1 |
commit: 0ebaa38341c1d4266ba9b27e39a35bf296bd1c96 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Mar 31 10:45:43 2017 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Mar 31 10:45:43 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=0ebaa383 |
7 |
|
8 |
Linux patch 4.10.8 |
9 |
|
10 |
0000_README | 4 + |
11 |
1007_linux-4.10.8.patch | 493 ++++++++++++++++++++++++++++++++++++++++++++++++ |
12 |
2 files changed, 497 insertions(+) |
13 |
|
14 |
diff --git a/0000_README b/0000_README |
15 |
index 02aad35..4c7de50 100644 |
16 |
--- a/0000_README |
17 |
+++ b/0000_README |
18 |
@@ -71,6 +71,10 @@ Patch: 1006_linux-4.10.7.patch |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 4.10.7 |
21 |
|
22 |
+Patch: 1007_linux-4.10.8.patch |
23 |
+From: http://www.kernel.org |
24 |
+Desc: Linux 4.10.8 |
25 |
+ |
26 |
Patch: 1500_XATTR_USER_PREFIX.patch |
27 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
28 |
Desc: Support for namespace user.pax.* on tmpfs. |
29 |
|
30 |
diff --git a/1007_linux-4.10.8.patch b/1007_linux-4.10.8.patch |
31 |
new file mode 100644 |
32 |
index 0000000..4928a4c |
33 |
--- /dev/null |
34 |
+++ b/1007_linux-4.10.8.patch |
35 |
@@ -0,0 +1,493 @@ |
36 |
+diff --git a/Makefile b/Makefile |
37 |
+index 976e8d1a468a..82e0809fed9b 100644 |
38 |
+--- a/Makefile |
39 |
++++ b/Makefile |
40 |
+@@ -1,6 +1,6 @@ |
41 |
+ VERSION = 4 |
42 |
+ PATCHLEVEL = 10 |
43 |
+-SUBLEVEL = 7 |
44 |
++SUBLEVEL = 8 |
45 |
+ EXTRAVERSION = |
46 |
+ NAME = Fearless Coyote |
47 |
+ |
48 |
+diff --git a/arch/c6x/kernel/ptrace.c b/arch/c6x/kernel/ptrace.c |
49 |
+index 3c494e84444d..a511ac16a8e3 100644 |
50 |
+--- a/arch/c6x/kernel/ptrace.c |
51 |
++++ b/arch/c6x/kernel/ptrace.c |
52 |
+@@ -69,46 +69,6 @@ static int gpr_get(struct task_struct *target, |
53 |
+ 0, sizeof(*regs)); |
54 |
+ } |
55 |
+ |
56 |
+-static int gpr_set(struct task_struct *target, |
57 |
+- const struct user_regset *regset, |
58 |
+- unsigned int pos, unsigned int count, |
59 |
+- const void *kbuf, const void __user *ubuf) |
60 |
+-{ |
61 |
+- int ret; |
62 |
+- struct pt_regs *regs = task_pt_regs(target); |
63 |
+- |
64 |
+- /* Don't copyin TSR or CSR */ |
65 |
+- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
66 |
+- ®s, |
67 |
+- 0, PT_TSR * sizeof(long)); |
68 |
+- if (ret) |
69 |
+- return ret; |
70 |
+- |
71 |
+- ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, |
72 |
+- PT_TSR * sizeof(long), |
73 |
+- (PT_TSR + 1) * sizeof(long)); |
74 |
+- if (ret) |
75 |
+- return ret; |
76 |
+- |
77 |
+- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
78 |
+- ®s, |
79 |
+- (PT_TSR + 1) * sizeof(long), |
80 |
+- PT_CSR * sizeof(long)); |
81 |
+- if (ret) |
82 |
+- return ret; |
83 |
+- |
84 |
+- ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, |
85 |
+- PT_CSR * sizeof(long), |
86 |
+- (PT_CSR + 1) * sizeof(long)); |
87 |
+- if (ret) |
88 |
+- return ret; |
89 |
+- |
90 |
+- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
91 |
+- ®s, |
92 |
+- (PT_CSR + 1) * sizeof(long), -1); |
