ver = IWL9000_NVM_VERSION, |
| 452 | + .nvm_calib_ver = IWL9000_TX_POWER_VERSION, |
| 453 | + .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K, |
| 454 | + .integrated = true, |
| 455 | + .soc_latency = 5000, |
| 456 | +}; |
| 457 | + |
| 458 | const struct iwl_cfg iwl9460_2ac_cfg_shared_clk = { |
| 459 | .name = "Intel(R) Dual Band Wireless AC 9460", |
| 460 | .fw_name_pre = IWL9000A_FW_PRE, |
| 461 | @@ -326,6 +365,36 @@ const struct iwl_cfg iwl9560_2ac_cfg_shared_clk = { |
| 462 | .extra_phy_cfg_flags = FW_PHY_CFG_SHARED_CLK |
| 463 | }; |
| 464 | |
| 465 | +const struct iwl_cfg iwl9560_killer_2ac_cfg_shared_clk = { |
| 466 | + .name = "Killer (R) Wireless-AC 1550i Wireless Network Adapter (9560NGW)", |
| 467 | + .fw_name_pre = IWL9000A_FW_PRE, |
| 468 | + .fw_name_pre_b_or_c_step = IWL9000B_FW_PRE, |
| 469 | + .fw_name_pre_rf_next_step = IWL9000RFB_FW_PRE, |
| 470 | + IWL_DEVICE_9000, |
| 471 | + .ht_params = &iwl9000_ht_params, |
| 472 | + .nvm_ver = IWL9000_NVM_VERSION, |
| 473 | + .nvm_calib_ver = IWL9000_TX_POWER_VERSION, |
| 474 | + .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K, |
| 475 | + .integrated = true, |
| 476 | + .soc_latency = 5000, |
| 477 | + .extra_phy_cfg_flags = FW_PHY_CFG_SHARED_CLK |
| 478 | +}; |
| 479 | + |
| 480 | +const struct iwl_cfg iwl9560_killer_s_2ac_cfg_shared_clk = { |
| 481 | + .name = "Killer (R) Wireless-AC 1550s Wireless Network Adapter (9560NGW)", |
| 482 | + .fw_name_pre = IWL9000A_FW_PRE, |
| 483 | + .fw_name_pre_b_or_c_step = IWL9000B_FW_PRE, |
| 484 | + .fw_name_pre_rf_next_step = IWL9000RFB_FW_PRE, |
| 485 | + IWL_DEVICE_9000, |
| 486 | + .ht_params = &iwl9000_ht_params, |
| 487 | + .nvm_ver = IWL9000_NVM_VERSION, |
| 488 | + .nvm_calib_ver = IWL9000_TX_POWER_VERSION, |
| 489 | + .max_ht_ampdu_exponent = IEEE80211_HT_MAX_AMPDU_64K, |
| 490 | + .integrated = true, |
| 491 | + .soc_latency = 5000, |
| 492 | + .extra_phy_cfg_flags = FW_PHY_CFG_SHARED_CLK |
| 493 | +}; |
| 494 | + |
| 495 | MODULE_FIRMWARE(IWL9000A_MODULE_FIRMWARE(IWL9000_UCODE_API_MAX)); |
| 496 | MODULE_FIRMWARE(IWL9000B_MODULE_FIRMWARE(IWL9000_UCODE_API_MAX)); |
| 497 | MODULE_FIRMWARE(IWL9000RFB_MODULE_FIRMWARE(IWL9000_UCODE_API_MAX)); |
| 498 | diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-config.h b/drivers/net/wireless/intel/iwlwifi/iwl-config.h |
| 499 | index 85fe1a928adc..70f3c327eb4a 100644 |
| 500 | --- a/drivers/net/wireless/intel/iwlwifi/iwl-config.h |
| 501 | +++ b/drivers/net/wireless/intel/iwlwifi/iwl-config.h |
| 502 | @@ -470,6 +470,7 @@ extern const struct iwl_cfg iwl8265_2ac_sdio_cfg; |
| 503 | extern const struct iwl_cfg iwl4165_2ac_sdio_cfg; |
| 504 | extern const struct iwl_cfg iwl9160_2ac_cfg; |
| 505 | extern const struct iwl_cfg iwl9260_2ac_cfg; |
| 506 | +extern const struct iwl_cfg iwl9260_killer_2ac_cfg; |
| 507 | extern const struct iwl_cfg iwl9270_2ac_cfg; |
| 508 | extern const struct iwl_cfg iwl9460_2ac_cfg; |
