1 |
commit: 45b8c6fc82cd3910d7ebdc1532a9001f27b5ed55 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 23 11:30:09 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 23 11:30:09 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=45b8c6fc |
7 |
|
8 |
proj/linux-patches: Linux patch 4.14.95 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1094_linux-4.14.95.patch | 2077 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 2081 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 41aba45..e1a1f75 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -419,6 +419,10 @@ Patch: 1093_4.14.94.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.14.94 |
23 |
|
24 |
+Patch: 1094_4.14.95.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.14.95 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1094_linux-4.14.95.patch b/1094_linux-4.14.95.patch |
33 |
new file mode 100644 |
34 |
index 0000000..efaf68a |
35 |
--- /dev/null |
36 |
+++ b/1094_linux-4.14.95.patch |
37 |
@@ -0,0 +1,2077 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index e9a138dd964a..70cc37cb3e99 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 14 |
46 |
+-SUBLEVEL = 94 |
47 |
++SUBLEVEL = 95 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Petit Gorille |
50 |
+ |
51 |
+diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h |
52 |
+index 73cc4309fe01..1d6d980f80ac 100644 |
53 |
+--- a/arch/arm64/include/asm/kvm_arm.h |
54 |
++++ b/arch/arm64/include/asm/kvm_arm.h |
55 |
+@@ -23,6 +23,8 @@ |
56 |
+ #include <asm/types.h> |
57 |
+ |
58 |
+ /* Hyp Configuration Register (HCR) bits */ |
59 |
++#define HCR_API (UL(1) << 41) |
60 |
++#define HCR_APK (UL(1) << 40) |
61 |
+ #define HCR_E2H (UL(1) << 34) |
62 |
+ #define HCR_ID (UL(1) << 33) |
63 |
+ #define HCR_CD (UL(1) << 32) |
64 |
+@@ -82,6 +84,7 @@ |
65 |
+ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW) |
66 |
+ #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) |
67 |
+ #define HCR_INT_OVERRIDE (HCR_FMO | HCR_IMO) |
68 |
++#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK) |
69 |
+ #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) |
70 |
+ |
71 |
+ /* TCR_EL2 Registers bits */ |
72 |
+diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S |
73 |
+index 261f3f88364c..ec393275ba04 100644 |
74 |
+--- a/arch/arm64/kernel/head.S |
75 |
++++ b/arch/arm64/kernel/head.S |
76 |
+@@ -414,10 +414,9 @@ CPU_LE( bic x0, x0, #(1 << 25) ) // Clear the EE bit for EL2 |
77 |
+ #endif |
78 |
+ |
79 |
+ /* Hyp configuration. */ |
80 |
+- mov x0, #HCR_RW // 64-bit EL1 |
81 |
++ mov_q x0, HCR_HOST_NVHE_FLAGS |
82 |
+ cbz x2, set_hcr |
83 |
+- orr x0, x0, #HCR_TGE // Enable Host Extensions |
84 |
+- orr x0, x0, #HCR_E2H |
85 |
++ mov_q x0, HCR_HOST_VHE_FLAGS |
86 |
+ set_hcr: |
87 |
+ msr hcr_el2, x0 |
88 |
+ isb |
89 |
+diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c |
90 |
+index 47080c49cc7e..2bda224e8e71 100644 |
91 |
+--- a/arch/arm64/kernel/kaslr.c |
92 |
++++ b/arch/arm64/kernel/kaslr.c |
93 |
+@@ -14,6 +14,7 @@ |
94 |
+ #include <linux/sched.h> |
95 |
+ #include <linux/types.h> |
96 |
+ |
97 |
++#include <asm/cacheflush.h> |
98 |
+ #include <asm/fixmap.h> |
99 |
+ #include <asm/kernel-pgtable.h> |
100 |
+ #include <asm/memory.h> |
101 |
+@@ -43,7 +44,7 @@ static __init u64 get_kaslr_seed(void *fdt) |
102 |
+ return ret; |
103 |
+ } |
104 |
+ |
105 |
+-static __init const u8 *get_cmdline(void *fdt) |
106 |
++static __init const u8 *kaslr_get_cmdline(void *fdt) |
107 |
+ { |
108 |
+ static __initconst const u8 default_cmdline[] = CONFIG_CMDLINE; |
109 |
+ |
110 |
+@@ -109,7 +110,7 @@ u64 __init kaslr_early_init(u64 dt_phys) |
111 |
+ * Check if 'nokaslr' appears on the command line, and |
112 |
+ * return 0 if that is the case. |
113 |
+ */ |
114 |
+- cmdline = get_cmdline(fdt); |
115 |
++ cmdline = kaslr_get_cmdline(fdt); |
116 |
+ str = strstr(cmdline, "nokaslr"); |
117 |
+ if (str == cmdline || (str > cmdline && *(str - 1) == ' ')) |
118 |
+ return 0; |
119 |
+@@ -180,5 +181,8 @@ u64 __init kaslr_early_init(u64 dt_phys) |
120 |
+ module_alloc_base += (module_range * (seed & ((1 << 21) - 1))) >> 21; |
121 |
+ module_alloc_base &= PAGE_MASK; |
122 |
+ |
123 |
++ __flush_dcache_area(&module_alloc_base, sizeof(module_alloc_base)); |
124 |
++ __flush_dcache_area(&memstart_offset_seed, sizeof(memstart_offset_seed)); |
125 |
++ |
126 |
+ return offset; |
127 |
+ } |
128 |
+diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c |
129 |
+index b2f1992c6234..44845996b554 100644 |
130 |
+--- a/arch/arm64/kvm/hyp/switch.c |
131 |
++++ b/arch/arm64/kvm/hyp/switch.c |
132 |
+@@ -127,7 +127,7 @@ static void __hyp_text __deactivate_traps_nvhe(void) |
133 |
+ mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; |
134 |
+ |
135 |
+ write_sysreg(mdcr_el2, mdcr_el2); |
136 |
+- write_sysreg(HCR_RW, hcr_el2); |
137 |
++ write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2); |
138 |
+ write_sysreg(CPTR_EL2_DEFAULT, cptr_el2); |
139 |
+ } |
140 |
+ |
141 |
+diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig |
142 |
+index 23e3d3e0ee5b..ae4450e891ab 100644 |
143 |
+--- a/arch/mips/Kconfig |
144 |
++++ b/arch/mips/Kconfig |
145 |
+@@ -3153,6 +3153,7 @@ config MIPS32_O32 |
146 |
+ config MIPS32_N32 |
147 |
+ bool "Kernel support for n32 binaries" |
148 |
+ depends on 64BIT |
149 |
++ select ARCH_WANT_COMPAT_IPC_PARSE_VERSION |
150 |
+ select COMPAT |
151 |
+ select MIPS32_COMPAT |
152 |
+ select SYSVIPC_COMPAT if SYSVIPC |
153 |
+diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c |
154 |
+index f0bc3312ed11..c4ef1c31e0c4 100644 |
155 |
+--- a/arch/mips/lantiq/irq.c |
156 |
++++ b/arch/mips/lantiq/irq.c |
157 |
+@@ -224,9 +224,11 @@ static struct irq_chip ltq_eiu_type = { |
158 |
+ .irq_set_type = ltq_eiu_settype, |
159 |
+ }; |
160 |
+ |
161 |
+-static void ltq_hw_irqdispatch(int module) |
162 |
++static void ltq_hw_irq_handler(struct irq_desc *desc) |
163 |
+ { |
164 |
++ int module = irq_desc_get_irq(desc) - 2; |
165 |
+ u32 irq; |
166 |
++ int hwirq; |
167 |
+ |
168 |
+ irq = ltq_icu_r32(module, LTQ_ICU_IM0_IOSR); |
169 |
+ if (irq == 0) |
170 |
+@@ -237,7 +239,8 @@ static void ltq_hw_irqdispatch(int module) |
171 |
+ * other bits might be bogus |
172 |
+ */ |
173 |
+ irq = __fls(irq); |
174 |
+- do_IRQ((int)irq + MIPS_CPU_IRQ_CASCADE + (INT_NUM_IM_OFFSET * module)); |
175 |
++ hwirq = irq + MIPS_CPU_IRQ_CASCADE + (INT_NUM_IM_OFFSET * module); |
176 |
++ generic_handle_irq(irq_linear_revmap(ltq_domain, hwirq)); |
177 |
+ |
178 |
+ /* if this is a EBU irq, we need to ack it or get a deadlock */ |
179 |
+ if ((irq == LTQ_ICU_EBU_IRQ) && (module == 0) && LTQ_EBU_PCC_ISTAT) |
180 |
+@@ -245,49 +248,6 @@ static void ltq_hw_irqdispatch(int module) |
181 |
+ LTQ_EBU_PCC_ISTAT); |
182 |
+ } |
183 |
+ |
184 |
+-#define DEFINE_HWx_IRQDISPATCH(x) \ |
185 |
+- static void ltq_hw ## x ## _irqdispatch(void) \ |
186 |
+- { \ |
187 |
+- ltq_hw_irqdispatch(x); \ |
188 |
+- } |
189 |
+-DEFINE_HWx_IRQDISPATCH(0) |
190 |
+-DEFINE_HWx_IRQDISPATCH(1) |
191 |
+-DEFINE_HWx_IRQDISPATCH(2) |
192 |
+-DEFINE_HWx_IRQDISPATCH(3) |
193 |
+-DEFINE_HWx_IRQDISPATCH(4) |
194 |
+- |
195 |
+-#if MIPS_CPU_TIMER_IRQ == 7 |
196 |
+-static void ltq_hw5_irqdispatch(void) |
197 |
+-{ |
198 |
+- do_IRQ(MIPS_CPU_TIMER_IRQ); |
199 |
+-} |
200 |
+-#else |
201 |
+-DEFINE_HWx_IRQDISPATCH(5) |
202 |
+-#endif |
203 |
+- |
204 |
+-static void ltq_hw_irq_handler(struct irq_desc *desc) |
205 |
+-{ |
206 |
+- ltq_hw_irqdispatch(irq_desc_get_irq(desc) - 2); |
207 |
+-} |
208 |
+- |
209 |
+-asmlinkage void plat_irq_dispatch(void) |
210 |
+-{ |
211 |
+- unsigned int pending = read_c0_status() & read_c0_cause() & ST0_IM; |
212 |
+- int irq; |
213 |
+- |
214 |
+- if (!pending) { |
215 |
+- spurious_interrupt(); |
216 |
+- return; |
217 |
+- } |
218 |
+- |
219 |
+- pending >>= CAUSEB_IP; |
220 |
+- while (pending) { |
221 |
+- irq = fls(pending) - 1; |
222 |
+- do_IRQ(MIPS_CPU_IRQ_BASE + irq); |
223 |
+- pending &= ~BIT(irq); |
224 |
+- } |
225 |
+-} |
226 |
+- |
227 |
+ static int icu_map(struct irq_domain *d, unsigned int irq, irq_hw_number_t hw) |
228 |
+ { |
229 |
+ struct irq_chip *chip = <q_irq_type; |
230 |
+@@ -343,28 +303,10 @@ int __init icu_of_init(struct device_node *node, struct device_node *parent) |
231 |
+ for (i = 0; i < MAX_IM; i++) |
232 |
+ irq_set_chained_handler(i + 2, ltq_hw_irq_handler); |
233 |
+ |
234 |
+- if (cpu_has_vint) { |
235 |
+- pr_info("Setting up vectored interrupts\n"); |
236 |
+- set_vi_handler(2, ltq_hw0_irqdispatch); |
237 |
+- set_vi_handler(3, ltq_hw1_irqdispatch); |
238 |
+- set_vi_handler(4, ltq_hw2_irqdispatch); |
239 |
+- set_vi_handler(5, ltq_hw3_irqdispatch); |
240 |
+- set_vi_handler(6, ltq_hw4_irqdispatch); |
241 |
+- set_vi_handler(7, ltq_hw5_irqdispatch); |
242 |
+- } |
243 |
+- |
244 |
+ ltq_domain = irq_domain_add_linear(node, |
245 |
+ (MAX_IM * INT_NUM_IM_OFFSET) + MIPS_CPU_IRQ_CASCADE, |
246 |
+ &irq_domain_ops, 0); |
247 |
+ |
248 |
+-#ifndef CONFIG_MIPS_MT_SMP |
249 |
+- set_c0_status(IE_IRQ0 | IE_IRQ1 | IE_IRQ2 | |
250 |
+- IE_IRQ3 | IE_IRQ4 | IE_IRQ5); |
251 |
+-#else |
252 |
+- set_c0_status(IE_SW0 | IE_SW1 | IE_IRQ0 | IE_IRQ1 | |
253 |
+- IE_IRQ2 | IE_IRQ3 | IE_IRQ4 | IE_IRQ5); |
254 |
+-#endif |
255 |
+- |
256 |
+ /* tell oprofile which irq to use */ |
257 |
+ ltq_perfcount_irq = irq_create_mapping(ltq_domain, LTQ_PERF_IRQ); |
258 |
+ |
259 |
+diff --git a/arch/mips/pci/msi-octeon.c b/arch/mips/pci/msi-octeon.c |
260 |
+index 2a5bb849b10e..288b58b00dc8 100644 |
261 |
+--- a/arch/mips/pci/msi-octeon.c |
262 |
++++ b/arch/mips/pci/msi-octeon.c |
263 |
+@@ -369,7 +369,9 @@ int __init octeon_msi_initialize(void) |
264 |
+ int irq; |
265 |
+ struct irq_chip *msi; |
266 |
+ |
267 |
+- if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_PCIE) { |
268 |
++ if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_INVALID) { |
269 |
++ return 0; |
270 |
++ } else if (octeon_dma_bar_type == OCTEON_DMA_BAR_TYPE_PCIE) { |
271 |
+ msi_rcv_reg[0] = CVMX_PEXP_NPEI_MSI_RCV0; |
272 |
+ msi_rcv_reg[1] = CVMX_PEXP_NPEI_MSI_RCV1; |
273 |
+ msi_rcv_reg[2] = CVMX_PEXP_NPEI_MSI_RCV2; |
274 |
+diff --git a/crypto/authenc.c b/crypto/authenc.c |
275 |
+index 0db344d5a01a..053287dfad65 100644 |
276 |
+--- a/crypto/authenc.c |
277 |
++++ b/crypto/authenc.c |
278 |
+@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key, |
279 |
+ return -EINVAL; |
280 |
+ if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) |
281 |
+ return -EINVAL; |
282 |
+- if (RTA_PAYLOAD(rta) < sizeof(*param)) |
283 |
++ |
284 |
++ /* |
285 |
++ * RTA_OK() didn't align the rtattr's payload when validating that it |
