Contents of /trunk/kernel-alx/patches-5.4/0238-5.4.139-all-fixes.patch
Parent Directory | Revision Log
Revision 3635 -
(show annotations)
(download)
Mon Oct 24 12:34:12 2022 UTC (18 months ago) by niro
File size: 40896 byte(s)
Mon Oct 24 12:34:12 2022 UTC (18 months ago) by niro
File size: 40896 byte(s)
-sync kernel patches
1 | diff --git a/Makefile b/Makefile |
2 | index 5a9d6caef82a0..1174536034b38 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,7 +1,7 @@ |
6 | # SPDX-License-Identifier: GPL-2.0 |
7 | VERSION = 5 |
8 | PATCHLEVEL = 4 |
9 | -SUBLEVEL = 138 |
10 | +SUBLEVEL = 139 |
11 | EXTRAVERSION = |
12 | NAME = Kleptomaniac Octopus |
13 | |
14 | diff --git a/drivers/firmware/arm_scmi/bus.c b/drivers/firmware/arm_scmi/bus.c |
15 | index 7a30952b463d5..66d445b14e513 100644 |
16 | --- a/drivers/firmware/arm_scmi/bus.c |
17 | +++ b/drivers/firmware/arm_scmi/bus.c |
18 | @@ -100,6 +100,9 @@ int scmi_driver_register(struct scmi_driver *driver, struct module *owner, |
19 | { |
20 | int retval; |
21 | |
22 | + if (!driver->probe) |
23 | + return -EINVAL; |
24 | + |
25 | driver->driver.bus = &scmi_bus_type; |
26 | driver->driver.name = driver->name; |
27 | driver->driver.owner = owner; |
28 | diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c |
29 | index 48e6e2b489241..4e43bdfa041f5 100644 |
30 | --- a/drivers/firmware/arm_scmi/driver.c |
31 | +++ b/drivers/firmware/arm_scmi/driver.c |
32 | @@ -515,8 +515,12 @@ int scmi_do_xfer_with_response(const struct scmi_handle *handle, |
33 | xfer->async_done = &async_response; |
34 | |
35 | ret = scmi_do_xfer(handle, xfer); |
36 | - if (!ret && !wait_for_completion_timeout(xfer->async_done, timeout)) |
37 | - ret = -ETIMEDOUT; |
38 | + if (!ret) { |
39 | + if (!wait_for_completion_timeout(xfer->async_done, timeout)) |
40 | + ret = -ETIMEDOUT; |
41 | + else if (xfer->hdr.status) |
42 | + ret = scmi_to_linux_errno(xfer->hdr.status); |
43 | + } |
44 | |
45 | xfer->async_done = NULL; |
46 | return ret; |
47 | diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c |
48 | index 9401b49275f0a..5d85ae59bc51e 100644 |
49 | --- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c |
50 | +++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c |
51 | @@ -498,14 +498,18 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, |
52 | |
53 | spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); |
54 | |
55 | - if (!qed_mcp_has_pending_cmd(p_hwfn)) |
56 | + if (!qed_mcp_has_pending_cmd(p_hwfn)) { |
57 | + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
58 | break; |
59 | + } |
60 | |
61 | rc = qed_mcp_update_pending_cmd(p_hwfn, p_ptt); |
62 | - if (!rc) |
63 | + if (!rc) { |
64 | + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
65 | break; |
66 | - else if (rc != -EAGAIN) |
67 | + } else if (rc != -EAGAIN) { |
68 | goto err; |
69 | + } |
70 | |
71 | spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
72 | |
73 | @@ -522,6 +526,8 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, |
74 | return -EAGAIN; |
75 | } |
76 | |
77 | + spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); |
78 | + |
79 | /* Send the mailbox command */ |
80 | qed_mcp_reread_offsets(p_hwfn, p_ptt); |
81 | seq_num = ++p_hwfn->mcp_info->drv_mb_seq; |
82 | @@ -548,14 +554,18 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, |
83 | |
84 | spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); |
85 | |
86 | - if (p_cmd_elem->b_is_completed) |
87 | + if (p_cmd_elem->b_is_completed) { |
88 | + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
89 | break; |
90 | + } |
91 | |
92 | rc = qed_mcp_update_pending_cmd(p_hwfn, p_ptt); |
93 | - if (!rc) |
94 | + if (!rc) { |
95 | + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
96 | break; |
97 | - else if (rc != -EAGAIN) |
98 | + } else if (rc != -EAGAIN) { |
99 | goto err; |
100 | + } |
101 | |
102 | spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
103 | } while (++cnt < max_retries); |
104 | @@ -576,6 +586,7 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, |
105 | return -EAGAIN; |
106 | } |
107 | |
108 | + spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); |
109 | qed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem); |
110 | spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); |
111 | |
112 | diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c |
113 | index 24d1246330375..873f288e7ceca 100644 |
114 | --- a/drivers/net/usb/r8152.c |
115 | +++ b/drivers/net/usb/r8152.c |
116 | @@ -4317,9 +4317,10 @@ static int rtl8152_close(struct net_device *netdev) |
117 | tp->rtl_ops.down(tp); |
118 | |
119 | mutex_unlock(&tp->control); |
120 | + } |
121 | |
122 | + if (!res) |
123 | usb_autopm_put_interface(tp->intf); |
124 | - } |
125 | |
126 | free_all_mem(tp); |
127 | |
128 | diff --git a/drivers/nvme/host/trace.h b/drivers/nvme/host/trace.h |
129 | index daaf700eae799..35bac7a254227 100644 |
130 | --- a/drivers/nvme/host/trace.h |
131 | +++ b/drivers/nvme/host/trace.h |
132 | @@ -56,7 +56,7 @@ TRACE_EVENT(nvme_setup_cmd, |
133 | __field(u8, fctype) |
134 | __field(u16, cid) |
135 | __field(u32, nsid) |
136 | - __field(u64, metadata) |
137 | + __field(bool, metadata) |
138 | __array(u8, cdw10, 24) |
139 | ), |
140 | TP_fast_assign( |
141 | @@ -66,13 +66,13 @@ TRACE_EVENT(nvme_setup_cmd, |
142 | __entry->flags = cmd->common.flags; |
143 | __entry->cid = cmd->common.command_id; |
144 | __entry->nsid = le32_to_cpu(cmd->common.nsid); |
145 | - __entry->metadata = le64_to_cpu(cmd->common.metadata); |
146 | + __entry->metadata = !!blk_integrity_rq(req); |
147 | __entry->fctype = cmd->fabrics.fctype; |
148 | __assign_disk_name(__entry->disk, req->rq_disk); |
149 | memcpy(__entry->cdw10, &cmd->common.cdw10, |
150 | sizeof(__entry->cdw10)); |
151 | ), |
152 | - TP_printk("nvme%d: %sqid=%d, cmdid=%u, nsid=%u, flags=0x%x, meta=0x%llx, cmd=(%s %s)", |
153 | + TP_printk("nvme%d: %sqid=%d, cmdid=%u, nsid=%u, flags=0x%x, meta=0x%x, cmd=(%s %s)", |
154 | __entry->ctrl_id, __print_disk_name(__entry->disk), |
155 | __entry->qid, __entry->cid, __entry->nsid, |
156 | __entry->flags, __entry->metadata, |
157 | diff --git a/drivers/spi/spi-mt65xx.c b/drivers/spi/spi-mt65xx.c |
158 | index 81eac9fbd08cb..cafb773f78616 100644 |