93 |
+- return ret; |
94 |
+-} |
95 |
+- |
96 |
+ enum c6x_regset { |
97 |
+ REGSET_GPR, |
98 |
+ }; |
99 |
+@@ -120,7 +80,6 @@ static const struct user_regset c6x_regsets[] = { |
100 |
+ .size = sizeof(u32), |
101 |
+ .align = sizeof(u32), |
102 |
+ .get = gpr_get, |
103 |
+- .set = gpr_set |
104 |
+ }, |
105 |
+ }; |
106 |
+ |
107 |
+diff --git a/arch/h8300/kernel/ptrace.c b/arch/h8300/kernel/ptrace.c |
108 |
+index 92075544a19a..0dc1c8f622bc 100644 |
109 |
+--- a/arch/h8300/kernel/ptrace.c |
110 |
++++ b/arch/h8300/kernel/ptrace.c |
111 |
+@@ -95,7 +95,8 @@ static int regs_get(struct task_struct *target, |
112 |
+ long *reg = (long *)®s; |
113 |
+ |
114 |
+ /* build user regs in buffer */ |
115 |
+- for (r = 0; r < ARRAY_SIZE(register_offset); r++) |
116 |
++ BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0); |
117 |
++ for (r = 0; r < sizeof(regs) / sizeof(long); r++) |
118 |
+ *reg++ = h8300_get_reg(target, r); |
119 |
+ |
120 |
+ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, |
121 |
+@@ -113,7 +114,8 @@ static int regs_set(struct task_struct *target, |
122 |
+ long *reg; |
123 |
+ |
124 |
+ /* build user regs in buffer */ |
125 |
+- for (reg = (long *)®s, r = 0; r < ARRAY_SIZE(register_offset); r++) |
126 |
++ BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0); |
127 |
++ for (reg = (long *)®s, r = 0; r < sizeof(regs) / sizeof(long); r++) |
128 |
+ *reg++ = h8300_get_reg(target, r); |
129 |
+ |
130 |
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
131 |
+@@ -122,7 +124,7 @@ static int regs_set(struct task_struct *target, |
132 |
+ return ret; |
133 |
+ |
134 |
+ /* write back to pt_regs */ |
135 |
+- for (reg = (long *)®s, r = 0; r < ARRAY_SIZE(register_offset); r++) |
136 |
++ for (reg = (long *)®s, r = 0; r < sizeof(regs) / sizeof(long); r++) |
137 |
+ h8300_put_reg(target, r, *reg++); |
138 |
+ return 0; |
139 |
+ } |
140 |
+diff --git a/arch/metag/kernel/ptrace.c b/arch/metag/kernel/ptrace.c |
141 |
+index 7563628822bd..5e2dc7defd2c 100644 |
142 |
+--- a/arch/metag/kernel/ptrace.c |
143 |
++++ b/arch/metag/kernel/ptrace.c |
144 |
+@@ -24,6 +24,16 @@ |
145 |
+ * user_regset definitions. |
146 |
+ */ |
147 |
+ |
148 |
++static unsigned long user_txstatus(const struct pt_regs *regs) |
149 |
++{ |
150 |
++ unsigned long data = (unsigned long)regs->ctx.Flags; |
151 |
++ |
152 |
++ if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) |
153 |
++ data |= USER_GP_REGS_STATUS_CATCH_BIT; |
154 |
++ |
155 |
++ return data; |
156 |
++} |
157 |
++ |
158 |
+ int metag_gp_regs_copyout(const struct pt_regs *regs, |
159 |
+ unsigned int pos, unsigned int count, |
160 |
+ void *kbuf, void __user *ubuf) |
161 |
+@@ -62,9 +72,7 @@ int metag_gp_regs_copyout(const struct pt_regs *regs, |
162 |
+ if (ret) |
163 |
+ goto out; |
164 |
+ /* TXSTATUS */ |
165 |
+- data = (unsigned long)regs->ctx.Flags; |
166 |
+- if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) |
167 |
+- data |= USER_GP_REGS_STATUS_CATCH_BIT; |
168 |
