Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 27 May 2020 15:26:19
Message-Id: 1590593163.27728be6c304d96b167f86c2c5fa4a154c784da2.mpagano@gentoo
1 commit: 27728be6c304d96b167f86c2c5fa4a154c784da2
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 27 15:26:03 2020 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed May 27 15:26:03 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=27728be6
7
8 Linux patch 4.9.225
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1224_linux-4.9.225.patch | 3057 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 3061 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index c199ad4..ae2c4f5 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -939,6 +939,10 @@ Patch: 1223_linux-4.9.224.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.224
23
24 +Patch: 1224_linux-4.9.225.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.225
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1224_linux-4.9.225.patch b/1224_linux-4.9.225.patch
33 new file mode 100644
34 index 0000000..6134f53
35 --- /dev/null
36 +++ b/1224_linux-4.9.225.patch
37 @@ -0,0 +1,3057 @@
38 +diff --git a/Documentation/networking/l2tp.txt b/Documentation/networking/l2tp.txt
39 +index 4650a00ed012..9bc271cdc9a8 100644
40 +--- a/Documentation/networking/l2tp.txt
41 ++++ b/Documentation/networking/l2tp.txt
42 +@@ -177,10 +177,10 @@ setsockopt on the PPPoX socket to set a debug mask.
43 +
44 + The following debug mask bits are available:
45 +
46 +-PPPOL2TP_MSG_DEBUG verbose debug (if compiled in)
47 +-PPPOL2TP_MSG_CONTROL userspace - kernel interface
48 +-PPPOL2TP_MSG_SEQ sequence numbers handling
49 +-PPPOL2TP_MSG_DATA data packets
50 ++L2TP_MSG_DEBUG verbose debug (if compiled in)
51 ++L2TP_MSG_CONTROL userspace - kernel interface
52 ++L2TP_MSG_SEQ sequence numbers handling
53 ++L2TP_MSG_DATA data packets
54 +
55 + If enabled, files under a l2tp debugfs directory can be used to dump
56 + kernel state about L2TP tunnels and sessions. To access it, the
57 +diff --git a/Makefile b/Makefile
58 +index 3e58c142f92f..d17a2ad3cc4d 100644
59 +--- a/Makefile
60 ++++ b/Makefile
61 +@@ -1,6 +1,6 @@
62 + VERSION = 4
63 + PATCHLEVEL = 9
64 +-SUBLEVEL = 224
65 ++SUBLEVEL = 225
66 + EXTRAVERSION =
67 + NAME = Roaring Lionus
68 +
69 +diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h
70 +index cc414382dab4..561b2ba6bc28 100644
71 +--- a/arch/arm/include/asm/futex.h
72 ++++ b/arch/arm/include/asm/futex.h
73 +@@ -162,8 +162,13 @@ arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr)
74 + preempt_enable();
75 + #endif
76 +
77 +- if (!ret)
78 +- *oval = oldval;
79 ++ /*
80 ++ * Store unconditionally. If ret != 0 the extra store is the least
81 ++ * of the worries but GCC cannot figure out that __futex_atomic_op()
82 ++ * is either setting ret to -EFAULT or storing the old value in
83 ++ * oldval which results in a uninitialized warning at the call site.
84 ++ */
85 ++ *oval = oldval;
86 +
87 + return ret;
88 + }
89 +diff --git a/arch/arm64/kernel/machine_kexec.c b/arch/arm64/kernel/machine_kexec.c
90 +index bc96c8a7fc79..3e4b778f16a5 100644
91 +--- a/arch/arm64/kernel/machine_kexec.c
92 ++++ b/arch/arm64/kernel/machine_kexec.c
93 +@@ -177,7 +177,8 @@ void machine_kexec(struct kimage *kimage)
94 + /* Flush the reboot_code_buffer in preparation for its execution. */
95 + __flush_dcache_area(reboot_code_buffer, arm64_relocate_new_kernel_size);
96 + flush_icache_range((uintptr_t)reboot_code_buffer,
97 +- arm64_relocate_new_kernel_size);
98 ++ (uintptr_t)reboot_code_buffer +
99 ++ arm64_relocate_new_kernel_size);
100 +
101 + /* Flush the kimage list and its buffers. */
102 + kexec_list_flush(kimage);
103 +diff --git a/drivers/base/component.c b/drivers/base/component.c
104 +index 08da6160e94d..55f0856bd9b5 100644
105 +--- a/drivers/base/component.c
106 ++++ b/drivers/base/component.c
107 +@@ -162,7 +162,8 @@ static int try_to_bring_up_master(struct master *master,
108 + ret = master->ops->bind(master->dev);
109 + if (ret < 0) {
110 + devres_release_group(master->dev, NULL);
111 +- dev_info(master->dev, "master bind failed: %d\n", ret);
112 ++ if (ret != -EPROBE_DEFER)
113 ++ dev_info(master->dev, "master bind failed: %d\n", ret);
114 + return ret;
115 + }
116 +
117 +@@ -431,8 +432,9 @@ static int component_bind(struct component *component, struct master *master,
118 + devres_release_group(component->dev, NULL);
119 + devres_release_group(master->dev, NULL);
120 +
121 +- dev_err(master->dev, "failed to bind %s (ops %ps): %d\n",
122 +- dev_name(component->dev), component->ops, ret);
123 ++ if (ret != -EPROBE_DEFER)
124 ++ dev_err(master->dev, "failed to bind %s (ops %ps): %d\n",
125 ++ dev_name(component->dev), component->ops, ret);
126 + }
127 +
128 + return ret;
129 +diff --git a/drivers/dma/tegra210-adma.c b/drivers/dma/tegra210-adma.c
130 +index 2d4aeba579f7..c16c06b3dd2f 100644
131 +--- a/drivers/dma/tegra210-adma.c
132 ++++ b/drivers/dma/tegra210-adma.c
133 +@@ -793,7 +793,7 @@ static int tegra_adma_probe(struct platform_device *pdev)
134 + ret = dma_async_device_register(&tdma->dma_dev);
135 + if (ret < 0) {
136 + dev_err(&pdev->dev, "ADMA registration failed: %d\n", ret);
137 +- goto irq_dispose;
138 ++ goto rpm_put;
139 + }
140 +
141 + ret = of_dma_controller_register(pdev->dev.of_node,
142 +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
143 +index 25c006338100..4630b58634d8 100644
144 +--- a/drivers/hid/hid-ids.h
145 ++++ b/drivers/hid/hid-ids.h
146 +@@ -353,6 +353,7 @@
147 + #define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_7349 0x7349
148 + #define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_73F7 0x73f7
149 + #define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_A001 0xa001
150 ++#define USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_C002 0xc002
151 +
152 + #define USB_VENDOR_ID_ELAN 0x04f3
153 +
154 +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
155 +index fba655d639af..1207102823de 100644
156 +--- a/drivers/hid/hid-multitouch.c
157 ++++ b/drivers/hid/hid-multitouch.c
158 +@@ -1332,6 +1332,9 @@ static const struct hid_device_id mt_devices[] = {
159 + { .driver_data = MT_CLS_EGALAX_SERIAL,
160 + MT_USB_DEVICE(USB_VENDOR_ID_DWAV,
161 + USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_A001) },
162 ++ { .driver_data = MT_CLS_EGALAX,
163 ++ MT_USB_DEVICE(USB_VENDOR_ID_DWAV,
164 ++ USB_DEVICE_ID_DWAV_EGALAX_MULTITOUCH_C002) },
165 +
166 + /* Elitegroup panel */
167 + { .driver_data = MT_CLS_SERIAL,
168 +diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
169 +index eaa312bc3a3c..c4066276eb7b 100644
170 +--- a/drivers/i2c/i2c-dev.c
171 ++++ b/drivers/i2c/i2c-dev.c
172 +@@ -47,7 +47,7 @@
173 + struct i2c_dev {
174 + struct list_head list;
175 + struct i2c_adapter *adap;
176 +- struct device *dev;
177 ++ struct device dev;
178 + struct cdev cdev;
179 + };
180 +
181 +@@ -91,12 +91,14 @@ static struct i2c_dev *get_free_i2c_dev(struct i2c_adapter *adap)
182 + return i2c_dev;
183 + }
184 +
185 +-static void put_i2c_dev(struct i2c_dev *i2c_dev)
186 ++static void put_i2c_dev(struct i2c_dev *i2c_dev, bool del_cdev)
187 + {
188 + spin_lock(&i2c_dev_list_lock);
189 + list_del(&i2c_dev->list);
190 + spin_unlock(&i2c_dev_list_lock);
191 +- kfree(i2c_dev);
192 ++ if (del_cdev)
193 ++ cdev_device_del(&i2c_dev->cdev, &i2c_dev->dev);
194 ++ put_device(&i2c_dev->dev);
195 + }
196 +
197 + static ssize_t name_show(struct device *dev,
198 +@@ -542,6 +544,14 @@ static const struct file_operations i2cdev_fops = {
199 +
200 + static struct class *i2c_dev_class;
201 +
202 ++static void i2cdev_dev_release(struct device *dev)
203 ++{
204 ++ struct i2c_dev *i2c_dev;
205 ++
206 ++ i2c_dev = container_of(dev, struct i2c_dev, dev);
207 ++ kfree(i2c_dev);
208 ++}
209 ++
210 + static int i2cdev_attach_adapter(struct device *dev, void *dummy)
211 + {
212 + struct i2c_adapter *adap;
213 +@@ -558,27 +568,23 @@ static int i2cdev_attach_adapter(struct device *dev, void *dummy)
214 +
215 + cdev_init(&i2c_dev->cdev, &i2cdev_fops);
216 + i2c_dev->cdev.owner = THIS_MODULE;
217 +- res = cdev_add(&i2c_dev->cdev, MKDEV(I2C_MAJOR, adap->nr), 1);
218 +- if (res)
219 +- goto error_cdev;
220 +-
221 +- /* register this i2c device with the driver core */
222 +- i2c_dev->dev = device_create(i2c_dev_class, &adap->dev,
223 +- MKDEV(I2C_MAJOR, adap->nr), NULL,
224 +- "i2c-%d", adap->nr);
225 +- if (IS_ERR(i2c_dev->dev)) {
226 +- res = PTR_ERR(i2c_dev->dev);
227 +- goto error;
228 ++
229 ++ device_initialize(&i2c_dev->dev);
230 ++ i2c_dev->dev.devt = MKDEV(I2C_MAJOR, adap->nr);
231 ++ i2c_dev->dev.class = i2c_dev_class;
232 ++ i2c_dev->dev.parent = &adap->dev;
233 ++ i2c_dev->dev.release = i2cdev_dev_release;
234 ++ dev_set_name(&i2c_dev->dev, "i2c-%d", adap->nr);
235 ++
236 ++ res = cdev_device_add(&i2c_dev->cdev, &i2c_dev->dev);
237 ++ if (res) {
238 ++ put_i2c_dev(i2c_dev, false);
239 ++ return res;
240 + }
241 +
242 + pr_debug("i2c-dev: adapter [%s] registered as minor %d\n",
243 + adap->name, adap->nr);
244 + return 0;
245 +-error:
246 +- cdev_del(&i2c_dev->cdev);
247 +-error_cdev:
248 +- put_i2c_dev(i2c_dev);
249 +- return res;
250 + }
251 +
252 + static int i2cdev_detach_adapter(struct device *dev, void *dummy)
253 +@@ -594,9 +600,7 @@ static int i2cdev_detach_adapter(struct device *dev, void *dummy)
254 + if (!i2c_dev) /* attach_adapter must have failed */
255 + return 0;
256 +
257 +- cdev_del(&i2c_dev->cdev);
258 +- put_i2c_dev(i2c_dev);
259 +- device_destroy(i2c_dev_class, MKDEV(I2C_MAJOR, adap->nr));
260 ++ put_i2c_dev(i2c_dev, true);
261 +
262 + pr_debug("i2c-dev: adapter [%s] unregistered\n", adap->name);
263 + return 0;
264 +diff --git a/drivers/i2c/muxes/i2c-demux-pinctrl.c b/drivers/i2c/muxes/i2c-demux-pinctrl.c
265 +index 3e6fe1760d82..a86c511c29e0 100644
266 +--- a/drivers/i2c/muxes/i2c-demux-pinctrl.c
267 ++++ b/drivers/i2c/muxes/i2c-demux-pinctrl.c
268 +@@ -270,6 +270,7 @@ static int i2c_demux_pinctrl_probe(struct platform_device *pdev)
269 + err_rollback_available:
270 + device_remove_file(&pdev->dev, &dev_attr_available_masters);
271 + err_rollback:
272 ++ i2c_demux_deactivate_master(priv);
273 + for (j = 0; j < i; j++) {
274 + of_node_put(priv->chan[j].parent_np);
275 + of_changeset_destroy(&priv->chan[j].chgset);
276 +diff --git a/drivers/iio/dac/vf610_dac.c b/drivers/iio/dac/vf610_dac.c
277 +index c4ec7779b394..190a7c1c5604 100644
278 +--- a/drivers/iio/dac/vf610_dac.c
279 ++++ b/drivers/iio/dac/vf610_dac.c
280 +@@ -235,6 +235,7 @@ static int vf610_dac_probe(struct platform_device *pdev)
281 + return 0;
282 +
283 + error_iio_device_register:
284 ++ vf610_dac_exit(info);
285 + clk_disable_unprepare(info->clk);
286 +
287 + return ret;
288 +diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
289 +index e6ae8d123984..a3279f303b49 100644
290 +--- a/drivers/iommu/amd_iommu_init.c
291 ++++ b/drivers/iommu/amd_iommu_init.c
292 +@@ -1171,8 +1171,8 @@ static int __init init_iommu_from_acpi(struct amd_iommu *iommu,
293 + }
294 + case IVHD_DEV_ACPI_HID: {
295 + u16 devid;
296 +- u8 hid[ACPIHID_HID_LEN] = {0};
297 +- u8 uid[ACPIHID_UID_LEN] = {0};
298 ++ u8 hid[ACPIHID_HID_LEN];
299 ++ u8 uid[ACPIHID_UID_LEN];
300 + int ret;
301 +
302 + if (h->type != 0x40) {
303 +@@ -1189,6 +1189,7 @@ static int __init init_iommu_from_acpi(struct amd_iommu *iommu,
304 + break;
305 + }
306 +
307 ++ uid[0] = '\0';
308 + switch (e->uidf) {
309 + case UID_NOT_PRESENT:
310 +
311 +@@ -1203,8 +1204,8 @@ static int __init init_iommu_from_acpi(struct amd_iommu *iommu,
312 + break;
313 + case UID_IS_CHARACTER:
314 +
315 +- memcpy(uid, (u8 *)(&e->uid), ACPIHID_UID_LEN - 1);
316 +- uid[ACPIHID_UID_LEN - 1] = '\0';
317 ++ memcpy(uid, &e->uid, e->uidl);
318 ++ uid[e->uidl] = '\0';
319 +
320 + break;
321 + default:
322 +diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c
323 +index 451d417eb451..1c8df33404b0 100644
324 +--- a/drivers/misc/mei/client.c
325 ++++ b/drivers/misc/mei/client.c
326 +@@ -276,6 +276,7 @@ void mei_me_cl_rm_by_uuid(struct mei_device *dev, const uuid_le *uuid)
327 + down_write(&dev->me_clients_rwsem);
328 + me_cl = __mei_me_cl_by_uuid(dev, uuid);
329 + __mei_me_cl_del(dev, me_cl);
330 ++ mei_me_cl_put(me_cl);
331 + up_write(&dev->me_clients_rwsem);
332 + }
333 +
334 +@@ -297,6 +298,7 @@ void mei_me_cl_rm_by_uuid_id(struct mei_device *dev, const uuid_le *uuid, u8 id)
335 + down_write(&dev->me_clients_rwsem);
336 + me_cl = __mei_me_cl_by_uuid_id(dev, uuid, id);
337 + __mei_me_cl_del(dev, me_cl);
338 ++ mei_me_cl_put(me_cl);
339 + up_write(&dev->me_clients_rwsem);
340 + }
341 +
342 +diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
343 +index 5478a2ab45c4..54b5f61c8ed9 100644
344 +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
345 ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
346 +@@ -2236,8 +2236,6 @@ static int cxgb_up(struct adapter *adap)
347 + #if IS_ENABLED(CONFIG_IPV6)
348 + update_clip(adap);
349 + #endif
350 +- /* Initialize hash mac addr list*/
351 +- INIT_LIST_HEAD(&adap->mac_hlist);
352 + return err;
353 +
354 + irq_err:
355 +@@ -2259,6 +2257,7 @@ static void cxgb_down(struct adapter *adapter)
356 +
357 + t4_sge_stop(adapter);
358 + t4_free_sge_resources(adapter);
359 ++
360 + adapter->flags &= ~FULL_INIT_DONE;
361 + }
362 +
363 +@@ -4789,6 +4788,9 @@ static int init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
364 + (is_t5(adapter->params.chip) ? STATMODE_V(0) :
365 + T6_STATMODE_V(0)));
366 +
367 ++ /* Initialize hash mac addr list */
368 ++ INIT_LIST_HEAD(&adapter->mac_hlist);
369 ++
370 + for_each_port(adapter, i) {
371 + netdev = alloc_etherdev_mq(sizeof(struct port_info),
372 + MAX_ETH_QSETS);
373 +@@ -5067,6 +5069,7 @@ sriov:
374 + static void remove_one(struct pci_dev *pdev)
375 + {
376 + struct adapter *adapter = pci_get_drvdata(pdev);
377 ++ struct hash_mac_addr *entry, *tmp;
378 +
379 + if (!adapter) {
380 + pci_release_regions(pdev);
381 +@@ -5105,6 +5108,12 @@ static void remove_one(struct pci_dev *pdev)
382 + if (adapter->num_uld || adapter->num_ofld_uld)
383 + t4_uld_mem_free(adapter);
384 + free_some_resources(adapter);
385 ++ list_for_each_entry_safe(entry, tmp, &adapter->mac_hlist,
386 ++ list) {
387 ++ list_del(&entry->list);
388 ++ kfree(entry);
389 ++ }
390 ++
391 + #if IS_ENABLED(CONFIG_IPV6)
392 + t4_cleanup_clip_tbl(adapter);
393 + #endif
394 +diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c b/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
395 +index 9eb3071b69a4..17db5be9d2b7 100644
396 +--- a/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
397 ++++ b/drivers/net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c
398 +@@ -719,9 +719,6 @@ static int adapter_up(struct adapter *adapter)
399 + if (adapter->flags & USING_MSIX)
400 + name_msix_vecs(adapter);
401 +
402 +- /* Initialize hash mac addr list*/
403 +- INIT_LIST_HEAD(&adapter->mac_hlist);
404 +-
405 + adapter->flags |= FULL_INIT_DONE;
406 + }
407 +
408 +@@ -2902,6 +2899,9 @@ static int cxgb4vf_pci_probe(struct pci_dev *pdev,
409 + if (err)
410 + goto err_unmap_bar;
411 +
412 ++ /* Initialize hash mac addr list */
413 ++ INIT_LIST_HEAD(&adapter->mac_hlist);
414 ++
415 + /*
416 + * Allocate our "adapter ports" and stitch everything together.
