1 |
commit: 91096f1f9d194b12c50cdd353d1426538a0bd937 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 29 13:33:36 2018 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 29 13:33:36 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=91096f1f |
7 |
|
8 |
Linux patch 4.9.130 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1129_linux-4.9.130.patch | 1041 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1045 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index cf72302..776fab9 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -559,6 +559,10 @@ Patch: 1128_linux-4.9.129.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.129 |
23 |
|
24 |
+Patch: 1129_linux-4.9.130.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.130 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1129_linux-4.9.130.patch b/1129_linux-4.9.130.patch |
33 |
new file mode 100644 |
34 |
index 0000000..0ad7904 |
35 |
--- /dev/null |
36 |
+++ b/1129_linux-4.9.130.patch |
37 |
@@ -0,0 +1,1041 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 3f3c340374c5..b98e04a5e1e5 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 9 |
45 |
+-SUBLEVEL = 129 |
46 |
++SUBLEVEL = 130 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Roaring Lionus |
49 |
+ |
50 |
+diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c |
51 |
+index b9fc52556bcc..0b29a43e09c8 100644 |
52 |
+--- a/arch/x86/xen/pmu.c |
53 |
++++ b/arch/x86/xen/pmu.c |
54 |
+@@ -477,7 +477,7 @@ static void xen_convert_regs(const struct xen_pmu_regs *xen_regs, |
55 |
+ irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id) |
56 |
+ { |
57 |
+ int err, ret = IRQ_NONE; |
58 |
+- struct pt_regs regs; |
59 |
++ struct pt_regs regs = {0}; |
60 |
+ const struct xen_pmu_data *xenpmu_data = get_xenpmu_data(); |
61 |
+ uint8_t xenpmu_flags = get_xenpmu_flags(); |
62 |
+ |
63 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c |
64 |
+index 56c288f78d8a..5bfae1f972c7 100644 |
65 |
+--- a/drivers/gpu/drm/nouveau/nouveau_connector.c |
66 |
++++ b/drivers/gpu/drm/nouveau/nouveau_connector.c |
67 |
+@@ -271,12 +271,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) |
68 |
+ nv_connector->edid = NULL; |
69 |
+ } |
70 |
+ |
71 |
+- /* Outputs are only polled while runtime active, so acquiring a |
72 |
+- * runtime PM ref here is unnecessary (and would deadlock upon |
73 |
+- * runtime suspend because it waits for polling to finish). |
74 |
++ /* Outputs are only polled while runtime active, so resuming the |
75 |
++ * device here is unnecessary (and would deadlock upon runtime suspend |
76 |
++ * because it waits for polling to finish). We do however, want to |
77 |
++ * prevent the autosuspend timer from elapsing during this operation |
78 |
++ * if possible. |
79 |
+ */ |
80 |
+- if (!drm_kms_helper_is_poll_worker()) { |
81 |
+- ret = pm_runtime_get_sync(connector->dev->dev); |
82 |
++ if (drm_kms_helper_is_poll_worker()) { |
83 |
++ pm_runtime_get_noresume(dev->dev); |
84 |
++ } else { |
85 |
++ ret = pm_runtime_get_sync(dev->dev); |
86 |
+ if (ret < 0 && ret != -EACCES) |
87 |
+ return conn_status; |
88 |
+ } |
89 |
+@@ -354,10 +358,8 @@ detect_analog: |
90 |
+ |
91 |
+ out: |
92 |
+ |
93 |
+- if (!drm_kms_helper_is_poll_worker()) { |
94 |
+- pm_runtime_mark_last_busy(connector->dev->dev); |
95 |
+- pm_runtime_put_autosuspend(connector->dev->dev); |
96 |
+- } |
97 |
++ pm_runtime_mark_last_busy(dev->dev); |
98 |
++ pm_runtime_put_autosuspend(dev->dev); |
99 |
+ |
100 |
+ return conn_status; |
101 |
+ } |
102 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c |
103 |
+index 6526a3366087..3ddd4096da2a 100644 |
104 |
+--- a/drivers/gpu/drm/nouveau/nouveau_display.c |
105 |
++++ b/drivers/gpu/drm/nouveau/nouveau_display.c |
106 |
+@@ -367,8 +367,6 @@ nouveau_display_hpd_work(struct work_struct *work) |
107 |
+ pm_runtime_get_sync(drm->dev->dev); |
108 |
+ |
109 |
+ drm_helper_hpd_irq_event(drm->dev); |
110 |
+- /* enable polling for external displays */ |
111 |
+- drm_kms_helper_poll_enable(drm->dev); |
112 |
+ |
113 |
+ pm_runtime_mark_last_busy(drm->dev->dev); |
114 |
+ pm_runtime_put_sync(drm->dev->dev); |
115 |
+@@ -391,15 +389,29 @@ nouveau_display_acpi_ntfy(struct notifier_block *nb, unsigned long val, |
116 |
+ { |
117 |
+ struct nouveau_drm *drm = container_of(nb, typeof(*drm), acpi_nb); |
118 |
+ struct acpi_bus_event *info = data; |
119 |
++ int ret; |
120 |
+ |
121 |
+ if (!strcmp(info->device_class, ACPI_VIDEO_CLASS)) { |
122 |
+ if (info->type == ACPI_VIDEO_NOTIFY_PROBE) { |
123 |
+- /* |
124 |
+- * This may be the only indication we receive of a |
125 |
+- * connector hotplug on a runtime suspended GPU, |
126 |
+- * schedule hpd_work to check. |
127 |
+- */ |
128 |
+- schedule_work(&drm->hpd_work); |
129 |
++ ret = pm_runtime_get(drm->dev->dev); |
130 |
++ if (ret == 1 || ret == -EACCES) { |
131 |
++ /* If the GPU is already awake, or in a state |
132 |
++ * where we can't wake it up, it can handle |
133 |
++ * it's own hotplug events. |
134 |
++ */ |
135 |
++ pm_runtime_put_autosuspend(drm->dev->dev); |
136 |
++ } else if (ret == 0) { |
137 |
++ /* This may be the only indication we receive |
138 |
++ * of a connector hotplug on a runtime |
139 |
++ * suspended GPU, schedule hpd_work to check. |
140 |
++ */ |
141 |
++ NV_DEBUG(drm, "ACPI requested connector reprobe\n"); |
142 |
++ schedule_work(&drm->hpd_work); |
143 |
++ pm_runtime_put_noidle(drm->dev->dev); |
144 |
++ } else { |
145 |
++ NV_WARN(drm, "Dropped ACPI reprobe event due to RPM error: %d\n", |
146 |
++ ret); |
147 |
++ } |
148 |
+ |
149 |
+ /* acpi-video should not generate keypresses for this */ |
150 |
+ return NOTIFY_BAD; |
