Contents of /trunk/kernel26-alx/patches-3.10/0160-3.10.61-all-fixes.patch
Parent Directory | Revision Log
Revision 2672 -
(show annotations)
(download)
Tue Jul 21 16:46:35 2015 UTC (9 years, 2 months ago) by niro
File size: 139954 byte(s)
Tue Jul 21 16:46:35 2015 UTC (9 years, 2 months ago) by niro
File size: 139954 byte(s)
-3.10.84-alx-r1
1 | diff --git a/Makefile b/Makefile |
2 | index 9d4f30d0d201..0d5ba80786b8 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,6 +1,6 @@ |
6 | VERSION = 3 |
7 | PATCHLEVEL = 10 |
8 | -SUBLEVEL = 60 |
9 | +SUBLEVEL = 61 |
10 | EXTRAVERSION = |
11 | NAME = TOSSUG Baby Fish |
12 | |
13 | diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c |
14 | index 0c4132dd3507..98838a05ba6d 100644 |
15 | --- a/arch/alpha/mm/fault.c |
16 | +++ b/arch/alpha/mm/fault.c |
17 | @@ -89,8 +89,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr, |
18 | const struct exception_table_entry *fixup; |
19 | int fault, si_code = SEGV_MAPERR; |
20 | siginfo_t info; |
21 | - unsigned int flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
22 | - (cause > 0 ? FAULT_FLAG_WRITE : 0)); |
23 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
24 | |
25 | /* As of EV6, a load into $31/$f31 is a prefetch, and never faults |
26 | (or is suppressed by the PALcode). Support that for older CPUs |
27 | @@ -115,7 +114,8 @@ do_page_fault(unsigned long address, unsigned long mmcsr, |
28 | if (address >= TASK_SIZE) |
29 | goto vmalloc_fault; |
30 | #endif |
31 | - |
32 | + if (user_mode(regs)) |
33 | + flags |= FAULT_FLAG_USER; |
34 | retry: |
35 | down_read(&mm->mmap_sem); |
36 | vma = find_vma(mm, address); |
37 | @@ -142,6 +142,7 @@ retry: |
38 | } else { |
39 | if (!(vma->vm_flags & VM_WRITE)) |
40 | goto bad_area; |
41 | + flags |= FAULT_FLAG_WRITE; |
42 | } |
43 | |
44 | /* If for any reason at all we couldn't handle the fault, |
45 | diff --git a/arch/arc/mm/fault.c b/arch/arc/mm/fault.c |
46 | index 331a0846628e..50533b750a99 100644 |
47 | --- a/arch/arc/mm/fault.c |
48 | +++ b/arch/arc/mm/fault.c |
49 | @@ -59,8 +59,7 @@ void do_page_fault(struct pt_regs *regs, int write, unsigned long address, |
50 | struct mm_struct *mm = tsk->mm; |
51 | siginfo_t info; |
52 | int fault, ret; |
53 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
54 | - (write ? FAULT_FLAG_WRITE : 0); |
55 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
56 | |
57 | /* |
58 | * We fault-in kernel-space virtual memory on-demand. The |
59 | @@ -88,6 +87,8 @@ void do_page_fault(struct pt_regs *regs, int write, unsigned long address, |
60 | if (in_atomic() || !mm) |
61 | goto no_context; |
62 | |
63 | + if (user_mode(regs)) |
64 | + flags |= FAULT_FLAG_USER; |
65 | retry: |
66 | down_read(&mm->mmap_sem); |
67 | vma = find_vma(mm, address); |
68 | @@ -115,12 +116,12 @@ good_area: |
69 | if (write) { |
70 | if (!(vma->vm_flags & VM_WRITE)) |
71 | goto bad_area; |
72 | + flags |= FAULT_FLAG_WRITE; |
73 | } else { |
74 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) |
75 | goto bad_area; |
76 | } |
77 | |
78 | -survive: |
79 | /* |
80 | * If for any reason at all we couldn't handle the fault, |
81 | * make sure we exit gracefully rather than endlessly redo |
82 | @@ -200,14 +201,12 @@ no_context: |
83 | die("Oops", regs, address, cause_code); |
84 | |
85 | out_of_memory: |
86 | - if (is_global_init(tsk)) { |
87 | - yield(); |
88 | - goto survive; |
89 | - } |
90 | up_read(&mm->mmap_sem); |
91 | |
92 | - if (user_mode(regs)) |
93 | - do_group_exit(SIGKILL); /* This will never return */ |
94 | + if (user_mode(regs)) { |
95 | + pagefault_out_of_memory(); |
96 | + return; |
97 | + } |
98 | |
99 | goto no_context; |
100 | |
101 | diff --git a/arch/arm/include/asm/bug.h b/arch/arm/include/asm/bug.h |
102 | index 7af5c6c3653a..b274bde24905 100644 |
103 | --- a/arch/arm/include/asm/bug.h |
104 | +++ b/arch/arm/include/asm/bug.h |
105 | @@ -2,6 +2,8 @@ |
106 | #define _ASMARM_BUG_H |
107 | |
108 | #include <linux/linkage.h> |
109 | +#include <linux/types.h> |
110 | +#include <asm/opcodes.h> |
111 | |
112 | #ifdef CONFIG_BUG |
113 | |
114 | @@ -12,10 +14,10 @@ |
115 | */ |
116 | #ifdef CONFIG_THUMB2_KERNEL |
117 | #define BUG_INSTR_VALUE 0xde02 |
118 | -#define BUG_INSTR_TYPE ".hword " |
119 | +#define BUG_INSTR(__value) __inst_thumb16(__value) |
120 | #else |
121 | #define BUG_INSTR_VALUE 0xe7f001f2 |
122 | -#define BUG_INSTR_TYPE ".word " |
123 | +#define BUG_INSTR(__value) __inst_arm(__value) |
124 | #endif |
125 | |
126 | |
127 | @@ -33,7 +35,7 @@ |
128 | |
129 | #define __BUG(__file, __line, __value) \ |
130 | do { \ |
131 | - asm volatile("1:\t" BUG_INSTR_TYPE #__value "\n" \ |
132 | + asm volatile("1:\t" BUG_INSTR(__value) "\n" \ |
133 | ".pushsection .rodata.str, \"aMS\", %progbits, 1\n" \ |
134 | "2:\t.asciz " #__file "\n" \ |
135 | ".popsection\n" \ |
136 | @@ -48,7 +50,7 @@ do { \ |
137 | |
138 | #define __BUG(__file, __line, __value) \ |
139 | do { \ |
140 | - asm volatile(BUG_INSTR_TYPE #__value); \ |
141 | + asm volatile(BUG_INSTR(__value) "\n"); \ |
142 | unreachable(); \ |
143 | } while (0) |
144 | #endif /* CONFIG_DEBUG_BUGVERBOSE */ |
145 | diff --git a/arch/arm/kernel/kprobes-common.c b/arch/arm/kernel/kprobes-common.c |
146 | index 18a76282970e..380c20fb9c85 100644 |
147 | --- a/arch/arm/kernel/kprobes-common.c |
148 | +++ b/arch/arm/kernel/kprobes-common.c |
149 | @@ -14,6 +14,7 @@ |
150 | #include <linux/kernel.h> |
151 | #include <linux/kprobes.h> |
152 | #include <asm/system_info.h> |
153 | +#include <asm/opcodes.h> |
154 | |
155 | #include "kprobes.h" |
156 | |
157 | @@ -305,7 +306,8 @@ kprobe_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi) |
158 | |
159 | if (handler) { |
160 | /* We can emulate the instruction in (possibly) modified form */ |
161 | - asi->insn[0] = (insn & 0xfff00000) | (rn << 16) | reglist; |
162 | + asi->insn[0] = __opcode_to_mem_arm((insn & 0xfff00000) | |
163 | + (rn << 16) | reglist); |
164 | asi->insn_handler = handler; |
165 | return INSN_GOOD; |
166 | } |
167 | @@ -334,13 +336,14 @@ prepare_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi, |
168 | #ifdef CONFIG_THUMB2_KERNEL |
169 | if (thumb) { |
170 | u16 *thumb_insn = (u16 *)asi->insn; |
171 | - thumb_insn[1] = 0x4770; /* Thumb bx lr */ |
172 | - thumb_insn[2] = 0x4770; /* Thumb bx lr */ |
173 | + /* Thumb bx lr */ |
174 | + thumb_insn[1] = __opcode_to_mem_thumb16(0x4770); |
175 | + thumb_insn[2] = __opcode_to_mem_thumb16(0x4770); |
176 | return insn; |
177 | } |
178 | - asi->insn[1] = 0xe12fff1e; /* ARM bx lr */ |
179 | + asi->insn[1] = __opcode_to_mem_arm(0xe12fff1e); /* ARM bx lr */ |
180 | #else |
181 | - asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */ |
182 | + asi->insn[1] = __opcode_to_mem_arm(0xe1a0f00e); /* mov pc, lr */ |
183 | #endif |
184 | /* Make an ARM instruction unconditional */ |
185 | if (insn < 0xe0000000) |
186 | @@ -360,12 +363,12 @@ set_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi, |
187 | if (thumb) { |
188 | u16 *ip = (u16 *)asi->insn; |
189 | if (is_wide_instruction(insn)) |
190 | - *ip++ = insn >> 16; |
191 | - *ip++ = insn; |
192 | + *ip++ = __opcode_to_mem_thumb16(insn >> 16); |
193 | + *ip++ = __opcode_to_mem_thumb16(insn); |
194 | return; |
195 | } |
196 | #endif |
197 | - asi->insn[0] = insn; |
198 | + asi->insn[0] = __opcode_to_mem_arm(insn); |
199 | } |
200 | |
201 | /* |
202 | diff --git a/arch/arm/kernel/kprobes-thumb.c b/arch/arm/kernel/kprobes-thumb.c |
203 | index 6123daf397a7..b82e798983c4 100644 |
204 | --- a/arch/arm/kernel/kprobes-thumb.c |
205 | +++ b/arch/arm/kernel/kprobes-thumb.c |
206 | @@ -163,9 +163,9 @@ t32_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi) |
207 | enum kprobe_insn ret = kprobe_decode_ldmstm(insn, asi); |
208 | |
209 | /* Fixup modified instruction to have halfwords in correct order...*/ |
210 | - insn = asi->insn[0]; |
211 | - ((u16 *)asi->insn)[0] = insn >> 16; |
212 | - ((u16 *)asi->insn)[1] = insn & 0xffff; |
213 | + insn = __mem_to_opcode_arm(asi->insn[0]); |
214 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn >> 16); |
215 | + ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0xffff); |
216 | |
217 | return ret; |
218 | } |
219 | @@ -1153,7 +1153,7 @@ t16_decode_hiregs(kprobe_opcode_t insn, struct arch_specific_insn *asi) |
220 | { |
221 | insn &= ~0x00ff; |
222 | insn |= 0x001; /* Set Rdn = R1 and Rm = R0 */ |
223 | - ((u16 *)asi->insn)[0] = insn; |
224 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(insn); |
225 | asi->insn_handler = t16_emulate_hiregs; |
226 | return INSN_GOOD; |
227 | } |
228 | @@ -1182,8 +1182,10 @@ t16_decode_push(kprobe_opcode_t insn, struct arch_specific_insn *asi) |
229 | * and call it with R9=SP and LR in the register list represented |
230 | * by R8. |
231 | */ |
232 | - ((u16 *)asi->insn)[0] = 0xe929; /* 1st half STMDB R9!,{} */ |
233 | - ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */ |
234 | + /* 1st half STMDB R9!,{} */ |
235 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe929); |
236 | + /* 2nd half (register list) */ |
237 | + ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff); |
238 | asi->insn_handler = t16_emulate_push; |
239 | return INSN_GOOD; |
240 | } |
241 | @@ -1232,8 +1234,10 @@ t16_decode_pop(kprobe_opcode_t insn, struct arch_specific_insn *asi) |
242 | * and call it with R9=SP and PC in the register list represented |
243 | * by R8. |
244 | */ |
245 | - ((u16 *)asi->insn)[0] = 0xe8b9; /* 1st half LDMIA R9!,{} */ |
246 | - ((u16 *)asi->insn)[1] = insn & 0x1ff; /* 2nd half (register list) */ |
247 | + /* 1st half LDMIA R9!,{} */ |
248 | + ((u16 *)asi->insn)[0] = __opcode_to_mem_thumb16(0xe8b9); |
249 | + /* 2nd half (register list) */ |
250 | + ((u16 *)asi->insn)[1] = __opcode_to_mem_thumb16(insn & 0x1ff); |
251 | asi->insn_handler = insn & 0x100 ? t16_emulate_pop_pc |
252 | : t16_emulate_pop_nopc; |
253 | return INSN_GOOD; |
254 | diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c |
255 | index 170e9f34003f..1c6ece51781c 100644 |
256 | --- a/arch/arm/kernel/kprobes.c |
257 | +++ b/arch/arm/kernel/kprobes.c |
258 | @@ -26,6 +26,7 @@ |
259 | #include <linux/stop_machine.h> |
260 | #include <linux/stringify.h> |
261 | #include <asm/traps.h> |
262 | +#include <asm/opcodes.h> |
263 | #include <asm/cacheflush.h> |
264 | |
265 | #include "kprobes.h" |
266 | @@ -62,10 +63,10 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) |
267 | #ifdef CONFIG_THUMB2_KERNEL |
268 | thumb = true; |
269 | addr &= ~1; /* Bit 0 would normally be set to indicate Thumb code */ |
270 | - insn = ((u16 *)addr)[0]; |
271 | + insn = __mem_to_opcode_thumb16(((u16 *)addr)[0]); |
272 | if (is_wide_instruction(insn)) { |
273 | - insn <<= 16; |
274 | - insn |= ((u16 *)addr)[1]; |
275 | + u16 inst2 = __mem_to_opcode_thumb16(((u16 *)addr)[1]); |
276 | + insn = __opcode_thumb32_compose(insn, inst2); |
277 | decode_insn = thumb32_kprobe_decode_insn; |
278 | } else |
279 | decode_insn = thumb16_kprobe_decode_insn; |
280 | @@ -73,7 +74,7 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) |
281 | thumb = false; |
282 | if (addr & 0x3) |
283 | return -EINVAL; |
284 | - insn = *p->addr; |
285 | + insn = __mem_to_opcode_arm(*p->addr); |
286 | decode_insn = arm_kprobe_decode_insn; |
287 | #endif |
288 | |
289 | diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c |
290 | index d6a0fdb6c2ee..a2a2804b1bc2 100644 |
291 | --- a/arch/arm/kernel/traps.c |
292 | +++ b/arch/arm/kernel/traps.c |
293 | @@ -347,15 +347,17 @@ void arm_notify_die(const char *str, struct pt_regs *regs, |
294 | int is_valid_bugaddr(unsigned long pc) |
295 | { |
296 | #ifdef CONFIG_THUMB2_KERNEL |
297 | - unsigned short bkpt; |
298 | + u16 bkpt; |
299 | + u16 insn = __opcode_to_mem_thumb16(BUG_INSTR_VALUE); |
300 | #else |
301 | - unsigned long bkpt; |
302 | + u32 bkpt; |
303 | + u32 insn = __opcode_to_mem_arm(BUG_INSTR_VALUE); |
304 | #endif |
305 | |
306 | if (probe_kernel_address((unsigned *)pc, bkpt)) |
307 | return 0; |
308 | |
309 | - return bkpt == BUG_INSTR_VALUE; |
310 | + return bkpt == insn; |
311 | } |
312 | |
313 | #endif |
314 | diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig |
315 | index c21082d664ed..c6926eae4fe0 100644 |
316 | --- a/arch/arm/mm/Kconfig |
317 | +++ b/arch/arm/mm/Kconfig |
318 | @@ -778,6 +778,7 @@ config NEED_KUSER_HELPERS |
319 | |
320 | config KUSER_HELPERS |
321 | bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS |
322 | + depends on MMU |
323 | default y |
324 | help |
325 | Warning: disabling this option may break user programs. |
326 | diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c |
327 | index 5dbf13f954f6..160da6d65546 100644 |
328 | --- a/arch/arm/mm/fault.c |
329 | +++ b/arch/arm/mm/fault.c |
330 | @@ -261,9 +261,7 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) |
331 | struct task_struct *tsk; |
332 | struct mm_struct *mm; |
333 | int fault, sig, code; |
334 | - int write = fsr & FSR_WRITE; |
335 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
336 | - (write ? FAULT_FLAG_WRITE : 0); |
337 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
338 | |
339 | if (notify_page_fault(regs, fsr)) |
340 | return 0; |
341 | @@ -282,6 +280,11 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) |
342 | if (in_atomic() || !mm) |
343 | goto no_context; |
344 | |
345 | + if (user_mode(regs)) |
346 | + flags |= FAULT_FLAG_USER; |
347 | + if (fsr & FSR_WRITE) |
348 | + flags |= FAULT_FLAG_WRITE; |
349 | + |
350 | /* |
351 | * As per x86, we may deadlock here. However, since the kernel only |
352 | * validly references user space from well defined areas of the code, |
353 | @@ -349,6 +352,13 @@ retry: |
354 | if (likely(!(fault & (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) |
355 | return 0; |
356 | |
357 | + /* |
358 | + * If we are in kernel mode at this point, we |
359 | + * have no context to handle this fault with. |
360 | + */ |
361 | + if (!user_mode(regs)) |
362 | + goto no_context; |
363 | + |
364 | if (fault & VM_FAULT_OOM) { |
365 | /* |
366 | * We ran out of memory, call the OOM killer, and return to |
367 | @@ -359,13 +369,6 @@ retry: |
368 | return 0; |
369 | } |
370 | |
371 | - /* |
372 | - * If we are in kernel mode at this point, we |
373 | - * have no context to handle this fault with. |
374 | - */ |
375 | - if (!user_mode(regs)) |
376 | - goto no_context; |
377 | - |
378 | if (fault & VM_FAULT_SIGBUS) { |
379 | /* |
380 | * We had some memory, but were unable to |
381 | diff --git a/arch/arm64/lib/clear_user.S b/arch/arm64/lib/clear_user.S |
382 | index 6e0ed93d51fe..c17967fdf5f6 100644 |
383 | --- a/arch/arm64/lib/clear_user.S |
384 | +++ b/arch/arm64/lib/clear_user.S |
385 | @@ -46,7 +46,7 @@ USER(9f, strh wzr, [x0], #2 ) |
386 | sub x1, x1, #2 |
387 | 4: adds x1, x1, #1 |
388 | b.mi 5f |
389 | - strb wzr, [x0] |
390 | +USER(9f, strb wzr, [x0] ) |
391 | 5: mov x0, #0 |
392 | ret |
393 | ENDPROC(__clear_user) |
394 | diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c |
395 | index f51d669c8ebd..b5d458769b65 100644 |
396 | --- a/arch/arm64/mm/fault.c |
397 | +++ b/arch/arm64/mm/fault.c |
398 | @@ -199,13 +199,6 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, |
399 | unsigned long vm_flags = VM_READ | VM_WRITE | VM_EXEC; |
400 | unsigned int mm_flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
401 | |
402 | - if (esr & ESR_LNX_EXEC) { |
403 | - vm_flags = VM_EXEC; |
404 | - } else if ((esr & ESR_WRITE) && !(esr & ESR_CM)) { |
405 | - vm_flags = VM_WRITE; |
406 | - mm_flags |= FAULT_FLAG_WRITE; |
407 | - } |
408 | - |
409 | tsk = current; |
410 | mm = tsk->mm; |
411 | |
412 | @@ -220,6 +213,16 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, |
413 | if (in_atomic() || !mm) |
414 | goto no_context; |
415 | |
416 | + if (user_mode(regs)) |
417 | + mm_flags |= FAULT_FLAG_USER; |
418 | + |
419 | + if (esr & ESR_LNX_EXEC) { |
420 | + vm_flags = VM_EXEC; |
421 | + } else if ((esr & ESR_WRITE) && !(esr & ESR_CM)) { |
422 | + vm_flags = VM_WRITE; |
423 | + mm_flags |= FAULT_FLAG_WRITE; |
424 | + } |
425 | + |
426 | /* |
427 | * As per x86, we may deadlock here. However, since the kernel only |
428 | * validly references user space from well defined areas of the code, |
429 | @@ -288,6 +291,13 @@ retry: |
430 | VM_FAULT_BADACCESS)))) |
431 | return 0; |
432 | |
433 | + /* |
434 | + * If we are in kernel mode at this point, we have no context to |
435 | + * handle this fault with. |
436 | + */ |
437 | + if (!user_mode(regs)) |
438 | + goto no_context; |
439 | + |
440 | if (fault & VM_FAULT_OOM) { |
441 | /* |
442 | * We ran out of memory, call the OOM killer, and return to |
443 | @@ -298,13 +308,6 @@ retry: |
444 | return 0; |
445 | } |
446 | |
447 | - /* |
448 | - * If we are in kernel mode at this point, we have no context to |
449 | - * handle this fault with. |
450 | - */ |
451 | - if (!user_mode(regs)) |
452 | - goto no_context; |
453 | - |
454 | if (fault & VM_FAULT_SIGBUS) { |
455 | /* |
456 | * We had some memory, but were unable to successfully fix up |
457 | diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c |
458 | index b2f2d2d66849..0eca93327195 100644 |
459 | --- a/arch/avr32/mm/fault.c |
460 | +++ b/arch/avr32/mm/fault.c |
461 | @@ -86,6 +86,8 @@ asmlinkage void do_page_fault(unsigned long ecr, struct pt_regs *regs) |
462 | |
463 | local_irq_enable(); |
464 | |
465 | + if (user_mode(regs)) |
466 | + flags |= FAULT_FLAG_USER; |
467 | retry: |
468 | down_read(&mm->mmap_sem); |
469 | |
470 | @@ -228,9 +230,9 @@ no_context: |
471 | */ |
472 | out_of_memory: |
473 | up_read(&mm->mmap_sem); |
474 | - pagefault_out_of_memory(); |
475 | if (!user_mode(regs)) |
476 | goto no_context; |
477 | + pagefault_out_of_memory(); |
478 | return; |
479 | |
480 | do_sigbus: |
481 | diff --git a/arch/cris/mm/fault.c b/arch/cris/mm/fault.c |
482 | index 73312ab6c696..1790f22e71a2 100644 |
483 | --- a/arch/cris/mm/fault.c |
484 | +++ b/arch/cris/mm/fault.c |
485 | @@ -58,8 +58,7 @@ do_page_fault(unsigned long address, struct pt_regs *regs, |
486 | struct vm_area_struct * vma; |
487 | siginfo_t info; |
488 | int fault; |
489 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
490 | - ((writeaccess & 1) ? FAULT_FLAG_WRITE : 0); |
491 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
492 | |
493 | D(printk(KERN_DEBUG |
494 | "Page fault for %lX on %X at %lX, prot %d write %d\n", |
495 | @@ -117,6 +116,8 @@ do_page_fault(unsigned long address, struct pt_regs *regs, |
496 | if (in_atomic() || !mm) |
497 | goto no_context; |
498 | |
499 | + if (user_mode(regs)) |
500 | + flags |= FAULT_FLAG_USER; |
501 | retry: |
502 | down_read(&mm->mmap_sem); |
503 | vma = find_vma(mm, address); |
504 | @@ -155,6 +156,7 @@ retry: |
505 | } else if (writeaccess == 1) { |
506 | if (!(vma->vm_flags & VM_WRITE)) |
507 | goto bad_area; |
508 | + flags |= FAULT_FLAG_WRITE; |
509 | } else { |
510 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) |
511 | goto bad_area; |
512 | diff --git a/arch/frv/mm/fault.c b/arch/frv/mm/fault.c |
513 | index 331c1e2cfb67..9a66372fc7c7 100644 |
514 | --- a/arch/frv/mm/fault.c |
515 | +++ b/arch/frv/mm/fault.c |
516 | @@ -34,11 +34,11 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear |
517 | struct vm_area_struct *vma; |
518 | struct mm_struct *mm; |
519 | unsigned long _pme, lrai, lrad, fixup; |
520 | + unsigned long flags = 0; |
521 | siginfo_t info; |
522 | pgd_t *pge; |
523 | pud_t *pue; |
524 | pte_t *pte; |
525 | - int write; |
526 | int fault; |
527 | |
528 | #if 0 |
529 | @@ -81,6 +81,9 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear |
530 | if (in_atomic() || !mm) |
531 | goto no_context; |
532 | |
533 | + if (user_mode(__frame)) |
534 | + flags |= FAULT_FLAG_USER; |
535 | + |
536 | down_read(&mm->mmap_sem); |
537 | |
538 | vma = find_vma(mm, ear0); |
539 | @@ -129,7 +132,6 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear |
540 | */ |
541 | good_area: |
542 | info.si_code = SEGV_ACCERR; |
543 | - write = 0; |
544 | switch (esr0 & ESR0_ATXC) { |
545 | default: |
546 | /* handle write to write protected page */ |
547 | @@ -140,7 +142,7 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear |
548 | #endif |
549 | if (!(vma->vm_flags & VM_WRITE)) |
550 | goto bad_area; |
551 | - write = 1; |
552 | + flags |= FAULT_FLAG_WRITE; |
553 | break; |
554 | |
555 | /* handle read from protected page */ |
556 | @@ -162,7 +164,7 @@ asmlinkage void do_page_fault(int datammu, unsigned long esr0, unsigned long ear |
557 | * make sure we exit gracefully rather than endlessly redo |
558 | * the fault. |
559 | */ |
560 | - fault = handle_mm_fault(mm, vma, ear0, write ? FAULT_FLAG_WRITE : 0); |
561 | + fault = handle_mm_fault(mm, vma, ear0, flags); |
562 | if (unlikely(fault & VM_FAULT_ERROR)) { |
563 | if (fault & VM_FAULT_OOM) |
564 | goto out_of_memory; |
565 | diff --git a/arch/hexagon/mm/vm_fault.c b/arch/hexagon/mm/vm_fault.c |
566 | index 1bd276dbec7d..8704c9320032 100644 |
567 | --- a/arch/hexagon/mm/vm_fault.c |
568 | +++ b/arch/hexagon/mm/vm_fault.c |
569 | @@ -53,8 +53,7 @@ void do_page_fault(unsigned long address, long cause, struct pt_regs *regs) |
570 | int si_code = SEGV_MAPERR; |
571 | int fault; |
572 | const struct exception_table_entry *fixup; |
573 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
574 | - (cause > 0 ? FAULT_FLAG_WRITE : 0); |
575 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