++ data = user_txstatus(regs); |
169 |
+ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, |
170 |
+ &data, 4*25, 4*26); |
171 |
+ if (ret) |
172 |
+@@ -119,6 +127,7 @@ int metag_gp_regs_copyin(struct pt_regs *regs, |
173 |
+ if (ret) |
174 |
+ goto out; |
175 |
+ /* TXSTATUS */ |
176 |
++ data = user_txstatus(regs); |
177 |
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
178 |
+ &data, 4*25, 4*26); |
179 |
+ if (ret) |
180 |
+@@ -244,6 +253,8 @@ int metag_rp_state_copyin(struct pt_regs *regs, |
181 |
+ unsigned long long *ptr; |
182 |
+ int ret, i; |
183 |
+ |
184 |
++ if (count < 4*13) |
185 |
++ return -EINVAL; |
186 |
+ /* Read the entire pipeline before making any changes */ |
187 |
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
188 |
+ &rp, 0, 4*13); |
189 |
+@@ -303,7 +314,7 @@ static int metag_tls_set(struct task_struct *target, |
190 |
+ const void *kbuf, const void __user *ubuf) |
191 |
+ { |
192 |
+ int ret; |
193 |
+- void __user *tls; |
194 |
++ void __user *tls = target->thread.tls_ptr; |
195 |
+ |
196 |
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); |
197 |
+ if (ret) |
198 |
+diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c |
199 |
+index c8ba26072132..5d2498eb2340 100644 |
200 |
+--- a/arch/mips/kernel/ptrace.c |
201 |
++++ b/arch/mips/kernel/ptrace.c |
202 |
+@@ -485,7 +485,8 @@ static int fpr_set(struct task_struct *target, |
203 |
+ &target->thread.fpu, |
204 |
+ 0, sizeof(elf_fpregset_t)); |
205 |
+ |
206 |
+- for (i = 0; i < NUM_FPU_REGS; i++) { |
207 |
++ BUILD_BUG_ON(sizeof(fpr_val) != sizeof(elf_fpreg_t)); |
208 |
++ for (i = 0; i < NUM_FPU_REGS && count >= sizeof(elf_fpreg_t); i++) { |
209 |
+ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
210 |
+ &fpr_val, i * sizeof(elf_fpreg_t), |
211 |
+ (i + 1) * sizeof(elf_fpreg_t)); |
212 |
+diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c |
213 |
+index 901063c1cf7e..341129a40e94 100644 |
214 |
+--- a/arch/sparc/kernel/ptrace_64.c |
215 |
++++ b/arch/sparc/kernel/ptrace_64.c |
216 |
+@@ -350,7 +350,7 @@ static int genregs64_set(struct task_struct *target, |
217 |
+ } |
218 |
+ |
219 |
+ if (!ret) { |
220 |
+- unsigned long y; |
221 |
++ unsigned long y = regs->y; |
222 |
+ |
223 |
+ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, |
224 |
+ &y, |
225 |
+diff --git a/arch/x86/include/asm/kvm_page_track.h b/arch/x86/include/asm/kvm_page_track.h |
226 |
+index d74747b031ec..c4eda791f877 100644 |
227 |
+--- a/arch/x86/include/asm/kvm_page_track.h |
228 |
++++ b/arch/x86/include/asm/kvm_page_track.h |
229 |
+@@ -46,6 +46,7 @@ struct kvm_page_track_notifier_node { |
230 |
+ }; |
231 |
+ |
232 |
+ void kvm_page_track_init(struct kvm *kvm); |
233 |
++void kvm_page_track_cleanup(struct kvm *kvm); |
234 |
+ |
235 |
+ void kvm_page_track_free_memslot(struct kvm_memory_slot *free, |
236 |
+ struct kvm_memory_slot *dont); |
237 |
+diff --git a/arch/x86/kvm/page_track.c b/arch/x86/kvm/page_track.c |
238 |
+index 4a1c13eaa518..c9473acd65d6 100644 |
239 |
