1 |
commit: 92fb566de11ac6624545feff2c5ffe8a51627926 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Aug 31 15:39:12 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 31 15:39:12 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=92fb566d |
7 |
|
8 |
Linux patch 5.10.140 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1139_linux-5.10.140.patch | 3424 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 3428 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 2f48b8ae..f5306e89 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -599,6 +599,10 @@ Patch: 1138_linux-5.10.139.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 5.10.139 |
23 |
|
24 |
+Patch: 1139_linux-5.10.140.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 5.10.140 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1139_linux-5.10.140.patch b/1139_linux-5.10.140.patch |
33 |
new file mode 100644 |
34 |
index 00000000..d204d073 |
35 |
--- /dev/null |
36 |
+++ b/1139_linux-5.10.140.patch |
37 |
@@ -0,0 +1,3424 @@ |
38 |
+diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu |
39 |
+index 44c6e57303988..500d5d8937cbb 100644 |
40 |
+--- a/Documentation/ABI/testing/sysfs-devices-system-cpu |
41 |
++++ b/Documentation/ABI/testing/sysfs-devices-system-cpu |
42 |
+@@ -511,6 +511,7 @@ What: /sys/devices/system/cpu/vulnerabilities |
43 |
+ /sys/devices/system/cpu/vulnerabilities/tsx_async_abort |
44 |
+ /sys/devices/system/cpu/vulnerabilities/itlb_multihit |
45 |
+ /sys/devices/system/cpu/vulnerabilities/mmio_stale_data |
46 |
++ /sys/devices/system/cpu/vulnerabilities/retbleed |
47 |
+ Date: January 2018 |
48 |
+ Contact: Linux kernel mailing list <linux-kernel@×××××××××××.org> |
49 |
+ Description: Information about CPU vulnerabilities |
50 |
+diff --git a/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst b/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst |
51 |
+index 9393c50b5afc9..c98fd11907cc8 100644 |
52 |
+--- a/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst |
53 |
++++ b/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst |
54 |
+@@ -230,6 +230,20 @@ The possible values in this file are: |
55 |
+ * - 'Mitigation: Clear CPU buffers' |
56 |
+ - The processor is vulnerable and the CPU buffer clearing mitigation is |
57 |
+ enabled. |
58 |
++ * - 'Unknown: No mitigations' |
59 |
++ - The processor vulnerability status is unknown because it is |
60 |
++ out of Servicing period. Mitigation is not attempted. |
61 |
++ |
62 |
++Definitions: |
63 |
++------------ |
64 |
++ |
65 |
++Servicing period: The process of providing functional and security updates to |
66 |
++Intel processors or platforms, utilizing the Intel Platform Update (IPU) |
67 |
++process or other similar mechanisms. |
68 |
++ |
69 |
++End of Servicing Updates (ESU): ESU is the date at which Intel will no |
70 |
++longer provide Servicing, such as through IPU or other similar update |
71 |
++processes. ESU dates will typically be aligned to end of quarter. |
72 |
+ |
73 |
+ If the processor is vulnerable then the following information is appended to |
74 |
+ the above information: |
75 |
+diff --git a/Documentation/admin-guide/sysctl/net.rst b/Documentation/admin-guide/sysctl/net.rst |
76 |
+index f2ab8a5b6a4b8..7f553859dba82 100644 |
77 |
+--- a/Documentation/admin-guide/sysctl/net.rst |
78 |
++++ b/Documentation/admin-guide/sysctl/net.rst |
79 |
+@@ -271,7 +271,7 @@ poll cycle or the number of packets processed reaches netdev_budget. |
80 |
+ netdev_max_backlog |
81 |
+ ------------------ |
82 |
+ |
83 |
+-Maximum number of packets, queued on the INPUT side, when the interface |
84 |
++Maximum number of packets, queued on the INPUT side, when the interface |
85 |
+ receives packets faster than kernel can process them. |
86 |
+ |
87 |
+ netdev_rss_key |
88 |
+diff --git a/Makefile b/Makefile |
89 |
+index 48140575f960b..a80179d2c0057 100644 |
90 |
+--- a/Makefile |
91 |
++++ b/Makefile |
92 |
+@@ -1,7 +1,7 @@ |
93 |
+ # SPDX-License-Identifier: GPL-2.0 |
94 |
+ VERSION = 5 |
95 |
+ PATCHLEVEL = 10 |
96 |
+-SUBLEVEL = 139 |
97 |
++SUBLEVEL = 140 |
98 |
+ EXTRAVERSION = |
99 |
+ NAME = Dare mighty things |
100 |
+ |
101 |
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c |
102 |
+index ca42d58e8c821..78263dadd00da 100644 |
103 |
+--- a/arch/arm64/kernel/cpu_errata.c |
104 |
++++ b/arch/arm64/kernel/cpu_errata.c |
105 |
+@@ -220,6 +220,8 @@ static const struct arm64_cpu_capabilities arm64_repeat_tlbi_list[] = { |
106 |
+ #ifdef CONFIG_ARM64_ERRATUM_1286807 |
107 |
+ { |
108 |
+ ERRATA_MIDR_RANGE(MIDR_CORTEX_A76, 0, 0, 3, 0), |
109 |
++ }, |
110 |
++ { |
111 |
+ /* Kryo4xx Gold (rcpe to rfpe) => (r0p0 to r3p0) */ |
112 |
+ ERRATA_MIDR_RANGE(MIDR_QCOM_KRYO_4XX_GOLD, 0xc, 0xe, 0xf, 0xe), |
113 |
+ }, |
114 |
+diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c |
115 |
+index 286cec4d86d7b..cc6ed74960501 100644 |
116 |
+--- a/arch/parisc/kernel/unaligned.c |
117 |
++++ b/arch/parisc/kernel/unaligned.c |
118 |
+@@ -107,7 +107,7 @@ |
119 |
+ #define R1(i) (((i)>>21)&0x1f) |
120 |
+ #define R2(i) (((i)>>16)&0x1f) |
121 |
+ #define R3(i) ((i)&0x1f) |
122 |
+-#define FR3(i) ((((i)<<1)&0x1f)|(((i)>>6)&1)) |
123 |
++#define FR3(i) ((((i)&0x1f)<<1)|(((i)>>6)&1)) |
124 |
+ #define IM(i,n) (((i)>>1&((1<<(n-1))-1))|((i)&1?((0-1L)<<(n-1)):0)) |
125 |
+ #define IM5_2(i) IM((i)>>16,5) |
126 |
+ #define IM5_3(i) IM((i),5) |
127 |
+diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c |
128 |
+index ec801d3bbb37a..137a170f47d4f 100644 |
129 |
+--- a/arch/s390/kernel/process.c |
130 |
++++ b/arch/s390/kernel/process.c |
131 |
+@@ -77,6 +77,18 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src) |
132 |
+ |
133 |
+ memcpy(dst, src, arch_task_struct_size); |
134 |
+ dst->thread.fpu.regs = dst->thread.fpu.fprs; |
135 |
++ |
136 |
++ /* |
137 |
++ * Don't transfer over the runtime instrumentation or the guarded |
138 |
++ * storage control block pointers. These fields are cleared here instead |
139 |
++ * of in copy_thread() to avoid premature freeing of associated memory |
140 |
++ * on fork() failure. Wait to clear the RI flag because ->stack still |
141 |
++ * refers to the source thread. |
142 |
++ */ |
143 |
++ dst->thread.ri_cb = NULL; |
144 |
++ dst->thread.gs_cb = NULL; |
145 |
++ dst->thread.gs_bc_cb = NULL; |
146 |
++ |
147 |
+ return 0; |
148 |
+ } |
149 |
+ |
150 |
+@@ -134,13 +146,11 @@ int copy_thread(unsigned long clone_flags, unsigned long new_stackp, |
151 |
+ frame->childregs.flags = 0; |
152 |
+ if (new_stackp) |
153 |
+ frame->childregs.gprs[15] = new_stackp; |
154 |
+- |
155 |
+- /* Don't copy runtime instrumentation info */ |
156 |
+- p->thread.ri_cb = NULL; |
157 |
++ /* |
158 |
++ * Clear the runtime instrumentation flag after the above childregs |
159 |
++ * copy. The CB pointer was already cleared in arch_dup_task_struct(). |
160 |
++ */ |
161 |
+ frame->childregs.psw.mask &= ~PSW_MASK_RI; |
162 |
+- /* Don't copy guarded storage control block */ |
163 |
+- p->thread.gs_cb = NULL; |
164 |
+- p->thread.gs_bc_cb = NULL; |
165 |
+ |
166 |
+ /* Set a new TLS ? */ |
167 |
+ if (clone_flags & CLONE_SETTLS) { |
168 |
+diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c |
169 |
+index bd8516e6c353c..42173a7be3bb4 100644 |
170 |
+--- a/arch/x86/events/intel/lbr.c |
171 |
++++ b/arch/x86/events/intel/lbr.c |
172 |
+@@ -1114,6 +1114,14 @@ static int intel_pmu_setup_hw_lbr_filter(struct perf_event *event) |
173 |
+ |
174 |
+ if (static_cpu_has(X86_FEATURE_ARCH_LBR)) { |
175 |
+ reg->config = mask; |
176 |
++ |
177 |
++ /* |
178 |
++ * The Arch LBR HW can retrieve the common branch types |
179 |
++ * from the LBR_INFO. It doesn't require the high overhead |
180 |
++ * SW disassemble. |
181 |
++ * Enable the branch type by default for the Arch LBR. |
182 |
++ */ |
183 |
++ reg->reg |= X86_BR_TYPE_SAVE; |
184 |
+ return 0; |
185 |
+ } |
186 |
+ |
187 |
+diff --git a/arch/x86/events/intel/uncore_snb.c b/arch/x86/events/intel/uncore_snb.c |
188 |
+index bbd1120ae1610..fa9289718147a 100644 |
189 |
+--- a/arch/x86/events/intel/uncore_snb.c |
190 |
++++ b/arch/x86/events/intel/uncore_snb.c |
191 |
+@@ -657,6 +657,22 @@ int snb_pci2phy_map_init(int devid) |
192 |
+ return 0; |
193 |
+ } |
194 |
+ |
195 |
++static u64 snb_uncore_imc_read_counter(struct intel_uncore_box *box, struct perf_event *event) |
196 |
++{ |
197 |
++ struct hw_perf_event *hwc = &event->hw; |
198 |
++ |
199 |
++ /* |
200 |
++ * SNB IMC counters are 32-bit and are laid out back to back |
201 |
++ * in MMIO space. Therefore we must use a 32-bit accessor function |
202 |
++ * using readq() from uncore_mmio_read_counter() causes problems |
203 |
++ * because it is reading 64-bit at a time. This is okay for the |
204 |
++ * uncore_perf_event_update() function because it drops the upper |
205 |
++ * 32-bits but not okay for plain uncore_read_counter() as invoked |
206 |
++ * in uncore_pmu_event_start(). |
207 |
++ */ |
208 |
++ return (u64)readl(box->io_addr + hwc->event_base); |
209 |
++} |
210 |
++ |
211 |
+ static struct pmu snb_uncore_imc_pmu = { |
212 |
+ .task_ctx_nr = perf_invalid_context, |
213 |
+ .event_init = snb_uncore_imc_event_init, |
214 |
+@@ -676,7 +692,7 @@ static struct intel_uncore_ops snb_uncore_imc_ops = { |
215 |
+ .disable_event = snb_uncore_imc_disable_event, |
216 |
+ .enable_event = snb_uncore_imc_enable_event, |
217 |
+ .hw_config = snb_uncore_imc_hw_config, |
218 |
+- .read_counter = uncore_mmio_read_counter, |
219 |
++ .read_counter = snb_uncore_imc_read_counter, |
220 |
+ }; |
221 |
+ |
222 |
+ static struct intel_uncore_type snb_uncore_imc = { |
223 |
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
224 |
+index 37ba0cdf99aa8..f507ad7c7fd7b 100644 |
225 |
+--- a/arch/x86/include/asm/cpufeatures.h |
226 |
++++ b/arch/x86/include/asm/cpufeatures.h |
227 |
+@@ -429,7 +429,8 @@ |
228 |
+ #define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */ |
229 |
+ #define X86_BUG_SRBDS X86_BUG(24) /* CPU may leak RNG bits if not mitigated */ |
230 |
+ #define X86_BUG_MMIO_STALE_DATA X86_BUG(25) /* CPU is affected by Processor MMIO Stale Data vulnerabilities */ |
231 |
+-#define X86_BUG_RETBLEED X86_BUG(26) /* CPU is affected by RETBleed */ |
232 |
+-#define X86_BUG_EIBRS_PBRSB X86_BUG(27) /* EIBRS is vulnerable to Post Barrier RSB Predictions */ |
233 |
++#define X86_BUG_MMIO_UNKNOWN X86_BUG(26) /* CPU is too old and its MMIO Stale Data status is unknown */ |
234 |
++#define X86_BUG_RETBLEED X86_BUG(27) /* CPU is affected by RETBleed */ |
235 |
++#define X86_BUG_EIBRS_PBRSB X86_BUG(28) /* EIBRS is vulnerable to Post Barrier RSB Predictions */ |
236 |
+ |
237 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |
238 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
239 |
+index aa4ee46f00ce5..a300a19255b66 100644 |
240 |
+--- a/arch/x86/kernel/cpu/bugs.c |
241 |
++++ b/arch/x86/kernel/cpu/bugs.c |
242 |
+@@ -424,7 +424,8 @@ static void __init mmio_select_mitigation(void) |
243 |
+ u64 ia32_cap; |
244 |
+ |
245 |
+ if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) || |
246 |
+- cpu_mitigations_off()) { |
247 |
++ boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) || |
248 |
++ cpu_mitigations_off()) { |
249 |
+ mmio_mitigation = MMIO_MITIGATION_OFF; |
250 |
+ return; |
251 |
+ } |
252 |
+@@ -529,6 +530,8 @@ out: |
253 |
+ pr_info("TAA: %s\n", taa_strings[taa_mitigation]); |
254 |
+ if (boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA)) |
255 |
+ pr_info("MMIO Stale Data: %s\n", mmio_strings[mmio_mitigation]); |
256 |
++ else if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) |
257 |
++ pr_info("MMIO Stale Data: Unknown: No mitigations\n"); |
258 |
+ } |
259 |
+ |
260 |
+ static void __init md_clear_select_mitigation(void) |
261 |
+@@ -2198,6 +2201,9 @@ static ssize_t tsx_async_abort_show_state(char *buf) |
262 |
+ |
263 |
+ static ssize_t mmio_stale_data_show_state(char *buf) |
264 |
+ { |
265 |
++ if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) |
266 |
++ return sysfs_emit(buf, "Unknown: No mitigations\n"); |
267 |
++ |
268 |
+ if (mmio_mitigation == MMIO_MITIGATION_OFF) |
269 |
+ return sysfs_emit(buf, "%s\n", mmio_strings[mmio_mitigation]); |
270 |
+ |
271 |
+@@ -2344,6 +2350,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr |
272 |
+ return srbds_show_state(buf); |
273 |
+ |
274 |
+ case X86_BUG_MMIO_STALE_DATA: |
275 |
++ case X86_BUG_MMIO_UNKNOWN: |
276 |
+ return mmio_stale_data_show_state(buf); |
277 |
+ |
278 |
+ case X86_BUG_RETBLEED: |
279 |
+@@ -2403,7 +2410,10 @@ ssize_t cpu_show_srbds(struct device *dev, struct device_attribute *attr, char * |
280 |
+ |
281 |
+ ssize_t cpu_show_mmio_stale_data(struct device *dev, struct device_attribute *attr, char *buf) |
282 |
+ { |
283 |
+- return cpu_show_common(dev, attr, buf, X86_BUG_MMIO_STALE_DATA); |
284 |
++ if (boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) |
285 |
++ return cpu_show_common(dev, attr, buf, X86_BUG_MMIO_UNKNOWN); |
286 |
++ else |
287 |
++ return cpu_show_common(dev, attr, buf, X86_BUG_MMIO_STALE_DATA); |
288 |
+ } |
289 |
+ |
290 |
+ ssize_t cpu_show_retbleed(struct device *dev, struct device_attribute *attr, char *buf) |
291 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
292 |
+index 9fc91482e85e3..56573241d0293 100644 |
293 |
+--- a/arch/x86/kernel/cpu/common.c |
294 |
++++ b/arch/x86/kernel/cpu/common.c |
295 |
+@@ -1024,7 +1024,8 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
296 |
+ #define NO_SWAPGS BIT(6) |
297 |
+ #define NO_ITLB_MULTIHIT BIT(7) |
298 |
+ #define NO_SPECTRE_V2 BIT(8) |
299 |
+-#define NO_EIBRS_PBRSB BIT(9) |
300 |
++#define NO_MMIO BIT(9) |
301 |
++#define NO_EIBRS_PBRSB BIT(10) |
302 |
+ |
303 |
+ #define VULNWL(vendor, family, model, whitelist) \ |
304 |
+ X86_MATCH_VENDOR_FAM_MODEL(vendor, family, model, whitelist) |
305 |
+@@ -1045,6 +1046,11 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
306 |
+ VULNWL(NSC, 5, X86_MODEL_ANY, NO_SPECULATION), |
307 |
+ |
308 |
+ /* Intel Family 6 */ |
309 |
++ VULNWL_INTEL(TIGERLAKE, NO_MMIO), |
310 |
++ VULNWL_INTEL(TIGERLAKE_L, NO_MMIO), |
311 |
++ VULNWL_INTEL(ALDERLAKE, NO_MMIO), |
312 |
++ VULNWL_INTEL(ALDERLAKE_L, NO_MMIO), |
313 |
++ |
314 |
+ VULNWL_INTEL(ATOM_SALTWELL, NO_SPECULATION | NO_ITLB_MULTIHIT), |
315 |
+ VULNWL_INTEL(ATOM_SALTWELL_TABLET, NO_SPECULATION | NO_ITLB_MULTIHIT), |
316 |
+ VULNWL_INTEL(ATOM_SALTWELL_MID, NO_SPECULATION | NO_ITLB_MULTIHIT), |
317 |
+@@ -1063,9 +1069,9 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
318 |
+ VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS | NO_ITLB_MULTIHIT), |
319 |
+ VULNWL_INTEL(ATOM_AIRMONT_NP, NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
320 |
+ |
321 |
+- VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
322 |
+- VULNWL_INTEL(ATOM_GOLDMONT_D, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
323 |
+- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), |
324 |
++ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
325 |
++ VULNWL_INTEL(ATOM_GOLDMONT_D, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
326 |
++ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO | NO_EIBRS_PBRSB), |
327 |
+ |
328 |
+ /* |
329 |
+ * Technically, swapgs isn't serializing on AMD (despite it previously |
330 |
+@@ -1080,18 +1086,18 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
331 |
+ VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), |
332 |
+ |
333 |
+ /* AMD Family 0xf - 0x12 */ |
334 |
+- VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
335 |
+- VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
336 |
+- VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
337 |
+- VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
338 |
++ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
339 |
++ VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
340 |
++ VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
341 |
++ VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
342 |
+ |
343 |
+ /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ |
344 |
+- VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
345 |
+- VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
346 |
++ VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
347 |
++ VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_MMIO), |
348 |
+ |
349 |
+ /* Zhaoxin Family 7 */ |
350 |
+- VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS), |
351 |
+- VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS), |
352 |
++ VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS | NO_MMIO), |
353 |
++ VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2 | NO_SWAPGS | NO_MMIO), |
354 |
+ {} |
355 |
+ }; |
356 |
+ |
357 |
+@@ -1245,10 +1251,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
358 |
+ * Affected CPU list is generally enough to enumerate the vulnerability, |
359 |
+ * but for virtualization case check for ARCH_CAP MSR bits also, VMM may |
360 |
+ * not want the guest to enumerate the bug. |
361 |
++ * |
362 |
++ * Set X86_BUG_MMIO_UNKNOWN for CPUs that are neither in the blacklist, |
363 |
++ * nor in the whitelist and also don't enumerate MSR ARCH_CAP MMIO bits. |
364 |
+ */ |
365 |
+- if (cpu_matches(cpu_vuln_blacklist, MMIO) && |
366 |
+- !arch_cap_mmio_immune(ia32_cap)) |
367 |
+- setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA); |
368 |
++ if (!arch_cap_mmio_immune(ia32_cap)) { |
369 |
++ if (cpu_matches(cpu_vuln_blacklist, MMIO)) |
370 |
++ setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA); |
371 |
++ else if (!cpu_matches(cpu_vuln_whitelist, NO_MMIO)) |
372 |
++ setup_force_cpu_bug(X86_BUG_MMIO_UNKNOWN); |
373 |
++ } |
374 |
+ |
375 |
+ if (!cpu_has(c, X86_FEATURE_BTC_NO)) { |
376 |
+ if (cpu_matches(cpu_vuln_blacklist, RETBLEED) || (ia32_cap & ARCH_CAP_RSBA)) |
377 |
+diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c |
378 |