576 | |
577 | /* |
578 | * If we're in an interrupt or have no user context, |
579 | @@ -65,6 +64,8 @@ void do_page_fault(unsigned long address, long cause, struct pt_regs *regs) |
580 | |
581 | local_irq_enable(); |
582 | |
583 | + if (user_mode(regs)) |
584 | + flags |= FAULT_FLAG_USER; |
585 | retry: |
586 | down_read(&mm->mmap_sem); |
587 | vma = find_vma(mm, address); |
588 | @@ -96,6 +97,7 @@ good_area: |
589 | case FLT_STORE: |
590 | if (!(vma->vm_flags & VM_WRITE)) |
591 | goto bad_area; |
592 | + flags |= FAULT_FLAG_WRITE; |
593 | break; |
594 | } |
595 | |
596 | diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c |
597 | index 6cf0341f978e..7225dad87094 100644 |
598 | --- a/arch/ia64/mm/fault.c |
599 | +++ b/arch/ia64/mm/fault.c |
600 | @@ -90,8 +90,6 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re |
601 | mask = ((((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT) |
602 | | (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT)); |
603 | |
604 | - flags |= ((mask & VM_WRITE) ? FAULT_FLAG_WRITE : 0); |
605 | - |
606 | /* mmap_sem is performance critical.... */ |
607 | prefetchw(&mm->mmap_sem); |
608 | |
609 | @@ -119,6 +117,10 @@ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *re |
610 | if (notify_page_fault(regs, TRAP_BRKPT)) |
611 | return; |
612 | |
613 | + if (user_mode(regs)) |
614 | + flags |= FAULT_FLAG_USER; |
615 | + if (mask & VM_WRITE) |
616 | + flags |= FAULT_FLAG_WRITE; |
617 | retry: |
618 | down_read(&mm->mmap_sem); |
619 | |
620 | diff --git a/arch/m32r/mm/fault.c b/arch/m32r/mm/fault.c |
621 | index 3cdfa9c1d091..e9c6a8014bd6 100644 |
622 | --- a/arch/m32r/mm/fault.c |
623 | +++ b/arch/m32r/mm/fault.c |
624 | @@ -78,7 +78,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, |
625 | struct mm_struct *mm; |
626 | struct vm_area_struct * vma; |
627 | unsigned long page, addr; |
628 | - int write; |
629 | + unsigned long flags = 0; |
630 | int fault; |
631 | siginfo_t info; |
632 | |
633 | @@ -117,6 +117,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, |
634 | if (in_atomic() || !mm) |
635 | goto bad_area_nosemaphore; |
636 | |
637 | + if (error_code & ACE_USERMODE) |
638 | + flags |= FAULT_FLAG_USER; |
639 | + |
640 | /* When running in the kernel we expect faults to occur only to |
641 | * addresses in user space. All other faults represent errors in the |
642 | * kernel and should generate an OOPS. Unfortunately, in the case of an |
643 | @@ -166,14 +169,13 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code, |
644 | */ |
645 | good_area: |
646 | info.si_code = SEGV_ACCERR; |
647 | - write = 0; |
648 | switch (error_code & (ACE_WRITE|ACE_PROTECTION)) { |
649 | default: /* 3: write, present */ |
650 | /* fall through */ |
651 | case ACE_WRITE: /* write, not present */ |
652 | if (!(vma->vm_flags & VM_WRITE)) |
653 | goto bad_area; |
654 | - write++; |
655 | + flags |= FAULT_FLAG_WRITE; |
656 | break; |
657 | case ACE_PROTECTION: /* read, present */ |
658 | case 0: /* read, not present */ |
659 | @@ -194,7 +196,7 @@ good_area: |
660 | */ |
661 | addr = (address & PAGE_MASK); |
662 | set_thread_fault_code(error_code); |
663 | - fault = handle_mm_fault(mm, vma, addr, write ? FAULT_FLAG_WRITE : 0); |
664 | + fault = handle_mm_fault(mm, vma, addr, flags); |
665 | if (unlikely(fault & VM_FAULT_ERROR)) { |
666 | if (fault & VM_FAULT_OOM) |
667 | goto out_of_memory; |
668 | diff --git a/arch/m68k/mm/fault.c b/arch/m68k/mm/fault.c |
669 | index a563727806bf..eb1d61f68725 100644 |
670 | --- a/arch/m68k/mm/fault.c |
671 | +++ b/arch/m68k/mm/fault.c |
672 | @@ -88,6 +88,8 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, |
673 | if (in_atomic() || !mm) |
674 | goto no_context; |
675 | |
676 | + if (user_mode(regs)) |
677 | + flags |= FAULT_FLAG_USER; |
678 | retry: |
679 | down_read(&mm->mmap_sem); |
680 | |
681 | diff --git a/arch/metag/mm/fault.c b/arch/metag/mm/fault.c |
682 | index 2c75bf7357c5..332680e5ebf2 100644 |
683 | --- a/arch/metag/mm/fault.c |
684 | +++ b/arch/metag/mm/fault.c |
685 | @@ -53,8 +53,7 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, |
686 | struct vm_area_struct *vma, *prev_vma; |
687 | siginfo_t info; |
688 | int fault; |
689 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
690 | - (write_access ? FAULT_FLAG_WRITE : 0); |
691 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
692 | |
693 | tsk = current; |
694 | |
695 | @@ -109,6 +108,8 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, |
696 | if (in_atomic() || !mm) |
697 | goto no_context; |
698 | |
699 | + if (user_mode(regs)) |
700 | + flags |= FAULT_FLAG_USER; |
701 | retry: |
702 | down_read(&mm->mmap_sem); |
703 | |
704 | @@ -121,6 +122,7 @@ good_area: |
705 | if (write_access) { |
706 | if (!(vma->vm_flags & VM_WRITE)) |
707 | goto bad_area; |
708 | + flags |= FAULT_FLAG_WRITE; |
709 | } else { |
710 | if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) |
711 | goto bad_area; |
712 | @@ -224,8 +226,10 @@ do_sigbus: |
713 | */ |
714 | out_of_memory: |
715 | up_read(&mm->mmap_sem); |
716 | - if (user_mode(regs)) |
717 | - do_group_exit(SIGKILL); |
718 | + if (user_mode(regs)) { |
719 | + pagefault_out_of_memory(); |
720 | + return 1; |
721 | + } |
722 | |
723 | no_context: |
724 | /* Are we prepared to handle this kernel fault? */ |
725 | diff --git a/arch/microblaze/mm/fault.c b/arch/microblaze/mm/fault.c |
726 | index 731f739d17a1..fa4cf52aa7a6 100644 |
727 | --- a/arch/microblaze/mm/fault.c |
728 | +++ b/arch/microblaze/mm/fault.c |
729 | @@ -92,8 +92,7 @@ void do_page_fault(struct pt_regs *regs, unsigned long address, |
730 | int code = SEGV_MAPERR; |
731 | int is_write = error_code & ESR_S; |
732 | int fault; |
733 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
734 | - (is_write ? FAULT_FLAG_WRITE : 0); |
735 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
736 | |
737 | regs->ear = address; |
738 | regs->esr = error_code; |
739 | @@ -121,6 +120,9 @@ void do_page_fault(struct pt_regs *regs, unsigned long address, |
740 | die("Weird page fault", regs, SIGSEGV); |
741 | } |
742 | |
743 | + if (user_mode(regs)) |
744 | + flags |= FAULT_FLAG_USER; |
745 | + |
746 | /* When running in the kernel we expect faults to occur only to |
747 | * addresses in user space. All other faults represent errors in the |
748 | * kernel and should generate an OOPS. Unfortunately, in the case of an |
749 | @@ -199,6 +201,7 @@ good_area: |
750 | if (unlikely(is_write)) { |
751 | if (unlikely(!(vma->vm_flags & VM_WRITE))) |
752 | goto bad_area; |
753 | + flags |= FAULT_FLAG_WRITE; |
754 | /* a read */ |
755 | } else { |
756 | /* protection fault */ |
757 | diff --git a/arch/mips/mm/c-r4k.c b/arch/mips/mm/c-r4k.c |
758 | index 5495101d32c8..c2ec87e5d1cc 100644 |
759 | --- a/arch/mips/mm/c-r4k.c |
760 | +++ b/arch/mips/mm/c-r4k.c |
761 | @@ -608,6 +608,7 @@ static void r4k_dma_cache_wback_inv(unsigned long addr, unsigned long size) |
762 | r4k_blast_scache(); |
763 | else |
764 | blast_scache_range(addr, addr + size); |
765 | + preempt_enable(); |
766 | __sync(); |
767 | return; |
768 | } |
769 | @@ -649,6 +650,7 @@ static void r4k_dma_cache_inv(unsigned long addr, unsigned long size) |
770 | */ |
771 | blast_inv_scache_range(addr, addr + size); |
772 | } |
773 | + preempt_enable(); |
774 | __sync(); |
775 | return; |
776 | } |
777 | diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c |
778 | index 0fead53d1c26..0214a43b9911 100644 |
779 | --- a/arch/mips/mm/fault.c |
780 | +++ b/arch/mips/mm/fault.c |
781 | @@ -41,8 +41,7 @@ asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, unsigned long writ |
782 | const int field = sizeof(unsigned long) * 2; |
783 | siginfo_t info; |
784 | int fault; |
785 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
786 | - (write ? FAULT_FLAG_WRITE : 0); |
787 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
788 | |
789 | #if 0 |
790 | printk("Cpu%d[%s:%d:%0*lx:%ld:%0*lx]\n", raw_smp_processor_id(), |
791 | @@ -92,6 +91,8 @@ asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, unsigned long writ |
792 | if (in_atomic() || !mm) |
793 | goto bad_area_nosemaphore; |
794 | |
795 | + if (user_mode(regs)) |
796 | + flags |= FAULT_FLAG_USER; |
797 | retry: |
798 | down_read(&mm->mmap_sem); |
799 | vma = find_vma(mm, address); |
800 | @@ -113,6 +114,7 @@ good_area: |
801 | if (write) { |
802 | if (!(vma->vm_flags & VM_WRITE)) |
803 | goto bad_area; |
804 | + flags |= FAULT_FLAG_WRITE; |
805 | } else { |
806 | if (cpu_has_rixi) { |
807 | if (address == regs->cp0_epc && !(vma->vm_flags & VM_EXEC)) { |
808 | @@ -240,6 +242,8 @@ out_of_memory: |
809 | * (which will retry the fault, or kill us if we got oom-killed). |
810 | */ |
811 | up_read(&mm->mmap_sem); |
812 | + if (!user_mode(regs)) |
813 | + goto no_context; |
814 | pagefault_out_of_memory(); |
815 | return; |
816 | |
817 | diff --git a/arch/mn10300/mm/fault.c b/arch/mn10300/mm/fault.c |
818 | index d48a84fd7fae..3516cbdf1ee9 100644 |
819 | --- a/arch/mn10300/mm/fault.c |
820 | +++ b/arch/mn10300/mm/fault.c |
821 | @@ -171,6 +171,8 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long fault_code, |
822 | if (in_atomic() || !mm) |
823 | goto no_context; |
824 | |
825 | + if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) |
826 | + flags |= FAULT_FLAG_USER; |
827 | retry: |
828 | down_read(&mm->mmap_sem); |
829 | |
830 | @@ -345,9 +347,10 @@ no_context: |
831 | */ |
832 | out_of_memory: |
833 | up_read(&mm->mmap_sem); |
834 | - printk(KERN_ALERT "VM: killing process %s\n", tsk->comm); |
835 | - if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) |
836 | - do_exit(SIGKILL); |
837 | + if ((fault_code & MMUFCR_xFC_ACCESS) == MMUFCR_xFC_ACCESS_USR) { |
838 | + pagefault_out_of_memory(); |
839 | + return; |
840 | + } |
841 | goto no_context; |
842 | |
843 | do_sigbus: |
844 | diff --git a/arch/openrisc/mm/fault.c b/arch/openrisc/mm/fault.c |
845 | index e2bfafce66c5..0703acf7d327 100644 |
846 | --- a/arch/openrisc/mm/fault.c |
847 | +++ b/arch/openrisc/mm/fault.c |
848 | @@ -86,6 +86,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long address, |
849 | if (user_mode(regs)) { |
850 | /* Exception was in userspace: reenable interrupts */ |
851 | local_irq_enable(); |
852 | + flags |= FAULT_FLAG_USER; |
853 | } else { |
854 | /* If exception was in a syscall, then IRQ's may have |
855 | * been enabled or disabled. If they were enabled, |
856 | @@ -267,10 +268,10 @@ out_of_memory: |
857 | __asm__ __volatile__("l.nop 1"); |
858 | |
859 | up_read(&mm->mmap_sem); |
860 | - printk("VM: killing process %s\n", tsk->comm); |
861 | - if (user_mode(regs)) |
862 | - do_exit(SIGKILL); |
863 | - goto no_context; |
864 | + if (!user_mode(regs)) |
865 | + goto no_context; |
866 | + pagefault_out_of_memory(); |
867 | + return; |
868 | |
869 | do_sigbus: |
870 | up_read(&mm->mmap_sem); |
871 | diff --git a/arch/parisc/include/uapi/asm/shmbuf.h b/arch/parisc/include/uapi/asm/shmbuf.h |
872 | index 0a3eada1863b..f395cde7b593 100644 |
873 | --- a/arch/parisc/include/uapi/asm/shmbuf.h |
874 | +++ b/arch/parisc/include/uapi/asm/shmbuf.h |
875 | @@ -36,23 +36,16 @@ struct shmid64_ds { |
876 | unsigned int __unused2; |
877 | }; |
878 | |
879 | -#ifdef CONFIG_64BIT |
880 | -/* The 'unsigned int' (formerly 'unsigned long') data types below will |
881 | - * ensure that a 32-bit app calling shmctl(*,IPC_INFO,*) will work on |
882 | - * a wide kernel, but if some of these values are meant to contain pointers |
883 | - * they may need to be 'long long' instead. -PB XXX FIXME |
884 | - */ |
885 | -#endif |
886 | struct shminfo64 { |
887 | - unsigned int shmmax; |
888 | - unsigned int shmmin; |
889 | - unsigned int shmmni; |
890 | - unsigned int shmseg; |
891 | - unsigned int shmall; |
892 | - unsigned int __unused1; |
893 | - unsigned int __unused2; |
894 | - unsigned int __unused3; |
895 | - unsigned int __unused4; |
896 | + unsigned long shmmax; |
897 | + unsigned long shmmin; |
898 | + unsigned long shmmni; |
899 | + unsigned long shmseg; |
900 | + unsigned long shmall; |
901 | + unsigned long __unused1; |
902 | + unsigned long __unused2; |
903 | + unsigned long __unused3; |
904 | + unsigned long __unused4; |
905 | }; |
906 | |
907 | #endif /* _PARISC_SHMBUF_H */ |
908 | diff --git a/arch/parisc/kernel/syscall_table.S b/arch/parisc/kernel/syscall_table.S |
909 | index 10a0c2aad8cf..b24732d1bdbf 100644 |
910 | --- a/arch/parisc/kernel/syscall_table.S |
911 | +++ b/arch/parisc/kernel/syscall_table.S |
912 | @@ -286,11 +286,11 @@ |
913 | ENTRY_COMP(msgsnd) |
914 | ENTRY_COMP(msgrcv) |
915 | ENTRY_SAME(msgget) /* 190 */ |
916 | - ENTRY_SAME(msgctl) |
917 | - ENTRY_SAME(shmat) |
918 | + ENTRY_COMP(msgctl) |
919 | + ENTRY_COMP(shmat) |
920 | ENTRY_SAME(shmdt) |
921 | ENTRY_SAME(shmget) |
922 | - ENTRY_SAME(shmctl) /* 195 */ |
923 | + ENTRY_COMP(shmctl) /* 195 */ |
924 | ENTRY_SAME(ni_syscall) /* streams1 */ |
925 | ENTRY_SAME(ni_syscall) /* streams2 */ |
926 | ENTRY_SAME(lstat64) |
927 | @@ -323,7 +323,7 @@ |
928 | ENTRY_SAME(epoll_ctl) /* 225 */ |
929 | ENTRY_SAME(epoll_wait) |
930 | ENTRY_SAME(remap_file_pages) |
931 | - ENTRY_SAME(semtimedop) |
932 | + ENTRY_COMP(semtimedop) |
933 | ENTRY_COMP(mq_open) |
934 | ENTRY_SAME(mq_unlink) /* 230 */ |
935 | ENTRY_COMP(mq_timedsend) |
936 | diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c |
937 | index f247a3480e8e..d10d27a720c0 100644 |
938 | --- a/arch/parisc/mm/fault.c |
939 | +++ b/arch/parisc/mm/fault.c |
940 | @@ -180,6 +180,10 @@ void do_page_fault(struct pt_regs *regs, unsigned long code, |
941 | if (in_atomic() || !mm) |
942 | goto no_context; |
943 | |
944 | + if (user_mode(regs)) |
945 | + flags |= FAULT_FLAG_USER; |
946 | + if (acc_type & VM_WRITE) |
947 | + flags |= FAULT_FLAG_WRITE; |
948 | retry: |
949 | down_read(&mm->mmap_sem); |
950 | vma = find_vma_prev(mm, address, &prev_vma); |
951 | @@ -203,8 +207,7 @@ good_area: |
952 | * fault. |
953 | */ |
954 | |
955 | - fault = handle_mm_fault(mm, vma, address, |
956 | - flags | ((acc_type & VM_WRITE) ? FAULT_FLAG_WRITE : 0)); |
957 | + fault = handle_mm_fault(mm, vma, address, flags); |
958 | |
959 | if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) |
960 | return; |
961 | diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c |
962 | index 8726779e1409..d9196c9f93d9 100644 |
963 | --- a/arch/powerpc/mm/fault.c |
964 | +++ b/arch/powerpc/mm/fault.c |
965 | @@ -223,9 +223,6 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, |
966 | is_write = error_code & ESR_DST; |
967 | #endif /* CONFIG_4xx || CONFIG_BOOKE */ |
968 | |
969 | - if (is_write) |
970 | - flags |= FAULT_FLAG_WRITE; |
971 | - |
972 | #ifdef CONFIG_PPC_ICSWX |
973 | /* |
974 | * we need to do this early because this "data storage |
975 | @@ -280,6 +277,9 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, |
976 | |
977 | perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address); |
978 | |
979 | + if (user_mode(regs)) |
980 | + flags |= FAULT_FLAG_USER; |
981 | + |
982 | /* When running in the kernel we expect faults to occur only to |
983 | * addresses in user space. All other faults represent errors in the |
984 | * kernel and should generate an OOPS. Unfortunately, in the case of an |
985 | @@ -408,6 +408,7 @@ good_area: |
986 | } else if (is_write) { |
987 | if (!(vma->vm_flags & VM_WRITE)) |
988 | goto bad_area; |
989 | + flags |= FAULT_FLAG_WRITE; |
990 | /* a read */ |
991 | } else { |
992 | /* protection fault */ |
993 | diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c |
994 | index 047c3e4c59a2..416facec4a33 100644 |
995 | --- a/arch/s390/mm/fault.c |
996 | +++ b/arch/s390/mm/fault.c |
997 | @@ -302,6 +302,8 @@ static inline int do_exception(struct pt_regs *regs, int access) |
998 | address = trans_exc_code & __FAIL_ADDR_MASK; |
999 | perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address); |
1000 | flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1001 | + if (user_mode(regs)) |
1002 | + flags |= FAULT_FLAG_USER; |
1003 | if (access == VM_WRITE || (trans_exc_code & store_indication) == 0x400) |
1004 | flags |= FAULT_FLAG_WRITE; |
1005 | down_read(&mm->mmap_sem); |
1006 | diff --git a/arch/score/mm/fault.c b/arch/score/mm/fault.c |
1007 | index 47b600e4b2c5..52238983527d 100644 |
1008 | --- a/arch/score/mm/fault.c |
1009 | +++ b/arch/score/mm/fault.c |
1010 | @@ -47,6 +47,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long write, |
1011 | struct task_struct *tsk = current; |
1012 | struct mm_struct *mm = tsk->mm; |
1013 | const int field = sizeof(unsigned long) * 2; |
1014 | + unsigned long flags = 0; |
1015 | siginfo_t info; |
1016 | int fault; |
1017 | |
1018 | @@ -75,6 +76,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long write, |
1019 | if (in_atomic() || !mm) |
1020 | goto bad_area_nosemaphore; |
1021 | |
1022 | + if (user_mode(regs)) |
1023 | + flags |= FAULT_FLAG_USER; |
1024 | + |
1025 | down_read(&mm->mmap_sem); |
1026 | vma = find_vma(mm, address); |
1027 | if (!vma) |
1028 | @@ -95,18 +99,18 @@ good_area: |
1029 | if (write) { |
1030 | if (!(vma->vm_flags & VM_WRITE)) |
1031 | goto bad_area; |
1032 | + flags |= FAULT_FLAG_WRITE; |
1033 | } else { |
1034 | if (!(vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))) |
1035 | goto bad_area; |
1036 | } |
1037 | |
1038 | -survive: |
1039 | /* |
1040 | * If for any reason at all we couldn't handle the fault, |
1041 | * make sure we exit gracefully rather than endlessly redo |
1042 | * the fault. |
1043 | */ |
1044 | - fault = handle_mm_fault(mm, vma, address, write); |
1045 | + fault = handle_mm_fault(mm, vma, address, flags); |
1046 | if (unlikely(fault & VM_FAULT_ERROR)) { |
1047 | if (fault & VM_FAULT_OOM) |
1048 | goto out_of_memory; |
1049 | @@ -167,15 +171,10 @@ no_context: |
1050 | */ |
1051 | out_of_memory: |
1052 | up_read(&mm->mmap_sem); |
1053 | - if (is_global_init(tsk)) { |
1054 | - yield(); |
1055 | - down_read(&mm->mmap_sem); |
1056 | - goto survive; |
1057 | - } |
1058 | - printk("VM: killing process %s\n", tsk->comm); |
1059 | - if (user_mode(regs)) |
1060 | - do_group_exit(SIGKILL); |
1061 | - goto no_context; |
1062 | + if (!user_mode(regs)) |
1063 | + goto no_context; |
1064 | + pagefault_out_of_memory(); |
1065 | + return; |
1066 | |
1067 | do_sigbus: |
1068 | up_read(&mm->mmap_sem); |
1069 | diff --git a/arch/sh/mm/fault.c b/arch/sh/mm/fault.c |
1070 | index 1f49c28affa9..541dc6101508 100644 |
1071 | --- a/arch/sh/mm/fault.c |
1072 | +++ b/arch/sh/mm/fault.c |
1073 | @@ -400,9 +400,7 @@ asmlinkage void __kprobes do_page_fault(struct pt_regs *regs, |
1074 | struct mm_struct *mm; |
1075 | struct vm_area_struct * vma; |
1076 | int fault; |
1077 | - int write = error_code & FAULT_CODE_WRITE; |
1078 | - unsigned int flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
1079 | - (write ? FAULT_FLAG_WRITE : 0)); |
1080 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1081 | |
1082 | tsk = current; |
1083 | mm = tsk->mm; |
1084 | @@ -476,6 +474,11 @@ good_area: |
1085 | |
1086 | set_thread_fault_code(error_code); |
1087 | |
1088 | + if (user_mode(regs)) |
1089 | + flags |= FAULT_FLAG_USER; |
1090 | + if (error_code & FAULT_CODE_WRITE) |
1091 | + flags |= FAULT_FLAG_WRITE; |
1092 | + |
1093 | /* |
1094 | * If for any reason at all we couldn't handle the fault, |
1095 | * make sure we exit gracefully rather than endlessly redo |
1096 | diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h |
1097 | index 905832aa9e9e..a0ed182ae73c 100644 |
1098 | --- a/arch/sparc/include/asm/atomic_32.h |
1099 | +++ b/arch/sparc/include/asm/atomic_32.h |
1100 | @@ -21,7 +21,7 @@ |
1101 | |
1102 | extern int __atomic_add_return(int, atomic_t *); |
1103 | extern int atomic_cmpxchg(atomic_t *, int, int); |
1104 | -#define atomic_xchg(v, new) (xchg(&((v)->counter), new)) |
1105 | +extern int atomic_xchg(atomic_t *, int); |
1106 | extern int __atomic_add_unless(atomic_t *, int, int); |
1107 | extern void atomic_set(atomic_t *, int); |
1108 | |
1109 | diff --git a/arch/sparc/include/asm/cmpxchg_32.h b/arch/sparc/include/asm/cmpxchg_32.h |
1110 | index 1fae1a02e3c2..ae0f9a7a314d 100644 |
1111 | --- a/arch/sparc/include/asm/cmpxchg_32.h |
1112 | +++ b/arch/sparc/include/asm/cmpxchg_32.h |
1113 | @@ -11,22 +11,14 @@ |
1114 | #ifndef __ARCH_SPARC_CMPXCHG__ |
1115 | #define __ARCH_SPARC_CMPXCHG__ |
1116 | |
1117 | -static inline unsigned long xchg_u32(__volatile__ unsigned long *m, unsigned long val) |
1118 | -{ |
1119 | - __asm__ __volatile__("swap [%2], %0" |
1120 | - : "=&r" (val) |
1121 | - : "0" (val), "r" (m) |
1122 | - : "memory"); |
1123 | - return val; |
1124 | -} |
1125 | - |
1126 | +extern unsigned long __xchg_u32(volatile u32 *m, u32 new); |
1127 | extern void __xchg_called_with_bad_pointer(void); |
1128 | |
1129 | static inline unsigned long __xchg(unsigned long x, __volatile__ void * ptr, int size) |
1130 | { |
1131 | switch (size) { |
1132 | case 4: |
1133 | - return xchg_u32(ptr, x); |
1134 | + return __xchg_u32(ptr, x); |
1135 | } |
1136 | __xchg_called_with_bad_pointer(); |
1137 | return x; |
1138 | diff --git a/arch/sparc/include/asm/vio.h b/arch/sparc/include/asm/vio.h |
1139 | index 432afa838861..55841c184e6d 100644 |
1140 | --- a/arch/sparc/include/asm/vio.h |
1141 | +++ b/arch/sparc/include/asm/vio.h |
1142 | @@ -118,12 +118,18 @@ struct vio_disk_attr_info { |
1143 | u8 vdisk_type; |
