Contents of /trunk/kernel-alx/patches-5.4/0270-5.4.171-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3635 -
(show annotations)
(download)
Mon Oct 24 12:34:12 2022 UTC (19 months, 1 week ago) by niro
File size: 31290 byte(s)
Mon Oct 24 12:34:12 2022 UTC (19 months, 1 week ago) by niro
File size: 31290 byte(s)
-sync kernel patches
| 1 | diff --git a/Makefile b/Makefile |
| 2 | index 7380354e49513..062052f71a976 100644 |
| 3 | --- a/Makefile |
| 4 | +++ b/Makefile |
| 5 | @@ -1,7 +1,7 @@ |
| 6 | # SPDX-License-Identifier: GPL-2.0 |
| 7 | VERSION = 5 |
| 8 | PATCHLEVEL = 4 |
| 9 | -SUBLEVEL = 170 |
| 10 | +SUBLEVEL = 171 |
| 11 | EXTRAVERSION = |
| 12 | NAME = Kleptomaniac Octopus |
| 13 | |
| 14 | diff --git a/drivers/infiniband/core/uverbs_marshall.c b/drivers/infiniband/core/uverbs_marshall.c |
| 15 | index b8d715c68ca44..11a0806469162 100644 |
| 16 | --- a/drivers/infiniband/core/uverbs_marshall.c |
| 17 | +++ b/drivers/infiniband/core/uverbs_marshall.c |
| 18 | @@ -66,7 +66,7 @@ void ib_copy_ah_attr_to_user(struct ib_device *device, |
| 19 | struct rdma_ah_attr *src = ah_attr; |
| 20 | struct rdma_ah_attr conv_ah; |
| 21 | |
| 22 | - memset(&dst->grh.reserved, 0, sizeof(dst->grh.reserved)); |
| 23 | + memset(&dst->grh, 0, sizeof(dst->grh)); |
| 24 | |
| 25 | if ((ah_attr->type == RDMA_AH_ATTR_TYPE_OPA) && |
| 26 | (rdma_ah_get_dlid(ah_attr) > be16_to_cpu(IB_LID_PERMISSIVE)) && |
| 27 | diff --git a/drivers/infiniband/core/uverbs_uapi.c b/drivers/infiniband/core/uverbs_uapi.c |
| 28 | index 00c5478871322..818699b855c5c 100644 |
| 29 | --- a/drivers/infiniband/core/uverbs_uapi.c |
| 30 | +++ b/drivers/infiniband/core/uverbs_uapi.c |
| 31 | @@ -450,6 +450,9 @@ static int uapi_finalize(struct uverbs_api *uapi) |
| 32 | uapi->num_write_ex = max_write_ex + 1; |
| 33 | data = kmalloc_array(uapi->num_write + uapi->num_write_ex, |
| 34 | sizeof(*uapi->write_methods), GFP_KERNEL); |
| 35 | + if (!data) |
| 36 | + return -ENOMEM; |
| 37 | + |
| 38 | for (i = 0; i != uapi->num_write + uapi->num_write_ex; i++) |
| 39 | data[i] = &uapi->notsupp_method; |
| 40 | uapi->write_methods = data; |
| 41 | diff --git a/drivers/input/touchscreen/of_touchscreen.c b/drivers/input/touchscreen/of_touchscreen.c |
| 42 | index 2962c3747adc3..ed5fbcb40e3f0 100644 |
| 43 | --- a/drivers/input/touchscreen/of_touchscreen.c |
| 44 | +++ b/drivers/input/touchscreen/of_touchscreen.c |
| 45 | @@ -77,8 +77,8 @@ void touchscreen_parse_properties(struct input_dev *input, bool multitouch, |
| 46 | axis = multitouch ? ABS_MT_POSITION_X : ABS_X; |
| 47 | data_present = touchscreen_get_prop_u32(dev, "touchscreen-min-x", |
| 48 | input_abs_get_min(input, axis), |
| 49 | - &minimum) | |
| 50 | - touchscreen_get_prop_u32(dev, "touchscreen-size-x", |
| 51 | + &minimum); |
| 52 | + data_present |= touchscreen_get_prop_u32(dev, "touchscreen-size-x", |
| 53 | input_abs_get_max(input, |
| 54 | axis) + 1, |
| 55 | &maximum); |
| 56 | @@ -91,8 +91,8 @@ void touchscreen_parse_properties(struct input_dev *input, bool multitouch, |
| 57 | axis = multitouch ? ABS_MT_POSITION_Y : ABS_Y; |
| 58 | data_present = touchscreen_get_prop_u32(dev, "touchscreen-min-y", |
| 59 | input_abs_get_min(input, axis), |
| 60 | - &minimum) | |
| 61 | - touchscreen_get_prop_u32(dev, "touchscreen-size-y", |
| 62 | + &minimum); |
| 63 | + data_present |= touchscreen_get_prop_u32(dev, "touchscreen-size-y", |
| 64 | input_abs_get_max(input, |
| 65 | axis) + 1, |
| 66 | &maximum); |
| 67 | diff --git a/drivers/isdn/mISDN/core.c b/drivers/isdn/mISDN/core.c |
| 68 | index 55891e4204460..a41b4b2645941 100644 |
| 69 | --- a/drivers/isdn/mISDN/core.c |
| 70 | +++ b/drivers/isdn/mISDN/core.c |
| 71 | @@ -381,7 +381,7 @@ mISDNInit(void) |
| 72 | err = mISDN_inittimer(&debug); |
| 73 | if (err) |
| 74 | goto error2; |
| 75 | - err = l1_init(&debug); |
| 76 | + err = Isdnl1_Init(&debug); |
| 77 | if (err) |
| 78 | goto error3; |
| 79 | err = Isdnl2_Init(&debug); |
| 80 | @@ -395,7 +395,7 @@ mISDNInit(void) |
| 81 | error5: |
| 82 | Isdnl2_cleanup(); |
| 83 | error4: |
| 84 | - l1_cleanup(); |
| 85 | + Isdnl1_cleanup(); |
| 86 | error3: |
| 87 | mISDN_timer_cleanup(); |
| 88 | error2: |
| 89 | @@ -408,7 +408,7 @@ static void mISDN_cleanup(void) |
| 90 | { |
| 91 | misdn_sock_cleanup(); |
| 92 | Isdnl2_cleanup(); |
| 93 | - l1_cleanup(); |
| 94 | + Isdnl1_cleanup(); |
| 95 | mISDN_timer_cleanup(); |
| 96 | class_unregister(&mISDN_class); |
| 97 | |
| 98 | diff --git a/drivers/isdn/mISDN/core.h b/drivers/isdn/mISDN/core.h |
| 99 | index 23b44d3033279..42599f49c189d 100644 |
| 100 | --- a/drivers/isdn/mISDN/core.h |
| 101 | +++ b/drivers/isdn/mISDN/core.h |
| 102 | @@ -60,8 +60,8 @@ struct Bprotocol *get_Bprotocol4id(u_int); |
| 103 | extern int mISDN_inittimer(u_int *); |
