Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Sat, 29 Sep 2018 13:33:58
Message-Id: 1538228016.91096f1f9d194b12c50cdd353d1426538a0bd937.mpagano@gentoo
1 commit: 91096f1f9d194b12c50cdd353d1426538a0bd937
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sat Sep 29 13:33:36 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sat Sep 29 13:33:36 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=91096f1f
7
8 Linux patch 4.9.130
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1129_linux-4.9.130.patch | 1041 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1045 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index cf72302..776fab9 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -559,6 +559,10 @@ Patch: 1128_linux-4.9.129.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.129
23
24 +Patch: 1129_linux-4.9.130.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.130
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1129_linux-4.9.130.patch b/1129_linux-4.9.130.patch
33 new file mode 100644
34 index 0000000..0ad7904
35 --- /dev/null
36 +++ b/1129_linux-4.9.130.patch
37 @@ -0,0 +1,1041 @@
38 +diff --git a/Makefile b/Makefile
39 +index 3f3c340374c5..b98e04a5e1e5 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 9
45 +-SUBLEVEL = 129
46 ++SUBLEVEL = 130
47 + EXTRAVERSION =
48 + NAME = Roaring Lionus
49 +
50 +diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c
51 +index b9fc52556bcc..0b29a43e09c8 100644
52 +--- a/arch/x86/xen/pmu.c
53 ++++ b/arch/x86/xen/pmu.c
54 +@@ -477,7 +477,7 @@ static void xen_convert_regs(const struct xen_pmu_regs *xen_regs,
55 + irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id)
56 + {
57 + int err, ret = IRQ_NONE;
58 +- struct pt_regs regs;
59 ++ struct pt_regs regs = {0};
60 + const struct xen_pmu_data *xenpmu_data = get_xenpmu_data();
61 + uint8_t xenpmu_flags = get_xenpmu_flags();
62 +
63 +diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
64 +index 56c288f78d8a..5bfae1f972c7 100644
65 +--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
66 ++++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
67 +@@ -271,12 +271,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force)
68 + nv_connector->edid = NULL;
69 + }
70 +
71 +- /* Outputs are only polled while runtime active, so acquiring a
72 +- * runtime PM ref here is unnecessary (and would deadlock upon
73 +- * runtime suspend because it waits for polling to finish).
74 ++ /* Outputs are only polled while runtime active, so resuming the
75 ++ * device here is unnecessary (and would deadlock upon runtime suspend
76 ++ * because it waits for polling to finish). We do however, want to
77 ++ * prevent the autosuspend timer from elapsing during this operation
78 ++ * if possible.
79 + */
80 +- if (!drm_kms_helper_is_poll_worker()) {
81 +- ret = pm_runtime_get_sync(connector->dev->dev);
82 ++ if (drm_kms_helper_is_poll_worker()) {
83 ++ pm_runtime_get_noresume(dev->dev);
84 ++ } else {
85 ++ ret = pm_runtime_get_sync(dev->dev);
86 + if (ret < 0 && ret != -EACCES)
87 + return conn_status;
88 + }
89 +@@ -354,10 +358,8 @@ detect_analog:
90 +
91 + out:
92 +
93 +- if (!drm_kms_helper_is_poll_worker()) {
94 +- pm_runtime_mark_last_busy(connector->dev->dev);
95 +- pm_runtime_put_autosuspend(connector->dev->dev);
96 +- }
97 ++ pm_runtime_mark_last_busy(dev->dev);
98 ++ pm_runtime_put_autosuspend(dev->dev);
99 +
100 + return conn_status;
101 + }
102 +diff --git a/drivers/gpu/drm/nouveau/nouveau_display.c b/drivers/gpu/drm/nouveau/nouveau_display.c
103 +index 6526a3366087..3ddd4096da2a 100644
104 +--- a/drivers/gpu/drm/nouveau/nouveau_display.c
105 ++++ b/drivers/gpu/drm/nouveau/nouveau_display.c
106 +@@ -367,8 +367,6 @@ nouveau_display_hpd_work(struct work_struct *work)
107 + pm_runtime_get_sync(drm->dev->dev);
108 +
109 + drm_helper_hpd_irq_event(drm->dev);
110 +- /* enable polling for external displays */
111 +- drm_kms_helper_poll_enable(drm->dev);
112 +
113 + pm_runtime_mark_last_busy(drm->dev->dev);
114 + pm_runtime_put_sync(drm->dev->dev);
115 +@@ -391,15 +389,29 @@ nouveau_display_acpi_ntfy(struct notifier_block *nb, unsigned long val,
116 + {
117 + struct nouveau_drm *drm = container_of(nb, typeof(*drm), acpi_nb);
118 + struct acpi_bus_event *info = data;
119 ++ int ret;
120 +
121 + if (!strcmp(info->device_class, ACPI_VIDEO_CLASS)) {
122 + if (info->type == ACPI_VIDEO_NOTIFY_PROBE) {
123 +- /*
124 +- * This may be the only indication we receive of a
125 +- * connector hotplug on a runtime suspended GPU,
126 +- * schedule hpd_work to check.
127 +- */
128 +- schedule_work(&drm->hpd_work);
129 ++ ret = pm_runtime_get(drm->dev->dev);
130 ++ if (ret == 1 || ret == -EACCES) {
131 ++ /* If the GPU is already awake, or in a state
132 ++ * where we can't wake it up, it can handle
133 ++ * it's own hotplug events.
134 ++ */
135 ++ pm_runtime_put_autosuspend(drm->dev->dev);
136 ++ } else if (ret == 0) {
137 ++ /* This may be the only indication we receive
138 ++ * of a connector hotplug on a runtime
139 ++ * suspended GPU, schedule hpd_work to check.
