1 |
commit: 5fcd3de7405182eecef3c8e154f54fc4a2e28613 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Apr 27 11:37:52 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Apr 27 11:37:52 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5fcd3de7 |
7 |
|
8 |
Linux patch 4.14.277 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1276_linux-4.14.277.patch | 1386 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1390 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index facf5e0f..46d6c89f 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -1151,6 +1151,10 @@ Patch: 1275_linux-4.14.276.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.14.276 |
23 |
|
24 |
+Patch: 1276_linux-4.14.277.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.14.277 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1276_linux-4.14.277.patch b/1276_linux-4.14.277.patch |
33 |
new file mode 100644 |
34 |
index 00000000..6b100c0d |
35 |
--- /dev/null |
36 |
+++ b/1276_linux-4.14.277.patch |
37 |
@@ -0,0 +1,1386 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index ce295ec15975e..ef5240c915f45 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 14 |
46 |
+-SUBLEVEL = 276 |
47 |
++SUBLEVEL = 277 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Petit Gorille |
50 |
+ |
51 |
+diff --git a/arch/arc/kernel/entry.S b/arch/arc/kernel/entry.S |
52 |
+index 37ad245cf9899..fb458623f3860 100644 |
53 |
+--- a/arch/arc/kernel/entry.S |
54 |
++++ b/arch/arc/kernel/entry.S |
55 |
+@@ -191,6 +191,7 @@ tracesys_exit: |
56 |
+ st r0, [sp, PT_r0] ; sys call return value in pt_regs |
57 |
+ |
58 |
+ ;POST Sys Call Ptrace Hook |
59 |
++ mov r0, sp ; pt_regs needed |
60 |
+ bl @syscall_trace_exit |
61 |
+ b ret_from_exception ; NOT ret_from_system_call at is saves r0 which |
62 |
+ ; we'd done before calling post hook above |
63 |
+diff --git a/arch/arm/mach-vexpress/spc.c b/arch/arm/mach-vexpress/spc.c |
64 |
+index 635b0d5494874..c16f396140032 100644 |
65 |
+--- a/arch/arm/mach-vexpress/spc.c |
66 |
++++ b/arch/arm/mach-vexpress/spc.c |
67 |
+@@ -584,7 +584,7 @@ static int __init ve_spc_clk_init(void) |
68 |
+ } |
69 |
+ |
70 |
+ cluster = topology_physical_package_id(cpu_dev->id); |
71 |
+- if (init_opp_table[cluster]) |
72 |
++ if (cluster < 0 || init_opp_table[cluster]) |
73 |
+ continue; |
74 |
+ |
75 |
+ if (ve_init_opp_table(cpu_dev)) |
76 |
+diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c |
77 |
+index efb19b0890230..75d3a10e20fe9 100644 |
78 |
+--- a/arch/powerpc/perf/power9-pmu.c |
79 |
++++ b/arch/powerpc/perf/power9-pmu.c |
80 |
+@@ -107,11 +107,11 @@ extern struct attribute_group isa207_pmu_format_group; |
81 |
+ |
82 |
+ /* Table of alternatives, sorted by column 0 */ |
83 |
+ static const unsigned int power9_event_alternatives[][MAX_ALT] = { |
84 |
+- { PM_INST_DISP, PM_INST_DISP_ALT }, |
85 |
+- { PM_RUN_CYC_ALT, PM_RUN_CYC }, |
86 |
+- { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, |
87 |
+- { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, |
88 |
+ { PM_BR_2PATH, PM_BR_2PATH_ALT }, |
89 |
++ { PM_INST_DISP, PM_INST_DISP_ALT }, |
90 |
++ { PM_RUN_CYC_ALT, PM_RUN_CYC }, |
91 |
++ { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, |
92 |
++ { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, |
93 |
+ }; |
94 |
+ |
95 |
+ static int power9_get_alternatives(u64 event, unsigned int flags, u64 alt[]) |
96 |
+diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h |
97 |
+index 2cbd75dd2fd35..ea142936bf11f 100644 |
98 |
+--- a/arch/x86/include/asm/compat.h |
99 |
++++ b/arch/x86/include/asm/compat.h |
100 |
+@@ -57,15 +57,13 @@ struct compat_timeval { |
101 |
+ }; |
102 |
+ |
103 |
+ struct compat_stat { |
104 |
+- compat_dev_t st_dev; |
105 |
+- u16 __pad1; |
106 |
++ u32 st_dev; |
107 |
+ compat_ino_t st_ino; |
108 |
+ compat_mode_t st_mode; |
109 |
+ compat_nlink_t st_nlink; |
110 |
+ __compat_uid_t st_uid; |
111 |
+ __compat_gid_t st_gid; |
112 |
+- compat_dev_t st_rdev; |
113 |
+- u16 __pad2; |
114 |
++ u32 st_rdev; |
115 |
+ u32 st_size; |
116 |
+ u32 st_blksize; |
117 |
+ u32 st_blocks; |
118 |
+diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c |
119 |
+index 6490b2759bcb4..9ef62d42ba5b2 100644 |
120 |
+--- a/block/compat_ioctl.c |
121 |
++++ b/block/compat_ioctl.c |
122 |
+@@ -391,7 +391,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) |
123 |
+ return 0; |
124 |
+ case BLKGETSIZE: |
125 |
+ size = i_size_read(bdev->bd_inode); |
126 |
+- if ((size >> 9) > ~0UL) |
127 |
++ if ((size >> 9) > ~(compat_ulong_t)0) |
128 |
+ return -EFBIG; |
129 |
+ return compat_put_ulong(arg, size >> 9); |
130 |
+ |
131 |
+diff --git a/drivers/ata/pata_marvell.c b/drivers/ata/pata_marvell.c |
132 |
+index ff468a6fd8ddc..677f582cf3d6c 100644 |
133 |
+--- a/drivers/ata/pata_marvell.c |
134 |
++++ b/drivers/ata/pata_marvell.c |
135 |
+@@ -82,6 +82,8 @@ static int marvell_cable_detect(struct ata_port *ap) |
136 |
+ switch(ap->port_no) |
137 |
+ { |
138 |
+ case 0: |
139 |
++ if (!ap->ioaddr.bmdma_addr) |
140 |
++ return ATA_CBL_PATA_UNK; |
141 |
+ if (ioread8(ap->ioaddr.bmdma_addr + 1) & 1) |
142 |
+ return ATA_CBL_PATA40; |
143 |
+ return ATA_CBL_PATA80; |
144 |
+diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c |
145 |
+index 5b182061da221..2af0e151b31b8 100644 |
146 |
+--- a/drivers/dma/at_xdmac.c |
147 |
++++ b/drivers/dma/at_xdmac.c |
148 |
+@@ -1390,7 +1390,7 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie, |
149 |
+ { |
150 |
+ struct at_xdmac_chan *atchan = to_at_xdmac_chan(chan); |
151 |
+ struct at_xdmac *atxdmac = to_at_xdmac(atchan->chan.device); |
152 |
+- struct at_xdmac_desc *desc, *_desc; |
153 |
++ struct at_xdmac_desc *desc, *_desc, *iter; |
154 |
+ struct list_head *descs_list; |
155 |
+ enum dma_status ret; |
156 |
+ int residue, retry; |
157 |
+@@ -1505,11 +1505,13 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie, |
158 |
+ * microblock. |
159 |
+ */ |
160 |
+ descs_list = &desc->descs_list; |
161 |
+- list_for_each_entry_safe(desc, _desc, descs_list, desc_node) { |
162 |
+- dwidth = at_xdmac_get_dwidth(desc->lld.mbr_cfg); |
163 |
+- residue -= (desc->lld.mbr_ubc & 0xffffff) << dwidth; |
164 |
+- if ((desc->lld.mbr_nda & 0xfffffffc) == cur_nda) |
165 |
++ list_for_each_entry_safe(iter, _desc, descs_list, desc_node) { |
166 |
++ dwidth = at_xdmac_get_dwidth(iter->lld.mbr_cfg); |
167 |
++ residue -= (iter->lld.mbr_ubc & 0xffffff) << dwidth; |
168 |
++ if ((iter->lld.mbr_nda & 0xfffffffc) == cur_nda) { |
169 |
++ desc = iter; |
170 |
+ break; |
171 |
++ } |
172 |
+ } |
173 |
+ residue += cur_ubc << dwidth; |
174 |
+ |
175 |
+diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c |
176 |
+index 99f3f22ed6476..02d13a44ba45c 100644 |
177 |
+--- a/drivers/dma/imx-sdma.c |
178 |
++++ b/drivers/dma/imx-sdma.c |
179 |
+@@ -1528,7 +1528,7 @@ static int sdma_event_remap(struct sdma_engine *sdma) |
180 |
