1 |
commit: 9be44d2876e04a79365ed86a6cc3fb1ed9c3b492 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Aug 11 10:59:36 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Aug 11 10:59:36 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9be44d28 |
7 |
|
8 |
Linux patch 4.9.189 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1188_linux-4.9.189.patch | 1396 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1400 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 6e9f4e5..06f5715 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -795,6 +795,10 @@ Patch: 1187_linux-4.9.188.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.188 |
23 |
|
24 |
+Patch: 1188_linux-4.9.189.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.189 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1188_linux-4.9.189.patch b/1188_linux-4.9.189.patch |
33 |
new file mode 100644 |
34 |
index 0000000..3707b77 |
35 |
--- /dev/null |
36 |
+++ b/1188_linux-4.9.189.patch |
37 |
@@ -0,0 +1,1396 @@ |
38 |
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
39 |
+index 55a9bbbcf5e1..f4f0a1b9ba29 100644 |
40 |
+--- a/Documentation/kernel-parameters.txt |
41 |
++++ b/Documentation/kernel-parameters.txt |
42 |
+@@ -2484,6 +2484,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
43 |
+ improves system performance, but it may also |
44 |
+ expose users to several CPU vulnerabilities. |
45 |
+ Equivalent to: nopti [X86] |
46 |
++ nospectre_v1 [X86] |
47 |
+ nospectre_v2 [X86] |
48 |
+ spectre_v2_user=off [X86] |
49 |
+ spec_store_bypass_disable=off [X86] |
50 |
+@@ -2819,10 +2820,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
51 |
+ |
52 |
+ nohugeiomap [KNL,x86] Disable kernel huge I/O mappings. |
53 |
+ |
54 |
+- nospectre_v1 [PPC] Disable mitigations for Spectre Variant 1 (bounds |
55 |
+- check bypass). With this option data leaks are possible |
56 |
+- in the system. |
57 |
+- |
58 |
+ nosmt [KNL,S390] Disable symmetric multithreading (SMT). |
59 |
+ Equivalent to smt=1. |
60 |
+ |
61 |
+@@ -2830,6 +2827,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
62 |
+ nosmt=force: Force disable SMT, cannot be undone |
63 |
+ via the sysfs control file. |
64 |
+ |
65 |
++ nospectre_v1 [X86,PPC] Disable mitigations for Spectre Variant 1 |
66 |
++ (bounds check bypass). With this option data leaks are |
67 |
++ possible in the system. |
68 |
++ |
69 |
+ nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 |
70 |
+ (indirect branch prediction) vulnerability. System may |
71 |
+ allow data leaks with this option, which is equivalent |
72 |
+diff --git a/Makefile b/Makefile |
73 |
+index b6b54e6f67e8..4fdc9d984f80 100644 |
74 |
+--- a/Makefile |
75 |
++++ b/Makefile |
76 |
+@@ -1,6 +1,6 @@ |
77 |
+ VERSION = 4 |
78 |
+ PATCHLEVEL = 9 |
79 |
+-SUBLEVEL = 188 |
80 |
++SUBLEVEL = 189 |
81 |
+ EXTRAVERSION = |
82 |
+ NAME = Roaring Lionus |
83 |
+ |
84 |
+diff --git a/arch/arm/boot/dts/logicpd-som-lv.dtsi b/arch/arm/boot/dts/logicpd-som-lv.dtsi |
85 |
+index 876ed5f2922c..f82f193b8856 100644 |
86 |
+--- a/arch/arm/boot/dts/logicpd-som-lv.dtsi |
87 |
++++ b/arch/arm/boot/dts/logicpd-som-lv.dtsi |
88 |
+@@ -108,16 +108,21 @@ |
89 |
+ twl_audio: audio { |
90 |
+ compatible = "ti,twl4030-audio"; |
91 |
+ codec { |
92 |
++ ti,hs_extmute_gpio = <&gpio2 25 GPIO_ACTIVE_HIGH>; |
93 |
+ }; |
94 |
+ }; |
95 |
+ }; |
96 |
+ }; |
97 |
+ |
98 |
+ &i2c2 { |
99 |
++ pinctrl-names = "default"; |
100 |
++ pinctrl-0 = <&i2c2_pins>; |
101 |
+ clock-frequency = <400000>; |
102 |
+ }; |
103 |
+ |
104 |
+ &i2c3 { |
105 |
++ pinctrl-names = "default"; |
106 |
++ pinctrl-0 = <&i2c3_pins>; |
107 |
+ clock-frequency = <400000>; |
108 |
+ }; |
109 |
+ |
110 |
+@@ -221,6 +226,7 @@ |
111 |
+ pinctrl-single,pins = < |
112 |
+ OMAP3_CORE1_IOPAD(0x21ba, PIN_INPUT | MUX_MODE0) /* i2c1_scl.i2c1_scl */ |
113 |
+ OMAP3_CORE1_IOPAD(0x21bc, PIN_INPUT | MUX_MODE0) /* i2c1_sda.i2c1_sda */ |
114 |
++ OMAP3_CORE1_IOPAD(0x20ba, PIN_OUTPUT | MUX_MODE4) /* gpmc_ncs6.gpio_57 */ |
115 |
+ >; |
116 |
+ }; |
117 |
+ }; |
118 |
+@@ -239,6 +245,18 @@ |
119 |
+ OMAP3_WKUP_IOPAD(0x2a0c, PIN_OUTPUT | MUX_MODE4) /* sys_boot1.gpio_3 */ |
120 |
+ >; |
121 |
+ }; |
122 |
++ i2c2_pins: pinmux_i2c2_pins { |
123 |
++ pinctrl-single,pins = < |
124 |
++ OMAP3_CORE1_IOPAD(0x21be, PIN_INPUT | MUX_MODE0) /* i2c2_scl */ |
125 |
++ OMAP3_CORE1_IOPAD(0x21c0, PIN_INPUT | MUX_MODE0) /* i2c2_sda */ |
126 |
++ >; |
127 |
++ }; |
128 |
++ i2c3_pins: pinmux_i2c3_pins { |
129 |
++ pinctrl-single,pins = < |
130 |
++ OMAP3_CORE1_IOPAD(0x21c2, PIN_INPUT | MUX_MODE0) /* i2c3_scl */ |
131 |
++ OMAP3_CORE1_IOPAD(0x21c4, PIN_INPUT | MUX_MODE0) /* i2c3_sda */ |
132 |
++ >; |
133 |
++ }; |
134 |
+ }; |
135 |
+ |
136 |
+ &omap3_pmx_core2 { |
137 |
+diff --git a/arch/arm/boot/dts/logicpd-torpedo-som.dtsi b/arch/arm/boot/dts/logicpd-torpedo-som.dtsi |
138 |
+index 08f0a35dc0d1..ceb49d15d243 100644 |
139 |
+--- a/arch/arm/boot/dts/logicpd-torpedo-som.dtsi |
140 |
++++ b/arch/arm/boot/dts/logicpd-torpedo-som.dtsi |
141 |
+@@ -117,10 +117,14 @@ |
142 |
+ }; |
143 |
+ |
144 |
+ &i2c2 { |
145 |
++ pinctrl-names = "default"; |
146 |
++ pinctrl-0 = <&i2c2_pins>; |
147 |
+ clock-frequency = <400000>; |
148 |
+ }; |
149 |
+ |
150 |
+ &i2c3 { |
151 |
++ pinctrl-names = "default"; |
152 |
++ pinctrl-0 = <&i2c3_pins>; |
153 |
+ clock-frequency = <400000>; |
154 |
+ at24@50 { |
155 |
+ compatible = "atmel,24c64"; |
156 |
+@@ -215,6 +219,18 @@ |
157 |
+ OMAP3_CORE1_IOPAD(0x21bc, PIN_INPUT | MUX_MODE0) /* i2c1_sda.i2c1_sda */ |
158 |
+ >; |
159 |
+ }; |
160 |
++ i2c2_pins: pinmux_i2c2_pins { |
161 |
++ pinctrl-single,pins = < |
162 |
++ OMAP3_CORE1_IOPAD(0x21be, PIN_INPUT | MUX_MODE0) /* i2c2_scl */ |
163 |
++ OMAP3_CORE1_IOPAD(0x21c0, PIN_INPUT | MUX_MODE0) /* i2c2_sda */ |
164 |
++ >; |
165 |
++ }; |
166 |
++ i2c3_pins: pinmux_i2c3_pins { |
167 |
++ pinctrl-single,pins = < |
168 |
++ OMAP3_CORE1_IOPAD(0x21c2, PIN_INPUT | MUX_MODE0) /* i2c3_scl */ |
169 |
++ OMAP3_CORE1_IOPAD(0x21c4, PIN_INPUT | MUX_MODE0) /* i2c3_sda */ |
170 |
++ >; |
171 |
++ }; |
172 |
+ }; |
173 |
+ |
174 |
+ &uart2 { |
175 |
+diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h |
176 |
+index 15868eca58de..e7bef3d936d8 100644 |
177 |
+--- a/arch/arm64/include/asm/cpufeature.h |
178 |
++++ b/arch/arm64/include/asm/cpufeature.h |
179 |
+@@ -31,9 +31,10 @@ |
180 |
+ |
181 |
+ /* CPU feature register tracking */ |
182 |
+ enum ftr_type { |
183 |
+- FTR_EXACT, /* Use a predefined safe value */ |
184 |
+- FTR_LOWER_SAFE, /* Smaller value is safe */ |
185 |
+- FTR_HIGHER_SAFE,/* Bigger value is safe */ |
186 |
++ FTR_EXACT, /* Use a predefined safe value */ |
187 |
++ FTR_LOWER_SAFE, /* Smaller value is safe */ |
188 |
++ FTR_HIGHER_SAFE, /* Bigger value is safe */ |
189 |
++ FTR_HIGHER_OR_ZERO_SAFE, /* Bigger value is safe, but 0 is biggest */ |
190 |
+ }; |
191 |
+ |
192 |
+ #define FTR_STRICT true /* SANITY check strict matching required */ |
193 |
+diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c |
194 |
+index a3ab7dfad50a..9a8e45dc36bd 100644 |
195 |
+--- a/arch/arm64/kernel/cpufeature.c |
196 |
++++ b/arch/arm64/kernel/cpufeature.c |
197 |
+@@ -148,10 +148,12 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr2[] = { |
198 |
+ }; |
199 |
+ |
200 |
+ static const struct arm64_ftr_bits ftr_ctr[] = { |
201 |
+- ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 31, 1, 1), /* RAO */ |
202 |
+- ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 28, 3, 0), |
