Annotation of /trunk/kernel-alx/patches-4.19/0161-4.19.62-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3440 -
(hide annotations)
(download)
Fri Aug 2 11:48:07 2019 UTC (4 years, 10 months ago) by niro
File size: 74141 byte(s)
Fri Aug 2 11:48:07 2019 UTC (4 years, 10 months ago) by niro
File size: 74141 byte(s)
-linux-4.19.62
| 1 | niro | 3440 | diff --git a/Makefile b/Makefile |
| 2 | index b16485c580d7..a4463d880ae2 100644 | ||
| 3 | --- a/Makefile | ||
| 4 | +++ b/Makefile | ||
| 5 | @@ -1,7 +1,7 @@ | ||
| 6 | # SPDX-License-Identifier: GPL-2.0 | ||
| 7 | VERSION = 4 | ||
| 8 | PATCHLEVEL = 19 | ||
| 9 | -SUBLEVEL = 61 | ||
| 10 | +SUBLEVEL = 62 | ||
| 11 | EXTRAVERSION = | ||
| 12 | NAME = "People's Front" | ||
| 13 | |||
| 14 | diff --git a/arch/mips/jz4740/board-qi_lb60.c b/arch/mips/jz4740/board-qi_lb60.c | ||
| 15 | index 705593d40d12..05c60fa4fa06 100644 | ||
| 16 | --- a/arch/mips/jz4740/board-qi_lb60.c | ||
| 17 | +++ b/arch/mips/jz4740/board-qi_lb60.c | ||
| 18 | @@ -471,27 +471,27 @@ static unsigned long pin_cfg_bias_disable[] = { | ||
| 19 | static struct pinctrl_map pin_map[] __initdata = { | ||
| 20 | /* NAND pin configuration */ | ||
| 21 | PIN_MAP_MUX_GROUP_DEFAULT("jz4740-nand", | ||
| 22 | - "10010000.jz4740-pinctrl", "nand", "nand-cs1"), | ||
| 23 | + "10010000.pin-controller", "nand-cs1", "nand"), | ||
| 24 | |||
| 25 | /* fbdev pin configuration */ | ||
| 26 | PIN_MAP_MUX_GROUP("jz4740-fb", PINCTRL_STATE_DEFAULT, | ||
| 27 | - "10010000.jz4740-pinctrl", "lcd", "lcd-8bit"), | ||
| 28 | + "10010000.pin-controller", "lcd-8bit", "lcd"), | ||
| 29 | PIN_MAP_MUX_GROUP("jz4740-fb", PINCTRL_STATE_SLEEP, | ||
| 30 | - "10010000.jz4740-pinctrl", "lcd", "lcd-no-pins"), | ||
| 31 | + "10010000.pin-controller", "lcd-no-pins", "lcd"), | ||
| 32 | |||
| 33 | /* MMC pin configuration */ | ||
| 34 | PIN_MAP_MUX_GROUP_DEFAULT("jz4740-mmc.0", | ||
| 35 | - "10010000.jz4740-pinctrl", "mmc", "mmc-1bit"), | ||
| 36 | + "10010000.pin-controller", "mmc-1bit", "mmc"), | ||
| 37 | PIN_MAP_MUX_GROUP_DEFAULT("jz4740-mmc.0", | ||
| 38 | - "10010000.jz4740-pinctrl", "mmc", "mmc-4bit"), | ||
| 39 | + "10010000.pin-controller", "mmc-4bit", "mmc"), | ||
| 40 | PIN_MAP_CONFIGS_PIN_DEFAULT("jz4740-mmc.0", | ||
| 41 | - "10010000.jz4740-pinctrl", "PD0", pin_cfg_bias_disable), | ||
| 42 | + "10010000.pin-controller", "PD0", pin_cfg_bias_disable), | ||
| 43 | PIN_MAP_CONFIGS_PIN_DEFAULT("jz4740-mmc.0", | ||
| 44 | - "10010000.jz4740-pinctrl", "PD2", pin_cfg_bias_disable), | ||
| 45 | + "10010000.pin-controller", "PD2", pin_cfg_bias_disable), | ||
| 46 | |||
| 47 | /* PWM pin configuration */ | ||
| 48 | PIN_MAP_MUX_GROUP_DEFAULT("jz4740-pwm", | ||
| 49 | - "10010000.jz4740-pinctrl", "pwm4", "pwm4"), | ||
| 50 | + "10010000.pin-controller", "pwm4", "pwm4"), | ||
| 51 | }; | ||
| 52 | |||
| 53 | |||
| 54 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c | ||
| 55 | index 73d6d585dd66..4cf16378dffe 100644 | ||
| 56 | --- a/arch/x86/kvm/vmx.c | ||
| 57 | +++ b/arch/x86/kvm/vmx.c | ||
| 58 | @@ -8457,6 +8457,7 @@ static void vmx_disable_shadow_vmcs(struct vcpu_vmx *vmx) | ||
| 59 | { | ||
| 60 | vmcs_clear_bits(SECONDARY_VM_EXEC_CONTROL, SECONDARY_EXEC_SHADOW_VMCS); | ||
| 61 | vmcs_write64(VMCS_LINK_POINTER, -1ull); | ||
| 62 | + vmx->nested.sync_shadow_vmcs = false; | ||
| 63 | } | ||
| 64 | |||
| 65 | static inline void nested_release_vmcs12(struct vcpu_vmx *vmx) | ||
| 66 | @@ -8468,7 +8469,6 @@ static inline void nested_release_vmcs12(struct vcpu_vmx *vmx) | ||
| 67 | /* copy to memory all shadowed fields in case | ||
| 68 | they were modified */ | ||
| 69 | copy_shadow_to_vmcs12(vmx); | ||
| 70 | - vmx->nested.sync_shadow_vmcs = false; | ||
| 71 | vmx_disable_shadow_vmcs(vmx); | ||
| 72 | } | ||
| 73 | vmx->nested.posted_intr_nv = -1; | ||
| 74 | @@ -8490,6 +8490,8 @@ static void free_nested(struct vcpu_vmx *vmx) | ||
| 75 | if (!vmx->nested.vmxon && !vmx->nested.smm.vmxon) | ||
| 76 | return; | ||
| 77 | |||
| 78 | + kvm_clear_request(KVM_REQ_GET_VMCS12_PAGES, &vmx->vcpu); | ||
| 79 | + | ||
| 80 | hrtimer_cancel(&vmx->nested.preemption_timer); | ||
| 81 | vmx->nested.vmxon = false; | ||
| 82 | vmx->nested.smm.vmxon = false; | ||
| 83 | @@ -8668,6 +8670,9 @@ static void copy_shadow_to_vmcs12(struct vcpu_vmx *vmx) | ||
| 84 | u64 field_value; | ||
| 85 | struct vmcs *shadow_vmcs = vmx->vmcs01.shadow_vmcs; | ||
| 86 | |||
| 87 | + if (WARN_ON(!shadow_vmcs)) | ||
| 88 | + return; | ||
| 89 | + | ||
| 90 | preempt_disable(); | ||
| 91 | |||
| 92 | vmcs_load(shadow_vmcs); | ||
| 93 | @@ -8706,6 +8711,9 @@ static void copy_vmcs12_to_shadow(struct vcpu_vmx *vmx) | ||
| 94 | u64 field_value = 0; | ||
| 95 | struct vmcs *shadow_vmcs = vmx->vmcs01.shadow_vmcs; | ||
| 96 | |||
| 97 | + if (WARN_ON(!shadow_vmcs)) | ||
| 98 | + return; | ||
| 99 | + | ||
| 100 | vmcs_load(shadow_vmcs); | ||
| 101 | |||
| 102 | for (q = 0; q < ARRAY_SIZE(fields); q++) { | ||
| 103 | diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c | ||
| 104 | index 13884474d158..69842145c223 100644 | ||
| 105 | --- a/drivers/dma-buf/dma-buf.c | ||
| 106 | +++ b/drivers/dma-buf/dma-buf.c | ||
| 107 | @@ -1069,6 +1069,7 @@ static int dma_buf_debug_show(struct seq_file *s, void *unused) | ||
| 108 | fence->ops->get_driver_name(fence), | ||
| 109 | fence->ops->get_timeline_name(fence), | ||
| 110 | dma_fence_is_signaled(fence) ? "" : "un"); | ||
| 111 | + dma_fence_put(fence); | ||
| 112 | } | ||
| 113 | rcu_read_unlock(); | ||
| 114 | |||
| 115 | diff --git a/drivers/dma-buf/reservation.c b/drivers/dma-buf/reservation.c | ||
| 116 | index 6c95f61a32e7..49ab09468ba1 100644 | ||
| 117 | --- a/drivers/dma-buf/reservation.c | ||
| 118 | +++ b/drivers/dma-buf/reservation.c | ||
| 119 | @@ -416,6 +416,10 @@ int reservation_object_get_fences_rcu(struct reservation_object *obj, | ||
| 120 | GFP_NOWAIT | __GFP_NOWARN); | ||
| 121 | if (!nshared) { | ||
| 122 | rcu_read_unlock(); | ||
| 123 | + | ||
| 124 | + dma_fence_put(fence_excl); | ||
| 125 | + fence_excl = NULL; | ||
| 126 | + | ||
| 127 | nshared = krealloc(shared, sz, GFP_KERNEL); | ||
| 128 | if (nshared) { | ||
| 129 | shared = nshared; | ||
| 130 | diff --git a/drivers/gpio/gpio-davinci.c b/drivers/gpio/gpio-davinci.c | ||
| 131 | index a5ece8ea79bc..abb332d15a13 100644 | ||
| 132 | --- a/drivers/gpio/gpio-davinci.c | ||
| 133 | +++ b/drivers/gpio/gpio-davinci.c | ||
| 134 | @@ -222,8 +222,9 @@ static int davinci_gpio_probe(struct platform_device *pdev) | ||
| 135 | for (i = 0; i < nirq; i++) { | ||
| 136 | chips->irqs[i] = platform_get_irq(pdev, i); | ||
| 137 | if (chips->irqs[i] < 0) { | ||
| 138 | - dev_info(dev, "IRQ not populated, err = %d\n", | ||
| 139 | - chips->irqs[i]); | ||
| 140 | + if (chips->irqs[i] != -EPROBE_DEFER) | ||
| 141 | + dev_info(dev, "IRQ not populated, err = %d\n", | ||
| 142 | + chips->irqs[i]); | ||
| 143 | return chips->irqs[i]; | ||
| 144 | } | ||
| 145 | } | ||
| 146 | diff --git a/drivers/net/caif/caif_hsi.c b/drivers/net/caif/caif_hsi.c | ||
| 147 | index 433a14b9f731..253a1bbe37e8 100644 | ||
| 148 | --- a/drivers/net/caif/caif_hsi.c | ||
| 149 | +++ b/drivers/net/caif/caif_hsi.c | ||
| 150 | @@ -1455,7 +1455,7 @@ static void __exit cfhsi_exit_module(void) | ||
| 151 | rtnl_lock(); | ||
| 152 | list_for_each_safe(list_node, n, &cfhsi_list) { | ||
| 153 | cfhsi = list_entry(list_node, struct cfhsi, list); | ||
| 154 | - unregister_netdev(cfhsi->ndev); | ||
| 155 | + unregister_netdevice(cfhsi->ndev); | ||
| 156 | } | ||
| 157 | rtnl_unlock(); | ||
| 158 | } | ||
| 159 | diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c | ||
| 160 | index 411cfb806459..703e6bdaf0e1 100644 | ||
| 161 | --- a/drivers/net/dsa/mv88e6xxx/chip.c | ||
| 162 | +++ b/drivers/net/dsa/mv88e6xxx/chip.c | ||
| 163 | @@ -4816,6 +4816,8 @@ static int mv88e6xxx_probe(struct mdio_device *mdiodev) | ||
| 164 | err = PTR_ERR(chip->reset); | ||
| 165 | goto out; | ||
| 166 | } | ||
| 167 | + if (chip->reset) | ||
| 168 | + usleep_range(1000, 2000); | ||
| 169 | |||
| 170 | err = mv88e6xxx_detect(chip); | ||
| 171 | if (err) | ||
| 172 | diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | ||
| 173 | index e3ce29951c5e..3edb81a4f075 100644 | ||
| 174 | --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | ||
| 175 | +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | ||
| 176 | @@ -286,6 +286,9 @@ int bnx2x_tx_int(struct bnx2x *bp, struct bnx2x_fp_txdata *txdata) | ||
| 177 | hw_cons = le16_to_cpu(*txdata->tx_cons_sb); | ||
| 178 | sw_cons = txdata->tx_pkt_cons; | ||
| 179 | |||
| 180 | + /* Ensure subsequent loads occur after hw_cons */ | ||
| 181 | + smp_rmb(); | ||
| 182 | + | ||
| 183 | while (sw_cons != hw_cons) { | ||
| 184 | u16 pkt_cons; | ||
| 185 | |||
| 186 | diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 187 | index 2d6f090bf644..fd587bed32eb 100644 | ||
| 188 | --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 189 | +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 190 | @@ -3086,39 +3086,42 @@ static void bcmgenet_timeout(struct net_device *dev) | ||
| 191 | netif_tx_wake_all_queues(dev); | ||
| 192 | } | ||
| 193 | |||
| 194 | -#define MAX_MC_COUNT 16 | ||
| 195 | +#define MAX_MDF_FILTER 17 | ||
| 196 | |||
| 197 | static inline void bcmgenet_set_mdf_addr(struct bcmgenet_priv *priv, | ||
| 198 | unsigned char *addr, | ||
| 199 | - int *i, | ||
| 200 | - int *mc) | ||
| 201 | + int *i) | ||
| 202 | { | ||
| 203 | - u32 reg; | ||
| 204 | - | ||
| 205 | bcmgenet_umac_writel(priv, addr[0] << 8 | addr[1], | ||
| 206 | UMAC_MDF_ADDR + (*i * 4)); | ||
| 207 | bcmgenet_umac_writel(priv, addr[2] << 24 | addr[3] << 16 | | ||
| 208 | addr[4] << 8 | addr[5], | ||
| 209 | UMAC_MDF_ADDR + ((*i + 1) * 4)); | ||
| 210 | - reg = bcmgenet_umac_readl(priv, UMAC_MDF_CTRL); | ||
| 211 | - reg |= (1 << (MAX_MC_COUNT - *mc)); | ||
| 212 | - bcmgenet_umac_writel(priv, reg, UMAC_MDF_CTRL); | ||
| 213 | *i += 2; | ||
| 214 | - (*mc)++; | ||
| 215 | } | ||
| 216 | |||
| 217 | static void bcmgenet_set_rx_mode(struct net_device *dev) | ||
| 218 | { | ||
| 219 | struct bcmgenet_priv *priv = netdev_priv(dev); | ||
| 220 | struct netdev_hw_addr *ha; | ||
| 221 | - int i, mc; | ||
| 222 | + int i, nfilter; | ||
| 223 | u32 reg; | ||
| 224 | |||
| 225 | netif_dbg(priv, hw, dev, "%s: %08X\n", __func__, dev->flags); | ||
| 226 | |||
| 227 | - /* Promiscuous mode */ | ||
| 228 | + /* Number of filters needed */ | ||
| 229 | + nfilter = netdev_uc_count(dev) + netdev_mc_count(dev) + 2; | ||
| 230 | + | ||
| 231 | + /* | ||
| 232 | + * Turn on promicuous mode for three scenarios | ||
| 233 | + * 1. IFF_PROMISC flag is set | ||
| 234 | + * 2. IFF_ALLMULTI flag is set | ||
| 235 | + * 3. The number of filters needed exceeds the number filters | ||
| 236 | + * supported by the hardware. | ||
| 237 | + */ | ||
| 238 | reg = bcmgenet_umac_readl(priv, UMAC_CMD); | ||
| 239 | - if (dev->flags & IFF_PROMISC) { | ||
| 240 | + if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || | ||
| 241 | + (nfilter > MAX_MDF_FILTER)) { | ||
| 242 | reg |= CMD_PROMISC; | ||
| 243 | bcmgenet_umac_writel(priv, reg, UMAC_CMD); | ||
| 244 | bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); | ||
| 245 | @@ -3128,32 +3131,24 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) | ||
| 246 | bcmgenet_umac_writel(priv, reg, UMAC_CMD); | ||
| 247 | } | ||
| 248 | |||
| 249 | - /* UniMac doesn't support ALLMULTI */ | ||
| 250 | - if (dev->flags & IFF_ALLMULTI) { | ||
| 251 | - netdev_warn(dev, "ALLMULTI is not supported\n"); | ||
| 252 | - return; | ||
| 253 | - } | ||
| 254 | - | ||
| 255 | /* update MDF filter */ | ||
| 256 | i = 0; | ||
| 257 | - mc = 0; | ||
| 258 | /* Broadcast */ | ||
| 259 | - bcmgenet_set_mdf_addr(priv, dev->broadcast, &i, &mc); | ||
| 260 | + bcmgenet_set_mdf_addr(priv, dev->broadcast, &i); | ||
| 261 | /* my own address.*/ | ||
| 262 | - bcmgenet_set_mdf_addr(priv, dev->dev_addr, &i, &mc); | ||
| 263 | - /* Unicast list*/ | ||
| 264 | - if (netdev_uc_count(dev) > (MAX_MC_COUNT - mc)) | ||
| 265 | - return; | ||
| 266 | + bcmgenet_set_mdf_addr(priv, dev->dev_addr, &i); | ||
| 267 | |||
| 268 | - if (!netdev_uc_empty(dev)) | ||
| 269 | - netdev_for_each_uc_addr(ha, dev) | ||
| 270 | - bcmgenet_set_mdf_addr(priv, ha->addr, &i, &mc); | ||
| 271 | - /* Multicast */ | ||
| 272 | - if (netdev_mc_empty(dev) || netdev_mc_count(dev) >= (MAX_MC_COUNT - mc)) | ||
| 273 | - return; | ||
| 274 | + /* Unicast */ | ||
| 275 | + netdev_for_each_uc_addr(ha, dev) | ||
