Annotation of /trunk/kernel-alx/patches-4.19/0143-4.19.44-all-fixes.patch
Parent Directory
|
Revision Log
Revision 3422 -
(hide annotations)
(download)
Fri Aug 2 11:47:51 2019 UTC (4 years, 10 months ago) by niro
File size: 120745 byte(s)
Fri Aug 2 11:47:51 2019 UTC (4 years, 10 months ago) by niro
File size: 120745 byte(s)
-linux-4.19.44
1 | niro | 3422 | diff --git a/Makefile b/Makefile |
2 | index be894b3a97d5..dd11f5a83d2f 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,7 +1,7 @@ | ||
6 | # SPDX-License-Identifier: GPL-2.0 | ||
7 | VERSION = 4 | ||
8 | PATCHLEVEL = 19 | ||
9 | -SUBLEVEL = 43 | ||
10 | +SUBLEVEL = 44 | ||
11 | EXTRAVERSION = | ||
12 | NAME = "People's Front" | ||
13 | |||
14 | diff --git a/arch/arm/kernel/head-nommu.S b/arch/arm/kernel/head-nommu.S | ||
15 | index ec29de250076..cab89479d15e 100644 | ||
16 | --- a/arch/arm/kernel/head-nommu.S | ||
17 | +++ b/arch/arm/kernel/head-nommu.S | ||
18 | @@ -133,9 +133,9 @@ __secondary_data: | ||
19 | */ | ||
20 | .text | ||
21 | __after_proc_init: | ||
22 | -#ifdef CONFIG_ARM_MPU | ||
23 | M_CLASS(movw r12, #:lower16:BASEADDR_V7M_SCB) | ||
24 | M_CLASS(movt r12, #:upper16:BASEADDR_V7M_SCB) | ||
25 | +#ifdef CONFIG_ARM_MPU | ||
26 | M_CLASS(ldr r3, [r12, 0x50]) | ||
27 | AR_CLASS(mrc p15, 0, r3, c0, c1, 4) @ Read ID_MMFR0 | ||
28 | and r3, r3, #(MMFR0_PMSA) @ PMSA field | ||
29 | diff --git a/arch/mips/ath79/setup.c b/arch/mips/ath79/setup.c | ||
30 | index 4c7a93f4039a..7c0b2e6cdfbd 100644 | ||
31 | --- a/arch/mips/ath79/setup.c | ||
32 | +++ b/arch/mips/ath79/setup.c | ||
33 | @@ -211,12 +211,6 @@ const char *get_system_type(void) | ||
34 | return ath79_sys_type; | ||
35 | } | ||
36 | |||
37 | -int get_c0_perfcount_int(void) | ||
38 | -{ | ||
39 | - return ATH79_MISC_IRQ(5); | ||
40 | -} | ||
41 | -EXPORT_SYMBOL_GPL(get_c0_perfcount_int); | ||
42 | - | ||
43 | unsigned int get_c0_compare_int(void) | ||
44 | { | ||
45 | return CP0_LEGACY_COMPARE_IRQ; | ||
46 | diff --git a/arch/powerpc/include/asm/book3s/64/pgalloc.h b/arch/powerpc/include/asm/book3s/64/pgalloc.h | ||
47 | index 391ed2c3b697..f9019b579903 100644 | ||
48 | --- a/arch/powerpc/include/asm/book3s/64/pgalloc.h | ||
49 | +++ b/arch/powerpc/include/asm/book3s/64/pgalloc.h | ||
50 | @@ -83,6 +83,9 @@ static inline pgd_t *pgd_alloc(struct mm_struct *mm) | ||
51 | |||
52 | pgd = kmem_cache_alloc(PGT_CACHE(PGD_INDEX_SIZE), | ||
53 | pgtable_gfp_flags(mm, GFP_KERNEL)); | ||
54 | + if (unlikely(!pgd)) | ||
55 | + return pgd; | ||
56 | + | ||
57 | /* | ||
58 | * Don't scan the PGD for pointers, it contains references to PUDs but | ||
59 | * those references are not full pointers and so can't be recognised by | ||
60 | diff --git a/arch/powerpc/include/asm/reg_booke.h b/arch/powerpc/include/asm/reg_booke.h | ||
61 | index eb2a33d5df26..e382bd6ede84 100644 | ||
62 | --- a/arch/powerpc/include/asm/reg_booke.h | ||
63 | +++ b/arch/powerpc/include/asm/reg_booke.h | ||
64 | @@ -41,7 +41,7 @@ | ||
65 | #if defined(CONFIG_PPC_BOOK3E_64) | ||
66 | #define MSR_64BIT MSR_CM | ||
67 | |||
68 | -#define MSR_ (MSR_ME | MSR_CE) | ||
69 | +#define MSR_ (MSR_ME | MSR_RI | MSR_CE) | ||
70 | #define MSR_KERNEL (MSR_ | MSR_64BIT) | ||
71 | #define MSR_USER32 (MSR_ | MSR_PR | MSR_EE) | ||
72 | #define MSR_USER64 (MSR_USER32 | MSR_64BIT) | ||
73 | diff --git a/arch/powerpc/kernel/idle_book3s.S b/arch/powerpc/kernel/idle_book3s.S | ||
74 | index 7f5ac2e8581b..36178000a2f2 100644 | ||
75 | --- a/arch/powerpc/kernel/idle_book3s.S | ||
76 | +++ b/arch/powerpc/kernel/idle_book3s.S | ||
77 | @@ -170,6 +170,9 @@ core_idle_lock_held: | ||
78 | bne- core_idle_lock_held | ||
79 | blr | ||
80 | |||
81 | +/* Reuse an unused pt_regs slot for IAMR */ | ||
82 | +#define PNV_POWERSAVE_IAMR _DAR | ||
83 | + | ||
84 | /* | ||
85 | * Pass requested state in r3: | ||
86 | * r3 - PNV_THREAD_NAP/SLEEP/WINKLE in POWER8 | ||
87 | @@ -200,6 +203,12 @@ pnv_powersave_common: | ||
88 | /* Continue saving state */ | ||
89 | SAVE_GPR(2, r1) | ||
90 | SAVE_NVGPRS(r1) | ||
91 | + | ||
92 | +BEGIN_FTR_SECTION | ||
93 | + mfspr r5, SPRN_IAMR | ||
94 | + std r5, PNV_POWERSAVE_IAMR(r1) | ||
95 | +END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) | ||
96 | + | ||
97 | mfcr r5 | ||
98 | std r5,_CCR(r1) | ||
99 | std r1,PACAR1(r13) | ||
100 | @@ -924,6 +933,17 @@ BEGIN_FTR_SECTION | ||
101 | END_FTR_SECTION_IFSET(CPU_FTR_HVMODE) | ||
102 | REST_NVGPRS(r1) | ||
103 | REST_GPR(2, r1) | ||
104 | + | ||
105 | +BEGIN_FTR_SECTION | ||
106 | + /* IAMR was saved in pnv_powersave_common() */ | ||
107 | + ld r5, PNV_POWERSAVE_IAMR(r1) | ||
108 | + mtspr SPRN_IAMR, r5 | ||
109 | + /* | ||
110 | + * We don't need an isync here because the upcoming mtmsrd is | ||
111 | + * execution synchronizing. | ||
112 | + */ | ||
113 | +END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) | ||
114 | + | ||
115 | ld r4,PACAKMSR(r13) | ||
116 | ld r5,_LINK(r1) | ||
117 | ld r6,_CCR(r1) | ||
118 | diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c | ||
119 | index 4ccbf611a3c5..70568ccbd9fd 100644 | ||
120 | --- a/arch/powerpc/kernel/security.c | ||
121 | +++ b/arch/powerpc/kernel/security.c | ||
122 | @@ -4,6 +4,7 @@ | ||
123 | // | ||
124 | // Copyright 2018, Michael Ellerman, IBM Corporation. | ||
125 | |||
126 | +#include <linux/cpu.h> | ||
127 | #include <linux/kernel.h> | ||
128 | #include <linux/device.h> | ||
129 | #include <linux/seq_buf.h> | ||
130 | diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c | ||
131 | index 61c1fadbc644..6dc43205382b 100644 | ||
132 | --- a/arch/powerpc/kernel/smp.c | ||
133 | +++ b/arch/powerpc/kernel/smp.c | ||
134 | @@ -338,13 +338,12 @@ void arch_send_call_function_ipi_mask(const struct cpumask *mask) | ||
135 | * NMI IPIs may not be recoverable, so should not be used as ongoing part of | ||
136 | * a running system. They can be used for crash, debug, halt/reboot, etc. | ||
137 | * | ||
138 | - * NMI IPIs are globally single threaded. No more than one in progress at | ||
139 | - * any time. | ||
140 | - * | ||
141 | * The IPI call waits with interrupts disabled until all targets enter the | ||
142 | - * NMI handler, then the call returns. | ||
143 | + * NMI handler, then returns. Subsequent IPIs can be issued before targets | ||
144 | + * have returned from their handlers, so there is no guarantee about | ||
145 | + * concurrency or re-entrancy. | ||
146 | * | ||
147 | - * No new NMI can be initiated until targets exit the handler. | ||
148 | + * A new NMI can be issued before all targets exit the handler. | ||
149 | * | ||
150 | * The IPI call may time out without all targets entering the NMI handler. | ||
151 | * In that case, there is some logic to recover (and ignore subsequent | ||
152 | @@ -355,7 +354,7 @@ void arch_send_call_function_ipi_mask(const struct cpumask *mask) | ||
153 | |||
154 | static atomic_t __nmi_ipi_lock = ATOMIC_INIT(0); | ||
155 | static struct cpumask nmi_ipi_pending_mask; | ||
156 | -static int nmi_ipi_busy_count = 0; | ||
157 | +static bool nmi_ipi_busy = false; | ||
158 | static void (*nmi_ipi_function)(struct pt_regs *) = NULL; | ||
159 | |||
160 | static void nmi_ipi_lock_start(unsigned long *flags) | ||
161 | @@ -394,7 +393,7 @@ static void nmi_ipi_unlock_end(unsigned long *flags) | ||
162 | */ | ||
163 | int smp_handle_nmi_ipi(struct pt_regs *regs) | ||
164 | { | ||
165 | - void (*fn)(struct pt_regs *); | ||
166 | + void (*fn)(struct pt_regs *) = NULL; | ||
167 | unsigned long flags; | ||
168 | int me = raw_smp_processor_id(); | ||
169 | int ret = 0; | ||
170 | @@ -405,29 +404,17 @@ int smp_handle_nmi_ipi(struct pt_regs *regs) | ||
171 | * because the caller may have timed out. | ||
172 | */ | ||
173 | nmi_ipi_lock_start(&flags); | ||
174 | - if (!nmi_ipi_busy_count) | ||
175 | - goto out; | ||
176 | - if (!cpumask_test_cpu(me, &nmi_ipi_pending_mask)) | ||
177 | - goto out; | ||
178 | - | ||
179 | - fn = nmi_ipi_function; | ||
180 | - if (!fn) | ||
181 | - goto out; | ||
182 | - | ||
183 | - cpumask_clear_cpu(me, &nmi_ipi_pending_mask); | ||
184 | - nmi_ipi_busy_count++; | ||
185 | - nmi_ipi_unlock(); | ||
186 | - | ||
187 | - ret = 1; | ||
188 | - | ||
189 | - fn(regs); | ||
190 | - | ||
191 | - nmi_ipi_lock(); | ||
192 | - if (nmi_ipi_busy_count > 1) /* Can race with caller time-out */ | ||
193 | - nmi_ipi_busy_count--; | ||
194 | -out: | ||
195 | + if (cpumask_test_cpu(me, &nmi_ipi_pending_mask)) { | ||
196 | + cpumask_clear_cpu(me, &nmi_ipi_pending_mask); | ||
197 | + fn = READ_ONCE(nmi_ipi_function); | ||
198 | + WARN_ON_ONCE(!fn); | ||
199 | + ret = 1; | ||
200 | + } | ||
201 | nmi_ipi_unlock_end(&flags); | ||
202 | |||
203 | + if (fn) | ||
204 | + fn(regs); | ||
205 | + | ||
206 | return ret; | ||
207 | } | ||
208 | |||
209 | @@ -453,7 +440,7 @@ static void do_smp_send_nmi_ipi(int cpu, bool safe) | ||
210 | * - cpu is the target CPU (must not be this CPU), or NMI_IPI_ALL_OTHERS. | ||
211 | * - fn is the target callback function. | ||
212 | * - delay_us > 0 is the delay before giving up waiting for targets to | ||
213 | - * complete executing the handler, == 0 specifies indefinite delay. | ||
214 | + * begin executing the handler, == 0 specifies indefinite delay. | ||
215 | */ | ||
216 | int __smp_send_nmi_ipi(int cpu, void (*fn)(struct pt_regs *), u64 delay_us, bool safe) | ||
217 | { | ||
218 | @@ -467,31 +454,33 @@ int __smp_send_nmi_ipi(int cpu, void (*fn)(struct pt_regs *), u64 delay_us, bool | ||
219 | if (unlikely(!smp_ops)) | ||
220 | return 0; | ||
221 | |||
222 | - /* Take the nmi_ipi_busy count/lock with interrupts hard disabled */ | ||
223 | nmi_ipi_lock_start(&flags); | ||
224 | - while (nmi_ipi_busy_count) { | ||
225 | + while (nmi_ipi_busy) { | ||
226 | nmi_ipi_unlock_end(&flags); | ||
227 | - spin_until_cond(nmi_ipi_busy_count == 0); | ||
228 | + spin_until_cond(!nmi_ipi_busy); | ||
229 | nmi_ipi_lock_start(&flags); | ||
230 | } | ||
231 | - | ||
232 | + nmi_ipi_busy = true; | ||
233 | nmi_ipi_function = fn; | ||
234 | |||
235 | + WARN_ON_ONCE(!cpumask_empty(&nmi_ipi_pending_mask)); | ||
236 | + | ||
237 | if (cpu < 0) { | ||
238 | /* ALL_OTHERS */ | ||
239 | cpumask_copy(&nmi_ipi_pending_mask, cpu_online_mask); | ||
240 | cpumask_clear_cpu(me, &nmi_ipi_pending_mask); | ||
241 | } else { | ||
242 | - /* cpumask starts clear */ | ||
243 | cpumask_set_cpu(cpu, &nmi_ipi_pending_mask); | ||
244 | } | ||
245 | - nmi_ipi_busy_count++; | ||
246 | + | ||
247 | nmi_ipi_unlock(); | ||
248 | |||
249 | + /* Interrupts remain hard disabled */ | ||
250 | + | ||
251 | do_smp_send_nmi_ipi(cpu, safe); | ||
252 | |||
253 | nmi_ipi_lock(); | ||
254 | - /* nmi_ipi_busy_count is held here, so unlock/lock is okay */ | ||
255 | + /* nmi_ipi_busy is set here, so unlock/lock is okay */ | ||
256 | while (!cpumask_empty(&nmi_ipi_pending_mask)) { | ||
257 | nmi_ipi_unlock(); | ||
258 | udelay(1); | ||
259 | @@ -503,29 +492,15 @@ int __smp_send_nmi_ipi(int cpu, void (*fn)(struct pt_regs *), u64 delay_us, bool | ||
260 | } | ||
261 | } | ||
262 | |||
263 | - while (nmi_ipi_busy_count > 1) { | ||
264 | - nmi_ipi_unlock(); | ||
265 | - udelay(1); | ||
266 | - nmi_ipi_lock(); | ||
267 | - if (delay_us) { | ||
268 | - delay_us--; | ||
269 | - if (!delay_us) | ||
270 | - break; | ||
271 | - } | ||
272 | - } | ||
273 | - | ||
274 | if (!cpumask_empty(&nmi_ipi_pending_mask)) { | ||
275 | /* Timeout waiting for CPUs to call smp_handle_nmi_ipi */ | ||
276 | ret = 0; | ||
277 | cpumask_clear(&nmi_ipi_pending_mask); | ||
278 | } | ||
279 | - if (nmi_ipi_busy_count > 1) { | ||
280 | - /* Timeout waiting for CPUs to execute fn */ | ||
281 | - ret = 0; | ||
282 | - nmi_ipi_busy_count = 1; | ||
283 | - } | ||
284 | |||
285 | - nmi_ipi_busy_count--; | ||
286 | + nmi_ipi_function = NULL; | ||
287 | + nmi_ipi_busy = false; | ||
288 | + | ||
289 | nmi_ipi_unlock_end(&flags); | ||
290 | |||
291 | return ret; | ||
292 | @@ -593,17 +568,8 @@ void crash_send_ipi(void (*crash_ipi_callback)(struct pt_regs *)) | ||
293 | static void nmi_stop_this_cpu(struct pt_regs *regs) | ||
294 | { | ||
295 | /* | ||
296 | - * This is a special case because it never returns, so the NMI IPI | ||
297 | - * handling would never mark it as done, which makes any later | ||
298 | - * smp_send_nmi_ipi() call spin forever. Mark it done now. | ||
299 | - * | ||
300 | * IRQs are already hard disabled by the smp_handle_nmi_ipi. | ||
301 | */ | ||
302 | - nmi_ipi_lock(); | ||
303 | - if (nmi_ipi_busy_count > 1) | ||
304 | - nmi_ipi_busy_count--; | ||
305 | - nmi_ipi_unlock(); | ||
306 | - | ||
307 | spin_begin(); | ||
308 | while (1) | ||
309 | spin_cpu_relax(); | ||
310 | diff --git a/arch/um/drivers/port_user.c b/arch/um/drivers/port_user.c | ||
311 | index 9a8e1b64c22e..5f56d11b886f 100644 | ||
312 | --- a/arch/um/drivers/port_user.c | ||
313 | +++ b/arch/um/drivers/port_user.c | ||
314 | @@ -168,7 +168,7 @@ int port_connection(int fd, int *socket, int *pid_out) | ||
315 | { | ||
316 | int new, err; | ||
317 | char *argv[] = { "/usr/sbin/in.telnetd", "-L", | ||
318 | - "/usr/lib/uml/port-helper", NULL }; | ||
319 | + OS_LIB_PATH "/uml/port-helper", NULL }; | ||
320 | struct port_pre_exec_data data; | ||
321 | |||
322 | new = accept(fd, NULL, 0); | ||
323 | diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c | ||
324 | index acb901b43ce4..544bc2dfe408 100644 | ||
325 | --- a/arch/x86/kernel/kprobes/core.c | ||
326 | +++ b/arch/x86/kernel/kprobes/core.c | ||
327 | @@ -749,11 +749,16 @@ asm( | ||
328 | NOKPROBE_SYMBOL(kretprobe_trampoline); | ||
329 | STACK_FRAME_NON_STANDARD(kretprobe_trampoline); | ||
330 | |||
331 | +static struct kprobe kretprobe_kprobe = { | ||
332 | + .addr = (void *)kretprobe_trampoline, | ||
333 | +}; | ||
334 | + | ||
335 | /* | ||
336 | * Called from kretprobe_trampoline | ||
337 | */ | ||
338 | __visible __used void *trampoline_handler(struct pt_regs *regs) | ||
339 | { | ||
340 | + struct kprobe_ctlblk *kcb; | ||
341 | struct kretprobe_instance *ri = NULL; | ||
342 | struct hlist_head *head, empty_rp; | ||
343 | struct hlist_node *tmp; | ||
344 | @@ -763,6 +768,17 @@ __visible __used void *trampoline_handler(struct pt_regs *regs) | ||
345 | void *frame_pointer; | ||
346 | bool skipped = false; | ||
347 | |||
348 | + preempt_disable(); | ||
349 | + | ||
350 | + /* | ||
351 | + * Set a dummy kprobe for avoiding kretprobe recursion. | ||
352 | + * Since kretprobe never run in kprobe handler, kprobe must not | ||
353 | + * be running at this point. | ||
354 | + */ | ||
355 | + kcb = get_kprobe_ctlblk(); | ||
356 | + __this_cpu_write(current_kprobe, &kretprobe_kprobe); | ||
357 | + kcb->kprobe_status = KPROBE_HIT_ACTIVE; | ||
358 | + | ||
359 | INIT_HLIST_HEAD(&empty_rp); | ||
360 | kretprobe_hash_lock(current, &head, &flags); | ||
361 | /* fixup registers */ | ||
362 | @@ -838,10 +854,9 @@ __visible __used void *trampoline_handler(struct pt_regs *regs) | ||
363 | orig_ret_address = (unsigned long)ri->ret_addr; | ||
364 | if (ri->rp && ri->rp->handler) { | ||
365 | __this_cpu_write(current_kprobe, &ri->rp->kp); | ||
366 | - get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE; | ||
367 | ri->ret_addr = correct_ret_addr; | ||
368 | ri->rp->handler(ri, regs); | ||
369 | - __this_cpu_write(current_kprobe, NULL); | ||
370 | + __this_cpu_write(current_kprobe, &kretprobe_kprobe); | ||
371 | } | ||
372 | |||
373 | recycle_rp_inst(ri, &empty_rp); | ||
374 | @@ -857,6 +872,9 @@ __visible __used void *trampoline_handler(struct pt_regs *regs) | ||
375 | |||
376 | kretprobe_hash_unlock(current, &flags); | ||
377 | |||
378 | + __this_cpu_write(current_kprobe, NULL); | ||
379 | + preempt_enable(); | ||
380 | + | ||
381 | hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { | ||
382 | hlist_del(&ri->hlist); | ||
383 | kfree(ri); | ||
384 | diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c | ||
385 | index 725624b6c0c0..8fd3cedd9acc 100644 | ||
386 | --- a/arch/x86/kernel/reboot.c | ||
387 | +++ b/arch/x86/kernel/reboot.c | ||
388 | @@ -81,6 +81,19 @@ static int __init set_bios_reboot(const struct dmi_system_id *d) | ||
389 | return 0; | ||
390 | } | ||
391 | |||
392 | +/* | ||
393 | + * Some machines don't handle the default ACPI reboot method and | ||
394 | + * require the EFI reboot method: | ||
395 | + */ | ||
396 | +static int __init set_efi_reboot(const struct dmi_system_id *d) | ||
397 | +{ | ||
398 | + if (reboot_type != BOOT_EFI && !efi_runtime_disabled()) { | ||
399 | + reboot_type = BOOT_EFI; | ||
400 | + pr_info("%s series board detected. Selecting EFI-method for reboot.\n", d->ident); | ||
401 | + } | ||
402 | + return 0; | ||
403 | +} | ||
404 | + | ||
405 | void __noreturn machine_real_restart(unsigned int type) | ||
406 | { | ||
407 | local_irq_disable(); | ||
408 | @@ -166,6 +179,14 @@ static const struct dmi_system_id reboot_dmi_table[] __initconst = { | ||
409 | DMI_MATCH(DMI_PRODUCT_NAME, "AOA110"), | ||
410 | }, | ||
411 | }, | ||
412 | + { /* Handle reboot issue on Acer TravelMate X514-51T */ | ||
413 | + .callback = set_efi_reboot, | ||
414 | + .ident = "Acer TravelMate X514-51T", | ||
415 | + .matches = { | ||
416 | + DMI_MATCH(DMI_SYS_VENDOR, "Acer"), | ||
417 | + DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate X514-51T"), | ||
418 | + }, | ||
419 | + }, | ||
420 | |||
421 | /* Apple */ | ||
422 | { /* Handle problems with rebooting on Apple MacBook5 */ | ||
423 | diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S | ||
424 | index c63bab98780c..85e6d5620188 100644 | ||
425 | --- a/arch/x86/kernel/vmlinux.lds.S | ||
426 | +++ b/arch/x86/kernel/vmlinux.lds.S | ||
427 | @@ -372,7 +372,7 @@ SECTIONS | ||
428 | .bss : AT(ADDR(.bss) - LOAD_OFFSET) { | ||
429 | __bss_start = .; | ||
430 | *(.bss..page_aligned) | ||
431 | - *(.bss) | ||
432 | + *(BSS_MAIN) | ||
433 | BSS_DECRYPTED | ||
434 | . = ALIGN(PAGE_SIZE); | ||
435 | __bss_stop = .; | ||
436 | diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c | ||
437 | index 3692de84c420..d2f5aa220355 100644 | ||
438 | --- a/arch/x86/kvm/lapic.c | ||
439 | +++ b/arch/x86/kvm/lapic.c | ||
440 | @@ -133,6 +133,7 @@ static inline bool kvm_apic_map_get_logical_dest(struct kvm_apic_map *map, | ||
441 | if (offset <= max_apic_id) { | ||
442 | u8 cluster_size = min(max_apic_id - offset + 1, 16U); | ||
443 | |||
444 | + offset = array_index_nospec(offset, map->max_apic_id + 1); | ||
445 | *cluster = &map->phys_map[offset]; | ||
446 | *mask = dest_id & (0xffff >> (16 - cluster_size)); | ||
447 | } else { | ||
448 | @@ -896,7 +897,8 @@ static inline bool kvm_apic_map_get_dest_lapic(struct kvm *kvm, | ||
449 | if (irq->dest_id > map->max_apic_id) { | ||
450 | *bitmap = 0; | ||
451 | } else { | ||
452 | - *dst = &map->phys_map[irq->dest_id]; | ||
453 | + u32 dest_id = array_index_nospec(irq->dest_id, map->max_apic_id + 1); | ||
454 | + *dst = &map->phys_map[dest_id]; | ||
455 | *bitmap = 1; | ||
456 | } | ||
457 | return true; | ||
458 | diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h | ||
459 | index 0f997683404f..b3f219b7c840 100644 | ||
460 | --- a/arch/x86/kvm/trace.h | ||
461 | +++ b/arch/x86/kvm/trace.h | ||
462 | @@ -438,13 +438,13 @@ TRACE_EVENT(kvm_apic_ipi, | ||
463 | ); | ||
464 | |||
465 | TRACE_EVENT(kvm_apic_accept_irq, | ||
466 | - TP_PROTO(__u32 apicid, __u16 dm, __u8 tm, __u8 vec), | ||
467 | + TP_PROTO(__u32 apicid, __u16 dm, __u16 tm, __u8 vec), | ||
468 | TP_ARGS(apicid, dm, tm, vec), | ||
469 | |||
470 | TP_STRUCT__entry( | ||
471 | __field( __u32, apicid ) | ||
472 | __field( __u16, dm ) | ||
473 | - __field( __u8, tm ) | ||
474 | + __field( __u16, tm ) | ||
475 | __field( __u8, vec ) | ||
476 | ), | ||
477 | |||
478 | diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c | ||
479 | index c5e2c5a01182..15e8c9955b79 100644 | ||
480 | --- a/block/bfq-iosched.c | ||
481 | +++ b/block/bfq-iosched.c | ||
482 | @@ -5226,7 +5226,7 @@ static unsigned int bfq_update_depths(struct bfq_data *bfqd, | ||
