Contents of /trunk/kernel-alx/patches-5.4/0243-5.4.144-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3637 -
(show annotations)
(download)
Mon Oct 24 12:40:44 2022 UTC (18 months, 3 weeks ago) by niro
File size: 55709 byte(s)
Mon Oct 24 12:40:44 2022 UTC (18 months, 3 weeks ago) by niro
File size: 55709 byte(s)
-add missing
| 1 | diff --git a/Makefile b/Makefile |
| 2 | index e99fabc4dfc8c..3c3804197b511 100644 |
| 3 | --- a/Makefile |
| 4 | +++ b/Makefile |
| 5 | @@ -1,7 +1,7 @@ |
| 6 | # SPDX-License-Identifier: GPL-2.0 |
| 7 | VERSION = 5 |
| 8 | PATCHLEVEL = 4 |
| 9 | -SUBLEVEL = 143 |
| 10 | +SUBLEVEL = 144 |
| 11 | EXTRAVERSION = |
| 12 | NAME = Kleptomaniac Octopus |
| 13 | |
| 14 | diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S |
| 15 | index 6c693a9d29b6d..0391b8293ad85 100644 |
| 16 | --- a/arch/arc/kernel/vmlinux.lds.S |
| 17 | +++ b/arch/arc/kernel/vmlinux.lds.S |
| 18 | @@ -88,6 +88,8 @@ SECTIONS |
| 19 | CPUIDLE_TEXT |
| 20 | LOCK_TEXT |
| 21 | KPROBES_TEXT |
| 22 | + IRQENTRY_TEXT |
| 23 | + SOFTIRQENTRY_TEXT |
| 24 | *(.fixup) |
| 25 | *(.gnu.warning) |
| 26 | } |
| 27 | diff --git a/arch/arm64/boot/dts/qcom/msm8994-angler-rev-101.dts b/arch/arm64/boot/dts/qcom/msm8994-angler-rev-101.dts |
| 28 | index a5f9a6ab512c4..9b989cc30edc8 100644 |
| 29 | --- a/arch/arm64/boot/dts/qcom/msm8994-angler-rev-101.dts |
| 30 | +++ b/arch/arm64/boot/dts/qcom/msm8994-angler-rev-101.dts |
| 31 | @@ -30,3 +30,7 @@ |
| 32 | }; |
| 33 | }; |
| 34 | }; |
| 35 | + |
| 36 | +&msmgpio { |
| 37 | + gpio-reserved-ranges = <85 4>; |
| 38 | +}; |
| 39 | diff --git a/arch/parisc/include/asm/string.h b/arch/parisc/include/asm/string.h |
| 40 | index 4a0c9dbd62fd0..f6e1132f4e352 100644 |
| 41 | --- a/arch/parisc/include/asm/string.h |
| 42 | +++ b/arch/parisc/include/asm/string.h |
| 43 | @@ -8,19 +8,4 @@ extern void * memset(void *, int, size_t); |
| 44 | #define __HAVE_ARCH_MEMCPY |
| 45 | void * memcpy(void * dest,const void *src,size_t count); |
| 46 | |
| 47 | -#define __HAVE_ARCH_STRLEN |
| 48 | -extern size_t strlen(const char *s); |
| 49 | - |
| 50 | -#define __HAVE_ARCH_STRCPY |
| 51 | -extern char *strcpy(char *dest, const char *src); |
| 52 | - |
| 53 | -#define __HAVE_ARCH_STRNCPY |
| 54 | -extern char *strncpy(char *dest, const char *src, size_t count); |
| 55 | - |
| 56 | -#define __HAVE_ARCH_STRCAT |
| 57 | -extern char *strcat(char *dest, const char *src); |
| 58 | - |
| 59 | -#define __HAVE_ARCH_MEMSET |
| 60 | -extern void *memset(void *, int, size_t); |
| 61 | - |
| 62 | #endif |
| 63 | diff --git a/arch/parisc/kernel/parisc_ksyms.c b/arch/parisc/kernel/parisc_ksyms.c |
| 64 | index 8ed409ecec933..e8a6a751dfd8e 100644 |
| 65 | --- a/arch/parisc/kernel/parisc_ksyms.c |
| 66 | +++ b/arch/parisc/kernel/parisc_ksyms.c |
| 67 | @@ -17,10 +17,6 @@ |
| 68 | |
| 69 | #include <linux/string.h> |
| 70 | EXPORT_SYMBOL(memset); |
| 71 | -EXPORT_SYMBOL(strlen); |
| 72 | -EXPORT_SYMBOL(strcpy); |
| 73 | -EXPORT_SYMBOL(strncpy); |
| 74 | -EXPORT_SYMBOL(strcat); |
| 75 | |
| 76 | #include <linux/atomic.h> |
| 77 | EXPORT_SYMBOL(__xchg8); |
| 78 | diff --git a/arch/parisc/lib/Makefile b/arch/parisc/lib/Makefile |
| 79 | index 2d7a9974dbaef..7b197667faf6c 100644 |
| 80 | --- a/arch/parisc/lib/Makefile |
| 81 | +++ b/arch/parisc/lib/Makefile |
| 82 | @@ -3,7 +3,7 @@ |
| 83 | # Makefile for parisc-specific library files |
| 84 | # |
| 85 | |
| 86 | -lib-y := lusercopy.o bitops.o checksum.o io.o memcpy.o \ |
| 87 | - ucmpdi2.o delay.o string.o |
| 88 | +lib-y := lusercopy.o bitops.o checksum.o io.o memset.o memcpy.o \ |
| 89 | + ucmpdi2.o delay.o |
| 90 | |
| 91 | obj-y := iomap.o |
| 92 | diff --git a/arch/parisc/lib/memset.c b/arch/parisc/lib/memset.c |
| 93 | new file mode 100644 |
| 94 | index 0000000000000..133e4809859a3 |
| 95 | --- /dev/null |
| 96 | +++ b/arch/parisc/lib/memset.c |
| 97 | @@ -0,0 +1,72 @@ |
| 98 | +/* SPDX-License-Identifier: GPL-2.0-or-later */ |
| 99 | +#include <linux/types.h> |
| 100 | +#include <asm/string.h> |
| 101 | + |
| 102 | +#define OPSIZ (BITS_PER_LONG/8) |
| 103 | +typedef unsigned long op_t; |
| 104 | + |
| 105 | +void * |
| 106 | +memset (void *dstpp, int sc, size_t len) |
| 107 | +{ |
| 108 | + unsigned int c = sc; |
| 109 | + long int dstp = (long int) dstpp; |
| 110 | + |
| 111 | + if (len >= 8) |
| 112 | + { |
| 113 | + size_t xlen; |
| 114 | + op_t cccc; |
| 115 | + |
| 116 | + cccc = (unsigned char) c; |
| 117 | + cccc |= cccc << 8; |
| 118 | + cccc |= cccc << 16; |
| 119 | + if (OPSIZ > 4) |
| 120 | + /* Do the shift in two steps to avoid warning if long has 32 bits. */ |
| 121 | + cccc |= (cccc << 16) << 16; |
| 122 | + |
| 123 | + /* There are at least some bytes to set. |
| 124 | + No need to test for LEN == 0 in this alignment loop. */ |
| 125 | + while (dstp % OPSIZ != 0) |
| 126 | + { |
| 127 | + ((unsigned char *) dstp)[0] = c; |
| 128 | + dstp += 1; |
| 129 | + len -= 1; |
| 130 | + } |
| 131 | + |
| 132 | + /* Write 8 `op_t' per iteration until less than 8 `op_t' remain. */ |
| 133 | + xlen = len / (OPSIZ * 8); |
| 134 | + while (xlen > 0) |
| 135 | + { |
| 136 | + ((op_t *) dstp)[0] = cccc; |
| 137 | + ((op_t *) dstp)[1] = cccc; |
| 138 | + ((op_t *) dstp)[2] = cccc; |
| 139 | + ((op_t *) dstp)[3] = cccc; |
| 140 | + ((op_t *) dstp)[4] = cccc; |
| 141 | + ((op_t *) dstp)[5] = cccc; |
| 142 | + ((op_t *) dstp)[6] = cccc; |
| 143 | + ((op_t *) dstp)[7] = cccc; |
| 144 | + dstp += 8 * OPSIZ; |
| 145 | + xlen -= 1; |
| 146 | + } |
| 147 | + len %= OPSIZ * 8; |
| 148 | + |
| 149 | + /* Write 1 `op_t' per iteration until less than OPSIZ bytes remain. */ |
| 150 | + xlen = len / OPSIZ; |
| 151 | + while (xlen > 0) |
| 152 | + { |
| 153 | + ((op_t *) dstp)[0] = cccc; |
| 154 | + dstp += OPSIZ; |
| 155 | + xlen -= 1; |
| 156 | + } |
| 157 | + len %= OPSIZ; |
| 158 | + } |
| 159 | + |
| 160 | + /* Write the last few bytes. */ |
| 161 | + while (len > 0) |
| 162 | + { |
| 163 | + ((unsigned char *) dstp)[0] = c; |
| 164 | + dstp += 1; |
| 165 | + len -= 1; |
| 166 | + } |
| 167 | + |
| 168 | + return dstpp; |
| 169 | +} |
| 170 | diff --git a/arch/parisc/lib/string.S b/arch/parisc/lib/string.S |
| 171 | deleted file mode 100644 |
| 172 | index 4a64264427a63..0000000000000 |
| 173 | --- a/arch/parisc/lib/string.S |
| 174 | +++ /dev/null |
| 175 | @@ -1,136 +0,0 @@ |
| 176 | -// SPDX-License-Identifier: GPL-2.0 |
| 177 | -/* |
| 178 | - * PA-RISC assembly string functions |
| 179 | - * |
| 180 | - * Copyright (C) 2019 Helge Deller <deller@gmx.de> |
| 181 | - */ |
| 182 | - |
| 183 | -#include <asm/assembly.h> |
| 184 | -#include <linux/linkage.h> |
| 185 | - |
| 186 | - .section .text.hot |
| 187 | - .level PA_ASM_LEVEL |
| 188 | - |
| 189 | - t0 = r20 |
| 190 | - t1 = r21 |
| 191 | - t2 = r22 |
| 192 | - |
| 193 | -ENTRY_CFI(strlen, frame=0,no_calls) |
| 194 | - or,COND(<>) arg0,r0,ret0 |
| 195 | - b,l,n .Lstrlen_null_ptr,r0 |
| 196 | - depwi 0,31,2,ret0 |
| 197 | - cmpb,COND(<>) arg0,ret0,.Lstrlen_not_aligned |
| 198 | - ldw,ma 4(ret0),t0 |
| 199 | - cmpib,tr 0,r0,.Lstrlen_loop |
| 200 | - uxor,nbz r0,t0,r0 |
| 201 | -.Lstrlen_not_aligned: |
| 202 | - uaddcm arg0,ret0,t1 |
| 203 | - shladd t1,3,r0,t1 |
| 204 | - mtsar t1 |
| 205 | - depwi -1,%sar,32,t0 |
| 206 | - uxor,nbz r0,t0,r0 |
| 207 | -.Lstrlen_loop: |
| 208 | - b,l,n .Lstrlen_end_loop,r0 |
| 209 | - ldw,ma 4(ret0),t0 |
| 210 | - cmpib,tr 0,r0,.Lstrlen_loop |
| 211 | - uxor,nbz r0,t0,r0 |
| 212 | -.Lstrlen_end_loop: |
| 213 | - extrw,u,<> t0,7,8,r0 |
| 214 | - addib,tr,n -3,ret0,.Lstrlen_out |
| 215 | - extrw,u,<> t0,15,8,r0 |
| 216 | - addib,tr,n -2,ret0,.Lstrlen_out |
| 217 | - extrw,u,<> t0,23,8,r0 |
| 218 | - addi -1,ret0,ret0 |
| 219 | -.Lstrlen_out: |
| 220 | - bv r0(rp) |
| 221 | - uaddcm ret0,arg0,ret0 |
| 222 | -.Lstrlen_null_ptr: |
| 223 | - bv,n r0(rp) |
| 224 | -ENDPROC_CFI(strlen) |
| 225 | - |
| 226 | - |
| 227 | -ENTRY_CFI(strcpy, frame=0,no_calls) |
| 228 | - ldb 0(arg1),t0 |
| 229 | - stb t0,0(arg0) |
| 230 | - ldo 0(arg0),ret0 |
| 231 | - ldo 1(arg1),t1 |
| 232 | - cmpb,= r0,t0,2f |
| 233 | - ldo 1(arg0),t2 |
| 234 | -1: ldb 0(t1),arg1 |
| 235 | - stb arg1,0(t2) |
| 236 | - ldo 1(t1),t1 |
| 237 | - cmpb,<> r0,arg1,1b |
| 238 | - ldo 1(t2),t2 |
| 239 | -2: bv,n r0(rp) |
| 240 | -ENDPROC_CFI(strcpy) |
| 241 | - |
| 242 | - |
| 243 | -ENTRY_CFI(strncpy, frame=0,no_calls) |
| 244 | - ldb 0(arg1),t0 |
| 245 | - stb t0,0(arg0) |
| 246 | - ldo 1(arg1),t1 |
| 247 | - ldo 0(arg0),ret0 |
| 248 | - cmpb,= r0,t0,2f |
| 249 | - ldo 1(arg0),arg1 |
| 250 | -1: ldo -1(arg2),arg2 |
| 251 | - cmpb,COND(=),n r0,arg2,2f |
| 252 | - ldb 0(t1),arg0 |
| 253 | - stb arg0,0(arg1) |
| 254 | - ldo 1(t1),t1 |
| 255 | - cmpb,<> r0,arg0,1b |
| 256 | - ldo 1(arg1),arg1 |
| 257 | -2: bv,n r0(rp) |
| 258 | -ENDPROC_CFI(strncpy) |
| 259 | - |
| 260 | - |
| 261 | -ENTRY_CFI(strcat, frame=0,no_calls) |
| 262 | - ldb 0(arg0),t0 |
