1 |
commit: f20406284f321ba74df51fe0b25dd503e072eb82 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 17 13:13:34 2021 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 17 13:13:34 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f2040628 |
7 |
|
8 |
Linux patch 4.14.251 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1250_linux-4.14.251.patch | 1057 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1061 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 2892a8e..82dbb98 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -1047,6 +1047,10 @@ Patch: 1249_linux-4.14.250.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.14.250 |
23 |
|
24 |
+Patch: 1250_linux-4.14.251.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.14.251 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1250_linux-4.14.251.patch b/1250_linux-4.14.251.patch |
33 |
new file mode 100644 |
34 |
index 0000000..244cb17 |
35 |
--- /dev/null |
36 |
+++ b/1250_linux-4.14.251.patch |
37 |
@@ -0,0 +1,1057 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 7fed41bc6a4f6..184089eb1bdb5 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 14 |
46 |
+-SUBLEVEL = 250 |
47 |
++SUBLEVEL = 251 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Petit Gorille |
50 |
+ |
51 |
+diff --git a/arch/arm/boot/dts/omap3430-sdp.dts b/arch/arm/boot/dts/omap3430-sdp.dts |
52 |
+index 908951eb5943e..e4ee935f7b382 100644 |
53 |
+--- a/arch/arm/boot/dts/omap3430-sdp.dts |
54 |
++++ b/arch/arm/boot/dts/omap3430-sdp.dts |
55 |
+@@ -104,7 +104,7 @@ |
56 |
+ |
57 |
+ nand@1,0 { |
58 |
+ compatible = "ti,omap2-nand"; |
59 |
+- reg = <0 0 4>; /* CS0, offset 0, IO size 4 */ |
60 |
++ reg = <1 0 4>; /* CS1, offset 0, IO size 4 */ |
61 |
+ interrupt-parent = <&gpmc>; |
62 |
+ interrupts = <0 IRQ_TYPE_NONE>, /* fifoevent */ |
63 |
+ <1 IRQ_TYPE_NONE>; /* termcount */ |
64 |
+diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi |
65 |
+index eef243998392d..459358b54ab42 100644 |
66 |
+--- a/arch/arm/boot/dts/qcom-apq8064.dtsi |
67 |
++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi |
68 |
+@@ -1114,7 +1114,7 @@ |
69 |
+ }; |
70 |
+ |
71 |
+ gpu: adreno-3xx@4300000 { |
72 |
+- compatible = "qcom,adreno-3xx"; |
73 |
++ compatible = "qcom,adreno-320.2", "qcom,adreno"; |
74 |
+ reg = <0x04300000 0x20000>; |
75 |
+ reg-names = "kgsl_3d0_reg_memory"; |
76 |
+ interrupts = <GIC_SPI 80 0>; |
77 |
+@@ -1129,7 +1129,6 @@ |
78 |
+ <&mmcc GFX3D_AHB_CLK>, |
79 |
+ <&mmcc GFX3D_AXI_CLK>, |
80 |
+ <&mmcc MMSS_IMEM_AHB_CLK>; |
81 |
+- qcom,chipid = <0x03020002>; |
82 |
+ |
83 |
+ iommus = <&gfx3d 0 |
84 |
+ &gfx3d 1 |
85 |
+diff --git a/arch/arm/mach-imx/pm-imx6.c b/arch/arm/mach-imx/pm-imx6.c |
86 |
+index c7dcb0b207301..5182b04ac878b 100644 |
87 |
+--- a/arch/arm/mach-imx/pm-imx6.c |
88 |
++++ b/arch/arm/mach-imx/pm-imx6.c |
89 |
+@@ -15,6 +15,7 @@ |
90 |
+ #include <linux/io.h> |
91 |
+ #include <linux/irq.h> |
92 |
+ #include <linux/genalloc.h> |
93 |
++#include <linux/irqchip/arm-gic.h> |
94 |
+ #include <linux/mfd/syscon.h> |
95 |
+ #include <linux/mfd/syscon/imx6q-iomuxc-gpr.h> |
96 |
+ #include <linux/of.h> |
97 |
+@@ -608,6 +609,7 @@ static void __init imx6_pm_common_init(const struct imx6_pm_socdata |
98 |
+ |
99 |
+ static void imx6_pm_stby_poweroff(void) |
100 |
+ { |
101 |
++ gic_cpu_if_down(0); |
102 |
+ imx6_set_lpm(STOP_POWER_OFF); |
103 |
+ imx6q_suspend_finish(0); |
104 |
+ |
105 |
+diff --git a/arch/m68k/kernel/signal.c b/arch/m68k/kernel/signal.c |
106 |
+index e79421f5b9cd9..20a3ff41d0d5a 100644 |
107 |
+--- a/arch/m68k/kernel/signal.c |
108 |
++++ b/arch/m68k/kernel/signal.c |
109 |
+@@ -448,7 +448,7 @@ static inline void save_fpu_state(struct sigcontext *sc, struct pt_regs *regs) |
110 |
+ |
111 |
+ if (CPU_IS_060 ? sc->sc_fpstate[2] : sc->sc_fpstate[0]) { |
112 |
+ fpu_version = sc->sc_fpstate[0]; |
113 |
+- if (CPU_IS_020_OR_030 && |
114 |
++ if (CPU_IS_020_OR_030 && !regs->stkadj && |
115 |
+ regs->vector >= (VEC_FPBRUC * 4) && |
116 |
+ regs->vector <= (VEC_FPNAN * 4)) { |
117 |
+ /* Clear pending exception in 68882 idle frame */ |
118 |
+@@ -511,7 +511,7 @@ static inline int rt_save_fpu_state(struct ucontext __user *uc, struct pt_regs * |
119 |
+ if (!(CPU_IS_060 || CPU_IS_COLDFIRE)) |
120 |
+ context_size = fpstate[1]; |
121 |
+ fpu_version = fpstate[0]; |
122 |
+- if (CPU_IS_020_OR_030 && |
123 |
++ if (CPU_IS_020_OR_030 && !regs->stkadj && |
124 |
+ regs->vector >= (VEC_FPBRUC * 4) && |
125 |
+ regs->vector <= (VEC_FPNAN * 4)) { |
126 |
+ /* Clear pending exception in 68882 idle frame */ |
127 |
+@@ -765,18 +765,24 @@ badframe: |
128 |
+ return 0; |
129 |
+ } |
130 |
+ |
131 |
++static inline struct pt_regs *rte_regs(struct pt_regs *regs) |
132 |
++{ |
133 |
++ return (void *)regs + regs->stkadj; |
134 |
++} |
135 |
++ |
136 |
+ static void setup_sigcontext(struct sigcontext *sc, struct pt_regs *regs, |
137 |
+ unsigned long mask) |
138 |
+ { |
139 |
++ struct pt_regs *tregs = rte_regs(regs); |
140 |
+ sc->sc_mask = mask; |
141 |
+ sc->sc_usp = rdusp(); |
142 |
+ sc->sc_d0 = regs->d0; |
143 |
+ sc->sc_d1 = regs->d1; |
144 |
+ sc->sc_a0 = regs->a0; |
145 |
+ sc->sc_a1 = regs->a1; |
146 |
+- sc->sc_sr = regs->sr; |
147 |
+- sc->sc_pc = regs->pc; |
148 |
+- sc->sc_formatvec = regs->format << 12 | regs->vector; |
149 |
++ sc->sc_sr = tregs->sr; |
150 |