+ u32 reg, val, shift, num_map, i; |
181 |
+ int ret = 0; |
182 |
+ |
183 |
+- if (IS_ERR(np) || IS_ERR(gpr_np)) |
184 |
++ if (IS_ERR(np) || !gpr_np) |
185 |
+ goto out; |
186 |
+ |
187 |
+ event_remap = of_find_property(np, propname, NULL); |
188 |
+@@ -1576,7 +1576,7 @@ static int sdma_event_remap(struct sdma_engine *sdma) |
189 |
+ } |
190 |
+ |
191 |
+ out: |
192 |
+- if (!IS_ERR(gpr_np)) |
193 |
++ if (gpr_np) |
194 |
+ of_node_put(gpr_np); |
195 |
+ |
196 |
+ return ret; |
197 |
+diff --git a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c |
198 |
+index 4b22ac3413a10..1f9e3c5ea47d0 100644 |
199 |
+--- a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c |
200 |
++++ b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c |
201 |
+@@ -197,7 +197,10 @@ static void mdp5_plane_reset(struct drm_plane *plane) |
202 |
+ drm_framebuffer_unreference(plane->state->fb); |
203 |
+ |
204 |
+ kfree(to_mdp5_plane_state(plane->state)); |
205 |
++ plane->state = NULL; |
206 |
+ mdp5_state = kzalloc(sizeof(*mdp5_state), GFP_KERNEL); |
207 |
++ if (!mdp5_state) |
208 |
++ return; |
209 |
+ |
210 |
+ /* assign default blend parameters */ |
211 |
+ mdp5_state->alpha = 255; |
212 |
+diff --git a/drivers/net/can/usb/usb_8dev.c b/drivers/net/can/usb/usb_8dev.c |
213 |
+index df99354ec12aa..232f45f722f0c 100644 |
214 |
+--- a/drivers/net/can/usb/usb_8dev.c |
215 |
++++ b/drivers/net/can/usb/usb_8dev.c |
216 |
+@@ -681,9 +681,20 @@ static netdev_tx_t usb_8dev_start_xmit(struct sk_buff *skb, |
217 |
+ atomic_inc(&priv->active_tx_urbs); |
218 |
+ |
219 |
+ err = usb_submit_urb(urb, GFP_ATOMIC); |
220 |
+- if (unlikely(err)) |
221 |
+- goto failed; |
222 |
+- else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS) |
223 |
++ if (unlikely(err)) { |
224 |
++ can_free_echo_skb(netdev, context->echo_index); |
225 |
++ |
226 |
++ usb_unanchor_urb(urb); |
227 |
++ usb_free_coherent(priv->udev, size, buf, urb->transfer_dma); |
228 |
++ |
229 |
++ atomic_dec(&priv->active_tx_urbs); |
230 |
++ |
231 |
++ if (err == -ENODEV) |
232 |
++ netif_device_detach(netdev); |
233 |
++ else |
234 |
++ netdev_warn(netdev, "failed tx_urb %d\n", err); |
235 |
++ stats->tx_dropped++; |
236 |
++ } else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS) |
237 |
+ /* Slow down tx path */ |
238 |
+ netif_stop_queue(netdev); |
239 |
+ |
240 |
+@@ -702,19 +713,6 @@ nofreecontext: |
241 |
+ |
242 |
+ return NETDEV_TX_BUSY; |
243 |
+ |
244 |
+-failed: |
245 |
+- can_free_echo_skb(netdev, context->echo_index); |
246 |
+- |
247 |
+- usb_unanchor_urb(urb); |
248 |
+- usb_free_coherent(priv->udev, size, buf, urb->transfer_dma); |
249 |
+- |
250 |
+- atomic_dec(&priv->active_tx_urbs); |
251 |
+- |
252 |
+- if (err == -ENODEV) |
253 |
+- netif_device_detach(netdev); |
254 |
+- else |
255 |
+- netdev_warn(netdev, "failed tx_urb %d\n", err); |
256 |
+- |
257 |
+ nomembuf: |
258 |
+ usb_free_urb(urb); |
259 |
+ |
260 |
+diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c |
261 |
+index 045ab0ec5ca25..456d84cbcc6be 100644 |
262 |
+--- a/drivers/net/ethernet/cadence/macb_main.c |
263 |
++++ b/drivers/net/ethernet/cadence/macb_main.c |
264 |
+@@ -1265,6 +1265,7 @@ static void macb_tx_restart(struct macb_queue *queue) |
265 |
+ unsigned int head = queue->tx_head; |
266 |
+ unsigned int tail = queue->tx_tail; |
267 |
+ struct macb *bp = queue->bp; |
268 |
++ unsigned int head_idx, tbqp; |
269 |
+ |
270 |
+ if (bp->caps & MACB_CAPS_ISR_CLEAR_ON_WRITE) |
271 |
+ queue_writel(queue, ISR, MACB_BIT(TXUBR)); |
272 |
+@@ -1272,6 +1273,13 @@ static void macb_tx_restart(struct macb_queue *queue) |
273 |
+ if (head == tail) |
274 |
+ return; |
275 |
+ |
276 |
++ tbqp = queue_readl(queue, TBQP) / macb_dma_desc_get_size(bp); |
277 |
++ tbqp = macb_adj_dma_desc_idx(bp, macb_tx_ring_wrap(bp, tbqp)); |
278 |
++ head_idx = macb_adj_dma_desc_idx(bp, macb_tx_ring_wrap(bp, head)); |
279 |
++ |
280 |
++ if (tbqp == head_idx) |
281 |
++ return; |
282 |
++ |
283 |
+ macb_writel(bp, NCR, macb_readl(bp, NCR) | MACB_BIT(TSTART)); |
284 |
+ } |
285 |
+ |
286 |
+diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c |
287 |
+index 9d5fe4ea9cee3..60f0d2053a0ae 100644 |
288 |
+--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c |
289 |
++++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c |
290 |
+@@ -1013,8 +1013,8 @@ static s32 e1000_platform_pm_pch_lpt(struct e1000_hw *hw, bool link) |
291 |
+ { |
292 |
+ u32 reg = link << (E1000_LTRV_REQ_SHIFT + E1000_LTRV_NOSNOOP_SHIFT) | |
293 |
+ link << E1000_LTRV_REQ_SHIFT | E1000_LTRV_SEND; |
294 |
+- u16 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ |
295 |
+- u16 lat_enc_d = 0; /* latency decoded */ |
296 |
++ u32 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ |
297 |
++ u32 lat_enc_d = 0; /* latency decoded */ |
298 |
+ u16 lat_enc = 0; /* latency encoded */ |
299 |
+ |
300 |
+ if (link) { |
301 |
+diff --git a/drivers/net/ethernet/micrel/Kconfig b/drivers/net/ethernet/micrel/Kconfig |
302 |
+index aa12bace8673e..b7e2f49696b74 100644 |
303 |
+--- a/drivers/net/ethernet/micrel/Kconfig |
304 |
++++ b/drivers/net/ethernet/micrel/Kconfig |
305 |
+@@ -45,7 +45,6 @@ config KS8851 |
306 |
+ config KS8851_MLL |
307 |
+ tristate "Micrel KS8851 MLL" |
308 |
+ depends on HAS_IOMEM |
309 |
+- depends on PTP_1588_CLOCK_OPTIONAL |
310 |
+ select MII |
311 |
+ ---help--- |
312 |
+ This platform driver is for Micrel KS8851 Address/data bus |
313 |
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c |
314 |
+index 066a4654e838c..31657f15eb071 100644 |
315 |
+--- a/drivers/net/vxlan.c |
316 |
++++ b/drivers/net/vxlan.c |
317 |
+@@ -524,11 +524,11 @@ static int vxlan_fdb_append(struct vxlan_fdb *f, |
318 |
+ |
319 |
+ rd = kmalloc(sizeof(*rd), GFP_ATOMIC); |
320 |
+ if (rd == NULL) |
321 |
+- return -ENOBUFS; |
322 |
++ return -ENOMEM; |
323 |
+ |
324 |
+ if (dst_cache_init(&rd->dst_cache, GFP_ATOMIC)) { |
325 |
+ kfree(rd); |
326 |
+- return -ENOBUFS; |
327 |
++ return -ENOMEM; |
328 |
+ } |
329 |
+ |
330 |
+ rd->remote_ip = *ip; |
331 |
+diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c |
332 |
+index d198a8780b966..8fa4ffff7c329 100644 |
333 |
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c |
334 |
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c |
335 |
+@@ -552,7 +552,7 @@ enum brcmf_sdio_frmtype { |
336 |
+ BRCMF_SDIO_FT_SUB, |
337 |
+ }; |
338 |
+ |
339 |
+-#define SDIOD_DRVSTR_KEY(chip, pmu) (((chip) << 16) | (pmu)) |
340 |
++#define SDIOD_DRVSTR_KEY(chip, pmu) (((unsigned int)(chip) << 16) | (pmu)) |
341 |
+ |
342 |
+ /* SDIO Pad drive strength to select value mappings */ |
343 |
+ struct sdiod_drive_str { |
344 |
+diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c |
345 |
+index d3cb26f6df736..c1c34b495519b 100644 |
346 |
+--- a/drivers/platform/x86/samsung-laptop.c |
347 |
++++ b/drivers/platform/x86/samsung-laptop.c |
348 |