| 263 | - cmpb,= t0,r0,2f |
| 264 | - ldo 0(arg0),ret0 |
| 265 | - ldo 1(arg0),arg0 |
| 266 | -1: ldb 0(arg0),t1 |
| 267 | - cmpb,<>,n r0,t1,1b |
| 268 | - ldo 1(arg0),arg0 |
| 269 | -2: ldb 0(arg1),t2 |
| 270 | - stb t2,0(arg0) |
| 271 | - ldo 1(arg0),arg0 |
| 272 | - ldb 0(arg1),t0 |
| 273 | - cmpb,<> r0,t0,2b |
| 274 | - ldo 1(arg1),arg1 |
| 275 | - bv,n r0(rp) |
| 276 | -ENDPROC_CFI(strcat) |
| 277 | - |
| 278 | - |
| 279 | -ENTRY_CFI(memset, frame=0,no_calls) |
| 280 | - copy arg0,ret0 |
| 281 | - cmpb,COND(=) r0,arg0,4f |
| 282 | - copy arg0,t2 |
| 283 | - cmpb,COND(=) r0,arg2,4f |
| 284 | - ldo -1(arg2),arg3 |
| 285 | - subi -1,arg3,t0 |
| 286 | - subi 0,t0,t1 |
| 287 | - cmpiclr,COND(>=) 0,t1,arg2 |
| 288 | - ldo -1(t1),arg2 |
| 289 | - extru arg2,31,2,arg0 |
| 290 | -2: stb arg1,0(t2) |
| 291 | - ldo 1(t2),t2 |
| 292 | - addib,>= -1,arg0,2b |
| 293 | - ldo -1(arg3),arg3 |
| 294 | - cmpiclr,COND(<=) 4,arg2,r0 |
| 295 | - b,l,n 4f,r0 |
| 296 | -#ifdef CONFIG_64BIT |
| 297 | - depd,* r0,63,2,arg2 |
| 298 | -#else |
| 299 | - depw r0,31,2,arg2 |
| 300 | -#endif |
| 301 | - ldo 1(t2),t2 |
| 302 | -3: stb arg1,-1(t2) |
| 303 | - stb arg1,0(t2) |
| 304 | - stb arg1,1(t2) |
| 305 | - stb arg1,2(t2) |
| 306 | - addib,COND(>) -4,arg2,3b |
| 307 | - ldo 4(t2),t2 |
| 308 | -4: bv,n r0(rp) |
| 309 | -ENDPROC_CFI(memset) |
| 310 | - |
| 311 | - .end |
| 312 | diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c |
| 313 | index 40751af62dd3d..9096a1693942d 100644 |
| 314 | --- a/arch/x86/events/intel/uncore_snbep.c |
| 315 | +++ b/arch/x86/events/intel/uncore_snbep.c |
| 316 | @@ -4382,7 +4382,7 @@ static void snr_uncore_mmio_init_box(struct intel_uncore_box *box) |
| 317 | return; |
| 318 | |
| 319 | pci_read_config_dword(pdev, SNR_IMC_MMIO_BASE_OFFSET, &pci_dword); |
| 320 | - addr = (pci_dword & SNR_IMC_MMIO_BASE_MASK) << 23; |
| 321 | + addr = ((resource_size_t)pci_dword & SNR_IMC_MMIO_BASE_MASK) << 23; |
| 322 | |
| 323 | pci_read_config_dword(pdev, SNR_IMC_MMIO_MEM0_OFFSET, &pci_dword); |
| 324 | addr |= (pci_dword & SNR_IMC_MMIO_MEM0_MASK) << 12; |
| 325 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c |
| 326 | index 260c64c205b8c..d3877dd713aef 100644 |
| 327 | --- a/arch/x86/kvm/mmu.c |
| 328 | +++ b/arch/x86/kvm/mmu.c |
| 329 | @@ -4666,7 +4666,15 @@ static void reset_rsvds_bits_mask_ept(struct kvm_vcpu *vcpu, |
| 330 | void |
| 331 | reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context) |
| 332 | { |
| 333 | - bool uses_nx = context->nx || |
| 334 | + /* |
| 335 | + * KVM uses NX when TDP is disabled to handle a variety of scenarios, |
| 336 | + * notably for huge SPTEs if iTLB multi-hit mitigation is enabled and |
| 337 | + * to generate correct permissions for CR0.WP=0/CR4.SMEP=1/EFER.NX=0. |
| 338 | + * The iTLB multi-hit workaround can be toggled at any time, so assume |
| 339 | + * NX can be used by any non-nested shadow MMU to avoid having to reset |
| 340 | + * MMU contexts. Note, KVM forces EFER.NX=1 when TDP is disabled. |
| 341 | + */ |
| 342 | + bool uses_nx = context->nx || !tdp_enabled || |
| 343 | context->mmu_role.base.smep_andnot_wp; |
| 344 | struct rsvd_bits_validate *shadow_zero_check; |
| 345 | int i; |
| 346 | diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c |
| 347 | index 40ea1a425c431..ac97a1e2e5ddc 100644 |
| 348 | --- a/drivers/block/floppy.c |
| 349 | +++ b/drivers/block/floppy.c |
| 350 | @@ -4063,22 +4063,21 @@ static int floppy_open(struct block_device *bdev, fmode_t mode) |
| 351 | if (UFDCS->rawcmd == 1) |
| 352 | UFDCS->rawcmd = 2; |
| 353 | |
| 354 | - if (mode & (FMODE_READ|FMODE_WRITE)) { |
| 355 | - UDRS->last_checked = 0; |
| 356 | - clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); |
| 357 | - check_disk_change(bdev); |
| 358 | - if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) |
| 359 | - goto out; |
| 360 | - if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) |
| 361 | + if (!(mode & FMODE_NDELAY)) { |
| 362 | + if (mode & (FMODE_READ|FMODE_WRITE)) { |
| 363 | + UDRS->last_checked = 0; |
| 364 | + clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); |
| 365 | + check_disk_change(bdev); |
| 366 | + if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) |
| 367 | + goto out; |
| 368 | + if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) |
| 369 | + goto out; |
| 370 | + } |
| 371 | + res = -EROFS; |
| 372 | + if ((mode & FMODE_WRITE) && |
| 373 | + !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) |
| 374 | goto out; |
| 375 | } |
| 376 | - |
| 377 | - res = -EROFS; |
| 378 | - |
| 379 | - if ((mode & FMODE_WRITE) && |
| 380 | - !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) |
| 381 | - goto out; |
| 382 | - |
| 383 | mutex_unlock(&open_lock); |
| 384 | mutex_unlock(&floppy_mutex); |
| 385 | return 0; |
| 386 | diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c |
| 387 | index 2cf053fb8d54b..1c691bdb89141 100644 |
| 388 | --- a/drivers/gpu/drm/drm_ioc32.c |
| 389 | +++ b/drivers/gpu/drm/drm_ioc32.c |
| 390 | @@ -863,8 +863,6 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd, |
| 391 | req.request.sequence = req32.request.sequence; |
| 392 | req.request.signal = req32.request.signal; |
| 393 | err = drm_ioctl_kernel(file, drm_wait_vblank_ioctl, &req, DRM_UNLOCKED); |
| 394 | - if (err) |
| 395 | - return err; |
| 396 | |
| 397 | req32.reply.type = req.reply.type; |
| 398 | req32.reply.sequence = req.reply.sequence; |
| 399 | @@ -873,7 +871,7 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd, |
| 400 | if (copy_to_user(argp, &req32, sizeof(req32))) |
| 401 | return -EFAULT; |
| 402 | |
| 403 | - return 0; |
| 404 | + return err; |
| 405 | } |
| 406 | |
| 407 | #if defined(CONFIG_X86) |
| 408 | diff --git a/drivers/gpu/drm/i915/gt/intel_timeline.c b/drivers/gpu/drm/i915/gt/intel_timeline.c |
| 409 | index 9cb01d9828f1d..c970e3deb0085 100644 |
| 410 | --- a/drivers/gpu/drm/i915/gt/intel_timeline.c |
| 411 | +++ b/drivers/gpu/drm/i915/gt/intel_timeline.c |
| 412 | @@ -289,6 +289,14 @@ void intel_timeline_fini(struct intel_timeline *timeline) |
| 413 | i915_gem_object_unpin_map(timeline->hwsp_ggtt->obj); |
| 414 | |
| 415 | i915_vma_put(timeline->hwsp_ggtt); |
| 416 | + |
| 417 | + /* |
| 418 | + * A small race exists between intel_gt_retire_requests_timeout and |
| 419 | + * intel_timeline_exit which could result in the syncmap not getting |
| 420 | + * free'd. Rather than work to hard to seal this race, simply cleanup |
| 421 | + * the syncmap on fini. |
| 422 | + */ |
| 423 | + i915_syncmap_free(&timeline->sync); |
| 424 | } |
| 425 | |
| 426 | struct intel_timeline * |
| 427 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c |
| 428 | index 818d21bd28d31..1d2837c5a8f29 100644 |
| 429 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c |
| 430 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.c |
| 431 | @@ -419,7 +419,7 @@ nvkm_dp_train(struct nvkm_dp *dp, u32 dataKBps) |
| 432 | return ret; |
| 433 | } |
| 434 | |
| 435 | -static void |
| 436 | +void |
| 437 | nvkm_dp_disable(struct nvkm_outp *outp, struct nvkm_ior *ior) |
| 438 | { |
| 439 | struct nvkm_dp *dp = nvkm_dp(outp); |
| 440 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.h b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.h |
| 441 | index 428b3f488f033..e484d0c3b0d42 100644 |
| 442 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.h |
| 443 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/dp.h |
| 444 | @@ -32,6 +32,7 @@ struct nvkm_dp { |
| 445 | |
| 446 | int nvkm_dp_new(struct nvkm_disp *, int index, struct dcb_output *, |
| 447 | struct nvkm_outp **); |
| 448 | +void nvkm_dp_disable(struct nvkm_outp *, struct nvkm_ior *); |
| 449 | |
| 450 | /* DPCD Receiver Capabilities */ |
| 451 | #define DPCD_RC00_DPCD_REV 0x00000 |
| 452 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c |
| 453 | index c62030c96fba0..4b1c72fd8f039 100644 |
| 454 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c |
| 455 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/outp.c |
| 456 | @@ -22,6 +22,7 @@ |
| 457 | * Authors: Ben Skeggs |
| 458 | */ |
| 459 | #include "outp.h" |
| 460 | +#include "dp.h" |
| 461 | #include "ior.h" |
| 462 | |
| 463 | #include <subdev/bios.h> |
| 464 | @@ -216,6 +217,14 @@ nvkm_outp_init_route(struct nvkm_outp *outp) |
| 465 | if (!ior->arm.head || ior->arm.proto != proto) { |
| 466 | OUTP_DBG(outp, "no heads (%x %d %d)", ior->arm.head, |
| 467 | ior->arm.proto, proto); |
| 468 | + |
| 469 | + /* The EFI GOP driver on Ampere can leave unused DP links routed, |
| 470 | + * which we don't expect. The DisableLT IED script *should* get |
| 471 | + * us back to where we need to be. |
| 472 | + */ |
| 473 | + if (ior->func->route.get && !ior->arm.head && outp->info.type == DCB_OUTPUT_DP) |
| 474 | + nvkm_dp_disable(outp, ior); |
| 475 | + |
| 476 | return; |
