Annotation of /trunk/kernel-alx/patches-5.4/0115-5.4.16-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3496 -
(hide annotations)
(download)
Mon May 11 14:36:18 2020 UTC (4 years ago) by niro
File size: 188872 byte(s)
Mon May 11 14:36:18 2020 UTC (4 years ago) by niro
File size: 188872 byte(s)
-linux-5.4.16
| 1 | niro | 3496 | diff --git a/Makefile b/Makefile |
| 2 | index 30600e309c73..e16d2e58ed4b 100644 | ||
| 3 | --- a/Makefile | ||
| 4 | +++ b/Makefile | ||
| 5 | @@ -1,7 +1,7 @@ | ||
| 6 | # SPDX-License-Identifier: GPL-2.0 | ||
| 7 | VERSION = 5 | ||
| 8 | PATCHLEVEL = 4 | ||
| 9 | -SUBLEVEL = 15 | ||
| 10 | +SUBLEVEL = 16 | ||
| 11 | EXTRAVERSION = | ||
| 12 | NAME = Kleptomaniac Octopus | ||
| 13 | |||
| 14 | diff --git a/arch/powerpc/include/asm/book3s/64/mmu-hash.h b/arch/powerpc/include/asm/book3s/64/mmu-hash.h | ||
| 15 | index 15b75005bc34..3fa1b962dc27 100644 | ||
| 16 | --- a/arch/powerpc/include/asm/book3s/64/mmu-hash.h | ||
| 17 | +++ b/arch/powerpc/include/asm/book3s/64/mmu-hash.h | ||
| 18 | @@ -600,8 +600,11 @@ extern void slb_set_size(u16 size); | ||
| 19 | * | ||
| 20 | */ | ||
| 21 | #define MAX_USER_CONTEXT ((ASM_CONST(1) << CONTEXT_BITS) - 2) | ||
| 22 | + | ||
| 23 | +// The + 2 accounts for INVALID_REGION and 1 more to avoid overlap with kernel | ||
| 24 | #define MIN_USER_CONTEXT (MAX_KERNEL_CTX_CNT + MAX_VMALLOC_CTX_CNT + \ | ||
| 25 | - MAX_IO_CTX_CNT + MAX_VMEMMAP_CTX_CNT) | ||
| 26 | + MAX_IO_CTX_CNT + MAX_VMEMMAP_CTX_CNT + 2) | ||
| 27 | + | ||
| 28 | /* | ||
| 29 | * For platforms that support on 65bit VA we limit the context bits | ||
| 30 | */ | ||
| 31 | diff --git a/arch/powerpc/include/asm/xive-regs.h b/arch/powerpc/include/asm/xive-regs.h | ||
| 32 | index f2dfcd50a2d3..33aee7490cbb 100644 | ||
| 33 | --- a/arch/powerpc/include/asm/xive-regs.h | ||
| 34 | +++ b/arch/powerpc/include/asm/xive-regs.h | ||
| 35 | @@ -39,6 +39,7 @@ | ||
| 36 | |||
| 37 | #define XIVE_ESB_VAL_P 0x2 | ||
| 38 | #define XIVE_ESB_VAL_Q 0x1 | ||
| 39 | +#define XIVE_ESB_INVALID 0xFF | ||
| 40 | |||
| 41 | /* | ||
| 42 | * Thread Management (aka "TM") registers | ||
| 43 | diff --git a/arch/powerpc/sysdev/xive/common.c b/arch/powerpc/sysdev/xive/common.c | ||
| 44 | index f5fadbd2533a..9651ca061828 100644 | ||
| 45 | --- a/arch/powerpc/sysdev/xive/common.c | ||
| 46 | +++ b/arch/powerpc/sysdev/xive/common.c | ||
| 47 | @@ -972,12 +972,21 @@ static int xive_get_irqchip_state(struct irq_data *data, | ||
| 48 | enum irqchip_irq_state which, bool *state) | ||
| 49 | { | ||
| 50 | struct xive_irq_data *xd = irq_data_get_irq_handler_data(data); | ||
| 51 | + u8 pq; | ||
| 52 | |||
| 53 | switch (which) { | ||
| 54 | case IRQCHIP_STATE_ACTIVE: | ||
| 55 | - *state = !xd->stale_p && | ||
| 56 | - (xd->saved_p || | ||
| 57 | - !!(xive_esb_read(xd, XIVE_ESB_GET) & XIVE_ESB_VAL_P)); | ||
| 58 | + pq = xive_esb_read(xd, XIVE_ESB_GET); | ||
| 59 | + | ||
| 60 | + /* | ||
| 61 | + * The esb value being all 1's means we couldn't get | ||
| 62 | + * the PQ state of the interrupt through mmio. It may | ||
| 63 | + * happen, for example when querying a PHB interrupt | ||
| 64 | + * while the PHB is in an error state. We consider the | ||
| 65 | + * interrupt to be inactive in that case. | ||
| 66 | + */ | ||
| 67 | + *state = (pq != XIVE_ESB_INVALID) && !xd->stale_p && | ||
| 68 | + (xd->saved_p || !!(pq & XIVE_ESB_VAL_P)); | ||
| 69 | return 0; | ||
| 70 | default: | ||
| 71 | return -EINVAL; | ||
| 72 | diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c | ||
| 73 | index 2bbab0230aeb..d287837ed755 100644 | ||
| 74 | --- a/drivers/atm/firestream.c | ||
| 75 | +++ b/drivers/atm/firestream.c | ||
| 76 | @@ -912,6 +912,7 @@ static int fs_open(struct atm_vcc *atm_vcc) | ||
| 77 | } | ||
| 78 | if (!to) { | ||
| 79 | printk ("No more free channels for FS50..\n"); | ||
| 80 | + kfree(vcc); | ||
| 81 | return -EBUSY; | ||
| 82 | } | ||
| 83 | vcc->channo = dev->channo; | ||
| 84 | @@ -922,6 +923,7 @@ static int fs_open(struct atm_vcc *atm_vcc) | ||
| 85 | if (((DO_DIRECTION(rxtp) && dev->atm_vccs[vcc->channo])) || | ||
| 86 | ( DO_DIRECTION(txtp) && test_bit (vcc->channo, dev->tx_inuse))) { | ||
| 87 | printk ("Channel is in use for FS155.\n"); | ||
| 88 | + kfree(vcc); | ||
| 89 | return -EBUSY; | ||
| 90 | } | ||
| 91 | } | ||
| 92 | @@ -935,6 +937,7 @@ static int fs_open(struct atm_vcc *atm_vcc) | ||
| 93 | tc, sizeof (struct fs_transmit_config)); | ||
| 94 | if (!tc) { | ||
| 95 | fs_dprintk (FS_DEBUG_OPEN, "fs: can't alloc transmit_config.\n"); | ||
| 96 | + kfree(vcc); | ||
| 97 | return -ENOMEM; | ||
| 98 | } | ||
| 99 | |||
| 100 | diff --git a/drivers/gpu/drm/i915/gem/i915_gem_busy.c b/drivers/gpu/drm/i915/gem/i915_gem_busy.c | ||
| 101 | index 3d4f5775a4ba..25235ef630c1 100644 | ||
| 102 | --- a/drivers/gpu/drm/i915/gem/i915_gem_busy.c | ||
| 103 | +++ b/drivers/gpu/drm/i915/gem/i915_gem_busy.c | ||
| 104 | @@ -9,16 +9,16 @@ | ||
| 105 | #include "i915_gem_ioctls.h" | ||
| 106 | #include "i915_gem_object.h" | ||
| 107 | |||
| 108 | -static __always_inline u32 __busy_read_flag(u8 id) | ||
| 109 | +static __always_inline u32 __busy_read_flag(u16 id) | ||
| 110 | { | ||
| 111 | - if (id == (u8)I915_ENGINE_CLASS_INVALID) | ||
| 112 | + if (id == (u16)I915_ENGINE_CLASS_INVALID) | ||
| 113 | return 0xffff0000u; | ||
| 114 | |||
| 115 | GEM_BUG_ON(id >= 16); | ||
| 116 | return 0x10000u << id; | ||
| 117 | } | ||
| 118 | |||
| 119 | -static __always_inline u32 __busy_write_id(u8 id) | ||
| 120 | +static __always_inline u32 __busy_write_id(u16 id) | ||
| 121 | { | ||
| 122 | /* | ||
| 123 | * The uABI guarantees an active writer is also amongst the read | ||
| 124 | @@ -29,14 +29,14 @@ static __always_inline u32 __busy_write_id(u8 id) | ||
| 125 | * last_read - hence we always set both read and write busy for | ||
| 126 | * last_write. | ||
| 127 | */ | ||
| 128 | - if (id == (u8)I915_ENGINE_CLASS_INVALID) | ||
| 129 | + if (id == (u16)I915_ENGINE_CLASS_INVALID) | ||
| 130 | return 0xffffffffu; | ||
| 131 | |||
| 132 | return (id + 1) | __busy_read_flag(id); | ||
| 133 | } | ||
| 134 | |||
| 135 | static __always_inline unsigned int | ||
| 136 | -__busy_set_if_active(const struct dma_fence *fence, u32 (*flag)(u8 id)) | ||
| 137 | +__busy_set_if_active(const struct dma_fence *fence, u32 (*flag)(u16 id)) | ||
| 138 | { | ||
| 139 | const struct i915_request *rq; | ||
| 140 | |||
| 141 | @@ -57,7 +57,7 @@ __busy_set_if_active(const struct dma_fence *fence, u32 (*flag)(u8 id)) | ||
| 142 | return 0; | ||
| 143 | |||
| 144 | /* Beware type-expansion follies! */ | ||
| 145 | - BUILD_BUG_ON(!typecheck(u8, rq->engine->uabi_class)); | ||
| 146 | + BUILD_BUG_ON(!typecheck(u16, rq->engine->uabi_class)); | ||
| 147 | return flag(rq->engine->uabi_class); | ||
| 148 | } | ||
| 149 | |||
| 150 | diff --git a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c | ||
| 151 | index abfbac49b8e8..968d9b2705d0 100644 | ||
| 152 | --- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c | ||
| 153 | +++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c | ||
| 154 | @@ -427,7 +427,7 @@ struct get_pages_work { | ||
| 155 | |||
| 156 | static struct sg_table * | ||
| 157 | __i915_gem_userptr_alloc_pages(struct drm_i915_gem_object *obj, | ||
| 158 | - struct page **pvec, int num_pages) | ||
| 159 | + struct page **pvec, unsigned long num_pages) | ||
| 160 | { | ||
| 161 | unsigned int max_segment = i915_sg_segment_size(); | ||
| 162 | struct sg_table *st; | ||
| 163 | @@ -473,9 +473,10 @@ __i915_gem_userptr_get_pages_worker(struct work_struct *_work) | ||
| 164 | { | ||
| 165 | struct get_pages_work *work = container_of(_work, typeof(*work), work); | ||
| 166 | struct drm_i915_gem_object *obj = work->obj; | ||
| 167 | - const int npages = obj->base.size >> PAGE_SHIFT; | ||
| 168 | + const unsigned long npages = obj->base.size >> PAGE_SHIFT; | ||
| 169 | + unsigned long pinned; | ||
| 170 | struct page **pvec; | ||
| 171 | - int pinned, ret; | ||
| 172 | + int ret; | ||
| 173 | |||
| 174 | ret = -ENOMEM; | ||
| 175 | pinned = 0; | ||
| 176 | @@ -578,7 +579,7 @@ __i915_gem_userptr_get_pages_schedule(struct drm_i915_gem_object *obj) | ||
| 177 | |||
| 178 | static int i915_gem_userptr_get_pages(struct drm_i915_gem_object *obj) | ||
| 179 | { | ||
| 180 | - const int num_pages = obj->base.size >> PAGE_SHIFT; | ||
| 181 | + const unsigned long num_pages = obj->base.size >> PAGE_SHIFT; | ||
| 182 | struct mm_struct *mm = obj->userptr.mm->mm; | ||
| 183 | struct page **pvec; | ||
| 184 | struct sg_table *pages; | ||
| 185 | diff --git a/drivers/gpu/drm/i915/gt/intel_engine_types.h b/drivers/gpu/drm/i915/gt/intel_engine_types.h | ||
| 186 | index 9dd8c299cb2d..798e1b024406 100644 | ||
| 187 | --- a/drivers/gpu/drm/i915/gt/intel_engine_types.h | ||
| 188 | +++ b/drivers/gpu/drm/i915/gt/intel_engine_types.h | ||
| 189 | @@ -300,8 +300,8 @@ struct intel_engine_cs { | ||
| 190 | u8 class; | ||
| 191 | u8 instance; | ||
| 192 | |||
| 193 | - u8 uabi_class; | ||
| 194 | - u8 uabi_instance; | ||
| 195 | + u16 uabi_class; | ||
| 196 | + u16 uabi_instance; | ||
| 197 | |||
| 198 | u32 context_size; | ||
| 199 | u32 mmio_base; | ||
| 200 | diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c | ||
| 201 | index b1a7a8b9b46a..f614646ed3f9 100644 | ||
| 202 | --- a/drivers/gpu/drm/i915/i915_gem_gtt.c | ||
| 203 | +++ b/drivers/gpu/drm/i915/i915_gem_gtt.c | ||
| 204 | @@ -1178,6 +1178,7 @@ gen8_ppgtt_insert_pte(struct i915_ppgtt *ppgtt, | ||
| 205 | pd = i915_pd_entry(pdp, gen8_pd_index(idx, 2)); | ||
| 206 | vaddr = kmap_atomic_px(i915_pt_entry(pd, gen8_pd_index(idx, 1))); | ||
| 207 | do { | ||
| 208 | + GEM_BUG_ON(iter->sg->length < I915_GTT_PAGE_SIZE); | ||
| 209 | vaddr[gen8_pd_index(idx, 0)] = pte_encode | iter->dma; | ||
| 210 | |||
| 211 | iter->dma += I915_GTT_PAGE_SIZE; | ||
| 212 | @@ -1657,6 +1658,7 @@ static void gen6_ppgtt_insert_entries(struct i915_address_space *vm, | ||
| 213 | |||
| 214 | vaddr = kmap_atomic_px(i915_pt_entry(pd, act_pt)); | ||
| 215 | do { | ||
| 216 | + GEM_BUG_ON(iter.sg->length < I915_GTT_PAGE_SIZE); | ||
| 217 | vaddr[act_pte] = pte_encode | GEN6_PTE_ADDR_ENCODE(iter.dma); | ||
| 218 | |||
| 219 | iter.dma += I915_GTT_PAGE_SIZE; | ||
| 220 | diff --git a/drivers/gpu/drm/panfrost/panfrost_drv.c b/drivers/gpu/drm/panfrost/panfrost_drv.c | ||
| 221 | index 1c67ac434e10..5906c80c4b2c 100644 | ||
| 222 | --- a/drivers/gpu/drm/panfrost/panfrost_drv.c | ||
| 223 | +++ b/drivers/gpu/drm/panfrost/panfrost_drv.c | ||
| 224 | @@ -78,8 +78,10 @@ static int panfrost_ioctl_get_param(struct drm_device *ddev, void *data, struct | ||
| 225 | static int panfrost_ioctl_create_bo(struct drm_device *dev, void *data, | ||
| 226 | struct drm_file *file) | ||
| 227 | { | ||
| 228 | + struct panfrost_file_priv *priv = file->driver_priv; | ||
| 229 | struct panfrost_gem_object *bo; | ||
| 230 | struct drm_panfrost_create_bo *args = data; | ||
| 231 | + struct panfrost_gem_mapping *mapping; | ||
| 232 | |||
| 233 | if (!args->size || args->pad || | ||
| 234 | (args->flags & ~(PANFROST_BO_NOEXEC | PANFROST_BO_HEAP))) | ||
| 235 | @@ -95,7 +97,14 @@ static int panfrost_ioctl_create_bo(struct drm_device *dev, void *data, | ||
| 236 | if (IS_ERR(bo)) | ||
| 237 | return PTR_ERR(bo); | ||
| 238 | |||
| 239 | - args->offset = bo->node.start << PAGE_SHIFT; | ||
| 240 | + mapping = panfrost_gem_mapping_get(bo, priv); | ||
| 241 | + if (!mapping) { | ||
| 242 | + drm_gem_object_put_unlocked(&bo->base.base); | ||
| 243 | + return -EINVAL; | ||
| 244 | + } | ||
| 245 | + | ||
| 246 | + args->offset = mapping->mmnode.start << PAGE_SHIFT; | ||
| 247 | + panfrost_gem_mapping_put(mapping); | ||
| 248 | |||
| 249 | return 0; | ||
| 250 | } | ||
| 251 | @@ -119,6 +128,11 @@ panfrost_lookup_bos(struct drm_device *dev, | ||
| 252 | struct drm_panfrost_submit *args, | ||
| 253 | struct panfrost_job *job) | ||
| 254 | { | ||
| 255 | + struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
| 256 | + struct panfrost_gem_object *bo; | ||
| 257 | + unsigned int i; | ||
| 258 | + int ret; | ||
| 259 | + | ||
| 260 | job->bo_count = args->bo_handle_count; | ||
| 261 | |||
| 262 | if (!job->bo_count) | ||
| 263 | @@ -130,9 +144,32 @@ panfrost_lookup_bos(struct drm_device *dev, | ||
| 264 | if (!job->implicit_fences) | ||
| 265 | return -ENOMEM; | ||
| 266 | |||
| 267 | - return drm_gem_objects_lookup(file_priv, | ||
| 268 | - (void __user *)(uintptr_t)args->bo_handles, | ||
| 269 | - job->bo_count, &job->bos); | ||
| 270 | + ret = drm_gem_objects_lookup(file_priv, | ||
| 271 | + (void __user *)(uintptr_t)args->bo_handles, | ||
| 272 | + job->bo_count, &job->bos); | ||
| 273 | + if (ret) | ||
| 274 | + return ret; | ||
| 275 | + | ||
| 276 | + job->mappings = kvmalloc_array(job->bo_count, | ||
| 277 | + sizeof(struct panfrost_gem_mapping *), | ||
| 278 | + GFP_KERNEL | __GFP_ZERO); | ||
| 279 | + if (!job->mappings) | ||
| 280 | + return -ENOMEM; | ||
| 281 | + | ||
| 282 | + for (i = 0; i < job->bo_count; i++) { | ||
| 283 | + struct panfrost_gem_mapping *mapping; | ||
| 284 | + | ||
| 285 | + bo = to_panfrost_bo(job->bos[i]); | ||
| 286 | + mapping = panfrost_gem_mapping_get(bo, priv); | ||
| 287 | + if (!mapping) { | ||
| 288 | + ret = -EINVAL; | ||
| 289 | + break; | ||
| 290 | + } | ||
| 291 | + | ||
| 292 | + job->mappings[i] = mapping; | ||
| 293 | + } | ||
| 294 | + | ||
| 295 | + return ret; | ||
| 296 | } | ||
| 297 | |||
| 298 | /** | ||
| 299 | @@ -320,7 +357,9 @@ out: | ||
| 300 | static int panfrost_ioctl_get_bo_offset(struct drm_device *dev, void *data, | ||
| 301 | struct drm_file *file_priv) | ||
| 302 | { | ||
| 303 | + struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
| 304 | struct drm_panfrost_get_bo_offset *args = data; | ||
| 305 | + struct panfrost_gem_mapping *mapping; | ||
| 306 | struct drm_gem_object *gem_obj; | ||
| 307 | struct panfrost_gem_object *bo; | ||
| 308 | |||
| 309 | @@ -331,18 +370,26 @@ static int panfrost_ioctl_get_bo_offset(struct drm_device *dev, void *data, | ||
| 310 | } | ||
| 311 | bo = to_panfrost_bo(gem_obj); | ||
| 312 | |||
| 313 | - args->offset = bo->node.start << PAGE_SHIFT; | ||
| 314 | - | ||
| 315 | + mapping = panfrost_gem_mapping_get(bo, priv); | ||
| 316 | drm_gem_object_put_unlocked(gem_obj); | ||
| 317 | + | ||
| 318 | + if (!mapping) | ||
| 319 | + return -EINVAL; | ||
| 320 | + | ||
| 321 | + args->offset = mapping->mmnode.start << PAGE_SHIFT; | ||
| 322 | + panfrost_gem_mapping_put(mapping); | ||
| 323 | return 0; | ||
| 324 | } | ||
| 325 | |||
| 326 | static int panfrost_ioctl_madvise(struct drm_device *dev, void *data, | ||
| 327 | struct drm_file *file_priv) | ||
| 328 | { | ||
| 329 | + struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
| 330 | struct drm_panfrost_madvise *args = data; | ||
| 331 | struct panfrost_device *pfdev = dev->dev_private; | ||
| 332 | struct drm_gem_object *gem_obj; | ||
| 333 | + struct panfrost_gem_object *bo; | ||
| 334 | + int ret = 0; | ||
| 335 | |||
| 336 | gem_obj = drm_gem_object_lookup(file_priv, args->handle); | ||
| 337 | if (!gem_obj) { | ||
| 338 | @@ -350,22 +397,48 @@ static int panfrost_ioctl_madvise(struct drm_device *dev, void *data, | ||
| 339 | return -ENOENT; | ||
| 340 | } | ||
| 341 | |||
| 342 | + bo = to_panfrost_bo(gem_obj); | ||
| 343 | + | ||
| 344 | mutex_lock(&pfdev->shrinker_lock); | ||
| 345 | + mutex_lock(&bo->mappings.lock); | ||
| 346 | + if (args->madv == PANFROST_MADV_DONTNEED) { | ||
| 347 | + struct panfrost_gem_mapping *first; | ||
| 348 | + | ||
| 349 | + first = list_first_entry(&bo->mappings.list, | ||
| 350 | + struct panfrost_gem_mapping, | ||
| 351 | + node); | ||
| 352 | + | ||
| 353 | + /* | ||
| 354 | + * If we want to mark the BO purgeable, there must be only one | ||
| 355 | + * user: the caller FD. | ||
| 356 | + * We could do something smarter and mark the BO purgeable only | ||
| 357 | + * when all its users have marked it purgeable, but globally | ||
| 358 | + * visible/shared BOs are likely to never be marked purgeable | ||
| 359 | + * anyway, so let's not bother. | ||
| 360 | + */ | ||
| 361 | + if (!list_is_singular(&bo->mappings.list) || | ||
| 362 | + WARN_ON_ONCE(first->mmu != &priv->mmu)) { | ||
| 363 | + ret = -EINVAL; | ||
| 364 | + goto out_unlock_mappings; | ||
| 365 | + } | ||
| 366 | + } | ||
| 367 | + | ||
| 368 | args->retained = drm_gem_shmem_madvise(gem_obj, args->madv); | ||
| 369 | |||
| 370 | if (args->retained) { | ||
| 371 | - struct panfrost_gem_object *bo = to_panfrost_bo(gem_obj); | ||
| 372 | - | ||
| 373 | if (args->madv == PANFROST_MADV_DONTNEED) | ||
| 374 | list_add_tail(&bo->base.madv_list, | ||
| 375 | &pfdev->shrinker_list); | ||
| 376 | else if (args->madv == PANFROST_MADV_WILLNEED) | ||
| 377 | list_del_init(&bo->base.madv_list); | ||
| 378 | } | ||
| 379 | + | ||
| 380 | +out_unlock_mappings: | ||
| 381 | + mutex_unlock(&bo->mappings.lock); | ||
| 382 | mutex_unlock(&pfdev->shrinker_lock); | ||
| 383 | |||
| 384 | drm_gem_object_put_unlocked(gem_obj); | ||
| 385 | - return 0; | ||
| 386 | + return ret; | ||
| 387 | } | ||
| 388 | |||
| 389 | int panfrost_unstable_ioctl_check(void) | ||
| 390 | diff --git a/drivers/gpu/drm/panfrost/panfrost_gem.c b/drivers/gpu/drm/panfrost/panfrost_gem.c | ||
| 391 | index 92a95210a899..77c3a3855c68 100644 | ||
| 392 | --- a/drivers/gpu/drm/panfrost/panfrost_gem.c | ||
| 393 | +++ b/drivers/gpu/drm/panfrost/panfrost_gem.c | ||
| 394 | @@ -29,6 +29,12 @@ static void panfrost_gem_free_object(struct drm_gem_object *obj) | ||
| 395 | list_del_init(&bo->base.madv_list); | ||
| 396 | mutex_unlock(&pfdev->shrinker_lock); | ||
| 397 | |||
| 398 | + /* | ||
| 399 | + * If we still have mappings attached to the BO, there's a problem in | ||
| 400 | + * our refcounting. | ||
| 401 | + */ | ||
| 402 | + WARN_ON_ONCE(!list_empty(&bo->mappings.list)); | ||
| 403 | + | ||
| 404 | if (bo->sgts) { | ||
| 405 | int i; | ||
| 406 | int n_sgt = bo->base.base.size / SZ_2M; | ||
| 407 | @@ -46,6 +52,69 @@ static void panfrost_gem_free_object(struct drm_gem_object *obj) | ||
| 408 | drm_gem_shmem_free_object(obj); | ||
| 409 | } | ||
| 410 | |||
| 411 | +struct panfrost_gem_mapping * | ||
| 412 | +panfrost_gem_mapping_get(struct panfrost_gem_object *bo, | ||
| 413 | + struct panfrost_file_priv *priv) | ||
| 414 | +{ | ||
| 415 | + struct panfrost_gem_mapping *iter, *mapping = NULL; | ||
| 416 | + | ||
| 417 | + mutex_lock(&bo->mappings.lock); | ||
| 418 | + list_for_each_entry(iter, &bo->mappings.list, node) { | ||
| 419 | + if (iter->mmu == &priv->mmu) { | ||
| 420 | + kref_get(&iter->refcount); | ||
| 421 | + mapping = iter; | ||
| 422 | + break; | ||
| 423 | + } | ||
| 424 | + } | ||
| 425 | + mutex_unlock(&bo->mappings.lock); | ||
| 426 | + | ||
| 427 | + return mapping; | ||
| 428 | +} | ||
| 429 | + | ||
| 430 | +static void | ||
| 431 | +panfrost_gem_teardown_mapping(struct panfrost_gem_mapping *mapping) | ||
| 432 | +{ | ||
| 433 | + struct panfrost_file_priv *priv; | ||
| 434 | + | ||
| 435 | + if (mapping->active) | ||
| 436 | + panfrost_mmu_unmap(mapping); | ||
| 437 | + | ||
| 438 | + priv = container_of(mapping->mmu, struct panfrost_file_priv, mmu); | ||
| 439 | + spin_lock(&priv->mm_lock); | ||
| 440 | + if (drm_mm_node_allocated(&mapping->mmnode)) | ||
| 441 | + drm_mm_remove_node(&mapping->mmnode); | ||
| 442 | + spin_unlock(&priv->mm_lock); | ||
| 443 | +} | ||
| 444 | + | ||
| 445 | +static void panfrost_gem_mapping_release(struct kref *kref) | ||
| 446 | +{ | ||
| 447 | + struct panfrost_gem_mapping *mapping; | ||
| 448 | + | ||
| 449 | + mapping = container_of(kref, struct panfrost_gem_mapping, refcount); | ||
| 450 | + | ||
| 451 | + panfrost_gem_teardown_mapping(mapping); | ||
| 452 | + drm_gem_object_put_unlocked(&mapping->obj->base.base); | ||
| 453 | + kfree(mapping); | ||
| 454 | +} | ||
| 455 | + | ||
| 456 | +void panfrost_gem_mapping_put(struct panfrost_gem_mapping *mapping) | ||
| 457 | +{ | ||
| 458 | + if (!mapping) | ||
| 459 | + return; | ||
| 460 | + | ||
| 461 | + kref_put(&mapping->refcount, panfrost_gem_mapping_release); | ||
| 462 | +} | ||
| 463 | + | ||
| 464 | +void panfrost_gem_teardown_mappings(struct panfrost_gem_object *bo) | ||
| 465 | +{ | ||
| 466 | + struct panfrost_gem_mapping *mapping; | ||
| 467 | + | ||
| 468 | + mutex_lock(&bo->mappings.lock); | ||
| 469 | + list_for_each_entry(mapping, &bo->mappings.list, node) | ||
| 470 | + panfrost_gem_teardown_mapping(mapping); | ||
| 471 | + mutex_unlock(&bo->mappings.lock); | ||
| 472 | +} | ||
| 473 | + | ||
| 474 | int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
| 475 | { | ||
| 476 | int ret; | ||
| 477 | @@ -54,6 +123,16 @@ int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
| 478 | struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
| 479 | unsigned long color = bo->noexec ? PANFROST_BO_NOEXEC : 0; | ||
| 480 | struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
| 481 | + struct panfrost_gem_mapping *mapping; | ||
| 482 | + | ||
| 483 | + mapping = kzalloc(sizeof(*mapping), GFP_KERNEL); | ||
| 484 | + if (!mapping) | ||
| 485 | + return -ENOMEM; | ||
| 486 | + | ||
| 487 | + INIT_LIST_HEAD(&mapping->node); | ||
| 488 | + kref_init(&mapping->refcount); | ||
| 489 | + drm_gem_object_get(obj); | ||
| 490 | + mapping->obj = bo; | ||
| 491 | |||
| 492 | /* | ||
| 493 | * Executable buffers cannot cross a 16MB boundary as the program | ||
| 494 | @@ -66,37 +145,48 @@ int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
| 495 | else | ||
| 496 | align = size >= SZ_2M ? SZ_2M >> PAGE_SHIFT : 0; | ||
| 497 | |||
| 498 | - bo->mmu = &priv->mmu; | ||
| 499 | + mapping->mmu = &priv->mmu; | ||
| 500 | spin_lock(&priv->mm_lock); | ||
| 501 | - ret = drm_mm_insert_node_generic(&priv->mm, &bo->node, | ||
| 502 | + ret = drm_mm_insert_node_generic(&priv->mm, &mapping->mmnode, | ||
| 503 | size >> PAGE_SHIFT, align, color, 0); | ||
| 504 | spin_unlock(&priv->mm_lock); | ||
| 505 | if (ret) | ||
| 506 | - return ret; | ||
| 507 | + goto err; | ||
| 508 | |||
| 509 | if (!bo->is_heap) { | ||
| 510 | - ret = panfrost_mmu_map(bo); | ||
| 511 | - if (ret) { | ||
| 512 | - spin_lock(&priv->mm_lock); | ||
| 513 | - drm_mm_remove_node(&bo->node); | ||
| 514 | - spin_unlock(&priv->mm_lock); | ||
| 515 | - } | ||
| 516 | + ret = panfrost_mmu_map(mapping); | ||
| 517 | + if (ret) | ||
| 518 | + goto err; | ||
| 519 | } | ||
| 520 | + | ||
| 521 | + mutex_lock(&bo->mappings.lock); | ||
| 522 | + WARN_ON(bo->base.madv != PANFROST_MADV_WILLNEED); | ||
| 523 | + list_add_tail(&mapping->node, &bo->mappings.list); | ||
| 524 | + mutex_unlock(&bo->mappings.lock); | ||
| 525 | + | ||
| 526 | +err: | ||
| 527 | + if (ret) | ||
| 528 | + panfrost_gem_mapping_put(mapping); | ||
| 529 | return ret; | ||
| 530 | } | ||
| 531 | |||
| 532 | void panfrost_gem_close(struct drm_gem_object *obj, struct drm_file *file_priv) | ||
| 533 | { | ||
| 534 | - struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
| 535 | struct panfrost_file_priv *priv = file_priv->driver_priv; | ||
| 536 | + struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
| 537 | + struct panfrost_gem_mapping *mapping = NULL, *iter; | ||
| 538 | |||
| 539 | - if (bo->is_mapped) | ||
| 540 | - panfrost_mmu_unmap(bo); | ||
| 541 | + mutex_lock(&bo->mappings.lock); | ||
| 542 | + list_for_each_entry(iter, &bo->mappings.list, node) { | ||
| 543 | + if (iter->mmu == &priv->mmu) { | ||
| 544 | + mapping = iter; | ||
| 545 | + list_del(&iter->node); | ||
| 546 | + break; | ||
| 547 | + } | ||
| 548 | + } | ||
| 549 | + mutex_unlock(&bo->mappings.lock); | ||
| 550 | |||
| 551 | - spin_lock(&priv->mm_lock); | ||
| 552 | - if (drm_mm_node_allocated(&bo->node)) | ||
| 553 | - drm_mm_remove_node(&bo->node); | ||
| 554 | - spin_unlock(&priv->mm_lock); | ||
| 555 | + panfrost_gem_mapping_put(mapping); | ||
| 556 | } | ||
| 557 | |||
| 558 | static int panfrost_gem_pin(struct drm_gem_object *obj) | ||
| 559 | @@ -136,6 +226,8 @@ struct drm_gem_object *panfrost_gem_create_object(struct drm_device *dev, size_t | ||
| 560 | if (!obj) | ||
| 561 | return NULL; | ||
| 562 | |||
| 563 | + INIT_LIST_HEAD(&obj->mappings.list); | ||
| 564 | + mutex_init(&obj->mappings.lock); | ||
| 565 | obj->base.base.funcs = &panfrost_gem_funcs; | ||
| 566 | |||
| 567 | return &obj->base.base; | ||
| 568 | diff --git a/drivers/gpu/drm/panfrost/panfrost_gem.h b/drivers/gpu/drm/panfrost/panfrost_gem.h | ||
| 569 | index 4b17e7308764..ca1bc9019600 100644 | ||
| 570 | --- a/drivers/gpu/drm/panfrost/panfrost_gem.h | ||
| 571 | +++ b/drivers/gpu/drm/panfrost/panfrost_gem.h | ||
| 572 | @@ -13,23 +13,46 @@ struct panfrost_gem_object { | ||
| 573 | struct drm_gem_shmem_object base; | ||
| 574 | struct sg_table *sgts; | ||
| 575 | |||
| 576 | - struct panfrost_mmu *mmu; | ||
| 577 | - struct drm_mm_node node; | ||
| 578 | - bool is_mapped :1; | ||
| 579 | + /* | ||
| 580 | + * Use a list for now. If searching a mapping ever becomes the | ||
| 581 | + * bottleneck, we should consider using an RB-tree, or even better, | ||
| 582 | + * let the core store drm_gem_object_mapping entries (where we | ||
| 583 | + * could place driver specific data) instead of drm_gem_object ones | ||
| 584 | + * in its drm_file->object_idr table. | ||
| 585 | + * | ||
| 586 | + * struct drm_gem_object_mapping { | ||
| 587 | + * struct drm_gem_object *obj; | ||
| 588 | + * void *driver_priv; | ||
| 589 | + * }; | ||
| 590 | + */ | ||
| 591 | + struct { | ||
| 592 | + struct list_head list; | ||
| 593 | + struct mutex lock; | ||
| 594 | + } mappings; | ||
| 595 | + | ||
| 596 | bool noexec :1; | ||
| 597 | bool is_heap :1; | ||
| 598 | }; | ||
| 599 | |||
| 600 | +struct panfrost_gem_mapping { | ||
| 601 | + struct list_head node; | ||
| 602 | + struct kref refcount; | ||
| 603 | + struct panfrost_gem_object *obj; | ||
| 604 | + struct drm_mm_node mmnode; | ||
| 605 | + struct panfrost_mmu *mmu; | ||
| 606 | + bool active :1; | ||
| 607 | +}; | ||
| 608 | + | ||
| 609 | static inline | ||
| 610 | struct panfrost_gem_object *to_panfrost_bo(struct drm_gem_object *obj) | ||
| 611 | { | ||
| 612 | return container_of(to_drm_gem_shmem_obj(obj), struct panfrost_gem_object, base); | ||
| 613 | } | ||
| 614 | |||
| 615 | -static inline | ||
| 616 | -struct panfrost_gem_object *drm_mm_node_to_panfrost_bo(struct drm_mm_node *node) | ||
| 617 | +static inline struct panfrost_gem_mapping * | ||
| 618 | +drm_mm_node_to_panfrost_mapping(struct drm_mm_node *node) | ||
| 619 | { | ||
| 620 | - return container_of(node, struct panfrost_gem_object, node); | ||
| 621 | + return container_of(node, struct panfrost_gem_mapping, mmnode); | ||
| 622 | } | ||
| 623 | |||
| 624 | struct drm_gem_object *panfrost_gem_create_object(struct drm_device *dev, size_t size); | ||
| 625 | @@ -49,6 +72,12 @@ int panfrost_gem_open(struct drm_gem_object *obj, struct drm_file *file_priv); | ||
| 626 | void panfrost_gem_close(struct drm_gem_object *obj, | ||
| 627 | struct drm_file *file_priv); | ||
| 628 | |||
| 629 | +struct panfrost_gem_mapping * | ||
| 630 | +panfrost_gem_mapping_get(struct panfrost_gem_object *bo, | ||
| 631 | + struct panfrost_file_priv *priv); | ||
| 632 | +void panfrost_gem_mapping_put(struct panfrost_gem_mapping *mapping); | ||
| 633 | +void panfrost_gem_teardown_mappings(struct panfrost_gem_object *bo); | ||
| 634 | + | ||
| 635 | void panfrost_gem_shrinker_init(struct drm_device *dev); | ||
| 636 | void panfrost_gem_shrinker_cleanup(struct drm_device *dev); | ||
| 637 | |||
| 638 | diff --git a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | ||
| 639 | index 458f0fa68111..f5dd7b29bc95 100644 | ||
| 640 | --- a/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | ||
| 641 | +++ b/drivers/gpu/drm/panfrost/panfrost_gem_shrinker.c | ||
| 642 | @@ -39,11 +39,12 @@ panfrost_gem_shrinker_count(struct shrinker *shrinker, struct shrink_control *sc | ||
| 643 | static bool panfrost_gem_purge(struct drm_gem_object *obj) | ||
| 644 | { | ||
| 645 | struct drm_gem_shmem_object *shmem = to_drm_gem_shmem_obj(obj); | ||
| 646 | + struct panfrost_gem_object *bo = to_panfrost_bo(obj); | ||
| 647 | |||
| 648 | if (!mutex_trylock(&shmem->pages_lock)) | ||
| 649 | return false; | ||
| 650 | |||
| 651 | - panfrost_mmu_unmap(to_panfrost_bo(obj)); | ||
| 652 | + panfrost_gem_teardown_mappings(bo); | ||
| 653 | drm_gem_shmem_purge_locked(obj); | ||
| 654 | |||
| 655 | mutex_unlock(&shmem->pages_lock); | ||
| 656 | diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c | ||
| 657 | index 21f34d44aac2..bbb0c5e3ca6f 100644 | ||
| 658 | --- a/drivers/gpu/drm/panfrost/panfrost_job.c | ||
| 659 | +++ b/drivers/gpu/drm/panfrost/panfrost_job.c | ||
| 660 | @@ -269,9 +269,20 @@ static void panfrost_job_cleanup(struct kref *ref) | ||
| 661 | dma_fence_put(job->done_fence); | ||
| 662 | dma_fence_put(job->render_done_fence); | ||
| 663 | |||
| 664 | - if (job->bos) { | ||
| 665 | + if (job->mappings) { | ||
| 666 | for (i = 0; i < job->bo_count; i++) | ||
| 667 | + panfrost_gem_mapping_put(job->mappings[i]); | ||
| 668 | + kvfree(job->mappings); | ||
| 669 | + } | ||
| 670 | + | ||
| 671 | + if (job->bos) { | ||
| 672 | + struct panfrost_gem_object *bo; | ||
| 673 | + | ||
| 674 | + for (i = 0; i < job->bo_count; i++) { | ||
| 675 | + bo = to_panfrost_bo(job->bos[i]); | ||
| 676 | drm_gem_object_put_unlocked(job->bos[i]); | ||
| 677 | + } | ||
| 678 | + | ||
| 679 | kvfree(job->bos); | ||
| 680 | } | ||
| 681 | |||
| 682 | diff --git a/drivers/gpu/drm/panfrost/panfrost_job.h b/drivers/gpu/drm/panfrost/panfrost_job.h | ||
| 683 | index 62454128a792..bbd3ba97ff67 100644 | ||
| 684 | --- a/drivers/gpu/drm/panfrost/panfrost_job.h | ||
| 685 | +++ b/drivers/gpu/drm/panfrost/panfrost_job.h | ||
| 686 | @@ -32,6 +32,7 @@ struct panfrost_job { | ||
| 687 | |||
| 688 | /* Exclusive fences we have taken from the BOs to wait for */ | ||
| 689 | struct dma_fence **implicit_fences; | ||
| 690 | + struct panfrost_gem_mapping **mappings; | ||
| 691 | struct drm_gem_object **bos; | ||
| 692 | u32 bo_count; | ||
| 693 | |||
| 694 | diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c | ||
| 695 | index a3ed64a1f15e..763cfca886a7 100644 | ||
| 696 | --- a/drivers/gpu/drm/panfrost/panfrost_mmu.c | ||
| 697 | +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c | ||
| 698 | @@ -269,14 +269,15 @@ static int mmu_map_sg(struct panfrost_device *pfdev, struct panfrost_mmu *mmu, | ||
| 699 | return 0; | ||
| 700 | } | ||
| 701 | |||
| 702 | -int panfrost_mmu_map(struct panfrost_gem_object *bo) | ||
| 703 | +int panfrost_mmu_map(struct panfrost_gem_mapping *mapping) | ||
| 704 | { | ||
| 705 | + struct panfrost_gem_object *bo = mapping->obj; | ||
| 706 | struct drm_gem_object *obj = &bo->base.base; | ||
| 707 | struct panfrost_device *pfdev = to_panfrost_device(obj->dev); | ||
| 708 | struct sg_table *sgt; | ||
| 709 | int prot = IOMMU_READ | IOMMU_WRITE; | ||
| 710 | |||
| 711 | - if (WARN_ON(bo->is_mapped)) | ||
| 712 | + if (WARN_ON(mapping->active)) | ||
| 713 | return 0; | ||
| 714 | |||
| 715 | if (bo->noexec) | ||
| 716 | @@ -286,25 +287,28 @@ int panfrost_mmu_map(struct panfrost_gem_object *bo) | ||
| 717 | if (WARN_ON(IS_ERR(sgt))) | ||
| 718 | return PTR_ERR(sgt); | ||
| 719 | |||
| 720 | - mmu_map_sg(pfdev, bo->mmu, bo->node.start << PAGE_SHIFT, prot, sgt); | ||
| 721 | - bo->is_mapped = true; | ||
| 722 | + mmu_map_sg(pfdev, mapping->mmu, mapping->mmnode.start << PAGE_SHIFT, | ||
| 723 | + prot, sgt); | ||
| 724 | + mapping->active = true; | ||
| 725 | |||
| 726 | return 0; | ||
| 727 | } | ||
| 728 | |||
| 729 | -void panfrost_mmu_unmap(struct panfrost_gem_object *bo) | ||
| 730 | +void panfrost_mmu_unmap(struct panfrost_gem_mapping *mapping) | ||
| 731 | { | ||
| 732 | + struct panfrost_gem_object *bo = mapping->obj; | ||
| 733 | struct drm_gem_object *obj = &bo->base.base; | ||
| 734 | struct panfrost_device *pfdev = to_panfrost_device(obj->dev); | ||
| 735 | - struct io_pgtable_ops *ops = bo->mmu->pgtbl_ops; | ||