140 ++ */
141 ++ NV_DEBUG(drm, "ACPI requested connector reprobe\n");
142 ++ schedule_work(&drm->hpd_work);
143 ++ pm_runtime_put_noidle(drm->dev->dev);
144 ++ } else {
145 ++ NV_WARN(drm, "Dropped ACPI reprobe event due to RPM error: %d\n",
146 ++ ret);
147 ++ }
148 +
149 + /* acpi-video should not generate keypresses for this */
150 + return NOTIFY_BAD;
151 +@@ -422,6 +434,11 @@ nouveau_display_init(struct drm_device *dev)
152 + if (ret)
153 + return ret;
154 +
155 ++ /* enable connector detection and polling for connectors without HPD
156 ++ * support
157 ++ */
158 ++ drm_kms_helper_poll_enable(dev);
159 ++
160 + /* enable hotplug interrupts */
161 + list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
162 + struct nouveau_connector *conn = nouveau_connector(connector);
163 +diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
164 +index f8c9f6f4f822..a2d8630058ed 100644
165 +--- a/drivers/gpu/drm/vc4/vc4_plane.c
166 ++++ b/drivers/gpu/drm/vc4/vc4_plane.c
167 +@@ -327,6 +327,9 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state)
168 + vc4_state->y_scaling[0] = vc4_get_scaling_mode(vc4_state->src_h[0],
169 + vc4_state->crtc_h);
170 +
171 ++ vc4_state->is_unity = (vc4_state->x_scaling[0] == VC4_SCALING_NONE &&
172 ++ vc4_state->y_scaling[0] == VC4_SCALING_NONE);
173 ++
174 + if (num_planes > 1) {
175 + vc4_state->is_yuv = true;
176 +
177 +@@ -342,24 +345,17 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state)
178 + vc4_get_scaling_mode(vc4_state->src_h[1],
179 + vc4_state->crtc_h);
180 +
181 +- /* YUV conversion requires that scaling be enabled,
182 +- * even on a plane that's otherwise 1:1. Choose TPZ
183 +- * for simplicity.
184 ++ /* YUV conversion requires that horizontal scaling be enabled,
185 ++ * even on a plane that's otherwise 1:1. Looks like only PPF
186 ++ * works in that case, so let's pick that one.
187 + */
188 +- if (vc4_state->x_scaling[0] == VC4_SCALING_NONE)
189 +- vc4_state->x_scaling[0] = VC4_SCALING_TPZ;
190 +- if (vc4_state->y_scaling[0] == VC4_SCALING_NONE)
191 +- vc4_state->y_scaling[0] = VC4_SCALING_TPZ;
192 ++ if (vc4_state->is_unity)
193 ++ vc4_state->x_scaling[0] = VC4_SCALING_PPF;
194 + } else {
195 + vc4_state->x_scaling[1] = VC4_SCALING_NONE;
196 + vc4_state->y_scaling[1] = VC4_SCALING_NONE;
197 + }
198 +
199 +- vc4_state->is_unity = (vc4_state->x_scaling[0] == VC4_SCALING_NONE &&
200 +- vc4_state->y_scaling[0] == VC4_SCALING_NONE &&
201 +- vc4_state->x_scaling[1] == VC4_SCALING_NONE &&
202 +- vc4_state->y_scaling[1] == VC4_SCALING_NONE);
203 +-
204 + /* No configuring scaling on the cursor plane, since it gets
205 + non-vblank-synced updates, and scaling requires requires
206 + LBM changes which have to be vblank-synced.
207 +@@ -614,7 +610,10 @@ static int vc4_plane_mode_set(struct drm_plane *plane,
208 + vc4_dlist_write(vc4_state, SCALER_CSC2_ITR_R_601_5);
209 + }
210 +
211 +- if (!vc4_state->is_unity) {
212 ++ if (vc4_state->x_scaling[0] != VC4_SCALING_NONE ||
213 ++ vc4_state->x_scaling[1] != VC4_SCALING_NONE ||
214 ++ vc4_state->y_scaling[0] != VC4_SCALING_NONE ||
215 ++ vc4_state->y_scaling[1] != VC4_SCALING_NONE) {
216 + /* LBM Base Address. */
217 + if (vc4_state->y_scaling[0] != VC4_SCALING_NONE ||
218 + vc4_state->y_scaling[1] != VC4_SCALING_NONE) {
219 +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
220 +index 7944a1f589eb..2248b330c047 100644
221 +--- a/drivers/hid/hid-core.c
222 ++++ b/drivers/hid/hid-core.c
223 +@@ -2059,6 +2059,9 @@ static const struct hid_device_id hid_have_special_driver[] = {
224 + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS3_CONTROLLER) },
225 + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER) },
226 + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER) },
227 ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2) },
228 ++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2) },
229 ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE) },
230 + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE) },
231 + { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE) },
232 + { HID_USB_DEVICE(USB_VENDOR_ID_SINO_LITE, USB_DEVICE_ID_SINO_LITE_CONTROLLER) },
233 +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
234 +index 019ee9181f2b..de64cd33590a 100644
235 +--- a/drivers/hid/hid-ids.h
236 ++++ b/drivers/hid/hid-ids.h
237 +@@ -927,6 +927,8 @@
238 + #define USB_DEVICE_ID_SONY_PS3_BDREMOTE 0x0306
239 + #define USB_DEVICE_ID_SONY_PS3_CONTROLLER 0x0268
240 + #define USB_DEVICE_ID_SONY_PS4_CONTROLLER 0x05c4
241 ++#define USB_DEVICE_ID_SONY_PS4_CONTROLLER_2 0x09cc
242 ++#define USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE 0x0ba0
243 + #define USB_DEVICE_ID_SONY_MOTION_CONTROLLER 0x03d5
244 + #define USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER 0x042f
245 + #define USB_DEVICE_ID_SONY_BUZZ_CONTROLLER 0x0002
246 +diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
247 +index 1b1dccd37fbd..eee58d15e745 100644
248 +--- a/drivers/hid/hid-sony.c
