| 1 |
commit: 5fcd3de7405182eecef3c8e154f54fc4a2e28613 |
| 2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Apr 27 11:37:52 2022 +0000 |
| 4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Apr 27 11:37:52 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5fcd3de7 |
| 7 |
|
| 8 |
Linux patch 4.14.277 |
| 9 |
|
| 10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
| 11 |
|
| 12 |
0000_README | 4 + |
| 13 |
1276_linux-4.14.277.patch | 1386 +++++++++++++++++++++++++++++++++++++++++++++ |
| 14 |
2 files changed, 1390 insertions(+) |
| 15 |
|
| 16 |
diff --git a/0000_README b/0000_README |
| 17 |
index facf5e0f..46d6c89f 100644 |
| 18 |
--- a/0000_README |
| 19 |
+++ b/0000_README |
| 20 |
@@ -1151,6 +1151,10 @@ Patch: 1275_linux-4.14.276.patch |
| 21 |
From: https://www.kernel.org |
| 22 |
Desc: Linux 4.14.276 |
| 23 |
|
| 24 |
+Patch: 1276_linux-4.14.277.patch |
| 25 |
+From: https://www.kernel.org |
| 26 |
+Desc: Linux 4.14.277 |
| 27 |
+ |
| 28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
| 29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
| 30 |
Desc: Support for namespace user.pax.* on tmpfs. |
| 31 |
|
| 32 |
diff --git a/1276_linux-4.14.277.patch b/1276_linux-4.14.277.patch |
| 33 |
new file mode 100644 |
| 34 |
index 00000000..6b100c0d |
| 35 |
--- /dev/null |
| 36 |
+++ b/1276_linux-4.14.277.patch |
| 37 |
@@ -0,0 +1,1386 @@ |
| 38 |
+diff --git a/Makefile b/Makefile |
| 39 |
+index ce295ec15975e..ef5240c915f45 100644 |
| 40 |
+--- a/Makefile |
| 41 |
++++ b/Makefile |
| 42 |
+@@ -1,7 +1,7 @@ |
| 43 |
+ # SPDX-License-Identifier: GPL-2.0 |
| 44 |
+ VERSION = 4 |
| 45 |
+ PATCHLEVEL = 14 |
| 46 |
+-SUBLEVEL = 276 |
| 47 |
++SUBLEVEL = 277 |
| 48 |
+ EXTRAVERSION = |
| 49 |
+ NAME = Petit Gorille |
| 50 |
+ |
| 51 |
+diff --git a/arch/arc/kernel/entry.S b/arch/arc/kernel/entry.S |
| 52 |
+index 37ad245cf9899..fb458623f3860 100644 |
| 53 |
+--- a/arch/arc/kernel/entry.S |
| 54 |
++++ b/arch/arc/kernel/entry.S |
| 55 |
+@@ -191,6 +191,7 @@ tracesys_exit: |
| 56 |
+ st r0, [sp, PT_r0] ; sys call return value in pt_regs |
| 57 |
+ |
| 58 |
+ ;POST Sys Call Ptrace Hook |
| 59 |
++ mov r0, sp ; pt_regs needed |
| 60 |
+ bl @syscall_trace_exit |
| 61 |
+ b ret_from_exception ; NOT ret_from_system_call at is saves r0 which |
| 62 |
+ ; we'd done before calling post hook above |
| 63 |
+diff --git a/arch/arm/mach-vexpress/spc.c b/arch/arm/mach-vexpress/spc.c |
| 64 |
+index 635b0d5494874..c16f396140032 100644 |
| 65 |
+--- a/arch/arm/mach-vexpress/spc.c |
| 66 |
++++ b/arch/arm/mach-vexpress/spc.c |
| 67 |
+@@ -584,7 +584,7 @@ static int __init ve_spc_clk_init(void) |
| 68 |
+ } |
| 69 |
+ |
| 70 |
+ cluster = topology_physical_package_id(cpu_dev->id); |
| 71 |
+- if (init_opp_table[cluster]) |
| 72 |
++ if (cluster < 0 || init_opp_table[cluster]) |
| 73 |
+ continue; |
| 74 |
+ |
| 75 |
+ if (ve_init_opp_table(cpu_dev)) |
| 76 |
+diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c |
| 77 |
+index efb19b0890230..75d3a10e20fe9 100644 |
| 78 |
+--- a/arch/powerpc/perf/power9-pmu.c |
| 79 |
++++ b/arch/powerpc/perf/power9-pmu.c |
| 80 |
+@@ -107,11 +107,11 @@ extern struct attribute_group isa207_pmu_format_group; |
| 81 |
+ |
| 82 |
+ /* Table of alternatives, sorted by column 0 */ |
| 83 |
+ static const unsigned int power9_event_alternatives[][MAX_ALT] = { |
| 84 |
+- { PM_INST_DISP, PM_INST_DISP_ALT }, |
| 85 |
+- { PM_RUN_CYC_ALT, PM_RUN_CYC }, |
| 86 |
+- { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, |
| 87 |
+- { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, |
| 88 |
+ { PM_BR_2PATH, PM_BR_2PATH_ALT }, |
| 89 |
++ { PM_INST_DISP, PM_INST_DISP_ALT }, |
| 90 |
++ { PM_RUN_CYC_ALT, PM_RUN_CYC }, |
| 91 |
++ { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, |
| 92 |
++ { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, |
| 93 |
+ }; |
| 94 |
+ |
| 95 |
+ static int power9_get_alternatives(u64 event, unsigned int flags, u64 alt[]) |
| 96 |
+diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h |
| 97 |
+index 2cbd75dd2fd35..ea142936bf11f 100644 |
| 98 |
+--- a/arch/x86/include/asm/compat.h |
| 99 |
++++ b/arch/x86/include/asm/compat.h |
| 100 |
+@@ -57,15 +57,13 @@ struct compat_timeval { |
| 101 |
+ }; |
| 102 |
+ |
| 103 |
+ struct compat_stat { |
| 104 |
+- compat_dev_t st_dev; |
| 105 |
+- u16 __pad1; |
| 106 |
++ u32 st_dev; |
| 107 |
+ compat_ino_t st_ino; |
| 108 |
+ compat_mode_t st_mode; |
| 109 |
+ compat_nlink_t st_nlink; |
| 110 |
+ __compat_uid_t st_uid; |
| 111 |
+ __compat_gid_t st_gid; |
| 112 |
+- compat_dev_t st_rdev; |
| 113 |
+- u16 __pad2; |
| 114 |
++ u32 st_rdev; |
| 115 |
+ u32 st_size; |
| 116 |
+ u32 st_blksize; |
| 117 |
+ u32 st_blocks; |
| 118 |
+diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c |
| 119 |
+index 6490b2759bcb4..9ef62d42ba5b2 100644 |
| 120 |
+--- a/block/compat_ioctl.c |
| 121 |
++++ b/block/compat_ioctl.c |
| 122 |
+@@ -391,7 +391,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) |
| 123 |
+ return 0; |
| 124 |
+ case BLKGETSIZE: |
| 125 |
+ size = i_size_read(bdev->bd_inode); |
| 126 |
+- if ((size >> 9) > ~0UL) |
| 127 |
++ if ((size >> 9) > ~(compat_ulong_t)0) |
| 128 |
+ return -EFBIG; |
| 129 |
+ return compat_put_ulong(arg, size >> 9); |
| 130 |
+ |
| 131 |
+diff --git a/drivers/ata/pata_marvell.c b/drivers/ata/pata_marvell.c |
| 132 |
+index ff468a6fd8ddc..677f582cf3d6c 100644 |
| 133 |
+--- a/drivers/ata/pata_marvell.c |
| 134 |
++++ b/drivers/ata/pata_marvell.c |
| 135 |
+@@ -82,6 +82,8 @@ static int marvell_cable_detect(struct ata_port *ap) |
| 136 |
+ switch(ap->port_no) |
| 137 |
+ { |
| 138 |
+ case 0: |
| 139 |
++ if (!ap->ioaddr.bmdma_addr) |
| 140 |
++ return ATA_CBL_PATA_UNK; |
| 141 |
+ if (ioread8(ap->ioaddr.bmdma_addr + 1) & 1) |
| 142 |
+ return ATA_CBL_PATA40; |
| 143 |
+ return ATA_CBL_PATA80; |
| 144 |
+diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c |
| 145 |
+index 5b182061da221..2af0e151b31b8 100644 |
| 146 |
+--- a/drivers/dma/at_xdmac.c |
| 147 |
++++ b/drivers/dma/at_xdmac.c |
| 148 |
+@@ -1390,7 +1390,7 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie, |
| 149 |
+ { |
| 150 |
+ struct at_xdmac_chan *atchan = to_at_xdmac_chan(chan); |
| 151 |
+ struct at_xdmac *atxdmac = to_at_xdmac(atchan->chan.device); |
| 152 |
+- struct at_xdmac_desc *desc, *_desc; |
| 153 |
++ struct at_xdmac_desc *desc, *_desc, *iter; |
| 154 |
+ struct list_head *descs_list; |
| 155 |
+ enum dma_status ret; |
| 156 |
+ int residue, retry; |
| 157 |
+@@ -1505,11 +1505,13 @@ at_xdmac_tx_status(struct dma_chan *chan, dma_cookie_t cookie, |
| 158 |
+ * microblock. |
| 159 |
+ */ |
| 160 |
+ descs_list = &desc->descs_list; |
| 161 |
+- list_for_each_entry_safe(desc, _desc, descs_list, desc_node) { |
| 162 |
+- dwidth = at_xdmac_get_dwidth(desc->lld.mbr_cfg); |
| 163 |
+- residue -= (desc->lld.mbr_ubc & 0xffffff) << dwidth; |
| 164 |
+- if ((desc->lld.mbr_nda & 0xfffffffc) == cur_nda) |
| 165 |
++ list_for_each_entry_safe(iter, _desc, descs_list, desc_node) { |
| 166 |
++ dwidth = at_xdmac_get_dwidth(iter->lld.mbr_cfg); |
| 167 |
++ residue -= (iter->lld.mbr_ubc & 0xffffff) << dwidth; |
| 168 |
++ if ((iter->lld.mbr_nda & 0xfffffffc) == cur_nda) { |
| 169 |
++ desc = iter; |
| 170 |
+ break; |
| 171 |
++ } |
| 172 |
+ } |
| 173 |
