Annotation of /trunk/kernel-alx/patches-4.9/0199-4.9.100-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3176 -
(hide annotations)
(download)
Wed Aug 8 14:17:30 2018 UTC (5 years, 9 months ago) by niro
File size: 40406 byte(s)
Wed Aug 8 14:17:30 2018 UTC (5 years, 9 months ago) by niro
File size: 40406 byte(s)
-linux-4.9.100
| 1 | niro | 3176 | diff --git a/Documentation/arm64/silicon-errata.txt b/Documentation/arm64/silicon-errata.txt |
| 2 | index d11af52427b4..ac9489fad31b 100644 | ||
| 3 | --- a/Documentation/arm64/silicon-errata.txt | ||
| 4 | +++ b/Documentation/arm64/silicon-errata.txt | ||
| 5 | @@ -54,6 +54,7 @@ stable kernels. | ||
| 6 | | ARM | Cortex-A57 | #852523 | N/A | | ||
| 7 | | ARM | Cortex-A57 | #834220 | ARM64_ERRATUM_834220 | | ||
| 8 | | ARM | Cortex-A72 | #853709 | N/A | | ||
| 9 | +| ARM | Cortex-A55 | #1024718 | ARM64_ERRATUM_1024718 | | ||
| 10 | | ARM | MMU-500 | #841119,#826419 | N/A | | ||
| 11 | | | | | | | ||
| 12 | | Cavium | ThunderX ITS | #22375, #24313 | CAVIUM_ERRATUM_22375 | | ||
| 13 | diff --git a/Makefile b/Makefile | ||
| 14 | index d51e99f4a987..52a41396680c 100644 | ||
| 15 | --- a/Makefile | ||
| 16 | +++ b/Makefile | ||
| 17 | @@ -1,6 +1,6 @@ | ||
| 18 | VERSION = 4 | ||
| 19 | PATCHLEVEL = 9 | ||
| 20 | -SUBLEVEL = 99 | ||
| 21 | +SUBLEVEL = 100 | ||
| 22 | EXTRAVERSION = | ||
| 23 | NAME = Roaring Lionus | ||
| 24 | |||
| 25 | diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig | ||
| 26 | index 90e58bbbd858..d0df3611d1e2 100644 | ||
| 27 | --- a/arch/arm64/Kconfig | ||
| 28 | +++ b/arch/arm64/Kconfig | ||
| 29 | @@ -427,6 +427,20 @@ config ARM64_ERRATUM_843419 | ||
| 30 | |||
| 31 | If unsure, say Y. | ||
| 32 | |||
| 33 | +config ARM64_ERRATUM_1024718 | ||
| 34 | + bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" | ||
| 35 | + default y | ||
| 36 | + help | ||
| 37 | + This option adds work around for Arm Cortex-A55 Erratum 1024718. | ||
| 38 | + | ||
| 39 | + Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect | ||
| 40 | + update of the hardware dirty bit when the DBM/AP bits are updated | ||
| 41 | + without a break-before-make. The work around is to disable the usage | ||
| 42 | + of hardware DBM locally on the affected cores. CPUs not affected by | ||
| 43 | + erratum will continue to use the feature. | ||
| 44 | + | ||
| 45 | + If unsure, say Y. | ||
| 46 | + | ||
| 47 | config CAVIUM_ERRATUM_22375 | ||
| 48 | bool "Cavium erratum 22375, 24313" | ||
| 49 | default y | ||
| 50 | diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h | ||
| 51 | index e60375ce0dd2..bfcfec3590f6 100644 | ||
| 52 | --- a/arch/arm64/include/asm/assembler.h | ||
| 53 | +++ b/arch/arm64/include/asm/assembler.h | ||
| 54 | @@ -25,6 +25,7 @@ | ||
| 55 | |||
| 56 | #include <asm/asm-offsets.h> | ||
| 57 | #include <asm/cpufeature.h> | ||
| 58 | +#include <asm/cputype.h> | ||
| 59 | #include <asm/page.h> | ||
| 60 | #include <asm/pgtable-hwdef.h> | ||
| 61 | #include <asm/ptrace.h> | ||
| 62 | @@ -435,4 +436,43 @@ alternative_endif | ||
| 63 | and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT) | ||
| 64 | .endm | ||
| 65 | |||
| 66 | +/* | ||
| 67 | + * Check the MIDR_EL1 of the current CPU for a given model and a range of | ||
| 68 | + * variant/revision. See asm/cputype.h for the macros used below. | ||
| 69 | + * | ||
| 70 | + * model: MIDR_CPU_MODEL of CPU | ||
| 71 | + * rv_min: Minimum of MIDR_CPU_VAR_REV() | ||
| 72 | + * rv_max: Maximum of MIDR_CPU_VAR_REV() | ||
| 73 | + * res: Result register. | ||
| 74 | + * tmp1, tmp2, tmp3: Temporary registers | ||
| 75 | + * | ||
| 76 | + * Corrupts: res, tmp1, tmp2, tmp3 | ||
| 77 | + * Returns: 0, if the CPU id doesn't match. Non-zero otherwise | ||
| 78 | + */ | ||
| 79 | + .macro cpu_midr_match model, rv_min, rv_max, res, tmp1, tmp2, tmp3 | ||
| 80 | + mrs \res, midr_el1 | ||
| 81 | + mov_q \tmp1, (MIDR_REVISION_MASK | MIDR_VARIANT_MASK) | ||
| 82 | + mov_q \tmp2, MIDR_CPU_MODEL_MASK | ||
| 83 | + and \tmp3, \res, \tmp2 // Extract model | ||
| 84 | + and \tmp1, \res, \tmp1 // rev & variant | ||
| 85 | + mov_q \tmp2, \model | ||
| 86 | + cmp \tmp3, \tmp2 | ||
| 87 | + cset \res, eq | ||
| 88 | + cbz \res, .Ldone\@ // Model matches ? | ||
| 89 | + | ||
| 90 | + .if (\rv_min != 0) // Skip min check if rv_min == 0 | ||
| 91 | + mov_q \tmp3, \rv_min | ||
| 92 | + cmp \tmp1, \tmp3 | ||
| 93 | + cset \res, ge | ||
| 94 | + .endif // \rv_min != 0 | ||
| 95 | + /* Skip rv_max check if rv_min == rv_max && rv_min != 0 */ | ||
| 96 | + .if ((\rv_min != \rv_max) || \rv_min == 0) | ||
| 97 | + mov_q \tmp2, \rv_max | ||
| 98 | + cmp \tmp1, \tmp2 | ||
| 99 | + cset \tmp2, le | ||
| 100 | + and \res, \res, \tmp2 | ||
| 101 | + .endif | ||
| 102 | +.Ldone\@: | ||
| 103 | + .endm | ||
| 104 | + | ||
| 105 | #endif /* __ASM_ASSEMBLER_H */ | ||
| 106 | diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h | ||
| 107 | index 9ee3038a6b98..39d1db68748d 100644 | ||
| 108 | --- a/arch/arm64/include/asm/cputype.h | ||
| 109 | +++ b/arch/arm64/include/asm/cputype.h | ||
| 110 | @@ -56,6 +56,9 @@ | ||
| 111 | (0xf << MIDR_ARCHITECTURE_SHIFT) | \ | ||
| 112 | ((partnum) << MIDR_PARTNUM_SHIFT)) | ||
| 113 | |||
| 114 | +#define MIDR_CPU_VAR_REV(var, rev) \ | ||
| 115 | + (((var) << MIDR_VARIANT_SHIFT) | (rev)) | ||
| 116 | + | ||
| 117 | #define MIDR_CPU_MODEL_MASK (MIDR_IMPLEMENTOR_MASK | MIDR_PARTNUM_MASK | \ | ||
| 118 | MIDR_ARCHITECTURE_MASK) | ||
| 119 | |||
| 120 | @@ -74,6 +77,7 @@ | ||
| 121 | |||
| 122 | #define ARM_CPU_PART_AEM_V8 0xD0F | ||
| 123 | #define ARM_CPU_PART_FOUNDATION 0xD00 | ||
| 124 | +#define ARM_CPU_PART_CORTEX_A55 0xD05 | ||
| 125 | #define ARM_CPU_PART_CORTEX_A57 0xD07 | ||
| 126 | #define ARM_CPU_PART_CORTEX_A72 0xD08 | ||
| 127 | #define ARM_CPU_PART_CORTEX_A53 0xD03 | ||
| 128 | @@ -89,6 +93,7 @@ | ||
| 129 | #define BRCM_CPU_PART_VULCAN 0x516 | ||
| 130 | |||
| 131 | #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53) | ||
| 132 | +#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A55) | ||
| 133 | #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57) | ||
| 134 | #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) | ||
| 135 | #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A73) | ||
| 136 | diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S | ||
| 137 | index 619da1cbd32b..66cce2138f95 100644 | ||
| 138 | --- a/arch/arm64/mm/proc.S | ||
| 139 | +++ b/arch/arm64/mm/proc.S | ||
| 140 | @@ -425,6 +425,11 @@ ENTRY(__cpu_setup) | ||
| 141 | cbz x9, 2f | ||
| 142 | cmp x9, #2 | ||
| 143 | b.lt 1f | ||
| 144 | +#ifdef CONFIG_ARM64_ERRATUM_1024718 | ||
| 145 | + /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */ | ||
