Contents of /trunk/kernel-alx/patches-5.4/0317-5.4.218-all-fixes.patch
Parent Directory | Revision Log
Revision 3635 -
(show annotations)
(download)
Mon Oct 24 12:34:12 2022 UTC (18 months, 1 week ago) by niro
File size: 39774 byte(s)
Mon Oct 24 12:34:12 2022 UTC (18 months, 1 week ago) by niro
File size: 39774 byte(s)
-sync kernel patches
1 | diff --git a/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt b/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt |
2 | index 8a9f3559335b5..7e14e26676ec9 100644 |
3 | --- a/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt |
4 | +++ b/Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt |
5 | @@ -34,8 +34,8 @@ Example: |
6 | Use specific request line passing from dma |
7 | For example, MMC request line is 5 |
8 | |
9 | - sdhci: sdhci@98e00000 { |
10 | - compatible = "moxa,moxart-sdhci"; |
11 | + mmc: mmc@98e00000 { |
12 | + compatible = "moxa,moxart-mmc"; |
13 | reg = <0x98e00000 0x5C>; |
14 | interrupts = <5 0>; |
15 | clocks = <&clk_apb>; |
16 | diff --git a/Makefile b/Makefile |
17 | index 201ac8e410a94..c26d5ce1d6768 100644 |
18 | --- a/Makefile |
19 | +++ b/Makefile |
20 | @@ -1,7 +1,7 @@ |
21 | # SPDX-License-Identifier: GPL-2.0 |
22 | VERSION = 5 |
23 | PATCHLEVEL = 4 |
24 | -SUBLEVEL = 217 |
25 | +SUBLEVEL = 218 |
26 | EXTRAVERSION = |
27 | NAME = Kleptomaniac Octopus |
28 | |
29 | diff --git a/arch/arm/boot/dts/moxart-uc7112lx.dts b/arch/arm/boot/dts/moxart-uc7112lx.dts |
30 | index eb5291b0ee3aa..e07b807b4cec5 100644 |
31 | --- a/arch/arm/boot/dts/moxart-uc7112lx.dts |
32 | +++ b/arch/arm/boot/dts/moxart-uc7112lx.dts |
33 | @@ -79,7 +79,7 @@ |
34 | clocks = <&ref12>; |
35 | }; |
36 | |
37 | -&sdhci { |
38 | +&mmc { |
39 | status = "okay"; |
40 | }; |
41 | |
42 | diff --git a/arch/arm/boot/dts/moxart.dtsi b/arch/arm/boot/dts/moxart.dtsi |
43 | index f5f070a874823..764832ddfa78a 100644 |
44 | --- a/arch/arm/boot/dts/moxart.dtsi |
45 | +++ b/arch/arm/boot/dts/moxart.dtsi |
46 | @@ -93,8 +93,8 @@ |
47 | clock-names = "PCLK"; |
48 | }; |
49 | |
50 | - sdhci: sdhci@98e00000 { |
51 | - compatible = "moxa,moxart-sdhci"; |
52 | + mmc: mmc@98e00000 { |
53 | + compatible = "moxa,moxart-mmc"; |
54 | reg = <0x98e00000 0x5C>; |
55 | interrupts = <5 IRQ_TYPE_LEVEL_HIGH>; |
56 | clocks = <&clk_apb>; |
57 | diff --git a/arch/um/Makefile b/arch/um/Makefile |
58 | index 275f5ffdf6f0a..773120be0f56f 100644 |
59 | --- a/arch/um/Makefile |
60 | +++ b/arch/um/Makefile |
61 | @@ -132,10 +132,18 @@ export LDS_ELF_FORMAT := $(ELF_FORMAT) |
62 | # The wrappers will select whether using "malloc" or the kernel allocator. |
63 | LINK_WRAPS = -Wl,--wrap,malloc -Wl,--wrap,free -Wl,--wrap,calloc |
64 | |
65 | +# Avoid binutils 2.39+ warnings by marking the stack non-executable and |
66 | +# ignorning warnings for the kallsyms sections. |
67 | +LDFLAGS_EXECSTACK = -z noexecstack |
68 | +ifeq ($(CONFIG_LD_IS_BFD),y) |
69 | +LDFLAGS_EXECSTACK += $(call ld-option,--no-warn-rwx-segments) |
70 | +endif |
71 | + |
72 | LD_FLAGS_CMDLINE = $(foreach opt,$(KBUILD_LDFLAGS),-Wl,$(opt)) |
73 | |
74 | # Used by link-vmlinux.sh which has special support for um link |
75 | export CFLAGS_vmlinux := $(LINK-y) $(LINK_WRAPS) $(LD_FLAGS_CMDLINE) |
76 | +export LDFLAGS_vmlinux := $(LDFLAGS_EXECSTACK) |
77 | |
78 | # When cleaning we don't include .config, so we don't include |
79 | # TT or skas makefiles and don't clean skas_ptregs.h. |
80 | diff --git a/arch/x86/um/shared/sysdep/syscalls_32.h b/arch/x86/um/shared/sysdep/syscalls_32.h |
81 | index 68fd2cf526fd7..f6e9f84397e79 100644 |
82 | --- a/arch/x86/um/shared/sysdep/syscalls_32.h |
83 | +++ b/arch/x86/um/shared/sysdep/syscalls_32.h |
84 | @@ -6,10 +6,9 @@ |
85 | #include <asm/unistd.h> |
86 | #include <sysdep/ptrace.h> |
87 | |
88 | -typedef long syscall_handler_t(struct pt_regs); |
89 | +typedef long syscall_handler_t(struct syscall_args); |
90 | |
91 | extern syscall_handler_t *sys_call_table[]; |
92 | |
93 | #define EXECUTE_SYSCALL(syscall, regs) \ |
94 | - ((long (*)(struct syscall_args)) \ |
95 | - (*sys_call_table[syscall]))(SYSCALL_ARGS(®s->regs)) |
96 | + ((*sys_call_table[syscall]))(SYSCALL_ARGS(®s->regs)) |
97 | diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c |
98 | index ac8eee093f9cd..66162eafd8e8f 100644 |
99 | --- a/arch/x86/um/tls_32.c |
100 | +++ b/arch/x86/um/tls_32.c |
101 | @@ -65,9 +65,6 @@ static int get_free_idx(struct task_struct* task) |
102 | struct thread_struct *t = &task->thread; |
103 | int idx; |
104 | |
105 | - if (!t->arch.tls_array) |
106 | - return GDT_ENTRY_TLS_MIN; |
107 | - |
108 | for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++) |
109 | if (!t->arch.tls_array[idx].present) |
110 | return idx + GDT_ENTRY_TLS_MIN; |
111 | @@ -240,9 +237,6 @@ static int get_tls_entry(struct task_struct *task, struct user_desc *info, |
112 | { |
113 | struct thread_struct *t = &task->thread; |
114 | |
115 | - if (!t->arch.tls_array) |
116 | - goto clear; |
117 | - |
118 | if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) |
119 | return -EINVAL; |
120 | |
121 | diff --git a/arch/x86/um/vdso/Makefile b/arch/x86/um/vdso/Makefile |
122 | index 0caddd6acb226..bec115036f872 100644 |
123 | --- a/arch/x86/um/vdso/Makefile |
124 | +++ b/arch/x86/um/vdso/Makefile |
125 | @@ -62,7 +62,7 @@ quiet_cmd_vdso = VDSO $@ |
126 | -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \ |
127 | sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' |
128 | |
129 | -VDSO_LDFLAGS = -fPIC -shared -Wl,--hash-style=sysv |
130 | +VDSO_LDFLAGS = -fPIC -shared -Wl,--hash-style=sysv -z noexecstack |
131 | GCOV_PROFILE := n |
132 | |
133 | # |
134 | diff --git a/drivers/char/mem.c b/drivers/char/mem.c |
135 | index 6b56bff9b68cc..c5025ae6a37ed 100644 |
136 | --- a/drivers/char/mem.c |
137 | +++ b/drivers/char/mem.c |
138 | @@ -953,8 +953,8 @@ static const struct memdev { |
139 | #endif |