| 509 | extern const struct iwl_cfg iwl9560_2ac_cfg; |
| 510 | @@ -477,10 +478,14 @@ extern const struct iwl_cfg iwl9460_2ac_cfg_soc; |
| 511 | extern const struct iwl_cfg iwl9461_2ac_cfg_soc; |
| 512 | extern const struct iwl_cfg iwl9462_2ac_cfg_soc; |
| 513 | extern const struct iwl_cfg iwl9560_2ac_cfg_soc; |
| 514 | +extern const struct iwl_cfg iwl9560_killer_2ac_cfg_soc; |
| 515 | +extern const struct iwl_cfg iwl9560_killer_s_2ac_cfg_soc; |
| 516 | extern const struct iwl_cfg iwl9460_2ac_cfg_shared_clk; |
| 517 | extern const struct iwl_cfg iwl9461_2ac_cfg_shared_clk; |
| 518 | extern const struct iwl_cfg iwl9462_2ac_cfg_shared_clk; |
| 519 | extern const struct iwl_cfg iwl9560_2ac_cfg_shared_clk; |
| 520 | +extern const struct iwl_cfg iwl9560_killer_2ac_cfg_shared_clk; |
| 521 | +extern const struct iwl_cfg iwl9560_killer_s_2ac_cfg_shared_clk; |
| 522 | extern const struct iwl_cfg iwla000_2ac_cfg_hr; |
| 523 | extern const struct iwl_cfg iwla000_2ac_cfg_hr_cdb; |
| 524 | extern const struct iwl_cfg iwla000_2ac_cfg_jf; |
| 525 | diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c |
| 526 | index 9a8605abb00a..4cbc6cb8bf89 100644 |
| 527 | --- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c |
| 528 | +++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c |
| 529 | @@ -543,6 +543,9 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 530 | {IWL_PCI_DEVICE(0x2526, 0x1210, iwl9260_2ac_cfg)}, |
| 531 | {IWL_PCI_DEVICE(0x2526, 0x1410, iwl9270_2ac_cfg)}, |
| 532 | {IWL_PCI_DEVICE(0x2526, 0x1420, iwl9460_2ac_cfg_soc)}, |
| 533 | + {IWL_PCI_DEVICE(0x2526, 0x1550, iwl9260_killer_2ac_cfg)}, |
| 534 | + {IWL_PCI_DEVICE(0x2526, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 535 | + {IWL_PCI_DEVICE(0x2526, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 536 | {IWL_PCI_DEVICE(0x2526, 0x1610, iwl9270_2ac_cfg)}, |
| 537 | {IWL_PCI_DEVICE(0x2526, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 538 | {IWL_PCI_DEVICE(0x2526, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 539 | @@ -552,6 +555,7 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 540 | {IWL_PCI_DEVICE(0x2526, 0x40A4, iwl9460_2ac_cfg)}, |
| 541 | {IWL_PCI_DEVICE(0x2526, 0x4234, iwl9560_2ac_cfg_soc)}, |
| 542 | {IWL_PCI_DEVICE(0x2526, 0x42A4, iwl9462_2ac_cfg_soc)}, |
| 543 | + {IWL_PCI_DEVICE(0x2526, 0x8014, iwl9260_2ac_cfg)}, |
| 544 | {IWL_PCI_DEVICE(0x2526, 0xA014, iwl9260_2ac_cfg)}, |
| 545 | {IWL_PCI_DEVICE(0x271B, 0x0010, iwl9160_2ac_cfg)}, |
| 546 | {IWL_PCI_DEVICE(0x271B, 0x0014, iwl9160_2ac_cfg)}, |
| 547 | @@ -576,6 +580,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 548 | {IWL_PCI_DEVICE(0x2720, 0x1010, iwl9260_2ac_cfg)}, |
| 549 | {IWL_PCI_DEVICE(0x2720, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 550 | {IWL_PCI_DEVICE(0x2720, 0x1210, iwl9260_2ac_cfg)}, |