| 146 | + cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4 | ||
| 147 | + cbnz x1, 1f | ||
| 148 | +#endif | ||
| 149 | orr x10, x10, #TCR_HD // hardware Dirty flag update | ||
| 150 | 1: orr x10, x10, #TCR_HA // hardware Access flag update | ||
| 151 | 2: | ||
| 152 | diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S | ||
| 153 | index 55fbc0c78721..79a180cf4c94 100644 | ||
| 154 | --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S | ||
| 155 | +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S | ||
| 156 | @@ -299,7 +299,6 @@ kvm_novcpu_exit: | ||
| 157 | stw r12, STACK_SLOT_TRAP(r1) | ||
| 158 | bl kvmhv_commence_exit | ||
| 159 | nop | ||
| 160 | - lwz r12, STACK_SLOT_TRAP(r1) | ||
| 161 | b kvmhv_switch_to_host | ||
| 162 | |||
| 163 | /* | ||
| 164 | @@ -1023,6 +1022,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) | ||
| 165 | |||
| 166 | secondary_too_late: | ||
| 167 | li r12, 0 | ||
| 168 | + stw r12, STACK_SLOT_TRAP(r1) | ||
| 169 | cmpdi r4, 0 | ||
| 170 | beq 11f | ||
| 171 | stw r12, VCPU_TRAP(r4) | ||
| 172 | @@ -1266,12 +1266,12 @@ mc_cont: | ||
| 173 | bl kvmhv_accumulate_time | ||
| 174 | #endif | ||
| 175 | |||
| 176 | + stw r12, STACK_SLOT_TRAP(r1) | ||
| 177 | mr r3, r12 | ||
| 178 | /* Increment exit count, poke other threads to exit */ | ||
| 179 | bl kvmhv_commence_exit | ||
| 180 | nop | ||
| 181 | ld r9, HSTATE_KVM_VCPU(r13) | ||
| 182 | - lwz r12, VCPU_TRAP(r9) | ||
| 183 | |||
| 184 | /* Stop others sending VCPU interrupts to this physical CPU */ | ||
| 185 | li r0, -1 | ||
| 186 | @@ -1549,6 +1549,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) | ||
| 187 | * POWER7/POWER8 guest -> host partition switch code. | ||
| 188 | * We don't have to lock against tlbies but we do | ||
| 189 | * have to coordinate the hardware threads. | ||
| 190 | + * Here STACK_SLOT_TRAP(r1) contains the trap number. | ||
| 191 | */ | ||
| 192 | kvmhv_switch_to_host: | ||
| 193 | /* Secondary threads wait for primary to do partition switch */ | ||
| 194 | @@ -1599,11 +1600,11 @@ BEGIN_FTR_SECTION | ||
| 195 | END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) | ||
| 196 | |||
| 197 | /* If HMI, call kvmppc_realmode_hmi_handler() */ | ||
| 198 | + lwz r12, STACK_SLOT_TRAP(r1) | ||
| 199 | cmpwi r12, BOOK3S_INTERRUPT_HMI | ||
| 200 | bne 27f | ||
| 201 | bl kvmppc_realmode_hmi_handler | ||
| 202 | nop | ||
| 203 | - li r12, BOOK3S_INTERRUPT_HMI | ||
| 204 | /* | ||
| 205 | * At this point kvmppc_realmode_hmi_handler would have resync-ed | ||
| 206 | * the TB. Hence it is not required to subtract guest timebase | ||
| 207 | @@ -1678,6 +1679,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) | ||
| 208 | li r0, KVM_GUEST_MODE_NONE | ||
| 209 | stb r0, HSTATE_IN_GUEST(r13) | ||
| 210 | |||
| 211 | + lwz r12, STACK_SLOT_TRAP(r1) /* return trap # in r12 */ | ||
| 212 | ld r0, SFS+PPC_LR_STKOFF(r1) | ||
| 213 | addi r1, r1, SFS | ||
| 214 | mtlr r0 | ||
| 215 | diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c | ||
| 216 | index f73796db8758..02e547f9ca3f 100644 | ||
| 217 | --- a/arch/x86/events/core.c | ||
| 218 | +++ b/arch/x86/events/core.c | ||
| 219 | @@ -26,6 +26,7 @@ | ||
| 220 | #include <linux/cpu.h> | ||
| 221 | #include <linux/bitops.h> | ||
| 222 | #include <linux/device.h> | ||
| 223 | +#include <linux/nospec.h> | ||
| 224 | |||
| 225 | #include <asm/apic.h> | ||
| 226 | #include <asm/stacktrace.h> | ||
| 227 | @@ -303,17 +304,20 @@ set_ext_hw_attr(struct hw_perf_event *hwc, struct perf_event *event) | ||
| 228 | |||
| 229 | config = attr->config; | ||
| 230 | |||
| 231 | - cache_type = (config >> 0) & 0xff; | ||
| 232 | + cache_type = (config >> 0) & 0xff; | ||
| 233 | if (cache_type >= PERF_COUNT_HW_CACHE_MAX) | ||
| 234 | return -EINVAL; | ||
| 235 | + cache_type = array_index_nospec(cache_type, PERF_COUNT_HW_CACHE_MAX); | ||
| 236 | |||
| 237 | cache_op = (config >> 8) & 0xff; | ||
| 238 | if (cache_op >= PERF_COUNT_HW_CACHE_OP_MAX) | ||
| 239 | return -EINVAL; | ||
| 240 | + cache_op = array_index_nospec(cache_op, PERF_COUNT_HW_CACHE_OP_MAX); | ||
| 241 | |||
| 242 | cache_result = (config >> 16) & 0xff; | ||
| 243 | if (cache_result >= PERF_COUNT_HW_CACHE_RESULT_MAX) | ||
| 244 | return -EINVAL; | ||
| 245 | + cache_result = array_index_nospec(cache_result, PERF_COUNT_HW_CACHE_RESULT_MAX); | ||
| 246 | |||
| 247 | val = hw_cache_event_ids[cache_type][cache_op][cache_result]; | ||
| 248 | |||
| 249 | @@ -420,6 +424,8 @@ int x86_setup_perfctr(struct perf_event *event) | ||
| 250 | if (attr->config >= x86_pmu.max_events) | ||
| 251 | return -EINVAL; | ||
| 252 | |||
| 253 | + attr->config = array_index_nospec((unsigned long)attr->config, x86_pmu.max_events); | ||
| 254 | + | ||
| 255 | /* | ||
| 256 | * The generic map: | ||
| 257 | */ | ||
| 258 | diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c | ||
| 259 | index 1076c9a77292..47d526c700a1 100644 | ||
| 260 | --- a/arch/x86/events/intel/cstate.c | ||
| 261 | +++ b/arch/x86/events/intel/cstate.c | ||
| 262 | @@ -90,6 +90,7 @@ | ||
| 263 | #include <linux/module.h> | ||
| 264 | #include <linux/slab.h> | ||
| 265 | #include <linux/perf_event.h> | ||
| 266 | +#include <linux/nospec.h> | ||
| 267 | #include <asm/cpu_device_id.h> | ||
| 268 | #include <asm/intel-family.h> | ||
| 269 | #include "../perf_event.h" | ||
| 270 | @@ -300,6 +301,7 @@ static int cstate_pmu_event_init(struct perf_event *event) | ||
| 271 | } else if (event->pmu == &cstate_pkg_pmu) { | ||
| 272 | if (cfg >= PERF_CSTATE_PKG_EVENT_MAX) | ||
| 273 | return -EINVAL; | ||
| 274 | + cfg = array_index_nospec((unsigned long)cfg, PERF_CSTATE_PKG_EVENT_MAX); | ||
| 275 | if (!pkg_msr[cfg].attr) | ||
| 276 | return -EINVAL; | ||
| 277 | event->hw.event_base = pkg_msr[cfg].msr; | ||
| 278 | diff --git a/arch/x86/events/msr.c b/arch/x86/events/msr.c | ||
| 279 | index 4bb3ec69e8ea..be0b1968d60a 100644 | ||
| 280 | --- a/arch/x86/events/msr.c | ||
| 281 | +++ b/arch/x86/events/msr.c | ||
| 282 | @@ -1,4 +1,5 @@ | ||
| 283 | #include <linux/perf_event.h> | ||
| 284 | +#include <linux/nospec.h> | ||
| 285 | #include <asm/intel-family.h> | ||
| 286 | |||
| 287 | enum perf_msr_id { | ||
| 288 | @@ -136,9 +137,6 @@ static int msr_event_init(struct perf_event *event) | ||
| 289 | if (event->attr.type != event->pmu->type) | ||
| 290 | return -ENOENT; | ||
| 291 | |||
| 292 | - if (cfg >= PERF_MSR_EVENT_MAX) | ||
| 293 | - return -EINVAL; | ||
| 294 | - | ||
| 295 | /* unsupported modes and filters */ | ||
| 296 | if (event->attr.exclude_user || | ||
| 297 | event->attr.exclude_kernel || | ||
| 298 | @@ -149,6 +147,11 @@ static int msr_event_init(struct perf_event *event) | ||
| 299 | event->attr.sample_period) /* no sampling */ | ||
| 300 | return -EINVAL; | ||