| 477 | } |
| 478 | |
| 479 | diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c |
| 480 | index 58c021648b7c8..a96f9142fe08e 100644 |
| 481 | --- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c |
| 482 | +++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c |
| 483 | @@ -1404,6 +1404,7 @@ int bnxt_re_create_srq(struct ib_srq *ib_srq, |
| 484 | if (nq) |
| 485 | nq->budget++; |
| 486 | atomic_inc(&rdev->srq_count); |
| 487 | + spin_lock_init(&srq->lock); |
| 488 | |
| 489 | return 0; |
| 490 | |
| 491 | diff --git a/drivers/infiniband/hw/efa/efa_main.c b/drivers/infiniband/hw/efa/efa_main.c |
| 492 | index 83858f7e83d0f..75dfe9d1564c1 100644 |
| 493 | --- a/drivers/infiniband/hw/efa/efa_main.c |
| 494 | +++ b/drivers/infiniband/hw/efa/efa_main.c |
| 495 | @@ -340,6 +340,7 @@ static int efa_enable_msix(struct efa_dev *dev) |
| 496 | } |
| 497 | |
| 498 | if (irq_num != msix_vecs) { |
| 499 | + efa_disable_msix(dev); |
| 500 | dev_err(&dev->pdev->dev, |
| 501 | "Allocated %d MSI-X (out of %d requested)\n", |
| 502 | irq_num, msix_vecs); |
| 503 | diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c |
| 504 | index c61b6022575e1..248be21acdbed 100644 |
| 505 | --- a/drivers/infiniband/hw/hfi1/sdma.c |
| 506 | +++ b/drivers/infiniband/hw/hfi1/sdma.c |
| 507 | @@ -3056,6 +3056,7 @@ static void __sdma_process_event(struct sdma_engine *sde, |
| 508 | static int _extend_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx) |
| 509 | { |
| 510 | int i; |
| 511 | + struct sdma_desc *descp; |
| 512 | |
| 513 | /* Handle last descriptor */ |
| 514 | if (unlikely((tx->num_desc == (MAX_DESC - 1)))) { |
| 515 | @@ -3076,12 +3077,10 @@ static int _extend_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx) |
| 516 | if (unlikely(tx->num_desc == MAX_DESC)) |
| 517 | goto enomem; |
| 518 | |
| 519 | - tx->descp = kmalloc_array( |
| 520 | - MAX_DESC, |
| 521 | - sizeof(struct sdma_desc), |
| 522 | - GFP_ATOMIC); |
| 523 | - if (!tx->descp) |
| 524 | + descp = kmalloc_array(MAX_DESC, sizeof(struct sdma_desc), GFP_ATOMIC); |
| 525 | + if (!descp) |
| 526 | goto enomem; |
| 527 | + tx->descp = descp; |
| 528 | |
| 529 | /* reserve last descriptor for coalescing */ |
| 530 | tx->desc_limit = MAX_DESC - 1; |
| 531 | diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c |
| 532 | index 8bed81cf03adc..8ab963055238a 100644 |
| 533 | --- a/drivers/mmc/host/sdhci-msm.c |
| 534 | +++ b/drivers/mmc/host/sdhci-msm.c |
| 535 | @@ -1589,6 +1589,23 @@ out: |
| 536 | __sdhci_msm_set_clock(host, clock); |
| 537 | } |
| 538 | |
| 539 | +static void sdhci_msm_set_timeout(struct sdhci_host *host, struct mmc_command *cmd) |
| 540 | +{ |
| 541 | + u32 count, start = 15; |
| 542 | + |
| 543 | + __sdhci_set_timeout(host, cmd); |
| 544 | + count = sdhci_readb(host, SDHCI_TIMEOUT_CONTROL); |
| 545 | + /* |
| 546 | + * Update software timeout value if its value is less than hardware data |
| 547 | + * timeout value. Qcom SoC hardware data timeout value was calculated |
| 548 | + * using 4 * MCLK * 2^(count + 13). where MCLK = 1 / host->clock. |
| 549 | + */ |
| 550 | + if (cmd && cmd->data && host->clock > 400000 && |
| 551 | + host->clock <= 50000000 && |
| 552 | + ((1 << (count + start)) > (10 * host->clock))) |
| 553 | + host->data_timeout = 22LL * NSEC_PER_SEC; |
| 554 | +} |
| 555 | + |
| 556 | /* |
| 557 | * Platform specific register write functions. This is so that, if any |
| 558 | * register write needs to be followed up by platform specific actions, |
| 559 | @@ -1753,6 +1770,7 @@ static const struct sdhci_ops sdhci_msm_ops = { |
| 560 | .set_uhs_signaling = sdhci_msm_set_uhs_signaling, |
| 561 | .write_w = sdhci_msm_writew, |
| 562 | .write_b = sdhci_msm_writeb, |
| 563 | + .set_timeout = sdhci_msm_set_timeout, |
| 564 | }; |
| 565 | |
| 566 | static const struct sdhci_pltfm_data sdhci_msm_pdata = { |
| 567 | diff --git a/drivers/net/can/usb/esd_usb2.c b/drivers/net/can/usb/esd_usb2.c |
| 568 | index 485e20e0dec2c..8847942a8d97e 100644 |
| 569 | --- a/drivers/net/can/usb/esd_usb2.c |
| 570 | +++ b/drivers/net/can/usb/esd_usb2.c |
| 571 | @@ -224,8 +224,8 @@ static void esd_usb2_rx_event(struct esd_usb2_net_priv *priv, |
| 572 | if (id == ESD_EV_CAN_ERROR_EXT) { |
| 573 | u8 state = msg->msg.rx.data[0]; |
| 574 | u8 ecc = msg->msg.rx.data[1]; |
| 575 | - u8 txerr = msg->msg.rx.data[2]; |
| 576 | - u8 rxerr = msg->msg.rx.data[3]; |
| 577 | + u8 rxerr = msg->msg.rx.data[2]; |
| 578 | + u8 txerr = msg->msg.rx.data[3]; |
| 579 | |
| 580 | skb = alloc_can_err_skb(priv->netdev, &cf); |
| 581 | if (skb == NULL) { |
| 582 | diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c |
| 583 | index e1a3c33fdad90..2d8382eb9add3 100644 |
| 584 | --- a/drivers/net/dsa/mt7530.c |
| 585 | +++ b/drivers/net/dsa/mt7530.c |
| 586 | @@ -842,11 +842,8 @@ mt7530_port_bridge_leave(struct dsa_switch *ds, int port, |
| 587 | /* Remove this port from the port matrix of the other ports |
| 588 | * in the same bridge. If the port is disabled, port matrix |
| 589 | * is kept and not being setup until the port becomes enabled. |
| 590 | - * And the other port's port matrix cannot be broken when the |
| 591 | - * other port is still a VLAN-aware port. |
| 592 | */ |
| 593 | - if (dsa_is_user_port(ds, i) && i != port && |
| 594 | - !dsa_port_is_vlan_filtering(&ds->ports[i])) { |
| 595 | + if (dsa_is_user_port(ds, i) && i != port) { |
| 596 | if (dsa_to_port(ds, i)->bridge_dev != bridge) |
| 597 | continue; |
| 598 | if (priv->ports[i].enable) |
| 599 | diff --git a/drivers/net/ethernet/apm/xgene-v2/main.c b/drivers/net/ethernet/apm/xgene-v2/main.c |
| 600 | index 02b4f3af02b54..848be6bf2fd1f 100644 |
| 601 | --- a/drivers/net/ethernet/apm/xgene-v2/main.c |
| 602 | +++ b/drivers/net/ethernet/apm/xgene-v2/main.c |
| 603 | @@ -677,11 +677,13 @@ static int xge_probe(struct platform_device *pdev) |
| 604 | ret = register_netdev(ndev); |
| 605 | if (ret) { |
| 606 | netdev_err(ndev, "Failed to register netdev\n"); |
| 607 | - goto err; |
| 608 | + goto err_mdio_remove; |
| 609 | } |
| 610 | |
| 611 | return 0; |
| 612 | |
| 613 | +err_mdio_remove: |
| 614 | + xge_mdio_remove(ndev); |
| 615 | err: |
| 616 | free_netdev(ndev); |
| 617 | |
| 618 | diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h |
| 619 | index e34e0854635c3..d64cded30eeb4 100644 |
| 620 | --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h |
| 621 | +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h |
| 622 | @@ -257,6 +257,9 @@ enum hclge_opcode_type { |
| 623 | /* Led command */ |
| 624 | HCLGE_OPC_LED_STATUS_CFG = 0xB000, |
| 625 | |
| 626 | + /* clear hardware resource command */ |
| 627 | + HCLGE_OPC_CLEAR_HW_RESOURCE = 0x700B, |
| 628 | + |
| 629 | /* NCL config command */ |
| 630 | HCLGE_OPC_QUERY_NCL_CONFIG = 0x7011, |
| 631 | /* M7 stats command */ |
| 632 | diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c |
| 633 | index a1790af73096d..d16488bab86f5 100644 |
| 634 | --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c |
| 635 | +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_dcb.c |
| 636 | @@ -281,21 +281,12 @@ static int hclge_ieee_getpfc(struct hnae3_handle *h, struct ieee_pfc *pfc) |
| 637 | u64 requests[HNAE3_MAX_TC], indications[HNAE3_MAX_TC]; |
| 638 | struct hclge_vport *vport = hclge_get_vport(h); |
| 639 | struct hclge_dev *hdev = vport->back; |
| 640 | - u8 i, j, pfc_map, *prio_tc; |
| 641 | int ret; |
| 642 | + u8 i; |
| 643 | |
| 644 | memset(pfc, 0, sizeof(*pfc)); |
| 645 | pfc->pfc_cap = hdev->pfc_max; |
| 646 | - prio_tc = hdev->tm_info.prio_tc; |
| 647 | - pfc_map = hdev->tm_info.hw_pfc_map; |
| 648 | - |
| 649 | - /* Pfc setting is based on TC */ |
| 650 | - for (i = 0; i < hdev->tm_info.num_tc; i++) { |
| 651 | - for (j = 0; j < HNAE3_MAX_USER_PRIO; j++) { |
| 652 | - if ((prio_tc[j] == i) && (pfc_map & BIT(i))) |
| 653 | - pfc->pfc_en |= BIT(j); |
| 654 | - } |
| 655 | - } |
| 656 | + pfc->pfc_en = hdev->tm_info.pfc_en; |
| 657 | |
| 658 | ret = hclge_pfc_tx_stats_get(hdev, requests); |
| 659 | if (ret) |
| 660 | diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c |
| 661 | index 93f3865b679bf..aa402e2671212 100644 |
| 662 | --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c |
| 663 | +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c |
| 664 | @@ -8006,7 +8006,11 @@ static int hclge_init_vlan_config(struct hclge_dev *hdev) |
| 665 | static void hclge_add_vport_vlan_table(struct hclge_vport *vport, u16 vlan_id, |
| 666 | bool writen_to_tbl) |
| 667 | { |
| 668 | - struct hclge_vport_vlan_cfg *vlan; |
| 669 | + struct hclge_vport_vlan_cfg *vlan, *tmp; |
| 670 | + |
| 671 | + list_for_each_entry_safe(vlan, tmp, &vport->vlan_list, node) |
| 672 | + if (vlan->vlan_id == vlan_id) |
| 673 | + return; |
| 674 | |
| 675 | vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); |
| 676 | if (!vlan) |