| 276 | + bcmgenet_set_mdf_addr(priv, ha->addr, &i); | ||
| 277 | |||
| 278 | + /* Multicast */ | ||
| 279 | netdev_for_each_mc_addr(ha, dev) | ||
| 280 | - bcmgenet_set_mdf_addr(priv, ha->addr, &i, &mc); | ||
| 281 | + bcmgenet_set_mdf_addr(priv, ha->addr, &i); | ||
| 282 | + | ||
| 283 | + /* Enable filters */ | ||
| 284 | + reg = GENMASK(MAX_MDF_FILTER - 1, MAX_MDF_FILTER - nfilter); | ||
| 285 | + bcmgenet_umac_writel(priv, reg, UMAC_MDF_CTRL); | ||
| 286 | } | ||
| 287 | |||
| 288 | /* Set the hardware MAC address. */ | ||
| 289 | diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c | ||
| 290 | index 1485f66cf7b0..4ade864c8d53 100644 | ||
| 291 | --- a/drivers/net/ethernet/marvell/sky2.c | ||
| 292 | +++ b/drivers/net/ethernet/marvell/sky2.c | ||
| 293 | @@ -4947,6 +4947,13 @@ static const struct dmi_system_id msi_blacklist[] = { | ||
| 294 | DMI_MATCH(DMI_PRODUCT_NAME, "P-79"), | ||
| 295 | }, | ||
| 296 | }, | ||
| 297 | + { | ||
| 298 | + .ident = "ASUS P6T", | ||
| 299 | + .matches = { | ||
| 300 | + DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), | ||
| 301 | + DMI_MATCH(DMI_BOARD_NAME, "P6T"), | ||
| 302 | + }, | ||
| 303 | + }, | ||
| 304 | {} | ||
| 305 | }; | ||
| 306 | |||
| 307 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c b/drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | ||
| 308 | index 5b7fe8264144..db6aafcced0d 100644 | ||
| 309 | --- a/drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | ||
| 310 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | ||
| 311 | @@ -662,7 +662,9 @@ struct net_device *mlx5_rdma_netdev_alloc(struct mlx5_core_dev *mdev, | ||
| 312 | |||
| 313 | profile->init(mdev, netdev, profile, ipriv); | ||
| 314 | |||
| 315 | - mlx5e_attach_netdev(epriv); | ||
| 316 | + err = mlx5e_attach_netdev(epriv); | ||
| 317 | + if (err) | ||
| 318 | + goto detach; | ||
| 319 | netif_carrier_off(netdev); | ||
| 320 | |||
| 321 | /* set rdma_netdev func pointers */ | ||
| 322 | @@ -678,6 +680,11 @@ struct net_device *mlx5_rdma_netdev_alloc(struct mlx5_core_dev *mdev, | ||
| 323 | |||
| 324 | return netdev; | ||
| 325 | |||
| 326 | +detach: | ||
| 327 | + profile->cleanup(epriv); | ||
| 328 | + if (ipriv->sub_interface) | ||
| 329 | + return NULL; | ||
| 330 | + mlx5e_destroy_mdev_resources(mdev); | ||
| 331 | destroy_ht: | ||
| 332 | mlx5i_pkey_qpn_ht_cleanup(netdev); | ||
| 333 | destroy_wq: | ||
| 334 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c | ||
| 335 | index 7a50b911b180..a6992c4c7313 100644 | ||
| 336 | --- a/drivers/net/ethernet/realtek/r8169.c | ||
| 337 | +++ b/drivers/net/ethernet/realtek/r8169.c | ||
| 338 | @@ -5202,6 +5202,143 @@ static void rtl_hw_start_8411_2(struct rtl8169_private *tp) | ||
| 339 | /* disable aspm and clock request before access ephy */ | ||
| 340 | rtl_hw_aspm_clkreq_enable(tp, false); | ||
| 341 | rtl_ephy_init(tp, e_info_8411_2, ARRAY_SIZE(e_info_8411_2)); | ||
| 342 | + | ||
| 343 | + /* The following Realtek-provided magic fixes an issue with the RX unit | ||
| 344 | + * getting confused after the PHY having been powered-down. | ||
| 345 | + */ | ||
| 346 | + r8168_mac_ocp_write(tp, 0xFC28, 0x0000); | ||
| 347 | + r8168_mac_ocp_write(tp, 0xFC2A, 0x0000); | ||
| 348 | + r8168_mac_ocp_write(tp, 0xFC2C, 0x0000); | ||
| 349 | + r8168_mac_ocp_write(tp, 0xFC2E, 0x0000); | ||
| 350 | + r8168_mac_ocp_write(tp, 0xFC30, 0x0000); | ||
| 351 | + r8168_mac_ocp_write(tp, 0xFC32, 0x0000); | ||
| 352 | + r8168_mac_ocp_write(tp, 0xFC34, 0x0000); | ||
| 353 | + r8168_mac_ocp_write(tp, 0xFC36, 0x0000); | ||
| 354 | + mdelay(3); | ||
| 355 | + r8168_mac_ocp_write(tp, 0xFC26, 0x0000); | ||
| 356 | + | ||
| 357 | + r8168_mac_ocp_write(tp, 0xF800, 0xE008); | ||
| 358 | + r8168_mac_ocp_write(tp, 0xF802, 0xE00A); | ||
| 359 | + r8168_mac_ocp_write(tp, 0xF804, 0xE00C); | ||
| 360 | + r8168_mac_ocp_write(tp, 0xF806, 0xE00E); | ||
| 361 | + r8168_mac_ocp_write(tp, 0xF808, 0xE027); | ||
| 362 | + r8168_mac_ocp_write(tp, 0xF80A, 0xE04F); | ||
| 363 | + r8168_mac_ocp_write(tp, 0xF80C, 0xE05E); | ||
| 364 | + r8168_mac_ocp_write(tp, 0xF80E, 0xE065); | ||
| 365 | + r8168_mac_ocp_write(tp, 0xF810, 0xC602); | ||
| 366 | + r8168_mac_ocp_write(tp, 0xF812, 0xBE00); | ||
| 367 | + r8168_mac_ocp_write(tp, 0xF814, 0x0000); | ||
| 368 | + r8168_mac_ocp_write(tp, 0xF816, 0xC502); | ||
| 369 | + r8168_mac_ocp_write(tp, 0xF818, 0xBD00); | ||
| 370 | + r8168_mac_ocp_write(tp, 0xF81A, 0x074C); | ||
| 371 | + r8168_mac_ocp_write(tp, 0xF81C, 0xC302); | ||
| 372 | + r8168_mac_ocp_write(tp, 0xF81E, 0xBB00); | ||
| 373 | + r8168_mac_ocp_write(tp, 0xF820, 0x080A); | ||
| 374 | + r8168_mac_ocp_write(tp, 0xF822, 0x6420); | ||
| 375 | + r8168_mac_ocp_write(tp, 0xF824, 0x48C2); | ||
| 376 | + r8168_mac_ocp_write(tp, 0xF826, 0x8C20); | ||
| 377 | + r8168_mac_ocp_write(tp, 0xF828, 0xC516); | ||
| 378 | + r8168_mac_ocp_write(tp, 0xF82A, 0x64A4); | ||
| 379 | + r8168_mac_ocp_write(tp, 0xF82C, 0x49C0); | ||
| 380 | + r8168_mac_ocp_write(tp, 0xF82E, 0xF009); | ||
| 381 | + r8168_mac_ocp_write(tp, 0xF830, 0x74A2); | ||
| 382 | + r8168_mac_ocp_write(tp, 0xF832, 0x8CA5); | ||
| 383 | + r8168_mac_ocp_write(tp, 0xF834, 0x74A0); | ||
| 384 | + r8168_mac_ocp_write(tp, 0xF836, 0xC50E); | ||
| 385 | + r8168_mac_ocp_write(tp, 0xF838, 0x9CA2); | ||
| 386 | + r8168_mac_ocp_write(tp, 0xF83A, 0x1C11); | ||
| 387 | + r8168_mac_ocp_write(tp, 0xF83C, 0x9CA0); | ||
| 388 | + r8168_mac_ocp_write(tp, 0xF83E, 0xE006); | ||
| 389 | + r8168_mac_ocp_write(tp, 0xF840, 0x74F8); | ||
| 390 | + r8168_mac_ocp_write(tp, 0xF842, 0x48C4); | ||
| 391 | + r8168_mac_ocp_write(tp, 0xF844, 0x8CF8); | ||
| 392 | + r8168_mac_ocp_write(tp, 0xF846, 0xC404); | ||
| 393 | + r8168_mac_ocp_write(tp, 0xF848, 0xBC00); | ||
| 394 | + r8168_mac_ocp_write(tp, 0xF84A, 0xC403); | ||
| 395 | + r8168_mac_ocp_write(tp, 0xF84C, 0xBC00); | ||
| 396 | + r8168_mac_ocp_write(tp, 0xF84E, 0x0BF2); | ||
| 397 | + r8168_mac_ocp_write(tp, 0xF850, 0x0C0A); | ||
| 398 | + r8168_mac_ocp_write(tp, 0xF852, 0xE434); | ||
| 399 | + r8168_mac_ocp_write(tp, 0xF854, 0xD3C0); | ||
| 400 | + r8168_mac_ocp_write(tp, 0xF856, 0x49D9); | ||
| 401 | + r8168_mac_ocp_write(tp, 0xF858, 0xF01F); | ||
| 402 | + r8168_mac_ocp_write(tp, 0xF85A, 0xC526); | ||
| 403 | + r8168_mac_ocp_write(tp, 0xF85C, 0x64A5); | ||
| 404 | + r8168_mac_ocp_write(tp, 0xF85E, 0x1400); | ||
| 405 | + r8168_mac_ocp_write(tp, 0xF860, 0xF007); | ||
| 406 | + r8168_mac_ocp_write(tp, 0xF862, 0x0C01); | ||
| 407 | + r8168_mac_ocp_write(tp, 0xF864, 0x8CA5); | ||
| 408 | + r8168_mac_ocp_write(tp, 0xF866, 0x1C15); | ||
| 409 | + r8168_mac_ocp_write(tp, 0xF868, 0xC51B); | ||
| 410 | + r8168_mac_ocp_write(tp, 0xF86A, 0x9CA0); | ||
| 411 | + r8168_mac_ocp_write(tp, 0xF86C, 0xE013); | ||
| 412 | + r8168_mac_ocp_write(tp, 0xF86E, 0xC519); | ||
| 413 | + r8168_mac_ocp_write(tp, 0xF870, 0x74A0); | ||
| 414 | + r8168_mac_ocp_write(tp, 0xF872, 0x48C4); | ||
| 415 | + r8168_mac_ocp_write(tp, 0xF874, 0x8CA0); | ||
| 416 | + r8168_mac_ocp_write(tp, 0xF876, 0xC516); | ||
| 417 | + r8168_mac_ocp_write(tp, 0xF878, 0x74A4); | ||
| 418 | + r8168_mac_ocp_write(tp, 0xF87A, 0x48C8); | ||
| 419 | + r8168_mac_ocp_write(tp, 0xF87C, 0x48CA); | ||
| 420 | + r8168_mac_ocp_write(tp, 0xF87E, 0x9CA4); | ||
| 421 | + r8168_mac_ocp_write(tp, 0xF880, 0xC512); | ||
| 422 | + r8168_mac_ocp_write(tp, 0xF882, 0x1B00); | ||
| 423 | + r8168_mac_ocp_write(tp, 0xF884, 0x9BA0); | ||
| 424 | + r8168_mac_ocp_write(tp, 0xF886, 0x1B1C); | ||
| 425 | + r8168_mac_ocp_write(tp, 0xF888, 0x483F); | ||
| 426 | + r8168_mac_ocp_write(tp, 0xF88A, 0x9BA2); | ||
| 427 | + r8168_mac_ocp_write(tp, 0xF88C, 0x1B04); | ||
| 428 | + r8168_mac_ocp_write(tp, 0xF88E, 0xC508); | ||
| 429 | + r8168_mac_ocp_write(tp, 0xF890, 0x9BA0); | ||
| 430 | + r8168_mac_ocp_write(tp, 0xF892, 0xC505); | ||
| 431 | + r8168_mac_ocp_write(tp, 0xF894, 0xBD00); | ||
| 432 | + r8168_mac_ocp_write(tp, 0xF896, 0xC502); | ||
| 433 | + r8168_mac_ocp_write(tp, 0xF898, 0xBD00); | ||
| 434 | + r8168_mac_ocp_write(tp, 0xF89A, 0x0300); | ||
| 435 | + r8168_mac_ocp_write(tp, 0xF89C, 0x051E); | ||
| 436 | + r8168_mac_ocp_write(tp, 0xF89E, 0xE434); | ||
| 437 | + r8168_mac_ocp_write(tp, 0xF8A0, 0xE018); | ||
| 438 | + r8168_mac_ocp_write(tp, 0xF8A2, 0xE092); | ||
| 439 | + r8168_mac_ocp_write(tp, 0xF8A4, 0xDE20); | ||
| 440 | + r8168_mac_ocp_write(tp, 0xF8A6, 0xD3C0); | ||
| 441 | + r8168_mac_ocp_write(tp, 0xF8A8, 0xC50F); | ||
| 442 | + r8168_mac_ocp_write(tp, 0xF8AA, 0x76A4); | ||
| 443 | + r8168_mac_ocp_write(tp, 0xF8AC, 0x49E3); | ||
| 444 | + r8168_mac_ocp_write(tp, 0xF8AE, 0xF007); | ||
| 445 | + r8168_mac_ocp_write(tp, 0xF8B0, 0x49C0); | ||
| 446 | + r8168_mac_ocp_write(tp, 0xF8B2, 0xF103); | ||
| 447 | + r8168_mac_ocp_write(tp, 0xF8B4, 0xC607); | ||
| 448 | + r8168_mac_ocp_write(tp, 0xF8B6, 0xBE00); | ||
| 449 | + r8168_mac_ocp_write(tp, 0xF8B8, 0xC606); | ||
| 450 | + r8168_mac_ocp_write(tp, 0xF8BA, 0xBE00); | ||
| 451 | + r8168_mac_ocp_write(tp, 0xF8BC, 0xC602); | ||
| 452 | + r8168_mac_ocp_write(tp, 0xF8BE, 0xBE00); | ||
| 453 | + r8168_mac_ocp_write(tp, 0xF8C0, 0x0C4C); | ||
| 454 | + r8168_mac_ocp_write(tp, 0xF8C2, 0x0C28); | ||
| 455 | + r8168_mac_ocp_write(tp, 0xF8C4, 0x0C2C); | ||
| 456 | + r8168_mac_ocp_write(tp, 0xF8C6, 0xDC00); | ||
| 457 | + r8168_mac_ocp_write(tp, 0xF8C8, 0xC707); | ||
| 458 | + r8168_mac_ocp_write(tp, 0xF8CA, 0x1D00); | ||
| 459 | + r8168_mac_ocp_write(tp, 0xF8CC, 0x8DE2); | ||
| 460 | + r8168_mac_ocp_write(tp, 0xF8CE, 0x48C1); | ||
| 461 | + r8168_mac_ocp_write(tp, 0xF8D0, 0xC502); | ||
| 462 | + r8168_mac_ocp_write(tp, 0xF8D2, 0xBD00); | ||
| 463 | + r8168_mac_ocp_write(tp, 0xF8D4, 0x00AA); | ||
| 464 | + r8168_mac_ocp_write(tp, 0xF8D6, 0xE0C0); | ||
| 465 | + r8168_mac_ocp_write(tp, 0xF8D8, 0xC502); | ||
| 466 | + r8168_mac_ocp_write(tp, 0xF8DA, 0xBD00); | ||
| 467 | + r8168_mac_ocp_write(tp, 0xF8DC, 0x0132); | ||
| 468 | + | ||
| 469 | + r8168_mac_ocp_write(tp, 0xFC26, 0x8000); | ||
| 470 | + | ||
| 471 | + r8168_mac_ocp_write(tp, 0xFC2A, 0x0743); | ||
| 472 | + r8168_mac_ocp_write(tp, 0xFC2C, 0x0801); | ||
| 473 | + r8168_mac_ocp_write(tp, 0xFC2E, 0x0BE9); | ||
| 474 | + r8168_mac_ocp_write(tp, 0xFC30, 0x02FD); | ||
| 475 | + r8168_mac_ocp_write(tp, 0xFC32, 0x0C25); | ||
| 476 | + r8168_mac_ocp_write(tp, 0xFC34, 0x00A9); | ||
| 477 | + r8168_mac_ocp_write(tp, 0xFC36, 0x012D); | ||
| 478 | + | ||
| 479 | rtl_hw_aspm_clkreq_enable(tp, true); | ||
| 480 | } | ||
| 481 | |||
| 482 | diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | ||
| 483 | index 5c18874614ba..0101ebaecf02 100644 | ||
| 484 | --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | ||
| 485 | +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | ||
| 486 | @@ -3036,17 +3036,8 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) | ||
| 487 | |||
| 488 | /* Manage oversized TCP frames for GMAC4 device */ | ||
| 489 | if (skb_is_gso(skb) && priv->tso) { | ||
| 490 | - if (skb_shinfo(skb)->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)) { | ||
| 491 | - /* | ||
| 492 | - * There is no way to determine the number of TSO | ||
| 493 | - * capable Queues. Let's use always the Queue 0 | ||
| 494 | - * because if TSO is supported then at least this | ||
| 495 | - * one will be capable. | ||
| 496 | - */ | ||
| 497 | - skb_set_queue_mapping(skb, 0); | ||
| 498 | - | ||
| 499 | + if (skb_shinfo(skb)->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)) | ||
| 500 | return stmmac_tso_xmit(skb, dev); | ||
| 501 | - } | ||
| 502 | } | ||
| 503 | |||
| 504 | if (unlikely(stmmac_tx_avail(priv, queue) < nfrags + 1)) { | ||
| 505 | @@ -3855,6 +3846,23 @@ static int stmmac_setup_tc(struct net_device *ndev, enum tc_setup_type type, | ||
| 506 | } | ||
| 507 | } | ||
| 508 | |||
| 509 | +static u16 stmmac_select_queue(struct net_device *dev, struct sk_buff *skb, | ||
| 510 | + struct net_device *sb_dev, | ||
| 511 | + select_queue_fallback_t fallback) | ||
| 512 | +{ | ||
| 513 | + if (skb_shinfo(skb)->gso_type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)) { | ||
| 514 | + /* | ||
| 515 | + * There is no way to determine the number of TSO | ||
| 516 | + * capable Queues. Let's use always the Queue 0 | ||
| 517 | + * because if TSO is supported then at least this | ||
| 518 | + * one will be capable. | ||
| 519 | + */ | ||
| 520 | + return 0; | ||
| 521 | + } | ||
| 522 | + | ||
| 523 | + return fallback(dev, skb, NULL) % dev->real_num_tx_queues; | ||
| 524 | +} | ||
| 525 | + | ||