| 301 | |||
| 302 | + if (cfg >= PERF_MSR_EVENT_MAX) | ||
| 303 | + return -EINVAL; | ||
| 304 | + | ||
| 305 | + cfg = array_index_nospec((unsigned long)cfg, PERF_MSR_EVENT_MAX); | ||
| 306 | + | ||
| 307 | if (!msr[cfg].attr) | ||
| 308 | return -EINVAL; | ||
| 309 | |||
| 310 | diff --git a/crypto/af_alg.c b/crypto/af_alg.c | ||
| 311 | index ca50eeb13097..b5953f1d1a18 100644 | ||
| 312 | --- a/crypto/af_alg.c | ||
| 313 | +++ b/crypto/af_alg.c | ||
| 314 | @@ -157,16 +157,16 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | ||
| 315 | void *private; | ||
| 316 | int err; | ||
| 317 | |||
| 318 | - /* If caller uses non-allowed flag, return error. */ | ||
| 319 | - if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) | ||
| 320 | - return -EINVAL; | ||
| 321 | - | ||
| 322 | if (sock->state == SS_CONNECTED) | ||
| 323 | return -EINVAL; | ||
| 324 | |||
| 325 | if (addr_len != sizeof(*sa)) | ||
| 326 | return -EINVAL; | ||
| 327 | |||
| 328 | + /* If caller uses non-allowed flag, return error. */ | ||
| 329 | + if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) | ||
| 330 | + return -EINVAL; | ||
| 331 | + | ||
| 332 | sa->salg_type[sizeof(sa->salg_type) - 1] = 0; | ||
| 333 | sa->salg_name[sizeof(sa->salg_name) - 1] = 0; | ||
| 334 | |||
| 335 | diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c | ||
| 336 | index e08c09fa5da0..4fe3ec122bf0 100644 | ||
| 337 | --- a/drivers/ata/libata-core.c | ||
| 338 | +++ b/drivers/ata/libata-core.c | ||
| 339 | @@ -4422,6 +4422,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { | ||
| 340 | ATA_HORKAGE_ZERO_AFTER_TRIM | | ||
| 341 | ATA_HORKAGE_NOLPM, }, | ||
| 342 | |||
| 343 | + /* Sandisk devices which are known to not handle LPM well */ | ||
| 344 | + { "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, }, | ||
| 345 | + | ||
| 346 | /* devices that don't properly handle queued TRIM commands */ | ||
| 347 | { "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | | ||
| 348 | ATA_HORKAGE_ZERO_AFTER_TRIM, }, | ||
| 349 | diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c | ||
| 350 | index d3dc95484161..81bfeec67b77 100644 | ||
| 351 | --- a/drivers/atm/zatm.c | ||
| 352 | +++ b/drivers/atm/zatm.c | ||
| 353 | @@ -23,6 +23,7 @@ | ||
| 354 | #include <linux/bitops.h> | ||
| 355 | #include <linux/wait.h> | ||
| 356 | #include <linux/slab.h> | ||
| 357 | +#include <linux/nospec.h> | ||
| 358 | #include <asm/byteorder.h> | ||
| 359 | #include <asm/string.h> | ||
| 360 | #include <asm/io.h> | ||
| 361 | @@ -1458,6 +1459,8 @@ static int zatm_ioctl(struct atm_dev *dev,unsigned int cmd,void __user *arg) | ||
| 362 | return -EFAULT; | ||
| 363 | if (pool < 0 || pool > ZATM_LAST_POOL) | ||
| 364 | return -EINVAL; | ||
| 365 | + pool = array_index_nospec(pool, | ||
| 366 | + ZATM_LAST_POOL + 1); | ||
| 367 | spin_lock_irqsave(&zatm_dev->lock, flags); | ||
| 368 | info = zatm_dev->pool_info[pool]; | ||
| 369 | if (cmd == ZATM_GETPOOLZ) { | ||
| 370 | diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c | ||
| 371 | index f8ba5c714df5..3257647d4f74 100644 | ||
| 372 | --- a/drivers/bluetooth/btusb.c | ||
| 373 | +++ b/drivers/bluetooth/btusb.c | ||
| 374 | @@ -217,6 +217,7 @@ static const struct usb_device_id blacklist_table[] = { | ||
| 375 | { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, | ||
| 376 | { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, | ||
| 377 | { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, | ||
| 378 | + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, | ||
| 379 | { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 }, | ||
| 380 | { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, | ||
| 381 | { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 }, | ||
| 382 | @@ -249,7 +250,6 @@ static const struct usb_device_id blacklist_table[] = { | ||
| 383 | { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, | ||
| 384 | |||
| 385 | /* QCA ROME chipset */ | ||
| 386 | - { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_QCA_ROME }, | ||
| 387 | { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, | ||
| 388 | { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME }, | ||
| 389 | { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, | ||
| 390 | diff --git a/drivers/gpio/gpio-aspeed.c b/drivers/gpio/gpio-aspeed.c | ||
| 391 | index 03a5925a423c..a9daf7121e6e 100644 | ||
| 392 | --- a/drivers/gpio/gpio-aspeed.c | ||
| 393 | +++ b/drivers/gpio/gpio-aspeed.c | ||
| 394 | @@ -256,7 +256,7 @@ static void aspeed_gpio_irq_set_mask(struct irq_data *d, bool set) | ||
| 395 | if (set) | ||
| 396 | reg |= bit; | ||
| 397 | else | ||
| 398 | - reg &= bit; | ||
| 399 | + reg &= ~bit; | ||
| 400 | iowrite32(reg, addr); | ||
| 401 | |||
| 402 | spin_unlock_irqrestore(&gpio->lock, flags); | ||
| 403 | diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c | ||
| 404 | index 4f54ff45e09e..56b24198741c 100644 | ||
| 405 | --- a/drivers/gpio/gpiolib.c | ||
| 406 | +++ b/drivers/gpio/gpiolib.c | ||
| 407 | @@ -425,7 +425,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) | ||
| 408 | struct gpiohandle_request handlereq; | ||
| 409 | struct linehandle_state *lh; | ||
| 410 | struct file *file; | ||
| 411 | - int fd, i, ret; | ||
| 412 | + int fd, i, count = 0, ret; | ||
| 413 | |||
| 414 | if (copy_from_user(&handlereq, ip, sizeof(handlereq))) | ||
| 415 | return -EFAULT; | ||
| 416 | @@ -471,6 +471,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) | ||
| 417 | if (ret) | ||
| 418 | goto out_free_descs; | ||
| 419 | lh->descs[i] = desc; | ||
| 420 | + count = i; | ||
| 421 | |||
| 422 | if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW) | ||
| 423 | set_bit(FLAG_ACTIVE_LOW, &desc->flags); | ||
| 424 | @@ -537,7 +538,7 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) | ||
| 425 | out_put_unused_fd: | ||
| 426 | put_unused_fd(fd); | ||
| 427 | out_free_descs: | ||
| 428 | - for (; i >= 0; i--) | ||
| 429 | + for (i = 0; i < count; i++) | ||
| 430 | gpiod_free(lh->descs[i]); | ||
| 431 | kfree(lh->label); | ||
| 432 | out_free_lh: | ||
| 433 | @@ -794,7 +795,7 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) | ||
| 434 | desc = &gdev->descs[offset]; | ||
| 435 | ret = gpiod_request(desc, le->label); | ||
| 436 | if (ret) | ||
| 437 | - goto out_free_desc; | ||
| 438 | + goto out_free_label; | ||
| 439 | le->desc = desc; | ||
| 440 | le->eflags = eflags; | ||
| 441 | |||
| 442 | diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c | ||
| 443 | index e1d47d51ea47..3517c0ed984a 100644 | ||
| 444 | --- a/drivers/gpu/drm/i915/intel_lvds.c | ||
| 445 | +++ b/drivers/gpu/drm/i915/intel_lvds.c | ||
