Annotation of /trunk/kernel-alx/patches-5.4/0115-5.4.16-all-fixes.patch
Parent Directory | Revision Log
Revision 3496 -
(hide annotations)
(download)
Mon May 11 14:36:18 2020 UTC (4 years ago) by niro
File size: 188872 byte(s)
Mon May 11 14:36:18 2020 UTC (4 years ago) by niro
File size: 188872 byte(s)
-linux-5.4.16
1 | niro | 3496 | diff --git a/Makefile b/Makefile |
2 | index 30600e309c73..e16d2e58ed4b 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,7 +1,7 @@ | ||
6 | # SPDX-License-Identifier: GPL-2.0 | ||
7 | VERSION = 5 | ||
8 | PATCHLEVEL = 4 | ||
9 | -SUBLEVEL = 15 | ||
10 | +SUBLEVEL = 16 | ||
11 | EXTRAVERSION = | ||
12 | NAME = Kleptomaniac Octopus | ||
13 | |||
14 | diff --git a/arch/powerpc/include/asm/book3s/64/mmu-hash.h b/arch/powerpc/include/asm/book3s/64/mmu-hash.h | ||
15 | index 15b75005bc34..3fa1b962dc27 100644 | ||
16 | --- a/arch/powerpc/include/asm/book3s/64/mmu-hash.h | ||
17 | +++ b/arch/powerpc/include/asm/book3s/64/mmu-hash.h | ||
18 | @@ -600,8 +600,11 @@ extern void slb_set_size(u16 size); | ||
19 | * | ||
20 | */ | ||
21 | #define MAX_USER_CONTEXT ((ASM_CONST(1) << CONTEXT_BITS) - 2) | ||
22 | + | ||
23 | +// The + 2 accounts for INVALID_REGION and 1 more to avoid overlap with kernel | ||
24 | #define MIN_USER_CONTEXT (MAX_KERNEL_CTX_CNT + MAX_VMALLOC_CTX_CNT + \ | ||
25 | - MAX_IO_CTX_CNT + MAX_VMEMMAP_CTX_CNT) | ||
26 | + MAX_IO_CTX_CNT + MAX_VMEMMAP_CTX_CNT + 2) | ||
27 | + | ||
28 | /* | ||
29 | * For platforms that support on 65bit VA we limit the context bits | ||
30 | */ | ||
31 | diff --git a/arch/powerpc/include/asm/xive-regs.h b/arch/powerpc/include/asm/xive-regs.h | ||
32 | index f2dfcd50a2d3..33aee7490cbb 100644 | ||
33 | --- a/arch/powerpc/include/asm/xive-regs.h | ||
34 | +++ b/arch/powerpc/include/asm/xive-regs.h | ||
35 | @@ -39,6 +39,7 @@ | ||
36 | |||
37 | #define XIVE_ESB_VAL_P 0x2 | ||
38 | #define XIVE_ESB_VAL_Q 0x1 | ||
39 | +#define XIVE_ESB_INVALID 0xFF | ||
40 | |||
41 | /* | ||
42 | * Thread Management (aka "TM") registers | ||
43 | diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c | ||
44 | index f5fadbd2533a..9651ca061828 100644 | ||
45 | --- a/arch/powerpc/sysdev/xive/common.c | ||
46 | +++ b/arch/powerpc/sysdev/xive/common.c | ||
47 | @@ -972,12 +972,21 @@ static int xive_get_irqchip_state(struct irq_data *data, | ||
48 | enum irqchip_irq_state which, bool *state) | ||
49 | { | ||
50 | struct xive_irq_data *xd = irq_data_get_irq_handler_data(data); | ||
51 | + u8 pq; | ||
52 | |||
53 | switch (which) { | ||
54 | case IRQCHIP_STATE_ACTIVE: | ||
55 | - *state = !xd->stale_p && | ||
56 | - (xd->saved_p || | ||
57 | - !!(xive_esb_read(xd, XIVE_ESB_GET) & XIVE_ESB_VAL_P)); | ||
58 | + pq = xive_esb_read(xd, XIVE_ESB_GET); | ||
59 | + | ||
60 | + /* | ||
61 | + * The esb value being all 1's means we couldn't get | ||
62 | + * the PQ state of the interrupt through mmio. It may | ||
63 | + * happen, for example when querying a PHB interrupt | ||
64 | + * while the PHB is in an error state. We consider the | ||
65 | + * interrupt to be inactive in that case. | ||
66 | + */ | ||
67 | + *state = (pq != XIVE_ESB_INVALID) && !xd->stale_p && | ||
68 | + (xd->saved_p || !!(pq & XIVE_ESB_VAL_P)); | ||
69 | return 0; | ||
70 | default: | ||
71 | return -EINVAL; | ||
72 | diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c | ||
73 | index 2bbab0230aeb..d287837ed755 100644 | ||
74 | --- a/drivers/atm/firestream.c | ||
75 | +++ b/drivers/atm/firestream.c | ||
76 | @@ -912,6 +912,7 @@ static int fs_open(struct atm_vcc *atm_vcc) | ||
77 | } | ||
78 | if (!to) { | ||
79 | printk ("No more free channels for FS50..\n"); | ||
80 | + kfree(vcc); | ||
81 | return -EBUSY; | ||
82 | } | ||
83 | vcc->channo = dev->channo; | ||
84 | @@ -922,6 +923,7 @@ static int fs_open(struct atm_vcc *atm_vcc) | ||
85 | if (((DO_DIRECTION(rxtp) && dev->atm_vccs[vcc->channo])) || | ||
86 | ( DO_DIRECTION(txtp) && test_bit (vcc->channo, dev->tx_inuse))) { | ||
87 | printk ("Channel is in use for FS155.\n"); | ||
88 | + kfree(vcc); | ||
89 | return -EBUSY; | ||
90 | } | ||
91 | } | ||
92 | @@ -935,6 +937,7 @@ static int fs_open(struct atm_vcc *atm_vcc) | ||
93 | tc, sizeof (struct fs_transmit_config)); | ||
94 | if (!tc) { | ||
95 | fs_dprintk (FS_DEBUG_OPEN, "fs: can't alloc transmit_config.\n"); | ||
96 | + kfree(vcc); | ||
97 | return -ENOMEM; | ||
98 | } | ||
99 | |||
100 | diff --git a/drivers/gpu/drm/i915/gem/i915_gem_busy.c b/drivers/gpu/drm/i915/gem/i915_gem_busy.c | ||
101 | index 3d4f5775a4ba..25235ef630c1 100644 | ||
102 | --- a/drivers/gpu/drm/i915/gem/i915_gem_busy.c | ||
103 | +++ b/drivers/gpu/drm/i915/gem/i915_gem_busy.c | ||
104 | @@ -9,16 +9,16 @@ | ||
105 | #include "i915_gem_ioctls.h" | ||
106 | #include "i915_gem_object.h" | ||
107 | |||
108 | -static __always_inline u32 __busy_read_flag(u8 id) | ||
109 | +static __always_inline u32 __busy_read_flag(u16 id) | ||
110 | { | ||
111 | - if (id == (u8)I915_ENGINE_CLASS_INVALID) | ||
112 | + if (id == (u16)I915_ENGINE_CLASS_INVALID) | ||
113 | return 0xffff0000u; | ||
114 | |||
115 | GEM_BUG_ON(id >= 16); | ||
116 | return 0x10000u << id; | ||
117 | } | ||
118 | |||
119 | -static __always_inline u32 __busy_write_id(u8 id) | ||
120 | +static __always_inline u32 __busy_write_id(u16 id) | ||
121 | { | ||
122 | /* | ||
123 | * The uABI guarantees an active writer is also amongst the read | ||
124 | @@ -29,14 +29,14 @@ static __always_inline u32 __busy_write_id(u8 id) | ||
125 | * last_read - hence we always set both read and write busy for | ||
126 | * last_write. | ||
127 | */ | ||
128 | - if (id == (u8)I915_ENGINE_CLASS_INVALID) | ||
129 | + if (id == (u16)I915_ENGINE_CLASS_INVALID) | ||
130 | return 0xffffffffu; | ||
131 | |||
132 | return (id + 1) | __busy_read_flag(id); | ||
133 | } | ||
134 | |||
135 | static __always_inline unsigned int | ||
136 | -__busy_set_if_active(const struct dma_fence *fence, u32 (*flag)(u8 id)) | ||
137 | +__busy_set_if_active(const struct dma_fence *fence, u32 (*flag)(u16 id)) | ||
138 | { | ||
139 | const struct i915_request *rq; | ||
140 | |||
141 | @@ -57,7 +57,7 @@ __busy_set_if_active(const struct dma_fence *fence, u32 (*flag)(u8 id)) | ||
142 | return 0; | ||
143 | |||
144 | /* Beware type-expansion follies! */ | ||
145 | - BUILD_BUG_ON(!typecheck(u8, rq->engine->uabi_class)); | ||
146 | + BUILD_BUG_ON(!typecheck(u16, rq->engine->uabi_class)); | ||
147 | return flag(rq->engine->uabi_class); | ||
148 | } | ||
149 | |||
150 | diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c | ||
151 | index abfbac49b8e8..968d9b2705d0 100644 | ||
152 | --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c | ||
153 | +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c | ||
154 | @@ -427,7 +427,7 @@ struct get_pages_work { | ||
155 | |||
156 | static struct sg_table * | ||
157 | __i915_gem_userptr_alloc_pages(struct drm_i915_gem_object *obj, | ||
158 | - struct page **pvec, int num_pages) | ||
159 | + struct page **pvec, unsigned long num_pages) | ||
160 | { | ||
161 | unsigned int max_segment = i915_sg_segment_size(); | ||
162 | struct sg_table *st; | ||
163 | @@ -473,9 +473,10 @@ __i915_gem_userptr_get_pages_worker(struct work_struct *_work) | ||
164 | { | ||
165 | struct get_pages_work *work = container_of(_work, typeof(*work), work); | ||
166 | struct drm_i915_gem_object *obj = work->obj; | ||
167 | - const int npages = obj->base.size >> PAGE_SHIFT; | ||
168 | + const unsigned long npages = obj->base.size >> PAGE_SHIFT; | ||
169 | + unsigned long pinned; | ||
170 | struct page **pvec; | ||
171 | - int pinned, ret; | ||
172 | + int ret; | ||
173 | |||
174 | ret = -ENOMEM; | ||
175 | pinned = 0; | ||
176 | @@ -578,7 +579,7 @@ __i915_gem_userptr_get_pages_schedule(struct drm_i915_gem_object *obj) | ||
177 | |||
178 | static int i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj) | ||
179 | { | ||
180 | - const int num_pages = obj->base.size >> PAGE_SHIFT; | ||
181 | + const unsigned long num_pages = obj->base.size >> PAGE_SHIFT; | ||
182 | struct mm_struct *mm = obj->userptr.mm->mm; | ||
183 | struct page **pvec; | ||
184 | struct sg_table *pages; | ||
185 | diff --git a/drivers/gpu/drm/i915/gt/intel_engine_types.h b/drivers/gpu/drm/i915/gt/intel_engine_types.h | ||
186 | index 9dd8c299cb2d..798e1b024406 100644 | ||
187 | --- a/drivers/gpu/drm/i915/gt/intel_engine_types.h | ||
188 | +++ b/drivers/gpu/drm/i915/gt/intel_engine_types.h | ||
189 | @@ -300,8 +300,8 @@ struct intel_engine_cs { | ||
190 | u8 class; | ||
191 | u8 instance; | ||
192 | |||
193 | - u8 uabi_class; | ||
194 | - u8 uabi_instance; | ||
195 | + u16 uabi_class; | ||
196 | + u16 uabi_instance; | ||
197 | |||
198 | u32 context_size; | ||
199 | u32 mmio_base; | ||
200 | diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c | ||
201 | index b1a7a8b9b46a..f614646ed3f9 100644 | ||
202 | --- a/drivers/gpu/drm/i915/i915_gem_gtt.c | ||
203 | +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c | ||
204 | @@ -1178,6 +1178,7 @@ gen8_ppgtt_insert_pte(struct i915_ppgtt *ppgtt, | ||
205 | pd = i915_pd_entry(pdp, gen8_pd_index(idx, 2)); | ||
206 | vaddr = kmap_atomic_px(i915_pt_entry(pd, gen8_pd_index(idx, 1))); | ||
207 | do { | ||
208 | + GEM_BUG_ON(iter->sg->length < I915_GTT_PAGE_SIZE); | ||
209 | vaddr[gen8_pd_index(idx, 0)] = pte_encode | iter->dma; | ||
210 | |||
211 | iter->dma += I915_GTT_PAGE_SIZE; | ||
212 | @@ -1657,6 +1658,7 @@ static void gen6_ppgtt_insert_entries(struct i915_address_space *vm, | ||
213 | |||
214 | vaddr = kmap_atomic_px(i915_pt_entry(pd, act_pt)); | ||
215 | do { | ||
216 | + GEM_BUG_ON(iter.sg->length < I915_GTT_PAGE_SIZE); | ||
217 | vaddr[act_pte] = pte_encode | GEN6_PTE_ADDR_ENCODE(iter.dma); | ||
218 | |||
219 | iter.dma += I915_GTT_PAGE_SIZE; | ||
220 | diff --git a/drivers/gpu/drm/panfrost/panfrost_drv.c b/drivers/gpu/drm/panfrost/panfrost_drv.c | ||
221 | index 1c67ac434e10..5906c80c4b2c 100644 | ||
222 | --- a/drivers/gpu/drm/panfrost/panfrost_drv.c | ||
223 | +++ b/drivers/gpu/drm/panfrost/panfrost_drv.c | ||
224 | @@ -78,8 +78,10 @@ static int panfrost_ioctl_get_param(struct drm_device *ddev, void *data, struct | ||
225 | static int panfrost_ioctl_create_bo(struct drm_device *dev, void *data, | ||
226 | struct drm_file *file) | ||
227 | { | ||
228 | + struct panfrost_file_priv *priv = file->driver_priv; | ||
229 | struct panfrost_gem_object *bo; | ||
230 | struct drm_panfrost_create_bo *args = data; | ||
231 | + struct panfrost_gem_mapping *mapping; | ||
232 | |||
233 | if (!args->size || args->pad || | ||
234 | (args->flags & ~(PANFROST_BO_NOEXEC | PANFROST_BO_HEAP))) | ||
235 | @@ -95,7 +97,14 @@ static int panfrost_ioctl_create_bo(struct drm_device *dev, void *data, | ||
236 | if (IS_ERR(bo)) | ||
237 | return PTR_ERR(bo); | ||
238 | |||
239 | - args->offset = bo->node.start << PAGE_SHIFT; | ||
240 | + mapping = panfrost_gem_mapping_get(bo, priv); | ||
241 | + if (!mapping) { | ||
242 | + drm_gem_object_put_unlocked(&bo->base.base); | ||
243 | + return -EINVAL; | ||
244 | + } | ||
245 | + | ||
246 | + args->offset = mapping->mmnode.start << PAGE_SHIFT; | ||
247 | + panfrost_gem_mapping_put(mapping); | ||
248 | |||
249 | return 0; | ||
250 | } | ||
251 | @@ -119,6 +128,11 @@ panfrost_lookup_bos(struct drm_device *dev, | ||
252 | struct drm_panfrost_submit *args, | ||
253 | struct panfrost_job *job) | ||
254 | { | ||
255 | + struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
256 | + struct panfrost_gem_object *bo; | ||
257 | + unsigned int i; | ||
258 | + int ret; | ||
259 | + | ||
260 | job->bo_count = args->bo_handle_count; | ||
261 | |||
262 | if (!job->bo_count) | ||
263 | @@ -130,9 +144,32 @@ panfrost_lookup_bos(struct drm_device *dev, | ||
264 | if (!job->implicit_fences) | ||
265 | return -ENOMEM; | ||
266 | |||
267 | - return drm_gem_objects_lookup(file_priv, | ||
268 | - (void __user *)(uintptr_t)args->bo_handles, | ||
269 | - job->bo_count, &job->bos); | ||
270 | + ret = drm_gem_objects_lookup(file_priv, | ||
271 | + (void __user *)(uintptr_t)args->bo_handles, | ||
272 | + job->bo_count, &job->bos); | ||
273 | + if (ret) | ||
274 | + return ret; | ||
275 | + | ||
276 | + job->mappings = kvmalloc_array(job->bo_count, | ||
277 | + sizeof(struct panfrost_gem_mapping *), | ||
278 | + GFP_KERNEL | __GFP_ZERO); | ||
279 | + if (!job->mappings) | ||
280 | + return -ENOMEM; | ||
281 | + | ||
282 | + for (i = 0; i < job->bo_count; i++) { | ||
283 | + struct panfrost_gem_mapping *mapping; | ||
284 | + | ||
285 | + bo = to_panfrost_bo(job->bos[i]); | ||
286 | + mapping = panfrost_gem_mapping_get(bo, priv); | ||
287 | + if (!mapping) { | ||
288 | + ret = -EINVAL; | ||
289 | + break; | ||
290 | + } | ||
291 | + | ||
292 | + job->mappings[i] = mapping; | ||
293 | + } | ||
294 | + | ||
295 | + return ret; | ||
296 | } | ||
297 | |||
298 | /** | ||
299 | @@ -320,7 +357,9 @@ out: | ||
300 | static int panfrost_ioctl_get_bo_offset(struct drm_device *dev, void *data, | ||
301 | struct drm_file *file_priv) | ||
302 | { | ||
303 | + struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
304 | struct drm_panfrost_get_bo_offset *args = data; | ||
305 | + struct panfrost_gem_mapping *mapping; | ||
306 | struct drm_gem_object *gem_obj; | ||
307 | struct panfrost_gem_object *bo; | ||
308 | |||
309 | @@ -331,18 +370,26 @@ static int panfrost_ioctl_get_bo_offset(struct drm_device *dev, void *data, | ||
310 | } | ||
311 | bo = to_panfrost_bo(gem_obj); | ||
312 | |||
313 | - args->offset = bo->node.start << PAGE_SHIFT; | ||
314 | - | ||
315 | + mapping = panfrost_gem_mapping_get(bo, priv); | ||
316 | drm_gem_object_put_unlocked(gem_obj); | ||
317 | + | ||
318 | + if (!mapping) | ||
319 | + return -EINVAL; | ||
320 | + | ||
321 | + args->offset = mapping->mmnode.start << PAGE_SHIFT; | ||
322 | + panfrost_gem_mapping_put(mapping); | ||
323 | return 0; | ||
324 | } | ||
325 | |||
326 | static int panfrost_ioctl_madvise(struct drm_device *dev, void *data, | ||
327 | struct drm_file *file_priv) | ||
328 | { | ||
329 | + struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
330 | struct drm_panfrost_madvise *args = data; | ||
331 | struct panfrost_device *pfdev = dev->dev_private; | ||
332 | struct drm_gem_object *gem_obj; | ||
333 | + struct panfrost_gem_object *bo; | ||
334 | + int ret = 0; | ||
335 | |||
336 | gem_obj = drm_gem_object_lookup(file_priv, args->handle); | ||
337 | if (!gem_obj) { | ||
338 | @@ -350,22 +397,48 @@ static int panfrost_ioctl_madvise(struct drm_device *dev, void *data, | ||
339 | return -ENOENT; | ||
340 | } | ||
341 | |||
342 | + bo = to_panfrost_bo(gem_obj); | ||
343 | + | ||
344 | mutex_lock(&pfdev->shrinker_lock); | ||
345 | + mutex_lock(&bo->mappings.lock); | ||
346 | + if (args->madv == PANFROST_MADV_DONTNEED) { | ||
347 | + struct panfrost_gem_mapping *first; | ||
348 | + | ||
349 | + first = list_first_entry(&bo->mappings.list, | ||
350 | + struct panfrost_gem_mapping, | ||
351 | + node); | ||
352 | + | ||
353 | + /* | ||
354 | + * If we want to mark the BO purgeable, there must be only one | ||
355 | + * user: the caller FD. | ||
356 | + * We could do something smarter and mark the BO purgeable only | ||
357 | + * when all its users have marked it purgeable, but globally | ||
358 | + * visible/shared BOs are likely to never be marked purgeable | ||
359 | + * anyway, so let's not bother. | ||
360 | + */ | ||
361 | + if (!list_is_singular(&bo->mappings.list) || | ||
362 | + WARN_ON_ONCE(first->mmu != &priv->mmu)) { | ||
363 | + ret = -EINVAL; | ||
364 | + goto out_unlock_mappings; | ||
365 | + } | ||
366 | + } | ||
367 | + | ||
368 | args->retained = drm_gem_shmem_madvise(gem_obj, args->madv); | ||
369 | |||
370 | if (args->retained) { | ||
371 | - struct panfrost_gem_object *bo = to_panfrost_bo(gem_obj); | ||
372 | - | ||
373 | if (args->madv == PANFROST_MADV_DONTNEED) | ||
374 | list_add_tail(&bo->base.madv_list, | ||
375 | &pfdev->shrinker_list); | ||
376 | else if (args->madv == PANFROST_MADV_WILLNEED) | ||
377 | list_del_init(&bo->base.madv_list); | ||
378 | } | ||
379 | + | ||
380 | +out_unlock_mappings: | ||
381 | + mutex_unlock(&bo->mappings.lock); | ||
382 | mutex_unlock(&pfdev->shrinker_lock); | ||
383 | |||
384 | drm_gem_object_put_unlocked(gem_obj); | ||
385 | - return 0; | ||
386 | + return ret; | ||
387 | } | ||
388 | |||
389 | int panfrost_unstable_ioctl_check(void) | ||
390 | diff --git a/drivers/gpu/drm/panfrost/panfrost_gem.c b/drivers/gpu/drm/panfrost/panfrost_gem.c | ||
391 | index 92a95210a899..77c3a3855c68 100644 | ||
392 | --- a/drivers/gpu/drm/panfrost/panfrost_gem.c | ||
393 | +++ b/drivers/gpu/drm/panfrost/panfrost_gem.c | ||
394 | @@ -29,6 +29,12 @@ static void panfrost_gem_free_object(struct drm_gem_object *obj) | ||
395 | list_del_init(&bo->base.madv_list); | ||
396 | mutex_unlock(&pfdev->shrinker_lock); | ||
397 | |||
398 | + /* | ||
399 | + * If we still have mappings attached to the BO, there's a problem in | ||
400 | + * our refcounting. | ||
401 | + */ | ||
402 | + WARN_ON_ONCE(!list_empty(&bo->mappings.list)); | ||
403 | + | ||
404 | if (bo->sgts) { | ||
405 | int i; | ||
406 | int n_sgt = bo->base.base.size / SZ_2M; | ||
407 | @@ -46,6 +52,69 @@ static void panfrost_gem_free_object(struct drm_gem_object *obj) | ||
408 | drm_gem_shmem_free_object(obj); | ||
409 | } | ||
410 | |||
411 | +struct panfrost_gem_mapping * | ||
412 | +panfrost_gem_mapping_get(struct panfrost_gem_object *bo, | ||
413 | + struct panfrost_file_priv *priv) | ||
414 | +{ | ||
415 | + struct panfrost_gem_mapping *iter, *mapping = NULL; | ||
416 | + | ||
417 | + mutex_lock(&bo->mappings.lock); | ||
418 | + list_for_each_entry(iter, &bo->mappings.list, node) { | ||
419 | + if (iter->mmu == &priv->mmu) { | ||
420 | + kref_get(&iter->refcount); | ||
421 | + mapping = iter; | ||
422 | + break; | ||
423 | + } | ||
424 | + } | ||
425 | + mutex_unlock(&bo->mappings.lock); | ||
426 | + | ||
427 | + return mapping; | ||
428 | +} | ||
429 | + | ||
430 | +static void | ||
431 | +panfrost_gem_teardown_mapping(struct panfrost_gem_mapping *mapping) | ||
432 | +{ | ||
433 | + struct panfrost_file_priv *priv; | ||
434 | + | ||
435 | + if (mapping->active) | ||
436 | + panfrost_mmu_unmap(mapping); | ||
437 | + | ||
438 | + priv = container_of(mapping->mmu, struct panfrost_file_priv, mmu); | ||
439 | + spin_lock(&priv->mm_lock); | ||
440 | + if (drm_mm_node_allocated(&mapping->mmnode)) | ||
441 | + drm_mm_remove_node(&mapping->mmnode); | ||
442 | + spin_unlock(&priv->mm_lock); | ||
443 | +} | ||
444 | + | ||
445 | +static void panfrost_gem_mapping_release(struct kref *kref) | ||
446 | +{ | ||
447 | + struct panfrost_gem_mapping *mapping; | ||
448 | + | ||
449 | + mapping = container_of(kref, struct panfrost_gem_mapping, refcount); | ||
450 | + | ||
451 | + panfrost_gem_teardown_mapping(mapping); | ||
452 | + drm_gem_object_put_unlocked(&mapping->obj->base.base); | ||
453 | + kfree(mapping); | ||
454 | +} | ||
455 | + | ||
456 | +void panfrost_gem_mapping_put(struct panfrost_gem_mapping *mapping) | ||
457 | +{ | ||
458 | + if (!mapping) | ||
459 | + return; | ||
460 | + | ||
461 | + kref_put(&mapping->refcount, panfrost_gem_mapping_release); | ||
462 | +} | ||
463 | + | ||
464 | +void panfrost_gem_teardown_mappings(struct panfrost_gem_object *bo) | ||
465 | +{ | ||
466 | + struct panfrost_gem_mapping *mapping; | ||
467 | + | ||
468 | + mutex_lock(&bo->mappings.lock); | ||
469 | + list_for_each_entry(mapping, &bo->mappings.list, node) | ||
470 | + panfrost_gem_teardown_mapping(mapping); | ||
471 | + mutex_unlock(&bo->mappings.lock); | ||
472 | +} | ||
473 | + | ||
474 | int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
475 | { | ||
476 | int ret; | ||
477 | @@ -54,6 +123,16 @@ int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
478 | struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
479 | unsigned long color = bo->noexec ? PANFROST_BO_NOEXEC : 0; | ||
480 | struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
481 | + struct panfrost_gem_mapping *mapping; | ||
482 | + | ||
483 | + mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); | ||
484 | + if (!mapping) | ||
485 | + return -ENOMEM; | ||
486 | + | ||
487 | + INIT_LIST_HEAD(&mapping->node); | ||
488 | + kref_init(&mapping->refcount); | ||
489 | + drm_gem_object_get(obj); | ||
490 | + mapping->obj = bo; | ||
491 | |||
492 | /* | ||
493 | * Executable buffers cannot cross a 16MB boundary as the program | ||
494 | @@ -66,37 +145,48 @@ int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
495 | else | ||
496 | align = size >= SZ_2M ? SZ_2M >> PAGE_SHIFT : 0; | ||
497 | |||
498 | - bo->mmu = &priv->mmu; | ||
499 | + mapping->mmu = &priv->mmu; | ||
500 | spin_lock(&priv->mm_lock); | ||
501 | - ret = drm_mm_insert_node_generic(&priv->mm, &bo->node, | ||
502 | + ret = drm_mm_insert_node_generic(&priv->mm, &mapping->mmnode, | ||
503 | size >> PAGE_SHIFT, align, color, 0); | ||
504 | spin_unlock(&priv->mm_lock); | ||
505 | if (ret) | ||
506 | - return ret; | ||
507 | + goto err; | ||
508 | |||
509 | if (!bo->is_heap) { | ||
510 | - ret = panfrost_mmu_map(bo); | ||
511 | - if (ret) { | ||
512 | - spin_lock(&priv->mm_lock); | ||
513 | - drm_mm_remove_node(&bo->node); | ||
514 | - spin_unlock(&priv->mm_lock); | ||
515 | - } | ||
516 | + ret = panfrost_mmu_map(mapping); | ||
517 | + if (ret) | ||
518 | + goto err; | ||
519 | } | ||
520 | + | ||
521 | + mutex_lock(&bo->mappings.lock); | ||
522 | + WARN_ON(bo->base.madv != PANFROST_MADV_WILLNEED); | ||
523 | + list_add_tail(&mapping->node, &bo->mappings.list); | ||
524 | + mutex_unlock(&bo->mappings.lock); | ||
525 | + | ||
526 | +err: | ||
527 | + if (ret) | ||
528 | + panfrost_gem_mapping_put(mapping); | ||
529 | return ret; | ||
530 | } | ||
531 | |||
532 | void panfrost_gem_close(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
533 | { | ||
534 | - struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
535 | struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
536 | + struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
537 | + struct panfrost_gem_mapping *mapping = NULL, *iter; | ||
538 | |||
539 | - if (bo->is_mapped) | ||
540 | - panfrost_mmu_unmap(bo); | ||
541 | + mutex_lock(&bo->mappings.lock); | ||
542 | + list_for_each_entry(iter, &bo->mappings.list, node) { | ||
543 | + if (iter->mmu == &priv->mmu) { | ||
544 | + mapping = iter; | ||
545 | + list_del(&iter->node); | ||
546 | + break; | ||
547 | + } | ||
548 | + } | ||
549 | + mutex_unlock(&bo->mappings.lock); | ||
550 | |||
551 | - spin_lock(&priv->mm_lock); | ||
552 | - if (drm_mm_node_allocated(&bo->node)) | ||
553 | - drm_mm_remove_node(&bo->node); | ||
554 | - spin_unlock(&priv->mm_lock); | ||
555 | + panfrost_gem_mapping_put(mapping); | ||
556 | } | ||
557 | |||
558 | static int panfrost_gem_pin(struct drm_gem_object *obj) | ||
559 | @@ -136,6 +226,8 @@ struct drm_gem_object *panfrost_gem_create_object(struct drm_device *dev, size_t | ||
560 | if (!obj) | ||
561 | return NULL; | ||
562 | |||
563 | + INIT_LIST_HEAD(&obj->mappings.list); | ||
564 | + mutex_init(&obj->mappings.lock); | ||
565 | obj->base.base.funcs = &panfrost_gem_funcs; | ||
566 | |||
567 | return &obj->base.base; | ||
568 | diff --git a/drivers/gpu/drm/panfrost/panfrost_gem.h b/drivers/gpu/drm/panfrost/panfrost_gem.h | ||
569 | index 4b17e7308764..ca1bc9019600 100644 | ||
570 | --- a/drivers/gpu/drm/panfrost/panfrost_gem.h | ||
571 | +++ b/drivers/gpu/drm/panfrost/panfrost_gem.h | ||
572 | @@ -13,23 +13,46 @@ struct panfrost_gem_object { | ||
573 | struct drm_gem_shmem_object base; | ||
574 | struct sg_table *sgts; | ||
575 | |||
576 | - struct panfrost_mmu *mmu; | ||
577 | - struct drm_mm_node node; | ||
578 | - bool is_mapped :1; | ||
579 | + /* | ||
580 | + * Use a list for now. If searching a mapping ever becomes the | ||
581 | + * bottleneck, we should consider using an RB-tree, or even better, | ||
582 | + * let the core store drm_gem_object_mapping entries (where we | ||
583 | + * could place driver specific data) instead of drm_gem_object ones | ||
584 | + * in its drm_file->object_idr table. | ||
585 | + * | ||
586 | + * struct drm_gem_object_mapping { | ||
587 | + * struct drm_gem_object *obj; | ||
588 | + * void *driver_priv; | ||
589 | + * }; | ||
590 | + */ | ||
591 | + struct { | ||
592 | + struct list_head list; | ||
593 | + struct mutex lock; | ||
594 | + } mappings; | ||
595 | + | ||
596 | bool noexec :1; | ||
597 | bool is_heap :1; | ||
598 | }; | ||
599 | |||
600 | +struct panfrost_gem_mapping { | ||
601 | + struct list_head node; | ||
602 | + struct kref refcount; | ||
603 | + struct panfrost_gem_object *obj; | ||
604 | + struct drm_mm_node mmnode; | ||
605 | + struct panfrost_mmu *mmu; | ||
606 | + bool active :1; | ||
607 | +}; | ||
608 | + | ||
609 | static inline | ||
610 | struct panfrost_gem_object *to_panfrost_bo(struct drm_gem_object *obj) | ||
611 | { | ||
612 | return container_of(to_drm_gem_shmem_obj(obj), struct panfrost_gem_object, base); | ||
613 | } | ||
614 | |||
615 | -static inline | ||
616 | -struct panfrost_gem_object *drm_mm_node_to_panfrost_bo(struct drm_mm_node *node) | ||
617 | +static inline struct panfrost_gem_mapping * | ||
618 | +drm_mm_node_to_panfrost_mapping(struct drm_mm_node *node) | ||
619 | { | ||
620 | - return container_of(node, struct panfrost_gem_object, node); | ||
621 | + return container_of(node, struct panfrost_gem_mapping, mmnode); | ||
622 | } | ||
623 | |||
624 | struct drm_gem_object *panfrost_gem_create_object(struct drm_device *dev, size_t size); | ||
625 | @@ -49,6 +72,12 @@ int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv); | ||
626 | void panfrost_gem_close(struct drm_gem_object *obj, | ||
627 | struct drm_file *file_priv); | ||
628 | |||
629 | +struct panfrost_gem_mapping * | ||
630 | +panfrost_gem_mapping_get(struct panfrost_gem_object *bo, | ||
631 | + struct panfrost_file_priv *priv); | ||
632 | +void panfrost_gem_mapping_put(struct panfrost_gem_mapping *mapping); | ||
633 | +void panfrost_gem_teardown_mappings(struct panfrost_gem_object *bo); | ||
634 | + | ||
635 | void panfrost_gem_shrinker_init(struct drm_device *dev); | ||
636 | void panfrost_gem_shrinker_cleanup(struct drm_device *dev); | ||
637 | |||
638 | diff --git a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | ||
639 | index 458f0fa68111..f5dd7b29bc95 100644 | ||
640 | --- a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | ||
641 | +++ b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | ||
642 | @@ -39,11 +39,12 @@ panfrost_gem_shrinker_count(struct shrinker *shrinker, struct shrink_control *sc | ||
643 | static bool panfrost_gem_purge(struct drm_gem_object *obj) | ||
644 | { | ||
645 | struct drm_gem_shmem_object *shmem = to_drm_gem_shmem_obj(obj); | ||
646 | + struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
647 | |||
648 | if (!mutex_trylock(&shmem->pages_lock)) | ||
649 | return false; | ||
650 | |||
651 | - panfrost_mmu_unmap(to_panfrost_bo(obj)); | ||
652 | + panfrost_gem_teardown_mappings(bo); | ||
653 | drm_gem_shmem_purge_locked(obj); | ||
654 | |||
655 | mutex_unlock(&shmem->pages_lock); | ||
656 | diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c | ||
657 | index 21f34d44aac2..bbb0c5e3ca6f 100644 | ||
658 | --- a/drivers/gpu/drm/panfrost/panfrost_job.c | ||
659 | +++ b/drivers/gpu/drm/panfrost/panfrost_job.c | ||
660 | @@ -269,9 +269,20 @@ static void panfrost_job_cleanup(struct kref *ref) | ||
661 | dma_fence_put(job->done_fence); | ||
662 | dma_fence_put(job->render_done_fence); | ||
663 | |||
664 | - if (job->bos) { | ||
665 | + if (job->mappings) { | ||
666 | for (i = 0; i < job->bo_count; i++) | ||
667 | + panfrost_gem_mapping_put(job->mappings[i]); | ||
668 | + kvfree(job->mappings); | ||
669 | + } | ||
670 | + | ||
671 | + if (job->bos) { | ||
672 | + struct panfrost_gem_object *bo; | ||
673 | + | ||
674 | + for (i = 0; i < job->bo_count; i++) { | ||
675 | + bo = to_panfrost_bo(job->bos[i]); | ||
676 | drm_gem_object_put_unlocked(job->bos[i]); | ||
677 | + } | ||
678 | + | ||
679 | kvfree(job->bos); | ||
680 | } | ||
681 | |||
682 | diff --git a/drivers/gpu/drm/panfrost/panfrost_job.h b/drivers/gpu/drm/panfrost/panfrost_job.h | ||
683 | index 62454128a792..bbd3ba97ff67 100644 | ||
684 | --- a/drivers/gpu/drm/panfrost/panfrost_job.h | ||
685 | +++ b/drivers/gpu/drm/panfrost/panfrost_job.h | ||
686 | @@ -32,6 +32,7 @@ struct panfrost_job { | ||
687 | |||
688 | /* Exclusive fences we have taken from the BOs to wait for */ | ||
689 | struct dma_fence **implicit_fences; | ||
690 | + struct panfrost_gem_mapping **mappings; | ||
691 | struct drm_gem_object **bos; | ||
692 | u32 bo_count; | ||
693 | |||
694 | diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c | ||
695 | index a3ed64a1f15e..763cfca886a7 100644 | ||
696 | --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c | ||
697 | +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c | ||
698 | @@ -269,14 +269,15 @@ static int mmu_map_sg(struct panfrost_device *pfdev, struct panfrost_mmu *mmu, | ||
699 | return 0; | ||
700 | } | ||
701 | |||
702 | -int panfrost_mmu_map(struct panfrost_gem_object *bo) | ||
703 | +int panfrost_mmu_map(struct panfrost_gem_mapping *mapping) | ||
704 | { | ||
705 | + struct panfrost_gem_object *bo = mapping->obj; | ||
706 | struct drm_gem_object *obj = &bo->base.base; | ||
707 | struct panfrost_device *pfdev = to_panfrost_device(obj->dev); | ||
708 | struct sg_table *sgt; | ||
709 | int prot = IOMMU_READ | IOMMU_WRITE; | ||
710 | |||
711 | - if (WARN_ON(bo->is_mapped)) | ||
712 | + if (WARN_ON(mapping->active)) | ||
713 | return 0; | ||
714 | |||
715 | if (bo->noexec) | ||
716 | @@ -286,25 +287,28 @@ int panfrost_mmu_map(struct panfrost_gem_object *bo) | ||
717 | if (WARN_ON(IS_ERR(sgt))) | ||
718 | return PTR_ERR(sgt); | ||
719 | |||
720 | - mmu_map_sg(pfdev, bo->mmu, bo->node.start << PAGE_SHIFT, prot, sgt); | ||
721 | - bo->is_mapped = true; | ||
722 | + mmu_map_sg(pfdev, mapping->mmu, mapping->mmnode.start << PAGE_SHIFT, | ||
723 | + prot, sgt); | ||
724 | + mapping->active = true; | ||
725 | |||
726 | return 0; | ||
727 | } | ||
728 | |||
729 | -void panfrost_mmu_unmap(struct panfrost_gem_object *bo) | ||
730 | +void panfrost_mmu_unmap(struct panfrost_gem_mapping *mapping) | ||
731 | { | ||
732 | + struct panfrost_gem_object *bo = mapping->obj; | ||
733 | struct drm_gem_object *obj = &bo->base.base; | ||
734 | struct panfrost_device *pfdev = to_panfrost_device(obj->dev); | ||
735 | - struct io_pgtable_ops *ops = bo->mmu->pgtbl_ops; | ||
736 | - u64 iova = bo->node.start << PAGE_SHIFT; | ||
737 | - size_t len = bo->node.size << PAGE_SHIFT; | ||