+index c451d5f6422f6..cc071c4c65240 100644 |
379 |
+--- a/arch/x86/kernel/unwind_orc.c |
380 |
++++ b/arch/x86/kernel/unwind_orc.c |
381 |
+@@ -93,22 +93,27 @@ static struct orc_entry *orc_find(unsigned long ip); |
382 |
+ static struct orc_entry *orc_ftrace_find(unsigned long ip) |
383 |
+ { |
384 |
+ struct ftrace_ops *ops; |
385 |
+- unsigned long caller; |
386 |
++ unsigned long tramp_addr, offset; |
387 |
+ |
388 |
+ ops = ftrace_ops_trampoline(ip); |
389 |
+ if (!ops) |
390 |
+ return NULL; |
391 |
+ |
392 |
++ /* Set tramp_addr to the start of the code copied by the trampoline */ |
393 |
+ if (ops->flags & FTRACE_OPS_FL_SAVE_REGS) |
394 |
+- caller = (unsigned long)ftrace_regs_call; |
395 |
++ tramp_addr = (unsigned long)ftrace_regs_caller; |
396 |
+ else |
397 |
+- caller = (unsigned long)ftrace_call; |
398 |
++ tramp_addr = (unsigned long)ftrace_caller; |
399 |
++ |
400 |
++ /* Now place tramp_addr to the location within the trampoline ip is at */ |
401 |
++ offset = ip - ops->trampoline; |
402 |
++ tramp_addr += offset; |
403 |
+ |
404 |
+ /* Prevent unlikely recursion */ |
405 |
+- if (ip == caller) |
406 |
++ if (ip == tramp_addr) |
407 |
+ return NULL; |
408 |
+ |
409 |
+- return orc_find(caller); |
410 |
++ return orc_find(tramp_addr); |
411 |
+ } |
412 |
+ #else |
413 |
+ static struct orc_entry *orc_ftrace_find(unsigned long ip) |
414 |
+diff --git a/block/blk-mq.c b/block/blk-mq.c |
415 |
+index 90f64bb42fbd1..cfc039fabf8ce 100644 |
416 |
+--- a/block/blk-mq.c |
417 |
++++ b/block/blk-mq.c |
418 |
+@@ -1402,7 +1402,8 @@ out: |
419 |
+ /* If we didn't flush the entire list, we could have told the driver |
420 |
+ * there was more coming, but that turned out to be a lie. |
421 |
+ */ |
422 |
+- if ((!list_empty(list) || errors) && q->mq_ops->commit_rqs && queued) |
423 |
++ if ((!list_empty(list) || errors || needs_resource || |
424 |
++ ret == BLK_STS_DEV_RESOURCE) && q->mq_ops->commit_rqs && queued) |
425 |
+ q->mq_ops->commit_rqs(hctx); |
426 |
+ /* |
427 |
+ * Any items that need requeuing? Stuff them into hctx->dispatch, |
428 |
+@@ -2080,6 +2081,7 @@ void blk_mq_try_issue_list_directly(struct blk_mq_hw_ctx *hctx, |
429 |
+ list_del_init(&rq->queuelist); |
430 |
+ ret = blk_mq_request_issue_directly(rq, list_empty(list)); |
431 |
+ if (ret != BLK_STS_OK) { |
432 |
++ errors++; |
433 |
+ if (ret == BLK_STS_RESOURCE || |
434 |
+ ret == BLK_STS_DEV_RESOURCE) { |
435 |
+ blk_mq_request_bypass_insert(rq, false, |
436 |
+@@ -2087,7 +2089,6 @@ void blk_mq_try_issue_list_directly(struct blk_mq_hw_ctx *hctx, |
437 |
+ break; |
438 |
+ } |
439 |
+ blk_mq_end_request(rq, ret); |
440 |
+- errors++; |
441 |
+ } else |
442 |
+ queued++; |
443 |
+ } |
444 |
+diff --git a/drivers/acpi/processor_thermal.c b/drivers/acpi/processor_thermal.c |
445 |
+index 6c7d05b37c986..7df0c6e3ba63c 100644 |
446 |
+--- a/drivers/acpi/processor_thermal.c |
447 |
++++ b/drivers/acpi/processor_thermal.c |
448 |
+@@ -148,7 +148,7 @@ void acpi_thermal_cpufreq_exit(struct cpufreq_policy *policy) |
449 |
+ unsigned int cpu; |
450 |
+ |
451 |
+ for_each_cpu(cpu, policy->related_cpus) { |
452 |
+- struct acpi_processor *pr = per_cpu(processors, policy->cpu); |
453 |
++ struct acpi_processor *pr = per_cpu(processors, cpu); |
454 |
+ |
455 |
+ if (pr) |
456 |
+ freq_qos_remove_request(&pr->thermal_req); |
457 |
+diff --git a/drivers/block/loop.c b/drivers/block/loop.c |
458 |
+index e4517d483bdc3..b10410585a746 100644 |
459 |
+--- a/drivers/block/loop.c |
460 |
++++ b/drivers/block/loop.c |
461 |
+@@ -1031,6 +1031,11 @@ loop_set_status_from_info(struct loop_device *lo, |
462 |
+ |
463 |
+ lo->lo_offset = info->lo_offset; |
464 |
+ lo->lo_sizelimit = info->lo_sizelimit; |
465 |
++ |
466 |
++ /* loff_t vars have been assigned __u64 */ |
467 |
++ if (lo->lo_offset < 0 || lo->lo_sizelimit < 0) |
468 |
++ return -EOVERFLOW; |
469 |
++ |
470 |
+ memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE); |
471 |
+ memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE); |
472 |
+ lo->lo_file_name[LO_NAME_SIZE-1] = 0; |
473 |
+diff --git a/drivers/md/md.c b/drivers/md/md.c |
474 |
+index 884317ee1759f..0043dec37a870 100644 |
475 |
+--- a/drivers/md/md.c |
476 |
++++ b/drivers/md/md.c |
477 |
+@@ -6278,11 +6278,11 @@ static void mddev_detach(struct mddev *mddev) |
478 |
+ static void __md_stop(struct mddev *mddev) |
479 |
+ { |
480 |
+ struct md_personality *pers = mddev->pers; |
481 |
++ md_bitmap_destroy(mddev); |
482 |
+ mddev_detach(mddev); |
483 |
+ /* Ensure ->event_work is done */ |
484 |
+ if (mddev->event_work.func) |
485 |
+ flush_workqueue(md_misc_wq); |
486 |
+- md_bitmap_destroy(mddev); |
487 |
+ spin_lock(&mddev->lock); |
488 |
+ mddev->pers = NULL; |
489 |
+ spin_unlock(&mddev->lock); |
490 |
+@@ -6299,6 +6299,7 @@ void md_stop(struct mddev *mddev) |
491 |
+ /* stop the array and free an attached data structures. |
492 |
+ * This is called from dm-raid |
493 |
+ */ |
494 |
++ __md_stop_writes(mddev); |
495 |
+ __md_stop(mddev); |
496 |
+ bioset_exit(&mddev->bio_set); |
497 |
+ bioset_exit(&mddev->sync_set); |
498 |
+diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c |
499 |
+index 325b20729d8ba..b0f8d551b61db 100644 |
500 |
+--- a/drivers/net/bonding/bond_3ad.c |
501 |
++++ b/drivers/net/bonding/bond_3ad.c |
502 |
+@@ -1988,30 +1988,24 @@ void bond_3ad_initiate_agg_selection(struct bonding *bond, int timeout) |
503 |
+ */ |
504 |
+ void bond_3ad_initialize(struct bonding *bond, u16 tick_resolution) |
505 |
+ { |
506 |
+- /* check that the bond is not initialized yet */ |
507 |
+- if (!MAC_ADDRESS_EQUAL(&(BOND_AD_INFO(bond).system.sys_mac_addr), |
508 |
+- bond->dev->dev_addr)) { |
509 |
+- |
510 |
+- BOND_AD_INFO(bond).aggregator_identifier = 0; |
511 |
+- |
512 |
+- BOND_AD_INFO(bond).system.sys_priority = |
513 |
+- bond->params.ad_actor_sys_prio; |
514 |
+- if (is_zero_ether_addr(bond->params.ad_actor_system)) |
515 |
+- BOND_AD_INFO(bond).system.sys_mac_addr = |
516 |
+- *((struct mac_addr *)bond->dev->dev_addr); |
517 |
+- else |
518 |
+- BOND_AD_INFO(bond).system.sys_mac_addr = |
519 |
+- *((struct mac_addr *)bond->params.ad_actor_system); |
520 |
++ BOND_AD_INFO(bond).aggregator_identifier = 0; |
521 |
++ BOND_AD_INFO(bond).system.sys_priority = |
522 |
++ bond->params.ad_actor_sys_prio; |
523 |
++ if (is_zero_ether_addr(bond->params.ad_actor_system)) |
524 |
++ BOND_AD_INFO(bond).system.sys_mac_addr = |
525 |
++ *((struct mac_addr *)bond->dev->dev_addr); |
526 |
++ else |
527 |
++ BOND_AD_INFO(bond).system.sys_mac_addr = |
528 |
++ *((struct mac_addr *)bond->params.ad_actor_system); |
529 |
+ |
530 |
+- /* initialize how many times this module is called in one |
531 |
+- * second (should be about every 100ms) |
532 |
+- */ |
533 |
+- ad_ticks_per_sec = tick_resolution; |
534 |
++ /* initialize how many times this module is called in one |
535 |
++ * second (should be about every 100ms) |
536 |
++ */ |
537 |
++ ad_ticks_per_sec = tick_resolution; |
538 |
+ |
539 |
+- bond_3ad_initiate_agg_selection(bond, |
540 |
+- AD_AGGREGATOR_SELECTION_TIMER * |
541 |
+- ad_ticks_per_sec); |
542 |
+- } |
543 |
++ bond_3ad_initiate_agg_selection(bond, |
544 |
++ AD_AGGREGATOR_SELECTION_TIMER * |
545 |
++ ad_ticks_per_sec); |
546 |
+ } |
547 |
+ |
548 |
+ /** |
549 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |
550 |
+index 23b80aa171dd0..819f9df9425c6 100644 |
551 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |
552 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |
553 |
+@@ -599,7 +599,7 @@ static int bnxt_hwrm_func_vf_resc_cfg(struct bnxt *bp, int num_vfs, bool reset) |
554 |
+ hw_resc->max_stat_ctxs -= le16_to_cpu(req.min_stat_ctx) * n; |
555 |
+ hw_resc->max_vnics -= le16_to_cpu(req.min_vnics) * n; |
556 |
+ if (bp->flags & BNXT_FLAG_CHIP_P5) |
557 |
+- hw_resc->max_irqs -= vf_msix * n; |
558 |
++ hw_resc->max_nqs -= vf_msix; |
559 |
+ |
560 |
+ rc = pf->active_vfs; |
561 |
+ } |
562 |
+diff --git a/drivers/net/ethernet/intel/ice/ice_xsk.c b/drivers/net/ethernet/intel/ice/ice_xsk.c |
563 |
+index 5733526fa245c..59963b901be0f 100644 |
564 |
+--- a/drivers/net/ethernet/intel/ice/ice_xsk.c |
565 |
++++ b/drivers/net/ethernet/intel/ice/ice_xsk.c |
566 |
+@@ -371,6 +371,19 @@ int ice_xsk_pool_setup(struct ice_vsi *vsi, struct xsk_buff_pool *pool, u16 qid) |
567 |
+ bool if_running, pool_present = !!pool; |
568 |
+ int ret = 0, pool_failure = 0; |
569 |
+ |
570 |
++ if (qid >= vsi->num_rxq || qid >= vsi->num_txq) { |
571 |
++ netdev_err(vsi->netdev, "Please use queue id in scope of combined queues count\n"); |
572 |
++ pool_failure = -EINVAL; |
573 |
++ goto failure; |
574 |
++ } |
575 |
++ |
576 |
++ if (!is_power_of_2(vsi->rx_rings[qid]->count) || |
577 |
++ !is_power_of_2(vsi->tx_rings[qid]->count)) { |
578 |
++ netdev_err(vsi->netdev, "Please align ring sizes to power of 2\n"); |
579 |
++ pool_failure = -EINVAL; |
580 |
++ goto failure; |
581 |
++ } |
582 |
++ |
583 |
+ if_running = netif_running(vsi->netdev) && ice_is_xdp_ena_vsi(vsi); |
584 |
+ |
585 |
+ if (if_running) { |
586 |
+@@ -393,6 +406,7 @@ xsk_pool_if_up: |
587 |
+ netdev_err(vsi->netdev, "ice_qp_ena error = %d\n", ret); |
588 |
+ } |
589 |
+ |
590 |
++failure: |
591 |
+ if (pool_failure) { |
592 |
+ netdev_err(vsi->netdev, "Could not %sable buffer pool, error = %d\n", |
593 |
+ pool_present ? "en" : "dis", pool_failure); |
594 |
+diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c |
595 |
+index 22a874eee2e84..8b7f300355710 100644 |
596 |
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c |
597 |
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c |
598 |
+@@ -1211,7 +1211,6 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) |
599 |
+ struct cyclecounter cc; |
600 |
+ unsigned long flags; |
601 |
+ u32 incval = 0; |
602 |
+- u32 tsauxc = 0; |
603 |
+ u32 fuse0 = 0; |
604 |
+ |
605 |
+ /* For some of the boards below this mask is technically incorrect. |
606 |
+@@ -1246,18 +1245,6 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) |
607 |
+ case ixgbe_mac_x550em_a: |
608 |
+ case ixgbe_mac_X550: |
609 |
+ cc.read = ixgbe_ptp_read_X550; |
610 |
+- |
611 |
+- /* enable SYSTIME counter */ |
612 |
+- IXGBE_WRITE_REG(hw, IXGBE_SYSTIMR, 0); |
613 |
+- IXGBE_WRITE_REG(hw, IXGBE_SYSTIML, 0); |
614 |
+- IXGBE_WRITE_REG(hw, IXGBE_SYSTIMH, 0); |
615 |
+- tsauxc = IXGBE_READ_REG(hw, IXGBE_TSAUXC); |
616 |
+- IXGBE_WRITE_REG(hw, IXGBE_TSAUXC, |
617 |
+- tsauxc & ~IXGBE_TSAUXC_DISABLE_SYSTIME); |
618 |
+- IXGBE_WRITE_REG(hw, IXGBE_TSIM, IXGBE_TSIM_TXTS); |
619 |
+- IXGBE_WRITE_REG(hw, IXGBE_EIMS, IXGBE_EIMS_TIMESYNC); |
620 |
+- |
621 |
+- IXGBE_WRITE_FLUSH(hw); |
622 |
+ break; |
623 |
+ case ixgbe_mac_X540: |
624 |
+ cc.read = ixgbe_ptp_read_82599; |
625 |
+@@ -1289,6 +1276,50 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) |
626 |
+ spin_unlock_irqrestore(&adapter->tmreg_lock, flags); |
627 |
+ } |
628 |
+ |
629 |
++/** |
630 |
++ * ixgbe_ptp_init_systime - Initialize SYSTIME registers |
631 |
++ * @adapter: the ixgbe private board structure |
632 |
++ * |
633 |
++ * Initialize and start the SYSTIME registers. |
634 |
++ */ |
635 |
++static void ixgbe_ptp_init_systime(struct ixgbe_adapter *adapter) |
636 |
++{ |
637 |
++ struct ixgbe_hw *hw = &adapter->hw; |
638 |
++ u32 tsauxc; |
639 |
++ |
640 |
++ switch (hw->mac.type) { |
641 |
++ case ixgbe_mac_X550EM_x: |
642 |
++ case ixgbe_mac_x550em_a: |
643 |
++ case ixgbe_mac_X550: |
644 |
++ tsauxc = IXGBE_READ_REG(hw, IXGBE_TSAUXC); |
645 |
++ |
646 |
++ /* Reset SYSTIME registers to 0 */ |
647 |
++ IXGBE_WRITE_REG(hw, IXGBE_SYSTIMR, 0); |
648 |
++ IXGBE_WRITE_REG(hw, IXGBE_SYSTIML, 0); |
649 |
++ IXGBE_WRITE_REG(hw, IXGBE_SYSTIMH, 0); |
650 |
++ |
651 |
++ /* Reset interrupt settings */ |
652 |
++ IXGBE_WRITE_REG(hw, IXGBE_TSIM, IXGBE_TSIM_TXTS); |
653 |
++ IXGBE_WRITE_REG(hw, IXGBE_EIMS, IXGBE_EIMS_TIMESYNC); |
654 |
++ |
655 |
++ /* Activate the SYSTIME counter */ |
656 |
++ IXGBE_WRITE_REG(hw, IXGBE_TSAUXC, |
657 |
++ tsauxc & ~IXGBE_TSAUXC_DISABLE_SYSTIME); |
658 |
++ break; |
659 |
++ case ixgbe_mac_X540: |
660 |
++ case ixgbe_mac_82599EB: |
661 |
++ /* Reset SYSTIME registers to 0 */ |
662 |
++ IXGBE_WRITE_REG(hw, IXGBE_SYSTIML, 0); |
663 |
++ IXGBE_WRITE_REG(hw, IXGBE_SYSTIMH, 0); |
664 |
++ break; |
665 |
++ default: |
666 |
++ /* Other devices aren't supported */ |
667 |
++ return; |
668 |
++ }; |
669 |
++ |
670 |
++ IXGBE_WRITE_FLUSH(hw); |
671 |
++} |
672 |
++ |
673 |
+ /** |
674 |
+ * ixgbe_ptp_reset |
675 |
+ * @adapter: the ixgbe private board structure |
676 |
+@@ -1315,6 +1346,8 @@ void ixgbe_ptp_reset(struct ixgbe_adapter *adapter) |
677 |
+ |
678 |
+ ixgbe_ptp_start_cyclecounter(adapter); |
679 |
+ |
680 |
++ ixgbe_ptp_init_systime(adapter); |
681 |
++ |
682 |
+ spin_lock_irqsave(&adapter->tmreg_lock, flags); |
683 |
+ timecounter_init(&adapter->hw_tc, &adapter->hw_cc, |
684 |
+ ktime_to_ns(ktime_get_real())); |
685 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c |
686 |
+index 304435e561170..b991f03c7e991 100644 |
687 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c |
688 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c |
689 |
+@@ -706,6 +706,8 @@ static void mlx5e_build_rep_params(struct net_device *netdev) |
690 |
+ |
691 |
+ params->num_tc = 1; |
692 |
+ params->tunneled_offload_en = false; |
693 |
++ if (rep->vport != MLX5_VPORT_UPLINK) |
694 |
++ params->vlan_strip_disable = true; |
695 |
+ |
696 |
+ mlx5_query_min_inline(mdev, ¶ms->tx_min_inline_mode); |
697 |
+ |
698 |
+diff --git a/drivers/net/ethernet/moxa/moxart_ether.c b/drivers/net/ethernet/moxa/moxart_ether.c |
699 |
+index 6137000b11c5c..73aac97fb5c96 100644 |
700 |
+--- a/drivers/net/ethernet/moxa/moxart_ether.c |
701 |
++++ b/drivers/net/ethernet/moxa/moxart_ether.c |
702 |
+@@ -74,11 +74,6 @@ static int moxart_set_mac_address(struct net_device *ndev, void *addr) |
703 |
+ static void moxart_mac_free_memory(struct net_device *ndev) |
704 |
+ { |
705 |
+ struct moxart_mac_priv_t *priv = netdev_priv(ndev); |
706 |
+- int i; |
707 |
+- |
708 |
+- for (i = 0; i < RX_DESC_NUM; i++) |
709 |
+- dma_unmap_single(&priv->pdev->dev, priv->rx_mapping[i], |
710 |
+- priv->rx_buf_size, DMA_FROM_DEVICE); |
711 |
+ |
712 |
+ if (priv->tx_desc_base) |
713 |
+ dma_free_coherent(&priv->pdev->dev, |
714 |
+@@ -193,6 +188,7 @@ static int moxart_mac_open(struct net_device *ndev) |
715 |
+ static int moxart_mac_stop(struct net_device *ndev) |
716 |
+ { |
717 |
+ struct moxart_mac_priv_t *priv = netdev_priv(ndev); |
718 |
++ int i; |
719 |
+ |
720 |
+ napi_disable(&priv->napi); |
721 |
+ |
722 |
+@@ -204,6 +200,11 @@ static int moxart_mac_stop(struct net_device *ndev) |
723 |
+ /* disable all functions */ |
724 |
+ writel(0, priv->base + REG_MAC_CTRL); |
725 |
+ |
726 |
++ /* unmap areas mapped in moxart_mac_setup_desc_ring() */ |
727 |
++ for (i = 0; i < RX_DESC_NUM; i++) |
728 |
++ dma_unmap_single(&priv->pdev->dev, priv->rx_mapping[i], |
729 |
++ priv->rx_buf_size, DMA_FROM_DEVICE); |
730 |
++ |
731 |
+ return 0; |
732 |
+ } |
733 |
+ |
734 |
+diff --git a/drivers/net/ethernet/pensando/ionic/ionic_main.c b/drivers/net/ethernet/pensando/ionic/ionic_main.c |
735 |
+index e14869a2e24a5..f60ffef33e0ce 100644 |
736 |
+--- a/drivers/net/ethernet/pensando/ionic/ionic_main.c |
737 |
++++ b/drivers/net/ethernet/pensando/ionic/ionic_main.c |
738 |
+@@ -378,8 +378,8 @@ try_again: |
739 |
+ ionic_opcode_to_str(opcode), opcode, |
740 |
+ ionic_error_to_str(err), err); |
741 |
+ |
742 |
+- msleep(1000); |
743 |
+ iowrite32(0, &idev->dev_cmd_regs->done); |
744 |
++ msleep(1000); |
745 |
+ iowrite32(1, &idev->dev_cmd_regs->doorbell); |
746 |
+ goto try_again; |
747 |
+ } |
748 |
+@@ -392,6 +392,8 @@ try_again: |
749 |
+ return ionic_error_to_errno(err); |
750 |
+ } |
751 |
+ |
752 |
++ ionic_dev_cmd_clean(ionic); |
753 |
++ |
754 |
+ return 0; |
755 |
+ } |
756 |
+ |
757 |
+diff --git a/drivers/net/ipa/ipa_mem.c b/drivers/net/ipa/ipa_mem.c |
758 |
+index a78d66051a17d..25a8d029f2075 100644 |
759 |
+--- a/drivers/net/ipa/ipa_mem.c |
760 |
++++ b/drivers/net/ipa/ipa_mem.c |
761 |
+@@ -414,7 +414,7 @@ static int ipa_smem_init(struct ipa *ipa, u32 item, size_t size) |
762 |
+ } |
763 |
+ |
764 |
+ /* Align the address down and the size up to a page boundary */ |
765 |
+- addr = qcom_smem_virt_to_phys(virt) & PAGE_MASK; |
766 |
++ addr = qcom_smem_virt_to_phys(virt); |
767 |
+ phys = addr & PAGE_MASK; |
768 |
+ size = PAGE_ALIGN(size + addr - phys); |
769 |
+ iova = phys; /* We just want a direct mapping */ |
770 |
+diff --git a/drivers/net/ipvlan/ipvtap.c b/drivers/net/ipvlan/ipvtap.c |
771 |
+index 1cedb634f4f7b..f01078b2581ce 100644 |
772 |
+--- a/drivers/net/ipvlan/ipvtap.c |
773 |
++++ b/drivers/net/ipvlan/ipvtap.c |
774 |
+@@ -194,7 +194,7 @@ static struct notifier_block ipvtap_notifier_block __read_mostly = { |
775 |
+ .notifier_call = ipvtap_device_event, |
776 |
+ }; |
777 |
+ |
778 |
+-static int ipvtap_init(void) |
779 |
++static int __init ipvtap_init(void) |
780 |
+ { |
781 |
+ int err; |
782 |
+ |
783 |
+@@ -228,7 +228,7 @@ out1: |
784 |
+ } |
785 |
+ module_init(ipvtap_init); |
786 |
+ |
787 |
+-static void ipvtap_exit(void) |
788 |
++static void __exit ipvtap_exit(void) |
789 |
+ { |
790 |
+ rtnl_link_unregister(&ipvtap_link_ops); |
791 |
+ unregister_netdevice_notifier(&ipvtap_notifier_block); |
792 |
+diff --git a/drivers/nfc/pn533/uart.c b/drivers/nfc/pn533/uart.c |
793 |
+index a0665d8ea85bc..e92535ebb5287 100644 |
794 |
+--- a/drivers/nfc/pn533/uart.c |
795 |
++++ b/drivers/nfc/pn533/uart.c |
796 |
+@@ -310,6 +310,7 @@ static void pn532_uart_remove(struct serdev_device *serdev) |
797 |
+ pn53x_unregister_nfc(pn532->priv); |
798 |
+ serdev_device_close(serdev); |
799 |
+ pn53x_common_clean(pn532->priv); |
800 |
++ del_timer_sync(&pn532->cmd_timeout); |
801 |
+ kfree_skb(pn532->recv_skb); |
802 |
+ kfree(pn532); |
803 |
+ } |
804 |
+diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c |
805 |
+index e20bcc835d6a8..82b658a3c220a 100644 |
806 |
+--- a/drivers/pinctrl/pinctrl-amd.c |
807 |
++++ b/drivers/pinctrl/pinctrl-amd.c |
808 |
+@@ -815,6 +815,7 @@ static int amd_gpio_suspend(struct device *dev) |
809 |
+ { |
810 |
+ struct amd_gpio *gpio_dev = dev_get_drvdata(dev); |
811 |
+ struct pinctrl_desc *desc = gpio_dev->pctrl->desc; |
812 |
++ unsigned long flags; |
813 |
+ int i; |
814 |
+ |
815 |
+ for (i = 0; i < desc->npins; i++) { |
816 |
+@@ -823,7 +824,9 @@ static int amd_gpio_suspend(struct device *dev) |
817 |
+ if (!amd_gpio_should_save(gpio_dev, pin)) |
818 |
+ continue; |
819 |
+ |
820 |
+- gpio_dev->saved_regs[i] = readl(gpio_dev->base + pin*4); |
821 |
++ raw_spin_lock_irqsave(&gpio_dev->lock, flags); |
822 |
++ gpio_dev->saved_regs[i] = readl(gpio_dev->base + pin * 4) & ~PIN_IRQ_PENDING; |
823 |
++ raw_spin_unlock_irqrestore(&gpio_dev->lock, flags); |
824 |
+ } |
825 |
+ |
826 |
+ return 0; |
827 |
+@@ -833,6 +836,7 @@ static int amd_gpio_resume(struct device *dev) |
828 |
+ { |
829 |
+ struct amd_gpio *gpio_dev = dev_get_drvdata(dev); |
830 |
+ struct pinctrl_desc *desc = gpio_dev->pctrl->desc; |
831 |
++ unsigned long flags; |
832 |
+ int i; |
833 |
+ |
834 |
+ for (i = 0; i < desc->npins; i++) { |
835 |
+@@ -841,7 +845,10 @@ static int amd_gpio_resume(struct device *dev) |
836 |
+ if (!amd_gpio_should_save(gpio_dev, pin)) |
837 |
+ continue; |
838 |
+ |
839 |
+- writel(gpio_dev->saved_regs[i], gpio_dev->base + pin*4); |
840 |
++ raw_spin_lock_irqsave(&gpio_dev->lock, flags); |
841 |
++ gpio_dev->saved_regs[i] |= readl(gpio_dev->base + pin * 4) & PIN_IRQ_PENDING; |
842 |
++ writel(gpio_dev->saved_regs[i], gpio_dev->base + pin * 4); |
843 |
++ raw_spin_unlock_irqrestore(&gpio_dev->lock, flags); |
844 |
+ } |
845 |
+ |
846 |
+ return 0; |
847 |
+diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c |
848 |
+index 0ee0b80006e05..7ac1090d4379c 100644 |
849 |
+--- a/drivers/scsi/storvsc_drv.c |
850 |
++++ b/drivers/scsi/storvsc_drv.c |
851 |
+@@ -1997,7 +1997,7 @@ static int storvsc_probe(struct hv_device *device, |
852 |
+ */ |
853 |
+ host_dev->handle_error_wq = |
854 |
+ alloc_ordered_workqueue("storvsc_error_wq_%d", |
855 |
+- WQ_MEM_RECLAIM, |
856 |
++ 0, |
857 |
+ host->host_no); |
858 |
+ if (!host_dev->handle_error_wq) { |
859 |
+ ret = -ENOMEM; |
860 |
+diff --git a/drivers/scsi/ufs/ufshci.h b/drivers/scsi/ufs/ufshci.h |
861 |
+index 1d999228efc85..e380941318117 100644 |
862 |
+--- a/drivers/scsi/ufs/ufshci.h |
863 |
++++ b/drivers/scsi/ufs/ufshci.h |
864 |
+@@ -129,11 +129,7 @@ enum { |
865 |
+ |
866 |
+ #define UFSHCD_UIC_MASK (UIC_COMMAND_COMPL | UFSHCD_UIC_PWR_MASK) |
867 |
+ |
868 |
+-#define UFSHCD_ERROR_MASK (UIC_ERROR |\ |
869 |
+- DEVICE_FATAL_ERROR |\ |
870 |
+- CONTROLLER_FATAL_ERROR |\ |
871 |
+- SYSTEM_BUS_FATAL_ERROR |\ |
872 |
+- CRYPTO_ENGINE_FATAL_ERROR) |
873 |
++#define UFSHCD_ERROR_MASK (UIC_ERROR | INT_FATAL_ERRORS) |
874 |
+ |
875 |
+ #define INT_FATAL_ERRORS (DEVICE_FATAL_ERROR |\ |
876 |
+ CONTROLLER_FATAL_ERROR |\ |
877 |
+diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c |
878 |
+index fe8df32bb612b..cd5f2f09468e2 100644 |
879 |
+--- a/drivers/xen/privcmd.c |
880 |
++++ b/drivers/xen/privcmd.c |
881 |
+@@ -581,27 +581,30 @@ static int lock_pages( |
882 |
+ struct privcmd_dm_op_buf kbufs[], unsigned int num, |
883 |
+ struct page *pages[], unsigned int nr_pages, unsigned int *pinned) |
884 |
+ { |
885 |
+- unsigned int i; |
886 |
++ unsigned int i, off = 0; |
887 |
+ |
888 |
+- for (i = 0; i < num; i++) { |
889 |
++ for (i = 0; i < num; ) { |
890 |
+ unsigned int requested; |
891 |
+ int page_count; |
892 |
+ |
893 |
+ requested = DIV_ROUND_UP( |
894 |
+ offset_in_page(kbufs[i].uptr) + kbufs[i].size, |
895 |
+- PAGE_SIZE); |
896 |
++ PAGE_SIZE) - off; |
897 |
+ if (requested > nr_pages) |
898 |
+ return -ENOSPC; |
899 |
+ |
900 |
+ page_count = pin_user_pages_fast( |
901 |
+- (unsigned long) kbufs[i].uptr, |
902 |
++ (unsigned long)kbufs[i].uptr + off * PAGE_SIZE, |
903 |
+ requested, FOLL_WRITE, pages); |
904 |
+- if (page_count < 0) |
905 |
+- return page_count; |
906 |
++ if (page_count <= 0) |
907 |
++ return page_count ? : -EFAULT; |
908 |
+ |
909 |
+ *pinned += page_count; |
910 |
+ nr_pages -= page_count; |
911 |
+ pages += page_count; |
912 |
++ |
913 |
++ off = (requested == page_count) ? 0 : off + page_count; |
914 |
++ i += !off; |
915 |
+ } |
916 |
+ |
917 |
+ return 0; |
918 |
+@@ -677,10 +680,8 @@ static long privcmd_ioctl_dm_op(struct file *file, void __user *udata) |
919 |
+ } |
920 |
+ |
921 |
+ rc = lock_pages(kbufs, kdata.num, pages, nr_pages, &pinned); |
922 |
+- if (rc < 0) { |
923 |
+- nr_pages = pinned; |
924 |
++ if (rc < 0) |
925 |
+ goto out; |
926 |
+- } |
927 |
+ |
928 |
+ for (i = 0; i < kdata.num; i++) { |
929 |
+ set_xen_guest_handle(xbufs[i].h, kbufs[i].uptr); |
930 |
+@@ -692,7 +693,7 @@ static long privcmd_ioctl_dm_op(struct file *file, void __user *udata) |
931 |
+ xen_preemptible_hcall_end(); |
932 |
+ |
933 |
+ out: |
934 |
+- unlock_pages(pages, nr_pages); |
935 |
++ unlock_pages(pages, pinned); |
936 |
+ kfree(xbufs); |
937 |
+ kfree(pages); |
938 |
+ kfree(kbufs); |
939 |
+diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c |
940 |
+index d297804631829..be6935d191970 100644 |
941 |
+--- a/fs/btrfs/dev-replace.c |
942 |
++++ b/fs/btrfs/dev-replace.c |
943 |
+@@ -161,7 +161,7 @@ no_valid_dev_replace_entry_found: |
944 |
+ if (btrfs_find_device(fs_info->fs_devices, |
945 |
+ BTRFS_DEV_REPLACE_DEVID, NULL, NULL, false)) { |
946 |
+ btrfs_err(fs_info, |
947 |
+- "replace devid present without an active replace item"); |
948 |
++"replace without active item, run 'device scan --forget' on the target device"); |
949 |
+ ret = -EUCLEAN; |
950 |
+ } else { |
951 |
+ dev_replace->srcdev = NULL; |
952 |
+@@ -954,8 +954,7 @@ int btrfs_dev_replace_cancel(struct btrfs_fs_info *fs_info) |
953 |
+ up_write(&dev_replace->rwsem); |
954 |
+ |
955 |
+ /* Scrub for replace must not be running in suspended state */ |
956 |
+- ret = btrfs_scrub_cancel(fs_info); |
957 |
+- ASSERT(ret != -ENOTCONN); |
958 |
++ btrfs_scrub_cancel(fs_info); |
959 |
+ |
960 |
+ trans = btrfs_start_transaction(root, 0); |
961 |
+ if (IS_ERR(trans)) { |
962 |
+diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c |
963 |
+index db37a37996497..e9e8ca4e98a75 100644 |
964 |
+--- a/fs/btrfs/root-tree.c |
965 |
++++ b/fs/btrfs/root-tree.c |
966 |
+@@ -336,9 +336,10 @@ int btrfs_del_root_ref(struct btrfs_trans_handle *trans, u64 root_id, |
967 |
+ key.offset = ref_id; |
968 |
+ again: |
969 |
+ ret = btrfs_search_slot(trans, tree_root, &key, path, -1, 1); |
970 |
+- if (ret < 0) |
971 |
++ if (ret < 0) { |
972 |
++ err = ret; |
973 |
+ goto out; |
974 |
+- if (ret == 0) { |
975 |
++ } else if (ret == 0) { |
976 |
+ leaf = path->nodes[0]; |
977 |
+ ref = btrfs_item_ptr(leaf, path->slots[0], |
978 |
+ struct btrfs_root_ref); |
979 |
+diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c |
980 |
+index f1a60bcdb3db8..cd6049b0bde53 100644 |
981 |
+--- a/fs/btrfs/xattr.c |
982 |
++++ b/fs/btrfs/xattr.c |
983 |
+@@ -389,6 +389,9 @@ static int btrfs_xattr_handler_set(const struct xattr_handler *handler, |
984 |
+ const char *name, const void *buffer, |
985 |
+ size_t size, int flags) |
986 |
+ { |
987 |
++ if (btrfs_root_readonly(BTRFS_I(inode)->root)) |
988 |
++ return -EROFS; |
989 |
++ |
990 |
+ name = xattr_full_name(handler, name); |
991 |
+ return btrfs_setxattr_trans(inode, name, buffer, size, flags); |
992 |
+ } |
993 |
+diff --git a/fs/nfs/nfs4file.c b/fs/nfs/nfs4file.c |
994 |
+index 9fdecd9090493..70cd0d764c447 100644 |
995 |
+--- a/fs/nfs/nfs4file.c |
996 |
++++ b/fs/nfs/nfs4file.c |
997 |
+@@ -321,7 +321,7 @@ static int read_name_gen = 1; |
998 |
+ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, |
999 |
+ struct nfs_fh *src_fh, nfs4_stateid *stateid) |
1000 |
+ { |
1001 |
+- struct nfs_fattr fattr; |
1002 |
++ struct nfs_fattr *fattr = nfs_alloc_fattr(); |
1003 |
+ struct file *filep, *res; |
1004 |
+ struct nfs_server *server; |
1005 |
+ struct inode *r_ino = NULL; |
1006 |
+@@ -332,14 +332,20 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, |
1007 |
+ |
1008 |
+ server = NFS_SERVER(ss_mnt->mnt_root->d_inode); |
1009 |
+ |
1010 |
+- nfs_fattr_init(&fattr); |
1011 |
++ if (!fattr) |
1012 |
++ return ERR_PTR(-ENOMEM); |
1013 |
+ |
1014 |
+- status = nfs4_proc_getattr(server, src_fh, &fattr, NULL, NULL); |
1015 |
++ status = nfs4_proc_getattr(server, src_fh, fattr, NULL, NULL); |
1016 |
+ if (status < 0) { |
1017 |
+ res = ERR_PTR(status); |
1018 |
+ goto out; |
1019 |
+ } |
1020 |
+ |
1021 |
++ if (!S_ISREG(fattr->mode)) { |
1022 |
++ res = ERR_PTR(-EBADF); |
1023 |
++ goto out; |
1024 |
++ } |
1025 |
++ |
1026 |
+ res = ERR_PTR(-ENOMEM); |
1027 |
+ len = strlen(SSC_READ_NAME_BODY) + 16; |
1028 |
+ read_name = kzalloc(len, GFP_NOFS); |
1029 |
+@@ -347,7 +353,7 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, |
1030 |
+ goto out; |
1031 |
+ snprintf(read_name, len, SSC_READ_NAME_BODY, read_name_gen++); |
1032 |
+ |
1033 |
+- r_ino = nfs_fhget(ss_mnt->mnt_root->d_inode->i_sb, src_fh, &fattr, |
1034 |
++ r_ino = nfs_fhget(ss_mnt->mnt_root->d_inode->i_sb, src_fh, fattr, |
1035 |
+ NULL); |
1036 |
+ if (IS_ERR(r_ino)) { |
1037 |
+ res = ERR_CAST(r_ino); |
1038 |
+@@ -358,6 +364,7 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, |
1039 |
+ r_ino->i_fop); |
1040 |
+ if (IS_ERR(filep)) { |
1041 |
+ res = ERR_CAST(filep); |
1042 |
++ iput(r_ino); |
1043 |
+ goto out_free_name; |
1044 |
+ } |
1045 |
+ filep->f_mode |= FMODE_READ; |
1046 |
+@@ -392,6 +399,7 @@ static struct file *__nfs42_ssc_open(struct vfsmount *ss_mnt, |
1047 |
+ out_free_name: |
1048 |
+ kfree(read_name); |
1049 |
+ out: |
1050 |
++ nfs_free_fattr(fattr); |
1051 |
+ return res; |
1052 |
+ out_stateowner: |
1053 |
+ nfs4_put_state_owner(sp); |
1054 |
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
1055 |
+index ba98371e9d164..ef18f0d71b11b 100644 |
1056 |
+--- a/fs/proc/task_mmu.c |
1057 |
++++ b/fs/proc/task_mmu.c |
1058 |
+@@ -503,10 +503,12 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, |
1059 |
+ struct vm_area_struct *vma = walk->vma; |
1060 |
+ bool locked = !!(vma->vm_flags & VM_LOCKED); |
1061 |
+ struct page *page = NULL; |
1062 |
+- bool migration = false; |
1063 |
++ bool migration = false, young = false, dirty = false; |
1064 |
+ |
1065 |
+ if (pte_present(*pte)) { |
1066 |
+ page = vm_normal_page(vma, addr, *pte); |
1067 |
++ young = pte_young(*pte); |
1068 |
++ dirty = pte_dirty(*pte); |
1069 |
+ } else if (is_swap_pte(*pte)) { |
1070 |
+ swp_entry_t swpent = pte_to_swp_entry(*pte); |
1071 |
+ |
1072 |
+@@ -540,8 +542,7 @@ static void smaps_pte_entry(pte_t *pte, unsigned long addr, |
1073 |
+ if (!page) |
1074 |
+ return; |
1075 |
+ |
1076 |
+- smaps_account(mss, page, false, pte_young(*pte), pte_dirty(*pte), |
1077 |
+- locked, migration); |
1078 |
++ smaps_account(mss, page, false, young, dirty, locked, migration); |
1079 |
+ } |
1080 |
+ |
1081 |
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE |
1082 |
+diff --git a/fs/sync.c b/fs/sync.c |
1083 |
+index 1373a610dc784..79180e58d8628 100644 |
1084 |
+--- a/fs/sync.c |
1085 |
++++ b/fs/sync.c |
1086 |
+@@ -21,25 +21,6 @@ |
1087 |
+ #define VALID_FLAGS (SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE| \ |
1088 |
+ SYNC_FILE_RANGE_WAIT_AFTER) |
1089 |
+ |
1090 |
+-/* |
1091 |
+- * Do the filesystem syncing work. For simple filesystems |
1092 |
+- * writeback_inodes_sb(sb) just dirties buffers with inodes so we have to |
1093 |
+- * submit IO for these buffers via __sync_blockdev(). This also speeds up the |
1094 |
+- * wait == 1 case since in that case write_inode() functions do |
1095 |
+- * sync_dirty_buffer() and thus effectively write one block at a time. |
1096 |
+- */ |
1097 |
+-static int __sync_filesystem(struct super_block *sb, int wait) |
1098 |
+-{ |
1099 |
+- if (wait) |
1100 |
+- sync_inodes_sb(sb); |
1101 |
+- else |
1102 |
+- writeback_inodes_sb(sb, WB_REASON_SYNC); |
1103 |
+- |
1104 |
+- if (sb->s_op->sync_fs) |
1105 |
+- sb->s_op->sync_fs(sb, wait); |
1106 |
+- return __sync_blockdev(sb->s_bdev, wait); |
1107 |
+-} |
1108 |
+- |
1109 |
+ /* |
1110 |
+ * Write out and wait upon all dirty data associated with this |
1111 |
+ * superblock. Filesystem data as well as the underlying block |
1112 |
+@@ -47,7 +28,7 @@ static int __sync_filesystem(struct super_block *sb, int wait) |
1113 |
+ */ |
1114 |
+ int sync_filesystem(struct super_block *sb) |
1115 |
+ { |
1116 |
+- int ret; |
1117 |
++ int ret = 0; |
1118 |
+ |
1119 |
+ /* |
1120 |
+ * We need to be protected against the filesystem going from |
1121 |
+@@ -61,10 +42,31 @@ int sync_filesystem(struct super_block *sb) |
1122 |
+ if (sb_rdonly(sb)) |
1123 |
+ return 0; |
1124 |
+ |
1125 |
+- ret = __sync_filesystem(sb, 0); |
1126 |
+- if (ret < 0) |
1127 |
++ /* |
1128 |
++ * Do the filesystem syncing work. For simple filesystems |
1129 |
++ * writeback_inodes_sb(sb) just dirties buffers with inodes so we have |
1130 |
++ * to submit I/O for these buffers via __sync_blockdev(). This also |
1131 |
++ * speeds up the wait == 1 case since in that case write_inode() |
1132 |
++ * methods call sync_dirty_buffer() and thus effectively write one block |
1133 |
++ * at a time. |
1134 |
++ */ |
1135 |
++ writeback_inodes_sb(sb, WB_REASON_SYNC); |
1136 |
++ if (sb->s_op->sync_fs) { |
1137 |
++ ret = sb->s_op->sync_fs(sb, 0); |
1138 |
++ if (ret) |
1139 |
++ return ret; |
1140 |
++ } |
1141 |
++ ret = __sync_blockdev(sb->s_bdev, 0); |
1142 |
++ if (ret) |
1143 |
+ return ret; |
1144 |
+- return __sync_filesystem(sb, 1); |
1145 |
++ |
1146 |
++ sync_inodes_sb(sb); |
1147 |
++ if (sb->s_op->sync_fs) { |
1148 |
++ ret = sb->s_op->sync_fs(sb, 1); |
1149 |
++ if (ret) |
1150 |
++ return ret; |
1151 |
++ } |
1152 |
++ return __sync_blockdev(sb->s_bdev, 1); |
1153 |
+ } |
1154 |
+ EXPORT_SYMBOL(sync_filesystem); |
1155 |
+ |
1156 |
+diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c |
1157 |
+index 646735aad45df..103fa8381e7dc 100644 |
1158 |
+--- a/fs/xfs/xfs_ioctl.c |
1159 |
++++ b/fs/xfs/xfs_ioctl.c |
1160 |
+@@ -371,7 +371,7 @@ int |
1161 |
+ xfs_ioc_attr_list( |
1162 |
+ struct xfs_inode *dp, |
1163 |
+ void __user *ubuf, |
1164 |
+- int bufsize, |
1165 |
++ size_t bufsize, |
1166 |
+ int flags, |
1167 |
+ struct xfs_attrlist_cursor __user *ucursor) |
1168 |
+ { |
1169 |
+@@ -1689,7 +1689,7 @@ xfs_ioc_getbmap( |
1170 |
+ |
1171 |
+ if (bmx.bmv_count < 2) |
1172 |
+ return -EINVAL; |
1173 |
+- if (bmx.bmv_count > ULONG_MAX / recsize) |
1174 |
++ if (bmx.bmv_count >= INT_MAX / recsize) |
1175 |
+ return -ENOMEM; |
1176 |
+ |
1177 |
+ buf = kvzalloc(bmx.bmv_count * sizeof(*buf), GFP_KERNEL); |
1178 |
+diff --git a/fs/xfs/xfs_ioctl.h b/fs/xfs/xfs_ioctl.h |
1179 |
+index bab6a5a924077..416e20de66e7d 100644 |
1180 |
+--- a/fs/xfs/xfs_ioctl.h |
1181 |
++++ b/fs/xfs/xfs_ioctl.h |
1182 |
+@@ -38,8 +38,9 @@ xfs_readlink_by_handle( |
1183 |
+ int xfs_ioc_attrmulti_one(struct file *parfilp, struct inode *inode, |
1184 |
+ uint32_t opcode, void __user *uname, void __user *value, |
1185 |
+ uint32_t *len, uint32_t flags); |
1186 |
+-int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, int bufsize, |
1187 |
+- int flags, struct xfs_attrlist_cursor __user *ucursor); |
1188 |
++int xfs_ioc_attr_list(struct xfs_inode *dp, void __user *ubuf, |
1189 |
++ size_t bufsize, int flags, |
1190 |
++ struct xfs_attrlist_cursor __user *ucursor); |
1191 |
+ |
1192 |
+ extern struct dentry * |
1193 |
+ xfs_handle_to_dentry( |
1194 |
+diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c |
1195 |
+index 6323974d6b3e6..434c87cc9fbf5 100644 |
1196 |
+--- a/fs/xfs/xfs_super.c |
1197 |
++++ b/fs/xfs/xfs_super.c |
1198 |
+@@ -757,6 +757,7 @@ xfs_fs_sync_fs( |
1199 |
+ int wait) |
1200 |
+ { |
1201 |
+ struct xfs_mount *mp = XFS_M(sb); |
1202 |
++ int error; |
1203 |
+ |
1204 |
+ /* |
1205 |
+ * Doing anything during the async pass would be counterproductive. |
1206 |
+@@ -764,7 +765,10 @@ xfs_fs_sync_fs( |
1207 |
+ if (!wait) |
1208 |
+ return 0; |
1209 |
+ |
1210 |
+- xfs_log_force(mp, XFS_LOG_SYNC); |
1211 |
++ error = xfs_log_force(mp, XFS_LOG_SYNC); |
1212 |
++ if (error) |
1213 |
++ return error; |
1214 |
++ |
1215 |
+ if (laptop_mode) { |
1216 |
+ /* |
1217 |
+ * The disk must be active because we're syncing. |
1218 |
+@@ -1716,6 +1720,11 @@ xfs_remount_ro( |
1219 |
+ }; |
1220 |
+ int error; |
1221 |
+ |
1222 |
++ /* Flush all the dirty data to disk. */ |
1223 |
++ error = sync_filesystem(mp->m_super); |
1224 |
++ if (error) |
1225 |
++ return error; |
1226 |
++ |
1227 |
+ /* |
1228 |
+ * Cancel background eofb scanning so it cannot race with the final |
1229 |
+ * log force+buftarg wait and deadlock the remount. |
1230 |
+@@ -1786,8 +1795,6 @@ xfs_fc_reconfigure( |
1231 |
+ if (error) |
1232 |
+ return error; |
1233 |
+ |
1234 |
+- sync_filesystem(mp->m_super); |
1235 |
+- |
1236 |
+ /* inode32 -> inode64 */ |
1237 |
+ if ((mp->m_flags & XFS_MOUNT_SMALL_INUMS) && |
1238 |
+ !(new_mp->m_flags & XFS_MOUNT_SMALL_INUMS)) { |
1239 |
+diff --git a/include/asm-generic/sections.h b/include/asm-generic/sections.h |
1240 |
+index d16302d3eb597..72f1e2a8c1670 100644 |
1241 |
+--- a/include/asm-generic/sections.h |
1242 |
++++ b/include/asm-generic/sections.h |
1243 |
+@@ -114,7 +114,7 @@ static inline bool memory_contains(void *begin, void *end, void *virt, |
1244 |
+ /** |
1245 |
+ * memory_intersects - checks if the region occupied by an object intersects |
1246 |
+ * with another memory region |
1247 |
+- * @begin: virtual address of the beginning of the memory regien |
1248 |
++ * @begin: virtual address of the beginning of the memory region |
1249 |
+ * @end: virtual address of the end of the memory region |
1250 |
+ * @virt: virtual address of the memory object |