1144 | #define VD_DISK_TYPE_SLICE 0x01 /* Slice in block device */ |
1145 | #define VD_DISK_TYPE_DISK 0x02 /* Entire block device */ |
1146 | - u16 resv1; |
1147 | + u8 vdisk_mtype; /* v1.1 */ |
1148 | +#define VD_MEDIA_TYPE_FIXED 0x01 /* Fixed device */ |
1149 | +#define VD_MEDIA_TYPE_CD 0x02 /* CD Device */ |
1150 | +#define VD_MEDIA_TYPE_DVD 0x03 /* DVD Device */ |
1151 | + u8 resv1; |
1152 | u32 vdisk_block_size; |
1153 | u64 operations; |
1154 | - u64 vdisk_size; |
1155 | + u64 vdisk_size; /* v1.1 */ |
1156 | u64 max_xfer_size; |
1157 | - u64 resv2[2]; |
1158 | + u32 phys_block_size; /* v1.2 */ |
1159 | + u32 resv2; |
1160 | + u64 resv3[1]; |
1161 | }; |
1162 | |
1163 | struct vio_disk_desc { |
1164 | @@ -259,7 +265,7 @@ static inline u32 vio_dring_avail(struct vio_dring_state *dr, |
1165 | unsigned int ring_size) |
1166 | { |
1167 | return (dr->pending - |
1168 | - ((dr->prod - dr->cons) & (ring_size - 1))); |
1169 | + ((dr->prod - dr->cons) & (ring_size - 1)) - 1); |
1170 | } |
1171 | |
1172 | #define VIO_MAX_TYPE_LEN 32 |
1173 | diff --git a/arch/sparc/kernel/pci_schizo.c b/arch/sparc/kernel/pci_schizo.c |
1174 | index 8f76f23dac38..f9c6813c132d 100644 |
1175 | --- a/arch/sparc/kernel/pci_schizo.c |
1176 | +++ b/arch/sparc/kernel/pci_schizo.c |
1177 | @@ -581,7 +581,7 @@ static irqreturn_t schizo_pcierr_intr_other(struct pci_pbm_info *pbm) |
1178 | { |
1179 | unsigned long csr_reg, csr, csr_error_bits; |
1180 | irqreturn_t ret = IRQ_NONE; |
1181 | - u16 stat; |
1182 | + u32 stat; |
1183 | |
1184 | csr_reg = pbm->pbm_regs + SCHIZO_PCI_CTRL; |
1185 | csr = upa_readq(csr_reg); |
1186 | @@ -617,7 +617,7 @@ static irqreturn_t schizo_pcierr_intr_other(struct pci_pbm_info *pbm) |
1187 | pbm->name); |
1188 | ret = IRQ_HANDLED; |
1189 | } |
1190 | - pci_read_config_word(pbm->pci_bus->self, PCI_STATUS, &stat); |
1191 | + pbm->pci_ops->read(pbm->pci_bus, 0, PCI_STATUS, 2, &stat); |
1192 | if (stat & (PCI_STATUS_PARITY | |
1193 | PCI_STATUS_SIG_TARGET_ABORT | |
1194 | PCI_STATUS_REC_TARGET_ABORT | |
1195 | @@ -625,7 +625,7 @@ static irqreturn_t schizo_pcierr_intr_other(struct pci_pbm_info *pbm) |
1196 | PCI_STATUS_SIG_SYSTEM_ERROR)) { |
1197 | printk("%s: PCI bus error, PCI_STATUS[%04x]\n", |
1198 | pbm->name, stat); |
1199 | - pci_write_config_word(pbm->pci_bus->self, PCI_STATUS, 0xffff); |
1200 | + pbm->pci_ops->write(pbm->pci_bus, 0, PCI_STATUS, 2, 0xffff); |
1201 | ret = IRQ_HANDLED; |
1202 | } |
1203 | return ret; |
1204 | diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c |
1205 | index 8565ecd7d48a..173964d5e948 100644 |
1206 | --- a/arch/sparc/kernel/smp_64.c |
1207 | +++ b/arch/sparc/kernel/smp_64.c |
1208 | @@ -821,13 +821,17 @@ void arch_send_call_function_single_ipi(int cpu) |
1209 | void __irq_entry smp_call_function_client(int irq, struct pt_regs *regs) |
1210 | { |
1211 | clear_softint(1 << irq); |
1212 | + irq_enter(); |
1213 | generic_smp_call_function_interrupt(); |
1214 | + irq_exit(); |
1215 | } |
1216 | |
1217 | void __irq_entry smp_call_function_single_client(int irq, struct pt_regs *regs) |
1218 | { |
1219 | clear_softint(1 << irq); |
1220 | + irq_enter(); |
1221 | generic_smp_call_function_single_interrupt(); |
1222 | + irq_exit(); |
1223 | } |
1224 | |
1225 | static void tsb_sync(void *info) |
1226 | diff --git a/arch/sparc/lib/atomic32.c b/arch/sparc/lib/atomic32.c |
1227 | index 1d32b54089aa..8f2f94d53434 100644 |
1228 | --- a/arch/sparc/lib/atomic32.c |
1229 | +++ b/arch/sparc/lib/atomic32.c |
1230 | @@ -40,6 +40,19 @@ int __atomic_add_return(int i, atomic_t *v) |
1231 | } |
1232 | EXPORT_SYMBOL(__atomic_add_return); |
1233 | |
1234 | +int atomic_xchg(atomic_t *v, int new) |
1235 | +{ |
1236 | + int ret; |
1237 | + unsigned long flags; |
1238 | + |
1239 | + spin_lock_irqsave(ATOMIC_HASH(v), flags); |
1240 | + ret = v->counter; |
1241 | + v->counter = new; |
1242 | + spin_unlock_irqrestore(ATOMIC_HASH(v), flags); |
1243 | + return ret; |
1244 | +} |
1245 | +EXPORT_SYMBOL(atomic_xchg); |
1246 | + |
1247 | int atomic_cmpxchg(atomic_t *v, int old, int new) |
1248 | { |
1249 | int ret; |
1250 | @@ -132,3 +145,17 @@ unsigned long __cmpxchg_u32(volatile u32 *ptr, u32 old, u32 new) |
1251 | return (unsigned long)prev; |
1252 | } |
1253 | EXPORT_SYMBOL(__cmpxchg_u32); |
1254 | + |
1255 | +unsigned long __xchg_u32(volatile u32 *ptr, u32 new) |
1256 | +{ |
1257 | + unsigned long flags; |
1258 | + u32 prev; |
1259 | + |
1260 | + spin_lock_irqsave(ATOMIC_HASH(ptr), flags); |
1261 | + prev = *ptr; |
1262 | + *ptr = new; |
1263 | + spin_unlock_irqrestore(ATOMIC_HASH(ptr), flags); |
1264 | + |
1265 | + return (unsigned long)prev; |
1266 | +} |
1267 | +EXPORT_SYMBOL(__xchg_u32); |
1268 | diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c |
1269 | index e98bfda205a2..59dbd4645725 100644 |
1270 | --- a/arch/sparc/mm/fault_32.c |
1271 | +++ b/arch/sparc/mm/fault_32.c |
1272 | @@ -177,8 +177,7 @@ asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write, |
1273 | unsigned long g2; |
1274 | int from_user = !(regs->psr & PSR_PS); |
1275 | int fault, code; |
1276 | - unsigned int flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
1277 | - (write ? FAULT_FLAG_WRITE : 0)); |
1278 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1279 | |
1280 | if (text_fault) |
1281 | address = regs->pc; |
1282 | @@ -235,6 +234,11 @@ good_area: |
1283 | goto bad_area; |
1284 | } |
1285 | |
1286 | + if (from_user) |
1287 | + flags |= FAULT_FLAG_USER; |
1288 | + if (write) |
1289 | + flags |= FAULT_FLAG_WRITE; |
1290 | + |
1291 | /* |
1292 | * If for any reason at all we couldn't handle the fault, |
1293 | * make sure we exit gracefully rather than endlessly redo |
1294 | @@ -383,6 +387,7 @@ static void force_user_fault(unsigned long address, int write) |
1295 | struct vm_area_struct *vma; |
1296 | struct task_struct *tsk = current; |
1297 | struct mm_struct *mm = tsk->mm; |
1298 | + unsigned int flags = FAULT_FLAG_USER; |
1299 | int code; |
1300 | |
1301 | code = SEGV_MAPERR; |
1302 | @@ -402,11 +407,12 @@ good_area: |
1303 | if (write) { |
1304 | if (!(vma->vm_flags & VM_WRITE)) |
1305 | goto bad_area; |
1306 | + flags |= FAULT_FLAG_WRITE; |
1307 | } else { |
1308 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) |
1309 | goto bad_area; |
1310 | } |
1311 | - switch (handle_mm_fault(mm, vma, address, write ? FAULT_FLAG_WRITE : 0)) { |
1312 | + switch (handle_mm_fault(mm, vma, address, flags)) { |
1313 | case VM_FAULT_SIGBUS: |
1314 | case VM_FAULT_OOM: |
1315 | goto do_sigbus; |
1316 | diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c |
1317 | index ea83f82464da..3841a081beb3 100644 |
1318 | --- a/arch/sparc/mm/fault_64.c |
1319 | +++ b/arch/sparc/mm/fault_64.c |
1320 | @@ -323,7 +323,8 @@ asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) |
1321 | bad_kernel_pc(regs, address); |
1322 | return; |
1323 | } |
1324 | - } |
1325 | + } else |
1326 | + flags |= FAULT_FLAG_USER; |
1327 | |
1328 | /* |
1329 | * If we're in an interrupt or have no user |
1330 | @@ -426,13 +427,14 @@ good_area: |
1331 | vma->vm_file != NULL) |
1332 | set_thread_fault_code(fault_code | |
1333 | FAULT_CODE_BLKCOMMIT); |
1334 | + |
1335 | + flags |= FAULT_FLAG_WRITE; |
1336 | } else { |
1337 | /* Allow reads even for write-only mappings */ |
1338 | if (!(vma->vm_flags & (VM_READ | VM_EXEC))) |
1339 | goto bad_area; |
1340 | } |
1341 | |
1342 | - flags |= ((fault_code & FAULT_CODE_WRITE) ? FAULT_FLAG_WRITE : 0); |
1343 | fault = handle_mm_fault(mm, vma, address, flags); |
1344 | |
1345 | if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) |
1346 | diff --git a/arch/tile/mm/fault.c b/arch/tile/mm/fault.c |
1347 | index 3d2b81c163a6..3ff289f422e6 100644 |
1348 | --- a/arch/tile/mm/fault.c |
1349 | +++ b/arch/tile/mm/fault.c |
1350 | @@ -280,8 +280,7 @@ static int handle_page_fault(struct pt_regs *regs, |
1351 | if (!is_page_fault) |
1352 | write = 1; |
1353 | |
1354 | - flags = (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
1355 | - (write ? FAULT_FLAG_WRITE : 0)); |
1356 | + flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1357 | |
1358 | is_kernel_mode = (EX1_PL(regs->ex1) != USER_PL); |
1359 | |
1360 | @@ -365,6 +364,9 @@ static int handle_page_fault(struct pt_regs *regs, |
1361 | goto bad_area_nosemaphore; |
1362 | } |
1363 | |
1364 | + if (!is_kernel_mode) |
1365 | + flags |= FAULT_FLAG_USER; |
1366 | + |
1367 | /* |
1368 | * When running in the kernel we expect faults to occur only to |
1369 | * addresses in user space. All other faults represent errors in the |
1370 | @@ -425,12 +427,12 @@ good_area: |
1371 | #endif |
1372 | if (!(vma->vm_flags & VM_WRITE)) |
1373 | goto bad_area; |
1374 | + flags |= FAULT_FLAG_WRITE; |
1375 | } else { |
1376 | if (!is_page_fault || !(vma->vm_flags & VM_READ)) |
1377 | goto bad_area; |
1378 | } |
1379 | |
1380 | - survive: |
1381 | /* |
1382 | * If for any reason at all we couldn't handle the fault, |
1383 | * make sure we exit gracefully rather than endlessly redo |
1384 | @@ -568,15 +570,10 @@ no_context: |
1385 | */ |
1386 | out_of_memory: |
1387 | up_read(&mm->mmap_sem); |
1388 | - if (is_global_init(tsk)) { |
1389 | - yield(); |
1390 | - down_read(&mm->mmap_sem); |
1391 | - goto survive; |
1392 | - } |
1393 | - pr_alert("VM: killing process %s\n", tsk->comm); |
1394 | - if (!is_kernel_mode) |
1395 | - do_group_exit(SIGKILL); |
1396 | - goto no_context; |
1397 | + if (is_kernel_mode) |
1398 | + goto no_context; |
1399 | + pagefault_out_of_memory(); |
1400 | + return 0; |
1401 | |
1402 | do_sigbus: |
1403 | up_read(&mm->mmap_sem); |
1404 | diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c |
1405 | index 089f3987e273..5c3aef74237f 100644 |
1406 | --- a/arch/um/kernel/trap.c |
1407 | +++ b/arch/um/kernel/trap.c |
1408 | @@ -30,8 +30,7 @@ int handle_page_fault(unsigned long address, unsigned long ip, |
1409 | pmd_t *pmd; |
1410 | pte_t *pte; |
1411 | int err = -EFAULT; |
1412 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
1413 | - (is_write ? FAULT_FLAG_WRITE : 0); |
1414 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1415 | |
1416 | *code_out = SEGV_MAPERR; |
1417 | |
1418 | @@ -42,6 +41,8 @@ int handle_page_fault(unsigned long address, unsigned long ip, |
1419 | if (in_atomic()) |
1420 | goto out_nosemaphore; |
1421 | |
1422 | + if (is_user) |
1423 | + flags |= FAULT_FLAG_USER; |
1424 | retry: |
1425 | down_read(&mm->mmap_sem); |
1426 | vma = find_vma(mm, address); |
1427 | @@ -58,12 +59,15 @@ retry: |
1428 | |
1429 | good_area: |
1430 | *code_out = SEGV_ACCERR; |
1431 | - if (is_write && !(vma->vm_flags & VM_WRITE)) |
1432 | - goto out; |
1433 | - |
1434 | - /* Don't require VM_READ|VM_EXEC for write faults! */ |
1435 | - if (!is_write && !(vma->vm_flags & (VM_READ | VM_EXEC))) |
1436 | - goto out; |
1437 | + if (is_write) { |
1438 | + if (!(vma->vm_flags & VM_WRITE)) |
1439 | + goto out; |
1440 | + flags |= FAULT_FLAG_WRITE; |
1441 | + } else { |
1442 | + /* Don't require VM_READ|VM_EXEC for write faults! */ |
1443 | + if (!(vma->vm_flags & (VM_READ | VM_EXEC))) |
1444 | + goto out; |
1445 | + } |
1446 | |
1447 | do { |
1448 | int fault; |
1449 | @@ -124,6 +128,8 @@ out_of_memory: |
1450 | * (which will retry the fault, or kill us if we got oom-killed). |
1451 | */ |
1452 | up_read(&mm->mmap_sem); |
1453 | + if (!is_user) |
1454 | + goto out_nosemaphore; |
1455 | pagefault_out_of_memory(); |
1456 | return 0; |
1457 | } |
1458 | diff --git a/arch/unicore32/mm/fault.c b/arch/unicore32/mm/fault.c |
1459 | index f9b5c10bccee..0dc922dba915 100644 |
1460 | --- a/arch/unicore32/mm/fault.c |
1461 | +++ b/arch/unicore32/mm/fault.c |
1462 | @@ -209,8 +209,7 @@ static int do_pf(unsigned long addr, unsigned int fsr, struct pt_regs *regs) |
1463 | struct task_struct *tsk; |
1464 | struct mm_struct *mm; |
1465 | int fault, sig, code; |
1466 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
1467 | - ((!(fsr ^ 0x12)) ? FAULT_FLAG_WRITE : 0); |
1468 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1469 | |
1470 | tsk = current; |
1471 | mm = tsk->mm; |
1472 | @@ -222,6 +221,11 @@ static int do_pf(unsigned long addr, unsigned int fsr, struct pt_regs *regs) |
1473 | if (in_atomic() || !mm) |
1474 | goto no_context; |
1475 | |
1476 | + if (user_mode(regs)) |
1477 | + flags |= FAULT_FLAG_USER; |
1478 | + if (!(fsr ^ 0x12)) |
1479 | + flags |= FAULT_FLAG_WRITE; |
1480 | + |
1481 | /* |
1482 | * As per x86, we may deadlock here. However, since the kernel only |
1483 | * validly references user space from well defined areas of the code, |
1484 | @@ -278,6 +282,13 @@ retry: |
1485 | (VM_FAULT_ERROR | VM_FAULT_BADMAP | VM_FAULT_BADACCESS)))) |
1486 | return 0; |
1487 | |
1488 | + /* |
1489 | + * If we are in kernel mode at this point, we |
1490 | + * have no context to handle this fault with. |
1491 | + */ |
1492 | + if (!user_mode(regs)) |
1493 | + goto no_context; |
1494 | + |
1495 | if (fault & VM_FAULT_OOM) { |
1496 | /* |
1497 | * We ran out of memory, call the OOM killer, and return to |
1498 | @@ -288,13 +299,6 @@ retry: |
1499 | return 0; |
1500 | } |
1501 | |
1502 | - /* |
1503 | - * If we are in kernel mode at this point, we |
1504 | - * have no context to handle this fault with. |
1505 | - */ |
1506 | - if (!user_mode(regs)) |
1507 | - goto no_context; |
1508 | - |
1509 | if (fault & VM_FAULT_SIGBUS) { |
1510 | /* |
1511 | * We had some memory, but were unable to |
1512 | diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c |
1513 | index b45ac6affa9c..6d6bb6f4fd43 100644 |
1514 | --- a/arch/x86/kernel/cpu/perf_event_intel.c |
1515 | +++ b/arch/x86/kernel/cpu/perf_event_intel.c |
1516 | @@ -2172,6 +2172,9 @@ __init int intel_pmu_init(void) |
1517 | case 62: /* IvyBridge EP */ |
1518 | memcpy(hw_cache_event_ids, snb_hw_cache_event_ids, |
1519 | sizeof(hw_cache_event_ids)); |
1520 | + /* dTLB-load-misses on IVB is different than SNB */ |
1521 | + hw_cache_event_ids[C(DTLB)][C(OP_READ)][C(RESULT_MISS)] = 0x8108; /* DTLB_LOAD_MISSES.DEMAND_LD_MISS_CAUSES_A_WALK */ |
1522 | + |
1523 | memcpy(hw_cache_extra_regs, snb_hw_cache_extra_regs, |
1524 | sizeof(hw_cache_extra_regs)); |
1525 | |
1526 | diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c |
1527 | index 29a8120e6fe8..baa61e7370b7 100644 |
1528 | --- a/arch/x86/kernel/ptrace.c |
1529 | +++ b/arch/x86/kernel/ptrace.c |
1530 | @@ -1475,15 +1475,6 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, |
1531 | force_sig_info(SIGTRAP, &info, tsk); |
1532 | } |
1533 | |
1534 | - |
1535 | -#ifdef CONFIG_X86_32 |
1536 | -# define IS_IA32 1 |
1537 | -#elif defined CONFIG_IA32_EMULATION |
1538 | -# define IS_IA32 is_compat_task() |
1539 | -#else |
1540 | -# define IS_IA32 0 |
1541 | -#endif |
1542 | - |
1543 | /* |
1544 | * We must return the syscall number to actually look up in the table. |
1545 | * This can be -1L to skip running any syscall at all. |
1546 | @@ -1521,7 +1512,7 @@ long syscall_trace_enter(struct pt_regs *regs) |
1547 | if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) |
1548 | trace_sys_enter(regs, regs->orig_ax); |
1549 | |
1550 | - if (IS_IA32) |
1551 | + if (is_ia32_task()) |
1552 | audit_syscall_entry(AUDIT_ARCH_I386, |
1553 | regs->orig_ax, |
1554 | regs->bx, regs->cx, |
1555 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
1556 | index 684f46dc87de..adfc30d9f9f4 100644 |
1557 | --- a/arch/x86/kvm/x86.c |
1558 | +++ b/arch/x86/kvm/x86.c |
1559 | @@ -4834,7 +4834,7 @@ static int handle_emulation_failure(struct kvm_vcpu *vcpu) |
1560 | |
1561 | ++vcpu->stat.insn_emulation_fail; |
1562 | trace_kvm_emulate_insn_failed(vcpu); |
1563 | - if (!is_guest_mode(vcpu)) { |
1564 | + if (!is_guest_mode(vcpu) && kvm_x86_ops->get_cpl(vcpu) == 0) { |
1565 | vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; |
1566 | vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION; |
1567 | vcpu->run->internal.ndata = 0; |
1568 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
1569 | index c1e9e4cbbd76..d8b1ff68dbb9 100644 |
1570 | --- a/arch/x86/mm/fault.c |
1571 | +++ b/arch/x86/mm/fault.c |
1572 | @@ -842,23 +842,15 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, |
1573 | force_sig_info_fault(SIGBUS, code, address, tsk, fault); |
1574 | } |
1575 | |
1576 | -static noinline int |
1577 | +static noinline void |
1578 | mm_fault_error(struct pt_regs *regs, unsigned long error_code, |
1579 | unsigned long address, unsigned int fault) |
1580 | { |
1581 | - /* |
1582 | - * Pagefault was interrupted by SIGKILL. We have no reason to |
1583 | - * continue pagefault. |
1584 | - */ |
1585 | - if (fatal_signal_pending(current)) { |
1586 | - if (!(fault & VM_FAULT_RETRY)) |
1587 | - up_read(¤t->mm->mmap_sem); |
1588 | - if (!(error_code & PF_USER)) |
1589 | - no_context(regs, error_code, address, 0, 0); |
1590 | - return 1; |
1591 | + if (fatal_signal_pending(current) && !(error_code & PF_USER)) { |
1592 | + up_read(¤t->mm->mmap_sem); |
1593 | + no_context(regs, error_code, address, 0, 0); |
1594 | + return; |
1595 | } |
1596 | - if (!(fault & VM_FAULT_ERROR)) |
1597 | - return 0; |
1598 | |
1599 | if (fault & VM_FAULT_OOM) { |
1600 | /* Kernel mode? Handle exceptions or die: */ |
1601 | @@ -866,7 +858,7 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code, |
1602 | up_read(¤t->mm->mmap_sem); |
1603 | no_context(regs, error_code, address, |
1604 | SIGSEGV, SEGV_MAPERR); |
1605 | - return 1; |
1606 | + return; |
1607 | } |
1608 | |
1609 | up_read(¤t->mm->mmap_sem); |
1610 | @@ -884,7 +876,6 @@ mm_fault_error(struct pt_regs *regs, unsigned long error_code, |
1611 | else |
1612 | BUG(); |
1613 | } |
1614 | - return 1; |
1615 | } |
1616 | |
1617 | static int spurious_fault_check(unsigned long error_code, pte_t *pte) |
1618 | @@ -1017,9 +1008,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) |
1619 | unsigned long address; |
1620 | struct mm_struct *mm; |
1621 | int fault; |
1622 | - int write = error_code & PF_WRITE; |
1623 | - unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | |
1624 | - (write ? FAULT_FLAG_WRITE : 0); |
1625 | + unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; |
1626 | |
1627 | tsk = current; |
1628 | mm = tsk->mm; |
1629 | @@ -1089,6 +1078,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) |
1630 | if (user_mode_vm(regs)) { |
1631 | local_irq_enable(); |
1632 | error_code |= PF_USER; |
1633 | + flags |= FAULT_FLAG_USER; |
1634 | } else { |
1635 | if (regs->flags & X86_EFLAGS_IF) |
1636 | local_irq_enable(); |
1637 | @@ -1113,6 +1103,9 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) |
1638 | return; |
1639 | } |
1640 | |
1641 | + if (error_code & PF_WRITE) |
1642 | + flags |= FAULT_FLAG_WRITE; |
1643 | + |
1644 | /* |
1645 | * When running in the kernel we expect faults to occur only to |
1646 | * addresses in user space. All other faults represent errors in |
1647 | @@ -1191,9 +1184,17 @@ good_area: |
1648 | */ |
1649 | fault = handle_mm_fault(mm, vma, address, flags); |
1650 | |
1651 | - if (unlikely(fault & (VM_FAULT_RETRY|VM_FAULT_ERROR))) { |
1652 | - if (mm_fault_error(regs, error_code, address, fault)) |
1653 | - return; |
1654 | + /* |
1655 | + * If we need to retry but a fatal signal is pending, handle the |
1656 | + * signal first. We do not need to release the mmap_sem because it |
1657 | + * would already be released in __lock_page_or_retry in mm/filemap.c. |
1658 | + */ |
1659 | + if (unlikely((fault & VM_FAULT_RETRY) && fatal_signal_pending(current))) |
1660 | + return; |
1661 | + |
1662 | + if (unlikely(fault & VM_FAULT_ERROR)) { |
1663 | + mm_fault_error(regs, error_code, address, fault); |
1664 | + return; |
1665 | } |
1666 | |
1667 | /* |
1668 | diff --git a/arch/xtensa/include/uapi/asm/unistd.h b/arch/xtensa/include/uapi/asm/unistd.h |
1669 | index 51940fec6990..513effd48060 100644 |
1670 | --- a/arch/xtensa/include/uapi/asm/unistd.h |
1671 | +++ b/arch/xtensa/include/uapi/asm/unistd.h |
1672 | @@ -384,7 +384,8 @@ __SYSCALL(174, sys_chroot, 1) |
1673 | #define __NR_pivot_root 175 |
1674 | __SYSCALL(175, sys_pivot_root, 2) |
1675 | #define __NR_umount 176 |
1676 | -__SYSCALL(176, sys_umount, 2) |
1677 | +__SYSCALL(176, sys_oldumount, 1) |
1678 | +#define __ARCH_WANT_SYS_OLDUMOUNT |
1679 | #define __NR_swapoff 177 |
1680 | __SYSCALL(177, sys_swapoff, 1) |
1681 | #define __NR_sync 178 |
1682 | diff --git a/arch/xtensa/mm/fault.c b/arch/xtensa/mm/fault.c |
1683 | index 4b7bc8db170f..70fa7bc42b4a 100644 |
1684 | --- a/arch/xtensa/mm/fault.c |
1685 | +++ b/arch/xtensa/mm/fault.c |
1686 | @@ -72,6 +72,8 @@ void do_page_fault(struct pt_regs *regs) |
1687 | address, exccause, regs->pc, is_write? "w":"", is_exec? "x":""); |
1688 | #endif |
1689 | |
1690 | + if (user_mode(regs)) |
1691 | + flags |= FAULT_FLAG_USER; |
1692 | retry: |
1693 | down_read(&mm->mmap_sem); |
1694 | vma = find_vma(mm, address); |
1695 | diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c |
1696 | index c3f09505f795..64150a9ffff3 100644 |
1697 | --- a/drivers/ata/ahci.c |
1698 | +++ b/drivers/ata/ahci.c |
1699 | @@ -61,6 +61,7 @@ enum board_ids { |
1700 | /* board IDs by feature in alphabetical order */ |
1701 | board_ahci, |
1702 | board_ahci_ign_iferr, |
1703 | + board_ahci_nomsi, |
1704 | board_ahci_noncq, |
1705 | board_ahci_nosntf, |
1706 | board_ahci_yes_fbs, |
1707 | @@ -120,6 +121,13 @@ static const struct ata_port_info ahci_port_info[] = { |
1708 | .udma_mask = ATA_UDMA6, |
1709 | .port_ops = &ahci_ops, |
1710 | }, |