| 736 | - u64 iova = bo->node.start << PAGE_SHIFT; | ||
| 737 | - size_t len = bo->node.size << PAGE_SHIFT; | ||
| 738 | + struct io_pgtable_ops *ops = mapping->mmu->pgtbl_ops; | ||
| 739 | + u64 iova = mapping->mmnode.start << PAGE_SHIFT; | ||
| 740 | + size_t len = mapping->mmnode.size << PAGE_SHIFT; | ||
| 741 | size_t unmapped_len = 0; | ||
| 742 | |||
| 743 | - if (WARN_ON(!bo->is_mapped)) | ||
| 744 | + if (WARN_ON(!mapping->active)) | ||
| 745 | return; | ||
| 746 | |||
| 747 | - dev_dbg(pfdev->dev, "unmap: as=%d, iova=%llx, len=%zx", bo->mmu->as, iova, len); | ||
| 748 | + dev_dbg(pfdev->dev, "unmap: as=%d, iova=%llx, len=%zx", | ||
| 749 | + mapping->mmu->as, iova, len); | ||
| 750 | |||
| 751 | while (unmapped_len < len) { | ||
| 752 | size_t unmapped_page; | ||
| 753 | @@ -318,8 +322,9 @@ void panfrost_mmu_unmap(struct panfrost_gem_object *bo) | ||
| 754 | unmapped_len += pgsize; | ||
| 755 | } | ||
| 756 | |||
| 757 | - panfrost_mmu_flush_range(pfdev, bo->mmu, bo->node.start << PAGE_SHIFT, len); | ||
| 758 | - bo->is_mapped = false; | ||
| 759 | + panfrost_mmu_flush_range(pfdev, mapping->mmu, | ||
| 760 | + mapping->mmnode.start << PAGE_SHIFT, len); | ||
| 761 | + mapping->active = false; | ||
| 762 | } | ||
| 763 | |||
| 764 | static void mmu_tlb_inv_context_s1(void *cookie) | ||
| 765 | @@ -394,10 +399,10 @@ void panfrost_mmu_pgtable_free(struct panfrost_file_priv *priv) | ||
| 766 | free_io_pgtable_ops(mmu->pgtbl_ops); | ||
| 767 | } | ||
| 768 | |||
| 769 | -static struct panfrost_gem_object * | ||
| 770 | -addr_to_drm_mm_node(struct panfrost_device *pfdev, int as, u64 addr) | ||
| 771 | +static struct panfrost_gem_mapping * | ||
| 772 | +addr_to_mapping(struct panfrost_device *pfdev, int as, u64 addr) | ||
| 773 | { | ||
| 774 | - struct panfrost_gem_object *bo = NULL; | ||
| 775 | + struct panfrost_gem_mapping *mapping = NULL; | ||
| 776 | struct panfrost_file_priv *priv; | ||
| 777 | struct drm_mm_node *node; | ||
| 778 | u64 offset = addr >> PAGE_SHIFT; | ||
| 779 | @@ -418,8 +423,9 @@ found_mmu: | ||
| 780 | drm_mm_for_each_node(node, &priv->mm) { | ||
| 781 | if (offset >= node->start && | ||
| 782 | offset < (node->start + node->size)) { | ||
| 783 | - bo = drm_mm_node_to_panfrost_bo(node); | ||
| 784 | - drm_gem_object_get(&bo->base.base); | ||
| 785 | + mapping = drm_mm_node_to_panfrost_mapping(node); | ||
| 786 | + | ||
| 787 | + kref_get(&mapping->refcount); | ||
| 788 | break; | ||
| 789 | } | ||
| 790 | } | ||
| 791 | @@ -427,7 +433,7 @@ found_mmu: | ||
| 792 | spin_unlock(&priv->mm_lock); | ||
| 793 | out: | ||
| 794 | spin_unlock(&pfdev->as_lock); | ||
| 795 | - return bo; | ||
| 796 | + return mapping; | ||
| 797 | } | ||
| 798 | |||
| 799 | #define NUM_FAULT_PAGES (SZ_2M / PAGE_SIZE) | ||
| 800 | @@ -436,28 +442,30 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, | ||
| 801 | u64 addr) | ||
| 802 | { | ||
| 803 | int ret, i; | ||
| 804 | + struct panfrost_gem_mapping *bomapping; | ||
| 805 | struct panfrost_gem_object *bo; | ||
| 806 | struct address_space *mapping; | ||
| 807 | pgoff_t page_offset; | ||
| 808 | struct sg_table *sgt; | ||
| 809 | struct page **pages; | ||
| 810 | |||
| 811 | - bo = addr_to_drm_mm_node(pfdev, as, addr); | ||
| 812 | - if (!bo) | ||
| 813 | + bomapping = addr_to_mapping(pfdev, as, addr); | ||
| 814 | + if (!bomapping) | ||
| 815 | return -ENOENT; | ||
| 816 | |||
| 817 | + bo = bomapping->obj; | ||
| 818 | if (!bo->is_heap) { | ||
| 819 | dev_WARN(pfdev->dev, "matching BO is not heap type (GPU VA = %llx)", | ||
| 820 | - bo->node.start << PAGE_SHIFT); | ||
| 821 | + bomapping->mmnode.start << PAGE_SHIFT); | ||
| 822 | ret = -EINVAL; | ||
| 823 | goto err_bo; | ||
| 824 | } | ||
| 825 | - WARN_ON(bo->mmu->as != as); | ||
| 826 | + WARN_ON(bomapping->mmu->as != as); | ||
| 827 | |||
| 828 | /* Assume 2MB alignment and size multiple */ | ||
| 829 | addr &= ~((u64)SZ_2M - 1); | ||
| 830 | page_offset = addr >> PAGE_SHIFT; | ||
| 831 | - page_offset -= bo->node.start; | ||
| 832 | + page_offset -= bomapping->mmnode.start; | ||
| 833 | |||
| 834 | mutex_lock(&bo->base.pages_lock); | ||
| 835 | |||
| 836 | @@ -509,13 +517,14 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, | ||
| 837 | goto err_map; | ||
| 838 | } | ||
| 839 | |||
| 840 | - mmu_map_sg(pfdev, bo->mmu, addr, IOMMU_WRITE | IOMMU_READ | IOMMU_NOEXEC, sgt); | ||
| 841 | + mmu_map_sg(pfdev, bomapping->mmu, addr, | ||
| 842 | + IOMMU_WRITE | IOMMU_READ | IOMMU_NOEXEC, sgt); | ||
| 843 | |||
| 844 | - bo->is_mapped = true; | ||
| 845 | + bomapping->active = true; | ||
| 846 | |||
| 847 | dev_dbg(pfdev->dev, "mapped page fault @ AS%d %llx", as, addr); | ||
| 848 | |||
| 849 | - drm_gem_object_put_unlocked(&bo->base.base); | ||
| 850 | + panfrost_gem_mapping_put(bomapping); | ||
| 851 | |||
| 852 | return 0; | ||
| 853 | |||
| 854 | diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.h b/drivers/gpu/drm/panfrost/panfrost_mmu.h | ||
| 855 | index 7c5b6775ae23..44fc2edf63ce 100644 | ||
| 856 | --- a/drivers/gpu/drm/panfrost/panfrost_mmu.h | ||
| 857 | +++ b/drivers/gpu/drm/panfrost/panfrost_mmu.h | ||
| 858 | @@ -4,12 +4,12 @@ | ||
| 859 | #ifndef __PANFROST_MMU_H__ | ||
| 860 | #define __PANFROST_MMU_H__ | ||
| 861 | |||
| 862 | -struct panfrost_gem_object; | ||
| 863 | +struct panfrost_gem_mapping; | ||
| 864 | struct panfrost_file_priv; | ||
| 865 | struct panfrost_mmu; | ||
| 866 | |||
| 867 | -int panfrost_mmu_map(struct panfrost_gem_object *bo); | ||
| 868 | -void panfrost_mmu_unmap(struct panfrost_gem_object *bo); | ||
| 869 | +int panfrost_mmu_map(struct panfrost_gem_mapping *mapping); | ||
| 870 | +void panfrost_mmu_unmap(struct panfrost_gem_mapping *mapping); | ||
| 871 | |||
| 872 | int panfrost_mmu_init(struct panfrost_device *pfdev); | ||
| 873 | void panfrost_mmu_fini(struct panfrost_device *pfdev); | ||
| 874 | diff --git a/drivers/gpu/drm/panfrost/panfrost_perfcnt.c b/drivers/gpu/drm/panfrost/panfrost_perfcnt.c | ||
| 875 | index 2c04e858c50a..684820448be3 100644 | ||
| 876 | --- a/drivers/gpu/drm/panfrost/panfrost_perfcnt.c | ||
| 877 | +++ b/drivers/gpu/drm/panfrost/panfrost_perfcnt.c | ||
| 878 | @@ -25,7 +25,7 @@ | ||
| 879 | #define V4_SHADERS_PER_COREGROUP 4 | ||
| 880 | |||
| 881 | struct panfrost_perfcnt { | ||
| 882 | - struct panfrost_gem_object *bo; | ||
| 883 | + struct panfrost_gem_mapping *mapping; | ||
| 884 | size_t bosize; | ||
| 885 | void *buf; | ||
| 886 | struct panfrost_file_priv *user; | ||
| 887 | @@ -49,7 +49,7 @@ static int panfrost_perfcnt_dump_locked(struct panfrost_device *pfdev) | ||
| 888 | int ret; | ||
| 889 | |||
| 890 | reinit_completion(&pfdev->perfcnt->dump_comp); | ||
| 891 | - gpuva = pfdev->perfcnt->bo->node.start << PAGE_SHIFT; | ||
| 892 | + gpuva = pfdev->perfcnt->mapping->mmnode.start << PAGE_SHIFT; | ||
| 893 | gpu_write(pfdev, GPU_PERFCNT_BASE_LO, gpuva); | ||
| 894 | gpu_write(pfdev, GPU_PERFCNT_BASE_HI, gpuva >> 32); | ||
| 895 | gpu_write(pfdev, GPU_INT_CLEAR, | ||
| 896 | @@ -89,17 +89,22 @@ static int panfrost_perfcnt_enable_locked(struct panfrost_device *pfdev, | ||
| 897 | if (IS_ERR(bo)) | ||
| 898 | return PTR_ERR(bo); | ||
| 899 | |||
| 900 | - perfcnt->bo = to_panfrost_bo(&bo->base); | ||
| 901 | - | ||
| 902 | /* Map the perfcnt buf in the address space attached to file_priv. */ | ||
| 903 | - ret = panfrost_gem_open(&perfcnt->bo->base.base, file_priv); | ||
| 904 | + ret = panfrost_gem_open(&bo->base, file_priv); | ||
| 905 | if (ret) | ||
| 906 | goto err_put_bo; | ||
| 907 | |||
| 908 | + perfcnt->mapping = panfrost_gem_mapping_get(to_panfrost_bo(&bo->base), | ||
| 909 | + user); | ||
| 910 | + if (!perfcnt->mapping) { | ||
| 911 | + ret = -EINVAL; | ||
| 912 | + goto err_close_bo; | ||
| 913 | + } | ||
| 914 | + | ||
| 915 | perfcnt->buf = drm_gem_shmem_vmap(&bo->base); | ||
| 916 | if (IS_ERR(perfcnt->buf)) { | ||
| 917 | ret = PTR_ERR(perfcnt->buf); | ||
| 918 | - goto err_close_bo; | ||
| 919 | + goto err_put_mapping; | ||
| 920 | } | ||
| 921 | |||
| 922 | /* | ||
| 923 | @@ -154,12 +159,17 @@ static int panfrost_perfcnt_enable_locked(struct panfrost_device *pfdev, | ||
| 924 | if (panfrost_has_hw_issue(pfdev, HW_ISSUE_8186)) | ||
| 925 | gpu_write(pfdev, GPU_PRFCNT_TILER_EN, 0xffffffff); | ||
| 926 | |||
| 927 | + /* The BO ref is retained by the mapping. */ | ||
| 928 | + drm_gem_object_put_unlocked(&bo->base); | ||
| 929 | + | ||
| 930 | return 0; | ||
| 931 | |||
| 932 | err_vunmap: | ||
| 933 | - drm_gem_shmem_vunmap(&perfcnt->bo->base.base, perfcnt->buf); | ||
| 934 | + drm_gem_shmem_vunmap(&bo->base, perfcnt->buf); | ||
| 935 | +err_put_mapping: | ||
| 936 | + panfrost_gem_mapping_put(perfcnt->mapping); | ||
| 937 | err_close_bo: | ||
| 938 | - panfrost_gem_close(&perfcnt->bo->base.base, file_priv); | ||
| 939 | + panfrost_gem_close(&bo->base, file_priv); | ||
| 940 | err_put_bo: | ||
| 941 | drm_gem_object_put_unlocked(&bo->base); | ||
| 942 | return ret; | ||
| 943 | @@ -182,11 +192,11 @@ static int panfrost_perfcnt_disable_locked(struct panfrost_device *pfdev, | ||
| 944 | GPU_PERFCNT_CFG_MODE(GPU_PERFCNT_CFG_MODE_OFF)); | ||
| 945 | |||
| 946 | perfcnt->user = NULL; | ||
| 947 | - drm_gem_shmem_vunmap(&perfcnt->bo->base.base, perfcnt->buf); | ||
| 948 | + drm_gem_shmem_vunmap(&perfcnt->mapping->obj->base.base, perfcnt->buf); | ||
| 949 | perfcnt->buf = NULL; | ||
| 950 | - panfrost_gem_close(&perfcnt->bo->base.base, file_priv); | ||
| 951 | - drm_gem_object_put_unlocked(&perfcnt->bo->base.base); | ||
| 952 | - perfcnt->bo = NULL; | ||
| 953 | + panfrost_gem_close(&perfcnt->mapping->obj->base.base, file_priv); | ||
| 954 | + panfrost_gem_mapping_put(perfcnt->mapping); | ||
| 955 | + perfcnt->mapping = NULL; | ||
| 956 | pm_runtime_mark_last_busy(pfdev->dev); | ||
| 957 | pm_runtime_put_autosuspend(pfdev->dev); | ||
| 958 | |||
| 959 | diff --git a/drivers/hwmon/adt7475.c b/drivers/hwmon/adt7475.c | ||
| 960 | index 6c64d50c9aae..01c2eeb02aa9 100644 | ||
| 961 | --- a/drivers/hwmon/adt7475.c | ||
| 962 | +++ b/drivers/hwmon/adt7475.c | ||
| 963 | @@ -294,9 +294,10 @@ static inline u16 volt2reg(int channel, long volt, u8 bypass_attn) | ||
| 964 | long reg; | ||
| 965 | |||
| 966 | if (bypass_attn & (1 << channel)) | ||
| 967 | - reg = (volt * 1024) / 2250; | ||
| 968 | + reg = DIV_ROUND_CLOSEST(volt * 1024, 2250); | ||
| 969 | else | ||
| 970 | - reg = (volt * r[1] * 1024) / ((r[0] + r[1]) * 2250); | ||
| 971 | + reg = DIV_ROUND_CLOSEST(volt * r[1] * 1024, | ||
| 972 | + (r[0] + r[1]) * 2250); | ||
| 973 | return clamp_val(reg, 0, 1023) & (0xff << 2); | ||
| 974 | } | ||
| 975 | |||
| 976 | diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c | ||
| 977 | index 1f3b30b085b9..d018b20089ec 100644 | ||
| 978 | --- a/drivers/hwmon/hwmon.c | ||
| 979 | +++ b/drivers/hwmon/hwmon.c | ||
| 980 | @@ -51,6 +51,7 @@ struct hwmon_device_attribute { | ||
| 981 | |||
| 982 | #define to_hwmon_attr(d) \ | ||
| 983 | container_of(d, struct hwmon_device_attribute, dev_attr) | ||
| 984 | +#define to_dev_attr(a) container_of(a, struct device_attribute, attr) | ||
| 985 | |||
| 986 | /* | ||
| 987 | * Thermal zone information | ||
| 988 | @@ -58,7 +59,7 @@ struct hwmon_device_attribute { | ||
| 989 | * also provides the sensor index. | ||
| 990 | */ | ||
| 991 | struct hwmon_thermal_data { | ||
| 992 | - struct hwmon_device *hwdev; /* Reference to hwmon device */ | ||
| 993 | + struct device *dev; /* Reference to hwmon device */ | ||
| 994 | int index; /* sensor index */ | ||
| 995 | }; | ||
| 996 | |||
| 997 | @@ -95,9 +96,27 @@ static const struct attribute_group *hwmon_dev_attr_groups[] = { | ||
| 998 | NULL | ||
| 999 | }; | ||
| 1000 | |||
| 1001 | +static void hwmon_free_attrs(struct attribute **attrs) | ||
| 1002 | +{ | ||
| 1003 | + int i; | ||
| 1004 | + | ||
| 1005 | + for (i = 0; attrs[i]; i++) { | ||
| 1006 | + struct device_attribute *dattr = to_dev_attr(attrs[i]); | ||
| 1007 | + struct hwmon_device_attribute *hattr = to_hwmon_attr(dattr); | ||
| 1008 | + | ||
| 1009 | + kfree(hattr); | ||
| 1010 | + } | ||
| 1011 | + kfree(attrs); | ||
| 1012 | +} | ||
| 1013 | + | ||
| 1014 | static void hwmon_dev_release(struct device *dev) | ||
| 1015 | { | ||
| 1016 | - kfree(to_hwmon_device(dev)); | ||
| 1017 | + struct hwmon_device *hwdev = to_hwmon_device(dev); | ||
| 1018 | + | ||
| 1019 | + if (hwdev->group.attrs) | ||
| 1020 | + hwmon_free_attrs(hwdev->group.attrs); | ||
| 1021 | + kfree(hwdev->groups); | ||
| 1022 | + kfree(hwdev); | ||
| 1023 | } | ||
| 1024 | |||
| 1025 | static struct class hwmon_class = { | ||
| 1026 | @@ -119,11 +138,11 @@ static DEFINE_IDA(hwmon_ida); | ||
| 1027 | static int hwmon_thermal_get_temp(void *data, int *temp) | ||
| 1028 | { | ||
| 1029 | struct hwmon_thermal_data *tdata = data; | ||
| 1030 | - struct hwmon_device *hwdev = tdata->hwdev; | ||
| 1031 | + struct hwmon_device *hwdev = to_hwmon_device(tdata->dev); | ||
| 1032 | int ret; | ||
| 1033 | long t; | ||
| 1034 | |||
| 1035 | - ret = hwdev->chip->ops->read(&hwdev->dev, hwmon_temp, hwmon_temp_input, | ||
| 1036 | + ret = hwdev->chip->ops->read(tdata->dev, hwmon_temp, hwmon_temp_input, | ||
| 1037 | tdata->index, &t); | ||
| 1038 | if (ret < 0) | ||
| 1039 | return ret; | ||
| 1040 | @@ -137,8 +156,7 @@ static const struct thermal_zone_of_device_ops hwmon_thermal_ops = { | ||
| 1041 | .get_temp = hwmon_thermal_get_temp, | ||
| 1042 | }; | ||
| 1043 | |||
| 1044 | -static int hwmon_thermal_add_sensor(struct device *dev, | ||
| 1045 | - struct hwmon_device *hwdev, int index) | ||
| 1046 | +static int hwmon_thermal_add_sensor(struct device *dev, int index) | ||
| 1047 | { | ||
| 1048 | struct hwmon_thermal_data *tdata; | ||
| 1049 | struct thermal_zone_device *tzd; | ||
| 1050 | @@ -147,10 +165,10 @@ static int hwmon_thermal_add_sensor(struct device *dev, | ||
| 1051 | if (!tdata) | ||
| 1052 | return -ENOMEM; | ||
| 1053 | |||
| 1054 | - tdata->hwdev = hwdev; | ||
| 1055 | + tdata->dev = dev; | ||
| 1056 | tdata->index = index; | ||
| 1057 | |||
| 1058 | - tzd = devm_thermal_zone_of_sensor_register(&hwdev->dev, index, tdata, | ||
| 1059 | + tzd = devm_thermal_zone_of_sensor_register(dev, index, tdata, | ||
| 1060 | &hwmon_thermal_ops); | ||
| 1061 | /* | ||
| 1062 | * If CONFIG_THERMAL_OF is disabled, this returns -ENODEV, | ||
| 1063 | @@ -162,8 +180,7 @@ static int hwmon_thermal_add_sensor(struct device *dev, | ||
| 1064 | return 0; | ||
| 1065 | } | ||
| 1066 | #else | ||
| 1067 | -static int hwmon_thermal_add_sensor(struct device *dev, | ||
| 1068 | - struct hwmon_device *hwdev, int index) | ||
| 1069 | +static int hwmon_thermal_add_sensor(struct device *dev, int index) | ||
| 1070 | { | ||
| 1071 | return 0; | ||
| 1072 | } | ||
| 1073 | @@ -250,8 +267,7 @@ static bool is_string_attr(enum hwmon_sensor_types type, u32 attr) | ||
| 1074 | (type == hwmon_fan && attr == hwmon_fan_label); | ||
| 1075 | } | ||
| 1076 | |||
| 1077 | -static struct attribute *hwmon_genattr(struct device *dev, | ||
| 1078 | - const void *drvdata, | ||
| 1079 | +static struct attribute *hwmon_genattr(const void *drvdata, | ||
| 1080 | enum hwmon_sensor_types type, | ||
| 1081 | u32 attr, | ||
| 1082 | int index, | ||
| 1083 | @@ -279,7 +295,7 @@ static struct attribute *hwmon_genattr(struct device *dev, | ||
| 1084 | if ((mode & 0222) && !ops->write) | ||
| 1085 | return ERR_PTR(-EINVAL); | ||
| 1086 | |||
| 1087 | - hattr = devm_kzalloc(dev, sizeof(*hattr), GFP_KERNEL); | ||
| 1088 | + hattr = kzalloc(sizeof(*hattr), GFP_KERNEL); | ||
| 1089 | if (!hattr) | ||
| 1090 | return ERR_PTR(-ENOMEM); | ||
| 1091 | |||
| 1092 | @@ -492,8 +508,7 @@ static int hwmon_num_channel_attrs(const struct hwmon_channel_info *info) | ||
| 1093 | return n; | ||
| 1094 | } | ||
| 1095 | |||
| 1096 | -static int hwmon_genattrs(struct device *dev, | ||
| 1097 | - const void *drvdata, | ||
| 1098 | +static int hwmon_genattrs(const void *drvdata, | ||
| 1099 | struct attribute **attrs, | ||
| 1100 | const struct hwmon_ops *ops, | ||
| 1101 | const struct hwmon_channel_info *info) | ||
| 1102 | @@ -519,7 +534,7 @@ static int hwmon_genattrs(struct device *dev, | ||
| 1103 | attr_mask &= ~BIT(attr); | ||
| 1104 | if (attr >= template_size) | ||
| 1105 | return -EINVAL; | ||
| 1106 | - a = hwmon_genattr(dev, drvdata, info->type, attr, i, | ||
| 1107 | + a = hwmon_genattr(drvdata, info->type, attr, i, | ||
| 1108 | templates[attr], ops); | ||
| 1109 | if (IS_ERR(a)) { | ||
| 1110 | if (PTR_ERR(a) != -ENOENT) | ||
| 1111 | @@ -533,8 +548,7 @@ static int hwmon_genattrs(struct device *dev, | ||
| 1112 | } | ||
| 1113 | |||
| 1114 | static struct attribute ** | ||
| 1115 | -__hwmon_create_attrs(struct device *dev, const void *drvdata, | ||
| 1116 | - const struct hwmon_chip_info *chip) | ||
| 1117 | +__hwmon_create_attrs(const void *drvdata, const struct hwmon_chip_info *chip) | ||
| 1118 | { | ||
| 1119 | int ret, i, aindex = 0, nattrs = 0; | ||
| 1120 | struct attribute **attrs; | ||
| 1121 | @@ -545,15 +559,17 @@ __hwmon_create_attrs(struct device *dev, const void *drvdata, | ||
| 1122 | if (nattrs == 0) | ||
| 1123 | return ERR_PTR(-EINVAL); | ||
| 1124 | |||
| 1125 | - attrs = devm_kcalloc(dev, nattrs + 1, sizeof(*attrs), GFP_KERNEL); | ||
| 1126 | + attrs = kcalloc(nattrs + 1, sizeof(*attrs), GFP_KERNEL); | ||
| 1127 | if (!attrs) | ||
| 1128 | return ERR_PTR(-ENOMEM); | ||
| 1129 | |||
| 1130 | for (i = 0; chip->info[i]; i++) { | ||
| 1131 | - ret = hwmon_genattrs(dev, drvdata, &attrs[aindex], chip->ops, | ||
| 1132 | + ret = hwmon_genattrs(drvdata, &attrs[aindex], chip->ops, | ||
| 1133 | chip->info[i]); | ||
| 1134 | - if (ret < 0) | ||
| 1135 | + if (ret < 0) { | ||
| 1136 | + hwmon_free_attrs(attrs); | ||
| 1137 | return ERR_PTR(ret); | ||
| 1138 | + } | ||
| 1139 | aindex += ret; | ||
| 1140 | } | ||
| 1141 | |||
| 1142 | @@ -595,14 +611,13 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, | ||
| 1143 | for (i = 0; groups[i]; i++) | ||
| 1144 | ngroups++; | ||
| 1145 | |||
| 1146 | - hwdev->groups = devm_kcalloc(dev, ngroups, sizeof(*groups), | ||
| 1147 | - GFP_KERNEL); | ||
| 1148 | + hwdev->groups = kcalloc(ngroups, sizeof(*groups), GFP_KERNEL); | ||
| 1149 | if (!hwdev->groups) { | ||
| 1150 | err = -ENOMEM; | ||
| 1151 | goto free_hwmon; | ||
| 1152 | } | ||
| 1153 | |||
| 1154 | - attrs = __hwmon_create_attrs(dev, drvdata, chip); | ||
| 1155 | + attrs = __hwmon_create_attrs(drvdata, chip); | ||
| 1156 | if (IS_ERR(attrs)) { | ||
| 1157 | err = PTR_ERR(attrs); | ||
| 1158 | goto free_hwmon; | ||
| 1159 | @@ -647,8 +662,7 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, | ||
| 1160 | hwmon_temp_input, j)) | ||
| 1161 | continue; | ||
| 1162 | if (info[i]->config[j] & HWMON_T_INPUT) { | ||
| 1163 | - err = hwmon_thermal_add_sensor(dev, | ||
| 1164 | - hwdev, j); | ||
| 1165 | + err = hwmon_thermal_add_sensor(hdev, j); | ||
| 1166 | if (err) { | ||
| 1167 | device_unregister(hdev); | ||
| 1168 | /* | ||
| 1169 | @@ -667,7 +681,7 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata, | ||
| 1170 | return hdev; | ||
| 1171 | |||
| 1172 | free_hwmon: | ||
| 1173 | - kfree(hwdev); | ||
| 1174 | + hwmon_dev_release(hdev); | ||
| 1175 | ida_remove: | ||
| 1176 | ida_simple_remove(&hwmon_ida, id); | ||
| 1177 | return ERR_PTR(err); | ||
| 1178 | diff --git a/drivers/hwmon/nct7802.c b/drivers/hwmon/nct7802.c | ||
| 1179 | index f3dd2a17bd42..2e97e56c72c7 100644 | ||
| 1180 | --- a/drivers/hwmon/nct7802.c | ||
| 1181 | +++ b/drivers/hwmon/nct7802.c | ||
| 1182 | @@ -23,8 +23,8 @@ | ||
| 1183 | static const u8 REG_VOLTAGE[5] = { 0x09, 0x0a, 0x0c, 0x0d, 0x0e }; | ||
| 1184 | |||
| 1185 | static const u8 REG_VOLTAGE_LIMIT_LSB[2][5] = { | ||
| 1186 | - { 0x40, 0x00, 0x42, 0x44, 0x46 }, | ||
| 1187 | - { 0x3f, 0x00, 0x41, 0x43, 0x45 }, | ||
| 1188 | + { 0x46, 0x00, 0x40, 0x42, 0x44 }, | ||
| 1189 | + { 0x45, 0x00, 0x3f, 0x41, 0x43 }, | ||
| 1190 | }; | ||
| 1191 | |||
| 1192 | static const u8 REG_VOLTAGE_LIMIT_MSB[5] = { 0x48, 0x00, 0x47, 0x47, 0x48 }; | ||
| 1193 | @@ -58,6 +58,8 @@ static const u8 REG_VOLTAGE_LIMIT_MSB_SHIFT[2][5] = { | ||
| 1194 | struct nct7802_data { | ||
| 1195 | struct regmap *regmap; | ||
| 1196 | struct mutex access_lock; /* for multi-byte read and write operations */ | ||
| 1197 | + u8 in_status; | ||
| 1198 | + struct mutex in_alarm_lock; | ||
| 1199 | }; | ||
| 1200 | |||
| 1201 | static ssize_t temp_type_show(struct device *dev, | ||
| 1202 | @@ -368,6 +370,66 @@ static ssize_t in_store(struct device *dev, struct device_attribute *attr, | ||
| 1203 | return err ? : count; | ||
| 1204 | } | ||
| 1205 | |||
| 1206 | +static ssize_t in_alarm_show(struct device *dev, struct device_attribute *attr, | ||
| 1207 | + char *buf) | ||
| 1208 | +{ | ||
| 1209 | + struct sensor_device_attribute_2 *sattr = to_sensor_dev_attr_2(attr); | ||
| 1210 | + struct nct7802_data *data = dev_get_drvdata(dev); | ||
| 1211 | + int volt, min, max, ret; | ||
| 1212 | + unsigned int val; | ||
| 1213 | + | ||
| 1214 | + mutex_lock(&data->in_alarm_lock); | ||
| 1215 | + | ||
| 1216 | + /* | ||
| 1217 | + * The SMI Voltage status register is the only register giving a status | ||
| 1218 | + * for voltages. A bit is set for each input crossing a threshold, in | ||
| 1219 | + * both direction, but the "inside" or "outside" limits info is not | ||
| 1220 | + * available. Also this register is cleared on read. | ||
| 1221 | + * Note: this is not explicitly spelled out in the datasheet, but | ||
| 1222 | + * from experiment. | ||
| 1223 | + * To deal with this we use a status cache with one validity bit and | ||
| 1224 | + * one status bit for each input. Validity is cleared at startup and | ||
| 1225 | + * each time the register reports a change, and the status is processed | ||
| 1226 | + * by software based on current input value and limits. | ||
| 1227 | + */ | ||
| 1228 | + ret = regmap_read(data->regmap, 0x1e, &val); /* SMI Voltage status */ | ||
| 1229 | + if (ret < 0) | ||
| 1230 | + goto abort; | ||
| 1231 | + | ||
| 1232 | + /* invalidate cached status for all inputs crossing a threshold */ | ||
| 1233 | + data->in_status &= ~((val & 0x0f) << 4); | ||
| 1234 | + | ||
| 1235 | + /* if cached status for requested input is invalid, update it */ | ||
| 1236 | + if (!(data->in_status & (0x10 << sattr->index))) { | ||
| 1237 | + ret = nct7802_read_voltage(data, sattr->nr, 0); | ||
| 1238 | + if (ret < 0) | ||
| 1239 | + goto abort; | ||
| 1240 | + volt = ret; | ||
| 1241 | + | ||
| 1242 | + ret = nct7802_read_voltage(data, sattr->nr, 1); | ||
| 1243 | + if (ret < 0) | ||
| 1244 | + goto abort; | ||
| 1245 | + min = ret; | ||
| 1246 | + | ||
| 1247 | + ret = nct7802_read_voltage(data, sattr->nr, 2); | ||
| 1248 | + if (ret < 0) | ||
| 1249 | + goto abort; | ||
| 1250 | + max = ret; | ||
| 1251 | + | ||
| 1252 | + if (volt < min || volt > max) | ||
| 1253 | + data->in_status |= (1 << sattr->index); | ||
| 1254 | + else | ||
| 1255 | + data->in_status &= ~(1 << sattr->index); | ||
| 1256 | + | ||
| 1257 | + data->in_status |= 0x10 << sattr->index; | ||
| 1258 | + } | ||
| 1259 | + | ||
| 1260 | + ret = sprintf(buf, "%u\n", !!(data->in_status & (1 << sattr->index))); | ||
| 1261 | +abort: | ||
| 1262 | + mutex_unlock(&data->in_alarm_lock); | ||
| 1263 | + return ret; | ||
| 1264 | +} | ||
| 1265 | + | ||
| 1266 | static ssize_t temp_show(struct device *dev, struct device_attribute *attr, | ||
| 1267 | char *buf) | ||
| 1268 | { | ||
| 1269 | @@ -660,7 +722,7 @@ static const struct attribute_group nct7802_temp_group = { | ||
| 1270 | static SENSOR_DEVICE_ATTR_2_RO(in0_input, in, 0, 0); | ||
| 1271 | static SENSOR_DEVICE_ATTR_2_RW(in0_min, in, 0, 1); | ||
| 1272 | static SENSOR_DEVICE_ATTR_2_RW(in0_max, in, 0, 2); | ||
| 1273 | -static SENSOR_DEVICE_ATTR_2_RO(in0_alarm, alarm, 0x1e, 3); | ||
| 1274 | +static SENSOR_DEVICE_ATTR_2_RO(in0_alarm, in_alarm, 0, 3); | ||
| 1275 | static SENSOR_DEVICE_ATTR_2_RW(in0_beep, beep, 0x5a, 3); | ||
| 1276 | |||
| 1277 | static SENSOR_DEVICE_ATTR_2_RO(in1_input, in, 1, 0); | ||
| 1278 | @@ -668,19 +730,19 @@ static SENSOR_DEVICE_ATTR_2_RO(in1_input, in, 1, 0); | ||
| 1279 | static SENSOR_DEVICE_ATTR_2_RO(in2_input, in, 2, 0); | ||
| 1280 | static SENSOR_DEVICE_ATTR_2_RW(in2_min, in, 2, 1); | ||
| 1281 | static SENSOR_DEVICE_ATTR_2_RW(in2_max, in, 2, 2); | ||
| 1282 | -static SENSOR_DEVICE_ATTR_2_RO(in2_alarm, alarm, 0x1e, 0); | ||
| 1283 | +static SENSOR_DEVICE_ATTR_2_RO(in2_alarm, in_alarm, 2, 0); | ||
| 1284 | static SENSOR_DEVICE_ATTR_2_RW(in2_beep, beep, 0x5a, 0); | ||
| 1285 | |||
| 1286 | static SENSOR_DEVICE_ATTR_2_RO(in3_input, in, 3, 0); | ||
| 1287 | static SENSOR_DEVICE_ATTR_2_RW(in3_min, in, 3, 1); | ||
| 1288 | static SENSOR_DEVICE_ATTR_2_RW(in3_max, in, 3, 2); | ||
| 1289 | -static SENSOR_DEVICE_ATTR_2_RO(in3_alarm, alarm, 0x1e, 1); | ||
| 1290 | +static SENSOR_DEVICE_ATTR_2_RO(in3_alarm, in_alarm, 3, 1); | ||
| 1291 | static SENSOR_DEVICE_ATTR_2_RW(in3_beep, beep, 0x5a, 1); | ||
| 1292 | |||
| 1293 | static SENSOR_DEVICE_ATTR_2_RO(in4_input, in, 4, 0); | ||
| 1294 | static SENSOR_DEVICE_ATTR_2_RW(in4_min, in, 4, 1); | ||
| 1295 | static SENSOR_DEVICE_ATTR_2_RW(in4_max, in, 4, 2); | ||
| 1296 | -static SENSOR_DEVICE_ATTR_2_RO(in4_alarm, alarm, 0x1e, 2); | ||
| 1297 | +static SENSOR_DEVICE_ATTR_2_RO(in4_alarm, in_alarm, 4, 2); | ||
| 1298 | static SENSOR_DEVICE_ATTR_2_RW(in4_beep, beep, 0x5a, 2); | ||
| 1299 | |||
| 1300 | static struct attribute *nct7802_in_attrs[] = { | ||
| 1301 | @@ -1011,6 +1073,7 @@ static int nct7802_probe(struct i2c_client *client, | ||
| 1302 | return PTR_ERR(data->regmap); | ||
| 1303 | |||
| 1304 | mutex_init(&data->access_lock); | ||
| 1305 | + mutex_init(&data->in_alarm_lock); | ||
| 1306 | |||
| 1307 | ret = nct7802_init_chip(data); | ||
| 1308 | if (ret < 0) | ||
| 1309 | diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c | ||
| 1310 | index a1a035270cab..b273e421e910 100644 | ||
| 1311 | --- a/drivers/infiniband/ulp/isert/ib_isert.c | ||
| 1312 | +++ b/drivers/infiniband/ulp/isert/ib_isert.c | ||
| 1313 | @@ -2575,17 +2575,6 @@ isert_wait4logout(struct isert_conn *isert_conn) | ||
| 1314 | } | ||
| 1315 | } | ||
| 1316 | |||
| 1317 | -static void | ||
| 1318 | -isert_wait4cmds(struct iscsi_conn *conn) | ||
| 1319 | -{ | ||
| 1320 | - isert_info("iscsi_conn %p\n", conn); | ||
| 1321 | - | ||
| 1322 | - if (conn->sess) { | ||
| 1323 | - target_sess_cmd_list_set_waiting(conn->sess->se_sess); | ||
| 1324 | - target_wait_for_sess_cmds(conn->sess->se_sess); | ||
| 1325 | - } | ||
| 1326 | -} | ||
| 1327 | - | ||
| 1328 | /** | ||
| 1329 | * isert_put_unsol_pending_cmds() - Drop commands waiting for | ||
| 1330 | * unsolicitate dataout | ||
| 1331 | @@ -2633,7 +2622,6 @@ static void isert_wait_conn(struct iscsi_conn *conn) | ||
| 1332 | |||
| 1333 | ib_drain_qp(isert_conn->qp); | ||
| 1334 | isert_put_unsol_pending_cmds(conn); | ||
| 1335 | - isert_wait4cmds(conn); | ||
| 1336 | isert_wait4logout(isert_conn); | ||
| 1337 | |||
| 1338 | queue_work(isert_release_wq, &isert_conn->release_work); | ||
| 1339 | diff --git a/drivers/input/misc/keyspan_remote.c b/drivers/input/misc/keyspan_remote.c | ||
| 1340 | index 83368f1e7c4e..4650f4a94989 100644 | ||
| 1341 | --- a/drivers/input/misc/keyspan_remote.c | ||
| 1342 | +++ b/drivers/input/misc/keyspan_remote.c | ||
| 1343 | @@ -336,7 +336,8 @@ static int keyspan_setup(struct usb_device* dev) | ||
| 1344 | int retval = 0; | ||
| 1345 | |||
| 1346 | retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), | ||
| 1347 | - 0x11, 0x40, 0x5601, 0x0, NULL, 0, 0); | ||
| 1348 | + 0x11, 0x40, 0x5601, 0x0, NULL, 0, | ||
| 1349 | + USB_CTRL_SET_TIMEOUT); | ||
| 1350 | if (retval) { | ||
| 1351 | dev_dbg(&dev->dev, "%s - failed to set bit rate due to error: %d\n", | ||
| 1352 | __func__, retval); | ||
| 1353 | @@ -344,7 +345,8 @@ static int keyspan_setup(struct usb_device* dev) | ||
| 1354 | } | ||
| 1355 | |||
| 1356 | retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), | ||
| 1357 | - 0x44, 0x40, 0x0, 0x0, NULL, 0, 0); | ||
| 1358 | + 0x44, 0x40, 0x0, 0x0, NULL, 0, | ||
| 1359 | + USB_CTRL_SET_TIMEOUT); | ||
| 1360 | if (retval) { | ||
| 1361 | dev_dbg(&dev->dev, "%s - failed to set resume sensitivity due to error: %d\n", | ||
| 1362 | __func__, retval); | ||
| 1363 | @@ -352,7 +354,8 @@ static int keyspan_setup(struct usb_device* dev) | ||
| 1364 | } | ||
| 1365 | |||
| 1366 | retval = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), | ||
| 1367 | - 0x22, 0x40, 0x0, 0x0, NULL, 0, 0); | ||
| 1368 | + 0x22, 0x40, 0x0, 0x0, NULL, 0, | ||
| 1369 | + USB_CTRL_SET_TIMEOUT); | ||
| 1370 | if (retval) { | ||
| 1371 | dev_dbg(&dev->dev, "%s - failed to turn receive on due to error: %d\n", | ||
| 1372 | __func__, retval); | ||
| 1373 | diff --git a/drivers/input/misc/pm8xxx-vibrator.c b/drivers/input/misc/pm8xxx-vibrator.c | ||
| 1374 | index ecd762f93732..53ad25eaf1a2 100644 | ||
| 1375 | --- a/drivers/input/misc/pm8xxx-vibrator.c | ||
| 1376 | +++ b/drivers/input/misc/pm8xxx-vibrator.c | ||
| 1377 | @@ -90,7 +90,7 @@ static int pm8xxx_vib_set(struct pm8xxx_vib *vib, bool on) | ||
| 1378 | |||
| 1379 | if (regs->enable_mask) | ||
| 1380 | rc = regmap_update_bits(vib->regmap, regs->enable_addr, | ||
| 1381 | - on ? regs->enable_mask : 0, val); | ||
| 1382 | + regs->enable_mask, on ? ~0 : 0); | ||
| 1383 | |||
| 1384 | return rc; | ||
| 1385 | } | ||
| 1386 | diff --git a/drivers/input/rmi4/rmi_smbus.c b/drivers/input/rmi4/rmi_smbus.c | ||
| 1387 | index b313c579914f..2407ea43de59 100644 | ||
| 1388 | --- a/drivers/input/rmi4/rmi_smbus.c | ||
| 1389 | +++ b/drivers/input/rmi4/rmi_smbus.c | ||
| 1390 | @@ -163,6 +163,7 @@ static int rmi_smb_write_block(struct rmi_transport_dev *xport, u16 rmiaddr, | ||
| 1391 | /* prepare to write next block of bytes */ | ||
| 1392 | cur_len -= SMB_MAX_COUNT; | ||
| 1393 | databuff += SMB_MAX_COUNT; | ||
| 1394 | + rmiaddr += SMB_MAX_COUNT; | ||
| 1395 | } | ||
| 1396 | exit: | ||
| 1397 | mutex_unlock(&rmi_smb->page_mutex); | ||
| 1398 | @@ -214,6 +215,7 @@ static int rmi_smb_read_block(struct rmi_transport_dev *xport, u16 rmiaddr, | ||
| 1399 | /* prepare to read next block of bytes */ | ||
| 1400 | cur_len -= SMB_MAX_COUNT; | ||
| 1401 | databuff += SMB_MAX_COUNT; | ||
| 1402 | + rmiaddr += SMB_MAX_COUNT; | ||
| 1403 | } | ||
| 1404 | |||
| 1405 | retval = 0; | ||
| 1406 | diff --git a/drivers/input/tablet/aiptek.c b/drivers/input/tablet/aiptek.c | ||
| 1407 | index 2ca586fb914f..06d0ffef4a17 100644 | ||
| 1408 | --- a/drivers/input/tablet/aiptek.c | ||
| 1409 | +++ b/drivers/input/tablet/aiptek.c | ||
| 1410 | @@ -1802,14 +1802,14 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id) | ||
| 1411 | input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_MAX - 1, 0, 0); | ||
| 1412 | |||
| 1413 | /* Verify that a device really has an endpoint */ | ||
| 1414 | - if (intf->altsetting[0].desc.bNumEndpoints < 1) { | ||
| 1415 | + if (intf->cur_altsetting->desc.bNumEndpoints < 1) { | ||
| 1416 | dev_err(&intf->dev, | ||
| 1417 | "interface has %d endpoints, but must have minimum 1\n", | ||
| 1418 | - intf->altsetting[0].desc.bNumEndpoints); | ||
| 1419 | + intf->cur_altsetting->desc.bNumEndpoints); | ||
| 1420 | err = -EINVAL; | ||
| 1421 | goto fail3; | ||
| 1422 | } | ||
| 1423 | - endpoint = &intf->altsetting[0].endpoint[0].desc; | ||
| 1424 | + endpoint = &intf->cur_altsetting->endpoint[0].desc; | ||
| 1425 | |||
| 1426 | /* Go set up our URB, which is called when the tablet receives | ||
| 1427 | * input. | ||
| 1428 | diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c | ||
| 1429 | index 35031228a6d0..799c94dda651 100644 | ||
| 1430 | --- a/drivers/input/tablet/gtco.c | ||
| 1431 | +++ b/drivers/input/tablet/gtco.c | ||
| 1432 | @@ -875,18 +875,14 @@ static int gtco_probe(struct usb_interface *usbinterface, | ||
| 1433 | } | ||
| 1434 | |||
| 1435 | /* Sanity check that a device has an endpoint */ | ||
| 1436 | - if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) { | ||
| 1437 | + if (usbinterface->cur_altsetting->desc.bNumEndpoints < 1) { | ||