+--- a/arch/x86/kvm/page_track.c |
240 |
++++ b/arch/x86/kvm/page_track.c |
241 |
+@@ -158,6 +158,14 @@ bool kvm_page_track_is_active(struct kvm_vcpu *vcpu, gfn_t gfn, |
242 |
+ return !!ACCESS_ONCE(slot->arch.gfn_track[mode][index]); |
243 |
+ } |
244 |
+ |
245 |
++void kvm_page_track_cleanup(struct kvm *kvm) |
246 |
++{ |
247 |
++ struct kvm_page_track_notifier_head *head; |
248 |
++ |
249 |
++ head = &kvm->arch.track_notifier_head; |
250 |
++ cleanup_srcu_struct(&head->track_srcu); |
251 |
++} |
252 |
++ |
253 |
+ void kvm_page_track_init(struct kvm *kvm) |
254 |
+ { |
255 |
+ struct kvm_page_track_notifier_head *head; |
256 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
257 |
+index 2c22aef35dbc..c989e67dcc9d 100644 |
258 |
+--- a/arch/x86/kvm/vmx.c |
259 |
++++ b/arch/x86/kvm/vmx.c |
260 |
+@@ -2811,7 +2811,6 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) |
261 |
+ SECONDARY_EXEC_RDTSCP | |
262 |
+ SECONDARY_EXEC_DESC | |
263 |
+ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE | |
264 |
+- SECONDARY_EXEC_ENABLE_VPID | |
265 |
+ SECONDARY_EXEC_APIC_REGISTER_VIRT | |
266 |
+ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | |
267 |
+ SECONDARY_EXEC_WBINVD_EXITING | |
268 |
+@@ -2839,10 +2838,12 @@ static void nested_vmx_setup_ctls_msrs(struct vcpu_vmx *vmx) |
269 |
+ * though it is treated as global context. The alternative is |
270 |
+ * not failing the single-context invvpid, and it is worse. |
271 |
+ */ |
272 |
+- if (enable_vpid) |
273 |
++ if (enable_vpid) { |
274 |
++ vmx->nested.nested_vmx_secondary_ctls_high |= |
275 |
++ SECONDARY_EXEC_ENABLE_VPID; |
276 |
+ vmx->nested.nested_vmx_vpid_caps = VMX_VPID_INVVPID_BIT | |
277 |
+ VMX_VPID_EXTENT_SUPPORTED_MASK; |
278 |
+- else |
279 |
++ } else |
280 |
+ vmx->nested.nested_vmx_vpid_caps = 0; |
281 |
+ |
282 |
+ if (enable_unrestricted_guest) |
283 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
284 |
+index e52c9088660f..b3b212f20f78 100644 |
285 |
+--- a/arch/x86/kvm/x86.c |
286 |
++++ b/arch/x86/kvm/x86.c |
287 |
+@@ -8052,6 +8052,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm) |
288 |
+ kvm_free_vcpus(kvm); |
289 |
+ kvfree(rcu_dereference_check(kvm->arch.apic_map, 1)); |
290 |
+ kvm_mmu_uninit_vm(kvm); |
291 |
++ kvm_page_track_cleanup(kvm); |
292 |
+ } |
293 |
+ |
294 |
+ void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free, |
295 |
+diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c |
296 |
+index 775c88303017..bedce3453dd3 100644 |
297 |
+--- a/drivers/pinctrl/qcom/pinctrl-msm.c |
298 |
++++ b/drivers/pinctrl/qcom/pinctrl-msm.c |
299 |
+@@ -594,10 +594,6 @@ static void msm_gpio_irq_unmask(struct irq_data *d) |
300 |
+ |
301 |
+ spin_lock_irqsave(&pctrl->lock, flags); |
302 |
+ |
303 |
+- val = readl(pctrl->regs + g->intr_status_reg); |
304 |
+- val &= ~BIT(g->intr_status_bit); |
305 |
+- writel(val, pctrl->regs + g->intr_status_reg); |
306 |
+- |
307 |
+ val = readl(pctrl->regs + g->intr_cfg_reg); |
308 |
+ val |= BIT(g->intr_enable_bit); |