+@@ -1125,8 +1125,6 @@ static void kbd_led_set(struct led_classdev *led_cdev, |
349 |
+ |
350 |
+ if (value > samsung->kbd_led.max_brightness) |
351 |
+ value = samsung->kbd_led.max_brightness; |
352 |
+- else if (value < 0) |
353 |
+- value = 0; |
354 |
+ |
355 |
+ samsung->kbd_led_wk = value; |
356 |
+ queue_work(samsung->led_workqueue, &samsung->kbd_led_work); |
357 |
+diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c |
358 |
+index dd96ca61a5152..986aabc9b8f96 100644 |
359 |
+--- a/drivers/staging/android/ion/ion.c |
360 |
++++ b/drivers/staging/android/ion/ion.c |
361 |
+@@ -160,6 +160,9 @@ static void *ion_buffer_kmap_get(struct ion_buffer *buffer) |
362 |
+ void *vaddr; |
363 |
+ |
364 |
+ if (buffer->kmap_cnt) { |
365 |
++ if (buffer->kmap_cnt == INT_MAX) |
366 |
++ return ERR_PTR(-EOVERFLOW); |
367 |
++ |
368 |
+ buffer->kmap_cnt++; |
369 |
+ return buffer->vaddr; |
370 |
+ } |
371 |
+diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c |
372 |
+index dba0d12c3db19..1d3f98572068f 100644 |
373 |
+--- a/fs/cifs/cifsfs.c |
374 |
++++ b/fs/cifs/cifsfs.c |
375 |
+@@ -773,7 +773,7 @@ cifs_loose_read_iter(struct kiocb *iocb, struct iov_iter *iter) |
376 |
+ ssize_t rc; |
377 |
+ struct inode *inode = file_inode(iocb->ki_filp); |
378 |
+ |
379 |
+- if (iocb->ki_filp->f_flags & O_DIRECT) |
380 |
++ if (iocb->ki_flags & IOCB_DIRECT) |
381 |
+ return cifs_user_readv(iocb, iter); |
382 |
+ |
383 |
+ rc = cifs_revalidate_mapping(inode); |
384 |
+diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
385 |
+index 4d3eefff3c841..b2d52d4366a14 100644 |
386 |
+--- a/fs/ext4/inode.c |
387 |
++++ b/fs/ext4/inode.c |
388 |
+@@ -4224,7 +4224,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) |
389 |
+ struct super_block *sb = inode->i_sb; |
390 |
+ ext4_lblk_t first_block, stop_block; |
391 |
+ struct address_space *mapping = inode->i_mapping; |
392 |
+- loff_t first_block_offset, last_block_offset; |
393 |
++ loff_t first_block_offset, last_block_offset, max_length; |
394 |
++ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); |
395 |
+ handle_t *handle; |
396 |
+ unsigned int credits; |
397 |
+ int ret = 0; |
398 |
+@@ -4270,6 +4271,14 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) |
399 |
+ offset; |
400 |
+ } |
401 |
+ |
402 |
++ /* |
403 |
++ * For punch hole the length + offset needs to be within one block |
404 |
++ * before last range. Adjust the length if it goes beyond that limit. |
405 |
++ */ |
406 |
++ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; |
407 |
++ if (offset + length > max_length) |
408 |
++ length = max_length - offset; |
409 |
++ |
410 |
+ if (offset & (sb->s_blocksize - 1) || |
411 |
+ (offset + length) & (sb->s_blocksize - 1)) { |
412 |
+ /* |
413 |
+diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c |
414 |
+index 9cc79b7b0df11..3de933354a08b 100644 |
415 |
+--- a/fs/ext4/page-io.c |
416 |
++++ b/fs/ext4/page-io.c |
417 |
+@@ -105,8 +105,10 @@ static void ext4_finish_bio(struct bio *bio) |
418 |
+ continue; |
419 |
+ } |
420 |
+ clear_buffer_async_write(bh); |
421 |
+- if (bio->bi_status) |
422 |
++ if (bio->bi_status) { |
423 |
++ set_buffer_write_io_error(bh); |
424 |
+ buffer_io_error(bh); |
425 |
++ } |
426 |
+ } while ((bh = bh->b_this_page) != head); |
427 |
+ bit_spin_unlock(BH_Uptodate_Lock, &head->b_state); |
428 |
+ local_irq_restore(flags); |
429 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
430 |
+index dd424958be60c..88cf7093927e4 100644 |
431 |
+--- a/fs/ext4/super.c |
432 |
++++ b/fs/ext4/super.c |
433 |
+@@ -3366,9 +3366,11 @@ static int count_overhead(struct super_block *sb, ext4_group_t grp, |
434 |
+ ext4_fsblk_t first_block, last_block, b; |
435 |
+ ext4_group_t i, ngroups = ext4_get_groups_count(sb); |
436 |
+ int s, j, count = 0; |
437 |
++ int has_super = ext4_bg_has_super(sb, grp); |
438 |
+ |
439 |
+ if (!ext4_has_feature_bigalloc(sb)) |
440 |
+- return (ext4_bg_has_super(sb, grp) + ext4_bg_num_gdb(sb, grp) + |
441 |
++ return (has_super + ext4_bg_num_gdb(sb, grp) + |
442 |
++ (has_super ? le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) : 0) + |
443 |
+ sbi->s_itb_per_group + 2); |
444 |
+ |
445 |
+ first_block = le32_to_cpu(sbi->s_es->s_first_data_block) + |
446 |
+@@ -4343,9 +4345,18 @@ no_journal: |
447 |
+ * Get the # of file system overhead blocks from the |
448 |
+ * superblock if present. |
449 |
+ */ |
450 |
+- if (es->s_overhead_clusters) |
451 |
+- sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); |
452 |
+- else { |
453 |
++ sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); |
454 |
++ /* ignore the precalculated value if it is ridiculous */ |
455 |
++ if (sbi->s_overhead > ext4_blocks_count(es)) |
456 |
++ sbi->s_overhead = 0; |
457 |
++ /* |
458 |
++ * If the bigalloc feature is not enabled recalculating the |
459 |
++ * overhead doesn't take long, so we might as well just redo |
460 |
++ * it to make sure we are using the correct value. |
461 |
++ */ |
462 |
++ if (!ext4_has_feature_bigalloc(sb)) |
463 |
++ sbi->s_overhead = 0; |
464 |
++ if (sbi->s_overhead == 0) { |
465 |
+ err = ext4_calculate_overhead(sb); |
466 |
+ if (err) |
467 |
+ goto failed_mount_wq; |
468 |
+diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c |
469 |
+index f4a26759ca383..5b14d4faebbe5 100644 |
470 |
+--- a/fs/gfs2/rgrp.c |
471 |
++++ b/fs/gfs2/rgrp.c |
472 |
+@@ -907,15 +907,15 @@ static int read_rindex_entry(struct gfs2_inode *ip) |
473 |
+ rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes); |
474 |
+ spin_lock_init(&rgd->rd_rsspin); |
475 |
+ |
476 |
+- error = compute_bitstructs(rgd); |
477 |
+- if (error) |
478 |
+- goto fail; |
479 |
+- |
480 |
+ error = gfs2_glock_get(sdp, rgd->rd_addr, |
481 |
+ &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); |
482 |
+ if (error) |
483 |
+ goto fail; |
484 |
+ |
485 |
++ error = compute_bitstructs(rgd); |
486 |
++ if (error) |
487 |
++ goto fail_glock; |
488 |
++ |
489 |
+ rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; |
490 |
+ rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); |
491 |
+ if (rgd->rd_data > sdp->sd_max_rg_data) |
492 |
+@@ -932,6 +932,7 @@ static int read_rindex_entry(struct gfs2_inode *ip) |
493 |
+ } |
494 |
+ |
495 |
+ error = 0; /* someone else read in the rgrp; free it and ignore it */ |
496 |
++fail_glock: |
497 |
+ gfs2_glock_put(rgd->rd_gl); |
498 |
+ |
499 |
+ fail: |
500 |
+diff --git a/fs/stat.c b/fs/stat.c |
501 |
+index 873785dae022d..0fda4b6b8fb2a 100644 |
502 |
+--- a/fs/stat.c |
503 |
++++ b/fs/stat.c |
504 |
+@@ -286,9 +286,6 @@ SYSCALL_DEFINE2(fstat, unsigned int, fd, struct __old_kernel_stat __user *, stat |
505 |
+ # define choose_32_64(a,b) b |
506 |
+ #endif |
507 |
+ |
508 |
+-#define valid_dev(x) choose_32_64(old_valid_dev(x),true) |
509 |
+-#define encode_dev(x) choose_32_64(old_encode_dev,new_encode_dev)(x) |
510 |
+- |
511 |
+ #ifndef INIT_STRUCT_STAT_PADDING |
