1 |
commit: bd6577cda5271fe9e525c3408f74d51aa6be8454 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 5 14:57:43 2020 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 5 14:57:43 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bd6577cd |
7 |
|
8 |
Linux patch 4.14.192 |
9 |
|
10 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1191_linux-4.14.192.patch | 1244 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1248 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index a0f0dc8..c4718ce 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -807,6 +807,10 @@ Patch: 1190_linux-4.14.191.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.14.191 |
23 |
|
24 |
+Patch: 1191_linux-4.14.192.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.14.192 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1191_linux-4.14.192.patch b/1191_linux-4.14.192.patch |
33 |
new file mode 100644 |
34 |
index 0000000..87bec01 |
35 |
--- /dev/null |
36 |
+++ b/1191_linux-4.14.192.patch |
37 |
@@ -0,0 +1,1244 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index e31c1ce12895..60570fad811e 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 14 |
46 |
+-SUBLEVEL = 191 |
47 |
++SUBLEVEL = 192 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Petit Gorille |
50 |
+ |
51 |
+diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c |
52 |
+index af2a7f1e3103..a30f656f791f 100644 |
53 |
+--- a/arch/arm/kernel/hw_breakpoint.c |
54 |
++++ b/arch/arm/kernel/hw_breakpoint.c |
55 |
+@@ -688,6 +688,12 @@ static void disable_single_step(struct perf_event *bp) |
56 |
+ arch_install_hw_breakpoint(bp); |
57 |
+ } |
58 |
+ |
59 |
++static int watchpoint_fault_on_uaccess(struct pt_regs *regs, |
60 |
++ struct arch_hw_breakpoint *info) |
61 |
++{ |
62 |
++ return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER; |
63 |
++} |
64 |
++ |
65 |
+ static void watchpoint_handler(unsigned long addr, unsigned int fsr, |
66 |
+ struct pt_regs *regs) |
67 |
+ { |
68 |
+@@ -747,16 +753,27 @@ static void watchpoint_handler(unsigned long addr, unsigned int fsr, |
69 |
+ } |
70 |
+ |
71 |
+ pr_debug("watchpoint fired: address = 0x%x\n", info->trigger); |
72 |
++ |
73 |
++ /* |
74 |
++ * If we triggered a user watchpoint from a uaccess routine, |
75 |
++ * then handle the stepping ourselves since userspace really |
76 |
++ * can't help us with this. |
77 |
++ */ |
78 |
++ if (watchpoint_fault_on_uaccess(regs, info)) |
79 |
++ goto step; |
80 |
++ |
81 |
+ perf_bp_event(wp, regs); |
82 |
+ |
83 |
+ /* |
84 |
+- * If no overflow handler is present, insert a temporary |
85 |
+- * mismatch breakpoint so we can single-step over the |
86 |
+- * watchpoint trigger. |
87 |
++ * Defer stepping to the overflow handler if one is installed. |
88 |
++ * Otherwise, insert a temporary mismatch breakpoint so that |
89 |
++ * we can single-step over the watchpoint trigger. |
90 |
+ */ |
91 |
+- if (is_default_overflow_handler(wp)) |
92 |
+- enable_single_step(wp, instruction_pointer(regs)); |
93 |
++ if (!is_default_overflow_handler(wp)) |
94 |
++ goto unlock; |
95 |
+ |
96 |
++step: |
97 |
++ enable_single_step(wp, instruction_pointer(regs)); |
98 |
+ unlock: |
99 |
+ rcu_read_unlock(); |
100 |
+ } |
101 |
+diff --git a/arch/arm64/include/asm/alternative.h b/arch/arm64/include/asm/alternative.h |
102 |
+index 1824768fb1ee..3abb2dacb43f 100644 |
103 |
+--- a/arch/arm64/include/asm/alternative.h |
104 |
++++ b/arch/arm64/include/asm/alternative.h |
105 |
+@@ -72,9 +72,9 @@ void apply_alternatives(void *start, size_t length); |
106 |
+ "663:\n\t" \ |
107 |
+ newinstr "\n" \ |
108 |
+ "664:\n\t" \ |
109 |
+- ".previous\n\t" \ |
110 |
+ ".org . - (664b-663b) + (662b-661b)\n\t" \ |
111 |
+- ".org . - (662b-661b) + (664b-663b)\n" \ |
112 |
++ ".org . - (662b-661b) + (664b-663b)\n\t" \ |
113 |
++ ".previous\n" \ |
114 |
+ ".endif\n" |
115 |
+ |
116 |
+ #define __ALTERNATIVE_CFG_CB(oldinstr, feature, cfg_enabled, cb) \ |
117 |
+diff --git a/arch/arm64/include/asm/checksum.h b/arch/arm64/include/asm/checksum.h |
118 |
+index 0b6f5a7d4027..fd11e0d70e44 100644 |
119 |
+--- a/arch/arm64/include/asm/checksum.h |
120 |
++++ b/arch/arm64/include/asm/checksum.h |
121 |
+@@ -30,16 +30,17 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl) |
122 |
+ { |
123 |
+ __uint128_t tmp; |
124 |
+ u64 sum; |
125 |
++ int n = ihl; /* we want it signed */ |
126 |
+ |
127 |
+ tmp = *(const __uint128_t *)iph; |
128 |
+ iph += 16; |
129 |
+- ihl -= 4; |
130 |
++ n -= 4; |
131 |
+ tmp += ((tmp >> 64) | (tmp << 64)); |
132 |
+ sum = tmp >> 64; |
133 |
+ do { |
134 |
+ sum += *(const u32 *)iph; |
135 |
+ iph += 4; |
136 |
+- } while (--ihl); |
137 |
++ } while (--n > 0); |
138 |
+ |
139 |
+ sum += ((sum >> 32) | (sum << 32)); |
140 |
+ return csum_fold((__force u32)(sum >> 32)); |
141 |
+diff --git a/arch/parisc/include/asm/cmpxchg.h b/arch/parisc/include/asm/cmpxchg.h |
142 |
+index ab5c215cf46c..068958575871 100644 |
143 |
+--- a/arch/parisc/include/asm/cmpxchg.h |
144 |
++++ b/arch/parisc/include/asm/cmpxchg.h |
145 |
+@@ -60,6 +60,7 @@ extern void __cmpxchg_called_with_bad_pointer(void); |
146 |
+ extern unsigned long __cmpxchg_u32(volatile unsigned int *m, unsigned int old, |
147 |
+ unsigned int new_); |
148 |
+ extern u64 __cmpxchg_u64(volatile u64 *ptr, u64 old, u64 new_); |
149 |
++extern u8 __cmpxchg_u8(volatile u8 *ptr, u8 old, u8 new_); |
150 |
+ |
151 |
+ /* don't worry...optimizer will get rid of most of this */ |
152 |
+ static inline unsigned long |
153 |
+@@ -71,6 +72,7 @@ __cmpxchg(volatile void *ptr, unsigned long old, unsigned long new_, int size) |
154 |
+ #endif |
155 |
+ case 4: return __cmpxchg_u32((unsigned int *)ptr, |
156 |
+ (unsigned int)old, (unsigned int)new_); |
157 |
++ case 1: return __cmpxchg_u8((u8 *)ptr, (u8)old, (u8)new_); |
158 |
+ } |
159 |
+ __cmpxchg_called_with_bad_pointer(); |
160 |
+ return old; |
161 |
+diff --git a/arch/parisc/lib/bitops.c b/arch/parisc/lib/bitops.c |
162 |
+index 70ffbcf889b8..2e4d1f05a926 100644 |
163 |
+--- a/arch/parisc/lib/bitops.c |
164 |
++++ b/arch/parisc/lib/bitops.c |
165 |
+@@ -79,3 +79,15 @@ unsigned long __cmpxchg_u32(volatile unsigned int *ptr, unsigned int old, unsign |
166 |
+ _atomic_spin_unlock_irqrestore(ptr, flags); |
167 |
+ return (unsigned long)prev; |
168 |
+ } |
169 |
++ |
170 |
++u8 __cmpxchg_u8(volatile u8 *ptr, u8 old, u8 new) |
171 |
++{ |
172 |
++ unsigned long flags; |
173 |
++ u8 prev; |
174 |
++ |
175 |
++ _atomic_spin_lock_irqsave(ptr, flags); |
176 |
++ if ((prev = *ptr) == old) |
177 |
++ *ptr = new; |
178 |
++ _atomic_spin_unlock_irqrestore(ptr, flags); |