| 677 | @@ -9165,6 +9169,28 @@ static void hclge_clear_resetting_state(struct hclge_dev *hdev) |
| 678 | } |
| 679 | } |
| 680 | |
| 681 | +static int hclge_clear_hw_resource(struct hclge_dev *hdev) |
| 682 | +{ |
| 683 | + struct hclge_desc desc; |
| 684 | + int ret; |
| 685 | + |
| 686 | + hclge_cmd_setup_basic_desc(&desc, HCLGE_OPC_CLEAR_HW_RESOURCE, false); |
| 687 | + |
| 688 | + ret = hclge_cmd_send(&hdev->hw, &desc, 1); |
| 689 | + /* This new command is only supported by new firmware, it will |
| 690 | + * fail with older firmware. Error value -EOPNOSUPP can only be |
| 691 | + * returned by older firmware running this command, to keep code |
| 692 | + * backward compatible we will override this value and return |
| 693 | + * success. |
| 694 | + */ |
| 695 | + if (ret && ret != -EOPNOTSUPP) { |
| 696 | + dev_err(&hdev->pdev->dev, |
| 697 | + "failed to clear hw resource, ret = %d\n", ret); |
| 698 | + return ret; |
| 699 | + } |
| 700 | + return 0; |
| 701 | +} |
| 702 | + |
| 703 | static int hclge_init_ae_dev(struct hnae3_ae_dev *ae_dev) |
| 704 | { |
| 705 | struct pci_dev *pdev = ae_dev->pdev; |
| 706 | @@ -9206,6 +9232,10 @@ static int hclge_init_ae_dev(struct hnae3_ae_dev *ae_dev) |
| 707 | if (ret) |
| 708 | goto err_cmd_uninit; |
| 709 | |
| 710 | + ret = hclge_clear_hw_resource(hdev); |
| 711 | + if (ret) |
| 712 | + goto err_cmd_uninit; |
| 713 | + |
| 714 | ret = hclge_get_cap(hdev); |
| 715 | if (ret) { |
| 716 | dev_err(&pdev->dev, "get hw capability error, ret = %d.\n", |
| 717 | diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c |
| 718 | index a1fab77b2096a..58ff747a42ae6 100644 |
| 719 | --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c |
| 720 | +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c |
| 721 | @@ -995,6 +995,8 @@ static s32 e1000_platform_pm_pch_lpt(struct e1000_hw *hw, bool link) |
| 722 | { |
| 723 | u32 reg = link << (E1000_LTRV_REQ_SHIFT + E1000_LTRV_NOSNOOP_SHIFT) | |
| 724 | link << E1000_LTRV_REQ_SHIFT | E1000_LTRV_SEND; |
| 725 | + u16 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ |
| 726 | + u16 lat_enc_d = 0; /* latency decoded */ |
| 727 | u16 lat_enc = 0; /* latency encoded */ |
| 728 | |
| 729 | if (link) { |
| 730 | @@ -1048,7 +1050,17 @@ static s32 e1000_platform_pm_pch_lpt(struct e1000_hw *hw, bool link) |
| 731 | E1000_PCI_LTR_CAP_LPT + 2, &max_nosnoop); |
| 732 | max_ltr_enc = max_t(u16, max_snoop, max_nosnoop); |
| 733 | |
| 734 | - if (lat_enc > max_ltr_enc) |
| 735 | + lat_enc_d = (lat_enc & E1000_LTRV_VALUE_MASK) * |
| 736 | + (1U << (E1000_LTRV_SCALE_FACTOR * |
| 737 | + ((lat_enc & E1000_LTRV_SCALE_MASK) |
| 738 | + >> E1000_LTRV_SCALE_SHIFT))); |
| 739 | + |
| 740 | + max_ltr_enc_d = (max_ltr_enc & E1000_LTRV_VALUE_MASK) * |
| 741 | + (1U << (E1000_LTRV_SCALE_FACTOR * |
| 742 | + ((max_ltr_enc & E1000_LTRV_SCALE_MASK) |
| 743 | + >> E1000_LTRV_SCALE_SHIFT))); |
| 744 | + |
| 745 | + if (lat_enc_d > max_ltr_enc_d) |
| 746 | lat_enc = max_ltr_enc; |
| 747 | } |
| 748 | |
| 749 | diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.h b/drivers/net/ethernet/intel/e1000e/ich8lan.h |
| 750 | index 1502895eb45dd..e757896287eba 100644 |
| 751 | --- a/drivers/net/ethernet/intel/e1000e/ich8lan.h |
| 752 | +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.h |
| 753 | @@ -274,8 +274,11 @@ |
| 754 | |
| 755 | /* Latency Tolerance Reporting */ |
| 756 | #define E1000_LTRV 0x000F8 |
| 757 | +#define E1000_LTRV_VALUE_MASK 0x000003FF |
| 758 | #define E1000_LTRV_SCALE_MAX 5 |
| 759 | #define E1000_LTRV_SCALE_FACTOR 5 |
| 760 | +#define E1000_LTRV_SCALE_SHIFT 10 |
| 761 | +#define E1000_LTRV_SCALE_MASK 0x00001C00 |
| 762 | #define E1000_LTRV_REQ_SHIFT 15 |
| 763 | #define E1000_LTRV_NOSNOOP_SHIFT 16 |
| 764 | #define E1000_LTRV_SEND (1 << 30) |
| 765 | diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c |
| 766 | index 7b0543056b101..64aa5510e61a6 100644 |
| 767 | --- a/drivers/net/ethernet/marvell/mvneta.c |
| 768 | +++ b/drivers/net/ethernet/marvell/mvneta.c |
| 769 | @@ -101,7 +101,7 @@ |
| 770 | #define MVNETA_DESC_SWAP BIT(6) |
| 771 | #define MVNETA_TX_BRST_SZ_MASK(burst) ((burst) << 22) |
| 772 | #define MVNETA_PORT_STATUS 0x2444 |
| 773 | -#define MVNETA_TX_IN_PRGRS BIT(1) |
| 774 | +#define MVNETA_TX_IN_PRGRS BIT(0) |
| 775 | #define MVNETA_TX_FIFO_EMPTY BIT(8) |
| 776 | #define MVNETA_RX_MIN_FRAME_SIZE 0x247c |
| 777 | /* Only exists on Armada XP and Armada 370 */ |
| 778 | diff --git a/drivers/net/ethernet/qlogic/qed/qed_ll2.c b/drivers/net/ethernet/qlogic/qed/qed_ll2.c |
| 779 | index 19a1a58d60f89..c449ecc0add23 100644 |
| 780 | --- a/drivers/net/ethernet/qlogic/qed/qed_ll2.c |
| 781 | +++ b/drivers/net/ethernet/qlogic/qed/qed_ll2.c |
| 782 | @@ -353,6 +353,9 @@ static int qed_ll2_txq_completion(struct qed_hwfn *p_hwfn, void *p_cookie) |
| 783 | unsigned long flags; |
| 784 | int rc = -EINVAL; |
| 785 | |
| 786 | + if (!p_ll2_conn) |
| 787 | + return rc; |
| 788 | + |
| 789 | spin_lock_irqsave(&p_tx->lock, flags); |
| 790 | if (p_tx->b_completing_packet) { |
| 791 | rc = -EBUSY; |
| 792 | @@ -526,7 +529,16 @@ static int qed_ll2_rxq_completion(struct qed_hwfn *p_hwfn, void *cookie) |
| 793 | unsigned long flags = 0; |
| 794 | int rc = 0; |
| 795 | |
| 796 | + if (!p_ll2_conn) |
| 797 | + return rc; |
| 798 | + |
| 799 | spin_lock_irqsave(&p_rx->lock, flags); |
| 800 | + |
| 801 | + if (!QED_LL2_RX_REGISTERED(p_ll2_conn)) { |
| 802 | + spin_unlock_irqrestore(&p_rx->lock, flags); |
| 803 | + return 0; |
| 804 | + } |
| 805 | + |
| 806 | cq_new_idx = le16_to_cpu(*p_rx->p_fw_cons); |
| 807 | cq_old_idx = qed_chain_get_cons_idx(&p_rx->rcq_chain); |
| 808 | |
| 809 | @@ -847,6 +859,9 @@ static int qed_ll2_lb_rxq_completion(struct qed_hwfn *p_hwfn, void *p_cookie) |
| 810 | struct qed_ll2_info *p_ll2_conn = (struct qed_ll2_info *)p_cookie; |
| 811 | int rc; |
| 812 | |
| 813 | + if (!p_ll2_conn) |
| 814 | + return 0; |
| 815 | + |
| 816 | if (!QED_LL2_RX_REGISTERED(p_ll2_conn)) |
| 817 | return 0; |
| 818 | |
| 819 | @@ -870,6 +885,9 @@ static int qed_ll2_lb_txq_completion(struct qed_hwfn *p_hwfn, void *p_cookie) |
| 820 | u16 new_idx = 0, num_bds = 0; |
| 821 | int rc; |
| 822 | |
| 823 | + if (!p_ll2_conn) |
| 824 | + return 0; |
| 825 | + |
| 826 | if (!QED_LL2_TX_REGISTERED(p_ll2_conn)) |
| 827 | return 0; |
| 828 | |
| 829 | @@ -1642,6 +1660,8 @@ int qed_ll2_post_rx_buffer(void *cxt, |
| 830 | if (!p_ll2_conn) |
| 831 | return -EINVAL; |
| 832 | p_rx = &p_ll2_conn->rx_queue; |
| 833 | + if (!p_rx->set_prod_addr) |
| 834 | + return -EIO; |
| 835 | |
| 836 | spin_lock_irqsave(&p_rx->lock, flags); |
| 837 | if (!list_empty(&p_rx->free_descq)) |
| 838 | diff --git a/drivers/net/ethernet/qlogic/qed/qed_rdma.c b/drivers/net/ethernet/qlogic/qed/qed_rdma.c |
| 839 | index 38b1f402f7ed2..b291971bcf926 100644 |
| 840 | --- a/drivers/net/ethernet/qlogic/qed/qed_rdma.c |
| 841 | +++ b/drivers/net/ethernet/qlogic/qed/qed_rdma.c |
| 842 | @@ -1245,8 +1245,7 @@ qed_rdma_create_qp(void *rdma_cxt, |
| 843 | |
| 844 | if (!rdma_cxt || !in_params || !out_params || |
| 845 | !p_hwfn->p_rdma_info->active) { |
| 846 | - DP_ERR(p_hwfn->cdev, |
| 847 | - "qed roce create qp failed due to NULL entry (rdma_cxt=%p, in=%p, out=%p, roce_info=?\n", |
| 848 | + pr_err("qed roce create qp failed due to NULL entry (rdma_cxt=%p, in=%p, out=%p, roce_info=?\n", |
| 849 | rdma_cxt, in_params, out_params); |
| 850 | return NULL; |
| 851 | } |
| 852 | diff --git a/drivers/opp/of.c b/drivers/opp/of.c |
| 853 | index 249738e1e0b7a..603c688fe23dc 100644 |
| 854 | --- a/drivers/opp/of.c |
| 855 | +++ b/drivers/opp/of.c |
| 856 | @@ -682,8 +682,9 @@ static int _of_add_opp_table_v2(struct device *dev, struct opp_table *opp_table) |
| 857 | } |
| 858 | } |
| 859 | |
| 860 | - /* There should be one of more OPP defined */ |
| 861 | - if (WARN_ON(!count)) { |
| 862 | + /* There should be one or more OPPs defined */ |
| 863 | + if (!count) { |
| 864 | + dev_err(dev, "%s: no supported OPPs", __func__); |
| 865 | ret = -ENOENT; |
| 866 | goto remove_static_opp; |
| 867 | } |
| 868 | diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c |
| 869 | index 11592ec7b23ea..6aeb79e744e0b 100644 |
| 870 | --- a/drivers/scsi/scsi_sysfs.c |
| 871 | +++ b/drivers/scsi/scsi_sysfs.c |
| 872 | @@ -788,12 +788,15 @@ store_state_field(struct device *dev, struct device_attribute *attr, |
| 873 | ret = scsi_device_set_state(sdev, state); |
| 874 | /* |
| 875 | * If the device state changes to SDEV_RUNNING, we need to |
| 876 | - * rescan the device to revalidate it, and run the queue to |
| 877 | - * avoid I/O hang. |
| 878 | + * run the queue to avoid I/O hang, and rescan the device |
| 879 | + * to revalidate it. Running the queue first is necessary |
| 880 | + * because another thread may be waiting inside |
| 881 | + * blk_mq_freeze_queue_wait() and because that call may be |
