1 |
commit: b13a2c729503c4f75dd3091914dceafe4dfe1133 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jan 31 11:22:16 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jan 31 11:22:16 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b13a2c72 |
7 |
|
8 |
proj/linux-patches: Linux patch 4.9.154 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1153_linux-4.9.154.patch | 1657 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1661 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index f17614f..dfd18f6 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -655,6 +655,10 @@ Patch: 1152_linux-4.9.153.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.153 |
23 |
|
24 |
+Patch: 1153_linux-4.9.154.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.154 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1153_linux-4.9.154.patch b/1153_linux-4.9.154.patch |
33 |
new file mode 100644 |
34 |
index 0000000..f397bc0 |
35 |
--- /dev/null |
36 |
+++ b/1153_linux-4.9.154.patch |
37 |
@@ -0,0 +1,1657 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 44a487ee24d2..9964792e200f 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 9 |
45 |
+-SUBLEVEL = 153 |
46 |
++SUBLEVEL = 154 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Roaring Lionus |
49 |
+ |
50 |
+diff --git a/arch/arc/include/asm/perf_event.h b/arch/arc/include/asm/perf_event.h |
51 |
+index 9185541035cc..6958545390f0 100644 |
52 |
+--- a/arch/arc/include/asm/perf_event.h |
53 |
++++ b/arch/arc/include/asm/perf_event.h |
54 |
+@@ -103,7 +103,8 @@ static const char * const arc_pmu_ev_hw_map[] = { |
55 |
+ |
56 |
+ /* counts condition */ |
57 |
+ [PERF_COUNT_HW_INSTRUCTIONS] = "iall", |
58 |
+- [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = "ijmp", /* Excludes ZOL jumps */ |
59 |
++ /* All jump instructions that are taken */ |
60 |
++ [PERF_COUNT_HW_BRANCH_INSTRUCTIONS] = "ijmptak", |
61 |
+ [PERF_COUNT_ARC_BPOK] = "bpok", /* NP-NT, PT-T, PNT-NT */ |
62 |
+ #ifdef CONFIG_ISA_ARCV2 |
63 |
+ [PERF_COUNT_HW_BRANCH_MISSES] = "bpmp", |
64 |
+diff --git a/arch/arc/lib/memset-archs.S b/arch/arc/lib/memset-archs.S |
65 |
+index 62ad4bcb841a..f230bb7092fd 100644 |
66 |
+--- a/arch/arc/lib/memset-archs.S |
67 |
++++ b/arch/arc/lib/memset-archs.S |
68 |
+@@ -7,11 +7,39 @@ |
69 |
+ */ |
70 |
+ |
71 |
+ #include <linux/linkage.h> |
72 |
++#include <asm/cache.h> |
73 |
+ |
74 |
+-#undef PREALLOC_NOT_AVAIL |
75 |
++/* |
76 |
++ * The memset implementation below is optimized to use prefetchw and prealloc |
77 |
++ * instruction in case of CPU with 64B L1 data cache line (L1_CACHE_SHIFT == 6) |
78 |
++ * If you want to implement optimized memset for other possible L1 data cache |
79 |
++ * line lengths (32B and 128B) you should rewrite code carefully checking |
80 |
++ * we don't call any prefetchw/prealloc instruction for L1 cache lines which |
81 |
++ * don't belongs to memset area. |
82 |
++ */ |
83 |
++ |
84 |
++#if L1_CACHE_SHIFT == 6 |
85 |
++ |
86 |
++.macro PREALLOC_INSTR reg, off |
87 |
++ prealloc [\reg, \off] |
88 |
++.endm |
89 |
++ |
90 |
++.macro PREFETCHW_INSTR reg, off |
91 |
++ prefetchw [\reg, \off] |
92 |
++.endm |
93 |
++ |
94 |
++#else |
95 |
++ |
96 |
++.macro PREALLOC_INSTR |
97 |
++.endm |
98 |
++ |
99 |
++.macro PREFETCHW_INSTR |
100 |
++.endm |
101 |
++ |
102 |
++#endif |
103 |
+ |
104 |
+ ENTRY_CFI(memset) |
105 |
+- prefetchw [r0] ; Prefetch the write location |
106 |
++ PREFETCHW_INSTR r0, 0 ; Prefetch the first write location |
107 |
+ mov.f 0, r2 |
108 |
+ ;;; if size is zero |
109 |
+ jz.d [blink] |
110 |
+@@ -48,11 +76,8 @@ ENTRY_CFI(memset) |
111 |
+ |
112 |
+ lpnz @.Lset64bytes |
113 |
+ ;; LOOP START |
114 |
+-#ifdef PREALLOC_NOT_AVAIL |
115 |
+- prefetchw [r3, 64] ;Prefetch the next write location |
116 |
+-#else |
117 |
+- prealloc [r3, 64] |
118 |
+-#endif |
119 |
++ PREALLOC_INSTR r3, 64 ; alloc next line w/o fetching |
120 |
++ |
121 |
+ #ifdef CONFIG_ARC_HAS_LL64 |
122 |
+ std.ab r4, [r3, 8] |
123 |
+ std.ab r4, [r3, 8] |
124 |
+@@ -85,7 +110,6 @@ ENTRY_CFI(memset) |
125 |
+ lsr.f lp_count, r2, 5 ;Last remaining max 124 bytes |
126 |
+ lpnz .Lset32bytes |
127 |
+ ;; LOOP START |
128 |
+- prefetchw [r3, 32] ;Prefetch the next write location |
129 |
+ #ifdef CONFIG_ARC_HAS_LL64 |
130 |
+ std.ab r4, [r3, 8] |
131 |
+ std.ab r4, [r3, 8] |
132 |
+diff --git a/arch/s390/kernel/early.c b/arch/s390/kernel/early.c |
133 |
+index 0c7a7d5d95f1..a651c2bc94ef 100644 |
134 |
+--- a/arch/s390/kernel/early.c |
135 |
++++ b/arch/s390/kernel/early.c |
136 |
+@@ -224,10 +224,10 @@ static noinline __init void detect_machine_type(void) |
137 |
+ if (stsi(vmms, 3, 2, 2) || !vmms->count) |
138 |
+ return; |
139 |
+ |
140 |
+- /* Running under KVM? If not we assume z/VM */ |
141 |
++ /* Detect known hypervisors */ |
142 |
+ if (!memcmp(vmms->vm[0].cpi, "\xd2\xe5\xd4", 3)) |
143 |
+ S390_lowcore.machine_flags |= MACHINE_FLAG_KVM; |
144 |
+- else |
145 |
++ else if (!memcmp(vmms->vm[0].cpi, "\xa9\x61\xe5\xd4", 4)) |
146 |
+ S390_lowcore.machine_flags |= MACHINE_FLAG_VM; |
147 |
+ } |
148 |
+ |
149 |
+diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c |
150 |
+index feb9d97a9d14..a559908d180e 100644 |
151 |
+--- a/arch/s390/kernel/setup.c |
152 |
++++ b/arch/s390/kernel/setup.c |
153 |
+@@ -863,6 +863,8 @@ void __init setup_arch(char **cmdline_p) |
154 |
+ pr_info("Linux is running under KVM in 64-bit mode\n"); |
155 |
+ else if (MACHINE_IS_LPAR) |
156 |
+ pr_info("Linux is running natively in 64-bit mode\n"); |
157 |
++ else |
158 |
++ pr_info("Linux is running as a guest in 64-bit mode\n"); |
159 |
+ |
160 |
+ /* Have one command line that is parsed and saved in /proc/cmdline */ |
161 |
+ /* boot_command_line has been already set up in early.c */ |
162 |
+diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c |
163 |
+index 0a31110f41f6..d52a94e9f57f 100644 |
164 |
+--- a/arch/s390/kernel/smp.c |
165 |
++++ b/arch/s390/kernel/smp.c |
166 |
+@@ -357,9 +357,13 @@ void smp_call_online_cpu(void (*func)(void *), void *data) |
167 |
+ */ |
168 |
+ void smp_call_ipl_cpu(void (*func)(void *), void *data) |
169 |
+ { |
170 |
++ struct lowcore *lc = pcpu_devices->lowcore; |
171 |
++ |
172 |
++ if (pcpu_devices[0].address == stap()) |
173 |
++ lc = &S390_lowcore; |
174 |
++ |
175 |
+ pcpu_delegate(&pcpu_devices[0], func, data, |
176 |
+- pcpu_devices->lowcore->panic_stack - |
177 |
+- PANIC_FRAME_OFFSET + PAGE_SIZE); |
178 |
++ lc->panic_stack - PANIC_FRAME_OFFSET + PAGE_SIZE); |
179 |
+ } |
180 |
+ |
181 |
+ int smp_find_processor_id(u16 address) |
182 |
+@@ -1139,7 +1143,11 @@ static ssize_t __ref rescan_store(struct device *dev, |
183 |
+ { |
184 |
+ int rc; |
185 |
+ |
186 |
++ rc = lock_device_hotplug_sysfs(); |
187 |
++ if (rc) |
188 |
++ return rc; |
189 |
+ rc = smp_rescan_cpus(); |
190 |
++ unlock_device_hotplug(); |
191 |
+ return rc ? rc : count; |
192 |
+ } |
193 |
+ static DEVICE_ATTR(rescan, 0200, NULL, rescan_store); |
194 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
195 |
+index 46e0ad71b4da..851e9d6c864f 100644 |
196 |
+--- a/arch/x86/kvm/x86.c |
197 |
++++ b/arch/x86/kvm/x86.c |
198 |
+@@ -5795,8 +5795,7 @@ restart: |
199 |
+ toggle_interruptibility(vcpu, ctxt->interruptibility); |
200 |
+ vcpu->arch.emulate_regs_need_sync_to_vcpu = false; |
201 |
+ kvm_rip_write(vcpu, ctxt->eip); |
202 |
+- if (r == EMULATE_DONE && |
203 |
+- (ctxt->tf || (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP))) |
204 |
++ if (r == EMULATE_DONE && ctxt->tf) |
205 |
+ kvm_vcpu_do_singlestep(vcpu, &r); |
206 |
+ if (!ctxt->have_exception || |
207 |
+ exception_type(ctxt->exception.vector) == EXCPT_TRAP) |
208 |
+diff --git a/arch/x86/lib/kaslr.c b/arch/x86/lib/kaslr.c |
209 |
+index 0c7fe444dcdd..d8d868070e24 100644 |
210 |
+--- a/arch/x86/lib/kaslr.c |
211 |
++++ b/arch/x86/lib/kaslr.c |
212 |
+@@ -35,8 +35,8 @@ static inline u16 i8254(void) |
213 |
+ u16 status, timer; |
214 |
+ |
215 |
+ do { |
216 |
+- outb(I8254_PORT_CONTROL, |
217 |
+- I8254_CMD_READBACK | I8254_SELECT_COUNTER0); |
218 |
++ outb(I8254_CMD_READBACK | I8254_SELECT_COUNTER0, |
219 |
++ I8254_PORT_CONTROL); |
220 |
+ status = inb(I8254_PORT_COUNTER0); |
221 |
+ timer = inb(I8254_PORT_COUNTER0); |
222 |
+ timer |= inb(I8254_PORT_COUNTER0) << 8; |
223 |
+diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c |
224 |
+index ef32e5766a01..06cf7427d0c4 100644 |
225 |
+--- a/drivers/acpi/nfit/core.c |
226 |
++++ b/drivers/acpi/nfit/core.c |
227 |
+@@ -185,6 +185,32 @@ static int xlat_status(struct nvdimm *nvdimm, void *buf, unsigned int cmd, |
228 |
+ return 0; |
229 |
+ } |
230 |
+ |
231 |
++static int cmd_to_func(struct nfit_mem *nfit_mem, unsigned int cmd, |
232 |
++ struct nd_cmd_pkg *call_pkg) |
233 |
++{ |
234 |