| 104 | extern void mISDN_timer_cleanup(void); |
| 105 | |
| 106 | -extern int l1_init(u_int *); |
| 107 | -extern void l1_cleanup(void); |
| 108 | +extern int Isdnl1_Init(u_int *); |
| 109 | +extern void Isdnl1_cleanup(void); |
| 110 | extern int Isdnl2_Init(u_int *); |
| 111 | extern void Isdnl2_cleanup(void); |
| 112 | |
| 113 | diff --git a/drivers/isdn/mISDN/layer1.c b/drivers/isdn/mISDN/layer1.c |
| 114 | index 98a3bc6c17009..7b31c25a550e3 100644 |
| 115 | --- a/drivers/isdn/mISDN/layer1.c |
| 116 | +++ b/drivers/isdn/mISDN/layer1.c |
| 117 | @@ -398,7 +398,7 @@ create_l1(struct dchannel *dch, dchannel_l1callback *dcb) { |
| 118 | EXPORT_SYMBOL(create_l1); |
| 119 | |
| 120 | int |
| 121 | -l1_init(u_int *deb) |
| 122 | +Isdnl1_Init(u_int *deb) |
| 123 | { |
| 124 | debug = deb; |
| 125 | l1fsm_s.state_count = L1S_STATE_COUNT; |
| 126 | @@ -409,7 +409,7 @@ l1_init(u_int *deb) |
| 127 | } |
| 128 | |
| 129 | void |
| 130 | -l1_cleanup(void) |
| 131 | +Isdnl1_cleanup(void) |
| 132 | { |
| 133 | mISDN_FsmFree(&l1fsm_s); |
| 134 | } |
| 135 | diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c |
| 136 | index 03821b46a8cb4..4c22f119ac62f 100644 |
| 137 | --- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c |
| 138 | +++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c |
| 139 | @@ -305,6 +305,10 @@ int aq_ring_rx_clean(struct aq_ring_s *self, |
| 140 | if (!buff->is_eop) { |
| 141 | buff_ = buff; |
| 142 | do { |
| 143 | + if (buff_->next >= self->size) { |
| 144 | + err = -EIO; |
| 145 | + goto err_exit; |
| 146 | + } |
| 147 | next_ = buff_->next, |
| 148 | buff_ = &self->buff_ring[next_]; |
| 149 | is_rsc_completed = |
| 150 | @@ -327,6 +331,10 @@ int aq_ring_rx_clean(struct aq_ring_s *self, |
| 151 | if (buff->is_error || buff->is_cso_err) { |
| 152 | buff_ = buff; |
| 153 | do { |
| 154 | + if (buff_->next >= self->size) { |
| 155 | + err = -EIO; |
| 156 | + goto err_exit; |
| 157 | + } |
| 158 | next_ = buff_->next, |
| 159 | buff_ = &self->buff_ring[next_]; |
| 160 | |
| 161 | diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c |
| 162 | index ce237da003ddb..a2326683be170 100644 |
| 163 | --- a/drivers/net/ethernet/intel/i40e/i40e_main.c |
| 164 | +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c |
| 165 | @@ -107,6 +107,24 @@ MODULE_VERSION(DRV_VERSION); |
| 166 | |
| 167 | static struct workqueue_struct *i40e_wq; |
| 168 | |
| 169 | +static void netdev_hw_addr_refcnt(struct i40e_mac_filter *f, |
| 170 | + struct net_device *netdev, int delta) |
| 171 | +{ |
| 172 | + struct netdev_hw_addr *ha; |
| 173 | + |
| 174 | + if (!f || !netdev) |
| 175 | + return; |
| 176 | + |
| 177 | + netdev_for_each_mc_addr(ha, netdev) { |
| 178 | + if (ether_addr_equal(ha->addr, f->macaddr)) { |
| 179 | + ha->refcount += delta; |
| 180 | + if (ha->refcount <= 0) |
| 181 | + ha->refcount = 1; |
| 182 | + break; |
| 183 | + } |
| 184 | + } |
| 185 | +} |
| 186 | + |
| 187 | /** |
| 188 | * i40e_allocate_dma_mem_d - OS specific memory alloc for shared code |
| 189 | * @hw: pointer to the HW structure |
| 190 | @@ -2022,6 +2040,7 @@ static void i40e_undo_add_filter_entries(struct i40e_vsi *vsi, |
| 191 | hlist_for_each_entry_safe(new, h, from, hlist) { |
| 192 | /* We can simply free the wrapper structure */ |
| 193 | hlist_del(&new->hlist); |
| 194 | + netdev_hw_addr_refcnt(new->f, vsi->netdev, -1); |
| 195 | kfree(new); |
| 196 | } |
| 197 | } |
| 198 | @@ -2369,6 +2388,10 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi) |
| 199 | &tmp_add_list, |
| 200 | &tmp_del_list, |
| 201 | vlan_filters); |
| 202 | + |
| 203 | + hlist_for_each_entry(new, &tmp_add_list, hlist) |
| 204 | + netdev_hw_addr_refcnt(new->f, vsi->netdev, 1); |
| 205 | + |
| 206 | if (retval) |
| 207 | goto err_no_memory_locked; |
| 208 | |
| 209 | @@ -2501,6 +2524,7 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi) |
| 210 | if (new->f->state == I40E_FILTER_NEW) |
| 211 | new->f->state = new->state; |
| 212 | hlist_del(&new->hlist); |
| 213 | + netdev_hw_addr_refcnt(new->f, vsi->netdev, -1); |
| 214 | kfree(new); |
| 215 | } |
| 216 | spin_unlock_bh(&vsi->mac_filter_hash_lock); |
| 217 | @@ -8302,6 +8326,27 @@ int i40e_open(struct net_device *netdev) |
| 218 | return 0; |
| 219 | } |
| 220 | |
| 221 | +/** |
| 222 | + * i40e_netif_set_realnum_tx_rx_queues - Update number of tx/rx queues |
| 223 | + * @vsi: vsi structure |
| 224 | + * |
| 225 | + * This updates netdev's number of tx/rx queues |
| 226 | + * |
| 227 | + * Returns status of setting tx/rx queues |
| 228 | + **/ |
| 229 | +static int i40e_netif_set_realnum_tx_rx_queues(struct i40e_vsi *vsi) |
| 230 | +{ |
| 231 | + int ret; |
| 232 | + |
| 233 | + ret = netif_set_real_num_rx_queues(vsi->netdev, |
| 234 | + vsi->num_queue_pairs); |
| 235 | + if (ret) |