| 882 | + * waiting for pending I/O to finish. |
| 883 | */ |
| 884 | if (ret == 0 && state == SDEV_RUNNING) { |
| 885 | - scsi_rescan_device(dev); |
| 886 | blk_mq_run_hw_queues(sdev->request_queue, true); |
| 887 | + scsi_rescan_device(dev); |
| 888 | } |
| 889 | mutex_unlock(&sdev->state_mutex); |
| 890 | |
| 891 | diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c |
| 892 | index b5d2ad900ec09..167c72726c5a0 100644 |
| 893 | --- a/drivers/tty/vt/vt_ioctl.c |
| 894 | +++ b/drivers/tty/vt/vt_ioctl.c |
| 895 | @@ -484,16 +484,19 @@ int vt_ioctl(struct tty_struct *tty, |
| 896 | ret = -EINVAL; |
| 897 | goto out; |
| 898 | } |
| 899 | - /* FIXME: this needs the console lock extending */ |
| 900 | - if (vc->vc_mode == (unsigned char) arg) |
| 901 | + console_lock(); |
| 902 | + if (vc->vc_mode == (unsigned char) arg) { |
| 903 | + console_unlock(); |
| 904 | break; |
| 905 | + } |
| 906 | vc->vc_mode = (unsigned char) arg; |
| 907 | - if (console != fg_console) |
| 908 | + if (console != fg_console) { |
| 909 | + console_unlock(); |
| 910 | break; |
| 911 | + } |
| 912 | /* |
| 913 | * explicitly blank/unblank the screen if switching modes |
| 914 | */ |
| 915 | - console_lock(); |
| 916 | if (arg == KD_TEXT) |
| 917 | do_unblank_screen(1); |
| 918 | else |
| 919 | diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c |
| 920 | index 8a3752fcf7b46..39a9ad12cbbc8 100644 |
| 921 | --- a/drivers/usb/dwc3/gadget.c |
| 922 | +++ b/drivers/usb/dwc3/gadget.c |
| 923 | @@ -894,19 +894,19 @@ static struct dwc3_trb *dwc3_ep_prev_trb(struct dwc3_ep *dep, u8 index) |
| 924 | |
| 925 | static u32 dwc3_calc_trbs_left(struct dwc3_ep *dep) |
| 926 | { |
| 927 | - struct dwc3_trb *tmp; |
| 928 | u8 trbs_left; |
| 929 | |
| 930 | /* |
| 931 | - * If enqueue & dequeue are equal than it is either full or empty. |
| 932 | - * |
| 933 | - * One way to know for sure is if the TRB right before us has HWO bit |
| 934 | - * set or not. If it has, then we're definitely full and can't fit any |
| 935 | - * more transfers in our ring. |
| 936 | + * If the enqueue & dequeue are equal then the TRB ring is either full |
| 937 | + * or empty. It's considered full when there are DWC3_TRB_NUM-1 of TRBs |
| 938 | + * pending to be processed by the driver. |
| 939 | */ |
| 940 | if (dep->trb_enqueue == dep->trb_dequeue) { |
| 941 | - tmp = dwc3_ep_prev_trb(dep, dep->trb_enqueue); |
| 942 | - if (tmp->ctrl & DWC3_TRB_CTRL_HWO) |
| 943 | + /* |
| 944 | + * If there is any request remained in the started_list at |
| 945 | + * this point, that means there is no TRB available. |
| 946 | + */ |
| 947 | + if (!list_empty(&dep->started_list)) |
| 948 | return 0; |
| 949 | |
| 950 | return DWC3_TRB_NUM - 1; |
| 951 | @@ -2012,10 +2012,8 @@ static int dwc3_gadget_pullup(struct usb_gadget *g, int is_on) |
| 952 | |
| 953 | ret = wait_for_completion_timeout(&dwc->ep0_in_setup, |
| 954 | msecs_to_jiffies(DWC3_PULL_UP_TIMEOUT)); |
| 955 | - if (ret == 0) { |
| 956 | - dev_err(dwc->dev, "timed out waiting for SETUP phase\n"); |
| 957 | - return -ETIMEDOUT; |
| 958 | - } |
| 959 | + if (ret == 0) |
| 960 | + dev_warn(dwc->dev, "timed out waiting for SETUP phase\n"); |
| 961 | } |
| 962 | |
| 963 | /* |
| 964 | @@ -2217,6 +2215,7 @@ static int __dwc3_gadget_start(struct dwc3 *dwc) |
| 965 | /* begin to receive SETUP packets */ |
| 966 | dwc->ep0state = EP0_SETUP_PHASE; |
| 967 | dwc->link_state = DWC3_LINK_STATE_SS_DIS; |
| 968 | + dwc->delayed_status = false; |
| 969 | dwc3_ep0_out_start(dwc); |
| 970 | |
| 971 | dwc3_gadget_enable_irq(dwc); |
| 972 | diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c |
| 973 | index 223029fa84459..4e01ba0ab8ecb 100644 |
| 974 | --- a/drivers/usb/gadget/function/u_audio.c |
| 975 | +++ b/drivers/usb/gadget/function/u_audio.c |
| 976 | @@ -349,8 +349,6 @@ static inline void free_ep(struct uac_rtd_params *prm, struct usb_ep *ep) |
| 977 | if (!prm->ep_enabled) |
| 978 | return; |
| 979 | |
| 980 | - prm->ep_enabled = false; |
| 981 | - |
| 982 | audio_dev = uac->audio_dev; |
| 983 | params = &audio_dev->params; |
| 984 | |
| 985 | @@ -368,11 +366,12 @@ static inline void free_ep(struct uac_rtd_params *prm, struct usb_ep *ep) |
| 986 | } |
| 987 | } |
| 988 | |
| 989 | + prm->ep_enabled = false; |
| 990 | + |
| 991 | if (usb_ep_disable(ep)) |
| 992 | dev_err(uac->card->dev, "%s:%d Error!\n", __func__, __LINE__); |
| 993 | } |
| 994 | |
| 995 | - |
| 996 | int u_audio_start_capture(struct g_audio *audio_dev) |
| 997 | { |
| 998 | struct snd_uac_chip *uac = audio_dev->uac; |
| 999 | diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c |
| 1000 | index e9c39a41faae9..a82ba9cc0c724 100644 |
| 1001 | --- a/drivers/usb/serial/ch341.c |
| 1002 | +++ b/drivers/usb/serial/ch341.c |
| 1003 | @@ -678,7 +678,6 @@ static struct usb_serial_driver ch341_device = { |
| 1004 | .owner = THIS_MODULE, |
| 1005 | .name = "ch341-uart", |
| 1006 | }, |
| 1007 | - .bulk_in_size = 512, |
| 1008 | .id_table = id_table, |
| 1009 | .num_ports = 1, |
| 1010 | .open = ch341_open, |
| 1011 | diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
| 1012 | index 793530f241ceb..d42ca13569965 100644 |
| 1013 | --- a/drivers/usb/serial/option.c |
| 1014 | +++ b/drivers/usb/serial/option.c |
| 1015 | @@ -2074,6 +2074,8 @@ static const struct usb_device_id option_ids[] = { |
| 1016 | .driver_info = RSVD(4) | RSVD(5) }, |
| 1017 | { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0105, 0xff), /* Fibocom NL678 series */ |
| 1018 | .driver_info = RSVD(6) }, |
| 1019 | + { USB_DEVICE_AND_INTERFACE_INFO(0x2cb7, 0x010b, 0xff, 0xff, 0x30) }, /* Fibocom FG150 Diag */ |
| 1020 | + { USB_DEVICE_AND_INTERFACE_INFO(0x2cb7, 0x010b, 0xff, 0, 0) }, /* Fibocom FG150 AT */ |
| 1021 | { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a0, 0xff) }, /* Fibocom NL668-AM/NL652-EU (laptop MBIM) */ |
| 1022 | { USB_DEVICE_INTERFACE_CLASS(0x2df3, 0x9d03, 0xff) }, /* LongSung M5710 */ |
| 1023 | { USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1404, 0xff) }, /* GosunCn GM500 RNDIS */ |
| 1024 | diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c |
| 1025 | index 026a37ee41777..4653de001e261 100644 |
| 1026 | --- a/drivers/vhost/vringh.c |
| 1027 | +++ b/drivers/vhost/vringh.c |
| 1028 | @@ -331,7 +331,7 @@ __vringh_iov(struct vringh *vrh, u16 i, |
| 1029 | iov = wiov; |
| 1030 | else { |
| 1031 | iov = riov; |
| 1032 | - if (unlikely(wiov && wiov->i)) { |
| 1033 | + if (unlikely(wiov && wiov->used)) { |
| 1034 | vringh_bad("Readable desc %p after writable", |
| 1035 | &descs[i]); |
| 1036 | err = -EINVAL; |
| 1037 | diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c |
| 1038 | index 222d630c41fc9..b35bb2d57f62c 100644 |
| 1039 | --- a/drivers/virtio/virtio_pci_common.c |
| 1040 | +++ b/drivers/virtio/virtio_pci_common.c |
| 1041 | @@ -576,6 +576,13 @@ static void virtio_pci_remove(struct pci_dev *pci_dev) |
| 1042 | struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev); |
| 1043 | struct device *dev = get_device(&vp_dev->vdev.dev); |
| 1044 | |
| 1045 | + /* |
| 1046 | + * Device is marked broken on surprise removal so that virtio upper |
| 1047 | + * layers can abort any ongoing operation. |
| 1048 | + */ |
| 1049 | + if (!pci_device_is_present(pci_dev)) |
| 1050 | + virtio_break_device(&vp_dev->vdev); |
| 1051 | + |
| 1052 | pci_disable_sriov(pci_dev); |
| 1053 | |
| 1054 | unregister_virtio_device(&vp_dev->vdev); |
| 1055 | diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c |
| 1056 | index f6011c9ed32f1..e442d400dbb2e 100644 |
| 1057 | --- a/drivers/virtio/virtio_ring.c |
| 1058 | +++ b/drivers/virtio/virtio_ring.c |
| 1059 | @@ -2268,7 +2268,7 @@ bool virtqueue_is_broken(struct virtqueue *_vq) |
| 1060 | { |
| 1061 | struct vring_virtqueue *vq = to_vvq(_vq); |
| 1062 | |
| 1063 | - return vq->broken; |
| 1064 | + return READ_ONCE(vq->broken); |
| 1065 | } |
| 1066 | EXPORT_SYMBOL_GPL(virtqueue_is_broken); |
| 1067 | |
| 1068 | @@ -2283,7 +2283,9 @@ void virtio_break_device(struct virtio_device *dev) |
| 1069 | spin_lock(&dev->vqs_list_lock); |
| 1070 | list_for_each_entry(_vq, &dev->vqs, list) { |
| 1071 | struct vring_virtqueue *vq = to_vvq(_vq); |
| 1072 | - vq->broken = true; |
| 1073 | + |
| 1074 | + /* Pairs with READ_ONCE() in virtqueue_is_broken(). */ |
| 1075 | + WRITE_ONCE(vq->broken, true); |
| 1076 | } |
| 1077 | spin_unlock(&dev->vqs_list_lock); |
| 1078 | } |
| 1079 | diff --git a/fs/btrfs/btrfs_inode.h b/fs/btrfs/btrfs_inode.h |
| 1080 | index f853835c409c1..f3ff57b931580 100644 |
| 1081 | --- a/fs/btrfs/btrfs_inode.h |
| 1082 | +++ b/fs/btrfs/btrfs_inode.h |
| 1083 | @@ -268,6 +268,21 @@ static inline void btrfs_mod_outstanding_extents(struct btrfs_inode *inode, |
| 1084 | mod); |
| 1085 | } |
| 1086 | |
| 1087 | +/* |
| 1088 | + * Called every time after doing a buffered, direct IO or memory mapped write. |
| 1089 | + * |