512 |
+ # define INIT_STRUCT_STAT_PADDING(st) memset(&st, 0, sizeof(st)) |
513 |
+ #endif |
514 |
+@@ -297,7 +294,9 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf) |
515 |
+ { |
516 |
+ struct stat tmp; |
517 |
+ |
518 |
+- if (!valid_dev(stat->dev) || !valid_dev(stat->rdev)) |
519 |
++ if (sizeof(tmp.st_dev) < 4 && !old_valid_dev(stat->dev)) |
520 |
++ return -EOVERFLOW; |
521 |
++ if (sizeof(tmp.st_rdev) < 4 && !old_valid_dev(stat->rdev)) |
522 |
+ return -EOVERFLOW; |
523 |
+ #if BITS_PER_LONG == 32 |
524 |
+ if (stat->size > MAX_NON_LFS) |
525 |
+@@ -305,7 +304,7 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf) |
526 |
+ #endif |
527 |
+ |
528 |
+ INIT_STRUCT_STAT_PADDING(tmp); |
529 |
+- tmp.st_dev = encode_dev(stat->dev); |
530 |
++ tmp.st_dev = new_encode_dev(stat->dev); |
531 |
+ tmp.st_ino = stat->ino; |
532 |
+ if (sizeof(tmp.st_ino) < sizeof(stat->ino) && tmp.st_ino != stat->ino) |
533 |
+ return -EOVERFLOW; |
534 |
+@@ -315,7 +314,7 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf) |
535 |
+ return -EOVERFLOW; |
536 |
+ SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid)); |
537 |
+ SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid)); |
538 |
+- tmp.st_rdev = encode_dev(stat->rdev); |
539 |
++ tmp.st_rdev = new_encode_dev(stat->rdev); |
540 |
+ tmp.st_size = stat->size; |
541 |
+ tmp.st_atime = stat->atime.tv_sec; |
542 |
+ tmp.st_mtime = stat->mtime.tv_sec; |
543 |
+@@ -582,11 +581,13 @@ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf) |
544 |
+ { |
545 |
+ struct compat_stat tmp; |
546 |
+ |
547 |
+- if (!old_valid_dev(stat->dev) || !old_valid_dev(stat->rdev)) |
548 |
++ if (sizeof(tmp.st_dev) < 4 && !old_valid_dev(stat->dev)) |
549 |
++ return -EOVERFLOW; |
550 |
++ if (sizeof(tmp.st_rdev) < 4 && !old_valid_dev(stat->rdev)) |
551 |
+ return -EOVERFLOW; |
552 |
+ |
553 |
+ memset(&tmp, 0, sizeof(tmp)); |
554 |
+- tmp.st_dev = old_encode_dev(stat->dev); |
555 |
++ tmp.st_dev = new_encode_dev(stat->dev); |
556 |
+ tmp.st_ino = stat->ino; |
557 |
+ if (sizeof(tmp.st_ino) < sizeof(stat->ino) && tmp.st_ino != stat->ino) |
558 |
+ return -EOVERFLOW; |
559 |
+@@ -596,7 +597,7 @@ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf) |
560 |
+ return -EOVERFLOW; |
561 |
+ SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid)); |
562 |
+ SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid)); |
563 |
+- tmp.st_rdev = old_encode_dev(stat->rdev); |
564 |
++ tmp.st_rdev = new_encode_dev(stat->rdev); |
565 |
+ if ((u64) stat->size > MAX_NON_LFS) |
566 |
+ return -EOVERFLOW; |
567 |
+ tmp.st_size = stat->size; |
568 |
+diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h |
569 |
+index c643cc7fefb59..0913690249325 100644 |
570 |
+--- a/include/linux/etherdevice.h |
571 |
++++ b/include/linux/etherdevice.h |
572 |
+@@ -130,7 +130,7 @@ static inline bool is_multicast_ether_addr(const u8 *addr) |
573 |
+ #endif |
574 |
+ } |
575 |
+ |
576 |
+-static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2]) |
577 |
++static inline bool is_multicast_ether_addr_64bits(const u8 *addr) |
578 |
+ { |
579 |
+ #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 |
580 |
+ #ifdef __BIG_ENDIAN |
581 |
+@@ -344,8 +344,7 @@ static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2) |
582 |
+ * Please note that alignment of addr1 & addr2 are only guaranteed to be 16 bits. |
583 |
+ */ |
584 |
+ |
585 |
+-static inline bool ether_addr_equal_64bits(const u8 addr1[6+2], |
586 |
+- const u8 addr2[6+2]) |
587 |
++static inline bool ether_addr_equal_64bits(const u8 *addr1, const u8 *addr2) |
588 |
+ { |
589 |
+ #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 |
590 |
+ u64 fold = (*(const u64 *)addr1) ^ (*(const u64 *)addr2); |
591 |
+diff --git a/include/net/ax25.h b/include/net/ax25.h |
592 |
+index e667bca42ca49..5db7b4c9256d7 100644 |
593 |
+--- a/include/net/ax25.h |
594 |
++++ b/include/net/ax25.h |
595 |
+@@ -235,6 +235,7 @@ typedef struct ax25_dev { |
596 |
+ #if defined(CONFIG_AX25_DAMA_SLAVE) || defined(CONFIG_AX25_DAMA_MASTER) |
597 |
+ ax25_dama_info dama; |
598 |
+ #endif |
599 |
++ refcount_t refcount; |
600 |
+ } ax25_dev; |
601 |
+ |
602 |
+ typedef struct ax25_cb { |
603 |
+@@ -289,6 +290,17 @@ static __inline__ void ax25_cb_put(ax25_cb *ax25) |
604 |
+ } |
605 |
+ } |
606 |
+ |
607 |
++static inline void ax25_dev_hold(ax25_dev *ax25_dev) |
608 |
++{ |
609 |
++ refcount_inc(&ax25_dev->refcount); |
610 |
++} |
611 |
++ |
612 |
++static inline void ax25_dev_put(ax25_dev *ax25_dev) |
613 |
++{ |
614 |
++ if (refcount_dec_and_test(&ax25_dev->refcount)) { |
615 |
++ kfree(ax25_dev); |
616 |
++ } |
617 |
++} |
618 |
+ static inline __be16 ax25_type_trans(struct sk_buff *skb, struct net_device *dev) |
619 |
+ { |
620 |
+ skb->dev = dev; |
621 |
+diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h |
622 |
+index 573ab110c9ec8..e5f4d27114048 100644 |
623 |
+--- a/include/net/inet_hashtables.h |
624 |
++++ b/include/net/inet_hashtables.h |
625 |
+@@ -215,8 +215,9 @@ void inet_put_port(struct sock *sk); |
626 |
+ |
627 |
+ void inet_hashinfo_init(struct inet_hashinfo *h); |
628 |
+ |
629 |
+-bool inet_ehash_insert(struct sock *sk, struct sock *osk); |
630 |
+-bool inet_ehash_nolisten(struct sock *sk, struct sock *osk); |
631 |
++bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk); |
632 |
++bool inet_ehash_nolisten(struct sock *sk, struct sock *osk, |
633 |
++ bool *found_dup_sk); |
634 |
+ int __inet_hash(struct sock *sk, struct sock *osk); |
635 |
+ int inet_hash(struct sock *sk); |
636 |
+ void inet_unhash(struct sock *sk); |
637 |
+diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c |
638 |
+index 13f5013373085..40c1a2dd48f0f 100644 |
639 |
+--- a/kernel/trace/trace_events_trigger.c |
640 |
++++ b/kernel/trace/trace_events_trigger.c |
641 |
+@@ -932,6 +932,16 @@ void set_named_trigger_data(struct event_trigger_data *data, |
642 |
+ static void |
643 |
+ traceon_trigger(struct event_trigger_data *data, void *rec) |
644 |
+ { |
645 |
++ struct trace_event_file *file = data->private_data; |
646 |
++ |
647 |
++ if (file) { |
648 |
++ if (tracer_tracing_is_on(file->tr)) |
649 |
++ return; |
650 |
++ |
651 |
++ tracer_tracing_on(file->tr); |
652 |
++ return; |
653 |
++ } |
654 |
++ |
655 |
+ if (tracing_is_on()) |
656 |
+ return; |
657 |
+ |
658 |
+@@ -941,8 +951,15 @@ traceon_trigger(struct event_trigger_data *data, void *rec) |
659 |
+ static void |
660 |
+ traceon_count_trigger(struct event_trigger_data *data, void *rec) |
661 |
+ { |
662 |
+- if (tracing_is_on()) |
663 |
+- return; |
664 |
++ struct trace_event_file *file = data->private_data; |
665 |
++ |
666 |
++ if (file) { |
667 |
++ if (tracer_tracing_is_on(file->tr)) |
668 |
++ return; |
669 |
++ } else { |
670 |
++ if (tracing_is_on()) |
671 |
++ return; |
672 |
++ } |
673 |
+ |
674 |
+ if (!data->count) |
675 |
+ return; |
676 |