151 |
+@@ -422,6 +434,11 @@ nouveau_display_init(struct drm_device *dev) |
152 |
+ if (ret) |
153 |
+ return ret; |
154 |
+ |
155 |
++ /* enable connector detection and polling for connectors without HPD |
156 |
++ * support |
157 |
++ */ |
158 |
++ drm_kms_helper_poll_enable(dev); |
159 |
++ |
160 |
+ /* enable hotplug interrupts */ |
161 |
+ list_for_each_entry(connector, &dev->mode_config.connector_list, head) { |
162 |
+ struct nouveau_connector *conn = nouveau_connector(connector); |
163 |
+diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c |
164 |
+index f8c9f6f4f822..a2d8630058ed 100644 |
165 |
+--- a/drivers/gpu/drm/vc4/vc4_plane.c |
166 |
++++ b/drivers/gpu/drm/vc4/vc4_plane.c |
167 |
+@@ -327,6 +327,9 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) |
168 |
+ vc4_state->y_scaling[0] = vc4_get_scaling_mode(vc4_state->src_h[0], |
169 |
+ vc4_state->crtc_h); |
170 |
+ |
171 |
++ vc4_state->is_unity = (vc4_state->x_scaling[0] == VC4_SCALING_NONE && |
172 |
++ vc4_state->y_scaling[0] == VC4_SCALING_NONE); |
173 |
++ |
174 |
+ if (num_planes > 1) { |
175 |
+ vc4_state->is_yuv = true; |
176 |
+ |
177 |
+@@ -342,24 +345,17 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) |
178 |
+ vc4_get_scaling_mode(vc4_state->src_h[1], |
179 |
+ vc4_state->crtc_h); |
180 |
+ |
181 |
+- /* YUV conversion requires that scaling be enabled, |
182 |
+- * even on a plane that's otherwise 1:1. Choose TPZ |
183 |
+- * for simplicity. |
184 |
++ /* YUV conversion requires that horizontal scaling be enabled, |
185 |
++ * even on a plane that's otherwise 1:1. Looks like only PPF |
186 |
++ * works in that case, so let's pick that one. |
187 |
+ */ |
188 |
+- if (vc4_state->x_scaling[0] == VC4_SCALING_NONE) |
189 |
+- vc4_state->x_scaling[0] = VC4_SCALING_TPZ; |
190 |
+- if (vc4_state->y_scaling[0] == VC4_SCALING_NONE) |
191 |
+- vc4_state->y_scaling[0] = VC4_SCALING_TPZ; |
192 |
++ if (vc4_state->is_unity) |
193 |
++ vc4_state->x_scaling[0] = VC4_SCALING_PPF; |
194 |
+ } else { |
195 |
+ vc4_state->x_scaling[1] = VC4_SCALING_NONE; |
196 |
+ vc4_state->y_scaling[1] = VC4_SCALING_NONE; |
197 |
+ } |
198 |
+ |
199 |
+- vc4_state->is_unity = (vc4_state->x_scaling[0] == VC4_SCALING_NONE && |
200 |
+- vc4_state->y_scaling[0] == VC4_SCALING_NONE && |
201 |
+- vc4_state->x_scaling[1] == VC4_SCALING_NONE && |
202 |
+- vc4_state->y_scaling[1] == VC4_SCALING_NONE); |
203 |
+- |
204 |
+ /* No configuring scaling on the cursor plane, since it gets |
205 |
+ non-vblank-synced updates, and scaling requires requires |
206 |
+ LBM changes which have to be vblank-synced. |
207 |
+@@ -614,7 +610,10 @@ static int vc4_plane_mode_set(struct drm_plane *plane, |
208 |
+ vc4_dlist_write(vc4_state, SCALER_CSC2_ITR_R_601_5); |
209 |
+ } |
210 |
+ |
211 |
+- if (!vc4_state->is_unity) { |
212 |
++ if (vc4_state->x_scaling[0] != VC4_SCALING_NONE || |
213 |
++ vc4_state->x_scaling[1] != VC4_SCALING_NONE || |
214 |
++ vc4_state->y_scaling[0] != VC4_SCALING_NONE || |
215 |
++ vc4_state->y_scaling[1] != VC4_SCALING_NONE) { |
216 |
+ /* LBM Base Address. */ |
217 |
+ if (vc4_state->y_scaling[0] != VC4_SCALING_NONE || |
218 |
+ vc4_state->y_scaling[1] != VC4_SCALING_NONE) { |
219 |
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
220 |
+index 7944a1f589eb..2248b330c047 100644 |
221 |
+--- a/drivers/hid/hid-core.c |
222 |
++++ b/drivers/hid/hid-core.c |
223 |
+@@ -2059,6 +2059,9 @@ static const struct hid_device_id hid_have_special_driver[] = { |
224 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS3_CONTROLLER) }, |
225 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER) }, |
226 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER) }, |
227 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2) }, |
228 |
++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2) }, |
229 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE) }, |
230 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE) }, |
231 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE) }, |
232 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SINO_LITE, USB_DEVICE_ID_SINO_LITE_CONTROLLER) }, |
233 |
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
234 |
+index 019ee9181f2b..de64cd33590a 100644 |
235 |
+--- a/drivers/hid/hid-ids.h |
236 |
++++ b/drivers/hid/hid-ids.h |
237 |
+@@ -927,6 +927,8 @@ |
238 |
+ #define USB_DEVICE_ID_SONY_PS3_BDREMOTE 0x0306 |
239 |
+ #define USB_DEVICE_ID_SONY_PS3_CONTROLLER 0x0268 |
240 |
+ #define USB_DEVICE_ID_SONY_PS4_CONTROLLER 0x05c4 |
241 |
++#define USB_DEVICE_ID_SONY_PS4_CONTROLLER_2 0x09cc |
242 |
++#define USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE 0x0ba0 |
243 |
+ #define USB_DEVICE_ID_SONY_MOTION_CONTROLLER 0x03d5 |
244 |
+ #define USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER 0x042f |
245 |
+ #define USB_DEVICE_ID_SONY_BUZZ_CONTROLLER 0x0002 |
246 |
+diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c |
247 |
+index 1b1dccd37fbd..eee58d15e745 100644 |
248 |
+--- a/drivers/hid/hid-sony.c |
249 |
++++ b/drivers/hid/hid-sony.c |
250 |
+@@ -2581,6 +2581,12 @@ static const struct hid_device_id sony_devices[] = { |
251 |
+ .driver_data = DUALSHOCK4_CONTROLLER_USB }, |
252 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER), |
253 |
+ .driver_data = DUALSHOCK4_CONTROLLER_BT }, |
254 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2), |
255 |
++ .driver_data = DUALSHOCK4_CONTROLLER_USB }, |
256 |
++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2), |
257 |
++ .driver_data = DUALSHOCK4_CONTROLLER_BT }, |
258 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE), |
259 |
++ .driver_data = DUALSHOCK4_CONTROLLER_USB }, |