++ sc->sc_pc = tregs->pc; |
151 |
++ sc->sc_formatvec = tregs->format << 12 | tregs->vector; |
152 |
+ save_a5_state(sc, regs); |
153 |
+ save_fpu_state(sc, regs); |
154 |
+ } |
155 |
+@@ -784,6 +790,7 @@ static void setup_sigcontext(struct sigcontext *sc, struct pt_regs *regs, |
156 |
+ static inline int rt_setup_ucontext(struct ucontext __user *uc, struct pt_regs *regs) |
157 |
+ { |
158 |
+ struct switch_stack *sw = (struct switch_stack *)regs - 1; |
159 |
++ struct pt_regs *tregs = rte_regs(regs); |
160 |
+ greg_t __user *gregs = uc->uc_mcontext.gregs; |
161 |
+ int err = 0; |
162 |
+ |
163 |
+@@ -804,9 +811,9 @@ static inline int rt_setup_ucontext(struct ucontext __user *uc, struct pt_regs * |
164 |
+ err |= __put_user(sw->a5, &gregs[13]); |
165 |
+ err |= __put_user(sw->a6, &gregs[14]); |
166 |
+ err |= __put_user(rdusp(), &gregs[15]); |
167 |
+- err |= __put_user(regs->pc, &gregs[16]); |
168 |
+- err |= __put_user(regs->sr, &gregs[17]); |
169 |
+- err |= __put_user((regs->format << 12) | regs->vector, &uc->uc_formatvec); |
170 |
++ err |= __put_user(tregs->pc, &gregs[16]); |
171 |
++ err |= __put_user(tregs->sr, &gregs[17]); |
172 |
++ err |= __put_user((tregs->format << 12) | tregs->vector, &uc->uc_formatvec); |
173 |
+ err |= rt_save_fpu_state(uc, regs); |
174 |
+ return err; |
175 |
+ } |
176 |
+@@ -823,13 +830,14 @@ static int setup_frame(struct ksignal *ksig, sigset_t *set, |
177 |
+ struct pt_regs *regs) |
178 |
+ { |
179 |
+ struct sigframe __user *frame; |
180 |
+- int fsize = frame_extra_sizes(regs->format); |
181 |
++ struct pt_regs *tregs = rte_regs(regs); |
182 |
++ int fsize = frame_extra_sizes(tregs->format); |
183 |
+ struct sigcontext context; |
184 |
+ int err = 0, sig = ksig->sig; |
185 |
+ |
186 |
+ if (fsize < 0) { |
187 |
+ pr_debug("setup_frame: Unknown frame format %#x\n", |
188 |
+- regs->format); |
189 |
++ tregs->format); |
190 |
+ return -EFAULT; |
191 |
+ } |
192 |
+ |
193 |
+@@ -840,7 +848,7 @@ static int setup_frame(struct ksignal *ksig, sigset_t *set, |
194 |
+ |
195 |
+ err |= __put_user(sig, &frame->sig); |
196 |
+ |
197 |
+- err |= __put_user(regs->vector, &frame->code); |
198 |
++ err |= __put_user(tregs->vector, &frame->code); |
199 |
+ err |= __put_user(&frame->sc, &frame->psc); |
200 |
+ |
201 |
+ if (_NSIG_WORDS > 1) |
202 |
+@@ -865,34 +873,28 @@ static int setup_frame(struct ksignal *ksig, sigset_t *set, |
203 |
+ |
204 |
+ push_cache ((unsigned long) &frame->retcode); |
205 |
+ |
206 |
+- /* |
207 |
+- * Set up registers for signal handler. All the state we are about |
208 |
+- * to destroy is successfully copied to sigframe. |
209 |
+- */ |
210 |
+- wrusp ((unsigned long) frame); |
211 |
+- regs->pc = (unsigned long) ksig->ka.sa.sa_handler; |
212 |
+- adjustformat(regs); |
213 |
+- |
214 |
+ /* |
215 |
+ * This is subtle; if we build more than one sigframe, all but the |
216 |
+ * first one will see frame format 0 and have fsize == 0, so we won't |
217 |
+ * screw stkadj. |
218 |
+ */ |
219 |
+- if (fsize) |
220 |
++ if (fsize) { |
221 |
+ regs->stkadj = fsize; |
222 |
+- |
223 |
+- /* Prepare to skip over the extra stuff in the exception frame. */ |
224 |
+- if (regs->stkadj) { |
225 |
+- struct pt_regs *tregs = |
226 |
+- (struct pt_regs *)((ulong)regs + regs->stkadj); |
227 |
++ tregs = rte_regs(regs); |
228 |
+ pr_debug("Performing stackadjust=%04lx\n", regs->stkadj); |
229 |
+- /* This must be copied with decreasing addresses to |
230 |
+- handle overlaps. */ |
231 |
+ tregs->vector = 0; |
232 |
+ tregs->format = 0; |
233 |
+- tregs->pc = regs->pc; |
234 |
+ tregs->sr = regs->sr; |
235 |
+ } |
236 |
++ |
237 |
++ /* |
238 |
++ * Set up registers for signal handler. All the state we are about |
239 |
++ * to destroy is successfully copied to sigframe. |
240 |
++ */ |
241 |
++ wrusp ((unsigned long) frame); |
242 |
++ tregs->pc = (unsigned long) ksig->ka.sa.sa_handler; |
243 |
++ adjustformat(regs); |
244 |
++ |
245 |
+ return 0; |
246 |
+ } |
247 |
+ |
248 |
+@@ -900,7 +902,8 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set, |
249 |
+ struct pt_regs *regs) |
250 |
+ { |
251 |
+ struct rt_sigframe __user *frame; |
252 |
+- int fsize = frame_extra_sizes(regs->format); |
253 |
++ struct pt_regs *tregs = rte_regs(regs); |
254 |
++ int fsize = frame_extra_sizes(tregs->format); |
255 |
+ int err = 0, sig = ksig->sig; |
256 |
+ |
257 |
+ if (fsize < 0) { |
258 |
+@@ -949,34 +952,27 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set, |
259 |
+ |
260 |
+ push_cache ((unsigned long) &frame->retcode); |
261 |
+ |
262 |
+- /* |
263 |
+- * Set up registers for signal handler. All the state we are about |
264 |
+- * to destroy is successfully copied to sigframe. |
265 |
+- */ |
266 |
+- wrusp ((unsigned long) frame); |
267 |
+- regs->pc = (unsigned long) ksig->ka.sa.sa_handler; |
268 |
+- adjustformat(regs); |
269 |
+- |
270 |
+ /* |
271 |
+ * This is subtle; if we build more than one sigframe, all but the |
272 |
+ * first one will see frame format 0 and have fsize == 0, so we won't |
273 |
+ * screw stkadj. |
274 |
+ */ |
275 |
+- if (fsize) |
276 |
++ if (fsize) { |
277 |
+ regs->stkadj = fsize; |
278 |
+- |
279 |
+- /* Prepare to skip over the extra stuff in the exception frame. */ |
280 |
+- if (regs->stkadj) { |
281 |
+- struct pt_regs *tregs = |
282 |
