Annotation of /trunk/kernel-alx/patches-5.4/0270-5.4.171-all-fixes.patch
Parent Directory | Revision Log
Revision 3635 -
(hide annotations)
(download)
Mon Oct 24 12:34:12 2022 UTC (19 months, 1 week ago) by niro
File size: 31290 byte(s)
Mon Oct 24 12:34:12 2022 UTC (19 months, 1 week ago) by niro
File size: 31290 byte(s)
-sync kernel patches
1 | niro | 3635 | diff --git a/Makefile b/Makefile |
2 | index 7380354e49513..062052f71a976 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,7 +1,7 @@ | ||
6 | # SPDX-License-Identifier: GPL-2.0 | ||
7 | VERSION = 5 | ||
8 | PATCHLEVEL = 4 | ||
9 | -SUBLEVEL = 170 | ||
10 | +SUBLEVEL = 171 | ||
11 | EXTRAVERSION = | ||
12 | NAME = Kleptomaniac Octopus | ||
13 | |||
14 | diff --git a/drivers/infiniband/core/uverbs_marshall.c b/drivers/infiniband/core/uverbs_marshall.c | ||
15 | index b8d715c68ca44..11a0806469162 100644 | ||
16 | --- a/drivers/infiniband/core/uverbs_marshall.c | ||
17 | +++ b/drivers/infiniband/core/uverbs_marshall.c | ||
18 | @@ -66,7 +66,7 @@ void ib_copy_ah_attr_to_user(struct ib_device *device, | ||
19 | struct rdma_ah_attr *src = ah_attr; | ||
20 | struct rdma_ah_attr conv_ah; | ||
21 | |||
22 | - memset(&dst->grh.reserved, 0, sizeof(dst->grh.reserved)); | ||
23 | + memset(&dst->grh, 0, sizeof(dst->grh)); | ||
24 | |||
25 | if ((ah_attr->type == RDMA_AH_ATTR_TYPE_OPA) && | ||
26 | (rdma_ah_get_dlid(ah_attr) > be16_to_cpu(IB_LID_PERMISSIVE)) && | ||
27 | diff --git a/drivers/infiniband/core/uverbs_uapi.c b/drivers/infiniband/core/uverbs_uapi.c | ||
28 | index 00c5478871322..818699b855c5c 100644 | ||
29 | --- a/drivers/infiniband/core/uverbs_uapi.c | ||
30 | +++ b/drivers/infiniband/core/uverbs_uapi.c | ||
31 | @@ -450,6 +450,9 @@ static int uapi_finalize(struct uverbs_api *uapi) | ||
32 | uapi->num_write_ex = max_write_ex + 1; | ||
33 | data = kmalloc_array(uapi->num_write + uapi->num_write_ex, | ||
34 | sizeof(*uapi->write_methods), GFP_KERNEL); | ||
35 | + if (!data) | ||
36 | + return -ENOMEM; | ||
37 | + | ||
38 | for (i = 0; i != uapi->num_write + uapi->num_write_ex; i++) | ||
39 | data[i] = &uapi->notsupp_method; | ||
40 | uapi->write_methods = data; | ||
41 | diff --git a/drivers/input/touchscreen/of_touchscreen.c b/drivers/input/touchscreen/of_touchscreen.c | ||
42 | index 2962c3747adc3..ed5fbcb40e3f0 100644 | ||
43 | --- a/drivers/input/touchscreen/of_touchscreen.c | ||
44 | +++ b/drivers/input/touchscreen/of_touchscreen.c | ||
45 | @@ -77,8 +77,8 @@ void touchscreen_parse_properties(struct input_dev *input, bool multitouch, | ||
46 | axis = multitouch ? ABS_MT_POSITION_X : ABS_X; | ||
47 | data_present = touchscreen_get_prop_u32(dev, "touchscreen-min-x", | ||
48 | input_abs_get_min(input, axis), | ||
49 | - &minimum) | | ||
50 | - touchscreen_get_prop_u32(dev, "touchscreen-size-x", | ||
51 | + &minimum); | ||
52 | + data_present |= touchscreen_get_prop_u32(dev, "touchscreen-size-x", | ||
53 | input_abs_get_max(input, | ||
54 | axis) + 1, | ||
55 | &maximum); | ||
56 | @@ -91,8 +91,8 @@ void touchscreen_parse_properties(struct input_dev *input, bool multitouch, | ||
57 | axis = multitouch ? ABS_MT_POSITION_Y : ABS_Y; | ||
58 | data_present = touchscreen_get_prop_u32(dev, "touchscreen-min-y", | ||
59 | input_abs_get_min(input, axis), | ||
60 | - &minimum) | | ||
61 | - touchscreen_get_prop_u32(dev, "touchscreen-size-y", | ||
62 | + &minimum); | ||
63 | + data_present |= touchscreen_get_prop_u32(dev, "touchscreen-size-y", | ||
64 | input_abs_get_max(input, | ||
65 | axis) + 1, | ||
66 | &maximum); | ||
67 | diff --git a/drivers/isdn/mISDN/core.c b/drivers/isdn/mISDN/core.c | ||
68 | index 55891e4204460..a41b4b2645941 100644 | ||
69 | --- a/drivers/isdn/mISDN/core.c | ||
70 | +++ b/drivers/isdn/mISDN/core.c | ||
71 | @@ -381,7 +381,7 @@ mISDNInit(void) | ||
72 | err = mISDN_inittimer(&debug); | ||
73 | if (err) | ||
74 | goto error2; | ||
75 | - err = l1_init(&debug); | ||
76 | + err = Isdnl1_Init(&debug); | ||
77 | if (err) | ||
78 | goto error3; | ||
79 | err = Isdnl2_Init(&debug); | ||
80 | @@ -395,7 +395,7 @@ mISDNInit(void) | ||
81 | error5: | ||
82 | Isdnl2_cleanup(); | ||
83 | error4: | ||
84 | - l1_cleanup(); | ||
85 | + Isdnl1_cleanup(); | ||
86 | error3: | ||
87 | mISDN_timer_cleanup(); | ||
88 | error2: | ||
89 | @@ -408,7 +408,7 @@ static void mISDN_cleanup(void) | ||
90 | { | ||
91 | misdn_sock_cleanup(); | ||
92 | Isdnl2_cleanup(); | ||
93 | - l1_cleanup(); | ||
94 | + Isdnl1_cleanup(); | ||
95 | mISDN_timer_cleanup(); | ||
96 | class_unregister(&mISDN_class); | ||
97 | |||
98 | diff --git a/drivers/isdn/mISDN/core.h b/drivers/isdn/mISDN/core.h | ||
99 | index 23b44d3033279..42599f49c189d 100644 | ||
100 | --- a/drivers/isdn/mISDN/core.h | ||
101 | +++ b/drivers/isdn/mISDN/core.h | ||
102 | @@ -60,8 +60,8 @@ struct Bprotocol *get_Bprotocol4id(u_int); | ||
103 | extern int mISDN_inittimer(u_int *); | ||
104 | extern void mISDN_timer_cleanup(void); | ||