++ if (call_pkg) { |
235 |
++ int i; |
236 |
++ |
237 |
++ if (nfit_mem->family != call_pkg->nd_family) |
238 |
++ return -ENOTTY; |
239 |
++ |
240 |
++ for (i = 0; i < ARRAY_SIZE(call_pkg->nd_reserved2); i++) |
241 |
++ if (call_pkg->nd_reserved2[i]) |
242 |
++ return -EINVAL; |
243 |
++ return call_pkg->nd_command; |
244 |
++ } |
245 |
++ |
246 |
++ /* Linux ND commands == NVDIMM_FAMILY_INTEL function numbers */ |
247 |
++ if (nfit_mem->family == NVDIMM_FAMILY_INTEL) |
248 |
++ return cmd; |
249 |
++ |
250 |
++ /* |
251 |
++ * Force function number validation to fail since 0 is never |
252 |
++ * published as a valid function in dsm_mask. |
253 |
++ */ |
254 |
++ return 0; |
255 |
++} |
256 |
++ |
257 |
+ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, |
258 |
+ unsigned int cmd, void *buf, unsigned int buf_len, int *cmd_rc) |
259 |
+ { |
260 |
+@@ -197,17 +223,11 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, |
261 |
+ unsigned long cmd_mask, dsm_mask; |
262 |
+ u32 offset, fw_status = 0; |
263 |
+ acpi_handle handle; |
264 |
+- unsigned int func; |
265 |
+ const u8 *uuid; |
266 |
+- int rc, i; |
267 |
++ int func, rc, i; |
268 |
+ |
269 |
+ if (cmd_rc) |
270 |
+ *cmd_rc = -EINVAL; |
271 |
+- func = cmd; |
272 |
+- if (cmd == ND_CMD_CALL) { |
273 |
+- call_pkg = buf; |
274 |
+- func = call_pkg->nd_command; |
275 |
+- } |
276 |
+ |
277 |
+ if (nvdimm) { |
278 |
+ struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm); |
279 |
+@@ -215,9 +235,12 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, |
280 |
+ |
281 |
+ if (!adev) |
282 |
+ return -ENOTTY; |
283 |
+- if (call_pkg && nfit_mem->family != call_pkg->nd_family) |
284 |
+- return -ENOTTY; |
285 |
+ |
286 |
++ if (cmd == ND_CMD_CALL) |
287 |
++ call_pkg = buf; |
288 |
++ func = cmd_to_func(nfit_mem, cmd, call_pkg); |
289 |
++ if (func < 0) |
290 |
++ return func; |
291 |
+ dimm_name = nvdimm_name(nvdimm); |
292 |
+ cmd_name = nvdimm_cmd_name(cmd); |
293 |
+ cmd_mask = nvdimm_cmd_mask(nvdimm); |
294 |
+@@ -228,6 +251,7 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, |
295 |
+ } else { |
296 |
+ struct acpi_device *adev = to_acpi_dev(acpi_desc); |
297 |
+ |
298 |
++ func = cmd; |
299 |
+ cmd_name = nvdimm_bus_cmd_name(cmd); |
300 |
+ cmd_mask = nd_desc->cmd_mask; |
301 |
+ dsm_mask = cmd_mask; |
302 |
+@@ -240,7 +264,13 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm, |
303 |
+ if (!desc || (cmd && (desc->out_num + desc->in_num == 0))) |
304 |
+ return -ENOTTY; |
305 |
+ |
306 |
+- if (!test_bit(cmd, &cmd_mask) || !test_bit(func, &dsm_mask)) |
307 |
++ /* |
308 |
++ * Check for a valid command. For ND_CMD_CALL, we also have to |
309 |
++ * make sure that the DSM function is supported. |
310 |
++ */ |
311 |
++ if (cmd == ND_CMD_CALL && !test_bit(func, &dsm_mask)) |
312 |
++ return -ENOTTY; |
313 |
++ else if (!test_bit(cmd, &cmd_mask)) |
314 |
+ return -ENOTTY; |
315 |
+ |
316 |
+ in_obj.type = ACPI_TYPE_PACKAGE; |
317 |
+@@ -1433,6 +1463,13 @@ static int acpi_nfit_add_dimm(struct acpi_nfit_desc *acpi_desc, |
318 |
+ return 0; |
319 |
+ } |
320 |
+ |
321 |
++ /* |
322 |
++ * Function 0 is the command interrogation function, don't |
323 |
++ * export it to potential userspace use, and enable it to be |
324 |
++ * used as an error value in acpi_nfit_ctl(). |
325 |
++ */ |
326 |
++ dsm_mask &= ~1UL; |
327 |
++ |
328 |
+ uuid = to_nfit_uuid(nfit_mem->family); |
329 |
+ for_each_set_bit(i, &dsm_mask, BITS_PER_LONG) |
330 |
+ if (acpi_check_dsm(adev_dimm->handle, uuid, 1, 1ULL << i)) |
331 |
+diff --git a/drivers/char/mwave/mwavedd.c b/drivers/char/mwave/mwavedd.c |
332 |
+index 3a3ff2eb6cba..7a4f9346cccf 100644 |
333 |
+--- a/drivers/char/mwave/mwavedd.c |
334 |
++++ b/drivers/char/mwave/mwavedd.c |
335 |
+@@ -59,6 +59,7 @@ |
336 |
+ #include <linux/mutex.h> |
337 |
+ #include <linux/delay.h> |
338 |
+ #include <linux/serial_8250.h> |
339 |
++#include <linux/nospec.h> |
340 |
+ #include "smapi.h" |
341 |
+ #include "mwavedd.h" |
342 |
+ #include "3780i.h" |
343 |
+@@ -289,6 +290,8 @@ static long mwave_ioctl(struct file *file, unsigned int iocmd, |
344 |
+ ipcnum); |
345 |
+ return -EINVAL; |
346 |
+ } |
347 |
++ ipcnum = array_index_nospec(ipcnum, |
348 |
++ ARRAY_SIZE(pDrvData->IPCs)); |
349 |
+ PRINTK_3(TRACE_MWAVE, |
350 |
+ "mwavedd::mwave_ioctl IOCTL_MW_REGISTER_IPC" |
351 |
+ " ipcnum %x entry usIntCount %x\n", |
352 |
+@@ -317,6 +320,8 @@ static long mwave_ioctl(struct file *file, unsigned int iocmd, |
353 |
+ " Invalid ipcnum %x\n", ipcnum); |
354 |
+ return -EINVAL; |
355 |
+ } |
356 |
++ ipcnum = array_index_nospec(ipcnum, |
357 |
++ ARRAY_SIZE(pDrvData->IPCs)); |
358 |
+ PRINTK_3(TRACE_MWAVE, |
359 |
+ "mwavedd::mwave_ioctl IOCTL_MW_GET_IPC" |
360 |
+ " ipcnum %x, usIntCount %x\n", |
361 |
+@@ -383,6 +388,8 @@ static long mwave_ioctl(struct file *file, unsigned int iocmd, |
362 |
+ ipcnum); |
363 |
+ return -EINVAL; |
364 |
+ } |
365 |
++ ipcnum = array_index_nospec(ipcnum, |
366 |
++ ARRAY_SIZE(pDrvData->IPCs)); |
367 |
+ mutex_lock(&mwave_mutex); |
368 |
+ if (pDrvData->IPCs[ipcnum].bIsEnabled == true) { |
369 |
+ pDrvData->IPCs[ipcnum].bIsEnabled = false; |
370 |
+diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c |
371 |
+index f55dcdf99bc5..26476a64e663 100644 |
372 |
+--- a/drivers/input/joystick/xpad.c |
373 |
++++ b/drivers/input/joystick/xpad.c |
374 |
+@@ -255,6 +255,8 @@ static const struct xpad_device { |
375 |
+ { 0x0f30, 0x0202, "Joytech Advanced Controller", 0, XTYPE_XBOX }, |
376 |
+ { 0x0f30, 0x8888, "BigBen XBMiniPad Controller", 0, XTYPE_XBOX }, |
377 |
+ { 0x102c, 0xff0c, "Joytech Wireless Advanced Controller", 0, XTYPE_XBOX }, |
378 |
++ { 0x1038, 0x1430, "SteelSeries Stratus Duo", 0, XTYPE_XBOX360 }, |
379 |
++ { 0x1038, 0x1431, "SteelSeries Stratus Duo", 0, XTYPE_XBOX360 }, |
380 |
+ { 0x11c9, 0x55f0, "Nacon GC-100XF", 0, XTYPE_XBOX360 }, |
381 |
+ { 0x12ab, 0x0004, "Honey Bee Xbox360 dancepad", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360 }, |
382 |
+ { 0x12ab, 0x0301, "PDP AFTERGLOW AX.1", 0, XTYPE_XBOX360 }, |
383 |
+@@ -431,6 +433,7 @@ static const struct usb_device_id xpad_table[] = { |
384 |
+ XPAD_XBOXONE_VENDOR(0x0e6f), /* 0x0e6f X-Box One controllers */ |
385 |
+ XPAD_XBOX360_VENDOR(0x0f0d), /* Hori Controllers */ |
386 |
+ XPAD_XBOXONE_VENDOR(0x0f0d), /* Hori Controllers */ |
387 |
++ XPAD_XBOX360_VENDOR(0x1038), /* SteelSeries Controllers */ |
388 |
+ XPAD_XBOX360_VENDOR(0x11c9), /* Nacon GC100XF */ |
389 |
+ XPAD_XBOX360_VENDOR(0x12ab), /* X-Box 360 dance pads */ |
390 |
+ XPAD_XBOX360_VENDOR(0x1430), /* RedOctane X-Box 360 controllers */ |
391 |
+diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c |
392 |
+index 022be0e22eba..a306453d40d2 100644 |
393 |
+--- a/drivers/input/misc/uinput.c |
394 |
++++ b/drivers/input/misc/uinput.c |
395 |
+@@ -39,6 +39,7 @@ |
396 |
+ #include <linux/fs.h> |
397 |
+ #include <linux/miscdevice.h> |
398 |
+ #include <linux/uinput.h> |
399 |
++#include <linux/overflow.h> |
400 |
+ #include <linux/input/mt.h> |
401 |
+ #include "../input-compat.h" |
402 |
+ |
403 |
+@@ -335,7 +336,7 @@ static int uinput_open(struct inode *inode, struct file *file) |
404 |
+ static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code, |
405 |
+ const struct input_absinfo *abs) |
406 |
+ { |
407 |
+- int min, max; |
408 |
++ int min, max, range; |
409 |
+ |
410 |
+ min = abs->minimum; |
411 |
+ max = abs->maximum; |
412 |
+@@ -347,7 +348,7 @@ static int uinput_validate_absinfo(struct input_dev *dev, unsigned int code, |
413 |
+ return -EINVAL; |
414 |
+ } |
415 |
+ |
416 |
+- if (abs->flat > max - min) { |
417 |
++ if (!check_sub_overflow(max, min, &range) && abs->flat > range) { |
418 |
+ printk(KERN_DEBUG |
419 |
+ "%s: abs_flat #%02x out of range: %d (min:%d/max:%d)\n", |
420 |
+ UINPUT_NAME, code, abs->flat, min, max); |
421 |
+diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c |
422 |
+index 558c7589c329..83ca754250fb 100644 |
423 |
+--- a/drivers/irqchip/irq-gic-v3-its.c |
424 |
++++ b/drivers/irqchip/irq-gic-v3-its.c |
425 |
+@@ -1372,13 +1372,14 @@ static void its_free_device(struct its_device *its_dev) |
426 |
+ kfree(its_dev); |
427 |
+ } |
428 |
+ |
429 |
+-static int its_alloc_device_irq(struct its_device *dev, irq_hw_number_t *hwirq) |
430 |
++static int its_alloc_device_irq(struct its_device *dev, int nvecs, irq_hw_number_t *hwirq) |
431 |
+ { |
432 |
+ int idx; |
433 |
+ |
434 |
+- idx = find_first_zero_bit(dev->event_map.lpi_map, |
435 |
+- dev->event_map.nr_lpis); |
436 |
+- if (idx == dev->event_map.nr_lpis) |
437 |
++ idx = bitmap_find_free_region(dev->event_map.lpi_map, |
438 |
++ dev->event_map.nr_lpis, |
439 |
++ get_count_order(nvecs)); |
440 |
++ if (idx < 0) |
441 |