+- (struct pt_regs *)((ulong)regs + regs->stkadj); |
283 |
++ tregs = rte_regs(regs); |
284 |
+ pr_debug("Performing stackadjust=%04lx\n", regs->stkadj); |
285 |
+- /* This must be copied with decreasing addresses to |
286 |
+- handle overlaps. */ |
287 |
+ tregs->vector = 0; |
288 |
+ tregs->format = 0; |
289 |
+- tregs->pc = regs->pc; |
290 |
+ tregs->sr = regs->sr; |
291 |
+ } |
292 |
++ |
293 |
++ /* |
294 |
++ * Set up registers for signal handler. All the state we are about |
295 |
++ * to destroy is successfully copied to sigframe. |
296 |
++ */ |
297 |
++ wrusp ((unsigned long) frame); |
298 |
++ tregs->pc = (unsigned long) ksig->ka.sa.sa_handler; |
299 |
++ adjustformat(regs); |
300 |
+ return 0; |
301 |
+ } |
302 |
+ |
303 |
+diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c |
304 |
+index 4d8cb9bb8365d..43e6597c720c2 100644 |
305 |
+--- a/arch/mips/net/bpf_jit.c |
306 |
++++ b/arch/mips/net/bpf_jit.c |
307 |
+@@ -662,6 +662,11 @@ static void build_epilogue(struct jit_ctx *ctx) |
308 |
+ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative : func) : \ |
309 |
+ func##_positive) |
310 |
+ |
311 |
++static bool is_bad_offset(int b_off) |
312 |
++{ |
313 |
++ return b_off > 0x1ffff || b_off < -0x20000; |
314 |
++} |
315 |
++ |
316 |
+ static int build_body(struct jit_ctx *ctx) |
317 |
+ { |
318 |
+ const struct bpf_prog *prog = ctx->skf; |
319 |
+@@ -728,7 +733,10 @@ load_common: |
320 |
+ /* Load return register on DS for failures */ |
321 |
+ emit_reg_move(r_ret, r_zero, ctx); |
322 |
+ /* Return with error */ |
323 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
324 |
++ b_off = b_imm(prog->len, ctx); |
325 |
++ if (is_bad_offset(b_off)) |
326 |
++ return -E2BIG; |
327 |
++ emit_b(b_off, ctx); |
328 |
+ emit_nop(ctx); |
329 |
+ break; |
330 |
+ case BPF_LD | BPF_W | BPF_IND: |
331 |
+@@ -775,8 +783,10 @@ load_ind: |
332 |
+ emit_jalr(MIPS_R_RA, r_s0, ctx); |
333 |
+ emit_reg_move(MIPS_R_A0, r_skb, ctx); /* delay slot */ |
334 |
+ /* Check the error value */ |
335 |
+- emit_bcond(MIPS_COND_NE, r_ret, 0, |
336 |
+- b_imm(prog->len, ctx), ctx); |
337 |
++ b_off = b_imm(prog->len, ctx); |
338 |
++ if (is_bad_offset(b_off)) |
339 |
++ return -E2BIG; |
340 |
++ emit_bcond(MIPS_COND_NE, r_ret, 0, b_off, ctx); |
341 |
+ emit_reg_move(r_ret, r_zero, ctx); |
342 |
+ /* We are good */ |
343 |
+ /* X <- P[1:K] & 0xf */ |
344 |
+@@ -855,8 +865,10 @@ load_ind: |
345 |
+ /* A /= X */ |
346 |
+ ctx->flags |= SEEN_X | SEEN_A; |
347 |
+ /* Check if r_X is zero */ |
348 |
+- emit_bcond(MIPS_COND_EQ, r_X, r_zero, |
349 |
+- b_imm(prog->len, ctx), ctx); |
350 |
++ b_off = b_imm(prog->len, ctx); |
351 |
++ if (is_bad_offset(b_off)) |
352 |
++ return -E2BIG; |
353 |
++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); |
354 |
+ emit_load_imm(r_ret, 0, ctx); /* delay slot */ |
355 |
+ emit_div(r_A, r_X, ctx); |
356 |
+ break; |
357 |
+@@ -864,8 +876,10 @@ load_ind: |
358 |
+ /* A %= X */ |
359 |
+ ctx->flags |= SEEN_X | SEEN_A; |
360 |
+ /* Check if r_X is zero */ |
361 |
+- emit_bcond(MIPS_COND_EQ, r_X, r_zero, |
362 |
+- b_imm(prog->len, ctx), ctx); |
363 |
++ b_off = b_imm(prog->len, ctx); |
364 |
++ if (is_bad_offset(b_off)) |
365 |
++ return -E2BIG; |
366 |
++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); |
367 |
+ emit_load_imm(r_ret, 0, ctx); /* delay slot */ |
368 |
+ emit_mod(r_A, r_X, ctx); |
369 |
+ break; |
370 |
+@@ -926,7 +940,10 @@ load_ind: |
371 |
+ break; |
372 |
+ case BPF_JMP | BPF_JA: |
373 |
+ /* pc += K */ |
374 |
+- emit_b(b_imm(i + k + 1, ctx), ctx); |
375 |
++ b_off = b_imm(i + k + 1, ctx); |
376 |
++ if (is_bad_offset(b_off)) |
377 |
++ return -E2BIG; |
378 |
++ emit_b(b_off, ctx); |
379 |
+ emit_nop(ctx); |
380 |
+ break; |
381 |
+ case BPF_JMP | BPF_JEQ | BPF_K: |
382 |
+@@ -1056,12 +1073,16 @@ jmp_cmp: |
383 |
+ break; |
384 |
+ case BPF_RET | BPF_A: |
385 |
+ ctx->flags |= SEEN_A; |
386 |
+- if (i != prog->len - 1) |
387 |
++ if (i != prog->len - 1) { |
388 |
+ /* |
389 |
+ * If this is not the last instruction |
390 |
+ * then jump to the epilogue |
391 |
+ */ |
392 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
393 |
++ b_off = b_imm(prog->len, ctx); |
394 |
++ if (is_bad_offset(b_off)) |
395 |
++ return -E2BIG; |
396 |
++ emit_b(b_off, ctx); |
397 |
++ } |
398 |
+ emit_reg_move(r_ret, r_A, ctx); /* delay slot */ |
399 |
+ break; |
400 |
+ case BPF_RET | BPF_K: |
401 |
+@@ -1075,7 +1096,10 @@ jmp_cmp: |
402 |
+ * If this is not the last instruction |
403 |
+ * then jump to the epilogue |
404 |
+ */ |
405 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
406 |
++ b_off = b_imm(prog->len, ctx); |
407 |
++ if (is_bad_offset(b_off)) |
408 |
++ return -E2BIG; |
409 |
++ emit_b(b_off, ctx); |
410 |
+ emit_nop(ctx); |
411 |
+ } |
412 |
+ break; |
413 |
+@@ -1133,8 +1157,10 @@ jmp_cmp: |
414 |
+ /* Load *dev pointer */ |
415 |
+ emit_load_ptr(r_s0, r_skb, off, ctx); |
416 |
+ /* error (0) in the delay slot */ |
417 |
+- emit_bcond(MIPS_COND_EQ, r_s0, r_zero, |
418 |
+- b_imm(prog->len, ctx), ctx); |
419 |
++ b_off = b_imm(prog->len, ctx); |
420 |
++ if (is_bad_offset(b_off)) |
421 |
++ return -E2BIG; |
422 |
++ emit_bcond(MIPS_COND_EQ, r_s0, r_zero, b_off, ctx); |
423 |
+ emit_reg_move(r_ret, r_zero, ctx); |
424 |
+ if (code == (BPF_ANC | SKF_AD_IFINDEX)) { |
425 |
+ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); |