105 | |||
106 | -extern int l1_init(u_int *); | ||
107 | -extern void l1_cleanup(void); | ||
108 | +extern int Isdnl1_Init(u_int *); | ||
109 | +extern void Isdnl1_cleanup(void); | ||
110 | extern int Isdnl2_Init(u_int *); | ||
111 | extern void Isdnl2_cleanup(void); | ||
112 | |||
113 | diff --git a/drivers/isdn/mISDN/layer1.c b/drivers/isdn/mISDN/layer1.c | ||
114 | index 98a3bc6c17009..7b31c25a550e3 100644 | ||
115 | --- a/drivers/isdn/mISDN/layer1.c | ||
116 | +++ b/drivers/isdn/mISDN/layer1.c | ||
117 | @@ -398,7 +398,7 @@ create_l1(struct dchannel *dch, dchannel_l1callback *dcb) { | ||
118 | EXPORT_SYMBOL(create_l1); | ||
119 | |||
120 | int | ||
121 | -l1_init(u_int *deb) | ||
122 | +Isdnl1_Init(u_int *deb) | ||
123 | { | ||
124 | debug = deb; | ||
125 | l1fsm_s.state_count = L1S_STATE_COUNT; | ||
126 | @@ -409,7 +409,7 @@ l1_init(u_int *deb) | ||
127 | } | ||
128 | |||
129 | void | ||
130 | -l1_cleanup(void) | ||
131 | +Isdnl1_cleanup(void) | ||
132 | { | ||
133 | mISDN_FsmFree(&l1fsm_s); | ||
134 | } | ||
135 | diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c | ||
136 | index 03821b46a8cb4..4c22f119ac62f 100644 | ||
137 | --- a/drivers/net/ethernet/aquantia/atlantic/aq_ring.c | ||
138 | +++ b/drivers/net/ethernet/aquantia/atlantic/aq_ring.c | ||
139 | @@ -305,6 +305,10 @@ int aq_ring_rx_clean(struct aq_ring_s *self, | ||
140 | if (!buff->is_eop) { | ||
141 | buff_ = buff; | ||
142 | do { | ||
143 | + if (buff_->next >= self->size) { | ||
144 | + err = -EIO; | ||
145 | + goto err_exit; | ||
146 | + } | ||
147 | next_ = buff_->next, | ||
148 | buff_ = &self->buff_ring[next_]; | ||
149 | is_rsc_completed = | ||
150 | @@ -327,6 +331,10 @@ int aq_ring_rx_clean(struct aq_ring_s *self, | ||
151 | if (buff->is_error || buff->is_cso_err) { | ||
152 | buff_ = buff; | ||
153 | do { | ||
154 | + if (buff_->next >= self->size) { | ||
155 | + err = -EIO; | ||
156 | + goto err_exit; | ||
157 | + } | ||
158 | next_ = buff_->next, | ||
159 | buff_ = &self->buff_ring[next_]; | ||
160 | |||
161 | diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c | ||
162 | index ce237da003ddb..a2326683be170 100644 | ||
163 | --- a/drivers/net/ethernet/intel/i40e/i40e_main.c | ||
164 | +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c | ||
165 | @@ -107,6 +107,24 @@ MODULE_VERSION(DRV_VERSION); | ||
166 | |||
167 | static struct workqueue_struct *i40e_wq; | ||
168 | |||
169 | +static void netdev_hw_addr_refcnt(struct i40e_mac_filter *f, | ||
170 | + struct net_device *netdev, int delta) | ||
171 | +{ | ||
172 | + struct netdev_hw_addr *ha; | ||
173 | + | ||
174 | + if (!f || !netdev) | ||
175 | + return; | ||
176 | + | ||
177 | + netdev_for_each_mc_addr(ha, netdev) { | ||
178 | + if (ether_addr_equal(ha->addr, f->macaddr)) { | ||
179 | + ha->refcount += delta; | ||
180 | + if (ha->refcount <= 0) | ||
181 | + ha->refcount = 1; | ||
182 | + break; | ||
183 | + } | ||
184 | + } | ||
185 | +} | ||
186 | + | ||
187 | /** | ||
188 | * i40e_allocate_dma_mem_d - OS specific memory alloc for shared code | ||
189 | * @hw: pointer to the HW structure | ||
190 | @@ -2022,6 +2040,7 @@ static void i40e_undo_add_filter_entries(struct i40e_vsi *vsi, | ||
191 | hlist_for_each_entry_safe(new, h, from, hlist) { | ||
192 | /* We can simply free the wrapper structure */ | ||
193 | hlist_del(&new->hlist); | ||
194 | + netdev_hw_addr_refcnt(new->f, vsi->netdev, -1); | ||
195 | kfree(new); | ||
196 | } | ||
197 | } | ||
198 | @@ -2369,6 +2388,10 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi) | ||
199 | &tmp_add_list, | ||
200 | &tmp_del_list, | ||
201 | vlan_filters); | ||
202 | + | ||
203 | + hlist_for_each_entry(new, &tmp_add_list, hlist) | ||
204 | + netdev_hw_addr_refcnt(new->f, vsi->netdev, 1); | ||
205 | + | ||
206 | if (retval) | ||
207 | goto err_no_memory_locked; | ||
208 | |||
209 | @@ -2501,6 +2524,7 @@ int i40e_sync_vsi_filters(struct i40e_vsi *vsi) | ||
210 | if (new->f->state == I40E_FILTER_NEW) | ||
211 | new->f->state = new->state; | ||
212 | hlist_del(&new->hlist); | ||
213 | + netdev_hw_addr_refcnt(new->f, vsi->netdev, -1); | ||
214 | kfree(new); | ||
215 | } | ||
216 | spin_unlock_bh(&vsi->mac_filter_hash_lock); | ||
217 | @@ -8302,6 +8326,27 @@ int i40e_open(struct net_device *netdev) | ||
218 | return 0; | ||
219 | } | ||
220 | |||
221 | +/** | ||
222 | + * i40e_netif_set_realnum_tx_rx_queues - Update number of tx/rx queues | ||
223 | + * @vsi: vsi structure | ||
224 | + * | ||
225 | + * This updates netdev's number of tx/rx queues | ||
226 | + * | ||
227 | + * Returns status of setting tx/rx queues | ||
228 | + **/ | ||
229 | +static int i40e_netif_set_realnum_tx_rx_queues(struct i40e_vsi *vsi) | ||
230 | +{ | ||
231 | + int ret; | ||
232 | + | ||
233 | + ret = netif_set_real_num_rx_queues(vsi->netdev, | ||
234 | + vsi->num_queue_pairs); | ||
235 | + if (ret) | ||
236 | + return ret; | ||