| 446 | @@ -321,7 +321,8 @@ static void intel_enable_lvds(struct intel_encoder *encoder, | ||
| 447 | |||
| 448 | I915_WRITE(PP_CONTROL(0), I915_READ(PP_CONTROL(0)) | PANEL_POWER_ON); | ||
| 449 | POSTING_READ(lvds_encoder->reg); | ||
| 450 | - if (intel_wait_for_register(dev_priv, PP_STATUS(0), PP_ON, PP_ON, 1000)) | ||
| 451 | + | ||
| 452 | + if (intel_wait_for_register(dev_priv, PP_STATUS(0), PP_ON, PP_ON, 5000)) | ||
| 453 | DRM_ERROR("timed out waiting for panel to power on\n"); | ||
| 454 | |||
| 455 | intel_panel_enable_backlight(intel_connector); | ||
| 456 | diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c | ||
| 457 | index 881bf489478b..75056553b06c 100644 | ||
| 458 | --- a/drivers/gpu/drm/vc4/vc4_plane.c | ||
| 459 | +++ b/drivers/gpu/drm/vc4/vc4_plane.c | ||
| 460 | @@ -533,7 +533,7 @@ static int vc4_plane_mode_set(struct drm_plane *plane, | ||
| 461 | * the scl fields here. | ||
| 462 | */ | ||
| 463 | if (num_planes == 1) { | ||
| 464 | - scl0 = vc4_get_scl_field(state, 1); | ||
| 465 | + scl0 = vc4_get_scl_field(state, 0); | ||
| 466 | scl1 = scl0; | ||
| 467 | } else { | ||
| 468 | scl0 = vc4_get_scl_field(state, 1); | ||
| 469 | diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c | ||
| 470 | index 760ef603a468..15f4bdf89fe1 100644 | ||
| 471 | --- a/drivers/infiniband/core/device.c | ||
| 472 | +++ b/drivers/infiniband/core/device.c | ||
| 473 | @@ -999,8 +999,7 @@ static int __init ib_core_init(void) | ||
| 474 | return -ENOMEM; | ||
| 475 | |||
| 476 | ib_comp_wq = alloc_workqueue("ib-comp-wq", | ||
| 477 | - WQ_UNBOUND | WQ_HIGHPRI | WQ_MEM_RECLAIM, | ||
| 478 | - WQ_UNBOUND_MAX_ACTIVE); | ||
| 479 | + WQ_HIGHPRI | WQ_MEM_RECLAIM | WQ_SYSFS, 0); | ||
| 480 | if (!ib_comp_wq) { | ||
| 481 | ret = -ENOMEM; | ||
| 482 | goto err; | ||
| 483 | diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c | ||
| 484 | index c9d61a6dfb7a..3a75352f632b 100644 | ||
| 485 | --- a/drivers/net/can/usb/kvaser_usb.c | ||
| 486 | +++ b/drivers/net/can/usb/kvaser_usb.c | ||
| 487 | @@ -1179,7 +1179,7 @@ static void kvaser_usb_rx_can_msg(const struct kvaser_usb *dev, | ||
| 488 | |||
| 489 | skb = alloc_can_skb(priv->netdev, &cf); | ||
| 490 | if (!skb) { | ||
| 491 | - stats->tx_dropped++; | ||
| 492 | + stats->rx_dropped++; | ||
| 493 | return; | ||
| 494 | } | ||
| 495 | |||
| 496 | diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c | ||
| 497 | index ad1186dd6132..a45810b43f70 100644 | ||
| 498 | --- a/drivers/thermal/samsung/exynos_tmu.c | ||
| 499 | +++ b/drivers/thermal/samsung/exynos_tmu.c | ||
| 500 | @@ -185,6 +185,7 @@ | ||
| 501 | * @regulator: pointer to the TMU regulator structure. | ||
| 502 | * @reg_conf: pointer to structure to register with core thermal. | ||
| 503 | * @ntrip: number of supported trip points. | ||
| 504 | + * @enabled: current status of TMU device | ||
| 505 | * @tmu_initialize: SoC specific TMU initialization method | ||
| 506 | * @tmu_control: SoC specific TMU control method | ||
| 507 | * @tmu_read: SoC specific TMU temperature read method | ||
| 508 | @@ -205,6 +206,7 @@ struct exynos_tmu_data { | ||
| 509 | struct regulator *regulator; | ||
| 510 | struct thermal_zone_device *tzd; | ||
| 511 | unsigned int ntrip; | ||
| 512 | + bool enabled; | ||
| 513 | |||
| 514 | int (*tmu_initialize)(struct platform_device *pdev); | ||
| 515 | void (*tmu_control)(struct platform_device *pdev, bool on); | ||
| 516 | @@ -398,6 +400,7 @@ static void exynos_tmu_control(struct platform_device *pdev, bool on) | ||
| 517 | mutex_lock(&data->lock); | ||
| 518 | clk_enable(data->clk); | ||
| 519 | data->tmu_control(pdev, on); | ||
| 520 | + data->enabled = on; | ||
| 521 | clk_disable(data->clk); | ||
| 522 | mutex_unlock(&data->lock); | ||
| 523 | } | ||
| 524 | @@ -889,19 +892,24 @@ static void exynos7_tmu_control(struct platform_device *pdev, bool on) | ||
| 525 | static int exynos_get_temp(void *p, int *temp) | ||
| 526 | { | ||
| 527 | struct exynos_tmu_data *data = p; | ||
| 528 | + int value, ret = 0; | ||
| 529 | |||
| 530 | - if (!data || !data->tmu_read) | ||
| 531 | + if (!data || !data->tmu_read || !data->enabled) | ||
| 532 | return -EINVAL; | ||
| 533 | |||
| 534 | mutex_lock(&data->lock); | ||
| 535 | clk_enable(data->clk); | ||
| 536 | |||
| 537 | - *temp = code_to_temp(data, data->tmu_read(data)) * MCELSIUS; | ||
| 538 | + value = data->tmu_read(data); | ||
| 539 | + if (value < 0) | ||
| 540 | + ret = value; | ||
| 541 | + else | ||
| 542 | + *temp = code_to_temp(data, value) * MCELSIUS; | ||
| 543 | |||
| 544 | clk_disable(data->clk); | ||
| 545 | mutex_unlock(&data->lock); | ||
| 546 | |||
| 547 | - return 0; | ||
| 548 | + return ret; | ||
| 549 | } | ||
| 550 | |||
| 551 | #ifdef CONFIG_THERMAL_EMULATION | ||
| 552 | diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c | ||
| 553 | index 99432b59c5cb..ae354ac67da1 100644 | ||
| 554 | --- a/fs/f2fs/data.c | ||
| 555 | +++ b/fs/f2fs/data.c | ||
| 556 | @@ -844,7 +844,7 @@ static int __get_data_block(struct inode *inode, sector_t iblock, | ||
| 557 | if (!ret) { | ||
| 558 | map_bh(bh, inode->i_sb, map.m_pblk); | ||
| 559 | bh->b_state = (bh->b_state & ~F2FS_MAP_FLAGS) | map.m_flags; | ||
| 560 | - bh->b_size = map.m_len << inode->i_blkbits; | ||
| 561 | + bh->b_size = (u64)map.m_len << inode->i_blkbits; | ||
| 562 | } | ||
| 563 | return ret; | ||
| 564 | } | ||
| 565 | diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c | ||
| 566 | index 3d8b35f28a9b..f3aea1b8702c 100644 | ||
| 567 | --- a/fs/fs-writeback.c | ||
| 568 | +++ b/fs/fs-writeback.c | ||
| 569 | @@ -1942,7 +1942,7 @@ void wb_workfn(struct work_struct *work) | ||
| 570 | } | ||
| 571 | |||
| 572 | if (!list_empty(&wb->work_list)) | ||
| 573 | - mod_delayed_work(bdi_wq, &wb->dwork, 0); | ||
| 574 | + wb_wakeup(wb); | ||
| 575 | else if (wb_has_dirty_io(wb) && dirty_writeback_interval) | ||
| 576 | wb_wakeup_delayed(wb); | ||
| 577 | |||
| 578 | diff --git a/include/net/inet_timewait_sock.h b/include/net/inet_timewait_sock.h | ||
| 579 | index c9b3eb70f340..567017b5fc9e 100644 | ||
| 580 | --- a/include/net/inet_timewait_sock.h | ||
| 581 | +++ b/include/net/inet_timewait_sock.h | ||
| 582 | @@ -55,6 +55,7 @@ struct inet_timewait_sock { | ||
| 583 | #define tw_family __tw_common.skc_family | ||
| 584 | #define tw_state __tw_common.skc_state | ||
| 585 | #define tw_reuse __tw_common.skc_reuse | ||
| 586 | +#define tw_reuseport __tw_common.skc_reuseport | ||
| 587 | #define tw_ipv6only __tw_common.skc_ipv6only | ||
| 588 | #define tw_bound_dev_if __tw_common.skc_bound_dev_if | ||
| 589 | #define tw_node __tw_common.skc_nulls_node | ||
| 590 | diff --git a/include/net/nexthop.h b/include/net/nexthop.h | ||
| 591 | index 3334dbfa5aa4..7fc78663ec9d 100644 | ||