179 |
++ return prev; |
180 |
++} |
181 |
+diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S |
182 |
+index 28cc61216b64..ed5b758c650d 100644 |
183 |
+--- a/arch/sh/kernel/entry-common.S |
184 |
++++ b/arch/sh/kernel/entry-common.S |
185 |
+@@ -203,7 +203,7 @@ syscall_trace_entry: |
186 |
+ mov.l @(OFF_R7,r15), r7 ! arg3 |
187 |
+ mov.l @(OFF_R3,r15), r3 ! syscall_nr |
188 |
+ ! |
189 |
+- mov.l 2f, r10 ! Number of syscalls |
190 |
++ mov.l 6f, r10 ! Number of syscalls |
191 |
+ cmp/hs r10, r3 |
192 |
+ bf syscall_call |
193 |
+ mov #-ENOSYS, r0 |
194 |
+@@ -357,7 +357,7 @@ ENTRY(system_call) |
195 |
+ tst r9, r8 |
196 |
+ bf syscall_trace_entry |
197 |
+ ! |
198 |
+- mov.l 2f, r8 ! Number of syscalls |
199 |
++ mov.l 6f, r8 ! Number of syscalls |
200 |
+ cmp/hs r8, r3 |
201 |
+ bt syscall_badsys |
202 |
+ ! |
203 |
+@@ -396,7 +396,7 @@ syscall_exit: |
204 |
+ #if !defined(CONFIG_CPU_SH2) |
205 |
+ 1: .long TRA |
206 |
+ #endif |
207 |
+-2: .long NR_syscalls |
208 |
++6: .long NR_syscalls |
209 |
+ 3: .long sys_call_table |
210 |
+ 7: .long do_syscall_trace_enter |
211 |
+ 8: .long do_syscall_trace_leave |
212 |
+diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c |
213 |
+index 02abc134367f..f7833ae4e3f1 100644 |
214 |
+--- a/arch/x86/kernel/i8259.c |
215 |
++++ b/arch/x86/kernel/i8259.c |
216 |
+@@ -206,7 +206,7 @@ spurious_8259A_irq: |
217 |
+ * lets ACK and report it. [once per IRQ] |
218 |
+ */ |
219 |
+ if (!(spurious_irq_mask & irqmask)) { |
220 |
+- printk(KERN_DEBUG |
221 |
++ printk_deferred(KERN_DEBUG |
222 |
+ "spurious 8259A interrupt: IRQ%d.\n", irq); |
223 |
+ spurious_irq_mask |= irqmask; |
224 |
+ } |
225 |
+diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c |
226 |
+index a9a55e76a43f..a5e2ce931f69 100644 |
227 |
+--- a/arch/x86/kernel/unwind_orc.c |
228 |
++++ b/arch/x86/kernel/unwind_orc.c |
229 |
+@@ -346,8 +346,11 @@ bool unwind_next_frame(struct unwind_state *state) |
230 |
+ /* |
231 |
+ * Find the orc_entry associated with the text address. |
232 |
+ * |
233 |
+- * Decrement call return addresses by one so they work for sibling |
234 |
+- * calls and calls to noreturn functions. |
235 |
++ * For a call frame (as opposed to a signal frame), state->ip points to |
236 |
++ * the instruction after the call. That instruction's stack layout |
237 |
++ * could be different from the call instruction's layout, for example |
238 |
++ * if the call was to a noreturn function. So get the ORC data for the |
239 |
++ * call instruction itself. |
240 |
+ */ |
241 |
+ orc = orc_find(state->signal ? state->ip : state->ip - 1); |
242 |
+ if (!orc || orc->sp_reg == ORC_REG_UNDEFINED) |
243 |
+@@ -550,6 +553,7 @@ void __unwind_start(struct unwind_state *state, struct task_struct *task, |
244 |
+ state->sp = task->thread.sp; |
245 |
+ state->bp = READ_ONCE_NOCHECK(frame->bp); |
246 |
+ state->ip = READ_ONCE_NOCHECK(frame->ret_addr); |
247 |
++ state->signal = (void *)state->ip == ret_from_fork; |
248 |
+ } |
249 |
+ |
250 |
+ if (get_stack_info((unsigned long *)state->sp, state->task, |
251 |
+diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S |
252 |
+index 8d8e33b720b4..d3dc8bc6b3ad 100644 |
253 |
+--- a/arch/x86/kernel/vmlinux.lds.S |
254 |
++++ b/arch/x86/kernel/vmlinux.lds.S |
255 |
+@@ -352,7 +352,8 @@ SECTIONS |
256 |
+ .bss : AT(ADDR(.bss) - LOAD_OFFSET) { |
257 |
+ __bss_start = .; |
258 |
+ *(.bss..page_aligned) |
259 |
+- *(.bss) |
260 |
++ . = ALIGN(PAGE_SIZE); |
261 |
++ *(BSS_MAIN) |
262 |
+ . = ALIGN(PAGE_SIZE); |
263 |
+ __bss_stop = .; |
264 |
+ } |
265 |
+diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
266 |
+index 537c36b55b5d..d4fdf0e52144 100644 |
267 |
+--- a/arch/x86/kvm/lapic.c |
268 |
++++ b/arch/x86/kvm/lapic.c |
269 |
+@@ -1918,7 +1918,7 @@ void kvm_set_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu, u64 data) |
270 |
+ { |
271 |
+ struct kvm_lapic *apic = vcpu->arch.apic; |
272 |
+ |
273 |
+- if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) || |
274 |
++ if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) || |
275 |
+ apic_lvtt_period(apic)) |
276 |
+ return; |
277 |
+ |
278 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
279 |
+index 09f47c837c25..3aed03942d7d 100644 |
280 |
+--- a/arch/x86/kvm/x86.c |
281 |
++++ b/arch/x86/kvm/x86.c |
282 |
+@@ -3075,6 +3075,9 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) |
283 |
+ if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) |
284 |
+ return; |
285 |
+ |
286 |
++ if (vcpu->arch.st.steal.preempted) |
287 |
++ return; |
288 |
++ |
289 |
+ vcpu->arch.st.steal.preempted = 1; |
290 |
+ |
291 |
+ kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime, |
292 |
+diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c |
293 |
+index 330853a2702f..43b74cf0787e 100644 |
294 |
+--- a/drivers/crypto/ccp/ccp-ops.c |
295 |
++++ b/drivers/crypto/ccp/ccp-ops.c |
296 |
+@@ -1783,8 +1783,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) |
297 |
+ LSB_ITEM_SIZE); |
298 |
+ break; |
299 |
+ default: |
300 |
++ kfree(hmac_buf); |
301 |
+ ret = -EINVAL; |
302 |
+- goto e_ctx; |
303 |
++ goto e_data; |
304 |
+ } |
305 |
+ |
306 |
+ memset(&hmac_cmd, 0, sizeof(hmac_cmd)); |
307 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c |
308 |
+index c93e72d8ac5f..22d9ec80a2ff 100644 |
309 |
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c |
310 |
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c |
311 |
+@@ -527,8 +527,9 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file |
312 |
+ return n ? -EFAULT : 0; |
313 |
+ } |
314 |
+ case AMDGPU_INFO_DEV_INFO: { |
315 |
+- struct drm_amdgpu_info_device dev_info = {}; |
316 |
++ struct drm_amdgpu_info_device dev_info; |
317 |
+ |
318 |
++ memset(&dev_info, 0, sizeof(dev_info)); |
319 |
+ dev_info.device_id = dev->pdev->device; |
320 |
+ dev_info.chip_rev = adev->rev_id; |
321 |
+ dev_info.external_rev = adev->external_rev_id; |
322 |
+diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c |
323 |
+index d2c042af36b8..470a79eef254 100644 |
324 |
+--- a/drivers/gpu/drm/drm_gem.c |
325 |
++++ b/drivers/gpu/drm/drm_gem.c |
326 |
+@@ -730,9 +730,6 @@ err: |
327 |
+ * @file_priv: drm file-private structure |
328 |
+ * |
329 |
+ * Open an object using the global name, returning a handle and the size. |
330 |
+- * |
331 |
+- * This handle (of course) holds a reference to the object, so the object |
332 |
+- * will not go away until the handle is deleted. |
333 |
+ */ |
334 |
+ int |
335 |
+ drm_gem_open_ioctl(struct drm_device *dev, void *data, |
336 |
