Contents of /trunk/kernel-alx/patches-4.9/0164-4.9.65-all-fixes.patch
Parent Directory | Revision Log
Revision 3049 -
(show annotations)
(download)
Wed Dec 20 11:49:44 2017 UTC (6 years, 9 months ago) by niro
File size: 20290 byte(s)
Wed Dec 20 11:49:44 2017 UTC (6 years, 9 months ago) by niro
File size: 20290 byte(s)
-linux-4.9.65
1 | diff --git a/Makefile b/Makefile |
2 | index d29cace0da6d..87a641515e9c 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 4 |
7 | PATCHLEVEL = 9 |
8 | -SUBLEVEL = 64 |
9 | +SUBLEVEL = 65 |
10 | EXTRAVERSION = |
11 | NAME = Roaring Lionus |
12 | |
13 | diff --git a/crypto/dh.c b/crypto/dh.c |
14 | index 9d19360e7189..99e20fc63cc9 100644 |
15 | --- a/crypto/dh.c |
16 | +++ b/crypto/dh.c |
17 | @@ -21,19 +21,12 @@ struct dh_ctx { |
18 | MPI xa; |
19 | }; |
20 | |
21 | -static inline void dh_clear_params(struct dh_ctx *ctx) |
22 | +static void dh_clear_ctx(struct dh_ctx *ctx) |
23 | { |
24 | mpi_free(ctx->p); |
25 | mpi_free(ctx->g); |
26 | - ctx->p = NULL; |
27 | - ctx->g = NULL; |
28 | -} |
29 | - |
30 | -static void dh_free_ctx(struct dh_ctx *ctx) |
31 | -{ |
32 | - dh_clear_params(ctx); |
33 | mpi_free(ctx->xa); |
34 | - ctx->xa = NULL; |
35 | + memset(ctx, 0, sizeof(*ctx)); |
36 | } |
37 | |
38 | /* |
39 | @@ -71,10 +64,8 @@ static int dh_set_params(struct dh_ctx *ctx, struct dh *params) |
40 | return -EINVAL; |
41 | |
42 | ctx->g = mpi_read_raw_data(params->g, params->g_size); |
43 | - if (!ctx->g) { |
44 | - mpi_free(ctx->p); |
45 | + if (!ctx->g) |
46 | return -EINVAL; |
47 | - } |
48 | |
49 | return 0; |
50 | } |
51 | @@ -84,19 +75,24 @@ static int dh_set_secret(struct crypto_kpp *tfm, void *buf, unsigned int len) |
52 | struct dh_ctx *ctx = dh_get_ctx(tfm); |
53 | struct dh params; |
54 | |
55 | + /* Free the old MPI key if any */ |
56 | + dh_clear_ctx(ctx); |
57 | + |
58 | if (crypto_dh_decode_key(buf, len, ¶ms) < 0) |
59 | - return -EINVAL; |
60 | + goto err_clear_ctx; |
61 | |
62 | if (dh_set_params(ctx, ¶ms) < 0) |
63 | - return -EINVAL; |
64 | + goto err_clear_ctx; |
65 | |
66 | ctx->xa = mpi_read_raw_data(params.key, params.key_size); |
67 | - if (!ctx->xa) { |
68 | - dh_clear_params(ctx); |
69 | - return -EINVAL; |
70 | - } |
71 | + if (!ctx->xa) |
72 | + goto err_clear_ctx; |
73 | |
74 | return 0; |
75 | + |
76 | +err_clear_ctx: |
77 | + dh_clear_ctx(ctx); |
78 | + return -EINVAL; |
79 | } |
80 | |
81 | static int dh_compute_value(struct kpp_request *req) |
82 | @@ -154,7 +150,7 @@ static void dh_exit_tfm(struct crypto_kpp *tfm) |
83 | { |
84 | struct dh_ctx *ctx = dh_get_ctx(tfm); |
85 | |
86 | - dh_free_ctx(ctx); |
87 | + dh_clear_ctx(ctx); |
88 | } |
89 | |
90 | static struct kpp_alg dh = { |
91 | diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c |
92 | index 172a9dc06ec9..5d509ccf1299 100644 |
93 | --- a/drivers/char/ipmi/ipmi_msghandler.c |
94 | +++ b/drivers/char/ipmi/ipmi_msghandler.c |
95 | @@ -4029,7 +4029,8 @@ smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg, |
96 | } |
97 | |
98 | static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, |
99 | - struct list_head *timeouts, long timeout_period, |
100 | + struct list_head *timeouts, |
101 | + unsigned long timeout_period, |
102 | int slot, unsigned long *flags, |
103 | unsigned int *waiting_msgs) |
104 | { |
105 | @@ -4042,8 +4043,8 @@ static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, |
106 | if (!ent->inuse) |
107 | return; |
108 | |