309 |
+ writel(val, pctrl->regs + g->intr_cfg_reg); |
310 |
+diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c |
311 |
+index f201f4099620..f204d7cd5354 100644 |
312 |
+--- a/drivers/scsi/qla2xxx/qla_attr.c |
313 |
++++ b/drivers/scsi/qla2xxx/qla_attr.c |
314 |
+@@ -2154,8 +2154,6 @@ qla24xx_vport_delete(struct fc_vport *fc_vport) |
315 |
+ "Timer for the VP[%d] has stopped\n", vha->vp_idx); |
316 |
+ } |
317 |
+ |
318 |
+- BUG_ON(atomic_read(&vha->vref_count)); |
319 |
+- |
320 |
+ qla2x00_free_fcports(vha); |
321 |
+ |
322 |
+ mutex_lock(&ha->vport_lock); |
323 |
+@@ -2163,7 +2161,7 @@ qla24xx_vport_delete(struct fc_vport *fc_vport) |
324 |
+ clear_bit(vha->vp_idx, ha->vp_idx_map); |
325 |
+ mutex_unlock(&ha->vport_lock); |
326 |
+ |
327 |
+- if (vha->qpair->vp_idx == vha->vp_idx) { |
328 |
++ if (vha->qpair && vha->qpair->vp_idx == vha->vp_idx) { |
329 |
+ if (qla2xxx_delete_qpair(vha, vha->qpair) != QLA_SUCCESS) |
330 |
+ ql_log(ql_log_warn, vha, 0x7087, |
331 |
+ "Queue Pair delete failed.\n"); |
332 |
+diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h |
333 |
+index 5b1287a63c49..7887f9b0950d 100644 |
334 |
+--- a/drivers/scsi/qla2xxx/qla_def.h |
335 |
++++ b/drivers/scsi/qla2xxx/qla_def.h |
336 |
+@@ -3788,6 +3788,7 @@ typedef struct scsi_qla_host { |
337 |
+ struct qla8044_reset_template reset_tmplt; |
338 |
+ struct qla_tgt_counters tgt_counters; |
339 |
+ uint16_t bbcr; |
340 |
++ wait_queue_head_t vref_waitq; |
341 |
+ } scsi_qla_host_t; |
342 |
+ |
343 |
+ struct qla27xx_image_status { |
344 |
+@@ -3843,14 +3844,17 @@ struct qla2_sgx { |
345 |
+ mb(); \ |
346 |
+ if (__vha->flags.delete_progress) { \ |
347 |
+ atomic_dec(&__vha->vref_count); \ |
348 |
++ wake_up(&__vha->vref_waitq); \ |
349 |
+ __bail = 1; \ |
350 |
+ } else { \ |
351 |
+ __bail = 0; \ |
352 |
+ } \ |
353 |
+ } while (0) |
354 |
+ |
355 |
+-#define QLA_VHA_MARK_NOT_BUSY(__vha) \ |
356 |
++#define QLA_VHA_MARK_NOT_BUSY(__vha) do { \ |
357 |
+ atomic_dec(&__vha->vref_count); \ |
358 |
++ wake_up(&__vha->vref_waitq); \ |
359 |
++} while (0) \ |
360 |
+ |
361 |
+ #define QLA_QPAIR_MARK_BUSY(__qpair, __bail) do { \ |
362 |
+ atomic_inc(&__qpair->ref_count); \ |
363 |
+diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c |
364 |
+index 7b6317c8c2e9..e2b2d7b6a085 100644 |
365 |
+--- a/drivers/scsi/qla2xxx/qla_init.c |
366 |
++++ b/drivers/scsi/qla2xxx/qla_init.c |
367 |
+@@ -4352,6 +4352,7 @@ qla2x00_update_fcports(scsi_qla_host_t *base_vha) |
368 |
+ } |
369 |
+ } |
370 |
+ atomic_dec(&vha->vref_count); |
371 |
++ wake_up(&vha->vref_waitq); |
372 |
+ } |
373 |
+ spin_unlock_irqrestore(&ha->vport_slock, flags); |
374 |
+ } |
375 |
+diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c |
376 |
+index c6d6f0d912ff..09a490c98763 100644 |
377 |
+--- a/drivers/scsi/qla2xxx/qla_mid.c |
378 |
++++ b/drivers/scsi/qla2xxx/qla_mid.c |
379 |
+@@ -74,13 +74,14 @@ qla24xx_deallocate_vp_id(scsi_qla_host_t *vha) |
380 |
+ * ensures no active vp_list traversal while the vport is removed |