260 |
+ /* Nyko Core Controller for PS3 */ |
261 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SINO_LITE, USB_DEVICE_ID_SINO_LITE_CONTROLLER), |
262 |
+ .driver_data = SIXAXIS_CONTROLLER_USB | SINO_LITE_CONTROLLER }, |
263 |
+diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c |
264 |
+index cc2243f6cc7f..bb45eb22ba1f 100644 |
265 |
+--- a/drivers/infiniband/hw/cxgb4/qp.c |
266 |
++++ b/drivers/infiniband/hw/cxgb4/qp.c |
267 |
+@@ -1258,6 +1258,12 @@ static void flush_qp(struct c4iw_qp *qhp) |
268 |
+ |
269 |
+ t4_set_wq_in_error(&qhp->wq); |
270 |
+ if (qhp->ibqp.uobject) { |
271 |
++ |
272 |
++ /* for user qps, qhp->wq.flushed is protected by qhp->mutex */ |
273 |
++ if (qhp->wq.flushed) |
274 |
++ return; |
275 |
++ |
276 |
++ qhp->wq.flushed = 1; |
277 |
+ t4_set_cq_in_error(&rchp->cq); |
278 |
+ spin_lock_irqsave(&rchp->comp_handler_lock, flag); |
279 |
+ (*rchp->ibcq.comp_handler)(&rchp->ibcq, rchp->ibcq.cq_context); |
280 |
+diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c |
281 |
+index 518e2dec2aa2..5e9122cd3898 100644 |
282 |
+--- a/drivers/misc/vmw_balloon.c |
283 |
++++ b/drivers/misc/vmw_balloon.c |
284 |
+@@ -45,6 +45,7 @@ |
285 |
+ #include <linux/seq_file.h> |
286 |
+ #include <linux/vmw_vmci_defs.h> |
287 |
+ #include <linux/vmw_vmci_api.h> |
288 |
++#include <linux/io.h> |
289 |
+ #include <asm/hypervisor.h> |
290 |
+ |
291 |
+ MODULE_AUTHOR("VMware, Inc."); |
292 |
+diff --git a/drivers/net/appletalk/ipddp.c b/drivers/net/appletalk/ipddp.c |
293 |
+index 2e4649655181..4e98e5aff7c5 100644 |
294 |
+--- a/drivers/net/appletalk/ipddp.c |
295 |
++++ b/drivers/net/appletalk/ipddp.c |
296 |
+@@ -284,8 +284,12 @@ static int ipddp_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
297 |
+ case SIOCFINDIPDDPRT: |
298 |
+ spin_lock_bh(&ipddp_route_lock); |
299 |
+ rp = __ipddp_find_route(&rcp); |
300 |
+- if (rp) |
301 |
+- memcpy(&rcp2, rp, sizeof(rcp2)); |
302 |
++ if (rp) { |
303 |
++ memset(&rcp2, 0, sizeof(rcp2)); |
304 |
++ rcp2.ip = rp->ip; |
305 |
++ rcp2.at = rp->at; |
306 |
++ rcp2.flags = rp->flags; |
307 |
++ } |
308 |
+ spin_unlock_bh(&ipddp_route_lock); |
309 |
+ |
310 |
+ if (rp) { |
311 |
+diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c |
312 |
+index 631dbc7b4dbb..0988bf1a43c0 100644 |
313 |
+--- a/drivers/net/ethernet/hp/hp100.c |
314 |
++++ b/drivers/net/ethernet/hp/hp100.c |
315 |
+@@ -2636,7 +2636,7 @@ static int hp100_login_to_vg_hub(struct net_device *dev, u_short force_relogin) |
316 |
+ /* Wait for link to drop */ |
317 |
+ time = jiffies + (HZ / 10); |
318 |
+ do { |
319 |
+- if (~(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST)) |
320 |
++ if (!(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST)) |
321 |
+ break; |
322 |
+ if (!in_interrupt()) |
323 |
+ schedule_timeout_interruptible(1); |
324 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
325 |
+index 7f6af10f09ee..3c1adb38412b 100644 |
326 |
+--- a/drivers/net/xen-netfront.c |
327 |
++++ b/drivers/net/xen-netfront.c |
328 |
+@@ -906,7 +906,11 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, |
329 |
+ BUG_ON(pull_to <= skb_headlen(skb)); |
330 |
+ __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); |
331 |
+ } |
332 |
+- BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS); |
333 |
++ if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { |
334 |
++ queue->rx.rsp_cons = ++cons; |
335 |
++ kfree_skb(nskb); |
336 |
++ return ~0U; |
337 |
++ } |
338 |
+ |
339 |
+ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, |
340 |
+ skb_frag_page(nfrag), |
341 |
+@@ -1043,6 +1047,8 @@ err: |
342 |
+ skb->len += rx->status; |
343 |
+ |
344 |
+ i = xennet_fill_frags(queue, skb, &tmpq); |
345 |
++ if (unlikely(i == ~0U)) |
346 |
++ goto err; |
347 |
+ |
348 |
+ if (rx->flags & XEN_NETRXF_csum_blank) |
349 |
+ skb->ip_summed = CHECKSUM_PARTIAL; |
350 |
+diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c |
351 |
+index 11bad826683e..1dbd09c91a7c 100644 |
352 |
+--- a/drivers/pci/host/pci-aardvark.c |
353 |
++++ b/drivers/pci/host/pci-aardvark.c |
354 |
+@@ -976,6 +976,7 @@ static int advk_pcie_probe(struct platform_device *pdev) |
355 |
+ return -ENOMEM; |
356 |
+ } |
357 |
+ |
358 |
++ pci_bus_size_bridges(bus); |
359 |
+ pci_bus_assign_resources(bus); |
360 |
+ |
361 |
+ list_for_each_entry(child, &bus->children, node) |
362 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
363 |
+index a05d143ac43b..c7a695c2303a 100644 |
364 |
+--- a/drivers/pci/quirks.c |
365 |
++++ b/drivers/pci/quirks.c |
366 |
+@@ -4236,11 +4236,6 @@ static int pci_quirk_qcom_rp_acs(struct pci_dev *dev, u16 acs_flags) |
367 |
+ * |
368 |
+ * 0x9d10-0x9d1b PCI Express Root port #{1-12} |
369 |
+ * |
370 |
+- * The 300 series chipset suffers from the same bug so include those root |
371 |
+- * ports here as well. |
372 |
+- * |
373 |
+- * 0xa32c-0xa343 PCI Express Root port #{0-24} |
374 |
+- * |
375 |
+ * [1] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-2.html |
376 |
+ * [2] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-1.html |
377 |
+ * [3] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-spec-update.html |
378 |
+@@ -4258,7 +4253,6 @@ static bool pci_quirk_intel_spt_pch_acs_match(struct pci_dev *dev) |
379 |
+ case 0xa110 ... 0xa11f: case 0xa167 ... 0xa16a: /* Sunrise Point */ |
380 |
+ case 0xa290 ... 0xa29f: case 0xa2e7 ... 0xa2ee: /* Union Point */ |
381 |
+ case 0x9d10 ... 0x9d1b: /* 7th & 8th Gen Mobile */ |
382 |
+- case 0xa32c ... 0xa343: /* 300 series */ |
383 |
+ return true; |
384 |
+ } |
385 |
+ |
386 |
+diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c |
387 |