109 | - ent->timeout -= timeout_period; |
110 | - if (ent->timeout > 0) { |
111 | + if (timeout_period < ent->timeout) { |
112 | + ent->timeout -= timeout_period; |
113 | (*waiting_msgs)++; |
114 | return; |
115 | } |
116 | @@ -4109,7 +4110,8 @@ static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, |
117 | } |
118 | } |
119 | |
120 | -static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, long timeout_period) |
121 | +static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, |
122 | + unsigned long timeout_period) |
123 | { |
124 | struct list_head timeouts; |
125 | struct ipmi_recv_msg *msg, *msg2; |
126 | diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c |
127 | index cf76fc6149e5..fbb75514dfb4 100644 |
128 | --- a/drivers/dma/dmatest.c |
129 | +++ b/drivers/dma/dmatest.c |
130 | @@ -666,6 +666,7 @@ static int dmatest_func(void *data) |
131 | * free it this time?" dancing. For now, just |
132 | * leave it dangling. |
133 | */ |
134 | + WARN(1, "dmatest: Kernel stack may be corrupted!!\n"); |
135 | dmaengine_unmap_put(um); |
136 | result("test timed out", total_tests, src_off, dst_off, |
137 | len, 0); |
138 | diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
139 | index 5fa36ebc0640..63d61c084815 100644 |
140 | --- a/drivers/net/bonding/bond_main.c |
141 | +++ b/drivers/net/bonding/bond_main.c |
142 | @@ -3217,7 +3217,7 @@ u32 bond_xmit_hash(struct bonding *bond, struct sk_buff *skb) |
143 | hash ^= (hash >> 16); |
144 | hash ^= (hash >> 8); |
145 | |
146 | - return hash; |
147 | + return hash >> 1; |
148 | } |
149 | |
150 | /*-------------------------- Device entry points ----------------------------*/ |
151 | diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c |
152 | index c08bd763172a..a300ed48a7d8 100644 |
153 | --- a/drivers/net/ethernet/fealnx.c |
154 | +++ b/drivers/net/ethernet/fealnx.c |
155 | @@ -257,8 +257,8 @@ enum rx_desc_status_bits { |
156 | RXFSD = 0x00000800, /* first descriptor */ |
157 | RXLSD = 0x00000400, /* last descriptor */ |
158 | ErrorSummary = 0x80, /* error summary */ |
159 | - RUNT = 0x40, /* runt packet received */ |
160 | - LONG = 0x20, /* long packet received */ |
161 | + RUNTPKT = 0x40, /* runt packet received */ |
162 | + LONGPKT = 0x20, /* long packet received */ |
163 | FAE = 0x10, /* frame align error */ |
164 | CRC = 0x08, /* crc error */ |
165 | RXER = 0x04, /* receive error */ |
166 | @@ -1633,7 +1633,7 @@ static int netdev_rx(struct net_device *dev) |
167 | dev->name, rx_status); |
168 | |
169 | dev->stats.rx_errors++; /* end of a packet. */ |
170 | - if (rx_status & (LONG | RUNT)) |
171 | + if (rx_status & (LONGPKT | RUNTPKT)) |
172 | dev->stats.rx_length_errors++; |
173 | if (rx_status & RXER) |
174 | dev->stats.rx_frame_errors++; |
175 | diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c |
176 | index 50737def774c..32e9ec8f1521 100644 |
177 | --- a/drivers/net/usb/asix_devices.c |
178 | +++ b/drivers/net/usb/asix_devices.c |
179 | @@ -624,7 +624,7 @@ static int asix_suspend(struct usb_interface *intf, pm_message_t message) |
180 | struct usbnet *dev = usb_get_intfdata(intf); |
181 | struct asix_common_private *priv = dev->driver_priv; |
182 | |
183 | - if (priv->suspend) |
184 | + if (priv && priv->suspend) |
185 | priv->suspend(dev); |
186 | |
187 | return usbnet_suspend(intf, message); |
188 | @@ -676,7 +676,7 @@ static int asix_resume(struct usb_interface *intf) |
189 | struct usbnet *dev = usb_get_intfdata(intf); |