159 | --- a/drivers/spi/spi-mt65xx.c |
160 | +++ b/drivers/spi/spi-mt65xx.c |
161 | @@ -426,24 +426,15 @@ static int mtk_spi_fifo_transfer(struct spi_master *master, |
162 | mtk_spi_prepare_transfer(master, xfer); |
163 | mtk_spi_setup_packet(master); |
164 | |
165 | - cnt = xfer->len / 4; |
166 | - if (xfer->tx_buf) |
167 | + if (xfer->tx_buf) { |
168 | + cnt = xfer->len / 4; |
169 | iowrite32_rep(mdata->base + SPI_TX_DATA_REG, xfer->tx_buf, cnt); |
170 | - |
171 | - if (xfer->rx_buf) |
172 | - ioread32_rep(mdata->base + SPI_RX_DATA_REG, xfer->rx_buf, cnt); |
173 | - |
174 | - remainder = xfer->len % 4; |
175 | - if (remainder > 0) { |
176 | - reg_val = 0; |
177 | - if (xfer->tx_buf) { |
178 | + remainder = xfer->len % 4; |
179 | + if (remainder > 0) { |
180 | + reg_val = 0; |
181 | memcpy(®_val, xfer->tx_buf + (cnt * 4), remainder); |
182 | writel(reg_val, mdata->base + SPI_TX_DATA_REG); |
183 | } |
184 | - if (xfer->rx_buf) { |
185 | - reg_val = readl(mdata->base + SPI_RX_DATA_REG); |
186 | - memcpy(xfer->rx_buf + (cnt * 4), ®_val, remainder); |
187 | - } |
188 | } |
189 | |
190 | mtk_spi_enable_transfer(master); |
191 | diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c |
192 | index e9d48e94f5edb..9ae16092206df 100644 |
193 | --- a/drivers/spi/spi-stm32.c |
194 | +++ b/drivers/spi/spi-stm32.c |
195 | @@ -913,15 +913,18 @@ static irqreturn_t stm32h7_spi_irq_thread(int irq, void *dev_id) |
196 | ier = readl_relaxed(spi->base + STM32H7_SPI_IER); |
197 | |
198 | mask = ier; |
199 | - /* EOTIE is triggered on EOT, SUSP and TXC events. */ |
200 | + /* |
201 | + * EOTIE enables irq from EOT, SUSP and TXC events. We need to set |
202 | + * SUSP to acknowledge it later. TXC is automatically cleared |
203 | + */ |
204 | + |
205 | mask |= STM32H7_SPI_SR_SUSP; |
206 | /* |
207 | - * When TXTF is set, DXPIE and TXPIE are cleared. So in case of |
208 | - * Full-Duplex, need to poll RXP event to know if there are remaining |
209 | - * data, before disabling SPI. |
210 | + * DXPIE is set in Full-Duplex, one IT will be raised if TXP and RXP |
211 | + * are set. So in case of Full-Duplex, need to poll TXP and RXP event. |
212 | */ |
213 | - if (spi->rx_buf && !spi->cur_usedma) |
214 | - mask |= STM32H7_SPI_SR_RXP; |
215 | + if ((spi->cur_comm == SPI_FULL_DUPLEX) && !spi->cur_usedma) |
216 | + mask |= STM32H7_SPI_SR_TXP | STM32H7_SPI_SR_RXP; |
217 | |
218 | if (!(sr & mask)) { |
219 | dev_warn(spi->dev, "spurious IT (sr=0x%08x, ier=0x%08x)\n", |
220 | diff --git a/drivers/watchdog/iTCO_wdt.c b/drivers/watchdog/iTCO_wdt.c |
221 | index 08e534fba1bf0..e707c4797f76e 100644 |
222 | --- a/drivers/watchdog/iTCO_wdt.c |
223 | +++ b/drivers/watchdog/iTCO_wdt.c |
224 | @@ -72,8 +72,6 @@ |
225 | #define TCOBASE(p) ((p)->tco_res->start) |
226 | /* SMI Control and Enable Register */ |
227 | #define SMI_EN(p) ((p)->smi_res->start) |
228 | -#define TCO_EN (1 << 13) |
229 | -#define GBL_SMI_EN (1 << 0) |
230 | |
231 | #define TCO_RLD(p) (TCOBASE(p) + 0x00) /* TCO Timer Reload/Curr. Value */ |
232 | #define TCOv1_TMR(p) (TCOBASE(p) + 0x01) /* TCOv1 Timer Initial Value*/ |
233 | @@ -346,12 +344,8 @@ static int iTCO_wdt_set_timeout(struct watchdog_device *wd_dev, unsigned int t) |
234 | |
235 | tmrval = seconds_to_ticks(p, t); |
236 | |
237 | - /* |
238 | - * If TCO SMIs are off, the timer counts down twice before rebooting. |
239 | - * Otherwise, the BIOS generally reboots when the SMI triggers. |
240 | - */ |
241 | - if (p->smi_res && |
242 | - (SMI_EN(p) & (TCO_EN | GBL_SMI_EN)) != (TCO_EN | GBL_SMI_EN)) |
243 | + /* For TCO v1 the timer counts down twice before rebooting */ |
244 | + if (p->iTCO_version == 1) |
245 | tmrval /= 2; |
246 | |
247 | /* from the specs: */ |
248 | @@ -516,7 +510,7 @@ static int iTCO_wdt_probe(struct platform_device *pdev) |
249 | * Disables TCO logic generating an SMI# |
250 | */ |
251 | val32 = inl(SMI_EN(p)); |
252 | - val32 &= ~TCO_EN; /* Turn off SMI clearing watchdog */ |
253 | + val32 &= 0xffffdfff; /* Turn off SMI clearing watchdog */ |
254 | outl(val32, SMI_EN(p)); |
255 | } |
256 | |
257 | diff --git a/fs/btrfs/block-group.c b/fs/btrfs/block-group.c |
258 | index a352c1704042d..e98d6ea35ea80 100644 |
259 | --- a/fs/btrfs/block-group.c |
260 | +++ b/fs/btrfs/block-group.c |
261 | @@ -2637,7 +2637,7 @@ int btrfs_write_dirty_block_groups(struct btrfs_trans_handle *trans) |
262 | * finished yet (no block group item in the extent tree |
263 | * yet, etc). If this is the case, wait for all free |
264 | * space endio workers to finish and retry. This is a |
265 | - * a very rare case so no need for a more efficient and |
266 | + * very rare case so no need for a more efficient and |
267 | * complex approach. |
268 | */ |
269 | if (ret == -ENOENT) { |
270 | diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c |
271 | index ab69e3563b125..dac30b00d14b7 100644 |
272 | --- a/fs/btrfs/ctree.c |
273 | +++ b/fs/btrfs/ctree.c |
274 | @@ -5232,7 +5232,7 @@ again: |
275 | slot--; |
276 | /* |
277 | * check this node pointer against the min_trans parameters. |
278 | - * If it is too old, old, skip to the next one. |
279 | + * If it is too old, skip to the next one. |
280 | */ |
281 | while (slot < nritems) { |
282 | u64 gen; |
283 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
284 | index e6aa94a583e92..1d28333bb798c 100644 |
285 | --- a/fs/btrfs/disk-io.c |
286 | +++ b/fs/btrfs/disk-io.c |
287 | @@ -2816,7 +2816,7 @@ int open_ctree(struct super_block *sb, |
288 | } |
289 | |
290 | /* |
291 | - * Verify the type first, if that or the the checksum value are |
292 | + * Verify the type first, if that or the checksum value are |
293 | * corrupted, we'll find out |
294 | */ |
295 | csum_type = btrfs_super_csum_type((struct btrfs_super_block *)bh->b_data); |
296 | diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c |
297 | index eca3abc1a7cd9..9108a73423f70 100644 |
298 | --- a/fs/btrfs/extent_io.c |
299 | +++ b/fs/btrfs/extent_io.c |
300 | @@ -3152,7 +3152,7 @@ static int __do_readpage(struct extent_io_tree *tree, |
301 | |
302 | /* |
303 | * If we have a file range that points to a compressed extent |
304 | - * and it's followed by a consecutive file range that points to |