| 592 | --- a/include/net/nexthop.h | ||
| 593 | +++ b/include/net/nexthop.h | ||
| 594 | @@ -6,7 +6,7 @@ | ||
| 595 | |||
| 596 | static inline int rtnh_ok(const struct rtnexthop *rtnh, int remaining) | ||
| 597 | { | ||
| 598 | - return remaining >= sizeof(*rtnh) && | ||
| 599 | + return remaining >= (int)sizeof(*rtnh) && | ||
| 600 | rtnh->rtnh_len >= sizeof(*rtnh) && | ||
| 601 | rtnh->rtnh_len <= remaining; | ||
| 602 | } | ||
| 603 | diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c | ||
| 604 | index 04988d6466bf..c265f1c3ae50 100644 | ||
| 605 | --- a/kernel/events/callchain.c | ||
| 606 | +++ b/kernel/events/callchain.c | ||
| 607 | @@ -129,14 +129,8 @@ int get_callchain_buffers(int event_max_stack) | ||
| 608 | goto exit; | ||
| 609 | } | ||
| 610 | |||
| 611 | - if (count > 1) { | ||
| 612 | - /* If the allocation failed, give up */ | ||
| 613 | - if (!callchain_cpus_entries) | ||
| 614 | - err = -ENOMEM; | ||
| 615 | - goto exit; | ||
| 616 | - } | ||
| 617 | - | ||
| 618 | - err = alloc_callchain_buffers(); | ||
| 619 | + if (count == 1) | ||
| 620 | + err = alloc_callchain_buffers(); | ||
| 621 | exit: | ||
| 622 | if (err) | ||
| 623 | atomic_dec(&nr_callchain_events); | ||
| 624 | diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c | ||
| 625 | index 257fa460b846..017f7933a37d 100644 | ||
| 626 | --- a/kernel/events/ring_buffer.c | ||
| 627 | +++ b/kernel/events/ring_buffer.c | ||
| 628 | @@ -14,6 +14,7 @@ | ||
| 629 | #include <linux/slab.h> | ||
| 630 | #include <linux/circ_buf.h> | ||
| 631 | #include <linux/poll.h> | ||
| 632 | +#include <linux/nospec.h> | ||
| 633 | |||
| 634 | #include "internal.h" | ||
| 635 | |||
| 636 | @@ -844,8 +845,10 @@ perf_mmap_to_page(struct ring_buffer *rb, unsigned long pgoff) | ||
| 637 | return NULL; | ||
| 638 | |||
| 639 | /* AUX space */ | ||
| 640 | - if (pgoff >= rb->aux_pgoff) | ||
| 641 | - return virt_to_page(rb->aux_pages[pgoff - rb->aux_pgoff]); | ||
| 642 | + if (pgoff >= rb->aux_pgoff) { | ||
| 643 | + int aux_pgoff = array_index_nospec(pgoff - rb->aux_pgoff, rb->aux_nr_pages); | ||
| 644 | + return virt_to_page(rb->aux_pages[aux_pgoff]); | ||
| 645 | + } | ||
| 646 | } | ||
| 647 | |||
| 648 | return __perf_mmap_to_page(rb, pgoff); | ||
| 649 | diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c | ||
| 650 | index 0193f58c45f0..e35a411bea4b 100644 | ||
| 651 | --- a/kernel/trace/trace_events_filter.c | ||
| 652 | +++ b/kernel/trace/trace_events_filter.c | ||
| 653 | @@ -322,6 +322,9 @@ static int regex_match_full(char *str, struct regex *r, int len) | ||
| 654 | |||
| 655 | static int regex_match_front(char *str, struct regex *r, int len) | ||
| 656 | { | ||
| 657 | + if (len < r->len) | ||
| 658 | + return 0; | ||
| 659 | + | ||
| 660 | if (strncmp(str, r->pattern, r->len) == 0) | ||
| 661 | return 1; | ||
| 662 | return 0; | ||
| 663 | diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c | ||
| 664 | index 0913693caf6e..788262984818 100644 | ||
| 665 | --- a/kernel/trace/trace_uprobe.c | ||
| 666 | +++ b/kernel/trace/trace_uprobe.c | ||
| 667 | @@ -149,6 +149,8 @@ static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs, | ||
| 668 | return; | ||
| 669 | |||
| 670 | ret = strncpy_from_user(dst, src, maxlen); | ||
| 671 | + if (ret == maxlen) | ||
| 672 | + dst[--ret] = '\0'; | ||
| 673 | |||
| 674 | if (ret < 0) { /* Failed to fetch string */ | ||
| 675 | ((u8 *)get_rloc_data(dest))[0] = '\0'; | ||
| 676 | diff --git a/net/atm/lec.c b/net/atm/lec.c | ||
| 677 | index 5d2693826afb..1e84c5226c84 100644 | ||
| 678 | --- a/net/atm/lec.c | ||
| 679 | +++ b/net/atm/lec.c | ||
| 680 | @@ -41,6 +41,9 @@ static unsigned char bridge_ula_lec[] = { 0x01, 0x80, 0xc2, 0x00, 0x00 }; | ||
| 681 | #include <linux/module.h> | ||
| 682 | #include <linux/init.h> | ||
| 683 | |||
| 684 | +/* Hardening for Spectre-v1 */ | ||
| 685 | +#include <linux/nospec.h> | ||
| 686 | + | ||
| 687 | #include "lec.h" | ||
| 688 | #include "lec_arpc.h" | ||
| 689 | #include "resources.h" | ||
| 690 | @@ -697,8 +700,10 @@ static int lec_vcc_attach(struct atm_vcc *vcc, void __user *arg) | ||
| 691 | bytes_left = copy_from_user(&ioc_data, arg, sizeof(struct atmlec_ioc)); | ||
| 692 | if (bytes_left != 0) | ||
| 693 | pr_info("copy from user failed for %d bytes\n", bytes_left); | ||
| 694 | - if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF || | ||
| 695 | - !dev_lec[ioc_data.dev_num]) | ||
| 696 | + if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF) | ||
| 697 | + return -EINVAL; | ||
| 698 | + ioc_data.dev_num = array_index_nospec(ioc_data.dev_num, MAX_LEC_ITF); | ||
| 699 | + if (!dev_lec[ioc_data.dev_num]) | ||
| 700 | return -EINVAL; | ||
| 701 | vpriv = kmalloc(sizeof(struct lec_vcc_priv), GFP_KERNEL); | ||
| 702 | if (!vpriv) | ||
| 703 | diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c | ||
| 704 | index c0548d268e1a..e3e6a3e2ca22 100644 | ||
| 705 | --- a/net/core/dev_addr_lists.c | ||
| 706 | +++ b/net/core/dev_addr_lists.c | ||
| 707 | @@ -57,8 +57,8 @@ static int __hw_addr_add_ex(struct netdev_hw_addr_list *list, | ||
| 708 | return -EINVAL; | ||
| 709 | |||
| 710 | list_for_each_entry(ha, &list->list, list) { | ||
| 711 | - if (!memcmp(ha->addr, addr, addr_len) && | ||
| 712 | - ha->type == addr_type) { | ||
| 713 | + if (ha->type == addr_type && | ||
| 714 | + !memcmp(ha->addr, addr, addr_len)) { | ||
| 715 | if (global) { | ||
| 716 | /* check if addr is already used as global */ | ||
| 717 | if (ha->global_use) | ||
| 718 | diff --git a/net/core/skbuff.c b/net/core/skbuff.c | ||
| 719 | index fb422dfec848..a40ccc184b83 100644 | ||
| 720 | --- a/net/core/skbuff.c | ||
| 721 | +++ b/net/core/skbuff.c | ||
| 722 | @@ -903,6 +903,7 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb) | ||
| 723 | n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len; | ||
| 724 | n->cloned = 1; | ||
| 725 | n->nohdr = 0; | ||
| 726 | + n->peeked = 0; | ||
| 727 | n->destructor = NULL; | ||
| 728 | C(tail); | ||
| 729 | C(end); | ||
| 730 | diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c | ||
| 731 | index 8c7799cdd3cf..6697b180e122 100644 | ||
| 732 | --- a/net/dccp/ipv4.c | ||
| 733 | +++ b/net/dccp/ipv4.c | ||
| 734 | @@ -620,6 +620,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | ||
| 735 | ireq = inet_rsk(req); | ||
| 736 | sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr); | ||
| 737 | sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr); | ||
| 738 | + ireq->ir_mark = inet_request_mark(sk, skb); | ||
| 739 | ireq->ireq_family = AF_INET; | ||
| 740 | ireq->ir_iif = sk->sk_bound_dev_if; | ||
| 741 | |||
| 742 | diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c | ||