| 1438 | dev_err(&usbinterface->dev, | ||
| 1439 | "Invalid number of endpoints\n"); | ||
| 1440 | error = -EINVAL; | ||
| 1441 | goto err_free_urb; | ||
| 1442 | } | ||
| 1443 | |||
| 1444 | - /* | ||
| 1445 | - * The endpoint is always altsetting 0, we know this since we know | ||
| 1446 | - * this device only has one interrupt endpoint | ||
| 1447 | - */ | ||
| 1448 | - endpoint = &usbinterface->altsetting[0].endpoint[0].desc; | ||
| 1449 | + endpoint = &usbinterface->cur_altsetting->endpoint[0].desc; | ||
| 1450 | |||
| 1451 | /* Some debug */ | ||
| 1452 | dev_dbg(&usbinterface->dev, "gtco # interfaces: %d\n", usbinterface->num_altsetting); | ||
| 1453 | @@ -973,7 +969,7 @@ static int gtco_probe(struct usb_interface *usbinterface, | ||
| 1454 | input_dev->dev.parent = &usbinterface->dev; | ||
| 1455 | |||
| 1456 | /* Setup the URB, it will be posted later on open of input device */ | ||
| 1457 | - endpoint = &usbinterface->altsetting[0].endpoint[0].desc; | ||
| 1458 | + endpoint = &usbinterface->cur_altsetting->endpoint[0].desc; | ||
| 1459 | |||
| 1460 | usb_fill_int_urb(gtco->urbinfo, | ||
| 1461 | udev, | ||
| 1462 | diff --git a/drivers/input/tablet/pegasus_notetaker.c b/drivers/input/tablet/pegasus_notetaker.c | ||
| 1463 | index a1f3a0cb197e..38f087404f7a 100644 | ||
| 1464 | --- a/drivers/input/tablet/pegasus_notetaker.c | ||
| 1465 | +++ b/drivers/input/tablet/pegasus_notetaker.c | ||
| 1466 | @@ -275,7 +275,7 @@ static int pegasus_probe(struct usb_interface *intf, | ||
| 1467 | return -ENODEV; | ||
| 1468 | |||
| 1469 | /* Sanity check that the device has an endpoint */ | ||
| 1470 | - if (intf->altsetting[0].desc.bNumEndpoints < 1) { | ||
| 1471 | + if (intf->cur_altsetting->desc.bNumEndpoints < 1) { | ||
| 1472 | dev_err(&intf->dev, "Invalid number of endpoints\n"); | ||
| 1473 | return -EINVAL; | ||
| 1474 | } | ||
| 1475 | diff --git a/drivers/input/touchscreen/sun4i-ts.c b/drivers/input/touchscreen/sun4i-ts.c | ||
| 1476 | index 0af0fe8c40d7..742a7e96c1b5 100644 | ||
| 1477 | --- a/drivers/input/touchscreen/sun4i-ts.c | ||
| 1478 | +++ b/drivers/input/touchscreen/sun4i-ts.c | ||
| 1479 | @@ -237,6 +237,7 @@ static int sun4i_ts_probe(struct platform_device *pdev) | ||
| 1480 | struct device *dev = &pdev->dev; | ||
| 1481 | struct device_node *np = dev->of_node; | ||
| 1482 | struct device *hwmon; | ||
| 1483 | + struct thermal_zone_device *thermal; | ||
| 1484 | int error; | ||
| 1485 | u32 reg; | ||
| 1486 | bool ts_attached; | ||
| 1487 | @@ -355,7 +356,10 @@ static int sun4i_ts_probe(struct platform_device *pdev) | ||
| 1488 | if (IS_ERR(hwmon)) | ||
| 1489 | return PTR_ERR(hwmon); | ||
| 1490 | |||
| 1491 | - devm_thermal_zone_of_sensor_register(ts->dev, 0, ts, &sun4i_ts_tz_ops); | ||
| 1492 | + thermal = devm_thermal_zone_of_sensor_register(ts->dev, 0, ts, | ||
| 1493 | + &sun4i_ts_tz_ops); | ||
| 1494 | + if (IS_ERR(thermal)) | ||
| 1495 | + return PTR_ERR(thermal); | ||
| 1496 | |||
| 1497 | writel(TEMP_IRQ_EN(1), ts->base + TP_INT_FIFOC); | ||
| 1498 | |||
| 1499 | diff --git a/drivers/input/touchscreen/sur40.c b/drivers/input/touchscreen/sur40.c | ||
| 1500 | index 3fd3e862269b..2e2ea5719c90 100644 | ||
| 1501 | --- a/drivers/input/touchscreen/sur40.c | ||
| 1502 | +++ b/drivers/input/touchscreen/sur40.c | ||
| 1503 | @@ -653,7 +653,7 @@ static int sur40_probe(struct usb_interface *interface, | ||
| 1504 | int error; | ||
| 1505 | |||
| 1506 | /* Check if we really have the right interface. */ | ||
| 1507 | - iface_desc = &interface->altsetting[0]; | ||
| 1508 | + iface_desc = interface->cur_altsetting; | ||
| 1509 | if (iface_desc->desc.bInterfaceClass != 0xFF) | ||
| 1510 | return -ENODEV; | ||
| 1511 | |||
| 1512 | diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c | ||
| 1513 | index 568c52317757..483f7bc379fa 100644 | ||
| 1514 | --- a/drivers/iommu/amd_iommu_init.c | ||
| 1515 | +++ b/drivers/iommu/amd_iommu_init.c | ||
| 1516 | @@ -1655,27 +1655,39 @@ static int iommu_pc_get_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, | ||
| 1517 | static void init_iommu_perf_ctr(struct amd_iommu *iommu) | ||
| 1518 | { | ||
| 1519 | struct pci_dev *pdev = iommu->dev; | ||
| 1520 | - u64 val = 0xabcd, val2 = 0; | ||
| 1521 | + u64 val = 0xabcd, val2 = 0, save_reg = 0; | ||
| 1522 | |||
| 1523 | if (!iommu_feature(iommu, FEATURE_PC)) | ||
| 1524 | return; | ||
| 1525 | |||
| 1526 | amd_iommu_pc_present = true; | ||
| 1527 | |||
| 1528 | + /* save the value to restore, if writable */ | ||
| 1529 | + if (iommu_pc_get_set_reg(iommu, 0, 0, 0, &save_reg, false)) | ||
| 1530 | + goto pc_false; | ||
| 1531 | + | ||
| 1532 | /* Check if the performance counters can be written to */ | ||
| 1533 | if ((iommu_pc_get_set_reg(iommu, 0, 0, 0, &val, true)) || | ||
| 1534 | (iommu_pc_get_set_reg(iommu, 0, 0, 0, &val2, false)) || | ||
| 1535 | - (val != val2)) { | ||
| 1536 | - pci_err(pdev, "Unable to write to IOMMU perf counter.\n"); | ||
| 1537 | - amd_iommu_pc_present = false; | ||
| 1538 | - return; | ||
| 1539 | - } | ||
| 1540 | + (val != val2)) | ||
| 1541 | + goto pc_false; | ||
| 1542 | + | ||
| 1543 | + /* restore */ | ||
| 1544 | + if (iommu_pc_get_set_reg(iommu, 0, 0, 0, &save_reg, true)) | ||
| 1545 | + goto pc_false; | ||
| 1546 | |||
| 1547 | pci_info(pdev, "IOMMU performance counters supported\n"); | ||
| 1548 | |||
| 1549 | val = readl(iommu->mmio_base + MMIO_CNTR_CONF_OFFSET); | ||
| 1550 | iommu->max_banks = (u8) ((val >> 12) & 0x3f); | ||
| 1551 | iommu->max_counters = (u8) ((val >> 7) & 0xf); | ||
| 1552 | + | ||
| 1553 | + return; | ||
| 1554 | + | ||
| 1555 | +pc_false: | ||
| 1556 | + pci_err(pdev, "Unable to read/write to IOMMU perf counter.\n"); | ||
| 1557 | + amd_iommu_pc_present = false; | ||
| 1558 | + return; | ||
| 1559 | } | ||
| 1560 | |||
| 1561 | static ssize_t amd_iommu_show_cap(struct device *dev, | ||
| 1562 | diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c | ||
| 1563 | index e84c5dfe146f..dd5db856dcaf 100644 | ||
| 1564 | --- a/drivers/iommu/intel-iommu.c | ||
| 1565 | +++ b/drivers/iommu/intel-iommu.c | ||
| 1566 | @@ -5132,7 +5132,8 @@ static void dmar_remove_one_dev_info(struct device *dev) | ||
| 1567 | |||
| 1568 | spin_lock_irqsave(&device_domain_lock, flags); | ||
| 1569 | info = dev->archdata.iommu; | ||
| 1570 | - if (info) | ||
| 1571 | + if (info && info != DEFER_DEVICE_DOMAIN_INFO | ||
| 1572 | + && info != DUMMY_DEVICE_DOMAIN_INFO) | ||
| 1573 | __dmar_remove_one_dev_info(info); | ||
| 1574 | spin_unlock_irqrestore(&device_domain_lock, flags); | ||
| 1575 | } | ||
| 1576 | diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c | ||
| 1577 | index a5c73f3d5f79..2bf74595610f 100644 | ||
| 1578 | --- a/drivers/leds/leds-gpio.c | ||
| 1579 | +++ b/drivers/leds/leds-gpio.c | ||
| 1580 | @@ -151,9 +151,14 @@ static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev) | ||
| 1581 | struct gpio_led led = {}; | ||
| 1582 | const char *state = NULL; | ||
| 1583 | |||
| 1584 | + /* | ||
| 1585 | + * Acquire gpiod from DT with uninitialized label, which | ||
| 1586 | + * will be updated after LED class device is registered, | ||
| 1587 | + * Only then the final LED name is known. | ||
| 1588 | + */ | ||
| 1589 | led.gpiod = devm_fwnode_get_gpiod_from_child(dev, NULL, child, | ||
| 1590 | GPIOD_ASIS, | ||
| 1591 | - led.name); | ||
| 1592 | + NULL); | ||
| 1593 | if (IS_ERR(led.gpiod)) { | ||
| 1594 | fwnode_handle_put(child); | ||
| 1595 | return ERR_CAST(led.gpiod); | ||
| 1596 | @@ -186,6 +191,9 @@ static struct gpio_leds_priv *gpio_leds_create(struct platform_device *pdev) | ||
| 1597 | fwnode_handle_put(child); | ||
| 1598 | return ERR_PTR(ret); | ||
| 1599 | } | ||
| 1600 | + /* Set gpiod label to match the corresponding LED name. */ | ||
| 1601 | + gpiod_set_consumer_name(led_dat->gpiod, | ||
| 1602 | + led_dat->cdev.dev->kobj.name); | ||
| 1603 | priv->num_leds++; | ||
| 1604 | } | ||
| 1605 | |||
| 1606 | diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c | ||
| 1607 | index 21bb96ce4cd6..58868d7129eb 100644 | ||
| 1608 | --- a/drivers/media/v4l2-core/v4l2-ioctl.c | ||
| 1609 | +++ b/drivers/media/v4l2-core/v4l2-ioctl.c | ||
| 1610 | @@ -1605,12 +1605,12 @@ static int v4l_s_fmt(const struct v4l2_ioctl_ops *ops, | ||
| 1611 | case V4L2_BUF_TYPE_VBI_CAPTURE: | ||
| 1612 | if (unlikely(!ops->vidioc_s_fmt_vbi_cap)) | ||
| 1613 | break; | ||
| 1614 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
| 1615 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
| 1616 | return ops->vidioc_s_fmt_vbi_cap(file, fh, arg); | ||
| 1617 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: | ||
| 1618 | if (unlikely(!ops->vidioc_s_fmt_sliced_vbi_cap)) | ||
| 1619 | break; | ||
| 1620 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
| 1621 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
| 1622 | return ops->vidioc_s_fmt_sliced_vbi_cap(file, fh, arg); | ||
| 1623 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: | ||
| 1624 | if (unlikely(!ops->vidioc_s_fmt_vid_out)) | ||
| 1625 | @@ -1636,22 +1636,22 @@ static int v4l_s_fmt(const struct v4l2_ioctl_ops *ops, | ||
| 1626 | case V4L2_BUF_TYPE_VBI_OUTPUT: | ||
| 1627 | if (unlikely(!ops->vidioc_s_fmt_vbi_out)) | ||
| 1628 | break; | ||
| 1629 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
| 1630 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
| 1631 | return ops->vidioc_s_fmt_vbi_out(file, fh, arg); | ||
| 1632 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: | ||
| 1633 | if (unlikely(!ops->vidioc_s_fmt_sliced_vbi_out)) | ||
| 1634 | break; | ||
| 1635 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
| 1636 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
| 1637 | return ops->vidioc_s_fmt_sliced_vbi_out(file, fh, arg); | ||
| 1638 | case V4L2_BUF_TYPE_SDR_CAPTURE: | ||
| 1639 | if (unlikely(!ops->vidioc_s_fmt_sdr_cap)) | ||
| 1640 | break; | ||
| 1641 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
| 1642 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
| 1643 | return ops->vidioc_s_fmt_sdr_cap(file, fh, arg); | ||
| 1644 | case V4L2_BUF_TYPE_SDR_OUTPUT: | ||
| 1645 | if (unlikely(!ops->vidioc_s_fmt_sdr_out)) | ||
| 1646 | break; | ||
| 1647 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
| 1648 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
| 1649 | return ops->vidioc_s_fmt_sdr_out(file, fh, arg); | ||
| 1650 | case V4L2_BUF_TYPE_META_CAPTURE: | ||
| 1651 | if (unlikely(!ops->vidioc_s_fmt_meta_cap)) | ||
| 1652 | @@ -1707,12 +1707,12 @@ static int v4l_try_fmt(const struct v4l2_ioctl_ops *ops, | ||
| 1653 | case V4L2_BUF_TYPE_VBI_CAPTURE: | ||
| 1654 | if (unlikely(!ops->vidioc_try_fmt_vbi_cap)) | ||
| 1655 | break; | ||
| 1656 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
| 1657 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
| 1658 | return ops->vidioc_try_fmt_vbi_cap(file, fh, arg); | ||
| 1659 | case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: | ||
| 1660 | if (unlikely(!ops->vidioc_try_fmt_sliced_vbi_cap)) | ||
| 1661 | break; | ||
| 1662 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
| 1663 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
| 1664 | return ops->vidioc_try_fmt_sliced_vbi_cap(file, fh, arg); | ||
| 1665 | case V4L2_BUF_TYPE_VIDEO_OUTPUT: | ||
| 1666 | if (unlikely(!ops->vidioc_try_fmt_vid_out)) | ||
| 1667 | @@ -1738,22 +1738,22 @@ static int v4l_try_fmt(const struct v4l2_ioctl_ops *ops, | ||
| 1668 | case V4L2_BUF_TYPE_VBI_OUTPUT: | ||
| 1669 | if (unlikely(!ops->vidioc_try_fmt_vbi_out)) | ||
| 1670 | break; | ||
| 1671 | - CLEAR_AFTER_FIELD(p, fmt.vbi); | ||
| 1672 | + CLEAR_AFTER_FIELD(p, fmt.vbi.flags); | ||
| 1673 | return ops->vidioc_try_fmt_vbi_out(file, fh, arg); | ||
| 1674 | case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: | ||
| 1675 | if (unlikely(!ops->vidioc_try_fmt_sliced_vbi_out)) | ||
| 1676 | break; | ||
| 1677 | - CLEAR_AFTER_FIELD(p, fmt.sliced); | ||
| 1678 | + CLEAR_AFTER_FIELD(p, fmt.sliced.io_size); | ||
| 1679 | return ops->vidioc_try_fmt_sliced_vbi_out(file, fh, arg); | ||
| 1680 | case V4L2_BUF_TYPE_SDR_CAPTURE: | ||
| 1681 | if (unlikely(!ops->vidioc_try_fmt_sdr_cap)) | ||
| 1682 | break; | ||
| 1683 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
| 1684 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
| 1685 | return ops->vidioc_try_fmt_sdr_cap(file, fh, arg); | ||
| 1686 | case V4L2_BUF_TYPE_SDR_OUTPUT: | ||
| 1687 | if (unlikely(!ops->vidioc_try_fmt_sdr_out)) | ||
| 1688 | break; | ||
| 1689 | - CLEAR_AFTER_FIELD(p, fmt.sdr); | ||
| 1690 | + CLEAR_AFTER_FIELD(p, fmt.sdr.buffersize); | ||
| 1691 | return ops->vidioc_try_fmt_sdr_out(file, fh, arg); | ||
| 1692 | case V4L2_BUF_TYPE_META_CAPTURE: | ||
| 1693 | if (unlikely(!ops->vidioc_try_fmt_meta_cap)) | ||
| 1694 | diff --git a/drivers/mmc/host/sdhci-tegra.c b/drivers/mmc/host/sdhci-tegra.c | ||
| 1695 | index 7bc950520fd9..403ac44a7378 100644 | ||
| 1696 | --- a/drivers/mmc/host/sdhci-tegra.c | ||
| 1697 | +++ b/drivers/mmc/host/sdhci-tegra.c | ||
| 1698 | @@ -386,7 +386,7 @@ static void tegra_sdhci_reset(struct sdhci_host *host, u8 mask) | ||
| 1699 | misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_DDR50; | ||
| 1700 | if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR104) | ||
| 1701 | misc_ctrl |= SDHCI_MISC_CTRL_ENABLE_SDR104; | ||
| 1702 | - if (soc_data->nvquirks & SDHCI_MISC_CTRL_ENABLE_SDR50) | ||
| 1703 | + if (soc_data->nvquirks & NVQUIRK_ENABLE_SDR50) | ||
| 1704 | clk_ctrl |= SDHCI_CLOCK_CTRL_SDR50_TUNING_OVERRIDE; | ||
| 1705 | } | ||
| 1706 | |||
| 1707 | diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c | ||
| 1708 | index 5f9df2dbde06..4478b94d4791 100644 | ||
| 1709 | --- a/drivers/mmc/host/sdhci.c | ||
| 1710 | +++ b/drivers/mmc/host/sdhci.c | ||
| 1711 | @@ -3902,11 +3902,13 @@ int sdhci_setup_host(struct sdhci_host *host) | ||
| 1712 | if (host->ops->get_min_clock) | ||
| 1713 | mmc->f_min = host->ops->get_min_clock(host); | ||
| 1714 | else if (host->version >= SDHCI_SPEC_300) { | ||
| 1715 | - if (host->clk_mul) { | ||
| 1716 | - mmc->f_min = (host->max_clk * host->clk_mul) / 1024; | ||
| 1717 | + if (host->clk_mul) | ||
| 1718 | max_clk = host->max_clk * host->clk_mul; | ||
| 1719 | - } else | ||
| 1720 | - mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_300; | ||
| 1721 | + /* | ||
| 1722 | + * Divided Clock Mode minimum clock rate is always less than | ||
| 1723 | + * Programmable Clock Mode minimum clock rate. | ||
| 1724 | + */ | ||
| 1725 | + mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_300; | ||
| 1726 | } else | ||
| 1727 | mmc->f_min = host->max_clk / SDHCI_MAX_DIV_SPEC_200; | ||
| 1728 | |||
| 1729 | diff --git a/drivers/mmc/host/sdhci_am654.c b/drivers/mmc/host/sdhci_am654.c | ||
| 1730 | index bb90757ecace..4cbb764c9822 100644 | ||
| 1731 | --- a/drivers/mmc/host/sdhci_am654.c | ||
| 1732 | +++ b/drivers/mmc/host/sdhci_am654.c | ||
| 1733 | @@ -236,6 +236,22 @@ static void sdhci_am654_write_b(struct sdhci_host *host, u8 val, int reg) | ||
| 1734 | writeb(val, host->ioaddr + reg); | ||
| 1735 | } | ||
| 1736 | |||
| 1737 | +static int sdhci_am654_execute_tuning(struct mmc_host *mmc, u32 opcode) | ||
| 1738 | +{ | ||
| 1739 | + struct sdhci_host *host = mmc_priv(mmc); | ||
| 1740 | + int err = sdhci_execute_tuning(mmc, opcode); | ||
| 1741 | + | ||
| 1742 | + if (err) | ||
| 1743 | + return err; | ||
| 1744 | + /* | ||
| 1745 | + * Tuning data remains in the buffer after tuning. | ||
| 1746 | + * Do a command and data reset to get rid of it | ||
| 1747 | + */ | ||
| 1748 | + sdhci_reset(host, SDHCI_RESET_CMD | SDHCI_RESET_DATA); | ||
| 1749 | + | ||
| 1750 | + return 0; | ||
| 1751 | +} | ||
| 1752 | + | ||
| 1753 | static struct sdhci_ops sdhci_am654_ops = { | ||
| 1754 | .get_max_clock = sdhci_pltfm_clk_get_max_clock, | ||
| 1755 | .get_timeout_clock = sdhci_pltfm_clk_get_max_clock, | ||
| 1756 | @@ -249,8 +265,7 @@ static struct sdhci_ops sdhci_am654_ops = { | ||
| 1757 | |||
| 1758 | static const struct sdhci_pltfm_data sdhci_am654_pdata = { | ||
| 1759 | .ops = &sdhci_am654_ops, | ||
| 1760 | - .quirks = SDHCI_QUIRK_INVERTED_WRITE_PROTECT | | ||
| 1761 | - SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
| 1762 | + .quirks = SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
| 1763 | .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN, | ||
| 1764 | }; | ||
| 1765 | |||
| 1766 | @@ -272,8 +287,7 @@ static struct sdhci_ops sdhci_j721e_8bit_ops = { | ||
| 1767 | |||
| 1768 | static const struct sdhci_pltfm_data sdhci_j721e_8bit_pdata = { | ||
| 1769 | .ops = &sdhci_j721e_8bit_ops, | ||
| 1770 | - .quirks = SDHCI_QUIRK_INVERTED_WRITE_PROTECT | | ||
| 1771 | - SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
| 1772 | + .quirks = SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
| 1773 | .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN, | ||
| 1774 | }; | ||
| 1775 | |||
| 1776 | @@ -295,8 +309,7 @@ static struct sdhci_ops sdhci_j721e_4bit_ops = { | ||
| 1777 | |||
| 1778 | static const struct sdhci_pltfm_data sdhci_j721e_4bit_pdata = { | ||
| 1779 | .ops = &sdhci_j721e_4bit_ops, | ||
| 1780 | - .quirks = SDHCI_QUIRK_INVERTED_WRITE_PROTECT | | ||
| 1781 | - SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
| 1782 | + .quirks = SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12, | ||
| 1783 | .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN, | ||
| 1784 | }; | ||
| 1785 | |||
| 1786 | @@ -480,6 +493,8 @@ static int sdhci_am654_probe(struct platform_device *pdev) | ||
| 1787 | goto pm_runtime_put; | ||
| 1788 | } | ||
| 1789 | |||
| 1790 | + host->mmc_host_ops.execute_tuning = sdhci_am654_execute_tuning; | ||
| 1791 | + | ||
| 1792 | ret = sdhci_am654_init(host); | ||
| 1793 | if (ret) | ||
| 1794 | goto pm_runtime_put; | ||
| 1795 | diff --git a/drivers/net/can/slcan.c b/drivers/net/can/slcan.c | ||
| 1796 | index 2e57122f02fb..2f5c287eac95 100644 | ||
| 1797 | --- a/drivers/net/can/slcan.c | ||
| 1798 | +++ b/drivers/net/can/slcan.c | ||
| 1799 | @@ -344,9 +344,16 @@ static void slcan_transmit(struct work_struct *work) | ||
| 1800 | */ | ||
| 1801 | static void slcan_write_wakeup(struct tty_struct *tty) | ||
| 1802 | { | ||
| 1803 | - struct slcan *sl = tty->disc_data; | ||
| 1804 | + struct slcan *sl; | ||
| 1805 | + | ||
| 1806 | + rcu_read_lock(); | ||
| 1807 | + sl = rcu_dereference(tty->disc_data); | ||
| 1808 | + if (!sl) | ||
| 1809 | + goto out; | ||
| 1810 | |||
| 1811 | schedule_work(&sl->tx_work); | ||
| 1812 | +out: | ||
| 1813 | + rcu_read_unlock(); | ||
| 1814 | } | ||
| 1815 | |||
| 1816 | /* Send a can_frame to a TTY queue. */ | ||
| 1817 | @@ -644,10 +651,11 @@ static void slcan_close(struct tty_struct *tty) | ||
| 1818 | return; | ||
| 1819 | |||
| 1820 | spin_lock_bh(&sl->lock); | ||
| 1821 | - tty->disc_data = NULL; | ||
| 1822 | + rcu_assign_pointer(tty->disc_data, NULL); | ||
| 1823 | sl->tty = NULL; | ||
| 1824 | spin_unlock_bh(&sl->lock); | ||
| 1825 | |||
| 1826 | + synchronize_rcu(); | ||
| 1827 | flush_work(&sl->tx_work); | ||
| 1828 | |||
| 1829 | /* Flush network side */ | ||
| 1830 | diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 1831 | index 1de51811fcb4..8f909d57501f 100644 | ||
| 1832 | --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 1833 | +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c | ||
| 1834 | @@ -2164,8 +2164,8 @@ static void bcmgenet_init_tx_ring(struct bcmgenet_priv *priv, | ||
| 1835 | DMA_END_ADDR); | ||
| 1836 | |||
| 1837 | /* Initialize Tx NAPI */ | ||
| 1838 | - netif_napi_add(priv->dev, &ring->napi, bcmgenet_tx_poll, | ||
| 1839 | - NAPI_POLL_WEIGHT); | ||
| 1840 | + netif_tx_napi_add(priv->dev, &ring->napi, bcmgenet_tx_poll, | ||
| 1841 | + NAPI_POLL_WEIGHT); | ||
| 1842 | } | ||
| 1843 | |||
| 1844 | /* Initialize a RDMA ring */ | ||
| 1845 | diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | ||
| 1846 | index 58f89f6a040f..97ff8608f0ab 100644 | ||
| 1847 | --- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | ||
| 1848 | +++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | ||
| 1849 | @@ -2448,6 +2448,8 @@ static int cxgb_extension_ioctl(struct net_device *dev, void __user *useraddr) | ||
| 1850 | |||
| 1851 | if (!is_offload(adapter)) | ||
| 1852 | return -EOPNOTSUPP; | ||
| 1853 | + if (!capable(CAP_NET_ADMIN)) | ||
| 1854 | + return -EPERM; | ||
| 1855 | if (!(adapter->flags & FULL_INIT_DONE)) | ||
| 1856 | return -EIO; /* need the memory controllers */ | ||
| 1857 | if (copy_from_user(&t, useraddr, sizeof(t))) | ||
| 1858 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | ||
| 1859 | index 778dab1af8fc..f260dd96873b 100644 | ||
| 1860 | --- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | ||
| 1861 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c | ||
| 1862 | @@ -180,7 +180,7 @@ mlx5e_ktls_tx_post_param_wqes(struct mlx5e_txqsq *sq, | ||
| 1863 | |||
| 1864 | struct tx_sync_info { | ||
| 1865 | u64 rcd_sn; | ||
| 1866 | - s32 sync_len; | ||
| 1867 | + u32 sync_len; | ||
| 1868 | int nr_frags; | ||
| 1869 | skb_frag_t frags[MAX_SKB_FRAGS]; | ||
| 1870 | }; | ||
| 1871 | @@ -193,13 +193,14 @@ enum mlx5e_ktls_sync_retval { | ||
| 1872 | |||
| 1873 | static enum mlx5e_ktls_sync_retval | ||
| 1874 | tx_sync_info_get(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
| 1875 | - u32 tcp_seq, struct tx_sync_info *info) | ||
| 1876 | + u32 tcp_seq, int datalen, struct tx_sync_info *info) | ||
| 1877 | { | ||
| 1878 | struct tls_offload_context_tx *tx_ctx = priv_tx->tx_ctx; | ||
| 1879 | enum mlx5e_ktls_sync_retval ret = MLX5E_KTLS_SYNC_DONE; | ||
| 1880 | struct tls_record_info *record; | ||
| 1881 | int remaining, i = 0; | ||
| 1882 | unsigned long flags; | ||
| 1883 | + bool ends_before; | ||
| 1884 | |||
| 1885 | spin_lock_irqsave(&tx_ctx->lock, flags); | ||
| 1886 | record = tls_get_record(tx_ctx, tcp_seq, &info->rcd_sn); | ||
| 1887 | @@ -209,9 +210,21 @@ tx_sync_info_get(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
| 1888 | goto out; | ||
| 1889 | } | ||
| 1890 | |||
| 1891 | - if (unlikely(tcp_seq < tls_record_start_seq(record))) { | ||
| 1892 | - ret = tls_record_is_start_marker(record) ? | ||
| 1893 | - MLX5E_KTLS_SYNC_SKIP_NO_DATA : MLX5E_KTLS_SYNC_FAIL; | ||
| 1894 | + /* There are the following cases: | ||
| 1895 | + * 1. packet ends before start marker: bypass offload. | ||
| 1896 | + * 2. packet starts before start marker and ends after it: drop, | ||
| 1897 | + * not supported, breaks contract with kernel. | ||
| 1898 | + * 3. packet ends before tls record info starts: drop, | ||
| 1899 | + * this packet was already acknowledged and its record info | ||
| 1900 | + * was released. | ||
| 1901 | + */ | ||
| 1902 | + ends_before = before(tcp_seq + datalen, tls_record_start_seq(record)); | ||
| 1903 | + | ||
| 1904 | + if (unlikely(tls_record_is_start_marker(record))) { | ||
| 1905 | + ret = ends_before ? MLX5E_KTLS_SYNC_SKIP_NO_DATA : MLX5E_KTLS_SYNC_FAIL; | ||
| 1906 | + goto out; | ||
| 1907 | + } else if (ends_before) { | ||
| 1908 | + ret = MLX5E_KTLS_SYNC_FAIL; | ||
| 1909 | goto out; | ||
| 1910 | } | ||
| 1911 | |||
| 1912 | @@ -337,7 +350,7 @@ mlx5e_ktls_tx_handle_ooo(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
| 1913 | u8 num_wqebbs; | ||
| 1914 | int i = 0; | ||
| 1915 | |||
| 1916 | - ret = tx_sync_info_get(priv_tx, seq, &info); | ||
| 1917 | + ret = tx_sync_info_get(priv_tx, seq, datalen, &info); | ||
| 1918 | if (unlikely(ret != MLX5E_KTLS_SYNC_DONE)) { | ||
| 1919 | if (ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA) { | ||
| 1920 | stats->tls_skip_no_sync_data++; | ||
| 1921 | @@ -351,14 +364,6 @@ mlx5e_ktls_tx_handle_ooo(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
| 1922 | goto err_out; | ||
| 1923 | } | ||
| 1924 | |||
| 1925 | - if (unlikely(info.sync_len < 0)) { | ||
| 1926 | - if (likely(datalen <= -info.sync_len)) | ||
| 1927 | - return MLX5E_KTLS_SYNC_DONE; | ||
| 1928 | - | ||
| 1929 | - stats->tls_drop_bypass_req++; | ||
| 1930 | - goto err_out; | ||
| 1931 | - } | ||
| 1932 | - | ||
| 1933 | stats->tls_ooo++; | ||
| 1934 | |||
| 1935 | tx_post_resync_params(sq, priv_tx, info.rcd_sn); | ||
| 1936 | @@ -378,8 +383,6 @@ mlx5e_ktls_tx_handle_ooo(struct mlx5e_ktls_offload_context_tx *priv_tx, | ||
| 1937 | if (unlikely(contig_wqebbs_room < num_wqebbs)) | ||
| 1938 | mlx5e_fill_sq_frag_edge(sq, wq, pi, contig_wqebbs_room); | ||
| 1939 | |||
| 1940 | - tx_post_resync_params(sq, priv_tx, info.rcd_sn); | ||
| 1941 | - | ||
| 1942 | for (; i < info.nr_frags; i++) { | ||
| 1943 | unsigned int orig_fsz, frag_offset = 0, n = 0; | ||
| 1944 | skb_frag_t *f = &info.frags[i]; | ||
| 1945 | @@ -455,12 +458,18 @@ struct sk_buff *mlx5e_ktls_handle_tx_skb(struct net_device *netdev, | ||
| 1946 | enum mlx5e_ktls_sync_retval ret = | ||
| 1947 | mlx5e_ktls_tx_handle_ooo(priv_tx, sq, datalen, seq); | ||
| 1948 | |||
| 1949 | - if (likely(ret == MLX5E_KTLS_SYNC_DONE)) | ||
| 1950 | + switch (ret) { | ||
| 1951 | + case MLX5E_KTLS_SYNC_DONE: | ||
| 1952 | *wqe = mlx5e_sq_fetch_wqe(sq, sizeof(**wqe), pi); | ||
| 1953 | - else if (ret == MLX5E_KTLS_SYNC_FAIL) | ||
| 1954 | + break; | ||
| 1955 | + case MLX5E_KTLS_SYNC_SKIP_NO_DATA: | ||
| 1956 | + if (likely(!skb->decrypted)) | ||
| 1957 | + goto out; | ||
| 1958 | + WARN_ON_ONCE(1); | ||
| 1959 | + /* fall-through */ | ||
| 1960 | + default: /* MLX5E_KTLS_SYNC_FAIL */ | ||
| 1961 | goto err_out; | ||
| 1962 | - else /* ret == MLX5E_KTLS_SYNC_SKIP_NO_DATA */ | ||
| 1963 | - goto out; | ||
| 1964 | + } | ||
| 1965 | } | ||
| 1966 | |||
| 1967 | priv_tx->expected_seq = seq + datalen; | ||
| 1968 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | ||
| 1969 | index 96711e34d248..1f9107d83848 100644 | ||
| 1970 | --- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | ||
| 1971 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | ||
| 1972 | @@ -3951,6 +3951,13 @@ static int apply_police_params(struct mlx5e_priv *priv, u32 rate, | ||
| 1973 | u32 rate_mbps; | ||
| 1974 | int err; | ||
| 1975 | |||
| 1976 | + vport_num = rpriv->rep->vport; | ||
| 1977 | + if (vport_num >= MLX5_VPORT_ECPF) { | ||
| 1978 | + NL_SET_ERR_MSG_MOD(extack, | ||
| 1979 | + "Ingress rate limit is supported only for Eswitch ports connected to VFs"); | ||
| 1980 | + return -EOPNOTSUPP; | ||
| 1981 | + } | ||
| 1982 | + | ||
| 1983 | esw = priv->mdev->priv.eswitch; | ||
| 1984 | /* rate is given in bytes/sec. | ||
| 1985 | * First convert to bits/sec and then round to the nearest mbit/secs. | ||
| 1986 | @@ -3959,8 +3966,6 @@ static int apply_police_params(struct mlx5e_priv *priv, u32 rate, | ||
| 1987 | * 1 mbit/sec. | ||
| 1988 | */ | ||
| 1989 | rate_mbps = rate ? max_t(u32, (rate * 8 + 500000) / 1000000, 1) : 0; | ||
| 1990 | - vport_num = rpriv->rep->vport; | ||
| 1991 | - | ||
| 1992 | err = mlx5_esw_modify_vport_rate(esw, vport_num, rate_mbps); | ||
| 1993 | if (err) | ||
| 1994 | NL_SET_ERR_MSG_MOD(extack, "failed applying action to hardware"); | ||
| 1995 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | ||
| 1996 | index 9004a07e457a..5acfdea3a75a 100644 | ||
| 1997 | --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | ||
| 1998 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | ||
| 1999 | @@ -858,7 +858,7 @@ out: | ||
| 2000 | */ | ||
| 2001 | #define ESW_SIZE (16 * 1024 * 1024) | ||
| 2002 | const unsigned int ESW_POOLS[4] = { 4 * 1024 * 1024, 1 * 1024 * 1024, | ||
| 2003 | - 64 * 1024, 4 * 1024 }; | ||
| 2004 | + 64 * 1024, 128 }; | ||
| 2005 | |||
| 2006 | static int | ||
| 2007 | get_sz_from_pool(struct mlx5_eswitch *esw) | ||
| 2008 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
| 2009 | index 051ab845b501..c96a0e501007 100644 | ||
| 2010 | --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
| 2011 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
| 2012 | @@ -1569,6 +1569,7 @@ static const struct pci_device_id mlx5_core_pci_table[] = { | ||
| 2013 | { PCI_VDEVICE(MELLANOX, 0x101d) }, /* ConnectX-6 Dx */ | ||
| 2014 | { PCI_VDEVICE(MELLANOX, 0x101e), MLX5_PCI_DEV_IS_VF}, /* ConnectX Family mlx5Gen Virtual Function */ | ||
| 2015 | { PCI_VDEVICE(MELLANOX, 0x101f) }, /* ConnectX-6 LX */ | ||
| 2016 | + { PCI_VDEVICE(MELLANOX, 0x1021) }, /* ConnectX-7 */ | ||
| 2017 | { PCI_VDEVICE(MELLANOX, 0xa2d2) }, /* BlueField integrated ConnectX-5 network controller */ | ||
| 2018 | { PCI_VDEVICE(MELLANOX, 0xa2d3), MLX5_PCI_DEV_IS_VF}, /* BlueField integrated ConnectX-5 network controller VF */ | ||
| 2019 | { PCI_VDEVICE(MELLANOX, 0xa2d6) }, /* BlueField-2 integrated ConnectX-6 Dx network controller */ | ||
| 2020 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | ||
| 2021 | index 51803eef13dd..c7f10d4f8f8d 100644 | ||
| 2022 | --- a/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | ||
| 2023 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c | ||
| 2024 | @@ -1,6 +1,7 @@ | ||
| 2025 | // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB | ||
| 2026 | /* Copyright (c) 2019 Mellanox Technologies. */ | ||
| 2027 | |||
| 2028 | +#include <linux/smp.h> | ||
| 2029 | #include "dr_types.h" | ||
| 2030 | |||
| 2031 | #define QUEUE_SIZE 128 | ||
| 2032 | @@ -729,7 +730,7 @@ static struct mlx5dr_cq *dr_create_cq(struct mlx5_core_dev *mdev, | ||
| 2033 | if (!in) | ||
| 2034 | goto err_cqwq; | ||
| 2035 | |||
| 2036 | - vector = smp_processor_id() % mlx5_comp_vectors_count(mdev); | ||
| 2037 | + vector = raw_smp_processor_id() % mlx5_comp_vectors_count(mdev); | ||
| 2038 | err = mlx5_vector2eqn(mdev, vector, &eqn, &irqn); | ||
| 2039 | if (err) { | ||
| 2040 | kvfree(in); | ||
| 2041 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | ||
| 2042 | index 3d587d0bdbbe..1e32e2443f73 100644 | ||
| 2043 | --- a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | ||
| 2044 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | ||
| 2045 | @@ -352,26 +352,16 @@ static int mlx5_cmd_dr_create_fte(struct mlx5_flow_root_namespace *ns, | ||
| 2046 | if (fte->action.action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) { | ||
| 2047 | list_for_each_entry(dst, &fte->node.children, node.list) { | ||
| 2048 | enum mlx5_flow_destination_type type = dst->dest_attr.type; | ||
| 2049 | - u32 id; | ||
| 2050 | |||
| 2051 | if (num_actions == MLX5_FLOW_CONTEXT_ACTION_MAX) { | ||
| 2052 | err = -ENOSPC; | ||
| 2053 | goto free_actions; | ||
| 2054 | } | ||
| 2055 | |||
| 2056 | - switch (type) { | ||
| 2057 | - case MLX5_FLOW_DESTINATION_TYPE_COUNTER: | ||
| 2058 | - id = dst->dest_attr.counter_id; | ||
| 2059 | + if (type == MLX5_FLOW_DESTINATION_TYPE_COUNTER) | ||
| 2060 | + continue; | ||
| 2061 | |||
| 2062 | - tmp_action = | ||
| 2063 | - mlx5dr_action_create_flow_counter(id); | ||
| 2064 | - if (!tmp_action) { | ||
| 2065 | - err = -ENOMEM; | ||
| 2066 | - goto free_actions; | ||
| 2067 | - } | ||
| 2068 | - fs_dr_actions[fs_dr_num_actions++] = tmp_action; | ||
| 2069 | - actions[num_actions++] = tmp_action; | ||
| 2070 | - break; | ||
| 2071 | + switch (type) { | ||
| 2072 | case MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE: | ||
| 2073 | tmp_action = create_ft_action(dev, dst); | ||
| 2074 | if (!tmp_action) { | ||
| 2075 | @@ -397,6 +387,32 @@ static int mlx5_cmd_dr_create_fte(struct mlx5_flow_root_namespace *ns, | ||
| 2076 | } | ||
| 2077 | } | ||
| 2078 | |||
| 2079 | + if (fte->action.action & MLX5_FLOW_CONTEXT_ACTION_COUNT) { | ||
| 2080 | + list_for_each_entry(dst, &fte->node.children, node.list) { | ||
| 2081 | + u32 id; | ||
| 2082 | + | ||
| 2083 | + if (dst->dest_attr.type != | ||
| 2084 | + MLX5_FLOW_DESTINATION_TYPE_COUNTER) | ||
| 2085 | + continue; | ||
| 2086 | + | ||
| 2087 | + if (num_actions == MLX5_FLOW_CONTEXT_ACTION_MAX) { | ||
| 2088 | + err = -ENOSPC; | ||
| 2089 | + goto free_actions; | ||
| 2090 | + } | ||
| 2091 | + | ||
| 2092 | + id = dst->dest_attr.counter_id; | ||
| 2093 | + tmp_action = | ||
| 2094 | + mlx5dr_action_create_flow_counter(id); | ||
| 2095 | + if (!tmp_action) { | ||
| 2096 | + err = -ENOMEM; | ||