+ return -ENOSPC; |
442 |
+ |
443 |
+ *hwirq = dev->event_map.lpi_base + idx; |
444 |
+@@ -1464,20 +1465,20 @@ static int its_irq_domain_alloc(struct irq_domain *domain, unsigned int virq, |
445 |
+ int err; |
446 |
+ int i; |
447 |
+ |
448 |
+- for (i = 0; i < nr_irqs; i++) { |
449 |
+- err = its_alloc_device_irq(its_dev, &hwirq); |
450 |
+- if (err) |
451 |
+- return err; |
452 |
++ err = its_alloc_device_irq(its_dev, nr_irqs, &hwirq); |
453 |
++ if (err) |
454 |
++ return err; |
455 |
+ |
456 |
+- err = its_irq_gic_domain_alloc(domain, virq + i, hwirq); |
457 |
++ for (i = 0; i < nr_irqs; i++) { |
458 |
++ err = its_irq_gic_domain_alloc(domain, virq + i, hwirq + i); |
459 |
+ if (err) |
460 |
+ return err; |
461 |
+ |
462 |
+ irq_domain_set_hwirq_and_chip(domain, virq + i, |
463 |
+- hwirq, &its_irq_chip, its_dev); |
464 |
++ hwirq + i, &its_irq_chip, its_dev); |
465 |
+ pr_debug("ID:%d pID:%d vID:%d\n", |
466 |
+- (int)(hwirq - its_dev->event_map.lpi_base), |
467 |
+- (int) hwirq, virq + i); |
468 |
++ (int)(hwirq + i - its_dev->event_map.lpi_base), |
469 |
++ (int)(hwirq + i), virq + i); |
470 |
+ } |
471 |
+ |
472 |
+ return 0; |
473 |
+diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c |
474 |
+index 149fbac97cb6..d20f4023f6c1 100644 |
475 |
+--- a/drivers/md/dm-thin-metadata.c |
476 |
++++ b/drivers/md/dm-thin-metadata.c |
477 |
+@@ -1689,7 +1689,7 @@ int dm_thin_remove_range(struct dm_thin_device *td, |
478 |
+ return r; |
479 |
+ } |
480 |
+ |
481 |
+-int dm_pool_block_is_used(struct dm_pool_metadata *pmd, dm_block_t b, bool *result) |
482 |
++int dm_pool_block_is_shared(struct dm_pool_metadata *pmd, dm_block_t b, bool *result) |
483 |
+ { |
484 |
+ int r; |
485 |
+ uint32_t ref_count; |
486 |
+@@ -1697,7 +1697,7 @@ int dm_pool_block_is_used(struct dm_pool_metadata *pmd, dm_block_t b, bool *resu |
487 |
+ down_read(&pmd->root_lock); |
488 |
+ r = dm_sm_get_count(pmd->data_sm, b, &ref_count); |
489 |
+ if (!r) |
490 |
+- *result = (ref_count != 0); |
491 |
++ *result = (ref_count > 1); |
492 |
+ up_read(&pmd->root_lock); |
493 |
+ |
494 |
+ return r; |
495 |
+diff --git a/drivers/md/dm-thin-metadata.h b/drivers/md/dm-thin-metadata.h |
496 |
+index 35e954ea20a9..f6be0d733c20 100644 |
497 |
+--- a/drivers/md/dm-thin-metadata.h |
498 |
++++ b/drivers/md/dm-thin-metadata.h |
499 |
+@@ -195,7 +195,7 @@ int dm_pool_get_metadata_dev_size(struct dm_pool_metadata *pmd, |
500 |
+ |
501 |
+ int dm_pool_get_data_dev_size(struct dm_pool_metadata *pmd, dm_block_t *result); |
502 |
+ |
503 |
+-int dm_pool_block_is_used(struct dm_pool_metadata *pmd, dm_block_t b, bool *result); |
504 |
++int dm_pool_block_is_shared(struct dm_pool_metadata *pmd, dm_block_t b, bool *result); |
505 |
+ |
506 |
+ int dm_pool_inc_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_t e); |
507 |
+ int dm_pool_dec_data_range(struct dm_pool_metadata *pmd, dm_block_t b, dm_block_t e); |
508 |
+diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c |
509 |
+index 81309d7836c5..914c8a6bf93c 100644 |
510 |
+--- a/drivers/md/dm-thin.c |
511 |
++++ b/drivers/md/dm-thin.c |
512 |
+@@ -1017,7 +1017,7 @@ static void passdown_double_checking_shared_status(struct dm_thin_new_mapping *m |
513 |
+ * passdown we have to check that these blocks are now unused. |
514 |
+ */ |
515 |
+ int r = 0; |
516 |
+- bool used = true; |
517 |
++ bool shared = true; |
518 |
+ struct thin_c *tc = m->tc; |
519 |
+ struct pool *pool = tc->pool; |
520 |
+ dm_block_t b = m->data_block, e, end = m->data_block + m->virt_end - m->virt_begin; |
521 |
+@@ -1027,11 +1027,11 @@ static void passdown_double_checking_shared_status(struct dm_thin_new_mapping *m |
522 |
+ while (b != end) { |
523 |
+ /* find start of unmapped run */ |
524 |
+ for (; b < end; b++) { |
525 |
+- r = dm_pool_block_is_used(pool->pmd, b, &used); |
526 |
++ r = dm_pool_block_is_shared(pool->pmd, b, &shared); |
527 |
+ if (r) |
528 |
+ goto out; |
529 |
+ |
530 |
+- if (!used) |
531 |
++ if (!shared) |
532 |
+ break; |
533 |
+ } |
534 |
+ |
535 |
+@@ -1040,11 +1040,11 @@ static void passdown_double_checking_shared_status(struct dm_thin_new_mapping *m |
536 |
+ |
537 |
+ /* find end of run */ |
538 |
+ for (e = b + 1; e != end; e++) { |
539 |
+- r = dm_pool_block_is_used(pool->pmd, e, &used); |
540 |
++ r = dm_pool_block_is_shared(pool->pmd, e, &shared); |
541 |
+ if (r) |
542 |
+ goto out; |
543 |
+ |
544 |
+- if (used) |
545 |
++ if (shared) |
546 |
+ break; |
547 |
+ } |
548 |
+ |
549 |
+diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c |
550 |
+index ff3d9fc0f1b3..214a48703a4e 100644 |
551 |
+--- a/drivers/net/can/dev.c |
552 |
++++ b/drivers/net/can/dev.c |
553 |
+@@ -456,8 +456,6 @@ EXPORT_SYMBOL_GPL(can_put_echo_skb); |
554 |
+ struct sk_buff *__can_get_echo_skb(struct net_device *dev, unsigned int idx, u8 *len_ptr) |
555 |
+ { |
556 |
+ struct can_priv *priv = netdev_priv(dev); |
557 |
+- struct sk_buff *skb = priv->echo_skb[idx]; |
558 |
+- struct canfd_frame *cf; |
559 |
+ |
560 |
+ if (idx >= priv->echo_skb_max) { |
561 |
+ netdev_err(dev, "%s: BUG! Trying to access can_priv::echo_skb out of bounds (%u/max %u)\n", |
562 |
+@@ -465,20 +463,21 @@ struct sk_buff *__can_get_echo_skb(struct net_device *dev, unsigned int idx, u8 |
563 |
+ return NULL; |
564 |
+ } |
565 |
+ |
566 |
+- if (!skb) { |
567 |
+- netdev_err(dev, "%s: BUG! Trying to echo non existing skb: can_priv::echo_skb[%u]\n", |
568 |
+- __func__, idx); |
569 |
+- return NULL; |
570 |
+- } |
571 |
++ if (priv->echo_skb[idx]) { |
572 |
++ /* Using "struct canfd_frame::len" for the frame |
573 |
++ * length is supported on both CAN and CANFD frames. |
574 |
++ */ |
575 |
++ struct sk_buff *skb = priv->echo_skb[idx]; |
576 |
++ struct canfd_frame *cf = (struct canfd_frame *)skb->data; |
577 |
++ u8 len = cf->len; |
578 |
++ |
579 |
++ *len_ptr = len; |
580 |
++ priv->echo_skb[idx] = NULL; |
581 |
+ |
582 |
+- /* Using "struct canfd_frame::len" for the frame |
583 |
+- * length is supported on both CAN and CANFD frames. |
584 |
+- */ |
585 |
+- cf = (struct canfd_frame *)skb->data; |
586 |
+- *len_ptr = cf->len; |
587 |
+- priv->echo_skb[idx] = NULL; |
588 |
++ return skb; |
589 |
++ } |
590 |
+ |
591 |
+- return skb; |
592 |
++ return NULL; |
593 |
+ } |
594 |
+ |
595 |
+ /* |
596 |
+diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c |
597 |
+index fa2c7bd638be..8c93ed5c9763 100644 |
598 |
+--- a/drivers/net/ppp/pppoe.c |
599 |
++++ b/drivers/net/ppp/pppoe.c |
600 |
+@@ -442,6 +442,7 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, |
601 |
+ if (pskb_trim_rcsum(skb, len)) |
602 |
+ goto drop; |
603 |
+ |
604 |
++ ph = pppoe_hdr(skb); |
605 |
+ pn = pppoe_pernet(dev_net(dev)); |
606 |
+ |
607 |
+ /* Note that get_item does a sock_hold(), so sk_pppox(po) |
608 |
+diff --git a/drivers/nvme/target/rdma.c b/drivers/nvme/target/rdma.c |
609 |
+index 486393fa4f3e..0f1201e6e957 100644 |
610 |
+--- a/drivers/nvme/target/rdma.c |
611 |
++++ b/drivers/nvme/target/rdma.c |
612 |
+@@ -137,6 +137,10 @@ static void nvmet_rdma_recv_done(struct ib_cq *cq, struct ib_wc *wc); |
613 |
+ static void nvmet_rdma_read_data_done(struct ib_cq *cq, struct ib_wc *wc); |
614 |
+ static void nvmet_rdma_qp_event(struct ib_event *event, void *priv); |
615 |
+ static void nvmet_rdma_queue_disconnect(struct nvmet_rdma_queue *queue); |
616 |
++static void nvmet_rdma_free_rsp(struct nvmet_rdma_device *ndev, |
617 |
++ struct nvmet_rdma_rsp *r); |
618 |
++static int nvmet_rdma_alloc_rsp(struct nvmet_rdma_device *ndev, |
619 |
++ struct nvmet_rdma_rsp *r); |
620 |
+ |
621 |
+ static struct nvmet_fabrics_ops nvmet_rdma_ops; |
622 |
+ |
623 |
+@@ -175,9 +179,17 @@ nvmet_rdma_get_rsp(struct nvmet_rdma_queue *queue) |
624 |
+ spin_unlock_irqrestore(&queue->rsps_lock, flags); |
625 |
+ |
626 |
+ if (unlikely(!rsp)) { |
627 |
+- rsp = kmalloc(sizeof(*rsp), GFP_KERNEL); |
628 |
++ int ret; |
629 |
++ |
630 |
++ rsp = kzalloc(sizeof(*rsp), GFP_KERNEL); |
631 |
+ if (unlikely(!rsp)) |
632 |
+ return NULL; |
633 |
++ ret = nvmet_rdma_alloc_rsp(queue->dev, rsp); |
634 |
++ if (unlikely(ret)) { |
635 |
++ kfree(rsp); |
636 |
++ return NULL; |
637 |
++ } |
638 |
++ |
639 |
+ rsp->allocated = true; |
640 |
+ } |
641 |
+ |
642 |
+@@ -189,7 +201,8 @@ nvmet_rdma_put_rsp(struct nvmet_rdma_rsp *rsp) |
643 |
+ { |
644 |
+ unsigned long flags; |
645 |
+ |
646 |
+- if (rsp->allocated) { |
647 |
++ if (unlikely(rsp->allocated)) { |
648 |
++ nvmet_rdma_free_rsp(rsp->queue->dev, rsp); |
649 |
+ kfree(rsp); |
650 |
+ return; |
651 |
+ } |
652 |
+diff --git a/drivers/s390/char/sclp_config.c b/drivers/s390/char/sclp_config.c |
653 |
+index 1406fb688a26..73e2f89aded8 100644 |
654 |
+--- a/drivers/s390/char/sclp_config.c |
655 |
++++ b/drivers/s390/char/sclp_config.c |