305 | + * and it's followed by a consecutive file range that points |
306 | * to the same compressed extent (possibly with a different |
307 | * offset and/or length, so it either points to the whole extent |
308 | * or only part of it), we must make sure we do not submit a |
309 | diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c |
310 | index 23f59d463e24e..d2d32fed8f2e9 100644 |
311 | --- a/fs/btrfs/free-space-cache.c |
312 | +++ b/fs/btrfs/free-space-cache.c |
313 | @@ -1339,7 +1339,7 @@ static int __btrfs_write_out_cache(struct btrfs_root *root, struct inode *inode, |
314 | |
315 | /* |
316 | * at this point the pages are under IO and we're happy, |
317 | - * The caller is responsible for waiting on them and updating the |
318 | + * The caller is responsible for waiting on them and updating |
319 | * the cache and the inode |
320 | */ |
321 | io_ctl->entries = entries; |
322 | diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
323 | index 025b02e9799ff..8959d011aafa8 100644 |
324 | --- a/fs/btrfs/inode.c |
325 | +++ b/fs/btrfs/inode.c |
326 | @@ -6992,7 +6992,6 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, |
327 | drop_inode = 1; |
328 | } else { |
329 | struct dentry *parent = dentry->d_parent; |
330 | - int ret; |
331 | |
332 | err = btrfs_update_inode(trans, root, inode); |
333 | if (err) |
334 | @@ -7007,12 +7006,7 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir, |
335 | goto fail; |
336 | } |
337 | d_instantiate(dentry, inode); |
338 | - ret = btrfs_log_new_name(trans, BTRFS_I(inode), NULL, parent, |
339 | - true, NULL); |
340 | - if (ret == BTRFS_NEED_TRANS_COMMIT) { |
341 | - err = btrfs_commit_transaction(trans); |
342 | - trans = NULL; |
343 | - } |
344 | + btrfs_log_new_name(trans, BTRFS_I(inode), NULL, parent); |
345 | } |
346 | |
347 | fail: |
348 | @@ -9699,27 +9693,19 @@ static int btrfs_rename_exchange(struct inode *old_dir, |
349 | struct inode *new_inode = new_dentry->d_inode; |
350 | struct inode *old_inode = old_dentry->d_inode; |
351 | struct timespec64 ctime = current_time(old_inode); |
352 | - struct dentry *parent; |
353 | u64 old_ino = btrfs_ino(BTRFS_I(old_inode)); |
354 | u64 new_ino = btrfs_ino(BTRFS_I(new_inode)); |
355 | u64 old_idx = 0; |
356 | u64 new_idx = 0; |
357 | int ret; |
358 | + int ret2; |
359 | bool root_log_pinned = false; |
360 | bool dest_log_pinned = false; |
361 | - struct btrfs_log_ctx ctx_root; |
362 | - struct btrfs_log_ctx ctx_dest; |
363 | - bool sync_log_root = false; |
364 | - bool sync_log_dest = false; |
365 | - bool commit_transaction = false; |
366 | |
367 | /* we only allow rename subvolume link between subvolumes */ |
368 | if (old_ino != BTRFS_FIRST_FREE_OBJECTID && root != dest) |
369 | return -EXDEV; |
370 | |
371 | - btrfs_init_log_ctx(&ctx_root, old_inode); |
372 | - btrfs_init_log_ctx(&ctx_dest, new_inode); |
373 | - |
374 | /* close the race window with snapshot create/destroy ioctl */ |
375 | if (old_ino == BTRFS_FIRST_FREE_OBJECTID || |
376 | new_ino == BTRFS_FIRST_FREE_OBJECTID) |
377 | @@ -9861,30 +9847,14 @@ static int btrfs_rename_exchange(struct inode *old_dir, |
378 | BTRFS_I(new_inode)->dir_index = new_idx; |
379 | |
380 | if (root_log_pinned) { |
381 | - parent = new_dentry->d_parent; |
382 | - ret = btrfs_log_new_name(trans, BTRFS_I(old_inode), |
383 | - BTRFS_I(old_dir), parent, |
384 | - false, &ctx_root); |
385 | - if (ret == BTRFS_NEED_LOG_SYNC) |
386 | - sync_log_root = true; |
387 | - else if (ret == BTRFS_NEED_TRANS_COMMIT) |
388 | - commit_transaction = true; |
389 | - ret = 0; |
390 | + btrfs_log_new_name(trans, BTRFS_I(old_inode), BTRFS_I(old_dir), |
391 | + new_dentry->d_parent); |
392 | btrfs_end_log_trans(root); |
393 | root_log_pinned = false; |
394 | } |
395 | if (dest_log_pinned) { |
396 | - if (!commit_transaction) { |
397 | - parent = old_dentry->d_parent; |
398 | - ret = btrfs_log_new_name(trans, BTRFS_I(new_inode), |
399 | - BTRFS_I(new_dir), parent, |
400 | - false, &ctx_dest); |
401 | - if (ret == BTRFS_NEED_LOG_SYNC) |
402 | - sync_log_dest = true; |
403 | - else if (ret == BTRFS_NEED_TRANS_COMMIT) |
404 | - commit_transaction = true; |
405 | - ret = 0; |
406 | - } |
407 | + btrfs_log_new_name(trans, BTRFS_I(new_inode), BTRFS_I(new_dir), |
408 | + old_dentry->d_parent); |
409 | btrfs_end_log_trans(dest); |
410 | dest_log_pinned = false; |
411 | } |
412 | @@ -9917,46 +9887,13 @@ out_fail: |
413 | dest_log_pinned = false; |
414 | } |
415 | } |
416 | - if (!ret && sync_log_root && !commit_transaction) { |
417 | - ret = btrfs_sync_log(trans, BTRFS_I(old_inode)->root, |
418 | - &ctx_root); |
419 | - if (ret) |
420 | - commit_transaction = true; |
421 | - } |
422 | - if (!ret && sync_log_dest && !commit_transaction) { |
423 | - ret = btrfs_sync_log(trans, BTRFS_I(new_inode)->root, |
424 | - &ctx_dest); |
425 | - if (ret) |
426 | - commit_transaction = true; |
427 | - } |
428 | - if (commit_transaction) { |
429 | - /* |
430 | - * We may have set commit_transaction when logging the new name |
431 | - * in the destination root, in which case we left the source |
432 | - * root context in the list of log contextes. So make sure we |
433 | - * remove it to avoid invalid memory accesses, since the context |
434 | - * was allocated in our stack frame. |
435 | - */ |
436 | - if (sync_log_root) { |
437 | - mutex_lock(&root->log_mutex); |
438 | - list_del_init(&ctx_root.list); |
439 | - mutex_unlock(&root->log_mutex); |
440 | - } |
441 | - ret = btrfs_commit_transaction(trans); |
442 | - } else { |
443 | - int ret2; |
444 | - |
445 | - ret2 = btrfs_end_transaction(trans); |
446 | - ret = ret ? ret : ret2; |
447 | - } |
448 | + ret2 = btrfs_end_transaction(trans); |
449 | + ret = ret ? ret : ret2; |
450 | out_notrans: |
451 | if (new_ino == BTRFS_FIRST_FREE_OBJECTID || |
452 | old_ino == BTRFS_FIRST_FREE_OBJECTID) |
453 | up_read(&fs_info->subvol_sem); |
454 | |
455 | - ASSERT(list_empty(&ctx_root.list)); |
456 | - ASSERT(list_empty(&ctx_dest.list)); |
457 | - |
458 | return ret; |
459 | } |
460 | |
461 | @@ -10024,11 +9961,9 @@ static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, |
462 | struct inode *old_inode = d_inode(old_dentry); |
463 | u64 index = 0; |