249 ++++ b/drivers/hid/hid-sony.c
250 +@@ -2581,6 +2581,12 @@ static const struct hid_device_id sony_devices[] = {
251 + .driver_data = DUALSHOCK4_CONTROLLER_USB },
252 + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER),
253 + .driver_data = DUALSHOCK4_CONTROLLER_BT },
254 ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2),
255 ++ .driver_data = DUALSHOCK4_CONTROLLER_USB },
256 ++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2),
257 ++ .driver_data = DUALSHOCK4_CONTROLLER_BT },
258 ++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE),
259 ++ .driver_data = DUALSHOCK4_CONTROLLER_USB },
260 + /* Nyko Core Controller for PS3 */
261 + { HID_USB_DEVICE(USB_VENDOR_ID_SINO_LITE, USB_DEVICE_ID_SINO_LITE_CONTROLLER),
262 + .driver_data = SIXAXIS_CONTROLLER_USB | SINO_LITE_CONTROLLER },
263 +diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c
264 +index cc2243f6cc7f..bb45eb22ba1f 100644
265 +--- a/drivers/infiniband/hw/cxgb4/qp.c
266 ++++ b/drivers/infiniband/hw/cxgb4/qp.c
267 +@@ -1258,6 +1258,12 @@ static void flush_qp(struct c4iw_qp *qhp)
268 +
269 + t4_set_wq_in_error(&qhp->wq);
270 + if (qhp->ibqp.uobject) {
271 ++
272 ++ /* for user qps, qhp->wq.flushed is protected by qhp->mutex */
273 ++ if (qhp->wq.flushed)
274 ++ return;
275 ++
276 ++ qhp->wq.flushed = 1;
277 + t4_set_cq_in_error(&rchp->cq);
278 + spin_lock_irqsave(&rchp->comp_handler_lock, flag);
279 + (*rchp->ibcq.comp_handler)(&rchp->ibcq, rchp->ibcq.cq_context);
280 +diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c
281 +index 518e2dec2aa2..5e9122cd3898 100644
282 +--- a/drivers/misc/vmw_balloon.c
283 ++++ b/drivers/misc/vmw_balloon.c
284 +@@ -45,6 +45,7 @@
285 + #include <linux/seq_file.h>
286 + #include <linux/vmw_vmci_defs.h>
287 + #include <linux/vmw_vmci_api.h>
288 ++#include <linux/io.h>
289 + #include <asm/hypervisor.h>
290 +
291 + MODULE_AUTHOR("VMware, Inc.");
292 +diff --git a/drivers/net/appletalk/ipddp.c b/drivers/net/appletalk/ipddp.c
293 +index 2e4649655181..4e98e5aff7c5 100644
294 +--- a/drivers/net/appletalk/ipddp.c
295 ++++ b/drivers/net/appletalk/ipddp.c
296 +@@ -284,8 +284,12 @@ static int ipddp_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
297 + case SIOCFINDIPDDPRT:
298 + spin_lock_bh(&ipddp_route_lock);
299 + rp = __ipddp_find_route(&rcp);
300 +- if (rp)
301 +- memcpy(&rcp2, rp, sizeof(rcp2));
302 ++ if (rp) {
303 ++ memset(&rcp2, 0, sizeof(rcp2));
304 ++ rcp2.ip = rp->ip;
305 ++ rcp2.at = rp->at;
306 ++ rcp2.flags = rp->flags;
307 ++ }
308 + spin_unlock_bh(&ipddp_route_lock);
309 +
310 + if (rp) {
311 +diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c
312 +index 631dbc7b4dbb..0988bf1a43c0 100644
313 +--- a/drivers/net/ethernet/hp/hp100.c
314 ++++ b/drivers/net/ethernet/hp/hp100.c
315 +@@ -2636,7 +2636,7 @@ static int hp100_login_to_vg_hub(struct net_device *dev, u_short force_relogin)
316 + /* Wait for link to drop */
317 + time = jiffies + (HZ / 10);
318 + do {
319 +- if (~(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST))
320 ++ if (!(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST))
321 + break;
322 + if (!in_interrupt())
323 + schedule_timeout_interruptible(1);
324 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
325 +index 7f6af10f09ee..3c1adb38412b 100644
326 +--- a/drivers/net/xen-netfront.c
327 ++++ b/drivers/net/xen-netfront.c
328 +@@ -906,7 +906,11 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue,
329 + BUG_ON(pull_to <= skb_headlen(skb));
330 + __pskb_pull_tail(skb, pull_to - skb_headlen(skb));
331 + }
332 +- BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS);
333 ++ if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) {
334 ++ queue->rx.rsp_cons = ++cons;
335 ++ kfree_skb(nskb);
336 ++ return ~0U;
337 ++ }
338 +
339 + skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
340 + skb_frag_page(nfrag),
341 +@@ -1043,6 +1047,8 @@ err:
342 + skb->len += rx->status;
343 +
344 + i = xennet_fill_frags(queue, skb, &tmpq);
345 ++ if (unlikely(i == ~0U))
346 ++ goto err;
347 +
348 + if (rx->flags & XEN_NETRXF_csum_blank)
349 + skb->ip_summed = CHECKSUM_PARTIAL;
350 +diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c
351 +index 11bad826683e..1dbd09c91a7c 100644
352 +--- a/drivers/pci/host/pci-aardvark.c
353 ++++ b/drivers/pci/host/pci-aardvark.c
354 +@@ -976,6 +976,7 @@ static int advk_pcie_probe(struct platform_device *pdev)
355 + return -ENOMEM;
356 + }
357 +
358 ++ pci_bus_size_bridges(bus);
359 + pci_bus_assign_resources(bus);
360 +
361 + list_for_each_entry(child, &bus->children, node)
362 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
363 +index a05d143ac43b..c7a695c2303a 100644
364 +--- a/drivers/pci/quirks.c
365 ++++ b/drivers/pci/quirks.c
366 +@@ -4236,11 +4236,6 @@ static int pci_quirk_qcom_rp_acs(struct pci_dev *dev, u16 acs_flags)
367 + *
368 + * 0x9d10-0x9d1b PCI Express Root port #{1-12}
369 + *
370 +- * The 300 series chipset suffers from the same bug so include those root
371 +- * ports here as well.