+@@ -757,14 +754,15 @@ drm_gem_open_ioctl(struct drm_device *dev, void *data, |
337 |
+ |
338 |
+ /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */ |
339 |
+ ret = drm_gem_handle_create_tail(file_priv, obj, &handle); |
340 |
+- drm_gem_object_put_unlocked(obj); |
341 |
+ if (ret) |
342 |
+- return ret; |
343 |
++ goto err; |
344 |
+ |
345 |
+ args->handle = handle; |
346 |
+ args->size = obj->size; |
347 |
+ |
348 |
+- return 0; |
349 |
++err: |
350 |
++ drm_gem_object_put_unlocked(obj); |
351 |
++ return ret; |
352 |
+ } |
353 |
+ |
354 |
+ /** |
355 |
+diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c |
356 |
+index d917cefc5a19..b13605718291 100644 |
357 |
+--- a/drivers/i2c/busses/i2c-cadence.c |
358 |
++++ b/drivers/i2c/busses/i2c-cadence.c |
359 |
+@@ -382,10 +382,8 @@ static void cdns_i2c_mrecv(struct cdns_i2c *id) |
360 |
+ * Check for the message size against FIFO depth and set the |
361 |
+ * 'hold bus' bit if it is greater than FIFO depth. |
362 |
+ */ |
363 |
+- if ((id->recv_count > CDNS_I2C_FIFO_DEPTH) || id->bus_hold_flag) |
364 |
++ if (id->recv_count > CDNS_I2C_FIFO_DEPTH) |
365 |
+ ctrl_reg |= CDNS_I2C_CR_HOLD; |
366 |
+- else |
367 |
+- ctrl_reg = ctrl_reg & ~CDNS_I2C_CR_HOLD; |
368 |
+ |
369 |
+ cdns_i2c_writereg(ctrl_reg, CDNS_I2C_CR_OFFSET); |
370 |
+ |
371 |
+@@ -442,11 +440,8 @@ static void cdns_i2c_msend(struct cdns_i2c *id) |
372 |
+ * Check for the message size against FIFO depth and set the |
373 |
+ * 'hold bus' bit if it is greater than FIFO depth. |
374 |
+ */ |
375 |
+- if ((id->send_count > CDNS_I2C_FIFO_DEPTH) || id->bus_hold_flag) |
376 |
++ if (id->send_count > CDNS_I2C_FIFO_DEPTH) |
377 |
+ ctrl_reg |= CDNS_I2C_CR_HOLD; |
378 |
+- else |
379 |
+- ctrl_reg = ctrl_reg & ~CDNS_I2C_CR_HOLD; |
380 |
+- |
381 |
+ cdns_i2c_writereg(ctrl_reg, CDNS_I2C_CR_OFFSET); |
382 |
+ |
383 |
+ /* Clear the interrupts in interrupt status register. */ |
384 |
+diff --git a/drivers/iio/imu/adis16400_buffer.c b/drivers/iio/imu/adis16400_buffer.c |
385 |
+index e70a5339acb1..3fc11aec98b9 100644 |
386 |
+--- a/drivers/iio/imu/adis16400_buffer.c |
387 |
++++ b/drivers/iio/imu/adis16400_buffer.c |
388 |
+@@ -38,8 +38,11 @@ int adis16400_update_scan_mode(struct iio_dev *indio_dev, |
389 |
+ return -ENOMEM; |
390 |
+ |
391 |
+ adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL); |
392 |
+- if (!adis->buffer) |
393 |
++ if (!adis->buffer) { |
394 |
++ kfree(adis->xfer); |
395 |
++ adis->xfer = NULL; |
396 |
+ return -ENOMEM; |
397 |
++ } |
398 |
+ |
399 |
+ tx = adis->buffer + burst_length; |
400 |
+ tx[0] = ADIS_READ_REG(ADIS16400_GLOB_CMD); |
401 |
+diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c |
402 |
+index 040323b0f945..f63a7e6f272c 100644 |
403 |
+--- a/drivers/media/pci/cx23885/cx23888-ir.c |
404 |
++++ b/drivers/media/pci/cx23885/cx23888-ir.c |
405 |
+@@ -1178,8 +1178,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev) |
406 |
+ return -ENOMEM; |
407 |
+ |
408 |
+ spin_lock_init(&state->rx_kfifo_lock); |
409 |
+- if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL)) |
410 |
++ if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, |
411 |
++ GFP_KERNEL)) { |
412 |
++ kfree(state); |
413 |
+ return -ENOMEM; |
414 |
++ } |
415 |
+ |
416 |
+ state->dev = dev; |
417 |
+ sd = &state->sd; |
418 |
+diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c |
419 |
+index 0a5c4c7da505..006f8b8aaa7d 100644 |
420 |
+--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c |
421 |
++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c |
422 |
+@@ -1812,6 +1812,7 @@ static inline int uld_send(struct adapter *adap, struct sk_buff *skb, |
423 |
+ txq_info = adap->sge.uld_txq_info[tx_uld_type]; |
424 |
+ if (unlikely(!txq_info)) { |
425 |
+ WARN_ON(true); |
426 |
++ kfree_skb(skb); |
427 |
+ return NET_XMIT_DROP; |
428 |
+ } |
429 |
+ |
430 |
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c |
431 |
+index 85c11dafb4cd..8b8a0c4fbc99 100644 |
432 |
+--- a/drivers/net/ethernet/ibm/ibmvnic.c |
433 |
++++ b/drivers/net/ethernet/ibm/ibmvnic.c |
434 |
+@@ -2324,7 +2324,7 @@ req_rx_irq_failed: |
435 |
+ req_tx_irq_failed: |
436 |
+ for (j = 0; j < i; j++) { |
437 |
+ free_irq(adapter->tx_scrq[j]->irq, adapter->tx_scrq[j]); |
438 |
+- irq_dispose_mapping(adapter->rx_scrq[j]->irq); |
439 |
++ irq_dispose_mapping(adapter->tx_scrq[j]->irq); |
440 |
+ } |
441 |
+ release_sub_crqs(adapter); |
442 |
+ return rc; |
443 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c |
444 |
+index cf9011bb6e0f..c6660b61e836 100644 |
445 |
+--- a/drivers/net/ethernet/mellanox/mlx4/main.c |
446 |
++++ b/drivers/net/ethernet/mellanox/mlx4/main.c |
447 |
+@@ -4190,12 +4190,14 @@ end: |
448 |
+ static void mlx4_shutdown(struct pci_dev *pdev) |
449 |
+ { |
450 |
+ struct mlx4_dev_persistent *persist = pci_get_drvdata(pdev); |
451 |
++ struct mlx4_dev *dev = persist->dev; |
452 |
+ |
453 |
+ mlx4_info(persist->dev, "mlx4_shutdown was called\n"); |
454 |
+ mutex_lock(&persist->interface_state_mutex); |
455 |
+ if (persist->interface_state & MLX4_INTERFACE_STATE_UP) |
456 |
+ mlx4_unload_one(pdev); |
457 |
+ mutex_unlock(&persist->interface_state_mutex); |
458 |
++ mlx4_pci_disable_device(dev); |
459 |
+ } |
460 |
+ |
461 |
+ static const struct pci_error_handlers mlx4_err_handler = { |
462 |
+diff --git a/drivers/net/ethernet/mellanox/mlxsw/core.c b/drivers/net/ethernet/mellanox/mlxsw/core.c |
463 |
+index 96f9f267d16d..dc12ab33afff 100644 |
464 |
+--- a/drivers/net/ethernet/mellanox/mlxsw/core.c |
465 |
++++ b/drivers/net/ethernet/mellanox/mlxsw/core.c |
466 |
+@@ -1361,7 +1361,7 @@ static int mlxsw_core_reg_access_emad(struct mlxsw_core *mlxsw_core, |
467 |
+ err = mlxsw_emad_reg_access(mlxsw_core, reg, payload, type, trans, |
468 |
+ bulk_list, cb, cb_priv, tid); |
469 |
+ if (err) { |
470 |
+- kfree(trans); |
471 |
++ kfree_rcu(trans, rcu); |
472 |
+ return err; |
473 |
+ } |
474 |
+ return 0; |
475 |
+@@ -1574,11 +1574,13 @@ void mlxsw_core_skb_receive(struct mlxsw_core *mlxsw_core, struct sk_buff *skb, |
476 |
+ break; |
477 |
+ } |
478 |
+ } |
479 |
+- rcu_read_unlock(); |
480 |
+- if (!found) |
481 |
++ if (!found) { |
482 |
++ rcu_read_unlock(); |
483 |
+ goto drop; |
484 |
++ } |
485 |
+ |
486 |
+ rxl->func(skb, local_port, rxl_item->priv); |
487 |
++ rcu_read_unlock(); |
488 |
+ return; |
489 |
+ |
490 |
+ drop: |
491 |
+diff --git a/drivers/net/ethernet/qlogic/qed/qed_int.c b/drivers/net/ethernet/qlogic/qed/qed_int.c |
492 |
+index c5d9f290ec4c..f8d1d02a3cd4 100644 |
493 |
+--- a/drivers/net/ethernet/qlogic/qed/qed_int.c |
494 |
++++ b/drivers/net/ethernet/qlogic/qed/qed_int.c |