203 |
+- ARM64_FTR_BITS(FTR_STRICT, FTR_HIGHER_SAFE, 24, 4, 0), /* CWG */ |
204 |
+- ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, 20, 4, 0), /* ERG */ |
205 |
++ ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 31, 1, 1), /* RES1 */ |
206 |
++ ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 30, 1, 0), |
207 |
++ ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, 29, 1, 1), /* DIC */ |
208 |
++ ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, 28, 1, 1), /* IDC */ |
209 |
++ ARM64_FTR_BITS(FTR_STRICT, FTR_HIGHER_OR_ZERO_SAFE, 24, 4, 0), /* CWG */ |
210 |
++ ARM64_FTR_BITS(FTR_STRICT, FTR_HIGHER_OR_ZERO_SAFE, 20, 4, 0), /* ERG */ |
211 |
+ ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, CTR_DMINLINE_SHIFT, 4, 1), |
212 |
+ /* |
213 |
+ * Linux can handle differing I-cache policies. Userspace JITs will |
214 |
+@@ -390,6 +392,10 @@ static s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, |
215 |
+ case FTR_LOWER_SAFE: |
216 |
+ ret = new < cur ? new : cur; |
217 |
+ break; |
218 |
++ case FTR_HIGHER_OR_ZERO_SAFE: |
219 |
++ if (!cur || !new) |
220 |
++ break; |
221 |
++ /* Fallthrough */ |
222 |
+ case FTR_HIGHER_SAFE: |
223 |
+ ret = new > cur ? new : cur; |
224 |
+ break; |
225 |
+diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h |
226 |
+index 9a9e5884066c..8af8c070f213 100644 |
227 |
+--- a/arch/x86/entry/calling.h |
228 |
++++ b/arch/x86/entry/calling.h |
229 |
+@@ -1,4 +1,5 @@ |
230 |
+ #include <linux/jump_label.h> |
231 |
++#include <asm/cpufeatures.h> |
232 |
+ |
233 |
+ /* |
234 |
+ |
235 |
+@@ -201,6 +202,23 @@ For 32-bit we have the following conventions - kernel is built with |
236 |
+ .byte 0xf1 |
237 |
+ .endm |
238 |
+ |
239 |
++/* |
240 |
++ * Mitigate Spectre v1 for conditional swapgs code paths. |
241 |
++ * |
242 |
++ * FENCE_SWAPGS_USER_ENTRY is used in the user entry swapgs code path, to |
243 |
++ * prevent a speculative swapgs when coming from kernel space. |
244 |
++ * |
245 |
++ * FENCE_SWAPGS_KERNEL_ENTRY is used in the kernel entry non-swapgs code path, |
246 |
++ * to prevent the swapgs from getting speculatively skipped when coming from |
247 |
++ * user space. |
248 |
++ */ |
249 |
++.macro FENCE_SWAPGS_USER_ENTRY |
250 |
++ ALTERNATIVE "", "lfence", X86_FEATURE_FENCE_SWAPGS_USER |
251 |
++.endm |
252 |
++.macro FENCE_SWAPGS_KERNEL_ENTRY |
253 |
++ ALTERNATIVE "", "lfence", X86_FEATURE_FENCE_SWAPGS_KERNEL |
254 |
++.endm |
255 |
++ |
256 |
+ #endif /* CONFIG_X86_64 */ |
257 |
+ |
258 |
+ /* |
259 |
+diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
260 |
+index 8252d9dc48eb..10ecfba43dff 100644 |
261 |
+--- a/arch/x86/entry/entry_64.S |
262 |
++++ b/arch/x86/entry/entry_64.S |
263 |
+@@ -420,6 +420,7 @@ END(irq_entries_start) |
264 |
+ * tracking that we're in kernel mode. |
265 |
+ */ |
266 |
+ SWAPGS |
267 |
++ FENCE_SWAPGS_USER_ENTRY |
268 |
+ SWITCH_KERNEL_CR3 |
269 |
+ |
270 |
+ /* |
271 |
+@@ -433,8 +434,10 @@ END(irq_entries_start) |
272 |
+ TRACE_IRQS_OFF |
273 |
+ |
274 |
+ CALL_enter_from_user_mode |
275 |
+- |
276 |
++ jmp 2f |
277 |
+ 1: |
278 |
++ FENCE_SWAPGS_KERNEL_ENTRY |
279 |
++2: |
280 |
+ /* |
281 |
+ * Save previous stack pointer, optionally switch to interrupt stack. |
282 |
+ * irq_count is used to check if a CPU is already on an interrupt stack |
283 |
+@@ -1004,6 +1007,13 @@ ENTRY(paranoid_entry) |
284 |
+ movq %rax, %cr3 |
285 |
+ 2: |
286 |
+ #endif |
287 |
++ /* |
288 |
++ * The above doesn't do an unconditional CR3 write, even in the PTI |
289 |
++ * case. So do an lfence to prevent GS speculation, regardless of |
290 |
++ * whether PTI is enabled. |
291 |
++ */ |
292 |
++ FENCE_SWAPGS_KERNEL_ENTRY |
293 |
++ |
294 |
+ ret |
295 |
+ END(paranoid_entry) |
296 |
+ |
297 |
+@@ -1065,6 +1075,7 @@ ENTRY(error_entry) |
298 |
+ * from user mode due to an IRET fault. |
299 |
+ */ |
300 |
+ SWAPGS |
301 |
++ FENCE_SWAPGS_USER_ENTRY |
302 |
+ |
303 |
+ .Lerror_entry_from_usermode_after_swapgs: |
304 |
+ /* |
305 |
+@@ -1076,6 +1087,8 @@ ENTRY(error_entry) |
306 |
+ CALL_enter_from_user_mode |
307 |
+ ret |
308 |
+ |
309 |
++.Lerror_entry_done_lfence: |
310 |
++ FENCE_SWAPGS_KERNEL_ENTRY |
311 |
+ .Lerror_entry_done: |
312 |
+ TRACE_IRQS_OFF |
313 |
+ ret |
314 |
+@@ -1094,7 +1107,7 @@ ENTRY(error_entry) |
315 |
+ cmpq %rax, RIP+8(%rsp) |
316 |
+ je .Lbstep_iret |
317 |
+ cmpq $.Lgs_change, RIP+8(%rsp) |
318 |
+- jne .Lerror_entry_done |
319 |
++ jne .Lerror_entry_done_lfence |
320 |
+ |
321 |
+ /* |
322 |
+ * hack: .Lgs_change can fail with user gsbase. If this happens, fix up |
323 |
+@@ -1102,6 +1115,7 @@ ENTRY(error_entry) |
324 |
+ * .Lgs_change's error handler with kernel gsbase. |
325 |
+ */ |
326 |
+ SWAPGS |
327 |
++ FENCE_SWAPGS_USER_ENTRY |
328 |
+ jmp .Lerror_entry_done |
329 |
+ |
330 |
+ .Lbstep_iret: |
331 |
+@@ -1115,6 +1129,7 @@ ENTRY(error_entry) |
332 |
+ * Switch to kernel gsbase: |
333 |
+ */ |
334 |
+ SWAPGS |
335 |
++ FENCE_SWAPGS_USER_ENTRY |
336 |
+ |
337 |
+ /* |
338 |
+ * Pretend that the exception came from user mode: set up pt_regs |
339 |
+@@ -1211,6 +1226,7 @@ ENTRY(nmi) |
340 |
+ * to switch CR3 here. |
341 |
+ */ |
342 |
+ cld |
343 |
++ FENCE_SWAPGS_USER_ENTRY |
344 |
+ movq %rsp, %rdx |
345 |
+ movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp |
346 |
+ pushq 5*8(%rdx) /* pt_regs->ss */ |
347 |
+@@ -1499,6 +1515,7 @@ end_repeat_nmi: |
348 |
+ movq %rax, %cr3 |
349 |
+ 2: |
350 |
+ #endif |
351 |
++ FENCE_SWAPGS_KERNEL_ENTRY |
352 |
+ |
353 |
+ /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
354 |
+ call do_nmi |
355 |
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
356 |
+index 06de338be0d8..3a972da155d6 100644 |
357 |
+--- a/arch/x86/include/asm/cpufeatures.h |
358 |
++++ b/arch/x86/include/asm/cpufeatures.h |
359 |
+@@ -192,7 +192,8 @@ |
360 |
+ |
361 |
+ #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ |
362 |
+ #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ |
363 |
+- |
364 |
++#define X86_FEATURE_FENCE_SWAPGS_USER ( 7*32+10) /* "" LFENCE in user entry SWAPGS path */ |
365 |
++#define X86_FEATURE_FENCE_SWAPGS_KERNEL ( 7*32+11) /* "" LFENCE in kernel entry SWAPGS path */ |
366 |
+ #define X86_FEATURE_RETPOLINE ( 7*32+12) /* "" Generic Retpoline mitigation for Spectre variant 2 */ |
367 |
+ #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */ |
368 |
+ |
369 |
+@@ -201,9 +202,6 @@ |
370 |
+ |
371 |
+ #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */ |
372 |
+ |
373 |
+-/* Because the ALTERNATIVE scheme is for members of the X86_FEATURE club... */ |
374 |
+-#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ |
375 |
+- |
376 |
+ #define X86_FEATURE_USE_IBPB ( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */ |
377 |
+ #define X86_FEATURE_USE_IBRS_FW ( 7*32+22) /* "" Use IBRS during runtime firmware calls */ |
378 |
+ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */ |
379 |
+@@ -214,6 +212,7 @@ |
380 |
+ #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */ |
381 |
+ #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ |
382 |
+ #define X86_FEATURE_IBRS_ENHANCED ( 7*32+30) /* Enhanced IBRS */ |
383 |
++#define X86_FEATURE_KAISER ( 7*32+31) /* CONFIG_PAGE_TABLE_ISOLATION w/o nokaiser */ |
384 |
+ |
385 |
+ /* Virtualization flags: Linux defined, word 8 */ |
386 |
+ #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ |
387 |
+@@ -357,5 +356,6 @@ |
388 |
