1 |
commit: 3ba8a94069c6064059af744ab1d794fd5145f8b9 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu May 14 11:29:47 2020 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 14 11:29:47 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3ba8a940 |
7 |
|
8 |
Linux patch 4.19.123 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1122_linux-4.19.123.patch | 1475 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1479 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 1a8557c..18ae34a 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -527,6 +527,10 @@ Patch: 1121_linux-4.19.122.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.122 |
23 |
|
24 |
+Patch: 1122_linux-4.19.123.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.123 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1122_linux-4.19.123.patch b/1122_linux-4.19.123.patch |
33 |
new file mode 100644 |
34 |
index 0000000..8b532c1 |
35 |
--- /dev/null |
36 |
+++ b/1122_linux-4.19.123.patch |
37 |
@@ -0,0 +1,1475 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 2a4ee629f011..68fa15edd662 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 19 |
46 |
+-SUBLEVEL = 122 |
47 |
++SUBLEVEL = 123 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = "People's Front" |
50 |
+ |
51 |
+diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c |
52 |
+index a6c9fbaeaefc..870e594f95ed 100644 |
53 |
+--- a/arch/arm64/kvm/guest.c |
54 |
++++ b/arch/arm64/kvm/guest.c |
55 |
+@@ -179,6 +179,13 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) |
56 |
+ } |
57 |
+ |
58 |
+ memcpy((u32 *)regs + off, valp, KVM_REG_SIZE(reg->id)); |
59 |
++ |
60 |
++ if (*vcpu_cpsr(vcpu) & PSR_MODE32_BIT) { |
61 |
++ int i; |
62 |
++ |
63 |
++ for (i = 0; i < 16; i++) |
64 |
++ *vcpu_reg32(vcpu, i) = (u32)*vcpu_reg32(vcpu, i); |
65 |
++ } |
66 |
+ out: |
67 |
+ return err; |
68 |
+ } |
69 |
+diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c |
70 |
+index f58ea503ad01..1d7656761316 100644 |
71 |
+--- a/arch/arm64/mm/hugetlbpage.c |
72 |
++++ b/arch/arm64/mm/hugetlbpage.c |
73 |
+@@ -218,6 +218,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, |
74 |
+ ptep = (pte_t *)pudp; |
75 |
+ } else if (sz == (PAGE_SIZE * CONT_PTES)) { |
76 |
+ pmdp = pmd_alloc(mm, pudp, addr); |
77 |
++ if (!pmdp) |
78 |
++ return NULL; |
79 |
+ |
80 |
+ WARN_ON(addr & (sz - 1)); |
81 |
+ /* |
82 |
+diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h |
83 |
+index 31fbb4a7d9f6..993dd06c8923 100644 |
84 |
+--- a/arch/x86/entry/calling.h |
85 |
++++ b/arch/x86/entry/calling.h |
86 |
+@@ -98,13 +98,6 @@ For 32-bit we have the following conventions - kernel is built with |
87 |
+ #define SIZEOF_PTREGS 21*8 |
88 |
+ |
89 |
+ .macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax save_ret=0 |
90 |
+- /* |
91 |
+- * Push registers and sanitize registers of values that a |
92 |
+- * speculation attack might otherwise want to exploit. The |
93 |