| 551 | + {IWL_PCI_DEVICE(0x2720, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 552 | + {IWL_PCI_DEVICE(0x2720, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 553 | {IWL_PCI_DEVICE(0x2720, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 554 | {IWL_PCI_DEVICE(0x2720, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 555 | {IWL_PCI_DEVICE(0x2720, 0x4030, iwl9560_2ac_cfg)}, |
| 556 | @@ -602,6 +608,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 557 | {IWL_PCI_DEVICE(0x30DC, 0x1010, iwl9260_2ac_cfg)}, |
| 558 | {IWL_PCI_DEVICE(0x30DC, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 559 | {IWL_PCI_DEVICE(0x30DC, 0x1210, iwl9260_2ac_cfg)}, |
| 560 | + {IWL_PCI_DEVICE(0x30DC, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 561 | + {IWL_PCI_DEVICE(0x30DC, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 562 | {IWL_PCI_DEVICE(0x30DC, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 563 | {IWL_PCI_DEVICE(0x30DC, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 564 | {IWL_PCI_DEVICE(0x30DC, 0x4030, iwl9560_2ac_cfg_soc)}, |
| 565 | @@ -628,6 +636,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 566 | {IWL_PCI_DEVICE(0x31DC, 0x1010, iwl9260_2ac_cfg)}, |
| 567 | {IWL_PCI_DEVICE(0x31DC, 0x1030, iwl9560_2ac_cfg_shared_clk)}, |
| 568 | {IWL_PCI_DEVICE(0x31DC, 0x1210, iwl9260_2ac_cfg)}, |
| 569 | + {IWL_PCI_DEVICE(0x31DC, 0x1551, iwl9560_killer_s_2ac_cfg_shared_clk)}, |
| 570 | + {IWL_PCI_DEVICE(0x31DC, 0x1552, iwl9560_killer_2ac_cfg_shared_clk)}, |
| 571 | {IWL_PCI_DEVICE(0x31DC, 0x2030, iwl9560_2ac_cfg_shared_clk)}, |
| 572 | {IWL_PCI_DEVICE(0x31DC, 0x2034, iwl9560_2ac_cfg_shared_clk)}, |
| 573 | {IWL_PCI_DEVICE(0x31DC, 0x4030, iwl9560_2ac_cfg_shared_clk)}, |
| 574 | @@ -654,6 +664,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 575 | {IWL_PCI_DEVICE(0x34F0, 0x1010, iwl9260_2ac_cfg)}, |
| 576 | {IWL_PCI_DEVICE(0x34F0, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 577 | {IWL_PCI_DEVICE(0x34F0, 0x1210, iwl9260_2ac_cfg)}, |
| 578 | + {IWL_PCI_DEVICE(0x34F0, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 579 | + {IWL_PCI_DEVICE(0x34F0, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 580 | {IWL_PCI_DEVICE(0x34F0, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 581 | {IWL_PCI_DEVICE(0x34F0, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 582 | {IWL_PCI_DEVICE(0x34F0, 0x4030, iwl9560_2ac_cfg_soc)}, |
| 583 | @@ -680,6 +692,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 584 | {IWL_PCI_DEVICE(0x3DF0, 0x1010, iwl9260_2ac_cfg)}, |
| 585 | {IWL_PCI_DEVICE(0x3DF0, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 586 | {IWL_PCI_DEVICE(0x3DF0, 0x1210, iwl9260_2ac_cfg)}, |
| 587 | + {IWL_PCI_DEVICE(0x3DF0, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 588 | + {IWL_PCI_DEVICE(0x3DF0, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 589 | {IWL_PCI_DEVICE(0x3DF0, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 590 | {IWL_PCI_DEVICE(0x3DF0, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 591 | {IWL_PCI_DEVICE(0x3DF0, 0x4030, iwl9560_2ac_cfg_soc)}, |