286 |
++ * fits in the buffer. Yet, the keys should start on the next 4-byte |
287 |
++ * aligned boundary. To avoid confusion, require that the rtattr |
288 |
++ * payload be exactly the param struct, which has a 4-byte aligned size. |
289 |
++ */ |
290 |
++ if (RTA_PAYLOAD(rta) != sizeof(*param)) |
291 |
+ return -EINVAL; |
292 |
++ BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO); |
293 |
+ |
294 |
+ param = RTA_DATA(rta); |
295 |
+ keys->enckeylen = be32_to_cpu(param->enckeylen); |
296 |
+ |
297 |
+- key += RTA_ALIGN(rta->rta_len); |
298 |
+- keylen -= RTA_ALIGN(rta->rta_len); |
299 |
++ key += rta->rta_len; |
300 |
++ keylen -= rta->rta_len; |
301 |
+ |
302 |
+ if (keylen < keys->enckeylen) |
303 |
+ return -EINVAL; |
304 |
+diff --git a/crypto/authencesn.c b/crypto/authencesn.c |
305 |
+index 6de852ce4cf8..4ba4470deee1 100644 |
306 |
+--- a/crypto/authencesn.c |
307 |
++++ b/crypto/authencesn.c |
308 |
+@@ -279,7 +279,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq, |
309 |
+ struct aead_request *req = areq->data; |
310 |
+ |
311 |
+ err = err ?: crypto_authenc_esn_decrypt_tail(req, 0); |
312 |
+- aead_request_complete(req, err); |
313 |
++ authenc_esn_request_complete(req, err); |
314 |
+ } |
315 |
+ |
316 |
+ static int crypto_authenc_esn_decrypt(struct aead_request *req) |
317 |
+diff --git a/drivers/block/loop.c b/drivers/block/loop.c |
318 |
+index 6d61633a7f89..7910dd8b1d3a 100644 |
319 |
+--- a/drivers/block/loop.c |
320 |
++++ b/drivers/block/loop.c |
321 |
+@@ -81,7 +81,7 @@ |
322 |
+ #include <linux/uaccess.h> |
323 |
+ |
324 |
+ static DEFINE_IDR(loop_index_idr); |
325 |
+-static DEFINE_MUTEX(loop_index_mutex); |
326 |
++static DEFINE_MUTEX(loop_ctl_mutex); |
327 |
+ |
328 |
+ static int max_part; |
329 |
+ static int part_shift; |
330 |
+@@ -1018,7 +1018,7 @@ static int loop_clr_fd(struct loop_device *lo) |
331 |
+ */ |
332 |
+ if (atomic_read(&lo->lo_refcnt) > 1) { |
333 |
+ lo->lo_flags |= LO_FLAGS_AUTOCLEAR; |
334 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
335 |
++ mutex_unlock(&loop_ctl_mutex); |
336 |
+ return 0; |
337 |
+ } |
338 |
+ |
339 |
+@@ -1070,12 +1070,12 @@ static int loop_clr_fd(struct loop_device *lo) |
340 |
+ if (!part_shift) |
341 |
+ lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN; |
342 |
+ loop_unprepare_queue(lo); |
343 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
344 |
++ mutex_unlock(&loop_ctl_mutex); |
345 |
+ /* |
346 |
+- * Need not hold lo_ctl_mutex to fput backing file. |
347 |
+- * Calling fput holding lo_ctl_mutex triggers a circular |
348 |
++ * Need not hold loop_ctl_mutex to fput backing file. |
349 |
++ * Calling fput holding loop_ctl_mutex triggers a circular |
350 |
+ * lock dependency possibility warning as fput can take |
351 |
+- * bd_mutex which is usually taken before lo_ctl_mutex. |
352 |
++ * bd_mutex which is usually taken before loop_ctl_mutex. |
353 |
+ */ |
354 |
+ fput(filp); |
355 |
+ return 0; |
356 |
+@@ -1097,6 +1097,12 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) |
357 |
+ if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE) |
358 |
+ return -EINVAL; |
359 |
+ |
360 |
++ if (lo->lo_offset != info->lo_offset || |
361 |
++ lo->lo_sizelimit != info->lo_sizelimit) { |
362 |
++ sync_blockdev(lo->lo_device); |
363 |
++ kill_bdev(lo->lo_device); |
364 |
++ } |
365 |
++ |
366 |
+ /* I/O need to be drained during transfer transition */ |
367 |
+ blk_mq_freeze_queue(lo->lo_queue); |
368 |
+ |
369 |
+@@ -1125,6 +1131,14 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) |
370 |
+ |
371 |
+ if (lo->lo_offset != info->lo_offset || |
372 |
+ lo->lo_sizelimit != info->lo_sizelimit) { |
373 |
++ /* kill_bdev should have truncated all the pages */ |
374 |
++ if (lo->lo_device->bd_inode->i_mapping->nrpages) { |
375 |
++ err = -EAGAIN; |
376 |
++ pr_warn("%s: loop%d (%s) has still dirty pages (nrpages=%lu)\n", |
377 |
++ __func__, lo->lo_number, lo->lo_file_name, |
378 |
++ lo->lo_device->bd_inode->i_mapping->nrpages); |
379 |
++ goto exit; |
380 |
++ } |
381 |
+ if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit)) { |
382 |
+ err = -EFBIG; |
383 |
+ goto exit; |
384 |
+@@ -1175,12 +1189,12 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) |
385 |
+ static int |
386 |
+ loop_get_status(struct loop_device *lo, struct loop_info64 *info) |
387 |
+ { |
388 |
+- struct file *file; |
389 |
++ struct path path; |
390 |
+ struct kstat stat; |
391 |
+ int ret; |
392 |
+ |
393 |
+ if (lo->lo_state != Lo_bound) { |
394 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
395 |
++ mutex_unlock(&loop_ctl_mutex); |
396 |
+ return -ENXIO; |
397 |
+ } |
398 |
+ |
399 |
+@@ -1199,17 +1213,17 @@ loop_get_status(struct loop_device *lo, struct loop_info64 *info) |
400 |
+ lo->lo_encrypt_key_size); |
401 |
+ } |
402 |
+ |
403 |
+- /* Drop lo_ctl_mutex while we call into the filesystem. */ |
404 |
+- file = get_file(lo->lo_backing_file); |
405 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
406 |
+- ret = vfs_getattr(&file->f_path, &stat, STATX_INO, |
407 |
+- AT_STATX_SYNC_AS_STAT); |
408 |
++ /* Drop loop_ctl_mutex while we call into the filesystem. */ |
409 |
++ path = lo->lo_backing_file->f_path; |
410 |
++ path_get(&path); |
411 |
++ mutex_unlock(&loop_ctl_mutex); |
412 |
++ ret = vfs_getattr(&path, &stat, STATX_INO, AT_STATX_SYNC_AS_STAT); |
413 |
+ if (!ret) { |
414 |
+ info->lo_device = huge_encode_dev(stat.dev); |
415 |
+ info->lo_inode = stat.ino; |
416 |
+ info->lo_rdevice = huge_encode_dev(stat.rdev); |
417 |
+ } |
418 |
+- fput(file); |
419 |
++ path_put(&path); |
420 |
+ return ret; |
421 |
+ } |
422 |
+ |
423 |
+@@ -1294,7 +1308,7 @@ loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) { |
424 |
+ int err; |
425 |
+ |
426 |
+ if (!arg) { |
427 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
428 |
++ mutex_unlock(&loop_ctl_mutex); |
429 |
+ return -EINVAL; |
430 |
+ } |
431 |
+ err = loop_get_status(lo, &info64); |
432 |
+@@ -1312,7 +1326,7 @@ loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) { |
433 |
+ int err; |
434 |
+ |
435 |
+ if (!arg) { |
436 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
437 |
++ mutex_unlock(&loop_ctl_mutex); |
438 |
+ return -EINVAL; |
439 |
+ } |
440 |
+ err = loop_get_status(lo, &info64); |
441 |
+@@ -1346,22 +1360,39 @@ static int loop_set_dio(struct loop_device *lo, unsigned long arg) |
442 |
+ |
443 |
+ static int loop_set_block_size(struct loop_device *lo, unsigned long arg) |
444 |
+ { |
445 |
++ int err = 0; |
446 |
++ |
447 |
+ if (lo->lo_state != Lo_bound) |
448 |
+ return -ENXIO; |
449 |
+ |
450 |
+ if (arg < 512 || arg > PAGE_SIZE || !is_power_of_2(arg)) |
451 |
+ return -EINVAL; |
452 |
+ |
453 |
++ if (lo->lo_queue->limits.logical_block_size != arg) { |
454 |
++ sync_blockdev(lo->lo_device); |
455 |
++ kill_bdev(lo->lo_device); |
456 |
++ } |
457 |
++ |
458 |
+ blk_mq_freeze_queue(lo->lo_queue); |
459 |
+ |
460 |
++ /* kill_bdev should have truncated all the pages */ |
461 |
++ if (lo->lo_queue->limits.logical_block_size != arg && |
462 |
++ lo->lo_device->bd_inode->i_mapping->nrpages) { |
463 |
++ err = -EAGAIN; |
464 |
++ pr_warn("%s: loop%d (%s) has still dirty pages (nrpages=%lu)\n", |
465 |
++ __func__, lo->lo_number, lo->lo_file_name, |
466 |
++ lo->lo_device->bd_inode->i_mapping->nrpages); |
467 |
++ goto out_unfreeze; |
468 |
++ } |
469 |
++ |
470 |
+ blk_queue_logical_block_size(lo->lo_queue, arg); |
471 |
+ blk_queue_physical_block_size(lo->lo_queue, arg); |
472 |
+ blk_queue_io_min(lo->lo_queue, arg); |
473 |
+ loop_update_dio(lo); |
474 |
+- |
475 |
++out_unfreeze: |
476 |
+ blk_mq_unfreeze_queue(lo->lo_queue); |
477 |
+ |
478 |
+- return 0; |
479 |
++ return err; |
480 |
+ } |
481 |
+ |
482 |
+ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
483 |
+@@ -1370,7 +1401,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
484 |
+ struct loop_device *lo = bdev->bd_disk->private_data; |
485 |
+ int err; |
486 |
+ |
487 |
+- mutex_lock_nested(&lo->lo_ctl_mutex, 1); |
488 |
++ mutex_lock_nested(&loop_ctl_mutex, 1); |
489 |
+ switch (cmd) { |
490 |
+ case LOOP_SET_FD: |
491 |
+ err = loop_set_fd(lo, mode, bdev, arg); |
492 |
+@@ -1379,7 +1410,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
493 |
+ err = loop_change_fd(lo, bdev, arg); |
494 |
+ break; |
495 |
+ case LOOP_CLR_FD: |
496 |
+- /* loop_clr_fd would have unlocked lo_ctl_mutex on success */ |
497 |
++ /* loop_clr_fd would have unlocked loop_ctl_mutex on success */ |
498 |
+ err = loop_clr_fd(lo); |
499 |
+ if (!err) |
500 |
+ goto out_unlocked; |
501 |
+@@ -1392,7 +1423,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
502 |
+ break; |
503 |
+ case LOOP_GET_STATUS: |
504 |
+ err = loop_get_status_old(lo, (struct loop_info __user *) arg); |
505 |
+- /* loop_get_status() unlocks lo_ctl_mutex */ |
506 |
++ /* loop_get_status() unlocks loop_ctl_mutex */ |
507 |
+ goto out_unlocked; |
508 |
+ case LOOP_SET_STATUS64: |
509 |
+ err = -EPERM; |
510 |
+@@ -1402,7 +1433,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
511 |
+ break; |
512 |
+ case LOOP_GET_STATUS64: |
513 |
+ err = loop_get_status64(lo, (struct loop_info64 __user *) arg); |
514 |
+- /* loop_get_status() unlocks lo_ctl_mutex */ |
515 |
++ /* loop_get_status() unlocks loop_ctl_mutex */ |
516 |
+ goto out_unlocked; |
517 |
+ case LOOP_SET_CAPACITY: |
518 |
+ err = -EPERM; |
519 |
+@@ -1422,7 +1453,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, |
520 |
+ default: |
521 |
+ err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL; |
522 |
+ } |
523 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
524 |
++ mutex_unlock(&loop_ctl_mutex); |
525 |
+ |
526 |
+ out_unlocked: |
527 |
+ return err; |
528 |
+@@ -1539,7 +1570,7 @@ loop_get_status_compat(struct loop_device *lo, |
529 |
+ int err; |
530 |
+ |
531 |
+ if (!arg) { |
532 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
533 |
++ mutex_unlock(&loop_ctl_mutex); |
534 |
+ return -EINVAL; |
535 |
+ } |
536 |
+ err = loop_get_status(lo, &info64); |
537 |
+@@ -1556,16 +1587,16 @@ static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode, |
538 |
+ |
539 |
+ switch(cmd) { |
540 |
+ case LOOP_SET_STATUS: |
541 |
+- mutex_lock(&lo->lo_ctl_mutex); |
542 |
++ mutex_lock(&loop_ctl_mutex); |
543 |
+ err = loop_set_status_compat( |
544 |
+ lo, (const struct compat_loop_info __user *) arg); |
545 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
546 |
++ mutex_unlock(&loop_ctl_mutex); |
547 |
+ break; |
548 |
+ case LOOP_GET_STATUS: |
549 |
+- mutex_lock(&lo->lo_ctl_mutex); |
