Annotation of /trunk/kernel-magellan/patches-3.9/0107-3.9.8-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 2222 -
(hide annotations)
(download)
Mon Jul 1 09:43:39 2013 UTC (10 years, 10 months ago) by niro
File size: 144858 byte(s)
Mon Jul 1 09:43:39 2013 UTC (10 years, 10 months ago) by niro
File size: 144858 byte(s)
-linux-3.9.8
| 1 | niro | 2222 | diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig |
| 2 | index 1cacda4..70cd012 100644 | ||
| 3 | --- a/arch/arm/Kconfig | ||
| 4 | +++ b/arch/arm/Kconfig | ||
| 5 | @@ -1306,6 +1306,16 @@ config PL310_ERRATA_588369 | ||
| 6 | is not correctly implemented in PL310 as clean lines are not | ||
| 7 | invalidated as a result of these operations. | ||
| 8 | |||
| 9 | +config ARM_ERRATA_643719 | ||
| 10 | + bool "ARM errata: LoUIS bit field in CLIDR register is incorrect" | ||
| 11 | + depends on CPU_V7 && SMP | ||
| 12 | + help | ||
| 13 | + This option enables the workaround for the 643719 Cortex-A9 (prior to | ||
| 14 | + r1p0) erratum. On affected cores the LoUIS bit field of the CLIDR | ||
| 15 | + register returns zero when it should return one. The workaround | ||
| 16 | + corrects this value, ensuring cache maintenance operations which use | ||
| 17 | + it behave as intended and avoiding data corruption. | ||
| 18 | + | ||
| 19 | config ARM_ERRATA_720789 | ||
| 20 | bool "ARM errata: TLBIASIDIS and TLBIMVAIS operations can broadcast a faulty ASID" | ||
| 21 | depends on CPU_V7 | ||
| 22 | diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S | ||
| 23 | index 15451ee..515b000 100644 | ||
| 24 | --- a/arch/arm/mm/cache-v7.S | ||
| 25 | +++ b/arch/arm/mm/cache-v7.S | ||
| 26 | @@ -92,6 +92,14 @@ ENTRY(v7_flush_dcache_louis) | ||
| 27 | mrc p15, 1, r0, c0, c0, 1 @ read clidr, r0 = clidr | ||
| 28 | ALT_SMP(ands r3, r0, #(7 << 21)) @ extract LoUIS from clidr | ||
| 29 | ALT_UP(ands r3, r0, #(7 << 27)) @ extract LoUU from clidr | ||
| 30 | +#ifdef CONFIG_ARM_ERRATA_643719 | ||
| 31 | + ALT_SMP(mrceq p15, 0, r2, c0, c0, 0) @ read main ID register | ||
| 32 | + ALT_UP(moveq pc, lr) @ LoUU is zero, so nothing to do | ||
| 33 | + ldreq r1, =0x410fc090 @ ID of ARM Cortex A9 r0p? | ||
| 34 | + biceq r2, r2, #0x0000000f @ clear minor revision number | ||
| 35 | + teqeq r2, r1 @ test for errata affected core and if so... | ||
| 36 | + orreqs r3, #(1 << 21) @ fix LoUIS value (and set flags state to 'ne') | ||
| 37 | +#endif | ||
| 38 | ALT_SMP(mov r3, r3, lsr #20) @ r3 = LoUIS * 2 | ||
| 39 | ALT_UP(mov r3, r3, lsr #26) @ r3 = LoUU * 2 | ||
| 40 | moveq pc, lr @ return if level == 0 | ||
| 41 | diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S | ||
| 42 | index f584d3f..77470d7 100644 | ||
| 43 | --- a/arch/arm/mm/proc-v7.S | ||
| 44 | +++ b/arch/arm/mm/proc-v7.S | ||
| 45 | @@ -407,8 +407,8 @@ __v7_ca9mp_proc_info: | ||
| 46 | */ | ||
| 47 | .type __v7_pj4b_proc_info, #object | ||
| 48 | __v7_pj4b_proc_info: | ||
| 49 | - .long 0x562f5840 | ||
| 50 | - .long 0xfffffff0 | ||
| 51 | + .long 0x560f5800 | ||
| 52 | + .long 0xff0fff00 | ||
| 53 | __v7_proc __v7_pj4b_setup | ||
| 54 | .size __v7_pj4b_proc_info, . - __v7_pj4b_proc_info | ||
| 55 | #endif /* CONFIG_ARM_LPAE */ | ||
| 56 | diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c | ||
| 57 | index 1e49e5eb..9ba33c4 100644 | ||
| 58 | --- a/arch/arm64/kernel/perf_event.c | ||
| 59 | +++ b/arch/arm64/kernel/perf_event.c | ||
| 60 | @@ -1336,6 +1336,7 @@ void perf_callchain_user(struct perf_callchain_entry *entry, | ||
| 61 | return; | ||
| 62 | } | ||
| 63 | |||
| 64 | + perf_callchain_store(entry, regs->pc); | ||
| 65 | tail = (struct frame_tail __user *)regs->regs[29]; | ||
| 66 | |||
| 67 | while (entry->nr < PERF_MAX_STACK_DEPTH && | ||
| 68 | diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig | ||
| 69 | index 0339181..827d4fe 100644 | ||
| 70 | --- a/arch/parisc/Kconfig | ||
| 71 | +++ b/arch/parisc/Kconfig | ||
| 72 | @@ -241,6 +241,14 @@ config SMP | ||
| 73 | |||
| 74 | If you don't know what to do here, say N. | ||
| 75 | |||
| 76 | +config IRQSTACKS | ||
| 77 | + bool "Use separate kernel stacks when processing interrupts" | ||
| 78 | + default y | ||
| 79 | + help | ||
| 80 | + If you say Y here the kernel will use separate kernel stacks | ||
| 81 | + for handling hard and soft interrupts. This can help avoid | ||
| 82 | + overflowing the process kernel stacks. | ||
| 83 | + | ||
| 84 | config HOTPLUG_CPU | ||
| 85 | bool | ||
| 86 | default y if SMP | ||
| 87 | diff --git a/arch/parisc/Kconfig.debug b/arch/parisc/Kconfig.debug | ||
| 88 | index 7305ac8..eb0225f 100644 | ||
| 89 | --- a/arch/parisc/Kconfig.debug | ||
| 90 | +++ b/arch/parisc/Kconfig.debug | ||
| 91 | @@ -27,3 +27,14 @@ config DEBUG_STRICT_USER_COPY_CHECKS | ||
| 92 | If unsure, or if you run an older (pre 4.4) gcc, say N. | ||
| 93 | |||
| 94 | endmenu | ||
| 95 | + | ||
| 96 | +config DEBUG_STACKOVERFLOW | ||
| 97 | + bool "Check for stack overflows" | ||
| 98 | + default y | ||
| 99 | + depends on DEBUG_KERNEL | ||
| 100 | + ---help--- | ||
| 101 | + Say Y here if you want to check the overflows of kernel, IRQ | ||
| 102 | + and exception stacks. This option will cause messages of the | ||
| 103 | + stacks in detail when free stack space drops below a certain | ||
| 104 | + limit. | ||
| 105 | + If in doubt, say "N". | ||
| 106 | diff --git a/arch/parisc/Makefile b/arch/parisc/Makefile | ||
| 107 | index 1976900..96ec398 100644 | ||
| 108 | --- a/arch/parisc/Makefile | ||
| 109 | +++ b/arch/parisc/Makefile | ||
| 110 | @@ -66,7 +66,7 @@ KBUILD_CFLAGS_KERNEL += -mlong-calls | ||
| 111 | endif | ||
| 112 | |||
| 113 | # select which processor to optimise for | ||
| 114 | -cflags-$(CONFIG_PA7100) += -march=1.1 -mschedule=7100 | ||
| 115 | +cflags-$(CONFIG_PA7000) += -march=1.1 -mschedule=7100 | ||
| 116 | cflags-$(CONFIG_PA7200) += -march=1.1 -mschedule=7200 | ||
| 117 | cflags-$(CONFIG_PA7100LC) += -march=1.1 -mschedule=7100LC | ||
| 118 | cflags-$(CONFIG_PA7300LC) += -march=1.1 -mschedule=7300 | ||
| 119 | diff --git a/arch/parisc/include/asm/assembly.h b/arch/parisc/include/asm/assembly.h | ||
| 120 | index 89fb400..0da8482 100644 | ||
| 121 | --- a/arch/parisc/include/asm/assembly.h | ||
| 122 | +++ b/arch/parisc/include/asm/assembly.h | ||
| 123 | @@ -438,7 +438,6 @@ | ||
| 124 | SAVE_SP (%sr4, PT_SR4 (\regs)) | ||
| 125 | SAVE_SP (%sr5, PT_SR5 (\regs)) | ||
| 126 | SAVE_SP (%sr6, PT_SR6 (\regs)) | ||
| 127 | - SAVE_SP (%sr7, PT_SR7 (\regs)) | ||
| 128 | |||
| 129 | SAVE_CR (%cr17, PT_IASQ0(\regs)) | ||
| 130 | mtctl %r0, %cr17 | ||
| 131 | diff --git a/arch/parisc/include/asm/hardirq.h b/arch/parisc/include/asm/hardirq.h | ||
| 132 | index 0d68184..241c345 100644 | ||
| 133 | --- a/arch/parisc/include/asm/hardirq.h | ||
| 134 | +++ b/arch/parisc/include/asm/hardirq.h | ||
| 135 | @@ -1,11 +1,47 @@ | ||
| 136 | /* hardirq.h: PA-RISC hard IRQ support. | ||
| 137 | * | ||
| 138 | * Copyright (C) 2001 Matthew Wilcox <matthew@wil.cx> | ||
| 139 | + * Copyright (C) 2013 Helge Deller <deller@gmx.de> | ||
| 140 | */ | ||
| 141 | |||
| 142 | #ifndef _PARISC_HARDIRQ_H | ||
| 143 | #define _PARISC_HARDIRQ_H | ||
| 144 | |||
| 145 | -#include <asm-generic/hardirq.h> | ||
| 146 | +#include <linux/cache.h> | ||
| 147 | +#include <linux/threads.h> | ||
| 148 | +#include <linux/irq.h> | ||
| 149 | + | ||
| 150 | +#ifdef CONFIG_IRQSTACKS | ||
| 151 | +#define __ARCH_HAS_DO_SOFTIRQ | ||
| 152 | +#endif | ||
| 153 | + | ||
| 154 | +typedef struct { | ||
| 155 | + unsigned int __softirq_pending; | ||
| 156 | + unsigned int kernel_stack_usage; | ||
| 157 | + unsigned int irq_stack_usage; | ||
| 158 | +#ifdef CONFIG_SMP | ||
| 159 | + unsigned int irq_resched_count; | ||
| 160 | + unsigned int irq_call_count; | ||
| 161 | +#endif | ||
| 162 | + unsigned int irq_unaligned_count; | ||
| 163 | + unsigned int irq_fpassist_count; | ||
| 164 | + unsigned int irq_tlb_count; | ||
| 165 | +} ____cacheline_aligned irq_cpustat_t; | ||
| 166 | + | ||
| 167 | +DECLARE_PER_CPU_SHARED_ALIGNED(irq_cpustat_t, irq_stat); | ||
| 168 | + | ||
| 169 | +#define __ARCH_IRQ_STAT | ||
| 170 | +#define __IRQ_STAT(cpu, member) (irq_stat[cpu].member) | ||
| 171 | +#define inc_irq_stat(member) this_cpu_inc(irq_stat.member) | ||
| 172 | +#define __inc_irq_stat(member) __this_cpu_inc(irq_stat.member) | ||
| 173 | +#define local_softirq_pending() this_cpu_read(irq_stat.__softirq_pending) | ||
| 174 | + | ||
| 175 | +#define __ARCH_SET_SOFTIRQ_PENDING | ||
| 176 | + | ||
| 177 | +#define set_softirq_pending(x) \ | ||
| 178 | + this_cpu_write(irq_stat.__softirq_pending, (x)) | ||
| 179 | +#define or_softirq_pending(x) this_cpu_or(irq_stat.__softirq_pending, (x)) | ||
| 180 | + | ||
| 181 | +#define ack_bad_irq(irq) WARN(1, "unexpected IRQ trap at vector %02x\n", irq) | ||
| 182 | |||
| 183 | #endif /* _PARISC_HARDIRQ_H */ | ||
| 184 | diff --git a/arch/parisc/include/asm/mmzone.h b/arch/parisc/include/asm/mmzone.h | ||
| 185 | index 0e625ab..b6b34a0 100644 | ||
| 186 | --- a/arch/parisc/include/asm/mmzone.h | ||
| 187 | +++ b/arch/parisc/include/asm/mmzone.h | ||
| 188 | @@ -27,7 +27,7 @@ extern struct node_map_data node_data[]; | ||
| 189 | |||
| 190 | #define PFNNID_SHIFT (30 - PAGE_SHIFT) | ||
| 191 | #define PFNNID_MAP_MAX 512 /* support 512GB */ | ||
| 192 | -extern unsigned char pfnnid_map[PFNNID_MAP_MAX]; | ||
| 193 | +extern signed char pfnnid_map[PFNNID_MAP_MAX]; | ||
| 194 | |||
| 195 | #ifndef CONFIG_64BIT | ||
| 196 | #define pfn_is_io(pfn) ((pfn & (0xf0000000UL >> PAGE_SHIFT)) == (0xf0000000UL >> PAGE_SHIFT)) | ||
| 197 | @@ -39,17 +39,14 @@ extern unsigned char pfnnid_map[PFNNID_MAP_MAX]; | ||
| 198 | static inline int pfn_to_nid(unsigned long pfn) | ||
| 199 | { | ||
| 200 | unsigned int i; | ||
| 201 | - unsigned char r; | ||
| 202 | |||
| 203 | if (unlikely(pfn_is_io(pfn))) | ||
| 204 | return 0; | ||
| 205 | |||
| 206 | i = pfn >> PFNNID_SHIFT; | ||
| 207 | BUG_ON(i >= ARRAY_SIZE(pfnnid_map)); | ||
| 208 | - r = pfnnid_map[i]; | ||
| 209 | - BUG_ON(r == 0xff); | ||
| 210 | |||
| 211 | - return (int)r; | ||
| 212 | + return pfnnid_map[i]; | ||
| 213 | } | ||
| 214 | |||
| 215 | static inline int pfn_valid(int pfn) | ||
| 216 | diff --git a/arch/parisc/include/asm/pci.h b/arch/parisc/include/asm/pci.h | ||
| 217 | index 3234f49..4651540 100644 | ||
| 218 | --- a/arch/parisc/include/asm/pci.h | ||
| 219 | +++ b/arch/parisc/include/asm/pci.h | ||
| 220 | @@ -225,4 +225,9 @@ static inline int pci_get_legacy_ide_irq(struct pci_dev *dev, int channel) | ||
| 221 | return channel ? 15 : 14; | ||
| 222 | } | ||
| 223 | |||
| 224 | +#define HAVE_PCI_MMAP | ||
| 225 | + | ||
| 226 | +extern int pci_mmap_page_range(struct pci_dev *dev, struct vm_area_struct *vma, | ||
| 227 | + enum pci_mmap_state mmap_state, int write_combine); | ||
| 228 | + | ||
| 229 | #endif /* __ASM_PARISC_PCI_H */ | ||
| 230 | diff --git a/arch/parisc/include/asm/processor.h b/arch/parisc/include/asm/processor.h | ||
| 231 | index 09b54a5..cc2290a 100644 | ||
| 232 | --- a/arch/parisc/include/asm/processor.h | ||
| 233 | +++ b/arch/parisc/include/asm/processor.h | ||
| 234 | @@ -17,11 +17,8 @@ | ||
| 235 | #include <asm/ptrace.h> | ||
| 236 | #include <asm/types.h> | ||
| 237 | #include <asm/percpu.h> | ||
| 238 | - | ||
| 239 | #endif /* __ASSEMBLY__ */ | ||
| 240 | |||
| 241 | -#define KERNEL_STACK_SIZE (4*PAGE_SIZE) | ||
| 242 | - | ||
| 243 | /* | ||
| 244 | * Default implementation of macro that returns current | ||
| 245 | * instruction pointer ("program counter"). | ||
| 246 | @@ -97,7 +94,6 @@ struct cpuinfo_parisc { | ||
| 247 | unsigned long txn_addr; /* MMIO addr of EIR or id_eid */ | ||
| 248 | #ifdef CONFIG_SMP | ||
| 249 | unsigned long pending_ipi; /* bitmap of type ipi_message_type */ | ||
| 250 | - unsigned long ipi_count; /* number ipi Interrupts */ | ||
| 251 | #endif | ||
| 252 | unsigned long bh_count; /* number of times bh was invoked */ | ||
| 253 | unsigned long prof_counter; /* per CPU profiling support */ | ||
| 254 | diff --git a/arch/parisc/include/asm/thread_info.h b/arch/parisc/include/asm/thread_info.h | ||
| 255 | index d1fb79a..3ebe6c4 100644 | ||
| 256 | --- a/arch/parisc/include/asm/thread_info.h | ||
| 257 | +++ b/arch/parisc/include/asm/thread_info.h | ||
| 258 | @@ -40,7 +40,7 @@ struct thread_info { | ||
| 259 | |||
| 260 | /* thread information allocation */ | ||
| 261 | |||
| 262 | -#define THREAD_SIZE_ORDER 2 | ||
| 263 | +#define THREAD_SIZE_ORDER 2 /* PA-RISC requires at least 16k stack */ | ||
| 264 | /* Be sure to hunt all references to this down when you change the size of | ||
| 265 | * the kernel stack */ | ||
| 266 | #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER) | ||
| 267 | diff --git a/arch/parisc/include/asm/tlbflush.h b/arch/parisc/include/asm/tlbflush.h | ||
| 268 | index 8f1a810..5273da9 100644 | ||
| 269 | --- a/arch/parisc/include/asm/tlbflush.h | ||
| 270 | +++ b/arch/parisc/include/asm/tlbflush.h | ||
| 271 | @@ -22,6 +22,8 @@ extern spinlock_t pa_tlb_lock; | ||
| 272 | extern void flush_tlb_all(void); | ||
| 273 | extern void flush_tlb_all_local(void *); | ||
| 274 | |||
| 275 | +#define smp_flush_tlb_all() flush_tlb_all() | ||
| 276 | + | ||
| 277 | /* | ||
| 278 | * flush_tlb_mm() | ||
| 279 | * | ||
| 280 | diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c | ||
| 281 | index 83ded26..65fb4cb 100644 | ||
| 282 | --- a/arch/parisc/kernel/cache.c | ||
| 283 | +++ b/arch/parisc/kernel/cache.c | ||
| 284 | @@ -606,7 +606,7 @@ void clear_user_highpage(struct page *page, unsigned long vaddr) | ||
| 285 | /* Clear using TMPALIAS region. The page doesn't need to | ||
| 286 | be flushed but the kernel mapping needs to be purged. */ | ||
| 287 | |||
| 288 | - vto = kmap_atomic(page, KM_USER0); | ||
| 289 | + vto = kmap_atomic(page); | ||
| 290 | |||
| 291 | /* The PA-RISC 2.0 Architecture book states on page F-6: | ||
| 292 | "Before a write-capable translation is enabled, *all* | ||
| 293 | @@ -641,8 +641,8 @@ void copy_user_highpage(struct page *to, struct page *from, | ||
| 294 | the `to' page must be flushed in copy_user_page_asm since | ||
| 295 | it can be used to bring in executable code. */ | ||
| 296 | |||
| 297 | - vfrom = kmap_atomic(from, KM_USER0); | ||
| 298 | - vto = kmap_atomic(to, KM_USER1); | ||
| 299 | + vfrom = kmap_atomic(from); | ||
| 300 | + vto = kmap_atomic(to); | ||
| 301 | |||
| 302 | purge_kernel_dcache_page_asm((unsigned long)vto); | ||
| 303 | purge_tlb_start(flags); | ||
| 304 | diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c | ||
| 305 | index 5709c5e..14285ca 100644 | ||
| 306 | --- a/arch/parisc/kernel/drivers.c | ||
| 307 | +++ b/arch/parisc/kernel/drivers.c | ||
| 308 | @@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath); | ||
| 309 | static void setup_bus_id(struct parisc_device *padev) | ||
| 310 | { | ||
| 311 | struct hardware_path path; | ||
| 312 | - char name[20]; | ||
| 313 | + char name[28]; | ||
| 314 | char *output = name; | ||
| 315 | int i; | ||
| 316 | |||
| 317 | diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S | ||
| 318 | index 897bce4..950699c 100644 | ||
| 319 | --- a/arch/parisc/kernel/entry.S | ||
| 320 | +++ b/arch/parisc/kernel/entry.S | ||
| 321 | @@ -65,15 +65,11 @@ | ||
| 322 | rsm PSW_SM_I, %r0 /* barrier for "Relied upon Translation */ | ||
| 323 | mtsp %r0, %sr4 | ||
| 324 | mtsp %r0, %sr5 | ||
| 325 | - mfsp %sr7, %r1 | ||
| 326 | - or,= %r0,%r1,%r0 /* Only save sr7 in sr3 if sr7 != 0 */ | ||
| 327 | - mtsp %r1, %sr3 | ||
| 328 | + mtsp %r0, %sr6 | ||
| 329 | tovirt_r1 %r29 | ||
| 330 | load32 KERNEL_PSW, %r1 | ||
| 331 | |||
| 332 | rsm PSW_SM_QUIET,%r0 /* second "heavy weight" ctl op */ | ||
| 333 | - mtsp %r0, %sr6 | ||
| 334 | - mtsp %r0, %sr7 | ||
| 335 | mtctl %r0, %cr17 /* Clear IIASQ tail */ | ||
| 336 | mtctl %r0, %cr17 /* Clear IIASQ head */ | ||
| 337 | mtctl %r1, %ipsw | ||
| 338 | @@ -119,17 +115,20 @@ | ||
| 339 | |||
| 340 | /* we save the registers in the task struct */ | ||
| 341 | |||
| 342 | + copy %r30, %r17 | ||
| 343 | mfctl %cr30, %r1 | ||
| 344 | + ldo THREAD_SZ_ALGN(%r1), %r30 | ||
| 345 | + mtsp %r0,%sr7 | ||
| 346 | + mtsp %r16,%sr3 | ||
| 347 | tophys %r1,%r9 | ||
| 348 | LDREG TI_TASK(%r9), %r1 /* thread_info -> task_struct */ | ||
| 349 | tophys %r1,%r9 | ||
| 350 | ldo TASK_REGS(%r9),%r9 | ||
| 351 | - STREG %r30, PT_GR30(%r9) | ||
| 352 | + STREG %r17,PT_GR30(%r9) | ||
| 353 | STREG %r29,PT_GR29(%r9) | ||
| 354 | STREG %r26,PT_GR26(%r9) | ||
| 355 | + STREG %r16,PT_SR7(%r9) | ||
| 356 | copy %r9,%r29 | ||
| 357 | - mfctl %cr30, %r1 | ||
| 358 | - ldo THREAD_SZ_ALGN(%r1), %r30 | ||
| 359 | .endm | ||
| 360 | |||
| 361 | .macro get_stack_use_r30 | ||
| 362 | @@ -137,10 +136,12 @@ | ||
| 363 | /* we put a struct pt_regs on the stack and save the registers there */ | ||
| 364 | |||
| 365 | tophys %r30,%r9 | ||
| 366 | - STREG %r30,PT_GR30(%r9) | ||
| 367 | + copy %r30,%r1 | ||
| 368 | ldo PT_SZ_ALGN(%r30),%r30 | ||
| 369 | + STREG %r1,PT_GR30(%r9) | ||
| 370 | STREG %r29,PT_GR29(%r9) | ||
| 371 | STREG %r26,PT_GR26(%r9) | ||
| 372 | + STREG %r16,PT_SR7(%r9) | ||
| 373 | copy %r9,%r29 | ||
| 374 | .endm | ||
| 375 | |||
| 376 | @@ -2013,6 +2014,47 @@ ftrace_stub: | ||
| 377 | ENDPROC(return_to_handler) | ||
| 378 | #endif /* CONFIG_FUNCTION_TRACER */ | ||
| 379 | |||
| 380 | +#ifdef CONFIG_IRQSTACKS | ||
| 381 | +/* void call_on_stack(unsigned long param1, void *func, | ||
| 382 | + unsigned long new_stack) */ | ||
| 383 | +ENTRY(call_on_stack) | ||
| 384 | + copy %sp, %r1 | ||
| 385 | + | ||
| 386 | + /* Regarding the HPPA calling conventions for function pointers, | ||
| 387 | + we assume the PIC register is not changed across call. For | ||
| 388 | + CONFIG_64BIT, the argument pointer is left to point at the | ||
| 389 | + argument region allocated for the call to call_on_stack. */ | ||
| 390 | +# ifdef CONFIG_64BIT | ||
| 391 | + /* Switch to new stack. We allocate two 128 byte frames. */ | ||
| 392 | + ldo 256(%arg2), %sp | ||
| 393 | + /* Save previous stack pointer and return pointer in frame marker */ | ||
| 394 | + STREG %rp, -144(%sp) | ||
| 395 | + /* Calls always use function descriptor */ | ||
| 396 | + LDREG 16(%arg1), %arg1 | ||
| 397 | + bve,l (%arg1), %rp | ||
| 398 | + STREG %r1, -136(%sp) | ||
| 399 | + LDREG -144(%sp), %rp | ||
| 400 | + bve (%rp) | ||
| 401 | + LDREG -136(%sp), %sp | ||
| 402 | +# else | ||
| 403 | + /* Switch to new stack. We allocate two 64 byte frames. */ | ||
| 404 | + ldo 128(%arg2), %sp | ||
| 405 | + /* Save previous stack pointer and return pointer in frame marker */ | ||
| 406 | + STREG %r1, -68(%sp) | ||
| 407 | + STREG %rp, -84(%sp) | ||
| 408 | + /* Calls use function descriptor if PLABEL bit is set */ | ||
| 409 | + bb,>=,n %arg1, 30, 1f | ||
| 410 | + depwi 0,31,2, %arg1 | ||
| 411 | + LDREG 0(%arg1), %arg1 | ||
| 412 | +1: | ||
| 413 | + be,l 0(%sr4,%arg1), %sr0, %r31 | ||
| 414 | + copy %r31, %rp | ||
| 415 | + LDREG -84(%sp), %rp | ||
| 416 | + bv (%rp) | ||
| 417 | + LDREG -68(%sp), %sp | ||
| 418 | +# endif /* CONFIG_64BIT */ | ||
| 419 | +ENDPROC(call_on_stack) | ||
| 420 | +#endif /* CONFIG_IRQSTACKS */ | ||
| 421 | |||
| 422 | get_register: | ||
| 423 | /* | ||
| 424 | diff --git a/arch/parisc/kernel/hardware.c b/arch/parisc/kernel/hardware.c | ||
| 425 | index f7752f6..8722756 100644 | ||
| 426 | --- a/arch/parisc/kernel/hardware.c | ||
| 427 | +++ b/arch/parisc/kernel/hardware.c | ||
| 428 | @@ -222,6 +222,7 @@ static struct hp_hardware hp_hardware_list[] = { | ||
| 429 | {HPHW_NPROC,0x5DD,0x4,0x81,"Duet W2"}, | ||
| 430 | {HPHW_NPROC,0x5DE,0x4,0x81,"Piccolo W+"}, | ||
| 431 | {HPHW_NPROC,0x5DF,0x4,0x81,"Cantata W2"}, | ||
| 432 | + {HPHW_NPROC,0x5DF,0x0,0x00,"Marcato W+? (rp5470)"}, | ||
| 433 | {HPHW_NPROC,0x5E0,0x4,0x91,"Cantata DC- W2"}, | ||
| 434 | {HPHW_NPROC,0x5E1,0x4,0x91,"Crescendo DC- W2"}, | ||
| 435 | {HPHW_NPROC,0x5E2,0x4,0x91,"Crescendo 650 W2"}, | ||
| 436 | @@ -1204,6 +1205,7 @@ static struct hp_hardware hp_hardware_list[] = { | ||
| 437 | {HPHW_FIO, 0x004, 0x00320, 0x0, "Metheus Frame Buffer"}, | ||
| 438 | {HPHW_FIO, 0x004, 0x00340, 0x0, "BARCO CX4500 VME Grphx Cnsl"}, | ||
| 439 | {HPHW_FIO, 0x004, 0x00360, 0x0, "Hughes TOG VME FDDI"}, | ||
| 440 | + {HPHW_FIO, 0x076, 0x000AD, 0x00, "Crestone Peak RS-232"}, | ||
| 441 | {HPHW_IOA, 0x185, 0x0000B, 0x00, "Java BC Summit Port"}, | ||
| 442 | {HPHW_IOA, 0x1FF, 0x0000B, 0x00, "Hitachi Ghostview Summit Port"}, | ||
| 443 | {HPHW_IOA, 0x580, 0x0000B, 0x10, "U2-IOA BC Runway Port"}, | ||
| 444 | diff --git a/arch/parisc/kernel/irq.c b/arch/parisc/kernel/irq.c | ||
| 445 | index 8094d3e..2e6443b 100644 | ||
| 446 | --- a/arch/parisc/kernel/irq.c | ||
| 447 | +++ b/arch/parisc/kernel/irq.c | ||
| 448 | @@ -27,11 +27,11 @@ | ||
| 449 | #include <linux/interrupt.h> | ||
| 450 | #include <linux/kernel_stat.h> | ||
| 451 | #include <linux/seq_file.h> | ||
| 452 | -#include <linux/spinlock.h> | ||
| 453 | #include <linux/types.h> | ||
| 454 | #include <asm/io.h> | ||
| 455 | |||
| 456 | #include <asm/smp.h> | ||
| 457 | +#include <asm/ldcw.h> | ||
| 458 | |||
| 459 | #undef PARISC_IRQ_CR16_COUNTS | ||
| 460 | |||
| 461 | @@ -152,6 +152,53 @@ static struct irq_chip cpu_interrupt_type = { | ||
| 462 | .irq_retrigger = NULL, | ||
| 463 | }; | ||
| 464 | |||
| 465 | +DEFINE_PER_CPU_SHARED_ALIGNED(irq_cpustat_t, irq_stat); | ||
| 466 | +#define irq_stats(x) (&per_cpu(irq_stat, x)) | ||
| 467 | + | ||
| 468 | +/* | ||
| 469 | + * /proc/interrupts printing for arch specific interrupts | ||
| 470 | + */ | ||
| 471 | +int arch_show_interrupts(struct seq_file *p, int prec) | ||
| 472 | +{ | ||
| 473 | + int j; | ||
| 474 | + | ||
| 475 | +#ifdef CONFIG_DEBUG_STACKOVERFLOW | ||
| 476 | + seq_printf(p, "%*s: ", prec, "STK"); | ||
| 477 | + for_each_online_cpu(j) | ||
| 478 | + seq_printf(p, "%10u ", irq_stats(j)->kernel_stack_usage); | ||
| 479 | + seq_puts(p, " Kernel stack usage\n"); | ||
| 480 | +# ifdef CONFIG_IRQSTACKS | ||
| 481 | + seq_printf(p, "%*s: ", prec, "IST"); | ||
| 482 | + for_each_online_cpu(j) | ||
| 483 | + seq_printf(p, "%10u ", irq_stats(j)->irq_stack_usage); | ||
| 484 | + seq_puts(p, " Interrupt stack usage\n"); | ||
| 485 | +# endif | ||
| 486 | +#endif | ||
| 487 | +#ifdef CONFIG_SMP | ||
| 488 | + seq_printf(p, "%*s: ", prec, "RES"); | ||
| 489 | + for_each_online_cpu(j) | ||
| 490 | + seq_printf(p, "%10u ", irq_stats(j)->irq_resched_count); | ||
| 491 | + seq_puts(p, " Rescheduling interrupts\n"); | ||
| 492 | + seq_printf(p, "%*s: ", prec, "CAL"); | ||
| 493 | + for_each_online_cpu(j) | ||
| 494 | + seq_printf(p, "%10u ", irq_stats(j)->irq_call_count); | ||
| 495 | + seq_puts(p, " Function call interrupts\n"); | ||
| 496 | +#endif | ||
| 497 | + seq_printf(p, "%*s: ", prec, "UAH"); | ||
| 498 | + for_each_online_cpu(j) | ||
| 499 | + seq_printf(p, "%10u ", irq_stats(j)->irq_unaligned_count); | ||
| 500 | + seq_puts(p, " Unaligned access handler traps\n"); | ||
| 501 | + seq_printf(p, "%*s: ", prec, "FPA"); | ||
| 502 | + for_each_online_cpu(j) | ||
| 503 | + seq_printf(p, "%10u ", irq_stats(j)->irq_fpassist_count); | ||
| 504 | + seq_puts(p, " Floating point assist traps\n"); | ||
| 505 | + seq_printf(p, "%*s: ", prec, "TLB"); | ||
| 506 | + for_each_online_cpu(j) | ||
| 507 | + seq_printf(p, "%10u ", irq_stats(j)->irq_tlb_count); | ||
| 508 | + seq_puts(p, " TLB shootdowns\n"); | ||
| 509 | + return 0; | ||
| 510 | +} | ||
| 511 | + | ||
| 512 | int show_interrupts(struct seq_file *p, void *v) | ||
| 513 | { | ||
| 514 | int i = *(loff_t *) v, j; | ||
| 515 | @@ -219,6 +266,9 @@ int show_interrupts(struct seq_file *p, void *v) | ||
| 516 | raw_spin_unlock_irqrestore(&desc->lock, flags); | ||
| 517 | } | ||
| 518 | |||
| 519 | + if (i == NR_IRQS) | ||
| 520 | + arch_show_interrupts(p, 3); | ||
| 521 | + | ||
| 522 | return 0; | ||
| 523 | } | ||
| 524 | |||
| 525 | @@ -330,6 +380,144 @@ static inline int eirr_to_irq(unsigned long eirr) | ||
| 526 | return (BITS_PER_LONG - bit) + TIMER_IRQ; | ||
| 527 | } | ||
| 528 | |||
| 529 | +#ifdef CONFIG_IRQSTACKS | ||
| 530 | +/* | ||
| 531 | + * IRQ STACK - used for irq handler | ||
| 532 | + */ | ||
| 533 | +#define IRQ_STACK_SIZE (4096 << 2) /* 16k irq stack size */ | ||
| 534 | + | ||
| 535 | +union irq_stack_union { | ||
| 536 | + unsigned long stack[IRQ_STACK_SIZE/sizeof(unsigned long)]; | ||
| 537 | + volatile unsigned int slock[4]; | ||
| 538 | + volatile unsigned int lock[1]; | ||
| 539 | +}; | ||
| 540 | + | ||
| 541 | +DEFINE_PER_CPU(union irq_stack_union, irq_stack_union) = { | ||
| 542 | + .slock = { 1,1,1,1 }, | ||
| 543 | + }; | ||
| 544 | +#endif | ||
| 545 | + | ||
| 546 | + | ||
| 547 | +int sysctl_panic_on_stackoverflow = 1; | ||
| 548 | + | ||