190 | struct asix_common_private *priv = dev->driver_priv; |
191 | |
192 | - if (priv->resume) |
193 | + if (priv && priv->resume) |
194 | priv->resume(dev); |
195 | |
196 | return usbnet_resume(intf); |
197 | diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c |
198 | index b82be816256c..1fca0024f294 100644 |
199 | --- a/drivers/net/usb/cdc_ether.c |
200 | +++ b/drivers/net/usb/cdc_ether.c |
201 | @@ -221,7 +221,7 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) |
202 | goto bad_desc; |
203 | } |
204 | |
205 | - if (header.usb_cdc_ether_desc) { |
206 | + if (header.usb_cdc_ether_desc && info->ether->wMaxSegmentSize) { |
207 | dev->hard_mtu = le16_to_cpu(info->ether->wMaxSegmentSize); |
208 | /* because of Zaurus, we may be ignoring the host |
209 | * side link address we were given. |
210 | diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
211 | index 49a27dc46e5e..9cf11c83993a 100644 |
212 | --- a/drivers/net/usb/qmi_wwan.c |
213 | +++ b/drivers/net/usb/qmi_wwan.c |
214 | @@ -205,6 +205,7 @@ static int qmi_wwan_rx_fixup(struct usbnet *dev, struct sk_buff *skb) |
215 | return 1; |
216 | } |
217 | if (rawip) { |
218 | + skb_reset_mac_header(skb); |
219 | skb->dev = dev->net; /* normally set by eth_type_trans */ |
220 | skb->protocol = proto; |
221 | return 1; |
222 | @@ -386,7 +387,7 @@ static int qmi_wwan_bind(struct usbnet *dev, struct usb_interface *intf) |
223 | } |
224 | |
225 | /* errors aren't fatal - we can live with the dynamic address */ |
226 | - if (cdc_ether) { |
227 | + if (cdc_ether && cdc_ether->wMaxSegmentSize) { |
228 | dev->hard_mtu = le16_to_cpu(cdc_ether->wMaxSegmentSize); |
229 | usbnet_get_ethernet_addr(dev, cdc_ether->iMACAddress); |
230 | } |
231 | diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c |
232 | index 578bd5001d93..346e48698555 100644 |
233 | --- a/drivers/net/vrf.c |
234 | +++ b/drivers/net/vrf.c |
235 | @@ -1129,7 +1129,7 @@ static int vrf_fib_rule(const struct net_device *dev, __u8 family, bool add_it) |
236 | frh->family = family; |
237 | frh->action = FR_ACT_TO_TBL; |
238 | |
239 | - if (nla_put_u32(skb, FRA_L3MDEV, 1)) |
240 | + if (nla_put_u8(skb, FRA_L3MDEV, 1)) |
241 | goto nla_put_failure; |
242 | |
243 | if (nla_put_u32(skb, FRA_PRIORITY, FIB_RULE_PREF)) |
244 | diff --git a/drivers/tty/serial/8250/8250_fintek.c b/drivers/tty/serial/8250/8250_fintek.c |
245 | index 0facc789fe7d..f8c31070a337 100644 |
246 | --- a/drivers/tty/serial/8250/8250_fintek.c |
247 | +++ b/drivers/tty/serial/8250/8250_fintek.c |
248 | @@ -54,6 +54,9 @@ static int fintek_8250_enter_key(u16 base_port, u8 key) |
249 | if (!request_muxed_region(base_port, 2, "8250_fintek")) |
250 | return -EBUSY; |
251 | |
252 | + /* Force to deactive all SuperIO in this base_port */ |
253 | + outb(EXIT_KEY, base_port + ADDR_PORT); |
254 | + |
255 | outb(key, base_port + ADDR_PORT); |
256 | outb(key, base_port + ADDR_PORT); |
257 | return 0; |
258 | diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c |
259 | index 44e5b5bf713b..472ba3c813c1 100644 |
260 | --- a/drivers/tty/serial/omap-serial.c |
261 | +++ b/drivers/tty/serial/omap-serial.c |
262 | @@ -693,7 +693,7 @@ static void serial_omap_set_mctrl(struct uart_port *port, unsigned int mctrl) |
263 | if ((mctrl & TIOCM_RTS) && (port->status & UPSTAT_AUTORTS)) |
264 | up->efr |= UART_EFR_RTS; |
265 | else |
266 | - up->efr &= UART_EFR_RTS; |
267 | + up->efr &= ~UART_EFR_RTS; |
268 | serial_out(up, UART_EFR, up->efr); |