+ residue += cur_ubc << dwidth; |
| 174 |
+ |
| 175 |
+diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c |
| 176 |
+index 99f3f22ed6476..02d13a44ba45c 100644 |
| 177 |
+--- a/drivers/dma/imx-sdma.c |
| 178 |
++++ b/drivers/dma/imx-sdma.c |
| 179 |
+@@ -1528,7 +1528,7 @@ static int sdma_event_remap(struct sdma_engine *sdma) |
| 180 |
+ u32 reg, val, shift, num_map, i; |
| 181 |
+ int ret = 0; |
| 182 |
+ |
| 183 |
+- if (IS_ERR(np) || IS_ERR(gpr_np)) |
| 184 |
++ if (IS_ERR(np) || !gpr_np) |
| 185 |
+ goto out; |
| 186 |
+ |
| 187 |
+ event_remap = of_find_property(np, propname, NULL); |
| 188 |
+@@ -1576,7 +1576,7 @@ static int sdma_event_remap(struct sdma_engine *sdma) |
| 189 |
+ } |
| 190 |
+ |
| 191 |
+ out: |
| 192 |
+- if (!IS_ERR(gpr_np)) |
| 193 |
++ if (gpr_np) |
| 194 |
+ of_node_put(gpr_np); |
| 195 |
+ |
| 196 |
+ return ret; |
| 197 |
+diff --git a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c |
| 198 |
+index 4b22ac3413a10..1f9e3c5ea47d0 100644 |
| 199 |
+--- a/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c |
| 200 |
++++ b/drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c |
| 201 |
+@@ -197,7 +197,10 @@ static void mdp5_plane_reset(struct drm_plane *plane) |
| 202 |
+ drm_framebuffer_unreference(plane->state->fb); |
| 203 |
+ |
| 204 |
+ kfree(to_mdp5_plane_state(plane->state)); |
| 205 |
++ plane->state = NULL; |
| 206 |
+ mdp5_state = kzalloc(sizeof(*mdp5_state), GFP_KERNEL); |
| 207 |
++ if (!mdp5_state) |
| 208 |
++ return; |
| 209 |
+ |
| 210 |
+ /* assign default blend parameters */ |
| 211 |
+ mdp5_state->alpha = 255; |
| 212 |
+diff --git a/drivers/net/can/usb/usb_8dev.c b/drivers/net/can/usb/usb_8dev.c |
| 213 |
+index df99354ec12aa..232f45f722f0c 100644 |
| 214 |
+--- a/drivers/net/can/usb/usb_8dev.c |
| 215 |
++++ b/drivers/net/can/usb/usb_8dev.c |
| 216 |
+@@ -681,9 +681,20 @@ static netdev_tx_t usb_8dev_start_xmit(struct sk_buff *skb, |
| 217 |
+ atomic_inc(&priv->active_tx_urbs); |
| 218 |
+ |
| 219 |
+ err = usb_submit_urb(urb, GFP_ATOMIC); |
| 220 |
+- if (unlikely(err)) |
| 221 |
+- goto failed; |
| 222 |
+- else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS) |
| 223 |
++ if (unlikely(err)) { |
| 224 |
++ can_free_echo_skb(netdev, context->echo_index); |
| 225 |
++ |
| 226 |
++ usb_unanchor_urb(urb); |
| 227 |
++ usb_free_coherent(priv->udev, size, buf, urb->transfer_dma); |
| 228 |
++ |
| 229 |
++ atomic_dec(&priv->active_tx_urbs); |
| 230 |
++ |
| 231 |
++ if (err == -ENODEV) |
| 232 |
++ netif_device_detach(netdev); |
| 233 |
++ else |
| 234 |
++ netdev_warn(netdev, "failed tx_urb %d\n", err); |
| 235 |
++ stats->tx_dropped++; |
| 236 |
++ } else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS) |
| 237 |
+ /* Slow down tx path */ |
| 238 |
+ netif_stop_queue(netdev); |
| 239 |
+ |
| 240 |
+@@ -702,19 +713,6 @@ nofreecontext: |
| 241 |
+ |
| 242 |
+ return NETDEV_TX_BUSY; |
| 243 |
+ |
| 244 |
+-failed: |
| 245 |
+- can_free_echo_skb(netdev, context->echo_index); |
| 246 |
+- |
| 247 |
+- usb_unanchor_urb(urb); |
| 248 |
+- usb_free_coherent(priv->udev, size, buf, urb->transfer_dma); |
| 249 |
+- |
| 250 |
+- atomic_dec(&priv->active_tx_urbs); |
| 251 |
+- |
| 252 |
+- if (err == -ENODEV) |
| 253 |
+- netif_device_detach(netdev); |
| 254 |
+- else |
| 255 |
+- netdev_warn(netdev, "failed tx_urb %d\n", err); |
| 256 |
+- |
| 257 |
+ nomembuf: |
| 258 |
+ usb_free_urb(urb); |
| 259 |
+ |
| 260 |
+diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c |
| 261 |
+index 045ab0ec5ca25..456d84cbcc6be 100644 |
| 262 |
+--- a/drivers/net/ethernet/cadence/macb_main.c |
| 263 |
++++ b/drivers/net/ethernet/cadence/macb_main.c |
| 264 |
+@@ -1265,6 +1265,7 @@ static void macb_tx_restart(struct macb_queue *queue) |
| 265 |
+ unsigned int head = queue->tx_head; |
| 266 |
+ unsigned int tail = queue->tx_tail; |
| 267 |
+ struct macb *bp = queue->bp; |
| 268 |
++ unsigned int head_idx, tbqp; |
| 269 |
+ |
| 270 |
+ if (bp->caps & MACB_CAPS_ISR_CLEAR_ON_WRITE) |
| 271 |
+ queue_writel(queue, ISR, MACB_BIT(TXUBR)); |
| 272 |
+@@ -1272,6 +1273,13 @@ static void macb_tx_restart(struct macb_queue *queue) |
| 273 |
+ if (head == tail) |
| 274 |
+ return; |
| 275 |
+ |
| 276 |
++ tbqp = queue_readl(queue, TBQP) / macb_dma_desc_get_size(bp); |
| 277 |
++ tbqp = macb_adj_dma_desc_idx(bp, macb_tx_ring_wrap(bp, tbqp)); |
| 278 |
++ head_idx = macb_adj_dma_desc_idx(bp, macb_tx_ring_wrap(bp, head)); |
| 279 |
++ |
| 280 |
++ if (tbqp == head_idx) |
| 281 |
++ return; |
| 282 |
++ |
| 283 |
+ macb_writel(bp, NCR, macb_readl(bp, NCR) | MACB_BIT(TSTART)); |
| 284 |
+ } |
| 285 |
+ |
| 286 |
+diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c |
| 287 |
+index 9d5fe4ea9cee3..60f0d2053a0ae 100644 |
| 288 |
+--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c |
| 289 |
++++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c |
| 290 |
+@@ -1013,8 +1013,8 @@ static s32 e1000_platform_pm_pch_lpt(struct e1000_hw *hw, bool link) |
| 291 |
+ { |
| 292 |
+ u32 reg = link << (E1000_LTRV_REQ_SHIFT + E1000_LTRV_NOSNOOP_SHIFT) | |
| 293 |
+ link << E1000_LTRV_REQ_SHIFT | E1000_LTRV_SEND; |
| 294 |
+- u16 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ |
| 295 |
+- u16 lat_enc_d = 0; /* latency decoded */ |
| 296 |
++ u32 max_ltr_enc_d = 0; /* maximum LTR decoded by platform */ |
| 297 |
++ u32 lat_enc_d = 0; /* latency decoded */ |
| 298 |
+ u16 lat_enc = 0; /* latency encoded */ |
| 299 |
+ |
| 300 |
+ if (link) { |
| 301 |
+diff --git a/drivers/net/ethernet/micrel/Kconfig b/drivers/net/ethernet/micrel/Kconfig |
| 302 |
+index aa12bace8673e..b7e2f49696b74 100644 |
| 303 |
+--- a/drivers/net/ethernet/micrel/Kconfig |
| 304 |
++++ b/drivers/net/ethernet/micrel/Kconfig |
| 305 |
+@@ -45,7 +45,6 @@ config KS8851 |
| 306 |
+ config KS8851_MLL |
| 307 |
+ tristate "Micrel KS8851 MLL" |
| 308 |
+ depends on HAS_IOMEM |
| 309 |
+- depends on PTP_1588_CLOCK_OPTIONAL |
| 310 |
+ select MII |
| 311 |
+ ---help--- |
| 312 |
+ This platform driver is for Micrel KS8851 Address/data bus |
| 313 |
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c |
| 314 |
+index 066a4654e838c..31657f15eb071 100644 |
| 315 |
+--- a/drivers/net/vxlan.c |
| 316 |
++++ b/drivers/net/vxlan.c |
| 317 |
+@@ -524,11 +524,11 @@ static int vxlan_fdb_append(struct vxlan_fdb *f, |
| 318 |
+ |
| 319 |
+ rd = kmalloc(sizeof(*rd), GFP_ATOMIC); |
| 320 |
+ if (rd == NULL) |
| 321 |
+- return -ENOBUFS; |
| 322 |
++ return -ENOMEM; |
| 323 |
+ |
| 324 |
+ if (dst_cache_init(&rd->dst_cache, GFP_ATOMIC)) { |
| 325 |
+ kfree(rd); |
| 326 |
+- return -ENOBUFS; |
| 327 |
++ return -ENOMEM; |
| 328 |
+ } |
| 329 |
+ |
| 330 |
+ rd->remote_ip = *ip; |
| 331 |
+diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c |
| 332 |
+index d198a8780b966..8fa4ffff7c329 100644 |
| 333 |
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c |
| 334 |
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c |
| 335 |
+@@ -552,7 +552,7 @@ enum brcmf_sdio_frmtype { |
| 336 |
+ BRCMF_SDIO_FT_SUB, |
| 337 |
+ }; |
| 338 |
+ |
| 339 |
+-#define SDIOD_DRVSTR_KEY(chip, pmu) (((chip) << 16) | (pmu)) |
| 340 |
++#define SDIOD_DRVSTR_KEY(chip, pmu) (((unsigned int)(chip) << 16) | (pmu)) |
| 341 |
+ |
| 342 |
+ /* SDIO Pad drive strength to select value mappings */ |
| 343 |
+ struct sdiod_drive_str { |
| 344 |
+diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c |
| 345 |
+index d3cb26f6df736..c1c34b495519b 100644 |
| 346 |
+--- a/drivers/platform/x86/samsung-laptop.c |
| 347 |
++++ b/drivers/platform/x86/samsung-laptop.c |
| 348 |
+@@ -1125,8 +1125,6 @@ static void kbd_led_set(struct led_classdev *led_cdev, |
| 349 |
+ |
| 350 |
+ if (value > samsung->kbd_led.max_brightness) |
| 351 |
+ value = samsung->kbd_led.max_brightness; |
| 352 |
+- else if (value < 0) |
| 353 |
+- value = 0; |
| 354 |
+ |
| 355 |
+ samsung->kbd_led_wk = value; |
| 356 |
+ queue_work(samsung->led_workqueue, &samsung->kbd_led_work); |
| 357 |
+diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c |
| 358 |
+index dd96ca61a5152..986aabc9b8f96 100644 |
| 359 |
+--- a/drivers/staging/android/ion/ion.c |
| 360 |
++++ b/drivers/staging/android/ion/ion.c |
| 361 |
+@@ -160,6 +160,9 @@ static void *ion_buffer_kmap_get(struct ion_buffer *buffer) |
| 362 |
+ void *vaddr; |
| 363 |
+ |
| 364 |
+ if (buffer->kmap_cnt) { |
| 365 |
++ if (buffer->kmap_cnt == INT_MAX) |
| 366 |
++ return ERR_PTR(-EOVERFLOW); |
| 367 |
++ |
| 368 |
+ buffer->kmap_cnt++; |
| 369 |
+ return buffer->vaddr; |
| 370 |
+ } |
| 371 |
+diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c |
| 372 |
+index dba0d12c3db19..1d3f98572068f 100644 |
| 373 |
+--- a/fs/cifs/cifsfs.c |
| 374 |
++++ b/fs/cifs/cifsfs.c |
| 375 |
+@@ -773,7 +773,7 @@ cifs_loose_read_iter(struct kiocb *iocb, struct iov_iter *iter) |
| 376 |
+ ssize_t rc; |
| 377 |
+ struct inode *inode = file_inode(iocb->ki_filp); |
| 378 |
+ |
| 379 |
+- if (iocb->ki_filp->f_flags & O_DIRECT) |
| 380 |
++ if (iocb->ki_flags & IOCB_DIRECT) |
| 381 |
+ return cifs_user_readv(iocb, iter); |
| 382 |
+ |
| 383 |
+ rc = cifs_revalidate_mapping(inode); |
| 384 |
+diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c |
| 385 |
+index 4d3eefff3c841..b2d52d4366a14 100644 |
| 386 |
+--- a/fs/ext4/inode.c |
| 387 |
++++ b/fs/ext4/inode.c |
| 388 |
+@@ -4224,7 +4224,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) |
| 389 |
+ struct super_block *sb = inode->i_sb; |
| 390 |
+ ext4_lblk_t first_block, stop_block; |
| 391 |
+ struct address_space *mapping = inode->i_mapping; |
| 392 |
+- loff_t first_block_offset, last_block_offset; |
| 393 |
++ loff_t first_block_offset, last_block_offset, max_length; |
| 394 |
++ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); |
| 395 |
+ handle_t *handle; |
| 396 |
+ unsigned int credits; |
| 397 |
+ int ret = 0; |
| 398 |
+@@ -4270,6 +4271,14 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) |
| 399 |
+ offset; |
| 400 |
+ } |
| 401 |
+ |
| 402 |
++ /* |
| 403 |
++ * For punch hole the length + offset needs to be within one block |
| 404 |
++ * before last range. Adjust the length if it goes beyond that limit. |
| 405 |
++ */ |
| 406 |
++ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; |
| 407 |
++ if (offset + length > max_length) |
| 408 |
++ length = max_length - offset; |
| 409 |
++ |
| 410 |
+ if (offset & (sb->s_blocksize - 1) || |
| 411 |
+ (offset + length) & (sb->s_blocksize - 1)) { |
| 412 |
+ /* |
| 413 |
+diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c |
| 414 |
+index 9cc79b7b0df11..3de933354a08b 100644 |
| 415 |
+--- a/fs/ext4/page-io.c |
| 416 |
++++ b/fs/ext4/page-io.c |
| 417 |
+@@ -105,8 +105,10 @@ static void ext4_finish_bio(struct bio *bio) |
| 418 |
+ continue; |
| 419 |
+ } |
| 420 |
+ clear_buffer_async_write(bh); |
| 421 |
+- if (bio->bi_status) |
| 422 |
++ if (bio->bi_status) { |
| 423 |
++ set_buffer_write_io_error(bh); |
| 424 |
+ buffer_io_error(bh); |
| 425 |
++ } |
| 426 |
+ } while ((bh = bh->b_this_page) != head); |
| 427 |
+ bit_spin_unlock(BH_Uptodate_Lock, &head->b_state); |
| 428 |
+ local_irq_restore(flags); |
| 429 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
| 430 |
+index dd424958be60c..88cf7093927e4 100644 |
| 431 |
+--- a/fs/ext4/super.c |
| 432 |
++++ b/fs/ext4/super.c |
| 433 |
+@@ -3366,9 +3366,11 @@ static int count_overhead(struct super_block *sb, ext4_group_t grp, |
| 434 |
+ ext4_fsblk_t first_block, last_block, b; |
| 435 |
+ ext4_group_t i, ngroups = ext4_get_groups_count(sb); |
| 436 |
+ int s, j, count = 0; |
| 437 |
++ int has_super = ext4_bg_has_super(sb, grp); |
| 438 |
+ |
| 439 |
+ if (!ext4_has_feature_bigalloc(sb)) |
| 440 |
+- return (ext4_bg_has_super(sb, grp) + ext4_bg_num_gdb(sb, grp) + |
| 441 |
++ return (has_super + ext4_bg_num_gdb(sb, grp) + |
| 442 |
++ (has_super ? le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) : 0) + |
| 443 |
+ sbi->s_itb_per_group + 2); |
| 444 |
+ |
| 445 |
+ first_block = le32_to_cpu(sbi->s_es->s_first_data_block) + |
| 446 |
+@@ -4343,9 +4345,18 @@ no_journal: |
| 447 |
+ * Get the # of file system overhead blocks from the |
| 448 |
+ * superblock if present. |
| 449 |
+ */ |
| 450 |
+- if (es->s_overhead_clusters) |
| 451 |
+- sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); |
| 452 |
+- else { |
| 453 |
++ sbi->s_overhead = le32_to_cpu(es->s_overhead_clusters); |
| 454 |
++ /* ignore the precalculated value if it is ridiculous */ |
| 455 |
++ if (sbi->s_overhead > ext4_blocks_count(es)) |
| 456 |
++ sbi->s_overhead = 0; |
| 457 |
++ /* |
| 458 |
++ * If the bigalloc feature is not enabled recalculating the |
| 459 |
++ * overhead doesn't take long, so we might as well just redo |
| 460 |
++ * it to make sure we are using the correct value. |
| 461 |
++ */ |
| 462 |
++ if (!ext4_has_feature_bigalloc(sb)) |
| 463 |
++ sbi->s_overhead = 0; |
| 464 |
++ if (sbi->s_overhead == 0) { |
| 465 |
+ err = ext4_calculate_overhead(sb); |
| 466 |
+ if (err) |
| 467 |
+ goto failed_mount_wq; |
| 468 |
+diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c |
| 469 |
+index f4a26759ca383..5b14d4faebbe5 100644 |
| 470 |
+--- a/fs/gfs2/rgrp.c |
| 471 |
++++ b/fs/gfs2/rgrp.c |
| 472 |
+@@ -907,15 +907,15 @@ static int read_rindex_entry(struct gfs2_inode *ip) |
| 473 |
+ rgd->rd_bitbytes = be32_to_cpu(buf.ri_bitbytes); |
| 474 |
+ spin_lock_init(&rgd->rd_rsspin); |
| 475 |
+ |
| 476 |
+- error = compute_bitstructs(rgd); |
| 477 |
+- if (error) |
| 478 |
+- goto fail; |
| 479 |
+- |
| 480 |
+ error = gfs2_glock_get(sdp, rgd->rd_addr, |
| 481 |
+ &gfs2_rgrp_glops, CREATE, &rgd->rd_gl); |
| 482 |
+ if (error) |
| 483 |
+ goto fail; |
| 484 |
+ |
| 485 |
++ error = compute_bitstructs(rgd); |
| 486 |
++ if (error) |
| 487 |
++ goto fail_glock; |
| 488 |
++ |
| 489 |
+ rgd->rd_rgl = (struct gfs2_rgrp_lvb *)rgd->rd_gl->gl_lksb.sb_lvbptr; |
| 490 |
+ rgd->rd_flags &= ~(GFS2_RDF_UPTODATE | GFS2_RDF_PREFERRED); |
| 491 |
+ if (rgd->rd_data > sdp->sd_max_rg_data) |
| 492 |
+@@ -932,6 +932,7 @@ static int read_rindex_entry(struct gfs2_inode *ip) |
| 493 |
+ } |
| 494 |
+ |
| 495 |
+ error = 0; /* someone else read in the rgrp; free it and ignore it */ |
| 496 |
++fail_glock: |
| 497 |
+ gfs2_glock_put(rgd->rd_gl); |
| 498 |
+ |
| 499 |
+ fail: |
| 500 |
+diff --git a/fs/stat.c b/fs/stat.c |
| 501 |
+index 873785dae022d..0fda4b6b8fb2a 100644 |
| 502 |
+--- a/fs/stat.c |
| 503 |
++++ b/fs/stat.c |
| 504 |
+@@ -286,9 +286,6 @@ SYSCALL_DEFINE2(fstat, unsigned int, fd, struct __old_kernel_stat __user *, stat |
| 505 |
+ # define choose_32_64(a,b) b |
| 506 |
+ #endif |
| 507 |
+ |
| 508 |
+-#define valid_dev(x) choose_32_64(old_valid_dev(x),true) |