1251 |
+ * @size: size of the memory object |
1252 |
+@@ -127,7 +127,10 @@ static inline bool memory_intersects(void *begin, void *end, void *virt, |
1253 |
+ { |
1254 |
+ void *vend = virt + size; |
1255 |
+ |
1256 |
+- return (virt >= begin && virt < end) || (vend >= begin && vend < end); |
1257 |
++ if (virt < end && vend > begin) |
1258 |
++ return true; |
1259 |
++ |
1260 |
++ return false; |
1261 |
+ } |
1262 |
+ |
1263 |
+ /** |
1264 |
+diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h |
1265 |
+index ed2d531400051..6564fb4ac49e1 100644 |
1266 |
+--- a/include/linux/netdevice.h |
1267 |
++++ b/include/linux/netdevice.h |
1268 |
+@@ -633,9 +633,23 @@ extern int sysctl_devconf_inherit_init_net; |
1269 |
+ */ |
1270 |
+ static inline bool net_has_fallback_tunnels(const struct net *net) |
1271 |
+ { |
1272 |
+- return !IS_ENABLED(CONFIG_SYSCTL) || |
1273 |
+- !sysctl_fb_tunnels_only_for_init_net || |
1274 |
+- (net == &init_net && sysctl_fb_tunnels_only_for_init_net == 1); |
1275 |
++#if IS_ENABLED(CONFIG_SYSCTL) |
1276 |
++ int fb_tunnels_only_for_init_net = READ_ONCE(sysctl_fb_tunnels_only_for_init_net); |
1277 |
++ |
1278 |
++ return !fb_tunnels_only_for_init_net || |
1279 |
++ (net_eq(net, &init_net) && fb_tunnels_only_for_init_net == 1); |
1280 |
++#else |
1281 |
++ return true; |
1282 |
++#endif |
1283 |
++} |
1284 |
++ |
1285 |
++static inline int net_inherit_devconf(void) |
1286 |
++{ |
1287 |
++#if IS_ENABLED(CONFIG_SYSCTL) |
1288 |
++ return READ_ONCE(sysctl_devconf_inherit_init_net); |
1289 |
++#else |
1290 |
++ return 0; |
1291 |
++#endif |
1292 |
+ } |
1293 |
+ |
1294 |
+ static inline int netdev_queue_numa_node_read(const struct netdev_queue *q) |
1295 |
+diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h |
1296 |
+index 3a956145a25cb..a18fb73a2b772 100644 |
1297 |
+--- a/include/linux/netfilter_bridge/ebtables.h |
1298 |
++++ b/include/linux/netfilter_bridge/ebtables.h |
1299 |
+@@ -94,10 +94,6 @@ struct ebt_table { |
1300 |
+ struct ebt_replace_kernel *table; |
1301 |
+ unsigned int valid_hooks; |
1302 |
+ rwlock_t lock; |
1303 |
+- /* e.g. could be the table explicitly only allows certain |
1304 |
+- * matches, targets, ... 0 == let it in */ |
1305 |
+- int (*check)(const struct ebt_table_info *info, |
1306 |
+- unsigned int valid_hooks); |
1307 |
+ /* the data used by the kernel */ |
1308 |
+ struct ebt_table_info *private; |
1309 |
+ struct module *me; |
1310 |
+diff --git a/include/linux/sched.h b/include/linux/sched.h |
1311 |
+index 4e8425c1c5605..b055c217eb0be 100644 |
1312 |
+--- a/include/linux/sched.h |
1313 |
++++ b/include/linux/sched.h |
1314 |
+@@ -542,10 +542,6 @@ struct sched_dl_entity { |
1315 |
+ * task has to wait for a replenishment to be performed at the |
1316 |
+ * next firing of dl_timer. |
1317 |
+ * |
1318 |
+- * @dl_boosted tells if we are boosted due to DI. If so we are |
1319 |
+- * outside bandwidth enforcement mechanism (but only until we |
1320 |
+- * exit the critical section); |
1321 |
+- * |
1322 |
+ * @dl_yielded tells if task gave up the CPU before consuming |
1323 |
+ * all its available runtime during the last job. |
1324 |
+ * |
1325 |
+diff --git a/include/net/busy_poll.h b/include/net/busy_poll.h |
1326 |
+index 716b7c5f6fdd9..36e5e75e71720 100644 |
1327 |
+--- a/include/net/busy_poll.h |
1328 |
++++ b/include/net/busy_poll.h |
1329 |
+@@ -31,7 +31,7 @@ extern unsigned int sysctl_net_busy_poll __read_mostly; |
1330 |
+ |
1331 |
+ static inline bool net_busy_loop_on(void) |
1332 |
+ { |
1333 |
+- return sysctl_net_busy_poll; |
1334 |
++ return READ_ONCE(sysctl_net_busy_poll); |
1335 |
+ } |
1336 |
+ |
1337 |
+ static inline bool sk_can_busy_loop(const struct sock *sk) |
1338 |
+diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h |
1339 |
+index b9948e7861f22..e66fee99ed3ea 100644 |
1340 |
+--- a/include/net/netfilter/nf_tables.h |
1341 |
++++ b/include/net/netfilter/nf_tables.h |
1342 |
+@@ -176,13 +176,18 @@ struct nft_ctx { |
1343 |
+ bool report; |
1344 |
+ }; |
1345 |
+ |
1346 |
++enum nft_data_desc_flags { |
1347 |
++ NFT_DATA_DESC_SETELEM = (1 << 0), |
1348 |
++}; |
1349 |
++ |
1350 |
+ struct nft_data_desc { |
1351 |
+ enum nft_data_types type; |
1352 |
++ unsigned int size; |
1353 |
+ unsigned int len; |
1354 |
++ unsigned int flags; |
1355 |
+ }; |
1356 |
+ |
1357 |
+-int nft_data_init(const struct nft_ctx *ctx, |
1358 |
+- struct nft_data *data, unsigned int size, |
1359 |
++int nft_data_init(const struct nft_ctx *ctx, struct nft_data *data, |
1360 |
+ struct nft_data_desc *desc, const struct nlattr *nla); |
1361 |
+ void nft_data_hold(const struct nft_data *data, enum nft_data_types type); |
1362 |
+ void nft_data_release(const struct nft_data *data, enum nft_data_types type); |
1363 |
+diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h |
1364 |
+index fd10a7862fdc6..ce75121782bf7 100644 |
1365 |
+--- a/include/net/netfilter/nf_tables_core.h |
1366 |
++++ b/include/net/netfilter/nf_tables_core.h |
1367 |
+@@ -38,6 +38,14 @@ struct nft_cmp_fast_expr { |
1368 |
+ bool inv; |
1369 |
+ }; |
1370 |
+ |
1371 |
++struct nft_cmp16_fast_expr { |
1372 |
++ struct nft_data data; |
1373 |
++ struct nft_data mask; |
1374 |
++ u8 sreg; |
1375 |
++ u8 len; |
1376 |
++ bool inv; |
1377 |
++}; |
1378 |
++ |
1379 |
+ struct nft_immediate_expr { |
1380 |
+ struct nft_data data; |
1381 |
+ u8 dreg; |
1382 |
+@@ -55,6 +63,7 @@ static inline u32 nft_cmp_fast_mask(unsigned int len) |
1383 |
+ } |
1384 |
+ |
1385 |
+ extern const struct nft_expr_ops nft_cmp_fast_ops; |
1386 |
++extern const struct nft_expr_ops nft_cmp16_fast_ops; |
1387 |
+ |
1388 |
+ struct nft_payload { |
1389 |
+ enum nft_payload_bases base:8; |
1390 |
+diff --git a/include/net/sock.h b/include/net/sock.h |
1391 |
+index 333131f47ac13..d31c2b9107e54 100644 |
1392 |
+--- a/include/net/sock.h |
1393 |
++++ b/include/net/sock.h |
1394 |
+@@ -2678,18 +2678,18 @@ static inline int sk_get_wmem0(const struct sock *sk, const struct proto *proto) |
1395 |
+ { |
1396 |
+ /* Does this proto have per netns sysctl_wmem ? */ |
1397 |
+ if (proto->sysctl_wmem_offset) |
1398 |
+- return *(int *)((void *)sock_net(sk) + proto->sysctl_wmem_offset); |
1399 |
++ return READ_ONCE(*(int *)((void *)sock_net(sk) + proto->sysctl_wmem_offset)); |
1400 |
+ |
1401 |
+- return *proto->sysctl_wmem; |
1402 |
++ return READ_ONCE(*proto->sysctl_wmem); |
1403 |
+ } |
1404 |
+ |
1405 |
+ static inline int sk_get_rmem0(const struct sock *sk, const struct proto *proto) |
1406 |
+ { |
1407 |
+ /* Does this proto have per netns sysctl_rmem ? */ |
1408 |
+ if (proto->sysctl_rmem_offset) |
1409 |
+- return *(int *)((void *)sock_net(sk) + proto->sysctl_rmem_offset); |
1410 |
++ return READ_ONCE(*(int *)((void *)sock_net(sk) + proto->sysctl_rmem_offset)); |
1411 |
+ |
1412 |
+- return *proto->sysctl_rmem; |
1413 |
++ return READ_ONCE(*proto->sysctl_rmem); |
1414 |
+ } |
1415 |
+ |
1416 |
+ /* Default TCP Small queue budget is ~1 ms of data (1sec >> 10) |
1417 |
+diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c |
1418 |
+index 5b3f01da172bc..b2ebacd2f3097 100644 |
1419 |
+--- a/kernel/audit_fsnotify.c |
1420 |
++++ b/kernel/audit_fsnotify.c |
1421 |
+@@ -102,6 +102,7 @@ struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pa |
1422 |
+ |
1423 |
+ ret = fsnotify_add_inode_mark(&audit_mark->mark, inode, true); |
1424 |
+ if (ret < 0) { |
1425 |
++ audit_mark->path = NULL; |
1426 |
+ fsnotify_put_mark(&audit_mark->mark); |
1427 |
+ audit_mark = ERR_PTR(ret); |
1428 |
+ } |
1429 |
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c |
1430 |
+index de636b7445b11..e4dcc23b52c01 100644 |
1431 |
+--- a/kernel/bpf/verifier.c |
1432 |
++++ b/kernel/bpf/verifier.c |
1433 |
+@@ -5282,8 +5282,7 @@ record_func_key(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta, |
1434 |
+ struct bpf_insn_aux_data *aux = &env->insn_aux_data[insn_idx]; |
1435 |
+ struct bpf_reg_state *regs = cur_regs(env), *reg; |
1436 |
+ struct bpf_map *map = meta->map_ptr; |
1437 |
+- struct tnum range; |
1438 |
+- u64 val; |
1439 |
++ u64 val, max; |
1440 |
+ int err; |
1441 |
+ |
1442 |
+ if (func_id != BPF_FUNC_tail_call) |
1443 |
+@@ -5293,10 +5292,11 @@ record_func_key(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta, |
1444 |
+ return -EINVAL; |
1445 |
+ } |
1446 |
+ |
1447 |
+- range = tnum_range(0, map->max_entries - 1); |
1448 |
+ reg = ®s[BPF_REG_3]; |
1449 |
++ val = reg->var_off.value; |
1450 |
++ max = map->max_entries; |
1451 |
+ |
1452 |
+- if (!register_is_const(reg) || !tnum_in(range, reg->var_off)) { |
1453 |
++ if (!(register_is_const(reg) && val < max)) { |
1454 |
+ bpf_map_key_store(aux, BPF_MAP_KEY_POISON); |
1455 |
+ return 0; |
1456 |
+ } |
1457 |
+@@ -5304,8 +5304,6 @@ record_func_key(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta, |
1458 |
+ err = mark_chain_precision(env, BPF_REG_3); |
1459 |
+ if (err) |
1460 |
+ return err; |
1461 |
+- |
1462 |
+- val = reg->var_off.value; |
1463 |
+ if (bpf_map_key_unseen(aux)) |
1464 |
+ bpf_map_key_store(aux, val); |
1465 |
+ else if (!bpf_map_key_poisoned(aux) && |
1466 |
+diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c |
1467 |
+index f27ac94d5fa72..cdecd47e5580d 100644 |
1468 |
+--- a/kernel/sys_ni.c |
1469 |
++++ b/kernel/sys_ni.c |
1470 |
+@@ -268,6 +268,7 @@ COND_SYSCALL_COMPAT(keyctl); |
1471 |
+ |
1472 |
+ /* mm/fadvise.c */ |
1473 |
+ COND_SYSCALL(fadvise64_64); |
1474 |
++COND_SYSCALL_COMPAT(fadvise64_64); |
1475 |
+ |
1476 |
+ /* mm/, CONFIG_MMU only */ |
1477 |
+ COND_SYSCALL(swapon); |
1478 |
+diff --git a/lib/ratelimit.c b/lib/ratelimit.c |
1479 |
+index e01a93f46f833..ce945c17980b9 100644 |
1480 |
+--- a/lib/ratelimit.c |
1481 |
++++ b/lib/ratelimit.c |
1482 |
+@@ -26,10 +26,16 @@ |
1483 |
+ */ |
1484 |
+ int ___ratelimit(struct ratelimit_state *rs, const char *func) |
1485 |
+ { |
1486 |
++ /* Paired with WRITE_ONCE() in .proc_handler(). |
1487 |
++ * Changing two values seperately could be inconsistent |
1488 |
++ * and some message could be lost. (See: net_ratelimit_state). |
1489 |
++ */ |
1490 |
++ int interval = READ_ONCE(rs->interval); |
1491 |
++ int burst = READ_ONCE(rs->burst); |
1492 |
+ unsigned long flags; |
1493 |
+ int ret; |
1494 |
+ |
1495 |
+- if (!rs->interval) |
1496 |
++ if (!interval) |
1497 |
+ return 1; |
1498 |
+ |
1499 |
+ /* |
1500 |
+@@ -44,7 +50,7 @@ int ___ratelimit(struct ratelimit_state *rs, const char *func) |
1501 |
+ if (!rs->begin) |
1502 |
+ rs->begin = jiffies; |
1503 |
+ |
1504 |
+- if (time_is_before_jiffies(rs->begin + rs->interval)) { |
1505 |
++ if (time_is_before_jiffies(rs->begin + interval)) { |
1506 |
+ if (rs->missed) { |
1507 |
+ if (!(rs->flags & RATELIMIT_MSG_ON_RELEASE)) { |
1508 |
+ printk_deferred(KERN_WARNING |
1509 |
+@@ -56,7 +62,7 @@ int ___ratelimit(struct ratelimit_state *rs, const char *func) |
1510 |
+ rs->begin = jiffies; |
1511 |
+ rs->printed = 0; |
1512 |
+ } |
1513 |
+- if (rs->burst && rs->burst > rs->printed) { |
1514 |
++ if (burst && burst > rs->printed) { |
1515 |
+ rs->printed++; |
1516 |
+ ret = 1; |
1517 |
+ } else { |
1518 |
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
1519 |
+index 594368f6134f1..cb7b0aead7096 100644 |
1520 |
+--- a/mm/huge_memory.c |
1521 |
++++ b/mm/huge_memory.c |
1522 |
+@@ -1691,7 +1691,7 @@ int zap_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma, |
1523 |
+ |
1524 |
+ VM_BUG_ON(!is_pmd_migration_entry(orig_pmd)); |
1525 |
+ entry = pmd_to_swp_entry(orig_pmd); |
1526 |
+- page = pfn_to_page(swp_offset(entry)); |
1527 |
++ page = migration_entry_to_page(entry); |
1528 |
+ flush_needed = 0; |
1529 |
+ } else |
1530 |
+ WARN_ONCE(1, "Non present huge pmd without pmd migration enabled!"); |
1531 |
+@@ -2110,7 +2110,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, |
1532 |
+ swp_entry_t entry; |
1533 |
+ |
1534 |
+ entry = pmd_to_swp_entry(old_pmd); |
1535 |
+- page = pfn_to_page(swp_offset(entry)); |
1536 |
++ page = migration_entry_to_page(entry); |
1537 |
+ write = is_write_migration_entry(entry); |
1538 |
+ young = false; |
1539 |
+ soft_dirty = pmd_swp_soft_dirty(old_pmd); |
1540 |
+diff --git a/mm/mmap.c b/mm/mmap.c |
1541 |
+index a50042918cc7e..a1ee93f55cebb 100644 |
1542 |
+--- a/mm/mmap.c |
1543 |
++++ b/mm/mmap.c |
1544 |
+@@ -1694,8 +1694,12 @@ int vma_wants_writenotify(struct vm_area_struct *vma, pgprot_t vm_page_prot) |
1545 |
+ pgprot_val(vm_pgprot_modify(vm_page_prot, vm_flags))) |
1546 |
+ return 0; |
1547 |
+ |
1548 |
+- /* Do we need to track softdirty? */ |
1549 |
+- if (IS_ENABLED(CONFIG_MEM_SOFT_DIRTY) && !(vm_flags & VM_SOFTDIRTY)) |
1550 |
++ /* |
1551 |
++ * Do we need to track softdirty? hugetlb does not support softdirty |
1552 |
++ * tracking yet. |
1553 |
++ */ |
1554 |
++ if (IS_ENABLED(CONFIG_MEM_SOFT_DIRTY) && !(vm_flags & VM_SOFTDIRTY) && |
1555 |
++ !is_vm_hugetlb_page(vma)) |
1556 |
+ return 1; |
1557 |
+ |
1558 |
+ /* Specialty mapping? */ |
1559 |
+diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c |
1560 |
+index 32bc2821027f3..57f91efce0f73 100644 |
1561 |
+--- a/net/bridge/netfilter/ebtable_broute.c |
1562 |
++++ b/net/bridge/netfilter/ebtable_broute.c |
1563 |
+@@ -36,18 +36,10 @@ static struct ebt_replace_kernel initial_table = { |
1564 |
+ .entries = (char *)&initial_chain, |
1565 |
+ }; |
1566 |
+ |
1567 |
+-static int check(const struct ebt_table_info *info, unsigned int valid_hooks) |
1568 |
+-{ |
1569 |
+- if (valid_hooks & ~(1 << NF_BR_BROUTING)) |
1570 |
+- return -EINVAL; |
1571 |
+- return 0; |
1572 |
+-} |
1573 |
+- |
1574 |
+ static const struct ebt_table broute_table = { |
1575 |
+ .name = "broute", |
1576 |
+ .table = &initial_table, |
1577 |
+ .valid_hooks = 1 << NF_BR_BROUTING, |
1578 |
+- .check = check, |
1579 |
+ .me = THIS_MODULE, |
1580 |
+ }; |
1581 |
+ |
1582 |
+diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c |
1583 |
+index bcf982e12f16b..7f2e620f4978f 100644 |
1584 |
+--- a/net/bridge/netfilter/ebtable_filter.c |
1585 |
++++ b/net/bridge/netfilter/ebtable_filter.c |
1586 |
+@@ -43,18 +43,10 @@ static struct ebt_replace_kernel initial_table = { |
1587 |
+ .entries = (char *)initial_chains, |
1588 |
+ }; |
1589 |
+ |
1590 |
+-static int check(const struct ebt_table_info *info, unsigned int valid_hooks) |
1591 |
+-{ |
1592 |
+- if (valid_hooks & ~FILTER_VALID_HOOKS) |
1593 |
+- return -EINVAL; |
1594 |
+- return 0; |
1595 |
+-} |
1596 |
+- |
1597 |
+ static const struct ebt_table frame_filter = { |
1598 |
+ .name = "filter", |
1599 |
+ .table = &initial_table, |
1600 |
+ .valid_hooks = FILTER_VALID_HOOKS, |
1601 |
+- .check = check, |
1602 |
+ .me = THIS_MODULE, |
1603 |
+ }; |
1604 |
+ |
1605 |
+diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c |
1606 |
+index 0d092773f8161..1743a105485c4 100644 |
1607 |
+--- a/net/bridge/netfilter/ebtable_nat.c |
1608 |
++++ b/net/bridge/netfilter/ebtable_nat.c |
1609 |
+@@ -43,18 +43,10 @@ static struct ebt_replace_kernel initial_table = { |
1610 |
+ .entries = (char *)initial_chains, |
1611 |
+ }; |
1612 |
+ |
1613 |
+-static int check(const struct ebt_table_info *info, unsigned int valid_hooks) |
1614 |
+-{ |
1615 |
+- if (valid_hooks & ~NAT_VALID_HOOKS) |
1616 |
+- return -EINVAL; |
1617 |
+- return 0; |
1618 |
+-} |
1619 |
+- |
1620 |
+ static const struct ebt_table frame_nat = { |
1621 |
+ .name = "nat", |
1622 |
+ .table = &initial_table, |
1623 |
+ .valid_hooks = NAT_VALID_HOOKS, |
1624 |
+- .check = check, |
1625 |
+ .me = THIS_MODULE, |
1626 |
+ }; |
1627 |
+ |
1628 |
+diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c |
1629 |
+index d481ff24a1501..310740cc684ad 100644 |
1630 |
+--- a/net/bridge/netfilter/ebtables.c |
1631 |
++++ b/net/bridge/netfilter/ebtables.c |
1632 |
+@@ -999,8 +999,7 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl, |
1633 |
+ goto free_iterate; |
1634 |
+ } |
1635 |
+ |
1636 |
+- /* the table doesn't like it */ |
1637 |
+- if (t->check && (ret = t->check(newinfo, repl->valid_hooks))) |
1638 |
++ if (repl->valid_hooks != t->valid_hooks) |
1639 |
+ goto free_unlock; |
1640 |
+ |
1641 |
+ if (repl->num_counters && repl->num_counters != t->private->nentries) { |
1642 |
+@@ -1186,11 +1185,6 @@ int ebt_register_table(struct net *net, const struct ebt_table *input_table, |
1643 |
+ if (ret != 0) |
1644 |
+ goto free_chainstack; |
1645 |
+ |
1646 |
+- if (table->check && table->check(newinfo, table->valid_hooks)) { |
1647 |
+- ret = -EINVAL; |
1648 |
+- goto free_chainstack; |
1649 |
+- } |
1650 |
+- |
1651 |
+ table->private = newinfo; |
1652 |
+ rwlock_init(&table->lock); |
1653 |
+ mutex_lock(&ebt_mutex); |
1654 |
+diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c |
1655 |
+index 5f773624948ff..d67d06d6b817c 100644 |
1656 |
+--- a/net/core/bpf_sk_storage.c |
1657 |
++++ b/net/core/bpf_sk_storage.c |
1658 |
+@@ -15,18 +15,6 @@ |
1659 |
+ |
1660 |
+ DEFINE_BPF_STORAGE_CACHE(sk_cache); |
1661 |
+ |
1662 |
+-static int omem_charge(struct sock *sk, unsigned int size) |
1663 |
+-{ |
1664 |
+- /* same check as in sock_kmalloc() */ |
1665 |
+- if (size <= sysctl_optmem_max && |
1666 |
+- atomic_read(&sk->sk_omem_alloc) + size < sysctl_optmem_max) { |
1667 |
+- atomic_add(size, &sk->sk_omem_alloc); |
1668 |
+- return 0; |
1669 |
+- } |
1670 |
+- |
1671 |
+- return -ENOMEM; |
1672 |
+-} |
1673 |
+- |
1674 |
+ static struct bpf_local_storage_data * |
1675 |
+ sk_storage_lookup(struct sock *sk, struct bpf_map *map, bool cacheit_lockit) |
1676 |
+ { |
1677 |
+@@ -316,7 +304,17 @@ BPF_CALL_2(bpf_sk_storage_delete, struct bpf_map *, map, struct sock *, sk) |
1678 |
+ static int sk_storage_charge(struct bpf_local_storage_map *smap, |
1679 |
+ void *owner, u32 size) |
1680 |
+ { |
1681 |
+- return omem_charge(owner, size); |
1682 |
++ int optmem_max = READ_ONCE(sysctl_optmem_max); |
1683 |
++ struct sock *sk = (struct sock *)owner; |
1684 |
++ |
1685 |
++ /* same check as in sock_kmalloc() */ |