140 | [5] = { "zero", 0666, &zero_fops, 0 }, |
141 | [7] = { "full", 0666, &full_fops, 0 }, |
142 | - [8] = { "random", 0666, &random_fops, 0 }, |
143 | - [9] = { "urandom", 0666, &urandom_fops, 0 }, |
144 | + [8] = { "random", 0666, &random_fops, FMODE_NOWAIT }, |
145 | + [9] = { "urandom", 0666, &urandom_fops, FMODE_NOWAIT }, |
146 | #ifdef CONFIG_PRINTK |
147 | [11] = { "kmsg", 0644, &kmsg_fops, 0 }, |
148 | #endif |
149 | diff --git a/drivers/char/random.c b/drivers/char/random.c |
150 | index 1ef94d1125210..364dd5eaebda4 100644 |
151 | --- a/drivers/char/random.c |
152 | +++ b/drivers/char/random.c |
153 | @@ -890,20 +890,23 @@ void __init add_bootloader_randomness(const void *buf, size_t len) |
154 | } |
155 | |
156 | struct fast_pool { |
157 | - struct work_struct mix; |
158 | unsigned long pool[4]; |
159 | unsigned long last; |
160 | unsigned int count; |
161 | + struct timer_list mix; |
162 | }; |
163 | |
164 | +static void mix_interrupt_randomness(struct timer_list *work); |
165 | + |
166 | static DEFINE_PER_CPU(struct fast_pool, irq_randomness) = { |
167 | #ifdef CONFIG_64BIT |
168 | #define FASTMIX_PERM SIPHASH_PERMUTATION |
169 | - .pool = { SIPHASH_CONST_0, SIPHASH_CONST_1, SIPHASH_CONST_2, SIPHASH_CONST_3 } |
170 | + .pool = { SIPHASH_CONST_0, SIPHASH_CONST_1, SIPHASH_CONST_2, SIPHASH_CONST_3 }, |
171 | #else |
172 | #define FASTMIX_PERM HSIPHASH_PERMUTATION |
173 | - .pool = { HSIPHASH_CONST_0, HSIPHASH_CONST_1, HSIPHASH_CONST_2, HSIPHASH_CONST_3 } |
174 | + .pool = { HSIPHASH_CONST_0, HSIPHASH_CONST_1, HSIPHASH_CONST_2, HSIPHASH_CONST_3 }, |
175 | #endif |
176 | + .mix = __TIMER_INITIALIZER(mix_interrupt_randomness, 0) |
177 | }; |
178 | |
179 | /* |
180 | @@ -945,7 +948,7 @@ int __cold random_online_cpu(unsigned int cpu) |
181 | } |
182 | #endif |
183 | |
184 | -static void mix_interrupt_randomness(struct work_struct *work) |
185 | +static void mix_interrupt_randomness(struct timer_list *work) |
186 | { |
187 | struct fast_pool *fast_pool = container_of(work, struct fast_pool, mix); |
188 | /* |
189 | @@ -976,7 +979,7 @@ static void mix_interrupt_randomness(struct work_struct *work) |
190 | local_irq_enable(); |
191 | |
192 | mix_pool_bytes(pool, sizeof(pool)); |
193 | - credit_init_bits(max(1u, (count & U16_MAX) / 64)); |
194 | + credit_init_bits(clamp_t(unsigned int, (count & U16_MAX) / 64, 1, sizeof(pool) * 8)); |
195 | |
196 | memzero_explicit(pool, sizeof(pool)); |
197 | } |
198 | @@ -999,10 +1002,11 @@ void add_interrupt_randomness(int irq) |
199 | if (new_count < 1024 && !time_is_before_jiffies(fast_pool->last + HZ)) |
200 | return; |
201 | |
202 | - if (unlikely(!fast_pool->mix.func)) |
203 | - INIT_WORK(&fast_pool->mix, mix_interrupt_randomness); |
204 | fast_pool->count |= MIX_INFLIGHT; |
205 | - queue_work_on(raw_smp_processor_id(), system_highpri_wq, &fast_pool->mix); |
206 | + if (!timer_pending(&fast_pool->mix)) { |
207 | + fast_pool->mix.expires = jiffies; |
208 | + add_timer_on(&fast_pool->mix, raw_smp_processor_id()); |
209 | + } |
210 | } |
211 | EXPORT_SYMBOL_GPL(add_interrupt_randomness); |
212 | |
213 | @@ -1294,6 +1298,11 @@ static ssize_t random_read_iter(struct kiocb *kiocb, struct iov_iter *iter) |
214 | { |
215 | int ret; |
216 | |
217 | + if (!crng_ready() && |
218 | + ((kiocb->ki_flags & IOCB_NOWAIT) || |
219 | + (kiocb->ki_filp->f_flags & O_NONBLOCK))) |
220 | + return -EAGAIN; |
221 | + |
222 | ret = wait_for_random_bytes(); |
223 | if (ret != 0) |
224 | return ret; |
225 | diff --git a/drivers/dma/xilinx/xilinx_dma.c b/drivers/dma/xilinx/xilinx_dma.c |
226 | index 7729b8d22553e..3bb711e735ab9 100644 |
227 | --- a/drivers/dma/xilinx/xilinx_dma.c |
228 | +++ b/drivers/dma/xilinx/xilinx_dma.c |
229 | @@ -2683,7 +2683,7 @@ static int xilinx_dma_probe(struct platform_device *pdev) |
230 | if (err < 0) { |
231 | dev_err(xdev->dev, |
232 | "missing xlnx,num-fstores property\n"); |
233 | - return err; |
234 | + goto disable_clks; |
235 | } |
236 | |
237 | err = of_property_read_u32(node, "xlnx,flush-fsync", |
238 | @@ -2703,7 +2703,11 @@ static int xilinx_dma_probe(struct platform_device *pdev) |
239 | xdev->ext_addr = false; |
240 | |
241 | /* Set the dma mask bits */ |
242 | - dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); |
243 | + err = dma_set_mask_and_coherent(xdev->dev, DMA_BIT_MASK(addr_width)); |
244 | + if (err < 0) { |
245 | + dev_err(xdev->dev, "DMA mask error %d\n", err); |
246 | + goto disable_clks; |
247 | + } |
248 | |
249 | /* Initialize the DMA engine */ |
250 | xdev->common.dev = &pdev->dev; |
251 | diff --git a/drivers/firmware/arm_scmi/scmi_pm_domain.c b/drivers/firmware/arm_scmi/scmi_pm_domain.c |
252 | index 177874adccf0d..b0c8962b98854 100644 |
253 | --- a/drivers/firmware/arm_scmi/scmi_pm_domain.c |
254 | +++ b/drivers/firmware/arm_scmi/scmi_pm_domain.c |
255 | @@ -106,9 +106,28 @@ static int scmi_pm_domain_probe(struct scmi_device *sdev) |
256 | scmi_pd_data->domains = domains; |
257 | scmi_pd_data->num_domains = num_domains; |
258 | |
259 | + dev_set_drvdata(dev, scmi_pd_data); |
260 | + |
261 | return of_genpd_add_provider_onecell(np, scmi_pd_data); |
262 | } |
263 | |
264 | +static void scmi_pm_domain_remove(struct scmi_device *sdev) |
265 | +{ |
266 | + int i; |
267 | + struct genpd_onecell_data *scmi_pd_data; |
268 | + struct device *dev = &sdev->dev; |
269 | + struct device_node *np = dev->of_node; |
270 | + |
271 | + of_genpd_del_provider(np); |
272 | + |
273 | + scmi_pd_data = dev_get_drvdata(dev); |
274 | + for (i = 0; i < scmi_pd_data->num_domains; i++) { |
275 | + if (!scmi_pd_data->domains[i]) |
276 | + continue; |
277 | + pm_genpd_remove(scmi_pd_data->domains[i]); |
278 | + } |
279 | +} |
280 | + |
281 | static const struct scmi_device_id scmi_id_table[] = { |
282 | { SCMI_PROTOCOL_POWER }, |
283 | { }, |
284 | @@ -118,6 +137,7 @@ MODULE_DEVICE_TABLE(scmi, scmi_id_table); |