738 | + struct io_pgtable_ops *ops = mapping->mmu->pgtbl_ops; | ||
739 | + u64 iova = mapping->mmnode.start << PAGE_SHIFT; | ||
740 | + size_t len = mapping->mmnode.size << PAGE_SHIFT; | ||
741 | size_t unmapped_len = 0; | ||
742 | |||
743 | - if (WARN_ON(!bo->is_mapped)) | ||
744 | + if (WARN_ON(!mapping->active)) | ||
745 | return; | ||
746 | |||
747 | - dev_dbg(pfdev->dev, "unmap: as=%d, iova=%llx, len=%zx", bo->mmu->as, iova, len); | ||
748 | + dev_dbg(pfdev->dev, "unmap: as=%d, iova=%llx, len=%zx", | ||
749 | + mapping->mmu->as, iova, len); | ||
750 | |||
751 | while (unmapped_len < len) { | ||
752 | size_t unmapped_page; | ||
753 | @@ -318,8 +322,9 @@ void panfrost_mmu_unmap(struct panfrost_gem_object *bo) | ||
754 | unmapped_len += pgsize; | ||
755 | } | ||
756 | |||
757 | - panfrost_mmu_flush_range(pfdev, bo->mmu, bo->node.start << PAGE_SHIFT, len); | ||
758 | - bo->is_mapped = false; | ||
759 | + panfrost_mmu_flush_range(pfdev, mapping->mmu, | ||
760 | + mapping->mmnode.start << PAGE_SHIFT, len); | ||
761 | + mapping->active = false; | ||
762 | } | ||
763 | |||
764 | static void mmu_tlb_inv_context_s1(void *cookie) | ||
765 | @@ -394,10 +399,10 @@ void panfrost_mmu_pgtable_free(struct panfrost_file_priv *priv) | ||
766 | free_io_pgtable_ops(mmu->pgtbl_ops); | ||
767 | } | ||
768 | |||
769 | -static struct panfrost_gem_object * | ||
770 | -addr_to_drm_mm_node(struct panfrost_device *pfdev, int as, u64 addr) | ||
771 | +static struct panfrost_gem_mapping * | ||
772 | +addr_to_mapping(struct panfrost_device *pfdev, int as, u64 addr) | ||
773 | { | ||
774 | - struct panfrost_gem_object *bo = NULL; | ||
775 | + struct panfrost_gem_mapping *mapping = NULL; | ||
776 | struct panfrost_file_priv *priv; | ||
777 | struct drm_mm_node *node; | ||
778 | u64 offset = addr >> PAGE_SHIFT; | ||
779 | @@ -418,8 +423,9 @@ found_mmu: | ||
780 | drm_mm_for_each_node(node, &priv->mm) { | ||
781 | if (offset >= node->start && | ||
782 | offset < (node->start + node->size)) { | ||
783 | - bo = drm_mm_node_to_panfrost_bo(node); | ||
784 | - drm_gem_object_get(&bo->base.base); | ||
785 | + mapping = drm_mm_node_to_panfrost_mapping(node); | ||
786 | + | ||
787 | + kref_get(&mapping->refcount); | ||
788 | break; | ||
789 | } | ||
790 | } | ||
791 | @@ -427,7 +433,7 @@ found_mmu: | ||
792 | spin_unlock(&priv->mm_lock); | ||
793 | out: | ||
794 | spin_unlock(&pfdev->as_lock); | ||
795 | - return bo; | ||
796 | + return mapping; | ||
797 | } | ||
798 | |||
799 | #define NUM_FAULT_PAGES (SZ_2M / PAGE_SIZE) | ||
800 | @@ -436,28 +442,30 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, | ||
801 | u64 addr) | ||
802 | { | ||
803 | int ret, i; | ||
804 | + struct panfrost_gem_mapping *bomapping; | ||
805 | struct panfrost_gem_object *bo; | ||
806 | struct address_space *mapping; | ||
807 | pgoff_t page_offset; | ||
808 | struct sg_table *sgt; | ||
809 | struct page **pages; | ||
810 | |||
811 | - bo = addr_to_drm_mm_node(pfdev, as, addr); | ||
812 | - if (!bo) | ||
813 | + bomapping = addr_to_mapping(pfdev, as, addr); | ||
814 | + if (!bomapping) | ||
815 | return -ENOENT; | ||
816 | |||
817 | + bo = bomapping->obj; | ||
818 | if (!bo->is_heap) { | ||
819 | dev_WARN(pfdev->dev, "matching BO is not heap type (GPU VA = %llx)", | ||
820 | - bo->node.start << PAGE_SHIFT); | ||
821 | + bomapping->mmnode.start << PAGE_SHIFT); | ||
822 | ret = -EINVAL; | ||
823 | goto err_bo; | ||
824 | } | ||
825 | - WARN_ON(bo->mmu->as != as); | ||
826 | + WARN_ON(bomapping->mmu->as != as); | ||
827 | |||
828 | /* Assume 2MB alignment and size multiple */ | ||
829 | addr &= ~((u64)SZ_2M - 1); | ||
830 | page_offset = addr >> PAGE_SHIFT; | ||
831 | - page_offset -= bo->node.start; | ||
832 | + page_offset -= bomapping->mmnode.start; | ||
833 | |||
834 | mutex_lock(&bo->base.pages_lock); | ||
835 | |||
836 | @@ -509,13 +517,14 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, | ||
837 | goto err_map; | ||
838 | } | ||
839 | |||
840 | - mmu_map_sg(pfdev, bo->mmu, addr, IOMMU_WRITE | IOMMU_READ | IOMMU_NOEXEC, sgt); | ||
841 | + mmu_map_sg(pfdev, bomapping->mmu, addr, | ||
842 | + IOMMU_WRITE | IOMMU_READ | IOMMU_NOEXEC, sgt); | ||
843 | |||
844 | - bo->is_mapped = true; | ||
845 | + bomapping->active = true; | ||
846 | |||
847 | dev_dbg(pfdev->dev, "mapped page fault @ AS%d %llx", as, addr); | ||
848 | |||
849 | - drm_gem_object_put_unlocked(&bo->base.base); | ||
850 | + panfrost_gem_mapping_put(bomapping); | ||
851 | |||
852 | return 0; | ||
853 | |||
854 | diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.h b/drivers/gpu/drm/panfrost/panfrost_mmu.h | ||
855 | index 7c5b6775ae23..44fc2edf63ce 100644 | ||
856 | --- a/drivers/gpu/drm/panfrost/panfrost_mmu.h | ||
857 | +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.h | ||
858 | @@ -4,12 +4,12 @@ | ||
859 | #ifndef __PANFROST_MMU_H__ | ||
860 | #define __PANFROST_MMU_H__ | ||
861 | |||
862 | -struct panfrost_gem_object; | ||
863 | +struct panfrost_gem_mapping; | ||
864 | struct panfrost_file_priv; | ||
865 | struct panfrost_mmu; | ||
866 | |||
867 | -int panfrost_mmu_map(struct panfrost_gem_object *bo); | ||
868 | -void panfrost_mmu_unmap(struct panfrost_gem_object *bo); | ||
869 | +int panfrost_mmu_map(struct panfrost_gem_mapping *mapping); | ||
870 | +void panfrost_mmu_unmap(struct panfrost_gem_mapping *mapping); | ||
871 | |||
872 | int panfrost_mmu_init(struct panfrost_device *pfdev); | ||
873 | void panfrost_mmu_fini(struct panfrost_device *pfdev); | ||
874 | diff --git a/drivers/gpu/drm/panfrost/panfrost_perfcnt.c b/drivers/gpu/drm/panfrost/panfrost_perfcnt.c | ||
875 | index 2c04e858c50a..684820448be3 100644 | ||
876 | --- a/drivers/gpu/drm/panfrost/panfrost_perfcnt.c | ||
877 | +++ b/drivers/gpu/drm/panfrost/panfrost_perfcnt.c | ||
878 | @@ -25,7 +25,7 @@ | ||
879 | #define V4_SHADERS_PER_COREGROUP 4 | ||
880 | |||
881 | struct panfrost_perfcnt { | ||
882 | - struct panfrost_gem_object *bo; | ||
883 | + struct panfrost_gem_mapping *mapping; | ||
884 | size_t bosize; | ||
885 | void *buf; | ||
886 | struct panfrost_file_priv *user; | ||
887 | @@ -49,7 +49,7 @@ static int panfrost_perfcnt_dump_locked(struct panfrost_device *pfdev) | ||
888 | int ret; | ||
889 | |||
890 | reinit_completion(&pfdev->perfcnt->dump_comp); | ||
891 | - gpuva = pfdev->perfcnt->bo->node.start << PAGE_SHIFT; | ||
892 | + gpuva = pfdev->perfcnt->mapping->mmnode.start << PAGE_SHIFT; | ||
893 | gpu_write(pfdev, GPU_PERFCNT_BASE_LO, gpuva); | ||
894 | gpu_write(pfdev, GPU_PERFCNT_BASE_HI, gpuva >> 32); | ||
895 | gpu_write(pfdev, GPU_INT_CLEAR, | ||
896 | @@ -89,17 +89,22 @@ static int panfrost_perfcnt_enable_locked(struct panfrost_device *pfdev, | ||
897 | if (IS_ERR(bo)) | ||
898 | return PTR_ERR(bo); | ||
899 | |||
900 | - perfcnt->bo = to_panfrost_bo(&bo->base); | ||
901 | - | ||
902 | /* Map the perfcnt buf in the address space attached to file_priv. */ | ||
903 | - ret = panfrost_gem_open(&perfcnt->bo->base.base, file_priv); | ||
904 | + ret = panfrost_gem_open(&bo->base, file_priv); | ||
905 | if (ret) | ||
906 | goto err_put_bo; | ||
907 | |||
908 | + perfcnt->mapping = panfrost_gem_mapping_get(to_panfrost_bo(&bo->base), | ||
909 | + user); | ||
910 | + if (!perfcnt->mapping) { | ||
911 | + ret = -EINVAL; | ||
912 | + goto err_close_bo; | ||
913 | + } | ||
914 | + | ||
915 | perfcnt->buf = drm_gem_shmem_vmap(&bo->base); | ||
916 | if (IS_ERR(perfcnt->buf)) { | ||
917 | ret = PTR_ERR(perfcnt->buf); | ||
918 | - goto err_close_bo; | ||
919 | + goto err_put_mapping; | ||
920 | } | ||
921 | |||
922 | /* | ||
923 | @@ -154,12 +159,17 @@ static int panfrost_perfcnt_enable_locked(struct panfrost_device *pfdev, | ||
924 | if (panfrost_has_hw_issue(pfdev, HW_ISSUE_8186)) | ||
925 | gpu_write(pfdev, GPU_PRFCNT_TILER_EN, 0xffffffff); | ||
926 | |||
927 | + /* The BO ref is retained by the mapping. */ | ||
928 | + drm_gem_object_put_unlocked(&bo->base); | ||
929 | + | ||
930 | return 0; | ||
931 | |||
932 | err_vunmap: | ||
933 | - drm_gem_shmem_vunmap(&perfcnt->bo->base.base, perfcnt->buf); | ||
934 | + drm_gem_shmem_vunmap(&bo->base, perfcnt->buf); | ||
935 | +err_put_mapping: | ||
936 | + panfrost_gem_mapping_put(perfcnt->mapping); | ||
937 | err_close_bo: | ||
938 | - panfrost_gem_close(&perfcnt->bo->base.base, file_priv); | ||
939 | + panfrost_gem_close(&bo->base, file_priv); | ||
940 | err_put_bo: | ||
941 | drm_gem_object_put_unlocked(&bo->base); | ||
942 | return ret; | ||
943 | @@ -182,11 +192,11 @@ static int panfrost_perfcnt_disable_locked(struct panfrost_device *pfdev, | ||
944 | GPU_PERFCNT_CFG_MODE(GPU_PERFCNT_CFG_MODE_OFF)); | ||
945 | |||
946 | perfcnt->user = NULL; | ||
947 | - drm_gem_shmem_vunmap(&perfcnt->bo->base.base, perfcnt->buf); | ||
948 | + drm_gem_shmem_vunmap(&perfcnt->mapping->obj->base.base, perfcnt->buf); | ||
949 | perfcnt->buf = NULL; | ||
950 | - panfrost_gem_close(&perfcnt->bo->base.base, file_priv); | ||
951 | - drm_gem_object_put_unlocked(&perfcnt->bo->base.base); | ||
952 | - perfcnt->bo = NULL; | ||
953 | + panfrost_gem_close(&perfcnt->mapping->obj->base.base, file_priv); | ||
954 | + panfrost_gem_mapping_put(perfcnt->mapping); | ||
955 | + perfcnt->mapping = NULL; | ||
956 | pm_runtime_mark_last_busy(pfdev->dev); | ||
957 | pm_runtime_put_autosuspend(pfdev->dev); | ||
958 | |||
959 | diff --git a/drivers/hwmon/adt7475.c b/drivers/hwmon/adt7475.c | ||
960 | index 6c64d50c9aae..01c2eeb02aa9 100644 | ||
961 | --- a/drivers/hwmon/adt7475.c | ||
962 | +++ b/drivers/hwmon/adt7475.c | ||
963 | @@ -294,9 +294,10 @@ static inline u16 volt2reg(int channel, long volt, u8 bypass_attn) | ||
964 | long reg; | ||
965 | |||
966 | if (bypass_attn & (1 << channel)) | ||
967 | - reg = (volt * 1024) / 2250; | ||
968 | + reg = DIV_ROUND_CLOSEST(volt * 1024, 2250); | ||
969 | else | ||
970 | - reg = (volt * r[1] * 1024) / ((r[0] + r[1]) * 2250); | ||
971 | + reg = DIV_ROUND_CLOSEST(volt * r[1] * 1024, | ||
972 | + (r[0] + r[1]) * 2250); | ||
973 | return clamp_val(reg, 0, 1023) & (0xff << 2); | ||
974 | } | ||
975 | |||
976 | diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c | ||
977 | index 1f3b30b085b9..d018b20089ec 100644 | ||
978 | --- a/drivers/hwmon/hwmon.c | ||
979 | +++ b/drivers/hwmon/hwmon.c | ||
980 | @@ -51,6 +51,7 @@ struct hwmon_device_attribute { | ||
981 | |||
982 | #define to_hwmon_attr(d) \ | ||
983 | container_of(d, struct hwmon_device_attribute, dev_attr) | ||
984 | +#define to_dev_attr(a) container_of(a, struct device_attribute, attr) | ||
985 | |||
986 | /* | ||
987 | * Thermal zone information | ||
988 | @@ -58,7 +59,7 @@ struct hwmon_device_attribute { | ||
989 | * also provides the sensor index. | ||
990 | */ | ||
991 | struct hwmon_thermal_data { | ||
992 | - struct hwmon_device *hwdev; /* Reference to hwmon device */ | ||
993 | + struct device *dev; /* Reference to hwmon device */ | ||
994 | int index; /* sensor index */ | ||
995 | }; | ||
996 | |||
997 | @@ -95,9 +96,27 @@ static const struct attribute_group *hwmon_dev_attr_groups[] = { | ||
998 | NULL | ||
999 | }; | ||
1000 | |||
1001 | +static void hwmon_free_attrs(struct attribute **attrs) | ||
1002 | +{ | ||
1003 | + int i; | ||
1004 | + | ||
1005 | + for (i = 0; attrs[i]; i++) { | ||
1006 | + struct device_attribute *dattr = to_dev_attr(attrs[i]); | ||
1007 | + struct hwmon_device_attribute *hattr = to_hwmon_attr(dattr); | ||
1008 | + | ||
1009 | + kfree(hattr); | ||
1010 | + } | ||
1011 | + kfree(attrs); | ||
1012 | +} | ||
1013 | + | ||
1014 | static void hwmon_dev_release(struct device *dev) | ||
1015 | { | ||
1016 | - kfree(to_hwmon_device(dev)); | ||
1017 | + struct hwmon_device *hwdev = to_hwmon_device(dev); | ||
1018 | + | ||
1019 | + if (hwdev->group.attrs) | ||
1020 | + hwmon_free_attrs(hwdev->group.attrs); | ||
1021 | + kfree(hwdev->groups); | ||
1022 | + kfree(hwdev); | ||
1023 | } | ||
1024 | |||
1025 | static struct class hwmon_class = { | ||
1026 | @@ -119,11 +138,11 @@ static DEFINE_IDA(hwmon_ida); | ||
1027 | static int hwmon_thermal_get_temp(void *data, int *temp) | ||
1028 | { | ||
1029 | struct hwmon_thermal_data *tdata = data; | ||
1030 | - struct hwmon_device *hwdev = tdata->hwdev; | ||
1031 | + struct hwmon_device *hwdev = to_hwmon_device(tdata->dev); | ||
1032 | int ret; | ||
1033 | long t; | ||
1034 | |||
1035 | - ret = hwdev->chip->ops->read(&hwdev->dev, hwmon_temp, hwmon_temp_input, | ||
1036 | + ret = hwdev->chip->ops->read(tdata->dev, hwmon_temp, hwmon_temp_input, | ||
1037 | tdata->index, &t); | ||
1038 | if (ret < 0) | ||
1039 | return ret; | ||
1040 | @@ -137,8 +156,7 @@ static const struct thermal_zone_of_device_ops hwmon_thermal_ops = { | ||
1041 | .get_temp = hwmon_thermal_get_temp, | ||
1042 | }; | ||
1043 | |||
1044 | -static int hwmon_thermal_add_sensor(struct device *dev, | ||
1045 | - struct hwmon_device *hwdev, int index) | ||
1046 | +static int hwmon_thermal_add_sensor(struct device *dev, int index) | ||
1047 | { | ||
1048 | struct hwmon_thermal_data *tdata; | ||
1049 | struct thermal_zone_device *tzd; | ||
1050 | @@ -147,10 +165,10 @@ static int hwmon_thermal_add_sensor(struct device *dev, | ||
1051 | if (!tdata) | ||
1052 | return -ENOMEM; | ||
1053 | |||
1054 | - tdata->hwdev = hwdev; | ||
1055 | + tdata->dev = dev; | ||
1056 | tdata->index = index; | ||
1057 | |||
1058 | - tzd = devm_thermal_zone_of_sensor_register(&hwdev->dev, index, tdata, | ||
1059 | + tzd = devm_thermal_zone_of_sensor_register(dev, index, tdata, | ||
1060 | &hwmon_thermal_ops); | ||
1061 | /* | ||
1062 | * If CONFIG_THERMAL_OF is disabled, this returns -ENODEV, | ||
1063 | @@ -162,8 +180,7 @@ static int hwmon_thermal_add_sensor(struct device *dev, | ||
1064 | return 0; | ||
1065 | } | ||
1066 | #else | ||
1067 | -static int hwmon_thermal_add_sensor(struct device *dev, | ||
1068 | - struct hwmon_device *hwdev, int index) | ||
1069 | +static int hwmon_thermal_add_sensor(struct device *dev, int index) | ||
1070 | { | ||
1071 | return 0; | ||
1072 | } | ||
1073 | @@ -250,8 +267,7 @@ static bool is_string_attr(enum hwmon_sensor_types type, u32 attr) | ||
1074 | (type == hwmon_fan && attr == hwmon_fan_label); | ||
1075 | } | ||
1076 | |||
1077 | -static struct attribute *hwmon_genattr(struct device *dev, | ||
1078 | - const void *drvdata, | ||
1079 | +static struct attribute *hwmon_genattr(const void *drvdata, | ||
1080 | enum hwmon_sensor_types type, | ||
1081 | u32 attr, | ||
1082 | int index, | ||
1083 | @@ -279,7 +295,7 @@ static struct attribute *hwmon_genattr(struct device *dev, | ||
1084 | if ((mode & 0222) && !ops->write) | ||
1085 | return ERR_PTR(-EINVAL); | ||
1086 | |||
1087 | - hattr = devm_kzalloc(dev, sizeof(*hattr), GFP_KERNEL); | ||
1088 | + hattr = kzalloc(sizeof(*hattr), GFP_KERNEL); | ||
1089 | if (!hattr) | ||
1090 | return ERR_PTR(-ENOMEM); | ||
1091 | |||
1092 | @@ -492,8 +508,7 @@ static int hwmon_num_channel_attrs(const struct hwmon_channel_info *info) | ||
1093 | return n; | ||
1094 | } | ||
1095 | |||
1096 | -static int hwmon_genattrs(struct device *dev, | ||
1097 | - const void *drvdata, | ||
1098 | +static int hwmon_genattrs(const void *drvdata, | ||
1099 | struct attribute **attrs, | ||
1100 | const struct hwmon_ops *ops, | ||
1101 | const struct hwmon_channel_info *info) | ||
1102 | @@ -519,7 +534,7 @@ static int hwmon_genattrs(struct device *dev, | ||
1103 | attr_mask &= ~BIT(attr); | ||
1104 | if (attr >= template_size) | ||
1105 | return -EINVAL; | ||
1106 | - a = hwmon_genattr(dev, drvdata, info->type, attr, i, | ||
1107 | + a = hwmon_genattr(drvdata, info->type, attr, i, | ||
1108 | templates[attr], ops); | ||
1109 | if (IS_ERR(a)) { | ||
1110 | if (PTR_ERR(a) != -ENOENT) | ||
1111 | @@ -533,8 +548,7 @@ static int hwmon_genattrs(struct device *dev, | ||
1112 | } | ||
1113 | |||
1114 | static struct attribute ** | ||
1115 | -__hwmon_create_attrs(struct device *dev, const void *drvdata, | ||
1116 | - const struct hwmon_chip_info *chip) | ||
1117 | +__hwmon_create_attrs(const void *drvdata, const struct hwmon_chip_info *chip) | ||
1118 | { | ||
1119 | int ret, i, aindex = 0, nattrs = 0; | ||
1120 | struct attribute **attrs; | ||
1121 | @@ -545,15 +559,17 @@ __hwmon_create_attrs(struct device *dev, const void *drvdata, | ||
1122 | if (nattrs == 0) | ||
1123 | return ERR_PTR(-EINVAL); | ||
1124 | |||
1125 | - attrs = devm_kcalloc(dev, nattrs + 1, sizeof(*attrs), GFP_KERNEL); | ||
1126 | + attrs = kcalloc(nattrs + 1, sizeof(*attrs), GFP_KERNEL); | ||
1127 | if (!attrs) | ||
1128 | return ERR_PTR(-ENOMEM); | ||
1129 | |||
1130 | for (i = 0; chip->info[i]; i++) { | ||
1131 | - ret = hwmon_genattrs(dev, drvdata, &attrs[aindex], chip->ops, | ||
1132 | + ret = hwmon_genattrs(drvdata, &attrs[aindex], chip->ops, | ||
1133 | chip->info[i]); | ||
1134 | - if (ret < 0) | ||
1135 | + if (ret < 0) { | ||
1136 | + hwmon_free_attrs(attrs); | ||
1137 | return ERR_PTR(ret); | ||
1138 | + } | ||
1139 | aindex += ret; | ||
1140 | } | ||
1141 | |||
1142 | @@ -595,14 +611,13 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, | ||
1143 | for (i = 0; groups[i]; i++) | ||
1144 | ngroups++; | ||
1145 | |||
1146 | - hwdev->groups = devm_kcalloc(dev, ngroups, sizeof(*groups), | ||
1147 | - GFP_KERNEL); | ||
1148 | + hwdev->groups = kcalloc(ngroups, sizeof(*groups), GFP_KERNEL); | ||
1149 | if (!hwdev->groups) { | ||
1150 | err = -ENOMEM; | ||
1151 | goto free_hwmon; | ||
1152 | } | ||
1153 | |||
1154 | - attrs = __hwmon_create_attrs(dev, drvdata, chip); | ||
1155 | + attrs = __hwmon_create_attrs(drvdata, chip); | ||
1156 | if (IS_ERR(attrs)) { | ||
1157 | err = PTR_ERR(attrs); | ||
1158 | goto free_hwmon; | ||
1159 | @@ -647,8 +662,7 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, | ||
1160 | hwmon_temp_input, j)) | ||
1161 | continue; | ||
1162 | if (info[i]->config[j] & HWMON_T_INPUT) { | ||
1163 | - err = hwmon_thermal_add_sensor(dev, | ||
1164 | - hwdev, j); | ||
1165 | + err = hwmon_thermal_add_sensor(hdev, j); | ||
1166 | if (err) { | ||
1167 | device_unregister(hdev); | ||
1168 | /* | ||
1169 | @@ -667,7 +681,7 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, | ||
1170 | return hdev; | ||
1171 | |||
1172 | free_hwmon: | ||
1173 | - kfree(hwdev); | ||
1174 | + hwmon_dev_release(hdev); | ||
1175 | ida_remove: | ||
1176 | ida_simple_remove(&hwmon_ida, id); | ||
1177 | return ERR_PTR(err); | ||
1178 | diff --git a/drivers/hwmon/nct7802.c b/drivers/hwmon/nct7802.c | ||
1179 | index f3dd2a17bd42..2e97e56c72c7 100644 | ||
1180 | --- a/drivers/hwmon/nct7802.c | ||
1181 | +++ b/drivers/hwmon/nct7802.c | ||
1182 | @@ -23,8 +23,8 @@ | ||
1183 | static const u8 REG_VOLTAGE[5] = { 0x09, 0x0a, 0x0c, 0x0d, 0x0e }; | ||
1184 | |||
1185 | static const u8 REG_VOLTAGE_LIMIT_LSB[2][5] = { | ||
1186 | - { 0x40, 0x00, 0x42, 0x44, 0x46 }, | ||
1187 | - { 0x3f, 0x00, 0x41, 0x43, 0x45 }, | ||
1188 | + { 0x46, 0x00, 0x40, 0x42, 0x44 }, | ||
1189 | + { 0x45, 0x00, 0x3f, 0x41, 0x43 }, | ||
1190 | }; | ||
1191 | |||
1192 | static const u8 REG_VOLTAGE_LIMIT_MSB[5] = { 0x48, 0x00, 0x47, 0x47, 0x48 }; | ||
1193 | @@ -58,6 +58,8 @@ static const u8 REG_VOLTAGE_LIMIT_MSB_SHIFT[2][5] = { | ||
1194 | struct nct7802_data { | ||
1195 | struct regmap *regmap; | ||
1196 | struct mutex access_lock; /* for multi-byte read and write operations */ | ||
1197 | + u8 in_status; | ||
1198 | + struct mutex in_alarm_lock; | ||
1199 | }; | ||
1200 | |||
1201 | static ssize_t temp_type_show(struct device *dev, | ||
1202 | @@ -368,6 +370,66 @@ static ssize_t in_store(struct device *dev, struct device_attribute *attr, | ||
1203 | return err ? : count; | ||
1204 | } | ||
1205 | |||
1206 | +static ssize_t in_alarm_show(struct device *dev, struct device_attribute *attr, | ||
1207 | + char *buf) | ||
1208 | +{ | ||
1209 | + struct sensor_device_attribute_2 *sattr = to_sensor_dev_attr_2(attr); | ||
1210 | + struct nct7802_data *data = dev_get_drvdata(dev); | ||
1211 | + int volt, min, max, ret; | ||
1212 | + unsigned int val; | ||
1213 | + | ||
1214 | + mutex_lock(&data->in_alarm_lock); | ||
1215 | + | ||
1216 | + /* | ||
1217 | + * The SMI Voltage status register is the only register giving a status | ||
1218 | + * for voltages. A bit is set for each input crossing a threshold, in | ||
1219 | + * both direction, but the "inside" or "outside" limits info is not | ||
1220 | + * available. Also this register is cleared on read. | ||
1221 | + * Note: this is not explicitly spelled out in the datasheet, but | ||
1222 | + * from experiment. | ||
1223 | + * To deal with this we use a status cache with one validity bit and | ||
1224 | + * one status bit for each input. Validity is cleared at startup and | ||
1225 | + * each time the register reports a change, and the status is processed | ||
1226 | + * by software based on current input value and limits. | ||
1227 | + */ | ||
1228 | + ret = regmap_read(data->regmap, 0x1e, &val); /* SMI Voltage status */ | ||
1229 | + if (ret < 0) | ||
1230 | + goto abort; | ||
1231 | + | ||
1232 | + /* invalidate cached status for all inputs crossing a threshold */ | ||
1233 | + data->in_status &= ~((val & 0x0f) << 4); | ||
1234 | + | ||
1235 | + /* if cached status for requested input is invalid, update it */ | ||
1236 | + if (!(data->in_status & (0x10 << sattr->index))) { | ||
1237 | + ret = nct7802_read_voltage(data, sattr->nr, 0); | ||
1238 | + if (ret < 0) | ||
1239 | + goto abort; | ||
1240 | + volt = ret; | ||
1241 | + | ||
1242 | + ret = nct7802_read_voltage(data, sattr->nr, 1); | ||
1243 | + if (ret < 0) | ||
1244 | + goto abort; | ||
1245 | + min = ret; | ||
1246 | + | ||
1247 | + ret = nct7802_read_voltage(data, sattr->nr, 2); | ||
1248 | + if (ret < 0) | ||
1249 | + goto abort; | ||
1250 | + max = ret; | ||
1251 | + | ||
1252 | + if (volt < min || volt > max) | ||
1253 | + data->in_status |= (1 << sattr->index); | ||
1254 | + else | ||
1255 | + data->in_status &= ~(1 << sattr->index); | ||
1256 | + | ||
1257 | + data->in_status |= 0x10 << sattr->index; | ||
1258 | + } | ||
1259 | + | ||
1260 | + ret = sprintf(buf, "%u\n", !!(data->in_status & (1 << sattr->index))); | ||
1261 | +abort: | ||
1262 | + mutex_unlock(&data->in_alarm_lock); | ||
1263 | + return ret; | ||
1264 | +} | ||
1265 | + | ||
1266 | static ssize_t temp_show(struct device *dev, struct device_attribute *attr, | ||
1267 | char *buf) | ||
1268 | { | ||
1269 | @@ -660,7 +722,7 @@ static const struct attribute_group nct7802_temp_group = { | ||
1270 | static SENSOR_DEVICE_ATTR_2_RO(in0_input, in, 0, 0); | ||
1271 | static SENSOR_DEVICE_ATTR_2_RW(in0_min, in, 0, 1); | ||
1272 | static SENSOR_DEVICE_ATTR_2_RW(in0_max, in, 0, 2); | ||
1273 | -static SENSOR_DEVICE_ATTR_2_RO(in0_alarm, alarm, 0x1e, 3); | ||
1274 | +static SENSOR_DEVICE_ATTR_2_RO(in0_alarm, in_alarm, 0, 3); | ||
1275 | static SENSOR_DEVICE_ATTR_2_RW(in0_beep, beep, 0x5a, 3); | ||
1276 | |||
1277 | static SENSOR_DEVICE_ATTR_2_RO(in1_input, in, 1, 0); | ||
1278 | @@ -668,19 +730,19 @@ static SENSOR_DEVICE_ATTR_2_RO(in1_input, in, 1, 0); | ||
1279 | static SENSOR_DEVICE_ATTR_2_RO(in2_input, in, 2, 0); | ||
1280 | static SENSOR_DEVICE_ATTR_2_RW(in2_min, in, 2, 1); | ||
1281 | static SENSOR_DEVICE_ATTR_2_RW(in2_max, in, 2, 2); | ||
1282 | -static SENSOR_DEVICE_ATTR_2_RO(in2_alarm, alarm, 0x1e, 0); | ||
1283 | +static SENSOR_DEVICE_ATTR_2_RO(in2_alarm, in_alarm, 2, 0); | ||
1284 | static SENSOR_DEVICE_ATTR_2_RW(in2_beep, beep, 0x5a, 0); | ||
1285 | |||
1286 | static SENSOR_DEVICE_ATTR_2_RO(in3_input, in, 3, 0); | ||
1287 | static SENSOR_DEVICE_ATTR_2_RW(in3_min, in, 3, 1); | ||
1288 | static SENSOR_DEVICE_ATTR_2_RW(in3_max, in, 3, 2); | ||
1289 | -static SENSOR_DEVICE_ATTR_2_RO(in3_alarm, alarm, 0x1e, 1); | ||
1290 | +static SENSOR_DEVICE_ATTR_2_RO(in3_alarm, in_alarm, 3, 1); | ||
1291 | static SENSOR_DEVICE_ATTR_2_RW(in3_beep, beep, 0x5a, 1); | ||
1292 | |||
1293 | static SENSOR_DEVICE_ATTR_2_RO(in4_input, in, 4, 0); | ||
1294 | static SENSOR_DEVICE_ATTR_2_RW(in4_min, in, 4, 1); | ||
1295 | static SENSOR_DEVICE_ATTR_2_RW(in4_max, in, 4, 2); | ||
1296 | -static SENSOR_DEVICE_ATTR_2_RO(in4_alarm, alarm, 0x1e, 2); | ||
1297 | +static SENSOR_DEVICE_ATTR_2_RO(in4_alarm, in_alarm, 4, 2); | ||
1298 | static SENSOR_DEVICE_ATTR_2_RW(in4_beep, beep, 0x5a, 2); | ||
1299 | |||
1300 | static struct attribute *nct7802_in_attrs[] = { | ||
1301 | @@ -1011,6 +1073,7 @@ static int nct7802_probe(struct i2c_client *client, | ||
1302 | return PTR_ERR(data->regmap); | ||
1303 | |||
1304 | mutex_init(&data->access_lock); | ||
1305 | + mutex_init(&data->in_alarm_lock); | ||
1306 | |||
1307 | ret = nct7802_init_chip(data); | ||
1308 | if (ret < 0) | ||
1309 | diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c | ||
1310 | index a1a035270cab..b273e421e910 100644 | ||
1311 | --- a/drivers/infiniband/ulp/isert/ib_isert.c | ||
1312 | +++ b/drivers/infiniband/ulp/isert/ib_isert.c | ||
1313 | @@ -2575,17 +2575,6 @@ isert_wait4logout(struct isert_conn *isert_conn) | ||
1314 | } | ||
1315 | } | ||
1316 | |||
1317 | -static void | ||
1318 | -isert_wait4cmds(struct iscsi_conn *conn) | ||
1319 | -{ | ||
1320 | - isert_info("iscsi_conn %p\n", conn); | ||
1321 | - | ||
1322 | - if (conn->sess) { | ||
1323 | - target_sess_cmd_list_set_waiting(conn->sess->se_sess); | ||
1324 | - target_wait_for_sess_cmds(conn->sess->se_sess); | ||
1325 | - } | ||
1326 | -} | ||
1327 | - | ||
1328 | /** | ||
1329 | * isert_put_unsol_pending_cmds() - Drop commands waiting for | ||
1330 | * unsolicitate dataout | ||
1331 | @@ -2633,7 +2622,6 @@ static void isert_wait_conn(struct iscsi_conn *conn) | ||
1332 | |||
1333 | ib_drain_qp(isert_conn->qp); | ||
1334 | isert_put_unsol_pending_cmds(conn); | ||
1335 | - isert_wait4cmds(conn); | ||
1336 | isert_wait4logout(isert_conn); | ||
1337 | |||
1338 | queue_work(isert_release_wq, &isert_conn->release_work); | ||
1339 | diff --git a/drivers/input/misc/keyspan_remote.c b/drivers/input/misc/keyspan_remote.c | ||
1340 | index 83368f1e7c4e..4650f4a94989 100644 | ||
1341 | --- a/drivers/input/misc/keyspan_remote.c | ||
1342 | +++ b/drivers/input/misc/keyspan_remote.c | ||
1343 | @@ -336,7 +336,8 @@ static int keyspan_setup(struct usb_device* dev) | ||
1344 | int retval = 0; | ||
1345 | |||
1346 | retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), | ||
1347 | - 0x11, 0x40, 0x5601, 0x0, NULL, 0, 0); | ||
1348 | + 0x11, 0x40, 0x5601, 0x0, NULL, 0, | ||
1349 | + USB_CTRL_SET_TIMEOUT); | ||
1350 | if (retval) { | ||
1351 | dev_dbg(&dev->dev, "%s - failed to set bit rate due to error: %d\n", | ||
1352 | __func__, retval); | ||
1353 | @@ -344,7 +345,8 @@ static int keyspan_setup(struct usb_device* dev) | ||
1354 | } | ||
1355 | |||
1356 | retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), | ||
1357 | - 0x44, 0x40, 0x0, 0x0, NULL, 0, 0); | ||
1358 | + 0x44, 0x40, 0x0, 0x0, NULL, 0, | ||
1359 | + USB_CTRL_SET_TIMEOUT); | ||
1360 | if (retval) { | ||
1361 | dev_dbg(&dev->dev, "%s - failed to set resume sensitivity due to error: %d\n", | ||
1362 | __func__, retval); | ||
1363 | @@ -352,7 +354,8 @@ static int keyspan_setup(struct usb_device* dev) | ||
1364 | } | ||
1365 | |||
1366 | retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), | ||
1367 | - 0x22, 0x40, 0x0, 0x0, NULL, 0, 0); | ||
1368 | + 0x22, 0x40, 0x0, 0x0, NULL, 0, | ||
1369 | + USB_CTRL_SET_TIMEOUT); | ||
1370 | if (retval) { | ||
1371 | dev_dbg(&dev->dev, "%s - failed to turn receive on due to error: %d\n", | ||
1372 | __func__, retval); | ||
1373 | diff --git a/drivers/input/misc/pm8xxx-vibrator.c b/drivers/input/misc/pm8xxx-vibrator.c | ||
1374 | index ecd762f93732..53ad25eaf1a2 100644 | ||
1375 | --- a/drivers/input/misc/pm8xxx-vibrator.c | ||
1376 | +++ b/drivers/input/misc/pm8xxx-vibrator.c | ||
1377 | @@ -90,7 +90,7 @@ static int pm8xxx_vib_set(struct pm8xxx_vib *vib, bool on) | ||
1378 | |||
1379 | if (regs->enable_mask) | ||
1380 | rc = regmap_update_bits(vib->regmap, regs->enable_addr, | ||
1381 | - on ? regs->enable_mask : 0, val); | ||
1382 | + regs->enable_mask, on ? ~0 : 0); | ||
1383 | |||
1384 | return rc; | ||
1385 | } | ||
1386 | diff --git a/drivers/input/rmi4/rmi_smbus.c b/drivers/input/rmi4/rmi_smbus.c | ||
1387 | index b313c579914f..2407ea43de59 100644 | ||
1388 | --- a/drivers/input/rmi4/rmi_smbus.c | ||
1389 | +++ b/drivers/input/rmi4/rmi_smbus.c | ||
1390 | @@ -163,6 +163,7 @@ static int rmi_smb_write_block(struct rmi_transport_dev *xport, u16 rmiaddr, | ||
1391 | /* prepare to write next block of bytes */ | ||
1392 | cur_len -= SMB_MAX_COUNT; | ||
1393 | databuff += SMB_MAX_COUNT; | ||
1394 | + rmiaddr += SMB_MAX_COUNT; | ||
1395 | } | ||
1396 | exit: | ||
1397 | mutex_unlock(&rmi_smb->page_mutex); | ||
1398 | @@ -214,6 +215,7 @@ static int rmi_smb_read_block(struct rmi_transport_dev *xport, u16 rmiaddr, | ||
1399 | /* prepare to read next block of bytes */ | ||
1400 | cur_len -= SMB_MAX_COUNT; | ||
1401 | databuff += SMB_MAX_COUNT; | ||
1402 | + rmiaddr += SMB_MAX_COUNT; | ||
1403 | } | ||
1404 | |||
1405 | retval = 0; | ||
1406 | diff --git a/drivers/input/tablet/aiptek.c b/drivers/input/tablet/aiptek.c | ||
1407 | index 2ca586fb914f..06d0ffef4a17 100644 | ||
1408 | --- a/drivers/input/tablet/aiptek.c | ||
1409 | +++ b/drivers/input/tablet/aiptek.c | ||
1410 | @@ -1802,14 +1802,14 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id) | ||
1411 | input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_MAX - 1, 0, 0); | ||
1412 | |||
1413 | /* Verify that a device really has an endpoint */ | ||
1414 | - if (intf->altsetting[0].desc.bNumEndpoints < 1) { | ||
1415 | + if (intf->cur_altsetting->desc.bNumEndpoints < 1) { | ||
1416 | dev_err(&intf->dev, | ||
1417 | "interface has %d endpoints, but must have minimum 1\n", | ||
1418 | - intf->altsetting[0].desc.bNumEndpoints); | ||
1419 | + intf->cur_altsetting->desc.bNumEndpoints); | ||
1420 | err = -EINVAL; | ||
1421 | goto fail3; | ||
1422 | } | ||
1423 | - endpoint = &intf->altsetting[0].endpoint[0].desc; | ||
1424 | + endpoint = &intf->cur_altsetting->endpoint[0].desc; | ||
1425 | |||
1426 | /* Go set up our URB, which is called when the tablet receives | ||
1427 | * input. | ||
1428 | diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c | ||
1429 | index 35031228a6d0..799c94dda651 100644 | ||
1430 | --- a/drivers/input/tablet/gtco.c | ||
1431 | +++ b/drivers/input/tablet/gtco.c | ||
1432 | @@ -875,18 +875,14 @@ static int gtco_probe(struct usb_interface *usbinterface, | ||
1433 | } | ||
1434 | |||
1435 | /* Sanity check that a device has an endpoint */ | ||
1436 | - if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { | ||
1437 | + if (usbinterface->cur_altsetting->desc.bNumEndpoints < 1) { | ||
1438 | dev_err(&usbinterface->dev, | ||
1439 | "Invalid number of endpoints\n"); | ||
1440 | error = -EINVAL; | ||