| 549 | +static inline void stack_overflow_check(struct pt_regs *regs) | ||
| 550 | +{ | ||
| 551 | +#ifdef CONFIG_DEBUG_STACKOVERFLOW | ||
| 552 | + #define STACK_MARGIN (256*6) | ||
| 553 | + | ||
| 554 | + /* Our stack starts directly behind the thread_info struct. */ | ||
| 555 | + unsigned long stack_start = (unsigned long) current_thread_info(); | ||
| 556 | + unsigned long sp = regs->gr[30]; | ||
| 557 | + unsigned long stack_usage; | ||
| 558 | + unsigned int *last_usage; | ||
| 559 | + int cpu = smp_processor_id(); | ||
| 560 | + | ||
| 561 | + /* if sr7 != 0, we interrupted a userspace process which we do not want | ||
| 562 | + * to check for stack overflow. We will only check the kernel stack. */ | ||
| 563 | + if (regs->sr[7]) | ||
| 564 | + return; | ||
| 565 | + | ||
| 566 | + /* calculate kernel stack usage */ | ||
| 567 | + stack_usage = sp - stack_start; | ||
| 568 | +#ifdef CONFIG_IRQSTACKS | ||
| 569 | + if (likely(stack_usage <= THREAD_SIZE)) | ||
| 570 | + goto check_kernel_stack; /* found kernel stack */ | ||
| 571 | + | ||
| 572 | + /* check irq stack usage */ | ||
| 573 | + stack_start = (unsigned long) &per_cpu(irq_stack_union, cpu).stack; | ||
| 574 | + stack_usage = sp - stack_start; | ||
| 575 | + | ||
| 576 | + last_usage = &per_cpu(irq_stat.irq_stack_usage, cpu); | ||
| 577 | + if (unlikely(stack_usage > *last_usage)) | ||
| 578 | + *last_usage = stack_usage; | ||
| 579 | + | ||
| 580 | + if (likely(stack_usage < (IRQ_STACK_SIZE - STACK_MARGIN))) | ||
| 581 | + return; | ||
| 582 | + | ||
| 583 | + pr_emerg("stackcheck: %s will most likely overflow irq stack " | ||
| 584 | + "(sp:%lx, stk bottom-top:%lx-%lx)\n", | ||
| 585 | + current->comm, sp, stack_start, stack_start + IRQ_STACK_SIZE); | ||
| 586 | + goto panic_check; | ||
| 587 | + | ||
| 588 | +check_kernel_stack: | ||
| 589 | +#endif | ||
| 590 | + | ||
| 591 | + /* check kernel stack usage */ | ||
| 592 | + last_usage = &per_cpu(irq_stat.kernel_stack_usage, cpu); | ||
| 593 | + | ||
| 594 | + if (unlikely(stack_usage > *last_usage)) | ||
| 595 | + *last_usage = stack_usage; | ||
| 596 | + | ||
| 597 | + if (likely(stack_usage < (THREAD_SIZE - STACK_MARGIN))) | ||
| 598 | + return; | ||
| 599 | + | ||
| 600 | + pr_emerg("stackcheck: %s will most likely overflow kernel stack " | ||
| 601 | + "(sp:%lx, stk bottom-top:%lx-%lx)\n", | ||
| 602 | + current->comm, sp, stack_start, stack_start + THREAD_SIZE); | ||
| 603 | + | ||
| 604 | +#ifdef CONFIG_IRQSTACKS | ||
| 605 | +panic_check: | ||
| 606 | +#endif | ||
| 607 | + if (sysctl_panic_on_stackoverflow) | ||
| 608 | + panic("low stack detected by irq handler - check messages\n"); | ||
| 609 | +#endif | ||
| 610 | +} | ||
| 611 | + | ||
| 612 | +#ifdef CONFIG_IRQSTACKS | ||
| 613 | +/* in entry.S: */ | ||
| 614 | +void call_on_stack(unsigned long p1, void *func, unsigned long new_stack); | ||
| 615 | + | ||
| 616 | +static void execute_on_irq_stack(void *func, unsigned long param1) | ||
| 617 | +{ | ||
| 618 | + union irq_stack_union *union_ptr; | ||
| 619 | + unsigned long irq_stack; | ||
| 620 | + volatile unsigned int *irq_stack_in_use; | ||
| 621 | + | ||
| 622 | + union_ptr = &per_cpu(irq_stack_union, smp_processor_id()); | ||
| 623 | + irq_stack = (unsigned long) &union_ptr->stack; | ||
| 624 | + irq_stack = ALIGN(irq_stack + sizeof(irq_stack_union.slock), | ||
| 625 | + 64); /* align for stack frame usage */ | ||
| 626 | + | ||
| 627 | + /* We may be called recursive. If we are already using the irq stack, | ||
| 628 | + * just continue to use it. Use spinlocks to serialize | ||
| 629 | + * the irq stack usage. | ||
| 630 | + */ | ||
| 631 | + irq_stack_in_use = (volatile unsigned int *)__ldcw_align(union_ptr); | ||
| 632 | + if (!__ldcw(irq_stack_in_use)) { | ||
| 633 | + void (*direct_call)(unsigned long p1) = func; | ||
| 634 | + | ||
| 635 | + /* We are using the IRQ stack already. | ||
| 636 | + * Do direct call on current stack. */ | ||
| 637 | + direct_call(param1); | ||
| 638 | + return; | ||
| 639 | + } | ||
| 640 | + | ||
| 641 | + /* This is where we switch to the IRQ stack. */ | ||
| 642 | + call_on_stack(param1, func, irq_stack); | ||
| 643 | + | ||
| 644 | + /* free up irq stack usage. */ | ||
| 645 | + *irq_stack_in_use = 1; | ||
| 646 | +} | ||
| 647 | + | ||
| 648 | +asmlinkage void do_softirq(void) | ||
| 649 | +{ | ||
| 650 | + __u32 pending; | ||
| 651 | + unsigned long flags; | ||
| 652 | + | ||
| 653 | + if (in_interrupt()) | ||
| 654 | + return; | ||
| 655 | + | ||
| 656 | + local_irq_save(flags); | ||
| 657 | + | ||
| 658 | + pending = local_softirq_pending(); | ||
| 659 | + | ||
| 660 | + if (pending) | ||
| 661 | + execute_on_irq_stack(__do_softirq, 0); | ||
| 662 | + | ||
| 663 | + local_irq_restore(flags); | ||
| 664 | +} | ||
| 665 | +#endif /* CONFIG_IRQSTACKS */ | ||
| 666 | + | ||
| 667 | /* ONLY called from entry.S:intr_extint() */ | ||
| 668 | void do_cpu_irq_mask(struct pt_regs *regs) | ||
| 669 | { | ||
| 670 | @@ -364,7 +552,13 @@ void do_cpu_irq_mask(struct pt_regs *regs) | ||
| 671 | goto set_out; | ||
| 672 | } | ||
| 673 | #endif | ||
| 674 | + stack_overflow_check(regs); | ||
| 675 | + | ||
| 676 | +#ifdef CONFIG_IRQSTACKS | ||
| 677 | + execute_on_irq_stack(&generic_handle_irq, irq); | ||
| 678 | +#else | ||
| 679 | generic_handle_irq(irq); | ||
| 680 | +#endif /* CONFIG_IRQSTACKS */ | ||
| 681 | |||
| 682 | out: | ||
| 683 | irq_exit(); | ||
| 684 | @@ -420,6 +614,4 @@ void __init init_IRQ(void) | ||
| 685 | cpu_eiem = EIEM_MASK(TIMER_IRQ); | ||
| 686 | #endif | ||
| 687 | set_eiem(cpu_eiem); /* EIEM : enable all external intr */ | ||
| 688 | - | ||
| 689 | } | ||
| 690 | - | ||
| 691 | diff --git a/arch/parisc/kernel/pci.c b/arch/parisc/kernel/pci.c | ||
| 692 | index 6030905..64f2764 100644 | ||
| 693 | --- a/arch/parisc/kernel/pci.c | ||
| 694 | +++ b/arch/parisc/kernel/pci.c | ||
| 695 | @@ -220,6 +220,33 @@ resource_size_t pcibios_align_resource(void *data, const struct resource *res, | ||
| 696 | } | ||
| 697 | |||
| 698 | |||
| 699 | +int pci_mmap_page_range(struct pci_dev *dev, struct vm_area_struct *vma, | ||
| 700 | + enum pci_mmap_state mmap_state, int write_combine) | ||
| 701 | +{ | ||
| 702 | + unsigned long prot; | ||
| 703 | + | ||
| 704 | + /* | ||
| 705 | + * I/O space can be accessed via normal processor loads and stores on | ||
| 706 | + * this platform but for now we elect not to do this and portable | ||
| 707 | + * drivers should not do this anyway. | ||
| 708 | + */ | ||
| 709 | + if (mmap_state == pci_mmap_io) | ||
| 710 | + return -EINVAL; | ||
| 711 | + | ||
| 712 | + if (write_combine) | ||
| 713 | + return -EINVAL; | ||
| 714 | + | ||
| 715 | + /* | ||
| 716 | + * Ignore write-combine; for now only return uncached mappings. | ||
| 717 | + */ | ||
| 718 | + prot = pgprot_val(vma->vm_page_prot); | ||
| 719 | + prot |= _PAGE_NO_CACHE; | ||
| 720 | + vma->vm_page_prot = __pgprot(prot); | ||
| 721 | + | ||
| 722 | + return remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, | ||
| 723 | + vma->vm_end - vma->vm_start, vma->vm_page_prot); | ||
| 724 | +} | ||
| 725 | + | ||
| 726 | /* | ||
| 727 | * A driver is enabling the device. We make sure that all the appropriate | ||
| 728 | * bits are set to allow the device to operate as the driver is expecting. | ||
| 729 | diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c | ||
| 730 | index a3328c2..3b812eb 100644 | ||
| 731 | --- a/arch/parisc/kernel/setup.c | ||
| 732 | +++ b/arch/parisc/kernel/setup.c | ||
| 733 | @@ -69,7 +69,8 @@ void __init setup_cmdline(char **cmdline_p) | ||
| 734 | /* called from hpux boot loader */ | ||
| 735 | boot_command_line[0] = '\0'; | ||
| 736 | } else { | ||
| 737 | - strcpy(boot_command_line, (char *)__va(boot_args[1])); | ||
| 738 | + strlcpy(boot_command_line, (char *)__va(boot_args[1]), | ||
| 739 | + COMMAND_LINE_SIZE); | ||
| 740 | |||
| 741 | #ifdef CONFIG_BLK_DEV_INITRD | ||
| 742 | if (boot_args[2] != 0) /* did palo pass us a ramdisk? */ | ||
| 743 | diff --git a/arch/parisc/kernel/smp.c b/arch/parisc/kernel/smp.c | ||
| 744 | index 6266730..677dedb 100644 | ||
| 745 | --- a/arch/parisc/kernel/smp.c | ||
| 746 | +++ b/arch/parisc/kernel/smp.c | ||
| 747 | @@ -127,7 +127,7 @@ ipi_interrupt(int irq, void *dev_id) | ||
| 748 | unsigned long flags; | ||
| 749 | |||
| 750 | /* Count this now; we may make a call that never returns. */ | ||
| 751 | - p->ipi_count++; | ||
| 752 | + inc_irq_stat(irq_call_count); | ||
| 753 | |||
| 754 | mb(); /* Order interrupt and bit testing. */ | ||
| 755 | |||
| 756 | @@ -155,6 +155,7 @@ ipi_interrupt(int irq, void *dev_id) | ||
| 757 | |||
| 758 | case IPI_RESCHEDULE: | ||
| 759 | smp_debug(100, KERN_DEBUG "CPU%d IPI_RESCHEDULE\n", this_cpu); | ||
| 760 | + inc_irq_stat(irq_resched_count); | ||
| 761 | scheduler_ipi(); | ||
| 762 | break; | ||
| 763 | |||
| 764 | @@ -263,17 +264,6 @@ void arch_send_call_function_single_ipi(int cpu) | ||
| 765 | } | ||
| 766 | |||
| 767 | /* | ||
| 768 | - * Flush all other CPU's tlb and then mine. Do this with on_each_cpu() | ||
| 769 | - * as we want to ensure all TLB's flushed before proceeding. | ||
| 770 | - */ | ||
| 771 | - | ||
| 772 | -void | ||
| 773 | -smp_flush_tlb_all(void) | ||
| 774 | -{ | ||
| 775 | - on_each_cpu(flush_tlb_all_local, NULL, 1); | ||
| 776 | -} | ||
| 777 | - | ||
| 778 | -/* | ||
| 779 | * Called by secondaries to update state and initialize CPU registers. | ||
| 780 | */ | ||
| 781 | static void __init | ||
| 782 | diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c | ||
| 783 | index aeb8f8f..c6ae9f5 100644 | ||
| 784 | --- a/arch/parisc/kernel/traps.c | ||
| 785 | +++ b/arch/parisc/kernel/traps.c | ||
| 786 | @@ -652,6 +652,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) | ||
| 787 | case 14: | ||
| 788 | /* Assist Exception Trap, i.e. floating point exception. */ | ||
| 789 | die_if_kernel("Floating point exception", regs, 0); /* quiet */ | ||
| 790 | + __inc_irq_stat(irq_fpassist_count); | ||
| 791 | handle_fpe(regs); | ||
| 792 | return; | ||
| 793 | |||
| 794 | diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c | ||
| 795 | index 234e368..d7c0acb 100644 | ||
| 796 | --- a/arch/parisc/kernel/unaligned.c | ||
| 797 | +++ b/arch/parisc/kernel/unaligned.c | ||
| 798 | @@ -27,6 +27,7 @@ | ||
| 799 | #include <linux/signal.h> | ||
| 800 | #include <linux/ratelimit.h> | ||
| 801 | #include <asm/uaccess.h> | ||
| 802 | +#include <asm/hardirq.h> | ||
| 803 | |||
| 804 | /* #define DEBUG_UNALIGNED 1 */ | ||
| 805 | |||
| 806 | @@ -454,6 +455,8 @@ void handle_unaligned(struct pt_regs *regs) | ||
| 807 | struct siginfo si; | ||
| 808 | register int flop=0; /* true if this is a flop */ | ||
| 809 | |||
| 810 | + __inc_irq_stat(irq_unaligned_count); | ||
| 811 | + | ||
| 812 | /* log a message with pacing */ | ||
| 813 | if (user_mode(regs)) { | ||
| 814 | if (current->thread.flags & PARISC_UAC_SIGBUS) { | ||
| 815 | diff --git a/arch/parisc/kernel/vmlinux.lds.S b/arch/parisc/kernel/vmlinux.lds.S | ||
| 816 | index 64a9998..4bb095a 100644 | ||
| 817 | --- a/arch/parisc/kernel/vmlinux.lds.S | ||
| 818 | +++ b/arch/parisc/kernel/vmlinux.lds.S | ||
| 819 | @@ -95,7 +95,7 @@ SECTIONS | ||
| 820 | NOTES | ||
| 821 | |||
| 822 | /* Data */ | ||
| 823 | - RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, THREAD_SIZE) | ||
| 824 | + RW_DATA_SECTION(L1_CACHE_BYTES, PAGE_SIZE, PAGE_SIZE) | ||
| 825 | |||
| 826 | /* PA-RISC locks requires 16-byte alignment */ | ||
| 827 | . = ALIGN(16); | ||
| 828 | diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c | ||
| 829 | index 3ac462d..d7403b1 100644 | ||
| 830 | --- a/arch/parisc/mm/init.c | ||
| 831 | +++ b/arch/parisc/mm/init.c | ||
| 832 | @@ -47,7 +47,7 @@ pte_t pg0[PT_INITIAL * PTRS_PER_PTE] __attribute__ ((__section__ (".data..vm0.pt | ||
| 833 | |||
| 834 | #ifdef CONFIG_DISCONTIGMEM | ||
| 835 | struct node_map_data node_data[MAX_NUMNODES] __read_mostly; | ||
| 836 | -unsigned char pfnnid_map[PFNNID_MAP_MAX] __read_mostly; | ||
| 837 | +signed char pfnnid_map[PFNNID_MAP_MAX] __read_mostly; | ||
| 838 | #endif | ||
| 839 | |||
| 840 | static struct resource data_resource = { | ||
| 841 | @@ -1077,6 +1077,7 @@ void flush_tlb_all(void) | ||
| 842 | { | ||
| 843 | int do_recycle; | ||
| 844 | |||
| 845 | + __inc_irq_stat(irq_tlb_count); | ||
| 846 | do_recycle = 0; | ||
| 847 | spin_lock(&sid_lock); | ||
| 848 | if (dirty_space_ids > RECYCLE_THRESHOLD) { | ||
| 849 | @@ -1097,6 +1098,7 @@ void flush_tlb_all(void) | ||
| 850 | #else | ||
| 851 | void flush_tlb_all(void) | ||
| 852 | { | ||
| 853 | + __inc_irq_stat(irq_tlb_count); | ||
| 854 | spin_lock(&sid_lock); | ||
| 855 | flush_tlb_all_local(NULL); | ||
| 856 | recycle_sids(); | ||
| 857 | diff --git a/arch/tile/lib/exports.c b/arch/tile/lib/exports.c | ||
| 858 | index 4385cb6..a93b02a 100644 | ||
| 859 | --- a/arch/tile/lib/exports.c | ||
| 860 | +++ b/arch/tile/lib/exports.c | ||
| 861 | @@ -84,4 +84,6 @@ uint64_t __ashrdi3(uint64_t, unsigned int); | ||
| 862 | EXPORT_SYMBOL(__ashrdi3); | ||
| 863 | uint64_t __ashldi3(uint64_t, unsigned int); | ||
| 864 | EXPORT_SYMBOL(__ashldi3); | ||
| 865 | +int __ffsdi2(uint64_t); | ||
| 866 | +EXPORT_SYMBOL(__ffsdi2); | ||
| 867 | #endif | ||
| 868 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig | ||
| 869 | index 6ef2a37..de80b33 100644 | ||
| 870 | --- a/arch/x86/Kconfig | ||
| 871 | +++ b/arch/x86/Kconfig | ||
| 872 | @@ -2268,6 +2268,7 @@ source "fs/Kconfig.binfmt" | ||
| 873 | config IA32_EMULATION | ||
| 874 | bool "IA32 Emulation" | ||
| 875 | depends on X86_64 | ||
| 876 | + select BINFMT_ELF | ||
| 877 | select COMPAT_BINFMT_ELF | ||
| 878 | select HAVE_UID16 | ||
| 879 | ---help--- | ||
| 880 | diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h | ||
| 881 | index 6825e2e..6bc3985 100644 | ||
| 882 | --- a/arch/x86/include/asm/microcode.h | ||
| 883 | +++ b/arch/x86/include/asm/microcode.h | ||
| 884 | @@ -60,11 +60,11 @@ static inline void __exit exit_amd_microcode(void) {} | ||
| 885 | #ifdef CONFIG_MICROCODE_EARLY | ||
| 886 | #define MAX_UCODE_COUNT 128 | ||
| 887 | extern void __init load_ucode_bsp(void); | ||
| 888 | -extern __init void load_ucode_ap(void); | ||
| 889 | +extern void __cpuinit load_ucode_ap(void); | ||
| 890 | extern int __init save_microcode_in_initrd(void); | ||
| 891 | #else | ||
| 892 | static inline void __init load_ucode_bsp(void) {} | ||
| 893 | -static inline __init void load_ucode_ap(void) {} | ||
| 894 | +static inline void __cpuinit load_ucode_ap(void) {} | ||
| 895 | static inline int __init save_microcode_in_initrd(void) | ||
| 896 | { | ||
| 897 | return 0; | ||
| 898 | diff --git a/arch/x86/kernel/cpu/mtrr/cleanup.c b/arch/x86/kernel/cpu/mtrr/cleanup.c | ||
| 899 | index 35ffda5..5f90b85 100644 | ||
| 900 | --- a/arch/x86/kernel/cpu/mtrr/cleanup.c | ||
| 901 | +++ b/arch/x86/kernel/cpu/mtrr/cleanup.c | ||
| 902 | @@ -714,15 +714,15 @@ int __init mtrr_cleanup(unsigned address_bits) | ||
| 903 | if (mtrr_tom2) | ||
| 904 | x_remove_size = (mtrr_tom2 >> PAGE_SHIFT) - x_remove_base; | ||
| 905 | |||
| 906 | - nr_range = x86_get_mtrr_mem_range(range, 0, x_remove_base, x_remove_size); | ||
| 907 | /* | ||
| 908 | * [0, 1M) should always be covered by var mtrr with WB | ||
| 909 | * and fixed mtrrs should take effect before var mtrr for it: | ||
| 910 | */ | ||
| 911 | - nr_range = add_range_with_merge(range, RANGE_NUM, nr_range, 0, | ||
| 912 | + nr_range = add_range_with_merge(range, RANGE_NUM, 0, 0, | ||
| 913 | 1ULL<<(20 - PAGE_SHIFT)); | ||
| 914 | - /* Sort the ranges: */ | ||
| 915 | - sort_range(range, nr_range); | ||
| 916 | + /* add from var mtrr at last */ | ||
| 917 | + nr_range = x86_get_mtrr_mem_range(range, nr_range, | ||
| 918 | + x_remove_base, x_remove_size); | ||
| 919 | |||
| 920 | range_sums = sum_ranges(range, nr_range); | ||
| 921 | printk(KERN_INFO "total RAM covered: %ldM\n", | ||
| 922 | diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c | ||
| 923 | index 0732f00..1590a3a 100644 | ||
| 924 | --- a/arch/x86/kernel/kvmclock.c | ||
| 925 | +++ b/arch/x86/kernel/kvmclock.c | ||
| 926 | @@ -238,6 +238,7 @@ void __init kvmclock_init(void) | ||
| 927 | if (!mem) | ||
| 928 | return; | ||
| 929 | hv_clock = __va(mem); | ||
| 930 | + memset(hv_clock, 0, size); | ||
| 931 | |||
| 932 | if (kvm_register_clock("boot clock")) { | ||
| 933 | hv_clock = NULL; | ||
| 934 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | ||
| 935 | index e172132..8563b45 100644 | ||
| 936 | --- a/arch/x86/kvm/x86.c | ||
| 937 | +++ b/arch/x86/kvm/x86.c | ||
| 938 | @@ -558,8 +558,6 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr) | ||
| 939 | if (index != XCR_XFEATURE_ENABLED_MASK) | ||
| 940 | return 1; | ||
| 941 | xcr0 = xcr; | ||
| 942 | - if (kvm_x86_ops->get_cpl(vcpu) != 0) | ||
| 943 | - return 1; | ||
| 944 | if (!(xcr0 & XSTATE_FP)) | ||
| 945 | return 1; | ||
| 946 | if ((xcr0 & XSTATE_YMM) && !(xcr0 & XSTATE_SSE)) | ||
| 947 | @@ -573,7 +571,8 @@ int __kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr) | ||
| 948 | |||
| 949 | int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr) | ||
| 950 | { | ||
| 951 | - if (__kvm_set_xcr(vcpu, index, xcr)) { | ||
| 952 | + if (kvm_x86_ops->get_cpl(vcpu) != 0 || | ||
| 953 | + __kvm_set_xcr(vcpu, index, xcr)) { | ||
| 954 | kvm_inject_gp(vcpu, 0); | ||
| 955 | return 1; | ||
| 956 | } | ||
| 957 | diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c | ||
| 958 | index 90f3a52..714e825 100644 | ||
| 959 | --- a/arch/x86/platform/efi/efi.c | ||
| 960 | +++ b/arch/x86/platform/efi/efi.c | ||
| 961 | @@ -1059,7 +1059,10 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) | ||
| 962 | * that by attempting to use more space than is available. | ||
| 963 | */ | ||
| 964 | unsigned long dummy_size = remaining_size + 1024; | ||
| 965 | - void *dummy = kmalloc(dummy_size, GFP_ATOMIC); | ||
| 966 | + void *dummy = kzalloc(dummy_size, GFP_ATOMIC); | ||
| 967 | + | ||
| 968 | + if (!dummy) | ||
| 969 | + return EFI_OUT_OF_RESOURCES; | ||
| 970 | |||
| 971 | status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID, | ||
| 972 | EFI_VARIABLE_NON_VOLATILE | | ||
| 973 | @@ -1079,6 +1082,8 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) | ||
| 974 | 0, dummy); | ||
| 975 | } | ||
| 976 | |||
| 977 | + kfree(dummy); | ||
| 978 | + | ||
| 979 | /* | ||
| 980 | * The runtime code may now have triggered a garbage collection | ||
| 981 | * run, so check the variable info again | ||
| 982 | diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c | ||
| 983 | index 4fdea38..ec117c6 100644 | ||
| 984 | --- a/drivers/acpi/dock.c | ||
| 985 | +++ b/drivers/acpi/dock.c | ||
| 986 | @@ -868,8 +868,10 @@ static ssize_t write_undock(struct device *dev, struct device_attribute *attr, | ||
| 987 | if (!count) | ||
| 988 | return -EINVAL; | ||
| 989 | |||
| 990 | + acpi_scan_lock_acquire(); | ||
| 991 | begin_undock(dock_station); | ||
| 992 | ret = handle_eject_request(dock_station, ACPI_NOTIFY_EJECT_REQUEST); | ||
| 993 | + acpi_scan_lock_release(); | ||
| 994 | return ret ? ret: count; | ||
| 995 | } | ||
| 996 | static DEVICE_ATTR(undock, S_IWUSR, NULL, write_undock); | ||
| 997 | diff --git a/drivers/acpi/power.c b/drivers/acpi/power.c | ||
| 998 | index 34f5ef1..4d0624f 100644 | ||
| 999 | --- a/drivers/acpi/power.c | ||
| 1000 | +++ b/drivers/acpi/power.c | ||
| 1001 | @@ -865,6 +865,7 @@ int acpi_add_power_resource(acpi_handle handle) | ||
| 1002 | ACPI_STA_DEFAULT); | ||
| 1003 | mutex_init(&resource->resource_lock); | ||
| 1004 | INIT_LIST_HEAD(&resource->dependent); | ||
| 1005 | + INIT_LIST_HEAD(&resource->list_node); | ||
| 1006 | resource->name = device->pnp.bus_id; | ||
| 1007 | strcpy(acpi_device_name(device), ACPI_POWER_DEVICE_NAME); | ||
| 1008 | strcpy(acpi_device_class(device), ACPI_POWER_CLASS); | ||
| 1009 | diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c | ||
| 1010 | index a3868f6..3322b47 100644 | ||
| 1011 | --- a/drivers/acpi/resource.c | ||
| 1012 | +++ b/drivers/acpi/resource.c | ||
| 1013 | @@ -304,7 +304,8 @@ static void acpi_dev_irqresource_disabled(struct resource *res, u32 gsi) | ||
| 1014 | } | ||
| 1015 | |||
| 1016 | static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, | ||
| 1017 | - u8 triggering, u8 polarity, u8 shareable) | ||
| 1018 | + u8 triggering, u8 polarity, u8 shareable, | ||
| 1019 | + bool legacy) | ||
| 1020 | { | ||
| 1021 | int irq, p, t; | ||
| 1022 | |||
| 1023 | @@ -317,14 +318,19 @@ static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, | ||
| 1024 | * In IO-APIC mode, use overrided attribute. Two reasons: | ||
| 1025 | * 1. BIOS bug in DSDT | ||
| 1026 | * 2. BIOS uses IO-APIC mode Interrupt Source Override | ||
| 1027 | + * | ||
| 1028 | + * We do this only if we are dealing with IRQ() or IRQNoFlags() | ||
| 1029 | + * resource (the legacy ISA resources). With modern ACPI 5 devices | ||
| 1030 | + * using extended IRQ descriptors we take the IRQ configuration | ||
| 1031 | + * from _CRS directly. | ||
| 1032 | */ | ||
| 1033 | - if (!acpi_get_override_irq(gsi, &t, &p)) { | ||
| 1034 | + if (legacy && !acpi_get_override_irq(gsi, &t, &p)) { | ||
| 1035 | u8 trig = t ? ACPI_LEVEL_SENSITIVE : ACPI_EDGE_SENSITIVE; | ||
| 1036 | u8 pol = p ? ACPI_ACTIVE_LOW : ACPI_ACTIVE_HIGH; | ||
| 1037 | |||
| 1038 | if (triggering != trig || polarity != pol) { | ||
| 1039 | pr_warning("ACPI: IRQ %d override to %s, %s\n", gsi, | ||
| 1040 | - t ? "edge" : "level", p ? "low" : "high"); | ||
| 1041 | + t ? "level" : "edge", p ? "low" : "high"); | ||
| 1042 | triggering = trig; | ||
| 1043 | polarity = pol; | ||
| 1044 | } | ||
| 1045 | @@ -373,7 +379,7 @@ bool acpi_dev_resource_interrupt(struct acpi_resource *ares, int index, | ||
| 1046 | } | ||
| 1047 | acpi_dev_get_irqresource(res, irq->interrupts[index], | ||
| 1048 | irq->triggering, irq->polarity, | ||
| 1049 | - irq->sharable); | ||
| 1050 | + irq->sharable, true); | ||
| 1051 | break; | ||
| 1052 | case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: | ||
| 1053 | ext_irq = &ares->data.extended_irq; | ||
| 1054 | @@ -383,7 +389,7 @@ bool acpi_dev_resource_interrupt(struct acpi_resource *ares, int index, | ||
| 1055 | } | ||
| 1056 | acpi_dev_get_irqresource(res, ext_irq->interrupts[index], | ||
| 1057 | ext_irq->triggering, ext_irq->polarity, | ||
| 1058 | - ext_irq->sharable); | ||
| 1059 | + ext_irq->sharable, false); | ||
| 1060 | break; | ||
| 1061 | default: | ||
| 1062 | return false; | ||
| 1063 | diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c | ||
| 1064 | index 4b1f926..01e2103 100644 | ||
| 1065 | --- a/drivers/base/firmware_class.c | ||
| 1066 | +++ b/drivers/base/firmware_class.c | ||
| 1067 | @@ -450,8 +450,18 @@ static void fw_load_abort(struct firmware_priv *fw_priv) | ||
| 1068 | { | ||
| 1069 | struct firmware_buf *buf = fw_priv->buf; | ||
| 1070 | |||
| 1071 | + /* | ||
| 1072 | + * There is a small window in which user can write to 'loading' | ||
| 1073 | + * between loading done and disappearance of 'loading' | ||
| 1074 | + */ | ||
| 1075 | + if (test_bit(FW_STATUS_DONE, &buf->status)) | ||
| 1076 | + return; | ||
| 1077 | + | ||
| 1078 | set_bit(FW_STATUS_ABORT, &buf->status); | ||
| 1079 | complete_all(&buf->completion); | ||
| 1080 | + | ||
| 1081 | + /* avoid user action after loading abort */ | ||
| 1082 | + fw_priv->buf = NULL; | ||
| 1083 | } | ||
| 1084 | |||
| 1085 | #define is_fw_load_aborted(buf) \ | ||
| 1086 | @@ -528,7 +538,12 @@ static ssize_t firmware_loading_show(struct device *dev, | ||
| 1087 | struct device_attribute *attr, char *buf) | ||
| 1088 | { | ||
| 1089 | struct firmware_priv *fw_priv = to_firmware_priv(dev); | ||
| 1090 | - int loading = test_bit(FW_STATUS_LOADING, &fw_priv->buf->status); | ||
| 1091 | + int loading = 0; | ||
| 1092 | + | ||
| 1093 | + mutex_lock(&fw_lock); | ||
| 1094 | + if (fw_priv->buf) | ||
| 1095 | + loading = test_bit(FW_STATUS_LOADING, &fw_priv->buf->status); | ||
| 1096 | + mutex_unlock(&fw_lock); | ||
| 1097 | |||
| 1098 | return sprintf(buf, "%d\n", loading); | ||
| 1099 | } | ||
| 1100 | @@ -570,12 +585,12 @@ static ssize_t firmware_loading_store(struct device *dev, | ||
| 1101 | const char *buf, size_t count) | ||
| 1102 | { | ||
| 1103 | struct firmware_priv *fw_priv = to_firmware_priv(dev); | ||
| 1104 | - struct firmware_buf *fw_buf = fw_priv->buf; | ||
| 1105 | + struct firmware_buf *fw_buf; | ||
| 1106 | int loading = simple_strtol(buf, NULL, 10); | ||
| 1107 | int i; | ||
| 1108 | |||
| 1109 | mutex_lock(&fw_lock); | ||
| 1110 | - | ||
| 1111 | + fw_buf = fw_priv->buf; | ||
| 1112 | if (!fw_buf) | ||
| 1113 | goto out; | ||
| 1114 | |||
| 1115 | @@ -777,10 +792,6 @@ static void firmware_class_timeout_work(struct work_struct *work) | ||