483 | return min_shallow; | ||
484 | } | ||
485 | |||
486 | -static int bfq_init_hctx(struct blk_mq_hw_ctx *hctx, unsigned int index) | ||
487 | +static void bfq_depth_updated(struct blk_mq_hw_ctx *hctx) | ||
488 | { | ||
489 | struct bfq_data *bfqd = hctx->queue->elevator->elevator_data; | ||
490 | struct blk_mq_tags *tags = hctx->sched_tags; | ||
491 | @@ -5234,6 +5234,11 @@ static int bfq_init_hctx(struct blk_mq_hw_ctx *hctx, unsigned int index) | ||
492 | |||
493 | min_shallow = bfq_update_depths(bfqd, &tags->bitmap_tags); | ||
494 | sbitmap_queue_min_shallow_depth(&tags->bitmap_tags, min_shallow); | ||
495 | +} | ||
496 | + | ||
497 | +static int bfq_init_hctx(struct blk_mq_hw_ctx *hctx, unsigned int index) | ||
498 | +{ | ||
499 | + bfq_depth_updated(hctx); | ||
500 | return 0; | ||
501 | } | ||
502 | |||
503 | @@ -5656,6 +5661,7 @@ static struct elevator_type iosched_bfq_mq = { | ||
504 | .requests_merged = bfq_requests_merged, | ||
505 | .request_merged = bfq_request_merged, | ||
506 | .has_work = bfq_has_work, | ||
507 | + .depth_updated = bfq_depth_updated, | ||
508 | .init_hctx = bfq_init_hctx, | ||
509 | .init_sched = bfq_init_queue, | ||
510 | .exit_sched = bfq_exit_queue, | ||
511 | diff --git a/block/blk-mq.c b/block/blk-mq.c | ||
512 | index 414656796ecf..4e563ee462cb 100644 | ||
513 | --- a/block/blk-mq.c | ||
514 | +++ b/block/blk-mq.c | ||
515 | @@ -2887,6 +2887,8 @@ int blk_mq_update_nr_requests(struct request_queue *q, unsigned int nr) | ||
516 | } | ||
517 | if (ret) | ||
518 | break; | ||
519 | + if (q->elevator && q->elevator->type->ops.mq.depth_updated) | ||
520 | + q->elevator->type->ops.mq.depth_updated(hctx); | ||
521 | } | ||
522 | |||
523 | if (!ret) | ||
524 | diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c | ||
525 | index 925dbc751322..8340c81b258b 100644 | ||
526 | --- a/drivers/acpi/nfit/core.c | ||
527 | +++ b/drivers/acpi/nfit/core.c | ||
528 | @@ -542,6 +542,12 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, | ||
529 | goto out; | ||
530 | } | ||
531 | |||
532 | + dev_dbg(dev, "%s cmd: %s output length: %d\n", dimm_name, | ||
533 | + cmd_name, out_obj->buffer.length); | ||
534 | + print_hex_dump_debug(cmd_name, DUMP_PREFIX_OFFSET, 4, 4, | ||
535 | + out_obj->buffer.pointer, | ||
536 | + min_t(u32, 128, out_obj->buffer.length), true); | ||
537 | + | ||
538 | if (call_pkg) { | ||
539 | call_pkg->nd_fw_size = out_obj->buffer.length; | ||
540 | memcpy(call_pkg->nd_payload + call_pkg->nd_size_in, | ||
541 | @@ -560,12 +566,6 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, | ||
542 | return 0; | ||
543 | } | ||
544 | |||
545 | - dev_dbg(dev, "%s cmd: %s output length: %d\n", dimm_name, | ||
546 | - cmd_name, out_obj->buffer.length); | ||
547 | - print_hex_dump_debug(cmd_name, DUMP_PREFIX_OFFSET, 4, 4, | ||
548 | - out_obj->buffer.pointer, | ||
549 | - min_t(u32, 128, out_obj->buffer.length), true); | ||
550 | - | ||
551 | for (i = 0, offset = 0; i < desc->out_num; i++) { | ||
552 | u32 out_size = nd_cmd_out_size(nvdimm, cmd, desc, i, buf, | ||
553 | (u32 *) out_obj->buffer.pointer, | ||
554 | diff --git a/drivers/char/ipmi/ipmi_si_hardcode.c b/drivers/char/ipmi/ipmi_si_hardcode.c | ||
555 | index 9ae2405c28bb..0c28e872ad3a 100644 | ||
556 | --- a/drivers/char/ipmi/ipmi_si_hardcode.c | ||
557 | +++ b/drivers/char/ipmi/ipmi_si_hardcode.c | ||
558 | @@ -200,6 +200,8 @@ void __init ipmi_hardcode_init(void) | ||
559 | char *str; | ||
560 | char *si_type[SI_MAX_PARMS]; | ||
561 | |||
562 | + memset(si_type, 0, sizeof(si_type)); | ||
563 | + | ||
564 | /* Parse out the si_type string into its components. */ | ||
565 | str = si_type_str; | ||
566 | if (*str != '\0') { | ||
567 | diff --git a/drivers/clocksource/Kconfig b/drivers/clocksource/Kconfig | ||
568 | index c1ddafa4c299..4d37f018d846 100644 | ||
569 | --- a/drivers/clocksource/Kconfig | ||
570 | +++ b/drivers/clocksource/Kconfig | ||
571 | @@ -136,6 +136,7 @@ config VT8500_TIMER | ||
572 | config NPCM7XX_TIMER | ||
573 | bool "NPCM7xx timer driver" if COMPILE_TEST | ||
574 | depends on HAS_IOMEM | ||
575 | + select TIMER_OF | ||
576 | select CLKSRC_MMIO | ||
577 | help | ||
578 | Enable 24-bit TIMER0 and TIMER1 counters in the NPCM7xx architecture, | ||
579 | diff --git a/drivers/clocksource/timer-oxnas-rps.c b/drivers/clocksource/timer-oxnas-rps.c | ||
580 | index eed6feff8b5f..30c6f4ce672b 100644 | ||
581 | --- a/drivers/clocksource/timer-oxnas-rps.c | ||
582 | +++ b/drivers/clocksource/timer-oxnas-rps.c | ||
583 | @@ -296,4 +296,4 @@ err_alloc: | ||
584 | TIMER_OF_DECLARE(ox810se_rps, | ||
585 | "oxsemi,ox810se-rps-timer", oxnas_rps_timer_init); | ||
586 | TIMER_OF_DECLARE(ox820_rps, | ||
587 | - "oxsemi,ox820se-rps-timer", oxnas_rps_timer_init); | ||
588 | + "oxsemi,ox820-rps-timer", oxnas_rps_timer_init); | ||
589 | diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c | ||
590 | index bb0cda727605..e3f5e5d6f0c1 100644 | ||
591 | --- a/drivers/gpu/drm/amd/display/dc/core/dc.c | ||
592 | +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c | ||
593 | @@ -1213,6 +1213,11 @@ static enum surface_update_type det_surface_update(const struct dc *dc, | ||
594 | return UPDATE_TYPE_FULL; | ||
595 | } | ||
596 | |||
597 | + if (u->surface->force_full_update) { | ||
598 | + update_flags->bits.full_update = 1; | ||
599 | + return UPDATE_TYPE_FULL; | ||
600 | + } | ||
601 | + | ||
602 | type = get_plane_info_update_type(u); | ||
603 | elevate_update_type(&overall_type, type); | ||
604 | |||
605 | @@ -1467,6 +1472,14 @@ void dc_commit_updates_for_stream(struct dc *dc, | ||
606 | } | ||
607 | |||
608 | dc_resource_state_copy_construct(state, context); | ||
609 | + | ||
610 | + for (i = 0; i < dc->res_pool->pipe_count; i++) { | ||
611 | + struct pipe_ctx *new_pipe = &context->res_ctx.pipe_ctx[i]; | ||
612 | + struct pipe_ctx *old_pipe = &dc->current_state->res_ctx.pipe_ctx[i]; | ||
613 | + | ||
614 | + if (new_pipe->plane_state && new_pipe->plane_state != old_pipe->plane_state) | ||
615 | + new_pipe->plane_state->force_full_update = true; | ||
616 | + } | ||
617 | } | ||
618 | |||
619 | |||
620 | @@ -1510,6 +1523,12 @@ void dc_commit_updates_for_stream(struct dc *dc, | ||
621 | dc->current_state = context; | ||
622 | dc_release_state(old); | ||
623 | |||
624 | + for (i = 0; i < dc->res_pool->pipe_count; i++) { | ||
625 | + struct pipe_ctx *pipe_ctx = &context->res_ctx.pipe_ctx[i]; | ||
626 | + | ||
627 | + if (pipe_ctx->plane_state && pipe_ctx->stream == stream) | ||
628 | + pipe_ctx->plane_state->force_full_update = false; | ||
629 | + } | ||
630 | } | ||
631 | /*let's use current_state to update watermark etc*/ | ||
632 | if (update_type >= UPDATE_TYPE_FULL) | ||
633 | diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h | ||
634 | index 6c9990bef267..4094b4f50111 100644 | ||
635 | --- a/drivers/gpu/drm/amd/display/dc/dc.h | ||
636 | +++ b/drivers/gpu/drm/amd/display/dc/dc.h | ||
637 | @@ -505,6 +505,9 @@ struct dc_plane_state { | ||
638 | struct dc_plane_status status; | ||
639 | struct dc_context *ctx; | ||
640 | |||
641 | + /* HACK: Workaround for forcing full reprogramming under some conditions */ | ||
642 | + bool force_full_update; | ||
643 | + | ||
644 | /* private to dc_surface.c */ | ||
645 | enum dc_irq_source irq_source; | ||
646 | struct kref refcount; | ||
647 | diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c b/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c | ||
648 | index 3f5b2e6f7553..df936edac5c7 100644 | ||
649 | --- a/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c | ||
650 | +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_aux.c | ||
651 | @@ -189,6 +189,12 @@ static void submit_channel_request( | ||
652 | 1, | ||
653 | 0); | ||
654 | } | ||
655 | + | ||
656 | + REG_UPDATE(AUX_INTERRUPT_CONTROL, AUX_SW_DONE_ACK, 1); | ||
657 | + | ||
658 | + REG_WAIT(AUX_SW_STATUS, AUX_SW_DONE, 0, | ||
659 | + 10, aux110->timeout_period/10); | ||
660 | + | ||
661 | /* set the delay and the number of bytes to write */ | ||
662 | |||
663 | /* The length include | ||
664 | @@ -241,9 +247,6 @@ static void submit_channel_request( | ||
665 | } | ||
666 | } | ||
667 | |||
668 | - REG_UPDATE(AUX_INTERRUPT_CONTROL, AUX_SW_DONE_ACK, 1); | ||
669 | - REG_WAIT(AUX_SW_STATUS, AUX_SW_DONE, 0, | ||
670 | - 10, aux110->timeout_period/10); | ||
671 | REG_UPDATE(AUX_SW_CONTROL, AUX_SW_GO, 1); | ||
672 | } | ||
673 | |||
674 | diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_aux.h b/drivers/gpu/drm/amd/display/dc/dce/dce_aux.h | ||
675 | index f7caab85dc80..2c6f50b4245a 100644 | ||
676 | --- a/drivers/gpu/drm/amd/display/dc/dce/dce_aux.h | ||
677 | +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_aux.h | ||
678 | @@ -69,11 +69,11 @@ enum { /* This is the timeout as defined in DP 1.2a, | ||
679 | * at most within ~240usec. That means, | ||
680 | * increasing this timeout will not affect normal operation, | ||
681 | * and we'll timeout after | ||
682 | - * SW_AUX_TIMEOUT_PERIOD_MULTIPLIER * AUX_TIMEOUT_PERIOD = 1600usec. | ||
683 | + * SW_AUX_TIMEOUT_PERIOD_MULTIPLIER * AUX_TIMEOUT_PERIOD = 2400usec. | ||
684 | * This timeout is especially important for | ||
685 | - * resume from S3 and CTS. | ||
686 | + * converters, resume from S3, and CTS. | ||
687 | */ | ||
688 | - SW_AUX_TIMEOUT_PERIOD_MULTIPLIER = 4 | ||
689 | + SW_AUX_TIMEOUT_PERIOD_MULTIPLIER = 6 | ||
690 | }; | ||
691 | struct aux_engine_dce110 { | ||
692 | struct aux_engine base; | ||
693 | diff --git a/drivers/gpu/drm/imx/ipuv3-crtc.c b/drivers/gpu/drm/imx/ipuv3-crtc.c | ||
694 | index 7d4b710b837a..11e2dcdd6b18 100644 | ||
695 | --- a/drivers/gpu/drm/imx/ipuv3-crtc.c | ||
696 | +++ b/drivers/gpu/drm/imx/ipuv3-crtc.c | ||
697 | @@ -78,7 +78,7 @@ static void ipu_crtc_disable_planes(struct ipu_crtc *ipu_crtc, | ||
698 | if (disable_partial) | ||
699 | ipu_plane_disable(ipu_crtc->plane[1], true); | ||
700 | if (disable_full) | ||
701 | - ipu_plane_disable(ipu_crtc->plane[0], false); | ||
702 | + ipu_plane_disable(ipu_crtc->plane[0], true); | ||
703 | } | ||
704 | |||
705 | static void ipu_crtc_atomic_disable(struct drm_crtc *crtc, | ||
706 | diff --git a/drivers/gpu/drm/sun4i/sun4i_drv.c b/drivers/gpu/drm/sun4i/sun4i_drv.c | ||
707 | index 8b0cd08034e0..57f61ec4bc6b 100644 | ||
708 | --- a/drivers/gpu/drm/sun4i/sun4i_drv.c | ||
709 | +++ b/drivers/gpu/drm/sun4i/sun4i_drv.c | ||
710 | @@ -92,6 +92,8 @@ static int sun4i_drv_bind(struct device *dev) | ||
711 | ret = -ENOMEM; | ||
712 | goto free_drm; | ||
713 | } | ||
714 | + | ||
715 | + dev_set_drvdata(dev, drm); | ||
716 | drm->dev_private = drv; | ||
717 | INIT_LIST_HEAD(&drv->frontend_list); | ||
718 | INIT_LIST_HEAD(&drv->engine_list); | ||
719 | @@ -156,7 +158,10 @@ static void sun4i_drv_unbind(struct device *dev) | ||
720 | drm_kms_helper_poll_fini(drm); | ||
721 | sun4i_framebuffer_free(drm); | ||
722 | drm_mode_config_cleanup(drm); | ||
723 | + | ||
724 | + component_unbind_all(dev, NULL); | ||
725 | of_reserved_mem_device_release(dev); | ||
726 | + | ||
727 | drm_dev_put(drm); | ||
728 | } | ||
729 | |||
730 | @@ -405,6 +410,8 @@ static int sun4i_drv_probe(struct platform_device *pdev) | ||
731 | |||
732 | static int sun4i_drv_remove(struct platform_device *pdev) | ||
733 | { | ||
734 | + component_master_del(&pdev->dev, &sun4i_drv_master_ops); | ||
735 | + | ||
736 | return 0; | ||
737 | } | ||
738 | |||
739 | diff --git a/drivers/gpu/ipu-v3/ipu-dp.c b/drivers/gpu/ipu-v3/ipu-dp.c | ||
740 | index 9b2b3fa479c4..5e44ff1f2085 100644 | ||
741 | --- a/drivers/gpu/ipu-v3/ipu-dp.c | ||
742 | +++ b/drivers/gpu/ipu-v3/ipu-dp.c | ||
743 | @@ -195,7 +195,8 @@ int ipu_dp_setup_channel(struct ipu_dp *dp, | ||
744 | ipu_dp_csc_init(flow, flow->foreground.in_cs, flow->out_cs, | ||
745 | DP_COM_CONF_CSC_DEF_BOTH); | ||
746 | } else { | ||
747 | - if (flow->foreground.in_cs == flow->out_cs) | ||
748 | + if (flow->foreground.in_cs == IPUV3_COLORSPACE_UNKNOWN || | ||
749 | + flow->foreground.in_cs == flow->out_cs) | ||
750 | /* | ||
751 | * foreground identical to output, apply color | ||
752 | * conversion on background | ||
753 | @@ -261,6 +262,8 @@ void ipu_dp_disable_channel(struct ipu_dp *dp, bool sync) | ||
754 | struct ipu_dp_priv *priv = flow->priv; | ||
755 | u32 reg, csc; | ||
756 | |||
757 | + dp->in_cs = IPUV3_COLORSPACE_UNKNOWN; | ||
758 | + | ||
759 | if (!dp->foreground) | ||
760 | return; | ||
761 | |||
762 | @@ -268,8 +271,9 @@ void ipu_dp_disable_channel(struct ipu_dp *dp, bool sync) | ||
763 | |||
764 | reg = readl(flow->base + DP_COM_CONF); | ||
765 | csc = reg & DP_COM_CONF_CSC_DEF_MASK; | ||
766 | - if (csc == DP_COM_CONF_CSC_DEF_FG) | ||
767 | - reg &= ~DP_COM_CONF_CSC_DEF_MASK; | ||
768 | + reg &= ~DP_COM_CONF_CSC_DEF_MASK; | ||
769 | + if (csc == DP_COM_CONF_CSC_DEF_BOTH || csc == DP_COM_CONF_CSC_DEF_BG) | ||
770 | + reg |= DP_COM_CONF_CSC_DEF_BG; | ||
771 | |||
772 | reg &= ~DP_COM_CONF_FG_EN; | ||
773 | writel(reg, flow->base + DP_COM_CONF); | ||
774 | @@ -347,6 +351,8 @@ int ipu_dp_init(struct ipu_soc *ipu, struct device *dev, unsigned long base) | ||
775 | mutex_init(&priv->mutex); | ||
776 | |||
777 | for (i = 0; i < IPUV3_NUM_FLOWS; i++) { | ||
778 | + priv->flow[i].background.in_cs = IPUV3_COLORSPACE_UNKNOWN; | ||
779 | + priv->flow[i].foreground.in_cs = IPUV3_COLORSPACE_UNKNOWN; | ||
780 | priv->flow[i].foreground.foreground = true; | ||
781 | priv->flow[i].base = priv->base + ipu_dp_flow_base[i]; | ||
782 | priv->flow[i].priv = priv; | ||
783 | diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c | ||
784 | index e649940e065d..d988b92b20c8 100644 | ||
785 | --- a/drivers/hid/hid-input.c | ||
786 | +++ b/drivers/hid/hid-input.c | ||
787 | @@ -677,6 +677,14 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel | ||
788 | break; | ||
789 | } | ||
790 | |||
791 | + if ((usage->hid & 0xf0) == 0xb0) { /* SC - Display */ | ||
792 | + switch (usage->hid & 0xf) { | ||
793 | + case 0x05: map_key_clear(KEY_SWITCHVIDEOMODE); break; | ||
794 | + default: goto ignore; | ||
795 | + } | ||
796 | + break; | ||
797 | + } | ||
798 | + | ||
799 | /* | ||
800 | * Some lazy vendors declare 255 usages for System Control, | ||
801 | * leading to the creation of ABS_X|Y axis and too many others. | ||
802 | @@ -895,6 +903,10 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel | ||
803 | case 0x074: map_key_clear(KEY_BRIGHTNESS_MAX); break; | ||
804 | case 0x075: map_key_clear(KEY_BRIGHTNESS_AUTO); break; | ||
805 | |||
806 | + case 0x079: map_key_clear(KEY_KBDILLUMUP); break; | ||
807 | + case 0x07a: map_key_clear(KEY_KBDILLUMDOWN); break; | ||
808 | + case 0x07c: map_key_clear(KEY_KBDILLUMTOGGLE); break; | ||
809 | + | ||
810 | case 0x082: map_key_clear(KEY_VIDEO_NEXT); break; | ||
811 | case 0x083: map_key_clear(KEY_LAST); break; | ||
812 | case 0x084: map_key_clear(KEY_ENTER); break; | ||
813 | @@ -1026,6 +1038,8 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel | ||
814 | case 0x2cb: map_key_clear(KEY_KBDINPUTASSIST_ACCEPT); break; | ||
815 | case 0x2cc: map_key_clear(KEY_KBDINPUTASSIST_CANCEL); break; | ||
816 | |||
817 | + case 0x29f: map_key_clear(KEY_SCALE); break; | ||
818 | + | ||
819 | default: map_key_clear(KEY_UNKNOWN); | ||
820 | } | ||
821 | break; | ||
822 | diff --git a/drivers/hwmon/pwm-fan.c b/drivers/hwmon/pwm-fan.c | ||
823 | index 9d611dd268e1..7f01fad0d3e3 100644 | ||
824 | --- a/drivers/hwmon/pwm-fan.c | ||
825 | +++ b/drivers/hwmon/pwm-fan.c | ||
826 | @@ -250,7 +250,7 @@ static int pwm_fan_probe(struct platform_device *pdev) | ||
827 | |||
828 | ret = pwm_fan_of_get_cooling_data(&pdev->dev, ctx); | ||
829 | if (ret) | ||
830 | - return ret; | ||
831 | + goto err_pwm_disable; | ||
832 | |||
833 | ctx->pwm_fan_state = ctx->pwm_fan_max_state; | ||
834 | if (IS_ENABLED(CONFIG_THERMAL)) { | ||
835 | diff --git a/drivers/iio/adc/xilinx-xadc-core.c b/drivers/iio/adc/xilinx-xadc-core.c | ||
836 | index 3f6be5ac049a..1ae86e7359f7 100644 | ||
837 | --- a/drivers/iio/adc/xilinx-xadc-core.c | ||
838 | +++ b/drivers/iio/adc/xilinx-xadc-core.c | ||
839 | @@ -1290,6 +1290,7 @@ static int xadc_probe(struct platform_device *pdev) | ||
840 | |||
841 | err_free_irq: | ||
842 | free_irq(xadc->irq, indio_dev); | ||
843 | + cancel_delayed_work_sync(&xadc->zynq_unmask_work); | ||
844 | err_clk_disable_unprepare: | ||
845 | clk_disable_unprepare(xadc->clk); | ||
846 | err_free_samplerate_trigger: | ||
847 | @@ -1319,8 +1320,8 @@ static int xadc_remove(struct platform_device *pdev) | ||
848 | iio_triggered_buffer_cleanup(indio_dev); | ||
849 | } | ||
850 | free_irq(xadc->irq, indio_dev); | ||
851 | + cancel_delayed_work_sync(&xadc->zynq_unmask_work); | ||
852 | clk_disable_unprepare(xadc->clk); | ||
853 | - cancel_delayed_work(&xadc->zynq_unmask_work); | ||
854 | kfree(xadc->data); | ||
855 | kfree(indio_dev->channels); | ||
856 | |||
857 | diff --git a/drivers/infiniband/hw/hns/hns_roce_qp.c b/drivers/infiniband/hw/hns/hns_roce_qp.c | ||
858 | index efb7e961ca65..2fa4fb17f6d3 100644 | ||
859 | --- a/drivers/infiniband/hw/hns/hns_roce_qp.c | ||
860 | +++ b/drivers/infiniband/hw/hns/hns_roce_qp.c | ||
861 | @@ -494,7 +494,7 @@ static int hns_roce_set_kernel_sq_size(struct hns_roce_dev *hr_dev, | ||
862 | |||
863 | static int hns_roce_qp_has_sq(struct ib_qp_init_attr *attr) | ||
864 | { | ||
865 | - if (attr->qp_type == IB_QPT_XRC_TGT) | ||
866 | + if (attr->qp_type == IB_QPT_XRC_TGT || !attr->cap.max_send_wr) | ||
867 | return 0; | ||
868 | |||
869 | return 1; | ||
870 | diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c | ||
871 | index fc3ab93b7aea..7fb358f96195 100644 | ||
872 | --- a/drivers/input/rmi4/rmi_driver.c | ||
873 | +++ b/drivers/input/rmi4/rmi_driver.c | ||
874 | @@ -860,7 +860,7 @@ static int rmi_create_function(struct rmi_device *rmi_dev, | ||
875 | |||
876 | error = rmi_register_function(fn); | ||
877 | if (error) | ||
878 | - goto err_put_fn; | ||
879 | + return error; | ||
880 | |||
881 | if (pdt->function_number == 0x01) | ||
882 | data->f01_container = fn; | ||
883 | @@ -870,10 +870,6 @@ static int rmi_create_function(struct rmi_device *rmi_dev, | ||
884 | list_add_tail(&fn->node, &data->function_list); | ||
885 | |||
886 | return RMI_SCAN_CONTINUE; | ||
887 | - | ||
888 | -err_put_fn: | ||
889 | - put_device(&fn->dev); | ||
890 | - return error; | ||
891 | } | ||
892 | |||
893 | void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake) | ||
894 | diff --git a/drivers/irqchip/irq-ath79-misc.c b/drivers/irqchip/irq-ath79-misc.c | ||
895 | index aa7290784636..0390603170b4 100644 | ||
896 | --- a/drivers/irqchip/irq-ath79-misc.c | ||
897 | +++ b/drivers/irqchip/irq-ath79-misc.c | ||
898 | @@ -22,6 +22,15 @@ | ||
899 | #define AR71XX_RESET_REG_MISC_INT_ENABLE 4 | ||
900 | |||
901 | #define ATH79_MISC_IRQ_COUNT 32 | ||
902 | +#define ATH79_MISC_PERF_IRQ 5 | ||
903 | + | ||
904 | +static int ath79_perfcount_irq; | ||
905 | + | ||
906 | +int get_c0_perfcount_int(void) | ||
907 | +{ | ||
908 | + return ath79_perfcount_irq; | ||
909 | +} | ||
910 | +EXPORT_SYMBOL_GPL(get_c0_perfcount_int); | ||
911 | |||
912 | static void ath79_misc_irq_handler(struct irq_desc *desc) | ||
913 | { | ||
914 | @@ -113,6 +122,8 @@ static void __init ath79_misc_intc_domain_init( | ||
915 | { | ||
916 | void __iomem *base = domain->host_data; | ||
917 | |||
918 | + ath79_perfcount_irq = irq_create_mapping(domain, ATH79_MISC_PERF_IRQ); | ||
919 | + | ||
920 | /* Disable and clear all interrupts */ | ||
921 | __raw_writel(0, base + AR71XX_RESET_REG_MISC_INT_ENABLE); | ||
922 | __raw_writel(0, base + AR71XX_RESET_REG_MISC_INT_STATUS); | ||
923 | diff --git a/drivers/isdn/gigaset/bas-gigaset.c b/drivers/isdn/gigaset/bas-gigaset.c | ||
924 | index ecdeb89645d0..149b1aca52a2 100644 | ||
925 | --- a/drivers/isdn/gigaset/bas-gigaset.c | ||
926 | +++ b/drivers/isdn/gigaset/bas-gigaset.c | ||
927 | @@ -958,6 +958,7 @@ static void write_iso_callback(struct urb *urb) | ||
