Contents of /trunk/kernel-magellan/patches-4.20/0103-4.20.4-all-fixes.patch
Parent Directory
| 
Revision Log
Revision 3280 -
(show annotations)
(download)
Mon Mar 4 10:35:51 2019 UTC (5 years, 2 months ago) by niro
File size: 138610 byte(s)
Mon Mar 4 10:35:51 2019 UTC (5 years, 2 months ago) by niro
File size: 138610 byte(s)
linux-4.20.4
| 1 | diff --git a/Makefile b/Makefile |
| 2 | index 3b9e4658d31f..a056dba5ede0 100644 |
| 3 | --- a/Makefile |
| 4 | +++ b/Makefile |
| 5 | @@ -1,7 +1,7 @@ |
| 6 | # SPDX-License-Identifier: GPL-2.0 |
| 7 | VERSION = 4 |
| 8 | PATCHLEVEL = 20 |
| 9 | -SUBLEVEL = 3 |
| 10 | +SUBLEVEL = 4 |
| 11 | EXTRAVERSION = |
| 12 | NAME = Shy Crocodile |
| 13 | |
| 14 | @@ -967,6 +967,7 @@ ifdef CONFIG_STACK_VALIDATION |
| 15 | endif |
| 16 | endif |
| 17 | |
| 18 | +PHONY += prepare0 |
| 19 | |
| 20 | ifeq ($(KBUILD_EXTMOD),) |
| 21 | core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/ |
| 22 | @@ -1075,8 +1076,7 @@ scripts: scripts_basic scripts_dtc asm-generic gcc-plugins $(autoksyms_h) |
| 23 | # archprepare is used in arch Makefiles and when processed asm symlink, |
| 24 | # version.h and scripts_basic is processed / created. |
| 25 | |
| 26 | -# Listed in dependency order |
| 27 | -PHONY += prepare archprepare prepare0 prepare1 prepare2 prepare3 |
| 28 | +PHONY += prepare archprepare prepare1 prepare2 prepare3 |
| 29 | |
| 30 | # prepare3 is used to check if we are building in a separate output directory, |
| 31 | # and if so do: |
| 32 | @@ -1545,9 +1545,6 @@ else # KBUILD_EXTMOD |
| 33 | |
| 34 | # We are always building modules |
| 35 | KBUILD_MODULES := 1 |
| 36 | -PHONY += crmodverdir |
| 37 | -crmodverdir: |
| 38 | - $(cmd_crmodverdir) |
| 39 | |
| 40 | PHONY += $(objtree)/Module.symvers |
| 41 | $(objtree)/Module.symvers: |
| 42 | @@ -1559,7 +1556,7 @@ $(objtree)/Module.symvers: |
| 43 | |
| 44 | module-dirs := $(addprefix _module_,$(KBUILD_EXTMOD)) |
| 45 | PHONY += $(module-dirs) modules |
| 46 | -$(module-dirs): crmodverdir $(objtree)/Module.symvers |
| 47 | +$(module-dirs): prepare $(objtree)/Module.symvers |
| 48 | $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) |
| 49 | |
| 50 | modules: $(module-dirs) |
| 51 | @@ -1600,7 +1597,8 @@ help: |
| 52 | |
| 53 | # Dummies... |
| 54 | PHONY += prepare scripts |
| 55 | -prepare: ; |
| 56 | +prepare: |
| 57 | + $(cmd_crmodverdir) |
| 58 | scripts: ; |
| 59 | endif # KBUILD_EXTMOD |
| 60 | |
| 61 | @@ -1724,17 +1722,14 @@ endif |
| 62 | |
| 63 | # Modules |
| 64 | /: prepare scripts FORCE |
| 65 | - $(cmd_crmodverdir) |
| 66 | $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ |
| 67 | $(build)=$(build-dir) |
| 68 | # Make sure the latest headers are built for Documentation |
| 69 | Documentation/ samples/: headers_install |
| 70 | %/: prepare scripts FORCE |
| 71 | - $(cmd_crmodverdir) |
| 72 | $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ |
| 73 | $(build)=$(build-dir) |
| 74 | %.ko: prepare scripts FORCE |
| 75 | - $(cmd_crmodverdir) |
| 76 | $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ |
| 77 | $(build)=$(build-dir) $(@:.ko=.o) |
| 78 | $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost |
| 79 | diff --git a/arch/arm64/boot/dts/marvell/armada-ap806.dtsi b/arch/arm64/boot/dts/marvell/armada-ap806.dtsi |
| 80 | index 7d94c1fa592a..7f799cb5668e 100644 |
| 81 | --- a/arch/arm64/boot/dts/marvell/armada-ap806.dtsi |
| 82 | +++ b/arch/arm64/boot/dts/marvell/armada-ap806.dtsi |
| 83 | @@ -28,6 +28,23 @@ |
| 84 | method = "smc"; |
| 85 | }; |
| 86 | |
| 87 | + reserved-memory { |
| 88 | + #address-cells = <2>; |
| 89 | + #size-cells = <2>; |
| 90 | + ranges; |
| 91 | + |
| 92 | + /* |
| 93 | + * This area matches the mapping done with a |
| 94 | + * mainline U-Boot, and should be updated by the |
| 95 | + * bootloader. |
| 96 | + */ |
| 97 | + |
| 98 | + psci-area@4000000 { |
| 99 | + reg = <0x0 0x4000000 0x0 0x200000>; |
| 100 | + no-map; |
| 101 | + }; |
| 102 | + }; |
| 103 | + |
| 104 | ap806 { |
| 105 | #address-cells = <2>; |
| 106 | #size-cells = <2>; |
| 107 | diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h |
| 108 | index 2dafd936d84d..bc2327d4a505 100644 |
| 109 | --- a/arch/arm64/include/asm/kvm_arm.h |
| 110 | +++ b/arch/arm64/include/asm/kvm_arm.h |
| 111 | @@ -24,6 +24,8 @@ |
| 112 | |
| 113 | /* Hyp Configuration Register (HCR) bits */ |
| 114 | #define HCR_FWB (UL(1) << 46) |
| 115 | +#define HCR_API (UL(1) << 41) |
| 116 | +#define HCR_APK (UL(1) << 40) |
| 117 | #define HCR_TEA (UL(1) << 37) |
| 118 | #define HCR_TERR (UL(1) << 36) |
| 119 | #define HCR_TLOR (UL(1) << 35) |
| 120 | @@ -87,6 +89,7 @@ |
| 121 | HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ |
| 122 | HCR_FMO | HCR_IMO) |
| 123 | #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) |
| 124 | +#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK) |
| 125 | #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) |
| 126 | |
| 127 | /* TCR_EL2 Registers bits */ |
| 128 | diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S |
| 129 | index 4471f570a295..b207a2ce4bc6 100644 |
| 130 | --- a/arch/arm64/kernel/head.S |
| 131 | +++ b/arch/arm64/kernel/head.S |
| 132 | @@ -496,10 +496,9 @@ ENTRY(el2_setup) |
| 133 | #endif |
| 134 | |
| 135 | /* Hyp configuration. */ |
| 136 | - mov x0, #HCR_RW // 64-bit EL1 |
| 137 | + mov_q x0, HCR_HOST_NVHE_FLAGS |
| 138 | cbz x2, set_hcr |
| 139 | - orr x0, x0, #HCR_TGE // Enable Host Extensions |
| 140 | - orr x0, x0, #HCR_E2H |
| 141 | + mov_q x0, HCR_HOST_VHE_FLAGS |
| 142 | set_hcr: |
| 143 | msr hcr_el2, x0 |
| 144 | isb |
| 145 | diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c |
| 146 | index f0e6ab8abe9c..ba6b41790fcd 100644 |
| 147 | --- a/arch/arm64/kernel/kaslr.c |
| 148 | +++ b/arch/arm64/kernel/kaslr.c |
| 149 | @@ -14,6 +14,7 @@ |
| 150 | #include <linux/sched.h> |
| 151 | #include <linux/types.h> |
| 152 | |
| 153 | +#include <asm/cacheflush.h> |
| 154 | #include <asm/fixmap.h> |
| 155 | #include <asm/kernel-pgtable.h> |
| 156 | #include <asm/memory.h> |
| 157 | @@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *fdt) |
| 158 | return ret; |
| 159 | } |
| 160 | |
| 161 | -static __init const u8 *get_cmdline(void *fdt) |
| 162 | +static __init const u8 *kaslr_get_cmdline(void *fdt) |
| 163 | { |
| 164 | static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE; |
| 165 | |
| 166 | @@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys) |
| 167 | * Check if 'nokaslr' appears on the command line, and |
| 168 | * return 0 if that is the case. |
| 169 | */ |
| 170 | - cmdline = get_cmdline(fdt); |
| 171 | + cmdline = kaslr_get_cmdline(fdt); |
| 172 | str = strstr(cmdline, "nokaslr"); |
| 173 | if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) |
| 174 | return 0; |
| 175 | @@ -169,5 +170,8 @@ u64 __init kaslr_early_init(u64 dt_phys) |
| 176 | module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21; |
| 177 | module_alloc_base &= PAGE_MASK; |
| 178 | |
| 179 | + __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); |
| 180 | + __flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed)); |
| 181 | + |
| 182 | return offset; |
| 183 | } |
| 184 | diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c |
| 185 | index 7cc175c88a37..f6e02cc4d856 100644 |
| 186 | --- a/arch/arm64/kvm/hyp/switch.c |
| 187 | +++ b/arch/arm64/kvm/hyp/switch.c |
| 188 | @@ -157,7 +157,7 @@ static void __hyp_text __deactivate_traps_nvhe(void) |
| 189 | mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; |
| 190 | |
| 191 | write_sysreg(mdcr_el2, mdcr_el2); |
| 192 | - write_sysreg(HCR_RW, hcr_el2); |
| 193 | + write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2); |
| 194 | write_sysreg(CPTR_EL2_DEFAULT, cptr_el2); |
| 195 | } |
| 196 | |
| 197 | diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig |
| 198 | index 8272ea4c7264..6207b41473a0 100644 |
| 199 | --- a/arch/mips/Kconfig |
| 200 | +++ b/arch/mips/Kconfig |
| 201 | @@ -3184,6 +3184,7 @@ config MIPS32_O32 |
| 202 | config MIPS32_N32 |
| 203 | bool "Kernel support for n32 binaries" |
| 204 | depends on 64BIT |
| 205 | + select ARCH_WANT_COMPAT_IPC_PARSE_VERSION |
| 206 | select COMPAT |
| 207 | select MIPS32_COMPAT |
| 208 | select SYSVIPC_COMPAT if SYSVIPC |
| 209 | diff --git a/arch/mips/bcm47xx/setup.c b/arch/mips/bcm47xx/setup.c |
| 210 | index 6054d49e608e..fe3773539eff 100644 |
| 211 | --- a/arch/mips/bcm47xx/setup.c |
| 212 | +++ b/arch/mips/bcm47xx/setup.c |
| 213 | @@ -173,6 +173,31 @@ void __init plat_mem_setup(void) |
| 214 | pm_power_off = bcm47xx_machine_halt; |
| 215 | } |
| 216 | |
| 217 | +#ifdef CONFIG_BCM47XX_BCMA |
| 218 | +static struct device * __init bcm47xx_setup_device(void) |
| 219 | +{ |
| 220 | + struct device *dev; |
| 221 | + int err; |
| 222 | + |
| 223 | + dev = kzalloc(sizeof(*dev), GFP_KERNEL); |
| 224 | + if (!dev) |
| 225 | + return NULL; |
| 226 | + |
| 227 | + err = dev_set_name(dev, "bcm47xx_soc"); |
| 228 | + if (err) { |
| 229 | + pr_err("Failed to set SoC device name: %d\n", err); |
| 230 | + kfree(dev); |
| 231 | + return NULL; |
| 232 | + } |
| 233 | + |
| 234 | + err = dma_coerce_mask_and_coherent(dev, DMA_BIT_MASK(32)); |
| 235 | + if (err) |
| 236 | + pr_err("Failed to set SoC DMA mask: %d\n", err); |
| 237 | + |
| 238 | + return dev; |
| 239 | +} |
| 240 | +#endif |
| 241 | + |
| 242 | /* |
| 243 | * This finishes bus initialization doing things that were not possible without |
| 244 | * kmalloc. Make sure to call it late enough (after mm_init). |
| 245 | @@ -183,6 +208,10 @@ void __init bcm47xx_bus_setup(void) |
| 246 | if (bcm47xx_bus_type == BCM47XX_BUS_TYPE_BCMA) { |
| 247 | int err; |
| 248 | |
| 249 | + bcm47xx_bus.bcma.dev = bcm47xx_setup_device(); |
| 250 | + if (!bcm47xx_bus.bcma.dev) |
| 251 | + panic("Failed to setup SoC device\n"); |
| 252 | + |
| 253 | err = bcma_host_soc_init(&bcm47xx_bus.bcma); |
| 254 | if (err) |
| 255 | panic("Failed to initialize BCMA bus (err %d)", err); |
| 256 | @@ -235,6 +264,8 @@ static int __init bcm47xx_register_bus_complete(void) |
| 257 | #endif |
| 258 | #ifdef CONFIG_BCM47XX_BCMA |
| 259 | case BCM47XX_BUS_TYPE_BCMA: |
| 260 | + if (device_register(bcm47xx_bus.bcma.dev)) |
| 261 | + pr_err("Failed to register SoC device\n"); |
| 262 | bcma_bus_register(&bcm47xx_bus.bcma.bus); |
| 263 | break; |
| 264 | #endif |
| 265 | diff --git a/arch/mips/cavium-octeon/setup.c b/arch/mips/cavium-octeon/setup.c |
| 266 | index dfb95cffef3e..a3cf68538f3d 100644 |
| 267 | --- a/arch/mips/cavium-octeon/setup.c |
| 268 | +++ b/arch/mips/cavium-octeon/setup.c |
| 269 | @@ -96,7 +96,7 @@ static void octeon_kexec_smp_down(void *ignored) |
| 270 | " sync \n" |
| 271 | " synci ($0) \n"); |
| 272 | |
| 273 | - relocated_kexec_smp_wait(NULL); |
| 274 | + kexec_reboot(); |
| 275 | } |
| 276 | #endif |
| 277 | |
| 278 | diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c |
| 279 | index f0bc3312ed11..c4ef1c31e0c4 100644 |
| 280 | --- a/arch/mips/lantiq/irq.c |
| 281 | +++ b/arch/mips/lantiq/irq.c |
| 282 | @@ -224,9 +224,11 @@ static struct irq_chip ltq_eiu_type = { |
| 283 | .irq_set_type = ltq_eiu_settype, |
| 284 | }; |
| 285 | |
| 286 | -static void ltq_hw_irqdispatch(int module) |
| 287 | +static void ltq_hw_irq_handler(struct irq_desc *desc) |
| 288 | { |
| 289 | + int module = irq_desc_get_irq(desc) - 2; |
| 290 | u32 irq; |
| 291 | + int hwirq; |
| 292 | |
| 293 | irq = ltq_icu_r32(module, LTQ_ICU_IM0_IOSR); |
| 294 | if (irq == 0) |
| 295 | @@ -237,7 +239,8 @@ static void ltq_hw_irqdispatch(int module) |
| 296 | * other bits might be bogus |
| 297 | */ |
| 298 | irq = __fls(irq); |
| 299 | - do_IRQ((int)irq + MIPS_CPU_IRQ_CASCADE + (INT_NUM_IM_OFFSET * module)); |
| 300 | + hwirq = irq + MIPS_CPU_IRQ_CASCADE + (INT_NUM_IM_OFFSET * module); |
| 301 | + generic_handle_irq(irq_linear_revmap(ltq_domain, hwirq)); |
| 302 | |
| 303 | /* if this is a EBU irq, we need to ack it or get a deadlock */ |
| 304 | if ((irq == LTQ_ICU_EBU_IRQ) && (module == 0) && LTQ_EBU_PCC_ISTAT) |
| 305 | @@ -245,49 +248,6 @@ static void ltq_hw_irqdispatch(int module) |
| 306 | LTQ_EBU_PCC_ISTAT); |
| 307 | } |
| 308 | |
| 309 | -#define DEFINE_HWx_IRQDISPATCH(x) \ |
| 310 | - static void ltq_hw ## x ## _irqdispatch(void) \ |
| 311 | - { \ |
| 312 | - ltq_hw_irqdispatch(x); \ |
| 313 | - } |
| 314 | -DEFINE_HWx_IRQDISPATCH(0) |
| 315 | -DEFINE_HWx_IRQDISPATCH(1) |
| 316 | -DEFINE_HWx_IRQDISPATCH(2) |
| 317 | -DEFINE_HWx_IRQDISPATCH(3) |
| 318 | -DEFINE_HWx_IRQDISPATCH(4) |
| 319 | - |
| 320 | -#if MIPS_CPU_TIMER_IRQ == 7 |
| 321 | -static void ltq_hw5_irqdispatch(void) |
| 322 | -{ |
| 323 | - do_IRQ(MIPS_CPU_TIMER_IRQ); |
| 324 | -} |
| 325 | -#else |
| 326 | -DEFINE_HWx_IRQDISPATCH(5) |
| 327 | -#endif |
| 328 | - |
| 329 | -static void ltq_hw_irq_handler(struct irq_desc *desc) |
| 330 | -{ |
| 331 | - ltq_hw_irqdispatch(irq_desc_get_irq(desc) - 2); |
| 332 | -} |
| 333 | - |
| 334 | -asmlinkage void plat_irq_dispatch(void) |
| 335 | -{ |
| 336 | - unsigned int pending = read_c0_status() & read_c0_cause() & ST0_IM; |
| 337 | - int irq; |
| 338 | - |
| 339 | - if (!pending) { |
| 340 | - spurious_interrupt(); |
| 341 | - return; |
| 342 | - } |
| 343 | - |
| 344 | - pending >>= CAUSEB_IP; |
| 345 | - while (pending) { |
| 346 | - irq = fls(pending) - 1; |
| 347 | - do_IRQ(MIPS_CPU_IRQ_BASE + irq); |
| 348 | - pending &= ~BIT(irq); |
| 349 | - } |
| 350 | -} |
| 351 | - |
| 352 | static int icu_map(struct irq_domain *d, unsigned int irq, irq_hw_number_t hw) |
| 353 | { |
| 354 | struct irq_chip *chip = <q_irq_type; |
| 355 | @@ -343,28 +303,10 @@ int __init icu_of_init(struct device_node *node, struct device_node *parent) |
| 356 | for (i = 0; i < MAX_IM; i++) |
| 357 | irq_set_chained_handler(i + 2, ltq_hw_irq_handler); |
| 358 | |
| 359 | - if (cpu_has_vint) { |
| 360 | - pr_info("Setting up vectored interrupts\n"); |
| 361 | - set_vi_handler(2, ltq_hw0_irqdispatch); |
| 362 | - set_vi_handler(3, ltq_hw1_irqdispatch); |
| 363 | - set_vi_handler(4, ltq_hw2_irqdispatch); |
| 364 | - set_vi_handler(5, ltq_hw3_irqdispatch); |
| 365 | - set_vi_handler(6, ltq_hw4_irqdispatch); |
| 366 | - set_vi_handler(7, ltq_hw5_irqdispatch); |
| 367 | - } |
| 368 | - |
| 369 | ltq_domain = irq_domain_add_linear(node, |
| 370 | (MAX_IM * INT_NUM_IM_OFFSET) + MIPS_CPU_IRQ_CASCADE, |
| 371 | &irq_domain_ops, 0); |
| 372 | |
| 373 | -#ifndef CONFIG_MIPS_MT_SMP |
| 374 | - set_c0_status(IE_IRQ0 | IE_IRQ1 | IE_IRQ2 | |
| 375 | - IE_IRQ3 | IE_IRQ4 | IE_IRQ5); |
| 376 | -#else |
| 377 | - set_c0_status(IE_SW0 | IE_SW1 | IE_IRQ0 | IE_IRQ1 | |
| 378 | - IE_IRQ2 | IE_IRQ3 | IE_IRQ4 | IE_IRQ5); |
| 379 | -#endif |
| 380 | - |
| 381 | /* tell oprofile which irq to use */ |
| 382 | ltq_perfcount_irq = irq_create_mapping(ltq_domain, LTQ_PERF_IRQ); |
| 383 | |
| 384 | diff --git a/arch/mips/pci/msi-octeon.c b/arch/mips/pci/msi-octeon.c |
| 385 | index 2a5bb849b10e..288b58b00dc8 100644 |
| 386 | --- a/arch/mips/pci/msi-octeon.c |
| 387 | +++ b/arch/mips/pci/msi-octeon.c |
| 388 | @@ -369,7 +369,9 @@ int __init octeon_msi_initialize(void) |
| 389 | int irq; |
| 390 | struct irq_chip *msi; |
| 391 | |
| 392 | - if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_PCIE) { |
| 393 | + if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_INVALID) { |
| 394 | + return 0; |
| 395 | + } else if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_PCIE) { |
| 396 | msi_rcv_reg[0] = CVMX_PEXP_NPEI_MSI_RCV0; |
| 397 | msi_rcv_reg[1] = CVMX_PEXP_NPEI_MSI_RCV1; |
| 398 | msi_rcv_reg[2] = CVMX_PEXP_NPEI_MSI_RCV2; |
| 399 | diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c |
| 400 | index 6f70d1b4bf36..14b0f5b6a373 100644 |
| 401 | --- a/arch/powerpc/kernel/signal_64.c |
| 402 | +++ b/arch/powerpc/kernel/signal_64.c |
| 403 | @@ -755,11 +755,12 @@ SYSCALL_DEFINE0(rt_sigreturn) |
| 404 | if (restore_tm_sigcontexts(current, &uc->uc_mcontext, |
| 405 | &uc_transact->uc_mcontext)) |
| 406 | goto badframe; |
| 407 | - } |
| 408 | + } else |
| 409 | #endif |
| 410 | - /* Fall through, for non-TM restore */ |
| 411 | - if (!MSR_TM_ACTIVE(msr)) { |
| 412 | + { |
| 413 | /* |
| 414 | + * Fall through, for non-TM restore |
| 415 | + * |
| 416 | * Unset MSR[TS] on the thread regs since MSR from user |
| 417 | * context does not have MSR active, and recheckpoint was |
| 418 | * not called since restore_tm_sigcontexts() was not called |
| 419 | diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c |
| 420 | index 72bf446c3fee..6e29794573b7 100644 |
| 421 | --- a/arch/x86/xen/time.c |
| 422 | +++ b/arch/x86/xen/time.c |
| 423 | @@ -361,8 +361,6 @@ void xen_timer_resume(void) |
| 424 | { |
| 425 | int cpu; |
| 426 | |
| 427 | - pvclock_resume(); |
| 428 | - |
| 429 | if (xen_clockevent != &xen_vcpuop_clockevent) |
| 430 | return; |
| 431 | |
| 432 | @@ -379,12 +377,15 @@ static const struct pv_time_ops xen_time_ops __initconst = { |
| 433 | }; |
| 434 | |
| 435 | static struct pvclock_vsyscall_time_info *xen_clock __read_mostly; |
| 436 | +static u64 xen_clock_value_saved; |
| 437 | |
| 438 | void xen_save_time_memory_area(void) |
| 439 | { |
| 440 | struct vcpu_register_time_memory_area t; |
| 441 | int ret; |
| 442 | |
| 443 | + xen_clock_value_saved = xen_clocksource_read() - xen_sched_clock_offset; |
| 444 | + |
| 445 | if (!xen_clock) |
| 446 | return; |
| 447 | |
| 448 | @@ -404,7 +405,7 @@ void xen_restore_time_memory_area(void) |
| 449 | int ret; |
| 450 | |
| 451 | if (!xen_clock) |
| 452 | - return; |
| 453 | + goto out; |
| 454 | |
| 455 | t.addr.v = &xen_clock->pvti; |
| 456 | |
| 457 | @@ -421,6 +422,11 @@ void xen_restore_time_memory_area(void) |
| 458 | if (ret != 0) |
| 459 | pr_notice("Cannot restore secondary vcpu_time_info (err %d)", |
| 460 | ret); |
| 461 | + |
| 462 | +out: |
| 463 | + /* Need pvclock_resume() before using xen_clocksource_read(). */ |
| 464 | + pvclock_resume(); |
| 465 | + xen_sched_clock_offset = xen_clocksource_read() - xen_clock_value_saved; |
| 466 | } |
| 467 | |
| 468 | static void xen_setup_vsyscall_time_info(void) |
| 469 | diff --git a/block/partition-generic.c b/block/partition-generic.c |
| 470 | index d3d14e81fb12..5f8db5c5140f 100644 |
| 471 | --- a/block/partition-generic.c |
| 472 | +++ b/block/partition-generic.c |
| 473 | @@ -249,9 +249,10 @@ struct device_type part_type = { |
| 474 | .uevent = part_uevent, |
| 475 | }; |
| 476 | |
| 477 | -static void delete_partition_rcu_cb(struct rcu_head *head) |
| 478 | +static void delete_partition_work_fn(struct work_struct *work) |
| 479 | { |
| 480 | - struct hd_struct *part = container_of(head, struct hd_struct, rcu_head); |
| 481 | + struct hd_struct *part = container_of(to_rcu_work(work), struct hd_struct, |
| 482 | + rcu_work); |
| 483 | |
| 484 | part->start_sect = 0; |
| 485 | part->nr_sects = 0; |
| 486 | @@ -262,7 +263,8 @@ static void delete_partition_rcu_cb(struct rcu_head *head) |
| 487 | void __delete_partition(struct percpu_ref *ref) |
| 488 | { |
| 489 | struct hd_struct *part = container_of(ref, struct hd_struct, ref); |
| 490 | - call_rcu(&part->rcu_head, delete_partition_rcu_cb); |
| 491 | + INIT_RCU_WORK(&part->rcu_work, delete_partition_work_fn); |
| 492 | + queue_rcu_work(system_wq, &part->rcu_work); |
| 493 | } |
| 494 | |
| 495 | /* |
| 496 | diff --git a/crypto/authenc.c b/crypto/authenc.c |
| 497 | index 37f54d1b2f66..4be293a4b5f0 100644 |
| 498 | --- a/crypto/authenc.c |
| 499 | +++ b/crypto/authenc.c |
| 500 | @@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key, |
| 501 | return -EINVAL; |
| 502 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) |
| 503 | return -EINVAL; |
| 504 | - if (RTA_PAYLOAD(rta) < sizeof(*param)) |
| 505 | + |
| 506 | + /* |
| 507 | + * RTA_OK() didn't align the rtattr's payload when validating that it |
| 508 | + * fits in the buffer. Yet, the keys should start on the next 4-byte |
| 509 | + * aligned boundary. To avoid confusion, require that the rtattr |
| 510 | + * payload be exactly the param struct, which has a 4-byte aligned size. |
| 511 | + */ |
| 512 | + if (RTA_PAYLOAD(rta) != sizeof(*param)) |
| 513 | return -EINVAL; |
| 514 | + BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO); |
| 515 | |
| 516 | param = RTA_DATA(rta); |
| 517 | keys->enckeylen = be32_to_cpu(param->enckeylen); |
| 518 | |
| 519 | - key += RTA_ALIGN(rta->rta_len); |
| 520 | - keylen -= RTA_ALIGN(rta->rta_len); |
| 521 | + key += rta->rta_len; |
| 522 | + keylen -= rta->rta_len; |
| 523 | |
| 524 | if (keylen < keys->enckeylen) |
| 525 | return -EINVAL; |
| 526 | diff --git a/crypto/authencesn.c b/crypto/authencesn.c |
| 527 | index 80a25cc04aec..4741fe89ba2c 100644 |
| 528 | --- a/crypto/authencesn.c |
| 529 | +++ b/crypto/authencesn.c |
| 530 | @@ -279,7 +279,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq, |
| 531 | struct aead_request *req = areq->data; |
| 532 | |
| 533 | err = err ?: crypto_authenc_esn_decrypt_tail(req, 0); |
| 534 | - aead_request_complete(req, err); |
| 535 | + authenc_esn_request_complete(req, err); |
| 536 | } |
| 537 | |
| 538 | static int crypto_authenc_esn_decrypt(struct aead_request *req) |
| 539 | diff --git a/crypto/sm3_generic.c b/crypto/sm3_generic.c |
| 540 | index 9a5c60f08aad..c0cf87ae7ef6 100644 |
| 541 | --- a/crypto/sm3_generic.c |
| 542 | +++ b/crypto/sm3_generic.c |
| 543 | @@ -100,7 +100,7 @@ static void sm3_compress(u32 *w, u32 *wt, u32 *m) |
| 544 | |
| 545 | for (i = 0; i <= 63; i++) { |
| 546 | |
| 547 | - ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i)), 7); |
| 548 | + ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i & 31)), 7); |
| 549 | |
| 550 | ss2 = ss1 ^ rol32(a, 12); |
| 551 | |
| 552 | diff --git a/drivers/block/loop.c b/drivers/block/loop.c |
| 553 | index cb0cc8685076..84b055aa81ba 100644 |
| 554 | --- a/drivers/block/loop.c |
| 555 | +++ b/drivers/block/loop.c |
| 556 | @@ -83,7 +83,7 @@ |
| 557 | #include <linux/uaccess.h> |
| 558 | |
| 559 | static DEFINE_IDR(loop_index_idr); |
| 560 | -static DEFINE_MUTEX(loop_index_mutex); |
| 561 | +static DEFINE_MUTEX(loop_ctl_mutex); |
| 562 | |
| 563 | static int max_part; |
| 564 | static int part_shift; |
| 565 | @@ -630,18 +630,7 @@ static void loop_reread_partitions(struct loop_device *lo, |
| 566 | { |
| 567 | int rc; |
| 568 | |
| 569 | - /* |
| 570 | - * bd_mutex has been held already in release path, so don't |