372 +- *
373 +- * 0xa32c-0xa343 PCI Express Root port #{0-24}
374 +- *
375 + * [1] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-2.html
376 + * [2] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-1.html
377 + * [3] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-spec-update.html
378 +@@ -4258,7 +4253,6 @@ static bool pci_quirk_intel_spt_pch_acs_match(struct pci_dev *dev)
379 + case 0xa110 ... 0xa11f: case 0xa167 ... 0xa16a: /* Sunrise Point */
380 + case 0xa290 ... 0xa29f: case 0xa2e7 ... 0xa2ee: /* Union Point */
381 + case 0x9d10 ... 0x9d1b: /* 7th & 8th Gen Mobile */
382 +- case 0xa32c ... 0xa343: /* 300 series */
383 + return true;
384 + }
385 +
386 +diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c
387 +index 005629447b0c..fe419935041c 100644
388 +--- a/drivers/platform/x86/alienware-wmi.c
389 ++++ b/drivers/platform/x86/alienware-wmi.c
390 +@@ -518,6 +518,7 @@ static acpi_status alienware_wmax_command(struct wmax_basic_args *in_args,
391 + if (obj && obj->type == ACPI_TYPE_INTEGER)
392 + *out_data = (u32) obj->integer.value;
393 + }
394 ++ kfree(output.pointer);
395 + return status;
396 +
397 + }
398 +diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
399 +index 98f75e5811c8..f06e74ea10d3 100644
400 +--- a/drivers/target/iscsi/iscsi_target_auth.c
401 ++++ b/drivers/target/iscsi/iscsi_target_auth.c
402 +@@ -26,18 +26,6 @@
403 + #include "iscsi_target_nego.h"
404 + #include "iscsi_target_auth.h"
405 +
406 +-static int chap_string_to_hex(unsigned char *dst, unsigned char *src, int len)
407 +-{
408 +- int j = DIV_ROUND_UP(len, 2), rc;
409 +-
410 +- rc = hex2bin(dst, src, j);
411 +- if (rc < 0)
412 +- pr_debug("CHAP string contains non hex digit symbols\n");
413 +-
414 +- dst[j] = '\0';
415 +- return j;
416 +-}
417 +-
418 + static void chap_binaryhex_to_asciihex(char *dst, char *src, int src_len)
419 + {
420 + int i;
421 +@@ -240,9 +228,16 @@ static int chap_server_compute_md5(
422 + pr_err("Could not find CHAP_R.\n");
423 + goto out;
424 + }
425 ++ if (strlen(chap_r) != MD5_SIGNATURE_SIZE * 2) {
426 ++ pr_err("Malformed CHAP_R\n");
427 ++ goto out;
428 ++ }
429 ++ if (hex2bin(client_digest, chap_r, MD5_SIGNATURE_SIZE) < 0) {
430 ++ pr_err("Malformed CHAP_R\n");
431 ++ goto out;
432 ++ }
433 +
434 + pr_debug("[server] Got CHAP_R=%s\n", chap_r);
435 +- chap_string_to_hex(client_digest, chap_r, strlen(chap_r));
436 +
437 + tfm = crypto_alloc_shash("md5", 0, 0);
438 + if (IS_ERR(tfm)) {
439 +@@ -341,9 +336,7 @@ static int chap_server_compute_md5(
440 + pr_err("Could not find CHAP_C.\n");
441 + goto out;
442 + }
443 +- pr_debug("[server] Got CHAP_C=%s\n", challenge);
444 +- challenge_len = chap_string_to_hex(challenge_binhex, challenge,
445 +- strlen(challenge));
446 ++ challenge_len = DIV_ROUND_UP(strlen(challenge), 2);
447 + if (!challenge_len) {
448 + pr_err("Unable to convert incoming challenge\n");
449 + goto out;
450 +@@ -352,6 +345,11 @@ static int chap_server_compute_md5(
451 + pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
452 + goto out;
453 + }
454 ++ if (hex2bin(challenge_binhex, challenge, challenge_len) < 0) {
455 ++ pr_err("Malformed CHAP_C\n");
456 ++ goto out;
457 ++ }
458 ++ pr_debug("[server] Got CHAP_C=%s\n", challenge);
459 + /*
460 + * During mutual authentication, the CHAP_C generated by the
461 + * initiator must not match the original CHAP_C generated by
462 +diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c
463 +index f62c598810ff..638eb9bbd59f 100644
464 +--- a/drivers/tty/vt/vt_ioctl.c
465 ++++ b/drivers/tty/vt/vt_ioctl.c
466 +@@ -31,6 +31,8 @@
467 + #include <asm/io.h>
468 + #include <asm/uaccess.h>
469 +
470 ++#include <linux/nospec.h>
471 ++
472 + #include <linux/kbd_kern.h>
473 + #include <linux/vt_kern.h>
474 + #include <linux/kbd_diacr.h>
475 +@@ -703,6 +705,8 @@ int vt_ioctl(struct tty_struct *tty,
476 + if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES)
477 + ret = -ENXIO;
478 + else {
479 ++ vsa.console = array_index_nospec(vsa.console,
480 ++ MAX_NR_CONSOLES + 1);
481 + vsa.console--;
482 + console_lock();
483 + ret = vc_allocate(vsa.console);
484 +diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
485 +index e8b365000d73..e16bc4cec62e 100644
486 +--- a/fs/ext4/dir.c
487 ++++ b/fs/ext4/dir.c
488 +@@ -74,7 +74,7 @@ int __ext4_check_dir_entry(const char *function, unsigned int line,
489 + else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len)))
490 + error_msg = "rec_len is too small for name_len";
491 + else if (unlikely(((char *) de - buf) + rlen > size))
492 +- error_msg = "directory entry across range";
493 ++ error_msg = "directory entry overrun";
494 + else if (unlikely(le32_to_cpu(de->inode) >
495 + le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count)))
496 + error_msg = "inode out of bounds";
497 +@@ -83,18 +83,16 @@ int __ext4_check_dir_entry(const char *function, unsigned int line,
498 +
499 + if (filp)
500 + ext4_error_file(filp, function, line, bh->b_blocknr,
501 +- "bad entry in directory: %s - offset=%u(%u), "
502 +- "inode=%u, rec_len=%d, name_len=%d",
503 +- error_msg, (unsigned) (offset % size),
504 +- offset, le32_to_cpu(de->inode),
505 +- rlen, de->name_len);
506 ++ "bad entry in directory: %s - offset=%u, "
507 ++ "inode=%u, rec_len=%d, name_len=%d, size=%d",
508 ++ error_msg, offset, le32_to_cpu(de->inode),
509 ++ rlen, de->name_len, size);
510 + else
511 + ext4_error_inode(dir, function, line, bh->b_blocknr,
512 +- "bad entry in directory: %s - offset=%u(%u), "
513 +- "inode=%u, rec_len=%d, name_len=%d",
514 +- error_msg, (unsigned) (offset % size),
515 +- offset, le32_to_cpu(de->inode),
516 +- rlen, de->name_len);
517 ++ "bad entry in directory: %s - offset=%u, "