+- * lower registers are likely clobbered well before they |
94 |
+- * could be put to use in a speculative execution gadget. |
95 |
+- * Interleave XOR with PUSH for better uop scheduling: |
96 |
+- */ |
97 |
+ .if \save_ret |
98 |
+ pushq %rsi /* pt_regs->si */ |
99 |
+ movq 8(%rsp), %rsi /* temporarily store the return address in %rsi */ |
100 |
+@@ -114,34 +107,43 @@ For 32-bit we have the following conventions - kernel is built with |
101 |
+ pushq %rsi /* pt_regs->si */ |
102 |
+ .endif |
103 |
+ pushq \rdx /* pt_regs->dx */ |
104 |
+- xorl %edx, %edx /* nospec dx */ |
105 |
+ pushq %rcx /* pt_regs->cx */ |
106 |
+- xorl %ecx, %ecx /* nospec cx */ |
107 |
+ pushq \rax /* pt_regs->ax */ |
108 |
+ pushq %r8 /* pt_regs->r8 */ |
109 |
+- xorl %r8d, %r8d /* nospec r8 */ |
110 |
+ pushq %r9 /* pt_regs->r9 */ |
111 |
+- xorl %r9d, %r9d /* nospec r9 */ |
112 |
+ pushq %r10 /* pt_regs->r10 */ |
113 |
+- xorl %r10d, %r10d /* nospec r10 */ |
114 |
+ pushq %r11 /* pt_regs->r11 */ |
115 |
+- xorl %r11d, %r11d /* nospec r11*/ |
116 |
+ pushq %rbx /* pt_regs->rbx */ |
117 |
+- xorl %ebx, %ebx /* nospec rbx*/ |
118 |
+ pushq %rbp /* pt_regs->rbp */ |
119 |
+- xorl %ebp, %ebp /* nospec rbp*/ |
120 |
+ pushq %r12 /* pt_regs->r12 */ |
121 |
+- xorl %r12d, %r12d /* nospec r12*/ |
122 |
+ pushq %r13 /* pt_regs->r13 */ |
123 |
+- xorl %r13d, %r13d /* nospec r13*/ |
124 |
+ pushq %r14 /* pt_regs->r14 */ |
125 |
+- xorl %r14d, %r14d /* nospec r14*/ |
126 |
+ pushq %r15 /* pt_regs->r15 */ |
127 |
+- xorl %r15d, %r15d /* nospec r15*/ |
128 |
+ UNWIND_HINT_REGS |
129 |
++ |
130 |
+ .if \save_ret |
131 |
+ pushq %rsi /* return address on top of stack */ |
132 |
+ .endif |
133 |
++ |
134 |
++ /* |
135 |
++ * Sanitize registers of values that a speculation attack might |
136 |
++ * otherwise want to exploit. The lower registers are likely clobbered |
137 |
++ * well before they could be put to use in a speculative execution |
138 |
++ * gadget. |
139 |
++ */ |
140 |
++ xorl %edx, %edx /* nospec dx */ |
141 |
++ xorl %ecx, %ecx /* nospec cx */ |
142 |
++ xorl %r8d, %r8d /* nospec r8 */ |
143 |
++ xorl %r9d, %r9d /* nospec r9 */ |
144 |
++ xorl %r10d, %r10d /* nospec r10 */ |
145 |
++ xorl %r11d, %r11d /* nospec r11 */ |
146 |
++ xorl %ebx, %ebx /* nospec rbx */ |
147 |
++ xorl %ebp, %ebp /* nospec rbp */ |
148 |
++ xorl %r12d, %r12d /* nospec r12 */ |
149 |
++ xorl %r13d, %r13d /* nospec r13 */ |
150 |
++ xorl %r14d, %r14d /* nospec r14 */ |
151 |
++ xorl %r15d, %r15d /* nospec r15 */ |
152 |
++ |
153 |
+ .endm |
154 |
+ |
155 |
+ .macro POP_REGS pop_rdi=1 skip_r11rcx=0 |
156 |
+diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
157 |
+index ccb5e3486aee..dfe26f3cfffc 100644 |
158 |
+--- a/arch/x86/entry/entry_64.S |
159 |
++++ b/arch/x86/entry/entry_64.S |
160 |
+@@ -312,7 +312,6 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) |
161 |
+ */ |
162 |
+ syscall_return_via_sysret: |
163 |