| 571 | - * acquire it if this function is called in such case. |
| 572 | - * |
| 573 | - * If the reread partition isn't from release path, lo_refcnt |
| 574 | - * must be at least one and it can only become zero when the |
| 575 | - * current holder is released. |
| 576 | - */ |
| 577 | - if (!atomic_read(&lo->lo_refcnt)) |
| 578 | - rc = __blkdev_reread_part(bdev); |
| 579 | - else |
| 580 | - rc = blkdev_reread_part(bdev); |
| 581 | + rc = blkdev_reread_part(bdev); |
| 582 | if (rc) |
| 583 | pr_warn("%s: partition scan of loop%d (%s) failed (rc=%d)\n", |
| 584 | __func__, lo->lo_number, lo->lo_file_name, rc); |
| 585 | @@ -688,26 +677,30 @@ static int loop_validate_file(struct file *file, struct block_device *bdev) |
| 586 | static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, |
| 587 | unsigned int arg) |
| 588 | { |
| 589 | - struct file *file, *old_file; |
| 590 | + struct file *file = NULL, *old_file; |
| 591 | int error; |
| 592 | + bool partscan; |
| 593 | |
| 594 | + error = mutex_lock_killable(&loop_ctl_mutex); |
| 595 | + if (error) |
| 596 | + return error; |
| 597 | error = -ENXIO; |
| 598 | if (lo->lo_state != Lo_bound) |
| 599 | - goto out; |
| 600 | + goto out_err; |
| 601 | |
| 602 | /* the loop device has to be read-only */ |
| 603 | error = -EINVAL; |
| 604 | if (!(lo->lo_flags & LO_FLAGS_READ_ONLY)) |
| 605 | - goto out; |
| 606 | + goto out_err; |
| 607 | |
| 608 | error = -EBADF; |
| 609 | file = fget(arg); |
| 610 | if (!file) |
| 611 | - goto out; |
| 612 | + goto out_err; |
| 613 | |
| 614 | error = loop_validate_file(file, bdev); |
| 615 | if (error) |
| 616 | - goto out_putf; |
| 617 | + goto out_err; |
| 618 | |
| 619 | old_file = lo->lo_backing_file; |
| 620 | |
| 621 | @@ -715,7 +708,7 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, |
| 622 | |
| 623 | /* size of the new backing store needs to be the same */ |
| 624 | if (get_loop_size(lo, file) != get_loop_size(lo, old_file)) |
| 625 | - goto out_putf; |
| 626 | + goto out_err; |
| 627 | |
| 628 | /* and ... switch */ |
| 629 | blk_mq_freeze_queue(lo->lo_queue); |
| 630 | @@ -726,15 +719,22 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, |
| 631 | lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS)); |
| 632 | loop_update_dio(lo); |
| 633 | blk_mq_unfreeze_queue(lo->lo_queue); |
| 634 | - |
| 635 | + partscan = lo->lo_flags & LO_FLAGS_PARTSCAN; |
| 636 | + mutex_unlock(&loop_ctl_mutex); |
| 637 | + /* |
| 638 | + * We must drop file reference outside of loop_ctl_mutex as dropping |
| 639 | + * the file ref can take bd_mutex which creates circular locking |
| 640 | + * dependency. |
| 641 | + */ |
| 642 | fput(old_file); |
| 643 | - if (lo->lo_flags & LO_FLAGS_PARTSCAN) |
| 644 | + if (partscan) |
| 645 | loop_reread_partitions(lo, bdev); |
| 646 | return 0; |
| 647 | |
| 648 | - out_putf: |
| 649 | - fput(file); |
| 650 | - out: |
| 651 | +out_err: |
| 652 | + mutex_unlock(&loop_ctl_mutex); |
| 653 | + if (file) |
| 654 | + fput(file); |
| 655 | return error; |
| 656 | } |
| 657 | |
| 658 | @@ -909,6 +909,7 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, |
| 659 | int lo_flags = 0; |
| 660 | int error; |
| 661 | loff_t size; |
| 662 | + bool partscan; |
| 663 | |
| 664 | /* This is safe, since we have a reference from open(). */ |
| 665 | __module_get(THIS_MODULE); |
| 666 | @@ -918,13 +919,17 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, |
| 667 | if (!file) |
| 668 | goto out; |
| 669 | |
| 670 | + error = mutex_lock_killable(&loop_ctl_mutex); |
| 671 | + if (error) |
| 672 | + goto out_putf; |
| 673 | + |
| 674 | error = -EBUSY; |
| 675 | if (lo->lo_state != Lo_unbound) |
| 676 | - goto out_putf; |
| 677 | + goto out_unlock; |
| 678 | |
| 679 | error = loop_validate_file(file, bdev); |
| 680 | if (error) |
| 681 | - goto out_putf; |
| 682 | + goto out_unlock; |
| 683 | |
| 684 | mapping = file->f_mapping; |
| 685 | inode = mapping->host; |
| 686 | @@ -936,10 +941,10 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, |
| 687 | error = -EFBIG; |
| 688 | size = get_loop_size(lo, file); |
| 689 | if ((loff_t)(sector_t)size != size) |
| 690 | - goto out_putf; |
| 691 | + goto out_unlock; |
| 692 | error = loop_prepare_queue(lo); |
| 693 | if (error) |
| 694 | - goto out_putf; |
| 695 | + goto out_unlock; |
| 696 | |
| 697 | error = 0; |
| 698 | |
| 699 | @@ -971,18 +976,22 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, |
| 700 | lo->lo_state = Lo_bound; |
| 701 | if (part_shift) |
| 702 | lo->lo_flags |= LO_FLAGS_PARTSCAN; |
| 703 | - if (lo->lo_flags & LO_FLAGS_PARTSCAN) |
| 704 | - loop_reread_partitions(lo, bdev); |
| 705 | + partscan = lo->lo_flags & LO_FLAGS_PARTSCAN; |
| 706 | |
| 707 | /* Grab the block_device to prevent its destruction after we |
| 708 | - * put /dev/loopXX inode. Later in loop_clr_fd() we bdput(bdev). |
| 709 | + * put /dev/loopXX inode. Later in __loop_clr_fd() we bdput(bdev). |
| 710 | */ |
| 711 | bdgrab(bdev); |
| 712 | + mutex_unlock(&loop_ctl_mutex); |
| 713 | + if (partscan) |
| 714 | + loop_reread_partitions(lo, bdev); |
| 715 | return 0; |
| 716 | |
| 717 | - out_putf: |
| 718 | +out_unlock: |
| 719 | + mutex_unlock(&loop_ctl_mutex); |
| 720 | +out_putf: |
| 721 | fput(file); |
| 722 | - out: |
| 723 | +out: |
| 724 | /* This is safe: open() is still holding a reference. */ |
| 725 | module_put(THIS_MODULE); |
| 726 | return error; |
| 727 | @@ -1025,39 +1034,31 @@ loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer, |
| 728 | return err; |
| 729 | } |
| 730 | |
| 731 | -static int loop_clr_fd(struct loop_device *lo) |
| 732 | +static int __loop_clr_fd(struct loop_device *lo, bool release) |
| 733 | { |
| 734 | - struct file *filp = lo->lo_backing_file; |
| 735 | + struct file *filp = NULL; |
| 736 | gfp_t gfp = lo->old_gfp_mask; |
| 737 | struct block_device *bdev = lo->lo_device; |
| 738 | + int err = 0; |
| 739 | + bool partscan = false; |
| 740 | + int lo_number; |
| 741 | |
| 742 | - if (lo->lo_state != Lo_bound) |
| 743 | - return -ENXIO; |
| 744 | - |
| 745 | - /* |
| 746 | - * If we've explicitly asked to tear down the loop device, |
| 747 | - * and it has an elevated reference count, set it for auto-teardown when |
| 748 | - * the last reference goes away. This stops $!~#$@ udev from |
| 749 | - * preventing teardown because it decided that it needs to run blkid on |
| 750 | - * the loopback device whenever they appear. xfstests is notorious for |
| 751 | - * failing tests because blkid via udev races with a losetup |
| 752 | - * <dev>/do something like mkfs/losetup -d <dev> causing the losetup -d |
| 753 | - * command to fail with EBUSY. |
| 754 | - */ |
| 755 | - if (atomic_read(&lo->lo_refcnt) > 1) { |
| 756 | - lo->lo_flags |= LO_FLAGS_AUTOCLEAR; |
| 757 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 758 | - return 0; |
| 759 | + mutex_lock(&loop_ctl_mutex); |
| 760 | + if (WARN_ON_ONCE(lo->lo_state != Lo_rundown)) { |
| 761 | + err = -ENXIO; |
| 762 | + goto out_unlock; |
| 763 | } |
| 764 | |
| 765 | - if (filp == NULL) |
| 766 | - return -EINVAL; |
| 767 | + filp = lo->lo_backing_file; |
| 768 | + if (filp == NULL) { |
| 769 | + err = -EINVAL; |
| 770 | + goto out_unlock; |
| 771 | + } |
| 772 | |
| 773 | /* freeze request queue during the transition */ |
| 774 | blk_mq_freeze_queue(lo->lo_queue); |
| 775 | |
| 776 | spin_lock_irq(&lo->lo_lock); |
| 777 | - lo->lo_state = Lo_rundown; |
| 778 | lo->lo_backing_file = NULL; |
| 779 | spin_unlock_irq(&lo->lo_lock); |
| 780 | |
| 781 | @@ -1093,21 +1094,73 @@ static int loop_clr_fd(struct loop_device *lo) |
| 782 | module_put(THIS_MODULE); |
| 783 | blk_mq_unfreeze_queue(lo->lo_queue); |
| 784 | |
| 785 | - if (lo->lo_flags & LO_FLAGS_PARTSCAN && bdev) |
| 786 | - loop_reread_partitions(lo, bdev); |
| 787 | + partscan = lo->lo_flags & LO_FLAGS_PARTSCAN && bdev; |
| 788 | + lo_number = lo->lo_number; |
| 789 | lo->lo_flags = 0; |
| 790 | if (!part_shift) |
| 791 | lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN; |
| 792 | loop_unprepare_queue(lo); |
| 793 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 794 | +out_unlock: |
| 795 | + mutex_unlock(&loop_ctl_mutex); |
| 796 | + if (partscan) { |
| 797 | + /* |
| 798 | + * bd_mutex has been held already in release path, so don't |
| 799 | + * acquire it if this function is called in such case. |
| 800 | + * |
| 801 | + * If the reread partition isn't from release path, lo_refcnt |
| 802 | + * must be at least one and it can only become zero when the |
| 803 | + * current holder is released. |
| 804 | + */ |
| 805 | + if (release) |
| 806 | + err = __blkdev_reread_part(bdev); |
| 807 | + else |
| 808 | + err = blkdev_reread_part(bdev); |
| 809 | + pr_warn("%s: partition scan of loop%d failed (rc=%d)\n", |
| 810 | + __func__, lo_number, err); |
| 811 | + /* Device is gone, no point in returning error */ |
| 812 | + err = 0; |
| 813 | + } |
| 814 | /* |
| 815 | - * Need not hold lo_ctl_mutex to fput backing file. |
| 816 | - * Calling fput holding lo_ctl_mutex triggers a circular |
| 817 | + * Need not hold loop_ctl_mutex to fput backing file. |
| 818 | + * Calling fput holding loop_ctl_mutex triggers a circular |
| 819 | * lock dependency possibility warning as fput can take |
| 820 | - * bd_mutex which is usually taken before lo_ctl_mutex. |
| 821 | + * bd_mutex which is usually taken before loop_ctl_mutex. |
| 822 | */ |
| 823 | - fput(filp); |
| 824 | - return 0; |
| 825 | + if (filp) |
| 826 | + fput(filp); |
| 827 | + return err; |
| 828 | +} |
| 829 | + |
| 830 | +static int loop_clr_fd(struct loop_device *lo) |
| 831 | +{ |
| 832 | + int err; |
| 833 | + |
| 834 | + err = mutex_lock_killable(&loop_ctl_mutex); |
| 835 | + if (err) |
| 836 | + return err; |
| 837 | + if (lo->lo_state != Lo_bound) { |
| 838 | + mutex_unlock(&loop_ctl_mutex); |
| 839 | + return -ENXIO; |
| 840 | + } |
| 841 | + /* |
| 842 | + * If we've explicitly asked to tear down the loop device, |
| 843 | + * and it has an elevated reference count, set it for auto-teardown when |
| 844 | + * the last reference goes away. This stops $!~#$@ udev from |
| 845 | + * preventing teardown because it decided that it needs to run blkid on |
| 846 | + * the loopback device whenever they appear. xfstests is notorious for |
| 847 | + * failing tests because blkid via udev races with a losetup |
| 848 | + * <dev>/do something like mkfs/losetup -d <dev> causing the losetup -d |
| 849 | + * command to fail with EBUSY. |
| 850 | + */ |
| 851 | + if (atomic_read(&lo->lo_refcnt) > 1) { |
| 852 | + lo->lo_flags |= LO_FLAGS_AUTOCLEAR; |
| 853 | + mutex_unlock(&loop_ctl_mutex); |
| 854 | + return 0; |
| 855 | + } |
| 856 | + lo->lo_state = Lo_rundown; |
| 857 | + mutex_unlock(&loop_ctl_mutex); |
| 858 | + |
| 859 | + return __loop_clr_fd(lo, false); |
| 860 | } |
| 861 | |
| 862 | static int |
| 863 | @@ -1116,47 +1169,72 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) |
| 864 | int err; |
| 865 | struct loop_func_table *xfer; |
| 866 | kuid_t uid = current_uid(); |
| 867 | + struct block_device *bdev; |
| 868 | + bool partscan = false; |
| 869 | |
| 870 | + err = mutex_lock_killable(&loop_ctl_mutex); |
| 871 | + if (err) |
| 872 | + return err; |
| 873 | if (lo->lo_encrypt_key_size && |
| 874 | !uid_eq(lo->lo_key_owner, uid) && |
| 875 | - !capable(CAP_SYS_ADMIN)) |
| 876 | - return -EPERM; |
| 877 | - if (lo->lo_state != Lo_bound) |
| 878 | - return -ENXIO; |
| 879 | - if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE) |
| 880 | - return -EINVAL; |
| 881 | + !capable(CAP_SYS_ADMIN)) { |
| 882 | + err = -EPERM; |
| 883 | + goto out_unlock; |
| 884 | + } |
| 885 | + if (lo->lo_state != Lo_bound) { |
| 886 | + err = -ENXIO; |
| 887 | + goto out_unlock; |
| 888 | + } |
| 889 | + if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE) { |
| 890 | + err = -EINVAL; |
| 891 | + goto out_unlock; |
| 892 | + } |
| 893 | + |
| 894 | + if (lo->lo_offset != info->lo_offset || |
| 895 | + lo->lo_sizelimit != info->lo_sizelimit) { |
| 896 | + sync_blockdev(lo->lo_device); |
| 897 | + kill_bdev(lo->lo_device); |
| 898 | + } |
| 899 | |
| 900 | /* I/O need to be drained during transfer transition */ |
| 901 | blk_mq_freeze_queue(lo->lo_queue); |
| 902 | |
| 903 | err = loop_release_xfer(lo); |
| 904 | if (err) |
| 905 | - goto exit; |
| 906 | + goto out_unfreeze; |
| 907 | |
| 908 | if (info->lo_encrypt_type) { |
| 909 | unsigned int type = info->lo_encrypt_type; |
| 910 | |
| 911 | if (type >= MAX_LO_CRYPT) { |
| 912 | err = -EINVAL; |
| 913 | - goto exit; |
| 914 | + goto out_unfreeze; |
| 915 | } |
| 916 | xfer = xfer_funcs[type]; |
| 917 | if (xfer == NULL) { |
| 918 | err = -EINVAL; |
| 919 | - goto exit; |
| 920 | + goto out_unfreeze; |
| 921 | } |
| 922 | } else |
| 923 | xfer = NULL; |
| 924 | |
| 925 | err = loop_init_xfer(lo, xfer, info); |
| 926 | if (err) |
| 927 | - goto exit; |
| 928 | + goto out_unfreeze; |
| 929 | |
| 930 | if (lo->lo_offset != info->lo_offset || |
| 931 | lo->lo_sizelimit != info->lo_sizelimit) { |
| 932 | + /* kill_bdev should have truncated all the pages */ |
| 933 | + if (lo->lo_device->bd_inode->i_mapping->nrpages) { |
| 934 | + err = -EAGAIN; |
| 935 | + pr_warn("%s: loop%d (%s) has still dirty pages (nrpages=%lu)\n", |
| 936 | + __func__, lo->lo_number, lo->lo_file_name, |
| 937 | + lo->lo_device->bd_inode->i_mapping->nrpages); |
| 938 | + goto out_unfreeze; |
| 939 | + } |
| 940 | if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit)) { |
| 941 | err = -EFBIG; |
| 942 | - goto exit; |
| 943 | + goto out_unfreeze; |
| 944 | } |
| 945 | } |
| 946 | |
| 947 | @@ -1188,15 +1266,20 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) |
| 948 | /* update dio if lo_offset or transfer is changed */ |
| 949 | __loop_update_dio(lo, lo->use_dio); |
| 950 | |
| 951 | - exit: |
| 952 | +out_unfreeze: |
| 953 | blk_mq_unfreeze_queue(lo->lo_queue); |
| 954 | |
| 955 | if (!err && (info->lo_flags & LO_FLAGS_PARTSCAN) && |
| 956 | !(lo->lo_flags & LO_FLAGS_PARTSCAN)) { |
| 957 | lo->lo_flags |= LO_FLAGS_PARTSCAN; |
| 958 | lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN; |
| 959 | - loop_reread_partitions(lo, lo->lo_device); |
| 960 | + bdev = lo->lo_device; |
| 961 | + partscan = true; |
| 962 | } |
| 963 | +out_unlock: |
| 964 | + mutex_unlock(&loop_ctl_mutex); |
| 965 | + if (partscan) |
| 966 | + loop_reread_partitions(lo, bdev); |
| 967 | |
| 968 | return err; |
| 969 | } |
| 970 | @@ -1204,12 +1287,15 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) |
| 971 | static int |
| 972 | loop_get_status(struct loop_device *lo, struct loop_info64 *info) |
| 973 | { |
| 974 | - struct file *file; |
| 975 | + struct path path; |
| 976 | struct kstat stat; |
| 977 | int ret; |
| 978 | |
| 979 | + ret = mutex_lock_killable(&loop_ctl_mutex); |
| 980 | + if (ret) |
| 981 | + return ret; |
| 982 | if (lo->lo_state != Lo_bound) { |
| 983 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 984 | + mutex_unlock(&loop_ctl_mutex); |
| 985 | return -ENXIO; |
| 986 | } |
| 987 | |
| 988 | @@ -1228,17 +1314,17 @@ loop_get_status(struct loop_device *lo, struct loop_info64 *info) |
| 989 | lo->lo_encrypt_key_size); |
| 990 | } |
| 991 | |
| 992 | - /* Drop lo_ctl_mutex while we call into the filesystem. */ |
| 993 | - file = get_file(lo->lo_backing_file); |
| 994 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 995 | - ret = vfs_getattr(&file->f_path, &stat, STATX_INO, |
| 996 | - AT_STATX_SYNC_AS_STAT); |
| 997 | + /* Drop loop_ctl_mutex while we call into the filesystem. */ |
| 998 | + path = lo->lo_backing_file->f_path; |
| 999 | + path_get(&path); |
| 1000 | + mutex_unlock(&loop_ctl_mutex); |
| 1001 | + ret = vfs_getattr(&path, &stat, STATX_INO, AT_STATX_SYNC_AS_STAT); |
| 1002 | if (!ret) { |
| 1003 | info->lo_device = huge_encode_dev(stat.dev); |
| 1004 | info->lo_inode = stat.ino; |
| 1005 | info->lo_rdevice = huge_encode_dev(stat.rdev); |
| 1006 | } |
| 1007 | - fput(file); |
| 1008 | + path_put(&path); |
| 1009 | return ret; |
| 1010 | } |
| 1011 | |
| 1012 | @@ -1322,10 +1408,8 @@ loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) { |
| 1013 | struct loop_info64 info64; |
| 1014 | int err; |
| 1015 | |
| 1016 | - if (!arg) { |
| 1017 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1018 | + if (!arg) |
| 1019 | return -EINVAL; |
| 1020 | - } |
| 1021 | err = loop_get_status(lo, &info64); |
| 1022 | if (!err) |
| 1023 | err = loop_info64_to_old(&info64, &info); |
| 1024 | @@ -1340,10 +1424,8 @@ loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) { |
| 1025 | struct loop_info64 info64; |
| 1026 | int err; |
| 1027 | |
| 1028 | - if (!arg) { |
| 1029 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1030 | + if (!arg) |
| 1031 | return -EINVAL; |
| 1032 | - } |
| 1033 | err = loop_get_status(lo, &info64); |
| 1034 | if (!err && copy_to_user(arg, &info64, sizeof(info64))) |
| 1035 | err = -EFAULT; |
| 1036 | @@ -1375,22 +1457,64 @@ static int loop_set_dio(struct loop_device *lo, unsigned long arg) |
| 1037 | |
| 1038 | static int loop_set_block_size(struct loop_device *lo, unsigned long arg) |
| 1039 | { |
| 1040 | + int err = 0; |
| 1041 | + |
| 1042 | if (lo->lo_state != Lo_bound) |
| 1043 | return -ENXIO; |
| 1044 | |
| 1045 | if (arg < 512 || arg > PAGE_SIZE || !is_power_of_2(arg)) |
| 1046 | return -EINVAL; |
| 1047 | |
| 1048 | + if (lo->lo_queue->limits.logical_block_size != arg) { |
| 1049 | + sync_blockdev(lo->lo_device); |
| 1050 | + kill_bdev(lo->lo_device); |
| 1051 | + } |
| 1052 | + |
| 1053 | blk_mq_freeze_queue(lo->lo_queue); |
| 1054 | |
| 1055 | + /* kill_bdev should have truncated all the pages */ |
| 1056 | + if (lo->lo_queue->limits.logical_block_size != arg && |
| 1057 | + lo->lo_device->bd_inode->i_mapping->nrpages) { |
| 1058 | + err = -EAGAIN; |
| 1059 | + pr_warn("%s: loop%d (%s) has still dirty pages (nrpages=%lu)\n", |
| 1060 | + __func__, lo->lo_number, lo->lo_file_name, |
| 1061 | + lo->lo_device->bd_inode->i_mapping->nrpages); |
| 1062 | + goto out_unfreeze; |
| 1063 | + } |
| 1064 | + |
| 1065 | blk_queue_logical_block_size(lo->lo_queue, arg); |
| 1066 | blk_queue_physical_block_size(lo->lo_queue, arg); |
| 1067 | blk_queue_io_min(lo->lo_queue, arg); |
| 1068 | loop_update_dio(lo); |
| 1069 | - |
| 1070 | +out_unfreeze: |
| 1071 | blk_mq_unfreeze_queue(lo->lo_queue); |
| 1072 | |
| 1073 | - return 0; |
| 1074 | + return err; |
| 1075 | +} |
| 1076 | + |
| 1077 | +static int lo_simple_ioctl(struct loop_device *lo, unsigned int cmd, |
| 1078 | + unsigned long arg) |
| 1079 | +{ |
| 1080 | + int err; |
| 1081 | + |
| 1082 | + err = mutex_lock_killable(&loop_ctl_mutex); |
| 1083 | + if (err) |
| 1084 | + return err; |
| 1085 | + switch (cmd) { |
| 1086 | + case LOOP_SET_CAPACITY: |
| 1087 | + err = loop_set_capacity(lo); |
| 1088 | + break; |
| 1089 | + case LOOP_SET_DIRECT_IO: |
| 1090 | + err = loop_set_dio(lo, arg); |
| 1091 | + break; |
| 1092 | + case LOOP_SET_BLOCK_SIZE: |
| 1093 | + err = loop_set_block_size(lo, arg); |
| 1094 | + break; |
| 1095 | + default: |
| 1096 | + err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL; |
| 1097 | + } |
| 1098 | + mutex_unlock(&loop_ctl_mutex); |
| 1099 | + return err; |
| 1100 | } |
| 1101 | |
| 1102 | static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
| 1103 | @@ -1399,64 +1523,42 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
| 1104 | struct loop_device *lo = bdev->bd_disk->private_data; |
| 1105 | int err; |
| 1106 | |
| 1107 | - err = mutex_lock_killable_nested(&lo->lo_ctl_mutex, 1); |
| 1108 | - if (err) |
| 1109 | - goto out_unlocked; |
| 1110 | - |
| 1111 | switch (cmd) { |
| 1112 | case LOOP_SET_FD: |
| 1113 | - err = loop_set_fd(lo, mode, bdev, arg); |
| 1114 | - break; |
| 1115 | + return loop_set_fd(lo, mode, bdev, arg); |
| 1116 | case LOOP_CHANGE_FD: |
| 1117 | - err = loop_change_fd(lo, bdev, arg); |
| 1118 | - break; |
| 1119 | + return loop_change_fd(lo, bdev, arg); |
| 1120 | case LOOP_CLR_FD: |
| 1121 | - /* loop_clr_fd would have unlocked lo_ctl_mutex on success */ |
| 1122 | - err = loop_clr_fd(lo); |
| 1123 | - if (!err) |
| 1124 | - goto out_unlocked; |
| 1125 | - break; |
| 1126 | + return loop_clr_fd(lo); |
| 1127 | case LOOP_SET_STATUS: |
| 1128 | err = -EPERM; |
| 1129 | - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) |
| 1130 | + if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) { |
| 1131 | err = loop_set_status_old(lo, |
| 1132 | (struct loop_info __user *)arg); |
| 1133 | + } |
| 1134 | break; |
| 1135 | case LOOP_GET_STATUS: |
| 1136 | - err = loop_get_status_old(lo, (struct loop_info __user *) arg); |
| 1137 | - /* loop_get_status() unlocks lo_ctl_mutex */ |
| 1138 | - goto out_unlocked; |
| 1139 | + return loop_get_status_old(lo, (struct loop_info __user *) arg); |
| 1140 | case LOOP_SET_STATUS64: |
| 1141 | err = -EPERM; |
| 1142 | - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) |
| 1143 | + if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) { |
| 1144 | err = loop_set_status64(lo, |
| 1145 | (struct loop_info64 __user *) arg); |
| 1146 | + } |
| 1147 | break; |
| 1148 | case LOOP_GET_STATUS64: |
| 1149 | - err = loop_get_status64(lo, (struct loop_info64 __user *) arg); |
| 1150 | - /* loop_get_status() unlocks lo_ctl_mutex */ |
| 1151 | - goto out_unlocked; |
| 1152 | + return loop_get_status64(lo, (struct loop_info64 __user *) arg); |
| 1153 | case LOOP_SET_CAPACITY: |
| 1154 | - err = -EPERM; |
| 1155 | - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) |
| 1156 | - err = loop_set_capacity(lo); |
| 1157 | - break; |
| 1158 | case LOOP_SET_DIRECT_IO: |
| 1159 | - err = -EPERM; |
| 1160 | - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) |
| 1161 | - err = loop_set_dio(lo, arg); |
| 1162 | - break; |
| 1163 | case LOOP_SET_BLOCK_SIZE: |
| 1164 | - err = -EPERM; |
| 1165 | - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) |
| 1166 | - err = loop_set_block_size(lo, arg); |
| 1167 | - break; |
| 1168 | + if (!(mode & FMODE_WRITE) && !capable(CAP_SYS_ADMIN)) |
| 1169 | + return -EPERM; |
| 1170 | + /* Fall through */ |
| 1171 | default: |
| 1172 | - err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL; |
| 1173 | + err = lo_simple_ioctl(lo, cmd, arg); |
| 1174 | + break; |
| 1175 | } |
| 1176 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1177 | |
| 1178 | -out_unlocked: |