464 | int ret; |
465 | + int ret2; |
466 | u64 old_ino = btrfs_ino(BTRFS_I(old_inode)); |
467 | bool log_pinned = false; |
468 | - struct btrfs_log_ctx ctx; |
469 | - bool sync_log = false; |
470 | - bool commit_transaction = false; |
471 | |
472 | if (btrfs_ino(BTRFS_I(new_dir)) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) |
473 | return -EPERM; |
474 | @@ -10178,17 +10113,8 @@ static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, |
475 | BTRFS_I(old_inode)->dir_index = index; |
476 | |
477 | if (log_pinned) { |
478 | - struct dentry *parent = new_dentry->d_parent; |
479 | - |
480 | - btrfs_init_log_ctx(&ctx, old_inode); |
481 | - ret = btrfs_log_new_name(trans, BTRFS_I(old_inode), |
482 | - BTRFS_I(old_dir), parent, |
483 | - false, &ctx); |
484 | - if (ret == BTRFS_NEED_LOG_SYNC) |
485 | - sync_log = true; |
486 | - else if (ret == BTRFS_NEED_TRANS_COMMIT) |
487 | - commit_transaction = true; |
488 | - ret = 0; |
489 | + btrfs_log_new_name(trans, BTRFS_I(old_inode), BTRFS_I(old_dir), |
490 | + new_dentry->d_parent); |
491 | btrfs_end_log_trans(root); |
492 | log_pinned = false; |
493 | } |
494 | @@ -10225,23 +10151,8 @@ out_fail: |
495 | btrfs_end_log_trans(root); |
496 | log_pinned = false; |
497 | } |
498 | - if (!ret && sync_log) { |
499 | - ret = btrfs_sync_log(trans, BTRFS_I(old_inode)->root, &ctx); |
500 | - if (ret) |
501 | - commit_transaction = true; |
502 | - } else if (sync_log) { |
503 | - mutex_lock(&root->log_mutex); |
504 | - list_del(&ctx.list); |
505 | - mutex_unlock(&root->log_mutex); |
506 | - } |
507 | - if (commit_transaction) { |
508 | - ret = btrfs_commit_transaction(trans); |
509 | - } else { |
510 | - int ret2; |
511 | - |
512 | - ret2 = btrfs_end_transaction(trans); |
513 | - ret = ret ? ret : ret2; |
514 | - } |
515 | + ret2 = btrfs_end_transaction(trans); |
516 | + ret = ret ? ret : ret2; |
517 | out_notrans: |
518 | if (old_ino == BTRFS_FIRST_FREE_OBJECTID) |
519 | up_read(&fs_info->subvol_sem); |
520 | diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c |
521 | index cd8e81c02f63f..837bd5e29c8a0 100644 |
522 | --- a/fs/btrfs/qgroup.c |
523 | +++ b/fs/btrfs/qgroup.c |
524 | @@ -2262,7 +2262,7 @@ static int qgroup_update_refcnt(struct btrfs_fs_info *fs_info, |
525 | * Update qgroup rfer/excl counters. |
526 | * Rfer update is easy, codes can explain themselves. |
527 | * |
528 | - * Excl update is tricky, the update is split into 2 part. |
529 | + * Excl update is tricky, the update is split into 2 parts. |
530 | * Part 1: Possible exclusive <-> sharing detect: |
531 | * | A | !A | |
532 | * ------------------------------------- |
533 | diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
534 | index afc6731bb692c..5412361d0c270 100644 |
535 | --- a/fs/btrfs/tree-log.c |
536 | +++ b/fs/btrfs/tree-log.c |
537 | @@ -174,7 +174,7 @@ static int start_log_trans(struct btrfs_trans_handle *trans, |
538 | |
539 | atomic_inc(&root->log_batch); |
540 | atomic_inc(&root->log_writers); |
541 | - if (ctx) { |
542 | + if (ctx && !ctx->logging_new_name) { |
543 | int index = root->log_transid % 2; |
544 | list_add_tail(&ctx->list, &root->log_ctxs[index]); |
545 | ctx->log_transid = root->log_transid; |
546 | @@ -4923,7 +4923,7 @@ static int log_conflicting_inodes(struct btrfs_trans_handle *trans, |
547 | * Check the inode's logged_trans only instead of |
548 | * btrfs_inode_in_log(). This is because the last_log_commit of |
549 | * the inode is not updated when we only log that it exists and |
550 | - * and it has the full sync bit set (see btrfs_log_inode()). |
551 | + * it has the full sync bit set (see btrfs_log_inode()). |
552 | */ |
553 | if (BTRFS_I(inode)->logged_trans == trans->transid) { |
554 | spin_unlock(&BTRFS_I(inode)->lock); |
555 | @@ -5379,19 +5379,34 @@ log_extents: |
556 | } |
557 | |
558 | /* |
559 | - * Don't update last_log_commit if we logged that an inode exists after |
560 | - * it was loaded to memory (full_sync bit set). |
561 | - * This is to prevent data loss when we do a write to the inode, then |
562 | - * the inode gets evicted after all delalloc was flushed, then we log |
563 | - * it exists (due to a rename for example) and then fsync it. This last |
564 | - * fsync would do nothing (not logging the extents previously written). |
565 | + * If we are logging that an ancestor inode exists as part of logging a |
566 | + * new name from a link or rename operation, don't mark the inode as |
567 | + * logged - otherwise if an explicit fsync is made against an ancestor, |
568 | + * the fsync considers the inode in the log and doesn't sync the log, |
569 | + * resulting in the ancestor missing after a power failure unless the |
570 | + * log was synced as part of an fsync against any other unrelated inode. |
571 | + * So keep it simple for this case and just don't flag the ancestors as |
572 | + * logged. |
573 | */ |
574 | - spin_lock(&inode->lock); |
575 | - inode->logged_trans = trans->transid; |
576 | - if (inode_only != LOG_INODE_EXISTS || |
577 | - !test_bit(BTRFS_INODE_NEEDS_FULL_SYNC, &inode->runtime_flags)) |
578 | - inode->last_log_commit = inode->last_sub_trans; |
579 | - spin_unlock(&inode->lock); |
580 | + if (!ctx || |
581 | + !(S_ISDIR(inode->vfs_inode.i_mode) && ctx->logging_new_name && |
582 | + &inode->vfs_inode != ctx->inode)) { |
583 | + spin_lock(&inode->lock); |
584 | + inode->logged_trans = trans->transid; |
585 | + /* |
586 | + * Don't update last_log_commit if we logged that an inode exists |
587 | + * after it was loaded to memory (full_sync bit set). |
588 | + * This is to prevent data loss when we do a write to the inode, |
589 | + * then the inode gets evicted after all delalloc was flushed, |
590 | + * then we log it exists (due to a rename for example) and then |
591 | + * fsync it. This last fsync would do nothing (not logging the |
592 | + * extents previously written). |
593 | + */ |
594 | + if (inode_only != LOG_INODE_EXISTS || |
595 | + !test_bit(BTRFS_INODE_NEEDS_FULL_SYNC, &inode->runtime_flags)) |
596 | + inode->last_log_commit = inode->last_sub_trans; |
597 | + spin_unlock(&inode->lock); |
598 | + } |
599 | out_unlock: |
600 | mutex_unlock(&inode->log_mutex); |
601 | |