+ #define X86_BUG_L1TF X86_BUG(18) /* CPU is affected by L1 Terminal Fault */ |
389 |
+ #define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */ |
390 |
+ #define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */ |
391 |
++#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */ |
392 |
+ |
393 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |
394 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
395 |
+index a4f343ac042e..2a42fef275ad 100644 |
396 |
+--- a/arch/x86/kernel/cpu/bugs.c |
397 |
++++ b/arch/x86/kernel/cpu/bugs.c |
398 |
+@@ -31,6 +31,7 @@ |
399 |
+ #include <asm/intel-family.h> |
400 |
+ #include <asm/e820.h> |
401 |
+ |
402 |
++static void __init spectre_v1_select_mitigation(void); |
403 |
+ static void __init spectre_v2_select_mitigation(void); |
404 |
+ static void __init ssb_select_mitigation(void); |
405 |
+ static void __init l1tf_select_mitigation(void); |
406 |
+@@ -95,17 +96,11 @@ void __init check_bugs(void) |
407 |
+ if (boot_cpu_has(X86_FEATURE_STIBP)) |
408 |
+ x86_spec_ctrl_mask |= SPEC_CTRL_STIBP; |
409 |
+ |
410 |
+- /* Select the proper spectre mitigation before patching alternatives */ |
411 |
++ /* Select the proper CPU mitigations before patching alternatives: */ |
412 |
++ spectre_v1_select_mitigation(); |
413 |
+ spectre_v2_select_mitigation(); |
414 |
+- |
415 |
+- /* |
416 |
+- * Select proper mitigation for any exposure to the Speculative Store |
417 |
+- * Bypass vulnerability. |
418 |
+- */ |
419 |
+ ssb_select_mitigation(); |
420 |
+- |
421 |
+ l1tf_select_mitigation(); |
422 |
+- |
423 |
+ mds_select_mitigation(); |
424 |
+ |
425 |
+ arch_smt_update(); |
426 |
+@@ -270,6 +265,98 @@ static int __init mds_cmdline(char *str) |
427 |
+ } |
428 |
+ early_param("mds", mds_cmdline); |
429 |
+ |
430 |
++#undef pr_fmt |
431 |
++#define pr_fmt(fmt) "Spectre V1 : " fmt |
432 |
++ |
433 |
++enum spectre_v1_mitigation { |
434 |
++ SPECTRE_V1_MITIGATION_NONE, |
435 |
++ SPECTRE_V1_MITIGATION_AUTO, |
436 |
++}; |
437 |
++ |
438 |
++static enum spectre_v1_mitigation spectre_v1_mitigation __ro_after_init = |
439 |
++ SPECTRE_V1_MITIGATION_AUTO; |
440 |
++ |
441 |
++static const char * const spectre_v1_strings[] = { |
442 |
++ [SPECTRE_V1_MITIGATION_NONE] = "Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers", |
443 |
++ [SPECTRE_V1_MITIGATION_AUTO] = "Mitigation: usercopy/swapgs barriers and __user pointer sanitization", |
444 |
++}; |
445 |
++ |
446 |
++/* |
447 |
++ * Does SMAP provide full mitigation against speculative kernel access to |
448 |
++ * userspace? |
449 |
++ */ |
450 |
++static bool smap_works_speculatively(void) |
451 |
++{ |
452 |
++ if (!boot_cpu_has(X86_FEATURE_SMAP)) |
453 |
++ return false; |
454 |
++ |
455 |
++ /* |
456 |
++ * On CPUs which are vulnerable to Meltdown, SMAP does not |
457 |
++ * prevent speculative access to user data in the L1 cache. |
458 |
++ * Consider SMAP to be non-functional as a mitigation on these |
459 |
++ * CPUs. |
460 |
++ */ |
461 |
++ if (boot_cpu_has(X86_BUG_CPU_MELTDOWN)) |
462 |
++ return false; |
463 |
++ |
464 |
++ return true; |
465 |
++} |
466 |
++ |
467 |
++static void __init spectre_v1_select_mitigation(void) |
468 |
++{ |
469 |
++ if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) { |
470 |
++ spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE; |
471 |
++ return; |
472 |
++ } |
473 |
++ |
474 |
++ if (spectre_v1_mitigation == SPECTRE_V1_MITIGATION_AUTO) { |
475 |
++ /* |
476 |
++ * With Spectre v1, a user can speculatively control either |
477 |
++ * path of a conditional swapgs with a user-controlled GS |
478 |
++ * value. The mitigation is to add lfences to both code paths. |
479 |
++ * |
480 |
++ * If FSGSBASE is enabled, the user can put a kernel address in |
481 |
++ * GS, in which case SMAP provides no protection. |
482 |
++ * |
483 |
++ * [ NOTE: Don't check for X86_FEATURE_FSGSBASE until the |
484 |
++ * FSGSBASE enablement patches have been merged. ] |
485 |
++ * |
486 |
++ * If FSGSBASE is disabled, the user can only put a user space |
487 |
++ * address in GS. That makes an attack harder, but still |
488 |
++ * possible if there's no SMAP protection. |
489 |
++ */ |
490 |
++ if (!smap_works_speculatively()) { |
491 |
++ /* |
492 |
++ * Mitigation can be provided from SWAPGS itself or |
493 |
++ * PTI as the CR3 write in the Meltdown mitigation |
494 |
++ * is serializing. |
495 |
++ * |
496 |
++ * If neither is there, mitigate with an LFENCE to |
497 |
++ * stop speculation through swapgs. |
498 |
++ */ |
499 |
++ if (boot_cpu_has_bug(X86_BUG_SWAPGS) && |
500 |
++ !boot_cpu_has(X86_FEATURE_KAISER)) |
501 |
++ setup_force_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER); |
502 |
++ |
503 |
++ /* |
504 |
++ * Enable lfences in the kernel entry (non-swapgs) |
505 |
++ * paths, to prevent user entry from speculatively |
506 |
++ * skipping swapgs. |
507 |
++ */ |
508 |
++ setup_force_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL); |
509 |
++ } |
510 |
++ } |
511 |
++ |
512 |
++ pr_info("%s\n", spectre_v1_strings[spectre_v1_mitigation]); |
513 |
++} |
514 |
++ |
515 |
++static int __init nospectre_v1_cmdline(char *str) |
516 |
++{ |
517 |
++ spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE; |
518 |
++ return 0; |
519 |
++} |
520 |
++early_param("nospectre_v1", nospectre_v1_cmdline); |
521 |
++ |
522 |
+ #undef pr_fmt |
523 |
+ #define pr_fmt(fmt) "Spectre V2 : " fmt |
524 |
+ |
525 |
+@@ -1265,7 +1352,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr |
526 |
+ break; |
527 |
+ |
528 |
+ case X86_BUG_SPECTRE_V1: |
529 |
+- return sprintf(buf, "Mitigation: __user pointer sanitization\n"); |
530 |
++ return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]); |
531 |
+ |
532 |
+ case X86_BUG_SPECTRE_V2: |
533 |
+ return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
534 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
535 |
+index cda130dc56b9..12fa16051871 100644 |
536 |
+--- a/arch/x86/kernel/cpu/common.c |
537 |
++++ b/arch/x86/kernel/cpu/common.c |
538 |
+@@ -897,6 +897,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
539 |
+ #define NO_L1TF BIT(3) |
540 |
+ #define NO_MDS BIT(4) |
541 |
+ #define MSBDS_ONLY BIT(5) |
542 |
++#define NO_SWAPGS BIT(6) |
543 |
+ |
544 |
+ #define VULNWL(_vendor, _family, _model, _whitelist) \ |
545 |
+ { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } |
546 |
+@@ -920,29 +921,37 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
547 |
+ VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION), |
548 |
+ VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION), |
549 |
+ |
550 |
+- VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY), |
551 |
+- VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY), |
552 |
+- VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY), |
553 |
+- VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY), |
554 |
+- VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY), |
555 |
+- VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY), |
556 |
++ VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
557 |
++ VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
558 |
++ VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
559 |
++ VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
560 |
++ VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
561 |
++ VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
562 |
+ |
563 |
+ VULNWL_INTEL(CORE_YONAH, NO_SSB), |