1711 | + [board_ahci_nomsi] = { |
1712 | + AHCI_HFLAGS (AHCI_HFLAG_NO_MSI), |
1713 | + .flags = AHCI_FLAG_COMMON, |
1714 | + .pio_mask = ATA_PIO4, |
1715 | + .udma_mask = ATA_UDMA6, |
1716 | + .port_ops = &ahci_ops, |
1717 | + }, |
1718 | [board_ahci_noncq] = { |
1719 | AHCI_HFLAGS (AHCI_HFLAG_NO_NCQ), |
1720 | .flags = AHCI_FLAG_COMMON, |
1721 | @@ -312,6 +320,11 @@ static const struct pci_device_id ahci_pci_tbl[] = { |
1722 | { PCI_VDEVICE(INTEL, 0x8c87), board_ahci }, /* 9 Series RAID */ |
1723 | { PCI_VDEVICE(INTEL, 0x8c8e), board_ahci }, /* 9 Series RAID */ |
1724 | { PCI_VDEVICE(INTEL, 0x8c8f), board_ahci }, /* 9 Series RAID */ |
1725 | + { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H AHCI */ |
1726 | + { PCI_VDEVICE(INTEL, 0xa103), board_ahci }, /* Sunrise Point-H RAID */ |
1727 | + { PCI_VDEVICE(INTEL, 0xa105), board_ahci }, /* Sunrise Point-H RAID */ |
1728 | + { PCI_VDEVICE(INTEL, 0xa107), board_ahci }, /* Sunrise Point-H RAID */ |
1729 | + { PCI_VDEVICE(INTEL, 0xa10f), board_ahci }, /* Sunrise Point-H RAID */ |
1730 | |
1731 | /* JMicron 360/1/3/5/6, match class to avoid IDE function */ |
1732 | { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, |
1733 | @@ -474,10 +487,10 @@ static const struct pci_device_id ahci_pci_tbl[] = { |
1734 | { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ |
1735 | |
1736 | /* |
1737 | - * Samsung SSDs found on some macbooks. NCQ times out. |
1738 | - * https://bugzilla.kernel.org/show_bug.cgi?id=60731 |
1739 | + * Samsung SSDs found on some macbooks. NCQ times out if MSI is |
1740 | + * enabled. https://bugzilla.kernel.org/show_bug.cgi?id=60731 |
1741 | */ |
1742 | - { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_noncq }, |
1743 | + { PCI_VDEVICE(SAMSUNG, 0x1600), board_ahci_nomsi }, |
1744 | |
1745 | /* Enmotus */ |
1746 | { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, |
1747 | diff --git a/drivers/block/sunvdc.c b/drivers/block/sunvdc.c |
1748 | index 5814deb6963d..0ebadf93b6c5 100644 |
1749 | --- a/drivers/block/sunvdc.c |
1750 | +++ b/drivers/block/sunvdc.c |
1751 | @@ -9,6 +9,7 @@ |
1752 | #include <linux/blkdev.h> |
1753 | #include <linux/hdreg.h> |
1754 | #include <linux/genhd.h> |
1755 | +#include <linux/cdrom.h> |
1756 | #include <linux/slab.h> |
1757 | #include <linux/spinlock.h> |
1758 | #include <linux/completion.h> |
1759 | @@ -22,8 +23,8 @@ |
1760 | |
1761 | #define DRV_MODULE_NAME "sunvdc" |
1762 | #define PFX DRV_MODULE_NAME ": " |
1763 | -#define DRV_MODULE_VERSION "1.0" |
1764 | -#define DRV_MODULE_RELDATE "June 25, 2007" |
1765 | +#define DRV_MODULE_VERSION "1.1" |
1766 | +#define DRV_MODULE_RELDATE "February 13, 2013" |
1767 | |
1768 | static char version[] = |
1769 | DRV_MODULE_NAME ".c:v" DRV_MODULE_VERSION " (" DRV_MODULE_RELDATE ")\n"; |
1770 | @@ -32,7 +33,7 @@ MODULE_DESCRIPTION("Sun LDOM virtual disk client driver"); |
1771 | MODULE_LICENSE("GPL"); |
1772 | MODULE_VERSION(DRV_MODULE_VERSION); |
1773 | |
1774 | -#define VDC_TX_RING_SIZE 256 |
1775 | +#define VDC_TX_RING_SIZE 512 |
1776 | |
1777 | #define WAITING_FOR_LINK_UP 0x01 |
1778 | #define WAITING_FOR_TX_SPACE 0x02 |
1779 | @@ -65,11 +66,9 @@ struct vdc_port { |
1780 | u64 operations; |
1781 | u32 vdisk_size; |
1782 | u8 vdisk_type; |
1783 | + u8 vdisk_mtype; |
1784 | |
1785 | char disk_name[32]; |
1786 | - |
1787 | - struct vio_disk_geom geom; |
1788 | - struct vio_disk_vtoc label; |
1789 | }; |
1790 | |
1791 | static inline struct vdc_port *to_vdc_port(struct vio_driver_state *vio) |
1792 | @@ -79,9 +78,16 @@ static inline struct vdc_port *to_vdc_port(struct vio_driver_state *vio) |
1793 | |
1794 | /* Ordered from largest major to lowest */ |
1795 | static struct vio_version vdc_versions[] = { |
1796 | + { .major = 1, .minor = 1 }, |
1797 | { .major = 1, .minor = 0 }, |
1798 | }; |
1799 | |
1800 | +static inline int vdc_version_supported(struct vdc_port *port, |
1801 | + u16 major, u16 minor) |
1802 | +{ |
1803 | + return port->vio.ver.major == major && port->vio.ver.minor >= minor; |
1804 | +} |
1805 | + |
1806 | #define VDCBLK_NAME "vdisk" |
1807 | static int vdc_major; |
1808 | #define PARTITION_SHIFT 3 |
1809 | @@ -94,18 +100,54 @@ static inline u32 vdc_tx_dring_avail(struct vio_dring_state *dr) |
1810 | static int vdc_getgeo(struct block_device *bdev, struct hd_geometry *geo) |
1811 | { |
1812 | struct gendisk *disk = bdev->bd_disk; |
1813 | - struct vdc_port *port = disk->private_data; |
1814 | + sector_t nsect = get_capacity(disk); |
1815 | + sector_t cylinders = nsect; |
1816 | |
1817 | - geo->heads = (u8) port->geom.num_hd; |
1818 | - geo->sectors = (u8) port->geom.num_sec; |
1819 | - geo->cylinders = port->geom.num_cyl; |
1820 | + geo->heads = 0xff; |
1821 | + geo->sectors = 0x3f; |
1822 | + sector_div(cylinders, geo->heads * geo->sectors); |
1823 | + geo->cylinders = cylinders; |
1824 | + if ((sector_t)(geo->cylinders + 1) * geo->heads * geo->sectors < nsect) |
1825 | + geo->cylinders = 0xffff; |
1826 | |
1827 | return 0; |
1828 | } |
1829 | |
1830 | +/* Add ioctl/CDROM_GET_CAPABILITY to support cdrom_id in udev |
1831 | + * when vdisk_mtype is VD_MEDIA_TYPE_CD or VD_MEDIA_TYPE_DVD. |
1832 | + * Needed to be able to install inside an ldom from an iso image. |
1833 | + */ |
1834 | +static int vdc_ioctl(struct block_device *bdev, fmode_t mode, |
1835 | + unsigned command, unsigned long argument) |
1836 | +{ |
1837 | + int i; |
1838 | + struct gendisk *disk; |
1839 | + |
1840 | + switch (command) { |
1841 | + case CDROMMULTISESSION: |
1842 | + pr_debug(PFX "Multisession CDs not supported\n"); |
1843 | + for (i = 0; i < sizeof(struct cdrom_multisession); i++) |
1844 | + if (put_user(0, (char __user *)(argument + i))) |
1845 | + return -EFAULT; |
1846 | + return 0; |
1847 | + |
1848 | + case CDROM_GET_CAPABILITY: |
1849 | + disk = bdev->bd_disk; |
1850 | + |
1851 | + if (bdev->bd_disk && (disk->flags & GENHD_FL_CD)) |
1852 | + return 0; |
1853 | + return -EINVAL; |
1854 | + |
1855 | + default: |
1856 | + pr_debug(PFX "ioctl %08x not supported\n", command); |
1857 | + return -EINVAL; |
1858 | + } |
1859 | +} |
1860 | + |
1861 | static const struct block_device_operations vdc_fops = { |
1862 | .owner = THIS_MODULE, |
1863 | .getgeo = vdc_getgeo, |
1864 | + .ioctl = vdc_ioctl, |
1865 | }; |
1866 | |
1867 | static void vdc_finish(struct vio_driver_state *vio, int err, int waiting_for) |
1868 | @@ -165,9 +207,9 @@ static int vdc_handle_attr(struct vio_driver_state *vio, void *arg) |
1869 | struct vio_disk_attr_info *pkt = arg; |
1870 | |
1871 | viodbg(HS, "GOT ATTR stype[0x%x] ops[%llx] disk_size[%llu] disk_type[%x] " |
1872 | - "xfer_mode[0x%x] blksz[%u] max_xfer[%llu]\n", |
1873 | + "mtype[0x%x] xfer_mode[0x%x] blksz[%u] max_xfer[%llu]\n", |
1874 | pkt->tag.stype, pkt->operations, |
1875 | - pkt->vdisk_size, pkt->vdisk_type, |
1876 | + pkt->vdisk_size, pkt->vdisk_type, pkt->vdisk_mtype, |
1877 | pkt->xfer_mode, pkt->vdisk_block_size, |
1878 | pkt->max_xfer_size); |
1879 | |
1880 | @@ -192,8 +234,11 @@ static int vdc_handle_attr(struct vio_driver_state *vio, void *arg) |
1881 | } |
1882 | |
1883 | port->operations = pkt->operations; |
1884 | - port->vdisk_size = pkt->vdisk_size; |
1885 | port->vdisk_type = pkt->vdisk_type; |
1886 | + if (vdc_version_supported(port, 1, 1)) { |
1887 | + port->vdisk_size = pkt->vdisk_size; |
1888 | + port->vdisk_mtype = pkt->vdisk_mtype; |
1889 | + } |
1890 | if (pkt->max_xfer_size < port->max_xfer_size) |
1891 | port->max_xfer_size = pkt->max_xfer_size; |
1892 | port->vdisk_block_size = pkt->vdisk_block_size; |
1893 | @@ -236,7 +281,9 @@ static void vdc_end_one(struct vdc_port *port, struct vio_dring_state *dr, |
1894 | |
1895 | __blk_end_request(req, (desc->status ? -EIO : 0), desc->size); |
1896 | |
1897 | - if (blk_queue_stopped(port->disk->queue)) |
1898 | + /* restart blk queue when ring is half emptied */ |
1899 | + if (blk_queue_stopped(port->disk->queue) && |
1900 | + vdc_tx_dring_avail(dr) * 100 / VDC_TX_RING_SIZE >= 50) |
1901 | blk_start_queue(port->disk->queue); |
1902 | } |
1903 | |
1904 | @@ -388,12 +435,6 @@ static int __send_request(struct request *req) |
1905 | for (i = 0; i < nsg; i++) |
1906 | len += sg[i].length; |
1907 | |
1908 | - if (unlikely(vdc_tx_dring_avail(dr) < 1)) { |
1909 | - blk_stop_queue(port->disk->queue); |
1910 | - err = -ENOMEM; |
1911 | - goto out; |
1912 | - } |
1913 | - |
1914 | desc = vio_dring_cur(dr); |
1915 | |
1916 | err = ldc_map_sg(port->vio.lp, sg, nsg, |
1917 | @@ -433,21 +474,32 @@ static int __send_request(struct request *req) |
1918 | port->req_id++; |
1919 | dr->prod = (dr->prod + 1) & (VDC_TX_RING_SIZE - 1); |
1920 | } |
1921 | -out: |
1922 | |
1923 | return err; |
1924 | } |
1925 | |
1926 | -static void do_vdc_request(struct request_queue *q) |
1927 | +static void do_vdc_request(struct request_queue *rq) |
1928 | { |
1929 | - while (1) { |
1930 | - struct request *req = blk_fetch_request(q); |
1931 | + struct request *req; |
1932 | |
1933 | - if (!req) |
1934 | - break; |
1935 | + while ((req = blk_peek_request(rq)) != NULL) { |
1936 | + struct vdc_port *port; |
1937 | + struct vio_dring_state *dr; |
1938 | |
1939 | - if (__send_request(req) < 0) |
1940 | - __blk_end_request_all(req, -EIO); |
1941 | + port = req->rq_disk->private_data; |
1942 | + dr = &port->vio.drings[VIO_DRIVER_TX_RING]; |
1943 | + if (unlikely(vdc_tx_dring_avail(dr) < 1)) |
1944 | + goto wait; |
1945 | + |
1946 | + blk_start_request(req); |
1947 | + |
1948 | + if (__send_request(req) < 0) { |
1949 | + blk_requeue_request(rq, req); |
1950 | +wait: |
1951 | + /* Avoid pointless unplugs. */ |
1952 | + blk_stop_queue(rq); |
1953 | + break; |
1954 | + } |
1955 | } |
1956 | } |
1957 | |
1958 | @@ -656,25 +708,27 @@ static int probe_disk(struct vdc_port *port) |
1959 | if (comp.err) |
1960 | return comp.err; |
1961 | |
1962 | - err = generic_request(port, VD_OP_GET_VTOC, |
1963 | - &port->label, sizeof(port->label)); |
1964 | - if (err < 0) { |
1965 | - printk(KERN_ERR PFX "VD_OP_GET_VTOC returns error %d\n", err); |
1966 | - return err; |
1967 | - } |
1968 | - |
1969 | - err = generic_request(port, VD_OP_GET_DISKGEOM, |
1970 | - &port->geom, sizeof(port->geom)); |
1971 | - if (err < 0) { |
1972 | - printk(KERN_ERR PFX "VD_OP_GET_DISKGEOM returns " |
1973 | - "error %d\n", err); |
1974 | - return err; |
1975 | + if (vdc_version_supported(port, 1, 1)) { |
1976 | + /* vdisk_size should be set during the handshake, if it wasn't |
1977 | + * then the underlying disk is reserved by another system |
1978 | + */ |
1979 | + if (port->vdisk_size == -1) |
1980 | + return -ENODEV; |
1981 | + } else { |
1982 | + struct vio_disk_geom geom; |
1983 | + |
1984 | + err = generic_request(port, VD_OP_GET_DISKGEOM, |
1985 | + &geom, sizeof(geom)); |
1986 | + if (err < 0) { |
1987 | + printk(KERN_ERR PFX "VD_OP_GET_DISKGEOM returns " |
1988 | + "error %d\n", err); |
1989 | + return err; |
1990 | + } |
1991 | + port->vdisk_size = ((u64)geom.num_cyl * |
1992 | + (u64)geom.num_hd * |
1993 | + (u64)geom.num_sec); |
1994 | } |
1995 | |
1996 | - port->vdisk_size = ((u64)port->geom.num_cyl * |
1997 | - (u64)port->geom.num_hd * |
1998 | - (u64)port->geom.num_sec); |
1999 | - |
2000 | q = blk_init_queue(do_vdc_request, &port->vio.lock); |
2001 | if (!q) { |
2002 | printk(KERN_ERR PFX "%s: Could not allocate queue.\n", |
2003 | @@ -691,6 +745,10 @@ static int probe_disk(struct vdc_port *port) |
2004 | |
2005 | port->disk = g; |
2006 | |
2007 | + /* Each segment in a request is up to an aligned page in size. */ |
2008 | + blk_queue_segment_boundary(q, PAGE_SIZE - 1); |
2009 | + blk_queue_max_segment_size(q, PAGE_SIZE); |
2010 | + |
2011 | blk_queue_max_segments(q, port->ring_cookies); |
2012 | blk_queue_max_hw_sectors(q, port->max_xfer_size); |
2013 | g->major = vdc_major; |
2014 | @@ -704,9 +762,32 @@ static int probe_disk(struct vdc_port *port) |
2015 | |
2016 | set_capacity(g, port->vdisk_size); |
2017 | |
2018 | - printk(KERN_INFO PFX "%s: %u sectors (%u MB)\n", |
2019 | + if (vdc_version_supported(port, 1, 1)) { |
2020 | + switch (port->vdisk_mtype) { |
2021 | + case VD_MEDIA_TYPE_CD: |
2022 | + pr_info(PFX "Virtual CDROM %s\n", port->disk_name); |
2023 | + g->flags |= GENHD_FL_CD; |
2024 | + g->flags |= GENHD_FL_REMOVABLE; |
2025 | + set_disk_ro(g, 1); |
2026 | + break; |
2027 | + |
2028 | + case VD_MEDIA_TYPE_DVD: |
2029 | + pr_info(PFX "Virtual DVD %s\n", port->disk_name); |
2030 | + g->flags |= GENHD_FL_CD; |
2031 | + g->flags |= GENHD_FL_REMOVABLE; |
2032 | + set_disk_ro(g, 1); |
2033 | + break; |
2034 | + |
2035 | + case VD_MEDIA_TYPE_FIXED: |
2036 | + pr_info(PFX "Virtual Hard disk %s\n", port->disk_name); |
2037 | + break; |
2038 | + } |
2039 | + } |
2040 | + |
2041 | + pr_info(PFX "%s: %u sectors (%u MB) protocol %d.%d\n", |
2042 | g->disk_name, |
2043 | - port->vdisk_size, (port->vdisk_size >> (20 - 9))); |
2044 | + port->vdisk_size, (port->vdisk_size >> (20 - 9)), |
2045 | + port->vio.ver.major, port->vio.ver.minor); |
2046 | |
2047 | add_disk(g); |
2048 | |
2049 | @@ -765,6 +846,7 @@ static int vdc_port_probe(struct vio_dev *vdev, const struct vio_device_id *id) |
2050 | else |
2051 | snprintf(port->disk_name, sizeof(port->disk_name), |
2052 | VDCBLK_NAME "%c", 'a' + ((int)vdev->dev_no % 26)); |
2053 | + port->vdisk_size = -1; |
2054 | |
2055 | err = vio_driver_init(&port->vio, vdev, VDEV_DISK, |
2056 | vdc_versions, ARRAY_SIZE(vdc_versions), |
2057 | diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c |
2058 | index ac1b43a04285..4f73c727a97a 100644 |
2059 | --- a/drivers/firewire/core-cdev.c |
2060 | +++ b/drivers/firewire/core-cdev.c |
2061 | @@ -1637,8 +1637,7 @@ static int dispatch_ioctl(struct client *client, |
2062 | _IOC_SIZE(cmd) > sizeof(buffer)) |
2063 | return -ENOTTY; |
2064 | |
2065 | - if (_IOC_DIR(cmd) == _IOC_READ) |
2066 | - memset(&buffer, 0, _IOC_SIZE(cmd)); |
2067 | + memset(&buffer, 0, sizeof(buffer)); |
2068 | |
2069 | if (_IOC_DIR(cmd) & _IOC_WRITE) |
2070 | if (copy_from_user(&buffer, arg, _IOC_SIZE(cmd))) |
2071 | diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c |
2072 | index e62a9ce3e4dc..ead08a49bec0 100644 |
2073 | --- a/drivers/gpu/drm/radeon/evergreen.c |
2074 | +++ b/drivers/gpu/drm/radeon/evergreen.c |
2075 | @@ -2379,6 +2379,7 @@ void evergreen_mc_stop(struct radeon_device *rdev, struct evergreen_mc_save *sav |
2076 | WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 1); |
2077 | tmp |= EVERGREEN_CRTC_BLANK_DATA_EN; |
2078 | WREG32(EVERGREEN_CRTC_BLANK_CONTROL + crtc_offsets[i], tmp); |
2079 | + WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 0); |
2080 | } |
2081 | } else { |
2082 | tmp = RREG32(EVERGREEN_CRTC_CONTROL + crtc_offsets[i]); |
2083 | diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c |
2084 | index 7c5d72a6a26a..19e070f16e6b 100644 |
2085 | --- a/drivers/input/mouse/alps.c |
2086 | +++ b/drivers/input/mouse/alps.c |
2087 | @@ -873,7 +873,13 @@ static psmouse_ret_t alps_process_byte(struct psmouse *psmouse) |
2088 | { |
2089 | struct alps_data *priv = psmouse->private; |
2090 | |
2091 | - if ((psmouse->packet[0] & 0xc8) == 0x08) { /* PS/2 packet */ |
2092 | + /* |
2093 | + * Check if we are dealing with a bare PS/2 packet, presumably from |
2094 | + * a device connected to the external PS/2 port. Because bare PS/2 |
2095 | + * protocol does not have enough constant bits to self-synchronize |
2096 | + * properly we only do this if the device is fully synchronized. |
2097 | + */ |
2098 | + if (!psmouse->out_of_sync_cnt && (psmouse->packet[0] & 0xc8) == 0x08) { |
2099 | if (psmouse->pktcnt == 3) { |
2100 | alps_report_bare_ps2_packet(psmouse, psmouse->packet, |
2101 | true); |
2102 | @@ -1816,6 +1822,9 @@ int alps_init(struct psmouse *psmouse) |
2103 | /* We are having trouble resyncing ALPS touchpads so disable it for now */ |
2104 | psmouse->resync_time = 0; |
2105 | |
2106 | + /* Allow 2 invalid packets without resetting device */ |
2107 | + psmouse->resetafter = psmouse->pktsize * 2; |
2108 | + |
2109 | return 0; |
2110 | |
2111 | init_fail: |
2112 | diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c |
2113 | index 2dea49c4279e..84cddccc0249 100644 |
2114 | --- a/drivers/md/dm-raid.c |
2115 | +++ b/drivers/md/dm-raid.c |
2116 | @@ -785,8 +785,7 @@ struct dm_raid_superblock { |
2117 | __le32 layout; |
2118 | __le32 stripe_sectors; |
2119 | |
2120 | - __u8 pad[452]; /* Round struct to 512 bytes. */ |
2121 | - /* Always set to 0 when writing. */ |
2122 | + /* Remainder of a logical block is zero-filled when writing (see super_sync()). */ |
2123 | } __packed; |
2124 | |
2125 | static int read_disk_sb(struct md_rdev *rdev, int size) |
2126 | @@ -823,7 +822,7 @@ static void super_sync(struct mddev *mddev, struct md_rdev *rdev) |
2127 | test_bit(Faulty, &(rs->dev[i].rdev.flags))) |
2128 | failed_devices |= (1ULL << i); |
2129 | |
2130 | - memset(sb, 0, sizeof(*sb)); |
2131 | + memset(sb + 1, 0, rdev->sb_size - sizeof(*sb)); |
2132 | |
2133 | sb->magic = cpu_to_le32(DM_RAID_MAGIC); |
2134 | sb->features = cpu_to_le32(0); /* No features yet */ |
2135 | @@ -858,7 +857,11 @@ static int super_load(struct md_rdev *rdev, struct md_rdev *refdev) |
2136 | uint64_t events_sb, events_refsb; |
2137 | |
2138 | rdev->sb_start = 0; |
2139 | - rdev->sb_size = sizeof(*sb); |
2140 | + rdev->sb_size = bdev_logical_block_size(rdev->meta_bdev); |
2141 | + if (rdev->sb_size < sizeof(*sb) || rdev->sb_size > PAGE_SIZE) { |
2142 | + DMERR("superblock size of a logical block is no longer valid"); |
2143 | + return -EINVAL; |
2144 | + } |
2145 | |
2146 | ret = read_disk_sb(rdev, rdev->sb_size); |
2147 | if (ret) |
2148 | diff --git a/drivers/md/persistent-data/dm-btree-internal.h b/drivers/md/persistent-data/dm-btree-internal.h |
2149 | index 37d367bb9aa8..bf2b80d5c470 100644 |
2150 | --- a/drivers/md/persistent-data/dm-btree-internal.h |
2151 | +++ b/drivers/md/persistent-data/dm-btree-internal.h |
2152 | @@ -42,6 +42,12 @@ struct btree_node { |
2153 | } __packed; |
2154 | |
2155 | |
2156 | +/* |
2157 | + * Locks a block using the btree node validator. |
2158 | + */ |
2159 | +int bn_read_lock(struct dm_btree_info *info, dm_block_t b, |
2160 | + struct dm_block **result); |
2161 | + |
2162 | void inc_children(struct dm_transaction_manager *tm, struct btree_node *n, |
2163 | struct dm_btree_value_type *vt); |
2164 | |
2165 | diff --git a/drivers/md/persistent-data/dm-btree-spine.c b/drivers/md/persistent-data/dm-btree-spine.c |
2166 | index cf9fd676ae44..1b5e13ec7f96 100644 |
2167 | --- a/drivers/md/persistent-data/dm-btree-spine.c |
2168 | +++ b/drivers/md/persistent-data/dm-btree-spine.c |
2169 | @@ -92,7 +92,7 @@ struct dm_block_validator btree_node_validator = { |
2170 | |
2171 | /*----------------------------------------------------------------*/ |
2172 | |
2173 | -static int bn_read_lock(struct dm_btree_info *info, dm_block_t b, |
2174 | +int bn_read_lock(struct dm_btree_info *info, dm_block_t b, |
2175 | struct dm_block **result) |
2176 | { |
2177 | return dm_tm_read_lock(info->tm, b, &btree_node_validator, result); |
2178 | diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c |
2179 | index 35865425e4b4..0a7592e88811 100644 |
2180 | --- a/drivers/md/persistent-data/dm-btree.c |
2181 | +++ b/drivers/md/persistent-data/dm-btree.c |
2182 | @@ -812,22 +812,26 @@ EXPORT_SYMBOL_GPL(dm_btree_find_highest_key); |
2183 | * FIXME: We shouldn't use a recursive algorithm when we have limited stack |
2184 | * space. Also this only works for single level trees. |
2185 | */ |
2186 | -static int walk_node(struct ro_spine *s, dm_block_t block, |
2187 | +static int walk_node(struct dm_btree_info *info, dm_block_t block, |
2188 | int (*fn)(void *context, uint64_t *keys, void *leaf), |
2189 | void *context) |
2190 | { |
2191 | int r; |
2192 | unsigned i, nr; |
2193 | + struct dm_block *node; |
2194 | struct btree_node *n; |
2195 | uint64_t keys; |
2196 | |
2197 | - r = ro_step(s, block); |
2198 | - n = ro_node(s); |
2199 | + r = bn_read_lock(info, block, &node); |
2200 | + if (r) |
2201 | + return r; |
2202 | + |
2203 | + n = dm_block_data(node); |
2204 | |
2205 | nr = le32_to_cpu(n->header.nr_entries); |
2206 | for (i = 0; i < nr; i++) { |
2207 | if (le32_to_cpu(n->header.flags) & INTERNAL_NODE) { |
2208 | - r = walk_node(s, value64(n, i), fn, context); |
2209 | + r = walk_node(info, value64(n, i), fn, context); |
2210 | if (r) |
2211 | goto out; |
2212 | } else { |
2213 | @@ -839,7 +843,7 @@ static int walk_node(struct ro_spine *s, dm_block_t block, |
2214 | } |
2215 | |
2216 | out: |
2217 | - ro_pop(s); |
2218 | + dm_tm_unlock(info->tm, node); |
2219 | return r; |
2220 | } |
2221 | |
2222 | @@ -847,15 +851,7 @@ int dm_btree_walk(struct dm_btree_info *info, dm_block_t root, |
2223 | int (*fn)(void *context, uint64_t *keys, void *leaf), |
2224 | void *context) |
2225 | { |
2226 | - int r; |
2227 | - struct ro_spine spine; |
2228 | - |
2229 | BUG_ON(info->levels > 1); |
2230 | - |
2231 | - init_ro_spine(&spine, info); |
2232 | - r = walk_node(&spine, root, fn, context); |
2233 | - exit_ro_spine(&spine); |
2234 | - |
2235 | - return r; |
2236 | + return walk_node(info, root, fn, context); |
2237 | } |
2238 | EXPORT_SYMBOL_GPL(dm_btree_walk); |
2239 | diff --git a/drivers/media/usb/ttusb-dec/ttusbdecfe.c b/drivers/media/usb/ttusb-dec/ttusbdecfe.c |
2240 | index 5c45c9d0712d..9c29552aedec 100644 |
2241 | --- a/drivers/media/usb/ttusb-dec/ttusbdecfe.c |