928 | */ | ||
929 | static int starturbs(struct bc_state *bcs) | ||
930 | { | ||
931 | + struct usb_device *udev = bcs->cs->hw.bas->udev; | ||
932 | struct bas_bc_state *ubc = bcs->hw.bas; | ||
933 | struct urb *urb; | ||
934 | int j, k; | ||
935 | @@ -975,8 +976,8 @@ static int starturbs(struct bc_state *bcs) | ||
936 | rc = -EFAULT; | ||
937 | goto error; | ||
938 | } | ||
939 | - usb_fill_int_urb(urb, bcs->cs->hw.bas->udev, | ||
940 | - usb_rcvisocpipe(urb->dev, 3 + 2 * bcs->channel), | ||
941 | + usb_fill_int_urb(urb, udev, | ||
942 | + usb_rcvisocpipe(udev, 3 + 2 * bcs->channel), | ||
943 | ubc->isoinbuf + k * BAS_INBUFSIZE, | ||
944 | BAS_INBUFSIZE, read_iso_callback, bcs, | ||
945 | BAS_FRAMETIME); | ||
946 | @@ -1006,8 +1007,8 @@ static int starturbs(struct bc_state *bcs) | ||
947 | rc = -EFAULT; | ||
948 | goto error; | ||
949 | } | ||
950 | - usb_fill_int_urb(urb, bcs->cs->hw.bas->udev, | ||
951 | - usb_sndisocpipe(urb->dev, 4 + 2 * bcs->channel), | ||
952 | + usb_fill_int_urb(urb, udev, | ||
953 | + usb_sndisocpipe(udev, 4 + 2 * bcs->channel), | ||
954 | ubc->isooutbuf->data, | ||
955 | sizeof(ubc->isooutbuf->data), | ||
956 | write_iso_callback, &ubc->isoouturbs[k], | ||
957 | diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c | ||
958 | index 18c0a1281914..b2abc44fa5cb 100644 | ||
959 | --- a/drivers/isdn/mISDN/socket.c | ||
960 | +++ b/drivers/isdn/mISDN/socket.c | ||
961 | @@ -711,10 +711,10 @@ base_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len) | ||
962 | struct sock *sk = sock->sk; | ||
963 | int err = 0; | ||
964 | |||
965 | - if (!maddr || maddr->family != AF_ISDN) | ||
966 | + if (addr_len < sizeof(struct sockaddr_mISDN)) | ||
967 | return -EINVAL; | ||
968 | |||
969 | - if (addr_len < sizeof(struct sockaddr_mISDN)) | ||
970 | + if (!maddr || maddr->family != AF_ISDN) | ||
971 | return -EINVAL; | ||
972 | |||
973 | lock_sock(sk); | ||
974 | diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c | ||
975 | index ae38895c44b2..828d86605fb6 100644 | ||
976 | --- a/drivers/md/raid5.c | ||
977 | +++ b/drivers/md/raid5.c | ||
978 | @@ -4221,26 +4221,15 @@ static void handle_parity_checks6(struct r5conf *conf, struct stripe_head *sh, | ||
979 | case check_state_check_result: | ||
980 | sh->check_state = check_state_idle; | ||
981 | |||
982 | + if (s->failed > 1) | ||
983 | + break; | ||
984 | /* handle a successful check operation, if parity is correct | ||
985 | * we are done. Otherwise update the mismatch count and repair | ||
986 | * parity if !MD_RECOVERY_CHECK | ||
987 | */ | ||
988 | if (sh->ops.zero_sum_result == 0) { | ||
989 | - /* both parities are correct */ | ||
990 | - if (!s->failed) | ||
991 | - set_bit(STRIPE_INSYNC, &sh->state); | ||
992 | - else { | ||
993 | - /* in contrast to the raid5 case we can validate | ||
994 | - * parity, but still have a failure to write | ||
995 | - * back | ||
996 | - */ | ||
997 | - sh->check_state = check_state_compute_result; | ||
998 | - /* Returning at this point means that we may go | ||
999 | - * off and bring p and/or q uptodate again so | ||
1000 | - * we make sure to check zero_sum_result again | ||
1001 | - * to verify if p or q need writeback | ||
1002 | - */ | ||
1003 | - } | ||
1004 | + /* Any parity checked was correct */ | ||
1005 | + set_bit(STRIPE_INSYNC, &sh->state); | ||
1006 | } else { | ||
1007 | atomic64_add(STRIPE_SECTORS, &conf->mddev->resync_mismatches); | ||
1008 | if (test_bit(MD_RECOVERY_CHECK, &conf->mddev->recovery)) { | ||
1009 | diff --git a/drivers/net/bonding/bond_options.c b/drivers/net/bonding/bond_options.c | ||
1010 | index 4d5d01cb8141..80867bd8f44c 100644 | ||
1011 | --- a/drivers/net/bonding/bond_options.c | ||
1012 | +++ b/drivers/net/bonding/bond_options.c | ||
1013 | @@ -1098,13 +1098,6 @@ static int bond_option_arp_validate_set(struct bonding *bond, | ||
1014 | { | ||
1015 | netdev_dbg(bond->dev, "Setting arp_validate to %s (%llu)\n", | ||
1016 | newval->string, newval->value); | ||
1017 | - | ||
1018 | - if (bond->dev->flags & IFF_UP) { | ||
1019 | - if (!newval->value) | ||
1020 | - bond->recv_probe = NULL; | ||
1021 | - else if (bond->params.arp_interval) | ||
1022 | - bond->recv_probe = bond_arp_rcv; | ||
1023 | - } | ||
1024 | bond->params.arp_validate = newval->value; | ||
1025 | |||
1026 | return 0; | ||
1027 | diff --git a/drivers/net/dsa/mv88e6xxx/port.c b/drivers/net/dsa/mv88e6xxx/port.c | ||
1028 | index 7fffce734f0a..fdeddbfa829d 100644 | ||
1029 | --- a/drivers/net/dsa/mv88e6xxx/port.c | ||
1030 | +++ b/drivers/net/dsa/mv88e6xxx/port.c | ||
1031 | @@ -379,18 +379,22 @@ int mv88e6390x_port_set_cmode(struct mv88e6xxx_chip *chip, int port, | ||
1032 | return 0; | ||
1033 | |||
1034 | lane = mv88e6390x_serdes_get_lane(chip, port); | ||
1035 | - if (lane < 0) | ||
1036 | + if (lane < 0 && lane != -ENODEV) | ||
1037 | return lane; | ||
1038 | |||
1039 | - if (chip->ports[port].serdes_irq) { | ||
1040 | - err = mv88e6390_serdes_irq_disable(chip, port, lane); | ||
1041 | + if (lane >= 0) { | ||
1042 | + if (chip->ports[port].serdes_irq) { | ||
1043 | + err = mv88e6390_serdes_irq_disable(chip, port, lane); | ||
1044 | + if (err) | ||
1045 | + return err; | ||
1046 | + } | ||
1047 | + | ||
1048 | + err = mv88e6390x_serdes_power(chip, port, false); | ||
1049 | if (err) | ||
1050 | return err; | ||
1051 | } | ||
1052 | |||
1053 | - err = mv88e6390x_serdes_power(chip, port, false); | ||
1054 | - if (err) | ||
1055 | - return err; | ||
1056 | + chip->ports[port].cmode = 0; | ||
1057 | |||
1058 | if (cmode) { | ||
1059 | err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_STS, ®); | ||
1060 | @@ -404,6 +408,12 @@ int mv88e6390x_port_set_cmode(struct mv88e6xxx_chip *chip, int port, | ||
1061 | if (err) | ||
1062 | return err; | ||
1063 | |||
1064 | + chip->ports[port].cmode = cmode; | ||
1065 | + | ||
1066 | + lane = mv88e6390x_serdes_get_lane(chip, port); | ||
1067 | + if (lane < 0) | ||
1068 | + return lane; | ||
1069 | + | ||
1070 | err = mv88e6390x_serdes_power(chip, port, true); | ||
1071 | if (err) | ||
1072 | return err; | ||
1073 | @@ -415,8 +425,6 @@ int mv88e6390x_port_set_cmode(struct mv88e6xxx_chip *chip, int port, | ||
1074 | } | ||
1075 | } | ||
1076 | |||
1077 | - chip->ports[port].cmode = cmode; | ||
1078 | - | ||
1079 | return 0; | ||
1080 | } | ||
1081 | |||
1082 | diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c | ||
1083 | index 7d7b51383adf..74eeb3a985bf 100644 | ||
1084 | --- a/drivers/net/ethernet/cadence/macb_main.c | ||
1085 | +++ b/drivers/net/ethernet/cadence/macb_main.c | ||
1086 | @@ -2419,12 +2419,12 @@ static int macb_open(struct net_device *dev) | ||
1087 | return err; | ||
1088 | } | ||
1089 | |||
1090 | - bp->macbgem_ops.mog_init_rings(bp); | ||
1091 | - macb_init_hw(bp); | ||
1092 | - | ||
1093 | for (q = 0, queue = bp->queues; q < bp->num_queues; ++q, ++queue) | ||
1094 | napi_enable(&queue->napi); | ||
1095 | |||
1096 | + bp->macbgem_ops.mog_init_rings(bp); | ||
1097 | + macb_init_hw(bp); | ||
1098 | + | ||
1099 | /* schedule a link state check */ | ||
1100 | phy_start(dev->phydev); | ||
1101 | |||
1102 | diff --git a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | ||
1103 | index 029730bbe7db..d7915cd68dc1 100644 | ||
1104 | --- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | ||
1105 | +++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | ||
1106 | @@ -1648,7 +1648,7 @@ static struct sk_buff *dpaa_cleanup_tx_fd(const struct dpaa_priv *priv, | ||
1107 | qm_sg_entry_get_len(&sgt[0]), dma_dir); | ||
1108 | |||
1109 | /* remaining pages were mapped with skb_frag_dma_map() */ | ||
1110 | - for (i = 1; i < nr_frags; i++) { | ||
1111 | + for (i = 1; i <= nr_frags; i++) { | ||
1112 | WARN_ON(qm_sg_entry_is_ext(&sgt[i])); | ||
1113 | |||
1114 | dma_unmap_page(dev, qm_sg_addr(&sgt[i]), | ||
1115 | diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c | ||
1116 | index 7b98bb75ba8a..ad41ace0a27a 100644 | ||
1117 | --- a/drivers/net/ethernet/freescale/fec_main.c | ||
1118 | +++ b/drivers/net/ethernet/freescale/fec_main.c | ||
1119 | @@ -1850,13 +1850,9 @@ static int fec_enet_clk_enable(struct net_device *ndev, bool enable) | ||
1120 | int ret; | ||
1121 | |||
1122 | if (enable) { | ||
1123 | - ret = clk_prepare_enable(fep->clk_ahb); | ||
1124 | - if (ret) | ||
1125 | - return ret; | ||
1126 | - | ||
1127 | ret = clk_prepare_enable(fep->clk_enet_out); | ||
1128 | if (ret) | ||
1129 | - goto failed_clk_enet_out; | ||
1130 | + return ret; | ||
1131 | |||
1132 | if (fep->clk_ptp) { | ||
1133 | mutex_lock(&fep->ptp_clk_mutex); | ||
1134 | @@ -1876,7 +1872,6 @@ static int fec_enet_clk_enable(struct net_device *ndev, bool enable) | ||
1135 | |||
1136 | phy_reset_after_clk_enable(ndev->phydev); | ||
1137 | } else { | ||
1138 | - clk_disable_unprepare(fep->clk_ahb); | ||
1139 | clk_disable_unprepare(fep->clk_enet_out); | ||
1140 | if (fep->clk_ptp) { | ||
1141 | mutex_lock(&fep->ptp_clk_mutex); | ||
1142 | @@ -1895,8 +1890,6 @@ failed_clk_ref: | ||
1143 | failed_clk_ptp: | ||
1144 | if (fep->clk_enet_out) | ||
1145 | clk_disable_unprepare(fep->clk_enet_out); | ||
1146 | -failed_clk_enet_out: | ||
1147 | - clk_disable_unprepare(fep->clk_ahb); | ||
1148 | |||
1149 | return ret; | ||
1150 | } | ||
1151 | @@ -3485,6 +3478,9 @@ fec_probe(struct platform_device *pdev) | ||
1152 | ret = clk_prepare_enable(fep->clk_ipg); | ||
1153 | if (ret) | ||
1154 | goto failed_clk_ipg; | ||
1155 | + ret = clk_prepare_enable(fep->clk_ahb); | ||
1156 | + if (ret) | ||
1157 | + goto failed_clk_ahb; | ||
1158 | |||
1159 | fep->reg_phy = devm_regulator_get(&pdev->dev, "phy"); | ||
1160 | if (!IS_ERR(fep->reg_phy)) { | ||
1161 | @@ -3578,6 +3574,9 @@ failed_reset: | ||
1162 | pm_runtime_put(&pdev->dev); | ||
1163 | pm_runtime_disable(&pdev->dev); | ||
1164 | failed_regulator: | ||
1165 | + clk_disable_unprepare(fep->clk_ahb); | ||
1166 | +failed_clk_ahb: | ||
1167 | + clk_disable_unprepare(fep->clk_ipg); | ||
1168 | failed_clk_ipg: | ||
1169 | fec_enet_clk_enable(ndev, false); | ||
1170 | failed_clk: | ||
1171 | @@ -3701,6 +3700,7 @@ static int __maybe_unused fec_runtime_suspend(struct device *dev) | ||
1172 | struct net_device *ndev = dev_get_drvdata(dev); | ||
1173 | struct fec_enet_private *fep = netdev_priv(ndev); | ||
1174 | |||
1175 | + clk_disable_unprepare(fep->clk_ahb); | ||
1176 | clk_disable_unprepare(fep->clk_ipg); | ||
1177 | |||
1178 | return 0; | ||
1179 | @@ -3710,8 +3710,20 @@ static int __maybe_unused fec_runtime_resume(struct device *dev) | ||
1180 | { | ||
1181 | struct net_device *ndev = dev_get_drvdata(dev); | ||
1182 | struct fec_enet_private *fep = netdev_priv(ndev); | ||
1183 | + int ret; | ||
1184 | |||
1185 | - return clk_prepare_enable(fep->clk_ipg); | ||
1186 | + ret = clk_prepare_enable(fep->clk_ahb); | ||
1187 | + if (ret) | ||
1188 | + return ret; | ||
1189 | + ret = clk_prepare_enable(fep->clk_ipg); | ||
1190 | + if (ret) | ||
1191 | + goto failed_clk_ipg; | ||
1192 | + | ||
1193 | + return 0; | ||
1194 | + | ||
1195 | +failed_clk_ipg: | ||
1196 | + clk_disable_unprepare(fep->clk_ahb); | ||
1197 | + return ret; | ||
1198 | } | ||
1199 | |||
1200 | static const struct dev_pm_ops fec_pm_ops = { | ||
1201 | diff --git a/drivers/net/ethernet/freescale/ucc_geth_ethtool.c b/drivers/net/ethernet/freescale/ucc_geth_ethtool.c | ||
1202 | index 0beee2cc2ddd..722b6de24816 100644 | ||
1203 | --- a/drivers/net/ethernet/freescale/ucc_geth_ethtool.c | ||
1204 | +++ b/drivers/net/ethernet/freescale/ucc_geth_ethtool.c | ||
1205 | @@ -252,14 +252,12 @@ uec_set_ringparam(struct net_device *netdev, | ||
1206 | return -EINVAL; | ||
1207 | } | ||
1208 | |||
1209 | + if (netif_running(netdev)) | ||
1210 | + return -EBUSY; | ||
1211 | + | ||
1212 | ug_info->bdRingLenRx[queue] = ring->rx_pending; | ||
1213 | ug_info->bdRingLenTx[queue] = ring->tx_pending; | ||
1214 | |||
1215 | - if (netif_running(netdev)) { | ||
1216 | - /* FIXME: restart automatically */ | ||
1217 | - netdev_info(netdev, "Please re-open the interface\n"); | ||
1218 | - } | ||
1219 | - | ||
1220 | return ret; | ||
1221 | } | ||
1222 | |||
1223 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/core.c b/drivers/net/ethernet/mellanox/mlxsw/core.c | ||
1224 | index f7154f358f27..2e6df5804b35 100644 | ||
1225 | --- a/drivers/net/ethernet/mellanox/mlxsw/core.c | ||
1226 | +++ b/drivers/net/ethernet/mellanox/mlxsw/core.c | ||
1227 | @@ -568,7 +568,7 @@ static int mlxsw_emad_init(struct mlxsw_core *mlxsw_core) | ||
1228 | if (!(mlxsw_core->bus->features & MLXSW_BUS_F_TXRX)) | ||
1229 | return 0; | ||
1230 | |||
1231 | - emad_wq = alloc_workqueue("mlxsw_core_emad", WQ_MEM_RECLAIM, 0); | ||
1232 | + emad_wq = alloc_workqueue("mlxsw_core_emad", 0, 0); | ||
1233 | if (!emad_wq) | ||
1234 | return -ENOMEM; | ||
1235 | mlxsw_core->emad_wq = emad_wq; | ||
1236 | @@ -1875,10 +1875,10 @@ static int __init mlxsw_core_module_init(void) | ||
1237 | { | ||
1238 | int err; | ||
1239 | |||
1240 | - mlxsw_wq = alloc_workqueue(mlxsw_core_driver_name, WQ_MEM_RECLAIM, 0); | ||
1241 | + mlxsw_wq = alloc_workqueue(mlxsw_core_driver_name, 0, 0); | ||
1242 | if (!mlxsw_wq) | ||
1243 | return -ENOMEM; | ||
1244 | - mlxsw_owq = alloc_ordered_workqueue("%s_ordered", WQ_MEM_RECLAIM, | ||
1245 | + mlxsw_owq = alloc_ordered_workqueue("%s_ordered", 0, | ||
1246 | mlxsw_core_driver_name); | ||
1247 | if (!mlxsw_owq) { | ||
1248 | err = -ENOMEM; | ||
1249 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | ||
1250 | index af673abdb482..a4f237f815d1 100644 | ||
1251 | --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | ||
1252 | +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | ||
1253 | @@ -1585,7 +1585,7 @@ static int mlxsw_sp_port_mdb_add(struct mlxsw_sp_port *mlxsw_sp_port, | ||
1254 | u16 fid_index; | ||
1255 | int err = 0; | ||
1256 | |||
1257 | - if (switchdev_trans_ph_prepare(trans)) | ||
1258 | + if (switchdev_trans_ph_commit(trans)) | ||
1259 | return 0; | ||
1260 | |||
1261 | bridge_port = mlxsw_sp_bridge_port_find(mlxsw_sp->bridge, orig_dev); | ||
1262 | diff --git a/drivers/net/ethernet/mscc/ocelot.c b/drivers/net/ethernet/mscc/ocelot.c | ||
1263 | index 0bdd3c400c92..10291198decd 100644 | ||
1264 | --- a/drivers/net/ethernet/mscc/ocelot.c | ||
1265 | +++ b/drivers/net/ethernet/mscc/ocelot.c | ||
1266 | @@ -605,7 +605,7 @@ static int ocelot_mact_mc_add(struct ocelot_port *port, | ||
1267 | struct netdev_hw_addr *hw_addr) | ||
1268 | { | ||
1269 | struct ocelot *ocelot = port->ocelot; | ||
1270 | - struct netdev_hw_addr *ha = kzalloc(sizeof(*ha), GFP_KERNEL); | ||
1271 | + struct netdev_hw_addr *ha = kzalloc(sizeof(*ha), GFP_ATOMIC); | ||
1272 | |||
1273 | if (!ha) | ||
1274 | return -ENOMEM; | ||
1275 | diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c | ||
1276 | index bf4302e45dcd..28f765664702 100644 | ||
1277 | --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c | ||
1278 | +++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c | ||
1279 | @@ -2365,6 +2365,7 @@ static void *__vxge_hw_blockpool_malloc(struct __vxge_hw_device *devh, u32 size, | ||
1280 | dma_object->addr))) { | ||
1281 | vxge_os_dma_free(devh->pdev, memblock, | ||
1282 | &dma_object->acc_handle); | ||
1283 | + memblock = NULL; | ||
1284 | goto exit; | ||
1285 | } | ||
1286 | |||
1287 | diff --git a/drivers/net/ethernet/qlogic/qede/qede_ptp.c b/drivers/net/ethernet/qlogic/qede/qede_ptp.c | ||
1288 | index 013ff567283c..5e574c3b625e 100644 | ||
1289 | --- a/drivers/net/ethernet/qlogic/qede/qede_ptp.c | ||
1290 | +++ b/drivers/net/ethernet/qlogic/qede/qede_ptp.c | ||
1291 | @@ -490,18 +490,17 @@ int qede_ptp_enable(struct qede_dev *edev, bool init_tc) | ||
1292 | |||
1293 | ptp->clock = ptp_clock_register(&ptp->clock_info, &edev->pdev->dev); | ||
1294 | if (IS_ERR(ptp->clock)) { | ||
1295 | - rc = -EINVAL; | ||
1296 | DP_ERR(edev, "PTP clock registration failed\n"); | ||
1297 | + qede_ptp_disable(edev); | ||
1298 | + rc = -EINVAL; | ||
1299 | goto err2; | ||
1300 | } | ||
1301 | |||
1302 | return 0; | ||
1303 | |||
1304 | -err2: | ||
1305 | - qede_ptp_disable(edev); | ||
1306 | - ptp->clock = NULL; | ||
1307 | err1: | ||
1308 | kfree(ptp); | ||
1309 | +err2: | ||
1310 | edev->ptp = NULL; | ||
1311 | |||
1312 | return rc; | ||
1313 | diff --git a/drivers/net/ethernet/seeq/sgiseeq.c b/drivers/net/ethernet/seeq/sgiseeq.c | ||
1314 | index 70cce63a6081..696037d5ac3d 100644 | ||
1315 | --- a/drivers/net/ethernet/seeq/sgiseeq.c | ||
1316 | +++ b/drivers/net/ethernet/seeq/sgiseeq.c | ||
1317 | @@ -735,6 +735,7 @@ static int sgiseeq_probe(struct platform_device *pdev) | ||
1318 | } | ||
1319 | |||
1320 | platform_set_drvdata(pdev, dev); | ||
1321 | + SET_NETDEV_DEV(dev, &pdev->dev); | ||
1322 | sp = netdev_priv(dev); | ||
1323 | |||
1324 | /* Make private data page aligned */ | ||
1325 | diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | ||
1326 | index 0f660af01a4b..49a896a16391 100644 | ||
1327 | --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | ||
1328 | +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | ||
1329 | @@ -1015,6 +1015,8 @@ static struct mac_device_info *sun8i_dwmac_setup(void *ppriv) | ||
1330 | mac->mac = &sun8i_dwmac_ops; | ||
1331 | mac->dma = &sun8i_dwmac_dma_ops; | ||
1332 | |||
1333 | + priv->dev->priv_flags |= IFF_UNICAST_FLT; | ||
1334 | + | ||
1335 | /* The loopback bit seems to be re-set when link change | ||
1336 | * Simply mask it each time | ||
1337 | * Speed 10/100/1000 are set in BIT(2)/BIT(3) | ||
1338 | diff --git a/drivers/net/phy/spi_ks8995.c b/drivers/net/phy/spi_ks8995.c | ||
1339 | index f17b3441779b..d8ea4147dfe7 100644 | ||
1340 | --- a/drivers/net/phy/spi_ks8995.c | ||
1341 | +++ b/drivers/net/phy/spi_ks8995.c | ||
1342 | @@ -162,6 +162,14 @@ static const struct spi_device_id ks8995_id[] = { | ||
1343 | }; | ||
1344 | MODULE_DEVICE_TABLE(spi, ks8995_id); | ||
1345 | |||
1346 | +static const struct of_device_id ks8895_spi_of_match[] = { | ||
1347 | + { .compatible = "micrel,ks8995" }, | ||
1348 | + { .compatible = "micrel,ksz8864" }, | ||
1349 | + { .compatible = "micrel,ksz8795" }, | ||
1350 | + { }, | ||
1351 | + }; | ||
1352 | +MODULE_DEVICE_TABLE(of, ks8895_spi_of_match); | ||
1353 | + | ||
1354 | static inline u8 get_chip_id(u8 val) | ||
1355 | { | ||
1356 | return (val >> ID1_CHIPID_S) & ID1_CHIPID_M; | ||
1357 | @@ -529,6 +537,7 @@ static int ks8995_remove(struct spi_device *spi) | ||
1358 | static struct spi_driver ks8995_driver = { | ||
1359 | .driver = { | ||
1360 | .name = "spi-ks8995", | ||
1361 | + .of_match_table = of_match_ptr(ks8895_spi_of_match), | ||
1362 | }, | ||
1363 | .probe = ks8995_probe, | ||
1364 | .remove = ks8995_remove, | ||
1365 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c | ||
1366 | index 044d5c3a4d04..78d34e0306e0 100644 | ||
1367 | --- a/drivers/net/tun.c | ||
1368 | +++ b/drivers/net/tun.c | ||
1369 | @@ -599,13 +599,18 @@ static u16 tun_automq_select_queue(struct tun_struct *tun, struct sk_buff *skb) | ||
1370 | static u16 tun_ebpf_select_queue(struct tun_struct *tun, struct sk_buff *skb) | ||
1371 | { | ||
1372 | struct tun_prog *prog; | ||
1373 | + u32 numqueues; | ||
1374 | u16 ret = 0; | ||
1375 | |||
1376 | + numqueues = READ_ONCE(tun->numqueues); | ||
1377 | + if (!numqueues) | ||
1378 | + return 0; | ||
1379 | + | ||
1380 | prog = rcu_dereference(tun->steering_prog); | ||
1381 | if (prog) | ||
1382 | ret = bpf_prog_run_clear_cb(prog->prog, skb); | ||
1383 | |||
1384 | - return ret % tun->numqueues; | ||
1385 | + return ret % numqueues; | ||
1386 | } | ||
1387 | |||
1388 | static u16 tun_select_queue(struct net_device *dev, struct sk_buff *skb, | ||
1389 | @@ -703,6 +708,8 @@ static void __tun_detach(struct tun_file *tfile, bool clean) | ||
1390 | tun->tfiles[tun->numqueues - 1]); | ||
1391 | ntfile = rtnl_dereference(tun->tfiles[index]); | ||
1392 | ntfile->queue_index = index; | ||