| 526 | static int stmmac_set_mac_address(struct net_device *ndev, void *addr) | ||
| 527 | { | ||
| 528 | struct stmmac_priv *priv = netdev_priv(ndev); | ||
| 529 | @@ -4097,6 +4105,7 @@ static const struct net_device_ops stmmac_netdev_ops = { | ||
| 530 | .ndo_tx_timeout = stmmac_tx_timeout, | ||
| 531 | .ndo_do_ioctl = stmmac_ioctl, | ||
| 532 | .ndo_setup_tc = stmmac_setup_tc, | ||
| 533 | + .ndo_select_queue = stmmac_select_queue, | ||
| 534 | #ifdef CONFIG_NET_POLL_CONTROLLER | ||
| 535 | .ndo_poll_controller = stmmac_poll_controller, | ||
| 536 | #endif | ||
| 537 | diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c | ||
| 538 | index cf6b9b1771f1..cc60ef9634db 100644 | ||
| 539 | --- a/drivers/net/hyperv/netvsc_drv.c | ||
| 540 | +++ b/drivers/net/hyperv/netvsc_drv.c | ||
| 541 | @@ -847,7 +847,6 @@ int netvsc_recv_callback(struct net_device *net, | ||
| 542 | csum_info, vlan, data, len); | ||
| 543 | if (unlikely(!skb)) { | ||
| 544 | ++net_device_ctx->eth_stats.rx_no_memory; | ||
| 545 | - rcu_read_unlock(); | ||
| 546 | return NVSP_STAT_FAIL; | ||
| 547 | } | ||
| 548 | |||
| 549 | diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c | ||
| 550 | index 7de88b33d5b9..2c971357e66c 100644 | ||
| 551 | --- a/drivers/net/macsec.c | ||
| 552 | +++ b/drivers/net/macsec.c | ||
| 553 | @@ -869,6 +869,7 @@ static void macsec_reset_skb(struct sk_buff *skb, struct net_device *dev) | ||
| 554 | |||
| 555 | static void macsec_finalize_skb(struct sk_buff *skb, u8 icv_len, u8 hdr_len) | ||
| 556 | { | ||
| 557 | + skb->ip_summed = CHECKSUM_NONE; | ||
| 558 | memmove(skb->data + hdr_len, skb->data, 2 * ETH_ALEN); | ||
| 559 | skb_pull(skb, hdr_len); | ||
| 560 | pskb_trim_unique(skb, skb->len - icv_len); | ||
| 561 | @@ -1103,10 +1104,9 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb) | ||
| 562 | } | ||
| 563 | |||
| 564 | skb = skb_unshare(skb, GFP_ATOMIC); | ||
| 565 | - if (!skb) { | ||
| 566 | - *pskb = NULL; | ||
| 567 | + *pskb = skb; | ||
| 568 | + if (!skb) | ||
| 569 | return RX_HANDLER_CONSUMED; | ||
| 570 | - } | ||
| 571 | |||
| 572 | pulled_sci = pskb_may_pull(skb, macsec_extra_len(true)); | ||
| 573 | if (!pulled_sci) { | ||
| 574 | diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c | ||
| 575 | index 418522aa2f71..998d08ae7431 100644 | ||
| 576 | --- a/drivers/net/phy/sfp.c | ||
| 577 | +++ b/drivers/net/phy/sfp.c | ||
| 578 | @@ -514,7 +514,7 @@ static int sfp_hwmon_read_sensor(struct sfp *sfp, int reg, long *value) | ||
| 579 | |||
| 580 | static void sfp_hwmon_to_rx_power(long *value) | ||
| 581 | { | ||
| 582 | - *value = DIV_ROUND_CLOSEST(*value, 100); | ||
| 583 | + *value = DIV_ROUND_CLOSEST(*value, 10); | ||
| 584 | } | ||
| 585 | |||
| 586 | static void sfp_hwmon_calibrate(struct sfp *sfp, unsigned int slope, int offset, | ||
| 587 | diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c | ||
| 588 | index 449fc52f9a89..9f895083bc0a 100644 | ||
| 589 | --- a/drivers/net/vrf.c | ||
| 590 | +++ b/drivers/net/vrf.c | ||
| 591 | @@ -169,23 +169,29 @@ static int vrf_ip6_local_out(struct net *net, struct sock *sk, | ||
| 592 | static netdev_tx_t vrf_process_v6_outbound(struct sk_buff *skb, | ||
| 593 | struct net_device *dev) | ||
| 594 | { | ||
| 595 | - const struct ipv6hdr *iph = ipv6_hdr(skb); | ||
| 596 | + const struct ipv6hdr *iph; | ||
| 597 | struct net *net = dev_net(skb->dev); | ||
| 598 | - struct flowi6 fl6 = { | ||
| 599 | - /* needed to match OIF rule */ | ||
| 600 | - .flowi6_oif = dev->ifindex, | ||
| 601 | - .flowi6_iif = LOOPBACK_IFINDEX, | ||
| 602 | - .daddr = iph->daddr, | ||
| 603 | - .saddr = iph->saddr, | ||
| 604 | - .flowlabel = ip6_flowinfo(iph), | ||
| 605 | - .flowi6_mark = skb->mark, | ||
| 606 | - .flowi6_proto = iph->nexthdr, | ||
| 607 | - .flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF, | ||
| 608 | - }; | ||
| 609 | + struct flowi6 fl6; | ||
| 610 | int ret = NET_XMIT_DROP; | ||
| 611 | struct dst_entry *dst; | ||
| 612 | struct dst_entry *dst_null = &net->ipv6.ip6_null_entry->dst; | ||
| 613 | |||
| 614 | + if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct ipv6hdr))) | ||
| 615 | + goto err; | ||
| 616 | + | ||
| 617 | + iph = ipv6_hdr(skb); | ||
| 618 | + | ||
| 619 | + memset(&fl6, 0, sizeof(fl6)); | ||
| 620 | + /* needed to match OIF rule */ | ||
| 621 | + fl6.flowi6_oif = dev->ifindex; | ||
| 622 | + fl6.flowi6_iif = LOOPBACK_IFINDEX; | ||
| 623 | + fl6.daddr = iph->daddr; | ||
| 624 | + fl6.saddr = iph->saddr; | ||
| 625 | + fl6.flowlabel = ip6_flowinfo(iph); | ||
| 626 | + fl6.flowi6_mark = skb->mark; | ||
| 627 | + fl6.flowi6_proto = iph->nexthdr; | ||
| 628 | + fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF; | ||
| 629 | + | ||
| 630 | dst = ip6_route_output(net, NULL, &fl6); | ||
| 631 | if (dst == dst_null) | ||
| 632 | goto err; | ||
| 633 | @@ -241,21 +247,27 @@ static int vrf_ip_local_out(struct net *net, struct sock *sk, | ||
| 634 | static netdev_tx_t vrf_process_v4_outbound(struct sk_buff *skb, | ||
| 635 | struct net_device *vrf_dev) | ||
| 636 | { | ||
| 637 | - struct iphdr *ip4h = ip_hdr(skb); | ||
| 638 | + struct iphdr *ip4h; | ||
| 639 | int ret = NET_XMIT_DROP; | ||
| 640 | - struct flowi4 fl4 = { | ||
| 641 | - /* needed to match OIF rule */ | ||
| 642 | - .flowi4_oif = vrf_dev->ifindex, | ||
| 643 | - .flowi4_iif = LOOPBACK_IFINDEX, | ||
| 644 | - .flowi4_tos = RT_TOS(ip4h->tos), | ||
| 645 | - .flowi4_flags = FLOWI_FLAG_ANYSRC | FLOWI_FLAG_SKIP_NH_OIF, | ||
| 646 | - .flowi4_proto = ip4h->protocol, | ||
| 647 | - .daddr = ip4h->daddr, | ||
| 648 | - .saddr = ip4h->saddr, | ||
| 649 | - }; | ||
| 650 | + struct flowi4 fl4; | ||
| 651 | struct net *net = dev_net(vrf_dev); | ||
| 652 | struct rtable *rt; | ||
| 653 | |||
| 654 | + if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct iphdr))) | ||
| 655 | + goto err; | ||
| 656 | + | ||
| 657 | + ip4h = ip_hdr(skb); | ||
| 658 | + | ||
| 659 | + memset(&fl4, 0, sizeof(fl4)); | ||
| 660 | + /* needed to match OIF rule */ | ||
| 661 | + fl4.flowi4_oif = vrf_dev->ifindex; | ||
| 662 | + fl4.flowi4_iif = LOOPBACK_IFINDEX; | ||
| 663 | + fl4.flowi4_tos = RT_TOS(ip4h->tos); | ||
| 664 | + fl4.flowi4_flags = FLOWI_FLAG_ANYSRC | FLOWI_FLAG_SKIP_NH_OIF; | ||
| 665 | + fl4.flowi4_proto = ip4h->protocol; | ||
| 666 | + fl4.daddr = ip4h->daddr; | ||
| 667 | + fl4.saddr = ip4h->saddr; | ||
| 668 | + | ||
| 669 | rt = ip_route_output_flow(net, &fl4, NULL); | ||
| 670 | if (IS_ERR(rt)) | ||
| 671 | goto err; | ||
| 672 | diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c | ||
| 673 | index f93f9881ec18..46d5c40f2835 100644 | ||
| 674 | --- a/fs/ext4/dir.c | ||
| 675 | +++ b/fs/ext4/dir.c | ||
| 676 | @@ -108,7 +108,6 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) | ||
| 677 | struct inode *inode = file_inode(file); | ||
| 678 | struct super_block *sb = inode->i_sb; | ||
| 679 | struct buffer_head *bh = NULL; | ||
| 680 | - int dir_has_error = 0; | ||
| 681 | struct fscrypt_str fstr = FSTR_INIT(NULL, 0); | ||
| 682 | |||
| 683 | if (ext4_encrypted_inode(inode)) { | ||
| 684 | @@ -144,8 +143,6 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) | ||
| 685 | return err; | ||
| 686 | } | ||
| 687 | |||
| 688 | - offset = ctx->pos & (sb->s_blocksize - 1); | ||
| 689 | - | ||
| 690 | while (ctx->pos < inode->i_size) { | ||
| 691 | struct ext4_map_blocks map; | ||
| 692 | |||
| 693 | @@ -154,9 +151,18 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) | ||
| 694 | goto errout; | ||
| 695 | } | ||
| 696 | cond_resched(); | ||
| 697 | + offset = ctx->pos & (sb->s_blocksize - 1); | ||
| 698 | map.m_lblk = ctx->pos >> EXT4_BLOCK_SIZE_BITS(sb); | ||
| 699 | map.m_len = 1; | ||
| 700 | err = ext4_map_blocks(NULL, inode, &map, 0); | ||
| 701 | + if (err == 0) { | ||
| 702 | + /* m_len should never be zero but let's avoid | ||
| 703 | + * an infinite loop if it somehow is */ | ||
| 704 | + if (map.m_len == 0) | ||
| 705 | + map.m_len = 1; | ||
| 706 | + ctx->pos += map.m_len * sb->s_blocksize; | ||
| 707 | + continue; | ||
| 708 | + } | ||
| 709 | if (err > 0) { | ||
| 710 | pgoff_t index = map.m_pblk >> | ||
| 711 | (PAGE_SHIFT - inode->i_blkbits); | ||
| 712 | @@ -175,13 +181,6 @@ static int ext4_readdir(struct file *file, struct dir_context *ctx) | ||
| 713 | } | ||
| 714 | |||
| 715 | if (!bh) { | ||
| 716 | - if (!dir_has_error) { | ||
| 717 | - EXT4_ERROR_FILE(file, 0, | ||
| 718 | - "directory contains a " | ||
| 719 | - "hole at offset %llu", | ||
| 720 | - (unsigned long long) ctx->pos); | ||
| 721 | - dir_has_error = 1; | ||
| 722 | - } | ||
| 723 | /* corrupt size? Maybe no more blocks to read */ | ||
| 724 | if (ctx->pos > inode->i_blocks << 9) | ||
| 725 | break; | ||
| 726 | diff --git a/fs/ext4/ext4_jbd2.h b/fs/ext4/ext4_jbd2.h | ||
| 727 | index df908ef79cce..402dc366117e 100644 | ||
| 728 | --- a/fs/ext4/ext4_jbd2.h | ||
| 729 | +++ b/fs/ext4/ext4_jbd2.h | ||
| 730 | @@ -361,20 +361,20 @@ static inline int ext4_journal_force_commit(journal_t *journal) | ||
| 731 | } | ||
| 732 | |||
| 733 | static inline int ext4_jbd2_inode_add_write(handle_t *handle, | ||
| 734 | - struct inode *inode) | ||
| 735 | + struct inode *inode, loff_t start_byte, loff_t length) | ||
| 736 | { | ||
| 737 | if (ext4_handle_valid(handle)) | ||
| 738 | - return jbd2_journal_inode_add_write(handle, | ||
| 739 | - EXT4_I(inode)->jinode); | ||
| 740 | + return jbd2_journal_inode_ranged_write(handle, | ||
| 741 | + EXT4_I(inode)->jinode, start_byte, length); | ||
| 742 | return 0; | ||
| 743 | } | ||
| 744 | |||
| 745 | static inline int ext4_jbd2_inode_add_wait(handle_t *handle, | ||
| 746 | - struct inode *inode) | ||
| 747 | + struct inode *inode, loff_t start_byte, loff_t length) | ||
| 748 | { | ||
| 749 | if (ext4_handle_valid(handle)) | ||
| 750 | - return jbd2_journal_inode_add_wait(handle, | ||
| 751 | - EXT4_I(inode)->jinode); | ||
| 752 | + return jbd2_journal_inode_ranged_wait(handle, | ||
| 753 | + EXT4_I(inode)->jinode, start_byte, length); | ||
| 754 | return 0; | ||
| 755 | } | ||
| 756 | |||
| 757 | diff --git a/fs/ext4/file.c b/fs/ext4/file.c | ||
| 758 | index 2c5baa5e8291..f4a24a46245e 100644 | ||
| 759 | --- a/fs/ext4/file.c | ||
| 760 | +++ b/fs/ext4/file.c | ||
| 761 | @@ -165,6 +165,10 @@ static ssize_t ext4_write_checks(struct kiocb *iocb, struct iov_iter *from) | ||
| 762 | ret = generic_write_checks(iocb, from); | ||
| 763 | if (ret <= 0) | ||
| 764 | return ret; | ||
| 765 | + | ||
| 766 | + if (unlikely(IS_IMMUTABLE(inode))) | ||
| 767 | + return -EPERM; | ||
| 768 | + | ||
| 769 | /* | ||
| 770 | * If we have encountered a bitmap-format file, the size limit | ||
| 771 | * is smaller than s_maxbytes, which is for extent-mapped files. | ||
| 772 | diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c | ||
| 773 | index 05dc5a4ba481..e65559bf7728 100644 | ||
| 774 | --- a/fs/ext4/inode.c | ||
| 775 | +++ b/fs/ext4/inode.c | ||
| 776 | @@ -729,10 +729,16 @@ out_sem: | ||
| 777 | !(flags & EXT4_GET_BLOCKS_ZERO) && | ||
| 778 | !ext4_is_quota_file(inode) && | ||
| 779 | ext4_should_order_data(inode)) { | ||
| 780 | + loff_t start_byte = | ||
| 781 | + (loff_t)map->m_lblk << inode->i_blkbits; | ||
| 782 | + loff_t length = (loff_t)map->m_len << inode->i_blkbits; | ||
| 783 | + | ||
| 784 | if (flags & EXT4_GET_BLOCKS_IO_SUBMIT) | ||
| 785 | - ret = ext4_jbd2_inode_add_wait(handle, inode); | ||
| 786 | + ret = ext4_jbd2_inode_add_wait(handle, inode, | ||
| 787 | + start_byte, length); | ||
| 788 | else | ||
| 789 | - ret = ext4_jbd2_inode_add_write(handle, inode); | ||
| 790 | + ret = ext4_jbd2_inode_add_write(handle, inode, | ||
| 791 | + start_byte, length); | ||
| 792 | if (ret) | ||
| 793 | return ret; | ||
| 794 | } | ||
| 795 | @@ -4058,7 +4064,8 @@ static int __ext4_block_zero_page_range(handle_t *handle, | ||
| 796 | err = 0; | ||
| 797 | mark_buffer_dirty(bh); | ||
| 798 | if (ext4_should_order_data(inode)) | ||
| 799 | - err = ext4_jbd2_inode_add_write(handle, inode); | ||
| 800 | + err = ext4_jbd2_inode_add_write(handle, inode, from, | ||
| 801 | + length); | ||
| 802 | } | ||
| 803 | |||
| 804 | unlock: | ||
| 805 | @@ -5491,6 +5498,14 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr) | ||
| 806 | if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) | ||
| 807 | return -EIO; | ||
| 808 | |||
| 809 | + if (unlikely(IS_IMMUTABLE(inode))) | ||
| 810 | + return -EPERM; | ||
| 811 | + | ||
| 812 | + if (unlikely(IS_APPEND(inode) && | ||
| 813 | + (ia_valid & (ATTR_MODE | ATTR_UID | | ||