426 |
+@@ -1244,7 +1270,10 @@ void bpf_jit_compile(struct bpf_prog *fp) |
427 |
+ |
428 |
+ /* Generate the actual JIT code */ |
429 |
+ build_prologue(&ctx); |
430 |
+- build_body(&ctx); |
431 |
++ if (build_body(&ctx)) { |
432 |
++ module_memfree(ctx.target); |
433 |
++ goto out; |
434 |
++ } |
435 |
+ build_epilogue(&ctx); |
436 |
+ |
437 |
+ /* Update the icache */ |
438 |
+diff --git a/arch/powerpc/boot/dts/fsl/t1023rdb.dts b/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
439 |
+index 5ba6fbfca2742..f82f85c65964c 100644 |
440 |
+--- a/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
441 |
++++ b/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
442 |
+@@ -154,7 +154,7 @@ |
443 |
+ |
444 |
+ fm1mac3: ethernet@e4000 { |
445 |
+ phy-handle = <&sgmii_aqr_phy3>; |
446 |
+- phy-connection-type = "sgmii-2500"; |
447 |
++ phy-connection-type = "2500base-x"; |
448 |
+ sleep = <&rcpm 0x20000000>; |
449 |
+ }; |
450 |
+ |
451 |
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c |
452 |
+index c1f7b3cb84a9b..39c298afa2eaa 100644 |
453 |
+--- a/arch/x86/events/core.c |
454 |
++++ b/arch/x86/events/core.c |
455 |
+@@ -2094,6 +2094,7 @@ static int x86_pmu_event_init(struct perf_event *event) |
456 |
+ if (err) { |
457 |
+ if (event->destroy) |
458 |
+ event->destroy(event); |
459 |
++ event->destroy = NULL; |
460 |
+ } |
461 |
+ |
462 |
+ if (ACCESS_ONCE(x86_pmu.attr_rdpmc)) |
463 |
+diff --git a/arch/xtensa/kernel/irq.c b/arch/xtensa/kernel/irq.c |
464 |
+index 18e4ef34ac455..4182189b29de7 100644 |
465 |
+--- a/arch/xtensa/kernel/irq.c |
466 |
++++ b/arch/xtensa/kernel/irq.c |
467 |
+@@ -145,7 +145,7 @@ unsigned xtensa_get_ext_irq_no(unsigned irq) |
468 |
+ |
469 |
+ void __init init_IRQ(void) |
470 |
+ { |
471 |
+-#ifdef CONFIG_OF |
472 |
++#ifdef CONFIG_USE_OF |
473 |
+ irqchip_init(); |
474 |
+ #else |
475 |
+ #ifdef CONFIG_HAVE_SMP |
476 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_debugfs.c b/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
477 |
+index 4561a786fab07..cce4833a60832 100644 |
478 |
+--- a/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
479 |
++++ b/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
480 |
+@@ -185,6 +185,7 @@ static const struct file_operations nouveau_pstate_fops = { |
481 |
+ .open = nouveau_debugfs_pstate_open, |
482 |
+ .read = seq_read, |
483 |
+ .write = nouveau_debugfs_pstate_set, |
484 |
++ .release = single_release, |
485 |
+ }; |
486 |
+ |
487 |
+ static struct drm_info_list nouveau_debugfs_list[] = { |
488 |
+diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c |
489 |
+index b58ab769aa7b3..4e3dd3f55a963 100644 |
490 |
+--- a/drivers/hid/hid-apple.c |
491 |
++++ b/drivers/hid/hid-apple.c |
492 |
+@@ -304,12 +304,19 @@ static int apple_event(struct hid_device *hdev, struct hid_field *field, |
493 |
+ |
494 |
+ /* |
495 |
+ * MacBook JIS keyboard has wrong logical maximum |
496 |
++ * Magic Keyboard JIS has wrong logical maximum |
497 |
+ */ |
498 |
+ static __u8 *apple_report_fixup(struct hid_device *hdev, __u8 *rdesc, |
499 |
+ unsigned int *rsize) |
500 |
+ { |
501 |
+ struct apple_sc *asc = hid_get_drvdata(hdev); |
502 |
+ |
503 |
++ if(*rsize >=71 && rdesc[70] == 0x65 && rdesc[64] == 0x65) { |
504 |
++ hid_info(hdev, |
505 |
++ "fixing up Magic Keyboard JIS report descriptor\n"); |
506 |
++ rdesc[64] = rdesc[70] = 0xe7; |
507 |
++ } |
508 |
++ |
509 |
+ if ((asc->quirks & APPLE_RDESC_JIS) && *rsize >= 60 && |
510 |
+ rdesc[53] == 0x65 && rdesc[59] == 0x65) { |
511 |
+ hid_info(hdev, |
512 |
+diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c |
513 |
+index 52ae674ebf5bf..6f42856c15079 100644 |
514 |
+--- a/drivers/i2c/i2c-core-acpi.c |
515 |
++++ b/drivers/i2c/i2c-core-acpi.c |
516 |
+@@ -395,6 +395,7 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, |
517 |
+ break; |
518 |
+ |
519 |
+ i2c_acpi_register_device(adapter, adev, &info); |
520 |
++ put_device(&adapter->dev); |
521 |
+ break; |
522 |
+ case ACPI_RECONFIG_DEVICE_REMOVE: |
523 |
+ if (!acpi_device_enumerated(adev)) |
524 |
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c |
525 |
+index 65c17e39c405f..1555d32ddb962 100644 |
526 |
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c |
527 |
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c |
528 |
+@@ -6958,7 +6958,7 @@ static int i40e_get_capabilities(struct i40e_pf *pf) |
529 |
+ if (pf->hw.aq.asq_last_status == I40E_AQ_RC_ENOMEM) { |
530 |
+ /* retry with a larger buffer */ |
531 |
+ buf_len = data_size; |
532 |
+- } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK) { |
533 |
++ } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK || err) { |
534 |
+ dev_info(&pf->pdev->dev, |
535 |
+ "capability discovery failed, err %s aq_err %s\n", |
536 |
+ i40e_stat_str(&pf->hw, err), |
537 |
+diff --git a/drivers/net/ethernet/sun/Kconfig b/drivers/net/ethernet/sun/Kconfig |
538 |
+index b2caf5132bd2b..eea4179e63eb1 100644 |
539 |
+--- a/drivers/net/ethernet/sun/Kconfig |
540 |
++++ b/drivers/net/ethernet/sun/Kconfig |
541 |
+@@ -72,6 +72,7 @@ config CASSINI |
542 |
+ config SUNVNET_COMMON |
543 |
+ tristate "Common routines to support Sun Virtual Networking" |
544 |
+ depends on SUN_LDOMS |
545 |
++ depends on INET |
546 |
+ default m |
547 |
+ |
548 |
+ config SUNVNET |
549 |