+@@ -950,12 +967,25 @@ traceon_count_trigger(struct event_trigger_data *data, void *rec) |
677 |
+ if (data->count != -1) |
678 |
+ (data->count)--; |
679 |
+ |
680 |
+- tracing_on(); |
681 |
++ if (file) |
682 |
++ tracer_tracing_on(file->tr); |
683 |
++ else |
684 |
++ tracing_on(); |
685 |
+ } |
686 |
+ |
687 |
+ static void |
688 |
+ traceoff_trigger(struct event_trigger_data *data, void *rec) |
689 |
+ { |
690 |
++ struct trace_event_file *file = data->private_data; |
691 |
++ |
692 |
++ if (file) { |
693 |
++ if (!tracer_tracing_is_on(file->tr)) |
694 |
++ return; |
695 |
++ |
696 |
++ tracer_tracing_off(file->tr); |
697 |
++ return; |
698 |
++ } |
699 |
++ |
700 |
+ if (!tracing_is_on()) |
701 |
+ return; |
702 |
+ |
703 |
+@@ -965,8 +995,15 @@ traceoff_trigger(struct event_trigger_data *data, void *rec) |
704 |
+ static void |
705 |
+ traceoff_count_trigger(struct event_trigger_data *data, void *rec) |
706 |
+ { |
707 |
+- if (!tracing_is_on()) |
708 |
+- return; |
709 |
++ struct trace_event_file *file = data->private_data; |
710 |
++ |
711 |
++ if (file) { |
712 |
++ if (!tracer_tracing_is_on(file->tr)) |
713 |
++ return; |
714 |
++ } else { |
715 |
++ if (!tracing_is_on()) |
716 |
++ return; |
717 |
++ } |
718 |
+ |
719 |
+ if (!data->count) |
720 |
+ return; |
721 |
+@@ -974,7 +1011,10 @@ traceoff_count_trigger(struct event_trigger_data *data, void *rec) |
722 |
+ if (data->count != -1) |
723 |
+ (data->count)--; |
724 |
+ |
725 |
+- tracing_off(); |
726 |
++ if (file) |
727 |
++ tracer_tracing_off(file->tr); |
728 |
++ else |
729 |
++ tracing_off(); |
730 |
+ } |
731 |
+ |
732 |
+ static int |
733 |
+@@ -1156,7 +1196,14 @@ static __init int register_trigger_snapshot_cmd(void) { return 0; } |
734 |
+ static void |
735 |
+ stacktrace_trigger(struct event_trigger_data *data, void *rec) |
736 |
+ { |
737 |
+- trace_dump_stack(STACK_SKIP); |
738 |
++ struct trace_event_file *file = data->private_data; |
739 |
++ unsigned long flags; |
740 |
++ |
741 |
++ if (file) { |
742 |
++ local_save_flags(flags); |
743 |
++ __trace_stack(file->tr, flags, STACK_SKIP, preempt_count()); |
744 |
++ } else |
745 |
++ trace_dump_stack(STACK_SKIP); |
746 |
+ } |
747 |
+ |
748 |
+ static void |
749 |
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
750 |
+index e3d205f2a3ff9..bfbccc7393323 100644 |
751 |
+--- a/mm/page_alloc.c |
752 |
++++ b/mm/page_alloc.c |
753 |
+@@ -6737,7 +6737,7 @@ void __init mem_init_print_info(const char *str) |
754 |
+ */ |
755 |
+ #define adj_init_size(start, end, size, pos, adj) \ |
756 |
+ do { \ |
757 |
+- if (start <= pos && pos < end && size > adj) \ |
758 |
++ if (&start[0] <= &pos[0] && &pos[0] < &end[0] && size > adj) \ |
759 |
+ size -= adj; \ |
760 |
+ } while (0) |
761 |
+ |
762 |
+diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c |
763 |
+index 466f9e3883c8e..20babe8fdbd11 100644 |
764 |
+--- a/net/ax25/af_ax25.c |
765 |
++++ b/net/ax25/af_ax25.c |
766 |
+@@ -92,17 +92,21 @@ again: |
767 |
+ sk = s->sk; |
768 |
+ if (!sk) { |
769 |
+ spin_unlock_bh(&ax25_list_lock); |
770 |
+- s->ax25_dev = NULL; |
771 |
+ ax25_disconnect(s, ENETUNREACH); |
772 |
++ s->ax25_dev = NULL; |
773 |
+ spin_lock_bh(&ax25_list_lock); |
774 |
+ goto again; |
775 |
+ } |
776 |
+ sock_hold(sk); |
777 |
+ spin_unlock_bh(&ax25_list_lock); |
778 |
+ lock_sock(sk); |
779 |
++ ax25_disconnect(s, ENETUNREACH); |
780 |
+ s->ax25_dev = NULL; |
781 |
++ if (sk->sk_socket) { |
782 |
++ dev_put(ax25_dev->dev); |
783 |
++ ax25_dev_put(ax25_dev); |
784 |
++ } |
785 |
+ release_sock(sk); |
786 |
+- ax25_disconnect(s, ENETUNREACH); |
787 |
+ spin_lock_bh(&ax25_list_lock); |
788 |
+ sock_put(sk); |
789 |
+ /* The entry could have been deleted from the |
790 |
+@@ -369,21 +373,25 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg) |
791 |
+ if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl))) |
792 |
+ return -EFAULT; |
793 |
+ |
794 |
+- if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL) |
795 |
+- return -ENODEV; |
796 |
+- |
797 |
+ if (ax25_ctl.digi_count > AX25_MAX_DIGIS) |
798 |
+ return -EINVAL; |
799 |
+ |
800 |
+ if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL) |
801 |
+ return -EINVAL; |
802 |
+ |
803 |
++ ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr); |
804 |
++ if (!ax25_dev) |
805 |
++ return -ENODEV; |
806 |
++ |
807 |
+ digi.ndigi = ax25_ctl.digi_count; |
808 |
+ for (k = 0; k < digi.ndigi; k++) |
809 |
+ digi.calls[k] = ax25_ctl.digi_addr[k]; |
810 |
+ |
811 |
+- if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL) |
812 |
++ ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev); |
813 |
++ if (!ax25) { |
814 |
++ ax25_dev_put(ax25_dev); |
815 |
+ return -ENOTCONN; |
816 |
++ } |
817 |
+ |
818 |
+ switch (ax25_ctl.cmd) { |
819 |
+ case AX25_KILL: |
820 |
+@@ -450,6 +458,7 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg) |
821 |
+ } |
822 |
+ |
823 |
+ out_put: |
824 |
++ ax25_dev_put(ax25_dev); |
825 |
+ ax25_cb_put(ax25); |
826 |
+ return ret; |
827 |
+ |
828 |
+@@ -975,14 +984,16 @@ static int ax25_release(struct socket *sock) |
829 |
+ { |
830 |
+ struct sock *sk = sock->sk; |
831 |
+ ax25_cb *ax25; |
832 |
++ ax25_dev *ax25_dev; |
833 |
+ |
834 |
+ if (sk == NULL) |
835 |
+ return 0; |
836 |
+ |
837 |
+ sock_hold(sk); |
838 |
+- sock_orphan(sk); |
839 |
+ lock_sock(sk); |
840 |
++ sock_orphan(sk); |
841 |
+ ax25 = sk_to_ax25(sk); |
842 |
++ ax25_dev = ax25->ax25_dev; |
843 |
+ |
844 |
+ if (sk->sk_type == SOCK_SEQPACKET) { |
845 |
+ switch (ax25->state) { |
846 |
+@@ -1044,6 +1055,15 @@ static int ax25_release(struct socket *sock) |
847 |
+ sk->sk_state_change(sk); |
848 |
+ ax25_destroy_socket(ax25); |
849 |
+ } |
850 |
++ if (ax25_dev) { |
851 |
++ del_timer_sync(&ax25->timer); |
852 |
++ del_timer_sync(&ax25->t1timer); |
853 |
++ del_timer_sync(&ax25->t2timer); |
854 |
++ del_timer_sync(&ax25->t3timer); |
855 |
++ del_timer_sync(&ax25->idletimer); |
856 |
++ dev_put(ax25_dev->dev); |
857 |
++ ax25_dev_put(ax25_dev); |
858 |
++ } |
859 |
+ |
860 |
+ sock->sk = NULL; |
861 |
+ release_sock(sk); |
862 |
+@@ -1120,8 +1140,10 @@ static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) |
863 |
+ } |
864 |
+ } |
865 |
+ |
866 |
+- if (ax25_dev != NULL) |
867 |
++ if (ax25_dev) { |
868 |
+ ax25_fillin_cb(ax25, ax25_dev); |
869 |
++ dev_hold(ax25_dev->dev); |
870 |
++ } |
871 |
+ |
872 |
+ done: |
873 |
+ ax25_cb_add(ax25); |
874 |
+diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c |
875 |
+index d92195cd78349..55a611f7239bc 100644 |
876 |
+--- a/net/ax25/ax25_dev.c |
877 |
++++ b/net/ax25/ax25_dev.c |
878 |
+@@ -40,6 +40,7 @@ ax25_dev *ax25_addr_ax25dev(ax25_address *addr) |
879 |
+ for (ax25_dev = ax25_dev_list; ax25_dev != NULL; ax25_dev = ax25_dev->next) |
880 |
+ if (ax25cmp(addr, (ax25_address *)ax25_dev->dev->dev_addr) == 0) { |
881 |
+ res = ax25_dev; |
882 |
++ ax25_dev_hold(ax25_dev); |