| 1090 | + * This is to ensure that if we write to a file that was previously fsynced in |
| 1091 | + * the current transaction, then try to fsync it again in the same transaction, |
| 1092 | + * we will know that there were changes in the file and that it needs to be |
| 1093 | + * logged. |
| 1094 | + */ |
| 1095 | +static inline void btrfs_set_inode_last_sub_trans(struct btrfs_inode *inode) |
| 1096 | +{ |
| 1097 | + spin_lock(&inode->lock); |
| 1098 | + inode->last_sub_trans = inode->root->log_transid; |
| 1099 | + spin_unlock(&inode->lock); |
| 1100 | +} |
| 1101 | + |
| 1102 | static inline int btrfs_inode_in_log(struct btrfs_inode *inode, u64 generation) |
| 1103 | { |
| 1104 | int ret = 0; |
| 1105 | diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c |
| 1106 | index 400b0717b9d44..1279359ed172a 100644 |
| 1107 | --- a/fs/btrfs/file.c |
| 1108 | +++ b/fs/btrfs/file.c |
| 1109 | @@ -2004,14 +2004,8 @@ static ssize_t btrfs_file_write_iter(struct kiocb *iocb, |
| 1110 | |
| 1111 | inode_unlock(inode); |
| 1112 | |
| 1113 | - /* |
| 1114 | - * We also have to set last_sub_trans to the current log transid, |
| 1115 | - * otherwise subsequent syncs to a file that's been synced in this |
| 1116 | - * transaction will appear to have already occurred. |
| 1117 | - */ |
| 1118 | - spin_lock(&BTRFS_I(inode)->lock); |
| 1119 | - BTRFS_I(inode)->last_sub_trans = root->log_transid; |
| 1120 | - spin_unlock(&BTRFS_I(inode)->lock); |
| 1121 | + btrfs_set_inode_last_sub_trans(BTRFS_I(inode)); |
| 1122 | + |
| 1123 | if (num_written > 0) |
| 1124 | num_written = generic_write_sync(iocb, num_written); |
| 1125 | |
| 1126 | diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
| 1127 | index 54b607a3cc3f2..29552d4f6845b 100644 |
| 1128 | --- a/fs/btrfs/inode.c |
| 1129 | +++ b/fs/btrfs/inode.c |
| 1130 | @@ -9250,9 +9250,7 @@ again: |
| 1131 | set_page_dirty(page); |
| 1132 | SetPageUptodate(page); |
| 1133 | |
| 1134 | - BTRFS_I(inode)->last_trans = fs_info->generation; |
| 1135 | - BTRFS_I(inode)->last_sub_trans = BTRFS_I(inode)->root->log_transid; |
| 1136 | - BTRFS_I(inode)->last_log_commit = BTRFS_I(inode)->root->last_log_commit; |
| 1137 | + btrfs_set_inode_last_sub_trans(BTRFS_I(inode)); |
| 1138 | |
| 1139 | unlock_extent_cached(io_tree, page_start, page_end, &cached_state); |
| 1140 | |
| 1141 | diff --git a/fs/btrfs/transaction.h b/fs/btrfs/transaction.h |
| 1142 | index d8a7d460e436a..cbede328bda5b 100644 |
| 1143 | --- a/fs/btrfs/transaction.h |
| 1144 | +++ b/fs/btrfs/transaction.h |
| 1145 | @@ -160,7 +160,7 @@ static inline void btrfs_set_inode_last_trans(struct btrfs_trans_handle *trans, |
| 1146 | spin_lock(&BTRFS_I(inode)->lock); |
| 1147 | BTRFS_I(inode)->last_trans = trans->transaction->transid; |
| 1148 | BTRFS_I(inode)->last_sub_trans = BTRFS_I(inode)->root->log_transid; |
| 1149 | - BTRFS_I(inode)->last_log_commit = BTRFS_I(inode)->root->last_log_commit; |
| 1150 | + BTRFS_I(inode)->last_log_commit = BTRFS_I(inode)->last_sub_trans - 1; |
| 1151 | spin_unlock(&BTRFS_I(inode)->lock); |
| 1152 | } |
| 1153 | |
| 1154 | diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c |
| 1155 | index 3e3529c600cb7..e882c790292f9 100644 |
| 1156 | --- a/fs/btrfs/volumes.c |
| 1157 | +++ b/fs/btrfs/volumes.c |
| 1158 | @@ -2168,7 +2168,7 @@ int btrfs_rm_device(struct btrfs_fs_info *fs_info, const char *device_path, |
| 1159 | |
| 1160 | if (IS_ERR(device)) { |
| 1161 | if (PTR_ERR(device) == -ENOENT && |
| 1162 | - strcmp(device_path, "missing") == 0) |
| 1163 | + device_path && strcmp(device_path, "missing") == 0) |
| 1164 | ret = BTRFS_ERROR_DEV_MISSING_NOT_FOUND; |
| 1165 | else |
| 1166 | ret = PTR_ERR(device); |
| 1167 | diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c |
| 1168 | index 11dd8177770df..19574ef174709 100644 |
| 1169 | --- a/fs/overlayfs/export.c |
| 1170 | +++ b/fs/overlayfs/export.c |
| 1171 | @@ -395,6 +395,7 @@ static struct dentry *ovl_lookup_real_one(struct dentry *connected, |
| 1172 | */ |
| 1173 | take_dentry_name_snapshot(&name, real); |
| 1174 | this = lookup_one_len(name.name.name, connected, name.name.len); |
| 1175 | + release_dentry_name_snapshot(&name); |
| 1176 | err = PTR_ERR(this); |
| 1177 | if (IS_ERR(this)) { |
| 1178 | goto fail; |
| 1179 | @@ -409,7 +410,6 @@ static struct dentry *ovl_lookup_real_one(struct dentry *connected, |
| 1180 | } |
| 1181 | |
| 1182 | out: |
| 1183 | - release_dentry_name_snapshot(&name); |
| 1184 | dput(parent); |
| 1185 | inode_unlock(dir); |
| 1186 | return this; |
| 1187 | diff --git a/fs/proc/base.c b/fs/proc/base.c |
| 1188 | index 90d2f62a96723..5a187e9b72212 100644 |
| 1189 | --- a/fs/proc/base.c |
| 1190 | +++ b/fs/proc/base.c |
| 1191 | @@ -549,8 +549,17 @@ static int proc_oom_score(struct seq_file *m, struct pid_namespace *ns, |
| 1192 | { |
| 1193 | unsigned long totalpages = totalram_pages() + total_swap_pages; |
| 1194 | unsigned long points = 0; |
| 1195 | + long badness; |
| 1196 | + |
| 1197 | + badness = oom_badness(task, totalpages); |
| 1198 | + /* |
| 1199 | + * Special case OOM_SCORE_ADJ_MIN for all others scale the |
| 1200 | + * badness value into [0, 2000] range which we have been |
| 1201 | + * exporting for a long time so userspace might depend on it. |
| 1202 | + */ |
| 1203 | + if (badness != LONG_MIN) |
| 1204 | + points = (1000 + badness * 1000 / (long)totalpages) * 2 / 3; |
| 1205 | |
| 1206 | - points = oom_badness(task, totalpages) * 1000 / totalpages; |
| 1207 | seq_printf(m, "%lu\n", points); |
| 1208 | |
| 1209 | return 0; |
| 1210 | diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h |
| 1211 | index 11a52f2fa35de..ddc66ab8a1def 100644 |
| 1212 | --- a/include/linux/netdevice.h |
| 1213 | +++ b/include/linux/netdevice.h |
| 1214 | @@ -3684,6 +3684,10 @@ int netdev_rx_handler_register(struct net_device *dev, |
| 1215 | void netdev_rx_handler_unregister(struct net_device *dev); |
| 1216 | |
| 1217 | bool dev_valid_name(const char *name); |
| 1218 | +static inline bool is_socket_ioctl_cmd(unsigned int cmd) |
| 1219 | +{ |
| 1220 | + return _IOC_TYPE(cmd) == SOCK_IOC_TYPE; |
| 1221 | +} |
| 1222 | int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, |
| 1223 | bool *need_copyout); |
| 1224 | int dev_ifconf(struct net *net, struct ifconf *, int); |
| 1225 | diff --git a/include/linux/once.h b/include/linux/once.h |
| 1226 | index 9225ee6d96c75..ae6f4eb41cbe7 100644 |
| 1227 | --- a/include/linux/once.h |
| 1228 | +++ b/include/linux/once.h |
| 1229 | @@ -7,7 +7,7 @@ |
| 1230 | |
| 1231 | bool __do_once_start(bool *done, unsigned long *flags); |
| 1232 | void __do_once_done(bool *done, struct static_key_true *once_key, |
| 1233 | - unsigned long *flags); |
| 1234 | + unsigned long *flags, struct module *mod); |
| 1235 | |
| 1236 | /* Call a function exactly once. The idea of DO_ONCE() is to perform |
| 1237 | * a function call such as initialization of random seeds, etc, only |
| 1238 | @@ -46,7 +46,7 @@ void __do_once_done(bool *done, struct static_key_true *once_key, |
| 1239 | if (unlikely(___ret)) { \ |
| 1240 | func(__VA_ARGS__); \ |
| 1241 | __do_once_done(&___done, &___once_key, \ |
| 1242 | - &___flags); \ |
| 1243 | + &___flags, THIS_MODULE); \ |
| 1244 | } \ |
| 1245 | } \ |
| 1246 | ___ret; \ |
| 1247 | diff --git a/include/linux/oom.h b/include/linux/oom.h |
| 1248 | index b9df34326772c..2db9a14325112 100644 |
| 1249 | --- a/include/linux/oom.h |
| 1250 | +++ b/include/linux/oom.h |
| 1251 | @@ -48,7 +48,7 @@ struct oom_control { |
| 1252 | /* Used by oom implementation, do not set */ |
| 1253 | unsigned long totalpages; |
| 1254 | struct task_struct *chosen; |
| 1255 | - unsigned long chosen_points; |
| 1256 | + long chosen_points; |
| 1257 | |
| 1258 | /* Used to print the constraint info. */ |
| 1259 | enum oom_constraint constraint; |
| 1260 | @@ -108,7 +108,7 @@ static inline vm_fault_t check_stable_address_space(struct mm_struct *mm) |
| 1261 | |
| 1262 | bool __oom_reap_task_mm(struct mm_struct *mm); |
| 1263 | |
| 1264 | -extern unsigned long oom_badness(struct task_struct *p, |
| 1265 | +long oom_badness(struct task_struct *p, |
| 1266 | unsigned long totalpages); |
| 1267 | |
| 1268 | extern bool out_of_memory(struct oom_control *oc); |
| 1269 | diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c |
| 1270 | index e49c912f862d0..9dec6314cd28a 100644 |
| 1271 | --- a/kernel/audit_tree.c |
| 1272 | +++ b/kernel/audit_tree.c |
| 1273 | @@ -595,7 +595,6 @@ static void prune_tree_chunks(struct audit_tree *victim, bool tagged) |
| 1274 | spin_lock(&hash_lock); |
| 1275 | } |
| 1276 | spin_unlock(&hash_lock); |
| 1277 | - put_tree(victim); |
| 1278 | } |
| 1279 | |
| 1280 | /* |
| 1281 | @@ -604,6 +603,7 @@ static void prune_tree_chunks(struct audit_tree *victim, bool tagged) |
| 1282 | static void prune_one(struct audit_tree *victim) |
| 1283 | { |
| 1284 | prune_tree_chunks(victim, false); |