381 |
+ * from the queue) |
382 |
+ */ |
383 |
+- spin_lock_irqsave(&ha->vport_slock, flags); |
384 |
+- while (atomic_read(&vha->vref_count)) { |
385 |
+- spin_unlock_irqrestore(&ha->vport_slock, flags); |
386 |
+- |
387 |
+- msleep(500); |
388 |
++ wait_event_timeout(vha->vref_waitq, atomic_read(&vha->vref_count), |
389 |
++ 10*HZ); |
390 |
+ |
391 |
+- spin_lock_irqsave(&ha->vport_slock, flags); |
392 |
++ spin_lock_irqsave(&ha->vport_slock, flags); |
393 |
++ if (atomic_read(&vha->vref_count)) { |
394 |
++ ql_dbg(ql_dbg_vport, vha, 0xfffa, |
395 |
++ "vha->vref_count=%u timeout\n", vha->vref_count.counter); |
396 |
++ vha->vref_count = (atomic_t)ATOMIC_INIT(0); |
397 |
+ } |
398 |
+ list_del(&vha->list); |
399 |
+ qlt_update_vp_map(vha, RESET_VP_IDX); |
400 |
+@@ -269,6 +270,7 @@ qla2x00_alert_all_vps(struct rsp_que *rsp, uint16_t *mb) |
401 |
+ |
402 |
+ spin_lock_irqsave(&ha->vport_slock, flags); |
403 |
+ atomic_dec(&vha->vref_count); |
404 |
++ wake_up(&vha->vref_waitq); |
405 |
+ } |
406 |
+ i++; |
407 |
+ } |
408 |
+diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c |
409 |
+index 17cdd1d09a57..dc79524178ad 100644 |
410 |
+--- a/drivers/scsi/qla2xxx/qla_os.c |
411 |
++++ b/drivers/scsi/qla2xxx/qla_os.c |
412 |
+@@ -4215,6 +4215,7 @@ struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *sht, |
413 |
+ |
414 |
+ spin_lock_init(&vha->work_lock); |
415 |
+ spin_lock_init(&vha->cmd_list_lock); |
416 |
++ init_waitqueue_head(&vha->vref_waitq); |
417 |
+ |
418 |
+ sprintf(vha->host_str, "%s_%ld", QLA2XXX_DRIVER_NAME, vha->host_no); |
419 |
+ ql_dbg(ql_dbg_init, vha, 0x0041, |
420 |
+diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c |
421 |
+index 772f15821242..4387afabebfd 100644 |
422 |
+--- a/drivers/usb/musb/musb_core.c |
423 |
++++ b/drivers/usb/musb/musb_core.c |
424 |
+@@ -2497,8 +2497,8 @@ static int musb_remove(struct platform_device *pdev) |
425 |
+ pm_runtime_get_sync(musb->controller); |
426 |
+ musb_host_cleanup(musb); |
427 |
+ musb_gadget_cleanup(musb); |
428 |
+- spin_lock_irqsave(&musb->lock, flags); |
429 |
+ musb_platform_disable(musb); |
430 |
++ spin_lock_irqsave(&musb->lock, flags); |
431 |
+ musb_generic_disable(musb); |
432 |
+ spin_unlock_irqrestore(&musb->lock, flags); |
433 |
+ musb_writeb(musb->mregs, MUSB_DEVCTL, 0); |
434 |
+diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c |
435 |
+index 9d2738e9217f..2c2e6792f7e0 100644 |
436 |
+--- a/drivers/virtio/virtio_balloon.c |
437 |
++++ b/drivers/virtio/virtio_balloon.c |
438 |
+@@ -427,6 +427,8 @@ static int init_vqs(struct virtio_balloon *vb) |
439 |
+ * Prime this virtqueue with one buffer so the hypervisor can |
440 |
+ * use it to signal us later (it can't be broken yet!). |
441 |
+ */ |
442 |
++ update_balloon_stats(vb); |
443 |
++ |
444 |
+ sg_init_one(&sg, vb->stats, sizeof vb->stats); |
445 |
+ if (virtqueue_add_outbuf(vb->stats_vq, &sg, 1, vb, GFP_KERNEL) |
446 |
+ < 0) |
447 |
+diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c |
448 |