| 743 | index 28e8252cc5ea..6cbcf399d22b 100644 | ||
| 744 | --- a/net/dccp/ipv6.c | ||
| 745 | +++ b/net/dccp/ipv6.c | ||
| 746 | @@ -349,6 +349,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | ||
| 747 | ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; | ||
| 748 | ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; | ||
| 749 | ireq->ireq_family = AF_INET6; | ||
| 750 | + ireq->ir_mark = inet_request_mark(sk, skb); | ||
| 751 | |||
| 752 | if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) || | ||
| 753 | np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || | ||
| 754 | diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c | ||
| 755 | index ddcd56c08d14..a6b34ac3139e 100644 | ||
| 756 | --- a/net/ipv4/inet_timewait_sock.c | ||
| 757 | +++ b/net/ipv4/inet_timewait_sock.c | ||
| 758 | @@ -182,6 +182,7 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk, | ||
| 759 | tw->tw_dport = inet->inet_dport; | ||
| 760 | tw->tw_family = sk->sk_family; | ||
| 761 | tw->tw_reuse = sk->sk_reuse; | ||
| 762 | + tw->tw_reuseport = sk->sk_reuseport; | ||
| 763 | tw->tw_hash = sk->sk_hash; | ||
| 764 | tw->tw_ipv6only = 0; | ||
| 765 | tw->tw_transparent = inet->transparent; | ||
| 766 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c | ||
| 767 | index 0fc5dad02fe8..6f501c9deaae 100644 | ||
| 768 | --- a/net/ipv4/tcp.c | ||
| 769 | +++ b/net/ipv4/tcp.c | ||
| 770 | @@ -2523,7 +2523,7 @@ static int do_tcp_setsockopt(struct sock *sk, int level, | ||
| 771 | case TCP_REPAIR_QUEUE: | ||
| 772 | if (!tp->repair) | ||
| 773 | err = -EPERM; | ||
| 774 | - else if (val < TCP_QUEUES_NR) | ||
| 775 | + else if ((unsigned int)val < TCP_QUEUES_NR) | ||
| 776 | tp->repair_queue = val; | ||
| 777 | else | ||
| 778 | err = -EINVAL; | ||
| 779 | diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c | ||
| 780 | index 63e6d08388ab..cc306defcc19 100644 | ||
| 781 | --- a/net/kcm/kcmsock.c | ||
| 782 | +++ b/net/kcm/kcmsock.c | ||
| 783 | @@ -1424,6 +1424,7 @@ static int kcm_attach(struct socket *sock, struct socket *csock, | ||
| 784 | */ | ||
| 785 | if (csk->sk_user_data) { | ||
| 786 | write_unlock_bh(&csk->sk_callback_lock); | ||
| 787 | + strp_stop(&psock->strp); | ||
| 788 | strp_done(&psock->strp); | ||
| 789 | kmem_cache_free(kcm_psockp, psock); | ||
| 790 | err = -EALREADY; | ||
| 791 | diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c | ||
| 792 | index 74d119512d96..c5f2350a2b50 100644 | ||
| 793 | --- a/net/netfilter/ipvs/ip_vs_ctl.c | ||
| 794 | +++ b/net/netfilter/ipvs/ip_vs_ctl.c | ||
| 795 | @@ -2393,11 +2393,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) | ||
| 796 | strlcpy(cfg.mcast_ifn, dm->mcast_ifn, | ||
| 797 | sizeof(cfg.mcast_ifn)); | ||
| 798 | cfg.syncid = dm->syncid; | ||
| 799 | - rtnl_lock(); | ||
| 800 | - mutex_lock(&ipvs->sync_mutex); | ||
| 801 | ret = start_sync_thread(ipvs, &cfg, dm->state); | ||
| 802 | - mutex_unlock(&ipvs->sync_mutex); | ||
| 803 | - rtnl_unlock(); | ||
| 804 | } else { | ||
| 805 | mutex_lock(&ipvs->sync_mutex); | ||
| 806 | ret = stop_sync_thread(ipvs, dm->state); | ||
| 807 | @@ -3495,12 +3491,8 @@ static int ip_vs_genl_new_daemon(struct netns_ipvs *ipvs, struct nlattr **attrs) | ||
| 808 | if (ipvs->mixed_address_family_dests > 0) | ||
| 809 | return -EINVAL; | ||
| 810 | |||
| 811 | - rtnl_lock(); | ||
| 812 | - mutex_lock(&ipvs->sync_mutex); | ||
| 813 | ret = start_sync_thread(ipvs, &c, | ||
| 814 | nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE])); | ||
| 815 | - mutex_unlock(&ipvs->sync_mutex); | ||
| 816 | - rtnl_unlock(); | ||
| 817 | return ret; | ||
| 818 | } | ||
| 819 | |||
| 820 | diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c | ||
| 821 | index 9350530c16c1..5fbf4b232592 100644 | ||
| 822 | --- a/net/netfilter/ipvs/ip_vs_sync.c | ||
| 823 | +++ b/net/netfilter/ipvs/ip_vs_sync.c | ||
| 824 | @@ -48,6 +48,7 @@ | ||
| 825 | #include <linux/kthread.h> | ||
| 826 | #include <linux/wait.h> | ||
| 827 | #include <linux/kernel.h> | ||
| 828 | +#include <linux/sched.h> | ||
| 829 | |||
| 830 | #include <asm/unaligned.h> /* Used for ntoh_seq and hton_seq */ | ||
| 831 | |||
| 832 | @@ -1359,15 +1360,9 @@ static void set_mcast_pmtudisc(struct sock *sk, int val) | ||
| 833 | /* | ||
| 834 | * Specifiy default interface for outgoing multicasts | ||
| 835 | */ | ||
| 836 | -static int set_mcast_if(struct sock *sk, char *ifname) | ||
| 837 | +static int set_mcast_if(struct sock *sk, struct net_device *dev) | ||
| 838 | { | ||
| 839 | - struct net_device *dev; | ||
| 840 | struct inet_sock *inet = inet_sk(sk); | ||
| 841 | - struct net *net = sock_net(sk); | ||
| 842 | - | ||
| 843 | - dev = __dev_get_by_name(net, ifname); | ||
| 844 | - if (!dev) | ||
| 845 | - return -ENODEV; | ||
| 846 | |||
| 847 | if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if) | ||
| 848 | return -EINVAL; | ||
| 849 | @@ -1395,19 +1390,14 @@ static int set_mcast_if(struct sock *sk, char *ifname) | ||
| 850 | * in the in_addr structure passed in as a parameter. | ||
| 851 | */ | ||
| 852 | static int | ||
| 853 | -join_mcast_group(struct sock *sk, struct in_addr *addr, char *ifname) | ||
| 854 | +join_mcast_group(struct sock *sk, struct in_addr *addr, struct net_device *dev) | ||
| 855 | { | ||
| 856 | - struct net *net = sock_net(sk); | ||
| 857 | struct ip_mreqn mreq; | ||
| 858 | - struct net_device *dev; | ||
| 859 | int ret; | ||
| 860 | |||
| 861 | memset(&mreq, 0, sizeof(mreq)); | ||
| 862 | memcpy(&mreq.imr_multiaddr, addr, sizeof(struct in_addr)); | ||
| 863 | |||
| 864 | - dev = __dev_get_by_name(net, ifname); | ||
| 865 | - if (!dev) | ||
| 866 | - return -ENODEV; | ||
| 867 | if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if) | ||
| 868 | return -EINVAL; | ||
| 869 | |||
| 870 | @@ -1422,15 +1412,10 @@ join_mcast_group(struct sock *sk, struct in_addr *addr, char *ifname) | ||
| 871 | |||
| 872 | #ifdef CONFIG_IP_VS_IPV6 | ||
| 873 | static int join_mcast_group6(struct sock *sk, struct in6_addr *addr, | ||
| 874 | - char *ifname) | ||
| 875 | + struct net_device *dev) | ||
| 876 | { | ||
| 877 | - struct net *net = sock_net(sk); | ||
| 878 | - struct net_device *dev; | ||
| 879 | int ret; | ||
| 880 | |||
| 881 | - dev = __dev_get_by_name(net, ifname); | ||
| 882 | - if (!dev) | ||
| 883 | - return -ENODEV; | ||
| 884 | if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if) | ||
| 885 | return -EINVAL; | ||
| 886 | |||
| 887 | @@ -1442,24 +1427,18 @@ static int join_mcast_group6(struct sock *sk, struct in6_addr *addr, | ||
| 888 | } | ||
| 889 | #endif | ||
| 890 | |||
| 891 | -static int bind_mcastif_addr(struct socket *sock, char *ifname) | ||
| 892 | +static int bind_mcastif_addr(struct socket *sock, struct net_device *dev) | ||