| 2097 | + goto free_actions; | ||
| 2098 | + } | ||
| 2099 | + | ||
| 2100 | + fs_dr_actions[fs_dr_num_actions++] = tmp_action; | ||
| 2101 | + actions[num_actions++] = tmp_action; | ||
| 2102 | + } | ||
| 2103 | + } | ||
| 2104 | + | ||
| 2105 | params.match_sz = match_sz; | ||
| 2106 | params.match_buf = (u64 *)fte->val; | ||
| 2107 | |||
| 2108 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | ||
| 2109 | index 150b3a144b83..3d3cca596116 100644 | ||
| 2110 | --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | ||
| 2111 | +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | ||
| 2112 | @@ -8,6 +8,7 @@ | ||
| 2113 | #include <linux/string.h> | ||
| 2114 | #include <linux/rhashtable.h> | ||
| 2115 | #include <linux/netdevice.h> | ||
| 2116 | +#include <linux/mutex.h> | ||
| 2117 | #include <net/net_namespace.h> | ||
| 2118 | #include <net/tc_act/tc_vlan.h> | ||
| 2119 | |||
| 2120 | @@ -25,6 +26,7 @@ struct mlxsw_sp_acl { | ||
| 2121 | struct mlxsw_sp_fid *dummy_fid; | ||
| 2122 | struct rhashtable ruleset_ht; | ||
| 2123 | struct list_head rules; | ||
| 2124 | + struct mutex rules_lock; /* Protects rules list */ | ||
| 2125 | struct { | ||
| 2126 | struct delayed_work dw; | ||
| 2127 | unsigned long interval; /* ms */ | ||
| 2128 | @@ -701,7 +703,9 @@ int mlxsw_sp_acl_rule_add(struct mlxsw_sp *mlxsw_sp, | ||
| 2129 | goto err_ruleset_block_bind; | ||
| 2130 | } | ||
| 2131 | |||
| 2132 | + mutex_lock(&mlxsw_sp->acl->rules_lock); | ||
| 2133 | list_add_tail(&rule->list, &mlxsw_sp->acl->rules); | ||
| 2134 | + mutex_unlock(&mlxsw_sp->acl->rules_lock); | ||
| 2135 | block->rule_count++; | ||
| 2136 | block->egress_blocker_rule_count += rule->rulei->egress_bind_blocker; | ||
| 2137 | return 0; | ||
| 2138 | @@ -723,7 +727,9 @@ void mlxsw_sp_acl_rule_del(struct mlxsw_sp *mlxsw_sp, | ||
| 2139 | |||
| 2140 | block->egress_blocker_rule_count -= rule->rulei->egress_bind_blocker; | ||
| 2141 | ruleset->ht_key.block->rule_count--; | ||
| 2142 | + mutex_lock(&mlxsw_sp->acl->rules_lock); | ||
| 2143 | list_del(&rule->list); | ||
| 2144 | + mutex_unlock(&mlxsw_sp->acl->rules_lock); | ||
| 2145 | if (!ruleset->ht_key.chain_index && | ||
| 2146 | mlxsw_sp_acl_ruleset_is_singular(ruleset)) | ||
| 2147 | mlxsw_sp_acl_ruleset_block_unbind(mlxsw_sp, ruleset, | ||
| 2148 | @@ -783,19 +789,18 @@ static int mlxsw_sp_acl_rules_activity_update(struct mlxsw_sp_acl *acl) | ||
| 2149 | struct mlxsw_sp_acl_rule *rule; | ||
| 2150 | int err; | ||
| 2151 | |||
| 2152 | - /* Protect internal structures from changes */ | ||
| 2153 | - rtnl_lock(); | ||
| 2154 | + mutex_lock(&acl->rules_lock); | ||
| 2155 | list_for_each_entry(rule, &acl->rules, list) { | ||
| 2156 | err = mlxsw_sp_acl_rule_activity_update(acl->mlxsw_sp, | ||
| 2157 | rule); | ||
| 2158 | if (err) | ||
| 2159 | goto err_rule_update; | ||
| 2160 | } | ||
| 2161 | - rtnl_unlock(); | ||
| 2162 | + mutex_unlock(&acl->rules_lock); | ||
| 2163 | return 0; | ||
| 2164 | |||
| 2165 | err_rule_update: | ||
| 2166 | - rtnl_unlock(); | ||
| 2167 | + mutex_unlock(&acl->rules_lock); | ||
| 2168 | return err; | ||
| 2169 | } | ||
| 2170 | |||
| 2171 | @@ -880,6 +885,7 @@ int mlxsw_sp_acl_init(struct mlxsw_sp *mlxsw_sp) | ||
| 2172 | acl->dummy_fid = fid; | ||
| 2173 | |||
| 2174 | INIT_LIST_HEAD(&acl->rules); | ||
| 2175 | + mutex_init(&acl->rules_lock); | ||
| 2176 | err = mlxsw_sp_acl_tcam_init(mlxsw_sp, &acl->tcam); | ||
| 2177 | if (err) | ||
| 2178 | goto err_acl_ops_init; | ||
| 2179 | @@ -892,6 +898,7 @@ int mlxsw_sp_acl_init(struct mlxsw_sp *mlxsw_sp) | ||
| 2180 | return 0; | ||
| 2181 | |||
| 2182 | err_acl_ops_init: | ||
| 2183 | + mutex_destroy(&acl->rules_lock); | ||
| 2184 | mlxsw_sp_fid_put(fid); | ||
| 2185 | err_fid_get: | ||
| 2186 | rhashtable_destroy(&acl->ruleset_ht); | ||
| 2187 | @@ -908,6 +915,7 @@ void mlxsw_sp_acl_fini(struct mlxsw_sp *mlxsw_sp) | ||
| 2188 | |||
| 2189 | cancel_delayed_work_sync(&mlxsw_sp->acl->rule_activity_update.dw); | ||
| 2190 | mlxsw_sp_acl_tcam_fini(mlxsw_sp, &acl->tcam); | ||
| 2191 | + mutex_destroy(&acl->rules_lock); | ||
| 2192 | WARN_ON(!list_empty(&acl->rules)); | ||
| 2193 | mlxsw_sp_fid_put(acl->dummy_fid); | ||
| 2194 | rhashtable_destroy(&acl->ruleset_ht); | ||
| 2195 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/switchx2.c b/drivers/net/ethernet/mellanox/mlxsw/switchx2.c | ||
| 2196 | index 1c14c051ee52..63e7a058b7c6 100644 | ||
| 2197 | --- a/drivers/net/ethernet/mellanox/mlxsw/switchx2.c | ||
| 2198 | +++ b/drivers/net/ethernet/mellanox/mlxsw/switchx2.c | ||
| 2199 | @@ -299,22 +299,17 @@ static netdev_tx_t mlxsw_sx_port_xmit(struct sk_buff *skb, | ||
| 2200 | u64 len; | ||
| 2201 | int err; | ||
| 2202 | |||
| 2203 | + if (skb_cow_head(skb, MLXSW_TXHDR_LEN)) { | ||
| 2204 | + this_cpu_inc(mlxsw_sx_port->pcpu_stats->tx_dropped); | ||
| 2205 | + dev_kfree_skb_any(skb); | ||
| 2206 | + return NETDEV_TX_OK; | ||
| 2207 | + } | ||
| 2208 | + | ||
| 2209 | memset(skb->cb, 0, sizeof(struct mlxsw_skb_cb)); | ||
| 2210 | |||
| 2211 | if (mlxsw_core_skb_transmit_busy(mlxsw_sx->core, &tx_info)) | ||
| 2212 | return NETDEV_TX_BUSY; | ||
| 2213 | |||
| 2214 | - if (unlikely(skb_headroom(skb) < MLXSW_TXHDR_LEN)) { | ||
| 2215 | - struct sk_buff *skb_orig = skb; | ||
| 2216 | - | ||
| 2217 | - skb = skb_realloc_headroom(skb, MLXSW_TXHDR_LEN); | ||
| 2218 | - if (!skb) { | ||
| 2219 | - this_cpu_inc(mlxsw_sx_port->pcpu_stats->tx_dropped); | ||
| 2220 | - dev_kfree_skb_any(skb_orig); | ||
| 2221 | - return NETDEV_TX_OK; | ||
| 2222 | - } | ||
| 2223 | - dev_consume_skb_any(skb_orig); | ||
| 2224 | - } | ||
| 2225 | mlxsw_sx_txhdr_construct(skb, &tx_info); | ||
| 2226 | /* TX header is consumed by HW on the way so we shouldn't count its | ||
| 2227 | * bytes as being sent. | ||
| 2228 | diff --git a/drivers/net/ethernet/natsemi/sonic.c b/drivers/net/ethernet/natsemi/sonic.c | ||
| 2229 | index b339125b2f09..05e760444a92 100644 | ||
| 2230 | --- a/drivers/net/ethernet/natsemi/sonic.c | ||
| 2231 | +++ b/drivers/net/ethernet/natsemi/sonic.c | ||
| 2232 | @@ -64,6 +64,8 @@ static int sonic_open(struct net_device *dev) | ||
| 2233 | |||
| 2234 | netif_dbg(lp, ifup, dev, "%s: initializing sonic driver\n", __func__); | ||
| 2235 | |||
| 2236 | + spin_lock_init(&lp->lock); | ||
| 2237 | + | ||
| 2238 | for (i = 0; i < SONIC_NUM_RRS; i++) { | ||
| 2239 | struct sk_buff *skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); | ||
| 2240 | if (skb == NULL) { | ||
| 2241 | @@ -114,6 +116,24 @@ static int sonic_open(struct net_device *dev) | ||
| 2242 | return 0; | ||
| 2243 | } | ||
| 2244 | |||
| 2245 | +/* Wait for the SONIC to become idle. */ | ||
| 2246 | +static void sonic_quiesce(struct net_device *dev, u16 mask) | ||
| 2247 | +{ | ||
| 2248 | + struct sonic_local * __maybe_unused lp = netdev_priv(dev); | ||
| 2249 | + int i; | ||
| 2250 | + u16 bits; | ||
| 2251 | + | ||
| 2252 | + for (i = 0; i < 1000; ++i) { | ||
| 2253 | + bits = SONIC_READ(SONIC_CMD) & mask; | ||
| 2254 | + if (!bits) | ||
| 2255 | + return; | ||
| 2256 | + if (irqs_disabled() || in_interrupt()) | ||
| 2257 | + udelay(20); | ||
| 2258 | + else | ||
| 2259 | + usleep_range(100, 200); | ||
| 2260 | + } | ||
| 2261 | + WARN_ONCE(1, "command deadline expired! 0x%04x\n", bits); | ||
| 2262 | +} | ||
| 2263 | |||
| 2264 | /* | ||
| 2265 | * Close the SONIC device | ||
| 2266 | @@ -130,6 +150,9 @@ static int sonic_close(struct net_device *dev) | ||
| 2267 | /* | ||
| 2268 | * stop the SONIC, disable interrupts | ||
| 2269 | */ | ||
| 2270 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); | ||
| 2271 | + sonic_quiesce(dev, SONIC_CR_ALL); | ||
| 2272 | + | ||
| 2273 | SONIC_WRITE(SONIC_IMR, 0); | ||
| 2274 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
| 2275 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); | ||
| 2276 | @@ -169,6 +192,9 @@ static void sonic_tx_timeout(struct net_device *dev) | ||
| 2277 | * put the Sonic into software-reset mode and | ||
| 2278 | * disable all interrupts before releasing DMA buffers | ||
| 2279 | */ | ||
| 2280 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); | ||
| 2281 | + sonic_quiesce(dev, SONIC_CR_ALL); | ||
| 2282 | + | ||
| 2283 | SONIC_WRITE(SONIC_IMR, 0); | ||
| 2284 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
| 2285 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); | ||
| 2286 | @@ -206,8 +232,6 @@ static void sonic_tx_timeout(struct net_device *dev) | ||
| 2287 | * wake the tx queue | ||
| 2288 | * Concurrently with all of this, the SONIC is potentially writing to | ||
| 2289 | * the status flags of the TDs. | ||
| 2290 | - * Until some mutual exclusion is added, this code will not work with SMP. However, | ||
| 2291 | - * MIPS Jazz machines and m68k Macs were all uni-processor machines. | ||
| 2292 | */ | ||
| 2293 | |||
| 2294 | static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
| 2295 | @@ -215,7 +239,8 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
| 2296 | struct sonic_local *lp = netdev_priv(dev); | ||
| 2297 | dma_addr_t laddr; | ||
| 2298 | int length; | ||
| 2299 | - int entry = lp->next_tx; | ||
| 2300 | + int entry; | ||
| 2301 | + unsigned long flags; | ||
| 2302 | |||
| 2303 | netif_dbg(lp, tx_queued, dev, "%s: skb=%p\n", __func__, skb); | ||
| 2304 | |||
| 2305 | @@ -237,6 +262,10 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
| 2306 | return NETDEV_TX_OK; | ||
| 2307 | } | ||
| 2308 | |||
| 2309 | + spin_lock_irqsave(&lp->lock, flags); | ||
| 2310 | + | ||
| 2311 | + entry = lp->next_tx; | ||
| 2312 | + | ||
| 2313 | sonic_tda_put(dev, entry, SONIC_TD_STATUS, 0); /* clear status */ | ||
| 2314 | sonic_tda_put(dev, entry, SONIC_TD_FRAG_COUNT, 1); /* single fragment */ | ||
| 2315 | sonic_tda_put(dev, entry, SONIC_TD_PKTSIZE, length); /* length of packet */ | ||
| 2316 | @@ -246,10 +275,6 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
| 2317 | sonic_tda_put(dev, entry, SONIC_TD_LINK, | ||
| 2318 | sonic_tda_get(dev, entry, SONIC_TD_LINK) | SONIC_EOL); | ||
| 2319 | |||
| 2320 | - /* | ||
| 2321 | - * Must set tx_skb[entry] only after clearing status, and | ||
| 2322 | - * before clearing EOL and before stopping queue | ||
| 2323 | - */ | ||
| 2324 | wmb(); | ||
| 2325 | lp->tx_len[entry] = length; | ||
| 2326 | lp->tx_laddr[entry] = laddr; | ||
| 2327 | @@ -272,6 +297,8 @@ static int sonic_send_packet(struct sk_buff *skb, struct net_device *dev) | ||
| 2328 | |||
| 2329 | SONIC_WRITE(SONIC_CMD, SONIC_CR_TXP); | ||
| 2330 | |||
| 2331 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
| 2332 | + | ||
| 2333 | return NETDEV_TX_OK; | ||
| 2334 | } | ||
| 2335 | |||
| 2336 | @@ -284,15 +311,28 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
| 2337 | struct net_device *dev = dev_id; | ||
| 2338 | struct sonic_local *lp = netdev_priv(dev); | ||
| 2339 | int status; | ||
| 2340 | + unsigned long flags; | ||
| 2341 | + | ||
| 2342 | + /* The lock has two purposes. Firstly, it synchronizes sonic_interrupt() | ||
| 2343 | + * with sonic_send_packet() so that the two functions can share state. | ||
| 2344 | + * Secondly, it makes sonic_interrupt() re-entrant, as that is required | ||
| 2345 | + * by macsonic which must use two IRQs with different priority levels. | ||
| 2346 | + */ | ||
| 2347 | + spin_lock_irqsave(&lp->lock, flags); | ||
| 2348 | + | ||
| 2349 | + status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT; | ||
| 2350 | + if (!status) { | ||
| 2351 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
| 2352 | |||
| 2353 | - if (!(status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT)) | ||
| 2354 | return IRQ_NONE; | ||
| 2355 | + } | ||
| 2356 | |||
| 2357 | do { | ||
| 2358 | + SONIC_WRITE(SONIC_ISR, status); /* clear the interrupt(s) */ | ||
| 2359 | + | ||
| 2360 | if (status & SONIC_INT_PKTRX) { | ||
| 2361 | netif_dbg(lp, intr, dev, "%s: packet rx\n", __func__); | ||
| 2362 | sonic_rx(dev); /* got packet(s) */ | ||
| 2363 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_PKTRX); /* clear the interrupt */ | ||
| 2364 | } | ||
| 2365 | |||
| 2366 | if (status & SONIC_INT_TXDN) { | ||
| 2367 | @@ -300,11 +340,12 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
| 2368 | int td_status; | ||
| 2369 | int freed_some = 0; | ||
| 2370 | |||
| 2371 | - /* At this point, cur_tx is the index of a TD that is one of: | ||
| 2372 | - * unallocated/freed (status set & tx_skb[entry] clear) | ||
| 2373 | - * allocated and sent (status set & tx_skb[entry] set ) | ||
| 2374 | - * allocated and not yet sent (status clear & tx_skb[entry] set ) | ||
| 2375 | - * still being allocated by sonic_send_packet (status clear & tx_skb[entry] clear) | ||
| 2376 | + /* The state of a Transmit Descriptor may be inferred | ||
| 2377 | + * from { tx_skb[entry], td_status } as follows. | ||
| 2378 | + * { clear, clear } => the TD has never been used | ||
| 2379 | + * { set, clear } => the TD was handed to SONIC | ||
| 2380 | + * { set, set } => the TD was handed back | ||
| 2381 | + * { clear, set } => the TD is available for re-use | ||
| 2382 | */ | ||
| 2383 | |||
| 2384 | netif_dbg(lp, intr, dev, "%s: tx done\n", __func__); | ||
| 2385 | @@ -313,18 +354,19 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
| 2386 | if ((td_status = sonic_tda_get(dev, entry, SONIC_TD_STATUS)) == 0) | ||
| 2387 | break; | ||
| 2388 | |||
| 2389 | - if (td_status & 0x0001) { | ||
| 2390 | + if (td_status & SONIC_TCR_PTX) { | ||
| 2391 | lp->stats.tx_packets++; | ||
| 2392 | lp->stats.tx_bytes += sonic_tda_get(dev, entry, SONIC_TD_PKTSIZE); | ||
| 2393 | } else { | ||
| 2394 | - lp->stats.tx_errors++; | ||
| 2395 | - if (td_status & 0x0642) | ||
| 2396 | + if (td_status & (SONIC_TCR_EXD | | ||
| 2397 | + SONIC_TCR_EXC | SONIC_TCR_BCM)) | ||
| 2398 | lp->stats.tx_aborted_errors++; | ||
| 2399 | - if (td_status & 0x0180) | ||
| 2400 | + if (td_status & | ||
| 2401 | + (SONIC_TCR_NCRS | SONIC_TCR_CRLS)) | ||
| 2402 | lp->stats.tx_carrier_errors++; | ||
| 2403 | - if (td_status & 0x0020) | ||
| 2404 | + if (td_status & SONIC_TCR_OWC) | ||
| 2405 | lp->stats.tx_window_errors++; | ||
| 2406 | - if (td_status & 0x0004) | ||
| 2407 | + if (td_status & SONIC_TCR_FU) | ||
| 2408 | lp->stats.tx_fifo_errors++; | ||
| 2409 | } | ||
| 2410 | |||
| 2411 | @@ -346,7 +388,6 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
| 2412 | if (freed_some || lp->tx_skb[entry] == NULL) | ||
| 2413 | netif_wake_queue(dev); /* The ring is no longer full */ | ||
| 2414 | lp->cur_tx = entry; | ||
| 2415 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_TXDN); /* clear the interrupt */ | ||
| 2416 | } | ||
| 2417 | |||
| 2418 | /* | ||
| 2419 | @@ -355,42 +396,37 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
| 2420 | if (status & SONIC_INT_RFO) { | ||
| 2421 | netif_dbg(lp, rx_err, dev, "%s: rx fifo overrun\n", | ||
| 2422 | __func__); | ||
| 2423 | - lp->stats.rx_fifo_errors++; | ||
| 2424 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RFO); /* clear the interrupt */ | ||
| 2425 | } | ||
| 2426 | if (status & SONIC_INT_RDE) { | ||
| 2427 | netif_dbg(lp, rx_err, dev, "%s: rx descriptors exhausted\n", | ||
| 2428 | __func__); | ||
| 2429 | - lp->stats.rx_dropped++; | ||
| 2430 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RDE); /* clear the interrupt */ | ||
| 2431 | } | ||
| 2432 | if (status & SONIC_INT_RBAE) { | ||
| 2433 | netif_dbg(lp, rx_err, dev, "%s: rx buffer area exceeded\n", | ||
| 2434 | __func__); | ||
| 2435 | - lp->stats.rx_dropped++; | ||
| 2436 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RBAE); /* clear the interrupt */ | ||
| 2437 | } | ||
| 2438 | |||
| 2439 | /* counter overruns; all counters are 16bit wide */ | ||
| 2440 | - if (status & SONIC_INT_FAE) { | ||
| 2441 | + if (status & SONIC_INT_FAE) | ||
| 2442 | lp->stats.rx_frame_errors += 65536; | ||
| 2443 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_FAE); /* clear the interrupt */ | ||
| 2444 | - } | ||
| 2445 | - if (status & SONIC_INT_CRC) { | ||
| 2446 | + if (status & SONIC_INT_CRC) | ||
| 2447 | lp->stats.rx_crc_errors += 65536; | ||
| 2448 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_CRC); /* clear the interrupt */ | ||
| 2449 | - } | ||
| 2450 | - if (status & SONIC_INT_MP) { | ||
| 2451 | + if (status & SONIC_INT_MP) | ||
| 2452 | lp->stats.rx_missed_errors += 65536; | ||
| 2453 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_MP); /* clear the interrupt */ | ||
| 2454 | - } | ||
| 2455 | |||
| 2456 | /* transmit error */ | ||
| 2457 | if (status & SONIC_INT_TXER) { | ||
| 2458 | - if (SONIC_READ(SONIC_TCR) & SONIC_TCR_FU) | ||
| 2459 | - netif_dbg(lp, tx_err, dev, "%s: tx fifo underrun\n", | ||
| 2460 | - __func__); | ||
| 2461 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_TXER); /* clear the interrupt */ | ||
| 2462 | + u16 tcr = SONIC_READ(SONIC_TCR); | ||
| 2463 | + | ||
| 2464 | + netif_dbg(lp, tx_err, dev, "%s: TXER intr, TCR %04x\n", | ||
| 2465 | + __func__, tcr); | ||
| 2466 | + | ||
| 2467 | + if (tcr & (SONIC_TCR_EXD | SONIC_TCR_EXC | | ||
| 2468 | + SONIC_TCR_FU | SONIC_TCR_BCM)) { | ||
| 2469 | + /* Aborted transmission. Try again. */ | ||
| 2470 | + netif_stop_queue(dev); | ||
| 2471 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_TXP); | ||
| 2472 | + } | ||
| 2473 | } | ||
| 2474 | |||
| 2475 | /* bus retry */ | ||
| 2476 | @@ -400,107 +436,164 @@ static irqreturn_t sonic_interrupt(int irq, void *dev_id) | ||
| 2477 | /* ... to help debug DMA problems causing endless interrupts. */ | ||
| 2478 | /* Bounce the eth interface to turn on the interrupt again. */ | ||
| 2479 | SONIC_WRITE(SONIC_IMR, 0); | ||
| 2480 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_BR); /* clear the interrupt */ | ||
| 2481 | } | ||
| 2482 | |||
| 2483 | - /* load CAM done */ | ||
| 2484 | - if (status & SONIC_INT_LCD) | ||
| 2485 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_LCD); /* clear the interrupt */ | ||
| 2486 | - } while((status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT)); | ||
| 2487 | + status = SONIC_READ(SONIC_ISR) & SONIC_IMR_DEFAULT; | ||
| 2488 | + } while (status); | ||
| 2489 | + | ||
| 2490 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
| 2491 | + | ||
| 2492 | return IRQ_HANDLED; | ||
| 2493 | } | ||
| 2494 | |||
| 2495 | +/* Return the array index corresponding to a given Receive Buffer pointer. */ | ||
| 2496 | +static int index_from_addr(struct sonic_local *lp, dma_addr_t addr, | ||
| 2497 | + unsigned int last) | ||
| 2498 | +{ | ||
| 2499 | + unsigned int i = last; | ||
| 2500 | + | ||
| 2501 | + do { | ||
| 2502 | + i = (i + 1) & SONIC_RRS_MASK; | ||
| 2503 | + if (addr == lp->rx_laddr[i]) | ||
| 2504 | + return i; | ||
| 2505 | + } while (i != last); | ||
| 2506 | + | ||
| 2507 | + return -ENOENT; | ||
| 2508 | +} | ||
| 2509 | + | ||
| 2510 | +/* Allocate and map a new skb to be used as a receive buffer. */ | ||
| 2511 | +static bool sonic_alloc_rb(struct net_device *dev, struct sonic_local *lp, | ||
| 2512 | + struct sk_buff **new_skb, dma_addr_t *new_addr) | ||
| 2513 | +{ | ||
| 2514 | + *new_skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); | ||
| 2515 | + if (!*new_skb) | ||
| 2516 | + return false; | ||
| 2517 | + | ||
| 2518 | + if (SONIC_BUS_SCALE(lp->dma_bitmode) == 2) | ||
| 2519 | + skb_reserve(*new_skb, 2); | ||
| 2520 | + | ||
| 2521 | + *new_addr = dma_map_single(lp->device, skb_put(*new_skb, SONIC_RBSIZE), | ||
| 2522 | + SONIC_RBSIZE, DMA_FROM_DEVICE); | ||
| 2523 | + if (!*new_addr) { | ||
| 2524 | + dev_kfree_skb(*new_skb); | ||
| 2525 | + *new_skb = NULL; | ||
| 2526 | + return false; | ||
| 2527 | + } | ||
| 2528 | + | ||
| 2529 | + return true; | ||
| 2530 | +} | ||
| 2531 | + | ||
| 2532 | +/* Place a new receive resource in the Receive Resource Area and update RWP. */ | ||
| 2533 | +static void sonic_update_rra(struct net_device *dev, struct sonic_local *lp, | ||
| 2534 | + dma_addr_t old_addr, dma_addr_t new_addr) | ||
| 2535 | +{ | ||
| 2536 | + unsigned int entry = sonic_rr_entry(dev, SONIC_READ(SONIC_RWP)); | ||
| 2537 | + unsigned int end = sonic_rr_entry(dev, SONIC_READ(SONIC_RRP)); | ||
| 2538 | + u32 buf; | ||
| 2539 | + | ||
| 2540 | + /* The resources in the range [RRP, RWP) belong to the SONIC. This loop | ||
| 2541 | + * scans the other resources in the RRA, those in the range [RWP, RRP). | ||
| 2542 | + */ | ||
| 2543 | + do { | ||
| 2544 | + buf = (sonic_rra_get(dev, entry, SONIC_RR_BUFADR_H) << 16) | | ||
| 2545 | + sonic_rra_get(dev, entry, SONIC_RR_BUFADR_L); | ||
| 2546 | + | ||
| 2547 | + if (buf == old_addr) | ||
| 2548 | + break; | ||
| 2549 | + | ||
| 2550 | + entry = (entry + 1) & SONIC_RRS_MASK; | ||
| 2551 | + } while (entry != end); | ||
| 2552 | + | ||
| 2553 | + WARN_ONCE(buf != old_addr, "failed to find resource!\n"); | ||
| 2554 | + | ||
| 2555 | + sonic_rra_put(dev, entry, SONIC_RR_BUFADR_H, new_addr >> 16); | ||
| 2556 | + sonic_rra_put(dev, entry, SONIC_RR_BUFADR_L, new_addr & 0xffff); | ||
| 2557 | + | ||
| 2558 | + entry = (entry + 1) & SONIC_RRS_MASK; | ||
| 2559 | + | ||
| 2560 | + SONIC_WRITE(SONIC_RWP, sonic_rr_addr(dev, entry)); | ||
| 2561 | +} | ||
| 2562 | + | ||
| 2563 | /* | ||
| 2564 | * We have a good packet(s), pass it/them up the network stack. | ||
| 2565 | */ | ||
| 2566 | static void sonic_rx(struct net_device *dev) | ||
| 2567 | { | ||
| 2568 | struct sonic_local *lp = netdev_priv(dev); | ||
| 2569 | - int status; | ||
| 2570 | int entry = lp->cur_rx; | ||
| 2571 | + int prev_entry = lp->eol_rx; | ||
| 2572 | + bool rbe = false; | ||
| 2573 | |||
| 2574 | while (sonic_rda_get(dev, entry, SONIC_RD_IN_USE) == 0) { | ||
| 2575 | - struct sk_buff *used_skb; | ||
| 2576 | - struct sk_buff *new_skb; | ||
| 2577 | - dma_addr_t new_laddr; | ||
| 2578 | - u16 bufadr_l; | ||
| 2579 | - u16 bufadr_h; | ||
| 2580 | - int pkt_len; | ||
| 2581 | - | ||
| 2582 | - status = sonic_rda_get(dev, entry, SONIC_RD_STATUS); | ||
| 2583 | - if (status & SONIC_RCR_PRX) { | ||
| 2584 | - /* Malloc up new buffer. */ | ||
| 2585 | - new_skb = netdev_alloc_skb(dev, SONIC_RBSIZE + 2); | ||
| 2586 | - if (new_skb == NULL) { | ||
| 2587 | - lp->stats.rx_dropped++; | ||
| 2588 | + u16 status = sonic_rda_get(dev, entry, SONIC_RD_STATUS); | ||
| 2589 | + | ||
| 2590 | + /* If the RD has LPKT set, the chip has finished with the RB */ | ||
| 2591 | + if ((status & SONIC_RCR_PRX) && (status & SONIC_RCR_LPKT)) { | ||
| 2592 | + struct sk_buff *new_skb; | ||
| 2593 | + dma_addr_t new_laddr; | ||
| 2594 | + u32 addr = (sonic_rda_get(dev, entry, | ||
| 2595 | + SONIC_RD_PKTPTR_H) << 16) | | ||
| 2596 | + sonic_rda_get(dev, entry, SONIC_RD_PKTPTR_L); | ||
| 2597 | + int i = index_from_addr(lp, addr, entry); | ||
| 2598 | + | ||
| 2599 | + if (i < 0) { | ||
| 2600 | + WARN_ONCE(1, "failed to find buffer!\n"); | ||
| 2601 | break; | ||
| 2602 | } | ||
| 2603 | - /* provide 16 byte IP header alignment unless DMA requires otherwise */ | ||
| 2604 | - if(SONIC_BUS_SCALE(lp->dma_bitmode) == 2) | ||
| 2605 | - skb_reserve(new_skb, 2); | ||
| 2606 | - | ||
| 2607 | - new_laddr = dma_map_single(lp->device, skb_put(new_skb, SONIC_RBSIZE), | ||
| 2608 | - SONIC_RBSIZE, DMA_FROM_DEVICE); | ||
| 2609 | - if (!new_laddr) { | ||
| 2610 | - dev_kfree_skb(new_skb); | ||
| 2611 | - printk(KERN_ERR "%s: Failed to map rx buffer, dropping packet.\n", dev->name); | ||
| 2612 | + | ||
| 2613 | + if (sonic_alloc_rb(dev, lp, &new_skb, &new_laddr)) { | ||
| 2614 | + struct sk_buff *used_skb = lp->rx_skb[i]; | ||
| 2615 | + int pkt_len; | ||
| 2616 | + | ||
| 2617 | + /* Pass the used buffer up the stack */ | ||
| 2618 | + dma_unmap_single(lp->device, addr, SONIC_RBSIZE, | ||
| 2619 | + DMA_FROM_DEVICE); | ||
| 2620 | + | ||
| 2621 | + pkt_len = sonic_rda_get(dev, entry, | ||
| 2622 | + SONIC_RD_PKTLEN); | ||
| 2623 | + skb_trim(used_skb, pkt_len); | ||
| 2624 | + used_skb->protocol = eth_type_trans(used_skb, | ||
| 2625 | + dev); | ||
| 2626 | + netif_rx(used_skb); | ||
| 2627 | + lp->stats.rx_packets++; | ||
| 2628 | + lp->stats.rx_bytes += pkt_len; | ||
| 2629 | + | ||
| 2630 | + lp->rx_skb[i] = new_skb; | ||
| 2631 | + lp->rx_laddr[i] = new_laddr; | ||
| 2632 | + } else { | ||
| 2633 | + /* Failed to obtain a new buffer so re-use it */ | ||
| 2634 | + new_laddr = addr; | ||
| 2635 | lp->stats.rx_dropped++; | ||
| 2636 | - break; | ||
| 2637 | } | ||
| 2638 | - | ||
| 2639 | - /* now we have a new skb to replace it, pass the used one up the stack */ | ||
| 2640 | - dma_unmap_single(lp->device, lp->rx_laddr[entry], SONIC_RBSIZE, DMA_FROM_DEVICE); | ||
| 2641 | - used_skb = lp->rx_skb[entry]; | ||
| 2642 | - pkt_len = sonic_rda_get(dev, entry, SONIC_RD_PKTLEN); | ||
| 2643 | - skb_trim(used_skb, pkt_len); | ||
| 2644 | - used_skb->protocol = eth_type_trans(used_skb, dev); | ||
| 2645 | - netif_rx(used_skb); | ||
| 2646 | - lp->stats.rx_packets++; | ||
| 2647 | - lp->stats.rx_bytes += pkt_len; | ||
| 2648 | - | ||
| 2649 | - /* and insert the new skb */ | ||
| 2650 | - lp->rx_laddr[entry] = new_laddr; | ||
| 2651 | - lp->rx_skb[entry] = new_skb; | ||
| 2652 | - | ||
| 2653 | - bufadr_l = (unsigned long)new_laddr & 0xffff; | ||
| 2654 | - bufadr_h = (unsigned long)new_laddr >> 16; | ||
| 2655 | - sonic_rra_put(dev, entry, SONIC_RR_BUFADR_L, bufadr_l); | ||
| 2656 | - sonic_rra_put(dev, entry, SONIC_RR_BUFADR_H, bufadr_h); | ||
| 2657 | - } else { | ||
| 2658 | - /* This should only happen, if we enable accepting broken packets. */ | ||
| 2659 | - lp->stats.rx_errors++; | ||
| 2660 | - if (status & SONIC_RCR_FAER) | ||
| 2661 | - lp->stats.rx_frame_errors++; | ||
| 2662 | - if (status & SONIC_RCR_CRCR) | ||
| 2663 | - lp->stats.rx_crc_errors++; | ||
| 2664 | - } | ||
| 2665 | - if (status & SONIC_RCR_LPKT) { | ||
| 2666 | - /* | ||
| 2667 | - * this was the last packet out of the current receive buffer | ||
| 2668 | - * give the buffer back to the SONIC | ||
| 2669 | + /* If RBE is already asserted when RWP advances then | ||
| 2670 | + * it's safe to clear RBE after processing this packet. | ||
| 2671 | */ | ||
| 2672 | - lp->cur_rwp += SIZEOF_SONIC_RR * SONIC_BUS_SCALE(lp->dma_bitmode); | ||
| 2673 | - if (lp->cur_rwp >= lp->rra_end) lp->cur_rwp = lp->rra_laddr & 0xffff; | ||
| 2674 | - SONIC_WRITE(SONIC_RWP, lp->cur_rwp); | ||
| 2675 | - if (SONIC_READ(SONIC_ISR) & SONIC_INT_RBE) { | ||
| 2676 | - netif_dbg(lp, rx_err, dev, "%s: rx buffer exhausted\n", | ||
| 2677 | - __func__); | ||
| 2678 | - SONIC_WRITE(SONIC_ISR, SONIC_INT_RBE); /* clear the flag */ | ||
| 2679 | - } | ||
| 2680 | - } else | ||
| 2681 | - printk(KERN_ERR "%s: rx desc without RCR_LPKT. Shouldn't happen !?\n", | ||
| 2682 | - dev->name); | ||
| 2683 | + rbe = rbe || SONIC_READ(SONIC_ISR) & SONIC_INT_RBE; | ||
| 2684 | + sonic_update_rra(dev, lp, addr, new_laddr); | ||
| 2685 | + } | ||
| 2686 | /* | ||
| 2687 | * give back the descriptor | ||
| 2688 | */ | ||
| 2689 | - sonic_rda_put(dev, entry, SONIC_RD_LINK, | ||
| 2690 | - sonic_rda_get(dev, entry, SONIC_RD_LINK) | SONIC_EOL); | ||
| 2691 | + sonic_rda_put(dev, entry, SONIC_RD_STATUS, 0); | ||
| 2692 | sonic_rda_put(dev, entry, SONIC_RD_IN_USE, 1); | ||
| 2693 | - sonic_rda_put(dev, lp->eol_rx, SONIC_RD_LINK, | ||
| 2694 | - sonic_rda_get(dev, lp->eol_rx, SONIC_RD_LINK) & ~SONIC_EOL); | ||
| 2695 | - lp->eol_rx = entry; | ||
| 2696 | - lp->cur_rx = entry = (entry + 1) & SONIC_RDS_MASK; | ||
| 2697 | + | ||
| 2698 | + prev_entry = entry; | ||
| 2699 | + entry = (entry + 1) & SONIC_RDS_MASK; | ||
| 2700 | + } | ||
| 2701 | + | ||
| 2702 | + lp->cur_rx = entry; | ||
| 2703 | + | ||
| 2704 | + if (prev_entry != lp->eol_rx) { | ||
| 2705 | + /* Advance the EOL flag to put descriptors back into service */ | ||
| 2706 | + sonic_rda_put(dev, prev_entry, SONIC_RD_LINK, SONIC_EOL | | ||
| 2707 | + sonic_rda_get(dev, prev_entry, SONIC_RD_LINK)); | ||
| 2708 | + sonic_rda_put(dev, lp->eol_rx, SONIC_RD_LINK, ~SONIC_EOL & | ||
| 2709 | + sonic_rda_get(dev, lp->eol_rx, SONIC_RD_LINK)); | ||
| 2710 | + lp->eol_rx = prev_entry; | ||
| 2711 | } | ||
| 2712 | + | ||
| 2713 | + if (rbe) | ||
| 2714 | + SONIC_WRITE(SONIC_ISR, SONIC_INT_RBE); | ||
| 2715 | /* | ||
| 2716 | * If any worth-while packets have been received, netif_rx() | ||
| 2717 | * has done a mark_bh(NET_BH) for us and will work on them | ||
| 2718 | @@ -550,6 +643,8 @@ static void sonic_multicast_list(struct net_device *dev) | ||
| 2719 | (netdev_mc_count(dev) > 15)) { | ||
| 2720 | rcr |= SONIC_RCR_AMC; | ||
| 2721 | } else { | ||
| 2722 | + unsigned long flags; | ||
| 2723 | + | ||
| 2724 | netif_dbg(lp, ifup, dev, "%s: mc_count %d\n", __func__, | ||
| 2725 | netdev_mc_count(dev)); | ||
| 2726 | sonic_set_cam_enable(dev, 1); /* always enable our own address */ | ||
| 2727 | @@ -563,9 +658,14 @@ static void sonic_multicast_list(struct net_device *dev) | ||
| 2728 | i++; | ||
| 2729 | } | ||
| 2730 | SONIC_WRITE(SONIC_CDC, 16); | ||
| 2731 | - /* issue Load CAM command */ | ||
| 2732 | SONIC_WRITE(SONIC_CDP, lp->cda_laddr & 0xffff); | ||
| 2733 | + | ||
| 2734 | + /* LCAM and TXP commands can't be used simultaneously */ | ||
| 2735 | + spin_lock_irqsave(&lp->lock, flags); | ||
| 2736 | + sonic_quiesce(dev, SONIC_CR_TXP); | ||
| 2737 | SONIC_WRITE(SONIC_CMD, SONIC_CR_LCAM); | ||
| 2738 | + sonic_quiesce(dev, SONIC_CR_LCAM); | ||
| 2739 | + spin_unlock_irqrestore(&lp->lock, flags); | ||
| 2740 | } | ||
| 2741 | } | ||
| 2742 | |||
| 2743 | @@ -580,7 +680,6 @@ static void sonic_multicast_list(struct net_device *dev) | ||
| 2744 | */ | ||
| 2745 | static int sonic_init(struct net_device *dev) | ||
| 2746 | { | ||
| 2747 | - unsigned int cmd; | ||
| 2748 | struct sonic_local *lp = netdev_priv(dev); | ||
| 2749 | int i; | ||
| 2750 | |||
| 2751 | @@ -592,12 +691,16 @@ static int sonic_init(struct net_device *dev) | ||
| 2752 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
| 2753 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RST); | ||
| 2754 | |||
| 2755 | + /* While in reset mode, clear CAM Enable register */ | ||
| 2756 | + SONIC_WRITE(SONIC_CE, 0); | ||
| 2757 | + | ||
| 2758 | /* | ||
| 2759 | * clear software reset flag, disable receiver, clear and | ||
| 2760 | * enable interrupts, then completely initialize the SONIC | ||
| 2761 | */ | ||
| 2762 | SONIC_WRITE(SONIC_CMD, 0); | ||
| 2763 | - SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS); | ||
| 2764 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXDIS | SONIC_CR_STP); | ||
| 2765 | + sonic_quiesce(dev, SONIC_CR_ALL); | ||
| 2766 | |||
| 2767 | /* | ||
| 2768 | * initialize the receive resource area | ||
| 2769 | @@ -615,15 +718,10 @@ static int sonic_init(struct net_device *dev) | ||
| 2770 | } | ||
| 2771 | |||
| 2772 | /* initialize all RRA registers */ | ||
| 2773 | - lp->rra_end = (lp->rra_laddr + SONIC_NUM_RRS * SIZEOF_SONIC_RR * | ||
| 2774 | - SONIC_BUS_SCALE(lp->dma_bitmode)) & 0xffff; | ||
| 2775 | - lp->cur_rwp = (lp->rra_laddr + (SONIC_NUM_RRS - 1) * SIZEOF_SONIC_RR * | ||
| 2776 | - SONIC_BUS_SCALE(lp->dma_bitmode)) & 0xffff; | ||
| 2777 | - | ||
| 2778 | - SONIC_WRITE(SONIC_RSA, lp->rra_laddr & 0xffff); | ||
| 2779 | - SONIC_WRITE(SONIC_REA, lp->rra_end); | ||
| 2780 | - SONIC_WRITE(SONIC_RRP, lp->rra_laddr & 0xffff); | ||
| 2781 | - SONIC_WRITE(SONIC_RWP, lp->cur_rwp); | ||
| 2782 | + SONIC_WRITE(SONIC_RSA, sonic_rr_addr(dev, 0)); | ||
| 2783 | + SONIC_WRITE(SONIC_REA, sonic_rr_addr(dev, SONIC_NUM_RRS)); | ||
| 2784 | + SONIC_WRITE(SONIC_RRP, sonic_rr_addr(dev, 0)); | ||
| 2785 | + SONIC_WRITE(SONIC_RWP, sonic_rr_addr(dev, SONIC_NUM_RRS - 1)); | ||
| 2786 | SONIC_WRITE(SONIC_URRA, lp->rra_laddr >> 16); | ||
| 2787 | SONIC_WRITE(SONIC_EOBC, (SONIC_RBSIZE >> 1) - (lp->dma_bitmode ? 2 : 1)); | ||
| 2788 | |||
| 2789 | @@ -631,14 +729,7 @@ static int sonic_init(struct net_device *dev) | ||
| 2790 | netif_dbg(lp, ifup, dev, "%s: issuing RRRA command\n", __func__); | ||
| 2791 | |||
| 2792 | SONIC_WRITE(SONIC_CMD, SONIC_CR_RRRA); | ||
| 2793 | - i = 0; | ||
| 2794 | - while (i++ < 100) { | ||
| 2795 | - if (SONIC_READ(SONIC_CMD) & SONIC_CR_RRRA) | ||