656 |
+@@ -59,7 +59,9 @@ static void sclp_cpu_capability_notify(struct work_struct *work) |
657 |
+ |
658 |
+ static void __ref sclp_cpu_change_notify(struct work_struct *work) |
659 |
+ { |
660 |
++ lock_device_hotplug(); |
661 |
+ smp_rescan_cpus(); |
662 |
++ unlock_device_hotplug(); |
663 |
+ } |
664 |
+ |
665 |
+ static void sclp_conf_receiver_fn(struct evbuf_header *evbuf) |
666 |
+diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c |
667 |
+index 0f63a36a519e..d22360849b88 100644 |
668 |
+--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c |
669 |
++++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c |
670 |
+@@ -43,6 +43,7 @@ static struct usb_device_id rtw_usb_id_tbl[] = { |
671 |
+ {USB_DEVICE(0x2001, 0x330F)}, /* DLink DWA-125 REV D1 */ |
672 |
+ {USB_DEVICE(0x2001, 0x3310)}, /* Dlink DWA-123 REV D1 */ |
673 |
+ {USB_DEVICE(0x2001, 0x3311)}, /* DLink GO-USB-N150 REV B1 */ |
674 |
++ {USB_DEVICE(0x2001, 0x331B)}, /* D-Link DWA-121 rev B1 */ |
675 |
+ {USB_DEVICE(0x2357, 0x010c)}, /* TP-Link TL-WN722N v2 */ |
676 |
+ {USB_DEVICE(0x0df6, 0x0076)}, /* Sitecom N150 v2 */ |
677 |
+ {USB_DEVICE(USB_VENDER_ID_REALTEK, 0xffef)}, /* Rosewill RNX-N150NUB */ |
678 |
+diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c |
679 |
+index 6d1e2f746ab4..8d6253903f24 100644 |
680 |
+--- a/drivers/tty/n_hdlc.c |
681 |
++++ b/drivers/tty/n_hdlc.c |
682 |
+@@ -598,6 +598,7 @@ static ssize_t n_hdlc_tty_read(struct tty_struct *tty, struct file *file, |
683 |
+ /* too large for caller's buffer */ |
684 |
+ ret = -EOVERFLOW; |
685 |
+ } else { |
686 |
++ __set_current_state(TASK_RUNNING); |
687 |
+ if (copy_to_user(buf, rbuf->buf, rbuf->count)) |
688 |
+ ret = -EFAULT; |
689 |
+ else |
690 |
+diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c |
691 |
+index bcfdaf6ddbb2..95fc7e893fd2 100644 |
692 |
+--- a/drivers/tty/serial/serial_core.c |
693 |
++++ b/drivers/tty/serial/serial_core.c |
694 |
+@@ -540,10 +540,12 @@ static int uart_put_char(struct tty_struct *tty, unsigned char c) |
695 |
+ int ret = 0; |
696 |
+ |
697 |
+ circ = &state->xmit; |
698 |
+- if (!circ->buf) |
699 |
++ port = uart_port_lock(state, flags); |
700 |
++ if (!circ->buf) { |
701 |
++ uart_port_unlock(port, flags); |
702 |
+ return 0; |
703 |
++ } |
704 |
+ |
705 |
+- port = uart_port_lock(state, flags); |
706 |
+ if (port && uart_circ_chars_free(circ) != 0) { |
707 |
+ circ->buf[circ->head] = c; |
708 |
+ circ->head = (circ->head + 1) & (UART_XMIT_SIZE - 1); |
709 |
+@@ -576,11 +578,13 @@ static int uart_write(struct tty_struct *tty, |
710 |
+ return -EL3HLT; |
711 |
+ } |
712 |
+ |
713 |
++ port = uart_port_lock(state, flags); |
714 |
+ circ = &state->xmit; |
715 |
+- if (!circ->buf) |
716 |
++ if (!circ->buf) { |
717 |
++ uart_port_unlock(port, flags); |
718 |
+ return 0; |
719 |
++ } |
720 |
+ |
721 |
+- port = uart_port_lock(state, flags); |
722 |
+ while (port) { |
723 |
+ c = CIRC_SPACE_TO_END(circ->head, circ->tail, UART_XMIT_SIZE); |
724 |
+ if (count < c) |
725 |
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
726 |
+index f61f8650665f..19fe1e8fc124 100644 |
727 |
+--- a/drivers/tty/tty_io.c |
728 |
++++ b/drivers/tty/tty_io.c |
729 |
+@@ -2324,7 +2324,8 @@ static int tiocsti(struct tty_struct *tty, char __user *p) |
730 |
+ ld = tty_ldisc_ref_wait(tty); |
731 |
+ if (!ld) |
732 |
+ return -EIO; |
733 |
+- ld->ops->receive_buf(tty, &ch, &mbz, 1); |
734 |
++ if (ld->ops->receive_buf) |
735 |
++ ld->ops->receive_buf(tty, &ch, &mbz, 1); |
736 |
+ tty_ldisc_deref(ld); |
737 |
+ return 0; |
738 |
+ } |
739 |
+diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c |
740 |
+index 9d3e413f48c6..232cb0a760b9 100644 |
741 |
+--- a/drivers/tty/vt/vt.c |
742 |
++++ b/drivers/tty/vt/vt.c |
743 |
+@@ -956,6 +956,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, |
744 |
+ if (con_is_visible(vc)) |
745 |
+ update_screen(vc); |
746 |
+ vt_event_post(VT_EVENT_RESIZE, vc->vc_num, vc->vc_num); |
747 |
++ notify_update(vc); |
748 |
+ return err; |
749 |
+ } |
750 |
+ |
751 |
+diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c |
752 |
+index 4966768d3c98..9706d214c409 100644 |
753 |
+--- a/drivers/usb/serial/pl2303.c |
754 |
++++ b/drivers/usb/serial/pl2303.c |
755 |
+@@ -47,6 +47,7 @@ static const struct usb_device_id id_table[] = { |
756 |
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_HCR331) }, |
757 |
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_MOTOROLA) }, |
758 |
+ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_ZTEK) }, |
759 |
++ { USB_DEVICE(PL2303_VENDOR_ID, PL2303_PRODUCT_ID_TB) }, |
760 |
+ { USB_DEVICE(IODATA_VENDOR_ID, IODATA_PRODUCT_ID) }, |
761 |
+ { USB_DEVICE(IODATA_VENDOR_ID, IODATA_PRODUCT_ID_RSAQ5) }, |
762 |
+ { USB_DEVICE(ATEN_VENDOR_ID, ATEN_PRODUCT_ID) }, |
763 |
+diff --git a/drivers/usb/serial/pl2303.h b/drivers/usb/serial/pl2303.h |
764 |
+index a84f0959ab34..d84c3b3d477b 100644 |
765 |
+--- a/drivers/usb/serial/pl2303.h |
766 |
++++ b/drivers/usb/serial/pl2303.h |
767 |
+@@ -13,6 +13,7 @@ |
768 |
+ |
769 |
+ #define PL2303_VENDOR_ID 0x067b |
770 |
+ #define PL2303_PRODUCT_ID 0x2303 |
771 |
++#define PL2303_PRODUCT_ID_TB 0x2304 |
772 |
+ #define PL2303_PRODUCT_ID_RSAQ2 0x04bb |
773 |
+ #define PL2303_PRODUCT_ID_DCU11 0x1234 |
774 |
+ #define PL2303_PRODUCT_ID_PHAROS 0xaaa0 |
775 |
+@@ -25,6 +26,7 @@ |
776 |
+ #define PL2303_PRODUCT_ID_MOTOROLA 0x0307 |
777 |
+ #define PL2303_PRODUCT_ID_ZTEK 0xe1f1 |
778 |
+ |
779 |
++ |
780 |
+ #define ATEN_VENDOR_ID 0x0557 |
781 |
+ #define ATEN_VENDOR_ID2 0x0547 |
782 |
+ #define ATEN_PRODUCT_ID 0x2008 |
783 |
+diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c |
784 |
+index 6d6acf2c07c3..511242111403 100644 |
785 |
+--- a/drivers/usb/serial/usb-serial-simple.c |
786 |
++++ b/drivers/usb/serial/usb-serial-simple.c |
787 |
+@@ -88,7 +88,8 @@ DEVICE(moto_modem, MOTO_IDS); |
788 |
+ /* Motorola Tetra driver */ |
789 |
+ #define MOTOROLA_TETRA_IDS() \ |
790 |
+ { USB_DEVICE(0x0cad, 0x9011) }, /* Motorola Solutions TETRA PEI */ \ |
791 |
+- { USB_DEVICE(0x0cad, 0x9012) } /* MTP6550 */ |
792 |
++ { USB_DEVICE(0x0cad, 0x9012) }, /* MTP6550 */ \ |
793 |
++ { USB_DEVICE(0x0cad, 0x9016) } /* TPG2200 */ |
794 |
+ DEVICE(motorola_tetra, MOTOROLA_TETRA_IDS); |
795 |
+ |
796 |
+ /* Novatel Wireless GPS driver */ |
797 |
+diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c |
798 |
+index 353c93bc459b..681d0eade82f 100644 |
799 |
+--- a/drivers/vhost/net.c |
800 |
++++ b/drivers/vhost/net.c |
801 |
+@@ -751,7 +751,8 @@ static void handle_rx(struct vhost_net *net) |
802 |
+ vhost_add_used_and_signal_n(&net->dev, vq, vq->heads, |
803 |
+ headcount); |
804 |
+ if (unlikely(vq_log)) |
805 |
+- vhost_log_write(vq, vq_log, log, vhost_len); |
806 |
++ vhost_log_write(vq, vq_log, log, vhost_len, |
807 |
++ vq->iov, in); |
808 |
+ total_len += vhost_len; |
809 |
+ if (unlikely(total_len >= VHOST_NET_WEIGHT)) { |
810 |
+ vhost_poll_queue(&vq->poll); |
811 |
+diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c |
812 |
+index 53b1b3cfce84..dc387a974325 100644 |
813 |
+--- a/drivers/vhost/vhost.c |
814 |
++++ b/drivers/vhost/vhost.c |
815 |
+@@ -1646,13 +1646,87 @@ static int log_write(void __user *log_base, |
816 |
+ return r; |
817 |
+ } |
818 |
+ |
819 |
++static int log_write_hva(struct vhost_virtqueue *vq, u64 hva, u64 len) |
820 |
++{ |
821 |
++ struct vhost_umem *umem = vq->umem; |
822 |
++ struct vhost_umem_node *u; |
823 |
++ u64 start, end, l, min; |
824 |
++ int r; |
825 |
++ bool hit = false; |
826 |
++ |
827 |
++ while (len) { |
828 |
++ min = len; |
829 |
++ /* More than one GPAs can be mapped into a single HVA. So |
830 |
++ * iterate all possible umems here to be safe. |
831 |
++ */ |
832 |
++ list_for_each_entry(u, &umem->umem_list, link) { |
833 |
++ if (u->userspace_addr > hva - 1 + len || |
834 |
++ u->userspace_addr - 1 + u->size < hva) |
835 |
++ continue; |
836 |
++ start = max(u->userspace_addr, hva); |
837 |
++ end = min(u->userspace_addr - 1 + u->size, |
838 |
++ hva - 1 + len); |
839 |
++ l = end - start + 1; |
840 |
++ r = log_write(vq->log_base, |
841 |
++ u->start + start - u->userspace_addr, |
842 |
++ l); |
843 |
++ if (r < 0) |
844 |
++ return r; |
845 |
++ hit = true; |
846 |
++ min = min(l, min); |
847 |
++ } |
848 |
++ |
849 |
++ if (!hit) |
850 |
++ return -EFAULT; |
851 |
++ |
852 |
++ len -= min; |
853 |
++ hva += min; |
854 |
++ } |
855 |
++ |
856 |
++ return 0; |
857 |
++} |
858 |
++ |
859 |
++static int log_used(struct vhost_virtqueue *vq, u64 used_offset, u64 len) |
860 |
++{ |
861 |
++ struct iovec iov[64]; |
862 |
++ int i, ret; |
863 |
++ |
864 |
++ if (!vq->iotlb) |
865 |
++ return log_write(vq->log_base, vq->log_addr + used_offset, len); |