1441 | goto err_free_urb; | ||
1442 | } | ||
1443 | |||
1444 | - /* | ||
1445 | - * The endpoint is always altsetting 0, we know this since we know | ||
1446 | - * this device only has one interrupt endpoint | ||
1447 | - */ | ||
1448 | - endpoint = &usbinterface->altsetting[0].endpoint[0].desc; | ||
1449 | + endpoint = &usbinterface->cur_altsetting->endpoint[0].desc; | ||
1450 | |||
1451 | /* Some debug */ | ||
1452 | dev_dbg(&usbinterface->dev, "gtco # interfaces: %d\n", usbinterface->num_altsetting); | ||
1453 | @@ -973,7 +969,7 @@ static int gtco_probe(struct usb_interface *usbinterface, | ||
1454 | input_dev->dev.parent = &usbinterface->dev; | ||
1455 | |||
1456 | /* Setup the URB, it will be posted later on open of input device */ | ||
1457 | - endpoint = &usbinterface->altsetting[0].endpoint[0].desc; | ||
1458 | + endpoint = &usbinterface->cur_altsetting->endpoint[0].desc; | ||
1459 | |||
1460 | usb_fill_int_urb(gtco->urbinfo, | ||
1461 | udev, | ||
1462 | diff --git a/drivers/input/tablet/pegasus_notetaker.c b/drivers/input/tablet/pegasus_notetaker.c | ||
1463 | index a1f3a0cb197e..38f087404f7a 100644 | ||
1464 | --- a/drivers/input/tablet/pegasus_notetaker.c | ||
1465 | +++ b/drivers/input/tablet/pegasus_notetaker.c | ||
1466 | @@ -275,7 +275,7 @@ static int pegasus_probe(struct usb_interface *intf, | ||
1467 | return -ENODEV; | ||
1468 | |||
1469 | /* Sanity check that the device has an endpoint */ | ||
1470 | - if (intf->altsetting[0].desc.bNumEndpoints < 1) { | ||
1471 | + if (intf->cur_altsetting->desc.bNumEndpoints < 1) { | ||
1472 | dev_err(&intf->dev, "Invalid number of endpoints\n"); | ||
1473 | return -EINVAL; | ||
1474 | } | ||
1475 | diff --git a/drivers/input/touchscreen/sun4i-ts.c b/drivers/input/touchscreen/sun4i-ts.c | ||
1476 | index 0af0fe8c40d7..742a7e96c1b5 100644 | ||
1477 | --- a/drivers/input/touchscreen/sun4i-ts.c | ||
1478 | +++ b/drivers/input/touchscreen/sun4i-ts.c | ||
1479 | @@ -237,6 +237,7 @@ static int sun4i_ts_probe(struct platform_device *pdev) | ||
1480 | struct device *dev = &pdev->dev; | ||
1481 | struct device_node *np = dev->of_node; | ||
1482 | struct device *hwmon; | ||
1483 | + struct thermal_zone_device *thermal; | ||
1484 | int error; | ||
1485 | u32 reg; | ||
1486 | bool ts_attached; | ||
1487 | @@ -355,7 +356,10 @@ static int sun4i_ts_probe(struct platform_device *pdev) | ||
1488 | if (IS_ERR(hwmon)) | ||
1489 | return PTR_ERR(hwmon); | ||
1490 | |||
1491 | - devm_thermal_zone_of_sensor_register(ts->dev, 0, ts, &sun4i_ts_tz_ops); | ||
1492 | + thermal = devm_thermal_zone_of_sensor_register(ts->dev, 0, ts, | ||
1493 | + &sun4i_ts_tz_ops); | ||
1494 | + if (IS_ERR(thermal)) | ||
1495 | + return PTR_ERR(thermal); | ||
1496 | |||
1497 | writel(TEMP_IRQ_EN(1), ts->base + TP_INT_FIFOC); | ||
1498 | |||
1499 | diff --git a/drivers/input/touchscreen/sur40.c b/drivers/input/touchscreen/sur40.c | ||
1500 | index 3fd3e862269b..2e2ea5719c90 100644 | ||
1501 | --- a/drivers/input/touchscreen/sur40.c | ||
1502 | +++ b/drivers/input/touchscreen/sur40.c | ||
1503 | @@ -653,7 +653,7 @@ static int sur40_probe(struct usb_interface *interface, | ||
1504 | int error; | ||
1505 | |||
1506 | /* Check if we really have the right interface. */ | ||
1507 | - iface_desc = &interface->altsetting[0]; | ||
1508 | + iface_desc = interface->cur_altsetting; | ||
1509 | if (iface_desc->desc.bInterfaceClass != 0xFF) | ||
1510 | return -ENODEV; | ||
1511 | |||
1512 | diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c | ||
1513 | index 568c52317757..483f7bc379fa 100644 | ||
1514 | --- a/drivers/iommu/amd_iommu_init.c | ||
1515 | +++ b/drivers/iommu/amd_iommu_init.c | ||
1516 | @@ -1655,27 +1655,39 @@ static int iommu_pc_get_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, | ||
1517 | static void init_iommu_perf_ctr(struct amd_iommu *iommu) | ||
1518 | { | ||
1519 | struct pci_dev *pdev = iommu->dev; | ||
1520 | - u64 val = 0xabcd, val2 = 0; | ||
1521 | + u64 val = 0xabcd, val2 = 0, save_reg = 0; | ||
1522 | |||
1523 | if (!iommu_feature(iommu, FEATURE_PC)) | ||
1524 | return; | ||
1525 | |||
1526 | amd_iommu_pc_present = true; | ||
1527 | |||
1528 | + /* save the value to restore, if writable */ | ||
1529 | + if (iommu_pc_get_set_reg(iommu, 0, 0, 0, &save_reg, false)) | ||
1530 | + goto pc_false; | ||
1531 | + | ||
1532 | /* Check if the performance counters can be written to */ | ||
1533 | if ((iommu_pc_get_set_reg(iommu, 0, 0, 0, &val, true)) || | ||
1534 | (iommu_pc_get_set_reg(iommu, 0, 0, 0, &val2, false)) || | ||
1535 | - (val != val2)) { | ||
1536 | - pci_err(pdev, "Unable to write to IOMMU perf counter.\n"); | ||
1537 | - amd_iommu_pc_present = false; | ||
1538 | - return; | ||
1539 | - } | ||
1540 | + (val != val2)) | ||
1541 | + goto pc_false; | ||
1542 | + | ||
1543 | + /* restore */ | ||
1544 | + if (iommu_pc_get_set_reg(iommu, 0, 0, 0, &save_reg, true)) | ||
1545 | + goto pc_false; | ||
1546 | |||
1547 | pci_info(pdev, "IOMMU performance counters supported\n"); | ||
1548 | |||
1549 | val = readl(iommu->mmio_base + MMIO_CNTR_CONF_OFFSET); | ||
1550 | iommu->max_banks = (u8) ((val >> 12) & 0x3f); | ||
1551 | iommu->max_counters = (u8) ((val >> 7) & 0xf); | ||
1552 | + | ||
1553 | + return; | ||
1554 | + | ||
1555 | +pc_false: | ||
1556 | + pci_err(pdev, "Unable to read/write to IOMMU perf counter.\n"); | ||
1557 | + amd_iommu_pc_present = false; | ||
1558 | + return; | ||
1559 | } | ||
1560 | |||
1561 | static ssize_t amd_iommu_show_cap(struct device *dev, | ||
1562 | diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c | ||
1563 | index e84c5dfe146f..dd5db856dcaf 100644 | ||
1564 | --- a/drivers/iommu/intel-iommu.c | ||
1565 | +++ b/drivers/iommu/intel-iommu.c | ||
1566 | @@ -5132,7 +5132,8 @@ static void dmar_remove_one_dev_info(struct device *dev) | ||
1567 | |||
1568 | spin_lock_irqsave(&device_domain_lock, flags); | ||
1569 | info = dev->archdata.iommu; | ||
1570 | - if (info) | ||
1571 | + if (info && info != DEFER_DEVICE_DOMAIN_INFO | ||
1572 | + && info != DUMMY_DEVICE_DOMAIN_INFO) | ||
1573 | __dmar_remove_one_dev_info(info); | ||
1574 | spin_unlock_irqrestore(&device_domain_lock, flags); | ||
1575 | } | ||
1576 | diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c | ||
1577 | index a5c73f3d5f79..2bf74595610f 100644 | ||
1578 | --- a/drivers/leds/leds-gpio.c | ||
1579 | +++ b/drivers/leds/leds-gpio.c | ||
1580 | @@ -151,9 +151,14 @@ static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev) | ||
1581 | struct gpio_led led = {}; | ||
1582 | const char *state = NULL; | ||
1583 | |||
1584 | + /* | ||
1585 | + * Acquire gpiod from DT with uninitialized label, which | ||
1586 | + * will be updated after LED class device is registered, | ||
1587 | + * Only then the final LED name is known. | ||
1588 | + */ | ||
1589 | led.gpiod = devm_fwnode_get_gpiod_from_child(dev, NULL, child, | ||
1590 | GPIOD_ASIS, | ||
1591 | - led.name); | ||
1592 | + NULL); | ||
1593 | if (IS_ERR(led.gpiod)) { | ||
1594 | fwnode_handle_put(child); | ||
1595 | return ERR_CAST(led.gpiod); | ||
1596 | @@ -186,6 +191,9 @@ static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev) | ||
1597 | fwnode_handle_put(child); | ||
1598 | return ERR_PTR(ret); | ||
1599 | } | ||
1600 | + /* Set gpiod label to match the corresponding LED name. */ | ||
1601 | + gpiod_set_consumer_name(led_dat->gpiod, | ||
1602 | + led_dat->cdev.dev->kobj.name); | ||
1603 | priv->num_leds++; | ||
1604 | } | ||
1605 | |||
1606 | diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c | ||
1607 | index 21bb96ce4cd6..58868d7129eb 100644 | ||
1608 | --- a/drivers/media/v4l2-core/v4l2-ioctl.c | ||
1609 | +++ b/drivers/media/v4l2-core/v4l2-ioctl.c | ||
1610 | @@ -1605,12 +1605,12 @@ static int v4l_s_fmt(const struct v4l2_ioctl_ops *ops, | ||
1611 | case V4L2_BUF_TYPE_VBI_CAPTURE: | ||
1612 | if (unlikely(!ops->vidioc_s_fmt_vbi_cap)) | ||
1613 | break; | ||
1614 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
1615 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
1616 | return ops->vidioc_s_fmt_vbi_cap(file, fh, arg); | ||
1617 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: | ||
1618 | if (unlikely(!ops->vidioc_s_fmt_sliced_vbi_cap)) | ||
1619 | break; | ||
1620 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
1621 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
1622 | return ops->vidioc_s_fmt_sliced_vbi_cap(file, fh, arg); | ||
1623 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: | ||
1624 | if (unlikely(!ops->vidioc_s_fmt_vid_out)) | ||
1625 | @@ -1636,22 +1636,22 @@ static int v4l_s_fmt(const struct v4l2_ioctl_ops *ops, | ||
1626 | case V4L2_BUF_TYPE_VBI_OUTPUT: | ||
1627 | if (unlikely(!ops->vidioc_s_fmt_vbi_out)) | ||
1628 | break; | ||
1629 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
1630 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
1631 | return ops->vidioc_s_fmt_vbi_out(file, fh, arg); | ||
1632 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: | ||
1633 | if (unlikely(!ops->vidioc_s_fmt_sliced_vbi_out)) | ||
1634 | break; | ||
1635 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
1636 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
1637 | return ops->vidioc_s_fmt_sliced_vbi_out(file, fh, arg); | ||
1638 | case V4L2_BUF_TYPE_SDR_CAPTURE: | ||
1639 | if (unlikely(!ops->vidioc_s_fmt_sdr_cap)) | ||
1640 | break; | ||
1641 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
1642 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
1643 | return ops->vidioc_s_fmt_sdr_cap(file, fh, arg); | ||
1644 | case V4L2_BUF_TYPE_SDR_OUTPUT: | ||
1645 | if (unlikely(!ops->vidioc_s_fmt_sdr_out)) | ||
1646 | break; | ||
1647 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
1648 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
1649 | return ops->vidioc_s_fmt_sdr_out(file, fh, arg); | ||
1650 | case V4L2_BUF_TYPE_META_CAPTURE: | ||
1651 | if (unlikely(!ops->vidioc_s_fmt_meta_cap)) | ||
1652 | @@ -1707,12 +1707,12 @@ static int v4l_try_fmt(const struct v4l2_ioctl_ops *ops, | ||
1653 | case V4L2_BUF_TYPE_VBI_CAPTURE: | ||
1654 | if (unlikely(!ops->vidioc_try_fmt_vbi_cap)) | ||
1655 | break; | ||
1656 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
1657 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
1658 | return ops->vidioc_try_fmt_vbi_cap(file, fh, arg); | ||
1659 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: | ||
1660 | if (unlikely(!ops->vidioc_try_fmt_sliced_vbi_cap)) | ||
1661 | break; | ||
1662 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
1663 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
1664 | return ops->vidioc_try_fmt_sliced_vbi_cap(file, fh, arg); | ||
1665 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: | ||
1666 | if (unlikely(!ops->vidioc_try_fmt_vid_out)) | ||
1667 | @@ -1738,22 +1738,22 @@ static int v4l_try_fmt(const struct v4l2_ioctl_ops *ops, | ||
1668 | case V4L2_BUF_TYPE_VBI_OUTPUT: | ||
1669 | if (unlikely(!ops->vidioc_try_fmt_vbi_out)) | ||
1670 | break; | ||
1671 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
1672 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
1673 | return ops->vidioc_try_fmt_vbi_out(file, fh, arg); | ||
1674 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: | ||
1675 | if (unlikely(!ops->vidioc_try_fmt_sliced_vbi_out)) | ||
1676 | break; | ||
1677 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
1678 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
1679 | return ops->vidioc_try_fmt_sliced_vbi_out(file, fh, arg); | ||
1680 | case V4L2_BUF_TYPE_SDR_CAPTURE: | ||
1681 | if (unlikely(!ops->vidioc_try_fmt_sdr_cap)) | ||
1682 | break; | ||
1683 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
1684 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
1685 | return ops->vidioc_try_fmt_sdr_cap(file, fh, arg); | ||
1686 | case V4L2_BUF_TYPE_SDR_OUTPUT: | ||
1687 | if (unlikely(!ops->vidioc_try_fmt_sdr_out)) | ||
1688 | break; | ||
1689 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
1690 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
1691 | return ops->vidioc_try_fmt_sdr_out(file, fh, arg); | ||
1692 | case V4L2_BUF_TYPE_META_CAPTURE: | ||
1693 | if (unlikely(!ops->vidioc_try_fmt_meta_cap)) | ||
1694 | diff --git a/drivers/mmc/host/sdhci-tegra.c b/drivers/mmc/host/sdhci-tegra.c | ||
1695 | index 7bc950520fd9..403ac44a7378 100644 | ||
1696 | --- a/drivers/mmc/host/sdhci-tegra.c | ||
1697 | +++ b/drivers/mmc/host/sdhci-tegra.c | ||
1698 | @@ -386,7 +386,7 @@ static void tegra_sdhci_reset(struct sdhci_host *host, u8 mask) | ||
1699 | misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_DDR50; | ||
1700 | if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR104) | ||
1701 | misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR104; | ||
1702 | - if (soc_data->nvquirks & SDHCI_MISC_CTRL_ENABLE_SDR50) | ||
1703 | + if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR50) | ||
1704 | clk_ctrl |= SDHCI_CLOCK_CTRL_SDR50_TUNING_OVERRIDE; | ||
1705 | } | ||
1706 | |||
1707 | diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c | ||
1708 | index 5f9df2dbde06..4478b94d4791 100644 | ||
1709 | --- a/drivers/mmc/host/sdhci.c | ||
1710 | +++ b/drivers/mmc/host/sdhci.c | ||
1711 | @@ -3902,11 +3902,13 @@ int sdhci_setup_host(struct sdhci_host *host) | ||
1712 | if (host->ops->get_min_clock) | ||
1713 | mmc->f_min = host->ops->get_min_clock(host); | ||
1714 | else if (host->version >= SDHCI_SPEC_300) { | ||
1715 | - if (host->clk_mul) { | ||
1716 | - mmc->f_min = (host->max_clk * host->clk_mul) / 1024; | ||
1717 | + if (host->clk_mul) | ||
1718 | max_clk = host->max_clk * host->clk_mul; | ||
1719 | - } else | ||
1720 | - mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_300; | ||
1721 | + /* | ||
1722 | + * Divided Clock Mode minimum clock rate is always less than | ||
1723 | + * Programmable Clock Mode minimum clock rate. | ||
1724 | + */ | ||
1725 | + mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_300; | ||
1726 | } else | ||
1727 | mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_200; | ||
1728 | |||
1729 | diff --git a/drivers/mmc/host/sdhci_am654.c b/drivers/mmc/host/sdhci_am654.c | ||
1730 | index bb90757ecace..4cbb764c9822 100644 | ||
1731 | --- a/drivers/mmc/host/sdhci_am654.c | ||
1732 | +++ b/drivers/mmc/host/sdhci_am654.c | ||
1733 | @@ -236,6 +236,22 @@ static void sdhci_am654_write_b(struct sdhci_host *host, u8 val, int reg) | ||
1734 | writeb(val, host->ioaddr + reg); | ||
1735 | } | ||
1736 | |||
1737 | +static int sdhci_am654_execute_tuning(struct mmc_host *mmc, u32 opcode) | ||
1738 | +{ | ||
1739 | + struct sdhci_host *host = mmc_priv(mmc); | ||
1740 | + int err = sdhci_execute_tuning(mmc, opcode); | ||
1741 | + | ||
1742 | + if (err) | ||
1743 | + return err; | ||
1744 | + /* | ||
1745 | + * Tuning data remains in the buffer after tuning. | ||
1746 | + * Do a command and data reset to get rid of it | ||
1747 | + */ | ||
1748 | + sdhci_reset(host, SDHCI_RESET_CMD | SDHCI_RESET_DATA); | ||
1749 | + | ||
1750 | + return 0; | ||
1751 | +} | ||
1752 | + | ||
1753 | static struct sdhci_ops sdhci_am654_ops = { | ||
1754 | .get_max_clock = sdhci_pltfm_clk_get_max_clock, | ||
1755 | .get_timeout_clock = sdhci_pltfm_clk_get_max_clock, | ||
1756 | @@ -249,8 +265,7 @@ static struct sdhci_ops sdhci_am654_ops = { | ||
1757 | |||
1758 | static const struct sdhci_pltfm_data sdhci_am654_pdata = { | ||
1759 | .ops = &sdhci_am654_ops, | ||
1760 | - .quirks = SDHCI_QUIRK_INVERTED_WRITE_PROTECT | | ||
1761 | - SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
1762 | + .quirks = SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
1763 | .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN, | ||
1764 | }; | ||
1765 | |||
1766 | @@ -272,8 +287,7 @@ static struct sdhci_ops sdhci_j721e_8bit_ops = { | ||
1767 | |||
1768 | static const struct sdhci_pltfm_data sdhci_j721e_8bit_pdata = { | ||
1769 | .ops = &sdhci_j721e_8bit_ops, | ||
1770 | - .quirks = SDHCI_QUIRK_INVERTED_WRITE_PROTECT | | ||
1771 | - SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
1772 | + .quirks = SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
1773 | .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN, | ||
1774 | }; | ||
1775 | |||
1776 | @@ -295,8 +309,7 @@ static struct sdhci_ops sdhci_j721e_4bit_ops = { | ||
1777 | |||
1778 | static const struct sdhci_pltfm_data sdhci_j721e_4bit_pdata = { | ||
1779 | .ops = &sdhci_j721e_4bit_ops, | ||
1780 | - .quirks = SDHCI_QUIRK_INVERTED_WRITE_PROTECT | | ||
1781 | - SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
1782 | + .quirks = SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
1783 | .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN, | ||
1784 | }; | ||
1785 | |||
1786 | @@ -480,6 +493,8 @@ static int sdhci_am654_probe(struct platform_device *pdev) | ||
1787 | goto pm_runtime_put; | ||
1788 | } | ||
1789 | |||
1790 | + host->mmc_host_ops.execute_tuning = sdhci_am654_execute_tuning; | ||
1791 | + | ||
1792 | ret = sdhci_am654_init(host); | ||
1793 | if (ret) | ||
1794 | goto pm_runtime_put; | ||
1795 | diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c | ||
1796 | index 2e57122f02fb..2f5c287eac95 100644 | ||
1797 | --- a/drivers/net/can/slcan.c | ||
1798 | +++ b/drivers/net/can/slcan.c | ||
1799 | @@ -344,9 +344,16 @@ static void slcan_transmit(struct work_struct *work) | ||
1800 | */ | ||
1801 | static void slcan_write_wakeup(struct tty_struct *tty) | ||
1802 | { | ||
1803 | - struct slcan *sl = tty->disc_data; | ||
1804 | + struct slcan *sl; | ||
1805 | + | ||
1806 | + rcu_read_lock(); | ||
1807 | + sl = rcu_dereference(tty->disc_data); | ||
1808 | + if (!sl) | ||
1809 | + goto out; | ||
1810 | |||
1811 | schedule_work(&sl->tx_work); | ||
1812 | +out: | ||
1813 | + rcu_read_unlock(); | ||
1814 | } | ||
1815 | |||
1816 | /* Send a can_frame to a TTY queue. */ | ||
1817 | @@ -644,10 +651,11 @@ static void slcan_close(struct tty_struct *tty) | ||
1818 | return; | ||
1819 | |||
1820 | spin_lock_bh(&sl->lock); | ||
1821 | - tty->disc_data = NULL; | ||
1822 | + rcu_assign_pointer(tty->disc_data, NULL); | ||
1823 | sl->tty = NULL; | ||
1824 | spin_unlock_bh(&sl->lock); | ||
1825 | |||
1826 | + synchronize_rcu(); | ||
1827 | flush_work(&sl->tx_work); | ||
1828 | |||
1829 | /* Flush network side */ | ||
1830 | diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
1831 | index 1de51811fcb4..8f909d57501f 100644 | ||
1832 | --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
1833 | +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
1834 | @@ -2164,8 +2164,8 @@ static void bcmgenet_init_tx_ring(struct bcmgenet_priv *priv, | ||
1835 | DMA_END_ADDR); | ||
1836 | |||
1837 | /* Initialize Tx NAPI */ | ||
1838 | - netif_napi_add(priv->dev, &ring->napi, bcmgenet_tx_poll, | ||
1839 | - NAPI_POLL_WEIGHT); | ||
1840 | + netif_tx_napi_add(priv->dev, &ring->napi, bcmgenet_tx_poll, | ||
1841 | + NAPI_POLL_WEIGHT); | ||
1842 | } | ||
1843 | |||
1844 | /* Initialize a RDMA ring */ | ||
1845 | diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | ||
1846 | index 58f89f6a040f..97ff8608f0ab 100644 | ||
1847 | --- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | ||
1848 | +++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | ||
1849 | @@ -2448,6 +2448,8 @@ static int cxgb_extension_ioctl(struct net_device *dev, void __user *useraddr) | ||
1850 | |||
1851 | if (!is_offload(adapter)) | ||
1852 | return -EOPNOTSUPP; | ||
1853 | + if (!capable(CAP_NET_ADMIN)) | ||
1854 | + return -EPERM; | ||
1855 | if (!(adapter->flags & FULL_INIT_DONE)) | ||
1856 | return -EIO; /* need the memory controllers */ | ||
1857 | if (copy_from_user(&t, useraddr, sizeof(t))) | ||
1858 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | ||
1859 | index 778dab1af8fc..f260dd96873b 100644 | ||
1860 | --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | ||
1861 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | ||
1862 | @@ -180,7 +180,7 @@ mlx5e_ktls_tx_post_param_wqes(struct mlx5e_txqsq *sq, | ||
1863 | |||
1864 | struct tx_sync_info { | ||
1865 | u64 rcd_sn; | ||
1866 | - s32 sync_len; | ||
1867 | + u32 sync_len; | ||
1868 | int nr_frags; | ||
1869 | skb_frag_t frags[MAX_SKB_FRAGS]; | ||
1870 | }; | ||
1871 | @@ -193,13 +193,14 @@ enum mlx5e_ktls_sync_retval { | ||
1872 | |||
1873 | static enum mlx5e_ktls_sync_retval | ||
1874 | tx_sync_info_get(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
1875 | - u32 tcp_seq, struct tx_sync_info *info) | ||
1876 | + u32 tcp_seq, int datalen, struct tx_sync_info *info) | ||
1877 | { | ||
1878 | struct tls_offload_context_tx *tx_ctx = priv_tx->tx_ctx; | ||
1879 | enum mlx5e_ktls_sync_retval ret = MLX5E_KTLS_SYNC_DONE; | ||
1880 | struct tls_record_info *record; | ||
1881 | int remaining, i = 0; | ||
1882 | unsigned long flags; | ||
1883 | + bool ends_before; | ||
1884 | |||
1885 | spin_lock_irqsave(&tx_ctx->lock, flags); | ||
1886 | record = tls_get_record(tx_ctx, tcp_seq, &info->rcd_sn); | ||
1887 | @@ -209,9 +210,21 @@ tx_sync_info_get(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
1888 | goto out; | ||
1889 | } | ||
1890 | |||
1891 | - if (unlikely(tcp_seq < tls_record_start_seq(record))) { | ||
1892 | - ret = tls_record_is_start_marker(record) ? | ||
1893 | - MLX5E_KTLS_SYNC_SKIP_NO_DATA : MLX5E_KTLS_SYNC_FAIL; | ||
1894 | + /* There are the following cases: | ||
1895 | + * 1. packet ends before start marker: bypass offload. | ||
1896 | + * 2. packet starts before start marker and ends after it: drop, | ||
1897 | + * not supported, breaks contract with kernel. | ||
1898 | + * 3. packet ends before tls record info starts: drop, | ||
1899 | + * this packet was already acknowledged and its record info | ||
1900 | + * was released. | ||
1901 | + */ | ||
1902 | + ends_before = before(tcp_seq + datalen, tls_record_start_seq(record)); | ||
1903 | + | ||
1904 | + if (unlikely(tls_record_is_start_marker(record))) { | ||
1905 | + ret = ends_before ? MLX5E_KTLS_SYNC_SKIP_NO_DATA : MLX5E_KTLS_SYNC_FAIL; | ||
1906 | + goto out; | ||
1907 | + } else if (ends_before) { | ||
1908 | + ret = MLX5E_KTLS_SYNC_FAIL; | ||
1909 | goto out; | ||
1910 | } | ||
1911 | |||
1912 | @@ -337,7 +350,7 @@ mlx5e_ktls_tx_handle_ooo(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
1913 | u8 num_wqebbs; | ||
1914 | int i = 0; | ||
1915 | |||
1916 | - ret = tx_sync_info_get(priv_tx, seq, &info); | ||
1917 | + ret = tx_sync_info_get(priv_tx, seq, datalen, &info); | ||
1918 | if (unlikely(ret != MLX5E_KTLS_SYNC_DONE)) { | ||
1919 | if (ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA) { | ||
1920 | stats->tls_skip_no_sync_data++; | ||
1921 | @@ -351,14 +364,6 @@ mlx5e_ktls_tx_handle_ooo(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
1922 | goto err_out; | ||
1923 | } | ||
1924 | |||
1925 | - if (unlikely(info.sync_len < 0)) { | ||
1926 | - if (likely(datalen <= -info.sync_len)) | ||
1927 | - return MLX5E_KTLS_SYNC_DONE; | ||
1928 | - | ||
1929 | - stats->tls_drop_bypass_req++; | ||
1930 | - goto err_out; | ||
1931 | - } | ||
1932 | - | ||
1933 | stats->tls_ooo++; | ||
1934 | |||
1935 | tx_post_resync_params(sq, priv_tx, info.rcd_sn); | ||
1936 | @@ -378,8 +383,6 @@ mlx5e_ktls_tx_handle_ooo(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
1937 | if (unlikely(contig_wqebbs_room < num_wqebbs)) | ||
1938 | mlx5e_fill_sq_frag_edge(sq, wq, pi, contig_wqebbs_room); | ||
1939 | |||
1940 | - tx_post_resync_params(sq, priv_tx, info.rcd_sn); | ||
1941 | - | ||
1942 | for (; i < info.nr_frags; i++) { | ||
1943 | unsigned int orig_fsz, frag_offset = 0, n = 0; | ||
1944 | skb_frag_t *f = &info.frags[i]; | ||
1945 | @@ -455,12 +458,18 @@ struct sk_buff *mlx5e_ktls_handle_tx_skb(struct net_device *netdev, | ||
1946 | enum mlx5e_ktls_sync_retval ret = | ||
1947 | mlx5e_ktls_tx_handle_ooo(priv_tx, sq, datalen, seq); | ||
1948 | |||
1949 | - if (likely(ret == MLX5E_KTLS_SYNC_DONE)) | ||
1950 | + switch (ret) { | ||
1951 | + case MLX5E_KTLS_SYNC_DONE: | ||
1952 | *wqe = mlx5e_sq_fetch_wqe(sq, sizeof(**wqe), pi); | ||
1953 | - else if (ret == MLX5E_KTLS_SYNC_FAIL) | ||
1954 | + break; | ||
1955 | + case MLX5E_KTLS_SYNC_SKIP_NO_DATA: | ||
1956 | + if (likely(!skb->decrypted)) | ||
1957 | + goto out; | ||
1958 | + WARN_ON_ONCE(1); | ||
1959 | + /* fall-through */ | ||
1960 | + default: /* MLX5E_KTLS_SYNC_FAIL */ | ||
1961 | goto err_out; | ||
1962 | - else /* ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA */ | ||
1963 | - goto out; | ||
1964 | + } | ||
1965 | } | ||
1966 | |||
1967 | priv_tx->expected_seq = seq + datalen; | ||
1968 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | ||
1969 | index 96711e34d248..1f9107d83848 100644 | ||
1970 | --- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | ||
1971 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | ||
1972 | @@ -3951,6 +3951,13 @@ static int apply_police_params(struct mlx5e_priv *priv, u32 rate, | ||
1973 | u32 rate_mbps; | ||
1974 | int err; | ||
1975 | |||
1976 | + vport_num = rpriv->rep->vport; | ||
1977 | + if (vport_num >= MLX5_VPORT_ECPF) { | ||
1978 | + NL_SET_ERR_MSG_MOD(extack, | ||
1979 | + "Ingress rate limit is supported only for Eswitch ports connected to VFs"); | ||
1980 | + return -EOPNOTSUPP; | ||
1981 | + } | ||
1982 | + | ||
1983 | esw = priv->mdev->priv.eswitch; | ||
1984 | /* rate is given in bytes/sec. | ||
1985 | * First convert to bits/sec and then round to the nearest mbit/secs. | ||
1986 | @@ -3959,8 +3966,6 @@ static int apply_police_params(struct mlx5e_priv *priv, u32 rate, | ||
1987 | * 1 mbit/sec. | ||
1988 | */ | ||
1989 | rate_mbps = rate ? max_t(u32, (rate * 8 + 500000) / 1000000, 1) : 0; | ||
1990 | - vport_num = rpriv->rep->vport; | ||
1991 | - | ||
1992 | err = mlx5_esw_modify_vport_rate(esw, vport_num, rate_mbps); | ||
1993 | if (err) | ||
1994 | NL_SET_ERR_MSG_MOD(extack, "failed applying action to hardware"); | ||
1995 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | ||
1996 | index 9004a07e457a..5acfdea3a75a 100644 | ||
1997 | --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | ||
1998 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | ||
1999 | @@ -858,7 +858,7 @@ out: | ||
2000 | */ | ||
2001 | #define ESW_SIZE (16 * 1024 * 1024) | ||
2002 | const unsigned int ESW_POOLS[4] = { 4 * 1024 * 1024, 1 * 1024 * 1024, | ||
2003 | - 64 * 1024, 4 * 1024 }; | ||
2004 | + 64 * 1024, 128 }; | ||
2005 | |||
2006 | static int | ||
2007 | get_sz_from_pool(struct mlx5_eswitch *esw) | ||
2008 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
2009 | index 051ab845b501..c96a0e501007 100644 | ||
2010 | --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
2011 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
2012 | @@ -1569,6 +1569,7 @@ static const struct pci_device_id mlx5_core_pci_table[] = { | ||
2013 | { PCI_VDEVICE(MELLANOX, 0x101d) }, /* ConnectX-6 Dx */ | ||
2014 | { PCI_VDEVICE(MELLANOX, 0x101e), MLX5_PCI_DEV_IS_VF}, /* ConnectX Family mlx5Gen Virtual Function */ | ||
2015 | { PCI_VDEVICE(MELLANOX, 0x101f) }, /* ConnectX-6 LX */ | ||
2016 | + { PCI_VDEVICE(MELLANOX, 0x1021) }, /* ConnectX-7 */ | ||
2017 | { PCI_VDEVICE(MELLANOX, 0xa2d2) }, /* BlueField integrated ConnectX-5 network controller */ | ||
2018 | { PCI_VDEVICE(MELLANOX, 0xa2d3), MLX5_PCI_DEV_IS_VF}, /* BlueField integrated ConnectX-5 network controller VF */ | ||
2019 | { PCI_VDEVICE(MELLANOX, 0xa2d6) }, /* BlueField-2 integrated ConnectX-6 Dx network controller */ | ||
2020 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | ||
2021 | index 51803eef13dd..c7f10d4f8f8d 100644 | ||
2022 | --- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | ||
2023 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | ||
2024 | @@ -1,6 +1,7 @@ | ||
2025 | // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB | ||
2026 | /* Copyright (c) 2019 Mellanox Technologies. */ | ||
2027 | |||
2028 | +#include <linux/smp.h> | ||
2029 | #include "dr_types.h" | ||
2030 | |||
2031 | #define QUEUE_SIZE 128 | ||
2032 | @@ -729,7 +730,7 @@ static struct mlx5dr_cq *dr_create_cq(struct mlx5_core_dev *mdev, | ||
2033 | if (!in) | ||
2034 | goto err_cqwq; | ||
2035 | |||
2036 | - vector = smp_processor_id() % mlx5_comp_vectors_count(mdev); | ||
2037 | + vector = raw_smp_processor_id() % mlx5_comp_vectors_count(mdev); | ||
2038 | err = mlx5_vector2eqn(mdev, vector, &eqn, &irqn); | ||
2039 | if (err) { | ||
2040 | kvfree(in); | ||
2041 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | ||
2042 | index 3d587d0bdbbe..1e32e2443f73 100644 | ||
2043 | --- a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | ||
2044 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | ||
2045 | @@ -352,26 +352,16 @@ static int mlx5_cmd_dr_create_fte(struct mlx5_flow_root_namespace *ns, | ||
2046 | if (fte->action.action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) { | ||
2047 | list_for_each_entry(dst, &fte->node.children, node.list) { | ||
2048 | enum mlx5_flow_destination_type type = dst->dest_attr.type; | ||
2049 | - u32 id; | ||
2050 | |||
2051 | if (num_actions == MLX5_FLOW_CONTEXT_ACTION_MAX) { | ||
2052 | err = -ENOSPC; | ||
2053 | goto free_actions; | ||
2054 | } | ||
2055 | |||
2056 | - switch (type) { | ||
2057 | - case MLX5_FLOW_DESTINATION_TYPE_COUNTER: | ||
2058 | - id = dst->dest_attr.counter_id; | ||
2059 | + if (type == MLX5_FLOW_DESTINATION_TYPE_COUNTER) | ||
2060 | + continue; | ||
2061 | |||
2062 | - tmp_action = | ||
2063 | - mlx5dr_action_create_flow_counter(id); | ||
2064 | - if (!tmp_action) { | ||
2065 | - err = -ENOMEM; | ||
2066 | - goto free_actions; | ||
2067 | - } | ||
2068 | - fs_dr_actions[fs_dr_num_actions++] = tmp_action; | ||
2069 | - actions[num_actions++] = tmp_action; | ||
2070 | - break; | ||
2071 | + switch (type) { | ||
2072 | case MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE: | ||
2073 | tmp_action = create_ft_action(dev, dst); | ||
2074 | if (!tmp_action) { | ||
2075 | @@ -397,6 +387,32 @@ static int mlx5_cmd_dr_create_fte(struct mlx5_flow_root_namespace *ns, | ||
2076 | } | ||
2077 | } | ||
2078 | |||
2079 | + if (fte->action.action & MLX5_FLOW_CONTEXT_ACTION_COUNT) { | ||
2080 | + list_for_each_entry(dst, &fte->node.children, node.list) { | ||
2081 | + u32 id; | ||
2082 | + | ||
2083 | + if (dst->dest_attr.type != | ||
2084 | + MLX5_FLOW_DESTINATION_TYPE_COUNTER) | ||
2085 | + continue; | ||
2086 | + | ||
2087 | + if (num_actions == MLX5_FLOW_CONTEXT_ACTION_MAX) { | ||
2088 | + err = -ENOSPC; | ||
2089 | + goto free_actions; | ||
2090 | + } | ||
2091 | + | ||
2092 | + id = dst->dest_attr.counter_id; | ||
2093 | + tmp_action = | ||
2094 | + mlx5dr_action_create_flow_counter(id); | ||
2095 | + if (!tmp_action) { | ||