417 + */
418 +diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
419 +index 7e35bd665630..90eab0521be1 100644
420 +--- a/drivers/net/ethernet/intel/igb/igb_main.c
421 ++++ b/drivers/net/ethernet/intel/igb/igb_main.c
422 +@@ -3395,7 +3395,7 @@ void igb_configure_tx_ring(struct igb_adapter *adapter,
423 + tdba & 0x00000000ffffffffULL);
424 + wr32(E1000_TDBAH(reg_idx), tdba >> 32);
425 +
426 +- ring->tail = hw->hw_addr + E1000_TDT(reg_idx);
427 ++ ring->tail = adapter->io_addr + E1000_TDT(reg_idx);
428 + wr32(E1000_TDH(reg_idx), 0);
429 + writel(0, ring->tail);
430 +
431 +@@ -3734,7 +3734,7 @@ void igb_configure_rx_ring(struct igb_adapter *adapter,
432 + ring->count * sizeof(union e1000_adv_rx_desc));
433 +
434 + /* initialize head and tail */
435 +- ring->tail = hw->hw_addr + E1000_RDT(reg_idx);
436 ++ ring->tail = adapter->io_addr + E1000_RDT(reg_idx);
437 + wr32(E1000_RDH(reg_idx), 0);
438 + writel(0, ring->tail);
439 +
440 +diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
441 +index a9e8a7356c41..fe844888e0ed 100644
442 +--- a/drivers/net/gtp.c
443 ++++ b/drivers/net/gtp.c
444 +@@ -1108,11 +1108,11 @@ static struct genl_family gtp_genl_family = {
445 + };
446 +
447 + static int gtp_genl_fill_info(struct sk_buff *skb, u32 snd_portid, u32 snd_seq,
448 +- u32 type, struct pdp_ctx *pctx)
449 ++ int flags, u32 type, struct pdp_ctx *pctx)
450 + {
451 + void *genlh;
452 +
453 +- genlh = genlmsg_put(skb, snd_portid, snd_seq, &gtp_genl_family, 0,
454 ++ genlh = genlmsg_put(skb, snd_portid, snd_seq, &gtp_genl_family, flags,
455 + type);
456 + if (genlh == NULL)
457 + goto nlmsg_failure;
458 +@@ -1208,8 +1208,8 @@ static int gtp_genl_get_pdp(struct sk_buff *skb, struct genl_info *info)
459 + goto err_unlock;
460 + }
461 +
462 +- err = gtp_genl_fill_info(skb2, NETLINK_CB(skb).portid,
463 +- info->snd_seq, info->nlhdr->nlmsg_type, pctx);
464 ++ err = gtp_genl_fill_info(skb2, NETLINK_CB(skb).portid, info->snd_seq,
465 ++ 0, info->nlhdr->nlmsg_type, pctx);
466 + if (err < 0)
467 + goto err_unlock_free;
468 +
469 +@@ -1252,6 +1252,7 @@ static int gtp_genl_dump_pdp(struct sk_buff *skb,
470 + gtp_genl_fill_info(skb,
471 + NETLINK_CB(cb->skb).portid,
472 + cb->nlh->nlmsg_seq,
473 ++ NLM_F_MULTI,
474 + cb->nlh->nlmsg_type, pctx)) {
475 + cb->args[0] = i;
476 + cb->args[1] = j;
477 +diff --git a/drivers/nvdimm/btt.c b/drivers/nvdimm/btt.c
478 +index 0c46ada027cf..e90ecb179622 100644
479 +--- a/drivers/nvdimm/btt.c
480 ++++ b/drivers/nvdimm/btt.c
481 +@@ -447,9 +447,9 @@ static int btt_log_init(struct arena_info *arena)
482 +
483 + static int btt_freelist_init(struct arena_info *arena)
484 + {
485 +- int old, new, ret;
486 ++ int new, ret;
487 + u32 i, map_entry;
488 +- struct log_entry log_new, log_old;
489 ++ struct log_entry log_new;
490 +
491 + arena->freelist = kcalloc(arena->nfree, sizeof(struct free_entry),
492 + GFP_KERNEL);
493 +@@ -457,10 +457,6 @@ static int btt_freelist_init(struct arena_info *arena)
494 + return -ENOMEM;
495 +
496 + for (i = 0; i < arena->nfree; i++) {
497 +- old = btt_log_read(arena, i, &log_old, LOG_OLD_ENT);
498 +- if (old < 0)
499 +- return old;
500 +-
501 + new = btt_log_read(arena, i, &log_new, LOG_NEW_ENT);
502 + if (new < 0)
503 + return new;
504 +diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c
505 +index bee2115ecf10..ec7482c7e7eb 100644
506 +--- a/drivers/platform/x86/alienware-wmi.c
507 ++++ b/drivers/platform/x86/alienware-wmi.c
508 +@@ -504,23 +504,22 @@ static acpi_status alienware_wmax_command(struct wmax_basic_args *in_args,
509 +
510 + input.length = (acpi_size) sizeof(*in_args);
511 + input.pointer = in_args;
512 +- if (out_data != NULL) {
513 ++ if (out_data) {
514 + output.length = ACPI_ALLOCATE_BUFFER;
515 + output.pointer = NULL;
516 + status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1,
517 + command, &input, &output);
518 +- } else
519 ++ if (ACPI_SUCCESS(status)) {
520 ++ obj = (union acpi_object *)output.pointer;
521 ++ if (obj && obj->type == ACPI_TYPE_INTEGER)
522 ++ *out_data = (u32)obj->integer.value;
523 ++ }
524 ++ kfree(output.pointer);
525 ++ } else {
526 + status = wmi_evaluate_method(WMAX_CONTROL_GUID, 1,
527 + command, &input, NULL);
528 +-
529 +- if (ACPI_SUCCESS(status) && out_data != NULL) {
530 +- obj = (union acpi_object *)output.pointer;
531 +- if (obj && obj->type == ACPI_TYPE_INTEGER)
532 +- *out_data = (u32) obj->integer.value;
533 + }
534 +- kfree(output.pointer);
535 + return status;
536 +-
537 + }
538 +
539 + /*
540 +diff --git a/drivers/platform/x86/asus-nb-wmi.c b/drivers/platform/x86/asus-nb-wmi.c
541 +index 0fd7e40b86a0..8137aa343706 100644
542 +--- a/drivers/platform/x86/asus-nb-wmi.c
543 ++++ b/drivers/platform/x86/asus-nb-wmi.c
544 +@@ -561,9 +561,33 @@ static struct asus_wmi_driver asus_nb_wmi_driver = {
545 + .detect_quirks = asus_nb_wmi_quirks,
546 + };
547 +
548 ++static const struct dmi_system_id asus_nb_wmi_blacklist[] __initconst = {
549 ++ {
550 ++ /*
551 ++ * asus-nb-wm adds no functionality. The T100TA has a detachable
552 ++ * USB kbd, so no hotkeys and it has no WMI rfkill; and loading
553 ++ * asus-nb-wm causes the camera LED to turn and _stay_ on.
554 ++ */
555 ++ .matches = {
556 ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
557 ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"),
558 ++ },
559 ++ },
560 ++ {
561 ++ /* The Asus T200TA has the same issue as the T100TA */
562 ++ .matches = {
563 ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
564 ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T200TA"),
565 ++ },
566 ++ },
567 ++ {} /* Terminating entry */
568 ++};
569 +
570 + static int __init asus_nb_wmi_init(void)
571 + {
572 ++ if (dmi_check_system(asus_nb_wmi_blacklist))
573 ++ return -ENODEV;
574 ++
575 + return asus_wmi_register_driver(&asus_nb_wmi_driver);
576 + }
577 +
578 +diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c
579 +index 28c45db45aba..ebe8e8dc4677 100644
580 +--- a/drivers/rapidio/devices/rio_mport_cdev.c
581 ++++ b/drivers/rapidio/devices/rio_mport_cdev.c
582 +@@ -905,6 +905,11 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode,
583 + rmcd_error("pinned %ld out of %ld pages",
584 + pinned, nr_pages);
585 + ret = -EFAULT;
586 ++ /*
587 ++ * Set nr_pages up to mean "how many pages to unpin, in
588 ++ * the error handler:
589 ++ */
590 ++ nr_pages = pinned;
591 + goto err_pg;
592 + }
593 +
594 +diff --git a/drivers/staging/greybus/uart.c b/drivers/staging/greybus/uart.c
595 +index 2633d2bfb1b4..9ef9cbfd8926 100644
596 +--- a/drivers/staging/greybus/uart.c
597 ++++ b/drivers/staging/greybus/uart.c
598 +@@ -539,9 +539,9 @@ static void gb_tty_set_termios(struct tty_struct *tty,
599 + }
600 +
601 + if (C_CRTSCTS(tty) && C_BAUD(tty) != B0)
602 +- newline.flow_control |= GB_SERIAL_AUTO_RTSCTS_EN;
603 ++ newline.flow_control = GB_SERIAL_AUTO_RTSCTS_EN;
604 + else
605 +- newline.flow_control &= ~GB_SERIAL_AUTO_RTSCTS_EN;
606 ++ newline.flow_control = 0;
607 +
608 + if (memcmp(&gb_tty->line_coding, &newline, sizeof(newline))) {
609 + memcpy(&gb_tty->line_coding, &newline, sizeof(newline));
610 +diff --git a/drivers/staging/iio/accel/sca3000_ring.c b/drivers/staging/iio/accel/sca3000_ring.c
611 +index d1cb9b9cf22b..391cbcc4ed77 100644
612 +--- a/drivers/staging/iio/accel/sca3000_ring.c
613 ++++ b/drivers/staging/iio/accel/sca3000_ring.c
614 +@@ -56,7 +56,7 @@ static int sca3000_read_data(struct sca3000_state *st,
615 + st->tx[0] = SCA3000_READ_REG(reg_address_high);
616 + ret = spi_sync_transfer(st->us, xfer, ARRAY_SIZE(xfer));
617 + if (ret) {
618 +- dev_err(get_device(&st->us->dev), "problem reading register");
619 ++ dev_err(&st->us->dev, "problem reading register");
620 + goto error_free_rx;
621 + }
622 +
623 +diff --git a/drivers/staging/iio/resolver/ad2s1210.c b/drivers/staging/iio/resolver/ad2s1210.c
624 +index 598f0faa48c8..0f5eb2bf5f73 100644
625 +--- a/drivers/staging/iio/resolver/ad2s1210.c
626 ++++ b/drivers/staging/iio/resolver/ad2s1210.c
627 +@@ -126,17 +126,24 @@ static int ad2s1210_config_write(struct ad2s1210_state *st, u8 data)
628 + static int ad2s1210_config_read(struct ad2s1210_state *st,
629 + unsigned char address)
630 + {
631 +- struct spi_transfer xfer = {
632 +- .len = 2,
633 +- .rx_buf = st->rx,
634 +- .tx_buf = st->tx,
635 ++ struct spi_transfer xfers[] = {
636 ++ {
637 ++ .len = 1,
638 ++ .rx_buf = &st->rx[0],
639 ++ .tx_buf = &st->tx[0],
640 ++ .cs_change = 1,
641 ++ }, {
642 ++ .len = 1,
643 ++ .rx_buf = &st->rx[1],
644 ++ .tx_buf = &st->tx[1],
645 ++ },
646 + };
647 + int ret = 0;
648 +
649 + ad2s1210_set_mode(MOD_CONFIG, st);
650 + st->tx[0] = address | AD2S1210_MSB_IS_HIGH;
651 + st->tx[1] = AD2S1210_REG_FAULT;
652 +- ret = spi_sync_transfer(st->sdev, &xfer, 1);
653 ++ ret = spi_sync_transfer(st->sdev, xfers, 2);
654 + if (ret < 0)
655 + return ret;
656 + st->old_data = true;
657 +diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
658 +index 2e541a029657..e33d23c2f6ea 100644
659 +--- a/drivers/usb/core/message.c
660 ++++ b/drivers/usb/core/message.c
661 +@@ -1081,11 +1081,11 @@ void usb_disable_endpoint(struct usb_device *dev, unsigned int epaddr,
662 +
663 + if (usb_endpoint_out(epaddr)) {
664 + ep = dev->ep_out[epnum];
665 +- if (reset_hardware)
666 ++ if (reset_hardware && epnum != 0)
667 + dev->ep_out[epnum] = NULL;
668 + } else {
669 + ep = dev->ep_in[epnum];
670 +- if (reset_hardware)
671 ++ if (reset_hardware && epnum != 0)
672 + dev->ep_in[epnum] = NULL;
673 + }
674 + if (ep) {
675 +diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
676 +index 9e17d933ea94..3167f276c4c2 100644
677 +--- a/drivers/watchdog/watchdog_dev.c
678 ++++ b/drivers/watchdog/watchdog_dev.c
679 +@@ -38,7 +38,6 @@
680 + #include <linux/init.h> /* For __init/__exit/... */
681 + #include <linux/jiffies.h> /* For timeout functions */
682 + #include <linux/kernel.h> /* For printk/panic/... */
683 +-#include <linux/kref.h> /* For data references */
684 + #include <linux/miscdevice.h> /* For handling misc devices */
685 + #include <linux/module.h> /* For module stuff/... */
686 + #include <linux/mutex.h> /* For mutexes */
687 +@@ -53,14 +52,14 @@
688 +
689 + /*
690 + * struct watchdog_core_data - watchdog core internal data
691 +- * @kref: Reference count.
692 ++ * @dev: The watchdog's internal device
693 + * @cdev: The watchdog's Character device.
694 + * @wdd: Pointer to watchdog device.
695 + * @lock: Lock for watchdog core.
696 + * @status: Watchdog core internal status bits.