866 |
++ |
867 |
++ ret = translate_desc(vq, (uintptr_t)vq->used + used_offset, |
868 |
++ len, iov, 64, VHOST_ACCESS_WO); |
869 |
++ if (ret) |
870 |
++ return ret; |
871 |
++ |
872 |
++ for (i = 0; i < ret; i++) { |
873 |
++ ret = log_write_hva(vq, (uintptr_t)iov[i].iov_base, |
874 |
++ iov[i].iov_len); |
875 |
++ if (ret) |
876 |
++ return ret; |
877 |
++ } |
878 |
++ |
879 |
++ return 0; |
880 |
++} |
881 |
++ |
882 |
+ int vhost_log_write(struct vhost_virtqueue *vq, struct vhost_log *log, |
883 |
+- unsigned int log_num, u64 len) |
884 |
++ unsigned int log_num, u64 len, struct iovec *iov, int count) |
885 |
+ { |
886 |
+ int i, r; |
887 |
+ |
888 |
+ /* Make sure data written is seen before log. */ |
889 |
+ smp_wmb(); |
890 |
++ |
891 |
++ if (vq->iotlb) { |
892 |
++ for (i = 0; i < count; i++) { |
893 |
++ r = log_write_hva(vq, (uintptr_t)iov[i].iov_base, |
894 |
++ iov[i].iov_len); |
895 |
++ if (r < 0) |
896 |
++ return r; |
897 |
++ } |
898 |
++ return 0; |
899 |
++ } |
900 |
++ |
901 |
+ for (i = 0; i < log_num; ++i) { |
902 |
+ u64 l = min(log[i].len, len); |
903 |
+ r = log_write(vq->log_base, log[i].addr, l); |
904 |
+@@ -1682,9 +1756,8 @@ static int vhost_update_used_flags(struct vhost_virtqueue *vq) |
905 |
+ smp_wmb(); |
906 |
+ /* Log used flag write. */ |
907 |
+ used = &vq->used->flags; |
908 |
+- log_write(vq->log_base, vq->log_addr + |
909 |
+- (used - (void __user *)vq->used), |
910 |
+- sizeof vq->used->flags); |
911 |
++ log_used(vq, (used - (void __user *)vq->used), |
912 |
++ sizeof vq->used->flags); |
913 |
+ if (vq->log_ctx) |
914 |
+ eventfd_signal(vq->log_ctx, 1); |
915 |
+ } |
916 |
+@@ -1702,9 +1775,8 @@ static int vhost_update_avail_event(struct vhost_virtqueue *vq, u16 avail_event) |
917 |
+ smp_wmb(); |
918 |
+ /* Log avail event write */ |
919 |
+ used = vhost_avail_event(vq); |
920 |
+- log_write(vq->log_base, vq->log_addr + |
921 |
+- (used - (void __user *)vq->used), |
922 |
+- sizeof *vhost_avail_event(vq)); |
923 |
++ log_used(vq, (used - (void __user *)vq->used), |
924 |
++ sizeof *vhost_avail_event(vq)); |
925 |
+ if (vq->log_ctx) |
926 |
+ eventfd_signal(vq->log_ctx, 1); |
927 |
+ } |
928 |
+@@ -2103,10 +2175,8 @@ static int __vhost_add_used_n(struct vhost_virtqueue *vq, |
929 |
+ /* Make sure data is seen before log. */ |
930 |
+ smp_wmb(); |
931 |
+ /* Log used ring entry write. */ |
932 |
+- log_write(vq->log_base, |
933 |
+- vq->log_addr + |
934 |
+- ((void __user *)used - (void __user *)vq->used), |
935 |
+- count * sizeof *used); |
936 |
++ log_used(vq, ((void __user *)used - (void __user *)vq->used), |
937 |
++ count * sizeof *used); |
938 |
+ } |
939 |
+ old = vq->last_used_idx; |
940 |
+ new = (vq->last_used_idx += count); |
941 |
+@@ -2148,9 +2218,8 @@ int vhost_add_used_n(struct vhost_virtqueue *vq, struct vring_used_elem *heads, |
942 |
+ /* Make sure used idx is seen before log. */ |
943 |
+ smp_wmb(); |
944 |
+ /* Log used index update. */ |
945 |
+- log_write(vq->log_base, |
946 |
+- vq->log_addr + offsetof(struct vring_used, idx), |
947 |
+- sizeof vq->used->idx); |
948 |
++ log_used(vq, offsetof(struct vring_used, idx), |
949 |
++ sizeof vq->used->idx); |
950 |
+ if (vq->log_ctx) |
951 |
+ eventfd_signal(vq->log_ctx, 1); |
952 |
+ } |
953 |
+diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h |
954 |
+index 78f3c5fc02e4..e8efe1af7487 100644 |
955 |
+--- a/drivers/vhost/vhost.h |
956 |
++++ b/drivers/vhost/vhost.h |
957 |
+@@ -199,7 +199,8 @@ bool vhost_vq_avail_empty(struct vhost_dev *, struct vhost_virtqueue *); |
958 |
+ bool vhost_enable_notify(struct vhost_dev *, struct vhost_virtqueue *); |
959 |
+ |
960 |
+ int vhost_log_write(struct vhost_virtqueue *vq, struct vhost_log *log, |
961 |
+- unsigned int log_num, u64 len); |
962 |
++ unsigned int log_num, u64 len, |
963 |
++ struct iovec *iov, int count); |
964 |
+ int vq_iotlb_prefetch(struct vhost_virtqueue *vq); |
965 |
+ |
966 |
+ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type); |
967 |
+diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c |
968 |
+index b450adf65236..fb973cc0af66 100644 |
969 |
+--- a/fs/btrfs/dev-replace.c |
970 |
++++ b/fs/btrfs/dev-replace.c |
971 |
+@@ -350,6 +350,7 @@ int btrfs_dev_replace_start(struct btrfs_root *root, char *tgtdev_name, |
972 |
+ break; |
973 |
+ case BTRFS_IOCTL_DEV_REPLACE_STATE_STARTED: |
974 |
+ case BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED: |
975 |
++ ASSERT(0); |
976 |
+ ret = BTRFS_IOCTL_DEV_REPLACE_RESULT_ALREADY_STARTED; |
977 |
+ goto leave; |
978 |
+ } |
979 |
+@@ -394,6 +395,10 @@ int btrfs_dev_replace_start(struct btrfs_root *root, char *tgtdev_name, |
980 |
+ if (IS_ERR(trans)) { |
981 |
+ ret = PTR_ERR(trans); |
982 |
+ btrfs_dev_replace_lock(dev_replace, 1); |
983 |
++ dev_replace->replace_state = |
984 |
++ BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED; |
985 |
++ dev_replace->srcdev = NULL; |
986 |
++ dev_replace->tgtdev = NULL; |
987 |
+ goto leave; |
988 |
+ } |
989 |
+ |
990 |
+@@ -415,8 +420,6 @@ int btrfs_dev_replace_start(struct btrfs_root *root, char *tgtdev_name, |
991 |
+ return ret; |
992 |
+ |
993 |
+ leave: |
994 |
+- dev_replace->srcdev = NULL; |
995 |
+- dev_replace->tgtdev = NULL; |
996 |
+ btrfs_dev_replace_unlock(dev_replace, 1); |
997 |
+ btrfs_destroy_dev_replace_tgtdev(fs_info, tgt_device); |
998 |
+ return ret; |
999 |
+@@ -784,6 +787,8 @@ int btrfs_resume_dev_replace_async(struct btrfs_fs_info *fs_info) |
1000 |
+ "cannot continue dev_replace, tgtdev is missing"); |
1001 |
+ btrfs_info(fs_info, |
1002 |
+ "you may cancel the operation after 'mount -o degraded'"); |
1003 |
++ dev_replace->replace_state = |
1004 |
++ BTRFS_IOCTL_DEV_REPLACE_STATE_SUSPENDED; |
1005 |
+ btrfs_dev_replace_unlock(dev_replace, 1); |
1006 |
+ return 0; |
1007 |
+ } |
1008 |
+diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c |
1009 |
+index 08c1c86c2ad9..2db7968febfe 100644 |
1010 |
+--- a/fs/cifs/smb2ops.c |
1011 |
++++ b/fs/cifs/smb2ops.c |
1012 |
+@@ -148,14 +148,14 @@ smb2_wait_mtu_credits(struct TCP_Server_Info *server, unsigned int size, |
1013 |
+ |
1014 |
+ scredits = server->credits; |
1015 |
+ /* can deadlock with reopen */ |
1016 |
+- if (scredits == 1) { |
1017 |
++ if (scredits <= 8) { |
1018 |
+ *num = SMB2_MAX_BUFFER_SIZE; |
1019 |
+ *credits = 0; |
1020 |
+ break; |
1021 |
+ } |
1022 |
+ |
1023 |
+- /* leave one credit for a possible reopen */ |
1024 |
+- scredits--; |
1025 |
++ /* leave some credits for reopen and other ops */ |
1026 |
++ scredits -= 8; |
1027 |
+ *num = min_t(unsigned int, size, |
1028 |
+ scredits * SMB2_MAX_BUFFER_SIZE); |
1029 |
+ |
1030 |
+diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c |
1031 |
+index f4fe54047fb7..d87c48e4a9ba 100644 |
1032 |
+--- a/fs/f2fs/node.c |
1033 |
++++ b/fs/f2fs/node.c |
1034 |
+@@ -656,6 +656,7 @@ static void truncate_node(struct dnode_of_data *dn) |
1035 |
+ { |
1036 |
+ struct f2fs_sb_info *sbi = F2FS_I_SB(dn->inode); |
1037 |
+ struct node_info ni; |
1038 |
++ pgoff_t index; |
1039 |
+ |
1040 |
+ get_node_info(sbi, dn->nid, &ni); |
1041 |
+ if (dn->inode->i_blocks == 0) { |
1042 |
+@@ -678,10 +679,11 @@ invalidate: |
1043 |
+ clear_node_page_dirty(dn->node_page); |
1044 |
+ set_sbi_flag(sbi, SBI_IS_DIRTY); |
1045 |
+ |
1046 |
++ index = dn->node_page->index; |
1047 |
+ f2fs_put_page(dn->node_page, 1); |
1048 |
+ |
1049 |
+ invalidate_mapping_pages(NODE_MAPPING(sbi), |
1050 |
+- dn->node_page->index, dn->node_page->index); |
1051 |
++ index, index); |
1052 |
+ |
1053 |
+ dn->node_page = NULL; |
1054 |
+ trace_f2fs_truncate_node(dn->inode, dn->nid, ni.blk_addr); |
1055 |
+diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h |
1056 |
+index 21c88a7ac23b..697988be62df 100644 |
1057 |
+--- a/include/linux/compiler-clang.h |
1058 |
++++ b/include/linux/compiler-clang.h |
1059 |
+@@ -23,3 +23,17 @@ |
1060 |
+ #ifdef __noretpoline |
1061 |
+ #undef __noretpoline |
1062 |
+ #endif |
1063 |
++ |
1064 |
++/* |
1065 |
++ * Not all versions of clang implement the the type-generic versions |
1066 |
++ * of the builtin overflow checkers. Fortunately, clang implements |
1067 |
++ * __has_builtin allowing us to avoid awkward version |
1068 |
++ * checks. Unfortunately, we don't know which version of gcc clang |
1069 |
++ * pretends to be, so the macro may or may not be defined. |
1070 |
++ */ |
1071 |
++#undef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW |
1072 |
++#if __has_builtin(__builtin_mul_overflow) && \ |
1073 |
++ __has_builtin(__builtin_add_overflow) && \ |
1074 |
++ __has_builtin(__builtin_sub_overflow) |
1075 |
++#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 |
1076 |
++#endif |
1077 |
+diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h |
1078 |