| 509 |
+-#define encode_dev(x) choose_32_64(old_encode_dev,new_encode_dev)(x) |
| 510 |
+- |
| 511 |
+ #ifndef INIT_STRUCT_STAT_PADDING |
| 512 |
+ # define INIT_STRUCT_STAT_PADDING(st) memset(&st, 0, sizeof(st)) |
| 513 |
+ #endif |
| 514 |
+@@ -297,7 +294,9 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf) |
| 515 |
+ { |
| 516 |
+ struct stat tmp; |
| 517 |
+ |
| 518 |
+- if (!valid_dev(stat->dev) || !valid_dev(stat->rdev)) |
| 519 |
++ if (sizeof(tmp.st_dev) < 4 && !old_valid_dev(stat->dev)) |
| 520 |
++ return -EOVERFLOW; |
| 521 |
++ if (sizeof(tmp.st_rdev) < 4 && !old_valid_dev(stat->rdev)) |
| 522 |
+ return -EOVERFLOW; |
| 523 |
+ #if BITS_PER_LONG == 32 |
| 524 |
+ if (stat->size > MAX_NON_LFS) |
| 525 |
+@@ -305,7 +304,7 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf) |
| 526 |
+ #endif |
| 527 |
+ |
| 528 |
+ INIT_STRUCT_STAT_PADDING(tmp); |
| 529 |
+- tmp.st_dev = encode_dev(stat->dev); |
| 530 |
++ tmp.st_dev = new_encode_dev(stat->dev); |
| 531 |
+ tmp.st_ino = stat->ino; |
| 532 |
+ if (sizeof(tmp.st_ino) < sizeof(stat->ino) && tmp.st_ino != stat->ino) |
| 533 |
+ return -EOVERFLOW; |
| 534 |
+@@ -315,7 +314,7 @@ static int cp_new_stat(struct kstat *stat, struct stat __user *statbuf) |
| 535 |
+ return -EOVERFLOW; |
| 536 |
+ SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid)); |
| 537 |
+ SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid)); |
| 538 |
+- tmp.st_rdev = encode_dev(stat->rdev); |
| 539 |
++ tmp.st_rdev = new_encode_dev(stat->rdev); |
| 540 |
+ tmp.st_size = stat->size; |
| 541 |
+ tmp.st_atime = stat->atime.tv_sec; |
| 542 |
+ tmp.st_mtime = stat->mtime.tv_sec; |
| 543 |
+@@ -582,11 +581,13 @@ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf) |
| 544 |
+ { |
| 545 |
+ struct compat_stat tmp; |
| 546 |
+ |
| 547 |
+- if (!old_valid_dev(stat->dev) || !old_valid_dev(stat->rdev)) |
| 548 |
++ if (sizeof(tmp.st_dev) < 4 && !old_valid_dev(stat->dev)) |
| 549 |
++ return -EOVERFLOW; |
| 550 |
++ if (sizeof(tmp.st_rdev) < 4 && !old_valid_dev(stat->rdev)) |
| 551 |
+ return -EOVERFLOW; |
| 552 |
+ |
| 553 |
+ memset(&tmp, 0, sizeof(tmp)); |
| 554 |
+- tmp.st_dev = old_encode_dev(stat->dev); |
| 555 |
++ tmp.st_dev = new_encode_dev(stat->dev); |
| 556 |
+ tmp.st_ino = stat->ino; |
| 557 |
+ if (sizeof(tmp.st_ino) < sizeof(stat->ino) && tmp.st_ino != stat->ino) |
| 558 |
+ return -EOVERFLOW; |
| 559 |
+@@ -596,7 +597,7 @@ static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf) |
| 560 |
+ return -EOVERFLOW; |
| 561 |
+ SET_UID(tmp.st_uid, from_kuid_munged(current_user_ns(), stat->uid)); |
| 562 |
+ SET_GID(tmp.st_gid, from_kgid_munged(current_user_ns(), stat->gid)); |
| 563 |
+- tmp.st_rdev = old_encode_dev(stat->rdev); |
| 564 |
++ tmp.st_rdev = new_encode_dev(stat->rdev); |
| 565 |
+ if ((u64) stat->size > MAX_NON_LFS) |
| 566 |
+ return -EOVERFLOW; |
| 567 |
+ tmp.st_size = stat->size; |
| 568 |
+diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h |
| 569 |
+index c643cc7fefb59..0913690249325 100644 |
| 570 |
+--- a/include/linux/etherdevice.h |
| 571 |
++++ b/include/linux/etherdevice.h |
| 572 |
+@@ -130,7 +130,7 @@ static inline bool is_multicast_ether_addr(const u8 *addr) |
| 573 |
+ #endif |
| 574 |
+ } |
| 575 |
+ |
| 576 |
+-static inline bool is_multicast_ether_addr_64bits(const u8 addr[6+2]) |
| 577 |
++static inline bool is_multicast_ether_addr_64bits(const u8 *addr) |
| 578 |
+ { |
| 579 |
+ #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 |
| 580 |
+ #ifdef __BIG_ENDIAN |
| 581 |
+@@ -344,8 +344,7 @@ static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2) |
| 582 |
+ * Please note that alignment of addr1 & addr2 are only guaranteed to be 16 bits. |
| 583 |
+ */ |
| 584 |
+ |
| 585 |
+-static inline bool ether_addr_equal_64bits(const u8 addr1[6+2], |
| 586 |
+- const u8 addr2[6+2]) |
| 587 |
++static inline bool ether_addr_equal_64bits(const u8 *addr1, const u8 *addr2) |
| 588 |
+ { |
| 589 |
+ #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64 |
| 590 |
+ u64 fold = (*(const u64 *)addr1) ^ (*(const u64 *)addr2); |
| 591 |
+diff --git a/include/net/ax25.h b/include/net/ax25.h |
| 592 |
+index e667bca42ca49..5db7b4c9256d7 100644 |
| 593 |
+--- a/include/net/ax25.h |
| 594 |
++++ b/include/net/ax25.h |
| 595 |
+@@ -235,6 +235,7 @@ typedef struct ax25_dev { |
| 596 |
+ #if defined(CONFIG_AX25_DAMA_SLAVE) || defined(CONFIG_AX25_DAMA_MASTER) |
| 597 |
+ ax25_dama_info dama; |
| 598 |
+ #endif |
| 599 |
++ refcount_t refcount; |
| 600 |
+ } ax25_dev; |
| 601 |
+ |
| 602 |
+ typedef struct ax25_cb { |
| 603 |
+@@ -289,6 +290,17 @@ static __inline__ void ax25_cb_put(ax25_cb *ax25) |
| 604 |
+ } |
| 605 |
+ } |
| 606 |
+ |
| 607 |
++static inline void ax25_dev_hold(ax25_dev *ax25_dev) |
| 608 |
++{ |
| 609 |
++ refcount_inc(&ax25_dev->refcount); |
| 610 |
++} |
| 611 |
++ |
| 612 |
++static inline void ax25_dev_put(ax25_dev *ax25_dev) |
| 613 |
++{ |
| 614 |
++ if (refcount_dec_and_test(&ax25_dev->refcount)) { |
| 615 |
++ kfree(ax25_dev); |
| 616 |
++ } |
| 617 |
++} |
| 618 |
+ static inline __be16 ax25_type_trans(struct sk_buff *skb, struct net_device *dev) |
| 619 |
+ { |
| 620 |
+ skb->dev = dev; |
| 621 |
+diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h |
| 622 |
+index 573ab110c9ec8..e5f4d27114048 100644 |
| 623 |
+--- a/include/net/inet_hashtables.h |
| 624 |
++++ b/include/net/inet_hashtables.h |
| 625 |
+@@ -215,8 +215,9 @@ void inet_put_port(struct sock *sk); |
| 626 |
+ |
| 627 |
+ void inet_hashinfo_init(struct inet_hashinfo *h); |
| 628 |
+ |
| 629 |
+-bool inet_ehash_insert(struct sock *sk, struct sock *osk); |
| 630 |
+-bool inet_ehash_nolisten(struct sock *sk, struct sock *osk); |
| 631 |
++bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk); |
| 632 |
++bool inet_ehash_nolisten(struct sock *sk, struct sock *osk, |
| 633 |
++ bool *found_dup_sk); |
| 634 |
+ int __inet_hash(struct sock *sk, struct sock *osk); |
| 635 |
+ int inet_hash(struct sock *sk); |
| 636 |
+ void inet_unhash(struct sock *sk); |
| 637 |
+diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c |
| 638 |
+index 13f5013373085..40c1a2dd48f0f 100644 |
| 639 |
+--- a/kernel/trace/trace_events_trigger.c |
| 640 |
++++ b/kernel/trace/trace_events_trigger.c |
| 641 |
+@@ -932,6 +932,16 @@ void set_named_trigger_data(struct event_trigger_data *data, |
| 642 |
+ static void |
| 643 |
+ traceon_trigger(struct event_trigger_data *data, void *rec) |
| 644 |
+ { |
| 645 |
++ struct trace_event_file *file = data->private_data; |
| 646 |
++ |
| 647 |
++ if (file) { |
| 648 |
++ if (tracer_tracing_is_on(file->tr)) |
| 649 |
++ return; |
| 650 |
++ |
| 651 |
++ tracer_tracing_on(file->tr); |
| 652 |
++ return; |
| 653 |
++ } |
| 654 |
++ |
| 655 |
+ if (tracing_is_on()) |
| 656 |
+ return; |
| 657 |
+ |
| 658 |
+@@ -941,8 +951,15 @@ traceon_trigger(struct event_trigger_data *data, void *rec) |
| 659 |
+ static void |
| 660 |
+ traceon_count_trigger(struct event_trigger_data *data, void *rec) |
| 661 |
+ { |
| 662 |
+- if (tracing_is_on()) |
| 663 |
+- return; |
| 664 |
++ struct trace_event_file *file = data->private_data; |
| 665 |
++ |
| 666 |
++ if (file) { |
| 667 |
++ if (tracer_tracing_is_on(file->tr)) |
| 668 |
++ return; |
| 669 |
++ } else { |
| 670 |
++ if (tracing_is_on()) |