2242 | +++ b/drivers/media/usb/ttusb-dec/ttusbdecfe.c |
2243 | @@ -156,6 +156,9 @@ static int ttusbdecfe_dvbs_diseqc_send_master_cmd(struct dvb_frontend* fe, struc |
2244 | 0x00, 0x00, 0x00, 0x00, |
2245 | 0x00, 0x00 }; |
2246 | |
2247 | + if (cmd->msg_len > sizeof(b) - 4) |
2248 | + return -EINVAL; |
2249 | + |
2250 | memcpy(&b[4], cmd->msg, cmd->msg_len); |
2251 | |
2252 | state->config->send_command(fe, 0x72, |
2253 | diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c |
2254 | index 99cc0b07a713..0513ea0906dd 100644 |
2255 | --- a/drivers/misc/mei/bus.c |
2256 | +++ b/drivers/misc/mei/bus.c |
2257 | @@ -71,7 +71,7 @@ static int mei_cl_device_probe(struct device *dev) |
2258 | |
2259 | dev_dbg(dev, "Device probe\n"); |
2260 | |
2261 | - strncpy(id.name, dev_name(dev), MEI_CL_NAME_SIZE); |
2262 | + strlcpy(id.name, dev_name(dev), sizeof(id.name)); |
2263 | |
2264 | return driver->probe(device, &id); |
2265 | } |
2266 | diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
2267 | index 4e6877a032a8..bd8800c85525 100644 |
2268 | --- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
2269 | +++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
2270 | @@ -191,6 +191,39 @@ void mlx4_en_deactivate_tx_ring(struct mlx4_en_priv *priv, |
2271 | MLX4_QP_STATE_RST, NULL, 0, 0, &ring->qp); |
2272 | } |
2273 | |
2274 | +static void mlx4_en_stamp_wqe(struct mlx4_en_priv *priv, |
2275 | + struct mlx4_en_tx_ring *ring, int index, |
2276 | + u8 owner) |
2277 | +{ |
2278 | + __be32 stamp = cpu_to_be32(STAMP_VAL | (!!owner << STAMP_SHIFT)); |
2279 | + struct mlx4_en_tx_desc *tx_desc = ring->buf + index * TXBB_SIZE; |
2280 | + struct mlx4_en_tx_info *tx_info = &ring->tx_info[index]; |
2281 | + void *end = ring->buf + ring->buf_size; |
2282 | + __be32 *ptr = (__be32 *)tx_desc; |
2283 | + int i; |
2284 | + |
2285 | + /* Optimize the common case when there are no wraparounds */ |
2286 | + if (likely((void *)tx_desc + tx_info->nr_txbb * TXBB_SIZE <= end)) { |
2287 | + /* Stamp the freed descriptor */ |
2288 | + for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; |
2289 | + i += STAMP_STRIDE) { |
2290 | + *ptr = stamp; |
2291 | + ptr += STAMP_DWORDS; |
2292 | + } |
2293 | + } else { |
2294 | + /* Stamp the freed descriptor */ |
2295 | + for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; |
2296 | + i += STAMP_STRIDE) { |
2297 | + *ptr = stamp; |
2298 | + ptr += STAMP_DWORDS; |
2299 | + if ((void *)ptr >= end) { |
2300 | + ptr = ring->buf; |
2301 | + stamp ^= cpu_to_be32(0x80000000); |
2302 | + } |
2303 | + } |
2304 | + } |
2305 | +} |
2306 | + |
2307 | |
2308 | static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, |
2309 | struct mlx4_en_tx_ring *ring, |
2310 | @@ -205,8 +238,6 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, |
2311 | void *end = ring->buf + ring->buf_size; |
2312 | int frags = skb_shinfo(skb)->nr_frags; |
2313 | int i; |
2314 | - __be32 *ptr = (__be32 *)tx_desc; |
2315 | - __be32 stamp = cpu_to_be32(STAMP_VAL | (!!owner << STAMP_SHIFT)); |
2316 | struct skb_shared_hwtstamps hwts; |
2317 | |
2318 | if (timestamp) { |
2319 | @@ -232,12 +263,6 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, |
2320 | skb_frag_size(frag), PCI_DMA_TODEVICE); |
2321 | } |
2322 | } |
2323 | - /* Stamp the freed descriptor */ |
2324 | - for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; i += STAMP_STRIDE) { |
2325 | - *ptr = stamp; |
2326 | - ptr += STAMP_DWORDS; |
2327 | - } |
2328 | - |
2329 | } else { |
2330 | if (!tx_info->inl) { |
2331 | if ((void *) data >= end) { |
2332 | @@ -263,16 +288,6 @@ static u32 mlx4_en_free_tx_desc(struct mlx4_en_priv *priv, |
2333 | ++data; |
2334 | } |
2335 | } |
2336 | - /* Stamp the freed descriptor */ |
2337 | - for (i = 0; i < tx_info->nr_txbb * TXBB_SIZE; i += STAMP_STRIDE) { |
2338 | - *ptr = stamp; |
2339 | - ptr += STAMP_DWORDS; |
2340 | - if ((void *) ptr >= end) { |
2341 | - ptr = ring->buf; |
2342 | - stamp ^= cpu_to_be32(0x80000000); |
2343 | - } |
2344 | - } |
2345 | - |
2346 | } |
2347 | dev_kfree_skb_any(skb); |
2348 | return tx_info->nr_txbb; |
2349 | @@ -318,8 +333,9 @@ static void mlx4_en_process_tx_cq(struct net_device *dev, struct mlx4_en_cq *cq) |
2350 | struct mlx4_en_tx_ring *ring = &priv->tx_ring[cq->ring]; |
2351 | struct mlx4_cqe *cqe; |
2352 | u16 index; |
2353 | - u16 new_index, ring_index; |
2354 | + u16 new_index, ring_index, stamp_index; |
2355 | u32 txbbs_skipped = 0; |
2356 | + u32 txbbs_stamp = 0; |
2357 | u32 cons_index = mcq->cons_index; |
2358 | int size = cq->size; |
2359 | u32 size_mask = ring->size_mask; |
2360 | @@ -335,6 +351,7 @@ static void mlx4_en_process_tx_cq(struct net_device *dev, struct mlx4_en_cq *cq) |
2361 | index = cons_index & size_mask; |
2362 | cqe = &buf[(index << factor) + factor]; |
2363 | ring_index = ring->cons & size_mask; |
2364 | + stamp_index = ring_index; |
2365 | |
2366 | /* Process all completed CQEs */ |
2367 | while (XNOR(cqe->owner_sr_opcode & MLX4_CQE_OWNER_MASK, |
2368 | @@ -359,6 +376,12 @@ static void mlx4_en_process_tx_cq(struct net_device *dev, struct mlx4_en_cq *cq) |
2369 | priv, ring, ring_index, |
2370 | !!((ring->cons + txbbs_skipped) & |
2371 | ring->size), timestamp); |
2372 | + |
2373 | + mlx4_en_stamp_wqe(priv, ring, stamp_index, |
2374 | + !!((ring->cons + txbbs_stamp) & |
2375 | + ring->size)); |
2376 | + stamp_index = ring_index; |
2377 | + txbbs_stamp = txbbs_skipped; |
2378 | packets++; |
2379 | bytes += ring->tx_info[ring_index].nr_bytes; |
2380 | } while (ring_index != new_index); |
2381 | diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c |
2382 | index 398faff8be7a..ade8bdfc03af 100644 |
2383 | --- a/drivers/net/ethernet/sun/sunvnet.c |
2384 | +++ b/drivers/net/ethernet/sun/sunvnet.c |
2385 | @@ -656,7 +656,7 @@ static int vnet_start_xmit(struct sk_buff *skb, struct net_device *dev) |
2386 | spin_lock_irqsave(&port->vio.lock, flags); |
2387 | |
2388 | dr = &port->vio.drings[VIO_DRIVER_TX_RING]; |
2389 | - if (unlikely(vnet_tx_dring_avail(dr) < 2)) { |
2390 | + if (unlikely(vnet_tx_dring_avail(dr) < 1)) { |
2391 | if (!netif_queue_stopped(dev)) { |
2392 | netif_stop_queue(dev); |
2393 | |
2394 | @@ -704,7 +704,7 @@ static int vnet_start_xmit(struct sk_buff *skb, struct net_device *dev) |
2395 | dev->stats.tx_bytes += skb->len; |
2396 | |
2397 | dr->prod = (dr->prod + 1) & (VNET_TX_RING_SIZE - 1); |
2398 | - if (unlikely(vnet_tx_dring_avail(dr) < 2)) { |
2399 | + if (unlikely(vnet_tx_dring_avail(dr) < 1)) { |
2400 | netif_stop_queue(dev); |
2401 | if (vnet_tx_dring_avail(dr) > VNET_TX_WAKEUP_THRESH(dr)) |
2402 | netif_wake_queue(dev); |
2403 | diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c |
2404 | index 9e56eb479a4f..2d255ba911d5 100644 |
2405 | --- a/drivers/net/macvtap.c |
2406 | +++ b/drivers/net/macvtap.c |
2407 | @@ -625,6 +625,8 @@ static int macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, |
2408 | if (skb->ip_summed == CHECKSUM_PARTIAL) { |
2409 | vnet_hdr->flags = VIRTIO_NET_HDR_F_NEEDS_CSUM; |
2410 | vnet_hdr->csum_start = skb_checksum_start_offset(skb); |
2411 | + if (vlan_tx_tag_present(skb)) |
2412 | + vnet_hdr->csum_start += VLAN_HLEN; |
2413 | vnet_hdr->csum_offset = skb->csum_offset; |
2414 | } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) { |
2415 | vnet_hdr->flags = VIRTIO_NET_HDR_F_DATA_VALID; |
2416 | diff --git a/drivers/net/wireless/iwlwifi/iwl-trans.h b/drivers/net/wireless/iwlwifi/iwl-trans.h |
2417 | index 72d2ecce0b8d..d8df1d9b0de3 100644 |
2418 | --- a/drivers/net/wireless/iwlwifi/iwl-trans.h |
2419 | +++ b/drivers/net/wireless/iwlwifi/iwl-trans.h |
2420 | @@ -489,6 +489,7 @@ enum iwl_trans_state { |
2421 | * Set during transport allocation. |
2422 | * @hw_id_str: a string with info about HW ID. Set during transport allocation. |
2423 | * @pm_support: set to true in start_hw if link pm is supported |
2424 | + * @ltr_enabled: set to true if the LTR is enabled |
2425 | * @dev_cmd_pool: pool for Tx cmd allocation - for internal use only. |
2426 | * The user should use iwl_trans_{alloc,free}_tx_cmd. |
2427 | * @dev_cmd_headroom: room needed for the transport's private use before the |
2428 | @@ -513,6 +514,7 @@ struct iwl_trans { |
2429 | u8 rx_mpdu_cmd, rx_mpdu_cmd_hdr_size; |
2430 | |
2431 | bool pm_support; |
2432 | + bool ltr_enabled; |
2433 | |
2434 | /* The following fields are internal only */ |
2435 | struct kmem_cache *dev_cmd_pool; |
2436 | diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h |
2437 | index 81fe45f46be7..ac38ecf13c18 100644 |
2438 | --- a/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h |
2439 | +++ b/drivers/net/wireless/iwlwifi/mvm/fw-api-power.h |
2440 | @@ -67,7 +67,40 @@ |
2441 | /* Power Management Commands, Responses, Notifications */ |
2442 | |
2443 | /** |
2444 | - * enum iwl_scan_flags - masks for power table command flags |
2445 | + * enum iwl_ltr_config_flags - masks for LTR config command flags |
2446 | + * @LTR_CFG_FLAG_FEATURE_ENABLE: Feature operational status |
2447 | + * @LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS: allow LTR change on shadow |
2448 | + * memory access |
2449 | + * @LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH: allow LTR msg send on ANY LTR |
2450 | + * reg change |
2451 | + * @LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3: allow LTR msg send on transition from |
2452 | + * D0 to D3 |
2453 | + * @LTR_CFG_FLAG_SW_SET_SHORT: fixed static short LTR register |
2454 | + * @LTR_CFG_FLAG_SW_SET_LONG: fixed static short LONG register |
2455 | + * @LTR_CFG_FLAG_DENIE_C10_ON_PD: allow going into C10 on PD |
2456 | + */ |
2457 | +enum iwl_ltr_config_flags { |
2458 | + LTR_CFG_FLAG_FEATURE_ENABLE = BIT(0), |
2459 | + LTR_CFG_FLAG_HW_DIS_ON_SHADOW_REG_ACCESS = BIT(1), |
2460 | + LTR_CFG_FLAG_HW_EN_SHRT_WR_THROUGH = BIT(2), |
2461 | + LTR_CFG_FLAG_HW_DIS_ON_D0_2_D3 = BIT(3), |
2462 | + LTR_CFG_FLAG_SW_SET_SHORT = BIT(4), |
2463 | + LTR_CFG_FLAG_SW_SET_LONG = BIT(5), |
2464 | + LTR_CFG_FLAG_DENIE_C10_ON_PD = BIT(6), |
2465 | +}; |
2466 | + |
2467 | +/** |
2468 | + * struct iwl_ltr_config_cmd - configures the LTR |
2469 | + * @flags: See %enum iwl_ltr_config_flags |
2470 | + */ |
2471 | +struct iwl_ltr_config_cmd { |
2472 | + __le32 flags; |
2473 | + __le32 static_long; |
2474 | + __le32 static_short; |
2475 | +} __packed; |
2476 | + |
2477 | +/** |
2478 | + * enum iwl_power_flags - masks for power table command flags |
2479 | * @POWER_FLAGS_POWER_SAVE_ENA_MSK: '1' Allow to save power by turning off |
2480 | * receiver and transmitter. '0' - does not allow. |
2481 | * @POWER_FLAGS_POWER_MANAGEMENT_ENA_MSK: '0' Driver disables power management, |
2482 | diff --git a/drivers/net/wireless/iwlwifi/mvm/fw-api.h b/drivers/net/wireless/iwlwifi/mvm/fw-api.h |
2483 | index c6384555aab4..4b6730db42a5 100644 |
2484 | --- a/drivers/net/wireless/iwlwifi/mvm/fw-api.h |
2485 | +++ b/drivers/net/wireless/iwlwifi/mvm/fw-api.h |
2486 | @@ -138,6 +138,7 @@ enum { |
2487 | |
2488 | /* Power */ |
2489 | POWER_TABLE_CMD = 0x77, |
2490 | + LTR_CONFIG = 0xee, |
2491 | |
2492 | /* Scanning */ |
2493 | SCAN_REQUEST_CMD = 0x80, |
2494 | diff --git a/drivers/net/wireless/iwlwifi/mvm/fw.c b/drivers/net/wireless/iwlwifi/mvm/fw.c |
2495 | index e18c92dd60ec..d250d451fd01 100644 |
2496 | --- a/drivers/net/wireless/iwlwifi/mvm/fw.c |
2497 | +++ b/drivers/net/wireless/iwlwifi/mvm/fw.c |
2498 | @@ -443,6 +443,15 @@ int iwl_mvm_up(struct iwl_mvm *mvm) |
2499 | if (ret) |
2500 | goto error; |
2501 | |
2502 | + if (mvm->trans->ltr_enabled) { |
2503 | + struct iwl_ltr_config_cmd cmd = { |
2504 | + .flags = cpu_to_le32(LTR_CFG_FLAG_FEATURE_ENABLE), |
2505 | + }; |
2506 | + |
2507 | + WARN_ON(iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, 0, |
2508 | + sizeof(cmd), &cmd)); |
2509 | + } |
2510 | + |
2511 | IWL_DEBUG_INFO(mvm, "RT uCode started.\n"); |
2512 | |
2513 | return 0; |
2514 | diff --git a/drivers/net/wireless/iwlwifi/mvm/ops.c b/drivers/net/wireless/iwlwifi/mvm/ops.c |
2515 | index 388c8a914960..649d301cfa2a 100644 |
2516 | --- a/drivers/net/wireless/iwlwifi/mvm/ops.c |
2517 | +++ b/drivers/net/wireless/iwlwifi/mvm/ops.c |
2518 | @@ -293,6 +293,7 @@ static const char *iwl_mvm_cmd_strings[REPLY_MAX] = { |
2519 | CMD(BT_PROFILE_NOTIFICATION), |
2520 | CMD(BT_CONFIG), |
2521 | CMD(MCAST_FILTER_CMD), |
2522 | + CMD(LTR_CONFIG), |
2523 | }; |
2524 | #undef CMD |
2525 | |
2526 | diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c |
2527 | index ff04135d37af..6a5eb2b29418 100644 |
2528 | --- a/drivers/net/wireless/iwlwifi/pcie/trans.c |
2529 | +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c |
2530 | @@ -116,11 +116,13 @@ static void iwl_pcie_set_pwr(struct iwl_trans *trans, bool vaux) |
2531 | |
2532 | /* PCI registers */ |
2533 | #define PCI_CFG_RETRY_TIMEOUT 0x041 |
2534 | +#define PCI_EXP_DEVCTL2_LTR_EN 0x0400 |
2535 | |
2536 | static void iwl_pcie_apm_config(struct iwl_trans *trans) |
2537 | { |
2538 | struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans); |
2539 | u16 lctl; |
2540 | + u16 cap; |
2541 | |
2542 | /* |
2543 | * HW bug W/A for instability in PCIe bus L0S->L1 transition. |
2544 | @@ -131,16 +133,17 @@ static void iwl_pcie_apm_config(struct iwl_trans *trans) |
2545 | * power savings, even without L1. |
2546 | */ |
2547 | pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_LNKCTL, &lctl); |
2548 | - if (lctl & PCI_EXP_LNKCTL_ASPM_L1) { |
2549 | - /* L1-ASPM enabled; disable(!) L0S */ |
2550 | + if (lctl & PCI_EXP_LNKCTL_ASPM_L1) |
2551 | iwl_set_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED); |
2552 | - dev_info(trans->dev, "L1 Enabled; Disabling L0S\n"); |
2553 | - } else { |
2554 | - /* L1-ASPM disabled; enable(!) L0S */ |
2555 | + else |
2556 | iwl_clear_bit(trans, CSR_GIO_REG, CSR_GIO_REG_VAL_L0S_ENABLED); |
2557 | - dev_info(trans->dev, "L1 Disabled; Enabling L0S\n"); |
2558 | - } |
2559 | trans->pm_support = !(lctl & PCI_EXP_LNKCTL_ASPM_L0S); |
2560 | + |
2561 | + pcie_capability_read_word(trans_pcie->pci_dev, PCI_EXP_DEVCTL2, &cap); |
2562 | + trans->ltr_enabled = cap & PCI_EXP_DEVCTL2_LTR_EN; |
2563 | + dev_info(trans->dev, "L1 %sabled - LTR %sabled\n", |
2564 | + (lctl & PCI_EXP_LNKCTL_ASPM_L1) ? "En" : "Dis", |
2565 | + trans->ltr_enabled ? "En" : "Dis"); |
2566 | } |
2567 | |
2568 | /* |
2569 | diff --git a/drivers/platform/x86/dell-wmi.c b/drivers/platform/x86/dell-wmi.c |
2570 | index fa9a2171cc13..b264d8fe1908 100644 |
2571 | --- a/drivers/platform/x86/dell-wmi.c |
2572 | +++ b/drivers/platform/x86/dell-wmi.c |
2573 | @@ -163,18 +163,24 @@ static void dell_wmi_notify(u32 value, void *context) |
2574 | const struct key_entry *key; |
2575 | int reported_key; |
2576 | u16 *buffer_entry = (u16 *)obj->buffer.pointer; |
2577 | + int buffer_size = obj->buffer.length/2; |
2578 | |
2579 | - if (dell_new_hk_type && (buffer_entry[1] != 0x10)) { |
2580 | + if (buffer_size >= 2 && dell_new_hk_type && buffer_entry[1] != 0x10) { |
2581 | pr_info("Received unknown WMI event (0x%x)\n", |
2582 | buffer_entry[1]); |
2583 | kfree(obj); |
2584 | return; |
2585 | } |
2586 | |
2587 | - if (dell_new_hk_type || buffer_entry[1] == 0x0) |
2588 | + if (buffer_size >= 3 && (dell_new_hk_type || buffer_entry[1] == 0x0)) |
2589 | reported_key = (int)buffer_entry[2]; |
2590 | - else |
2591 | + else if (buffer_size >= 2) |
2592 | reported_key = (int)buffer_entry[1] & 0xffff; |
2593 | + else { |
2594 | + pr_info("Received unknown WMI event\n"); |
2595 | + kfree(obj); |
2596 | + return; |
2597 | + } |
2598 | |
2599 | key = sparse_keymap_entry_from_scancode(dell_wmi_input_dev, |
2600 | reported_key); |
2601 | diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c |
2602 | index 287667c20c6a..62ed744bbe06 100644 |
2603 | --- a/drivers/scsi/hpsa.c |
2604 | +++ b/drivers/scsi/hpsa.c |
2605 | @@ -1206,8 +1206,8 @@ static void complete_scsi_command(struct CommandList *cp) |
2606 | scsi_set_resid(cmd, ei->ResidualCnt); |
2607 | |
2608 | if (ei->CommandStatus == 0) { |
2609 | - cmd->scsi_done(cmd); |
2610 | cmd_free(h, cp); |
2611 | + cmd->scsi_done(cmd); |
2612 | return; |
2613 | } |
2614 | |
2615 | @@ -1380,8 +1380,8 @@ static void complete_scsi_command(struct CommandList *cp) |
2616 | dev_warn(&h->pdev->dev, "cp %p returned unknown status %x\n", |
2617 | cp, ei->CommandStatus); |
2618 | } |
2619 | - cmd->scsi_done(cmd); |
2620 | cmd_free(h, cp); |
2621 | + cmd->scsi_done(cmd); |
2622 | } |
2623 | |
2624 | static void hpsa_pci_unmap(struct pci_dev *pdev, |
2625 | diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c |
2626 | index f43de1e56420..3668b1b23b5a 100644 |
2627 | --- a/drivers/scsi/scsi_error.c |
2628 | +++ b/drivers/scsi/scsi_error.c |
2629 | @@ -1689,8 +1689,10 @@ static void scsi_restart_operations(struct Scsi_Host *shost) |
2630 | * is no point trying to lock the door of an off-line device. |
2631 | */ |
2632 | shost_for_each_device(sdev, shost) { |
2633 | - if (scsi_device_online(sdev) && sdev->locked) |
2634 | + if (scsi_device_online(sdev) && sdev->was_reset && sdev->locked) { |
2635 | scsi_eh_lock_door(sdev); |
2636 | + sdev->was_reset = 0; |
2637 | + } |
2638 | } |
2639 | |
2640 | /* |
2641 | diff --git a/fs/ioprio.c b/fs/ioprio.c |
2642 | index e50170ca7c33..31666c92b46a 100644 |
2643 | --- a/fs/ioprio.c |
2644 | +++ b/fs/ioprio.c |
2645 | @@ -157,14 +157,16 @@ out: |
2646 | |
2647 | int ioprio_best(unsigned short aprio, unsigned short bprio) |
2648 | { |
2649 | - unsigned short aclass = IOPRIO_PRIO_CLASS(aprio); |
2650 | - unsigned short bclass = IOPRIO_PRIO_CLASS(bprio); |
2651 | + unsigned short aclass; |
2652 | + unsigned short bclass; |
2653 | |
2654 | - if (aclass == IOPRIO_CLASS_NONE) |
2655 | - aclass = IOPRIO_CLASS_BE; |
2656 | - if (bclass == IOPRIO_CLASS_NONE) |
2657 | - bclass = IOPRIO_CLASS_BE; |
2658 | + if (!ioprio_valid(aprio)) |
2659 | + aprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_NORM); |
2660 | + if (!ioprio_valid(bprio)) |
2661 | + bprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_NORM); |
2662 | |
2663 | + aclass = IOPRIO_PRIO_CLASS(aprio); |
2664 | + bclass = IOPRIO_PRIO_CLASS(bprio); |
2665 | if (aclass == bclass) |
2666 | return min(aprio, bprio); |
2667 | if (aclass > bclass) |
2668 | diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c |
2669 | index 4b49a8c6ccad..ef0c394b7bf5 100644 |
2670 | --- a/fs/nfs/delegation.c |
2671 | +++ b/fs/nfs/delegation.c |
2672 | @@ -108,6 +108,8 @@ again: |
2673 | continue; |
2674 | if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) |
2675 | continue; |
2676 | + if (!nfs4_valid_open_stateid(state)) |
2677 | + continue; |
2678 | if (!nfs4_stateid_match(&state->stateid, stateid)) |
2679 | continue; |
2680 | get_nfs_open_context(ctx); |
2681 | @@ -175,7 +177,11 @@ static int nfs_do_return_delegation(struct inode *inode, struct nfs_delegation * |
2682 | { |
2683 | int res = 0; |
2684 | |
2685 | - res = nfs4_proc_delegreturn(inode, delegation->cred, &delegation->stateid, issync); |
2686 | + if (!test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) |
2687 | + res = nfs4_proc_delegreturn(inode, |
2688 | + delegation->cred, |
2689 | + &delegation->stateid, |
2690 | + issync); |
2691 | nfs_free_delegation(delegation); |
2692 | return res; |
2693 | } |
2694 | @@ -361,11 +367,13 @@ static int nfs_end_delegation_return(struct inode *inode, struct nfs_delegation |
2695 | { |
2696 | struct nfs_client *clp = NFS_SERVER(inode)->nfs_client; |
2697 | struct nfs_inode *nfsi = NFS_I(inode); |
2698 | - int err; |
2699 | + int err = 0; |
2700 | |
2701 | if (delegation == NULL) |
2702 | return 0; |
2703 | do { |
2704 | + if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) |
2705 | + break; |
2706 | err = nfs_delegation_claim_opens(inode, &delegation->stateid); |
2707 | if (!issync || err != -EAGAIN) |
2708 | break; |
2709 | @@ -586,10 +594,23 @@ static void nfs_client_mark_return_unused_delegation_types(struct nfs_client *cl |
2710 | rcu_read_unlock(); |
2711 | } |
2712 | |
2713 | +static void nfs_revoke_delegation(struct inode *inode) |
2714 | +{ |
2715 | + struct nfs_delegation *delegation; |
2716 | + rcu_read_lock(); |
2717 | + delegation = rcu_dereference(NFS_I(inode)->delegation); |
2718 | + if (delegation != NULL) { |
2719 | + set_bit(NFS_DELEGATION_REVOKED, &delegation->flags); |
2720 | + nfs_mark_return_delegation(NFS_SERVER(inode), delegation); |
2721 | + } |
2722 | + rcu_read_unlock(); |
2723 | +} |
2724 | + |
2725 | void nfs_remove_bad_delegation(struct inode *inode) |
2726 | { |
2727 | struct nfs_delegation *delegation; |
2728 | |
2729 | + nfs_revoke_delegation(inode); |
2730 | delegation = nfs_inode_detach_delegation(inode); |
2731 | if (delegation) { |
2732 | nfs_inode_find_state_and_recover(inode, &delegation->stateid); |
2733 | diff --git a/fs/nfs/delegation.h b/fs/nfs/delegation.h |
2734 | index 9a79c7a99d6d..e02b090ab9da 100644 |
2735 | --- a/fs/nfs/delegation.h |
2736 | +++ b/fs/nfs/delegation.h |
2737 | @@ -31,6 +31,7 @@ enum { |
2738 | NFS_DELEGATION_RETURN_IF_CLOSED, |
2739 | NFS_DELEGATION_REFERENCED, |
2740 | NFS_DELEGATION_RETURNING, |
2741 | + NFS_DELEGATION_REVOKED, |
2742 | }; |
2743 | |
2744 | int nfs_inode_set_delegation(struct inode *inode, struct rpc_cred *cred, struct nfs_openres *res); |
2745 | diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c |
2746 | index 0bd7a55a5f07..725e87538c98 100644 |
2747 | --- a/fs/nfs/direct.c |