697 + */
698 + struct watchdog_core_data {
699 +- struct kref kref;
700 ++ struct device dev;
701 + struct cdev cdev;
702 + struct watchdog_device *wdd;
703 + struct mutex lock;
704 +@@ -794,7 +793,7 @@ static int watchdog_open(struct inode *inode, struct file *file)
705 + file->private_data = wd_data;
706 +
707 + if (!hw_running)
708 +- kref_get(&wd_data->kref);
709 ++ get_device(&wd_data->dev);
710 +
711 + /* dev/watchdog is a virtual (and thus non-seekable) filesystem */
712 + return nonseekable_open(inode, file);
713 +@@ -806,11 +805,11 @@ out_clear:
714 + return err;
715 + }
716 +
717 +-static void watchdog_core_data_release(struct kref *kref)
718 ++static void watchdog_core_data_release(struct device *dev)
719 + {
720 + struct watchdog_core_data *wd_data;
721 +
722 +- wd_data = container_of(kref, struct watchdog_core_data, kref);
723 ++ wd_data = container_of(dev, struct watchdog_core_data, dev);
724 +
725 + kfree(wd_data);
726 + }
727 +@@ -870,7 +869,7 @@ done:
728 + */
729 + if (!running) {
730 + module_put(wd_data->cdev.owner);
731 +- kref_put(&wd_data->kref, watchdog_core_data_release);
732 ++ put_device(&wd_data->dev);
733 + }
734 + return 0;
735 + }
736 +@@ -889,17 +888,22 @@ static struct miscdevice watchdog_miscdev = {
737 + .fops = &watchdog_fops,
738 + };
739 +
740 ++static struct class watchdog_class = {
741 ++ .name = "watchdog",
742 ++ .owner = THIS_MODULE,
743 ++ .dev_groups = wdt_groups,
744 ++};
745 ++
746 + /*
747 + * watchdog_cdev_register: register watchdog character device
748 + * @wdd: watchdog device
749 +- * @devno: character device number
750 + *
751 + * Register a watchdog character device including handling the legacy
752 + * /dev/watchdog node. /dev/watchdog is actually a miscdevice and
753 + * thus we set it up like that.
754 + */
755 +
756 +-static int watchdog_cdev_register(struct watchdog_device *wdd, dev_t devno)
757 ++static int watchdog_cdev_register(struct watchdog_device *wdd)
758 + {
759 + struct watchdog_core_data *wd_data;
760 + int err;
761 +@@ -907,7 +911,6 @@ static int watchdog_cdev_register(struct watchdog_device *wdd, dev_t devno)
762 + wd_data = kzalloc(sizeof(struct watchdog_core_data), GFP_KERNEL);
763 + if (!wd_data)
764 + return -ENOMEM;
765 +- kref_init(&wd_data->kref);
766 + mutex_init(&wd_data->lock);
767 +
768 + wd_data->wdd = wdd;
769 +@@ -934,23 +937,33 @@ static int watchdog_cdev_register(struct watchdog_device *wdd, dev_t devno)
770 + }
771 + }
772 +
773 ++ device_initialize(&wd_data->dev);
774 ++ wd_data->dev.devt = MKDEV(MAJOR(watchdog_devt), wdd->id);
775 ++ wd_data->dev.class = &watchdog_class;
776 ++ wd_data->dev.parent = wdd->parent;
777 ++ wd_data->dev.groups = wdd->groups;
778 ++ wd_data->dev.release = watchdog_core_data_release;
779 ++ dev_set_drvdata(&wd_data->dev, wdd);
780 ++ dev_set_name(&wd_data->dev, "watchdog%d", wdd->id);
781 ++
782 + /* Fill in the data structures */
783 + cdev_init(&wd_data->cdev, &watchdog_fops);
784 +- wd_data->cdev.owner = wdd->ops->owner;
785 +
786 + /* Add the device */
787 +- err = cdev_add(&wd_data->cdev, devno, 1);
788 ++ err = cdev_device_add(&wd_data->cdev, &wd_data->dev);
789 + if (err) {
790 + pr_err("watchdog%d unable to add device %d:%d\n",
791 + wdd->id, MAJOR(watchdog_devt), wdd->id);
792 + if (wdd->id == 0) {
793 + misc_deregister(&watchdog_miscdev);
794 + old_wd_data = NULL;
795 +- kref_put(&wd_data->kref, watchdog_core_data_release);
796 ++ put_device(&wd_data->dev);
797 + }
798 + return err;
799 + }
800 +
801 ++ wd_data->cdev.owner = wdd->ops->owner;
802 ++
803 + /* Record time of most recent heartbeat as 'just before now'. */
804 + wd_data->last_hw_keepalive = jiffies - 1;
805 +
806 +@@ -960,7 +973,7 @@ static int watchdog_cdev_register(struct watchdog_device *wdd, dev_t devno)
807 + */
808 + if (watchdog_hw_running(wdd)) {
809 + __module_get(wdd->ops->owner);
810 +- kref_get(&wd_data->kref);
811 ++ get_device(&wd_data->dev);
812 + queue_delayed_work(watchdog_wq, &wd_data->work, 0);
813 + }
814 +
815 +@@ -979,7 +992,7 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
816 + {
817 + struct watchdog_core_data *wd_data = wdd->wd_data;
818 +
819 +- cdev_del(&wd_data->cdev);
820 ++ cdev_device_del(&wd_data->cdev, &wd_data->dev);
821 + if (wdd->id == 0) {
822 + misc_deregister(&watchdog_miscdev);
823 + old_wd_data = NULL;
824 +@@ -992,15 +1005,9 @@ static void watchdog_cdev_unregister(struct watchdog_device *wdd)
825 +
826 + cancel_delayed_work_sync(&wd_data->work);
827 +
828 +- kref_put(&wd_data->kref, watchdog_core_data_release);
829 ++ put_device(&wd_data->dev);
830 + }
831 +
832 +-static struct class watchdog_class = {
833 +- .name = "watchdog",
834 +- .owner = THIS_MODULE,
835 +- .dev_groups = wdt_groups,
836 +-};
837 +-
838 + /*
839 + * watchdog_dev_register: register a watchdog device
840 + * @wdd: watchdog device
841 +@@ -1012,27 +1019,14 @@ static struct class watchdog_class = {
842 +
843 + int watchdog_dev_register(struct watchdog_device *wdd)
844 + {
845 +- struct device *dev;
846 +- dev_t devno;
847 + int ret;
848 +
849 +- devno = MKDEV(MAJOR(watchdog_devt), wdd->id);
850 +-
851 +- ret = watchdog_cdev_register(wdd, devno);
852 ++ ret = watchdog_cdev_register(wdd);
853 + if (ret)
854 + return ret;
855 +
856 +- dev = device_create_with_groups(&watchdog_class, wdd->parent,
857 +- devno, wdd, wdd->groups,
858 +- "watchdog%d", wdd->id);
859 +- if (IS_ERR(dev)) {
860 +- watchdog_cdev_unregister(wdd);
861 +- return PTR_ERR(dev);
862 +- }
863 +-
864 + ret = watchdog_register_pretimeout(wdd);
865 + if (ret) {
866 +- device_destroy(&watchdog_class, devno);
867 + watchdog_cdev_unregister(wdd);
868 + }
869 +
870 +@@ -1050,7 +1044,6 @@ int watchdog_dev_register(struct watchdog_device *wdd)
871 + void watchdog_dev_unregister(struct watchdog_device *wdd)
872 + {
873 + watchdog_unregister_pretimeout(wdd);
874 +- device_destroy(&watchdog_class, wdd->wd_data->cdev.dev);
875 + watchdog_cdev_unregister(wdd);
876 + }
877 +
878 +diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
879 +index 617e9ae67f50..e11aacb35d6b 100644
880 +--- a/fs/ceph/caps.c
881 ++++ b/fs/ceph/caps.c
882 +@@ -3394,6 +3394,7 @@ retry:
883 + WARN_ON(1);
884 + tsession = NULL;
885 + target = -1;
886 ++ mutex_lock(&session->s_mutex);
887 + }
888 + goto retry;
889 +
890 +diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
891 +index c2ef617d2f97..c875f246cb0e 100644
892 +--- a/fs/configfs/dir.c
893 ++++ b/fs/configfs/dir.c
894 +@@ -1537,6 +1537,7 @@ static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
895 + spin_lock(&configfs_dirent_lock);
896 + configfs_detach_rollback(dentry);
897 + spin_unlock(&configfs_dirent_lock);
898 ++ config_item_put(parent_item);
899 + return -EINTR;
900 + }
901 + frag->frag_dead = true;
902 +diff --git a/fs/file.c b/fs/file.c
903 +index 09aac4d4729b..82d3f925bab3 100644
904 +--- a/fs/file.c
905 ++++ b/fs/file.c
906 +@@ -89,7 +89,7 @@ static void copy_fd_bitmaps(struct fdtable *nfdt, struct fdtable *ofdt,
907 + */
908 + static void copy_fdtable(struct fdtable *nfdt, struct fdtable *ofdt)
909 + {
910 +- unsigned int cpy, set;
911 ++ size_t cpy, set;
912 +
913 + BUG_ON(nfdt->max_fds < ofdt->max_fds);
914 +
915 +diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
916 +index adc1a97cfe96..efd44d5645d8 100644
917 +--- a/fs/gfs2/glock.c
918 ++++ b/fs/gfs2/glock.c
919 +@@ -548,9 +548,6 @@ __acquires(&gl->gl_lockref.lock)
920 + goto out_unlock;
921 + if (nonblock)
922 + goto out_sched;
923 +- smp_mb();
924 +- if (atomic_read(&gl->gl_revokes) != 0)
925 +- goto out_sched;
926 + set_bit(GLF_DEMOTE_IN_PROGRESS, &gl->gl_flags);
927 + GLOCK_BUG_ON(gl, gl->gl_demote_state == LM_ST_EXCLUSIVE);
928 + gl->gl_target = gl->gl_demote_state;
929 +diff --git a/include/linux/net.h b/include/linux/net.h
930 +index cd0c8bd0a1de..54270c4707cf 100644
931 +--- a/include/linux/net.h
932 ++++ b/include/linux/net.h
933 +@@ -298,6 +298,9 @@ int kernel_sendpage(struct socket *sock, struct page *page, int offset,
934 + int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
935 + int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how);
936 +
937 ++/* Routine returns the IP overhead imposed by a (caller-protected) socket. */
938 ++u32 kernel_sock_ip_overhead(struct sock *sk);
939 ++
940 + #define MODULE_ALIAS_NETPROTO(proto) \
941 + MODULE_ALIAS("net-pf-" __stringify(proto))
942 +
943 +diff --git a/include/linux/padata.h b/include/linux/padata.h
944 +index 0f9e567d5e15..3afa17ed59da 100644
945 +--- a/include/linux/padata.h
946 ++++ b/include/linux/padata.h
947 +@@ -24,7 +24,6 @@
948 + #include <linux/workqueue.h>
949 + #include <linux/spinlock.h>
950 + #include <linux/list.h>
951 +-#include <linux/timer.h>
952 + #include <linux/notifier.h>
953 + #include <linux/kobject.h>
954 +
955 +@@ -37,6 +36,7 @@
956 + * @list: List entry, to attach to the padata lists.
957 + * @pd: Pointer to the internal control structure.
958 + * @cb_cpu: Callback cpu for serializatioon.
959 ++ * @cpu: Cpu for parallelization.
960 + * @seq_nr: Sequence number of the parallelized data object.
961 + * @info: Used to pass information from the parallel to the serial function.
962 + * @parallel: Parallel execution function.
963 +@@ -46,6 +46,7 @@ struct padata_priv {
964 + struct list_head list;
965 + struct parallel_data *pd;
966 + int cb_cpu;
967 ++ int cpu;
968 + int info;
969 + void (*parallel)(struct padata_priv *padata);
970 + void (*serial)(struct padata_priv *padata);
971 +@@ -83,7 +84,6 @@ struct padata_serial_queue {
972 + * @serial: List to wait for serialization after reordering.
973 + * @pwork: work struct for parallelization.
974 + * @swork: work struct for serialization.
975 +- * @pd: Backpointer to the internal control structure.
976 + * @work: work struct for parallelization.
977 + * @num_obj: Number of objects that are processed by this cpu.
978 + * @cpu_index: Index of the cpu.
979 +@@ -91,7 +91,6 @@ struct padata_serial_queue {
980 + struct padata_parallel_queue {
981 + struct padata_list parallel;
982 + struct padata_list reorder;
983 +- struct parallel_data *pd;
984 + struct work_struct work;
985 + atomic_t num_obj;
986 + int cpu_index;
987 +@@ -118,10 +117,10 @@ struct padata_cpumask {
988 + * @reorder_objects: Number of objects waiting in the reorder queues.
989 + * @refcnt: Number of objects holding a reference on this parallel_data.
990 + * @max_seq_nr: Maximal used sequence number.
991 ++ * @cpu: Next CPU to be processed.
992 + * @cpumask: The cpumasks in use for parallel and serial workers.
993 ++ * @reorder_work: work struct for reordering.
994 + * @lock: Reorder lock.
995 +- * @processed: Number of already processed objects.
996 +- * @timer: Reorder timer.
997 + */
998 + struct parallel_data {
999 + struct padata_instance *pinst;
1000 +@@ -130,10 +129,10 @@ struct parallel_data {
1001 + atomic_t reorder_objects;
1002 + atomic_t refcnt;
1003 + atomic_t seq_nr;
1004 ++ int cpu;
1005 + struct padata_cpumask cpumask;
1006 ++ struct work_struct reorder_work;
1007 + spinlock_t lock ____cacheline_aligned;
1008 +- unsigned int processed;
1009 +- struct timer_list timer;
1010 + };
1011 +
1012 + /**
1013 +diff --git a/include/uapi/linux/if_pppol2tp.h b/include/uapi/linux/if_pppol2tp.h
1014 +index 4bd1f55d6377..6418c4d10241 100644
1015 +--- a/include/uapi/linux/if_pppol2tp.h
1016 ++++ b/include/uapi/linux/if_pppol2tp.h
1017 +@@ -18,6 +18,7 @@
1018 + #include <linux/types.h>
1019 + #include <linux/in.h>
1020 + #include <linux/in6.h>
1021 ++#include <linux/l2tp.h>
1022 +
1023 + /* Structure used to connect() the socket to a particular tunnel UDP
1024 + * socket over IPv4.
1025 +@@ -90,14 +91,12 @@ enum {
1026 + PPPOL2TP_SO_REORDERTO = 5,
1027 + };
1028 +
1029 +-/* Debug message categories for the DEBUG socket option */
1030 ++/* Debug message categories for the DEBUG socket option (deprecated) */
1031 + enum {
1032 +- PPPOL2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if
1033 +- * compiled in) */
1034 +- PPPOL2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel
1035 +- * interface */
1036 +- PPPOL2TP_MSG_SEQ = (1 << 2), /* sequence numbers */
1037 +- PPPOL2TP_MSG_DATA = (1 << 3), /* data packets */
1038 ++ PPPOL2TP_MSG_DEBUG = L2TP_MSG_DEBUG,
1039 ++ PPPOL2TP_MSG_CONTROL = L2TP_MSG_CONTROL,
1040 ++ PPPOL2TP_MSG_SEQ = L2TP_MSG_SEQ,
1041 ++ PPPOL2TP_MSG_DATA = L2TP_MSG_DATA,
1042 + };
1043 +
1044 +
1045 +diff --git a/include/uapi/linux/l2tp.h b/include/uapi/linux/l2tp.h
1046 +index 4bd27d0270a2..bb2d62037037 100644
1047 +--- a/include/uapi/linux/l2tp.h
1048 ++++ b/include/uapi/linux/l2tp.h
1049 +@@ -108,7 +108,7 @@ enum {
1050 + L2TP_ATTR_VLAN_ID, /* u16 */
1051 + L2TP_ATTR_COOKIE, /* 0, 4 or 8 bytes */
1052 + L2TP_ATTR_PEER_COOKIE, /* 0, 4 or 8 bytes */
1053 +- L2TP_ATTR_DEBUG, /* u32 */
1054 ++ L2TP_ATTR_DEBUG, /* u32, enum l2tp_debug_flags */
1055 + L2TP_ATTR_RECV_SEQ, /* u8 */
1056 + L2TP_ATTR_SEND_SEQ, /* u8 */
1057 + L2TP_ATTR_LNS_MODE, /* u8 */
1058 +@@ -175,6 +175,21 @@ enum l2tp_seqmode {
1059 + L2TP_SEQ_ALL = 2,
1060 + };
1061 +
1062 ++/**
1063 ++ * enum l2tp_debug_flags - debug message categories for L2TP tunnels/sessions
1064 ++ *
1065 ++ * @L2TP_MSG_DEBUG: verbose debug (if compiled in)
1066 ++ * @L2TP_MSG_CONTROL: userspace - kernel interface
1067 ++ * @L2TP_MSG_SEQ: sequence numbers
1068 ++ * @L2TP_MSG_DATA: data packets
1069 ++ */
1070 ++enum l2tp_debug_flags {
1071 ++ L2TP_MSG_DEBUG = (1 << 0),
1072 ++ L2TP_MSG_CONTROL = (1 << 1),
1073 ++ L2TP_MSG_SEQ = (1 << 2),
1074 ++ L2TP_MSG_DATA = (1 << 3),
1075 ++};
1076 ++
1077 + /*
1078 + * NETLINK_GENERIC related info
1079 + */
1080 +diff --git a/kernel/padata.c b/kernel/padata.c
1081 +index 6939111b3cbe..e82f066d63ac 100644
1082 +--- a/kernel/padata.c
1083 ++++ b/kernel/padata.c
1084 +@@ -66,15 +66,11 @@ static int padata_cpu_hash(struct parallel_data *pd)
1085 + static void padata_parallel_worker(struct work_struct *parallel_work)
1086 + {
1087 + struct padata_parallel_queue *pqueue;
1088 +- struct parallel_data *pd;
1089 +- struct padata_instance *pinst;
1090 + LIST_HEAD(local_list);
1091 +
1092 + local_bh_disable();
1093 + pqueue = container_of(parallel_work,
1094 + struct padata_parallel_queue, work);
1095 +- pd = pqueue->pd;
1096 +- pinst = pd->pinst;
1097 +
1098 + spin_lock(&pqueue->parallel.lock);
1099 + list_replace_init(&pqueue->parallel.list, &local_list);
1100 +@@ -137,6 +133,7 @@ int padata_do_parallel(struct padata_instance *pinst,
1101 + padata->cb_cpu = cb_cpu;
1102 +
1103 + target_cpu = padata_cpu_hash(pd);
1104 ++ padata->cpu = target_cpu;
1105 + queue = per_cpu_ptr(pd->pqueue, target_cpu);
1106 +
1107 + spin_lock(&queue->parallel.lock);
1108 +@@ -160,8 +157,6 @@ EXPORT_SYMBOL(padata_do_parallel);
1109 + * A pointer to the control struct of the next object that needs
1110 + * serialization, if present in one of the percpu reorder queues.