| 893 | { | ||
| 894 | - struct net *net = sock_net(sock->sk); | ||
| 895 | - struct net_device *dev; | ||
| 896 | __be32 addr; | ||
| 897 | struct sockaddr_in sin; | ||
| 898 | |||
| 899 | - dev = __dev_get_by_name(net, ifname); | ||
| 900 | - if (!dev) | ||
| 901 | - return -ENODEV; | ||
| 902 | - | ||
| 903 | addr = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE); | ||
| 904 | if (!addr) | ||
| 905 | pr_err("You probably need to specify IP address on " | ||
| 906 | "multicast interface.\n"); | ||
| 907 | |||
| 908 | IP_VS_DBG(7, "binding socket with (%s) %pI4\n", | ||
| 909 | - ifname, &addr); | ||
| 910 | + dev->name, &addr); | ||
| 911 | |||
| 912 | /* Now bind the socket with the address of multicast interface */ | ||
| 913 | sin.sin_family = AF_INET; | ||
| 914 | @@ -1492,7 +1471,8 @@ static void get_mcast_sockaddr(union ipvs_sockaddr *sa, int *salen, | ||
| 915 | /* | ||
| 916 | * Set up sending multicast socket over UDP | ||
| 917 | */ | ||
| 918 | -static struct socket *make_send_sock(struct netns_ipvs *ipvs, int id) | ||
| 919 | +static int make_send_sock(struct netns_ipvs *ipvs, int id, | ||
| 920 | + struct net_device *dev, struct socket **sock_ret) | ||
| 921 | { | ||
| 922 | /* multicast addr */ | ||
| 923 | union ipvs_sockaddr mcast_addr; | ||
| 924 | @@ -1504,9 +1484,10 @@ static struct socket *make_send_sock(struct netns_ipvs *ipvs, int id) | ||
| 925 | IPPROTO_UDP, &sock); | ||
| 926 | if (result < 0) { | ||
| 927 | pr_err("Error during creation of socket; terminating\n"); | ||
| 928 | - return ERR_PTR(result); | ||
| 929 | + goto error; | ||
| 930 | } | ||
| 931 | - result = set_mcast_if(sock->sk, ipvs->mcfg.mcast_ifn); | ||
| 932 | + *sock_ret = sock; | ||
| 933 | + result = set_mcast_if(sock->sk, dev); | ||
| 934 | if (result < 0) { | ||
| 935 | pr_err("Error setting outbound mcast interface\n"); | ||
| 936 | goto error; | ||
| 937 | @@ -1521,7 +1502,7 @@ static struct socket *make_send_sock(struct netns_ipvs *ipvs, int id) | ||
| 938 | set_sock_size(sock->sk, 1, result); | ||
| 939 | |||
| 940 | if (AF_INET == ipvs->mcfg.mcast_af) | ||
| 941 | - result = bind_mcastif_addr(sock, ipvs->mcfg.mcast_ifn); | ||
| 942 | + result = bind_mcastif_addr(sock, dev); | ||
| 943 | else | ||
| 944 | result = 0; | ||
| 945 | if (result < 0) { | ||
| 946 | @@ -1537,19 +1518,18 @@ static struct socket *make_send_sock(struct netns_ipvs *ipvs, int id) | ||
| 947 | goto error; | ||
| 948 | } | ||
| 949 | |||
| 950 | - return sock; | ||
| 951 | + return 0; | ||
| 952 | |||
| 953 | error: | ||
| 954 | - sock_release(sock); | ||
| 955 | - return ERR_PTR(result); | ||
| 956 | + return result; | ||
| 957 | } | ||
| 958 | |||
| 959 | |||
| 960 | /* | ||
| 961 | * Set up receiving multicast socket over UDP | ||
| 962 | */ | ||
| 963 | -static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id, | ||
| 964 | - int ifindex) | ||
| 965 | +static int make_receive_sock(struct netns_ipvs *ipvs, int id, | ||
| 966 | + struct net_device *dev, struct socket **sock_ret) | ||
| 967 | { | ||
| 968 | /* multicast addr */ | ||
| 969 | union ipvs_sockaddr mcast_addr; | ||
| 970 | @@ -1561,8 +1541,9 @@ static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id, | ||
| 971 | IPPROTO_UDP, &sock); | ||
| 972 | if (result < 0) { | ||
| 973 | pr_err("Error during creation of socket; terminating\n"); | ||
| 974 | - return ERR_PTR(result); | ||
| 975 | + goto error; | ||
| 976 | } | ||
| 977 | + *sock_ret = sock; | ||
| 978 | /* it is equivalent to the REUSEADDR option in user-space */ | ||
| 979 | sock->sk->sk_reuse = SK_CAN_REUSE; | ||
| 980 | result = sysctl_sync_sock_size(ipvs); | ||
| 981 | @@ -1570,7 +1551,7 @@ static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id, | ||
| 982 | set_sock_size(sock->sk, 0, result); | ||
| 983 | |||
| 984 | get_mcast_sockaddr(&mcast_addr, &salen, &ipvs->bcfg, id); | ||
| 985 | - sock->sk->sk_bound_dev_if = ifindex; | ||
| 986 | + sock->sk->sk_bound_dev_if = dev->ifindex; | ||
| 987 | result = sock->ops->bind(sock, (struct sockaddr *)&mcast_addr, salen); | ||
| 988 | if (result < 0) { | ||
| 989 | pr_err("Error binding to the multicast addr\n"); | ||
| 990 | @@ -1581,21 +1562,20 @@ static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id, | ||
| 991 | #ifdef CONFIG_IP_VS_IPV6 | ||
| 992 | if (ipvs->bcfg.mcast_af == AF_INET6) | ||
| 993 | result = join_mcast_group6(sock->sk, &mcast_addr.in6.sin6_addr, | ||
| 994 | - ipvs->bcfg.mcast_ifn); | ||
| 995 | + dev); | ||
| 996 | else | ||
| 997 | #endif | ||
| 998 | result = join_mcast_group(sock->sk, &mcast_addr.in.sin_addr, | ||
| 999 | - ipvs->bcfg.mcast_ifn); | ||
| 1000 | + dev); | ||
| 1001 | if (result < 0) { | ||
| 1002 | pr_err("Error joining to the multicast group\n"); | ||
| 1003 | goto error; | ||
| 1004 | } | ||
| 1005 | |||
| 1006 | - return sock; | ||
| 1007 | + return 0; | ||
| 1008 | |||
| 1009 | error: | ||
| 1010 | - sock_release(sock); | ||
| 1011 | - return ERR_PTR(result); | ||
| 1012 | + return result; | ||
| 1013 | } | ||
| 1014 | |||
| 1015 | |||
| 1016 | @@ -1780,13 +1760,12 @@ static int sync_thread_backup(void *data) | ||
| 1017 | int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1018 | int state) | ||
| 1019 | { | ||
| 1020 | - struct ip_vs_sync_thread_data *tinfo; | ||
| 1021 | + struct ip_vs_sync_thread_data *tinfo = NULL; | ||
| 1022 | struct task_struct **array = NULL, *task; | ||
| 1023 | - struct socket *sock; | ||
| 1024 | struct net_device *dev; | ||
| 1025 | char *name; | ||
| 1026 | int (*threadfn)(void *data); | ||
| 1027 | - int id, count, hlen; | ||
| 1028 | + int id = 0, count, hlen; | ||
| 1029 | int result = -ENOMEM; | ||
| 1030 | u16 mtu, min_mtu; | ||
| 1031 | |||
| 1032 | @@ -1794,6 +1773,18 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1033 | IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n", | ||
| 1034 | sizeof(struct ip_vs_sync_conn_v0)); | ||
| 1035 | |||
| 1036 | + /* Do not hold one mutex and then to block on another */ | ||
| 1037 | + for (;;) { | ||
| 1038 | + rtnl_lock(); | ||
| 1039 | + if (mutex_trylock(&ipvs->sync_mutex)) | ||
| 1040 | + break; | ||
| 1041 | + rtnl_unlock(); | ||
| 1042 | + mutex_lock(&ipvs->sync_mutex); | ||
| 1043 | + if (rtnl_trylock()) | ||
| 1044 | + break; | ||
| 1045 | + mutex_unlock(&ipvs->sync_mutex); | ||
| 1046 | + } | ||
| 1047 | + | ||
| 1048 | if (!ipvs->sync_state) { | ||
| 1049 | count = clamp(sysctl_sync_ports(ipvs), 1, IPVS_SYNC_PORTS_MAX); | ||
| 1050 | ipvs->threads_mask = count - 1; | ||
| 1051 | @@ -1812,7 +1803,8 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1052 | dev = __dev_get_by_name(ipvs->net, c->mcast_ifn); | ||
| 1053 | if (!dev) { | ||