+index 8e82e3373eaf..8e9b0cb8db41 100644 |
1079 |
+--- a/include/linux/compiler-gcc.h |
1080 |
++++ b/include/linux/compiler-gcc.h |
1081 |
+@@ -334,3 +334,7 @@ |
1082 |
+ * code |
1083 |
+ */ |
1084 |
+ #define uninitialized_var(x) x = x |
1085 |
++ |
1086 |
++#if GCC_VERSION >= 50100 |
1087 |
++#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1 |
1088 |
++#endif |
1089 |
+diff --git a/include/linux/compiler-intel.h b/include/linux/compiler-intel.h |
1090 |
+index d4c71132d07f..8c9897b1b953 100644 |
1091 |
+--- a/include/linux/compiler-intel.h |
1092 |
++++ b/include/linux/compiler-intel.h |
1093 |
+@@ -43,3 +43,7 @@ |
1094 |
+ #define __builtin_bswap16 _bswap16 |
1095 |
+ #endif |
1096 |
+ |
1097 |
++/* |
1098 |
++ * icc defines __GNUC__, but does not implement the builtin overflow checkers. |
1099 |
++ */ |
1100 |
++#undef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW |
1101 |
+diff --git a/include/linux/overflow.h b/include/linux/overflow.h |
1102 |
+new file mode 100644 |
1103 |
+index 000000000000..c8890ec358a7 |
1104 |
+--- /dev/null |
1105 |
++++ b/include/linux/overflow.h |
1106 |
+@@ -0,0 +1,205 @@ |
1107 |
++/* SPDX-License-Identifier: GPL-2.0 OR MIT */ |
1108 |
++#ifndef __LINUX_OVERFLOW_H |
1109 |
++#define __LINUX_OVERFLOW_H |
1110 |
++ |
1111 |
++#include <linux/compiler.h> |
1112 |
++ |
1113 |
++/* |
1114 |
++ * In the fallback code below, we need to compute the minimum and |
1115 |
++ * maximum values representable in a given type. These macros may also |
1116 |
++ * be useful elsewhere, so we provide them outside the |
1117 |
++ * COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW block. |
1118 |
++ * |
1119 |
++ * It would seem more obvious to do something like |
1120 |
++ * |
1121 |
++ * #define type_min(T) (T)(is_signed_type(T) ? (T)1 << (8*sizeof(T)-1) : 0) |
1122 |
++ * #define type_max(T) (T)(is_signed_type(T) ? ((T)1 << (8*sizeof(T)-1)) - 1 : ~(T)0) |
1123 |
++ * |
1124 |
++ * Unfortunately, the middle expressions, strictly speaking, have |
1125 |
++ * undefined behaviour, and at least some versions of gcc warn about |
1126 |
++ * the type_max expression (but not if -fsanitize=undefined is in |
1127 |
++ * effect; in that case, the warning is deferred to runtime...). |
1128 |
++ * |
1129 |
++ * The slightly excessive casting in type_min is to make sure the |
1130 |
++ * macros also produce sensible values for the exotic type _Bool. [The |
1131 |
++ * overflow checkers only almost work for _Bool, but that's |
1132 |
++ * a-feature-not-a-bug, since people shouldn't be doing arithmetic on |
1133 |
++ * _Bools. Besides, the gcc builtins don't allow _Bool* as third |
1134 |
++ * argument.] |
1135 |
++ * |
1136 |
++ * Idea stolen from |
1137 |
++ * https://mail-index.netbsd.org/tech-misc/2007/02/05/0000.html - |
1138 |
++ * credit to Christian Biere. |
1139 |
++ */ |
1140 |
++#define is_signed_type(type) (((type)(-1)) < (type)1) |
1141 |
++#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type))) |
1142 |
++#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T))) |
1143 |
++#define type_min(T) ((T)((T)-type_max(T)-(T)1)) |
1144 |
++ |
1145 |
++ |
1146 |
++#ifdef COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW |
1147 |
++/* |
1148 |
++ * For simplicity and code hygiene, the fallback code below insists on |
1149 |
++ * a, b and *d having the same type (similar to the min() and max() |
1150 |
++ * macros), whereas gcc's type-generic overflow checkers accept |
1151 |
++ * different types. Hence we don't just make check_add_overflow an |
1152 |
++ * alias for __builtin_add_overflow, but add type checks similar to |
1153 |
++ * below. |
1154 |
++ */ |
1155 |
++#define check_add_overflow(a, b, d) ({ \ |
1156 |
++ typeof(a) __a = (a); \ |
1157 |
++ typeof(b) __b = (b); \ |
1158 |
++ typeof(d) __d = (d); \ |
1159 |
++ (void) (&__a == &__b); \ |
1160 |
++ (void) (&__a == __d); \ |
1161 |
++ __builtin_add_overflow(__a, __b, __d); \ |
1162 |
++}) |
1163 |
++ |
1164 |
++#define check_sub_overflow(a, b, d) ({ \ |
1165 |
++ typeof(a) __a = (a); \ |
1166 |
++ typeof(b) __b = (b); \ |
1167 |
++ typeof(d) __d = (d); \ |
1168 |
++ (void) (&__a == &__b); \ |
1169 |
++ (void) (&__a == __d); \ |
1170 |
++ __builtin_sub_overflow(__a, __b, __d); \ |
1171 |
++}) |
1172 |
++ |
1173 |
++#define check_mul_overflow(a, b, d) ({ \ |
1174 |
++ typeof(a) __a = (a); \ |
1175 |
++ typeof(b) __b = (b); \ |
1176 |
++ typeof(d) __d = (d); \ |
1177 |
++ (void) (&__a == &__b); \ |
1178 |
++ (void) (&__a == __d); \ |
1179 |
++ __builtin_mul_overflow(__a, __b, __d); \ |
1180 |
++}) |
1181 |
++ |
1182 |
++#else |
1183 |
++ |
1184 |
++ |
1185 |
++/* Checking for unsigned overflow is relatively easy without causing UB. */ |
1186 |
++#define __unsigned_add_overflow(a, b, d) ({ \ |
1187 |
++ typeof(a) __a = (a); \ |
1188 |
++ typeof(b) __b = (b); \ |
1189 |
++ typeof(d) __d = (d); \ |
1190 |
++ (void) (&__a == &__b); \ |
1191 |
++ (void) (&__a == __d); \ |
1192 |
++ *__d = __a + __b; \ |
1193 |
++ *__d < __a; \ |
1194 |
++}) |
1195 |
++#define __unsigned_sub_overflow(a, b, d) ({ \ |
1196 |
++ typeof(a) __a = (a); \ |
1197 |
++ typeof(b) __b = (b); \ |
1198 |
++ typeof(d) __d = (d); \ |
1199 |
++ (void) (&__a == &__b); \ |
1200 |
++ (void) (&__a == __d); \ |
1201 |
++ *__d = __a - __b; \ |
1202 |
++ __a < __b; \ |
1203 |
++}) |
1204 |
++/* |
1205 |
++ * If one of a or b is a compile-time constant, this avoids a division. |
1206 |
++ */ |
1207 |
++#define __unsigned_mul_overflow(a, b, d) ({ \ |
1208 |
++ typeof(a) __a = (a); \ |
1209 |
++ typeof(b) __b = (b); \ |
1210 |
++ typeof(d) __d = (d); \ |
1211 |
++ (void) (&__a == &__b); \ |
1212 |
++ (void) (&__a == __d); \ |
1213 |
++ *__d = __a * __b; \ |
1214 |
++ __builtin_constant_p(__b) ? \ |
1215 |
++ __b > 0 && __a > type_max(typeof(__a)) / __b : \ |
1216 |
++ __a > 0 && __b > type_max(typeof(__b)) / __a; \ |
1217 |
++}) |
1218 |
++ |
1219 |
++/* |
1220 |
++ * For signed types, detecting overflow is much harder, especially if |
1221 |
++ * we want to avoid UB. But the interface of these macros is such that |
1222 |
++ * we must provide a result in *d, and in fact we must produce the |
1223 |
++ * result promised by gcc's builtins, which is simply the possibly |
1224 |
++ * wrapped-around value. Fortunately, we can just formally do the |
1225 |
++ * operations in the widest relevant unsigned type (u64) and then |
1226 |
++ * truncate the result - gcc is smart enough to generate the same code |
1227 |
++ * with and without the (u64) casts. |
1228 |
++ */ |
1229 |
++ |
1230 |
++/* |
1231 |
++ * Adding two signed integers can overflow only if they have the same |
1232 |
++ * sign, and overflow has happened iff the result has the opposite |
1233 |
++ * sign. |
1234 |
++ */ |
1235 |
++#define __signed_add_overflow(a, b, d) ({ \ |
1236 |
++ typeof(a) __a = (a); \ |
1237 |
++ typeof(b) __b = (b); \ |
1238 |
++ typeof(d) __d = (d); \ |
1239 |
++ (void) (&__a == &__b); \ |
1240 |
++ (void) (&__a == __d); \ |
1241 |
++ *__d = (u64)__a + (u64)__b; \ |
1242 |
++ (((~(__a ^ __b)) & (*__d ^ __a)) \ |
1243 |
++ & type_min(typeof(__a))) != 0; \ |
1244 |
++}) |
1245 |
++ |
1246 |
++/* |
1247 |
++ * Subtraction is similar, except that overflow can now happen only |
1248 |
++ * when the signs are opposite. In this case, overflow has happened if |
1249 |
++ * the result has the opposite sign of a. |
1250 |
++ */ |
1251 |
++#define __signed_sub_overflow(a, b, d) ({ \ |
1252 |
++ typeof(a) __a = (a); \ |
1253 |
++ typeof(b) __b = (b); \ |
1254 |
++ typeof(d) __d = (d); \ |
1255 |
++ (void) (&__a == &__b); \ |
1256 |
++ (void) (&__a == __d); \ |
1257 |
++ *__d = (u64)__a - (u64)__b; \ |
1258 |
++ ((((__a ^ __b)) & (*__d ^ __a)) \ |
1259 |
++ & type_min(typeof(__a))) != 0; \ |
1260 |
++}) |
1261 |
++ |
1262 |
++/* |
1263 |
++ * Signed multiplication is rather hard. gcc always follows C99, so |
1264 |
++ * division is truncated towards 0. This means that we can write the |
1265 |
++ * overflow check like this: |
1266 |
++ * |
1267 |
++ * (a > 0 && (b > MAX/a || b < MIN/a)) || |
1268 |
++ * (a < -1 && (b > MIN/a || b < MAX/a) || |
1269 |
++ * (a == -1 && b == MIN) |
1270 |
++ * |
1271 |
++ * The redundant casts of -1 are to silence an annoying -Wtype-limits |
1272 |
++ * (included in -Wextra) warning: When the type is u8 or u16, the |
1273 |
++ * __b_c_e in check_mul_overflow obviously selects |
1274 |
++ * __unsigned_mul_overflow, but unfortunately gcc still parses this |
1275 |
++ * code and warns about the limited range of __b. |
1276 |
++ */ |
1277 |
++ |
1278 |
++#define __signed_mul_overflow(a, b, d) ({ \ |
1279 |
++ typeof(a) __a = (a); \ |
1280 |
++ typeof(b) __b = (b); \ |
1281 |
++ typeof(d) __d = (d); \ |
1282 |