1111 + *
1112 +- * NULL, if all percpu reorder queues are empty.
1113 +- *
1114 + * -EINPROGRESS, if the next object that needs serialization will
1115 + * be parallel processed by another cpu and is not yet present in
1116 + * the cpu's reorder queue.
1117 +@@ -171,25 +166,12 @@ EXPORT_SYMBOL(padata_do_parallel);
1118 + */
1119 + static struct padata_priv *padata_get_next(struct parallel_data *pd)
1120 + {
1121 +- int cpu, num_cpus;
1122 +- unsigned int next_nr, next_index;
1123 + struct padata_parallel_queue *next_queue;
1124 + struct padata_priv *padata;
1125 + struct padata_list *reorder;
1126 ++ int cpu = pd->cpu;
1127 +
1128 +- num_cpus = cpumask_weight(pd->cpumask.pcpu);
1129 +-
1130 +- /*
1131 +- * Calculate the percpu reorder queue and the sequence
1132 +- * number of the next object.
1133 +- */
1134 +- next_nr = pd->processed;
1135 +- next_index = next_nr % num_cpus;
1136 +- cpu = padata_index_to_cpu(pd, next_index);
1137 + next_queue = per_cpu_ptr(pd->pqueue, cpu);
1138 +-
1139 +- padata = NULL;
1140 +-
1141 + reorder = &next_queue->reorder;
1142 +
1143 + spin_lock(&reorder->lock);
1144 +@@ -200,7 +182,8 @@ static struct padata_priv *padata_get_next(struct parallel_data *pd)
1145 + list_del_init(&padata->list);
1146 + atomic_dec(&pd->reorder_objects);
1147 +
1148 +- pd->processed++;
1149 ++ pd->cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu, -1,
1150 ++ false);
1151 +
1152 + spin_unlock(&reorder->lock);
1153 + goto out;
1154 +@@ -223,6 +206,7 @@ static void padata_reorder(struct parallel_data *pd)
1155 + struct padata_priv *padata;
1156 + struct padata_serial_queue *squeue;
1157 + struct padata_instance *pinst = pd->pinst;
1158 ++ struct padata_parallel_queue *next_queue;
1159 +
1160 + /*
1161 + * We need to ensure that only one cpu can work on dequeueing of
1162 +@@ -241,12 +225,11 @@ static void padata_reorder(struct parallel_data *pd)
1163 + padata = padata_get_next(pd);
1164 +
1165 + /*
1166 +- * All reorder queues are empty, or the next object that needs
1167 +- * serialization is parallel processed by another cpu and is
1168 +- * still on it's way to the cpu's reorder queue, nothing to
1169 +- * do for now.
1170 ++ * If the next object that needs serialization is parallel
1171 ++ * processed by another cpu and is still on it's way to the
1172 ++ * cpu's reorder queue, nothing to do for now.
1173 + */
1174 +- if (!padata || PTR_ERR(padata) == -EINPROGRESS)
1175 ++ if (PTR_ERR(padata) == -EINPROGRESS)
1176 + break;
1177 +
1178 + /*
1179 +@@ -255,7 +238,6 @@ static void padata_reorder(struct parallel_data *pd)
1180 + * so exit immediately.
1181 + */
1182 + if (PTR_ERR(padata) == -ENODATA) {
1183 +- del_timer(&pd->timer);
1184 + spin_unlock_bh(&pd->lock);
1185 + return;
1186 + }
1187 +@@ -274,28 +256,27 @@ static void padata_reorder(struct parallel_data *pd)
1188 +
1189 + /*
1190 + * The next object that needs serialization might have arrived to
1191 +- * the reorder queues in the meantime, we will be called again
1192 +- * from the timer function if no one else cares for it.
1193 ++ * the reorder queues in the meantime.
1194 + *
1195 +- * Ensure reorder_objects is read after pd->lock is dropped so we see
1196 +- * an increment from another task in padata_do_serial. Pairs with
1197 ++ * Ensure reorder queue is read after pd->lock is dropped so we see
1198 ++ * new objects from another task in padata_do_serial. Pairs with
1199 + * smp_mb__after_atomic in padata_do_serial.
1200 + */
1201 + smp_mb();
1202 +- if (atomic_read(&pd->reorder_objects)
1203 +- && !(pinst->flags & PADATA_RESET))
1204 +- mod_timer(&pd->timer, jiffies + HZ);
1205 +- else
1206 +- del_timer(&pd->timer);
1207 +
1208 +- return;
1209 ++ next_queue = per_cpu_ptr(pd->pqueue, pd->cpu);
1210 ++ if (!list_empty(&next_queue->reorder.list))
1211 ++ queue_work(pinst->wq, &pd->reorder_work);
1212 + }
1213 +
1214 +-static void padata_reorder_timer(unsigned long arg)
1215 ++static void invoke_padata_reorder(struct work_struct *work)
1216 + {
1217 +- struct parallel_data *pd = (struct parallel_data *)arg;
1218 ++ struct parallel_data *pd;
1219 +
1220 ++ local_bh_disable();
1221 ++ pd = container_of(work, struct parallel_data, reorder_work);
1222 + padata_reorder(pd);
1223 ++ local_bh_enable();
1224 + }
1225 +
1226 + static void padata_serial_worker(struct work_struct *serial_work)
1227 +@@ -342,29 +323,22 @@ static void padata_serial_worker(struct work_struct *serial_work)
1228 + */
1229 + void padata_do_serial(struct padata_priv *padata)
1230 + {
1231 +- int cpu;
1232 +- struct padata_parallel_queue *pqueue;
1233 +- struct parallel_data *pd;
1234 +-
1235 +- pd = padata->pd;
1236 +-
1237 +- cpu = get_cpu();
1238 +- pqueue = per_cpu_ptr(pd->pqueue, cpu);
1239 ++ struct parallel_data *pd = padata->pd;
1240 ++ struct padata_parallel_queue *pqueue = per_cpu_ptr(pd->pqueue,
1241 ++ padata->cpu);
1242 +
1243 + spin_lock(&pqueue->reorder.lock);
1244 +- atomic_inc(&pd->reorder_objects);
1245 + list_add_tail(&padata->list, &pqueue->reorder.list);
1246 ++ atomic_inc(&pd->reorder_objects);
1247 + spin_unlock(&pqueue->reorder.lock);
1248 +
1249 + /*
1250 +- * Ensure the atomic_inc of reorder_objects above is ordered correctly
1251 ++ * Ensure the addition to the reorder list is ordered correctly
1252 + * with the trylock of pd->lock in padata_reorder. Pairs with smp_mb
1253 + * in padata_reorder.
1254 + */
1255 + smp_mb__after_atomic();
1256 +
1257 +- put_cpu();
1258 +-
1259 + padata_reorder(pd);
1260 + }
1261 + EXPORT_SYMBOL(padata_do_serial);
1262 +@@ -413,9 +387,14 @@ static void padata_init_pqueues(struct parallel_data *pd)
1263 + struct padata_parallel_queue *pqueue;
1264 +
1265 + cpu_index = 0;
1266 +- for_each_cpu(cpu, pd->cpumask.pcpu) {
1267 ++ for_each_possible_cpu(cpu) {
1268 + pqueue = per_cpu_ptr(pd->pqueue, cpu);
1269 +- pqueue->pd = pd;
1270 ++
1271 ++ if (!cpumask_test_cpu(cpu, pd->cpumask.pcpu)) {
1272 ++ pqueue->cpu_index = -1;
1273 ++ continue;
1274 ++ }
1275 ++
1276 + pqueue->cpu_index = cpu_index;
1277 + cpu_index++;
1278 +
1279 +@@ -449,12 +428,13 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst,
1280 +
1281 + padata_init_pqueues(pd);
1282 + padata_init_squeues(pd);
1283 +- setup_timer(&pd->timer, padata_reorder_timer, (unsigned long)pd);
1284 + atomic_set(&pd->seq_nr, -1);
1285 + atomic_set(&pd->reorder_objects, 0);
1286 + atomic_set(&pd->refcnt, 1);
1287 + pd->pinst = pinst;
1288 + spin_lock_init(&pd->lock);
1289 ++ pd->cpu = cpumask_first(pd->cpumask.pcpu);
1290 ++ INIT_WORK(&pd->reorder_work, invoke_padata_reorder);
1291 +
1292 + return pd;
1293 +
1294 +diff --git a/lib/Makefile b/lib/Makefile
1295 +index 452d2956a5a2..7a55c5205281 100644
1296 +--- a/lib/Makefile
1297 ++++ b/lib/Makefile
1298 +@@ -230,5 +230,7 @@ obj-$(CONFIG_UCS2_STRING) += ucs2_string.o
1299 + obj-$(CONFIG_UBSAN) += ubsan.o
1300 +
1301 + UBSAN_SANITIZE_ubsan.o := n
1302 ++KASAN_SANITIZE_ubsan.o := n
1303 ++CFLAGS_ubsan.o := $(call cc-option, -fno-stack-protector) $(DISABLE_STACKLEAK_PLUGIN)
1304 +
1305 + obj-$(CONFIG_SBITMAP) += sbitmap.o
1306 +diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
1307 +index 7c3da29fad8e..36c7f616294a 100644
1308 +--- a/net/l2tp/l2tp_core.c
1309 ++++ b/net/l2tp/l2tp_core.c
1310 +@@ -112,53 +112,19 @@ struct l2tp_net {
1311 + spinlock_t l2tp_session_hlist_lock;
1312 + };
1313 +
1314 +-static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
1315 +
1316 + static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk)
1317 + {
1318 + return sk->sk_user_data;
1319 + }
1320 +
1321 +-static inline struct l2tp_net *l2tp_pernet(struct net *net)
1322 ++static inline struct l2tp_net *l2tp_pernet(const struct net *net)
1323 + {
1324 + BUG_ON(!net);
1325 +
1326 + return net_generic(net, l2tp_net_id);
1327 + }
1328 +
1329 +-/* Tunnel reference counts. Incremented per session that is added to
1330 +- * the tunnel.
1331 +- */
1332 +-static inline void l2tp_tunnel_inc_refcount_1(struct l2tp_tunnel *tunnel)
1333 +-{
1334 +- atomic_inc(&tunnel->ref_count);
1335 +-}
1336 +-
1337 +-static inline void l2tp_tunnel_dec_refcount_1(struct l2tp_tunnel *tunnel)
1338 +-{
1339 +- if (atomic_dec_and_test(&tunnel->ref_count))
1340 +- l2tp_tunnel_free(tunnel);
1341 +-}
1342 +-#ifdef L2TP_REFCNT_DEBUG
1343 +-#define l2tp_tunnel_inc_refcount(_t) \
1344 +-do { \
1345 +- pr_debug("l2tp_tunnel_inc_refcount: %s:%d %s: cnt=%d\n", \
1346 +- __func__, __LINE__, (_t)->name, \
1347 +- atomic_read(&_t->ref_count)); \
1348 +- l2tp_tunnel_inc_refcount_1(_t); \
1349 +-} while (0)
1350 +-#define l2tp_tunnel_dec_refcount(_t) \
1351 +-do { \
1352 +- pr_debug("l2tp_tunnel_dec_refcount: %s:%d %s: cnt=%d\n", \
1353 +- __func__, __LINE__, (_t)->name, \
1354 +- atomic_read(&_t->ref_count)); \
1355 +- l2tp_tunnel_dec_refcount_1(_t); \
1356 +-} while (0)
1357 +-#else
1358 +-#define l2tp_tunnel_inc_refcount(t) l2tp_tunnel_inc_refcount_1(t)
1359 +-#define l2tp_tunnel_dec_refcount(t) l2tp_tunnel_dec_refcount_1(t)
1360 +-#endif
1361 +-
1362 + /* Session hash global list for L2TPv3.
1363 + * The session_id SHOULD be random according to RFC3931, but several
1364 + * L2TP implementations use incrementing session_ids. So we do a real
1365 +@@ -216,27 +182,6 @@ static void l2tp_tunnel_sock_put(struct sock *sk)
1366 + sock_put(sk);
1367 + }
1368 +
1369 +-/* Lookup a session by id in the global session list
1370 +- */
1371 +-static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
1372 +-{
1373 +- struct l2tp_net *pn = l2tp_pernet(net);
1374 +- struct hlist_head *session_list =
1375 +- l2tp_session_id_hash_2(pn, session_id);
1376 +- struct l2tp_session *session;
1377 +-
1378 +- rcu_read_lock_bh();
1379 +- hlist_for_each_entry_rcu(session, session_list, global_hlist) {
1380 +- if (session->session_id == session_id) {
1381 +- rcu_read_unlock_bh();
1382 +- return session;
1383 +- }
1384 +- }
1385 +- rcu_read_unlock_bh();
1386 +-
1387 +- return NULL;
1388 +-}
1389 +-
1390 + /* Session hash list.
1391 + * The session_id SHOULD be random according to RFC2661, but several
1392 + * L2TP implementations (Cisco and Microsoft) use incrementing
1393 +@@ -249,38 +194,31 @@ l2tp_session_id_hash(struct l2tp_tunnel *tunnel, u32 session_id)
1394 + return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
1395 + }
1396 +
1397 +-/* Lookup a session by id
1398 +- */
1399 +-struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id)
1400 ++/* Lookup a tunnel. A new reference is held on the returned tunnel. */
1401 ++struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id)
1402 + {
1403 +- struct hlist_head *session_list;
1404 +- struct l2tp_session *session;
1405 ++ const struct l2tp_net *pn = l2tp_pernet(net);
1406 ++ struct l2tp_tunnel *tunnel;
1407 +
1408 +- /* In L2TPv3, session_ids are unique over all tunnels and we
1409 +- * sometimes need to look them up before we know the
1410 +- * tunnel.
1411 +- */
1412 +- if (tunnel == NULL)
1413 +- return l2tp_session_find_2(net, session_id);
1414 ++ rcu_read_lock_bh();
1415 ++ list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
1416 ++ if (tunnel->tunnel_id == tunnel_id) {
1417 ++ l2tp_tunnel_inc_refcount(tunnel);
1418 ++ rcu_read_unlock_bh();
1419 +
1420 +- session_list = l2tp_session_id_hash(tunnel, session_id);
1421 +- read_lock_bh(&tunnel->hlist_lock);
1422 +- hlist_for_each_entry(session, session_list, hlist) {
1423 +- if (session->session_id == session_id) {
1424 +- read_unlock_bh(&tunnel->hlist_lock);
1425 +- return session;
1426 ++ return tunnel;
1427 + }
1428 + }
1429 +- read_unlock_bh(&tunnel->hlist_lock);
1430 ++ rcu_read_unlock_bh();
1431 +
1432 + return NULL;
1433 + }
1434 +-EXPORT_SYMBOL_GPL(l2tp_session_find);
1435 ++EXPORT_SYMBOL_GPL(l2tp_tunnel_get);
1436 +
1437 +-/* Like l2tp_session_find() but takes a reference on the returned session.
1438 ++/* Lookup a session. A new reference is held on the returned session.
1439 + * Optionally calls session->ref() too if do_ref is true.
1440 + */
1441 +-struct l2tp_session *l2tp_session_get(struct net *net,
1442 ++struct l2tp_session *l2tp_session_get(const struct net *net,
1443 + struct l2tp_tunnel *tunnel,
1444 + u32 session_id, bool do_ref)
1445 + {
1446 +@@ -355,7 +293,8 @@ EXPORT_SYMBOL_GPL(l2tp_session_get_nth);
1447 + /* Lookup a session by interface name.
1448 + * This is very inefficient but is only used by management interfaces.