495 |
+@@ -1015,7 +1015,8 @@ static int qed_int_attentions(struct qed_hwfn *p_hwfn) |
496 |
+ index, attn_bits, attn_acks, asserted_bits, |
497 |
+ deasserted_bits, p_sb_attn_sw->known_attn); |
498 |
+ } else if (asserted_bits == 0x100) { |
499 |
+- DP_INFO(p_hwfn, "MFW indication via attention\n"); |
500 |
++ DP_VERBOSE(p_hwfn, NETIF_MSG_INTR, |
501 |
++ "MFW indication via attention\n"); |
502 |
+ } else { |
503 |
+ DP_VERBOSE(p_hwfn, NETIF_MSG_INTR, |
504 |
+ "MFW indication [deassertion]\n"); |
505 |
+diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c |
506 |
+index d73617cc3b15..9f4d93a16b7e 100644 |
507 |
+--- a/drivers/net/ethernet/renesas/ravb_main.c |
508 |
++++ b/drivers/net/ethernet/renesas/ravb_main.c |
509 |
+@@ -1482,6 +1482,7 @@ static void ravb_tx_timeout_work(struct work_struct *work) |
510 |
+ struct ravb_private *priv = container_of(work, struct ravb_private, |
511 |
+ work); |
512 |
+ struct net_device *ndev = priv->ndev; |
513 |
++ int error; |
514 |
+ |
515 |
+ netif_tx_stop_all_queues(ndev); |
516 |
+ |
517 |
+@@ -1490,15 +1491,36 @@ static void ravb_tx_timeout_work(struct work_struct *work) |
518 |
+ ravb_ptp_stop(ndev); |
519 |
+ |
520 |
+ /* Wait for DMA stopping */ |
521 |
+- ravb_stop_dma(ndev); |
522 |
++ if (ravb_stop_dma(ndev)) { |
523 |
++ /* If ravb_stop_dma() fails, the hardware is still operating |
524 |
++ * for TX and/or RX. So, this should not call the following |
525 |
++ * functions because ravb_dmac_init() is possible to fail too. |
526 |
++ * Also, this should not retry ravb_stop_dma() again and again |
527 |
++ * here because it's possible to wait forever. So, this just |
528 |
++ * re-enables the TX and RX and skip the following |
529 |
++ * re-initialization procedure. |
530 |
++ */ |
531 |
++ ravb_rcv_snd_enable(ndev); |
532 |
++ goto out; |
533 |
++ } |
534 |
+ |
535 |
+ ravb_ring_free(ndev, RAVB_BE); |
536 |
+ ravb_ring_free(ndev, RAVB_NC); |
537 |
+ |
538 |
+ /* Device init */ |
539 |
+- ravb_dmac_init(ndev); |
540 |
++ error = ravb_dmac_init(ndev); |
541 |
++ if (error) { |
542 |
++ /* If ravb_dmac_init() fails, descriptors are freed. So, this |
543 |
++ * should return here to avoid re-enabling the TX and RX in |
544 |
++ * ravb_emac_init(). |
545 |
++ */ |
546 |
++ netdev_err(ndev, "%s: ravb_dmac_init() failed, error %d\n", |
547 |
++ __func__, error); |
548 |
++ return; |
549 |
++ } |
550 |
+ ravb_emac_init(ndev); |
551 |
+ |
552 |
++out: |
553 |
+ /* Initialise PTP Clock driver */ |
554 |
+ if (priv->chip_id == RCAR_GEN2) |
555 |
+ ravb_ptp_init(ndev, priv->pdev); |
556 |
+diff --git a/drivers/net/phy/mdio-bcm-unimac.c b/drivers/net/phy/mdio-bcm-unimac.c |
557 |
+index 52703bbd4d66..df75efa96a7d 100644 |
558 |
+--- a/drivers/net/phy/mdio-bcm-unimac.c |
559 |
++++ b/drivers/net/phy/mdio-bcm-unimac.c |
560 |
+@@ -237,6 +237,8 @@ static int unimac_mdio_probe(struct platform_device *pdev) |
561 |
+ return -ENOMEM; |
562 |
+ |
563 |
+ r = platform_get_resource(pdev, IORESOURCE_MEM, 0); |
564 |
++ if (!r) |
565 |
++ return -EINVAL; |
566 |
+ |
567 |
+ /* Just ioremap, as this MDIO block is usually integrated into an |
568 |
+ * Ethernet MAC controller register range |
569 |
+diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c |
570 |
+index 6597d1f8d68c..7988c41bff1d 100644 |
571 |
+--- a/drivers/net/usb/hso.c |
572 |
++++ b/drivers/net/usb/hso.c |
573 |
+@@ -1402,8 +1402,9 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) |
574 |
+ unsigned long flags; |
575 |
+ |
576 |
+ if (old) |
577 |
+- hso_dbg(0x16, "Termios called with: cflags new[%d] - old[%d]\n", |
578 |
+- tty->termios.c_cflag, old->c_cflag); |
579 |
++ hso_dbg(0x16, "Termios called with: cflags new[%u] - old[%u]\n", |
580 |
++ (unsigned int)tty->termios.c_cflag, |
581 |
++ (unsigned int)old->c_cflag); |
582 |
+ |
583 |
+ /* the actual setup */ |
584 |
+ spin_lock_irqsave(&serial->serial_lock, flags); |
585 |
+diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c |
586 |
+index b179a96ea08c..895f307979c8 100644 |
587 |
+--- a/drivers/net/usb/lan78xx.c |
588 |
++++ b/drivers/net/usb/lan78xx.c |
589 |
+@@ -3629,6 +3629,11 @@ static int lan78xx_probe(struct usb_interface *intf, |
590 |
+ netdev->max_mtu = MAX_SINGLE_PACKET_SIZE; |
591 |
+ netif_set_gso_max_size(netdev, MAX_SINGLE_PACKET_SIZE - MAX_HEADER); |
592 |
+ |
593 |
++ if (intf->cur_altsetting->desc.bNumEndpoints < 3) { |
594 |
++ ret = -ENODEV; |
595 |
++ goto out3; |
596 |
++ } |
597 |
++ |
598 |
+ dev->ep_blkin = (intf->cur_altsetting)->endpoint + 0; |
599 |
+ dev->ep_blkout = (intf->cur_altsetting)->endpoint + 1; |
600 |
+ dev->ep_intr = (intf->cur_altsetting)->endpoint + 2; |
601 |
+@@ -3653,6 +3658,7 @@ static int lan78xx_probe(struct usb_interface *intf, |
602 |
+ usb_fill_int_urb(dev->urb_intr, dev->udev, |
603 |
+ dev->pipe_intr, buf, maxp, |
604 |
+ intr_complete, dev, period); |
605 |
++ dev->urb_intr->transfer_flags |= URB_FREE_BUFFER; |
606 |
+ } |
607 |
+ } |
608 |
+ |
609 |
+diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c |
610 |
+index d2e062eaf561..f705f0e1cb5b 100644 |
611 |
+--- a/drivers/net/wireless/ath/ath9k/htc_hst.c |
612 |
++++ b/drivers/net/wireless/ath/ath9k/htc_hst.c |
613 |
+@@ -173,6 +173,7 @@ static int htc_config_pipe_credits(struct htc_target *target) |
614 |
+ time_left = wait_for_completion_timeout(&target->cmd_wait, HZ); |
615 |
+ if (!time_left) { |
616 |
+ dev_err(target->dev, "HTC credit config timeout\n"); |
617 |
++ kfree_skb(skb); |
618 |
+ return -ETIMEDOUT; |
619 |
+ } |
620 |
+ |
621 |
+@@ -208,6 +209,7 @@ static int htc_setup_complete(struct htc_target *target) |
622 |
+ time_left = wait_for_completion_timeout(&target->cmd_wait, HZ); |
623 |
+ if (!time_left) { |
624 |
+ dev_err(target->dev, "HTC start timeout\n"); |
625 |
++ kfree_skb(skb); |
626 |
+ return -ETIMEDOUT; |
627 |
+ } |
628 |
+ |
629 |
+@@ -280,6 +282,7 @@ int htc_connect_service(struct htc_target *target, |
630 |
+ if (!time_left) { |
631 |
+ dev_err(target->dev, "Service connection timeout for: %d\n", |
632 |
+ service_connreq->service_id); |
633 |
++ kfree_skb(skb); |
634 |
+ return -ETIMEDOUT; |
635 |
+ } |
636 |
+ |
637 |
+diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c |
638 |
+index f57f48e4d7a0..4b68804f3742 100644 |
639 |
+--- a/drivers/net/wireless/ath/ath9k/wmi.c |
640 |
++++ b/drivers/net/wireless/ath/ath9k/wmi.c |
641 |
+@@ -338,6 +338,7 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id, |
642 |
+ ath_dbg(common, WMI, "Timeout waiting for WMI command: %s\n", |
643 |
+ wmi_cmd_to_name(cmd_id)); |
644 |
+ mutex_unlock(&wmi->op_mutex); |
645 |