1393 | + rcu_assign_pointer(tun->tfiles[tun->numqueues - 1], | ||
1394 | + NULL); | ||
1395 | |||
1396 | --tun->numqueues; | ||
1397 | if (clean) { | ||
1398 | @@ -1085,7 +1092,7 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev) | ||
1399 | tfile = rcu_dereference(tun->tfiles[txq]); | ||
1400 | |||
1401 | /* Drop packet if interface is not attached */ | ||
1402 | - if (txq >= tun->numqueues) | ||
1403 | + if (!tfile) | ||
1404 | goto drop; | ||
1405 | |||
1406 | if (!rcu_dereference(tun->steering_prog)) | ||
1407 | @@ -1276,6 +1283,7 @@ static int tun_xdp_xmit(struct net_device *dev, int n, | ||
1408 | |||
1409 | rcu_read_lock(); | ||
1410 | |||
1411 | +resample: | ||
1412 | numqueues = READ_ONCE(tun->numqueues); | ||
1413 | if (!numqueues) { | ||
1414 | rcu_read_unlock(); | ||
1415 | @@ -1284,6 +1292,8 @@ static int tun_xdp_xmit(struct net_device *dev, int n, | ||
1416 | |||
1417 | tfile = rcu_dereference(tun->tfiles[smp_processor_id() % | ||
1418 | numqueues]); | ||
1419 | + if (unlikely(!tfile)) | ||
1420 | + goto resample; | ||
1421 | |||
1422 | spin_lock(&tfile->tx_ring.producer_lock); | ||
1423 | for (i = 0; i < n; i++) { | ||
1424 | diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c | ||
1425 | index 8e4e9b6919e0..ffc565ac2192 100644 | ||
1426 | --- a/drivers/net/wireless/marvell/mwl8k.c | ||
1427 | +++ b/drivers/net/wireless/marvell/mwl8k.c | ||
1428 | @@ -441,6 +441,9 @@ static const struct ieee80211_rate mwl8k_rates_50[] = { | ||
1429 | #define MWL8K_CMD_UPDATE_STADB 0x1123 | ||
1430 | #define MWL8K_CMD_BASTREAM 0x1125 | ||
1431 | |||
1432 | +#define MWL8K_LEGACY_5G_RATE_OFFSET \ | ||
1433 | + (ARRAY_SIZE(mwl8k_rates_24) - ARRAY_SIZE(mwl8k_rates_50)) | ||
1434 | + | ||
1435 | static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize) | ||
1436 | { | ||
1437 | u16 command = le16_to_cpu(cmd); | ||
1438 | @@ -1016,8 +1019,9 @@ mwl8k_rxd_ap_process(void *_rxd, struct ieee80211_rx_status *status, | ||
1439 | |||
1440 | if (rxd->channel > 14) { | ||
1441 | status->band = NL80211_BAND_5GHZ; | ||
1442 | - if (!(status->encoding == RX_ENC_HT)) | ||
1443 | - status->rate_idx -= 5; | ||
1444 | + if (!(status->encoding == RX_ENC_HT) && | ||
1445 | + status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET) | ||
1446 | + status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET; | ||
1447 | } else { | ||
1448 | status->band = NL80211_BAND_2GHZ; | ||
1449 | } | ||
1450 | @@ -1124,8 +1128,9 @@ mwl8k_rxd_sta_process(void *_rxd, struct ieee80211_rx_status *status, | ||
1451 | |||
1452 | if (rxd->channel > 14) { | ||
1453 | status->band = NL80211_BAND_5GHZ; | ||
1454 | - if (!(status->encoding == RX_ENC_HT)) | ||
1455 | - status->rate_idx -= 5; | ||
1456 | + if (!(status->encoding == RX_ENC_HT) && | ||
1457 | + status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET) | ||
1458 | + status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET; | ||
1459 | } else { | ||
1460 | status->band = NL80211_BAND_2GHZ; | ||
1461 | } | ||
1462 | diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hw.c | ||
1463 | index 545115db507e..4dc9f4e96263 100644 | ||
1464 | --- a/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hw.c | ||
1465 | +++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723ae/hw.c | ||
1466 | @@ -1699,6 +1699,7 @@ static void _rtl8723e_read_adapter_info(struct ieee80211_hw *hw, | ||
1467 | rtlhal->oem_id = RT_CID_819X_LENOVO; | ||
1468 | break; | ||
1469 | } | ||
1470 | + break; | ||
1471 | case 0x1025: | ||
1472 | rtlhal->oem_id = RT_CID_819X_ACER; | ||
1473 | break; | ||
1474 | diff --git a/drivers/net/wireless/st/cw1200/scan.c b/drivers/net/wireless/st/cw1200/scan.c | ||
1475 | index 0a9eac93dd01..71e9b91cf15b 100644 | ||
1476 | --- a/drivers/net/wireless/st/cw1200/scan.c | ||
1477 | +++ b/drivers/net/wireless/st/cw1200/scan.c | ||
1478 | @@ -84,8 +84,11 @@ int cw1200_hw_scan(struct ieee80211_hw *hw, | ||
1479 | |||
1480 | frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0, | ||
1481 | req->ie_len); | ||
1482 | - if (!frame.skb) | ||
1483 | + if (!frame.skb) { | ||
1484 | + mutex_unlock(&priv->conf_mutex); | ||
1485 | + up(&priv->scan.lock); | ||
1486 | return -ENOMEM; | ||
1487 | + } | ||
1488 | |||
1489 | if (req->ie_len) | ||
1490 | skb_put_data(frame.skb, req->ie, req->ie_len); | ||
1491 | diff --git a/drivers/nfc/st95hf/core.c b/drivers/nfc/st95hf/core.c | ||
1492 | index 2b26f762fbc3..01acb6e53365 100644 | ||
1493 | --- a/drivers/nfc/st95hf/core.c | ||
1494 | +++ b/drivers/nfc/st95hf/core.c | ||
1495 | @@ -1074,6 +1074,12 @@ static const struct spi_device_id st95hf_id[] = { | ||
1496 | }; | ||
1497 | MODULE_DEVICE_TABLE(spi, st95hf_id); | ||
1498 | |||
1499 | +static const struct of_device_id st95hf_spi_of_match[] = { | ||
1500 | + { .compatible = "st,st95hf" }, | ||
1501 | + { }, | ||
1502 | +}; | ||
1503 | +MODULE_DEVICE_TABLE(of, st95hf_spi_of_match); | ||
1504 | + | ||
1505 | static int st95hf_probe(struct spi_device *nfc_spi_dev) | ||
1506 | { | ||
1507 | int ret; | ||
1508 | @@ -1260,6 +1266,7 @@ static struct spi_driver st95hf_driver = { | ||
1509 | .driver = { | ||
1510 | .name = "st95hf", | ||
1511 | .owner = THIS_MODULE, | ||
1512 | + .of_match_table = of_match_ptr(st95hf_spi_of_match), | ||
1513 | }, | ||
1514 | .id_table = st95hf_id, | ||
1515 | .probe = st95hf_probe, | ||
1516 | diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c | ||
1517 | index 795ad4ff35ca..e341498876ca 100644 | ||
1518 | --- a/drivers/nvdimm/btt_devs.c | ||
1519 | +++ b/drivers/nvdimm/btt_devs.c | ||
1520 | @@ -190,14 +190,15 @@ static struct device *__nd_btt_create(struct nd_region *nd_region, | ||
1521 | return NULL; | ||
1522 | |||
1523 | nd_btt->id = ida_simple_get(&nd_region->btt_ida, 0, 0, GFP_KERNEL); | ||
1524 | - if (nd_btt->id < 0) { | ||
1525 | - kfree(nd_btt); | ||
1526 | - return NULL; | ||
1527 | - } | ||
1528 | + if (nd_btt->id < 0) | ||
1529 | + goto out_nd_btt; | ||
1530 | |||
1531 | nd_btt->lbasize = lbasize; | ||
1532 | - if (uuid) | ||
1533 | + if (uuid) { | ||
1534 | uuid = kmemdup(uuid, 16, GFP_KERNEL); | ||
1535 | + if (!uuid) | ||
1536 | + goto out_put_id; | ||
1537 | + } | ||
1538 | nd_btt->uuid = uuid; | ||
1539 | dev = &nd_btt->dev; | ||
1540 | dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id); | ||
1541 | @@ -212,6 +213,13 @@ static struct device *__nd_btt_create(struct nd_region *nd_region, | ||
1542 | return NULL; | ||
1543 | } | ||
1544 | return dev; | ||
1545 | + | ||
1546 | +out_put_id: | ||
1547 | + ida_simple_remove(&nd_region->btt_ida, nd_btt->id); | ||
1548 | + | ||
1549 | +out_nd_btt: | ||
1550 | + kfree(nd_btt); | ||
1551 | + return NULL; | ||
1552 | } | ||
1553 | |||
1554 | struct device *nd_btt_create(struct nd_region *nd_region) | ||
1555 | diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c | ||
1556 | index 54d79837f7c6..73a444c41cde 100644 | ||
1557 | --- a/drivers/nvdimm/namespace_devs.c | ||
1558 | +++ b/drivers/nvdimm/namespace_devs.c | ||
1559 | @@ -2251,9 +2251,12 @@ static struct device *create_namespace_blk(struct nd_region *nd_region, | ||
1560 | if (!nsblk->uuid) | ||
1561 | goto blk_err; | ||
1562 | memcpy(name, nd_label->name, NSLABEL_NAME_LEN); | ||
1563 | - if (name[0]) | ||
1564 | + if (name[0]) { | ||
1565 | nsblk->alt_name = kmemdup(name, NSLABEL_NAME_LEN, | ||
1566 | GFP_KERNEL); | ||
1567 | + if (!nsblk->alt_name) | ||
1568 | + goto blk_err; | ||
1569 | + } | ||
1570 | res = nsblk_add_resource(nd_region, ndd, nsblk, | ||
1571 | __le64_to_cpu(nd_label->dpa)); | ||
1572 | if (!res) | ||
1573 | diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c | ||
1574 | index 1d432c5ed275..cff027fc2676 100644 | ||
1575 | --- a/drivers/nvdimm/pmem.c | ||
1576 | +++ b/drivers/nvdimm/pmem.c | ||
1577 | @@ -113,13 +113,13 @@ static void write_pmem(void *pmem_addr, struct page *page, | ||
1578 | |||
1579 | while (len) { | ||
1580 | mem = kmap_atomic(page); | ||
1581 | - chunk = min_t(unsigned int, len, PAGE_SIZE); | ||
1582 | + chunk = min_t(unsigned int, len, PAGE_SIZE - off); | ||
1583 | memcpy_flushcache(pmem_addr, mem + off, chunk); | ||
1584 | kunmap_atomic(mem); | ||
1585 | len -= chunk; | ||
1586 | off = 0; | ||
1587 | page++; | ||
1588 | - pmem_addr += PAGE_SIZE; | ||
1589 | + pmem_addr += chunk; | ||
1590 | } | ||
1591 | } | ||
1592 | |||
1593 | @@ -132,7 +132,7 @@ static blk_status_t read_pmem(struct page *page, unsigned int off, | ||
1594 | |||
1595 | while (len) { | ||
1596 | mem = kmap_atomic(page); | ||
1597 | - chunk = min_t(unsigned int, len, PAGE_SIZE); | ||
1598 | + chunk = min_t(unsigned int, len, PAGE_SIZE - off); | ||
1599 | rem = memcpy_mcsafe(mem + off, pmem_addr, chunk); | ||
1600 | kunmap_atomic(mem); | ||
1601 | if (rem) | ||
1602 | @@ -140,7 +140,7 @@ static blk_status_t read_pmem(struct page *page, unsigned int off, | ||
1603 | len -= chunk; | ||
1604 | off = 0; | ||
1605 | page++; | ||
1606 | - pmem_addr += PAGE_SIZE; | ||
1607 | + pmem_addr += chunk; | ||
1608 | } | ||
1609 | return BLK_STS_OK; | ||
1610 | } | ||
1611 | diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c | ||
1612 | index 9ba4d12c179c..808a182830e5 100644 | ||
1613 | --- a/drivers/pci/controller/pci-hyperv.c | ||
1614 | +++ b/drivers/pci/controller/pci-hyperv.c | ||
1615 | @@ -1491,6 +1491,21 @@ static void hv_pci_assign_slots(struct hv_pcibus_device *hbus) | ||
1616 | } | ||
1617 | } | ||
1618 | |||
1619 | +/* | ||
1620 | + * Remove entries in sysfs pci slot directory. | ||
1621 | + */ | ||
1622 | +static void hv_pci_remove_slots(struct hv_pcibus_device *hbus) | ||
1623 | +{ | ||
1624 | + struct hv_pci_dev *hpdev; | ||
1625 | + | ||
1626 | + list_for_each_entry(hpdev, &hbus->children, list_entry) { | ||
1627 | + if (!hpdev->pci_slot) | ||
1628 | + continue; | ||
1629 | + pci_destroy_slot(hpdev->pci_slot); | ||
1630 | + hpdev->pci_slot = NULL; | ||
1631 | + } | ||
1632 | +} | ||
1633 | + | ||
1634 | /** | ||
1635 | * create_root_hv_pci_bus() - Expose a new root PCI bus | ||
1636 | * @hbus: Root PCI bus, as understood by this driver | ||
1637 | @@ -1766,6 +1781,10 @@ static void pci_devices_present_work(struct work_struct *work) | ||
1638 | hpdev = list_first_entry(&removed, struct hv_pci_dev, | ||
1639 | list_entry); | ||
1640 | list_del(&hpdev->list_entry); | ||
1641 | + | ||
1642 | + if (hpdev->pci_slot) | ||
1643 | + pci_destroy_slot(hpdev->pci_slot); | ||
1644 | + | ||
1645 | put_pcichild(hpdev); | ||
1646 | } | ||
1647 | |||
1648 | @@ -1905,6 +1924,9 @@ static void hv_eject_device_work(struct work_struct *work) | ||
1649 | sizeof(*ejct_pkt), (unsigned long)&ctxt.pkt, | ||
1650 | VM_PKT_DATA_INBAND, 0); | ||
1651 | |||
1652 | + /* For the get_pcichild() in hv_pci_eject_device() */ | ||
1653 | + put_pcichild(hpdev); | ||
1654 | + /* For the two refs got in new_pcichild_device() */ | ||
1655 | put_pcichild(hpdev); | ||
1656 | put_pcichild(hpdev); | ||
1657 | put_hvpcibus(hpdev->hbus); | ||
1658 | @@ -2682,6 +2704,7 @@ static int hv_pci_remove(struct hv_device *hdev) | ||
1659 | pci_lock_rescan_remove(); | ||
1660 | pci_stop_root_bus(hbus->pci_bus); | ||
1661 | pci_remove_root_bus(hbus->pci_bus); | ||
1662 | + hv_pci_remove_slots(hbus); | ||
1663 | pci_unlock_rescan_remove(); | ||
1664 | hbus->state = hv_pcibus_removed; | ||
1665 | } | ||
1666 | diff --git a/drivers/platform/x86/dell-laptop.c b/drivers/platform/x86/dell-laptop.c | ||
1667 | index 06978c14c83b..3433986d5220 100644 | ||
1668 | --- a/drivers/platform/x86/dell-laptop.c | ||
1669 | +++ b/drivers/platform/x86/dell-laptop.c | ||
1670 | @@ -532,7 +532,7 @@ static void dell_rfkill_query(struct rfkill *rfkill, void *data) | ||
1671 | return; | ||
1672 | } | ||
1673 | |||
1674 | - dell_fill_request(&buffer, 0, 0x2, 0, 0); | ||
1675 | + dell_fill_request(&buffer, 0x2, 0, 0, 0); | ||
1676 | ret = dell_send_request(&buffer, CLASS_INFO, SELECT_RFKILL); | ||
1677 | hwswitch = buffer.output[1]; | ||
1678 | |||
1679 | @@ -563,7 +563,7 @@ static int dell_debugfs_show(struct seq_file *s, void *data) | ||
1680 | return ret; | ||
1681 | status = buffer.output[1]; | ||
1682 | |||
1683 | - dell_fill_request(&buffer, 0, 0x2, 0, 0); | ||
1684 | + dell_fill_request(&buffer, 0x2, 0, 0, 0); | ||
1685 | hwswitch_ret = dell_send_request(&buffer, CLASS_INFO, SELECT_RFKILL); | ||
1686 | if (hwswitch_ret) | ||
1687 | return hwswitch_ret; | ||
1688 | @@ -648,7 +648,7 @@ static void dell_update_rfkill(struct work_struct *ignored) | ||
1689 | if (ret != 0) | ||
1690 | return; | ||
1691 | |||
1692 | - dell_fill_request(&buffer, 0, 0x2, 0, 0); | ||
1693 | + dell_fill_request(&buffer, 0x2, 0, 0, 0); | ||
1694 | ret = dell_send_request(&buffer, CLASS_INFO, SELECT_RFKILL); | ||
1695 | |||
1696 | if (ret == 0 && (status & BIT(0))) | ||
1697 | diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c | ||
1698 | index b205b037fd61..b50f8f73fb47 100644 | ||
1699 | --- a/drivers/platform/x86/sony-laptop.c | ||
1700 | +++ b/drivers/platform/x86/sony-laptop.c | ||
1701 | @@ -4424,14 +4424,16 @@ sony_pic_read_possible_resource(struct acpi_resource *resource, void *context) | ||
1702 | } | ||
1703 | return AE_OK; | ||
1704 | } | ||
1705 | + | ||
1706 | + case ACPI_RESOURCE_TYPE_END_TAG: | ||
1707 | + return AE_OK; | ||
1708 | + | ||
1709 | default: | ||
1710 | dprintk("Resource %d isn't an IRQ nor an IO port\n", | ||
1711 | resource->type); | ||
1712 | + return AE_CTRL_TERMINATE; | ||
1713 | |||
1714 | - case ACPI_RESOURCE_TYPE_END_TAG: | ||
1715 | - return AE_OK; | ||
1716 | } | ||
1717 | - return AE_CTRL_TERMINATE; | ||
1718 | } | ||
1719 | |||
1720 | static int sony_pic_possible_resources(struct acpi_device *device) | ||
1721 | diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c | ||
1722 | index fde08a997557..8f85bb4fe784 100644 | ||
1723 | --- a/drivers/platform/x86/thinkpad_acpi.c | ||
1724 | +++ b/drivers/platform/x86/thinkpad_acpi.c | ||
1725 | @@ -79,7 +79,7 @@ | ||
1726 | #include <linux/jiffies.h> | ||
1727 | #include <linux/workqueue.h> | ||
1728 | #include <linux/acpi.h> | ||
1729 | -#include <linux/pci_ids.h> | ||
1730 | +#include <linux/pci.h> | ||
1731 | #include <linux/power_supply.h> | ||
1732 | #include <linux/thinkpad_acpi.h> | ||
1733 | #include <sound/core.h> | ||
1734 | @@ -4496,6 +4496,74 @@ static void bluetooth_exit(void) | ||
1735 | bluetooth_shutdown(); | ||
1736 | } | ||
1737 | |||
1738 | +static const struct dmi_system_id bt_fwbug_list[] __initconst = { | ||
1739 | + { | ||
1740 | + .ident = "ThinkPad E485", | ||
1741 | + .matches = { | ||
1742 | + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), | ||
1743 | + DMI_MATCH(DMI_BOARD_NAME, "20KU"), | ||
1744 | + }, | ||
1745 | + }, | ||
1746 | + { | ||
1747 | + .ident = "ThinkPad E585", | ||
1748 | + .matches = { | ||
1749 | + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), | ||
1750 | + DMI_MATCH(DMI_BOARD_NAME, "20KV"), | ||
1751 | + }, | ||
1752 | + }, | ||
1753 | + { | ||
1754 | + .ident = "ThinkPad A285 - 20MW", | ||
1755 | + .matches = { | ||
1756 | + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), | ||
1757 | + DMI_MATCH(DMI_BOARD_NAME, "20MW"), | ||
1758 | + }, | ||
1759 | + }, | ||
1760 | + { | ||
1761 | + .ident = "ThinkPad A285 - 20MX", | ||
1762 | + .matches = { | ||
1763 | + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), | ||
1764 | + DMI_MATCH(DMI_BOARD_NAME, "20MX"), | ||
1765 | + }, | ||
1766 | + }, | ||
1767 | + { | ||
1768 | + .ident = "ThinkPad A485 - 20MU", | ||
1769 | + .matches = { | ||
1770 | + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), | ||
1771 | + DMI_MATCH(DMI_BOARD_NAME, "20MU"), | ||
1772 | + }, | ||
1773 | + }, | ||
1774 | + { | ||
1775 | + .ident = "ThinkPad A485 - 20MV", | ||
1776 | + .matches = { | ||
1777 | + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), | ||
1778 | + DMI_MATCH(DMI_BOARD_NAME, "20MV"), | ||
1779 | + }, | ||
1780 | + }, | ||
1781 | + {} | ||
1782 | +}; | ||
1783 | + | ||
1784 | +static const struct pci_device_id fwbug_cards_ids[] __initconst = { | ||
1785 | + { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x24F3) }, | ||
1786 | + { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x24FD) }, | ||
1787 | + { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x2526) }, | ||
1788 | + {} | ||
1789 | +}; | ||
1790 | + | ||
1791 | + | ||
1792 | +static int __init have_bt_fwbug(void) | ||
1793 | +{ | ||
1794 | + /* | ||
1795 | + * Some AMD based ThinkPads have a firmware bug that calling | ||
1796 | + * "GBDC" will cause bluetooth on Intel wireless cards blocked | ||
1797 | + */ | ||
1798 | + if (dmi_check_system(bt_fwbug_list) && pci_dev_present(fwbug_cards_ids)) { | ||
1799 | + vdbg_printk(TPACPI_DBG_INIT | TPACPI_DBG_RFKILL, | ||
1800 | + FW_BUG "disable bluetooth subdriver for Intel cards\n"); | ||
1801 | + return 1; | ||
1802 | + } else | ||
1803 | + return 0; | ||
1804 | +} | ||
1805 | + | ||
1806 | static int __init bluetooth_init(struct ibm_init_struct *iibm) | ||
1807 | { | ||
1808 | int res; | ||
1809 | @@ -4508,7 +4576,7 @@ static int __init bluetooth_init(struct ibm_init_struct *iibm) | ||
1810 | |||
1811 | /* bluetooth not supported on 570, 600e/x, 770e, 770x, A21e, A2xm/p, | ||
1812 | G4x, R30, R31, R40e, R50e, T20-22, X20-21 */ | ||
1813 | - tp_features.bluetooth = hkey_handle && | ||
1814 | + tp_features.bluetooth = !have_bt_fwbug() && hkey_handle && | ||
1815 | acpi_evalf(hkey_handle, &status, "GBDC", "qd"); | ||
1816 | |||
1817 | vdbg_printk(TPACPI_DBG_INIT | TPACPI_DBG_RFKILL, | ||
1818 | diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c | ||
1819 | index 6e294b4d3635..f89f9d02e788 100644 | ||
1820 | --- a/drivers/s390/block/dasd_eckd.c | ||
1821 | +++ b/drivers/s390/block/dasd_eckd.c | ||
1822 | @@ -2004,14 +2004,14 @@ static int dasd_eckd_end_analysis(struct dasd_block *block) | ||
1823 | blk_per_trk = recs_per_track(&private->rdc_data, 0, block->bp_block); | ||
1824 | |||
1825 | raw: | ||
1826 | - block->blocks = (private->real_cyl * | ||
1827 | + block->blocks = ((unsigned long) private->real_cyl * | ||
1828 | private->rdc_data.trk_per_cyl * | ||
1829 | blk_per_trk); | ||
1830 | |||
1831 | dev_info(&device->cdev->dev, | ||
1832 | - "DASD with %d KB/block, %d KB total size, %d KB/track, " | ||
1833 | + "DASD with %u KB/block, %lu KB total size, %u KB/track, " | ||
1834 | "%s\n", (block->bp_block >> 10), | ||
1835 | - ((private->real_cyl * | ||
1836 | + (((unsigned long) private->real_cyl * | ||
1837 | private->rdc_data.trk_per_cyl * | ||
1838 | blk_per_trk * (block->bp_block >> 9)) >> 1), | ||
1839 | ((blk_per_trk * block->bp_block) >> 10), | ||
1840 | diff --git a/drivers/s390/char/con3270.c b/drivers/s390/char/con3270.c | ||
1841 | index fd2146bcc0ad..e17364e13d2f 100644 | ||
1842 | --- a/drivers/s390/char/con3270.c | ||
1843 | +++ b/drivers/s390/char/con3270.c | ||
1844 | @@ -629,7 +629,7 @@ con3270_init(void) | ||
1845 | (void (*)(unsigned long)) con3270_read_tasklet, | ||
1846 | (unsigned long) condev->read); | ||
1847 | |||
1848 | - raw3270_add_view(&condev->view, &con3270_fn, 1); | ||
1849 | + raw3270_add_view(&condev->view, &con3270_fn, 1, RAW3270_VIEW_LOCK_IRQ); | ||
1850 | |||
1851 | INIT_LIST_HEAD(&condev->freemem); | ||
1852 | for (i = 0; i < CON3270_STRING_PAGES; i++) { | ||
1853 | diff --git a/drivers/s390/char/fs3270.c b/drivers/s390/char/fs3270.c | ||
1854 | index 16a4e8528bbc..2f9905ee047c 100644 | ||
1855 | --- a/drivers/s390/char/fs3270.c | ||
1856 | +++ b/drivers/s390/char/fs3270.c | ||
1857 | @@ -463,7 +463,8 @@ fs3270_open(struct inode *inode, struct file *filp) | ||
1858 | |||
1859 | init_waitqueue_head(&fp->wait); | ||
1860 | fp->fs_pid = get_pid(task_pid(current)); | ||
1861 | - rc = raw3270_add_view(&fp->view, &fs3270_fn, minor); | ||
1862 | + rc = raw3270_add_view(&fp->view, &fs3270_fn, minor, | ||
1863 | + RAW3270_VIEW_LOCK_BH); | ||
1864 | if (rc) { | ||
1865 | fs3270_free_view(&fp->view); | ||
1866 | goto out; | ||