+ /* rcx and r11 are already restored (see code above) */ |
164 |
+- UNWIND_HINT_EMPTY |
165 |
+ POP_REGS pop_rdi=0 skip_r11rcx=1 |
166 |
+ |
167 |
+ /* |
168 |
+@@ -321,6 +320,7 @@ syscall_return_via_sysret: |
169 |
+ */ |
170 |
+ movq %rsp, %rdi |
171 |
+ movq PER_CPU_VAR(cpu_tss_rw + TSS_sp0), %rsp |
172 |
++ UNWIND_HINT_EMPTY |
173 |
+ |
174 |
+ pushq RSP-RDI(%rdi) /* RSP */ |
175 |
+ pushq (%rdi) /* RDI */ |
176 |
+@@ -575,7 +575,7 @@ END(spurious_entries_start) |
177 |
+ * +----------------------------------------------------+ |
178 |
+ */ |
179 |
+ ENTRY(interrupt_entry) |
180 |
+- UNWIND_HINT_FUNC |
181 |
++ UNWIND_HINT_IRET_REGS offset=16 |
182 |
+ ASM_CLAC |
183 |
+ cld |
184 |
+ |
185 |
+@@ -607,9 +607,9 @@ ENTRY(interrupt_entry) |
186 |
+ pushq 5*8(%rdi) /* regs->eflags */ |
187 |
+ pushq 4*8(%rdi) /* regs->cs */ |
188 |
+ pushq 3*8(%rdi) /* regs->ip */ |
189 |
++ UNWIND_HINT_IRET_REGS |
190 |
+ pushq 2*8(%rdi) /* regs->orig_ax */ |
191 |
+ pushq 8(%rdi) /* return address */ |
192 |
+- UNWIND_HINT_FUNC |
193 |
+ |
194 |
+ movq (%rdi), %rdi |
195 |
+ jmp 2f |
196 |
+@@ -700,6 +700,7 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) |
197 |
+ */ |
198 |
+ movq %rsp, %rdi |
199 |
+ movq PER_CPU_VAR(cpu_tss_rw + TSS_sp0), %rsp |
200 |
++ UNWIND_HINT_EMPTY |
201 |
+ |
202 |
+ /* Copy the IRET frame to the trampoline stack. */ |
203 |
+ pushq 6*8(%rdi) /* SS */ |
204 |
+@@ -1744,7 +1745,7 @@ ENTRY(rewind_stack_do_exit) |
205 |
+ |
206 |
+ movq PER_CPU_VAR(cpu_current_top_of_stack), %rax |
207 |
+ leaq -PTREGS_SIZE(%rax), %rsp |
208 |
+- UNWIND_HINT_FUNC sp_offset=PTREGS_SIZE |
209 |
++ UNWIND_HINT_REGS |
210 |
+ |
211 |
+ call do_exit |
212 |
+ END(rewind_stack_do_exit) |
213 |
+diff --git a/arch/x86/include/asm/unwind.h b/arch/x86/include/asm/unwind.h |
214 |
+index 499578f7e6d7..70fc159ebe69 100644 |
215 |
+--- a/arch/x86/include/asm/unwind.h |
216 |
++++ b/arch/x86/include/asm/unwind.h |
217 |
+@@ -19,7 +19,7 @@ struct unwind_state { |
218 |
+ #if defined(CONFIG_UNWINDER_ORC) |
219 |
+ bool signal, full_regs; |
220 |
+ unsigned long sp, bp, ip; |
221 |
+- struct pt_regs *regs; |
222 |
++ struct pt_regs *regs, *prev_regs; |
223 |
+ #elif defined(CONFIG_UNWINDER_FRAME_POINTER) |
224 |
+ bool got_irq; |
225 |
+ unsigned long *bp, *orig_sp, ip; |
226 |
+diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c |
227 |
+index 89be1be1790c..169b96492b7c 100644 |
228 |
+--- a/arch/x86/kernel/unwind_orc.c |
229 |
++++ b/arch/x86/kernel/unwind_orc.c |
230 |
+@@ -131,9 +131,6 @@ static struct orc_entry *orc_find(unsigned long ip) |
231 |
+ { |
232 |
+ static struct orc_entry *orc; |
233 |
+ |
234 |
+- if (!orc_init) |
235 |
+- return NULL; |
236 |
+- |
237 |
+ if (ip == 0) |
238 |
+ return &null_orc_entry; |
239 |
+ |
240 |
+@@ -367,9 +364,38 @@ static bool deref_stack_iret_regs(struct unwind_state *state, unsigned long addr |
241 |
+ return true; |
242 |
+ } |
243 |
+ |
244 |
++/* |
245 |