1449 + */
1450 +-struct l2tp_session *l2tp_session_get_by_ifname(struct net *net, char *ifname,
1451 ++struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
1452 ++ const char *ifname,
1453 + bool do_ref)
1454 + {
1455 + struct l2tp_net *pn = l2tp_pernet(net);
1456 +@@ -382,20 +321,28 @@ struct l2tp_session *l2tp_session_get_by_ifname(struct net *net, char *ifname,
1457 + }
1458 + EXPORT_SYMBOL_GPL(l2tp_session_get_by_ifname);
1459 +
1460 +-static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel,
1461 +- struct l2tp_session *session)
1462 ++int l2tp_session_register(struct l2tp_session *session,
1463 ++ struct l2tp_tunnel *tunnel)
1464 + {
1465 + struct l2tp_session *session_walk;
1466 + struct hlist_head *g_head;
1467 + struct hlist_head *head;
1468 + struct l2tp_net *pn;
1469 ++ int err;
1470 +
1471 + head = l2tp_session_id_hash(tunnel, session->session_id);
1472 +
1473 + write_lock_bh(&tunnel->hlist_lock);
1474 ++ if (!tunnel->acpt_newsess) {
1475 ++ err = -ENODEV;
1476 ++ goto err_tlock;
1477 ++ }
1478 ++
1479 + hlist_for_each_entry(session_walk, head, hlist)
1480 +- if (session_walk->session_id == session->session_id)
1481 +- goto exist;
1482 ++ if (session_walk->session_id == session->session_id) {
1483 ++ err = -EEXIST;
1484 ++ goto err_tlock;
1485 ++ }
1486 +
1487 + if (tunnel->version == L2TP_HDR_VER_3) {
1488 + pn = l2tp_pernet(tunnel->l2tp_net);
1489 +@@ -403,30 +350,44 @@ static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel,
1490 + session->session_id);
1491 +
1492 + spin_lock_bh(&pn->l2tp_session_hlist_lock);
1493 ++
1494 + hlist_for_each_entry(session_walk, g_head, global_hlist)
1495 +- if (session_walk->session_id == session->session_id)
1496 +- goto exist_glob;
1497 ++ if (session_walk->session_id == session->session_id) {
1498 ++ err = -EEXIST;
1499 ++ goto err_tlock_pnlock;
1500 ++ }
1501 +
1502 ++ l2tp_tunnel_inc_refcount(tunnel);
1503 ++ sock_hold(tunnel->sock);
1504 + hlist_add_head_rcu(&session->global_hlist, g_head);
1505 ++
1506 + spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1507 ++ } else {
1508 ++ l2tp_tunnel_inc_refcount(tunnel);
1509 ++ sock_hold(tunnel->sock);
1510 + }
1511 +
1512 + hlist_add_head(&session->hlist, head);
1513 + write_unlock_bh(&tunnel->hlist_lock);
1514 +
1515 ++ /* Ignore management session in session count value */
1516 ++ if (session->session_id != 0)
1517 ++ atomic_inc(&l2tp_session_count);
1518 ++
1519 + return 0;
1520 +
1521 +-exist_glob:
1522 ++err_tlock_pnlock:
1523 + spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1524 +-exist:
1525 ++err_tlock:
1526 + write_unlock_bh(&tunnel->hlist_lock);
1527 +
1528 +- return -EEXIST;
1529 ++ return err;
1530 + }
1531 ++EXPORT_SYMBOL_GPL(l2tp_session_register);
1532 +
1533 + /* Lookup a tunnel by id
1534 + */
1535 +-struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
1536 ++struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id)
1537 + {
1538 + struct l2tp_tunnel *tunnel;
1539 + struct l2tp_net *pn = l2tp_pernet(net);
1540 +@@ -444,7 +405,7 @@ struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id)
1541 + }
1542 + EXPORT_SYMBOL_GPL(l2tp_tunnel_find);
1543 +
1544 +-struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth)
1545 ++struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth)
1546 + {
1547 + struct l2tp_net *pn = l2tp_pernet(net);
1548 + struct l2tp_tunnel *tunnel;
1549 +@@ -1307,7 +1268,6 @@ static void l2tp_tunnel_destruct(struct sock *sk)
1550 + /* Remove hooks into tunnel socket */
1551 + sk->sk_destruct = tunnel->old_sk_destruct;
1552 + sk->sk_user_data = NULL;
1553 +- tunnel->sock = NULL;
1554 +
1555 + /* Remove the tunnel struct from the tunnel list */
1556 + pn = l2tp_pernet(tunnel->l2tp_net);
1557 +@@ -1317,6 +1277,8 @@ static void l2tp_tunnel_destruct(struct sock *sk)
1558 + atomic_dec(&l2tp_tunnel_count);
1559 +
1560 + l2tp_tunnel_closeall(tunnel);
1561 ++
1562 ++ tunnel->sock = NULL;
1563 + l2tp_tunnel_dec_refcount(tunnel);
1564 +
1565 + /* Call the original destructor */
1566 +@@ -1341,6 +1303,7 @@ void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1567 + tunnel->name);
1568 +
1569 + write_lock_bh(&tunnel->hlist_lock);
1570 ++ tunnel->acpt_newsess = false;
1571 + for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1572 + again:
1573 + hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1574 +@@ -1394,17 +1357,6 @@ static void l2tp_udp_encap_destroy(struct sock *sk)
1575 + }
1576 + }
1577 +
1578 +-/* Really kill the tunnel.
1579 +- * Come here only when all sessions have been cleared from the tunnel.
1580 +- */
1581 +-static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1582 +-{
1583 +- BUG_ON(atomic_read(&tunnel->ref_count) != 0);
1584 +- BUG_ON(tunnel->sock != NULL);
1585 +- l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name);
1586 +- kfree_rcu(tunnel, rcu);
1587 +-}
1588 +-
1589 + /* Workqueue tunnel deletion function */
1590 + static void l2tp_tunnel_del_work(struct work_struct *work)
1591 + {
1592 +@@ -1655,6 +1607,7 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
1593 + tunnel->magic = L2TP_TUNNEL_MAGIC;
1594 + sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1595 + rwlock_init(&tunnel->hlist_lock);
1596 ++ tunnel->acpt_newsess = true;
1597 +
1598 + /* The net we belong to */
1599 + tunnel->l2tp_net = net;
1600 +@@ -1840,7 +1793,6 @@ EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1601 + struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1602 + {
1603 + struct l2tp_session *session;
1604 +- int err;
1605 +
1606 + session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1607 + if (session != NULL) {
1608 +@@ -1895,25 +1847,7 @@ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunn
1609 +
1610 + l2tp_session_set_header_len(session, tunnel->version);
1611 +
1612 +- err = l2tp_session_add_to_tunnel(tunnel, session);
1613 +- if (err) {
1614 +- kfree(session);
1615 +-
1616 +- return ERR_PTR(err);
1617 +- }
1618 +-
1619 +- /* Bump the reference count. The session context is deleted
1620 +- * only when this drops to zero.
1621 +- */
1622 + l2tp_session_inc_refcount(session);
1623 +- l2tp_tunnel_inc_refcount(tunnel);
1624 +-
1625 +- /* Ensure tunnel socket isn't deleted */
1626 +- sock_hold(tunnel->sock);
1627 +-
1628 +- /* Ignore management session in session count value */
1629 +- if (session->session_id != 0)
1630 +- atomic_inc(&l2tp_session_count);
1631 +
1632 + return session;
1633 + }
1634 +diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
1635 +index 7c2037184b6c..2b9b6fb67ae9 100644
1636 +--- a/net/l2tp/l2tp_core.h
1637 ++++ b/net/l2tp/l2tp_core.h
1638 +@@ -23,16 +23,6 @@
1639 + #define L2TP_HASH_BITS_2 8
1640 + #define L2TP_HASH_SIZE_2 (1 << L2TP_HASH_BITS_2)
1641 +
1642 +-/* Debug message categories for the DEBUG socket option */
1643 +-enum {
1644 +- L2TP_MSG_DEBUG = (1 << 0), /* verbose debug (if
1645 +- * compiled in) */
1646 +- L2TP_MSG_CONTROL = (1 << 1), /* userspace - kernel
1647 +- * interface */
1648 +- L2TP_MSG_SEQ = (1 << 2), /* sequence numbers */
1649 +- L2TP_MSG_DATA = (1 << 3), /* data packets */
1650 +-};
1651 +-
1652 + struct sk_buff;
1653 +
1654 + struct l2tp_stats {
1655 +@@ -172,6 +162,10 @@ struct l2tp_tunnel {
1656 +
1657 + struct rcu_head rcu;
1658 + rwlock_t hlist_lock; /* protect session_hlist */
1659 ++ bool acpt_newsess; /* Indicates whether this
1660 ++ * tunnel accepts new sessions.
1661 ++ * Protected by hlist_lock.
1662 ++ */
1663 + struct hlist_head session_hlist[L2TP_HASH_SIZE];
1664 + /* hashed list of sessions,
1665 + * hashed by id */
1666 +@@ -207,7 +201,9 @@ struct l2tp_tunnel {
1667 + };
1668 +
1669 + struct l2tp_nl_cmd_ops {
1670 +- int (*session_create)(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg);
1671 ++ int (*session_create)(struct net *net, struct l2tp_tunnel *tunnel,
1672 ++ u32 session_id, u32 peer_session_id,
1673 ++ struct l2tp_session_cfg *cfg);
1674 + int (*session_delete)(struct l2tp_session *session);
1675 + };
1676 +
1677 +@@ -241,18 +237,18 @@ out:
1678 + return tunnel;
1679 + }
1680 +
1681 +-struct l2tp_session *l2tp_session_get(struct net *net,
1682 ++struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id);
1683 ++
1684 ++struct l2tp_session *l2tp_session_get(const struct net *net,
1685 + struct l2tp_tunnel *tunnel,
1686 + u32 session_id, bool do_ref);
1687 +-struct l2tp_session *l2tp_session_find(struct net *net,
1688 +- struct l2tp_tunnel *tunnel,
1689 +- u32 session_id);
1690 + struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth,
1691 + bool do_ref);
1692 +-struct l2tp_session *l2tp_session_get_by_ifname(struct net *net, char *ifname,
1693 ++struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
1694 ++ const char *ifname,
1695 + bool do_ref);
1696 +-struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id);
1697 +-struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth);
1698 ++struct l2tp_tunnel *l2tp_tunnel_find(const struct net *net, u32 tunnel_id);
1699 ++struct l2tp_tunnel *l2tp_tunnel_find_nth(const struct net *net, int nth);
1700 +
1701 + int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id,
1702 + u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg,
1703 +@@ -263,6 +259,9 @@ struct l2tp_session *l2tp_session_create(int priv_size,
1704 + struct l2tp_tunnel *tunnel,
1705 + u32 session_id, u32 peer_session_id,
1706 + struct l2tp_session_cfg *cfg);
1707 ++int l2tp_session_register(struct l2tp_session *session,
1708 ++ struct l2tp_tunnel *tunnel);
1709 ++
1710 + void __l2tp_session_unhash(struct l2tp_session *session);
1711 + int l2tp_session_delete(struct l2tp_session *session);
1712 + void l2tp_session_free(struct l2tp_session *session);
1713 +@@ -281,6 +280,17 @@ int l2tp_nl_register_ops(enum l2tp_pwtype pw_type,
1714 + void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type);
1715 + int l2tp_ioctl(struct sock *sk, int cmd, unsigned long arg);
1716 +
1717 ++static inline void l2tp_tunnel_inc_refcount(struct l2tp_tunnel *tunnel)
1718 ++{
1719 ++ atomic_inc(&tunnel->ref_count);
1720 ++}
1721 ++
1722 ++static inline void l2tp_tunnel_dec_refcount(struct l2tp_tunnel *tunnel)
1723 ++{
1724 ++ if (atomic_dec_and_test(&tunnel->ref_count))
1725 ++ kfree_rcu(tunnel, rcu);
1726 ++}
1727 ++
1728 + /* Session reference counts. Incremented when code obtains a reference
1729 + * to a session.
1730 + */
1731 +diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
1732 +index eecc64e138de..8b8fc2337960 100644
1733 +--- a/net/l2tp/l2tp_eth.c
1734 ++++ b/net/l2tp/l2tp_eth.c
1735 +@@ -30,6 +30,9 @@
1736 + #include <net/xfrm.h>
1737 + #include <net/net_namespace.h>
1738 + #include <net/netns/generic.h>
1739 ++#include <linux/ip.h>
1740 ++#include <linux/ipv6.h>
1741 ++#include <linux/udp.h>
1742 +
1743 + #include "l2tp_core.h"
1744 +
1745 +@@ -41,7 +44,6 @@ struct l2tp_eth {
1746 + struct net_device *dev;
1747 + struct sock *tunnel_sock;
1748 + struct l2tp_session *session;
1749 +- struct list_head list;
1750 + atomic_long_t tx_bytes;
1751 + atomic_long_t tx_packets;
1752 + atomic_long_t tx_dropped;
1753 +@@ -52,20 +54,9 @@ struct l2tp_eth {
1754 +
1755 + /* via l2tp_session_priv() */
1756 + struct l2tp_eth_sess {
1757 +- struct net_device *dev;
1758 ++ struct net_device __rcu *dev;
1759 + };
1760 +
1761 +-/* per-net private data for this module */
1762 +-static unsigned int l2tp_eth_net_id;
1763 +-struct l2tp_eth_net {
1764 +- struct list_head l2tp_eth_dev_list;
1765 +- spinlock_t l2tp_eth_lock;
1766 +-};
1767 +-
1768 +-static inline struct l2tp_eth_net *l2tp_eth_pernet(struct net *net)
1769 +-{
1770 +- return net_generic(net, l2tp_eth_net_id);
1771 +-}
1772 +
1773 + static int l2tp_eth_dev_init(struct net_device *dev)
1774 + {
1775 +@@ -82,12 +73,13 @@ static int l2tp_eth_dev_init(struct net_device *dev)
1776 + static void l2tp_eth_dev_uninit(struct net_device *dev)
1777 + {
1778 + struct l2tp_eth *priv = netdev_priv(dev);
1779 +- struct l2tp_eth_net *pn = l2tp_eth_pernet(dev_net(dev));
1780 ++ struct l2tp_eth_sess *spriv;
1781 +
1782 +- spin_lock(&pn->l2tp_eth_lock);
1783 +- list_del_init(&priv->list);
1784 +- spin_unlock(&pn->l2tp_eth_lock);
1785 +- dev_put(dev);
1786 ++ spriv = l2tp_session_priv(priv->session);
1787 ++ RCU_INIT_POINTER(spriv->dev, NULL);
1788 ++ /* No need for synchronize_net() here. We're called by
1789 ++ * unregister_netdev*(), which does the synchronisation for us.
1790 ++ */
1791 + }
1792 +
1793 + static int l2tp_eth_dev_xmit(struct sk_buff *skb, struct net_device *dev)
1794 +@@ -141,8 +133,8 @@ static void l2tp_eth_dev_setup(struct net_device *dev)
1795 + static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb, int data_len)
1796 + {
1797 + struct l2tp_eth_sess *spriv = l2tp_session_priv(session);
1798 +- struct net_device *dev = spriv->dev;
1799 +- struct l2tp_eth *priv = netdev_priv(dev);
1800 ++ struct net_device *dev;
1801 ++ struct l2tp_eth *priv;
1802 +
1803 + if (session->debug & L2TP_MSG_DATA) {
1804 + unsigned int length;
1805 +@@ -166,16 +158,25 @@ static void l2tp_eth_dev_recv(struct l2tp_session *session, struct sk_buff *skb,
1806 + skb_dst_drop(skb);
1807 + nf_reset(skb);
1808 +
1809 ++ rcu_read_lock();
1810 ++ dev = rcu_dereference(spriv->dev);
1811 ++ if (!dev)
1812 ++ goto error_rcu;
1813 ++
1814 ++ priv = netdev_priv(dev);
1815 + if (dev_forward_skb(dev, skb) == NET_RX_SUCCESS) {
1816 + atomic_long_inc(&priv->rx_packets);
1817 + atomic_long_add(data_len, &priv->rx_bytes);
1818 + } else {
1819 + atomic_long_inc(&priv->rx_errors);
1820 + }
1821 ++ rcu_read_unlock();
1822 ++
1823 + return;
1824 +
1825 ++error_rcu:
1826 ++ rcu_read_unlock();
1827 + error:
1828 +- atomic_long_inc(&priv->rx_errors);
1829 + kfree_skb(skb);
1830 + }
1831 +
1832 +@@ -186,11 +187,15 @@ static void l2tp_eth_delete(struct l2tp_session *session)
1833 +
1834 + if (session) {
1835 + spriv = l2tp_session_priv(session);
1836 +- dev = spriv->dev;
1837 ++
1838 ++ rtnl_lock();
1839 ++ dev = rtnl_dereference(spriv->dev);
1840 + if (dev) {
1841 +- unregister_netdev(dev);
1842 +- spriv->dev = NULL;
1843 ++ unregister_netdevice(dev);
1844 ++ rtnl_unlock();
1845 + module_put(THIS_MODULE);
1846 ++ } else {
1847 ++ rtnl_unlock();
1848 + }
1849 + }
1850 + }
1851 +@@ -200,35 +205,89 @@ static void l2tp_eth_show(struct seq_file *m, void *arg)
1852 + {
1853 + struct l2tp_session *session = arg;
1854 + struct l2tp_eth_sess *spriv = l2tp_session_priv(session);
1855 +- struct net_device *dev = spriv->dev;
1856 ++ struct net_device *dev;
1857 ++
1858 ++ rcu_read_lock();
1859 ++ dev = rcu_dereference(spriv->dev);
1860 ++ if (!dev) {
1861 ++ rcu_read_unlock();
1862 ++ return;
1863 ++ }
1864 ++ dev_hold(dev);
1865 ++ rcu_read_unlock();
1866 +
1867 + seq_printf(m, " interface %s\n", dev->name);
1868 ++
1869 ++ dev_put(dev);
1870 + }
1871 + #endif
1872 +
1873 +-static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1874 ++static void l2tp_eth_adjust_mtu(struct l2tp_tunnel *tunnel,
1875 ++ struct l2tp_session *session,
1876 ++ struct net_device *dev)
1877 ++{
1878 ++ unsigned int overhead = 0;
1879 ++ struct dst_entry *dst;
1880 ++ u32 l3_overhead = 0;
1881 ++
1882 ++ /* if the encap is UDP, account for UDP header size */
1883 ++ if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
1884 ++ overhead += sizeof(struct udphdr);
1885 ++ dev->needed_headroom += sizeof(struct udphdr);
1886 ++ }
1887 ++ if (session->mtu != 0) {
1888 ++ dev->mtu = session->mtu;
1889 ++ dev->needed_headroom += session->hdr_len;
1890 ++ return;
1891 ++ }
1892 ++ lock_sock(tunnel->sock);
1893 ++ l3_overhead = kernel_sock_ip_overhead(tunnel->sock);
1894 ++ release_sock(tunnel->sock);
1895 ++ if (l3_overhead == 0) {
1896 ++ /* L3 Overhead couldn't be identified, this could be
1897 ++ * because tunnel->sock was NULL or the socket's
1898 ++ * address family was not IPv4 or IPv6,
1899 ++ * dev mtu stays at 1500.