2748 | +++ b/fs/nfs/direct.c |
2749 | @@ -180,6 +180,7 @@ static void nfs_direct_req_free(struct kref *kref) |
2750 | { |
2751 | struct nfs_direct_req *dreq = container_of(kref, struct nfs_direct_req, kref); |
2752 | |
2753 | + nfs_free_pnfs_ds_cinfo(&dreq->ds_cinfo); |
2754 | if (dreq->l_ctx != NULL) |
2755 | nfs_put_lock_context(dreq->l_ctx); |
2756 | if (dreq->ctx != NULL) |
2757 | diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c |
2758 | index cd4b9073dd20..e9be01b2cc5a 100644 |
2759 | --- a/fs/nfs/inode.c |
2760 | +++ b/fs/nfs/inode.c |
2761 | @@ -519,7 +519,7 @@ int nfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) |
2762 | { |
2763 | struct inode *inode = dentry->d_inode; |
2764 | int need_atime = NFS_I(inode)->cache_validity & NFS_INO_INVALID_ATIME; |
2765 | - int err; |
2766 | + int err = 0; |
2767 | |
2768 | /* Flush out writes to the server in order to update c/mtime. */ |
2769 | if (S_ISREG(inode->i_mode)) { |
2770 | diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c |
2771 | index 69fc437be661..78787948f69d 100644 |
2772 | --- a/fs/nfs/nfs4proc.c |
2773 | +++ b/fs/nfs/nfs4proc.c |
2774 | @@ -1416,7 +1416,7 @@ static int nfs4_handle_delegation_recall_error(struct nfs_server *server, struct |
2775 | nfs_inode_find_state_and_recover(state->inode, |
2776 | stateid); |
2777 | nfs4_schedule_stateid_recovery(server, state); |
2778 | - return 0; |
2779 | + return -EAGAIN; |
2780 | case -NFS4ERR_DELAY: |
2781 | case -NFS4ERR_GRACE: |
2782 | set_bit(NFS_DELEGATED_STATE, &state->flags); |
2783 | @@ -1845,6 +1845,28 @@ static int nfs4_open_expired(struct nfs4_state_owner *sp, struct nfs4_state *sta |
2784 | return ret; |
2785 | } |
2786 | |
2787 | +static void nfs_finish_clear_delegation_stateid(struct nfs4_state *state) |
2788 | +{ |
2789 | + nfs_remove_bad_delegation(state->inode); |
2790 | + write_seqlock(&state->seqlock); |
2791 | + nfs4_stateid_copy(&state->stateid, &state->open_stateid); |
2792 | + write_sequnlock(&state->seqlock); |
2793 | + clear_bit(NFS_DELEGATED_STATE, &state->flags); |
2794 | +} |
2795 | + |
2796 | +static void nfs40_clear_delegation_stateid(struct nfs4_state *state) |
2797 | +{ |
2798 | + if (rcu_access_pointer(NFS_I(state->inode)->delegation) != NULL) |
2799 | + nfs_finish_clear_delegation_stateid(state); |
2800 | +} |
2801 | + |
2802 | +static int nfs40_open_expired(struct nfs4_state_owner *sp, struct nfs4_state *state) |
2803 | +{ |
2804 | + /* NFSv4.0 doesn't allow for delegation recovery on open expire */ |
2805 | + nfs40_clear_delegation_stateid(state); |
2806 | + return nfs4_open_expired(sp, state); |
2807 | +} |
2808 | + |
2809 | #if defined(CONFIG_NFS_V4_1) |
2810 | static void nfs41_clear_delegation_stateid(struct nfs4_state *state) |
2811 | { |
2812 | @@ -6974,7 +6996,7 @@ static const struct nfs4_state_recovery_ops nfs41_reboot_recovery_ops = { |
2813 | static const struct nfs4_state_recovery_ops nfs40_nograce_recovery_ops = { |
2814 | .owner_flag_bit = NFS_OWNER_RECLAIM_NOGRACE, |
2815 | .state_flag_bit = NFS_STATE_RECLAIM_NOGRACE, |
2816 | - .recover_open = nfs4_open_expired, |
2817 | + .recover_open = nfs40_open_expired, |
2818 | .recover_lock = nfs4_lock_expired, |
2819 | .establish_clid = nfs4_init_clientid, |
2820 | .get_clid_cred = nfs4_get_setclientid_cred, |
2821 | diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h |
2822 | index 7279b94c01da..91aa89e1aaa0 100644 |
2823 | --- a/include/linux/clocksource.h |
2824 | +++ b/include/linux/clocksource.h |
2825 | @@ -285,7 +285,7 @@ extern struct clocksource* clocksource_get_next(void); |
2826 | extern void clocksource_change_rating(struct clocksource *cs, int rating); |
2827 | extern void clocksource_suspend(void); |
2828 | extern void clocksource_resume(void); |
2829 | -extern struct clocksource * __init __weak clocksource_default_clock(void); |
2830 | +extern struct clocksource * __init clocksource_default_clock(void); |
2831 | extern void clocksource_mark_unstable(struct clocksource *cs); |
2832 | |
2833 | extern void |
2834 | diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h |
2835 | index c6e091bf39a5..bdfc95bddde9 100644 |
2836 | --- a/include/linux/kgdb.h |
2837 | +++ b/include/linux/kgdb.h |
2838 | @@ -283,7 +283,7 @@ struct kgdb_io { |
2839 | |
2840 | extern struct kgdb_arch arch_kgdb_ops; |
2841 | |
2842 | -extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); |
2843 | +extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); |
2844 | |
2845 | #ifdef CONFIG_SERIAL_KGDB_NMI |
2846 | extern int kgdb_register_nmi_console(void); |
2847 | diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h |
2848 | index d6183f06d8c1..a3b4812f494f 100644 |
2849 | --- a/include/linux/memcontrol.h |
2850 | +++ b/include/linux/memcontrol.h |
2851 | @@ -124,6 +124,25 @@ extern void mem_cgroup_print_oom_info(struct mem_cgroup *memcg, |
2852 | extern void mem_cgroup_replace_page_cache(struct page *oldpage, |
2853 | struct page *newpage); |
2854 | |
2855 | +static inline void mem_cgroup_oom_enable(void) |
2856 | +{ |
2857 | + WARN_ON(current->memcg_oom.may_oom); |
2858 | + current->memcg_oom.may_oom = 1; |
2859 | +} |
2860 | + |
2861 | +static inline void mem_cgroup_oom_disable(void) |
2862 | +{ |
2863 | + WARN_ON(!current->memcg_oom.may_oom); |
2864 | + current->memcg_oom.may_oom = 0; |
2865 | +} |
2866 | + |
2867 | +static inline bool task_in_memcg_oom(struct task_struct *p) |
2868 | +{ |
2869 | + return p->memcg_oom.memcg; |
2870 | +} |
2871 | + |
2872 | +bool mem_cgroup_oom_synchronize(bool wait); |
2873 | + |
2874 | #ifdef CONFIG_MEMCG_SWAP |
2875 | extern int do_swap_account; |
2876 | #endif |
2877 | @@ -347,6 +366,24 @@ static inline void mem_cgroup_end_update_page_stat(struct page *page, |
2878 | { |
2879 | } |
2880 | |
2881 | +static inline void mem_cgroup_oom_enable(void) |
2882 | +{ |
2883 | +} |
2884 | + |
2885 | +static inline void mem_cgroup_oom_disable(void) |
2886 | +{ |
2887 | +} |
2888 | + |
2889 | +static inline bool task_in_memcg_oom(struct task_struct *p) |
2890 | +{ |
2891 | + return false; |
2892 | +} |
2893 | + |
2894 | +static inline bool mem_cgroup_oom_synchronize(bool wait) |
2895 | +{ |
2896 | + return false; |
2897 | +} |
2898 | + |
2899 | static inline void mem_cgroup_inc_page_stat(struct page *page, |
2900 | enum mem_cgroup_page_stat_item idx) |
2901 | { |
2902 | diff --git a/include/linux/mm.h b/include/linux/mm.h |
2903 | index 7da14357aa76..d4cdac903468 100644 |
2904 | --- a/include/linux/mm.h |
2905 | +++ b/include/linux/mm.h |
2906 | @@ -167,6 +167,7 @@ extern pgprot_t protection_map[16]; |
2907 | #define FAULT_FLAG_RETRY_NOWAIT 0x10 /* Don't drop mmap_sem and wait when retrying */ |
2908 | #define FAULT_FLAG_KILLABLE 0x20 /* The fault task is in SIGKILL killable region */ |
2909 | #define FAULT_FLAG_TRIED 0x40 /* second try */ |
2910 | +#define FAULT_FLAG_USER 0x80 /* The fault originated in userspace */ |
2911 | |
2912 | /* |
2913 | * vm_fault is filled by the the pagefault handler and passed to the vma's |
2914 | diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h |
2915 | index 104b62f23ee0..54e351aa4d2e 100644 |
2916 | --- a/include/linux/nfs_xdr.h |
2917 | +++ b/include/linux/nfs_xdr.h |
2918 | @@ -1184,11 +1184,22 @@ struct nfs41_free_stateid_res { |
2919 | unsigned int status; |
2920 | }; |
2921 | |
2922 | +static inline void |
2923 | +nfs_free_pnfs_ds_cinfo(struct pnfs_ds_commit_info *cinfo) |
2924 | +{ |
2925 | + kfree(cinfo->buckets); |
2926 | +} |
2927 | + |
2928 | #else |
2929 | |
2930 | struct pnfs_ds_commit_info { |
2931 | }; |
2932 | |
2933 | +static inline void |
2934 | +nfs_free_pnfs_ds_cinfo(struct pnfs_ds_commit_info *cinfo) |
2935 | +{ |
2936 | +} |
2937 | + |
2938 | #endif /* CONFIG_NFS_V4_1 */ |
2939 | |
2940 | struct nfs_page; |
2941 | diff --git a/include/linux/sched.h b/include/linux/sched.h |
2942 | index f87e9a8d364f..00c1d4f45072 100644 |
2943 | --- a/include/linux/sched.h |
2944 | +++ b/include/linux/sched.h |
2945 | @@ -1411,6 +1411,12 @@ struct task_struct { |
2946 | unsigned long memsw_nr_pages; /* uncharged mem+swap usage */ |
2947 | } memcg_batch; |
2948 | unsigned int memcg_kmem_skip_account; |
2949 | + struct memcg_oom_info { |
2950 | + struct mem_cgroup *memcg; |
2951 | + gfp_t gfp_mask; |
2952 | + int order; |
2953 | + unsigned int may_oom:1; |
2954 | + } memcg_oom; |
2955 | #endif |
2956 | #ifdef CONFIG_HAVE_HW_BREAKPOINT |
2957 | atomic_t ptrace_bp_refcnt; |
2958 | diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h |
2959 | index cd89510eab2a..845ab6decc45 100644 |
2960 | --- a/include/net/sctp/sctp.h |
2961 | +++ b/include/net/sctp/sctp.h |
2962 | @@ -540,6 +540,11 @@ static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_associat |
2963 | asoc->pmtu_pending = 0; |
2964 | } |
2965 | |
2966 | +static inline bool sctp_chunk_pending(const struct sctp_chunk *chunk) |
2967 | +{ |
2968 | + return !list_empty(&chunk->list); |
2969 | +} |
2970 | + |
2971 | /* Walk through a list of TLV parameters. Don't trust the |
2972 | * individual parameter lengths and instead depend on |
2973 | * the chunk length to indicate when to stop. Make sure |
2974 | diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h |
2975 | index 2a82d1384706..c4c9458f37cd 100644 |
2976 | --- a/include/net/sctp/sm.h |
2977 | +++ b/include/net/sctp/sm.h |
2978 | @@ -255,9 +255,9 @@ struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *, |
2979 | int, __be16); |
2980 | struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, |
2981 | union sctp_addr *addr); |
2982 | -int sctp_verify_asconf(const struct sctp_association *asoc, |
2983 | - struct sctp_paramhdr *param_hdr, void *chunk_end, |
2984 | - struct sctp_paramhdr **errp); |
2985 | +bool sctp_verify_asconf(const struct sctp_association *asoc, |
2986 | + struct sctp_chunk *chunk, bool addr_param_needed, |
2987 | + struct sctp_paramhdr **errp); |
2988 | struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, |
2989 | struct sctp_chunk *asconf); |
2990 | int sctp_process_asconf_ack(struct sctp_association *asoc, |
2991 | diff --git a/include/uapi/linux/netfilter/xt_bpf.h b/include/uapi/linux/netfilter/xt_bpf.h |
2992 | index 5dda450eb55b..2ec9fbcd06f9 100644 |
2993 | --- a/include/uapi/linux/netfilter/xt_bpf.h |
2994 | +++ b/include/uapi/linux/netfilter/xt_bpf.h |
2995 | @@ -6,6 +6,8 @@ |
2996 | |
2997 | #define XT_BPF_MAX_NUM_INSTR 64 |
2998 | |
2999 | +struct sk_filter; |
3000 | + |
3001 | struct xt_bpf_info { |
3002 | __u16 bpf_program_num_elem; |
3003 | struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; |
3004 | diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c |
3005 | index b0e99deb6d05..a0f0ab2ac2a8 100644 |
3006 | --- a/ipc/ipc_sysctl.c |
3007 | +++ b/ipc/ipc_sysctl.c |
3008 | @@ -123,7 +123,6 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write, |
3009 | void __user *buffer, size_t *lenp, loff_t *ppos) |
3010 | { |
3011 | struct ctl_table ipc_table; |
3012 | - size_t lenp_bef = *lenp; |
3013 | int oldval; |
3014 | int rc; |
3015 | |
3016 | @@ -133,7 +132,7 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write, |
3017 | |
3018 | rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos); |
3019 | |
3020 | - if (write && !rc && lenp_bef == *lenp) { |
3021 | + if (write && !rc) { |
3022 | int newval = *((int *)(ipc_table.data)); |
3023 | /* |
3024 | * The file "auto_msgmni" has correctly been set. |
3025 | diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c |
3026 | index 43c307dc9453..00c4459f76df 100644 |
3027 | --- a/kernel/audit_tree.c |
3028 | +++ b/kernel/audit_tree.c |
3029 | @@ -154,6 +154,7 @@ static struct audit_chunk *alloc_chunk(int count) |
3030 | chunk->owners[i].index = i; |
3031 | } |
3032 | fsnotify_init_mark(&chunk->mark, audit_tree_destroy_watch); |
3033 | + chunk->mark.mask = FS_IN_IGNORED; |
3034 | return chunk; |
3035 | } |
3036 | |
3037 | diff --git a/kernel/events/core.c b/kernel/events/core.c |
3038 | index 0b4733447151..3f63ea6464ca 100644 |
3039 | --- a/kernel/events/core.c |
3040 | +++ b/kernel/events/core.c |
3041 | @@ -39,6 +39,7 @@ |
3042 | #include <linux/hw_breakpoint.h> |
3043 | #include <linux/mm_types.h> |
3044 | #include <linux/cgroup.h> |
3045 | +#include <linux/compat.h> |
3046 | |
3047 | #include "internal.h" |
3048 | |
3049 | @@ -3490,6 +3491,25 @@ static long perf_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
3050 | return 0; |
3051 | } |
3052 | |
3053 | +#ifdef CONFIG_COMPAT |
3054 | +static long perf_compat_ioctl(struct file *file, unsigned int cmd, |
3055 | + unsigned long arg) |
3056 | +{ |
3057 | + switch (_IOC_NR(cmd)) { |
3058 | + case _IOC_NR(PERF_EVENT_IOC_SET_FILTER): |
3059 | + /* Fix up pointer size (usually 4 -> 8 in 32-on-64-bit case */ |
3060 | + if (_IOC_SIZE(cmd) == sizeof(compat_uptr_t)) { |
3061 | + cmd &= ~IOCSIZE_MASK; |
3062 | + cmd |= sizeof(void *) << IOCSIZE_SHIFT; |
3063 | + } |
3064 | + break; |
3065 | + } |
3066 | + return perf_ioctl(file, cmd, arg); |
3067 | +} |
3068 | +#else |
3069 | +# define perf_compat_ioctl NULL |
3070 | +#endif |
3071 | + |
3072 | int perf_event_task_enable(void) |
3073 | { |
3074 | struct perf_event *event; |
3075 | @@ -3961,7 +3981,7 @@ static const struct file_operations perf_fops = { |
3076 | .read = perf_read, |
3077 | .poll = perf_poll, |
3078 | .unlocked_ioctl = perf_ioctl, |
3079 | - .compat_ioctl = perf_ioctl, |
3080 | + .compat_ioctl = perf_compat_ioctl, |
3081 | .mmap = perf_mmap, |
3082 | .fasync = perf_fasync, |
3083 | }; |
3084 | diff --git a/mm/memcontrol.c b/mm/memcontrol.c |
3085 | index f45e21ab9cea..eaa3accb01e7 100644 |
3086 | --- a/mm/memcontrol.c |
3087 | +++ b/mm/memcontrol.c |
3088 | @@ -302,6 +302,7 @@ struct mem_cgroup { |
3089 | |
3090 | bool oom_lock; |
3091 | atomic_t under_oom; |
3092 | + atomic_t oom_wakeups; |
3093 | |
3094 | atomic_t refcnt; |
3095 | |
3096 | @@ -2075,15 +2076,18 @@ static int mem_cgroup_soft_reclaim(struct mem_cgroup *root_memcg, |
3097 | return total; |
3098 | } |
3099 | |
3100 | +static DEFINE_SPINLOCK(memcg_oom_lock); |
3101 | + |
3102 | /* |
3103 | * Check OOM-Killer is already running under our hierarchy. |
3104 | * If someone is running, return false. |
3105 | - * Has to be called with memcg_oom_lock |
3106 | */ |
3107 | -static bool mem_cgroup_oom_lock(struct mem_cgroup *memcg) |
3108 | +static bool mem_cgroup_oom_trylock(struct mem_cgroup *memcg) |
3109 | { |
3110 | struct mem_cgroup *iter, *failed = NULL; |
3111 | |
3112 | + spin_lock(&memcg_oom_lock); |
3113 | + |
3114 | for_each_mem_cgroup_tree(iter, memcg) { |
3115 | if (iter->oom_lock) { |
3116 | /* |
3117 | @@ -2097,33 +2101,33 @@ static bool mem_cgroup_oom_lock(struct mem_cgroup *memcg) |
3118 | iter->oom_lock = true; |
3119 | } |
3120 | |
3121 | - if (!failed) |
3122 | - return true; |
3123 | - |
3124 | - /* |
3125 | - * OK, we failed to lock the whole subtree so we have to clean up |
3126 | - * what we set up to the failing subtree |
3127 | - */ |
3128 | - for_each_mem_cgroup_tree(iter, memcg) { |
3129 | - if (iter == failed) { |
3130 | - mem_cgroup_iter_break(memcg, iter); |
3131 | - break; |
3132 | + if (failed) { |
3133 | + /* |
3134 | + * OK, we failed to lock the whole subtree so we have |
3135 | + * to clean up what we set up to the failing subtree |
3136 | + */ |
3137 | + for_each_mem_cgroup_tree(iter, memcg) { |
3138 | + if (iter == failed) { |
3139 | + mem_cgroup_iter_break(memcg, iter); |
3140 | + break; |
3141 | + } |
3142 | + iter->oom_lock = false; |
3143 | } |
3144 | - iter->oom_lock = false; |
3145 | } |
3146 | - return false; |
3147 | + |
3148 | + spin_unlock(&memcg_oom_lock); |
3149 | + |
3150 | + return !failed; |
3151 | } |
3152 | |
3153 | -/* |
3154 | - * Has to be called with memcg_oom_lock |
3155 | - */ |
3156 | -static int mem_cgroup_oom_unlock(struct mem_cgroup *memcg) |
3157 | +static void mem_cgroup_oom_unlock(struct mem_cgroup *memcg) |
3158 | { |
3159 | struct mem_cgroup *iter; |
3160 | |
3161 | + spin_lock(&memcg_oom_lock); |
3162 | for_each_mem_cgroup_tree(iter, memcg) |
3163 | iter->oom_lock = false; |
3164 | - return 0; |
3165 | + spin_unlock(&memcg_oom_lock); |
3166 | } |
3167 | |
3168 | static void mem_cgroup_mark_under_oom(struct mem_cgroup *memcg) |
3169 | @@ -2147,7 +2151,6 @@ static void mem_cgroup_unmark_under_oom(struct mem_cgroup *memcg) |
3170 | atomic_add_unless(&iter->under_oom, -1, 0); |
3171 | } |
3172 | |
3173 | -static DEFINE_SPINLOCK(memcg_oom_lock); |
3174 | static DECLARE_WAIT_QUEUE_HEAD(memcg_oom_waitq); |
3175 | |
3176 | struct oom_wait_info { |
3177 | @@ -2177,6 +2180,7 @@ static int memcg_oom_wake_function(wait_queue_t *wait, |
3178 | |
3179 | static void memcg_wakeup_oom(struct mem_cgroup *memcg) |
3180 | { |
3181 | + atomic_inc(&memcg->oom_wakeups); |
3182 | /* for filtering, pass "memcg" as argument. */ |
3183 | __wake_up(&memcg_oom_waitq, TASK_NORMAL, 0, memcg); |
3184 | } |
3185 | @@ -2187,57 +2191,97 @@ static void memcg_oom_recover(struct mem_cgroup *memcg) |
3186 | memcg_wakeup_oom(memcg); |
3187 | } |
3188 | |
3189 | -/* |
3190 | - * try to call OOM killer. returns false if we should exit memory-reclaim loop. |
3191 | +static void mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int order) |
3192 | +{ |
3193 | + if (!current->memcg_oom.may_oom) |
3194 | + return; |
3195 | + /* |
3196 | + * We are in the middle of the charge context here, so we |
3197 | + * don't want to block when potentially sitting on a callstack |
3198 | + * that holds all kinds of filesystem and mm locks. |
3199 | + * |
3200 | + * Also, the caller may handle a failed allocation gracefully |
3201 | + * (like optional page cache readahead) and so an OOM killer |
3202 | + * invocation might not even be necessary. |
3203 | + * |
3204 | + * That's why we don't do anything here except remember the |
3205 | + * OOM context and then deal with it at the end of the page |
3206 | + * fault when the stack is unwound, the locks are released, |
3207 | + * and when we know whether the fault was overall successful. |
3208 | + */ |
3209 | + css_get(&memcg->css); |
3210 | + current->memcg_oom.memcg = memcg; |
3211 | + current->memcg_oom.gfp_mask = mask; |
3212 | + current->memcg_oom.order = order; |
3213 | +} |
3214 | + |
3215 | +/** |
3216 | + * mem_cgroup_oom_synchronize - complete memcg OOM handling |
3217 | + * @handle: actually kill/wait or just clean up the OOM state |
3218 | + * |
3219 | + * This has to be called at the end of a page fault if the memcg OOM |
3220 | + * handler was enabled. |
3221 | + * |
3222 | + * Memcg supports userspace OOM handling where failed allocations must |
3223 | + * sleep on a waitqueue until the userspace task resolves the |
3224 | + * situation. Sleeping directly in the charge context with all kinds |
3225 | + * of locks held is not a good idea, instead we remember an OOM state |
3226 | + * in the task and mem_cgroup_oom_synchronize() has to be called at |
3227 | + * the end of the page fault to complete the OOM handling. |
3228 | + * |
3229 | + * Returns %true if an ongoing memcg OOM situation was detected and |
3230 | + * completed, %false otherwise. |
3231 | */ |
3232 | -static bool mem_cgroup_handle_oom(struct mem_cgroup *memcg, gfp_t mask, |
3233 | - int order) |
3234 | +bool mem_cgroup_oom_synchronize(bool handle) |
3235 | { |
3236 | + struct mem_cgroup *memcg = current->memcg_oom.memcg; |
3237 | struct oom_wait_info owait; |
3238 | - bool locked, need_to_kill; |
3239 | + bool locked; |
3240 | + |
3241 | + /* OOM is global, do not handle */ |
3242 | + if (!memcg) |
3243 | + return false; |
3244 | + |
3245 | + if (!handle) |
3246 | + goto cleanup; |
3247 | |
3248 | owait.memcg = memcg; |
3249 | owait.wait.flags = 0; |
3250 | owait.wait.func = memcg_oom_wake_function; |
3251 | owait.wait.private = current; |
3252 | INIT_LIST_HEAD(&owait.wait.task_list); |
3253 | - need_to_kill = true; |
3254 | - mem_cgroup_mark_under_oom(memcg); |
3255 | |
3256 | - /* At first, try to OOM lock hierarchy under memcg.*/ |
3257 | - spin_lock(&memcg_oom_lock); |
3258 | - locked = mem_cgroup_oom_lock(memcg); |
3259 | - /* |
3260 | - * Even if signal_pending(), we can't quit charge() loop without |
3261 | - * accounting. So, UNINTERRUPTIBLE is appropriate. But SIGKILL |
3262 | - * under OOM is always welcomed, use TASK_KILLABLE here. |
3263 | - */ |
3264 | prepare_to_wait(&memcg_oom_waitq, &owait.wait, TASK_KILLABLE); |
3265 | - if (!locked || memcg->oom_kill_disable) |
3266 | - need_to_kill = false; |
3267 | + mem_cgroup_mark_under_oom(memcg); |
3268 | + |
3269 | + locked = mem_cgroup_oom_trylock(memcg); |
3270 | + |
3271 | if (locked) |
3272 | mem_cgroup_oom_notify(memcg); |
3273 | - spin_unlock(&memcg_oom_lock); |
3274 | |
3275 | - if (need_to_kill) { |
3276 | + if (locked && !memcg->oom_kill_disable) { |
3277 | + mem_cgroup_unmark_under_oom(memcg); |
3278 | finish_wait(&memcg_oom_waitq, &owait.wait); |
3279 | - mem_cgroup_out_of_memory(memcg, mask, order); |
3280 | + mem_cgroup_out_of_memory(memcg, current->memcg_oom.gfp_mask, |
3281 | + current->memcg_oom.order); |
3282 | } else { |
3283 | schedule(); |
3284 | + mem_cgroup_unmark_under_oom(memcg); |
3285 | finish_wait(&memcg_oom_waitq, &owait.wait); |
3286 | } |
3287 | - spin_lock(&memcg_oom_lock); |
3288 | - if (locked) |
3289 | - mem_cgroup_oom_unlock(memcg); |
3290 | - memcg_wakeup_oom(memcg); |
3291 | - spin_unlock(&memcg_oom_lock); |
3292 | |
3293 | - mem_cgroup_unmark_under_oom(memcg); |