602 | @@ -6417,26 +6432,12 @@ void btrfs_record_snapshot_destroy(struct btrfs_trans_handle *trans, |
603 | /* |
604 | * Call this after adding a new name for a file and it will properly |
605 | * update the log to reflect the new name. |
606 | - * |
607 | - * @ctx can not be NULL when @sync_log is false, and should be NULL when it's |
608 | - * true (because it's not used). |
609 | - * |
610 | - * Return value depends on whether @sync_log is true or false. |
611 | - * When true: returns BTRFS_NEED_TRANS_COMMIT if the transaction needs to be |
612 | - * committed by the caller, and BTRFS_DONT_NEED_TRANS_COMMIT |
613 | - * otherwise. |
614 | - * When false: returns BTRFS_DONT_NEED_LOG_SYNC if the caller does not need to |
615 | - * to sync the log, BTRFS_NEED_LOG_SYNC if it needs to sync the log, |
616 | - * or BTRFS_NEED_TRANS_COMMIT if the transaction needs to be |
617 | - * committed (without attempting to sync the log). |
618 | */ |
619 | -int btrfs_log_new_name(struct btrfs_trans_handle *trans, |
620 | +void btrfs_log_new_name(struct btrfs_trans_handle *trans, |
621 | struct btrfs_inode *inode, struct btrfs_inode *old_dir, |
622 | - struct dentry *parent, |
623 | - bool sync_log, struct btrfs_log_ctx *ctx) |
624 | + struct dentry *parent) |
625 | { |
626 | - struct btrfs_fs_info *fs_info = trans->fs_info; |
627 | - int ret; |
628 | + struct btrfs_log_ctx ctx; |
629 | |
630 | /* |
631 | * this will force the logging code to walk the dentry chain |
632 | @@ -6449,36 +6450,20 @@ int btrfs_log_new_name(struct btrfs_trans_handle *trans, |
633 | * if this inode hasn't been logged and directory we're renaming it |
634 | * from hasn't been logged, we don't need to log it |
635 | */ |
636 | - if (inode->logged_trans <= fs_info->last_trans_committed && |
637 | - (!old_dir || old_dir->logged_trans <= fs_info->last_trans_committed)) |
638 | - return sync_log ? BTRFS_DONT_NEED_TRANS_COMMIT : |
639 | - BTRFS_DONT_NEED_LOG_SYNC; |
640 | - |
641 | - if (sync_log) { |
642 | - struct btrfs_log_ctx ctx2; |
643 | - |
644 | - btrfs_init_log_ctx(&ctx2, &inode->vfs_inode); |
645 | - ret = btrfs_log_inode_parent(trans, inode, parent, 0, LLONG_MAX, |
646 | - LOG_INODE_EXISTS, &ctx2); |
647 | - if (ret == BTRFS_NO_LOG_SYNC) |
648 | - return BTRFS_DONT_NEED_TRANS_COMMIT; |
649 | - else if (ret) |
650 | - return BTRFS_NEED_TRANS_COMMIT; |
651 | - |
652 | - ret = btrfs_sync_log(trans, inode->root, &ctx2); |
653 | - if (ret) |
654 | - return BTRFS_NEED_TRANS_COMMIT; |
655 | - return BTRFS_DONT_NEED_TRANS_COMMIT; |
656 | - } |
657 | - |
658 | - ASSERT(ctx); |
659 | - ret = btrfs_log_inode_parent(trans, inode, parent, 0, LLONG_MAX, |
660 | - LOG_INODE_EXISTS, ctx); |
661 | - if (ret == BTRFS_NO_LOG_SYNC) |
662 | - return BTRFS_DONT_NEED_LOG_SYNC; |
663 | - else if (ret) |
664 | - return BTRFS_NEED_TRANS_COMMIT; |
665 | + if (!inode_logged(trans, inode) && |
666 | + (!old_dir || !inode_logged(trans, old_dir))) |
667 | + return; |
668 | |
669 | - return BTRFS_NEED_LOG_SYNC; |
670 | + btrfs_init_log_ctx(&ctx, &inode->vfs_inode); |
671 | + ctx.logging_new_name = true; |
672 | + /* |
673 | + * We don't care about the return value. If we fail to log the new name |
674 | + * then we know the next attempt to sync the log will fallback to a full |
675 | + * transaction commit (due to a call to btrfs_set_log_full_commit()), so |
676 | + * we don't need to worry about getting a log committed that has an |
677 | + * inconsistent state after a rename operation. |
678 | + */ |
679 | + btrfs_log_inode_parent(trans, inode, parent, 0, LLONG_MAX, |
680 | + LOG_INODE_EXISTS, &ctx); |
681 | } |
682 | |
683 | diff --git a/fs/btrfs/tree-log.h b/fs/btrfs/tree-log.h |
684 | index 132e43d29034e..ddfc6789d9bf5 100644 |
685 | --- a/fs/btrfs/tree-log.h |
686 | +++ b/fs/btrfs/tree-log.h |
687 | @@ -16,6 +16,7 @@ struct btrfs_log_ctx { |
688 | int log_ret; |
689 | int log_transid; |
690 | bool log_new_dentries; |
691 | + bool logging_new_name; |
692 | struct inode *inode; |
693 | struct list_head list; |
694 | }; |
695 | @@ -26,6 +27,7 @@ static inline void btrfs_init_log_ctx(struct btrfs_log_ctx *ctx, |
696 | ctx->log_ret = 0; |
697 | ctx->log_transid = 0; |
698 | ctx->log_new_dentries = false; |
699 | + ctx->logging_new_name = false; |
700 | ctx->inode = inode; |
701 | INIT_LIST_HEAD(&ctx->list); |
702 | } |
703 | @@ -67,16 +69,8 @@ void btrfs_record_unlink_dir(struct btrfs_trans_handle *trans, |
704 | int for_rename); |
705 | void btrfs_record_snapshot_destroy(struct btrfs_trans_handle *trans, |
706 | struct btrfs_inode *dir); |
707 | -/* Return values for btrfs_log_new_name() */ |
708 | -enum { |
709 | - BTRFS_DONT_NEED_TRANS_COMMIT, |
710 | - BTRFS_NEED_TRANS_COMMIT, |
711 | - BTRFS_DONT_NEED_LOG_SYNC, |
712 | - BTRFS_NEED_LOG_SYNC, |
713 | -}; |
714 | -int btrfs_log_new_name(struct btrfs_trans_handle *trans, |
715 | +void btrfs_log_new_name(struct btrfs_trans_handle *trans, |
716 | struct btrfs_inode *inode, struct btrfs_inode *old_dir, |
717 | - struct dentry *parent, |
718 | - bool sync_log, struct btrfs_log_ctx *ctx); |
719 | + struct dentry *parent); |
720 | |
721 | #endif |
722 | diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h |
723 | index 4d67a67964fa3..1e5ae3b01eb2b 100644 |
724 | --- a/include/acpi/acpi_bus.h |
725 | +++ b/include/acpi/acpi_bus.h |
726 | @@ -681,7 +681,8 @@ acpi_dev_get_first_match_dev(const char *hid, const char *uid, s64 hrv); |
727 | |
728 | static inline void acpi_dev_put(struct acpi_device *adev) |
729 | { |
730 | - put_device(&adev->dev); |
731 | + if (adev) |
732 | + put_device(&adev->dev); |
733 | } |
734 | #else /* CONFIG_ACPI */ |
735 | |
736 | diff --git a/include/linux/mfd/rt5033-private.h b/include/linux/mfd/rt5033-private.h |
737 | index f812105c538c8..f2271bfb3273f 100644 |
738 | --- a/include/linux/mfd/rt5033-private.h |
739 | +++ b/include/linux/mfd/rt5033-private.h |
740 | @@ -200,13 +200,13 @@ enum rt5033_reg { |
741 | #define RT5033_REGULATOR_BUCK_VOLTAGE_MIN 1000000U |
742 | #define RT5033_REGULATOR_BUCK_VOLTAGE_MAX 3000000U |
743 | #define RT5033_REGULATOR_BUCK_VOLTAGE_STEP 100000U |
744 | -#define RT5033_REGULATOR_BUCK_VOLTAGE_STEP_NUM 32 |
745 | +#define RT5033_REGULATOR_BUCK_VOLTAGE_STEP_NUM 21 |
746 | |