237 | + | ||
238 | + return netif_set_real_num_tx_queues(vsi->netdev, | ||
239 | + vsi->num_queue_pairs); | ||
240 | +} | ||
241 | + | ||
242 | /** | ||
243 | * i40e_vsi_open - | ||
244 | * @vsi: the VSI to open | ||
245 | @@ -8338,13 +8383,7 @@ int i40e_vsi_open(struct i40e_vsi *vsi) | ||
246 | goto err_setup_rx; | ||
247 | |||
248 | /* Notify the stack of the actual queue counts. */ | ||
249 | - err = netif_set_real_num_tx_queues(vsi->netdev, | ||
250 | - vsi->num_queue_pairs); | ||
251 | - if (err) | ||
252 | - goto err_set_queues; | ||
253 | - | ||
254 | - err = netif_set_real_num_rx_queues(vsi->netdev, | ||
255 | - vsi->num_queue_pairs); | ||
256 | + err = i40e_netif_set_realnum_tx_rx_queues(vsi); | ||
257 | if (err) | ||
258 | goto err_set_queues; | ||
259 | |||
260 | @@ -13766,6 +13805,9 @@ struct i40e_vsi *i40e_vsi_setup(struct i40e_pf *pf, u8 type, | ||
261 | case I40E_VSI_MAIN: | ||
262 | case I40E_VSI_VMDQ2: | ||
263 | ret = i40e_config_netdev(vsi); | ||
264 | + if (ret) | ||
265 | + goto err_netdev; | ||
266 | + ret = i40e_netif_set_realnum_tx_rx_queues(vsi); | ||
267 | if (ret) | ||
268 | goto err_netdev; | ||
269 | ret = register_netdev(vsi->netdev); | ||
270 | @@ -15012,8 +15054,8 @@ static int i40e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) | ||
271 | |||
272 | if (hw->aq.api_maj_ver == I40E_FW_API_VERSION_MAJOR && | ||
273 | hw->aq.api_min_ver > I40E_FW_MINOR_VERSION(hw)) | ||
274 | - dev_info(&pdev->dev, | ||
275 | - "The driver for the device detected a newer version of the NVM image v%u.%u than expected v%u.%u. Please install the most recent version of the network driver.\n", | ||
276 | + dev_dbg(&pdev->dev, | ||
277 | + "The driver for the device detected a newer version of the NVM image v%u.%u than v%u.%u.\n", | ||
278 | hw->aq.api_maj_ver, | ||
279 | hw->aq.api_min_ver, | ||
280 | I40E_FW_API_VERSION_MAJOR, | ||
281 | diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c | ||
282 | index 449eb06e2c7da..309e953ed1e44 100644 | ||
283 | --- a/drivers/net/ethernet/intel/iavf/iavf_main.c | ||
284 | +++ b/drivers/net/ethernet/intel/iavf/iavf_main.c | ||
285 | @@ -2604,8 +2604,11 @@ static int iavf_validate_ch_config(struct iavf_adapter *adapter, | ||
286 | total_max_rate += tx_rate; | ||
287 | num_qps += mqprio_qopt->qopt.count[i]; | ||
288 | } | ||
289 | - if (num_qps > IAVF_MAX_REQ_QUEUES) | ||
290 | + if (num_qps > adapter->num_active_queues) { | ||
291 | + dev_err(&adapter->pdev->dev, | ||
292 | + "Cannot support requested number of queues\n"); | ||
293 | return -EINVAL; | ||
294 | + } | ||
295 | |||
296 | ret = iavf_validate_tx_bandwidth(adapter, total_max_rate); | ||
297 | return ret; | ||
298 | diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c | ||
299 | index 23ee0b14cbfa1..2f5e7b31032aa 100644 | ||
300 | --- a/drivers/net/ieee802154/atusb.c | ||
301 | +++ b/drivers/net/ieee802154/atusb.c | ||
302 | @@ -93,7 +93,9 @@ static int atusb_control_msg(struct atusb *atusb, unsigned int pipe, | ||
303 | |||
304 | ret = usb_control_msg(usb_dev, pipe, request, requesttype, | ||
305 | value, index, data, size, timeout); | ||
306 | - if (ret < 0) { | ||
307 | + if (ret < size) { | ||
308 | + ret = ret < 0 ? ret : -ENODATA; | ||
309 | + | ||
310 | atusb->err = ret; | ||
311 | dev_err(&usb_dev->dev, | ||
312 | "%s: req 0x%02x val 0x%x idx 0x%x, error %d\n", | ||
313 | @@ -861,9 +863,9 @@ static int atusb_get_and_show_build(struct atusb *atusb) | ||
314 | if (!build) | ||
315 | return -ENOMEM; | ||
316 | |||
317 | - ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0), | ||
318 | - ATUSB_BUILD, ATUSB_REQ_FROM_DEV, 0, 0, | ||
319 | - build, ATUSB_BUILD_SIZE, 1000); | ||
320 | + /* We cannot call atusb_control_msg() here, since this request may read various length data */ | ||
321 | + ret = usb_control_msg(atusb->usb_dev, usb_rcvctrlpipe(usb_dev, 0), ATUSB_BUILD, | ||
322 | + ATUSB_REQ_FROM_DEV, 0, 0, build, ATUSB_BUILD_SIZE, 1000); | ||
323 | if (ret >= 0) { | ||
324 | build[ret] = 0; | ||
325 | dev_info(&usb_dev->dev, "Firmware: build %s\n", build); | ||
326 | diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c | ||
327 | index 0b61d80ea3f8c..18cc5e4280e83 100644 | ||
328 | --- a/drivers/net/phy/micrel.c | ||
329 | +++ b/drivers/net/phy/micrel.c | ||
330 | @@ -1096,6 +1096,7 @@ static struct phy_driver ksphy_driver[] = { | ||
331 | .probe = kszphy_probe, | ||
332 | .config_init = ksz8081_config_init, | ||
333 | .ack_interrupt = kszphy_ack_interrupt, | ||
334 | + .soft_reset = genphy_soft_reset, | ||
335 | .config_intr = kszphy_config_intr, | ||
336 | .get_sset_count = kszphy_get_sset_count, | ||
337 | .get_strings = kszphy_get_strings, | ||
338 | diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c | ||
339 | index f9b359d4e2939..1505fe3f87ed3 100644 | ||
340 | --- a/drivers/net/usb/rndis_host.c | ||
341 | +++ b/drivers/net/usb/rndis_host.c | ||