1900 ++ */
1901 ++ return;
1902 ++ }
1903 ++ /* Adjust MTU, factor overhead - underlay L3, overlay L2 hdr
1904 ++ * UDP overhead, if any, was already factored in above.
1905 ++ */
1906 ++ overhead += session->hdr_len + ETH_HLEN + l3_overhead;
1907 ++
1908 ++ /* If PMTU discovery was enabled, use discovered MTU on L2TP device */
1909 ++ dst = sk_dst_get(tunnel->sock);
1910 ++ if (dst) {
1911 ++ /* dst_mtu will use PMTU if found, else fallback to intf MTU */
1912 ++ u32 pmtu = dst_mtu(dst);
1913 ++
1914 ++ if (pmtu != 0)
1915 ++ dev->mtu = pmtu;
1916 ++ dst_release(dst);
1917 ++ }
1918 ++ session->mtu = dev->mtu - overhead;
1919 ++ dev->mtu = session->mtu;
1920 ++ dev->needed_headroom += session->hdr_len;
1921 ++}
1922 ++
1923 ++static int l2tp_eth_create(struct net *net, struct l2tp_tunnel *tunnel,
1924 ++ u32 session_id, u32 peer_session_id,
1925 ++ struct l2tp_session_cfg *cfg)
1926 + {
1927 + struct net_device *dev;
1928 + char name[IFNAMSIZ];
1929 +- struct l2tp_tunnel *tunnel;
1930 + struct l2tp_session *session;
1931 + struct l2tp_eth *priv;
1932 + struct l2tp_eth_sess *spriv;
1933 + int rc;
1934 +- struct l2tp_eth_net *pn;
1935 +-
1936 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
1937 +- if (!tunnel) {
1938 +- rc = -ENODEV;
1939 +- goto out;
1940 +- }
1941 +
1942 + if (cfg->ifname) {
1943 + dev = dev_get_by_name(net, cfg->ifname);
1944 + if (dev) {
1945 + dev_put(dev);
1946 + rc = -EEXIST;
1947 +- goto out;
1948 ++ goto err;
1949 + }
1950 + strlcpy(name, cfg->ifname, IFNAMSIZ);
1951 + } else
1952 +@@ -238,26 +297,22 @@ static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 p
1953 + peer_session_id, cfg);
1954 + if (IS_ERR(session)) {
1955 + rc = PTR_ERR(session);
1956 +- goto out;
1957 ++ goto err;
1958 + }
1959 +
1960 + dev = alloc_netdev(sizeof(*priv), name, NET_NAME_UNKNOWN,
1961 + l2tp_eth_dev_setup);
1962 + if (!dev) {
1963 + rc = -ENOMEM;
1964 +- goto out_del_session;
1965 ++ goto err_sess;
1966 + }
1967 +
1968 + dev_net_set(dev, net);
1969 +- if (session->mtu == 0)
1970 +- session->mtu = dev->mtu - session->hdr_len;
1971 +- dev->mtu = session->mtu;
1972 +- dev->needed_headroom += session->hdr_len;
1973 ++ l2tp_eth_adjust_mtu(tunnel, session, dev);
1974 +
1975 + priv = netdev_priv(dev);
1976 + priv->dev = dev;
1977 + priv->session = session;
1978 +- INIT_LIST_HEAD(&priv->list);
1979 +
1980 + priv->tunnel_sock = tunnel->sock;
1981 + session->recv_skb = l2tp_eth_dev_recv;
1982 +@@ -267,48 +322,50 @@ static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 p
1983 + #endif
1984 +
1985 + spriv = l2tp_session_priv(session);
1986 +- spriv->dev = dev;
1987 +
1988 +- rc = register_netdev(dev);
1989 +- if (rc < 0)
1990 +- goto out_del_dev;
1991 ++ l2tp_session_inc_refcount(session);
1992 +
1993 +- __module_get(THIS_MODULE);
1994 +- /* Must be done after register_netdev() */
1995 +- strlcpy(session->ifname, dev->name, IFNAMSIZ);
1996 ++ rtnl_lock();
1997 +
1998 +- dev_hold(dev);
1999 +- pn = l2tp_eth_pernet(dev_net(dev));
2000 +- spin_lock(&pn->l2tp_eth_lock);
2001 +- list_add(&priv->list, &pn->l2tp_eth_dev_list);
2002 +- spin_unlock(&pn->l2tp_eth_lock);
2003 ++ /* Register both device and session while holding the rtnl lock. This
2004 ++ * ensures that l2tp_eth_delete() will see that there's a device to
2005 ++ * unregister, even if it happened to run before we assign spriv->dev.
2006 ++ */
2007 ++ rc = l2tp_session_register(session, tunnel);
2008 ++ if (rc < 0) {
2009 ++ rtnl_unlock();
2010 ++ goto err_sess_dev;
2011 ++ }
2012 +
2013 +- return 0;
2014 ++ rc = register_netdevice(dev);
2015 ++ if (rc < 0) {
2016 ++ rtnl_unlock();
2017 ++ l2tp_session_delete(session);
2018 ++ l2tp_session_dec_refcount(session);
2019 ++ free_netdev(dev);
2020 +
2021 +-out_del_dev:
2022 +- free_netdev(dev);
2023 +- spriv->dev = NULL;
2024 +-out_del_session:
2025 +- l2tp_session_delete(session);
2026 +-out:
2027 +- return rc;
2028 +-}
2029 ++ return rc;
2030 ++ }
2031 +
2032 +-static __net_init int l2tp_eth_init_net(struct net *net)
2033 +-{
2034 +- struct l2tp_eth_net *pn = net_generic(net, l2tp_eth_net_id);
2035 ++ strlcpy(session->ifname, dev->name, IFNAMSIZ);
2036 ++ rcu_assign_pointer(spriv->dev, dev);
2037 ++
2038 ++ rtnl_unlock();
2039 +
2040 +- INIT_LIST_HEAD(&pn->l2tp_eth_dev_list);
2041 +- spin_lock_init(&pn->l2tp_eth_lock);
2042 ++ l2tp_session_dec_refcount(session);
2043 ++
2044 ++ __module_get(THIS_MODULE);
2045 +
2046 + return 0;
2047 +-}
2048 +
2049 +-static struct pernet_operations l2tp_eth_net_ops = {
2050 +- .init = l2tp_eth_init_net,
2051 +- .id = &l2tp_eth_net_id,
2052 +- .size = sizeof(struct l2tp_eth_net),
2053 +-};
2054 ++err_sess_dev:
2055 ++ l2tp_session_dec_refcount(session);
2056 ++ free_netdev(dev);
2057 ++err_sess:
2058 ++ kfree(session);
2059 ++err:
2060 ++ return rc;
2061 ++}
2062 +
2063 +
2064 + static const struct l2tp_nl_cmd_ops l2tp_eth_nl_cmd_ops = {
2065 +@@ -323,25 +380,18 @@ static int __init l2tp_eth_init(void)
2066 +
2067 + err = l2tp_nl_register_ops(L2TP_PWTYPE_ETH, &l2tp_eth_nl_cmd_ops);
2068 + if (err)
2069 +- goto out;
2070 +-
2071 +- err = register_pernet_device(&l2tp_eth_net_ops);
2072 +- if (err)
2073 +- goto out_unreg;
2074 ++ goto err;
2075 +
2076 + pr_info("L2TP ethernet pseudowire support (L2TPv3)\n");
2077 +
2078 + return 0;
2079 +
2080 +-out_unreg:
2081 +- l2tp_nl_unregister_ops(L2TP_PWTYPE_ETH);
2082 +-out:
2083 ++err:
2084 + return err;
2085 + }
2086 +
2087 + static void __exit l2tp_eth_exit(void)
2088 + {
2089 +- unregister_pernet_device(&l2tp_eth_net_ops);
2090 + l2tp_nl_unregister_ops(L2TP_PWTYPE_ETH);
2091 + }
2092 +
2093 +diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
2094 +index d6fccfdca201..47d7bdff8be8 100644
2095 +--- a/net/l2tp/l2tp_netlink.c
2096 ++++ b/net/l2tp/l2tp_netlink.c
2097 +@@ -72,10 +72,12 @@ static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info,
2098 + (info->attrs[L2TP_ATTR_CONN_ID])) {
2099 + tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
2100 + session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
2101 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
2102 +- if (tunnel)
2103 ++ tunnel = l2tp_tunnel_get(net, tunnel_id);
2104 ++ if (tunnel) {
2105 + session = l2tp_session_get(net, tunnel, session_id,
2106 + do_ref);
2107 ++ l2tp_tunnel_dec_refcount(tunnel);
2108 ++ }
2109 + }
2110 +
2111 + return session;
2112 +@@ -278,8 +280,8 @@ static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info
2113 + }
2114 + tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
2115 +
2116 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
2117 +- if (tunnel == NULL) {
2118 ++ tunnel = l2tp_tunnel_get(net, tunnel_id);
2119 ++ if (!tunnel) {
2120 + ret = -ENODEV;
2121 + goto out;
2122 + }
2123 +@@ -289,6 +291,8 @@ static int l2tp_nl_cmd_tunnel_delete(struct sk_buff *skb, struct genl_info *info
2124 +
2125 + l2tp_tunnel_delete(tunnel);
2126 +
2127 ++ l2tp_tunnel_dec_refcount(tunnel);
2128 ++
2129 + out:
2130 + return ret;
2131 + }
2132 +@@ -306,8 +310,8 @@ static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info
2133 + }
2134 + tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
2135 +
2136 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
2137 +- if (tunnel == NULL) {
2138 ++ tunnel = l2tp_tunnel_get(net, tunnel_id);
2139 ++ if (!tunnel) {
2140 + ret = -ENODEV;
2141 + goto out;
2142 + }
2143 +@@ -318,6 +322,8 @@ static int l2tp_nl_cmd_tunnel_modify(struct sk_buff *skb, struct genl_info *info
2144 + ret = l2tp_tunnel_notify(&l2tp_nl_family, info,
2145 + tunnel, L2TP_CMD_TUNNEL_MODIFY);
2146 +
2147 ++ l2tp_tunnel_dec_refcount(tunnel);
2148 ++
2149 + out:
2150 + return ret;
2151 + }
2152 +@@ -430,34 +436,37 @@ static int l2tp_nl_cmd_tunnel_get(struct sk_buff *skb, struct genl_info *info)
2153 +
2154 + if (!info->attrs[L2TP_ATTR_CONN_ID]) {
2155 + ret = -EINVAL;
2156 +- goto out;
2157 ++ goto err;
2158 + }
2159 +
2160 + tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
2161 +
2162 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
2163 +- if (tunnel == NULL) {
2164 +- ret = -ENODEV;
2165 +- goto out;
2166 +- }
2167 +-
2168 + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2169 + if (!msg) {
2170 + ret = -ENOMEM;
2171 +- goto out;
2172 ++ goto err;
2173 ++ }
2174 ++
2175 ++ tunnel = l2tp_tunnel_get(net, tunnel_id);
2176 ++ if (!tunnel) {
2177 ++ ret = -ENODEV;
2178 ++ goto err_nlmsg;
2179 + }
2180 +
2181 + ret = l2tp_nl_tunnel_send(msg, info->snd_portid, info->snd_seq,
2182 + NLM_F_ACK, tunnel, L2TP_CMD_TUNNEL_GET);
2183 + if (ret < 0)
2184 +- goto err_out;
2185 ++ goto err_nlmsg_tunnel;
2186 ++
2187 ++ l2tp_tunnel_dec_refcount(tunnel);
2188 +
2189 + return genlmsg_unicast(net, msg, info->snd_portid);
2190 +
2191 +-err_out:
2192 ++err_nlmsg_tunnel:
2193 ++ l2tp_tunnel_dec_refcount(tunnel);
2194 ++err_nlmsg:
2195 + nlmsg_free(msg);
2196 +-
2197 +-out:
2198 ++err:
2199 + return ret;
2200 + }
2201 +
2202 +@@ -501,8 +510,9 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2203 + ret = -EINVAL;
2204 + goto out;
2205 + }
2206 ++
2207 + tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]);
2208 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
2209 ++ tunnel = l2tp_tunnel_get(net, tunnel_id);
2210 + if (!tunnel) {
2211 + ret = -ENODEV;
2212 + goto out;
2213 +@@ -510,29 +520,24 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2214 +
2215 + if (!info->attrs[L2TP_ATTR_SESSION_ID]) {
2216 + ret = -EINVAL;
2217 +- goto out;
2218 ++ goto out_tunnel;
2219 + }
2220 + session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
2221 +- session = l2tp_session_find(net, tunnel, session_id);
2222 +- if (session) {
2223 +- ret = -EEXIST;
2224 +- goto out;
2225 +- }
2226 +
2227 + if (!info->attrs[L2TP_ATTR_PEER_SESSION_ID]) {
2228 + ret = -EINVAL;
2229 +- goto out;
2230 ++ goto out_tunnel;
2231 + }
2232 + peer_session_id = nla_get_u32(info->attrs[L2TP_ATTR_PEER_SESSION_ID]);
2233 +
2234 + if (!info->attrs[L2TP_ATTR_PW_TYPE]) {
2235 + ret = -EINVAL;
2236 +- goto out;
2237 ++ goto out_tunnel;
2238 + }
2239 + cfg.pw_type = nla_get_u16(info->attrs[L2TP_ATTR_PW_TYPE]);
2240 + if (cfg.pw_type >= __L2TP_PWTYPE_MAX) {
2241 + ret = -EINVAL;
2242 +- goto out;
2243 ++ goto out_tunnel;
2244 + }
2245 +
2246 + if (tunnel->version > 2) {
2247 +@@ -551,7 +556,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2248 + u16 len = nla_len(info->attrs[L2TP_ATTR_COOKIE]);
2249 + if (len > 8) {
2250 + ret = -EINVAL;
2251 +- goto out;
2252 ++ goto out_tunnel;
2253 + }
2254 + cfg.cookie_len = len;
2255 + memcpy(&cfg.cookie[0], nla_data(info->attrs[L2TP_ATTR_COOKIE]), len);
2256 +@@ -560,7 +565,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2257 + u16 len = nla_len(info->attrs[L2TP_ATTR_PEER_COOKIE]);
2258 + if (len > 8) {
2259 + ret = -EINVAL;
2260 +- goto out;
2261 ++ goto out_tunnel;
2262 + }
2263 + cfg.peer_cookie_len = len;
2264 + memcpy(&cfg.peer_cookie[0], nla_data(info->attrs[L2TP_ATTR_PEER_COOKIE]), len);
2265 +@@ -603,7 +608,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2266 + if ((l2tp_nl_cmd_ops[cfg.pw_type] == NULL) ||
2267 + (l2tp_nl_cmd_ops[cfg.pw_type]->session_create == NULL)) {
2268 + ret = -EPROTONOSUPPORT;
2269 +- goto out;
2270 ++ goto out_tunnel;
2271 + }
2272 +
2273 + /* Check that pseudowire-specific params are present */
2274 +@@ -613,7 +618,7 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2275 + case L2TP_PWTYPE_ETH_VLAN:
2276 + if (!info->attrs[L2TP_ATTR_VLAN_ID]) {
2277 + ret = -EINVAL;
2278 +- goto out;
2279 ++ goto out_tunnel;
2280 + }
2281 + break;
2282 + case L2TP_PWTYPE_ETH:
2283 +@@ -627,10 +632,10 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2284 + break;
2285 + }
2286 +
2287 +- ret = -EPROTONOSUPPORT;
2288 +- if (l2tp_nl_cmd_ops[cfg.pw_type]->session_create)
2289 +- ret = (*l2tp_nl_cmd_ops[cfg.pw_type]->session_create)(net, tunnel_id,
2290 +- session_id, peer_session_id, &cfg);
2291 ++ ret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel,
2292 ++ session_id,
2293 ++ peer_session_id,
2294 ++ &cfg);
2295 +
2296 + if (ret >= 0) {
2297 + session = l2tp_session_get(net, tunnel, session_id, false);
2298 +@@ -641,6 +646,8 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
2299 + }
2300 + }
2301 +
2302 ++out_tunnel:
2303 ++ l2tp_tunnel_dec_refcount(tunnel);
2304 + out:
2305 + return ret;
2306 + }
2307 +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
2308 +index d919b3e6b548..979fa868a4f1 100644
2309 +--- a/net/l2tp/l2tp_ppp.c
2310 ++++ b/net/l2tp/l2tp_ppp.c
2311 +@@ -122,8 +122,11 @@
2312 + struct pppol2tp_session {
2313 + int owner; /* pid that opened the socket */
2314 +
2315 +- struct sock *sock; /* Pointer to the session
2316 ++ struct mutex sk_lock; /* Protects .sk */
2317 ++ struct sock __rcu *sk; /* Pointer to the session
2318 + * PPPoX socket */
2319 ++ struct sock *__sk; /* Copy of .sk, for cleanup */
2320 ++ struct rcu_head rcu; /* For asynchronous release */
2321 + struct sock *tunnel_sock; /* Pointer to the tunnel UDP
2322 + * socket */
2323 + int flags; /* accessed by PPPIOCGFLAGS.