285 | static struct scmi_driver scmi_power_domain_driver = { |
286 | .name = "scmi-power-domain", |
287 | .probe = scmi_pm_domain_probe, |
288 | + .remove = scmi_pm_domain_remove, |
289 | .id_table = scmi_id_table, |
290 | }; |
291 | module_scmi_driver(scmi_power_domain_driver); |
292 | diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c |
293 | index ba101afcfc27f..70dedc0f7827c 100644 |
294 | --- a/drivers/input/joystick/xpad.c |
295 | +++ b/drivers/input/joystick/xpad.c |
296 | @@ -112,6 +112,8 @@ static const struct xpad_device { |
297 | u8 xtype; |
298 | } xpad_device[] = { |
299 | { 0x0079, 0x18d4, "GPD Win 2 X-Box Controller", 0, XTYPE_XBOX360 }, |
300 | + { 0x03eb, 0xff01, "Wooting One (Legacy)", 0, XTYPE_XBOX360 }, |
301 | + { 0x03eb, 0xff02, "Wooting Two (Legacy)", 0, XTYPE_XBOX360 }, |
302 | { 0x044f, 0x0f00, "Thrustmaster Wheel", 0, XTYPE_XBOX }, |
303 | { 0x044f, 0x0f03, "Thrustmaster Wheel", 0, XTYPE_XBOX }, |
304 | { 0x044f, 0x0f07, "Thrustmaster, Inc. Controller", 0, XTYPE_XBOX }, |
305 | @@ -242,6 +244,7 @@ static const struct xpad_device { |
306 | { 0x0f0d, 0x0063, "Hori Real Arcade Pro Hayabusa (USA) Xbox One", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOXONE }, |
307 | { 0x0f0d, 0x0067, "HORIPAD ONE", 0, XTYPE_XBOXONE }, |
308 | { 0x0f0d, 0x0078, "Hori Real Arcade Pro V Kai Xbox One", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOXONE }, |
309 | + { 0x0f0d, 0x00c5, "Hori Fighting Commander ONE", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOXONE }, |
310 | { 0x0f30, 0x010b, "Philips Recoil", 0, XTYPE_XBOX }, |
311 | { 0x0f30, 0x0202, "Joytech Advanced Controller", 0, XTYPE_XBOX }, |
312 | { 0x0f30, 0x8888, "BigBen XBMiniPad Controller", 0, XTYPE_XBOX }, |
313 | @@ -258,6 +261,7 @@ static const struct xpad_device { |
314 | { 0x1430, 0x8888, "TX6500+ Dance Pad (first generation)", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX }, |
315 | { 0x1430, 0xf801, "RedOctane Controller", 0, XTYPE_XBOX360 }, |
316 | { 0x146b, 0x0601, "BigBen Interactive XBOX 360 Controller", 0, XTYPE_XBOX360 }, |
317 | + { 0x146b, 0x0604, "Bigben Interactive DAIJA Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, |
318 | { 0x1532, 0x0037, "Razer Sabertooth", 0, XTYPE_XBOX360 }, |
319 | { 0x1532, 0x0a00, "Razer Atrox Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOXONE }, |
320 | { 0x1532, 0x0a03, "Razer Wildcat", 0, XTYPE_XBOXONE }, |
321 | @@ -322,6 +326,7 @@ static const struct xpad_device { |
322 | { 0x24c6, 0x5502, "Hori Fighting Stick VX Alt", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, |
323 | { 0x24c6, 0x5503, "Hori Fighting Edge", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, |
324 | { 0x24c6, 0x5506, "Hori SOULCALIBUR V Stick", 0, XTYPE_XBOX360 }, |
325 | + { 0x24c6, 0x5510, "Hori Fighting Commander ONE (Xbox 360/PC Mode)", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, |
326 | { 0x24c6, 0x550d, "Hori GEM Xbox controller", 0, XTYPE_XBOX360 }, |
327 | { 0x24c6, 0x550e, "Hori Real Arcade Pro V Kai 360", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, |
328 | { 0x24c6, 0x551a, "PowerA FUSION Pro Controller", 0, XTYPE_XBOXONE }, |
329 | @@ -331,6 +336,14 @@ static const struct xpad_device { |
330 | { 0x24c6, 0x5b03, "Thrustmaster Ferrari 458 Racing Wheel", 0, XTYPE_XBOX360 }, |
331 | { 0x24c6, 0x5d04, "Razer Sabertooth", 0, XTYPE_XBOX360 }, |
332 | { 0x24c6, 0xfafe, "Rock Candy Gamepad for Xbox 360", 0, XTYPE_XBOX360 }, |
333 | + { 0x2563, 0x058d, "OneXPlayer Gamepad", 0, XTYPE_XBOX360 }, |
334 | + { 0x2dc8, 0x2000, "8BitDo Pro 2 Wired Controller fox Xbox", 0, XTYPE_XBOXONE }, |
335 | + { 0x31e3, 0x1100, "Wooting One", 0, XTYPE_XBOX360 }, |
336 | + { 0x31e3, 0x1200, "Wooting Two", 0, XTYPE_XBOX360 }, |
337 | + { 0x31e3, 0x1210, "Wooting Lekker", 0, XTYPE_XBOX360 }, |
338 | + { 0x31e3, 0x1220, "Wooting Two HE", 0, XTYPE_XBOX360 }, |
339 | + { 0x31e3, 0x1300, "Wooting 60HE (AVR)", 0, XTYPE_XBOX360 }, |
340 | + { 0x31e3, 0x1310, "Wooting 60HE (ARM)", 0, XTYPE_XBOX360 }, |
341 | { 0x3285, 0x0607, "Nacon GC-100", 0, XTYPE_XBOX360 }, |
342 | { 0x3767, 0x0101, "Fanatec Speedster 3 Forceshock Wheel", 0, XTYPE_XBOX }, |
343 | { 0xffff, 0xffff, "Chinese-made Xbox Controller", 0, XTYPE_XBOX }, |
344 | @@ -416,6 +429,7 @@ static const signed short xpad_abs_triggers[] = { |
345 | static const struct usb_device_id xpad_table[] = { |
346 | { USB_INTERFACE_INFO('X', 'B', 0) }, /* X-Box USB-IF not approved class */ |
347 | XPAD_XBOX360_VENDOR(0x0079), /* GPD Win 2 Controller */ |
348 | + XPAD_XBOX360_VENDOR(0x03eb), /* Wooting Keyboards (Legacy) */ |
349 | XPAD_XBOX360_VENDOR(0x044f), /* Thrustmaster X-Box 360 controllers */ |
350 | XPAD_XBOX360_VENDOR(0x045e), /* Microsoft X-Box 360 controllers */ |
351 | XPAD_XBOXONE_VENDOR(0x045e), /* Microsoft X-Box One controllers */ |
352 | @@ -426,6 +440,7 @@ static const struct usb_device_id xpad_table[] = { |
353 | { USB_DEVICE(0x0738, 0x4540) }, /* Mad Catz Beat Pad */ |
354 | XPAD_XBOXONE_VENDOR(0x0738), /* Mad Catz FightStick TE 2 */ |
355 | XPAD_XBOX360_VENDOR(0x07ff), /* Mad Catz GamePad */ |
356 | + XPAD_XBOX360_VENDOR(0x0c12), /* Zeroplus X-Box 360 controllers */ |
357 | XPAD_XBOX360_VENDOR(0x0e6f), /* 0x0e6f X-Box 360 controllers */ |
358 | XPAD_XBOXONE_VENDOR(0x0e6f), /* 0x0e6f X-Box One controllers */ |
359 | XPAD_XBOX360_VENDOR(0x0f0d), /* Hori Controllers */ |
360 | @@ -446,8 +461,12 @@ static const struct usb_device_id xpad_table[] = { |
361 | XPAD_XBOXONE_VENDOR(0x20d6), /* PowerA Controllers */ |
362 | XPAD_XBOX360_VENDOR(0x24c6), /* PowerA Controllers */ |
363 | XPAD_XBOXONE_VENDOR(0x24c6), /* PowerA Controllers */ |
364 | + XPAD_XBOX360_VENDOR(0x2563), /* OneXPlayer Gamepad */ |
365 | + XPAD_XBOX360_VENDOR(0x260d), /* Dareu H101 */ |
366 | + XPAD_XBOXONE_VENDOR(0x2dc8), /* 8BitDo Pro 2 Wired Controller for Xbox */ |
367 | XPAD_XBOXONE_VENDOR(0x2e24), /* Hyperkin Duke X-Box One pad */ |