1686 |
++ if (size <= optmem_max && |
1687 |
++ atomic_read(&sk->sk_omem_alloc) + size < optmem_max) { |
1688 |
++ atomic_add(size, &sk->sk_omem_alloc); |
1689 |
++ return 0; |
1690 |
++ } |
1691 |
++ |
1692 |
++ return -ENOMEM; |
1693 |
+ } |
1694 |
+ |
1695 |
+ static void sk_storage_uncharge(struct bpf_local_storage_map *smap, |
1696 |
+diff --git a/net/core/dev.c b/net/core/dev.c |
1697 |
+index 637bc576fbd26..8355cc5e11a98 100644 |
1698 |
+--- a/net/core/dev.c |
1699 |
++++ b/net/core/dev.c |
1700 |
+@@ -4516,7 +4516,7 @@ static bool skb_flow_limit(struct sk_buff *skb, unsigned int qlen) |
1701 |
+ struct softnet_data *sd; |
1702 |
+ unsigned int old_flow, new_flow; |
1703 |
+ |
1704 |
+- if (qlen < (netdev_max_backlog >> 1)) |
1705 |
++ if (qlen < (READ_ONCE(netdev_max_backlog) >> 1)) |
1706 |
+ return false; |
1707 |
+ |
1708 |
+ sd = this_cpu_ptr(&softnet_data); |
1709 |
+@@ -4564,7 +4564,7 @@ static int enqueue_to_backlog(struct sk_buff *skb, int cpu, |
1710 |
+ if (!netif_running(skb->dev)) |
1711 |
+ goto drop; |
1712 |
+ qlen = skb_queue_len(&sd->input_pkt_queue); |
1713 |
+- if (qlen <= netdev_max_backlog && !skb_flow_limit(skb, qlen)) { |
1714 |
++ if (qlen <= READ_ONCE(netdev_max_backlog) && !skb_flow_limit(skb, qlen)) { |
1715 |
+ if (qlen) { |
1716 |
+ enqueue: |
1717 |
+ __skb_queue_tail(&sd->input_pkt_queue, skb); |
1718 |
+@@ -4795,7 +4795,7 @@ static int netif_rx_internal(struct sk_buff *skb) |
1719 |
+ { |
1720 |
+ int ret; |
1721 |
+ |
1722 |
+- net_timestamp_check(netdev_tstamp_prequeue, skb); |
1723 |
++ net_timestamp_check(READ_ONCE(netdev_tstamp_prequeue), skb); |
1724 |
+ |
1725 |
+ trace_netif_rx(skb); |
1726 |
+ |
1727 |
+@@ -5156,7 +5156,7 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, |
1728 |
+ int ret = NET_RX_DROP; |
1729 |
+ __be16 type; |
1730 |
+ |
1731 |
+- net_timestamp_check(!netdev_tstamp_prequeue, skb); |
1732 |
++ net_timestamp_check(!READ_ONCE(netdev_tstamp_prequeue), skb); |
1733 |
+ |
1734 |
+ trace_netif_receive_skb(skb); |
1735 |
+ |
1736 |
+@@ -5558,7 +5558,7 @@ static int netif_receive_skb_internal(struct sk_buff *skb) |
1737 |
+ { |
1738 |
+ int ret; |
1739 |
+ |
1740 |
+- net_timestamp_check(netdev_tstamp_prequeue, skb); |
1741 |
++ net_timestamp_check(READ_ONCE(netdev_tstamp_prequeue), skb); |
1742 |
+ |
1743 |
+ if (skb_defer_rx_timestamp(skb)) |
1744 |
+ return NET_RX_SUCCESS; |
1745 |
+@@ -5588,7 +5588,7 @@ static void netif_receive_skb_list_internal(struct list_head *head) |
1746 |
+ |
1747 |
+ INIT_LIST_HEAD(&sublist); |
1748 |
+ list_for_each_entry_safe(skb, next, head, list) { |
1749 |
+- net_timestamp_check(netdev_tstamp_prequeue, skb); |
1750 |
++ net_timestamp_check(READ_ONCE(netdev_tstamp_prequeue), skb); |
1751 |
+ skb_list_del_init(skb); |
1752 |
+ if (!skb_defer_rx_timestamp(skb)) |
1753 |
+ list_add_tail(&skb->list, &sublist); |
1754 |
+@@ -6371,7 +6371,7 @@ static int process_backlog(struct napi_struct *napi, int quota) |
1755 |
+ net_rps_action_and_irq_enable(sd); |
1756 |
+ } |
1757 |
+ |
1758 |
+- napi->weight = dev_rx_weight; |
1759 |
++ napi->weight = READ_ONCE(dev_rx_weight); |
1760 |
+ while (again) { |
1761 |
+ struct sk_buff *skb; |
1762 |
+ |
1763 |
+@@ -6879,8 +6879,8 @@ static __latent_entropy void net_rx_action(struct softirq_action *h) |
1764 |
+ { |
1765 |
+ struct softnet_data *sd = this_cpu_ptr(&softnet_data); |
1766 |
+ unsigned long time_limit = jiffies + |
1767 |
+- usecs_to_jiffies(netdev_budget_usecs); |
1768 |
+- int budget = netdev_budget; |
1769 |
++ usecs_to_jiffies(READ_ONCE(netdev_budget_usecs)); |
1770 |
++ int budget = READ_ONCE(netdev_budget); |
1771 |
+ LIST_HEAD(list); |
1772 |
+ LIST_HEAD(repoll); |
1773 |
+ |
1774 |
+diff --git a/net/core/filter.c b/net/core/filter.c |
1775 |
+index 815edf7bc4390..4c22e6d1da746 100644 |
1776 |
+--- a/net/core/filter.c |
1777 |
++++ b/net/core/filter.c |
1778 |
+@@ -1212,10 +1212,11 @@ void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) |
1779 |
+ static bool __sk_filter_charge(struct sock *sk, struct sk_filter *fp) |
1780 |
+ { |
1781 |
+ u32 filter_size = bpf_prog_size(fp->prog->len); |
1782 |
++ int optmem_max = READ_ONCE(sysctl_optmem_max); |
1783 |
+ |
1784 |
+ /* same check as in sock_kmalloc() */ |
1785 |
+- if (filter_size <= sysctl_optmem_max && |
1786 |
+- atomic_read(&sk->sk_omem_alloc) + filter_size < sysctl_optmem_max) { |
1787 |
++ if (filter_size <= optmem_max && |
1788 |
++ atomic_read(&sk->sk_omem_alloc) + filter_size < optmem_max) { |
1789 |
+ atomic_add(filter_size, &sk->sk_omem_alloc); |
1790 |
+ return true; |
1791 |
+ } |
1792 |
+@@ -1547,7 +1548,7 @@ int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk) |
1793 |
+ if (IS_ERR(prog)) |
1794 |
+ return PTR_ERR(prog); |
1795 |
+ |
1796 |
+- if (bpf_prog_size(prog->len) > sysctl_optmem_max) |
1797 |
++ if (bpf_prog_size(prog->len) > READ_ONCE(sysctl_optmem_max)) |
1798 |
+ err = -ENOMEM; |
1799 |
+ else |
1800 |
+ err = reuseport_attach_prog(sk, prog); |
1801 |
+@@ -1614,7 +1615,7 @@ int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk) |
1802 |
+ } |
1803 |
+ } else { |
1804 |
+ /* BPF_PROG_TYPE_SOCKET_FILTER */ |
1805 |
+- if (bpf_prog_size(prog->len) > sysctl_optmem_max) { |
1806 |
++ if (bpf_prog_size(prog->len) > READ_ONCE(sysctl_optmem_max)) { |
1807 |
+ err = -ENOMEM; |
1808 |
+ goto err_prog_put; |
1809 |
+ } |
1810 |
+@@ -4713,14 +4714,14 @@ static int _bpf_setsockopt(struct sock *sk, int level, int optname, |
1811 |
+ /* Only some socketops are supported */ |
1812 |
+ switch (optname) { |
1813 |
+ case SO_RCVBUF: |
1814 |
+- val = min_t(u32, val, sysctl_rmem_max); |
1815 |
++ val = min_t(u32, val, READ_ONCE(sysctl_rmem_max)); |
1816 |
+ val = min_t(int, val, INT_MAX / 2); |
1817 |
+ sk->sk_userlocks |= SOCK_RCVBUF_LOCK; |
1818 |
+ WRITE_ONCE(sk->sk_rcvbuf, |
1819 |
+ max_t(int, val * 2, SOCK_MIN_RCVBUF)); |
1820 |
+ break; |
1821 |
+ case SO_SNDBUF: |
1822 |
+- val = min_t(u32, val, sysctl_wmem_max); |
1823 |
++ val = min_t(u32, val, READ_ONCE(sysctl_wmem_max)); |
1824 |
+ val = min_t(int, val, INT_MAX / 2); |
1825 |
+ sk->sk_userlocks |= SOCK_SNDBUF_LOCK; |
1826 |
+ WRITE_ONCE(sk->sk_sndbuf, |
1827 |
+diff --git a/net/core/gro_cells.c b/net/core/gro_cells.c |
1828 |
+index 6eb2e5ec2c506..2f66f3f295630 100644 |
1829 |
+--- a/net/core/gro_cells.c |
1830 |
++++ b/net/core/gro_cells.c |
1831 |
+@@ -26,7 +26,7 @@ int gro_cells_receive(struct gro_cells *gcells, struct sk_buff *skb) |
1832 |
+ |
1833 |
+ cell = this_cpu_ptr(gcells->cells); |
1834 |
+ |
1835 |
+- if (skb_queue_len(&cell->napi_skbs) > netdev_max_backlog) { |
1836 |
++ if (skb_queue_len(&cell->napi_skbs) > READ_ONCE(netdev_max_backlog)) { |
1837 |
+ drop: |
1838 |
+ atomic_long_inc(&dev->rx_dropped); |
1839 |
+ kfree_skb(skb); |
1840 |
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
1841 |
+index 48b6438f2a3d9..635cabcf8794f 100644 |
1842 |
+--- a/net/core/skbuff.c |
1843 |
++++ b/net/core/skbuff.c |
1844 |
+@@ -4691,7 +4691,7 @@ static bool skb_may_tx_timestamp(struct sock *sk, bool tsonly) |
1845 |
+ { |
1846 |
+ bool ret; |
1847 |
+ |
1848 |
+- if (likely(sysctl_tstamp_allow_data || tsonly)) |
1849 |
++ if (likely(READ_ONCE(sysctl_tstamp_allow_data) || tsonly)) |
1850 |
+ return true; |
1851 |
+ |
1852 |
+ read_lock_bh(&sk->sk_callback_lock); |
1853 |
+diff --git a/net/core/sock.c b/net/core/sock.c |
1854 |
+index 6d9af4ef93d7a..1bb6a003323b3 100644 |
1855 |
+--- a/net/core/sock.c |
1856 |
++++ b/net/core/sock.c |
1857 |
+@@ -887,7 +887,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, |
1858 |
+ * play 'guess the biggest size' games. RCVBUF/SNDBUF |
1859 |
+ * are treated in BSD as hints |
1860 |
+ */ |
1861 |
+- val = min_t(u32, val, sysctl_wmem_max); |
1862 |
++ val = min_t(u32, val, READ_ONCE(sysctl_wmem_max)); |
1863 |
+ set_sndbuf: |
1864 |
+ /* Ensure val * 2 fits into an int, to prevent max_t() |
1865 |
+ * from treating it as a negative value. |
1866 |
+@@ -919,7 +919,7 @@ set_sndbuf: |
1867 |
+ * play 'guess the biggest size' games. RCVBUF/SNDBUF |
1868 |
+ * are treated in BSD as hints |
1869 |
+ */ |
1870 |
+- __sock_set_rcvbuf(sk, min_t(u32, val, sysctl_rmem_max)); |
1871 |
++ __sock_set_rcvbuf(sk, min_t(u32, val, READ_ONCE(sysctl_rmem_max))); |
1872 |
+ break; |
1873 |
+ |
1874 |
+ case SO_RCVBUFFORCE: |
1875 |
+@@ -2219,7 +2219,7 @@ struct sk_buff *sock_omalloc(struct sock *sk, unsigned long size, |
1876 |
+ |
1877 |
+ /* small safe race: SKB_TRUESIZE may differ from final skb->truesize */ |
1878 |
+ if (atomic_read(&sk->sk_omem_alloc) + SKB_TRUESIZE(size) > |
1879 |
+- sysctl_optmem_max) |
1880 |
++ READ_ONCE(sysctl_optmem_max)) |
1881 |
+ return NULL; |
1882 |
+ |
1883 |
+ skb = alloc_skb(size, priority); |
1884 |
+@@ -2237,8 +2237,10 @@ struct sk_buff *sock_omalloc(struct sock *sk, unsigned long size, |
1885 |
+ */ |
1886 |
+ void *sock_kmalloc(struct sock *sk, int size, gfp_t priority) |
1887 |
+ { |
1888 |
+- if ((unsigned int)size <= sysctl_optmem_max && |
1889 |
+- atomic_read(&sk->sk_omem_alloc) + size < sysctl_optmem_max) { |
1890 |
++ int optmem_max = READ_ONCE(sysctl_optmem_max); |
1891 |
++ |
1892 |
++ if ((unsigned int)size <= optmem_max && |
1893 |
++ atomic_read(&sk->sk_omem_alloc) + size < optmem_max) { |
1894 |
+ void *mem; |
1895 |
+ /* First do the add, to avoid the race if kmalloc |
1896 |
+ * might sleep. |
1897 |
+@@ -2974,8 +2976,8 @@ void sock_init_data(struct socket *sock, struct sock *sk) |
1898 |
+ timer_setup(&sk->sk_timer, NULL, 0); |
1899 |
+ |
1900 |
+ sk->sk_allocation = GFP_KERNEL; |
1901 |
+- sk->sk_rcvbuf = sysctl_rmem_default; |
1902 |
+- sk->sk_sndbuf = sysctl_wmem_default; |
1903 |
++ sk->sk_rcvbuf = READ_ONCE(sysctl_rmem_default); |
1904 |
++ sk->sk_sndbuf = READ_ONCE(sysctl_wmem_default); |
1905 |
+ sk->sk_state = TCP_CLOSE; |
1906 |
+ sk_set_socket(sk, sock); |
1907 |
+ |
1908 |
+@@ -3030,7 +3032,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) |
1909 |
+ |
1910 |
+ #ifdef CONFIG_NET_RX_BUSY_POLL |
1911 |
+ sk->sk_napi_id = 0; |
1912 |
+- sk->sk_ll_usec = sysctl_net_busy_read; |
1913 |
++ sk->sk_ll_usec = READ_ONCE(sysctl_net_busy_read); |
1914 |
+ #endif |
1915 |
+ |
1916 |
+ sk->sk_max_pacing_rate = ~0UL; |
1917 |
+diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c |
1918 |
+index 2e0a4378e778a..0dfe9f255ab3a 100644 |
1919 |
+--- a/net/core/sysctl_net_core.c |
1920 |
++++ b/net/core/sysctl_net_core.c |
1921 |
+@@ -235,14 +235,17 @@ static int set_default_qdisc(struct ctl_table *table, int write, |
1922 |
+ static int proc_do_dev_weight(struct ctl_table *table, int write, |
1923 |
+ void *buffer, size_t *lenp, loff_t *ppos) |
1924 |
+ { |
1925 |
+- int ret; |
1926 |
++ static DEFINE_MUTEX(dev_weight_mutex); |
1927 |
++ int ret, weight; |
1928 |
+ |
1929 |
++ mutex_lock(&dev_weight_mutex); |
1930 |
+ ret = proc_dointvec(table, write, buffer, lenp, ppos); |
1931 |
+- if (ret != 0) |
1932 |
+- return ret; |
1933 |
+- |
1934 |
+- dev_rx_weight = weight_p * dev_weight_rx_bias; |
1935 |
+- dev_tx_weight = weight_p * dev_weight_tx_bias; |
1936 |
++ if (!ret && write) { |
1937 |
++ weight = READ_ONCE(weight_p); |
1938 |
++ WRITE_ONCE(dev_rx_weight, weight * dev_weight_rx_bias); |
1939 |
++ WRITE_ONCE(dev_tx_weight, weight * dev_weight_tx_bias); |
1940 |
++ } |
1941 |
++ mutex_unlock(&dev_weight_mutex); |
1942 |
+ |
1943 |
+ return ret; |
1944 |
+ } |
1945 |
+diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c |
1946 |
+index dc92a67baea39..7d542eb461729 100644 |
1947 |
+--- a/net/decnet/af_decnet.c |
1948 |
++++ b/net/decnet/af_decnet.c |
1949 |
+@@ -480,8 +480,8 @@ static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gf |
1950 |
+ sk->sk_family = PF_DECnet; |
1951 |
+ sk->sk_protocol = 0; |
1952 |
+ sk->sk_allocation = gfp; |
1953 |
+- sk->sk_sndbuf = sysctl_decnet_wmem[1]; |
1954 |
+- sk->sk_rcvbuf = sysctl_decnet_rmem[1]; |
1955 |
++ sk->sk_sndbuf = READ_ONCE(sysctl_decnet_wmem[1]); |
1956 |
++ sk->sk_rcvbuf = READ_ONCE(sysctl_decnet_rmem[1]); |
1957 |
+ |
1958 |
+ /* Initialization of DECnet Session Control Port */ |
1959 |
+ scp = DN_SK(sk); |
1960 |
+diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c |
1961 |
+index 148ef484a66ce..8f17538755507 100644 |
1962 |
+--- a/net/ipv4/devinet.c |
1963 |
++++ b/net/ipv4/devinet.c |
1964 |
+@@ -2668,23 +2668,27 @@ static __net_init int devinet_init_net(struct net *net) |
1965 |
+ #endif |
1966 |
+ |
1967 |
+ if (!net_eq(net, &init_net)) { |
1968 |
+- if (IS_ENABLED(CONFIG_SYSCTL) && |
1969 |
+- sysctl_devconf_inherit_init_net == 3) { |
1970 |
++ switch (net_inherit_devconf()) { |
1971 |
++ case 3: |
1972 |
+ /* copy from the current netns */ |
1973 |
+ memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all, |
1974 |
+ sizeof(ipv4_devconf)); |
1975 |
+ memcpy(dflt, |
1976 |
+ current->nsproxy->net_ns->ipv4.devconf_dflt, |
1977 |
+ sizeof(ipv4_devconf_dflt)); |
1978 |
+- } else if (!IS_ENABLED(CONFIG_SYSCTL) || |
1979 |
+- sysctl_devconf_inherit_init_net != 2) { |
1980 |
+- /* inherit == 0 or 1: copy from init_net */ |
1981 |
++ break; |
1982 |
++ case 0: |
1983 |
++ case 1: |
1984 |
++ /* copy from init_net */ |
1985 |
+ memcpy(all, init_net.ipv4.devconf_all, |
1986 |
+ sizeof(ipv4_devconf)); |
1987 |
+ memcpy(dflt, init_net.ipv4.devconf_dflt, |
1988 |
+ sizeof(ipv4_devconf_dflt)); |
1989 |
++ break; |
1990 |
++ case 2: |
1991 |
++ /* use compiled values */ |
1992 |
++ break; |
1993 |
+ } |
1994 |
+- /* else inherit == 2: use compiled values */ |
1995 |
+ } |
1996 |
+ |
1997 |
+ #ifdef CONFIG_SYSCTL |
1998 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
1999 |
+index f77b0af3cb657..0dbf950de832f 100644 |
2000 |
+--- a/net/ipv4/ip_output.c |
2001 |
++++ b/net/ipv4/ip_output.c |
2002 |
+@@ -1721,7 +1721,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb, |
2003 |
+ |
2004 |
+ sk->sk_protocol = ip_hdr(skb)->protocol; |
2005 |
+ sk->sk_bound_dev_if = arg->bound_dev_if; |
2006 |
+- sk->sk_sndbuf = sysctl_wmem_default; |
2007 |
++ sk->sk_sndbuf = READ_ONCE(sysctl_wmem_default); |
2008 |
+ ipc.sockc.mark = fl4.flowi4_mark; |
2009 |
+ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, |
2010 |
+ len, 0, &ipc, &rt, MSG_DONTWAIT); |
2011 |
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c |
2012 |
+index 22507a6a3f71c..4cc39c62af55d 100644 |
2013 |
+--- a/net/ipv4/ip_sockglue.c |
2014 |
++++ b/net/ipv4/ip_sockglue.c |
2015 |
+@@ -773,7 +773,7 @@ static int ip_set_mcast_msfilter(struct sock *sk, sockptr_t optval, int optlen) |
2016 |
+ |
2017 |
+ if (optlen < GROUP_FILTER_SIZE(0)) |
2018 |
+ return -EINVAL; |
2019 |
+- if (optlen > sysctl_optmem_max) |
2020 |
++ if (optlen > READ_ONCE(sysctl_optmem_max)) |
2021 |
+ return -ENOBUFS; |
2022 |
+ |
2023 |
+ gsf = memdup_sockptr(optval, optlen); |
2024 |
+@@ -808,7 +808,7 @@ static int compat_ip_set_mcast_msfilter(struct sock *sk, sockptr_t optval, |
2025 |
+ |
2026 |
+ if (optlen < size0) |
2027 |
+ return -EINVAL; |
2028 |
+- if (optlen > sysctl_optmem_max - 4) |
2029 |
++ if (optlen > READ_ONCE(sysctl_optmem_max) - 4) |
2030 |
+ return -ENOBUFS; |
2031 |
+ |
2032 |
+ p = kmalloc(optlen + 4, GFP_KERNEL); |
2033 |
+@@ -1231,7 +1231,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, int optname, |
2034 |
+ |
2035 |
+ if (optlen < IP_MSFILTER_SIZE(0)) |
2036 |
+ goto e_inval; |
2037 |
+- if (optlen > sysctl_optmem_max) { |
2038 |
++ if (optlen > READ_ONCE(sysctl_optmem_max)) { |
2039 |
+ err = -ENOBUFS; |
2040 |
+ break; |
2041 |
+ } |
2042 |
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c |
2043 |
+index 78460eb39b3af..bfeb05f62b94f 100644 |
2044 |
+--- a/net/ipv4/tcp.c |
2045 |
++++ b/net/ipv4/tcp.c |
2046 |
+@@ -451,8 +451,8 @@ void tcp_init_sock(struct sock *sk) |
2047 |
+ |
2048 |
+ icsk->icsk_sync_mss = tcp_sync_mss; |
2049 |
+ |
2050 |
+- WRITE_ONCE(sk->sk_sndbuf, sock_net(sk)->ipv4.sysctl_tcp_wmem[1]); |
2051 |
+- WRITE_ONCE(sk->sk_rcvbuf, sock_net(sk)->ipv4.sysctl_tcp_rmem[1]); |
2052 |
++ WRITE_ONCE(sk->sk_sndbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1])); |
2053 |
++ WRITE_ONCE(sk->sk_rcvbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1])); |
2054 |
+ |
2055 |
+ sk_sockets_allocated_inc(sk); |
2056 |
+ sk->sk_route_forced_caps = NETIF_F_GSO; |
2057 |
+@@ -1711,7 +1711,7 @@ int tcp_set_rcvlowat(struct sock *sk, int val) |
2058 |
+ if (sk->sk_userlocks & SOCK_RCVBUF_LOCK) |
2059 |
+ cap = sk->sk_rcvbuf >> 1; |
2060 |
+ else |
2061 |
+- cap = sock_net(sk)->ipv4.sysctl_tcp_rmem[2] >> 1; |
2062 |
++ cap = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]) >> 1; |
2063 |
+ val = min(val, cap); |
2064 |
+ WRITE_ONCE(sk->sk_rcvlowat, val ? : 1); |
2065 |
+ |
2066 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
2067 |
+index d35e88b5ffcbe..41b44b311e8a0 100644 |
2068 |
+--- a/net/ipv4/tcp_input.c |
2069 |
++++ b/net/ipv4/tcp_input.c |
2070 |
+@@ -425,7 +425,7 @@ static void tcp_sndbuf_expand(struct sock *sk) |
2071 |
+ |
2072 |
+ if (sk->sk_sndbuf < sndmem) |
2073 |
+ WRITE_ONCE(sk->sk_sndbuf, |
2074 |
+- min(sndmem, sock_net(sk)->ipv4.sysctl_tcp_wmem[2])); |
2075 |
++ min(sndmem, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[2]))); |
2076 |
+ } |
2077 |
+ |
2078 |
+ /* 2. Tuning advertised window (window_clamp, rcv_ssthresh) |
2079 |
+@@ -454,12 +454,13 @@ static void tcp_sndbuf_expand(struct sock *sk) |
2080 |
+ */ |
2081 |
+ |
2082 |
+ /* Slow part of check#2. */ |
2083 |
+-static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb) |
2084 |
++static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb, |
2085 |
++ unsigned int skbtruesize) |
2086 |
+ { |
2087 |
+ struct tcp_sock *tp = tcp_sk(sk); |
2088 |
+ /* Optimize this! */ |
2089 |
+- int truesize = tcp_win_from_space(sk, skb->truesize) >> 1; |
2090 |
+- int window = tcp_win_from_space(sk, sock_net(sk)->ipv4.sysctl_tcp_rmem[2]) >> 1; |
2091 |
++ int truesize = tcp_win_from_space(sk, skbtruesize) >> 1; |
2092 |