1867 | diff --git a/drivers/s390/char/raw3270.c b/drivers/s390/char/raw3270.c | ||
1868 | index f8cd2935fbfd..63a41b168761 100644 | ||
1869 | --- a/drivers/s390/char/raw3270.c | ||
1870 | +++ b/drivers/s390/char/raw3270.c | ||
1871 | @@ -920,7 +920,7 @@ raw3270_deactivate_view(struct raw3270_view *view) | ||
1872 | * Add view to device with minor "minor". | ||
1873 | */ | ||
1874 | int | ||
1875 | -raw3270_add_view(struct raw3270_view *view, struct raw3270_fn *fn, int minor) | ||
1876 | +raw3270_add_view(struct raw3270_view *view, struct raw3270_fn *fn, int minor, int subclass) | ||
1877 | { | ||
1878 | unsigned long flags; | ||
1879 | struct raw3270 *rp; | ||
1880 | @@ -942,6 +942,7 @@ raw3270_add_view(struct raw3270_view *view, struct raw3270_fn *fn, int minor) | ||
1881 | view->cols = rp->cols; | ||
1882 | view->ascebc = rp->ascebc; | ||
1883 | spin_lock_init(&view->lock); | ||
1884 | + lockdep_set_subclass(&view->lock, subclass); | ||
1885 | list_add(&view->list, &rp->view_list); | ||
1886 | rc = 0; | ||
1887 | spin_unlock_irqrestore(get_ccwdev_lock(rp->cdev), flags); | ||
1888 | diff --git a/drivers/s390/char/raw3270.h b/drivers/s390/char/raw3270.h | ||
1889 | index 114ca7cbf889..3afaa35f7351 100644 | ||
1890 | --- a/drivers/s390/char/raw3270.h | ||
1891 | +++ b/drivers/s390/char/raw3270.h | ||
1892 | @@ -150,6 +150,8 @@ struct raw3270_fn { | ||
1893 | struct raw3270_view { | ||
1894 | struct list_head list; | ||
1895 | spinlock_t lock; | ||
1896 | +#define RAW3270_VIEW_LOCK_IRQ 0 | ||
1897 | +#define RAW3270_VIEW_LOCK_BH 1 | ||
1898 | atomic_t ref_count; | ||
1899 | struct raw3270 *dev; | ||
1900 | struct raw3270_fn *fn; | ||
1901 | @@ -158,7 +160,7 @@ struct raw3270_view { | ||
1902 | unsigned char *ascebc; /* ascii -> ebcdic table */ | ||
1903 | }; | ||
1904 | |||
1905 | -int raw3270_add_view(struct raw3270_view *, struct raw3270_fn *, int); | ||
1906 | +int raw3270_add_view(struct raw3270_view *, struct raw3270_fn *, int, int); | ||
1907 | int raw3270_activate_view(struct raw3270_view *); | ||
1908 | void raw3270_del_view(struct raw3270_view *); | ||
1909 | void raw3270_deactivate_view(struct raw3270_view *); | ||
1910 | diff --git a/drivers/s390/char/tty3270.c b/drivers/s390/char/tty3270.c | ||
1911 | index 5b8af2782282..81067f5bb178 100644 | ||
1912 | --- a/drivers/s390/char/tty3270.c | ||
1913 | +++ b/drivers/s390/char/tty3270.c | ||
1914 | @@ -980,7 +980,8 @@ static int tty3270_install(struct tty_driver *driver, struct tty_struct *tty) | ||
1915 | return PTR_ERR(tp); | ||
1916 | |||
1917 | rc = raw3270_add_view(&tp->view, &tty3270_fn, | ||
1918 | - tty->index + RAW3270_FIRSTMINOR); | ||
1919 | + tty->index + RAW3270_FIRSTMINOR, | ||
1920 | + RAW3270_VIEW_LOCK_BH); | ||
1921 | if (rc) { | ||
1922 | tty3270_free_view(tp); | ||
1923 | return rc; | ||
1924 | diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c | ||
1925 | index 1b4001e0285f..b16344479959 100644 | ||
1926 | --- a/drivers/s390/crypto/pkey_api.c | ||
1927 | +++ b/drivers/s390/crypto/pkey_api.c | ||
1928 | @@ -45,7 +45,8 @@ static debug_info_t *debug_info; | ||
1929 | |||
1930 | static void __init pkey_debug_init(void) | ||
1931 | { | ||
1932 | - debug_info = debug_register("pkey", 1, 1, 4 * sizeof(long)); | ||
1933 | + /* 5 arguments per dbf entry (including the format string ptr) */ | ||
1934 | + debug_info = debug_register("pkey", 1, 1, 5 * sizeof(long)); | ||
1935 | debug_register_view(debug_info, &debug_sprintf_view); | ||
1936 | debug_set_level(debug_info, 3); | ||
1937 | } | ||
1938 | diff --git a/drivers/s390/net/ctcm_main.c b/drivers/s390/net/ctcm_main.c | ||
1939 | index 7617d21cb296..f63c5c871d3d 100644 | ||
1940 | --- a/drivers/s390/net/ctcm_main.c | ||
1941 | +++ b/drivers/s390/net/ctcm_main.c | ||
1942 | @@ -1595,6 +1595,7 @@ static int ctcm_new_device(struct ccwgroup_device *cgdev) | ||
1943 | if (priv->channel[direction] == NULL) { | ||
1944 | if (direction == CTCM_WRITE) | ||
1945 | channel_free(priv->channel[CTCM_READ]); | ||
1946 | + result = -ENODEV; | ||
1947 | goto out_dev; | ||
1948 | } | ||
1949 | priv->channel[direction]->netdev = dev; | ||
1950 | diff --git a/drivers/scsi/aic7xxx/aic7770_osm.c b/drivers/scsi/aic7xxx/aic7770_osm.c | ||
1951 | index 3d401d02c019..bdd177e3d762 100644 | ||
1952 | --- a/drivers/scsi/aic7xxx/aic7770_osm.c | ||
1953 | +++ b/drivers/scsi/aic7xxx/aic7770_osm.c | ||
1954 | @@ -91,6 +91,7 @@ aic7770_probe(struct device *dev) | ||
1955 | ahc = ahc_alloc(&aic7xxx_driver_template, name); | ||
1956 | if (ahc == NULL) | ||
1957 | return (ENOMEM); | ||
1958 | + ahc->dev = dev; | ||
1959 | error = aic7770_config(ahc, aic7770_ident_table + edev->id.driver_data, | ||
1960 | eisaBase); | ||
1961 | if (error != 0) { | ||
1962 | diff --git a/drivers/scsi/aic7xxx/aic7xxx.h b/drivers/scsi/aic7xxx/aic7xxx.h | ||
1963 | index 4ce4e903a759..7f6e83296dfa 100644 | ||
1964 | --- a/drivers/scsi/aic7xxx/aic7xxx.h | ||
1965 | +++ b/drivers/scsi/aic7xxx/aic7xxx.h | ||
1966 | @@ -949,6 +949,7 @@ struct ahc_softc { | ||
1967 | * Platform specific device information. | ||
1968 | */ | ||
1969 | ahc_dev_softc_t dev_softc; | ||
1970 | + struct device *dev; | ||
1971 | |||
1972 | /* | ||
1973 | * Bus specific device information. | ||
1974 | diff --git a/drivers/scsi/aic7xxx/aic7xxx_osm.c b/drivers/scsi/aic7xxx/aic7xxx_osm.c | ||
1975 | index c6be3aeb302b..306d0bf33478 100644 | ||
1976 | --- a/drivers/scsi/aic7xxx/aic7xxx_osm.c | ||
1977 | +++ b/drivers/scsi/aic7xxx/aic7xxx_osm.c | ||
1978 | @@ -861,8 +861,8 @@ int | ||
1979 | ahc_dmamem_alloc(struct ahc_softc *ahc, bus_dma_tag_t dmat, void** vaddr, | ||
1980 | int flags, bus_dmamap_t *mapp) | ||
1981 | { | ||
1982 | - *vaddr = pci_alloc_consistent(ahc->dev_softc, | ||
1983 | - dmat->maxsize, mapp); | ||
1984 | + /* XXX: check if we really need the GFP_ATOMIC and unwind this mess! */ | ||
1985 | + *vaddr = dma_alloc_coherent(ahc->dev, dmat->maxsize, mapp, GFP_ATOMIC); | ||
1986 | if (*vaddr == NULL) | ||
1987 | return ENOMEM; | ||
1988 | return 0; | ||
1989 | @@ -872,8 +872,7 @@ void | ||
1990 | ahc_dmamem_free(struct ahc_softc *ahc, bus_dma_tag_t dmat, | ||
1991 | void* vaddr, bus_dmamap_t map) | ||
1992 | { | ||
1993 | - pci_free_consistent(ahc->dev_softc, dmat->maxsize, | ||
1994 | - vaddr, map); | ||
1995 | + dma_free_coherent(ahc->dev, dmat->maxsize, vaddr, map); | ||
1996 | } | ||
1997 | |||
1998 | int | ||
1999 | @@ -1124,8 +1123,7 @@ ahc_linux_register_host(struct ahc_softc *ahc, struct scsi_host_template *templa | ||
2000 | |||
2001 | host->transportt = ahc_linux_transport_template; | ||
2002 | |||
2003 | - retval = scsi_add_host(host, | ||
2004 | - (ahc->dev_softc ? &ahc->dev_softc->dev : NULL)); | ||
2005 | + retval = scsi_add_host(host, ahc->dev); | ||
2006 | if (retval) { | ||
2007 | printk(KERN_WARNING "aic7xxx: scsi_add_host failed\n"); | ||
2008 | scsi_host_put(host); | ||
2009 | diff --git a/drivers/scsi/aic7xxx/aic7xxx_osm_pci.c b/drivers/scsi/aic7xxx/aic7xxx_osm_pci.c | ||
2010 | index 0fc14dac7070..717d8d1082ce 100644 | ||
2011 | --- a/drivers/scsi/aic7xxx/aic7xxx_osm_pci.c | ||
2012 | +++ b/drivers/scsi/aic7xxx/aic7xxx_osm_pci.c | ||
2013 | @@ -250,6 +250,7 @@ ahc_linux_pci_dev_probe(struct pci_dev *pdev, const struct pci_device_id *ent) | ||
2014 | } | ||
2015 | } | ||
2016 | ahc->dev_softc = pci; | ||
2017 | + ahc->dev = &pci->dev; | ||
2018 | error = ahc_pci_config(ahc, entry); | ||
2019 | if (error != 0) { | ||
2020 | ahc_free(ahc); | ||
2021 | diff --git a/drivers/usb/serial/generic.c b/drivers/usb/serial/generic.c | ||
2022 | index 2274d9625f63..0fff4968ea1b 100644 | ||
2023 | --- a/drivers/usb/serial/generic.c | ||
2024 | +++ b/drivers/usb/serial/generic.c | ||
2025 | @@ -376,6 +376,7 @@ void usb_serial_generic_read_bulk_callback(struct urb *urb) | ||
2026 | struct usb_serial_port *port = urb->context; | ||
2027 | unsigned char *data = urb->transfer_buffer; | ||
2028 | unsigned long flags; | ||
2029 | + bool stopped = false; | ||
2030 | int status = urb->status; | ||
2031 | int i; | ||
2032 | |||
2033 | @@ -383,33 +384,51 @@ void usb_serial_generic_read_bulk_callback(struct urb *urb) | ||
2034 | if (urb == port->read_urbs[i]) | ||
2035 | break; | ||
2036 | } | ||
2037 | - set_bit(i, &port->read_urbs_free); | ||
2038 | |||
2039 | dev_dbg(&port->dev, "%s - urb %d, len %d\n", __func__, i, | ||
2040 | urb->actual_length); | ||
2041 | switch (status) { | ||
2042 | case 0: | ||
2043 | + usb_serial_debug_data(&port->dev, __func__, urb->actual_length, | ||
2044 | + data); | ||
2045 | + port->serial->type->process_read_urb(urb); | ||
2046 | break; | ||
2047 | case -ENOENT: | ||
2048 | case -ECONNRESET: | ||
2049 | case -ESHUTDOWN: | ||
2050 | dev_dbg(&port->dev, "%s - urb stopped: %d\n", | ||
2051 | __func__, status); | ||
2052 | - return; | ||
2053 | + stopped = true; | ||
2054 | + break; | ||
2055 | case -EPIPE: | ||
2056 | dev_err(&port->dev, "%s - urb stopped: %d\n", | ||
2057 | __func__, status); | ||
2058 | - return; | ||
2059 | + stopped = true; | ||
2060 | + break; | ||
2061 | default: | ||
2062 | dev_dbg(&port->dev, "%s - nonzero urb status: %d\n", | ||
2063 | __func__, status); | ||
2064 | - goto resubmit; | ||
2065 | + break; | ||
2066 | } | ||
2067 | |||
2068 | - usb_serial_debug_data(&port->dev, __func__, urb->actual_length, data); | ||
2069 | - port->serial->type->process_read_urb(urb); | ||
2070 | + /* | ||
2071 | + * Make sure URB processing is done before marking as free to avoid | ||
2072 | + * racing with unthrottle() on another CPU. Matches the barriers | ||
2073 | + * implied by the test_and_clear_bit() in | ||
2074 | + * usb_serial_generic_submit_read_urb(). | ||
2075 | + */ | ||
2076 | + smp_mb__before_atomic(); | ||
2077 | + set_bit(i, &port->read_urbs_free); | ||
2078 | + /* | ||
2079 | + * Make sure URB is marked as free before checking the throttled flag | ||
2080 | + * to avoid racing with unthrottle() on another CPU. Matches the | ||
2081 | + * smp_mb() in unthrottle(). | ||
2082 | + */ | ||
2083 | + smp_mb__after_atomic(); | ||
2084 | + | ||
2085 | + if (stopped) | ||
2086 | + return; | ||
2087 | |||
2088 | -resubmit: | ||
2089 | /* Throttle the device if requested by tty */ | ||
2090 | spin_lock_irqsave(&port->lock, flags); | ||
2091 | port->throttled = port->throttle_req; | ||
2092 | @@ -484,6 +503,12 @@ void usb_serial_generic_unthrottle(struct tty_struct *tty) | ||
2093 | port->throttled = port->throttle_req = 0; | ||
2094 | spin_unlock_irq(&port->lock); | ||
2095 | |||
2096 | + /* | ||
2097 | + * Matches the smp_mb__after_atomic() in | ||
2098 | + * usb_serial_generic_read_bulk_callback(). | ||
2099 | + */ | ||
2100 | + smp_mb(); | ||
2101 | + | ||
2102 | if (was_throttled) | ||
2103 | usb_serial_generic_submit_read_urbs(port, GFP_KERNEL); | ||
2104 | } | ||
2105 | diff --git a/drivers/usb/typec/typec_wcove.c b/drivers/usb/typec/typec_wcove.c | ||
2106 | index 423208e19383..6770afd40765 100644 | ||
2107 | --- a/drivers/usb/typec/typec_wcove.c | ||
2108 | +++ b/drivers/usb/typec/typec_wcove.c | ||
2109 | @@ -615,8 +615,13 @@ static int wcove_typec_probe(struct platform_device *pdev) | ||
2110 | wcove->dev = &pdev->dev; | ||
2111 | wcove->regmap = pmic->regmap; | ||
2112 | |||
2113 | - irq = regmap_irq_get_virq(pmic->irq_chip_data_chgr, | ||
2114 | - platform_get_irq(pdev, 0)); | ||
2115 | + irq = platform_get_irq(pdev, 0); | ||
2116 | + if (irq < 0) { | ||
2117 | + dev_err(&pdev->dev, "Failed to get IRQ: %d\n", irq); | ||
2118 | + return irq; | ||
2119 | + } | ||
2120 | + | ||
2121 | + irq = regmap_irq_get_virq(pmic->irq_chip_data_chgr, irq); | ||
2122 | if (irq < 0) | ||
2123 | return irq; | ||
2124 | |||
2125 | diff --git a/drivers/virt/fsl_hypervisor.c b/drivers/virt/fsl_hypervisor.c | ||
2126 | index 8ba726e600e9..1bbd910d4ddb 100644 | ||
2127 | --- a/drivers/virt/fsl_hypervisor.c | ||
2128 | +++ b/drivers/virt/fsl_hypervisor.c | ||
2129 | @@ -215,6 +215,9 @@ static long ioctl_memcpy(struct fsl_hv_ioctl_memcpy __user *p) | ||
2130 | * hypervisor. | ||
2131 | */ | ||
2132 | lb_offset = param.local_vaddr & (PAGE_SIZE - 1); | ||
2133 | + if (param.count == 0 || | ||
2134 | + param.count > U64_MAX - lb_offset - PAGE_SIZE + 1) | ||
2135 | + return -EINVAL; | ||
2136 | num_pages = (param.count + lb_offset + PAGE_SIZE - 1) >> PAGE_SHIFT; | ||
2137 | |||
2138 | /* Allocate the buffers we need */ | ||
2139 | @@ -331,8 +334,8 @@ static long ioctl_dtprop(struct fsl_hv_ioctl_prop __user *p, int set) | ||
2140 | struct fsl_hv_ioctl_prop param; | ||
2141 | char __user *upath, *upropname; | ||
2142 | void __user *upropval; | ||
2143 | - char *path = NULL, *propname = NULL; | ||
2144 | - void *propval = NULL; | ||
2145 | + char *path, *propname; | ||
2146 | + void *propval; | ||
2147 | int ret = 0; | ||
2148 | |||
2149 | /* Get the parameters from the user. */ | ||
2150 | @@ -344,32 +347,30 @@ static long ioctl_dtprop(struct fsl_hv_ioctl_prop __user *p, int set) | ||
2151 | upropval = (void __user *)(uintptr_t)param.propval; | ||
2152 | |||
2153 | path = strndup_user(upath, FH_DTPROP_MAX_PATHLEN); | ||
2154 | - if (IS_ERR(path)) { | ||
2155 | - ret = PTR_ERR(path); | ||
2156 | - goto out; | ||
2157 | - } | ||
2158 | + if (IS_ERR(path)) | ||
2159 | + return PTR_ERR(path); | ||
2160 | |||
2161 | propname = strndup_user(upropname, FH_DTPROP_MAX_PATHLEN); | ||
2162 | if (IS_ERR(propname)) { | ||
2163 | ret = PTR_ERR(propname); | ||
2164 | - goto out; | ||
2165 | + goto err_free_path; | ||
2166 | } | ||
2167 | |||
2168 | if (param.proplen > FH_DTPROP_MAX_PROPLEN) { | ||
2169 | ret = -EINVAL; | ||
2170 | - goto out; | ||
2171 | + goto err_free_propname; | ||
2172 | } | ||
2173 | |||
2174 | propval = kmalloc(param.proplen, GFP_KERNEL); | ||
2175 | if (!propval) { | ||
2176 | ret = -ENOMEM; | ||
2177 | - goto out; | ||
2178 | + goto err_free_propname; | ||
2179 | } | ||
2180 | |||
2181 | if (set) { | ||
2182 | if (copy_from_user(propval, upropval, param.proplen)) { | ||
2183 | ret = -EFAULT; | ||
2184 | - goto out; | ||
2185 | + goto err_free_propval; | ||
2186 | } | ||
2187 | |||
2188 | param.ret = fh_partition_set_dtprop(param.handle, | ||
2189 | @@ -388,7 +389,7 @@ static long ioctl_dtprop(struct fsl_hv_ioctl_prop __user *p, int set) | ||
2190 | if (copy_to_user(upropval, propval, param.proplen) || | ||
2191 | put_user(param.proplen, &p->proplen)) { | ||
2192 | ret = -EFAULT; | ||
2193 | - goto out; | ||
2194 | + goto err_free_propval; | ||
2195 | } | ||
2196 | } | ||
2197 | } | ||
2198 | @@ -396,10 +397,12 @@ static long ioctl_dtprop(struct fsl_hv_ioctl_prop __user *p, int set) | ||
2199 | if (put_user(param.ret, &p->ret)) | ||
2200 | ret = -EFAULT; | ||
2201 | |||
2202 | -out: | ||
2203 | - kfree(path); | ||
2204 | +err_free_propval: | ||
2205 | kfree(propval); | ||
2206 | +err_free_propname: | ||
2207 | kfree(propname); | ||
2208 | +err_free_path: | ||
2209 | + kfree(path); | ||
2210 | |||
2211 | return ret; | ||
2212 | } | ||
2213 | diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c | ||
2214 | index 1475ed5ffcde..0afef60d0638 100644 | ||
2215 | --- a/drivers/virt/vboxguest/vboxguest_core.c | ||
2216 | +++ b/drivers/virt/vboxguest/vboxguest_core.c | ||
2217 | @@ -1263,6 +1263,20 @@ static int vbg_ioctl_hgcm_disconnect(struct vbg_dev *gdev, | ||
2218 | return ret; | ||
2219 | } | ||
2220 | |||
2221 | +static bool vbg_param_valid(enum vmmdev_hgcm_function_parameter_type type) | ||
2222 | +{ | ||
2223 | + switch (type) { | ||
2224 | + case VMMDEV_HGCM_PARM_TYPE_32BIT: | ||
2225 | + case VMMDEV_HGCM_PARM_TYPE_64BIT: | ||
2226 | + case VMMDEV_HGCM_PARM_TYPE_LINADDR: | ||
2227 | + case VMMDEV_HGCM_PARM_TYPE_LINADDR_IN: | ||
2228 | + case VMMDEV_HGCM_PARM_TYPE_LINADDR_OUT: | ||
2229 | + return true; | ||
2230 | + default: | ||
2231 | + return false; | ||
2232 | + } | ||
2233 | +} | ||
2234 | + | ||
2235 | static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev, | ||
2236 | struct vbg_session *session, bool f32bit, | ||
2237 | struct vbg_ioctl_hgcm_call *call) | ||
2238 | @@ -1298,6 +1312,23 @@ static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev, | ||
2239 | } | ||
2240 | call->hdr.size_out = actual_size; | ||
2241 | |||
2242 | + /* Validate parameter types */ | ||
2243 | + if (f32bit) { | ||
2244 | + struct vmmdev_hgcm_function_parameter32 *parm = | ||
2245 | + VBG_IOCTL_HGCM_CALL_PARMS32(call); | ||
2246 | + | ||
2247 | + for (i = 0; i < call->parm_count; i++) | ||
2248 | + if (!vbg_param_valid(parm[i].type)) | ||
2249 | + return -EINVAL; | ||
2250 | + } else { | ||
2251 | + struct vmmdev_hgcm_function_parameter *parm = | ||
2252 | + VBG_IOCTL_HGCM_CALL_PARMS(call); | ||
2253 | + | ||
2254 | + for (i = 0; i < call->parm_count; i++) | ||
2255 | + if (!vbg_param_valid(parm[i].type)) | ||
2256 | + return -EINVAL; | ||
2257 | + } | ||
2258 | + | ||
2259 | /* | ||
2260 | * Validate the client id. | ||
2261 | */ | ||
2262 | diff --git a/fs/afs/write.c b/fs/afs/write.c | ||
2263 | index 19c04caf3c01..e00461a6de9a 100644 | ||
2264 | --- a/fs/afs/write.c | ||
2265 | +++ b/fs/afs/write.c | ||
2266 | @@ -253,6 +253,7 @@ static void afs_kill_pages(struct address_space *mapping, | ||
2267 | first = page->index + 1; | ||
2268 | lock_page(page); | ||
2269 | generic_error_remove_page(mapping, page); | ||
2270 | + unlock_page(page); | ||
2271 | } | ||
2272 | |||
2273 | __pagevec_release(&pv); | ||
2274 | diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c | ||
2275 | index 4ca0b5c18192..853a69e493f5 100644 | ||
2276 | --- a/fs/kernfs/dir.c | ||
2277 | +++ b/fs/kernfs/dir.c | ||
2278 | @@ -650,11 +650,10 @@ static struct kernfs_node *__kernfs_new_node(struct kernfs_root *root, | ||
2279 | kn->id.generation = gen; | ||
2280 | |||
2281 | /* | ||
2282 | - * set ino first. This barrier is paired with atomic_inc_not_zero in | ||
2283 | + * set ino first. This RELEASE is paired with atomic_inc_not_zero in | ||
2284 | * kernfs_find_and_get_node_by_ino | ||
2285 | */ | ||
2286 | - smp_mb__before_atomic(); | ||
2287 | - atomic_set(&kn->count, 1); | ||
2288 | + atomic_set_release(&kn->count, 1); | ||
2289 | atomic_set(&kn->active, KN_DEACTIVATED_BIAS); | ||
2290 | RB_CLEAR_NODE(&kn->rb); | ||
2291 | |||
2292 | diff --git a/include/linux/efi.h b/include/linux/efi.h | ||
2293 | index 401e4b254e30..cc3391796c0b 100644 | ||
2294 | --- a/include/linux/efi.h | ||
2295 | +++ b/include/linux/efi.h | ||
2296 | @@ -1564,7 +1564,12 @@ efi_status_t efi_setup_gop(efi_system_table_t *sys_table_arg, | ||
2297 | struct screen_info *si, efi_guid_t *proto, | ||
2298 | unsigned long size); | ||
2299 | |||
2300 | -bool efi_runtime_disabled(void); | ||
2301 | +#ifdef CONFIG_EFI | ||
2302 | +extern bool efi_runtime_disabled(void); | ||
2303 | +#else | ||
2304 | +static inline bool efi_runtime_disabled(void) { return true; } | ||
2305 | +#endif | ||
2306 | + | ||
2307 | extern void efi_call_virt_check_flags(unsigned long flags, const char *call); | ||
2308 | |||
2309 | enum efi_secureboot_mode { | ||
2310 | diff --git a/include/linux/elevator.h b/include/linux/elevator.h | ||
2311 | index a02deea30185..a2bf4a6b9316 100644 | ||
2312 | --- a/include/linux/elevator.h | ||
2313 | +++ b/include/linux/elevator.h | ||
2314 | @@ -99,6 +99,7 @@ struct elevator_mq_ops { | ||
2315 | void (*exit_sched)(struct elevator_queue *); | ||
2316 | int (*init_hctx)(struct blk_mq_hw_ctx *, unsigned int); | ||
2317 | void (*exit_hctx)(struct blk_mq_hw_ctx *, unsigned int); | ||
2318 | + void (*depth_updated)(struct blk_mq_hw_ctx *); | ||
2319 | |||
2320 | bool (*allow_merge)(struct request_queue *, struct request *, struct bio *); | ||
2321 | bool (*bio_merge)(struct blk_mq_hw_ctx *, struct bio *); | ||
2322 | diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h | ||
2323 | index 23c242a7ac52..30efb3663892 100644 | ||
2324 | --- a/include/linux/kvm_host.h | ||
2325 | +++ b/include/linux/kvm_host.h | ||
2326 | @@ -28,6 +28,7 @@ | ||
2327 | #include <linux/irqbypass.h> | ||