| 2796 | - break; | ||
| 2797 | - } | ||
| 2798 | - | ||
| 2799 | - netif_dbg(lp, ifup, dev, "%s: status=%x, i=%d\n", __func__, | ||
| 2800 | - SONIC_READ(SONIC_CMD), i); | ||
| 2801 | + sonic_quiesce(dev, SONIC_CR_RRRA); | ||
| 2802 | |||
| 2803 | /* | ||
| 2804 | * Initialize the receive descriptors so that they | ||
| 2805 | @@ -713,28 +804,17 @@ static int sonic_init(struct net_device *dev) | ||
| 2806 | * load the CAM | ||
| 2807 | */ | ||
| 2808 | SONIC_WRITE(SONIC_CMD, SONIC_CR_LCAM); | ||
| 2809 | - | ||
| 2810 | - i = 0; | ||
| 2811 | - while (i++ < 100) { | ||
| 2812 | - if (SONIC_READ(SONIC_ISR) & SONIC_INT_LCD) | ||
| 2813 | - break; | ||
| 2814 | - } | ||
| 2815 | - netif_dbg(lp, ifup, dev, "%s: CMD=%x, ISR=%x, i=%d\n", __func__, | ||
| 2816 | - SONIC_READ(SONIC_CMD), SONIC_READ(SONIC_ISR), i); | ||
| 2817 | + sonic_quiesce(dev, SONIC_CR_LCAM); | ||
| 2818 | |||
| 2819 | /* | ||
| 2820 | * enable receiver, disable loopback | ||
| 2821 | * and enable all interrupts | ||
| 2822 | */ | ||
| 2823 | - SONIC_WRITE(SONIC_CMD, SONIC_CR_RXEN | SONIC_CR_STP); | ||
| 2824 | SONIC_WRITE(SONIC_RCR, SONIC_RCR_DEFAULT); | ||
| 2825 | SONIC_WRITE(SONIC_TCR, SONIC_TCR_DEFAULT); | ||
| 2826 | SONIC_WRITE(SONIC_ISR, 0x7fff); | ||
| 2827 | SONIC_WRITE(SONIC_IMR, SONIC_IMR_DEFAULT); | ||
| 2828 | - | ||
| 2829 | - cmd = SONIC_READ(SONIC_CMD); | ||
| 2830 | - if ((cmd & SONIC_CR_RXEN) == 0 || (cmd & SONIC_CR_STP) == 0) | ||
| 2831 | - printk(KERN_ERR "sonic_init: failed, status=%x\n", cmd); | ||
| 2832 | + SONIC_WRITE(SONIC_CMD, SONIC_CR_RXEN); | ||
| 2833 | |||
| 2834 | netif_dbg(lp, ifup, dev, "%s: new status=%x\n", __func__, | ||
| 2835 | SONIC_READ(SONIC_CMD)); | ||
| 2836 | diff --git a/drivers/net/ethernet/natsemi/sonic.h b/drivers/net/ethernet/natsemi/sonic.h | ||
| 2837 | index 2b27f7049acb..1df6d2f06cc4 100644 | ||
| 2838 | --- a/drivers/net/ethernet/natsemi/sonic.h | ||
| 2839 | +++ b/drivers/net/ethernet/natsemi/sonic.h | ||
| 2840 | @@ -110,6 +110,9 @@ | ||
| 2841 | #define SONIC_CR_TXP 0x0002 | ||
| 2842 | #define SONIC_CR_HTX 0x0001 | ||
| 2843 | |||
| 2844 | +#define SONIC_CR_ALL (SONIC_CR_LCAM | SONIC_CR_RRRA | \ | ||
| 2845 | + SONIC_CR_RXEN | SONIC_CR_TXP) | ||
| 2846 | + | ||
| 2847 | /* | ||
| 2848 | * SONIC data configuration bits | ||
| 2849 | */ | ||
| 2850 | @@ -175,6 +178,7 @@ | ||
| 2851 | #define SONIC_TCR_NCRS 0x0100 | ||
| 2852 | #define SONIC_TCR_CRLS 0x0080 | ||
| 2853 | #define SONIC_TCR_EXC 0x0040 | ||
| 2854 | +#define SONIC_TCR_OWC 0x0020 | ||
| 2855 | #define SONIC_TCR_PMB 0x0008 | ||
| 2856 | #define SONIC_TCR_FU 0x0004 | ||
| 2857 | #define SONIC_TCR_BCM 0x0002 | ||
| 2858 | @@ -274,8 +278,9 @@ | ||
| 2859 | #define SONIC_NUM_RDS SONIC_NUM_RRS /* number of receive descriptors */ | ||
| 2860 | #define SONIC_NUM_TDS 16 /* number of transmit descriptors */ | ||
| 2861 | |||
| 2862 | -#define SONIC_RDS_MASK (SONIC_NUM_RDS-1) | ||
| 2863 | -#define SONIC_TDS_MASK (SONIC_NUM_TDS-1) | ||
| 2864 | +#define SONIC_RRS_MASK (SONIC_NUM_RRS - 1) | ||
| 2865 | +#define SONIC_RDS_MASK (SONIC_NUM_RDS - 1) | ||
| 2866 | +#define SONIC_TDS_MASK (SONIC_NUM_TDS - 1) | ||
| 2867 | |||
| 2868 | #define SONIC_RBSIZE 1520 /* size of one resource buffer */ | ||
| 2869 | |||
| 2870 | @@ -312,8 +317,6 @@ struct sonic_local { | ||
| 2871 | u32 rda_laddr; /* logical DMA address of RDA */ | ||
| 2872 | dma_addr_t rx_laddr[SONIC_NUM_RRS]; /* logical DMA addresses of rx skbuffs */ | ||
| 2873 | dma_addr_t tx_laddr[SONIC_NUM_TDS]; /* logical DMA addresses of tx skbuffs */ | ||
| 2874 | - unsigned int rra_end; | ||
| 2875 | - unsigned int cur_rwp; | ||
| 2876 | unsigned int cur_rx; | ||
| 2877 | unsigned int cur_tx; /* first unacked transmit packet */ | ||
| 2878 | unsigned int eol_rx; | ||
| 2879 | @@ -322,6 +325,7 @@ struct sonic_local { | ||
| 2880 | int msg_enable; | ||
| 2881 | struct device *device; /* generic device */ | ||
| 2882 | struct net_device_stats stats; | ||
| 2883 | + spinlock_t lock; | ||
| 2884 | }; | ||
| 2885 | |||
| 2886 | #define TX_TIMEOUT (3 * HZ) | ||
| 2887 | @@ -344,30 +348,30 @@ static void sonic_msg_init(struct net_device *dev); | ||
| 2888 | as far as we can tell. */ | ||
| 2889 | /* OpenBSD calls this "SWO". I'd like to think that sonic_buf_put() | ||
| 2890 | is a much better name. */ | ||
| 2891 | -static inline void sonic_buf_put(void* base, int bitmode, | ||
| 2892 | +static inline void sonic_buf_put(u16 *base, int bitmode, | ||
| 2893 | int offset, __u16 val) | ||
| 2894 | { | ||
| 2895 | if (bitmode) | ||
| 2896 | #ifdef __BIG_ENDIAN | ||
| 2897 | - ((__u16 *) base + (offset*2))[1] = val; | ||
| 2898 | + __raw_writew(val, base + (offset * 2) + 1); | ||
| 2899 | #else | ||
| 2900 | - ((__u16 *) base + (offset*2))[0] = val; | ||
| 2901 | + __raw_writew(val, base + (offset * 2) + 0); | ||
| 2902 | #endif | ||
| 2903 | else | ||
| 2904 | - ((__u16 *) base)[offset] = val; | ||
| 2905 | + __raw_writew(val, base + (offset * 1) + 0); | ||
| 2906 | } | ||
| 2907 | |||
| 2908 | -static inline __u16 sonic_buf_get(void* base, int bitmode, | ||
| 2909 | +static inline __u16 sonic_buf_get(u16 *base, int bitmode, | ||
| 2910 | int offset) | ||
| 2911 | { | ||
| 2912 | if (bitmode) | ||
| 2913 | #ifdef __BIG_ENDIAN | ||
| 2914 | - return ((volatile __u16 *) base + (offset*2))[1]; | ||
| 2915 | + return __raw_readw(base + (offset * 2) + 1); | ||
| 2916 | #else | ||
| 2917 | - return ((volatile __u16 *) base + (offset*2))[0]; | ||
| 2918 | + return __raw_readw(base + (offset * 2) + 0); | ||
| 2919 | #endif | ||
| 2920 | else | ||
| 2921 | - return ((volatile __u16 *) base)[offset]; | ||
| 2922 | + return __raw_readw(base + (offset * 1) + 0); | ||
| 2923 | } | ||
| 2924 | |||
| 2925 | /* Inlines that you should actually use for reading/writing DMA buffers */ | ||
| 2926 | @@ -447,6 +451,22 @@ static inline __u16 sonic_rra_get(struct net_device* dev, int entry, | ||
| 2927 | (entry * SIZEOF_SONIC_RR) + offset); | ||
| 2928 | } | ||
| 2929 | |||
| 2930 | +static inline u16 sonic_rr_addr(struct net_device *dev, int entry) | ||
| 2931 | +{ | ||
| 2932 | + struct sonic_local *lp = netdev_priv(dev); | ||
| 2933 | + | ||
| 2934 | + return lp->rra_laddr + | ||
| 2935 | + entry * SIZEOF_SONIC_RR * SONIC_BUS_SCALE(lp->dma_bitmode); | ||
| 2936 | +} | ||
| 2937 | + | ||
| 2938 | +static inline u16 sonic_rr_entry(struct net_device *dev, u16 addr) | ||
| 2939 | +{ | ||
| 2940 | + struct sonic_local *lp = netdev_priv(dev); | ||
| 2941 | + | ||
| 2942 | + return (addr - (u16)lp->rra_laddr) / (SIZEOF_SONIC_RR * | ||
| 2943 | + SONIC_BUS_SCALE(lp->dma_bitmode)); | ||
| 2944 | +} | ||
| 2945 | + | ||
| 2946 | static const char version[] = | ||
| 2947 | "sonic.c:v0.92 20.9.98 tsbogend@alpha.franken.de\n"; | ||
| 2948 | |||
| 2949 | diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c | ||
| 2950 | index f6222ada6818..9b3ba98726d7 100644 | ||
| 2951 | --- a/drivers/net/gtp.c | ||
| 2952 | +++ b/drivers/net/gtp.c | ||
| 2953 | @@ -804,19 +804,21 @@ static struct sock *gtp_encap_enable_socket(int fd, int type, | ||
| 2954 | return NULL; | ||
| 2955 | } | ||
| 2956 | |||
| 2957 | - if (sock->sk->sk_protocol != IPPROTO_UDP) { | ||
| 2958 | + sk = sock->sk; | ||
| 2959 | + if (sk->sk_protocol != IPPROTO_UDP || | ||
| 2960 | + sk->sk_type != SOCK_DGRAM || | ||
| 2961 | + (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)) { | ||
| 2962 | pr_debug("socket fd=%d not UDP\n", fd); | ||
| 2963 | sk = ERR_PTR(-EINVAL); | ||
| 2964 | goto out_sock; | ||
| 2965 | } | ||
| 2966 | |||
| 2967 | - lock_sock(sock->sk); | ||
| 2968 | - if (sock->sk->sk_user_data) { | ||
| 2969 | + lock_sock(sk); | ||
| 2970 | + if (sk->sk_user_data) { | ||
| 2971 | sk = ERR_PTR(-EBUSY); | ||
| 2972 | goto out_rel_sock; | ||
| 2973 | } | ||
| 2974 | |||
| 2975 | - sk = sock->sk; | ||
| 2976 | sock_hold(sk); | ||
| 2977 | |||
| 2978 | tuncfg.sk_user_data = gtp; | ||
| 2979 | diff --git a/drivers/net/slip/slip.c b/drivers/net/slip/slip.c | ||
| 2980 | index 2a91c192659f..61d7e0d1d77d 100644 | ||
| 2981 | --- a/drivers/net/slip/slip.c | ||
| 2982 | +++ b/drivers/net/slip/slip.c | ||
| 2983 | @@ -452,9 +452,16 @@ static void slip_transmit(struct work_struct *work) | ||
| 2984 | */ | ||
| 2985 | static void slip_write_wakeup(struct tty_struct *tty) | ||
| 2986 | { | ||
| 2987 | - struct slip *sl = tty->disc_data; | ||
| 2988 | + struct slip *sl; | ||
| 2989 | + | ||
| 2990 | + rcu_read_lock(); | ||
| 2991 | + sl = rcu_dereference(tty->disc_data); | ||
| 2992 | + if (!sl) | ||
| 2993 | + goto out; | ||
| 2994 | |||
| 2995 | schedule_work(&sl->tx_work); | ||
| 2996 | +out: | ||
| 2997 | + rcu_read_unlock(); | ||
| 2998 | } | ||
| 2999 | |||
| 3000 | static void sl_tx_timeout(struct net_device *dev) | ||
| 3001 | @@ -882,10 +889,11 @@ static void slip_close(struct tty_struct *tty) | ||
| 3002 | return; | ||
| 3003 | |||
| 3004 | spin_lock_bh(&sl->lock); | ||
| 3005 | - tty->disc_data = NULL; | ||
| 3006 | + rcu_assign_pointer(tty->disc_data, NULL); | ||
| 3007 | sl->tty = NULL; | ||
| 3008 | spin_unlock_bh(&sl->lock); | ||
| 3009 | |||
| 3010 | + synchronize_rcu(); | ||
| 3011 | flush_work(&sl->tx_work); | ||
| 3012 | |||
| 3013 | /* VSV = very important to remove timers */ | ||
| 3014 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c | ||
| 3015 | index 16564ebcde50..69f553a028ee 100644 | ||
| 3016 | --- a/drivers/net/tun.c | ||
| 3017 | +++ b/drivers/net/tun.c | ||
| 3018 | @@ -1936,6 +1936,10 @@ drop: | ||
| 3019 | if (ret != XDP_PASS) { | ||
| 3020 | rcu_read_unlock(); | ||
| 3021 | local_bh_enable(); | ||
| 3022 | + if (frags) { | ||
| 3023 | + tfile->napi.skb = NULL; | ||
| 3024 | + mutex_unlock(&tfile->napi_mutex); | ||
| 3025 | + } | ||
| 3026 | return total_len; | ||
| 3027 | } | ||
| 3028 | } | ||
| 3029 | diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c | ||
| 3030 | index c232f1612083..0170a441208a 100644 | ||
| 3031 | --- a/drivers/net/usb/lan78xx.c | ||
| 3032 | +++ b/drivers/net/usb/lan78xx.c | ||
| 3033 | @@ -20,6 +20,7 @@ | ||
| 3034 | #include <linux/mdio.h> | ||
| 3035 | #include <linux/phy.h> | ||
| 3036 | #include <net/ip6_checksum.h> | ||
| 3037 | +#include <net/vxlan.h> | ||
| 3038 | #include <linux/interrupt.h> | ||
| 3039 | #include <linux/irqdomain.h> | ||
| 3040 | #include <linux/irq.h> | ||
| 3041 | @@ -3668,6 +3669,19 @@ static void lan78xx_tx_timeout(struct net_device *net) | ||
| 3042 | tasklet_schedule(&dev->bh); | ||
| 3043 | } | ||
| 3044 | |||
| 3045 | +static netdev_features_t lan78xx_features_check(struct sk_buff *skb, | ||
| 3046 | + struct net_device *netdev, | ||
| 3047 | + netdev_features_t features) | ||
| 3048 | +{ | ||
| 3049 | + if (skb->len + TX_OVERHEAD > MAX_SINGLE_PACKET_SIZE) | ||
| 3050 | + features &= ~NETIF_F_GSO_MASK; | ||
| 3051 | + | ||
| 3052 | + features = vlan_features_check(skb, features); | ||
| 3053 | + features = vxlan_features_check(skb, features); | ||
| 3054 | + | ||
| 3055 | + return features; | ||
| 3056 | +} | ||
| 3057 | + | ||
| 3058 | static const struct net_device_ops lan78xx_netdev_ops = { | ||
| 3059 | .ndo_open = lan78xx_open, | ||
| 3060 | .ndo_stop = lan78xx_stop, | ||
| 3061 | @@ -3681,6 +3695,7 @@ static const struct net_device_ops lan78xx_netdev_ops = { | ||
| 3062 | .ndo_set_features = lan78xx_set_features, | ||
| 3063 | .ndo_vlan_rx_add_vid = lan78xx_vlan_rx_add_vid, | ||
| 3064 | .ndo_vlan_rx_kill_vid = lan78xx_vlan_rx_kill_vid, | ||
| 3065 | + .ndo_features_check = lan78xx_features_check, | ||
| 3066 | }; | ||
| 3067 | |||
| 3068 | static void lan78xx_stat_monitor(struct timer_list *t) | ||
| 3069 | diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c | ||
| 3070 | index f43c06569ea1..c4c8f1b62e1e 100644 | ||
| 3071 | --- a/drivers/net/wireless/cisco/airo.c | ||
| 3072 | +++ b/drivers/net/wireless/cisco/airo.c | ||
| 3073 | @@ -7790,16 +7790,8 @@ static int readrids(struct net_device *dev, aironet_ioctl *comp) { | ||
| 3074 | case AIROGVLIST: ridcode = RID_APLIST; break; | ||
| 3075 | case AIROGDRVNAM: ridcode = RID_DRVNAME; break; | ||
| 3076 | case AIROGEHTENC: ridcode = RID_ETHERENCAP; break; | ||
| 3077 | - case AIROGWEPKTMP: ridcode = RID_WEP_TEMP; | ||
| 3078 | - /* Only super-user can read WEP keys */ | ||
| 3079 | - if (!capable(CAP_NET_ADMIN)) | ||
| 3080 | - return -EPERM; | ||
| 3081 | - break; | ||
| 3082 | - case AIROGWEPKNV: ridcode = RID_WEP_PERM; | ||
| 3083 | - /* Only super-user can read WEP keys */ | ||
| 3084 | - if (!capable(CAP_NET_ADMIN)) | ||
| 3085 | - return -EPERM; | ||
| 3086 | - break; | ||
| 3087 | + case AIROGWEPKTMP: ridcode = RID_WEP_TEMP; break; | ||
| 3088 | + case AIROGWEPKNV: ridcode = RID_WEP_PERM; break; | ||
| 3089 | case AIROGSTAT: ridcode = RID_STATUS; break; | ||
| 3090 | case AIROGSTATSD32: ridcode = RID_STATSDELTA; break; | ||
| 3091 | case AIROGSTATSC32: ridcode = RID_STATS; break; | ||
| 3092 | @@ -7813,7 +7805,13 @@ static int readrids(struct net_device *dev, aironet_ioctl *comp) { | ||
| 3093 | return -EINVAL; | ||
| 3094 | } | ||
| 3095 | |||
| 3096 | - if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL) | ||
| 3097 | + if (ridcode == RID_WEP_TEMP || ridcode == RID_WEP_PERM) { | ||
| 3098 | + /* Only super-user can read WEP keys */ | ||
| 3099 | + if (!capable(CAP_NET_ADMIN)) | ||
| 3100 | + return -EPERM; | ||
| 3101 | + } | ||
| 3102 | + | ||
| 3103 | + if ((iobuf = kzalloc(RIDSIZE, GFP_KERNEL)) == NULL) | ||
| 3104 | return -ENOMEM; | ||
| 3105 | |||
| 3106 | PC4500_readrid(ai,ridcode,iobuf,RIDSIZE, 1); | ||
| 3107 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/constants.h b/drivers/net/wireless/intel/iwlwifi/mvm/constants.h | ||
| 3108 | index 60aff2ecec12..58df25e2fb32 100644 | ||
| 3109 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/constants.h | ||
| 3110 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/constants.h | ||
| 3111 | @@ -154,5 +154,6 @@ | ||
| 3112 | #define IWL_MVM_D3_DEBUG false | ||
| 3113 | #define IWL_MVM_USE_TWT false | ||
| 3114 | #define IWL_MVM_AMPDU_CONSEC_DROPS_DELBA 10 | ||
| 3115 | +#define IWL_MVM_USE_NSSN_SYNC 0 | ||
| 3116 | |||
| 3117 | #endif /* __MVM_CONSTANTS_H */ | ||
| 3118 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
| 3119 | index d31f96c3f925..49aeab7c27a2 100644 | ||
| 3120 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
| 3121 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | ||
| 3122 | @@ -742,6 +742,20 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm) | ||
| 3123 | return ret; | ||
| 3124 | } | ||
| 3125 | |||
| 3126 | +static void iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3127 | + struct ieee80211_sta *sta) | ||
| 3128 | +{ | ||
| 3129 | + if (likely(sta)) { | ||
| 3130 | + if (likely(iwl_mvm_tx_skb_sta(mvm, skb, sta) == 0)) | ||
| 3131 | + return; | ||
| 3132 | + } else { | ||
| 3133 | + if (likely(iwl_mvm_tx_skb_non_sta(mvm, skb) == 0)) | ||
| 3134 | + return; | ||
| 3135 | + } | ||
| 3136 | + | ||
| 3137 | + ieee80211_free_txskb(mvm->hw, skb); | ||
| 3138 | +} | ||
| 3139 | + | ||
| 3140 | static void iwl_mvm_mac_tx(struct ieee80211_hw *hw, | ||
| 3141 | struct ieee80211_tx_control *control, | ||
| 3142 | struct sk_buff *skb) | ||
| 3143 | @@ -785,14 +799,7 @@ static void iwl_mvm_mac_tx(struct ieee80211_hw *hw, | ||
| 3144 | } | ||
| 3145 | } | ||
| 3146 | |||
| 3147 | - if (sta) { | ||
| 3148 | - if (iwl_mvm_tx_skb(mvm, skb, sta)) | ||
| 3149 | - goto drop; | ||
| 3150 | - return; | ||
| 3151 | - } | ||
| 3152 | - | ||
| 3153 | - if (iwl_mvm_tx_skb_non_sta(mvm, skb)) | ||
| 3154 | - goto drop; | ||
| 3155 | + iwl_mvm_tx_skb(mvm, skb, sta); | ||
| 3156 | return; | ||
| 3157 | drop: | ||
| 3158 | ieee80211_free_txskb(hw, skb); | ||
| 3159 | @@ -842,10 +849,7 @@ void iwl_mvm_mac_itxq_xmit(struct ieee80211_hw *hw, struct ieee80211_txq *txq) | ||
| 3160 | break; | ||
| 3161 | } | ||
| 3162 | |||
| 3163 | - if (!txq->sta) | ||
| 3164 | - iwl_mvm_tx_skb_non_sta(mvm, skb); | ||
| 3165 | - else | ||
| 3166 | - iwl_mvm_tx_skb(mvm, skb, txq->sta); | ||
| 3167 | + iwl_mvm_tx_skb(mvm, skb, txq->sta); | ||
| 3168 | } | ||
| 3169 | } while (atomic_dec_return(&mvmtxq->tx_request)); | ||
| 3170 | rcu_read_unlock(); | ||
| 3171 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | ||
| 3172 | index 5ca50f39a023..5f1ecbb6fb71 100644 | ||
| 3173 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | ||
| 3174 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | ||
| 3175 | @@ -1508,8 +1508,8 @@ int __must_check iwl_mvm_send_cmd_status(struct iwl_mvm *mvm, | ||
| 3176 | int __must_check iwl_mvm_send_cmd_pdu_status(struct iwl_mvm *mvm, u32 id, | ||
| 3177 | u16 len, const void *data, | ||
| 3178 | u32 *status); | ||
| 3179 | -int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3180 | - struct ieee80211_sta *sta); | ||
| 3181 | +int iwl_mvm_tx_skb_sta(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3182 | + struct ieee80211_sta *sta); | ||
| 3183 | int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb); | ||
| 3184 | void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3185 | struct iwl_tx_cmd *tx_cmd, | ||
| 3186 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | ||
| 3187 | index 77b03b757193..a6e2a30eb310 100644 | ||
| 3188 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | ||
| 3189 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | ||
| 3190 | @@ -514,14 +514,17 @@ static bool iwl_mvm_is_sn_less(u16 sn1, u16 sn2, u16 buffer_size) | ||
| 3191 | |||
| 3192 | static void iwl_mvm_sync_nssn(struct iwl_mvm *mvm, u8 baid, u16 nssn) | ||
| 3193 | { | ||
| 3194 | - struct iwl_mvm_rss_sync_notif notif = { | ||
| 3195 | - .metadata.type = IWL_MVM_RXQ_NSSN_SYNC, | ||
| 3196 | - .metadata.sync = 0, | ||
| 3197 | - .nssn_sync.baid = baid, | ||
| 3198 | - .nssn_sync.nssn = nssn, | ||
| 3199 | - }; | ||
| 3200 | - | ||
| 3201 | - iwl_mvm_sync_rx_queues_internal(mvm, (void *)¬if, sizeof(notif)); | ||
| 3202 | + if (IWL_MVM_USE_NSSN_SYNC) { | ||
| 3203 | + struct iwl_mvm_rss_sync_notif notif = { | ||
| 3204 | + .metadata.type = IWL_MVM_RXQ_NSSN_SYNC, | ||
| 3205 | + .metadata.sync = 0, | ||
| 3206 | + .nssn_sync.baid = baid, | ||
| 3207 | + .nssn_sync.nssn = nssn, | ||
| 3208 | + }; | ||
| 3209 | + | ||
| 3210 | + iwl_mvm_sync_rx_queues_internal(mvm, (void *)¬if, | ||
| 3211 | + sizeof(notif)); | ||
| 3212 | + } | ||
| 3213 | } | ||
| 3214 | |||
| 3215 | #define RX_REORDER_BUF_TIMEOUT_MQ (HZ / 10) | ||
| 3216 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
| 3217 | index fcafa22ec6ce..8aa567d7912c 100644 | ||
| 3218 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
| 3219 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c | ||
| 3220 | @@ -1220,7 +1220,7 @@ static int iwl_mvm_legacy_config_scan(struct iwl_mvm *mvm) | ||
| 3221 | cmd_size = sizeof(struct iwl_scan_config_v2); | ||
| 3222 | else | ||
| 3223 | cmd_size = sizeof(struct iwl_scan_config_v1); | ||
| 3224 | - cmd_size += num_channels; | ||
| 3225 | + cmd_size += mvm->fw->ucode_capa.n_scan_channels; | ||
| 3226 | |||
| 3227 | cfg = kzalloc(cmd_size, GFP_KERNEL); | ||
| 3228 | if (!cfg) | ||
| 3229 | diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c | ||
| 3230 | index e3b2a2bf3863..d9d82f6b5e87 100644 | ||
| 3231 | --- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c | ||
| 3232 | +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c | ||
| 3233 | @@ -1151,7 +1151,7 @@ static int iwl_mvm_tx_mpdu(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3234 | if (WARN_ONCE(txq_id == IWL_MVM_INVALID_QUEUE, "Invalid TXQ id")) { | ||
| 3235 | iwl_trans_free_tx_cmd(mvm->trans, dev_cmd); | ||
| 3236 | spin_unlock(&mvmsta->lock); | ||
| 3237 | - return 0; | ||
| 3238 | + return -1; | ||
| 3239 | } | ||
| 3240 | |||
| 3241 | if (!iwl_mvm_has_new_tx_api(mvm)) { | ||
| 3242 | @@ -1203,8 +1203,8 @@ drop: | ||
| 3243 | return -1; | ||
| 3244 | } | ||
| 3245 | |||
| 3246 | -int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3247 | - struct ieee80211_sta *sta) | ||
| 3248 | +int iwl_mvm_tx_skb_sta(struct iwl_mvm *mvm, struct sk_buff *skb, | ||
| 3249 | + struct ieee80211_sta *sta) | ||
| 3250 | { | ||
| 3251 | struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); | ||
| 3252 | struct ieee80211_tx_info info; | ||
| 3253 | diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c | ||
| 3254 | index 041dd75ac72b..64c74acadb99 100644 | ||
| 3255 | --- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c | ||
| 3256 | +++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c | ||
| 3257 | @@ -1537,13 +1537,13 @@ out: | ||
| 3258 | |||
| 3259 | napi = &rxq->napi; | ||
| 3260 | if (napi->poll) { | ||
| 3261 | + napi_gro_flush(napi, false); | ||
| 3262 | + | ||
| 3263 | if (napi->rx_count) { | ||
| 3264 | netif_receive_skb_list(&napi->rx_list); | ||
| 3265 | INIT_LIST_HEAD(&napi->rx_list); | ||
| 3266 | napi->rx_count = 0; | ||
| 3267 | } | ||
| 3268 | - | ||
| 3269 | - napi_gro_flush(napi, false); | ||
| 3270 | } | ||
| 3271 | |||
| 3272 | iwl_pcie_rxq_restock(trans, rxq); | ||
| 3273 | diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c | ||
| 3274 | index 57edfada0665..c9401c121a14 100644 | ||
| 3275 | --- a/drivers/net/wireless/marvell/libertas/cfg.c | ||
| 3276 | +++ b/drivers/net/wireless/marvell/libertas/cfg.c | ||
| 3277 | @@ -273,6 +273,10 @@ add_ie_rates(u8 *tlv, const u8 *ie, int *nrates) | ||
| 3278 | int hw, ap, ap_max = ie[1]; | ||
| 3279 | u8 hw_rate; | ||
| 3280 | |||
| 3281 | + if (ap_max > MAX_RATES) { | ||
| 3282 | + lbs_deb_assoc("invalid rates\n"); | ||
| 3283 | + return tlv; | ||
| 3284 | + } | ||
| 3285 | /* Advance past IE header */ | ||
| 3286 | ie += 2; | ||
| 3287 | |||
| 3288 | @@ -1717,6 +1721,9 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, | ||
| 3289 | struct cmd_ds_802_11_ad_hoc_join cmd; | ||
| 3290 | u8 preamble = RADIO_PREAMBLE_SHORT; | ||
| 3291 | int ret = 0; | ||
| 3292 | + int hw, i; | ||
| 3293 | + u8 rates_max; | ||
| 3294 | + u8 *rates; | ||
| 3295 | |||
| 3296 | /* TODO: set preamble based on scan result */ | ||
| 3297 | ret = lbs_set_radio(priv, preamble, 1); | ||
| 3298 | @@ -1775,9 +1782,12 @@ static int lbs_ibss_join_existing(struct lbs_private *priv, | ||
| 3299 | if (!rates_eid) { | ||
| 3300 | lbs_add_rates(cmd.bss.rates); | ||
| 3301 | } else { | ||
| 3302 | - int hw, i; | ||
| 3303 | - u8 rates_max = rates_eid[1]; | ||
| 3304 | - u8 *rates = cmd.bss.rates; | ||
| 3305 | + rates_max = rates_eid[1]; | ||
| 3306 | + if (rates_max > MAX_RATES) { | ||
| 3307 | + lbs_deb_join("invalid rates"); | ||
| 3308 | + goto out; | ||
| 3309 | + } | ||
| 3310 | + rates = cmd.bss.rates; | ||
| 3311 | for (hw = 0; hw < ARRAY_SIZE(lbs_rates); hw++) { | ||
| 3312 | u8 hw_rate = lbs_rates[hw].bitrate / 5; | ||
| 3313 | for (i = 0; i < rates_max; i++) { | ||
| 3314 | diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c | ||
| 3315 | index 308f744393eb..1593b8494ebb 100644 | ||
| 3316 | --- a/drivers/pci/quirks.c | ||
| 3317 | +++ b/drivers/pci/quirks.c | ||
| 3318 | @@ -5021,18 +5021,25 @@ DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SERVERWORKS, 0x0422, quirk_no_ext_tags); | ||
| 3319 | |||
| 3320 | #ifdef CONFIG_PCI_ATS | ||
| 3321 | /* | ||
| 3322 | - * Some devices have a broken ATS implementation causing IOMMU stalls. | ||
| 3323 | - * Don't use ATS for those devices. | ||
| 3324 | + * Some devices require additional driver setup to enable ATS. Don't use | ||
| 3325 | + * ATS for those devices as ATS will be enabled before the driver has had a | ||
| 3326 | + * chance to load and configure the device. | ||
| 3327 | */ | ||
| 3328 | -static void quirk_no_ats(struct pci_dev *pdev) | ||
| 3329 | +static void quirk_amd_harvest_no_ats(struct pci_dev *pdev) | ||
| 3330 | { | ||
| 3331 | - pci_info(pdev, "disabling ATS (broken on this device)\n"); | ||
| 3332 | + if (pdev->device == 0x7340 && pdev->revision != 0xc5) | ||
| 3333 | + return; | ||
| 3334 | + | ||
| 3335 | + pci_info(pdev, "disabling ATS\n"); | ||
| 3336 | pdev->ats_cap = 0; | ||
| 3337 | } | ||
| 3338 | |||
| 3339 | /* AMD Stoney platform GPU */ | ||
| 3340 | -DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x98e4, quirk_no_ats); | ||
| 3341 | -DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x6900, quirk_no_ats); | ||
| 3342 | +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x98e4, quirk_amd_harvest_no_ats); | ||
| 3343 | +/* AMD Iceland dGPU */ | ||
| 3344 | +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x6900, quirk_amd_harvest_no_ats); | ||
| 3345 | +/* AMD Navi14 dGPU */ | ||
| 3346 | +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7340, quirk_amd_harvest_no_ats); | ||
| 3347 | #endif /* CONFIG_PCI_ATS */ | ||
| 3348 | |||
| 3349 | /* Freescale PCIe doesn't support MSI in RC mode */ | ||
| 3350 | diff --git a/drivers/pinctrl/intel/pinctrl-sunrisepoint.c b/drivers/pinctrl/intel/pinctrl-sunrisepoint.c | ||
| 3351 | index 44d7f50bbc82..d936e7aa74c4 100644 | ||
| 3352 | --- a/drivers/pinctrl/intel/pinctrl-sunrisepoint.c | ||
| 3353 | +++ b/drivers/pinctrl/intel/pinctrl-sunrisepoint.c | ||
| 3354 | @@ -49,6 +49,7 @@ | ||
| 3355 | .padown_offset = SPT_PAD_OWN, \ | ||
| 3356 | .padcfglock_offset = SPT_PADCFGLOCK, \ | ||
| 3357 | .hostown_offset = SPT_HOSTSW_OWN, \ | ||
| 3358 | + .is_offset = SPT_GPI_IS, \ | ||
| 3359 | .ie_offset = SPT_GPI_IE, \ | ||
| 3360 | .pin_base = (s), \ | ||
| 3361 | .npins = ((e) - (s) + 1), \ | ||
| 3362 | diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c | ||
| 3363 | index f194ffc4699e..c070cb2a6a5b 100644 | ||
| 3364 | --- a/drivers/target/iscsi/iscsi_target.c | ||
| 3365 | +++ b/drivers/target/iscsi/iscsi_target.c | ||
| 3366 | @@ -4151,9 +4151,6 @@ int iscsit_close_connection( | ||
| 3367 | iscsit_stop_nopin_response_timer(conn); | ||
| 3368 | iscsit_stop_nopin_timer(conn); | ||
| 3369 | |||
| 3370 | - if (conn->conn_transport->iscsit_wait_conn) | ||
| 3371 | - conn->conn_transport->iscsit_wait_conn(conn); | ||
| 3372 | - | ||
| 3373 | /* | ||
| 3374 | * During Connection recovery drop unacknowledged out of order | ||
| 3375 | * commands for this connection, and prepare the other commands | ||
| 3376 | @@ -4239,6 +4236,9 @@ int iscsit_close_connection( | ||
| 3377 | target_sess_cmd_list_set_waiting(sess->se_sess); | ||
| 3378 | target_wait_for_sess_cmds(sess->se_sess); | ||
| 3379 | |||
| 3380 | + if (conn->conn_transport->iscsit_wait_conn) | ||
| 3381 | + conn->conn_transport->iscsit_wait_conn(conn); | ||
| 3382 | + | ||
| 3383 | ahash_request_free(conn->conn_tx_hash); | ||
| 3384 | if (conn->conn_rx_hash) { | ||
| 3385 | struct crypto_ahash *tfm; | ||
| 3386 | diff --git a/fs/afs/cell.c b/fs/afs/cell.c | ||
| 3387 | index fd5133e26a38..78ba5f932287 100644 | ||
| 3388 | --- a/fs/afs/cell.c | ||
| 3389 | +++ b/fs/afs/cell.c | ||
| 3390 | @@ -134,8 +134,17 @@ static struct afs_cell *afs_alloc_cell(struct afs_net *net, | ||
| 3391 | _leave(" = -ENAMETOOLONG"); | ||
| 3392 | return ERR_PTR(-ENAMETOOLONG); | ||
| 3393 | } | ||
| 3394 | - if (namelen == 5 && memcmp(name, "@cell", 5) == 0) | ||
| 3395 | + | ||
| 3396 | + /* Prohibit cell names that contain unprintable chars, '/' and '@' or | ||
| 3397 | + * that begin with a dot. This also precludes "@cell". | ||
| 3398 | + */ | ||
| 3399 | + if (name[0] == '.') | ||
| 3400 | return ERR_PTR(-EINVAL); | ||
| 3401 | + for (i = 0; i < namelen; i++) { | ||
| 3402 | + char ch = name[i]; | ||
| 3403 | + if (!isprint(ch) || ch == '/' || ch == '@') | ||
| 3404 | + return ERR_PTR(-EINVAL); | ||
| 3405 | + } | ||
| 3406 | |||
| 3407 | _enter("%*.*s,%s", namelen, namelen, name, addresses); | ||
| 3408 | |||
| 3409 | diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c | ||
| 3410 | index a5163296d9d9..ee02a742fff5 100644 | ||
| 3411 | --- a/fs/ceph/mds_client.c | ||
| 3412 | +++ b/fs/ceph/mds_client.c | ||
| 3413 | @@ -708,8 +708,10 @@ void ceph_mdsc_release_request(struct kref *kref) | ||
| 3414 | /* avoid calling iput_final() in mds dispatch threads */ | ||
| 3415 | ceph_async_iput(req->r_inode); | ||
| 3416 | } | ||
| 3417 | - if (req->r_parent) | ||
| 3418 | + if (req->r_parent) { | ||
| 3419 | ceph_put_cap_refs(ceph_inode(req->r_parent), CEPH_CAP_PIN); | ||
| 3420 | + ceph_async_iput(req->r_parent); | ||
| 3421 | + } | ||
| 3422 | ceph_async_iput(req->r_target_inode); | ||
| 3423 | if (req->r_dentry) | ||
| 3424 | dput(req->r_dentry); | ||
| 3425 | @@ -2670,8 +2672,10 @@ int ceph_mdsc_submit_request(struct ceph_mds_client *mdsc, struct inode *dir, | ||
| 3426 | /* take CAP_PIN refs for r_inode, r_parent, r_old_dentry */ | ||
| 3427 | if (req->r_inode) | ||
| 3428 | ceph_get_cap_refs(ceph_inode(req->r_inode), CEPH_CAP_PIN); | ||
| 3429 | - if (req->r_parent) | ||
| 3430 | + if (req->r_parent) { | ||
| 3431 | ceph_get_cap_refs(ceph_inode(req->r_parent), CEPH_CAP_PIN); | ||
| 3432 | + ihold(req->r_parent); | ||
| 3433 | + } | ||
| 3434 | if (req->r_old_dentry_dir) | ||
| 3435 | ceph_get_cap_refs(ceph_inode(req->r_old_dentry_dir), | ||
| 3436 | CEPH_CAP_PIN); | ||
| 3437 | diff --git a/fs/io_uring.c b/fs/io_uring.c | ||
| 3438 | index b1c9ad1fb9e1..709671faaed6 100644 | ||
| 3439 | --- a/fs/io_uring.c | ||
| 3440 | +++ b/fs/io_uring.c | ||
| 3441 | @@ -3716,12 +3716,6 @@ SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, | ||
| 3442 | wake_up(&ctx->sqo_wait); | ||
| 3443 | submitted = to_submit; | ||
| 3444 | } else if (to_submit) { | ||
| 3445 | - if (current->mm != ctx->sqo_mm || | ||
| 3446 | - current_cred() != ctx->creds) { | ||
| 3447 | - ret = -EPERM; | ||
| 3448 | - goto out; | ||
| 3449 | - } | ||
| 3450 | - | ||
| 3451 | to_submit = min(to_submit, ctx->sq_entries); | ||
| 3452 | |||
| 3453 | mutex_lock(&ctx->uring_lock); | ||
| 3454 | diff --git a/fs/namei.c b/fs/namei.c | ||
| 3455 | index 671c3c1a3425..e81521c87f98 100644 | ||
| 3456 | --- a/fs/namei.c | ||
| 3457 | +++ b/fs/namei.c | ||
| 3458 | @@ -1001,7 +1001,8 @@ static int may_linkat(struct path *link) | ||
| 3459 | * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory | ||
| 3460 | * should be allowed, or not, on files that already | ||
| 3461 | * exist. | ||
| 3462 | - * @dir: the sticky parent directory | ||
| 3463 | + * @dir_mode: mode bits of directory | ||
| 3464 | + * @dir_uid: owner of directory | ||
| 3465 | * @inode: the inode of the file to open | ||
| 3466 | * | ||
| 3467 | * Block an O_CREAT open of a FIFO (or a regular file) when: | ||
| 3468 | @@ -1017,18 +1018,18 @@ static int may_linkat(struct path *link) | ||
| 3469 | * | ||
| 3470 | * Returns 0 if the open is allowed, -ve on error. | ||
| 3471 | */ | ||
| 3472 | -static int may_create_in_sticky(struct dentry * const dir, | ||
| 3473 | +static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid, | ||
| 3474 | struct inode * const inode) | ||
| 3475 | { | ||
| 3476 | if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) || | ||
| 3477 | (!sysctl_protected_regular && S_ISREG(inode->i_mode)) || | ||
| 3478 | - likely(!(dir->d_inode->i_mode & S_ISVTX)) || | ||
| 3479 | - uid_eq(inode->i_uid, dir->d_inode->i_uid) || | ||
| 3480 | + likely(!(dir_mode & S_ISVTX)) || | ||
| 3481 | + uid_eq(inode->i_uid, dir_uid) || | ||
| 3482 | uid_eq(current_fsuid(), inode->i_uid)) | ||
| 3483 | return 0; | ||
| 3484 | |||
| 3485 | - if (likely(dir->d_inode->i_mode & 0002) || | ||
| 3486 | - (dir->d_inode->i_mode & 0020 && | ||
| 3487 | + if (likely(dir_mode & 0002) || | ||
| 3488 | + (dir_mode & 0020 && | ||
| 3489 | ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) || | ||
| 3490 | (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) { | ||
| 3491 | return -EACCES; | ||
| 3492 | @@ -3248,6 +3249,8 @@ static int do_last(struct nameidata *nd, | ||
| 3493 | struct file *file, const struct open_flags *op) | ||
| 3494 | { | ||
| 3495 | struct dentry *dir = nd->path.dentry; | ||
| 3496 | + kuid_t dir_uid = dir->d_inode->i_uid; | ||
| 3497 | + umode_t dir_mode = dir->d_inode->i_mode; | ||
| 3498 | int open_flag = op->open_flag; | ||
| 3499 | bool will_truncate = (open_flag & O_TRUNC) != 0; | ||
| 3500 | bool got_write = false; | ||
| 3501 | @@ -3383,7 +3386,7 @@ finish_open: | ||