368 | XPAD_XBOX360_VENDOR(0x2f24), /* GameSir Controllers */ |
369 | + XPAD_XBOX360_VENDOR(0x31e3), /* Wooting Keyboards */ |
370 | XPAD_XBOX360_VENDOR(0x3285), /* Nacon GC-100 */ |
371 | { } |
372 | }; |
373 | @@ -1964,7 +1983,6 @@ static struct usb_driver xpad_driver = { |
374 | .disconnect = xpad_disconnect, |
375 | .suspend = xpad_suspend, |
376 | .resume = xpad_resume, |
377 | - .reset_resume = xpad_resume, |
378 | .id_table = xpad_table, |
379 | }; |
380 | |
381 | diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c |
382 | index c6d7a0adde0db..9222931ef8f11 100644 |
383 | --- a/drivers/mmc/core/sd.c |
384 | +++ b/drivers/mmc/core/sd.c |
385 | @@ -799,7 +799,8 @@ try_again: |
386 | * the CCS bit is set as well. We deliberately deviate from the spec in |
387 | * regards to this, which allows UHS-I to be supported for SDSC cards. |
388 | */ |
389 | - if (!mmc_host_is_spi(host) && rocr && (*rocr & 0x01000000)) { |
390 | + if (!mmc_host_is_spi(host) && (ocr & SD_OCR_S18R) && |
391 | + rocr && (*rocr & SD_ROCR_S18A)) { |
392 | err = mmc_set_uhs_voltage(host, pocr); |
393 | if (err == -EAGAIN) { |
394 | retries--; |
395 | diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c |
396 | index 6b0ad6b4dd4b1..3a3a5a5706942 100644 |
397 | --- a/drivers/net/wireless/mac80211_hwsim.c |
398 | +++ b/drivers/net/wireless/mac80211_hwsim.c |
399 | @@ -3411,6 +3411,8 @@ static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2, |
400 | |
401 | rx_status.band = data2->channel->band; |
402 | rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]); |
403 | + if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates) |
404 | + goto out; |
405 | rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]); |
406 | |
407 | hdr = (void *)skb->data; |
408 | diff --git a/drivers/rpmsg/qcom_glink_native.c b/drivers/rpmsg/qcom_glink_native.c |
409 | index 0f10b3f847051..b240830a0aab0 100644 |
410 | --- a/drivers/rpmsg/qcom_glink_native.c |
411 | +++ b/drivers/rpmsg/qcom_glink_native.c |
412 | @@ -1472,7 +1472,7 @@ static void qcom_glink_rx_close(struct qcom_glink *glink, unsigned int rcid) |
413 | cancel_work_sync(&channel->intent_work); |
414 | |
415 | if (channel->rpdev) { |
416 | - strncpy(chinfo.name, channel->name, sizeof(chinfo.name)); |
417 | + strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name)); |
418 | chinfo.src = RPMSG_ADDR_ANY; |
419 | chinfo.dst = RPMSG_ADDR_ANY; |
420 | |
421 | diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c |
422 | index 0b1e853d8c91a..b5167ef93abf9 100644 |
423 | --- a/drivers/rpmsg/qcom_smd.c |
424 | +++ b/drivers/rpmsg/qcom_smd.c |
425 | @@ -1073,7 +1073,7 @@ static int qcom_smd_create_device(struct qcom_smd_channel *channel) |
426 | |
427 | /* Assign public information to the rpmsg_device */ |
428 | rpdev = &qsdev->rpdev; |
429 | - strncpy(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); |
430 | + strscpy_pad(rpdev->id.name, channel->name, RPMSG_NAME_SIZE); |
431 | rpdev->src = RPMSG_ADDR_ANY; |
432 | rpdev->dst = RPMSG_ADDR_ANY; |
433 | |
434 | @@ -1304,7 +1304,7 @@ static void qcom_channel_state_worker(struct work_struct *work) |
435 | |
436 | spin_unlock_irqrestore(&edge->channels_lock, flags); |
437 | |
438 | - strncpy(chinfo.name, channel->name, sizeof(chinfo.name)); |
439 | + strscpy_pad(chinfo.name, channel->name, sizeof(chinfo.name)); |
440 | chinfo.src = RPMSG_ADDR_ANY; |
441 | chinfo.dst = RPMSG_ADDR_ANY; |
442 | rpmsg_unregister_device(&edge->dev, &chinfo); |
443 | diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c |
444 | index c95e04cc64240..f864ef059d29e 100644 |
445 | --- a/drivers/scsi/qedf/qedf_main.c |
446 | +++ b/drivers/scsi/qedf/qedf_main.c |
447 | @@ -3544,11 +3544,6 @@ err2: |
448 | err1: |
449 | scsi_host_put(lport->host); |
450 | err0: |
451 | - if (qedf) { |
452 | - QEDF_INFO(&qedf->dbg_ctx, QEDF_LOG_DISC, "Probe done.\n"); |
453 | - |
454 | - clear_bit(QEDF_PROBING, &qedf->flags); |
455 | - } |
456 | return rc; |
457 | } |
458 | |
459 | diff --git a/drivers/scsi/stex.c b/drivers/scsi/stex.c |
460 | index 33287b6bdf0ef..159ffc2bb592f 100644 |
461 | --- a/drivers/scsi/stex.c |
462 | +++ b/drivers/scsi/stex.c |
463 | @@ -668,16 +668,17 @@ stex_queuecommand_lck(struct scsi_cmnd *cmd, void (*done)(struct scsi_cmnd *)) |
464 | return 0; |
465 | case PASSTHRU_CMD: |
466 | if (cmd->cmnd[1] == PASSTHRU_GET_DRVVER) { |
467 | - struct st_drvver ver; |
468 | + const struct st_drvver ver = { |
469 | + .major = ST_VER_MAJOR, |
470 | + .minor = ST_VER_MINOR, |
471 | + .oem = ST_OEM, |
472 | + .build = ST_BUILD_VER, |
473 | + .signature[0] = PASSTHRU_SIGNATURE, |
474 | + .console_id = host->max_id - 1, |
475 | + .host_no = hba->host->host_no, |
476 | + }; |
477 | size_t cp_len = sizeof(ver); |
478 | |
479 | - ver.major = ST_VER_MAJOR; |
480 | - ver.minor = ST_VER_MINOR; |
481 | - ver.oem = ST_OEM; |
482 | - ver.build = ST_BUILD_VER; |
483 | - ver.signature[0] = PASSTHRU_SIGNATURE; |
484 | - ver.console_id = host->max_id - 1; |
485 | - ver.host_no = hba->host->host_no; |
486 | cp_len = scsi_sg_copy_from_buffer(cmd, &ver, cp_len); |
487 | cmd->result = sizeof(ver) == cp_len ? |
488 | DID_OK << 16 | COMMAND_COMPLETE << 8 : |
489 | diff --git a/drivers/usb/mon/mon_bin.c b/drivers/usb/mon/mon_bin.c |
490 | index f48a23adbc35d..094e812e9e692 100644 |
491 | --- a/drivers/usb/mon/mon_bin.c |
492 | +++ b/drivers/usb/mon/mon_bin.c |
493 | @@ -1268,6 +1268,11 @@ static int mon_bin_mmap(struct file *filp, struct vm_area_struct *vma) |
494 | { |
495 | /* don't do anything here: "fault" will set up page table entries */ |
496 | vma->vm_ops = &mon_bin_vm_ops; |
497 | + |
498 | + if (vma->vm_flags & VM_WRITE) |
499 | + return -EPERM; |
500 | + |
501 | + vma->vm_flags &= ~VM_MAYWRITE; |
502 | vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; |
503 | vma->vm_private_data = filp->private_data; |
504 | mon_bin_vma_open(vma); |