269 | serial_out(up, UART_LCR, lcr); |
270 | |
271 | diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c |
272 | index f6c6c8adbc01..7289f0a7670b 100644 |
273 | --- a/fs/coda/upcall.c |
274 | +++ b/fs/coda/upcall.c |
275 | @@ -446,8 +446,7 @@ int venus_fsync(struct super_block *sb, struct CodaFid *fid) |
276 | UPARG(CODA_FSYNC); |
277 | |
278 | inp->coda_fsync.VFid = *fid; |
279 | - error = coda_upcall(coda_vcp(sb), sizeof(union inputArgs), |
280 | - &outsize, inp); |
281 | + error = coda_upcall(coda_vcp(sb), insize, &outsize, inp); |
282 | |
283 | CODA_FREE(inp, insize); |
284 | return error; |
285 | diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c |
286 | index dd5cb8bcefd1..eef324823311 100644 |
287 | --- a/fs/ocfs2/dlm/dlmrecovery.c |
288 | +++ b/fs/ocfs2/dlm/dlmrecovery.c |
289 | @@ -2419,6 +2419,7 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node) |
290 | dlm_lockres_put(res); |
291 | continue; |
292 | } |
293 | + dlm_move_lockres_to_recovery_list(dlm, res); |
294 | } else if (res->owner == dlm->node_num) { |
295 | dlm_free_dead_locks(dlm, res, dead_node); |
296 | __dlm_lockres_calc_usage(dlm, res); |
297 | diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c |
298 | index 0db6f83fdea1..05a0fb9854f9 100644 |
299 | --- a/fs/ocfs2/file.c |
300 | +++ b/fs/ocfs2/file.c |
301 | @@ -1166,6 +1166,13 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) |
302 | } |
303 | size_change = S_ISREG(inode->i_mode) && attr->ia_valid & ATTR_SIZE; |
304 | if (size_change) { |
305 | + /* |
306 | + * Here we should wait dio to finish before inode lock |
307 | + * to avoid a deadlock between ocfs2_setattr() and |
308 | + * ocfs2_dio_end_io_write() |
309 | + */ |
310 | + inode_dio_wait(inode); |
311 | + |
312 | status = ocfs2_rw_lock(inode, 1); |
313 | if (status < 0) { |
314 | mlog_errno(status); |
315 | @@ -1186,8 +1193,6 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) |
316 | if (status) |
317 | goto bail_unlock; |
318 | |
319 | - inode_dio_wait(inode); |
320 | - |
321 | if (i_size_read(inode) >= attr->ia_size) { |
322 | if (ocfs2_should_order_data(inode)) { |
323 | status = ocfs2_begin_ordered_truncate(inode, |
324 | diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h |
325 | index 6744eb40c4ea..fff21a82780c 100644 |
326 | --- a/include/linux/mmzone.h |
327 | +++ b/include/linux/mmzone.h |
328 | @@ -672,7 +672,8 @@ typedef struct pglist_data { |
329 | * is the first PFN that needs to be initialised. |
330 | */ |
331 | unsigned long first_deferred_pfn; |
332 | - unsigned long static_init_size; |
333 | + /* Number of non-deferred pages */ |
334 | + unsigned long static_init_pgcnt; |
335 | #endif /* CONFIG_DEFERRED_STRUCT_PAGE_INIT */ |
336 | |
337 | #ifdef CONFIG_TRANSPARENT_HUGEPAGE |
338 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
339 | index 32810f279f8e..601dfa849d30 100644 |
340 | --- a/include/linux/skbuff.h |
341 | +++ b/include/linux/skbuff.h |
342 | @@ -3584,6 +3584,13 @@ static inline void nf_reset_trace(struct sk_buff *skb) |
343 | #endif |
344 | } |
345 | |
346 | +static inline void ipvs_reset(struct sk_buff *skb) |
347 | +{ |
348 | +#if IS_ENABLED(CONFIG_IP_VS) |
349 | + skb->ipvs_property = 0; |
350 | +#endif |
351 | +} |
352 | + |
353 | /* Note: This doesn't put any conntrack and bridge info in dst. */ |
354 | static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, |
355 | bool copy) |
356 | diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