++ int window = tcp_win_from_space(sk, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])) >> 1; |
2093 |
+ |
2094 |
+ while (tp->rcv_ssthresh <= window) { |
2095 |
+ if (truesize <= skb->len) |
2096 |
+@@ -471,7 +472,27 @@ static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb) |
2097 |
+ return 0; |
2098 |
+ } |
2099 |
+ |
2100 |
+-static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb) |
2101 |
++/* Even if skb appears to have a bad len/truesize ratio, TCP coalescing |
2102 |
++ * can play nice with us, as sk_buff and skb->head might be either |
2103 |
++ * freed or shared with up to MAX_SKB_FRAGS segments. |
2104 |
++ * Only give a boost to drivers using page frag(s) to hold the frame(s), |
2105 |
++ * and if no payload was pulled in skb->head before reaching us. |
2106 |
++ */ |
2107 |
++static u32 truesize_adjust(bool adjust, const struct sk_buff *skb) |
2108 |
++{ |
2109 |
++ u32 truesize = skb->truesize; |
2110 |
++ |
2111 |
++ if (adjust && !skb_headlen(skb)) { |
2112 |
++ truesize -= SKB_TRUESIZE(skb_end_offset(skb)); |
2113 |
++ /* paranoid check, some drivers might be buggy */ |
2114 |
++ if (unlikely((int)truesize < (int)skb->len)) |
2115 |
++ truesize = skb->truesize; |
2116 |
++ } |
2117 |
++ return truesize; |
2118 |
++} |
2119 |
++ |
2120 |
++static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb, |
2121 |
++ bool adjust) |
2122 |
+ { |
2123 |
+ struct tcp_sock *tp = tcp_sk(sk); |
2124 |
+ int room; |
2125 |
+@@ -480,15 +501,16 @@ static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb) |
2126 |
+ |
2127 |
+ /* Check #1 */ |
2128 |
+ if (room > 0 && !tcp_under_memory_pressure(sk)) { |
2129 |
++ unsigned int truesize = truesize_adjust(adjust, skb); |
2130 |
+ int incr; |
2131 |
+ |
2132 |
+ /* Check #2. Increase window, if skb with such overhead |
2133 |
+ * will fit to rcvbuf in future. |
2134 |
+ */ |
2135 |
+- if (tcp_win_from_space(sk, skb->truesize) <= skb->len) |
2136 |
++ if (tcp_win_from_space(sk, truesize) <= skb->len) |
2137 |
+ incr = 2 * tp->advmss; |
2138 |
+ else |
2139 |
+- incr = __tcp_grow_window(sk, skb); |
2140 |
++ incr = __tcp_grow_window(sk, skb, truesize); |
2141 |
+ |
2142 |
+ if (incr) { |
2143 |
+ incr = max_t(int, incr, 2 * skb->len); |
2144 |
+@@ -543,16 +565,17 @@ static void tcp_clamp_window(struct sock *sk) |
2145 |
+ struct tcp_sock *tp = tcp_sk(sk); |
2146 |
+ struct inet_connection_sock *icsk = inet_csk(sk); |
2147 |
+ struct net *net = sock_net(sk); |
2148 |
++ int rmem2; |
2149 |
+ |
2150 |
+ icsk->icsk_ack.quick = 0; |
2151 |
++ rmem2 = READ_ONCE(net->ipv4.sysctl_tcp_rmem[2]); |
2152 |
+ |
2153 |
+- if (sk->sk_rcvbuf < net->ipv4.sysctl_tcp_rmem[2] && |
2154 |
++ if (sk->sk_rcvbuf < rmem2 && |
2155 |
+ !(sk->sk_userlocks & SOCK_RCVBUF_LOCK) && |
2156 |
+ !tcp_under_memory_pressure(sk) && |
2157 |
+ sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)) { |
2158 |
+ WRITE_ONCE(sk->sk_rcvbuf, |
2159 |
+- min(atomic_read(&sk->sk_rmem_alloc), |
2160 |
+- net->ipv4.sysctl_tcp_rmem[2])); |
2161 |
++ min(atomic_read(&sk->sk_rmem_alloc), rmem2)); |
2162 |
+ } |
2163 |
+ if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) |
2164 |
+ tp->rcv_ssthresh = min(tp->window_clamp, 2U * tp->advmss); |
2165 |
+@@ -714,7 +737,7 @@ void tcp_rcv_space_adjust(struct sock *sk) |
2166 |
+ |
2167 |
+ do_div(rcvwin, tp->advmss); |
2168 |
+ rcvbuf = min_t(u64, rcvwin * rcvmem, |
2169 |
+- sock_net(sk)->ipv4.sysctl_tcp_rmem[2]); |
2170 |
++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); |
2171 |
+ if (rcvbuf > sk->sk_rcvbuf) { |
2172 |
+ WRITE_ONCE(sk->sk_rcvbuf, rcvbuf); |
2173 |
+ |
2174 |
+@@ -782,7 +805,7 @@ static void tcp_event_data_recv(struct sock *sk, struct sk_buff *skb) |
2175 |
+ tcp_ecn_check_ce(sk, skb); |
2176 |
+ |
2177 |
+ if (skb->len >= 128) |
2178 |
+- tcp_grow_window(sk, skb); |
2179 |
++ tcp_grow_window(sk, skb, true); |
2180 |
+ } |
2181 |
+ |
2182 |
+ /* Called to compute a smoothed rtt estimate. The data fed to this |
2183 |
+@@ -4761,7 +4784,7 @@ coalesce_done: |
2184 |
+ * and trigger fast retransmit. |
2185 |
+ */ |
2186 |
+ if (tcp_is_sack(tp)) |
2187 |
+- tcp_grow_window(sk, skb); |
2188 |
++ tcp_grow_window(sk, skb, true); |
2189 |
+ kfree_skb_partial(skb, fragstolen); |
2190 |
+ skb = NULL; |
2191 |
+ goto add_sack; |
2192 |
+@@ -4849,7 +4872,7 @@ end: |
2193 |
+ * and trigger fast retransmit. |
2194 |
+ */ |
2195 |
+ if (tcp_is_sack(tp)) |
2196 |
+- tcp_grow_window(sk, skb); |
2197 |
++ tcp_grow_window(sk, skb, false); |
2198 |
+ skb_condense(skb); |
2199 |
+ skb_set_owner_r(skb, sk); |
2200 |
+ } |
2201 |
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
2202 |
+index 4c9274cb92d55..48fce999dc612 100644 |
2203 |
+--- a/net/ipv4/tcp_output.c |
2204 |
++++ b/net/ipv4/tcp_output.c |
2205 |
+@@ -238,8 +238,8 @@ void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss, |
2206 |
+ *rcv_wscale = 0; |
2207 |
+ if (wscale_ok) { |
2208 |
+ /* Set window scaling on max possible window */ |
2209 |
+- space = max_t(u32, space, sock_net(sk)->ipv4.sysctl_tcp_rmem[2]); |
2210 |
+- space = max_t(u32, space, sysctl_rmem_max); |
2211 |
++ space = max_t(u32, space, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); |
2212 |
++ space = max_t(u32, space, READ_ONCE(sysctl_rmem_max)); |
2213 |
+ space = min_t(u32, space, *window_clamp); |
2214 |
+ *rcv_wscale = clamp_t(int, ilog2(space) - 15, |
2215 |
+ 0, TCP_MAX_WSCALE); |
2216 |
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
2217 |
+index 05317e6f48f8a..ed1e5bfc97b31 100644 |
2218 |
+--- a/net/ipv6/addrconf.c |
2219 |
++++ b/net/ipv6/addrconf.c |
2220 |
+@@ -7042,9 +7042,8 @@ static int __net_init addrconf_init_net(struct net *net) |
2221 |
+ if (!dflt) |
2222 |
+ goto err_alloc_dflt; |
2223 |
+ |
2224 |
+- if (IS_ENABLED(CONFIG_SYSCTL) && |
2225 |
+- !net_eq(net, &init_net)) { |
2226 |
+- switch (sysctl_devconf_inherit_init_net) { |
2227 |
++ if (!net_eq(net, &init_net)) { |
2228 |
++ switch (net_inherit_devconf()) { |
2229 |
+ case 1: /* copy from init_net */ |
2230 |
+ memcpy(all, init_net.ipv6.devconf_all, |
2231 |
+ sizeof(ipv6_devconf)); |
2232 |
+diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
2233 |
+index 43a894bf9a1be..6fa118bf40cdd 100644 |
2234 |
+--- a/net/ipv6/ipv6_sockglue.c |
2235 |
++++ b/net/ipv6/ipv6_sockglue.c |
2236 |
+@@ -208,7 +208,7 @@ static int ipv6_set_mcast_msfilter(struct sock *sk, sockptr_t optval, |
2237 |
+ |
2238 |
+ if (optlen < GROUP_FILTER_SIZE(0)) |
2239 |
+ return -EINVAL; |
2240 |
+- if (optlen > sysctl_optmem_max) |
2241 |
++ if (optlen > READ_ONCE(sysctl_optmem_max)) |
2242 |
+ return -ENOBUFS; |
2243 |
+ |
2244 |
+ gsf = memdup_sockptr(optval, optlen); |
2245 |
+@@ -242,7 +242,7 @@ static int compat_ipv6_set_mcast_msfilter(struct sock *sk, sockptr_t optval, |
2246 |
+ |
2247 |
+ if (optlen < size0) |
2248 |
+ return -EINVAL; |
2249 |
+- if (optlen > sysctl_optmem_max - 4) |
2250 |
++ if (optlen > READ_ONCE(sysctl_optmem_max) - 4) |
2251 |
+ return -ENOBUFS; |
2252 |
+ |
2253 |
+ p = kmalloc(optlen + 4, GFP_KERNEL); |
2254 |
+diff --git a/net/key/af_key.c b/net/key/af_key.c |
2255 |
+index 2aa16a171285b..05e2710988883 100644 |
2256 |
+--- a/net/key/af_key.c |
2257 |
++++ b/net/key/af_key.c |
2258 |
+@@ -1701,9 +1701,12 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad |
2259 |
+ pfk->registered |= (1<<hdr->sadb_msg_satype); |
2260 |
+ } |
2261 |
+ |
2262 |
++ mutex_lock(&pfkey_mutex); |
2263 |
+ xfrm_probe_algs(); |
2264 |
+ |
2265 |
+ supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO); |
2266 |
++ mutex_unlock(&pfkey_mutex); |
2267 |
++ |
2268 |
+ if (!supp_skb) { |
2269 |
+ if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) |
2270 |
+ pfk->registered &= ~(1<<hdr->sadb_msg_satype); |
2271 |
+diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c |
2272 |
+index d0e91aa7b30e5..e61c85873ea2f 100644 |
2273 |
+--- a/net/mptcp/protocol.c |
2274 |
++++ b/net/mptcp/protocol.c |
2275 |
+@@ -1439,7 +1439,7 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied) |
2276 |
+ |
2277 |
+ do_div(rcvwin, advmss); |
2278 |
+ rcvbuf = min_t(u64, rcvwin * rcvmem, |
2279 |
+- sock_net(sk)->ipv4.sysctl_tcp_rmem[2]); |
2280 |
++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])); |
2281 |
+ |
2282 |
+ if (rcvbuf > sk->sk_rcvbuf) { |
2283 |
+ u32 window_clamp; |
2284 |
+@@ -1872,8 +1872,8 @@ static int mptcp_init_sock(struct sock *sk) |
2285 |
+ return ret; |
2286 |
+ |
2287 |
+ sk_sockets_allocated_inc(sk); |
2288 |
+- sk->sk_rcvbuf = sock_net(sk)->ipv4.sysctl_tcp_rmem[1]; |
2289 |
+- sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[1]; |
2290 |
++ sk->sk_rcvbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1]); |
2291 |
++ sk->sk_sndbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1]); |
2292 |
+ |
2293 |
+ return 0; |
2294 |
+ } |
2295 |
+diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c |
2296 |
+index 16b48064f715e..daab857c52a80 100644 |
2297 |
+--- a/net/netfilter/ipvs/ip_vs_sync.c |
2298 |
++++ b/net/netfilter/ipvs/ip_vs_sync.c |
2299 |
+@@ -1280,12 +1280,12 @@ static void set_sock_size(struct sock *sk, int mode, int val) |
2300 |
+ lock_sock(sk); |
2301 |
+ if (mode) { |
2302 |
+ val = clamp_t(int, val, (SOCK_MIN_SNDBUF + 1) / 2, |
2303 |
+- sysctl_wmem_max); |
2304 |
++ READ_ONCE(sysctl_wmem_max)); |
2305 |
+ sk->sk_sndbuf = val * 2; |
2306 |
+ sk->sk_userlocks |= SOCK_SNDBUF_LOCK; |
2307 |
+ } else { |
2308 |
+ val = clamp_t(int, val, (SOCK_MIN_RCVBUF + 1) / 2, |
2309 |
+- sysctl_rmem_max); |
2310 |
++ READ_ONCE(sysctl_rmem_max)); |
2311 |
+ sk->sk_rcvbuf = val * 2; |
2312 |
+ sk->sk_userlocks |= SOCK_RCVBUF_LOCK; |
2313 |
+ } |
2314 |
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c |
2315 |
+index 30bd4b867912c..1b039476e4d6a 100644 |
2316 |
+--- a/net/netfilter/nf_tables_api.c |
2317 |
++++ b/net/netfilter/nf_tables_api.c |
2318 |
+@@ -1999,9 +1999,9 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, |
2319 |
+ u8 policy, u32 flags) |
2320 |
+ { |
2321 |
+ const struct nlattr * const *nla = ctx->nla; |
2322 |
++ struct nft_stats __percpu *stats = NULL; |
2323 |
+ struct nft_table *table = ctx->table; |
2324 |
+ struct nft_base_chain *basechain; |
2325 |
+- struct nft_stats __percpu *stats; |
2326 |
+ struct net *net = ctx->net; |
2327 |
+ char name[NFT_NAME_MAXLEN]; |
2328 |
+ struct nft_trans *trans; |
2329 |
+@@ -2037,7 +2037,6 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, |
2330 |
+ return PTR_ERR(stats); |
2331 |
+ } |
2332 |
+ rcu_assign_pointer(basechain->stats, stats); |
2333 |
+- static_branch_inc(&nft_counters_enabled); |
2334 |
+ } |
2335 |
+ |
2336 |
+ err = nft_basechain_init(basechain, family, &hook, flags); |
2337 |
+@@ -2120,6 +2119,9 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, |
2338 |
+ goto err_unregister_hook; |
2339 |
+ } |
2340 |
+ |
2341 |
++ if (stats) |
2342 |
++ static_branch_inc(&nft_counters_enabled); |
2343 |
++ |
2344 |
+ table->use++; |
2345 |
+ |
2346 |
+ return 0; |
2347 |
+@@ -4839,19 +4841,13 @@ static int nft_setelem_parse_flags(const struct nft_set *set, |
2348 |
+ static int nft_setelem_parse_key(struct nft_ctx *ctx, struct nft_set *set, |
2349 |
+ struct nft_data *key, struct nlattr *attr) |
2350 |
+ { |
2351 |
+- struct nft_data_desc desc; |
2352 |
+- int err; |
2353 |
+- |
2354 |
+- err = nft_data_init(ctx, key, NFT_DATA_VALUE_MAXLEN, &desc, attr); |
2355 |
+- if (err < 0) |
2356 |
+- return err; |
2357 |
+- |
2358 |
+- if (desc.type != NFT_DATA_VALUE || desc.len != set->klen) { |
2359 |
+- nft_data_release(key, desc.type); |
2360 |
+- return -EINVAL; |
2361 |
+- } |
2362 |
++ struct nft_data_desc desc = { |
2363 |
++ .type = NFT_DATA_VALUE, |
2364 |
++ .size = NFT_DATA_VALUE_MAXLEN, |
2365 |
++ .len = set->klen, |
2366 |
++ }; |
2367 |
+ |
2368 |
+- return 0; |
2369 |
++ return nft_data_init(ctx, key, &desc, attr); |
2370 |
+ } |
2371 |
+ |
2372 |
+ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set, |
2373 |
+@@ -4860,24 +4856,18 @@ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set, |
2374 |
+ struct nlattr *attr) |
2375 |
+ { |
2376 |
+ u32 dtype; |
2377 |
+- int err; |
2378 |
+- |
2379 |
+- err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr); |
2380 |
+- if (err < 0) |
2381 |
+- return err; |
2382 |
+ |
2383 |
+ if (set->dtype == NFT_DATA_VERDICT) |
2384 |
+ dtype = NFT_DATA_VERDICT; |
2385 |
+ else |
2386 |
+ dtype = NFT_DATA_VALUE; |
2387 |
+ |
2388 |
+- if (dtype != desc->type || |
2389 |
+- set->dlen != desc->len) { |
2390 |
+- nft_data_release(data, desc->type); |
2391 |
+- return -EINVAL; |
2392 |
+- } |
2393 |
++ desc->type = dtype; |
2394 |
++ desc->size = NFT_DATA_VALUE_MAXLEN; |
2395 |
++ desc->len = set->dlen; |
2396 |
++ desc->flags = NFT_DATA_DESC_SETELEM; |
2397 |
+ |
2398 |
+- return 0; |
2399 |
++ return nft_data_init(ctx, data, desc, attr); |
2400 |
+ } |
2401 |
+ |
2402 |
+ static int nft_get_set_elem(struct nft_ctx *ctx, struct nft_set *set, |
2403 |
+@@ -8688,6 +8678,11 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, |
2404 |
+ return PTR_ERR(chain); |
2405 |
+ if (nft_is_base_chain(chain)) |
2406 |
+ return -EOPNOTSUPP; |
2407 |
++ if (nft_chain_is_bound(chain)) |
2408 |
++ return -EINVAL; |
2409 |
++ if (desc->flags & NFT_DATA_DESC_SETELEM && |
2410 |
++ chain->flags & NFT_CHAIN_BINDING) |
2411 |
++ return -EINVAL; |
2412 |
+ |
2413 |
+ chain->use++; |
2414 |
+ data->verdict.chain = chain; |
2415 |
+@@ -8695,7 +8690,7 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, |
2416 |
+ } |
2417 |
+ |
2418 |
+ desc->len = sizeof(data->verdict); |
2419 |
+- desc->type = NFT_DATA_VERDICT; |
2420 |
++ |
2421 |
+ return 0; |
2422 |
+ } |
2423 |
+ |
2424 |
+@@ -8748,20 +8743,25 @@ nla_put_failure: |
2425 |
+ } |
2426 |
+ |
2427 |
+ static int nft_value_init(const struct nft_ctx *ctx, |
2428 |
+- struct nft_data *data, unsigned int size, |
2429 |
+- struct nft_data_desc *desc, const struct nlattr *nla) |
2430 |
++ struct nft_data *data, struct nft_data_desc *desc, |
2431 |
++ const struct nlattr *nla) |
2432 |
+ { |
2433 |
+ unsigned int len; |
2434 |
+ |
2435 |
+ len = nla_len(nla); |
2436 |
+ if (len == 0) |
2437 |
+ return -EINVAL; |
2438 |
+- if (len > size) |
2439 |
++ if (len > desc->size) |
2440 |
+ return -EOVERFLOW; |
2441 |
++ if (desc->len) { |
2442 |
++ if (len != desc->len) |
2443 |
++ return -EINVAL; |
2444 |
++ } else { |
2445 |
++ desc->len = len; |
2446 |
++ } |
2447 |
+ |
2448 |
+ nla_memcpy(data->data, nla, len); |
2449 |
+- desc->type = NFT_DATA_VALUE; |
2450 |
+- desc->len = len; |
2451 |
++ |
2452 |
+ return 0; |
2453 |
+ } |
2454 |
+ |
2455 |
+@@ -8781,7 +8781,6 @@ static const struct nla_policy nft_data_policy[NFTA_DATA_MAX + 1] = { |
2456 |
+ * |
2457 |
+ * @ctx: context of the expression using the data |
2458 |
+ * @data: destination struct nft_data |
2459 |
+- * @size: maximum data length |
2460 |
+ * @desc: data description |
2461 |
+ * @nla: netlink attribute containing data |
2462 |
+ * |
2463 |
+@@ -8791,24 +8790,35 @@ static const struct nla_policy nft_data_policy[NFTA_DATA_MAX + 1] = { |
2464 |
+ * The caller can indicate that it only wants to accept data of type |
2465 |
+ * NFT_DATA_VALUE by passing NULL for the ctx argument. |
2466 |
+ */ |
2467 |
+-int nft_data_init(const struct nft_ctx *ctx, |
2468 |
+- struct nft_data *data, unsigned int size, |
2469 |
++int nft_data_init(const struct nft_ctx *ctx, struct nft_data *data, |
2470 |
+ struct nft_data_desc *desc, const struct nlattr *nla) |
2471 |
+ { |
2472 |
+ struct nlattr *tb[NFTA_DATA_MAX + 1]; |
2473 |
+ int err; |
2474 |
+ |
2475 |
++ if (WARN_ON_ONCE(!desc->size)) |
2476 |
++ return -EINVAL; |
2477 |
++ |
2478 |
+ err = nla_parse_nested_deprecated(tb, NFTA_DATA_MAX, nla, |
2479 |
+ nft_data_policy, NULL); |
2480 |
+ if (err < 0) |
2481 |
+ return err; |
2482 |
+ |
2483 |
+- if (tb[NFTA_DATA_VALUE]) |
2484 |
+- return nft_value_init(ctx, data, size, desc, |
2485 |
+- tb[NFTA_DATA_VALUE]); |
2486 |
+- if (tb[NFTA_DATA_VERDICT] && ctx != NULL) |
2487 |
+- return nft_verdict_init(ctx, data, desc, tb[NFTA_DATA_VERDICT]); |
2488 |
+- return -EINVAL; |
2489 |
++ if (tb[NFTA_DATA_VALUE]) { |
2490 |
++ if (desc->type != NFT_DATA_VALUE) |
2491 |
++ return -EINVAL; |
2492 |
++ |
2493 |
++ err = nft_value_init(ctx, data, desc, tb[NFTA_DATA_VALUE]); |
2494 |
++ } else if (tb[NFTA_DATA_VERDICT] && ctx != NULL) { |
2495 |
++ if (desc->type != NFT_DATA_VERDICT) |
2496 |
++ return -EINVAL; |
2497 |
++ |
2498 |
++ err = nft_verdict_init(ctx, data, desc, tb[NFTA_DATA_VERDICT]); |
2499 |
++ } else { |
2500 |
++ err = -EINVAL; |
2501 |
++ } |
2502 |
++ |
2503 |
++ return err; |
2504 |
+ } |
2505 |
+ EXPORT_SYMBOL_GPL(nft_data_init); |
2506 |
+ |
2507 |
+diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c |
2508 |
+index a61b5bf5aa0fb..9dc18429ed875 100644 |
2509 |
+--- a/net/netfilter/nf_tables_core.c |
2510 |
++++ b/net/netfilter/nf_tables_core.c |
2511 |
+@@ -67,6 +67,50 @@ static void nft_cmp_fast_eval(const struct nft_expr *expr, |
2512 |
+ regs->verdict.code = NFT_BREAK; |
2513 |
+ } |
2514 |
+ |
2515 |
++static void nft_cmp16_fast_eval(const struct nft_expr *expr, |
2516 |
++ struct nft_regs *regs) |
2517 |
++{ |
2518 |
++ const struct nft_cmp16_fast_expr *priv = nft_expr_priv(expr); |
2519 |
++ const u64 *reg_data = (const u64 *)®s->data[priv->sreg]; |
2520 |
++ const u64 *mask = (const u64 *)&priv->mask; |
2521 |
++ const u64 *data = (const u64 *)&priv->data; |
2522 |
++ |
2523 |
++ if (((reg_data[0] & mask[0]) == data[0] && |
2524 |
++ ((reg_data[1] & mask[1]) == data[1])) ^ priv->inv) |
2525 |
++ return; |
2526 |
++ regs->verdict.code = NFT_BREAK; |
2527 |
++} |
2528 |
++ |
2529 |
++static noinline void __nft_trace_verdict(struct nft_traceinfo *info, |
2530 |
++ const struct nft_chain *chain, |
2531 |
++ const struct nft_regs *regs) |
2532 |
++{ |
2533 |
++ enum nft_trace_types type; |
2534 |
++ |
2535 |
++ switch (regs->verdict.code) { |
2536 |
++ case NFT_CONTINUE: |