| 236 | + return ret; |
| 237 | + |
| 238 | + return netif_set_real_num_tx_queues(vsi->netdev, |
| 239 | + vsi->num_queue_pairs); |
| 240 | +} |
| 241 | + |
| 242 | /** |
| 243 | * i40e_vsi_open - |
| 244 | * @vsi: the VSI to open |
| 245 | @@ -8338,13 +8383,7 @@ int i40e_vsi_open(struct i40e_vsi *vsi) |
| 246 | goto err_setup_rx; |
| 247 | |
| 248 | /* Notify the stack of the actual queue counts. */ |
| 249 | - err = netif_set_real_num_tx_queues(vsi->netdev, |
| 250 | - vsi->num_queue_pairs); |
| 251 | - if (err) |
| 252 | - goto err_set_queues; |
| 253 | - |
| 254 | - err = netif_set_real_num_rx_queues(vsi->netdev, |
| 255 | - vsi->num_queue_pairs); |
| 256 | + err = i40e_netif_set_realnum_tx_rx_queues(vsi); |
| 257 | if (err) |
| 258 | goto err_set_queues; |
| 259 | |
| 260 | @@ -13766,6 +13805,9 @@ struct i40e_vsi *i40e_vsi_setup(struct i40e_pf *pf, u8 type, |
| 261 | case I40E_VSI_MAIN: |
| 262 | case I40E_VSI_VMDQ2: |
| 263 | ret = i40e_config_netdev(vsi); |
| 264 | + if (ret) |
| 265 | + goto err_netdev; |
| 266 | + ret = i40e_netif_set_realnum_tx_rx_queues(vsi); |
| 267 | if (ret) |
| 268 | goto err_netdev; |
| 269 | ret = register_netdev(vsi->netdev); |
| 270 | @@ -15012,8 +15054,8 @@ static int i40e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) |
| 271 | |
| 272 | if (hw->aq.api_maj_ver == I40E_FW_API_VERSION_MAJOR && |
| 273 | hw->aq.api_min_ver > I40E_FW_MINOR_VERSION(hw)) |
| 274 | - dev_info(&pdev->dev, |
| 275 | - "The driver for the device detected a newer version of the NVM image v%u.%u than expected v%u.%u. Please install the most recent version of the network driver.\n", |
| 276 | + dev_dbg(&pdev->dev, |
| 277 | + "The driver for the device detected a newer version of the NVM image v%u.%u than v%u.%u.\n", |
| 278 | hw->aq.api_maj_ver, |
| 279 | hw->aq.api_min_ver, |
| 280 | I40E_FW_API_VERSION_MAJOR, |
| 281 | diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c |
| 282 | index 449eb06e2c7da..309e953ed1e44 100644 |
| 283 | --- a/drivers/net/ethernet/intel/iavf/iavf_main.c |
| 284 | +++ b/drivers/net/ethernet/intel/iavf/iavf_main.c |
| 285 | @@ -2604,8 +2604,11 @@ static int iavf_validate_ch_config(struct iavf_adapter *adapter, |
| 286 | total_max_rate += tx_rate; |
| 287 | num_qps += mqprio_qopt->qopt.count[i]; |
| 288 | } |
| 289 | - if (num_qps > IAVF_MAX_REQ_QUEUES) |
| 290 | + if (num_qps > adapter->num_active_queues) { |
| 291 | + dev_err(&adapter->pdev->dev, |
| 292 | + "Cannot support requested number of queues\n"); |
| 293 | return -EINVAL; |
| 294 | + } |
| 295 | |
| 296 | ret = iavf_validate_tx_bandwidth(adapter, total_max_rate); |
| 297 | return ret; |
| 298 | diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c |
| 299 | index 23ee0b14cbfa1..2f5e7b31032aa 100644 |
| 300 | --- a/drivers/net/ieee802154/atusb.c |
| 301 | +++ b/drivers/net/ieee802154/atusb.c |
| 302 | @@ -93,7 +93,9 @@ static int atusb_control_msg(struct atusb *atusb, unsigned int pipe, |
| 303 | |
| 304 | ret = usb_control_msg(usb_dev, pipe, request, requesttype, |
| 305 | value, index, data, size, timeout); |
| 306 | - if (ret < 0) { |
| 307 | + if (ret < size) { |
| 308 | + ret = ret < 0 ? ret : -ENODATA; |
| 309 | + |
| 310 | atusb->err = ret; |
| 311 | dev_err(&usb_dev->dev, |
| 312 | "%s: req 0x%02x val 0x%x idx 0x%x, error %d\n", |
| 313 | @@ -861,9 +863,9 @@ static int atusb_get_and_show_build(struct atusb *atusb) |
| 314 | if (!build) |
| 315 | return -ENOMEM; |
| 316 | |
| 317 | - ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0), |
| 318 | - ATUSB_BUILD, ATUSB_REQ_FROM_DEV, 0, 0, |
| 319 | - build, ATUSB_BUILD_SIZE, 1000); |
| 320 | + /* We cannot call atusb_control_msg() here, since this request may read various length data */ |
| 321 | + ret = usb_control_msg(atusb->usb_dev, usb_rcvctrlpipe(usb_dev, 0), ATUSB_BUILD, |
| 322 | + ATUSB_REQ_FROM_DEV, 0, 0, build, ATUSB_BUILD_SIZE, 1000); |
| 323 | if (ret >= 0) { |
| 324 | build[ret] = 0; |
| 325 | dev_info(&usb_dev->dev, "Firmware: build %s\n", build); |
| 326 | diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c |
| 327 | index 0b61d80ea3f8c..18cc5e4280e83 100644 |
| 328 | --- a/drivers/net/phy/micrel.c |
| 329 | +++ b/drivers/net/phy/micrel.c |
| 330 | @@ -1096,6 +1096,7 @@ static struct phy_driver ksphy_driver[] = { |
| 331 | .probe = kszphy_probe, |
| 332 | .config_init = ksz8081_config_init, |
| 333 | .ack_interrupt = kszphy_ack_interrupt, |
| 334 | + .soft_reset = genphy_soft_reset, |
| 335 | .config_intr = kszphy_config_intr, |
| 336 | .get_sset_count = kszphy_get_sset_count, |
| 337 | .get_strings = kszphy_get_strings, |
| 338 | diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c |
| 339 | index f9b359d4e2939..1505fe3f87ed3 100644 |
| 340 | --- a/drivers/net/usb/rndis_host.c |
| 341 | +++ b/drivers/net/usb/rndis_host.c |