+index 005629447b0c..fe419935041c 100644 |
388 |
+--- a/drivers/platform/x86/alienware-wmi.c |
389 |
++++ b/drivers/platform/x86/alienware-wmi.c |
390 |
+@@ -518,6 +518,7 @@ static acpi_status alienware_wmax_command(struct wmax_basic_args *in_args, |
391 |
+ if (obj && obj->type == ACPI_TYPE_INTEGER) |
392 |
+ *out_data = (u32) obj->integer.value; |
393 |
+ } |
394 |
++ kfree(output.pointer); |
395 |
+ return status; |
396 |
+ |
397 |
+ } |
398 |
+diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c |
399 |
+index 98f75e5811c8..f06e74ea10d3 100644 |
400 |
+--- a/drivers/target/iscsi/iscsi_target_auth.c |
401 |
++++ b/drivers/target/iscsi/iscsi_target_auth.c |
402 |
+@@ -26,18 +26,6 @@ |
403 |
+ #include "iscsi_target_nego.h" |
404 |
+ #include "iscsi_target_auth.h" |
405 |
+ |
406 |
+-static int chap_string_to_hex(unsigned char *dst, unsigned char *src, int len) |
407 |
+-{ |
408 |
+- int j = DIV_ROUND_UP(len, 2), rc; |
409 |
+- |
410 |
+- rc = hex2bin(dst, src, j); |
411 |
+- if (rc < 0) |
412 |
+- pr_debug("CHAP string contains non hex digit symbols\n"); |
413 |
+- |
414 |
+- dst[j] = '\0'; |
415 |
+- return j; |
416 |
+-} |
417 |
+- |
418 |
+ static void chap_binaryhex_to_asciihex(char *dst, char *src, int src_len) |
419 |
+ { |
420 |
+ int i; |
421 |
+@@ -240,9 +228,16 @@ static int chap_server_compute_md5( |
422 |
+ pr_err("Could not find CHAP_R.\n"); |
423 |
+ goto out; |
424 |
+ } |
425 |
++ if (strlen(chap_r) != MD5_SIGNATURE_SIZE * 2) { |
426 |
++ pr_err("Malformed CHAP_R\n"); |
427 |
++ goto out; |
428 |
++ } |
429 |
++ if (hex2bin(client_digest, chap_r, MD5_SIGNATURE_SIZE) < 0) { |
430 |
++ pr_err("Malformed CHAP_R\n"); |
431 |
++ goto out; |
432 |
++ } |
433 |
+ |
434 |
+ pr_debug("[server] Got CHAP_R=%s\n", chap_r); |
435 |
+- chap_string_to_hex(client_digest, chap_r, strlen(chap_r)); |
436 |
+ |
437 |
+ tfm = crypto_alloc_shash("md5", 0, 0); |
438 |
+ if (IS_ERR(tfm)) { |
439 |
+@@ -341,9 +336,7 @@ static int chap_server_compute_md5( |
440 |
+ pr_err("Could not find CHAP_C.\n"); |
441 |
+ goto out; |
442 |
+ } |
443 |
+- pr_debug("[server] Got CHAP_C=%s\n", challenge); |
444 |
+- challenge_len = chap_string_to_hex(challenge_binhex, challenge, |
445 |
+- strlen(challenge)); |
446 |
++ challenge_len = DIV_ROUND_UP(strlen(challenge), 2); |
447 |
+ if (!challenge_len) { |
448 |
+ pr_err("Unable to convert incoming challenge\n"); |
449 |
+ goto out; |
450 |
+@@ -352,6 +345,11 @@ static int chap_server_compute_md5( |
451 |
+ pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); |
452 |
+ goto out; |
453 |
+ } |
454 |
++ if (hex2bin(challenge_binhex, challenge, challenge_len) < 0) { |
455 |
++ pr_err("Malformed CHAP_C\n"); |
456 |
++ goto out; |
457 |
++ } |
458 |
++ pr_debug("[server] Got CHAP_C=%s\n", challenge); |
459 |
+ /* |
460 |
+ * During mutual authentication, the CHAP_C generated by the |
461 |
+ * initiator must not match the original CHAP_C generated by |
462 |
+diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c |
463 |
+index f62c598810ff..638eb9bbd59f 100644 |
464 |
+--- a/drivers/tty/vt/vt_ioctl.c |
465 |
++++ b/drivers/tty/vt/vt_ioctl.c |
466 |
+@@ -31,6 +31,8 @@ |
467 |
+ #include <asm/io.h> |
468 |
+ #include <asm/uaccess.h> |
469 |
+ |
470 |
++#include <linux/nospec.h> |
471 |
++ |
472 |
+ #include <linux/kbd_kern.h> |
473 |
+ #include <linux/vt_kern.h> |
474 |
+ #include <linux/kbd_diacr.h> |
475 |
+@@ -703,6 +705,8 @@ int vt_ioctl(struct tty_struct *tty, |
476 |
+ if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) |
477 |
+ ret = -ENXIO; |
478 |
+ else { |
479 |
++ vsa.console = array_index_nospec(vsa.console, |
480 |
++ MAX_NR_CONSOLES + 1); |
481 |
+ vsa.console--; |
482 |
+ console_lock(); |
483 |
+ ret = vc_allocate(vsa.console); |
484 |
+diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c |
485 |
+index e8b365000d73..e16bc4cec62e 100644 |
486 |
+--- a/fs/ext4/dir.c |
487 |
++++ b/fs/ext4/dir.c |
488 |
+@@ -74,7 +74,7 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, |
489 |
+ else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len))) |
490 |
+ error_msg = "rec_len is too small for name_len"; |
491 |
+ else if (unlikely(((char *) de - buf) + rlen > size)) |
492 |
+- error_msg = "directory entry across range"; |
493 |
++ error_msg = "directory entry overrun"; |
494 |
+ else if (unlikely(le32_to_cpu(de->inode) > |
495 |
+ le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) |
496 |
+ error_msg = "inode out of bounds"; |
497 |
+@@ -83,18 +83,16 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, |
498 |
+ |
499 |
+ if (filp) |
500 |
+ ext4_error_file(filp, function, line, bh->b_blocknr, |
501 |
+- "bad entry in directory: %s - offset=%u(%u), " |
502 |
+- "inode=%u, rec_len=%d, name_len=%d", |
503 |
+- error_msg, (unsigned) (offset % size), |
504 |
+- offset, le32_to_cpu(de->inode), |
505 |
+- rlen, de->name_len); |
506 |
++ "bad entry in directory: %s - offset=%u, " |
507 |
++ "inode=%u, rec_len=%d, name_len=%d, size=%d", |
508 |
++ error_msg, offset, le32_to_cpu(de->inode), |
509 |
++ rlen, de->name_len, size); |
510 |
+ else |
511 |
+ ext4_error_inode(dir, function, line, bh->b_blocknr, |
512 |
+- "bad entry in directory: %s - offset=%u(%u), " |
513 |
+- "inode=%u, rec_len=%d, name_len=%d", |
514 |
+- error_msg, (unsigned) (offset % size), |
515 |
+- offset, le32_to_cpu(de->inode), |
516 |
+- rlen, de->name_len); |
517 |
++ "bad entry in directory: %s - offset=%u, " |
518 |
++ "inode=%u, rec_len=%d, name_len=%d, size=%d", |
519 |
++ error_msg, offset, le32_to_cpu(de->inode), |
520 |
++ rlen, de->name_len, size); |
521 |
+ |
522 |
+ return 1; |
523 |
+ } |
524 |
+diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