++ kfree_skb(skb); |
646 |
+ return -ETIMEDOUT; |
647 |
+ } |
648 |
+ |
649 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
650 |
+index 91bf86cee273..1131397454bd 100644 |
651 |
+--- a/drivers/net/xen-netfront.c |
652 |
++++ b/drivers/net/xen-netfront.c |
653 |
+@@ -63,6 +63,8 @@ module_param_named(max_queues, xennet_max_queues, uint, 0644); |
654 |
+ MODULE_PARM_DESC(max_queues, |
655 |
+ "Maximum number of queues per virtual interface"); |
656 |
+ |
657 |
++#define XENNET_TIMEOUT (5 * HZ) |
658 |
++ |
659 |
+ static const struct ethtool_ops xennet_ethtool_ops; |
660 |
+ |
661 |
+ struct netfront_cb { |
662 |
+@@ -1336,12 +1338,15 @@ static struct net_device *xennet_create_dev(struct xenbus_device *dev) |
663 |
+ |
664 |
+ netif_carrier_off(netdev); |
665 |
+ |
666 |
+- xenbus_switch_state(dev, XenbusStateInitialising); |
667 |
+- wait_event(module_wq, |
668 |
+- xenbus_read_driver_state(dev->otherend) != |
669 |
+- XenbusStateClosed && |
670 |
+- xenbus_read_driver_state(dev->otherend) != |
671 |
+- XenbusStateUnknown); |
672 |
++ do { |
673 |
++ xenbus_switch_state(dev, XenbusStateInitialising); |
674 |
++ err = wait_event_timeout(module_wq, |
675 |
++ xenbus_read_driver_state(dev->otherend) != |
676 |
++ XenbusStateClosed && |
677 |
++ xenbus_read_driver_state(dev->otherend) != |
678 |
++ XenbusStateUnknown, XENNET_TIMEOUT); |
679 |
++ } while (!err); |
680 |
++ |
681 |
+ return netdev; |
682 |
+ |
683 |
+ exit: |
684 |
+@@ -2142,28 +2147,43 @@ static const struct attribute_group xennet_dev_group = { |
685 |
+ }; |
686 |
+ #endif /* CONFIG_SYSFS */ |
687 |
+ |
688 |
+-static int xennet_remove(struct xenbus_device *dev) |
689 |
++static void xennet_bus_close(struct xenbus_device *dev) |
690 |
+ { |
691 |
+- struct netfront_info *info = dev_get_drvdata(&dev->dev); |
692 |
+- |
693 |
+- dev_dbg(&dev->dev, "%s\n", dev->nodename); |
694 |
++ int ret; |
695 |
+ |
696 |
+- if (xenbus_read_driver_state(dev->otherend) != XenbusStateClosed) { |
697 |
++ if (xenbus_read_driver_state(dev->otherend) == XenbusStateClosed) |
698 |
++ return; |
699 |
++ do { |
700 |
+ xenbus_switch_state(dev, XenbusStateClosing); |
701 |
+- wait_event(module_wq, |
702 |
+- xenbus_read_driver_state(dev->otherend) == |
703 |
+- XenbusStateClosing || |
704 |
+- xenbus_read_driver_state(dev->otherend) == |
705 |
+- XenbusStateUnknown); |
706 |
++ ret = wait_event_timeout(module_wq, |
707 |
++ xenbus_read_driver_state(dev->otherend) == |
708 |
++ XenbusStateClosing || |
709 |
++ xenbus_read_driver_state(dev->otherend) == |
710 |
++ XenbusStateClosed || |
711 |
++ xenbus_read_driver_state(dev->otherend) == |
712 |
++ XenbusStateUnknown, |
713 |
++ XENNET_TIMEOUT); |
714 |
++ } while (!ret); |
715 |
++ |
716 |
++ if (xenbus_read_driver_state(dev->otherend) == XenbusStateClosed) |
717 |
++ return; |
718 |
+ |
719 |
++ do { |
720 |
+ xenbus_switch_state(dev, XenbusStateClosed); |
721 |
+- wait_event(module_wq, |
722 |
+- xenbus_read_driver_state(dev->otherend) == |
723 |
+- XenbusStateClosed || |
724 |
+- xenbus_read_driver_state(dev->otherend) == |
725 |
+- XenbusStateUnknown); |
726 |
+- } |
727 |
++ ret = wait_event_timeout(module_wq, |
728 |
++ xenbus_read_driver_state(dev->otherend) == |
729 |
++ XenbusStateClosed || |
730 |
++ xenbus_read_driver_state(dev->otherend) == |
731 |
++ XenbusStateUnknown, |
732 |
++ XENNET_TIMEOUT); |
733 |
++ } while (!ret); |
734 |
++} |
735 |
++ |
736 |
++static int xennet_remove(struct xenbus_device *dev) |
737 |
++{ |
738 |
++ struct netfront_info *info = dev_get_drvdata(&dev->dev); |
739 |
+ |
740 |
++ xennet_bus_close(dev); |
741 |
+ xennet_disconnect_backend(info); |
742 |
+ |
743 |
+ if (info->netdev->reg_state == NETREG_REGISTERED) |
744 |
+diff --git a/drivers/nfc/s3fwrn5/core.c b/drivers/nfc/s3fwrn5/core.c |
745 |
+index 9d9c8d57a042..64b58455e620 100644 |
746 |
+--- a/drivers/nfc/s3fwrn5/core.c |
747 |
++++ b/drivers/nfc/s3fwrn5/core.c |
748 |
+@@ -209,6 +209,7 @@ int s3fwrn5_recv_frame(struct nci_dev *ndev, struct sk_buff *skb, |
749 |
+ case S3FWRN5_MODE_FW: |
750 |
+ return s3fwrn5_fw_recv_frame(ndev, skb); |
751 |
+ default: |
752 |
++ kfree_skb(skb); |
753 |
+ return -ENODEV; |
754 |
+ } |
755 |
+ } |
756 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
757 |
+index 5f26c170315c..243b16ce0c8e 100644 |
758 |
+--- a/drivers/pci/quirks.c |
759 |
++++ b/drivers/pci/quirks.c |
760 |
+@@ -2086,6 +2086,19 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x10f1, quirk_disable_aspm_l0s); |
761 |
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x10f4, quirk_disable_aspm_l0s); |
762 |
+ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1508, quirk_disable_aspm_l0s); |
763 |
+ |
764 |
++static void quirk_disable_aspm_l0s_l1(struct pci_dev *dev) |
765 |
++{ |
766 |
++ pci_info(dev, "Disabling ASPM L0s/L1\n"); |
767 |
++ pci_disable_link_state(dev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1); |
768 |
++} |
769 |
++ |
770 |
++/* |
771 |
++ * ASM1083/1085 PCIe-PCI bridge devices cause AER timeout errors on the |
772 |
++ * upstream PCIe root port when ASPM is enabled. At least L0s mode is affected; |
773 |
++ * disable both L0s and L1 for now to be safe. |
774 |
++ */ |
775 |
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ASMEDIA, 0x1080, quirk_disable_aspm_l0s_l1); |
776 |
++ |
777 |
+ /* |
778 |
+ * Some Pericom PCIe-to-PCI bridges in reverse mode need the PCIe Retrain |
779 |
+ * Link bit cleared after starting the link retrain process to allow this |
780 |
+diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c |
781 |
+index 70be4425ae0b..2b3637b40dde 100644 |
782 |
+--- a/drivers/scsi/libsas/sas_ata.c |
783 |
++++ b/drivers/scsi/libsas/sas_ata.c |
784 |
+@@ -730,7 +730,6 @@ int sas_discover_sata(struct domain_device *dev) |
785 |
+ if (res) |
786 |
+ return res; |
787 |
+ |
788 |
+- sas_discover_event(dev->port, DISCE_PROBE); |
789 |
+ return 0; |
790 |
+ } |
791 |
+ |
792 |
+diff --git a/drivers/scsi/libsas/sas_discover.c b/drivers/scsi/libsas/sas_discover.c |
793 |
+index b200edc665a5..d6365e2fcc60 100644 |
794 |
+--- a/drivers/scsi/libsas/sas_discover.c |
795 |
++++ b/drivers/scsi/libsas/sas_discover.c |
796 |
+@@ -221,13 +221,9 @@ void sas_notify_lldd_dev_gone(struct domain_device *dev) |
797 |
+ } |
798 |
+ } |
799 |
+ |
800 |
+-static void sas_probe_devices(struct work_struct *work) |
801 |
++static void sas_probe_devices(struct asd_sas_port *port) |
802 |
+ { |
803 |
+ struct domain_device *dev, *n; |
804 |
+- struct sas_discovery_event *ev = to_sas_discovery_event(work); |
805 |
+- struct asd_sas_port *port = ev->port; |
806 |
+- |