2324 +@@ -138,6 +141,24 @@ static const struct ppp_channel_ops pppol2tp_chan_ops = {
2325 +
2326 + static const struct proto_ops pppol2tp_ops;
2327 +
2328 ++/* Retrieves the pppol2tp socket associated to a session.
2329 ++ * A reference is held on the returned socket, so this function must be paired
2330 ++ * with sock_put().
2331 ++ */
2332 ++static struct sock *pppol2tp_session_get_sock(struct l2tp_session *session)
2333 ++{
2334 ++ struct pppol2tp_session *ps = l2tp_session_priv(session);
2335 ++ struct sock *sk;
2336 ++
2337 ++ rcu_read_lock();
2338 ++ sk = rcu_dereference(ps->sk);
2339 ++ if (sk)
2340 ++ sock_hold(sk);
2341 ++ rcu_read_unlock();
2342 ++
2343 ++ return sk;
2344 ++}
2345 ++
2346 + /* Helpers to obtain tunnel/session contexts from sockets.
2347 + */
2348 + static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
2349 +@@ -224,21 +245,22 @@ static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int
2350 + /* If the socket is bound, send it in to PPP's input queue. Otherwise
2351 + * queue it on the session socket.
2352 + */
2353 +- sk = ps->sock;
2354 ++ rcu_read_lock();
2355 ++ sk = rcu_dereference(ps->sk);
2356 + if (sk == NULL)
2357 + goto no_sock;
2358 +
2359 + if (sk->sk_state & PPPOX_BOUND) {
2360 + struct pppox_sock *po;
2361 +
2362 +- l2tp_dbg(session, PPPOL2TP_MSG_DATA,
2363 ++ l2tp_dbg(session, L2TP_MSG_DATA,
2364 + "%s: recv %d byte data frame, passing to ppp\n",
2365 + session->name, data_len);
2366 +
2367 + po = pppox_sk(sk);
2368 + ppp_input(&po->chan, skb);
2369 + } else {
2370 +- l2tp_dbg(session, PPPOL2TP_MSG_DATA,
2371 ++ l2tp_dbg(session, L2TP_MSG_DATA,
2372 + "%s: recv %d byte data frame, passing to L2TP socket\n",
2373 + session->name, data_len);
2374 +
2375 +@@ -247,30 +269,16 @@ static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int
2376 + kfree_skb(skb);
2377 + }
2378 + }
2379 ++ rcu_read_unlock();
2380 +
2381 + return;
2382 +
2383 + no_sock:
2384 +- l2tp_info(session, PPPOL2TP_MSG_DATA, "%s: no socket\n", session->name);
2385 ++ rcu_read_unlock();
2386 ++ l2tp_info(session, L2TP_MSG_DATA, "%s: no socket\n", session->name);
2387 + kfree_skb(skb);
2388 + }
2389 +
2390 +-static void pppol2tp_session_sock_hold(struct l2tp_session *session)
2391 +-{
2392 +- struct pppol2tp_session *ps = l2tp_session_priv(session);
2393 +-
2394 +- if (ps->sock)
2395 +- sock_hold(ps->sock);
2396 +-}
2397 +-
2398 +-static void pppol2tp_session_sock_put(struct l2tp_session *session)
2399 +-{
2400 +- struct pppol2tp_session *ps = l2tp_session_priv(session);
2401 +-
2402 +- if (ps->sock)
2403 +- sock_put(ps->sock);
2404 +-}
2405 +-
2406 + /************************************************************************
2407 + * Transmit handling
2408 + ***********************************************************************/
2409 +@@ -431,17 +439,16 @@ abort:
2410 + */
2411 + static void pppol2tp_session_close(struct l2tp_session *session)
2412 + {
2413 +- struct pppol2tp_session *ps = l2tp_session_priv(session);
2414 +- struct sock *sk = ps->sock;
2415 +- struct socket *sock = sk->sk_socket;
2416 ++ struct sock *sk;
2417 +
2418 + BUG_ON(session->magic != L2TP_SESSION_MAGIC);
2419 +
2420 +- if (sock)
2421 +- inet_shutdown(sock, SEND_SHUTDOWN);
2422 +-
2423 +- /* Don't let the session go away before our socket does */
2424 +- l2tp_session_inc_refcount(session);
2425 ++ sk = pppol2tp_session_get_sock(session);
2426 ++ if (sk) {
2427 ++ if (sk->sk_socket)
2428 ++ inet_shutdown(sk->sk_socket, SEND_SHUTDOWN);
2429 ++ sock_put(sk);
2430 ++ }
2431 + }
2432 +
2433 + /* Really kill the session socket. (Called from sock_put() if
2434 +@@ -461,6 +468,14 @@ static void pppol2tp_session_destruct(struct sock *sk)
2435 + }
2436 + }
2437 +
2438 ++static void pppol2tp_put_sk(struct rcu_head *head)
2439 ++{
2440 ++ struct pppol2tp_session *ps;
2441 ++
2442 ++ ps = container_of(head, typeof(*ps), rcu);
2443 ++ sock_put(ps->__sk);
2444 ++}
2445 ++
2446 + /* Called when the PPPoX socket (session) is closed.
2447 + */
2448 + static int pppol2tp_release(struct socket *sock)
2449 +@@ -486,11 +501,23 @@ static int pppol2tp_release(struct socket *sock)
2450 +
2451 + session = pppol2tp_sock_to_session(sk);
2452 +
2453 +- /* Purge any queued data */
2454 + if (session != NULL) {
2455 +- __l2tp_session_unhash(session);
2456 +- l2tp_session_queue_purge(session);
2457 +- sock_put(sk);
2458 ++ struct pppol2tp_session *ps;
2459 ++
2460 ++ l2tp_session_delete(session);
2461 ++
2462 ++ ps = l2tp_session_priv(session);
2463 ++ mutex_lock(&ps->sk_lock);
2464 ++ ps->__sk = rcu_dereference_protected(ps->sk,
2465 ++ lockdep_is_held(&ps->sk_lock));
2466 ++ RCU_INIT_POINTER(ps->sk, NULL);
2467 ++ mutex_unlock(&ps->sk_lock);
2468 ++ call_rcu(&ps->rcu, pppol2tp_put_sk);
2469 ++
2470 ++ /* Rely on the sock_put() call at the end of the function for
2471 ++ * dropping the reference held by pppol2tp_sock_to_session().
2472 ++ * The last reference will be dropped by pppol2tp_put_sk().
2473 ++ */
2474 + }
2475 + release_sock(sk);
2476 +
2477 +@@ -557,16 +584,47 @@ out:
2478 + static void pppol2tp_show(struct seq_file *m, void *arg)
2479 + {
2480 + struct l2tp_session *session = arg;
2481 +- struct pppol2tp_session *ps = l2tp_session_priv(session);
2482 ++ struct sock *sk;
2483 ++
2484 ++ sk = pppol2tp_session_get_sock(session);
2485 ++ if (sk) {
2486 ++ struct pppox_sock *po = pppox_sk(sk);
2487 +
2488 +- if (ps) {
2489 +- struct pppox_sock *po = pppox_sk(ps->sock);
2490 +- if (po)
2491 +- seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
2492 ++ seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
2493 ++ sock_put(sk);
2494 + }
2495 + }
2496 + #endif
2497 +
2498 ++static void pppol2tp_session_init(struct l2tp_session *session)
2499 ++{
2500 ++ struct pppol2tp_session *ps;
2501 ++ struct dst_entry *dst;
2502 ++
2503 ++ session->recv_skb = pppol2tp_recv;
2504 ++ session->session_close = pppol2tp_session_close;
2505 ++#if IS_ENABLED(CONFIG_L2TP_DEBUGFS)
2506 ++ session->show = pppol2tp_show;
2507 ++#endif
2508 ++
2509 ++ ps = l2tp_session_priv(session);
2510 ++ mutex_init(&ps->sk_lock);
2511 ++ ps->tunnel_sock = session->tunnel->sock;
2512 ++ ps->owner = current->pid;
2513 ++
2514 ++ /* If PMTU discovery was enabled, use the MTU that was discovered */
2515 ++ dst = sk_dst_get(session->tunnel->sock);
2516 ++ if (dst) {
2517 ++ u32 pmtu = dst_mtu(dst);
2518 ++
2519 ++ if (pmtu) {
2520 ++ session->mtu = pmtu - PPPOL2TP_HEADER_OVERHEAD;
2521 ++ session->mru = pmtu - PPPOL2TP_HEADER_OVERHEAD;
2522 ++ }
2523 ++ dst_release(dst);
2524 ++ }
2525 ++}
2526 ++
2527 + /* connect() handler. Attach a PPPoX socket to a tunnel UDP socket
2528 + */
2529 + static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
2530 +@@ -578,7 +636,6 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
2531 + struct l2tp_session *session = NULL;
2532 + struct l2tp_tunnel *tunnel;
2533 + struct pppol2tp_session *ps;
2534 +- struct dst_entry *dst;
2535 + struct l2tp_session_cfg cfg = { 0, };
2536 + int error = 0;
2537 + u32 tunnel_id, peer_tunnel_id;
2538 +@@ -700,13 +757,17 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
2539 + /* Using a pre-existing session is fine as long as it hasn't
2540 + * been connected yet.
2541 + */
2542 +- if (ps->sock) {
2543 ++ mutex_lock(&ps->sk_lock);
2544 ++ if (rcu_dereference_protected(ps->sk,
2545 ++ lockdep_is_held(&ps->sk_lock))) {
2546 ++ mutex_unlock(&ps->sk_lock);
2547 + error = -EEXIST;
2548 + goto end;
2549 + }
2550 +
2551 + /* consistency checks */
2552 + if (ps->tunnel_sock != tunnel->sock) {
2553 ++ mutex_unlock(&ps->sk_lock);
2554 + error = -EEXIST;
2555 + goto end;
2556 + }
2557 +@@ -722,35 +783,19 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
2558 + error = PTR_ERR(session);
2559 + goto end;
2560 + }
2561 +- }
2562 +-
2563 +- /* Associate session with its PPPoL2TP socket */
2564 +- ps = l2tp_session_priv(session);
2565 +- ps->owner = current->pid;
2566 +- ps->sock = sk;
2567 +- ps->tunnel_sock = tunnel->sock;
2568 +
2569 +- session->recv_skb = pppol2tp_recv;
2570 +- session->session_close = pppol2tp_session_close;
2571 +-#if IS_ENABLED(CONFIG_L2TP_DEBUGFS)
2572 +- session->show = pppol2tp_show;
2573 +-#endif
2574 +-
2575 +- /* We need to know each time a skb is dropped from the reorder
2576 +- * queue.
2577 +- */
2578 +- session->ref = pppol2tp_session_sock_hold;
2579 +- session->deref = pppol2tp_session_sock_put;
2580 +-
2581 +- /* If PMTU discovery was enabled, use the MTU that was discovered */
2582 +- dst = sk_dst_get(tunnel->sock);
2583 +- if (dst != NULL) {
2584 +- u32 pmtu = dst_mtu(dst);
2585 ++ pppol2tp_session_init(session);
2586 ++ ps = l2tp_session_priv(session);
2587 ++ l2tp_session_inc_refcount(session);
2588 +
2589 +- if (pmtu != 0)
2590 +- session->mtu = session->mru = pmtu -
2591 +- PPPOL2TP_HEADER_OVERHEAD;
2592 +- dst_release(dst);
2593 ++ mutex_lock(&ps->sk_lock);
2594 ++ error = l2tp_session_register(session, tunnel);
2595 ++ if (error < 0) {
2596 ++ mutex_unlock(&ps->sk_lock);
2597 ++ kfree(session);
2598 ++ goto end;
2599 ++ }
2600 ++ drop_refcnt = true;
2601 + }
2602 +
2603 + /* Special case: if source & dest session_id == 0x0000, this
2604 +@@ -775,14 +820,25 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
2605 + po->chan.mtu = session->mtu;
2606 +
2607 + error = ppp_register_net_channel(sock_net(sk), &po->chan);
2608 +- if (error)
2609 ++ if (error) {
2610 ++ mutex_unlock(&ps->sk_lock);
2611 + goto end;
2612 ++ }
2613 +
2614 + out_no_ppp:
2615 + /* This is how we get the session context from the socket. */
2616 + sk->sk_user_data = session;
2617 ++ rcu_assign_pointer(ps->sk, sk);
2618 ++ mutex_unlock(&ps->sk_lock);
2619 ++
2620 ++ /* Keep the reference we've grabbed on the session: sk doesn't expect
2621 ++ * the session to disappear. pppol2tp_session_destruct() is responsible
2622 ++ * for dropping it.
2623 ++ */
2624 ++ drop_refcnt = false;
2625 ++
2626 + sk->sk_state = PPPOX_CONNECTED;
2627 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
2628 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: created\n",
2629 + session->name);
2630 +
2631 + end:
2632 +@@ -795,25 +851,19 @@ end:
2633 +
2634 + #ifdef CONFIG_L2TP_V3
2635 +
2636 +-/* Called when creating sessions via the netlink interface.