505 | diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c |
506 | index ed1b26193d7a3..9041051000740 100644 |
507 | --- a/drivers/usb/serial/ftdi_sio.c |
508 | +++ b/drivers/usb/serial/ftdi_sio.c |
509 | @@ -1320,8 +1320,7 @@ static u32 get_ftdi_divisor(struct tty_struct *tty, |
510 | case 38400: div_value = ftdi_sio_b38400; break; |
511 | case 57600: div_value = ftdi_sio_b57600; break; |
512 | case 115200: div_value = ftdi_sio_b115200; break; |
513 | - } /* baud */ |
514 | - if (div_value == 0) { |
515 | + default: |
516 | dev_dbg(dev, "%s - Baudrate (%d) requested is not supported\n", |
517 | __func__, baud); |
518 | div_value = ftdi_sio_b9600; |
519 | diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c |
520 | index 3f437f07356b4..b7ba15d0ed6c1 100644 |
521 | --- a/drivers/usb/serial/qcserial.c |
522 | +++ b/drivers/usb/serial/qcserial.c |
523 | @@ -177,6 +177,7 @@ static const struct usb_device_id id_table[] = { |
524 | {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ |
525 | {DEVICE_SWI(0x413c, 0x81b5)}, /* Dell Wireless 5811e QDL */ |
526 | {DEVICE_SWI(0x413c, 0x81b6)}, /* Dell Wireless 5811e QDL */ |
527 | + {DEVICE_SWI(0x413c, 0x81c2)}, /* Dell Wireless 5811e */ |
528 | {DEVICE_SWI(0x413c, 0x81cb)}, /* Dell Wireless 5816e QDL */ |
529 | {DEVICE_SWI(0x413c, 0x81cc)}, /* Dell Wireless 5816e */ |
530 | {DEVICE_SWI(0x413c, 0x81cf)}, /* Dell Wireless 5819 */ |
531 | diff --git a/fs/ceph/file.c b/fs/ceph/file.c |
532 | index aa1eac6d89f2e..83122fc5f8130 100644 |
533 | --- a/fs/ceph/file.c |
534 | +++ b/fs/ceph/file.c |
535 | @@ -452,6 +452,12 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry, |
536 | if (dentry->d_name.len > NAME_MAX) |
537 | return -ENAMETOOLONG; |
538 | |
539 | + /* |
540 | + * Do not truncate the file, since atomic_open is called before the |
541 | + * permission check. The caller will do the truncation afterward. |
542 | + */ |
543 | + flags &= ~O_TRUNC; |
544 | + |
545 | if (flags & O_CREAT) { |
546 | if (ceph_quota_is_max_files_exceeded(dir)) |
547 | return -EDQUOT; |
548 | @@ -490,9 +496,7 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry, |
549 | |
550 | req->r_parent = dir; |
551 | set_bit(CEPH_MDS_R_PARENT_LOCKED, &req->r_req_flags); |
552 | - err = ceph_mdsc_do_request(mdsc, |
553 | - (flags & (O_CREAT|O_TRUNC)) ? dir : NULL, |
554 | - req); |
555 | + err = ceph_mdsc_do_request(mdsc, (flags & O_CREAT) ? dir : NULL, req); |
556 | err = ceph_handle_snapdir(req, dentry, err); |
557 | if (err) |
558 | goto out_req; |
559 | diff --git a/fs/inode.c b/fs/inode.c |
560 | index c5267a4db0f5e..140a62e5382cb 100644 |
561 | --- a/fs/inode.c |
562 | +++ b/fs/inode.c |
563 | @@ -167,8 +167,6 @@ int inode_init_always(struct super_block *sb, struct inode *inode) |
564 | inode->i_wb_frn_history = 0; |
565 | #endif |
566 | |
567 | - if (security_inode_alloc(inode)) |
568 | - goto out; |
569 | spin_lock_init(&inode->i_lock); |
570 | lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key); |
571 | |
572 | @@ -199,11 +197,12 @@ int inode_init_always(struct super_block *sb, struct inode *inode) |
573 | inode->i_fsnotify_mask = 0; |
574 | #endif |
575 | inode->i_flctx = NULL; |
576 | + |
577 | + if (unlikely(security_inode_alloc(inode))) |
578 | + return -ENOMEM; |
579 | this_cpu_inc(nr_inodes); |
580 | |
581 | return 0; |
582 | -out: |
583 | - return -ENOMEM; |
584 | } |
585 | EXPORT_SYMBOL(inode_init_always); |
586 | |
587 | diff --git a/fs/nilfs2/inode.c b/fs/nilfs2/inode.c |
588 | index 35b0bfe9324f2..b8ebfb16c8ec8 100644 |
589 | --- a/fs/nilfs2/inode.c |
590 | +++ b/fs/nilfs2/inode.c |
591 | @@ -451,6 +451,8 @@ int nilfs_read_inode_common(struct inode *inode, |
592 | inode->i_atime.tv_nsec = le32_to_cpu(raw_inode->i_mtime_nsec); |
593 | inode->i_ctime.tv_nsec = le32_to_cpu(raw_inode->i_ctime_nsec); |
594 | inode->i_mtime.tv_nsec = le32_to_cpu(raw_inode->i_mtime_nsec); |
595 | + if (nilfs_is_metadata_file_inode(inode) && !S_ISREG(inode->i_mode)) |
596 | + return -EIO; /* this inode is for metadata and corrupted */ |
597 | if (inode->i_nlink == 0) |
598 | return -ESTALE; /* this inode is deleted */ |
599 | |
600 | diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c |
601 | index eb3ac76190887..535543ab4e26a 100644 |
602 | --- a/fs/nilfs2/segment.c |
603 | +++ b/fs/nilfs2/segment.c |
604 | @@ -880,9 +880,11 @@ static int nilfs_segctor_create_checkpoint(struct nilfs_sc_info *sci) |
605 | nilfs_mdt_mark_dirty(nilfs->ns_cpfile); |
606 | nilfs_cpfile_put_checkpoint( |
607 | nilfs->ns_cpfile, nilfs->ns_cno, bh_cp); |
608 | - } else |
609 | - WARN_ON(err == -EINVAL || err == -ENOENT); |
610 | - |
611 | + } else if (err == -EINVAL || err == -ENOENT) { |
612 | + nilfs_error(sci->sc_super, |
613 | + "checkpoint creation failed due to metadata corruption."); |
614 | + err = -EIO; |
615 | + } |
616 | return err; |
617 | } |
618 | |
619 | @@ -896,7 +898,11 @@ static int nilfs_segctor_fill_in_checkpoint(struct nilfs_sc_info *sci) |
620 | err = nilfs_cpfile_get_checkpoint(nilfs->ns_cpfile, nilfs->ns_cno, 0, |
621 | &raw_cp, &bh_cp); |
622 | if (unlikely(err)) { |
623 | - WARN_ON(err == -EINVAL || err == -ENOENT); |
624 | + if (err == -EINVAL || err == -ENOENT) { |
625 | + nilfs_error(sci->sc_super, |
626 | + "checkpoint finalization failed due to metadata corruption."); |
627 | + err = -EIO; |
628 | + } |
629 | goto failed_ibh; |
630 | } |
631 | raw_cp->cp_snapshot_list.ssl_next = 0; |
632 | @@ -2786,10 +2792,9 @@ int nilfs_attach_log_writer(struct super_block *sb, struct nilfs_root *root) |
633 | inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL); |
634 | |
635 | err = nilfs_segctor_start_thread(nilfs->ns_writer); |
636 | - if (err) { |
637 | - kfree(nilfs->ns_writer); |
638 | - nilfs->ns_writer = NULL; |
639 | - } |
640 | + if (unlikely(err)) |
641 | + nilfs_detach_log_writer(sb); |
642 | + |
643 | return err; |
644 | } |
645 | |