357 | index 7064aae8ded7..4a044134ce84 100644 |
358 | --- a/mm/page_alloc.c |
359 | +++ b/mm/page_alloc.c |
360 | @@ -284,28 +284,37 @@ EXPORT_SYMBOL(nr_online_nodes); |
361 | int page_group_by_mobility_disabled __read_mostly; |
362 | |
363 | #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT |
364 | + |
365 | +/* |
366 | + * Determine how many pages need to be initialized durig early boot |
367 | + * (non-deferred initialization). |
368 | + * The value of first_deferred_pfn will be set later, once non-deferred pages |
369 | + * are initialized, but for now set it ULONG_MAX. |
370 | + */ |
371 | static inline void reset_deferred_meminit(pg_data_t *pgdat) |
372 | { |
373 | - unsigned long max_initialise; |
374 | - unsigned long reserved_lowmem; |
375 | + phys_addr_t start_addr, end_addr; |
376 | + unsigned long max_pgcnt; |
377 | + unsigned long reserved; |
378 | |
379 | /* |
380 | * Initialise at least 2G of a node but also take into account that |
381 | * two large system hashes that can take up 1GB for 0.25TB/node. |
382 | */ |
383 | - max_initialise = max(2UL << (30 - PAGE_SHIFT), |
384 | - (pgdat->node_spanned_pages >> 8)); |
385 | + max_pgcnt = max(2UL << (30 - PAGE_SHIFT), |
386 | + (pgdat->node_spanned_pages >> 8)); |
387 | |
388 | /* |
389 | * Compensate the all the memblock reservations (e.g. crash kernel) |
390 | * from the initial estimation to make sure we will initialize enough |
391 | * memory to boot. |
392 | */ |
393 | - reserved_lowmem = memblock_reserved_memory_within(pgdat->node_start_pfn, |
394 | - pgdat->node_start_pfn + max_initialise); |
395 | - max_initialise += reserved_lowmem; |
396 | + start_addr = PFN_PHYS(pgdat->node_start_pfn); |
397 | + end_addr = PFN_PHYS(pgdat->node_start_pfn + max_pgcnt); |
398 | + reserved = memblock_reserved_memory_within(start_addr, end_addr); |
399 | + max_pgcnt += PHYS_PFN(reserved); |
400 | |
401 | - pgdat->static_init_size = min(max_initialise, pgdat->node_spanned_pages); |
402 | + pgdat->static_init_pgcnt = min(max_pgcnt, pgdat->node_spanned_pages); |
403 | pgdat->first_deferred_pfn = ULONG_MAX; |
404 | } |
405 | |
406 | @@ -332,7 +341,7 @@ static inline bool update_defer_init(pg_data_t *pgdat, |
407 | if (zone_end < pgdat_end_pfn(pgdat)) |
408 | return true; |
409 | (*nr_initialised)++; |
410 | - if ((*nr_initialised > pgdat->static_init_size) && |
411 | + if ((*nr_initialised > pgdat->static_init_pgcnt) && |
412 | (pfn & (PAGES_PER_SECTION - 1)) == 0) { |
413 | pgdat->first_deferred_pfn = pfn; |
414 | return false; |
415 | diff --git a/mm/pagewalk.c b/mm/pagewalk.c |
416 | index 207244489a68..d95341cffc2f 100644 |
417 | --- a/mm/pagewalk.c |
418 | +++ b/mm/pagewalk.c |
419 | @@ -142,8 +142,12 @@ static int walk_hugetlb_range(unsigned long addr, unsigned long end, |
420 | do { |
421 | next = hugetlb_entry_end(h, addr, end); |
422 | pte = huge_pte_offset(walk->mm, addr & hmask); |
423 | - if (pte && walk->hugetlb_entry) |
424 | + |
425 | + if (pte) |
426 | err = walk->hugetlb_entry(pte, hmask, addr, next, walk); |
427 | + else if (walk->pte_hole) |
428 | + err = walk->pte_hole(addr, next, walk); |
429 | + |
430 | if (err) |
431 | break; |
432 | } while (addr = next, addr != end); |
433 | diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c |
434 | index 8d213f974448..4a47074d1d7f 100644 |
435 | --- a/net/8021q/vlan.c |
436 | +++ b/net/8021q/vlan.c |
437 | @@ -376,6 +376,9 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event, |