883 |
+ } |
884 |
+ spin_unlock_bh(&ax25_dev_lock); |
885 |
+ |
886 |
+@@ -59,6 +60,7 @@ void ax25_dev_device_up(struct net_device *dev) |
887 |
+ return; |
888 |
+ } |
889 |
+ |
890 |
++ refcount_set(&ax25_dev->refcount, 1); |
891 |
+ dev->ax25_ptr = ax25_dev; |
892 |
+ ax25_dev->dev = dev; |
893 |
+ dev_hold(dev); |
894 |
+@@ -87,6 +89,7 @@ void ax25_dev_device_up(struct net_device *dev) |
895 |
+ ax25_dev->next = ax25_dev_list; |
896 |
+ ax25_dev_list = ax25_dev; |
897 |
+ spin_unlock_bh(&ax25_dev_lock); |
898 |
++ ax25_dev_hold(ax25_dev); |
899 |
+ |
900 |
+ ax25_register_dev_sysctl(ax25_dev); |
901 |
+ } |
902 |
+@@ -116,9 +119,10 @@ void ax25_dev_device_down(struct net_device *dev) |
903 |
+ if ((s = ax25_dev_list) == ax25_dev) { |
904 |
+ ax25_dev_list = s->next; |
905 |
+ spin_unlock_bh(&ax25_dev_lock); |
906 |
++ ax25_dev_put(ax25_dev); |
907 |
+ dev->ax25_ptr = NULL; |
908 |
+ dev_put(dev); |
909 |
+- kfree(ax25_dev); |
910 |
++ ax25_dev_put(ax25_dev); |
911 |
+ return; |
912 |
+ } |
913 |
+ |
914 |
+@@ -126,9 +130,10 @@ void ax25_dev_device_down(struct net_device *dev) |
915 |
+ if (s->next == ax25_dev) { |
916 |
+ s->next = ax25_dev->next; |
917 |
+ spin_unlock_bh(&ax25_dev_lock); |
918 |
++ ax25_dev_put(ax25_dev); |
919 |
+ dev->ax25_ptr = NULL; |
920 |
+ dev_put(dev); |
921 |
+- kfree(ax25_dev); |
922 |
++ ax25_dev_put(ax25_dev); |
923 |
+ return; |
924 |
+ } |
925 |
+ |
926 |
+@@ -136,6 +141,7 @@ void ax25_dev_device_down(struct net_device *dev) |
927 |
+ } |
928 |
+ spin_unlock_bh(&ax25_dev_lock); |
929 |
+ dev->ax25_ptr = NULL; |
930 |
++ ax25_dev_put(ax25_dev); |
931 |
+ } |
932 |
+ |
933 |
+ int ax25_fwd_ioctl(unsigned int cmd, struct ax25_fwd_struct *fwd) |
934 |
+@@ -147,20 +153,32 @@ int ax25_fwd_ioctl(unsigned int cmd, struct ax25_fwd_struct *fwd) |
935 |
+ |
936 |
+ switch (cmd) { |
937 |
+ case SIOCAX25ADDFWD: |
938 |
+- if ((fwd_dev = ax25_addr_ax25dev(&fwd->port_to)) == NULL) |
939 |
++ fwd_dev = ax25_addr_ax25dev(&fwd->port_to); |
940 |
++ if (!fwd_dev) { |
941 |
++ ax25_dev_put(ax25_dev); |
942 |
+ return -EINVAL; |
943 |
+- if (ax25_dev->forward != NULL) |
944 |
++ } |
945 |
++ if (ax25_dev->forward) { |
946 |
++ ax25_dev_put(fwd_dev); |
947 |
++ ax25_dev_put(ax25_dev); |
948 |
+ return -EINVAL; |
949 |
++ } |
950 |
+ ax25_dev->forward = fwd_dev->dev; |
951 |
++ ax25_dev_put(fwd_dev); |
952 |
++ ax25_dev_put(ax25_dev); |
953 |
+ break; |
954 |
+ |
955 |
+ case SIOCAX25DELFWD: |
956 |
+- if (ax25_dev->forward == NULL) |
957 |
++ if (!ax25_dev->forward) { |
958 |
++ ax25_dev_put(ax25_dev); |
959 |
+ return -EINVAL; |
960 |
++ } |
961 |
+ ax25_dev->forward = NULL; |
962 |
++ ax25_dev_put(ax25_dev); |
963 |
+ break; |
964 |
+ |
965 |
+ default: |
966 |
++ ax25_dev_put(ax25_dev); |
967 |
+ return -EINVAL; |
968 |
+ } |
969 |
+ |
970 |
+diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c |
971 |
+index b8e1a5e6a9d38..7d4c86f11b0f6 100644 |
972 |
+--- a/net/ax25/ax25_route.c |
973 |
++++ b/net/ax25/ax25_route.c |
974 |
+@@ -78,11 +78,13 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
975 |
+ ax25_dev *ax25_dev; |
976 |
+ int i; |
977 |
+ |
978 |
+- if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL) |
979 |
+- return -EINVAL; |
980 |
+ if (route->digi_count > AX25_MAX_DIGIS) |
981 |
+ return -EINVAL; |
982 |
+ |
983 |
++ ax25_dev = ax25_addr_ax25dev(&route->port_addr); |
984 |
++ if (!ax25_dev) |
985 |
++ return -EINVAL; |
986 |
++ |
987 |
+ write_lock_bh(&ax25_route_lock); |
988 |
+ |
989 |
+ ax25_rt = ax25_route_list; |
990 |
+@@ -94,6 +96,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
991 |
+ if (route->digi_count != 0) { |
992 |
+ if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) { |
993 |
+ write_unlock_bh(&ax25_route_lock); |
994 |
++ ax25_dev_put(ax25_dev); |
995 |
+ return -ENOMEM; |
996 |
+ } |
997 |
+ ax25_rt->digipeat->lastrepeat = -1; |
998 |
+@@ -104,6 +107,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
999 |
+ } |
1000 |
+ } |
1001 |
+ write_unlock_bh(&ax25_route_lock); |
1002 |
++ ax25_dev_put(ax25_dev); |
1003 |
+ return 0; |
1004 |
+ } |
1005 |
+ ax25_rt = ax25_rt->next; |
1006 |
+@@ -111,6 +115,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
1007 |
+ |
1008 |
+ if ((ax25_rt = kmalloc(sizeof(ax25_route), GFP_ATOMIC)) == NULL) { |
1009 |
+ write_unlock_bh(&ax25_route_lock); |
1010 |
++ ax25_dev_put(ax25_dev); |
1011 |
+ return -ENOMEM; |
1012 |
+ } |
1013 |
+ |
1014 |
+@@ -123,6 +128,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
1015 |
+ if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) { |
1016 |
+ write_unlock_bh(&ax25_route_lock); |
1017 |
+ kfree(ax25_rt); |
1018 |
++ ax25_dev_put(ax25_dev); |
1019 |
+ return -ENOMEM; |
1020 |
+ } |
1021 |
+ ax25_rt->digipeat->lastrepeat = -1; |
1022 |
+@@ -135,6 +141,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
1023 |
+ ax25_rt->next = ax25_route_list; |
1024 |
+ ax25_route_list = ax25_rt; |
1025 |
+ write_unlock_bh(&ax25_route_lock); |
1026 |
++ ax25_dev_put(ax25_dev); |
1027 |
+ |
1028 |
+ return 0; |
1029 |
+ } |
1030 |
+@@ -176,6 +183,7 @@ static int ax25_rt_del(struct ax25_routes_struct *route) |
1031 |
+ } |
1032 |
+ } |
1033 |
+ write_unlock_bh(&ax25_route_lock); |
1034 |
++ ax25_dev_put(ax25_dev); |
1035 |
+ |
1036 |
+ return 0; |
1037 |
+ } |
1038 |
+@@ -218,6 +226,7 @@ static int ax25_rt_opt(struct ax25_route_opt_struct *rt_option) |
1039 |
+ |
1040 |
+ out: |
1041 |
+ write_unlock_bh(&ax25_route_lock); |
1042 |
++ ax25_dev_put(ax25_dev); |
1043 |
+ return err; |
1044 |
+ } |
1045 |
+ |
1046 |
+diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c |
1047 |
+index 038b109b2be70..c129865cad9f4 100644 |
1048 |
+--- a/net/ax25/ax25_subr.c |
1049 |
++++ b/net/ax25/ax25_subr.c |
1050 |
+@@ -264,12 +264,20 @@ void ax25_disconnect(ax25_cb *ax25, int reason) |
1051 |
+ { |
1052 |
+ ax25_clear_queues(ax25); |
1053 |
+ |
1054 |
+- if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY)) |
1055 |
+- ax25_stop_heartbeat(ax25); |
1056 |
+- ax25_stop_t1timer(ax25); |
1057 |
+- ax25_stop_t2timer(ax25); |
1058 |
+- ax25_stop_t3timer(ax25); |
1059 |
+- ax25_stop_idletimer(ax25); |
1060 |
++ if (reason == ENETUNREACH) { |
1061 |
++ del_timer_sync(&ax25->timer); |
1062 |
++ del_timer_sync(&ax25->t1timer); |
1063 |
++ del_timer_sync(&ax25->t2timer); |
1064 |
++ del_timer_sync(&ax25->t3timer); |
1065 |
++ del_timer_sync(&ax25->idletimer); |
1066 |
++ } else { |
1067 |
++ if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY)) |
1068 |
++ ax25_stop_heartbeat(ax25); |
1069 |
++ ax25_stop_t1timer(ax25); |
1070 |
++ ax25_stop_t2timer(ax25); |
1071 |
++ ax25_stop_t3timer(ax25); |
1072 |
++ ax25_stop_idletimer(ax25); |
1073 |
++ } |
1074 |
+ |
1075 |
+ ax25->state = AX25_STATE_0; |
1076 |
+ |
1077 |
+diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c |
1078 |
+index 176bddacc16eb..7e93087d13667 100644 |
1079 |