| 592 | @@ -706,6 +720,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 593 | {IWL_PCI_DEVICE(0x43F0, 0x1010, iwl9260_2ac_cfg)}, |
| 594 | {IWL_PCI_DEVICE(0x43F0, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 595 | {IWL_PCI_DEVICE(0x43F0, 0x1210, iwl9260_2ac_cfg)}, |
| 596 | + {IWL_PCI_DEVICE(0x43F0, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 597 | + {IWL_PCI_DEVICE(0x43F0, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 598 | {IWL_PCI_DEVICE(0x43F0, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 599 | {IWL_PCI_DEVICE(0x43F0, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 600 | {IWL_PCI_DEVICE(0x43F0, 0x4030, iwl9560_2ac_cfg_soc)}, |
| 601 | @@ -741,6 +757,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 602 | {IWL_PCI_DEVICE(0x9DF0, 0x1010, iwl9260_2ac_cfg)}, |
| 603 | {IWL_PCI_DEVICE(0x9DF0, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 604 | {IWL_PCI_DEVICE(0x9DF0, 0x1210, iwl9260_2ac_cfg)}, |
| 605 | + {IWL_PCI_DEVICE(0x9DF0, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 606 | + {IWL_PCI_DEVICE(0x9DF0, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 607 | {IWL_PCI_DEVICE(0x9DF0, 0x2010, iwl9460_2ac_cfg_soc)}, |
| 608 | {IWL_PCI_DEVICE(0x9DF0, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 609 | {IWL_PCI_DEVICE(0x9DF0, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 610 | @@ -769,6 +787,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 611 | {IWL_PCI_DEVICE(0xA0F0, 0x1010, iwl9260_2ac_cfg)}, |
| 612 | {IWL_PCI_DEVICE(0xA0F0, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 613 | {IWL_PCI_DEVICE(0xA0F0, 0x1210, iwl9260_2ac_cfg)}, |
| 614 | + {IWL_PCI_DEVICE(0xA0F0, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 615 | + {IWL_PCI_DEVICE(0xA0F0, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 616 | {IWL_PCI_DEVICE(0xA0F0, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 617 | {IWL_PCI_DEVICE(0xA0F0, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 618 | {IWL_PCI_DEVICE(0xA0F0, 0x4030, iwl9560_2ac_cfg_soc)}, |
| 619 | @@ -795,6 +815,8 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
| 620 | {IWL_PCI_DEVICE(0xA370, 0x1010, iwl9260_2ac_cfg)}, |
| 621 | {IWL_PCI_DEVICE(0xA370, 0x1030, iwl9560_2ac_cfg_soc)}, |
| 622 | {IWL_PCI_DEVICE(0xA370, 0x1210, iwl9260_2ac_cfg)}, |
| 623 | + {IWL_PCI_DEVICE(0xA370, 0x1551, iwl9560_killer_s_2ac_cfg_soc)}, |
| 624 | + {IWL_PCI_DEVICE(0xA370, 0x1552, iwl9560_killer_2ac_cfg_soc)}, |
| 625 | {IWL_PCI_DEVICE(0xA370, 0x2030, iwl9560_2ac_cfg_soc)}, |
| 626 | {IWL_PCI_DEVICE(0xA370, 0x2034, iwl9560_2ac_cfg_soc)}, |
| 627 | {IWL_PCI_DEVICE(0xA370, 0x4030, iwl9560_2ac_cfg_soc)}, |
| 628 | diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c |
| 629 | index 4d49fb8f2bbc..3a406b40f150 100644 |
| 630 | --- a/drivers/scsi/sg.c |
| 631 | +++ b/drivers/scsi/sg.c |
| 632 | @@ -2186,6 +2186,7 @@ sg_add_sfp(Sg_device * sdp) |