| 1116 | struct firmware_priv, timeout_work.work); | ||
| 1117 | |||
| 1118 | mutex_lock(&fw_lock); | ||
| 1119 | - if (test_bit(FW_STATUS_DONE, &(fw_priv->buf->status))) { | ||
| 1120 | - mutex_unlock(&fw_lock); | ||
| 1121 | - return; | ||
| 1122 | - } | ||
| 1123 | fw_load_abort(fw_priv); | ||
| 1124 | mutex_unlock(&fw_lock); | ||
| 1125 | } | ||
| 1126 | @@ -861,8 +872,6 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, | ||
| 1127 | |||
| 1128 | cancel_delayed_work_sync(&fw_priv->timeout_work); | ||
| 1129 | |||
| 1130 | - fw_priv->buf = NULL; | ||
| 1131 | - | ||
| 1132 | device_remove_file(f_dev, &dev_attr_loading); | ||
| 1133 | err_del_bin_attr: | ||
| 1134 | device_remove_bin_file(f_dev, &firmware_attr_data); | ||
| 1135 | diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c | ||
| 1136 | index fe333e4..c2b1427 100644 | ||
| 1137 | --- a/drivers/block/rbd.c | ||
| 1138 | +++ b/drivers/block/rbd.c | ||
| 1139 | @@ -833,12 +833,16 @@ static const char *rbd_segment_name(struct rbd_device *rbd_dev, u64 offset) | ||
| 1140 | char *name; | ||
| 1141 | u64 segment; | ||
| 1142 | int ret; | ||
| 1143 | + char *name_format; | ||
| 1144 | |||
| 1145 | name = kmalloc(MAX_OBJ_NAME_SIZE + 1, GFP_NOIO); | ||
| 1146 | if (!name) | ||
| 1147 | return NULL; | ||
| 1148 | segment = offset >> rbd_dev->header.obj_order; | ||
| 1149 | - ret = snprintf(name, MAX_OBJ_NAME_SIZE + 1, "%s.%012llx", | ||
| 1150 | + name_format = "%s.%012llx"; | ||
| 1151 | + if (rbd_dev->image_format == 2) | ||
| 1152 | + name_format = "%s.%016llx"; | ||
| 1153 | + ret = snprintf(name, MAX_OBJ_NAME_SIZE + 1, name_format, | ||
| 1154 | rbd_dev->header.object_prefix, segment); | ||
| 1155 | if (ret < 0 || ret > MAX_OBJ_NAME_SIZE) { | ||
| 1156 | pr_err("error formatting segment name for #%llu (%d)\n", | ||
| 1157 | diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c | ||
| 1158 | index ed87b24..c2c23c0 100644 | ||
| 1159 | --- a/drivers/clk/clk.c | ||
| 1160 | +++ b/drivers/clk/clk.c | ||
| 1161 | @@ -1759,6 +1759,7 @@ int clk_notifier_unregister(struct clk *clk, struct notifier_block *nb) | ||
| 1162 | /* XXX the notifier code should handle this better */ | ||
| 1163 | if (!cn->notifier_head.head) { | ||
| 1164 | srcu_cleanup_notifier_head(&cn->notifier_head); | ||
| 1165 | + list_del(&cn->node); | ||
| 1166 | kfree(cn); | ||
| 1167 | } | ||
| 1168 | |||
| 1169 | diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c | ||
| 1170 | index db767ca..bde91b4 100644 | ||
| 1171 | --- a/drivers/gpu/drm/drm_prime.c | ||
| 1172 | +++ b/drivers/gpu/drm/drm_prime.c | ||
| 1173 | @@ -190,8 +190,7 @@ struct dma_buf *drm_gem_prime_export(struct drm_device *dev, | ||
| 1174 | if (ret) | ||
| 1175 | return ERR_PTR(ret); | ||
| 1176 | } | ||
| 1177 | - return dma_buf_export(obj, &drm_gem_prime_dmabuf_ops, obj->size, | ||
| 1178 | - 0600); | ||
| 1179 | + return dma_buf_export(obj, &drm_gem_prime_dmabuf_ops, obj->size, flags); | ||
| 1180 | } | ||
| 1181 | EXPORT_SYMBOL(drm_gem_prime_export); | ||
| 1182 | |||
| 1183 | diff --git a/drivers/gpu/drm/radeon/radeon_gart.c b/drivers/gpu/drm/radeon/radeon_gart.c | ||
| 1184 | index 2c1341f..43ec4a4 100644 | ||
| 1185 | --- a/drivers/gpu/drm/radeon/radeon_gart.c | ||
| 1186 | +++ b/drivers/gpu/drm/radeon/radeon_gart.c | ||
| 1187 | @@ -1197,11 +1197,13 @@ int radeon_vm_bo_update_pte(struct radeon_device *rdev, | ||
| 1188 | int radeon_vm_bo_rmv(struct radeon_device *rdev, | ||
| 1189 | struct radeon_bo_va *bo_va) | ||
| 1190 | { | ||
| 1191 | - int r; | ||
| 1192 | + int r = 0; | ||
| 1193 | |||
| 1194 | mutex_lock(&rdev->vm_manager.lock); | ||
| 1195 | mutex_lock(&bo_va->vm->mutex); | ||
| 1196 | - r = radeon_vm_bo_update_pte(rdev, bo_va->vm, bo_va->bo, NULL); | ||
| 1197 | + if (bo_va->soffset) { | ||
| 1198 | + r = radeon_vm_bo_update_pte(rdev, bo_va->vm, bo_va->bo, NULL); | ||
| 1199 | + } | ||
| 1200 | mutex_unlock(&rdev->vm_manager.lock); | ||
| 1201 | list_del(&bo_va->vm_list); | ||
| 1202 | mutex_unlock(&bo_va->vm->mutex); | ||
| 1203 | diff --git a/drivers/gpu/drm/radeon/radeon_ring.c b/drivers/gpu/drm/radeon/radeon_ring.c | ||
| 1204 | index 1ef5eaa..e2fd0f7 100644 | ||
| 1205 | --- a/drivers/gpu/drm/radeon/radeon_ring.c | ||
| 1206 | +++ b/drivers/gpu/drm/radeon/radeon_ring.c | ||
| 1207 | @@ -402,6 +402,13 @@ int radeon_ring_alloc(struct radeon_device *rdev, struct radeon_ring *ring, unsi | ||
| 1208 | return -ENOMEM; | ||
| 1209 | /* Align requested size with padding so unlock_commit can | ||
| 1210 | * pad safely */ | ||
| 1211 | + radeon_ring_free_size(rdev, ring); | ||
| 1212 | + if (ring->ring_free_dw == (ring->ring_size / 4)) { | ||
| 1213 | + /* This is an empty ring update lockup info to avoid | ||
| 1214 | + * false positive. | ||
| 1215 | + */ | ||
| 1216 | + radeon_ring_lockup_update(ring); | ||
| 1217 | + } | ||
| 1218 | ndw = (ndw + ring->align_mask) & ~ring->align_mask; | ||
| 1219 | while (ndw > (ring->ring_free_dw - 1)) { | ||
| 1220 | radeon_ring_free_size(rdev, ring); | ||
| 1221 | diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c | ||
| 1222 | index d6cbfe9..fa061d4 100644 | ||
| 1223 | --- a/drivers/input/joystick/xpad.c | ||
| 1224 | +++ b/drivers/input/joystick/xpad.c | ||
| 1225 | @@ -137,7 +137,7 @@ static const struct xpad_device { | ||
| 1226 | { 0x0738, 0x4540, "Mad Catz Beat Pad", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX }, | ||
| 1227 | { 0x0738, 0x4556, "Mad Catz Lynx Wireless Controller", 0, XTYPE_XBOX }, | ||
| 1228 | { 0x0738, 0x4716, "Mad Catz Wired Xbox 360 Controller", 0, XTYPE_XBOX360 }, | ||
| 1229 | - { 0x0738, 0x4728, "Mad Catz Street Fighter IV FightPad", XTYPE_XBOX360 }, | ||
| 1230 | + { 0x0738, 0x4728, "Mad Catz Street Fighter IV FightPad", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, | ||
| 1231 | { 0x0738, 0x4738, "Mad Catz Wired Xbox 360 Controller (SFIV)", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, | ||
| 1232 | { 0x0738, 0x6040, "Mad Catz Beat Pad Pro", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX }, | ||
| 1233 | { 0x0738, 0xbeef, "Mad Catz JOYTECH NEO SE Advanced GamePad", XTYPE_XBOX360 }, | ||
| 1234 | diff --git a/drivers/input/keyboard/Kconfig b/drivers/input/keyboard/Kconfig | ||
| 1235 | index ac05006..c62ca1b 100644 | ||
| 1236 | --- a/drivers/input/keyboard/Kconfig | ||
| 1237 | +++ b/drivers/input/keyboard/Kconfig | ||
| 1238 | @@ -431,6 +431,7 @@ config KEYBOARD_TEGRA | ||
| 1239 | |||
| 1240 | config KEYBOARD_OPENCORES | ||
| 1241 | tristate "OpenCores Keyboard Controller" | ||
| 1242 | + depends on HAS_IOMEM | ||
| 1243 | help | ||
| 1244 | Say Y here if you want to use the OpenCores Keyboard Controller | ||
| 1245 | http://www.opencores.org/project,keyboardcontroller | ||
| 1246 | diff --git a/drivers/input/serio/Kconfig b/drivers/input/serio/Kconfig | ||
| 1247 | index 3ec5ef2..dbe1af5 100644 | ||
| 1248 | --- a/drivers/input/serio/Kconfig | ||
| 1249 | +++ b/drivers/input/serio/Kconfig | ||
| 1250 | @@ -205,6 +205,7 @@ config SERIO_XILINX_XPS_PS2 | ||
| 1251 | |||
| 1252 | config SERIO_ALTERA_PS2 | ||
| 1253 | tristate "Altera UP PS/2 controller" | ||
| 1254 | + depends on HAS_IOMEM | ||
| 1255 | help | ||
| 1256 | Say Y here if you have Altera University Program PS/2 ports. | ||
| 1257 | |||
| 1258 | diff --git a/drivers/input/touchscreen/cyttsp_core.c b/drivers/input/touchscreen/cyttsp_core.c | ||
| 1259 | index 8e60437..97ba891 100644 | ||
| 1260 | --- a/drivers/input/touchscreen/cyttsp_core.c | ||
| 1261 | +++ b/drivers/input/touchscreen/cyttsp_core.c | ||
| 1262 | @@ -133,7 +133,7 @@ static int cyttsp_exit_bl_mode(struct cyttsp *ts) | ||
| 1263 | memcpy(bl_cmd, bl_command, sizeof(bl_command)); | ||
| 1264 | if (ts->pdata->bl_keys) | ||
| 1265 | memcpy(&bl_cmd[sizeof(bl_command) - CY_NUM_BL_KEYS], | ||
| 1266 | - ts->pdata->bl_keys, sizeof(bl_command)); | ||
| 1267 | + ts->pdata->bl_keys, CY_NUM_BL_KEYS); | ||
| 1268 | |||
| 1269 | error = ttsp_write_block_data(ts, CY_REG_BASE, | ||
| 1270 | sizeof(bl_cmd), bl_cmd); | ||
| 1271 | diff --git a/drivers/net/ethernet/freescale/fec.c b/drivers/net/ethernet/freescale/fec.c | ||
| 1272 | index 73195f6..ef5b595 100644 | ||
| 1273 | --- a/drivers/net/ethernet/freescale/fec.c | ||
| 1274 | +++ b/drivers/net/ethernet/freescale/fec.c | ||
| 1275 | @@ -407,6 +407,13 @@ fec_restart(struct net_device *ndev, int duplex) | ||
| 1276 | u32 rcntl = OPT_FRAME_SIZE | 0x04; | ||
| 1277 | u32 ecntl = 0x2; /* ETHEREN */ | ||
| 1278 | |||
| 1279 | + if (netif_running(ndev)) { | ||
| 1280 | + netif_device_detach(ndev); | ||
| 1281 | + napi_disable(&fep->napi); | ||
| 1282 | + netif_stop_queue(ndev); | ||
| 1283 | + netif_tx_lock_bh(ndev); | ||
| 1284 | + } | ||
| 1285 | + | ||
| 1286 | /* Whack a reset. We should wait for this. */ | ||
| 1287 | writel(1, fep->hwp + FEC_ECNTRL); | ||
| 1288 | udelay(10); | ||
| 1289 | @@ -559,6 +566,13 @@ fec_restart(struct net_device *ndev, int duplex) | ||
| 1290 | |||
| 1291 | /* Enable interrupts we wish to service */ | ||
| 1292 | writel(FEC_DEFAULT_IMASK, fep->hwp + FEC_IMASK); | ||
| 1293 | + | ||
| 1294 | + if (netif_running(ndev)) { | ||
| 1295 | + netif_device_attach(ndev); | ||
| 1296 | + napi_enable(&fep->napi); | ||
| 1297 | + netif_wake_queue(ndev); | ||
| 1298 | + netif_tx_unlock_bh(ndev); | ||
| 1299 | + } | ||
| 1300 | } | ||
| 1301 | |||
| 1302 | static void | ||
| 1303 | @@ -598,8 +612,22 @@ fec_timeout(struct net_device *ndev) | ||
| 1304 | |||
| 1305 | ndev->stats.tx_errors++; | ||
| 1306 | |||
| 1307 | - fec_restart(ndev, fep->full_duplex); | ||
| 1308 | - netif_wake_queue(ndev); | ||
| 1309 | + fep->delay_work.timeout = true; | ||
| 1310 | + schedule_delayed_work(&(fep->delay_work.delay_work), 0); | ||
| 1311 | +} | ||
| 1312 | + | ||
| 1313 | +static void fec_enet_work(struct work_struct *work) | ||
| 1314 | +{ | ||
| 1315 | + struct fec_enet_private *fep = | ||
| 1316 | + container_of(work, | ||
| 1317 | + struct fec_enet_private, | ||
| 1318 | + delay_work.delay_work.work); | ||
| 1319 | + | ||
| 1320 | + if (fep->delay_work.timeout) { | ||
| 1321 | + fep->delay_work.timeout = false; | ||
| 1322 | + fec_restart(fep->netdev, fep->full_duplex); | ||
| 1323 | + netif_wake_queue(fep->netdev); | ||
| 1324 | + } | ||
| 1325 | } | ||
| 1326 | |||
| 1327 | static void | ||
| 1328 | @@ -970,16 +998,12 @@ static void fec_enet_adjust_link(struct net_device *ndev) | ||
| 1329 | { | ||
| 1330 | struct fec_enet_private *fep = netdev_priv(ndev); | ||
| 1331 | struct phy_device *phy_dev = fep->phy_dev; | ||
| 1332 | - unsigned long flags; | ||
| 1333 | - | ||
| 1334 | int status_change = 0; | ||
| 1335 | |||
| 1336 | - spin_lock_irqsave(&fep->hw_lock, flags); | ||
| 1337 | - | ||
| 1338 | /* Prevent a state halted on mii error */ | ||
| 1339 | if (fep->mii_timeout && phy_dev->state == PHY_HALTED) { | ||
| 1340 | phy_dev->state = PHY_RESUMING; | ||
| 1341 | - goto spin_unlock; | ||
| 1342 | + return; | ||
| 1343 | } | ||
| 1344 | |||
| 1345 | if (phy_dev->link) { | ||
| 1346 | @@ -1007,9 +1031,6 @@ static void fec_enet_adjust_link(struct net_device *ndev) | ||
| 1347 | } | ||
| 1348 | } | ||
| 1349 | |||
| 1350 | -spin_unlock: | ||
| 1351 | - spin_unlock_irqrestore(&fep->hw_lock, flags); | ||
| 1352 | - | ||
| 1353 | if (status_change) | ||
| 1354 | phy_print_status(phy_dev); | ||
| 1355 | } | ||
| 1356 | @@ -1656,7 +1677,6 @@ static int fec_enet_init(struct net_device *ndev) | ||
| 1357 | } | ||
| 1358 | |||
| 1359 | memset(cbd_base, 0, PAGE_SIZE); | ||
| 1360 | - spin_lock_init(&fep->hw_lock); | ||
| 1361 | |||
| 1362 | fep->netdev = ndev; | ||
| 1363 | |||
| 1364 | @@ -1882,6 +1902,7 @@ fec_probe(struct platform_device *pdev) | ||
| 1365 | if (ret) | ||
| 1366 | goto failed_register; | ||
| 1367 | |||
| 1368 | + INIT_DELAYED_WORK(&(fep->delay_work.delay_work), fec_enet_work); | ||
| 1369 | return 0; | ||
| 1370 | |||
| 1371 | failed_register: | ||
| 1372 | @@ -1918,6 +1939,7 @@ fec_drv_remove(struct platform_device *pdev) | ||
| 1373 | struct resource *r; | ||
| 1374 | int i; | ||
| 1375 | |||
| 1376 | + cancel_delayed_work_sync(&(fep->delay_work.delay_work)); | ||
| 1377 | unregister_netdev(ndev); | ||
| 1378 | fec_enet_mii_remove(fep); | ||
| 1379 | del_timer_sync(&fep->time_keep); | ||
| 1380 | diff --git a/drivers/net/ethernet/freescale/fec.h b/drivers/net/ethernet/freescale/fec.h | ||
| 1381 | index eb43729..5045f33 100644 | ||
| 1382 | --- a/drivers/net/ethernet/freescale/fec.h | ||
| 1383 | +++ b/drivers/net/ethernet/freescale/fec.h | ||
| 1384 | @@ -191,6 +191,11 @@ struct bufdesc_ex { | ||
| 1385 | #define BD_ENET_RX_INT 0x00800000 | ||
| 1386 | #define BD_ENET_RX_PTP ((ushort)0x0400) | ||
| 1387 | |||
| 1388 | +struct fec_enet_delayed_work { | ||
| 1389 | + struct delayed_work delay_work; | ||
| 1390 | + bool timeout; | ||
| 1391 | +}; | ||
| 1392 | + | ||
| 1393 | /* The FEC buffer descriptors track the ring buffers. The rx_bd_base and | ||
| 1394 | * tx_bd_base always point to the base of the buffer descriptors. The | ||
| 1395 | * cur_rx and cur_tx point to the currently available buffer. | ||
| 1396 | @@ -224,9 +229,6 @@ struct fec_enet_private { | ||
| 1397 | /* The ring entries to be free()ed */ | ||
| 1398 | struct bufdesc *dirty_tx; | ||
| 1399 | |||
| 1400 | - /* hold while accessing the HW like ringbuffer for tx/rx but not MAC */ | ||
| 1401 | - spinlock_t hw_lock; | ||
| 1402 | - | ||
| 1403 | struct platform_device *pdev; | ||
| 1404 | |||
| 1405 | int opened; | ||
| 1406 | @@ -260,7 +262,7 @@ struct fec_enet_private { | ||
| 1407 | int hwts_rx_en; | ||
| 1408 | int hwts_tx_en; | ||
| 1409 | struct timer_list time_keep; | ||
| 1410 | - | ||
| 1411 | + struct fec_enet_delayed_work delay_work; | ||
| 1412 | }; | ||
| 1413 | |||
| 1414 | void fec_ptp_init(struct net_device *ndev, struct platform_device *pdev); | ||
| 1415 | diff --git a/drivers/net/ethernet/freescale/gianfar_ptp.c b/drivers/net/ethernet/freescale/gianfar_ptp.c | ||
| 1416 | index a3f8a25..2a2bc0b 100644 | ||
| 1417 | --- a/drivers/net/ethernet/freescale/gianfar_ptp.c | ||
| 1418 | +++ b/drivers/net/ethernet/freescale/gianfar_ptp.c | ||
| 1419 | @@ -521,6 +521,7 @@ static int gianfar_ptp_probe(struct platform_device *dev) | ||
| 1420 | return 0; | ||
| 1421 | |||
| 1422 | no_clock: | ||
| 1423 | + iounmap(etsects->regs); | ||
| 1424 | no_ioremap: | ||
| 1425 | release_resource(etsects->rsrc); | ||
| 1426 | no_resource: | ||
| 1427 | diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c | ||
| 1428 | index b62a324..dd45d7d 100644 | ||
| 1429 | --- a/drivers/net/ethernet/realtek/8139cp.c | ||
| 1430 | +++ b/drivers/net/ethernet/realtek/8139cp.c | ||
| 1431 | @@ -1136,6 +1136,7 @@ static void cp_clean_rings (struct cp_private *cp) | ||
| 1432 | cp->dev->stats.tx_dropped++; | ||
| 1433 | } | ||
| 1434 | } | ||
| 1435 | + netdev_reset_queue(cp->dev); | ||
| 1436 | |||
| 1437 | memset(cp->rx_ring, 0, sizeof(struct cp_desc) * CP_RX_RING_SIZE); | ||
| 1438 | memset(cp->tx_ring, 0, sizeof(struct cp_desc) * CP_TX_RING_SIZE); | ||
| 1439 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c | ||
| 1440 | index 15ba8c4..54fd2ef 100644 | ||
| 1441 | --- a/drivers/net/ethernet/realtek/r8169.c | ||
| 1442 | +++ b/drivers/net/ethernet/realtek/r8169.c | ||
| 1443 | @@ -5747,7 +5747,20 @@ err_out: | ||
| 1444 | return -EIO; | ||
| 1445 | } | ||
| 1446 | |||
| 1447 | -static inline void rtl8169_tso_csum(struct rtl8169_private *tp, | ||
| 1448 | +static bool rtl_skb_pad(struct sk_buff *skb) | ||
| 1449 | +{ | ||
| 1450 | + if (skb_padto(skb, ETH_ZLEN)) | ||
| 1451 | + return false; | ||
| 1452 | + skb_put(skb, ETH_ZLEN - skb->len); | ||
| 1453 | + return true; | ||
| 1454 | +} | ||
| 1455 | + | ||
| 1456 | +static bool rtl_test_hw_pad_bug(struct rtl8169_private *tp, struct sk_buff *skb) | ||
| 1457 | +{ | ||
| 1458 | + return skb->len < ETH_ZLEN && tp->mac_version == RTL_GIGA_MAC_VER_34; | ||
| 1459 | +} | ||
| 1460 | + | ||
| 1461 | +static inline bool rtl8169_tso_csum(struct rtl8169_private *tp, | ||
| 1462 | struct sk_buff *skb, u32 *opts) | ||
| 1463 | { | ||
| 1464 | const struct rtl_tx_desc_info *info = tx_desc_info + tp->txd_version; | ||
| 1465 | @@ -5760,13 +5773,20 @@ static inline void rtl8169_tso_csum(struct rtl8169_private *tp, | ||
| 1466 | } else if (skb->ip_summed == CHECKSUM_PARTIAL) { | ||
| 1467 | const struct iphdr *ip = ip_hdr(skb); | ||
| 1468 | |||
| 1469 | + if (unlikely(rtl_test_hw_pad_bug(tp, skb))) | ||
| 1470 | + return skb_checksum_help(skb) == 0 && rtl_skb_pad(skb); | ||
| 1471 | + | ||
| 1472 | if (ip->protocol == IPPROTO_TCP) | ||
| 1473 | opts[offset] |= info->checksum.tcp; | ||
| 1474 | else if (ip->protocol == IPPROTO_UDP) | ||
| 1475 | opts[offset] |= info->checksum.udp; | ||
| 1476 | else | ||
| 1477 | WARN_ON_ONCE(1); | ||
| 1478 | + } else { | ||
| 1479 | + if (unlikely(rtl_test_hw_pad_bug(tp, skb))) | ||
| 1480 | + return rtl_skb_pad(skb); | ||
| 1481 | } | ||
| 1482 | + return true; | ||
| 1483 | } | ||
| 1484 | |||
| 1485 | static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, | ||
| 1486 | @@ -5787,17 +5807,15 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, | ||
| 1487 | goto err_stop_0; | ||
| 1488 | } | ||
| 1489 | |||
| 1490 | - /* 8168evl does not automatically pad to minimum length. */ | ||
| 1491 | - if (unlikely(tp->mac_version == RTL_GIGA_MAC_VER_34 && | ||
| 1492 | - skb->len < ETH_ZLEN)) { | ||
| 1493 | - if (skb_padto(skb, ETH_ZLEN)) | ||
| 1494 | - goto err_update_stats; | ||
| 1495 | - skb_put(skb, ETH_ZLEN - skb->len); | ||
| 1496 | - } | ||
| 1497 | - | ||
| 1498 | if (unlikely(le32_to_cpu(txd->opts1) & DescOwn)) | ||
| 1499 | goto err_stop_0; | ||
| 1500 | |||
| 1501 | + opts[1] = cpu_to_le32(rtl8169_tx_vlan_tag(skb)); | ||
| 1502 | + opts[0] = DescOwn; | ||
| 1503 | + | ||
| 1504 | + if (!rtl8169_tso_csum(tp, skb, opts)) | ||
| 1505 | + goto err_update_stats; | ||
| 1506 | + | ||
| 1507 | len = skb_headlen(skb); | ||
| 1508 | mapping = dma_map_single(d, skb->data, len, DMA_TO_DEVICE); | ||
| 1509 | if (unlikely(dma_mapping_error(d, mapping))) { | ||
| 1510 | @@ -5809,11 +5827,6 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, | ||
| 1511 | tp->tx_skb[entry].len = len; | ||
| 1512 | txd->addr = cpu_to_le64(mapping); | ||
| 1513 | |||
| 1514 | - opts[1] = cpu_to_le32(rtl8169_tx_vlan_tag(skb)); | ||
| 1515 | - opts[0] = DescOwn; | ||
| 1516 | - | ||
| 1517 | - rtl8169_tso_csum(tp, skb, opts); | ||
| 1518 | - | ||
| 1519 | frags = rtl8169_xmit_frags(tp, skb, opts); | ||
| 1520 | if (frags < 0) | ||
| 1521 | goto err_dma_1; | ||
| 1522 | diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c | ||
| 1523 | index 6ed333f..8791999 100644 | ||
| 1524 | --- a/drivers/net/ethernet/renesas/sh_eth.c | ||
| 1525 | +++ b/drivers/net/ethernet/renesas/sh_eth.c | ||
| 1526 | @@ -1100,16 +1100,23 @@ static int sh_eth_rx(struct net_device *ndev, u32 intr_status) | ||
| 1527 | desc_status = edmac_to_cpu(mdp, rxdesc->status); | ||
| 1528 | pkt_len = rxdesc->frame_length; | ||
| 1529 | |||
| 1530 | -#if defined(CONFIG_ARCH_R8A7740) | ||
| 1531 | - desc_status >>= 16; | ||
| 1532 | -#endif | ||
| 1533 | - | ||
| 1534 | if (--boguscnt < 0) | ||
| 1535 | break; | ||
| 1536 | |||
| 1537 | if (!(desc_status & RDFEND)) | ||
| 1538 | ndev->stats.rx_length_errors++; | ||
| 1539 | |||
| 1540 | +#if defined(CONFIG_ARCH_R8A7740) | ||
| 1541 | + /* | ||
| 1542 | + * In case of almost all GETHER/ETHERs, the Receive Frame State | ||
| 1543 | + * (RFS) bits in the Receive Descriptor 0 are from bit 9 to | ||
| 1544 | + * bit 0. However, in case of the R8A7740's GETHER, the RFS | ||
| 1545 | + * bits are from bit 25 to bit 16. So, the driver needs right | ||
| 1546 | + * shifting by 16. | ||
| 1547 | + */ | ||
| 1548 | + desc_status >>= 16; | ||
| 1549 | +#endif | ||
| 1550 | + | ||
| 1551 | if (desc_status & (RD_RFS1 | RD_RFS2 | RD_RFS3 | RD_RFS4 | | ||
| 1552 | RD_RFS5 | RD_RFS6 | RD_RFS10)) { | ||
| 1553 | ndev->stats.rx_errors++; | ||
| 1554 | diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c | ||
| 1555 | index a449439..acf6450 100644 | ||
| 1556 | --- a/drivers/net/macvtap.c | ||
| 1557 | +++ b/drivers/net/macvtap.c | ||
| 1558 | @@ -21,6 +21,7 @@ | ||
| 1559 | #include <net/rtnetlink.h> | ||
| 1560 | #include <net/sock.h> | ||
| 1561 | #include <linux/virtio_net.h> | ||
| 1562 | +#include <net/flow_keys.h> | ||
| 1563 | |||
| 1564 | /* | ||
| 1565 | * A macvtap queue is the central object of this driver, it connects | ||
| 1566 | @@ -645,6 +646,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, | ||
| 1567 | int vnet_hdr_len = 0; | ||
| 1568 | int copylen = 0; | ||
| 1569 | bool zerocopy = false; | ||
| 1570 | + struct flow_keys keys; | ||
| 1571 | |||
| 1572 | if (q->flags & IFF_VNET_HDR) { | ||
| 1573 | vnet_hdr_len = q->vnet_hdr_sz; | ||
| 1574 | @@ -725,6 +727,13 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, | ||
| 1575 | goto err_kfree; | ||
| 1576 | } | ||
| 1577 | |||
| 1578 | + if (skb->ip_summed == CHECKSUM_PARTIAL) | ||
| 1579 | + skb_set_transport_header(skb, skb_checksum_start_offset(skb)); | ||
| 1580 | + else if (skb_flow_dissect(skb, &keys)) | ||
| 1581 | + skb_set_transport_header(skb, keys.thoff); | ||
| 1582 | + else | ||
| 1583 | + skb_set_transport_header(skb, ETH_HLEN); | ||
| 1584 | + | ||
| 1585 | rcu_read_lock_bh(); | ||
| 1586 | vlan = rcu_dereference_bh(q->vlan); | ||
| 1587 | /* copy skb_ubuf_info for callback when skb has no error */ | ||
| 1588 | diff --git a/drivers/net/phy/phy.c b/drivers/net/phy/phy.c | ||
| 1589 | index ef9ea92..c17f636 100644 | ||
| 1590 | --- a/drivers/net/phy/phy.c | ||
| 1591 | +++ b/drivers/net/phy/phy.c | ||
| 1592 | @@ -1092,7 +1092,7 @@ int phy_init_eee(struct phy_device *phydev, bool clk_stop_enable) | ||
| 1593 | adv = mmd_eee_adv_to_ethtool_adv_t(eee_adv); | ||
| 1594 | lp = mmd_eee_adv_to_ethtool_adv_t(eee_lp); | ||
| 1595 | idx = phy_find_setting(phydev->speed, phydev->duplex); | ||
| 1596 | - if ((lp & adv & settings[idx].setting)) | ||
| 1597 | + if (!(lp & adv & settings[idx].setting)) | ||
| 1598 | goto eee_exit; | ||
| 1599 | |||
| 1600 | if (clk_stop_enable) { | ||
| 1601 | diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c | ||
| 1602 | index bf34192..0017b67 100644 | ||
| 1603 | --- a/drivers/net/team/team.c | ||
| 1604 | +++ b/drivers/net/team/team.c | ||
| 1605 | @@ -1079,8 +1079,8 @@ static int team_port_add(struct team *team, struct net_device *port_dev) | ||
| 1606 | } | ||
| 1607 | |||
| 1608 | port->index = -1; | ||
| 1609 | - team_port_enable(team, port); | ||
| 1610 | list_add_tail_rcu(&port->list, &team->port_list); | ||
| 1611 | + team_port_enable(team, port); | ||
| 1612 | __team_compute_features(team); | ||
| 1613 | __team_port_change_port_added(port, !!netif_carrier_ok(port_dev)); | ||
| 1614 | __team_options_change_check(team); | ||
| 1615 | diff --git a/drivers/net/team/team_mode_roundrobin.c b/drivers/net/team/team_mode_roundrobin.c | ||
| 1616 | index 105135a..041cc0a 100644 | ||
| 1617 | --- a/drivers/net/team/team_mode_roundrobin.c | ||
| 1618 | +++ b/drivers/net/team/team_mode_roundrobin.c | ||
| 1619 | @@ -52,6 +52,8 @@ static bool rr_transmit(struct team *team, struct sk_buff *skb) | ||
| 1620 | |||
| 1621 | port_index = rr_priv(team)->sent_packets++ % team->en_port_count; | ||
| 1622 | port = team_get_port_by_index_rcu(team, port_index); | ||
| 1623 | + if (unlikely(!port)) | ||
| 1624 | + goto drop; | ||
| 1625 | port = __get_first_port_up(team, port); | ||
| 1626 | if (unlikely(!port)) | ||
| 1627 | goto drop; | ||
| 1628 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c | ||
| 1629 | index 755fa9e..8ad822e 100644 | ||
| 1630 | --- a/drivers/net/tun.c | ||
| 1631 | +++ b/drivers/net/tun.c | ||
| 1632 | @@ -70,6 +70,7 @@ | ||
| 1633 | #include <net/sock.h> | ||
| 1634 | |||
| 1635 | #include <asm/uaccess.h> | ||
| 1636 | +#include <net/flow_keys.h> | ||
| 1637 | |||
| 1638 | /* Uncomment to enable debugging */ | ||
| 1639 | /* #define TUN_DEBUG 1 */ | ||
| 1640 | @@ -1051,6 +1052,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, | ||
| 1641 | bool zerocopy = false; | ||
| 1642 | int err; | ||
| 1643 | u32 rxhash; | ||
| 1644 | + struct flow_keys keys; | ||
| 1645 | |||
| 1646 | if (!(tun->flags & TUN_NO_PI)) { | ||
| 1647 | if ((len -= sizeof(pi)) > total_len) | ||
| 1648 | @@ -1205,6 +1207,14 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, | ||
| 1649 | } | ||
| 1650 | |||
| 1651 | skb_reset_network_header(skb); | ||
| 1652 | + | ||
| 1653 | + if (skb->ip_summed == CHECKSUM_PARTIAL) | ||
| 1654 | + skb_set_transport_header(skb, skb_checksum_start_offset(skb)); | ||
| 1655 | + else if (skb_flow_dissect(skb, &keys)) | ||
| 1656 | + skb_set_transport_header(skb, keys.thoff); | ||
| 1657 | + else | ||