| 1179 | return err; |
| 1180 | } |
| 1181 | |
| 1182 | @@ -1570,10 +1672,8 @@ loop_get_status_compat(struct loop_device *lo, |
| 1183 | struct loop_info64 info64; |
| 1184 | int err; |
| 1185 | |
| 1186 | - if (!arg) { |
| 1187 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1188 | + if (!arg) |
| 1189 | return -EINVAL; |
| 1190 | - } |
| 1191 | err = loop_get_status(lo, &info64); |
| 1192 | if (!err) |
| 1193 | err = loop_info64_to_compat(&info64, arg); |
| 1194 | @@ -1588,20 +1688,12 @@ static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode, |
| 1195 | |
| 1196 | switch(cmd) { |
| 1197 | case LOOP_SET_STATUS: |
| 1198 | - err = mutex_lock_killable(&lo->lo_ctl_mutex); |
| 1199 | - if (!err) { |
| 1200 | - err = loop_set_status_compat(lo, |
| 1201 | - (const struct compat_loop_info __user *)arg); |
| 1202 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1203 | - } |
| 1204 | + err = loop_set_status_compat(lo, |
| 1205 | + (const struct compat_loop_info __user *)arg); |
| 1206 | break; |
| 1207 | case LOOP_GET_STATUS: |
| 1208 | - err = mutex_lock_killable(&lo->lo_ctl_mutex); |
| 1209 | - if (!err) { |
| 1210 | - err = loop_get_status_compat(lo, |
| 1211 | - (struct compat_loop_info __user *)arg); |
| 1212 | - /* loop_get_status() unlocks lo_ctl_mutex */ |
| 1213 | - } |
| 1214 | + err = loop_get_status_compat(lo, |
| 1215 | + (struct compat_loop_info __user *)arg); |
| 1216 | break; |
| 1217 | case LOOP_SET_CAPACITY: |
| 1218 | case LOOP_CLR_FD: |
| 1219 | @@ -1625,9 +1717,11 @@ static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode, |
| 1220 | static int lo_open(struct block_device *bdev, fmode_t mode) |
| 1221 | { |
| 1222 | struct loop_device *lo; |
| 1223 | - int err = 0; |
| 1224 | + int err; |
| 1225 | |
| 1226 | - mutex_lock(&loop_index_mutex); |
| 1227 | + err = mutex_lock_killable(&loop_ctl_mutex); |
| 1228 | + if (err) |
| 1229 | + return err; |
| 1230 | lo = bdev->bd_disk->private_data; |
| 1231 | if (!lo) { |
| 1232 | err = -ENXIO; |
| 1233 | @@ -1636,26 +1730,30 @@ static int lo_open(struct block_device *bdev, fmode_t mode) |
| 1234 | |
| 1235 | atomic_inc(&lo->lo_refcnt); |
| 1236 | out: |
| 1237 | - mutex_unlock(&loop_index_mutex); |
| 1238 | + mutex_unlock(&loop_ctl_mutex); |
| 1239 | return err; |
| 1240 | } |
| 1241 | |
| 1242 | -static void __lo_release(struct loop_device *lo) |
| 1243 | +static void lo_release(struct gendisk *disk, fmode_t mode) |
| 1244 | { |
| 1245 | - int err; |
| 1246 | + struct loop_device *lo; |
| 1247 | |
| 1248 | + mutex_lock(&loop_ctl_mutex); |
| 1249 | + lo = disk->private_data; |
| 1250 | if (atomic_dec_return(&lo->lo_refcnt)) |
| 1251 | - return; |
| 1252 | + goto out_unlock; |
| 1253 | |
| 1254 | - mutex_lock(&lo->lo_ctl_mutex); |
| 1255 | if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) { |
| 1256 | + if (lo->lo_state != Lo_bound) |
| 1257 | + goto out_unlock; |
| 1258 | + lo->lo_state = Lo_rundown; |
| 1259 | + mutex_unlock(&loop_ctl_mutex); |
| 1260 | /* |
| 1261 | * In autoclear mode, stop the loop thread |
| 1262 | * and remove configuration after last close. |
| 1263 | */ |
| 1264 | - err = loop_clr_fd(lo); |
| 1265 | - if (!err) |
| 1266 | - return; |
| 1267 | + __loop_clr_fd(lo, true); |
| 1268 | + return; |
| 1269 | } else if (lo->lo_state == Lo_bound) { |
| 1270 | /* |
| 1271 | * Otherwise keep thread (if running) and config, |
| 1272 | @@ -1665,14 +1763,8 @@ static void __lo_release(struct loop_device *lo) |
| 1273 | blk_mq_unfreeze_queue(lo->lo_queue); |
| 1274 | } |
| 1275 | |
| 1276 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1277 | -} |
| 1278 | - |
| 1279 | -static void lo_release(struct gendisk *disk, fmode_t mode) |
| 1280 | -{ |
| 1281 | - mutex_lock(&loop_index_mutex); |
| 1282 | - __lo_release(disk->private_data); |
| 1283 | - mutex_unlock(&loop_index_mutex); |
| 1284 | +out_unlock: |
| 1285 | + mutex_unlock(&loop_ctl_mutex); |
| 1286 | } |
| 1287 | |
| 1288 | static const struct block_device_operations lo_fops = { |
| 1289 | @@ -1711,10 +1803,10 @@ static int unregister_transfer_cb(int id, void *ptr, void *data) |
| 1290 | struct loop_device *lo = ptr; |
| 1291 | struct loop_func_table *xfer = data; |
| 1292 | |
| 1293 | - mutex_lock(&lo->lo_ctl_mutex); |
| 1294 | + mutex_lock(&loop_ctl_mutex); |
| 1295 | if (lo->lo_encryption == xfer) |
| 1296 | loop_release_xfer(lo); |
| 1297 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1298 | + mutex_unlock(&loop_ctl_mutex); |
| 1299 | return 0; |
| 1300 | } |
| 1301 | |
| 1302 | @@ -1895,7 +1987,6 @@ static int loop_add(struct loop_device **l, int i) |
| 1303 | if (!part_shift) |
| 1304 | disk->flags |= GENHD_FL_NO_PART_SCAN; |
| 1305 | disk->flags |= GENHD_FL_EXT_DEVT; |
| 1306 | - mutex_init(&lo->lo_ctl_mutex); |
| 1307 | atomic_set(&lo->lo_refcnt, 0); |
| 1308 | lo->lo_number = i; |
| 1309 | spin_lock_init(&lo->lo_lock); |
| 1310 | @@ -1974,7 +2065,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data) |
| 1311 | struct kobject *kobj; |
| 1312 | int err; |
| 1313 | |
| 1314 | - mutex_lock(&loop_index_mutex); |
| 1315 | + mutex_lock(&loop_ctl_mutex); |
| 1316 | err = loop_lookup(&lo, MINOR(dev) >> part_shift); |
| 1317 | if (err < 0) |
| 1318 | err = loop_add(&lo, MINOR(dev) >> part_shift); |
| 1319 | @@ -1982,7 +2073,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data) |
| 1320 | kobj = NULL; |
| 1321 | else |
| 1322 | kobj = get_disk_and_module(lo->lo_disk); |
| 1323 | - mutex_unlock(&loop_index_mutex); |
| 1324 | + mutex_unlock(&loop_ctl_mutex); |
| 1325 | |
| 1326 | *part = 0; |
| 1327 | return kobj; |
| 1328 | @@ -1992,9 +2083,13 @@ static long loop_control_ioctl(struct file *file, unsigned int cmd, |
| 1329 | unsigned long parm) |
| 1330 | { |
| 1331 | struct loop_device *lo; |
| 1332 | - int ret = -ENOSYS; |
| 1333 | + int ret; |
| 1334 | + |
| 1335 | + ret = mutex_lock_killable(&loop_ctl_mutex); |
| 1336 | + if (ret) |
| 1337 | + return ret; |
| 1338 | |
| 1339 | - mutex_lock(&loop_index_mutex); |
| 1340 | + ret = -ENOSYS; |
| 1341 | switch (cmd) { |
| 1342 | case LOOP_CTL_ADD: |
| 1343 | ret = loop_lookup(&lo, parm); |
| 1344 | @@ -2008,21 +2103,15 @@ static long loop_control_ioctl(struct file *file, unsigned int cmd, |
| 1345 | ret = loop_lookup(&lo, parm); |
| 1346 | if (ret < 0) |
| 1347 | break; |
| 1348 | - ret = mutex_lock_killable(&lo->lo_ctl_mutex); |
| 1349 | - if (ret) |
| 1350 | - break; |
| 1351 | if (lo->lo_state != Lo_unbound) { |
| 1352 | ret = -EBUSY; |
| 1353 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1354 | break; |
| 1355 | } |
| 1356 | if (atomic_read(&lo->lo_refcnt) > 0) { |
| 1357 | ret = -EBUSY; |
| 1358 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1359 | break; |
| 1360 | } |
| 1361 | lo->lo_disk->private_data = NULL; |
| 1362 | - mutex_unlock(&lo->lo_ctl_mutex); |
| 1363 | idr_remove(&loop_index_idr, lo->lo_number); |
| 1364 | loop_remove(lo); |
| 1365 | break; |
| 1366 | @@ -2032,7 +2121,7 @@ static long loop_control_ioctl(struct file *file, unsigned int cmd, |
| 1367 | break; |
| 1368 | ret = loop_add(&lo, -1); |
| 1369 | } |
| 1370 | - mutex_unlock(&loop_index_mutex); |
| 1371 | + mutex_unlock(&loop_ctl_mutex); |
| 1372 | |
| 1373 | return ret; |
| 1374 | } |
| 1375 | @@ -2116,10 +2205,10 @@ static int __init loop_init(void) |
| 1376 | THIS_MODULE, loop_probe, NULL, NULL); |
| 1377 | |
| 1378 | /* pre-create number of devices given by config or max_loop */ |
| 1379 | - mutex_lock(&loop_index_mutex); |
| 1380 | + mutex_lock(&loop_ctl_mutex); |
| 1381 | for (i = 0; i < nr; i++) |
| 1382 | loop_add(&lo, i); |
| 1383 | - mutex_unlock(&loop_index_mutex); |
| 1384 | + mutex_unlock(&loop_ctl_mutex); |
| 1385 | |
| 1386 | printk(KERN_INFO "loop: module loaded\n"); |
| 1387 | return 0; |
| 1388 | diff --git a/drivers/block/loop.h b/drivers/block/loop.h |
| 1389 | index 4d42c7af7de7..af75a5ee4094 100644 |
| 1390 | --- a/drivers/block/loop.h |
| 1391 | +++ b/drivers/block/loop.h |
| 1392 | @@ -54,7 +54,6 @@ struct loop_device { |
| 1393 | |
| 1394 | spinlock_t lo_lock; |
| 1395 | int lo_state; |
| 1396 | - struct mutex lo_ctl_mutex; |
| 1397 | struct kthread_worker worker; |
| 1398 | struct task_struct *worker_task; |
| 1399 | bool use_dio; |
| 1400 | diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c |
| 1401 | index 4d4d6129ff66..c964315c7b0b 100644 |
| 1402 | --- a/drivers/block/nbd.c |
| 1403 | +++ b/drivers/block/nbd.c |
| 1404 | @@ -288,9 +288,10 @@ static void nbd_size_update(struct nbd_device *nbd) |
| 1405 | blk_queue_physical_block_size(nbd->disk->queue, config->blksize); |
| 1406 | set_capacity(nbd->disk, config->bytesize >> 9); |
| 1407 | if (bdev) { |
| 1408 | - if (bdev->bd_disk) |
| 1409 | + if (bdev->bd_disk) { |
| 1410 | bd_set_size(bdev, config->bytesize); |
| 1411 | - else |
| 1412 | + set_blocksize(bdev, config->blksize); |
| 1413 | + } else |
| 1414 | bdev->bd_invalidated = 1; |
| 1415 | bdput(bdev); |
| 1416 | } |
| 1417 | diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig |
| 1418 | index caa98a7fe392..db330a0106b2 100644 |
| 1419 | --- a/drivers/crypto/Kconfig |
| 1420 | +++ b/drivers/crypto/Kconfig |
| 1421 | @@ -692,6 +692,7 @@ config CRYPTO_DEV_BCM_SPU |
| 1422 | depends on ARCH_BCM_IPROC |
| 1423 | depends on MAILBOX |
| 1424 | default m |
| 1425 | + select CRYPTO_AUTHENC |
| 1426 | select CRYPTO_DES |
| 1427 | select CRYPTO_MD5 |
| 1428 | select CRYPTO_SHA1 |
| 1429 | diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c |
| 1430 | index 2d1f1db9f807..cd464637b0cb 100644 |
| 1431 | --- a/drivers/crypto/bcm/cipher.c |
| 1432 | +++ b/drivers/crypto/bcm/cipher.c |
| 1433 | @@ -2845,44 +2845,28 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
| 1434 | struct spu_hw *spu = &iproc_priv.spu; |
| 1435 | struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher); |
| 1436 | struct crypto_tfm *tfm = crypto_aead_tfm(cipher); |
| 1437 | - struct rtattr *rta = (void *)key; |
| 1438 | - struct crypto_authenc_key_param *param; |
| 1439 | - const u8 *origkey = key; |
| 1440 | - const unsigned int origkeylen = keylen; |
| 1441 | - |
| 1442 | - int ret = 0; |
| 1443 | + struct crypto_authenc_keys keys; |
| 1444 | + int ret; |
| 1445 | |
| 1446 | flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key, |
| 1447 | keylen); |
| 1448 | flow_dump(" key: ", key, keylen); |
| 1449 | |
| 1450 | - if (!RTA_OK(rta, keylen)) |
| 1451 | - goto badkey; |
| 1452 | - if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) |
| 1453 | - goto badkey; |
| 1454 | - if (RTA_PAYLOAD(rta) < sizeof(*param)) |
| 1455 | + ret = crypto_authenc_extractkeys(&keys, key, keylen); |
| 1456 | + if (ret) |
| 1457 | goto badkey; |
| 1458 | |
| 1459 | - param = RTA_DATA(rta); |
| 1460 | - ctx->enckeylen = be32_to_cpu(param->enckeylen); |
| 1461 | - |
| 1462 | - key += RTA_ALIGN(rta->rta_len); |
| 1463 | - keylen -= RTA_ALIGN(rta->rta_len); |
| 1464 | - |
| 1465 | - if (keylen < ctx->enckeylen) |
| 1466 | - goto badkey; |
| 1467 | - if (ctx->enckeylen > MAX_KEY_SIZE) |
| 1468 | + if (keys.enckeylen > MAX_KEY_SIZE || |
| 1469 | + keys.authkeylen > MAX_KEY_SIZE) |
| 1470 | goto badkey; |
| 1471 | |
| 1472 | - ctx->authkeylen = keylen - ctx->enckeylen; |
| 1473 | - |
| 1474 | - if (ctx->authkeylen > MAX_KEY_SIZE) |
| 1475 | - goto badkey; |
| 1476 | + ctx->enckeylen = keys.enckeylen; |
| 1477 | + ctx->authkeylen = keys.authkeylen; |
| 1478 | |
| 1479 | - memcpy(ctx->enckey, key + ctx->authkeylen, ctx->enckeylen); |
| 1480 | + memcpy(ctx->enckey, keys.enckey, keys.enckeylen); |
| 1481 | /* May end up padding auth key. So make sure it's zeroed. */ |
| 1482 | memset(ctx->authkey, 0, sizeof(ctx->authkey)); |
| 1483 | - memcpy(ctx->authkey, key, ctx->authkeylen); |
| 1484 | + memcpy(ctx->authkey, keys.authkey, keys.authkeylen); |
| 1485 | |
| 1486 | switch (ctx->alg->cipher_info.alg) { |
| 1487 | case CIPHER_ALG_DES: |
| 1488 | @@ -2890,7 +2874,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
| 1489 | u32 tmp[DES_EXPKEY_WORDS]; |
| 1490 | u32 flags = CRYPTO_TFM_RES_WEAK_KEY; |
| 1491 | |
| 1492 | - if (des_ekey(tmp, key) == 0) { |
| 1493 | + if (des_ekey(tmp, keys.enckey) == 0) { |
| 1494 | if (crypto_aead_get_flags(cipher) & |
| 1495 | CRYPTO_TFM_REQ_WEAK_KEY) { |
| 1496 | crypto_aead_set_flags(cipher, flags); |
| 1497 | @@ -2905,7 +2889,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
| 1498 | break; |
| 1499 | case CIPHER_ALG_3DES: |
| 1500 | if (ctx->enckeylen == (DES_KEY_SIZE * 3)) { |
| 1501 | - const u32 *K = (const u32 *)key; |
| 1502 | + const u32 *K = (const u32 *)keys.enckey; |
| 1503 | u32 flags = CRYPTO_TFM_RES_BAD_KEY_SCHED; |
| 1504 | |
| 1505 | if (!((K[0] ^ K[2]) | (K[1] ^ K[3])) || |
| 1506 | @@ -2956,9 +2940,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
| 1507 | ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK; |
| 1508 | ctx->fallback_cipher->base.crt_flags |= |
| 1509 | tfm->crt_flags & CRYPTO_TFM_REQ_MASK; |
| 1510 | - ret = |
| 1511 | - crypto_aead_setkey(ctx->fallback_cipher, origkey, |
| 1512 | - origkeylen); |
| 1513 | + ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen); |
| 1514 | if (ret) { |
| 1515 | flow_log(" fallback setkey() returned:%d\n", ret); |
| 1516 | tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; |
| 1517 | diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c |
| 1518 | index 46924affa0bd..212fd0b3b8dd 100644 |
| 1519 | --- a/drivers/crypto/caam/caamhash.c |
| 1520 | +++ b/drivers/crypto/caam/caamhash.c |
| 1521 | @@ -1071,13 +1071,16 @@ static int ahash_final_no_ctx(struct ahash_request *req) |
| 1522 | |
| 1523 | desc = edesc->hw_desc; |
| 1524 | |
| 1525 | - state->buf_dma = dma_map_single(jrdev, buf, buflen, DMA_TO_DEVICE); |
| 1526 | - if (dma_mapping_error(jrdev, state->buf_dma)) { |
| 1527 | - dev_err(jrdev, "unable to map src\n"); |
| 1528 | - goto unmap; |
| 1529 | - } |
| 1530 | + if (buflen) { |
| 1531 | + state->buf_dma = dma_map_single(jrdev, buf, buflen, |
| 1532 | + DMA_TO_DEVICE); |
| 1533 | + if (dma_mapping_error(jrdev, state->buf_dma)) { |
| 1534 | + dev_err(jrdev, "unable to map src\n"); |
| 1535 | + goto unmap; |
| 1536 | + } |
| 1537 | |
| 1538 | - append_seq_in_ptr(desc, state->buf_dma, buflen, 0); |
| 1539 | + append_seq_in_ptr(desc, state->buf_dma, buflen, 0); |
| 1540 | + } |
| 1541 | |
| 1542 | edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, |
| 1543 | digestsize); |
| 1544 | diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c |
| 1545 | index 01b82b82f8b8..5852d29ae2da 100644 |
| 1546 | --- a/drivers/crypto/ccree/cc_aead.c |
| 1547 | +++ b/drivers/crypto/ccree/cc_aead.c |
| 1548 | @@ -540,13 +540,12 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, |
| 1549 | unsigned int keylen) |
| 1550 | { |
| 1551 | struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm); |
| 1552 | - struct rtattr *rta = (struct rtattr *)key; |
| 1553 | struct cc_crypto_req cc_req = {}; |
| 1554 | - struct crypto_authenc_key_param *param; |
| 1555 | struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ]; |
| 1556 | - int rc = -EINVAL; |
| 1557 | unsigned int seq_len = 0; |
| 1558 | struct device *dev = drvdata_to_dev(ctx->drvdata); |
| 1559 | + const u8 *enckey, *authkey; |
| 1560 | + int rc; |
| 1561 | |
| 1562 | dev_dbg(dev, "Setting key in context @%p for %s. key=%p keylen=%u\n", |
| 1563 | ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen); |
| 1564 | @@ -554,35 +553,33 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, |
| 1565 | /* STAT_PHASE_0: Init and sanity checks */ |
| 1566 | |
| 1567 | if (ctx->auth_mode != DRV_HASH_NULL) { /* authenc() alg. */ |
| 1568 | - if (!RTA_OK(rta, keylen)) |
| 1569 | - goto badkey; |
| 1570 | - if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) |
| 1571 | - goto badkey; |
| 1572 | - if (RTA_PAYLOAD(rta) < sizeof(*param)) |
| 1573 | - goto badkey; |
| 1574 | - param = RTA_DATA(rta); |
| 1575 | - ctx->enc_keylen = be32_to_cpu(param->enckeylen); |
| 1576 | - key += RTA_ALIGN(rta->rta_len); |
| 1577 | - keylen -= RTA_ALIGN(rta->rta_len); |
| 1578 | - if (keylen < ctx->enc_keylen) |
| 1579 | + struct crypto_authenc_keys keys; |
| 1580 | + |
| 1581 | + rc = crypto_authenc_extractkeys(&keys, key, keylen); |
| 1582 | + if (rc) |
| 1583 | goto badkey; |
| 1584 | - ctx->auth_keylen = keylen - ctx->enc_keylen; |
| 1585 | + enckey = keys.enckey; |
| 1586 | + authkey = keys.authkey; |
| 1587 | + ctx->enc_keylen = keys.enckeylen; |
| 1588 | + ctx->auth_keylen = keys.authkeylen; |
| 1589 | |
| 1590 | if (ctx->cipher_mode == DRV_CIPHER_CTR) { |
| 1591 | /* the nonce is stored in bytes at end of key */ |
| 1592 | + rc = -EINVAL; |
| 1593 | if (ctx->enc_keylen < |
| 1594 | (AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE)) |
| 1595 | goto badkey; |
| 1596 | /* Copy nonce from last 4 bytes in CTR key to |
| 1597 | * first 4 bytes in CTR IV |
| 1598 | */ |
| 1599 | - memcpy(ctx->ctr_nonce, key + ctx->auth_keylen + |
| 1600 | - ctx->enc_keylen - CTR_RFC3686_NONCE_SIZE, |
| 1601 | - CTR_RFC3686_NONCE_SIZE); |
| 1602 | + memcpy(ctx->ctr_nonce, enckey + ctx->enc_keylen - |
| 1603 | + CTR_RFC3686_NONCE_SIZE, CTR_RFC3686_NONCE_SIZE); |
| 1604 | /* Set CTR key size */ |
| 1605 | ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE; |
| 1606 | } |
| 1607 | } else { /* non-authenc - has just one key */ |
| 1608 | + enckey = key; |
| 1609 | + authkey = NULL; |
| 1610 | ctx->enc_keylen = keylen; |
| 1611 | ctx->auth_keylen = 0; |
| 1612 | } |
| 1613 | @@ -594,13 +591,14 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, |
| 1614 | /* STAT_PHASE_1: Copy key to ctx */ |
| 1615 | |
| 1616 | /* Get key material */ |
| 1617 | - memcpy(ctx->enckey, key + ctx->auth_keylen, ctx->enc_keylen); |
| 1618 | + memcpy(ctx->enckey, enckey, ctx->enc_keylen); |
| 1619 | if (ctx->enc_keylen == 24) |
| 1620 | memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24); |
| 1621 | if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { |
| 1622 | - memcpy(ctx->auth_state.xcbc.xcbc_keys, key, ctx->auth_keylen); |
| 1623 | + memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey, |
| 1624 | + ctx->auth_keylen); |
| 1625 | } else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */ |
| 1626 | - rc = cc_get_plain_hmac_key(tfm, key, ctx->auth_keylen); |
| 1627 | + rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen); |
| 1628 | if (rc) |
| 1629 | goto badkey; |
| 1630 | } |
| 1631 | diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c |
| 1632 | index 6988012deca4..f4f3e9a5851e 100644 |
| 1633 | --- a/drivers/crypto/talitos.c |
| 1634 | +++ b/drivers/crypto/talitos.c |
| 1635 | @@ -1361,23 +1361,18 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
| 1636 | struct talitos_private *priv = dev_get_drvdata(dev); |
| 1637 | bool is_sec1 = has_ftr_sec1(priv); |
| 1638 | int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN; |
| 1639 | - void *err; |
| 1640 | |
| 1641 | if (cryptlen + authsize > max_len) { |
| 1642 | dev_err(dev, "length exceeds h/w max limit\n"); |
| 1643 | return ERR_PTR(-EINVAL); |
| 1644 | } |
| 1645 | |
| 1646 | - if (ivsize) |
| 1647 | - iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE); |
| 1648 | - |
| 1649 | if (!dst || dst == src) { |
| 1650 | src_len = assoclen + cryptlen + authsize; |
| 1651 | src_nents = sg_nents_for_len(src, src_len); |
| 1652 | if (src_nents < 0) { |
| 1653 | dev_err(dev, "Invalid number of src SG.\n"); |
| 1654 | - err = ERR_PTR(-EINVAL); |
| 1655 | - goto error_sg; |
| 1656 | + return ERR_PTR(-EINVAL); |
| 1657 | } |
| 1658 | src_nents = (src_nents == 1) ? 0 : src_nents; |
| 1659 | dst_nents = dst ? src_nents : 0; |
| 1660 | @@ -1387,16 +1382,14 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
| 1661 | src_nents = sg_nents_for_len(src, src_len); |
| 1662 | if (src_nents < 0) { |
| 1663 | dev_err(dev, "Invalid number of src SG.\n"); |
| 1664 | - err = ERR_PTR(-EINVAL); |
| 1665 | - goto error_sg; |
| 1666 | + return ERR_PTR(-EINVAL); |
| 1667 | } |
| 1668 | src_nents = (src_nents == 1) ? 0 : src_nents; |
| 1669 | dst_len = assoclen + cryptlen + (encrypt ? authsize : 0); |
| 1670 | dst_nents = sg_nents_for_len(dst, dst_len); |
| 1671 | if (dst_nents < 0) { |
| 1672 | dev_err(dev, "Invalid number of dst SG.\n"); |
| 1673 | - err = ERR_PTR(-EINVAL); |
| 1674 | - goto error_sg; |
| 1675 | + return ERR_PTR(-EINVAL); |
| 1676 | } |
| 1677 | dst_nents = (dst_nents == 1) ? 0 : dst_nents; |
| 1678 | } |
| 1679 | @@ -1423,11 +1416,14 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
| 1680 | /* if its a ahash, add space for a second desc next to the first one */ |
| 1681 | if (is_sec1 && !dst) |
| 1682 | alloc_len += sizeof(struct talitos_desc); |
| 1683 | + alloc_len += ivsize; |
| 1684 | |
| 1685 | edesc = kmalloc(alloc_len, GFP_DMA | flags); |
| 1686 | - if (!edesc) { |
| 1687 | - err = ERR_PTR(-ENOMEM); |
| 1688 | - goto error_sg; |
| 1689 | + if (!edesc) |
| 1690 | + return ERR_PTR(-ENOMEM); |
| 1691 | + if (ivsize) { |
| 1692 | + iv = memcpy(((u8 *)edesc) + alloc_len - ivsize, iv, ivsize); |
| 1693 | + iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE); |
| 1694 | } |
| 1695 | memset(&edesc->desc, 0, sizeof(edesc->desc)); |
| 1696 | |
| 1697 | @@ -1445,10 +1441,6 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
| 1698 | DMA_BIDIRECTIONAL); |
| 1699 | } |
| 1700 | return edesc; |
| 1701 | -error_sg: |
| 1702 | - if (iv_dma) |
| 1703 | - dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE); |
| 1704 | - return err; |
| 1705 | } |
| 1706 | |
| 1707 | static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv, |
| 1708 | diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c |
| 1709 | index d5b7f315098c..087470ad6436 100644 |
| 1710 | --- a/drivers/gpu/drm/drm_atomic_uapi.c |
| 1711 | +++ b/drivers/gpu/drm/drm_atomic_uapi.c |
| 1712 | @@ -1275,12 +1275,11 @@ int drm_mode_atomic_ioctl(struct drm_device *dev, |
| 1713 | (arg->flags & DRM_MODE_PAGE_FLIP_EVENT)) |
| 1714 | return -EINVAL; |
| 1715 | |
| 1716 | - drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE); |
| 1717 | - |
| 1718 | state = drm_atomic_state_alloc(dev); |
| 1719 | if (!state) |
| 1720 | return -ENOMEM; |
| 1721 | |
| 1722 | + drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE); |
| 1723 | state->acquire_ctx = &ctx; |
| 1724 | state->allow_modeset = !!(arg->flags & DRM_MODE_ATOMIC_ALLOW_MODESET); |
| 1725 | |
| 1726 | diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c |