| 633 | write_lock_irqsave(&sdp->sfd_lock, iflags); |
| 634 | if (atomic_read(&sdp->detaching)) { |
| 635 | write_unlock_irqrestore(&sdp->sfd_lock, iflags); |
| 636 | + kfree(sfp); |
| 637 | return ERR_PTR(-ENODEV); |
| 638 | } |
| 639 | list_add_tail(&sfp->sfd_siblings, &sdp->sfds); |
| 640 | diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c |
| 641 | index f0b3a0b9d42f..36c9fbf70d44 100644 |
| 642 | --- a/drivers/virtio/virtio_balloon.c |
| 643 | +++ b/drivers/virtio/virtio_balloon.c |
| 644 | @@ -490,7 +490,9 @@ static int virtballoon_migratepage(struct balloon_dev_info *vb_dev_info, |
| 645 | tell_host(vb, vb->inflate_vq); |
| 646 | |
| 647 | /* balloon's page migration 2nd step -- deflate "page" */ |
| 648 | + spin_lock_irqsave(&vb_dev_info->pages_lock, flags); |
| 649 | balloon_page_delete(page); |
| 650 | + spin_unlock_irqrestore(&vb_dev_info->pages_lock, flags); |
| 651 | vb->num_pfns = VIRTIO_BALLOON_PAGES_PER_PAGE; |
| 652 | set_page_pfns(vb, vb->pfns, page); |
| 653 | tell_host(vb, vb->deflate_vq); |
| 654 | diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c |
| 655 | index 2751476e6b6e..f098b9f1c396 100644 |
| 656 | --- a/fs/squashfs/block.c |
| 657 | +++ b/fs/squashfs/block.c |
| 658 | @@ -167,6 +167,8 @@ int squashfs_read_data(struct super_block *sb, u64 index, int length, |
| 659 | } |
| 660 | |
| 661 | if (compressed) { |
| 662 | + if (!msblk->stream) |
| 663 | + goto read_failure; |
| 664 | length = squashfs_decompress(msblk, bh, b, offset, length, |
| 665 | output); |
| 666 | if (length < 0) |
| 667 | diff --git a/fs/squashfs/fragment.c b/fs/squashfs/fragment.c |
| 668 | index 86ad9a4b8c36..0681feab4a84 100644 |
| 669 | --- a/fs/squashfs/fragment.c |
| 670 | +++ b/fs/squashfs/fragment.c |
| 671 | @@ -49,11 +49,16 @@ int squashfs_frag_lookup(struct super_block *sb, unsigned int fragment, |
| 672 | u64 *fragment_block) |
| 673 | { |
| 674 | struct squashfs_sb_info *msblk = sb->s_fs_info; |
| 675 | - int block = SQUASHFS_FRAGMENT_INDEX(fragment); |
| 676 | - int offset = SQUASHFS_FRAGMENT_INDEX_OFFSET(fragment); |
| 677 | - u64 start_block = le64_to_cpu(msblk->fragment_index[block]); |
| 678 | + int block, offset, size; |
| 679 | struct squashfs_fragment_entry fragment_entry; |
| 680 | - int size; |
| 681 | + u64 start_block; |
| 682 | + |
| 683 | + if (fragment >= msblk->fragments) |
| 684 | + return -EIO; |
| 685 | + block = SQUASHFS_FRAGMENT_INDEX(fragment); |
| 686 | + offset = SQUASHFS_FRAGMENT_INDEX_OFFSET(fragment); |
| 687 | + |
| 688 | + start_block = le64_to_cpu(msblk->fragment_index[block]); |
| 689 | |
| 690 | size = squashfs_read_metadata(sb, &fragment_entry, &start_block, |
| 691 | &offset, sizeof(fragment_entry)); |
| 692 | diff --git a/fs/squashfs/squashfs_fs_sb.h b/fs/squashfs/squashfs_fs_sb.h |
| 693 | index 1da565cb50c3..ef69c31947bf 100644 |
| 694 | --- a/fs/squashfs/squashfs_fs_sb.h |
| 695 | +++ b/fs/squashfs/squashfs_fs_sb.h |