++ * If state->regs is non-NULL, and points to a full pt_regs, just get the reg |
246 |
++ * value from state->regs. |
247 |
++ * |
248 |
++ * Otherwise, if state->regs just points to IRET regs, and the previous frame |
249 |
++ * had full regs, it's safe to get the value from the previous regs. This can |
250 |
++ * happen when early/late IRQ entry code gets interrupted by an NMI. |
251 |
++ */ |
252 |
++static bool get_reg(struct unwind_state *state, unsigned int reg_off, |
253 |
++ unsigned long *val) |
254 |
++{ |
255 |
++ unsigned int reg = reg_off/8; |
256 |
++ |
257 |
++ if (!state->regs) |
258 |
++ return false; |
259 |
++ |
260 |
++ if (state->full_regs) { |
261 |
++ *val = ((unsigned long *)state->regs)[reg]; |
262 |
++ return true; |
263 |
++ } |
264 |
++ |
265 |
++ if (state->prev_regs) { |
266 |
++ *val = ((unsigned long *)state->prev_regs)[reg]; |
267 |
++ return true; |
268 |
++ } |
269 |
++ |
270 |
++ return false; |
271 |
++} |
272 |
++ |
273 |
+ bool unwind_next_frame(struct unwind_state *state) |
274 |
+ { |
275 |
+- unsigned long ip_p, sp, orig_ip = state->ip, prev_sp = state->sp; |
276 |
++ unsigned long ip_p, sp, tmp, orig_ip = state->ip, prev_sp = state->sp; |
277 |
+ enum stack_type prev_type = state->stack_info.type; |
278 |
+ struct orc_entry *orc; |
279 |
+ bool indirect = false; |
280 |
+@@ -423,39 +449,35 @@ bool unwind_next_frame(struct unwind_state *state) |
281 |
+ break; |
282 |
+ |
283 |
+ case ORC_REG_R10: |
284 |
+- if (!state->regs || !state->full_regs) { |
285 |
++ if (!get_reg(state, offsetof(struct pt_regs, r10), &sp)) { |
286 |
+ orc_warn("missing regs for base reg R10 at ip %pB\n", |
287 |
+ (void *)state->ip); |
288 |
+ goto err; |
289 |
+ } |
290 |
+- sp = state->regs->r10; |
291 |
+ break; |
292 |
+ |
293 |
+ case ORC_REG_R13: |
294 |
+- if (!state->regs || !state->full_regs) { |
295 |
++ if (!get_reg(state, offsetof(struct pt_regs, r13), &sp)) { |
296 |
+ orc_warn("missing regs for base reg R13 at ip %pB\n", |
297 |
+ (void *)state->ip); |
298 |
+ goto err; |
299 |
+ } |
300 |
+- sp = state->regs->r13; |
301 |
+ break; |
302 |
+ |
303 |
+ case ORC_REG_DI: |
304 |
+- if (!state->regs || !state->full_regs) { |
305 |
++ if (!get_reg(state, offsetof(struct pt_regs, di), &sp)) { |
306 |
+ orc_warn("missing regs for base reg DI at ip %pB\n", |
307 |
+ (void *)state->ip); |
308 |
+ goto err; |
309 |
+ } |
310 |
+- sp = state->regs->di; |
311 |
+ break; |
312 |
+ |
313 |
+ case ORC_REG_DX: |
314 |
+- if (!state->regs || !state->full_regs) { |
315 |
++ if (!get_reg(state, offsetof(struct pt_regs, dx), &sp)) { |
316 |
+ orc_warn("missing regs for base reg DX at ip %pB\n", |
317 |
+ (void *)state->ip); |
318 |
+ goto err; |
319 |
+ } |
320 |
+- sp = state->regs->dx; |
321 |
+ break; |
322 |
+ |
323 |
+ default: |
324 |
+@@ -482,6 +504,7 @@ bool unwind_next_frame(struct unwind_state *state) |
325 |
+ |
326 |
+ state->sp = sp; |
327 |
+ state->regs = NULL; |