| 1727 | index b10ed61526a5..6950e365135c 100644 |
| 1728 | --- a/drivers/gpu/drm/drm_fb_helper.c |
| 1729 | +++ b/drivers/gpu/drm/drm_fb_helper.c |
| 1730 | @@ -1690,9 +1690,14 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, |
| 1731 | struct drm_fb_helper *fb_helper = info->par; |
| 1732 | struct drm_framebuffer *fb = fb_helper->fb; |
| 1733 | |
| 1734 | - if (var->pixclock != 0 || in_dbg_master()) |
| 1735 | + if (in_dbg_master()) |
| 1736 | return -EINVAL; |
| 1737 | |
| 1738 | + if (var->pixclock != 0) { |
| 1739 | + DRM_DEBUG("fbdev emulation doesn't support changing the pixel clock, value of pixclock is ignored\n"); |
| 1740 | + var->pixclock = 0; |
| 1741 | + } |
| 1742 | + |
| 1743 | /* |
| 1744 | * Changes struct fb_var_screeninfo are currently not pushed back |
| 1745 | * to KMS, hence fail if different settings are requested. |
| 1746 | diff --git a/drivers/gpu/drm/drm_mode_object.c b/drivers/gpu/drm/drm_mode_object.c |
| 1747 | index be8b754eaf60..9bc3654c1c7f 100644 |
| 1748 | --- a/drivers/gpu/drm/drm_mode_object.c |
| 1749 | +++ b/drivers/gpu/drm/drm_mode_object.c |
| 1750 | @@ -458,11 +458,11 @@ static int set_property_atomic(struct drm_mode_object *obj, |
| 1751 | struct drm_modeset_acquire_ctx ctx; |
| 1752 | int ret; |
| 1753 | |
| 1754 | - drm_modeset_acquire_init(&ctx, 0); |
| 1755 | - |
| 1756 | state = drm_atomic_state_alloc(dev); |
| 1757 | if (!state) |
| 1758 | return -ENOMEM; |
| 1759 | + |
| 1760 | + drm_modeset_acquire_init(&ctx, 0); |
| 1761 | state->acquire_ctx = &ctx; |
| 1762 | retry: |
| 1763 | if (prop == state->dev->mode_config.dpms_property) { |
| 1764 | diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c |
| 1765 | index c1072143da1d..e70c450427dc 100644 |
| 1766 | --- a/drivers/gpu/drm/i915/gvt/kvmgt.c |
| 1767 | +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c |
| 1768 | @@ -996,7 +996,7 @@ static int intel_vgpu_mmap(struct mdev_device *mdev, struct vm_area_struct *vma) |
| 1769 | { |
| 1770 | unsigned int index; |
| 1771 | u64 virtaddr; |
| 1772 | - unsigned long req_size, pgoff = 0; |
| 1773 | + unsigned long req_size, pgoff, req_start; |
| 1774 | pgprot_t pg_prot; |
| 1775 | struct intel_vgpu *vgpu = mdev_get_drvdata(mdev); |
| 1776 | |
| 1777 | @@ -1014,7 +1014,17 @@ static int intel_vgpu_mmap(struct mdev_device *mdev, struct vm_area_struct *vma) |
| 1778 | pg_prot = vma->vm_page_prot; |
| 1779 | virtaddr = vma->vm_start; |
| 1780 | req_size = vma->vm_end - vma->vm_start; |
| 1781 | - pgoff = vgpu_aperture_pa_base(vgpu) >> PAGE_SHIFT; |
| 1782 | + pgoff = vma->vm_pgoff & |
| 1783 | + ((1U << (VFIO_PCI_OFFSET_SHIFT - PAGE_SHIFT)) - 1); |
| 1784 | + req_start = pgoff << PAGE_SHIFT; |
| 1785 | + |
| 1786 | + if (!intel_vgpu_in_aperture(vgpu, req_start)) |
| 1787 | + return -EINVAL; |
| 1788 | + if (req_start + req_size > |
| 1789 | + vgpu_aperture_offset(vgpu) + vgpu_aperture_sz(vgpu)) |
| 1790 | + return -EINVAL; |
| 1791 | + |
| 1792 | + pgoff = (gvt_aperture_pa_base(vgpu->gvt) >> PAGE_SHIFT) + pgoff; |
| 1793 | |
| 1794 | return remap_pfn_range(vma, virtaddr, pgoff, req_size, pg_prot); |
| 1795 | } |
| 1796 | diff --git a/drivers/gpu/drm/rockchip/rockchip_rgb.c b/drivers/gpu/drm/rockchip/rockchip_rgb.c |
| 1797 | index 96ac1458a59c..37f93022a106 100644 |
| 1798 | --- a/drivers/gpu/drm/rockchip/rockchip_rgb.c |
| 1799 | +++ b/drivers/gpu/drm/rockchip/rockchip_rgb.c |
| 1800 | @@ -113,8 +113,10 @@ struct rockchip_rgb *rockchip_rgb_init(struct device *dev, |
| 1801 | child_count++; |
| 1802 | ret = drm_of_find_panel_or_bridge(dev->of_node, 0, endpoint_id, |
| 1803 | &panel, &bridge); |
| 1804 | - if (!ret) |
| 1805 | + if (!ret) { |
| 1806 | + of_node_put(endpoint); |
| 1807 | break; |
| 1808 | + } |
| 1809 | } |
| 1810 | |
| 1811 | of_node_put(port); |
| 1812 | diff --git a/drivers/gpu/drm/vkms/vkms_plane.c b/drivers/gpu/drm/vkms/vkms_plane.c |
| 1813 | index 7041007396ae..e3bcea4b4891 100644 |
| 1814 | --- a/drivers/gpu/drm/vkms/vkms_plane.c |
| 1815 | +++ b/drivers/gpu/drm/vkms/vkms_plane.c |
| 1816 | @@ -23,8 +23,11 @@ vkms_plane_duplicate_state(struct drm_plane *plane) |
| 1817 | return NULL; |
| 1818 | |
| 1819 | crc_data = kzalloc(sizeof(*crc_data), GFP_KERNEL); |
| 1820 | - if (WARN_ON(!crc_data)) |
| 1821 | - DRM_INFO("Couldn't allocate crc_data"); |
| 1822 | + if (!crc_data) { |
| 1823 | + DRM_DEBUG_KMS("Couldn't allocate crc_data\n"); |
| 1824 | + kfree(vkms_state); |
| 1825 | + return NULL; |
| 1826 | + } |
| 1827 | |
| 1828 | vkms_state->crc_data = crc_data; |
| 1829 | |
| 1830 | diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c |
| 1831 | index 573399e3ccc1..ff6468e7fe79 100644 |
| 1832 | --- a/drivers/infiniband/core/nldev.c |
| 1833 | +++ b/drivers/infiniband/core/nldev.c |
| 1834 | @@ -580,10 +580,6 @@ static int fill_res_pd_entry(struct sk_buff *msg, struct netlink_callback *cb, |
| 1835 | if (nla_put_u64_64bit(msg, RDMA_NLDEV_ATTR_RES_USECNT, |
| 1836 | atomic_read(&pd->usecnt), RDMA_NLDEV_ATTR_PAD)) |
| 1837 | goto err; |
| 1838 | - if ((pd->flags & IB_PD_UNSAFE_GLOBAL_RKEY) && |
| 1839 | - nla_put_u32(msg, RDMA_NLDEV_ATTR_RES_UNSAFE_GLOBAL_RKEY, |
| 1840 | - pd->unsafe_global_rkey)) |
| 1841 | - goto err; |
| 1842 | |
| 1843 | if (fill_res_name_pid(msg, res)) |
| 1844 | goto err; |
| 1845 | diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma.h b/drivers/infiniband/hw/vmw_pvrdma/pvrdma.h |
| 1846 | index 42b8685c997e..3c633ab58052 100644 |
| 1847 | --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma.h |
| 1848 | +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma.h |
| 1849 | @@ -427,7 +427,40 @@ static inline enum ib_qp_state pvrdma_qp_state_to_ib(enum pvrdma_qp_state state) |
| 1850 | |
| 1851 | static inline enum pvrdma_wr_opcode ib_wr_opcode_to_pvrdma(enum ib_wr_opcode op) |
| 1852 | { |
| 1853 | - return (enum pvrdma_wr_opcode)op; |
| 1854 | + switch (op) { |
| 1855 | + case IB_WR_RDMA_WRITE: |
| 1856 | + return PVRDMA_WR_RDMA_WRITE; |
| 1857 | + case IB_WR_RDMA_WRITE_WITH_IMM: |
| 1858 | + return PVRDMA_WR_RDMA_WRITE_WITH_IMM; |
| 1859 | + case IB_WR_SEND: |
| 1860 | + return PVRDMA_WR_SEND; |
| 1861 | + case IB_WR_SEND_WITH_IMM: |
| 1862 | + return PVRDMA_WR_SEND_WITH_IMM; |
| 1863 | + case IB_WR_RDMA_READ: |
| 1864 | + return PVRDMA_WR_RDMA_READ; |
| 1865 | + case IB_WR_ATOMIC_CMP_AND_SWP: |
| 1866 | + return PVRDMA_WR_ATOMIC_CMP_AND_SWP; |
| 1867 | + case IB_WR_ATOMIC_FETCH_AND_ADD: |
| 1868 | + return PVRDMA_WR_ATOMIC_FETCH_AND_ADD; |
| 1869 | + case IB_WR_LSO: |
| 1870 | + return PVRDMA_WR_LSO; |
| 1871 | + case IB_WR_SEND_WITH_INV: |
| 1872 | + return PVRDMA_WR_SEND_WITH_INV; |
| 1873 | + case IB_WR_RDMA_READ_WITH_INV: |
| 1874 | + return PVRDMA_WR_RDMA_READ_WITH_INV; |
| 1875 | + case IB_WR_LOCAL_INV: |
| 1876 | + return PVRDMA_WR_LOCAL_INV; |
| 1877 | + case IB_WR_REG_MR: |
| 1878 | + return PVRDMA_WR_FAST_REG_MR; |
| 1879 | + case IB_WR_MASKED_ATOMIC_CMP_AND_SWP: |
| 1880 | + return PVRDMA_WR_MASKED_ATOMIC_CMP_AND_SWP; |
| 1881 | + case IB_WR_MASKED_ATOMIC_FETCH_AND_ADD: |
| 1882 | + return PVRDMA_WR_MASKED_ATOMIC_FETCH_AND_ADD; |
| 1883 | + case IB_WR_REG_SIG_MR: |
| 1884 | + return PVRDMA_WR_REG_SIG_MR; |
| 1885 | + default: |
| 1886 | + return PVRDMA_WR_ERROR; |
| 1887 | + } |
| 1888 | } |
| 1889 | |
| 1890 | static inline enum ib_wc_status pvrdma_wc_status_to_ib( |
| 1891 | diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c |
| 1892 | index cf22f57a9f0d..418d9ab4ea7f 100644 |
| 1893 | --- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c |
| 1894 | +++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c |
| 1895 | @@ -721,6 +721,12 @@ int pvrdma_post_send(struct ib_qp *ibqp, const struct ib_send_wr *wr, |
| 1896 | wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM) |
| 1897 | wqe_hdr->ex.imm_data = wr->ex.imm_data; |
| 1898 | |
| 1899 | + if (unlikely(wqe_hdr->opcode == PVRDMA_WR_ERROR)) { |
| 1900 | + *bad_wr = wr; |
| 1901 | + ret = -EINVAL; |
| 1902 | + goto out; |
| 1903 | + } |
| 1904 | + |
| 1905 | switch (qp->ibqp.qp_type) { |
| 1906 | case IB_QPT_GSI: |
| 1907 | case IB_QPT_UD: |
| 1908 | diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c |
| 1909 | index 99f736c81286..fa77e2ae4ec4 100644 |
| 1910 | --- a/drivers/media/common/videobuf2/videobuf2-core.c |
| 1911 | +++ b/drivers/media/common/videobuf2/videobuf2-core.c |
| 1912 | @@ -2146,9 +2146,13 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma) |
| 1913 | return -EINVAL; |
| 1914 | } |
| 1915 | } |
| 1916 | + |
| 1917 | + mutex_lock(&q->mmap_lock); |
| 1918 | + |
| 1919 | if (vb2_fileio_is_active(q)) { |
| 1920 | dprintk(1, "mmap: file io in progress\n"); |
| 1921 | - return -EBUSY; |
| 1922 | + ret = -EBUSY; |
| 1923 | + goto unlock; |
| 1924 | } |
| 1925 | |
| 1926 | /* |
| 1927 | @@ -2156,7 +2160,7 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma) |
| 1928 | */ |
| 1929 | ret = __find_plane_by_offset(q, off, &buffer, &plane); |
| 1930 | if (ret) |
| 1931 | - return ret; |
| 1932 | + goto unlock; |
| 1933 | |
| 1934 | vb = q->bufs[buffer]; |
| 1935 | |
| 1936 | @@ -2169,11 +2173,13 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma) |
| 1937 | if (length < (vma->vm_end - vma->vm_start)) { |
| 1938 | dprintk(1, |
| 1939 | "MMAP invalid, as it would overflow buffer length\n"); |
| 1940 | - return -EINVAL; |
| 1941 | + ret = -EINVAL; |
| 1942 | + goto unlock; |
| 1943 | } |
| 1944 | |
| 1945 | - mutex_lock(&q->mmap_lock); |
| 1946 | ret = call_memop(vb, mmap, vb->planes[plane].mem_priv, vma); |
| 1947 | + |
| 1948 | +unlock: |
| 1949 | mutex_unlock(&q->mmap_lock); |
| 1950 | if (ret) |
| 1951 | return ret; |
| 1952 | diff --git a/drivers/media/platform/vim2m.c b/drivers/media/platform/vim2m.c |
| 1953 | index f938a2c54314..2d1ae83e2fde 100644 |
| 1954 | --- a/drivers/media/platform/vim2m.c |
| 1955 | +++ b/drivers/media/platform/vim2m.c |
| 1956 | @@ -809,7 +809,9 @@ static void vim2m_stop_streaming(struct vb2_queue *q) |
| 1957 | struct vb2_v4l2_buffer *vbuf; |
| 1958 | unsigned long flags; |
| 1959 | |
| 1960 | - cancel_delayed_work_sync(&dev->work_run); |
| 1961 | + if (v4l2_m2m_get_curr_priv(dev->m2m_dev) == ctx) |
| 1962 | + cancel_delayed_work_sync(&dev->work_run); |
| 1963 | + |
| 1964 | for (;;) { |
| 1965 | if (V4L2_TYPE_IS_OUTPUT(q->type)) |
| 1966 | vbuf = v4l2_m2m_src_buf_remove(ctx->fh.m2m_ctx); |
| 1967 | diff --git a/drivers/media/platform/vivid/vivid-kthread-cap.c b/drivers/media/platform/vivid/vivid-kthread-cap.c |
| 1968 | index eebfff2126be..46e46e34a9e5 100644 |
| 1969 | --- a/drivers/media/platform/vivid/vivid-kthread-cap.c |
| 1970 | +++ b/drivers/media/platform/vivid/vivid-kthread-cap.c |
| 1971 | @@ -873,8 +873,11 @@ int vivid_start_generating_vid_cap(struct vivid_dev *dev, bool *pstreaming) |
| 1972 | "%s-vid-cap", dev->v4l2_dev.name); |
| 1973 | |
| 1974 | if (IS_ERR(dev->kthread_vid_cap)) { |
| 1975 | + int err = PTR_ERR(dev->kthread_vid_cap); |
| 1976 | + |
| 1977 | + dev->kthread_vid_cap = NULL; |
| 1978 | v4l2_err(&dev->v4l2_dev, "kernel_thread() failed\n"); |
| 1979 | - return PTR_ERR(dev->kthread_vid_cap); |
| 1980 | + return err; |
| 1981 | } |
| 1982 | *pstreaming = true; |
| 1983 | vivid_grab_controls(dev, true); |
| 1984 | diff --git a/drivers/media/platform/vivid/vivid-kthread-out.c b/drivers/media/platform/vivid/vivid-kthread-out.c |
| 1985 | index 5a14810eeb69..ce5bcda2348c 100644 |
| 1986 | --- a/drivers/media/platform/vivid/vivid-kthread-out.c |
| 1987 | +++ b/drivers/media/platform/vivid/vivid-kthread-out.c |
| 1988 | @@ -244,8 +244,11 @@ int vivid_start_generating_vid_out(struct vivid_dev *dev, bool *pstreaming) |
| 1989 | "%s-vid-out", dev->v4l2_dev.name); |
| 1990 | |
| 1991 | if (IS_ERR(dev->kthread_vid_out)) { |
| 1992 | + int err = PTR_ERR(dev->kthread_vid_out); |
| 1993 | + |
| 1994 | + dev->kthread_vid_out = NULL; |
| 1995 | v4l2_err(&dev->v4l2_dev, "kernel_thread() failed\n"); |
| 1996 | - return PTR_ERR(dev->kthread_vid_out); |
| 1997 | + return err; |
| 1998 | } |
| 1999 | *pstreaming = true; |
| 2000 | vivid_grab_controls(dev, true); |
| 2001 | diff --git a/drivers/media/platform/vivid/vivid-vid-common.c b/drivers/media/platform/vivid/vivid-vid-common.c |
| 2002 | index 9645a91b8782..661f4015fba1 100644 |
| 2003 | --- a/drivers/media/platform/vivid/vivid-vid-common.c |
| 2004 | +++ b/drivers/media/platform/vivid/vivid-vid-common.c |
| 2005 | @@ -21,7 +21,7 @@ const struct v4l2_dv_timings_cap vivid_dv_timings_cap = { |
| 2006 | .type = V4L2_DV_BT_656_1120, |
| 2007 | /* keep this initialization for compatibility with GCC < 4.4.6 */ |
| 2008 | .reserved = { 0 }, |
| 2009 | - V4L2_INIT_BT_TIMINGS(0, MAX_WIDTH, 0, MAX_HEIGHT, 14000000, 775000000, |
| 2010 | + V4L2_INIT_BT_TIMINGS(16, MAX_WIDTH, 16, MAX_HEIGHT, 14000000, 775000000, |
| 2011 | V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT | |
| 2012 | V4L2_DV_BT_STD_CVT | V4L2_DV_BT_STD_GTF, |
| 2013 | V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_INTERLACED) |
| 2014 | diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c |
| 2015 | index c63746968fa3..3cdd09e4dd6b 100644 |
| 2016 | --- a/drivers/media/v4l2-core/v4l2-ioctl.c |
| 2017 | +++ b/drivers/media/v4l2-core/v4l2-ioctl.c |
| 2018 | @@ -286,6 +286,7 @@ static void v4l_print_format(const void *arg, bool write_only) |
| 2019 | const struct v4l2_window *win; |
| 2020 | const struct v4l2_sdr_format *sdr; |
| 2021 | const struct v4l2_meta_format *meta; |
| 2022 | + u32 planes; |
| 2023 | unsigned i; |
| 2024 | |
| 2025 | pr_cont("type=%s", prt_names(p->type, v4l2_type_names)); |
| 2026 | @@ -316,7 +317,8 @@ static void v4l_print_format(const void *arg, bool write_only) |
| 2027 | prt_names(mp->field, v4l2_field_names), |
| 2028 | mp->colorspace, mp->num_planes, mp->flags, |
| 2029 | mp->ycbcr_enc, mp->quantization, mp->xfer_func); |
| 2030 | - for (i = 0; i < mp->num_planes; i++) |
| 2031 | + planes = min_t(u32, mp->num_planes, VIDEO_MAX_PLANES); |
| 2032 | + for (i = 0; i < planes; i++) |
| 2033 | printk(KERN_DEBUG "plane %u: bytesperline=%u sizeimage=%u\n", i, |
| 2034 | mp->plane_fmt[i].bytesperline, |
| 2035 | mp->plane_fmt[i].sizeimage); |
| 2036 | diff --git a/drivers/mfd/tps6586x.c b/drivers/mfd/tps6586x.c |
| 2037 | index b89379782741..9c7925ca13cf 100644 |
| 2038 | --- a/drivers/mfd/tps6586x.c |
| 2039 | +++ b/drivers/mfd/tps6586x.c |
| 2040 | @@ -592,6 +592,29 @@ static int tps6586x_i2c_remove(struct i2c_client *client) |
| 2041 | return 0; |
| 2042 | } |
| 2043 | |
| 2044 | +static int __maybe_unused tps6586x_i2c_suspend(struct device *dev) |
| 2045 | +{ |
| 2046 | + struct tps6586x *tps6586x = dev_get_drvdata(dev); |
| 2047 | + |
| 2048 | + if (tps6586x->client->irq) |
| 2049 | + disable_irq(tps6586x->client->irq); |
| 2050 | + |
| 2051 | + return 0; |
| 2052 | +} |
| 2053 | + |
| 2054 | +static int __maybe_unused tps6586x_i2c_resume(struct device *dev) |
| 2055 | +{ |
| 2056 | + struct tps6586x *tps6586x = dev_get_drvdata(dev); |
| 2057 | + |
| 2058 | + if (tps6586x->client->irq) |
| 2059 | + enable_irq(tps6586x->client->irq); |
| 2060 | + |
| 2061 | + return 0; |
| 2062 | +} |
| 2063 | + |
| 2064 | +static SIMPLE_DEV_PM_OPS(tps6586x_pm_ops, tps6586x_i2c_suspend, |
| 2065 | + tps6586x_i2c_resume); |
| 2066 | + |
| 2067 | static const struct i2c_device_id tps6586x_id_table[] = { |
| 2068 | { "tps6586x", 0 }, |
| 2069 | { }, |
| 2070 | @@ -602,6 +625,7 @@ static struct i2c_driver tps6586x_driver = { |
| 2071 | .driver = { |
| 2072 | .name = "tps6586x", |
| 2073 | .of_match_table = of_match_ptr(tps6586x_of_match), |
| 2074 | + .pm = &tps6586x_pm_ops, |
| 2075 | }, |
| 2076 | .probe = tps6586x_i2c_probe, |
| 2077 | .remove = tps6586x_i2c_remove, |
| 2078 | diff --git a/drivers/misc/mic/vop/vop_main.c b/drivers/misc/mic/vop/vop_main.c |
| 2079 | index 3633202e18f4..02a9aba85368 100644 |
| 2080 | --- a/drivers/misc/mic/vop/vop_main.c |
| 2081 | +++ b/drivers/misc/mic/vop/vop_main.c |
| 2082 | @@ -381,16 +381,21 @@ static int vop_find_vqs(struct virtio_device *dev, unsigned nvqs, |
| 2083 | struct _vop_vdev *vdev = to_vopvdev(dev); |
| 2084 | struct vop_device *vpdev = vdev->vpdev; |
| 2085 | struct mic_device_ctrl __iomem *dc = vdev->dc; |
| 2086 | - int i, err, retry; |
| 2087 | + int i, err, retry, queue_idx = 0; |
| 2088 | |
| 2089 | /* We must have this many virtqueues. */ |
| 2090 | if (nvqs > ioread8(&vdev->desc->num_vq)) |
| 2091 | return -ENOENT; |
| 2092 | |
| 2093 | for (i = 0; i < nvqs; ++i) { |
| 2094 | + if (!names[i]) { |
| 2095 | + vqs[i] = NULL; |
| 2096 | + continue; |
| 2097 | + } |
| 2098 | + |
| 2099 | dev_dbg(_vop_dev(vdev), "%s: %d: %s\n", |
| 2100 | __func__, i, names[i]); |
| 2101 | - vqs[i] = vop_find_vq(dev, i, callbacks[i], names[i], |
| 2102 | + vqs[i] = vop_find_vq(dev, queue_idx++, callbacks[i], names[i], |
| 2103 | ctx ? ctx[i] : false); |
| 2104 | if (IS_ERR(vqs[i])) { |
| 2105 | err = PTR_ERR(vqs[i]); |
| 2106 | diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c |
| 2107 | index 3cc8bfee6c18..8594659cb592 100644 |
| 2108 | --- a/drivers/mmc/host/sdhci-msm.c |
| 2109 | +++ b/drivers/mmc/host/sdhci-msm.c |
| 2110 | @@ -258,6 +258,8 @@ struct sdhci_msm_host { |
| 2111 | bool mci_removed; |
| 2112 | const struct sdhci_msm_variant_ops *var_ops; |
| 2113 | const struct sdhci_msm_offset *offset; |
| 2114 | + bool use_cdr; |
| 2115 | + u32 transfer_mode; |
| 2116 | }; |
| 2117 | |
| 2118 | static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host) |
| 2119 | @@ -1025,6 +1027,26 @@ out: |
| 2120 | return ret; |
| 2121 | } |
| 2122 | |
| 2123 | +static void sdhci_msm_set_cdr(struct sdhci_host *host, bool enable) |
| 2124 | +{ |
| 2125 | + const struct sdhci_msm_offset *msm_offset = sdhci_priv_msm_offset(host); |
| 2126 | + u32 config, oldconfig = readl_relaxed(host->ioaddr + |
| 2127 | + msm_offset->core_dll_config); |
| 2128 | + |
| 2129 | + config = oldconfig; |
| 2130 | + if (enable) { |
| 2131 | + config |= CORE_CDR_EN; |
| 2132 | + config &= ~CORE_CDR_EXT_EN; |
| 2133 | + } else { |
| 2134 | + config &= ~CORE_CDR_EN; |
| 2135 | + config |= CORE_CDR_EXT_EN; |
| 2136 | + } |
| 2137 | + |
| 2138 | + if (config != oldconfig) |
| 2139 | + writel_relaxed(config, host->ioaddr + |
| 2140 | + msm_offset->core_dll_config); |
| 2141 | +} |
| 2142 | + |
| 2143 | static int sdhci_msm_execute_tuning(struct mmc_host *mmc, u32 opcode) |
| 2144 | { |
| 2145 | struct sdhci_host *host = mmc_priv(mmc); |
| 2146 | @@ -1042,8 +1064,14 @@ static int sdhci_msm_execute_tuning(struct mmc_host *mmc, u32 opcode) |
| 2147 | if (host->clock <= CORE_FREQ_100MHZ || |
| 2148 | !(ios.timing == MMC_TIMING_MMC_HS400 || |
| 2149 | ios.timing == MMC_TIMING_MMC_HS200 || |
| 2150 | - ios.timing == MMC_TIMING_UHS_SDR104)) |
| 2151 | + ios.timing == MMC_TIMING_UHS_SDR104)) { |
| 2152 | + msm_host->use_cdr = false; |
| 2153 | + sdhci_msm_set_cdr(host, false); |
| 2154 | return 0; |
| 2155 | + } |
| 2156 | + |
| 2157 | + /* Clock-Data-Recovery used to dynamically adjust RX sampling point */ |
| 2158 | + msm_host->use_cdr = true; |
| 2159 | |
| 2160 | /* |
| 2161 | * For HS400 tuning in HS200 timing requires: |
| 2162 | @@ -1525,6 +1553,19 @@ static int __sdhci_msm_check_write(struct sdhci_host *host, u16 val, int reg) |
| 2163 | case SDHCI_POWER_CONTROL: |
| 2164 | req_type = !val ? REQ_BUS_OFF : REQ_BUS_ON; |
| 2165 | break; |
| 2166 | + case SDHCI_TRANSFER_MODE: |
| 2167 | + msm_host->transfer_mode = val; |
| 2168 | + break; |
| 2169 | + case SDHCI_COMMAND: |
| 2170 | + if (!msm_host->use_cdr) |
| 2171 | + break; |
| 2172 | + if ((msm_host->transfer_mode & SDHCI_TRNS_READ) && |
| 2173 | + SDHCI_GET_CMD(val) != MMC_SEND_TUNING_BLOCK_HS200 && |
| 2174 | + SDHCI_GET_CMD(val) != MMC_SEND_TUNING_BLOCK) |
| 2175 | + sdhci_msm_set_cdr(host, true); |
| 2176 | + else |
| 2177 | + sdhci_msm_set_cdr(host, false); |
| 2178 | + break; |
| 2179 | } |
| 2180 | |
| 2181 | if (req_type) { |
| 2182 | diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
| 2183 | index 333387f1f1fe..62659abf73cd 100644 |
| 2184 | --- a/drivers/net/bonding/bond_main.c |
| 2185 | +++ b/drivers/net/bonding/bond_main.c |
| 2186 | @@ -1948,6 +1948,9 @@ static int __bond_release_one(struct net_device *bond_dev, |
| 2187 | if (!bond_has_slaves(bond)) { |
| 2188 | bond_set_carrier(bond); |
| 2189 | eth_hw_addr_random(bond_dev); |
| 2190 | + bond->nest_level = SINGLE_DEPTH_NESTING; |
| 2191 | + } else { |
| 2192 | + bond->nest_level = dev_get_nest_level(bond_dev) + 1; |
| 2193 | } |
| 2194 | |
| 2195 | unblock_netpoll_tx(); |
| 2196 | diff --git a/drivers/net/dsa/realtek-smi.c b/drivers/net/dsa/realtek-smi.c |
| 2197 | index b4b839a1d095..ad41ec63cc9f 100644 |
| 2198 | --- a/drivers/net/dsa/realtek-smi.c |
| 2199 | +++ b/drivers/net/dsa/realtek-smi.c |
| 2200 | @@ -347,16 +347,17 @@ int realtek_smi_setup_mdio(struct realtek_smi *smi) |
| 2201 | struct device_node *mdio_np; |
| 2202 | int ret; |
| 2203 | |
| 2204 | - mdio_np = of_find_compatible_node(smi->dev->of_node, NULL, |
| 2205 | - "realtek,smi-mdio"); |
| 2206 | + mdio_np = of_get_compatible_child(smi->dev->of_node, "realtek,smi-mdio"); |
| 2207 | if (!mdio_np) { |
| 2208 | dev_err(smi->dev, "no MDIO bus node\n"); |
| 2209 | return -ENODEV; |
| 2210 | } |
| 2211 | |
| 2212 | smi->slave_mii_bus = devm_mdiobus_alloc(smi->dev); |
| 2213 | - if (!smi->slave_mii_bus) |
| 2214 | - return -ENOMEM; |
| 2215 | + if (!smi->slave_mii_bus) { |
| 2216 | + ret = -ENOMEM; |
| 2217 | + goto err_put_node; |
| 2218 | + } |
| 2219 | smi->slave_mii_bus->priv = smi; |
| 2220 | smi->slave_mii_bus->name = "SMI slave MII"; |
| 2221 | smi->slave_mii_bus->read = realtek_smi_mdio_read; |
| 2222 | @@ -371,10 +372,15 @@ int realtek_smi_setup_mdio(struct realtek_smi *smi) |
| 2223 | if (ret) { |
| 2224 | dev_err(smi->dev, "unable to register MDIO bus %s\n", |
| 2225 | smi->slave_mii_bus->id); |
| 2226 | - of_node_put(mdio_np); |
| 2227 | + goto err_put_node; |
| 2228 | } |
| 2229 | |
| 2230 | return 0; |
| 2231 | + |
| 2232 | +err_put_node: |
| 2233 | + of_node_put(mdio_np); |
| 2234 | + |
| 2235 | + return ret; |
| 2236 | } |
| 2237 | |
| 2238 | static int realtek_smi_probe(struct platform_device *pdev) |
| 2239 | @@ -457,6 +463,8 @@ static int realtek_smi_remove(struct platform_device *pdev) |
| 2240 | struct realtek_smi *smi = dev_get_drvdata(&pdev->dev); |
| 2241 | |
| 2242 | dsa_unregister_switch(smi->ds); |
| 2243 | + if (smi->slave_mii_bus) |