2328 | #include <linux/swait.h> | ||
2329 | #include <linux/refcount.h> | ||
2330 | +#include <linux/nospec.h> | ||
2331 | #include <asm/signal.h> | ||
2332 | |||
2333 | #include <linux/kvm.h> | ||
2334 | @@ -491,10 +492,10 @@ static inline struct kvm_io_bus *kvm_get_bus(struct kvm *kvm, enum kvm_bus idx) | ||
2335 | |||
2336 | static inline struct kvm_vcpu *kvm_get_vcpu(struct kvm *kvm, int i) | ||
2337 | { | ||
2338 | - /* Pairs with smp_wmb() in kvm_vm_ioctl_create_vcpu, in case | ||
2339 | - * the caller has read kvm->online_vcpus before (as is the case | ||
2340 | - * for kvm_for_each_vcpu, for example). | ||
2341 | - */ | ||
2342 | + int num_vcpus = atomic_read(&kvm->online_vcpus); | ||
2343 | + i = array_index_nospec(i, num_vcpus); | ||
2344 | + | ||
2345 | + /* Pairs with smp_wmb() in kvm_vm_ioctl_create_vcpu. */ | ||
2346 | smp_rmb(); | ||
2347 | return kvm->vcpus[i]; | ||
2348 | } | ||
2349 | @@ -578,6 +579,7 @@ void kvm_put_kvm(struct kvm *kvm); | ||
2350 | |||
2351 | static inline struct kvm_memslots *__kvm_memslots(struct kvm *kvm, int as_id) | ||
2352 | { | ||
2353 | + as_id = array_index_nospec(as_id, KVM_ADDRESS_SPACE_NUM); | ||
2354 | return srcu_dereference_check(kvm->memslots[as_id], &kvm->srcu, | ||
2355 | lockdep_is_held(&kvm->slots_lock) || | ||
2356 | !refcount_read(&kvm->users_count)); | ||
2357 | diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h | ||
2358 | index 7e012312cd61..f45141bdbb83 100644 | ||
2359 | --- a/include/net/netfilter/nf_conntrack.h | ||
2360 | +++ b/include/net/netfilter/nf_conntrack.h | ||
2361 | @@ -313,6 +313,8 @@ struct nf_conn *nf_ct_tmpl_alloc(struct net *net, | ||
2362 | gfp_t flags); | ||
2363 | void nf_ct_tmpl_free(struct nf_conn *tmpl); | ||
2364 | |||
2365 | +u32 nf_ct_get_id(const struct nf_conn *ct); | ||
2366 | + | ||
2367 | static inline void | ||
2368 | nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info) | ||
2369 | { | ||
2370 | diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h | ||
2371 | index 87499b6b35d6..df5c69db68af 100644 | ||
2372 | --- a/include/net/nfc/nci_core.h | ||
2373 | +++ b/include/net/nfc/nci_core.h | ||
2374 | @@ -166,7 +166,7 @@ struct nci_conn_info { | ||
2375 | * According to specification 102 622 chapter 4.4 Pipes, | ||
2376 | * the pipe identifier is 7 bits long. | ||
2377 | */ | ||
2378 | -#define NCI_HCI_MAX_PIPES 127 | ||
2379 | +#define NCI_HCI_MAX_PIPES 128 | ||
2380 | |||
2381 | struct nci_hci_gate { | ||
2382 | u8 gate; | ||
2383 | diff --git a/init/main.c b/init/main.c | ||
2384 | index e083fac08aed..020972fed117 100644 | ||
2385 | --- a/init/main.c | ||
2386 | +++ b/init/main.c | ||
2387 | @@ -568,6 +568,8 @@ asmlinkage __visible void __init start_kernel(void) | ||
2388 | page_alloc_init(); | ||
2389 | |||
2390 | pr_notice("Kernel command line: %s\n", boot_command_line); | ||
2391 | + /* parameters may set static keys */ | ||
2392 | + jump_label_init(); | ||
2393 | parse_early_param(); | ||
2394 | after_dashes = parse_args("Booting kernel", | ||
2395 | static_command_line, __start___param, | ||
2396 | @@ -577,8 +579,6 @@ asmlinkage __visible void __init start_kernel(void) | ||
2397 | parse_args("Setting init args", after_dashes, NULL, 0, -1, -1, | ||
2398 | NULL, set_init_arg); | ||
2399 | |||
2400 | - jump_label_init(); | ||
2401 | - | ||
2402 | /* | ||
2403 | * These use large bootmem allocations and must precede | ||
2404 | * kmem_cache_init() | ||
2405 | diff --git a/mm/memory.c b/mm/memory.c | ||
2406 | index 9c69278173b7..e0010cb870e0 100644 | ||
2407 | --- a/mm/memory.c | ||
2408 | +++ b/mm/memory.c | ||
2409 | @@ -1796,10 +1796,12 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, | ||
2410 | WARN_ON_ONCE(!is_zero_pfn(pte_pfn(*pte))); | ||
2411 | goto out_unlock; | ||
2412 | } | ||
2413 | - entry = *pte; | ||
2414 | - goto out_mkwrite; | ||
2415 | - } else | ||
2416 | - goto out_unlock; | ||
2417 | + entry = pte_mkyoung(*pte); | ||
2418 | + entry = maybe_mkwrite(pte_mkdirty(entry), vma); | ||
2419 | + if (ptep_set_access_flags(vma, addr, pte, entry, 1)) | ||
2420 | + update_mmu_cache(vma, addr, pte); | ||
2421 | + } | ||
2422 | + goto out_unlock; | ||
2423 | } | ||
2424 | |||
2425 | /* Ok, finally just insert the thing.. */ | ||
2426 | @@ -1808,7 +1810,6 @@ static int insert_pfn(struct vm_area_struct *vma, unsigned long addr, | ||
2427 | else | ||
2428 | entry = pte_mkspecial(pfn_t_pte(pfn, prot)); | ||
2429 | |||
2430 | -out_mkwrite: | ||
2431 | if (mkwrite) { | ||
2432 | entry = pte_mkyoung(entry); | ||
2433 | entry = maybe_mkwrite(pte_mkdirty(entry), vma); | ||
2434 | diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c | ||
2435 | index 156991edec2a..af6735562215 100644 | ||
2436 | --- a/mm/memory_hotplug.c | ||
2437 | +++ b/mm/memory_hotplug.c | ||
2438 | @@ -901,6 +901,7 @@ int __ref online_pages(unsigned long pfn, unsigned long nr_pages, int online_typ | ||
2439 | */ | ||
2440 | mem = find_memory_block(__pfn_to_section(pfn)); | ||
2441 | nid = mem->nid; | ||
2442 | + put_device(&mem->dev); | ||
2443 | |||
2444 | /* associate pfn range with the zone */ | ||
2445 | zone = move_pfn_range(online_type, nid, pfn, nr_pages); | ||
2446 | diff --git a/mm/vmscan.c b/mm/vmscan.c | ||
2447 | index 3830066018c1..ee545d1e9894 100644 | ||
2448 | --- a/mm/vmscan.c | ||
2449 | +++ b/mm/vmscan.c | ||
2450 | @@ -2190,7 +2190,6 @@ static void shrink_active_list(unsigned long nr_to_scan, | ||
2451 | * 10TB 320 32GB | ||
2452 | */ | ||
2453 | static bool inactive_list_is_low(struct lruvec *lruvec, bool file, | ||
2454 | - struct mem_cgroup *memcg, | ||
2455 | struct scan_control *sc, bool actual_reclaim) | ||
2456 | { | ||
2457 | enum lru_list active_lru = file * LRU_FILE + LRU_ACTIVE; | ||
2458 | @@ -2211,16 +2210,12 @@ static bool inactive_list_is_low(struct lruvec *lruvec, bool file, | ||
2459 | inactive = lruvec_lru_size(lruvec, inactive_lru, sc->reclaim_idx); | ||
2460 | active = lruvec_lru_size(lruvec, active_lru, sc->reclaim_idx); | ||
2461 | |||
2462 | - if (memcg) | ||
2463 | - refaults = memcg_page_state(memcg, WORKINGSET_ACTIVATE); | ||
2464 | - else | ||
2465 | - refaults = node_page_state(pgdat, WORKINGSET_ACTIVATE); | ||
2466 | - | ||
2467 | /* | ||
2468 | * When refaults are being observed, it means a new workingset | ||
2469 | * is being established. Disable active list protection to get | ||
2470 | * rid of the stale workingset quickly. | ||
2471 | */ | ||
2472 | + refaults = lruvec_page_state(lruvec, WORKINGSET_ACTIVATE); | ||
2473 | if (file && actual_reclaim && lruvec->refaults != refaults) { | ||
2474 | inactive_ratio = 0; | ||
2475 | } else { | ||
2476 | @@ -2241,12 +2236,10 @@ static bool inactive_list_is_low(struct lruvec *lruvec, bool file, | ||
2477 | } | ||
2478 | |||
2479 | static unsigned long shrink_list(enum lru_list lru, unsigned long nr_to_scan, | ||
2480 | - struct lruvec *lruvec, struct mem_cgroup *memcg, | ||
2481 | - struct scan_control *sc) | ||
2482 | + struct lruvec *lruvec, struct scan_control *sc) | ||
2483 | { | ||
2484 | if (is_active_lru(lru)) { | ||
2485 | - if (inactive_list_is_low(lruvec, is_file_lru(lru), | ||
2486 | - memcg, sc, true)) | ||
2487 | + if (inactive_list_is_low(lruvec, is_file_lru(lru), sc, true)) | ||
2488 | shrink_active_list(nr_to_scan, lruvec, sc, lru); | ||
2489 | return 0; | ||
2490 | } | ||
2491 | @@ -2346,7 +2339,7 @@ static void get_scan_count(struct lruvec *lruvec, struct mem_cgroup *memcg, | ||
2492 | * anonymous pages on the LRU in eligible zones. | ||
2493 | * Otherwise, the small LRU gets thrashed. | ||
2494 | */ | ||
2495 | - if (!inactive_list_is_low(lruvec, false, memcg, sc, false) && | ||
2496 | + if (!inactive_list_is_low(lruvec, false, sc, false) && | ||
2497 | lruvec_lru_size(lruvec, LRU_INACTIVE_ANON, sc->reclaim_idx) | ||
2498 | >> sc->priority) { | ||
2499 | scan_balance = SCAN_ANON; | ||
2500 | @@ -2364,7 +2357,7 @@ static void get_scan_count(struct lruvec *lruvec, struct mem_cgroup *memcg, | ||
2501 | * lruvec even if it has plenty of old anonymous pages unless the | ||
2502 | * system is under heavy pressure. | ||
2503 | */ | ||
2504 | - if (!inactive_list_is_low(lruvec, true, memcg, sc, false) && | ||
2505 | + if (!inactive_list_is_low(lruvec, true, sc, false) && | ||
2506 | lruvec_lru_size(lruvec, LRU_INACTIVE_FILE, sc->reclaim_idx) >> sc->priority) { | ||
2507 | scan_balance = SCAN_FILE; | ||
2508 | goto out; | ||
2509 | @@ -2517,7 +2510,7 @@ static void shrink_node_memcg(struct pglist_data *pgdat, struct mem_cgroup *memc | ||
2510 | nr[lru] -= nr_to_scan; | ||
2511 | |||
2512 | nr_reclaimed += shrink_list(lru, nr_to_scan, | ||
2513 | - lruvec, memcg, sc); | ||
2514 | + lruvec, sc); | ||
2515 | } | ||
2516 | } | ||
2517 | |||
2518 | @@ -2584,7 +2577,7 @@ static void shrink_node_memcg(struct pglist_data *pgdat, struct mem_cgroup *memc | ||
2519 | * Even if we did not try to evict anon pages at all, we want to | ||
2520 | * rebalance the anon lru active/inactive ratio. | ||
2521 | */ | ||
2522 | - if (inactive_list_is_low(lruvec, false, memcg, sc, true)) | ||
2523 | + if (inactive_list_is_low(lruvec, false, sc, true)) | ||
2524 | shrink_active_list(SWAP_CLUSTER_MAX, lruvec, | ||
2525 | sc, LRU_ACTIVE_ANON); | ||
2526 | } | ||
2527 | @@ -2982,12 +2975,8 @@ static void snapshot_refaults(struct mem_cgroup *root_memcg, pg_data_t *pgdat) | ||
2528 | unsigned long refaults; | ||
2529 | struct lruvec *lruvec; | ||
2530 | |||
2531 | - if (memcg) | ||
2532 | - refaults = memcg_page_state(memcg, WORKINGSET_ACTIVATE); | ||
2533 | - else | ||
2534 | - refaults = node_page_state(pgdat, WORKINGSET_ACTIVATE); | ||
2535 | - | ||
2536 | lruvec = mem_cgroup_lruvec(pgdat, memcg); | ||
2537 | + refaults = lruvec_page_state(lruvec, WORKINGSET_ACTIVATE); | ||
2538 | lruvec->refaults = refaults; | ||
2539 | } while ((memcg = mem_cgroup_iter(root_memcg, memcg, NULL))); | ||
2540 | } | ||
2541 | @@ -3344,7 +3333,7 @@ static void age_active_anon(struct pglist_data *pgdat, | ||
2542 | do { | ||
2543 | struct lruvec *lruvec = mem_cgroup_lruvec(pgdat, memcg); | ||
2544 | |||
2545 | - if (inactive_list_is_low(lruvec, false, memcg, sc, true)) | ||
2546 | + if (inactive_list_is_low(lruvec, false, sc, true)) | ||
2547 | shrink_active_list(SWAP_CLUSTER_MAX, lruvec, | ||
2548 | sc, LRU_ACTIVE_ANON); | ||
2549 | |||
2550 | diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c | ||
2551 | index 546af0e73ac3..fce3b7eebffb 100644 | ||
2552 | --- a/net/8021q/vlan_dev.c | ||
2553 | +++ b/net/8021q/vlan_dev.c | ||
2554 | @@ -368,10 +368,12 @@ static int vlan_dev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) | ||
2555 | ifrr.ifr_ifru = ifr->ifr_ifru; | ||
2556 | |||
2557 | switch (cmd) { | ||
2558 | + case SIOCSHWTSTAMP: | ||
2559 | + if (!net_eq(dev_net(dev), &init_net)) | ||
2560 | + break; | ||
2561 | case SIOCGMIIPHY: | ||
2562 | case SIOCGMIIREG: | ||
2563 | case SIOCSMIIREG: | ||
2564 | - case SIOCSHWTSTAMP: | ||
2565 | case SIOCGHWTSTAMP: | ||
2566 | if (netif_device_present(real_dev) && ops->ndo_do_ioctl) | ||
2567 | err = ops->ndo_do_ioctl(real_dev, &ifrr, cmd); | ||
2568 | diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c | ||
2569 | index 0363f1bdc401..ed2b6002ae53 100644 | ||
2570 | --- a/net/bridge/br_if.c | ||
2571 | +++ b/net/bridge/br_if.c | ||
2572 | @@ -603,13 +603,15 @@ int br_add_if(struct net_bridge *br, struct net_device *dev, | ||
2573 | call_netdevice_notifiers(NETDEV_JOIN, dev); | ||
2574 | |||
2575 | err = dev_set_allmulti(dev, 1); | ||
2576 | - if (err) | ||
2577 | - goto put_back; | ||
2578 | + if (err) { | ||
2579 | + kfree(p); /* kobject not yet init'd, manually free */ | ||
2580 | + goto err1; | ||
2581 | + } | ||
2582 | |||
2583 | err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj), | ||
2584 | SYSFS_BRIDGE_PORT_ATTR); | ||
2585 | if (err) | ||
2586 | - goto err1; | ||
2587 | + goto err2; | ||
2588 | |||
2589 | err = br_sysfs_addif(p); | ||
2590 | if (err) | ||
2591 | @@ -692,12 +694,9 @@ err3: | ||
2592 | sysfs_remove_link(br->ifobj, p->dev->name); | ||
2593 | err2: | ||
2594 | kobject_put(&p->kobj); | ||
2595 | - p = NULL; /* kobject_put frees */ | ||
2596 | -err1: | ||
2597 | dev_set_allmulti(dev, -1); | ||
2598 | -put_back: | ||
2599 | +err1: | ||
2600 | dev_put(dev); | ||
2601 | - kfree(p); | ||
2602 | return err; | ||
2603 | } | ||
2604 | |||
2605 | diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c | ||
2606 | index 0ff3953f64aa..338147b14d0e 100644 | ||
2607 | --- a/net/core/fib_rules.c | ||
2608 | +++ b/net/core/fib_rules.c | ||
2609 | @@ -756,9 +756,9 @@ int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr *nlh, | ||
2610 | if (err) | ||
2611 | goto errout; | ||
2612 | |||
2613 | - if ((nlh->nlmsg_flags & NLM_F_EXCL) && | ||
2614 | - rule_exists(ops, frh, tb, rule)) { | ||
2615 | - err = -EEXIST; | ||
2616 | + if (rule_exists(ops, frh, tb, rule)) { | ||
2617 | + if (nlh->nlmsg_flags & NLM_F_EXCL) | ||
2618 | + err = -EEXIST; | ||
2619 | goto errout_free; | ||
2620 | } | ||
2621 | |||
2622 | diff --git a/net/dsa/dsa.c b/net/dsa/dsa.c | ||
2623 | index 9f3209ff7ffd..601534a5bfe8 100644 | ||
2624 | --- a/net/dsa/dsa.c | ||
2625 | +++ b/net/dsa/dsa.c | ||
2626 | @@ -293,15 +293,22 @@ static int __init dsa_init_module(void) | ||
2627 | |||
2628 | rc = dsa_slave_register_notifier(); | ||
2629 | if (rc) | ||
2630 | - return rc; | ||
2631 | + goto register_notifier_fail; | ||
2632 | |||
2633 | rc = dsa_legacy_register(); | ||
2634 | if (rc) | ||
2635 | - return rc; | ||
2636 | + goto legacy_register_fail; | ||
2637 | |||
2638 | dev_add_pack(&dsa_pack_type); | ||
2639 | |||
2640 | return 0; | ||
2641 | + | ||
2642 | +legacy_register_fail: | ||
2643 | + dsa_slave_unregister_notifier(); | ||
2644 | +register_notifier_fail: | ||
2645 | + destroy_workqueue(dsa_owq); | ||
2646 | + | ||
2647 | + return rc; | ||
2648 | } | ||
2649 | module_init(dsa_init_module); | ||
2650 | |||
2651 | diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c | ||
2652 | index 33df4d76db2d..711a5c75bd4b 100644 | ||
2653 | --- a/net/ipv4/raw.c | ||
2654 | +++ b/net/ipv4/raw.c | ||
2655 | @@ -174,6 +174,7 @@ static int icmp_filter(const struct sock *sk, const struct sk_buff *skb) | ||
2656 | static int raw_v4_input(struct sk_buff *skb, const struct iphdr *iph, int hash) | ||
2657 | { | ||
2658 | int sdif = inet_sdif(skb); | ||
2659 | + int dif = inet_iif(skb); | ||
2660 | struct sock *sk; | ||
2661 | struct hlist_head *head; | ||
2662 | int delivered = 0; | ||
2663 | @@ -186,8 +187,7 @@ static int raw_v4_input(struct sk_buff *skb, const struct iphdr *iph, int hash) | ||
2664 | |||
2665 | net = dev_net(skb->dev); | ||
2666 | sk = __raw_v4_lookup(net, __sk_head(head), iph->protocol, | ||
2667 | - iph->saddr, iph->daddr, | ||
2668 | - skb->dev->ifindex, sdif); | ||
2669 | + iph->saddr, iph->daddr, dif, sdif); | ||
2670 | |||
2671 | while (sk) { | ||
2672 | delivered = 1; | ||
2673 | diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c | ||
2674 | index 8f6cf8e6b5c1..41b3fe8ac3bc 100644 | ||
2675 | --- a/net/ipv6/sit.c | ||
2676 | +++ b/net/ipv6/sit.c | ||
2677 | @@ -1084,7 +1084,7 @@ static void ipip6_tunnel_bind_dev(struct net_device *dev) | ||
2678 | if (!tdev && tunnel->parms.link) | ||
2679 | tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link); | ||
2680 | |||
2681 | - if (tdev) { | ||
2682 | + if (tdev && !netif_is_l3_master(tdev)) { | ||
2683 | int t_hlen = tunnel->hlen + sizeof(struct iphdr); | ||
2684 | |||
2685 | dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr); | ||
2686 | diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c | ||
2687 | index c3a7396fb955..49a90217622b 100644 | ||
2688 | --- a/net/mac80211/mesh_pathtbl.c | ||
2689 | +++ b/net/mac80211/mesh_pathtbl.c | ||
2690 | @@ -23,7 +23,7 @@ static void mesh_path_free_rcu(struct mesh_table *tbl, struct mesh_path *mpath); | ||
2691 | static u32 mesh_table_hash(const void *addr, u32 len, u32 seed) | ||
2692 | { | ||
2693 | /* Use last four bytes of hw addr as hash index */ | ||
2694 | - return jhash_1word(*(u32 *)(addr+2), seed); | ||
2695 | + return jhash_1word(__get_unaligned_cpu32((u8 *)addr + 2), seed); | ||
2696 | } | ||
2697 | |||
2698 | static const struct rhashtable_params mesh_rht_params = { | ||
2699 | diff --git a/net/mac80211/trace_msg.h b/net/mac80211/trace_msg.h | ||
2700 | index 366b9e6f043e..40141df09f25 100644 | ||
2701 | --- a/net/mac80211/trace_msg.h | ||
2702 | +++ b/net/mac80211/trace_msg.h | ||
2703 | @@ -1,4 +1,9 @@ | ||
2704 | /* SPDX-License-Identifier: GPL-2.0 */ | ||
2705 | +/* | ||
2706 | + * Portions of this file | ||
2707 | + * Copyright (C) 2019 Intel Corporation | ||
2708 | + */ | ||
2709 | + | ||
2710 | #ifdef CONFIG_MAC80211_MESSAGE_TRACING | ||
2711 | |||
2712 | #if !defined(__MAC80211_MSG_DRIVER_TRACE) || defined(TRACE_HEADER_MULTI_READ) | ||
2713 | @@ -11,7 +16,7 @@ | ||
2714 | #undef TRACE_SYSTEM | ||
2715 | #define TRACE_SYSTEM mac80211_msg | ||
2716 | |||
2717 | -#define MAX_MSG_LEN 100 | ||
2718 | +#define MAX_MSG_LEN 120 | ||
2719 | |||
2720 | DECLARE_EVENT_CLASS(mac80211_msg_event, | ||
2721 | TP_PROTO(struct va_format *vaf), | ||
2722 | diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c | ||
2723 | index 743cde66aaf6..2f726cde9998 100644 | ||
2724 | --- a/net/mac80211/tx.c | ||
2725 | +++ b/net/mac80211/tx.c | ||
2726 | @@ -3185,6 +3185,7 @@ static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata, | ||
2727 | u8 max_subframes = sta->sta.max_amsdu_subframes; | ||
2728 | int max_frags = local->hw.max_tx_fragments; | ||
2729 | int max_amsdu_len = sta->sta.max_amsdu_len; | ||
2730 | + int orig_truesize; | ||
2731 | __be16 len; | ||
2732 | void *data; | ||
2733 | bool ret = false; | ||
2734 | @@ -3218,6 +3219,7 @@ static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata, | ||
2735 | if (!head) | ||
2736 | goto out; | ||
2737 | |||
2738 | + orig_truesize = head->truesize; | ||
2739 | orig_len = head->len; | ||
2740 | |||
2741 | if (skb->len + head->len > max_amsdu_len) | ||
2742 | @@ -3272,6 +3274,7 @@ static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata, | ||
2743 | *frag_tail = skb; | ||
2744 | |||
2745 | out_recalc: | ||
2746 | + fq->memory_usage += head->truesize - orig_truesize; | ||
2747 | if (head->len != orig_len) { | ||
2748 | flow->backlog += head->len - orig_len; | ||
2749 | tin->backlog_bytes += head->len - orig_len; | ||
2750 | diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c | ||
2751 | index 3f963ea22277..a42c1bc7c698 100644 | ||
2752 | --- a/net/netfilter/ipvs/ip_vs_core.c | ||
2753 | +++ b/net/netfilter/ipvs/ip_vs_core.c | ||
2754 | @@ -1647,7 +1647,7 @@ ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb, int *related, | ||
2755 | if (!cp) { | ||
2756 | int v; | ||
2757 | |||
2758 | - if (!sysctl_schedule_icmp(ipvs)) | ||
2759 | + if (ipip || !sysctl_schedule_icmp(ipvs)) | ||
2760 | return NF_ACCEPT; | ||
2761 | |||
2762 | if (!ip_vs_try_to_schedule(ipvs, AF_INET, skb, pd, &v, &cp, &ciph)) | ||
2763 | diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c | ||
2764 | index 9a249478abf2..27eff89fad01 100644 | ||
2765 | --- a/net/netfilter/nf_conntrack_core.c | ||
2766 | +++ b/net/netfilter/nf_conntrack_core.c | ||
2767 | @@ -25,6 +25,7 @@ | ||
2768 | #include <linux/slab.h> | ||
2769 | #include <linux/random.h> | ||
2770 | #include <linux/jhash.h> | ||
2771 | +#include <linux/siphash.h> | ||
2772 | #include <linux/err.h> | ||
2773 | #include <linux/percpu.h> | ||
2774 | #include <linux/moduleparam.h> | ||
2775 | @@ -424,6 +425,40 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, | ||
2776 | } | ||
2777 | EXPORT_SYMBOL_GPL(nf_ct_invert_tuple); | ||
2778 | |||
2779 | +/* Generate a almost-unique pseudo-id for a given conntrack. | ||
2780 | + * | ||
2781 | + * intentionally doesn't re-use any of the seeds used for hash | ||
2782 | + * table location, we assume id gets exposed to userspace. | ||
2783 | + * | ||