| 342 | @@ -608,6 +608,11 @@ static const struct usb_device_id products [] = { |
| 343 | USB_DEVICE_AND_INTERFACE_INFO(0x1630, 0x0042, |
| 344 | USB_CLASS_COMM, 2 /* ACM */, 0x0ff), |
| 345 | .driver_info = (unsigned long) &rndis_poll_status_info, |
| 346 | +}, { |
| 347 | + /* Hytera Communications DMR radios' "Radio to PC Network" */ |
| 348 | + USB_VENDOR_AND_INTERFACE_INFO(0x238b, |
| 349 | + USB_CLASS_COMM, 2 /* ACM */, 0x0ff), |
| 350 | + .driver_info = (unsigned long)&rndis_info, |
| 351 | }, { |
| 352 | /* RNDIS is MSFT's un-official variant of CDC ACM */ |
| 353 | USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff), |
| 354 | diff --git a/drivers/power/reset/ltc2952-poweroff.c b/drivers/power/reset/ltc2952-poweroff.c |
| 355 | index e4a0cc45b3d11..ec613bcc0a302 100644 |
| 356 | --- a/drivers/power/reset/ltc2952-poweroff.c |
| 357 | +++ b/drivers/power/reset/ltc2952-poweroff.c |
| 358 | @@ -160,8 +160,8 @@ static void ltc2952_poweroff_kill(void) |
| 359 | |
| 360 | static void ltc2952_poweroff_default(struct ltc2952_poweroff *data) |
| 361 | { |
| 362 | - data->wde_interval = 300L * 1E6L; |
| 363 | - data->trigger_delay = ktime_set(2, 500L*1E6L); |
| 364 | + data->wde_interval = 300L * NSEC_PER_MSEC; |
| 365 | + data->trigger_delay = ktime_set(2, 500L * NSEC_PER_MSEC); |
| 366 | |
| 367 | hrtimer_init(&data->timer_trigger, CLOCK_MONOTONIC, HRTIMER_MODE_REL); |
| 368 | data->timer_trigger.function = ltc2952_poweroff_timer_trigger; |
| 369 | diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c |
| 370 | index 5c36c430ce8b6..a2f56a68c50d6 100644 |
| 371 | --- a/drivers/power/supply/power_supply_core.c |
| 372 | +++ b/drivers/power/supply/power_supply_core.c |
| 373 | @@ -742,6 +742,10 @@ power_supply_find_ocv2cap_table(struct power_supply_battery_info *info, |
| 374 | return NULL; |
| 375 | |
| 376 | for (i = 0; i < POWER_SUPPLY_OCV_TEMP_MAX; i++) { |
| 377 | + /* Out of capacity tables */ |
| 378 | + if (!info->ocv_table[i]) |
| 379 | + break; |
| 380 | + |
| 381 | temp_diff = abs(info->ocv_temp[i] - temp); |
| 382 | |
| 383 | if (temp_diff < best_temp_diff) { |
| 384 | diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c |
| 385 | index eeba6180711cd..f3cee64c6d12f 100644 |
| 386 | --- a/drivers/scsi/libiscsi.c |
| 387 | +++ b/drivers/scsi/libiscsi.c |
| 388 | @@ -2948,6 +2948,8 @@ void iscsi_conn_teardown(struct iscsi_cls_conn *cls_conn) |
| 389 | { |
| 390 | struct iscsi_conn *conn = cls_conn->dd_data; |
| 391 | struct iscsi_session *session = conn->session; |
| 392 | + char *tmp_persistent_address = conn->persistent_address; |
| 393 | + char *tmp_local_ipaddr = conn->local_ipaddr; |
| 394 | |
| 395 | del_timer_sync(&conn->transport_timer); |
| 396 | |
| 397 | @@ -2969,8 +2971,6 @@ void iscsi_conn_teardown(struct iscsi_cls_conn *cls_conn) |
| 398 | spin_lock_bh(&session->frwd_lock); |
| 399 | free_pages((unsigned long) conn->data, |
| 400 | get_order(ISCSI_DEF_MAX_RECV_SEG_LEN)); |
| 401 | - kfree(conn->persistent_address); |
| 402 | - kfree(conn->local_ipaddr); |
| 403 | /* regular RX path uses back_lock */ |
| 404 | spin_lock_bh(&session->back_lock); |
| 405 | kfifo_in(&session->cmdpool.queue, (void*)&conn->login_task, |
| 406 | @@ -2982,6 +2982,8 @@ void iscsi_conn_teardown(struct iscsi_cls_conn *cls_conn) |
| 407 | mutex_unlock(&session->eh_mutex); |
| 408 | |
| 409 | iscsi_destroy_conn(cls_conn); |
| 410 | + kfree(tmp_persistent_address); |
| 411 | + kfree(tmp_local_ipaddr); |
| 412 | } |
| 413 | EXPORT_SYMBOL_GPL(iscsi_conn_teardown); |
| 414 | |
| 415 | diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c |
| 416 | index 253c8b71d3c49..061da9b82b967 100644 |
| 417 | --- a/drivers/usb/mtu3/mtu3_gadget.c |
| 418 | +++ b/drivers/usb/mtu3/mtu3_gadget.c |
| 419 | @@ -85,7 +85,7 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) |
| 420 | if (usb_endpoint_xfer_int(desc) || |
| 421 | usb_endpoint_xfer_isoc(desc)) { |
| 422 | interval = desc->bInterval; |
| 423 | - interval = clamp_val(interval, 1, 16) - 1; |
| 424 | + interval = clamp_val(interval, 1, 16); |
| 425 | if (usb_endpoint_xfer_isoc(desc) && comp_desc) |
| 426 | mult = comp_desc->bmAttributes; |
| 427 | } |
| 428 | @@ -97,7 +97,7 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) |
| 429 | if (usb_endpoint_xfer_isoc(desc) || |
| 430 | usb_endpoint_xfer_int(desc)) { |
| 431 | interval = desc->bInterval; |
| 432 | - interval = clamp_val(interval, 1, 16) - 1; |
| 433 | + interval = clamp_val(interval, 1, 16); |
| 434 | mult = usb_endpoint_maxp_mult(desc) - 1; |
| 435 | } |
| 436 | break; |
| 437 | diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c |
| 438 | index f7d27cbbeb860..03dce3980d90a 100644 |
| 439 | --- a/fs/f2fs/checkpoint.c |
| 440 | +++ b/fs/f2fs/checkpoint.c |