747 | /* RT5033 regulator LDO output voltage uV */ |
748 | #define RT5033_REGULATOR_LDO_VOLTAGE_MIN 1200000U |
749 | #define RT5033_REGULATOR_LDO_VOLTAGE_MAX 3000000U |
750 | #define RT5033_REGULATOR_LDO_VOLTAGE_STEP 100000U |
751 | -#define RT5033_REGULATOR_LDO_VOLTAGE_STEP_NUM 32 |
752 | +#define RT5033_REGULATOR_LDO_VOLTAGE_STEP_NUM 19 |
753 | |
754 | /* RT5033 regulator SAFE LDO output voltage uV */ |
755 | #define RT5033_REGULATOR_SAFE_LDO_VOLTAGE 4900000U |
756 | diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c |
757 | index aefd947947968..52c2b11a0b471 100644 |
758 | --- a/kernel/bpf/verifier.c |
759 | +++ b/kernel/bpf/verifier.c |
760 | @@ -4346,6 +4346,27 @@ struct bpf_sanitize_info { |
761 | bool mask_to_left; |
762 | }; |
763 | |
764 | +static struct bpf_verifier_state * |
765 | +sanitize_speculative_path(struct bpf_verifier_env *env, |
766 | + const struct bpf_insn *insn, |
767 | + u32 next_idx, u32 curr_idx) |
768 | +{ |
769 | + struct bpf_verifier_state *branch; |
770 | + struct bpf_reg_state *regs; |
771 | + |
772 | + branch = push_stack(env, next_idx, curr_idx, true); |
773 | + if (branch && insn) { |
774 | + regs = branch->frame[branch->curframe]->regs; |
775 | + if (BPF_SRC(insn->code) == BPF_K) { |
776 | + mark_reg_unknown(env, regs, insn->dst_reg); |
777 | + } else if (BPF_SRC(insn->code) == BPF_X) { |
778 | + mark_reg_unknown(env, regs, insn->dst_reg); |
779 | + mark_reg_unknown(env, regs, insn->src_reg); |
780 | + } |
781 | + } |
782 | + return branch; |
783 | +} |
784 | + |
785 | static int sanitize_ptr_alu(struct bpf_verifier_env *env, |
786 | struct bpf_insn *insn, |
787 | const struct bpf_reg_state *ptr_reg, |
788 | @@ -4429,12 +4450,26 @@ do_sim: |
789 | tmp = *dst_reg; |
790 | *dst_reg = *ptr_reg; |
791 | } |
792 | - ret = push_stack(env, env->insn_idx + 1, env->insn_idx, true); |
793 | + ret = sanitize_speculative_path(env, NULL, env->insn_idx + 1, |
794 | + env->insn_idx); |
795 | if (!ptr_is_dst_reg && ret) |
796 | *dst_reg = tmp; |
797 | return !ret ? REASON_STACK : 0; |
798 | } |
799 | |
800 | +static void sanitize_mark_insn_seen(struct bpf_verifier_env *env) |
801 | +{ |
802 | + struct bpf_verifier_state *vstate = env->cur_state; |
803 | + |
804 | + /* If we simulate paths under speculation, we don't update the |
805 | + * insn as 'seen' such that when we verify unreachable paths in |
806 | + * the non-speculative domain, sanitize_dead_code() can still |
807 | + * rewrite/sanitize them. |
808 | + */ |
809 | + if (!vstate->speculative) |
810 | + env->insn_aux_data[env->insn_idx].seen = true; |
811 | +} |
812 | + |
813 | static int sanitize_err(struct bpf_verifier_env *env, |
814 | const struct bpf_insn *insn, int reason, |
815 | const struct bpf_reg_state *off_reg, |
816 | @@ -6066,14 +6101,28 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, |
817 | if (err) |
818 | return err; |
819 | } |
820 | + |
821 | if (pred == 1) { |
822 | - /* only follow the goto, ignore fall-through */ |
823 | + /* Only follow the goto, ignore fall-through. If needed, push |
824 | + * the fall-through branch for simulation under speculative |
825 | + * execution. |
826 | + */ |
827 | + if (!env->allow_ptr_leaks && |
828 | + !sanitize_speculative_path(env, insn, *insn_idx + 1, |
829 | + *insn_idx)) |
830 | + return -EFAULT; |
831 | *insn_idx += insn->off; |
832 | return 0; |
833 | } else if (pred == 0) { |
834 | - /* only follow fall-through branch, since |
835 | - * that's where the program will go |
836 | + /* Only follow the fall-through branch, since that's where the |
837 | + * program will go. If needed, push the goto branch for |
838 | + * simulation under speculative execution. |
839 | */ |
840 | + if (!env->allow_ptr_leaks && |
841 | + !sanitize_speculative_path(env, insn, |
842 | + *insn_idx + insn->off + 1, |
843 | + *insn_idx)) |
844 | + return -EFAULT; |
845 | return 0; |
846 | } |
847 | |
848 | @@ -7790,7 +7839,7 @@ static int do_check(struct bpf_verifier_env *env) |
849 | } |
850 | |
851 | regs = cur_regs(env); |
852 | - env->insn_aux_data[env->insn_idx].seen = true; |
853 | + sanitize_mark_insn_seen(env); |
854 | prev_insn_idx = env->insn_idx; |
855 | |
856 | if (class == BPF_ALU || class == BPF_ALU64) { |
857 | @@ -8025,7 +8074,7 @@ process_bpf_exit: |
858 | return err; |
859 | |
860 | env->insn_idx++; |
861 | - env->insn_aux_data[env->insn_idx].seen = true; |
862 | + sanitize_mark_insn_seen(env); |
863 | } else { |
864 | verbose(env, "invalid BPF_LD mode\n"); |
865 | return -EINVAL; |
866 | @@ -8304,6 +8353,7 @@ static int adjust_insn_aux_data(struct bpf_verifier_env *env, |
867 | { |
868 | struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data; |
869 | struct bpf_insn *insn = new_prog->insnsi; |
870 | + bool old_seen = old_data[off].seen; |
871 | u32 prog_len; |
872 | int i; |
873 | |
874 | @@ -8324,7 +8374,8 @@ static int adjust_insn_aux_data(struct bpf_verifier_env *env, |
875 | memcpy(new_data + off + cnt - 1, old_data + off, |
876 | sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1)); |
877 | for (i = off; i < off + cnt - 1; i++) { |
878 | - new_data[i].seen = true; |
879 | + /* Expand insni[off]'s seen count to the patched range. */ |
880 | + new_data[i].seen = old_seen; |
881 | new_data[i].zext_dst = insn_has_def32(env, insn + i); |
882 | } |
883 | env->insn_aux_data = new_data; |
884 | diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c |
885 | index 37b585c9e857f..21a7ea9b70c8a 100644 |
886 | --- a/net/bluetooth/hci_core.c |
887 | +++ b/net/bluetooth/hci_core.c |
888 | @@ -1672,6 +1672,14 @@ int hci_dev_do_close(struct hci_dev *hdev) |
889 | |
890 | BT_DBG("%s %p", hdev->name, hdev); |
891 | |
892 | + if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) && |
893 | + !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && |
894 | + test_bit(HCI_UP, &hdev->flags)) { |
895 | + /* Execute vendor specific shutdown routine */ |
896 | + if (hdev->shutdown) |
897 | + hdev->shutdown(hdev); |
898 | + } |
899 | + |
900 | cancel_delayed_work(&hdev->power_off); |
901 | |
902 | hci_request_cancel_all(hdev); |
903 | @@ -1745,14 +1753,6 @@ int hci_dev_do_close(struct hci_dev *hdev) |
904 | clear_bit(HCI_INIT, &hdev->flags); |
905 | } |
906 | |