2784 | + * Following nf_conn items do not change throughout lifetime | ||
2785 | + * of the nf_conn after it has been committed to main hash table: | ||
2786 | + * | ||
2787 | + * 1. nf_conn address | ||
2788 | + * 2. nf_conn->ext address | ||
2789 | + * 3. nf_conn->master address (normally NULL) | ||
2790 | + * 4. tuple | ||
2791 | + * 5. the associated net namespace | ||
2792 | + */ | ||
2793 | +u32 nf_ct_get_id(const struct nf_conn *ct) | ||
2794 | +{ | ||
2795 | + static __read_mostly siphash_key_t ct_id_seed; | ||
2796 | + unsigned long a, b, c, d; | ||
2797 | + | ||
2798 | + net_get_random_once(&ct_id_seed, sizeof(ct_id_seed)); | ||
2799 | + | ||
2800 | + a = (unsigned long)ct; | ||
2801 | + b = (unsigned long)ct->master ^ net_hash_mix(nf_ct_net(ct)); | ||
2802 | + c = (unsigned long)ct->ext; | ||
2803 | + d = (unsigned long)siphash(&ct->tuplehash, sizeof(ct->tuplehash), | ||
2804 | + &ct_id_seed); | ||
2805 | +#ifdef CONFIG_64BIT | ||
2806 | + return siphash_4u64((u64)a, (u64)b, (u64)c, (u64)d, &ct_id_seed); | ||
2807 | +#else | ||
2808 | + return siphash_4u32((u32)a, (u32)b, (u32)c, (u32)d, &ct_id_seed); | ||
2809 | +#endif | ||
2810 | +} | ||
2811 | +EXPORT_SYMBOL_GPL(nf_ct_get_id); | ||
2812 | + | ||
2813 | static void | ||
2814 | clean_from_lists(struct nf_conn *ct) | ||
2815 | { | ||
2816 | diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c | ||
2817 | index 036207ecaf16..47e5a076522d 100644 | ||
2818 | --- a/net/netfilter/nf_conntrack_netlink.c | ||
2819 | +++ b/net/netfilter/nf_conntrack_netlink.c | ||
2820 | @@ -29,6 +29,7 @@ | ||
2821 | #include <linux/spinlock.h> | ||
2822 | #include <linux/interrupt.h> | ||
2823 | #include <linux/slab.h> | ||
2824 | +#include <linux/siphash.h> | ||
2825 | |||
2826 | #include <linux/netfilter.h> | ||
2827 | #include <net/netlink.h> | ||
2828 | @@ -487,7 +488,9 @@ nla_put_failure: | ||
2829 | |||
2830 | static int ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct) | ||
2831 | { | ||
2832 | - if (nla_put_be32(skb, CTA_ID, htonl((unsigned long)ct))) | ||
2833 | + __be32 id = (__force __be32)nf_ct_get_id(ct); | ||
2834 | + | ||
2835 | + if (nla_put_be32(skb, CTA_ID, id)) | ||
2836 | goto nla_put_failure; | ||
2837 | return 0; | ||
2838 | |||
2839 | @@ -1275,8 +1278,9 @@ static int ctnetlink_del_conntrack(struct net *net, struct sock *ctnl, | ||
2840 | } | ||
2841 | |||
2842 | if (cda[CTA_ID]) { | ||
2843 | - u_int32_t id = ntohl(nla_get_be32(cda[CTA_ID])); | ||
2844 | - if (id != (u32)(unsigned long)ct) { | ||
2845 | + __be32 id = nla_get_be32(cda[CTA_ID]); | ||
2846 | + | ||
2847 | + if (id != (__force __be32)nf_ct_get_id(ct)) { | ||
2848 | nf_ct_put(ct); | ||
2849 | return -ENOENT; | ||
2850 | } | ||
2851 | @@ -2675,6 +2679,25 @@ nla_put_failure: | ||
2852 | |||
2853 | static const union nf_inet_addr any_addr; | ||
2854 | |||
2855 | +static __be32 nf_expect_get_id(const struct nf_conntrack_expect *exp) | ||
2856 | +{ | ||
2857 | + static __read_mostly siphash_key_t exp_id_seed; | ||
2858 | + unsigned long a, b, c, d; | ||
2859 | + | ||
2860 | + net_get_random_once(&exp_id_seed, sizeof(exp_id_seed)); | ||
2861 | + | ||
2862 | + a = (unsigned long)exp; | ||
2863 | + b = (unsigned long)exp->helper; | ||
2864 | + c = (unsigned long)exp->master; | ||
2865 | + d = (unsigned long)siphash(&exp->tuple, sizeof(exp->tuple), &exp_id_seed); | ||
2866 | + | ||
2867 | +#ifdef CONFIG_64BIT | ||
2868 | + return (__force __be32)siphash_4u64((u64)a, (u64)b, (u64)c, (u64)d, &exp_id_seed); | ||
2869 | +#else | ||
2870 | + return (__force __be32)siphash_4u32((u32)a, (u32)b, (u32)c, (u32)d, &exp_id_seed); | ||
2871 | +#endif | ||
2872 | +} | ||
2873 | + | ||
2874 | static int | ||
2875 | ctnetlink_exp_dump_expect(struct sk_buff *skb, | ||
2876 | const struct nf_conntrack_expect *exp) | ||
2877 | @@ -2722,7 +2745,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, | ||
2878 | } | ||
2879 | #endif | ||
2880 | if (nla_put_be32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)) || | ||
2881 | - nla_put_be32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)) || | ||
2882 | + nla_put_be32(skb, CTA_EXPECT_ID, nf_expect_get_id(exp)) || | ||
2883 | nla_put_be32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags)) || | ||
2884 | nla_put_be32(skb, CTA_EXPECT_CLASS, htonl(exp->class))) | ||
2885 | goto nla_put_failure; | ||
2886 | @@ -3027,7 +3050,8 @@ static int ctnetlink_get_expect(struct net *net, struct sock *ctnl, | ||
2887 | |||
2888 | if (cda[CTA_EXPECT_ID]) { | ||
2889 | __be32 id = nla_get_be32(cda[CTA_EXPECT_ID]); | ||
2890 | - if (ntohl(id) != (u32)(unsigned long)exp) { | ||
2891 | + | ||
2892 | + if (id != nf_expect_get_id(exp)) { | ||
2893 | nf_ct_expect_put(exp); | ||
2894 | return -ENOENT; | ||
2895 | } | ||
2896 | diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c | ||
2897 | index 51c5d7eec0a3..e903ef9b96cf 100644 | ||
2898 | --- a/net/netfilter/nf_conntrack_proto.c | ||
2899 | +++ b/net/netfilter/nf_conntrack_proto.c | ||
2900 | @@ -86,7 +86,7 @@ void nf_l4proto_log_invalid(const struct sk_buff *skb, | ||
2901 | struct va_format vaf; | ||
2902 | va_list args; | ||
2903 | |||
2904 | - if (net->ct.sysctl_log_invalid != protonum || | ||
2905 | + if (net->ct.sysctl_log_invalid != protonum && | ||
2906 | net->ct.sysctl_log_invalid != IPPROTO_RAW) | ||
2907 | return; | ||
2908 | |||
2909 | diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c | ||
2910 | index 1af54119bafc..ebfcfe1dcbdb 100644 | ||
2911 | --- a/net/netfilter/nf_tables_api.c | ||
2912 | +++ b/net/netfilter/nf_tables_api.c | ||
2913 | @@ -1496,7 +1496,7 @@ static int nft_chain_parse_hook(struct net *net, | ||
2914 | if (IS_ERR(type)) | ||
2915 | return PTR_ERR(type); | ||
2916 | } | ||
2917 | - if (!(type->hook_mask & (1 << hook->num))) | ||
2918 | + if (hook->num > NF_MAX_HOOKS || !(type->hook_mask & (1 << hook->num))) | ||
2919 | return -EOPNOTSUPP; | ||
2920 | |||
2921 | if (type->type == NFT_CHAIN_T_NAT && | ||
2922 | @@ -2113,9 +2113,11 @@ err1: | ||
2923 | static void nf_tables_expr_destroy(const struct nft_ctx *ctx, | ||
2924 | struct nft_expr *expr) | ||
2925 | { | ||
2926 | + const struct nft_expr_type *type = expr->ops->type; | ||
2927 | + | ||
2928 | if (expr->ops->destroy) | ||
2929 | expr->ops->destroy(ctx, expr); | ||
2930 | - module_put(expr->ops->type->owner); | ||
2931 | + module_put(type->owner); | ||
2932 | } | ||
2933 | |||
2934 | struct nft_expr *nft_expr_init(const struct nft_ctx *ctx, | ||
2935 | @@ -2717,8 +2719,11 @@ err2: | ||
2936 | nf_tables_rule_release(&ctx, rule); | ||
2937 | err1: | ||
2938 | for (i = 0; i < n; i++) { | ||
2939 | - if (info[i].ops != NULL) | ||
2940 | + if (info[i].ops) { | ||
2941 | module_put(info[i].ops->type->owner); | ||
2942 | + if (info[i].ops->type->release_ops) | ||
2943 | + info[i].ops->type->release_ops(info[i].ops); | ||
2944 | + } | ||
2945 | } | ||
2946 | kvfree(info); | ||
2947 | return err; | ||
2948 | diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c | ||
2949 | index ddfc52ac1f9b..c0d323b58e73 100644 | ||
2950 | --- a/net/nfc/nci/hci.c | ||
2951 | +++ b/net/nfc/nci/hci.c | ||
2952 | @@ -312,6 +312,10 @@ static void nci_hci_cmd_received(struct nci_dev *ndev, u8 pipe, | ||
2953 | create_info = (struct nci_hci_create_pipe_resp *)skb->data; | ||
2954 | dest_gate = create_info->dest_gate; | ||
2955 | new_pipe = create_info->pipe; | ||
2956 | + if (new_pipe >= NCI_HCI_MAX_PIPES) { | ||
2957 | + status = NCI_HCI_ANY_E_NOK; | ||
2958 | + goto exit; | ||
2959 | + } | ||
2960 | |||
2961 | /* Save the new created pipe and bind with local gate, | ||
2962 | * the description for skb->data[3] is destination gate id | ||
2963 | @@ -336,6 +340,10 @@ static void nci_hci_cmd_received(struct nci_dev *ndev, u8 pipe, | ||
2964 | goto exit; | ||
2965 | } | ||
2966 | delete_info = (struct nci_hci_delete_pipe_noti *)skb->data; | ||
2967 | + if (delete_info->pipe >= NCI_HCI_MAX_PIPES) { | ||
2968 | + status = NCI_HCI_ANY_E_NOK; | ||
2969 | + goto exit; | ||
2970 | + } | ||
2971 | |||
2972 | ndev->hci_dev->pipes[delete_info->pipe].gate = | ||
2973 | NCI_HCI_INVALID_GATE; | ||
2974 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c | ||
2975 | index ebbb30064251..18df3bce73da 100644 | ||
2976 | --- a/net/packet/af_packet.c | ||
2977 | +++ b/net/packet/af_packet.c | ||
2978 | @@ -4578,14 +4578,29 @@ static void __exit packet_exit(void) | ||
2979 | |||
2980 | static int __init packet_init(void) | ||
2981 | { | ||
2982 | - int rc = proto_register(&packet_proto, 0); | ||
2983 | + int rc; | ||
2984 | |||
2985 | - if (rc != 0) | ||
2986 | + rc = proto_register(&packet_proto, 0); | ||
2987 | + if (rc) | ||
2988 | goto out; | ||
2989 | + rc = sock_register(&packet_family_ops); | ||
2990 | + if (rc) | ||
2991 | + goto out_proto; | ||
2992 | + rc = register_pernet_subsys(&packet_net_ops); | ||
2993 | + if (rc) | ||
2994 | + goto out_sock; | ||
2995 | + rc = register_netdevice_notifier(&packet_netdev_notifier); | ||
2996 | + if (rc) | ||
2997 | + goto out_pernet; | ||
2998 | |||
2999 | - sock_register(&packet_family_ops); | ||
3000 | - register_pernet_subsys(&packet_net_ops); | ||
3001 | - register_netdevice_notifier(&packet_netdev_notifier); | ||
3002 | + return 0; | ||
3003 | + | ||
3004 | +out_pernet: | ||
3005 | + unregister_pernet_subsys(&packet_net_ops); | ||
3006 | +out_sock: | ||
3007 | + sock_unregister(PF_PACKET); | ||
3008 | +out_proto: | ||
3009 | + proto_unregister(&packet_proto); | ||
3010 | out: | ||
3011 | return rc; | ||
3012 | } | ||
3013 | diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c | ||
3014 | index da1a676860ca..0f4e42792878 100644 | ||
3015 | --- a/net/strparser/strparser.c | ||
3016 | +++ b/net/strparser/strparser.c | ||
3017 | @@ -140,13 +140,11 @@ static int __strp_recv(read_descriptor_t *desc, struct sk_buff *orig_skb, | ||
3018 | /* We are going to append to the frags_list of head. | ||
3019 | * Need to unshare the frag_list. | ||
3020 | */ | ||
3021 | - if (skb_has_frag_list(head)) { | ||
3022 | - err = skb_unclone(head, GFP_ATOMIC); | ||
3023 | - if (err) { | ||
3024 | - STRP_STATS_INCR(strp->stats.mem_fail); | ||
3025 | - desc->error = err; | ||
3026 | - return 0; | ||
3027 | - } | ||
3028 | + err = skb_unclone(head, GFP_ATOMIC); | ||
3029 | + if (err) { | ||
3030 | + STRP_STATS_INCR(strp->stats.mem_fail); | ||
3031 | + desc->error = err; | ||
3032 | + return 0; | ||
3033 | } | ||
3034 | |||
3035 | if (unlikely(skb_shinfo(head)->frag_list)) { | ||
3036 | diff --git a/net/tipc/socket.c b/net/tipc/socket.c | ||
3037 | index 67a7b312a499..6c91f1217dcf 100644 | ||
3038 | --- a/net/tipc/socket.c | ||
3039 | +++ b/net/tipc/socket.c | ||
3040 | @@ -726,11 +726,11 @@ static __poll_t tipc_poll(struct file *file, struct socket *sock, | ||
3041 | |||
3042 | switch (sk->sk_state) { | ||
3043 | case TIPC_ESTABLISHED: | ||
3044 | - case TIPC_CONNECTING: | ||
3045 | if (!tsk->cong_link_cnt && !tsk_conn_cong(tsk)) | ||
3046 | revents |= EPOLLOUT; | ||
3047 | /* fall thru' */ | ||
3048 | case TIPC_LISTEN: | ||
3049 | + case TIPC_CONNECTING: | ||
3050 | if (!skb_queue_empty(&sk->sk_receive_queue)) | ||
3051 | revents |= EPOLLIN | EPOLLRDNORM; | ||
3052 | break; | ||
3053 | @@ -2039,7 +2039,7 @@ static bool tipc_sk_filter_connect(struct tipc_sock *tsk, struct sk_buff *skb) | ||
3054 | return true; | ||
3055 | |||
3056 | /* If empty 'ACK-' message, wake up sleeping connect() */ | ||
3057 | - sk->sk_data_ready(sk); | ||
3058 | + sk->sk_state_change(sk); | ||
3059 | |||
3060 | /* 'ACK-' message is neither accepted nor rejected: */ | ||
3061 | msg_set_dest_droppable(hdr, 1); | ||
3062 | diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c | ||
3063 | index f4a19eac975d..fdf22cb0b3e6 100644 | ||
3064 | --- a/net/tls/tls_device.c | ||
3065 | +++ b/net/tls/tls_device.c | ||
3066 | @@ -52,8 +52,11 @@ static DEFINE_SPINLOCK(tls_device_lock); | ||
3067 | |||
3068 | static void tls_device_free_ctx(struct tls_context *ctx) | ||
3069 | { | ||
3070 | - if (ctx->tx_conf == TLS_HW) | ||
3071 | + if (ctx->tx_conf == TLS_HW) { | ||
3072 | kfree(tls_offload_ctx_tx(ctx)); | ||
3073 | + kfree(ctx->tx.rec_seq); | ||
3074 | + kfree(ctx->tx.iv); | ||
3075 | + } | ||
3076 | |||
3077 | if (ctx->rx_conf == TLS_HW) | ||
3078 | kfree(tls_offload_ctx_rx(ctx)); | ||
3079 | diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c | ||
3080 | index 295cd8d5554f..048e004ed0ee 100644 | ||
3081 | --- a/net/wireless/nl80211.c | ||
3082 | +++ b/net/wireless/nl80211.c | ||
3083 | @@ -13392,7 +13392,8 @@ static const struct genl_ops nl80211_ops[] = { | ||
3084 | .policy = nl80211_policy, | ||
3085 | .flags = GENL_UNS_ADMIN_PERM, | ||
3086 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | ||
3087 | - NL80211_FLAG_NEED_RTNL, | ||
3088 | + NL80211_FLAG_NEED_RTNL | | ||
3089 | + NL80211_FLAG_CLEAR_SKB, | ||
3090 | }, | ||
3091 | { | ||
3092 | .cmd = NL80211_CMD_DEAUTHENTICATE, | ||
3093 | @@ -13443,7 +13444,8 @@ static const struct genl_ops nl80211_ops[] = { | ||
3094 | .policy = nl80211_policy, | ||
3095 | .flags = GENL_UNS_ADMIN_PERM, | ||
3096 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | ||
3097 | - NL80211_FLAG_NEED_RTNL, | ||
3098 | + NL80211_FLAG_NEED_RTNL | | ||
3099 | + NL80211_FLAG_CLEAR_SKB, | ||
3100 | }, | ||
3101 | { | ||
3102 | .cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS, | ||
3103 | @@ -13451,7 +13453,8 @@ static const struct genl_ops nl80211_ops[] = { | ||
3104 | .policy = nl80211_policy, | ||
3105 | .flags = GENL_ADMIN_PERM, | ||
3106 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | ||
3107 | - NL80211_FLAG_NEED_RTNL, | ||
3108 | + NL80211_FLAG_NEED_RTNL | | ||
3109 | + NL80211_FLAG_CLEAR_SKB, | ||
3110 | }, | ||
3111 | { | ||
3112 | .cmd = NL80211_CMD_DISCONNECT, | ||
3113 | @@ -13480,7 +13483,8 @@ static const struct genl_ops nl80211_ops[] = { | ||
3114 | .policy = nl80211_policy, | ||
3115 | .flags = GENL_UNS_ADMIN_PERM, | ||
3116 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | ||
3117 | - NL80211_FLAG_NEED_RTNL, | ||
3118 | + NL80211_FLAG_NEED_RTNL | | ||
3119 | + NL80211_FLAG_CLEAR_SKB, | ||
3120 | }, | ||
3121 | { | ||
3122 | .cmd = NL80211_CMD_DEL_PMKSA, | ||
3123 | @@ -13832,7 +13836,8 @@ static const struct genl_ops nl80211_ops[] = { | ||
3124 | .policy = nl80211_policy, | ||
3125 | .flags = GENL_UNS_ADMIN_PERM, | ||
3126 | .internal_flags = NL80211_FLAG_NEED_WIPHY | | ||
3127 | - NL80211_FLAG_NEED_RTNL, | ||
3128 | + NL80211_FLAG_NEED_RTNL | | ||
3129 | + NL80211_FLAG_CLEAR_SKB, | ||
3130 | }, | ||
3131 | { | ||
3132 | .cmd = NL80211_CMD_SET_QOS_MAP, | ||
3133 | @@ -13887,7 +13892,8 @@ static const struct genl_ops nl80211_ops[] = { | ||
3134 | .doit = nl80211_set_pmk, | ||
3135 | .policy = nl80211_policy, | ||
3136 | .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | | ||
3137 | - NL80211_FLAG_NEED_RTNL, | ||
3138 | + NL80211_FLAG_NEED_RTNL | | ||
3139 | + NL80211_FLAG_CLEAR_SKB, | ||
3140 | }, | ||
3141 | { | ||
3142 | .cmd = NL80211_CMD_DEL_PMK, | ||
3143 | diff --git a/net/wireless/reg.c b/net/wireless/reg.c | ||
3144 | index 8002ace7c9f6..8a47297ff206 100644 | ||
3145 | --- a/net/wireless/reg.c | ||
3146 | +++ b/net/wireless/reg.c | ||
3147 | @@ -1287,6 +1287,16 @@ reg_intersect_dfs_region(const enum nl80211_dfs_regions dfs_region1, | ||
3148 | return dfs_region1; | ||
3149 | } | ||
3150 | |||
3151 | +static void reg_wmm_rules_intersect(const struct ieee80211_wmm_ac *wmm_ac1, | ||
3152 | + const struct ieee80211_wmm_ac *wmm_ac2, | ||
3153 | + struct ieee80211_wmm_ac *intersect) | ||
3154 | +{ | ||
3155 | + intersect->cw_min = max_t(u16, wmm_ac1->cw_min, wmm_ac2->cw_min); | ||
3156 | + intersect->cw_max = max_t(u16, wmm_ac1->cw_max, wmm_ac2->cw_max); | ||
3157 | + intersect->cot = min_t(u16, wmm_ac1->cot, wmm_ac2->cot); | ||
3158 | + intersect->aifsn = max_t(u8, wmm_ac1->aifsn, wmm_ac2->aifsn); | ||
3159 | +} | ||
3160 | + | ||
3161 | /* | ||
3162 | * Helper for regdom_intersect(), this does the real | ||
3163 | * mathematical intersection fun | ||
3164 | @@ -1301,6 +1311,8 @@ static int reg_rules_intersect(const struct ieee80211_regdomain *rd1, | ||
3165 | struct ieee80211_freq_range *freq_range; | ||
3166 | const struct ieee80211_power_rule *power_rule1, *power_rule2; | ||
3167 | struct ieee80211_power_rule *power_rule; | ||
3168 | + const struct ieee80211_wmm_rule *wmm_rule1, *wmm_rule2; | ||
3169 | + struct ieee80211_wmm_rule *wmm_rule; | ||
3170 | u32 freq_diff, max_bandwidth1, max_bandwidth2; | ||
3171 | |||
3172 | freq_range1 = &rule1->freq_range; | ||
3173 | @@ -1311,6 +1323,10 @@ static int reg_rules_intersect(const struct ieee80211_regdomain *rd1, | ||
3174 | power_rule2 = &rule2->power_rule; | ||
3175 | power_rule = &intersected_rule->power_rule; | ||
3176 | |||
3177 | + wmm_rule1 = &rule1->wmm_rule; | ||
3178 | + wmm_rule2 = &rule2->wmm_rule; | ||
3179 | + wmm_rule = &intersected_rule->wmm_rule; | ||
3180 | + | ||
3181 | freq_range->start_freq_khz = max(freq_range1->start_freq_khz, | ||
3182 | freq_range2->start_freq_khz); | ||
3183 | freq_range->end_freq_khz = min(freq_range1->end_freq_khz, | ||
3184 | @@ -1354,6 +1370,29 @@ static int reg_rules_intersect(const struct ieee80211_regdomain *rd1, | ||
3185 | intersected_rule->dfs_cac_ms = max(rule1->dfs_cac_ms, | ||
3186 | rule2->dfs_cac_ms); | ||
3187 | |||
3188 | + if (rule1->has_wmm && rule2->has_wmm) { | ||
3189 | + u8 ac; | ||
3190 | + | ||
3191 | + for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { | ||
3192 | + reg_wmm_rules_intersect(&wmm_rule1->client[ac], | ||
3193 | + &wmm_rule2->client[ac], | ||
3194 | + &wmm_rule->client[ac]); | ||
3195 | + reg_wmm_rules_intersect(&wmm_rule1->ap[ac], | ||
3196 | + &wmm_rule2->ap[ac], | ||
3197 | + &wmm_rule->ap[ac]); | ||
3198 | + } | ||
3199 | + | ||
3200 | + intersected_rule->has_wmm = true; | ||
3201 | + } else if (rule1->has_wmm) { | ||
3202 | + *wmm_rule = *wmm_rule1; | ||
3203 | + intersected_rule->has_wmm = true; | ||
3204 | + } else if (rule2->has_wmm) { | ||
3205 | + *wmm_rule = *wmm_rule2; | ||
3206 | + intersected_rule->has_wmm = true; | ||
3207 | + } else { | ||
3208 | + intersected_rule->has_wmm = false; | ||
3209 | + } | ||
3210 | + | ||
3211 | if (!is_valid_reg_rule(intersected_rule)) | ||
3212 | return -EINVAL; | ||
3213 | |||
3214 | diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c | ||
3215 | index cba19b8c3e51..70bad15ed7a0 100644 | ||
3216 | --- a/security/selinux/hooks.c | ||
3217 | +++ b/security/selinux/hooks.c | ||
3218 | @@ -4800,7 +4800,7 @@ static int selinux_socket_connect_helper(struct socket *sock, | ||
3219 | struct lsm_network_audit net = {0,}; | ||
3220 | struct sockaddr_in *addr4 = NULL; | ||
3221 | struct sockaddr_in6 *addr6 = NULL; | ||
3222 | - unsigned short snum; | ||
3223 | + unsigned short snum = 0; | ||
3224 | u32 sid, perm; | ||
3225 | |||
3226 | /* sctp_connectx(3) calls via selinux_sctp_bind_connect() | ||
3227 | @@ -4823,12 +4823,12 @@ static int selinux_socket_connect_helper(struct socket *sock, | ||
3228 | break; | ||
3229 | default: | ||
3230 | /* Note that SCTP services expect -EINVAL, whereas | ||
3231 | - * others expect -EAFNOSUPPORT. | ||
3232 | + * others must handle this at the protocol level: | ||
3233 | + * connect(AF_UNSPEC) on a connected socket is | ||
3234 | + * a documented way disconnect the socket. | ||
3235 | */ | ||
3236 | if (sksec->sclass == SECCLASS_SCTP_SOCKET) | ||
3237 | return -EINVAL; | ||
3238 | - else | ||
3239 | - return -EAFNOSUPPORT; | ||
3240 | } | ||
3241 | |||
3242 | err = sel_netport_sid(sk->sk_protocol, snum, &sid); | ||
3243 | diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c | ||
3244 | index 10985d991ed2..6ccfd13d5cf9 100644 | ||
3245 | --- a/tools/lib/traceevent/event-parse.c | ||
3246 | +++ b/tools/lib/traceevent/event-parse.c | ||
3247 | @@ -2192,7 +2192,7 @@ eval_type_str(unsigned long long val, const char *type, int pointer) | ||
3248 | return val & 0xffffffff; | ||