+diff --git a/drivers/net/phy/bcm7xxx.c b/drivers/net/phy/bcm7xxx.c |
550 |
+index 3c5b2a2e2fcc3..11f5a7116adbd 100644 |
551 |
+--- a/drivers/net/phy/bcm7xxx.c |
552 |
++++ b/drivers/net/phy/bcm7xxx.c |
553 |
+@@ -30,7 +30,12 @@ |
554 |
+ #define MII_BCM7XXX_SHD_2_ADDR_CTRL 0xe |
555 |
+ #define MII_BCM7XXX_SHD_2_CTRL_STAT 0xf |
556 |
+ #define MII_BCM7XXX_SHD_2_BIAS_TRIM 0x1a |
557 |
++#define MII_BCM7XXX_SHD_3_PCS_CTRL 0x0 |
558 |
++#define MII_BCM7XXX_SHD_3_PCS_STATUS 0x1 |
559 |
++#define MII_BCM7XXX_SHD_3_EEE_CAP 0x2 |
560 |
+ #define MII_BCM7XXX_SHD_3_AN_EEE_ADV 0x3 |
561 |
++#define MII_BCM7XXX_SHD_3_EEE_LP 0x4 |
562 |
++#define MII_BCM7XXX_SHD_3_EEE_WK_ERR 0x5 |
563 |
+ #define MII_BCM7XXX_SHD_3_PCS_CTRL_2 0x6 |
564 |
+ #define MII_BCM7XXX_PCS_CTRL_2_DEF 0x4400 |
565 |
+ #define MII_BCM7XXX_SHD_3_AN_STAT 0xb |
566 |
+@@ -462,6 +467,93 @@ static int bcm7xxx_28nm_ephy_config_init(struct phy_device *phydev) |
567 |
+ return bcm7xxx_28nm_ephy_apd_enable(phydev); |
568 |
+ } |
569 |
+ |
570 |
++#define MII_BCM7XXX_REG_INVALID 0xff |
571 |
++ |
572 |
++static u8 bcm7xxx_28nm_ephy_regnum_to_shd(u16 regnum) |
573 |
++{ |
574 |
++ switch (regnum) { |
575 |
++ case MDIO_CTRL1: |
576 |
++ return MII_BCM7XXX_SHD_3_PCS_CTRL; |
577 |
++ case MDIO_STAT1: |
578 |
++ return MII_BCM7XXX_SHD_3_PCS_STATUS; |
579 |
++ case MDIO_PCS_EEE_ABLE: |
580 |
++ return MII_BCM7XXX_SHD_3_EEE_CAP; |
581 |
++ case MDIO_AN_EEE_ADV: |
582 |
++ return MII_BCM7XXX_SHD_3_AN_EEE_ADV; |
583 |
++ case MDIO_AN_EEE_LPABLE: |
584 |
++ return MII_BCM7XXX_SHD_3_EEE_LP; |
585 |
++ case MDIO_PCS_EEE_WK_ERR: |
586 |
++ return MII_BCM7XXX_SHD_3_EEE_WK_ERR; |
587 |
++ default: |
588 |
++ return MII_BCM7XXX_REG_INVALID; |
589 |
++ } |
590 |
++} |
591 |
++ |
592 |
++static bool bcm7xxx_28nm_ephy_dev_valid(int devnum) |
593 |
++{ |
594 |
++ return devnum == MDIO_MMD_AN || devnum == MDIO_MMD_PCS; |
595 |
++} |
596 |
++ |
597 |
++static int bcm7xxx_28nm_ephy_read_mmd(struct phy_device *phydev, |
598 |
++ int devnum, u16 regnum) |
599 |
++{ |
600 |
++ u8 shd = bcm7xxx_28nm_ephy_regnum_to_shd(regnum); |
601 |
++ int ret; |
602 |
++ |
603 |
++ if (!bcm7xxx_28nm_ephy_dev_valid(devnum) || |
604 |
++ shd == MII_BCM7XXX_REG_INVALID) |
605 |
++ return -EOPNOTSUPP; |
606 |
++ |
607 |
++ /* set shadow mode 2 */ |
608 |
++ ret = phy_set_clr_bits(phydev, MII_BCM7XXX_TEST, |
609 |
++ MII_BCM7XXX_SHD_MODE_2, 0); |
610 |
++ if (ret < 0) |
611 |
++ return ret; |
612 |
++ |
613 |
++ /* Access the desired shadow register address */ |
614 |
++ ret = phy_write(phydev, MII_BCM7XXX_SHD_2_ADDR_CTRL, shd); |
615 |
++ if (ret < 0) |
616 |
++ goto reset_shadow_mode; |
617 |
++ |
618 |
++ ret = phy_read(phydev, MII_BCM7XXX_SHD_2_CTRL_STAT); |
619 |
++ |
620 |
++reset_shadow_mode: |
621 |
++ /* reset shadow mode 2 */ |
622 |
++ phy_set_clr_bits(phydev, MII_BCM7XXX_TEST, 0, |
623 |
++ MII_BCM7XXX_SHD_MODE_2); |
624 |
++ return ret; |
625 |
++} |
626 |
++ |
627 |
++static int bcm7xxx_28nm_ephy_write_mmd(struct phy_device *phydev, |
628 |
++ int devnum, u16 regnum, u16 val) |
629 |
++{ |
630 |
++ u8 shd = bcm7xxx_28nm_ephy_regnum_to_shd(regnum); |
631 |
++ int ret; |
632 |
++ |
633 |
++ if (!bcm7xxx_28nm_ephy_dev_valid(devnum) || |
634 |
++ shd == MII_BCM7XXX_REG_INVALID) |
635 |
++ return -EOPNOTSUPP; |
636 |
++ |
637 |
++ /* set shadow mode 2 */ |
638 |
++ ret = phy_set_clr_bits(phydev, MII_BCM7XXX_TEST, |
639 |
++ MII_BCM7XXX_SHD_MODE_2, 0); |
640 |
++ if (ret < 0) |
641 |
++ return ret; |
642 |
++ |
643 |
++ /* Access the desired shadow register address */ |
644 |
++ ret = phy_write(phydev, MII_BCM7XXX_SHD_2_ADDR_CTRL, shd); |
645 |
++ if (ret < 0) |
646 |
++ goto reset_shadow_mode; |
647 |
++ |
648 |
++ /* Write the desired value in the shadow register */ |
649 |
++ phy_write(phydev, MII_BCM7XXX_SHD_2_CTRL_STAT, val); |
650 |
++ |
651 |
++reset_shadow_mode: |
652 |
++ /* reset shadow mode 2 */ |
653 |
++ return phy_set_clr_bits(phydev, MII_BCM7XXX_TEST, 0, |
654 |
++ MII_BCM7XXX_SHD_MODE_2); |
655 |
++} |
656 |
++ |
657 |
+ static int bcm7xxx_28nm_ephy_resume(struct phy_device *phydev) |
658 |
+ { |
659 |
+ int ret; |
660 |
+@@ -637,6 +729,8 @@ static int bcm7xxx_28nm_probe(struct phy_device *phydev) |
661 |
+ .get_strings = bcm_phy_get_strings, \ |
662 |
+ .get_stats = bcm7xxx_28nm_get_phy_stats, \ |
663 |
+ .probe = bcm7xxx_28nm_probe, \ |
664 |
++ .read_mmd = bcm7xxx_28nm_ephy_read_mmd, \ |
665 |
++ .write_mmd = bcm7xxx_28nm_ephy_write_mmd, \ |
666 |
+ } |
667 |
+ |
668 |
+ #define BCM7XXX_40NM_EPHY(_oui, _name) \ |
669 |
+diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c |
670 |
+index 5fc7b6c1a4420..5ef9bbbab3dbb 100644 |
671 |
+--- a/drivers/net/phy/mdio_bus.c |
672 |
++++ b/drivers/net/phy/mdio_bus.c |
673 |
+@@ -344,6 +344,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner) |
674 |
+ bus->dev.groups = NULL; |
675 |
+ dev_set_name(&bus->dev, "%s", bus->id); |
676 |
+ |
677 |
++ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release |
678 |
++ * the device in mdiobus_free() |
679 |
++ * |
680 |
++ * State will be updated later in this function in case of success |
681 |
++ */ |
682 |
++ bus->state = MDIOBUS_UNREGISTERED; |
683 |
++ |
684 |
+ err = device_register(&bus->dev); |
685 |
+ if (err) { |
686 |
+ pr_err("mii_bus %s failed to register\n", bus->id); |
687 |
+diff --git a/drivers/ptp/ptp_pch.c b/drivers/ptp/ptp_pch.c |