| 696 | @@ -75,6 +75,7 @@ struct squashfs_sb_info { |
| 697 | unsigned short block_log; |
| 698 | long long bytes_used; |
| 699 | unsigned int inodes; |
| 700 | + unsigned int fragments; |
| 701 | int xattr_ids; |
| 702 | }; |
| 703 | #endif |
| 704 | diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c |
| 705 | index cf01e15a7b16..1516bb779b8d 100644 |
| 706 | --- a/fs/squashfs/super.c |
| 707 | +++ b/fs/squashfs/super.c |
| 708 | @@ -175,6 +175,7 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) |
| 709 | msblk->inode_table = le64_to_cpu(sblk->inode_table_start); |
| 710 | msblk->directory_table = le64_to_cpu(sblk->directory_table_start); |
| 711 | msblk->inodes = le32_to_cpu(sblk->inodes); |
| 712 | + msblk->fragments = le32_to_cpu(sblk->fragments); |
| 713 | flags = le16_to_cpu(sblk->flags); |
| 714 | |
| 715 | TRACE("Found valid superblock on %pg\n", sb->s_bdev); |
| 716 | @@ -185,7 +186,7 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) |
| 717 | TRACE("Filesystem size %lld bytes\n", msblk->bytes_used); |
| 718 | TRACE("Block size %d\n", msblk->block_size); |
| 719 | TRACE("Number of inodes %d\n", msblk->inodes); |
| 720 | - TRACE("Number of fragments %d\n", le32_to_cpu(sblk->fragments)); |
| 721 | + TRACE("Number of fragments %d\n", msblk->fragments); |
| 722 | TRACE("Number of ids %d\n", le16_to_cpu(sblk->no_ids)); |
| 723 | TRACE("sblk->inode_table_start %llx\n", msblk->inode_table); |
| 724 | TRACE("sblk->directory_table_start %llx\n", msblk->directory_table); |
| 725 | @@ -272,7 +273,7 @@ allocate_id_index_table: |
| 726 | sb->s_export_op = &squashfs_export_ops; |
| 727 | |
| 728 | handle_fragments: |
| 729 | - fragments = le32_to_cpu(sblk->fragments); |
| 730 | + fragments = msblk->fragments; |
| 731 | if (fragments == 0) |
| 732 | goto check_directory_table; |
| 733 | |
| 734 | diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c |
| 735 | index f6ed92524a03..3eda623e4cb4 100644 |
| 736 | --- a/fs/userfaultfd.c |
| 737 | +++ b/fs/userfaultfd.c |
| 738 | @@ -628,8 +628,10 @@ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, |
| 739 | /* the various vma->vm_userfaultfd_ctx still points to it */ |
| 740 | down_write(&mm->mmap_sem); |
| 741 | for (vma = mm->mmap; vma; vma = vma->vm_next) |
| 742 | - if (vma->vm_userfaultfd_ctx.ctx == release_new_ctx) |
| 743 | + if (vma->vm_userfaultfd_ctx.ctx == release_new_ctx) { |
| 744 | vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; |
| 745 | + vma->vm_flags &= ~(VM_UFFD_WP | VM_UFFD_MISSING); |
| 746 | + } |
| 747 | up_write(&mm->mmap_sem); |
| 748 | |
| 749 | userfaultfd_ctx_put(release_new_ctx); |
| 750 | diff --git a/kernel/auditsc.c b/kernel/auditsc.c |
| 751 | index 677053a2fb57..76d789d6cea0 100644 |
| 752 | --- a/kernel/auditsc.c |
| 753 | +++ b/kernel/auditsc.c |
| 754 | @@ -1274,8 +1274,12 @@ static void show_special(struct audit_context *context, int *call_panic) |
| 755 | break; |
| 756 | case AUDIT_KERN_MODULE: |