| 3502 | error = -EISDIR; | ||
| 3503 | if (d_is_dir(nd->path.dentry)) | ||
| 3504 | goto out; | ||
| 3505 | - error = may_create_in_sticky(dir, | ||
| 3506 | + error = may_create_in_sticky(dir_mode, dir_uid, | ||
| 3507 | d_backing_inode(nd->path.dentry)); | ||
| 3508 | if (unlikely(error)) | ||
| 3509 | goto out; | ||
| 3510 | diff --git a/fs/readdir.c b/fs/readdir.c | ||
| 3511 | index d26d5ea4de7b..de2eceffdee8 100644 | ||
| 3512 | --- a/fs/readdir.c | ||
| 3513 | +++ b/fs/readdir.c | ||
| 3514 | @@ -102,10 +102,14 @@ EXPORT_SYMBOL(iterate_dir); | ||
| 3515 | * filename length, and the above "soft error" worry means | ||
| 3516 | * that it's probably better left alone until we have that | ||
| 3517 | * issue clarified. | ||
| 3518 | + * | ||
| 3519 | + * Note the PATH_MAX check - it's arbitrary but the real | ||
| 3520 | + * kernel limit on a possible path component, not NAME_MAX, | ||
| 3521 | + * which is the technical standard limit. | ||
| 3522 | */ | ||
| 3523 | static int verify_dirent_name(const char *name, int len) | ||
| 3524 | { | ||
| 3525 | - if (!len) | ||
| 3526 | + if (len <= 0 || len >= PATH_MAX) | ||
| 3527 | return -EIO; | ||
| 3528 | if (memchr(name, '/', len)) | ||
| 3529 | return -EIO; | ||
| 3530 | @@ -206,7 +210,7 @@ struct linux_dirent { | ||
| 3531 | struct getdents_callback { | ||
| 3532 | struct dir_context ctx; | ||
| 3533 | struct linux_dirent __user * current_dir; | ||
| 3534 | - struct linux_dirent __user * previous; | ||
| 3535 | + int prev_reclen; | ||
| 3536 | int count; | ||
| 3537 | int error; | ||
| 3538 | }; | ||
| 3539 | @@ -214,12 +218,13 @@ struct getdents_callback { | ||
| 3540 | static int filldir(struct dir_context *ctx, const char *name, int namlen, | ||
| 3541 | loff_t offset, u64 ino, unsigned int d_type) | ||
| 3542 | { | ||
| 3543 | - struct linux_dirent __user * dirent; | ||
| 3544 | + struct linux_dirent __user *dirent, *prev; | ||
| 3545 | struct getdents_callback *buf = | ||
| 3546 | container_of(ctx, struct getdents_callback, ctx); | ||
| 3547 | unsigned long d_ino; | ||
| 3548 | int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2, | ||
| 3549 | sizeof(long)); | ||
| 3550 | + int prev_reclen; | ||
| 3551 | |||
| 3552 | buf->error = verify_dirent_name(name, namlen); | ||
| 3553 | if (unlikely(buf->error)) | ||
| 3554 | @@ -232,28 +237,24 @@ static int filldir(struct dir_context *ctx, const char *name, int namlen, | ||
| 3555 | buf->error = -EOVERFLOW; | ||
| 3556 | return -EOVERFLOW; | ||
| 3557 | } | ||
| 3558 | - dirent = buf->previous; | ||
| 3559 | - if (dirent && signal_pending(current)) | ||
| 3560 | + prev_reclen = buf->prev_reclen; | ||
| 3561 | + if (prev_reclen && signal_pending(current)) | ||
| 3562 | return -EINTR; | ||
| 3563 | - | ||
| 3564 | - /* | ||
| 3565 | - * Note! This range-checks 'previous' (which may be NULL). | ||
| 3566 | - * The real range was checked in getdents | ||
| 3567 | - */ | ||
| 3568 | - if (!user_access_begin(dirent, sizeof(*dirent))) | ||
| 3569 | - goto efault; | ||
| 3570 | - if (dirent) | ||
| 3571 | - unsafe_put_user(offset, &dirent->d_off, efault_end); | ||
| 3572 | dirent = buf->current_dir; | ||
| 3573 | + prev = (void __user *) dirent - prev_reclen; | ||
| 3574 | + if (!user_access_begin(prev, reclen + prev_reclen)) | ||
| 3575 | + goto efault; | ||
| 3576 | + | ||
| 3577 | + /* This might be 'dirent->d_off', but if so it will get overwritten */ | ||
| 3578 | + unsafe_put_user(offset, &prev->d_off, efault_end); | ||
| 3579 | unsafe_put_user(d_ino, &dirent->d_ino, efault_end); | ||
| 3580 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | ||
| 3581 | unsafe_put_user(d_type, (char __user *) dirent + reclen - 1, efault_end); | ||
| 3582 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | ||
| 3583 | user_access_end(); | ||
| 3584 | |||
| 3585 | - buf->previous = dirent; | ||
| 3586 | - dirent = (void __user *)dirent + reclen; | ||
| 3587 | - buf->current_dir = dirent; | ||
| 3588 | + buf->current_dir = (void __user *)dirent + reclen; | ||
| 3589 | + buf->prev_reclen = reclen; | ||
| 3590 | buf->count -= reclen; | ||
| 3591 | return 0; | ||
| 3592 | efault_end: | ||
| 3593 | @@ -267,7 +268,6 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, | ||
| 3594 | struct linux_dirent __user *, dirent, unsigned int, count) | ||
| 3595 | { | ||
| 3596 | struct fd f; | ||
| 3597 | - struct linux_dirent __user * lastdirent; | ||
| 3598 | struct getdents_callback buf = { | ||
| 3599 | .ctx.actor = filldir, | ||
| 3600 | .count = count, | ||
| 3601 | @@ -285,8 +285,10 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, | ||
| 3602 | error = iterate_dir(f.file, &buf.ctx); | ||
| 3603 | if (error >= 0) | ||
| 3604 | error = buf.error; | ||
| 3605 | - lastdirent = buf.previous; | ||
| 3606 | - if (lastdirent) { | ||
| 3607 | + if (buf.prev_reclen) { | ||
| 3608 | + struct linux_dirent __user * lastdirent; | ||
| 3609 | + lastdirent = (void __user *)buf.current_dir - buf.prev_reclen; | ||
| 3610 | + | ||
| 3611 | if (put_user(buf.ctx.pos, &lastdirent->d_off)) | ||
| 3612 | error = -EFAULT; | ||
| 3613 | else | ||
| 3614 | @@ -299,7 +301,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, | ||
| 3615 | struct getdents_callback64 { | ||
| 3616 | struct dir_context ctx; | ||
| 3617 | struct linux_dirent64 __user * current_dir; | ||
| 3618 | - struct linux_dirent64 __user * previous; | ||
| 3619 | + int prev_reclen; | ||
| 3620 | int count; | ||
| 3621 | int error; | ||
| 3622 | }; | ||
| 3623 | @@ -307,11 +309,12 @@ struct getdents_callback64 { | ||
| 3624 | static int filldir64(struct dir_context *ctx, const char *name, int namlen, | ||
| 3625 | loff_t offset, u64 ino, unsigned int d_type) | ||
| 3626 | { | ||
| 3627 | - struct linux_dirent64 __user *dirent; | ||
| 3628 | + struct linux_dirent64 __user *dirent, *prev; | ||
| 3629 | struct getdents_callback64 *buf = | ||
| 3630 | container_of(ctx, struct getdents_callback64, ctx); | ||
| 3631 | int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1, | ||
| 3632 | sizeof(u64)); | ||
| 3633 | + int prev_reclen; | ||
| 3634 | |||
| 3635 | buf->error = verify_dirent_name(name, namlen); | ||
| 3636 | if (unlikely(buf->error)) | ||
| 3637 | @@ -319,30 +322,27 @@ static int filldir64(struct dir_context *ctx, const char *name, int namlen, | ||
| 3638 | buf->error = -EINVAL; /* only used if we fail.. */ | ||
| 3639 | if (reclen > buf->count) | ||
| 3640 | return -EINVAL; | ||
| 3641 | - dirent = buf->previous; | ||
| 3642 | - if (dirent && signal_pending(current)) | ||
| 3643 | + prev_reclen = buf->prev_reclen; | ||
| 3644 | + if (prev_reclen && signal_pending(current)) | ||
| 3645 | return -EINTR; | ||
| 3646 | - | ||
| 3647 | - /* | ||
| 3648 | - * Note! This range-checks 'previous' (which may be NULL). | ||
| 3649 | - * The real range was checked in getdents | ||
| 3650 | - */ | ||
| 3651 | - if (!user_access_begin(dirent, sizeof(*dirent))) | ||
| 3652 | - goto efault; | ||
| 3653 | - if (dirent) | ||
| 3654 | - unsafe_put_user(offset, &dirent->d_off, efault_end); | ||
| 3655 | dirent = buf->current_dir; | ||
| 3656 | + prev = (void __user *)dirent - prev_reclen; | ||
| 3657 | + if (!user_access_begin(prev, reclen + prev_reclen)) | ||
| 3658 | + goto efault; | ||
| 3659 | + | ||
| 3660 | + /* This might be 'dirent->d_off', but if so it will get overwritten */ | ||
| 3661 | + unsafe_put_user(offset, &prev->d_off, efault_end); | ||
| 3662 | unsafe_put_user(ino, &dirent->d_ino, efault_end); | ||
| 3663 | unsafe_put_user(reclen, &dirent->d_reclen, efault_end); | ||
| 3664 | unsafe_put_user(d_type, &dirent->d_type, efault_end); | ||
| 3665 | unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); | ||
| 3666 | user_access_end(); | ||
| 3667 | |||
| 3668 | - buf->previous = dirent; | ||
| 3669 | - dirent = (void __user *)dirent + reclen; | ||
| 3670 | - buf->current_dir = dirent; | ||
| 3671 | + buf->prev_reclen = reclen; | ||
| 3672 | + buf->current_dir = (void __user *)dirent + reclen; | ||
| 3673 | buf->count -= reclen; | ||
| 3674 | return 0; | ||
| 3675 | + | ||
| 3676 | efault_end: | ||
| 3677 | user_access_end(); | ||
| 3678 | efault: | ||
| 3679 | @@ -354,7 +354,6 @@ int ksys_getdents64(unsigned int fd, struct linux_dirent64 __user *dirent, | ||
| 3680 | unsigned int count) | ||
| 3681 | { | ||
| 3682 | struct fd f; | ||
| 3683 | - struct linux_dirent64 __user * lastdirent; | ||
| 3684 | struct getdents_callback64 buf = { | ||
| 3685 | .ctx.actor = filldir64, | ||
| 3686 | .count = count, | ||
| 3687 | @@ -372,9 +371,11 @@ int ksys_getdents64(unsigned int fd, struct linux_dirent64 __user *dirent, | ||
| 3688 | error = iterate_dir(f.file, &buf.ctx); | ||
| 3689 | if (error >= 0) | ||
| 3690 | error = buf.error; | ||
| 3691 | - lastdirent = buf.previous; | ||
| 3692 | - if (lastdirent) { | ||
| 3693 | + if (buf.prev_reclen) { | ||
| 3694 | + struct linux_dirent64 __user * lastdirent; | ||
| 3695 | typeof(lastdirent->d_off) d_off = buf.ctx.pos; | ||
| 3696 | + | ||
| 3697 | + lastdirent = (void __user *) buf.current_dir - buf.prev_reclen; | ||
| 3698 | if (__put_user(d_off, &lastdirent->d_off)) | ||
| 3699 | error = -EFAULT; | ||
| 3700 | else | ||
| 3701 | diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h | ||
| 3702 | index 13f09706033a..f8fde9fa479c 100644 | ||
| 3703 | --- a/include/linux/netdevice.h | ||
| 3704 | +++ b/include/linux/netdevice.h | ||
| 3705 | @@ -3666,6 +3666,8 @@ int dev_set_alias(struct net_device *, const char *, size_t); | ||
| 3706 | int dev_get_alias(const struct net_device *, char *, size_t); | ||
| 3707 | int dev_change_net_namespace(struct net_device *, struct net *, const char *); | ||
| 3708 | int __dev_set_mtu(struct net_device *, int); | ||
| 3709 | +int dev_validate_mtu(struct net_device *dev, int mtu, | ||
| 3710 | + struct netlink_ext_ack *extack); | ||
| 3711 | int dev_set_mtu_ext(struct net_device *dev, int mtu, | ||
| 3712 | struct netlink_ext_ack *extack); | ||
| 3713 | int dev_set_mtu(struct net_device *, int); | ||
| 3714 | diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h | ||
| 3715 | index 9bc255a8461b..77336f4c4b1c 100644 | ||
| 3716 | --- a/include/linux/netfilter/ipset/ip_set.h | ||
| 3717 | +++ b/include/linux/netfilter/ipset/ip_set.h | ||
| 3718 | @@ -445,13 +445,6 @@ ip6addrptr(const struct sk_buff *skb, bool src, struct in6_addr *addr) | ||
| 3719 | sizeof(*addr)); | ||
| 3720 | } | ||
| 3721 | |||
| 3722 | -/* Calculate the bytes required to store the inclusive range of a-b */ | ||
| 3723 | -static inline int | ||
| 3724 | -bitmap_bytes(u32 a, u32 b) | ||
| 3725 | -{ | ||
| 3726 | - return 4 * ((((b - a + 8) / 8) + 3) / 4); | ||
| 3727 | -} | ||
| 3728 | - | ||
| 3729 | /* How often should the gc be run by default */ | ||
| 3730 | #define IPSET_GC_TIME (3 * 60) | ||
| 3731 | |||
| 3732 | diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h | ||
| 3733 | index cf09ab37b45b..851425c3178f 100644 | ||
| 3734 | --- a/include/linux/netfilter/nfnetlink.h | ||
| 3735 | +++ b/include/linux/netfilter/nfnetlink.h | ||
| 3736 | @@ -31,7 +31,7 @@ struct nfnetlink_subsystem { | ||
| 3737 | const struct nfnl_callback *cb; /* callback for individual types */ | ||
| 3738 | struct module *owner; | ||
| 3739 | int (*commit)(struct net *net, struct sk_buff *skb); | ||
| 3740 | - int (*abort)(struct net *net, struct sk_buff *skb); | ||
| 3741 | + int (*abort)(struct net *net, struct sk_buff *skb, bool autoload); | ||
| 3742 | void (*cleanup)(struct net *net); | ||
| 3743 | bool (*valid_genid)(struct net *net, u32 genid); | ||
| 3744 | }; | ||
| 3745 | diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h | ||
| 3746 | index 286fd960896f..a1a8d45adb42 100644 | ||
| 3747 | --- a/include/net/netns/nftables.h | ||
| 3748 | +++ b/include/net/netns/nftables.h | ||
| 3749 | @@ -7,6 +7,7 @@ | ||
| 3750 | struct netns_nftables { | ||
| 3751 | struct list_head tables; | ||
| 3752 | struct list_head commit_list; | ||
| 3753 | + struct list_head module_list; | ||
| 3754 | struct mutex commit_mutex; | ||
| 3755 | unsigned int base_seq; | ||
| 3756 | u8 gencursor; | ||
| 3757 | diff --git a/include/trace/events/xen.h b/include/trace/events/xen.h | ||
| 3758 | index 9a0e8af21310..a5ccfa67bc5c 100644 | ||
| 3759 | --- a/include/trace/events/xen.h | ||
| 3760 | +++ b/include/trace/events/xen.h | ||
| 3761 | @@ -66,7 +66,11 @@ TRACE_EVENT(xen_mc_callback, | ||
| 3762 | TP_PROTO(xen_mc_callback_fn_t fn, void *data), | ||
| 3763 | TP_ARGS(fn, data), | ||
| 3764 | TP_STRUCT__entry( | ||
| 3765 | - __field(xen_mc_callback_fn_t, fn) | ||
| 3766 | + /* | ||
| 3767 | + * Use field_struct to avoid is_signed_type() | ||
| 3768 | + * comparison of a function pointer. | ||
| 3769 | + */ | ||
| 3770 | + __field_struct(xen_mc_callback_fn_t, fn) | ||
| 3771 | __field(void *, data) | ||
| 3772 | ), | ||
| 3773 | TP_fast_assign( | ||
| 3774 | diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c | ||
| 3775 | index 26b9168321e7..d65f2d5ab694 100644 | ||
| 3776 | --- a/kernel/power/snapshot.c | ||
| 3777 | +++ b/kernel/power/snapshot.c | ||
| 3778 | @@ -1147,24 +1147,24 @@ void free_basic_memory_bitmaps(void) | ||
| 3779 | |||
| 3780 | void clear_free_pages(void) | ||
| 3781 | { | ||
| 3782 | -#ifdef CONFIG_PAGE_POISONING_ZERO | ||
| 3783 | struct memory_bitmap *bm = free_pages_map; | ||
| 3784 | unsigned long pfn; | ||
| 3785 | |||
| 3786 | if (WARN_ON(!(free_pages_map))) | ||
| 3787 | return; | ||
| 3788 | |||
| 3789 | - memory_bm_position_reset(bm); | ||
| 3790 | - pfn = memory_bm_next_pfn(bm); | ||
| 3791 | - while (pfn != BM_END_OF_MAP) { | ||
| 3792 | - if (pfn_valid(pfn)) | ||
| 3793 | - clear_highpage(pfn_to_page(pfn)); | ||
| 3794 | - | ||
| 3795 | + if (IS_ENABLED(CONFIG_PAGE_POISONING_ZERO) || want_init_on_free()) { | ||
| 3796 | + memory_bm_position_reset(bm); | ||
| 3797 | pfn = memory_bm_next_pfn(bm); | ||
| 3798 | + while (pfn != BM_END_OF_MAP) { | ||
| 3799 | + if (pfn_valid(pfn)) | ||
| 3800 | + clear_highpage(pfn_to_page(pfn)); | ||
| 3801 | + | ||
| 3802 | + pfn = memory_bm_next_pfn(bm); | ||
| 3803 | + } | ||
| 3804 | + memory_bm_position_reset(bm); | ||
| 3805 | + pr_info("free pages cleared after restore\n"); | ||
| 3806 | } | ||
| 3807 | - memory_bm_position_reset(bm); | ||
| 3808 | - pr_info("free pages cleared after restore\n"); | ||
| 3809 | -#endif /* PAGE_POISONING_ZERO */ | ||
| 3810 | } | ||
| 3811 | |||
| 3812 | /** | ||
| 3813 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c | ||
| 3814 | index bcb72f102613..341aab32c946 100644 | ||
| 3815 | --- a/kernel/trace/trace.c | ||
| 3816 | +++ b/kernel/trace/trace.c | ||
| 3817 | @@ -9270,6 +9270,11 @@ __init static int tracing_set_default_clock(void) | ||
| 3818 | { | ||
| 3819 | /* sched_clock_stable() is determined in late_initcall */ | ||
| 3820 | if (!trace_boot_clock && !sched_clock_stable()) { | ||
| 3821 | + if (security_locked_down(LOCKDOWN_TRACEFS)) { | ||
| 3822 | + pr_warn("Can not set tracing clock due to lockdown\n"); | ||
| 3823 | + return -EPERM; | ||
| 3824 | + } | ||
| 3825 | + | ||
| 3826 | printk(KERN_WARNING | ||
| 3827 | "Unstable clock detected, switching default tracing clock to \"global\"\n" | ||
| 3828 | "If you want to keep using the local clock, then add:\n" | ||
| 3829 | diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c | ||
| 3830 | index c2783915600c..205692181e7b 100644 | ||
| 3831 | --- a/kernel/trace/trace_events_hist.c | ||
| 3832 | +++ b/kernel/trace/trace_events_hist.c | ||
| 3833 | @@ -116,6 +116,7 @@ struct hist_field { | ||
| 3834 | struct ftrace_event_field *field; | ||
| 3835 | unsigned long flags; | ||
| 3836 | hist_field_fn_t fn; | ||
| 3837 | + unsigned int ref; | ||
| 3838 | unsigned int size; | ||
| 3839 | unsigned int offset; | ||
| 3840 | unsigned int is_signed; | ||
| 3841 | @@ -1766,11 +1767,13 @@ static struct hist_field *find_var(struct hist_trigger_data *hist_data, | ||
| 3842 | struct event_trigger_data *test; | ||
| 3843 | struct hist_field *hist_field; | ||
| 3844 | |||
| 3845 | + lockdep_assert_held(&event_mutex); | ||
| 3846 | + | ||
| 3847 | hist_field = find_var_field(hist_data, var_name); | ||
| 3848 | if (hist_field) | ||
| 3849 | return hist_field; | ||
| 3850 | |||
| 3851 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3852 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3853 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3854 | test_data = test->private_data; | ||
| 3855 | hist_field = find_var_field(test_data, var_name); | ||
| 3856 | @@ -1820,7 +1823,9 @@ static struct hist_field *find_file_var(struct trace_event_file *file, | ||
| 3857 | struct event_trigger_data *test; | ||
| 3858 | struct hist_field *hist_field; | ||
| 3859 | |||
| 3860 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3861 | + lockdep_assert_held(&event_mutex); | ||
| 3862 | + | ||
| 3863 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3864 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3865 | test_data = test->private_data; | ||
| 3866 | hist_field = find_var_field(test_data, var_name); | ||
| 3867 | @@ -2423,8 +2428,16 @@ static int contains_operator(char *str) | ||
| 3868 | return field_op; | ||
| 3869 | } | ||
| 3870 | |||
| 3871 | +static void get_hist_field(struct hist_field *hist_field) | ||
| 3872 | +{ | ||
| 3873 | + hist_field->ref++; | ||
| 3874 | +} | ||
| 3875 | + | ||
| 3876 | static void __destroy_hist_field(struct hist_field *hist_field) | ||
| 3877 | { | ||
| 3878 | + if (--hist_field->ref > 1) | ||
| 3879 | + return; | ||
| 3880 | + | ||
| 3881 | kfree(hist_field->var.name); | ||
| 3882 | kfree(hist_field->name); | ||
| 3883 | kfree(hist_field->type); | ||
| 3884 | @@ -2466,6 +2479,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data, | ||
| 3885 | if (!hist_field) | ||
| 3886 | return NULL; | ||
| 3887 | |||
| 3888 | + hist_field->ref = 1; | ||
| 3889 | + | ||
| 3890 | hist_field->hist_data = hist_data; | ||
| 3891 | |||
| 3892 | if (flags & HIST_FIELD_FL_EXPR || flags & HIST_FIELD_FL_ALIAS) | ||
| 3893 | @@ -2661,6 +2676,17 @@ static struct hist_field *create_var_ref(struct hist_trigger_data *hist_data, | ||
| 3894 | { | ||
| 3895 | unsigned long flags = HIST_FIELD_FL_VAR_REF; | ||
| 3896 | struct hist_field *ref_field; | ||
| 3897 | + int i; | ||
| 3898 | + | ||
| 3899 | + /* Check if the variable already exists */ | ||
| 3900 | + for (i = 0; i < hist_data->n_var_refs; i++) { | ||
| 3901 | + ref_field = hist_data->var_refs[i]; | ||
| 3902 | + if (ref_field->var.idx == var_field->var.idx && | ||
| 3903 | + ref_field->var.hist_data == var_field->hist_data) { | ||
| 3904 | + get_hist_field(ref_field); | ||
| 3905 | + return ref_field; | ||
| 3906 | + } | ||
| 3907 | + } | ||
| 3908 | |||
| 3909 | ref_field = create_hist_field(var_field->hist_data, NULL, flags, NULL); | ||
| 3910 | if (ref_field) { | ||
| 3911 | @@ -3115,7 +3141,9 @@ static char *find_trigger_filter(struct hist_trigger_data *hist_data, | ||
| 3912 | { | ||
| 3913 | struct event_trigger_data *test; | ||
| 3914 | |||
| 3915 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3916 | + lockdep_assert_held(&event_mutex); | ||
| 3917 | + | ||
| 3918 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3919 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3920 | if (test->private_data == hist_data) | ||
| 3921 | return test->filter_str; | ||
| 3922 | @@ -3166,9 +3194,11 @@ find_compatible_hist(struct hist_trigger_data *target_hist_data, | ||
| 3923 | struct event_trigger_data *test; | ||
| 3924 | unsigned int n_keys; | ||
| 3925 | |||
| 3926 | + lockdep_assert_held(&event_mutex); | ||
| 3927 | + | ||
| 3928 | n_keys = target_hist_data->n_fields - target_hist_data->n_vals; | ||
| 3929 | |||
| 3930 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3931 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3932 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3933 | hist_data = test->private_data; | ||
| 3934 | |||
| 3935 | @@ -5528,7 +5558,7 @@ static int hist_show(struct seq_file *m, void *v) | ||
| 3936 | goto out_unlock; | ||
| 3937 | } | ||
| 3938 | |||
| 3939 | - list_for_each_entry_rcu(data, &event_file->triggers, list) { | ||
| 3940 | + list_for_each_entry(data, &event_file->triggers, list) { | ||
| 3941 | if (data->cmd_ops->trigger_type == ETT_EVENT_HIST) | ||
| 3942 | hist_trigger_show(m, data, n++); | ||
| 3943 | } | ||
| 3944 | @@ -5921,7 +5951,9 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops, | ||
| 3945 | if (hist_data->attrs->name && !named_data) | ||
| 3946 | goto new; | ||
| 3947 | |||
| 3948 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3949 | + lockdep_assert_held(&event_mutex); | ||
| 3950 | + | ||
| 3951 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3952 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3953 | if (!hist_trigger_match(data, test, named_data, false)) | ||
| 3954 | continue; | ||
| 3955 | @@ -6005,10 +6037,12 @@ static bool have_hist_trigger_match(struct event_trigger_data *data, | ||
| 3956 | struct event_trigger_data *test, *named_data = NULL; | ||
| 3957 | bool match = false; | ||
| 3958 | |||
| 3959 | + lockdep_assert_held(&event_mutex); | ||
| 3960 | + | ||
| 3961 | if (hist_data->attrs->name) | ||
| 3962 | named_data = find_named_trigger(hist_data->attrs->name); | ||
| 3963 | |||
| 3964 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3965 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3966 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3967 | if (hist_trigger_match(data, test, named_data, false)) { | ||
| 3968 | match = true; | ||
| 3969 | @@ -6026,10 +6060,12 @@ static bool hist_trigger_check_refs(struct event_trigger_data *data, | ||
| 3970 | struct hist_trigger_data *hist_data = data->private_data; | ||
| 3971 | struct event_trigger_data *test, *named_data = NULL; | ||
| 3972 | |||
| 3973 | + lockdep_assert_held(&event_mutex); | ||
| 3974 | + | ||
| 3975 | if (hist_data->attrs->name) | ||
| 3976 | named_data = find_named_trigger(hist_data->attrs->name); | ||
| 3977 | |||
| 3978 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3979 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3980 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3981 | if (!hist_trigger_match(data, test, named_data, false)) | ||
| 3982 | continue; | ||
| 3983 | @@ -6051,10 +6087,12 @@ static void hist_unregister_trigger(char *glob, struct event_trigger_ops *ops, | ||
| 3984 | struct event_trigger_data *test, *named_data = NULL; | ||
| 3985 | bool unregistered = false; | ||
| 3986 | |||
| 3987 | + lockdep_assert_held(&event_mutex); | ||
| 3988 | + | ||
| 3989 | if (hist_data->attrs->name) | ||
| 3990 | named_data = find_named_trigger(hist_data->attrs->name); | ||
| 3991 | |||
| 3992 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 3993 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 3994 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 3995 | if (!hist_trigger_match(data, test, named_data, false)) | ||
| 3996 | continue; | ||
| 3997 | @@ -6080,7 +6118,9 @@ static bool hist_file_check_refs(struct trace_event_file *file) | ||
| 3998 | struct hist_trigger_data *hist_data; | ||
| 3999 | struct event_trigger_data *test; | ||
| 4000 | |||
| 4001 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 4002 | + lockdep_assert_held(&event_mutex); | ||
| 4003 | + | ||
| 4004 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 4005 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 4006 | hist_data = test->private_data; | ||
| 4007 | if (check_var_refs(hist_data)) | ||
| 4008 | @@ -6323,7 +6363,8 @@ hist_enable_trigger(struct event_trigger_data *data, void *rec, | ||
| 4009 | struct enable_trigger_data *enable_data = data->private_data; | ||
| 4010 | struct event_trigger_data *test; | ||
| 4011 | |||
| 4012 | - list_for_each_entry_rcu(test, &enable_data->file->triggers, list) { | ||
| 4013 | + list_for_each_entry_rcu(test, &enable_data->file->triggers, list, | ||
| 4014 | + lockdep_is_held(&event_mutex)) { | ||
| 4015 | if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { | ||
| 4016 | if (enable_data->enable) | ||
| 4017 | test->paused = false; | ||
| 4018 | diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c | ||
| 4019 | index 2cd53ca21b51..40106fff06a4 100644 | ||
| 4020 | --- a/kernel/trace/trace_events_trigger.c | ||
| 4021 | +++ b/kernel/trace/trace_events_trigger.c | ||
| 4022 | @@ -501,7 +501,9 @@ void update_cond_flag(struct trace_event_file *file) | ||
| 4023 | struct event_trigger_data *data; | ||
| 4024 | bool set_cond = false; | ||
| 4025 | |||
| 4026 | - list_for_each_entry_rcu(data, &file->triggers, list) { | ||
| 4027 | + lockdep_assert_held(&event_mutex); | ||
| 4028 | + | ||
| 4029 | + list_for_each_entry(data, &file->triggers, list) { | ||
| 4030 | if (data->filter || event_command_post_trigger(data->cmd_ops) || | ||
| 4031 | event_command_needs_rec(data->cmd_ops)) { | ||
| 4032 | set_cond = true; | ||
| 4033 | @@ -536,7 +538,9 @@ static int register_trigger(char *glob, struct event_trigger_ops *ops, | ||
| 4034 | struct event_trigger_data *test; | ||
| 4035 | int ret = 0; | ||
| 4036 | |||
| 4037 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 4038 | + lockdep_assert_held(&event_mutex); | ||
| 4039 | + | ||
| 4040 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 4041 | if (test->cmd_ops->trigger_type == data->cmd_ops->trigger_type) { | ||
| 4042 | ret = -EEXIST; | ||
| 4043 | goto out; | ||
| 4044 | @@ -581,7 +585,9 @@ static void unregister_trigger(char *glob, struct event_trigger_ops *ops, | ||
| 4045 | struct event_trigger_data *data; | ||
| 4046 | bool unregistered = false; | ||
| 4047 | |||
| 4048 | - list_for_each_entry_rcu(data, &file->triggers, list) { | ||
| 4049 | + lockdep_assert_held(&event_mutex); | ||
| 4050 | + | ||
| 4051 | + list_for_each_entry(data, &file->triggers, list) { | ||
| 4052 | if (data->cmd_ops->trigger_type == test->cmd_ops->trigger_type) { | ||
| 4053 | unregistered = true; | ||
| 4054 | list_del_rcu(&data->list); | ||
| 4055 | @@ -1497,7 +1503,9 @@ int event_enable_register_trigger(char *glob, | ||
| 4056 | struct event_trigger_data *test; | ||
| 4057 | int ret = 0; | ||
| 4058 | |||
| 4059 | - list_for_each_entry_rcu(test, &file->triggers, list) { | ||
| 4060 | + lockdep_assert_held(&event_mutex); | ||
| 4061 | + | ||
| 4062 | + list_for_each_entry(test, &file->triggers, list) { | ||
| 4063 | test_enable_data = test->private_data; | ||
| 4064 | if (test_enable_data && | ||
| 4065 | (test->cmd_ops->trigger_type == | ||
| 4066 | @@ -1537,7 +1545,9 @@ void event_enable_unregister_trigger(char *glob, | ||
| 4067 | struct event_trigger_data *data; | ||
| 4068 | bool unregistered = false; | ||
| 4069 | |||
| 4070 | - list_for_each_entry_rcu(data, &file->triggers, list) { | ||
| 4071 | + lockdep_assert_held(&event_mutex); | ||
| 4072 | + | ||
| 4073 | + list_for_each_entry(data, &file->triggers, list) { | ||
| 4074 | enable_data = data->private_data; | ||
| 4075 | if (enable_data && | ||
| 4076 | (data->cmd_ops->trigger_type == | ||
| 4077 | diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c | ||
| 4078 | index 7f890262c8a3..3e5f9c7d939c 100644 | ||
| 4079 | --- a/kernel/trace/trace_kprobe.c | ||
| 4080 | +++ b/kernel/trace/trace_kprobe.c | ||
| 4081 | @@ -290,7 +290,7 @@ static struct trace_kprobe *alloc_trace_kprobe(const char *group, | ||
| 4082 | INIT_HLIST_NODE(&tk->rp.kp.hlist); | ||
| 4083 | INIT_LIST_HEAD(&tk->rp.kp.list); | ||
| 4084 | |||
| 4085 | - ret = trace_probe_init(&tk->tp, event, group); | ||
| 4086 | + ret = trace_probe_init(&tk->tp, event, group, 0); | ||
| 4087 | if (ret < 0) | ||
| 4088 | goto error; | ||
| 4089 | |||
| 4090 | diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c | ||
| 4091 | index 905b10af5d5c..bba18cf44a30 100644 | ||
| 4092 | --- a/kernel/trace/trace_probe.c | ||
| 4093 | +++ b/kernel/trace/trace_probe.c | ||
| 4094 | @@ -984,7 +984,7 @@ void trace_probe_cleanup(struct trace_probe *tp) | ||
| 4095 | } | ||
| 4096 | |||
| 4097 | int trace_probe_init(struct trace_probe *tp, const char *event, | ||
| 4098 | - const char *group) | ||
| 4099 | + const char *group, size_t event_data_size) | ||
| 4100 | { | ||
| 4101 | struct trace_event_call *call; | ||
| 4102 | int ret = 0; | ||
| 4103 | @@ -992,7 +992,8 @@ int trace_probe_init(struct trace_probe *tp, const char *event, | ||
| 4104 | if (!event || !group) | ||
| 4105 | return -EINVAL; | ||
| 4106 | |||
| 4107 | - tp->event = kzalloc(sizeof(struct trace_probe_event), GFP_KERNEL); | ||
| 4108 | + tp->event = kzalloc(sizeof(struct trace_probe_event) + event_data_size, | ||
| 4109 | + GFP_KERNEL); | ||
| 4110 | if (!tp->event) | ||
| 4111 | return -ENOMEM; | ||
| 4112 | |||
| 4113 | diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h | ||
| 4114 | index 4ee703728aec..03e4e180058d 100644 | ||
| 4115 | --- a/kernel/trace/trace_probe.h | ||
| 4116 | +++ b/kernel/trace/trace_probe.h | ||
| 4117 | @@ -230,6 +230,7 @@ struct trace_probe_event { | ||
| 4118 | struct trace_event_call call; | ||
| 4119 | struct list_head files; | ||
| 4120 | struct list_head probes; | ||
| 4121 | + char data[0]; | ||
| 4122 | }; | ||
| 4123 | |||
| 4124 | struct trace_probe { | ||
| 4125 | @@ -322,7 +323,7 @@ static inline bool trace_probe_has_single_file(struct trace_probe *tp) | ||
| 4126 | } | ||
| 4127 | |||
| 4128 | int trace_probe_init(struct trace_probe *tp, const char *event, | ||
| 4129 | - const char *group); | ||
| 4130 | + const char *group, size_t event_data_size); | ||
| 4131 | void trace_probe_cleanup(struct trace_probe *tp); | ||
| 4132 | int trace_probe_append(struct trace_probe *tp, struct trace_probe *to); | ||
| 4133 | void trace_probe_unlink(struct trace_probe *tp); | ||
| 4134 | diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c | ||
| 4135 | index 352073d36585..f66e202fec13 100644 | ||
| 4136 | --- a/kernel/trace/trace_uprobe.c | ||
| 4137 | +++ b/kernel/trace/trace_uprobe.c | ||
| 4138 | @@ -60,7 +60,6 @@ static struct dyn_event_operations trace_uprobe_ops = { | ||
| 4139 | */ | ||
| 4140 | struct trace_uprobe { | ||
| 4141 | struct dyn_event devent; | ||
| 4142 | - struct trace_uprobe_filter filter; | ||
| 4143 | struct uprobe_consumer consumer; | ||
| 4144 | struct path path; | ||
| 4145 | struct inode *inode; | ||
| 4146 | @@ -264,6 +263,14 @@ process_fetch_insn(struct fetch_insn *code, struct pt_regs *regs, void *dest, | ||
| 4147 | } | ||
| 4148 | NOKPROBE_SYMBOL(process_fetch_insn) | ||
| 4149 | |||
| 4150 | +static struct trace_uprobe_filter * | ||
| 4151 | +trace_uprobe_get_filter(struct trace_uprobe *tu) | ||
| 4152 | +{ | ||
| 4153 | + struct trace_probe_event *event = tu->tp.event; | ||
| 4154 | + | ||
| 4155 | + return (struct trace_uprobe_filter *)&event->data[0]; | ||
| 4156 | +} | ||
| 4157 | + | ||
| 4158 | static inline void init_trace_uprobe_filter(struct trace_uprobe_filter *filter) | ||
| 4159 | { | ||
| 4160 | rwlock_init(&filter->rwlock); | ||
| 4161 | @@ -351,7 +358,8 @@ alloc_trace_uprobe(const char *group, const char *event, int nargs, bool is_ret) | ||
| 4162 | if (!tu) | ||
| 4163 | return ERR_PTR(-ENOMEM); | ||
| 4164 | |||
| 4165 | - ret = trace_probe_init(&tu->tp, event, group); | ||
| 4166 | + ret = trace_probe_init(&tu->tp, event, group, | ||
| 4167 | + sizeof(struct trace_uprobe_filter)); | ||
| 4168 | if (ret < 0) | ||
| 4169 | goto error; | ||
| 4170 | |||
| 4171 | @@ -359,7 +367,7 @@ alloc_trace_uprobe(const char *group, const char *event, int nargs, bool is_ret) | ||
| 4172 | tu->consumer.handler = uprobe_dispatcher; | ||
| 4173 | if (is_ret) | ||
| 4174 | tu->consumer.ret_handler = uretprobe_dispatcher; | ||
| 4175 | - init_trace_uprobe_filter(&tu->filter); | ||
| 4176 | + init_trace_uprobe_filter(trace_uprobe_get_filter(tu)); | ||
| 4177 | return tu; | ||
| 4178 | |||
| 4179 | error: | ||
| 4180 | @@ -1067,13 +1075,14 @@ static void __probe_event_disable(struct trace_probe *tp) | ||
| 4181 | struct trace_probe *pos; | ||
| 4182 | struct trace_uprobe *tu; | ||
| 4183 | |||
| 4184 | + tu = container_of(tp, struct trace_uprobe, tp); | ||