688 |
+index b3285175f20f0..8461d7f92d313 100644 |
689 |
+--- a/drivers/ptp/ptp_pch.c |
690 |
++++ b/drivers/ptp/ptp_pch.c |
691 |
+@@ -698,6 +698,7 @@ static const struct pci_device_id pch_ieee1588_pcidev_id[] = { |
692 |
+ }, |
693 |
+ {0} |
694 |
+ }; |
695 |
++MODULE_DEVICE_TABLE(pci, pch_ieee1588_pcidev_id); |
696 |
+ |
697 |
+ static struct pci_driver pch_driver = { |
698 |
+ .name = KBUILD_MODNAME, |
699 |
+diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c |
700 |
+index 4b993607887cf..84b234bbd07db 100644 |
701 |
+--- a/drivers/scsi/ses.c |
702 |
++++ b/drivers/scsi/ses.c |
703 |
+@@ -134,7 +134,7 @@ static int ses_recv_diag(struct scsi_device *sdev, int page_code, |
704 |
+ static int ses_send_diag(struct scsi_device *sdev, int page_code, |
705 |
+ void *buf, int bufflen) |
706 |
+ { |
707 |
+- u32 result; |
708 |
++ int result; |
709 |
+ |
710 |
+ unsigned char cmd[] = { |
711 |
+ SEND_DIAGNOSTIC, |
712 |
+diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c |
713 |
+index 1f4bd7d0154d4..2839701ffab5e 100644 |
714 |
+--- a/drivers/scsi/virtio_scsi.c |
715 |
++++ b/drivers/scsi/virtio_scsi.c |
716 |
+@@ -336,7 +336,7 @@ static void virtscsi_handle_transport_reset(struct virtio_scsi *vscsi, |
717 |
+ } |
718 |
+ break; |
719 |
+ default: |
720 |
+- pr_info("Unsupport virtio scsi event reason %x\n", event->reason); |
721 |
++ pr_info("Unsupported virtio scsi event reason %x\n", event->reason); |
722 |
+ } |
723 |
+ } |
724 |
+ |
725 |
+@@ -389,7 +389,7 @@ static void virtscsi_handle_event(struct work_struct *work) |
726 |
+ virtscsi_handle_param_change(vscsi, event); |
727 |
+ break; |
728 |
+ default: |
729 |
+- pr_err("Unsupport virtio scsi event %x\n", event->event); |
730 |
++ pr_err("Unsupported virtio scsi event %x\n", event->event); |
731 |
+ } |
732 |
+ virtscsi_kick_event(vscsi, event_node); |
733 |
+ } |
734 |
+diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig |
735 |
+index 72eb3e41e3b65..5923ebcffcdf2 100644 |
736 |
+--- a/drivers/usb/Kconfig |
737 |
++++ b/drivers/usb/Kconfig |
738 |
+@@ -174,8 +174,7 @@ source "drivers/usb/typec/Kconfig" |
739 |
+ |
740 |
+ config USB_LED_TRIG |
741 |
+ bool "USB LED Triggers" |
742 |
+- depends on LEDS_CLASS && LEDS_TRIGGERS |
743 |
+- select USB_COMMON |
744 |
++ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS |
745 |
+ help |
746 |
+ This option adds LED triggers for USB host and/or gadget activity. |
747 |
+ |
748 |
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c |
749 |
+index bd9a11782e154..c653635ce5c20 100644 |
750 |
+--- a/drivers/usb/class/cdc-acm.c |
751 |
++++ b/drivers/usb/class/cdc-acm.c |
752 |
+@@ -351,6 +351,9 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) |
753 |
+ acm->iocount.overrun++; |
754 |
+ spin_unlock(&acm->read_lock); |
755 |
+ |
756 |
++ if (newctrl & ACM_CTRL_BRK) |
757 |
++ tty_flip_buffer_push(&acm->port); |
758 |
++ |
759 |
+ if (difference) |
760 |
+ wake_up_all(&acm->wioctl); |
761 |
+ |
762 |
+@@ -486,11 +489,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags) |
763 |
+ |
764 |
+ static void acm_process_read_urb(struct acm *acm, struct urb *urb) |
765 |
+ { |
766 |
++ unsigned long flags; |
767 |
++ |
768 |
+ if (!urb->actual_length) |
769 |
+ return; |
770 |
+ |
771 |
++ spin_lock_irqsave(&acm->read_lock, flags); |
772 |
+ tty_insert_flip_string(&acm->port, urb->transfer_buffer, |
773 |
+ urb->actual_length); |
774 |
++ spin_unlock_irqrestore(&acm->read_lock, flags); |
775 |
++ |
776 |
+ tty_flip_buffer_push(&acm->port); |
777 |
+ } |
778 |
+ |
779 |
+diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c |
780 |
+index a697c64a65067..92bb71c040f97 100644 |
781 |
+--- a/drivers/xen/balloon.c |
782 |
++++ b/drivers/xen/balloon.c |
783 |
+@@ -571,12 +571,12 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) |
784 |
+ } |
785 |
+ |
786 |
+ /* |
787 |
+- * Stop waiting if either state is not BP_EAGAIN and ballooning action is |
788 |
+- * needed, or if the credit has changed while state is BP_EAGAIN. |
789 |
++ * Stop waiting if either state is BP_DONE and ballooning action is |
790 |
++ * needed, or if the credit has changed while state is not BP_DONE. |
791 |
+ */ |
792 |
+ static bool balloon_thread_cond(enum bp_state state, long credit) |
793 |
+ { |
794 |
+- if (state != BP_EAGAIN) |
795 |
++ if (state == BP_DONE) |
796 |
+ credit = 0; |
797 |
+ |
798 |
+ return current_credit() != credit || kthread_should_stop(); |
799 |
+@@ -596,10 +596,19 @@ static int balloon_thread(void *unused) |
800 |
+ |
801 |
+ set_freezable(); |
802 |
+ for (;;) { |
803 |
+- if (state == BP_EAGAIN) |
804 |
+- timeout = balloon_stats.schedule_delay * HZ; |
805 |
+- else |
806 |
++ switch (state) { |
807 |
++ case BP_DONE: |
808 |
++ case BP_ECANCELED: |
809 |
+ timeout = 3600 * HZ; |
810 |
++ break; |
811 |
++ case BP_EAGAIN: |
812 |
++ timeout = balloon_stats.schedule_delay * HZ; |
813 |
++ break; |
814 |
++ case BP_WAIT: |
815 |
++ timeout = HZ; |
816 |
++ break; |
817 |
++ } |
818 |
++ |
819 |
+ credit = current_credit(); |
820 |
+ |
821 |
+ wait_event_freezable_timeout(balloon_thread_wq, |
822 |
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c |
823 |
+index c1e9233340120..2e7349b2dd4d4 100644 |
824 |
+--- a/fs/nfsd/nfs4xdr.c |
825 |
++++ b/fs/nfsd/nfs4xdr.c |
826 |