| 1658 | + skb_reset_transport_header(skb); | ||
| 1659 | + | ||
| 1660 | rxhash = skb_get_rxhash(skb); | ||
| 1661 | netif_rx_ni(skb); | ||
| 1662 | |||
| 1663 | @@ -1585,6 +1595,10 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) | ||
| 1664 | else | ||
| 1665 | return -EINVAL; | ||
| 1666 | |||
| 1667 | + if (!!(ifr->ifr_flags & IFF_MULTI_QUEUE) != | ||
| 1668 | + !!(tun->flags & TUN_TAP_MQ)) | ||
| 1669 | + return -EINVAL; | ||
| 1670 | + | ||
| 1671 | if (tun_not_capable(tun)) | ||
| 1672 | return -EPERM; | ||
| 1673 | err = security_tun_dev_open(tun->security); | ||
| 1674 | @@ -1596,8 +1610,12 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) | ||
| 1675 | return err; | ||
| 1676 | |||
| 1677 | if (tun->flags & TUN_TAP_MQ && | ||
| 1678 | - (tun->numqueues + tun->numdisabled > 1)) | ||
| 1679 | - return -EBUSY; | ||
| 1680 | + (tun->numqueues + tun->numdisabled > 1)) { | ||
| 1681 | + /* One or more queue has already been attached, no need | ||
| 1682 | + * to initialize the device again. | ||
| 1683 | + */ | ||
| 1684 | + return 0; | ||
| 1685 | + } | ||
| 1686 | } | ||
| 1687 | else { | ||
| 1688 | char *name; | ||
| 1689 | @@ -2150,6 +2168,8 @@ static int tun_chr_open(struct inode *inode, struct file * file) | ||
| 1690 | set_bit(SOCK_EXTERNALLY_ALLOCATED, &tfile->socket.flags); | ||
| 1691 | INIT_LIST_HEAD(&tfile->next); | ||
| 1692 | |||
| 1693 | + sock_set_flag(&tfile->sk, SOCK_ZEROCOPY); | ||
| 1694 | + | ||
| 1695 | return 0; | ||
| 1696 | } | ||
| 1697 | |||
| 1698 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c | ||
| 1699 | index 7cee7a3..a4fe5f1 100644 | ||
| 1700 | --- a/drivers/net/vxlan.c | ||
| 1701 | +++ b/drivers/net/vxlan.c | ||
| 1702 | @@ -285,7 +285,7 @@ static inline struct hlist_head *vxlan_fdb_head(struct vxlan_dev *vxlan, | ||
| 1703 | } | ||
| 1704 | |||
| 1705 | /* Look up Ethernet address in forwarding table */ | ||
| 1706 | -static struct vxlan_fdb *vxlan_find_mac(struct vxlan_dev *vxlan, | ||
| 1707 | +static struct vxlan_fdb *__vxlan_find_mac(struct vxlan_dev *vxlan, | ||
| 1708 | const u8 *mac) | ||
| 1709 | |||
| 1710 | { | ||
| 1711 | @@ -300,6 +300,18 @@ static struct vxlan_fdb *vxlan_find_mac(struct vxlan_dev *vxlan, | ||
| 1712 | return NULL; | ||
| 1713 | } | ||
| 1714 | |||
| 1715 | +static struct vxlan_fdb *vxlan_find_mac(struct vxlan_dev *vxlan, | ||
| 1716 | + const u8 *mac) | ||
| 1717 | +{ | ||
| 1718 | + struct vxlan_fdb *f; | ||
| 1719 | + | ||
| 1720 | + f = __vxlan_find_mac(vxlan, mac); | ||
| 1721 | + if (f) | ||
| 1722 | + f->used = jiffies; | ||
| 1723 | + | ||
| 1724 | + return f; | ||
| 1725 | +} | ||
| 1726 | + | ||
| 1727 | /* Add new entry to forwarding table -- assumes lock held */ | ||
| 1728 | static int vxlan_fdb_create(struct vxlan_dev *vxlan, | ||
| 1729 | const u8 *mac, __be32 ip, | ||
| 1730 | @@ -308,7 +320,7 @@ static int vxlan_fdb_create(struct vxlan_dev *vxlan, | ||
| 1731 | struct vxlan_fdb *f; | ||
| 1732 | int notify = 0; | ||
| 1733 | |||
| 1734 | - f = vxlan_find_mac(vxlan, mac); | ||
| 1735 | + f = __vxlan_find_mac(vxlan, mac); | ||
| 1736 | if (f) { | ||
| 1737 | if (flags & NLM_F_EXCL) { | ||
| 1738 | netdev_dbg(vxlan->dev, | ||
| 1739 | @@ -453,7 +465,6 @@ static void vxlan_snoop(struct net_device *dev, | ||
| 1740 | |||
| 1741 | f = vxlan_find_mac(vxlan, src_mac); | ||
| 1742 | if (likely(f)) { | ||
| 1743 | - f->used = jiffies; | ||
| 1744 | if (likely(f->remote_ip == src_ip)) | ||
| 1745 | return; | ||
| 1746 | |||
| 1747 | diff --git a/drivers/net/wireless/ath/carl9170/tx.c b/drivers/net/wireless/ath/carl9170/tx.c | ||
| 1748 | index 9c0b150..c61cafa 100644 | ||
| 1749 | --- a/drivers/net/wireless/ath/carl9170/tx.c | ||
| 1750 | +++ b/drivers/net/wireless/ath/carl9170/tx.c | ||
| 1751 | @@ -387,8 +387,7 @@ static void carl9170_tx_status_process_ampdu(struct ar9170 *ar, | ||
| 1752 | u8 tid; | ||
| 1753 | |||
| 1754 | if (!(txinfo->flags & IEEE80211_TX_CTL_AMPDU) || | ||
| 1755 | - txinfo->flags & IEEE80211_TX_CTL_INJECTED || | ||
| 1756 | - (!(super->f.mac_control & cpu_to_le16(AR9170_TX_MAC_AGGR)))) | ||
| 1757 | + txinfo->flags & IEEE80211_TX_CTL_INJECTED) | ||
| 1758 | return; | ||
| 1759 | |||
| 1760 | rcu_read_lock(); | ||
| 1761 | @@ -981,30 +980,6 @@ static int carl9170_tx_prepare(struct ar9170 *ar, | ||
| 1762 | |||
| 1763 | SET_VAL(CARL9170_TX_SUPER_AMPDU_FACTOR, | ||
| 1764 | txc->s.ampdu_settings, factor); | ||
| 1765 | - | ||
| 1766 | - for (i = 0; i < CARL9170_TX_MAX_RATES; i++) { | ||
| 1767 | - txrate = &info->control.rates[i]; | ||
| 1768 | - if (txrate->idx >= 0) { | ||
| 1769 | - txc->s.ri[i] = | ||
| 1770 | - CARL9170_TX_SUPER_RI_AMPDU; | ||
| 1771 | - | ||
| 1772 | - if (WARN_ON(!(txrate->flags & | ||
| 1773 | - IEEE80211_TX_RC_MCS))) { | ||
| 1774 | - /* | ||
| 1775 | - * Not sure if it's even possible | ||
| 1776 | - * to aggregate non-ht rates with | ||
| 1777 | - * this HW. | ||
| 1778 | - */ | ||
| 1779 | - goto err_out; | ||
| 1780 | - } | ||
| 1781 | - continue; | ||
| 1782 | - } | ||
| 1783 | - | ||
| 1784 | - txrate->idx = 0; | ||
| 1785 | - txrate->count = ar->hw->max_rate_tries; | ||
| 1786 | - } | ||
| 1787 | - | ||
| 1788 | - mac_tmp |= cpu_to_le16(AR9170_TX_MAC_AGGR); | ||
| 1789 | } | ||
| 1790 | |||
| 1791 | /* | ||
| 1792 | @@ -1012,11 +987,31 @@ static int carl9170_tx_prepare(struct ar9170 *ar, | ||
| 1793 | * taken from mac_control. For all fallback rate, the firmware | ||
| 1794 | * updates the mac_control flags from the rate info field. | ||
| 1795 | */ | ||
| 1796 | - for (i = 1; i < CARL9170_TX_MAX_RATES; i++) { | ||
| 1797 | + for (i = 0; i < CARL9170_TX_MAX_RATES; i++) { | ||
| 1798 | + __le32 phy_set; | ||
| 1799 | txrate = &info->control.rates[i]; | ||
| 1800 | if (txrate->idx < 0) | ||
| 1801 | break; | ||
| 1802 | |||
| 1803 | + phy_set = carl9170_tx_physet(ar, info, txrate); | ||
| 1804 | + if (i == 0) { | ||
| 1805 | + /* first rate - part of the hw's frame header */ | ||
| 1806 | + txc->f.phy_control = phy_set; | ||
| 1807 | + | ||
| 1808 | + if (ampdu && txrate->flags & IEEE80211_TX_RC_MCS) | ||
| 1809 | + mac_tmp |= cpu_to_le16(AR9170_TX_MAC_AGGR); | ||
| 1810 | + if (carl9170_tx_rts_check(ar, txrate, ampdu, no_ack)) | ||
| 1811 | + mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_RTS); | ||
| 1812 | + else if (carl9170_tx_cts_check(ar, txrate)) | ||
| 1813 | + mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_CTS); | ||
| 1814 | + | ||
| 1815 | + } else { | ||
| 1816 | + /* fallback rates are stored in the firmware's | ||
| 1817 | + * retry rate set array. | ||
| 1818 | + */ | ||
| 1819 | + txc->s.rr[i - 1] = phy_set; | ||
| 1820 | + } | ||
| 1821 | + | ||
| 1822 | SET_VAL(CARL9170_TX_SUPER_RI_TRIES, txc->s.ri[i], | ||
| 1823 | txrate->count); | ||
| 1824 | |||
| 1825 | @@ -1027,21 +1022,13 @@ static int carl9170_tx_prepare(struct ar9170 *ar, | ||
| 1826 | txc->s.ri[i] |= (AR9170_TX_MAC_PROT_CTS << | ||
| 1827 | CARL9170_TX_SUPER_RI_ERP_PROT_S); | ||
| 1828 | |||
| 1829 | - txc->s.rr[i - 1] = carl9170_tx_physet(ar, info, txrate); | ||
| 1830 | + if (ampdu && (txrate->flags & IEEE80211_TX_RC_MCS)) | ||
| 1831 | + txc->s.ri[i] |= CARL9170_TX_SUPER_RI_AMPDU; | ||
| 1832 | } | ||
| 1833 | |||
| 1834 | - txrate = &info->control.rates[0]; | ||
| 1835 | - SET_VAL(CARL9170_TX_SUPER_RI_TRIES, txc->s.ri[0], txrate->count); | ||
| 1836 | - | ||
| 1837 | - if (carl9170_tx_rts_check(ar, txrate, ampdu, no_ack)) | ||
| 1838 | - mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_RTS); | ||
| 1839 | - else if (carl9170_tx_cts_check(ar, txrate)) | ||
| 1840 | - mac_tmp |= cpu_to_le16(AR9170_TX_MAC_PROT_CTS); | ||
| 1841 | - | ||
| 1842 | txc->s.len = cpu_to_le16(skb->len); | ||
| 1843 | txc->f.length = cpu_to_le16(len + FCS_LEN); | ||
| 1844 | txc->f.mac_control = mac_tmp; | ||
| 1845 | - txc->f.phy_control = carl9170_tx_physet(ar, info, txrate); | ||
| 1846 | |||
| 1847 | arinfo = (void *)info->rate_driver_data; | ||
| 1848 | arinfo->timeout = jiffies; | ||
| 1849 | @@ -1381,9 +1368,9 @@ static void carl9170_tx(struct ar9170 *ar) | ||
| 1850 | } | ||
| 1851 | |||
| 1852 | static bool carl9170_tx_ampdu_queue(struct ar9170 *ar, | ||
| 1853 | - struct ieee80211_sta *sta, struct sk_buff *skb) | ||
| 1854 | + struct ieee80211_sta *sta, struct sk_buff *skb, | ||
| 1855 | + struct ieee80211_tx_info *txinfo) | ||
| 1856 | { | ||
| 1857 | - struct _carl9170_tx_superframe *super = (void *) skb->data; | ||
| 1858 | struct carl9170_sta_info *sta_info; | ||
| 1859 | struct carl9170_sta_tid *agg; | ||
| 1860 | struct sk_buff *iter; | ||
| 1861 | @@ -1450,7 +1437,7 @@ err_unlock: | ||
| 1862 | |||
| 1863 | err_unlock_rcu: | ||
| 1864 | rcu_read_unlock(); | ||
| 1865 | - super->f.mac_control &= ~cpu_to_le16(AR9170_TX_MAC_AGGR); | ||
| 1866 | + txinfo->flags &= ~IEEE80211_TX_CTL_AMPDU; | ||
| 1867 | carl9170_tx_status(ar, skb, false); | ||
| 1868 | ar->tx_dropped++; | ||
| 1869 | return false; | ||
| 1870 | @@ -1492,7 +1479,7 @@ void carl9170_op_tx(struct ieee80211_hw *hw, | ||
| 1871 | * sta == NULL checks are redundant in this | ||
| 1872 | * special case. | ||
| 1873 | */ | ||
| 1874 | - run = carl9170_tx_ampdu_queue(ar, sta, skb); | ||
| 1875 | + run = carl9170_tx_ampdu_queue(ar, sta, skb, info); | ||
| 1876 | if (run) | ||
| 1877 | carl9170_tx_ampdu(ar); | ||
| 1878 | |||
| 1879 | diff --git a/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c b/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c | ||
| 1880 | index 4544342..9480e19 100644 | ||
| 1881 | --- a/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c | ||
| 1882 | +++ b/drivers/net/wireless/brcm80211/brcmfmac/dhd_common.c | ||
| 1883 | @@ -26,7 +26,6 @@ | ||
| 1884 | #include "fwil.h" | ||
| 1885 | |||
| 1886 | #define PKTFILTER_BUF_SIZE 128 | ||
| 1887 | -#define BRCMF_ARPOL_MODE 0xb /* agent|snoop|peer_autoreply */ | ||
| 1888 | #define BRCMF_DEFAULT_BCN_TIMEOUT 3 | ||
| 1889 | #define BRCMF_DEFAULT_SCAN_CHANNEL_TIME 40 | ||
| 1890 | #define BRCMF_DEFAULT_SCAN_UNASSOC_TIME 40 | ||
| 1891 | @@ -337,23 +336,6 @@ int brcmf_c_preinit_dcmds(struct brcmf_if *ifp) | ||
| 1892 | goto done; | ||
| 1893 | } | ||
| 1894 | |||
| 1895 | - /* Try to set and enable ARP offload feature, this may fail */ | ||
| 1896 | - err = brcmf_fil_iovar_int_set(ifp, "arp_ol", BRCMF_ARPOL_MODE); | ||
| 1897 | - if (err) { | ||
| 1898 | - brcmf_dbg(TRACE, "failed to set ARP offload mode to 0x%x, err = %d\n", | ||
| 1899 | - BRCMF_ARPOL_MODE, err); | ||
| 1900 | - err = 0; | ||
| 1901 | - } else { | ||
| 1902 | - err = brcmf_fil_iovar_int_set(ifp, "arpoe", 1); | ||
| 1903 | - if (err) { | ||
| 1904 | - brcmf_dbg(TRACE, "failed to enable ARP offload err = %d\n", | ||
| 1905 | - err); | ||
| 1906 | - err = 0; | ||
| 1907 | - } else | ||
| 1908 | - brcmf_dbg(TRACE, "successfully enabled ARP offload to 0x%x\n", | ||
| 1909 | - BRCMF_ARPOL_MODE); | ||
| 1910 | - } | ||
| 1911 | - | ||
| 1912 | /* Setup packet filter */ | ||
| 1913 | brcmf_c_pktfilter_offload_set(ifp, BRCMF_DEFAULT_PACKET_FILTER); | ||
| 1914 | brcmf_c_pktfilter_offload_enable(ifp, BRCMF_DEFAULT_PACKET_FILTER, | ||
| 1915 | diff --git a/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h | ||
| 1916 | index 0f2c83b..665ef69 100644 | ||
| 1917 | --- a/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h | ||
| 1918 | +++ b/drivers/net/wireless/brcm80211/brcmfmac/fwil_types.h | ||
| 1919 | @@ -23,6 +23,12 @@ | ||
| 1920 | |||
| 1921 | #define BRCMF_FIL_ACTION_FRAME_SIZE 1800 | ||
| 1922 | |||
| 1923 | +/* ARP Offload feature flags for arp_ol iovar */ | ||
| 1924 | +#define BRCMF_ARP_OL_AGENT 0x00000001 | ||
| 1925 | +#define BRCMF_ARP_OL_SNOOP 0x00000002 | ||
| 1926 | +#define BRCMF_ARP_OL_HOST_AUTO_REPLY 0x00000004 | ||
| 1927 | +#define BRCMF_ARP_OL_PEER_AUTO_REPLY 0x00000008 | ||
| 1928 | + | ||
| 1929 | |||
| 1930 | enum brcmf_fil_p2p_if_types { | ||
| 1931 | BRCMF_FIL_P2P_IF_CLIENT, | ||
| 1932 | diff --git a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | ||
| 1933 | index 78da3ef..d5c4e24 100644 | ||
| 1934 | --- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | ||
| 1935 | +++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | ||
| 1936 | @@ -505,6 +505,38 @@ send_key_to_dongle(struct net_device *ndev, struct brcmf_wsec_key *key) | ||
| 1937 | return err; | ||
| 1938 | } | ||
| 1939 | |||
| 1940 | +static s32 | ||
| 1941 | +brcmf_configure_arp_offload(struct brcmf_if *ifp, bool enable) | ||
| 1942 | +{ | ||
| 1943 | + s32 err; | ||
| 1944 | + u32 mode; | ||
| 1945 | + | ||
| 1946 | + if (enable) | ||
| 1947 | + mode = BRCMF_ARP_OL_AGENT | BRCMF_ARP_OL_PEER_AUTO_REPLY; | ||
| 1948 | + else | ||
| 1949 | + mode = 0; | ||
| 1950 | + | ||
| 1951 | + /* Try to set and enable ARP offload feature, this may fail, then it */ | ||
| 1952 | + /* is simply not supported and err 0 will be returned */ | ||
| 1953 | + err = brcmf_fil_iovar_int_set(ifp, "arp_ol", mode); | ||
| 1954 | + if (err) { | ||
| 1955 | + brcmf_dbg(TRACE, "failed to set ARP offload mode to 0x%x, err = %d\n", | ||
| 1956 | + mode, err); | ||
| 1957 | + err = 0; | ||
| 1958 | + } else { | ||
| 1959 | + err = brcmf_fil_iovar_int_set(ifp, "arpoe", enable); | ||
| 1960 | + if (err) { | ||
| 1961 | + brcmf_dbg(TRACE, "failed to configure (%d) ARP offload err = %d\n", | ||
| 1962 | + enable, err); | ||
| 1963 | + err = 0; | ||
| 1964 | + } else | ||
| 1965 | + brcmf_dbg(TRACE, "successfully configured (%d) ARP offload to 0x%x\n", | ||
| 1966 | + enable, mode); | ||
| 1967 | + } | ||
| 1968 | + | ||
| 1969 | + return err; | ||
| 1970 | +} | ||
| 1971 | + | ||
| 1972 | static struct wireless_dev *brcmf_cfg80211_add_iface(struct wiphy *wiphy, | ||
| 1973 | const char *name, | ||
| 1974 | enum nl80211_iftype type, | ||
| 1975 | @@ -3709,6 +3741,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev, | ||
| 1976 | } | ||
| 1977 | |||
| 1978 | brcmf_set_mpc(ndev, 0); | ||
| 1979 | + brcmf_configure_arp_offload(ifp, false); | ||
| 1980 | |||
| 1981 | /* find the RSN_IE */ | ||
| 1982 | rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail, | ||
| 1983 | @@ -3815,8 +3848,10 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev, | ||
| 1984 | set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state); | ||
| 1985 | |||
| 1986 | exit: | ||
| 1987 | - if (err) | ||
| 1988 | + if (err) { | ||
| 1989 | brcmf_set_mpc(ndev, 1); | ||
| 1990 | + brcmf_configure_arp_offload(ifp, true); | ||
| 1991 | + } | ||
| 1992 | return err; | ||
| 1993 | } | ||
| 1994 | |||
| 1995 | @@ -3857,6 +3892,7 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev) | ||
| 1996 | brcmf_err("bss_enable config failed %d\n", err); | ||
| 1997 | } | ||
| 1998 | brcmf_set_mpc(ndev, 1); | ||
| 1999 | + brcmf_configure_arp_offload(ifp, true); | ||
| 2000 | set_bit(BRCMF_VIF_STATUS_AP_CREATING, &ifp->vif->sme_state); | ||
| 2001 | clear_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state); | ||
| 2002 | |||
| 2003 | @@ -4995,6 +5031,8 @@ static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg) | ||
| 2004 | if (err) | ||
| 2005 | goto default_conf_out; | ||
| 2006 | |||
| 2007 | + brcmf_configure_arp_offload(ifp, true); | ||
| 2008 | + | ||
| 2009 | cfg->dongle_up = true; | ||
| 2010 | default_conf_out: | ||
| 2011 | |||
| 2012 | diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c | ||
| 2013 | index c08d0f4..908c46d 100644 | ||
| 2014 | --- a/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c | ||
| 2015 | +++ b/drivers/net/wireless/rtlwifi/rtl8192cu/hw.c | ||
| 2016 | @@ -1973,26 +1973,35 @@ void rtl92cu_set_hw_reg(struct ieee80211_hw *hw, u8 variable, u8 *val) | ||
| 2017 | } | ||
| 2018 | } | ||
| 2019 | |||
| 2020 | -void rtl92cu_update_hal_rate_table(struct ieee80211_hw *hw, | ||
| 2021 | - struct ieee80211_sta *sta, | ||
| 2022 | - u8 rssi_level) | ||
| 2023 | +static void rtl92cu_update_hal_rate_table(struct ieee80211_hw *hw, | ||
| 2024 | + struct ieee80211_sta *sta) | ||
| 2025 | { | ||
| 2026 | struct rtl_priv *rtlpriv = rtl_priv(hw); | ||
| 2027 | struct rtl_phy *rtlphy = &(rtlpriv->phy); | ||
| 2028 | struct rtl_mac *mac = rtl_mac(rtl_priv(hw)); | ||
| 2029 | - u32 ratr_value = (u32) mac->basic_rates; | ||
| 2030 | - u8 *mcsrate = mac->mcs; | ||
| 2031 | + struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw)); | ||
| 2032 | + u32 ratr_value; | ||
| 2033 | u8 ratr_index = 0; | ||
| 2034 | u8 nmode = mac->ht_enable; | ||
| 2035 | - u8 mimo_ps = 1; | ||
| 2036 | - u16 shortgi_rate = 0; | ||
| 2037 | - u32 tmp_ratr_value = 0; | ||
| 2038 | + u8 mimo_ps = IEEE80211_SMPS_OFF; | ||
| 2039 | + u16 shortgi_rate; | ||
| 2040 | + u32 tmp_ratr_value; | ||
| 2041 | u8 curtxbw_40mhz = mac->bw_40; | ||
| 2042 | - u8 curshortgi_40mhz = mac->sgi_40; | ||
| 2043 | - u8 curshortgi_20mhz = mac->sgi_20; | ||
| 2044 | + u8 curshortgi_40mhz = (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40) ? | ||
| 2045 | + 1 : 0; | ||
| 2046 | + u8 curshortgi_20mhz = (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20) ? | ||
| 2047 | + 1 : 0; | ||
| 2048 | enum wireless_mode wirelessmode = mac->mode; | ||
| 2049 | |||
| 2050 | - ratr_value |= ((*(u16 *) (mcsrate))) << 12; | ||
| 2051 | + if (rtlhal->current_bandtype == BAND_ON_5G) | ||
| 2052 | + ratr_value = sta->supp_rates[1] << 4; | ||
| 2053 | + else | ||
| 2054 | + ratr_value = sta->supp_rates[0]; | ||
| 2055 | + if (mac->opmode == NL80211_IFTYPE_ADHOC) | ||
| 2056 | + ratr_value = 0xfff; | ||
| 2057 | + | ||
| 2058 | + ratr_value |= (sta->ht_cap.mcs.rx_mask[1] << 20 | | ||
| 2059 | + sta->ht_cap.mcs.rx_mask[0] << 12); | ||
| 2060 | switch (wirelessmode) { | ||
| 2061 | case WIRELESS_MODE_B: | ||
| 2062 | if (ratr_value & 0x0000000c) | ||
| 2063 | @@ -2006,7 +2015,7 @@ void rtl92cu_update_hal_rate_table(struct ieee80211_hw *hw, | ||
| 2064 | case WIRELESS_MODE_N_24G: | ||
| 2065 | case WIRELESS_MODE_N_5G: | ||
| 2066 | nmode = 1; | ||
| 2067 | - if (mimo_ps == 0) { | ||
| 2068 | + if (mimo_ps == IEEE80211_SMPS_STATIC) { | ||
| 2069 | ratr_value &= 0x0007F005; | ||
| 2070 | } else { | ||
| 2071 | u32 ratr_mask; | ||
| 2072 | @@ -2016,8 +2025,7 @@ void rtl92cu_update_hal_rate_table(struct ieee80211_hw *hw, | ||
| 2073 | ratr_mask = 0x000ff005; | ||
| 2074 | else | ||
| 2075 | ratr_mask = 0x0f0ff005; | ||
| 2076 | - if (curtxbw_40mhz) | ||
| 2077 | - ratr_mask |= 0x00000010; | ||
| 2078 | + | ||
| 2079 | ratr_value &= ratr_mask; | ||
| 2080 | } | ||
| 2081 | break; | ||
| 2082 | @@ -2026,41 +2034,74 @@ void rtl92cu_update_hal_rate_table(struct ieee80211_hw *hw, | ||
| 2083 | ratr_value &= 0x000ff0ff; | ||
| 2084 | else | ||
| 2085 | ratr_value &= 0x0f0ff0ff; | ||
| 2086 | + | ||
| 2087 | break; | ||
| 2088 | } | ||
| 2089 | + | ||
| 2090 | ratr_value &= 0x0FFFFFFF; | ||
| 2091 | - if (nmode && ((curtxbw_40mhz && curshortgi_40mhz) || | ||
| 2092 | - (!curtxbw_40mhz && curshortgi_20mhz))) { | ||
| 2093 | + | ||
| 2094 | + if (nmode && ((curtxbw_40mhz && | ||
| 2095 | + curshortgi_40mhz) || (!curtxbw_40mhz && | ||
| 2096 | + curshortgi_20mhz))) { | ||
| 2097 | + | ||
| 2098 | ratr_value |= 0x10000000; | ||
| 2099 | tmp_ratr_value = (ratr_value >> 12); | ||
| 2100 | + | ||
| 2101 | for (shortgi_rate = 15; shortgi_rate > 0; shortgi_rate--) { | ||
| 2102 | if ((1 << shortgi_rate) & tmp_ratr_value) | ||
| 2103 | break; | ||
| 2104 | } | ||
| 2105 | + | ||
| 2106 | shortgi_rate = (shortgi_rate << 12) | (shortgi_rate << 8) | | ||
| 2107 | - (shortgi_rate << 4) | (shortgi_rate); | ||
| 2108 | + (shortgi_rate << 4) | (shortgi_rate); | ||
| 2109 | } | ||
| 2110 | + | ||
| 2111 | rtl_write_dword(rtlpriv, REG_ARFR0 + ratr_index * 4, ratr_value); | ||
| 2112 | + | ||
| 2113 | + RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG, "%x\n", | ||
| 2114 | + rtl_read_dword(rtlpriv, REG_ARFR0)); | ||
| 2115 | } | ||
| 2116 | |||
| 2117 | -void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level) | ||
| 2118 | +static void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, | ||
| 2119 | + struct ieee80211_sta *sta, | ||
| 2120 | + u8 rssi_level) | ||
| 2121 | { | ||
| 2122 | struct rtl_priv *rtlpriv = rtl_priv(hw); | ||
| 2123 | struct rtl_phy *rtlphy = &(rtlpriv->phy); | ||
| 2124 | struct rtl_mac *mac = rtl_mac(rtl_priv(hw)); | ||
| 2125 | - u32 ratr_bitmap = (u32) mac->basic_rates; | ||
| 2126 | - u8 *p_mcsrate = mac->mcs; | ||
| 2127 | - u8 ratr_index = 0; | ||
| 2128 | - u8 curtxbw_40mhz = mac->bw_40; | ||
| 2129 | - u8 curshortgi_40mhz = mac->sgi_40; | ||
| 2130 | - u8 curshortgi_20mhz = mac->sgi_20; | ||
| 2131 | - enum wireless_mode wirelessmode = mac->mode; | ||
| 2132 | + struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw)); | ||
| 2133 | + struct rtl_sta_info *sta_entry = NULL; | ||
| 2134 | + u32 ratr_bitmap; | ||
| 2135 | + u8 ratr_index; | ||
| 2136 | + u8 curtxbw_40mhz = (sta->bandwidth >= IEEE80211_STA_RX_BW_40) ? 1 : 0; | ||
| 2137 | + u8 curshortgi_40mhz = curtxbw_40mhz && | ||
| 2138 | + (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40) ? | ||
| 2139 | + 1 : 0; | ||
| 2140 | + u8 curshortgi_20mhz = (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20) ? | ||
| 2141 | + 1 : 0; | ||
| 2142 | + enum wireless_mode wirelessmode = 0; | ||
| 2143 | bool shortgi = false; | ||
| 2144 | u8 rate_mask[5]; | ||
| 2145 | u8 macid = 0; | ||
| 2146 | - u8 mimops = 1; | ||
| 2147 | - | ||
| 2148 | - ratr_bitmap |= (p_mcsrate[1] << 20) | (p_mcsrate[0] << 12); | ||
| 2149 | + u8 mimo_ps = IEEE80211_SMPS_OFF; | ||
| 2150 | + | ||
| 2151 | + sta_entry = (struct rtl_sta_info *) sta->drv_priv; | ||
| 2152 | + wirelessmode = sta_entry->wireless_mode; | ||
| 2153 | + if (mac->opmode == NL80211_IFTYPE_STATION || | ||
| 2154 | + mac->opmode == NL80211_IFTYPE_MESH_POINT) | ||
| 2155 | + curtxbw_40mhz = mac->bw_40; | ||
| 2156 | + else if (mac->opmode == NL80211_IFTYPE_AP || | ||
| 2157 | + mac->opmode == NL80211_IFTYPE_ADHOC) | ||
| 2158 | + macid = sta->aid + 1; | ||
| 2159 | + | ||
| 2160 | + if (rtlhal->current_bandtype == BAND_ON_5G) | ||
| 2161 | + ratr_bitmap = sta->supp_rates[1] << 4; | ||
| 2162 | + else | ||
| 2163 | + ratr_bitmap = sta->supp_rates[0]; | ||
| 2164 | + if (mac->opmode == NL80211_IFTYPE_ADHOC) | ||
| 2165 | + ratr_bitmap = 0xfff; | ||
| 2166 | + ratr_bitmap |= (sta->ht_cap.mcs.rx_mask[1] << 20 | | ||
| 2167 | + sta->ht_cap.mcs.rx_mask[0] << 12); | ||
| 2168 | switch (wirelessmode) { | ||
| 2169 | case WIRELESS_MODE_B: | ||
| 2170 | ratr_index = RATR_INX_WIRELESS_B; | ||
| 2171 | @@ -2071,6 +2112,7 @@ void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level) | ||
| 2172 | break; | ||
| 2173 | case WIRELESS_MODE_G: | ||
| 2174 | ratr_index = RATR_INX_WIRELESS_GB; | ||
| 2175 | + | ||
| 2176 | if (rssi_level == 1) | ||
| 2177 | ratr_bitmap &= 0x00000f00; | ||
| 2178 | else if (rssi_level == 2) | ||
| 2179 | @@ -2085,7 +2127,8 @@ void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level) | ||
| 2180 | case WIRELESS_MODE_N_24G: | ||
| 2181 | case WIRELESS_MODE_N_5G: | ||
| 2182 | ratr_index = RATR_INX_WIRELESS_NGB; | ||
| 2183 | - if (mimops == 0) { | ||
| 2184 | + | ||
| 2185 | + if (mimo_ps == IEEE80211_SMPS_STATIC) { | ||
| 2186 | if (rssi_level == 1) | ||
| 2187 | ratr_bitmap &= 0x00070000; | ||
| 2188 | else if (rssi_level == 2) | ||
| 2189 | @@ -2128,8 +2171,10 @@ void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level) | ||
| 2190 | } | ||
| 2191 | } | ||
| 2192 | } | ||
| 2193 | + | ||
| 2194 | if ((curtxbw_40mhz && curshortgi_40mhz) || | ||
| 2195 | (!curtxbw_40mhz && curshortgi_20mhz)) { | ||
| 2196 | + | ||
| 2197 | if (macid == 0) | ||
| 2198 | shortgi = true; | ||
| 2199 | else if (macid == 1) | ||
| 2200 | @@ -2138,21 +2183,42 @@ void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level) | ||
| 2201 | break; | ||
| 2202 | default: | ||
| 2203 | ratr_index = RATR_INX_WIRELESS_NGB; | ||
| 2204 | + | ||
| 2205 | if (rtlphy->rf_type == RF_1T2R) | ||
| 2206 | ratr_bitmap &= 0x000ff0ff; | ||
| 2207 | else | ||
| 2208 | ratr_bitmap &= 0x0f0ff0ff; | ||
| 2209 | break; | ||
| 2210 | } | ||
| 2211 | - RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG, "ratr_bitmap :%x\n", | ||
| 2212 | - ratr_bitmap); | ||
| 2213 | - *(u32 *)&rate_mask = ((ratr_bitmap & 0x0fffffff) | | ||
| 2214 | - ratr_index << 28); | ||
| 2215 | + sta_entry->ratr_index = ratr_index; | ||
| 2216 | + | ||
| 2217 | + RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG, | ||
| 2218 | + "ratr_bitmap :%x\n", ratr_bitmap); | ||
| 2219 | + *(u32 *)&rate_mask = (ratr_bitmap & 0x0fffffff) | | ||
| 2220 | + (ratr_index << 28); | ||
| 2221 | rate_mask[4] = macid | (shortgi ? 0x20 : 0x00) | 0x80; | ||
| 2222 | RT_TRACE(rtlpriv, COMP_RATR, DBG_DMESG, | ||
| 2223 | "Rate_index:%x, ratr_val:%x, %5phC\n", | ||
| 2224 | ratr_index, ratr_bitmap, rate_mask); | ||
| 2225 | - rtl92c_fill_h2c_cmd(hw, H2C_RA_MASK, 5, rate_mask); | ||