2096 | + err = -ENOMEM; | ||
2097 | + goto free_actions; | ||
2098 | + } | ||
2099 | + | ||
2100 | + fs_dr_actions[fs_dr_num_actions++] = tmp_action; | ||
2101 | + actions[num_actions++] = tmp_action; | ||
2102 | + } | ||
2103 | + } | ||
2104 | + | ||
2105 | params.match_sz = match_sz; | ||
2106 | params.match_buf = (u64 *)fte->val; | ||
2107 | |||
2108 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | ||
2109 | index 150b3a144b83..3d3cca596116 100644 | ||
2110 | --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | ||
2111 | +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | ||
2112 | @@ -8,6 +8,7 @@ | ||
2113 | #include <linux/string.h> | ||
2114 | #include <linux/rhashtable.h> | ||
2115 | #include <linux/netdevice.h> | ||
2116 | +#include <linux/mutex.h> | ||
2117 | #include <net/net_namespace.h> | ||
2118 | #include <net/tc_act/tc_vlan.h> | ||
2119 | |||
2120 | @@ -25,6 +26,7 @@ struct mlxsw_sp_acl { | ||
2121 | struct mlxsw_sp_fid *dummy_fid; | ||
2122 | struct rhashtable ruleset_ht; | ||
2123 | struct list_head rules; | ||
2124 | + struct mutex rules_lock; /* Protects rules list */ | ||
2125 | struct { | ||
2126 | struct delayed_work dw; | ||
2127 | unsigned long interval; /* ms */ | ||
2128 | @@ -701,7 +703,9 @@ int mlxsw_sp_acl_rule_add(struct mlxsw_sp *mlxsw_sp, | ||
2129 | goto err_ruleset_block_bind; | ||
2130 | } | ||
2131 | |||
2132 | + mutex_lock(&mlxsw_sp->acl->rules_lock); | ||
2133 | list_add_tail(&rule->list, &mlxsw_sp->acl->rules); | ||
2134 | + mutex_unlock(&mlxsw_sp->acl->rules_lock); | ||
2135 | block->rule_count++; | ||
2136 | block->egress_blocker_rule_count += rule->rulei->egress_bind_blocker; | ||
2137 | return 0; | ||
2138 | @@ -723,7 +727,9 @@ void mlxsw_sp_acl_rule_del(struct mlxsw_sp *mlxsw_sp, | ||
2139 | |||
2140 | block->egress_blocker_rule_count -= rule->rulei->egress_bind_blocker; | ||
2141 | ruleset->ht_key.block->rule_count--; | ||
2142 | + mutex_lock(&mlxsw_sp->acl->rules_lock); | ||
2143 | list_del(&rule->list); | ||
2144 | + mutex_unlock(&mlxsw_sp->acl->rules_lock); | ||
2145 | if (!ruleset->ht_key.chain_index && | ||
2146 | mlxsw_sp_acl_ruleset_is_singular(ruleset)) | ||
2147 | mlxsw_sp_acl_ruleset_block_unbind(mlxsw_sp, ruleset, | ||
2148 | @@ -783,19 +789,18 @@ static int mlxsw_sp_acl_rules_activity_update(struct mlxsw_sp_acl *acl) | ||
2149 | struct mlxsw_sp_acl_rule *rule; | ||
2150 | int err; | ||
2151 | |||
2152 | - /* Protect internal structures from changes */ | ||
2153 | - rtnl_lock(); | ||
2154 | + mutex_lock(&acl->rules_lock); | ||
2155 | list_for_each_entry(rule, &acl->rules, list) { | ||
2156 | err = mlxsw_sp_acl_rule_activity_update(acl->mlxsw_sp, | ||
2157 | rule); | ||
2158 | if (err) | ||
2159 | goto err_rule_update; | ||
2160 | } | ||
2161 | - rtnl_unlock(); | ||
2162 | + mutex_unlock(&acl->rules_lock); | ||
2163 | return 0; | ||
2164 | |||
2165 | err_rule_update: | ||
2166 | - rtnl_unlock(); | ||
2167 | + mutex_unlock(&acl->rules_lock); | ||
2168 | return err; | ||
2169 | } | ||
2170 | |||
2171 | @@ -880,6 +885,7 @@ int mlxsw_sp_acl_init(struct mlxsw_sp *mlxsw_sp) | ||
2172 | acl->dummy_fid = fid; | ||
2173 | |||
2174 | INIT_LIST_HEAD(&acl->rules); | ||
2175 | + mutex_init(&acl->rules_lock); | ||
2176 | err = mlxsw_sp_acl_tcam_init(mlxsw_sp, &acl->tcam); | ||
2177 | if (err) | ||
2178 | goto err_acl_ops_init; | ||
2179 | @@ -892,6 +898,7 @@ int mlxsw_sp_acl_init(struct mlxsw_sp *mlxsw_sp) | ||
2180 | return 0; | ||
2181 | |||
2182 | err_acl_ops_init: | ||
2183 | + mutex_destroy(&acl->rules_lock); | ||
2184 | mlxsw_sp_fid_put(fid); | ||
2185 | err_fid_get: | ||
2186 | rhashtable_destroy(&acl->ruleset_ht); | ||
2187 | @@ -908,6 +915,7 @@ void mlxsw_sp_acl_fini(struct mlxsw_sp *mlxsw_sp) | ||
2188 | |||
2189 | cancel_delayed_work_sync(&mlxsw_sp->acl->rule_activity_update.dw); | ||
2190 | mlxsw_sp_acl_tcam_fini(mlxsw_sp, &acl->tcam); | ||
2191 | + mutex_destroy(&acl->rules_lock); | ||
2192 | WARN_ON(!list_empty(&acl->rules)); | ||
2193 | mlxsw_sp_fid_put(acl->dummy_fid); | ||
2194 | rhashtable_destroy(&acl->ruleset_ht); | ||
2195 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/switchx2.c b/drivers/net/ethernet/mellanox/mlxsw/switchx2.c | ||
2196 | index 1c14c051ee52..63e7a058b7c6 100644 | ||
2197 | --- a/drivers/net/ethernet/mellanox/mlxsw/switchx2.c | ||
2198 | +++ b/drivers/net/ethernet/mellanox/mlxsw/switchx2.c | ||
2199 | @@ -299,22 +299,17 @@ static netdev_tx_t mlxsw_sx_port_xmit(struct sk_buff *skb, | ||
2200 | u64 len; | ||
2201 | int err; | ||
2202 | |||
2203 | + if (skb_cow_head(skb, MLXSW_TXHDR_LEN)) { | ||
2204 | + this_cpu_inc(mlxsw_sx_port->pcpu_stats->tx_dropped); | ||
2205 | + dev_kfree_skb_any(skb); | ||
2206 | + return NETDEV_TX_OK; | ||
2207 | + } | ||
2208 | + | ||
2209 | memset(skb->cb, 0, sizeof(struct mlxsw_skb_cb)); | ||
2210 | |||
2211 | if (mlxsw_core_skb_transmit_busy(mlxsw_sx->core, &tx_info)) | ||
2212 | return NETDEV_TX_BUSY; | ||
2213 | |||
2214 | - if (unlikely(skb_headroom(skb) < MLXSW_TXHDR_LEN)) { | ||
2215 | - struct sk_buff *skb_orig = skb; | ||
2216 | - | ||
2217 | - skb = skb_realloc_headroom(skb, MLXSW_TXHDR_LEN); | ||
2218 | - if (!skb) { | ||
2219 | - this_cpu_inc(mlxsw_sx_port->pcpu_stats->tx_dropped); | ||
2220 | - dev_kfree_skb_any(skb_orig); | ||
2221 | - return NETDEV_TX_OK; | ||
2222 | - } | ||
2223 | - dev_consume_skb_any(skb_orig); | ||
2224 | - } | ||
2225 | mlxsw_sx_txhdr_construct(skb, &tx_info); | ||
2226 | /* TX header is consumed by HW on the way so we shouldn't count its | ||
2227 | * bytes as being sent. | ||
2228 | diff --git a/drivers/net/ethernet/natsemi/sonic.c b/drivers/net/ethernet/natsemi/sonic.c | ||
2229 | index b339125b2f09..05e760444a92 100644 | ||
2230 | --- a/drivers/net/ethernet/natsemi/sonic.c | ||
2231 | +++ b/drivers/net/ethernet/natsemi/sonic.c | ||
2232 | @@ -64,6 +64,8 @@ static int sonic_open(struct net_device *dev) | ||
2233 | |||
2234 | netif_dbg(lp, ifup, dev, "%s: initializing sonic driver\n", __func__); | ||
2235 | |||
2236 | + spin_lock_init(&lp->lock); | ||
2237 | + | ||
2238 | for (i = 0; i < SONIC_NUM_RRS; i++) { | ||
2239 | struct sk_buff *skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); | ||
2240 | if (skb == NULL) { | ||
2241 | @@ -114,6 +116,24 @@ static int sonic_open(struct net_device *dev) | ||
2242 | return 0; | ||
2243 | } | ||
2244 | |||
2245 | +/* Wait for the SONIC to become idle. */ | ||
2246 | +static void sonic_quiesce(struct net_device *dev, u16 mask) | ||
2247 | +{ | ||
2248 | + struct sonic_local * __maybe_unused lp = netdev_priv(dev); | ||
2249 | + int i; | ||
2250 | + u16 bits; | ||
2251 | + | ||
2252 | + for (i = 0; i < 1000; ++i) { | ||
2253 | + bits = SONIC_READ(SONIC_CMD) & mask; | ||
2254 | + if (!bits) | ||
2255 | + return; | ||
2256 | + if (irqs_disabled() || in_interrupt()) | ||
2257 | + udelay(20); | ||
2258 | + else | ||
2259 | + usleep_range(100, 200); | ||
2260 | + } | ||
2261 | + WARN_ONCE(1, "command deadline expired! 0x%04x\n", bits); | ||
2262 | +} | ||
2263 | |||
2264 | /* | ||
2265 | * Close the SONIC device | ||
2266 | @@ -130,6 +150,9 @@ static int sonic_close(struct net_device *dev) | ||
2267 | /* | ||
2268 | * stop the SONIC, disable interrupts | ||
2269 | */ | ||
2270 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); | ||
2271 | + sonic_quiesce(dev, SONIC_CR_ALL); | ||
2272 | + | ||
2273 | SONIC_WRITE(SONIC_IMR, 0); | ||
2274 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
2275 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); | ||
2276 | @@ -169,6 +192,9 @@ static void sonic_tx_timeout(struct net_device *dev) | ||
2277 | * put the Sonic into software-reset mode and | ||
2278 | * disable all interrupts before releasing DMA buffers | ||
2279 | */ | ||
2280 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); | ||
2281 | + sonic_quiesce(dev, SONIC_CR_ALL); | ||
2282 | + | ||
2283 | SONIC_WRITE(SONIC_IMR, 0); | ||
2284 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
2285 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); | ||
2286 | @@ -206,8 +232,6 @@ static void sonic_tx_timeout(struct net_device *dev) | ||
2287 | * wake the tx queue | ||
2288 | * Concurrently with all of this, the SONIC is potentially writing to | ||
2289 | * the status flags of the TDs. | ||
2290 | - * Until some mutual exclusion is added, this code will not work with SMP. However, | ||
2291 | - * MIPS Jazz machines and m68k Macs were all uni-processor machines. | ||
2292 | */ | ||
2293 | |||
2294 | static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
2295 | @@ -215,7 +239,8 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
2296 | struct sonic_local *lp = netdev_priv(dev); | ||
2297 | dma_addr_t laddr; | ||
2298 | int length; | ||
2299 | - int entry = lp->next_tx; | ||
2300 | + int entry; | ||
2301 | + unsigned long flags; | ||
2302 | |||
2303 | netif_dbg(lp, tx_queued, dev, "%s: skb=%p\n", __func__, skb); | ||
2304 | |||
2305 | @@ -237,6 +262,10 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
2306 | return NETDEV_TX_OK; | ||
2307 | } | ||
2308 | |||
2309 | + spin_lock_irqsave(&lp->lock, flags); | ||
2310 | + | ||
2311 | + entry = lp->next_tx; | ||
2312 | + | ||
2313 | sonic_tda_put(dev, entry, SONIC_TD_STATUS, 0); /* clear status */ | ||
2314 | sonic_tda_put(dev, entry, SONIC_TD_FRAG_COUNT, 1); /* single fragment */ | ||
2315 | sonic_tda_put(dev, entry, SONIC_TD_PKTSIZE, length); /* length of packet */ | ||
2316 | @@ -246,10 +275,6 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
2317 | sonic_tda_put(dev, entry, SONIC_TD_LINK, | ||
2318 | sonic_tda_get(dev, entry, SONIC_TD_LINK) | SONIC_EOL); | ||
2319 | |||
2320 | - /* | ||
2321 | - * Must set tx_skb[entry] only after clearing status, and | ||
2322 | - * before clearing EOL and before stopping queue | ||
2323 | - */ | ||
2324 | wmb(); | ||
2325 | lp->tx_len[entry] = length; | ||
2326 | lp->tx_laddr[entry] = laddr; | ||
2327 | @@ -272,6 +297,8 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
2328 | |||
2329 | SONIC_WRITE(SONIC_CMD, SONIC_CR_TXP); | ||
2330 | |||
2331 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
2332 | + | ||
2333 | return NETDEV_TX_OK; | ||
2334 | } | ||
2335 | |||
2336 | @@ -284,15 +311,28 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
2337 | struct net_device *dev = dev_id; | ||
2338 | struct sonic_local *lp = netdev_priv(dev); | ||
2339 | int status; | ||
2340 | + unsigned long flags; | ||
2341 | + | ||
2342 | + /* The lock has two purposes. Firstly, it synchronizes sonic_interrupt() | ||
2343 | + * with sonic_send_packet() so that the two functions can share state. | ||
2344 | + * Secondly, it makes sonic_interrupt() re-entrant, as that is required | ||
2345 | + * by macsonic which must use two IRQs with different priority levels. | ||
2346 | + */ | ||
2347 | + spin_lock_irqsave(&lp->lock, flags); | ||
2348 | + | ||
2349 | + status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT; | ||
2350 | + if (!status) { | ||
2351 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
2352 | |||
2353 | - if (!(status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT)) | ||
2354 | return IRQ_NONE; | ||
2355 | + } | ||
2356 | |||
2357 | do { | ||
2358 | + SONIC_WRITE(SONIC_ISR, status); /* clear the interrupt(s) */ | ||
2359 | + | ||
2360 | if (status & SONIC_INT_PKTRX) { | ||
2361 | netif_dbg(lp, intr, dev, "%s: packet rx\n", __func__); | ||
2362 | sonic_rx(dev); /* got packet(s) */ | ||
2363 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_PKTRX); /* clear the interrupt */ | ||
2364 | } | ||
2365 | |||
2366 | if (status & SONIC_INT_TXDN) { | ||
2367 | @@ -300,11 +340,12 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
2368 | int td_status; | ||
2369 | int freed_some = 0; | ||
2370 | |||
2371 | - /* At this point, cur_tx is the index of a TD that is one of: | ||
2372 | - * unallocated/freed (status set & tx_skb[entry] clear) | ||
2373 | - * allocated and sent (status set & tx_skb[entry] set ) | ||
2374 | - * allocated and not yet sent (status clear & tx_skb[entry] set ) | ||
2375 | - * still being allocated by sonic_send_packet (status clear & tx_skb[entry] clear) | ||
2376 | + /* The state of a Transmit Descriptor may be inferred | ||
2377 | + * from { tx_skb[entry], td_status } as follows. | ||
2378 | + * { clear, clear } => the TD has never been used | ||
2379 | + * { set, clear } => the TD was handed to SONIC | ||
2380 | + * { set, set } => the TD was handed back | ||
2381 | + * { clear, set } => the TD is available for re-use | ||
2382 | */ | ||
2383 | |||
2384 | netif_dbg(lp, intr, dev, "%s: tx done\n", __func__); | ||
2385 | @@ -313,18 +354,19 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
2386 | if ((td_status = sonic_tda_get(dev, entry, SONIC_TD_STATUS)) == 0) | ||
2387 | break; | ||
2388 | |||
2389 | - if (td_status & 0x0001) { | ||
2390 | + if (td_status & SONIC_TCR_PTX) { | ||
2391 | lp->stats.tx_packets++; | ||
2392 | lp->stats.tx_bytes += sonic_tda_get(dev, entry, SONIC_TD_PKTSIZE); | ||
2393 | } else { | ||
2394 | - lp->stats.tx_errors++; | ||
2395 | - if (td_status & 0x0642) | ||
2396 | + if (td_status & (SONIC_TCR_EXD | | ||
2397 | + SONIC_TCR_EXC | SONIC_TCR_BCM)) | ||
2398 | lp->stats.tx_aborted_errors++; | ||
2399 | - if (td_status & 0x0180) | ||
2400 | + if (td_status & | ||
2401 | + (SONIC_TCR_NCRS | SONIC_TCR_CRLS)) | ||
2402 | lp->stats.tx_carrier_errors++; | ||
2403 | - if (td_status & 0x0020) | ||
2404 | + if (td_status & SONIC_TCR_OWC) | ||
2405 | lp->stats.tx_window_errors++; | ||
2406 | - if (td_status & 0x0004) | ||
2407 | + if (td_status & SONIC_TCR_FU) | ||
2408 | lp->stats.tx_fifo_errors++; | ||
2409 | } | ||
2410 | |||
2411 | @@ -346,7 +388,6 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
2412 | if (freed_some || lp->tx_skb[entry] == NULL) | ||
2413 | netif_wake_queue(dev); /* The ring is no longer full */ | ||
2414 | lp->cur_tx = entry; | ||
2415 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_TXDN); /* clear the interrupt */ | ||
2416 | } | ||
2417 | |||
2418 | /* | ||
2419 | @@ -355,42 +396,37 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
2420 | if (status & SONIC_INT_RFO) { | ||
2421 | netif_dbg(lp, rx_err, dev, "%s: rx fifo overrun\n", | ||
2422 | __func__); | ||
2423 | - lp->stats.rx_fifo_errors++; | ||
2424 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RFO); /* clear the interrupt */ | ||
2425 | } | ||
2426 | if (status & SONIC_INT_RDE) { | ||
2427 | netif_dbg(lp, rx_err, dev, "%s: rx descriptors exhausted\n", | ||
2428 | __func__); | ||
2429 | - lp->stats.rx_dropped++; | ||
2430 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RDE); /* clear the interrupt */ | ||
2431 | } | ||
2432 | if (status & SONIC_INT_RBAE) { | ||
2433 | netif_dbg(lp, rx_err, dev, "%s: rx buffer area exceeded\n", | ||
2434 | __func__); | ||
2435 | - lp->stats.rx_dropped++; | ||
2436 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RBAE); /* clear the interrupt */ | ||
2437 | } | ||
2438 | |||
2439 | /* counter overruns; all counters are 16bit wide */ | ||
2440 | - if (status & SONIC_INT_FAE) { | ||
2441 | + if (status & SONIC_INT_FAE) | ||
2442 | lp->stats.rx_frame_errors += 65536; | ||
2443 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_FAE); /* clear the interrupt */ | ||
2444 | - } | ||
2445 | - if (status & SONIC_INT_CRC) { | ||
2446 | + if (status & SONIC_INT_CRC) | ||
2447 | lp->stats.rx_crc_errors += 65536; | ||
2448 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_CRC); /* clear the interrupt */ | ||
2449 | - } | ||
2450 | - if (status & SONIC_INT_MP) { | ||
2451 | + if (status & SONIC_INT_MP) | ||
2452 | lp->stats.rx_missed_errors += 65536; | ||
2453 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_MP); /* clear the interrupt */ | ||
2454 | - } | ||
2455 | |||
2456 | /* transmit error */ | ||
2457 | if (status & SONIC_INT_TXER) { | ||
2458 | - if (SONIC_READ(SONIC_TCR) & SONIC_TCR_FU) | ||
2459 | - netif_dbg(lp, tx_err, dev, "%s: tx fifo underrun\n", | ||
2460 | - __func__); | ||
2461 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_TXER); /* clear the interrupt */ | ||
2462 | + u16 tcr = SONIC_READ(SONIC_TCR); | ||
2463 | + | ||
2464 | + netif_dbg(lp, tx_err, dev, "%s: TXER intr, TCR %04x\n", | ||
2465 | + __func__, tcr); | ||
2466 | + | ||
2467 | + if (tcr & (SONIC_TCR_EXD | SONIC_TCR_EXC | | ||
2468 | + SONIC_TCR_FU | SONIC_TCR_BCM)) { | ||
2469 | + /* Aborted transmission. Try again. */ | ||
2470 | + netif_stop_queue(dev); | ||
2471 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_TXP); | ||
2472 | + } | ||
2473 | } | ||
2474 | |||
2475 | /* bus retry */ | ||
2476 | @@ -400,107 +436,164 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
2477 | /* ... to help debug DMA problems causing endless interrupts. */ | ||
2478 | /* Bounce the eth interface to turn on the interrupt again. */ | ||
2479 | SONIC_WRITE(SONIC_IMR, 0); | ||
2480 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_BR); /* clear the interrupt */ | ||
2481 | } | ||
2482 | |||
2483 | - /* load CAM done */ | ||
2484 | - if (status & SONIC_INT_LCD) | ||
2485 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_LCD); /* clear the interrupt */ | ||
2486 | - } while((status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT)); | ||
2487 | + status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT; | ||
2488 | + } while (status); | ||
2489 | + | ||
2490 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
2491 | + | ||
2492 | return IRQ_HANDLED; | ||
2493 | } | ||
2494 | |||
2495 | +/* Return the array index corresponding to a given Receive Buffer pointer. */ | ||
2496 | +static int index_from_addr(struct sonic_local *lp, dma_addr_t addr, | ||
2497 | + unsigned int last) | ||
2498 | +{ | ||
2499 | + unsigned int i = last; | ||
2500 | + | ||
2501 | + do { | ||
2502 | + i = (i + 1) & SONIC_RRS_MASK; | ||
2503 | + if (addr == lp->rx_laddr[i]) | ||
2504 | + return i; | ||
2505 | + } while (i != last); | ||
2506 | + | ||
2507 | + return -ENOENT; | ||
2508 | +} | ||
2509 | + | ||
2510 | +/* Allocate and map a new skb to be used as a receive buffer. */ | ||
2511 | +static bool sonic_alloc_rb(struct net_device *dev, struct sonic_local *lp, | ||
2512 | + struct sk_buff **new_skb, dma_addr_t *new_addr) | ||
2513 | +{ | ||
2514 | + *new_skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); | ||
2515 | + if (!*new_skb) | ||
2516 | + return false; | ||
2517 | + | ||
2518 | + if (SONIC_BUS_SCALE(lp->dma_bitmode) == 2) | ||
2519 | + skb_reserve(*new_skb, 2); | ||
2520 | + | ||
2521 | + *new_addr = dma_map_single(lp->device, skb_put(*new_skb, SONIC_RBSIZE), | ||
2522 | + SONIC_RBSIZE, DMA_FROM_DEVICE); | ||
2523 | + if (!*new_addr) { | ||
2524 | + dev_kfree_skb(*new_skb); | ||
2525 | + *new_skb = NULL; | ||
2526 | + return false; | ||
2527 | + } | ||
2528 | + | ||
2529 | + return true; | ||
2530 | +} | ||
2531 | + | ||
2532 | +/* Place a new receive resource in the Receive Resource Area and update RWP. */ | ||
2533 | +static void sonic_update_rra(struct net_device *dev, struct sonic_local *lp, | ||
2534 | + dma_addr_t old_addr, dma_addr_t new_addr) | ||
2535 | +{ | ||
2536 | + unsigned int entry = sonic_rr_entry(dev, SONIC_READ(SONIC_RWP)); | ||
2537 | + unsigned int end = sonic_rr_entry(dev, SONIC_READ(SONIC_RRP)); | ||
2538 | + u32 buf; | ||
2539 | + | ||
2540 | + /* The resources in the range [RRP, RWP) belong to the SONIC. This loop | ||
2541 | + * scans the other resources in the RRA, those in the range [RWP, RRP). | ||
2542 | + */ | ||
2543 | + do { | ||
2544 | + buf = (sonic_rra_get(dev, entry, SONIC_RR_BUFADR_H) << 16) | | ||
2545 | + sonic_rra_get(dev, entry, SONIC_RR_BUFADR_L); | ||
2546 | + | ||
2547 | + if (buf == old_addr) | ||
2548 | + break; | ||
2549 | + | ||
2550 | + entry = (entry + 1) & SONIC_RRS_MASK; | ||
2551 | + } while (entry != end); | ||
2552 | + | ||
2553 | + WARN_ONCE(buf != old_addr, "failed to find resource!\n"); | ||
2554 | + | ||
2555 | + sonic_rra_put(dev, entry, SONIC_RR_BUFADR_H, new_addr >> 16); | ||
2556 | + sonic_rra_put(dev, entry, SONIC_RR_BUFADR_L, new_addr & 0xffff); | ||
2557 | + | ||
2558 | + entry = (entry + 1) & SONIC_RRS_MASK; | ||
2559 | + | ||
2560 | + SONIC_WRITE(SONIC_RWP, sonic_rr_addr(dev, entry)); | ||
2561 | +} | ||
2562 | + | ||
2563 | /* | ||
2564 | * We have a good packet(s), pass it/them up the network stack. | ||
2565 | */ | ||
2566 | static void sonic_rx(struct net_device *dev) | ||
2567 | { | ||
2568 | struct sonic_local *lp = netdev_priv(dev); | ||
2569 | - int status; | ||
2570 | int entry = lp->cur_rx; | ||
2571 | + int prev_entry = lp->eol_rx; | ||
2572 | + bool rbe = false; | ||
2573 | |||
2574 | while (sonic_rda_get(dev, entry, SONIC_RD_IN_USE) == 0) { | ||
2575 | - struct sk_buff *used_skb; | ||
2576 | - struct sk_buff *new_skb; | ||
2577 | - dma_addr_t new_laddr; | ||
2578 | - u16 bufadr_l; | ||
2579 | - u16 bufadr_h; | ||
2580 | - int pkt_len; | ||
2581 | - | ||
2582 | - status = sonic_rda_get(dev, entry, SONIC_RD_STATUS); | ||
2583 | - if (status & SONIC_RCR_PRX) { | ||
2584 | - /* Malloc up new buffer. */ | ||
2585 | - new_skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); | ||
2586 | - if (new_skb == NULL) { | ||
2587 | - lp->stats.rx_dropped++; | ||
2588 | + u16 status = sonic_rda_get(dev, entry, SONIC_RD_STATUS); | ||
2589 | + | ||
2590 | + /* If the RD has LPKT set, the chip has finished with the RB */ | ||
2591 | + if ((status & SONIC_RCR_PRX) && (status & SONIC_RCR_LPKT)) { | ||
2592 | + struct sk_buff *new_skb; | ||
2593 | + dma_addr_t new_laddr; | ||
2594 | + u32 addr = (sonic_rda_get(dev, entry, | ||
2595 | + SONIC_RD_PKTPTR_H) << 16) | | ||
2596 | + sonic_rda_get(dev, entry, SONIC_RD_PKTPTR_L); | ||
2597 | + int i = index_from_addr(lp, addr, entry); | ||
2598 | + | ||
2599 | + if (i < 0) { | ||
2600 | + WARN_ONCE(1, "failed to find buffer!\n"); | ||
2601 | break; | ||
2602 | } | ||
2603 | - /* provide 16 byte IP header alignment unless DMA requires otherwise */ | ||
2604 | - if(SONIC_BUS_SCALE(lp->dma_bitmode) == 2) | ||
2605 | - skb_reserve(new_skb, 2); | ||
2606 | - | ||
2607 | - new_laddr = dma_map_single(lp->device, skb_put(new_skb, SONIC_RBSIZE), | ||
2608 | - SONIC_RBSIZE, DMA_FROM_DEVICE); | ||
2609 | - if (!new_laddr) { | ||
2610 | - dev_kfree_skb(new_skb); | ||
2611 | - printk(KERN_ERR "%s: Failed to map rx buffer, dropping packet.\n", dev->name); | ||
2612 | + | ||
2613 | + if (sonic_alloc_rb(dev, lp, &new_skb, &new_laddr)) { | ||
2614 | + struct sk_buff *used_skb = lp->rx_skb[i]; | ||
2615 | + int pkt_len; | ||
2616 | + | ||
2617 | + /* Pass the used buffer up the stack */ | ||
2618 | + dma_unmap_single(lp->device, addr, SONIC_RBSIZE, | ||
2619 | + DMA_FROM_DEVICE); | ||
2620 | + | ||
2621 | + pkt_len = sonic_rda_get(dev, entry, | ||
2622 | + SONIC_RD_PKTLEN); | ||
2623 | + skb_trim(used_skb, pkt_len); | ||
2624 | + used_skb->protocol = eth_type_trans(used_skb, | ||
2625 | + dev); | ||
2626 | + netif_rx(used_skb); | ||
2627 | + lp->stats.rx_packets++; | ||
2628 | + lp->stats.rx_bytes += pkt_len; | ||
2629 | + | ||
2630 | + lp->rx_skb[i] = new_skb; | ||
2631 | + lp->rx_laddr[i] = new_laddr; | ||
2632 | + } else { | ||
2633 | + /* Failed to obtain a new buffer so re-use it */ | ||
2634 | + new_laddr = addr; | ||
2635 | lp->stats.rx_dropped++; | ||
2636 | - break; | ||
2637 | } | ||
2638 | - | ||
2639 | - /* now we have a new skb to replace it, pass the used one up the stack */ | ||
2640 | - dma_unmap_single(lp->device, lp->rx_laddr[entry], SONIC_RBSIZE, DMA_FROM_DEVICE); | ||
2641 | - used_skb = lp->rx_skb[entry]; | ||
2642 | - pkt_len = sonic_rda_get(dev, entry, SONIC_RD_PKTLEN); | ||
2643 | - skb_trim(used_skb, pkt_len); | ||
2644 | - used_skb->protocol = eth_type_trans(used_skb, dev); | ||
2645 | - netif_rx(used_skb); | ||
2646 | - lp->stats.rx_packets++; | ||
2647 | - lp->stats.rx_bytes += pkt_len; | ||
2648 | - | ||
2649 | - /* and insert the new skb */ | ||
2650 | - lp->rx_laddr[entry] = new_laddr; | ||
2651 | - lp->rx_skb[entry] = new_skb; | ||
2652 | - | ||
2653 | - bufadr_l = (unsigned long)new_laddr & 0xffff; | ||
2654 | - bufadr_h = (unsigned long)new_laddr >> 16; | ||
2655 | - sonic_rra_put(dev, entry, SONIC_RR_BUFADR_L, bufadr_l); | ||
2656 | - sonic_rra_put(dev, entry, SONIC_RR_BUFADR_H, bufadr_h); | ||
2657 | - } else { | ||
2658 | - /* This should only happen, if we enable accepting broken packets. */ | ||
2659 | - lp->stats.rx_errors++; | ||
2660 | - if (status & SONIC_RCR_FAER) | ||
2661 | - lp->stats.rx_frame_errors++; | ||
2662 | - if (status & SONIC_RCR_CRCR) | ||
2663 | - lp->stats.rx_crc_errors++; | ||
2664 | - } | ||
2665 | - if (status & SONIC_RCR_LPKT) { | ||
2666 | - /* | ||
2667 | - * this was the last packet out of the current receive buffer | ||
2668 | - * give the buffer back to the SONIC | ||
2669 | + /* If RBE is already asserted when RWP advances then | ||
2670 | + * it's safe to clear RBE after processing this packet. | ||
2671 | */ | ||
2672 | - lp->cur_rwp += SIZEOF_SONIC_RR * SONIC_BUS_SCALE(lp->dma_bitmode); | ||
2673 | - if (lp->cur_rwp >= lp->rra_end) lp->cur_rwp = lp->rra_laddr & 0xffff; | ||
2674 | - SONIC_WRITE(SONIC_RWP, lp->cur_rwp); | ||
2675 | - if (SONIC_READ(SONIC_ISR) & SONIC_INT_RBE) { | ||
2676 | - netif_dbg(lp, rx_err, dev, "%s: rx buffer exhausted\n", | ||
2677 | - __func__); | ||
2678 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RBE); /* clear the flag */ | ||
2679 | - } | ||
2680 | - } else | ||
2681 | - printk(KERN_ERR "%s: rx desc without RCR_LPKT. Shouldn't happen !?\n", | ||
2682 | - dev->name); | ||
2683 | + rbe = rbe || SONIC_READ(SONIC_ISR) & SONIC_INT_RBE; | ||
2684 | + sonic_update_rra(dev, lp, addr, new_laddr); | ||
2685 | + } | ||
2686 | /* | ||
2687 | * give back the descriptor | ||
2688 | */ | ||
2689 | - sonic_rda_put(dev, entry, SONIC_RD_LINK, | ||
2690 | - sonic_rda_get(dev, entry, SONIC_RD_LINK) | SONIC_EOL); | ||
2691 | + sonic_rda_put(dev, entry, SONIC_RD_STATUS, 0); | ||
2692 | sonic_rda_put(dev, entry, SONIC_RD_IN_USE, 1); | ||
2693 | - sonic_rda_put(dev, lp->eol_rx, SONIC_RD_LINK, | ||
2694 | - sonic_rda_get(dev, lp->eol_rx, SONIC_RD_LINK) & ~SONIC_EOL); | ||
2695 | - lp->eol_rx = entry; | ||
2696 | - lp->cur_rx = entry = (entry + 1) & SONIC_RDS_MASK; | ||
2697 | + | ||
2698 | + prev_entry = entry; | ||
2699 | + entry = (entry + 1) & SONIC_RDS_MASK; | ||
2700 | + } | ||
2701 | + | ||
2702 | + lp->cur_rx = entry; | ||
2703 | + | ||
2704 | + if (prev_entry != lp->eol_rx) { | ||
2705 | + /* Advance the EOL flag to put descriptors back into service */ | ||
2706 | + sonic_rda_put(dev, prev_entry, SONIC_RD_LINK, SONIC_EOL | | ||
2707 | + sonic_rda_get(dev, prev_entry, SONIC_RD_LINK)); | ||
2708 | + sonic_rda_put(dev, lp->eol_rx, SONIC_RD_LINK, ~SONIC_EOL & | ||
2709 | + sonic_rda_get(dev, lp->eol_rx, SONIC_RD_LINK)); | ||
2710 | + lp->eol_rx = prev_entry; | ||
2711 | } | ||
2712 | + | ||
2713 | + if (rbe) | ||
2714 | + SONIC_WRITE(SONIC_ISR, SONIC_INT_RBE); | ||
2715 | /* | ||
2716 | * If any worth-while packets have been received, netif_rx() | ||
2717 | * has done a mark_bh(NET_BH) for us and will work on them | ||
2718 | @@ -550,6 +643,8 @@ static void sonic_multicast_list(struct net_device *dev) | ||
2719 | (netdev_mc_count(dev) > 15)) { | ||
2720 | rcr |= SONIC_RCR_AMC; | ||
2721 | } else { | ||
2722 | + unsigned long flags; | ||
2723 | + | ||
2724 | netif_dbg(lp, ifup, dev, "%s: mc_count %d\n", __func__, | ||
2725 | netdev_mc_count(dev)); | ||
2726 | sonic_set_cam_enable(dev, 1); /* always enable our own address */ | ||
2727 | @@ -563,9 +658,14 @@ static void sonic_multicast_list(struct net_device *dev) | ||
2728 | i++; | ||
2729 | } | ||
2730 | SONIC_WRITE(SONIC_CDC, 16); | ||
2731 | - /* issue Load CAM command */ | ||
2732 | SONIC_WRITE(SONIC_CDP, lp->cda_laddr & 0xffff); | ||
2733 | + | ||
2734 | + /* LCAM and TXP commands can't be used simultaneously */ | ||
2735 | + spin_lock_irqsave(&lp->lock, flags); | ||
2736 | + sonic_quiesce(dev, SONIC_CR_TXP); | ||
2737 | SONIC_WRITE(SONIC_CMD, SONIC_CR_LCAM); | ||
2738 | + sonic_quiesce(dev, SONIC_CR_LCAM); | ||
2739 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
2740 | } | ||
2741 | } | ||
2742 | |||
2743 | @@ -580,7 +680,6 @@ static void sonic_multicast_list(struct net_device *dev) | ||
2744 | */ | ||
2745 | static int sonic_init(struct net_device *dev) | ||
2746 | { | ||
2747 | - unsigned int cmd; | ||
2748 | struct sonic_local *lp = netdev_priv(dev); | ||
2749 | int i; | ||
2750 | |||
2751 | @@ -592,12 +691,16 @@ static int sonic_init(struct net_device *dev) | ||
2752 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
2753 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); | ||
2754 | |||
2755 | + /* While in reset mode, clear CAM Enable register */ | ||
2756 | + SONIC_WRITE(SONIC_CE, 0); | ||
2757 | + | ||
2758 | /* | ||
2759 | * clear software reset flag, disable receiver, clear and | ||
2760 | * enable interrupts, then completely initialize the SONIC | ||
2761 | */ | ||
2762 | SONIC_WRITE(SONIC_CMD, 0); | ||
2763 | - SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); | ||
2764 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS | SONIC_CR_STP); | ||
2765 | + sonic_quiesce(dev, SONIC_CR_ALL); | ||
2766 | |||
2767 | /* | ||
2768 | * initialize the receive resource area | ||
2769 | @@ -615,15 +718,10 @@ static int sonic_init(struct net_device *dev) | ||
2770 | } | ||
2771 | |||
2772 | /* initialize all RRA registers */ | ||
2773 | - lp->rra_end = (lp->rra_laddr + SONIC_NUM_RRS * SIZEOF_SONIC_RR * | ||
2774 | - SONIC_BUS_SCALE(lp->dma_bitmode)) & 0xffff; | ||
2775 | - lp->cur_rwp = (lp->rra_laddr + (SONIC_NUM_RRS - 1) * SIZEOF_SONIC_RR * | ||
2776 | - SONIC_BUS_SCALE(lp->dma_bitmode)) & 0xffff; | ||
2777 | - | ||
2778 | - SONIC_WRITE(SONIC_RSA, lp->rra_laddr & 0xffff); | ||
2779 | - SONIC_WRITE(SONIC_REA, lp->rra_end); | ||
2780 | - SONIC_WRITE(SONIC_RRP, lp->rra_laddr & 0xffff); | ||
2781 | - SONIC_WRITE(SONIC_RWP, lp->cur_rwp); | ||
2782 | + SONIC_WRITE(SONIC_RSA, sonic_rr_addr(dev, 0)); | ||
2783 | + SONIC_WRITE(SONIC_REA, sonic_rr_addr(dev, SONIC_NUM_RRS)); | ||
2784 | + SONIC_WRITE(SONIC_RRP, sonic_rr_addr(dev, 0)); | ||
2785 | + SONIC_WRITE(SONIC_RWP, sonic_rr_addr(dev, SONIC_NUM_RRS - 1)); | ||
2786 | SONIC_WRITE(SONIC_URRA, lp->rra_laddr >> 16); | ||
2787 | SONIC_WRITE(SONIC_EOBC, (SONIC_RBSIZE >> 1) - (lp->dma_bitmode ? 2 : 1)); | ||
2788 | |||
2789 | @@ -631,14 +729,7 @@ static int sonic_init(struct net_device *dev) | ||
2790 | netif_dbg(lp, ifup, dev, "%s: issuing RRRA command\n", __func__); | ||
2791 | |||
2792 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RRRA); | ||
2793 | - i = 0; | ||
2794 | - while (i++ < 100) { | ||