342 | @@ -608,6 +608,11 @@ static const struct usb_device_id products [] = { | ||
343 | USB_DEVICE_AND_INTERFACE_INFO(0x1630, 0x0042, | ||
344 | USB_CLASS_COMM, 2 /* ACM */, 0x0ff), | ||
345 | .driver_info = (unsigned long) &rndis_poll_status_info, | ||
346 | +}, { | ||
347 | + /* Hytera Communications DMR radios' "Radio to PC Network" */ | ||
348 | + USB_VENDOR_AND_INTERFACE_INFO(0x238b, | ||
349 | + USB_CLASS_COMM, 2 /* ACM */, 0x0ff), | ||
350 | + .driver_info = (unsigned long)&rndis_info, | ||
351 | }, { | ||
352 | /* RNDIS is MSFT's un-official variant of CDC ACM */ | ||
353 | USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff), | ||
354 | diff --git a/drivers/power/reset/ltc2952-poweroff.c b/drivers/power/reset/ltc2952-poweroff.c | ||
355 | index e4a0cc45b3d11..ec613bcc0a302 100644 | ||
356 | --- a/drivers/power/reset/ltc2952-poweroff.c | ||
357 | +++ b/drivers/power/reset/ltc2952-poweroff.c | ||
358 | @@ -160,8 +160,8 @@ static void ltc2952_poweroff_kill(void) | ||
359 | |||
360 | static void ltc2952_poweroff_default(struct ltc2952_poweroff *data) | ||
361 | { | ||
362 | - data->wde_interval = 300L * 1E6L; | ||
363 | - data->trigger_delay = ktime_set(2, 500L*1E6L); | ||
364 | + data->wde_interval = 300L * NSEC_PER_MSEC; | ||
365 | + data->trigger_delay = ktime_set(2, 500L * NSEC_PER_MSEC); | ||
366 | |||
367 | hrtimer_init(&data->timer_trigger, CLOCK_MONOTONIC, HRTIMER_MODE_REL); | ||
368 | data->timer_trigger.function = ltc2952_poweroff_timer_trigger; | ||
369 | diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c | ||
370 | index 5c36c430ce8b6..a2f56a68c50d6 100644 | ||
371 | --- a/drivers/power/supply/power_supply_core.c | ||
372 | +++ b/drivers/power/supply/power_supply_core.c | ||
373 | @@ -742,6 +742,10 @@ power_supply_find_ocv2cap_table(struct power_supply_battery_info *info, | ||
374 | return NULL; | ||
375 | |||
376 | for (i = 0; i < POWER_SUPPLY_OCV_TEMP_MAX; i++) { | ||
377 | + /* Out of capacity tables */ | ||
378 | + if (!info->ocv_table[i]) | ||
379 | + break; | ||
380 | + | ||
381 | temp_diff = abs(info->ocv_temp[i] - temp); | ||
382 | |||
383 | if (temp_diff < best_temp_diff) { | ||
384 | diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c | ||
385 | index eeba6180711cd..f3cee64c6d12f 100644 | ||
386 | --- a/drivers/scsi/libiscsi.c | ||
387 | +++ b/drivers/scsi/libiscsi.c | ||
388 | @@ -2948,6 +2948,8 @@ void iscsi_conn_teardown(struct iscsi_cls_conn *cls_conn) | ||
389 | { | ||
390 | struct iscsi_conn *conn = cls_conn->dd_data; | ||
391 | struct iscsi_session *session = conn->session; | ||
392 | + char *tmp_persistent_address = conn->persistent_address; | ||
393 | + char *tmp_local_ipaddr = conn->local_ipaddr; | ||
394 | |||
395 | del_timer_sync(&conn->transport_timer); | ||
396 | |||
397 | @@ -2969,8 +2971,6 @@ void iscsi_conn_teardown(struct iscsi_cls_conn *cls_conn) | ||
398 | spin_lock_bh(&session->frwd_lock); | ||
399 | free_pages((unsigned long) conn->data, | ||
400 | get_order(ISCSI_DEF_MAX_RECV_SEG_LEN)); | ||
401 | - kfree(conn->persistent_address); | ||
402 | - kfree(conn->local_ipaddr); | ||
403 | /* regular RX path uses back_lock */ | ||
404 | spin_lock_bh(&session->back_lock); | ||
405 | kfifo_in(&session->cmdpool.queue, (void*)&conn->login_task, | ||
406 | @@ -2982,6 +2982,8 @@ void iscsi_conn_teardown(struct iscsi_cls_conn *cls_conn) | ||
407 | mutex_unlock(&session->eh_mutex); | ||
408 | |||
409 | iscsi_destroy_conn(cls_conn); | ||
410 | + kfree(tmp_persistent_address); | ||
411 | + kfree(tmp_local_ipaddr); | ||
412 | } | ||
413 | EXPORT_SYMBOL_GPL(iscsi_conn_teardown); | ||
414 | |||
415 | diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c | ||
416 | index 253c8b71d3c49..061da9b82b967 100644 | ||
417 | --- a/drivers/usb/mtu3/mtu3_gadget.c | ||
418 | +++ b/drivers/usb/mtu3/mtu3_gadget.c | ||
419 | @@ -85,7 +85,7 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) | ||
420 | if (usb_endpoint_xfer_int(desc) || | ||
421 | usb_endpoint_xfer_isoc(desc)) { | ||
422 | interval = desc->bInterval; | ||
423 | - interval = clamp_val(interval, 1, 16) - 1; | ||
424 | + interval = clamp_val(interval, 1, 16); | ||
425 | if (usb_endpoint_xfer_isoc(desc) && comp_desc) | ||
426 | mult = comp_desc->bmAttributes; | ||
427 | } | ||
428 | @@ -97,7 +97,7 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) | ||
429 | if (usb_endpoint_xfer_isoc(desc) || | ||
430 | usb_endpoint_xfer_int(desc)) { | ||
431 | interval = desc->bInterval; | ||
432 | - interval = clamp_val(interval, 1, 16) - 1; | ||
433 | + interval = clamp_val(interval, 1, 16); | ||
434 | mult = usb_endpoint_maxp_mult(desc) - 1; | ||
435 | } | ||
436 | break; | ||
437 | diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c | ||
438 | index f7d27cbbeb860..03dce3980d90a 100644 | ||
439 | --- a/fs/f2fs/checkpoint.c | ||
440 | +++ b/fs/f2fs/checkpoint.c | ||
441 | @@ -1144,7 +1144,8 @@ static bool __need_flush_quota(struct f2fs_sb_info *sbi) | ||