| 814 | + ATTR_GID | ATTR_TIMES_SET)))) | ||
| 815 | + return -EPERM; | ||
| 816 | + | ||
| 817 | error = setattr_prepare(dentry, attr); | ||
| 818 | if (error) | ||
| 819 | return error; | ||
| 820 | @@ -6190,6 +6205,9 @@ int ext4_page_mkwrite(struct vm_fault *vmf) | ||
| 821 | get_block_t *get_block; | ||
| 822 | int retries = 0; | ||
| 823 | |||
| 824 | + if (unlikely(IS_IMMUTABLE(inode))) | ||
| 825 | + return VM_FAULT_SIGBUS; | ||
| 826 | + | ||
| 827 | sb_start_pagefault(inode->i_sb); | ||
| 828 | file_update_time(vma->vm_file); | ||
| 829 | |||
| 830 | diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c | ||
| 831 | index 53d57cdf3c4d..abb6fcff0a1d 100644 | ||
| 832 | --- a/fs/ext4/ioctl.c | ||
| 833 | +++ b/fs/ext4/ioctl.c | ||
| 834 | @@ -268,6 +268,29 @@ static int uuid_is_zero(__u8 u[16]) | ||
| 835 | } | ||
| 836 | #endif | ||
| 837 | |||
| 838 | +/* | ||
| 839 | + * If immutable is set and we are not clearing it, we're not allowed to change | ||
| 840 | + * anything else in the inode. Don't error out if we're only trying to set | ||
| 841 | + * immutable on an immutable file. | ||
| 842 | + */ | ||
| 843 | +static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, | ||
| 844 | + unsigned int flags) | ||
| 845 | +{ | ||
| 846 | + struct ext4_inode_info *ei = EXT4_I(inode); | ||
| 847 | + unsigned int oldflags = ei->i_flags; | ||
| 848 | + | ||
| 849 | + if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) | ||
| 850 | + return 0; | ||
| 851 | + | ||
| 852 | + if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) | ||
| 853 | + return -EPERM; | ||
| 854 | + if (ext4_has_feature_project(inode->i_sb) && | ||
| 855 | + __kprojid_val(ei->i_projid) != new_projid) | ||
| 856 | + return -EPERM; | ||
| 857 | + | ||
| 858 | + return 0; | ||
| 859 | +} | ||
| 860 | + | ||
| 861 | static int ext4_ioctl_setflags(struct inode *inode, | ||
| 862 | unsigned int flags) | ||
| 863 | { | ||
| 864 | @@ -321,6 +344,20 @@ static int ext4_ioctl_setflags(struct inode *inode, | ||
| 865 | goto flags_out; | ||
| 866 | } | ||
| 867 | |||
| 868 | + /* | ||
| 869 | + * Wait for all pending directio and then flush all the dirty pages | ||
| 870 | + * for this file. The flush marks all the pages readonly, so any | ||
| 871 | + * subsequent attempt to write to the file (particularly mmap pages) | ||
| 872 | + * will come through the filesystem and fail. | ||
| 873 | + */ | ||
| 874 | + if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && | ||
| 875 | + (flags & EXT4_IMMUTABLE_FL)) { | ||
| 876 | + inode_dio_wait(inode); | ||
| 877 | + err = filemap_write_and_wait(inode->i_mapping); | ||
| 878 | + if (err) | ||
| 879 | + goto flags_out; | ||
| 880 | + } | ||
| 881 | + | ||
| 882 | handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); | ||
| 883 | if (IS_ERR(handle)) { | ||
| 884 | err = PTR_ERR(handle); | ||
| 885 | @@ -750,7 +787,11 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) | ||
| 886 | return err; | ||
| 887 | |||
| 888 | inode_lock(inode); | ||
| 889 | - err = ext4_ioctl_setflags(inode, flags); | ||
| 890 | + err = ext4_ioctl_check_immutable(inode, | ||
| 891 | + from_kprojid(&init_user_ns, ei->i_projid), | ||
| 892 | + flags); | ||
| 893 | + if (!err) | ||
| 894 | + err = ext4_ioctl_setflags(inode, flags); | ||
| 895 | inode_unlock(inode); | ||
| 896 | mnt_drop_write_file(filp); | ||
| 897 | return err; | ||
| 898 | @@ -1120,6 +1161,9 @@ resizefs_out: | ||
| 899 | goto out; | ||
| 900 | flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | | ||
| 901 | (flags & EXT4_FL_XFLAG_VISIBLE); | ||
| 902 | + err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags); | ||
| 903 | + if (err) | ||
| 904 | + goto out; | ||
| 905 | err = ext4_ioctl_setflags(inode, flags); | ||
| 906 | if (err) | ||
| 907 | goto out; | ||
| 908 | diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c | ||
| 909 | index 2f5be02fc6f6..287631bb09e7 100644 | ||
| 910 | --- a/fs/ext4/move_extent.c | ||
| 911 | +++ b/fs/ext4/move_extent.c | ||
| 912 | @@ -390,7 +390,8 @@ data_copy: | ||
| 913 | |||
| 914 | /* Even in case of data=writeback it is reasonable to pin | ||
| 915 | * inode to transaction, to prevent unexpected data loss */ | ||
| 916 | - *err = ext4_jbd2_inode_add_write(handle, orig_inode); | ||
| 917 | + *err = ext4_jbd2_inode_add_write(handle, orig_inode, | ||
| 918 | + (loff_t)orig_page_offset << PAGE_SHIFT, replaced_size); | ||
| 919 | |||
| 920 | unlock_pages: | ||
| 921 | unlock_page(pagep[0]); | ||
| 922 | diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c | ||
| 923 | index 4c5aa5df6573..61dc1b0e4465 100644 | ||
| 924 | --- a/fs/ext4/namei.c | ||
| 925 | +++ b/fs/ext4/namei.c | ||
| 926 | @@ -81,8 +81,18 @@ static struct buffer_head *ext4_append(handle_t *handle, | ||
| 927 | static int ext4_dx_csum_verify(struct inode *inode, | ||
| 928 | struct ext4_dir_entry *dirent); | ||
| 929 | |||
| 930 | +/* | ||
| 931 | + * Hints to ext4_read_dirblock regarding whether we expect a directory | ||
| 932 | + * block being read to be an index block, or a block containing | ||
| 933 | + * directory entries (and if the latter, whether it was found via a | ||
| 934 | + * logical block in an htree index block). This is used to control | ||
| 935 | + * what sort of sanity checkinig ext4_read_dirblock() will do on the | ||
| 936 | + * directory block read from the storage device. EITHER will means | ||
| 937 | + * the caller doesn't know what kind of directory block will be read, | ||
| 938 | + * so no specific verification will be done. | ||
| 939 | + */ | ||
| 940 | typedef enum { | ||
| 941 | - EITHER, INDEX, DIRENT | ||
| 942 | + EITHER, INDEX, DIRENT, DIRENT_HTREE | ||
| 943 | } dirblock_type_t; | ||
| 944 | |||
| 945 | #define ext4_read_dirblock(inode, block, type) \ | ||
| 946 | @@ -108,11 +118,14 @@ static struct buffer_head *__ext4_read_dirblock(struct inode *inode, | ||
| 947 | |||
| 948 | return bh; | ||
| 949 | } | ||
| 950 | - if (!bh) { | ||
| 951 | + if (!bh && (type == INDEX || type == DIRENT_HTREE)) { | ||
| 952 | ext4_error_inode(inode, func, line, block, | ||
| 953 | - "Directory hole found"); | ||
| 954 | + "Directory hole found for htree %s block", | ||
| 955 | + (type == INDEX) ? "index" : "leaf"); | ||
| 956 | return ERR_PTR(-EFSCORRUPTED); | ||
| 957 | } | ||
| 958 | + if (!bh) | ||
| 959 | + return NULL; | ||
| 960 | dirent = (struct ext4_dir_entry *) bh->b_data; | ||
| 961 | /* Determine whether or not we have an index block */ | ||
| 962 | if (is_dx(inode)) { | ||
| 963 | @@ -979,7 +992,7 @@ static int htree_dirblock_to_tree(struct file *dir_file, | ||
| 964 | |||
| 965 | dxtrace(printk(KERN_INFO "In htree dirblock_to_tree: block %lu\n", | ||
| 966 | (unsigned long)block)); | ||
| 967 | - bh = ext4_read_dirblock(dir, block, DIRENT); | ||
| 968 | + bh = ext4_read_dirblock(dir, block, DIRENT_HTREE); | ||
| 969 | if (IS_ERR(bh)) | ||
| 970 | return PTR_ERR(bh); | ||
| 971 | |||
| 972 | @@ -1509,7 +1522,7 @@ static struct buffer_head * ext4_dx_find_entry(struct inode *dir, | ||
| 973 | return (struct buffer_head *) frame; | ||
| 974 | do { | ||
| 975 | block = dx_get_block(frame->at); | ||
| 976 | - bh = ext4_read_dirblock(dir, block, DIRENT); | ||
| 977 | + bh = ext4_read_dirblock(dir, block, DIRENT_HTREE); | ||
| 978 | if (IS_ERR(bh)) | ||
| 979 | goto errout; | ||
| 980 | |||
| 981 | @@ -2079,6 +2092,11 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, | ||
| 982 | blocks = dir->i_size >> sb->s_blocksize_bits; | ||
| 983 | for (block = 0; block < blocks; block++) { | ||
| 984 | bh = ext4_read_dirblock(dir, block, DIRENT); | ||
| 985 | + if (bh == NULL) { | ||
| 986 | + bh = ext4_bread(handle, dir, block, | ||
| 987 | + EXT4_GET_BLOCKS_CREATE); | ||
| 988 | + goto add_to_new_block; | ||
| 989 | + } | ||
| 990 | if (IS_ERR(bh)) { | ||
| 991 | retval = PTR_ERR(bh); | ||
| 992 | bh = NULL; | ||
| 993 | @@ -2099,6 +2117,7 @@ static int ext4_add_entry(handle_t *handle, struct dentry *dentry, | ||
| 994 | brelse(bh); | ||
| 995 | } | ||
| 996 | bh = ext4_append(handle, dir, &block); | ||
| 997 | +add_to_new_block: | ||
| 998 | if (IS_ERR(bh)) { | ||
| 999 | retval = PTR_ERR(bh); | ||
| 1000 | bh = NULL; | ||
| 1001 | @@ -2143,7 +2162,7 @@ again: | ||
| 1002 | return PTR_ERR(frame); | ||
| 1003 | entries = frame->entries; | ||
| 1004 | at = frame->at; | ||
| 1005 | - bh = ext4_read_dirblock(dir, dx_get_block(frame->at), DIRENT); | ||
| 1006 | + bh = ext4_read_dirblock(dir, dx_get_block(frame->at), DIRENT_HTREE); | ||
| 1007 | if (IS_ERR(bh)) { | ||
| 1008 | err = PTR_ERR(bh); | ||
| 1009 | bh = NULL; | ||
| 1010 | @@ -2691,7 +2710,10 @@ bool ext4_empty_dir(struct inode *inode) | ||
| 1011 | EXT4_ERROR_INODE(inode, "invalid size"); | ||
| 1012 | return true; | ||
| 1013 | } | ||
| 1014 | - bh = ext4_read_dirblock(inode, 0, EITHER); | ||
| 1015 | + /* The first directory block must not be a hole, | ||
| 1016 | + * so treat it as DIRENT_HTREE | ||
| 1017 | + */ | ||
| 1018 | + bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE); | ||
| 1019 | if (IS_ERR(bh)) | ||
| 1020 | return true; | ||
| 1021 | |||
| 1022 | @@ -2713,6 +2735,10 @@ bool ext4_empty_dir(struct inode *inode) | ||
| 1023 | brelse(bh); | ||
| 1024 | lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb); | ||
| 1025 | bh = ext4_read_dirblock(inode, lblock, EITHER); | ||
| 1026 | + if (bh == NULL) { | ||
| 1027 | + offset += sb->s_blocksize; | ||
| 1028 | + continue; | ||
| 1029 | + } | ||
| 1030 | if (IS_ERR(bh)) | ||
| 1031 | return true; | ||
| 1032 | de = (struct ext4_dir_entry_2 *) bh->b_data; | ||
| 1033 | @@ -3256,7 +3282,10 @@ static struct buffer_head *ext4_get_first_dir_block(handle_t *handle, | ||
| 1034 | struct buffer_head *bh; | ||
| 1035 | |||
| 1036 | if (!ext4_has_inline_data(inode)) { | ||
| 1037 | - bh = ext4_read_dirblock(inode, 0, EITHER); | ||
| 1038 | + /* The first directory block must not be a hole, so | ||
| 1039 | + * treat it as DIRENT_HTREE | ||
| 1040 | + */ | ||
| 1041 | + bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE); | ||
| 1042 | if (IS_ERR(bh)) { | ||
| 1043 | *retval = PTR_ERR(bh); | ||
| 1044 | return NULL; | ||
| 1045 | diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c | ||
| 1046 | index 65ea0355a4f6..24f86ffe11d7 100644 | ||
| 1047 | --- a/fs/jbd2/commit.c | ||
| 1048 | +++ b/fs/jbd2/commit.c | ||
| 1049 | @@ -187,14 +187,15 @@ static int journal_wait_on_commit_record(journal_t *journal, | ||
| 1050 | * use writepages() because with dealyed allocation we may be doing | ||
| 1051 | * block allocation in writepages(). | ||
| 1052 | */ | ||
| 1053 | -static int journal_submit_inode_data_buffers(struct address_space *mapping) | ||
| 1054 | +static int journal_submit_inode_data_buffers(struct address_space *mapping, | ||
| 1055 | + loff_t dirty_start, loff_t dirty_end) | ||
| 1056 | { | ||
| 1057 | int ret; | ||
| 1058 | struct writeback_control wbc = { | ||
| 1059 | .sync_mode = WB_SYNC_ALL, | ||
| 1060 | .nr_to_write = mapping->nrpages * 2, | ||
| 1061 | - .range_start = 0, | ||
| 1062 | - .range_end = i_size_read(mapping->host), | ||
| 1063 | + .range_start = dirty_start, | ||
| 1064 | + .range_end = dirty_end, | ||
| 1065 | }; | ||
| 1066 | |||
| 1067 | ret = generic_writepages(mapping, &wbc); | ||
| 1068 | @@ -218,6 +219,9 @@ static int journal_submit_data_buffers(journal_t *journal, | ||
| 1069 | |||
| 1070 | spin_lock(&journal->j_list_lock); | ||
| 1071 | list_for_each_entry(jinode, &commit_transaction->t_inode_list, i_list) { | ||
| 1072 | + loff_t dirty_start = jinode->i_dirty_start; | ||
| 1073 | + loff_t dirty_end = jinode->i_dirty_end; | ||
| 1074 | + | ||
| 1075 | if (!(jinode->i_flags & JI_WRITE_DATA)) | ||
| 1076 | continue; | ||
| 1077 | mapping = jinode->i_vfs_inode->i_mapping; | ||
| 1078 | @@ -230,7 +234,8 @@ static int journal_submit_data_buffers(journal_t *journal, | ||
| 1079 | * only allocated blocks here. | ||
| 1080 | */ | ||
| 1081 | trace_jbd2_submit_inode_data(jinode->i_vfs_inode); | ||
| 1082 | - err = journal_submit_inode_data_buffers(mapping); | ||
| 1083 | + err = journal_submit_inode_data_buffers(mapping, dirty_start, | ||
| 1084 | + dirty_end); | ||
| 1085 | if (!ret) | ||
| 1086 | ret = err; | ||
| 1087 | spin_lock(&journal->j_list_lock); | ||
| 1088 | @@ -257,12 +262,16 @@ static int journal_finish_inode_data_buffers(journal_t *journal, | ||
| 1089 | /* For locking, see the comment in journal_submit_data_buffers() */ | ||
| 1090 | spin_lock(&journal->j_list_lock); | ||