807 |
+- clear_bit(DISCE_PROBE, &port->disc.pending); |
808 |
+ |
809 |
+ /* devices must be domain members before link recovery and probe */ |
810 |
+ list_for_each_entry(dev, &port->disco_list, disco_list_node) { |
811 |
+@@ -303,7 +299,6 @@ int sas_discover_end_dev(struct domain_device *dev) |
812 |
+ res = sas_notify_lldd_dev_found(dev); |
813 |
+ if (res) |
814 |
+ return res; |
815 |
+- sas_discover_event(dev->port, DISCE_PROBE); |
816 |
+ |
817 |
+ return 0; |
818 |
+ } |
819 |
+@@ -362,13 +357,9 @@ static void sas_unregister_common_dev(struct asd_sas_port *port, struct domain_d |
820 |
+ sas_put_device(dev); |
821 |
+ } |
822 |
+ |
823 |
+-static void sas_destruct_devices(struct work_struct *work) |
824 |
++void sas_destruct_devices(struct asd_sas_port *port) |
825 |
+ { |
826 |
+ struct domain_device *dev, *n; |
827 |
+- struct sas_discovery_event *ev = to_sas_discovery_event(work); |
828 |
+- struct asd_sas_port *port = ev->port; |
829 |
+- |
830 |
+- clear_bit(DISCE_DESTRUCT, &port->disc.pending); |
831 |
+ |
832 |
+ list_for_each_entry_safe(dev, n, &port->destroy_list, disco_list_node) { |
833 |
+ list_del_init(&dev->disco_list_node); |
834 |
+@@ -379,6 +370,16 @@ static void sas_destruct_devices(struct work_struct *work) |
835 |
+ } |
836 |
+ } |
837 |
+ |
838 |
++static void sas_destruct_ports(struct asd_sas_port *port) |
839 |
++{ |
840 |
++ struct sas_port *sas_port, *p; |
841 |
++ |
842 |
++ list_for_each_entry_safe(sas_port, p, &port->sas_port_del_list, del_list) { |
843 |
++ list_del_init(&sas_port->del_list); |
844 |
++ sas_port_delete(sas_port); |
845 |
++ } |
846 |
++} |
847 |
++ |
848 |
+ void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev) |
849 |
+ { |
850 |
+ if (!test_bit(SAS_DEV_DESTROY, &dev->state) && |
851 |
+@@ -393,7 +394,6 @@ void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev) |
852 |
+ if (!test_and_set_bit(SAS_DEV_DESTROY, &dev->state)) { |
853 |
+ sas_rphy_unlink(dev->rphy); |
854 |
+ list_move_tail(&dev->disco_list_node, &port->destroy_list); |
855 |
+- sas_discover_event(dev->port, DISCE_DESTRUCT); |
856 |
+ } |
857 |
+ } |
858 |
+ |
859 |
+@@ -499,6 +499,8 @@ static void sas_discover_domain(struct work_struct *work) |
860 |
+ port->port_dev = NULL; |
861 |
+ } |
862 |
+ |
863 |
++ sas_probe_devices(port); |
864 |
++ |
865 |
+ SAS_DPRINTK("DONE DISCOVERY on port %d, pid:%d, result:%d\n", port->id, |
866 |
+ task_pid_nr(current), error); |
867 |
+ } |
868 |
+@@ -532,6 +534,10 @@ static void sas_revalidate_domain(struct work_struct *work) |
869 |
+ port->id, task_pid_nr(current), res); |
870 |
+ out: |
871 |
+ mutex_unlock(&ha->disco_mutex); |
872 |
++ |
873 |
++ sas_destruct_devices(port); |
874 |
++ sas_destruct_ports(port); |
875 |
++ sas_probe_devices(port); |
876 |
+ } |
877 |
+ |
878 |
+ /* ---------- Events ---------- */ |
879 |
+@@ -587,10 +593,8 @@ void sas_init_disc(struct sas_discovery *disc, struct asd_sas_port *port) |
880 |
+ static const work_func_t sas_event_fns[DISC_NUM_EVENTS] = { |
881 |
+ [DISCE_DISCOVER_DOMAIN] = sas_discover_domain, |
882 |
+ [DISCE_REVALIDATE_DOMAIN] = sas_revalidate_domain, |
883 |
+- [DISCE_PROBE] = sas_probe_devices, |
884 |
+ [DISCE_SUSPEND] = sas_suspend_devices, |
885 |
+ [DISCE_RESUME] = sas_resume_devices, |
886 |
+- [DISCE_DESTRUCT] = sas_destruct_devices, |
887 |
+ }; |
888 |
+ |
889 |
+ disc->pending = 0; |
890 |
+diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c |
891 |
+index f77d72f01da9..84df6cf46760 100644 |
892 |
+--- a/drivers/scsi/libsas/sas_expander.c |
893 |
++++ b/drivers/scsi/libsas/sas_expander.c |
894 |
+@@ -1946,7 +1946,8 @@ static void sas_unregister_devs_sas_addr(struct domain_device *parent, |
895 |
+ sas_port_delete_phy(phy->port, phy->phy); |
896 |
+ sas_device_set_phy(found, phy->port); |
897 |
+ if (phy->port->num_phys == 0) |
898 |
+- sas_port_delete(phy->port); |
899 |
++ list_add_tail(&phy->port->del_list, |
900 |
++ &parent->port->sas_port_del_list); |
901 |
+ phy->port = NULL; |
902 |
+ } |
903 |
+ } |
904 |
+@@ -2156,7 +2157,7 @@ int sas_ex_revalidate_domain(struct domain_device *port_dev) |
905 |
+ struct domain_device *dev = NULL; |
906 |
+ |
907 |
+ res = sas_find_bcast_dev(port_dev, &dev); |
908 |
+- while (res == 0 && dev) { |
909 |
++ if (res == 0 && dev) { |
910 |
+ struct expander_device *ex = &dev->ex_dev; |
911 |
+ int i = 0, phy_id; |
912 |
+ |
913 |
+@@ -2168,9 +2169,6 @@ int sas_ex_revalidate_domain(struct domain_device *port_dev) |
914 |
+ res = sas_rediscover(dev, phy_id); |
915 |
+ i = phy_id + 1; |
916 |
+ } while (i < ex->num_phys); |
917 |
+- |
918 |
+- dev = NULL; |
919 |
+- res = sas_find_bcast_dev(port_dev, &dev); |
920 |
+ } |
921 |
+ return res; |
922 |
+ } |
923 |
+diff --git a/drivers/scsi/libsas/sas_internal.h b/drivers/scsi/libsas/sas_internal.h |
924 |
+index c07e08136491..f3449fde9c5f 100644 |
925 |
+--- a/drivers/scsi/libsas/sas_internal.h |
926 |
++++ b/drivers/scsi/libsas/sas_internal.h |
927 |
+@@ -98,6 +98,7 @@ int sas_try_ata_reset(struct asd_sas_phy *phy); |
928 |
+ void sas_hae_reset(struct work_struct *work); |
929 |
+ |
930 |
+ void sas_free_device(struct kref *kref); |
931 |
++void sas_destruct_devices(struct asd_sas_port *port); |
932 |
+ |
933 |
+ #ifdef CONFIG_SCSI_SAS_HOST_SMP |
934 |
+ extern void sas_smp_host_handler(struct bsg_job *job, struct Scsi_Host *shost); |
935 |
+diff --git a/drivers/scsi/libsas/sas_port.c b/drivers/scsi/libsas/sas_port.c |
936 |
+index d3c5297c6c89..5d3244c8f280 100644 |
937 |
+--- a/drivers/scsi/libsas/sas_port.c |
938 |
++++ b/drivers/scsi/libsas/sas_port.c |
939 |
+@@ -66,6 +66,7 @@ static void sas_resume_port(struct asd_sas_phy *phy) |
940 |
+ rc = sas_notify_lldd_dev_found(dev); |
941 |
+ if (rc) { |
942 |
+ sas_unregister_dev(port, dev); |
943 |
++ sas_destruct_devices(port); |
944 |
+ continue; |
945 |
+ } |
946 |
+ |
947 |
+@@ -219,6 +220,7 @@ void sas_deform_port(struct asd_sas_phy *phy, int gone) |
948 |
+ |
949 |
+ if (port->num_phys == 1) { |
950 |
+ sas_unregister_domain_devices(port, gone); |
951 |
++ sas_destruct_devices(port); |
952 |
+ sas_port_delete(port->port); |
953 |
+ port->port = NULL; |
954 |
+ } else { |
955 |
+@@ -323,6 +325,7 @@ static void sas_init_port(struct asd_sas_port *port, |
956 |
+ INIT_LIST_HEAD(&port->dev_list); |
957 |
+ INIT_LIST_HEAD(&port->disco_list); |
958 |
+ INIT_LIST_HEAD(&port->destroy_list); |
959 |
++ INIT_LIST_HEAD(&port->sas_port_del_list); |
960 |
+ spin_lock_init(&port->phy_list_lock); |
961 |
+ INIT_LIST_HEAD(&port->phy_list); |
962 |
+ port->ha = sas_ha; |
963 |
+diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c |