518 ++ "inode=%u, rec_len=%d, name_len=%d, size=%d",
519 ++ error_msg, offset, le32_to_cpu(de->inode),
520 ++ rlen, de->name_len, size);
521 +
522 + return 1;
523 + }
524 +diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
525 +index 436baf7cdca3..211539a7adfc 100644
526 +--- a/fs/ext4/inline.c
527 ++++ b/fs/ext4/inline.c
528 +@@ -1754,6 +1754,7 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data)
529 + {
530 + int err, inline_size;
531 + struct ext4_iloc iloc;
532 ++ size_t inline_len;
533 + void *inline_pos;
534 + unsigned int offset;
535 + struct ext4_dir_entry_2 *de;
536 +@@ -1781,8 +1782,9 @@ bool empty_inline_dir(struct inode *dir, int *has_inline_data)
537 + goto out;
538 + }
539 +
540 ++ inline_len = ext4_get_inline_size(dir);
541 + offset = EXT4_INLINE_DOTDOT_SIZE;
542 +- while (offset < dir->i_size) {
543 ++ while (offset < inline_len) {
544 + de = ext4_get_inline_entry(dir, &iloc, offset,
545 + &inline_pos, &inline_size);
546 + if (ext4_check_dir_entry(dir, NULL, de,
547 +diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
548 +index d89754ef1aab..c2e830a6206d 100644
549 +--- a/fs/ext4/mmp.c
550 ++++ b/fs/ext4/mmp.c
551 +@@ -48,7 +48,6 @@ static int write_mmp_block(struct super_block *sb, struct buffer_head *bh)
552 + */
553 + sb_start_write(sb);
554 + ext4_mmp_csum_set(sb, mmp);
555 +- mark_buffer_dirty(bh);
556 + lock_buffer(bh);
557 + bh->b_end_io = end_buffer_write_sync;
558 + get_bh(bh);
559 +diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
560 +index a225a21d04ad..bc727c393a89 100644
561 +--- a/fs/ext4/namei.c
562 ++++ b/fs/ext4/namei.c
563 +@@ -3527,6 +3527,12 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
564 + int credits;
565 + u8 old_file_type;
566 +
567 ++ if (new.inode && new.inode->i_nlink == 0) {
568 ++ EXT4_ERROR_INODE(new.inode,
569 ++ "target of rename is already freed");
570 ++ return -EFSCORRUPTED;
571 ++ }
572 ++
573 + if ((ext4_test_inode_flag(new_dir, EXT4_INODE_PROJINHERIT)) &&
574 + (!projid_eq(EXT4_I(new_dir)->i_projid,
575 + EXT4_I(old_dentry->d_inode)->i_projid)))
576 +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
577 +index eb720d9e2953..1da301ee78ce 100644
578 +--- a/fs/ext4/resize.c
579 ++++ b/fs/ext4/resize.c
580 +@@ -18,6 +18,7 @@
581 +
582 + int ext4_resize_begin(struct super_block *sb)
583 + {
584 ++ struct ext4_sb_info *sbi = EXT4_SB(sb);
585 + int ret = 0;
586 +
587 + if (!capable(CAP_SYS_RESOURCE))
588 +@@ -28,7 +29,7 @@ int ext4_resize_begin(struct super_block *sb)
589 + * because the user tools have no way of handling this. Probably a
590 + * bad time to do it anyways.
591 + */
592 +- if (EXT4_SB(sb)->s_sbh->b_blocknr !=
593 ++ if (EXT4_B2C(sbi, sbi->s_sbh->b_blocknr) !=
594 + le32_to_cpu(EXT4_SB(sb)->s_es->s_first_data_block)) {
595 + ext4_warning(sb, "won't resize using backup superblock at %llu",
596 + (unsigned long long)EXT4_SB(sb)->s_sbh->b_blocknr);
597 +@@ -1954,6 +1955,26 @@ retry:
598 + }
599 + }
600 +
601 ++ /*
602 ++ * Make sure the last group has enough space so that it's
603 ++ * guaranteed to have enough space for all metadata blocks
604 ++ * that it might need to hold. (We might not need to store
605 ++ * the inode table blocks in the last block group, but there
606 ++ * will be cases where this might be needed.)
607 ++ */
608 ++ if ((ext4_group_first_block_no(sb, n_group) +
609 ++ ext4_group_overhead_blocks(sb, n_group) + 2 +
610 ++ sbi->s_itb_per_group + sbi->s_cluster_ratio) >= n_blocks_count) {
611 ++ n_blocks_count = ext4_group_first_block_no(sb, n_group);
612 ++ n_group--;
613 ++ n_blocks_count_retry = 0;
614 ++ if (resize_inode) {
615 ++ iput(resize_inode);
616 ++ resize_inode = NULL;
617 ++ }
618 ++ goto retry;
619 ++ }
620 ++
621 + /* extend the last group */
622 + if (n_group == o_group)
623 + add = n_blocks_count - o_blocks_count;
624 +diff --git a/fs/ext4/super.c b/fs/ext4/super.c
625 +index 9d44b3683b46..f88d4804c3a8 100644
626 +--- a/fs/ext4/super.c
627 ++++ b/fs/ext4/super.c
628 +@@ -2015,6 +2015,8 @@ static int _ext4_show_options(struct seq_file *seq, struct super_block *sb,
629 + SEQ_OPTS_PRINT("max_dir_size_kb=%u", sbi->s_max_dir_size_kb);
630 + if (test_opt(sb, DATA_ERR_ABORT))
631 + SEQ_OPTS_PUTS("data_err=abort");
632 ++ if (DUMMY_ENCRYPTION_ENABLED(sbi))
633 ++ SEQ_OPTS_PUTS("test_dummy_encryption");
634 +
635 + ext4_show_quota_options(seq, sb);
636 + return 0;
637 +@@ -4187,11 +4189,13 @@ no_journal:
638 + block = ext4_count_free_clusters(sb);
639 + ext4_free_blocks_count_set(sbi->s_es,
640 + EXT4_C2B(sbi, block));
641 ++ ext4_superblock_csum_set(sb);
642 + err = percpu_counter_init(&sbi->s_freeclusters_counter, block,
643 + GFP_KERNEL);
644 + if (!err) {
645 + unsigned long freei = ext4_count_free_inodes(sb);
646 + sbi->s_es->s_free_inodes_count = cpu_to_le32(freei);
647 ++ ext4_superblock_csum_set(sb);
648 + err = percpu_counter_init(&sbi->s_freeinodes_counter, freei,
649 + GFP_KERNEL);
650 + }
651 +diff --git a/fs/ocfs2/buffer_head_io.c b/fs/ocfs2/buffer_head_io.c
652 +index 8f040f88ade4..25c8b328c43d 100644
653 +--- a/fs/ocfs2/buffer_head_io.c
654 ++++ b/fs/ocfs2/buffer_head_io.c
655 +@@ -341,6 +341,7 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
656 + * for this bh as it's not marked locally
657 + * uptodate. */
658 + status = -EIO;
659 ++ clear_buffer_needs_validate(bh);
660 + put_bh(bh);
661 + bhs[i] = NULL;
662 + continue;
663 +diff --git a/include/net/nfc/hci.h b/include/net/nfc/hci.h
664 +index 316694dafa5b..008f466d1da7 100644
665 +--- a/include/net/nfc/hci.h
666 ++++ b/include/net/nfc/hci.h
667 +@@ -87,7 +87,7 @@ struct nfc_hci_pipe {
668 + * According to specification 102 622 chapter 4.4 Pipes,
669 + * the pipe identifier is 7 bits long.