| 2244 | + of_node_put(smi->slave_mii_bus->dev.of_node); |
| 2245 | gpiod_set_value(smi->reset, 1); |
| 2246 | |
| 2247 | return 0; |
| 2248 | diff --git a/drivers/net/ethernet/microchip/lan743x_main.c b/drivers/net/ethernet/microchip/lan743x_main.c |
| 2249 | index 20c9377e99cb..1ce8b729929f 100644 |
| 2250 | --- a/drivers/net/ethernet/microchip/lan743x_main.c |
| 2251 | +++ b/drivers/net/ethernet/microchip/lan743x_main.c |
| 2252 | @@ -962,13 +962,10 @@ static void lan743x_phy_link_status_change(struct net_device *netdev) |
| 2253 | |
| 2254 | memset(&ksettings, 0, sizeof(ksettings)); |
| 2255 | phy_ethtool_get_link_ksettings(netdev, &ksettings); |
| 2256 | - local_advertisement = phy_read(phydev, MII_ADVERTISE); |
| 2257 | - if (local_advertisement < 0) |
| 2258 | - return; |
| 2259 | - |
| 2260 | - remote_advertisement = phy_read(phydev, MII_LPA); |
| 2261 | - if (remote_advertisement < 0) |
| 2262 | - return; |
| 2263 | + local_advertisement = |
| 2264 | + ethtool_adv_to_mii_adv_t(phydev->advertising); |
| 2265 | + remote_advertisement = |
| 2266 | + ethtool_adv_to_mii_adv_t(phydev->lp_advertising); |
| 2267 | |
| 2268 | lan743x_phy_update_flowcontrol(adapter, |
| 2269 | ksettings.base.duplex, |
| 2270 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c |
| 2271 | index 209566f8097b..78ea9639b622 100644 |
| 2272 | --- a/drivers/net/ethernet/realtek/r8169.c |
| 2273 | +++ b/drivers/net/ethernet/realtek/r8169.c |
| 2274 | @@ -714,6 +714,7 @@ module_param(use_dac, int, 0); |
| 2275 | MODULE_PARM_DESC(use_dac, "Enable PCI DAC. Unsafe on 32 bit PCI slot."); |
| 2276 | module_param_named(debug, debug.msg_enable, int, 0); |
| 2277 | MODULE_PARM_DESC(debug, "Debug verbosity level (0=none, ..., 16=all)"); |
| 2278 | +MODULE_SOFTDEP("pre: realtek"); |
| 2279 | MODULE_LICENSE("GPL"); |
| 2280 | MODULE_FIRMWARE(FIRMWARE_8168D_1); |
| 2281 | MODULE_FIRMWARE(FIRMWARE_8168D_2); |
| 2282 | @@ -1728,11 +1729,13 @@ static bool rtl8169_reset_counters(struct rtl8169_private *tp) |
| 2283 | |
| 2284 | static bool rtl8169_update_counters(struct rtl8169_private *tp) |
| 2285 | { |
| 2286 | + u8 val = RTL_R8(tp, ChipCmd); |
| 2287 | + |
| 2288 | /* |
| 2289 | * Some chips are unable to dump tally counters when the receiver |
| 2290 | - * is disabled. |
| 2291 | + * is disabled. If 0xff chip may be in a PCI power-save state. |
| 2292 | */ |
| 2293 | - if ((RTL_R8(tp, ChipCmd) & CmdRxEnb) == 0) |
| 2294 | + if (!(val & CmdRxEnb) || val == 0xff) |
| 2295 | return true; |
| 2296 | |
| 2297 | return rtl8169_do_counters(tp, CounterDump); |
| 2298 | diff --git a/drivers/net/phy/bcm87xx.c b/drivers/net/phy/bcm87xx.c |
| 2299 | index f7ebdcff53e4..4d66e4bb904a 100644 |
| 2300 | --- a/drivers/net/phy/bcm87xx.c |
| 2301 | +++ b/drivers/net/phy/bcm87xx.c |
| 2302 | @@ -193,6 +193,7 @@ static struct phy_driver bcm87xx_driver[] = { |
| 2303 | .phy_id = PHY_ID_BCM8706, |
| 2304 | .phy_id_mask = 0xffffffff, |
| 2305 | .name = "Broadcom BCM8706", |
| 2306 | + .features = PHY_10GBIT_FEC_FEATURES, |
| 2307 | .flags = PHY_HAS_INTERRUPT, |
| 2308 | .config_init = bcm87xx_config_init, |
| 2309 | .config_aneg = bcm87xx_config_aneg, |
| 2310 | @@ -205,6 +206,7 @@ static struct phy_driver bcm87xx_driver[] = { |
| 2311 | .phy_id = PHY_ID_BCM8727, |
| 2312 | .phy_id_mask = 0xffffffff, |
| 2313 | .name = "Broadcom BCM8727", |
| 2314 | + .features = PHY_10GBIT_FEC_FEATURES, |
| 2315 | .flags = PHY_HAS_INTERRUPT, |
| 2316 | .config_init = bcm87xx_config_init, |
| 2317 | .config_aneg = bcm87xx_config_aneg, |
| 2318 | diff --git a/drivers/net/phy/cortina.c b/drivers/net/phy/cortina.c |
| 2319 | index 8022cd317f62..1a4d04afb7f0 100644 |
| 2320 | --- a/drivers/net/phy/cortina.c |
| 2321 | +++ b/drivers/net/phy/cortina.c |
| 2322 | @@ -88,6 +88,7 @@ static struct phy_driver cortina_driver[] = { |
| 2323 | .phy_id = PHY_ID_CS4340, |
| 2324 | .phy_id_mask = 0xffffffff, |
| 2325 | .name = "Cortina CS4340", |
| 2326 | + .features = PHY_10GBIT_FEATURES, |
| 2327 | .config_init = gen10g_config_init, |
| 2328 | .config_aneg = gen10g_config_aneg, |
| 2329 | .read_status = cortina_read_status, |
| 2330 | diff --git a/drivers/net/phy/meson-gxl.c b/drivers/net/phy/meson-gxl.c |
| 2331 | index ddc2c5ea3787..6ace118502b9 100644 |
| 2332 | --- a/drivers/net/phy/meson-gxl.c |
| 2333 | +++ b/drivers/net/phy/meson-gxl.c |
| 2334 | @@ -233,6 +233,7 @@ static struct phy_driver meson_gxl_phy[] = { |
| 2335 | .name = "Meson GXL Internal PHY", |
| 2336 | .features = PHY_BASIC_FEATURES, |
| 2337 | .flags = PHY_IS_INTERNAL | PHY_HAS_INTERRUPT, |
| 2338 | + .soft_reset = genphy_soft_reset, |
| 2339 | .config_init = meson_gxl_config_init, |
| 2340 | .aneg_done = genphy_aneg_done, |
| 2341 | .read_status = meson_gxl_read_status, |
| 2342 | diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c |
| 2343 | index 9265dea79412..51611c7a23d1 100644 |
| 2344 | --- a/drivers/net/phy/micrel.c |
| 2345 | +++ b/drivers/net/phy/micrel.c |
| 2346 | @@ -1105,6 +1105,7 @@ static struct phy_driver ksphy_driver[] = { |
| 2347 | .phy_id = PHY_ID_KSZ8873MLL, |
| 2348 | .phy_id_mask = MICREL_PHY_ID_MASK, |
| 2349 | .name = "Micrel KSZ8873MLL Switch", |
| 2350 | + .features = PHY_BASIC_FEATURES, |
| 2351 | .config_init = kszphy_config_init, |
| 2352 | .config_aneg = ksz8873mll_config_aneg, |
| 2353 | .read_status = ksz8873mll_read_status, |
| 2354 | diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c |
| 2355 | index 26c41ede54a4..fd051ae787cb 100644 |
| 2356 | --- a/drivers/net/phy/phy_device.c |
| 2357 | +++ b/drivers/net/phy/phy_device.c |
| 2358 | @@ -61,6 +61,9 @@ EXPORT_SYMBOL_GPL(phy_gbit_all_ports_features); |
| 2359 | __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_features) __ro_after_init; |
| 2360 | EXPORT_SYMBOL_GPL(phy_10gbit_features); |
| 2361 | |
| 2362 | +__ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_fec_features) __ro_after_init; |
| 2363 | +EXPORT_SYMBOL_GPL(phy_10gbit_fec_features); |
| 2364 | + |
| 2365 | static const int phy_basic_ports_array[] = { |
| 2366 | ETHTOOL_LINK_MODE_Autoneg_BIT, |
| 2367 | ETHTOOL_LINK_MODE_TP_BIT, |
| 2368 | @@ -102,6 +105,11 @@ static const int phy_10gbit_features_array[] = { |
| 2369 | ETHTOOL_LINK_MODE_10000baseT_Full_BIT, |
| 2370 | }; |
| 2371 | |
| 2372 | +const int phy_10gbit_fec_features_array[1] = { |
| 2373 | + ETHTOOL_LINK_MODE_10000baseR_FEC_BIT, |
| 2374 | +}; |
| 2375 | +EXPORT_SYMBOL_GPL(phy_10gbit_fec_features_array); |
| 2376 | + |
| 2377 | __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_full_features) __ro_after_init; |
| 2378 | EXPORT_SYMBOL_GPL(phy_10gbit_full_features); |
| 2379 | |
| 2380 | @@ -184,6 +192,10 @@ static void features_init(void) |
| 2381 | linkmode_set_bit_array(phy_10gbit_full_features_array, |
| 2382 | ARRAY_SIZE(phy_10gbit_full_features_array), |
| 2383 | phy_10gbit_full_features); |
| 2384 | + /* 10G FEC only */ |
| 2385 | + linkmode_set_bit_array(phy_10gbit_fec_features_array, |
| 2386 | + ARRAY_SIZE(phy_10gbit_fec_features_array), |
| 2387 | + phy_10gbit_fec_features); |
| 2388 | } |
| 2389 | |
| 2390 | void phy_device_free(struct phy_device *phydev) |
| 2391 | diff --git a/drivers/net/phy/teranetics.c b/drivers/net/phy/teranetics.c |
| 2392 | index 22f3bdd8206c..91247182bc52 100644 |
| 2393 | --- a/drivers/net/phy/teranetics.c |
| 2394 | +++ b/drivers/net/phy/teranetics.c |
| 2395 | @@ -80,6 +80,7 @@ static struct phy_driver teranetics_driver[] = { |
| 2396 | .phy_id = PHY_ID_TN2020, |
| 2397 | .phy_id_mask = 0xffffffff, |
| 2398 | .name = "Teranetics TN2020", |
| 2399 | + .features = PHY_10GBIT_FEATURES, |
| 2400 | .soft_reset = gen10g_no_soft_reset, |
| 2401 | .aneg_done = teranetics_aneg_done, |
| 2402 | .config_init = gen10g_config_init, |
| 2403 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
| 2404 | index 005020042be9..6658658246d2 100644 |
| 2405 | --- a/drivers/net/tun.c |
| 2406 | +++ b/drivers/net/tun.c |
| 2407 | @@ -852,10 +852,6 @@ static int tun_attach(struct tun_struct *tun, struct file *file, |
| 2408 | err = 0; |
| 2409 | } |
| 2410 | |
| 2411 | - rcu_assign_pointer(tfile->tun, tun); |
| 2412 | - rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile); |
| 2413 | - tun->numqueues++; |
| 2414 | - |
| 2415 | if (tfile->detached) { |
| 2416 | tun_enable_queue(tfile); |
| 2417 | } else { |
| 2418 | @@ -872,6 +868,13 @@ static int tun_attach(struct tun_struct *tun, struct file *file, |
| 2419 | * refcnt. |
| 2420 | */ |
| 2421 | |
| 2422 | + /* Publish tfile->tun and tun->tfiles only after we've fully |
| 2423 | + * initialized tfile; otherwise we risk using half-initialized |
| 2424 | + * object. |
| 2425 | + */ |
| 2426 | + rcu_assign_pointer(tfile->tun, tun); |
| 2427 | + rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile); |
| 2428 | + tun->numqueues++; |
| 2429 | out: |
| 2430 | return err; |
| 2431 | } |
| 2432 | diff --git a/drivers/of/property.c b/drivers/of/property.c |
| 2433 | index f46828e3b082..43720c2de138 100644 |
| 2434 | --- a/drivers/of/property.c |
| 2435 | +++ b/drivers/of/property.c |
| 2436 | @@ -806,6 +806,7 @@ struct device_node *of_graph_get_remote_node(const struct device_node *node, |
| 2437 | |
| 2438 | if (!of_device_is_available(remote)) { |
| 2439 | pr_debug("not available for remote node\n"); |
| 2440 | + of_node_put(remote); |
| 2441 | return NULL; |
| 2442 | } |
| 2443 | |
| 2444 | diff --git a/drivers/remoteproc/remoteproc_virtio.c b/drivers/remoteproc/remoteproc_virtio.c |
| 2445 | index de21f620b882..21b22a150930 100644 |
| 2446 | --- a/drivers/remoteproc/remoteproc_virtio.c |
| 2447 | +++ b/drivers/remoteproc/remoteproc_virtio.c |
| 2448 | @@ -153,10 +153,15 @@ static int rproc_virtio_find_vqs(struct virtio_device *vdev, unsigned int nvqs, |
| 2449 | const bool * ctx, |
| 2450 | struct irq_affinity *desc) |
| 2451 | { |
| 2452 | - int i, ret; |
| 2453 | + int i, ret, queue_idx = 0; |
| 2454 | |
| 2455 | for (i = 0; i < nvqs; ++i) { |
| 2456 | - vqs[i] = rp_find_vq(vdev, i, callbacks[i], names[i], |
| 2457 | + if (!names[i]) { |
| 2458 | + vqs[i] = NULL; |
| 2459 | + continue; |
| 2460 | + } |
| 2461 | + |
| 2462 | + vqs[i] = rp_find_vq(vdev, queue_idx++, callbacks[i], names[i], |
| 2463 | ctx ? ctx[i] : false); |
| 2464 | if (IS_ERR(vqs[i])) { |
| 2465 | ret = PTR_ERR(vqs[i]); |
| 2466 | diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c |
| 2467 | index c9c57b4a0b71..4e1bdd03d2aa 100644 |
| 2468 | --- a/drivers/s390/virtio/virtio_ccw.c |
| 2469 | +++ b/drivers/s390/virtio/virtio_ccw.c |
| 2470 | @@ -635,7 +635,7 @@ static int virtio_ccw_find_vqs(struct virtio_device *vdev, unsigned nvqs, |
| 2471 | { |
| 2472 | struct virtio_ccw_device *vcdev = to_vc_device(vdev); |
| 2473 | unsigned long *indicatorp = NULL; |
| 2474 | - int ret, i; |
| 2475 | + int ret, i, queue_idx = 0; |
| 2476 | struct ccw1 *ccw; |
| 2477 | |
| 2478 | ccw = kzalloc(sizeof(*ccw), GFP_DMA | GFP_KERNEL); |
| 2479 | @@ -643,8 +643,14 @@ static int virtio_ccw_find_vqs(struct virtio_device *vdev, unsigned nvqs, |
| 2480 | return -ENOMEM; |
| 2481 | |
| 2482 | for (i = 0; i < nvqs; ++i) { |
| 2483 | - vqs[i] = virtio_ccw_setup_vq(vdev, i, callbacks[i], names[i], |
| 2484 | - ctx ? ctx[i] : false, ccw); |
| 2485 | + if (!names[i]) { |
| 2486 | + vqs[i] = NULL; |
| 2487 | + continue; |
| 2488 | + } |
| 2489 | + |
| 2490 | + vqs[i] = virtio_ccw_setup_vq(vdev, queue_idx++, callbacks[i], |
| 2491 | + names[i], ctx ? ctx[i] : false, |
| 2492 | + ccw); |
| 2493 | if (IS_ERR(vqs[i])) { |
| 2494 | ret = PTR_ERR(vqs[i]); |
| 2495 | vqs[i] = NULL; |
| 2496 | diff --git a/drivers/scsi/scsi_pm.c b/drivers/scsi/scsi_pm.c |
| 2497 | index a2b4179bfdf7..7639df91b110 100644 |
| 2498 | --- a/drivers/scsi/scsi_pm.c |
| 2499 | +++ b/drivers/scsi/scsi_pm.c |
| 2500 | @@ -80,8 +80,22 @@ static int scsi_dev_type_resume(struct device *dev, |
| 2501 | |
| 2502 | if (err == 0) { |
| 2503 | pm_runtime_disable(dev); |
| 2504 | - pm_runtime_set_active(dev); |
| 2505 | + err = pm_runtime_set_active(dev); |
| 2506 | pm_runtime_enable(dev); |
| 2507 | + |
| 2508 | + /* |
| 2509 | + * Forcibly set runtime PM status of request queue to "active" |
| 2510 | + * to make sure we can again get requests from the queue |
| 2511 | + * (see also blk_pm_peek_request()). |
| 2512 | + * |
| 2513 | + * The resume hook will correct runtime PM status of the disk. |
| 2514 | + */ |
| 2515 | + if (!err && scsi_is_sdev_device(dev)) { |
| 2516 | + struct scsi_device *sdev = to_scsi_device(dev); |
| 2517 | + |
| 2518 | + if (sdev->request_queue->dev) |
| 2519 | + blk_set_runtime_active(sdev->request_queue); |
| 2520 | + } |
| 2521 | } |
| 2522 | |
| 2523 | return err; |
| 2524 | @@ -140,16 +154,6 @@ static int scsi_bus_resume_common(struct device *dev, |
| 2525 | else |
| 2526 | fn = NULL; |
| 2527 | |
| 2528 | - /* |
| 2529 | - * Forcibly set runtime PM status of request queue to "active" to |
| 2530 | - * make sure we can again get requests from the queue (see also |
| 2531 | - * blk_pm_peek_request()). |
| 2532 | - * |
| 2533 | - * The resume hook will correct runtime PM status of the disk. |
| 2534 | - */ |
| 2535 | - if (scsi_is_sdev_device(dev) && pm_runtime_suspended(dev)) |
| 2536 | - blk_set_runtime_active(to_scsi_device(dev)->request_queue); |
| 2537 | - |
| 2538 | if (fn) { |
| 2539 | async_schedule_domain(fn, dev, &scsi_sd_pm_domain); |
| 2540 | |
| 2541 | diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
| 2542 | index bd0a5c694a97..ba4b8b3ce8cf 100644 |
| 2543 | --- a/drivers/scsi/sd.c |
| 2544 | +++ b/drivers/scsi/sd.c |
| 2545 | @@ -206,6 +206,12 @@ cache_type_store(struct device *dev, struct device_attribute *attr, |
| 2546 | sp = buffer_data[0] & 0x80 ? 1 : 0; |
| 2547 | buffer_data[0] &= ~0x80; |
| 2548 | |
| 2549 | + /* |
| 2550 | + * Ensure WP, DPOFUA, and RESERVED fields are cleared in |
| 2551 | + * received mode parameter buffer before doing MODE SELECT. |
| 2552 | + */ |
| 2553 | + data.device_specific = 0; |
| 2554 | + |
| 2555 | if (scsi_mode_select(sdp, 1, sp, 8, buffer_data, len, SD_TIMEOUT, |
| 2556 | SD_MAX_RETRIES, &data, &sshdr)) { |
| 2557 | if (scsi_sense_valid(&sshdr)) |
| 2558 | diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
| 2559 | index 687250ec8032..23c6fd238422 100644 |
| 2560 | --- a/drivers/tty/tty_io.c |
| 2561 | +++ b/drivers/tty/tty_io.c |
| 2562 | @@ -1256,7 +1256,8 @@ static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct * |
| 2563 | static int tty_reopen(struct tty_struct *tty) |
| 2564 | { |
| 2565 | struct tty_driver *driver = tty->driver; |
| 2566 | - int retval; |
| 2567 | + struct tty_ldisc *ld; |
| 2568 | + int retval = 0; |
| 2569 | |
| 2570 | if (driver->type == TTY_DRIVER_TYPE_PTY && |
| 2571 | driver->subtype == PTY_TYPE_MASTER) |
| 2572 | @@ -1268,14 +1269,21 @@ static int tty_reopen(struct tty_struct *tty) |
| 2573 | if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) |
| 2574 | return -EBUSY; |
| 2575 | |
| 2576 | - tty->count++; |
| 2577 | + ld = tty_ldisc_ref_wait(tty); |
| 2578 | + if (ld) { |
| 2579 | + tty_ldisc_deref(ld); |
| 2580 | + } else { |
| 2581 | + retval = tty_ldisc_lock(tty, 5 * HZ); |
| 2582 | + if (retval) |
| 2583 | + return retval; |
| 2584 | |
| 2585 | - if (tty->ldisc) |
| 2586 | - return 0; |
| 2587 | + if (!tty->ldisc) |
| 2588 | + retval = tty_ldisc_reinit(tty, tty->termios.c_line); |
| 2589 | + tty_ldisc_unlock(tty); |
| 2590 | + } |
| 2591 | |
| 2592 | - retval = tty_ldisc_reinit(tty, tty->termios.c_line); |
| 2593 | - if (retval) |
| 2594 | - tty->count--; |
| 2595 | + if (retval == 0) |
| 2596 | + tty->count++; |
| 2597 | |
| 2598 | return retval; |
| 2599 | } |
| 2600 | diff --git a/drivers/tty/tty_ldsem.c b/drivers/tty/tty_ldsem.c |
| 2601 | index 0c98d88f795a..b989ca26fc78 100644 |
| 2602 | --- a/drivers/tty/tty_ldsem.c |
| 2603 | +++ b/drivers/tty/tty_ldsem.c |
| 2604 | @@ -293,6 +293,16 @@ down_write_failed(struct ld_semaphore *sem, long count, long timeout) |
| 2605 | if (!locked) |
| 2606 | atomic_long_add_return(-LDSEM_WAIT_BIAS, &sem->count); |
| 2607 | list_del(&waiter.list); |
| 2608 | + |
| 2609 | + /* |
| 2610 | + * In case of timeout, wake up every reader who gave the right of way |
| 2611 | + * to writer. Prevent separation readers into two groups: |
| 2612 | + * one that helds semaphore and another that sleeps. |
| 2613 | + * (in case of no contention with a writer) |
| 2614 | + */ |
| 2615 | + if (!locked && list_empty(&sem->write_wait)) |
| 2616 | + __ldsem_wake_readers(sem); |
| 2617 | + |
| 2618 | raw_spin_unlock_irq(&sem->wait_lock); |
| 2619 | |
| 2620 | __set_current_state(TASK_RUNNING); |
| 2621 | diff --git a/drivers/video/fbdev/offb.c b/drivers/video/fbdev/offb.c |
| 2622 | index 31f769d67195..057d3cdef92e 100644 |
| 2623 | --- a/drivers/video/fbdev/offb.c |
| 2624 | +++ b/drivers/video/fbdev/offb.c |
| 2625 | @@ -318,28 +318,28 @@ static void __iomem *offb_map_reg(struct device_node *np, int index, |
| 2626 | } |
| 2627 | |
| 2628 | static void offb_init_palette_hacks(struct fb_info *info, struct device_node *dp, |
| 2629 | - const char *name, unsigned long address) |
| 2630 | + unsigned long address) |
| 2631 | { |
| 2632 | struct offb_par *par = (struct offb_par *) info->par; |
| 2633 | |
| 2634 | - if (dp && !strncmp(name, "ATY,Rage128", 11)) { |
| 2635 | + if (of_node_name_prefix(dp, "ATY,Rage128")) { |
| 2636 | par->cmap_adr = offb_map_reg(dp, 2, 0, 0x1fff); |
| 2637 | if (par->cmap_adr) |
| 2638 | par->cmap_type = cmap_r128; |
| 2639 | - } else if (dp && (!strncmp(name, "ATY,RageM3pA", 12) |
| 2640 | - || !strncmp(name, "ATY,RageM3p12A", 14))) { |
| 2641 | + } else if (of_node_name_prefix(dp, "ATY,RageM3pA") || |
| 2642 | + of_node_name_prefix(dp, "ATY,RageM3p12A")) { |
| 2643 | par->cmap_adr = offb_map_reg(dp, 2, 0, 0x1fff); |
| 2644 | if (par->cmap_adr) |
| 2645 | par->cmap_type = cmap_M3A; |
| 2646 | - } else if (dp && !strncmp(name, "ATY,RageM3pB", 12)) { |
| 2647 | + } else if (of_node_name_prefix(dp, "ATY,RageM3pB")) { |
| 2648 | par->cmap_adr = offb_map_reg(dp, 2, 0, 0x1fff); |
| 2649 | if (par->cmap_adr) |
| 2650 | par->cmap_type = cmap_M3B; |
| 2651 | - } else if (dp && !strncmp(name, "ATY,Rage6", 9)) { |
| 2652 | + } else if (of_node_name_prefix(dp, "ATY,Rage6")) { |
| 2653 | par->cmap_adr = offb_map_reg(dp, 1, 0, 0x1fff); |
| 2654 | if (par->cmap_adr) |
| 2655 | par->cmap_type = cmap_radeon; |
| 2656 | - } else if (!strncmp(name, "ATY,", 4)) { |
| 2657 | + } else if (of_node_name_prefix(dp, "ATY,")) { |
| 2658 | unsigned long base = address & 0xff000000UL; |
| 2659 | par->cmap_adr = |
| 2660 | ioremap(base + 0x7ff000, 0x1000) + 0xcc0; |
| 2661 | @@ -350,7 +350,7 @@ static void offb_init_palette_hacks(struct fb_info *info, struct device_node *dp |
| 2662 | par->cmap_adr = offb_map_reg(dp, 0, 0x6000, 0x1000); |
| 2663 | if (par->cmap_adr) |
| 2664 | par->cmap_type = cmap_gxt2000; |
| 2665 | - } else if (dp && !strncmp(name, "vga,Display-", 12)) { |
| 2666 | + } else if (of_node_name_prefix(dp, "vga,Display-")) { |
| 2667 | /* Look for AVIVO initialized by SLOF */ |
| 2668 | struct device_node *pciparent = of_get_parent(dp); |
| 2669 | const u32 *vid, *did; |
| 2670 | @@ -438,7 +438,7 @@ static void __init offb_init_fb(const char *name, |
| 2671 | |
| 2672 | par->cmap_type = cmap_unknown; |
| 2673 | if (depth == 8) |
| 2674 | - offb_init_palette_hacks(info, dp, name, address); |
| 2675 | + offb_init_palette_hacks(info, dp, address); |
| 2676 | else |
| 2677 | fix->visual = FB_VISUAL_TRUECOLOR; |
| 2678 | |
| 2679 | diff --git a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c |
| 2680 | index a3edb20ea4c3..a846d32ee653 100644 |
| 2681 | --- a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c |
| 2682 | +++ b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c |
| 2683 | @@ -609,6 +609,8 @@ int omapfb_ioctl(struct fb_info *fbi, unsigned int cmd, unsigned long arg) |
| 2684 | |
| 2685 | int r = 0; |
| 2686 | |
| 2687 | + memset(&p, 0, sizeof(p)); |
| 2688 | + |
| 2689 | switch (cmd) { |
| 2690 | case OMAPFB_SYNC_GFX: |
| 2691 | DBG("ioctl SYNC_GFX\n"); |
| 2692 | diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c |
| 2693 | index 728ecd1eea30..fb12fe205f86 100644 |
| 2694 | --- a/drivers/virtio/virtio_balloon.c |
| 2695 | +++ b/drivers/virtio/virtio_balloon.c |
| 2696 | @@ -61,6 +61,10 @@ enum virtio_balloon_vq { |
| 2697 | VIRTIO_BALLOON_VQ_MAX |
| 2698 | }; |
| 2699 | |
| 2700 | +enum virtio_balloon_config_read { |
| 2701 | + VIRTIO_BALLOON_CONFIG_READ_CMD_ID = 0, |
| 2702 | +}; |
| 2703 | + |
| 2704 | struct virtio_balloon { |
| 2705 | struct virtio_device *vdev; |
| 2706 | struct virtqueue *inflate_vq, *deflate_vq, *stats_vq, *free_page_vq; |
| 2707 | @@ -77,14 +81,20 @@ struct virtio_balloon { |
| 2708 | /* Prevent updating balloon when it is being canceled. */ |
| 2709 | spinlock_t stop_update_lock; |
| 2710 | bool stop_update; |
| 2711 | + /* Bitmap to indicate if reading the related config fields are needed */ |
| 2712 | + unsigned long config_read_bitmap; |
| 2713 | |
| 2714 | /* The list of allocated free pages, waiting to be given back to mm */ |
| 2715 | struct list_head free_page_list; |
| 2716 | spinlock_t free_page_list_lock; |
| 2717 | /* The number of free page blocks on the above list */ |
| 2718 | unsigned long num_free_page_blocks; |
| 2719 | - /* The cmd id received from host */ |
| 2720 | - u32 cmd_id_received; |
| 2721 | + /* |
| 2722 | + * The cmd id received from host. |
| 2723 | + * Read it via virtio_balloon_cmd_id_received to get the latest value |
| 2724 | + * sent from host. |
| 2725 | + */ |
| 2726 | + u32 cmd_id_received_cache; |
| 2727 | /* The cmd id that is actively in use */ |
| 2728 | __virtio32 cmd_id_active; |
| 2729 | /* Buffer to store the stop sign */ |
| 2730 | @@ -390,37 +400,31 @@ static unsigned long return_free_pages_to_mm(struct virtio_balloon *vb, |
| 2731 | return num_returned; |
| 2732 | } |
| 2733 | |
| 2734 | +static void virtio_balloon_queue_free_page_work(struct virtio_balloon *vb) |
| 2735 | +{ |
| 2736 | + if (!virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT)) |
| 2737 | + return; |
| 2738 | + |
| 2739 | + /* No need to queue the work if the bit was already set. */ |
| 2740 | + if (test_and_set_bit(VIRTIO_BALLOON_CONFIG_READ_CMD_ID, |
| 2741 | + &vb->config_read_bitmap)) |
| 2742 | + return; |
| 2743 | + |
| 2744 | + queue_work(vb->balloon_wq, &vb->report_free_page_work); |
| 2745 | +} |