| 1285 | + put_tree(victim); |
| 1286 | } |
| 1287 | |
| 1288 | /* trim the uncommitted chunks from tree */ |
| 1289 | diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c |
| 1290 | index 0b5a446ee59c9..4deaf15b7618b 100644 |
| 1291 | --- a/kernel/bpf/verifier.c |
| 1292 | +++ b/kernel/bpf/verifier.c |
| 1293 | @@ -2778,6 +2778,41 @@ static void coerce_reg_to_size(struct bpf_reg_state *reg, int size) |
| 1294 | reg->smax_value = reg->umax_value; |
| 1295 | } |
| 1296 | |
| 1297 | +static bool bpf_map_is_rdonly(const struct bpf_map *map) |
| 1298 | +{ |
| 1299 | + return (map->map_flags & BPF_F_RDONLY_PROG) && map->frozen; |
| 1300 | +} |
| 1301 | + |
| 1302 | +static int bpf_map_direct_read(struct bpf_map *map, int off, int size, u64 *val) |
| 1303 | +{ |
| 1304 | + void *ptr; |
| 1305 | + u64 addr; |
| 1306 | + int err; |
| 1307 | + |
| 1308 | + err = map->ops->map_direct_value_addr(map, &addr, off); |
| 1309 | + if (err) |
| 1310 | + return err; |
| 1311 | + ptr = (void *)(long)addr + off; |
| 1312 | + |
| 1313 | + switch (size) { |
| 1314 | + case sizeof(u8): |
| 1315 | + *val = (u64)*(u8 *)ptr; |
| 1316 | + break; |
| 1317 | + case sizeof(u16): |
| 1318 | + *val = (u64)*(u16 *)ptr; |
| 1319 | + break; |
| 1320 | + case sizeof(u32): |
| 1321 | + *val = (u64)*(u32 *)ptr; |
| 1322 | + break; |
| 1323 | + case sizeof(u64): |
| 1324 | + *val = *(u64 *)ptr; |
| 1325 | + break; |
| 1326 | + default: |
| 1327 | + return -EINVAL; |
| 1328 | + } |
| 1329 | + return 0; |
| 1330 | +} |
| 1331 | + |
| 1332 | /* check whether memory at (regno + off) is accessible for t = (read | write) |
| 1333 | * if t==write, value_regno is a register which value is stored into memory |
| 1334 | * if t==read, value_regno is a register which will receive the value from memory |
| 1335 | @@ -2815,9 +2850,27 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn |
| 1336 | if (err) |
| 1337 | return err; |
| 1338 | err = check_map_access(env, regno, off, size, false); |
| 1339 | - if (!err && t == BPF_READ && value_regno >= 0) |
| 1340 | - mark_reg_unknown(env, regs, value_regno); |
| 1341 | + if (!err && t == BPF_READ && value_regno >= 0) { |
| 1342 | + struct bpf_map *map = reg->map_ptr; |
| 1343 | + |
| 1344 | + /* if map is read-only, track its contents as scalars */ |
| 1345 | + if (tnum_is_const(reg->var_off) && |
| 1346 | + bpf_map_is_rdonly(map) && |
| 1347 | + map->ops->map_direct_value_addr) { |
| 1348 | + int map_off = off + reg->var_off.value; |
| 1349 | + u64 val = 0; |
| 1350 | |
| 1351 | + err = bpf_map_direct_read(map, map_off, size, |
| 1352 | + &val); |
| 1353 | + if (err) |
| 1354 | + return err; |
| 1355 | + |
| 1356 | + regs[value_regno].type = SCALAR_VALUE; |
| 1357 | + __mark_reg_known(®s[value_regno], val); |
| 1358 | + } else { |
| 1359 | + mark_reg_unknown(env, regs, value_regno); |
| 1360 | + } |
| 1361 | + } |
| 1362 | } else if (reg->type == PTR_TO_CTX) { |
| 1363 | enum bpf_reg_type reg_type = SCALAR_VALUE; |
| 1364 | |
| 1365 | diff --git a/lib/once.c b/lib/once.c |
| 1366 | index 8b7d6235217ee..59149bf3bfb4a 100644 |
| 1367 | --- a/lib/once.c |
| 1368 | +++ b/lib/once.c |
| 1369 | @@ -3,10 +3,12 @@ |
| 1370 | #include <linux/spinlock.h> |
| 1371 | #include <linux/once.h> |
| 1372 | #include <linux/random.h> |
| 1373 | +#include <linux/module.h> |
| 1374 | |
| 1375 | struct once_work { |
| 1376 | struct work_struct work; |
| 1377 | struct static_key_true *key; |
| 1378 | + struct module *module; |
| 1379 | }; |
| 1380 | |
| 1381 | static void once_deferred(struct work_struct *w) |
| 1382 | @@ -16,10 +18,11 @@ static void once_deferred(struct work_struct *w) |
| 1383 | work = container_of(w, struct once_work, work); |
| 1384 | BUG_ON(!static_key_enabled(work->key)); |
| 1385 | static_branch_disable(work->key); |
| 1386 | + module_put(work->module); |
| 1387 | kfree(work); |
| 1388 | } |
| 1389 | |
| 1390 | -static void once_disable_jump(struct static_key_true *key) |
| 1391 | +static void once_disable_jump(struct static_key_true *key, struct module *mod) |
| 1392 | { |
| 1393 | struct once_work *w; |
| 1394 | |
| 1395 | @@ -29,6 +32,8 @@ static void once_disable_jump(struct static_key_true *key) |
| 1396 | |
| 1397 | INIT_WORK(&w->work, once_deferred); |
| 1398 | w->key = key; |
| 1399 | + w->module = mod; |
| 1400 | + __module_get(mod); |
| 1401 | schedule_work(&w->work); |
| 1402 | } |
| 1403 | |
| 1404 | @@ -53,11 +58,11 @@ bool __do_once_start(bool *done, unsigned long *flags) |
| 1405 | EXPORT_SYMBOL(__do_once_start); |
| 1406 | |
| 1407 | void __do_once_done(bool *done, struct static_key_true *once_key, |
| 1408 | - unsigned long *flags) |
| 1409 | + unsigned long *flags, struct module *mod) |
| 1410 | __releases(once_lock) |
| 1411 | { |
| 1412 | *done = true; |
| 1413 | spin_unlock_irqrestore(&once_lock, *flags); |
| 1414 | - once_disable_jump(once_key); |
| 1415 | + once_disable_jump(once_key, mod); |
| 1416 | } |
| 1417 | EXPORT_SYMBOL(__do_once_done); |
| 1418 | diff --git a/mm/oom_kill.c b/mm/oom_kill.c |
| 1419 | index 212e718743018..f1b810ddf2327 100644 |
| 1420 | --- a/mm/oom_kill.c |
| 1421 | +++ b/mm/oom_kill.c |
| 1422 | @@ -197,17 +197,17 @@ static bool is_dump_unreclaim_slabs(void) |
| 1423 | * predictable as possible. The goal is to return the highest value for the |
| 1424 | * task consuming the most memory to avoid subsequent oom failures. |
| 1425 | */ |
| 1426 | -unsigned long oom_badness(struct task_struct *p, unsigned long totalpages) |
| 1427 | +long oom_badness(struct task_struct *p, unsigned long totalpages) |
| 1428 | { |
| 1429 | long points; |
| 1430 | long adj; |
| 1431 | |
| 1432 | if (oom_unkillable_task(p)) |
| 1433 | - return 0; |
| 1434 | + return LONG_MIN; |
| 1435 | |
| 1436 | p = find_lock_task_mm(p); |
| 1437 | if (!p) |
| 1438 | - return 0; |
| 1439 | + return LONG_MIN; |
| 1440 | |
| 1441 | /* |
| 1442 | * Do not even consider tasks which are explicitly marked oom |
| 1443 | @@ -219,7 +219,7 @@ unsigned long oom_badness(struct task_struct *p, unsigned long totalpages) |
| 1444 | test_bit(MMF_OOM_SKIP, &p->mm->flags) || |
| 1445 | in_vfork(p)) { |
| 1446 | task_unlock(p); |
| 1447 | - return 0; |
| 1448 | + return LONG_MIN; |
| 1449 | } |
| 1450 | |
| 1451 | /* |
| 1452 | @@ -234,11 +234,7 @@ unsigned long oom_badness(struct task_struct *p, unsigned long totalpages) |
| 1453 | adj *= totalpages / 1000; |
| 1454 | points += adj; |
| 1455 | |
| 1456 | - /* |
| 1457 | - * Never return 0 for an eligible task regardless of the root bonus and |
| 1458 | - * oom_score_adj (oom_score_adj can't be OOM_SCORE_ADJ_MIN here). |
| 1459 | - */ |
| 1460 | - return points > 0 ? points : 1; |
| 1461 | + return points; |
| 1462 | } |
| 1463 | |
| 1464 | static const char * const oom_constraint_text[] = { |
| 1465 | @@ -311,7 +307,7 @@ static enum oom_constraint constrained_alloc(struct oom_control *oc) |
| 1466 | static int oom_evaluate_task(struct task_struct *task, void *arg) |
| 1467 | { |
| 1468 | struct oom_control *oc = arg; |
| 1469 | - unsigned long points; |
| 1470 | + long points; |
| 1471 | |
| 1472 | if (oom_unkillable_task(task)) |
| 1473 | goto next; |
| 1474 | @@ -337,12 +333,12 @@ static int oom_evaluate_task(struct task_struct *task, void *arg) |
| 1475 | * killed first if it triggers an oom, then select it. |
| 1476 | */ |
| 1477 | if (oom_task_origin(task)) { |
| 1478 | - points = ULONG_MAX; |
| 1479 | + points = LONG_MAX; |
| 1480 | goto select; |
| 1481 | } |
| 1482 | |
| 1483 | points = oom_badness(task, oc->totalpages); |
| 1484 | - if (!points || points < oc->chosen_points) |
| 1485 | + if (points == LONG_MIN || points < oc->chosen_points) |
| 1486 | goto next; |
| 1487 | |
| 1488 | select: |
| 1489 | @@ -366,6 +362,8 @@ abort: |
| 1490 | */ |
| 1491 | static void select_bad_process(struct oom_control *oc) |
| 1492 | { |
| 1493 | + oc->chosen_points = LONG_MIN; |
| 1494 | + |
| 1495 | if (is_memcg_oom(oc)) |
| 1496 | mem_cgroup_scan_tasks(oc->memcg, oom_evaluate_task, oc); |
| 1497 | else { |
| 1498 | diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
| 1499 | index 0bad5db23129a..6fbc9cb09dc0e 100644 |
| 1500 | --- a/net/core/rtnetlink.c |
| 1501 | +++ b/net/core/rtnetlink.c |
| 1502 | @@ -2414,6 +2414,7 @@ static int do_setlink(const struct sk_buff *skb, |
| 1503 | return err; |
| 1504 | |
| 1505 | if (tb[IFLA_NET_NS_PID] || tb[IFLA_NET_NS_FD] || tb[IFLA_TARGET_NETNSID]) { |
| 1506 | + const char *pat = ifname && ifname[0] ? ifname : NULL; |
| 1507 | struct net *net = rtnl_link_get_net_capable(skb, dev_net(dev), |
| 1508 | tb, CAP_NET_ADMIN); |
| 1509 | if (IS_ERR(net)) { |
| 1510 | @@ -2421,7 +2422,7 @@ static int do_setlink(const struct sk_buff *skb, |
| 1511 | goto errout; |
| 1512 | } |
| 1513 | |
| 1514 | - err = dev_change_net_namespace(dev, net, ifname); |
| 1515 | + err = dev_change_net_namespace(dev, net, pat); |