+--- a/net/dccp/ipv4.c |
1080 |
++++ b/net/dccp/ipv4.c |
1081 |
+@@ -428,7 +428,7 @@ struct sock *dccp_v4_request_recv_sock(const struct sock *sk, |
1082 |
+ |
1083 |
+ if (__inet_inherit_port(sk, newsk) < 0) |
1084 |
+ goto put_and_exit; |
1085 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
1086 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL); |
1087 |
+ if (*own_req) |
1088 |
+ ireq->ireq_opt = NULL; |
1089 |
+ else |
1090 |
+diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c |
1091 |
+index 2cd3508a37869..ae4851fdbe9e5 100644 |
1092 |
+--- a/net/dccp/ipv6.c |
1093 |
++++ b/net/dccp/ipv6.c |
1094 |
+@@ -538,7 +538,7 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk, |
1095 |
+ dccp_done(newsk); |
1096 |
+ goto out; |
1097 |
+ } |
1098 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
1099 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL); |
1100 |
+ /* Clone pktoptions received with SYN, if we own the req */ |
1101 |
+ if (*own_req && ireq->pktopts) { |
1102 |
+ newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC); |
1103 |
+diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c |
1104 |
+index 08ba0f91f2aba..44b1d630c40b1 100644 |
1105 |
+--- a/net/ipv4/inet_connection_sock.c |
1106 |
++++ b/net/ipv4/inet_connection_sock.c |
1107 |
+@@ -784,7 +784,7 @@ static void reqsk_queue_hash_req(struct request_sock *req, |
1108 |
+ (unsigned long)req); |
1109 |
+ mod_timer(&req->rsk_timer, jiffies + timeout); |
1110 |
+ |
1111 |
+- inet_ehash_insert(req_to_sk(req), NULL); |
1112 |
++ inet_ehash_insert(req_to_sk(req), NULL, NULL); |
1113 |
+ /* before letting lookups find us, make sure all req fields |
1114 |
+ * are committed to memory and refcnt initialized. |
1115 |
+ */ |
1116 |
+diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
1117 |
+index 8a54babf5c903..1346e45cf8d13 100644 |
1118 |
+--- a/net/ipv4/inet_hashtables.c |
1119 |
++++ b/net/ipv4/inet_hashtables.c |
1120 |
+@@ -23,6 +23,9 @@ |
1121 |
+ #include <net/addrconf.h> |
1122 |
+ #include <net/inet_connection_sock.h> |
1123 |
+ #include <net/inet_hashtables.h> |
1124 |
++#if IS_ENABLED(CONFIG_IPV6) |
1125 |
++#include <net/inet6_hashtables.h> |
1126 |
++#endif |
1127 |
+ #include <net/secure_seq.h> |
1128 |
+ #include <net/ip.h> |
1129 |
+ #include <net/tcp.h> |
1130 |
+@@ -395,10 +398,52 @@ static u32 inet_sk_port_offset(const struct sock *sk) |
1131 |
+ inet->inet_dport); |
1132 |
+ } |
1133 |
+ |
1134 |
+-/* insert a socket into ehash, and eventually remove another one |
1135 |
+- * (The another one can be a SYN_RECV or TIMEWAIT |
1136 |
++/* Searches for an exsiting socket in the ehash bucket list. |
1137 |
++ * Returns true if found, false otherwise. |
1138 |
+ */ |
1139 |
+-bool inet_ehash_insert(struct sock *sk, struct sock *osk) |
1140 |
++static bool inet_ehash_lookup_by_sk(struct sock *sk, |
1141 |
++ struct hlist_nulls_head *list) |
1142 |
++{ |
1143 |
++ const __portpair ports = INET_COMBINED_PORTS(sk->sk_dport, sk->sk_num); |
1144 |
++ const int sdif = sk->sk_bound_dev_if; |
1145 |
++ const int dif = sk->sk_bound_dev_if; |
1146 |
++ const struct hlist_nulls_node *node; |
1147 |
++ struct net *net = sock_net(sk); |
1148 |
++ struct sock *esk; |
1149 |
++ |
1150 |
++ INET_ADDR_COOKIE(acookie, sk->sk_daddr, sk->sk_rcv_saddr); |
1151 |
++ |
1152 |
++ sk_nulls_for_each_rcu(esk, node, list) { |
1153 |
++ if (esk->sk_hash != sk->sk_hash) |
1154 |
++ continue; |
1155 |
++ if (sk->sk_family == AF_INET) { |
1156 |
++ if (unlikely(INET_MATCH(esk, net, acookie, |
1157 |
++ sk->sk_daddr, |
1158 |
++ sk->sk_rcv_saddr, |
1159 |
++ ports, dif, sdif))) { |
1160 |
++ return true; |
1161 |
++ } |
1162 |
++ } |
1163 |
++#if IS_ENABLED(CONFIG_IPV6) |
1164 |
++ else if (sk->sk_family == AF_INET6) { |
1165 |
++ if (unlikely(INET6_MATCH(esk, net, |
1166 |
++ &sk->sk_v6_daddr, |
1167 |
++ &sk->sk_v6_rcv_saddr, |
1168 |
++ ports, dif, sdif))) { |
1169 |
++ return true; |
1170 |
++ } |
1171 |
++ } |
1172 |
++#endif |
1173 |
++ } |
1174 |
++ return false; |
1175 |
++} |
1176 |
++ |
1177 |
++/* Insert a socket into ehash, and eventually remove another one |
1178 |
++ * (The another one can be a SYN_RECV or TIMEWAIT) |
1179 |
++ * If an existing socket already exists, socket sk is not inserted, |
1180 |
++ * and sets found_dup_sk parameter to true. |
1181 |
++ */ |
1182 |
++bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk) |
1183 |
+ { |
1184 |
+ struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo; |
1185 |
+ struct hlist_nulls_head *list; |
1186 |
+@@ -417,16 +462,23 @@ bool inet_ehash_insert(struct sock *sk, struct sock *osk) |
1187 |
+ if (osk) { |
1188 |
+ WARN_ON_ONCE(sk->sk_hash != osk->sk_hash); |
1189 |
+ ret = sk_nulls_del_node_init_rcu(osk); |
1190 |
++ } else if (found_dup_sk) { |
1191 |
++ *found_dup_sk = inet_ehash_lookup_by_sk(sk, list); |
1192 |
++ if (*found_dup_sk) |
1193 |
++ ret = false; |
1194 |
+ } |
1195 |
++ |
1196 |
+ if (ret) |
1197 |
+ __sk_nulls_add_node_rcu(sk, list); |
1198 |
++ |
1199 |
+ spin_unlock(lock); |
1200 |
++ |
1201 |
+ return ret; |
1202 |
+ } |
1203 |
+ |
1204 |
+-bool inet_ehash_nolisten(struct sock *sk, struct sock *osk) |
1205 |
++bool inet_ehash_nolisten(struct sock *sk, struct sock *osk, bool *found_dup_sk) |
1206 |
+ { |
1207 |
+- bool ok = inet_ehash_insert(sk, osk); |
1208 |
++ bool ok = inet_ehash_insert(sk, osk, found_dup_sk); |
1209 |
+ |
1210 |
+ if (ok) { |
1211 |
+ sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); |
1212 |
+@@ -469,7 +521,7 @@ int __inet_hash(struct sock *sk, struct sock *osk) |
1213 |
+ int err = 0; |
1214 |
+ |
1215 |
+ if (sk->sk_state != TCP_LISTEN) { |
1216 |
+- inet_ehash_nolisten(sk, osk); |
1217 |
++ inet_ehash_nolisten(sk, osk, NULL); |
1218 |
+ return 0; |
1219 |
+ } |
1220 |
+ WARN_ON(!sk_unhashed(sk)); |
1221 |
+@@ -556,7 +608,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, |
1222 |
+ tb = inet_csk(sk)->icsk_bind_hash; |
1223 |
+ spin_lock_bh(&head->lock); |
1224 |
+ if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) { |
1225 |
+- inet_ehash_nolisten(sk, NULL); |
1226 |
++ inet_ehash_nolisten(sk, NULL, NULL); |
1227 |
+ spin_unlock_bh(&head->lock); |
1228 |
+ return 0; |
1229 |
+ } |
1230 |
+@@ -632,7 +684,7 @@ ok: |
1231 |
+ inet_bind_hash(sk, tb, port); |
1232 |
+ if (sk_unhashed(sk)) { |
1233 |
+ inet_sk(sk)->inet_sport = htons(port); |
1234 |
+- inet_ehash_nolisten(sk, (struct sock *)tw); |
1235 |
++ inet_ehash_nolisten(sk, (struct sock *)tw, NULL); |
1236 |
+ } |
1237 |
+ if (tw) |
1238 |
+ inet_twsk_bind_unhash(tw, hinfo); |
1239 |
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
1240 |
+index 744479c8b91f3..3d56f2729418a 100644 |
1241 |
+--- a/net/ipv4/tcp_ipv4.c |
1242 |
++++ b/net/ipv4/tcp_ipv4.c |
1243 |
+@@ -1344,6 +1344,7 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, |
1244 |
+ bool *own_req) |
1245 |
+ { |
1246 |
+ struct inet_request_sock *ireq; |