| 441 | @@ -1144,7 +1144,8 @@ static bool __need_flush_quota(struct f2fs_sb_info *sbi) |
| 442 | if (!is_journalled_quota(sbi)) |
| 443 | return false; |
| 444 | |
| 445 | - down_write(&sbi->quota_sem); |
| 446 | + if (!down_write_trylock(&sbi->quota_sem)) |
| 447 | + return true; |
| 448 | if (is_sbi_flag_set(sbi, SBI_QUOTA_SKIP_FLUSH)) { |
| 449 | ret = false; |
| 450 | } else if (is_sbi_flag_set(sbi, SBI_QUOTA_NEED_REPAIR)) { |
| 451 | diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c |
| 452 | index b3021d9b34a5e..7b7a009425e21 100644 |
| 453 | --- a/fs/xfs/xfs_ioctl.c |
| 454 | +++ b/fs/xfs/xfs_ioctl.c |
| 455 | @@ -714,7 +714,8 @@ xfs_ioc_space( |
| 456 | flags |= XFS_PREALLOC_CLEAR; |
| 457 | if (bf->l_start > XFS_ISIZE(ip)) { |
| 458 | error = xfs_alloc_file_space(ip, XFS_ISIZE(ip), |
| 459 | - bf->l_start - XFS_ISIZE(ip), 0); |
| 460 | + bf->l_start - XFS_ISIZE(ip), |
| 461 | + XFS_BMAPI_PREALLOC); |
| 462 | if (error) |
| 463 | goto out_unlock; |
| 464 | } |
| 465 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
| 466 | index 5240ba9a82db8..54f5b2f080f53 100644 |
| 467 | --- a/kernel/trace/trace.c |
| 468 | +++ b/kernel/trace/trace.c |
| 469 | @@ -3007,7 +3007,7 @@ struct trace_buffer_struct { |
| 470 | char buffer[4][TRACE_BUF_SIZE]; |
| 471 | }; |
| 472 | |
| 473 | -static struct trace_buffer_struct *trace_percpu_buffer; |
| 474 | +static struct trace_buffer_struct __percpu *trace_percpu_buffer; |
| 475 | |
| 476 | /* |
| 477 | * Thise allows for lockless recording. If we're nested too deeply, then |
| 478 | @@ -3017,7 +3017,7 @@ static char *get_trace_buf(void) |
| 479 | { |
| 480 | struct trace_buffer_struct *buffer = this_cpu_ptr(trace_percpu_buffer); |
| 481 | |
| 482 | - if (!buffer || buffer->nesting >= 4) |
| 483 | + if (!trace_percpu_buffer || buffer->nesting >= 4) |
| 484 | return NULL; |
| 485 | |
| 486 | buffer->nesting++; |
| 487 | @@ -3036,7 +3036,7 @@ static void put_trace_buf(void) |
| 488 | |
| 489 | static int alloc_percpu_trace_buffer(void) |
| 490 | { |
| 491 | - struct trace_buffer_struct *buffers; |
| 492 | + struct trace_buffer_struct __percpu *buffers; |
| 493 | |
| 494 | buffers = alloc_percpu(struct trace_buffer_struct); |
| 495 | if (WARN(!buffers, "Could not allocate percpu trace_printk buffer")) |
| 496 | diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c |
| 497 | index f5bf931252c4b..09d81f9c2a649 100644 |
| 498 | --- a/net/batman-adv/multicast.c |
| 499 | +++ b/net/batman-adv/multicast.c |
| 500 | @@ -1373,6 +1373,7 @@ batadv_mcast_forw_rtr_node_get(struct batadv_priv *bat_priv, |
| 501 | * @bat_priv: the bat priv with all the soft interface information |
| 502 | * @skb: The multicast packet to check |
| 503 | * @orig: an originator to be set to forward the skb to |
| 504 | + * @is_routable: stores whether the destination is routable |
| 505 | * |
| 506 | * Return: the forwarding mode as enum batadv_forw_mode and in case of |
| 507 | * BATADV_FORW_SINGLE set the orig to the single originator the skb |
| 508 | @@ -1380,17 +1381,16 @@ batadv_mcast_forw_rtr_node_get(struct batadv_priv *bat_priv, |
| 509 | */ |
| 510 | enum batadv_forw_mode |
| 511 | batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 512 | - struct batadv_orig_node **orig) |
| 513 | + struct batadv_orig_node **orig, int *is_routable) |
| 514 | { |
| 515 | int ret, tt_count, ip_count, unsnoop_count, total_count; |
| 516 | bool is_unsnoopable = false; |
| 517 | unsigned int mcast_fanout; |
| 518 | struct ethhdr *ethhdr; |
| 519 | - int is_routable = 0; |
| 520 | int rtr_count = 0; |
| 521 | |
| 522 | ret = batadv_mcast_forw_mode_check(bat_priv, skb, &is_unsnoopable, |
| 523 | - &is_routable); |
| 524 | + is_routable); |
| 525 | if (ret == -ENOMEM) |
| 526 | return BATADV_FORW_NONE; |
| 527 | else if (ret < 0) |
| 528 | @@ -1403,7 +1403,7 @@ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 529 | ip_count = batadv_mcast_forw_want_all_ip_count(bat_priv, ethhdr); |
| 530 | unsnoop_count = !is_unsnoopable ? 0 : |
| 531 | atomic_read(&bat_priv->mcast.num_want_all_unsnoopables); |
| 532 | - rtr_count = batadv_mcast_forw_rtr_count(bat_priv, is_routable); |
| 533 | + rtr_count = batadv_mcast_forw_rtr_count(bat_priv, *is_routable); |
| 534 | |
| 535 | total_count = tt_count + ip_count + unsnoop_count + rtr_count; |
| 536 | |
| 537 | @@ -1723,6 +1723,7 @@ batadv_mcast_forw_want_rtr(struct batadv_priv *bat_priv, |
| 538 | * @bat_priv: the bat priv with all the soft interface information |
| 539 | * @skb: the multicast packet to transmit |
| 540 | * @vid: the vlan identifier |
| 541 | + * @is_routable: stores whether the destination is routable |
| 542 | * |
| 543 | * Sends copies of a frame with multicast destination to any node that signaled |
| 544 | * interest in it, that is either via the translation table or the according |