| 757 | audit_log_format(ab, "name="); |
| 758 | - audit_log_untrustedstring(ab, context->module.name); |
| 759 | - kfree(context->module.name); |
| 760 | + if (context->module.name) { |
| 761 | + audit_log_untrustedstring(ab, context->module.name); |
| 762 | + kfree(context->module.name); |
| 763 | + } else |
| 764 | + audit_log_format(ab, "(null)"); |
| 765 | + |
| 766 | break; |
| 767 | } |
| 768 | audit_log_end(ab); |
| 769 | @@ -2387,8 +2391,9 @@ void __audit_log_kern_module(char *name) |
| 770 | { |
| 771 | struct audit_context *context = current->audit_context; |
| 772 | |
| 773 | - context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL); |
| 774 | - strcpy(context->module.name, name); |
| 775 | + context->module.name = kstrdup(name, GFP_KERNEL); |
| 776 | + if (!context->module.name) |
| 777 | + audit_log_lost("out of memory in __audit_log_kern_module"); |
| 778 | context->type = AUDIT_KERN_MODULE; |
| 779 | } |
| 780 | |
| 781 | diff --git a/net/dsa/slave.c b/net/dsa/slave.c |
| 782 | index 865e29e62bad..242e74b9d454 100644 |
| 783 | --- a/net/dsa/slave.c |
| 784 | +++ b/net/dsa/slave.c |
| 785 | @@ -1219,6 +1219,9 @@ int dsa_slave_suspend(struct net_device *slave_dev) |
| 786 | { |
| 787 | struct dsa_slave_priv *p = netdev_priv(slave_dev); |
| 788 | |
| 789 | + if (!netif_running(slave_dev)) |
| 790 | + return 0; |
| 791 | + |
| 792 | netif_device_detach(slave_dev); |
| 793 | |
| 794 | if (p->phy) { |
| 795 | @@ -1236,6 +1239,9 @@ int dsa_slave_resume(struct net_device *slave_dev) |
| 796 | { |
| 797 | struct dsa_slave_priv *p = netdev_priv(slave_dev); |
| 798 | |
| 799 | + if (!netif_running(slave_dev)) |
| 800 | + return 0; |
| 801 | + |
| 802 | netif_device_attach(slave_dev); |
| 803 | |
| 804 | if (p->phy) { |
| 805 | diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c |
| 806 | index e691705f0a85..ba4454ecdf0f 100644 |
| 807 | --- a/net/ipv4/inet_fragment.c |
| 808 | +++ b/net/ipv4/inet_fragment.c |
| 809 | @@ -356,11 +356,6 @@ static struct inet_frag_queue *inet_frag_alloc(struct netns_frags *nf, |
| 810 | { |
| 811 | struct inet_frag_queue *q; |
| 812 | |
| 813 | - if (!nf->high_thresh || frag_mem_limit(nf) > nf->high_thresh) { |
| 814 | - inet_frag_schedule_worker(f); |
| 815 | - return NULL; |
| 816 | - } |
| 817 | - |
| 818 | q = kmem_cache_zalloc(f->frags_cachep, GFP_ATOMIC); |
| 819 | if (!q) |
| 820 | return NULL; |
| 821 | @@ -397,6 +392,11 @@ struct inet_frag_queue *inet_frag_find(struct netns_frags *nf, |
| 822 | struct inet_frag_queue *q; |
| 823 | int depth = 0; |
| 824 | |
| 825 | + if (!nf->high_thresh || frag_mem_limit(nf) > nf->high_thresh) { |
| 826 | + inet_frag_schedule_worker(f); |
| 827 | + return NULL; |
| 828 | + } |
| 829 | + |
| 830 | if (frag_mem_limit(nf) > nf->low_thresh) |
| 831 | inet_frag_schedule_worker(f); |
| 832 | |
| 833 | diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c |