550 |
++ mutex_lock(&loop_ctl_mutex); |
551 |
+ err = loop_get_status_compat( |
552 |
+ lo, (struct compat_loop_info __user *) arg); |
553 |
+- /* loop_get_status() unlocks lo_ctl_mutex */ |
554 |
++ /* loop_get_status() unlocks loop_ctl_mutex */ |
555 |
+ break; |
556 |
+ case LOOP_SET_CAPACITY: |
557 |
+ case LOOP_CLR_FD: |
558 |
+@@ -1587,9 +1618,11 @@ static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode, |
559 |
+ static int lo_open(struct block_device *bdev, fmode_t mode) |
560 |
+ { |
561 |
+ struct loop_device *lo; |
562 |
+- int err = 0; |
563 |
++ int err; |
564 |
+ |
565 |
+- mutex_lock(&loop_index_mutex); |
566 |
++ err = mutex_lock_killable(&loop_ctl_mutex); |
567 |
++ if (err) |
568 |
++ return err; |
569 |
+ lo = bdev->bd_disk->private_data; |
570 |
+ if (!lo) { |
571 |
+ err = -ENXIO; |
572 |
+@@ -1598,18 +1631,20 @@ static int lo_open(struct block_device *bdev, fmode_t mode) |
573 |
+ |
574 |
+ atomic_inc(&lo->lo_refcnt); |
575 |
+ out: |
576 |
+- mutex_unlock(&loop_index_mutex); |
577 |
++ mutex_unlock(&loop_ctl_mutex); |
578 |
+ return err; |
579 |
+ } |
580 |
+ |
581 |
+-static void __lo_release(struct loop_device *lo) |
582 |
++static void lo_release(struct gendisk *disk, fmode_t mode) |
583 |
+ { |
584 |
++ struct loop_device *lo; |
585 |
+ int err; |
586 |
+ |
587 |
++ mutex_lock(&loop_ctl_mutex); |
588 |
++ lo = disk->private_data; |
589 |
+ if (atomic_dec_return(&lo->lo_refcnt)) |
590 |
+- return; |
591 |
++ goto out_unlock; |
592 |
+ |
593 |
+- mutex_lock(&lo->lo_ctl_mutex); |
594 |
+ if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) { |
595 |
+ /* |
596 |
+ * In autoclear mode, stop the loop thread |
597 |
+@@ -1627,14 +1662,8 @@ static void __lo_release(struct loop_device *lo) |
598 |
+ blk_mq_unfreeze_queue(lo->lo_queue); |
599 |
+ } |
600 |
+ |
601 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
602 |
+-} |
603 |
+- |
604 |
+-static void lo_release(struct gendisk *disk, fmode_t mode) |
605 |
+-{ |
606 |
+- mutex_lock(&loop_index_mutex); |
607 |
+- __lo_release(disk->private_data); |
608 |
+- mutex_unlock(&loop_index_mutex); |
609 |
++out_unlock: |
610 |
++ mutex_unlock(&loop_ctl_mutex); |
611 |
+ } |
612 |
+ |
613 |
+ static const struct block_device_operations lo_fops = { |
614 |
+@@ -1673,10 +1702,10 @@ static int unregister_transfer_cb(int id, void *ptr, void *data) |
615 |
+ struct loop_device *lo = ptr; |
616 |
+ struct loop_func_table *xfer = data; |
617 |
+ |
618 |
+- mutex_lock(&lo->lo_ctl_mutex); |
619 |
++ mutex_lock(&loop_ctl_mutex); |
620 |
+ if (lo->lo_encryption == xfer) |
621 |
+ loop_release_xfer(lo); |
622 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
623 |
++ mutex_unlock(&loop_ctl_mutex); |
624 |
+ return 0; |
625 |
+ } |
626 |
+ |
627 |
+@@ -1849,7 +1878,6 @@ static int loop_add(struct loop_device **l, int i) |
628 |
+ if (!part_shift) |
629 |
+ disk->flags |= GENHD_FL_NO_PART_SCAN; |
630 |
+ disk->flags |= GENHD_FL_EXT_DEVT; |
631 |
+- mutex_init(&lo->lo_ctl_mutex); |
632 |
+ atomic_set(&lo->lo_refcnt, 0); |
633 |
+ lo->lo_number = i; |
634 |
+ spin_lock_init(&lo->lo_lock); |
635 |
+@@ -1928,7 +1956,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data) |
636 |
+ struct kobject *kobj; |
637 |
+ int err; |
638 |
+ |
639 |
+- mutex_lock(&loop_index_mutex); |
640 |
++ mutex_lock(&loop_ctl_mutex); |
641 |
+ err = loop_lookup(&lo, MINOR(dev) >> part_shift); |
642 |
+ if (err < 0) |
643 |
+ err = loop_add(&lo, MINOR(dev) >> part_shift); |
644 |
+@@ -1936,7 +1964,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data) |
645 |
+ kobj = NULL; |
646 |
+ else |
647 |
+ kobj = get_disk(lo->lo_disk); |
648 |
+- mutex_unlock(&loop_index_mutex); |
649 |
++ mutex_unlock(&loop_ctl_mutex); |
650 |
+ |
651 |
+ *part = 0; |
652 |
+ return kobj; |
653 |
+@@ -1946,9 +1974,13 @@ static long loop_control_ioctl(struct file *file, unsigned int cmd, |
654 |
+ unsigned long parm) |
655 |
+ { |
656 |
+ struct loop_device *lo; |
657 |
+- int ret = -ENOSYS; |
658 |
++ int ret; |
659 |
++ |
660 |
++ ret = mutex_lock_killable(&loop_ctl_mutex); |
661 |
++ if (ret) |
662 |
++ return ret; |
663 |
+ |
664 |
+- mutex_lock(&loop_index_mutex); |
665 |
++ ret = -ENOSYS; |
666 |
+ switch (cmd) { |
667 |
+ case LOOP_CTL_ADD: |
668 |
+ ret = loop_lookup(&lo, parm); |
669 |
+@@ -1962,19 +1994,15 @@ static long loop_control_ioctl(struct file *file, unsigned int cmd, |
670 |
+ ret = loop_lookup(&lo, parm); |
671 |
+ if (ret < 0) |
672 |
+ break; |
673 |
+- mutex_lock(&lo->lo_ctl_mutex); |
674 |
+ if (lo->lo_state != Lo_unbound) { |
675 |
+ ret = -EBUSY; |
676 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
677 |
+ break; |
678 |
+ } |
679 |
+ if (atomic_read(&lo->lo_refcnt) > 0) { |
680 |
+ ret = -EBUSY; |
681 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
682 |
+ break; |
683 |
+ } |
684 |
+ lo->lo_disk->private_data = NULL; |
685 |
+- mutex_unlock(&lo->lo_ctl_mutex); |
686 |
+ idr_remove(&loop_index_idr, lo->lo_number); |
687 |
+ loop_remove(lo); |
688 |
+ break; |
689 |
+@@ -1984,7 +2012,7 @@ static long loop_control_ioctl(struct file *file, unsigned int cmd, |
690 |
+ break; |
691 |
+ ret = loop_add(&lo, -1); |
692 |
+ } |
693 |
+- mutex_unlock(&loop_index_mutex); |
694 |
++ mutex_unlock(&loop_ctl_mutex); |
695 |
+ |
696 |
+ return ret; |
697 |
+ } |
698 |
+@@ -2068,10 +2096,10 @@ static int __init loop_init(void) |
699 |
+ THIS_MODULE, loop_probe, NULL, NULL); |
700 |
+ |
701 |
+ /* pre-create number of devices given by config or max_loop */ |
702 |
+- mutex_lock(&loop_index_mutex); |
703 |
++ mutex_lock(&loop_ctl_mutex); |
704 |
+ for (i = 0; i < nr; i++) |
705 |
+ loop_add(&lo, i); |
706 |
+- mutex_unlock(&loop_index_mutex); |
707 |
++ mutex_unlock(&loop_ctl_mutex); |
708 |
+ |
709 |
+ printk(KERN_INFO "loop: module loaded\n"); |
710 |
+ return 0; |
711 |
+diff --git a/drivers/block/loop.h b/drivers/block/loop.h |
712 |
+index dfc54ceba410..b2251752452b 100644 |
713 |
+--- a/drivers/block/loop.h |
714 |
++++ b/drivers/block/loop.h |
715 |
+@@ -54,7 +54,6 @@ struct loop_device { |
716 |
+ |
717 |
+ spinlock_t lo_lock; |
718 |
+ int lo_state; |
719 |
+- struct mutex lo_ctl_mutex; |
720 |
+ struct kthread_worker worker; |
721 |
+ struct task_struct *worker_task; |
722 |
+ bool use_dio; |
723 |
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c |
724 |
+index fe1414df0f33..d32cd943dff2 100644 |
725 |
+--- a/drivers/block/nbd.c |
726 |
++++ b/drivers/block/nbd.c |
727 |
+@@ -275,9 +275,10 @@ static void nbd_size_update(struct nbd_device *nbd) |
728 |
+ blk_queue_physical_block_size(nbd->disk->queue, config->blksize); |
729 |
+ set_capacity(nbd->disk, config->bytesize >> 9); |
730 |
+ if (bdev) { |
731 |
+- if (bdev->bd_disk) |
732 |
++ if (bdev->bd_disk) { |
733 |
+ bd_set_size(bdev, config->bytesize); |
734 |
+- else |
735 |
++ set_blocksize(bdev, config->blksize); |
736 |
++ } else |
737 |
+ bdev->bd_invalidated = 1; |
738 |
+ bdput(bdev); |
739 |
+ } |
740 |
+diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig |
741 |
+index 143f8bc403b9..342bc777841c 100644 |
742 |
+--- a/drivers/crypto/Kconfig |
743 |
++++ b/drivers/crypto/Kconfig |
744 |
+@@ -679,6 +679,7 @@ config CRYPTO_DEV_BCM_SPU |
745 |
+ depends on ARCH_BCM_IPROC |
746 |
+ depends on MAILBOX |
747 |
+ default m |
748 |
++ select CRYPTO_AUTHENC |
749 |
+ select CRYPTO_DES |
750 |
+ select CRYPTO_MD5 |
751 |
+ select CRYPTO_SHA1 |
752 |
+diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c |
753 |
+index ee52c355bee0..b6be383a51a6 100644 |
754 |
+--- a/drivers/crypto/bcm/cipher.c |
755 |
++++ b/drivers/crypto/bcm/cipher.c |
756 |
+@@ -2846,44 +2846,28 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
757 |
+ struct spu_hw *spu = &iproc_priv.spu; |
758 |
+ struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher); |
759 |
+ struct crypto_tfm *tfm = crypto_aead_tfm(cipher); |
760 |
+- struct rtattr *rta = (void *)key; |
761 |
+- struct crypto_authenc_key_param *param; |
762 |
+- const u8 *origkey = key; |
763 |
+- const unsigned int origkeylen = keylen; |
764 |
+- |
765 |
+- int ret = 0; |
766 |
++ struct crypto_authenc_keys keys; |
767 |
++ int ret; |
768 |
+ |
769 |
+ flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key, |
770 |
+ keylen); |
771 |
+ flow_dump(" key: ", key, keylen); |
772 |
+ |
773 |
+- if (!RTA_OK(rta, keylen)) |
774 |
+- goto badkey; |
775 |
+- if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) |
776 |
+- goto badkey; |
777 |
+- if (RTA_PAYLOAD(rta) < sizeof(*param)) |
778 |
++ ret = crypto_authenc_extractkeys(&keys, key, keylen); |
779 |
++ if (ret) |
780 |
+ goto badkey; |
781 |
+ |
782 |
+- param = RTA_DATA(rta); |
783 |
+- ctx->enckeylen = be32_to_cpu(param->enckeylen); |
784 |
+- |
785 |
+- key += RTA_ALIGN(rta->rta_len); |
786 |
+- keylen -= RTA_ALIGN(rta->rta_len); |
787 |
+- |
788 |
+- if (keylen < ctx->enckeylen) |
789 |
+- goto badkey; |
790 |
+- if (ctx->enckeylen > MAX_KEY_SIZE) |
791 |
++ if (keys.enckeylen > MAX_KEY_SIZE || |
792 |
++ keys.authkeylen > MAX_KEY_SIZE) |
793 |
+ goto badkey; |
794 |
+ |
795 |
+- ctx->authkeylen = keylen - ctx->enckeylen; |
796 |
+- |
797 |
+- if (ctx->authkeylen > MAX_KEY_SIZE) |
798 |
+- goto badkey; |
799 |
++ ctx->enckeylen = keys.enckeylen; |
800 |
++ ctx->authkeylen = keys.authkeylen; |
801 |
+ |
802 |
+- memcpy(ctx->enckey, key + ctx->authkeylen, ctx->enckeylen); |
803 |
++ memcpy(ctx->enckey, keys.enckey, keys.enckeylen); |
804 |
+ /* May end up padding auth key. So make sure it's zeroed. */ |
805 |
+ memset(ctx->authkey, 0, sizeof(ctx->authkey)); |
806 |
+- memcpy(ctx->authkey, key, ctx->authkeylen); |
807 |
++ memcpy(ctx->authkey, keys.authkey, keys.authkeylen); |
808 |
+ |
809 |
+ switch (ctx->alg->cipher_info.alg) { |
810 |
+ case CIPHER_ALG_DES: |
811 |
+@@ -2891,7 +2875,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
812 |
+ u32 tmp[DES_EXPKEY_WORDS]; |
813 |
+ u32 flags = CRYPTO_TFM_RES_WEAK_KEY; |
814 |
+ |
815 |
+- if (des_ekey(tmp, key) == 0) { |
816 |
++ if (des_ekey(tmp, keys.enckey) == 0) { |
817 |
+ if (crypto_aead_get_flags(cipher) & |
818 |
+ CRYPTO_TFM_REQ_WEAK_KEY) { |
819 |
+ crypto_aead_set_flags(cipher, flags); |
820 |
+@@ -2906,7 +2890,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
821 |
+ break; |
822 |
+ case CIPHER_ALG_3DES: |
823 |
+ if (ctx->enckeylen == (DES_KEY_SIZE * 3)) { |
824 |
+- const u32 *K = (const u32 *)key; |
825 |
++ const u32 *K = (const u32 *)keys.enckey; |
826 |
+ u32 flags = CRYPTO_TFM_RES_BAD_KEY_SCHED; |
827 |
+ |
828 |
+ if (!((K[0] ^ K[2]) | (K[1] ^ K[3])) || |
829 |
+@@ -2957,9 +2941,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, |