564 |
+ |
565 |
+- VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY), |
566 |
++ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS), |
567 |
+ |
568 |
+- VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF), |
569 |
+- VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF), |
570 |
+- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF), |
571 |
++ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS), |
572 |
++ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF | NO_SWAPGS), |
573 |
++ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS), |
574 |
++ |
575 |
++ /* |
576 |
++ * Technically, swapgs isn't serializing on AMD (despite it previously |
577 |
++ * being documented as such in the APM). But according to AMD, %gs is |
578 |
++ * updated non-speculatively, and the issuing of %gs-relative memory |
579 |
++ * operands will be blocked until the %gs update completes, which is |
580 |
++ * good enough for our purposes. |
581 |
++ */ |
582 |
+ |
583 |
+ /* AMD Family 0xf - 0x12 */ |
584 |
+- VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), |
585 |
+- VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), |
586 |
+- VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), |
587 |
+- VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), |
588 |
++ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), |
589 |
++ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), |
590 |
++ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), |
591 |
++ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), |
592 |
+ |
593 |
+ /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ |
594 |
+- VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS), |
595 |
++ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS), |
596 |
+ {} |
597 |
+ }; |
598 |
+ |
599 |
+@@ -979,6 +988,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
600 |
+ setup_force_cpu_bug(X86_BUG_MSBDS_ONLY); |
601 |
+ } |
602 |
+ |
603 |
++ if (!cpu_matches(NO_SWAPGS)) |
604 |
++ setup_force_cpu_bug(X86_BUG_SWAPGS); |
605 |
++ |
606 |
+ if (cpu_matches(NO_MELTDOWN)) |
607 |
+ return; |
608 |
+ |
609 |
+diff --git a/block/blk-core.c b/block/blk-core.c |
610 |
+index 77b99bf16c83..bdb906bbfe19 100644 |
611 |
+--- a/block/blk-core.c |
612 |
++++ b/block/blk-core.c |
613 |
+@@ -881,6 +881,7 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn, |
614 |
+ |
615 |
+ fail: |
616 |
+ blk_free_flush_queue(q->fq); |
617 |
++ q->fq = NULL; |
618 |
+ return NULL; |
619 |
+ } |
620 |
+ EXPORT_SYMBOL(blk_init_allocated_queue); |
621 |
+diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c |
622 |
+index b2756765950e..fe47c924dc64 100644 |
623 |
+--- a/drivers/atm/iphase.c |
624 |
++++ b/drivers/atm/iphase.c |
625 |
+@@ -63,6 +63,7 @@ |
626 |
+ #include <asm/byteorder.h> |
627 |
+ #include <linux/vmalloc.h> |
628 |
+ #include <linux/jiffies.h> |
629 |
++#include <linux/nospec.h> |
630 |
+ #include "iphase.h" |
631 |
+ #include "suni.h" |
632 |
+ #define swap_byte_order(x) (((x & 0xff) << 8) | ((x & 0xff00) >> 8)) |
633 |
+@@ -2760,8 +2761,11 @@ static int ia_ioctl(struct atm_dev *dev, unsigned int cmd, void __user *arg) |
634 |
+ } |
635 |
+ if (copy_from_user(&ia_cmds, arg, sizeof ia_cmds)) return -EFAULT; |
636 |
+ board = ia_cmds.status; |
637 |
+- if ((board < 0) || (board > iadev_count)) |
638 |
+- board = 0; |
639 |
++ |
640 |
++ if ((board < 0) || (board > iadev_count)) |
641 |
++ board = 0; |
642 |
++ board = array_index_nospec(board, iadev_count + 1); |
643 |
++ |
644 |
+ iadev = ia_dev[board]; |
645 |
+ switch (ia_cmds.cmd) { |
646 |
+ case MEMDUMP: |
647 |
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
648 |
+index 6f4c84d824e6..25c006338100 100644 |
649 |
+--- a/drivers/hid/hid-ids.h |
650 |
++++ b/drivers/hid/hid-ids.h |
651 |
+@@ -509,6 +509,7 @@ |
652 |
+ #define USB_PRODUCT_ID_HP_LOGITECH_OEM_USB_OPTICAL_MOUSE_0A4A 0x0a4a |
653 |
+ #define USB_PRODUCT_ID_HP_LOGITECH_OEM_USB_OPTICAL_MOUSE_0B4A 0x0b4a |
654 |
+ #define USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE 0x134a |
655 |
++#define USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_0641 0x0641 |
656 |
+ |
657 |
+ #define USB_VENDOR_ID_HUION 0x256c |
658 |
+ #define USB_DEVICE_ID_HUION_TABLET 0x006e |
659 |
+diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c |
660 |
+index 617ae294a318..e851926be8b0 100644 |
661 |
+--- a/drivers/hid/usbhid/hid-quirks.c |
662 |
++++ b/drivers/hid/usbhid/hid-quirks.c |
663 |
+@@ -98,6 +98,7 @@ static const struct hid_blacklist { |
664 |
+ { USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_LOGITECH_OEM_USB_OPTICAL_MOUSE_0A4A, HID_QUIRK_ALWAYS_POLL }, |
665 |
+ { USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_LOGITECH_OEM_USB_OPTICAL_MOUSE_0B4A, HID_QUIRK_ALWAYS_POLL }, |
666 |
+ { USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE, HID_QUIRK_ALWAYS_POLL }, |
667 |
++ { USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_0641, HID_QUIRK_ALWAYS_POLL }, |
668 |
+ { USB_VENDOR_ID_LOGITECH, USB_DEVICE_ID_LOGITECH_C077, HID_QUIRK_ALWAYS_POLL }, |
669 |
+ { USB_VENDOR_ID_LOGITECH, USB_DEVICE_ID_LOGITECH_KEYBOARD_G710_PLUS, HID_QUIRK_NOGET }, |
670 |
+ { USB_VENDOR_ID_LOGITECH, USB_DEVICE_ID_LOGITECH_MOUSE_C01A, HID_QUIRK_ALWAYS_POLL }, |
671 |
+diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c |
672 |
+index b1ad378cb2a6..6c3bf8846b52 100644 |
673 |
+--- a/drivers/hid/wacom_wac.c |
674 |
++++ b/drivers/hid/wacom_wac.c |
675 |
+@@ -529,14 +529,14 @@ static int wacom_intuos_pad(struct wacom_wac *wacom) |
676 |
+ */ |
677 |
+ buttons = (data[4] << 1) | (data[3] & 0x01); |
678 |
+ } else if (features->type == CINTIQ_COMPANION_2) { |
679 |
+- /* d-pad right -> data[4] & 0x10 |
680 |
+- * d-pad up -> data[4] & 0x20 |
681 |
+- * d-pad left -> data[4] & 0x40 |
682 |
+- * d-pad down -> data[4] & 0x80 |
683 |
+- * d-pad center -> data[3] & 0x01 |
684 |
++ /* d-pad right -> data[2] & 0x10 |
685 |
++ * d-pad up -> data[2] & 0x20 |
686 |
++ * d-pad left -> data[2] & 0x40 |
687 |
++ * d-pad down -> data[2] & 0x80 |
688 |
++ * d-pad center -> data[1] & 0x01 |
689 |
+ */ |
690 |
+ buttons = ((data[2] >> 4) << 7) | |
691 |
+- ((data[1] & 0x04) << 6) | |
692 |
++ ((data[1] & 0x04) << 4) | |
693 |
+ ((data[2] & 0x0F) << 2) | |
694 |
+ (data[1] & 0x03); |
695 |
+ } else if (features->type >= INTUOS5S && features->type <= INTUOSPL) { |
696 |
+diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c |
697 |
+index 978b8d94f9a4..1baa25e82bdd 100644 |
698 |
+--- a/drivers/infiniband/core/addr.c |
699 |
++++ b/drivers/infiniband/core/addr.c |
700 |
+@@ -735,14 +735,13 @@ int rdma_addr_find_l2_eth_by_grh(const union ib_gid *sgid, |
701 |
+ struct net_device *dev; |
702 |
+ |
703 |
+ union { |
704 |
+- struct sockaddr _sockaddr; |
705 |
+ struct sockaddr_in _sockaddr_in; |
706 |
+ struct sockaddr_in6 _sockaddr_in6; |
707 |
+ } sgid_addr, dgid_addr; |
708 |
+ |
709 |
+ |
710 |
+- rdma_gid2ip(&sgid_addr._sockaddr, sgid); |
711 |
+- rdma_gid2ip(&dgid_addr._sockaddr, dgid); |
712 |
++ rdma_gid2ip((struct sockaddr *)&sgid_addr, sgid); |
713 |
++ rdma_gid2ip((struct sockaddr *)&dgid_addr, dgid); |
714 |
+ |
715 |
+ memset(&dev_addr, 0, sizeof(dev_addr)); |
716 |
+ if (if_index) |
717 |
+@@ -751,8 +750,9 @@ int rdma_addr_find_l2_eth_by_grh(const union ib_gid *sgid, |
718 |
+ |
719 |
+ ctx.addr = &dev_addr; |
720 |
+ init_completion(&ctx.comp); |
721 |
+- ret = rdma_resolve_ip(&self, &sgid_addr._sockaddr, &dgid_addr._sockaddr, |