| 2226 | + memcpy(rtlpriv->rate_mask, rate_mask, 5); | ||
| 2227 | + /* rtl92c_fill_h2c_cmd() does USB I/O and will result in a | ||
| 2228 | + * "scheduled while atomic" if called directly */ | ||
| 2229 | + schedule_work(&rtlpriv->works.fill_h2c_cmd); | ||
| 2230 | + | ||
| 2231 | + if (macid != 0) | ||
| 2232 | + sta_entry->ratr_index = ratr_index; | ||
| 2233 | +} | ||
| 2234 | + | ||
| 2235 | +void rtl92cu_update_hal_rate_tbl(struct ieee80211_hw *hw, | ||
| 2236 | + struct ieee80211_sta *sta, | ||
| 2237 | + u8 rssi_level) | ||
| 2238 | +{ | ||
| 2239 | + struct rtl_priv *rtlpriv = rtl_priv(hw); | ||
| 2240 | + | ||
| 2241 | + if (rtlpriv->dm.useramask) | ||
| 2242 | + rtl92cu_update_hal_rate_mask(hw, sta, rssi_level); | ||
| 2243 | + else | ||
| 2244 | + rtl92cu_update_hal_rate_table(hw, sta); | ||
| 2245 | } | ||
| 2246 | |||
| 2247 | void rtl92cu_update_channel_access_setting(struct ieee80211_hw *hw) | ||
| 2248 | diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/hw.h b/drivers/net/wireless/rtlwifi/rtl8192cu/hw.h | ||
| 2249 | index f41a3aa..8e3ec1e 100644 | ||
| 2250 | --- a/drivers/net/wireless/rtlwifi/rtl8192cu/hw.h | ||
| 2251 | +++ b/drivers/net/wireless/rtlwifi/rtl8192cu/hw.h | ||
| 2252 | @@ -98,10 +98,6 @@ void rtl92cu_update_interrupt_mask(struct ieee80211_hw *hw, | ||
| 2253 | u32 add_msr, u32 rm_msr); | ||
| 2254 | void rtl92cu_get_hw_reg(struct ieee80211_hw *hw, u8 variable, u8 *val); | ||
| 2255 | void rtl92cu_set_hw_reg(struct ieee80211_hw *hw, u8 variable, u8 *val); | ||
| 2256 | -void rtl92cu_update_hal_rate_table(struct ieee80211_hw *hw, | ||
| 2257 | - struct ieee80211_sta *sta, | ||
| 2258 | - u8 rssi_level); | ||
| 2259 | -void rtl92cu_update_hal_rate_mask(struct ieee80211_hw *hw, u8 rssi_level); | ||
| 2260 | |||
| 2261 | void rtl92cu_update_channel_access_setting(struct ieee80211_hw *hw); | ||
| 2262 | bool rtl92cu_gpio_radio_on_off_checking(struct ieee80211_hw *hw, u8 * valid); | ||
| 2263 | diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c b/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c | ||
| 2264 | index 85b6bdb..da4f587 100644 | ||
| 2265 | --- a/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c | ||
| 2266 | +++ b/drivers/net/wireless/rtlwifi/rtl8192cu/mac.c | ||
| 2267 | @@ -289,14 +289,30 @@ void rtl92c_set_key(struct ieee80211_hw *hw, u32 key_index, | ||
| 2268 | macaddr = cam_const_broad; | ||
| 2269 | entry_id = key_index; | ||
| 2270 | } else { | ||
| 2271 | + if (mac->opmode == NL80211_IFTYPE_AP || | ||
| 2272 | + mac->opmode == NL80211_IFTYPE_MESH_POINT) { | ||
| 2273 | + entry_id = rtl_cam_get_free_entry(hw, | ||
| 2274 | + p_macaddr); | ||
| 2275 | + if (entry_id >= TOTAL_CAM_ENTRY) { | ||
| 2276 | + RT_TRACE(rtlpriv, COMP_SEC, | ||
| 2277 | + DBG_EMERG, | ||
| 2278 | + "Can not find free hw security cam entry\n"); | ||
| 2279 | + return; | ||
| 2280 | + } | ||
| 2281 | + } else { | ||
| 2282 | + entry_id = CAM_PAIRWISE_KEY_POSITION; | ||
| 2283 | + } | ||
| 2284 | + | ||
| 2285 | key_index = PAIRWISE_KEYIDX; | ||
| 2286 | - entry_id = CAM_PAIRWISE_KEY_POSITION; | ||
| 2287 | is_pairwise = true; | ||
| 2288 | } | ||
| 2289 | } | ||
| 2290 | if (rtlpriv->sec.key_len[key_index] == 0) { | ||
| 2291 | RT_TRACE(rtlpriv, COMP_SEC, DBG_DMESG, | ||
| 2292 | "delete one entry\n"); | ||
| 2293 | + if (mac->opmode == NL80211_IFTYPE_AP || | ||
| 2294 | + mac->opmode == NL80211_IFTYPE_MESH_POINT) | ||
| 2295 | + rtl_cam_del_entry(hw, p_macaddr); | ||
| 2296 | rtl_cam_delete_one_entry(hw, p_macaddr, entry_id); | ||
| 2297 | } else { | ||
| 2298 | RT_TRACE(rtlpriv, COMP_SEC, DBG_LOUD, | ||
| 2299 | diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c | ||
| 2300 | index a73a17b..a71614f 100644 | ||
| 2301 | --- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c | ||
| 2302 | +++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c | ||
| 2303 | @@ -106,8 +106,7 @@ static struct rtl_hal_ops rtl8192cu_hal_ops = { | ||
| 2304 | .update_interrupt_mask = rtl92cu_update_interrupt_mask, | ||
| 2305 | .get_hw_reg = rtl92cu_get_hw_reg, | ||
| 2306 | .set_hw_reg = rtl92cu_set_hw_reg, | ||
| 2307 | - .update_rate_tbl = rtl92cu_update_hal_rate_table, | ||
| 2308 | - .update_rate_mask = rtl92cu_update_hal_rate_mask, | ||
| 2309 | + .update_rate_tbl = rtl92cu_update_hal_rate_tbl, | ||
| 2310 | .fill_tx_desc = rtl92cu_tx_fill_desc, | ||
| 2311 | .fill_fake_txdesc = rtl92cu_fill_fake_txdesc, | ||
| 2312 | .fill_tx_cmddesc = rtl92cu_tx_fill_cmddesc, | ||
| 2313 | @@ -137,6 +136,7 @@ static struct rtl_hal_ops rtl8192cu_hal_ops = { | ||
| 2314 | .phy_lc_calibrate = _rtl92cu_phy_lc_calibrate, | ||
| 2315 | .phy_set_bw_mode_callback = rtl92cu_phy_set_bw_mode_callback, | ||
| 2316 | .dm_dynamic_txpower = rtl92cu_dm_dynamic_txpower, | ||
| 2317 | + .fill_h2c_cmd = rtl92c_fill_h2c_cmd, | ||
| 2318 | }; | ||
| 2319 | |||
| 2320 | static struct rtl_mod_params rtl92cu_mod_params = { | ||
| 2321 | diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.h b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.h | ||
| 2322 | index a1310ab..262e1e4 100644 | ||
| 2323 | --- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.h | ||
| 2324 | +++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.h | ||
| 2325 | @@ -49,5 +49,8 @@ bool rtl92cu_phy_set_rf_power_state(struct ieee80211_hw *hw, | ||
| 2326 | u32 rtl92cu_phy_query_rf_reg(struct ieee80211_hw *hw, | ||
| 2327 | enum radio_path rfpath, u32 regaddr, u32 bitmask); | ||
| 2328 | void rtl92cu_phy_set_bw_mode_callback(struct ieee80211_hw *hw); | ||
| 2329 | +void rtl92cu_update_hal_rate_tbl(struct ieee80211_hw *hw, | ||
| 2330 | + struct ieee80211_sta *sta, | ||
| 2331 | + u8 rssi_level); | ||
| 2332 | |||
| 2333 | #endif | ||
| 2334 | diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c | ||
| 2335 | index 5847d6d..dbada54 100644 | ||
| 2336 | --- a/drivers/net/wireless/rtlwifi/usb.c | ||
| 2337 | +++ b/drivers/net/wireless/rtlwifi/usb.c | ||
| 2338 | @@ -740,6 +740,7 @@ static void rtl_usb_stop(struct ieee80211_hw *hw) | ||
| 2339 | |||
| 2340 | /* should after adapter start and interrupt enable. */ | ||
| 2341 | set_hal_stop(rtlhal); | ||
| 2342 | + cancel_work_sync(&rtlpriv->works.fill_h2c_cmd); | ||
| 2343 | /* Enable software */ | ||
| 2344 | SET_USB_STOP(rtlusb); | ||
| 2345 | rtl_usb_deinit(hw); | ||
| 2346 | @@ -942,6 +943,16 @@ static bool rtl_usb_tx_chk_waitq_insert(struct ieee80211_hw *hw, | ||
| 2347 | return false; | ||
| 2348 | } | ||
| 2349 | |||
| 2350 | +static void rtl_fill_h2c_cmd_work_callback(struct work_struct *work) | ||
| 2351 | +{ | ||
| 2352 | + struct rtl_works *rtlworks = | ||
| 2353 | + container_of(work, struct rtl_works, fill_h2c_cmd); | ||
| 2354 | + struct ieee80211_hw *hw = rtlworks->hw; | ||
| 2355 | + struct rtl_priv *rtlpriv = rtl_priv(hw); | ||
| 2356 | + | ||
| 2357 | + rtlpriv->cfg->ops->fill_h2c_cmd(hw, H2C_RA_MASK, 5, rtlpriv->rate_mask); | ||
| 2358 | +} | ||
| 2359 | + | ||
| 2360 | static struct rtl_intf_ops rtl_usb_ops = { | ||
| 2361 | .adapter_start = rtl_usb_start, | ||
| 2362 | .adapter_stop = rtl_usb_stop, | ||
| 2363 | @@ -973,6 +984,8 @@ int rtl_usb_probe(struct usb_interface *intf, | ||
| 2364 | |||
| 2365 | /* this spin lock must be initialized early */ | ||
| 2366 | spin_lock_init(&rtlpriv->locks.usb_lock); | ||
| 2367 | + INIT_WORK(&rtlpriv->works.fill_h2c_cmd, | ||
| 2368 | + rtl_fill_h2c_cmd_work_callback); | ||
| 2369 | |||
| 2370 | rtlpriv->usb_data_index = 0; | ||
| 2371 | init_completion(&rtlpriv->firmware_loading_complete); | ||
| 2372 | diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h | ||
| 2373 | index f13258a..a33779b 100644 | ||
| 2374 | --- a/drivers/net/wireless/rtlwifi/wifi.h | ||
| 2375 | +++ b/drivers/net/wireless/rtlwifi/wifi.h | ||
| 2376 | @@ -1572,6 +1572,8 @@ struct rtl_hal_ops { | ||
| 2377 | void (*bt_wifi_media_status_notify) (struct ieee80211_hw *hw, | ||
| 2378 | bool mstate); | ||
| 2379 | void (*bt_coex_off_before_lps) (struct ieee80211_hw *hw); | ||
| 2380 | + void (*fill_h2c_cmd) (struct ieee80211_hw *hw, u8 element_id, | ||
| 2381 | + u32 cmd_len, u8 *p_cmdbuffer); | ||
| 2382 | }; | ||
| 2383 | |||
| 2384 | struct rtl_intf_ops { | ||
| 2385 | @@ -1698,6 +1700,7 @@ struct rtl_works { | ||
| 2386 | struct delayed_work ps_rfon_wq; | ||
| 2387 | |||
| 2388 | struct work_struct lps_leave_work; | ||
| 2389 | + struct work_struct fill_h2c_cmd; | ||
| 2390 | }; | ||
| 2391 | |||
| 2392 | struct rtl_debug { | ||
| 2393 | @@ -1866,6 +1869,7 @@ struct rtl_priv { | ||
| 2394 | bool bt_operation_on; | ||
| 2395 | }; | ||
| 2396 | }; | ||
| 2397 | + u8 rate_mask[5]; | ||
| 2398 | |||
| 2399 | /*This must be the last item so | ||
| 2400 | that it points to the data allocated | ||
| 2401 | diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c | ||
| 2402 | index 8099e9d..401e414 100644 | ||
| 2403 | --- a/drivers/net/xen-netback/netback.c | ||
| 2404 | +++ b/drivers/net/xen-netback/netback.c | ||
| 2405 | @@ -39,6 +39,7 @@ | ||
| 2406 | #include <linux/udp.h> | ||
| 2407 | |||
| 2408 | #include <net/tcp.h> | ||
| 2409 | +#include <net/flow_keys.h> | ||
| 2410 | |||
| 2411 | #include <xen/xen.h> | ||
| 2412 | #include <xen/events.h> | ||
| 2413 | @@ -1352,6 +1353,7 @@ static int checksum_setup(struct xenvif *vif, struct sk_buff *skb) | ||
| 2414 | if (th >= skb_tail_pointer(skb)) | ||
| 2415 | goto out; | ||
| 2416 | |||
| 2417 | + skb_set_transport_header(skb, 4 * iph->ihl); | ||
| 2418 | skb->csum_start = th - skb->head; | ||
| 2419 | switch (iph->protocol) { | ||
| 2420 | case IPPROTO_TCP: | ||
| 2421 | @@ -1665,6 +1667,7 @@ static void xen_netbk_tx_submit(struct xen_netbk *netbk) | ||
| 2422 | |||
| 2423 | skb->dev = vif->dev; | ||
| 2424 | skb->protocol = eth_type_trans(skb, skb->dev); | ||
| 2425 | + skb_reset_network_header(skb); | ||
| 2426 | |||
| 2427 | if (checksum_setup(vif, skb)) { | ||
| 2428 | netdev_dbg(vif->dev, | ||
| 2429 | @@ -1673,6 +1676,15 @@ static void xen_netbk_tx_submit(struct xen_netbk *netbk) | ||
| 2430 | continue; | ||
| 2431 | } | ||
| 2432 | |||
| 2433 | + if (!skb_transport_header_was_set(skb)) { | ||
| 2434 | + struct flow_keys keys; | ||
| 2435 | + | ||
| 2436 | + if (skb_flow_dissect(skb, &keys)) | ||
| 2437 | + skb_set_transport_header(skb, keys.thoff); | ||
| 2438 | + else | ||
| 2439 | + skb_reset_transport_header(skb); | ||
| 2440 | + } | ||
| 2441 | + | ||
| 2442 | vif->dev->stats.rx_bytes += skb->len; | ||
| 2443 | vif->dev->stats.rx_packets++; | ||
| 2444 | |||
| 2445 | diff --git a/drivers/parisc/iosapic.c b/drivers/parisc/iosapic.c | ||
| 2446 | index 9544cdc..e79e006 100644 | ||
| 2447 | --- a/drivers/parisc/iosapic.c | ||
| 2448 | +++ b/drivers/parisc/iosapic.c | ||
| 2449 | @@ -811,6 +811,70 @@ int iosapic_fixup_irq(void *isi_obj, struct pci_dev *pcidev) | ||
| 2450 | return pcidev->irq; | ||
| 2451 | } | ||
| 2452 | |||
| 2453 | +static struct iosapic_info *first_isi = NULL; | ||
| 2454 | + | ||
| 2455 | +#ifdef CONFIG_64BIT | ||
| 2456 | +int iosapic_serial_irq(int num) | ||
| 2457 | +{ | ||
| 2458 | + struct iosapic_info *isi = first_isi; | ||
| 2459 | + struct irt_entry *irte = NULL; /* only used if PAT PDC */ | ||
| 2460 | + struct vector_info *vi; | ||
| 2461 | + int isi_line; /* line used by device */ | ||
| 2462 | + | ||
| 2463 | + /* lookup IRT entry for isi/slot/pin set */ | ||
| 2464 | + irte = &irt_cell[num]; | ||
| 2465 | + | ||
| 2466 | + DBG_IRT("iosapic_serial_irq(): irte %p %x %x %x %x %x %x %x %x\n", | ||
| 2467 | + irte, | ||
| 2468 | + irte->entry_type, | ||
| 2469 | + irte->entry_length, | ||
| 2470 | + irte->polarity_trigger, | ||
| 2471 | + irte->src_bus_irq_devno, | ||
| 2472 | + irte->src_bus_id, | ||
| 2473 | + irte->src_seg_id, | ||
| 2474 | + irte->dest_iosapic_intin, | ||
| 2475 | + (u32) irte->dest_iosapic_addr); | ||
| 2476 | + isi_line = irte->dest_iosapic_intin; | ||
| 2477 | + | ||
| 2478 | + /* get vector info for this input line */ | ||
| 2479 | + vi = isi->isi_vector + isi_line; | ||
| 2480 | + DBG_IRT("iosapic_serial_irq: line %d vi 0x%p\n", isi_line, vi); | ||
| 2481 | + | ||
| 2482 | + /* If this IRQ line has already been setup, skip it */ | ||
| 2483 | + if (vi->irte) | ||
| 2484 | + goto out; | ||
| 2485 | + | ||
| 2486 | + vi->irte = irte; | ||
| 2487 | + | ||
| 2488 | + /* | ||
| 2489 | + * Allocate processor IRQ | ||
| 2490 | + * | ||
| 2491 | + * XXX/FIXME The txn_alloc_irq() code and related code should be | ||
| 2492 | + * moved to enable_irq(). That way we only allocate processor IRQ | ||
| 2493 | + * bits for devices that actually have drivers claiming them. | ||
| 2494 | + * Right now we assign an IRQ to every PCI device present, | ||
| 2495 | + * regardless of whether it's used or not. | ||
| 2496 | + */ | ||
| 2497 | + vi->txn_irq = txn_alloc_irq(8); | ||
| 2498 | + | ||
| 2499 | + if (vi->txn_irq < 0) | ||
| 2500 | + panic("I/O sapic: couldn't get TXN IRQ\n"); | ||
| 2501 | + | ||
| 2502 | + /* enable_irq() will use txn_* to program IRdT */ | ||
| 2503 | + vi->txn_addr = txn_alloc_addr(vi->txn_irq); | ||
| 2504 | + vi->txn_data = txn_alloc_data(vi->txn_irq); | ||
| 2505 | + | ||
| 2506 | + vi->eoi_addr = isi->addr + IOSAPIC_REG_EOI; | ||
| 2507 | + vi->eoi_data = cpu_to_le32(vi->txn_data); | ||
| 2508 | + | ||
| 2509 | + cpu_claim_irq(vi->txn_irq, &iosapic_interrupt_type, vi); | ||
| 2510 | + | ||
| 2511 | + out: | ||
| 2512 | + | ||
| 2513 | + return vi->txn_irq; | ||
| 2514 | +} | ||
| 2515 | +#endif | ||
| 2516 | + | ||
| 2517 | |||
| 2518 | /* | ||
| 2519 | ** squirrel away the I/O Sapic Version | ||
| 2520 | @@ -877,6 +941,8 @@ void *iosapic_register(unsigned long hpa) | ||
| 2521 | vip->irqline = (unsigned char) cnt; | ||
| 2522 | vip->iosapic = isi; | ||
| 2523 | } | ||
| 2524 | + if (!first_isi) | ||
| 2525 | + first_isi = isi; | ||
| 2526 | return isi; | ||
| 2527 | } | ||
| 2528 | |||
| 2529 | diff --git a/drivers/parport/parport_gsc.c b/drivers/parport/parport_gsc.c | ||
| 2530 | index 050773c..b2ff8ef 100644 | ||
| 2531 | --- a/drivers/parport/parport_gsc.c | ||
| 2532 | +++ b/drivers/parport/parport_gsc.c | ||
| 2533 | @@ -234,7 +234,7 @@ static int parport_PS2_supported(struct parport *pb) | ||
| 2534 | |||
| 2535 | struct parport *parport_gsc_probe_port(unsigned long base, | ||
| 2536 | unsigned long base_hi, int irq, | ||
| 2537 | - int dma, struct pci_dev *dev) | ||
| 2538 | + int dma, struct parisc_device *padev) | ||
| 2539 | { | ||
| 2540 | struct parport_gsc_private *priv; | ||
| 2541 | struct parport_operations *ops; | ||
| 2542 | @@ -258,7 +258,6 @@ struct parport *parport_gsc_probe_port(unsigned long base, | ||
| 2543 | priv->ctr_writable = 0xff; | ||
| 2544 | priv->dma_buf = 0; | ||
| 2545 | priv->dma_handle = 0; | ||
| 2546 | - priv->dev = dev; | ||
| 2547 | p->base = base; | ||
| 2548 | p->base_hi = base_hi; | ||
| 2549 | p->irq = irq; | ||
| 2550 | @@ -282,6 +281,7 @@ struct parport *parport_gsc_probe_port(unsigned long base, | ||
| 2551 | return NULL; | ||
| 2552 | } | ||
| 2553 | |||
| 2554 | + p->dev = &padev->dev; | ||
| 2555 | p->base_hi = base_hi; | ||
| 2556 | p->modes = tmp.modes; | ||
| 2557 | p->size = (p->modes & PARPORT_MODE_EPP)?8:3; | ||
| 2558 | @@ -373,7 +373,7 @@ static int parport_init_chip(struct parisc_device *dev) | ||
| 2559 | } | ||
| 2560 | |||
| 2561 | p = parport_gsc_probe_port(port, 0, dev->irq, | ||
| 2562 | - /* PARPORT_IRQ_NONE */ PARPORT_DMA_NONE, NULL); | ||
| 2563 | + /* PARPORT_IRQ_NONE */ PARPORT_DMA_NONE, dev); | ||
| 2564 | if (p) | ||
| 2565 | parport_count++; | ||
| 2566 | dev_set_drvdata(&dev->dev, p); | ||
| 2567 | diff --git a/drivers/parport/parport_gsc.h b/drivers/parport/parport_gsc.h | ||
| 2568 | index fc9c37c..8122147 100644 | ||
| 2569 | --- a/drivers/parport/parport_gsc.h | ||
| 2570 | +++ b/drivers/parport/parport_gsc.h | ||
| 2571 | @@ -217,6 +217,6 @@ extern void parport_gsc_dec_use_count(void); | ||
| 2572 | extern struct parport *parport_gsc_probe_port(unsigned long base, | ||
| 2573 | unsigned long base_hi, | ||
| 2574 | int irq, int dma, | ||
| 2575 | - struct pci_dev *dev); | ||
| 2576 | + struct parisc_device *padev); | ||
| 2577 | |||
| 2578 | #endif /* __DRIVERS_PARPORT_PARPORT_GSC_H */ | ||
| 2579 | diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c b/drivers/scsi/qla2xxx/tcm_qla2xxx.c | ||
| 2580 | index d182c96..0c58bd1 100644 | ||
| 2581 | --- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c | ||
| 2582 | +++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c | ||
| 2583 | @@ -688,8 +688,12 @@ static int tcm_qla2xxx_queue_status(struct se_cmd *se_cmd) | ||
| 2584 | * For FCP_READ with CHECK_CONDITION status, clear cmd->bufflen | ||
| 2585 | * for qla_tgt_xmit_response LLD code | ||
| 2586 | */ | ||
| 2587 | + if (se_cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { | ||
| 2588 | + se_cmd->se_cmd_flags &= ~SCF_OVERFLOW_BIT; | ||
| 2589 | + se_cmd->residual_count = 0; | ||
| 2590 | + } | ||
| 2591 | se_cmd->se_cmd_flags |= SCF_UNDERFLOW_BIT; | ||
| 2592 | - se_cmd->residual_count = se_cmd->data_length; | ||
| 2593 | + se_cmd->residual_count += se_cmd->data_length; | ||
| 2594 | |||
| 2595 | cmd->bufflen = 0; | ||
| 2596 | } | ||
| 2597 | diff --git a/drivers/spi/spi-pxa2xx-dma.c b/drivers/spi/spi-pxa2xx-dma.c | ||
| 2598 | index c735c5a..6427600 100644 | ||
| 2599 | --- a/drivers/spi/spi-pxa2xx-dma.c | ||
| 2600 | +++ b/drivers/spi/spi-pxa2xx-dma.c | ||
| 2601 | @@ -59,7 +59,7 @@ static int pxa2xx_spi_map_dma_buffer(struct driver_data *drv_data, | ||
| 2602 | int ret; | ||
| 2603 | |||
| 2604 | sg_free_table(sgt); | ||
| 2605 | - ret = sg_alloc_table(sgt, nents, GFP_KERNEL); | ||
| 2606 | + ret = sg_alloc_table(sgt, nents, GFP_ATOMIC); | ||
| 2607 | if (ret) | ||
| 2608 | return ret; | ||
| 2609 | } | ||
| 2610 | diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c | ||
| 2611 | index 8104138..0a6dac4 100644 | ||
| 2612 | --- a/drivers/spi/spi-pxa2xx.c | ||
| 2613 | +++ b/drivers/spi/spi-pxa2xx.c | ||
| 2614 | @@ -1069,7 +1069,7 @@ pxa2xx_spi_acpi_get_pdata(struct platform_device *pdev) | ||
| 2615 | acpi_bus_get_device(ACPI_HANDLE(&pdev->dev), &adev)) | ||
| 2616 | return NULL; | ||
| 2617 | |||
| 2618 | - pdata = devm_kzalloc(&pdev->dev, sizeof(*ssp), GFP_KERNEL); | ||
| 2619 | + pdata = devm_kzalloc(&pdev->dev, sizeof(*pdata), GFP_KERNEL); | ||
| 2620 | if (!pdata) { | ||
| 2621 | dev_err(&pdev->dev, | ||
| 2622 | "failed to allocate memory for platform data\n"); | ||
| 2623 | diff --git a/drivers/target/iscsi/iscsi_target_erl0.c b/drivers/target/iscsi/iscsi_target_erl0.c | ||
| 2624 | index 8e6298c..dcb199d 100644 | ||
| 2625 | --- a/drivers/target/iscsi/iscsi_target_erl0.c | ||
| 2626 | +++ b/drivers/target/iscsi/iscsi_target_erl0.c | ||
| 2627 | @@ -842,11 +842,11 @@ int iscsit_stop_time2retain_timer(struct iscsi_session *sess) | ||
| 2628 | return 0; | ||
| 2629 | |||
| 2630 | sess->time2retain_timer_flags |= ISCSI_TF_STOP; | ||
| 2631 | - spin_unlock_bh(&se_tpg->session_lock); | ||
| 2632 | + spin_unlock(&se_tpg->session_lock); | ||
| 2633 | |||
| 2634 | del_timer_sync(&sess->time2retain_timer); | ||
| 2635 | |||
| 2636 | - spin_lock_bh(&se_tpg->session_lock); | ||
| 2637 | + spin_lock(&se_tpg->session_lock); | ||
| 2638 | sess->time2retain_timer_flags &= ~ISCSI_TF_RUNNING; | ||
| 2639 | pr_debug("Stopped Time2Retain Timer for SID: %u\n", | ||
| 2640 | sess->sid); | ||
| 2641 | diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c | ||
| 2642 | index 125e0fd..74a5e8b 100644 | ||
| 2643 | --- a/drivers/tty/pty.c | ||
| 2644 | +++ b/drivers/tty/pty.c | ||
| 2645 | @@ -244,14 +244,9 @@ static void pty_flush_buffer(struct tty_struct *tty) | ||
| 2646 | |||
| 2647 | static int pty_open(struct tty_struct *tty, struct file *filp) | ||
| 2648 | { | ||
| 2649 | - int retval = -ENODEV; | ||
| 2650 | - | ||
| 2651 | if (!tty || !tty->link) | ||
| 2652 | - goto out; | ||
| 2653 | - | ||
| 2654 | - set_bit(TTY_IO_ERROR, &tty->flags); | ||
| 2655 | + return -ENODEV; | ||
| 2656 | |||
| 2657 | - retval = -EIO; | ||
| 2658 | if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) | ||
| 2659 | goto out; | ||
| 2660 | if (test_bit(TTY_PTY_LOCK, &tty->link->flags)) | ||
| 2661 | @@ -262,9 +257,11 @@ static int pty_open(struct tty_struct *tty, struct file *filp) | ||
| 2662 | clear_bit(TTY_IO_ERROR, &tty->flags); | ||
| 2663 | clear_bit(TTY_OTHER_CLOSED, &tty->link->flags); | ||
| 2664 | set_bit(TTY_THROTTLED, &tty->flags); | ||
| 2665 | - retval = 0; | ||
| 2666 | + return 0; | ||
| 2667 | + | ||
| 2668 | out: | ||
| 2669 | - return retval; | ||
| 2670 | + set_bit(TTY_IO_ERROR, &tty->flags); | ||
| 2671 | + return -EIO; | ||
| 2672 | } | ||
| 2673 | |||
| 2674 | static void pty_set_termios(struct tty_struct *tty, | ||
| 2675 | diff --git a/drivers/tty/serial/8250/8250_gsc.c b/drivers/tty/serial/8250/8250_gsc.c | ||
| 2676 | index 097dff9..bb91b47 100644 | ||
| 2677 | --- a/drivers/tty/serial/8250/8250_gsc.c | ||
| 2678 | +++ b/drivers/tty/serial/8250/8250_gsc.c | ||
| 2679 | @@ -30,6 +30,12 @@ static int __init serial_init_chip(struct parisc_device *dev) | ||
| 2680 | unsigned long address; | ||
| 2681 | int err; | ||
| 2682 | |||
| 2683 | +#ifdef CONFIG_64BIT | ||
| 2684 | + extern int iosapic_serial_irq(int cellnum); | ||
| 2685 | + if (!dev->irq && (dev->id.sversion == 0xad)) | ||
| 2686 | + dev->irq = iosapic_serial_irq(dev->mod_index-1); | ||
| 2687 | +#endif | ||
| 2688 | + | ||
| 2689 | if (!dev->irq) { | ||
| 2690 | /* We find some unattached serial ports by walking native | ||
| 2691 | * busses. These should be silently ignored. Otherwise, | ||
| 2692 | @@ -51,7 +57,8 @@ static int __init serial_init_chip(struct parisc_device *dev) | ||
| 2693 | memset(&uart, 0, sizeof(uart)); | ||
| 2694 | uart.port.iotype = UPIO_MEM; | ||
| 2695 | /* 7.272727MHz on Lasi. Assumed the same for Dino, Wax and Timi. */ | ||
| 2696 | - uart.port.uartclk = 7272727; | ||
| 2697 | + uart.port.uartclk = (dev->id.sversion != 0xad) ? | ||
| 2698 | + 7272727 : 1843200; | ||
| 2699 | uart.port.mapbase = address; | ||
| 2700 | uart.port.membase = ioremap_nocache(address, 16); | ||
| 2701 | uart.port.irq = dev->irq; | ||
| 2702 | @@ -73,6 +80,7 @@ static struct parisc_device_id serial_tbl[] = { | ||
| 2703 | { HPHW_FIO, HVERSION_REV_ANY_ID, HVERSION_ANY_ID, 0x00075 }, | ||
| 2704 | { HPHW_FIO, HVERSION_REV_ANY_ID, HVERSION_ANY_ID, 0x0008c }, | ||
| 2705 | { HPHW_FIO, HVERSION_REV_ANY_ID, HVERSION_ANY_ID, 0x0008d }, | ||
| 2706 | + { HPHW_FIO, HVERSION_REV_ANY_ID, HVERSION_ANY_ID, 0x000ad }, | ||
| 2707 | { 0 } | ||
| 2708 | }; | ||
| 2709 | |||
| 2710 | diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c | ||
| 2711 | index c8b9262..b645c47 100644 | ||
| 2712 | --- a/drivers/uio/uio.c | ||
| 2713 | +++ b/drivers/uio/uio.c | ||
| 2714 | @@ -374,6 +374,7 @@ static int uio_get_minor(struct uio_device *idev) | ||
| 2715 | retval = idr_alloc(&uio_idr, idev, 0, UIO_MAX_DEVICES, GFP_KERNEL); | ||
| 2716 | if (retval >= 0) { | ||
| 2717 | idev->minor = retval; | ||
| 2718 | + retval = 0; | ||
| 2719 | } else if (retval == -ENOSPC) { | ||
| 2720 | dev_err(idev->dev, "too many uio devices\n"); | ||
| 2721 | retval = -EINVAL; | ||
| 2722 | diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c | ||
| 2723 | index 73deb02..1d75833 100644 | ||
| 2724 | --- a/drivers/usb/serial/ti_usb_3410_5052.c | ||
| 2725 | +++ b/drivers/usb/serial/ti_usb_3410_5052.c | ||
| 2726 | @@ -178,7 +178,8 @@ static struct usb_device_id ti_id_table_3410[15+TI_EXTRA_VID_PID_COUNT+1] = { | ||
| 2727 | { USB_DEVICE(IBM_VENDOR_ID, IBM_4543_PRODUCT_ID) }, | ||
| 2728 | { USB_DEVICE(IBM_VENDOR_ID, IBM_454B_PRODUCT_ID) }, | ||
| 2729 | { USB_DEVICE(IBM_VENDOR_ID, IBM_454C_PRODUCT_ID) }, | ||
| 2730 | - { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_PRODUCT_ID) }, | ||
| 2731 | + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STEREO_PLUG_ID) }, | ||
| 2732 | + { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STRIP_PORT_ID) }, | ||
| 2733 | { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) }, | ||
| 2734 | }; | ||
| 2735 | |||
| 2736 | diff --git a/drivers/usb/serial/ti_usb_3410_5052.h b/drivers/usb/serial/ti_usb_3410_5052.h | ||
| 2737 | index b353e7e..4a2423e 100644 | ||
| 2738 | --- a/drivers/usb/serial/ti_usb_3410_5052.h | ||
| 2739 | +++ b/drivers/usb/serial/ti_usb_3410_5052.h | ||
| 2740 | @@ -52,7 +52,9 @@ | ||
| 2741 | |||
| 2742 | /* Abbott Diabetics vendor and product ids */ | ||
| 2743 | #define ABBOTT_VENDOR_ID 0x1a61 | ||
| 2744 | -#define ABBOTT_PRODUCT_ID 0x3410 | ||
| 2745 | +#define ABBOTT_STEREO_PLUG_ID 0x3410 | ||
| 2746 | +#define ABBOTT_PRODUCT_ID ABBOTT_STEREO_PLUG_ID | ||
| 2747 | +#define ABBOTT_STRIP_PORT_ID 0x3420 | ||
| 2748 | |||
| 2749 | /* Commands */ | ||