442 | if (!is_journalled_quota(sbi)) | ||
443 | return false; | ||
444 | |||
445 | - down_write(&sbi->quota_sem); | ||
446 | + if (!down_write_trylock(&sbi->quota_sem)) | ||
447 | + return true; | ||
448 | if (is_sbi_flag_set(sbi, SBI_QUOTA_SKIP_FLUSH)) { | ||
449 | ret = false; | ||
450 | } else if (is_sbi_flag_set(sbi, SBI_QUOTA_NEED_REPAIR)) { | ||
451 | diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c | ||
452 | index b3021d9b34a5e..7b7a009425e21 100644 | ||
453 | --- a/fs/xfs/xfs_ioctl.c | ||
454 | +++ b/fs/xfs/xfs_ioctl.c | ||
455 | @@ -714,7 +714,8 @@ xfs_ioc_space( | ||
456 | flags |= XFS_PREALLOC_CLEAR; | ||
457 | if (bf->l_start > XFS_ISIZE(ip)) { | ||
458 | error = xfs_alloc_file_space(ip, XFS_ISIZE(ip), | ||
459 | - bf->l_start - XFS_ISIZE(ip), 0); | ||
460 | + bf->l_start - XFS_ISIZE(ip), | ||
461 | + XFS_BMAPI_PREALLOC); | ||
462 | if (error) | ||
463 | goto out_unlock; | ||
464 | } | ||
465 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c | ||
466 | index 5240ba9a82db8..54f5b2f080f53 100644 | ||
467 | --- a/kernel/trace/trace.c | ||
468 | +++ b/kernel/trace/trace.c | ||
469 | @@ -3007,7 +3007,7 @@ struct trace_buffer_struct { | ||
470 | char buffer[4][TRACE_BUF_SIZE]; | ||
471 | }; | ||
472 | |||
473 | -static struct trace_buffer_struct *trace_percpu_buffer; | ||
474 | +static struct trace_buffer_struct __percpu *trace_percpu_buffer; | ||
475 | |||
476 | /* | ||
477 | * Thise allows for lockless recording. If we're nested too deeply, then | ||
478 | @@ -3017,7 +3017,7 @@ static char *get_trace_buf(void) | ||
479 | { | ||
480 | struct trace_buffer_struct *buffer = this_cpu_ptr(trace_percpu_buffer); | ||
481 | |||
482 | - if (!buffer || buffer->nesting >= 4) | ||
483 | + if (!trace_percpu_buffer || buffer->nesting >= 4) | ||
484 | return NULL; | ||
485 | |||
486 | buffer->nesting++; | ||
487 | @@ -3036,7 +3036,7 @@ static void put_trace_buf(void) | ||
488 | |||
489 | static int alloc_percpu_trace_buffer(void) | ||
490 | { | ||
491 | - struct trace_buffer_struct *buffers; | ||
492 | + struct trace_buffer_struct __percpu *buffers; | ||
493 | |||
494 | buffers = alloc_percpu(struct trace_buffer_struct); | ||
495 | if (WARN(!buffers, "Could not allocate percpu trace_printk buffer")) | ||
496 | diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c | ||
497 | index f5bf931252c4b..09d81f9c2a649 100644 | ||
498 | --- a/net/batman-adv/multicast.c | ||
499 | +++ b/net/batman-adv/multicast.c | ||
500 | @@ -1373,6 +1373,7 @@ batadv_mcast_forw_rtr_node_get(struct batadv_priv *bat_priv, | ||
501 | * @bat_priv: the bat priv with all the soft interface information | ||
502 | * @skb: The multicast packet to check | ||
503 | * @orig: an originator to be set to forward the skb to | ||
504 | + * @is_routable: stores whether the destination is routable | ||
505 | * | ||
506 | * Return: the forwarding mode as enum batadv_forw_mode and in case of | ||
507 | * BATADV_FORW_SINGLE set the orig to the single originator the skb | ||
508 | @@ -1380,17 +1381,16 @@ batadv_mcast_forw_rtr_node_get(struct batadv_priv *bat_priv, | ||
509 | */ | ||
510 | enum batadv_forw_mode | ||
511 | batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
512 | - struct batadv_orig_node **orig) | ||
513 | + struct batadv_orig_node **orig, int *is_routable) | ||
514 | { | ||
515 | int ret, tt_count, ip_count, unsnoop_count, total_count; | ||
516 | bool is_unsnoopable = false; | ||
517 | unsigned int mcast_fanout; | ||
518 | struct ethhdr *ethhdr; | ||
519 | - int is_routable = 0; | ||
520 | int rtr_count = 0; | ||
521 | |||
522 | ret = batadv_mcast_forw_mode_check(bat_priv, skb, &is_unsnoopable, | ||
523 | - &is_routable); | ||
524 | + is_routable); | ||
525 | if (ret == -ENOMEM) | ||
526 | return BATADV_FORW_NONE; | ||
527 | else if (ret < 0) | ||
528 | @@ -1403,7 +1403,7 @@ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
529 | ip_count = batadv_mcast_forw_want_all_ip_count(bat_priv, ethhdr); | ||
530 | unsnoop_count = !is_unsnoopable ? 0 : | ||
531 | atomic_read(&bat_priv->mcast.num_want_all_unsnoopables); | ||
532 | - rtr_count = batadv_mcast_forw_rtr_count(bat_priv, is_routable); | ||
533 | + rtr_count = batadv_mcast_forw_rtr_count(bat_priv, *is_routable); | ||
534 | |||
535 | total_count = tt_count + ip_count + unsnoop_count + rtr_count; | ||
536 | |||
537 | @@ -1723,6 +1723,7 @@ batadv_mcast_forw_want_rtr(struct batadv_priv *bat_priv, | ||
538 | * @bat_priv: the bat priv with all the soft interface information | ||
539 | * @skb: the multicast packet to transmit | ||
540 | * @vid: the vlan identifier | ||
541 | + * @is_routable: stores whether the destination is routable | ||
542 | * | ||
543 | * Sends copies of a frame with multicast destination to any node that signaled | ||
544 | * interest in it, that is either via the translation table or the according | ||