646 | diff --git a/include/net/ieee802154_netdev.h b/include/net/ieee802154_netdev.h |
647 | index d0d188c3294bd..a8994f307fc38 100644 |
648 | --- a/include/net/ieee802154_netdev.h |
649 | +++ b/include/net/ieee802154_netdev.h |
650 | @@ -15,6 +15,22 @@ |
651 | #ifndef IEEE802154_NETDEVICE_H |
652 | #define IEEE802154_NETDEVICE_H |
653 | |
654 | +#define IEEE802154_REQUIRED_SIZE(struct_type, member) \ |
655 | + (offsetof(typeof(struct_type), member) + \ |
656 | + sizeof(((typeof(struct_type) *)(NULL))->member)) |
657 | + |
658 | +#define IEEE802154_ADDR_OFFSET \ |
659 | + offsetof(typeof(struct sockaddr_ieee802154), addr) |
660 | + |
661 | +#define IEEE802154_MIN_NAMELEN (IEEE802154_ADDR_OFFSET + \ |
662 | + IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, addr_type)) |
663 | + |
664 | +#define IEEE802154_NAMELEN_SHORT (IEEE802154_ADDR_OFFSET + \ |
665 | + IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, short_addr)) |
666 | + |
667 | +#define IEEE802154_NAMELEN_LONG (IEEE802154_ADDR_OFFSET + \ |
668 | + IEEE802154_REQUIRED_SIZE(struct ieee802154_addr_sa, hwaddr)) |
669 | + |
670 | #include <net/af_ieee802154.h> |
671 | #include <linux/netdevice.h> |
672 | #include <linux/skbuff.h> |
673 | @@ -165,6 +181,27 @@ static inline void ieee802154_devaddr_to_raw(void *raw, __le64 addr) |
674 | memcpy(raw, &temp, IEEE802154_ADDR_LEN); |
675 | } |
676 | |
677 | +static inline int |
678 | +ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len) |
679 | +{ |
680 | + struct ieee802154_addr_sa *sa; |
681 | + |
682 | + sa = &daddr->addr; |
683 | + if (len < IEEE802154_MIN_NAMELEN) |
684 | + return -EINVAL; |
685 | + switch (sa->addr_type) { |
686 | + case IEEE802154_ADDR_SHORT: |
687 | + if (len < IEEE802154_NAMELEN_SHORT) |
688 | + return -EINVAL; |
689 | + break; |
690 | + case IEEE802154_ADDR_LONG: |
691 | + if (len < IEEE802154_NAMELEN_LONG) |
692 | + return -EINVAL; |
693 | + break; |
694 | + } |
695 | + return 0; |
696 | +} |
697 | + |
698 | static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a, |
699 | const struct ieee802154_addr_sa *sa) |
700 | { |
701 | diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h |
702 | index 91bd749a02f7a..7738a055d9535 100644 |
703 | --- a/include/scsi/scsi_cmnd.h |
704 | +++ b/include/scsi/scsi_cmnd.h |
705 | @@ -204,7 +204,7 @@ static inline int scsi_get_resid(struct scsi_cmnd *cmd) |
706 | for_each_sg(scsi_sglist(cmd), sg, nseg, __i) |
707 | |
708 | static inline int scsi_sg_copy_from_buffer(struct scsi_cmnd *cmd, |
709 | - void *buf, int buflen) |
710 | + const void *buf, int buflen) |
711 | { |
712 | return sg_copy_from_buffer(scsi_sglist(cmd), scsi_sg_count(cmd), |
713 | buf, buflen); |
714 | diff --git a/mm/pagewalk.c b/mm/pagewalk.c |
715 | index 4eb09e0898817..ec41e7552f37c 100644 |
716 | --- a/mm/pagewalk.c |
717 | +++ b/mm/pagewalk.c |
718 | @@ -38,7 +38,7 @@ static int walk_pmd_range(pud_t *pud, unsigned long addr, unsigned long end, |
719 | do { |
720 | again: |
721 | next = pmd_addr_end(addr, end); |
722 | - if (pmd_none(*pmd) || !walk->vma) { |
723 | + if (pmd_none(*pmd)) { |
724 | if (ops->pte_hole) |
725 | err = ops->pte_hole(addr, next, walk); |
726 | if (err) |
727 | @@ -84,7 +84,7 @@ static int walk_pud_range(p4d_t *p4d, unsigned long addr, unsigned long end, |
728 | do { |
729 | again: |
730 | next = pud_addr_end(addr, end); |
731 | - if (pud_none(*pud) || !walk->vma) { |
732 | + if (pud_none(*pud)) { |
733 | if (ops->pte_hole) |
734 | err = ops->pte_hole(addr, next, walk); |
735 | if (err) |
736 | @@ -254,7 +254,7 @@ static int __walk_page_range(unsigned long start, unsigned long end, |
737 | int err = 0; |
738 | struct vm_area_struct *vma = walk->vma; |
739 | |
740 | - if (vma && is_vm_hugetlb_page(vma)) { |
741 | + if (is_vm_hugetlb_page(vma)) { |
742 | if (walk->ops->hugetlb_entry) |
743 | err = walk_hugetlb_range(start, end, walk); |
744 | } else |
745 | @@ -324,9 +324,13 @@ int walk_page_range(struct mm_struct *mm, unsigned long start, |
746 | if (!vma) { /* after the last vma */ |
747 | walk.vma = NULL; |
748 | next = end; |
749 | + if (ops->pte_hole) |
750 | + err = ops->pte_hole(start, next, &walk); |
751 | } else if (start < vma->vm_start) { /* outside vma */ |
752 | walk.vma = NULL; |
753 | next = min(end, vma->vm_start); |
754 | + if (ops->pte_hole) |
755 | + err = ops->pte_hole(start, next, &walk); |
756 | } else { /* inside vma */ |
757 | walk.vma = vma; |
758 | next = min(end, vma->vm_end); |
759 | @@ -344,9 +348,8 @@ int walk_page_range(struct mm_struct *mm, unsigned long start, |
760 | } |
761 | if (err < 0) |
762 | break; |
763 | - } |
764 | - if (walk.vma || walk.ops->pte_hole) |
765 | err = __walk_page_range(start, next, &walk); |
766 | + } |
767 | if (err) |
768 | break; |
769 | } while (start = next, start < end); |
770 | diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c |
771 | index 9a675ba0bf0a8..a92b11999e5f2 100644 |
772 | --- a/net/ieee802154/socket.c |
773 | +++ b/net/ieee802154/socket.c |
774 | @@ -201,8 +201,9 @@ static int raw_bind(struct sock *sk, struct sockaddr *_uaddr, int len) |
775 | int err = 0; |
776 | struct net_device *dev = NULL; |
777 | |
778 | - if (len < sizeof(*uaddr)) |
779 | - return -EINVAL; |
780 | + err = ieee802154_sockaddr_check_size(uaddr, len); |
781 | + if (err < 0) |
782 | + return err; |
783 | |
784 | uaddr = (struct sockaddr_ieee802154 *)_uaddr; |
785 | if (uaddr->family != AF_IEEE802154) |
786 | @@ -498,7 +499,8 @@ static int dgram_bind(struct sock *sk, struct sockaddr *uaddr, int len) |
787 | |
788 | ro->bound = 0; |
789 | |
790 | - if (len < sizeof(*addr)) |
791 | + err = ieee802154_sockaddr_check_size(addr, len); |
792 | + if (err < 0) |
793 | goto out; |
794 | |
795 | if (addr->family != AF_IEEE802154) |
796 | @@ -569,8 +571,9 @@ static int dgram_connect(struct sock *sk, struct sockaddr *uaddr, |
797 | struct dgram_sock *ro = dgram_sk(sk); |