2637 +- */
2638 +-static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
2639 ++/* Called when creating sessions via the netlink interface. */
2640 ++static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,
2641 ++ u32 session_id, u32 peer_session_id,
2642 ++ struct l2tp_session_cfg *cfg)
2643 + {
2644 + int error;
2645 +- struct l2tp_tunnel *tunnel;
2646 + struct l2tp_session *session;
2647 +- struct pppol2tp_session *ps;
2648 +-
2649 +- tunnel = l2tp_tunnel_find(net, tunnel_id);
2650 +-
2651 +- /* Error if we can't find the tunnel */
2652 +- error = -ENOENT;
2653 +- if (tunnel == NULL)
2654 +- goto out;
2655 +
2656 + /* Error if tunnel socket is not prepped */
2657 +- if (tunnel->sock == NULL)
2658 +- goto out;
2659 ++ if (!tunnel->sock) {
2660 ++ error = -ENOENT;
2661 ++ goto err;
2662 ++ }
2663 +
2664 + /* Default MTU values. */
2665 + if (cfg->mtu == 0)
2666 +@@ -827,18 +877,20 @@ static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_i
2667 + peer_session_id, cfg);
2668 + if (IS_ERR(session)) {
2669 + error = PTR_ERR(session);
2670 +- goto out;
2671 ++ goto err;
2672 + }
2673 +
2674 +- ps = l2tp_session_priv(session);
2675 +- ps->tunnel_sock = tunnel->sock;
2676 ++ pppol2tp_session_init(session);
2677 +
2678 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: created\n",
2679 +- session->name);
2680 ++ error = l2tp_session_register(session, tunnel);
2681 ++ if (error < 0)
2682 ++ goto err_sess;
2683 +
2684 +- error = 0;
2685 ++ return 0;
2686 +
2687 +-out:
2688 ++err_sess:
2689 ++ kfree(session);
2690 ++err:
2691 + return error;
2692 + }
2693 +
2694 +@@ -995,16 +1047,14 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2695 + struct l2tp_tunnel *tunnel = session->tunnel;
2696 + struct pppol2tp_ioc_stats stats;
2697 +
2698 +- l2tp_dbg(session, PPPOL2TP_MSG_CONTROL,
2699 ++ l2tp_dbg(session, L2TP_MSG_CONTROL,
2700 + "%s: pppol2tp_session_ioctl(cmd=%#x, arg=%#lx)\n",
2701 + session->name, cmd, arg);
2702 +
2703 +- sk = ps->sock;
2704 ++ sk = pppol2tp_session_get_sock(session);
2705 + if (!sk)
2706 + return -EBADR;
2707 +
2708 +- sock_hold(sk);
2709 +-
2710 + switch (cmd) {
2711 + case SIOCGIFMTU:
2712 + err = -ENXIO;
2713 +@@ -1018,7 +1068,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2714 + if (copy_to_user((void __user *) arg, &ifr, sizeof(struct ifreq)))
2715 + break;
2716 +
2717 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mtu=%d\n",
2718 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get mtu=%d\n",
2719 + session->name, session->mtu);
2720 + err = 0;
2721 + break;
2722 +@@ -1034,7 +1084,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2723 +
2724 + session->mtu = ifr.ifr_mtu;
2725 +
2726 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mtu=%d\n",
2727 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set mtu=%d\n",
2728 + session->name, session->mtu);
2729 + err = 0;
2730 + break;
2731 +@@ -1048,7 +1098,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2732 + if (put_user(session->mru, (int __user *) arg))
2733 + break;
2734 +
2735 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get mru=%d\n",
2736 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get mru=%d\n",
2737 + session->name, session->mru);
2738 + err = 0;
2739 + break;
2740 +@@ -1063,7 +1113,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2741 + break;
2742 +
2743 + session->mru = val;
2744 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set mru=%d\n",
2745 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set mru=%d\n",
2746 + session->name, session->mru);
2747 + err = 0;
2748 + break;
2749 +@@ -1073,7 +1123,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2750 + if (put_user(ps->flags, (int __user *) arg))
2751 + break;
2752 +
2753 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get flags=%d\n",
2754 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get flags=%d\n",
2755 + session->name, ps->flags);
2756 + err = 0;
2757 + break;
2758 +@@ -1083,7 +1133,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2759 + if (get_user(val, (int __user *) arg))
2760 + break;
2761 + ps->flags = val;
2762 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set flags=%d\n",
2763 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set flags=%d\n",
2764 + session->name, ps->flags);
2765 + err = 0;
2766 + break;
2767 +@@ -1100,7 +1150,7 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
2768 + if (copy_to_user((void __user *) arg, &stats,
2769 + sizeof(stats)))
2770 + break;
2771 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
2772 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get L2TP stats\n",
2773 + session->name);
2774 + err = 0;
2775 + break;
2776 +@@ -1128,7 +1178,7 @@ static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
2777 + struct sock *sk;
2778 + struct pppol2tp_ioc_stats stats;
2779 +
2780 +- l2tp_dbg(tunnel, PPPOL2TP_MSG_CONTROL,
2781 ++ l2tp_dbg(tunnel, L2TP_MSG_CONTROL,
2782 + "%s: pppol2tp_tunnel_ioctl(cmd=%#x, arg=%#lx)\n",
2783 + tunnel->name, cmd, arg);
2784 +
2785 +@@ -1171,7 +1221,7 @@ static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel,
2786 + err = -EFAULT;
2787 + break;
2788 + }
2789 +- l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get L2TP stats\n",
2790 ++ l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get L2TP stats\n",
2791 + tunnel->name);
2792 + err = 0;
2793 + break;
2794 +@@ -1261,7 +1311,7 @@ static int pppol2tp_tunnel_setsockopt(struct sock *sk,
2795 + switch (optname) {
2796 + case PPPOL2TP_SO_DEBUG:
2797 + tunnel->debug = val;
2798 +- l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
2799 ++ l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
2800 + tunnel->name, tunnel->debug);
2801 + break;
2802 +
2803 +@@ -1280,7 +1330,6 @@ static int pppol2tp_session_setsockopt(struct sock *sk,
2804 + int optname, int val)
2805 + {
2806 + int err = 0;
2807 +- struct pppol2tp_session *ps = l2tp_session_priv(session);
2808 +
2809 + switch (optname) {
2810 + case PPPOL2TP_SO_RECVSEQ:
2811 +@@ -1289,7 +1338,7 @@ static int pppol2tp_session_setsockopt(struct sock *sk,
2812 + break;
2813 + }
2814 + session->recv_seq = val ? -1 : 0;
2815 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2816 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2817 + "%s: set recv_seq=%d\n",
2818 + session->name, session->recv_seq);
2819 + break;
2820 +@@ -1301,13 +1350,13 @@ static int pppol2tp_session_setsockopt(struct sock *sk,
2821 + }
2822 + session->send_seq = val ? -1 : 0;
2823 + {
2824 +- struct sock *ssk = ps->sock;
2825 +- struct pppox_sock *po = pppox_sk(ssk);
2826 ++ struct pppox_sock *po = pppox_sk(sk);
2827 ++
2828 + po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ :
2829 + PPPOL2TP_L2TP_HDR_SIZE_NOSEQ;
2830 + }
2831 + l2tp_session_set_header_len(session, session->tunnel->version);
2832 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2833 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2834 + "%s: set send_seq=%d\n",
2835 + session->name, session->send_seq);
2836 + break;
2837 +@@ -1318,20 +1367,20 @@ static int pppol2tp_session_setsockopt(struct sock *sk,
2838 + break;
2839 + }
2840 + session->lns_mode = val ? -1 : 0;
2841 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2842 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2843 + "%s: set lns_mode=%d\n",
2844 + session->name, session->lns_mode);
2845 + break;
2846 +
2847 + case PPPOL2TP_SO_DEBUG:
2848 + session->debug = val;
2849 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: set debug=%x\n",
2850 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: set debug=%x\n",
2851 + session->name, session->debug);
2852 + break;
2853 +
2854 + case PPPOL2TP_SO_REORDERTO:
2855 + session->reorder_timeout = msecs_to_jiffies(val);
2856 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2857 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2858 + "%s: set reorder_timeout=%d\n",
2859 + session->name, session->reorder_timeout);
2860 + break;
2861 +@@ -1412,7 +1461,7 @@ static int pppol2tp_tunnel_getsockopt(struct sock *sk,
2862 + switch (optname) {
2863 + case PPPOL2TP_SO_DEBUG:
2864 + *val = tunnel->debug;
2865 +- l2tp_info(tunnel, PPPOL2TP_MSG_CONTROL, "%s: get debug=%x\n",
2866 ++ l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: get debug=%x\n",
2867 + tunnel->name, tunnel->debug);
2868 + break;
2869 +
2870 +@@ -1435,31 +1484,31 @@ static int pppol2tp_session_getsockopt(struct sock *sk,
2871 + switch (optname) {
2872 + case PPPOL2TP_SO_RECVSEQ:
2873 + *val = session->recv_seq;
2874 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2875 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2876 + "%s: get recv_seq=%d\n", session->name, *val);
2877 + break;
2878 +
2879 + case PPPOL2TP_SO_SENDSEQ:
2880 + *val = session->send_seq;
2881 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2882 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2883 + "%s: get send_seq=%d\n", session->name, *val);
2884 + break;
2885 +
2886 + case PPPOL2TP_SO_LNSMODE:
2887 + *val = session->lns_mode;
2888 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2889 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2890 + "%s: get lns_mode=%d\n", session->name, *val);
2891 + break;
2892 +
2893 + case PPPOL2TP_SO_DEBUG:
2894 + *val = session->debug;
2895 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL, "%s: get debug=%d\n",
2896 ++ l2tp_info(session, L2TP_MSG_CONTROL, "%s: get debug=%d\n",
2897 + session->name, *val);
2898 + break;
2899 +
2900 + case PPPOL2TP_SO_REORDERTO:
2901 + *val = (int) jiffies_to_msecs(session->reorder_timeout);
2902 +- l2tp_info(session, PPPOL2TP_MSG_CONTROL,
2903 ++ l2tp_info(session, L2TP_MSG_CONTROL,
2904 + "%s: get reorder_timeout=%d\n", session->name, *val);
2905 + break;
2906 +
2907 +@@ -1638,8 +1687,9 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2908 + {
2909 + struct l2tp_session *session = v;
2910 + struct l2tp_tunnel *tunnel = session->tunnel;
2911 +- struct pppol2tp_session *ps = l2tp_session_priv(session);
2912 +- struct pppox_sock *po = pppox_sk(ps->sock);
2913 ++ unsigned char state;
2914 ++ char user_data_ok;
2915 ++ struct sock *sk;
2916 + u32 ip = 0;
2917 + u16 port = 0;
2918 +
2919 +@@ -1649,6 +1699,15 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2920 + port = ntohs(inet->inet_sport);
2921 + }
2922 +
2923 ++ sk = pppol2tp_session_get_sock(session);
2924 ++ if (sk) {
2925 ++ state = sk->sk_state;
2926 ++ user_data_ok = (session == sk->sk_user_data) ? 'Y' : 'N';
2927 ++ } else {
2928 ++ state = 0;
2929 ++ user_data_ok = 'N';
2930 ++ }
2931 ++
2932 + seq_printf(m, " SESSION '%s' %08X/%d %04X/%04X -> "
2933 + "%04X/%04X %d %c\n",
2934 + session->name, ip, port,
2935 +@@ -1656,9 +1715,7 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2936 + session->session_id,
2937 + tunnel->peer_tunnel_id,
2938 + session->peer_session_id,
2939 +- ps->sock->sk_state,
2940 +- (session == ps->sock->sk_user_data) ?
2941 +- 'Y' : 'N');
2942 ++ state, user_data_ok);
2943 + seq_printf(m, " %d/%d/%c/%c/%s %08x %u\n",
2944 + session->mtu, session->mru,
2945 + session->recv_seq ? 'R' : '-',
2946 +@@ -1675,8 +1732,12 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
2947 + atomic_long_read(&session->stats.rx_bytes),
2948 + atomic_long_read(&session->stats.rx_errors));
2949 +
2950 +- if (po)
2951 ++ if (sk) {
2952 ++ struct pppox_sock *po = pppox_sk(sk);
2953 ++
2954 + seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
2955 ++ sock_put(sk);
2956 ++ }
2957 + }
2958 +
2959 + static int pppol2tp_seq_show(struct seq_file *m, void *v)
2960 +diff --git a/net/socket.c b/net/socket.c
2961 +index 65afc8ec68d4..88abc72df2a6 100644
2962 +--- a/net/socket.c
2963 ++++ b/net/socket.c
2964 +@@ -3321,3 +3321,49 @@ int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
2965 + return sock->ops->shutdown(sock, how);
2966 + }
2967 + EXPORT_SYMBOL(kernel_sock_shutdown);
2968 ++
2969 ++/* This routine returns the IP overhead imposed by a socket i.e.
2970 ++ * the length of the underlying IP header, depending on whether
2971 ++ * this is an IPv4 or IPv6 socket and the length from IP options turned
2972 ++ * on at the socket. Assumes that the caller has a lock on the socket.
2973 ++ */
2974 ++u32 kernel_sock_ip_overhead(struct sock *sk)
2975 ++{
2976 ++ struct inet_sock *inet;
2977 ++ struct ip_options_rcu *opt;
2978 ++ u32 overhead = 0;
2979 ++ bool owned_by_user;
2980 ++#if IS_ENABLED(CONFIG_IPV6)
2981 ++ struct ipv6_pinfo *np;
2982 ++ struct ipv6_txoptions *optv6 = NULL;
2983 ++#endif /* IS_ENABLED(CONFIG_IPV6) */
2984 ++
2985 ++ if (!sk)
2986 ++ return overhead;
2987 ++
2988 ++ owned_by_user = sock_owned_by_user(sk);
2989 ++ switch (sk->sk_family) {
2990 ++ case AF_INET:
2991 ++ inet = inet_sk(sk);
2992 ++ overhead += sizeof(struct iphdr);
2993 ++ opt = rcu_dereference_protected(inet->inet_opt,
2994 ++ owned_by_user);
2995 ++ if (opt)
2996 ++ overhead += opt->opt.optlen;
2997 ++ return overhead;
2998 ++#if IS_ENABLED(CONFIG_IPV6)
2999 ++ case AF_INET6:
3000 ++ np = inet6_sk(sk);
3001 ++ overhead += sizeof(struct ipv6hdr);
3002 ++ if (np)
3003 ++ optv6 = rcu_dereference_protected(np->opt,
3004 ++ owned_by_user);
3005 ++ if (optv6)
3006 ++ overhead += (optv6->opt_flen + optv6->opt_nflen);
3007 ++ return overhead;
3008 ++#endif /* IS_ENABLED(CONFIG_IPV6) */
3009 ++ default: /* Returns 0 overhead if the socket is not ipv4 or ipv6 */
3010 ++ return overhead;
3011 ++ }
3012 ++}
3013 ++EXPORT_SYMBOL(kernel_sock_ip_overhead);
3014 +diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
3015 +index 8b29dc17c73c..2cad963c4fb7 100644
3016 +--- a/scripts/gcc-plugins/Makefile
3017 ++++ b/scripts/gcc-plugins/Makefile
3018 +@@ -9,6 +9,7 @@ else
3019 + HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti
3020 + HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb
3021 + HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable
3022 ++ HOST_EXTRACXXFLAGS += -Wno-format-diag
3023 + export HOST_EXTRACXXFLAGS
3024 + endif
3025 +
3026 +diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
3027 +index 08fe09c28bd2..6792915f5174 100644
3028 +--- a/scripts/gcc-plugins/gcc-common.h
3029 ++++ b/scripts/gcc-plugins/gcc-common.h
3030 +@@ -31,7 +31,9 @@
3031 + #include "ggc.h"
3032 + #include "timevar.h"
3033 +
3034 ++#if BUILDING_GCC_VERSION < 10000
3035 + #include "params.h"
3036 ++#endif
3037 +
3038 + #if BUILDING_GCC_VERSION <= 4009
3039 + #include "pointer-set.h"
3040 +@@ -796,6 +798,7 @@ static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree l
3041 + return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT);
3042 + }
3043 +
3044 ++#if BUILDING_GCC_VERSION < 10000
3045 + template <>
3046 + template <>
3047 + inline bool is_a_helper<const ggoto *>::test(const_gimple gs)
3048 +@@ -809,6 +812,7 @@ inline bool is_a_helper<const greturn *>::test(const_gimple gs)
3049 + {
3050 + return gs->code == GIMPLE_RETURN;
3051 + }
3052 ++#endif
3053 +
3054 + static inline gasm *as_a_gasm(gimple stmt)
3055 + {
3056 +diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
3057 +index c783fefa558a..e034dc21421e 100644
3058 +--- a/security/integrity/evm/evm_crypto.c
3059 ++++ b/security/integrity/evm/evm_crypto.c
3060 +@@ -90,7 +90,7 @@ static struct shash_desc *init_desc(char type)
3061 + algo = evm_hash;
3062 + }
3063 +
3064 +- if (*tfm == NULL) {
3065 ++ if (IS_ERR_OR_NULL(*tfm)) {
3066 + mutex_lock(&mutex);
3067 + if (*tfm)
3068 + goto out;
3069 +diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
3070 +index 44b44d7e0dbc..853a7d2333b3 100644
3071 +--- a/security/integrity/ima/ima_fs.c
3072 ++++ b/security/integrity/ima/ima_fs.c
3073 +@@ -331,8 +331,7 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
3074 + integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
3075 + "policy_update", "signed policy required",
3076 + 1, 0);
3077 +- if (ima_appraise & IMA_APPRAISE_ENFORCE)
3078 +- result = -EACCES;
3079 ++ result = -EACCES;
3080 + } else {
3081 + result = ima_parse_add_rule(data);
3082 + }
3083 +diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
3084 +index f09ae7efc695..f0052c06d065 100644
3085 +--- a/sound/core/pcm_lib.c
3086 ++++ b/sound/core/pcm_lib.c
3087 +@@ -456,6 +456,7 @@ static int snd_pcm_update_hw_ptr0(struct snd_pcm_substream *substream,
3088 +
3089 + no_delta_check:
3090 + if (runtime->status->hw_ptr == new_hw_ptr) {
3091 ++ runtime->hw_ptr_jiffies = curr_jiffies;
3092 + update_audio_tstamp(substream, &curr_tstamp, &audio_tstamp);
3093 + return 0;
3094 + }
Report Message
Find on MARC Find on Google Groups