| 1516 | put_net(net); |
| 1517 | if (err) |
| 1518 | goto errout; |
| 1519 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c |
| 1520 | index fedad3a3e61b8..fd8298b8b1c52 100644 |
| 1521 | --- a/net/ipv4/ip_gre.c |
| 1522 | +++ b/net/ipv4/ip_gre.c |
| 1523 | @@ -446,6 +446,8 @@ static void __gre_xmit(struct sk_buff *skb, struct net_device *dev, |
| 1524 | |
| 1525 | static int gre_handle_offloads(struct sk_buff *skb, bool csum) |
| 1526 | { |
| 1527 | + if (csum && skb_checksum_start(skb) < skb->data) |
| 1528 | + return -EINVAL; |
| 1529 | return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE); |
| 1530 | } |
| 1531 | |
| 1532 | diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c |
| 1533 | index 4a988ce4264cb..4bcc36e4b2ef0 100644 |
| 1534 | --- a/net/netfilter/nf_conntrack_core.c |
| 1535 | +++ b/net/netfilter/nf_conntrack_core.c |
| 1536 | @@ -66,22 +66,17 @@ EXPORT_SYMBOL_GPL(nf_conntrack_hash); |
| 1537 | |
| 1538 | struct conntrack_gc_work { |
| 1539 | struct delayed_work dwork; |
| 1540 | - u32 last_bucket; |
| 1541 | + u32 next_bucket; |
| 1542 | bool exiting; |
| 1543 | bool early_drop; |
| 1544 | - long next_gc_run; |
| 1545 | }; |
| 1546 | |
| 1547 | static __read_mostly struct kmem_cache *nf_conntrack_cachep; |
| 1548 | static DEFINE_SPINLOCK(nf_conntrack_locks_all_lock); |
| 1549 | static __read_mostly bool nf_conntrack_locks_all; |
| 1550 | |
| 1551 | -/* every gc cycle scans at most 1/GC_MAX_BUCKETS_DIV part of table */ |
| 1552 | -#define GC_MAX_BUCKETS_DIV 128u |
| 1553 | -/* upper bound of full table scan */ |
| 1554 | -#define GC_MAX_SCAN_JIFFIES (16u * HZ) |
| 1555 | -/* desired ratio of entries found to be expired */ |
| 1556 | -#define GC_EVICT_RATIO 50u |
| 1557 | +#define GC_SCAN_INTERVAL (120u * HZ) |
| 1558 | +#define GC_SCAN_MAX_DURATION msecs_to_jiffies(10) |
| 1559 | |
| 1560 | static struct conntrack_gc_work conntrack_gc_work; |
| 1561 | |
| 1562 | @@ -1226,17 +1221,13 @@ static void nf_ct_offload_timeout(struct nf_conn *ct) |
| 1563 | |
| 1564 | static void gc_worker(struct work_struct *work) |
| 1565 | { |
| 1566 | - unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); |
| 1567 | - unsigned int i, goal, buckets = 0, expired_count = 0; |
| 1568 | - unsigned int nf_conntrack_max95 = 0; |
| 1569 | + unsigned long end_time = jiffies + GC_SCAN_MAX_DURATION; |
| 1570 | + unsigned int i, hashsz, nf_conntrack_max95 = 0; |
| 1571 | + unsigned long next_run = GC_SCAN_INTERVAL; |
| 1572 | struct conntrack_gc_work *gc_work; |
| 1573 | - unsigned int ratio, scanned = 0; |
| 1574 | - unsigned long next_run; |
| 1575 | - |
| 1576 | gc_work = container_of(work, struct conntrack_gc_work, dwork.work); |
| 1577 | |
| 1578 | - goal = nf_conntrack_htable_size / GC_MAX_BUCKETS_DIV; |
| 1579 | - i = gc_work->last_bucket; |
| 1580 | + i = gc_work->next_bucket; |
| 1581 | if (gc_work->early_drop) |
| 1582 | nf_conntrack_max95 = nf_conntrack_max / 100u * 95u; |
| 1583 | |
| 1584 | @@ -1244,22 +1235,21 @@ static void gc_worker(struct work_struct *work) |
| 1585 | struct nf_conntrack_tuple_hash *h; |
| 1586 | struct hlist_nulls_head *ct_hash; |
| 1587 | struct hlist_nulls_node *n; |
| 1588 | - unsigned int hashsz; |
| 1589 | struct nf_conn *tmp; |
| 1590 | |
| 1591 | - i++; |
| 1592 | rcu_read_lock(); |
| 1593 | |
| 1594 | nf_conntrack_get_ht(&ct_hash, &hashsz); |
| 1595 | - if (i >= hashsz) |
| 1596 | - i = 0; |
| 1597 | + if (i >= hashsz) { |
| 1598 | + rcu_read_unlock(); |
| 1599 | + break; |
| 1600 | + } |
| 1601 | |
| 1602 | hlist_nulls_for_each_entry_rcu(h, n, &ct_hash[i], hnnode) { |
| 1603 | struct net *net; |
| 1604 | |
| 1605 | tmp = nf_ct_tuplehash_to_ctrack(h); |
| 1606 | |
| 1607 | - scanned++; |
| 1608 | if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) { |
| 1609 | nf_ct_offload_timeout(tmp); |
| 1610 | continue; |
| 1611 | @@ -1267,7 +1257,6 @@ static void gc_worker(struct work_struct *work) |
| 1612 | |
| 1613 | if (nf_ct_is_expired(tmp)) { |
| 1614 | nf_ct_gc_expired(tmp); |
| 1615 | - expired_count++; |
| 1616 | continue; |
| 1617 | } |
| 1618 | |
| 1619 | @@ -1299,7 +1288,14 @@ static void gc_worker(struct work_struct *work) |
| 1620 | */ |
| 1621 | rcu_read_unlock(); |
| 1622 | cond_resched(); |
| 1623 | - } while (++buckets < goal); |
| 1624 | + i++; |
| 1625 | + |
| 1626 | + if (time_after(jiffies, end_time) && i < hashsz) { |
| 1627 | + gc_work->next_bucket = i; |
| 1628 | + next_run = 0; |
| 1629 | + break; |
| 1630 | + } |
| 1631 | + } while (i < hashsz); |
| 1632 | |
| 1633 | if (gc_work->exiting) |
| 1634 | return; |
| 1635 | @@ -1310,40 +1306,17 @@ static void gc_worker(struct work_struct *work) |
| 1636 | * |
| 1637 | * This worker is only here to reap expired entries when system went |
| 1638 | * idle after a busy period. |
| 1639 | - * |
| 1640 | - * The heuristics below are supposed to balance conflicting goals: |
| 1641 | - * |
| 1642 | - * 1. Minimize time until we notice a stale entry |
| 1643 | - * 2. Maximize scan intervals to not waste cycles |
| 1644 | - * |
| 1645 | - * Normally, expire ratio will be close to 0. |
| 1646 | - * |
| 1647 | - * As soon as a sizeable fraction of the entries have expired |
| 1648 | - * increase scan frequency. |
| 1649 | */ |
| 1650 | - ratio = scanned ? expired_count * 100 / scanned : 0; |
| 1651 | - if (ratio > GC_EVICT_RATIO) { |
| 1652 | - gc_work->next_gc_run = min_interval; |
| 1653 | - } else { |
| 1654 | - unsigned int max = GC_MAX_SCAN_JIFFIES / GC_MAX_BUCKETS_DIV; |
| 1655 | - |
| 1656 | - BUILD_BUG_ON((GC_MAX_SCAN_JIFFIES / GC_MAX_BUCKETS_DIV) == 0); |
| 1657 | - |
| 1658 | - gc_work->next_gc_run += min_interval; |
| 1659 | - if (gc_work->next_gc_run > max) |
| 1660 | - gc_work->next_gc_run = max; |
| 1661 | + if (next_run) { |
| 1662 | + gc_work->early_drop = false; |
| 1663 | + gc_work->next_bucket = 0; |
| 1664 | } |
| 1665 | - |
| 1666 | - next_run = gc_work->next_gc_run; |
| 1667 | - gc_work->last_bucket = i; |
| 1668 | - gc_work->early_drop = false; |
| 1669 | queue_delayed_work(system_power_efficient_wq, &gc_work->dwork, next_run); |
| 1670 | } |
| 1671 | |
| 1672 | static void conntrack_gc_work_init(struct conntrack_gc_work *gc_work) |
| 1673 | { |
| 1674 | INIT_DEFERRABLE_WORK(&gc_work->dwork, gc_worker); |
| 1675 | - gc_work->next_gc_run = HZ; |
| 1676 | gc_work->exiting = false; |
| 1677 | } |
| 1678 | |
| 1679 | diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c |
| 1680 | index faea2ce125110..b97a786d048cc 100644 |
| 1681 | --- a/net/qrtr/qrtr.c |
| 1682 | +++ b/net/qrtr/qrtr.c |
| 1683 | @@ -314,7 +314,7 @@ int qrtr_endpoint_post(struct qrtr_endpoint *ep, const void *data, size_t len) |
| 1684 | goto err; |
| 1685 | } |
| 1686 | |
| 1687 | - if (len != ALIGN(size, 4) + hdrlen) |
| 1688 | + if (!size || len != ALIGN(size, 4) + hdrlen) |
| 1689 | goto err; |
| 1690 | |
| 1691 | if (cb->dst_port != QRTR_PORT_CTRL && cb->type != QRTR_TYPE_DATA) |
| 1692 | diff --git a/net/rds/ib_frmr.c b/net/rds/ib_frmr.c |
| 1693 | index 06ecf9d2d4bf1..ef6acd7211180 100644 |
| 1694 | --- a/net/rds/ib_frmr.c |
| 1695 | +++ b/net/rds/ib_frmr.c |
| 1696 | @@ -131,9 +131,9 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) |
| 1697 | cpu_relax(); |
| 1698 | } |
| 1699 | |
| 1700 | - ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_len, |
| 1701 | + ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_dma_len, |
| 1702 | &off, PAGE_SIZE); |
| 1703 | - if (unlikely(ret != ibmr->sg_len)) |
| 1704 | + if (unlikely(ret != ibmr->sg_dma_len)) |
| 1705 | return ret < 0 ? ret : -EINVAL; |
| 1706 | |
| 1707 | if (cmpxchg(&frmr->fr_state, |
| 1708 | diff --git a/net/socket.c b/net/socket.c |
| 1709 | index b14917dd811ad..94358566c9d10 100644 |
| 1710 | --- a/net/socket.c |
| 1711 | +++ b/net/socket.c |
| 1712 | @@ -1053,7 +1053,7 @@ static long sock_do_ioctl(struct net *net, struct socket *sock, |
| 1713 | rtnl_unlock(); |
| 1714 | if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf))) |
| 1715 | err = -EFAULT; |
| 1716 | - } else { |
| 1717 | + } else if (is_socket_ioctl_cmd(cmd)) { |
| 1718 | struct ifreq ifr; |
| 1719 | bool need_copyout; |
| 1720 | if (copy_from_user(&ifr, argp, sizeof(struct ifreq))) |
| 1721 | @@ -1062,6 +1062,8 @@ static long sock_do_ioctl(struct net *net, struct socket *sock, |
| 1722 | if (!err && need_copyout) |
| 1723 | if (copy_to_user(argp, &ifr, sizeof(struct ifreq))) |
| 1724 | return -EFAULT; |
| 1725 | + } else { |
| 1726 | + err = -ENOTTY; |
| 1727 | } |
| 1728 | return err; |
| 1729 | } |
| 1730 | @@ -3228,6 +3230,8 @@ static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd, |
| 1731 | struct ifreq ifreq; |
| 1732 | u32 data32; |
| 1733 | |
| 1734 | + if (!is_socket_ioctl_cmd(cmd)) |
| 1735 | + return -ENOTTY; |
| 1736 | if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ)) |
| 1737 | return -EFAULT; |
| 1738 | if (get_user(data32, &u_ifreq32->ifr_data)) |