| 545 | @@ -1735,7 +1736,7 @@ batadv_mcast_forw_want_rtr(struct batadv_priv *bat_priv, |
| 546 | * is neither IPv4 nor IPv6. NET_XMIT_SUCCESS otherwise. |
| 547 | */ |
| 548 | int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 549 | - unsigned short vid) |
| 550 | + unsigned short vid, int is_routable) |
| 551 | { |
| 552 | int ret; |
| 553 | |
| 554 | @@ -1751,12 +1752,16 @@ int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 555 | return ret; |
| 556 | } |
| 557 | |
| 558 | + if (!is_routable) |
| 559 | + goto skip_mc_router; |
| 560 | + |
| 561 | ret = batadv_mcast_forw_want_rtr(bat_priv, skb, vid); |
| 562 | if (ret != NET_XMIT_SUCCESS) { |
| 563 | kfree_skb(skb); |
| 564 | return ret; |
| 565 | } |
| 566 | |
| 567 | +skip_mc_router: |
| 568 | consume_skb(skb); |
| 569 | return ret; |
| 570 | } |
| 571 | diff --git a/net/batman-adv/multicast.h b/net/batman-adv/multicast.h |
| 572 | index 403929013ac47..fc1ffd22a6715 100644 |
| 573 | --- a/net/batman-adv/multicast.h |
| 574 | +++ b/net/batman-adv/multicast.h |
| 575 | @@ -44,7 +44,8 @@ enum batadv_forw_mode { |
| 576 | |
| 577 | enum batadv_forw_mode |
| 578 | batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 579 | - struct batadv_orig_node **mcast_single_orig); |
| 580 | + struct batadv_orig_node **mcast_single_orig, |
| 581 | + int *is_routable); |
| 582 | |
| 583 | int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, |
| 584 | struct sk_buff *skb, |
| 585 | @@ -52,7 +53,7 @@ int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, |
| 586 | struct batadv_orig_node *orig_node); |
| 587 | |
| 588 | int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 589 | - unsigned short vid); |
| 590 | + unsigned short vid, int is_routable); |
| 591 | |
| 592 | void batadv_mcast_init(struct batadv_priv *bat_priv); |
| 593 | |
| 594 | @@ -71,7 +72,8 @@ void batadv_mcast_purge_orig(struct batadv_orig_node *orig_node); |
| 595 | |
| 596 | static inline enum batadv_forw_mode |
| 597 | batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 598 | - struct batadv_orig_node **mcast_single_orig) |
| 599 | + struct batadv_orig_node **mcast_single_orig, |
| 600 | + int *is_routable) |
| 601 | { |
| 602 | return BATADV_FORW_ALL; |
| 603 | } |
| 604 | @@ -88,7 +90,7 @@ batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, |
| 605 | |
| 606 | static inline int |
| 607 | batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, |
| 608 | - unsigned short vid) |
| 609 | + unsigned short vid, int is_routable) |
| 610 | { |
| 611 | kfree_skb(skb); |
| 612 | return NET_XMIT_DROP; |
| 613 | diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c |
| 614 | index 7f209390069ea..504e3cb67bed4 100644 |
| 615 | --- a/net/batman-adv/soft-interface.c |
| 616 | +++ b/net/batman-adv/soft-interface.c |
| 617 | @@ -200,6 +200,7 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, |
| 618 | int gw_mode; |
| 619 | enum batadv_forw_mode forw_mode = BATADV_FORW_SINGLE; |
| 620 | struct batadv_orig_node *mcast_single_orig = NULL; |
| 621 | + int mcast_is_routable = 0; |
| 622 | int network_offset = ETH_HLEN; |
| 623 | __be16 proto; |
| 624 | |
| 625 | @@ -302,7 +303,8 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, |
| 626 | send: |
| 627 | if (do_bcast && !is_broadcast_ether_addr(ethhdr->h_dest)) { |
| 628 | forw_mode = batadv_mcast_forw_mode(bat_priv, skb, |
| 629 | - &mcast_single_orig); |
| 630 | + &mcast_single_orig, |
| 631 | + &mcast_is_routable); |
| 632 | if (forw_mode == BATADV_FORW_NONE) |
| 633 | goto dropped; |
| 634 | |
| 635 | @@ -367,7 +369,8 @@ send: |
| 636 | ret = batadv_mcast_forw_send_orig(bat_priv, skb, vid, |
| 637 | mcast_single_orig); |
| 638 | } else if (forw_mode == BATADV_FORW_SOME) { |
| 639 | - ret = batadv_mcast_forw_send(bat_priv, skb, vid); |
| 640 | + ret = batadv_mcast_forw_send(bat_priv, skb, vid, |
| 641 | + mcast_is_routable); |
| 642 | } else { |
| 643 | if (batadv_dat_snoop_outgoing_arp_request(bat_priv, |
| 644 | skb)) |
| 645 | diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c |
| 646 | index 2f9c0de533c75..0b64f015b3b0b 100644 |
| 647 | --- a/net/core/lwtunnel.c |
| 648 | +++ b/net/core/lwtunnel.c |
| 649 | @@ -190,6 +190,10 @@ int lwtunnel_valid_encap_type_attr(struct nlattr *attr, int remaining, |
| 650 | nla_entype = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); |
| 651 | |
| 652 | if (nla_entype) { |
| 653 | + if (nla_len(nla_entype) < sizeof(u16)) { |
| 654 | + NL_SET_ERR_MSG(extack, "Invalid RTA_ENCAP_TYPE"); |
| 655 | + return -EINVAL; |
| 656 | + } |
| 657 | encap_type = nla_get_u16(nla_entype); |
| 658 | |
| 659 | if (lwtunnel_valid_encap_type(encap_type, |
| 660 | diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c |
| 661 | index c0b8154205237..ce4b28f011485 100644 |