| 671 |
++ return; |
| 672 |
++ } |
| 673 |
+ |
| 674 |
+ if (!data->count) |
| 675 |
+ return; |
| 676 |
+@@ -950,12 +967,25 @@ traceon_count_trigger(struct event_trigger_data *data, void *rec) |
| 677 |
+ if (data->count != -1) |
| 678 |
+ (data->count)--; |
| 679 |
+ |
| 680 |
+- tracing_on(); |
| 681 |
++ if (file) |
| 682 |
++ tracer_tracing_on(file->tr); |
| 683 |
++ else |
| 684 |
++ tracing_on(); |
| 685 |
+ } |
| 686 |
+ |
| 687 |
+ static void |
| 688 |
+ traceoff_trigger(struct event_trigger_data *data, void *rec) |
| 689 |
+ { |
| 690 |
++ struct trace_event_file *file = data->private_data; |
| 691 |
++ |
| 692 |
++ if (file) { |
| 693 |
++ if (!tracer_tracing_is_on(file->tr)) |
| 694 |
++ return; |
| 695 |
++ |
| 696 |
++ tracer_tracing_off(file->tr); |
| 697 |
++ return; |
| 698 |
++ } |
| 699 |
++ |
| 700 |
+ if (!tracing_is_on()) |
| 701 |
+ return; |
| 702 |
+ |
| 703 |
+@@ -965,8 +995,15 @@ traceoff_trigger(struct event_trigger_data *data, void *rec) |
| 704 |
+ static void |
| 705 |
+ traceoff_count_trigger(struct event_trigger_data *data, void *rec) |
| 706 |
+ { |
| 707 |
+- if (!tracing_is_on()) |
| 708 |
+- return; |
| 709 |
++ struct trace_event_file *file = data->private_data; |
| 710 |
++ |
| 711 |
++ if (file) { |
| 712 |
++ if (!tracer_tracing_is_on(file->tr)) |
| 713 |
++ return; |
| 714 |
++ } else { |
| 715 |
++ if (!tracing_is_on()) |
| 716 |
++ return; |
| 717 |
++ } |
| 718 |
+ |
| 719 |
+ if (!data->count) |
| 720 |
+ return; |
| 721 |
+@@ -974,7 +1011,10 @@ traceoff_count_trigger(struct event_trigger_data *data, void *rec) |
| 722 |
+ if (data->count != -1) |
| 723 |
+ (data->count)--; |
| 724 |
+ |
| 725 |
+- tracing_off(); |
| 726 |
++ if (file) |
| 727 |
++ tracer_tracing_off(file->tr); |
| 728 |
++ else |
| 729 |
++ tracing_off(); |
| 730 |
+ } |
| 731 |
+ |
| 732 |
+ static int |
| 733 |
+@@ -1156,7 +1196,14 @@ static __init int register_trigger_snapshot_cmd(void) { return 0; } |
| 734 |
+ static void |
| 735 |
+ stacktrace_trigger(struct event_trigger_data *data, void *rec) |
| 736 |
+ { |
| 737 |
+- trace_dump_stack(STACK_SKIP); |
| 738 |
++ struct trace_event_file *file = data->private_data; |
| 739 |
++ unsigned long flags; |
| 740 |
++ |
| 741 |
++ if (file) { |
| 742 |
++ local_save_flags(flags); |
| 743 |
++ __trace_stack(file->tr, flags, STACK_SKIP, preempt_count()); |
| 744 |
++ } else |
| 745 |
++ trace_dump_stack(STACK_SKIP); |
| 746 |
+ } |
| 747 |
+ |
| 748 |
+ static void |
| 749 |
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
| 750 |
+index e3d205f2a3ff9..bfbccc7393323 100644 |
| 751 |
+--- a/mm/page_alloc.c |
| 752 |
++++ b/mm/page_alloc.c |
| 753 |
+@@ -6737,7 +6737,7 @@ void __init mem_init_print_info(const char *str) |
| 754 |
+ */ |
| 755 |
+ #define adj_init_size(start, end, size, pos, adj) \ |
| 756 |
+ do { \ |
| 757 |
+- if (start <= pos && pos < end && size > adj) \ |
| 758 |
++ if (&start[0] <= &pos[0] && &pos[0] < &end[0] && size > adj) \ |
| 759 |
+ size -= adj; \ |
| 760 |
+ } while (0) |
| 761 |
+ |
| 762 |
+diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c |
| 763 |
+index 466f9e3883c8e..20babe8fdbd11 100644 |
| 764 |
+--- a/net/ax25/af_ax25.c |
| 765 |
++++ b/net/ax25/af_ax25.c |
| 766 |
+@@ -92,17 +92,21 @@ again: |
| 767 |
+ sk = s->sk; |
| 768 |
+ if (!sk) { |
| 769 |
+ spin_unlock_bh(&ax25_list_lock); |
| 770 |
+- s->ax25_dev = NULL; |
| 771 |
+ ax25_disconnect(s, ENETUNREACH); |
| 772 |
++ s->ax25_dev = NULL; |
| 773 |
+ spin_lock_bh(&ax25_list_lock); |
| 774 |
+ goto again; |
| 775 |
+ } |
| 776 |
+ sock_hold(sk); |
| 777 |
+ spin_unlock_bh(&ax25_list_lock); |
| 778 |
+ lock_sock(sk); |
| 779 |
++ ax25_disconnect(s, ENETUNREACH); |
| 780 |
+ s->ax25_dev = NULL; |
| 781 |
++ if (sk->sk_socket) { |
| 782 |
++ dev_put(ax25_dev->dev); |
| 783 |
++ ax25_dev_put(ax25_dev); |
| 784 |
++ } |
| 785 |
+ release_sock(sk); |
| 786 |
+- ax25_disconnect(s, ENETUNREACH); |
| 787 |
+ spin_lock_bh(&ax25_list_lock); |
| 788 |
+ sock_put(sk); |
| 789 |
+ /* The entry could have been deleted from the |
| 790 |
+@@ -369,21 +373,25 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg) |
| 791 |
+ if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl))) |
| 792 |
+ return -EFAULT; |
| 793 |
+ |
| 794 |
+- if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL) |
| 795 |
+- return -ENODEV; |
| 796 |
+- |
| 797 |
+ if (ax25_ctl.digi_count > AX25_MAX_DIGIS) |
| 798 |
+ return -EINVAL; |
| 799 |
+ |
| 800 |
+ if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL) |
| 801 |
+ return -EINVAL; |
| 802 |
+ |
| 803 |
++ ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr); |
| 804 |
++ if (!ax25_dev) |
| 805 |
++ return -ENODEV; |
| 806 |
++ |
| 807 |
+ digi.ndigi = ax25_ctl.digi_count; |
| 808 |
+ for (k = 0; k < digi.ndigi; k++) |
| 809 |
+ digi.calls[k] = ax25_ctl.digi_addr[k]; |
| 810 |
+ |
| 811 |
+- if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL) |
| 812 |
++ ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev); |
| 813 |
++ if (!ax25) { |
| 814 |
++ ax25_dev_put(ax25_dev); |
| 815 |
+ return -ENOTCONN; |
| 816 |
++ } |
| 817 |
+ |
| 818 |
+ switch (ax25_ctl.cmd) { |
| 819 |
+ case AX25_KILL: |
| 820 |
+@@ -450,6 +458,7 @@ static int ax25_ctl_ioctl(const unsigned int cmd, void __user *arg) |
| 821 |
+ } |
| 822 |
+ |
| 823 |
+ out_put: |
| 824 |
++ ax25_dev_put(ax25_dev); |
| 825 |
+ ax25_cb_put(ax25); |
| 826 |
+ return ret; |
| 827 |
+ |
| 828 |
+@@ -975,14 +984,16 @@ static int ax25_release(struct socket *sock) |
| 829 |
+ { |
| 830 |
+ struct sock *sk = sock->sk; |
| 831 |
+ ax25_cb *ax25; |
| 832 |
++ ax25_dev *ax25_dev; |
| 833 |
+ |
| 834 |
+ if (sk == NULL) |
| 835 |
+ return 0; |
| 836 |
+ |
| 837 |
+ sock_hold(sk); |
| 838 |
+- sock_orphan(sk); |
| 839 |
+ lock_sock(sk); |
| 840 |
++ sock_orphan(sk); |
| 841 |
+ ax25 = sk_to_ax25(sk); |
| 842 |
++ ax25_dev = ax25->ax25_dev; |
| 843 |
+ |
| 844 |
+ if (sk->sk_type == SOCK_SEQPACKET) { |
| 845 |
+ switch (ax25->state) { |
| 846 |
+@@ -1044,6 +1055,15 @@ static int ax25_release(struct socket *sock) |
| 847 |
+ sk->sk_state_change(sk); |
| 848 |
+ ax25_destroy_socket(ax25); |
| 849 |
+ } |
| 850 |
++ if (ax25_dev) { |
| 851 |
++ del_timer_sync(&ax25->timer); |
| 852 |
++ del_timer_sync(&ax25->t1timer); |
| 853 |
++ del_timer_sync(&ax25->t2timer); |
| 854 |
++ del_timer_sync(&ax25->t3timer); |
| 855 |
++ del_timer_sync(&ax25->idletimer); |
| 856 |
++ dev_put(ax25_dev->dev); |
| 857 |
++ ax25_dev_put(ax25_dev); |
| 858 |
++ } |
| 859 |
+ |
| 860 |
+ sock->sk = NULL; |
| 861 |
+ release_sock(sk); |
| 862 |
+@@ -1120,8 +1140,10 @@ static int ax25_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) |
| 863 |
+ } |
| 864 |
+ } |
| 865 |
+ |
| 866 |
+- if (ax25_dev != NULL) |
| 867 |
++ if (ax25_dev) { |
| 868 |
+ ax25_fillin_cb(ax25, ax25_dev); |
| 869 |
++ dev_hold(ax25_dev->dev); |
| 870 |
++ } |
| 871 |
+ |
| 872 |
+ done: |
| 873 |
+ ax25_cb_add(ax25); |
| 874 |
+diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c |
| 875 |
+index d92195cd78349..55a611f7239bc 100644 |
| 876 |
+--- a/net/ax25/ax25_dev.c |
| 877 |
++++ b/net/ax25/ax25_dev.c |
| 878 |
+@@ -40,6 +40,7 @@ ax25_dev *ax25_addr_ax25dev(ax25_address *addr) |
| 879 |
+ for (ax25_dev = ax25_dev_list; ax25_dev != NULL; ax25_dev = ax25_dev->next) |
| 880 |