| 4185 | + WARN_ON(!uprobe_filter_is_empty(trace_uprobe_get_filter(tu))); | ||
| 4186 | + | ||
| 4187 | list_for_each_entry(pos, trace_probe_probe_list(tp), list) { | ||
| 4188 | tu = container_of(pos, struct trace_uprobe, tp); | ||
| 4189 | if (!tu->inode) | ||
| 4190 | continue; | ||
| 4191 | |||
| 4192 | - WARN_ON(!uprobe_filter_is_empty(&tu->filter)); | ||
| 4193 | - | ||
| 4194 | uprobe_unregister(tu->inode, tu->offset, &tu->consumer); | ||
| 4195 | tu->inode = NULL; | ||
| 4196 | } | ||
| 4197 | @@ -1108,7 +1117,7 @@ static int probe_event_enable(struct trace_event_call *call, | ||
| 4198 | } | ||
| 4199 | |||
| 4200 | tu = container_of(tp, struct trace_uprobe, tp); | ||
| 4201 | - WARN_ON(!uprobe_filter_is_empty(&tu->filter)); | ||
| 4202 | + WARN_ON(!uprobe_filter_is_empty(trace_uprobe_get_filter(tu))); | ||
| 4203 | |||
| 4204 | if (enabled) | ||
| 4205 | return 0; | ||
| 4206 | @@ -1205,39 +1214,39 @@ __uprobe_perf_filter(struct trace_uprobe_filter *filter, struct mm_struct *mm) | ||
| 4207 | } | ||
| 4208 | |||
| 4209 | static inline bool | ||
| 4210 | -uprobe_filter_event(struct trace_uprobe *tu, struct perf_event *event) | ||
| 4211 | +trace_uprobe_filter_event(struct trace_uprobe_filter *filter, | ||
| 4212 | + struct perf_event *event) | ||
| 4213 | { | ||
| 4214 | - return __uprobe_perf_filter(&tu->filter, event->hw.target->mm); | ||
| 4215 | + return __uprobe_perf_filter(filter, event->hw.target->mm); | ||
| 4216 | } | ||
| 4217 | |||
| 4218 | -static int uprobe_perf_close(struct trace_uprobe *tu, struct perf_event *event) | ||
| 4219 | +static bool trace_uprobe_filter_remove(struct trace_uprobe_filter *filter, | ||
| 4220 | + struct perf_event *event) | ||
| 4221 | { | ||
| 4222 | bool done; | ||
| 4223 | |||
| 4224 | - write_lock(&tu->filter.rwlock); | ||
| 4225 | + write_lock(&filter->rwlock); | ||
| 4226 | if (event->hw.target) { | ||
| 4227 | list_del(&event->hw.tp_list); | ||
| 4228 | - done = tu->filter.nr_systemwide || | ||
| 4229 | + done = filter->nr_systemwide || | ||
| 4230 | (event->hw.target->flags & PF_EXITING) || | ||
| 4231 | - uprobe_filter_event(tu, event); | ||
| 4232 | + trace_uprobe_filter_event(filter, event); | ||
| 4233 | } else { | ||
| 4234 | - tu->filter.nr_systemwide--; | ||
| 4235 | - done = tu->filter.nr_systemwide; | ||
| 4236 | + filter->nr_systemwide--; | ||
| 4237 | + done = filter->nr_systemwide; | ||
| 4238 | } | ||
| 4239 | - write_unlock(&tu->filter.rwlock); | ||
| 4240 | - | ||
| 4241 | - if (!done) | ||
| 4242 | - return uprobe_apply(tu->inode, tu->offset, &tu->consumer, false); | ||
| 4243 | + write_unlock(&filter->rwlock); | ||
| 4244 | |||
| 4245 | - return 0; | ||
| 4246 | + return done; | ||
| 4247 | } | ||
| 4248 | |||
| 4249 | -static int uprobe_perf_open(struct trace_uprobe *tu, struct perf_event *event) | ||
| 4250 | +/* This returns true if the filter always covers target mm */ | ||
| 4251 | +static bool trace_uprobe_filter_add(struct trace_uprobe_filter *filter, | ||
| 4252 | + struct perf_event *event) | ||
| 4253 | { | ||
| 4254 | bool done; | ||
| 4255 | - int err; | ||
| 4256 | |||
| 4257 | - write_lock(&tu->filter.rwlock); | ||
| 4258 | + write_lock(&filter->rwlock); | ||
| 4259 | if (event->hw.target) { | ||
| 4260 | /* | ||
| 4261 | * event->parent != NULL means copy_process(), we can avoid | ||
| 4262 | @@ -1247,28 +1256,21 @@ static int uprobe_perf_open(struct trace_uprobe *tu, struct perf_event *event) | ||
| 4263 | * attr.enable_on_exec means that exec/mmap will install the | ||
| 4264 | * breakpoints we need. | ||
| 4265 | */ | ||
| 4266 | - done = tu->filter.nr_systemwide || | ||
| 4267 | + done = filter->nr_systemwide || | ||
| 4268 | event->parent || event->attr.enable_on_exec || | ||
| 4269 | - uprobe_filter_event(tu, event); | ||
| 4270 | - list_add(&event->hw.tp_list, &tu->filter.perf_events); | ||
| 4271 | + trace_uprobe_filter_event(filter, event); | ||
| 4272 | + list_add(&event->hw.tp_list, &filter->perf_events); | ||
| 4273 | } else { | ||
| 4274 | - done = tu->filter.nr_systemwide; | ||
| 4275 | - tu->filter.nr_systemwide++; | ||
| 4276 | + done = filter->nr_systemwide; | ||
| 4277 | + filter->nr_systemwide++; | ||
| 4278 | } | ||
| 4279 | - write_unlock(&tu->filter.rwlock); | ||
| 4280 | + write_unlock(&filter->rwlock); | ||
| 4281 | |||
| 4282 | - err = 0; | ||
| 4283 | - if (!done) { | ||
| 4284 | - err = uprobe_apply(tu->inode, tu->offset, &tu->consumer, true); | ||
| 4285 | - if (err) | ||
| 4286 | - uprobe_perf_close(tu, event); | ||
| 4287 | - } | ||
| 4288 | - return err; | ||
| 4289 | + return done; | ||
| 4290 | } | ||
| 4291 | |||
| 4292 | -static int uprobe_perf_multi_call(struct trace_event_call *call, | ||
| 4293 | - struct perf_event *event, | ||
| 4294 | - int (*op)(struct trace_uprobe *tu, struct perf_event *event)) | ||
| 4295 | +static int uprobe_perf_close(struct trace_event_call *call, | ||
| 4296 | + struct perf_event *event) | ||
| 4297 | { | ||
| 4298 | struct trace_probe *pos, *tp; | ||
| 4299 | struct trace_uprobe *tu; | ||
| 4300 | @@ -1278,25 +1280,59 @@ static int uprobe_perf_multi_call(struct trace_event_call *call, | ||
| 4301 | if (WARN_ON_ONCE(!tp)) | ||
| 4302 | return -ENODEV; | ||
| 4303 | |||
| 4304 | + tu = container_of(tp, struct trace_uprobe, tp); | ||
| 4305 | + if (trace_uprobe_filter_remove(trace_uprobe_get_filter(tu), event)) | ||
| 4306 | + return 0; | ||
| 4307 | + | ||
| 4308 | list_for_each_entry(pos, trace_probe_probe_list(tp), list) { | ||
| 4309 | tu = container_of(pos, struct trace_uprobe, tp); | ||
| 4310 | - ret = op(tu, event); | ||
| 4311 | + ret = uprobe_apply(tu->inode, tu->offset, &tu->consumer, false); | ||
| 4312 | if (ret) | ||
| 4313 | break; | ||
| 4314 | } | ||
| 4315 | |||
| 4316 | return ret; | ||
| 4317 | } | ||
| 4318 | + | ||
| 4319 | +static int uprobe_perf_open(struct trace_event_call *call, | ||
| 4320 | + struct perf_event *event) | ||
| 4321 | +{ | ||
| 4322 | + struct trace_probe *pos, *tp; | ||
| 4323 | + struct trace_uprobe *tu; | ||
| 4324 | + int err = 0; | ||
| 4325 | + | ||
| 4326 | + tp = trace_probe_primary_from_call(call); | ||
| 4327 | + if (WARN_ON_ONCE(!tp)) | ||
| 4328 | + return -ENODEV; | ||
| 4329 | + | ||
| 4330 | + tu = container_of(tp, struct trace_uprobe, tp); | ||
| 4331 | + if (trace_uprobe_filter_add(trace_uprobe_get_filter(tu), event)) | ||
| 4332 | + return 0; | ||
| 4333 | + | ||
| 4334 | + list_for_each_entry(pos, trace_probe_probe_list(tp), list) { | ||
| 4335 | + err = uprobe_apply(tu->inode, tu->offset, &tu->consumer, true); | ||
| 4336 | + if (err) { | ||
| 4337 | + uprobe_perf_close(call, event); | ||
| 4338 | + break; | ||
| 4339 | + } | ||
| 4340 | + } | ||
| 4341 | + | ||
| 4342 | + return err; | ||
| 4343 | +} | ||
| 4344 | + | ||
| 4345 | static bool uprobe_perf_filter(struct uprobe_consumer *uc, | ||
| 4346 | enum uprobe_filter_ctx ctx, struct mm_struct *mm) | ||
| 4347 | { | ||
| 4348 | + struct trace_uprobe_filter *filter; | ||
| 4349 | struct trace_uprobe *tu; | ||
| 4350 | int ret; | ||
| 4351 | |||
| 4352 | tu = container_of(uc, struct trace_uprobe, consumer); | ||
| 4353 | - read_lock(&tu->filter.rwlock); | ||
| 4354 | - ret = __uprobe_perf_filter(&tu->filter, mm); | ||
| 4355 | - read_unlock(&tu->filter.rwlock); | ||
| 4356 | + filter = trace_uprobe_get_filter(tu); | ||
| 4357 | + | ||
| 4358 | + read_lock(&filter->rwlock); | ||
| 4359 | + ret = __uprobe_perf_filter(filter, mm); | ||
| 4360 | + read_unlock(&filter->rwlock); | ||
| 4361 | |||
| 4362 | return ret; | ||
| 4363 | } | ||
| 4364 | @@ -1419,10 +1455,10 @@ trace_uprobe_register(struct trace_event_call *event, enum trace_reg type, | ||
| 4365 | return 0; | ||
| 4366 | |||
| 4367 | case TRACE_REG_PERF_OPEN: | ||
| 4368 | - return uprobe_perf_multi_call(event, data, uprobe_perf_open); | ||
| 4369 | + return uprobe_perf_open(event, data); | ||
| 4370 | |||
| 4371 | case TRACE_REG_PERF_CLOSE: | ||
| 4372 | - return uprobe_perf_multi_call(event, data, uprobe_perf_close); | ||
| 4373 | + return uprobe_perf_close(event, data); | ||
| 4374 | |||
| 4375 | #endif | ||
| 4376 | default: | ||
| 4377 | diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c | ||
| 4378 | index dccb95af6003..706020b06617 100644 | ||
| 4379 | --- a/lib/strncpy_from_user.c | ||
| 4380 | +++ b/lib/strncpy_from_user.c | ||
| 4381 | @@ -30,13 +30,6 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, | ||
| 4382 | const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; | ||
| 4383 | unsigned long res = 0; | ||
| 4384 | |||
| 4385 | - /* | ||
| 4386 | - * Truncate 'max' to the user-specified limit, so that | ||
| 4387 | - * we only have one limit we need to check in the loop | ||
| 4388 | - */ | ||
| 4389 | - if (max > count) | ||
| 4390 | - max = count; | ||
| 4391 | - | ||
| 4392 | if (IS_UNALIGNED(src, dst)) | ||
| 4393 | goto byte_at_a_time; | ||
| 4394 | |||
| 4395 | @@ -114,6 +107,13 @@ long strncpy_from_user(char *dst, const char __user *src, long count) | ||
| 4396 | unsigned long max = max_addr - src_addr; | ||
| 4397 | long retval; | ||
| 4398 | |||
| 4399 | + /* | ||
| 4400 | + * Truncate 'max' to the user-specified limit, so that | ||
| 4401 | + * we only have one limit we need to check in the loop | ||
| 4402 | + */ | ||
| 4403 | + if (max > count) | ||
| 4404 | + max = count; | ||
| 4405 | + | ||
| 4406 | kasan_check_write(dst, count); | ||
| 4407 | check_object_size(dst, count, false); | ||
| 4408 | if (user_access_begin(src, max)) { | ||
| 4409 | diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c | ||
| 4410 | index 6c0005d5dd5c..41670d4a5816 100644 | ||
| 4411 | --- a/lib/strnlen_user.c | ||
| 4412 | +++ b/lib/strnlen_user.c | ||
| 4413 | @@ -26,13 +26,6 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, | ||
| 4414 | unsigned long align, res = 0; | ||
| 4415 | unsigned long c; | ||
| 4416 | |||
| 4417 | - /* | ||
| 4418 | - * Truncate 'max' to the user-specified limit, so that | ||
| 4419 | - * we only have one limit we need to check in the loop | ||
| 4420 | - */ | ||
| 4421 | - if (max > count) | ||
| 4422 | - max = count; | ||
| 4423 | - | ||
| 4424 | /* | ||
| 4425 | * Do everything aligned. But that means that we | ||
| 4426 | * need to also expand the maximum.. | ||
| 4427 | @@ -109,6 +102,13 @@ long strnlen_user(const char __user *str, long count) | ||
| 4428 | unsigned long max = max_addr - src_addr; | ||
| 4429 | long retval; | ||
| 4430 | |||
| 4431 | + /* | ||
| 4432 | + * Truncate 'max' to the user-specified limit, so that | ||
| 4433 | + * we only have one limit we need to check in the loop | ||
| 4434 | + */ | ||
| 4435 | + if (max > count) | ||
| 4436 | + max = count; | ||
| 4437 | + | ||
| 4438 | if (user_access_begin(str, max)) { | ||
| 4439 | retval = do_strnlen_user(str, count, max); | ||
| 4440 | user_access_end(); | ||
| 4441 | diff --git a/lib/test_xarray.c b/lib/test_xarray.c | ||
| 4442 | index 7df4f7f395bf..03c3f42966ce 100644 | ||
| 4443 | --- a/lib/test_xarray.c | ||
| 4444 | +++ b/lib/test_xarray.c | ||
| 4445 | @@ -2,6 +2,7 @@ | ||
| 4446 | /* | ||
| 4447 | * test_xarray.c: Test the XArray API | ||
| 4448 | * Copyright (c) 2017-2018 Microsoft Corporation | ||
| 4449 | + * Copyright (c) 2019-2020 Oracle | ||
| 4450 | * Author: Matthew Wilcox <willy@infradead.org> | ||
| 4451 | */ | ||
| 4452 | |||
| 4453 | @@ -902,28 +903,34 @@ static noinline void check_store_iter(struct xarray *xa) | ||
| 4454 | XA_BUG_ON(xa, !xa_empty(xa)); | ||
| 4455 | } | ||
| 4456 | |||
| 4457 | -static noinline void check_multi_find(struct xarray *xa) | ||
| 4458 | +static noinline void check_multi_find_1(struct xarray *xa, unsigned order) | ||
| 4459 | { | ||
| 4460 | #ifdef CONFIG_XARRAY_MULTI | ||
| 4461 | + unsigned long multi = 3 << order; | ||
| 4462 | + unsigned long next = 4 << order; | ||
| 4463 | unsigned long index; | ||
| 4464 | |||
| 4465 | - xa_store_order(xa, 12, 2, xa_mk_value(12), GFP_KERNEL); | ||
| 4466 | - XA_BUG_ON(xa, xa_store_index(xa, 16, GFP_KERNEL) != NULL); | ||
| 4467 | + xa_store_order(xa, multi, order, xa_mk_value(multi), GFP_KERNEL); | ||
| 4468 | + XA_BUG_ON(xa, xa_store_index(xa, next, GFP_KERNEL) != NULL); | ||
| 4469 | + XA_BUG_ON(xa, xa_store_index(xa, next + 1, GFP_KERNEL) != NULL); | ||
| 4470 | |||
| 4471 | index = 0; | ||
| 4472 | XA_BUG_ON(xa, xa_find(xa, &index, ULONG_MAX, XA_PRESENT) != | ||
| 4473 | - xa_mk_value(12)); | ||
| 4474 | - XA_BUG_ON(xa, index != 12); | ||
| 4475 | - index = 13; | ||
| 4476 | + xa_mk_value(multi)); | ||
| 4477 | + XA_BUG_ON(xa, index != multi); | ||
| 4478 | + index = multi + 1; | ||
| 4479 | XA_BUG_ON(xa, xa_find(xa, &index, ULONG_MAX, XA_PRESENT) != | ||
| 4480 | - xa_mk_value(12)); | ||
| 4481 | - XA_BUG_ON(xa, (index < 12) || (index >= 16)); | ||
| 4482 | + xa_mk_value(multi)); | ||
| 4483 | + XA_BUG_ON(xa, (index < multi) || (index >= next)); | ||
| 4484 | XA_BUG_ON(xa, xa_find_after(xa, &index, ULONG_MAX, XA_PRESENT) != | ||
| 4485 | - xa_mk_value(16)); | ||
| 4486 | - XA_BUG_ON(xa, index != 16); | ||
| 4487 | - | ||
| 4488 | - xa_erase_index(xa, 12); | ||
| 4489 | - xa_erase_index(xa, 16); | ||
| 4490 | + xa_mk_value(next)); | ||
| 4491 | + XA_BUG_ON(xa, index != next); | ||
| 4492 | + XA_BUG_ON(xa, xa_find_after(xa, &index, next, XA_PRESENT) != NULL); | ||
| 4493 | + XA_BUG_ON(xa, index != next); | ||
| 4494 | + | ||
| 4495 | + xa_erase_index(xa, multi); | ||
| 4496 | + xa_erase_index(xa, next); | ||
| 4497 | + xa_erase_index(xa, next + 1); | ||
| 4498 | XA_BUG_ON(xa, !xa_empty(xa)); | ||
| 4499 | #endif | ||
| 4500 | } | ||
| 4501 | @@ -1046,12 +1053,33 @@ static noinline void check_find_3(struct xarray *xa) | ||
| 4502 | xa_destroy(xa); | ||
| 4503 | } | ||
| 4504 | |||
| 4505 | +static noinline void check_find_4(struct xarray *xa) | ||
| 4506 | +{ | ||
| 4507 | + unsigned long index = 0; | ||
| 4508 | + void *entry; | ||
| 4509 | + | ||
| 4510 | + xa_store_index(xa, ULONG_MAX, GFP_KERNEL); | ||
| 4511 | + | ||
| 4512 | + entry = xa_find_after(xa, &index, ULONG_MAX, XA_PRESENT); | ||
| 4513 | + XA_BUG_ON(xa, entry != xa_mk_index(ULONG_MAX)); | ||
| 4514 | + | ||
| 4515 | + entry = xa_find_after(xa, &index, ULONG_MAX, XA_PRESENT); | ||
| 4516 | + XA_BUG_ON(xa, entry); | ||
| 4517 | + | ||
| 4518 | + xa_erase_index(xa, ULONG_MAX); | ||
| 4519 | +} | ||
| 4520 | + | ||
| 4521 | static noinline void check_find(struct xarray *xa) | ||
| 4522 | { | ||
| 4523 | + unsigned i; | ||
| 4524 | + | ||
| 4525 | check_find_1(xa); | ||
| 4526 | check_find_2(xa); | ||
| 4527 | check_find_3(xa); | ||
| 4528 | - check_multi_find(xa); | ||
| 4529 | + check_find_4(xa); | ||
| 4530 | + | ||
| 4531 | + for (i = 2; i < 10; i++) | ||
| 4532 | + check_multi_find_1(xa, i); | ||
| 4533 | check_multi_find_2(xa); | ||
| 4534 | } | ||
| 4535 | |||
| 4536 | diff --git a/lib/xarray.c b/lib/xarray.c | ||
| 4537 | index 1237c213f52b..47e17d46e5f8 100644 | ||
| 4538 | --- a/lib/xarray.c | ||
| 4539 | +++ b/lib/xarray.c | ||
| 4540 | @@ -1,7 +1,8 @@ | ||
| 4541 | // SPDX-License-Identifier: GPL-2.0+ | ||
| 4542 | /* | ||
| 4543 | * XArray implementation | ||
| 4544 | - * Copyright (c) 2017 Microsoft Corporation | ||
| 4545 | + * Copyright (c) 2017-2018 Microsoft Corporation | ||
| 4546 | + * Copyright (c) 2018-2020 Oracle | ||
| 4547 | * Author: Matthew Wilcox <willy@infradead.org> | ||
| 4548 | */ | ||
| 4549 | |||
| 4550 | @@ -1081,6 +1082,8 @@ void *xas_find(struct xa_state *xas, unsigned long max) | ||
| 4551 | |||
| 4552 | if (xas_error(xas)) | ||
| 4553 | return NULL; | ||
| 4554 | + if (xas->xa_index > max) | ||
| 4555 | + return set_bounds(xas); | ||
| 4556 | |||
| 4557 | if (!xas->xa_node) { | ||
| 4558 | xas->xa_index = 1; | ||
| 4559 | @@ -1150,6 +1153,8 @@ void *xas_find_marked(struct xa_state *xas, unsigned long max, xa_mark_t mark) | ||
| 4560 | |||
| 4561 | if (xas_error(xas)) | ||
| 4562 | return NULL; | ||
| 4563 | + if (xas->xa_index > max) | ||
| 4564 | + goto max; | ||
| 4565 | |||
| 4566 | if (!xas->xa_node) { | ||
| 4567 | xas->xa_index = 1; | ||
| 4568 | @@ -1824,6 +1829,17 @@ void *xa_find(struct xarray *xa, unsigned long *indexp, | ||
| 4569 | } | ||
| 4570 | EXPORT_SYMBOL(xa_find); | ||
| 4571 | |||
| 4572 | +static bool xas_sibling(struct xa_state *xas) | ||
| 4573 | +{ | ||
| 4574 | + struct xa_node *node = xas->xa_node; | ||
| 4575 | + unsigned long mask; | ||
| 4576 | + | ||
| 4577 | + if (!node) | ||
| 4578 | + return false; | ||
| 4579 | + mask = (XA_CHUNK_SIZE << node->shift) - 1; | ||
| 4580 | + return (xas->xa_index & mask) > (xas->xa_offset << node->shift); | ||
| 4581 | +} | ||
| 4582 | + | ||
| 4583 | /** | ||
| 4584 | * xa_find_after() - Search the XArray for a present entry. | ||
| 4585 | * @xa: XArray. | ||
| 4586 | @@ -1847,21 +1863,20 @@ void *xa_find_after(struct xarray *xa, unsigned long *indexp, | ||
| 4587 | XA_STATE(xas, xa, *indexp + 1); | ||
| 4588 | void *entry; | ||
| 4589 | |||
| 4590 | + if (xas.xa_index == 0) | ||
| 4591 | + return NULL; | ||
| 4592 | + | ||
| 4593 | rcu_read_lock(); | ||
| 4594 | for (;;) { | ||
| 4595 | if ((__force unsigned int)filter < XA_MAX_MARKS) | ||
| 4596 | entry = xas_find_marked(&xas, max, filter); | ||
| 4597 | else | ||
| 4598 | entry = xas_find(&xas, max); | ||
| 4599 | - if (xas.xa_node == XAS_BOUNDS) | ||
| 4600 | + | ||
| 4601 | + if (xas_invalid(&xas)) | ||
| 4602 | break; | ||
| 4603 | - if (xas.xa_shift) { | ||
| 4604 | - if (xas.xa_index & ((1UL << xas.xa_shift) - 1)) | ||
| 4605 | - continue; | ||
| 4606 | - } else { | ||
| 4607 | - if (xas.xa_offset < (xas.xa_index & XA_CHUNK_MASK)) | ||
| 4608 | - continue; | ||
| 4609 | - } | ||
| 4610 | + if (xas_sibling(&xas)) | ||
| 4611 | + continue; | ||
| 4612 | if (!xas_retry(&xas, entry)) | ||
| 4613 | break; | ||
| 4614 | } | ||
| 4615 | diff --git a/net/core/dev.c b/net/core/dev.c | ||
| 4616 | index 3098c90d60e2..82325d3d1371 100644 | ||
| 4617 | --- a/net/core/dev.c | ||
| 4618 | +++ b/net/core/dev.c | ||
| 4619 | @@ -5270,9 +5270,29 @@ static void flush_all_backlogs(void) | ||
| 4620 | put_online_cpus(); | ||
| 4621 | } | ||
| 4622 | |||
| 4623 | +/* Pass the currently batched GRO_NORMAL SKBs up to the stack. */ | ||
| 4624 | +static void gro_normal_list(struct napi_struct *napi) | ||
| 4625 | +{ | ||
| 4626 | + if (!napi->rx_count) | ||
| 4627 | + return; | ||
| 4628 | + netif_receive_skb_list_internal(&napi->rx_list); | ||
| 4629 | + INIT_LIST_HEAD(&napi->rx_list); | ||
| 4630 | + napi->rx_count = 0; | ||
| 4631 | +} | ||
| 4632 | + | ||
| 4633 | +/* Queue one GRO_NORMAL SKB up for list processing. If batch size exceeded, | ||
| 4634 | + * pass the whole batch up to the stack. | ||
| 4635 | + */ | ||
| 4636 | +static void gro_normal_one(struct napi_struct *napi, struct sk_buff *skb) | ||
| 4637 | +{ | ||
| 4638 | + list_add_tail(&skb->list, &napi->rx_list); | ||
| 4639 | + if (++napi->rx_count >= gro_normal_batch) | ||
| 4640 | + gro_normal_list(napi); | ||
| 4641 | +} | ||
| 4642 | + | ||
| 4643 | INDIRECT_CALLABLE_DECLARE(int inet_gro_complete(struct sk_buff *, int)); | ||
| 4644 | INDIRECT_CALLABLE_DECLARE(int ipv6_gro_complete(struct sk_buff *, int)); | ||
| 4645 | -static int napi_gro_complete(struct sk_buff *skb) | ||
| 4646 | +static int napi_gro_complete(struct napi_struct *napi, struct sk_buff *skb) | ||
| 4647 | { | ||
| 4648 | struct packet_offload *ptype; | ||
| 4649 | __be16 type = skb->protocol; | ||
| 4650 | @@ -5305,7 +5325,8 @@ static int napi_gro_complete(struct sk_buff *skb) | ||
| 4651 | } | ||
| 4652 | |||
| 4653 | out: | ||
| 4654 | - return netif_receive_skb_internal(skb); | ||
| 4655 | + gro_normal_one(napi, skb); | ||
| 4656 | + return NET_RX_SUCCESS; | ||
| 4657 | } | ||
| 4658 | |||
| 4659 | static void __napi_gro_flush_chain(struct napi_struct *napi, u32 index, | ||
| 4660 | @@ -5318,7 +5339,7 @@ static void __napi_gro_flush_chain(struct napi_struct *napi, u32 index, | ||
| 4661 | if (flush_old && NAPI_GRO_CB(skb)->age == jiffies) | ||
| 4662 | return; | ||
| 4663 | skb_list_del_init(skb); | ||
| 4664 | - napi_gro_complete(skb); | ||
| 4665 | + napi_gro_complete(napi, skb); | ||
| 4666 | napi->gro_hash[index].count--; | ||
| 4667 | } | ||
| 4668 | |||
| 4669 | @@ -5421,7 +5442,7 @@ static void gro_pull_from_frag0(struct sk_buff *skb, int grow) | ||
| 4670 | } | ||
| 4671 | } | ||
| 4672 | |||
| 4673 | -static void gro_flush_oldest(struct list_head *head) | ||
| 4674 | +static void gro_flush_oldest(struct napi_struct *napi, struct list_head *head) | ||
| 4675 | { | ||
| 4676 | struct sk_buff *oldest; | ||
| 4677 | |||
| 4678 | @@ -5437,7 +5458,7 @@ static void gro_flush_oldest(struct list_head *head) | ||
| 4679 | * SKB to the chain. | ||
| 4680 | */ | ||
| 4681 | skb_list_del_init(oldest); | ||
| 4682 | - napi_gro_complete(oldest); | ||
| 4683 | + napi_gro_complete(napi, oldest); | ||
| 4684 | } | ||
| 4685 | |||
| 4686 | INDIRECT_CALLABLE_DECLARE(struct sk_buff *inet_gro_receive(struct list_head *, | ||
| 4687 | @@ -5513,7 +5534,7 @@ static enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff | ||
| 4688 | |||
| 4689 | if (pp) { | ||
| 4690 | skb_list_del_init(pp); | ||
| 4691 | - napi_gro_complete(pp); | ||
| 4692 | + napi_gro_complete(napi, pp); | ||
| 4693 | napi->gro_hash[hash].count--; | ||
| 4694 | } | ||
| 4695 | |||
| 4696 | @@ -5524,7 +5545,7 @@ static enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff | ||
| 4697 | goto normal; | ||
| 4698 | |||
| 4699 | if (unlikely(napi->gro_hash[hash].count >= MAX_GRO_SKBS)) { | ||
| 4700 | - gro_flush_oldest(gro_head); | ||
| 4701 | + gro_flush_oldest(napi, gro_head); | ||
| 4702 | } else { | ||
| 4703 | napi->gro_hash[hash].count++; | ||
| 4704 | } | ||
| 4705 | @@ -5672,26 +5693,6 @@ struct sk_buff *napi_get_frags(struct napi_struct *napi) | ||
| 4706 | } | ||
| 4707 | EXPORT_SYMBOL(napi_get_frags); | ||
| 4708 | |||
| 4709 | -/* Pass the currently batched GRO_NORMAL SKBs up to the stack. */ | ||
| 4710 | -static void gro_normal_list(struct napi_struct *napi) | ||
| 4711 | -{ | ||
| 4712 | - if (!napi->rx_count) | ||
| 4713 | - return; | ||
| 4714 | - netif_receive_skb_list_internal(&napi->rx_list); | ||
| 4715 | - INIT_LIST_HEAD(&napi->rx_list); | ||
| 4716 | - napi->rx_count = 0; | ||
| 4717 | -} | ||
| 4718 | - | ||
| 4719 | -/* Queue one GRO_NORMAL SKB up for list processing. If batch size exceeded, | ||
| 4720 | - * pass the whole batch up to the stack. | ||
| 4721 | - */ | ||
| 4722 | -static void gro_normal_one(struct napi_struct *napi, struct sk_buff *skb) | ||
| 4723 | -{ | ||
| 4724 | - list_add_tail(&skb->list, &napi->rx_list); | ||
| 4725 | - if (++napi->rx_count >= gro_normal_batch) | ||
| 4726 | - gro_normal_list(napi); | ||
| 4727 | -} | ||
| 4728 | - | ||
| 4729 | static gro_result_t napi_frags_finish(struct napi_struct *napi, | ||
| 4730 | struct sk_buff *skb, | ||
| 4731 | gro_result_t ret) | ||
| 4732 | @@ -5979,8 +5980,6 @@ bool napi_complete_done(struct napi_struct *n, int work_done) | ||
| 4733 | NAPIF_STATE_IN_BUSY_POLL))) | ||
| 4734 | return false; | ||
| 4735 | |||
| 4736 | - gro_normal_list(n); | ||
| 4737 | - | ||
| 4738 | if (n->gro_bitmask) { | ||
| 4739 | unsigned long timeout = 0; | ||
| 4740 | |||
| 4741 | @@ -5996,6 +5995,9 @@ bool napi_complete_done(struct napi_struct *n, int work_done) | ||
| 4742 | hrtimer_start(&n->timer, ns_to_ktime(timeout), | ||
| 4743 | HRTIMER_MODE_REL_PINNED); | ||
| 4744 | } | ||
| 4745 | + | ||
| 4746 | + gro_normal_list(n); | ||
| 4747 | + | ||
| 4748 | if (unlikely(!list_empty(&n->poll_list))) { | ||
| 4749 | /* If n->poll_list is not empty, we need to mask irqs */ | ||
| 4750 | local_irq_save(flags); | ||
| 4751 | @@ -6327,8 +6329,6 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) | ||
| 4752 | goto out_unlock; | ||
| 4753 | } | ||
| 4754 | |||
| 4755 | - gro_normal_list(n); | ||
| 4756 | - | ||
| 4757 | if (n->gro_bitmask) { | ||
| 4758 | /* flush too old packets | ||
| 4759 | * If HZ < 1000, flush all packets. | ||
| 4760 | @@ -6336,6 +6336,8 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) | ||
| 4761 | napi_gro_flush(n, HZ >= 1000); | ||
| 4762 | } | ||
| 4763 | |||
| 4764 | + gro_normal_list(n); | ||
| 4765 | + | ||
| 4766 | /* Some drivers may have called napi_schedule | ||
| 4767 | * prior to exhausting their budget. | ||
| 4768 | */ | ||
| 4769 | @@ -7973,6 +7975,22 @@ int __dev_set_mtu(struct net_device *dev, int new_mtu) | ||
| 4770 | } | ||
| 4771 | EXPORT_SYMBOL(__dev_set_mtu); | ||
| 4772 | |||
| 4773 | +int dev_validate_mtu(struct net_device *dev, int new_mtu, | ||
| 4774 | + struct netlink_ext_ack *extack) | ||
| 4775 | +{ | ||
| 4776 | + /* MTU must be positive, and in range */ | ||
| 4777 | + if (new_mtu < 0 || new_mtu < dev->min_mtu) { | ||
| 4778 | + NL_SET_ERR_MSG(extack, "mtu less than device minimum"); | ||
| 4779 | + return -EINVAL; | ||
| 4780 | + } | ||
| 4781 | + | ||
| 4782 | + if (dev->max_mtu > 0 && new_mtu > dev->max_mtu) { | ||
| 4783 | + NL_SET_ERR_MSG(extack, "mtu greater than device maximum"); | ||
| 4784 | + return -EINVAL; | ||
| 4785 | + } | ||
| 4786 | + return 0; | ||
| 4787 | +} | ||
| 4788 | + | ||
| 4789 | /** | ||
| 4790 | * dev_set_mtu_ext - Change maximum transfer unit | ||
| 4791 | * @dev: device | ||
| 4792 | @@ -7989,16 +8007,9 @@ int dev_set_mtu_ext(struct net_device *dev, int new_mtu, | ||
| 4793 | if (new_mtu == dev->mtu) | ||
| 4794 | return 0; | ||
| 4795 | |||
| 4796 | - /* MTU must be positive, and in range */ | ||
| 4797 | - if (new_mtu < 0 || new_mtu < dev->min_mtu) { | ||
| 4798 | - NL_SET_ERR_MSG(extack, "mtu less than device minimum"); | ||
| 4799 | - return -EINVAL; | ||
| 4800 | - } | ||
| 4801 | - | ||
| 4802 | - if (dev->max_mtu > 0 && new_mtu > dev->max_mtu) { | ||
| 4803 | - NL_SET_ERR_MSG(extack, "mtu greater than device maximum"); | ||
| 4804 | - return -EINVAL; | ||
| 4805 | - } | ||
| 4806 | + err = dev_validate_mtu(dev, new_mtu, extack); | ||
| 4807 | + if (err) | ||
| 4808 | + return err; | ||
| 4809 | |||
| 4810 | if (!netif_device_present(dev)) | ||
| 4811 | return -ENODEV; | ||
| 4812 | @@ -9073,8 +9084,10 @@ int register_netdevice(struct net_device *dev) | ||
| 4813 | goto err_uninit; | ||
| 4814 | |||
| 4815 | ret = netdev_register_kobject(dev); | ||
| 4816 | - if (ret) | ||
| 4817 | + if (ret) { | ||
| 4818 | + dev->reg_state = NETREG_UNREGISTERED; | ||
| 4819 | goto err_uninit; | ||
| 4820 | + } | ||
| 4821 | dev->reg_state = NETREG_REGISTERED; | ||
| 4822 | |||
| 4823 | __netdev_update_features(dev); | ||
| 4824 | diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c | ||
| 4825 | index e4ec575c1fba..944acb1a9f29 100644 | ||
| 4826 | --- a/net/core/rtnetlink.c | ||
| 4827 | +++ b/net/core/rtnetlink.c | ||
| 4828 | @@ -2959,8 +2959,17 @@ struct net_device *rtnl_create_link(struct net *net, const char *ifname, | ||
| 4829 | dev->rtnl_link_ops = ops; | ||
| 4830 | dev->rtnl_link_state = RTNL_LINK_INITIALIZING; | ||
| 4831 | |||
| 4832 | - if (tb[IFLA_MTU]) | ||
| 4833 | - dev->mtu = nla_get_u32(tb[IFLA_MTU]); | ||
| 4834 | + if (tb[IFLA_MTU]) { | ||
| 4835 | + u32 mtu = nla_get_u32(tb[IFLA_MTU]); | ||
| 4836 | + int err; | ||
| 4837 | + | ||
| 4838 | + err = dev_validate_mtu(dev, mtu, extack); | ||
| 4839 | + if (err) { | ||
| 4840 | + free_netdev(dev); | ||
| 4841 | + return ERR_PTR(err); | ||
| 4842 | + } | ||
| 4843 | + dev->mtu = mtu; | ||
| 4844 | + } | ||
| 4845 | if (tb[IFLA_ADDRESS]) { | ||
| 4846 | memcpy(dev->dev_addr, nla_data(tb[IFLA_ADDRESS]), | ||
| 4847 | nla_len(tb[IFLA_ADDRESS])); | ||
| 4848 | diff --git a/net/core/skmsg.c b/net/core/skmsg.c | ||
| 4849 | index 3866d7e20c07..ded2d5227678 100644 | ||
| 4850 | --- a/net/core/skmsg.c | ||
| 4851 | +++ b/net/core/skmsg.c | ||
| 4852 | @@ -594,8 +594,6 @@ EXPORT_SYMBOL_GPL(sk_psock_destroy); | ||
| 4853 | |||
| 4854 | void sk_psock_drop(struct sock *sk, struct sk_psock *psock) | ||
| 4855 | { | ||
| 4856 | - sock_owned_by_me(sk); | ||
| 4857 | - | ||
| 4858 | sk_psock_cork_free(psock); | ||
| 4859 | sk_psock_zap_ingress(psock); | ||
| 4860 | |||
| 4861 | diff --git a/net/hsr/hsr_main.h b/net/hsr/hsr_main.h | ||
| 4862 | index d40de84a637f..754d84b217f0 100644 | ||
| 4863 | --- a/net/hsr/hsr_main.h | ||
| 4864 | +++ b/net/hsr/hsr_main.h | ||
| 4865 | @@ -191,7 +191,7 @@ void hsr_debugfs_term(struct hsr_priv *priv); | ||
| 4866 | void hsr_debugfs_create_root(void); | ||
| 4867 | void hsr_debugfs_remove_root(void); | ||
| 4868 | #else | ||
| 4869 | -static inline void void hsr_debugfs_rename(struct net_device *dev) | ||
| 4870 | +static inline void hsr_debugfs_rename(struct net_device *dev) | ||
| 4871 | { | ||
| 4872 | } | ||
| 4873 | static inline void hsr_debugfs_init(struct hsr_priv *priv, | ||
| 4874 | diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c | ||
| 4875 | index 0e4a7cf6bc87..e2e219c7854a 100644 | ||
| 4876 | --- a/net/ipv4/esp4_offload.c | ||
| 4877 | +++ b/net/ipv4/esp4_offload.c | ||
| 4878 | @@ -57,6 +57,8 @@ static struct sk_buff *esp4_gro_receive(struct list_head *head, | ||
| 4879 | if (!x) | ||
| 4880 | goto out_reset; | ||
| 4881 | |||
| 4882 | + skb->mark = xfrm_smark_get(skb->mark, x); | ||
| 4883 | + | ||
| 4884 | sp->xvec[sp->len++] = x; | ||
| 4885 | sp->olen++; | ||
| 4886 | |||
| 4887 | diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c | ||
| 4888 | index 1ab2fb6bb37d..f12fa8da6127 100644 | ||
| 4889 | --- a/net/ipv4/fib_trie.c | ||
| 4890 | +++ b/net/ipv4/fib_trie.c | ||
| 4891 | @@ -2175,6 +2175,12 @@ int fib_table_dump(struct fib_table *tb, struct sk_buff *skb, | ||
| 4892 | int count = cb->args[2]; | ||
| 4893 | t_key key = cb->args[3]; | ||
| 4894 | |||
| 4895 | + /* First time here, count and key are both always 0. Count > 0 | ||
| 4896 | + * and key == 0 means the dump has wrapped around and we are done. | ||
| 4897 | + */ | ||
| 4898 | + if (count && !key) | ||
| 4899 | + return skb->len; | ||
| 4900 | + | ||
| 4901 | while ((l = leaf_walk_rcu(&tp, key)) != NULL) { | ||
| 4902 | int err; | ||
| 4903 | |||
| 4904 | diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c | ||
| 4905 | index 30fa771d382a..dcc79ff54b41 100644 | ||
| 4906 | --- a/net/ipv4/fou.c | ||
| 4907 | +++ b/net/ipv4/fou.c | ||
| 4908 | @@ -662,8 +662,8 @@ static const struct nla_policy fou_nl_policy[FOU_ATTR_MAX + 1] = { | ||
| 4909 | [FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, }, | ||
| 4910 | [FOU_ATTR_LOCAL_V4] = { .type = NLA_U32, }, | ||
| 4911 | [FOU_ATTR_PEER_V4] = { .type = NLA_U32, }, | ||
| 4912 | - [FOU_ATTR_LOCAL_V6] = { .type = sizeof(struct in6_addr), }, | ||
| 4913 | - [FOU_ATTR_PEER_V6] = { .type = sizeof(struct in6_addr), }, | ||
| 4914 | + [FOU_ATTR_LOCAL_V6] = { .len = sizeof(struct in6_addr), }, | ||
| 4915 | + [FOU_ATTR_PEER_V6] = { .len = sizeof(struct in6_addr), }, | ||
| 4916 | [FOU_ATTR_PEER_PORT] = { .type = NLA_U16, }, | ||
| 4917 | [FOU_ATTR_IFINDEX] = { .type = NLA_S32, }, | ||
| 4918 | }; | ||
| 4919 | diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c | ||
| 4920 | index 0fe2a5d3e258..74e1d964a615 100644 | ||
| 4921 | --- a/net/ipv4/ip_tunnel.c | ||
| 4922 | +++ b/net/ipv4/ip_tunnel.c | ||
| 4923 | @@ -1236,10 +1236,8 @@ int ip_tunnel_init(struct net_device *dev) | ||
| 4924 | iph->version = 4; | ||
| 4925 | iph->ihl = 5; | ||
| 4926 | |||
| 4927 | - if (tunnel->collect_md) { | ||
| 4928 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
| 4929 | + if (tunnel->collect_md) | ||
| 4930 | netif_keep_dst(dev); | ||
| 4931 | - } | ||
| 4932 | return 0; | ||
| 4933 | } | ||
| 4934 | EXPORT_SYMBOL_GPL(ip_tunnel_init); | ||
| 4935 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c | ||
| 4936 | index 84115577d3dc..3640e8563a10 100644 | ||
| 4937 | --- a/net/ipv4/tcp.c | ||
| 4938 | +++ b/net/ipv4/tcp.c | ||
| 4939 | @@ -2520,6 +2520,7 @@ static void tcp_rtx_queue_purge(struct sock *sk) | ||
| 4940 | { | ||
| 4941 | struct rb_node *p = rb_first(&sk->tcp_rtx_queue); | ||
| 4942 | |||
| 4943 | + tcp_sk(sk)->highest_sack = NULL; | ||
| 4944 | while (p) { | ||
| 4945 | struct sk_buff *skb = rb_to_skb(p); | ||
| 4946 | |||
| 4947 | diff --git a/net/ipv4/tcp_bbr.c b/net/ipv4/tcp_bbr.c | ||
| 4948 | index a6545ef0d27b..6c4d79baff26 100644 | ||