1247 |
++ bool found_dup_sk = false; |
1248 |
+ struct inet_sock *newinet; |
1249 |
+ struct tcp_sock *newtp; |
1250 |
+ struct sock *newsk; |
1251 |
+@@ -1414,12 +1415,22 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, |
1252 |
+ |
1253 |
+ if (__inet_inherit_port(sk, newsk) < 0) |
1254 |
+ goto put_and_exit; |
1255 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
1256 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), |
1257 |
++ &found_dup_sk); |
1258 |
+ if (likely(*own_req)) { |
1259 |
+ tcp_move_syn(newtp, req); |
1260 |
+ ireq->ireq_opt = NULL; |
1261 |
+ } else { |
1262 |
+ newinet->inet_opt = NULL; |
1263 |
++ |
1264 |
++ if (!req_unhash && found_dup_sk) { |
1265 |
++ /* This code path should only be executed in the |
1266 |
++ * syncookie case only |
1267 |
++ */ |
1268 |
++ bh_unlock_sock(newsk); |
1269 |
++ sock_put(newsk); |
1270 |
++ newsk = NULL; |
1271 |
++ } |
1272 |
+ } |
1273 |
+ return newsk; |
1274 |
+ |
1275 |
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c |
1276 |
+index 0f0772c48bf08..21637031fbab7 100644 |
1277 |
+--- a/net/ipv6/tcp_ipv6.c |
1278 |
++++ b/net/ipv6/tcp_ipv6.c |
1279 |
+@@ -1064,6 +1064,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * |
1280 |
+ struct ipv6_txoptions *opt; |
1281 |
+ struct tcp6_sock *newtcp6sk; |
1282 |
+ struct inet_sock *newinet; |
1283 |
++ bool found_dup_sk = false; |
1284 |
+ struct tcp_sock *newtp; |
1285 |
+ struct sock *newsk; |
1286 |
+ #ifdef CONFIG_TCP_MD5SIG |
1287 |
+@@ -1232,7 +1233,8 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * |
1288 |
+ tcp_done(newsk); |
1289 |
+ goto out; |
1290 |
+ } |
1291 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
1292 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), |
1293 |
++ &found_dup_sk); |
1294 |
+ if (*own_req) { |
1295 |
+ tcp_move_syn(newtp, req); |
1296 |
+ |
1297 |
+@@ -1247,6 +1249,15 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * |
1298 |
+ skb_set_owner_r(newnp->pktoptions, newsk); |
1299 |
+ } |
1300 |
+ } |
1301 |
++ } else { |
1302 |
++ if (!req_unhash && found_dup_sk) { |
1303 |
++ /* This code path should only be executed in the |
1304 |
++ * syncookie case only |
1305 |
++ */ |
1306 |
++ bh_unlock_sock(newsk); |
1307 |
++ sock_put(newsk); |
1308 |
++ newsk = NULL; |
1309 |
++ } |
1310 |
+ } |
1311 |
+ |
1312 |
+ return newsk; |
1313 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
1314 |
+index 24e8ac2b724ec..979cd7dff40ac 100644 |
1315 |
+--- a/net/netlink/af_netlink.c |
1316 |
++++ b/net/netlink/af_netlink.c |
1317 |
+@@ -2212,6 +2212,13 @@ static int netlink_dump(struct sock *sk) |
1318 |
+ * single netdev. The outcome is MSG_TRUNC error. |
1319 |
+ */ |
1320 |
+ skb_reserve(skb, skb_tailroom(skb) - alloc_size); |
1321 |
++ |
1322 |
++ /* Make sure malicious BPF programs can not read unitialized memory |
1323 |
++ * from skb->head -> skb->data |
1324 |
++ */ |
1325 |
++ skb_reset_network_header(skb); |
1326 |
++ skb_reset_mac_header(skb); |
1327 |
++ |
1328 |
+ netlink_skb_set_owner_r(skb, sk); |
1329 |
+ |
1330 |
+ if (nlk->dump_done_errno > 0) |
1331 |
+diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c |
1332 |
+index ed3528aec15f9..a4a4260615d65 100644 |
1333 |
+--- a/net/openvswitch/flow_netlink.c |
1334 |
++++ b/net/openvswitch/flow_netlink.c |
1335 |
+@@ -1977,7 +1977,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, |
1336 |
+ new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); |
1337 |
+ |
1338 |
+ if (new_acts_size > MAX_ACTIONS_BUFSIZE) { |
1339 |
+- if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { |
1340 |
++ if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) { |
1341 |
+ OVS_NLERR(log, "Flow action size exceeds max %u", |
1342 |
+ MAX_ACTIONS_BUFSIZE); |
1343 |
+ return ERR_PTR(-EMSGSIZE); |
1344 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
1345 |
+index b0dd17d1992e0..61093ce76b613 100644 |
1346 |
+--- a/net/packet/af_packet.c |
1347 |
++++ b/net/packet/af_packet.c |
1348 |
+@@ -2829,8 +2829,9 @@ tpacket_error: |
1349 |
+ |
1350 |
+ status = TP_STATUS_SEND_REQUEST; |
1351 |
+ err = po->xmit(skb); |
1352 |
+- if (unlikely(err > 0)) { |
1353 |
+- err = net_xmit_errno(err); |
1354 |
++ if (unlikely(err != 0)) { |
1355 |
++ if (err > 0) |
1356 |
++ err = net_xmit_errno(err); |
1357 |
+ if (err && __packet_get_status(po, ph) == |
1358 |
+ TP_STATUS_AVAILABLE) { |
1359 |
+ /* skb was destructed already */ |
1360 |
+@@ -3029,8 +3030,12 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
1361 |
+ skb->no_fcs = 1; |
1362 |
+ |
1363 |
+ err = po->xmit(skb); |
1364 |
+- if (err > 0 && (err = net_xmit_errno(err)) != 0) |
1365 |
+- goto out_unlock; |
1366 |
++ if (unlikely(err != 0)) { |
1367 |
++ if (err > 0) |
1368 |
++ err = net_xmit_errno(err); |
1369 |
++ if (err) |
1370 |
++ goto out_unlock; |
1371 |
++ } |
1372 |
+ |
1373 |
+ dev_put(dev); |
1374 |
+ |
1375 |
+diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c |
1376 |
+index f72fe0cba30d8..dd3053c243c10 100644 |
1377 |
+--- a/sound/soc/soc-dapm.c |
1378 |
++++ b/sound/soc/soc-dapm.c |
1379 |
+@@ -1617,8 +1617,7 @@ static void dapm_seq_run(struct snd_soc_card *card, |
1380 |
+ switch (w->id) { |
1381 |
+ case snd_soc_dapm_pre: |
1382 |
+ if (!w->event) |
1383 |
+- list_for_each_entry_safe_continue(w, n, list, |
1384 |
+- power_list); |
1385 |
++ continue; |
1386 |
+ |
1387 |
+ if (event == SND_SOC_DAPM_STREAM_START) |
1388 |
+ ret = w->event(w, |
1389 |
+@@ -1630,8 +1629,7 @@ static void dapm_seq_run(struct snd_soc_card *card, |
1390 |
+ |
1391 |
+ case snd_soc_dapm_post: |
1392 |
+ if (!w->event) |
1393 |
+- list_for_each_entry_safe_continue(w, n, list, |
1394 |
+- power_list); |
1395 |
++ continue; |
1396 |
+ |
1397 |
+ if (event == SND_SOC_DAPM_STREAM_START) |
1398 |
+ ret = w->event(w, |
1399 |
+diff --git a/sound/usb/midi.c b/sound/usb/midi.c |
1400 |
+index 5f5a6b7ef1cfe..3c4cf5da5daae 100644 |
1401 |
+--- a/sound/usb/midi.c |
1402 |
++++ b/sound/usb/midi.c |
1403 |
+@@ -1210,6 +1210,7 @@ static void snd_usbmidi_output_drain(struct snd_rawmidi_substream *substream) |
1404 |
+ } while (drain_urbs && timeout); |
1405 |
+ finish_wait(&ep->drain_wait, &wait); |
1406 |
+ } |
1407 |
++ port->active = 0; |
1408 |
+ spin_unlock_irq(&ep->buffer_lock); |
1409 |
+ } |
1410 |
+ |
1411 |
+diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h |
1412 |
+index 62456a806bb4d..4b8f1c46420d4 100644 |
1413 |
+--- a/sound/usb/usbaudio.h |
1414 |
++++ b/sound/usb/usbaudio.h |
1415 |
+@@ -22,7 +22,7 @@ |
1416 |
+ */ |
1417 |
+ |
1418 |
+ /* handling of USB vendor/product ID pairs as 32-bit numbers */ |
1419 |
+-#define USB_ID(vendor, product) (((vendor) << 16) | (product)) |
1420 |
++#define USB_ID(vendor, product) (((unsigned int)(vendor) << 16) | (product)) |
1421 |
+ #define USB_ID_VENDOR(id) ((id) >> 16) |
1422 |
+ #define USB_ID_PRODUCT(id) ((u16)(id)) |
1423 |
+ |