+@@ -3082,15 +3082,18 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
827 |
+ goto fail; |
828 |
+ cd->rd_maxcount -= entry_bytes; |
829 |
+ /* |
830 |
+- * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so |
831 |
+- * let's always let through the first entry, at least: |
832 |
++ * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and |
833 |
++ * notes that it could be zero. If it is zero, then the server |
834 |
++ * should enforce only the rd_maxcount value. |
835 |
+ */ |
836 |
+- if (!cd->rd_dircount) |
837 |
+- goto fail; |
838 |
+- name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; |
839 |
+- if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) |
840 |
+- goto fail; |
841 |
+- cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); |
842 |
++ if (cd->rd_dircount) { |
843 |
++ name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; |
844 |
++ if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) |
845 |
++ goto fail; |
846 |
++ cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); |
847 |
++ if (!cd->rd_dircount) |
848 |
++ cd->rd_maxcount = 0; |
849 |
++ } |
850 |
+ |
851 |
+ cd->cookie_offset = cookie_offset; |
852 |
+ skip_entry: |
853 |
+diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c |
854 |
+index 5bdc85ad13a2f..4869fa508616f 100644 |
855 |
+--- a/fs/overlayfs/dir.c |
856 |
++++ b/fs/overlayfs/dir.c |
857 |
+@@ -1032,9 +1032,13 @@ static int ovl_rename(struct inode *olddir, struct dentry *old, |
858 |
+ goto out_dput; |
859 |
+ } |
860 |
+ } else { |
861 |
+- if (!d_is_negative(newdentry) && |
862 |
+- (!new_opaque || !ovl_is_whiteout(newdentry))) |
863 |
+- goto out_dput; |
864 |
++ if (!d_is_negative(newdentry)) { |
865 |
++ if (!new_opaque || !ovl_is_whiteout(newdentry)) |
866 |
++ goto out_dput; |
867 |
++ } else { |
868 |
++ if (flags & RENAME_EXCHANGE) |
869 |
++ goto out_dput; |
870 |
++ } |
871 |
+ } |
872 |
+ |
873 |
+ if (olddentry == trap) |
874 |
+diff --git a/include/linux/sched.h b/include/linux/sched.h |
875 |
+index 99650f05c271a..914cc8b180eda 100644 |
876 |
+--- a/include/linux/sched.h |
877 |
++++ b/include/linux/sched.h |
878 |
+@@ -1390,7 +1390,7 @@ extern struct pid *cad_pid; |
879 |
+ #define tsk_used_math(p) ((p)->flags & PF_USED_MATH) |
880 |
+ #define used_math() tsk_used_math(current) |
881 |
+ |
882 |
+-static inline bool is_percpu_thread(void) |
883 |
++static __always_inline bool is_percpu_thread(void) |
884 |
+ { |
885 |
+ #ifdef CONFIG_SMP |
886 |
+ return (current->flags & PF_NO_SETAFFINITY) && |
887 |
+diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c |
888 |
+index 1d4c3fba0f8cd..099dc780a92f2 100644 |
889 |
+--- a/kernel/bpf/stackmap.c |
890 |
++++ b/kernel/bpf/stackmap.c |
891 |
+@@ -28,7 +28,8 @@ struct bpf_stack_map { |
892 |
+ |
893 |
+ static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) |
894 |
+ { |
895 |
+- u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size; |
896 |
++ u64 elem_size = sizeof(struct stack_map_bucket) + |
897 |
++ (u64)smap->map.value_size; |
898 |
+ int err; |
899 |
+ |
900 |
+ smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries, |
901 |
+diff --git a/lib/test_bpf.c b/lib/test_bpf.c |
902 |
+index 9a8f957ad86e9..724674c421ca7 100644 |
903 |
+--- a/lib/test_bpf.c |
904 |
++++ b/lib/test_bpf.c |
905 |
+@@ -355,6 +355,52 @@ static int bpf_fill_maxinsns11(struct bpf_test *self) |
906 |
+ return __bpf_fill_ja(self, BPF_MAXINSNS, 68); |
907 |
+ } |
908 |
+ |
909 |
++static int bpf_fill_maxinsns12(struct bpf_test *self) |
910 |
++{ |
911 |
++ unsigned int len = BPF_MAXINSNS; |
912 |
++ struct sock_filter *insn; |
913 |
++ int i = 0; |
914 |
++ |
915 |
++ insn = kmalloc_array(len, sizeof(*insn), GFP_KERNEL); |
916 |
++ if (!insn) |
917 |
++ return -ENOMEM; |
918 |
++ |
919 |
++ insn[0] = __BPF_JUMP(BPF_JMP | BPF_JA, len - 2, 0, 0); |
920 |
++ |
921 |
++ for (i = 1; i < len - 1; i++) |
922 |
++ insn[i] = __BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 0); |
923 |
++ |
924 |
++ insn[len - 1] = __BPF_STMT(BPF_RET | BPF_K, 0xabababab); |
925 |
++ |
926 |
++ self->u.ptr.insns = insn; |
927 |
++ self->u.ptr.len = len; |
928 |
++ |
929 |
++ return 0; |
930 |
++} |
931 |
++ |
932 |
++static int bpf_fill_maxinsns13(struct bpf_test *self) |
933 |
++{ |
934 |
++ unsigned int len = BPF_MAXINSNS; |
935 |
++ struct sock_filter *insn; |
936 |
++ int i = 0; |
937 |
++ |
938 |
++ insn = kmalloc_array(len, sizeof(*insn), GFP_KERNEL); |
939 |
++ if (!insn) |
940 |
++ return -ENOMEM; |
941 |
++ |
942 |
++ for (i = 0; i < len - 3; i++) |
943 |
++ insn[i] = __BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 0); |
944 |
++ |
945 |
++ insn[len - 3] = __BPF_STMT(BPF_LD | BPF_IMM, 0xabababab); |
946 |
++ insn[len - 2] = __BPF_STMT(BPF_ALU | BPF_XOR | BPF_X, 0); |
947 |
++ insn[len - 1] = __BPF_STMT(BPF_RET | BPF_A, 0); |
948 |
++ |
949 |
++ self->u.ptr.insns = insn; |
950 |
++ self->u.ptr.len = len; |
951 |
++ |
952 |
++ return 0; |
953 |
++} |
954 |
++ |
955 |
+ static int bpf_fill_ja(struct bpf_test *self) |
956 |
+ { |
957 |
+ /* Hits exactly 11 passes on x86_64 JIT. */ |
958 |
+@@ -5437,6 +5483,23 @@ static struct bpf_test tests[] = { |
959 |
+ .fill_helper = bpf_fill_maxinsns11, |
960 |
+ .expected_errcode = -ENOTSUPP, |
961 |
+ }, |
962 |
++ { |
963 |
++ "BPF_MAXINSNS: jump over MSH", |
964 |
++ { }, |
965 |