438 | dev->name); |
439 | vlan_vid_add(dev, htons(ETH_P_8021Q), 0); |
440 | } |
441 | + if (event == NETDEV_DOWN && |
442 | + (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) |
443 | + vlan_vid_del(dev, htons(ETH_P_8021Q), 0); |
444 | |
445 | vlan_info = rtnl_dereference(dev->vlan_info); |
446 | if (!vlan_info) |
447 | @@ -423,9 +426,6 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event, |
448 | struct net_device *tmp; |
449 | LIST_HEAD(close_list); |
450 | |
451 | - if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER) |
452 | - vlan_vid_del(dev, htons(ETH_P_8021Q), 0); |
453 | - |
454 | /* Put all VLANs for this dev in the down state too. */ |
455 | vlan_group_for_each_dev(grp, i, vlandev) { |
456 | flgs = vlandev->flags; |
457 | diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
458 | index fe008f1bd930..aec5605944d3 100644 |
459 | --- a/net/core/skbuff.c |
460 | +++ b/net/core/skbuff.c |
461 | @@ -4375,6 +4375,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) |
462 | if (!xnet) |
463 | return; |
464 | |
465 | + ipvs_reset(skb); |
466 | skb_orphan(skb); |
467 | skb->mark = 0; |
468 | } |
469 | diff --git a/net/ipv4/tcp_nv.c b/net/ipv4/tcp_nv.c |
470 | index 5de82a8d4d87..e45e2c41c7bd 100644 |
471 | --- a/net/ipv4/tcp_nv.c |
472 | +++ b/net/ipv4/tcp_nv.c |
473 | @@ -263,7 +263,7 @@ static void tcpnv_acked(struct sock *sk, const struct ack_sample *sample) |
474 | |
475 | /* rate in 100's bits per second */ |
476 | rate64 = ((u64)sample->in_flight) * 8000000; |
477 | - rate = (u32)div64_u64(rate64, (u64)(avg_rtt * 100)); |
478 | + rate = (u32)div64_u64(rate64, (u64)(avg_rtt ?: 1) * 100); |
479 | |
480 | /* Remember the maximum rate seen during this RTT |
481 | * Note: It may be more than one RTT. This function should be |
482 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
483 | index 566b43afe378..3d7b59ecc76c 100644 |
484 | --- a/net/ipv4/tcp_output.c |
485 | +++ b/net/ipv4/tcp_output.c |
486 | @@ -3110,13 +3110,8 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, |
487 | tcp_ecn_make_synack(req, th); |
488 | th->source = htons(ireq->ir_num); |
489 | th->dest = ireq->ir_rmt_port; |
490 | - /* Setting of flags are superfluous here for callers (and ECE is |
491 | - * not even correctly set) |
492 | - */ |
493 | - tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn, |
494 | - TCPHDR_SYN | TCPHDR_ACK); |
495 | - |
496 | - th->seq = htonl(TCP_SKB_CB(skb)->seq); |
497 | + skb->ip_summed = CHECKSUM_PARTIAL; |
498 | + th->seq = htonl(tcp_rsk(req)->snt_isn); |
499 | /* XXX data is queued and acked as is. No buffer/window check */ |
500 | th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt); |
501 | |
502 | diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
503 | index a1dca3b169a1..c9fac08a53b1 100644 |
504 | --- a/net/netlink/af_netlink.c |
505 | +++ b/net/netlink/af_netlink.c |
506 | @@ -2077,7 +2077,7 @@ static int netlink_dump(struct sock *sk) |
507 | struct sk_buff *skb = NULL; |
508 | struct nlmsghdr *nlh; |
509 | struct module *module; |
510 | - int len, err = -ENOBUFS; |
511 | + int err = -ENOBUFS; |
512 | int alloc_min_size; |
513 | int alloc_size; |
514 | |
515 | @@ -2124,9 +2124,11 @@ static int netlink_dump(struct sock *sk) |
516 | skb_reserve(skb, skb_tailroom(skb) - alloc_size); |
517 | netlink_skb_set_owner_r(skb, sk); |
518 | |
519 | - len = cb->dump(skb, cb); |
520 | + if (nlk->dump_done_errno > 0) |