670 + */
671 +-#define NFC_HCI_MAX_PIPES 127
672 ++#define NFC_HCI_MAX_PIPES 128
673 + struct nfc_hci_init_data {
674 + u8 gate_count;
675 + struct nfc_hci_gate gates[NFC_HCI_MAX_CUSTOM_GATES];
676 +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
677 +index f6e8727f7fa3..f81adb476c03 100644
678 +--- a/kernel/sched/fair.c
679 ++++ b/kernel/sched/fair.c
680 +@@ -8639,7 +8639,8 @@ static inline bool vruntime_normalized(struct task_struct *p)
681 + * - A task which has been woken up by try_to_wake_up() and
682 + * waiting for actually being woken up by sched_ttwu_pending().
683 + */
684 +- if (!se->sum_exec_runtime || p->state == TASK_WAKING)
685 ++ if (!se->sum_exec_runtime ||
686 ++ (p->state == TASK_WAKING && p->sched_remote_wakeup))
687 + return true;
688 +
689 + return false;
690 +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
691 +index dc29b600d2cb..f316e90ad538 100644
692 +--- a/kernel/trace/ring_buffer.c
693 ++++ b/kernel/trace/ring_buffer.c
694 +@@ -1504,6 +1504,8 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
695 + tmp_iter_page = first_page;
696 +
697 + do {
698 ++ cond_resched();
699 ++
700 + to_remove_page = tmp_iter_page;
701 + rb_inc_page(cpu_buffer, &tmp_iter_page);
702 +
703 +diff --git a/mm/shmem.c b/mm/shmem.c
704 +index 42ca5df2c0e3..4b5cca167baf 100644
705 +--- a/mm/shmem.c
706 ++++ b/mm/shmem.c
707 +@@ -2160,6 +2160,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode
708 + mpol_shared_policy_init(&info->policy, NULL);
709 + break;
710 + }
711 ++
712 ++ lockdep_annotate_inode_mutex_key(inode);
713 + } else
714 + shmem_free_inode(sb);
715 + return inode;
716 +diff --git a/net/core/neighbour.c b/net/core/neighbour.c
717 +index 128c811dcb1a..8eb1916b742c 100644
718 +--- a/net/core/neighbour.c
719 ++++ b/net/core/neighbour.c
720 +@@ -1138,6 +1138,12 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
721 + lladdr = neigh->ha;
722 + }
723 +
724 ++ /* Update confirmed timestamp for neighbour entry after we
725 ++ * received ARP packet even if it doesn't change IP to MAC binding.
726 ++ */
727 ++ if (new & NUD_CONNECTED)
728 ++ neigh->confirmed = jiffies;
729 ++
730 + /* If entry was valid and address is not changed,
731 + do not change entry state, if new one is STALE.
732 + */
733 +@@ -1159,15 +1165,12 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
734 + }
735 + }
736 +
737 +- /* Update timestamps only once we know we will make a change to the
738 ++ /* Update timestamp only once we know we will make a change to the
739 + * neighbour entry. Otherwise we risk to move the locktime window with
740 + * noop updates and ignore relevant ARP updates.
741 + */
742 +- if (new != old || lladdr != neigh->ha) {
743 +- if (new & NUD_CONNECTED)
744 +- neigh->confirmed = jiffies;
745 ++ if (new != old || lladdr != neigh->ha)
746 + neigh->updated = jiffies;
747 +- }
748 +
749 + if (new != old) {
750 + neigh_del_timer(neigh);
751 +diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
752 +index b5116ec31757..689246d079ad 100644
753 +--- a/net/ipv4/af_inet.c
754 ++++ b/net/ipv4/af_inet.c
755 +@@ -1277,6 +1277,7 @@ struct sk_buff *inet_gso_segment(struct sk_buff *skb,
756 + if (encap)
757 + skb_reset_inner_headers(skb);
758 + skb->network_header = (u8 *)iph - skb->head;
759 ++ skb_reset_mac_len(skb);
760 + } while ((skb = skb->next));
761 +
762 + out:
763 +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
764 +index aa2a20e918fd..b9b2a9828d98 100644
765 +--- a/net/ipv4/udp.c
766 ++++ b/net/ipv4/udp.c
767 +@@ -1730,6 +1730,28 @@ static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
768 + inet_compute_pseudo);
769 + }
770 +
771 ++/* wrapper for udp_queue_rcv_skb tacking care of csum conversion and
772 ++ * return code conversion for ip layer consumption
773 ++ */
774 ++static int udp_unicast_rcv_skb(struct sock *sk, struct sk_buff *skb,
775 ++ struct udphdr *uh)
776 ++{
777 ++ int ret;
778 ++
779 ++ if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
780 ++ skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
781 ++ inet_compute_pseudo);
782 ++
783 ++ ret = udp_queue_rcv_skb(sk, skb);
784 ++
785 ++ /* a return value > 0 means to resubmit the input, but
786 ++ * it wants the return to be -protocol, or 0
787 ++ */
788 ++ if (ret > 0)
789 ++ return -ret;
790 ++ return 0;
791 ++}
792 ++
793 + /*
794 + * All we need to do is get the socket, and then do a checksum.