2795 | - if (SONIC_READ(SONIC_CMD) & SONIC_CR_RRRA) | ||
2796 | - break; | ||
2797 | - } | ||
2798 | - | ||
2799 | - netif_dbg(lp, ifup, dev, "%s: status=%x, i=%d\n", __func__, | ||
2800 | - SONIC_READ(SONIC_CMD), i); | ||
2801 | + sonic_quiesce(dev, SONIC_CR_RRRA); | ||
2802 | |||
2803 | /* | ||
2804 | * Initialize the receive descriptors so that they | ||
2805 | @@ -713,28 +804,17 @@ static int sonic_init(struct net_device *dev) | ||
2806 | * load the CAM | ||
2807 | */ | ||
2808 | SONIC_WRITE(SONIC_CMD, SONIC_CR_LCAM); | ||
2809 | - | ||
2810 | - i = 0; | ||
2811 | - while (i++ < 100) { | ||
2812 | - if (SONIC_READ(SONIC_ISR) & SONIC_INT_LCD) | ||
2813 | - break; | ||
2814 | - } | ||
2815 | - netif_dbg(lp, ifup, dev, "%s: CMD=%x, ISR=%x, i=%d\n", __func__, | ||
2816 | - SONIC_READ(SONIC_CMD), SONIC_READ(SONIC_ISR), i); | ||
2817 | + sonic_quiesce(dev, SONIC_CR_LCAM); | ||
2818 | |||
2819 | /* | ||
2820 | * enable receiver, disable loopback | ||
2821 | * and enable all interrupts | ||
2822 | */ | ||
2823 | - SONIC_WRITE(SONIC_CMD, SONIC_CR_RXEN | SONIC_CR_STP); | ||
2824 | SONIC_WRITE(SONIC_RCR, SONIC_RCR_DEFAULT); | ||
2825 | SONIC_WRITE(SONIC_TCR, SONIC_TCR_DEFAULT); | ||
2826 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
2827 | SONIC_WRITE(SONIC_IMR, SONIC_IMR_DEFAULT); | ||
2828 | - | ||
2829 | - cmd = SONIC_READ(SONIC_CMD); | ||
2830 | - if ((cmd & SONIC_CR_RXEN) == 0 || (cmd & SONIC_CR_STP) == 0) | ||
2831 | - printk(KERN_ERR "sonic_init: failed, status=%x\n", cmd); | ||
2832 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXEN); | ||
2833 | |||
2834 | netif_dbg(lp, ifup, dev, "%s: new status=%x\n", __func__, | ||
2835 | SONIC_READ(SONIC_CMD)); | ||
2836 | diff --git a/drivers/net/ethernet/natsemi/sonic.h b/drivers/net/ethernet/natsemi/sonic.h | ||
2837 | index 2b27f7049acb..1df6d2f06cc4 100644 | ||
2838 | --- a/drivers/net/ethernet/natsemi/sonic.h | ||
2839 | +++ b/drivers/net/ethernet/natsemi/sonic.h | ||
2840 | @@ -110,6 +110,9 @@ | ||
2841 | #define SONIC_CR_TXP 0x0002 | ||
2842 | #define SONIC_CR_HTX 0x0001 | ||
2843 | |||
2844 | +#define SONIC_CR_ALL (SONIC_CR_LCAM | SONIC_CR_RRRA | \ | ||
2845 | + SONIC_CR_RXEN | SONIC_CR_TXP) | ||
2846 | + | ||
2847 | /* | ||
2848 | * SONIC data configuration bits | ||
2849 | */ | ||
2850 | @@ -175,6 +178,7 @@ | ||
2851 | #define SONIC_TCR_NCRS 0x0100 | ||
2852 | #define SONIC_TCR_CRLS 0x0080 | ||
2853 | #define SONIC_TCR_EXC 0x0040 | ||
2854 | +#define SONIC_TCR_OWC 0x0020 | ||
2855 | #define SONIC_TCR_PMB 0x0008 | ||
2856 | #define SONIC_TCR_FU 0x0004 | ||
2857 | #define SONIC_TCR_BCM 0x0002 | ||
2858 | @@ -274,8 +278,9 @@ | ||
2859 | #define SONIC_NUM_RDS SONIC_NUM_RRS /* number of receive descriptors */ | ||
2860 | #define SONIC_NUM_TDS 16 /* number of transmit descriptors */ | ||
2861 | |||
2862 | -#define SONIC_RDS_MASK (SONIC_NUM_RDS-1) | ||
2863 | -#define SONIC_TDS_MASK (SONIC_NUM_TDS-1) | ||
2864 | +#define SONIC_RRS_MASK (SONIC_NUM_RRS - 1) | ||
2865 | +#define SONIC_RDS_MASK (SONIC_NUM_RDS - 1) | ||
2866 | +#define SONIC_TDS_MASK (SONIC_NUM_TDS - 1) | ||
2867 | |||
2868 | #define SONIC_RBSIZE 1520 /* size of one resource buffer */ | ||
2869 | |||
2870 | @@ -312,8 +317,6 @@ struct sonic_local { | ||
2871 | u32 rda_laddr; /* logical DMA address of RDA */ | ||
2872 | dma_addr_t rx_laddr[SONIC_NUM_RRS]; /* logical DMA addresses of rx skbuffs */ | ||
2873 | dma_addr_t tx_laddr[SONIC_NUM_TDS]; /* logical DMA addresses of tx skbuffs */ | ||
2874 | - unsigned int rra_end; | ||
2875 | - unsigned int cur_rwp; | ||
2876 | unsigned int cur_rx; | ||
2877 | unsigned int cur_tx; /* first unacked transmit packet */ | ||
2878 | unsigned int eol_rx; | ||
2879 | @@ -322,6 +325,7 @@ struct sonic_local { | ||
2880 | int msg_enable; | ||
2881 | struct device *device; /* generic device */ | ||
2882 | struct net_device_stats stats; | ||
2883 | + spinlock_t lock; | ||
2884 | }; | ||
2885 | |||
2886 | #define TX_TIMEOUT (3 * HZ) | ||
2887 | @@ -344,30 +348,30 @@ static void sonic_msg_init(struct net_device *dev); | ||
2888 | as far as we can tell. */ | ||
2889 | /* OpenBSD calls this "SWO". I'd like to think that sonic_buf_put() | ||
2890 | is a much better name. */ | ||
2891 | -static inline void sonic_buf_put(void* base, int bitmode, | ||
2892 | +static inline void sonic_buf_put(u16 *base, int bitmode, | ||
2893 | int offset, __u16 val) | ||
2894 | { | ||
2895 | if (bitmode) | ||
2896 | #ifdef __BIG_ENDIAN | ||
2897 | - ((__u16 *) base + (offset*2))[1] = val; | ||
2898 | + __raw_writew(val, base + (offset * 2) + 1); | ||
2899 | #else | ||
2900 | - ((__u16 *) base + (offset*2))[0] = val; | ||
2901 | + __raw_writew(val, base + (offset * 2) + 0); | ||
2902 | #endif | ||
2903 | else | ||
2904 | - ((__u16 *) base)[offset] = val; | ||
2905 | + __raw_writew(val, base + (offset * 1) + 0); | ||
2906 | } | ||
2907 | |||
2908 | -static inline __u16 sonic_buf_get(void* base, int bitmode, | ||
2909 | +static inline __u16 sonic_buf_get(u16 *base, int bitmode, | ||
2910 | int offset) | ||
2911 | { | ||
2912 | if (bitmode) | ||
2913 | #ifdef __BIG_ENDIAN | ||
2914 | - return ((volatile __u16 *) base + (offset*2))[1]; | ||
2915 | + return __raw_readw(base + (offset * 2) + 1); | ||
2916 | #else | ||
2917 | - return ((volatile __u16 *) base + (offset*2))[0]; | ||
2918 | + return __raw_readw(base + (offset * 2) + 0); | ||
2919 | #endif | ||
2920 | else | ||
2921 | - return ((volatile __u16 *) base)[offset]; | ||
2922 | + return __raw_readw(base + (offset * 1) + 0); | ||
2923 | } | ||
2924 | |||
2925 | /* Inlines that you should actually use for reading/writing DMA buffers */ | ||
2926 | @@ -447,6 +451,22 @@ static inline __u16 sonic_rra_get(struct net_device* dev, int entry, | ||
2927 | (entry * SIZEOF_SONIC_RR) + offset); | ||
2928 | } | ||
2929 | |||
2930 | +static inline u16 sonic_rr_addr(struct net_device *dev, int entry) | ||
2931 | +{ | ||
2932 | + struct sonic_local *lp = netdev_priv(dev); | ||
2933 | + | ||
2934 | + return lp->rra_laddr + | ||
2935 | + entry * SIZEOF_SONIC_RR * SONIC_BUS_SCALE(lp->dma_bitmode); | ||
2936 | +} | ||
2937 | + | ||
2938 | +static inline u16 sonic_rr_entry(struct net_device *dev, u16 addr) | ||
2939 | +{ | ||
2940 | + struct sonic_local *lp = netdev_priv(dev); | ||
2941 | + | ||
2942 | + return (addr - (u16)lp->rra_laddr) / (SIZEOF_SONIC_RR * | ||
2943 | + SONIC_BUS_SCALE(lp->dma_bitmode)); | ||
2944 | +} | ||
2945 | + | ||
2946 | static const char version[] = | ||
2947 | "sonic.c:v0.92 20.9.98 tsbogend@alpha.franken.de\n"; | ||
2948 | |||
2949 | diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c | ||
2950 | index f6222ada6818..9b3ba98726d7 100644 | ||
2951 | --- a/drivers/net/gtp.c | ||
2952 | +++ b/drivers/net/gtp.c | ||
2953 | @@ -804,19 +804,21 @@ static struct sock *gtp_encap_enable_socket(int fd, int type, | ||
2954 | return NULL; | ||
2955 | } | ||
2956 | |||
2957 | - if (sock->sk->sk_protocol != IPPROTO_UDP) { | ||
2958 | + sk = sock->sk; | ||
2959 | + if (sk->sk_protocol != IPPROTO_UDP || | ||
2960 | + sk->sk_type != SOCK_DGRAM || | ||
2961 | + (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)) { | ||
2962 | pr_debug("socket fd=%d not UDP\n", fd); | ||
2963 | sk = ERR_PTR(-EINVAL); | ||
2964 | goto out_sock; | ||
2965 | } | ||
2966 | |||
2967 | - lock_sock(sock->sk); | ||
2968 | - if (sock->sk->sk_user_data) { | ||
2969 | + lock_sock(sk); | ||
2970 | + if (sk->sk_user_data) { | ||
2971 | sk = ERR_PTR(-EBUSY); | ||
2972 | goto out_rel_sock; | ||
2973 | } | ||
2974 | |||
2975 | - sk = sock->sk; | ||
2976 | sock_hold(sk); | ||
2977 | |||
2978 | tuncfg.sk_user_data = gtp; | ||
2979 | diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c | ||
2980 | index 2a91c192659f..61d7e0d1d77d 100644 | ||
2981 | --- a/drivers/net/slip/slip.c | ||
2982 | +++ b/drivers/net/slip/slip.c | ||
2983 | @@ -452,9 +452,16 @@ static void slip_transmit(struct work_struct *work) | ||
2984 | */ | ||
2985 | static void slip_write_wakeup(struct tty_struct *tty) | ||
2986 | { | ||
2987 | - struct slip *sl = tty->disc_data; | ||
2988 | + struct slip *sl; | ||
2989 | + | ||
2990 | + rcu_read_lock(); | ||
2991 | + sl = rcu_dereference(tty->disc_data); | ||
2992 | + if (!sl) | ||
2993 | + goto out; | ||
2994 | |||
2995 | schedule_work(&sl->tx_work); | ||
2996 | +out: | ||
2997 | + rcu_read_unlock(); | ||
2998 | } | ||
2999 | |||
3000 | static void sl_tx_timeout(struct net_device *dev) | ||
3001 | @@ -882,10 +889,11 @@ static void slip_close(struct tty_struct *tty) | ||
3002 | return; | ||
3003 | |||
3004 | spin_lock_bh(&sl->lock); | ||
3005 | - tty->disc_data = NULL; | ||
3006 | + rcu_assign_pointer(tty->disc_data, NULL); | ||
3007 | sl->tty = NULL; | ||
3008 | spin_unlock_bh(&sl->lock); | ||
3009 | |||
3010 | + synchronize_rcu(); | ||
3011 | flush_work(&sl->tx_work); | ||
3012 | |||
3013 | /* VSV = very important to remove timers */ | ||
3014 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c | ||
3015 | index 16564ebcde50..69f553a028ee 100644 | ||
3016 | --- a/drivers/net/tun.c | ||
3017 | +++ b/drivers/net/tun.c | ||
3018 | @@ -1936,6 +1936,10 @@ drop: | ||
3019 | if (ret != XDP_PASS) { | ||
3020 | rcu_read_unlock(); | ||
3021 | local_bh_enable(); | ||
3022 | + if (frags) { | ||
3023 | + tfile->napi.skb = NULL; | ||
3024 | + mutex_unlock(&tfile->napi_mutex); | ||
3025 | + } | ||
3026 | return total_len; | ||
3027 | } | ||
3028 | } | ||
3029 | diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c | ||
3030 | index c232f1612083..0170a441208a 100644 | ||
3031 | --- a/drivers/net/usb/lan78xx.c | ||
3032 | +++ b/drivers/net/usb/lan78xx.c | ||
3033 | @@ -20,6 +20,7 @@ | ||
3034 | #include <linux/mdio.h> | ||
3035 | #include <linux/phy.h> | ||
3036 | #include <net/ip6_checksum.h> | ||
3037 | +#include <net/vxlan.h> | ||
3038 | #include <linux/interrupt.h> | ||
3039 | #include <linux/irqdomain.h> | ||
3040 | #include <linux/irq.h> | ||
3041 | @@ -3668,6 +3669,19 @@ static void lan78xx_tx_timeout(struct net_device *net) | ||
3042 | tasklet_schedule(&dev->bh); | ||
3043 | } | ||
3044 | |||
3045 | +static netdev_features_t lan78xx_features_check(struct sk_buff *skb, | ||
3046 | + struct net_device *netdev, | ||
3047 | + netdev_features_t features) | ||
3048 | +{ | ||
3049 | + if (skb->len + TX_OVERHEAD > MAX_SINGLE_PACKET_SIZE) | ||
3050 | + features &= ~NETIF_F_GSO_MASK; | ||
3051 | + | ||
3052 | + features = vlan_features_check(skb, features); | ||
3053 | + features = vxlan_features_check(skb, features); | ||
3054 | + | ||
3055 | + return features; | ||
3056 | +} | ||
3057 | + | ||
3058 | static const struct net_device_ops lan78xx_netdev_ops = { | ||
3059 | .ndo_open = lan78xx_open, | ||
3060 | .ndo_stop = lan78xx_stop, | ||
3061 | @@ -3681,6 +3695,7 @@ static const struct net_device_ops lan78xx_netdev_ops = { | ||
3062 | .ndo_set_features = lan78xx_set_features, | ||
3063 | .ndo_vlan_rx_add_vid = lan78xx_vlan_rx_add_vid, | ||
3064 | .ndo_vlan_rx_kill_vid = lan78xx_vlan_rx_kill_vid, | ||
3065 | + .ndo_features_check = lan78xx_features_check, | ||
3066 | }; | ||
3067 | |||
3068 | static void lan78xx_stat_monitor(struct timer_list *t) | ||
3069 | diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c | ||
3070 | index f43c06569ea1..c4c8f1b62e1e 100644 | ||
3071 | --- a/drivers/net/wireless/cisco/airo.c | ||
3072 | +++ b/drivers/net/wireless/cisco/airo.c | ||
3073 | @@ -7790,16 +7790,8 @@ static int readrids(struct net_device *dev, aironet_ioctl *comp) { | ||
3074 | case AIROGVLIST: ridcode = RID_APLIST; break; | ||
3075 | case AIROGDRVNAM: ridcode = RID_DRVNAME; break; | ||
3076 | case AIROGEHTENC: ridcode = RID_ETHERENCAP; break; | ||
3077 | - case AIROGWEPKTMP: ridcode = RID_WEP_TEMP; | ||
3078 | - /* Only super-user can read WEP keys */ | ||
3079 | - if (!capable(CAP_NET_ADMIN)) | ||
3080 | - return -EPERM; | ||
3081 | - break; | ||
3082 | - case AIROGWEPKNV: ridcode = RID_WEP_PERM; | ||
3083 | - /* Only super-user can read WEP keys */ | ||
3084 | - if (!capable(CAP_NET_ADMIN)) | ||
3085 | - return -EPERM; | ||
3086 | - break; | ||
3087 | + case AIROGWEPKTMP: ridcode = RID_WEP_TEMP; break; | ||
3088 | + case AIROGWEPKNV: ridcode = RID_WEP_PERM; break; | ||
3089 | case AIROGSTAT: ridcode = RID_STATUS; break; | ||
3090 | case AIROGSTATSD32: ridcode = RID_STATSDELTA; break; | ||
3091 | case AIROGSTATSC32: ridcode = RID_STATS; break; | ||
3092 | @@ -7813,7 +7805,13 @@ static int readrids(struct net_device *dev, aironet_ioctl *comp) { | ||
3093 | return -EINVAL; | ||
3094 | } | ||
3095 | |||
3096 | - if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL) | ||
3097 | + if (ridcode == RID_WEP_TEMP || ridcode == RID_WEP_PERM) { | ||
3098 | + /* Only super-user can read WEP keys */ | ||
3099 | + if (!capable(CAP_NET_ADMIN)) | ||
3100 | + return -EPERM; | ||
3101 | + } | ||
3102 | + | ||
3103 | + if ((iobuf = kzalloc(RIDSIZE, GFP_KERNEL)) == NULL) | ||
3104 | return -ENOMEM; | ||
3105 | |||
3106 | PC4500_readrid(ai,ridcode,iobuf,RIDSIZE, 1); | ||
3107 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/constants.h b/drivers/net/wireless/intel/iwlwifi/mvm/constants.h | ||
3108 | index 60aff2ecec12..58df25e2fb32 100644 | ||
3109 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/constants.h | ||
3110 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/constants.h | ||
3111 | @@ -154,5 +154,6 @@ | ||
3112 | #define IWL_MVM_D3_DEBUG false | ||
3113 | #define IWL_MVM_USE_TWT false | ||
3114 | #define IWL_MVM_AMPDU_CONSEC_DROPS_DELBA 10 | ||
3115 | +#define IWL_MVM_USE_NSSN_SYNC 0 | ||
3116 | |||
3117 | #endif /* __MVM_CONSTANTS_H */ | ||
3118 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
3119 | index d31f96c3f925..49aeab7c27a2 100644 | ||
3120 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
3121 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
3122 | @@ -742,6 +742,20 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm) | ||
3123 | return ret; | ||
3124 | } | ||
3125 | |||
3126 | +static void iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3127 | + struct ieee80211_sta *sta) | ||
3128 | +{ | ||
3129 | + if (likely(sta)) { | ||
3130 | + if (likely(iwl_mvm_tx_skb_sta(mvm, skb, sta) == 0)) | ||
3131 | + return; | ||
3132 | + } else { | ||
3133 | + if (likely(iwl_mvm_tx_skb_non_sta(mvm, skb) == 0)) | ||
3134 | + return; | ||
3135 | + } | ||
3136 | + | ||
3137 | + ieee80211_free_txskb(mvm->hw, skb); | ||
3138 | +} | ||
3139 | + | ||
3140 | static void iwl_mvm_mac_tx(struct ieee80211_hw *hw, | ||
3141 | struct ieee80211_tx_control *control, | ||
3142 | struct sk_buff *skb) | ||
3143 | @@ -785,14 +799,7 @@ static void iwl_mvm_mac_tx(struct ieee80211_hw *hw, | ||
3144 | } | ||
3145 | } | ||
3146 | |||
3147 | - if (sta) { | ||
3148 | - if (iwl_mvm_tx_skb(mvm, skb, sta)) | ||
3149 | - goto drop; | ||
3150 | - return; | ||
3151 | - } | ||
3152 | - | ||
3153 | - if (iwl_mvm_tx_skb_non_sta(mvm, skb)) | ||
3154 | - goto drop; | ||
3155 | + iwl_mvm_tx_skb(mvm, skb, sta); | ||
3156 | return; | ||
3157 | drop: | ||
3158 | ieee80211_free_txskb(hw, skb); | ||
3159 | @@ -842,10 +849,7 @@ void iwl_mvm_mac_itxq_xmit(struct ieee80211_hw *hw, struct ieee80211_txq *txq) | ||
3160 | break; | ||
3161 | } | ||
3162 | |||
3163 | - if (!txq->sta) | ||
3164 | - iwl_mvm_tx_skb_non_sta(mvm, skb); | ||
3165 | - else | ||
3166 | - iwl_mvm_tx_skb(mvm, skb, txq->sta); | ||
3167 | + iwl_mvm_tx_skb(mvm, skb, txq->sta); | ||
3168 | } | ||
3169 | } while (atomic_dec_return(&mvmtxq->tx_request)); | ||
3170 | rcu_read_unlock(); | ||
3171 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | ||
3172 | index 5ca50f39a023..5f1ecbb6fb71 100644 | ||
3173 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | ||
3174 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | ||
3175 | @@ -1508,8 +1508,8 @@ int __must_check iwl_mvm_send_cmd_status(struct iwl_mvm *mvm, | ||
3176 | int __must_check iwl_mvm_send_cmd_pdu_status(struct iwl_mvm *mvm, u32 id, | ||
3177 | u16 len, const void *data, | ||
3178 | u32 *status); | ||
3179 | -int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3180 | - struct ieee80211_sta *sta); | ||
3181 | +int iwl_mvm_tx_skb_sta(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3182 | + struct ieee80211_sta *sta); | ||
3183 | int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb); | ||
3184 | void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3185 | struct iwl_tx_cmd *tx_cmd, | ||
3186 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | ||
3187 | index 77b03b757193..a6e2a30eb310 100644 | ||
3188 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | ||
3189 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | ||
3190 | @@ -514,14 +514,17 @@ static bool iwl_mvm_is_sn_less(u16 sn1, u16 sn2, u16 buffer_size) | ||
3191 | |||
3192 | static void iwl_mvm_sync_nssn(struct iwl_mvm *mvm, u8 baid, u16 nssn) | ||
3193 | { | ||
3194 | - struct iwl_mvm_rss_sync_notif notif = { | ||
3195 | - .metadata.type = IWL_MVM_RXQ_NSSN_SYNC, | ||
3196 | - .metadata.sync = 0, | ||
3197 | - .nssn_sync.baid = baid, | ||
3198 | - .nssn_sync.nssn = nssn, | ||
3199 | - }; | ||
3200 | - | ||
3201 | - iwl_mvm_sync_rx_queues_internal(mvm, (void *)¬if, sizeof(notif)); | ||
3202 | + if (IWL_MVM_USE_NSSN_SYNC) { | ||
3203 | + struct iwl_mvm_rss_sync_notif notif = { | ||
3204 | + .metadata.type = IWL_MVM_RXQ_NSSN_SYNC, | ||
3205 | + .metadata.sync = 0, | ||
3206 | + .nssn_sync.baid = baid, | ||
3207 | + .nssn_sync.nssn = nssn, | ||
3208 | + }; | ||
3209 | + | ||
3210 | + iwl_mvm_sync_rx_queues_internal(mvm, (void *)¬if, | ||
3211 | + sizeof(notif)); | ||
3212 | + } | ||
3213 | } | ||
3214 | |||
3215 | #define RX_REORDER_BUF_TIMEOUT_MQ (HZ / 10) | ||
3216 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
3217 | index fcafa22ec6ce..8aa567d7912c 100644 | ||
3218 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
3219 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
3220 | @@ -1220,7 +1220,7 @@ static int iwl_mvm_legacy_config_scan(struct iwl_mvm *mvm) | ||
3221 | cmd_size = sizeof(struct iwl_scan_config_v2); | ||
3222 | else | ||
3223 | cmd_size = sizeof(struct iwl_scan_config_v1); | ||
3224 | - cmd_size += num_channels; | ||
3225 | + cmd_size += mvm->fw->ucode_capa.n_scan_channels; | ||
3226 | |||
3227 | cfg = kzalloc(cmd_size, GFP_KERNEL); | ||
3228 | if (!cfg) | ||
3229 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c | ||
3230 | index e3b2a2bf3863..d9d82f6b5e87 100644 | ||
3231 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c | ||
3232 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c | ||
3233 | @@ -1151,7 +1151,7 @@ static int iwl_mvm_tx_mpdu(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3234 | if (WARN_ONCE(txq_id == IWL_MVM_INVALID_QUEUE, "Invalid TXQ id")) { | ||
3235 | iwl_trans_free_tx_cmd(mvm->trans, dev_cmd); | ||
3236 | spin_unlock(&mvmsta->lock); | ||
3237 | - return 0; | ||
3238 | + return -1; | ||
3239 | } | ||
3240 | |||
3241 | if (!iwl_mvm_has_new_tx_api(mvm)) { | ||
3242 | @@ -1203,8 +1203,8 @@ drop: | ||
3243 | return -1; | ||
3244 | } | ||
3245 | |||
3246 | -int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3247 | - struct ieee80211_sta *sta) | ||
3248 | +int iwl_mvm_tx_skb_sta(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
3249 | + struct ieee80211_sta *sta) | ||
3250 | { | ||
3251 | struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); | ||
3252 | struct ieee80211_tx_info info; | ||
3253 | diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c | ||
3254 | index 041dd75ac72b..64c74acadb99 100644 | ||
3255 | --- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c | ||
3256 | +++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c | ||
3257 | @@ -1537,13 +1537,13 @@ out: | ||
3258 | |||
3259 | napi = &rxq->napi; | ||
3260 | if (napi->poll) { | ||
3261 | + napi_gro_flush(napi, false); | ||
3262 | + | ||
3263 | if (napi->rx_count) { | ||
3264 | netif_receive_skb_list(&napi->rx_list); | ||
3265 | INIT_LIST_HEAD(&napi->rx_list); | ||
3266 | napi->rx_count = 0; | ||
3267 | } | ||
3268 | - | ||
3269 | - napi_gro_flush(napi, false); | ||
3270 | } | ||
3271 | |||
3272 | iwl_pcie_rxq_restock(trans, rxq); | ||
3273 | diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c | ||
3274 | index 57edfada0665..c9401c121a14 100644 | ||
3275 | --- a/drivers/net/wireless/marvell/libertas/cfg.c | ||
3276 | +++ b/drivers/net/wireless/marvell/libertas/cfg.c | ||
3277 | @@ -273,6 +273,10 @@ add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) | ||
3278 | int hw, ap, ap_max = ie[1]; | ||
3279 | u8 hw_rate; | ||
3280 | |||
3281 | + if (ap_max > MAX_RATES) { | ||
3282 | + lbs_deb_assoc("invalid rates\n"); | ||
3283 | + return tlv; | ||
3284 | + } | ||
3285 | /* Advance past IE header */ | ||
3286 | ie += 2; | ||
3287 | |||
3288 | @@ -1717,6 +1721,9 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, | ||
3289 | struct cmd_ds_802_11_ad_hoc_join cmd; | ||
3290 | u8 preamble = RADIO_PREAMBLE_SHORT; | ||
3291 | int ret = 0; | ||
3292 | + int hw, i; | ||
3293 | + u8 rates_max; | ||
3294 | + u8 *rates; | ||
3295 | |||
3296 | /* TODO: set preamble based on scan result */ | ||
3297 | ret = lbs_set_radio(priv, preamble, 1); | ||
3298 | @@ -1775,9 +1782,12 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, | ||
3299 | if (!rates_eid) { | ||
3300 | lbs_add_rates(cmd.bss.rates); | ||
3301 | } else { | ||
3302 | - int hw, i; | ||
3303 | - u8 rates_max = rates_eid[1]; | ||
3304 | - u8 *rates = cmd.bss.rates; | ||
3305 | + rates_max = rates_eid[1]; | ||
3306 | + if (rates_max > MAX_RATES) { | ||
3307 | + lbs_deb_join("invalid rates"); | ||
3308 | + goto out; | ||
3309 | + } | ||
3310 | + rates = cmd.bss.rates; | ||
3311 | for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { | ||
3312 | u8 hw_rate = lbs_rates[hw].bitrate / 5; | ||
3313 | for (i = 0; i < rates_max; i++) { | ||
3314 | diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c | ||
3315 | index 308f744393eb..1593b8494ebb 100644 | ||
3316 | --- a/drivers/pci/quirks.c | ||
3317 | +++ b/drivers/pci/quirks.c | ||
3318 | @@ -5021,18 +5021,25 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SERVERWORKS, 0x0422, quirk_no_ext_tags); | ||
3319 | |||
3320 | #ifdef CONFIG_PCI_ATS | ||
3321 | /* | ||
3322 | - * Some devices have a broken ATS implementation causing IOMMU stalls. | ||
3323 | - * Don't use ATS for those devices. | ||
3324 | + * Some devices require additional driver setup to enable ATS. Don't use | ||
3325 | + * ATS for those devices as ATS will be enabled before the driver has had a | ||
3326 | + * chance to load and configure the device. | ||
3327 | */ | ||
3328 | -static void quirk_no_ats(struct pci_dev *pdev) | ||
3329 | +static void quirk_amd_harvest_no_ats(struct pci_dev *pdev) | ||
3330 | { | ||
3331 | - pci_info(pdev, "disabling ATS (broken on this device)\n"); | ||
3332 | + if (pdev->device == 0x7340 && pdev->revision != 0xc5) | ||
3333 | + return; | ||
3334 | + | ||
3335 | + pci_info(pdev, "disabling ATS\n"); | ||
3336 | pdev->ats_cap = 0; | ||
3337 | } | ||
3338 | |||
3339 | /* AMD Stoney platform GPU */ | ||
3340 | -DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x98e4, quirk_no_ats); | ||
3341 | -DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x6900, quirk_no_ats); | ||
3342 | +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x98e4, quirk_amd_harvest_no_ats); | ||
3343 | +/* AMD Iceland dGPU */ | ||
3344 | +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x6900, quirk_amd_harvest_no_ats); | ||
3345 | +/* AMD Navi14 dGPU */ | ||
3346 | +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7340, quirk_amd_harvest_no_ats); | ||
3347 | #endif /* CONFIG_PCI_ATS */ | ||
3348 | |||
3349 | /* Freescale PCIe doesn't support MSI in RC mode */ | ||
3350 | diff --git a/drivers/pinctrl/intel/pinctrl-sunrisepoint.c b/drivers/pinctrl/intel/pinctrl-sunrisepoint.c | ||
3351 | index 44d7f50bbc82..d936e7aa74c4 100644 | ||
3352 | --- a/drivers/pinctrl/intel/pinctrl-sunrisepoint.c | ||
3353 | +++ b/drivers/pinctrl/intel/pinctrl-sunrisepoint.c | ||
3354 | @@ -49,6 +49,7 @@ | ||
3355 | .padown_offset = SPT_PAD_OWN, \ | ||
3356 | .padcfglock_offset = SPT_PADCFGLOCK, \ | ||
3357 | .hostown_offset = SPT_HOSTSW_OWN, \ | ||
3358 | + .is_offset = SPT_GPI_IS, \ | ||
3359 | .ie_offset = SPT_GPI_IE, \ | ||
3360 | .pin_base = (s), \ | ||
3361 | .npins = ((e) - (s) + 1), \ | ||
3362 | diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c | ||
3363 | index f194ffc4699e..c070cb2a6a5b 100644 | ||
3364 | --- a/drivers/target/iscsi/iscsi_target.c | ||
3365 | +++ b/drivers/target/iscsi/iscsi_target.c | ||
3366 | @@ -4151,9 +4151,6 @@ int iscsit_close_connection( | ||
3367 | iscsit_stop_nopin_response_timer(conn); | ||
3368 | iscsit_stop_nopin_timer(conn); | ||
3369 | |||
3370 | - if (conn->conn_transport->iscsit_wait_conn) | ||
3371 | - conn->conn_transport->iscsit_wait_conn(conn); | ||
3372 | - | ||
3373 | /* | ||
3374 | * During Connection recovery drop unacknowledged out of order | ||
3375 | * commands for this connection, and prepare the other commands | ||
3376 | @@ -4239,6 +4236,9 @@ int iscsit_close_connection( | ||
3377 | target_sess_cmd_list_set_waiting(sess->se_sess); | ||
3378 | target_wait_for_sess_cmds(sess->se_sess); | ||
3379 | |||
3380 | + if (conn->conn_transport->iscsit_wait_conn) | ||
3381 | + conn->conn_transport->iscsit_wait_conn(conn); | ||
3382 | + | ||
3383 | ahash_request_free(conn->conn_tx_hash); | ||
3384 | if (conn->conn_rx_hash) { | ||
3385 | struct crypto_ahash *tfm; | ||
3386 | diff --git a/fs/afs/cell.c b/fs/afs/cell.c | ||
3387 | index fd5133e26a38..78ba5f932287 100644 | ||
3388 | --- a/fs/afs/cell.c | ||
3389 | +++ b/fs/afs/cell.c | ||
3390 | @@ -134,8 +134,17 @@ static struct afs_cell *afs_alloc_cell(struct afs_net *net, | ||
3391 | _leave(" = -ENAMETOOLONG"); | ||
3392 | return ERR_PTR(-ENAMETOOLONG); | ||
3393 | } | ||
3394 | - if (namelen == 5 && memcmp(name, "@cell", 5) == 0) | ||
3395 | + | ||
3396 | + /* Prohibit cell names that contain unprintable chars, '/' and '@' or | ||
3397 | + * that begin with a dot. This also precludes "@cell". | ||
3398 | + */ | ||
3399 | + if (name[0] == '.') | ||
3400 | return ERR_PTR(-EINVAL); | ||
3401 | + for (i = 0; i < namelen; i++) { | ||
3402 | + char ch = name[i]; | ||
3403 | + if (!isprint(ch) || ch == '/' || ch == '@') | ||
3404 | + return ERR_PTR(-EINVAL); | ||
3405 | + } | ||
3406 | |||
3407 | _enter("%*.*s,%s", namelen, namelen, name, addresses); | ||
3408 | |||
3409 | diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c | ||
3410 | index a5163296d9d9..ee02a742fff5 100644 | ||
3411 | --- a/fs/ceph/mds_client.c | ||
3412 | +++ b/fs/ceph/mds_client.c | ||
3413 | @@ -708,8 +708,10 @@ void ceph_mdsc_release_request(struct kref *kref) | ||
3414 | /* avoid calling iput_final() in mds dispatch threads */ | ||
3415 | ceph_async_iput(req->r_inode); | ||
3416 | } | ||
3417 | - if (req->r_parent) | ||
3418 | + if (req->r_parent) { | ||
3419 | ceph_put_cap_refs(ceph_inode(req->r_parent), CEPH_CAP_PIN); | ||
3420 | + ceph_async_iput(req->r_parent); | ||
3421 | + } | ||
3422 | ceph_async_iput(req->r_target_inode); | ||
3423 | if (req->r_dentry) | ||
3424 | dput(req->r_dentry); | ||
3425 | @@ -2670,8 +2672,10 @@ int ceph_mdsc_submit_request(struct ceph_mds_client *mdsc, struct inode *dir, | ||
3426 | /* take CAP_PIN refs for r_inode, r_parent, r_old_dentry */ | ||
3427 | if (req->r_inode) | ||
3428 | ceph_get_cap_refs(ceph_inode(req->r_inode), CEPH_CAP_PIN); | ||
3429 | - if (req->r_parent) | ||
3430 | + if (req->r_parent) { | ||
3431 | ceph_get_cap_refs(ceph_inode(req->r_parent), CEPH_CAP_PIN); | ||
3432 | + ihold(req->r_parent); | ||
3433 | + } | ||
3434 | if (req->r_old_dentry_dir) | ||
3435 | ceph_get_cap_refs(ceph_inode(req->r_old_dentry_dir), | ||
3436 | CEPH_CAP_PIN); | ||
3437 | diff --git a/fs/io_uring.c b/fs/io_uring.c | ||
3438 | index b1c9ad1fb9e1..709671faaed6 100644 | ||
3439 | --- a/fs/io_uring.c | ||
3440 | +++ b/fs/io_uring.c | ||
3441 | @@ -3716,12 +3716,6 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, | ||
3442 | wake_up(&ctx->sqo_wait); | ||
3443 | submitted = to_submit; | ||
3444 | } else if (to_submit) { | ||
3445 | - if (current->mm != ctx->sqo_mm || | ||
3446 | - current_cred() != ctx->creds) { | ||
3447 | - ret = -EPERM; | ||
3448 | - goto out; | ||
3449 | - } | ||
3450 | - | ||
3451 | to_submit = min(to_submit, ctx->sq_entries); | ||
3452 | |||
3453 | mutex_lock(&ctx->uring_lock); | ||
3454 | diff --git a/fs/namei.c b/fs/namei.c | ||
3455 | index 671c3c1a3425..e81521c87f98 100644 | ||
3456 | --- a/fs/namei.c | ||
3457 | +++ b/fs/namei.c | ||
3458 | @@ -1001,7 +1001,8 @@ static int may_linkat(struct path *link) | ||
3459 | * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory | ||
3460 | * should be allowed, or not, on files that already | ||
3461 | * exist. | ||
3462 | - * @dir: the sticky parent directory | ||
3463 | + * @dir_mode: mode bits of directory | ||
3464 | + * @dir_uid: owner of directory | ||
3465 | * @inode: the inode of the file to open | ||
3466 | * | ||
3467 | * Block an O_CREAT open of a FIFO (or a regular file) when: | ||
3468 | @@ -1017,18 +1018,18 @@ static int may_linkat(struct path *link) | ||
3469 | * | ||
3470 | * Returns 0 if the open is allowed, -ve on error. | ||
3471 | */ | ||
3472 | -static int may_create_in_sticky(struct dentry * const dir, | ||
3473 | +static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid, | ||
3474 | struct inode * const inode) | ||
3475 | { | ||
3476 | if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || | ||
3477 | (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || | ||
3478 | - likely(!(dir->d_inode->i_mode & S_ISVTX)) || | ||
3479 | - uid_eq(inode->i_uid, dir->d_inode->i_uid) || | ||
3480 | + likely(!(dir_mode & S_ISVTX)) || | ||
3481 | + uid_eq(inode->i_uid, dir_uid) || | ||
3482 | uid_eq(current_fsuid(), inode->i_uid)) | ||
3483 | return 0; | ||
3484 | |||
3485 | - if (likely(dir->d_inode->i_mode & 0002) || | ||
3486 | - (dir->d_inode->i_mode & 0020 && | ||
3487 | + if (likely(dir_mode & 0002) || | ||
3488 | + (dir_mode & 0020 && | ||
3489 | ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || | ||
3490 | (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { | ||
3491 | return -EACCES; | ||
3492 | @@ -3248,6 +3249,8 @@ static int do_last(struct nameidata *nd, | ||
3493 | struct file *file, const struct open_flags *op) | ||
3494 | { | ||
3495 | struct dentry *dir = nd->path.dentry; | ||
3496 | + kuid_t dir_uid = dir->d_inode->i_uid; | ||
3497 | + umode_t dir_mode = dir->d_inode->i_mode; | ||
3498 | int open_flag = op->open_flag; | ||
3499 | bool will_truncate = (open_flag & O_TRUNC) != 0; | ||
3500 | bool got_write = false; | ||