++ typeof(a) __tmax = type_max(typeof(a)); \ |
1283 |
++ typeof(a) __tmin = type_min(typeof(a)); \ |
1284 |
++ (void) (&__a == &__b); \ |
1285 |
++ (void) (&__a == __d); \ |
1286 |
++ *__d = (u64)__a * (u64)__b; \ |
1287 |
++ (__b > 0 && (__a > __tmax/__b || __a < __tmin/__b)) || \ |
1288 |
++ (__b < (typeof(__b))-1 && (__a > __tmin/__b || __a < __tmax/__b)) || \ |
1289 |
++ (__b == (typeof(__b))-1 && __a == __tmin); \ |
1290 |
++}) |
1291 |
++ |
1292 |
++ |
1293 |
++#define check_add_overflow(a, b, d) \ |
1294 |
++ __builtin_choose_expr(is_signed_type(typeof(a)), \ |
1295 |
++ __signed_add_overflow(a, b, d), \ |
1296 |
++ __unsigned_add_overflow(a, b, d)) |
1297 |
++ |
1298 |
++#define check_sub_overflow(a, b, d) \ |
1299 |
++ __builtin_choose_expr(is_signed_type(typeof(a)), \ |
1300 |
++ __signed_sub_overflow(a, b, d), \ |
1301 |
++ __unsigned_sub_overflow(a, b, d)) |
1302 |
++ |
1303 |
++#define check_mul_overflow(a, b, d) \ |
1304 |
++ __builtin_choose_expr(is_signed_type(typeof(a)), \ |
1305 |
++ __signed_mul_overflow(a, b, d), \ |
1306 |
++ __unsigned_mul_overflow(a, b, d)) |
1307 |
++ |
1308 |
++ |
1309 |
++#endif /* COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW */ |
1310 |
++ |
1311 |
++#endif /* __LINUX_OVERFLOW_H */ |
1312 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
1313 |
+index e90fe6b83e00..ed329a39d621 100644 |
1314 |
+--- a/include/linux/skbuff.h |
1315 |
++++ b/include/linux/skbuff.h |
1316 |
+@@ -2962,6 +2962,7 @@ int pskb_trim_rcsum_slow(struct sk_buff *skb, unsigned int len); |
1317 |
+ * |
1318 |
+ * This is exactly the same as pskb_trim except that it ensures the |
1319 |
+ * checksum of received packets are still valid after the operation. |
1320 |
++ * It can change skb pointers. |
1321 |
+ */ |
1322 |
+ |
1323 |
+ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len) |
1324 |
+diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h |
1325 |
+index a6446d72c5d9..a85028e06b1e 100644 |
1326 |
+--- a/include/net/ip_fib.h |
1327 |
++++ b/include/net/ip_fib.h |
1328 |
+@@ -242,7 +242,7 @@ int fib_table_insert(struct net *, struct fib_table *, struct fib_config *); |
1329 |
+ int fib_table_delete(struct net *, struct fib_table *, struct fib_config *); |
1330 |
+ int fib_table_dump(struct fib_table *table, struct sk_buff *skb, |
1331 |
+ struct netlink_callback *cb); |
1332 |
+-int fib_table_flush(struct net *net, struct fib_table *table); |
1333 |
++int fib_table_flush(struct net *net, struct fib_table *table, bool flush_all); |
1334 |
+ struct fib_table *fib_trie_unmerge(struct fib_table *main_tb); |
1335 |
+ void fib_table_flush_external(struct fib_table *table); |
1336 |
+ void fib_free_table(struct fib_table *tb); |
1337 |
+diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c |
1338 |
+index 8498e3503605..5b675695c661 100644 |
1339 |
+--- a/net/bridge/br_forward.c |
1340 |
++++ b/net/bridge/br_forward.c |
1341 |
+@@ -35,10 +35,10 @@ static inline int should_deliver(const struct net_bridge_port *p, |
1342 |
+ |
1343 |
+ int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) |
1344 |
+ { |
1345 |
++ skb_push(skb, ETH_HLEN); |
1346 |
+ if (!is_skb_forwardable(skb->dev, skb)) |
1347 |
+ goto drop; |
1348 |
+ |
1349 |
+- skb_push(skb, ETH_HLEN); |
1350 |
+ br_drop_fake_rtable(skb); |
1351 |
+ |
1352 |
+ if (skb->ip_summed == CHECKSUM_PARTIAL && |
1353 |
+@@ -96,12 +96,11 @@ static void __br_forward(const struct net_bridge_port *to, |
1354 |
+ net = dev_net(indev); |
1355 |
+ } else { |
1356 |
+ if (unlikely(netpoll_tx_running(to->br->dev))) { |
1357 |
+- if (!is_skb_forwardable(skb->dev, skb)) { |
1358 |
++ skb_push(skb, ETH_HLEN); |
1359 |
++ if (!is_skb_forwardable(skb->dev, skb)) |
1360 |
+ kfree_skb(skb); |
1361 |
+- } else { |
1362 |
+- skb_push(skb, ETH_HLEN); |
1363 |
++ else |
1364 |
+ br_netpoll_send_skb(to, skb); |
1365 |
+- } |
1366 |
+ return; |
1367 |
+ } |
1368 |
+ br_hook = NF_BR_LOCAL_OUT; |
1369 |
+diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c |
1370 |
+index 5989661c659f..a1b57cb07f1e 100644 |
1371 |
+--- a/net/bridge/br_netfilter_ipv6.c |
1372 |
++++ b/net/bridge/br_netfilter_ipv6.c |
1373 |
+@@ -131,6 +131,7 @@ int br_validate_ipv6(struct net *net, struct sk_buff *skb) |
1374 |
+ IPSTATS_MIB_INDISCARDS); |
1375 |
+ goto drop; |
1376 |
+ } |
1377 |
++ hdr = ipv6_hdr(skb); |
1378 |
+ } |
1379 |
+ if (hdr->nexthdr == NEXTHDR_HOP && br_nf_check_hbh_len(skb)) |
1380 |
+ goto drop; |
1381 |
+diff --git a/net/bridge/netfilter/nft_reject_bridge.c b/net/bridge/netfilter/nft_reject_bridge.c |
1382 |
+index 4b3df6b0e3b9..d94aaf7c7685 100644 |
1383 |
+--- a/net/bridge/netfilter/nft_reject_bridge.c |
1384 |
++++ b/net/bridge/netfilter/nft_reject_bridge.c |
1385 |
+@@ -236,6 +236,7 @@ static bool reject6_br_csum_ok(struct sk_buff *skb, int hook) |
1386 |
+ pskb_trim_rcsum(skb, ntohs(ip6h->payload_len) + sizeof(*ip6h))) |
1387 |
+ return false; |
1388 |
+ |
1389 |
++ ip6h = ipv6_hdr(skb); |
1390 |
+ thoff = ipv6_skip_exthdr(skb, ((u8*)(ip6h+1) - skb->data), &proto, &fo); |
1391 |
+ if (thoff < 0 || thoff >= skb->len || (fo & htons(~0x7)) != 0) |
1392 |
+ return false; |
1393 |
+diff --git a/net/can/bcm.c b/net/can/bcm.c |
1394 |
+index e4f694dfcf83..c99e7c75eeee 100644 |
1395 |
+--- a/net/can/bcm.c |
1396 |
++++ b/net/can/bcm.c |
1397 |
+@@ -67,6 +67,9 @@ |
1398 |
+ */ |
1399 |
+ #define MAX_NFRAMES 256 |
1400 |
+ |
1401 |
++/* limit timers to 400 days for sending/timeouts */ |
1402 |
++#define BCM_TIMER_SEC_MAX (400 * 24 * 60 * 60) |
1403 |
++ |
1404 |
+ /* use of last_frames[index].flags */ |
1405 |
+ #define RX_RECV 0x40 /* received data for this element */ |
1406 |
+ #define RX_THR 0x80 /* element not been sent due to throttle feature */ |
1407 |
+@@ -142,6 +145,22 @@ static inline ktime_t bcm_timeval_to_ktime(struct bcm_timeval tv) |
1408 |
+ return ktime_set(tv.tv_sec, tv.tv_usec * NSEC_PER_USEC); |
1409 |
+ } |
1410 |
+ |
1411 |
++/* check limitations for timeval provided by user */ |
1412 |
++static bool bcm_is_invalid_tv(struct bcm_msg_head *msg_head) |
1413 |
++{ |
1414 |
++ if ((msg_head->ival1.tv_sec < 0) || |
1415 |
++ (msg_head->ival1.tv_sec > BCM_TIMER_SEC_MAX) || |
1416 |
++ (msg_head->ival1.tv_usec < 0) || |
1417 |
++ (msg_head->ival1.tv_usec >= USEC_PER_SEC) || |
1418 |
++ (msg_head->ival2.tv_sec < 0) || |
1419 |
++ (msg_head->ival2.tv_sec > BCM_TIMER_SEC_MAX) || |
1420 |
++ (msg_head->ival2.tv_usec < 0) || |
1421 |
++ (msg_head->ival2.tv_usec >= USEC_PER_SEC)) |
1422 |
++ return true; |
1423 |
++ |
1424 |
++ return false; |
1425 |
++} |
1426 |
++ |
1427 |
+ #define CFSIZ(flags) ((flags & CAN_FD_FRAME) ? CANFD_MTU : CAN_MTU) |
1428 |
+ #define OPSIZ sizeof(struct bcm_op) |
1429 |
+ #define MHSIZ sizeof(struct bcm_msg_head) |
1430 |
+@@ -884,6 +903,10 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, |
1431 |
+ if (msg_head->nframes < 1 || msg_head->nframes > MAX_NFRAMES) |
1432 |
+ return -EINVAL; |
1433 |
+ |
1434 |
++ /* check timeval limitations */ |
1435 |
++ if ((msg_head->flags & SETTIMER) && bcm_is_invalid_tv(msg_head)) |
1436 |
++ return -EINVAL; |
1437 |
++ |
1438 |
+ /* check the given can_id */ |
1439 |
+ op = bcm_find_op(&bo->tx_ops, msg_head, ifindex); |
1440 |
+ if (op) { |
1441 |
+@@ -1063,6 +1086,10 @@ static int bcm_rx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, |
1442 |
+ (!(msg_head->can_id & CAN_RTR_FLAG)))) |
1443 |
+ return -EINVAL; |
1444 |
+ |
1445 |
++ /* check timeval limitations */ |
1446 |
++ if ((msg_head->flags & SETTIMER) && bcm_is_invalid_tv(msg_head)) |
1447 |
++ return -EINVAL; |
1448 |
++ |
1449 |
+ /* check the given can_id */ |
1450 |
+ op = bcm_find_op(&bo->rx_ops, msg_head, ifindex); |
1451 |
+ if (op) { |
1452 |
+diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c |
1453 |
+index 9364c39d0555..cbe3fdba4a2c 100644 |
1454 |
+--- a/net/ipv4/fib_frontend.c |
1455 |
++++ b/net/ipv4/fib_frontend.c |
1456 |
+@@ -193,7 +193,7 @@ static void fib_flush(struct net *net) |
1457 |
+ struct fib_table *tb; |
1458 |
+ |
1459 |
+ hlist_for_each_entry_safe(tb, tmp, head, tb_hlist) |
1460 |
+- flushed += fib_table_flush(net, tb); |
1461 |
++ flushed += fib_table_flush(net, tb, false); |
1462 |
+ } |
1463 |
+ |
1464 |
+ if (flushed) |
1465 |
+@@ -1277,7 +1277,7 @@ static void ip_fib_net_exit(struct net *net) |
1466 |
+ |
1467 |
+ hlist_for_each_entry_safe(tb, tmp, head, tb_hlist) { |
1468 |
+ hlist_del(&tb->tb_hlist); |
1469 |
+- fib_table_flush(net, tb); |
1470 |
++ fib_table_flush(net, tb, true); |
1471 |
+ fib_free_table(tb); |
1472 |
+ } |
1473 |
+ } |
1474 |
+diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c |
1475 |
+index ef40bb659a7a..36f0a8c581d0 100644 |
1476 |
+--- a/net/ipv4/fib_trie.c |
1477 |
++++ b/net/ipv4/fib_trie.c |
1478 |