795 + */
796 +@@ -1776,14 +1798,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
797 + if (unlikely(sk->sk_rx_dst != dst))
798 + udp_sk_rx_dst_set(sk, dst);
799 +
800 +- ret = udp_queue_rcv_skb(sk, skb);
801 ++ ret = udp_unicast_rcv_skb(sk, skb, uh);
802 + sock_put(sk);
803 +- /* a return value > 0 means to resubmit the input, but
804 +- * it wants the return to be -protocol, or 0
805 +- */
806 +- if (ret > 0)
807 +- return -ret;
808 +- return 0;
809 ++ return ret;
810 + }
811 +
812 + if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST))
813 +@@ -1791,22 +1808,8 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
814 + saddr, daddr, udptable, proto);
815 +
816 + sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable);
817 +- if (sk) {
818 +- int ret;
819 +-
820 +- if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
821 +- skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
822 +- inet_compute_pseudo);
823 +-
824 +- ret = udp_queue_rcv_skb(sk, skb);
825 +-
826 +- /* a return value > 0 means to resubmit the input, but
827 +- * it wants the return to be -protocol, or 0
828 +- */
829 +- if (ret > 0)
830 +- return -ret;
831 +- return 0;
832 +- }
833 ++ if (sk)
834 ++ return udp_unicast_rcv_skb(sk, skb, uh);
835 +
836 + if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
837 + goto drop;
838 +diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
839 +index 649f4d87b318..a36ae90bf613 100644
840 +--- a/net/ipv6/ip6_offload.c
841 ++++ b/net/ipv6/ip6_offload.c
842 +@@ -113,6 +113,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
843 + payload_len = skb->len - nhoff - sizeof(*ipv6h);
844 + ipv6h->payload_len = htons(payload_len);
845 + skb->network_header = (u8 *)ipv6h - skb->head;
846 ++ skb_reset_mac_len(skb);
847 +
848 + if (udpfrag) {
849 + int err = ip6_find_1stfragopt(skb, &prevhdr);
850 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
851 +index ea14466cdca8..8e77cecd2165 100644
852 +--- a/net/ipv6/ip6_output.c
853 ++++ b/net/ipv6/ip6_output.c
854 +@@ -201,12 +201,10 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
855 + kfree_skb(skb);
856 + return -ENOBUFS;
857 + }
858 ++ if (skb->sk)
859 ++ skb_set_owner_w(skb2, skb->sk);
860 + consume_skb(skb);
861 + skb = skb2;
862 +- /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically,
863 +- * it is safe to call in our context (socket lock not held)
864 +- */
865 +- skb_set_owner_w(skb, (struct sock *)sk);
866 + }
867 + if (opt->opt_flen)
868 + ipv6_push_frag_opts(skb, opt, &proto);
869 +diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c
870 +index 2b0f0ac498d2..5a58f9f38095 100644
871 +--- a/net/nfc/hci/core.c
872 ++++ b/net/nfc/hci/core.c
873 +@@ -209,6 +209,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
874 + }
875 + create_info = (struct hci_create_pipe_resp *)skb->data;
876 +
877 ++ if (create_info->pipe >= NFC_HCI_MAX_PIPES) {
878 ++ status = NFC_HCI_ANY_E_NOK;
879 ++ goto exit;
880 ++ }
881 ++
882 + /* Save the new created pipe and bind with local gate,
883 + * the description for skb->data[3] is destination gate id
884 + * but since we received this cmd from host controller, we
885 +@@ -232,6 +237,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
886 + }
887 + delete_info = (struct hci_delete_pipe_noti *)skb->data;
888 +
889 ++ if (delete_info->pipe >= NFC_HCI_MAX_PIPES) {
890 ++ status = NFC_HCI_ANY_E_NOK;
891 ++ goto exit;
892 ++ }
893 ++
894 + hdev->pipes[delete_info->pipe].gate = NFC_HCI_INVALID_GATE;
895 + hdev->pipes[delete_info->pipe].dest_host = NFC_HCI_INVALID_HOST;
896 + break;
897 +diff --git a/sound/firewire/bebob/bebob.c b/sound/firewire/bebob/bebob.c
898 +index 3469ac14c89c..d0dfa822266b 100644
899 +--- a/sound/firewire/bebob/bebob.c
900 ++++ b/sound/firewire/bebob/bebob.c
901 +@@ -263,6 +263,8 @@ do_registration(struct work_struct *work)
902 + error:
903 + mutex_unlock(&devices_mutex);
904 + snd_bebob_stream_destroy_duplex(bebob);
905 ++ kfree(bebob->maudio_special_quirk);
906 ++ bebob->maudio_special_quirk = NULL;
907 + snd_card_free(bebob->card);
908 + dev_info(&bebob->unit->device,
909 + "Sound card registration failed: %d\n", err);
910 +diff --git a/sound/firewire/bebob/bebob_maudio.c b/sound/firewire/bebob/bebob_maudio.c
911 +index 07e5abdbceb5..6dbf047d4f75 100644
912 +--- a/sound/firewire/bebob/bebob_maudio.c
913 ++++ b/sound/firewire/bebob/bebob_maudio.c
914 +@@ -96,17 +96,13 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit)
915 + struct fw_device *device = fw_parent_device(unit);
916 + int err, rcode;
917 + u64 date;
918 +- __le32 cues[3] = {
919 +- cpu_to_le32(MAUDIO_BOOTLOADER_CUE1),
920 +- cpu_to_le32(MAUDIO_BOOTLOADER_CUE2),
921 +- cpu_to_le32(MAUDIO_BOOTLOADER_CUE3)
922 +- };
923 ++ __le32 *cues;
924 +
925 + /* check date of software used to build */
926 + err = snd_bebob_read_block(unit, INFO_OFFSET_SW_DATE,
927 + &date, sizeof(u64));
928 + if (err < 0)
929 +- goto end;
930 ++ return err;
931 + /*
932 + * firmware version 5058 or later has date later than "20070401", but
933 + * 'date' is not null-terminated.