722 |
+- &dev_addr, 1000, resolve_cb, &ctx); |
723 |
++ ret = rdma_resolve_ip(&self, (struct sockaddr *)&sgid_addr, |
724 |
++ (struct sockaddr *)&dgid_addr, &dev_addr, 1000, |
725 |
++ resolve_cb, &ctx); |
726 |
+ if (ret) |
727 |
+ return ret; |
728 |
+ |
729 |
+@@ -782,16 +782,15 @@ int rdma_addr_find_smac_by_sgid(union ib_gid *sgid, u8 *smac, u16 *vlan_id) |
730 |
+ int ret = 0; |
731 |
+ struct rdma_dev_addr dev_addr; |
732 |
+ union { |
733 |
+- struct sockaddr _sockaddr; |
734 |
+ struct sockaddr_in _sockaddr_in; |
735 |
+ struct sockaddr_in6 _sockaddr_in6; |
736 |
+ } gid_addr; |
737 |
+ |
738 |
+- rdma_gid2ip(&gid_addr._sockaddr, sgid); |
739 |
++ rdma_gid2ip((struct sockaddr *)&gid_addr, sgid); |
740 |
+ |
741 |
+ memset(&dev_addr, 0, sizeof(dev_addr)); |
742 |
+ dev_addr.net = &init_net; |
743 |
+- ret = rdma_translate_ip(&gid_addr._sockaddr, &dev_addr, vlan_id); |
744 |
++ ret = rdma_translate_ip((struct sockaddr *)&gid_addr, &dev_addr, vlan_id); |
745 |
+ if (ret) |
746 |
+ return ret; |
747 |
+ |
748 |
+diff --git a/drivers/infiniband/core/sa_query.c b/drivers/infiniband/core/sa_query.c |
749 |
+index 4baf3b864a57..5879a06ada93 100644 |
750 |
+--- a/drivers/infiniband/core/sa_query.c |
751 |
++++ b/drivers/infiniband/core/sa_query.c |
752 |
+@@ -1109,7 +1109,6 @@ int ib_init_ah_from_path(struct ib_device *device, u8 port_num, |
753 |
+ .net = rec->net ? rec->net : |
754 |
+ &init_net}; |
755 |
+ union { |
756 |
+- struct sockaddr _sockaddr; |
757 |
+ struct sockaddr_in _sockaddr_in; |
758 |
+ struct sockaddr_in6 _sockaddr_in6; |
759 |
+ } sgid_addr, dgid_addr; |
760 |
+@@ -1117,12 +1116,13 @@ int ib_init_ah_from_path(struct ib_device *device, u8 port_num, |
761 |
+ if (!device->get_netdev) |
762 |
+ return -EOPNOTSUPP; |
763 |
+ |
764 |
+- rdma_gid2ip(&sgid_addr._sockaddr, &rec->sgid); |
765 |
+- rdma_gid2ip(&dgid_addr._sockaddr, &rec->dgid); |
766 |
++ rdma_gid2ip((struct sockaddr *)&sgid_addr, &rec->sgid); |
767 |
++ rdma_gid2ip((struct sockaddr *)&dgid_addr, &rec->dgid); |
768 |
+ |
769 |
+ /* validate the route */ |
770 |
+- ret = rdma_resolve_ip_route(&sgid_addr._sockaddr, |
771 |
+- &dgid_addr._sockaddr, &dev_addr); |
772 |
++ ret = rdma_resolve_ip_route((struct sockaddr *)&sgid_addr, |
773 |
++ (struct sockaddr *)&dgid_addr, |
774 |
++ &dev_addr); |
775 |
+ if (ret) |
776 |
+ return ret; |
777 |
+ |
778 |
+diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_ah.c b/drivers/infiniband/hw/ocrdma/ocrdma_ah.c |
779 |
+index 797362a297b2..35efd40ba47f 100644 |
780 |
+--- a/drivers/infiniband/hw/ocrdma/ocrdma_ah.c |
781 |
++++ b/drivers/infiniband/hw/ocrdma/ocrdma_ah.c |
782 |
+@@ -82,7 +82,6 @@ static inline int set_av_attr(struct ocrdma_dev *dev, struct ocrdma_ah *ah, |
783 |
+ u8 nxthdr = 0x11; |
784 |
+ struct iphdr ipv4; |
785 |
+ union { |
786 |
+- struct sockaddr _sockaddr; |
787 |
+ struct sockaddr_in _sockaddr_in; |
788 |
+ struct sockaddr_in6 _sockaddr_in6; |
789 |
+ } sgid_addr, dgid_addr; |
790 |
+@@ -131,9 +130,9 @@ static inline int set_av_attr(struct ocrdma_dev *dev, struct ocrdma_ah *ah, |
791 |
+ ipv4.tot_len = htons(0); |
792 |
+ ipv4.ttl = attr->grh.hop_limit; |
793 |
+ ipv4.protocol = nxthdr; |
794 |
+- rdma_gid2ip(&sgid_addr._sockaddr, sgid); |
795 |
++ rdma_gid2ip((struct sockaddr *)&sgid_addr, sgid); |
796 |
+ ipv4.saddr = sgid_addr._sockaddr_in.sin_addr.s_addr; |
797 |
+- rdma_gid2ip(&dgid_addr._sockaddr, &attr->grh.dgid); |
798 |
++ rdma_gid2ip((struct sockaddr *)&dgid_addr, &attr->grh.dgid); |
799 |
+ ipv4.daddr = dgid_addr._sockaddr_in.sin_addr.s_addr; |
800 |
+ memcpy((u8 *)ah->av + eth_sz, &ipv4, sizeof(struct iphdr)); |
801 |
+ } else { |
802 |
+diff --git a/drivers/infiniband/hw/ocrdma/ocrdma_hw.c b/drivers/infiniband/hw/ocrdma/ocrdma_hw.c |
803 |
+index 67fc0b6857e1..edfa22847724 100644 |
804 |
+--- a/drivers/infiniband/hw/ocrdma/ocrdma_hw.c |
805 |
++++ b/drivers/infiniband/hw/ocrdma/ocrdma_hw.c |
806 |
+@@ -2505,7 +2505,6 @@ static int ocrdma_set_av_params(struct ocrdma_qp *qp, |
807 |
+ u32 vlan_id = 0xFFFF; |
808 |
+ u8 mac_addr[6], hdr_type; |
809 |
+ union { |
810 |
+- struct sockaddr _sockaddr; |
811 |
+ struct sockaddr_in _sockaddr_in; |
812 |
+ struct sockaddr_in6 _sockaddr_in6; |
813 |
+ } sgid_addr, dgid_addr; |
814 |
+@@ -2550,8 +2549,8 @@ static int ocrdma_set_av_params(struct ocrdma_qp *qp, |
815 |
+ |
816 |
+ hdr_type = ib_gid_to_network_type(sgid_attr.gid_type, &sgid); |
817 |
+ if (hdr_type == RDMA_NETWORK_IPV4) { |
818 |
+- rdma_gid2ip(&sgid_addr._sockaddr, &sgid); |
819 |
+- rdma_gid2ip(&dgid_addr._sockaddr, &ah_attr->grh.dgid); |
820 |
++ rdma_gid2ip((struct sockaddr *)&sgid_addr, &sgid); |
821 |
++ rdma_gid2ip((struct sockaddr *)&dgid_addr, &ah_attr->grh.dgid); |
822 |
+ memcpy(&cmd->params.dgid[0], |
823 |
+ &dgid_addr._sockaddr_in.sin_addr.s_addr, 4); |
824 |
+ memcpy(&cmd->params.sgid[0], |
825 |
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |
826 |
+index 6167bb0c71ed..53a71166e784 100644 |
827 |
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |
828 |
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c |
829 |
+@@ -1939,7 +1939,7 @@ u16 bnx2x_select_queue(struct net_device *dev, struct sk_buff *skb, |
830 |
+ } |
831 |
+ |
832 |
+ /* select a non-FCoE queue */ |
833 |
+- return fallback(dev, skb) % (BNX2X_NUM_ETH_QUEUES(bp) * bp->max_cos); |
834 |
++ return fallback(dev, skb) % (BNX2X_NUM_ETH_QUEUES(bp)); |
835 |
+ } |
836 |
+ |
837 |
+ void bnx2x_set_num_queues(struct bnx2x *bp) |
838 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/dev.c b/drivers/net/ethernet/mellanox/mlx5/core/dev.c |
839 |
+index 524fff2b3dc6..2e6d6dfdcc80 100644 |
840 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/dev.c |
841 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/dev.c |
842 |
+@@ -207,7 +207,7 @@ void mlx5_unregister_device(struct mlx5_core_dev *dev) |
843 |
+ struct mlx5_interface *intf; |
844 |
+ |
845 |
+ mutex_lock(&mlx5_intf_mutex); |
846 |
+- list_for_each_entry(intf, &intf_list, list) |
847 |
++ list_for_each_entry_reverse(intf, &intf_list, list) |
848 |
+ mlx5_remove_device(intf, priv); |
849 |
+ list_del(&priv->dev_list); |
850 |
+ mutex_unlock(&mlx5_intf_mutex); |
851 |
+diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c |
852 |
+index 8c93ed5c9763..fa8f7c40a384 100644 |
853 |
+--- a/drivers/net/ppp/pppoe.c |
854 |
++++ b/drivers/net/ppp/pppoe.c |
855 |
+@@ -1134,6 +1134,9 @@ static const struct proto_ops pppoe_ops = { |
856 |
+ .recvmsg = pppoe_recvmsg, |
857 |
+ .mmap = sock_no_mmap, |
858 |
+ .ioctl = pppox_ioctl, |
859 |
++#ifdef CONFIG_COMPAT |
860 |
++ .compat_ioctl = pppox_compat_ioctl, |
861 |
++#endif |
862 |
+ }; |
863 |
+ |
864 |
+ static const struct pppox_proto pppoe_proto = { |
865 |
+diff --git a/drivers/net/ppp/pppox.c b/drivers/net/ppp/pppox.c |
866 |
+index b9c8be6283d3..50856f9fe08a 100644 |
867 |
+--- a/drivers/net/ppp/pppox.c |
868 |
++++ b/drivers/net/ppp/pppox.c |
869 |
+@@ -22,6 +22,7 @@ |
870 |
+ #include <linux/string.h> |
871 |
+ #include <linux/module.h> |
872 |
+ #include <linux/kernel.h> |
873 |
++#include <linux/compat.h> |
874 |
+ #include <linux/errno.h> |
875 |
+ #include <linux/netdevice.h> |
876 |
+ #include <linux/net.h> |
877 |
+@@ -103,6 +104,18 @@ int pppox_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
878 |
+ |
879 |
+ EXPORT_SYMBOL(pppox_ioctl); |
880 |
+ |
881 |
++#ifdef CONFIG_COMPAT |
882 |