798 | int err = 0; |
799 | |
800 | - if (len < sizeof(*addr)) |
801 | - return -EINVAL; |
802 | + err = ieee802154_sockaddr_check_size(addr, len); |
803 | + if (err < 0) |
804 | + return err; |
805 | |
806 | if (addr->family != AF_IEEE802154) |
807 | return -EINVAL; |
808 | @@ -609,6 +612,7 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) |
809 | struct ieee802154_mac_cb *cb; |
810 | struct dgram_sock *ro = dgram_sk(sk); |
811 | struct ieee802154_addr dst_addr; |
812 | + DECLARE_SOCKADDR(struct sockaddr_ieee802154*, daddr, msg->msg_name); |
813 | int hlen, tlen; |
814 | int err; |
815 | |
816 | @@ -617,10 +621,20 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) |
817 | return -EOPNOTSUPP; |
818 | } |
819 | |
820 | - if (!ro->connected && !msg->msg_name) |
821 | - return -EDESTADDRREQ; |
822 | - else if (ro->connected && msg->msg_name) |
823 | - return -EISCONN; |
824 | + if (msg->msg_name) { |
825 | + if (ro->connected) |
826 | + return -EISCONN; |
827 | + if (msg->msg_namelen < IEEE802154_MIN_NAMELEN) |
828 | + return -EINVAL; |
829 | + err = ieee802154_sockaddr_check_size(daddr, msg->msg_namelen); |
830 | + if (err < 0) |
831 | + return err; |
832 | + ieee802154_addr_from_sa(&dst_addr, &daddr->addr); |
833 | + } else { |
834 | + if (!ro->connected) |
835 | + return -EDESTADDRREQ; |
836 | + dst_addr = ro->dst_addr; |
837 | + } |
838 | |
839 | if (!ro->bound) |
840 | dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154); |
841 | @@ -656,16 +670,6 @@ static int dgram_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) |
842 | cb = mac_cb_init(skb); |
843 | cb->type = IEEE802154_FC_TYPE_DATA; |
844 | cb->ackreq = ro->want_ack; |
845 | - |
846 | - if (msg->msg_name) { |
847 | - DECLARE_SOCKADDR(struct sockaddr_ieee802154*, |
848 | - daddr, msg->msg_name); |
849 | - |
850 | - ieee802154_addr_from_sa(&dst_addr, &daddr->addr); |
851 | - } else { |
852 | - dst_addr = ro->dst_addr; |
853 | - } |
854 | - |
855 | cb->secen = ro->secen; |
856 | cb->secen_override = ro->secen_override; |
857 | cb->seclevel = ro->seclevel; |
858 | diff --git a/net/mac80211/util.c b/net/mac80211/util.c |
859 | index c1c117fdf3184..a529861256e62 100644 |
860 | --- a/net/mac80211/util.c |
861 | +++ b/net/mac80211/util.c |
862 | @@ -1289,6 +1289,8 @@ static size_t ieee802_11_find_bssid_profile(const u8 *start, size_t len, |
863 | for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, start, len) { |
864 | if (elem->datalen < 2) |
865 | continue; |
866 | + if (elem->data[0] < 1 || elem->data[0] > 8) |
867 | + continue; |
868 | |
869 | for_each_element(sub, elem->data + 1, elem->datalen - 1) { |
870 | u8 new_bssid[ETH_ALEN]; |
871 | diff --git a/net/wireless/scan.c b/net/wireless/scan.c |
872 | index 6bb9437af28bf..c433235e6390a 100644 |
873 | --- a/net/wireless/scan.c |
874 | +++ b/net/wireless/scan.c |
875 | @@ -104,18 +104,12 @@ static inline void bss_ref_get(struct cfg80211_registered_device *rdev, |
876 | lockdep_assert_held(&rdev->bss_lock); |
877 | |
878 | bss->refcount++; |
879 | - if (bss->pub.hidden_beacon_bss) { |
880 | - bss = container_of(bss->pub.hidden_beacon_bss, |
881 | - struct cfg80211_internal_bss, |
882 | - pub); |
883 | - bss->refcount++; |
884 | - } |
885 | - if (bss->pub.transmitted_bss) { |
886 | - bss = container_of(bss->pub.transmitted_bss, |
887 | - struct cfg80211_internal_bss, |
888 | - pub); |
889 | - bss->refcount++; |
890 | - } |
891 | + |
892 | + if (bss->pub.hidden_beacon_bss) |
893 | + bss_from_pub(bss->pub.hidden_beacon_bss)->refcount++; |
894 | + |
895 | + if (bss->pub.transmitted_bss) |
896 | + bss_from_pub(bss->pub.transmitted_bss)->refcount++; |
897 | } |
898 | |
899 | static inline void bss_ref_put(struct cfg80211_registered_device *rdev, |
900 | @@ -265,7 +259,8 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, |
901 | tmp_old = cfg80211_find_ie(WLAN_EID_SSID, ie, ielen); |
902 | tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie; |
903 | |
904 | - while (tmp_old + tmp_old[1] + 2 - ie <= ielen) { |
905 | + while (tmp_old + 2 - ie <= ielen && |
906 | + tmp_old + tmp_old[1] + 2 - ie <= ielen) { |
907 | if (tmp_old[0] == 0) { |
908 | tmp_old++; |
909 | continue; |
910 | @@ -325,7 +320,8 @@ static size_t cfg80211_gen_new_ie(const u8 *ie, size_t ielen, |
911 | * copied to new ie, skip ssid, capability, bssid-index ie |
912 | */ |
913 | tmp_new = sub_copy; |
914 | - while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { |
915 | + while (tmp_new + 2 - sub_copy <= subie_len && |
916 | + tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { |
917 | if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP || |
918 | tmp_new[0] == WLAN_EID_SSID)) { |
919 | memcpy(pos, tmp_new, tmp_new[1] + 2); |
920 | @@ -390,6 +386,15 @@ cfg80211_add_nontrans_list(struct cfg80211_bss *trans_bss, |
921 | |
922 | rcu_read_unlock(); |
923 | |
924 | + /* |
925 | + * This is a bit weird - it's not on the list, but already on another |
926 | + * one! The only way that could happen is if there's some BSSID/SSID |
927 | + * shared by multiple APs in their multi-BSSID profiles, potentially |
928 | + * with hidden SSID mixed in ... ignore it. |
929 | + */ |
930 | + if (!list_empty(&nontrans_bss->nontrans_list)) |
931 | + return -EINVAL; |
932 | + |
933 | /* add to the list */ |
934 | list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list); |
935 | return 0; |
936 | @@ -1094,6 +1099,23 @@ struct cfg80211_non_tx_bss { |
937 | u8 bssid_index; |
938 | }; |
939 | |
940 | +static void cfg80211_update_hidden_bsses(struct cfg80211_internal_bss *known, |
941 | + const struct cfg80211_bss_ies *new_ies, |
942 | + const struct cfg80211_bss_ies *old_ies) |
943 | +{ |
944 | + struct cfg80211_internal_bss *bss; |
945 | + |
946 | + /* Assign beacon IEs to all sub entries */ |
947 | + list_for_each_entry(bss, &known->hidden_list, hidden_list) { |
948 | + const struct cfg80211_bss_ies *ies; |