| 662 | --- a/net/ipv4/fib_semantics.c |
| 663 | +++ b/net/ipv4/fib_semantics.c |
| 664 | @@ -654,6 +654,19 @@ static int fib_count_nexthops(struct rtnexthop *rtnh, int remaining, |
| 665 | return nhs; |
| 666 | } |
| 667 | |
| 668 | +static int fib_gw_from_attr(__be32 *gw, struct nlattr *nla, |
| 669 | + struct netlink_ext_ack *extack) |
| 670 | +{ |
| 671 | + if (nla_len(nla) < sizeof(*gw)) { |
| 672 | + NL_SET_ERR_MSG(extack, "Invalid IPv4 address in RTA_GATEWAY"); |
| 673 | + return -EINVAL; |
| 674 | + } |
| 675 | + |
| 676 | + *gw = nla_get_in_addr(nla); |
| 677 | + |
| 678 | + return 0; |
| 679 | +} |
| 680 | + |
| 681 | /* only called when fib_nh is integrated into fib_info */ |
| 682 | static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh, |
| 683 | int remaining, struct fib_config *cfg, |
| 684 | @@ -696,7 +709,11 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh, |
| 685 | return -EINVAL; |
| 686 | } |
| 687 | if (nla) { |
| 688 | - fib_cfg.fc_gw4 = nla_get_in_addr(nla); |
| 689 | + ret = fib_gw_from_attr(&fib_cfg.fc_gw4, nla, |
| 690 | + extack); |
| 691 | + if (ret) |
| 692 | + goto errout; |
| 693 | + |
| 694 | if (fib_cfg.fc_gw4) |
| 695 | fib_cfg.fc_gw_family = AF_INET; |
| 696 | } else if (nlav) { |
| 697 | @@ -706,10 +723,18 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh, |
| 698 | } |
| 699 | |
| 700 | nla = nla_find(attrs, attrlen, RTA_FLOW); |
| 701 | - if (nla) |
| 702 | + if (nla) { |
| 703 | + if (nla_len(nla) < sizeof(u32)) { |
| 704 | + NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW"); |
| 705 | + return -EINVAL; |
| 706 | + } |
| 707 | fib_cfg.fc_flow = nla_get_u32(nla); |
| 708 | + } |
| 709 | |
| 710 | fib_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP); |
| 711 | + /* RTA_ENCAP_TYPE length checked in |
| 712 | + * lwtunnel_valid_encap_type_attr |
| 713 | + */ |
| 714 | nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); |
| 715 | if (nla) |
| 716 | fib_cfg.fc_encap_type = nla_get_u16(nla); |
| 717 | @@ -894,6 +919,7 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi, |
| 718 | attrlen = rtnh_attrlen(rtnh); |
| 719 | if (attrlen > 0) { |
| 720 | struct nlattr *nla, *nlav, *attrs = rtnh_attrs(rtnh); |
| 721 | + int err; |
| 722 | |
| 723 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); |
| 724 | nlav = nla_find(attrs, attrlen, RTA_VIA); |
| 725 | @@ -904,12 +930,17 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi, |
| 726 | } |
| 727 | |
| 728 | if (nla) { |
| 729 | + __be32 gw; |
| 730 | + |
| 731 | + err = fib_gw_from_attr(&gw, nla, extack); |
| 732 | + if (err) |
| 733 | + return err; |
| 734 | + |
| 735 | if (nh->fib_nh_gw_family != AF_INET || |
| 736 | - nla_get_in_addr(nla) != nh->fib_nh_gw4) |
| 737 | + gw != nh->fib_nh_gw4) |
| 738 | return 1; |
| 739 | } else if (nlav) { |
| 740 | struct fib_config cfg2; |
| 741 | - int err; |
| 742 | |
| 743 | err = fib_gw_from_via(&cfg2, nlav, extack); |
| 744 | if (err) |
| 745 | @@ -932,8 +963,14 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi, |
| 746 | |
| 747 | #ifdef CONFIG_IP_ROUTE_CLASSID |
| 748 | nla = nla_find(attrs, attrlen, RTA_FLOW); |
| 749 | - if (nla && nla_get_u32(nla) != nh->nh_tclassid) |
| 750 | - return 1; |
| 751 | + if (nla) { |
| 752 | + if (nla_len(nla) < sizeof(u32)) { |
| 753 | + NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW"); |
| 754 | + return -EINVAL; |
| 755 | + } |
| 756 | + if (nla_get_u32(nla) != nh->nh_tclassid) |
| 757 | + return 1; |
| 758 | + } |
| 759 | #endif |
| 760 | } |
| 761 | |
| 762 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c |
| 763 | index a0016f05c4f86..3cdf011a8dd8d 100644 |
| 764 | --- a/net/ipv4/udp.c |
| 765 | +++ b/net/ipv4/udp.c |
| 766 | @@ -2943,7 +2943,7 @@ int udp4_seq_show(struct seq_file *seq, void *v) |
| 767 | { |
| 768 | seq_setwidth(seq, 127); |
| 769 | if (v == SEQ_START_TOKEN) |
| 770 | - seq_puts(seq, " sl local_address rem_address st tx_queue " |
| 771 | + seq_puts(seq, " sl local_address rem_address st tx_queue " |
| 772 | "rx_queue tr tm->when retrnsmt uid timeout " |
| 773 | "inode ref pointer drops"); |
| 774 | else { |
| 775 | diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c |
| 776 | index 12ab6605d9617..8b44d3b53844e 100644 |
| 777 | --- a/net/ipv6/ip6_vti.c |
| 778 | +++ b/net/ipv6/ip6_vti.c |
| 779 | @@ -795,6 +795,8 @@ vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
| 780 | struct net *net = dev_net(dev); |
| 781 | struct vti6_net *ip6n = net_generic(net, vti6_net_id); |
| 782 | |
| 783 | + memset(&p1, 0, sizeof(p1)); |
| 784 | + |
| 785 | switch (cmd) { |
| 786 | case SIOCGETTUNNEL: |
| 787 | if (dev == ip6n->fb_tnl_dev) { |
| 788 | diff --git a/net/ipv6/route.c b/net/ipv6/route.c |
| 789 | index f36db3dd97346..5ef6e27e026e9 100644 |