| 1091 | list_for_each_entry(jinode, &commit_transaction->t_inode_list, i_list) { | ||
| 1092 | + loff_t dirty_start = jinode->i_dirty_start; | ||
| 1093 | + loff_t dirty_end = jinode->i_dirty_end; | ||
| 1094 | + | ||
| 1095 | if (!(jinode->i_flags & JI_WAIT_DATA)) | ||
| 1096 | continue; | ||
| 1097 | jinode->i_flags |= JI_COMMIT_RUNNING; | ||
| 1098 | spin_unlock(&journal->j_list_lock); | ||
| 1099 | - err = filemap_fdatawait_keep_errors( | ||
| 1100 | - jinode->i_vfs_inode->i_mapping); | ||
| 1101 | + err = filemap_fdatawait_range_keep_errors( | ||
| 1102 | + jinode->i_vfs_inode->i_mapping, dirty_start, | ||
| 1103 | + dirty_end); | ||
| 1104 | if (!ret) | ||
| 1105 | ret = err; | ||
| 1106 | spin_lock(&journal->j_list_lock); | ||
| 1107 | @@ -282,6 +291,8 @@ static int journal_finish_inode_data_buffers(journal_t *journal, | ||
| 1108 | &jinode->i_transaction->t_inode_list); | ||
| 1109 | } else { | ||
| 1110 | jinode->i_transaction = NULL; | ||
| 1111 | + jinode->i_dirty_start = 0; | ||
| 1112 | + jinode->i_dirty_end = 0; | ||
| 1113 | } | ||
| 1114 | } | ||
| 1115 | spin_unlock(&journal->j_list_lock); | ||
| 1116 | diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c | ||
| 1117 | index e9cf88f0bc29..df390a69c49a 100644 | ||
| 1118 | --- a/fs/jbd2/journal.c | ||
| 1119 | +++ b/fs/jbd2/journal.c | ||
| 1120 | @@ -94,6 +94,8 @@ EXPORT_SYMBOL(jbd2_journal_try_to_free_buffers); | ||
| 1121 | EXPORT_SYMBOL(jbd2_journal_force_commit); | ||
| 1122 | EXPORT_SYMBOL(jbd2_journal_inode_add_write); | ||
| 1123 | EXPORT_SYMBOL(jbd2_journal_inode_add_wait); | ||
| 1124 | +EXPORT_SYMBOL(jbd2_journal_inode_ranged_write); | ||
| 1125 | +EXPORT_SYMBOL(jbd2_journal_inode_ranged_wait); | ||
| 1126 | EXPORT_SYMBOL(jbd2_journal_init_jbd_inode); | ||
| 1127 | EXPORT_SYMBOL(jbd2_journal_release_jbd_inode); | ||
| 1128 | EXPORT_SYMBOL(jbd2_journal_begin_ordered_truncate); | ||
| 1129 | @@ -2588,6 +2590,8 @@ void jbd2_journal_init_jbd_inode(struct jbd2_inode *jinode, struct inode *inode) | ||
| 1130 | jinode->i_next_transaction = NULL; | ||
| 1131 | jinode->i_vfs_inode = inode; | ||
| 1132 | jinode->i_flags = 0; | ||
| 1133 | + jinode->i_dirty_start = 0; | ||
| 1134 | + jinode->i_dirty_end = 0; | ||
| 1135 | INIT_LIST_HEAD(&jinode->i_list); | ||
| 1136 | } | ||
| 1137 | |||
| 1138 | diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c | ||
| 1139 | index e20a6703531f..911ff18249b7 100644 | ||
| 1140 | --- a/fs/jbd2/transaction.c | ||
| 1141 | +++ b/fs/jbd2/transaction.c | ||
| 1142 | @@ -2500,7 +2500,7 @@ void jbd2_journal_refile_buffer(journal_t *journal, struct journal_head *jh) | ||
| 1143 | * File inode in the inode list of the handle's transaction | ||
| 1144 | */ | ||
| 1145 | static int jbd2_journal_file_inode(handle_t *handle, struct jbd2_inode *jinode, | ||
| 1146 | - unsigned long flags) | ||
| 1147 | + unsigned long flags, loff_t start_byte, loff_t end_byte) | ||
| 1148 | { | ||
| 1149 | transaction_t *transaction = handle->h_transaction; | ||
| 1150 | journal_t *journal; | ||
| 1151 | @@ -2512,26 +2512,17 @@ static int jbd2_journal_file_inode(handle_t *handle, struct jbd2_inode *jinode, | ||
| 1152 | jbd_debug(4, "Adding inode %lu, tid:%d\n", jinode->i_vfs_inode->i_ino, | ||
| 1153 | transaction->t_tid); | ||
| 1154 | |||
| 1155 | - /* | ||
| 1156 | - * First check whether inode isn't already on the transaction's | ||
| 1157 | - * lists without taking the lock. Note that this check is safe | ||
| 1158 | - * without the lock as we cannot race with somebody removing inode | ||
| 1159 | - * from the transaction. The reason is that we remove inode from the | ||
| 1160 | - * transaction only in journal_release_jbd_inode() and when we commit | ||
| 1161 | - * the transaction. We are guarded from the first case by holding | ||
| 1162 | - * a reference to the inode. We are safe against the second case | ||
| 1163 | - * because if jinode->i_transaction == transaction, commit code | ||
| 1164 | - * cannot touch the transaction because we hold reference to it, | ||
| 1165 | - * and if jinode->i_next_transaction == transaction, commit code | ||
| 1166 | - * will only file the inode where we want it. | ||
| 1167 | - */ | ||
| 1168 | - if ((jinode->i_transaction == transaction || | ||
| 1169 | - jinode->i_next_transaction == transaction) && | ||
| 1170 | - (jinode->i_flags & flags) == flags) | ||
| 1171 | - return 0; | ||
| 1172 | - | ||
| 1173 | spin_lock(&journal->j_list_lock); | ||
| 1174 | jinode->i_flags |= flags; | ||
| 1175 | + | ||
| 1176 | + if (jinode->i_dirty_end) { | ||
| 1177 | + jinode->i_dirty_start = min(jinode->i_dirty_start, start_byte); | ||
| 1178 | + jinode->i_dirty_end = max(jinode->i_dirty_end, end_byte); | ||
| 1179 | + } else { | ||
| 1180 | + jinode->i_dirty_start = start_byte; | ||
| 1181 | + jinode->i_dirty_end = end_byte; | ||
| 1182 | + } | ||
| 1183 | + | ||
| 1184 | /* Is inode already attached where we need it? */ | ||
| 1185 | if (jinode->i_transaction == transaction || | ||
| 1186 | jinode->i_next_transaction == transaction) | ||
| 1187 | @@ -2566,12 +2557,28 @@ done: | ||
| 1188 | int jbd2_journal_inode_add_write(handle_t *handle, struct jbd2_inode *jinode) | ||
| 1189 | { | ||
| 1190 | return jbd2_journal_file_inode(handle, jinode, | ||
| 1191 | - JI_WRITE_DATA | JI_WAIT_DATA); | ||
| 1192 | + JI_WRITE_DATA | JI_WAIT_DATA, 0, LLONG_MAX); | ||
| 1193 | } | ||
| 1194 | |||
| 1195 | int jbd2_journal_inode_add_wait(handle_t *handle, struct jbd2_inode *jinode) | ||
| 1196 | { | ||
| 1197 | - return jbd2_journal_file_inode(handle, jinode, JI_WAIT_DATA); | ||
| 1198 | + return jbd2_journal_file_inode(handle, jinode, JI_WAIT_DATA, 0, | ||
| 1199 | + LLONG_MAX); | ||
| 1200 | +} | ||
| 1201 | + | ||
| 1202 | +int jbd2_journal_inode_ranged_write(handle_t *handle, | ||
| 1203 | + struct jbd2_inode *jinode, loff_t start_byte, loff_t length) | ||
| 1204 | +{ | ||
| 1205 | + return jbd2_journal_file_inode(handle, jinode, | ||
| 1206 | + JI_WRITE_DATA | JI_WAIT_DATA, start_byte, | ||
| 1207 | + start_byte + length - 1); | ||
| 1208 | +} | ||
| 1209 | + | ||
| 1210 | +int jbd2_journal_inode_ranged_wait(handle_t *handle, struct jbd2_inode *jinode, | ||
| 1211 | + loff_t start_byte, loff_t length) | ||
| 1212 | +{ | ||
| 1213 | + return jbd2_journal_file_inode(handle, jinode, JI_WAIT_DATA, | ||
| 1214 | + start_byte, start_byte + length - 1); | ||
| 1215 | } | ||
| 1216 | |||
| 1217 | /* | ||
| 1218 | diff --git a/include/linux/fs.h b/include/linux/fs.h | ||
| 1219 | index d4e1b43a53c3..92420009b9bc 100644 | ||
| 1220 | --- a/include/linux/fs.h | ||
| 1221 | +++ b/include/linux/fs.h | ||
| 1222 | @@ -2651,6 +2651,8 @@ extern int filemap_flush(struct address_space *); | ||
| 1223 | extern int filemap_fdatawait_keep_errors(struct address_space *mapping); | ||
| 1224 | extern int filemap_fdatawait_range(struct address_space *, loff_t lstart, | ||
| 1225 | loff_t lend); | ||
| 1226 | +extern int filemap_fdatawait_range_keep_errors(struct address_space *mapping, | ||
| 1227 | + loff_t start_byte, loff_t end_byte); | ||
| 1228 | |||
| 1229 | static inline int filemap_fdatawait(struct address_space *mapping) | ||
| 1230 | { | ||
| 1231 | diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h | ||
| 1232 | index 583b82b5a1e9..1cf1b9b8e975 100644 | ||
| 1233 | --- a/include/linux/jbd2.h | ||
| 1234 | +++ b/include/linux/jbd2.h | ||
| 1235 | @@ -454,6 +454,22 @@ struct jbd2_inode { | ||
| 1236 | * @i_flags: Flags of inode [j_list_lock] | ||
| 1237 | */ | ||
| 1238 | unsigned long i_flags; | ||
| 1239 | + | ||
| 1240 | + /** | ||
| 1241 | + * @i_dirty_start: | ||
| 1242 | + * | ||
| 1243 | + * Offset in bytes where the dirty range for this inode starts. | ||
| 1244 | + * [j_list_lock] | ||
| 1245 | + */ | ||
| 1246 | + loff_t i_dirty_start; | ||
| 1247 | + | ||
| 1248 | + /** | ||
| 1249 | + * @i_dirty_end: | ||
| 1250 | + * | ||
| 1251 | + * Inclusive offset in bytes where the dirty range for this inode | ||
| 1252 | + * ends. [j_list_lock] | ||
| 1253 | + */ | ||
| 1254 | + loff_t i_dirty_end; | ||
| 1255 | }; | ||
| 1256 | |||
| 1257 | struct jbd2_revoke_table_s; | ||
| 1258 | @@ -1399,6 +1415,12 @@ extern int jbd2_journal_force_commit(journal_t *); | ||
| 1259 | extern int jbd2_journal_force_commit_nested(journal_t *); | ||
| 1260 | extern int jbd2_journal_inode_add_write(handle_t *handle, struct jbd2_inode *inode); | ||
| 1261 | extern int jbd2_journal_inode_add_wait(handle_t *handle, struct jbd2_inode *inode); | ||
| 1262 | +extern int jbd2_journal_inode_ranged_write(handle_t *handle, | ||
| 1263 | + struct jbd2_inode *inode, loff_t start_byte, | ||
| 1264 | + loff_t length); | ||
| 1265 | +extern int jbd2_journal_inode_ranged_wait(handle_t *handle, | ||
| 1266 | + struct jbd2_inode *inode, loff_t start_byte, | ||
| 1267 | + loff_t length); | ||
| 1268 | extern int jbd2_journal_begin_ordered_truncate(journal_t *journal, | ||
| 1269 | struct jbd2_inode *inode, loff_t new_size); | ||
| 1270 | extern void jbd2_journal_init_jbd_inode(struct jbd2_inode *jinode, struct inode *inode); | ||
| 1271 | diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h | ||
| 1272 | index 42fc852bf512..b22bc81f3669 100644 | ||
| 1273 | --- a/include/linux/perf_event.h | ||
| 1274 | +++ b/include/linux/perf_event.h | ||
| 1275 | @@ -1030,6 +1030,11 @@ static inline int in_software_context(struct perf_event *event) | ||
| 1276 | return event->ctx->pmu->task_ctx_nr == perf_sw_context; | ||
| 1277 | } | ||
| 1278 | |||
| 1279 | +static inline int is_exclusive_pmu(struct pmu *pmu) | ||
| 1280 | +{ | ||
| 1281 | + return pmu->capabilities & PERF_PMU_CAP_EXCLUSIVE; | ||
| 1282 | +} | ||
| 1283 | + | ||
| 1284 | extern struct static_key perf_swevent_enabled[PERF_COUNT_SW_MAX]; | ||
| 1285 | |||
| 1286 | extern void ___perf_sw_event(u32, u64, struct pt_regs *, u64); | ||
| 1287 | diff --git a/include/net/dst.h b/include/net/dst.h | ||
| 1288 | index 6cf0870414c7..ffc8ee0ea5e5 100644 | ||
| 1289 | --- a/include/net/dst.h | ||
| 1290 | +++ b/include/net/dst.h | ||
| 1291 | @@ -313,8 +313,9 @@ static inline bool dst_hold_safe(struct dst_entry *dst) | ||
| 1292 | * @skb: buffer | ||
| 1293 | * | ||
| 1294 | * If dst is not yet refcounted and not destroyed, grab a ref on it. | ||
| 1295 | + * Returns true if dst is refcounted. | ||
| 1296 | */ | ||
| 1297 | -static inline void skb_dst_force(struct sk_buff *skb) | ||
| 1298 | +static inline bool skb_dst_force(struct sk_buff *skb) | ||
| 1299 | { | ||
| 1300 | if (skb_dst_is_noref(skb)) { | ||
| 1301 | struct dst_entry *dst = skb_dst(skb); | ||
| 1302 | @@ -325,6 +326,8 @@ static inline void skb_dst_force(struct sk_buff *skb) | ||
| 1303 | |||
| 1304 | skb->_skb_refdst = (unsigned long)dst; | ||
| 1305 | } | ||
| 1306 | + | ||
| 1307 | + return skb->_skb_refdst != 0UL; | ||
| 1308 | } | ||
| 1309 | |||
| 1310 | |||
| 1311 | diff --git a/include/net/tcp.h b/include/net/tcp.h | ||
| 1312 | index e75661f92daa..abcf53a6db04 100644 | ||
| 1313 | --- a/include/net/tcp.h | ||
| 1314 | +++ b/include/net/tcp.h | ||
| 1315 | @@ -1054,7 +1054,8 @@ void tcp_get_default_congestion_control(struct net *net, char *name); | ||
| 1316 | void tcp_get_available_congestion_control(char *buf, size_t len); | ||
| 1317 | void tcp_get_allowed_congestion_control(char *buf, size_t len); | ||
| 1318 | int tcp_set_allowed_congestion_control(char *allowed); | ||
| 1319 | -int tcp_set_congestion_control(struct sock *sk, const char *name, bool load, bool reinit); | ||
| 1320 | +int tcp_set_congestion_control(struct sock *sk, const char *name, bool load, | ||
| 1321 | + bool reinit, bool cap_net_admin); | ||
| 1322 | u32 tcp_slow_start(struct tcp_sock *tp, u32 acked); | ||
| 1323 | void tcp_cong_avoid_ai(struct tcp_sock *tp, u32 w, u32 acked); | ||
| 1324 | |||
| 1325 | @@ -1646,6 +1647,11 @@ static inline struct sk_buff *tcp_rtx_queue_head(const struct sock *sk) | ||
| 1326 | return skb_rb_first(&sk->tcp_rtx_queue); | ||
| 1327 | } | ||
| 1328 | |||
| 1329 | +static inline struct sk_buff *tcp_rtx_queue_tail(const struct sock *sk) | ||
| 1330 | +{ | ||
| 1331 | + return skb_rb_last(&sk->tcp_rtx_queue); | ||
| 1332 | +} | ||
| 1333 | + | ||
| 1334 | static inline struct sk_buff *tcp_write_queue_head(const struct sock *sk) | ||
| 1335 | { | ||
| 1336 | return skb_peek(&sk->sk_write_queue); | ||
| 1337 | diff --git a/include/net/tls.h b/include/net/tls.h | ||
| 1338 | index 954110575891..98f5ad0319a2 100644 | ||
| 1339 | --- a/include/net/tls.h | ||
| 1340 | +++ b/include/net/tls.h | ||