2537 |
++ case NFT_RETURN: |
2538 |
++ type = NFT_TRACETYPE_RETURN; |
2539 |
++ break; |
2540 |
++ default: |
2541 |
++ type = NFT_TRACETYPE_RULE; |
2542 |
++ break; |
2543 |
++ } |
2544 |
++ |
2545 |
++ __nft_trace_packet(info, chain, type); |
2546 |
++} |
2547 |
++ |
2548 |
++static inline void nft_trace_verdict(struct nft_traceinfo *info, |
2549 |
++ const struct nft_chain *chain, |
2550 |
++ const struct nft_rule *rule, |
2551 |
++ const struct nft_regs *regs) |
2552 |
++{ |
2553 |
++ if (static_branch_unlikely(&nft_trace_enabled)) { |
2554 |
++ info->rule = rule; |
2555 |
++ __nft_trace_verdict(info, chain, regs); |
2556 |
++ } |
2557 |
++} |
2558 |
++ |
2559 |
+ static bool nft_payload_fast_eval(const struct nft_expr *expr, |
2560 |
+ struct nft_regs *regs, |
2561 |
+ const struct nft_pktinfo *pkt) |
2562 |
+@@ -185,6 +229,8 @@ next_rule: |
2563 |
+ nft_rule_for_each_expr(expr, last, rule) { |
2564 |
+ if (expr->ops == &nft_cmp_fast_ops) |
2565 |
+ nft_cmp_fast_eval(expr, ®s); |
2566 |
++ else if (expr->ops == &nft_cmp16_fast_ops) |
2567 |
++ nft_cmp16_fast_eval(expr, ®s); |
2568 |
+ else if (expr->ops == &nft_bitwise_fast_ops) |
2569 |
+ nft_bitwise_fast_eval(expr, ®s); |
2570 |
+ else if (expr->ops != &nft_payload_fast_ops || |
2571 |
+@@ -207,13 +253,13 @@ next_rule: |
2572 |
+ break; |
2573 |
+ } |
2574 |
+ |
2575 |
++ nft_trace_verdict(&info, chain, rule, ®s); |
2576 |
++ |
2577 |
+ switch (regs.verdict.code & NF_VERDICT_MASK) { |
2578 |
+ case NF_ACCEPT: |
2579 |
+ case NF_DROP: |
2580 |
+ case NF_QUEUE: |
2581 |
+ case NF_STOLEN: |
2582 |
+- nft_trace_packet(&info, chain, rule, |
2583 |
+- NFT_TRACETYPE_RULE); |
2584 |
+ return regs.verdict.code; |
2585 |
+ } |
2586 |
+ |
2587 |
+@@ -226,15 +272,10 @@ next_rule: |
2588 |
+ stackptr++; |
2589 |
+ fallthrough; |
2590 |
+ case NFT_GOTO: |
2591 |
+- nft_trace_packet(&info, chain, rule, |
2592 |
+- NFT_TRACETYPE_RULE); |
2593 |
+- |
2594 |
+ chain = regs.verdict.chain; |
2595 |
+ goto do_chain; |
2596 |
+ case NFT_CONTINUE: |
2597 |
+ case NFT_RETURN: |
2598 |
+- nft_trace_packet(&info, chain, rule, |
2599 |
+- NFT_TRACETYPE_RETURN); |
2600 |
+ break; |
2601 |
+ default: |
2602 |
+ WARN_ON(1); |
2603 |
+diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c |
2604 |
+index 47b0dba95054f..d6ab7aa14adc2 100644 |
2605 |
+--- a/net/netfilter/nft_bitwise.c |
2606 |
++++ b/net/netfilter/nft_bitwise.c |
2607 |
+@@ -93,7 +93,16 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = { |
2608 |
+ static int nft_bitwise_init_bool(struct nft_bitwise *priv, |
2609 |
+ const struct nlattr *const tb[]) |
2610 |
+ { |
2611 |
+- struct nft_data_desc mask, xor; |
2612 |
++ struct nft_data_desc mask = { |
2613 |
++ .type = NFT_DATA_VALUE, |
2614 |
++ .size = sizeof(priv->mask), |
2615 |
++ .len = priv->len, |
2616 |
++ }; |
2617 |
++ struct nft_data_desc xor = { |
2618 |
++ .type = NFT_DATA_VALUE, |
2619 |
++ .size = sizeof(priv->xor), |
2620 |
++ .len = priv->len, |
2621 |
++ }; |
2622 |
+ int err; |
2623 |
+ |
2624 |
+ if (tb[NFTA_BITWISE_DATA]) |
2625 |
+@@ -103,36 +112,30 @@ static int nft_bitwise_init_bool(struct nft_bitwise *priv, |
2626 |
+ !tb[NFTA_BITWISE_XOR]) |
2627 |
+ return -EINVAL; |
2628 |
+ |
2629 |
+- err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &mask, |
2630 |
+- tb[NFTA_BITWISE_MASK]); |
2631 |
++ err = nft_data_init(NULL, &priv->mask, &mask, tb[NFTA_BITWISE_MASK]); |
2632 |
+ if (err < 0) |
2633 |
+ return err; |
2634 |
+- if (mask.type != NFT_DATA_VALUE || mask.len != priv->len) { |
2635 |
+- err = -EINVAL; |
2636 |
+- goto err1; |
2637 |
+- } |
2638 |
+ |
2639 |
+- err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &xor, |
2640 |
+- tb[NFTA_BITWISE_XOR]); |
2641 |
++ err = nft_data_init(NULL, &priv->xor, &xor, tb[NFTA_BITWISE_XOR]); |
2642 |
+ if (err < 0) |
2643 |
+- goto err1; |
2644 |
+- if (xor.type != NFT_DATA_VALUE || xor.len != priv->len) { |
2645 |
+- err = -EINVAL; |
2646 |
+- goto err2; |
2647 |
+- } |
2648 |
++ goto err_xor_err; |
2649 |
+ |
2650 |
+ return 0; |
2651 |
+-err2: |
2652 |
+- nft_data_release(&priv->xor, xor.type); |
2653 |
+-err1: |
2654 |
++ |
2655 |
++err_xor_err: |
2656 |
+ nft_data_release(&priv->mask, mask.type); |
2657 |
++ |
2658 |
+ return err; |
2659 |
+ } |
2660 |
+ |
2661 |
+ static int nft_bitwise_init_shift(struct nft_bitwise *priv, |
2662 |
+ const struct nlattr *const tb[]) |
2663 |
+ { |
2664 |
+- struct nft_data_desc d; |
2665 |
++ struct nft_data_desc desc = { |
2666 |
++ .type = NFT_DATA_VALUE, |
2667 |
++ .size = sizeof(priv->data), |
2668 |
++ .len = sizeof(u32), |
2669 |
++ }; |
2670 |
+ int err; |
2671 |
+ |
2672 |
+ if (tb[NFTA_BITWISE_MASK] || |
2673 |
+@@ -142,13 +145,12 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv, |
2674 |
+ if (!tb[NFTA_BITWISE_DATA]) |
2675 |
+ return -EINVAL; |
2676 |
+ |
2677 |
+- err = nft_data_init(NULL, &priv->data, sizeof(priv->data), &d, |
2678 |
+- tb[NFTA_BITWISE_DATA]); |
2679 |
++ err = nft_data_init(NULL, &priv->data, &desc, tb[NFTA_BITWISE_DATA]); |
2680 |
+ if (err < 0) |
2681 |
+ return err; |
2682 |
+- if (d.type != NFT_DATA_VALUE || d.len != sizeof(u32) || |
2683 |
+- priv->data.data[0] >= BITS_PER_TYPE(u32)) { |
2684 |
+- nft_data_release(&priv->data, d.type); |
2685 |
++ |
2686 |
++ if (priv->data.data[0] >= BITS_PER_TYPE(u32)) { |
2687 |
++ nft_data_release(&priv->data, desc.type); |
2688 |
+ return -EINVAL; |
2689 |
+ } |
2690 |
+ |
2691 |
+@@ -290,22 +292,21 @@ static const struct nft_expr_ops nft_bitwise_ops = { |
2692 |
+ static int |
2693 |
+ nft_bitwise_extract_u32_data(const struct nlattr * const tb, u32 *out) |
2694 |
+ { |
2695 |
+- struct nft_data_desc desc; |
2696 |
+ struct nft_data data; |
2697 |
+- int err = 0; |
2698 |
++ struct nft_data_desc desc = { |
2699 |
++ .type = NFT_DATA_VALUE, |
2700 |
++ .size = sizeof(data), |
2701 |
++ .len = sizeof(u32), |
2702 |
++ }; |
2703 |
++ int err; |
2704 |
+ |
2705 |
+- err = nft_data_init(NULL, &data, sizeof(data), &desc, tb); |
2706 |
++ err = nft_data_init(NULL, &data, &desc, tb); |
2707 |
+ if (err < 0) |
2708 |
+ return err; |
2709 |
+ |
2710 |
+- if (desc.type != NFT_DATA_VALUE || desc.len != sizeof(u32)) { |
2711 |
+- err = -EINVAL; |
2712 |
+- goto err; |
2713 |
+- } |
2714 |
+ *out = data.data[0]; |
2715 |
+-err: |
2716 |
+- nft_data_release(&data, desc.type); |
2717 |
+- return err; |
2718 |
++ |
2719 |
++ return 0; |
2720 |
+ } |
2721 |
+ |
2722 |
+ static int nft_bitwise_fast_init(const struct nft_ctx *ctx, |
2723 |
+diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c |
2724 |
+index b529c0e865466..461763a571f20 100644 |
2725 |
+--- a/net/netfilter/nft_cmp.c |
2726 |
++++ b/net/netfilter/nft_cmp.c |
2727 |
+@@ -73,20 +73,16 @@ static int nft_cmp_init(const struct nft_ctx *ctx, const struct nft_expr *expr, |
2728 |
+ const struct nlattr * const tb[]) |
2729 |
+ { |
2730 |
+ struct nft_cmp_expr *priv = nft_expr_priv(expr); |
2731 |
+- struct nft_data_desc desc; |
2732 |
++ struct nft_data_desc desc = { |
2733 |
++ .type = NFT_DATA_VALUE, |
2734 |
++ .size = sizeof(priv->data), |
2735 |
++ }; |
2736 |
+ int err; |
2737 |
+ |
2738 |
+- err = nft_data_init(NULL, &priv->data, sizeof(priv->data), &desc, |
2739 |
+- tb[NFTA_CMP_DATA]); |
2740 |
++ err = nft_data_init(NULL, &priv->data, &desc, tb[NFTA_CMP_DATA]); |
2741 |
+ if (err < 0) |
2742 |
+ return err; |
2743 |
+ |
2744 |
+- if (desc.type != NFT_DATA_VALUE) { |
2745 |
+- err = -EINVAL; |
2746 |
+- nft_data_release(&priv->data, desc.type); |
2747 |
+- return err; |
2748 |
+- } |
2749 |
+- |
2750 |
+ err = nft_parse_register_load(tb[NFTA_CMP_SREG], &priv->sreg, desc.len); |
2751 |
+ if (err < 0) |
2752 |
+ return err; |
2753 |
+@@ -201,12 +197,14 @@ static int nft_cmp_fast_init(const struct nft_ctx *ctx, |
2754 |
+ const struct nlattr * const tb[]) |
2755 |
+ { |
2756 |
+ struct nft_cmp_fast_expr *priv = nft_expr_priv(expr); |
2757 |
+- struct nft_data_desc desc; |
2758 |
+ struct nft_data data; |
2759 |
++ struct nft_data_desc desc = { |
2760 |
++ .type = NFT_DATA_VALUE, |
2761 |
++ .size = sizeof(data), |
2762 |
++ }; |
2763 |
+ int err; |
2764 |
+ |
2765 |
+- err = nft_data_init(NULL, &data, sizeof(data), &desc, |
2766 |
+- tb[NFTA_CMP_DATA]); |
2767 |
++ err = nft_data_init(NULL, &data, &desc, tb[NFTA_CMP_DATA]); |
2768 |
+ if (err < 0) |
2769 |
+ return err; |
2770 |
+ |
2771 |
+@@ -272,12 +270,108 @@ const struct nft_expr_ops nft_cmp_fast_ops = { |
2772 |
+ .offload = nft_cmp_fast_offload, |
2773 |
+ }; |
2774 |
+ |
2775 |
++static u32 nft_cmp_mask(u32 bitlen) |
2776 |
++{ |
2777 |
++ return (__force u32)cpu_to_le32(~0U >> (sizeof(u32) * BITS_PER_BYTE - bitlen)); |
2778 |
++} |
2779 |
++ |
2780 |
++static void nft_cmp16_fast_mask(struct nft_data *data, unsigned int bitlen) |
2781 |
++{ |
2782 |
++ int len = bitlen / BITS_PER_BYTE; |
2783 |
++ int i, words = len / sizeof(u32); |
2784 |
++ |
2785 |
++ for (i = 0; i < words; i++) { |
2786 |
++ data->data[i] = 0xffffffff; |
2787 |
++ bitlen -= sizeof(u32) * BITS_PER_BYTE; |
2788 |
++ } |
2789 |
++ |
2790 |
++ if (len % sizeof(u32)) |
2791 |
++ data->data[i++] = nft_cmp_mask(bitlen); |
2792 |
++ |
2793 |
++ for (; i < 4; i++) |
2794 |
++ data->data[i] = 0; |
2795 |
++} |
2796 |
++ |
2797 |
++static int nft_cmp16_fast_init(const struct nft_ctx *ctx, |
2798 |
++ const struct nft_expr *expr, |
2799 |
++ const struct nlattr * const tb[]) |
2800 |
++{ |
2801 |
++ struct nft_cmp16_fast_expr *priv = nft_expr_priv(expr); |
2802 |
++ struct nft_data_desc desc = { |
2803 |
++ .type = NFT_DATA_VALUE, |
2804 |
++ .size = sizeof(priv->data), |
2805 |
++ }; |
2806 |
++ int err; |
2807 |
++ |
2808 |
++ err = nft_data_init(NULL, &priv->data, &desc, tb[NFTA_CMP_DATA]); |
2809 |
++ if (err < 0) |
2810 |
++ return err; |
2811 |
++ |
2812 |
++ err = nft_parse_register_load(tb[NFTA_CMP_SREG], &priv->sreg, desc.len); |
2813 |
++ if (err < 0) |
2814 |
++ return err; |
2815 |
++ |
2816 |
++ nft_cmp16_fast_mask(&priv->mask, desc.len * BITS_PER_BYTE); |
2817 |
++ priv->inv = ntohl(nla_get_be32(tb[NFTA_CMP_OP])) != NFT_CMP_EQ; |
2818 |
++ priv->len = desc.len; |
2819 |
++ |
2820 |
++ return 0; |
2821 |
++} |
2822 |
++ |
2823 |
++static int nft_cmp16_fast_offload(struct nft_offload_ctx *ctx, |
2824 |
++ struct nft_flow_rule *flow, |
2825 |
++ const struct nft_expr *expr) |
2826 |
++{ |
2827 |
++ const struct nft_cmp16_fast_expr *priv = nft_expr_priv(expr); |
2828 |
++ struct nft_cmp_expr cmp = { |
2829 |
++ .data = priv->data, |
2830 |
++ .sreg = priv->sreg, |
2831 |
++ .len = priv->len, |
2832 |
++ .op = priv->inv ? NFT_CMP_NEQ : NFT_CMP_EQ, |
2833 |
++ }; |
2834 |
++ |
2835 |
++ return __nft_cmp_offload(ctx, flow, &cmp); |
2836 |
++} |
2837 |
++ |
2838 |
++static int nft_cmp16_fast_dump(struct sk_buff *skb, const struct nft_expr *expr) |
2839 |
++{ |
2840 |
++ const struct nft_cmp16_fast_expr *priv = nft_expr_priv(expr); |
2841 |
++ enum nft_cmp_ops op = priv->inv ? NFT_CMP_NEQ : NFT_CMP_EQ; |
2842 |
++ |
2843 |
++ if (nft_dump_register(skb, NFTA_CMP_SREG, priv->sreg)) |
2844 |
++ goto nla_put_failure; |
2845 |
++ if (nla_put_be32(skb, NFTA_CMP_OP, htonl(op))) |
2846 |
++ goto nla_put_failure; |
2847 |
++ |
2848 |
++ if (nft_data_dump(skb, NFTA_CMP_DATA, &priv->data, |
2849 |
++ NFT_DATA_VALUE, priv->len) < 0) |
2850 |
++ goto nla_put_failure; |
2851 |
++ return 0; |
2852 |
++ |
2853 |
++nla_put_failure: |
2854 |
++ return -1; |
2855 |
++} |
2856 |
++ |
2857 |
++ |
2858 |
++const struct nft_expr_ops nft_cmp16_fast_ops = { |
2859 |
++ .type = &nft_cmp_type, |
2860 |
++ .size = NFT_EXPR_SIZE(sizeof(struct nft_cmp16_fast_expr)), |
2861 |
++ .eval = NULL, /* inlined */ |
2862 |
++ .init = nft_cmp16_fast_init, |
2863 |
++ .dump = nft_cmp16_fast_dump, |
2864 |
++ .offload = nft_cmp16_fast_offload, |
2865 |
++}; |
2866 |
++ |
2867 |
+ static const struct nft_expr_ops * |
2868 |
+ nft_cmp_select_ops(const struct nft_ctx *ctx, const struct nlattr * const tb[]) |
2869 |
+ { |
2870 |
+- struct nft_data_desc desc; |
2871 |
+ struct nft_data data; |
2872 |
++ struct nft_data_desc desc = { |
2873 |
++ .type = NFT_DATA_VALUE, |
2874 |
++ .size = sizeof(data), |
2875 |
++ }; |
2876 |
+ enum nft_cmp_ops op; |
2877 |
++ u8 sreg; |
2878 |
+ int err; |
2879 |
+ |
2880 |
+ if (tb[NFTA_CMP_SREG] == NULL || |
2881 |
+@@ -298,23 +392,21 @@ nft_cmp_select_ops(const struct nft_ctx *ctx, const struct nlattr * const tb[]) |
2882 |
+ return ERR_PTR(-EINVAL); |
2883 |
+ } |
2884 |
+ |
2885 |
+- err = nft_data_init(NULL, &data, sizeof(data), &desc, |
2886 |
+- tb[NFTA_CMP_DATA]); |
2887 |
++ err = nft_data_init(NULL, &data, &desc, tb[NFTA_CMP_DATA]); |
2888 |
+ if (err < 0) |
2889 |
+ return ERR_PTR(err); |
2890 |
+ |
2891 |
+- if (desc.type != NFT_DATA_VALUE) { |
2892 |
+- err = -EINVAL; |
2893 |
+- goto err1; |
2894 |
+- } |
2895 |
+- |
2896 |
+- if (desc.len <= sizeof(u32) && (op == NFT_CMP_EQ || op == NFT_CMP_NEQ)) |
2897 |
+- return &nft_cmp_fast_ops; |
2898 |
++ sreg = ntohl(nla_get_be32(tb[NFTA_CMP_SREG])); |
2899 |
+ |
2900 |
++ if (op == NFT_CMP_EQ || op == NFT_CMP_NEQ) { |
2901 |
++ if (desc.len <= sizeof(u32)) |
2902 |
++ return &nft_cmp_fast_ops; |
2903 |
++ else if (desc.len <= sizeof(data) && |
2904 |
++ ((sreg >= NFT_REG_1 && sreg <= NFT_REG_4) || |
2905 |
++ (sreg >= NFT_REG32_00 && sreg <= NFT_REG32_12 && sreg % 2 == 0))) |
2906 |
++ return &nft_cmp16_fast_ops; |
2907 |
++ } |
2908 |
+ return &nft_cmp_ops; |
2909 |
+-err1: |
2910 |
+- nft_data_release(&data, desc.type); |
2911 |
+- return ERR_PTR(-EINVAL); |
2912 |
+ } |
2913 |
+ |
2914 |
+ struct nft_expr_type nft_cmp_type __read_mostly = { |
2915 |
+diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c |
2916 |
+index d0f67d325bdfd..fcdbc5ed3f367 100644 |
2917 |
+--- a/net/netfilter/nft_immediate.c |
2918 |
++++ b/net/netfilter/nft_immediate.c |
2919 |
+@@ -29,20 +29,36 @@ static const struct nla_policy nft_immediate_policy[NFTA_IMMEDIATE_MAX + 1] = { |
2920 |
+ [NFTA_IMMEDIATE_DATA] = { .type = NLA_NESTED }, |
2921 |
+ }; |
2922 |
+ |
2923 |
++static enum nft_data_types nft_reg_to_type(const struct nlattr *nla) |
2924 |
++{ |
2925 |
++ enum nft_data_types type; |
2926 |
++ u8 reg; |
2927 |
++ |
2928 |
++ reg = ntohl(nla_get_be32(nla)); |
2929 |
++ if (reg == NFT_REG_VERDICT) |
2930 |
++ type = NFT_DATA_VERDICT; |
2931 |
++ else |
2932 |
++ type = NFT_DATA_VALUE; |
2933 |
++ |
2934 |
++ return type; |
2935 |
++} |
2936 |
++ |
2937 |
+ static int nft_immediate_init(const struct nft_ctx *ctx, |
2938 |
+ const struct nft_expr *expr, |
2939 |
+ const struct nlattr * const tb[]) |
2940 |
+ { |
2941 |
+ struct nft_immediate_expr *priv = nft_expr_priv(expr); |
2942 |
+- struct nft_data_desc desc; |
2943 |
++ struct nft_data_desc desc = { |
2944 |
++ .size = sizeof(priv->data), |
2945 |
++ }; |
2946 |
+ int err; |
2947 |
+ |
2948 |
+ if (tb[NFTA_IMMEDIATE_DREG] == NULL || |
2949 |
+ tb[NFTA_IMMEDIATE_DATA] == NULL) |
2950 |
+ return -EINVAL; |
2951 |
+ |
2952 |
+- err = nft_data_init(ctx, &priv->data, sizeof(priv->data), &desc, |
2953 |
+- tb[NFTA_IMMEDIATE_DATA]); |
2954 |
++ desc.type = nft_reg_to_type(tb[NFTA_IMMEDIATE_DREG]); |
2955 |
++ err = nft_data_init(ctx, &priv->data, &desc, tb[NFTA_IMMEDIATE_DATA]); |
2956 |
+ if (err < 0) |
2957 |
+ return err; |
2958 |
+ |
2959 |
+diff --git a/net/netfilter/nft_osf.c b/net/netfilter/nft_osf.c |
2960 |
+index d82677e83400b..720dc9fba6d4f 100644 |
2961 |
+--- a/net/netfilter/nft_osf.c |
2962 |
++++ b/net/netfilter/nft_osf.c |
2963 |
+@@ -115,9 +115,21 @@ static int nft_osf_validate(const struct nft_ctx *ctx, |
2964 |
+ const struct nft_expr *expr, |
2965 |
+ const struct nft_data **data) |
2966 |
+ { |
2967 |
+- return nft_chain_validate_hooks(ctx->chain, (1 << NF_INET_LOCAL_IN) | |
2968 |
+- (1 << NF_INET_PRE_ROUTING) | |
2969 |
+- (1 << NF_INET_FORWARD)); |
2970 |
++ unsigned int hooks; |
2971 |
++ |
2972 |
++ switch (ctx->family) { |
2973 |
++ case NFPROTO_IPV4: |
2974 |
++ case NFPROTO_IPV6: |
2975 |
++ case NFPROTO_INET: |
2976 |
++ hooks = (1 << NF_INET_LOCAL_IN) | |
2977 |
++ (1 << NF_INET_PRE_ROUTING) | |
2978 |
++ (1 << NF_INET_FORWARD); |
2979 |
++ break; |
2980 |
++ default: |
2981 |
++ return -EOPNOTSUPP; |
2982 |
++ } |
2983 |
++ |
2984 |
++ return nft_chain_validate_hooks(ctx->chain, hooks); |
2985 |
+ } |
2986 |
+ |
2987 |
+ static struct nft_expr_type nft_osf_type; |
2988 |
+diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c |
2989 |
+index 01878c16418c2..551e0d6cf63d4 100644 |
2990 |
+--- a/net/netfilter/nft_payload.c |
2991 |
++++ b/net/netfilter/nft_payload.c |
2992 |
+@@ -660,17 +660,23 @@ static int nft_payload_set_init(const struct nft_ctx *ctx, |
2993 |
+ const struct nlattr * const tb[]) |
2994 |
+ { |
2995 |
+ struct nft_payload_set *priv = nft_expr_priv(expr); |
2996 |
++ u32 csum_offset, csum_type = NFT_PAYLOAD_CSUM_NONE; |
2997 |
++ int err; |
2998 |
+ |
2999 |
+ priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE])); |
3000 |
+ priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET])); |
3001 |
+ priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN])); |
3002 |
+ |
3003 |
+ if (tb[NFTA_PAYLOAD_CSUM_TYPE]) |
3004 |
+- priv->csum_type = |
3005 |
+- ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE])); |
3006 |
+- if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) |
3007 |
+- priv->csum_offset = |
3008 |
+- ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_OFFSET])); |
3009 |
++ csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE])); |
3010 |
++ if (tb[NFTA_PAYLOAD_CSUM_OFFSET]) { |
3011 |
++ err = nft_parse_u32_check(tb[NFTA_PAYLOAD_CSUM_OFFSET], U8_MAX, |
3012 |
++ &csum_offset); |
3013 |
++ if (err < 0) |
3014 |
++ return err; |
3015 |
++ |
3016 |
++ priv->csum_offset = csum_offset; |
3017 |
++ } |
3018 |
+ if (tb[NFTA_PAYLOAD_CSUM_FLAGS]) { |
3019 |
+ u32 flags; |
3020 |
+ |
3021 |
+@@ -681,7 +687,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx, |
3022 |