+@@ -1826,7 +1826,7 @@ void fib_table_flush_external(struct fib_table *tb) |
1479 |
+ } |
1480 |
+ |
1481 |
+ /* Caller must hold RTNL. */ |
1482 |
+-int fib_table_flush(struct net *net, struct fib_table *tb) |
1483 |
++int fib_table_flush(struct net *net, struct fib_table *tb, bool flush_all) |
1484 |
+ { |
1485 |
+ struct trie *t = (struct trie *)tb->tb_data; |
1486 |
+ struct key_vector *pn = t->kv; |
1487 |
+@@ -1874,7 +1874,17 @@ int fib_table_flush(struct net *net, struct fib_table *tb) |
1488 |
+ hlist_for_each_entry_safe(fa, tmp, &n->leaf, fa_list) { |
1489 |
+ struct fib_info *fi = fa->fa_info; |
1490 |
+ |
1491 |
+- if (!fi || !(fi->fib_flags & RTNH_F_DEAD)) { |
1492 |
++ if (!fi || |
1493 |
++ (!(fi->fib_flags & RTNH_F_DEAD) && |
1494 |
++ !fib_props[fa->fa_type].error)) { |
1495 |
++ slen = fa->fa_slen; |
1496 |
++ continue; |
1497 |
++ } |
1498 |
++ |
1499 |
++ /* Do not flush error routes if network namespace is |
1500 |
++ * not being dismantled |
1501 |
++ */ |
1502 |
++ if (!flush_all && fib_props[fa->fa_type].error) { |
1503 |
+ slen = fa->fa_slen; |
1504 |
+ continue; |
1505 |
+ } |
1506 |
+diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c |
1507 |
+index 5a8c26c9872d..0fb49dedc9fb 100644 |
1508 |
+--- a/net/ipv4/inet_fragment.c |
1509 |
++++ b/net/ipv4/inet_fragment.c |
1510 |
+@@ -90,7 +90,7 @@ static void inet_frags_free_cb(void *ptr, void *arg) |
1511 |
+ |
1512 |
+ void inet_frags_exit_net(struct netns_frags *nf) |
1513 |
+ { |
1514 |
+- nf->low_thresh = 0; /* prevent creation of new frags */ |
1515 |
++ nf->high_thresh = 0; /* prevent creation of new frags */ |
1516 |
+ |
1517 |
+ rhashtable_free_and_destroy(&nf->rhashtable, inet_frags_free_cb, NULL); |
1518 |
+ } |
1519 |
+diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c |
1520 |
+index d6feabb03516..bcadca26523b 100644 |
1521 |
+--- a/net/ipv4/ip_input.c |
1522 |
++++ b/net/ipv4/ip_input.c |
1523 |
+@@ -475,6 +475,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, |
1524 |
+ goto drop; |
1525 |
+ } |
1526 |
+ |
1527 |
++ iph = ip_hdr(skb); |
1528 |
+ skb->transport_header = skb->network_header + iph->ihl*4; |
1529 |
+ |
1530 |
+ /* Remove any debris in the socket control block */ |
1531 |
+diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c |
1532 |
+index 326945d9be5f..3bd4d5d0c346 100644 |
1533 |
+--- a/net/openvswitch/flow_netlink.c |
1534 |
++++ b/net/openvswitch/flow_netlink.c |
1535 |
+@@ -409,7 +409,7 @@ static int __parse_flow_nlattrs(const struct nlattr *attr, |
1536 |
+ return -EINVAL; |
1537 |
+ } |
1538 |
+ |
1539 |
+- if (!nz || !is_all_zero(nla_data(nla), expected_len)) { |
1540 |
++ if (!nz || !is_all_zero(nla_data(nla), nla_len(nla))) { |
1541 |
+ attrs |= 1 << type; |
1542 |
+ a[type] = nla; |
1543 |
+ } |
1544 |
+diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c |
1545 |
+index ea13df1be067..912ed9b901ac 100644 |
1546 |
+--- a/net/sched/sch_api.c |
1547 |
++++ b/net/sched/sch_api.c |
1548 |
+@@ -1850,7 +1850,6 @@ done: |
1549 |
+ int tc_classify(struct sk_buff *skb, const struct tcf_proto *tp, |
1550 |
+ struct tcf_result *res, bool compat_mode) |
1551 |
+ { |
1552 |
+- __be16 protocol = tc_skb_protocol(skb); |
1553 |
+ #ifdef CONFIG_NET_CLS_ACT |
1554 |
+ const struct tcf_proto *old_tp = tp; |
1555 |
+ int limit = 0; |
1556 |
+@@ -1858,6 +1857,7 @@ int tc_classify(struct sk_buff *skb, const struct tcf_proto *tp, |
1557 |
+ reclassify: |
1558 |
+ #endif |
1559 |
+ for (; tp; tp = rcu_dereference_bh(tp->next)) { |
1560 |
++ __be16 protocol = tc_skb_protocol(skb); |
1561 |
+ int err; |
1562 |
+ |
1563 |
+ if (tp->protocol != protocol && |
1564 |
+@@ -1884,7 +1884,6 @@ reset: |
1565 |
+ } |
1566 |
+ |
1567 |
+ tp = old_tp; |
1568 |
+- protocol = tc_skb_protocol(skb); |
1569 |
+ goto reclassify; |
1570 |
+ #endif |
1571 |
+ } |
1572 |
+diff --git a/sound/soc/codecs/rt5514-spi.c b/sound/soc/codecs/rt5514-spi.c |
1573 |
+index 09103aab0cb2..7d410e39d1a0 100644 |
1574 |
+--- a/sound/soc/codecs/rt5514-spi.c |
1575 |
++++ b/sound/soc/codecs/rt5514-spi.c |
1576 |
+@@ -253,6 +253,8 @@ static int rt5514_spi_pcm_probe(struct snd_soc_platform *platform) |
1577 |
+ |
1578 |
+ rt5514_dsp = devm_kzalloc(platform->dev, sizeof(*rt5514_dsp), |
1579 |
+ GFP_KERNEL); |
1580 |
++ if (!rt5514_dsp) |
1581 |
++ return -ENOMEM; |
1582 |
+ |
1583 |
+ rt5514_dsp->dev = &rt5514_spi->dev; |
1584 |
+ mutex_init(&rt5514_dsp->dma_lock); |
1585 |
+diff --git a/sound/soc/intel/atom/sst-mfld-platform-pcm.c b/sound/soc/intel/atom/sst-mfld-platform-pcm.c |
1586 |
+index f5a8050351b5..e83e314a76a5 100644 |
1587 |
+--- a/sound/soc/intel/atom/sst-mfld-platform-pcm.c |
1588 |
++++ b/sound/soc/intel/atom/sst-mfld-platform-pcm.c |
1589 |
+@@ -399,7 +399,13 @@ static int sst_media_hw_params(struct snd_pcm_substream *substream, |
1590 |
+ struct snd_pcm_hw_params *params, |
1591 |
+ struct snd_soc_dai *dai) |
1592 |
+ { |
1593 |
+- snd_pcm_lib_malloc_pages(substream, params_buffer_bytes(params)); |
1594 |
++ int ret; |
1595 |
++ |
1596 |
++ ret = |
1597 |
++ snd_pcm_lib_malloc_pages(substream, |
1598 |
++ params_buffer_bytes(params)); |
1599 |
++ if (ret) |
1600 |
++ return ret; |
1601 |
+ memset(substream->runtime->dma_area, 0, params_buffer_bytes(params)); |
1602 |
+ return 0; |
1603 |
+ } |
1604 |
+diff --git a/tools/perf/util/unwind-libdw.c b/tools/perf/util/unwind-libdw.c |
1605 |
+index b46e1cf347e5..046a4850e3df 100644 |
1606 |
+--- a/tools/perf/util/unwind-libdw.c |
1607 |
++++ b/tools/perf/util/unwind-libdw.c |
1608 |
+@@ -42,13 +42,13 @@ static int __report_module(struct addr_location *al, u64 ip, |
1609 |
+ Dwarf_Addr s; |
1610 |
+ |
1611 |
+ dwfl_module_info(mod, NULL, &s, NULL, NULL, NULL, NULL, NULL); |
1612 |
+- if (s != al->map->start) |
1613 |
++ if (s != al->map->start - al->map->pgoff) |
1614 |
+ mod = 0; |
1615 |
+ } |
1616 |
+ |
1617 |
+ if (!mod) |
1618 |
+ mod = dwfl_report_elf(ui->dwfl, dso->short_name, |
1619 |
+- dso->long_name, -1, al->map->start, |
1620 |
++ (dso->symsrc_filename ? dso->symsrc_filename : dso->long_name), -1, al->map->start - al->map->pgoff, |
1621 |
+ false); |
1622 |
+ |
1623 |
+ return mod && dwfl_addrmodule(ui->dwfl, ip) == mod ? 0 : -1; |
1624 |
+diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c |
1625 |
+index 85a78eba0a93..874972ccfc95 100644 |
1626 |
+--- a/tools/testing/selftests/x86/protection_keys.c |
1627 |
++++ b/tools/testing/selftests/x86/protection_keys.c |
1628 |
+@@ -1129,6 +1129,21 @@ void test_pkey_syscalls_bad_args(int *ptr, u16 pkey) |
1629 |
+ pkey_assert(err); |
1630 |
+ } |
1631 |
+ |
1632 |
++void become_child(void) |
1633 |
++{ |
1634 |
++ pid_t forkret; |
1635 |
++ |
1636 |
++ forkret = fork(); |
1637 |
++ pkey_assert(forkret >= 0); |
1638 |
++ dprintf3("[%d] fork() ret: %d\n", getpid(), forkret); |
1639 |
++ |
1640 |
++ if (!forkret) { |
1641 |
++ /* in the child */ |
1642 |
++ return; |
1643 |
++ } |
1644 |
++ exit(0); |
1645 |
++} |
1646 |
++ |
1647 |
+ /* Assumes that all pkeys other than 'pkey' are unallocated */ |
1648 |
+ void test_pkey_alloc_exhaust(int *ptr, u16 pkey) |
1649 |
+ { |
1650 |
+@@ -1139,7 +1154,7 @@ void test_pkey_alloc_exhaust(int *ptr, u16 pkey) |
1651 |
+ int nr_allocated_pkeys = 0; |
1652 |
+ int i; |
1653 |
+ |
1654 |
+- for (i = 0; i < NR_PKEYS*2; i++) { |
1655 |
++ for (i = 0; i < NR_PKEYS*3; i++) { |
1656 |
+ int new_pkey; |
1657 |
+ dprintf1("%s() alloc loop: %d\n", __func__, i); |
1658 |
+ new_pkey = alloc_pkey(); |
1659 |
+@@ -1150,20 +1165,26 @@ void test_pkey_alloc_exhaust(int *ptr, u16 pkey) |
1660 |
+ if ((new_pkey == -1) && (errno == ENOSPC)) { |
1661 |
+ dprintf2("%s() failed to allocate pkey after %d tries\n", |
1662 |
+ __func__, nr_allocated_pkeys); |
1663 |
+- break; |
1664 |
++ } else { |
1665 |
++ /* |
1666 |
++ * Ensure the number of successes never |
1667 |
++ * exceeds the number of keys supported |
1668 |
++ * in the hardware. |
1669 |
++ */ |
1670 |
++ pkey_assert(nr_allocated_pkeys < NR_PKEYS); |
1671 |
++ allocated_pkeys[nr_allocated_pkeys++] = new_pkey; |
1672 |
+ } |
1673 |
+- pkey_assert(nr_allocated_pkeys < NR_PKEYS); |
1674 |
+- allocated_pkeys[nr_allocated_pkeys++] = new_pkey; |
1675 |
++ |
1676 |
++ /* |
1677 |
++ * Make sure that allocation state is properly |
1678 |
++ * preserved across fork(). |
1679 |
++ */ |
1680 |
++ if (i == NR_PKEYS*2) |
1681 |
++ become_child(); |
1682 |
+ } |
1683 |
+ |
1684 |
+ dprintf3("%s()::%d\n", __func__, __LINE__); |
1685 |
+ |
1686 |
+- /* |
1687 |
+- * ensure it did not reach the end of the loop without |
1688 |
+- * failure: |
1689 |
+- */ |
1690 |
+- pkey_assert(i < NR_PKEYS*2); |
1691 |
+- |
1692 |
+ /* |
1693 |
+ * There are 16 pkeys supported in hardware. One is taken |
1694 |
+ * up for the default (0) and another can be taken up by |