| 1341 | @@ -234,6 +234,7 @@ struct tls_offload_context_rx { | ||
| 1342 | (ALIGN(sizeof(struct tls_offload_context_rx), sizeof(void *)) + \ | ||
| 1343 | TLS_DRIVER_STATE_SIZE) | ||
| 1344 | |||
| 1345 | +void tls_ctx_free(struct tls_context *ctx); | ||
| 1346 | int wait_on_pending_writer(struct sock *sk, long *timeo); | ||
| 1347 | int tls_sk_query(struct sock *sk, int optname, char __user *optval, | ||
| 1348 | int __user *optlen); | ||
| 1349 | diff --git a/kernel/events/core.c b/kernel/events/core.c | ||
| 1350 | index 3b61ff40bfe2..e8979c72514b 100644 | ||
| 1351 | --- a/kernel/events/core.c | ||
| 1352 | +++ b/kernel/events/core.c | ||
| 1353 | @@ -2541,6 +2541,9 @@ unlock: | ||
| 1354 | return ret; | ||
| 1355 | } | ||
| 1356 | |||
| 1357 | +static bool exclusive_event_installable(struct perf_event *event, | ||
| 1358 | + struct perf_event_context *ctx); | ||
| 1359 | + | ||
| 1360 | /* | ||
| 1361 | * Attach a performance event to a context. | ||
| 1362 | * | ||
| 1363 | @@ -2555,6 +2558,8 @@ perf_install_in_context(struct perf_event_context *ctx, | ||
| 1364 | |||
| 1365 | lockdep_assert_held(&ctx->mutex); | ||
| 1366 | |||
| 1367 | + WARN_ON_ONCE(!exclusive_event_installable(event, ctx)); | ||
| 1368 | + | ||
| 1369 | if (event->cpu != -1) | ||
| 1370 | event->cpu = cpu; | ||
| 1371 | |||
| 1372 | @@ -4341,7 +4346,7 @@ static int exclusive_event_init(struct perf_event *event) | ||
| 1373 | { | ||
| 1374 | struct pmu *pmu = event->pmu; | ||
| 1375 | |||
| 1376 | - if (!(pmu->capabilities & PERF_PMU_CAP_EXCLUSIVE)) | ||
| 1377 | + if (!is_exclusive_pmu(pmu)) | ||
| 1378 | return 0; | ||
| 1379 | |||
| 1380 | /* | ||
| 1381 | @@ -4372,7 +4377,7 @@ static void exclusive_event_destroy(struct perf_event *event) | ||
| 1382 | { | ||
| 1383 | struct pmu *pmu = event->pmu; | ||
| 1384 | |||
| 1385 | - if (!(pmu->capabilities & PERF_PMU_CAP_EXCLUSIVE)) | ||
| 1386 | + if (!is_exclusive_pmu(pmu)) | ||
| 1387 | return; | ||
| 1388 | |||
| 1389 | /* see comment in exclusive_event_init() */ | ||
| 1390 | @@ -4392,14 +4397,15 @@ static bool exclusive_event_match(struct perf_event *e1, struct perf_event *e2) | ||
| 1391 | return false; | ||
| 1392 | } | ||
| 1393 | |||
| 1394 | -/* Called under the same ctx::mutex as perf_install_in_context() */ | ||
| 1395 | static bool exclusive_event_installable(struct perf_event *event, | ||
| 1396 | struct perf_event_context *ctx) | ||
| 1397 | { | ||
| 1398 | struct perf_event *iter_event; | ||
| 1399 | struct pmu *pmu = event->pmu; | ||
| 1400 | |||
| 1401 | - if (!(pmu->capabilities & PERF_PMU_CAP_EXCLUSIVE)) | ||
| 1402 | + lockdep_assert_held(&ctx->mutex); | ||
| 1403 | + | ||
| 1404 | + if (!is_exclusive_pmu(pmu)) | ||
| 1405 | return true; | ||
| 1406 | |||
| 1407 | list_for_each_entry(iter_event, &ctx->event_list, event_entry) { | ||
| 1408 | @@ -4446,12 +4452,20 @@ static void _free_event(struct perf_event *event) | ||
| 1409 | if (event->destroy) | ||
| 1410 | event->destroy(event); | ||
| 1411 | |||
| 1412 | - if (event->ctx) | ||
| 1413 | - put_ctx(event->ctx); | ||
| 1414 | - | ||
| 1415 | + /* | ||
| 1416 | + * Must be after ->destroy(), due to uprobe_perf_close() using | ||
| 1417 | + * hw.target. | ||
| 1418 | + */ | ||
| 1419 | if (event->hw.target) | ||
| 1420 | put_task_struct(event->hw.target); | ||
| 1421 | |||
| 1422 | + /* | ||
| 1423 | + * perf_event_free_task() relies on put_ctx() being 'last', in particular | ||
| 1424 | + * all task references must be cleaned up. | ||
| 1425 | + */ | ||
| 1426 | + if (event->ctx) | ||
| 1427 | + put_ctx(event->ctx); | ||
| 1428 | + | ||
| 1429 | exclusive_event_destroy(event); | ||
| 1430 | module_put(event->pmu->module); | ||
| 1431 | |||
| 1432 | @@ -4631,8 +4645,17 @@ again: | ||
| 1433 | mutex_unlock(&event->child_mutex); | ||
| 1434 | |||
| 1435 | list_for_each_entry_safe(child, tmp, &free_list, child_list) { | ||
| 1436 | + void *var = &child->ctx->refcount; | ||
| 1437 | + | ||
| 1438 | list_del(&child->child_list); | ||
| 1439 | free_event(child); | ||
| 1440 | + | ||
| 1441 | + /* | ||
| 1442 | + * Wake any perf_event_free_task() waiting for this event to be | ||
| 1443 | + * freed. | ||
| 1444 | + */ | ||
| 1445 | + smp_mb(); /* pairs with wait_var_event() */ | ||
| 1446 | + wake_up_var(var); | ||
| 1447 | } | ||
| 1448 | |||
| 1449 | no_ctx: | ||
| 1450 | @@ -10613,11 +10636,6 @@ SYSCALL_DEFINE5(perf_event_open, | ||
| 1451 | goto err_alloc; | ||
| 1452 | } | ||
| 1453 | |||
| 1454 | - if ((pmu->capabilities & PERF_PMU_CAP_EXCLUSIVE) && group_leader) { | ||
| 1455 | - err = -EBUSY; | ||
| 1456 | - goto err_context; | ||
| 1457 | - } | ||
| 1458 | - | ||
| 1459 | /* | ||
| 1460 | * Look up the group leader (we will attach this event to it): | ||
| 1461 | */ | ||
| 1462 | @@ -10705,6 +10723,18 @@ SYSCALL_DEFINE5(perf_event_open, | ||
| 1463 | move_group = 0; | ||
| 1464 | } | ||
| 1465 | } | ||
| 1466 | + | ||
| 1467 | + /* | ||
| 1468 | + * Failure to create exclusive events returns -EBUSY. | ||
| 1469 | + */ | ||
| 1470 | + err = -EBUSY; | ||
| 1471 | + if (!exclusive_event_installable(group_leader, ctx)) | ||
| 1472 | + goto err_locked; | ||
| 1473 | + | ||
| 1474 | + for_each_sibling_event(sibling, group_leader) { | ||
| 1475 | + if (!exclusive_event_installable(sibling, ctx)) | ||
| 1476 | + goto err_locked; | ||
| 1477 | + } | ||
| 1478 | } else { | ||
| 1479 | mutex_lock(&ctx->mutex); | ||
| 1480 | } | ||
| 1481 | @@ -10741,9 +10771,6 @@ SYSCALL_DEFINE5(perf_event_open, | ||
| 1482 | * because we need to serialize with concurrent event creation. | ||
| 1483 | */ | ||
| 1484 | if (!exclusive_event_installable(event, ctx)) { | ||
| 1485 | - /* exclusive and group stuff are assumed mutually exclusive */ | ||
| 1486 | - WARN_ON_ONCE(move_group); | ||
| 1487 | - | ||
| 1488 | err = -EBUSY; | ||
| 1489 | goto err_locked; | ||
| 1490 | } | ||
| 1491 | @@ -11210,11 +11237,11 @@ static void perf_free_event(struct perf_event *event, | ||
| 1492 | } | ||
| 1493 | |||
| 1494 | /* | ||
| 1495 | - * Free an unexposed, unused context as created by inheritance by | ||
| 1496 | - * perf_event_init_task below, used by fork() in case of fail. | ||
| 1497 | + * Free a context as created by inheritance by perf_event_init_task() below, | ||
| 1498 | + * used by fork() in case of fail. | ||
| 1499 | * | ||
| 1500 | - * Not all locks are strictly required, but take them anyway to be nice and | ||
| 1501 | - * help out with the lockdep assertions. | ||
| 1502 | + * Even though the task has never lived, the context and events have been | ||
| 1503 | + * exposed through the child_list, so we must take care tearing it all down. | ||
| 1504 | */ | ||
| 1505 | void perf_event_free_task(struct task_struct *task) | ||
| 1506 | { | ||
| 1507 | @@ -11244,7 +11271,23 @@ void perf_event_free_task(struct task_struct *task) | ||
| 1508 | perf_free_event(event, ctx); | ||
| 1509 | |||
| 1510 | mutex_unlock(&ctx->mutex); | ||
| 1511 | - put_ctx(ctx); | ||
| 1512 | + | ||
| 1513 | + /* | ||
| 1514 | + * perf_event_release_kernel() could've stolen some of our | ||
| 1515 | + * child events and still have them on its free_list. In that | ||
| 1516 | + * case we must wait for these events to have been freed (in | ||
| 1517 | + * particular all their references to this task must've been | ||
| 1518 | + * dropped). | ||
| 1519 | + * | ||
| 1520 | + * Without this copy_process() will unconditionally free this | ||
| 1521 | + * task (irrespective of its reference count) and | ||
| 1522 | + * _free_event()'s put_task_struct(event->hw.target) will be a | ||
| 1523 | + * use-after-free. | ||
| 1524 | + * | ||
| 1525 | + * Wait for all events to drop their context reference. | ||
| 1526 | + */ | ||
| 1527 | + wait_var_event(&ctx->refcount, atomic_read(&ctx->refcount) == 1); | ||
| 1528 | + put_ctx(ctx); /* must be last */ | ||
| 1529 | } | ||
| 1530 | } | ||
| 1531 | |||
| 1532 | diff --git a/mm/filemap.c b/mm/filemap.c | ||
| 1533 | index 52517f28e6f4..287f3fa02e5e 100644 | ||
| 1534 | --- a/mm/filemap.c | ||
| 1535 | +++ b/mm/filemap.c | ||
| 1536 | @@ -561,6 +561,28 @@ int filemap_fdatawait_range(struct address_space *mapping, loff_t start_byte, | ||
| 1537 | } | ||
| 1538 | EXPORT_SYMBOL(filemap_fdatawait_range); | ||
| 1539 | |||
| 1540 | +/** | ||
| 1541 | + * filemap_fdatawait_range_keep_errors - wait for writeback to complete | ||
| 1542 | + * @mapping: address space structure to wait for | ||
| 1543 | + * @start_byte: offset in bytes where the range starts | ||
| 1544 | + * @end_byte: offset in bytes where the range ends (inclusive) | ||
| 1545 | + * | ||
| 1546 | + * Walk the list of under-writeback pages of the given address space in the | ||
| 1547 | + * given range and wait for all of them. Unlike filemap_fdatawait_range(), | ||
| 1548 | + * this function does not clear error status of the address space. | ||
| 1549 | + * | ||
| 1550 | + * Use this function if callers don't handle errors themselves. Expected | ||
| 1551 | + * call sites are system-wide / filesystem-wide data flushers: e.g. sync(2), | ||
| 1552 | + * fsfreeze(8) | ||
| 1553 | + */ | ||
| 1554 | +int filemap_fdatawait_range_keep_errors(struct address_space *mapping, | ||
| 1555 | + loff_t start_byte, loff_t end_byte) | ||
| 1556 | +{ | ||
| 1557 | + __filemap_fdatawait_range(mapping, start_byte, end_byte); | ||
| 1558 | + return filemap_check_and_keep_errors(mapping); | ||
| 1559 | +} | ||
| 1560 | +EXPORT_SYMBOL(filemap_fdatawait_range_keep_errors); | ||
| 1561 | + | ||
| 1562 | /** | ||
| 1563 | * file_fdatawait_range - wait for writeback to complete | ||
| 1564 | * @file: file pointing to address space structure to wait for | ||
| 1565 | diff --git a/mm/vmscan.c b/mm/vmscan.c | ||
| 1566 | index e42f44cf7b43..576379e87421 100644 | ||
| 1567 | --- a/mm/vmscan.c | ||
| 1568 | +++ b/mm/vmscan.c | ||
| 1569 | @@ -2190,7 +2190,7 @@ static void shrink_active_list(unsigned long nr_to_scan, | ||
| 1570 | * 10TB 320 32GB | ||
| 1571 | */ | ||
| 1572 | static bool inactive_list_is_low(struct lruvec *lruvec, bool file, | ||
| 1573 | - struct scan_control *sc, bool actual_reclaim) | ||
| 1574 | + struct scan_control *sc, bool trace) | ||
| 1575 | { | ||
| 1576 | enum lru_list active_lru = file * LRU_FILE + LRU_ACTIVE; | ||
| 1577 | struct pglist_data *pgdat = lruvec_pgdat(lruvec); | ||
| 1578 | @@ -2216,7 +2216,7 @@ static bool inactive_list_is_low(struct lruvec *lruvec, bool file, | ||
| 1579 | * rid of the stale workingset quickly. | ||
| 1580 | */ | ||
| 1581 | refaults = lruvec_page_state(lruvec, WORKINGSET_ACTIVATE); | ||
| 1582 | - if (file && actual_reclaim && lruvec->refaults != refaults) { | ||
| 1583 | + if (file && lruvec->refaults != refaults) { | ||
| 1584 | inactive_ratio = 0; | ||
| 1585 | } else { | ||
| 1586 | gb = (inactive + active) >> (30 - PAGE_SHIFT); | ||
| 1587 | @@ -2226,7 +2226,7 @@ static bool inactive_list_is_low(struct lruvec *lruvec, bool file, | ||
| 1588 | inactive_ratio = 1; | ||
| 1589 | } | ||
| 1590 | |||
| 1591 | - if (actual_reclaim) | ||
| 1592 | + if (trace) | ||
| 1593 | trace_mm_vmscan_inactive_list_is_low(pgdat->node_id, sc->reclaim_idx, | ||
| 1594 | lruvec_lru_size(lruvec, inactive_lru, MAX_NR_ZONES), inactive, | ||
| 1595 | lruvec_lru_size(lruvec, active_lru, MAX_NR_ZONES), active, | ||
| 1596 | diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c | ||
| 1597 | index fed0ff446abb..2532c1a19645 100644 | ||
| 1598 | --- a/net/bridge/br_input.c | ||
| 1599 | +++ b/net/bridge/br_input.c | ||
| 1600 | @@ -79,7 +79,6 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb | ||
| 1601 | struct net_bridge_fdb_entry *dst = NULL; | ||
| 1602 | struct net_bridge_mdb_entry *mdst; | ||
| 1603 | bool local_rcv, mcast_hit = false; | ||
| 1604 | - const unsigned char *dest; | ||
| 1605 | struct net_bridge *br; | ||
| 1606 | u16 vid = 0; | ||
| 1607 | |||
| 1608 | @@ -97,10 +96,9 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb | ||
| 1609 | br_fdb_update(br, p, eth_hdr(skb)->h_source, vid, false); | ||
| 1610 | |||
| 1611 | local_rcv = !!(br->dev->flags & IFF_PROMISC); | ||
| 1612 | - dest = eth_hdr(skb)->h_dest; | ||
| 1613 | - if (is_multicast_ether_addr(dest)) { | ||
| 1614 | + if (is_multicast_ether_addr(eth_hdr(skb)->h_dest)) { | ||
| 1615 | /* by definition the broadcast is also a multicast address */ | ||
| 1616 | - if (is_broadcast_ether_addr(dest)) { | ||
| 1617 | + if (is_broadcast_ether_addr(eth_hdr(skb)->h_dest)) { | ||
| 1618 | pkt_type = BR_PKT_BROADCAST; | ||
| 1619 | local_rcv = true; | ||
| 1620 | } else { | ||