525 |
+index 436baf7cdca3..211539a7adfc 100644 |
526 |
+--- a/fs/ext4/inline.c |
527 |
++++ b/fs/ext4/inline.c |
528 |
+@@ -1754,6 +1754,7 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) |
529 |
+ { |
530 |
+ int err, inline_size; |
531 |
+ struct ext4_iloc iloc; |
532 |
++ size_t inline_len; |
533 |
+ void *inline_pos; |
534 |
+ unsigned int offset; |
535 |
+ struct ext4_dir_entry_2 *de; |
536 |
+@@ -1781,8 +1782,9 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data) |
537 |
+ goto out; |
538 |
+ } |
539 |
+ |
540 |
++ inline_len = ext4_get_inline_size(dir); |
541 |
+ offset = EXT4_INLINE_DOTDOT_SIZE; |
542 |
+- while (offset < dir->i_size) { |
543 |
++ while (offset < inline_len) { |
544 |
+ de = ext4_get_inline_entry(dir, &iloc, offset, |
545 |
+ &inline_pos, &inline_size); |
546 |
+ if (ext4_check_dir_entry(dir, NULL, de, |
547 |
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c |
548 |
+index d89754ef1aab..c2e830a6206d 100644 |
549 |
+--- a/fs/ext4/mmp.c |
550 |
++++ b/fs/ext4/mmp.c |
551 |
+@@ -48,7 +48,6 @@ static int write_mmp_block(struct super_block *sb, struct buffer_head *bh) |
552 |
+ */ |
553 |
+ sb_start_write(sb); |
554 |
+ ext4_mmp_csum_set(sb, mmp); |
555 |
+- mark_buffer_dirty(bh); |
556 |
+ lock_buffer(bh); |
557 |
+ bh->b_end_io = end_buffer_write_sync; |
558 |
+ get_bh(bh); |
559 |
+diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c |
560 |
+index a225a21d04ad..bc727c393a89 100644 |
561 |
+--- a/fs/ext4/namei.c |
562 |
++++ b/fs/ext4/namei.c |
563 |
+@@ -3527,6 +3527,12 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry, |
564 |
+ int credits; |
565 |
+ u8 old_file_type; |
566 |
+ |
567 |
++ if (new.inode && new.inode->i_nlink == 0) { |
568 |
++ EXT4_ERROR_INODE(new.inode, |
569 |
++ "target of rename is already freed"); |
570 |
++ return -EFSCORRUPTED; |
571 |
++ } |
572 |
++ |
573 |
+ if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT)) && |
574 |
+ (!projid_eq(EXT4_I(new_dir)->i_projid, |
575 |
+ EXT4_I(old_dentry->d_inode)->i_projid))) |
576 |
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c |
577 |
+index eb720d9e2953..1da301ee78ce 100644 |
578 |
+--- a/fs/ext4/resize.c |
579 |
++++ b/fs/ext4/resize.c |
580 |
+@@ -18,6 +18,7 @@ |
581 |
+ |
582 |
+ int ext4_resize_begin(struct super_block *sb) |
583 |
+ { |
584 |
++ struct ext4_sb_info *sbi = EXT4_SB(sb); |
585 |
+ int ret = 0; |
586 |
+ |
587 |
+ if (!capable(CAP_SYS_RESOURCE)) |
588 |
+@@ -28,7 +29,7 @@ int ext4_resize_begin(struct super_block *sb) |
589 |
+ * because the user tools have no way of handling this. Probably a |
590 |
+ * bad time to do it anyways. |
591 |
+ */ |
592 |
+- if (EXT4_SB(sb)->s_sbh->b_blocknr != |
593 |
++ if (EXT4_B2C(sbi, sbi->s_sbh->b_blocknr) != |
594 |
+ le32_to_cpu(EXT4_SB(sb)->s_es->s_first_data_block)) { |
595 |
+ ext4_warning(sb, "won't resize using backup superblock at %llu", |
596 |
+ (unsigned long long)EXT4_SB(sb)->s_sbh->b_blocknr); |
597 |
+@@ -1954,6 +1955,26 @@ retry: |
598 |
+ } |
599 |
+ } |
600 |
+ |
601 |
++ /* |
602 |
++ * Make sure the last group has enough space so that it's |
603 |
++ * guaranteed to have enough space for all metadata blocks |
604 |
++ * that it might need to hold. (We might not need to store |
605 |
++ * the inode table blocks in the last block group, but there |
606 |
++ * will be cases where this might be needed.) |
607 |
++ */ |
608 |
++ if ((ext4_group_first_block_no(sb, n_group) + |
609 |
++ ext4_group_overhead_blocks(sb, n_group) + 2 + |
610 |
++ sbi->s_itb_per_group + sbi->s_cluster_ratio) >= n_blocks_count) { |
611 |
++ n_blocks_count = ext4_group_first_block_no(sb, n_group); |
612 |
++ n_group--; |
613 |
++ n_blocks_count_retry = 0; |
614 |
++ if (resize_inode) { |
615 |
++ iput(resize_inode); |
616 |
++ resize_inode = NULL; |
617 |
++ } |
618 |
++ goto retry; |
619 |
++ } |
620 |
++ |
621 |
+ /* extend the last group */ |
622 |
+ if (n_group == o_group) |
623 |
+ add = n_blocks_count - o_blocks_count; |
624 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
625 |
+index 9d44b3683b46..f88d4804c3a8 100644 |
626 |
+--- a/fs/ext4/super.c |
627 |
++++ b/fs/ext4/super.c |
628 |
+@@ -2015,6 +2015,8 @@ static int _ext4_show_options(struct seq_file *seq, struct super_block *sb, |
629 |
+ SEQ_OPTS_PRINT("max_dir_size_kb=%u", sbi->s_max_dir_size_kb); |
630 |
+ if (test_opt(sb, DATA_ERR_ABORT)) |
631 |
+ SEQ_OPTS_PUTS("data_err=abort"); |
632 |
++ if (DUMMY_ENCRYPTION_ENABLED(sbi)) |
633 |
++ SEQ_OPTS_PUTS("test_dummy_encryption"); |
634 |
+ |
635 |
+ ext4_show_quota_options(seq, sb); |
636 |
+ return 0; |
637 |
+@@ -4187,11 +4189,13 @@ no_journal: |
638 |
+ block = ext4_count_free_clusters(sb); |
639 |
+ ext4_free_blocks_count_set(sbi->s_es, |
640 |
+ EXT4_C2B(sbi, block)); |
641 |
++ ext4_superblock_csum_set(sb); |
642 |
+ err = percpu_counter_init(&sbi->s_freeclusters_counter, block, |
643 |
+ GFP_KERNEL); |
644 |
+ if (!err) { |
645 |
+ unsigned long freei = ext4_count_free_inodes(sb); |
646 |
+ sbi->s_es->s_free_inodes_count = cpu_to_le32(freei); |
647 |
++ ext4_superblock_csum_set(sb); |
648 |
+ err = percpu_counter_init(&sbi->s_freeinodes_counter, freei, |
649 |
+ GFP_KERNEL); |
650 |
+ } |
651 |
+diff --git a/fs/ocfs2/buffer_head_io.c b/fs/ocfs2/buffer_head_io.c |
652 |
+index 8f040f88ade4..25c8b328c43d 100644 |
653 |
+--- a/fs/ocfs2/buffer_head_io.c |
654 |
++++ b/fs/ocfs2/buffer_head_io.c |
655 |
+@@ -341,6 +341,7 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr, |
656 |
+ * for this bh as it's not marked locally |
657 |
+ * uptodate. */ |
658 |
+ status = -EIO; |
659 |
++ clear_buffer_needs_validate(bh); |
660 |
+ put_bh(bh); |