545 | @@ -1735,7 +1736,7 @@ batadv_mcast_forw_want_rtr(struct batadv_priv *bat_priv, | ||
546 | * is neither IPv4 nor IPv6. NET_XMIT_SUCCESS otherwise. | ||
547 | */ | ||
548 | int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
549 | - unsigned short vid) | ||
550 | + unsigned short vid, int is_routable) | ||
551 | { | ||
552 | int ret; | ||
553 | |||
554 | @@ -1751,12 +1752,16 @@ int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
555 | return ret; | ||
556 | } | ||
557 | |||
558 | + if (!is_routable) | ||
559 | + goto skip_mc_router; | ||
560 | + | ||
561 | ret = batadv_mcast_forw_want_rtr(bat_priv, skb, vid); | ||
562 | if (ret != NET_XMIT_SUCCESS) { | ||
563 | kfree_skb(skb); | ||
564 | return ret; | ||
565 | } | ||
566 | |||
567 | +skip_mc_router: | ||
568 | consume_skb(skb); | ||
569 | return ret; | ||
570 | } | ||
571 | diff --git a/net/batman-adv/multicast.h b/net/batman-adv/multicast.h | ||
572 | index 403929013ac47..fc1ffd22a6715 100644 | ||
573 | --- a/net/batman-adv/multicast.h | ||
574 | +++ b/net/batman-adv/multicast.h | ||
575 | @@ -44,7 +44,8 @@ enum batadv_forw_mode { | ||
576 | |||
577 | enum batadv_forw_mode | ||
578 | batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
579 | - struct batadv_orig_node **mcast_single_orig); | ||
580 | + struct batadv_orig_node **mcast_single_orig, | ||
581 | + int *is_routable); | ||
582 | |||
583 | int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, | ||
584 | struct sk_buff *skb, | ||
585 | @@ -52,7 +53,7 @@ int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, | ||
586 | struct batadv_orig_node *orig_node); | ||
587 | |||
588 | int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
589 | - unsigned short vid); | ||
590 | + unsigned short vid, int is_routable); | ||
591 | |||
592 | void batadv_mcast_init(struct batadv_priv *bat_priv); | ||
593 | |||
594 | @@ -71,7 +72,8 @@ void batadv_mcast_purge_orig(struct batadv_orig_node *orig_node); | ||
595 | |||
596 | static inline enum batadv_forw_mode | ||
597 | batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
598 | - struct batadv_orig_node **mcast_single_orig) | ||
599 | + struct batadv_orig_node **mcast_single_orig, | ||
600 | + int *is_routable) | ||
601 | { | ||
602 | return BATADV_FORW_ALL; | ||
603 | } | ||
604 | @@ -88,7 +90,7 @@ batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, | ||
605 | |||
606 | static inline int | ||
607 | batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, | ||
608 | - unsigned short vid) | ||
609 | + unsigned short vid, int is_routable) | ||
610 | { | ||
611 | kfree_skb(skb); | ||
612 | return NET_XMIT_DROP; | ||
613 | diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c | ||
614 | index 7f209390069ea..504e3cb67bed4 100644 | ||
615 | --- a/net/batman-adv/soft-interface.c | ||
616 | +++ b/net/batman-adv/soft-interface.c | ||
617 | @@ -200,6 +200,7 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, | ||
618 | int gw_mode; | ||
619 | enum batadv_forw_mode forw_mode = BATADV_FORW_SINGLE; | ||
620 | struct batadv_orig_node *mcast_single_orig = NULL; | ||
621 | + int mcast_is_routable = 0; | ||
622 | int network_offset = ETH_HLEN; | ||
623 | __be16 proto; | ||
624 | |||
625 | @@ -302,7 +303,8 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, | ||
626 | send: | ||
627 | if (do_bcast && !is_broadcast_ether_addr(ethhdr->h_dest)) { | ||
628 | forw_mode = batadv_mcast_forw_mode(bat_priv, skb, | ||
629 | - &mcast_single_orig); | ||
630 | + &mcast_single_orig, | ||
631 | + &mcast_is_routable); | ||
632 | if (forw_mode == BATADV_FORW_NONE) | ||
633 | goto dropped; | ||
634 | |||
635 | @@ -367,7 +369,8 @@ send: | ||
636 | ret = batadv_mcast_forw_send_orig(bat_priv, skb, vid, | ||
637 | mcast_single_orig); | ||
638 | } else if (forw_mode == BATADV_FORW_SOME) { | ||
639 | - ret = batadv_mcast_forw_send(bat_priv, skb, vid); | ||
640 | + ret = batadv_mcast_forw_send(bat_priv, skb, vid, | ||
641 | + mcast_is_routable); | ||
642 | } else { | ||
643 | if (batadv_dat_snoop_outgoing_arp_request(bat_priv, | ||
644 | skb)) | ||
645 | diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c | ||
646 | index 2f9c0de533c75..0b64f015b3b0b 100644 | ||
647 | --- a/net/core/lwtunnel.c | ||
648 | +++ b/net/core/lwtunnel.c | ||
649 | @@ -190,6 +190,10 @@ int lwtunnel_valid_encap_type_attr(struct nlattr *attr, int remaining, | ||
650 | nla_entype = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); | ||
651 | |||
652 | if (nla_entype) { | ||
653 | + if (nla_len(nla_entype) < sizeof(u16)) { | ||
654 | + NL_SET_ERR_MSG(extack, "Invalid RTA_ENCAP_TYPE"); | ||
655 | + return -EINVAL; | ||
656 | + } | ||
657 | encap_type = nla_get_u16(nla_entype); | ||
658 | |||
659 | if (lwtunnel_valid_encap_type(encap_type, | ||
660 | diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c | ||
661 | index c0b8154205237..ce4b28f011485 100644 | ||
662 | --- a/net/ipv4/fib_semantics.c | ||