830 |
+ ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK; |
831 |
+ ctx->fallback_cipher->base.crt_flags |= |
832 |
+ tfm->crt_flags & CRYPTO_TFM_REQ_MASK; |
833 |
+- ret = |
834 |
+- crypto_aead_setkey(ctx->fallback_cipher, origkey, |
835 |
+- origkeylen); |
836 |
++ ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen); |
837 |
+ if (ret) { |
838 |
+ flow_log(" fallback setkey() returned:%d\n", ret); |
839 |
+ tfm->crt_flags &= ~CRYPTO_TFM_RES_MASK; |
840 |
+diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c |
841 |
+index 698580b60b2f..8fa35bc75870 100644 |
842 |
+--- a/drivers/crypto/caam/caamhash.c |
843 |
++++ b/drivers/crypto/caam/caamhash.c |
844 |
+@@ -1109,13 +1109,16 @@ static int ahash_final_no_ctx(struct ahash_request *req) |
845 |
+ |
846 |
+ desc = edesc->hw_desc; |
847 |
+ |
848 |
+- state->buf_dma = dma_map_single(jrdev, buf, buflen, DMA_TO_DEVICE); |
849 |
+- if (dma_mapping_error(jrdev, state->buf_dma)) { |
850 |
+- dev_err(jrdev, "unable to map src\n"); |
851 |
+- goto unmap; |
852 |
+- } |
853 |
++ if (buflen) { |
854 |
++ state->buf_dma = dma_map_single(jrdev, buf, buflen, |
855 |
++ DMA_TO_DEVICE); |
856 |
++ if (dma_mapping_error(jrdev, state->buf_dma)) { |
857 |
++ dev_err(jrdev, "unable to map src\n"); |
858 |
++ goto unmap; |
859 |
++ } |
860 |
+ |
861 |
+- append_seq_in_ptr(desc, state->buf_dma, buflen, 0); |
862 |
++ append_seq_in_ptr(desc, state->buf_dma, buflen, 0); |
863 |
++ } |
864 |
+ |
865 |
+ edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, |
866 |
+ digestsize); |
867 |
+diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c |
868 |
+index 57e1b203cf36..4388f4e3840c 100644 |
869 |
+--- a/drivers/crypto/talitos.c |
870 |
++++ b/drivers/crypto/talitos.c |
871 |
+@@ -1347,23 +1347,18 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
872 |
+ struct talitos_private *priv = dev_get_drvdata(dev); |
873 |
+ bool is_sec1 = has_ftr_sec1(priv); |
874 |
+ int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN; |
875 |
+- void *err; |
876 |
+ |
877 |
+ if (cryptlen + authsize > max_len) { |
878 |
+ dev_err(dev, "length exceeds h/w max limit\n"); |
879 |
+ return ERR_PTR(-EINVAL); |
880 |
+ } |
881 |
+ |
882 |
+- if (ivsize) |
883 |
+- iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE); |
884 |
+- |
885 |
+ if (!dst || dst == src) { |
886 |
+ src_len = assoclen + cryptlen + authsize; |
887 |
+ src_nents = sg_nents_for_len(src, src_len); |
888 |
+ if (src_nents < 0) { |
889 |
+ dev_err(dev, "Invalid number of src SG.\n"); |
890 |
+- err = ERR_PTR(-EINVAL); |
891 |
+- goto error_sg; |
892 |
++ return ERR_PTR(-EINVAL); |
893 |
+ } |
894 |
+ src_nents = (src_nents == 1) ? 0 : src_nents; |
895 |
+ dst_nents = dst ? src_nents : 0; |
896 |
+@@ -1373,16 +1368,14 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
897 |
+ src_nents = sg_nents_for_len(src, src_len); |
898 |
+ if (src_nents < 0) { |
899 |
+ dev_err(dev, "Invalid number of src SG.\n"); |
900 |
+- err = ERR_PTR(-EINVAL); |
901 |
+- goto error_sg; |
902 |
++ return ERR_PTR(-EINVAL); |
903 |
+ } |
904 |
+ src_nents = (src_nents == 1) ? 0 : src_nents; |
905 |
+ dst_len = assoclen + cryptlen + (encrypt ? authsize : 0); |
906 |
+ dst_nents = sg_nents_for_len(dst, dst_len); |
907 |
+ if (dst_nents < 0) { |
908 |
+ dev_err(dev, "Invalid number of dst SG.\n"); |
909 |
+- err = ERR_PTR(-EINVAL); |
910 |
+- goto error_sg; |
911 |
++ return ERR_PTR(-EINVAL); |
912 |
+ } |
913 |
+ dst_nents = (dst_nents == 1) ? 0 : dst_nents; |
914 |
+ } |
915 |
+@@ -1405,12 +1398,14 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
916 |
+ dma_len = 0; |
917 |
+ alloc_len += icv_stashing ? authsize : 0; |
918 |
+ } |
919 |
++ alloc_len += ivsize; |
920 |
+ |
921 |
+ edesc = kmalloc(alloc_len, GFP_DMA | flags); |
922 |
+- if (!edesc) { |
923 |
+- dev_err(dev, "could not allocate edescriptor\n"); |
924 |
+- err = ERR_PTR(-ENOMEM); |
925 |
+- goto error_sg; |
926 |
++ if (!edesc) |
927 |
++ return ERR_PTR(-ENOMEM); |
928 |
++ if (ivsize) { |
929 |
++ iv = memcpy(((u8 *)edesc) + alloc_len - ivsize, iv, ivsize); |
930 |
++ iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE); |
931 |
+ } |
932 |
+ |
933 |
+ edesc->src_nents = src_nents; |
934 |
+@@ -1423,10 +1418,6 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, |
935 |
+ DMA_BIDIRECTIONAL); |
936 |
+ |
937 |
+ return edesc; |
938 |
+-error_sg: |
939 |
+- if (iv_dma) |
940 |
+- dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE); |
941 |
+- return err; |
942 |
+ } |
943 |
+ |
944 |
+ static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv, |
945 |
+diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c |
946 |
+index ad6812baa611..f1259a0c2883 100644 |
947 |
+--- a/drivers/gpu/drm/drm_fb_helper.c |
948 |
++++ b/drivers/gpu/drm/drm_fb_helper.c |
949 |
+@@ -1578,9 +1578,14 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var, |
950 |
+ struct drm_fb_helper *fb_helper = info->par; |
951 |
+ struct drm_framebuffer *fb = fb_helper->fb; |
952 |
+ |
953 |
+- if (var->pixclock != 0 || in_dbg_master()) |
954 |
++ if (in_dbg_master()) |
955 |
+ return -EINVAL; |
956 |
+ |
957 |
++ if (var->pixclock != 0) { |
958 |
++ DRM_DEBUG("fbdev emulation doesn't support changing the pixel clock, value of pixclock is ignored\n"); |
959 |
++ var->pixclock = 0; |
960 |
++ } |
961 |
++ |
962 |
+ /* |
963 |
+ * Changes struct fb_var_screeninfo are currently not pushed back |
964 |
+ * to KMS, hence fail if different settings are requested. |
965 |
+diff --git a/drivers/media/platform/vivid/vivid-kthread-cap.c b/drivers/media/platform/vivid/vivid-kthread-cap.c |
966 |
+index 6ca71aabb576..d300e5e7eadc 100644 |
967 |
+--- a/drivers/media/platform/vivid/vivid-kthread-cap.c |
968 |
++++ b/drivers/media/platform/vivid/vivid-kthread-cap.c |
969 |
+@@ -877,8 +877,11 @@ int vivid_start_generating_vid_cap(struct vivid_dev *dev, bool *pstreaming) |
970 |
+ "%s-vid-cap", dev->v4l2_dev.name); |
971 |
+ |
972 |
+ if (IS_ERR(dev->kthread_vid_cap)) { |
973 |
++ int err = PTR_ERR(dev->kthread_vid_cap); |
974 |
++ |
975 |
++ dev->kthread_vid_cap = NULL; |
976 |
+ v4l2_err(&dev->v4l2_dev, "kernel_thread() failed\n"); |
977 |
+- return PTR_ERR(dev->kthread_vid_cap); |
978 |
++ return err; |
979 |
+ } |
980 |
+ *pstreaming = true; |
981 |
+ vivid_grab_controls(dev, true); |
982 |
+diff --git a/drivers/media/platform/vivid/vivid-kthread-out.c b/drivers/media/platform/vivid/vivid-kthread-out.c |
983 |
+index 98eed5889bc1..7c8d75852816 100644 |
984 |
+--- a/drivers/media/platform/vivid/vivid-kthread-out.c |
985 |
++++ b/drivers/media/platform/vivid/vivid-kthread-out.c |
986 |
+@@ -248,8 +248,11 @@ int vivid_start_generating_vid_out(struct vivid_dev *dev, bool *pstreaming) |
987 |
+ "%s-vid-out", dev->v4l2_dev.name); |
988 |
+ |
989 |
+ if (IS_ERR(dev->kthread_vid_out)) { |
990 |
++ int err = PTR_ERR(dev->kthread_vid_out); |
991 |
++ |
992 |
++ dev->kthread_vid_out = NULL; |
993 |
+ v4l2_err(&dev->v4l2_dev, "kernel_thread() failed\n"); |
994 |
+- return PTR_ERR(dev->kthread_vid_out); |
995 |
++ return err; |
996 |
+ } |
997 |
+ *pstreaming = true; |
998 |
+ vivid_grab_controls(dev, true); |
999 |
+diff --git a/drivers/media/platform/vivid/vivid-vid-common.c b/drivers/media/platform/vivid/vivid-vid-common.c |
1000 |
+index 6f6d4df1e8a8..11b014bbacd8 100644 |
1001 |
+--- a/drivers/media/platform/vivid/vivid-vid-common.c |
1002 |
++++ b/drivers/media/platform/vivid/vivid-vid-common.c |
1003 |
+@@ -33,7 +33,7 @@ const struct v4l2_dv_timings_cap vivid_dv_timings_cap = { |
1004 |
+ .type = V4L2_DV_BT_656_1120, |
1005 |
+ /* keep this initialization for compatibility with GCC < 4.4.6 */ |
1006 |
+ .reserved = { 0 }, |
1007 |
+- V4L2_INIT_BT_TIMINGS(0, MAX_WIDTH, 0, MAX_HEIGHT, 14000000, 775000000, |
1008 |
++ V4L2_INIT_BT_TIMINGS(16, MAX_WIDTH, 16, MAX_HEIGHT, 14000000, 775000000, |
1009 |
+ V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT | |
1010 |
+ V4L2_DV_BT_STD_CVT | V4L2_DV_BT_STD_GTF, |
1011 |
+ V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_INTERLACED) |
1012 |
+diff --git a/drivers/media/usb/em28xx/em28xx-video.c b/drivers/media/usb/em28xx/em28xx-video.c |
1013 |
+index 92a74bc34527..bd8de78e0ffd 100644 |
1014 |
+--- a/drivers/media/usb/em28xx/em28xx-video.c |
1015 |
++++ b/drivers/media/usb/em28xx/em28xx-video.c |
1016 |
+@@ -900,8 +900,6 @@ static int em28xx_enable_analog_tuner(struct em28xx *dev) |
1017 |
+ if (!mdev || !v4l2->decoder) |
1018 |
+ return 0; |
1019 |
+ |
1020 |
+- dev->v4l2->field_count = 0; |
1021 |
+- |
1022 |
+ /* |
1023 |
+ * This will find the tuner that is connected into the decoder. |
1024 |
+ * Technically, this is not 100% correct, as the device may be |
1025 |
+@@ -1074,6 +1072,8 @@ int em28xx_start_analog_streaming(struct vb2_queue *vq, unsigned int count) |
1026 |
+ |
1027 |
+ em28xx_videodbg("%s\n", __func__); |
1028 |
+ |
1029 |
++ dev->v4l2->field_count = 0; |
1030 |
++ |
1031 |
+ /* Make sure streaming is not already in progress for this type |
1032 |
+ of filehandle (e.g. video, vbi) */ |
1033 |
+ rc = res_get(dev, vq->type); |
1034 |
+diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c |
1035 |
+index d06941cc6a55..f1ef4e97238e 100644 |
1036 |
+--- a/drivers/media/v4l2-core/v4l2-ioctl.c |
1037 |
++++ b/drivers/media/v4l2-core/v4l2-ioctl.c |
1038 |
+@@ -249,6 +249,7 @@ static void v4l_print_format(const void *arg, bool write_only) |
1039 |
+ const struct v4l2_window *win; |
1040 |
+ const struct v4l2_sdr_format *sdr; |
1041 |
+ const struct v4l2_meta_format *meta; |
1042 |
++ u32 planes; |
1043 |
+ unsigned i; |
1044 |
+ |
1045 |
+ pr_cont("type=%s", prt_names(p->type, v4l2_type_names)); |
1046 |
+@@ -279,7 +280,8 @@ static void v4l_print_format(const void *arg, bool write_only) |
1047 |
+ prt_names(mp->field, v4l2_field_names), |
1048 |
+ mp->colorspace, mp->num_planes, mp->flags, |
1049 |
+ mp->ycbcr_enc, mp->quantization, mp->xfer_func); |
1050 |
+- for (i = 0; i < mp->num_planes; i++) |
1051 |
++ planes = min_t(u32, mp->num_planes, VIDEO_MAX_PLANES); |
1052 |
++ for (i = 0; i < planes; i++) |
1053 |
+ printk(KERN_DEBUG "plane %u: bytesperline=%u sizeimage=%u\n", i, |
1054 |
+ mp->plane_fmt[i].bytesperline, |
1055 |
+ mp->plane_fmt[i].sizeimage); |
1056 |
+diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c |
1057 |
+index 43522a09b11d..f1725da2a90d 100644 |
1058 |
+--- a/drivers/media/v4l2-core/videobuf2-core.c |
1059 |
++++ b/drivers/media/v4l2-core/videobuf2-core.c |
1060 |
+@@ -1925,9 +1925,13 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma) |
1061 |
+ return -EINVAL; |
1062 |
+ } |
1063 |