949 | + |
950 | + ies = rcu_access_pointer(bss->pub.beacon_ies); |
951 | + WARN_ON(ies != old_ies); |
952 | + |
953 | + rcu_assign_pointer(bss->pub.beacon_ies, new_ies); |
954 | + } |
955 | +} |
956 | + |
957 | static bool |
958 | cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, |
959 | struct cfg80211_internal_bss *known, |
960 | @@ -1117,7 +1139,6 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, |
961 | kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); |
962 | } else if (rcu_access_pointer(new->pub.beacon_ies)) { |
963 | const struct cfg80211_bss_ies *old; |
964 | - struct cfg80211_internal_bss *bss; |
965 | |
966 | if (known->pub.hidden_beacon_bss && |
967 | !list_empty(&known->hidden_list)) { |
968 | @@ -1145,16 +1166,7 @@ cfg80211_update_known_bss(struct cfg80211_registered_device *rdev, |
969 | if (old == rcu_access_pointer(known->pub.ies)) |
970 | rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies); |
971 | |
972 | - /* Assign beacon IEs to all sub entries */ |
973 | - list_for_each_entry(bss, &known->hidden_list, hidden_list) { |
974 | - const struct cfg80211_bss_ies *ies; |
975 | - |
976 | - ies = rcu_access_pointer(bss->pub.beacon_ies); |
977 | - WARN_ON(ies != old); |
978 | - |
979 | - rcu_assign_pointer(bss->pub.beacon_ies, |
980 | - new->pub.beacon_ies); |
981 | - } |
982 | + cfg80211_update_hidden_bsses(known, new->pub.beacon_ies, old); |
983 | |
984 | if (old) |
985 | kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); |
986 | @@ -1231,6 +1243,8 @@ cfg80211_bss_update(struct cfg80211_registered_device *rdev, |
987 | new->refcount = 1; |
988 | INIT_LIST_HEAD(&new->hidden_list); |
989 | INIT_LIST_HEAD(&new->pub.nontrans_list); |
990 | + /* we'll set this later if it was non-NULL */ |
991 | + new->pub.transmitted_bss = NULL; |
992 | |
993 | if (rcu_access_pointer(tmp->pub.proberesp_ies)) { |
994 | hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN); |
995 | @@ -1460,10 +1474,15 @@ cfg80211_inform_single_bss_data(struct wiphy *wiphy, |
996 | spin_lock_bh(&rdev->bss_lock); |
997 | if (cfg80211_add_nontrans_list(non_tx_data->tx_bss, |
998 | &res->pub)) { |
999 | - if (__cfg80211_unlink_bss(rdev, res)) |
1000 | + if (__cfg80211_unlink_bss(rdev, res)) { |
1001 | rdev->bss_generation++; |
1002 | + res = NULL; |
1003 | + } |
1004 | } |
1005 | spin_unlock_bh(&rdev->bss_lock); |
1006 | + |
1007 | + if (!res) |
1008 | + return NULL; |
1009 | } |
1010 | |
1011 | trace_cfg80211_return_bss(&res->pub); |
1012 | @@ -1582,6 +1601,8 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy, |
1013 | for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) { |
1014 | if (elem->datalen < 4) |
1015 | continue; |
1016 | + if (elem->data[0] < 1 || (int)elem->data[0] > 8) |
1017 | + continue; |
1018 | for_each_element(sub, elem->data + 1, elem->datalen - 1) { |
1019 | u8 profile_len; |
1020 | |
1021 | @@ -1717,7 +1738,7 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, |
1022 | size_t new_ie_len; |
1023 | struct cfg80211_bss_ies *new_ies; |
1024 | const struct cfg80211_bss_ies *old; |
1025 | - u8 cpy_len; |
1026 | + size_t cpy_len; |
1027 | |
1028 | lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock); |
1029 | |
1030 | @@ -1784,6 +1805,8 @@ cfg80211_update_notlisted_nontrans(struct wiphy *wiphy, |
1031 | } else { |
1032 | old = rcu_access_pointer(nontrans_bss->beacon_ies); |
1033 | rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies); |
1034 | + cfg80211_update_hidden_bsses(bss_from_pub(nontrans_bss), |
1035 | + new_ies, old); |
1036 | rcu_assign_pointer(nontrans_bss->ies, new_ies); |
1037 | if (old) |
1038 | kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head); |
1039 | diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c |
1040 | index 452011428d119..2b341aa079644 100644 |
1041 | --- a/security/integrity/platform_certs/load_uefi.c |
1042 | +++ b/security/integrity/platform_certs/load_uefi.c |
1043 | @@ -30,7 +30,7 @@ static const struct dmi_system_id uefi_skip_cert[] = { |
1044 | { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") }, |
1045 | { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") }, |
1046 | { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") }, |
1047 | - { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") }, |
1048 | + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "Macmini8,1") }, |
1049 | { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") }, |
1050 | { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") }, |
1051 | { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") }, |
1052 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c |
1053 | index 5b892e7090ddc..e387e8db65d22 100644 |
1054 | --- a/sound/pci/hda/hda_intel.c |
1055 | +++ b/sound/pci/hda/hda_intel.c |
1056 | @@ -2532,7 +2532,8 @@ static const struct pci_device_id azx_ids[] = { |
1057 | .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_NOPM }, |
1058 | /* Poulsbo */ |
1059 | { PCI_DEVICE(0x8086, 0x811b), |
1060 | - .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_BASE }, |
1061 | + .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_BASE | |
1062 | + AZX_DCAPS_POSFIX_LPIB }, |
1063 | /* Oaktrail */ |
1064 | { PCI_DEVICE(0x8086, 0x080a), |
1065 | .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_BASE }, |
1066 | diff --git a/tools/perf/util/get_current_dir_name.c b/tools/perf/util/get_current_dir_name.c |
1067 | index b205d929245f5..e68935e9ac8ce 100644 |
1068 | --- a/tools/perf/util/get_current_dir_name.c |
1069 | +++ b/tools/perf/util/get_current_dir_name.c |
1070 | @@ -3,8 +3,9 @@ |
1071 | // |
1072 | #ifndef HAVE_GET_CURRENT_DIR_NAME |
1073 | #include "get_current_dir_name.h" |
1074 | +#include <limits.h> |
1075 | +#include <string.h> |
1076 | #include <unistd.h> |
1077 | -#include <stdlib.h> |
1078 | |
1079 | /* Android's 'bionic' library, for one, doesn't have this */ |
1080 |