+ priv->csum_flags = flags; |
3023 |
+ } |
3024 |
+ |
3025 |
+- switch (priv->csum_type) { |
3026 |
++ switch (csum_type) { |
3027 |
+ case NFT_PAYLOAD_CSUM_NONE: |
3028 |
+ case NFT_PAYLOAD_CSUM_INET: |
3029 |
+ break; |
3030 |
+@@ -695,6 +701,7 @@ static int nft_payload_set_init(const struct nft_ctx *ctx, |
3031 |
+ default: |
3032 |
+ return -EOPNOTSUPP; |
3033 |
+ } |
3034 |
++ priv->csum_type = csum_type; |
3035 |
+ |
3036 |
+ return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg, |
3037 |
+ priv->len); |
3038 |
+@@ -733,6 +740,7 @@ nft_payload_select_ops(const struct nft_ctx *ctx, |
3039 |
+ { |
3040 |
+ enum nft_payload_bases base; |
3041 |
+ unsigned int offset, len; |
3042 |
++ int err; |
3043 |
+ |
3044 |
+ if (tb[NFTA_PAYLOAD_BASE] == NULL || |
3045 |
+ tb[NFTA_PAYLOAD_OFFSET] == NULL || |
3046 |
+@@ -758,8 +766,13 @@ nft_payload_select_ops(const struct nft_ctx *ctx, |
3047 |
+ if (tb[NFTA_PAYLOAD_DREG] == NULL) |
3048 |
+ return ERR_PTR(-EINVAL); |
3049 |
+ |
3050 |
+- offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET])); |
3051 |
+- len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN])); |
3052 |
++ err = nft_parse_u32_check(tb[NFTA_PAYLOAD_OFFSET], U8_MAX, &offset); |
3053 |
++ if (err < 0) |
3054 |
++ return ERR_PTR(err); |
3055 |
++ |
3056 |
++ err = nft_parse_u32_check(tb[NFTA_PAYLOAD_LEN], U8_MAX, &len); |
3057 |
++ if (err < 0) |
3058 |
++ return ERR_PTR(err); |
3059 |
+ |
3060 |
+ if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) && |
3061 |
+ base != NFT_PAYLOAD_LL_HEADER) |
3062 |
+diff --git a/net/netfilter/nft_range.c b/net/netfilter/nft_range.c |
3063 |
+index e4a1c44d7f513..e6bbe32c323df 100644 |
3064 |
+--- a/net/netfilter/nft_range.c |
3065 |
++++ b/net/netfilter/nft_range.c |
3066 |
+@@ -51,7 +51,14 @@ static int nft_range_init(const struct nft_ctx *ctx, const struct nft_expr *expr |
3067 |
+ const struct nlattr * const tb[]) |
3068 |
+ { |
3069 |
+ struct nft_range_expr *priv = nft_expr_priv(expr); |
3070 |
+- struct nft_data_desc desc_from, desc_to; |
3071 |
++ struct nft_data_desc desc_from = { |
3072 |
++ .type = NFT_DATA_VALUE, |
3073 |
++ .size = sizeof(priv->data_from), |
3074 |
++ }; |
3075 |
++ struct nft_data_desc desc_to = { |
3076 |
++ .type = NFT_DATA_VALUE, |
3077 |
++ .size = sizeof(priv->data_to), |
3078 |
++ }; |
3079 |
+ int err; |
3080 |
+ u32 op; |
3081 |
+ |
3082 |
+@@ -61,26 +68,16 @@ static int nft_range_init(const struct nft_ctx *ctx, const struct nft_expr *expr |
3083 |
+ !tb[NFTA_RANGE_TO_DATA]) |
3084 |
+ return -EINVAL; |
3085 |
+ |
3086 |
+- err = nft_data_init(NULL, &priv->data_from, sizeof(priv->data_from), |
3087 |
+- &desc_from, tb[NFTA_RANGE_FROM_DATA]); |
3088 |
++ err = nft_data_init(NULL, &priv->data_from, &desc_from, |
3089 |
++ tb[NFTA_RANGE_FROM_DATA]); |
3090 |
+ if (err < 0) |
3091 |
+ return err; |
3092 |
+ |
3093 |
+- if (desc_from.type != NFT_DATA_VALUE) { |
3094 |
+- err = -EINVAL; |
3095 |
+- goto err1; |
3096 |
+- } |
3097 |
+- |
3098 |
+- err = nft_data_init(NULL, &priv->data_to, sizeof(priv->data_to), |
3099 |
+- &desc_to, tb[NFTA_RANGE_TO_DATA]); |
3100 |
++ err = nft_data_init(NULL, &priv->data_to, &desc_to, |
3101 |
++ tb[NFTA_RANGE_TO_DATA]); |
3102 |
+ if (err < 0) |
3103 |
+ goto err1; |
3104 |
+ |
3105 |
+- if (desc_to.type != NFT_DATA_VALUE) { |
3106 |
+- err = -EINVAL; |
3107 |
+- goto err2; |
3108 |
+- } |
3109 |
+- |
3110 |
+ if (desc_from.len != desc_to.len) { |
3111 |
+ err = -EINVAL; |
3112 |
+ goto err2; |
3113 |
+diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c |
3114 |
+index 3b27926d5382c..2ee50996da8cc 100644 |
3115 |
+--- a/net/netfilter/nft_tunnel.c |
3116 |
++++ b/net/netfilter/nft_tunnel.c |
3117 |
+@@ -133,6 +133,7 @@ static const struct nft_expr_ops nft_tunnel_get_ops = { |
3118 |
+ |
3119 |
+ static struct nft_expr_type nft_tunnel_type __read_mostly = { |
3120 |
+ .name = "tunnel", |
3121 |
++ .family = NFPROTO_NETDEV, |
3122 |
+ .ops = &nft_tunnel_get_ops, |
3123 |
+ .policy = nft_tunnel_policy, |
3124 |
+ .maxattr = NFTA_TUNNEL_MAX, |
3125 |
+diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c |
3126 |
+index 11c45c8c6c164..036d92c0ad794 100644 |
3127 |
+--- a/net/rose/rose_loopback.c |
3128 |
++++ b/net/rose/rose_loopback.c |
3129 |
+@@ -96,7 +96,8 @@ static void rose_loopback_timer(struct timer_list *unused) |
3130 |
+ } |
3131 |
+ |
3132 |
+ if (frametype == ROSE_CALL_REQUEST) { |
3133 |
+- if (!rose_loopback_neigh->dev) { |
3134 |
++ if (!rose_loopback_neigh->dev && |
3135 |
++ !rose_loopback_neigh->loopback) { |
3136 |
+ kfree_skb(skb); |
3137 |
+ continue; |
3138 |
+ } |
3139 |
+diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c |
3140 |
+index 043508fd8d8a5..150cd7b2154c8 100644 |
3141 |
+--- a/net/rxrpc/call_object.c |
3142 |
++++ b/net/rxrpc/call_object.c |
3143 |
+@@ -285,8 +285,10 @@ struct rxrpc_call *rxrpc_new_client_call(struct rxrpc_sock *rx, |
3144 |
+ _enter("%p,%lx", rx, p->user_call_ID); |
3145 |
+ |
3146 |
+ limiter = rxrpc_get_call_slot(p, gfp); |
3147 |
+- if (!limiter) |
3148 |
++ if (!limiter) { |
3149 |
++ release_sock(&rx->sk); |
3150 |
+ return ERR_PTR(-ERESTARTSYS); |
3151 |
++ } |
3152 |
+ |
3153 |
+ call = rxrpc_alloc_client_call(rx, srx, gfp, debug_id); |
3154 |
+ if (IS_ERR(call)) { |
3155 |
+diff --git a/net/rxrpc/sendmsg.c b/net/rxrpc/sendmsg.c |
3156 |
+index aa23ba4e25662..eef3c14fd1c18 100644 |
3157 |
+--- a/net/rxrpc/sendmsg.c |
3158 |
++++ b/net/rxrpc/sendmsg.c |
3159 |
+@@ -51,10 +51,7 @@ static int rxrpc_wait_for_tx_window_intr(struct rxrpc_sock *rx, |
3160 |
+ return sock_intr_errno(*timeo); |
3161 |
+ |
3162 |
+ trace_rxrpc_transmit(call, rxrpc_transmit_wait); |
3163 |
+- mutex_unlock(&call->user_mutex); |
3164 |
+ *timeo = schedule_timeout(*timeo); |
3165 |
+- if (mutex_lock_interruptible(&call->user_mutex) < 0) |
3166 |
+- return sock_intr_errno(*timeo); |
3167 |
+ } |
3168 |
+ } |
3169 |
+ |
3170 |
+@@ -290,37 +287,48 @@ out: |
3171 |
+ static int rxrpc_send_data(struct rxrpc_sock *rx, |
3172 |
+ struct rxrpc_call *call, |
3173 |
+ struct msghdr *msg, size_t len, |
3174 |
+- rxrpc_notify_end_tx_t notify_end_tx) |
3175 |
++ rxrpc_notify_end_tx_t notify_end_tx, |
3176 |
++ bool *_dropped_lock) |
3177 |
+ { |
3178 |
+ struct rxrpc_skb_priv *sp; |
3179 |
+ struct sk_buff *skb; |
3180 |
+ struct sock *sk = &rx->sk; |
3181 |
++ enum rxrpc_call_state state; |
3182 |
+ long timeo; |
3183 |
+- bool more; |
3184 |
+- int ret, copied; |
3185 |
++ bool more = msg->msg_flags & MSG_MORE; |
3186 |
++ int ret, copied = 0; |
3187 |
+ |
3188 |
+ timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); |
3189 |
+ |
3190 |
+ /* this should be in poll */ |
3191 |
+ sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk); |
3192 |
+ |
3193 |
++reload: |
3194 |
++ ret = -EPIPE; |
3195 |
+ if (sk->sk_shutdown & SEND_SHUTDOWN) |
3196 |
+- return -EPIPE; |
3197 |
+- |
3198 |
+- more = msg->msg_flags & MSG_MORE; |
3199 |
+- |
3200 |
++ goto maybe_error; |
3201 |
++ state = READ_ONCE(call->state); |
3202 |
++ ret = -ESHUTDOWN; |
3203 |
++ if (state >= RXRPC_CALL_COMPLETE) |
3204 |
++ goto maybe_error; |
3205 |
++ ret = -EPROTO; |
3206 |
++ if (state != RXRPC_CALL_CLIENT_SEND_REQUEST && |
3207 |
++ state != RXRPC_CALL_SERVER_ACK_REQUEST && |
3208 |
++ state != RXRPC_CALL_SERVER_SEND_REPLY) |
3209 |
++ goto maybe_error; |
3210 |
++ |
3211 |
++ ret = -EMSGSIZE; |
3212 |
+ if (call->tx_total_len != -1) { |
3213 |
+- if (len > call->tx_total_len) |
3214 |
+- return -EMSGSIZE; |
3215 |
+- if (!more && len != call->tx_total_len) |
3216 |
+- return -EMSGSIZE; |
3217 |
++ if (len - copied > call->tx_total_len) |
3218 |
++ goto maybe_error; |
3219 |
++ if (!more && len - copied != call->tx_total_len) |
3220 |
++ goto maybe_error; |
3221 |
+ } |
3222 |
+ |
3223 |
+ skb = call->tx_pending; |
3224 |
+ call->tx_pending = NULL; |
3225 |
+ rxrpc_see_skb(skb, rxrpc_skb_seen); |
3226 |
+ |
3227 |
+- copied = 0; |
3228 |
+ do { |
3229 |
+ /* Check to see if there's a ping ACK to reply to. */ |
3230 |
+ if (call->ackr_reason == RXRPC_ACK_PING_RESPONSE) |
3231 |
+@@ -331,16 +339,8 @@ static int rxrpc_send_data(struct rxrpc_sock *rx, |
3232 |
+ |
3233 |
+ _debug("alloc"); |
3234 |
+ |
3235 |
+- if (!rxrpc_check_tx_space(call, NULL)) { |
3236 |
+- ret = -EAGAIN; |
3237 |
+- if (msg->msg_flags & MSG_DONTWAIT) |
3238 |
+- goto maybe_error; |
3239 |
+- ret = rxrpc_wait_for_tx_window(rx, call, |
3240 |
+- &timeo, |
3241 |
+- msg->msg_flags & MSG_WAITALL); |
3242 |
+- if (ret < 0) |
3243 |
+- goto maybe_error; |
3244 |
+- } |
3245 |
++ if (!rxrpc_check_tx_space(call, NULL)) |
3246 |
++ goto wait_for_space; |
3247 |
+ |
3248 |
+ max = RXRPC_JUMBO_DATALEN; |
3249 |
+ max -= call->conn->security_size; |
3250 |
+@@ -485,6 +485,27 @@ maybe_error: |
3251 |
+ efault: |
3252 |
+ ret = -EFAULT; |
3253 |
+ goto out; |
3254 |
++ |
3255 |
++wait_for_space: |
3256 |
++ ret = -EAGAIN; |
3257 |
++ if (msg->msg_flags & MSG_DONTWAIT) |
3258 |
++ goto maybe_error; |
3259 |
++ mutex_unlock(&call->user_mutex); |
3260 |
++ *_dropped_lock = true; |
3261 |
++ ret = rxrpc_wait_for_tx_window(rx, call, &timeo, |
3262 |
++ msg->msg_flags & MSG_WAITALL); |
3263 |
++ if (ret < 0) |
3264 |
++ goto maybe_error; |
3265 |
++ if (call->interruptibility == RXRPC_INTERRUPTIBLE) { |
3266 |
++ if (mutex_lock_interruptible(&call->user_mutex) < 0) { |
3267 |
++ ret = sock_intr_errno(timeo); |
3268 |
++ goto maybe_error; |
3269 |
++ } |
3270 |
++ } else { |
3271 |
++ mutex_lock(&call->user_mutex); |
3272 |
++ } |
3273 |
++ *_dropped_lock = false; |
3274 |
++ goto reload; |
3275 |
+ } |
3276 |
+ |
3277 |
+ /* |
3278 |
+@@ -646,6 +667,7 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len) |
3279 |
+ enum rxrpc_call_state state; |
3280 |
+ struct rxrpc_call *call; |
3281 |
+ unsigned long now, j; |
3282 |
++ bool dropped_lock = false; |
3283 |
+ int ret; |
3284 |
+ |
3285 |
+ struct rxrpc_send_params p = { |
3286 |
+@@ -754,21 +776,13 @@ int rxrpc_do_sendmsg(struct rxrpc_sock *rx, struct msghdr *msg, size_t len) |
3287 |
+ ret = rxrpc_send_abort_packet(call); |
3288 |
+ } else if (p.command != RXRPC_CMD_SEND_DATA) { |
3289 |
+ ret = -EINVAL; |
3290 |
+- } else if (rxrpc_is_client_call(call) && |
3291 |
+- state != RXRPC_CALL_CLIENT_SEND_REQUEST) { |
3292 |
+- /* request phase complete for this client call */ |
3293 |
+- ret = -EPROTO; |
3294 |
+- } else if (rxrpc_is_service_call(call) && |
3295 |
+- state != RXRPC_CALL_SERVER_ACK_REQUEST && |
3296 |
+- state != RXRPC_CALL_SERVER_SEND_REPLY) { |
3297 |
+- /* Reply phase not begun or not complete for service call. */ |
3298 |
+- ret = -EPROTO; |
3299 |
+ } else { |
3300 |
+- ret = rxrpc_send_data(rx, call, msg, len, NULL); |
3301 |
++ ret = rxrpc_send_data(rx, call, msg, len, NULL, &dropped_lock); |
3302 |
+ } |
3303 |
+ |
3304 |
+ out_put_unlock: |
3305 |
+- mutex_unlock(&call->user_mutex); |
3306 |
++ if (!dropped_lock) |
3307 |
++ mutex_unlock(&call->user_mutex); |
3308 |
+ error_put: |
3309 |
+ rxrpc_put_call(call, rxrpc_call_put); |
3310 |
+ _leave(" = %d", ret); |
3311 |
+@@ -796,6 +810,7 @@ int rxrpc_kernel_send_data(struct socket *sock, struct rxrpc_call *call, |
3312 |
+ struct msghdr *msg, size_t len, |
3313 |
+ rxrpc_notify_end_tx_t notify_end_tx) |
3314 |
+ { |
3315 |
++ bool dropped_lock = false; |
3316 |
+ int ret; |
3317 |
+ |
3318 |
+ _enter("{%d,%s},", call->debug_id, rxrpc_call_states[call->state]); |
3319 |
+@@ -813,7 +828,7 @@ int rxrpc_kernel_send_data(struct socket *sock, struct rxrpc_call *call, |
3320 |
+ case RXRPC_CALL_SERVER_ACK_REQUEST: |
3321 |
+ case RXRPC_CALL_SERVER_SEND_REPLY: |
3322 |
+ ret = rxrpc_send_data(rxrpc_sk(sock->sk), call, msg, len, |
3323 |
+- notify_end_tx); |
3324 |
++ notify_end_tx, &dropped_lock); |
3325 |
+ break; |
3326 |
+ case RXRPC_CALL_COMPLETE: |
3327 |
+ read_lock_bh(&call->state_lock); |
3328 |
+@@ -827,7 +842,8 @@ int rxrpc_kernel_send_data(struct socket *sock, struct rxrpc_call *call, |
3329 |
+ break; |
3330 |
+ } |
3331 |
+ |
3332 |
+- mutex_unlock(&call->user_mutex); |
3333 |
++ if (!dropped_lock) |
3334 |
++ mutex_unlock(&call->user_mutex); |
3335 |
+ _leave(" = %d", ret); |
3336 |
+ return ret; |
3337 |
+ } |
3338 |
+diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c |
3339 |
+index 5d5391adb667c..68f1e89430b3b 100644 |
3340 |
+--- a/net/sched/sch_generic.c |
3341 |
++++ b/net/sched/sch_generic.c |
3342 |
+@@ -403,7 +403,7 @@ static inline bool qdisc_restart(struct Qdisc *q, int *packets) |
3343 |
+ |
3344 |
+ void __qdisc_run(struct Qdisc *q) |
3345 |
+ { |
3346 |
+- int quota = dev_tx_weight; |
3347 |
++ int quota = READ_ONCE(dev_tx_weight); |
3348 |
+ int packets; |
3349 |
+ |
3350 |
+ while (qdisc_restart(q, &packets)) { |
3351 |
+diff --git a/net/socket.c b/net/socket.c |
3352 |
+index d52c265ad449b..bcf68b150fe29 100644 |
3353 |
+--- a/net/socket.c |
3354 |
++++ b/net/socket.c |
3355 |
+@@ -1670,7 +1670,7 @@ int __sys_listen(int fd, int backlog) |
3356 |
+ |
3357 |
+ sock = sockfd_lookup_light(fd, &err, &fput_needed); |
3358 |
+ if (sock) { |
3359 |
+- somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn; |
3360 |
++ somaxconn = READ_ONCE(sock_net(sock->sk)->core.sysctl_somaxconn); |
3361 |
+ if ((unsigned int)backlog > somaxconn) |
3362 |
+ backlog = somaxconn; |
3363 |
+ |
3364 |
+diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c |
3365 |
+index c5af31312e0cf..78c6648af7827 100644 |
3366 |
+--- a/net/sunrpc/clnt.c |
3367 |
++++ b/net/sunrpc/clnt.c |
3368 |
+@@ -1867,7 +1867,7 @@ call_encode(struct rpc_task *task) |
3369 |
+ break; |
3370 |
+ case -EKEYEXPIRED: |
3371 |
+ if (!task->tk_cred_retry) { |
3372 |
+- rpc_exit(task, task->tk_status); |
3373 |
++ rpc_call_rpcerror(task, task->tk_status); |
3374 |
+ } else { |
3375 |
+ task->tk_action = call_refresh; |
3376 |
+ task->tk_cred_retry--; |
3377 |
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c |
3378 |
+index 38256aabf4f1d..8f3c9fbb99165 100644 |
3379 |
+--- a/net/tipc/socket.c |
3380 |
++++ b/net/tipc/socket.c |
3381 |
+@@ -504,7 +504,7 @@ static int tipc_sk_create(struct net *net, struct socket *sock, |
3382 |
+ timer_setup(&sk->sk_timer, tipc_sk_timeout, 0); |
3383 |
+ sk->sk_shutdown = 0; |
3384 |
+ sk->sk_backlog_rcv = tipc_sk_backlog_rcv; |
3385 |
+- sk->sk_rcvbuf = sysctl_tipc_rmem[1]; |
3386 |
++ sk->sk_rcvbuf = READ_ONCE(sysctl_tipc_rmem[1]); |
3387 |
+ sk->sk_data_ready = tipc_data_ready; |
3388 |
+ sk->sk_write_space = tipc_write_space; |
3389 |
+ sk->sk_destruct = tipc_sock_destruct; |
3390 |
+diff --git a/net/xfrm/espintcp.c b/net/xfrm/espintcp.c |
3391 |
+index 1f08ebf7d80c5..24ca49ecebea3 100644 |
3392 |
+--- a/net/xfrm/espintcp.c |
3393 |
++++ b/net/xfrm/espintcp.c |
3394 |
+@@ -170,7 +170,7 @@ int espintcp_queue_out(struct sock *sk, struct sk_buff *skb) |
3395 |
+ { |
3396 |
+ struct espintcp_ctx *ctx = espintcp_getctx(sk); |
3397 |
+ |
3398 |
+- if (skb_queue_len(&ctx->out_queue) >= netdev_max_backlog) |
3399 |
++ if (skb_queue_len(&ctx->out_queue) >= READ_ONCE(netdev_max_backlog)) |
3400 |
+ return -ENOBUFS; |
3401 |
+ |
3402 |
+ __skb_queue_tail(&ctx->out_queue, skb); |
3403 |
+diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c |
3404 |
+index 61e6220ddd5ae..77e82033ad700 100644 |
3405 |
+--- a/net/xfrm/xfrm_input.c |
3406 |
++++ b/net/xfrm/xfrm_input.c |
3407 |
+@@ -782,7 +782,7 @@ int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb, |
3408 |
+ |
3409 |
+ trans = this_cpu_ptr(&xfrm_trans_tasklet); |
3410 |
+ |
3411 |
+- if (skb_queue_len(&trans->queue) >= netdev_max_backlog) |
3412 |
++ if (skb_queue_len(&trans->queue) >= READ_ONCE(netdev_max_backlog)) |
3413 |
+ return -ENOBUFS; |
3414 |
+ |
3415 |
+ BUILD_BUG_ON(sizeof(struct xfrm_trans_cb) > sizeof(skb->cb)); |
3416 |
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c |
3417 |
+index 603b05ed7eb4c..0d12bdf59d4cc 100644 |
3418 |
+--- a/net/xfrm/xfrm_policy.c |
3419 |
++++ b/net/xfrm/xfrm_policy.c |
3420 |
+@@ -3164,7 +3164,7 @@ ok: |
3421 |
+ return dst; |
3422 |
+ |
3423 |
+ nopol: |
3424 |
+- if (!(dst_orig->dev->flags & IFF_LOOPBACK) && |
3425 |
++ if ((!dst_orig->dev || !(dst_orig->dev->flags & IFF_LOOPBACK)) && |
3426 |
+ net->xfrm.policy_default[dir] == XFRM_USERPOLICY_BLOCK) { |
3427 |
+ err = -EPERM; |
3428 |
+ goto error; |
3429 |
+@@ -3641,6 +3641,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, |
3430 |
+ if (pols[1]) { |
3431 |
+ if (IS_ERR(pols[1])) { |
3432 |
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR); |
3433 |
++ xfrm_pol_put(pols[0]); |
3434 |
+ return 0; |
3435 |
+ } |
3436 |
+ pols[1]->curlft.use_time = ktime_get_real_seconds(); |
3437 |
+diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c |
3438 |
+index bc0bbb1571cef..fdbd56ed4bd52 100644 |
3439 |
+--- a/net/xfrm/xfrm_state.c |
3440 |
++++ b/net/xfrm/xfrm_state.c |
3441 |
+@@ -1557,6 +1557,7 @@ static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, |
3442 |
+ x->replay = orig->replay; |
3443 |
+ x->preplay = orig->preplay; |
3444 |
+ x->mapping_maxage = orig->mapping_maxage; |
3445 |
++ x->lastused = orig->lastused; |
3446 |
+ x->new_mapping = 0; |
3447 |
+ x->new_mapping_sport = 0; |
3448 |
+ |
3449 |
+diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config |
3450 |
+index 5ee3c4d1fbb2b..3e7706c251e9e 100644 |
3451 |
+--- a/tools/perf/Makefile.config |
3452 |
++++ b/tools/perf/Makefile.config |
3453 |
+@@ -248,7 +248,7 @@ endif |
3454 |
+ # defined. get-executable-or-default fails with an error if the first argument is supplied but |
3455 |
+ # doesn't exist. |
3456 |
+ override PYTHON_CONFIG := $(call get-executable-or-default,PYTHON_CONFIG,$(PYTHON_AUTO)) |
3457 |
+-override PYTHON := $(call get-executable-or-default,PYTHON,$(subst -config,,$(PYTHON_AUTO))) |
3458 |
++override PYTHON := $(call get-executable-or-default,PYTHON,$(subst -config,,$(PYTHON_CONFIG))) |
3459 |
+ |
3460 |
+ grep-libs = $(filter -l%,$(1)) |
3461 |
+ strip-libs = $(filter-out -l%,$(1)) |