+ } |
1064 |
++ |
1065 |
++ mutex_lock(&q->mmap_lock); |
1066 |
++ |
1067 |
+ if (vb2_fileio_is_active(q)) { |
1068 |
+ dprintk(1, "mmap: file io in progress\n"); |
1069 |
+- return -EBUSY; |
1070 |
++ ret = -EBUSY; |
1071 |
++ goto unlock; |
1072 |
+ } |
1073 |
+ |
1074 |
+ /* |
1075 |
+@@ -1935,7 +1939,7 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma) |
1076 |
+ */ |
1077 |
+ ret = __find_plane_by_offset(q, off, &buffer, &plane); |
1078 |
+ if (ret) |
1079 |
+- return ret; |
1080 |
++ goto unlock; |
1081 |
+ |
1082 |
+ vb = q->bufs[buffer]; |
1083 |
+ |
1084 |
+@@ -1948,11 +1952,13 @@ int vb2_mmap(struct vb2_queue *q, struct vm_area_struct *vma) |
1085 |
+ if (length < (vma->vm_end - vma->vm_start)) { |
1086 |
+ dprintk(1, |
1087 |
+ "MMAP invalid, as it would overflow buffer length\n"); |
1088 |
+- return -EINVAL; |
1089 |
++ ret = -EINVAL; |
1090 |
++ goto unlock; |
1091 |
+ } |
1092 |
+ |
1093 |
+- mutex_lock(&q->mmap_lock); |
1094 |
+ ret = call_memop(vb, mmap, vb->planes[plane].mem_priv, vma); |
1095 |
++ |
1096 |
++unlock: |
1097 |
+ mutex_unlock(&q->mmap_lock); |
1098 |
+ if (ret) |
1099 |
+ return ret; |
1100 |
+diff --git a/drivers/mfd/tps6586x.c b/drivers/mfd/tps6586x.c |
1101 |
+index 5628a6b5b19b..c5c320efc7b4 100644 |
1102 |
+--- a/drivers/mfd/tps6586x.c |
1103 |
++++ b/drivers/mfd/tps6586x.c |
1104 |
+@@ -594,6 +594,29 @@ static int tps6586x_i2c_remove(struct i2c_client *client) |
1105 |
+ return 0; |
1106 |
+ } |
1107 |
+ |
1108 |
++static int __maybe_unused tps6586x_i2c_suspend(struct device *dev) |
1109 |
++{ |
1110 |
++ struct tps6586x *tps6586x = dev_get_drvdata(dev); |
1111 |
++ |
1112 |
++ if (tps6586x->client->irq) |
1113 |
++ disable_irq(tps6586x->client->irq); |
1114 |
++ |
1115 |
++ return 0; |
1116 |
++} |
1117 |
++ |
1118 |
++static int __maybe_unused tps6586x_i2c_resume(struct device *dev) |
1119 |
++{ |
1120 |
++ struct tps6586x *tps6586x = dev_get_drvdata(dev); |
1121 |
++ |
1122 |
++ if (tps6586x->client->irq) |
1123 |
++ enable_irq(tps6586x->client->irq); |
1124 |
++ |
1125 |
++ return 0; |
1126 |
++} |
1127 |
++ |
1128 |
++static SIMPLE_DEV_PM_OPS(tps6586x_pm_ops, tps6586x_i2c_suspend, |
1129 |
++ tps6586x_i2c_resume); |
1130 |
++ |
1131 |
+ static const struct i2c_device_id tps6586x_id_table[] = { |
1132 |
+ { "tps6586x", 0 }, |
1133 |
+ { }, |
1134 |
+@@ -604,6 +627,7 @@ static struct i2c_driver tps6586x_driver = { |
1135 |
+ .driver = { |
1136 |
+ .name = "tps6586x", |
1137 |
+ .of_match_table = of_match_ptr(tps6586x_of_match), |
1138 |
++ .pm = &tps6586x_pm_ops, |
1139 |
+ }, |
1140 |
+ .probe = tps6586x_i2c_probe, |
1141 |
+ .remove = tps6586x_i2c_remove, |
1142 |
+diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c |
1143 |
+index 92c483ec6cb2..192844b50c69 100644 |
1144 |
+--- a/drivers/mmc/host/sdhci-msm.c |
1145 |
++++ b/drivers/mmc/host/sdhci-msm.c |
1146 |
+@@ -138,6 +138,8 @@ struct sdhci_msm_host { |
1147 |
+ bool calibration_done; |
1148 |
+ u8 saved_tuning_phase; |
1149 |
+ bool use_cdclp533; |
1150 |
++ bool use_cdr; |
1151 |
++ u32 transfer_mode; |
1152 |
+ }; |
1153 |
+ |
1154 |
+ static unsigned int msm_get_clock_rate_for_bus_mode(struct sdhci_host *host, |
1155 |
+@@ -815,6 +817,23 @@ out: |
1156 |
+ return ret; |
1157 |
+ } |
1158 |
+ |
1159 |
++static void sdhci_msm_set_cdr(struct sdhci_host *host, bool enable) |
1160 |
++{ |
1161 |
++ u32 config, oldconfig = readl_relaxed(host->ioaddr + CORE_DLL_CONFIG); |
1162 |
++ |
1163 |
++ config = oldconfig; |
1164 |
++ if (enable) { |
1165 |
++ config |= CORE_CDR_EN; |
1166 |
++ config &= ~CORE_CDR_EXT_EN; |
1167 |
++ } else { |
1168 |
++ config &= ~CORE_CDR_EN; |
1169 |
++ config |= CORE_CDR_EXT_EN; |
1170 |
++ } |
1171 |
++ |
1172 |
++ if (config != oldconfig) |
1173 |
++ writel_relaxed(config, host->ioaddr + CORE_DLL_CONFIG); |
1174 |
++} |
1175 |
++ |
1176 |
+ static int sdhci_msm_execute_tuning(struct mmc_host *mmc, u32 opcode) |
1177 |
+ { |
1178 |
+ struct sdhci_host *host = mmc_priv(mmc); |
1179 |
+@@ -832,8 +851,14 @@ static int sdhci_msm_execute_tuning(struct mmc_host *mmc, u32 opcode) |
1180 |
+ if (host->clock <= CORE_FREQ_100MHZ || |
1181 |
+ !(ios.timing == MMC_TIMING_MMC_HS400 || |
1182 |
+ ios.timing == MMC_TIMING_MMC_HS200 || |
1183 |
+- ios.timing == MMC_TIMING_UHS_SDR104)) |
1184 |
++ ios.timing == MMC_TIMING_UHS_SDR104)) { |
1185 |
++ msm_host->use_cdr = false; |
1186 |
++ sdhci_msm_set_cdr(host, false); |
1187 |
+ return 0; |
1188 |
++ } |
1189 |
++ |
1190 |
++ /* Clock-Data-Recovery used to dynamically adjust RX sampling point */ |
1191 |
++ msm_host->use_cdr = true; |
1192 |
+ |
1193 |
+ /* |
1194 |
+ * For HS400 tuning in HS200 timing requires: |
1195 |
+@@ -1092,6 +1117,29 @@ out: |
1196 |
+ __sdhci_msm_set_clock(host, clock); |
1197 |
+ } |
1198 |
+ |
1199 |
++static void sdhci_msm_write_w(struct sdhci_host *host, u16 val, int reg) |
1200 |
++{ |
1201 |
++ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); |
1202 |
++ struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); |
1203 |
++ |
1204 |
++ switch (reg) { |
1205 |
++ case SDHCI_TRANSFER_MODE: |
1206 |
++ msm_host->transfer_mode = val; |
1207 |
++ break; |
1208 |
++ case SDHCI_COMMAND: |
1209 |
++ if (!msm_host->use_cdr) |
1210 |
++ break; |
1211 |
++ if ((msm_host->transfer_mode & SDHCI_TRNS_READ) && |
1212 |
++ (SDHCI_GET_CMD(val) != MMC_SEND_TUNING_BLOCK_HS200) && |
1213 |
++ (SDHCI_GET_CMD(val) != MMC_SEND_TUNING_BLOCK)) |
1214 |
++ sdhci_msm_set_cdr(host, true); |
1215 |
++ else |
1216 |
++ sdhci_msm_set_cdr(host, false); |
1217 |
++ break; |
1218 |
++ } |
1219 |
++ writew(val, host->ioaddr + reg); |
1220 |
++} |
1221 |
++ |
1222 |
+ static const struct of_device_id sdhci_msm_dt_match[] = { |
1223 |
+ { .compatible = "qcom,sdhci-msm-v4" }, |
1224 |
+ {}, |
1225 |
+@@ -1107,6 +1155,7 @@ static const struct sdhci_ops sdhci_msm_ops = { |
1226 |
+ .set_bus_width = sdhci_set_bus_width, |
1227 |
+ .set_uhs_signaling = sdhci_msm_set_uhs_signaling, |
1228 |
+ .voltage_switch = sdhci_msm_voltage_switch, |
1229 |
++ .write_w = sdhci_msm_write_w, |
1230 |
+ }; |
1231 |
+ |
1232 |
+ static const struct sdhci_pltfm_data sdhci_msm_pdata = { |
1233 |
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
1234 |
+index cf64a365362b..65c5a65af0ba 100644 |
1235 |
+--- a/drivers/net/bonding/bond_main.c |
1236 |
++++ b/drivers/net/bonding/bond_main.c |
1237 |
+@@ -1928,6 +1928,9 @@ static int __bond_release_one(struct net_device *bond_dev, |
1238 |
+ if (!bond_has_slaves(bond)) { |
1239 |
+ bond_set_carrier(bond); |
1240 |
+ eth_hw_addr_random(bond_dev); |
1241 |
++ bond->nest_level = SINGLE_DEPTH_NESTING; |
1242 |
++ } else { |
1243 |
++ bond->nest_level = dev_get_nest_level(bond_dev) + 1; |
1244 |
+ } |
1245 |
+ |
1246 |
+ unblock_netpoll_tx(); |
1247 |
+diff --git a/drivers/of/property.c b/drivers/of/property.c |
1248 |
+index 264c355ba1ff..fd9b734fff33 100644 |
1249 |
+--- a/drivers/of/property.c |
1250 |
++++ b/drivers/of/property.c |
1251 |
+@@ -810,6 +810,7 @@ struct device_node *of_graph_get_remote_node(const struct device_node *node, |
1252 |
+ |
1253 |
+ if (!of_device_is_available(remote)) { |
1254 |
+ pr_debug("not available for remote node\n"); |
1255 |
++ of_node_put(remote); |
1256 |
+ return NULL; |
1257 |
+ } |
1258 |
+ |
1259 |
+diff --git a/drivers/scsi/scsi_pm.c b/drivers/scsi/scsi_pm.c |
1260 |
+index b44c1bb687a2..ebc193f7f7dd 100644 |
1261 |
+--- a/drivers/scsi/scsi_pm.c |
1262 |
++++ b/drivers/scsi/scsi_pm.c |
1263 |
+@@ -79,8 +79,22 @@ static int scsi_dev_type_resume(struct device *dev, |
1264 |
+ |
1265 |
+ if (err == 0) { |
1266 |
+ pm_runtime_disable(dev); |
1267 |
+- pm_runtime_set_active(dev); |
1268 |
++ err = pm_runtime_set_active(dev); |
1269 |
+ pm_runtime_enable(dev); |
1270 |
++ |
1271 |
++ /* |
1272 |
++ * Forcibly set runtime PM status of request queue to "active" |
1273 |
++ * to make sure we can again get requests from the queue |
1274 |
++ * (see also blk_pm_peek_request()). |
1275 |
++ * |
1276 |
++ * The resume hook will correct runtime PM status of the disk. |
1277 |
++ */ |
1278 |
++ if (!err && scsi_is_sdev_device(dev)) { |
1279 |
++ struct scsi_device *sdev = to_scsi_device(dev); |
1280 |
++ |
1281 |
++ if (sdev->request_queue->dev) |
1282 |
++ blk_set_runtime_active(sdev->request_queue); |
1283 |
++ } |
1284 |
+ } |
1285 |
+ |
1286 |
+ return err; |
1287 |
+@@ -139,16 +153,6 @@ static int scsi_bus_resume_common(struct device *dev, |
1288 |
+ else |
1289 |
+ fn = NULL; |
1290 |
+ |
1291 |
+- /* |
1292 |
+- * Forcibly set runtime PM status of request queue to "active" to |
1293 |
+- * make sure we can again get requests from the queue (see also |
1294 |
+- * blk_pm_peek_request()). |
1295 |
+- * |
1296 |
+- * The resume hook will correct runtime PM status of the disk. |
1297 |
+- */ |
1298 |
+- if (scsi_is_sdev_device(dev) && pm_runtime_suspended(dev)) |
1299 |
+- blk_set_runtime_active(to_scsi_device(dev)->request_queue); |
1300 |
+- |
1301 |
+ if (fn) { |
1302 |
+ async_schedule_domain(fn, dev, &scsi_sd_pm_domain); |
1303 |
+ |
1304 |
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
1305 |
+index 39754cc90043..048fccc72e03 100644 |
1306 |
+--- a/drivers/scsi/sd.c |
1307 |
++++ b/drivers/scsi/sd.c |
1308 |
+@@ -206,6 +206,12 @@ cache_type_store(struct device *dev, struct device_attribute *attr, |
1309 |
+ sp = buffer_data[0] & 0x80 ? 1 : 0; |
1310 |
+ buffer_data[0] &= ~0x80; |
1311 |
+ |
1312 |
++ /* |
1313 |
++ * Ensure WP, DPOFUA, and RESERVED fields are cleared in |
1314 |
++ * received mode parameter buffer before doing MODE SELECT. |
1315 |
++ */ |
1316 |
++ data.device_specific = 0; |
1317 |
++ |
1318 |
+ if (scsi_mode_select(sdp, 1, sp, 8, buffer_data, len, SD_TIMEOUT, |
1319 |
+ SD_MAX_RETRIES, &data, &sshdr)) { |
1320 |
+ if (scsi_sense_valid(&sshdr)) |
1321 |
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
1322 |
+index 83376caa571b..417b81c67fe9 100644 |
1323 |
+--- a/drivers/tty/tty_io.c |
1324 |
++++ b/drivers/tty/tty_io.c |
1325 |
+@@ -1254,7 +1254,8 @@ static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct * |
1326 |
+ static int tty_reopen(struct tty_struct *tty) |
1327 |
+ { |
1328 |
+ struct tty_driver *driver = tty->driver; |
1329 |
+- int retval; |
1330 |
++ struct tty_ldisc *ld; |
1331 |
++ int retval = 0; |
1332 |
+ |
1333 |
+ if (driver->type == TTY_DRIVER_TYPE_PTY && |
1334 |
+ driver->subtype == PTY_TYPE_MASTER) |
1335 |
+@@ -1266,14 +1267,21 @@ static int tty_reopen(struct tty_struct *tty) |
1336 |
+ if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) |
1337 |
+ return -EBUSY; |
1338 |
+ |
1339 |
+- tty->count++; |
1340 |