| 2750 | #define TI_GET_VERSION 0x01 | ||
| 2751 | diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c | ||
| 2752 | index ec6fb3f..dfff647 100644 | ||
| 2753 | --- a/drivers/vhost/net.c | ||
| 2754 | +++ b/drivers/vhost/net.c | ||
| 2755 | @@ -353,7 +353,8 @@ static void handle_tx(struct vhost_net *net) | ||
| 2756 | kref_get(&ubufs->kref); | ||
| 2757 | } | ||
| 2758 | vq->upend_idx = (vq->upend_idx + 1) % UIO_MAXIOV; | ||
| 2759 | - } | ||
| 2760 | + } else | ||
| 2761 | + msg.msg_control = NULL; | ||
| 2762 | /* TODO: Check specific error and bomb out unless ENOBUFS? */ | ||
| 2763 | err = sock->ops->sendmsg(NULL, sock, &msg, len); | ||
| 2764 | if (unlikely(err < 0)) { | ||
| 2765 | diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h | ||
| 2766 | index 1d795df..2f522a3 100644 | ||
| 2767 | --- a/include/linux/perf_event.h | ||
| 2768 | +++ b/include/linux/perf_event.h | ||
| 2769 | @@ -404,8 +404,7 @@ struct perf_event { | ||
| 2770 | /* mmap bits */ | ||
| 2771 | struct mutex mmap_mutex; | ||
| 2772 | atomic_t mmap_count; | ||
| 2773 | - int mmap_locked; | ||
| 2774 | - struct user_struct *mmap_user; | ||
| 2775 | + | ||
| 2776 | struct ring_buffer *rb; | ||
| 2777 | struct list_head rb_entry; | ||
| 2778 | |||
| 2779 | diff --git a/include/linux/rculist_nulls.h b/include/linux/rculist_nulls.h | ||
| 2780 | index 2ae1371..1c33dd7 100644 | ||
| 2781 | --- a/include/linux/rculist_nulls.h | ||
| 2782 | +++ b/include/linux/rculist_nulls.h | ||
| 2783 | @@ -105,9 +105,14 @@ static inline void hlist_nulls_add_head_rcu(struct hlist_nulls_node *n, | ||
| 2784 | * @head: the head for your list. | ||
| 2785 | * @member: the name of the hlist_nulls_node within the struct. | ||
| 2786 | * | ||
| 2787 | + * The barrier() is needed to make sure compiler doesn't cache first element [1], | ||
| 2788 | + * as this loop can be restarted [2] | ||
| 2789 | + * [1] Documentation/atomic_ops.txt around line 114 | ||
| 2790 | + * [2] Documentation/RCU/rculist_nulls.txt around line 146 | ||
| 2791 | */ | ||
| 2792 | #define hlist_nulls_for_each_entry_rcu(tpos, pos, head, member) \ | ||
| 2793 | - for (pos = rcu_dereference_raw(hlist_nulls_first_rcu(head)); \ | ||
| 2794 | + for (({barrier();}), \ | ||
| 2795 | + pos = rcu_dereference_raw(hlist_nulls_first_rcu(head)); \ | ||
| 2796 | (!is_a_nulls(pos)) && \ | ||
| 2797 | ({ tpos = hlist_nulls_entry(pos, typeof(*tpos), member); 1; }); \ | ||
| 2798 | pos = rcu_dereference_raw(hlist_nulls_next_rcu(pos))) | ||
| 2799 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h | ||
| 2800 | index b8292d8..1f2803c 100644 | ||
| 2801 | --- a/include/linux/skbuff.h | ||
| 2802 | +++ b/include/linux/skbuff.h | ||
| 2803 | @@ -2761,6 +2761,21 @@ static inline int skb_tnl_header_len(const struct sk_buff *inner_skb) | ||
| 2804 | SKB_GSO_CB(inner_skb)->mac_offset; | ||
| 2805 | } | ||
| 2806 | |||
| 2807 | +static inline int gso_pskb_expand_head(struct sk_buff *skb, int extra) | ||
| 2808 | +{ | ||
| 2809 | + int new_headroom, headroom; | ||
| 2810 | + int ret; | ||
| 2811 | + | ||
| 2812 | + headroom = skb_headroom(skb); | ||
| 2813 | + ret = pskb_expand_head(skb, extra, 0, GFP_ATOMIC); | ||
| 2814 | + if (ret) | ||
| 2815 | + return ret; | ||
| 2816 | + | ||
| 2817 | + new_headroom = skb_headroom(skb); | ||
| 2818 | + SKB_GSO_CB(skb)->mac_offset += (new_headroom - headroom); | ||
| 2819 | + return 0; | ||
| 2820 | +} | ||
| 2821 | + | ||
| 2822 | static inline bool skb_is_gso(const struct sk_buff *skb) | ||
| 2823 | { | ||
| 2824 | return skb_shinfo(skb)->gso_size; | ||
| 2825 | diff --git a/include/linux/socket.h b/include/linux/socket.h | ||
| 2826 | index 2b9f74b..e897bdc 100644 | ||
| 2827 | --- a/include/linux/socket.h | ||
| 2828 | +++ b/include/linux/socket.h | ||
| 2829 | @@ -321,6 +321,9 @@ extern int put_cmsg(struct msghdr*, int level, int type, int len, void *data); | ||
| 2830 | |||
| 2831 | struct timespec; | ||
| 2832 | |||
| 2833 | +/* The __sys_...msg variants allow MSG_CMSG_COMPAT */ | ||
| 2834 | +extern long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags); | ||
| 2835 | +extern long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags); | ||
| 2836 | extern int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
| 2837 | unsigned int flags, struct timespec *timeout); | ||
| 2838 | extern int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, | ||
| 2839 | diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h | ||
| 2840 | index f10818f..e7f4e21 100644 | ||
| 2841 | --- a/include/net/sch_generic.h | ||
| 2842 | +++ b/include/net/sch_generic.h | ||
| 2843 | @@ -679,22 +679,26 @@ static inline struct sk_buff *skb_act_clone(struct sk_buff *skb, gfp_t gfp_mask, | ||
| 2844 | #endif | ||
| 2845 | |||
| 2846 | struct psched_ratecfg { | ||
| 2847 | - u64 rate_bps; | ||
| 2848 | - u32 mult; | ||
| 2849 | - u32 shift; | ||
| 2850 | + u64 rate_bps; | ||
| 2851 | + u32 mult; | ||
| 2852 | + u16 overhead; | ||
| 2853 | + u8 shift; | ||
| 2854 | }; | ||
| 2855 | |||
| 2856 | static inline u64 psched_l2t_ns(const struct psched_ratecfg *r, | ||
| 2857 | unsigned int len) | ||
| 2858 | { | ||
| 2859 | - return ((u64)len * r->mult) >> r->shift; | ||
| 2860 | + return ((u64)(len + r->overhead) * r->mult) >> r->shift; | ||
| 2861 | } | ||
| 2862 | |||
| 2863 | -extern void psched_ratecfg_precompute(struct psched_ratecfg *r, u32 rate); | ||
| 2864 | +extern void psched_ratecfg_precompute(struct psched_ratecfg *r, const struct tc_ratespec *conf); | ||
| 2865 | |||
| 2866 | -static inline u32 psched_ratecfg_getrate(const struct psched_ratecfg *r) | ||
| 2867 | +static inline void psched_ratecfg_getrate(struct tc_ratespec *res, | ||
| 2868 | + const struct psched_ratecfg *r) | ||
| 2869 | { | ||
| 2870 | - return r->rate_bps >> 3; | ||
| 2871 | + memset(res, 0, sizeof(*res)); | ||
| 2872 | + res->rate = r->rate_bps >> 3; | ||
| 2873 | + res->overhead = r->overhead; | ||
| 2874 | } | ||
| 2875 | |||
| 2876 | #endif | ||
| 2877 | diff --git a/kernel/events/core.c b/kernel/events/core.c | ||
| 2878 | index 9fcb094..f8ddcfb 100644 | ||
| 2879 | --- a/kernel/events/core.c | ||
| 2880 | +++ b/kernel/events/core.c | ||
| 2881 | @@ -194,9 +194,6 @@ static void cpu_ctx_sched_in(struct perf_cpu_context *cpuctx, | ||
| 2882 | static void update_context_time(struct perf_event_context *ctx); | ||
| 2883 | static u64 perf_event_time(struct perf_event *event); | ||
| 2884 | |||
| 2885 | -static void ring_buffer_attach(struct perf_event *event, | ||
| 2886 | - struct ring_buffer *rb); | ||
| 2887 | - | ||
| 2888 | void __weak perf_event_print_debug(void) { } | ||
| 2889 | |||
| 2890 | extern __weak const char *perf_pmu_name(void) | ||
| 2891 | @@ -2867,6 +2864,7 @@ static void free_event_rcu(struct rcu_head *head) | ||
| 2892 | } | ||
| 2893 | |||
| 2894 | static void ring_buffer_put(struct ring_buffer *rb); | ||
| 2895 | +static void ring_buffer_detach(struct perf_event *event, struct ring_buffer *rb); | ||
| 2896 | |||
| 2897 | static void free_event(struct perf_event *event) | ||
| 2898 | { | ||
| 2899 | @@ -2891,15 +2889,30 @@ static void free_event(struct perf_event *event) | ||
| 2900 | if (has_branch_stack(event)) { | ||
| 2901 | static_key_slow_dec_deferred(&perf_sched_events); | ||
| 2902 | /* is system-wide event */ | ||
| 2903 | - if (!(event->attach_state & PERF_ATTACH_TASK)) | ||
| 2904 | + if (!(event->attach_state & PERF_ATTACH_TASK)) { | ||
| 2905 | atomic_dec(&per_cpu(perf_branch_stack_events, | ||
| 2906 | event->cpu)); | ||
| 2907 | + } | ||
| 2908 | } | ||
| 2909 | } | ||
| 2910 | |||
| 2911 | if (event->rb) { | ||
| 2912 | - ring_buffer_put(event->rb); | ||
| 2913 | - event->rb = NULL; | ||
| 2914 | + struct ring_buffer *rb; | ||
| 2915 | + | ||
| 2916 | + /* | ||
| 2917 | + * Can happen when we close an event with re-directed output. | ||
| 2918 | + * | ||
| 2919 | + * Since we have a 0 refcount, perf_mmap_close() will skip | ||
| 2920 | + * over us; possibly making our ring_buffer_put() the last. | ||
| 2921 | + */ | ||
| 2922 | + mutex_lock(&event->mmap_mutex); | ||
| 2923 | + rb = event->rb; | ||
| 2924 | + if (rb) { | ||
| 2925 | + rcu_assign_pointer(event->rb, NULL); | ||
| 2926 | + ring_buffer_detach(event, rb); | ||
| 2927 | + ring_buffer_put(rb); /* could be last */ | ||
| 2928 | + } | ||
| 2929 | + mutex_unlock(&event->mmap_mutex); | ||
| 2930 | } | ||
| 2931 | |||
| 2932 | if (is_cgroup_event(event)) | ||
| 2933 | @@ -3137,30 +3150,13 @@ static unsigned int perf_poll(struct file *file, poll_table *wait) | ||
| 2934 | unsigned int events = POLL_HUP; | ||
| 2935 | |||
| 2936 | /* | ||
| 2937 | - * Race between perf_event_set_output() and perf_poll(): perf_poll() | ||
| 2938 | - * grabs the rb reference but perf_event_set_output() overrides it. | ||
| 2939 | - * Here is the timeline for two threads T1, T2: | ||
| 2940 | - * t0: T1, rb = rcu_dereference(event->rb) | ||
| 2941 | - * t1: T2, old_rb = event->rb | ||
| 2942 | - * t2: T2, event->rb = new rb | ||
| 2943 | - * t3: T2, ring_buffer_detach(old_rb) | ||
| 2944 | - * t4: T1, ring_buffer_attach(rb1) | ||
| 2945 | - * t5: T1, poll_wait(event->waitq) | ||
| 2946 | - * | ||
| 2947 | - * To avoid this problem, we grab mmap_mutex in perf_poll() | ||
| 2948 | - * thereby ensuring that the assignment of the new ring buffer | ||
| 2949 | - * and the detachment of the old buffer appear atomic to perf_poll() | ||
| 2950 | + * Pin the event->rb by taking event->mmap_mutex; otherwise | ||
| 2951 | + * perf_event_set_output() can swizzle our rb and make us miss wakeups. | ||
| 2952 | */ | ||
| 2953 | mutex_lock(&event->mmap_mutex); | ||
| 2954 | - | ||
| 2955 | - rcu_read_lock(); | ||
| 2956 | - rb = rcu_dereference(event->rb); | ||
| 2957 | - if (rb) { | ||
| 2958 | - ring_buffer_attach(event, rb); | ||
| 2959 | + rb = event->rb; | ||
| 2960 | + if (rb) | ||
| 2961 | events = atomic_xchg(&rb->poll, 0); | ||
| 2962 | - } | ||
| 2963 | - rcu_read_unlock(); | ||
| 2964 | - | ||
| 2965 | mutex_unlock(&event->mmap_mutex); | ||
| 2966 | |||
| 2967 | poll_wait(file, &event->waitq, wait); | ||
| 2968 | @@ -3470,16 +3466,12 @@ static void ring_buffer_attach(struct perf_event *event, | ||
| 2969 | return; | ||
| 2970 | |||
| 2971 | spin_lock_irqsave(&rb->event_lock, flags); | ||
| 2972 | - if (!list_empty(&event->rb_entry)) | ||
| 2973 | - goto unlock; | ||
| 2974 | - | ||
| 2975 | - list_add(&event->rb_entry, &rb->event_list); | ||
| 2976 | -unlock: | ||
| 2977 | + if (list_empty(&event->rb_entry)) | ||
| 2978 | + list_add(&event->rb_entry, &rb->event_list); | ||
| 2979 | spin_unlock_irqrestore(&rb->event_lock, flags); | ||
| 2980 | } | ||
| 2981 | |||
| 2982 | -static void ring_buffer_detach(struct perf_event *event, | ||
| 2983 | - struct ring_buffer *rb) | ||
| 2984 | +static void ring_buffer_detach(struct perf_event *event, struct ring_buffer *rb) | ||
| 2985 | { | ||
| 2986 | unsigned long flags; | ||
| 2987 | |||
| 2988 | @@ -3498,13 +3490,10 @@ static void ring_buffer_wakeup(struct perf_event *event) | ||
| 2989 | |||
| 2990 | rcu_read_lock(); | ||
| 2991 | rb = rcu_dereference(event->rb); | ||
| 2992 | - if (!rb) | ||
| 2993 | - goto unlock; | ||
| 2994 | - | ||
| 2995 | - list_for_each_entry_rcu(event, &rb->event_list, rb_entry) | ||
| 2996 | - wake_up_all(&event->waitq); | ||
| 2997 | - | ||
| 2998 | -unlock: | ||
| 2999 | + if (rb) { | ||
| 3000 | + list_for_each_entry_rcu(event, &rb->event_list, rb_entry) | ||
| 3001 | + wake_up_all(&event->waitq); | ||
| 3002 | + } | ||
| 3003 | rcu_read_unlock(); | ||
| 3004 | } | ||
| 3005 | |||
| 3006 | @@ -3533,18 +3522,10 @@ static struct ring_buffer *ring_buffer_get(struct perf_event *event) | ||
| 3007 | |||
| 3008 | static void ring_buffer_put(struct ring_buffer *rb) | ||
| 3009 | { | ||
| 3010 | - struct perf_event *event, *n; | ||
| 3011 | - unsigned long flags; | ||
| 3012 | - | ||
| 3013 | if (!atomic_dec_and_test(&rb->refcount)) | ||
| 3014 | return; | ||
| 3015 | |||
| 3016 | - spin_lock_irqsave(&rb->event_lock, flags); | ||
| 3017 | - list_for_each_entry_safe(event, n, &rb->event_list, rb_entry) { | ||
| 3018 | - list_del_init(&event->rb_entry); | ||
| 3019 | - wake_up_all(&event->waitq); | ||
| 3020 | - } | ||
| 3021 | - spin_unlock_irqrestore(&rb->event_lock, flags); | ||
| 3022 | + WARN_ON_ONCE(!list_empty(&rb->event_list)); | ||
| 3023 | |||
| 3024 | call_rcu(&rb->rcu_head, rb_free_rcu); | ||
| 3025 | } | ||
| 3026 | @@ -3554,26 +3535,100 @@ static void perf_mmap_open(struct vm_area_struct *vma) | ||
| 3027 | struct perf_event *event = vma->vm_file->private_data; | ||
| 3028 | |||
| 3029 | atomic_inc(&event->mmap_count); | ||
| 3030 | + atomic_inc(&event->rb->mmap_count); | ||
| 3031 | } | ||
| 3032 | |||
| 3033 | +/* | ||
| 3034 | + * A buffer can be mmap()ed multiple times; either directly through the same | ||
| 3035 | + * event, or through other events by use of perf_event_set_output(). | ||
| 3036 | + * | ||
| 3037 | + * In order to undo the VM accounting done by perf_mmap() we need to destroy | ||
| 3038 | + * the buffer here, where we still have a VM context. This means we need | ||
| 3039 | + * to detach all events redirecting to us. | ||
| 3040 | + */ | ||
| 3041 | static void perf_mmap_close(struct vm_area_struct *vma) | ||
| 3042 | { | ||
| 3043 | struct perf_event *event = vma->vm_file->private_data; | ||
| 3044 | |||
| 3045 | - if (atomic_dec_and_mutex_lock(&event->mmap_count, &event->mmap_mutex)) { | ||
| 3046 | - unsigned long size = perf_data_size(event->rb); | ||
| 3047 | - struct user_struct *user = event->mmap_user; | ||
| 3048 | - struct ring_buffer *rb = event->rb; | ||
| 3049 | + struct ring_buffer *rb = event->rb; | ||
| 3050 | + struct user_struct *mmap_user = rb->mmap_user; | ||
| 3051 | + int mmap_locked = rb->mmap_locked; | ||
| 3052 | + unsigned long size = perf_data_size(rb); | ||
| 3053 | + | ||
| 3054 | + atomic_dec(&rb->mmap_count); | ||
| 3055 | + | ||
| 3056 | + if (!atomic_dec_and_mutex_lock(&event->mmap_count, &event->mmap_mutex)) | ||
| 3057 | + return; | ||
| 3058 | |||
| 3059 | - atomic_long_sub((size >> PAGE_SHIFT) + 1, &user->locked_vm); | ||
| 3060 | - vma->vm_mm->pinned_vm -= event->mmap_locked; | ||
| 3061 | - rcu_assign_pointer(event->rb, NULL); | ||
| 3062 | - ring_buffer_detach(event, rb); | ||
| 3063 | + /* Detach current event from the buffer. */ | ||
| 3064 | + rcu_assign_pointer(event->rb, NULL); | ||
| 3065 | + ring_buffer_detach(event, rb); | ||
| 3066 | + mutex_unlock(&event->mmap_mutex); | ||
| 3067 | + | ||
| 3068 | + /* If there's still other mmap()s of this buffer, we're done. */ | ||
| 3069 | + if (atomic_read(&rb->mmap_count)) { | ||
| 3070 | + ring_buffer_put(rb); /* can't be last */ | ||
| 3071 | + return; | ||
| 3072 | + } | ||
| 3073 | + | ||
| 3074 | + /* | ||
| 3075 | + * No other mmap()s, detach from all other events that might redirect | ||
| 3076 | + * into the now unreachable buffer. Somewhat complicated by the | ||
| 3077 | + * fact that rb::event_lock otherwise nests inside mmap_mutex. | ||
| 3078 | + */ | ||
| 3079 | +again: | ||
| 3080 | + rcu_read_lock(); | ||
| 3081 | + list_for_each_entry_rcu(event, &rb->event_list, rb_entry) { | ||
| 3082 | + if (!atomic_long_inc_not_zero(&event->refcount)) { | ||
| 3083 | + /* | ||
| 3084 | + * This event is en-route to free_event() which will | ||
| 3085 | + * detach it and remove it from the list. | ||
| 3086 | + */ | ||
| 3087 | + continue; | ||
| 3088 | + } | ||
| 3089 | + rcu_read_unlock(); | ||
| 3090 | + | ||
| 3091 | + mutex_lock(&event->mmap_mutex); | ||
| 3092 | + /* | ||
| 3093 | + * Check we didn't race with perf_event_set_output() which can | ||
| 3094 | + * swizzle the rb from under us while we were waiting to | ||
| 3095 | + * acquire mmap_mutex. | ||
| 3096 | + * | ||
| 3097 | + * If we find a different rb; ignore this event, a next | ||
| 3098 | + * iteration will no longer find it on the list. We have to | ||
| 3099 | + * still restart the iteration to make sure we're not now | ||
| 3100 | + * iterating the wrong list. | ||
| 3101 | + */ | ||
| 3102 | + if (event->rb == rb) { | ||
| 3103 | + rcu_assign_pointer(event->rb, NULL); | ||
| 3104 | + ring_buffer_detach(event, rb); | ||
| 3105 | + ring_buffer_put(rb); /* can't be last, we still have one */ | ||
| 3106 | + } | ||
| 3107 | mutex_unlock(&event->mmap_mutex); | ||
| 3108 | + put_event(event); | ||
| 3109 | |||
| 3110 | - ring_buffer_put(rb); | ||
| 3111 | - free_uid(user); | ||
| 3112 | + /* | ||
| 3113 | + * Restart the iteration; either we're on the wrong list or | ||
| 3114 | + * destroyed its integrity by doing a deletion. | ||
| 3115 | + */ | ||
| 3116 | + goto again; | ||
| 3117 | } | ||
| 3118 | + rcu_read_unlock(); | ||
| 3119 | + | ||
| 3120 | + /* | ||
| 3121 | + * It could be there's still a few 0-ref events on the list; they'll | ||
| 3122 | + * get cleaned up by free_event() -- they'll also still have their | ||
| 3123 | + * ref on the rb and will free it whenever they are done with it. | ||
| 3124 | + * | ||
| 3125 | + * Aside from that, this buffer is 'fully' detached and unmapped, | ||
| 3126 | + * undo the VM accounting. | ||
| 3127 | + */ | ||
| 3128 | + | ||
| 3129 | + atomic_long_sub((size >> PAGE_SHIFT) + 1, &mmap_user->locked_vm); | ||
| 3130 | + vma->vm_mm->pinned_vm -= mmap_locked; | ||
| 3131 | + free_uid(mmap_user); | ||
| 3132 | + | ||
| 3133 | + ring_buffer_put(rb); /* could be last */ | ||
| 3134 | } | ||
| 3135 | |||
| 3136 | static const struct vm_operations_struct perf_mmap_vmops = { | ||
| 3137 | @@ -3623,12 +3678,24 @@ static int perf_mmap(struct file *file, struct vm_area_struct *vma) | ||
| 3138 | return -EINVAL; | ||
| 3139 | |||
| 3140 | WARN_ON_ONCE(event->ctx->parent_ctx); | ||
| 3141 | +again: | ||
| 3142 | mutex_lock(&event->mmap_mutex); | ||
| 3143 | if (event->rb) { | ||
| 3144 | - if (event->rb->nr_pages == nr_pages) | ||
| 3145 | - atomic_inc(&event->rb->refcount); | ||
| 3146 | - else | ||
| 3147 | + if (event->rb->nr_pages != nr_pages) { | ||
| 3148 | ret = -EINVAL; | ||
| 3149 | + goto unlock; | ||
| 3150 | + } | ||
| 3151 | + | ||
| 3152 | + if (!atomic_inc_not_zero(&event->rb->mmap_count)) { | ||
| 3153 | + /* | ||
| 3154 | + * Raced against perf_mmap_close() through | ||
| 3155 | + * perf_event_set_output(). Try again, hope for better | ||
| 3156 | + * luck. | ||
| 3157 | + */ | ||
| 3158 | + mutex_unlock(&event->mmap_mutex); | ||
| 3159 | + goto again; | ||
| 3160 | + } | ||
| 3161 | + | ||
| 3162 | goto unlock; | ||
| 3163 | } | ||
| 3164 | |||
| 3165 | @@ -3669,12 +3736,16 @@ static int perf_mmap(struct file *file, struct vm_area_struct *vma) | ||
| 3166 | ret = -ENOMEM; | ||
| 3167 | goto unlock; | ||
| 3168 | } | ||
| 3169 | - rcu_assign_pointer(event->rb, rb); | ||
| 3170 | + | ||
| 3171 | + atomic_set(&rb->mmap_count, 1); | ||
| 3172 | + rb->mmap_locked = extra; | ||
| 3173 | + rb->mmap_user = get_current_user(); | ||
| 3174 | |||
| 3175 | atomic_long_add(user_extra, &user->locked_vm); | ||
| 3176 | - event->mmap_locked = extra; | ||
| 3177 | - event->mmap_user = get_current_user(); | ||
| 3178 | - vma->vm_mm->pinned_vm += event->mmap_locked; | ||
| 3179 | + vma->vm_mm->pinned_vm += extra; | ||
| 3180 | + | ||
| 3181 | + ring_buffer_attach(event, rb); | ||
| 3182 | + rcu_assign_pointer(event->rb, rb); | ||
| 3183 | |||
| 3184 | perf_event_update_userpage(event); | ||
| 3185 | |||
| 3186 | @@ -3683,7 +3754,11 @@ unlock: | ||
| 3187 | atomic_inc(&event->mmap_count); | ||
| 3188 | mutex_unlock(&event->mmap_mutex); | ||
| 3189 | |||
| 3190 | - vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; | ||
| 3191 | + /* | ||
| 3192 | + * Since pinned accounting is per vm we cannot allow fork() to copy our | ||
| 3193 | + * vma. | ||
| 3194 | + */ | ||
| 3195 | + vma->vm_flags |= VM_DONTCOPY | VM_DONTEXPAND | VM_DONTDUMP; | ||
| 3196 | vma->vm_ops = &perf_mmap_vmops; | ||
| 3197 | |||
| 3198 | return ret; | ||
| 3199 | @@ -6414,6 +6489,8 @@ set: | ||
| 3200 | if (atomic_read(&event->mmap_count)) | ||
| 3201 | goto unlock; | ||
| 3202 | |||
| 3203 | + old_rb = event->rb; | ||
| 3204 | + | ||
| 3205 | if (output_event) { | ||
| 3206 | /* get the rb we want to redirect to */ | ||
| 3207 | rb = ring_buffer_get(output_event); | ||
| 3208 | @@ -6421,16 +6498,28 @@ set: | ||
| 3209 | goto unlock; | ||
| 3210 | } | ||
| 3211 | |||
| 3212 | - old_rb = event->rb; | ||
| 3213 | - rcu_assign_pointer(event->rb, rb); | ||
| 3214 | if (old_rb) | ||
| 3215 | ring_buffer_detach(event, old_rb); | ||
| 3216 | + | ||
| 3217 | + if (rb) | ||
| 3218 | + ring_buffer_attach(event, rb); | ||
| 3219 | + | ||
| 3220 | + rcu_assign_pointer(event->rb, rb); | ||
| 3221 | + | ||
| 3222 | + if (old_rb) { | ||
| 3223 | + ring_buffer_put(old_rb); | ||
| 3224 | + /* | ||
| 3225 | + * Since we detached before setting the new rb, so that we | ||
| 3226 | + * could attach the new rb, we could have missed a wakeup. | ||
| 3227 | + * Provide it now. | ||
| 3228 | + */ | ||
| 3229 | + wake_up_all(&event->waitq); | ||
| 3230 | + } | ||
| 3231 | + | ||
| 3232 | ret = 0; | ||
| 3233 | unlock: | ||
| 3234 | mutex_unlock(&event->mmap_mutex); | ||
| 3235 | |||
| 3236 | - if (old_rb) | ||
| 3237 | - ring_buffer_put(old_rb); | ||
| 3238 | out: | ||
| 3239 | return ret; | ||
| 3240 | } | ||
| 3241 | diff --git a/kernel/events/internal.h b/kernel/events/internal.h | ||
| 3242 | index eb675c4..ca65997 100644 | ||
| 3243 | --- a/kernel/events/internal.h | ||
| 3244 | +++ b/kernel/events/internal.h | ||
| 3245 | @@ -31,6 +31,10 @@ struct ring_buffer { | ||
| 3246 | spinlock_t event_lock; | ||
| 3247 | struct list_head event_list; | ||
| 3248 | |||
| 3249 | + atomic_t mmap_count; | ||
| 3250 | + unsigned long mmap_locked; | ||
| 3251 | + struct user_struct *mmap_user; | ||
| 3252 | + | ||
| 3253 | struct perf_event_mmap_page *user_page; | ||
| 3254 | void *data_pages[0]; | ||
| 3255 | }; | ||
| 3256 | diff --git a/kernel/range.c b/kernel/range.c | ||
| 3257 | index 98883ed..2185716 100644 | ||
| 3258 | --- a/kernel/range.c | ||
| 3259 | +++ b/kernel/range.c | ||
| 3260 | @@ -4,7 +4,7 @@ | ||
| 3261 | #include <linux/kernel.h> | ||
| 3262 | #include <linux/init.h> | ||
| 3263 | #include <linux/sort.h> | ||
| 3264 | - | ||
| 3265 | +#include <linux/string.h> | ||
| 3266 | #include <linux/range.h> | ||
| 3267 | |||
| 3268 | int add_range(struct range *range, int az, int nr_range, u64 start, u64 end) | ||
| 3269 | @@ -32,9 +32,8 @@ int add_range_with_merge(struct range *range, int az, int nr_range, | ||
| 3270 | if (start >= end) | ||
| 3271 | return nr_range; | ||
| 3272 | |||
| 3273 | - /* Try to merge it with old one: */ | ||
| 3274 | + /* get new start/end: */ | ||
| 3275 | for (i = 0; i < nr_range; i++) { | ||
| 3276 | - u64 final_start, final_end; | ||
| 3277 | u64 common_start, common_end; | ||
| 3278 | |||
| 3279 | if (!range[i].end) | ||
| 3280 | @@ -45,14 +44,16 @@ int add_range_with_merge(struct range *range, int az, int nr_range, | ||
| 3281 | if (common_start > common_end) | ||
| 3282 | continue; | ||
| 3283 | |||
| 3284 | - final_start = min(range[i].start, start); | ||
| 3285 | - final_end = max(range[i].end, end); | ||
| 3286 | + /* new start/end, will add it back at last */ | ||
| 3287 | + start = min(range[i].start, start); | ||
| 3288 | + end = max(range[i].end, end); | ||
| 3289 | |||
| 3290 | - /* clear it and add it back for further merge */ | ||
| 3291 | - range[i].start = 0; | ||
| 3292 | - range[i].end = 0; | ||
| 3293 | - return add_range_with_merge(range, az, nr_range, | ||
| 3294 | - final_start, final_end); | ||
| 3295 | + memmove(&range[i], &range[i + 1], | ||
| 3296 | + (nr_range - (i + 1)) * sizeof(range[i])); | ||
| 3297 | + range[nr_range - 1].start = 0; | ||
| 3298 | + range[nr_range - 1].end = 0; | ||
| 3299 | + nr_range--; | ||
| 3300 | + i--; | ||
| 3301 | } | ||
| 3302 | |||
| 3303 | /* Need to add it: */ | ||
| 3304 | diff --git a/net/802/mrp.c b/net/802/mrp.c | ||
| 3305 | index e085bcc..1eb05d8 100644 | ||
| 3306 | --- a/net/802/mrp.c | ||
| 3307 | +++ b/net/802/mrp.c | ||
| 3308 | @@ -871,10 +871,10 @@ void mrp_uninit_applicant(struct net_device *dev, struct mrp_application *appl) | ||
| 3309 | */ | ||
| 3310 | del_timer_sync(&app->join_timer); | ||
| 3311 | |||
| 3312 | - spin_lock(&app->lock); | ||
| 3313 | + spin_lock_bh(&app->lock); | ||
| 3314 | mrp_mad_event(app, MRP_EVENT_TX); | ||
| 3315 | mrp_pdu_queue(app); | ||
| 3316 | - spin_unlock(&app->lock); | ||
| 3317 | + spin_unlock_bh(&app->lock); | ||
| 3318 | |||
| 3319 | mrp_queue_xmit(app); | ||
| 3320 | |||
| 3321 | diff --git a/net/compat.c b/net/compat.c | ||
| 3322 | index 79ae884..f0a1ba6 100644 | ||
| 3323 | --- a/net/compat.c | ||
| 3324 | +++ b/net/compat.c | ||
| 3325 | @@ -734,19 +734,25 @@ static unsigned char nas[21] = { | ||
| 3326 | |||