934 +@@ -114,20 +110,28 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit)
935 + if (date < 0x3230303730343031LL) {
936 + dev_err(&unit->device,
937 + "Use firmware version 5058 or later\n");
938 +- err = -ENOSYS;
939 +- goto end;
940 ++ return -ENXIO;
941 + }
942 +
943 ++ cues = kmalloc_array(3, sizeof(*cues), GFP_KERNEL);
944 ++ if (!cues)
945 ++ return -ENOMEM;
946 ++
947 ++ cues[0] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE1);
948 ++ cues[1] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE2);
949 ++ cues[2] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE3);
950 ++
951 + rcode = fw_run_transaction(device->card, TCODE_WRITE_BLOCK_REQUEST,
952 + device->node_id, device->generation,
953 + device->max_speed, BEBOB_ADDR_REG_REQ,
954 +- cues, sizeof(cues));
955 ++ cues, 3 * sizeof(*cues));
956 ++ kfree(cues);
957 + if (rcode != RCODE_COMPLETE) {
958 + dev_err(&unit->device,
959 + "Failed to send a cue to load firmware\n");
960 + err = -EIO;
961 + }
962 +-end:
963 ++
964 + return err;
965 + }
966 +
967 +@@ -290,10 +294,6 @@ snd_bebob_maudio_special_discover(struct snd_bebob *bebob, bool is1814)
968 + bebob->midi_output_ports = 2;
969 + }
970 + end:
971 +- if (err < 0) {
972 +- kfree(params);
973 +- bebob->maudio_special_quirk = NULL;
974 +- }
975 + mutex_unlock(&bebob->mutex);
976 + return err;
977 + }
978 +diff --git a/sound/firewire/digi00x/digi00x.c b/sound/firewire/digi00x/digi00x.c
979 +index 1f5e1d23f31a..ef689997d6a5 100644
980 +--- a/sound/firewire/digi00x/digi00x.c
981 ++++ b/sound/firewire/digi00x/digi00x.c
982 +@@ -49,6 +49,7 @@ static void dg00x_free(struct snd_dg00x *dg00x)
983 + fw_unit_put(dg00x->unit);
984 +
985 + mutex_destroy(&dg00x->mutex);
986 ++ kfree(dg00x);
987 + }
988 +
989 + static void dg00x_card_free(struct snd_card *card)
990 +diff --git a/sound/firewire/fireworks/fireworks.c b/sound/firewire/fireworks/fireworks.c
991 +index 71a0613d3da0..f2d073365cf6 100644
992 +--- a/sound/firewire/fireworks/fireworks.c
993 ++++ b/sound/firewire/fireworks/fireworks.c
994 +@@ -301,6 +301,8 @@ error:
995 + snd_efw_transaction_remove_instance(efw);
996 + snd_efw_stream_destroy_duplex(efw);
997 + snd_card_free(efw->card);
998 ++ kfree(efw->resp_buf);
999 ++ efw->resp_buf = NULL;
1000 + dev_info(&efw->unit->device,
1001 + "Sound card registration failed: %d\n", err);
1002 + }
1003 +diff --git a/sound/firewire/oxfw/oxfw.c b/sound/firewire/oxfw/oxfw.c
1004 +index 474b06d8acd1..696b6cf35003 100644
1005 +--- a/sound/firewire/oxfw/oxfw.c
1006 ++++ b/sound/firewire/oxfw/oxfw.c
1007 +@@ -135,6 +135,7 @@ static void oxfw_free(struct snd_oxfw *oxfw)
1008 +
1009 + kfree(oxfw->spec);
1010 + mutex_destroy(&oxfw->mutex);
1011 ++ kfree(oxfw);
1012 + }
1013 +
1014 + /*
1015 +@@ -212,6 +213,7 @@ static int detect_quirks(struct snd_oxfw *oxfw)
1016 + static void do_registration(struct work_struct *work)
1017 + {
1018 + struct snd_oxfw *oxfw = container_of(work, struct snd_oxfw, dwork.work);
1019 ++ int i;
1020 + int err;
1021 +
1022 + if (oxfw->registered)
1023 +@@ -274,7 +276,15 @@ error:
1024 + snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->rx_stream);
1025 + if (oxfw->has_output)
1026 + snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->tx_stream);
1027 ++ for (i = 0; i < SND_OXFW_STREAM_FORMAT_ENTRIES; ++i) {
1028 ++ kfree(oxfw->tx_stream_formats[i]);
1029 ++ oxfw->tx_stream_formats[i] = NULL;
1030 ++ kfree(oxfw->rx_stream_formats[i]);
1031 ++ oxfw->rx_stream_formats[i] = NULL;
1032 ++ }
1033 + snd_card_free(oxfw->card);
1034 ++ kfree(oxfw->spec);
1035 ++ oxfw->spec = NULL;
1036 + dev_info(&oxfw->unit->device,
1037 + "Sound card registration failed: %d\n", err);
1038 + }
1039 +diff --git a/sound/firewire/tascam/tascam.c b/sound/firewire/tascam/tascam.c
1040 +index 9dc93a7eb9da..4c967ac1c0e8 100644
1041 +--- a/sound/firewire/tascam/tascam.c
1042 ++++ b/sound/firewire/tascam/tascam.c
1043 +@@ -93,6 +93,7 @@ static void tscm_free(struct snd_tscm *tscm)
1044 + fw_unit_put(tscm->unit);
1045 +
1046 + mutex_destroy(&tscm->mutex);
1047 ++ kfree(tscm);
1048 + }
1049 +
1050 + static void tscm_card_free(struct snd_card *card)
1051 +diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c
1052 +index 56fc47bd6dba..50b216fc369f 100644
1053 +--- a/sound/pci/emu10k1/emufx.c
1054 ++++ b/sound/pci/emu10k1/emufx.c
1055 +@@ -2520,7 +2520,7 @@ static int snd_emu10k1_fx8010_ioctl(struct snd_hwdep * hw, struct file *file, un
1056 + emu->support_tlv = 1;
1057 + return put_user(SNDRV_EMU10K1_VERSION, (int __user *)argp);
1058 + case SNDRV_EMU10K1_IOCTL_INFO:
1059 +- info = kmalloc(sizeof(*info), GFP_KERNEL);
1060 ++ info = kzalloc(sizeof(*info), GFP_KERNEL);
1061 + if (!info)
1062 + return -ENOMEM;
1063 + snd_emu10k1_fx8010_info(emu, info);
1064 +diff --git a/sound/soc/codecs/cs4265.c b/sound/soc/codecs/cs4265.c
1065 +index fd966bb851cb..6e8eb1f5a041 100644
1066 +--- a/sound/soc/codecs/cs4265.c
1067 ++++ b/sound/soc/codecs/cs4265.c
1068 +@@ -157,8 +157,8 @@ static const struct snd_kcontrol_new cs4265_snd_controls[] = {
1069 + SOC_SINGLE("Validity Bit Control Switch", CS4265_SPDIF_CTL2,
1070 + 3, 1, 0),
1071 + SOC_ENUM("SPDIF Mono/Stereo", spdif_mono_stereo_enum),
1072 +- SOC_SINGLE("MMTLR Data Switch", 0,
1073 +- 1, 1, 0),
1074 ++ SOC_SINGLE("MMTLR Data Switch", CS4265_SPDIF_CTL2,
1075 ++ 0, 1, 0),
1076 + SOC_ENUM("Mono Channel Select", spdif_mono_select_enum),
1077 + SND_SOC_BYTES("C Data Buffer", CS4265_C_DATA_BUFF, 24),
1078 + };
Report Message
Find on MARC Find on Google Groups