+ if (ax25cmp(addr, (ax25_address *)ax25_dev->dev->dev_addr) == 0) { |
| 881 |
+ res = ax25_dev; |
| 882 |
++ ax25_dev_hold(ax25_dev); |
| 883 |
+ } |
| 884 |
+ spin_unlock_bh(&ax25_dev_lock); |
| 885 |
+ |
| 886 |
+@@ -59,6 +60,7 @@ void ax25_dev_device_up(struct net_device *dev) |
| 887 |
+ return; |
| 888 |
+ } |
| 889 |
+ |
| 890 |
++ refcount_set(&ax25_dev->refcount, 1); |
| 891 |
+ dev->ax25_ptr = ax25_dev; |
| 892 |
+ ax25_dev->dev = dev; |
| 893 |
+ dev_hold(dev); |
| 894 |
+@@ -87,6 +89,7 @@ void ax25_dev_device_up(struct net_device *dev) |
| 895 |
+ ax25_dev->next = ax25_dev_list; |
| 896 |
+ ax25_dev_list = ax25_dev; |
| 897 |
+ spin_unlock_bh(&ax25_dev_lock); |
| 898 |
++ ax25_dev_hold(ax25_dev); |
| 899 |
+ |
| 900 |
+ ax25_register_dev_sysctl(ax25_dev); |
| 901 |
+ } |
| 902 |
+@@ -116,9 +119,10 @@ void ax25_dev_device_down(struct net_device *dev) |
| 903 |
+ if ((s = ax25_dev_list) == ax25_dev) { |
| 904 |
+ ax25_dev_list = s->next; |
| 905 |
+ spin_unlock_bh(&ax25_dev_lock); |
| 906 |
++ ax25_dev_put(ax25_dev); |
| 907 |
+ dev->ax25_ptr = NULL; |
| 908 |
+ dev_put(dev); |
| 909 |
+- kfree(ax25_dev); |
| 910 |
++ ax25_dev_put(ax25_dev); |
| 911 |
+ return; |
| 912 |
+ } |
| 913 |
+ |
| 914 |
+@@ -126,9 +130,10 @@ void ax25_dev_device_down(struct net_device *dev) |
| 915 |
+ if (s->next == ax25_dev) { |
| 916 |
+ s->next = ax25_dev->next; |
| 917 |
+ spin_unlock_bh(&ax25_dev_lock); |
| 918 |
++ ax25_dev_put(ax25_dev); |
| 919 |
+ dev->ax25_ptr = NULL; |
| 920 |
+ dev_put(dev); |
| 921 |
+- kfree(ax25_dev); |
| 922 |
++ ax25_dev_put(ax25_dev); |
| 923 |
+ return; |
| 924 |
+ } |
| 925 |
+ |
| 926 |
+@@ -136,6 +141,7 @@ void ax25_dev_device_down(struct net_device *dev) |
| 927 |
+ } |
| 928 |
+ spin_unlock_bh(&ax25_dev_lock); |
| 929 |
+ dev->ax25_ptr = NULL; |
| 930 |
++ ax25_dev_put(ax25_dev); |
| 931 |
+ } |
| 932 |
+ |
| 933 |
+ int ax25_fwd_ioctl(unsigned int cmd, struct ax25_fwd_struct *fwd) |
| 934 |
+@@ -147,20 +153,32 @@ int ax25_fwd_ioctl(unsigned int cmd, struct ax25_fwd_struct *fwd) |
| 935 |
+ |
| 936 |
+ switch (cmd) { |
| 937 |
+ case SIOCAX25ADDFWD: |
| 938 |
+- if ((fwd_dev = ax25_addr_ax25dev(&fwd->port_to)) == NULL) |
| 939 |
++ fwd_dev = ax25_addr_ax25dev(&fwd->port_to); |
| 940 |
++ if (!fwd_dev) { |
| 941 |
++ ax25_dev_put(ax25_dev); |
| 942 |
+ return -EINVAL; |
| 943 |
+- if (ax25_dev->forward != NULL) |
| 944 |
++ } |
| 945 |
++ if (ax25_dev->forward) { |
| 946 |
++ ax25_dev_put(fwd_dev); |
| 947 |
++ ax25_dev_put(ax25_dev); |
| 948 |
+ return -EINVAL; |
| 949 |
++ } |
| 950 |
+ ax25_dev->forward = fwd_dev->dev; |
| 951 |
++ ax25_dev_put(fwd_dev); |
| 952 |
++ ax25_dev_put(ax25_dev); |
| 953 |
+ break; |
| 954 |
+ |
| 955 |
+ case SIOCAX25DELFWD: |
| 956 |
+- if (ax25_dev->forward == NULL) |
| 957 |
++ if (!ax25_dev->forward) { |
| 958 |
++ ax25_dev_put(ax25_dev); |
| 959 |
+ return -EINVAL; |
| 960 |
++ } |
| 961 |
+ ax25_dev->forward = NULL; |
| 962 |
++ ax25_dev_put(ax25_dev); |
| 963 |
+ break; |
| 964 |
+ |
| 965 |
+ default: |
| 966 |
++ ax25_dev_put(ax25_dev); |
| 967 |
+ return -EINVAL; |
| 968 |
+ } |
| 969 |
+ |
| 970 |
+diff --git a/net/ax25/ax25_route.c b/net/ax25/ax25_route.c |
| 971 |
+index b8e1a5e6a9d38..7d4c86f11b0f6 100644 |
| 972 |
+--- a/net/ax25/ax25_route.c |
| 973 |
++++ b/net/ax25/ax25_route.c |
| 974 |
+@@ -78,11 +78,13 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
| 975 |
+ ax25_dev *ax25_dev; |
| 976 |
+ int i; |
| 977 |
+ |
| 978 |
+- if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL) |
| 979 |
+- return -EINVAL; |
| 980 |
+ if (route->digi_count > AX25_MAX_DIGIS) |
| 981 |
+ return -EINVAL; |
| 982 |
+ |
| 983 |
++ ax25_dev = ax25_addr_ax25dev(&route->port_addr); |
| 984 |
++ if (!ax25_dev) |
| 985 |
++ return -EINVAL; |
| 986 |
++ |
| 987 |
+ write_lock_bh(&ax25_route_lock); |
| 988 |
+ |
| 989 |
+ ax25_rt = ax25_route_list; |
| 990 |
+@@ -94,6 +96,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
| 991 |
+ if (route->digi_count != 0) { |
| 992 |
+ if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) { |
| 993 |
+ write_unlock_bh(&ax25_route_lock); |
| 994 |
++ ax25_dev_put(ax25_dev); |
| 995 |
+ return -ENOMEM; |
| 996 |
+ } |
| 997 |
+ ax25_rt->digipeat->lastrepeat = -1; |
| 998 |
+@@ -104,6 +107,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
| 999 |
+ } |
| 1000 |
+ } |
| 1001 |
+ write_unlock_bh(&ax25_route_lock); |
| 1002 |
++ ax25_dev_put(ax25_dev); |
| 1003 |
+ return 0; |
| 1004 |
+ } |
| 1005 |
+ ax25_rt = ax25_rt->next; |
| 1006 |
+@@ -111,6 +115,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
| 1007 |
+ |
| 1008 |
+ if ((ax25_rt = kmalloc(sizeof(ax25_route), GFP_ATOMIC)) == NULL) { |
| 1009 |
+ write_unlock_bh(&ax25_route_lock); |
| 1010 |
++ ax25_dev_put(ax25_dev); |
| 1011 |
+ return -ENOMEM; |
| 1012 |
+ } |
| 1013 |
+ |
| 1014 |
+@@ -123,6 +128,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
| 1015 |
+ if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) { |
| 1016 |
+ write_unlock_bh(&ax25_route_lock); |
| 1017 |
+ kfree(ax25_rt); |
| 1018 |
++ ax25_dev_put(ax25_dev); |
| 1019 |
+ return -ENOMEM; |
| 1020 |
+ } |
| 1021 |
+ ax25_rt->digipeat->lastrepeat = -1; |
| 1022 |
+@@ -135,6 +141,7 @@ static int __must_check ax25_rt_add(struct ax25_routes_struct *route) |
| 1023 |
+ ax25_rt->next = ax25_route_list; |
| 1024 |
+ ax25_route_list = ax25_rt; |
| 1025 |
+ write_unlock_bh(&ax25_route_lock); |
| 1026 |
++ ax25_dev_put(ax25_dev); |
| 1027 |
+ |
| 1028 |
+ return 0; |
| 1029 |
+ } |
| 1030 |
+@@ -176,6 +183,7 @@ static int ax25_rt_del(struct ax25_routes_struct *route) |
| 1031 |
+ } |
| 1032 |
+ } |
| 1033 |
+ write_unlock_bh(&ax25_route_lock); |
| 1034 |
++ ax25_dev_put(ax25_dev); |
| 1035 |
+ |
| 1036 |
+ return 0; |
| 1037 |
+ } |
| 1038 |
+@@ -218,6 +226,7 @@ static int ax25_rt_opt(struct ax25_route_opt_struct *rt_option) |
| 1039 |
+ |
| 1040 |
+ out: |
| 1041 |
+ write_unlock_bh(&ax25_route_lock); |
| 1042 |
++ ax25_dev_put(ax25_dev); |
| 1043 |
+ return err; |
| 1044 |
+ } |
| 1045 |
+ |
| 1046 |
+diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c |
| 1047 |
+index 038b109b2be70..c129865cad9f4 100644 |
| 1048 |
+--- a/net/ax25/ax25_subr.c |
| 1049 |
++++ b/net/ax25/ax25_subr.c |
| 1050 |
+@@ -264,12 +264,20 @@ void ax25_disconnect(ax25_cb *ax25, int reason) |
| 1051 |
+ { |
| 1052 |
+ ax25_clear_queues(ax25); |
| 1053 |
+ |
| 1054 |
+- if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY)) |
| 1055 |
+- ax25_stop_heartbeat(ax25); |
| 1056 |
+- ax25_stop_t1timer(ax25); |
| 1057 |
+- ax25_stop_t2timer(ax25); |
| 1058 |
+- ax25_stop_t3timer(ax25); |
| 1059 |
+- ax25_stop_idletimer(ax25); |
| 1060 |
++ if (reason == ENETUNREACH) { |
| 1061 |
++ del_timer_sync(&ax25->timer); |
| 1062 |
++ del_timer_sync(&ax25->t1timer); |
| 1063 |
++ del_timer_sync(&ax25->t2timer); |
| 1064 |
++ del_timer_sync(&ax25->t3timer); |
| 1065 |
++ del_timer_sync(&ax25->idletimer); |
| 1066 |
++ } else { |
| 1067 |
++ if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY)) |
| 1068 |
++ ax25_stop_heartbeat(ax25); |
| 1069 |
++ ax25_stop_t1timer(ax25); |
| 1070 |
++ ax25_stop_t2timer(ax25); |
| 1071 |
++ ax25_stop_t3timer(ax25); |
| 1072 |
++ ax25_stop_idletimer(ax25); |
| 1073 |
++ } |
| 1074 |
+ |
| 1075 |
+ ax25->state = AX25_STATE_0; |
| 1076 |
+ |
| 1077 |
+diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c |
| 1078 |
+index 176bddacc16eb..7e93087d13667 100644 |
| 1079 |
+--- a/net/dccp/ipv4.c |
| 1080 |
++++ b/net/dccp/ipv4.c |
| 1081 |
+@@ -428,7 +428,7 @@ struct sock *dccp_v4_request_recv_sock(const struct sock *sk, |
| 1082 |
+ |
| 1083 |
+ if (__inet_inherit_port(sk, newsk) < 0) |
| 1084 |
+ goto put_and_exit; |
| 1085 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
| 1086 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL); |
| 1087 |
+ if (*own_req) |
| 1088 |
+ ireq->ireq_opt = NULL; |
| 1089 |
+ else |
| 1090 |
+diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c |
| 1091 |
+index 2cd3508a37869..ae4851fdbe9e5 100644 |
| 1092 |
+--- a/net/dccp/ipv6.c |
| 1093 |
++++ b/net/dccp/ipv6.c |
| 1094 |
+@@ -538,7 +538,7 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk, |
| 1095 |
+ dccp_done(newsk); |
| 1096 |
+ goto out; |
| 1097 |
+ } |
| 1098 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
| 1099 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL); |
| 1100 |
+ /* Clone pktoptions received with SYN, if we own the req */ |
| 1101 |
+ if (*own_req && ireq->pktopts) { |
| 1102 |
+ newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC); |
| 1103 |
+diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c |
| 1104 |
+index 08ba0f91f2aba..44b1d630c40b1 100644 |
| 1105 |
+--- a/net/ipv4/inet_connection_sock.c |
| 1106 |
++++ b/net/ipv4/inet_connection_sock.c |
| 1107 |
+@@ -784,7 +784,7 @@ static void reqsk_queue_hash_req(struct request_sock *req, |
| 1108 |
+ (unsigned long)req); |
| 1109 |
+ mod_timer(&req->rsk_timer, jiffies + timeout); |
| 1110 |
+ |
| 1111 |
+- inet_ehash_insert(req_to_sk(req), NULL); |
| 1112 |
++ inet_ehash_insert(req_to_sk(req), NULL, NULL); |
| 1113 |
+ /* before letting lookups find us, make sure all req fields |
| 1114 |
+ * are committed to memory and refcnt initialized. |
| 1115 |
+ */ |
| 1116 |
+diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
| 1117 |
+index 8a54babf5c903..1346e45cf8d13 100644 |
| 1118 |
+--- a/net/ipv4/inet_hashtables.c |
| 1119 |
++++ b/net/ipv4/inet_hashtables.c |
| 1120 |
+@@ -23,6 +23,9 @@ |
| 1121 |
+ #include <net/addrconf.h> |
| 1122 |
+ #include <net/inet_connection_sock.h> |
| 1123 |
+ #include <net/inet_hashtables.h> |
| 1124 |
++#if IS_ENABLED(CONFIG_IPV6) |
| 1125 |
++#include <net/inet6_hashtables.h> |
| 1126 |
++#endif |
| 1127 |
+ #include <net/secure_seq.h> |
| 1128 |
+ #include <net/ip.h> |
| 1129 |
+ #include <net/tcp.h> |
| 1130 |
+@@ -395,10 +398,52 @@ static u32 inet_sk_port_offset(const struct sock *sk) |
| 1131 |
+ inet->inet_dport); |
| 1132 |
+ } |
| 1133 |
+ |
| 1134 |
+-/* insert a socket into ehash, and eventually remove another one |
| 1135 |
+- * (The another one can be a SYN_RECV or TIMEWAIT |
| 1136 |
++/* Searches for an exsiting socket in the ehash bucket list. |
| 1137 |
++ * Returns true if found, false otherwise. |
| 1138 |
+ */ |
| 1139 |
+-bool inet_ehash_insert(struct sock *sk, struct sock *osk) |
| 1140 |
++static bool inet_ehash_lookup_by_sk(struct sock *sk, |
| 1141 |
++ struct hlist_nulls_head *list) |
| 1142 |
++{ |
| 1143 |
++ const __portpair ports = INET_COMBINED_PORTS(sk->sk_dport, sk->sk_num); |
| 1144 |
++ const int sdif = sk->sk_bound_dev_if; |
| 1145 |
++ const int dif = sk->sk_bound_dev_if; |
| 1146 |
++ const struct hlist_nulls_node *node; |
| 1147 |
++ struct net *net = sock_net(sk); |
| 1148 |
++ struct sock *esk; |
| 1149 |
++ |
| 1150 |
++ INET_ADDR_COOKIE(acookie, sk->sk_daddr, sk->sk_rcv_saddr); |
| 1151 |
++ |
| 1152 |
++ sk_nulls_for_each_rcu(esk, node, list) { |
| 1153 |
++ if (esk->sk_hash != sk->sk_hash) |
| 1154 |
++ continue; |
| 1155 |
++ if (sk->sk_family == AF_INET) { |
| 1156 |
++ if (unlikely(INET_MATCH(esk, net, acookie, |
| 1157 |
++ sk->sk_daddr, |
| 1158 |
++ sk->sk_rcv_saddr, |
| 1159 |
++ ports, dif, sdif))) { |
| 1160 |
++ return true; |
| 1161 |
++ } |
| 1162 |
++ } |
| 1163 |
++#if IS_ENABLED(CONFIG_IPV6) |
| 1164 |
++ else if (sk->sk_family == AF_INET6) { |
| 1165 |
++ if (unlikely(INET6_MATCH(esk, net, |
| 1166 |
++ &sk->sk_v6_daddr, |
| 1167 |
++ &sk->sk_v6_rcv_saddr, |
| 1168 |
++ ports, dif, sdif))) { |
| 1169 |
++ return true; |
| 1170 |
++ } |
| 1171 |
++ } |
| 1172 |
++#endif |
| 1173 |
++ } |
| 1174 |
++ return false; |
| 1175 |
++} |
| 1176 |
++ |
| 1177 |
++/* Insert a socket into ehash, and eventually remove another one |
| 1178 |
++ * (The another one can be a SYN_RECV or TIMEWAIT) |
| 1179 |
++ * If an existing socket already exists, socket sk is not inserted, |
| 1180 |
++ * and sets found_dup_sk parameter to true. |
| 1181 |
++ */ |
| 1182 |
++bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk) |
| 1183 |
+ { |
| 1184 |
+ struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo; |
| 1185 |
+ struct hlist_nulls_head *list; |
| 1186 |
+@@ -417,16 +462,23 @@ bool inet_ehash_insert(struct sock *sk, struct sock *osk) |
| 1187 |
+ if (osk) { |
| 1188 |
+ WARN_ON_ONCE(sk->sk_hash != osk->sk_hash); |
| 1189 |
+ ret = sk_nulls_del_node_init_rcu(osk); |
| 1190 |
++ } else if (found_dup_sk) { |
| 1191 |
++ *found_dup_sk = inet_ehash_lookup_by_sk(sk, list); |
| 1192 |
++ if (*found_dup_sk) |
| 1193 |
++ ret = false; |
| 1194 |
+ } |
| 1195 |
++ |
| 1196 |
+ if (ret) |
| 1197 |
+ __sk_nulls_add_node_rcu(sk, list); |
| 1198 |
++ |
| 1199 |
+ spin_unlock(lock); |
| 1200 |
++ |
| 1201 |
+ return ret; |
| 1202 |
+ } |
| 1203 |
+ |
| 1204 |
+-bool inet_ehash_nolisten(struct sock *sk, struct sock *osk) |
| 1205 |
++bool inet_ehash_nolisten(struct sock *sk, struct sock *osk, bool *found_dup_sk) |
| 1206 |
+ { |
| 1207 |
+- bool ok = inet_ehash_insert(sk, osk); |
| 1208 |
++ bool ok = inet_ehash_insert(sk, osk, found_dup_sk); |
| 1209 |
+ |
| 1210 |
+ if (ok) { |
| 1211 |
+ sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); |
| 1212 |
+@@ -469,7 +521,7 @@ int __inet_hash(struct sock *sk, struct sock *osk) |
| 1213 |
+ int err = 0; |
| 1214 |
+ |
| 1215 |
+ if (sk->sk_state != TCP_LISTEN) { |
| 1216 |
+- inet_ehash_nolisten(sk, osk); |
| 1217 |
++ inet_ehash_nolisten(sk, osk, NULL); |
| 1218 |
+ return 0; |
| 1219 |
+ } |
| 1220 |
+ WARN_ON(!sk_unhashed(sk)); |
| 1221 |
+@@ -556,7 +608,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, |
| 1222 |
+ tb = inet_csk(sk)->icsk_bind_hash; |
| 1223 |
+ spin_lock_bh(&head->lock); |
| 1224 |
+ if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) { |
| 1225 |
+- inet_ehash_nolisten(sk, NULL); |
| 1226 |
++ inet_ehash_nolisten(sk, NULL, NULL); |
| 1227 |
+ spin_unlock_bh(&head->lock); |
| 1228 |
+ return 0; |
| 1229 |
+ } |
| 1230 |
+@@ -632,7 +684,7 @@ ok: |
| 1231 |
+ inet_bind_hash(sk, tb, port); |
| 1232 |
+ if (sk_unhashed(sk)) { |
| 1233 |
+ inet_sk(sk)->inet_sport = htons(port); |
| 1234 |
+- inet_ehash_nolisten(sk, (struct sock *)tw); |
| 1235 |
++ inet_ehash_nolisten(sk, (struct sock *)tw, NULL); |
| 1236 |
+ } |
| 1237 |
+ if (tw) |
| 1238 |
+ inet_twsk_bind_unhash(tw, hinfo); |
| 1239 |
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
| 1240 |
+index 744479c8b91f3..3d56f2729418a 100644 |
| 1241 |
+--- a/net/ipv4/tcp_ipv4.c |
| 1242 |
++++ b/net/ipv4/tcp_ipv4.c |
| 1243 |
+@@ -1344,6 +1344,7 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, |
| 1244 |
+ bool *own_req) |
| 1245 |