| 1621 | @@ -150,7 +148,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb | ||
| 1622 | } | ||
| 1623 | break; | ||
| 1624 | case BR_PKT_UNICAST: | ||
| 1625 | - dst = br_fdb_find_rcu(br, dest, vid); | ||
| 1626 | + dst = br_fdb_find_rcu(br, eth_hdr(skb)->h_dest, vid); | ||
| 1627 | default: | ||
| 1628 | break; | ||
| 1629 | } | ||
| 1630 | diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c | ||
| 1631 | index 75901c4641b1..fb54d32321ec 100644 | ||
| 1632 | --- a/net/bridge/br_multicast.c | ||
| 1633 | +++ b/net/bridge/br_multicast.c | ||
| 1634 | @@ -1147,6 +1147,7 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br, | ||
| 1635 | int type; | ||
| 1636 | int err = 0; | ||
| 1637 | __be32 group; | ||
| 1638 | + u16 nsrcs; | ||
| 1639 | |||
| 1640 | ih = igmpv3_report_hdr(skb); | ||
| 1641 | num = ntohs(ih->ngrec); | ||
| 1642 | @@ -1160,8 +1161,9 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br, | ||
| 1643 | grec = (void *)(skb->data + len - sizeof(*grec)); | ||
| 1644 | group = grec->grec_mca; | ||
| 1645 | type = grec->grec_type; | ||
| 1646 | + nsrcs = ntohs(grec->grec_nsrcs); | ||
| 1647 | |||
| 1648 | - len += ntohs(grec->grec_nsrcs) * 4; | ||
| 1649 | + len += nsrcs * 4; | ||
| 1650 | if (!pskb_may_pull(skb, len)) | ||
| 1651 | return -EINVAL; | ||
| 1652 | |||
| 1653 | @@ -1182,7 +1184,7 @@ static int br_ip4_multicast_igmp3_report(struct net_bridge *br, | ||
| 1654 | src = eth_hdr(skb)->h_source; | ||
| 1655 | if ((type == IGMPV3_CHANGE_TO_INCLUDE || | ||
| 1656 | type == IGMPV3_MODE_IS_INCLUDE) && | ||
| 1657 | - ntohs(grec->grec_nsrcs) == 0) { | ||
| 1658 | + nsrcs == 0) { | ||
| 1659 | br_ip4_multicast_leave_group(br, port, group, vid, src); | ||
| 1660 | } else { | ||
| 1661 | err = br_ip4_multicast_add_group(br, port, group, vid, | ||
| 1662 | @@ -1217,23 +1219,26 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br, | ||
| 1663 | len = skb_transport_offset(skb) + sizeof(*icmp6h); | ||
| 1664 | |||
| 1665 | for (i = 0; i < num; i++) { | ||
| 1666 | - __be16 *nsrcs, _nsrcs; | ||
| 1667 | - | ||
| 1668 | - nsrcs = skb_header_pointer(skb, | ||
| 1669 | - len + offsetof(struct mld2_grec, | ||
| 1670 | - grec_nsrcs), | ||
| 1671 | - sizeof(_nsrcs), &_nsrcs); | ||
| 1672 | - if (!nsrcs) | ||
| 1673 | + __be16 *_nsrcs, __nsrcs; | ||
| 1674 | + u16 nsrcs; | ||
| 1675 | + | ||
| 1676 | + _nsrcs = skb_header_pointer(skb, | ||
| 1677 | + len + offsetof(struct mld2_grec, | ||
| 1678 | + grec_nsrcs), | ||
| 1679 | + sizeof(__nsrcs), &__nsrcs); | ||
| 1680 | + if (!_nsrcs) | ||
| 1681 | return -EINVAL; | ||
| 1682 | |||
| 1683 | + nsrcs = ntohs(*_nsrcs); | ||
| 1684 | + | ||
| 1685 | if (!pskb_may_pull(skb, | ||
| 1686 | len + sizeof(*grec) + | ||
| 1687 | - sizeof(struct in6_addr) * ntohs(*nsrcs))) | ||
| 1688 | + sizeof(struct in6_addr) * nsrcs)) | ||
| 1689 | return -EINVAL; | ||
| 1690 | |||
| 1691 | grec = (struct mld2_grec *)(skb->data + len); | ||
| 1692 | len += sizeof(*grec) + | ||
| 1693 | - sizeof(struct in6_addr) * ntohs(*nsrcs); | ||
| 1694 | + sizeof(struct in6_addr) * nsrcs; | ||
| 1695 | |||
| 1696 | /* We treat these as MLDv1 reports for now. */ | ||
| 1697 | switch (grec->grec_type) { | ||
| 1698 | @@ -1252,7 +1257,7 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br, | ||
| 1699 | src = eth_hdr(skb)->h_source; | ||
| 1700 | if ((grec->grec_type == MLD2_CHANGE_TO_INCLUDE || | ||
| 1701 | grec->grec_type == MLD2_MODE_IS_INCLUDE) && | ||
| 1702 | - ntohs(*nsrcs) == 0) { | ||
| 1703 | + nsrcs == 0) { | ||
| 1704 | br_ip6_multicast_leave_group(br, port, &grec->grec_mca, | ||
| 1705 | vid, src); | ||
| 1706 | } else { | ||
| 1707 | @@ -1505,7 +1510,6 @@ static int br_ip6_multicast_query(struct net_bridge *br, | ||
| 1708 | struct sk_buff *skb, | ||
| 1709 | u16 vid) | ||
| 1710 | { | ||
| 1711 | - const struct ipv6hdr *ip6h = ipv6_hdr(skb); | ||
| 1712 | struct mld_msg *mld; | ||
| 1713 | struct net_bridge_mdb_entry *mp; | ||
| 1714 | struct mld2_query *mld2q; | ||
| 1715 | @@ -1549,7 +1553,7 @@ static int br_ip6_multicast_query(struct net_bridge *br, | ||
| 1716 | |||
| 1717 | if (is_general_query) { | ||
| 1718 | saddr.proto = htons(ETH_P_IPV6); | ||
| 1719 | - saddr.u.ip6 = ip6h->saddr; | ||
| 1720 | + saddr.u.ip6 = ipv6_hdr(skb)->saddr; | ||
| 1721 | |||
| 1722 | br_multicast_query_received(br, port, &br->ip6_other_query, | ||
| 1723 | &saddr, max_delay); | ||
| 1724 | diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c | ||
| 1725 | index 1b75d6bf12bd..37ddcea3fc96 100644 | ||
| 1726 | --- a/net/bridge/br_stp_bpdu.c | ||
| 1727 | +++ b/net/bridge/br_stp_bpdu.c | ||
| 1728 | @@ -147,7 +147,6 @@ void br_send_tcn_bpdu(struct net_bridge_port *p) | ||
| 1729 | void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb, | ||
| 1730 | struct net_device *dev) | ||
| 1731 | { | ||
| 1732 | - const unsigned char *dest = eth_hdr(skb)->h_dest; | ||
| 1733 | struct net_bridge_port *p; | ||
| 1734 | struct net_bridge *br; | ||
| 1735 | const unsigned char *buf; | ||
| 1736 | @@ -176,7 +175,7 @@ void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb, | ||
| 1737 | if (p->state == BR_STATE_DISABLED) | ||
| 1738 | goto out; | ||
| 1739 | |||
| 1740 | - if (!ether_addr_equal(dest, br->group_addr)) | ||
| 1741 | + if (!ether_addr_equal(eth_hdr(skb)->h_dest, br->group_addr)) | ||
| 1742 | goto out; | ||
| 1743 | |||
| 1744 | if (p->flags & BR_BPDU_GUARD) { | ||
| 1745 | diff --git a/net/core/filter.c b/net/core/filter.c | ||
| 1746 | index 34ec9324737b..c996380f2959 100644 | ||
| 1747 | --- a/net/core/filter.c | ||
| 1748 | +++ b/net/core/filter.c | ||
| 1749 | @@ -3991,7 +3991,7 @@ BPF_CALL_5(bpf_setsockopt, struct bpf_sock_ops_kern *, bpf_sock, | ||
| 1750 | TCP_CA_NAME_MAX-1)); | ||
| 1751 | name[TCP_CA_NAME_MAX-1] = 0; | ||
| 1752 | ret = tcp_set_congestion_control(sk, name, false, | ||
| 1753 | - reinit); | ||
| 1754 | + reinit, true); | ||
| 1755 | } else { | ||
| 1756 | struct tcp_sock *tp = tcp_sk(sk); | ||
| 1757 | |||
| 1758 | diff --git a/net/core/neighbour.c b/net/core/neighbour.c | ||
| 1759 | index cd9e991f21d7..c52d6e6b341c 100644 | ||
| 1760 | --- a/net/core/neighbour.c | ||
| 1761 | +++ b/net/core/neighbour.c | ||
| 1762 | @@ -1021,6 +1021,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb) | ||
| 1763 | |||
| 1764 | atomic_set(&neigh->probes, | ||
| 1765 | NEIGH_VAR(neigh->parms, UCAST_PROBES)); | ||
| 1766 | + neigh_del_timer(neigh); | ||
| 1767 | neigh->nud_state = NUD_INCOMPLETE; | ||
| 1768 | neigh->updated = now; | ||
| 1769 | next = now + max(NEIGH_VAR(neigh->parms, RETRANS_TIME), | ||
| 1770 | @@ -1037,6 +1038,7 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb) | ||
| 1771 | } | ||
| 1772 | } else if (neigh->nud_state & NUD_STALE) { | ||
| 1773 | neigh_dbg(2, "neigh %p is delayed\n", neigh); | ||
| 1774 | + neigh_del_timer(neigh); | ||
| 1775 | neigh->nud_state = NUD_DELAY; | ||
| 1776 | neigh->updated = jiffies; | ||
| 1777 | neigh_add_timer(neigh, jiffies + | ||
| 1778 | diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c | ||
| 1779 | index ea4bd8a52422..d23746143cd2 100644 | ||
| 1780 | --- a/net/ipv4/devinet.c | ||
| 1781 | +++ b/net/ipv4/devinet.c | ||
| 1782 | @@ -66,6 +66,11 @@ | ||
| 1783 | #include <net/net_namespace.h> | ||
| 1784 | #include <net/addrconf.h> | ||
| 1785 | |||
| 1786 | +#define IPV6ONLY_FLAGS \ | ||
| 1787 | + (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ | ||
| 1788 | + IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ | ||
| 1789 | + IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) | ||
| 1790 | + | ||
| 1791 | static struct ipv4_devconf ipv4_devconf = { | ||
| 1792 | .data = { | ||
| 1793 | [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, | ||
| 1794 | @@ -462,6 +467,9 @@ static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, | ||
| 1795 | ifa->ifa_flags &= ~IFA_F_SECONDARY; | ||
| 1796 | last_primary = &in_dev->ifa_list; | ||
| 1797 | |||
| 1798 | + /* Don't set IPv6 only flags to IPv4 addresses */ | ||
| 1799 | + ifa->ifa_flags &= ~IPV6ONLY_FLAGS; | ||
| 1800 | + | ||
| 1801 | for (ifap = &in_dev->ifa_list; (ifa1 = *ifap) != NULL; | ||
| 1802 | ifap = &ifa1->ifa_next) { | ||
| 1803 | if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && | ||
| 1804 | diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c | ||
| 1805 | index d187ee8156a1..b2240b7f225d 100644 | ||
| 1806 | --- a/net/ipv4/igmp.c | ||
| 1807 | +++ b/net/ipv4/igmp.c | ||
| 1808 | @@ -1218,12 +1218,8 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) | ||
| 1809 | if (pmc) { | ||
| 1810 | im->interface = pmc->interface; | ||
| 1811 | if (im->sfmode == MCAST_INCLUDE) { | ||
| 1812 | - im->tomb = pmc->tomb; | ||
| 1813 | - pmc->tomb = NULL; | ||
| 1814 | - | ||
| 1815 | - im->sources = pmc->sources; | ||
| 1816 | - pmc->sources = NULL; | ||
| 1817 | - | ||
| 1818 | + swap(im->tomb, pmc->tomb); | ||
| 1819 | + swap(im->sources, pmc->sources); | ||
| 1820 | for (psf = im->sources; psf; psf = psf->sf_next) | ||
| 1821 | psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; | ||
| 1822 | } else { | ||
| 1823 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c | ||
| 1824 | index 364e6fdaa38f..b7ef367fe6a1 100644 | ||
| 1825 | --- a/net/ipv4/tcp.c | ||
| 1826 | +++ b/net/ipv4/tcp.c | ||
| 1827 | @@ -2594,6 +2594,8 @@ int tcp_disconnect(struct sock *sk, int flags) | ||
| 1828 | tcp_saved_syn_free(tp); | ||
| 1829 | tp->compressed_ack = 0; | ||
| 1830 | tp->bytes_sent = 0; | ||
| 1831 | + tp->bytes_acked = 0; | ||
| 1832 | + tp->bytes_received = 0; | ||
| 1833 | tp->bytes_retrans = 0; | ||
| 1834 | tp->dsack_dups = 0; | ||
| 1835 | tp->reord_seen = 0; | ||
| 1836 | @@ -2729,7 +2731,9 @@ static int do_tcp_setsockopt(struct sock *sk, int level, | ||
| 1837 | name[val] = 0; | ||
| 1838 | |||
| 1839 | lock_sock(sk); | ||
| 1840 | - err = tcp_set_congestion_control(sk, name, true, true); | ||
| 1841 | + err = tcp_set_congestion_control(sk, name, true, true, | ||
| 1842 | + ns_capable(sock_net(sk)->user_ns, | ||
| 1843 | + CAP_NET_ADMIN)); | ||
| 1844 | release_sock(sk); | ||
| 1845 | return err; | ||
| 1846 | } | ||
| 1847 | diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c | ||
| 1848 | index bc6c02f16243..48f79db446a0 100644 | ||
| 1849 | --- a/net/ipv4/tcp_cong.c | ||
| 1850 | +++ b/net/ipv4/tcp_cong.c | ||
| 1851 | @@ -332,7 +332,8 @@ out: | ||
| 1852 | * tcp_reinit_congestion_control (if the current congestion control was | ||
| 1853 | * already initialized. | ||
| 1854 | */ | ||
| 1855 | -int tcp_set_congestion_control(struct sock *sk, const char *name, bool load, bool reinit) | ||
| 1856 | +int tcp_set_congestion_control(struct sock *sk, const char *name, bool load, | ||
| 1857 | + bool reinit, bool cap_net_admin) | ||
| 1858 | { | ||
| 1859 | struct inet_connection_sock *icsk = inet_csk(sk); | ||
| 1860 | const struct tcp_congestion_ops *ca; | ||
| 1861 | @@ -368,8 +369,7 @@ int tcp_set_congestion_control(struct sock *sk, const char *name, bool load, boo | ||
| 1862 | } else { | ||
| 1863 | err = -EBUSY; | ||
| 1864 | } | ||
| 1865 | - } else if (!((ca->flags & TCP_CONG_NON_RESTRICTED) || | ||
| 1866 | - ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))) { | ||
| 1867 | + } else if (!((ca->flags & TCP_CONG_NON_RESTRICTED) || cap_net_admin)) { | ||
| 1868 | err = -EPERM; | ||
| 1869 | } else if (!try_module_get(ca->owner)) { | ||
| 1870 | err = -EBUSY; | ||
| 1871 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c | ||
| 1872 | index 221d9b72423b..88c7e821fd11 100644 | ||
| 1873 | --- a/net/ipv4/tcp_output.c | ||
| 1874 | +++ b/net/ipv4/tcp_output.c | ||
| 1875 | @@ -1289,6 +1289,7 @@ int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue, | ||
| 1876 | struct tcp_sock *tp = tcp_sk(sk); | ||
| 1877 | struct sk_buff *buff; | ||
| 1878 | int nsize, old_factor; | ||
| 1879 | + long limit; | ||
| 1880 | int nlen; | ||
| 1881 | u8 flags; | ||
| 1882 | |||
| 1883 | @@ -1299,8 +1300,16 @@ int tcp_fragment(struct sock *sk, enum tcp_queue tcp_queue, | ||
| 1884 | if (nsize < 0) | ||
| 1885 | nsize = 0; | ||
| 1886 | |||
| 1887 | - if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf && | ||
| 1888 | - tcp_queue != TCP_FRAG_IN_WRITE_QUEUE)) { | ||
| 1889 | + /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb. | ||
| 1890 | + * We need some allowance to not penalize applications setting small | ||
| 1891 | + * SO_SNDBUF values. | ||
| 1892 | + * Also allow first and last skb in retransmit queue to be split. | ||
| 1893 | + */ | ||