| 1054 | pr_err("Unknown mcast interface: %s\n", c->mcast_ifn); | ||
| 1055 | - return -ENODEV; | ||
| 1056 | + result = -ENODEV; | ||
| 1057 | + goto out_early; | ||
| 1058 | } | ||
| 1059 | hlen = (AF_INET6 == c->mcast_af) ? | ||
| 1060 | sizeof(struct ipv6hdr) + sizeof(struct udphdr) : | ||
| 1061 | @@ -1829,26 +1821,30 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1062 | c->sync_maxlen = mtu - hlen; | ||
| 1063 | |||
| 1064 | if (state == IP_VS_STATE_MASTER) { | ||
| 1065 | + result = -EEXIST; | ||
| 1066 | if (ipvs->ms) | ||
| 1067 | - return -EEXIST; | ||
| 1068 | + goto out_early; | ||
| 1069 | |||
| 1070 | ipvs->mcfg = *c; | ||
| 1071 | name = "ipvs-m:%d:%d"; | ||
| 1072 | threadfn = sync_thread_master; | ||
| 1073 | } else if (state == IP_VS_STATE_BACKUP) { | ||
| 1074 | + result = -EEXIST; | ||
| 1075 | if (ipvs->backup_threads) | ||
| 1076 | - return -EEXIST; | ||
| 1077 | + goto out_early; | ||
| 1078 | |||
| 1079 | ipvs->bcfg = *c; | ||
| 1080 | name = "ipvs-b:%d:%d"; | ||
| 1081 | threadfn = sync_thread_backup; | ||
| 1082 | } else { | ||
| 1083 | - return -EINVAL; | ||
| 1084 | + result = -EINVAL; | ||
| 1085 | + goto out_early; | ||
| 1086 | } | ||
| 1087 | |||
| 1088 | if (state == IP_VS_STATE_MASTER) { | ||
| 1089 | struct ipvs_master_sync_state *ms; | ||
| 1090 | |||
| 1091 | + result = -ENOMEM; | ||
| 1092 | ipvs->ms = kzalloc(count * sizeof(ipvs->ms[0]), GFP_KERNEL); | ||
| 1093 | if (!ipvs->ms) | ||
| 1094 | goto out; | ||
| 1095 | @@ -1864,39 +1860,38 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1096 | } else { | ||
| 1097 | array = kzalloc(count * sizeof(struct task_struct *), | ||
| 1098 | GFP_KERNEL); | ||
| 1099 | + result = -ENOMEM; | ||
| 1100 | if (!array) | ||
| 1101 | goto out; | ||
| 1102 | } | ||
| 1103 | |||
| 1104 | - tinfo = NULL; | ||
| 1105 | for (id = 0; id < count; id++) { | ||
| 1106 | - if (state == IP_VS_STATE_MASTER) | ||
| 1107 | - sock = make_send_sock(ipvs, id); | ||
| 1108 | - else | ||
| 1109 | - sock = make_receive_sock(ipvs, id, dev->ifindex); | ||
| 1110 | - if (IS_ERR(sock)) { | ||
| 1111 | - result = PTR_ERR(sock); | ||
| 1112 | - goto outtinfo; | ||
| 1113 | - } | ||
| 1114 | + result = -ENOMEM; | ||
| 1115 | tinfo = kmalloc(sizeof(*tinfo), GFP_KERNEL); | ||
| 1116 | if (!tinfo) | ||
| 1117 | - goto outsocket; | ||
| 1118 | + goto out; | ||
| 1119 | tinfo->ipvs = ipvs; | ||
| 1120 | - tinfo->sock = sock; | ||
| 1121 | + tinfo->sock = NULL; | ||
| 1122 | if (state == IP_VS_STATE_BACKUP) { | ||
| 1123 | tinfo->buf = kmalloc(ipvs->bcfg.sync_maxlen, | ||
| 1124 | GFP_KERNEL); | ||
| 1125 | if (!tinfo->buf) | ||
| 1126 | - goto outtinfo; | ||
| 1127 | + goto out; | ||
| 1128 | } else { | ||
| 1129 | tinfo->buf = NULL; | ||
| 1130 | } | ||
| 1131 | tinfo->id = id; | ||
| 1132 | + if (state == IP_VS_STATE_MASTER) | ||
| 1133 | + result = make_send_sock(ipvs, id, dev, &tinfo->sock); | ||
| 1134 | + else | ||
| 1135 | + result = make_receive_sock(ipvs, id, dev, &tinfo->sock); | ||
| 1136 | + if (result < 0) | ||
| 1137 | + goto out; | ||
| 1138 | |||
| 1139 | task = kthread_run(threadfn, tinfo, name, ipvs->gen, id); | ||
| 1140 | if (IS_ERR(task)) { | ||
| 1141 | result = PTR_ERR(task); | ||
| 1142 | - goto outtinfo; | ||
| 1143 | + goto out; | ||
| 1144 | } | ||
| 1145 | tinfo = NULL; | ||
| 1146 | if (state == IP_VS_STATE_MASTER) | ||
| 1147 | @@ -1913,20 +1908,20 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1148 | ipvs->sync_state |= state; | ||
| 1149 | spin_unlock_bh(&ipvs->sync_buff_lock); | ||
| 1150 | |||
| 1151 | + mutex_unlock(&ipvs->sync_mutex); | ||
| 1152 | + rtnl_unlock(); | ||
| 1153 | + | ||
| 1154 | /* increase the module use count */ | ||
| 1155 | ip_vs_use_count_inc(); | ||
| 1156 | |||
| 1157 | return 0; | ||
| 1158 | |||
| 1159 | -outsocket: | ||
| 1160 | - sock_release(sock); | ||
| 1161 | - | ||
| 1162 | -outtinfo: | ||
| 1163 | - if (tinfo) { | ||
| 1164 | - sock_release(tinfo->sock); | ||
| 1165 | - kfree(tinfo->buf); | ||
| 1166 | - kfree(tinfo); | ||
| 1167 | - } | ||
| 1168 | +out: | ||
| 1169 | + /* We do not need RTNL lock anymore, release it here so that | ||
| 1170 | + * sock_release below and in the kthreads can use rtnl_lock | ||
| 1171 | + * to leave the mcast group. | ||
| 1172 | + */ | ||
| 1173 | + rtnl_unlock(); | ||
| 1174 | count = id; | ||
| 1175 | while (count-- > 0) { | ||
| 1176 | if (state == IP_VS_STATE_MASTER) | ||
| 1177 | @@ -1934,13 +1929,23 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, | ||
| 1178 | else | ||
| 1179 | kthread_stop(array[count]); | ||
| 1180 | } | ||
| 1181 | - kfree(array); | ||
| 1182 | - | ||
| 1183 | -out: | ||
| 1184 | if (!(ipvs->sync_state & IP_VS_STATE_MASTER)) { | ||
| 1185 | kfree(ipvs->ms); | ||
| 1186 | ipvs->ms = NULL; | ||
| 1187 | } | ||
| 1188 | + mutex_unlock(&ipvs->sync_mutex); | ||
| 1189 | + if (tinfo) { | ||
| 1190 | + if (tinfo->sock) | ||
| 1191 | + sock_release(tinfo->sock); | ||
| 1192 | + kfree(tinfo->buf); | ||
| 1193 | + kfree(tinfo); | ||
| 1194 | + } | ||
| 1195 | + kfree(array); | ||
| 1196 | + return result; | ||
| 1197 | + | ||
| 1198 | +out_early: | ||
| 1199 | + mutex_unlock(&ipvs->sync_mutex); | ||
| 1200 | + rtnl_unlock(); | ||
| 1201 | return result; | ||
| 1202 | } | ||
| 1203 | |||
| 1204 | diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c | ||
| 1205 | index 1e97b8d9a159..15e6e7b9fd2b 100644 | ||
| 1206 | --- a/net/netlink/af_netlink.c | ||
| 1207 | +++ b/net/netlink/af_netlink.c | ||
| 1208 | @@ -1795,6 +1795,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) | ||
| 1209 | |||
| 1210 | if (msg->msg_namelen) { | ||
| 1211 | err = -EINVAL; | ||
| 1212 | + if (msg->msg_namelen < sizeof(struct sockaddr_nl)) | ||
| 1213 | + goto out; | ||
| 1214 | if (addr->nl_family != AF_NETLINK) | ||
| 1215 | goto out; | ||
| 1216 | dst_portid = addr->nl_pid; | ||
| 1217 | diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c | ||
| 1218 | index 76c01cbd56e3..d6d8b34c5f22 100644 | ||
| 1219 | --- a/net/rfkill/rfkill-gpio.c | ||
| 1220 | +++ b/net/rfkill/rfkill-gpio.c | ||
| 1221 | @@ -138,13 +138,18 @@ static int rfkill_gpio_probe(struct platform_device *pdev) | ||
| 1222 | |||
| 1223 | ret = rfkill_register(rfkill->rfkill_dev); | ||
| 1224 | if (ret < 0) | ||
| 1225 | - return ret; | ||
| 1226 | + goto err_destroy; | ||
| 1227 | |||
| 1228 | platform_set_drvdata(pdev, rfkill); | ||
| 1229 | |||
| 1230 | dev_info(&pdev->dev, "%s device registered.\n", rfkill->name); | ||
| 1231 | |||
| 1232 | return 0; | ||
| 1233 | + | ||
| 1234 | +err_destroy: | ||
| 1235 | + rfkill_destroy(rfkill->rfkill_dev); | ||
| 1236 | + | ||
| 1237 | + return ret; | ||
| 1238 | } | ||
| 1239 | |||
| 1240 | static int rfkill_gpio_remove(struct platform_device *pdev) |