907 | - if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) && |
908 | - !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && |
909 | - test_bit(HCI_UP, &hdev->flags)) { |
910 | - /* Execute vendor specific shutdown routine */ |
911 | - if (hdev->shutdown) |
912 | - hdev->shutdown(hdev); |
913 | - } |
914 | - |
915 | /* flush cmd work */ |
916 | flush_work(&hdev->cmd_work); |
917 | |
918 | diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
919 | index 99d6f4d1297ca..7dba091bc8617 100644 |
920 | --- a/net/core/skbuff.c |
921 | +++ b/net/core/skbuff.c |
922 | @@ -2921,8 +2921,11 @@ skb_zerocopy_headlen(const struct sk_buff *from) |
923 | |
924 | if (!from->head_frag || |
925 | skb_headlen(from) < L1_CACHE_BYTES || |
926 | - skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS) |
927 | + skb_shinfo(from)->nr_frags >= MAX_SKB_FRAGS) { |
928 | hlen = skb_headlen(from); |
929 | + if (!hlen) |
930 | + hlen = from->len; |
931 | + } |
932 | |
933 | if (skb_has_frag_list(from)) |
934 | hlen = from->len; |
935 | diff --git a/sound/soc/codecs/tlv320aic31xx.h b/sound/soc/codecs/tlv320aic31xx.h |
936 | index cb024955c9784..73c5f6c8ed690 100644 |
937 | --- a/sound/soc/codecs/tlv320aic31xx.h |
938 | +++ b/sound/soc/codecs/tlv320aic31xx.h |
939 | @@ -151,8 +151,8 @@ struct aic31xx_pdata { |
940 | #define AIC31XX_WORD_LEN_24BITS 0x02 |
941 | #define AIC31XX_WORD_LEN_32BITS 0x03 |
942 | #define AIC31XX_IFACE1_MASTER_MASK GENMASK(3, 2) |
943 | -#define AIC31XX_BCLK_MASTER BIT(2) |
944 | -#define AIC31XX_WCLK_MASTER BIT(3) |
945 | +#define AIC31XX_BCLK_MASTER BIT(3) |
946 | +#define AIC31XX_WCLK_MASTER BIT(2) |
947 | |
948 | /* AIC31XX_DATA_OFFSET */ |
949 | #define AIC31XX_DATA_OFFSET_MASK GENMASK(7, 0) |
950 | diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c |
951 | index d27fd929abb90..43224c5ec1e9b 100644 |
952 | --- a/tools/testing/selftests/bpf/test_verifier.c |
953 | +++ b/tools/testing/selftests/bpf/test_verifier.c |
954 | @@ -980,7 +980,7 @@ static void do_test_single(struct bpf_test *test, bool unpriv, |
955 | } |
956 | } |
957 | |
958 | - if (test->insn_processed) { |
959 | + if (!unpriv && test->insn_processed) { |
960 | uint32_t insn_processed; |
961 | char *proc; |
962 | |
963 | diff --git a/tools/testing/selftests/bpf/verifier/bounds.c b/tools/testing/selftests/bpf/verifier/bounds.c |
964 | index d55f476f2237d..92c02e4a1b626 100644 |
965 | --- a/tools/testing/selftests/bpf/verifier/bounds.c |
966 | +++ b/tools/testing/selftests/bpf/verifier/bounds.c |
967 | @@ -506,3 +506,68 @@ |
968 | .errstr = "map_value pointer and 1000000000000", |
969 | .result = REJECT |
970 | }, |
971 | +{ |
972 | + "bounds check mixed 32bit and 64bit arithmatic. test1", |
973 | + .insns = { |
974 | + BPF_MOV64_IMM(BPF_REG_0, 0), |
975 | + BPF_MOV64_IMM(BPF_REG_1, -1), |
976 | + BPF_ALU64_IMM(BPF_LSH, BPF_REG_1, 32), |
977 | + BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 1), |
978 | + /* r1 = 0xffffFFFF00000001 */ |
979 | + BPF_JMP32_IMM(BPF_JGT, BPF_REG_1, 1, 3), |
980 | + /* check ALU64 op keeps 32bit bounds */ |
981 | + BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 1), |
982 | + BPF_JMP32_IMM(BPF_JGT, BPF_REG_1, 2, 1), |
983 | + BPF_JMP_A(1), |
984 | + /* invalid ldx if bounds are lost above */ |
985 | + BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, -1), |
986 | + BPF_EXIT_INSN(), |
987 | + }, |
988 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
989 | + .result_unpriv = REJECT, |
990 | + .result = ACCEPT |
991 | +}, |
992 | +{ |
993 | + "bounds check mixed 32bit and 64bit arithmatic. test2", |
994 | + .insns = { |
995 | + BPF_MOV64_IMM(BPF_REG_0, 0), |
996 | + BPF_MOV64_IMM(BPF_REG_1, -1), |
997 | + BPF_ALU64_IMM(BPF_LSH, BPF_REG_1, 32), |
998 | + BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 1), |
999 | + /* r1 = 0xffffFFFF00000001 */ |
1000 | + BPF_MOV64_IMM(BPF_REG_2, 3), |
1001 | + /* r1 = 0x2 */ |
1002 | + BPF_ALU32_IMM(BPF_ADD, BPF_REG_1, 1), |
1003 | + /* check ALU32 op zero extends 64bit bounds */ |
1004 | + BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_2, 1), |
1005 | + BPF_JMP_A(1), |
1006 | + /* invalid ldx if bounds are lost above */ |
1007 | + BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, -1), |
1008 | + BPF_EXIT_INSN(), |
1009 | + }, |
1010 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1011 | + .result_unpriv = REJECT, |
1012 | + .result = ACCEPT |
1013 | +}, |
1014 | +{ |
1015 | + "assigning 32bit bounds to 64bit for wA = 0, wB = wA", |
1016 | + .insns = { |
1017 | + BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, |
1018 | + offsetof(struct __sk_buff, data_end)), |
1019 | + BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, |
1020 | + offsetof(struct __sk_buff, data)), |
1021 | + BPF_MOV32_IMM(BPF_REG_9, 0), |
1022 | + BPF_MOV32_REG(BPF_REG_2, BPF_REG_9), |
1023 | + BPF_MOV64_REG(BPF_REG_6, BPF_REG_7), |
1024 | + BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_2), |
1025 | + BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), |
1026 | + BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 8), |
1027 | + BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_8, 1), |
1028 | + BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_6, 0), |
1029 | + BPF_MOV64_IMM(BPF_REG_0, 0), |
1030 | + BPF_EXIT_INSN(), |
1031 | + }, |
1032 | + .prog_type = BPF_PROG_TYPE_SCHED_CLS, |
1033 | + .result = ACCEPT, |
1034 | + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, |
1035 | +}, |
1036 | diff --git a/tools/testing/selftests/bpf/verifier/dead_code.c b/tools/testing/selftests/bpf/verifier/dead_code.c |
1037 | index 50a8a63be4ac9..a7e60a773da60 100644 |
1038 | --- a/tools/testing/selftests/bpf/verifier/dead_code.c |
1039 | +++ b/tools/testing/selftests/bpf/verifier/dead_code.c |
1040 | @@ -8,6 +8,8 @@ |
1041 | BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 10, -4), |
1042 | BPF_EXIT_INSN(), |
1043 | }, |
1044 | + .errstr_unpriv = "R9 !read_ok", |
1045 | + .result_unpriv = REJECT, |
1046 | .result = ACCEPT, |
1047 | .retval = 7, |
1048 | }, |
1049 | diff --git a/tools/testing/selftests/bpf/verifier/jmp32.c b/tools/testing/selftests/bpf/verifier/jmp32.c |
1050 | index f0961c58581ea..f2fabf6ebc61c 100644 |