661 |
+ bhs[i] = NULL; |
662 |
+ continue; |
663 |
+diff --git a/include/net/nfc/hci.h b/include/net/nfc/hci.h |
664 |
+index 316694dafa5b..008f466d1da7 100644 |
665 |
+--- a/include/net/nfc/hci.h |
666 |
++++ b/include/net/nfc/hci.h |
667 |
+@@ -87,7 +87,7 @@ struct nfc_hci_pipe { |
668 |
+ * According to specification 102 622 chapter 4.4 Pipes, |
669 |
+ * the pipe identifier is 7 bits long. |
670 |
+ */ |
671 |
+-#define NFC_HCI_MAX_PIPES 127 |
672 |
++#define NFC_HCI_MAX_PIPES 128 |
673 |
+ struct nfc_hci_init_data { |
674 |
+ u8 gate_count; |
675 |
+ struct nfc_hci_gate gates[NFC_HCI_MAX_CUSTOM_GATES]; |
676 |
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
677 |
+index f6e8727f7fa3..f81adb476c03 100644 |
678 |
+--- a/kernel/sched/fair.c |
679 |
++++ b/kernel/sched/fair.c |
680 |
+@@ -8639,7 +8639,8 @@ static inline bool vruntime_normalized(struct task_struct *p) |
681 |
+ * - A task which has been woken up by try_to_wake_up() and |
682 |
+ * waiting for actually being woken up by sched_ttwu_pending(). |
683 |
+ */ |
684 |
+- if (!se->sum_exec_runtime || p->state == TASK_WAKING) |
685 |
++ if (!se->sum_exec_runtime || |
686 |
++ (p->state == TASK_WAKING && p->sched_remote_wakeup)) |
687 |
+ return true; |
688 |
+ |
689 |
+ return false; |
690 |
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
691 |
+index dc29b600d2cb..f316e90ad538 100644 |
692 |
+--- a/kernel/trace/ring_buffer.c |
693 |
++++ b/kernel/trace/ring_buffer.c |
694 |
+@@ -1504,6 +1504,8 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages) |
695 |
+ tmp_iter_page = first_page; |
696 |
+ |
697 |
+ do { |
698 |
++ cond_resched(); |
699 |
++ |
700 |
+ to_remove_page = tmp_iter_page; |
701 |
+ rb_inc_page(cpu_buffer, &tmp_iter_page); |
702 |
+ |
703 |
+diff --git a/mm/shmem.c b/mm/shmem.c |
704 |
+index 42ca5df2c0e3..4b5cca167baf 100644 |
705 |
+--- a/mm/shmem.c |
706 |
++++ b/mm/shmem.c |
707 |
+@@ -2160,6 +2160,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode |
708 |
+ mpol_shared_policy_init(&info->policy, NULL); |
709 |
+ break; |
710 |
+ } |
711 |
++ |
712 |
++ lockdep_annotate_inode_mutex_key(inode); |
713 |
+ } else |
714 |
+ shmem_free_inode(sb); |
715 |
+ return inode; |
716 |
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c |
717 |
+index 128c811dcb1a..8eb1916b742c 100644 |
718 |
+--- a/net/core/neighbour.c |
719 |
++++ b/net/core/neighbour.c |
720 |
+@@ -1138,6 +1138,12 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, |
721 |
+ lladdr = neigh->ha; |
722 |
+ } |
723 |
+ |
724 |
++ /* Update confirmed timestamp for neighbour entry after we |
725 |
++ * received ARP packet even if it doesn't change IP to MAC binding. |
726 |
++ */ |
727 |
++ if (new & NUD_CONNECTED) |
728 |
++ neigh->confirmed = jiffies; |
729 |
++ |
730 |
+ /* If entry was valid and address is not changed, |
731 |
+ do not change entry state, if new one is STALE. |
732 |
+ */ |
733 |
+@@ -1159,15 +1165,12 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, |
734 |
+ } |
735 |
+ } |
736 |
+ |
737 |
+- /* Update timestamps only once we know we will make a change to the |
738 |
++ /* Update timestamp only once we know we will make a change to the |
739 |
+ * neighbour entry. Otherwise we risk to move the locktime window with |
740 |
+ * noop updates and ignore relevant ARP updates. |
741 |
+ */ |
742 |
+- if (new != old || lladdr != neigh->ha) { |
743 |
+- if (new & NUD_CONNECTED) |
744 |
+- neigh->confirmed = jiffies; |
745 |
++ if (new != old || lladdr != neigh->ha) |
746 |
+ neigh->updated = jiffies; |
747 |
+- } |
748 |
+ |
749 |
+ if (new != old) { |
750 |
+ neigh_del_timer(neigh); |
751 |
+diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
752 |
+index b5116ec31757..689246d079ad 100644 |
753 |
+--- a/net/ipv4/af_inet.c |
754 |
++++ b/net/ipv4/af_inet.c |
755 |
+@@ -1277,6 +1277,7 @@ struct sk_buff *inet_gso_segment(struct sk_buff *skb, |
756 |
+ if (encap) |
757 |
+ skb_reset_inner_headers(skb); |
758 |
+ skb->network_header = (u8 *)iph - skb->head; |
759 |
++ skb_reset_mac_len(skb); |
760 |
+ } while ((skb = skb->next)); |
761 |
+ |
762 |
+ out: |
763 |
+diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c |
764 |
+index aa2a20e918fd..b9b2a9828d98 100644 |
765 |
+--- a/net/ipv4/udp.c |
766 |
++++ b/net/ipv4/udp.c |
767 |
+@@ -1730,6 +1730,28 @@ static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh, |
768 |
+ inet_compute_pseudo); |
769 |
+ } |
770 |
+ |
771 |
++/* wrapper for udp_queue_rcv_skb tacking care of csum conversion and |
772 |
++ * return code conversion for ip layer consumption |
773 |
++ */ |
774 |
++static int udp_unicast_rcv_skb(struct sock *sk, struct sk_buff *skb, |
775 |
++ struct udphdr *uh) |
776 |
++{ |
777 |
++ int ret; |
778 |
++ |
779 |
++ if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk)) |
780 |
++ skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check, |
781 |
++ inet_compute_pseudo); |
782 |
++ |
783 |
++ ret = udp_queue_rcv_skb(sk, skb); |
784 |
++ |
785 |
++ /* a return value > 0 means to resubmit the input, but |
786 |
++ * it wants the return to be -protocol, or 0 |
787 |
++ */ |
788 |
++ if (ret > 0) |
789 |
++ return -ret; |
790 |
++ return 0; |
791 |
++} |
792 |
++ |
793 |
+ /* |
794 |
+ * All we need to do is get the socket, and then do a checksum. |
795 |
+ */ |
796 |
+@@ -1776,14 +1798,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, |
797 |
+ if (unlikely(sk->sk_rx_dst != dst)) |
798 |
+ udp_sk_rx_dst_set(sk, dst); |
799 |
+ |
800 |
+- ret = udp_queue_rcv_skb(sk, skb); |
801 |
++ ret = udp_unicast_rcv_skb(sk, skb, uh); |
802 |
+ sock_put(sk); |
803 |
+- /* a return value > 0 means to resubmit the input, but |