++ ld = tty_ldisc_ref_wait(tty); |
1341 |
++ if (ld) { |
1342 |
++ tty_ldisc_deref(ld); |
1343 |
++ } else { |
1344 |
++ retval = tty_ldisc_lock(tty, 5 * HZ); |
1345 |
++ if (retval) |
1346 |
++ return retval; |
1347 |
+ |
1348 |
+- if (tty->ldisc) |
1349 |
+- return 0; |
1350 |
++ if (!tty->ldisc) |
1351 |
++ retval = tty_ldisc_reinit(tty, tty->termios.c_line); |
1352 |
++ tty_ldisc_unlock(tty); |
1353 |
++ } |
1354 |
+ |
1355 |
+- retval = tty_ldisc_reinit(tty, tty->termios.c_line); |
1356 |
+- if (retval) |
1357 |
+- tty->count--; |
1358 |
++ if (retval == 0) |
1359 |
++ tty->count++; |
1360 |
+ |
1361 |
+ return retval; |
1362 |
+ } |
1363 |
+diff --git a/drivers/tty/tty_ldsem.c b/drivers/tty/tty_ldsem.c |
1364 |
+index 52b7baef4f7a..5c2cec298816 100644 |
1365 |
+--- a/drivers/tty/tty_ldsem.c |
1366 |
++++ b/drivers/tty/tty_ldsem.c |
1367 |
+@@ -307,6 +307,16 @@ down_write_failed(struct ld_semaphore *sem, long count, long timeout) |
1368 |
+ if (!locked) |
1369 |
+ ldsem_atomic_update(-LDSEM_WAIT_BIAS, sem); |
1370 |
+ list_del(&waiter.list); |
1371 |
++ |
1372 |
++ /* |
1373 |
++ * In case of timeout, wake up every reader who gave the right of way |
1374 |
++ * to writer. Prevent separation readers into two groups: |
1375 |
++ * one that helds semaphore and another that sleeps. |
1376 |
++ * (in case of no contention with a writer) |
1377 |
++ */ |
1378 |
++ if (!locked && list_empty(&sem->write_wait)) |
1379 |
++ __ldsem_wake_readers(sem); |
1380 |
++ |
1381 |
+ raw_spin_unlock_irq(&sem->wait_lock); |
1382 |
+ |
1383 |
+ __set_current_state(TASK_RUNNING); |
1384 |
+diff --git a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c |
1385 |
+index a3edb20ea4c3..a846d32ee653 100644 |
1386 |
+--- a/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c |
1387 |
++++ b/drivers/video/fbdev/omap2/omapfb/omapfb-ioctl.c |
1388 |
+@@ -609,6 +609,8 @@ int omapfb_ioctl(struct fb_info *fbi, unsigned int cmd, unsigned long arg) |
1389 |
+ |
1390 |
+ int r = 0; |
1391 |
+ |
1392 |
++ memset(&p, 0, sizeof(p)); |
1393 |
++ |
1394 |
+ switch (cmd) { |
1395 |
+ case OMAPFB_SYNC_GFX: |
1396 |
+ DBG("ioctl SYNC_GFX\n"); |
1397 |
+diff --git a/fs/block_dev.c b/fs/block_dev.c |
1398 |
+index 3323eec5c164..3911c1a80219 100644 |
1399 |
+--- a/fs/block_dev.c |
1400 |
++++ b/fs/block_dev.c |
1401 |
+@@ -116,6 +116,20 @@ void invalidate_bdev(struct block_device *bdev) |
1402 |
+ } |
1403 |
+ EXPORT_SYMBOL(invalidate_bdev); |
1404 |
+ |
1405 |
++static void set_init_blocksize(struct block_device *bdev) |
1406 |
++{ |
1407 |
++ unsigned bsize = bdev_logical_block_size(bdev); |
1408 |
++ loff_t size = i_size_read(bdev->bd_inode); |
1409 |
++ |
1410 |
++ while (bsize < PAGE_SIZE) { |
1411 |
++ if (size & bsize) |
1412 |
++ break; |
1413 |
++ bsize <<= 1; |
1414 |
++ } |
1415 |
++ bdev->bd_block_size = bsize; |
1416 |
++ bdev->bd_inode->i_blkbits = blksize_bits(bsize); |
1417 |
++} |
1418 |
++ |
1419 |
+ int set_blocksize(struct block_device *bdev, int size) |
1420 |
+ { |
1421 |
+ /* Size must be a power of two, and between 512 and PAGE_SIZE */ |
1422 |
+@@ -1393,18 +1407,9 @@ EXPORT_SYMBOL(check_disk_change); |
1423 |
+ |
1424 |
+ void bd_set_size(struct block_device *bdev, loff_t size) |
1425 |
+ { |
1426 |
+- unsigned bsize = bdev_logical_block_size(bdev); |
1427 |
+- |
1428 |
+ inode_lock(bdev->bd_inode); |
1429 |
+ i_size_write(bdev->bd_inode, size); |
1430 |
+ inode_unlock(bdev->bd_inode); |
1431 |
+- while (bsize < PAGE_SIZE) { |
1432 |
+- if (size & bsize) |
1433 |
+- break; |
1434 |
+- bsize <<= 1; |
1435 |
+- } |
1436 |
+- bdev->bd_block_size = bsize; |
1437 |
+- bdev->bd_inode->i_blkbits = blksize_bits(bsize); |
1438 |
+ } |
1439 |
+ EXPORT_SYMBOL(bd_set_size); |
1440 |
+ |
1441 |
+@@ -1482,8 +1487,10 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part) |
1442 |
+ } |
1443 |
+ } |
1444 |
+ |
1445 |
+- if (!ret) |
1446 |
++ if (!ret) { |
1447 |
+ bd_set_size(bdev,(loff_t)get_capacity(disk)<<9); |
1448 |
++ set_init_blocksize(bdev); |
1449 |
++ } |
1450 |
+ |
1451 |
+ /* |
1452 |
+ * If the device is invalidated, rescan partition |
1453 |
+@@ -1518,6 +1525,7 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part) |
1454 |
+ goto out_clear; |
1455 |
+ } |
1456 |
+ bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9); |
1457 |
++ set_init_blocksize(bdev); |
1458 |
+ } |
1459 |
+ |
1460 |
+ if (bdev->bd_bdi == &noop_backing_dev_info) |
1461 |
+diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
1462 |
+index 858d5812eb8f..e0bdc0c902e4 100644 |
1463 |
+--- a/fs/btrfs/disk-io.c |
1464 |
++++ b/fs/btrfs/disk-io.c |
1465 |
+@@ -4115,6 +4115,14 @@ static void btrfs_destroy_all_ordered_extents(struct btrfs_fs_info *fs_info) |
1466 |
+ spin_lock(&fs_info->ordered_root_lock); |
1467 |
+ } |
1468 |
+ spin_unlock(&fs_info->ordered_root_lock); |
1469 |
++ |
1470 |
++ /* |
1471 |
++ * We need this here because if we've been flipped read-only we won't |
1472 |
++ * get sync() from the umount, so we need to make sure any ordered |
1473 |
++ * extents that haven't had their dirty pages IO start writeout yet |
1474 |
++ * actually get run and error out properly. |
1475 |
++ */ |
1476 |
++ btrfs_wait_ordered_roots(fs_info, U64_MAX, 0, (u64)-1); |
1477 |
+ } |
1478 |
+ |
1479 |
+ static int btrfs_destroy_delayed_refs(struct btrfs_transaction *trans, |
1480 |
+diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
1481 |
+index 09829e8d759e..909f7ea92e0b 100644 |
1482 |
+--- a/fs/btrfs/inode.c |
1483 |
++++ b/fs/btrfs/inode.c |
1484 |
+@@ -3170,9 +3170,6 @@ out: |
1485 |
+ /* once for the tree */ |
1486 |
+ btrfs_put_ordered_extent(ordered_extent); |
1487 |
+ |
1488 |
+- /* Try to release some metadata so we don't get an OOM but don't wait */ |
1489 |
+- btrfs_btree_balance_dirty_nodelay(fs_info); |
1490 |
+- |
1491 |
+ return ret; |
1492 |
+ } |
1493 |
+ |
1494 |
+diff --git a/fs/pstore/ram.c b/fs/pstore/ram.c |
1495 |
+index 9f7e546d7050..f371e03cf3bf 100644 |
1496 |
+--- a/fs/pstore/ram.c |
1497 |
++++ b/fs/pstore/ram.c |
1498 |
+@@ -711,18 +711,15 @@ static int ramoops_probe(struct platform_device *pdev) |
1499 |
+ { |
1500 |
+ struct device *dev = &pdev->dev; |
1501 |
+ struct ramoops_platform_data *pdata = dev->platform_data; |
1502 |
++ struct ramoops_platform_data pdata_local; |
1503 |
+ struct ramoops_context *cxt = &oops_cxt; |
1504 |
+ size_t dump_mem_sz; |
1505 |
+ phys_addr_t paddr; |
1506 |
+ int err = -EINVAL; |
1507 |
+ |
1508 |
+ if (dev_of_node(dev) && !pdata) { |
1509 |
+- pdata = devm_kzalloc(&pdev->dev, sizeof(*pdata), GFP_KERNEL); |
1510 |
+- if (!pdata) { |
1511 |
+- pr_err("cannot allocate platform data buffer\n"); |
1512 |
+- err = -ENOMEM; |
1513 |
+- goto fail_out; |
1514 |
+- } |
1515 |
++ pdata = &pdata_local; |
1516 |
++ memset(pdata, 0, sizeof(*pdata)); |
1517 |
+ |
1518 |
+ err = ramoops_parse_dt(pdev, pdata); |
1519 |
+ if (err < 0) |
1520 |
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
1521 |
+index 6e108af21481..f33b24080b1c 100644 |
1522 |
+--- a/kernel/sched/fair.c |
1523 |
++++ b/kernel/sched/fair.c |
1524 |
+@@ -4087,6 +4087,7 @@ void __refill_cfs_bandwidth_runtime(struct cfs_bandwidth *cfs_b) |
1525 |
+ now = sched_clock_cpu(smp_processor_id()); |
1526 |
+ cfs_b->runtime = cfs_b->quota; |
1527 |
+ cfs_b->runtime_expires = now + ktime_to_ns(cfs_b->period); |
1528 |
++ cfs_b->expires_seq++; |
1529 |
+ } |
1530 |
+ |
1531 |
+ static inline struct cfs_bandwidth *tg_cfs_bandwidth(struct task_group *tg) |
1532 |
+@@ -4109,6 +4110,7 @@ static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq) |
1533 |
+ struct task_group *tg = cfs_rq->tg; |
1534 |
+ struct cfs_bandwidth *cfs_b = tg_cfs_bandwidth(tg); |
1535 |
+ u64 amount = 0, min_amount, expires; |
1536 |
++ int expires_seq; |
1537 |
+ |
1538 |
+ /* note: this is a positive sum as runtime_remaining <= 0 */ |
1539 |
+ min_amount = sched_cfs_bandwidth_slice() - cfs_rq->runtime_remaining; |
1540 |
+@@ -4125,6 +4127,7 @@ static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq) |
1541 |
+ cfs_b->idle = 0; |
1542 |
+ } |
1543 |
+ } |
1544 |
++ expires_seq = cfs_b->expires_seq; |
1545 |
+ expires = cfs_b->runtime_expires; |
1546 |
+ raw_spin_unlock(&cfs_b->lock); |
1547 |
+ |
1548 |
+@@ -4134,8 +4137,10 @@ static int assign_cfs_rq_runtime(struct cfs_rq *cfs_rq) |
1549 |
+ * spread between our sched_clock and the one on which runtime was |
1550 |
+ * issued. |
1551 |
+ */ |
1552 |
+- if ((s64)(expires - cfs_rq->runtime_expires) > 0) |
1553 |
++ if (cfs_rq->expires_seq != expires_seq) { |
1554 |
++ cfs_rq->expires_seq = expires_seq; |
1555 |
+ cfs_rq->runtime_expires = expires; |
1556 |
++ } |
1557 |
+ |
1558 |
+ return cfs_rq->runtime_remaining > 0; |
1559 |
+ } |
1560 |
+@@ -4161,12 +4166,9 @@ static void expire_cfs_rq_runtime(struct cfs_rq *cfs_rq) |
1561 |
+ * has not truly expired. |
1562 |
+ * |
1563 |
+ * Fortunately we can check determine whether this the case by checking |
1564 |
+- * whether the global deadline has advanced. It is valid to compare |
1565 |
+- * cfs_b->runtime_expires without any locks since we only care about |
1566 |
+- * exact equality, so a partial write will still work. |
1567 |
++ * whether the global deadline(cfs_b->expires_seq) has advanced. |
1568 |
+ */ |
1569 |
+- |
1570 |
+- if (cfs_rq->runtime_expires != cfs_b->runtime_expires) { |
1571 |
++ if (cfs_rq->expires_seq == cfs_b->expires_seq) { |
1572 |
+ /* extend local deadline, drift is bounded above by 2 ticks */ |
1573 |
+ cfs_rq->runtime_expires += TICK_NSEC; |
1574 |
+ } else { |
1575 |
+diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h |
1576 |
+index b3ba6e5e99f2..452b56923c6d 100644 |
1577 |
+--- a/kernel/sched/sched.h |
1578 |
++++ b/kernel/sched/sched.h |
1579 |
+@@ -281,8 +281,9 @@ struct cfs_bandwidth { |
1580 |
+ u64 quota, runtime; |
1581 |
+ s64 hierarchical_quota; |
1582 |
+ u64 runtime_expires; |
1583 |
++ int expires_seq; |
1584 |
+ |
1585 |
+- int idle, period_active; |
1586 |
++ short idle, period_active; |
1587 |
+ struct hrtimer period_timer, slack_timer; |
1588 |
+ struct list_head throttled_cfs_rq; |
1589 |
+ |
1590 |
+@@ -488,6 +489,7 @@ struct cfs_rq { |
1591 |
+ |
1592 |
+ #ifdef CONFIG_CFS_BANDWIDTH |
1593 |
+ int runtime_enabled; |
1594 |
++ int expires_seq; |
1595 |
+ u64 runtime_expires; |
1596 |
+ s64 runtime_remaining; |
1597 |
+ |
1598 |
+diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c |
1599 |
+index 7582f28ab306..3f3859b8d49f 100644 |
1600 |
+--- a/net/bridge/br_netfilter_hooks.c |
1601 |
++++ b/net/bridge/br_netfilter_hooks.c |
1602 |
+@@ -275,7 +275,7 @@ int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_ |