++int pppox_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) |
883 |
++{ |
884 |
++ if (cmd == PPPOEIOCSFWD32) |
885 |
++ cmd = PPPOEIOCSFWD; |
886 |
++ |
887 |
++ return pppox_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); |
888 |
++} |
889 |
++ |
890 |
++EXPORT_SYMBOL(pppox_compat_ioctl); |
891 |
++#endif |
892 |
++ |
893 |
+ static int pppox_create(struct net *net, struct socket *sock, int protocol, |
894 |
+ int kern) |
895 |
+ { |
896 |
+diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c |
897 |
+index 5a8befdfa5e4..fa14a67fb09a 100644 |
898 |
+--- a/drivers/net/ppp/pptp.c |
899 |
++++ b/drivers/net/ppp/pptp.c |
900 |
+@@ -638,6 +638,9 @@ static const struct proto_ops pptp_ops = { |
901 |
+ .recvmsg = sock_no_recvmsg, |
902 |
+ .mmap = sock_no_mmap, |
903 |
+ .ioctl = pppox_ioctl, |
904 |
++#ifdef CONFIG_COMPAT |
905 |
++ .compat_ioctl = pppox_compat_ioctl, |
906 |
++#endif |
907 |
+ }; |
908 |
+ |
909 |
+ static const struct pppox_proto pppox_pptp_proto = { |
910 |
+diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c |
911 |
+index cc3994d4e7bc..3c2f34db937b 100644 |
912 |
+--- a/drivers/scsi/fcoe/fcoe_ctlr.c |
913 |
++++ b/drivers/scsi/fcoe/fcoe_ctlr.c |
914 |
+@@ -1984,7 +1984,7 @@ EXPORT_SYMBOL_GPL(fcoe_wwn_from_mac); |
915 |
+ */ |
916 |
+ static inline struct fcoe_rport *fcoe_ctlr_rport(struct fc_rport_priv *rdata) |
917 |
+ { |
918 |
+- return (struct fcoe_rport *)(rdata + 1); |
919 |
++ return container_of(rdata, struct fcoe_rport, rdata); |
920 |
+ } |
921 |
+ |
922 |
+ /** |
923 |
+@@ -2244,7 +2244,7 @@ static void fcoe_ctlr_vn_start(struct fcoe_ctlr *fip) |
924 |
+ */ |
925 |
+ static int fcoe_ctlr_vn_parse(struct fcoe_ctlr *fip, |
926 |
+ struct sk_buff *skb, |
927 |
+- struct fc_rport_priv *rdata) |
928 |
++ struct fcoe_rport *frport) |
929 |
+ { |
930 |
+ struct fip_header *fiph; |
931 |
+ struct fip_desc *desc = NULL; |
932 |
+@@ -2252,16 +2252,12 @@ static int fcoe_ctlr_vn_parse(struct fcoe_ctlr *fip, |
933 |
+ struct fip_wwn_desc *wwn = NULL; |
934 |
+ struct fip_vn_desc *vn = NULL; |
935 |
+ struct fip_size_desc *size = NULL; |
936 |
+- struct fcoe_rport *frport; |
937 |
+ size_t rlen; |
938 |
+ size_t dlen; |
939 |
+ u32 desc_mask = 0; |
940 |
+ u32 dtype; |
941 |
+ u8 sub; |
942 |
+ |
943 |
+- memset(rdata, 0, sizeof(*rdata) + sizeof(*frport)); |
944 |
+- frport = fcoe_ctlr_rport(rdata); |
945 |
+- |
946 |
+ fiph = (struct fip_header *)skb->data; |
947 |
+ frport->flags = ntohs(fiph->fip_flags); |
948 |
+ |
949 |
+@@ -2324,15 +2320,17 @@ static int fcoe_ctlr_vn_parse(struct fcoe_ctlr *fip, |
950 |
+ if (dlen != sizeof(struct fip_wwn_desc)) |
951 |
+ goto len_err; |
952 |
+ wwn = (struct fip_wwn_desc *)desc; |
953 |
+- rdata->ids.node_name = get_unaligned_be64(&wwn->fd_wwn); |
954 |
++ frport->rdata.ids.node_name = |
955 |
++ get_unaligned_be64(&wwn->fd_wwn); |
956 |
+ break; |
957 |
+ case FIP_DT_VN_ID: |
958 |
+ if (dlen != sizeof(struct fip_vn_desc)) |
959 |
+ goto len_err; |
960 |
+ vn = (struct fip_vn_desc *)desc; |
961 |
+ memcpy(frport->vn_mac, vn->fd_mac, ETH_ALEN); |
962 |
+- rdata->ids.port_id = ntoh24(vn->fd_fc_id); |
963 |
+- rdata->ids.port_name = get_unaligned_be64(&vn->fd_wwpn); |
964 |
++ frport->rdata.ids.port_id = ntoh24(vn->fd_fc_id); |
965 |
++ frport->rdata.ids.port_name = |
966 |
++ get_unaligned_be64(&vn->fd_wwpn); |
967 |
+ break; |
968 |
+ case FIP_DT_FC4F: |
969 |
+ if (dlen != sizeof(struct fip_fc4_feat)) |
970 |
+@@ -2670,16 +2668,13 @@ static int fcoe_ctlr_vn_recv(struct fcoe_ctlr *fip, struct sk_buff *skb) |
971 |
+ { |
972 |
+ struct fip_header *fiph; |
973 |
+ enum fip_vn2vn_subcode sub; |
974 |
+- struct { |
975 |
+- struct fc_rport_priv rdata; |
976 |
+- struct fcoe_rport frport; |
977 |
+- } buf; |
978 |
++ struct fcoe_rport frport = { }; |
979 |
+ int rc; |
980 |
+ |
981 |
+ fiph = (struct fip_header *)skb->data; |
982 |
+ sub = fiph->fip_subcode; |
983 |
+ |
984 |
+- rc = fcoe_ctlr_vn_parse(fip, skb, &buf.rdata); |
985 |
++ rc = fcoe_ctlr_vn_parse(fip, skb, &frport); |
986 |
+ if (rc) { |
987 |
+ LIBFCOE_FIP_DBG(fip, "vn_recv vn_parse error %d\n", rc); |
988 |
+ goto drop; |
989 |
+@@ -2688,19 +2683,19 @@ static int fcoe_ctlr_vn_recv(struct fcoe_ctlr *fip, struct sk_buff *skb) |
990 |
+ mutex_lock(&fip->ctlr_mutex); |
991 |
+ switch (sub) { |
992 |
+ case FIP_SC_VN_PROBE_REQ: |
993 |
+- fcoe_ctlr_vn_probe_req(fip, &buf.rdata); |
994 |
++ fcoe_ctlr_vn_probe_req(fip, &frport.rdata); |
995 |
+ break; |
996 |
+ case FIP_SC_VN_PROBE_REP: |
997 |
+- fcoe_ctlr_vn_probe_reply(fip, &buf.rdata); |
998 |
++ fcoe_ctlr_vn_probe_reply(fip, &frport.rdata); |
999 |
+ break; |
1000 |
+ case FIP_SC_VN_CLAIM_NOTIFY: |
1001 |
+- fcoe_ctlr_vn_claim_notify(fip, &buf.rdata); |
1002 |
++ fcoe_ctlr_vn_claim_notify(fip, &frport.rdata); |
1003 |
+ break; |
1004 |
+ case FIP_SC_VN_CLAIM_REP: |
1005 |
+- fcoe_ctlr_vn_claim_resp(fip, &buf.rdata); |
1006 |
++ fcoe_ctlr_vn_claim_resp(fip, &frport.rdata); |
1007 |
+ break; |
1008 |
+ case FIP_SC_VN_BEACON: |
1009 |
+- fcoe_ctlr_vn_beacon(fip, &buf.rdata); |
1010 |
++ fcoe_ctlr_vn_beacon(fip, &frport.rdata); |
1011 |
+ break; |
1012 |
+ default: |
1013 |
+ LIBFCOE_FIP_DBG(fip, "vn_recv unknown subcode %d\n", sub); |
1014 |
+@@ -2724,22 +2719,18 @@ drop: |
1015 |
+ */ |
1016 |
+ static int fcoe_ctlr_vlan_parse(struct fcoe_ctlr *fip, |
1017 |
+ struct sk_buff *skb, |
1018 |
+- struct fc_rport_priv *rdata) |
1019 |
++ struct fcoe_rport *frport) |
1020 |
+ { |
1021 |
+ struct fip_header *fiph; |
1022 |
+ struct fip_desc *desc = NULL; |
1023 |
+ struct fip_mac_desc *macd = NULL; |
1024 |
+ struct fip_wwn_desc *wwn = NULL; |
1025 |
+- struct fcoe_rport *frport; |
1026 |
+ size_t rlen; |
1027 |
+ size_t dlen; |
1028 |
+ u32 desc_mask = 0; |
1029 |
+ u32 dtype; |
1030 |
+ u8 sub; |
1031 |
+ |
1032 |
+- memset(rdata, 0, sizeof(*rdata) + sizeof(*frport)); |
1033 |
+- frport = fcoe_ctlr_rport(rdata); |
1034 |
+- |
1035 |
+ fiph = (struct fip_header *)skb->data; |
1036 |
+ frport->flags = ntohs(fiph->fip_flags); |
1037 |
+ |
1038 |
+@@ -2793,7 +2784,8 @@ static int fcoe_ctlr_vlan_parse(struct fcoe_ctlr *fip, |
1039 |
+ if (dlen != sizeof(struct fip_wwn_desc)) |
1040 |
+ goto len_err; |
1041 |
+ wwn = (struct fip_wwn_desc *)desc; |
1042 |
+- rdata->ids.node_name = get_unaligned_be64(&wwn->fd_wwn); |
1043 |
++ frport->rdata.ids.node_name = |
1044 |
++ get_unaligned_be64(&wwn->fd_wwn); |
1045 |
+ break; |
1046 |
+ default: |
1047 |
+ LIBFCOE_FIP_DBG(fip, "unexpected descriptor type %x " |
1048 |
+@@ -2904,22 +2896,19 @@ static int fcoe_ctlr_vlan_recv(struct fcoe_ctlr *fip, struct sk_buff *skb) |
1049 |
+ { |
1050 |
+ struct fip_header *fiph; |
1051 |
+ enum fip_vlan_subcode sub; |
1052 |
+- struct { |
1053 |
+- struct fc_rport_priv rdata; |
1054 |
+- struct fcoe_rport frport; |
1055 |
+- } buf; |
1056 |
++ struct fcoe_rport frport = { }; |
1057 |
+ int rc; |
1058 |
+ |
1059 |
+ fiph = (struct fip_header *)skb->data; |
1060 |
+ sub = fiph->fip_subcode; |
1061 |
+- rc = fcoe_ctlr_vlan_parse(fip, skb, &buf.rdata); |
1062 |
++ rc = fcoe_ctlr_vlan_parse(fip, skb, &frport); |
1063 |
+ if (rc) { |
1064 |
+ LIBFCOE_FIP_DBG(fip, "vlan_recv vlan_parse error %d\n", rc); |
1065 |
+ goto drop; |
1066 |
+ } |
1067 |
+ mutex_lock(&fip->ctlr_mutex); |
1068 |
+ if (sub == FIP_SC_VL_REQ) |
1069 |
+- fcoe_ctlr_vlan_disc_reply(fip, &buf.rdata); |
1070 |
++ fcoe_ctlr_vlan_disc_reply(fip, &frport.rdata); |
1071 |
+ mutex_unlock(&fip->ctlr_mutex); |
1072 |