3294 | - |
3295 | - if (test_thread_flag(TIF_MEMDIE) || fatal_signal_pending(current)) |
3296 | - return false; |
3297 | - /* Give chance to dying process */ |
3298 | - schedule_timeout_uninterruptible(1); |
3299 | + if (locked) { |
3300 | + mem_cgroup_oom_unlock(memcg); |
3301 | + /* |
3302 | + * There is no guarantee that an OOM-lock contender |
3303 | + * sees the wakeups triggered by the OOM kill |
3304 | + * uncharges. Wake any sleepers explicitely. |
3305 | + */ |
3306 | + memcg_oom_recover(memcg); |
3307 | + } |
3308 | +cleanup: |
3309 | + current->memcg_oom.memcg = NULL; |
3310 | + css_put(&memcg->css); |
3311 | return true; |
3312 | } |
3313 | |
3314 | @@ -2550,12 +2594,11 @@ enum { |
3315 | CHARGE_RETRY, /* need to retry but retry is not bad */ |
3316 | CHARGE_NOMEM, /* we can't do more. return -ENOMEM */ |
3317 | CHARGE_WOULDBLOCK, /* GFP_WAIT wasn't set and no enough res. */ |
3318 | - CHARGE_OOM_DIE, /* the current is killed because of OOM */ |
3319 | }; |
3320 | |
3321 | static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask, |
3322 | unsigned int nr_pages, unsigned int min_pages, |
3323 | - bool oom_check) |
3324 | + bool invoke_oom) |
3325 | { |
3326 | unsigned long csize = nr_pages * PAGE_SIZE; |
3327 | struct mem_cgroup *mem_over_limit; |
3328 | @@ -2612,14 +2655,10 @@ static int mem_cgroup_do_charge(struct mem_cgroup *memcg, gfp_t gfp_mask, |
3329 | if (mem_cgroup_wait_acct_move(mem_over_limit)) |
3330 | return CHARGE_RETRY; |
3331 | |
3332 | - /* If we don't need to call oom-killer at el, return immediately */ |
3333 | - if (!oom_check) |
3334 | - return CHARGE_NOMEM; |
3335 | - /* check OOM */ |
3336 | - if (!mem_cgroup_handle_oom(mem_over_limit, gfp_mask, get_order(csize))) |
3337 | - return CHARGE_OOM_DIE; |
3338 | + if (invoke_oom) |
3339 | + mem_cgroup_oom(mem_over_limit, gfp_mask, get_order(csize)); |
3340 | |
3341 | - return CHARGE_RETRY; |
3342 | + return CHARGE_NOMEM; |
3343 | } |
3344 | |
3345 | /* |
3346 | @@ -2663,6 +2702,9 @@ static int __mem_cgroup_try_charge(struct mm_struct *mm, |
3347 | || fatal_signal_pending(current))) |
3348 | goto bypass; |
3349 | |
3350 | + if (unlikely(task_in_memcg_oom(current))) |
3351 | + goto bypass; |
3352 | + |
3353 | /* |
3354 | * We always charge the cgroup the mm_struct belongs to. |
3355 | * The mm_struct's mem_cgroup changes on task migration if the |
3356 | @@ -2722,7 +2764,7 @@ again: |
3357 | } |
3358 | |
3359 | do { |
3360 | - bool oom_check; |
3361 | + bool invoke_oom = oom && !nr_oom_retries; |
3362 | |
3363 | /* If killed, bypass charge */ |
3364 | if (fatal_signal_pending(current)) { |
3365 | @@ -2730,14 +2772,8 @@ again: |
3366 | goto bypass; |
3367 | } |
3368 | |
3369 | - oom_check = false; |
3370 | - if (oom && !nr_oom_retries) { |
3371 | - oom_check = true; |
3372 | - nr_oom_retries = MEM_CGROUP_RECLAIM_RETRIES; |
3373 | - } |
3374 | - |
3375 | - ret = mem_cgroup_do_charge(memcg, gfp_mask, batch, nr_pages, |
3376 | - oom_check); |
3377 | + ret = mem_cgroup_do_charge(memcg, gfp_mask, batch, |
3378 | + nr_pages, invoke_oom); |
3379 | switch (ret) { |
3380 | case CHARGE_OK: |
3381 | break; |
3382 | @@ -2750,16 +2786,12 @@ again: |
3383 | css_put(&memcg->css); |
3384 | goto nomem; |
3385 | case CHARGE_NOMEM: /* OOM routine works */ |
3386 | - if (!oom) { |
3387 | + if (!oom || invoke_oom) { |
3388 | css_put(&memcg->css); |
3389 | goto nomem; |
3390 | } |
3391 | - /* If oom, we never return -ENOMEM */ |
3392 | nr_oom_retries--; |
3393 | break; |
3394 | - case CHARGE_OOM_DIE: /* Killed by OOM Killer */ |
3395 | - css_put(&memcg->css); |
3396 | - goto bypass; |
3397 | } |
3398 | } while (ret != CHARGE_OK); |
3399 | |
3400 | diff --git a/mm/memory.c b/mm/memory.c |
3401 | index ebe0f285c0e7..0984f398d746 100644 |
3402 | --- a/mm/memory.c |
3403 | +++ b/mm/memory.c |
3404 | @@ -3754,22 +3754,14 @@ unlock: |
3405 | /* |
3406 | * By the time we get here, we already hold the mm semaphore |
3407 | */ |
3408 | -int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
3409 | - unsigned long address, unsigned int flags) |
3410 | +static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
3411 | + unsigned long address, unsigned int flags) |
3412 | { |
3413 | pgd_t *pgd; |
3414 | pud_t *pud; |
3415 | pmd_t *pmd; |
3416 | pte_t *pte; |
3417 | |
3418 | - __set_current_state(TASK_RUNNING); |
3419 | - |
3420 | - count_vm_event(PGFAULT); |
3421 | - mem_cgroup_count_vm_event(mm, PGFAULT); |
3422 | - |
3423 | - /* do counter updates before entering really critical section. */ |
3424 | - check_sync_rss_stat(current); |
3425 | - |
3426 | if (unlikely(is_vm_hugetlb_page(vma))) |
3427 | return hugetlb_fault(mm, vma, address, flags); |
3428 | |
3429 | @@ -3850,6 +3842,43 @@ retry: |
3430 | return handle_pte_fault(mm, vma, address, pte, pmd, flags); |
3431 | } |
3432 | |
3433 | +int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
3434 | + unsigned long address, unsigned int flags) |
3435 | +{ |
3436 | + int ret; |
3437 | + |
3438 | + __set_current_state(TASK_RUNNING); |
3439 | + |
3440 | + count_vm_event(PGFAULT); |
3441 | + mem_cgroup_count_vm_event(mm, PGFAULT); |
3442 | + |
3443 | + /* do counter updates before entering really critical section. */ |
3444 | + check_sync_rss_stat(current); |
3445 | + |
3446 | + /* |
3447 | + * Enable the memcg OOM handling for faults triggered in user |
3448 | + * space. Kernel faults are handled more gracefully. |
3449 | + */ |
3450 | + if (flags & FAULT_FLAG_USER) |
3451 | + mem_cgroup_oom_enable(); |
3452 | + |
3453 | + ret = __handle_mm_fault(mm, vma, address, flags); |
3454 | + |
3455 | + if (flags & FAULT_FLAG_USER) { |
3456 | + mem_cgroup_oom_disable(); |
3457 | + /* |
3458 | + * The task may have entered a memcg OOM situation but |
3459 | + * if the allocation error was handled gracefully (no |
3460 | + * VM_FAULT_OOM), there is no need to kill anything. |
3461 | + * Just clean up the OOM state peacefully. |
3462 | + */ |
3463 | + if (task_in_memcg_oom(current) && !(ret & VM_FAULT_OOM)) |
3464 | + mem_cgroup_oom_synchronize(false); |
3465 | + } |
3466 | + |
3467 | + return ret; |
3468 | +} |
3469 | + |
3470 | #ifndef __PAGETABLE_PUD_FOLDED |
3471 | /* |
3472 | * Allocate page upper directory. |
3473 | diff --git a/mm/oom_kill.c b/mm/oom_kill.c |
3474 | index f104c7e9f61e..4d87d7c4ed2e 100644 |
3475 | --- a/mm/oom_kill.c |
3476 | +++ b/mm/oom_kill.c |
3477 | @@ -702,9 +702,12 @@ out: |
3478 | */ |
3479 | void pagefault_out_of_memory(void) |
3480 | { |
3481 | - struct zonelist *zonelist = node_zonelist(first_online_node, |
3482 | - GFP_KERNEL); |
3483 | + struct zonelist *zonelist; |
3484 | |
3485 | + if (mem_cgroup_oom_synchronize(true)) |
3486 | + return; |
3487 | + |
3488 | + zonelist = node_zonelist(first_online_node, GFP_KERNEL); |
3489 | if (try_set_zonelist_oom(zonelist, GFP_KERNEL)) { |
3490 | out_of_memory(NULL, 0, 0, NULL, false); |
3491 | clear_zonelist_oom(zonelist, GFP_KERNEL); |
3492 | diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h |
3493 | index e696833a31b5..11ab6628027a 100644 |
3494 | --- a/net/bridge/br_private.h |
3495 | +++ b/net/bridge/br_private.h |
3496 | @@ -429,6 +429,16 @@ extern netdev_features_t br_features_recompute(struct net_bridge *br, |
3497 | extern int br_handle_frame_finish(struct sk_buff *skb); |
3498 | extern rx_handler_result_t br_handle_frame(struct sk_buff **pskb); |
3499 | |
3500 | +static inline bool br_rx_handler_check_rcu(const struct net_device *dev) |
3501 | +{ |
3502 | + return rcu_dereference(dev->rx_handler) == br_handle_frame; |
3503 | +} |
3504 | + |
3505 | +static inline struct net_bridge_port *br_port_get_check_rcu(const struct net_device *dev) |
3506 | +{ |
3507 | + return br_rx_handler_check_rcu(dev) ? br_port_get_rcu(dev) : NULL; |
3508 | +} |
3509 | + |
3510 | /* br_ioctl.c */ |
3511 | extern int br_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd); |
3512 | extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __user *arg); |
3513 | diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c |
3514 | index 8660ea3be705..bdb459d21ad8 100644 |
3515 | --- a/net/bridge/br_stp_bpdu.c |
3516 | +++ b/net/bridge/br_stp_bpdu.c |
3517 | @@ -153,7 +153,7 @@ void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb, |
3518 | if (buf[0] != 0 || buf[1] != 0 || buf[2] != 0) |
3519 | goto err; |
3520 | |
3521 | - p = br_port_get_rcu(dev); |
3522 | + p = br_port_get_check_rcu(dev); |
3523 | if (!p) |
3524 | goto err; |
3525 | |
3526 | diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c |
3527 | index 6e7a236525b6..06f19b9e159a 100644 |
3528 | --- a/net/ceph/crypto.c |
3529 | +++ b/net/ceph/crypto.c |
3530 | @@ -89,11 +89,82 @@ static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void) |
3531 | |
3532 | static const u8 *aes_iv = (u8 *)CEPH_AES_IV; |
3533 | |
3534 | +/* |
3535 | + * Should be used for buffers allocated with ceph_kvmalloc(). |
3536 | + * Currently these are encrypt out-buffer (ceph_buffer) and decrypt |
3537 | + * in-buffer (msg front). |
3538 | + * |
3539 | + * Dispose of @sgt with teardown_sgtable(). |
3540 | + * |
3541 | + * @prealloc_sg is to avoid memory allocation inside sg_alloc_table() |
3542 | + * in cases where a single sg is sufficient. No attempt to reduce the |
3543 | + * number of sgs by squeezing physically contiguous pages together is |
3544 | + * made though, for simplicity. |
3545 | + */ |
3546 | +static int setup_sgtable(struct sg_table *sgt, struct scatterlist *prealloc_sg, |
3547 | + const void *buf, unsigned int buf_len) |
3548 | +{ |
3549 | + struct scatterlist *sg; |
3550 | + const bool is_vmalloc = is_vmalloc_addr(buf); |
3551 | + unsigned int off = offset_in_page(buf); |
3552 | + unsigned int chunk_cnt = 1; |
3553 | + unsigned int chunk_len = PAGE_ALIGN(off + buf_len); |
3554 | + int i; |
3555 | + int ret; |
3556 | + |
3557 | + if (buf_len == 0) { |
3558 | + memset(sgt, 0, sizeof(*sgt)); |
3559 | + return -EINVAL; |
3560 | + } |
3561 | + |
3562 | + if (is_vmalloc) { |
3563 | + chunk_cnt = chunk_len >> PAGE_SHIFT; |
3564 | + chunk_len = PAGE_SIZE; |
3565 | + } |
3566 | + |
3567 | + if (chunk_cnt > 1) { |
3568 | + ret = sg_alloc_table(sgt, chunk_cnt, GFP_NOFS); |
3569 | + if (ret) |
3570 | + return ret; |
3571 | + } else { |
3572 | + WARN_ON(chunk_cnt != 1); |
3573 | + sg_init_table(prealloc_sg, 1); |
3574 | + sgt->sgl = prealloc_sg; |
3575 | + sgt->nents = sgt->orig_nents = 1; |
3576 | + } |
3577 | + |
3578 | + for_each_sg(sgt->sgl, sg, sgt->orig_nents, i) { |
3579 | + struct page *page; |
3580 | + unsigned int len = min(chunk_len - off, buf_len); |
3581 | + |
3582 | + if (is_vmalloc) |
3583 | + page = vmalloc_to_page(buf); |
3584 | + else |
3585 | + page = virt_to_page(buf); |
3586 | + |
3587 | + sg_set_page(sg, page, len, off); |
3588 | + |
3589 | + off = 0; |
3590 | + buf += len; |
3591 | + buf_len -= len; |
3592 | + } |
3593 | + WARN_ON(buf_len != 0); |
3594 | + |
3595 | + return 0; |
3596 | +} |
3597 | + |
3598 | +static void teardown_sgtable(struct sg_table *sgt) |
3599 | +{ |
3600 | + if (sgt->orig_nents > 1) |
3601 | + sg_free_table(sgt); |
3602 | +} |
3603 | + |
3604 | static int ceph_aes_encrypt(const void *key, int key_len, |
3605 | void *dst, size_t *dst_len, |
3606 | const void *src, size_t src_len) |
3607 | { |
3608 | - struct scatterlist sg_in[2], sg_out[1]; |
3609 | + struct scatterlist sg_in[2], prealloc_sg; |
3610 | + struct sg_table sg_out; |
3611 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
3612 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; |
3613 | int ret; |
3614 | @@ -109,16 +180,18 @@ static int ceph_aes_encrypt(const void *key, int key_len, |
3615 | |
3616 | *dst_len = src_len + zero_padding; |
3617 | |
3618 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3619 | sg_init_table(sg_in, 2); |
3620 | sg_set_buf(&sg_in[0], src, src_len); |
3621 | sg_set_buf(&sg_in[1], pad, zero_padding); |
3622 | - sg_init_table(sg_out, 1); |
3623 | - sg_set_buf(sg_out, dst, *dst_len); |
3624 | + ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); |
3625 | + if (ret) |
3626 | + goto out_tfm; |
3627 | + |
3628 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3629 | iv = crypto_blkcipher_crt(tfm)->iv; |
3630 | ivsize = crypto_blkcipher_ivsize(tfm); |
3631 | - |
3632 | memcpy(iv, aes_iv, ivsize); |
3633 | + |
3634 | /* |
3635 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, |
3636 | key, key_len, 1); |
3637 | @@ -127,16 +200,22 @@ static int ceph_aes_encrypt(const void *key, int key_len, |
3638 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, |
3639 | pad, zero_padding, 1); |
3640 | */ |
3641 | - ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, |
3642 | + ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, |
3643 | src_len + zero_padding); |
3644 | - crypto_free_blkcipher(tfm); |
3645 | - if (ret < 0) |
3646 | + if (ret < 0) { |
3647 | pr_err("ceph_aes_crypt failed %d\n", ret); |
3648 | + goto out_sg; |
3649 | + } |
3650 | /* |
3651 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, |
3652 | dst, *dst_len, 1); |
3653 | */ |
3654 | - return 0; |
3655 | + |
3656 | +out_sg: |
3657 | + teardown_sgtable(&sg_out); |
3658 | +out_tfm: |
3659 | + crypto_free_blkcipher(tfm); |
3660 | + return ret; |
3661 | } |
3662 | |
3663 | static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, |
3664 | @@ -144,7 +223,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, |
3665 | const void *src1, size_t src1_len, |
3666 | const void *src2, size_t src2_len) |
3667 | { |
3668 | - struct scatterlist sg_in[3], sg_out[1]; |
3669 | + struct scatterlist sg_in[3], prealloc_sg; |
3670 | + struct sg_table sg_out; |
3671 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
3672 | struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 }; |
3673 | int ret; |
3674 | @@ -160,17 +240,19 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, |
3675 | |
3676 | *dst_len = src1_len + src2_len + zero_padding; |
3677 | |
3678 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3679 | sg_init_table(sg_in, 3); |
3680 | sg_set_buf(&sg_in[0], src1, src1_len); |
3681 | sg_set_buf(&sg_in[1], src2, src2_len); |
3682 | sg_set_buf(&sg_in[2], pad, zero_padding); |
3683 | - sg_init_table(sg_out, 1); |
3684 | - sg_set_buf(sg_out, dst, *dst_len); |
3685 | + ret = setup_sgtable(&sg_out, &prealloc_sg, dst, *dst_len); |
3686 | + if (ret) |
3687 | + goto out_tfm; |
3688 | + |
3689 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3690 | iv = crypto_blkcipher_crt(tfm)->iv; |
3691 | ivsize = crypto_blkcipher_ivsize(tfm); |
3692 | - |
3693 | memcpy(iv, aes_iv, ivsize); |
3694 | + |
3695 | /* |
3696 | print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1, |
3697 | key, key_len, 1); |
3698 | @@ -181,23 +263,30 @@ static int ceph_aes_encrypt2(const void *key, int key_len, void *dst, |
3699 | print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1, |
3700 | pad, zero_padding, 1); |
3701 | */ |
3702 | - ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, |
3703 | + ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in, |
3704 | src1_len + src2_len + zero_padding); |
3705 | - crypto_free_blkcipher(tfm); |
3706 | - if (ret < 0) |
3707 | + if (ret < 0) { |
3708 | pr_err("ceph_aes_crypt2 failed %d\n", ret); |
3709 | + goto out_sg; |
3710 | + } |
3711 | /* |
3712 | print_hex_dump(KERN_ERR, "enc out: ", DUMP_PREFIX_NONE, 16, 1, |
3713 | dst, *dst_len, 1); |
3714 | */ |
3715 | - return 0; |
3716 | + |
3717 | +out_sg: |
3718 | + teardown_sgtable(&sg_out); |
3719 | +out_tfm: |
3720 | + crypto_free_blkcipher(tfm); |
3721 | + return ret; |
3722 | } |
3723 | |
3724 | static int ceph_aes_decrypt(const void *key, int key_len, |
3725 | void *dst, size_t *dst_len, |
3726 | const void *src, size_t src_len) |
3727 | { |
3728 | - struct scatterlist sg_in[1], sg_out[2]; |
3729 | + struct sg_table sg_in; |
3730 | + struct scatterlist sg_out[2], prealloc_sg; |
3731 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
3732 | struct blkcipher_desc desc = { .tfm = tfm }; |
3733 | char pad[16]; |
3734 | @@ -209,16 +298,16 @@ static int ceph_aes_decrypt(const void *key, int key_len, |
3735 | if (IS_ERR(tfm)) |
3736 | return PTR_ERR(tfm); |
3737 | |
3738 | - crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3739 | - sg_init_table(sg_in, 1); |
3740 | sg_init_table(sg_out, 2); |
3741 | - sg_set_buf(sg_in, src, src_len); |
3742 | sg_set_buf(&sg_out[0], dst, *dst_len); |
3743 | sg_set_buf(&sg_out[1], pad, sizeof(pad)); |
3744 | + ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); |
3745 | + if (ret) |
3746 | + goto out_tfm; |
3747 | |
3748 | + crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3749 | iv = crypto_blkcipher_crt(tfm)->iv; |
3750 | ivsize = crypto_blkcipher_ivsize(tfm); |
3751 | - |
3752 | memcpy(iv, aes_iv, ivsize); |
3753 | |
3754 | /* |
3755 | @@ -227,12 +316,10 @@ static int ceph_aes_decrypt(const void *key, int key_len, |
3756 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, |
3757 | src, src_len, 1); |
3758 | */ |
3759 | - |
3760 | - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); |
3761 | - crypto_free_blkcipher(tfm); |
3762 | + ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); |
3763 | if (ret < 0) { |
3764 | pr_err("ceph_aes_decrypt failed %d\n", ret); |
3765 | - return ret; |
3766 | + goto out_sg; |
3767 | } |
3768 | |
3769 | if (src_len <= *dst_len) |
3770 | @@ -250,7 +337,12 @@ static int ceph_aes_decrypt(const void *key, int key_len, |
3771 | print_hex_dump(KERN_ERR, "dec out: ", DUMP_PREFIX_NONE, 16, 1, |
3772 | dst, *dst_len, 1); |
3773 | */ |
3774 | - return 0; |
3775 | + |
3776 | +out_sg: |
3777 | + teardown_sgtable(&sg_in); |
3778 | +out_tfm: |
3779 | + crypto_free_blkcipher(tfm); |
3780 | + return ret; |
3781 | } |
3782 | |
3783 | static int ceph_aes_decrypt2(const void *key, int key_len, |
3784 | @@ -258,7 +350,8 @@ static int ceph_aes_decrypt2(const void *key, int key_len, |
3785 | void *dst2, size_t *dst2_len, |
3786 | const void *src, size_t src_len) |
3787 | { |
3788 | - struct scatterlist sg_in[1], sg_out[3]; |
3789 | + struct sg_table sg_in; |
3790 | + struct scatterlist sg_out[3], prealloc_sg; |
3791 | struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher(); |
3792 | struct blkcipher_desc desc = { .tfm = tfm }; |
3793 | char pad[16]; |
3794 | @@ -270,17 +363,17 @@ static int ceph_aes_decrypt2(const void *key, int key_len, |
3795 | if (IS_ERR(tfm)) |
3796 | return PTR_ERR(tfm); |
3797 | |
3798 | - sg_init_table(sg_in, 1); |
3799 | - sg_set_buf(sg_in, src, src_len); |
3800 | sg_init_table(sg_out, 3); |
3801 | sg_set_buf(&sg_out[0], dst1, *dst1_len); |
3802 | sg_set_buf(&sg_out[1], dst2, *dst2_len); |
3803 | sg_set_buf(&sg_out[2], pad, sizeof(pad)); |
3804 | + ret = setup_sgtable(&sg_in, &prealloc_sg, src, src_len); |
3805 | + if (ret) |
3806 | + goto out_tfm; |
3807 | |
3808 | crypto_blkcipher_setkey((void *)tfm, key, key_len); |
3809 | iv = crypto_blkcipher_crt(tfm)->iv; |
3810 | ivsize = crypto_blkcipher_ivsize(tfm); |
3811 | - |
3812 | memcpy(iv, aes_iv, ivsize); |
3813 | |
3814 | /* |
3815 | @@ -289,12 +382,10 @@ static int ceph_aes_decrypt2(const void *key, int key_len, |
3816 | print_hex_dump(KERN_ERR, "dec in: ", DUMP_PREFIX_NONE, 16, 1, |
3817 | src, src_len, 1); |
3818 | */ |
3819 | - |
3820 | - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, src_len); |
3821 | - crypto_free_blkcipher(tfm); |
3822 | + ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in.sgl, src_len); |
3823 | if (ret < 0) { |
3824 | pr_err("ceph_aes_decrypt failed %d\n", ret); |
3825 | - return ret; |
3826 | + goto out_sg; |
3827 | } |
3828 | |
3829 | if (src_len <= *dst1_len) |
3830 | @@ -324,7 +415,11 @@ static int ceph_aes_decrypt2(const void *key, int key_len, |
3831 | dst2, *dst2_len, 1); |
3832 | */ |
3833 | |
3834 | - return 0; |
3835 | +out_sg: |
3836 | + teardown_sgtable(&sg_in); |
3837 | +out_tfm: |
3838 | + crypto_free_blkcipher(tfm); |
3839 | + return ret; |
3840 | } |
3841 | |
3842 | |
3843 | diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c |
3844 | index 250a73e77f57..6c20f4731f1a 100644 |
3845 | --- a/net/ipv6/ip6_gre.c |
3846 | +++ b/net/ipv6/ip6_gre.c |
3847 | @@ -962,8 +962,6 @@ static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu) |
3848 | else |
3849 | dev->flags &= ~IFF_POINTOPOINT; |
3850 | |
3851 | - dev->iflink = p->link; |
3852 | - |
3853 | /* Precalculate GRE options length */ |
3854 | if (t->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { |
3855 | if (t->parms.o_flags&GRE_CSUM) |
3856 | @@ -1267,6 +1265,8 @@ static int ip6gre_tunnel_init(struct net_device *dev) |
3857 | if (!dev->tstats) |
3858 | return -ENOMEM; |
3859 | |
3860 | + dev->iflink = tunnel->parms.link; |
3861 | + |
3862 | return 0; |
3863 | } |
3864 | |
3865 | @@ -1282,7 +1282,6 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) |
3866 | dev_hold(dev); |
3867 | } |
3868 | |
3869 | - |
3870 | static struct inet6_protocol ip6gre_protocol __read_mostly = { |
3871 | .handler = ip6gre_rcv, |
3872 | .err_handler = ip6gre_err, |
3873 | @@ -1458,6 +1457,8 @@ static int ip6gre_tap_init(struct net_device *dev) |
3874 | if (!dev->tstats) |
3875 | return -ENOMEM; |
3876 | |
3877 | + dev->iflink = tunnel->parms.link; |
3878 | + |
3879 | return 0; |
3880 | } |
3881 | |
3882 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
3883 | index a0ecdf596f2f..14f46af17704 100644 |
3884 | --- a/net/ipv6/ip6_tunnel.c |