+ { |
| 1246 |
+ struct inet_request_sock *ireq; |
| 1247 |
++ bool found_dup_sk = false; |
| 1248 |
+ struct inet_sock *newinet; |
| 1249 |
+ struct tcp_sock *newtp; |
| 1250 |
+ struct sock *newsk; |
| 1251 |
+@@ -1414,12 +1415,22 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, |
| 1252 |
+ |
| 1253 |
+ if (__inet_inherit_port(sk, newsk) < 0) |
| 1254 |
+ goto put_and_exit; |
| 1255 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
| 1256 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), |
| 1257 |
++ &found_dup_sk); |
| 1258 |
+ if (likely(*own_req)) { |
| 1259 |
+ tcp_move_syn(newtp, req); |
| 1260 |
+ ireq->ireq_opt = NULL; |
| 1261 |
+ } else { |
| 1262 |
+ newinet->inet_opt = NULL; |
| 1263 |
++ |
| 1264 |
++ if (!req_unhash && found_dup_sk) { |
| 1265 |
++ /* This code path should only be executed in the |
| 1266 |
++ * syncookie case only |
| 1267 |
++ */ |
| 1268 |
++ bh_unlock_sock(newsk); |
| 1269 |
++ sock_put(newsk); |
| 1270 |
++ newsk = NULL; |
| 1271 |
++ } |
| 1272 |
+ } |
| 1273 |
+ return newsk; |
| 1274 |
+ |
| 1275 |
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c |
| 1276 |
+index 0f0772c48bf08..21637031fbab7 100644 |
| 1277 |
+--- a/net/ipv6/tcp_ipv6.c |
| 1278 |
++++ b/net/ipv6/tcp_ipv6.c |
| 1279 |
+@@ -1064,6 +1064,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * |
| 1280 |
+ struct ipv6_txoptions *opt; |
| 1281 |
+ struct tcp6_sock *newtcp6sk; |
| 1282 |
+ struct inet_sock *newinet; |
| 1283 |
++ bool found_dup_sk = false; |
| 1284 |
+ struct tcp_sock *newtp; |
| 1285 |
+ struct sock *newsk; |
| 1286 |
+ #ifdef CONFIG_TCP_MD5SIG |
| 1287 |
+@@ -1232,7 +1233,8 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * |
| 1288 |
+ tcp_done(newsk); |
| 1289 |
+ goto out; |
| 1290 |
+ } |
| 1291 |
+- *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); |
| 1292 |
++ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), |
| 1293 |
++ &found_dup_sk); |
| 1294 |
+ if (*own_req) { |
| 1295 |
+ tcp_move_syn(newtp, req); |
| 1296 |
+ |
| 1297 |
+@@ -1247,6 +1249,15 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * |
| 1298 |
+ skb_set_owner_r(newnp->pktoptions, newsk); |
| 1299 |
+ } |
| 1300 |
+ } |
| 1301 |
++ } else { |
| 1302 |
++ if (!req_unhash && found_dup_sk) { |
| 1303 |
++ /* This code path should only be executed in the |
| 1304 |
++ * syncookie case only |
| 1305 |
++ */ |
| 1306 |
++ bh_unlock_sock(newsk); |
| 1307 |
++ sock_put(newsk); |
| 1308 |
++ newsk = NULL; |
| 1309 |
++ } |
| 1310 |
+ } |
| 1311 |
+ |
| 1312 |
+ return newsk; |
| 1313 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
| 1314 |
+index 24e8ac2b724ec..979cd7dff40ac 100644 |
| 1315 |
+--- a/net/netlink/af_netlink.c |
| 1316 |
++++ b/net/netlink/af_netlink.c |
| 1317 |
+@@ -2212,6 +2212,13 @@ static int netlink_dump(struct sock *sk) |
| 1318 |
+ * single netdev. The outcome is MSG_TRUNC error. |
| 1319 |
+ */ |
| 1320 |
+ skb_reserve(skb, skb_tailroom(skb) - alloc_size); |
| 1321 |
++ |
| 1322 |
++ /* Make sure malicious BPF programs can not read unitialized memory |
| 1323 |
++ * from skb->head -> skb->data |
| 1324 |
++ */ |
| 1325 |
++ skb_reset_network_header(skb); |
| 1326 |
++ skb_reset_mac_header(skb); |
| 1327 |
++ |
| 1328 |
+ netlink_skb_set_owner_r(skb, sk); |
| 1329 |
+ |
| 1330 |
+ if (nlk->dump_done_errno > 0) |
| 1331 |
+diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c |
| 1332 |
+index ed3528aec15f9..a4a4260615d65 100644 |
| 1333 |
+--- a/net/openvswitch/flow_netlink.c |
| 1334 |
++++ b/net/openvswitch/flow_netlink.c |
| 1335 |
+@@ -1977,7 +1977,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, |
| 1336 |
+ new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); |
| 1337 |
+ |
| 1338 |
+ if (new_acts_size > MAX_ACTIONS_BUFSIZE) { |
| 1339 |
+- if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { |
| 1340 |
++ if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) { |
| 1341 |
+ OVS_NLERR(log, "Flow action size exceeds max %u", |
| 1342 |
+ MAX_ACTIONS_BUFSIZE); |
| 1343 |
+ return ERR_PTR(-EMSGSIZE); |
| 1344 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
| 1345 |
+index b0dd17d1992e0..61093ce76b613 100644 |
| 1346 |
+--- a/net/packet/af_packet.c |
| 1347 |
++++ b/net/packet/af_packet.c |
| 1348 |
+@@ -2829,8 +2829,9 @@ tpacket_error: |
| 1349 |
+ |
| 1350 |
+ status = TP_STATUS_SEND_REQUEST; |
| 1351 |
+ err = po->xmit(skb); |
| 1352 |
+- if (unlikely(err > 0)) { |
| 1353 |
+- err = net_xmit_errno(err); |
| 1354 |
++ if (unlikely(err != 0)) { |
| 1355 |
++ if (err > 0) |
| 1356 |
++ err = net_xmit_errno(err); |
| 1357 |
+ if (err && __packet_get_status(po, ph) == |
| 1358 |
+ TP_STATUS_AVAILABLE) { |
| 1359 |
+ /* skb was destructed already */ |
| 1360 |
+@@ -3029,8 +3030,12 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
| 1361 |
+ skb->no_fcs = 1; |
| 1362 |
+ |
| 1363 |
+ err = po->xmit(skb); |
| 1364 |
+- if (err > 0 && (err = net_xmit_errno(err)) != 0) |
| 1365 |
+- goto out_unlock; |
| 1366 |
++ if (unlikely(err != 0)) { |
| 1367 |
++ if (err > 0) |
| 1368 |
++ err = net_xmit_errno(err); |
| 1369 |
++ if (err) |
| 1370 |
++ goto out_unlock; |
| 1371 |
++ } |
| 1372 |
+ |
| 1373 |
+ dev_put(dev); |
| 1374 |
+ |
| 1375 |
+diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c |
| 1376 |
+index f72fe0cba30d8..dd3053c243c10 100644 |
| 1377 |
+--- a/sound/soc/soc-dapm.c |
| 1378 |
++++ b/sound/soc/soc-dapm.c |
| 1379 |
+@@ -1617,8 +1617,7 @@ static void dapm_seq_run(struct snd_soc_card *card, |
| 1380 |
+ switch (w->id) { |
| 1381 |
+ case snd_soc_dapm_pre: |
| 1382 |
+ if (!w->event) |
| 1383 |
+- list_for_each_entry_safe_continue(w, n, list, |
| 1384 |
+- power_list); |
| 1385 |
++ continue; |
| 1386 |
+ |
| 1387 |
+ if (event == SND_SOC_DAPM_STREAM_START) |
| 1388 |
+ ret = w->event(w, |
| 1389 |
+@@ -1630,8 +1629,7 @@ static void dapm_seq_run(struct snd_soc_card *card, |
| 1390 |
+ |
| 1391 |
+ case snd_soc_dapm_post: |
| 1392 |
+ if (!w->event) |
| 1393 |
+- list_for_each_entry_safe_continue(w, n, list, |
| 1394 |
+- power_list); |
| 1395 |
++ continue; |
| 1396 |
+ |
| 1397 |
+ if (event == SND_SOC_DAPM_STREAM_START) |
| 1398 |
+ ret = w->event(w, |
| 1399 |
+diff --git a/sound/usb/midi.c b/sound/usb/midi.c |
| 1400 |
+index 5f5a6b7ef1cfe..3c4cf5da5daae 100644 |
| 1401 |
+--- a/sound/usb/midi.c |
| 1402 |
++++ b/sound/usb/midi.c |
| 1403 |
+@@ -1210,6 +1210,7 @@ static void snd_usbmidi_output_drain(struct snd_rawmidi_substream *substream) |
| 1404 |
+ } while (drain_urbs && timeout); |
| 1405 |
+ finish_wait(&ep->drain_wait, &wait); |
| 1406 |
+ } |
| 1407 |
++ port->active = 0; |
| 1408 |
+ spin_unlock_irq(&ep->buffer_lock); |
| 1409 |
+ } |
| 1410 |
+ |
| 1411 |
+diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h |
| 1412 |
+index 62456a806bb4d..4b8f1c46420d4 100644 |
| 1413 |
+--- a/sound/usb/usbaudio.h |
| 1414 |
++++ b/sound/usb/usbaudio.h |
| 1415 |
+@@ -22,7 +22,7 @@ |
| 1416 |
+ */ |
| 1417 |
+ |
| 1418 |
+ /* handling of USB vendor/product ID pairs as 32-bit numbers */ |
| 1419 |
+-#define USB_ID(vendor, product) (((vendor) << 16) | (product)) |
| 1420 |
++#define USB_ID(vendor, product) (((unsigned int)(vendor) << 16) | (product)) |
| 1421 |
+ #define USB_ID_VENDOR(id) ((id) >> 16) |
| 1422 |
+ #define USB_ID_PRODUCT(id) ((u16)(id)) |
| 1423 |
+ |
Archives