3501 | @@ -3383,7 +3386,7 @@ finish_open: | ||
3502 | error = -EISDIR; | ||
3503 | if (d_is_dir(nd->path.dentry)) | ||
3504 | goto out; | ||
3505 | - error = may_create_in_sticky(dir, | ||
3506 | + error = may_create_in_sticky(dir_mode, dir_uid, | ||
3507 | d_backing_inode(nd->path.dentry)); | ||
3508 | if (unlikely(error)) | ||
3509 | goto out; | ||
3510 | diff --git a/fs/readdir.c b/fs/readdir.c | ||
3511 | index d26d5ea4de7b..de2eceffdee8 100644 | ||
3512 | --- a/fs/readdir.c | ||
3513 | +++ b/fs/readdir.c | ||
3514 | @@ -102,10 +102,14 @@ EXPORT_SYMBOL(iterate_dir); | ||
3515 | * filename length, and the above "soft error" worry means | ||
3516 | * that it's probably better left alone until we have that | ||
3517 | * issue clarified. | ||
3518 | + * | ||
3519 | + * Note the PATH_MAX check - it's arbitrary but the real | ||
3520 | + * kernel limit on a possible path component, not NAME_MAX, | ||
3521 | + * which is the technical standard limit. | ||
3522 | */ | ||
3523 | static int verify_dirent_name(const char *name, int len) | ||
3524 | { | ||
3525 | - if (!len) | ||
3526 | + if (len <= 0 || len >= PATH_MAX) | ||
3527 | return -EIO; | ||
3528 | if (memchr(name, '/', len)) | ||
3529 | return -EIO; | ||
3530 | @@ -206,7 +210,7 @@ struct linux_dirent { | ||
3531 | struct getdents_callback { | ||
3532 | struct dir_context ctx; | ||
3533 | struct linux_dirent __user * current_dir; | ||
3534 | - struct linux_dirent __user * previous; | ||
3535 | + int prev_reclen; | ||
3536 | int count; | ||
3537 | int error; | ||
3538 | }; | ||
3539 | @@ -214,12 +218,13 @@ struct getdents_callback { | ||
3540 | static int filldir(struct dir_context *ctx, const char *name, int namlen, | ||
3541 | loff_t offset, u64 ino, unsigned int d_type) | ||
3542 | { | ||
3543 | - struct linux_dirent __user * dirent; | ||
3544 | + struct linux_dirent __user *dirent, *prev; | ||
3545 | struct getdents_callback *buf = | ||
3546 | container_of(ctx, struct getdents_callback, ctx); | ||
3547 | unsigned long d_ino; | ||
3548 | int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2, | ||
3549 | sizeof(long)); | ||
3550 | + int prev_reclen; | ||
3551 | |||
3552 | buf->error = verify_dirent_name(name, namlen); | ||
3553 | if (unlikely(buf->error)) | ||
3554 | @@ -232,28 +237,24 @@ static int filldir(struct dir_context *ctx, const char *name, int namlen, | ||
3555 | buf->error = -EOVERFLOW; | ||
3556 | return -EOVERFLOW; | ||
3557 | } | ||
3558 | - dirent = buf->previous; | ||
3559 | - if (dirent && signal_pending(current)) | ||
3560 | + prev_reclen = buf->prev_reclen; | ||
3561 | + if (prev_reclen && signal_pending(current)) | ||
3562 | return -EINTR; | ||
3563 | - | ||
3564 | - /* | ||
3565 | - * Note! This range-checks 'previous' (which may be NULL). | ||
3566 | - * The real range was checked in getdents | ||
3567 | - */ | ||
3568 | - if (!user_access_begin(dirent, sizeof(*dirent))) | ||
3569 | - goto efault; | ||
3570 | - if (dirent) | ||
3571 | - unsafe_put_user(offset, &dirent->d_off, efault_end); | ||
3572 | dirent = buf->current_dir; | ||
3573 | + prev = (void __user *) dirent - prev_reclen; | ||
3574 | + if (!user_access_begin(prev, reclen + prev_reclen)) | ||
3575 | + goto efault; | ||
3576 | + | ||
3577 | + /* This might be 'dirent->d_off', but if so it will get overwritten */ | ||
3578 | + unsafe_put_user(offset, &prev->d_off, efault_end); | ||
3579 | unsafe_put_user(d_ino, &dirent->d_ino, efault_end); | ||
3580 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | ||
3581 | unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); | ||
3582 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | ||
3583 | user_access_end(); | ||
3584 | |||
3585 | - buf->previous = dirent; | ||
3586 | - dirent = (void __user *)dirent + reclen; | ||
3587 | - buf->current_dir = dirent; | ||
3588 | + buf->current_dir = (void __user *)dirent + reclen; | ||
3589 | + buf->prev_reclen = reclen; | ||
3590 | buf->count -= reclen; | ||
3591 | return 0; | ||
3592 | efault_end: | ||
3593 | @@ -267,7 +268,6 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, | ||
3594 | struct linux_dirent __user *, dirent, unsigned int, count) | ||
3595 | { | ||
3596 | struct fd f; | ||
3597 | - struct linux_dirent __user * lastdirent; | ||
3598 | struct getdents_callback buf = { | ||
3599 | .ctx.actor = filldir, | ||
3600 | .count = count, | ||
3601 | @@ -285,8 +285,10 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, | ||
3602 | error = iterate_dir(f.file, &buf.ctx); | ||
3603 | if (error >= 0) | ||
3604 | error = buf.error; | ||
3605 | - lastdirent = buf.previous; | ||
3606 | - if (lastdirent) { | ||
3607 | + if (buf.prev_reclen) { | ||
3608 | + struct linux_dirent __user * lastdirent; | ||
3609 | + lastdirent = (void __user *)buf.current_dir - buf.prev_reclen; | ||
3610 | + | ||
3611 | if (put_user(buf.ctx.pos, &lastdirent->d_off)) | ||
3612 | error = -EFAULT; | ||
3613 | else | ||
3614 | @@ -299,7 +301,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, | ||
3615 | struct getdents_callback64 { | ||
3616 | struct dir_context ctx; | ||
3617 | struct linux_dirent64 __user * current_dir; | ||
3618 | - struct linux_dirent64 __user * previous; | ||
3619 | + int prev_reclen; | ||
3620 | int count; | ||
3621 | int error; | ||
3622 | }; | ||
3623 | @@ -307,11 +309,12 @@ struct getdents_callback64 { | ||
3624 | static int filldir64(struct dir_context *ctx, const char *name, int namlen, | ||
3625 | loff_t offset, u64 ino, unsigned int d_type) | ||
3626 | { | ||
3627 | - struct linux_dirent64 __user *dirent; | ||
3628 | + struct linux_dirent64 __user *dirent, *prev; | ||
3629 | struct getdents_callback64 *buf = | ||
3630 | container_of(ctx, struct getdents_callback64, ctx); | ||
3631 | int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1, | ||
3632 | sizeof(u64)); | ||
3633 | + int prev_reclen; | ||
3634 | |||
3635 | buf->error = verify_dirent_name(name, namlen); | ||
3636 | if (unlikely(buf->error)) | ||
3637 | @@ -319,30 +322,27 @@ static int filldir64(struct dir_context *ctx, const char *name, int namlen, | ||
3638 | buf->error = -EINVAL; /* only used if we fail.. */ | ||
3639 | if (reclen > buf->count) | ||
3640 | return -EINVAL; | ||
3641 | - dirent = buf->previous; | ||
3642 | - if (dirent && signal_pending(current)) | ||
3643 | + prev_reclen = buf->prev_reclen; | ||
3644 | + if (prev_reclen && signal_pending(current)) | ||
3645 | return -EINTR; | ||
3646 | - | ||
3647 | - /* | ||
3648 | - * Note! This range-checks 'previous' (which may be NULL). | ||
3649 | - * The real range was checked in getdents | ||
3650 | - */ | ||
3651 | - if (!user_access_begin(dirent, sizeof(*dirent))) | ||
3652 | - goto efault; | ||
3653 | - if (dirent) | ||
3654 | - unsafe_put_user(offset, &dirent->d_off, efault_end); | ||
3655 | dirent = buf->current_dir; | ||
3656 | + prev = (void __user *)dirent - prev_reclen; | ||
3657 | + if (!user_access_begin(prev, reclen + prev_reclen)) | ||
3658 | + goto efault; | ||
3659 | + | ||
3660 | + /* This might be 'dirent->d_off', but if so it will get overwritten */ | ||
3661 | + unsafe_put_user(offset, &prev->d_off, efault_end); | ||
3662 | unsafe_put_user(ino, &dirent->d_ino, efault_end); | ||
3663 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | ||
3664 | unsafe_put_user(d_type, &dirent->d_type, efault_end); | ||
3665 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | ||
3666 | user_access_end(); | ||
3667 | |||
3668 | - buf->previous = dirent; | ||
3669 | - dirent = (void __user *)dirent + reclen; | ||
3670 | - buf->current_dir = dirent; | ||
3671 | + buf->prev_reclen = reclen; | ||
3672 | + buf->current_dir = (void __user *)dirent + reclen; | ||
3673 | buf->count -= reclen; | ||
3674 | return 0; | ||
3675 | + | ||
3676 | efault_end: | ||
3677 | user_access_end(); | ||
3678 | efault: | ||
3679 | @@ -354,7 +354,6 @@ int ksys_getdents64(unsigned int fd, struct linux_dirent64 __user *dirent, | ||
3680 | unsigned int count) | ||
3681 | { | ||
3682 | struct fd f; | ||
3683 | - struct linux_dirent64 __user * lastdirent; | ||
3684 | struct getdents_callback64 buf = { | ||
3685 | .ctx.actor = filldir64, | ||
3686 | .count = count, | ||
3687 | @@ -372,9 +371,11 @@ int ksys_getdents64(unsigned int fd, struct linux_dirent64 __user *dirent, | ||
3688 | error = iterate_dir(f.file, &buf.ctx); | ||
3689 | if (error >= 0) | ||
3690 | error = buf.error; | ||
3691 | - lastdirent = buf.previous; | ||
3692 | - if (lastdirent) { | ||
3693 | + if (buf.prev_reclen) { | ||
3694 | + struct linux_dirent64 __user * lastdirent; | ||
3695 | typeof(lastdirent->d_off) d_off = buf.ctx.pos; | ||
3696 | + | ||
3697 | + lastdirent = (void __user *) buf.current_dir - buf.prev_reclen; | ||
3698 | if (__put_user(d_off, &lastdirent->d_off)) | ||
3699 | error = -EFAULT; | ||
3700 | else | ||
3701 | diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h | ||
3702 | index 13f09706033a..f8fde9fa479c 100644 | ||
3703 | --- a/include/linux/netdevice.h | ||
3704 | +++ b/include/linux/netdevice.h | ||
3705 | @@ -3666,6 +3666,8 @@ int dev_set_alias(struct net_device *, const char *, size_t); | ||
3706 | int dev_get_alias(const struct net_device *, char *, size_t); | ||
3707 | int dev_change_net_namespace(struct net_device *, struct net *, const char *); | ||
3708 | int __dev_set_mtu(struct net_device *, int); | ||
3709 | +int dev_validate_mtu(struct net_device *dev, int mtu, | ||
3710 | + struct netlink_ext_ack *extack); | ||
3711 | int dev_set_mtu_ext(struct net_device *dev, int mtu, | ||
3712 | struct netlink_ext_ack *extack); | ||
3713 | int dev_set_mtu(struct net_device *, int); | ||
3714 | diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h | ||
3715 | index 9bc255a8461b..77336f4c4b1c 100644 | ||
3716 | --- a/include/linux/netfilter/ipset/ip_set.h | ||
3717 | +++ b/include/linux/netfilter/ipset/ip_set.h | ||
3718 | @@ -445,13 +445,6 @@ ip6addrptr(const struct sk_buff *skb, bool src, struct in6_addr *addr) | ||
3719 | sizeof(*addr)); | ||
3720 | } | ||
3721 | |||
3722 | -/* Calculate the bytes required to store the inclusive range of a-b */ | ||
3723 | -static inline int | ||
3724 | -bitmap_bytes(u32 a, u32 b) | ||
3725 | -{ | ||
3726 | - return 4 * ((((b - a + 8) / 8) + 3) / 4); | ||
3727 | -} | ||
3728 | - | ||
3729 | /* How often should the gc be run by default */ | ||
3730 | #define IPSET_GC_TIME (3 * 60) | ||
3731 | |||
3732 | diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h | ||
3733 | index cf09ab37b45b..851425c3178f 100644 | ||
3734 | --- a/include/linux/netfilter/nfnetlink.h | ||
3735 | +++ b/include/linux/netfilter/nfnetlink.h | ||
3736 | @@ -31,7 +31,7 @@ struct nfnetlink_subsystem { | ||
3737 | const struct nfnl_callback *cb; /* callback for individual types */ | ||
3738 | struct module *owner; | ||
3739 | int (*commit)(struct net *net, struct sk_buff *skb); | ||
3740 | - int (*abort)(struct net *net, struct sk_buff *skb); | ||
3741 | + int (*abort)(struct net *net, struct sk_buff *skb, bool autoload); | ||
3742 | void (*cleanup)(struct net *net); | ||
3743 | bool (*valid_genid)(struct net *net, u32 genid); | ||
3744 | }; | ||
3745 | diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h | ||
3746 | index 286fd960896f..a1a8d45adb42 100644 | ||
3747 | --- a/include/net/netns/nftables.h | ||
3748 | +++ b/include/net/netns/nftables.h | ||
3749 | @@ -7,6 +7,7 @@ | ||
3750 | struct netns_nftables { | ||
3751 | struct list_head tables; | ||
3752 | struct list_head commit_list; | ||
3753 | + struct list_head module_list; | ||
3754 | struct mutex commit_mutex; | ||
3755 | unsigned int base_seq; | ||
3756 | u8 gencursor; | ||
3757 | diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h | ||
3758 | index 9a0e8af21310..a5ccfa67bc5c 100644 | ||
3759 | --- a/include/trace/events/xen.h | ||
3760 | +++ b/include/trace/events/xen.h | ||
3761 | @@ -66,7 +66,11 @@ TRACE_EVENT(xen_mc_callback, | ||
3762 | TP_PROTO(xen_mc_callback_fn_t fn, void *data), | ||
3763 | TP_ARGS(fn, data), | ||
3764 | TP_STRUCT__entry( | ||
3765 | - __field(xen_mc_callback_fn_t, fn) | ||
3766 | + /* | ||
3767 | + * Use field_struct to avoid is_signed_type() | ||
3768 | + * comparison of a function pointer. | ||
3769 | + */ | ||
3770 | + __field_struct(xen_mc_callback_fn_t, fn) | ||
3771 | __field(void *, data) | ||
3772 | ), | ||
3773 | TP_fast_assign( | ||
3774 | diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c | ||
3775 | index 26b9168321e7..d65f2d5ab694 100644 | ||
3776 | --- a/kernel/power/snapshot.c | ||
3777 | +++ b/kernel/power/snapshot.c | ||
3778 | @@ -1147,24 +1147,24 @@ void free_basic_memory_bitmaps(void) | ||
3779 | |||
3780 | void clear_free_pages(void) | ||
3781 | { | ||
3782 | -#ifdef CONFIG_PAGE_POISONING_ZERO | ||
3783 | struct memory_bitmap *bm = free_pages_map; | ||
3784 | unsigned long pfn; | ||
3785 | |||
3786 | if (WARN_ON(!(free_pages_map))) | ||
3787 | return; | ||
3788 | |||
3789 | - memory_bm_position_reset(bm); | ||
3790 | - pfn = memory_bm_next_pfn(bm); | ||
3791 | - while (pfn != BM_END_OF_MAP) { | ||
3792 | - if (pfn_valid(pfn)) | ||
3793 | - clear_highpage(pfn_to_page(pfn)); | ||
3794 | - | ||
3795 | + if (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) || want_init_on_free()) { | ||
3796 | + memory_bm_position_reset(bm); | ||
3797 | pfn = memory_bm_next_pfn(bm); | ||
3798 | + while (pfn != BM_END_OF_MAP) { | ||
3799 | + if (pfn_valid(pfn)) | ||
3800 | + clear_highpage(pfn_to_page(pfn)); | ||
3801 | + | ||
3802 | + pfn = memory_bm_next_pfn(bm); | ||
3803 | + } | ||
3804 | + memory_bm_position_reset(bm); | ||
3805 | + pr_info("free pages cleared after restore\n"); | ||
3806 | } | ||
3807 | - memory_bm_position_reset(bm); | ||
3808 | - pr_info("free pages cleared after restore\n"); | ||
3809 | -#endif /* PAGE_POISONING_ZERO */ | ||
3810 | } | ||
3811 | |||
3812 | /** | ||
3813 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c | ||
3814 | index bcb72f102613..341aab32c946 100644 | ||
3815 | --- a/kernel/trace/trace.c | ||
3816 | +++ b/kernel/trace/trace.c | ||
3817 | @@ -9270,6 +9270,11 @@ __init static int tracing_set_default_clock(void) | ||
3818 | { | ||
3819 | /* sched_clock_stable() is determined in late_initcall */ | ||
3820 | if (!trace_boot_clock && !sched_clock_stable()) { | ||
3821 | + if (security_locked_down(LOCKDOWN_TRACEFS)) { | ||
3822 | + pr_warn("Can not set tracing clock due to lockdown\n"); | ||
3823 | + return -EPERM; | ||
3824 | + } | ||
3825 | + | ||
3826 | printk(KERN_WARNING | ||
3827 | "Unstable clock detected, switching default tracing clock to \"global\"\n" | ||
3828 | "If you want to keep using the local clock, then add:\n" | ||
3829 | diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c | ||
3830 | index c2783915600c..205692181e7b 100644 | ||
3831 | --- a/kernel/trace/trace_events_hist.c | ||
3832 | +++ b/kernel/trace/trace_events_hist.c | ||
3833 | @@ -116,6 +116,7 @@ struct hist_field { | ||
3834 | struct ftrace_event_field *field; | ||
3835 | unsigned long flags; | ||
3836 | hist_field_fn_t fn; | ||
3837 | + unsigned int ref; | ||
3838 | unsigned int size; | ||
3839 | unsigned int offset; | ||
3840 | unsigned int is_signed; | ||
3841 | @@ -1766,11 +1767,13 @@ static struct hist_field *find_var(struct hist_trigger_data *hist_data, | ||
3842 | struct event_trigger_data *test; | ||
3843 | struct hist_field *hist_field; | ||
3844 | |||
3845 | + lockdep_assert_held(&event_mutex); | ||
3846 | + | ||
3847 | hist_field = find_var_field(hist_data, var_name); | ||
3848 | if (hist_field) | ||
3849 | return hist_field; | ||
3850 | |||
3851 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3852 | + list_for_each_entry(test, &file->triggers, list) { | ||
3853 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3854 | test_data = test->private_data; | ||
3855 | hist_field = find_var_field(test_data, var_name); | ||
3856 | @@ -1820,7 +1823,9 @@ static struct hist_field *find_file_var(struct trace_event_file *file, | ||
3857 | struct event_trigger_data *test; | ||
3858 | struct hist_field *hist_field; | ||
3859 | |||
3860 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3861 | + lockdep_assert_held(&event_mutex); | ||
3862 | + | ||
3863 | + list_for_each_entry(test, &file->triggers, list) { | ||
3864 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3865 | test_data = test->private_data; | ||
3866 | hist_field = find_var_field(test_data, var_name); | ||
3867 | @@ -2423,8 +2428,16 @@ static int contains_operator(char *str) | ||
3868 | return field_op; | ||
3869 | } | ||
3870 | |||
3871 | +static void get_hist_field(struct hist_field *hist_field) | ||
3872 | +{ | ||
3873 | + hist_field->ref++; | ||
3874 | +} | ||
3875 | + | ||
3876 | static void __destroy_hist_field(struct hist_field *hist_field) | ||
3877 | { | ||
3878 | + if (--hist_field->ref > 1) | ||
3879 | + return; | ||
3880 | + | ||
3881 | kfree(hist_field->var.name); | ||
3882 | kfree(hist_field->name); | ||
3883 | kfree(hist_field->type); | ||
3884 | @@ -2466,6 +2479,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data, | ||
3885 | if (!hist_field) | ||
3886 | return NULL; | ||
3887 | |||
3888 | + hist_field->ref = 1; | ||
3889 | + | ||
3890 | hist_field->hist_data = hist_data; | ||
3891 | |||
3892 | if (flags & HIST_FIELD_FL_EXPR || flags & HIST_FIELD_FL_ALIAS) | ||
3893 | @@ -2661,6 +2676,17 @@ static struct hist_field *create_var_ref(struct hist_trigger_data *hist_data, | ||
3894 | { | ||
3895 | unsigned long flags = HIST_FIELD_FL_VAR_REF; | ||
3896 | struct hist_field *ref_field; | ||
3897 | + int i; | ||
3898 | + | ||
3899 | + /* Check if the variable already exists */ | ||
3900 | + for (i = 0; i < hist_data->n_var_refs; i++) { | ||
3901 | + ref_field = hist_data->var_refs[i]; | ||
3902 | + if (ref_field->var.idx == var_field->var.idx && | ||
3903 | + ref_field->var.hist_data == var_field->hist_data) { | ||
3904 | + get_hist_field(ref_field); | ||
3905 | + return ref_field; | ||
3906 | + } | ||
3907 | + } | ||
3908 | |||
3909 | ref_field = create_hist_field(var_field->hist_data, NULL, flags, NULL); | ||
3910 | if (ref_field) { | ||
3911 | @@ -3115,7 +3141,9 @@ static char *find_trigger_filter(struct hist_trigger_data *hist_data, | ||
3912 | { | ||
3913 | struct event_trigger_data *test; | ||
3914 | |||
3915 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3916 | + lockdep_assert_held(&event_mutex); | ||
3917 | + | ||
3918 | + list_for_each_entry(test, &file->triggers, list) { | ||
3919 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3920 | if (test->private_data == hist_data) | ||
3921 | return test->filter_str; | ||
3922 | @@ -3166,9 +3194,11 @@ find_compatible_hist(struct hist_trigger_data *target_hist_data, | ||
3923 | struct event_trigger_data *test; | ||
3924 | unsigned int n_keys; | ||
3925 | |||
3926 | + lockdep_assert_held(&event_mutex); | ||
3927 | + | ||
3928 | n_keys = target_hist_data->n_fields - target_hist_data->n_vals; | ||
3929 | |||
3930 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3931 | + list_for_each_entry(test, &file->triggers, list) { | ||
3932 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3933 | hist_data = test->private_data; | ||
3934 | |||
3935 | @@ -5528,7 +5558,7 @@ static int hist_show(struct seq_file *m, void *v) | ||
3936 | goto out_unlock; | ||
3937 | } | ||
3938 | |||
3939 | - list_for_each_entry_rcu(data, &event_file->triggers, list) { | ||
3940 | + list_for_each_entry(data, &event_file->triggers, list) { | ||
3941 | if (data->cmd_ops->trigger_type == ETT_EVENT_HIST) | ||
3942 | hist_trigger_show(m, data, n++); | ||
3943 | } | ||
3944 | @@ -5921,7 +5951,9 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops, | ||
3945 | if (hist_data->attrs->name && !named_data) | ||
3946 | goto new; | ||
3947 | |||
3948 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3949 | + lockdep_assert_held(&event_mutex); | ||
3950 | + | ||
3951 | + list_for_each_entry(test, &file->triggers, list) { | ||
3952 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3953 | if (!hist_trigger_match(data, test, named_data, false)) | ||
3954 | continue; | ||
3955 | @@ -6005,10 +6037,12 @@ static bool have_hist_trigger_match(struct event_trigger_data *data, | ||
3956 | struct event_trigger_data *test, *named_data = NULL; | ||
3957 | bool match = false; | ||
3958 | |||
3959 | + lockdep_assert_held(&event_mutex); | ||
3960 | + | ||
3961 | if (hist_data->attrs->name) | ||
3962 | named_data = find_named_trigger(hist_data->attrs->name); | ||
3963 | |||
3964 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3965 | + list_for_each_entry(test, &file->triggers, list) { | ||
3966 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3967 | if (hist_trigger_match(data, test, named_data, false)) { | ||
3968 | match = true; | ||
3969 | @@ -6026,10 +6060,12 @@ static bool hist_trigger_check_refs(struct event_trigger_data *data, | ||
3970 | struct hist_trigger_data *hist_data = data->private_data; | ||
3971 | struct event_trigger_data *test, *named_data = NULL; | ||
3972 | |||
3973 | + lockdep_assert_held(&event_mutex); | ||
3974 | + | ||
3975 | if (hist_data->attrs->name) | ||
3976 | named_data = find_named_trigger(hist_data->attrs->name); | ||
3977 | |||
3978 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3979 | + list_for_each_entry(test, &file->triggers, list) { | ||
3980 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3981 | if (!hist_trigger_match(data, test, named_data, false)) | ||
3982 | continue; | ||
3983 | @@ -6051,10 +6087,12 @@ static void hist_unregister_trigger(char *glob, struct event_trigger_ops *ops, | ||
3984 | struct event_trigger_data *test, *named_data = NULL; | ||
3985 | bool unregistered = false; | ||
3986 | |||
3987 | + lockdep_assert_held(&event_mutex); | ||
3988 | + | ||
3989 | if (hist_data->attrs->name) | ||
3990 | named_data = find_named_trigger(hist_data->attrs->name); | ||
3991 | |||
3992 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
3993 | + list_for_each_entry(test, &file->triggers, list) { | ||
3994 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
3995 | if (!hist_trigger_match(data, test, named_data, false)) | ||
3996 | continue; | ||
3997 | @@ -6080,7 +6118,9 @@ static bool hist_file_check_refs(struct trace_event_file *file) | ||
3998 | struct hist_trigger_data *hist_data; | ||
3999 | struct event_trigger_data *test; | ||
4000 | |||
4001 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
4002 | + lockdep_assert_held(&event_mutex); | ||
4003 | + | ||
4004 | + list_for_each_entry(test, &file->triggers, list) { | ||
4005 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
4006 | hist_data = test->private_data; | ||
4007 | if (check_var_refs(hist_data)) | ||
4008 | @@ -6323,7 +6363,8 @@ hist_enable_trigger(struct event_trigger_data *data, void *rec, | ||
4009 | struct enable_trigger_data *enable_data = data->private_data; | ||
4010 | struct event_trigger_data *test; | ||
4011 | |||
4012 | - list_for_each_entry_rcu(test, &enable_data->file->triggers, list) { | ||
4013 | + list_for_each_entry_rcu(test, &enable_data->file->triggers, list, | ||
4014 | + lockdep_is_held(&event_mutex)) { | ||
4015 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
4016 | if (enable_data->enable) | ||
4017 | test->paused = false; | ||
4018 | diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c | ||
4019 | index 2cd53ca21b51..40106fff06a4 100644 | ||
4020 | --- a/kernel/trace/trace_events_trigger.c | ||
4021 | +++ b/kernel/trace/trace_events_trigger.c | ||
4022 | @@ -501,7 +501,9 @@ void update_cond_flag(struct trace_event_file *file) | ||
4023 | struct event_trigger_data *data; | ||
4024 | bool set_cond = false; | ||
4025 | |||
4026 | - list_for_each_entry_rcu(data, &file->triggers, list) { | ||
4027 | + lockdep_assert_held(&event_mutex); | ||
4028 | + | ||
4029 | + list_for_each_entry(data, &file->triggers, list) { | ||
4030 | if (data->filter || event_command_post_trigger(data->cmd_ops) || | ||
4031 | event_command_needs_rec(data->cmd_ops)) { | ||
4032 | set_cond = true; | ||
4033 | @@ -536,7 +538,9 @@ static int register_trigger(char *glob, struct event_trigger_ops *ops, | ||
4034 | struct event_trigger_data *test; | ||
4035 | int ret = 0; | ||
4036 | |||
4037 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
4038 | + lockdep_assert_held(&event_mutex); | ||
4039 | + | ||
4040 | + list_for_each_entry(test, &file->triggers, list) { | ||
4041 | if (test->cmd_ops->trigger_type == data->cmd_ops->trigger_type) { | ||
4042 | ret = -EEXIST; | ||
4043 | goto out; | ||
4044 | @@ -581,7 +585,9 @@ static void unregister_trigger(char *glob, struct event_trigger_ops *ops, | ||
4045 | struct event_trigger_data *data; | ||
4046 | bool unregistered = false; | ||
4047 | |||
4048 | - list_for_each_entry_rcu(data, &file->triggers, list) { | ||
4049 | + lockdep_assert_held(&event_mutex); | ||
4050 | + | ||
4051 | + list_for_each_entry(data, &file->triggers, list) { | ||
4052 | if (data->cmd_ops->trigger_type == test->cmd_ops->trigger_type) { | ||
4053 | unregistered = true; | ||
4054 | list_del_rcu(&data->list); | ||
4055 | @@ -1497,7 +1503,9 @@ int event_enable_register_trigger(char *glob, | ||
4056 | struct event_trigger_data *test; | ||
4057 | int ret = 0; | ||
4058 | |||
4059 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
4060 | + lockdep_assert_held(&event_mutex); | ||
4061 | + | ||
4062 | + list_for_each_entry(test, &file->triggers, list) { | ||
4063 | test_enable_data = test->private_data; | ||
4064 | if (test_enable_data && | ||
4065 | (test->cmd_ops->trigger_type == | ||
4066 | @@ -1537,7 +1545,9 @@ void event_enable_unregister_trigger(char *glob, | ||
4067 | struct event_trigger_data *data; | ||
4068 | bool unregistered = false; | ||
4069 | |||
4070 | - list_for_each_entry_rcu(data, &file->triggers, list) { | ||
4071 | + lockdep_assert_held(&event_mutex); | ||
4072 | + | ||
4073 | + list_for_each_entry(data, &file->triggers, list) { | ||
4074 | enable_data = data->private_data; | ||
4075 | if (enable_data && | ||
4076 | (data->cmd_ops->trigger_type == | ||
4077 | diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c | ||
4078 | index 7f890262c8a3..3e5f9c7d939c 100644 | ||
4079 | --- a/kernel/trace/trace_kprobe.c | ||
4080 | +++ b/kernel/trace/trace_kprobe.c | ||
4081 | @@ -290,7 +290,7 @@ static struct trace_kprobe *alloc_trace_kprobe(const char *group, | ||
4082 | INIT_HLIST_NODE(&tk->rp.kp.hlist); | ||
4083 | INIT_LIST_HEAD(&tk->rp.kp.list); | ||
4084 | |||
4085 | - ret = trace_probe_init(&tk->tp, event, group); | ||
4086 | + ret = trace_probe_init(&tk->tp, event, group, 0); | ||
4087 | if (ret < 0) | ||
4088 | goto error; | ||
4089 | |||
4090 | diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c | ||
4091 | index 905b10af5d5c..bba18cf44a30 100644 | ||
4092 | --- a/kernel/trace/trace_probe.c | ||
4093 | +++ b/kernel/trace/trace_probe.c | ||
4094 | @@ -984,7 +984,7 @@ void trace_probe_cleanup(struct trace_probe *tp) | ||
4095 | } | ||
4096 | |||
4097 | int trace_probe_init(struct trace_probe *tp, const char *event, | ||
4098 | - const char *group) | ||
4099 | + const char *group, size_t event_data_size) | ||
4100 | { | ||
4101 | struct trace_event_call *call; | ||
4102 | int ret = 0; | ||
4103 | @@ -992,7 +992,8 @@ int trace_probe_init(struct trace_probe *tp, const char *event, | ||
4104 | if (!event || !group) | ||
4105 | return -EINVAL; | ||
4106 | |||
4107 | - tp->event = kzalloc(sizeof(struct trace_probe_event), GFP_KERNEL); | ||
4108 | + tp->event = kzalloc(sizeof(struct trace_probe_event) + event_data_size, | ||
4109 | + GFP_KERNEL); | ||
4110 | if (!tp->event) | ||
4111 | return -ENOMEM; | ||
4112 | |||
4113 | diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h | ||
4114 | index 4ee703728aec..03e4e180058d 100644 | ||
4115 | --- a/kernel/trace/trace_probe.h | ||
4116 | +++ b/kernel/trace/trace_probe.h | ||
4117 | @@ -230,6 +230,7 @@ struct trace_probe_event { | ||
4118 | struct trace_event_call call; | ||
4119 | struct list_head files; | ||
4120 | struct list_head probes; | ||
4121 | + char data[0]; | ||
4122 | }; | ||
4123 | |||
4124 | struct trace_probe { | ||
4125 | @@ -322,7 +323,7 @@ static inline bool trace_probe_has_single_file(struct trace_probe *tp) | ||
4126 | } | ||
4127 | |||
4128 | int trace_probe_init(struct trace_probe *tp, const char *event, | ||
4129 | - const char *group); | ||
4130 | + const char *group, size_t event_data_size); | ||
4131 | void trace_probe_cleanup(struct trace_probe *tp); | ||
4132 | int trace_probe_append(struct trace_probe *tp, struct trace_probe *to); | ||
4133 | void trace_probe_unlink(struct trace_probe *tp); | ||
4134 | diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c | ||
4135 | index 352073d36585..f66e202fec13 100644 | ||
4136 | --- a/kernel/trace/trace_uprobe.c | ||
4137 | +++ b/kernel/trace/trace_uprobe.c | ||
4138 | @@ -60,7 +60,6 @@ static struct dyn_event_operations trace_uprobe_ops = { | ||
4139 | */ | ||
4140 | struct trace_uprobe { | ||
4141 | struct dyn_event devent; | ||
4142 | - struct trace_uprobe_filter filter; | ||
4143 | struct uprobe_consumer consumer; | ||
4144 | struct path path; | ||
4145 | struct inode *inode; | ||
4146 | @@ -264,6 +263,14 @@ process_fetch_insn(struct fetch_insn *code, struct pt_regs *regs, void *dest, | ||
4147 | } | ||
4148 | NOKPROBE_SYMBOL(process_fetch_insn) | ||
4149 | |||
4150 | +static struct trace_uprobe_filter * | ||
4151 | +trace_uprobe_get_filter(struct trace_uprobe *tu) | ||
4152 | +{ | ||
4153 | + struct trace_probe_event *event = tu->tp.event; | ||
4154 | + | ||
4155 | + return (struct trace_uprobe_filter *)&event->data[0]; | ||
4156 | +} | ||
4157 | + | ||
4158 | static inline void init_trace_uprobe_filter(struct trace_uprobe_filter *filter) | ||
4159 | { | ||
4160 | rwlock_init(&filter->rwlock); | ||
4161 | @@ -351,7 +358,8 @@ alloc_trace_uprobe(const char *group, const char *event, int nargs, bool is_ret) | ||
4162 | if (!tu) | ||
4163 | return ERR_PTR(-ENOMEM); | ||
4164 | |||
4165 | - ret = trace_probe_init(&tu->tp, event, group); | ||
4166 | + ret = trace_probe_init(&tu->tp, event, group, | ||
4167 | + sizeof(struct trace_uprobe_filter)); | ||
4168 | if (ret < 0) | ||
4169 | goto error; | ||
4170 | |||
4171 | @@ -359,7 +367,7 @@ alloc_trace_uprobe(const char *group, const char *event, int nargs, bool is_ret) | ||
4172 | tu->consumer.handler = uprobe_dispatcher; | ||
4173 | if (is_ret) | ||
4174 | tu->consumer.ret_handler = uretprobe_dispatcher; | ||
4175 | - init_trace_uprobe_filter(&tu->filter); | ||
4176 | + init_trace_uprobe_filter(trace_uprobe_get_filter(tu)); | ||
4177 | return tu; | ||
4178 | |||
4179 | error: | ||
4180 | @@ -1067,13 +1075,14 @@ static void __probe_event_disable(struct trace_probe *tp) | ||