+ |
1073 |
+ drop: |
1074 |
+diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c |
1075 |
+index 97aeaddd600d..70e2958a69a0 100644 |
1076 |
+--- a/drivers/scsi/libfc/fc_rport.c |
1077 |
++++ b/drivers/scsi/libfc/fc_rport.c |
1078 |
+@@ -127,12 +127,15 @@ static struct fc_rport_priv *fc_rport_create(struct fc_lport *lport, |
1079 |
+ u32 port_id) |
1080 |
+ { |
1081 |
+ struct fc_rport_priv *rdata; |
1082 |
++ size_t rport_priv_size = sizeof(*rdata); |
1083 |
+ |
1084 |
+ rdata = lport->tt.rport_lookup(lport, port_id); |
1085 |
+ if (rdata) |
1086 |
+ return rdata; |
1087 |
+ |
1088 |
+- rdata = kzalloc(sizeof(*rdata) + lport->rport_priv_size, GFP_KERNEL); |
1089 |
++ if (lport->rport_priv_size > 0) |
1090 |
++ rport_priv_size = lport->rport_priv_size; |
1091 |
++ rdata = kzalloc(rport_priv_size, GFP_KERNEL); |
1092 |
+ if (!rdata) |
1093 |
+ return NULL; |
1094 |
+ |
1095 |
+diff --git a/drivers/spi/spi-bcm2835.c b/drivers/spi/spi-bcm2835.c |
1096 |
+index 25abf2d1732a..eab27d41ba83 100644 |
1097 |
+--- a/drivers/spi/spi-bcm2835.c |
1098 |
++++ b/drivers/spi/spi-bcm2835.c |
1099 |
+@@ -554,7 +554,8 @@ static int bcm2835_spi_transfer_one(struct spi_master *master, |
1100 |
+ bcm2835_wr(bs, BCM2835_SPI_CLK, cdiv); |
1101 |
+ |
1102 |
+ /* handle all the 3-wire mode */ |
1103 |
+- if ((spi->mode & SPI_3WIRE) && (tfr->rx_buf)) |
1104 |
++ if (spi->mode & SPI_3WIRE && tfr->rx_buf && |
1105 |
++ tfr->rx_buf != master->dummy_rx) |
1106 |
+ cs |= BCM2835_SPI_CS_REN; |
1107 |
+ else |
1108 |
+ cs &= ~BCM2835_SPI_CS_REN; |
1109 |
+diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c |
1110 |
+index 93c8e4a4bbd3..4b7da4409c60 100644 |
1111 |
+--- a/fs/compat_ioctl.c |
1112 |
++++ b/fs/compat_ioctl.c |
1113 |
+@@ -1038,9 +1038,6 @@ COMPATIBLE_IOCTL(PPPIOCDISCONN) |
1114 |
+ COMPATIBLE_IOCTL(PPPIOCATTCHAN) |
1115 |
+ COMPATIBLE_IOCTL(PPPIOCGCHAN) |
1116 |
+ COMPATIBLE_IOCTL(PPPIOCGL2TPSTATS) |
1117 |
+-/* PPPOX */ |
1118 |
+-COMPATIBLE_IOCTL(PPPOEIOCSFWD) |
1119 |
+-COMPATIBLE_IOCTL(PPPOEIOCDFWD) |
1120 |
+ /* Big A */ |
1121 |
+ /* sparc only */ |
1122 |
+ /* Big Q for sound/OSS */ |
1123 |
+diff --git a/include/linux/ceph/ceph_debug.h b/include/linux/ceph/ceph_debug.h |
1124 |
+index aa2e19182d99..51c5bd64bd00 100644 |
1125 |
+--- a/include/linux/ceph/ceph_debug.h |
1126 |
++++ b/include/linux/ceph/ceph_debug.h |
1127 |
+@@ -3,6 +3,8 @@ |
1128 |
+ |
1129 |
+ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
1130 |
+ |
1131 |
++#include <linux/string.h> |
1132 |
++ |
1133 |
+ #ifdef CONFIG_CEPH_LIB_PRETTYDEBUG |
1134 |
+ |
1135 |
+ /* |
1136 |
+@@ -12,12 +14,10 @@ |
1137 |
+ */ |
1138 |
+ |
1139 |
+ # if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG) |
1140 |
+-extern const char *ceph_file_part(const char *s, int len); |
1141 |
+ # define dout(fmt, ...) \ |
1142 |
+ pr_debug("%.*s %12.12s:%-4d : " fmt, \ |
1143 |
+ 8 - (int)sizeof(KBUILD_MODNAME), " ", \ |
1144 |
+- ceph_file_part(__FILE__, sizeof(__FILE__)), \ |
1145 |
+- __LINE__, ##__VA_ARGS__) |
1146 |
++ kbasename(__FILE__), __LINE__, ##__VA_ARGS__) |
1147 |
+ # else |
1148 |
+ /* faux printk call just to see any compiler warnings. */ |
1149 |
+ # define dout(fmt, ...) do { \ |
1150 |
+diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h |
1151 |
+index ba7a9b0c7c57..24e9b360da65 100644 |
1152 |
+--- a/include/linux/if_pppox.h |
1153 |
++++ b/include/linux/if_pppox.h |
1154 |
+@@ -84,6 +84,9 @@ extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp); |
1155 |
+ extern void unregister_pppox_proto(int proto_num); |
1156 |
+ extern void pppox_unbind_sock(struct sock *sk);/* delete ppp-channel binding */ |
1157 |
+ extern int pppox_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); |
1158 |
++extern int pppox_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); |
1159 |
++ |
1160 |
++#define PPPOEIOCSFWD32 _IOW(0xB1 ,0, compat_size_t) |
1161 |
+ |
1162 |
+ /* PPPoX socket states */ |
1163 |
+ enum { |
1164 |
+diff --git a/include/net/tcp.h b/include/net/tcp.h |
1165 |
+index 1eda31f7f013..a474213ca015 100644 |
1166 |
+--- a/include/net/tcp.h |
1167 |
++++ b/include/net/tcp.h |
1168 |
+@@ -1595,6 +1595,23 @@ static inline void tcp_check_send_head(struct sock *sk, struct sk_buff *skb_unli |
1169 |
+ tcp_sk(sk)->highest_sack = NULL; |
1170 |
+ } |
1171 |
+ |
1172 |
++static inline struct sk_buff *tcp_rtx_queue_head(const struct sock *sk) |
1173 |
++{ |
1174 |
++ struct sk_buff *skb = tcp_write_queue_head(sk); |
1175 |
++ |
1176 |
++ if (skb == tcp_send_head(sk)) |
1177 |
++ skb = NULL; |
1178 |
++ |
1179 |
++ return skb; |
1180 |
++} |
1181 |
++ |
1182 |
++static inline struct sk_buff *tcp_rtx_queue_tail(const struct sock *sk) |
1183 |
++{ |
1184 |
++ struct sk_buff *skb = tcp_send_head(sk); |
1185 |
++ |
1186 |
++ return skb ? tcp_write_queue_prev(sk, skb) : tcp_write_queue_tail(sk); |
1187 |
++} |
1188 |
++ |
1189 |
+ static inline void __tcp_add_write_queue_tail(struct sock *sk, struct sk_buff *skb) |
1190 |
+ { |
1191 |
+ __skb_queue_tail(&sk->sk_write_queue, skb); |
1192 |
+diff --git a/include/scsi/libfcoe.h b/include/scsi/libfcoe.h |
1193 |
+index 722d3264d3bf..6be92eede5c0 100644 |
1194 |
+--- a/include/scsi/libfcoe.h |
1195 |
++++ b/include/scsi/libfcoe.h |
1196 |
+@@ -241,6 +241,7 @@ struct fcoe_fcf { |
1197 |
+ * @vn_mac: VN_Node assigned MAC address for data |
1198 |
+ */ |
1199 |
+ struct fcoe_rport { |
1200 |
++ struct fc_rport_priv rdata; |
1201 |
+ unsigned long time; |
1202 |
+ u16 fcoe_len; |
1203 |
+ u16 flags; |
1204 |
+diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c |
1205 |
+index 3626174456b7..80c81c7e3cf9 100644 |
1206 |
+--- a/net/bridge/br_multicast.c |
1207 |
++++ b/net/bridge/br_multicast.c |
1208 |
+@@ -1489,6 +1489,9 @@ br_multicast_leave_group(struct net_bridge *br, |
1209 |
+ if (p->port != port) |
1210 |
+ continue; |
1211 |
+ |
1212 |
++ if (p->flags & MDB_PG_FLAGS_PERMANENT) |
1213 |
++ break; |
1214 |
++ |
1215 |
+ rcu_assign_pointer(*pp, p->next); |
1216 |
+ hlist_del_init(&p->mglist); |
1217 |
+ del_timer(&p->timer); |
1218 |
+diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c |
1219 |
+index b6de4f457161..5172caac645c 100644 |
1220 |
+--- a/net/bridge/br_vlan.c |
1221 |
++++ b/net/bridge/br_vlan.c |
1222 |
+@@ -622,6 +622,11 @@ void br_vlan_flush(struct net_bridge *br) |
1223 |
+ |
1224 |
+ ASSERT_RTNL(); |
1225 |
+ |
1226 |
++ /* delete auto-added default pvid local fdb before flushing vlans |
1227 |
++ * otherwise it will be leaked on bridge device init failure |
1228 |
++ */ |
1229 |
++ br_fdb_delete_by_port(br, NULL, 0, 1); |
1230 |
++ |
1231 |
+ vg = br_vlan_group(br); |
1232 |
+ __vlan_flush(vg); |
1233 |
+ RCU_INIT_POINTER(br->vlgrp, NULL); |
1234 |
+diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c |
1235 |
+index bf0294cf4d22..18c4b34bd6e0 100644 |
1236 |
+--- a/net/ceph/ceph_common.c |
1237 |
++++ b/net/ceph/ceph_common.c |
1238 |
+@@ -45,19 +45,6 @@ bool libceph_compatible(void *data) |
1239 |
+ } |
1240 |
+ EXPORT_SYMBOL(libceph_compatible); |
1241 |
+ |
1242 |
+-/* |
1243 |
+- * find filename portion of a path (/foo/bar/baz -> baz) |
1244 |
+- */ |
1245 |
+-const char *ceph_file_part(const char *s, int len) |
1246 |
+-{ |
1247 |
+- const char *e = s + len; |
1248 |
+- |
1249 |
+- while (e != s && *(e-1) != '/') |
1250 |
+- e--; |
1251 |
+- return e; |
1252 |
+-} |
1253 |
+-EXPORT_SYMBOL(ceph_file_part); |
1254 |
+- |
1255 |
+ const char *ceph_msg_type_name(int type) |