+index 70ef2b1901e4..bf06ec6d7650 100644 |
449 |
+--- a/kernel/sched/deadline.c |
450 |
++++ b/kernel/sched/deadline.c |
451 |
+@@ -1729,12 +1729,11 @@ static void switched_to_dl(struct rq *rq, struct task_struct *p) |
452 |
+ #ifdef CONFIG_SMP |
453 |
+ if (tsk_nr_cpus_allowed(p) > 1 && rq->dl.overloaded) |
454 |
+ queue_push_tasks(rq); |
455 |
+-#else |
456 |
++#endif |
457 |
+ if (dl_task(rq->curr)) |
458 |
+ check_preempt_curr_dl(rq, p, 0); |
459 |
+ else |
460 |
+ resched_curr(rq); |
461 |
+-#endif |
462 |
+ } |
463 |
+ } |
464 |
+ |
465 |
+diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c |
466 |
+index 2516b8df6dbb..f139f22ce30d 100644 |
467 |
+--- a/kernel/sched/rt.c |
468 |
++++ b/kernel/sched/rt.c |
469 |
+@@ -2198,10 +2198,9 @@ static void switched_to_rt(struct rq *rq, struct task_struct *p) |
470 |
+ #ifdef CONFIG_SMP |
471 |
+ if (tsk_nr_cpus_allowed(p) > 1 && rq->rt.overloaded) |
472 |
+ queue_push_tasks(rq); |
473 |
+-#else |
474 |
++#endif /* CONFIG_SMP */ |
475 |
+ if (p->prio < rq->curr->prio) |
476 |
+ resched_curr(rq); |
477 |
+-#endif /* CONFIG_SMP */ |
478 |
+ } |
479 |
+ } |
480 |
+ |
481 |
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c |
482 |
+index 177e208e8ff5..3c8f5b70abf8 100644 |
483 |
+--- a/net/xfrm/xfrm_policy.c |
484 |
++++ b/net/xfrm/xfrm_policy.c |
485 |
+@@ -3062,6 +3062,11 @@ static int __net_init xfrm_net_init(struct net *net) |
486 |
+ { |
487 |
+ int rv; |
488 |
+ |
489 |
++ /* Initialize the per-net locks here */ |
490 |
++ spin_lock_init(&net->xfrm.xfrm_state_lock); |
491 |
++ spin_lock_init(&net->xfrm.xfrm_policy_lock); |
492 |
++ mutex_init(&net->xfrm.xfrm_cfg_mutex); |
493 |
++ |
494 |
+ rv = xfrm_statistics_init(net); |
495 |
+ if (rv < 0) |
496 |
+ goto out_statistics; |
497 |
+@@ -3078,11 +3083,6 @@ static int __net_init xfrm_net_init(struct net *net) |
498 |
+ if (rv < 0) |
499 |
+ goto out; |
500 |
+ |
501 |
+- /* Initialize the per-net locks here */ |
502 |
+- spin_lock_init(&net->xfrm.xfrm_state_lock); |
503 |
+- spin_lock_init(&net->xfrm.xfrm_policy_lock); |
504 |
+- mutex_init(&net->xfrm.xfrm_cfg_mutex); |
505 |
+- |
506 |
+ return 0; |
507 |
+ |
508 |
+ out: |
509 |
+diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c |
510 |
+index 9705c279494b..40a8aa39220d 100644 |
511 |
+--- a/net/xfrm/xfrm_user.c |
512 |
++++ b/net/xfrm/xfrm_user.c |
513 |
+@@ -412,7 +412,14 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es |
514 |
+ up = nla_data(rp); |
515 |
+ ulen = xfrm_replay_state_esn_len(up); |
516 |
+ |
517 |
+- if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen) |
518 |
++ /* Check the overall length and the internal bitmap length to avoid |
519 |
++ * potential overflow. */ |
520 |
++ if (nla_len(rp) < ulen || |
521 |
++ xfrm_replay_state_esn_len(replay_esn) != ulen || |
522 |
++ replay_esn->bmp_len != up->bmp_len) |
523 |
++ return -EINVAL; |
524 |
++ |
525 |
++ if (up->replay_window > up->bmp_len * sizeof(__u32) * 8) |
526 |
+ return -EINVAL; |
527 |
+ |
528 |
+ return 0; |