4181 | struct trace_probe *pos; | ||
4182 | struct trace_uprobe *tu; | ||
4183 | |||
4184 | + tu = container_of(tp, struct trace_uprobe, tp); | ||
4185 | + WARN_ON(!uprobe_filter_is_empty(trace_uprobe_get_filter(tu))); | ||
4186 | + | ||
4187 | list_for_each_entry(pos, trace_probe_probe_list(tp), list) { | ||
4188 | tu = container_of(pos, struct trace_uprobe, tp); | ||
4189 | if (!tu->inode) | ||
4190 | continue; | ||
4191 | |||
4192 | - WARN_ON(!uprobe_filter_is_empty(&tu->filter)); | ||
4193 | - | ||
4194 | uprobe_unregister(tu->inode, tu->offset, &tu->consumer); | ||
4195 | tu->inode = NULL; | ||
4196 | } | ||
4197 | @@ -1108,7 +1117,7 @@ static int probe_event_enable(struct trace_event_call *call, | ||
4198 | } | ||
4199 | |||
4200 | tu = container_of(tp, struct trace_uprobe, tp); | ||
4201 | - WARN_ON(!uprobe_filter_is_empty(&tu->filter)); | ||
4202 | + WARN_ON(!uprobe_filter_is_empty(trace_uprobe_get_filter(tu))); | ||
4203 | |||
4204 | if (enabled) | ||
4205 | return 0; | ||
4206 | @@ -1205,39 +1214,39 @@ __uprobe_perf_filter(struct trace_uprobe_filter *filter, struct mm_struct *mm) | ||
4207 | } | ||
4208 | |||
4209 | static inline bool | ||
4210 | -uprobe_filter_event(struct trace_uprobe *tu, struct perf_event *event) | ||
4211 | +trace_uprobe_filter_event(struct trace_uprobe_filter *filter, | ||
4212 | + struct perf_event *event) | ||
4213 | { | ||
4214 | - return __uprobe_perf_filter(&tu->filter, event->hw.target->mm); | ||
4215 | + return __uprobe_perf_filter(filter, event->hw.target->mm); | ||
4216 | } | ||
4217 | |||
4218 | -static int uprobe_perf_close(struct trace_uprobe *tu, struct perf_event *event) | ||
4219 | +static bool trace_uprobe_filter_remove(struct trace_uprobe_filter *filter, | ||
4220 | + struct perf_event *event) | ||
4221 | { | ||
4222 | bool done; | ||
4223 | |||
4224 | - write_lock(&tu->filter.rwlock); | ||
4225 | + write_lock(&filter->rwlock); | ||
4226 | if (event->hw.target) { | ||
4227 | list_del(&event->hw.tp_list); | ||
4228 | - done = tu->filter.nr_systemwide || | ||
4229 | + done = filter->nr_systemwide || | ||
4230 | (event->hw.target->flags & PF_EXITING) || | ||
4231 | - uprobe_filter_event(tu, event); | ||
4232 | + trace_uprobe_filter_event(filter, event); | ||
4233 | } else { | ||
4234 | - tu->filter.nr_systemwide--; | ||
4235 | - done = tu->filter.nr_systemwide; | ||
4236 | + filter->nr_systemwide--; | ||
4237 | + done = filter->nr_systemwide; | ||
4238 | } | ||
4239 | - write_unlock(&tu->filter.rwlock); | ||
4240 | - | ||
4241 | - if (!done) | ||
4242 | - return uprobe_apply(tu->inode, tu->offset, &tu->consumer, false); | ||
4243 | + write_unlock(&filter->rwlock); | ||
4244 | |||
4245 | - return 0; | ||
4246 | + return done; | ||
4247 | } | ||
4248 | |||
4249 | -static int uprobe_perf_open(struct trace_uprobe *tu, struct perf_event *event) | ||
4250 | +/* This returns true if the filter always covers target mm */ | ||
4251 | +static bool trace_uprobe_filter_add(struct trace_uprobe_filter *filter, | ||
4252 | + struct perf_event *event) | ||
4253 | { | ||
4254 | bool done; | ||
4255 | - int err; | ||
4256 | |||
4257 | - write_lock(&tu->filter.rwlock); | ||
4258 | + write_lock(&filter->rwlock); | ||
4259 | if (event->hw.target) { | ||
4260 | /* | ||
4261 | * event->parent != NULL means copy_process(), we can avoid | ||
4262 | @@ -1247,28 +1256,21 @@ static int uprobe_perf_open(struct trace_uprobe *tu, struct perf_event *event) | ||
4263 | * attr.enable_on_exec means that exec/mmap will install the | ||
4264 | * breakpoints we need. | ||
4265 | */ | ||
4266 | - done = tu->filter.nr_systemwide || | ||
4267 | + done = filter->nr_systemwide || | ||
4268 | event->parent || event->attr.enable_on_exec || | ||
4269 | - uprobe_filter_event(tu, event); | ||
4270 | - list_add(&event->hw.tp_list, &tu->filter.perf_events); | ||
4271 | + trace_uprobe_filter_event(filter, event); | ||
4272 | + list_add(&event->hw.tp_list, &filter->perf_events); | ||
4273 | } else { | ||
4274 | - done = tu->filter.nr_systemwide; | ||
4275 | - tu->filter.nr_systemwide++; | ||
4276 | + done = filter->nr_systemwide; | ||
4277 | + filter->nr_systemwide++; | ||
4278 | } | ||
4279 | - write_unlock(&tu->filter.rwlock); | ||
4280 | + write_unlock(&filter->rwlock); | ||
4281 | |||
4282 | - err = 0; | ||
4283 | - if (!done) { | ||
4284 | - err = uprobe_apply(tu->inode, tu->offset, &tu->consumer, true); | ||
4285 | - if (err) | ||
4286 | - uprobe_perf_close(tu, event); | ||
4287 | - } | ||
4288 | - return err; | ||
4289 | + return done; | ||
4290 | } | ||
4291 | |||
4292 | -static int uprobe_perf_multi_call(struct trace_event_call *call, | ||
4293 | - struct perf_event *event, | ||
4294 | - int (*op)(struct trace_uprobe *tu, struct perf_event *event)) | ||
4295 | +static int uprobe_perf_close(struct trace_event_call *call, | ||
4296 | + struct perf_event *event) | ||
4297 | { | ||
4298 | struct trace_probe *pos, *tp; | ||
4299 | struct trace_uprobe *tu; | ||
4300 | @@ -1278,25 +1280,59 @@ static int uprobe_perf_multi_call(struct trace_event_call *call, | ||
4301 | if (WARN_ON_ONCE(!tp)) | ||
4302 | return -ENODEV; | ||
4303 | |||
4304 | + tu = container_of(tp, struct trace_uprobe, tp); | ||
4305 | + if (trace_uprobe_filter_remove(trace_uprobe_get_filter(tu), event)) | ||
4306 | + return 0; | ||
4307 | + | ||
4308 | list_for_each_entry(pos, trace_probe_probe_list(tp), list) { | ||
4309 | tu = container_of(pos, struct trace_uprobe, tp); | ||
4310 | - ret = op(tu, event); | ||
4311 | + ret = uprobe_apply(tu->inode, tu->offset, &tu->consumer, false); | ||
4312 | if (ret) | ||
4313 | break; | ||
4314 | } | ||
4315 | |||
4316 | return ret; | ||
4317 | } | ||
4318 | + | ||
4319 | +static int uprobe_perf_open(struct trace_event_call *call, | ||
4320 | + struct perf_event *event) | ||
4321 | +{ | ||
4322 | + struct trace_probe *pos, *tp; | ||
4323 | + struct trace_uprobe *tu; | ||
4324 | + int err = 0; | ||
4325 | + | ||
4326 | + tp = trace_probe_primary_from_call(call); | ||
4327 | + if (WARN_ON_ONCE(!tp)) | ||
4328 | + return -ENODEV; | ||
4329 | + | ||
4330 | + tu = container_of(tp, struct trace_uprobe, tp); | ||
4331 | + if (trace_uprobe_filter_add(trace_uprobe_get_filter(tu), event)) | ||
4332 | + return 0; | ||
4333 | + | ||
4334 | + list_for_each_entry(pos, trace_probe_probe_list(tp), list) { | ||
4335 | + err = uprobe_apply(tu->inode, tu->offset, &tu->consumer, true); | ||
4336 | + if (err) { | ||
4337 | + uprobe_perf_close(call, event); | ||
4338 | + break; | ||
4339 | + } | ||
4340 | + } | ||
4341 | + | ||
4342 | + return err; | ||
4343 | +} | ||
4344 | + | ||
4345 | static bool uprobe_perf_filter(struct uprobe_consumer *uc, | ||
4346 | enum uprobe_filter_ctx ctx, struct mm_struct *mm) | ||
4347 | { | ||
4348 | + struct trace_uprobe_filter *filter; | ||
4349 | struct trace_uprobe *tu; | ||
4350 | int ret; | ||
4351 | |||
4352 | tu = container_of(uc, struct trace_uprobe, consumer); | ||
4353 | - read_lock(&tu->filter.rwlock); | ||
4354 | - ret = __uprobe_perf_filter(&tu->filter, mm); | ||
4355 | - read_unlock(&tu->filter.rwlock); | ||
4356 | + filter = trace_uprobe_get_filter(tu); | ||
4357 | + | ||
4358 | + read_lock(&filter->rwlock); | ||
4359 | + ret = __uprobe_perf_filter(filter, mm); | ||
4360 | + read_unlock(&filter->rwlock); | ||
4361 | |||
4362 | return ret; | ||
4363 | } | ||
4364 | @@ -1419,10 +1455,10 @@ trace_uprobe_register(struct trace_event_call *event, enum trace_reg type, | ||
4365 | return 0; | ||
4366 | |||
4367 | case TRACE_REG_PERF_OPEN: | ||
4368 | - return uprobe_perf_multi_call(event, data, uprobe_perf_open); | ||
4369 | + return uprobe_perf_open(event, data); | ||
4370 | |||
4371 | case TRACE_REG_PERF_CLOSE: | ||
4372 | - return uprobe_perf_multi_call(event, data, uprobe_perf_close); | ||
4373 | + return uprobe_perf_close(event, data); | ||
4374 | |||
4375 | #endif | ||
4376 | default: | ||
4377 | diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c | ||
4378 | index dccb95af6003..706020b06617 100644 | ||
4379 | --- a/lib/strncpy_from_user.c | ||
4380 | +++ b/lib/strncpy_from_user.c | ||
4381 | @@ -30,13 +30,6 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, | ||
4382 | const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; | ||
4383 | unsigned long res = 0; | ||
4384 | |||
4385 | - /* | ||
4386 | - * Truncate 'max' to the user-specified limit, so that | ||
4387 | - * we only have one limit we need to check in the loop | ||
4388 | - */ | ||
4389 | - if (max > count) | ||
4390 | - max = count; | ||
4391 | - | ||
4392 | if (IS_UNALIGNED(src, dst)) | ||
4393 | goto byte_at_a_time; | ||
4394 | |||
4395 | @@ -114,6 +107,13 @@ long strncpy_from_user(char *dst, const char __user *src, long count) | ||
4396 | unsigned long max = max_addr - src_addr; | ||
4397 | long retval; | ||
4398 | |||
4399 | + /* | ||
4400 | + * Truncate 'max' to the user-specified limit, so that | ||
4401 | + * we only have one limit we need to check in the loop | ||
4402 | + */ | ||
4403 | + if (max > count) | ||
4404 | + max = count; | ||
4405 | + | ||
4406 | kasan_check_write(dst, count); | ||
4407 | check_object_size(dst, count, false); | ||
4408 | if (user_access_begin(src, max)) { | ||
4409 | diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c | ||
4410 | index 6c0005d5dd5c..41670d4a5816 100644 | ||
4411 | --- a/lib/strnlen_user.c | ||
4412 | +++ b/lib/strnlen_user.c | ||
4413 | @@ -26,13 +26,6 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, | ||
4414 | unsigned long align, res = 0; | ||
4415 | unsigned long c; | ||
4416 | |||
4417 | - /* | ||
4418 | - * Truncate 'max' to the user-specified limit, so that | ||
4419 | - * we only have one limit we need to check in the loop | ||
4420 | - */ | ||
4421 | - if (max > count) | ||
4422 | - max = count; | ||
4423 | - | ||
4424 | /* | ||
4425 | * Do everything aligned. But that means that we | ||
4426 | * need to also expand the maximum.. | ||
4427 | @@ -109,6 +102,13 @@ long strnlen_user(const char __user *str, long count) | ||
4428 | unsigned long max = max_addr - src_addr; | ||
4429 | long retval; | ||
4430 | |||
4431 | + /* | ||
4432 | + * Truncate 'max' to the user-specified limit, so that | ||
4433 | + * we only have one limit we need to check in the loop | ||
4434 | + */ | ||
4435 | + if (max > count) | ||
4436 | + max = count; | ||
4437 | + | ||
4438 | if (user_access_begin(str, max)) { | ||
4439 | retval = do_strnlen_user(str, count, max); | ||
4440 | user_access_end(); | ||
4441 | diff --git a/lib/test_xarray.c b/lib/test_xarray.c | ||
4442 | index 7df4f7f395bf..03c3f42966ce 100644 | ||
4443 | --- a/lib/test_xarray.c | ||
4444 | +++ b/lib/test_xarray.c | ||
4445 | @@ -2,6 +2,7 @@ | ||
4446 | /* | ||
4447 | * test_xarray.c: Test the XArray API | ||
4448 | * Copyright (c) 2017-2018 Microsoft Corporation | ||
4449 | + * Copyright (c) 2019-2020 Oracle | ||
4450 | * Author: Matthew Wilcox <willy@infradead.org> | ||
4451 | */ | ||
4452 | |||
4453 | @@ -902,28 +903,34 @@ static noinline void check_store_iter(struct xarray *xa) | ||
4454 | XA_BUG_ON(xa, !xa_empty(xa)); | ||
4455 | } | ||
4456 | |||
4457 | -static noinline void check_multi_find(struct xarray *xa) | ||
4458 | +static noinline void check_multi_find_1(struct xarray *xa, unsigned order) | ||
4459 | { | ||
4460 | #ifdef CONFIG_XARRAY_MULTI | ||
4461 | + unsigned long multi = 3 << order; | ||
4462 | + unsigned long next = 4 << order; | ||
4463 | unsigned long index; | ||
4464 | |||
4465 | - xa_store_order(xa, 12, 2, xa_mk_value(12), GFP_KERNEL); | ||
4466 | - XA_BUG_ON(xa, xa_store_index(xa, 16, GFP_KERNEL) != NULL); | ||
4467 | + xa_store_order(xa, multi, order, xa_mk_value(multi), GFP_KERNEL); | ||
4468 | + XA_BUG_ON(xa, xa_store_index(xa, next, GFP_KERNEL) != NULL); | ||
4469 | + XA_BUG_ON(xa, xa_store_index(xa, next + 1, GFP_KERNEL) != NULL); | ||
4470 | |||
4471 | index = 0; | ||
4472 | XA_BUG_ON(xa, xa_find(xa, &index, ULONG_MAX, XA_PRESENT) != | ||
4473 | - xa_mk_value(12)); | ||
4474 | - XA_BUG_ON(xa, index != 12); | ||
4475 | - index = 13; | ||
4476 | + xa_mk_value(multi)); | ||
4477 | + XA_BUG_ON(xa, index != multi); | ||
4478 | + index = multi + 1; | ||
4479 | XA_BUG_ON(xa, xa_find(xa, &index, ULONG_MAX, XA_PRESENT) != | ||
4480 | - xa_mk_value(12)); | ||
4481 | - XA_BUG_ON(xa, (index < 12) || (index >= 16)); | ||
4482 | + xa_mk_value(multi)); | ||
4483 | + XA_BUG_ON(xa, (index < multi) || (index >= next)); | ||
4484 | XA_BUG_ON(xa, xa_find_after(xa, &index, ULONG_MAX, XA_PRESENT) != | ||
4485 | - xa_mk_value(16)); | ||
4486 | - XA_BUG_ON(xa, index != 16); | ||
4487 | - | ||
4488 | - xa_erase_index(xa, 12); | ||
4489 | - xa_erase_index(xa, 16); | ||
4490 | + xa_mk_value(next)); | ||
4491 | + XA_BUG_ON(xa, index != next); | ||
4492 | + XA_BUG_ON(xa, xa_find_after(xa, &index, next, XA_PRESENT) != NULL); | ||
4493 | + XA_BUG_ON(xa, index != next); | ||
4494 | + | ||
4495 | + xa_erase_index(xa, multi); | ||
4496 | + xa_erase_index(xa, next); | ||
4497 | + xa_erase_index(xa, next + 1); | ||
4498 | XA_BUG_ON(xa, !xa_empty(xa)); | ||
4499 | #endif | ||
4500 | } | ||
4501 | @@ -1046,12 +1053,33 @@ static noinline void check_find_3(struct xarray *xa) | ||
4502 | xa_destroy(xa); | ||
4503 | } | ||
4504 | |||
4505 | +static noinline void check_find_4(struct xarray *xa) | ||
4506 | +{ | ||
4507 | + unsigned long index = 0; | ||
4508 | + void *entry; | ||
4509 | + | ||
4510 | + xa_store_index(xa, ULONG_MAX, GFP_KERNEL); | ||
4511 | + | ||
4512 | + entry = xa_find_after(xa, &index, ULONG_MAX, XA_PRESENT); | ||
4513 | + XA_BUG_ON(xa, entry != xa_mk_index(ULONG_MAX)); | ||
4514 | + | ||
4515 | + entry = xa_find_after(xa, &index, ULONG_MAX, XA_PRESENT); | ||
4516 | + XA_BUG_ON(xa, entry); | ||
4517 | + | ||
4518 | + xa_erase_index(xa, ULONG_MAX); | ||
4519 | +} | ||
4520 | + | ||
4521 | static noinline void check_find(struct xarray *xa) | ||
4522 | { | ||
4523 | + unsigned i; | ||
4524 | + | ||
4525 | check_find_1(xa); | ||
4526 | check_find_2(xa); | ||
4527 | check_find_3(xa); | ||
4528 | - check_multi_find(xa); | ||
4529 | + check_find_4(xa); | ||
4530 | + | ||
4531 | + for (i = 2; i < 10; i++) | ||
4532 | + check_multi_find_1(xa, i); | ||
4533 | check_multi_find_2(xa); | ||
4534 | } | ||
4535 | |||
4536 | diff --git a/lib/xarray.c b/lib/xarray.c | ||
4537 | index 1237c213f52b..47e17d46e5f8 100644 | ||
4538 | --- a/lib/xarray.c | ||
4539 | +++ b/lib/xarray.c | ||
4540 | @@ -1,7 +1,8 @@ | ||
4541 | // SPDX-License-Identifier: GPL-2.0+ | ||
4542 | /* | ||
4543 | * XArray implementation | ||
4544 | - * Copyright (c) 2017 Microsoft Corporation | ||
4545 | + * Copyright (c) 2017-2018 Microsoft Corporation | ||
4546 | + * Copyright (c) 2018-2020 Oracle | ||
4547 | * Author: Matthew Wilcox <willy@infradead.org> | ||
4548 | */ | ||
4549 | |||
4550 | @@ -1081,6 +1082,8 @@ void *xas_find(struct xa_state *xas, unsigned long max) | ||
4551 | |||
4552 | if (xas_error(xas)) | ||
4553 | return NULL; | ||
4554 | + if (xas->xa_index > max) | ||
4555 | + return set_bounds(xas); | ||
4556 | |||
4557 | if (!xas->xa_node) { | ||
4558 | xas->xa_index = 1; | ||
4559 | @@ -1150,6 +1153,8 @@ void *xas_find_marked(struct xa_state *xas, unsigned long max, xa_mark_t mark) | ||
4560 | |||
4561 | if (xas_error(xas)) | ||
4562 | return NULL; | ||
4563 | + if (xas->xa_index > max) | ||
4564 | + goto max; | ||
4565 | |||
4566 | if (!xas->xa_node) { | ||
4567 | xas->xa_index = 1; | ||
4568 | @@ -1824,6 +1829,17 @@ void *xa_find(struct xarray *xa, unsigned long *indexp, | ||
4569 | } | ||
4570 | EXPORT_SYMBOL(xa_find); | ||
4571 | |||
4572 | +static bool xas_sibling(struct xa_state *xas) | ||
4573 | +{ | ||
4574 | + struct xa_node *node = xas->xa_node; | ||
4575 | + unsigned long mask; | ||
4576 | + | ||
4577 | + if (!node) | ||
4578 | + return false; | ||
4579 | + mask = (XA_CHUNK_SIZE << node->shift) - 1; | ||
4580 | + return (xas->xa_index & mask) > (xas->xa_offset << node->shift); | ||
4581 | +} | ||
4582 | + | ||
4583 | /** | ||
4584 | * xa_find_after() - Search the XArray for a present entry. | ||
4585 | * @xa: XArray. | ||
4586 | @@ -1847,21 +1863,20 @@ void *xa_find_after(struct xarray *xa, unsigned long *indexp, | ||
4587 | XA_STATE(xas, xa, *indexp + 1); | ||
4588 | void *entry; | ||
4589 | |||
4590 | + if (xas.xa_index == 0) | ||
4591 | + return NULL; | ||
4592 | + | ||
4593 | rcu_read_lock(); | ||
4594 | for (;;) { | ||
4595 | if ((__force unsigned int)filter < XA_MAX_MARKS) | ||
4596 | entry = xas_find_marked(&xas, max, filter); | ||
4597 | else | ||
4598 | entry = xas_find(&xas, max); | ||
4599 | - if (xas.xa_node == XAS_BOUNDS) | ||
4600 | + | ||
4601 | + if (xas_invalid(&xas)) | ||
4602 | break; | ||
4603 | - if (xas.xa_shift) { | ||
4604 | - if (xas.xa_index & ((1UL << xas.xa_shift) - 1)) | ||
4605 | - continue; | ||
4606 | - } else { | ||
4607 | - if (xas.xa_offset < (xas.xa_index & XA_CHUNK_MASK)) | ||
4608 | - continue; | ||
4609 | - } | ||
4610 | + if (xas_sibling(&xas)) | ||
4611 | + continue; | ||
4612 | if (!xas_retry(&xas, entry)) | ||
4613 | break; | ||
4614 | } | ||
4615 | diff --git a/net/core/dev.c b/net/core/dev.c | ||
4616 | index 3098c90d60e2..82325d3d1371 100644 | ||
4617 | --- a/net/core/dev.c | ||
4618 | +++ b/net/core/dev.c | ||
4619 | @@ -5270,9 +5270,29 @@ static void flush_all_backlogs(void) | ||
4620 | put_online_cpus(); | ||
4621 | } | ||
4622 | |||
4623 | +/* Pass the currently batched GRO_NORMAL SKBs up to the stack. */ | ||
4624 | +static void gro_normal_list(struct napi_struct *napi) | ||
4625 | +{ | ||
4626 | + if (!napi->rx_count) | ||
4627 | + return; | ||
4628 | + netif_receive_skb_list_internal(&napi->rx_list); | ||
4629 | + INIT_LIST_HEAD(&napi->rx_list); | ||
4630 | + napi->rx_count = 0; | ||
4631 | +} | ||
4632 | + | ||
4633 | +/* Queue one GRO_NORMAL SKB up for list processing. If batch size exceeded, | ||
4634 | + * pass the whole batch up to the stack. | ||
4635 | + */ | ||
4636 | +static void gro_normal_one(struct napi_struct *napi, struct sk_buff *skb) | ||
4637 | +{ | ||
4638 | + list_add_tail(&skb->list, &napi->rx_list); | ||
4639 | + if (++napi->rx_count >= gro_normal_batch) | ||
4640 | + gro_normal_list(napi); | ||
4641 | +} | ||
4642 | + | ||
4643 | INDIRECT_CALLABLE_DECLARE(int inet_gro_complete(struct sk_buff *, int)); | ||
4644 | INDIRECT_CALLABLE_DECLARE(int ipv6_gro_complete(struct sk_buff *, int)); | ||
4645 | -static int napi_gro_complete(struct sk_buff *skb) | ||
4646 | +static int napi_gro_complete(struct napi_struct *napi, struct sk_buff *skb) | ||
4647 | { | ||
4648 | struct packet_offload *ptype; | ||
4649 | __be16 type = skb->protocol; | ||
4650 | @@ -5305,7 +5325,8 @@ static int napi_gro_complete(struct sk_buff *skb) | ||
4651 | } | ||
4652 | |||
4653 | out: | ||
4654 | - return netif_receive_skb_internal(skb); | ||
4655 | + gro_normal_one(napi, skb); | ||
4656 | + return NET_RX_SUCCESS; | ||
4657 | } | ||
4658 | |||
4659 | static void __napi_gro_flush_chain(struct napi_struct *napi, u32 index, | ||
4660 | @@ -5318,7 +5339,7 @@ static void __napi_gro_flush_chain(struct napi_struct *napi, u32 index, | ||
4661 | if (flush_old && NAPI_GRO_CB(skb)->age == jiffies) | ||
4662 | return; | ||
4663 | skb_list_del_init(skb); | ||
4664 | - napi_gro_complete(skb); | ||
4665 | + napi_gro_complete(napi, skb); | ||
4666 | napi->gro_hash[index].count--; | ||
4667 | } | ||
4668 | |||
4669 | @@ -5421,7 +5442,7 @@ static void gro_pull_from_frag0(struct sk_buff *skb, int grow) | ||
4670 | } | ||
4671 | } | ||
4672 | |||
4673 | -static void gro_flush_oldest(struct list_head *head) | ||
4674 | +static void gro_flush_oldest(struct napi_struct *napi, struct list_head *head) | ||
4675 | { | ||
4676 | struct sk_buff *oldest; | ||
4677 | |||
4678 | @@ -5437,7 +5458,7 @@ static void gro_flush_oldest(struct list_head *head) | ||
4679 | * SKB to the chain. | ||
4680 | */ | ||
4681 | skb_list_del_init(oldest); | ||
4682 | - napi_gro_complete(oldest); | ||
4683 | + napi_gro_complete(napi, oldest); | ||
4684 | } | ||
4685 | |||
4686 | INDIRECT_CALLABLE_DECLARE(struct sk_buff *inet_gro_receive(struct list_head *, | ||
4687 | @@ -5513,7 +5534,7 @@ static enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff | ||
4688 | |||
4689 | if (pp) { | ||
4690 | skb_list_del_init(pp); | ||
4691 | - napi_gro_complete(pp); | ||
4692 | + napi_gro_complete(napi, pp); | ||
4693 | napi->gro_hash[hash].count--; | ||
4694 | } | ||
4695 | |||
4696 | @@ -5524,7 +5545,7 @@ static enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff | ||
4697 | goto normal; | ||
4698 | |||
4699 | if (unlikely(napi->gro_hash[hash].count >= MAX_GRO_SKBS)) { | ||
4700 | - gro_flush_oldest(gro_head); | ||
4701 | + gro_flush_oldest(napi, gro_head); | ||
4702 | } else { | ||
4703 | napi->gro_hash[hash].count++; | ||
4704 | } | ||
4705 | @@ -5672,26 +5693,6 @@ struct sk_buff *napi_get_frags(struct napi_struct *napi) | ||
4706 | } | ||
4707 | EXPORT_SYMBOL(napi_get_frags); | ||
4708 | |||
4709 | -/* Pass the currently batched GRO_NORMAL SKBs up to the stack. */ | ||
4710 | -static void gro_normal_list(struct napi_struct *napi) | ||
4711 | -{ | ||
4712 | - if (!napi->rx_count) | ||
4713 | - return; | ||
4714 | - netif_receive_skb_list_internal(&napi->rx_list); | ||
4715 | - INIT_LIST_HEAD(&napi->rx_list); | ||
4716 | - napi->rx_count = 0; | ||
4717 | -} | ||
4718 | - | ||
4719 | -/* Queue one GRO_NORMAL SKB up for list processing. If batch size exceeded, | ||
4720 | - * pass the whole batch up to the stack. | ||
4721 | - */ | ||
4722 | -static void gro_normal_one(struct napi_struct *napi, struct sk_buff *skb) | ||
4723 | -{ | ||
4724 | - list_add_tail(&skb->list, &napi->rx_list); | ||
4725 | - if (++napi->rx_count >= gro_normal_batch) | ||
4726 | - gro_normal_list(napi); | ||
4727 | -} | ||
4728 | - | ||
4729 | static gro_result_t napi_frags_finish(struct napi_struct *napi, | ||
4730 | struct sk_buff *skb, | ||
4731 | gro_result_t ret) | ||
4732 | @@ -5979,8 +5980,6 @@ bool napi_complete_done(struct napi_struct *n, int work_done) | ||
4733 | NAPIF_STATE_IN_BUSY_POLL))) | ||
4734 | return false; | ||
4735 | |||
4736 | - gro_normal_list(n); | ||
4737 | - | ||
4738 | if (n->gro_bitmask) { | ||
4739 | unsigned long timeout = 0; | ||
4740 | |||
4741 | @@ -5996,6 +5995,9 @@ bool napi_complete_done(struct napi_struct *n, int work_done) | ||
4742 | hrtimer_start(&n->timer, ns_to_ktime(timeout), | ||
4743 | HRTIMER_MODE_REL_PINNED); | ||
4744 | } | ||
4745 | + | ||
4746 | + gro_normal_list(n); | ||
4747 | + | ||
4748 | if (unlikely(!list_empty(&n->poll_list))) { | ||
4749 | /* If n->poll_list is not empty, we need to mask irqs */ | ||
4750 | local_irq_save(flags); | ||
4751 | @@ -6327,8 +6329,6 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) | ||
4752 | goto out_unlock; | ||
4753 | } | ||
4754 | |||
4755 | - gro_normal_list(n); | ||
4756 | - | ||
4757 | if (n->gro_bitmask) { | ||
4758 | /* flush too old packets | ||
4759 | * If HZ < 1000, flush all packets. | ||
4760 | @@ -6336,6 +6336,8 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) | ||
4761 | napi_gro_flush(n, HZ >= 1000); | ||
4762 | } | ||
4763 | |||
4764 | + gro_normal_list(n); | ||
4765 | + | ||
4766 | /* Some drivers may have called napi_schedule | ||
4767 | * prior to exhausting their budget. | ||
4768 | */ | ||
4769 | @@ -7973,6 +7975,22 @@ int __dev_set_mtu(struct net_device *dev, int new_mtu) | ||
4770 | } | ||
4771 | EXPORT_SYMBOL(__dev_set_mtu); | ||
4772 | |||
4773 | +int dev_validate_mtu(struct net_device *dev, int new_mtu, | ||
4774 | + struct netlink_ext_ack *extack) | ||
4775 | +{ | ||
4776 | + /* MTU must be positive, and in range */ | ||
4777 | + if (new_mtu < 0 || new_mtu < dev->min_mtu) { | ||
4778 | + NL_SET_ERR_MSG(extack, "mtu less than device minimum"); | ||
4779 | + return -EINVAL; | ||
4780 | + } | ||
4781 | + | ||
4782 | + if (dev->max_mtu > 0 && new_mtu > dev->max_mtu) { | ||
4783 | + NL_SET_ERR_MSG(extack, "mtu greater than device maximum"); | ||
4784 | + return -EINVAL; | ||
4785 | + } | ||
4786 | + return 0; | ||
4787 | +} | ||
4788 | + | ||
4789 | /** | ||
4790 | * dev_set_mtu_ext - Change maximum transfer unit | ||
4791 | * @dev: device | ||
4792 | @@ -7989,16 +8007,9 @@ int dev_set_mtu_ext(struct net_device *dev, int new_mtu, | ||
4793 | if (new_mtu == dev->mtu) | ||
4794 | return 0; | ||
4795 | |||
4796 | - /* MTU must be positive, and in range */ | ||
4797 | - if (new_mtu < 0 || new_mtu < dev->min_mtu) { | ||
4798 | - NL_SET_ERR_MSG(extack, "mtu less than device minimum"); | ||
4799 | - return -EINVAL; | ||
4800 | - } | ||
4801 | - | ||
4802 | - if (dev->max_mtu > 0 && new_mtu > dev->max_mtu) { | ||
4803 | - NL_SET_ERR_MSG(extack, "mtu greater than device maximum"); | ||
4804 | - return -EINVAL; | ||
4805 | - } | ||
4806 | + err = dev_validate_mtu(dev, new_mtu, extack); | ||
4807 | + if (err) | ||
4808 | + return err; | ||
4809 | |||
4810 | if (!netif_device_present(dev)) | ||
4811 | return -ENODEV; | ||
4812 | @@ -9073,8 +9084,10 @@ int register_netdevice(struct net_device *dev) | ||
4813 | goto err_uninit; | ||
4814 | |||
4815 | ret = netdev_register_kobject(dev); | ||
4816 | - if (ret) | ||
4817 | + if (ret) { | ||
4818 | + dev->reg_state = NETREG_UNREGISTERED; | ||
4819 | goto err_uninit; | ||
4820 | + } | ||
4821 | dev->reg_state = NETREG_REGISTERED; | ||
4822 | |||
4823 | __netdev_update_features(dev); | ||
4824 | diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c | ||
4825 | index e4ec575c1fba..944acb1a9f29 100644 | ||
4826 | --- a/net/core/rtnetlink.c | ||
4827 | +++ b/net/core/rtnetlink.c | ||
4828 | @@ -2959,8 +2959,17 @@ struct net_device *rtnl_create_link(struct net *net, const char *ifname, | ||
4829 | dev->rtnl_link_ops = ops; | ||
4830 | dev->rtnl_link_state = RTNL_LINK_INITIALIZING; | ||
4831 | |||
4832 | - if (tb[IFLA_MTU]) | ||
4833 | - dev->mtu = nla_get_u32(tb[IFLA_MTU]); | ||
4834 | + if (tb[IFLA_MTU]) { | ||
4835 | + u32 mtu = nla_get_u32(tb[IFLA_MTU]); | ||
4836 | + int err; | ||
4837 | + | ||
4838 | + err = dev_validate_mtu(dev, mtu, extack); | ||
4839 | + if (err) { | ||
4840 | + free_netdev(dev); | ||
4841 | + return ERR_PTR(err); | ||
4842 | + } | ||
4843 | + dev->mtu = mtu; | ||
4844 | + } | ||
4845 | if (tb[IFLA_ADDRESS]) { | ||
4846 | memcpy(dev->dev_addr, nla_data(tb[IFLA_ADDRESS]), | ||
4847 | nla_len(tb[IFLA_ADDRESS])); | ||
4848 | diff --git a/net/core/skmsg.c b/net/core/skmsg.c | ||
4849 | index 3866d7e20c07..ded2d5227678 100644 | ||
4850 | --- a/net/core/skmsg.c | ||
4851 | +++ b/net/core/skmsg.c | ||
4852 | @@ -594,8 +594,6 @@ EXPORT_SYMBOL_GPL(sk_psock_destroy); | ||
4853 | |||
4854 | void sk_psock_drop(struct sock *sk, struct sk_psock *psock) | ||
4855 | { | ||
4856 | - sock_owned_by_me(sk); | ||
4857 | - | ||
4858 | sk_psock_cork_free(psock); | ||
4859 | sk_psock_zap_ingress(psock); | ||
4860 | |||
4861 | diff --git a/net/hsr/hsr_main.h b/net/hsr/hsr_main.h | ||
4862 | index d40de84a637f..754d84b217f0 100644 | ||
4863 | --- a/net/hsr/hsr_main.h | ||
4864 | +++ b/net/hsr/hsr_main.h | ||
4865 | @@ -191,7 +191,7 @@ void hsr_debugfs_term(struct hsr_priv *priv); | ||
4866 | void hsr_debugfs_create_root(void); | ||
4867 | void hsr_debugfs_remove_root(void); | ||
4868 | #else | ||
4869 | -static inline void void hsr_debugfs_rename(struct net_device *dev) | ||
4870 | +static inline void hsr_debugfs_rename(struct net_device *dev) | ||
4871 | { | ||
4872 | } | ||
4873 | static inline void hsr_debugfs_init(struct hsr_priv *priv, | ||
4874 | diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c | ||
4875 | index 0e4a7cf6bc87..e2e219c7854a 100644 | ||
4876 | --- a/net/ipv4/esp4_offload.c | ||
4877 | +++ b/net/ipv4/esp4_offload.c | ||
4878 | @@ -57,6 +57,8 @@ static struct sk_buff *esp4_gro_receive(struct list_head *head, | ||
4879 | if (!x) | ||
4880 | goto out_reset; | ||
4881 | |||
4882 | + skb->mark = xfrm_smark_get(skb->mark, x); | ||
4883 | + | ||
4884 | sp->xvec[sp->len++] = x; | ||
4885 | sp->olen++; | ||
4886 | |||
4887 | diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c | ||
4888 | index 1ab2fb6bb37d..f12fa8da6127 100644 | ||
4889 | --- a/net/ipv4/fib_trie.c | ||
4890 | +++ b/net/ipv4/fib_trie.c | ||
4891 | @@ -2175,6 +2175,12 @@ int fib_table_dump(struct fib_table *tb, struct sk_buff *skb, | ||
4892 | int count = cb->args[2]; | ||
4893 | t_key key = cb->args[3]; | ||
4894 | |||
4895 | + /* First time here, count and key are both always 0. Count > 0 | ||
4896 | + * and key == 0 means the dump has wrapped around and we are done. | ||
4897 | + */ | ||
4898 | + if (count && !key) | ||
4899 | + return skb->len; | ||
4900 | + | ||
4901 | while ((l = leaf_walk_rcu(&tp, key)) != NULL) { | ||
4902 | int err; | ||
4903 | |||
4904 | diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c | ||
4905 | index 30fa771d382a..dcc79ff54b41 100644 | ||
4906 | --- a/net/ipv4/fou.c | ||
4907 | +++ b/net/ipv4/fou.c | ||
4908 | @@ -662,8 +662,8 @@ static const struct nla_policy fou_nl_policy[FOU_ATTR_MAX + 1] = { | ||
4909 | [FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, }, | ||
4910 | [FOU_ATTR_LOCAL_V4] = { .type = NLA_U32, }, | ||
4911 | [FOU_ATTR_PEER_V4] = { .type = NLA_U32, }, | ||
4912 | - [FOU_ATTR_LOCAL_V6] = { .type = sizeof(struct in6_addr), }, | ||
4913 | - [FOU_ATTR_PEER_V6] = { .type = sizeof(struct in6_addr), }, | ||
4914 | + [FOU_ATTR_LOCAL_V6] = { .len = sizeof(struct in6_addr), }, | ||
4915 | + [FOU_ATTR_PEER_V6] = { .len = sizeof(struct in6_addr), }, | ||
4916 | [FOU_ATTR_PEER_PORT] = { .type = NLA_U16, }, | ||
4917 | [FOU_ATTR_IFINDEX] = { .type = NLA_S32, }, | ||
4918 | }; | ||
4919 | diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c | ||
4920 | index 0fe2a5d3e258..74e1d964a615 100644 | ||
4921 | --- a/net/ipv4/ip_tunnel.c | ||
4922 | +++ b/net/ipv4/ip_tunnel.c | ||
4923 | @@ -1236,10 +1236,8 @@ int ip_tunnel_init(struct net_device *dev) | ||
4924 | iph->version = 4; | ||
4925 | iph->ihl = 5; | ||
4926 | |||
4927 | - if (tunnel->collect_md) { | ||
4928 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
4929 | + if (tunnel->collect_md) | ||
4930 | netif_keep_dst(dev); | ||
4931 | - } | ||
4932 | return 0; | ||
4933 | } | ||
4934 | EXPORT_SYMBOL_GPL(ip_tunnel_init); | ||
4935 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c | ||
4936 | index 84115577d3dc..3640e8563a10 100644 | ||
4937 | --- a/net/ipv4/tcp.c | ||
4938 | +++ b/net/ipv4/tcp.c | ||
4939 | @@ -2520,6 +2520,7 @@ static void tcp_rtx_queue_purge(struct sock *sk) | ||
4940 | { | ||
4941 | struct rb_node *p = rb_first(&sk->tcp_rtx_queue); | ||
4942 | |||
4943 | + tcp_sk(sk)->highest_sack = NULL; | ||
4944 | while (p) { | ||
4945 | struct sk_buff *skb = rb_to_skb(p); | ||
4946 | |||
4947 | diff --git a/net/ipv4/tcp_bbr.c b/net/ipv4/tcp_bbr.c | ||