3885 | +++ b/net/ipv6/ip6_tunnel.c |
3886 | @@ -265,9 +265,6 @@ static int ip6_tnl_create2(struct net_device *dev) |
3887 | int err; |
3888 | |
3889 | t = netdev_priv(dev); |
3890 | - err = ip6_tnl_dev_init(dev); |
3891 | - if (err < 0) |
3892 | - goto out; |
3893 | |
3894 | err = register_netdevice(dev); |
3895 | if (err < 0) |
3896 | @@ -1433,6 +1430,7 @@ ip6_tnl_change_mtu(struct net_device *dev, int new_mtu) |
3897 | |
3898 | |
3899 | static const struct net_device_ops ip6_tnl_netdev_ops = { |
3900 | + .ndo_init = ip6_tnl_dev_init, |
3901 | .ndo_uninit = ip6_tnl_dev_uninit, |
3902 | .ndo_start_xmit = ip6_tnl_xmit, |
3903 | .ndo_do_ioctl = ip6_tnl_ioctl, |
3904 | @@ -1514,16 +1512,10 @@ static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev) |
3905 | struct ip6_tnl *t = netdev_priv(dev); |
3906 | struct net *net = dev_net(dev); |
3907 | struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); |
3908 | - int err = ip6_tnl_dev_init_gen(dev); |
3909 | - |
3910 | - if (err) |
3911 | - return err; |
3912 | |
3913 | t->parms.proto = IPPROTO_IPV6; |
3914 | dev_hold(dev); |
3915 | |
3916 | - ip6_tnl_link_config(t); |
3917 | - |
3918 | rcu_assign_pointer(ip6n->tnls_wc[0], t); |
3919 | return 0; |
3920 | } |
3921 | diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c |
3922 | index fae73b0ef14b..85bc6d498b46 100644 |
3923 | --- a/net/mac80211/rx.c |
3924 | +++ b/net/mac80211/rx.c |
3925 | @@ -1585,11 +1585,14 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) |
3926 | sc = le16_to_cpu(hdr->seq_ctrl); |
3927 | frag = sc & IEEE80211_SCTL_FRAG; |
3928 | |
3929 | - if (likely((!ieee80211_has_morefrags(fc) && frag == 0) || |
3930 | - is_multicast_ether_addr(hdr->addr1))) { |
3931 | - /* not fragmented */ |
3932 | + if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) |
3933 | + goto out; |
3934 | + |
3935 | + if (is_multicast_ether_addr(hdr->addr1)) { |
3936 | + rx->local->dot11MulticastReceivedFrameCount++; |
3937 | goto out; |
3938 | } |
3939 | + |
3940 | I802_DEBUG_INC(rx->local->rx_handlers_fragments); |
3941 | |
3942 | if (skb_linearize(rx->skb)) |
3943 | @@ -1682,10 +1685,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) |
3944 | out: |
3945 | if (rx->sta) |
3946 | rx->sta->rx_packets++; |
3947 | - if (is_multicast_ether_addr(hdr->addr1)) |
3948 | - rx->local->dot11MulticastReceivedFrameCount++; |
3949 | - else |
3950 | - ieee80211_led_rx(rx->local); |
3951 | + ieee80211_led_rx(rx->local); |
3952 | return RX_CONTINUE; |
3953 | } |
3954 | |
3955 | diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c |
3956 | index 038eee5c8f85..2bb801e3ee8c 100644 |
3957 | --- a/net/netfilter/nf_nat_core.c |
3958 | +++ b/net/netfilter/nf_nat_core.c |
3959 | @@ -487,6 +487,39 @@ static int nf_nat_proto_remove(struct nf_conn *i, void *data) |
3960 | return i->status & IPS_NAT_MASK ? 1 : 0; |
3961 | } |
3962 | |
3963 | +static int nf_nat_proto_clean(struct nf_conn *ct, void *data) |
3964 | +{ |
3965 | + struct nf_conn_nat *nat = nfct_nat(ct); |
3966 | + |
3967 | + if (nf_nat_proto_remove(ct, data)) |
3968 | + return 1; |
3969 | + |
3970 | + if (!nat || !nat->ct) |
3971 | + return 0; |
3972 | + |
3973 | + /* This netns is being destroyed, and conntrack has nat null binding. |
3974 | + * Remove it from bysource hash, as the table will be freed soon. |
3975 | + * |
3976 | + * Else, when the conntrack is destoyed, nf_nat_cleanup_conntrack() |
3977 | + * will delete entry from already-freed table. |
3978 | + */ |
3979 | + if (!del_timer(&ct->timeout)) |
3980 | + return 1; |
3981 | + |
3982 | + spin_lock_bh(&nf_nat_lock); |
3983 | + hlist_del_rcu(&nat->bysource); |
3984 | + ct->status &= ~IPS_NAT_DONE_MASK; |
3985 | + nat->ct = NULL; |
3986 | + spin_unlock_bh(&nf_nat_lock); |
3987 | + |
3988 | + add_timer(&ct->timeout); |
3989 | + |
3990 | + /* don't delete conntrack. Although that would make things a lot |
3991 | + * simpler, we'd end up flushing all conntracks on nat rmmod. |
3992 | + */ |
3993 | + return 0; |
3994 | +} |
3995 | + |
3996 | static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) |
3997 | { |
3998 | struct nf_nat_proto_clean clean = { |
3999 | @@ -749,7 +782,7 @@ static void __net_exit nf_nat_net_exit(struct net *net) |
4000 | { |
4001 | struct nf_nat_proto_clean clean = {}; |
4002 | |
4003 | - nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean); |
4004 | + nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean); |
4005 | synchronize_rcu(); |
4006 | nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size); |
4007 | } |
4008 | diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c |
4009 | index 962e9792e317..216261dd32ae 100644 |
4010 | --- a/net/netfilter/nfnetlink_log.c |
4011 | +++ b/net/netfilter/nfnetlink_log.c |
4012 | @@ -45,7 +45,8 @@ |
4013 | #define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE |
4014 | #define NFULNL_TIMEOUT_DEFAULT 100 /* every second */ |
4015 | #define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */ |
4016 | -#define NFULNL_COPY_RANGE_MAX 0xFFFF /* max packet size is limited by 16-bit struct nfattr nfa_len field */ |
4017 | +/* max packet size is limited by 16-bit struct nfattr nfa_len field */ |
4018 | +#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN) |
4019 | |
4020 | #define PRINTR(x, args...) do { if (net_ratelimit()) \ |
4021 | printk(x, ## args); } while (0); |
4022 | @@ -255,6 +256,8 @@ nfulnl_set_mode(struct nfulnl_instance *inst, u_int8_t mode, |
4023 | |
4024 | case NFULNL_COPY_PACKET: |
4025 | inst->copy_mode = mode; |
4026 | + if (range == 0) |
4027 | + range = NFULNL_COPY_RANGE_MAX; |
4028 | inst->copy_range = min_t(unsigned int, |
4029 | range, NFULNL_COPY_RANGE_MAX); |
4030 | break; |
4031 | @@ -345,26 +348,25 @@ nfulnl_alloc_skb(u32 peer_portid, unsigned int inst_size, unsigned int pkt_size) |
4032 | return skb; |
4033 | } |
4034 | |
4035 | -static int |
4036 | +static void |
4037 | __nfulnl_send(struct nfulnl_instance *inst) |
4038 | { |
4039 | - int status = -1; |
4040 | - |
4041 | if (inst->qlen > 1) { |
4042 | struct nlmsghdr *nlh = nlmsg_put(inst->skb, 0, 0, |
4043 | NLMSG_DONE, |
4044 | sizeof(struct nfgenmsg), |
4045 | 0); |
4046 | - if (!nlh) |
4047 | + if (WARN_ONCE(!nlh, "bad nlskb size: %u, tailroom %d\n", |
4048 | + inst->skb->len, skb_tailroom(inst->skb))) { |
4049 | + kfree_skb(inst->skb); |
4050 | goto out; |
4051 | + } |
4052 | } |
4053 | - status = nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, |
4054 | - MSG_DONTWAIT); |
4055 | - |
4056 | + nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, |
4057 | + MSG_DONTWAIT); |
4058 | +out: |
4059 | inst->qlen = 0; |
4060 | inst->skb = NULL; |
4061 | -out: |
4062 | - return status; |
4063 | } |
4064 | |
4065 | static void |
4066 | @@ -647,7 +649,8 @@ nfulnl_log_packet(struct net *net, |
4067 | + nla_total_size(sizeof(u_int32_t)) /* gid */ |
4068 | + nla_total_size(plen) /* prefix */ |
4069 | + nla_total_size(sizeof(struct nfulnl_msg_packet_hw)) |
4070 | - + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)); |
4071 | + + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)) |
4072 | + + nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */ |
4073 | |
4074 | if (in && skb_mac_header_was_set(skb)) { |
4075 | size += nla_total_size(skb->dev->hard_header_len) |
4076 | @@ -676,8 +679,7 @@ nfulnl_log_packet(struct net *net, |
4077 | break; |
4078 | |
4079 | case NFULNL_COPY_PACKET: |
4080 | - if (inst->copy_range == 0 |
4081 | - || inst->copy_range > skb->len) |
4082 | + if (inst->copy_range > skb->len) |
4083 | data_len = skb->len; |
4084 | else |
4085 | data_len = inst->copy_range; |
4086 | @@ -690,8 +692,7 @@ nfulnl_log_packet(struct net *net, |
4087 | goto unlock_and_release; |
4088 | } |
4089 | |
4090 | - if (inst->skb && |
4091 | - size > skb_tailroom(inst->skb) - sizeof(struct nfgenmsg)) { |
4092 | + if (inst->skb && size > skb_tailroom(inst->skb)) { |
4093 | /* either the queue len is too high or we don't have |
4094 | * enough room in the skb left. flush to userspace. */ |
4095 | __nfulnl_flush(inst); |
4096 | diff --git a/net/sctp/associola.c b/net/sctp/associola.c |
4097 | index 62e86d98bc36..ca4a1a1b8e69 100644 |
4098 | --- a/net/sctp/associola.c |
4099 | +++ b/net/sctp/associola.c |
4100 | @@ -1659,6 +1659,8 @@ struct sctp_chunk *sctp_assoc_lookup_asconf_ack( |
4101 | * ack chunk whose serial number matches that of the request. |
4102 | */ |
4103 | list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) { |
4104 | + if (sctp_chunk_pending(ack)) |
4105 | + continue; |
4106 | if (ack->subh.addip_hdr->serial == serial) { |
4107 | sctp_chunk_hold(ack); |
4108 | return ack; |
4109 | diff --git a/net/sctp/auth.c b/net/sctp/auth.c |
4110 | index 7a19117254db..bc2fae7e67be 100644 |
4111 | --- a/net/sctp/auth.c |
4112 | +++ b/net/sctp/auth.c |
4113 | @@ -874,8 +874,6 @@ int sctp_auth_set_key(struct sctp_endpoint *ep, |
4114 | list_add(&cur_key->key_list, sh_keys); |
4115 | |
4116 | cur_key->key = key; |
4117 | - sctp_auth_key_hold(key); |
4118 | - |
4119 | return 0; |
4120 | nomem: |
4121 | if (!replace) |
4122 | diff --git a/net/sctp/inqueue.c b/net/sctp/inqueue.c |
4123 | index 3221d073448c..49c58eadbfa2 100644 |
4124 | --- a/net/sctp/inqueue.c |
4125 | +++ b/net/sctp/inqueue.c |
4126 | @@ -147,18 +147,9 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) |
4127 | } else { |
4128 | /* Nothing to do. Next chunk in the packet, please. */ |
4129 | ch = (sctp_chunkhdr_t *) chunk->chunk_end; |
4130 | - |
4131 | /* Force chunk->skb->data to chunk->chunk_end. */ |
4132 | - skb_pull(chunk->skb, |
4133 | - chunk->chunk_end - chunk->skb->data); |
4134 | - |
4135 | - /* Verify that we have at least chunk headers |
4136 | - * worth of buffer left. |
4137 | - */ |
4138 | - if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) { |
4139 | - sctp_chunk_free(chunk); |
4140 | - chunk = queue->in_progress = NULL; |
4141 | - } |
4142 | + skb_pull(chunk->skb, chunk->chunk_end - chunk->skb->data); |
4143 | + /* We are guaranteed to pull a SCTP header. */ |
4144 | } |
4145 | } |
4146 | |
4147 | @@ -194,24 +185,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue) |
4148 | skb_pull(chunk->skb, sizeof(sctp_chunkhdr_t)); |
4149 | chunk->subh.v = NULL; /* Subheader is no longer valid. */ |
4150 | |
4151 | - if (chunk->chunk_end < skb_tail_pointer(chunk->skb)) { |
4152 | + if (chunk->chunk_end + sizeof(sctp_chunkhdr_t) < |
4153 | + skb_tail_pointer(chunk->skb)) { |
4154 | /* This is not a singleton */ |
4155 | chunk->singleton = 0; |
4156 | } else if (chunk->chunk_end > skb_tail_pointer(chunk->skb)) { |
4157 | - /* RFC 2960, Section 6.10 Bundling |
4158 | - * |
4159 | - * Partial chunks MUST NOT be placed in an SCTP packet. |
4160 | - * If the receiver detects a partial chunk, it MUST drop |
4161 | - * the chunk. |
4162 | - * |
4163 | - * Since the end of the chunk is past the end of our buffer |
4164 | - * (which contains the whole packet, we can freely discard |
4165 | - * the whole packet. |
4166 | - */ |
4167 | - sctp_chunk_free(chunk); |
4168 | - chunk = queue->in_progress = NULL; |
4169 | - |
4170 | - return NULL; |
4171 | + /* Discard inside state machine. */ |
4172 | + chunk->pdiscard = 1; |
4173 | + chunk->chunk_end = skb_tail_pointer(chunk->skb); |
4174 | } else { |
4175 | /* We are at the end of the packet, so mark the chunk |
4176 | * in case we need to send a SACK. |
4177 | diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c |
4178 | index 87e244be899a..29fc16f3633f 100644 |
4179 | --- a/net/sctp/sm_make_chunk.c |
4180 | +++ b/net/sctp/sm_make_chunk.c |
4181 | @@ -2596,6 +2596,9 @@ do_addr_param: |
4182 | addr_param = param.v + sizeof(sctp_addip_param_t); |
4183 | |
4184 | af = sctp_get_af_specific(param_type2af(param.p->type)); |
4185 | + if (af == NULL) |
4186 | + break; |
4187 | + |
4188 | af->from_addr_param(&addr, addr_param, |
4189 | htons(asoc->peer.port), 0); |
4190 | |
4191 | @@ -3094,50 +3097,63 @@ static __be16 sctp_process_asconf_param(struct sctp_association *asoc, |
4192 | return SCTP_ERROR_NO_ERROR; |
4193 | } |
4194 | |
4195 | -/* Verify the ASCONF packet before we process it. */ |
4196 | -int sctp_verify_asconf(const struct sctp_association *asoc, |
4197 | - struct sctp_paramhdr *param_hdr, void *chunk_end, |
4198 | - struct sctp_paramhdr **errp) { |
4199 | - sctp_addip_param_t *asconf_param; |
4200 | +/* Verify the ASCONF packet before we process it. */ |
4201 | +bool sctp_verify_asconf(const struct sctp_association *asoc, |
4202 | + struct sctp_chunk *chunk, bool addr_param_needed, |
4203 | + struct sctp_paramhdr **errp) |
4204 | +{ |
4205 | + sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; |
4206 | union sctp_params param; |
4207 | - int length, plen; |
4208 | + bool addr_param_seen = false; |
4209 | |
4210 | - param.v = (sctp_paramhdr_t *) param_hdr; |
4211 | - while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { |
4212 | - length = ntohs(param.p->length); |
4213 | - *errp = param.p; |
4214 | - |
4215 | - if (param.v > chunk_end - length || |
4216 | - length < sizeof(sctp_paramhdr_t)) |
4217 | - return 0; |
4218 | + sctp_walk_params(param, addip, addip_hdr.params) { |
4219 | + size_t length = ntohs(param.p->length); |
4220 | |
4221 | + *errp = param.p; |
4222 | switch (param.p->type) { |
4223 | + case SCTP_PARAM_ERR_CAUSE: |
4224 | + break; |
4225 | + case SCTP_PARAM_IPV4_ADDRESS: |
4226 | + if (length != sizeof(sctp_ipv4addr_param_t)) |
4227 | + return false; |
4228 | + addr_param_seen = true; |
4229 | + break; |
4230 | + case SCTP_PARAM_IPV6_ADDRESS: |
4231 | + if (length != sizeof(sctp_ipv6addr_param_t)) |
4232 | + return false; |
4233 | + addr_param_seen = true; |
4234 | + break; |
4235 | case SCTP_PARAM_ADD_IP: |
4236 | case SCTP_PARAM_DEL_IP: |
4237 | case SCTP_PARAM_SET_PRIMARY: |
4238 | - asconf_param = (sctp_addip_param_t *)param.v; |
4239 | - plen = ntohs(asconf_param->param_hdr.length); |
4240 | - if (plen < sizeof(sctp_addip_param_t) + |
4241 | - sizeof(sctp_paramhdr_t)) |
4242 | - return 0; |
4243 | + /* In ASCONF chunks, these need to be first. */ |
4244 | + if (addr_param_needed && !addr_param_seen) |
4245 | + return false; |
4246 | + length = ntohs(param.addip->param_hdr.length); |
4247 | + if (length < sizeof(sctp_addip_param_t) + |
4248 | + sizeof(sctp_paramhdr_t)) |
4249 | + return false; |
4250 | break; |
4251 | case SCTP_PARAM_SUCCESS_REPORT: |
4252 | case SCTP_PARAM_ADAPTATION_LAYER_IND: |
4253 | if (length != sizeof(sctp_addip_param_t)) |
4254 | - return 0; |
4255 | - |
4256 | + return false; |
4257 | break; |
4258 | default: |
4259 | - break; |
4260 | + /* This is unkown to us, reject! */ |
4261 | + return false; |
4262 | } |
4263 | - |
4264 | - param.v += WORD_ROUND(length); |
4265 | } |
4266 | |
4267 | - if (param.v != chunk_end) |
4268 | - return 0; |
4269 | + /* Remaining sanity checks. */ |
4270 | + if (addr_param_needed && !addr_param_seen) |
4271 | + return false; |
4272 | + if (!addr_param_needed && addr_param_seen) |
4273 | + return false; |
4274 | + if (param.v != chunk->chunk_end) |
4275 | + return false; |
4276 | |
4277 | - return 1; |
4278 | + return true; |
4279 | } |
4280 | |
4281 | /* Process an incoming ASCONF chunk with the next expected serial no. and |
4282 | @@ -3146,16 +3162,17 @@ int sctp_verify_asconf(const struct sctp_association *asoc, |
4283 | struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, |
4284 | struct sctp_chunk *asconf) |
4285 | { |
4286 | + sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; |
4287 | + bool all_param_pass = true; |
4288 | + union sctp_params param; |
4289 | sctp_addiphdr_t *hdr; |
4290 | union sctp_addr_param *addr_param; |
4291 | sctp_addip_param_t *asconf_param; |
4292 | struct sctp_chunk *asconf_ack; |
4293 | - |
4294 | __be16 err_code; |
4295 | int length = 0; |
4296 | int chunk_len; |
4297 | __u32 serial; |
4298 | - int all_param_pass = 1; |
4299 | |
4300 | chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); |
4301 | hdr = (sctp_addiphdr_t *)asconf->skb->data; |
4302 | @@ -3183,9 +3200,14 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, |
4303 | goto done; |
4304 | |
4305 | /* Process the TLVs contained within the ASCONF chunk. */ |
4306 | - while (chunk_len > 0) { |
4307 | + sctp_walk_params(param, addip, addip_hdr.params) { |
4308 | + /* Skip preceeding address parameters. */ |
4309 | + if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || |
4310 | + param.p->type == SCTP_PARAM_IPV6_ADDRESS) |
4311 | + continue; |
4312 | + |
4313 | err_code = sctp_process_asconf_param(asoc, asconf, |
4314 | - asconf_param); |
4315 | + param.addip); |
4316 | /* ADDIP 4.1 A7) |
4317 | * If an error response is received for a TLV parameter, |
4318 | * all TLVs with no response before the failed TLV are |
4319 | @@ -3193,28 +3215,20 @@ struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, |
4320 | * the failed response are considered unsuccessful unless |
4321 | * a specific success indication is present for the parameter. |
4322 | */ |
4323 | - if (SCTP_ERROR_NO_ERROR != err_code) |
4324 | - all_param_pass = 0; |
4325 | - |
4326 | + if (err_code != SCTP_ERROR_NO_ERROR) |
4327 | + all_param_pass = false; |
4328 | if (!all_param_pass) |
4329 | - sctp_add_asconf_response(asconf_ack, |
4330 | - asconf_param->crr_id, err_code, |
4331 | - asconf_param); |
4332 | + sctp_add_asconf_response(asconf_ack, param.addip->crr_id, |
4333 | + err_code, param.addip); |
4334 | |
4335 | /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add |
4336 | * an IP address sends an 'Out of Resource' in its response, it |
4337 | * MUST also fail any subsequent add or delete requests bundled |
4338 | * in the ASCONF. |
4339 | */ |
4340 | - if (SCTP_ERROR_RSRC_LOW == err_code) |
4341 | + if (err_code == SCTP_ERROR_RSRC_LOW) |
4342 | goto done; |
4343 | - |
4344 | - /* Move to the next ASCONF param. */ |
4345 | - length = ntohs(asconf_param->param_hdr.length); |
4346 | - asconf_param = (void *)asconf_param + length; |
4347 | - chunk_len -= length; |
4348 | } |
4349 | - |
4350 | done: |
4351 | asoc->peer.addip_serial++; |
4352 | |
4353 | diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c |
4354 | index edc204b05c82..c52763a26297 100644 |
4355 | --- a/net/sctp/sm_statefuns.c |
4356 | +++ b/net/sctp/sm_statefuns.c |
4357 | @@ -177,6 +177,9 @@ sctp_chunk_length_valid(struct sctp_chunk *chunk, |
4358 | { |
4359 | __u16 chunk_length = ntohs(chunk->chunk_hdr->length); |
4360 | |
4361 | + /* Previously already marked? */ |
4362 | + if (unlikely(chunk->pdiscard)) |
4363 | + return 0; |
4364 | if (unlikely(chunk_length < required_length)) |
4365 | return 0; |
4366 | |
4367 | @@ -3593,9 +3596,7 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, |
4368 | struct sctp_chunk *asconf_ack = NULL; |
4369 | struct sctp_paramhdr *err_param = NULL; |
4370 | sctp_addiphdr_t *hdr; |
4371 | - union sctp_addr_param *addr_param; |
4372 | __u32 serial; |
4373 | - int length; |
4374 | |
4375 | if (!sctp_vtag_verify(chunk, asoc)) { |
4376 | sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG, |
4377 | @@ -3620,17 +3621,8 @@ sctp_disposition_t sctp_sf_do_asconf(struct net *net, |
4378 | hdr = (sctp_addiphdr_t *)chunk->skb->data; |
4379 | serial = ntohl(hdr->serial); |
4380 | |
4381 | - addr_param = (union sctp_addr_param *)hdr->params; |
4382 | - length = ntohs(addr_param->p.length); |
4383 | - if (length < sizeof(sctp_paramhdr_t)) |
4384 | - return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, |
4385 | - (void *)addr_param, commands); |
4386 | - |
4387 | /* Verify the ASCONF chunk before processing it. */ |
4388 | - if (!sctp_verify_asconf(asoc, |
4389 | - (sctp_paramhdr_t *)((void *)addr_param + length), |
4390 | - (void *)chunk->chunk_end, |
4391 | - &err_param)) |
4392 | + if (!sctp_verify_asconf(asoc, chunk, true, &err_param)) |
4393 | return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, |
4394 | (void *)err_param, commands); |
4395 | |
4396 | @@ -3748,10 +3740,7 @@ sctp_disposition_t sctp_sf_do_asconf_ack(struct net *net, |
4397 | rcvd_serial = ntohl(addip_hdr->serial); |
4398 | |
4399 | /* Verify the ASCONF-ACK chunk before processing it. */ |
4400 | - if (!sctp_verify_asconf(asoc, |
4401 | - (sctp_paramhdr_t *)addip_hdr->params, |
4402 | - (void *)asconf_ack->chunk_end, |
4403 | - &err_param)) |
4404 | + if (!sctp_verify_asconf(asoc, asconf_ack, false, &err_param)) |
4405 | return sctp_sf_violation_paramlen(net, ep, asoc, type, arg, |
4406 | (void *)err_param, commands); |
4407 | |
4408 | diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c |
4409 | index ebe91440a068..c89a5bf5c00e 100644 |
4410 | --- a/sound/usb/mixer_quirks.c |
4411 | +++ b/sound/usb/mixer_quirks.c |
4412 | @@ -799,6 +799,11 @@ static int snd_ftu_eff_switch_put(struct snd_kcontrol *kctl, |
4413 | return changed; |
4414 | } |
4415 | |
4416 | +static void kctl_private_value_free(struct snd_kcontrol *kctl) |
4417 | +{ |
4418 | + kfree((void *)kctl->private_value); |
4419 | +} |
4420 | + |
4421 | static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer, |
4422 | int validx, int bUnitID) |
4423 | { |
4424 | @@ -833,6 +838,7 @@ static int snd_ftu_create_effect_switch(struct usb_mixer_interface *mixer, |
4425 | return -ENOMEM; |
4426 | } |
4427 | |
4428 | + kctl->private_free = kctl_private_value_free; |
4429 | err = snd_ctl_add(mixer->chip->card, kctl); |
4430 | if (err < 0) |
4431 | return err; |