328 |
++ state->prev_regs = NULL; |
329 |
+ state->signal = false; |
330 |
+ break; |
331 |
+ |
332 |
+@@ -493,6 +516,7 @@ bool unwind_next_frame(struct unwind_state *state) |
333 |
+ } |
334 |
+ |
335 |
+ state->regs = (struct pt_regs *)sp; |
336 |
++ state->prev_regs = NULL; |
337 |
+ state->full_regs = true; |
338 |
+ state->signal = true; |
339 |
+ break; |
340 |
+@@ -504,6 +528,8 @@ bool unwind_next_frame(struct unwind_state *state) |
341 |
+ goto err; |
342 |
+ } |
343 |
+ |
344 |
++ if (state->full_regs) |
345 |
++ state->prev_regs = state->regs; |
346 |
+ state->regs = (void *)sp - IRET_FRAME_OFFSET; |
347 |
+ state->full_regs = false; |
348 |
+ state->signal = true; |
349 |
+@@ -512,14 +538,14 @@ bool unwind_next_frame(struct unwind_state *state) |
350 |
+ default: |
351 |
+ orc_warn("unknown .orc_unwind entry type %d for ip %pB\n", |
352 |
+ orc->type, (void *)orig_ip); |
353 |
+- break; |
354 |
++ goto err; |
355 |
+ } |
356 |
+ |
357 |
+ /* Find BP: */ |
358 |
+ switch (orc->bp_reg) { |
359 |
+ case ORC_REG_UNDEFINED: |
360 |
+- if (state->regs && state->full_regs) |
361 |
+- state->bp = state->regs->bp; |
362 |
++ if (get_reg(state, offsetof(struct pt_regs, bp), &tmp)) |
363 |
++ state->bp = tmp; |
364 |
+ break; |
365 |
+ |
366 |
+ case ORC_REG_PREV_SP: |
367 |
+@@ -563,6 +589,9 @@ EXPORT_SYMBOL_GPL(unwind_next_frame); |
368 |
+ void __unwind_start(struct unwind_state *state, struct task_struct *task, |
369 |
+ struct pt_regs *regs, unsigned long *first_frame) |
370 |
+ { |
371 |
++ if (!orc_init) |
372 |
++ goto done; |
373 |
++ |
374 |
+ memset(state, 0, sizeof(*state)); |
375 |
+ state->task = task; |
376 |
+ |
377 |
+@@ -629,7 +658,7 @@ void __unwind_start(struct unwind_state *state, struct task_struct *task, |
378 |
+ /* Otherwise, skip ahead to the user-specified starting frame: */ |
379 |
+ while (!unwind_done(state) && |
380 |
+ (!on_stack(&state->stack_info, first_frame, sizeof(long)) || |
381 |
+- state->sp <= (unsigned long)first_frame)) |
382 |
++ state->sp < (unsigned long)first_frame)) |
383 |
+ unwind_next_frame(state); |
384 |
+ |
385 |
+ return; |
386 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
387 |
+index fe5036641c59..f08c287b6242 100644 |
388 |
+--- a/arch/x86/kvm/vmx.c |
389 |
++++ b/arch/x86/kvm/vmx.c |
390 |
+@@ -10771,14 +10771,14 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
391 |
+ else if (static_branch_unlikely(&mds_user_clear)) |
392 |
+ mds_clear_cpu_buffers(); |
393 |
+ |
394 |
+- asm( |
395 |
++ asm volatile ( |
396 |
+ /* Store host registers */ |
397 |
+ "push %%" _ASM_DX "; push %%" _ASM_BP ";" |
398 |
+ "push %%" _ASM_CX " \n\t" /* placeholder for guest rcx */ |
399 |
+ "push %%" _ASM_CX " \n\t" |
400 |
+- "cmp %%" _ASM_SP ", %c[host_rsp](%0) \n\t" |
401 |
++ "cmp %%" _ASM_SP ", %c[host_rsp](%%" _ASM_CX ") \n\t" |
402 |
+ "je 1f \n\t" |
403 |
+- "mov %%" _ASM_SP ", %c[host_rsp](%0) \n\t" |
404 |