| 3327 | asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags) | ||
| 3328 | { | ||
| 3329 | - return sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
| 3330 | + if (flags & MSG_CMSG_COMPAT) | ||
| 3331 | + return -EINVAL; | ||
| 3332 | + return __sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
| 3333 | } | ||
| 3334 | |||
| 3335 | asmlinkage long compat_sys_sendmmsg(int fd, struct compat_mmsghdr __user *mmsg, | ||
| 3336 | unsigned int vlen, unsigned int flags) | ||
| 3337 | { | ||
| 3338 | + if (flags & MSG_CMSG_COMPAT) | ||
| 3339 | + return -EINVAL; | ||
| 3340 | return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, | ||
| 3341 | flags | MSG_CMSG_COMPAT); | ||
| 3342 | } | ||
| 3343 | |||
| 3344 | asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags) | ||
| 3345 | { | ||
| 3346 | - return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
| 3347 | + if (flags & MSG_CMSG_COMPAT) | ||
| 3348 | + return -EINVAL; | ||
| 3349 | + return __sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
| 3350 | } | ||
| 3351 | |||
| 3352 | asmlinkage long compat_sys_recv(int fd, void __user *buf, size_t len, unsigned int flags) | ||
| 3353 | @@ -768,6 +774,9 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, | ||
| 3354 | int datagrams; | ||
| 3355 | struct timespec ktspec; | ||
| 3356 | |||
| 3357 | + if (flags & MSG_CMSG_COMPAT) | ||
| 3358 | + return -EINVAL; | ||
| 3359 | + | ||
| 3360 | if (COMPAT_USE_64BIT_TIME) | ||
| 3361 | return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, | ||
| 3362 | flags | MSG_CMSG_COMPAT, | ||
| 3363 | diff --git a/net/core/dev.c b/net/core/dev.c | ||
| 3364 | index 9a278e9..c9eb9e6 100644 | ||
| 3365 | --- a/net/core/dev.c | ||
| 3366 | +++ b/net/core/dev.c | ||
| 3367 | @@ -2592,6 +2592,7 @@ static void qdisc_pkt_len_init(struct sk_buff *skb) | ||
| 3368 | */ | ||
| 3369 | if (shinfo->gso_size) { | ||
| 3370 | unsigned int hdr_len; | ||
| 3371 | + u16 gso_segs = shinfo->gso_segs; | ||
| 3372 | |||
| 3373 | /* mac layer + network layer */ | ||
| 3374 | hdr_len = skb_transport_header(skb) - skb_mac_header(skb); | ||
| 3375 | @@ -2601,7 +2602,12 @@ static void qdisc_pkt_len_init(struct sk_buff *skb) | ||
| 3376 | hdr_len += tcp_hdrlen(skb); | ||
| 3377 | else | ||
| 3378 | hdr_len += sizeof(struct udphdr); | ||
| 3379 | - qdisc_skb_cb(skb)->pkt_len += (shinfo->gso_segs - 1) * hdr_len; | ||
| 3380 | + | ||
| 3381 | + if (shinfo->gso_type & SKB_GSO_DODGY) | ||
| 3382 | + gso_segs = DIV_ROUND_UP(skb->len - hdr_len, | ||
| 3383 | + shinfo->gso_size); | ||
| 3384 | + | ||
| 3385 | + qdisc_skb_cb(skb)->pkt_len += (gso_segs - 1) * hdr_len; | ||
| 3386 | } | ||
| 3387 | } | ||
| 3388 | |||
| 3389 | diff --git a/net/core/sock.c b/net/core/sock.c | ||
| 3390 | index 1432266..684c37d 100644 | ||
| 3391 | --- a/net/core/sock.c | ||
| 3392 | +++ b/net/core/sock.c | ||
| 3393 | @@ -210,7 +210,7 @@ static const char *const af_family_key_strings[AF_MAX+1] = { | ||
| 3394 | "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" , | ||
| 3395 | "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" , | ||
| 3396 | "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" , | ||
| 3397 | - "sk_lock-AF_NFC" , "sk_lock-AF_MAX" | ||
| 3398 | + "sk_lock-AF_NFC" , "sk_lock-AF_VSOCK" , "sk_lock-AF_MAX" | ||
| 3399 | }; | ||
| 3400 | static const char *const af_family_slock_key_strings[AF_MAX+1] = { | ||
| 3401 | "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" , | ||
| 3402 | @@ -226,7 +226,7 @@ static const char *const af_family_slock_key_strings[AF_MAX+1] = { | ||
| 3403 | "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" , | ||
| 3404 | "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" , | ||
| 3405 | "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" , | ||
| 3406 | - "slock-AF_NFC" , "slock-AF_MAX" | ||
| 3407 | + "slock-AF_NFC" , "slock-AF_VSOCK" ,"slock-AF_MAX" | ||
| 3408 | }; | ||
| 3409 | static const char *const af_family_clock_key_strings[AF_MAX+1] = { | ||
| 3410 | "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" , | ||
| 3411 | @@ -242,7 +242,7 @@ static const char *const af_family_clock_key_strings[AF_MAX+1] = { | ||
| 3412 | "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" , | ||
| 3413 | "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" , | ||
| 3414 | "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" , | ||
| 3415 | - "clock-AF_NFC" , "clock-AF_MAX" | ||
| 3416 | + "clock-AF_NFC" , "clock-AF_VSOCK" , "clock-AF_MAX" | ||
| 3417 | }; | ||
| 3418 | |||
| 3419 | /* | ||
| 3420 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c | ||
| 3421 | index 91d66db..c7e8c04 100644 | ||
| 3422 | --- a/net/ipv4/ip_gre.c | ||
| 3423 | +++ b/net/ipv4/ip_gre.c | ||
| 3424 | @@ -804,6 +804,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev | ||
| 3425 | tiph = &tunnel->parms.iph; | ||
| 3426 | } | ||
| 3427 | |||
| 3428 | + memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | ||
| 3429 | if ((dst = tiph->daddr) == 0) { | ||
| 3430 | /* NBMA tunnel */ | ||
| 3431 | |||
| 3432 | @@ -952,7 +953,6 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev | ||
| 3433 | skb_push(skb, gre_hlen); | ||
| 3434 | skb_reset_network_header(skb); | ||
| 3435 | skb_set_transport_header(skb, sizeof(*iph)); | ||
| 3436 | - memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | ||
| 3437 | IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | | ||
| 3438 | IPSKB_REROUTED); | ||
| 3439 | skb_dst_drop(skb); | ||
| 3440 | diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c | ||
| 3441 | index 8f024d4..7533846 100644 | ||
| 3442 | --- a/net/ipv4/ipip.c | ||
| 3443 | +++ b/net/ipv4/ipip.c | ||
| 3444 | @@ -491,6 +491,7 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) | ||
| 3445 | if (tos & 1) | ||
| 3446 | tos = old_iph->tos; | ||
| 3447 | |||
| 3448 | + memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | ||
| 3449 | if (!dst) { | ||
| 3450 | /* NBMA tunnel */ | ||
| 3451 | if ((rt = skb_rtable(skb)) == NULL) { | ||
| 3452 | @@ -573,7 +574,6 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) | ||
| 3453 | skb->transport_header = skb->network_header; | ||
| 3454 | skb_push(skb, sizeof(struct iphdr)); | ||
| 3455 | skb_reset_network_header(skb); | ||
| 3456 | - memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | ||
| 3457 | IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | | ||
| 3458 | IPSKB_REROUTED); | ||
| 3459 | skb_dst_drop(skb); | ||
| 3460 | diff --git a/net/ipv4/route.c b/net/ipv4/route.c | ||
| 3461 | index 6e28514..cfede9a 100644 | ||
| 3462 | --- a/net/ipv4/route.c | ||
| 3463 | +++ b/net/ipv4/route.c | ||
| 3464 | @@ -737,10 +737,15 @@ static void ip_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buf | ||
| 3465 | { | ||
| 3466 | struct rtable *rt; | ||
| 3467 | struct flowi4 fl4; | ||
| 3468 | + const struct iphdr *iph = (const struct iphdr *) skb->data; | ||
| 3469 | + int oif = skb->dev->ifindex; | ||
| 3470 | + u8 tos = RT_TOS(iph->tos); | ||
| 3471 | + u8 prot = iph->protocol; | ||
| 3472 | + u32 mark = skb->mark; | ||
| 3473 | |||
| 3474 | rt = (struct rtable *) dst; | ||
| 3475 | |||
| 3476 | - ip_rt_build_flow_key(&fl4, sk, skb); | ||
| 3477 | + __build_flow_key(&fl4, sk, iph, oif, tos, prot, mark, 0); | ||
| 3478 | __ip_do_redirect(rt, skb, &fl4, true); | ||
| 3479 | } | ||
| 3480 | |||
| 3481 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c | ||
| 3482 | index e220207..cdeb839 100644 | ||
| 3483 | --- a/net/ipv4/tcp.c | ||
| 3484 | +++ b/net/ipv4/tcp.c | ||
| 3485 | @@ -3383,8 +3383,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp, | ||
| 3486 | |||
| 3487 | for (i = 0; i < shi->nr_frags; ++i) { | ||
| 3488 | const struct skb_frag_struct *f = &shi->frags[i]; | ||
| 3489 | - struct page *page = skb_frag_page(f); | ||
| 3490 | - sg_set_page(&sg, page, skb_frag_size(f), f->page_offset); | ||
| 3491 | + unsigned int offset = f->page_offset; | ||
| 3492 | + struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT); | ||
| 3493 | + | ||
| 3494 | + sg_set_page(&sg, page, skb_frag_size(f), | ||
| 3495 | + offset_in_page(offset)); | ||
| 3496 | if (crypto_hash_update(desc, &sg, skb_frag_size(f))) | ||
| 3497 | return 1; | ||
| 3498 | } | ||
| 3499 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c | ||
| 3500 | index 13b9c08..59163c8 100644 | ||
| 3501 | --- a/net/ipv4/tcp_input.c | ||
| 3502 | +++ b/net/ipv4/tcp_input.c | ||
| 3503 | @@ -2885,8 +2885,8 @@ static void tcp_enter_recovery(struct sock *sk, bool ece_ack) | ||
| 3504 | * tcp_xmit_retransmit_queue(). | ||
| 3505 | */ | ||
| 3506 | static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, | ||
| 3507 | - int prior_sacked, bool is_dupack, | ||
| 3508 | - int flag) | ||
| 3509 | + int prior_sacked, int prior_packets, | ||
| 3510 | + bool is_dupack, int flag) | ||
| 3511 | { | ||
| 3512 | struct inet_connection_sock *icsk = inet_csk(sk); | ||
| 3513 | struct tcp_sock *tp = tcp_sk(sk); | ||
| 3514 | @@ -2952,7 +2952,8 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, | ||
| 3515 | tcp_add_reno_sack(sk); | ||
| 3516 | } else | ||
| 3517 | do_lost = tcp_try_undo_partial(sk, pkts_acked); | ||
| 3518 | - newly_acked_sacked = pkts_acked + tp->sacked_out - prior_sacked; | ||
| 3519 | + newly_acked_sacked = prior_packets - tp->packets_out + | ||
| 3520 | + tp->sacked_out - prior_sacked; | ||
| 3521 | break; | ||
| 3522 | case TCP_CA_Loss: | ||
| 3523 | if (flag & FLAG_DATA_ACKED) | ||
| 3524 | @@ -2974,7 +2975,8 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked, | ||
| 3525 | if (is_dupack) | ||
| 3526 | tcp_add_reno_sack(sk); | ||
| 3527 | } | ||
| 3528 | - newly_acked_sacked = pkts_acked + tp->sacked_out - prior_sacked; | ||
| 3529 | + newly_acked_sacked = prior_packets - tp->packets_out + | ||
| 3530 | + tp->sacked_out - prior_sacked; | ||
| 3531 | |||
| 3532 | if (icsk->icsk_ca_state <= TCP_CA_Disorder) | ||
| 3533 | tcp_try_undo_dsack(sk); | ||
| 3534 | @@ -3597,9 +3599,10 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) | ||
| 3535 | bool is_dupack = false; | ||
| 3536 | u32 prior_in_flight; | ||
| 3537 | u32 prior_fackets; | ||
| 3538 | - int prior_packets; | ||
| 3539 | + int prior_packets = tp->packets_out; | ||
| 3540 | int prior_sacked = tp->sacked_out; | ||
| 3541 | int pkts_acked = 0; | ||
| 3542 | + int previous_packets_out = 0; | ||
| 3543 | bool frto_cwnd = false; | ||
| 3544 | |||
| 3545 | /* If the ack is older than previous acks | ||
| 3546 | @@ -3670,14 +3673,14 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) | ||
| 3547 | sk->sk_err_soft = 0; | ||
| 3548 | icsk->icsk_probes_out = 0; | ||
| 3549 | tp->rcv_tstamp = tcp_time_stamp; | ||
| 3550 | - prior_packets = tp->packets_out; | ||
| 3551 | if (!prior_packets) | ||
| 3552 | goto no_queue; | ||
| 3553 | |||
| 3554 | /* See if we can take anything off of the retransmit queue. */ | ||
| 3555 | + previous_packets_out = tp->packets_out; | ||
| 3556 | flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una); | ||
| 3557 | |||
| 3558 | - pkts_acked = prior_packets - tp->packets_out; | ||
| 3559 | + pkts_acked = previous_packets_out - tp->packets_out; | ||
| 3560 | |||
| 3561 | if (tp->frto_counter) | ||
| 3562 | frto_cwnd = tcp_process_frto(sk, flag); | ||
| 3563 | @@ -3692,7 +3695,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) | ||
| 3564 | tcp_cong_avoid(sk, ack, prior_in_flight); | ||
| 3565 | is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP)); | ||
| 3566 | tcp_fastretrans_alert(sk, pkts_acked, prior_sacked, | ||
| 3567 | - is_dupack, flag); | ||
| 3568 | + prior_packets, is_dupack, flag); | ||
| 3569 | } else { | ||
| 3570 | if ((flag & FLAG_DATA_ACKED) && !frto_cwnd) | ||
| 3571 | tcp_cong_avoid(sk, ack, prior_in_flight); | ||
| 3572 | @@ -3709,7 +3712,7 @@ no_queue: | ||
| 3573 | /* If data was DSACKed, see if we can undo a cwnd reduction. */ | ||
| 3574 | if (flag & FLAG_DSACKING_ACK) | ||
| 3575 | tcp_fastretrans_alert(sk, pkts_acked, prior_sacked, | ||
| 3576 | - is_dupack, flag); | ||
| 3577 | + prior_packets, is_dupack, flag); | ||
| 3578 | /* If this ack opens up a zero window, clear backoff. It was | ||
| 3579 | * being used to time the probes, and is probably far higher than | ||
| 3580 | * it needs to be for normal retransmission. | ||
| 3581 | @@ -3729,7 +3732,7 @@ old_ack: | ||
| 3582 | if (TCP_SKB_CB(skb)->sacked) { | ||
| 3583 | flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una); | ||
| 3584 | tcp_fastretrans_alert(sk, pkts_acked, prior_sacked, | ||
| 3585 | - is_dupack, flag); | ||
| 3586 | + prior_packets, is_dupack, flag); | ||
| 3587 | } | ||
| 3588 | |||
| 3589 | SOCK_DEBUG(sk, "Ack %u before %u:%u\n", ack, tp->snd_una, tp->snd_nxt); | ||
| 3590 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c | ||
| 3591 | index 509912a..84559e9 100644 | ||
| 3592 | --- a/net/ipv4/tcp_output.c | ||
| 3593 | +++ b/net/ipv4/tcp_output.c | ||
| 3594 | @@ -1032,11 +1032,13 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, | ||
| 3595 | &md5); | ||
| 3596 | tcp_header_size = tcp_options_size + sizeof(struct tcphdr); | ||
| 3597 | |||
| 3598 | - if (tcp_packets_in_flight(tp) == 0) { | ||
| 3599 | + if (tcp_packets_in_flight(tp) == 0) | ||
| 3600 | tcp_ca_event(sk, CA_EVENT_TX_START); | ||
| 3601 | - skb->ooo_okay = 1; | ||
| 3602 | - } else | ||
| 3603 | - skb->ooo_okay = 0; | ||
| 3604 | + | ||
| 3605 | + /* if no packet is in qdisc/device queue, then allow XPS to select | ||
| 3606 | + * another queue. | ||
| 3607 | + */ | ||
| 3608 | + skb->ooo_okay = sk_wmem_alloc_get(sk) == 0; | ||
| 3609 | |||
| 3610 | skb_push(skb, tcp_header_size); | ||
| 3611 | skb_reset_transport_header(skb); | ||
| 3612 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c | ||
| 3613 | index dae802c..50a4c7c 100644 | ||
| 3614 | --- a/net/ipv6/addrconf.c | ||
| 3615 | +++ b/net/ipv6/addrconf.c | ||
| 3616 | @@ -2560,8 +2560,10 @@ static void init_loopback(struct net_device *dev) | ||
| 3617 | sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0); | ||
| 3618 | |||
| 3619 | /* Failure cases are ignored */ | ||
| 3620 | - if (!IS_ERR(sp_rt)) | ||
| 3621 | + if (!IS_ERR(sp_rt)) { | ||
| 3622 | + sp_ifa->rt = sp_rt; | ||
| 3623 | ip6_ins_rt(sp_rt); | ||
| 3624 | + } | ||
| 3625 | } | ||
| 3626 | read_unlock_bh(&idev->lock); | ||
| 3627 | } | ||
| 3628 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c | ||
| 3629 | index 155eccf..851fdae 100644 | ||
| 3630 | --- a/net/ipv6/ip6_output.c | ||
| 3631 | +++ b/net/ipv6/ip6_output.c | ||
| 3632 | @@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, | ||
| 3633 | if (WARN_ON(np->cork.opt)) | ||
| 3634 | return -EINVAL; | ||
| 3635 | |||
| 3636 | - np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); | ||
| 3637 | + np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); | ||
| 3638 | if (unlikely(np->cork.opt == NULL)) | ||
| 3639 | return -ENOBUFS; | ||
| 3640 | |||
| 3641 | diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c | ||
| 3642 | index cf05cf0..0da1bd2 100644 | ||
| 3643 | --- a/net/ipv6/udp_offload.c | ||
| 3644 | +++ b/net/ipv6/udp_offload.c | ||
| 3645 | @@ -42,11 +42,12 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, | ||
| 3646 | unsigned int mss; | ||
| 3647 | unsigned int unfrag_ip6hlen, unfrag_len; | ||
| 3648 | struct frag_hdr *fptr; | ||
| 3649 | - u8 *mac_start, *prevhdr; | ||
| 3650 | + u8 *packet_start, *prevhdr; | ||
| 3651 | u8 nexthdr; | ||
| 3652 | u8 frag_hdr_sz = sizeof(struct frag_hdr); | ||
| 3653 | int offset; | ||
| 3654 | __wsum csum; | ||
| 3655 | + int tnl_hlen; | ||
| 3656 | |||
| 3657 | mss = skb_shinfo(skb)->gso_size; | ||
| 3658 | if (unlikely(skb->len <= mss)) | ||
| 3659 | @@ -77,9 +78,11 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, | ||
| 3660 | skb->ip_summed = CHECKSUM_NONE; | ||
| 3661 | |||
| 3662 | /* Check if there is enough headroom to insert fragment header. */ | ||
| 3663 | - if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) && | ||
| 3664 | - pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) | ||
| 3665 | - goto out; | ||
| 3666 | + tnl_hlen = skb_tnl_header_len(skb); | ||
| 3667 | + if (skb_headroom(skb) < (tnl_hlen + frag_hdr_sz)) { | ||
| 3668 | + if (gso_pskb_expand_head(skb, tnl_hlen + frag_hdr_sz)) | ||
| 3669 | + goto out; | ||
| 3670 | + } | ||
| 3671 | |||
| 3672 | /* Find the unfragmentable header and shift it left by frag_hdr_sz | ||
| 3673 | * bytes to insert fragment header. | ||
| 3674 | @@ -87,11 +90,12 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, | ||
| 3675 | unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); | ||
| 3676 | nexthdr = *prevhdr; | ||
| 3677 | *prevhdr = NEXTHDR_FRAGMENT; | ||
| 3678 | - unfrag_len = skb_network_header(skb) - skb_mac_header(skb) + | ||
| 3679 | - unfrag_ip6hlen; | ||
| 3680 | - mac_start = skb_mac_header(skb); | ||
| 3681 | - memmove(mac_start-frag_hdr_sz, mac_start, unfrag_len); | ||
| 3682 | + unfrag_len = (skb_network_header(skb) - skb_mac_header(skb)) + | ||
| 3683 | + unfrag_ip6hlen + tnl_hlen; | ||
| 3684 | + packet_start = (u8 *) skb->head + SKB_GSO_CB(skb)->mac_offset; | ||
| 3685 | + memmove(packet_start-frag_hdr_sz, packet_start, unfrag_len); | ||
| 3686 | |||
| 3687 | + SKB_GSO_CB(skb)->mac_offset -= frag_hdr_sz; | ||
| 3688 | skb->mac_header -= frag_hdr_sz; | ||
| 3689 | skb->network_header -= frag_hdr_sz; | ||
| 3690 | |||
| 3691 | diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c | ||
| 3692 | index 637a341..8dec687 100644 | ||
| 3693 | --- a/net/l2tp/l2tp_ppp.c | ||
| 3694 | +++ b/net/l2tp/l2tp_ppp.c | ||
| 3695 | @@ -346,19 +346,19 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh | ||
| 3696 | skb_put(skb, 2); | ||
| 3697 | |||
| 3698 | /* Copy user data into skb */ | ||
| 3699 | - error = memcpy_fromiovec(skb->data, m->msg_iov, total_len); | ||
| 3700 | + error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov, | ||
| 3701 | + total_len); | ||
| 3702 | if (error < 0) { | ||
| 3703 | kfree_skb(skb); | ||
| 3704 | goto error_put_sess_tun; | ||
| 3705 | } | ||
| 3706 | - skb_put(skb, total_len); | ||
| 3707 | |||
| 3708 | l2tp_xmit_skb(session, skb, session->hdr_len); | ||
| 3709 | |||
| 3710 | sock_put(ps->tunnel_sock); | ||
| 3711 | sock_put(sk); | ||
| 3712 | |||
| 3713 | - return error; | ||
| 3714 | + return total_len; | ||
| 3715 | |||
| 3716 | error_put_sess_tun: | ||
| 3717 | sock_put(ps->tunnel_sock); | ||
| 3718 | diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c | ||
| 3719 | index d8d4243..6bb1d42 100644 | ||
| 3720 | --- a/net/netlabel/netlabel_domainhash.c | ||
| 3721 | +++ b/net/netlabel/netlabel_domainhash.c | ||
| 3722 | @@ -245,6 +245,71 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, | ||
| 3723 | } | ||
| 3724 | } | ||
| 3725 | |||
| 3726 | +/** | ||
| 3727 | + * netlbl_domhsh_validate - Validate a new domain mapping entry | ||
| 3728 | + * @entry: the entry to validate | ||
| 3729 | + * | ||
| 3730 | + * This function validates the new domain mapping entry to ensure that it is | ||
| 3731 | + * a valid entry. Returns zero on success, negative values on failure. | ||
| 3732 | + * | ||
| 3733 | + */ | ||
| 3734 | +static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry) | ||
| 3735 | +{ | ||
| 3736 | + struct netlbl_af4list *iter4; | ||
| 3737 | + struct netlbl_domaddr4_map *map4; | ||
| 3738 | +#if IS_ENABLED(CONFIG_IPV6) | ||
| 3739 | + struct netlbl_af6list *iter6; | ||
| 3740 | + struct netlbl_domaddr6_map *map6; | ||
| 3741 | +#endif /* IPv6 */ | ||
| 3742 | + | ||
| 3743 | + if (entry == NULL) | ||
| 3744 | + return -EINVAL; | ||
| 3745 | + | ||
| 3746 | + switch (entry->type) { | ||
| 3747 | + case NETLBL_NLTYPE_UNLABELED: | ||
| 3748 | + if (entry->type_def.cipsov4 != NULL || | ||
| 3749 | + entry->type_def.addrsel != NULL) | ||
| 3750 | + return -EINVAL; | ||
| 3751 | + break; | ||
| 3752 | + case NETLBL_NLTYPE_CIPSOV4: | ||
| 3753 | + if (entry->type_def.cipsov4 == NULL) | ||
| 3754 | + return -EINVAL; | ||
| 3755 | + break; | ||
| 3756 | + case NETLBL_NLTYPE_ADDRSELECT: | ||
| 3757 | + netlbl_af4list_foreach(iter4, &entry->type_def.addrsel->list4) { | ||
| 3758 | + map4 = netlbl_domhsh_addr4_entry(iter4); | ||
| 3759 | + switch (map4->type) { | ||
| 3760 | + case NETLBL_NLTYPE_UNLABELED: | ||
| 3761 | + if (map4->type_def.cipsov4 != NULL) | ||
| 3762 | + return -EINVAL; | ||
| 3763 | + break; | ||
| 3764 | + case NETLBL_NLTYPE_CIPSOV4: | ||
| 3765 | + if (map4->type_def.cipsov4 == NULL) | ||
| 3766 | + return -EINVAL; | ||
| 3767 | + break; | ||
| 3768 | + default: | ||
| 3769 | + return -EINVAL; | ||
| 3770 | + } | ||
| 3771 | + } | ||
| 3772 | +#if IS_ENABLED(CONFIG_IPV6) | ||
| 3773 | + netlbl_af6list_foreach(iter6, &entry->type_def.addrsel->list6) { | ||
| 3774 | + map6 = netlbl_domhsh_addr6_entry(iter6); | ||
| 3775 | + switch (map6->type) { | ||
| 3776 | + case NETLBL_NLTYPE_UNLABELED: | ||
| 3777 | + break; | ||
| 3778 | + default: | ||
| 3779 | + return -EINVAL; | ||
| 3780 | + } | ||
| 3781 | + } | ||
| 3782 | +#endif /* IPv6 */ | ||
| 3783 | + break; | ||
| 3784 | + default: | ||
| 3785 | + return -EINVAL; | ||
| 3786 | + } | ||
| 3787 | + | ||
| 3788 | + return 0; | ||
| 3789 | +} | ||
| 3790 | + | ||
| 3791 | /* | ||
| 3792 | * Domain Hash Table Functions | ||
| 3793 | */ | ||
| 3794 | @@ -311,6 +376,10 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, | ||
| 3795 | struct netlbl_af6list *tmp6; | ||
| 3796 | #endif /* IPv6 */ | ||
| 3797 | |||
| 3798 | + ret_val = netlbl_domhsh_validate(entry); | ||
| 3799 | + if (ret_val != 0) | ||
| 3800 | + return ret_val; | ||
| 3801 | + | ||
| 3802 | /* XXX - we can remove this RCU read lock as the spinlock protects the | ||
| 3803 | * entire function, but before we do we need to fixup the | ||
| 3804 | * netlbl_af[4,6]list RCU functions to do "the right thing" with | ||
| 3805 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c | ||
| 3806 | index f83e172..e50f72a 100644 | ||
| 3807 | --- a/net/packet/af_packet.c | ||
| 3808 | +++ b/net/packet/af_packet.c | ||
| 3809 | @@ -88,6 +88,7 @@ | ||
| 3810 | #include <linux/virtio_net.h> | ||
| 3811 | #include <linux/errqueue.h> | ||
| 3812 | #include <linux/net_tstamp.h> | ||
| 3813 | +#include <net/flow_keys.h> | ||
| 3814 | |||
| 3815 | #ifdef CONFIG_INET | ||
| 3816 | #include <net/inet_common.h> | ||
| 3817 | @@ -1343,6 +1344,7 @@ static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock, | ||
| 3818 | __be16 proto = 0; | ||
| 3819 | int err; | ||
| 3820 | int extra_len = 0; | ||
| 3821 | + struct flow_keys keys; | ||
| 3822 | |||
| 3823 | /* | ||
| 3824 | * Get and verify the address. | ||
| 3825 | @@ -1443,6 +1445,11 @@ retry: | ||
| 3826 | if (unlikely(extra_len == 4)) | ||
| 3827 | skb->no_fcs = 1; | ||
| 3828 | |||
| 3829 | + if (skb_flow_dissect(skb, &keys)) | ||
| 3830 | + skb_set_transport_header(skb, keys.thoff); | ||
| 3831 | + else | ||
| 3832 | + skb_reset_transport_header(skb); | ||
| 3833 | + | ||
| 3834 | dev_queue_xmit(skb); | ||
| 3835 | rcu_read_unlock(); | ||
| 3836 | return len; | ||
| 3837 | @@ -1849,6 +1856,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, | ||
| 3838 | struct page *page; | ||
| 3839 | void *data; | ||
| 3840 | int err; | ||
| 3841 | + struct flow_keys keys; | ||
| 3842 | |||
| 3843 | ph.raw = frame; | ||
| 3844 | |||
| 3845 | @@ -1874,6 +1882,11 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, | ||
| 3846 | skb_reserve(skb, hlen); | ||
| 3847 | skb_reset_network_header(skb); | ||
| 3848 | |||
| 3849 | + if (skb_flow_dissect(skb, &keys)) | ||
| 3850 | + skb_set_transport_header(skb, keys.thoff); | ||
| 3851 | + else | ||
| 3852 | + skb_reset_transport_header(skb); | ||
| 3853 | + | ||
| 3854 | if (po->tp_tx_has_off) { | ||
| 3855 | int off_min, off_max, off; | ||
| 3856 | off_min = po->tp_hdrlen - sizeof(struct sockaddr_ll); | ||
| 3857 | @@ -2130,6 +2143,7 @@ static int packet_snd(struct socket *sock, | ||
| 3858 | unsigned short gso_type = 0; | ||
| 3859 | int hlen, tlen; | ||
| 3860 | int extra_len = 0; | ||
| 3861 | + struct flow_keys keys; | ||
| 3862 | |||
| 3863 | /* | ||
| 3864 | * Get and verify the address. | ||
| 3865 | @@ -2282,6 +2296,13 @@ static int packet_snd(struct socket *sock, | ||
| 3866 | len += vnet_hdr_len; | ||
| 3867 | } | ||
| 3868 | |||
| 3869 | + if (skb->ip_summed == CHECKSUM_PARTIAL) | ||
| 3870 | + skb_set_transport_header(skb, skb_checksum_start_offset(skb)); | ||
| 3871 | + else if (skb_flow_dissect(skb, &keys)) | ||
| 3872 | + skb_set_transport_header(skb, keys.thoff); | ||
| 3873 | + else | ||
| 3874 | + skb_set_transport_header(skb, reserve); | ||
| 3875 | + | ||
| 3876 | if (unlikely(extra_len == 4)) | ||
| 3877 | skb->no_fcs = 1; | ||
| 3878 | |||