| 1894 | + limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE); | ||
| 1895 | + if (unlikely((sk->sk_wmem_queued >> 1) > limit && | ||
| 1896 | + tcp_queue != TCP_FRAG_IN_WRITE_QUEUE && | ||
| 1897 | + skb != tcp_rtx_queue_head(sk) && | ||
| 1898 | + skb != tcp_rtx_queue_tail(sk))) { | ||
| 1899 | NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG); | ||
| 1900 | return -ENOMEM; | ||
| 1901 | } | ||
| 1902 | diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c | ||
| 1903 | index a6c0479c1d55..bbb5ffb3397d 100644 | ||
| 1904 | --- a/net/ipv6/ip6_fib.c | ||
| 1905 | +++ b/net/ipv6/ip6_fib.c | ||
| 1906 | @@ -1081,8 +1081,24 @@ add: | ||
| 1907 | err = call_fib6_entry_notifiers(info->nl_net, | ||
| 1908 | FIB_EVENT_ENTRY_ADD, | ||
| 1909 | rt, extack); | ||
| 1910 | - if (err) | ||
| 1911 | + if (err) { | ||
| 1912 | + struct fib6_info *sibling, *next_sibling; | ||
| 1913 | + | ||
| 1914 | + /* If the route has siblings, then it first | ||
| 1915 | + * needs to be unlinked from them. | ||
| 1916 | + */ | ||
| 1917 | + if (!rt->fib6_nsiblings) | ||
| 1918 | + return err; | ||
| 1919 | + | ||
| 1920 | + list_for_each_entry_safe(sibling, next_sibling, | ||
| 1921 | + &rt->fib6_siblings, | ||
| 1922 | + fib6_siblings) | ||
| 1923 | + sibling->fib6_nsiblings--; | ||
| 1924 | + rt->fib6_nsiblings = 0; | ||
| 1925 | + list_del_init(&rt->fib6_siblings); | ||
| 1926 | + rt6_multipath_rebalance(next_sibling); | ||
| 1927 | return err; | ||
| 1928 | + } | ||
| 1929 | |||
| 1930 | rcu_assign_pointer(rt->fib6_next, iter); | ||
| 1931 | atomic_inc(&rt->fib6_ref); | ||
| 1932 | diff --git a/net/ipv6/route.c b/net/ipv6/route.c | ||
| 1933 | index 24f7b2cf504b..81220077d62f 100644 | ||
| 1934 | --- a/net/ipv6/route.c | ||
| 1935 | +++ b/net/ipv6/route.c | ||
| 1936 | @@ -2214,7 +2214,7 @@ static struct dst_entry *rt6_check(struct rt6_info *rt, | ||
| 1937 | { | ||
| 1938 | u32 rt_cookie = 0; | ||
| 1939 | |||
| 1940 | - if ((from && !fib6_get_cookie_safe(from, &rt_cookie)) || | ||
| 1941 | + if (!from || !fib6_get_cookie_safe(from, &rt_cookie) || | ||
| 1942 | rt_cookie != cookie) | ||
| 1943 | return NULL; | ||
| 1944 | |||
| 1945 | diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c | ||
| 1946 | index 7569ba00e732..a96a8c16baf9 100644 | ||
| 1947 | --- a/net/netfilter/nf_queue.c | ||
| 1948 | +++ b/net/netfilter/nf_queue.c | ||
| 1949 | @@ -174,6 +174,11 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, | ||
| 1950 | goto err; | ||
| 1951 | } | ||
| 1952 | |||
| 1953 | + if (!skb_dst_force(skb) && state->hook != NF_INET_PRE_ROUTING) { | ||
| 1954 | + status = -ENETDOWN; | ||
| 1955 | + goto err; | ||
| 1956 | + } | ||
| 1957 | + | ||
| 1958 | *entry = (struct nf_queue_entry) { | ||
| 1959 | .skb = skb, | ||
| 1960 | .state = *state, | ||
| 1961 | @@ -182,7 +187,6 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, | ||
| 1962 | }; | ||
| 1963 | |||
| 1964 | nf_queue_entry_get_refs(entry); | ||
| 1965 | - skb_dst_force(skb); | ||
| 1966 | |||
| 1967 | switch (entry->state.pf) { | ||
| 1968 | case AF_INET: | ||
| 1969 | diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c | ||
| 1970 | index 71ffd1a6dc7c..43910e50752c 100644 | ||
| 1971 | --- a/net/netrom/af_netrom.c | ||
| 1972 | +++ b/net/netrom/af_netrom.c | ||
| 1973 | @@ -872,7 +872,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) | ||
| 1974 | unsigned short frametype, flags, window, timeout; | ||
| 1975 | int ret; | ||
| 1976 | |||
| 1977 | - skb->sk = NULL; /* Initially we don't know who it's for */ | ||
| 1978 | + skb_orphan(skb); | ||
| 1979 | |||
| 1980 | /* | ||
| 1981 | * skb->data points to the netrom frame start | ||
| 1982 | @@ -970,7 +970,9 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) | ||
| 1983 | |||
| 1984 | window = skb->data[20]; | ||
| 1985 | |||
| 1986 | + sock_hold(make); | ||
| 1987 | skb->sk = make; | ||
| 1988 | + skb->destructor = sock_efree; | ||
| 1989 | make->sk_state = TCP_ESTABLISHED; | ||
| 1990 | |||
| 1991 | /* Fill in his circuit details */ | ||
| 1992 | diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c | ||
| 1993 | index 908f25e3773e..5405d073804c 100644 | ||
| 1994 | --- a/net/nfc/nci/data.c | ||
| 1995 | +++ b/net/nfc/nci/data.c | ||
| 1996 | @@ -119,7 +119,7 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev, | ||
| 1997 | conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id); | ||
| 1998 | if (!conn_info) { | ||
| 1999 | rc = -EPROTO; | ||
| 2000 | - goto free_exit; | ||
| 2001 | + goto exit; | ||
| 2002 | } | ||
| 2003 | |||
| 2004 | __skb_queue_head_init(&frags_q); | ||
| 2005 | diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c | ||
| 2006 | index 85ae53d8fd09..8211e8e97c96 100644 | ||
| 2007 | --- a/net/openvswitch/actions.c | ||
| 2008 | +++ b/net/openvswitch/actions.c | ||
| 2009 | @@ -175,8 +175,7 @@ static void update_ethertype(struct sk_buff *skb, struct ethhdr *hdr, | ||
| 2010 | if (skb->ip_summed == CHECKSUM_COMPLETE) { | ||
| 2011 | __be16 diff[] = { ~(hdr->h_proto), ethertype }; | ||
| 2012 | |||
| 2013 | - skb->csum = ~csum_partial((char *)diff, sizeof(diff), | ||
| 2014 | - ~skb->csum); | ||
| 2015 | + skb->csum = csum_partial((char *)diff, sizeof(diff), skb->csum); | ||
| 2016 | } | ||
| 2017 | |||
| 2018 | hdr->h_proto = ethertype; | ||
| 2019 | @@ -268,8 +267,7 @@ static int set_mpls(struct sk_buff *skb, struct sw_flow_key *flow_key, | ||
| 2020 | if (skb->ip_summed == CHECKSUM_COMPLETE) { | ||
| 2021 | __be32 diff[] = { ~(stack->label_stack_entry), lse }; | ||
| 2022 | |||
| 2023 | - skb->csum = ~csum_partial((char *)diff, sizeof(diff), | ||
| 2024 | - ~skb->csum); | ||
| 2025 | + skb->csum = csum_partial((char *)diff, sizeof(diff), skb->csum); | ||
| 2026 | } | ||
| 2027 | |||
| 2028 | stack->label_stack_entry = lse; | ||
| 2029 | diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c | ||
| 2030 | index 3c39b8805d01..d76e5e58905d 100644 | ||
| 2031 | --- a/net/rxrpc/af_rxrpc.c | ||
| 2032 | +++ b/net/rxrpc/af_rxrpc.c | ||
| 2033 | @@ -552,6 +552,7 @@ static int rxrpc_sendmsg(struct socket *sock, struct msghdr *m, size_t len) | ||
| 2034 | |||
| 2035 | switch (rx->sk.sk_state) { | ||
| 2036 | case RXRPC_UNBOUND: | ||
| 2037 | + case RXRPC_CLIENT_UNBOUND: | ||
| 2038 | rx->srx.srx_family = AF_RXRPC; | ||
| 2039 | rx->srx.srx_service = 0; | ||
| 2040 | rx->srx.transport_type = SOCK_DGRAM; | ||
| 2041 | @@ -576,10 +577,9 @@ static int rxrpc_sendmsg(struct socket *sock, struct msghdr *m, size_t len) | ||
| 2042 | } | ||
| 2043 | |||
| 2044 | rx->local = local; | ||
| 2045 | - rx->sk.sk_state = RXRPC_CLIENT_UNBOUND; | ||
| 2046 | + rx->sk.sk_state = RXRPC_CLIENT_BOUND; | ||
| 2047 | /* Fall through */ | ||
| 2048 | |||
| 2049 | - case RXRPC_CLIENT_UNBOUND: | ||
| 2050 | case RXRPC_CLIENT_BOUND: | ||
| 2051 | if (!m->msg_name && | ||
| 2052 | test_bit(RXRPC_SOCK_CONNECTED, &rx->flags)) { | ||
| 2053 | diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c | ||
| 2054 | index 2167c6ca55e3..4159bcb479c6 100644 | ||
| 2055 | --- a/net/sched/cls_api.c | ||
| 2056 | +++ b/net/sched/cls_api.c | ||
| 2057 | @@ -1325,6 +1325,9 @@ replay: | ||
| 2058 | tcf_chain_tp_insert(chain, &chain_info, tp); | ||
| 2059 | tfilter_notify(net, skb, n, tp, block, q, parent, fh, | ||
| 2060 | RTM_NEWTFILTER, false); | ||
| 2061 | + /* q pointer is NULL for shared blocks */ | ||
| 2062 | + if (q) | ||
| 2063 | + q->flags &= ~TCQ_F_CAN_BYPASS; | ||
| 2064 | } else { | ||
| 2065 | if (tp_created) | ||
| 2066 | tcf_proto_destroy(tp, NULL); | ||
| 2067 | diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c | ||
| 2068 | index 6c0a9d5dbf94..137692cb8b4f 100644 | ||
| 2069 | --- a/net/sched/sch_fq_codel.c | ||
| 2070 | +++ b/net/sched/sch_fq_codel.c | ||
| 2071 | @@ -600,8 +600,6 @@ static unsigned long fq_codel_find(struct Qdisc *sch, u32 classid) | ||
| 2072 | static unsigned long fq_codel_bind(struct Qdisc *sch, unsigned long parent, | ||
| 2073 | u32 classid) | ||
| 2074 | { | ||
| 2075 | - /* we cannot bypass queue discipline anymore */ | ||
| 2076 | - sch->flags &= ~TCQ_F_CAN_BYPASS; | ||
| 2077 | return 0; | ||
| 2078 | } | ||
| 2079 | |||
| 2080 | diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c | ||
| 2081 | index 2f2678197760..650f21463853 100644 | ||
| 2082 | --- a/net/sched/sch_sfq.c | ||
| 2083 | +++ b/net/sched/sch_sfq.c | ||
| 2084 | @@ -828,8 +828,6 @@ static unsigned long sfq_find(struct Qdisc *sch, u32 classid) | ||
| 2085 | static unsigned long sfq_bind(struct Qdisc *sch, unsigned long parent, | ||
| 2086 | u32 classid) | ||
| 2087 | { | ||
| 2088 | - /* we cannot bypass queue discipline anymore */ | ||
| 2089 | - sch->flags &= ~TCQ_F_CAN_BYPASS; | ||
| 2090 | return 0; | ||
| 2091 | } | ||
| 2092 | |||
| 2093 | diff --git a/net/sctp/socket.c b/net/sctp/socket.c | ||
| 2094 | index 8c00a7ef1bcd..9f5b4e547b63 100644 | ||
| 2095 | --- a/net/sctp/socket.c | ||
| 2096 | +++ b/net/sctp/socket.c | ||
| 2097 | @@ -4507,34 +4507,18 @@ out_nounlock: | ||
| 2098 | static int sctp_connect(struct sock *sk, struct sockaddr *addr, | ||
| 2099 | int addr_len, int flags) | ||
| 2100 | { | ||
| 2101 | - struct inet_sock *inet = inet_sk(sk); | ||
| 2102 | struct sctp_af *af; | ||
| 2103 | - int err = 0; | ||
| 2104 | + int err = -EINVAL; | ||
| 2105 | |||
| 2106 | lock_sock(sk); | ||
| 2107 | |||
| 2108 | pr_debug("%s: sk:%p, sockaddr:%p, addr_len:%d\n", __func__, sk, | ||
| 2109 | addr, addr_len); | ||
| 2110 | |||
| 2111 | - /* We may need to bind the socket. */ | ||
| 2112 | - if (!inet->inet_num) { | ||
| 2113 | - if (sk->sk_prot->get_port(sk, 0)) { | ||
| 2114 | - release_sock(sk); | ||
| 2115 | - return -EAGAIN; | ||
| 2116 | - } | ||
| 2117 | - inet->inet_sport = htons(inet->inet_num); | ||
| 2118 | - } | ||
| 2119 | - | ||
| 2120 | /* Validate addr_len before calling common connect/connectx routine. */ | ||
| 2121 | af = sctp_get_af_specific(addr->sa_family); | ||
| 2122 | - if (!af || addr_len < af->sockaddr_len) { | ||
| 2123 | - err = -EINVAL; | ||
| 2124 | - } else { | ||
| 2125 | - /* Pass correct addr len to common routine (so it knows there | ||
| 2126 | - * is only one address being passed. | ||
| 2127 | - */ | ||
| 2128 | + if (af && addr_len >= af->sockaddr_len) | ||
| 2129 | err = __sctp_connect(sk, addr, af->sockaddr_len, flags, NULL); | ||
| 2130 | - } | ||
| 2131 | |||
| 2132 | release_sock(sk); | ||
| 2133 | return err; | ||
| 2134 | diff --git a/net/sctp/stream.c b/net/sctp/stream.c | ||
| 2135 | index 3b47457862cc..0da57938a6c5 100644 | ||
| 2136 | --- a/net/sctp/stream.c | ||
| 2137 | +++ b/net/sctp/stream.c | ||
| 2138 | @@ -253,13 +253,20 @@ out: | ||
| 2139 | int sctp_stream_init_ext(struct sctp_stream *stream, __u16 sid) | ||
| 2140 | { | ||
| 2141 | struct sctp_stream_out_ext *soute; | ||
| 2142 | + int ret; | ||
| 2143 | |||
| 2144 | soute = kzalloc(sizeof(*soute), GFP_KERNEL); | ||
| 2145 | if (!soute) | ||
| 2146 | return -ENOMEM; | ||
| 2147 | SCTP_SO(stream, sid)->ext = soute; | ||
| 2148 | |||
| 2149 | - return sctp_sched_init_sid(stream, sid, GFP_KERNEL); | ||
| 2150 | + ret = sctp_sched_init_sid(stream, sid, GFP_KERNEL); | ||
| 2151 | + if (ret) { | ||
| 2152 | + kfree(SCTP_SO(stream, sid)->ext); | ||
| 2153 | + SCTP_SO(stream, sid)->ext = NULL; | ||
| 2154 | + } | ||
| 2155 | + | ||
| 2156 | + return ret; | ||
| 2157 | } | ||
| 2158 | |||
| 2159 | void sctp_stream_free(struct sctp_stream *stream) | ||
| 2160 | diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c | ||
| 2161 | index ead29c2aefa7..0a613e0ef3bf 100644 | ||
| 2162 | --- a/net/tls/tls_device.c | ||
| 2163 | +++ b/net/tls/tls_device.c | ||
| 2164 | @@ -61,7 +61,7 @@ static void tls_device_free_ctx(struct tls_context *ctx) | ||
| 2165 | if (ctx->rx_conf == TLS_HW) | ||
| 2166 | kfree(tls_offload_ctx_rx(ctx)); | ||
| 2167 | |||
| 2168 | - kfree(ctx); | ||
| 2169 | + tls_ctx_free(ctx); | ||
| 2170 | } | ||
| 2171 | |||
| 2172 | static void tls_device_gc_task(struct work_struct *work) | ||
| 2173 | diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c | ||
| 2174 | index 25b3fb585777..4c0ac79f82d4 100644 | ||
| 2175 | --- a/net/tls/tls_main.c | ||
| 2176 | +++ b/net/tls/tls_main.c | ||
| 2177 | @@ -241,7 +241,7 @@ static void tls_write_space(struct sock *sk) | ||
| 2178 | ctx->sk_write_space(sk); | ||
| 2179 | } | ||
| 2180 | |||
| 2181 | -static void tls_ctx_free(struct tls_context *ctx) | ||
| 2182 | +void tls_ctx_free(struct tls_context *ctx) | ||
| 2183 | { | ||
| 2184 | if (!ctx) | ||
| 2185 | return; |