4948 | index a6545ef0d27b..6c4d79baff26 100644 | ||
4949 | --- a/net/ipv4/tcp_bbr.c | ||
4950 | +++ b/net/ipv4/tcp_bbr.c | ||
4951 | @@ -779,8 +779,7 @@ static void bbr_update_bw(struct sock *sk, const struct rate_sample *rs) | ||
4952 | * bandwidth sample. Delivered is in packets and interval_us in uS and | ||
4953 | * ratio will be <<1 for most connections. So delivered is first scaled. | ||
4954 | */ | ||
4955 | - bw = (u64)rs->delivered * BW_UNIT; | ||
4956 | - do_div(bw, rs->interval_us); | ||
4957 | + bw = div64_long((u64)rs->delivered * BW_UNIT, rs->interval_us); | ||
4958 | |||
4959 | /* If this sample is application-limited, it is likely to have a very | ||
4960 | * low delivered count that represents application behavior rather than | ||
4961 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c | ||
4962 | index 59b78ce2ce2e..6f7155d91313 100644 | ||
4963 | --- a/net/ipv4/tcp_input.c | ||
4964 | +++ b/net/ipv4/tcp_input.c | ||
4965 | @@ -3164,6 +3164,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, u32 prior_fack, | ||
4966 | tp->retransmit_skb_hint = NULL; | ||
4967 | if (unlikely(skb == tp->lost_skb_hint)) | ||
4968 | tp->lost_skb_hint = NULL; | ||
4969 | + tcp_highest_sack_replace(sk, skb, next); | ||
4970 | tcp_rtx_queue_unlink_and_free(skb, sk); | ||
4971 | } | ||
4972 | |||
4973 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c | ||
4974 | index e4ba915c4bb5..660b24fe041e 100644 | ||
4975 | --- a/net/ipv4/tcp_output.c | ||
4976 | +++ b/net/ipv4/tcp_output.c | ||
4977 | @@ -3231,6 +3231,7 @@ int tcp_send_synack(struct sock *sk) | ||
4978 | if (!nskb) | ||
4979 | return -ENOMEM; | ||
4980 | INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor); | ||
4981 | + tcp_highest_sack_replace(sk, skb, nskb); | ||
4982 | tcp_rtx_queue_unlink_and_free(skb, sk); | ||
4983 | __skb_header_release(nskb); | ||
4984 | tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb); | ||
4985 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c | ||
4986 | index 7aa4e77161f6..7ae7065758bd 100644 | ||
4987 | --- a/net/ipv4/udp.c | ||
4988 | +++ b/net/ipv4/udp.c | ||
4989 | @@ -1368,7 +1368,8 @@ static void udp_rmem_release(struct sock *sk, int size, int partial, | ||
4990 | if (likely(partial)) { | ||
4991 | up->forward_deficit += size; | ||
4992 | size = up->forward_deficit; | ||
4993 | - if (size < (sk->sk_rcvbuf >> 2)) | ||
4994 | + if (size < (sk->sk_rcvbuf >> 2) && | ||
4995 | + !skb_queue_empty(&up->reader_queue)) | ||
4996 | return; | ||
4997 | } else { | ||
4998 | size += up->forward_deficit; | ||
4999 | diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c | ||
5000 | index e31626ffccd1..fd535053245b 100644 | ||
5001 | --- a/net/ipv6/esp6_offload.c | ||
5002 | +++ b/net/ipv6/esp6_offload.c | ||
5003 | @@ -79,6 +79,8 @@ static struct sk_buff *esp6_gro_receive(struct list_head *head, | ||
5004 | if (!x) | ||
5005 | goto out_reset; | ||
5006 | |||
5007 | + skb->mark = xfrm_smark_get(skb->mark, x); | ||
5008 | + | ||
5009 | sp->xvec[sp->len++] = x; | ||
5010 | sp->olen++; | ||
5011 | |||
5012 | diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c | ||
5013 | index 189de56f5e36..9ec05a1df5e1 100644 | ||
5014 | --- a/net/ipv6/ip6_gre.c | ||
5015 | +++ b/net/ipv6/ip6_gre.c | ||
5016 | @@ -1466,7 +1466,6 @@ static int ip6gre_tunnel_init_common(struct net_device *dev) | ||
5017 | dev->mtu -= 8; | ||
5018 | |||
5019 | if (tunnel->parms.collect_md) { | ||
5020 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
5021 | netif_keep_dst(dev); | ||
5022 | } | ||
5023 | ip6gre_tnl_init_features(dev); | ||
5024 | @@ -1894,7 +1893,6 @@ static void ip6gre_tap_setup(struct net_device *dev) | ||
5025 | dev->needs_free_netdev = true; | ||
5026 | dev->priv_destructor = ip6gre_dev_free; | ||
5027 | |||
5028 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
5029 | dev->priv_flags &= ~IFF_TX_SKB_SHARING; | ||
5030 | dev->priv_flags |= IFF_LIVE_ADDR_CHANGE; | ||
5031 | netif_keep_dst(dev); | ||
5032 | @@ -2197,7 +2195,6 @@ static void ip6erspan_tap_setup(struct net_device *dev) | ||
5033 | dev->needs_free_netdev = true; | ||
5034 | dev->priv_destructor = ip6gre_dev_free; | ||
5035 | |||
5036 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
5037 | dev->priv_flags &= ~IFF_TX_SKB_SHARING; | ||
5038 | dev->priv_flags |= IFF_LIVE_ADDR_CHANGE; | ||
5039 | netif_keep_dst(dev); | ||
5040 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c | ||
5041 | index 2f376dbc37d5..b5dd20c4599b 100644 | ||
5042 | --- a/net/ipv6/ip6_tunnel.c | ||
5043 | +++ b/net/ipv6/ip6_tunnel.c | ||
5044 | @@ -1877,10 +1877,8 @@ static int ip6_tnl_dev_init(struct net_device *dev) | ||
5045 | if (err) | ||
5046 | return err; | ||
5047 | ip6_tnl_link_config(t); | ||
5048 | - if (t->parms.collect_md) { | ||
5049 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
5050 | + if (t->parms.collect_md) | ||
5051 | netif_keep_dst(dev); | ||
5052 | - } | ||
5053 | return 0; | ||
5054 | } | ||
5055 | |||
5056 | diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c | ||
5057 | index e70567446f28..802eebf8ac4b 100644 | ||
5058 | --- a/net/ipv6/seg6_local.c | ||
5059 | +++ b/net/ipv6/seg6_local.c | ||
5060 | @@ -23,6 +23,7 @@ | ||
5061 | #include <net/addrconf.h> | ||
5062 | #include <net/ip6_route.h> | ||
5063 | #include <net/dst_cache.h> | ||
5064 | +#include <net/ip_tunnels.h> | ||
5065 | #ifdef CONFIG_IPV6_SEG6_HMAC | ||
5066 | #include <net/seg6_hmac.h> | ||
5067 | #endif | ||
5068 | @@ -135,7 +136,8 @@ static bool decap_and_validate(struct sk_buff *skb, int proto) | ||
5069 | |||
5070 | skb_reset_network_header(skb); | ||
5071 | skb_reset_transport_header(skb); | ||
5072 | - skb->encapsulation = 0; | ||
5073 | + if (iptunnel_pull_offloads(skb)) | ||
5074 | + return false; | ||
5075 | |||
5076 | return true; | ||
5077 | } | ||
5078 | diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h | ||
5079 | index e1f271a1b2c1..bfd4b42ba305 100644 | ||
5080 | --- a/net/netfilter/ipset/ip_set_bitmap_gen.h | ||
5081 | +++ b/net/netfilter/ipset/ip_set_bitmap_gen.h | ||
5082 | @@ -75,7 +75,7 @@ mtype_flush(struct ip_set *set) | ||
5083 | |||
5084 | if (set->extensions & IPSET_EXT_DESTROY) | ||
5085 | mtype_ext_cleanup(set); | ||
5086 | - memset(map->members, 0, map->memsize); | ||
5087 | + bitmap_zero(map->members, map->elements); | ||
5088 | set->elements = 0; | ||
5089 | set->ext_size = 0; | ||
5090 | } | ||
5091 | diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c | ||
5092 | index 11ff9d4a7006..d934384f31ad 100644 | ||
5093 | --- a/net/netfilter/ipset/ip_set_bitmap_ip.c | ||
5094 | +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c | ||
5095 | @@ -37,7 +37,7 @@ MODULE_ALIAS("ip_set_bitmap:ip"); | ||
5096 | |||
5097 | /* Type structure */ | ||
5098 | struct bitmap_ip { | ||
5099 | - void *members; /* the set members */ | ||
5100 | + unsigned long *members; /* the set members */ | ||
5101 | u32 first_ip; /* host byte order, included in range */ | ||
5102 | u32 last_ip; /* host byte order, included in range */ | ||
5103 | u32 elements; /* number of max elements in the set */ | ||
5104 | @@ -220,7 +220,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, | ||
5105 | u32 first_ip, u32 last_ip, | ||
5106 | u32 elements, u32 hosts, u8 netmask) | ||
5107 | { | ||
5108 | - map->members = ip_set_alloc(map->memsize); | ||
5109 | + map->members = bitmap_zalloc(elements, GFP_KERNEL | __GFP_NOWARN); | ||
5110 | if (!map->members) | ||
5111 | return false; | ||
5112 | map->first_ip = first_ip; | ||
5113 | @@ -310,7 +310,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], | ||
5114 | if (!map) | ||
5115 | return -ENOMEM; | ||
5116 | |||
5117 | - map->memsize = bitmap_bytes(0, elements - 1); | ||
5118 | + map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); | ||
5119 | set->variant = &bitmap_ip; | ||
5120 | if (!init_map_ip(set, map, first_ip, last_ip, | ||
5121 | elements, hosts, netmask)) { | ||
5122 | diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | ||
5123 | index 1d4e63326e68..e8532783b43a 100644 | ||
5124 | --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c | ||
5125 | +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | ||
5126 | @@ -42,7 +42,7 @@ enum { | ||
5127 | |||
5128 | /* Type structure */ | ||
5129 | struct bitmap_ipmac { | ||
5130 | - void *members; /* the set members */ | ||
5131 | + unsigned long *members; /* the set members */ | ||
5132 | u32 first_ip; /* host byte order, included in range */ | ||
5133 | u32 last_ip; /* host byte order, included in range */ | ||
5134 | u32 elements; /* number of max elements in the set */ | ||
5135 | @@ -299,7 +299,7 @@ static bool | ||
5136 | init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, | ||
5137 | u32 first_ip, u32 last_ip, u32 elements) | ||
5138 | { | ||
5139 | - map->members = ip_set_alloc(map->memsize); | ||
5140 | + map->members = bitmap_zalloc(elements, GFP_KERNEL | __GFP_NOWARN); | ||
5141 | if (!map->members) | ||
5142 | return false; | ||
5143 | map->first_ip = first_ip; | ||
5144 | @@ -360,7 +360,7 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[], | ||
5145 | if (!map) | ||
5146 | return -ENOMEM; | ||
5147 | |||
5148 | - map->memsize = bitmap_bytes(0, elements - 1); | ||
5149 | + map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); | ||
5150 | set->variant = &bitmap_ipmac; | ||
5151 | if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | ||
5152 | kfree(map); | ||
5153 | diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c | ||
5154 | index 704a0dda1609..e3ac914fff1a 100644 | ||
5155 | --- a/net/netfilter/ipset/ip_set_bitmap_port.c | ||
5156 | +++ b/net/netfilter/ipset/ip_set_bitmap_port.c | ||
5157 | @@ -30,7 +30,7 @@ MODULE_ALIAS("ip_set_bitmap:port"); | ||
5158 | |||
5159 | /* Type structure */ | ||
5160 | struct bitmap_port { | ||
5161 | - void *members; /* the set members */ | ||
5162 | + unsigned long *members; /* the set members */ | ||
5163 | u16 first_port; /* host byte order, included in range */ | ||
5164 | u16 last_port; /* host byte order, included in range */ | ||
5165 | u32 elements; /* number of max elements in the set */ | ||
5166 | @@ -204,7 +204,7 @@ static bool | ||
5167 | init_map_port(struct ip_set *set, struct bitmap_port *map, | ||
5168 | u16 first_port, u16 last_port) | ||
5169 | { | ||
5170 | - map->members = ip_set_alloc(map->memsize); | ||
5171 | + map->members = bitmap_zalloc(map->elements, GFP_KERNEL | __GFP_NOWARN); | ||
5172 | if (!map->members) | ||
5173 | return false; | ||
5174 | map->first_port = first_port; | ||
5175 | @@ -244,7 +244,7 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[], | ||
5176 | return -ENOMEM; | ||
5177 | |||
5178 | map->elements = elements; | ||
5179 | - map->memsize = bitmap_bytes(0, map->elements); | ||
5180 | + map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); | ||
5181 | set->variant = &bitmap_port; | ||
5182 | if (!init_map_port(set, map, first_port, last_port)) { | ||
5183 | kfree(map); | ||
5184 | diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c | ||
5185 | index 9fefd0150091..23544842b692 100644 | ||
5186 | --- a/net/netfilter/nf_tables_api.c | ||
5187 | +++ b/net/netfilter/nf_tables_api.c | ||
5188 | @@ -488,48 +488,71 @@ static inline u64 nf_tables_alloc_handle(struct nft_table *table) | ||
5189 | |||
5190 | static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; | ||
5191 | |||
5192 | +static const struct nft_chain_type * | ||
5193 | +__nft_chain_type_get(u8 family, enum nft_chain_types type) | ||
5194 | +{ | ||
5195 | + if (family >= NFPROTO_NUMPROTO || | ||
5196 | + type >= NFT_CHAIN_T_MAX) | ||
5197 | + return NULL; | ||
5198 | + | ||
5199 | + return chain_type[family][type]; | ||
5200 | +} | ||
5201 | + | ||
5202 | static const struct nft_chain_type * | ||
5203 | __nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family) | ||
5204 | { | ||
5205 | + const struct nft_chain_type *type; | ||
5206 | int i; | ||
5207 | |||
5208 | for (i = 0; i < NFT_CHAIN_T_MAX; i++) { | ||
5209 | - if (chain_type[family][i] != NULL && | ||
5210 | - !nla_strcmp(nla, chain_type[family][i]->name)) | ||
5211 | - return chain_type[family][i]; | ||
5212 | + type = __nft_chain_type_get(family, i); | ||
5213 | + if (!type) | ||
5214 | + continue; | ||
5215 | + if (!nla_strcmp(nla, type->name)) | ||
5216 | + return type; | ||
5217 | } | ||
5218 | return NULL; | ||
5219 | } | ||
5220 | |||
5221 | -/* | ||
5222 | - * Loading a module requires dropping mutex that guards the transaction. | ||
5223 | - * A different client might race to start a new transaction meanwhile. Zap the | ||
5224 | - * list of pending transaction and then restore it once the mutex is grabbed | ||
5225 | - * again. Users of this function return EAGAIN which implicitly triggers the | ||
5226 | - * transaction abort path to clean up the list of pending transactions. | ||
5227 | - */ | ||
5228 | +struct nft_module_request { | ||
5229 | + struct list_head list; | ||
5230 | + char module[MODULE_NAME_LEN]; | ||
5231 | + bool done; | ||
5232 | +}; | ||
5233 | + | ||
5234 | #ifdef CONFIG_MODULES | ||
5235 | -static void nft_request_module(struct net *net, const char *fmt, ...) | ||
5236 | +static int nft_request_module(struct net *net, const char *fmt, ...) | ||
5237 | { | ||
5238 | char module_name[MODULE_NAME_LEN]; | ||
5239 | - LIST_HEAD(commit_list); | ||
5240 | + struct nft_module_request *req; | ||
5241 | va_list args; | ||
5242 | int ret; | ||
5243 | |||
5244 | - list_splice_init(&net->nft.commit_list, &commit_list); | ||
5245 | - | ||
5246 | va_start(args, fmt); | ||
5247 | ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); | ||
5248 | va_end(args); | ||
5249 | if (ret >= MODULE_NAME_LEN) | ||
5250 | - return; | ||
5251 | + return 0; | ||
5252 | |||
5253 | - mutex_unlock(&net->nft.commit_mutex); | ||
5254 | - request_module("%s", module_name); | ||
5255 | - mutex_lock(&net->nft.commit_mutex); | ||
5256 | + list_for_each_entry(req, &net->nft.module_list, list) { | ||
5257 | + if (!strcmp(req->module, module_name)) { | ||
5258 | + if (req->done) | ||
5259 | + return 0; | ||
5260 | |||
5261 | - WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); | ||
5262 | - list_splice(&commit_list, &net->nft.commit_list); | ||
5263 | + /* A request to load this module already exists. */ | ||
5264 | + return -EAGAIN; | ||
5265 | + } | ||
5266 | + } | ||
5267 | + | ||
5268 | + req = kmalloc(sizeof(*req), GFP_KERNEL); | ||
5269 | + if (!req) | ||
5270 | + return -ENOMEM; | ||
5271 | + | ||
5272 | + req->done = false; | ||
5273 | + strlcpy(req->module, module_name, MODULE_NAME_LEN); | ||
5274 | + list_add_tail(&req->list, &net->nft.module_list); | ||
5275 | + | ||
5276 | + return -EAGAIN; | ||
5277 | } | ||
5278 | #endif | ||
5279 | |||
5280 | @@ -553,10 +576,9 @@ nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla, | ||
5281 | lockdep_nfnl_nft_mutex_not_held(); | ||
5282 | #ifdef CONFIG_MODULES | ||
5283 | if (autoload) { | ||
5284 | - nft_request_module(net, "nft-chain-%u-%.*s", family, | ||
5285 | - nla_len(nla), (const char *)nla_data(nla)); | ||
5286 | - type = __nf_tables_chain_type_lookup(nla, family); | ||
5287 | - if (type != NULL) | ||
5288 | + if (nft_request_module(net, "nft-chain-%u-%.*s", family, | ||
5289 | + nla_len(nla), | ||
5290 | + (const char *)nla_data(nla)) == -EAGAIN) | ||
5291 | return ERR_PTR(-EAGAIN); | ||
5292 | } | ||
5293 | #endif | ||
5294 | @@ -1095,11 +1117,8 @@ static void nf_tables_table_destroy(struct nft_ctx *ctx) | ||
5295 | |||
5296 | void nft_register_chain_type(const struct nft_chain_type *ctype) | ||
5297 | { | ||
5298 | - if (WARN_ON(ctype->family >= NFPROTO_NUMPROTO)) | ||
5299 | - return; | ||
5300 | - | ||
5301 | nfnl_lock(NFNL_SUBSYS_NFTABLES); | ||
5302 | - if (WARN_ON(chain_type[ctype->family][ctype->type] != NULL)) { | ||
5303 | + if (WARN_ON(__nft_chain_type_get(ctype->family, ctype->type))) { | ||
5304 | nfnl_unlock(NFNL_SUBSYS_NFTABLES); | ||
5305 | return; | ||
5306 | } | ||
5307 | @@ -1551,7 +1570,10 @@ static int nft_chain_parse_hook(struct net *net, | ||
5308 | hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); | ||
5309 | hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); | ||
5310 | |||
5311 | - type = chain_type[family][NFT_CHAIN_T_DEFAULT]; | ||
5312 | + type = __nft_chain_type_get(family, NFT_CHAIN_T_DEFAULT); | ||
5313 | + if (!type) | ||
5314 | + return -EOPNOTSUPP; | ||
5315 | + | ||
5316 | if (nla[NFTA_CHAIN_TYPE]) { | ||
5317 | type = nf_tables_chain_type_lookup(net, nla[NFTA_CHAIN_TYPE], | ||
5318 | family, autoload); | ||
5319 | @@ -2060,9 +2082,8 @@ static const struct nft_expr_type *__nft_expr_type_get(u8 family, | ||
5320 | static int nft_expr_type_request_module(struct net *net, u8 family, | ||
5321 | struct nlattr *nla) | ||
5322 | { | ||
5323 | - nft_request_module(net, "nft-expr-%u-%.*s", family, | ||
5324 | - nla_len(nla), (char *)nla_data(nla)); | ||
5325 | - if (__nft_expr_type_get(family, nla)) | ||
5326 | + if (nft_request_module(net, "nft-expr-%u-%.*s", family, | ||
5327 | + nla_len(nla), (char *)nla_data(nla)) == -EAGAIN) | ||
5328 | return -EAGAIN; | ||
5329 | |||
5330 | return 0; | ||
5331 | @@ -2088,9 +2109,9 @@ static const struct nft_expr_type *nft_expr_type_get(struct net *net, | ||
5332 | if (nft_expr_type_request_module(net, family, nla) == -EAGAIN) | ||
5333 | return ERR_PTR(-EAGAIN); | ||
5334 | |||
5335 | - nft_request_module(net, "nft-expr-%.*s", | ||
5336 | - nla_len(nla), (char *)nla_data(nla)); | ||
5337 | - if (__nft_expr_type_get(family, nla)) | ||
5338 | + if (nft_request_module(net, "nft-expr-%.*s", | ||
5339 | + nla_len(nla), | ||
5340 | + (char *)nla_data(nla)) == -EAGAIN) | ||
5341 | return ERR_PTR(-EAGAIN); | ||
5342 | } | ||
5343 | #endif | ||
5344 | @@ -2181,9 +2202,10 @@ static int nf_tables_expr_parse(const struct nft_ctx *ctx, | ||
5345 | err = PTR_ERR(ops); | ||
5346 | #ifdef CONFIG_MODULES | ||
5347 | if (err == -EAGAIN) | ||
5348 | - nft_expr_type_request_module(ctx->net, | ||
5349 | - ctx->family, | ||
5350 | - tb[NFTA_EXPR_NAME]); | ||
5351 | + if (nft_expr_type_request_module(ctx->net, | ||
5352 | + ctx->family, | ||
5353 | + tb[NFTA_EXPR_NAME]) != -EAGAIN) | ||
5354 | + err = -ENOENT; | ||
5355 | #endif | ||
5356 | goto err1; | ||
5357 | } | ||
5358 | @@ -3020,8 +3042,7 @@ nft_select_set_ops(const struct nft_ctx *ctx, | ||
5359 | lockdep_nfnl_nft_mutex_not_held(); | ||
5360 | #ifdef CONFIG_MODULES | ||
5361 | if (list_empty(&nf_tables_set_types)) { | ||
5362 | - nft_request_module(ctx->net, "nft-set"); | ||
5363 | - if (!list_empty(&nf_tables_set_types)) | ||
5364 | + if (nft_request_module(ctx->net, "nft-set") == -EAGAIN) | ||
5365 | return ERR_PTR(-EAGAIN); | ||
5366 | } | ||
5367 | #endif | ||
5368 | @@ -5147,8 +5168,7 @@ nft_obj_type_get(struct net *net, u32 objtype) | ||
5369 | lockdep_nfnl_nft_mutex_not_held(); | ||
5370 | #ifdef CONFIG_MODULES | ||
5371 | if (type == NULL) { | ||
5372 | - nft_request_module(net, "nft-obj-%u", objtype); | ||
5373 | - if (__nft_obj_type_get(objtype)) | ||
5374 | + if (nft_request_module(net, "nft-obj-%u", objtype) == -EAGAIN) | ||
5375 | return ERR_PTR(-EAGAIN); | ||
5376 | } | ||
5377 | #endif | ||
5378 | @@ -5764,8 +5784,7 @@ nft_flowtable_type_get(struct net *net, u8 family) | ||
5379 | lockdep_nfnl_nft_mutex_not_held(); | ||
5380 | #ifdef CONFIG_MODULES | ||
5381 | if (type == NULL) { | ||
5382 | - nft_request_module(net, "nf-flowtable-%u", family); | ||
5383 | - if (__nft_flowtable_type_get(family)) | ||
5384 | + if (nft_request_module(net, "nf-flowtable-%u", family) == -EAGAIN) | ||
5385 | return ERR_PTR(-EAGAIN); | ||
5386 | } | ||
5387 | #endif | ||
5388 | @@ -6712,6 +6731,18 @@ static void nft_chain_del(struct nft_chain *chain) | ||
5389 | list_del_rcu(&chain->list); | ||
5390 | } | ||
5391 | |||
5392 | +static void nf_tables_module_autoload_cleanup(struct net *net) | ||
5393 | +{ | ||
5394 | + struct nft_module_request *req, *next; | ||
5395 | + | ||
5396 | + WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); | ||
5397 | + list_for_each_entry_safe(req, next, &net->nft.module_list, list) { | ||
5398 | + WARN_ON_ONCE(!req->done); | ||
5399 | + list_del(&req->list); | ||
5400 | + kfree(req); | ||
5401 | + } | ||
5402 | +} | ||
5403 | + | ||
5404 | static void nf_tables_commit_release(struct net *net) | ||
5405 | { | ||
5406 | struct nft_trans *trans; | ||
5407 | @@ -6724,6 +6755,7 @@ static void nf_tables_commit_release(struct net *net) | ||
5408 | * to prevent expensive synchronize_rcu() in commit phase. | ||
5409 | */ | ||
5410 | if (list_empty(&net->nft.commit_list)) { | ||
5411 | + nf_tables_module_autoload_cleanup(net); | ||
5412 | mutex_unlock(&net->nft.commit_mutex); | ||
5413 | return; | ||
5414 | } | ||
5415 | @@ -6738,6 +6770,7 @@ static void nf_tables_commit_release(struct net *net) | ||
5416 | list_splice_tail_init(&net->nft.commit_list, &nf_tables_destroy_list); | ||
5417 | spin_unlock(&nf_tables_destroy_list_lock); | ||
5418 | |||
5419 | + nf_tables_module_autoload_cleanup(net); | ||
5420 | mutex_unlock(&net->nft.commit_mutex); | ||
5421 | |||
5422 | schedule_work(&trans_destroy_work); | ||
5423 | @@ -6929,6 +6962,26 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) | ||
5424 | return 0; | ||
5425 | } | ||
5426 | |||
5427 | +static void nf_tables_module_autoload(struct net *net) | ||
5428 | +{ | ||
5429 | + struct nft_module_request *req, *next; | ||
5430 | + LIST_HEAD(module_list); | ||
5431 | + | ||
5432 | + list_splice_init(&net->nft.module_list, &module_list); | ||
5433 | + mutex_unlock(&net->nft.commit_mutex); | ||
5434 | + list_for_each_entry_safe(req, next, &module_list, list) { | ||
5435 | + if (req->done) { | ||
5436 | + list_del(&req->list); | ||
5437 | + kfree(req); | ||
5438 | + } else { | ||
5439 | + request_module("%s", req->module); | ||
5440 | + req->done = true; | ||
5441 | + } | ||
5442 | + } | ||
5443 | + mutex_lock(&net->nft.commit_mutex); | ||
5444 | + list_splice(&module_list, &net->nft.module_list); | ||
5445 | +} | ||
5446 | + | ||
5447 | static void nf_tables_abort_release(struct nft_trans *trans) | ||
5448 | { | ||
5449 | switch (trans->msg_type) { | ||
5450 | @@ -6958,7 +7011,7 @@ static void nf_tables_abort_release(struct nft_trans *trans) | ||
5451 | kfree(trans); | ||
5452 | } | ||
5453 | |||
5454 | -static int __nf_tables_abort(struct net *net) | ||
5455 | +static int __nf_tables_abort(struct net *net, bool autoload) | ||
5456 | { | ||
5457 | struct nft_trans *trans, *next; | ||
5458 | struct nft_trans_elem *te; | ||
5459 | @@ -7080,6 +7133,11 @@ static int __nf_tables_abort(struct net *net) | ||
5460 | nf_tables_abort_release(trans); | ||
5461 | } | ||
5462 | |||
5463 | + if (autoload) | ||
5464 | + nf_tables_module_autoload(net); | ||
5465 | + else | ||
5466 | + nf_tables_module_autoload_cleanup(net); | ||
5467 | + | ||
5468 | return 0; | ||
5469 | } | ||
5470 | |||
5471 | @@ -7088,9 +7146,9 @@ static void nf_tables_cleanup(struct net *net) | ||
5472 | nft_validate_state_update(net, NFT_VALIDATE_SKIP); | ||
5473 | } | ||
5474 | |||
5475 | -static int nf_tables_abort(struct net *net, struct sk_buff *skb) | ||
5476 | +static int nf_tables_abort(struct net *net, struct sk_buff *skb, bool autoload) | ||
5477 | { | ||
5478 | - int ret = __nf_tables_abort(net); | ||
5479 | + int ret = __nf_tables_abort(net, autoload); | ||
5480 | |||
5481 | mutex_unlock(&net->nft.commit_mutex); | ||
5482 | |||
5483 | @@ -7685,6 +7743,7 @@ static int __net_init nf_tables_init_net(struct net *net) | ||
5484 | { | ||
5485 | INIT_LIST_HEAD(&net->nft.tables); | ||
5486 | INIT_LIST_HEAD(&net->nft.commit_list); | ||
5487 | + INIT_LIST_HEAD(&net->nft.module_list); | ||
5488 | mutex_init(&net->nft.commit_mutex); | ||
5489 | net->nft.base_seq = 1; | ||
5490 | net->nft.validate_state = NFT_VALIDATE_SKIP; | ||
5491 | @@ -7696,7 +7755,7 @@ static void __net_exit nf_tables_exit_net(struct net *net) | ||
5492 | { | ||
5493 | mutex_lock(&net->nft.commit_mutex); | ||
5494 | if (!list_empty(&net->nft.commit_list)) | ||
5495 | - __nf_tables_abort(net); | ||
5496 | + __nf_tables_abort(net, false); | ||
5497 | __nft_release_tables(net); | ||
5498 | mutex_unlock(&net->nft.commit_mutex); | ||
5499 | WARN_ON_ONCE(!list_empty(&net->nft.tables)); | ||
5500 | diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c | ||
5501 | index 4abbb452cf6c..99127e2d95a8 100644 | ||
5502 | --- a/net/netfilter/nfnetlink.c | ||
5503 | +++ b/net/netfilter/nfnetlink.c | ||
5504 | @@ -476,7 +476,7 @@ ack: | ||
5505 | } | ||
5506 | done: | ||
5507 | if (status & NFNL_BATCH_REPLAY) { | ||
5508 | - ss->abort(net, oskb); | ||
5509 | + ss->abort(net, oskb, true); | ||
5510 | nfnl_err_reset(&err_list); | ||
5511 | kfree_skb(skb); | ||
5512 | module_put(ss->owner); | ||
5513 | @@ -487,11 +487,11 @@ done: | ||
5514 | status |= NFNL_BATCH_REPLAY; | ||
5515 | goto done; | ||
5516 | } else if (err) { | ||
5517 | - ss->abort(net, oskb); | ||
5518 | + ss->abort(net, oskb, false); | ||
5519 | netlink_ack(oskb, nlmsg_hdr(oskb), err, NULL); | ||
5520 | } | ||
5521 | } else { | ||
5522 | - ss->abort(net, oskb); | ||
5523 | + ss->abort(net, oskb, false); | ||
5524 | } | ||
5525 | if (ss->cleanup) | ||
5526 | ss->cleanup(net); | ||
5527 | diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c | ||
5528 | index f54d6ae15bb1..b42247aa48a9 100644 | ||
5529 | --- a/net/netfilter/nft_osf.c | ||
5530 | +++ b/net/netfilter/nft_osf.c | ||
5531 | @@ -61,6 +61,9 @@ static int nft_osf_init(const struct nft_ctx *ctx, | ||
5532 | int err; | ||
5533 | u8 ttl; | ||
5534 | |||
5535 | + if (!tb[NFTA_OSF_DREG]) | ||
5536 | + return -EINVAL; | ||
5537 | + | ||
5538 | if (tb[NFTA_OSF_TTL]) { | ||
5539 | ttl = nla_get_u8(tb[NFTA_OSF_TTL]); | ||
5540 | if (ttl > 2) | ||
5541 | diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c | ||
5542 | index 76e0d122616a..c2cdd0fc2e70 100644 | ||
5543 | --- a/net/sched/cls_api.c | ||
5544 | +++ b/net/sched/cls_api.c | ||
5545 | @@ -2055,9 +2055,8 @@ replay: | ||
5546 | &chain_info)); | ||
5547 | |||
5548 | mutex_unlock(&chain->filter_chain_lock); | ||
5549 | - tp_new = tcf_proto_create(nla_data(tca[TCA_KIND]), | ||
5550 | - protocol, prio, chain, rtnl_held, | ||
5551 | - extack); | ||
5552 | + tp_new = tcf_proto_create(name, protocol, prio, chain, | ||
5553 | + rtnl_held, extack); | ||
5554 | if (IS_ERR(tp_new)) { | ||
5555 | err = PTR_ERR(tp_new); | ||
5556 | goto errout_tp; | ||
5557 | diff --git a/net/sched/ematch.c b/net/sched/ematch.c | ||
5558 | index 8f2ad706784d..d0140a92694a 100644 | ||
5559 | --- a/net/sched/ematch.c | ||
5560 | +++ b/net/sched/ematch.c | ||
5561 | @@ -263,12 +263,12 @@ static int tcf_em_validate(struct tcf_proto *tp, | ||
5562 | } | ||
5563 | em->data = (unsigned long) v; | ||
5564 | } | ||
5565 | + em->datalen = data_len; | ||
5566 | } | ||
5567 | } | ||
5568 | |||
5569 | em->matchid = em_hdr->matchid; | ||
5570 | em->flags = em_hdr->flags; | ||
5571 | - em->datalen = data_len; | ||
5572 | em->net = net; | ||
5573 | |||
5574 | err = 0; | ||
5575 | diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c | ||
5576 | index a80920f261ca..41e9c2932b34 100644 | ||
5577 | --- a/net/tls/tls_sw.c | ||
5578 | +++ b/net/tls/tls_sw.c | ||
5579 | @@ -793,7 +793,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, | ||
5580 | psock = sk_psock_get(sk); | ||
5581 | if (!psock || !policy) { | ||
5582 | err = tls_push_record(sk, flags, record_type); | ||
5583 | - if (err) { | ||
5584 | + if (err && err != -EINPROGRESS) { | ||
5585 | *copied -= sk_msg_free(sk, msg); | ||
5586 | tls_free_open_rec(sk); | ||
5587 | } | ||
5588 | @@ -819,7 +819,7 @@ more_data: | ||
5589 | switch (psock->eval) { | ||
5590 | case __SK_PASS: | ||
5591 | err = tls_push_record(sk, flags, record_type); | ||
5592 | - if (err < 0) { | ||
5593 | + if (err && err != -EINPROGRESS) { | ||
5594 | *copied -= sk_msg_free(sk, msg); | ||
5595 | tls_free_open_rec(sk); | ||
5596 | goto out_err; | ||
5597 | diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c | ||
5598 | index 6aee9f5e8e71..256f3e97d1f3 100644 | ||
5599 | --- a/net/x25/af_x25.c | ||
5600 | +++ b/net/x25/af_x25.c | ||
5601 | @@ -760,6 +760,10 @@ static int x25_connect(struct socket *sock, struct sockaddr *uaddr, | ||
5602 | if (sk->sk_state == TCP_ESTABLISHED) | ||
5603 | goto out; | ||
5604 | |||
5605 | + rc = -EALREADY; /* Do nothing if call is already in progress */ | ||
5606 | + if (sk->sk_state == TCP_SYN_SENT) | ||
5607 | + goto out; | ||
5608 | + | ||
5609 | sk->sk_state = TCP_CLOSE; | ||
5610 | sock->state = SS_UNCONNECTED; | ||
5611 | |||
5612 | @@ -806,7 +810,7 @@ static int x25_connect(struct socket *sock, struct sockaddr *uaddr, | ||
5613 | /* Now the loop */ | ||
5614 | rc = -EINPROGRESS; | ||
5615 | if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) | ||
5616 | - goto out_put_neigh; | ||
5617 | + goto out; | ||
5618 | |||
5619 | rc = x25_wait_for_connection_establishment(sk); | ||
5620 | if (rc) | ||
5621 | diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c | ||
5622 | index 612268eabef4..7225107a9aaf 100644 | ||
5623 | --- a/scripts/recordmcount.c | ||
5624 | +++ b/scripts/recordmcount.c | ||
5625 | @@ -38,6 +38,10 @@ | ||
5626 | #define R_AARCH64_ABS64 257 | ||
5627 | #endif | ||
5628 | |||
5629 | +#define R_ARM_PC24 1 | ||
5630 | +#define R_ARM_THM_CALL 10 | ||
5631 | +#define R_ARM_CALL 28 | ||
5632 | + | ||
5633 | static int fd_map; /* File descriptor for file being modified. */ | ||
5634 | static int mmap_failed; /* Boolean flag. */ | ||
5635 | static char gpfx; /* prefix for global symbol name (sometimes '_') */ | ||
5636 | @@ -418,6 +422,18 @@ static char const *already_has_rel_mcount = "success"; /* our work here is done! | ||
5637 | #define RECORD_MCOUNT_64 | ||
5638 | #include "recordmcount.h" | ||
5639 | |||
5640 | +static int arm_is_fake_mcount(Elf32_Rel const *rp) | ||
5641 | +{ | ||
5642 | + switch (ELF32_R_TYPE(w(rp->r_info))) { | ||
5643 | + case R_ARM_THM_CALL: | ||
5644 | + case R_ARM_CALL: | ||
5645 | + case R_ARM_PC24: | ||
5646 | + return 0; | ||
5647 | + } | ||
5648 | + | ||
5649 | + return 1; | ||
5650 | +} | ||
5651 | + | ||
5652 | /* 64-bit EM_MIPS has weird ELF64_Rela.r_info. | ||
5653 | * http://techpubs.sgi.com/library/manuals/4000/007-4658-001/pdf/007-4658-001.pdf | ||
5654 | * We interpret Table 29 Relocation Operation (Elf64_Rel, Elf64_Rela) [p.40] | ||
5655 | @@ -523,6 +539,7 @@ static int do_file(char const *const fname) | ||
5656 | altmcount = "__gnu_mcount_nc"; | ||
5657 | make_nop = make_nop_arm; | ||
5658 | rel_type_nop = R_ARM_NONE; | ||
5659 | + is_fake_mcount32 = arm_is_fake_mcount; | ||
5660 | gpfx = 0; | ||
5661 | break; | ||
5662 | case EM_AARCH64: |