| 790 | --- a/net/ipv6/route.c |
| 791 | +++ b/net/ipv6/route.c |
| 792 | @@ -5092,6 +5092,19 @@ static void ip6_route_mpath_notify(struct fib6_info *rt, |
| 793 | inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags); |
| 794 | } |
| 795 | |
| 796 | +static int fib6_gw_from_attr(struct in6_addr *gw, struct nlattr *nla, |
| 797 | + struct netlink_ext_ack *extack) |
| 798 | +{ |
| 799 | + if (nla_len(nla) < sizeof(*gw)) { |
| 800 | + NL_SET_ERR_MSG(extack, "Invalid IPv6 address in RTA_GATEWAY"); |
| 801 | + return -EINVAL; |
| 802 | + } |
| 803 | + |
| 804 | + *gw = nla_get_in6_addr(nla); |
| 805 | + |
| 806 | + return 0; |
| 807 | +} |
| 808 | + |
| 809 | static int ip6_route_multipath_add(struct fib6_config *cfg, |
| 810 | struct netlink_ext_ack *extack) |
| 811 | { |
| 812 | @@ -5133,10 +5146,18 @@ static int ip6_route_multipath_add(struct fib6_config *cfg, |
| 813 | |
| 814 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); |
| 815 | if (nla) { |
| 816 | - r_cfg.fc_gateway = nla_get_in6_addr(nla); |
| 817 | + err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla, |
| 818 | + extack); |
| 819 | + if (err) |
| 820 | + goto cleanup; |
| 821 | + |
| 822 | r_cfg.fc_flags |= RTF_GATEWAY; |
| 823 | } |
| 824 | r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP); |
| 825 | + |
| 826 | + /* RTA_ENCAP_TYPE length checked in |
| 827 | + * lwtunnel_valid_encap_type_attr |
| 828 | + */ |
| 829 | nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); |
| 830 | if (nla) |
| 831 | r_cfg.fc_encap_type = nla_get_u16(nla); |
| 832 | @@ -5288,7 +5309,13 @@ static int ip6_route_multipath_del(struct fib6_config *cfg, |
| 833 | |
| 834 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); |
| 835 | if (nla) { |
| 836 | - nla_memcpy(&r_cfg.fc_gateway, nla, 16); |
| 837 | + err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla, |
| 838 | + extack); |
| 839 | + if (err) { |
| 840 | + last_err = err; |
| 841 | + goto next_rtnh; |
| 842 | + } |
| 843 | + |
| 844 | r_cfg.fc_flags |= RTF_GATEWAY; |
| 845 | } |
| 846 | } |
| 847 | @@ -5296,6 +5323,7 @@ static int ip6_route_multipath_del(struct fib6_config *cfg, |
| 848 | if (err) |
| 849 | last_err = err; |
| 850 | |
| 851 | +next_rtnh: |
| 852 | rtnh = rtnh_next(rtnh, &remaining); |
| 853 | } |
| 854 | |
| 855 | diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c |
| 856 | index 5c727af01143f..ad00f31e20023 100644 |
| 857 | --- a/net/mac80211/mlme.c |
| 858 | +++ b/net/mac80211/mlme.c |
| 859 | @@ -4953,7 +4953,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, |
| 860 | */ |
| 861 | if (new_sta) { |
| 862 | u32 rates = 0, basic_rates = 0; |
| 863 | - bool have_higher_than_11mbit; |
| 864 | + bool have_higher_than_11mbit = false; |
| 865 | int min_rate = INT_MAX, min_rate_index = -1; |
| 866 | const struct cfg80211_bss_ies *ies; |
| 867 | int shift = ieee80211_vif_get_shift(&sdata->vif); |
| 868 | diff --git a/net/phonet/pep.c b/net/phonet/pep.c |
| 869 | index a07e13f63332c..0c5d0f7b8b4bb 100644 |
| 870 | --- a/net/phonet/pep.c |
| 871 | +++ b/net/phonet/pep.c |
| 872 | @@ -868,6 +868,7 @@ static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp, |
| 873 | |
| 874 | err = pep_accept_conn(newsk, skb); |
| 875 | if (err) { |
| 876 | + __sock_put(sk); |
| 877 | sock_put(newsk); |
| 878 | newsk = NULL; |
| 879 | goto drop; |
| 880 | diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c |
| 881 | index b046fd3cac2cf..1eb339d224ae5 100644 |
| 882 | --- a/net/sched/sch_qfq.c |
| 883 | +++ b/net/sched/sch_qfq.c |
| 884 | @@ -1421,10 +1421,8 @@ static int qfq_init_qdisc(struct Qdisc *sch, struct nlattr *opt, |
| 885 | if (err < 0) |
| 886 | return err; |
| 887 | |
| 888 | - if (qdisc_dev(sch)->tx_queue_len + 1 > QFQ_MAX_AGG_CLASSES) |
| 889 | - max_classes = QFQ_MAX_AGG_CLASSES; |
| 890 | - else |
| 891 | - max_classes = qdisc_dev(sch)->tx_queue_len + 1; |
| 892 | + max_classes = min_t(u64, (u64)qdisc_dev(sch)->tx_queue_len + 1, |
| 893 | + QFQ_MAX_AGG_CLASSES); |
| 894 | /* max_cl_shift = floor(log_2(max_classes)) */ |
| 895 | max_cl_shift = __fls(max_classes); |
| 896 | q->max_agg_classes = 1<<max_cl_shift; |
| 897 | diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c |
| 898 | index a4f4d4cf22c3b..d0752a0a8f362 100644 |
| 899 | --- a/tools/testing/selftests/x86/test_vsyscall.c |
| 900 | +++ b/tools/testing/selftests/x86/test_vsyscall.c |
| 901 | @@ -480,7 +480,7 @@ static int test_process_vm_readv(void) |
| 902 | } |
| 903 | |
| 904 | if (vsyscall_map_r) { |
| 905 | - if (!memcmp(buf, (const void *)0xffffffffff600000, 4096)) { |
| 906 | + if (!memcmp(buf, remote.iov_base, sizeof(buf))) { |
| 907 | printf("[OK]\tIt worked and read correct data\n"); |
| 908 | } else { |
| 909 | printf("[FAIL]\tIt worked but returned incorrect data\n"); |