1603 |
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
1604 |
+ int ret; |
1605 |
+ |
1606 |
+- if (neigh->hh.hh_len) { |
1607 |
++ if ((neigh->nud_state & NUD_CONNECTED) && neigh->hh.hh_len) { |
1608 |
+ neigh_hh_bridge(&neigh->hh, skb); |
1609 |
+ skb->dev = nf_bridge->physindev; |
1610 |
+ ret = br_handle_frame_finish(net, sk, skb); |
1611 |
+diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c |
1612 |
+index 54c7fe68040f..22e4c15a1fc3 100644 |
1613 |
+--- a/net/bridge/netfilter/ebtables.c |
1614 |
++++ b/net/bridge/netfilter/ebtables.c |
1615 |
+@@ -1134,14 +1134,16 @@ static int do_replace(struct net *net, const void __user *user, |
1616 |
+ tmp.name[sizeof(tmp.name) - 1] = 0; |
1617 |
+ |
1618 |
+ countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; |
1619 |
+- newinfo = vmalloc(sizeof(*newinfo) + countersize); |
1620 |
++ newinfo = __vmalloc(sizeof(*newinfo) + countersize, GFP_KERNEL_ACCOUNT, |
1621 |
++ PAGE_KERNEL); |
1622 |
+ if (!newinfo) |
1623 |
+ return -ENOMEM; |
1624 |
+ |
1625 |
+ if (countersize) |
1626 |
+ memset(newinfo->counters, 0, countersize); |
1627 |
+ |
1628 |
+- newinfo->entries = vmalloc(tmp.entries_size); |
1629 |
++ newinfo->entries = __vmalloc(tmp.entries_size, GFP_KERNEL_ACCOUNT, |
1630 |
++ PAGE_KERNEL); |
1631 |
+ if (!newinfo->entries) { |
1632 |
+ ret = -ENOMEM; |
1633 |
+ goto free_newinfo; |
1634 |
+diff --git a/net/can/gw.c b/net/can/gw.c |
1635 |
+index 73a02af4b5d7..5114b8f07fd4 100644 |
1636 |
+--- a/net/can/gw.c |
1637 |
++++ b/net/can/gw.c |
1638 |
+@@ -416,13 +416,29 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data) |
1639 |
+ while (modidx < MAX_MODFUNCTIONS && gwj->mod.modfunc[modidx]) |
1640 |
+ (*gwj->mod.modfunc[modidx++])(cf, &gwj->mod); |
1641 |
+ |
1642 |
+- /* check for checksum updates when the CAN frame has been modified */ |
1643 |
++ /* Has the CAN frame been modified? */ |
1644 |
+ if (modidx) { |
1645 |
+- if (gwj->mod.csumfunc.crc8) |
1646 |
++ /* get available space for the processed CAN frame type */ |
1647 |
++ int max_len = nskb->len - offsetof(struct can_frame, data); |
1648 |
++ |
1649 |
++ /* dlc may have changed, make sure it fits to the CAN frame */ |
1650 |
++ if (cf->can_dlc > max_len) |
1651 |
++ goto out_delete; |
1652 |
++ |
1653 |
++ /* check for checksum updates in classic CAN length only */ |
1654 |
++ if (gwj->mod.csumfunc.crc8) { |
1655 |
++ if (cf->can_dlc > 8) |
1656 |
++ goto out_delete; |
1657 |
++ |
1658 |
+ (*gwj->mod.csumfunc.crc8)(cf, &gwj->mod.csum.crc8); |
1659 |
++ } |
1660 |
++ |
1661 |
++ if (gwj->mod.csumfunc.xor) { |
1662 |
++ if (cf->can_dlc > 8) |
1663 |
++ goto out_delete; |
1664 |
+ |
1665 |
+- if (gwj->mod.csumfunc.xor) |
1666 |
+ (*gwj->mod.csumfunc.xor)(cf, &gwj->mod.csum.xor); |
1667 |
++ } |
1668 |
+ } |
1669 |
+ |
1670 |
+ /* clear the skb timestamp if not configured the other way */ |
1671 |
+@@ -434,6 +450,14 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data) |
1672 |
+ gwj->dropped_frames++; |
1673 |
+ else |
1674 |
+ gwj->handled_frames++; |
1675 |
++ |
1676 |
++ return; |
1677 |
++ |
1678 |
++ out_delete: |
1679 |
++ /* delete frame due to misconfiguration */ |
1680 |
++ gwj->deleted_frames++; |
1681 |
++ kfree_skb(nskb); |
1682 |
++ return; |
1683 |
+ } |
1684 |
+ |
1685 |
+ static inline int cgw_register_filter(struct net *net, struct cgw_job *gwj) |
1686 |
+diff --git a/net/core/filter.c b/net/core/filter.c |
1687 |
+index d5158a10ac8f..542fd04bc44d 100644 |
1688 |
+--- a/net/core/filter.c |
1689 |
++++ b/net/core/filter.c |
1690 |
+@@ -1714,18 +1714,19 @@ static inline int __bpf_tx_skb(struct net_device *dev, struct sk_buff *skb) |
1691 |
+ static int __bpf_redirect_no_mac(struct sk_buff *skb, struct net_device *dev, |
1692 |
+ u32 flags) |
1693 |
+ { |
1694 |
+- /* skb->mac_len is not set on normal egress */ |
1695 |
+- unsigned int mlen = skb->network_header - skb->mac_header; |
1696 |
++ unsigned int mlen = skb_network_offset(skb); |
1697 |
+ |
1698 |
+- __skb_pull(skb, mlen); |
1699 |
++ if (mlen) { |
1700 |
++ __skb_pull(skb, mlen); |
1701 |
+ |
1702 |
+- /* At ingress, the mac header has already been pulled once. |
1703 |
+- * At egress, skb_pospull_rcsum has to be done in case that |
1704 |
+- * the skb is originated from ingress (i.e. a forwarded skb) |
1705 |
+- * to ensure that rcsum starts at net header. |
1706 |
+- */ |
1707 |
+- if (!skb_at_tc_ingress(skb)) |
1708 |
+- skb_postpull_rcsum(skb, skb_mac_header(skb), mlen); |
1709 |
++ /* At ingress, the mac header has already been pulled once. |
1710 |
++ * At egress, skb_pospull_rcsum has to be done in case that |
1711 |
++ * the skb is originated from ingress (i.e. a forwarded skb) |
1712 |
++ * to ensure that rcsum starts at net header. |
1713 |
++ */ |
1714 |
++ if (!skb_at_tc_ingress(skb)) |
1715 |
++ skb_postpull_rcsum(skb, skb_mac_header(skb), mlen); |
1716 |
++ } |
1717 |
+ skb_pop_mac_header(skb); |
1718 |
+ skb_reset_mac_len(skb); |
1719 |
+ return flags & BPF_F_INGRESS ? |
1720 |
+diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c |
1721 |
+index 832d69649cb6..65313c766ab3 100644 |
1722 |
+--- a/net/core/lwt_bpf.c |
1723 |
++++ b/net/core/lwt_bpf.c |
1724 |
+@@ -65,6 +65,7 @@ static int run_lwt_bpf(struct sk_buff *skb, struct bpf_lwt_prog *lwt, |
1725 |
+ lwt->name ? : "<unknown>"); |
1726 |
+ ret = BPF_OK; |
1727 |
+ } else { |
1728 |
++ skb_reset_mac_header(skb); |
1729 |
+ ret = skb_do_redirect(skb); |
1730 |
+ if (ret == 0) |
1731 |
+ ret = BPF_REDIRECT; |
1732 |
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c |
1733 |
+index 4ef92ebc4f6d..d1081eac3b49 100644 |
1734 |
+--- a/net/ipv4/ip_sockglue.c |
1735 |
++++ b/net/ipv4/ip_sockglue.c |
1736 |
+@@ -146,19 +146,17 @@ static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) |
1737 |
+ |
1738 |
+ static void ip_cmsg_recv_dstaddr(struct msghdr *msg, struct sk_buff *skb) |
1739 |
+ { |
1740 |
++ __be16 _ports[2], *ports; |
1741 |
+ struct sockaddr_in sin; |
1742 |
+- __be16 *ports; |
1743 |
+- int end; |
1744 |
+- |
1745 |
+- end = skb_transport_offset(skb) + 4; |
1746 |
+- if (end > 0 && !pskb_may_pull(skb, end)) |
1747 |
+- return; |
1748 |
+ |
1749 |
+ /* All current transport protocols have the port numbers in the |
1750 |
+ * first four bytes of the transport header and this function is |
1751 |
+ * written with this assumption in mind. |
1752 |
+ */ |
1753 |
+- ports = (__be16 *)skb_transport_header(skb); |
1754 |
++ ports = skb_header_pointer(skb, skb_transport_offset(skb), |
1755 |
++ sizeof(_ports), &_ports); |
1756 |
++ if (!ports) |
1757 |
++ return; |
1758 |
+ |
1759 |
+ sin.sin_family = AF_INET; |
1760 |
+ sin.sin_addr.s_addr = ip_hdr(skb)->daddr; |
1761 |
+diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c |
1762 |
+index 461825e0680f..1ee3e0d2b587 100644 |
1763 |
+--- a/net/ipv6/datagram.c |
1764 |
++++ b/net/ipv6/datagram.c |
1765 |
+@@ -349,6 +349,7 @@ void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info) |
1766 |
+ skb_reset_network_header(skb); |
1767 |
+ iph = ipv6_hdr(skb); |
1768 |
+ iph->daddr = fl6->daddr; |
1769 |
++ ip6_flow_hdr(iph, 0, 0); |
1770 |
+ |
1771 |
+ serr = SKB_EXT_ERR(skb); |
1772 |
+ serr->ee.ee_errno = err; |
1773 |
+@@ -708,17 +709,15 @@ void ip6_datagram_recv_specific_ctl(struct sock *sk, struct msghdr *msg, |
1774 |
+ } |
1775 |
+ if (np->rxopt.bits.rxorigdstaddr) { |
1776 |
+ struct sockaddr_in6 sin6; |
1777 |
+- __be16 *ports; |
1778 |
+- int end; |
1779 |
++ __be16 _ports[2], *ports; |
1780 |
+ |
1781 |
+- end = skb_transport_offset(skb) + 4; |
1782 |
+- if (end <= 0 || pskb_may_pull(skb, end)) { |
1783 |
++ ports = skb_header_pointer(skb, skb_transport_offset(skb), |
1784 |
++ sizeof(_ports), &_ports); |
1785 |
++ if (ports) { |
1786 |
+ /* All current transport protocols have the port numbers in the |
1787 |
+ * first four bytes of the transport header and this function is |
1788 |
+ * written with this assumption in mind. |
1789 |
+ */ |
1790 |
+- ports = (__be16 *)skb_transport_header(skb); |
1791 |
+- |
1792 |
+ sin6.sin6_family = AF_INET6; |
1793 |
+ sin6.sin6_addr = ipv6_hdr(skb)->daddr; |
1794 |
+ sin6.sin6_port = ports[1]; |
1795 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
1796 |
+index 91a323f99d47..44a093c75567 100644 |
1797 |
+--- a/net/packet/af_packet.c |
1798 |
++++ b/net/packet/af_packet.c |
1799 |
+@@ -2666,7 +2666,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) |
1800 |
+ addr = saddr->sll_halen ? saddr->sll_addr : NULL; |
1801 |
+ dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); |
1802 |
+ if (addr && dev && saddr->sll_halen < dev->addr_len) |
1803 |
+- goto out; |
1804 |
++ goto out_put; |
1805 |
+ } |
1806 |
+ |
1807 |
+ err = -ENXIO; |
1808 |
+@@ -2866,7 +2866,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
1809 |
+ addr = saddr->sll_halen ? saddr->sll_addr : NULL; |
1810 |
+ dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); |
1811 |
+ if (addr && dev && saddr->sll_halen < dev->addr_len) |
1812 |
+- goto out; |
1813 |
++ goto out_unlock; |
1814 |
+ } |
1815 |
+ |
1816 |
+ err = -ENXIO; |
1817 |
+diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
1818 |
+index 8002a72aae1a..7eb06fa75730 100644 |
1819 |
+--- a/net/sctp/ipv6.c |
1820 |
++++ b/net/sctp/ipv6.c |
1821 |
+@@ -97,11 +97,9 @@ static int sctp_inet6addr_event(struct notifier_block *this, unsigned long ev, |
1822 |
+ |
1823 |
+ switch (ev) { |
1824 |
+ case NETDEV_UP: |
1825 |
+- addr = kmalloc(sizeof(struct sctp_sockaddr_entry), GFP_ATOMIC); |
1826 |
++ addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
1827 |
+ if (addr) { |
1828 |
+ addr->a.v6.sin6_family = AF_INET6; |
1829 |
+- addr->a.v6.sin6_port = 0; |
1830 |
+- addr->a.v6.sin6_flowinfo = 0; |
1831 |
+ addr->a.v6.sin6_addr = ifa->addr; |
1832 |
+ addr->a.v6.sin6_scope_id = ifa->idev->dev->ifindex; |
1833 |
+ addr->valid = 1; |
1834 |
+@@ -415,7 +413,6 @@ static void sctp_v6_copy_addrlist(struct list_head *addrlist, |
1835 |
+ addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
1836 |
+ if (addr) { |
1837 |
+ addr->a.v6.sin6_family = AF_INET6; |
1838 |
+- addr->a.v6.sin6_port = 0; |
1839 |
+ addr->a.v6.sin6_addr = ifp->addr; |
1840 |
+ addr->a.v6.sin6_scope_id = dev->ifindex; |
1841 |
+ addr->valid = 1; |
1842 |
+diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c |
1843 |
+index df22a9c352ad..cbb04d66f564 100644 |
1844 |
+--- a/net/sctp/protocol.c |
1845 |
++++ b/net/sctp/protocol.c |
1846 |
+@@ -151,7 +151,6 @@ static void sctp_v4_copy_addrlist(struct list_head *addrlist, |
1847 |
+ addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