804 |
+- * it wants the return to be -protocol, or 0 |
805 |
+- */ |
806 |
+- if (ret > 0) |
807 |
+- return -ret; |
808 |
+- return 0; |
809 |
++ return ret; |
810 |
+ } |
811 |
+ |
812 |
+ if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) |
813 |
+@@ -1791,22 +1808,8 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, |
814 |
+ saddr, daddr, udptable, proto); |
815 |
+ |
816 |
+ sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable); |
817 |
+- if (sk) { |
818 |
+- int ret; |
819 |
+- |
820 |
+- if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk)) |
821 |
+- skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check, |
822 |
+- inet_compute_pseudo); |
823 |
+- |
824 |
+- ret = udp_queue_rcv_skb(sk, skb); |
825 |
+- |
826 |
+- /* a return value > 0 means to resubmit the input, but |
827 |
+- * it wants the return to be -protocol, or 0 |
828 |
+- */ |
829 |
+- if (ret > 0) |
830 |
+- return -ret; |
831 |
+- return 0; |
832 |
+- } |
833 |
++ if (sk) |
834 |
++ return udp_unicast_rcv_skb(sk, skb, uh); |
835 |
+ |
836 |
+ if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) |
837 |
+ goto drop; |
838 |
+diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c |
839 |
+index 649f4d87b318..a36ae90bf613 100644 |
840 |
+--- a/net/ipv6/ip6_offload.c |
841 |
++++ b/net/ipv6/ip6_offload.c |
842 |
+@@ -113,6 +113,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, |
843 |
+ payload_len = skb->len - nhoff - sizeof(*ipv6h); |
844 |
+ ipv6h->payload_len = htons(payload_len); |
845 |
+ skb->network_header = (u8 *)ipv6h - skb->head; |
846 |
++ skb_reset_mac_len(skb); |
847 |
+ |
848 |
+ if (udpfrag) { |
849 |
+ int err = ip6_find_1stfragopt(skb, &prevhdr); |
850 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
851 |
+index ea14466cdca8..8e77cecd2165 100644 |
852 |
+--- a/net/ipv6/ip6_output.c |
853 |
++++ b/net/ipv6/ip6_output.c |
854 |
+@@ -201,12 +201,10 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, |
855 |
+ kfree_skb(skb); |
856 |
+ return -ENOBUFS; |
857 |
+ } |
858 |
++ if (skb->sk) |
859 |
++ skb_set_owner_w(skb2, skb->sk); |
860 |
+ consume_skb(skb); |
861 |
+ skb = skb2; |
862 |
+- /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically, |
863 |
+- * it is safe to call in our context (socket lock not held) |
864 |
+- */ |
865 |
+- skb_set_owner_w(skb, (struct sock *)sk); |
866 |
+ } |
867 |
+ if (opt->opt_flen) |
868 |
+ ipv6_push_frag_opts(skb, opt, &proto); |
869 |
+diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c |
870 |
+index 2b0f0ac498d2..5a58f9f38095 100644 |
871 |
+--- a/net/nfc/hci/core.c |
872 |
++++ b/net/nfc/hci/core.c |
873 |
+@@ -209,6 +209,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, |
874 |
+ } |
875 |
+ create_info = (struct hci_create_pipe_resp *)skb->data; |
876 |
+ |
877 |
++ if (create_info->pipe >= NFC_HCI_MAX_PIPES) { |
878 |
++ status = NFC_HCI_ANY_E_NOK; |
879 |
++ goto exit; |
880 |
++ } |
881 |
++ |
882 |
+ /* Save the new created pipe and bind with local gate, |
883 |
+ * the description for skb->data[3] is destination gate id |
884 |
+ * but since we received this cmd from host controller, we |
885 |
+@@ -232,6 +237,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, |
886 |
+ } |
887 |
+ delete_info = (struct hci_delete_pipe_noti *)skb->data; |
888 |
+ |
889 |
++ if (delete_info->pipe >= NFC_HCI_MAX_PIPES) { |
890 |
++ status = NFC_HCI_ANY_E_NOK; |
891 |
++ goto exit; |
892 |
++ } |
893 |
++ |
894 |
+ hdev->pipes[delete_info->pipe].gate = NFC_HCI_INVALID_GATE; |
895 |
+ hdev->pipes[delete_info->pipe].dest_host = NFC_HCI_INVALID_HOST; |
896 |
+ break; |
897 |
+diff --git a/sound/firewire/bebob/bebob.c b/sound/firewire/bebob/bebob.c |
898 |
+index 3469ac14c89c..d0dfa822266b 100644 |
899 |
+--- a/sound/firewire/bebob/bebob.c |
900 |
++++ b/sound/firewire/bebob/bebob.c |
901 |
+@@ -263,6 +263,8 @@ do_registration(struct work_struct *work) |
902 |
+ error: |
903 |
+ mutex_unlock(&devices_mutex); |
904 |
+ snd_bebob_stream_destroy_duplex(bebob); |
905 |
++ kfree(bebob->maudio_special_quirk); |
906 |
++ bebob->maudio_special_quirk = NULL; |
907 |
+ snd_card_free(bebob->card); |
908 |
+ dev_info(&bebob->unit->device, |
909 |
+ "Sound card registration failed: %d\n", err); |
910 |
+diff --git a/sound/firewire/bebob/bebob_maudio.c b/sound/firewire/bebob/bebob_maudio.c |
911 |
+index 07e5abdbceb5..6dbf047d4f75 100644 |
912 |
+--- a/sound/firewire/bebob/bebob_maudio.c |
913 |
++++ b/sound/firewire/bebob/bebob_maudio.c |
914 |
+@@ -96,17 +96,13 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit) |
915 |
+ struct fw_device *device = fw_parent_device(unit); |
916 |
+ int err, rcode; |
917 |
+ u64 date; |
918 |
+- __le32 cues[3] = { |
919 |
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE1), |
920 |
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE2), |
921 |
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE3) |
922 |
+- }; |
923 |
++ __le32 *cues; |
924 |
+ |
925 |
+ /* check date of software used to build */ |
926 |
+ err = snd_bebob_read_block(unit, INFO_OFFSET_SW_DATE, |
927 |
+ &date, sizeof(u64)); |
928 |
+ if (err < 0) |
929 |
+- goto end; |
930 |
++ return err; |
931 |
+ /* |
932 |
+ * firmware version 5058 or later has date later than "20070401", but |
933 |
+ * 'date' is not null-terminated. |
934 |
+@@ -114,20 +110,28 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit) |
935 |
+ if (date < 0x3230303730343031LL) { |
936 |
+ dev_err(&unit->device, |
937 |
+ "Use firmware version 5058 or later\n"); |
938 |
+- err = -ENOSYS; |
939 |
+- goto end; |
940 |
++ return -ENXIO; |
941 |
+ } |
942 |
+ |
943 |
++ cues = kmalloc_array(3, sizeof(*cues), GFP_KERNEL); |