663 | +++ b/net/ipv4/fib_semantics.c | ||
664 | @@ -654,6 +654,19 @@ static int fib_count_nexthops(struct rtnexthop *rtnh, int remaining, | ||
665 | return nhs; | ||
666 | } | ||
667 | |||
668 | +static int fib_gw_from_attr(__be32 *gw, struct nlattr *nla, | ||
669 | + struct netlink_ext_ack *extack) | ||
670 | +{ | ||
671 | + if (nla_len(nla) < sizeof(*gw)) { | ||
672 | + NL_SET_ERR_MSG(extack, "Invalid IPv4 address in RTA_GATEWAY"); | ||
673 | + return -EINVAL; | ||
674 | + } | ||
675 | + | ||
676 | + *gw = nla_get_in_addr(nla); | ||
677 | + | ||
678 | + return 0; | ||
679 | +} | ||
680 | + | ||
681 | /* only called when fib_nh is integrated into fib_info */ | ||
682 | static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh, | ||
683 | int remaining, struct fib_config *cfg, | ||
684 | @@ -696,7 +709,11 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh, | ||
685 | return -EINVAL; | ||
686 | } | ||
687 | if (nla) { | ||
688 | - fib_cfg.fc_gw4 = nla_get_in_addr(nla); | ||
689 | + ret = fib_gw_from_attr(&fib_cfg.fc_gw4, nla, | ||
690 | + extack); | ||
691 | + if (ret) | ||
692 | + goto errout; | ||
693 | + | ||
694 | if (fib_cfg.fc_gw4) | ||
695 | fib_cfg.fc_gw_family = AF_INET; | ||
696 | } else if (nlav) { | ||
697 | @@ -706,10 +723,18 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh, | ||
698 | } | ||
699 | |||
700 | nla = nla_find(attrs, attrlen, RTA_FLOW); | ||
701 | - if (nla) | ||
702 | + if (nla) { | ||
703 | + if (nla_len(nla) < sizeof(u32)) { | ||
704 | + NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW"); | ||
705 | + return -EINVAL; | ||
706 | + } | ||
707 | fib_cfg.fc_flow = nla_get_u32(nla); | ||
708 | + } | ||
709 | |||
710 | fib_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP); | ||
711 | + /* RTA_ENCAP_TYPE length checked in | ||
712 | + * lwtunnel_valid_encap_type_attr | ||
713 | + */ | ||
714 | nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); | ||
715 | if (nla) | ||
716 | fib_cfg.fc_encap_type = nla_get_u16(nla); | ||
717 | @@ -894,6 +919,7 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi, | ||
718 | attrlen = rtnh_attrlen(rtnh); | ||
719 | if (attrlen > 0) { | ||
720 | struct nlattr *nla, *nlav, *attrs = rtnh_attrs(rtnh); | ||
721 | + int err; | ||
722 | |||
723 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); | ||
724 | nlav = nla_find(attrs, attrlen, RTA_VIA); | ||
725 | @@ -904,12 +930,17 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi, | ||
726 | } | ||
727 | |||
728 | if (nla) { | ||
729 | + __be32 gw; | ||
730 | + | ||
731 | + err = fib_gw_from_attr(&gw, nla, extack); | ||
732 | + if (err) | ||
733 | + return err; | ||
734 | + | ||
735 | if (nh->fib_nh_gw_family != AF_INET || | ||
736 | - nla_get_in_addr(nla) != nh->fib_nh_gw4) | ||
737 | + gw != nh->fib_nh_gw4) | ||
738 | return 1; | ||
739 | } else if (nlav) { | ||
740 | struct fib_config cfg2; | ||
741 | - int err; | ||
742 | |||
743 | err = fib_gw_from_via(&cfg2, nlav, extack); | ||
744 | if (err) | ||
745 | @@ -932,8 +963,14 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi, | ||
746 | |||
747 | #ifdef CONFIG_IP_ROUTE_CLASSID | ||
748 | nla = nla_find(attrs, attrlen, RTA_FLOW); | ||
749 | - if (nla && nla_get_u32(nla) != nh->nh_tclassid) | ||
750 | - return 1; | ||
751 | + if (nla) { | ||
752 | + if (nla_len(nla) < sizeof(u32)) { | ||
753 | + NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW"); | ||
754 | + return -EINVAL; | ||
755 | + } | ||
756 | + if (nla_get_u32(nla) != nh->nh_tclassid) | ||
757 | + return 1; | ||
758 | + } | ||
759 | #endif | ||
760 | } | ||
761 | |||
762 | diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c | ||
763 | index a0016f05c4f86..3cdf011a8dd8d 100644 | ||
764 | --- a/net/ipv4/udp.c | ||
765 | +++ b/net/ipv4/udp.c | ||
766 | @@ -2943,7 +2943,7 @@ int udp4_seq_show(struct seq_file *seq, void *v) | ||
767 | { | ||
768 | seq_setwidth(seq, 127); | ||
769 | if (v == SEQ_START_TOKEN) | ||
770 | - seq_puts(seq, " sl local_address rem_address st tx_queue " | ||
771 | + seq_puts(seq, " sl local_address rem_address st tx_queue " | ||
772 | "rx_queue tr tm->when retrnsmt uid timeout " | ||
773 | "inode ref pointer drops"); | ||
774 | else { | ||
775 | diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c | ||
776 | index 12ab6605d9617..8b44d3b53844e 100644 | ||
777 | --- a/net/ipv6/ip6_vti.c | ||
778 | +++ b/net/ipv6/ip6_vti.c | ||
779 | @@ -795,6 +795,8 @@ vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) | ||
780 | struct net *net = dev_net(dev); | ||
781 | struct vti6_net *ip6n = net_generic(net, vti6_net_id); | ||
782 | |||
783 | + memset(&p1, 0, sizeof(p1)); | ||
784 | + | ||
785 | switch (cmd) { | ||
786 | case SIOCGETTUNNEL: | ||
787 | if (dev == ip6n->fb_tnl_dev) { | ||
788 | diff --git a/net/ipv6/route.c b/net/ipv6/route.c | ||
789 | index f36db3dd97346..5ef6e27e026e9 100644 | ||
790 | --- a/net/ipv6/route.c | ||
791 | +++ b/net/ipv6/route.c | ||