1848 |
+ if (addr) { |
1849 |
+ addr->a.v4.sin_family = AF_INET; |
1850 |
+- addr->a.v4.sin_port = 0; |
1851 |
+ addr->a.v4.sin_addr.s_addr = ifa->ifa_local; |
1852 |
+ addr->valid = 1; |
1853 |
+ INIT_LIST_HEAD(&addr->list); |
1854 |
+@@ -782,10 +781,9 @@ static int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev, |
1855 |
+ |
1856 |
+ switch (ev) { |
1857 |
+ case NETDEV_UP: |
1858 |
+- addr = kmalloc(sizeof(struct sctp_sockaddr_entry), GFP_ATOMIC); |
1859 |
++ addr = kzalloc(sizeof(*addr), GFP_ATOMIC); |
1860 |
+ if (addr) { |
1861 |
+ addr->a.v4.sin_family = AF_INET; |
1862 |
+- addr->a.v4.sin_port = 0; |
1863 |
+ addr->a.v4.sin_addr.s_addr = ifa->ifa_local; |
1864 |
+ addr->valid = 1; |
1865 |
+ spin_lock_bh(&net->sctp.local_addr_lock); |
1866 |
+diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c |
1867 |
+index ea0676f199c8..da21efac80f4 100644 |
1868 |
+--- a/net/sunrpc/rpcb_clnt.c |
1869 |
++++ b/net/sunrpc/rpcb_clnt.c |
1870 |
+@@ -771,6 +771,12 @@ void rpcb_getport_async(struct rpc_task *task) |
1871 |
+ case RPCBVERS_3: |
1872 |
+ map->r_netid = xprt->address_strings[RPC_DISPLAY_NETID]; |
1873 |
+ map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC); |
1874 |
++ if (!map->r_addr) { |
1875 |
++ status = -ENOMEM; |
1876 |
++ dprintk("RPC: %5u %s: no memory available\n", |
1877 |
++ task->tk_pid, __func__); |
1878 |
++ goto bailout_free_args; |
1879 |
++ } |
1880 |
+ map->r_owner = ""; |
1881 |
+ break; |
1882 |
+ case RPCBVERS_2: |
1883 |
+@@ -793,6 +799,8 @@ void rpcb_getport_async(struct rpc_task *task) |
1884 |
+ rpc_put_task(child); |
1885 |
+ return; |
1886 |
+ |
1887 |
++bailout_free_args: |
1888 |
++ kfree(map); |
1889 |
+ bailout_release_client: |
1890 |
+ rpc_release_client(rpcb_clnt); |
1891 |
+ bailout_nofree: |
1892 |
+diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c |
1893 |
+index e48f0b2c01b9..73895daf8943 100644 |
1894 |
+--- a/net/tipc/netlink_compat.c |
1895 |
++++ b/net/tipc/netlink_compat.c |
1896 |
+@@ -87,6 +87,11 @@ static int tipc_skb_tailroom(struct sk_buff *skb) |
1897 |
+ return limit; |
1898 |
+ } |
1899 |
+ |
1900 |
++static inline int TLV_GET_DATA_LEN(struct tlv_desc *tlv) |
1901 |
++{ |
1902 |
++ return TLV_GET_LEN(tlv) - TLV_SPACE(0); |
1903 |
++} |
1904 |
++ |
1905 |
+ static int tipc_add_tlv(struct sk_buff *skb, u16 type, void *data, u16 len) |
1906 |
+ { |
1907 |
+ struct tlv_desc *tlv = (struct tlv_desc *)skb_tail_pointer(skb); |
1908 |
+@@ -166,6 +171,11 @@ static struct sk_buff *tipc_get_err_tlv(char *str) |
1909 |
+ return buf; |
1910 |
+ } |
1911 |
+ |
1912 |
++static inline bool string_is_valid(char *s, int len) |
1913 |
++{ |
1914 |
++ return memchr(s, '\0', len) ? true : false; |
1915 |
++} |
1916 |
++ |
1917 |
+ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, |
1918 |
+ struct tipc_nl_compat_msg *msg, |
1919 |
+ struct sk_buff *arg) |
1920 |
+@@ -370,6 +380,7 @@ static int tipc_nl_compat_bearer_enable(struct tipc_nl_compat_cmd_doit *cmd, |
1921 |
+ struct nlattr *prop; |
1922 |
+ struct nlattr *bearer; |
1923 |
+ struct tipc_bearer_config *b; |
1924 |
++ int len; |
1925 |
+ |
1926 |
+ b = (struct tipc_bearer_config *)TLV_DATA(msg->req); |
1927 |
+ |
1928 |
+@@ -377,6 +388,10 @@ static int tipc_nl_compat_bearer_enable(struct tipc_nl_compat_cmd_doit *cmd, |
1929 |
+ if (!bearer) |
1930 |
+ return -EMSGSIZE; |
1931 |
+ |
1932 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_BEARER_NAME); |
1933 |
++ if (!string_is_valid(b->name, len)) |
1934 |
++ return -EINVAL; |
1935 |
++ |
1936 |
+ if (nla_put_string(skb, TIPC_NLA_BEARER_NAME, b->name)) |
1937 |
+ return -EMSGSIZE; |
1938 |
+ |
1939 |
+@@ -402,6 +417,7 @@ static int tipc_nl_compat_bearer_disable(struct tipc_nl_compat_cmd_doit *cmd, |
1940 |
+ { |
1941 |
+ char *name; |
1942 |
+ struct nlattr *bearer; |
1943 |
++ int len; |
1944 |
+ |
1945 |
+ name = (char *)TLV_DATA(msg->req); |
1946 |
+ |
1947 |
+@@ -409,6 +425,10 @@ static int tipc_nl_compat_bearer_disable(struct tipc_nl_compat_cmd_doit *cmd, |
1948 |
+ if (!bearer) |
1949 |
+ return -EMSGSIZE; |
1950 |
+ |
1951 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_BEARER_NAME); |
1952 |
++ if (!string_is_valid(name, len)) |
1953 |
++ return -EINVAL; |
1954 |
++ |
1955 |
+ if (nla_put_string(skb, TIPC_NLA_BEARER_NAME, name)) |
1956 |
+ return -EMSGSIZE; |
1957 |
+ |
1958 |
+@@ -469,6 +489,7 @@ static int tipc_nl_compat_link_stat_dump(struct tipc_nl_compat_msg *msg, |
1959 |
+ struct nlattr *prop[TIPC_NLA_PROP_MAX + 1]; |
1960 |
+ struct nlattr *stats[TIPC_NLA_STATS_MAX + 1]; |
1961 |
+ int err; |
1962 |
++ int len; |
1963 |
+ |
1964 |
+ if (!attrs[TIPC_NLA_LINK]) |
1965 |
+ return -EINVAL; |
1966 |
+@@ -495,6 +516,11 @@ static int tipc_nl_compat_link_stat_dump(struct tipc_nl_compat_msg *msg, |
1967 |
+ return err; |
1968 |
+ |
1969 |
+ name = (char *)TLV_DATA(msg->req); |
1970 |
++ |
1971 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME); |
1972 |
++ if (!string_is_valid(name, len)) |
1973 |
++ return -EINVAL; |
1974 |
++ |
1975 |
+ if (strcmp(name, nla_data(link[TIPC_NLA_LINK_NAME])) != 0) |
1976 |
+ return 0; |
1977 |
+ |
1978 |
+@@ -635,6 +661,7 @@ static int tipc_nl_compat_media_set(struct sk_buff *skb, |
1979 |
+ struct nlattr *prop; |
1980 |
+ struct nlattr *media; |
1981 |
+ struct tipc_link_config *lc; |
1982 |
++ int len; |
1983 |
+ |
1984 |
+ lc = (struct tipc_link_config *)TLV_DATA(msg->req); |
1985 |
+ |
1986 |
+@@ -642,6 +669,10 @@ static int tipc_nl_compat_media_set(struct sk_buff *skb, |
1987 |
+ if (!media) |
1988 |
+ return -EMSGSIZE; |
1989 |
+ |
1990 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_MEDIA_NAME); |
1991 |
++ if (!string_is_valid(lc->name, len)) |
1992 |
++ return -EINVAL; |
1993 |
++ |
1994 |
+ if (nla_put_string(skb, TIPC_NLA_MEDIA_NAME, lc->name)) |
1995 |
+ return -EMSGSIZE; |
1996 |
+ |
1997 |
+@@ -662,6 +693,7 @@ static int tipc_nl_compat_bearer_set(struct sk_buff *skb, |
1998 |
+ struct nlattr *prop; |
1999 |
+ struct nlattr *bearer; |
2000 |
+ struct tipc_link_config *lc; |
2001 |
++ int len; |
2002 |
+ |
2003 |
+ lc = (struct tipc_link_config *)TLV_DATA(msg->req); |
2004 |
+ |
2005 |
+@@ -669,6 +701,10 @@ static int tipc_nl_compat_bearer_set(struct sk_buff *skb, |
2006 |
+ if (!bearer) |
2007 |
+ return -EMSGSIZE; |
2008 |
+ |
2009 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_MEDIA_NAME); |
2010 |
++ if (!string_is_valid(lc->name, len)) |
2011 |
++ return -EINVAL; |
2012 |
++ |
2013 |
+ if (nla_put_string(skb, TIPC_NLA_BEARER_NAME, lc->name)) |
2014 |
+ return -EMSGSIZE; |
2015 |
+ |
2016 |
+@@ -717,9 +753,14 @@ static int tipc_nl_compat_link_set(struct tipc_nl_compat_cmd_doit *cmd, |
2017 |
+ struct tipc_link_config *lc; |
2018 |
+ struct tipc_bearer *bearer; |
2019 |
+ struct tipc_media *media; |
2020 |
++ int len; |
2021 |
+ |
2022 |
+ lc = (struct tipc_link_config *)TLV_DATA(msg->req); |
2023 |
+ |
2024 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME); |
2025 |
++ if (!string_is_valid(lc->name, len)) |
2026 |
++ return -EINVAL; |
2027 |
++ |
2028 |
+ media = tipc_media_find(lc->name); |
2029 |
+ if (media) { |
2030 |
+ cmd->doit = &tipc_nl_media_set; |
2031 |
+@@ -741,6 +782,7 @@ static int tipc_nl_compat_link_reset_stats(struct tipc_nl_compat_cmd_doit *cmd, |
2032 |
+ { |
2033 |
+ char *name; |
2034 |
+ struct nlattr *link; |
2035 |
++ int len; |
2036 |
+ |
2037 |
+ name = (char *)TLV_DATA(msg->req); |
2038 |
+ |
2039 |
+@@ -748,6 +790,10 @@ static int tipc_nl_compat_link_reset_stats(struct tipc_nl_compat_cmd_doit *cmd, |
2040 |
+ if (!link) |
2041 |
+ return -EMSGSIZE; |
2042 |
+ |
2043 |
++ len = min_t(int, TLV_GET_DATA_LEN(msg->req), TIPC_MAX_LINK_NAME); |
2044 |
++ if (!string_is_valid(name, len)) |
2045 |
++ return -EINVAL; |
2046 |
++ |
2047 |
+ if (nla_put_string(skb, TIPC_NLA_LINK_NAME, name)) |
2048 |
+ return -EMSGSIZE; |
2049 |
+ |
2050 |
+@@ -769,6 +815,8 @@ static int tipc_nl_compat_name_table_dump_header(struct tipc_nl_compat_msg *msg) |
2051 |
+ }; |
2052 |
+ |
2053 |
+ ntq = (struct tipc_name_table_query *)TLV_DATA(msg->req); |
2054 |
++ if (TLV_GET_DATA_LEN(msg->req) < sizeof(struct tipc_name_table_query)) |
2055 |
++ return -EINVAL; |
2056 |
+ |
2057 |
+ depth = ntohl(ntq->depth); |
2058 |
+ |
2059 |
+@@ -1192,7 +1240,7 @@ static int tipc_nl_compat_recv(struct sk_buff *skb, struct genl_info *info) |
2060 |
+ } |
2061 |
+ |
2062 |
+ len = nlmsg_attrlen(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN); |
2063 |
+- if (len && !TLV_OK(msg.req, len)) { |
2064 |
++ if (!len || !TLV_OK(msg.req, len)) { |
2065 |
+ msg.rep = tipc_get_err_tlv(TIPC_CFG_NOT_SUPPORTED); |
2066 |
+ err = -EOPNOTSUPP; |
2067 |
+ goto send; |
2068 |
+diff --git a/security/security.c b/security/security.c |
2069 |
+index 95a1a0f52880..4fbe4e495c02 100644 |
2070 |
+--- a/security/security.c |
2071 |
++++ b/security/security.c |
2072 |
+@@ -993,6 +993,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) |
2073 |
+ |
2074 |
+ void security_cred_free(struct cred *cred) |
2075 |
+ { |
2076 |
++ /* |
2077 |
++ * There is a failure case in prepare_creds() that |
2078 |
++ * may result in a call here with ->security being NULL. |
2079 |
++ */ |
2080 |
++ if (unlikely(cred->security == NULL)) |
2081 |
++ return; |
2082 |
++ |
2083 |
+ call_void_hook(cred_free, cred); |
2084 |
+ } |
2085 |
+ |
2086 |
+diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c |
2087 |
+index ffeb644bfecd..524068d71bc1 100644 |
2088 |
+--- a/security/selinux/ss/policydb.c |
2089 |
++++ b/security/selinux/ss/policydb.c |
2090 |
+@@ -730,7 +730,8 @@ static int sens_destroy(void *key, void *datum, void *p) |
2091 |
+ kfree(key); |
2092 |
+ if (datum) { |
2093 |
+ levdatum = datum; |
2094 |
+- ebitmap_destroy(&levdatum->level->cat); |
2095 |
++ if (levdatum->level) |
2096 |
++ ebitmap_destroy(&levdatum->level->cat); |
2097 |
+ kfree(levdatum->level); |
2098 |
+ } |
2099 |
+ kfree(datum); |
2100 |
+diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c |
2101 |
+index 8298e094f4f7..7d5541c6a225 100644 |
2102 |
+--- a/security/yama/yama_lsm.c |
2103 |
++++ b/security/yama/yama_lsm.c |
2104 |
+@@ -373,7 +373,9 @@ static int yama_ptrace_access_check(struct task_struct *child, |
2105 |
+ break; |
2106 |
+ case YAMA_SCOPE_RELATIONAL: |
2107 |
+ rcu_read_lock(); |
2108 |
+- if (!task_is_descendant(current, child) && |
2109 |
++ if (!pid_alive(child)) |
2110 |
++ rc = -EPERM; |
2111 |
++ if (!rc && !task_is_descendant(current, child) && |
2112 |
+ !ptracer_exception_found(current, child) && |
2113 |
+ !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE)) |
2114 |
+ rc = -EPERM; |