1256 |
+ { |
1257 |
+ switch (type) { |
1258 |
+diff --git a/net/core/dev.c b/net/core/dev.c |
1259 |
+index f693afe608d7..08bcbce16e12 100644 |
1260 |
+--- a/net/core/dev.c |
1261 |
++++ b/net/core/dev.c |
1262 |
+@@ -8296,6 +8296,8 @@ static void __net_exit default_device_exit(struct net *net) |
1263 |
+ |
1264 |
+ /* Push remaining network devices to init_net */ |
1265 |
+ snprintf(fb_name, IFNAMSIZ, "dev%d", dev->ifindex); |
1266 |
++ if (__dev_get_by_name(&init_net, fb_name)) |
1267 |
++ snprintf(fb_name, IFNAMSIZ, "dev%%d"); |
1268 |
+ err = dev_change_net_namespace(dev, &init_net, fb_name); |
1269 |
+ if (err) { |
1270 |
+ pr_emerg("%s: failed to move %s to init_net: %d\n", |
1271 |
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
1272 |
+index 0c195b0f4216..9ddb05b98312 100644 |
1273 |
+--- a/net/ipv4/tcp_output.c |
1274 |
++++ b/net/ipv4/tcp_output.c |
1275 |
+@@ -1175,6 +1175,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, |
1276 |
+ struct tcp_sock *tp = tcp_sk(sk); |
1277 |
+ struct sk_buff *buff; |
1278 |
+ int nsize, old_factor; |
1279 |
++ long limit; |
1280 |
+ int nlen; |
1281 |
+ u8 flags; |
1282 |
+ |
1283 |
+@@ -1185,7 +1186,15 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, |
1284 |
+ if (nsize < 0) |
1285 |
+ nsize = 0; |
1286 |
+ |
1287 |
+- if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf + 0x20000)) { |
1288 |
++ /* tcp_sendmsg() can overshoot sk_wmem_queued by one full size skb. |
1289 |
++ * We need some allowance to not penalize applications setting small |
1290 |
++ * SO_SNDBUF values. |
1291 |
++ * Also allow first and last skb in retransmit queue to be split. |
1292 |
++ */ |
1293 |
++ limit = sk->sk_sndbuf + 2 * SKB_TRUESIZE(GSO_MAX_SIZE); |
1294 |
++ if (unlikely((sk->sk_wmem_queued >> 1) > limit && |
1295 |
++ skb != tcp_rtx_queue_head(sk) && |
1296 |
++ skb != tcp_rtx_queue_tail(sk))) { |
1297 |
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG); |
1298 |
+ return -ENOMEM; |
1299 |
+ } |
1300 |
+diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
1301 |
+index 42f363661d25..cc28b8646986 100644 |
1302 |
+--- a/net/ipv6/ip6_tunnel.c |
1303 |
++++ b/net/ipv6/ip6_tunnel.c |
1304 |
+@@ -1275,11 +1275,11 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) |
1305 |
+ fl6.flowi6_mark = skb->mark; |
1306 |
+ } |
1307 |
+ |
1308 |
++ dsfield = INET_ECN_encapsulate(dsfield, ipv4_get_dsfield(iph)); |
1309 |
++ |
1310 |
+ if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) |
1311 |
+ return -1; |
1312 |
+ |
1313 |
+- dsfield = INET_ECN_encapsulate(dsfield, ipv4_get_dsfield(iph)); |
1314 |
+- |
1315 |
+ skb_set_inner_ipproto(skb, IPPROTO_IPIP); |
1316 |
+ |
1317 |
+ err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu, |
1318 |
+@@ -1362,11 +1362,11 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) |
1319 |
+ fl6.flowi6_mark = skb->mark; |
1320 |
+ } |
1321 |
+ |
1322 |
++ dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h)); |
1323 |
++ |
1324 |
+ if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) |
1325 |
+ return -1; |
1326 |
+ |
1327 |
+- dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h)); |
1328 |
+- |
1329 |
+ skb_set_inner_ipproto(skb, IPPROTO_IPV6); |
1330 |
+ |
1331 |
+ err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu, |
1332 |
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c |
1333 |
+index 9b214f313cc0..16b63e60396f 100644 |
1334 |
+--- a/net/l2tp/l2tp_ppp.c |
1335 |
++++ b/net/l2tp/l2tp_ppp.c |
1336 |
+@@ -1790,6 +1790,9 @@ static const struct proto_ops pppol2tp_ops = { |
1337 |
+ .recvmsg = pppol2tp_recvmsg, |
1338 |
+ .mmap = sock_no_mmap, |
1339 |
+ .ioctl = pppox_ioctl, |
1340 |
++#ifdef CONFIG_COMPAT |
1341 |
++ .compat_ioctl = pppox_compat_ioctl, |
1342 |
++#endif |
1343 |
+ }; |
1344 |
+ |
1345 |
+ static const struct pppox_proto pppol2tp_proto = { |
1346 |
+diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c |
1347 |
+index d2932dc4c83d..36e4dcdac8dc 100644 |
1348 |
+--- a/net/sched/act_ife.c |
1349 |
++++ b/net/sched/act_ife.c |
1350 |
+@@ -477,6 +477,9 @@ static int tcf_ife_init(struct net *net, struct nlattr *nla, |
1351 |
+ int ret = 0; |
1352 |
+ int err; |
1353 |
+ |
1354 |
++ if (!nla) |
1355 |
++ return -EINVAL; |
1356 |
++ |
1357 |
+ err = nla_parse_nested(tb, TCA_IFE_MAX, nla, ife_policy); |
1358 |
+ if (err < 0) |
1359 |
+ return err; |
1360 |
+diff --git a/net/sched/sch_codel.c b/net/sched/sch_codel.c |
1361 |
+index 5bfa79ee657c..17a0838f8074 100644 |
1362 |
+--- a/net/sched/sch_codel.c |
1363 |
++++ b/net/sched/sch_codel.c |
1364 |
+@@ -71,10 +71,10 @@ static struct sk_buff *dequeue_func(struct codel_vars *vars, void *ctx) |
1365 |
+ struct Qdisc *sch = ctx; |
1366 |
+ struct sk_buff *skb = __qdisc_dequeue_head(&sch->q); |
1367 |
+ |
1368 |
+- if (skb) |
1369 |
++ if (skb) { |
1370 |
+ sch->qstats.backlog -= qdisc_pkt_len(skb); |
1371 |
+- |
1372 |
+- prefetch(&skb->end); /* we'll need skb_shinfo() */ |
1373 |
++ prefetch(&skb->end); /* we'll need skb_shinfo() */ |
1374 |
++ } |
1375 |
+ return skb; |
1376 |
+ } |
1377 |
+ |
1378 |
+diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c |
1379 |
+index b7c539a51da3..63a913b23873 100644 |
1380 |
+--- a/net/tipc/netlink_compat.c |
1381 |
++++ b/net/tipc/netlink_compat.c |
1382 |
+@@ -55,6 +55,7 @@ struct tipc_nl_compat_msg { |
1383 |
+ int rep_type; |
1384 |
+ int rep_size; |
1385 |
+ int req_type; |
1386 |
++ int req_size; |
1387 |
+ struct net *net; |
1388 |
+ struct sk_buff *rep; |
1389 |
+ struct tlv_desc *req; |
1390 |
+@@ -252,7 +253,8 @@ static int tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, |
1391 |
+ int err; |
1392 |
+ struct sk_buff *arg; |
1393 |
+ |
1394 |
+- if (msg->req_type && !TLV_CHECK_TYPE(msg->req, msg->req_type)) |
1395 |
++ if (msg->req_type && (!msg->req_size || |
1396 |
++ !TLV_CHECK_TYPE(msg->req, msg->req_type))) |
1397 |
+ return -EINVAL; |
1398 |
+ |
1399 |
+ msg->rep = tipc_tlv_alloc(msg->rep_size); |
1400 |
+@@ -345,7 +347,8 @@ static int tipc_nl_compat_doit(struct tipc_nl_compat_cmd_doit *cmd, |
1401 |
+ { |
1402 |
+ int err; |
1403 |
+ |
1404 |
+- if (msg->req_type && !TLV_CHECK_TYPE(msg->req, msg->req_type)) |
1405 |
++ if (msg->req_type && (!msg->req_size || |
1406 |
++ !TLV_CHECK_TYPE(msg->req, msg->req_type))) |
1407 |
+ return -EINVAL; |
1408 |
+ |
1409 |
+ err = __tipc_nl_compat_doit(cmd, msg); |
1410 |
+@@ -1267,8 +1270,8 @@ static int tipc_nl_compat_recv(struct sk_buff *skb, struct genl_info *info) |
1411 |
+ goto send; |
1412 |
+ } |
1413 |
+ |
1414 |
+- len = nlmsg_attrlen(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN); |
1415 |
+- if (!len || !TLV_OK(msg.req, len)) { |
1416 |
++ msg.req_size = nlmsg_attrlen(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN); |
1417 |
++ if (msg.req_size && !TLV_OK(msg.req, msg.req_size)) { |
1418 |
+ msg.rep = tipc_get_err_tlv(TIPC_CFG_NOT_SUPPORTED); |
1419 |
+ err = -EOPNOTSUPP; |
1420 |
+ goto send; |
1421 |
+diff --git a/tools/objtool/check.c b/tools/objtool/check.c |
1422 |
+index 95326c6a7a24..09782ff427d0 100644 |
1423 |
+--- a/tools/objtool/check.c |
1424 |
++++ b/tools/objtool/check.c |
1425 |
+@@ -165,6 +165,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func, |
1426 |
+ "__reiserfs_panic", |
1427 |
+ "lbug_with_loc", |
1428 |
+ "fortify_panic", |
1429 |
++ "machine_real_restart", |
1430 |
++ "rewind_stack_do_exit", |
1431 |
+ }; |
1432 |
+ |
1433 |
+ if (func->bind == STB_WEAK) |