964 |
+index 4abefd841b6c..ff519f7a8784 100644 |
965 |
+--- a/fs/f2fs/dir.c |
966 |
++++ b/fs/f2fs/dir.c |
967 |
+@@ -817,6 +817,17 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, |
968 |
+ de_name.name = d->filename[bit_pos]; |
969 |
+ de_name.len = le16_to_cpu(de->name_len); |
970 |
+ |
971 |
++ /* check memory boundary before moving forward */ |
972 |
++ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); |
973 |
++ if (unlikely(bit_pos > d->max || |
974 |
++ le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { |
975 |
++ f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, |
976 |
++ "%s: corrupted namelen=%d, run fsck to fix.", |
977 |
++ __func__, le16_to_cpu(de->name_len)); |
978 |
++ set_sbi_flag(F2FS_I_SB(d->inode)->sb->s_fs_info, SBI_NEED_FSCK); |
979 |
++ return -EINVAL; |
980 |
++ } |
981 |
++ |
982 |
+ if (f2fs_encrypted_inode(d->inode)) { |
983 |
+ int save_len = fstr->len; |
984 |
+ int err; |
985 |
+@@ -835,7 +846,6 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, |
986 |
+ le32_to_cpu(de->ino), d_type)) |
987 |
+ return 1; |
988 |
+ |
989 |
+- bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); |
990 |
+ ctx->pos = start_pos + bit_pos; |
991 |
+ } |
992 |
+ return 0; |
993 |
+diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c |
994 |
+index 360e32220f93..0c0f70e6c7d9 100644 |
995 |
+--- a/fs/xfs/xfs_log.c |
996 |
++++ b/fs/xfs/xfs_log.c |
997 |
+@@ -2684,7 +2684,6 @@ xlog_state_do_callback( |
998 |
+ int funcdidcallbacks; /* flag: function did callbacks */ |
999 |
+ int repeats; /* for issuing console warnings if |
1000 |
+ * looping too many times */ |
1001 |
+- int wake = 0; |
1002 |
+ |
1003 |
+ spin_lock(&log->l_icloglock); |
1004 |
+ first_iclog = iclog = log->l_iclog; |
1005 |
+@@ -2886,11 +2885,9 @@ xlog_state_do_callback( |
1006 |
+ #endif |
1007 |
+ |
1008 |
+ if (log->l_iclog->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_IOERROR)) |
1009 |
+- wake = 1; |
1010 |
+- spin_unlock(&log->l_icloglock); |
1011 |
+- |
1012 |
+- if (wake) |
1013 |
+ wake_up_all(&log->l_flush_wait); |
1014 |
++ |
1015 |
++ spin_unlock(&log->l_icloglock); |
1016 |
+ } |
1017 |
+ |
1018 |
+ |
1019 |
+@@ -4052,7 +4049,9 @@ xfs_log_force_umount( |
1020 |
+ * item committed callback functions will do this again under lock to |
1021 |
+ * avoid races. |
1022 |
+ */ |
1023 |
++ spin_lock(&log->l_cilp->xc_push_lock); |
1024 |
+ wake_up_all(&log->l_cilp->xc_commit_wait); |
1025 |
++ spin_unlock(&log->l_cilp->xc_push_lock); |
1026 |
+ xlog_state_do_callback(log, XFS_LI_ABORTED, NULL); |
1027 |
+ |
1028 |
+ #ifdef XFSERRORDEBUG |
1029 |
+diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h |
1030 |
+index c229ffbed6d4..48e618b20d34 100644 |
1031 |
+--- a/include/asm-generic/vmlinux.lds.h |
1032 |
++++ b/include/asm-generic/vmlinux.lds.h |
1033 |
+@@ -251,7 +251,8 @@ |
1034 |
+ |
1035 |
+ #define PAGE_ALIGNED_DATA(page_align) \ |
1036 |
+ . = ALIGN(page_align); \ |
1037 |
+- *(.data..page_aligned) |
1038 |
++ *(.data..page_aligned) \ |
1039 |
++ . = ALIGN(page_align); |
1040 |
+ |
1041 |
+ #define READ_MOSTLY_DATA(align) \ |
1042 |
+ . = ALIGN(align); \ |
1043 |
+@@ -619,7 +620,9 @@ |
1044 |
+ . = ALIGN(bss_align); \ |
1045 |
+ .bss : AT(ADDR(.bss) - LOAD_OFFSET) { \ |
1046 |
+ BSS_FIRST_SECTIONS \ |
1047 |
++ . = ALIGN(PAGE_SIZE); \ |
1048 |
+ *(.bss..page_aligned) \ |
1049 |
++ . = ALIGN(PAGE_SIZE); \ |
1050 |
+ *(.dynbss) \ |
1051 |
+ *(BSS_MAIN) \ |
1052 |
+ *(COMMON) \ |
1053 |
+diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h |
1054 |
+index a966d281dedc..1b1cf9eff3b5 100644 |
1055 |
+--- a/include/scsi/libsas.h |
1056 |
++++ b/include/scsi/libsas.h |
1057 |
+@@ -87,10 +87,8 @@ enum discover_event { |
1058 |
+ DISCE_DISCOVER_DOMAIN = 0U, |
1059 |
+ DISCE_REVALIDATE_DOMAIN = 1, |
1060 |
+ DISCE_PORT_GONE = 2, |
1061 |
+- DISCE_PROBE = 3, |
1062 |
+ DISCE_SUSPEND = 4, |
1063 |
+ DISCE_RESUME = 5, |
1064 |
+- DISCE_DESTRUCT = 6, |
1065 |
+ DISC_NUM_EVENTS = 7, |
1066 |
+ }; |
1067 |
+ |
1068 |
+@@ -269,6 +267,7 @@ struct asd_sas_port { |
1069 |
+ struct list_head dev_list; |
1070 |
+ struct list_head disco_list; |
1071 |
+ struct list_head destroy_list; |
1072 |
++ struct list_head sas_port_del_list; |
1073 |
+ enum sas_linkrate linkrate; |
1074 |
+ |
1075 |
+ struct sas_work work; |
1076 |
+diff --git a/include/scsi/scsi_transport_sas.h b/include/scsi/scsi_transport_sas.h |
1077 |
+index 62895b405933..05ec927a3c72 100644 |
1078 |
+--- a/include/scsi/scsi_transport_sas.h |
1079 |
++++ b/include/scsi/scsi_transport_sas.h |
1080 |
+@@ -156,6 +156,7 @@ struct sas_port { |
1081 |
+ |
1082 |
+ struct mutex phy_list_mutex; |
1083 |
+ struct list_head phy_list; |
1084 |
++ struct list_head del_list; /* libsas only */ |
1085 |
+ }; |
1086 |
+ |
1087 |
+ #define dev_to_sas_port(d) \ |
1088 |
+diff --git a/include/uapi/linux/wireless.h b/include/uapi/linux/wireless.h |
1089 |
+index 86eca3208b6b..a2c006a364e0 100644 |
1090 |
+--- a/include/uapi/linux/wireless.h |
1091 |
++++ b/include/uapi/linux/wireless.h |
1092 |
+@@ -74,6 +74,8 @@ |
1093 |
+ #include <linux/socket.h> /* for "struct sockaddr" et al */ |
1094 |
+ #include <linux/if.h> /* for IFNAMSIZ and co... */ |
1095 |
+ |
1096 |
++#include <stddef.h> /* for offsetof */ |
1097 |
++ |
1098 |
+ /***************************** VERSION *****************************/ |
1099 |
+ /* |
1100 |
+ * This constant is used to know the availability of the wireless |
1101 |
+@@ -1090,8 +1092,7 @@ struct iw_event { |
1102 |
+ /* iw_point events are special. First, the payload (extra data) come at |
1103 |
+ * the end of the event, so they are bigger than IW_EV_POINT_LEN. Second, |
1104 |
+ * we omit the pointer, so start at an offset. */ |
1105 |
+-#define IW_EV_POINT_OFF (((char *) &(((struct iw_point *) NULL)->length)) - \ |
1106 |
+- (char *) NULL) |
1107 |
++#define IW_EV_POINT_OFF offsetof(struct iw_point, length) |
1108 |
+ #define IW_EV_POINT_LEN (IW_EV_LCP_LEN + sizeof(struct iw_point) - \ |
1109 |
+ IW_EV_POINT_OFF) |
1110 |
+ |
1111 |
+diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c |
1112 |
+index 505e69854eb8..6cc090d015f6 100644 |
1113 |
+--- a/kernel/bpf/hashtab.c |
1114 |
++++ b/kernel/bpf/hashtab.c |
1115 |
+@@ -656,15 +656,20 @@ static void htab_elem_free_rcu(struct rcu_head *head) |
1116 |
+ preempt_enable(); |
1117 |
+ } |
1118 |
+ |
1119 |
+-static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l) |
1120 |
++static void htab_put_fd_value(struct bpf_htab *htab, struct htab_elem *l) |
1121 |
+ { |
1122 |
+ struct bpf_map *map = &htab->map; |
1123 |
++ void *ptr; |