3249 | |||
3250 | if (strcmp(type, "u64") == 0 || | ||
3251 | - strcmp(type, "s64")) | ||
3252 | + strcmp(type, "s64") == 0) | ||
3253 | return val; | ||
3254 | |||
3255 | if (strcmp(type, "s8") == 0) | ||
3256 | diff --git a/tools/testing/selftests/net/fib_tests.sh b/tools/testing/selftests/net/fib_tests.sh | ||
3257 | index a4ccde0e473b..2f190aa8fc5f 100755 | ||
3258 | --- a/tools/testing/selftests/net/fib_tests.sh | ||
3259 | +++ b/tools/testing/selftests/net/fib_tests.sh | ||
3260 | @@ -602,6 +602,39 @@ run_cmd() | ||
3261 | return $rc | ||
3262 | } | ||
3263 | |||
3264 | +check_expected() | ||
3265 | +{ | ||
3266 | + local out="$1" | ||
3267 | + local expected="$2" | ||
3268 | + local rc=0 | ||
3269 | + | ||
3270 | + [ "${out}" = "${expected}" ] && return 0 | ||
3271 | + | ||
3272 | + if [ -z "${out}" ]; then | ||
3273 | + if [ "$VERBOSE" = "1" ]; then | ||
3274 | + printf "\nNo route entry found\n" | ||
3275 | + printf "Expected:\n" | ||
3276 | + printf " ${expected}\n" | ||
3277 | + fi | ||
3278 | + return 1 | ||
3279 | + fi | ||
3280 | + | ||
3281 | + # tricky way to convert output to 1-line without ip's | ||
3282 | + # messy '\'; this drops all extra white space | ||
3283 | + out=$(echo ${out}) | ||
3284 | + if [ "${out}" != "${expected}" ]; then | ||
3285 | + rc=1 | ||
3286 | + if [ "${VERBOSE}" = "1" ]; then | ||
3287 | + printf " Unexpected route entry. Have:\n" | ||
3288 | + printf " ${out}\n" | ||
3289 | + printf " Expected:\n" | ||
3290 | + printf " ${expected}\n\n" | ||
3291 | + fi | ||
3292 | + fi | ||
3293 | + | ||
3294 | + return $rc | ||
3295 | +} | ||
3296 | + | ||
3297 | # add route for a prefix, flushing any existing routes first | ||
3298 | # expected to be the first step of a test | ||
3299 | add_route6() | ||
3300 | @@ -646,31 +679,7 @@ check_route6() | ||
3301 | local rc=0 | ||
3302 | |||
3303 | out=$($IP -6 ro ls match ${pfx} | sed -e 's/ pref medium//') | ||
3304 | - [ "${out}" = "${expected}" ] && return 0 | ||
3305 | - | ||
3306 | - if [ -z "${out}" ]; then | ||
3307 | - if [ "$VERBOSE" = "1" ]; then | ||
3308 | - printf "\nNo route entry found\n" | ||
3309 | - printf "Expected:\n" | ||
3310 | - printf " ${expected}\n" | ||
3311 | - fi | ||
3312 | - return 1 | ||
3313 | - fi | ||
3314 | - | ||
3315 | - # tricky way to convert output to 1-line without ip's | ||
3316 | - # messy '\'; this drops all extra white space | ||
3317 | - out=$(echo ${out}) | ||
3318 | - if [ "${out}" != "${expected}" ]; then | ||
3319 | - rc=1 | ||
3320 | - if [ "${VERBOSE}" = "1" ]; then | ||
3321 | - printf " Unexpected route entry. Have:\n" | ||
3322 | - printf " ${out}\n" | ||
3323 | - printf " Expected:\n" | ||
3324 | - printf " ${expected}\n\n" | ||
3325 | - fi | ||
3326 | - fi | ||
3327 | - | ||
3328 | - return $rc | ||
3329 | + check_expected "${out}" "${expected}" | ||
3330 | } | ||
3331 | |||
3332 | route_cleanup() | ||
3333 | @@ -714,7 +723,7 @@ route_setup() | ||
3334 | $IP addr add 172.16.103.2/24 dev veth4 | ||
3335 | $IP addr add 172.16.104.1/24 dev dummy1 | ||
3336 | |||
3337 | - set +ex | ||
3338 | + set +e | ||
3339 | } | ||
3340 | |||
3341 | # assumption is that basic add of a single path route works | ||
3342 | @@ -949,7 +958,8 @@ ipv6_addr_metric_test() | ||
3343 | run_cmd "$IP li set dev dummy2 down" | ||
3344 | rc=$? | ||
3345 | if [ $rc -eq 0 ]; then | ||
3346 | - check_route6 "" | ||
3347 | + out=$($IP -6 ro ls match 2001:db8:104::/64) | ||
3348 | + check_expected "${out}" "" | ||
3349 | rc=$? | ||
3350 | fi | ||
3351 | log_test $rc 0 "Prefix route removed on link down" | ||
3352 | @@ -1009,34 +1019,9 @@ check_route() | ||
3353 | local pfx="172.16.104.0/24" | ||
3354 | local expected="$1" | ||
3355 | local out | ||
3356 | - local rc=0 | ||
3357 | |||
3358 | out=$($IP ro ls match ${pfx}) | ||
3359 | - [ "${out}" = "${expected}" ] && return 0 | ||
3360 | - | ||
3361 | - if [ -z "${out}" ]; then | ||
3362 | - if [ "$VERBOSE" = "1" ]; then | ||
3363 | - printf "\nNo route entry found\n" | ||
3364 | - printf "Expected:\n" | ||
3365 | - printf " ${expected}\n" | ||
3366 | - fi | ||
3367 | - return 1 | ||
3368 | - fi | ||
3369 | - | ||
3370 | - # tricky way to convert output to 1-line without ip's | ||
3371 | - # messy '\'; this drops all extra white space | ||
3372 | - out=$(echo ${out}) | ||
3373 | - if [ "${out}" != "${expected}" ]; then | ||
3374 | - rc=1 | ||
3375 | - if [ "${VERBOSE}" = "1" ]; then | ||
3376 | - printf " Unexpected route entry. Have:\n" | ||
3377 | - printf " ${out}\n" | ||
3378 | - printf " Expected:\n" | ||
3379 | - printf " ${expected}\n\n" | ||
3380 | - fi | ||
3381 | - fi | ||
3382 | - | ||
3383 | - return $rc | ||
3384 | + check_expected "${out}" "${expected}" | ||
3385 | } | ||
3386 | |||
3387 | # assumption is that basic add of a single path route works | ||
3388 | @@ -1301,7 +1286,8 @@ ipv4_addr_metric_test() | ||
3389 | run_cmd "$IP li set dev dummy2 down" | ||
3390 | rc=$? | ||
3391 | if [ $rc -eq 0 ]; then | ||
3392 | - check_route "" | ||
3393 | + out=$($IP ro ls match 172.16.104.0/24) | ||
3394 | + check_expected "${out}" "" | ||
3395 | rc=$? | ||
3396 | fi | ||
3397 | log_test $rc 0 "Prefix route removed on link down" | ||
3398 | diff --git a/tools/testing/selftests/net/run_netsocktests b/tools/testing/selftests/net/run_netsocktests | ||
3399 | index b093f39c298c..14e41faf2c57 100755 | ||
3400 | --- a/tools/testing/selftests/net/run_netsocktests | ||
3401 | +++ b/tools/testing/selftests/net/run_netsocktests | ||
3402 | @@ -7,7 +7,7 @@ echo "--------------------" | ||
3403 | ./socket | ||
3404 | if [ $? -ne 0 ]; then | ||
3405 | echo "[FAIL]" | ||
3406 | + exit 1 | ||
3407 | else | ||
3408 | echo "[PASS]" | ||
3409 | fi | ||
3410 | - | ||
3411 | diff --git a/tools/testing/selftests/netfilter/Makefile b/tools/testing/selftests/netfilter/Makefile | ||
3412 | index c9ff2b47bd1c..a37cb1192c6a 100644 | ||
3413 | --- a/tools/testing/selftests/netfilter/Makefile | ||
3414 | +++ b/tools/testing/selftests/netfilter/Makefile | ||
3415 | @@ -1,6 +1,6 @@ | ||
3416 | # SPDX-License-Identifier: GPL-2.0 | ||
3417 | # Makefile for netfilter selftests | ||
3418 | |||
3419 | -TEST_PROGS := nft_trans_stress.sh nft_nat.sh | ||
3420 | +TEST_PROGS := nft_trans_stress.sh nft_nat.sh conntrack_icmp_related.sh | ||
3421 | |||
3422 | include ../lib.mk | ||
3423 | diff --git a/tools/testing/selftests/netfilter/conntrack_icmp_related.sh b/tools/testing/selftests/netfilter/conntrack_icmp_related.sh | ||
3424 | new file mode 100755 | ||
3425 | index 000000000000..b48e1833bc89 | ||
3426 | --- /dev/null | ||
3427 | +++ b/tools/testing/selftests/netfilter/conntrack_icmp_related.sh | ||
3428 | @@ -0,0 +1,283 @@ | ||
3429 | +#!/bin/bash | ||
3430 | +# | ||
3431 | +# check that ICMP df-needed/pkttoobig icmp are set are set as related | ||
3432 | +# state | ||
3433 | +# | ||
3434 | +# Setup is: | ||
3435 | +# | ||
3436 | +# nsclient1 -> nsrouter1 -> nsrouter2 -> nsclient2 | ||
3437 | +# MTU 1500, except for nsrouter2 <-> nsclient2 link (1280). | ||
3438 | +# ping nsclient2 from nsclient1, checking that conntrack did set RELATED | ||
3439 | +# 'fragmentation needed' icmp packet. | ||
3440 | +# | ||
3441 | +# In addition, nsrouter1 will perform IP masquerading, i.e. also | ||
3442 | +# check the icmp errors are propagated to the correct host as per | ||
3443 | +# nat of "established" icmp-echo "connection". | ||
3444 | + | ||
3445 | +# Kselftest framework requirement - SKIP code is 4. | ||
3446 | +ksft_skip=4 | ||
3447 | +ret=0 | ||
3448 | + | ||
3449 | +nft --version > /dev/null 2>&1 | ||
3450 | +if [ $? -ne 0 ];then | ||
3451 | + echo "SKIP: Could not run test without nft tool" | ||
3452 | + exit $ksft_skip | ||
3453 | +fi | ||
3454 | + | ||
3455 | +ip -Version > /dev/null 2>&1 | ||
3456 | +if [ $? -ne 0 ];then | ||
3457 | + echo "SKIP: Could not run test without ip tool" | ||
3458 | + exit $ksft_skip | ||
3459 | +fi | ||
3460 | + | ||
3461 | +cleanup() { | ||
3462 | + for i in 1 2;do ip netns del nsclient$i;done | ||
3463 | + for i in 1 2;do ip netns del nsrouter$i;done | ||
3464 | +} | ||
3465 | + | ||
3466 | +ipv4() { | ||
3467 | + echo -n 192.168.$1.2 | ||
3468 | +} | ||
3469 | + | ||
3470 | +ipv6 () { | ||
3471 | + echo -n dead:$1::2 | ||
3472 | +} | ||
3473 | + | ||
3474 | +check_counter() | ||
3475 | +{ | ||
3476 | + ns=$1 | ||
3477 | + name=$2 | ||
3478 | + expect=$3 | ||
3479 | + local lret=0 | ||
3480 | + | ||
3481 | + cnt=$(ip netns exec $ns nft list counter inet filter "$name" | grep -q "$expect") | ||
3482 | + if [ $? -ne 0 ]; then | ||
3483 | + echo "ERROR: counter $name in $ns has unexpected value (expected $expect)" 1>&2 | ||
3484 | + ip netns exec $ns nft list counter inet filter "$name" 1>&2 | ||
3485 | + lret=1 | ||
3486 | + fi | ||
3487 | + | ||
3488 | + return $lret | ||
3489 | +} | ||
3490 | + | ||
3491 | +check_unknown() | ||
3492 | +{ | ||
3493 | + expect="packets 0 bytes 0" | ||
3494 | + for n in nsclient1 nsclient2 nsrouter1 nsrouter2; do | ||
3495 | + check_counter $n "unknown" "$expect" | ||
3496 | + if [ $? -ne 0 ] ;then | ||
3497 | + return 1 | ||
3498 | + fi | ||
3499 | + done | ||
3500 | + | ||
3501 | + return 0 | ||
3502 | +} | ||
3503 | + | ||
3504 | +for n in nsclient1 nsclient2 nsrouter1 nsrouter2; do | ||
3505 | + ip netns add $n | ||
3506 | + ip -net $n link set lo up | ||
3507 | +done | ||
3508 | + | ||
3509 | +DEV=veth0 | ||
3510 | +ip link add $DEV netns nsclient1 type veth peer name eth1 netns nsrouter1 | ||
3511 | +DEV=veth0 | ||
3512 | +ip link add $DEV netns nsclient2 type veth peer name eth1 netns nsrouter2 | ||
3513 | + | ||
3514 | +DEV=veth0 | ||
3515 | +ip link add $DEV netns nsrouter1 type veth peer name eth2 netns nsrouter2 | ||
3516 | + | ||
3517 | +DEV=veth0 | ||
3518 | +for i in 1 2; do | ||
3519 | + ip -net nsclient$i link set $DEV up | ||
3520 | + ip -net nsclient$i addr add $(ipv4 $i)/24 dev $DEV | ||
3521 | + ip -net nsclient$i addr add $(ipv6 $i)/64 dev $DEV | ||
3522 | +done | ||
3523 | + | ||
3524 | +ip -net nsrouter1 link set eth1 up | ||
3525 | +ip -net nsrouter1 link set veth0 up | ||
3526 | + | ||
3527 | +ip -net nsrouter2 link set eth1 up | ||
3528 | +ip -net nsrouter2 link set eth2 up | ||
3529 | + | ||
3530 | +ip -net nsclient1 route add default via 192.168.1.1 | ||
3531 | +ip -net nsclient1 -6 route add default via dead:1::1 | ||
3532 | + | ||
3533 | +ip -net nsclient2 route add default via 192.168.2.1 | ||
3534 | +ip -net nsclient2 route add default via dead:2::1 | ||
3535 | + | ||
3536 | +i=3 | ||
3537 | +ip -net nsrouter1 addr add 192.168.1.1/24 dev eth1 | ||
3538 | +ip -net nsrouter1 addr add 192.168.3.1/24 dev veth0 | ||
3539 | +ip -net nsrouter1 addr add dead:1::1/64 dev eth1 | ||
3540 | +ip -net nsrouter1 addr add dead:3::1/64 dev veth0 | ||
3541 | +ip -net nsrouter1 route add default via 192.168.3.10 | ||
3542 | +ip -net nsrouter1 -6 route add default via dead:3::10 | ||
3543 | + | ||
3544 | +ip -net nsrouter2 addr add 192.168.2.1/24 dev eth1 | ||
3545 | +ip -net nsrouter2 addr add 192.168.3.10/24 dev eth2 | ||
3546 | +ip -net nsrouter2 addr add dead:2::1/64 dev eth1 | ||
3547 | +ip -net nsrouter2 addr add dead:3::10/64 dev eth2 | ||
3548 | +ip -net nsrouter2 route add default via 192.168.3.1 | ||
3549 | +ip -net nsrouter2 route add default via dead:3::1 | ||
3550 | + | ||
3551 | +sleep 2 | ||
3552 | +for i in 4 6; do | ||
3553 | + ip netns exec nsrouter1 sysctl -q net.ipv$i.conf.all.forwarding=1 | ||
3554 | + ip netns exec nsrouter2 sysctl -q net.ipv$i.conf.all.forwarding=1 | ||
3555 | +done | ||
3556 | + | ||
3557 | +for netns in nsrouter1 nsrouter2; do | ||
3558 | +ip netns exec $netns nft -f - <<EOF | ||
3559 | +table inet filter { | ||
3560 | + counter unknown { } | ||
3561 | + counter related { } | ||
3562 | + chain forward { | ||
3563 | + type filter hook forward priority 0; policy accept; | ||
3564 | + meta l4proto icmpv6 icmpv6 type "packet-too-big" ct state "related" counter name "related" accept | ||
3565 | + meta l4proto icmp icmp type "destination-unreachable" ct state "related" counter name "related" accept | ||
3566 | + meta l4proto { icmp, icmpv6 } ct state new,established accept | ||
3567 | + counter name "unknown" drop | ||
3568 | + } | ||
3569 | +} | ||
3570 | +EOF | ||
3571 | +done | ||
3572 | + | ||
3573 | +ip netns exec nsclient1 nft -f - <<EOF | ||
3574 | +table inet filter { | ||
3575 | + counter unknown { } | ||
3576 | + counter related { } | ||
3577 | + chain input { | ||
3578 | + type filter hook input priority 0; policy accept; | ||
3579 | + meta l4proto { icmp, icmpv6 } ct state established,untracked accept | ||
3580 | + | ||
3581 | + meta l4proto { icmp, icmpv6 } ct state "related" counter name "related" accept | ||
3582 | + counter name "unknown" drop | ||
3583 | + } | ||
3584 | +} | ||
3585 | +EOF | ||
3586 | + | ||
3587 | +ip netns exec nsclient2 nft -f - <<EOF | ||
3588 | +table inet filter { | ||
3589 | + counter unknown { } | ||
3590 | + counter new { } | ||
3591 | + counter established { } | ||
3592 | + | ||
3593 | + chain input { | ||
3594 | + type filter hook input priority 0; policy accept; | ||
3595 | + meta l4proto { icmp, icmpv6 } ct state established,untracked accept | ||
3596 | + | ||
3597 | + meta l4proto { icmp, icmpv6 } ct state "new" counter name "new" accept | ||
3598 | + meta l4proto { icmp, icmpv6 } ct state "established" counter name "established" accept | ||
3599 | + counter name "unknown" drop | ||
3600 | + } | ||
3601 | + chain output { | ||
3602 | + type filter hook output priority 0; policy accept; | ||
3603 | + meta l4proto { icmp, icmpv6 } ct state established,untracked accept | ||
3604 | + | ||
3605 | + meta l4proto { icmp, icmpv6 } ct state "new" counter name "new" | ||
3606 | + meta l4proto { icmp, icmpv6 } ct state "established" counter name "established" | ||
3607 | + counter name "unknown" drop | ||
3608 | + } | ||
3609 | +} | ||
3610 | +EOF | ||
3611 | + | ||
3612 | + | ||
3613 | +# make sure NAT core rewrites adress of icmp error if nat is used according to | ||
3614 | +# conntrack nat information (icmp error will be directed at nsrouter1 address, | ||
3615 | +# but it needs to be routed to nsclient1 address). | ||
3616 | +ip netns exec nsrouter1 nft -f - <<EOF | ||
3617 | +table ip nat { | ||
3618 | + chain postrouting { | ||
3619 | + type nat hook postrouting priority 0; policy accept; | ||
3620 | + ip protocol icmp oifname "veth0" counter masquerade | ||
3621 | + } | ||
3622 | +} | ||
3623 | +table ip6 nat { | ||
3624 | + chain postrouting { | ||
3625 | + type nat hook postrouting priority 0; policy accept; | ||
3626 | + ip6 nexthdr icmpv6 oifname "veth0" counter masquerade | ||
3627 | + } | ||
3628 | +} | ||
3629 | +EOF | ||
3630 | + | ||
3631 | +ip netns exec nsrouter2 ip link set eth1 mtu 1280 | ||
3632 | +ip netns exec nsclient2 ip link set veth0 mtu 1280 | ||
3633 | +sleep 1 | ||
3634 | + | ||
3635 | +ip netns exec nsclient1 ping -c 1 -s 1000 -q -M do 192.168.2.2 >/dev/null | ||
3636 | +if [ $? -ne 0 ]; then | ||
3637 | + echo "ERROR: netns ip routing/connectivity broken" 1>&2 | ||
3638 | + cleanup | ||
3639 | + exit 1 | ||
3640 | +fi | ||
3641 | +ip netns exec nsclient1 ping6 -q -c 1 -s 1000 dead:2::2 >/dev/null | ||
3642 | +if [ $? -ne 0 ]; then | ||
3643 | + echo "ERROR: netns ipv6 routing/connectivity broken" 1>&2 | ||
3644 | + cleanup | ||
3645 | + exit 1 | ||
3646 | +fi | ||
3647 | + | ||
3648 | +check_unknown | ||
3649 | +if [ $? -ne 0 ]; then | ||
3650 | + ret=1 | ||
3651 | +fi | ||
3652 | + | ||
3653 | +expect="packets 0 bytes 0" | ||
3654 | +for netns in nsrouter1 nsrouter2 nsclient1;do | ||
3655 | + check_counter "$netns" "related" "$expect" | ||
3656 | + if [ $? -ne 0 ]; then | ||
3657 | + ret=1 | ||
3658 | + fi | ||
3659 | +done | ||
3660 | + | ||
3661 | +expect="packets 2 bytes 2076" | ||
3662 | +check_counter nsclient2 "new" "$expect" | ||
3663 | +if [ $? -ne 0 ]; then | ||
3664 | + ret=1 | ||
3665 | +fi | ||
3666 | + | ||
3667 | +ip netns exec nsclient1 ping -q -c 1 -s 1300 -M do 192.168.2.2 > /dev/null | ||
3668 | +if [ $? -eq 0 ]; then | ||
3669 | + echo "ERROR: ping should have failed with PMTU too big error" 1>&2 | ||
3670 | + ret=1 | ||
3671 | +fi | ||
3672 | + | ||
3673 | +# nsrouter2 should have generated the icmp error, so | ||
3674 | +# related counter should be 0 (its in forward). | ||
3675 | +expect="packets 0 bytes 0" | ||
3676 | +check_counter "nsrouter2" "related" "$expect" | ||
3677 | +if [ $? -ne 0 ]; then | ||
3678 | + ret=1 | ||
3679 | +fi | ||
3680 | + | ||
3681 | +# but nsrouter1 should have seen it, same for nsclient1. | ||
3682 | +expect="packets 1 bytes 576" | ||
3683 | +for netns in nsrouter1 nsclient1;do | ||
3684 | + check_counter "$netns" "related" "$expect" | ||
3685 | + if [ $? -ne 0 ]; then | ||
3686 | + ret=1 | ||
3687 | + fi | ||
3688 | +done | ||
3689 | + | ||
3690 | +ip netns exec nsclient1 ping6 -c 1 -s 1300 dead:2::2 > /dev/null | ||
3691 | +if [ $? -eq 0 ]; then | ||
3692 | + echo "ERROR: ping6 should have failed with PMTU too big error" 1>&2 | ||
3693 | + ret=1 | ||
3694 | +fi | ||
3695 | + | ||
3696 | +expect="packets 2 bytes 1856" | ||
3697 | +for netns in nsrouter1 nsclient1;do | ||
3698 | + check_counter "$netns" "related" "$expect" | ||
3699 | + if [ $? -ne 0 ]; then | ||
3700 | + ret=1 | ||
3701 | + fi | ||
3702 | +done | ||
3703 | + | ||
3704 | +if [ $ret -eq 0 ];then | ||
3705 | + echo "PASS: icmp mtu error had RELATED state" | ||
3706 | +else | ||
3707 | + echo "ERROR: icmp error RELATED state test has failed" | ||
3708 | +fi | ||
3709 | + | ||
3710 | +cleanup | ||
3711 | +exit $ret | ||
3712 | diff --git a/virt/kvm/irqchip.c b/virt/kvm/irqchip.c | ||
3713 | index b1286c4e0712..0bd0683640bd 100644 | ||
3714 | --- a/virt/kvm/irqchip.c | ||
3715 | +++ b/virt/kvm/irqchip.c | ||
3716 | @@ -144,18 +144,19 @@ static int setup_routing_entry(struct kvm *kvm, | ||
3717 | { | ||
3718 | struct kvm_kernel_irq_routing_entry *ei; | ||
3719 | int r; | ||
3720 | + u32 gsi = array_index_nospec(ue->gsi, KVM_MAX_IRQ_ROUTES); | ||
3721 | |||
3722 | /* | ||
3723 | * Do not allow GSI to be mapped to the same irqchip more than once. | ||
3724 | * Allow only one to one mapping between GSI and non-irqchip routing. | ||
3725 | */ | ||
3726 | - hlist_for_each_entry(ei, &rt->map[ue->gsi], link) | ||
3727 | + hlist_for_each_entry(ei, &rt->map[gsi], link) | ||
3728 | if (ei->type != KVM_IRQ_ROUTING_IRQCHIP || | ||
3729 | ue->type != KVM_IRQ_ROUTING_IRQCHIP || | ||
3730 | ue->u.irqchip.irqchip == ei->irqchip.irqchip) | ||
3731 | return -EINVAL; | ||
3732 | |||
3733 | - e->gsi = ue->gsi; | ||
3734 | + e->gsi = gsi; | ||
3735 | e->type = ue->type; | ||
3736 | r = kvm_set_routing_entry(kvm, e, ue); | ||
3737 | if (r) | ||
3738 | diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c | ||
3739 | index 6a79df88b546..e909d9907b50 100644 | ||
3740 | --- a/virt/kvm/kvm_main.c | ||
3741 | +++ b/virt/kvm/kvm_main.c | ||
3742 | @@ -2887,12 +2887,14 @@ static int kvm_ioctl_create_device(struct kvm *kvm, | ||
3743 | struct kvm_device_ops *ops = NULL; | ||
3744 | struct kvm_device *dev; | ||
3745 | bool test = cd->flags & KVM_CREATE_DEVICE_TEST; | ||
3746 | + int type; | ||
3747 | int ret; | ||
3748 | |||
3749 | if (cd->type >= ARRAY_SIZE(kvm_device_ops_table)) | ||
3750 | return -ENODEV; | ||
3751 | |||
3752 | - ops = kvm_device_ops_table[cd->type]; | ||
3753 | + type = array_index_nospec(cd->type, ARRAY_SIZE(kvm_device_ops_table)); | ||
3754 | + ops = kvm_device_ops_table[type]; | ||
3755 | if (ops == NULL) | ||
3756 | return -ENODEV; | ||
3757 | |||
3758 | @@ -2907,7 +2909,7 @@ static int kvm_ioctl_create_device(struct kvm *kvm, | ||
3759 | dev->kvm = kvm; | ||
3760 | |||
3761 | mutex_lock(&kvm->lock); | ||
3762 | - ret = ops->create(dev, cd->type); | ||
3763 | + ret = ops->create(dev, type); | ||
3764 | if (ret < 0) { | ||
3765 | mutex_unlock(&kvm->lock); | ||
3766 | kfree(dev); |