944 |
++ if (!cues) |
945 |
++ return -ENOMEM; |
946 |
++ |
947 |
++ cues[0] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE1); |
948 |
++ cues[1] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE2); |
949 |
++ cues[2] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE3); |
950 |
++ |
951 |
+ rcode = fw_run_transaction(device->card, TCODE_WRITE_BLOCK_REQUEST, |
952 |
+ device->node_id, device->generation, |
953 |
+ device->max_speed, BEBOB_ADDR_REG_REQ, |
954 |
+- cues, sizeof(cues)); |
955 |
++ cues, 3 * sizeof(*cues)); |
956 |
++ kfree(cues); |
957 |
+ if (rcode != RCODE_COMPLETE) { |
958 |
+ dev_err(&unit->device, |
959 |
+ "Failed to send a cue to load firmware\n"); |
960 |
+ err = -EIO; |
961 |
+ } |
962 |
+-end: |
963 |
++ |
964 |
+ return err; |
965 |
+ } |
966 |
+ |
967 |
+@@ -290,10 +294,6 @@ snd_bebob_maudio_special_discover(struct snd_bebob *bebob, bool is1814) |
968 |
+ bebob->midi_output_ports = 2; |
969 |
+ } |
970 |
+ end: |
971 |
+- if (err < 0) { |
972 |
+- kfree(params); |
973 |
+- bebob->maudio_special_quirk = NULL; |
974 |
+- } |
975 |
+ mutex_unlock(&bebob->mutex); |
976 |
+ return err; |
977 |
+ } |
978 |
+diff --git a/sound/firewire/digi00x/digi00x.c b/sound/firewire/digi00x/digi00x.c |
979 |
+index 1f5e1d23f31a..ef689997d6a5 100644 |
980 |
+--- a/sound/firewire/digi00x/digi00x.c |
981 |
++++ b/sound/firewire/digi00x/digi00x.c |
982 |
+@@ -49,6 +49,7 @@ static void dg00x_free(struct snd_dg00x *dg00x) |
983 |
+ fw_unit_put(dg00x->unit); |
984 |
+ |
985 |
+ mutex_destroy(&dg00x->mutex); |
986 |
++ kfree(dg00x); |
987 |
+ } |
988 |
+ |
989 |
+ static void dg00x_card_free(struct snd_card *card) |
990 |
+diff --git a/sound/firewire/fireworks/fireworks.c b/sound/firewire/fireworks/fireworks.c |
991 |
+index 71a0613d3da0..f2d073365cf6 100644 |
992 |
+--- a/sound/firewire/fireworks/fireworks.c |
993 |
++++ b/sound/firewire/fireworks/fireworks.c |
994 |
+@@ -301,6 +301,8 @@ error: |
995 |
+ snd_efw_transaction_remove_instance(efw); |
996 |
+ snd_efw_stream_destroy_duplex(efw); |
997 |
+ snd_card_free(efw->card); |
998 |
++ kfree(efw->resp_buf); |
999 |
++ efw->resp_buf = NULL; |
1000 |
+ dev_info(&efw->unit->device, |
1001 |
+ "Sound card registration failed: %d\n", err); |
1002 |
+ } |
1003 |
+diff --git a/sound/firewire/oxfw/oxfw.c b/sound/firewire/oxfw/oxfw.c |
1004 |
+index 474b06d8acd1..696b6cf35003 100644 |
1005 |
+--- a/sound/firewire/oxfw/oxfw.c |
1006 |
++++ b/sound/firewire/oxfw/oxfw.c |
1007 |
+@@ -135,6 +135,7 @@ static void oxfw_free(struct snd_oxfw *oxfw) |
1008 |
+ |
1009 |
+ kfree(oxfw->spec); |
1010 |
+ mutex_destroy(&oxfw->mutex); |
1011 |
++ kfree(oxfw); |
1012 |
+ } |
1013 |
+ |
1014 |
+ /* |
1015 |
+@@ -212,6 +213,7 @@ static int detect_quirks(struct snd_oxfw *oxfw) |
1016 |
+ static void do_registration(struct work_struct *work) |
1017 |
+ { |
1018 |
+ struct snd_oxfw *oxfw = container_of(work, struct snd_oxfw, dwork.work); |
1019 |
++ int i; |
1020 |
+ int err; |
1021 |
+ |
1022 |
+ if (oxfw->registered) |
1023 |
+@@ -274,7 +276,15 @@ error: |
1024 |
+ snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->rx_stream); |
1025 |
+ if (oxfw->has_output) |
1026 |
+ snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->tx_stream); |
1027 |
++ for (i = 0; i < SND_OXFW_STREAM_FORMAT_ENTRIES; ++i) { |
1028 |
++ kfree(oxfw->tx_stream_formats[i]); |
1029 |
++ oxfw->tx_stream_formats[i] = NULL; |
1030 |
++ kfree(oxfw->rx_stream_formats[i]); |
1031 |
++ oxfw->rx_stream_formats[i] = NULL; |
1032 |
++ } |
1033 |
+ snd_card_free(oxfw->card); |
1034 |
++ kfree(oxfw->spec); |
1035 |
++ oxfw->spec = NULL; |
1036 |
+ dev_info(&oxfw->unit->device, |
1037 |
+ "Sound card registration failed: %d\n", err); |
1038 |
+ } |
1039 |
+diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c |
1040 |
+index 9dc93a7eb9da..4c967ac1c0e8 100644 |
1041 |
+--- a/sound/firewire/tascam/tascam.c |
1042 |
++++ b/sound/firewire/tascam/tascam.c |
1043 |
+@@ -93,6 +93,7 @@ static void tscm_free(struct snd_tscm *tscm) |
1044 |
+ fw_unit_put(tscm->unit); |
1045 |
+ |
1046 |
+ mutex_destroy(&tscm->mutex); |
1047 |
++ kfree(tscm); |
1048 |
+ } |
1049 |
+ |
1050 |
+ static void tscm_card_free(struct snd_card *card) |
1051 |
+diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c |
1052 |
+index 56fc47bd6dba..50b216fc369f 100644 |
1053 |
+--- a/sound/pci/emu10k1/emufx.c |
1054 |
++++ b/sound/pci/emu10k1/emufx.c |
1055 |
+@@ -2520,7 +2520,7 @@ static int snd_emu10k1_fx8010_ioctl(struct snd_hwdep * hw, struct file *file, un |
1056 |
+ emu->support_tlv = 1; |
1057 |
+ return put_user(SNDRV_EMU10K1_VERSION, (int __user *)argp); |
1058 |
+ case SNDRV_EMU10K1_IOCTL_INFO: |
1059 |
+- info = kmalloc(sizeof(*info), GFP_KERNEL); |
1060 |
++ info = kzalloc(sizeof(*info), GFP_KERNEL); |
1061 |
+ if (!info) |
1062 |
+ return -ENOMEM; |
1063 |
+ snd_emu10k1_fx8010_info(emu, info); |
1064 |
+diff --git a/sound/soc/codecs/cs4265.c b/sound/soc/codecs/cs4265.c |
1065 |
+index fd966bb851cb..6e8eb1f5a041 100644 |
1066 |
+--- a/sound/soc/codecs/cs4265.c |
1067 |
++++ b/sound/soc/codecs/cs4265.c |
1068 |
+@@ -157,8 +157,8 @@ static const struct snd_kcontrol_new cs4265_snd_controls[] = { |
1069 |
+ SOC_SINGLE("Validity Bit Control Switch", CS4265_SPDIF_CTL2, |
1070 |
+ 3, 1, 0), |
1071 |
+ SOC_ENUM("SPDIF Mono/Stereo", spdif_mono_stereo_enum), |
1072 |
+- SOC_SINGLE("MMTLR Data Switch", 0, |
1073 |
+- 1, 1, 0), |
1074 |
++ SOC_SINGLE("MMTLR Data Switch", CS4265_SPDIF_CTL2, |
1075 |
++ 0, 1, 0), |
1076 |
+ SOC_ENUM("Mono Channel Select", spdif_mono_select_enum), |
1077 |
+ SND_SOC_BYTES("C Data Buffer", CS4265_C_DATA_BUFF, 24), |
1078 |
+ }; |