| 2746 | + |
| 2747 | static void virtballoon_changed(struct virtio_device *vdev) |
| 2748 | { |
| 2749 | struct virtio_balloon *vb = vdev->priv; |
| 2750 | unsigned long flags; |
| 2751 | - s64 diff = towards_target(vb); |
| 2752 | - |
| 2753 | - if (diff) { |
| 2754 | - spin_lock_irqsave(&vb->stop_update_lock, flags); |
| 2755 | - if (!vb->stop_update) |
| 2756 | - queue_work(system_freezable_wq, |
| 2757 | - &vb->update_balloon_size_work); |
| 2758 | - spin_unlock_irqrestore(&vb->stop_update_lock, flags); |
| 2759 | - } |
| 2760 | |
| 2761 | - if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_FREE_PAGE_HINT)) { |
| 2762 | - virtio_cread(vdev, struct virtio_balloon_config, |
| 2763 | - free_page_report_cmd_id, &vb->cmd_id_received); |
| 2764 | - if (vb->cmd_id_received == VIRTIO_BALLOON_CMD_ID_DONE) { |
| 2765 | - /* Pass ULONG_MAX to give back all the free pages */ |
| 2766 | - return_free_pages_to_mm(vb, ULONG_MAX); |
| 2767 | - } else if (vb->cmd_id_received != VIRTIO_BALLOON_CMD_ID_STOP && |
| 2768 | - vb->cmd_id_received != |
| 2769 | - virtio32_to_cpu(vdev, vb->cmd_id_active)) { |
| 2770 | - spin_lock_irqsave(&vb->stop_update_lock, flags); |
| 2771 | - if (!vb->stop_update) { |
| 2772 | - queue_work(vb->balloon_wq, |
| 2773 | - &vb->report_free_page_work); |
| 2774 | - } |
| 2775 | - spin_unlock_irqrestore(&vb->stop_update_lock, flags); |
| 2776 | - } |
| 2777 | + spin_lock_irqsave(&vb->stop_update_lock, flags); |
| 2778 | + if (!vb->stop_update) { |
| 2779 | + queue_work(system_freezable_wq, |
| 2780 | + &vb->update_balloon_size_work); |
| 2781 | + virtio_balloon_queue_free_page_work(vb); |
| 2782 | } |
| 2783 | + spin_unlock_irqrestore(&vb->stop_update_lock, flags); |
| 2784 | } |
| 2785 | |
| 2786 | static void update_balloon_size(struct virtio_balloon *vb) |
| 2787 | @@ -527,6 +531,17 @@ static int init_vqs(struct virtio_balloon *vb) |
| 2788 | return 0; |
| 2789 | } |
| 2790 | |
| 2791 | +static u32 virtio_balloon_cmd_id_received(struct virtio_balloon *vb) |
| 2792 | +{ |
| 2793 | + if (test_and_clear_bit(VIRTIO_BALLOON_CONFIG_READ_CMD_ID, |
| 2794 | + &vb->config_read_bitmap)) |
| 2795 | + virtio_cread(vb->vdev, struct virtio_balloon_config, |
| 2796 | + free_page_report_cmd_id, |
| 2797 | + &vb->cmd_id_received_cache); |
| 2798 | + |
| 2799 | + return vb->cmd_id_received_cache; |
| 2800 | +} |
| 2801 | + |
| 2802 | static int send_cmd_id_start(struct virtio_balloon *vb) |
| 2803 | { |
| 2804 | struct scatterlist sg; |
| 2805 | @@ -537,7 +552,8 @@ static int send_cmd_id_start(struct virtio_balloon *vb) |
| 2806 | while (virtqueue_get_buf(vq, &unused)) |
| 2807 | ; |
| 2808 | |
| 2809 | - vb->cmd_id_active = cpu_to_virtio32(vb->vdev, vb->cmd_id_received); |
| 2810 | + vb->cmd_id_active = virtio32_to_cpu(vb->vdev, |
| 2811 | + virtio_balloon_cmd_id_received(vb)); |
| 2812 | sg_init_one(&sg, &vb->cmd_id_active, sizeof(vb->cmd_id_active)); |
| 2813 | err = virtqueue_add_outbuf(vq, &sg, 1, &vb->cmd_id_active, GFP_KERNEL); |
| 2814 | if (!err) |
| 2815 | @@ -620,7 +636,8 @@ static int send_free_pages(struct virtio_balloon *vb) |
| 2816 | * stop the reporting. |
| 2817 | */ |
| 2818 | cmd_id_active = virtio32_to_cpu(vb->vdev, vb->cmd_id_active); |
| 2819 | - if (cmd_id_active != vb->cmd_id_received) |
| 2820 | + if (unlikely(cmd_id_active != |
| 2821 | + virtio_balloon_cmd_id_received(vb))) |
| 2822 | break; |
| 2823 | |
| 2824 | /* |
| 2825 | @@ -637,11 +654,9 @@ static int send_free_pages(struct virtio_balloon *vb) |
| 2826 | return 0; |
| 2827 | } |
| 2828 | |
| 2829 | -static void report_free_page_func(struct work_struct *work) |
| 2830 | +static void virtio_balloon_report_free_page(struct virtio_balloon *vb) |
| 2831 | { |
| 2832 | int err; |
| 2833 | - struct virtio_balloon *vb = container_of(work, struct virtio_balloon, |
| 2834 | - report_free_page_work); |
| 2835 | struct device *dev = &vb->vdev->dev; |
| 2836 | |
| 2837 | /* Start by sending the received cmd id to host with an outbuf. */ |
| 2838 | @@ -659,6 +674,23 @@ static void report_free_page_func(struct work_struct *work) |
| 2839 | dev_err(dev, "Failed to send a stop id, err = %d\n", err); |
| 2840 | } |
| 2841 | |
| 2842 | +static void report_free_page_func(struct work_struct *work) |
| 2843 | +{ |
| 2844 | + struct virtio_balloon *vb = container_of(work, struct virtio_balloon, |
| 2845 | + report_free_page_work); |
| 2846 | + u32 cmd_id_received; |
| 2847 | + |
| 2848 | + cmd_id_received = virtio_balloon_cmd_id_received(vb); |
| 2849 | + if (cmd_id_received == VIRTIO_BALLOON_CMD_ID_DONE) { |
| 2850 | + /* Pass ULONG_MAX to give back all the free pages */ |
| 2851 | + return_free_pages_to_mm(vb, ULONG_MAX); |
| 2852 | + } else if (cmd_id_received != VIRTIO_BALLOON_CMD_ID_STOP && |
| 2853 | + cmd_id_received != |
| 2854 | + virtio32_to_cpu(vb->vdev, vb->cmd_id_active)) { |
| 2855 | + virtio_balloon_report_free_page(vb); |
| 2856 | + } |
| 2857 | +} |
| 2858 | + |
| 2859 | #ifdef CONFIG_BALLOON_COMPACTION |
| 2860 | /* |
| 2861 | * virtballoon_migratepage - perform the balloon page migration on behalf of |
| 2862 | @@ -885,7 +917,7 @@ static int virtballoon_probe(struct virtio_device *vdev) |
| 2863 | goto out_del_vqs; |
| 2864 | } |
| 2865 | INIT_WORK(&vb->report_free_page_work, report_free_page_func); |
| 2866 | - vb->cmd_id_received = VIRTIO_BALLOON_CMD_ID_STOP; |
| 2867 | + vb->cmd_id_received_cache = VIRTIO_BALLOON_CMD_ID_STOP; |
| 2868 | vb->cmd_id_active = cpu_to_virtio32(vb->vdev, |
| 2869 | VIRTIO_BALLOON_CMD_ID_STOP); |
| 2870 | vb->cmd_id_stop = cpu_to_virtio32(vb->vdev, |
| 2871 | diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c |
| 2872 | index 4cd9ea5c75be..d9dd0f789279 100644 |
| 2873 | --- a/drivers/virtio/virtio_mmio.c |
| 2874 | +++ b/drivers/virtio/virtio_mmio.c |
| 2875 | @@ -468,7 +468,7 @@ static int vm_find_vqs(struct virtio_device *vdev, unsigned nvqs, |
| 2876 | { |
| 2877 | struct virtio_mmio_device *vm_dev = to_virtio_mmio_device(vdev); |
| 2878 | unsigned int irq = platform_get_irq(vm_dev->pdev, 0); |
| 2879 | - int i, err; |
| 2880 | + int i, err, queue_idx = 0; |
| 2881 | |
| 2882 | err = request_irq(irq, vm_interrupt, IRQF_SHARED, |
| 2883 | dev_name(&vdev->dev), vm_dev); |
| 2884 | @@ -476,7 +476,12 @@ static int vm_find_vqs(struct virtio_device *vdev, unsigned nvqs, |
| 2885 | return err; |
| 2886 | |
| 2887 | for (i = 0; i < nvqs; ++i) { |
| 2888 | - vqs[i] = vm_setup_vq(vdev, i, callbacks[i], names[i], |
| 2889 | + if (!names[i]) { |
| 2890 | + vqs[i] = NULL; |
| 2891 | + continue; |
| 2892 | + } |
| 2893 | + |
| 2894 | + vqs[i] = vm_setup_vq(vdev, queue_idx++, callbacks[i], names[i], |
| 2895 | ctx ? ctx[i] : false); |
| 2896 | if (IS_ERR(vqs[i])) { |
| 2897 | vm_del_vqs(vdev); |
| 2898 | diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c |
| 2899 | index 93194f3e7540..117e76b2f939 100644 |
| 2900 | --- a/drivers/xen/events/events_base.c |
| 2901 | +++ b/drivers/xen/events/events_base.c |
| 2902 | @@ -1650,7 +1650,7 @@ void xen_callback_vector(void) |
| 2903 | xen_have_vector_callback = 0; |
| 2904 | return; |
| 2905 | } |
| 2906 | - pr_info("Xen HVM callback vector for event delivery is enabled\n"); |
| 2907 | + pr_info_once("Xen HVM callback vector for event delivery is enabled\n"); |
| 2908 | alloc_intr_gate(HYPERVISOR_CALLBACK_VECTOR, |
| 2909 | xen_hvm_callback_vector); |
| 2910 | } |
| 2911 | diff --git a/fs/block_dev.c b/fs/block_dev.c |
| 2912 | index a80b4f0ee7c4..5a35ed922c95 100644 |
| 2913 | --- a/fs/block_dev.c |
| 2914 | +++ b/fs/block_dev.c |
| 2915 | @@ -104,6 +104,20 @@ void invalidate_bdev(struct block_device *bdev) |
| 2916 | } |
| 2917 | EXPORT_SYMBOL(invalidate_bdev); |
| 2918 | |
| 2919 | +static void set_init_blocksize(struct block_device *bdev) |
| 2920 | +{ |
| 2921 | + unsigned bsize = bdev_logical_block_size(bdev); |
| 2922 | + loff_t size = i_size_read(bdev->bd_inode); |
| 2923 | + |
| 2924 | + while (bsize < PAGE_SIZE) { |
| 2925 | + if (size & bsize) |
| 2926 | + break; |
| 2927 | + bsize <<= 1; |
| 2928 | + } |
| 2929 | + bdev->bd_block_size = bsize; |
| 2930 | + bdev->bd_inode->i_blkbits = blksize_bits(bsize); |
| 2931 | +} |
| 2932 | + |
| 2933 | int set_blocksize(struct block_device *bdev, int size) |
| 2934 | { |
| 2935 | /* Size must be a power of two, and between 512 and PAGE_SIZE */ |
| 2936 | @@ -1408,18 +1422,9 @@ EXPORT_SYMBOL(check_disk_change); |
| 2937 | |
| 2938 | void bd_set_size(struct block_device *bdev, loff_t size) |
| 2939 | { |
| 2940 | - unsigned bsize = bdev_logical_block_size(bdev); |
| 2941 | - |
| 2942 | inode_lock(bdev->bd_inode); |
| 2943 | i_size_write(bdev->bd_inode, size); |
| 2944 | inode_unlock(bdev->bd_inode); |
| 2945 | - while (bsize < PAGE_SIZE) { |
| 2946 | - if (size & bsize) |
| 2947 | - break; |
| 2948 | - bsize <<= 1; |
| 2949 | - } |
| 2950 | - bdev->bd_block_size = bsize; |
| 2951 | - bdev->bd_inode->i_blkbits = blksize_bits(bsize); |
| 2952 | } |
| 2953 | EXPORT_SYMBOL(bd_set_size); |
| 2954 | |
| 2955 | @@ -1496,8 +1501,10 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part) |
| 2956 | } |
| 2957 | } |
| 2958 | |
| 2959 | - if (!ret) |
| 2960 | + if (!ret) { |
| 2961 | bd_set_size(bdev,(loff_t)get_capacity(disk)<<9); |
| 2962 | + set_init_blocksize(bdev); |
| 2963 | + } |
| 2964 | |
| 2965 | /* |
| 2966 | * If the device is invalidated, rescan partition |
| 2967 | @@ -1532,6 +1539,7 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part) |
| 2968 | goto out_clear; |
| 2969 | } |
| 2970 | bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9); |
| 2971 | + set_init_blocksize(bdev); |
| 2972 | } |
| 2973 | |
| 2974 | if (bdev->bd_bdi == &noop_backing_dev_info) |
| 2975 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
| 2976 | index 6d776717d8b3..f74c9e6b84ce 100644 |
| 2977 | --- a/fs/btrfs/disk-io.c |
| 2978 | +++ b/fs/btrfs/disk-io.c |
| 2979 | @@ -4155,6 +4155,14 @@ static void btrfs_destroy_all_ordered_extents(struct btrfs_fs_info *fs_info) |
| 2980 | spin_lock(&fs_info->ordered_root_lock); |
| 2981 | } |
| 2982 | spin_unlock(&fs_info->ordered_root_lock); |
| 2983 | + |
| 2984 | + /* |
| 2985 | + * We need this here because if we've been flipped read-only we won't |
| 2986 | + * get sync() from the umount, so we need to make sure any ordered |
| 2987 | + * extents that haven't had their dirty pages IO start writeout yet |
| 2988 | + * actually get run and error out properly. |
| 2989 | + */ |
| 2990 | + btrfs_wait_ordered_roots(fs_info, U64_MAX, 0, (u64)-1); |
| 2991 | } |
| 2992 | |
| 2993 | static int btrfs_destroy_delayed_refs(struct btrfs_transaction *trans, |
| 2994 | diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
| 2995 | index 423281c19fad..02772f8823cf 100644 |
| 2996 | --- a/fs/btrfs/inode.c |
| 2997 | +++ b/fs/btrfs/inode.c |
| 2998 | @@ -3147,9 +3147,6 @@ out: |
| 2999 | /* once for the tree */ |
| 3000 | btrfs_put_ordered_extent(ordered_extent); |
| 3001 | |
| 3002 | - /* Try to release some metadata so we don't get an OOM but don't wait */ |
| 3003 | - btrfs_btree_balance_dirty_nodelay(fs_info); |
| 3004 | - |
| 3005 | return ret; |
| 3006 | } |
| 3007 | |
| 3008 | diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c |
| 3009 | index e02a9039b5ea..67bdbd3da52e 100644 |
| 3010 | --- a/fs/pstore/ram.c |
| 3011 | +++ b/fs/pstore/ram.c |
| 3012 | @@ -723,18 +723,15 @@ static int ramoops_probe(struct platform_device *pdev) |
| 3013 | { |
| 3014 | struct device *dev = &pdev->dev; |
| 3015 | struct ramoops_platform_data *pdata = dev->platform_data; |
| 3016 | + struct ramoops_platform_data pdata_local; |
| 3017 | struct ramoops_context *cxt = &oops_cxt; |
| 3018 | size_t dump_mem_sz; |
| 3019 | phys_addr_t paddr; |
| 3020 | int err = -EINVAL; |
| 3021 | |
| 3022 | if (dev_of_node(dev) && !pdata) { |
| 3023 | - pdata = devm_kzalloc(&pdev->dev, sizeof(*pdata), GFP_KERNEL); |
| 3024 | - if (!pdata) { |
| 3025 | - pr_err("cannot allocate platform data buffer\n"); |
| 3026 | - err = -ENOMEM; |
| 3027 | - goto fail_out; |
| 3028 | - } |
| 3029 | + pdata = &pdata_local; |
| 3030 | + memset(pdata, 0, sizeof(*pdata)); |
| 3031 | |
| 3032 | err = ramoops_parse_dt(pdev, pdata); |
| 3033 | if (err < 0) |
| 3034 | diff --git a/include/linux/bcma/bcma_soc.h b/include/linux/bcma/bcma_soc.h |
| 3035 | index 7cca5f859a90..f3c43519baa7 100644 |
| 3036 | --- a/include/linux/bcma/bcma_soc.h |
| 3037 | +++ b/include/linux/bcma/bcma_soc.h |
| 3038 | @@ -6,6 +6,7 @@ |
| 3039 | |
| 3040 | struct bcma_soc { |
| 3041 | struct bcma_bus bus; |
| 3042 | + struct device *dev; |
| 3043 | }; |
| 3044 | |
| 3045 | int __init bcma_host_soc_register(struct bcma_soc *soc); |
| 3046 | diff --git a/include/linux/genhd.h b/include/linux/genhd.h |
| 3047 | index 70fc838e6773..0c5ee17b4d88 100644 |
| 3048 | --- a/include/linux/genhd.h |
| 3049 | +++ b/include/linux/genhd.h |
| 3050 | @@ -129,7 +129,7 @@ struct hd_struct { |
| 3051 | struct disk_stats dkstats; |
| 3052 | #endif |
| 3053 | struct percpu_ref ref; |
| 3054 | - struct rcu_head rcu_head; |
| 3055 | + struct rcu_work rcu_work; |
| 3056 | }; |
| 3057 | |
| 3058 | #define GENHD_FL_REMOVABLE 1 |
| 3059 | diff --git a/include/linux/phy.h b/include/linux/phy.h |
| 3060 | index 3ea87f774a76..306630d13523 100644 |
| 3061 | --- a/include/linux/phy.h |
| 3062 | +++ b/include/linux/phy.h |
| 3063 | @@ -48,6 +48,7 @@ extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_gbit_features) __ro_after_init; |
| 3064 | extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_gbit_fibre_features) __ro_after_init; |
| 3065 | extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_gbit_all_ports_features) __ro_after_init; |
| 3066 | extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_features) __ro_after_init; |
| 3067 | +extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_fec_features) __ro_after_init; |
| 3068 | extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_full_features) __ro_after_init; |
| 3069 | |
| 3070 | #define PHY_BASIC_FEATURES ((unsigned long *)&phy_basic_features) |
| 3071 | @@ -56,6 +57,7 @@ extern __ETHTOOL_DECLARE_LINK_MODE_MASK(phy_10gbit_full_features) __ro_after_ini |
| 3072 | #define PHY_GBIT_FIBRE_FEATURES ((unsigned long *)&phy_gbit_fibre_features) |
| 3073 | #define PHY_GBIT_ALL_PORTS_FEATURES ((unsigned long *)&phy_gbit_all_ports_features) |
| 3074 | #define PHY_10GBIT_FEATURES ((unsigned long *)&phy_10gbit_features) |
| 3075 | +#define PHY_10GBIT_FEC_FEATURES ((unsigned long *)&phy_10gbit_fec_features) |
| 3076 | #define PHY_10GBIT_FULL_FEATURES ((unsigned long *)&phy_10gbit_full_features) |
| 3077 | |
| 3078 | /* |
| 3079 | diff --git a/include/net/netfilter/nf_conntrack_count.h b/include/net/netfilter/nf_conntrack_count.h |
| 3080 | index 4b2b2baf8ab4..f32fc8289473 100644 |
| 3081 | --- a/include/net/netfilter/nf_conntrack_count.h |
| 3082 | +++ b/include/net/netfilter/nf_conntrack_count.h |
| 3083 | @@ -5,17 +5,10 @@ |
| 3084 | |
| 3085 | struct nf_conncount_data; |
| 3086 | |
| 3087 | -enum nf_conncount_list_add { |
| 3088 | - NF_CONNCOUNT_ADDED, /* list add was ok */ |
| 3089 | - NF_CONNCOUNT_ERR, /* -ENOMEM, must drop skb */ |
| 3090 | - NF_CONNCOUNT_SKIP, /* list is already reclaimed by gc */ |
| 3091 | -}; |
| 3092 | - |
| 3093 | struct nf_conncount_list { |
| 3094 | spinlock_t list_lock; |
| 3095 | struct list_head head; /* connections with the same filtering key */ |
| 3096 | unsigned int count; /* length of list */ |
| 3097 | - bool dead; |
| 3098 | }; |
| 3099 | |
| 3100 | struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family, |
| 3101 | @@ -29,18 +22,12 @@ unsigned int nf_conncount_count(struct net *net, |
| 3102 | const struct nf_conntrack_tuple *tuple, |
| 3103 | const struct nf_conntrack_zone *zone); |
| 3104 | |
| 3105 | -void nf_conncount_lookup(struct net *net, struct nf_conncount_list *list, |
| 3106 | - const struct nf_conntrack_tuple *tuple, |
| 3107 | - const struct nf_conntrack_zone *zone, |
| 3108 | - bool *addit); |
| 3109 | +int nf_conncount_add(struct net *net, struct nf_conncount_list *list, |
| 3110 | + const struct nf_conntrack_tuple *tuple, |
| 3111 | + const struct nf_conntrack_zone *zone); |
| 3112 | |
| 3113 | void nf_conncount_list_init(struct nf_conncount_list *list); |
| 3114 | |
| 3115 | -enum nf_conncount_list_add |
| 3116 | -nf_conncount_add(struct nf_conncount_list *list, |
| 3117 | - const struct nf_conntrack_tuple *tuple, |
| 3118 | - const struct nf_conntrack_zone *zone); |
| 3119 | - |
| 3120 | bool nf_conncount_gc_list(struct net *net, |
| 3121 | struct nf_conncount_list *list); |
| 3122 | |
| 3123 | diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h |
| 3124 | index f6052e70bf40..a55cb8b10165 100644 |
| 3125 | --- a/include/uapi/linux/in.h |
| 3126 | +++ b/include/uapi/linux/in.h |
| 3127 | @@ -268,7 +268,7 @@ struct sockaddr_in { |
| 3128 | #define IN_MULTICAST(a) IN_CLASSD(a) |
| 3129 | #define IN_MULTICAST_NET 0xe0000000 |
| 3130 | |
| 3131 | -#define IN_BADCLASS(a) ((((long int) (a) ) == 0xffffffff) |
| 3132 | +#define IN_BADCLASS(a) (((long int) (a) ) == (long int)0xffffffff) |
| 3133 | #define IN_EXPERIMENTAL(a) IN_BADCLASS((a)) |
| 3134 | |
| 3135 | #define IN_CLASSE(a) ((((long int) (a)) & 0xf0000000) == 0xf0000000) |
| 3136 | diff --git a/include/uapi/rdma/vmw_pvrdma-abi.h b/include/uapi/rdma/vmw_pvrdma-abi.h |
| 3137 | index d13fd490b66d..6e73f0274e41 100644 |
| 3138 | --- a/include/uapi/rdma/vmw_pvrdma-abi.h |
| 3139 | +++ b/include/uapi/rdma/vmw_pvrdma-abi.h |
| 3140 | @@ -78,6 +78,7 @@ enum pvrdma_wr_opcode { |
| 3141 | PVRDMA_WR_MASKED_ATOMIC_FETCH_AND_ADD, |
| 3142 | PVRDMA_WR_BIND_MW, |
| 3143 | PVRDMA_WR_REG_SIG_MR, |
| 3144 | + PVRDMA_WR_ERROR, |
| 3145 | }; |
| 3146 | |
| 3147 | enum pvrdma_wc_status { |
| 3148 | diff --git a/init/Kconfig b/init/Kconfig |
| 3149 | index ed9352513c32..b902f9c89800 100644 |
| 3150 | --- a/init/Kconfig |
| 3151 | +++ b/init/Kconfig |
| 3152 | @@ -1130,6 +1130,7 @@ config LD_DEAD_CODE_DATA_ELIMINATION |
| 3153 | bool "Dead code and data elimination (EXPERIMENTAL)" |
| 3154 | depends on HAVE_LD_DEAD_CODE_DATA_ELIMINATION |
| 3155 | depends on EXPERT |
| 3156 | + depends on !(FUNCTION_TRACER && CC_IS_GCC && GCC_VERSION < 40800) |
| 3157 | depends on $(cc-option,-ffunction-sections -fdata-sections) |
| 3158 | depends on $(ld-option,--gc-sections) |
| 3159 | help |
| 3160 | diff --git a/lib/int_sqrt.c b/lib/int_sqrt.c |
| 3161 | index 14436f4ca6bd..30e0f9770f88 100644 |
| 3162 | --- a/lib/int_sqrt.c |
| 3163 | +++ b/lib/int_sqrt.c |
| 3164 | @@ -52,7 +52,7 @@ u32 int_sqrt64(u64 x) |
| 3165 | if (x <= ULONG_MAX) |
| 3166 | return int_sqrt((unsigned long) x); |
| 3167 | |
| 3168 | - m = 1ULL << (fls64(x) & ~1ULL); |
| 3169 | + m = 1ULL << ((fls64(x) - 1) & ~1ULL); |
| 3170 | while (m != 0) { |
| 3171 | b = y + m; |
| 3172 | y >>= 1; |
| 3173 | diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c |
| 3174 | index b1b5e8516724..ed683e5b73ba 100644 |
| 3175 | --- a/net/bridge/br_netfilter_hooks.c |
| 3176 | +++ b/net/bridge/br_netfilter_hooks.c |
| 3177 | @@ -278,7 +278,7 @@ int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_ |
| 3178 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 3179 | int ret; |
| 3180 | |
| 3181 | - if (neigh->hh.hh_len) { |
| 3182 | + if ((neigh->nud_state & NUD_CONNECTED) && neigh->hh.hh_len) { |
| 3183 | neigh_hh_bridge(&neigh->hh, skb); |
| 3184 | skb->dev = nf_bridge->physindev; |
| 3185 | ret = br_handle_frame_finish(net, sk, skb); |
| 3186 | diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c |
| 3187 | index 491828713e0b..5e55cef0cec3 100644 |
| 3188 | --- a/net/bridge/netfilter/ebtables.c |
| 3189 | +++ b/net/bridge/netfilter/ebtables.c |
| 3190 | @@ -1137,14 +1137,16 @@ static int do_replace(struct net *net, const void __user *user, |
| 3191 | tmp.name[sizeof(tmp.name) - 1] = 0; |
| 3192 | |
| 3193 | countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; |
| 3194 | - newinfo = vmalloc(sizeof(*newinfo) + countersize); |
| 3195 | + newinfo = __vmalloc(sizeof(*newinfo) + countersize, GFP_KERNEL_ACCOUNT, |
| 3196 | + PAGE_KERNEL); |
| 3197 | if (!newinfo) |
| 3198 | return -ENOMEM; |
| 3199 | |
| 3200 | if (countersize) |
| 3201 | memset(newinfo->counters, 0, countersize); |
| 3202 | |
| 3203 | - newinfo->entries = vmalloc(tmp.entries_size); |
| 3204 | + newinfo->entries = __vmalloc(tmp.entries_size, GFP_KERNEL_ACCOUNT, |
| 3205 | + PAGE_KERNEL); |
| 3206 | if (!newinfo->entries) { |
| 3207 | ret = -ENOMEM; |
| 3208 | goto free_newinfo; |
| 3209 | diff --git a/net/can/gw.c b/net/can/gw.c |
| 3210 | index faa3da88a127..53859346dc9a 100644 |
| 3211 | --- a/net/can/gw.c |
| 3212 | +++ b/net/can/gw.c |
| 3213 | @@ -416,13 +416,29 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data) |
| 3214 | while (modidx < MAX_MODFUNCTIONS && gwj->mod.modfunc[modidx]) |
| 3215 | (*gwj->mod.modfunc[modidx++])(cf, &gwj->mod); |
| 3216 | |
| 3217 | - /* check for checksum updates when the CAN frame has been modified */ |
| 3218 | + /* Has the CAN frame been modified? */ |
| 3219 | if (modidx) { |
| 3220 | - if (gwj->mod.csumfunc.crc8) |
| 3221 | + /* get available space for the processed CAN frame type */ |
| 3222 | + int max_len = nskb->len - offsetof(struct can_frame, data); |
| 3223 | + |
| 3224 | + /* dlc may have changed, make sure it fits to the CAN frame */ |
| 3225 | + if (cf->can_dlc > max_len) |
| 3226 | + goto out_delete; |
| 3227 | + |
| 3228 | + /* check for checksum updates in classic CAN length only */ |
| 3229 | + if (gwj->mod.csumfunc.crc8) { |
| 3230 | + if (cf->can_dlc > 8) |
| 3231 | + goto out_delete; |
| 3232 | + |
| 3233 | (*gwj->mod.csumfunc.crc8)(cf, &gwj->mod.csum.crc8); |
| 3234 | + } |
| 3235 | + |
| 3236 | + if (gwj->mod.csumfunc.xor) { |
| 3237 | + if (cf->can_dlc > 8) |
| 3238 | + goto out_delete; |
| 3239 | |
| 3240 | - if (gwj->mod.csumfunc.xor) |
| 3241 | (*gwj->mod.csumfunc.xor)(cf, &gwj->mod.csum.xor); |
| 3242 | + } |
| 3243 | } |
| 3244 | |
| 3245 | /* clear the skb timestamp if not configured the other way */ |
| 3246 | @@ -434,6 +450,14 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data) |
| 3247 | gwj->dropped_frames++; |
| 3248 | else |
| 3249 | gwj->handled_frames++; |
| 3250 | + |
| 3251 | + return; |
| 3252 | + |
| 3253 | + out_delete: |
| 3254 | + /* delete frame due to misconfiguration */ |
| 3255 | + gwj->deleted_frames++; |
| 3256 | + kfree_skb(nskb); |
| 3257 | + return; |