1124 |
+ |
1125 |
+ if (map->ops->map_fd_put_ptr) { |
1126 |
+- void *ptr = fd_htab_map_get_ptr(map, l); |
1127 |
+- |
1128 |
++ ptr = fd_htab_map_get_ptr(map, l); |
1129 |
+ map->ops->map_fd_put_ptr(ptr); |
1130 |
+ } |
1131 |
++} |
1132 |
++ |
1133 |
++static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l) |
1134 |
++{ |
1135 |
++ htab_put_fd_value(htab, l); |
1136 |
+ |
1137 |
+ if (htab_is_prealloc(htab)) { |
1138 |
+ __pcpu_freelist_push(&htab->freelist, &l->fnode); |
1139 |
+@@ -725,6 +730,7 @@ static struct htab_elem *alloc_htab_elem(struct bpf_htab *htab, void *key, |
1140 |
+ */ |
1141 |
+ pl_new = this_cpu_ptr(htab->extra_elems); |
1142 |
+ l_new = *pl_new; |
1143 |
++ htab_put_fd_value(htab, old_elem); |
1144 |
+ *pl_new = old_elem; |
1145 |
+ } else { |
1146 |
+ struct pcpu_freelist_node *l; |
1147 |
+diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c |
1148 |
+index a9c65f13b7f5..32de8afbfbf8 100644 |
1149 |
+--- a/net/9p/trans_fd.c |
1150 |
++++ b/net/9p/trans_fd.c |
1151 |
+@@ -301,7 +301,6 @@ static void p9_read_work(struct work_struct *work) |
1152 |
+ { |
1153 |
+ int n, err; |
1154 |
+ struct p9_conn *m; |
1155 |
+- int status = REQ_STATUS_ERROR; |
1156 |
+ |
1157 |
+ m = container_of(work, struct p9_conn, rq); |
1158 |
+ |
1159 |
+@@ -381,11 +380,21 @@ static void p9_read_work(struct work_struct *work) |
1160 |
+ if ((m->req) && (m->rc.offset == m->rc.capacity)) { |
1161 |
+ p9_debug(P9_DEBUG_TRANS, "got new packet\n"); |
1162 |
+ spin_lock(&m->client->lock); |
1163 |
+- if (m->req->status != REQ_STATUS_ERROR) |
1164 |
+- status = REQ_STATUS_RCVD; |
1165 |
+- list_del(&m->req->req_list); |
1166 |
+- /* update req->status while holding client->lock */ |
1167 |
+- p9_client_cb(m->client, m->req, status); |
1168 |
++ if (m->req->status == REQ_STATUS_SENT) { |
1169 |
++ list_del(&m->req->req_list); |
1170 |
++ p9_client_cb(m->client, m->req, REQ_STATUS_RCVD); |
1171 |
++ } else if (m->req->status == REQ_STATUS_FLSHD) { |
1172 |
++ /* Ignore replies associated with a cancelled request. */ |
1173 |
++ p9_debug(P9_DEBUG_TRANS, |
1174 |
++ "Ignore replies associated with a cancelled request\n"); |
1175 |
++ } else { |
1176 |
++ spin_unlock(&m->client->lock); |
1177 |
++ p9_debug(P9_DEBUG_ERROR, |
1178 |
++ "Request tag %d errored out while we were reading the reply\n", |
1179 |
++ m->rc.tag); |
1180 |
++ err = -EIO; |
1181 |
++ goto error; |
1182 |
++ } |
1183 |
+ spin_unlock(&m->client->lock); |
1184 |
+ m->rc.sdata = NULL; |
1185 |
+ m->rc.offset = 0; |
1186 |
+@@ -712,11 +721,20 @@ static int p9_fd_cancelled(struct p9_client *client, struct p9_req_t *req) |
1187 |
+ { |
1188 |
+ p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req); |
1189 |
+ |
1190 |
++ spin_lock(&client->lock); |
1191 |
++ /* Ignore cancelled request if message has been received |
1192 |
++ * before lock. |
1193 |
++ */ |
1194 |
++ if (req->status == REQ_STATUS_RCVD) { |
1195 |
++ spin_unlock(&client->lock); |
1196 |
++ return 0; |
1197 |
++ } |
1198 |
++ |
1199 |
+ /* we haven't received a response for oldreq, |
1200 |
+ * remove it from the list. |
1201 |
+ */ |
1202 |
+- spin_lock(&client->lock); |
1203 |
+ list_del(&req->req_list); |
1204 |
++ req->status = REQ_STATUS_FLSHD; |
1205 |
+ spin_unlock(&client->lock); |
1206 |
+ |
1207 |
+ return 0; |
1208 |
+diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c |
1209 |
+index b1484b8316e8..c883cb67b731 100644 |
1210 |
+--- a/net/mac80211/cfg.c |
1211 |
++++ b/net/mac80211/cfg.c |
1212 |
+@@ -1997,6 +1997,7 @@ static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev) |
1213 |
+ ieee80211_stop_mesh(sdata); |
1214 |
+ mutex_lock(&sdata->local->mtx); |
1215 |
+ ieee80211_vif_release_channel(sdata); |
1216 |
++ kfree(sdata->u.mesh.ie); |
1217 |
+ mutex_unlock(&sdata->local->mtx); |
1218 |
+ |
1219 |
+ return 0; |
1220 |
+diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c |
1221 |
+index 130022091205..933f26e2ff8b 100644 |
1222 |
+--- a/net/mac80211/mesh_pathtbl.c |
1223 |
++++ b/net/mac80211/mesh_pathtbl.c |
1224 |
+@@ -554,6 +554,7 @@ static void mesh_path_free_rcu(struct mesh_table *tbl, |
1225 |
+ del_timer_sync(&mpath->timer); |
1226 |
+ atomic_dec(&sdata->u.mesh.mpaths); |
1227 |
+ atomic_dec(&tbl->entries); |
1228 |
++ mesh_path_flush_pending(mpath); |
1229 |
+ kfree_rcu(mpath, rcu); |
1230 |
+ } |
1231 |
+ |
1232 |
+diff --git a/net/rds/recv.c b/net/rds/recv.c |
1233 |
+index c27cceae52e1..ef022d24f87a 100644 |
1234 |
+--- a/net/rds/recv.c |
1235 |
++++ b/net/rds/recv.c |
1236 |
+@@ -453,12 +453,13 @@ static int rds_still_queued(struct rds_sock *rs, struct rds_incoming *inc, |
1237 |
+ int rds_notify_queue_get(struct rds_sock *rs, struct msghdr *msghdr) |
1238 |
+ { |
1239 |
+ struct rds_notifier *notifier; |
1240 |
+- struct rds_rdma_notify cmsg = { 0 }; /* fill holes with zero */ |
1241 |
++ struct rds_rdma_notify cmsg; |
1242 |
+ unsigned int count = 0, max_messages = ~0U; |
1243 |
+ unsigned long flags; |
1244 |
+ LIST_HEAD(copy); |
1245 |
+ int err = 0; |
1246 |
+ |
1247 |
++ memset(&cmsg, 0, sizeof(cmsg)); /* fill holes with zero */ |
1248 |
+ |
1249 |
+ /* put_cmsg copies to user space and thus may sleep. We can't do this |
1250 |
+ * with rs_lock held, so first grab as many notifications as we can stuff |
1251 |
+diff --git a/net/x25/x25_subr.c b/net/x25/x25_subr.c |
1252 |
+index db0b1315d577..a946c1cfb5a2 100644 |
1253 |
+--- a/net/x25/x25_subr.c |
1254 |
++++ b/net/x25/x25_subr.c |
1255 |
+@@ -363,6 +363,12 @@ void x25_disconnect(struct sock *sk, int reason, unsigned char cause, |
1256 |
+ sk->sk_state_change(sk); |
1257 |
+ sock_set_flag(sk, SOCK_DEAD); |
1258 |
+ } |
1259 |
++ if (x25->neighbour) { |
1260 |
++ read_lock_bh(&x25_list_lock); |
1261 |
++ x25_neigh_put(x25->neighbour); |
1262 |
++ x25->neighbour = NULL; |
1263 |
++ read_unlock_bh(&x25_list_lock); |
1264 |
++ } |
1265 |
+ } |
1266 |
+ |
1267 |
+ /* |
1268 |
+diff --git a/tools/testing/selftests/networking/timestamping/rxtimestamp.c b/tools/testing/selftests/networking/timestamping/rxtimestamp.c |
1269 |
+index 7a573fb4c1c4..c6428f1ac22f 100644 |
1270 |
+--- a/tools/testing/selftests/networking/timestamping/rxtimestamp.c |
1271 |
++++ b/tools/testing/selftests/networking/timestamping/rxtimestamp.c |
1272 |
+@@ -328,8 +328,7 @@ int main(int argc, char **argv) |
1273 |
+ bool all_tests = true; |
1274 |
+ int arg_index = 0; |
1275 |
+ int failures = 0; |
1276 |
+- int s, t; |
1277 |
+- char opt; |
1278 |
++ int s, t, opt; |
1279 |
+ |
1280 |
+ while ((opt = getopt_long(argc, argv, "", long_options, |
1281 |
+ &arg_index)) != -1) { |