| 834 | index df8fe0503de0..4cb1befc3949 100644 |
| 835 | --- a/net/ipv4/ip_fragment.c |
| 836 | +++ b/net/ipv4/ip_fragment.c |
| 837 | @@ -447,11 +447,16 @@ found: |
| 838 | int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */ |
| 839 | |
| 840 | if (i < next->len) { |
| 841 | + int delta = -next->truesize; |
| 842 | + |
| 843 | /* Eat head of the next overlapped fragment |
| 844 | * and leave the loop. The next ones cannot overlap. |
| 845 | */ |
| 846 | if (!pskb_pull(next, i)) |
| 847 | goto err; |
| 848 | + delta += next->truesize; |
| 849 | + if (delta) |
| 850 | + add_frag_mem_limit(qp->q.net, delta); |
| 851 | FRAG_CB(next)->offset += i; |
| 852 | qp->q.meat -= i; |
| 853 | if (next->ip_summed != CHECKSUM_UNNECESSARY) |
| 854 | diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
| 855 | index b2fcbf012056..68c9d1833b95 100644 |
| 856 | --- a/net/netlink/af_netlink.c |
| 857 | +++ b/net/netlink/af_netlink.c |
| 858 | @@ -63,6 +63,7 @@ |
| 859 | #include <linux/hash.h> |
| 860 | #include <linux/genetlink.h> |
| 861 | #include <linux/net_namespace.h> |
| 862 | +#include <linux/nospec.h> |
| 863 | |
| 864 | #include <net/net_namespace.h> |
| 865 | #include <net/sock.h> |
| 866 | @@ -647,6 +648,7 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol, |
| 867 | |
| 868 | if (protocol < 0 || protocol >= MAX_LINKS) |
| 869 | return -EPROTONOSUPPORT; |
| 870 | + protocol = array_index_nospec(protocol, MAX_LINKS); |
| 871 | |
| 872 | netlink_lock_table(); |
| 873 | #ifdef CONFIG_MODULES |
| 874 | diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c |
| 875 | index 3028298ca561..62b1581d44a5 100644 |
| 876 | --- a/net/rxrpc/call_accept.c |
| 877 | +++ b/net/rxrpc/call_accept.c |
| 878 | @@ -115,9 +115,9 @@ static int rxrpc_service_prealloc_one(struct rxrpc_sock *rx, |
| 879 | while (*pp) { |
| 880 | parent = *pp; |
| 881 | xcall = rb_entry(parent, struct rxrpc_call, sock_node); |
| 882 | - if (user_call_ID < call->user_call_ID) |
| 883 | + if (user_call_ID < xcall->user_call_ID) |
| 884 | pp = &(*pp)->rb_left; |
| 885 | - else if (user_call_ID > call->user_call_ID) |
| 886 | + else if (user_call_ID > xcall->user_call_ID) |
| 887 | pp = &(*pp)->rb_right; |
| 888 | else |
| 889 | goto id_in_use; |
| 890 | diff --git a/net/socket.c b/net/socket.c |
| 891 | index 8b2bef6cfe42..d27922639a20 100644 |
| 892 | --- a/net/socket.c |
| 893 | +++ b/net/socket.c |
| 894 | @@ -89,6 +89,7 @@ |
| 895 | #include <linux/magic.h> |
| 896 | #include <linux/slab.h> |
| 897 | #include <linux/xattr.h> |
| 898 | +#include <linux/nospec.h> |
| 899 | |
| 900 | #include <linux/uaccess.h> |
| 901 | #include <asm/unistd.h> |
| 902 | @@ -2443,6 +2444,7 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args) |
| 903 | |
| 904 | if (call < 1 || call > SYS_SENDMMSG) |
| 905 | return -EINVAL; |
| 906 | + call = array_index_nospec(call, SYS_SENDMMSG + 1); |
| 907 | |
| 908 | len = nargs[call]; |
| 909 | if (len > sizeof(a)) |