792 | @@ -5092,6 +5092,19 @@ static void ip6_route_mpath_notify(struct fib6_info *rt, | ||
793 | inet6_rt_notify(RTM_NEWROUTE, rt, info, nlflags); | ||
794 | } | ||
795 | |||
796 | +static int fib6_gw_from_attr(struct in6_addr *gw, struct nlattr *nla, | ||
797 | + struct netlink_ext_ack *extack) | ||
798 | +{ | ||
799 | + if (nla_len(nla) < sizeof(*gw)) { | ||
800 | + NL_SET_ERR_MSG(extack, "Invalid IPv6 address in RTA_GATEWAY"); | ||
801 | + return -EINVAL; | ||
802 | + } | ||
803 | + | ||
804 | + *gw = nla_get_in6_addr(nla); | ||
805 | + | ||
806 | + return 0; | ||
807 | +} | ||
808 | + | ||
809 | static int ip6_route_multipath_add(struct fib6_config *cfg, | ||
810 | struct netlink_ext_ack *extack) | ||
811 | { | ||
812 | @@ -5133,10 +5146,18 @@ static int ip6_route_multipath_add(struct fib6_config *cfg, | ||
813 | |||
814 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); | ||
815 | if (nla) { | ||
816 | - r_cfg.fc_gateway = nla_get_in6_addr(nla); | ||
817 | + err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla, | ||
818 | + extack); | ||
819 | + if (err) | ||
820 | + goto cleanup; | ||
821 | + | ||
822 | r_cfg.fc_flags |= RTF_GATEWAY; | ||
823 | } | ||
824 | r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP); | ||
825 | + | ||
826 | + /* RTA_ENCAP_TYPE length checked in | ||
827 | + * lwtunnel_valid_encap_type_attr | ||
828 | + */ | ||
829 | nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE); | ||
830 | if (nla) | ||
831 | r_cfg.fc_encap_type = nla_get_u16(nla); | ||
832 | @@ -5288,7 +5309,13 @@ static int ip6_route_multipath_del(struct fib6_config *cfg, | ||
833 | |||
834 | nla = nla_find(attrs, attrlen, RTA_GATEWAY); | ||
835 | if (nla) { | ||
836 | - nla_memcpy(&r_cfg.fc_gateway, nla, 16); | ||
837 | + err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla, | ||
838 | + extack); | ||
839 | + if (err) { | ||
840 | + last_err = err; | ||
841 | + goto next_rtnh; | ||
842 | + } | ||
843 | + | ||
844 | r_cfg.fc_flags |= RTF_GATEWAY; | ||
845 | } | ||
846 | } | ||
847 | @@ -5296,6 +5323,7 @@ static int ip6_route_multipath_del(struct fib6_config *cfg, | ||
848 | if (err) | ||
849 | last_err = err; | ||
850 | |||
851 | +next_rtnh: | ||
852 | rtnh = rtnh_next(rtnh, &remaining); | ||
853 | } | ||
854 | |||
855 | diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c | ||
856 | index 5c727af01143f..ad00f31e20023 100644 | ||
857 | --- a/net/mac80211/mlme.c | ||
858 | +++ b/net/mac80211/mlme.c | ||
859 | @@ -4953,7 +4953,7 @@ static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata, | ||
860 | */ | ||
861 | if (new_sta) { | ||
862 | u32 rates = 0, basic_rates = 0; | ||
863 | - bool have_higher_than_11mbit; | ||
864 | + bool have_higher_than_11mbit = false; | ||
865 | int min_rate = INT_MAX, min_rate_index = -1; | ||
866 | const struct cfg80211_bss_ies *ies; | ||
867 | int shift = ieee80211_vif_get_shift(&sdata->vif); | ||
868 | diff --git a/net/phonet/pep.c b/net/phonet/pep.c | ||
869 | index a07e13f63332c..0c5d0f7b8b4bb 100644 | ||
870 | --- a/net/phonet/pep.c | ||
871 | +++ b/net/phonet/pep.c | ||
872 | @@ -868,6 +868,7 @@ static struct sock *pep_sock_accept(struct sock *sk, int flags, int *errp, | ||
873 | |||
874 | err = pep_accept_conn(newsk, skb); | ||
875 | if (err) { | ||
876 | + __sock_put(sk); | ||
877 | sock_put(newsk); | ||
878 | newsk = NULL; | ||
879 | goto drop; | ||
880 | diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c | ||
881 | index b046fd3cac2cf..1eb339d224ae5 100644 | ||
882 | --- a/net/sched/sch_qfq.c | ||
883 | +++ b/net/sched/sch_qfq.c | ||
884 | @@ -1421,10 +1421,8 @@ static int qfq_init_qdisc(struct Qdisc *sch, struct nlattr *opt, | ||
885 | if (err < 0) | ||
886 | return err; | ||
887 | |||
888 | - if (qdisc_dev(sch)->tx_queue_len + 1 > QFQ_MAX_AGG_CLASSES) | ||
889 | - max_classes = QFQ_MAX_AGG_CLASSES; | ||
890 | - else | ||
891 | - max_classes = qdisc_dev(sch)->tx_queue_len + 1; | ||
892 | + max_classes = min_t(u64, (u64)qdisc_dev(sch)->tx_queue_len + 1, | ||
893 | + QFQ_MAX_AGG_CLASSES); | ||
894 | /* max_cl_shift = floor(log_2(max_classes)) */ | ||
895 | max_cl_shift = __fls(max_classes); | ||
896 | q->max_agg_classes = 1<<max_cl_shift; | ||
897 | diff --git a/tools/testing/selftests/x86/test_vsyscall.c b/tools/testing/selftests/x86/test_vsyscall.c | ||
898 | index a4f4d4cf22c3b..d0752a0a8f362 100644 | ||
899 | --- a/tools/testing/selftests/x86/test_vsyscall.c | ||
900 | +++ b/tools/testing/selftests/x86/test_vsyscall.c | ||
901 | @@ -480,7 +480,7 @@ static int test_process_vm_readv(void) | ||
902 | } | ||
903 | |||
904 | if (vsyscall_map_r) { | ||
905 | - if (!memcmp(buf, (const void *)0xffffffffff600000, 4096)) { | ||
906 | + if (!memcmp(buf, remote.iov_base, sizeof(buf))) { | ||
907 | printf("[OK]\tIt worked and read correct data\n"); | ||
908 | } else { | ||
909 | printf("[FAIL]\tIt worked but returned incorrect data\n"); |