1051 | --- a/tools/testing/selftests/bpf/verifier/jmp32.c |
1052 | +++ b/tools/testing/selftests/bpf/verifier/jmp32.c |
1053 | @@ -72,6 +72,8 @@ |
1054 | BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), |
1055 | BPF_EXIT_INSN(), |
1056 | }, |
1057 | + .errstr_unpriv = "R9 !read_ok", |
1058 | + .result_unpriv = REJECT, |
1059 | .result = ACCEPT, |
1060 | }, |
1061 | { |
1062 | @@ -135,6 +137,8 @@ |
1063 | BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), |
1064 | BPF_EXIT_INSN(), |
1065 | }, |
1066 | + .errstr_unpriv = "R9 !read_ok", |
1067 | + .result_unpriv = REJECT, |
1068 | .result = ACCEPT, |
1069 | }, |
1070 | { |
1071 | @@ -198,6 +202,8 @@ |
1072 | BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), |
1073 | BPF_EXIT_INSN(), |
1074 | }, |
1075 | + .errstr_unpriv = "R9 !read_ok", |
1076 | + .result_unpriv = REJECT, |
1077 | .result = ACCEPT, |
1078 | }, |
1079 | { |
1080 | @@ -265,6 +271,8 @@ |
1081 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1082 | BPF_EXIT_INSN(), |
1083 | }, |
1084 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1085 | + .result_unpriv = REJECT, |
1086 | .result = ACCEPT, |
1087 | .retval = 2, |
1088 | }, |
1089 | @@ -333,6 +341,8 @@ |
1090 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1091 | BPF_EXIT_INSN(), |
1092 | }, |
1093 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1094 | + .result_unpriv = REJECT, |
1095 | .result = ACCEPT, |
1096 | .retval = 2, |
1097 | }, |
1098 | @@ -401,6 +411,8 @@ |
1099 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1100 | BPF_EXIT_INSN(), |
1101 | }, |
1102 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1103 | + .result_unpriv = REJECT, |
1104 | .result = ACCEPT, |
1105 | .retval = 2, |
1106 | }, |
1107 | @@ -469,6 +481,8 @@ |
1108 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1109 | BPF_EXIT_INSN(), |
1110 | }, |
1111 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1112 | + .result_unpriv = REJECT, |
1113 | .result = ACCEPT, |
1114 | .retval = 2, |
1115 | }, |
1116 | @@ -537,6 +551,8 @@ |
1117 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1118 | BPF_EXIT_INSN(), |
1119 | }, |
1120 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1121 | + .result_unpriv = REJECT, |
1122 | .result = ACCEPT, |
1123 | .retval = 2, |
1124 | }, |
1125 | @@ -605,6 +621,8 @@ |
1126 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1127 | BPF_EXIT_INSN(), |
1128 | }, |
1129 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1130 | + .result_unpriv = REJECT, |
1131 | .result = ACCEPT, |
1132 | .retval = 2, |
1133 | }, |
1134 | @@ -673,6 +691,8 @@ |
1135 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1136 | BPF_EXIT_INSN(), |
1137 | }, |
1138 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1139 | + .result_unpriv = REJECT, |
1140 | .result = ACCEPT, |
1141 | .retval = 2, |
1142 | }, |
1143 | @@ -741,6 +761,8 @@ |
1144 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
1145 | BPF_EXIT_INSN(), |
1146 | }, |
1147 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1148 | + .result_unpriv = REJECT, |
1149 | .result = ACCEPT, |
1150 | .retval = 2, |
1151 | }, |
1152 | diff --git a/tools/testing/selftests/bpf/verifier/jset.c b/tools/testing/selftests/bpf/verifier/jset.c |
1153 | index 8dcd4e0383d57..11fc68da735ea 100644 |
1154 | --- a/tools/testing/selftests/bpf/verifier/jset.c |
1155 | +++ b/tools/testing/selftests/bpf/verifier/jset.c |
1156 | @@ -82,8 +82,8 @@ |
1157 | BPF_EXIT_INSN(), |
1158 | }, |
1159 | .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, |
1160 | - .retval_unpriv = 1, |
1161 | - .result_unpriv = ACCEPT, |
1162 | + .errstr_unpriv = "R9 !read_ok", |
1163 | + .result_unpriv = REJECT, |
1164 | .retval = 1, |
1165 | .result = ACCEPT, |
1166 | }, |
1167 | @@ -141,7 +141,8 @@ |
1168 | BPF_EXIT_INSN(), |
1169 | }, |
1170 | .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, |
1171 | - .result_unpriv = ACCEPT, |
1172 | + .errstr_unpriv = "R9 !read_ok", |
1173 | + .result_unpriv = REJECT, |
1174 | .result = ACCEPT, |
1175 | }, |
1176 | { |
1177 | @@ -162,6 +163,7 @@ |
1178 | BPF_EXIT_INSN(), |
1179 | }, |
1180 | .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, |
1181 | - .result_unpriv = ACCEPT, |
1182 | + .errstr_unpriv = "R9 !read_ok", |
1183 | + .result_unpriv = REJECT, |
1184 | .result = ACCEPT, |
1185 | }, |
1186 | diff --git a/tools/testing/selftests/bpf/verifier/unpriv.c b/tools/testing/selftests/bpf/verifier/unpriv.c |
1187 | index c3f6f650deb76..593f5b586e872 100644 |
1188 | --- a/tools/testing/selftests/bpf/verifier/unpriv.c |
1189 | +++ b/tools/testing/selftests/bpf/verifier/unpriv.c |
1190 | @@ -418,6 +418,8 @@ |
1191 | BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), |
1192 | BPF_EXIT_INSN(), |
1193 | }, |
1194 | + .errstr_unpriv = "R7 invalid mem access 'inv'", |
1195 | + .result_unpriv = REJECT, |
1196 | .result = ACCEPT, |
1197 | .retval = 0, |
1198 | }, |
1199 | diff --git a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
1200 | index 28d44e6aa0b7e..a8dab0f58462e 100644 |
1201 | --- a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
1202 | +++ b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
1203 | @@ -120,7 +120,7 @@ |
1204 | .fixup_map_array_48b = { 1 }, |
1205 | .result = ACCEPT, |
1206 | .result_unpriv = REJECT, |
1207 | - .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", |
1208 | + .errstr_unpriv = "R2 pointer comparison prohibited", |
1209 | .retval = 0, |
1210 | }, |
1211 | { |
1212 | @@ -159,7 +159,8 @@ |
1213 | BPF_MOV64_IMM(BPF_REG_0, 0), |
1214 | BPF_EXIT_INSN(), |
1215 | // fake-dead code; targeted from branch A to |
1216 | - // prevent dead code sanitization |
1217 | + // prevent dead code sanitization, rejected |
1218 | + // via branch B however |
1219 | BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0), |
1220 | BPF_MOV64_IMM(BPF_REG_0, 0), |
1221 | BPF_EXIT_INSN(), |
1222 | @@ -167,7 +168,7 @@ |
1223 | .fixup_map_array_48b = { 1 }, |
1224 | .result = ACCEPT, |
1225 | .result_unpriv = REJECT, |
1226 | - .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", |
1227 | + .errstr_unpriv = "R0 invalid mem access 'inv'", |
1228 | .retval = 0, |
1229 | }, |
1230 | { |