++ CLASSIC | FLAG_EXPECTED_FAIL, |
966 |
++ { 0xfa, 0xfb, 0xfc, 0xfd, }, |
967 |
++ { { 4, 0xabababab } }, |
968 |
++ .fill_helper = bpf_fill_maxinsns12, |
969 |
++ .expected_errcode = -EINVAL, |
970 |
++ }, |
971 |
++ { |
972 |
++ "BPF_MAXINSNS: exec all MSH", |
973 |
++ { }, |
974 |
++ CLASSIC, |
975 |
++ { 0xfa, 0xfb, 0xfc, 0xfd, }, |
976 |
++ { { 4, 0xababab83 } }, |
977 |
++ .fill_helper = bpf_fill_maxinsns13, |
978 |
++ }, |
979 |
+ { |
980 |
+ "BPF_MAXINSNS: ld_abs+get_processor_id", |
981 |
+ { }, |
982 |
+diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c |
983 |
+index 08190db0a2dca..79e306ec1416c 100644 |
984 |
+--- a/net/bridge/br_netlink.c |
985 |
++++ b/net/bridge/br_netlink.c |
986 |
+@@ -1437,7 +1437,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr) |
987 |
+ } |
988 |
+ |
989 |
+ return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) + |
990 |
+- nla_total_size(sizeof(struct br_mcast_stats)) + |
991 |
++ nla_total_size_64bit(sizeof(struct br_mcast_stats)) + |
992 |
+ nla_total_size(0); |
993 |
+ } |
994 |
+ |
995 |
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
996 |
+index 3bcaecc7ba69f..d7e2cb7ae1fa4 100644 |
997 |
+--- a/net/core/rtnetlink.c |
998 |
++++ b/net/core/rtnetlink.c |
999 |
+@@ -4053,7 +4053,7 @@ nla_put_failure: |
1000 |
+ static size_t if_nlmsg_stats_size(const struct net_device *dev, |
1001 |
+ u32 filter_mask) |
1002 |
+ { |
1003 |
+- size_t size = 0; |
1004 |
++ size_t size = NLMSG_ALIGN(sizeof(struct if_stats_msg)); |
1005 |
+ |
1006 |
+ if (stats_attr_valid(filter_mask, IFLA_STATS_LINK_64, 0)) |
1007 |
+ size += nla_total_size_64bit(sizeof(struct rtnl_link_stats64)); |
1008 |
+diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c |
1009 |
+index d0d5e43727307..93f4441547289 100644 |
1010 |
+--- a/net/ipv6/netfilter/ip6_tables.c |
1011 |
++++ b/net/ipv6/netfilter/ip6_tables.c |
1012 |
+@@ -275,6 +275,7 @@ ip6t_do_table(struct sk_buff *skb, |
1013 |
+ * things we don't know, ie. tcp syn flag or ports). If the |
1014 |
+ * rule is also a fragment-specific rule, non-fragments won't |
1015 |
+ * match it. */ |
1016 |
++ acpar.fragoff = 0; |
1017 |
+ acpar.hotdrop = false; |
1018 |
+ acpar.state = state; |
1019 |
+ |
1020 |
+diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c |
1021 |
+index 87926c6fe0bf4..cbe1177d95f9e 100644 |
1022 |
+--- a/net/mac80211/rx.c |
1023 |
++++ b/net/mac80211/rx.c |
1024 |
+@@ -3714,7 +3714,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx) |
1025 |
+ if (!bssid) |
1026 |
+ return false; |
1027 |
+ if (ether_addr_equal(sdata->vif.addr, hdr->addr2) || |
1028 |
+- ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2)) |
1029 |
++ ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2) || |
1030 |
++ !is_valid_ether_addr(hdr->addr2)) |
1031 |
+ return false; |
1032 |
+ if (ieee80211_is_beacon(hdr->frame_control)) |
1033 |
+ return true; |
1034 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
1035 |
+index 955041c547025..d1fd9f7c867ef 100644 |
1036 |
+--- a/net/netlink/af_netlink.c |
1037 |
++++ b/net/netlink/af_netlink.c |
1038 |
+@@ -567,7 +567,10 @@ static int netlink_insert(struct sock *sk, u32 portid) |
1039 |
+ |
1040 |
+ /* We need to ensure that the socket is hashed and visible. */ |
1041 |
+ smp_wmb(); |
1042 |
+- nlk_sk(sk)->bound = portid; |
1043 |
++ /* Paired with lockless reads from netlink_bind(), |
1044 |
++ * netlink_connect() and netlink_sendmsg(). |
1045 |
++ */ |
1046 |
++ WRITE_ONCE(nlk_sk(sk)->bound, portid); |
1047 |
+ |
1048 |
+ err: |
1049 |
+ release_sock(sk); |
1050 |
+@@ -986,7 +989,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, |
1051 |
+ else if (nlk->ngroups < 8*sizeof(groups)) |
1052 |
+ groups &= (1UL << nlk->ngroups) - 1; |
1053 |
+ |
1054 |
+- bound = nlk->bound; |
1055 |
++ /* Paired with WRITE_ONCE() in netlink_insert() */ |
1056 |
++ bound = READ_ONCE(nlk->bound); |
1057 |
+ if (bound) { |
1058 |
+ /* Ensure nlk->portid is up-to-date. */ |
1059 |
+ smp_rmb(); |
1060 |
+@@ -1072,8 +1076,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, |
1061 |
+ |
1062 |
+ /* No need for barriers here as we return to user-space without |
1063 |
+ * using any of the bound attributes. |
1064 |
++ * Paired with WRITE_ONCE() in netlink_insert(). |
1065 |
+ */ |
1066 |
+- if (!nlk->bound) |
1067 |
++ if (!READ_ONCE(nlk->bound)) |
1068 |
+ err = netlink_autobind(sock); |
1069 |
+ |
1070 |
+ if (err == 0) { |
1071 |
+@@ -1839,7 +1844,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) |
1072 |
+ dst_group = nlk->dst_group; |
1073 |
+ } |
1074 |
+ |
1075 |
+- if (!nlk->bound) { |
1076 |
++ /* Paired with WRITE_ONCE() in netlink_insert() */ |
1077 |
++ if (!READ_ONCE(nlk->bound)) { |
1078 |
+ err = netlink_autobind(sock); |
1079 |
+ if (err) |
1080 |
+ goto out; |
1081 |
+diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c |
1082 |
+index 1e37247656f80..8b7110cbcce4c 100644 |
1083 |
+--- a/net/sched/sch_fifo.c |
1084 |
++++ b/net/sched/sch_fifo.c |
1085 |
+@@ -151,6 +151,9 @@ int fifo_set_limit(struct Qdisc *q, unsigned int limit) |
1086 |
+ if (strncmp(q->ops->id + 1, "fifo", 4) != 0) |
1087 |
+ return 0; |
1088 |
+ |
1089 |
++ if (!q->ops->change) |
1090 |
++ return 0; |
1091 |
++ |
1092 |
+ nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL); |
1093 |
+ if (nla) { |
1094 |
+ nla->nla_type = RTM_NEWQDISC; |