| 4949 | --- a/net/ipv4/tcp_bbr.c | ||
| 4950 | +++ b/net/ipv4/tcp_bbr.c | ||
| 4951 | @@ -779,8 +779,7 @@ static void bbr_update_bw(struct sock *sk, const struct rate_sample *rs) | ||
| 4952 | * bandwidth sample. Delivered is in packets and interval_us in uS and | ||
| 4953 | * ratio will be <<1 for most connections. So delivered is first scaled. | ||
| 4954 | */ | ||
| 4955 | - bw = (u64)rs->delivered * BW_UNIT; | ||
| 4956 | - do_div(bw, rs->interval_us); | ||
| 4957 | + bw = div64_long((u64)rs->delivered * BW_UNIT, rs->interval_us); | ||
| 4958 | |||
| 4959 | /* If this sample is application-limited, it is likely to have a very | ||
| 4960 | * low delivered count that represents application behavior rather than | ||
| 4961 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c | ||
| 4962 | index 59b78ce2ce2e..6f7155d91313 100644 | ||
| 4963 | --- a/net/ipv4/tcp_input.c | ||
| 4964 | +++ b/net/ipv4/tcp_input.c | ||
| 4965 | @@ -3164,6 +3164,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, u32 prior_fack, | ||
| 4966 | tp->retransmit_skb_hint = NULL; | ||
| 4967 | if (unlikely(skb == tp->lost_skb_hint)) | ||
| 4968 | tp->lost_skb_hint = NULL; | ||
| 4969 | + tcp_highest_sack_replace(sk, skb, next); | ||
| 4970 | tcp_rtx_queue_unlink_and_free(skb, sk); | ||
| 4971 | } | ||
| 4972 | |||
| 4973 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c | ||
| 4974 | index e4ba915c4bb5..660b24fe041e 100644 | ||
| 4975 | --- a/net/ipv4/tcp_output.c | ||
| 4976 | +++ b/net/ipv4/tcp_output.c | ||
| 4977 | @@ -3231,6 +3231,7 @@ int tcp_send_synack(struct sock *sk) | ||
| 4978 | if (!nskb) | ||
| 4979 | return -ENOMEM; | ||
| 4980 | INIT_LIST_HEAD(&nskb->tcp_tsorted_anchor); | ||
| 4981 | + tcp_highest_sack_replace(sk, skb, nskb); | ||
| 4982 | tcp_rtx_queue_unlink_and_free(skb, sk); | ||
| 4983 | __skb_header_release(nskb); | ||
| 4984 | tcp_rbtree_insert(&sk->tcp_rtx_queue, nskb); | ||
| 4985 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c | ||
| 4986 | index 7aa4e77161f6..7ae7065758bd 100644 | ||
| 4987 | --- a/net/ipv4/udp.c | ||
| 4988 | +++ b/net/ipv4/udp.c | ||
| 4989 | @@ -1368,7 +1368,8 @@ static void udp_rmem_release(struct sock *sk, int size, int partial, | ||
| 4990 | if (likely(partial)) { | ||
| 4991 | up->forward_deficit += size; | ||
| 4992 | size = up->forward_deficit; | ||
| 4993 | - if (size < (sk->sk_rcvbuf >> 2)) | ||
| 4994 | + if (size < (sk->sk_rcvbuf >> 2) && | ||
| 4995 | + !skb_queue_empty(&up->reader_queue)) | ||
| 4996 | return; | ||
| 4997 | } else { | ||
| 4998 | size += up->forward_deficit; | ||
| 4999 | diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c | ||
| 5000 | index e31626ffccd1..fd535053245b 100644 | ||
| 5001 | --- a/net/ipv6/esp6_offload.c | ||
| 5002 | +++ b/net/ipv6/esp6_offload.c | ||
| 5003 | @@ -79,6 +79,8 @@ static struct sk_buff *esp6_gro_receive(struct list_head *head, | ||
| 5004 | if (!x) | ||
| 5005 | goto out_reset; | ||
| 5006 | |||
| 5007 | + skb->mark = xfrm_smark_get(skb->mark, x); | ||
| 5008 | + | ||
| 5009 | sp->xvec[sp->len++] = x; | ||
| 5010 | sp->olen++; | ||
| 5011 | |||
| 5012 | diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c | ||
| 5013 | index 189de56f5e36..9ec05a1df5e1 100644 | ||
| 5014 | --- a/net/ipv6/ip6_gre.c | ||
| 5015 | +++ b/net/ipv6/ip6_gre.c | ||
| 5016 | @@ -1466,7 +1466,6 @@ static int ip6gre_tunnel_init_common(struct net_device *dev) | ||
| 5017 | dev->mtu -= 8; | ||
| 5018 | |||
| 5019 | if (tunnel->parms.collect_md) { | ||
| 5020 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
| 5021 | netif_keep_dst(dev); | ||
| 5022 | } | ||
| 5023 | ip6gre_tnl_init_features(dev); | ||
| 5024 | @@ -1894,7 +1893,6 @@ static void ip6gre_tap_setup(struct net_device *dev) | ||
| 5025 | dev->needs_free_netdev = true; | ||
| 5026 | dev->priv_destructor = ip6gre_dev_free; | ||
| 5027 | |||
| 5028 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
| 5029 | dev->priv_flags &= ~IFF_TX_SKB_SHARING; | ||
| 5030 | dev->priv_flags |= IFF_LIVE_ADDR_CHANGE; | ||
| 5031 | netif_keep_dst(dev); | ||
| 5032 | @@ -2197,7 +2195,6 @@ static void ip6erspan_tap_setup(struct net_device *dev) | ||
| 5033 | dev->needs_free_netdev = true; | ||
| 5034 | dev->priv_destructor = ip6gre_dev_free; | ||
| 5035 | |||
| 5036 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
| 5037 | dev->priv_flags &= ~IFF_TX_SKB_SHARING; | ||
| 5038 | dev->priv_flags |= IFF_LIVE_ADDR_CHANGE; | ||
| 5039 | netif_keep_dst(dev); | ||
| 5040 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c | ||
| 5041 | index 2f376dbc37d5..b5dd20c4599b 100644 | ||
| 5042 | --- a/net/ipv6/ip6_tunnel.c | ||
| 5043 | +++ b/net/ipv6/ip6_tunnel.c | ||
| 5044 | @@ -1877,10 +1877,8 @@ static int ip6_tnl_dev_init(struct net_device *dev) | ||
| 5045 | if (err) | ||
| 5046 | return err; | ||
| 5047 | ip6_tnl_link_config(t); | ||
| 5048 | - if (t->parms.collect_md) { | ||
| 5049 | - dev->features |= NETIF_F_NETNS_LOCAL; | ||
| 5050 | + if (t->parms.collect_md) | ||
| 5051 | netif_keep_dst(dev); | ||
| 5052 | - } | ||
| 5053 | return 0; | ||
| 5054 | } | ||
| 5055 | |||
| 5056 | diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c | ||
| 5057 | index e70567446f28..802eebf8ac4b 100644 | ||
| 5058 | --- a/net/ipv6/seg6_local.c | ||
| 5059 | +++ b/net/ipv6/seg6_local.c | ||
| 5060 | @@ -23,6 +23,7 @@ | ||
| 5061 | #include <net/addrconf.h> | ||
| 5062 | #include <net/ip6_route.h> | ||
| 5063 | #include <net/dst_cache.h> | ||
| 5064 | +#include <net/ip_tunnels.h> | ||
| 5065 | #ifdef CONFIG_IPV6_SEG6_HMAC | ||
| 5066 | #include <net/seg6_hmac.h> | ||
| 5067 | #endif | ||
| 5068 | @@ -135,7 +136,8 @@ static bool decap_and_validate(struct sk_buff *skb, int proto) | ||
| 5069 | |||
| 5070 | skb_reset_network_header(skb); | ||
| 5071 | skb_reset_transport_header(skb); | ||
| 5072 | - skb->encapsulation = 0; | ||
| 5073 | + if (iptunnel_pull_offloads(skb)) | ||
| 5074 | + return false; | ||
| 5075 | |||
| 5076 | return true; | ||
| 5077 | } | ||
| 5078 | diff --git a/net/netfilter/ipset/ip_set_bitmap_gen.h b/net/netfilter/ipset/ip_set_bitmap_gen.h | ||
| 5079 | index e1f271a1b2c1..bfd4b42ba305 100644 | ||
| 5080 | --- a/net/netfilter/ipset/ip_set_bitmap_gen.h | ||
| 5081 | +++ b/net/netfilter/ipset/ip_set_bitmap_gen.h | ||
| 5082 | @@ -75,7 +75,7 @@ mtype_flush(struct ip_set *set) | ||
| 5083 | |||
| 5084 | if (set->extensions & IPSET_EXT_DESTROY) | ||
| 5085 | mtype_ext_cleanup(set); | ||
| 5086 | - memset(map->members, 0, map->memsize); | ||
| 5087 | + bitmap_zero(map->members, map->elements); | ||
| 5088 | set->elements = 0; | ||
| 5089 | set->ext_size = 0; | ||
| 5090 | } | ||
| 5091 | diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c | ||
| 5092 | index 11ff9d4a7006..d934384f31ad 100644 | ||
| 5093 | --- a/net/netfilter/ipset/ip_set_bitmap_ip.c | ||
| 5094 | +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c | ||
| 5095 | @@ -37,7 +37,7 @@ MODULE_ALIAS("ip_set_bitmap:ip"); | ||
| 5096 | |||
| 5097 | /* Type structure */ | ||
| 5098 | struct bitmap_ip { | ||
| 5099 | - void *members; /* the set members */ | ||
| 5100 | + unsigned long *members; /* the set members */ | ||
| 5101 | u32 first_ip; /* host byte order, included in range */ | ||
| 5102 | u32 last_ip; /* host byte order, included in range */ | ||
| 5103 | u32 elements; /* number of max elements in the set */ | ||
| 5104 | @@ -220,7 +220,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, | ||
| 5105 | u32 first_ip, u32 last_ip, | ||
| 5106 | u32 elements, u32 hosts, u8 netmask) | ||
| 5107 | { | ||
| 5108 | - map->members = ip_set_alloc(map->memsize); | ||
| 5109 | + map->members = bitmap_zalloc(elements, GFP_KERNEL | __GFP_NOWARN); | ||
| 5110 | if (!map->members) | ||
| 5111 | return false; | ||
| 5112 | map->first_ip = first_ip; | ||
| 5113 | @@ -310,7 +310,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], | ||
| 5114 | if (!map) | ||
| 5115 | return -ENOMEM; | ||
| 5116 | |||
| 5117 | - map->memsize = bitmap_bytes(0, elements - 1); | ||
| 5118 | + map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); | ||
| 5119 | set->variant = &bitmap_ip; | ||
| 5120 | if (!init_map_ip(set, map, first_ip, last_ip, | ||
| 5121 | elements, hosts, netmask)) { | ||
| 5122 | diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | ||
| 5123 | index 1d4e63326e68..e8532783b43a 100644 | ||
| 5124 | --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c | ||
| 5125 | +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c | ||
| 5126 | @@ -42,7 +42,7 @@ enum { | ||
| 5127 | |||
| 5128 | /* Type structure */ | ||
| 5129 | struct bitmap_ipmac { | ||
| 5130 | - void *members; /* the set members */ | ||
| 5131 | + unsigned long *members; /* the set members */ | ||
| 5132 | u32 first_ip; /* host byte order, included in range */ | ||
| 5133 | u32 last_ip; /* host byte order, included in range */ | ||
| 5134 | u32 elements; /* number of max elements in the set */ | ||
| 5135 | @@ -299,7 +299,7 @@ static bool | ||
| 5136 | init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, | ||
| 5137 | u32 first_ip, u32 last_ip, u32 elements) | ||
| 5138 | { | ||
| 5139 | - map->members = ip_set_alloc(map->memsize); | ||
| 5140 | + map->members = bitmap_zalloc(elements, GFP_KERNEL | __GFP_NOWARN); | ||
| 5141 | if (!map->members) | ||
| 5142 | return false; | ||
| 5143 | map->first_ip = first_ip; | ||
| 5144 | @@ -360,7 +360,7 @@ bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[], | ||
| 5145 | if (!map) | ||
| 5146 | return -ENOMEM; | ||
| 5147 | |||
| 5148 | - map->memsize = bitmap_bytes(0, elements - 1); | ||
| 5149 | + map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); | ||
| 5150 | set->variant = &bitmap_ipmac; | ||
| 5151 | if (!init_map_ipmac(set, map, first_ip, last_ip, elements)) { | ||
| 5152 | kfree(map); | ||
| 5153 | diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c | ||
| 5154 | index 704a0dda1609..e3ac914fff1a 100644 | ||
| 5155 | --- a/net/netfilter/ipset/ip_set_bitmap_port.c | ||
| 5156 | +++ b/net/netfilter/ipset/ip_set_bitmap_port.c | ||
| 5157 | @@ -30,7 +30,7 @@ MODULE_ALIAS("ip_set_bitmap:port"); | ||
| 5158 | |||
| 5159 | /* Type structure */ | ||
| 5160 | struct bitmap_port { | ||
| 5161 | - void *members; /* the set members */ | ||
| 5162 | + unsigned long *members; /* the set members */ | ||
| 5163 | u16 first_port; /* host byte order, included in range */ | ||
| 5164 | u16 last_port; /* host byte order, included in range */ | ||
| 5165 | u32 elements; /* number of max elements in the set */ | ||
| 5166 | @@ -204,7 +204,7 @@ static bool | ||
| 5167 | init_map_port(struct ip_set *set, struct bitmap_port *map, | ||
| 5168 | u16 first_port, u16 last_port) | ||
| 5169 | { | ||
| 5170 | - map->members = ip_set_alloc(map->memsize); | ||
| 5171 | + map->members = bitmap_zalloc(map->elements, GFP_KERNEL | __GFP_NOWARN); | ||
| 5172 | if (!map->members) | ||
| 5173 | return false; | ||
| 5174 | map->first_port = first_port; | ||
| 5175 | @@ -244,7 +244,7 @@ bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[], | ||
| 5176 | return -ENOMEM; | ||
| 5177 | |||
| 5178 | map->elements = elements; | ||
| 5179 | - map->memsize = bitmap_bytes(0, map->elements); | ||
| 5180 | + map->memsize = BITS_TO_LONGS(elements) * sizeof(unsigned long); | ||
| 5181 | set->variant = &bitmap_port; | ||
| 5182 | if (!init_map_port(set, map, first_port, last_port)) { | ||
| 5183 | kfree(map); | ||
| 5184 | diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c | ||
| 5185 | index 9fefd0150091..23544842b692 100644 | ||
| 5186 | --- a/net/netfilter/nf_tables_api.c | ||
| 5187 | +++ b/net/netfilter/nf_tables_api.c | ||
| 5188 | @@ -488,48 +488,71 @@ static inline u64 nf_tables_alloc_handle(struct nft_table *table) | ||
| 5189 | |||
| 5190 | static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; | ||
| 5191 | |||
| 5192 | +static const struct nft_chain_type * | ||
| 5193 | +__nft_chain_type_get(u8 family, enum nft_chain_types type) | ||
| 5194 | +{ | ||
| 5195 | + if (family >= NFPROTO_NUMPROTO || | ||
| 5196 | + type >= NFT_CHAIN_T_MAX) | ||
| 5197 | + return NULL; | ||
| 5198 | + | ||
| 5199 | + return chain_type[family][type]; | ||
| 5200 | +} | ||
| 5201 | + | ||
| 5202 | static const struct nft_chain_type * | ||
| 5203 | __nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family) | ||
| 5204 | { | ||
| 5205 | + const struct nft_chain_type *type; | ||
| 5206 | int i; | ||
| 5207 | |||
| 5208 | for (i = 0; i < NFT_CHAIN_T_MAX; i++) { | ||
| 5209 | - if (chain_type[family][i] != NULL && | ||
| 5210 | - !nla_strcmp(nla, chain_type[family][i]->name)) | ||
| 5211 | - return chain_type[family][i]; | ||
| 5212 | + type = __nft_chain_type_get(family, i); | ||
| 5213 | + if (!type) | ||
| 5214 | + continue; | ||
| 5215 | + if (!nla_strcmp(nla, type->name)) | ||
| 5216 | + return type; | ||
| 5217 | } | ||
| 5218 | return NULL; | ||
| 5219 | } | ||
| 5220 | |||
| 5221 | -/* | ||
| 5222 | - * Loading a module requires dropping mutex that guards the transaction. | ||
| 5223 | - * A different client might race to start a new transaction meanwhile. Zap the | ||
| 5224 | - * list of pending transaction and then restore it once the mutex is grabbed | ||
| 5225 | - * again. Users of this function return EAGAIN which implicitly triggers the | ||
| 5226 | - * transaction abort path to clean up the list of pending transactions. | ||
| 5227 | - */ | ||
| 5228 | +struct nft_module_request { | ||
| 5229 | + struct list_head list; | ||
| 5230 | + char module[MODULE_NAME_LEN]; | ||
| 5231 | + bool done; | ||
| 5232 | +}; | ||
| 5233 | + | ||
| 5234 | #ifdef CONFIG_MODULES | ||
| 5235 | -static void nft_request_module(struct net *net, const char *fmt, ...) | ||
| 5236 | +static int nft_request_module(struct net *net, const char *fmt, ...) | ||
| 5237 | { | ||
| 5238 | char module_name[MODULE_NAME_LEN]; | ||
| 5239 | - LIST_HEAD(commit_list); | ||
| 5240 | + struct nft_module_request *req; | ||
| 5241 | va_list args; | ||
| 5242 | int ret; | ||
| 5243 | |||
| 5244 | - list_splice_init(&net->nft.commit_list, &commit_list); | ||
| 5245 | - | ||
| 5246 | va_start(args, fmt); | ||
| 5247 | ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); | ||
| 5248 | va_end(args); | ||
| 5249 | if (ret >= MODULE_NAME_LEN) | ||
| 5250 | - return; | ||
| 5251 | + return 0; | ||
| 5252 | |||
| 5253 | - mutex_unlock(&net->nft.commit_mutex); | ||
| 5254 | - request_module("%s", module_name); | ||
| 5255 | - mutex_lock(&net->nft.commit_mutex); | ||
| 5256 | + list_for_each_entry(req, &net->nft.module_list, list) { | ||
| 5257 | + if (!strcmp(req->module, module_name)) { | ||
| 5258 | + if (req->done) | ||
| 5259 | + return 0; | ||
| 5260 | |||
| 5261 | - WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); | ||
| 5262 | - list_splice(&commit_list, &net->nft.commit_list); | ||
| 5263 | + /* A request to load this module already exists. */ | ||
| 5264 | + return -EAGAIN; | ||
| 5265 | + } | ||
| 5266 | + } | ||
| 5267 | + | ||
| 5268 | + req = kmalloc(sizeof(*req), GFP_KERNEL); | ||
| 5269 | + if (!req) | ||
| 5270 | + return -ENOMEM; | ||
| 5271 | + | ||
| 5272 | + req->done = false; | ||
| 5273 | + strlcpy(req->module, module_name, MODULE_NAME_LEN); | ||
| 5274 | + list_add_tail(&req->list, &net->nft.module_list); | ||
| 5275 | + | ||
| 5276 | + return -EAGAIN; | ||
| 5277 | } | ||
| 5278 | #endif | ||
| 5279 | |||
| 5280 | @@ -553,10 +576,9 @@ nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla, | ||
| 5281 | lockdep_nfnl_nft_mutex_not_held(); | ||
| 5282 | #ifdef CONFIG_MODULES | ||
| 5283 | if (autoload) { | ||
| 5284 | - nft_request_module(net, "nft-chain-%u-%.*s", family, | ||
| 5285 | - nla_len(nla), (const char *)nla_data(nla)); | ||
| 5286 | - type = __nf_tables_chain_type_lookup(nla, family); | ||
| 5287 | - if (type != NULL) | ||
| 5288 | + if (nft_request_module(net, "nft-chain-%u-%.*s", family, | ||
| 5289 | + nla_len(nla), | ||
| 5290 | + (const char *)nla_data(nla)) == -EAGAIN) | ||
| 5291 | return ERR_PTR(-EAGAIN); | ||
| 5292 | } | ||
| 5293 | #endif | ||
| 5294 | @@ -1095,11 +1117,8 @@ static void nf_tables_table_destroy(struct nft_ctx *ctx) | ||
| 5295 | |||
| 5296 | void nft_register_chain_type(const struct nft_chain_type *ctype) | ||
| 5297 | { | ||
| 5298 | - if (WARN_ON(ctype->family >= NFPROTO_NUMPROTO)) | ||
| 5299 | - return; | ||
| 5300 | - | ||
| 5301 | nfnl_lock(NFNL_SUBSYS_NFTABLES); | ||
| 5302 | - if (WARN_ON(chain_type[ctype->family][ctype->type] != NULL)) { | ||
| 5303 | + if (WARN_ON(__nft_chain_type_get(ctype->family, ctype->type))) { | ||
| 5304 | nfnl_unlock(NFNL_SUBSYS_NFTABLES); | ||
| 5305 | return; | ||
| 5306 | } | ||
| 5307 | @@ -1551,7 +1570,10 @@ static int nft_chain_parse_hook(struct net *net, | ||
| 5308 | hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); | ||
| 5309 | hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); | ||
| 5310 | |||
| 5311 | - type = chain_type[family][NFT_CHAIN_T_DEFAULT]; | ||
| 5312 | + type = __nft_chain_type_get(family, NFT_CHAIN_T_DEFAULT); | ||
| 5313 | + if (!type) | ||
| 5314 | + return -EOPNOTSUPP; | ||
| 5315 | + | ||
| 5316 | if (nla[NFTA_CHAIN_TYPE]) { | ||
| 5317 | type = nf_tables_chain_type_lookup(net, nla[NFTA_CHAIN_TYPE], | ||
| 5318 | family, autoload); | ||
| 5319 | @@ -2060,9 +2082,8 @@ static const struct nft_expr_type *__nft_expr_type_get(u8 family, | ||
| 5320 | static int nft_expr_type_request_module(struct net *net, u8 family, | ||
| 5321 | struct nlattr *nla) | ||
| 5322 | { | ||
| 5323 | - nft_request_module(net, "nft-expr-%u-%.*s", family, | ||
| 5324 | - nla_len(nla), (char *)nla_data(nla)); | ||
| 5325 | - if (__nft_expr_type_get(family, nla)) | ||
| 5326 | + if (nft_request_module(net, "nft-expr-%u-%.*s", family, | ||
| 5327 | + nla_len(nla), (char *)nla_data(nla)) == -EAGAIN) | ||
| 5328 | return -EAGAIN; | ||
| 5329 | |||
| 5330 | return 0; | ||
| 5331 | @@ -2088,9 +2109,9 @@ static const struct nft_expr_type *nft_expr_type_get(struct net *net, | ||
| 5332 | if (nft_expr_type_request_module(net, family, nla) == -EAGAIN) | ||
| 5333 | return ERR_PTR(-EAGAIN); | ||
| 5334 | |||
| 5335 | - nft_request_module(net, "nft-expr-%.*s", | ||
| 5336 | - nla_len(nla), (char *)nla_data(nla)); | ||
| 5337 | - if (__nft_expr_type_get(family, nla)) | ||
| 5338 | + if (nft_request_module(net, "nft-expr-%.*s", | ||
| 5339 | + nla_len(nla), | ||
| 5340 | + (char *)nla_data(nla)) == -EAGAIN) | ||
| 5341 | return ERR_PTR(-EAGAIN); | ||
| 5342 | } | ||
| 5343 | #endif | ||
| 5344 | @@ -2181,9 +2202,10 @@ static int nf_tables_expr_parse(const struct nft_ctx *ctx, | ||
| 5345 | err = PTR_ERR(ops); | ||
| 5346 | #ifdef CONFIG_MODULES | ||
| 5347 | if (err == -EAGAIN) | ||
| 5348 | - nft_expr_type_request_module(ctx->net, | ||
| 5349 | - ctx->family, | ||
| 5350 | - tb[NFTA_EXPR_NAME]); | ||
| 5351 | + if (nft_expr_type_request_module(ctx->net, | ||
| 5352 | + ctx->family, | ||
| 5353 | + tb[NFTA_EXPR_NAME]) != -EAGAIN) | ||
| 5354 | + err = -ENOENT; | ||
| 5355 | #endif | ||
| 5356 | goto err1; | ||
| 5357 | } | ||
| 5358 | @@ -3020,8 +3042,7 @@ nft_select_set_ops(const struct nft_ctx *ctx, | ||
| 5359 | lockdep_nfnl_nft_mutex_not_held(); | ||
| 5360 | #ifdef CONFIG_MODULES | ||
| 5361 | if (list_empty(&nf_tables_set_types)) { | ||
| 5362 | - nft_request_module(ctx->net, "nft-set"); | ||
| 5363 | - if (!list_empty(&nf_tables_set_types)) | ||
| 5364 | + if (nft_request_module(ctx->net, "nft-set") == -EAGAIN) | ||
| 5365 | return ERR_PTR(-EAGAIN); | ||
| 5366 | } | ||
| 5367 | #endif | ||
| 5368 | @@ -5147,8 +5168,7 @@ nft_obj_type_get(struct net *net, u32 objtype) | ||
| 5369 | lockdep_nfnl_nft_mutex_not_held(); | ||
| 5370 | #ifdef CONFIG_MODULES | ||
| 5371 | if (type == NULL) { | ||
| 5372 | - nft_request_module(net, "nft-obj-%u", objtype); | ||
| 5373 | - if (__nft_obj_type_get(objtype)) | ||
| 5374 | + if (nft_request_module(net, "nft-obj-%u", objtype) == -EAGAIN) | ||
| 5375 | return ERR_PTR(-EAGAIN); | ||
| 5376 | } | ||
| 5377 | #endif | ||
| 5378 | @@ -5764,8 +5784,7 @@ nft_flowtable_type_get(struct net *net, u8 family) | ||
| 5379 | lockdep_nfnl_nft_mutex_not_held(); | ||
| 5380 | #ifdef CONFIG_MODULES | ||
| 5381 | if (type == NULL) { | ||
| 5382 | - nft_request_module(net, "nf-flowtable-%u", family); | ||
| 5383 | - if (__nft_flowtable_type_get(family)) | ||
| 5384 | + if (nft_request_module(net, "nf-flowtable-%u", family) == -EAGAIN) | ||
| 5385 | return ERR_PTR(-EAGAIN); | ||
| 5386 | } | ||
| 5387 | #endif | ||
| 5388 | @@ -6712,6 +6731,18 @@ static void nft_chain_del(struct nft_chain *chain) | ||
| 5389 | list_del_rcu(&chain->list); | ||
| 5390 | } | ||
| 5391 | |||
| 5392 | +static void nf_tables_module_autoload_cleanup(struct net *net) | ||
| 5393 | +{ | ||
| 5394 | + struct nft_module_request *req, *next; | ||
| 5395 | + | ||
| 5396 | + WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); | ||
| 5397 | + list_for_each_entry_safe(req, next, &net->nft.module_list, list) { | ||
| 5398 | + WARN_ON_ONCE(!req->done); | ||
| 5399 | + list_del(&req->list); | ||
| 5400 | + kfree(req); | ||
| 5401 | + } | ||
| 5402 | +} | ||
| 5403 | + | ||
| 5404 | static void nf_tables_commit_release(struct net *net) | ||
| 5405 | { | ||
| 5406 | struct nft_trans *trans; | ||
| 5407 | @@ -6724,6 +6755,7 @@ static void nf_tables_commit_release(struct net *net) | ||
| 5408 | * to prevent expensive synchronize_rcu() in commit phase. | ||
| 5409 | */ | ||
| 5410 | if (list_empty(&net->nft.commit_list)) { | ||
| 5411 | + nf_tables_module_autoload_cleanup(net); | ||
| 5412 | mutex_unlock(&net->nft.commit_mutex); | ||
| 5413 | return; | ||
| 5414 | } | ||
| 5415 | @@ -6738,6 +6770,7 @@ static void nf_tables_commit_release(struct net *net) | ||
| 5416 | list_splice_tail_init(&net->nft.commit_list, &nf_tables_destroy_list); | ||
| 5417 | spin_unlock(&nf_tables_destroy_list_lock); | ||
| 5418 | |||
| 5419 | + nf_tables_module_autoload_cleanup(net); | ||
| 5420 | mutex_unlock(&net->nft.commit_mutex); | ||
| 5421 | |||
| 5422 | schedule_work(&trans_destroy_work); | ||
| 5423 | @@ -6929,6 +6962,26 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) | ||
| 5424 | return 0; | ||
| 5425 | } | ||
| 5426 | |||
| 5427 | +static void nf_tables_module_autoload(struct net *net) | ||
| 5428 | +{ | ||
| 5429 | + struct nft_module_request *req, *next; | ||
| 5430 | + LIST_HEAD(module_list); | ||
| 5431 | + | ||
| 5432 | + list_splice_init(&net->nft.module_list, &module_list); | ||
| 5433 | + mutex_unlock(&net->nft.commit_mutex); | ||
| 5434 | + list_for_each_entry_safe(req, next, &module_list, list) { | ||
| 5435 | + if (req->done) { | ||
| 5436 | + list_del(&req->list); | ||
| 5437 | + kfree(req); | ||
| 5438 | + } else { | ||
| 5439 | + request_module("%s", req->module); | ||
| 5440 | + req->done = true; | ||
| 5441 | + } | ||
| 5442 | + } | ||
| 5443 | + mutex_lock(&net->nft.commit_mutex); | ||
| 5444 | + list_splice(&module_list, &net->nft.module_list); | ||
| 5445 | +} | ||
| 5446 | + | ||
| 5447 | static void nf_tables_abort_release(struct nft_trans *trans) | ||
| 5448 | { | ||
| 5449 | switch (trans->msg_type) { | ||
| 5450 | @@ -6958,7 +7011,7 @@ static void nf_tables_abort_release(struct nft_trans *trans) | ||
| 5451 | kfree(trans); | ||
| 5452 | } | ||
| 5453 | |||
| 5454 | -static int __nf_tables_abort(struct net *net) | ||
| 5455 | +static int __nf_tables_abort(struct net *net, bool autoload) | ||
| 5456 | { | ||
| 5457 | struct nft_trans *trans, *next; | ||
| 5458 | struct nft_trans_elem *te; | ||
| 5459 | @@ -7080,6 +7133,11 @@ static int __nf_tables_abort(struct net *net) | ||
| 5460 | nf_tables_abort_release(trans); | ||
| 5461 | } | ||
| 5462 | |||
| 5463 | + if (autoload) | ||
| 5464 | + nf_tables_module_autoload(net); | ||
| 5465 | + else | ||
| 5466 | + nf_tables_module_autoload_cleanup(net); | ||
| 5467 | + | ||
| 5468 | return 0; | ||
| 5469 | } | ||
| 5470 | |||
| 5471 | @@ -7088,9 +7146,9 @@ static void nf_tables_cleanup(struct net *net) | ||
| 5472 | nft_validate_state_update(net, NFT_VALIDATE_SKIP); | ||
| 5473 | } | ||
| 5474 | |||
| 5475 | -static int nf_tables_abort(struct net *net, struct sk_buff *skb) | ||
| 5476 | +static int nf_tables_abort(struct net *net, struct sk_buff *skb, bool autoload) | ||
| 5477 | { | ||
| 5478 | - int ret = __nf_tables_abort(net); | ||
| 5479 | + int ret = __nf_tables_abort(net, autoload); | ||
| 5480 | |||
| 5481 | mutex_unlock(&net->nft.commit_mutex); | ||
| 5482 | |||
| 5483 | @@ -7685,6 +7743,7 @@ static int __net_init nf_tables_init_net(struct net *net) | ||
| 5484 | { | ||
| 5485 | INIT_LIST_HEAD(&net->nft.tables); | ||
| 5486 | INIT_LIST_HEAD(&net->nft.commit_list); | ||
| 5487 | + INIT_LIST_HEAD(&net->nft.module_list); | ||
| 5488 | mutex_init(&net->nft.commit_mutex); | ||
| 5489 | net->nft.base_seq = 1; | ||
| 5490 | net->nft.validate_state = NFT_VALIDATE_SKIP; | ||
| 5491 | @@ -7696,7 +7755,7 @@ static void __net_exit nf_tables_exit_net(struct net *net) | ||
| 5492 | { | ||
| 5493 | mutex_lock(&net->nft.commit_mutex); | ||
| 5494 | if (!list_empty(&net->nft.commit_list)) | ||
| 5495 | - __nf_tables_abort(net); | ||
| 5496 | + __nf_tables_abort(net, false); | ||
| 5497 | __nft_release_tables(net); | ||
| 5498 | mutex_unlock(&net->nft.commit_mutex); | ||
| 5499 | WARN_ON_ONCE(!list_empty(&net->nft.tables)); | ||
| 5500 | diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c | ||
| 5501 | index 4abbb452cf6c..99127e2d95a8 100644 | ||
| 5502 | --- a/net/netfilter/nfnetlink.c | ||
| 5503 | +++ b/net/netfilter/nfnetlink.c | ||
| 5504 | @@ -476,7 +476,7 @@ ack: | ||
| 5505 | } | ||
| 5506 | done: | ||
| 5507 | if (status & NFNL_BATCH_REPLAY) { | ||
| 5508 | - ss->abort(net, oskb); | ||
| 5509 | + ss->abort(net, oskb, true); | ||
| 5510 | nfnl_err_reset(&err_list); | ||
| 5511 | kfree_skb(skb); | ||
| 5512 | module_put(ss->owner); | ||
| 5513 | @@ -487,11 +487,11 @@ done: | ||
| 5514 | status |= NFNL_BATCH_REPLAY; | ||
| 5515 | goto done; | ||
| 5516 | } else if (err) { | ||
| 5517 | - ss->abort(net, oskb); | ||
| 5518 | + ss->abort(net, oskb, false); | ||
| 5519 | netlink_ack(oskb, nlmsg_hdr(oskb), err, NULL); | ||
| 5520 | } | ||
| 5521 | } else { | ||
| 5522 | - ss->abort(net, oskb); | ||
| 5523 | + ss->abort(net, oskb, false); | ||
| 5524 | } | ||
| 5525 | if (ss->cleanup) | ||
| 5526 | ss->cleanup(net); | ||
| 5527 | diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c | ||
| 5528 | index f54d6ae15bb1..b42247aa48a9 100644 | ||
| 5529 | --- a/net/netfilter/nft_osf.c | ||
| 5530 | +++ b/net/netfilter/nft_osf.c | ||
| 5531 | @@ -61,6 +61,9 @@ static int nft_osf_init(const struct nft_ctx *ctx, | ||
| 5532 | int err; | ||
| 5533 | u8 ttl; | ||
| 5534 | |||
| 5535 | + if (!tb[NFTA_OSF_DREG]) | ||
| 5536 | + return -EINVAL; | ||
| 5537 | + | ||
| 5538 | if (tb[NFTA_OSF_TTL]) { | ||
| 5539 | ttl = nla_get_u8(tb[NFTA_OSF_TTL]); | ||
| 5540 | if (ttl > 2) | ||
| 5541 | diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c | ||
| 5542 | index 76e0d122616a..c2cdd0fc2e70 100644 | ||
| 5543 | --- a/net/sched/cls_api.c | ||
| 5544 | +++ b/net/sched/cls_api.c | ||
| 5545 | @@ -2055,9 +2055,8 @@ replay: | ||
| 5546 | &chain_info)); | ||
| 5547 | |||
| 5548 | mutex_unlock(&chain->filter_chain_lock); | ||
| 5549 | - tp_new = tcf_proto_create(nla_data(tca[TCA_KIND]), | ||
| 5550 | - protocol, prio, chain, rtnl_held, | ||
| 5551 | - extack); | ||
| 5552 | + tp_new = tcf_proto_create(name, protocol, prio, chain, | ||
| 5553 | + rtnl_held, extack); | ||
| 5554 | if (IS_ERR(tp_new)) { | ||
| 5555 | err = PTR_ERR(tp_new); | ||
| 5556 | goto errout_tp; | ||
| 5557 | diff --git a/net/sched/ematch.c b/net/sched/ematch.c | ||
| 5558 | index 8f2ad706784d..d0140a92694a 100644 | ||
| 5559 | --- a/net/sched/ematch.c | ||
| 5560 | +++ b/net/sched/ematch.c | ||
| 5561 | @@ -263,12 +263,12 @@ static int tcf_em_validate(struct tcf_proto *tp, | ||
| 5562 | } | ||
| 5563 | em->data = (unsigned long) v; | ||
| 5564 | } | ||
| 5565 | + em->datalen = data_len; | ||
| 5566 | } | ||
| 5567 | } | ||
| 5568 | |||
| 5569 | em->matchid = em_hdr->matchid; | ||
| 5570 | em->flags = em_hdr->flags; | ||
| 5571 | - em->datalen = data_len; | ||
| 5572 | em->net = net; | ||
| 5573 | |||
| 5574 | err = 0; | ||
| 5575 | diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c | ||
| 5576 | index a80920f261ca..41e9c2932b34 100644 | ||
| 5577 | --- a/net/tls/tls_sw.c | ||
| 5578 | +++ b/net/tls/tls_sw.c | ||
| 5579 | @@ -793,7 +793,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, | ||
| 5580 | psock = sk_psock_get(sk); | ||
| 5581 | if (!psock || !policy) { | ||
| 5582 | err = tls_push_record(sk, flags, record_type); | ||
| 5583 | - if (err) { | ||
| 5584 | + if (err && err != -EINPROGRESS) { | ||
| 5585 | *copied -= sk_msg_free(sk, msg); | ||
| 5586 | tls_free_open_rec(sk); | ||
| 5587 | } | ||
| 5588 | @@ -819,7 +819,7 @@ more_data: | ||
| 5589 | switch (psock->eval) { | ||
| 5590 | case __SK_PASS: | ||
| 5591 | err = tls_push_record(sk, flags, record_type); | ||
| 5592 | - if (err < 0) { | ||
| 5593 | + if (err && err != -EINPROGRESS) { | ||
| 5594 | *copied -= sk_msg_free(sk, msg); | ||
| 5595 | tls_free_open_rec(sk); | ||
| 5596 | goto out_err; | ||
| 5597 | diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c | ||
| 5598 | index 6aee9f5e8e71..256f3e97d1f3 100644 | ||
| 5599 | --- a/net/x25/af_x25.c | ||
| 5600 | +++ b/net/x25/af_x25.c | ||
| 5601 | @@ -760,6 +760,10 @@ static int x25_connect(struct socket *sock, struct sockaddr *uaddr, | ||
| 5602 | if (sk->sk_state == TCP_ESTABLISHED) | ||
| 5603 | goto out; | ||
| 5604 | |||
| 5605 | + rc = -EALREADY; /* Do nothing if call is already in progress */ | ||
| 5606 | + if (sk->sk_state == TCP_SYN_SENT) | ||
| 5607 | + goto out; | ||
| 5608 | + | ||
| 5609 | sk->sk_state = TCP_CLOSE; | ||
| 5610 | sock->state = SS_UNCONNECTED; | ||
| 5611 | |||
| 5612 | @@ -806,7 +810,7 @@ static int x25_connect(struct socket *sock, struct sockaddr *uaddr, | ||
| 5613 | /* Now the loop */ | ||
| 5614 | rc = -EINPROGRESS; | ||
| 5615 | if (sk->sk_state != TCP_ESTABLISHED && (flags & O_NONBLOCK)) | ||
| 5616 | - goto out_put_neigh; | ||
| 5617 | + goto out; | ||
| 5618 | |||
| 5619 | rc = x25_wait_for_connection_establishment(sk); | ||
| 5620 | if (rc) | ||
| 5621 | diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c | ||
| 5622 | index 612268eabef4..7225107a9aaf 100644 | ||
| 5623 | --- a/scripts/recordmcount.c | ||
| 5624 | +++ b/scripts/recordmcount.c | ||
| 5625 | @@ -38,6 +38,10 @@ | ||
| 5626 | #define R_AARCH64_ABS64 257 | ||
| 5627 | #endif | ||
| 5628 | |||
| 5629 | +#define R_ARM_PC24 1 | ||
| 5630 | +#define R_ARM_THM_CALL 10 | ||
| 5631 | +#define R_ARM_CALL 28 | ||
| 5632 | + | ||
| 5633 | static int fd_map; /* File descriptor for file being modified. */ | ||
| 5634 | static int mmap_failed; /* Boolean flag. */ | ||
| 5635 | static char gpfx; /* prefix for global symbol name (sometimes '_') */ | ||
| 5636 | @@ -418,6 +422,18 @@ static char const *already_has_rel_mcount = "success"; /* our work here is done! | ||
| 5637 | #define RECORD_MCOUNT_64 | ||
| 5638 | #include "recordmcount.h" | ||
| 5639 | |||
| 5640 | +static int arm_is_fake_mcount(Elf32_Rel const *rp) | ||
| 5641 | +{ | ||
| 5642 | + switch (ELF32_R_TYPE(w(rp->r_info))) { | ||
| 5643 | + case R_ARM_THM_CALL: | ||
| 5644 | + case R_ARM_CALL: | ||
| 5645 | + case R_ARM_PC24: | ||
| 5646 | + return 0; | ||
| 5647 | + } | ||
| 5648 | + | ||
| 5649 | + return 1; | ||
| 5650 | +} | ||
| 5651 | + | ||
| 5652 | /* 64-bit EM_MIPS has weird ELF64_Rela.r_info. | ||
| 5653 | * http://techpubs.sgi.com/library/manuals/4000/007-4658-001/pdf/007-4658-001.pdf | ||
| 5654 | * We interpret Table 29 Relocation Operation (Elf64_Rel, Elf64_Rela) [p.40] | ||
| 5655 | @@ -523,6 +539,7 @@ static int do_file(char const *const fname) | ||
| 5656 | altmcount = "__gnu_mcount_nc"; | ||
| 5657 | make_nop = make_nop_arm; | ||
| 5658 | rel_type_nop = R_ARM_NONE; | ||
| 5659 | + is_fake_mcount32 = arm_is_fake_mcount; | ||
| 5660 | gpfx = 0; | ||
| 5661 | break; | ||
| 5662 | case EM_AARCH64: |