| 3258 | } |
| 3259 | |
| 3260 | static inline int cgw_register_filter(struct net *net, struct cgw_job *gwj) |
| 3261 | diff --git a/net/core/filter.c b/net/core/filter.c |
| 3262 | index 8d2c629501e2..eb0007f30142 100644 |
| 3263 | --- a/net/core/filter.c |
| 3264 | +++ b/net/core/filter.c |
| 3265 | @@ -2023,18 +2023,19 @@ static inline int __bpf_tx_skb(struct net_device *dev, struct sk_buff *skb) |
| 3266 | static int __bpf_redirect_no_mac(struct sk_buff *skb, struct net_device *dev, |
| 3267 | u32 flags) |
| 3268 | { |
| 3269 | - /* skb->mac_len is not set on normal egress */ |
| 3270 | - unsigned int mlen = skb->network_header - skb->mac_header; |
| 3271 | + unsigned int mlen = skb_network_offset(skb); |
| 3272 | |
| 3273 | - __skb_pull(skb, mlen); |
| 3274 | + if (mlen) { |
| 3275 | + __skb_pull(skb, mlen); |
| 3276 | |
| 3277 | - /* At ingress, the mac header has already been pulled once. |
| 3278 | - * At egress, skb_pospull_rcsum has to be done in case that |
| 3279 | - * the skb is originated from ingress (i.e. a forwarded skb) |
| 3280 | - * to ensure that rcsum starts at net header. |
| 3281 | - */ |
| 3282 | - if (!skb_at_tc_ingress(skb)) |
| 3283 | - skb_postpull_rcsum(skb, skb_mac_header(skb), mlen); |
| 3284 | + /* At ingress, the mac header has already been pulled once. |
| 3285 | + * At egress, skb_pospull_rcsum has to be done in case that |
| 3286 | + * the skb is originated from ingress (i.e. a forwarded skb) |
| 3287 | + * to ensure that rcsum starts at net header. |
| 3288 | + */ |
| 3289 | + if (!skb_at_tc_ingress(skb)) |
| 3290 | + skb_postpull_rcsum(skb, skb_mac_header(skb), mlen); |
| 3291 | + } |
| 3292 | skb_pop_mac_header(skb); |
| 3293 | skb_reset_mac_len(skb); |
| 3294 | return flags & BPF_F_INGRESS ? |
| 3295 | diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c |
| 3296 | index 3e85437f7106..a648568c5e8f 100644 |
| 3297 | --- a/net/core/lwt_bpf.c |
| 3298 | +++ b/net/core/lwt_bpf.c |
| 3299 | @@ -63,6 +63,7 @@ static int run_lwt_bpf(struct sk_buff *skb, struct bpf_lwt_prog *lwt, |
| 3300 | lwt->name ? : "<unknown>"); |
| 3301 | ret = BPF_OK; |
| 3302 | } else { |
| 3303 | + skb_reset_mac_header(skb); |
| 3304 | ret = skb_do_redirect(skb); |
| 3305 | if (ret == 0) |
| 3306 | ret = BPF_REDIRECT; |
| 3307 | diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c |
| 3308 | index fffcc130900e..82f341e84fae 100644 |
| 3309 | --- a/net/ipv4/ip_sockglue.c |
| 3310 | +++ b/net/ipv4/ip_sockglue.c |
| 3311 | @@ -148,19 +148,17 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) |
| 3312 | |
| 3313 | static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) |
| 3314 | { |
| 3315 | + __be16 _ports[2], *ports; |
| 3316 | struct sockaddr_in sin; |
| 3317 | - __be16 *ports; |
| 3318 | - int end; |
| 3319 | - |
| 3320 | - end = skb_transport_offset(skb) + 4; |
| 3321 | - if (end > 0 && !pskb_may_pull(skb, end)) |
| 3322 | - return; |
| 3323 | |
| 3324 | /* All current transport protocols have the port numbers in the |
| 3325 | * first four bytes of the transport header and this function is |
| 3326 | * written with this assumption in mind. |
| 3327 | */ |
| 3328 | - ports = (__be16 *)skb_transport_header(skb); |
| 3329 | + ports = skb_header_pointer(skb, skb_transport_offset(skb), |
| 3330 | + sizeof(_ports), &_ports); |
| 3331 | + if (!ports) |
| 3332 | + return; |
| 3333 | |
| 3334 | sin.sin_family = AF_INET; |
| 3335 | sin.sin_addr.s_addr = ip_hdr(skb)->daddr; |
| 3336 | diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c |
| 3337 | index f87dbc78b6bc..71a29e9c0620 100644 |
| 3338 | --- a/net/ipv4/tcp_timer.c |
| 3339 | +++ b/net/ipv4/tcp_timer.c |
| 3340 | @@ -226,7 +226,7 @@ static int tcp_write_timeout(struct sock *sk) |
| 3341 | if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) { |
| 3342 | if (icsk->icsk_retransmits) { |
| 3343 | dst_negative_advice(sk); |
| 3344 | - } else if (!tp->syn_data && !tp->syn_fastopen) { |
| 3345 | + } else { |
| 3346 | sk_rethink_txhash(sk); |
| 3347 | } |
| 3348 | retry_until = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries; |
| 3349 | diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c |
| 3350 | index 1ede7a16a0be..cb24850d2c7f 100644 |
| 3351 | --- a/net/ipv6/datagram.c |
| 3352 | +++ b/net/ipv6/datagram.c |
| 3353 | @@ -341,6 +341,7 @@ void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info) |
| 3354 | skb_reset_network_header(skb); |
| 3355 | iph = ipv6_hdr(skb); |
| 3356 | iph->daddr = fl6->daddr; |
| 3357 | + ip6_flow_hdr(iph, 0, 0); |
| 3358 | |
| 3359 | serr = SKB_EXT_ERR(skb); |
| 3360 | serr->ee.ee_errno = err; |
| 3361 | @@ -700,17 +701,15 @@ void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg, |
| 3362 | } |
| 3363 | if (np->rxopt.bits.rxorigdstaddr) { |
| 3364 | struct sockaddr_in6 sin6; |
| 3365 | - __be16 *ports; |
| 3366 | - int end; |
| 3367 | + __be16 _ports[2], *ports; |
| 3368 | |
| 3369 | - end = skb_transport_offset(skb) + 4; |
| 3370 | - if (end <= 0 || pskb_may_pull(skb, end)) { |
| 3371 | + ports = skb_header_pointer(skb, skb_transport_offset(skb), |
| 3372 | + sizeof(_ports), &_ports); |
| 3373 | + if (ports) { |
| 3374 | /* All current transport protocols have the port numbers in the |
| 3375 | * first four bytes of the transport header and this function is |
| 3376 | * written with this assumption in mind. |
| 3377 | */ |
| 3378 | - ports = (__be16 *)skb_transport_header(skb); |
| 3379 | - |
| 3380 | sin6.sin6_family = AF_INET6; |
| 3381 | sin6.sin6_addr = ipv6_hdr(skb)->daddr; |
| 3382 | sin6.sin6_port = ports[1]; |
| 3383 | diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c |
| 3384 | index c9c53ade55c3..6d14cbe443f8 100644 |
| 3385 | --- a/net/ipv6/icmp.c |
| 3386 | +++ b/net/ipv6/icmp.c |
| 3387 | @@ -421,10 +421,10 @@ static int icmp6_iif(const struct sk_buff *skb) |
| 3388 | static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, |
| 3389 | const struct in6_addr *force_saddr) |
| 3390 | { |
| 3391 | - struct net *net = dev_net(skb->dev); |
| 3392 | struct inet6_dev *idev = NULL; |
| 3393 | struct ipv6hdr *hdr = ipv6_hdr(skb); |
| 3394 | struct sock *sk; |
| 3395 | + struct net *net; |
| 3396 | struct ipv6_pinfo *np; |
| 3397 | const struct in6_addr *saddr = NULL; |
| 3398 | struct dst_entry *dst; |
| 3399 | @@ -435,12 +435,16 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, |
| 3400 | int iif = 0; |
| 3401 | int addr_type = 0; |
| 3402 | int len; |
| 3403 | - u32 mark = IP6_REPLY_MARK(net, skb->mark); |
| 3404 | + u32 mark; |
| 3405 | |
| 3406 | if ((u8 *)hdr < skb->head || |
| 3407 | (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) |
| 3408 | return; |
| 3409 | |
| 3410 | + if (!skb->dev) |
| 3411 | + return; |
| 3412 | + net = dev_net(skb->dev); |
| 3413 | + mark = IP6_REPLY_MARK(net, skb->mark); |
| 3414 | /* |
| 3415 | * Make sure we respect the rules |
| 3416 | * i.e. RFC 1885 2.4(e) |
| 3417 | diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c |
| 3418 | index 9cd180bda092..7554c56b2e63 100644 |
| 3419 | --- a/net/netfilter/nf_conncount.c |
| 3420 | +++ b/net/netfilter/nf_conncount.c |
| 3421 | @@ -33,12 +33,6 @@ |
| 3422 | |
| 3423 | #define CONNCOUNT_SLOTS 256U |
| 3424 | |
| 3425 | -#ifdef CONFIG_LOCKDEP |
| 3426 | -#define CONNCOUNT_LOCK_SLOTS 8U |
| 3427 | -#else |
| 3428 | -#define CONNCOUNT_LOCK_SLOTS 256U |
| 3429 | -#endif |
| 3430 | - |
| 3431 | #define CONNCOUNT_GC_MAX_NODES 8 |
| 3432 | #define MAX_KEYLEN 5 |
| 3433 | |
| 3434 | @@ -49,8 +43,6 @@ struct nf_conncount_tuple { |
| 3435 | struct nf_conntrack_zone zone; |
| 3436 | int cpu; |
| 3437 | u32 jiffies32; |
| 3438 | - bool dead; |
| 3439 | - struct rcu_head rcu_head; |
| 3440 | }; |
| 3441 | |
| 3442 | struct nf_conncount_rb { |
| 3443 | @@ -60,7 +52,7 @@ struct nf_conncount_rb { |
| 3444 | struct rcu_head rcu_head; |
| 3445 | }; |
| 3446 | |
| 3447 | -static spinlock_t nf_conncount_locks[CONNCOUNT_LOCK_SLOTS] __cacheline_aligned_in_smp; |
| 3448 | +static spinlock_t nf_conncount_locks[CONNCOUNT_SLOTS] __cacheline_aligned_in_smp; |
| 3449 | |
| 3450 | struct nf_conncount_data { |
| 3451 | unsigned int keylen; |
| 3452 | @@ -89,79 +81,25 @@ static int key_diff(const u32 *a, const u32 *b, unsigned int klen) |
| 3453 | return memcmp(a, b, klen * sizeof(u32)); |
| 3454 | } |
| 3455 | |
| 3456 | -enum nf_conncount_list_add |
| 3457 | -nf_conncount_add(struct nf_conncount_list *list, |
| 3458 | - const struct nf_conntrack_tuple *tuple, |
| 3459 | - const struct nf_conntrack_zone *zone) |
| 3460 | -{ |
| 3461 | - struct nf_conncount_tuple *conn; |
| 3462 | - |
| 3463 | - if (WARN_ON_ONCE(list->count > INT_MAX)) |
| 3464 | - return NF_CONNCOUNT_ERR; |
| 3465 | - |
| 3466 | - conn = kmem_cache_alloc(conncount_conn_cachep, GFP_ATOMIC); |
| 3467 | - if (conn == NULL) |
| 3468 | - return NF_CONNCOUNT_ERR; |
| 3469 | - |
| 3470 | - conn->tuple = *tuple; |
| 3471 | - conn->zone = *zone; |
| 3472 | - conn->cpu = raw_smp_processor_id(); |
| 3473 | - conn->jiffies32 = (u32)jiffies; |
| 3474 | - conn->dead = false; |
| 3475 | - spin_lock_bh(&list->list_lock); |
| 3476 | - if (list->dead == true) { |
| 3477 | - kmem_cache_free(conncount_conn_cachep, conn); |
| 3478 | - spin_unlock_bh(&list->list_lock); |
| 3479 | - return NF_CONNCOUNT_SKIP; |
| 3480 | - } |
| 3481 | - list_add_tail(&conn->node, &list->head); |
| 3482 | - list->count++; |
| 3483 | - spin_unlock_bh(&list->list_lock); |
| 3484 | - return NF_CONNCOUNT_ADDED; |
| 3485 | -} |
| 3486 | -EXPORT_SYMBOL_GPL(nf_conncount_add); |
| 3487 | - |
| 3488 | -static void __conn_free(struct rcu_head *h) |
| 3489 | -{ |
| 3490 | - struct nf_conncount_tuple *conn; |
| 3491 | - |
| 3492 | - conn = container_of(h, struct nf_conncount_tuple, rcu_head); |
| 3493 | - kmem_cache_free(conncount_conn_cachep, conn); |
| 3494 | -} |
| 3495 | - |
| 3496 | -static bool conn_free(struct nf_conncount_list *list, |
| 3497 | +static void conn_free(struct nf_conncount_list *list, |
| 3498 | struct nf_conncount_tuple *conn) |
| 3499 | { |
| 3500 | - bool free_entry = false; |
| 3501 | - |
| 3502 | - spin_lock_bh(&list->list_lock); |
| 3503 | - |
| 3504 | - if (conn->dead) { |
| 3505 | - spin_unlock_bh(&list->list_lock); |
| 3506 | - return free_entry; |
| 3507 | - } |
| 3508 | + lockdep_assert_held(&list->list_lock); |
| 3509 | |
| 3510 | list->count--; |
| 3511 | - conn->dead = true; |
| 3512 | - list_del_rcu(&conn->node); |
| 3513 | - if (list->count == 0) { |
| 3514 | - list->dead = true; |
| 3515 | - free_entry = true; |
| 3516 | - } |
| 3517 | + list_del(&conn->node); |
| 3518 | |
| 3519 | - spin_unlock_bh(&list->list_lock); |
| 3520 | - call_rcu(&conn->rcu_head, __conn_free); |
| 3521 | - return free_entry; |
| 3522 | + kmem_cache_free(conncount_conn_cachep, conn); |
| 3523 | } |
| 3524 | |
| 3525 | static const struct nf_conntrack_tuple_hash * |
| 3526 | find_or_evict(struct net *net, struct nf_conncount_list *list, |
| 3527 | - struct nf_conncount_tuple *conn, bool *free_entry) |
| 3528 | + struct nf_conncount_tuple *conn) |
| 3529 | { |
| 3530 | const struct nf_conntrack_tuple_hash *found; |
| 3531 | unsigned long a, b; |
| 3532 | int cpu = raw_smp_processor_id(); |
| 3533 | - __s32 age; |
| 3534 | + u32 age; |
| 3535 | |
| 3536 | found = nf_conntrack_find_get(net, &conn->zone, &conn->tuple); |
| 3537 | if (found) |
| 3538 | @@ -176,52 +114,45 @@ find_or_evict(struct net *net, struct nf_conncount_list *list, |
| 3539 | */ |
| 3540 | age = a - b; |
| 3541 | if (conn->cpu == cpu || age >= 2) { |
| 3542 | - *free_entry = conn_free(list, conn); |
| 3543 | + conn_free(list, conn); |
| 3544 | return ERR_PTR(-ENOENT); |
| 3545 | } |
| 3546 | |
| 3547 | return ERR_PTR(-EAGAIN); |
| 3548 | } |
| 3549 | |
| 3550 | -void nf_conncount_lookup(struct net *net, |
| 3551 | - struct nf_conncount_list *list, |
| 3552 | - const struct nf_conntrack_tuple *tuple, |
| 3553 | - const struct nf_conntrack_zone *zone, |
| 3554 | - bool *addit) |
| 3555 | +static int __nf_conncount_add(struct net *net, |
| 3556 | + struct nf_conncount_list *list, |
| 3557 | + const struct nf_conntrack_tuple *tuple, |
| 3558 | + const struct nf_conntrack_zone *zone) |
| 3559 | { |
| 3560 | const struct nf_conntrack_tuple_hash *found; |
| 3561 | struct nf_conncount_tuple *conn, *conn_n; |
| 3562 | struct nf_conn *found_ct; |
| 3563 | unsigned int collect = 0; |
| 3564 | - bool free_entry = false; |
| 3565 | - |
| 3566 | - /* best effort only */ |
| 3567 | - *addit = tuple ? true : false; |
| 3568 | |
| 3569 | /* check the saved connections */ |
| 3570 | list_for_each_entry_safe(conn, conn_n, &list->head, node) { |
| 3571 | if (collect > CONNCOUNT_GC_MAX_NODES) |
| 3572 | break; |
| 3573 | |
| 3574 | - found = find_or_evict(net, list, conn, &free_entry); |
| 3575 | + found = find_or_evict(net, list, conn); |
| 3576 | if (IS_ERR(found)) { |
| 3577 | /* Not found, but might be about to be confirmed */ |
| 3578 | if (PTR_ERR(found) == -EAGAIN) { |
| 3579 | - if (!tuple) |
| 3580 | - continue; |
| 3581 | - |
| 3582 | if (nf_ct_tuple_equal(&conn->tuple, tuple) && |
| 3583 | nf_ct_zone_id(&conn->zone, conn->zone.dir) == |
| 3584 | nf_ct_zone_id(zone, zone->dir)) |
| 3585 | - *addit = false; |
| 3586 | - } else if (PTR_ERR(found) == -ENOENT) |
| 3587 | + return 0; /* already exists */ |
| 3588 | + } else { |
| 3589 | collect++; |
| 3590 | + } |
| 3591 | continue; |
| 3592 | } |
| 3593 | |
| 3594 | found_ct = nf_ct_tuplehash_to_ctrack(found); |
| 3595 | |
| 3596 | - if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple) && |
| 3597 | + if (nf_ct_tuple_equal(&conn->tuple, tuple) && |
| 3598 | nf_ct_zone_equal(found_ct, zone, zone->dir)) { |
| 3599 | /* |
| 3600 | * We should not see tuples twice unless someone hooks |
| 3601 | @@ -229,7 +160,8 @@ void nf_conncount_lookup(struct net *net, |
| 3602 | * |
| 3603 | * Attempt to avoid a re-add in this case. |
| 3604 | */ |
| 3605 | - *addit = false; |
| 3606 | + nf_ct_put(found_ct); |
| 3607 | + return 0; |
| 3608 | } else if (already_closed(found_ct)) { |
| 3609 | /* |
| 3610 | * we do not care about connections which are |
| 3611 | @@ -243,19 +175,48 @@ void nf_conncount_lookup(struct net *net, |
| 3612 | |
| 3613 | nf_ct_put(found_ct); |
| 3614 | } |
| 3615 | + |
| 3616 | + if (WARN_ON_ONCE(list->count > INT_MAX)) |
| 3617 | + return -EOVERFLOW; |
| 3618 | + |
| 3619 | + conn = kmem_cache_alloc(conncount_conn_cachep, GFP_ATOMIC); |
| 3620 | + if (conn == NULL) |
| 3621 | + return -ENOMEM; |
| 3622 | + |
| 3623 | + conn->tuple = *tuple; |
| 3624 | + conn->zone = *zone; |
| 3625 | + conn->cpu = raw_smp_processor_id(); |
| 3626 | + conn->jiffies32 = (u32)jiffies; |
| 3627 | + list_add_tail(&conn->node, &list->head); |
| 3628 | + list->count++; |
| 3629 | + return 0; |
| 3630 | } |
| 3631 | -EXPORT_SYMBOL_GPL(nf_conncount_lookup); |
| 3632 | + |
| 3633 | +int nf_conncount_add(struct net *net, |
| 3634 | + struct nf_conncount_list *list, |
| 3635 | + const struct nf_conntrack_tuple *tuple, |
| 3636 | + const struct nf_conntrack_zone *zone) |
| 3637 | +{ |
| 3638 | + int ret; |
| 3639 | + |
| 3640 | + /* check the saved connections */ |
| 3641 | + spin_lock_bh(&list->list_lock); |
| 3642 | + ret = __nf_conncount_add(net, list, tuple, zone); |
| 3643 | + spin_unlock_bh(&list->list_lock); |
| 3644 | + |
| 3645 | + return ret; |
| 3646 | +} |
| 3647 | +EXPORT_SYMBOL_GPL(nf_conncount_add); |
| 3648 | |
| 3649 | void nf_conncount_list_init(struct nf_conncount_list *list) |
| 3650 | { |
| 3651 | spin_lock_init(&list->list_lock); |
| 3652 | INIT_LIST_HEAD(&list->head); |
| 3653 | list->count = 0; |
| 3654 | - list->dead = false; |
| 3655 | } |
| 3656 | EXPORT_SYMBOL_GPL(nf_conncount_list_init); |
| 3657 | |
| 3658 | -/* Return true if the list is empty */ |
| 3659 | +/* Return true if the list is empty. Must be called with BH disabled. */ |
| 3660 | bool nf_conncount_gc_list(struct net *net, |
| 3661 | struct nf_conncount_list *list) |
| 3662 | { |
| 3663 | @@ -263,17 +224,17 @@ bool nf_conncount_gc_list(struct net *net, |
| 3664 | struct nf_conncount_tuple *conn, *conn_n; |
| 3665 | struct nf_conn *found_ct; |
| 3666 | unsigned int collected = 0; |
| 3667 | - bool free_entry = false; |
| 3668 | bool ret = false; |
| 3669 | |
| 3670 | + /* don't bother if other cpu is already doing GC */ |
| 3671 | + if (!spin_trylock(&list->list_lock)) |
| 3672 | + return false; |
| 3673 | + |
| 3674 | list_for_each_entry_safe(conn, conn_n, &list->head, node) { |
| 3675 | - found = find_or_evict(net, list, conn, &free_entry); |
| 3676 | + found = find_or_evict(net, list, conn); |
| 3677 | if (IS_ERR(found)) { |
| 3678 | - if (PTR_ERR(found) == -ENOENT) { |
| 3679 | - if (free_entry) |
| 3680 | - return true; |
| 3681 | + if (PTR_ERR(found) == -ENOENT) |
| 3682 | collected++; |
| 3683 | - } |
| 3684 | continue; |
| 3685 | } |
| 3686 | |
| 3687 | @@ -284,23 +245,19 @@ bool nf_conncount_gc_list(struct net *net, |
| 3688 | * closed already -> ditch it |
| 3689 | */ |
| 3690 | nf_ct_put(found_ct); |
| 3691 | - if (conn_free(list, conn)) |
| 3692 | - return true; |
| 3693 | + conn_free(list, conn); |
| 3694 | collected++; |
| 3695 | continue; |
| 3696 | } |
| 3697 | |
| 3698 | nf_ct_put(found_ct); |
| 3699 | if (collected > CONNCOUNT_GC_MAX_NODES) |
| 3700 | - return false; |
| 3701 | + break; |
| 3702 | } |
| 3703 | |
| 3704 | - spin_lock_bh(&list->list_lock); |
| 3705 | - if (!list->count) { |
| 3706 | - list->dead = true; |
| 3707 | + if (!list->count) |
| 3708 | ret = true; |
| 3709 | - } |
| 3710 | - spin_unlock_bh(&list->list_lock); |
| 3711 | + spin_unlock(&list->list_lock); |
| 3712 | |
| 3713 | return ret; |
| 3714 | } |
| 3715 | @@ -314,6 +271,7 @@ static void __tree_nodes_free(struct rcu_head *h) |
| 3716 | kmem_cache_free(conncount_rb_cachep, rbconn); |
| 3717 | } |
| 3718 | |
| 3719 | +/* caller must hold tree nf_conncount_locks[] lock */ |
| 3720 | static void tree_nodes_free(struct rb_root *root, |
| 3721 | struct nf_conncount_rb *gc_nodes[], |
| 3722 | unsigned int gc_count) |
| 3723 | @@ -323,8 +281,10 @@ static void tree_nodes_free(struct rb_root *root, |
| 3724 | while (gc_count) { |
| 3725 | rbconn = gc_nodes[--gc_count]; |
| 3726 | spin_lock(&rbconn->list.list_lock); |
| 3727 | - rb_erase(&rbconn->node, root); |
| 3728 | - call_rcu(&rbconn->rcu_head, __tree_nodes_free); |
| 3729 | + if (!rbconn->list.count) { |
| 3730 | + rb_erase(&rbconn->node, root); |
| 3731 | + call_rcu(&rbconn->rcu_head, __tree_nodes_free); |
| 3732 | + } |
| 3733 | spin_unlock(&rbconn->list.list_lock); |
| 3734 | } |
| 3735 | } |
| 3736 | @@ -341,20 +301,19 @@ insert_tree(struct net *net, |
| 3737 | struct rb_root *root, |
| 3738 | unsigned int hash, |
| 3739 | const u32 *key, |
| 3740 | - u8 keylen, |
| 3741 | const struct nf_conntrack_tuple *tuple, |
| 3742 | const struct nf_conntrack_zone *zone) |
| 3743 | { |
| 3744 | - enum nf_conncount_list_add ret; |
| 3745 | struct nf_conncount_rb *gc_nodes[CONNCOUNT_GC_MAX_NODES]; |
| 3746 | struct rb_node **rbnode, *parent; |
| 3747 | struct nf_conncount_rb *rbconn; |
| 3748 | struct nf_conncount_tuple *conn; |
| 3749 | unsigned int count = 0, gc_count = 0; |
| 3750 | - bool node_found = false; |
| 3751 | - |
| 3752 | - spin_lock_bh(&nf_conncount_locks[hash % CONNCOUNT_LOCK_SLOTS]); |
| 3753 | + u8 keylen = data->keylen; |
| 3754 | + bool do_gc = true; |
| 3755 | |
| 3756 | + spin_lock_bh(&nf_conncount_locks[hash]); |
| 3757 | +restart: |
| 3758 | parent = NULL; |
| 3759 | rbnode = &(root->rb_node); |
| 3760 | while (*rbnode) { |
| 3761 | @@ -368,45 +327,32 @@ insert_tree(struct net *net, |
| 3762 | } else if (diff > 0) { |
| 3763 | rbnode = &((*rbnode)->rb_right); |
| 3764 | } else { |
| 3765 | - /* unlikely: other cpu added node already */ |
| 3766 | - node_found = true; |
| 3767 | - ret = nf_conncount_add(&rbconn->list, tuple, zone); |
| 3768 | - if (ret == NF_CONNCOUNT_ERR) { |
| 3769 | + int ret; |
| 3770 | + |
| 3771 | + ret = nf_conncount_add(net, &rbconn->list, tuple, zone); |
| 3772 | + if (ret) |
| 3773 | count = 0; /* hotdrop */ |
| 3774 | - } else if (ret == NF_CONNCOUNT_ADDED) { |
| 3775 | + else |
| 3776 | count = rbconn->list.count; |
| 3777 | - } else { |
| 3778 | - /* NF_CONNCOUNT_SKIP, rbconn is already |
| 3779 | - * reclaimed by gc, insert a new tree node |
| 3780 | - */ |
| 3781 | - node_found = false; |
| 3782 | - } |
| 3783 | - break; |
| 3784 | + tree_nodes_free(root, gc_nodes, gc_count); |
| 3785 | + goto out_unlock; |
| 3786 | } |
| 3787 | |
| 3788 | if (gc_count >= ARRAY_SIZE(gc_nodes)) |
| 3789 | continue; |
| 3790 | |
| 3791 | - if (nf_conncount_gc_list(net, &rbconn->list)) |
| 3792 | + if (do_gc && nf_conncount_gc_list(net, &rbconn->list)) |
| 3793 | gc_nodes[gc_count++] = rbconn; |
| 3794 | } |
| 3795 | |
| 3796 | if (gc_count) { |
| 3797 | tree_nodes_free(root, gc_nodes, gc_count); |
| 3798 | - /* tree_node_free before new allocation permits |
| 3799 | - * allocator to re-use newly free'd object. |
| 3800 | - * |
| 3801 | - * This is a rare event; in most cases we will find |
| 3802 | - * existing node to re-use. (or gc_count is 0). |
| 3803 | - */ |
| 3804 | - |
| 3805 | - if (gc_count >= ARRAY_SIZE(gc_nodes)) |
| 3806 | - schedule_gc_worker(data, hash); |
| 3807 | + schedule_gc_worker(data, hash); |
| 3808 | + gc_count = 0; |
| 3809 | + do_gc = false; |
| 3810 | + goto restart; |
| 3811 | } |
| 3812 | |
| 3813 | - if (node_found) |
| 3814 | - goto out_unlock; |
| 3815 | - |
| 3816 | /* expected case: match, insert new node */ |
| 3817 | rbconn = kmem_cache_alloc(conncount_rb_cachep, GFP_ATOMIC); |
| 3818 | if (rbconn == NULL) |
| 3819 | @@ -430,7 +376,7 @@ insert_tree(struct net *net, |
| 3820 | rb_link_node_rcu(&rbconn->node, parent, rbnode); |
| 3821 | rb_insert_color(&rbconn->node, root); |
| 3822 | out_unlock: |
| 3823 | - spin_unlock_bh(&nf_conncount_locks[hash % CONNCOUNT_LOCK_SLOTS]); |
| 3824 | + spin_unlock_bh(&nf_conncount_locks[hash]); |
| 3825 | return count; |
| 3826 | } |
| 3827 | |
| 3828 | @@ -441,7 +387,6 @@ count_tree(struct net *net, |
| 3829 | const struct nf_conntrack_tuple *tuple, |
| 3830 | const struct nf_conntrack_zone *zone) |
| 3831 | { |
| 3832 | - enum nf_conncount_list_add ret; |
| 3833 | struct rb_root *root; |
| 3834 | struct rb_node *parent; |
| 3835 | struct nf_conncount_rb *rbconn; |
| 3836 | @@ -454,7 +399,6 @@ count_tree(struct net *net, |
| 3837 | parent = rcu_dereference_raw(root->rb_node); |
| 3838 | while (parent) { |