521 | + nlk->dump_done_errno = cb->dump(skb, cb); |
522 | |
523 | - if (len > 0) { |
524 | + if (nlk->dump_done_errno > 0 || |
525 | + skb_tailroom(skb) < nlmsg_total_size(sizeof(nlk->dump_done_errno))) { |
526 | mutex_unlock(nlk->cb_mutex); |
527 | |
528 | if (sk_filter(sk, skb)) |
529 | @@ -2136,13 +2138,15 @@ static int netlink_dump(struct sock *sk) |
530 | return 0; |
531 | } |
532 | |
533 | - nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI); |
534 | - if (!nlh) |
535 | + nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, |
536 | + sizeof(nlk->dump_done_errno), NLM_F_MULTI); |
537 | + if (WARN_ON(!nlh)) |
538 | goto errout_skb; |
539 | |
540 | nl_dump_check_consistent(cb, nlh); |
541 | |
542 | - memcpy(nlmsg_data(nlh), &len, sizeof(len)); |
543 | + memcpy(nlmsg_data(nlh), &nlk->dump_done_errno, |
544 | + sizeof(nlk->dump_done_errno)); |
545 | |
546 | if (sk_filter(sk, skb)) |
547 | kfree_skb(skb); |
548 | @@ -2214,6 +2218,7 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, |
549 | } |
550 | |
551 | nlk->cb_running = true; |
552 | + nlk->dump_done_errno = INT_MAX; |
553 | |
554 | mutex_unlock(nlk->cb_mutex); |
555 | |
556 | diff --git a/net/netlink/af_netlink.h b/net/netlink/af_netlink.h |
557 | index 4fdb38318977..bae961cfa3ad 100644 |
558 | --- a/net/netlink/af_netlink.h |
559 | +++ b/net/netlink/af_netlink.h |
560 | @@ -24,6 +24,7 @@ struct netlink_sock { |
561 | wait_queue_head_t wait; |
562 | bool bound; |
563 | bool cb_running; |
564 | + int dump_done_errno; |
565 | struct netlink_callback cb; |
566 | struct mutex *cb_mutex; |
567 | struct mutex cb_def_mutex; |
568 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
569 | index f7f00d012888..5d015270e454 100644 |
570 | --- a/net/sctp/ipv6.c |
571 | +++ b/net/sctp/ipv6.c |
572 | @@ -806,9 +806,10 @@ static void sctp_inet6_skb_msgname(struct sk_buff *skb, char *msgname, |
573 | addr->v6.sin6_flowinfo = 0; |
574 | addr->v6.sin6_port = sh->source; |
575 | addr->v6.sin6_addr = ipv6_hdr(skb)->saddr; |
576 | - if (ipv6_addr_type(&addr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL) { |
577 | + if (ipv6_addr_type(&addr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL) |
578 | addr->v6.sin6_scope_id = sctp_v6_skb_iif(skb); |
579 | - } |
580 | + else |
581 | + addr->v6.sin6_scope_id = 0; |
582 | } |
583 | |
584 | *addr_len = sctp_v6_addr_to_user(sctp_sk(skb->sk), addr); |
585 | diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
586 | index ffcc8aa78db7..c062ceae19e6 100644 |
587 | --- a/net/sctp/socket.c |
588 | +++ b/net/sctp/socket.c |
589 | @@ -4764,6 +4764,10 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) |
590 | struct socket *sock; |
591 | int err = 0; |
592 | |
593 | + /* Do not peel off from one netns to another one. */ |
594 | + if (!net_eq(current->nsproxy->net_ns, sock_net(sk))) |
595 | + return -EINVAL; |
596 | + |
597 | if (!asoc) |
598 | return -EINVAL; |
599 | |
600 | diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c |
601 | index 097459830454..6830d2427e47 100644 |
602 | --- a/security/integrity/ima/ima_appraise.c |
603 | +++ b/security/integrity/ima/ima_appraise.c |
604 | @@ -303,6 +303,9 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) |
605 | if (iint->flags & IMA_DIGSIG) |
606 | return; |
607 | |
608 | + if (iint->ima_file_status != INTEGRITY_PASS) |
609 | + return; |
610 | + |
611 | rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo); |
612 | if (rc < 0) |
613 | return; |