| 3879 | @@ -2769,12 +2790,11 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, | ||
| 3880 | return -EOPNOTSUPP; | ||
| 3881 | |||
| 3882 | uaddr->sa_family = AF_PACKET; | ||
| 3883 | + memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data)); | ||
| 3884 | rcu_read_lock(); | ||
| 3885 | dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex); | ||
| 3886 | if (dev) | ||
| 3887 | - strncpy(uaddr->sa_data, dev->name, 14); | ||
| 3888 | - else | ||
| 3889 | - memset(uaddr->sa_data, 0, 14); | ||
| 3890 | + strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data)); | ||
| 3891 | rcu_read_unlock(); | ||
| 3892 | *uaddr_len = sizeof(*uaddr); | ||
| 3893 | |||
| 3894 | diff --git a/net/sched/act_police.c b/net/sched/act_police.c | ||
| 3895 | index 823463a..189e3c5 100644 | ||
| 3896 | --- a/net/sched/act_police.c | ||
| 3897 | +++ b/net/sched/act_police.c | ||
| 3898 | @@ -231,14 +231,14 @@ override: | ||
| 3899 | } | ||
| 3900 | if (R_tab) { | ||
| 3901 | police->rate_present = true; | ||
| 3902 | - psched_ratecfg_precompute(&police->rate, R_tab->rate.rate); | ||
| 3903 | + psched_ratecfg_precompute(&police->rate, &R_tab->rate); | ||
| 3904 | qdisc_put_rtab(R_tab); | ||
| 3905 | } else { | ||
| 3906 | police->rate_present = false; | ||
| 3907 | } | ||
| 3908 | if (P_tab) { | ||
| 3909 | police->peak_present = true; | ||
| 3910 | - psched_ratecfg_precompute(&police->peak, P_tab->rate.rate); | ||
| 3911 | + psched_ratecfg_precompute(&police->peak, &P_tab->rate); | ||
| 3912 | qdisc_put_rtab(P_tab); | ||
| 3913 | } else { | ||
| 3914 | police->peak_present = false; | ||
| 3915 | @@ -376,9 +376,9 @@ tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) | ||
| 3916 | }; | ||
| 3917 | |||
| 3918 | if (police->rate_present) | ||
| 3919 | - opt.rate.rate = psched_ratecfg_getrate(&police->rate); | ||
| 3920 | + psched_ratecfg_getrate(&opt.rate, &police->rate); | ||
| 3921 | if (police->peak_present) | ||
| 3922 | - opt.peakrate.rate = psched_ratecfg_getrate(&police->peak); | ||
| 3923 | + psched_ratecfg_getrate(&opt.peakrate, &police->peak); | ||
| 3924 | if (nla_put(skb, TCA_POLICE_TBF, sizeof(opt), &opt)) | ||
| 3925 | goto nla_put_failure; | ||
| 3926 | if (police->tcfp_result && | ||
| 3927 | diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c | ||
| 3928 | index eac7e0e..2022408 100644 | ||
| 3929 | --- a/net/sched/sch_generic.c | ||
| 3930 | +++ b/net/sched/sch_generic.c | ||
| 3931 | @@ -898,14 +898,16 @@ void dev_shutdown(struct net_device *dev) | ||
| 3932 | WARN_ON(timer_pending(&dev->watchdog_timer)); | ||
| 3933 | } | ||
| 3934 | |||
| 3935 | -void psched_ratecfg_precompute(struct psched_ratecfg *r, u32 rate) | ||
| 3936 | +void psched_ratecfg_precompute(struct psched_ratecfg *r, | ||
| 3937 | + const struct tc_ratespec *conf) | ||
| 3938 | { | ||
| 3939 | u64 factor; | ||
| 3940 | u64 mult; | ||
| 3941 | int shift; | ||
| 3942 | |||
| 3943 | - r->rate_bps = (u64)rate << 3; | ||
| 3944 | - r->shift = 0; | ||
| 3945 | + memset(r, 0, sizeof(*r)); | ||
| 3946 | + r->overhead = conf->overhead; | ||
| 3947 | + r->rate_bps = (u64)conf->rate << 3; | ||
| 3948 | r->mult = 1; | ||
| 3949 | /* | ||
| 3950 | * Calibrate mult, shift so that token counting is accurate | ||
| 3951 | diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c | ||
| 3952 | index 571f1d2..bf2063b 100644 | ||
| 3953 | --- a/net/sched/sch_htb.c | ||
| 3954 | +++ b/net/sched/sch_htb.c | ||
| 3955 | @@ -109,7 +109,7 @@ struct htb_class { | ||
| 3956 | } un; | ||
| 3957 | struct rb_node node[TC_HTB_NUMPRIO]; /* node for self or feed tree */ | ||
| 3958 | struct rb_node pq_node; /* node for event queue */ | ||
| 3959 | - psched_time_t pq_key; | ||
| 3960 | + s64 pq_key; | ||
| 3961 | |||
| 3962 | int prio_activity; /* for which prios are we active */ | ||
| 3963 | enum htb_cmode cmode; /* current mode of the class */ | ||
| 3964 | @@ -121,10 +121,10 @@ struct htb_class { | ||
| 3965 | /* token bucket parameters */ | ||
| 3966 | struct psched_ratecfg rate; | ||
| 3967 | struct psched_ratecfg ceil; | ||
| 3968 | - s64 buffer, cbuffer; /* token bucket depth/rate */ | ||
| 3969 | - psched_tdiff_t mbuffer; /* max wait time */ | ||
| 3970 | - s64 tokens, ctokens; /* current number of tokens */ | ||
| 3971 | - psched_time_t t_c; /* checkpoint time */ | ||
| 3972 | + s64 buffer, cbuffer; /* token bucket depth/rate */ | ||
| 3973 | + s64 mbuffer; /* max wait time */ | ||
| 3974 | + s64 tokens, ctokens; /* current number of tokens */ | ||
| 3975 | + s64 t_c; /* checkpoint time */ | ||
| 3976 | }; | ||
| 3977 | |||
| 3978 | struct htb_sched { | ||
| 3979 | @@ -141,15 +141,15 @@ struct htb_sched { | ||
| 3980 | struct rb_root wait_pq[TC_HTB_MAXDEPTH]; | ||
| 3981 | |||
| 3982 | /* time of nearest event per level (row) */ | ||
| 3983 | - psched_time_t near_ev_cache[TC_HTB_MAXDEPTH]; | ||
| 3984 | + s64 near_ev_cache[TC_HTB_MAXDEPTH]; | ||
| 3985 | |||
| 3986 | int defcls; /* class where unclassified flows go to */ | ||
| 3987 | |||
| 3988 | /* filters for qdisc itself */ | ||
| 3989 | struct tcf_proto *filter_list; | ||
| 3990 | |||
| 3991 | - int rate2quantum; /* quant = rate / rate2quantum */ | ||
| 3992 | - psched_time_t now; /* cached dequeue time */ | ||
| 3993 | + int rate2quantum; /* quant = rate / rate2quantum */ | ||
| 3994 | + s64 now; /* cached dequeue time */ | ||
| 3995 | struct qdisc_watchdog watchdog; | ||
| 3996 | |||
| 3997 | /* non shaped skbs; let them go directly thru */ | ||
| 3998 | @@ -664,8 +664,8 @@ static void htb_charge_class(struct htb_sched *q, struct htb_class *cl, | ||
| 3999 | * next pending event (0 for no event in pq, q->now for too many events). | ||
| 4000 | * Note: Applied are events whose have cl->pq_key <= q->now. | ||
| 4001 | */ | ||
| 4002 | -static psched_time_t htb_do_events(struct htb_sched *q, int level, | ||
| 4003 | - unsigned long start) | ||
| 4004 | +static s64 htb_do_events(struct htb_sched *q, int level, | ||
| 4005 | + unsigned long start) | ||
| 4006 | { | ||
| 4007 | /* don't run for longer than 2 jiffies; 2 is used instead of | ||
| 4008 | * 1 to simplify things when jiffy is going to be incremented | ||
| 4009 | @@ -857,7 +857,7 @@ static struct sk_buff *htb_dequeue(struct Qdisc *sch) | ||
| 4010 | struct sk_buff *skb; | ||
| 4011 | struct htb_sched *q = qdisc_priv(sch); | ||
| 4012 | int level; | ||
| 4013 | - psched_time_t next_event; | ||
| 4014 | + s64 next_event; | ||
| 4015 | unsigned long start_at; | ||
| 4016 | |||
| 4017 | /* try to dequeue direct packets as high prio (!) to minimize cpu work */ | ||
| 4018 | @@ -880,7 +880,7 @@ ok: | ||
| 4019 | for (level = 0; level < TC_HTB_MAXDEPTH; level++) { | ||
| 4020 | /* common case optimization - skip event handler quickly */ | ||
| 4021 | int m; | ||
| 4022 | - psched_time_t event; | ||
| 4023 | + s64 event; | ||
| 4024 | |||
| 4025 | if (q->now >= q->near_ev_cache[level]) { | ||
| 4026 | event = htb_do_events(q, level, start_at); | ||
| 4027 | @@ -1089,9 +1089,9 @@ static int htb_dump_class(struct Qdisc *sch, unsigned long arg, | ||
| 4028 | |||
| 4029 | memset(&opt, 0, sizeof(opt)); | ||
| 4030 | |||
| 4031 | - opt.rate.rate = psched_ratecfg_getrate(&cl->rate); | ||
| 4032 | + psched_ratecfg_getrate(&opt.rate, &cl->rate); | ||
| 4033 | opt.buffer = PSCHED_NS2TICKS(cl->buffer); | ||
| 4034 | - opt.ceil.rate = psched_ratecfg_getrate(&cl->ceil); | ||
| 4035 | + psched_ratecfg_getrate(&opt.ceil, &cl->ceil); | ||
| 4036 | opt.cbuffer = PSCHED_NS2TICKS(cl->cbuffer); | ||
| 4037 | opt.quantum = cl->quantum; | ||
| 4038 | opt.prio = cl->prio; | ||
| 4039 | @@ -1116,8 +1116,8 @@ htb_dump_class_stats(struct Qdisc *sch, unsigned long arg, struct gnet_dump *d) | ||
| 4040 | |||
| 4041 | if (!cl->level && cl->un.leaf.q) | ||
| 4042 | cl->qstats.qlen = cl->un.leaf.q->q.qlen; | ||
| 4043 | - cl->xstats.tokens = cl->tokens; | ||
| 4044 | - cl->xstats.ctokens = cl->ctokens; | ||
| 4045 | + cl->xstats.tokens = PSCHED_NS2TICKS(cl->tokens); | ||
| 4046 | + cl->xstats.ctokens = PSCHED_NS2TICKS(cl->ctokens); | ||
| 4047 | |||
| 4048 | if (gnet_stats_copy_basic(d, &cl->bstats) < 0 || | ||
| 4049 | gnet_stats_copy_rate_est(d, NULL, &cl->rate_est) < 0 || | ||
| 4050 | @@ -1199,7 +1199,7 @@ static void htb_parent_to_leaf(struct htb_sched *q, struct htb_class *cl, | ||
| 4051 | parent->un.leaf.q = new_q ? new_q : &noop_qdisc; | ||
| 4052 | parent->tokens = parent->buffer; | ||
| 4053 | parent->ctokens = parent->cbuffer; | ||
| 4054 | - parent->t_c = psched_get_time(); | ||
| 4055 | + parent->t_c = ktime_to_ns(ktime_get()); | ||
| 4056 | parent->cmode = HTB_CAN_SEND; | ||
| 4057 | } | ||
| 4058 | |||
| 4059 | @@ -1416,8 +1416,8 @@ static int htb_change_class(struct Qdisc *sch, u32 classid, | ||
| 4060 | /* set class to be in HTB_CAN_SEND state */ | ||
| 4061 | cl->tokens = PSCHED_TICKS2NS(hopt->buffer); | ||
| 4062 | cl->ctokens = PSCHED_TICKS2NS(hopt->cbuffer); | ||
| 4063 | - cl->mbuffer = 60 * PSCHED_TICKS_PER_SEC; /* 1min */ | ||
| 4064 | - cl->t_c = psched_get_time(); | ||
| 4065 | + cl->mbuffer = 60ULL * NSEC_PER_SEC; /* 1min */ | ||
| 4066 | + cl->t_c = ktime_to_ns(ktime_get()); | ||
| 4067 | cl->cmode = HTB_CAN_SEND; | ||
| 4068 | |||
| 4069 | /* attach to the hash list and parent's family */ | ||
| 4070 | @@ -1458,8 +1458,8 @@ static int htb_change_class(struct Qdisc *sch, u32 classid, | ||
| 4071 | cl->prio = TC_HTB_NUMPRIO - 1; | ||
| 4072 | } | ||
| 4073 | |||
| 4074 | - psched_ratecfg_precompute(&cl->rate, hopt->rate.rate); | ||
| 4075 | - psched_ratecfg_precompute(&cl->ceil, hopt->ceil.rate); | ||
| 4076 | + psched_ratecfg_precompute(&cl->rate, &hopt->rate); | ||
| 4077 | + psched_ratecfg_precompute(&cl->ceil, &hopt->ceil); | ||
| 4078 | |||
| 4079 | cl->buffer = PSCHED_TICKS2NS(hopt->buffer); | ||
| 4080 | cl->cbuffer = PSCHED_TICKS2NS(hopt->buffer); | ||
| 4081 | diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c | ||
| 4082 | index c8388f3..e478d31 100644 | ||
| 4083 | --- a/net/sched/sch_tbf.c | ||
| 4084 | +++ b/net/sched/sch_tbf.c | ||
| 4085 | @@ -298,9 +298,9 @@ static int tbf_change(struct Qdisc *sch, struct nlattr *opt) | ||
| 4086 | q->tokens = q->buffer; | ||
| 4087 | q->ptokens = q->mtu; | ||
| 4088 | |||
| 4089 | - psched_ratecfg_precompute(&q->rate, rtab->rate.rate); | ||
| 4090 | + psched_ratecfg_precompute(&q->rate, &rtab->rate); | ||
| 4091 | if (ptab) { | ||
| 4092 | - psched_ratecfg_precompute(&q->peak, ptab->rate.rate); | ||
| 4093 | + psched_ratecfg_precompute(&q->peak, &ptab->rate); | ||
| 4094 | q->peak_present = true; | ||
| 4095 | } else { | ||
| 4096 | q->peak_present = false; | ||
| 4097 | @@ -350,9 +350,9 @@ static int tbf_dump(struct Qdisc *sch, struct sk_buff *skb) | ||
| 4098 | goto nla_put_failure; | ||
| 4099 | |||
| 4100 | opt.limit = q->limit; | ||
| 4101 | - opt.rate.rate = psched_ratecfg_getrate(&q->rate); | ||
| 4102 | + psched_ratecfg_getrate(&opt.rate, &q->rate); | ||
| 4103 | if (q->peak_present) | ||
| 4104 | - opt.peakrate.rate = psched_ratecfg_getrate(&q->peak); | ||
| 4105 | + psched_ratecfg_getrate(&opt.peakrate, &q->peak); | ||
| 4106 | else | ||
| 4107 | memset(&opt.peakrate, 0, sizeof(opt.peakrate)); | ||
| 4108 | opt.mtu = PSCHED_NS2TICKS(q->mtu); | ||
| 4109 | diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c | ||
| 4110 | index 01dca75..e9426bb 100644 | ||
| 4111 | --- a/net/sctp/outqueue.c | ||
| 4112 | +++ b/net/sctp/outqueue.c | ||
| 4113 | @@ -206,6 +206,8 @@ static inline int sctp_cacc_skip(struct sctp_transport *primary, | ||
| 4114 | */ | ||
| 4115 | void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) | ||
| 4116 | { | ||
| 4117 | + memset(q, 0, sizeof(struct sctp_outq)); | ||
| 4118 | + | ||
| 4119 | q->asoc = asoc; | ||
| 4120 | INIT_LIST_HEAD(&q->out_chunk_list); | ||
| 4121 | INIT_LIST_HEAD(&q->control_chunk_list); | ||
| 4122 | @@ -213,13 +215,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) | ||
| 4123 | INIT_LIST_HEAD(&q->sacked); | ||
| 4124 | INIT_LIST_HEAD(&q->abandoned); | ||
| 4125 | |||
| 4126 | - q->fast_rtx = 0; | ||
| 4127 | - q->outstanding_bytes = 0; | ||
| 4128 | q->empty = 1; | ||
| 4129 | - q->cork = 0; | ||
| 4130 | - | ||
| 4131 | - q->malloced = 0; | ||
| 4132 | - q->out_qlen = 0; | ||
| 4133 | } | ||
| 4134 | |||
| 4135 | /* Free the outqueue structure and any related pending chunks. | ||
| 4136 | diff --git a/net/sctp/socket.c b/net/sctp/socket.c | ||
| 4137 | index b907073..02c43e4 100644 | ||
| 4138 | --- a/net/sctp/socket.c | ||
| 4139 | +++ b/net/sctp/socket.c | ||
| 4140 | @@ -4002,6 +4002,12 @@ SCTP_STATIC void sctp_destroy_sock(struct sock *sk) | ||
| 4141 | |||
| 4142 | /* Release our hold on the endpoint. */ | ||
| 4143 | sp = sctp_sk(sk); | ||
| 4144 | + /* This could happen during socket init, thus we bail out | ||
| 4145 | + * early, since the rest of the below is not setup either. | ||
| 4146 | + */ | ||
| 4147 | + if (sp->ep == NULL) | ||
| 4148 | + return; | ||
| 4149 | + | ||
| 4150 | if (sp->do_auto_asconf) { | ||
| 4151 | sp->do_auto_asconf = 0; | ||
| 4152 | list_del(&sp->auto_asconf_list); | ||
| 4153 | diff --git a/net/socket.c b/net/socket.c | ||
| 4154 | index 88f759a..e216502 100644 | ||
| 4155 | --- a/net/socket.c | ||
| 4156 | +++ b/net/socket.c | ||
| 4157 | @@ -1978,7 +1978,7 @@ struct used_address { | ||
| 4158 | unsigned int name_len; | ||
| 4159 | }; | ||
| 4160 | |||
| 4161 | -static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, | ||
| 4162 | +static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, | ||
| 4163 | struct msghdr *msg_sys, unsigned int flags, | ||
| 4164 | struct used_address *used_address) | ||
| 4165 | { | ||
| 4166 | @@ -2093,22 +2093,30 @@ out: | ||
| 4167 | * BSD sendmsg interface | ||
| 4168 | */ | ||
| 4169 | |||
| 4170 | -SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags) | ||
| 4171 | +long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) | ||
| 4172 | { | ||
| 4173 | int fput_needed, err; | ||
| 4174 | struct msghdr msg_sys; | ||
| 4175 | - struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 4176 | + struct socket *sock; | ||
| 4177 | |||
| 4178 | + sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 4179 | if (!sock) | ||
| 4180 | goto out; | ||
| 4181 | |||
| 4182 | - err = __sys_sendmsg(sock, msg, &msg_sys, flags, NULL); | ||
| 4183 | + err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL); | ||
| 4184 | |||
| 4185 | fput_light(sock->file, fput_needed); | ||
| 4186 | out: | ||
| 4187 | return err; | ||
| 4188 | } | ||
| 4189 | |||
| 4190 | +SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags) | ||
| 4191 | +{ | ||
| 4192 | + if (flags & MSG_CMSG_COMPAT) | ||
| 4193 | + return -EINVAL; | ||
| 4194 | + return __sys_sendmsg(fd, msg, flags); | ||
| 4195 | +} | ||
| 4196 | + | ||
| 4197 | /* | ||
| 4198 | * Linux sendmmsg interface | ||
| 4199 | */ | ||
| 4200 | @@ -2139,15 +2147,16 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
| 4201 | |||
| 4202 | while (datagrams < vlen) { | ||
| 4203 | if (MSG_CMSG_COMPAT & flags) { | ||
| 4204 | - err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry, | ||
| 4205 | - &msg_sys, flags, &used_address); | ||
| 4206 | + err = ___sys_sendmsg(sock, (struct msghdr __user *)compat_entry, | ||
| 4207 | + &msg_sys, flags, &used_address); | ||
| 4208 | if (err < 0) | ||
| 4209 | break; | ||
| 4210 | err = __put_user(err, &compat_entry->msg_len); | ||
| 4211 | ++compat_entry; | ||
| 4212 | } else { | ||
| 4213 | - err = __sys_sendmsg(sock, (struct msghdr __user *)entry, | ||
| 4214 | - &msg_sys, flags, &used_address); | ||
| 4215 | + err = ___sys_sendmsg(sock, | ||
| 4216 | + (struct msghdr __user *)entry, | ||
| 4217 | + &msg_sys, flags, &used_address); | ||
| 4218 | if (err < 0) | ||
| 4219 | break; | ||
| 4220 | err = put_user(err, &entry->msg_len); | ||
| 4221 | @@ -2171,10 +2180,12 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
| 4222 | SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg, | ||
| 4223 | unsigned int, vlen, unsigned int, flags) | ||
| 4224 | { | ||
| 4225 | + if (flags & MSG_CMSG_COMPAT) | ||
| 4226 | + return -EINVAL; | ||
| 4227 | return __sys_sendmmsg(fd, mmsg, vlen, flags); | ||
| 4228 | } | ||
| 4229 | |||
| 4230 | -static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | ||
| 4231 | +static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | ||
| 4232 | struct msghdr *msg_sys, unsigned int flags, int nosec) | ||
| 4233 | { | ||
| 4234 | struct compat_msghdr __user *msg_compat = | ||
| 4235 | @@ -2266,23 +2277,31 @@ out: | ||
| 4236 | * BSD recvmsg interface | ||
| 4237 | */ | ||
| 4238 | |||
| 4239 | -SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, | ||
| 4240 | - unsigned int, flags) | ||
| 4241 | +long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags) | ||
| 4242 | { | ||
| 4243 | int fput_needed, err; | ||
| 4244 | struct msghdr msg_sys; | ||
| 4245 | - struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 4246 | + struct socket *sock; | ||
| 4247 | |||
| 4248 | + sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 4249 | if (!sock) | ||
| 4250 | goto out; | ||
| 4251 | |||
| 4252 | - err = __sys_recvmsg(sock, msg, &msg_sys, flags, 0); | ||
| 4253 | + err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0); | ||
| 4254 | |||
| 4255 | fput_light(sock->file, fput_needed); | ||
| 4256 | out: | ||
| 4257 | return err; | ||
| 4258 | } | ||
| 4259 | |||
| 4260 | +SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, | ||
| 4261 | + unsigned int, flags) | ||
| 4262 | +{ | ||
| 4263 | + if (flags & MSG_CMSG_COMPAT) | ||
| 4264 | + return -EINVAL; | ||
| 4265 | + return __sys_recvmsg(fd, msg, flags); | ||
| 4266 | +} | ||
| 4267 | + | ||
| 4268 | /* | ||
| 4269 | * Linux recvmmsg interface | ||
| 4270 | */ | ||
| 4271 | @@ -2320,17 +2339,18 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
| 4272 | * No need to ask LSM for more than the first datagram. | ||
| 4273 | */ | ||
| 4274 | if (MSG_CMSG_COMPAT & flags) { | ||
| 4275 | - err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry, | ||
| 4276 | - &msg_sys, flags & ~MSG_WAITFORONE, | ||
| 4277 | - datagrams); | ||
| 4278 | + err = ___sys_recvmsg(sock, (struct msghdr __user *)compat_entry, | ||
| 4279 | + &msg_sys, flags & ~MSG_WAITFORONE, | ||
| 4280 | + datagrams); | ||
| 4281 | if (err < 0) | ||
| 4282 | break; | ||
| 4283 | err = __put_user(err, &compat_entry->msg_len); | ||
| 4284 | ++compat_entry; | ||
| 4285 | } else { | ||
| 4286 | - err = __sys_recvmsg(sock, (struct msghdr __user *)entry, | ||
| 4287 | - &msg_sys, flags & ~MSG_WAITFORONE, | ||
| 4288 | - datagrams); | ||
| 4289 | + err = ___sys_recvmsg(sock, | ||
| 4290 | + (struct msghdr __user *)entry, | ||
| 4291 | + &msg_sys, flags & ~MSG_WAITFORONE, | ||
| 4292 | + datagrams); | ||
| 4293 | if (err < 0) | ||
| 4294 | break; | ||
| 4295 | err = put_user(err, &entry->msg_len); | ||
| 4296 | @@ -2397,6 +2417,9 @@ SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg, | ||
| 4297 | int datagrams; | ||
| 4298 | struct timespec timeout_sys; | ||
| 4299 | |||
| 4300 | + if (flags & MSG_CMSG_COMPAT) | ||
| 4301 | + return -EINVAL; | ||
| 4302 | + | ||
| 4303 | if (!timeout) | ||
| 4304 | return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL); | ||
| 4305 | |||
| 4306 | diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c | ||
| 4307 | index bcfda89..0cf003d 100644 | ||
| 4308 | --- a/net/xfrm/xfrm_output.c | ||
| 4309 | +++ b/net/xfrm/xfrm_output.c | ||
| 4310 | @@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) | ||
| 4311 | |||
| 4312 | if (unlikely(x->km.state != XFRM_STATE_VALID)) { | ||
| 4313 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); | ||
| 4314 | + err = -EINVAL; | ||
| 4315 | goto error; | ||
| 4316 | } | ||
| 4317 | |||
| 4318 | diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c | ||
| 4319 | index 0d9c58f..44c1205 100644 | ||
| 4320 | --- a/sound/pci/hda/patch_cirrus.c | ||
| 4321 | +++ b/sound/pci/hda/patch_cirrus.c | ||
| 4322 | @@ -58,6 +58,7 @@ enum { | ||
| 4323 | CS420X_GPIO_23, | ||
| 4324 | CS420X_MBP101, | ||
| 4325 | CS420X_MBP81, | ||
| 4326 | + CS420X_MBA42, | ||
| 4327 | CS420X_AUTO, | ||
| 4328 | /* aliases */ | ||
| 4329 | CS420X_IMAC27_122 = CS420X_GPIO_23, | ||
| 4330 | @@ -345,6 +346,7 @@ static const struct hda_model_fixup cs420x_models[] = { | ||
| 4331 | { .id = CS420X_APPLE, .name = "apple" }, | ||
| 4332 | { .id = CS420X_MBP101, .name = "mbp101" }, | ||
| 4333 | { .id = CS420X_MBP81, .name = "mbp81" }, | ||
| 4334 | + { .id = CS420X_MBA42, .name = "mba42" }, | ||
| 4335 | {} | ||
| 4336 | }; | ||
| 4337 | |||
| 4338 | @@ -360,6 +362,7 @@ static const struct snd_pci_quirk cs420x_fixup_tbl[] = { | ||
| 4339 | SND_PCI_QUIRK(0x106b, 0x1c00, "MacBookPro 8,1", CS420X_MBP81), | ||
| 4340 | SND_PCI_QUIRK(0x106b, 0x2000, "iMac 12,2", CS420X_IMAC27_122), | ||
| 4341 | SND_PCI_QUIRK(0x106b, 0x2800, "MacBookPro 10,1", CS420X_MBP101), | ||
| 4342 | + SND_PCI_QUIRK(0x106b, 0x5b00, "MacBookAir 4,2", CS420X_MBA42), | ||
| 4343 | SND_PCI_QUIRK_VENDOR(0x106b, "Apple", CS420X_APPLE), | ||
| 4344 | {} /* terminator */ | ||
| 4345 | }; | ||
| 4346 | @@ -413,6 +416,20 @@ static const struct hda_pintbl mbp101_pincfgs[] = { | ||
| 4347 | {} /* terminator */ | ||
| 4348 | }; | ||
| 4349 | |||
| 4350 | +static const struct hda_pintbl mba42_pincfgs[] = { | ||
| 4351 | + { 0x09, 0x012b4030 }, /* HP */ | ||
| 4352 | + { 0x0a, 0x400000f0 }, | ||
| 4353 | + { 0x0b, 0x90100120 }, /* speaker */ | ||
| 4354 | + { 0x0c, 0x400000f0 }, | ||
| 4355 | + { 0x0d, 0x90a00110 }, /* mic */ | ||
| 4356 | + { 0x0e, 0x400000f0 }, | ||
| 4357 | + { 0x0f, 0x400000f0 }, | ||
| 4358 | + { 0x10, 0x400000f0 }, | ||
| 4359 | + { 0x12, 0x400000f0 }, | ||
| 4360 | + { 0x15, 0x400000f0 }, | ||
| 4361 | + {} /* terminator */ | ||
| 4362 | +}; | ||
| 4363 | + | ||
| 4364 | static void cs420x_fixup_gpio_13(struct hda_codec *codec, | ||
| 4365 | const struct hda_fixup *fix, int action) | ||
| 4366 | { | ||
| 4367 | @@ -481,6 +498,12 @@ static const struct hda_fixup cs420x_fixups[] = { | ||
| 4368 | .chained = true, | ||
| 4369 | .chain_id = CS420X_GPIO_13, | ||
| 4370 | }, | ||
| 4371 | + [CS420X_MBA42] = { | ||
| 4372 | + .type = HDA_FIXUP_PINS, | ||
| 4373 | + .v.pins = mba42_pincfgs, | ||
| 4374 | + .chained = true, | ||
| 4375 | + .chain_id = CS420X_GPIO_13, | ||
| 4376 | + }, | ||
| 4377 | }; | ||
| 4378 | |||
| 4379 | static struct cs_spec *cs_alloc_spec(struct hda_codec *codec, int vendor_nid) | ||
| 4380 | diff --git a/sound/usb/card.c b/sound/usb/card.c | ||
| 4381 | index b79b7dc..13cb571 100644 | ||
| 4382 | --- a/sound/usb/card.c | ||
| 4383 | +++ b/sound/usb/card.c | ||
| 4384 | @@ -144,14 +144,32 @@ static int snd_usb_create_stream(struct snd_usb_audio *chip, int ctrlif, int int | ||
| 4385 | return -EINVAL; | ||
| 4386 | } | ||
| 4387 | |||
| 4388 | + alts = &iface->altsetting[0]; | ||
| 4389 | + altsd = get_iface_desc(alts); | ||
| 4390 | + | ||
| 4391 | + /* | ||
| 4392 | + * Android with both accessory and audio interfaces enabled gets the | ||
| 4393 | + * interface numbers wrong. | ||
| 4394 | + */ | ||
| 4395 | + if ((chip->usb_id == USB_ID(0x18d1, 0x2d04) || | ||
| 4396 | + chip->usb_id == USB_ID(0x18d1, 0x2d05)) && | ||
| 4397 | + interface == 0 && | ||
| 4398 | + altsd->bInterfaceClass == USB_CLASS_VENDOR_SPEC && | ||
| 4399 | + altsd->bInterfaceSubClass == USB_SUBCLASS_VENDOR_SPEC) { | ||
| 4400 | + interface = 2; | ||
| 4401 | + iface = usb_ifnum_to_if(dev, interface); | ||
| 4402 | + if (!iface) | ||
| 4403 | + return -EINVAL; | ||
| 4404 | + alts = &iface->altsetting[0]; | ||
| 4405 | + altsd = get_iface_desc(alts); | ||
| 4406 | + } | ||
| 4407 | + | ||
| 4408 | if (usb_interface_claimed(iface)) { | ||
| 4409 | snd_printdd(KERN_INFO "%d:%d:%d: skipping, already claimed\n", | ||
| 4410 | dev->devnum, ctrlif, interface); | ||
| 4411 | return -EINVAL; | ||
| 4412 | } | ||
| 4413 | |||
| 4414 | - alts = &iface->altsetting[0]; | ||
| 4415 | - altsd = get_iface_desc(alts); | ||
| 4416 | if ((altsd->bInterfaceClass == USB_CLASS_AUDIO || | ||
| 4417 | altsd->bInterfaceClass == USB_CLASS_VENDOR_SPEC) && | ||
| 4418 | altsd->bInterfaceSubClass == USB_SUBCLASS_MIDISTREAMING) { | ||
| 4419 | diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c | ||
| 4420 | index e5c7f9f..d543808 100644 | ||
| 4421 | --- a/sound/usb/mixer.c | ||
| 4422 | +++ b/sound/usb/mixer.c | ||
| 4423 | @@ -885,6 +885,7 @@ static void volume_control_quirks(struct usb_mixer_elem_info *cval, | ||
| 4424 | |||
| 4425 | case USB_ID(0x046d, 0x0808): | ||
| 4426 | case USB_ID(0x046d, 0x0809): | ||
| 4427 | + case USB_ID(0x046d, 0x081b): /* HD Webcam c310 */ | ||
| 4428 | case USB_ID(0x046d, 0x081d): /* HD Webcam c510 */ | ||
| 4429 | case USB_ID(0x046d, 0x0825): /* HD Webcam c270 */ | ||
| 4430 | case USB_ID(0x046d, 0x0991): |