| 3839 | int diff; |
| 3840 | - bool addit; |
| 3841 | |
| 3842 | rbconn = rb_entry(parent, struct nf_conncount_rb, node); |
| 3843 | |
| 3844 | @@ -464,31 +408,36 @@ count_tree(struct net *net, |
| 3845 | } else if (diff > 0) { |
| 3846 | parent = rcu_dereference_raw(parent->rb_right); |
| 3847 | } else { |
| 3848 | - /* same source network -> be counted! */ |
| 3849 | - nf_conncount_lookup(net, &rbconn->list, tuple, zone, |
| 3850 | - &addit); |
| 3851 | + int ret; |
| 3852 | |
| 3853 | - if (!addit) |
| 3854 | + if (!tuple) { |
| 3855 | + nf_conncount_gc_list(net, &rbconn->list); |
| 3856 | return rbconn->list.count; |
| 3857 | + } |
| 3858 | |
| 3859 | - ret = nf_conncount_add(&rbconn->list, tuple, zone); |
| 3860 | - if (ret == NF_CONNCOUNT_ERR) { |
| 3861 | - return 0; /* hotdrop */ |
| 3862 | - } else if (ret == NF_CONNCOUNT_ADDED) { |
| 3863 | - return rbconn->list.count; |
| 3864 | - } else { |
| 3865 | - /* NF_CONNCOUNT_SKIP, rbconn is already |
| 3866 | - * reclaimed by gc, insert a new tree node |
| 3867 | - */ |
| 3868 | + spin_lock_bh(&rbconn->list.list_lock); |
| 3869 | + /* Node might be about to be free'd. |
| 3870 | + * We need to defer to insert_tree() in this case. |
| 3871 | + */ |
| 3872 | + if (rbconn->list.count == 0) { |
| 3873 | + spin_unlock_bh(&rbconn->list.list_lock); |
| 3874 | break; |
| 3875 | } |
| 3876 | + |
| 3877 | + /* same source network -> be counted! */ |
| 3878 | + ret = __nf_conncount_add(net, &rbconn->list, tuple, zone); |
| 3879 | + spin_unlock_bh(&rbconn->list.list_lock); |
| 3880 | + if (ret) |
| 3881 | + return 0; /* hotdrop */ |
| 3882 | + else |
| 3883 | + return rbconn->list.count; |
| 3884 | } |
| 3885 | } |
| 3886 | |
| 3887 | if (!tuple) |
| 3888 | return 0; |
| 3889 | |
| 3890 | - return insert_tree(net, data, root, hash, key, keylen, tuple, zone); |
| 3891 | + return insert_tree(net, data, root, hash, key, tuple, zone); |
| 3892 | } |
| 3893 | |
| 3894 | static void tree_gc_worker(struct work_struct *work) |
| 3895 | @@ -499,27 +448,47 @@ static void tree_gc_worker(struct work_struct *work) |
| 3896 | struct rb_node *node; |
| 3897 | unsigned int tree, next_tree, gc_count = 0; |
| 3898 | |
| 3899 | - tree = data->gc_tree % CONNCOUNT_LOCK_SLOTS; |
| 3900 | + tree = data->gc_tree % CONNCOUNT_SLOTS; |
| 3901 | root = &data->root[tree]; |
| 3902 | |
| 3903 | + local_bh_disable(); |
| 3904 | rcu_read_lock(); |
| 3905 | for (node = rb_first(root); node != NULL; node = rb_next(node)) { |
| 3906 | rbconn = rb_entry(node, struct nf_conncount_rb, node); |
| 3907 | if (nf_conncount_gc_list(data->net, &rbconn->list)) |
| 3908 | - gc_nodes[gc_count++] = rbconn; |
| 3909 | + gc_count++; |
| 3910 | } |
| 3911 | rcu_read_unlock(); |
| 3912 | + local_bh_enable(); |
| 3913 | + |
| 3914 | + cond_resched(); |
| 3915 | |
| 3916 | spin_lock_bh(&nf_conncount_locks[tree]); |
| 3917 | + if (gc_count < ARRAY_SIZE(gc_nodes)) |
| 3918 | + goto next; /* do not bother */ |
| 3919 | |
| 3920 | - if (gc_count) { |
| 3921 | - tree_nodes_free(root, gc_nodes, gc_count); |
| 3922 | + gc_count = 0; |
| 3923 | + node = rb_first(root); |
| 3924 | + while (node != NULL) { |
| 3925 | + rbconn = rb_entry(node, struct nf_conncount_rb, node); |
| 3926 | + node = rb_next(node); |
| 3927 | + |
| 3928 | + if (rbconn->list.count > 0) |
| 3929 | + continue; |
| 3930 | + |
| 3931 | + gc_nodes[gc_count++] = rbconn; |
| 3932 | + if (gc_count >= ARRAY_SIZE(gc_nodes)) { |
| 3933 | + tree_nodes_free(root, gc_nodes, gc_count); |
| 3934 | + gc_count = 0; |
| 3935 | + } |
| 3936 | } |
| 3937 | |
| 3938 | + tree_nodes_free(root, gc_nodes, gc_count); |
| 3939 | +next: |
| 3940 | clear_bit(tree, data->pending_trees); |
| 3941 | |
| 3942 | next_tree = (tree + 1) % CONNCOUNT_SLOTS; |
| 3943 | - next_tree = find_next_bit(data->pending_trees, next_tree, CONNCOUNT_SLOTS); |
| 3944 | + next_tree = find_next_bit(data->pending_trees, CONNCOUNT_SLOTS, next_tree); |
| 3945 | |
| 3946 | if (next_tree < CONNCOUNT_SLOTS) { |
| 3947 | data->gc_tree = next_tree; |
| 3948 | @@ -621,10 +590,7 @@ static int __init nf_conncount_modinit(void) |
| 3949 | { |
| 3950 | int i; |
| 3951 | |
| 3952 | - BUILD_BUG_ON(CONNCOUNT_LOCK_SLOTS > CONNCOUNT_SLOTS); |
| 3953 | - BUILD_BUG_ON((CONNCOUNT_SLOTS % CONNCOUNT_LOCK_SLOTS) != 0); |
| 3954 | - |
| 3955 | - for (i = 0; i < CONNCOUNT_LOCK_SLOTS; ++i) |
| 3956 | + for (i = 0; i < CONNCOUNT_SLOTS; ++i) |
| 3957 | spin_lock_init(&nf_conncount_locks[i]); |
| 3958 | |
| 3959 | conncount_conn_cachep = kmem_cache_create("nf_conncount_tuple", |
| 3960 | diff --git a/net/netfilter/nft_connlimit.c b/net/netfilter/nft_connlimit.c |
| 3961 | index b90d96ba4a12..af1497ab9464 100644 |
| 3962 | --- a/net/netfilter/nft_connlimit.c |
| 3963 | +++ b/net/netfilter/nft_connlimit.c |
| 3964 | @@ -30,7 +30,6 @@ static inline void nft_connlimit_do_eval(struct nft_connlimit *priv, |
| 3965 | enum ip_conntrack_info ctinfo; |
| 3966 | const struct nf_conn *ct; |
| 3967 | unsigned int count; |
| 3968 | - bool addit; |
| 3969 | |
| 3970 | tuple_ptr = &tuple; |
| 3971 | |
| 3972 | @@ -44,19 +43,12 @@ static inline void nft_connlimit_do_eval(struct nft_connlimit *priv, |
| 3973 | return; |
| 3974 | } |
| 3975 | |
| 3976 | - nf_conncount_lookup(nft_net(pkt), &priv->list, tuple_ptr, zone, |
| 3977 | - &addit); |
| 3978 | - count = priv->list.count; |
| 3979 | - |
| 3980 | - if (!addit) |
| 3981 | - goto out; |
| 3982 | - |
| 3983 | - if (nf_conncount_add(&priv->list, tuple_ptr, zone) == NF_CONNCOUNT_ERR) { |
| 3984 | + if (nf_conncount_add(nft_net(pkt), &priv->list, tuple_ptr, zone)) { |
| 3985 | regs->verdict.code = NF_DROP; |
| 3986 | return; |
| 3987 | } |
| 3988 | - count++; |
| 3989 | -out: |
| 3990 | + |
| 3991 | + count = priv->list.count; |
| 3992 | |
| 3993 | if ((count > priv->limit) ^ priv->invert) { |
| 3994 | regs->verdict.code = NFT_BREAK; |
| 3995 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
| 3996 | index eedacdebcd4c..d0945253f43b 100644 |
| 3997 | --- a/net/packet/af_packet.c |
| 3998 | +++ b/net/packet/af_packet.c |
| 3999 | @@ -2628,7 +2628,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) |
| 4000 | addr = saddr->sll_halen ? saddr->sll_addr : NULL; |
| 4001 | dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); |
| 4002 | if (addr && dev && saddr->sll_halen < dev->addr_len) |
| 4003 | - goto out; |
| 4004 | + goto out_put; |
| 4005 | } |
| 4006 | |
| 4007 | err = -ENXIO; |
| 4008 | @@ -2828,7 +2828,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
| 4009 | addr = saddr->sll_halen ? saddr->sll_addr : NULL; |
| 4010 | dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); |
| 4011 | if (addr && dev && saddr->sll_halen < dev->addr_len) |
| 4012 | - goto out; |
| 4013 | + goto out_unlock; |
| 4014 | } |
| 4015 | |
| 4016 | err = -ENXIO; |
| 4017 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
| 4018 | index 7f0539db5604..0bae07e9c9e7 100644 |
| 4019 | --- a/net/sctp/ipv6.c |
| 4020 | +++ b/net/sctp/ipv6.c |
| 4021 | @@ -97,11 +97,9 @@ static int sctp_inet6addr_event(struct notifier_block *this, unsigned long ev, |
| 4022 | |
| 4023 | switch (ev) { |
| 4024 | case NETDEV_UP: |
| 4025 | - addr = kmalloc(sizeof(struct sctp_sockaddr_entry), GFP_ATOMIC); |
| 4026 | + addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
| 4027 | if (addr) { |
| 4028 | addr->a.v6.sin6_family = AF_INET6; |
| 4029 | - addr->a.v6.sin6_port = 0; |
| 4030 | - addr->a.v6.sin6_flowinfo = 0; |
| 4031 | addr->a.v6.sin6_addr = ifa->addr; |
| 4032 | addr->a.v6.sin6_scope_id = ifa->idev->dev->ifindex; |
| 4033 | addr->valid = 1; |
| 4034 | @@ -431,7 +429,6 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, |
| 4035 | addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
| 4036 | if (addr) { |
| 4037 | addr->a.v6.sin6_family = AF_INET6; |
| 4038 | - addr->a.v6.sin6_port = 0; |
| 4039 | addr->a.v6.sin6_addr = ifp->addr; |
| 4040 | addr->a.v6.sin6_scope_id = dev->ifindex; |
| 4041 | addr->valid = 1; |
| 4042 | diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c |
| 4043 | index 9b277bd36d1a..85af878f5668 100644 |
| 4044 | --- a/net/sctp/protocol.c |
| 4045 | +++ b/net/sctp/protocol.c |
| 4046 | @@ -101,7 +101,6 @@ static void sctp_v4_copy_addrlist(struct list_head *addrlist, |
| 4047 | addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
| 4048 | if (addr) { |
| 4049 | addr->a.v4.sin_family = AF_INET; |
| 4050 | - addr->a.v4.sin_port = 0; |
| 4051 | addr->a.v4.sin_addr.s_addr = ifa->ifa_local; |
| 4052 | addr->valid = 1; |
| 4053 | INIT_LIST_HEAD(&addr->list); |
| 4054 | @@ -776,10 +775,9 @@ static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev, |
| 4055 | |
| 4056 | switch (ev) { |
| 4057 | case NETDEV_UP: |
| 4058 | - addr = kmalloc(sizeof(struct sctp_sockaddr_entry), GFP_ATOMIC); |
| 4059 | + addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
| 4060 | if (addr) { |
| 4061 | addr->a.v4.sin_family = AF_INET; |
| 4062 | - addr->a.v4.sin_port = 0; |
| 4063 | addr->a.v4.sin_addr.s_addr = ifa->ifa_local; |
| 4064 | addr->valid = 1; |
| 4065 | spin_lock_bh(&net->sctp.local_addr_lock); |
| 4066 | diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c |
| 4067 | index 82cb0e5634bc..5d2214183601 100644 |
| 4068 | --- a/net/smc/af_smc.c |
| 4069 | +++ b/net/smc/af_smc.c |
| 4070 | @@ -146,6 +146,9 @@ static int smc_release(struct socket *sock) |
| 4071 | sock_set_flag(sk, SOCK_DEAD); |
| 4072 | sk->sk_shutdown |= SHUTDOWN_MASK; |
| 4073 | } |
| 4074 | + |
| 4075 | + sk->sk_prot->unhash(sk); |
| 4076 | + |
| 4077 | if (smc->clcsock) { |
| 4078 | if (smc->use_fallback && sk->sk_state == SMC_LISTEN) { |
| 4079 | /* wake up clcsock accept */ |
| 4080 | @@ -170,7 +173,6 @@ static int smc_release(struct socket *sock) |
| 4081 | smc_conn_free(&smc->conn); |
| 4082 | release_sock(sk); |
| 4083 | |
| 4084 | - sk->sk_prot->unhash(sk); |
| 4085 | sock_put(sk); /* final sock_put */ |
| 4086 | out: |
| 4087 | return rc; |
| 4088 | diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c |
| 4089 | index c7872bc13860..08b5fa4a2852 100644 |
| 4090 | --- a/net/sunrpc/rpcb_clnt.c |
| 4091 | +++ b/net/sunrpc/rpcb_clnt.c |
| 4092 | @@ -771,6 +771,12 @@ void rpcb_getport_async(struct rpc_task *task) |
| 4093 | case RPCBVERS_3: |
| 4094 | map->r_netid = xprt->address_strings[RPC_DISPLAY_NETID]; |
| 4095 | map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC); |
| 4096 | + if (!map->r_addr) { |
| 4097 | + status = -ENOMEM; |
| 4098 | + dprintk("RPC: %5u %s: no memory available\n", |
| 4099 | + task->tk_pid, __func__); |
| 4100 | + goto bailout_free_args; |
| 4101 | + } |
| 4102 | map->r_owner = ""; |
| 4103 | break; |
| 4104 | case RPCBVERS_2: |
| 4105 | @@ -793,6 +799,8 @@ void rpcb_getport_async(struct rpc_task *task) |
| 4106 | rpc_put_task(child); |
| 4107 | return; |
| 4108 | |
| 4109 | +bailout_free_args: |
| 4110 | + kfree(map); |
| 4111 | bailout_release_client: |
| 4112 | rpc_release_client(rpcb_clnt); |
| 4113 | bailout_nofree: |
| 4114 | diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c |
| 4115 | index f0b3700cec95..9cdbb6d6e7f5 100644 |
| 4116 | --- a/net/sunrpc/xprtsock.c |
| 4117 | +++ b/net/sunrpc/xprtsock.c |
| 4118 | @@ -48,6 +48,7 @@ |
| 4119 | #include <net/udp.h> |
| 4120 | #include <net/tcp.h> |
| 4121 | #include <linux/bvec.h> |
| 4122 | +#include <linux/highmem.h> |
| 4123 | #include <linux/uio.h> |
| 4124 | |
| 4125 | #include <trace/events/sunrpc.h> |
| 4126 | @@ -380,6 +381,26 @@ xs_read_discard(struct socket *sock, struct msghdr *msg, int flags, |
| 4127 | return sock_recvmsg(sock, msg, flags); |
| 4128 | } |
| 4129 | |
| 4130 | +#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE |
| 4131 | +static void |
| 4132 | +xs_flush_bvec(const struct bio_vec *bvec, size_t count, size_t seek) |
| 4133 | +{ |
| 4134 | + struct bvec_iter bi = { |
| 4135 | + .bi_size = count, |
| 4136 | + }; |
| 4137 | + struct bio_vec bv; |
| 4138 | + |
| 4139 | + bvec_iter_advance(bvec, &bi, seek & PAGE_MASK); |
| 4140 | + for_each_bvec(bv, bvec, bi, bi) |
| 4141 | + flush_dcache_page(bv.bv_page); |
| 4142 | +} |
| 4143 | +#else |
| 4144 | +static inline void |
| 4145 | +xs_flush_bvec(const struct bio_vec *bvec, size_t count, size_t seek) |
| 4146 | +{ |
| 4147 | +} |
| 4148 | +#endif |
| 4149 | + |
| 4150 | static ssize_t |
| 4151 | xs_read_xdr_buf(struct socket *sock, struct msghdr *msg, int flags, |
| 4152 | struct xdr_buf *buf, size_t count, size_t seek, size_t *read) |
| 4153 | @@ -413,6 +434,7 @@ xs_read_xdr_buf(struct socket *sock, struct msghdr *msg, int flags, |
| 4154 | seek + buf->page_base); |
| 4155 | if (ret <= 0) |
| 4156 | goto sock_err; |
| 4157 | + xs_flush_bvec(buf->bvec, ret, seek + buf->page_base); |
| 4158 | offset += ret - buf->page_base; |
| 4159 | if (offset == count || msg->msg_flags & (MSG_EOR|MSG_TRUNC)) |
| 4160 | goto out; |
| 4161 | diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c |
| 4162 | index 6376467e78f8..0b21187d74df 100644 |
| 4163 | --- a/net/tipc/netlink_compat.c |
| 4164 | +++ b/net/tipc/netlink_compat.c |
| 4165 | @@ -87,6 +87,11 @@ static int tipc_skb_tailroom(struct sk_buff *skb) |
| 4166 | return limit; |
| 4167 | } |
| 4168 | |
| 4169 | +static inline int TLV_GET_DATA_LEN(struct tlv_desc *tlv) |
| 4170 | +{ |
| 4171 | + return TLV_GET_LEN(tlv) - TLV_SPACE(0); |
| 4172 | +} |
| 4173 | + |
| 4174 | static int tipc_add_tlv(struct sk_buff *skb, u16 type, void *data, u16 len) |
| 4175 | { |
| 4176 | struct tlv_desc *tlv = (struct tlv_desc *)skb_tail_pointer(skb); |
| 4177 | @@ -166,6 +171,11 @@ static struct sk_buff *tipc_get_err_tlv(char *str) |
| 4178 | return buf; |
| 4179 | } |
| 4180 | |
| 4181 | +static inline bool string_is_valid(char *s, int len) |
| 4182 | +{ |
| 4183 | + return memchr(s, '\0', len) ? true : false; |
| 4184 | +} |
| 4185 | + |
| 4186 | static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, |
| 4187 | struct tipc_nl_compat_msg *msg, |
| 4188 | struct sk_buff *arg) |
| 4189 | @@ -379,6 +389,7 @@ static int tipc_nl_compat_bearer_enable(struct tipc_nl_compat_cmd_doit *cmd, |
| 4190 | struct nlattr *prop; |
| 4191 | struct nlattr *bearer; |
| 4192 | struct tipc_bearer_config *b; |
| 4193 | + int len; |
| 4194 | |
| 4195 | b = (struct tipc_bearer_config *)TLV_DATA(msg->req); |
| 4196 | |
| 4197 | @@ -386,6 +397,10 @@ static int tipc_nl_compat_bearer_enable(struct tipc_nl_compat_cmd_doit *cmd, |
| 4198 | if (!bearer) |
| 4199 | return -EMSGSIZE; |
| 4200 | |
| 4201 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_BEARER_NAME); |
| 4202 | + if (!string_is_valid(b->name, len)) |
| 4203 | + return -EINVAL; |
| 4204 | + |
| 4205 | if (nla_put_string(skb, TIPC_NLA_BEARER_NAME, b->name)) |
| 4206 | return -EMSGSIZE; |
| 4207 | |
| 4208 | @@ -411,6 +426,7 @@ static int tipc_nl_compat_bearer_disable(struct tipc_nl_compat_cmd_doit *cmd, |
| 4209 | { |
| 4210 | char *name; |
| 4211 | struct nlattr *bearer; |
| 4212 | + int len; |
| 4213 | |
| 4214 | name = (char *)TLV_DATA(msg->req); |
| 4215 | |
| 4216 | @@ -418,6 +434,10 @@ static int tipc_nl_compat_bearer_disable(struct tipc_nl_compat_cmd_doit *cmd, |
| 4217 | if (!bearer) |
| 4218 | return -EMSGSIZE; |
| 4219 | |
| 4220 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_BEARER_NAME); |
| 4221 | + if (!string_is_valid(name, len)) |
| 4222 | + return -EINVAL; |
| 4223 | + |
| 4224 | if (nla_put_string(skb, TIPC_NLA_BEARER_NAME, name)) |
| 4225 | return -EMSGSIZE; |
| 4226 | |
| 4227 | @@ -478,6 +498,7 @@ static int tipc_nl_compat_link_stat_dump(struct tipc_nl_compat_msg *msg, |
| 4228 | struct nlattr *prop[TIPC_NLA_PROP_MAX + 1]; |
| 4229 | struct nlattr *stats[TIPC_NLA_STATS_MAX + 1]; |
| 4230 | int err; |
| 4231 | + int len; |
| 4232 | |
| 4233 | if (!attrs[TIPC_NLA_LINK]) |
| 4234 | return -EINVAL; |
| 4235 | @@ -504,6 +525,11 @@ static int tipc_nl_compat_link_stat_dump(struct tipc_nl_compat_msg *msg, |
| 4236 | return err; |
| 4237 | |
| 4238 | name = (char *)TLV_DATA(msg->req); |
| 4239 | + |
| 4240 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME); |
| 4241 | + if (!string_is_valid(name, len)) |
| 4242 | + return -EINVAL; |
| 4243 | + |
| 4244 | if (strcmp(name, nla_data(link[TIPC_NLA_LINK_NAME])) != 0) |
| 4245 | return 0; |
| 4246 | |
| 4247 | @@ -644,6 +670,7 @@ static int tipc_nl_compat_media_set(struct sk_buff *skb, |
| 4248 | struct nlattr *prop; |
| 4249 | struct nlattr *media; |
| 4250 | struct tipc_link_config *lc; |
| 4251 | + int len; |
| 4252 | |
| 4253 | lc = (struct tipc_link_config *)TLV_DATA(msg->req); |
| 4254 | |
| 4255 | @@ -651,6 +678,10 @@ static int tipc_nl_compat_media_set(struct sk_buff *skb, |
| 4256 | if (!media) |
| 4257 | return -EMSGSIZE; |
| 4258 | |
| 4259 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_MEDIA_NAME); |
| 4260 | + if (!string_is_valid(lc->name, len)) |
| 4261 | + return -EINVAL; |
| 4262 | + |
| 4263 | if (nla_put_string(skb, TIPC_NLA_MEDIA_NAME, lc->name)) |
| 4264 | return -EMSGSIZE; |
| 4265 | |
| 4266 | @@ -671,6 +702,7 @@ static int tipc_nl_compat_bearer_set(struct sk_buff *skb, |
| 4267 | struct nlattr *prop; |
| 4268 | struct nlattr *bearer; |
| 4269 | struct tipc_link_config *lc; |
| 4270 | + int len; |
| 4271 | |
| 4272 | lc = (struct tipc_link_config *)TLV_DATA(msg->req); |
| 4273 | |
| 4274 | @@ -678,6 +710,10 @@ static int tipc_nl_compat_bearer_set(struct sk_buff *skb, |
| 4275 | if (!bearer) |
| 4276 | return -EMSGSIZE; |
| 4277 | |
| 4278 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_MEDIA_NAME); |
| 4279 | + if (!string_is_valid(lc->name, len)) |
| 4280 | + return -EINVAL; |
| 4281 | + |
| 4282 | if (nla_put_string(skb, TIPC_NLA_BEARER_NAME, lc->name)) |
| 4283 | return -EMSGSIZE; |
| 4284 | |
| 4285 | @@ -726,9 +762,14 @@ static int tipc_nl_compat_link_set(struct tipc_nl_compat_cmd_doit *cmd, |
| 4286 | struct tipc_link_config *lc; |
| 4287 | struct tipc_bearer *bearer; |
| 4288 | struct tipc_media *media; |
| 4289 | + int len; |
| 4290 | |
| 4291 | lc = (struct tipc_link_config *)TLV_DATA(msg->req); |
| 4292 | |
| 4293 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME); |
| 4294 | + if (!string_is_valid(lc->name, len)) |
| 4295 | + return -EINVAL; |
| 4296 | + |
| 4297 | media = tipc_media_find(lc->name); |
| 4298 | if (media) { |
| 4299 | cmd->doit = &__tipc_nl_media_set; |
| 4300 | @@ -750,6 +791,7 @@ static int tipc_nl_compat_link_reset_stats(struct tipc_nl_compat_cmd_doit *cmd, |
| 4301 | { |
| 4302 | char *name; |
| 4303 | struct nlattr *link; |
| 4304 | + int len; |
| 4305 | |
| 4306 | name = (char *)TLV_DATA(msg->req); |
| 4307 | |
| 4308 | @@ -757,6 +799,10 @@ static int tipc_nl_compat_link_reset_stats(struct tipc_nl_compat_cmd_doit *cmd, |
| 4309 | if (!link) |
| 4310 | return -EMSGSIZE; |
| 4311 | |
| 4312 | + len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME); |
| 4313 | + if (!string_is_valid(name, len)) |
| 4314 | + return -EINVAL; |
| 4315 | + |
| 4316 | if (nla_put_string(skb, TIPC_NLA_LINK_NAME, name)) |
| 4317 | return -EMSGSIZE; |
| 4318 | |
| 4319 | @@ -778,6 +824,8 @@ static int tipc_nl_compat_name_table_dump_header(struct tipc_nl_compat_msg *msg) |
| 4320 | }; |
| 4321 | |
| 4322 | ntq = (struct tipc_name_table_query *)TLV_DATA(msg->req); |
| 4323 | + if (TLV_GET_DATA_LEN(msg->req) < sizeof(struct tipc_name_table_query)) |
| 4324 | + return -EINVAL; |
| 4325 | |
| 4326 | depth = ntohl(ntq->depth); |
| 4327 | |
| 4328 | @@ -1201,7 +1249,7 @@ static int tipc_nl_compat_recv(struct sk_buff *skb, struct genl_info *info) |
| 4329 | } |
| 4330 | |
| 4331 | len = nlmsg_attrlen(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN); |
| 4332 | - if (len && !TLV_OK(msg.req, len)) { |
| 4333 | + if (!len || !TLV_OK(msg.req, len)) { |
| 4334 | msg.rep = tipc_get_err_tlv(TIPC_CFG_NOT_SUPPORTED); |
| 4335 | err = -EOPNOTSUPP; |
| 4336 | goto send; |
| 4337 | diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c |
| 4338 | index efb16f69bd2c..a457c0fbbef1 100644 |
| 4339 | --- a/net/tipc/topsrv.c |
| 4340 | +++ b/net/tipc/topsrv.c |
| 4341 | @@ -398,7 +398,7 @@ static int tipc_conn_rcv_from_sock(struct tipc_conn *con) |
| 4342 | ret = sock_recvmsg(con->sock, &msg, MSG_DONTWAIT); |
| 4343 | if (ret == -EWOULDBLOCK) |
| 4344 | return -EWOULDBLOCK; |
| 4345 | - if (ret > 0) { |
| 4346 | + if (ret == sizeof(s)) { |
| 4347 | read_lock_bh(&sk->sk_callback_lock); |
| 4348 | ret = tipc_conn_rcv_sub(srv, con, &s); |
| 4349 | read_unlock_bh(&sk->sk_callback_lock); |
| 4350 | diff --git a/security/security.c b/security/security.c |
| 4351 | index 04d173eb93f6..414a45d70c7b 100644 |
| 4352 | --- a/security/security.c |
| 4353 | +++ b/security/security.c |
| 4354 | @@ -1014,6 +1014,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) |
| 4355 | |
| 4356 | void security_cred_free(struct cred *cred) |
| 4357 | { |
| 4358 | + /* |
| 4359 | + * There is a failure case in prepare_creds() that |
| 4360 | + * may result in a call here with ->security being NULL. |
| 4361 | + */ |
| 4362 | + if (unlikely(cred->security == NULL)) |
| 4363 | + return; |
| 4364 | + |
| 4365 | call_void_hook(cred_free, cred); |
| 4366 | } |
| 4367 | |
| 4368 | diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c |
| 4369 | index b63ef865ce1e..d31a52e56b9e 100644 |
| 4370 | --- a/security/selinux/ss/policydb.c |
| 4371 | +++ b/security/selinux/ss/policydb.c |
| 4372 | @@ -732,7 +732,8 @@ static int sens_destroy(void *key, void *datum, void *p) |
| 4373 | kfree(key); |
| 4374 | if (datum) { |
| 4375 | levdatum = datum; |
| 4376 | - ebitmap_destroy(&levdatum->level->cat); |
| 4377 | + if (levdatum->level) |
| 4378 | + ebitmap_destroy(&levdatum->level->cat); |
| 4379 | kfree(levdatum->level); |
| 4380 | } |
| 4381 | kfree(datum); |
| 4382 | diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c |
| 4383 | index ffda91a4a1aa..02514fe558b4 100644 |
| 4384 | --- a/security/yama/yama_lsm.c |
| 4385 | +++ b/security/yama/yama_lsm.c |
| 4386 | @@ -368,7 +368,9 @@ static int yama_ptrace_access_check(struct task_struct *child, |
| 4387 | break; |
| 4388 | case YAMA_SCOPE_RELATIONAL: |
| 4389 | rcu_read_lock(); |
| 4390 | - if (!task_is_descendant(current, child) && |
| 4391 | + if (!pid_alive(child)) |
| 4392 | + rc = -EPERM; |
| 4393 | + if (!rc && !task_is_descendant(current, child) && |
| 4394 | !ptracer_exception_found(current, child) && |
| 4395 | !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) |
| 4396 | rc = -EPERM; |