++ "mov %%" _ASM_SP ", %c[host_rsp](%%" _ASM_CX ") \n\t" |
405 |
+ /* Avoid VMWRITE when Enlightened VMCS is in use */ |
406 |
+ "test %%" _ASM_SI ", %%" _ASM_SI " \n\t" |
407 |
+ "jz 2f \n\t" |
408 |
+@@ -10788,32 +10788,33 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
409 |
+ __ex(ASM_VMX_VMWRITE_RSP_RDX) "\n\t" |
410 |
+ "1: \n\t" |
411 |
+ /* Reload cr2 if changed */ |
412 |
+- "mov %c[cr2](%0), %%" _ASM_AX " \n\t" |
413 |
++ "mov %c[cr2](%%" _ASM_CX "), %%" _ASM_AX " \n\t" |
414 |
+ "mov %%cr2, %%" _ASM_DX " \n\t" |
415 |
+ "cmp %%" _ASM_AX ", %%" _ASM_DX " \n\t" |
416 |
+ "je 3f \n\t" |
417 |
+ "mov %%" _ASM_AX", %%cr2 \n\t" |
418 |
+ "3: \n\t" |
419 |
+ /* Check if vmlaunch of vmresume is needed */ |
420 |
+- "cmpb $0, %c[launched](%0) \n\t" |
421 |
++ "cmpb $0, %c[launched](%%" _ASM_CX ") \n\t" |
422 |
+ /* Load guest registers. Don't clobber flags. */ |
423 |
+- "mov %c[rax](%0), %%" _ASM_AX " \n\t" |
424 |
+- "mov %c[rbx](%0), %%" _ASM_BX " \n\t" |
425 |
+- "mov %c[rdx](%0), %%" _ASM_DX " \n\t" |
426 |
+- "mov %c[rsi](%0), %%" _ASM_SI " \n\t" |
427 |
+- "mov %c[rdi](%0), %%" _ASM_DI " \n\t" |
428 |
+- "mov %c[rbp](%0), %%" _ASM_BP " \n\t" |
429 |
++ "mov %c[rax](%%" _ASM_CX "), %%" _ASM_AX " \n\t" |
430 |
++ "mov %c[rbx](%%" _ASM_CX "), %%" _ASM_BX " \n\t" |
431 |
++ "mov %c[rdx](%%" _ASM_CX "), %%" _ASM_DX " \n\t" |
432 |
++ "mov %c[rsi](%%" _ASM_CX "), %%" _ASM_SI " \n\t" |
433 |
++ "mov %c[rdi](%%" _ASM_CX "), %%" _ASM_DI " \n\t" |
434 |
++ "mov %c[rbp](%%" _ASM_CX "), %%" _ASM_BP " \n\t" |
435 |
+ #ifdef CONFIG_X86_64 |
436 |
+- "mov %c[r8](%0), %%r8 \n\t" |
437 |
+- "mov %c[r9](%0), %%r9 \n\t" |
438 |
+- "mov %c[r10](%0), %%r10 \n\t" |
439 |
+- "mov %c[r11](%0), %%r11 \n\t" |
440 |
+- "mov %c[r12](%0), %%r12 \n\t" |
441 |
+- "mov %c[r13](%0), %%r13 \n\t" |
442 |
+- "mov %c[r14](%0), %%r14 \n\t" |
443 |
+- "mov %c[r15](%0), %%r15 \n\t" |
444 |
++ "mov %c[r8](%%" _ASM_CX "), %%r8 \n\t" |
445 |
++ "mov %c[r9](%%" _ASM_CX "), %%r9 \n\t" |
446 |
++ "mov %c[r10](%%" _ASM_CX "), %%r10 \n\t" |
447 |
++ "mov %c[r11](%%" _ASM_CX "), %%r11 \n\t" |
448 |
++ "mov %c[r12](%%" _ASM_CX "), %%r12 \n\t" |
449 |
++ "mov %c[r13](%%" _ASM_CX "), %%r13 \n\t" |
450 |
++ "mov %c[r14](%%" _ASM_CX "), %%r14 \n\t" |
451 |
++ "mov %c[r15](%%" _ASM_CX "), %%r15 \n\t" |
452 |
+ #endif |
453 |
+- "mov %c[rcx](%0), %%" _ASM_CX " \n\t" /* kills %0 (ecx) */ |
454 |
++ /* Load guest RCX. This kills the vmx_vcpu pointer! */ |
455 |
++ "mov %c[rcx](%%" _ASM_CX "), %%" _ASM_CX " \n\t" |
456 |
+ |
457 |
+ /* Enter guest mode */ |
458 |
+ "jne 1f \n\t" |
459 |
+@@ -10821,26 +10822,33 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
460 |
+ "jmp 2f \n\t" |
461 |
+ "1: " __ex(ASM_VMX_VMRESUME) "\n\t" |
462 |
+ "2: " |
463 |
+- /* Save guest registers, load host registers, keep flags */ |
464 |
+- "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" |
465 |
+- "pop %0 \n\t" |
466 |
+- "setbe %c[fail](%0)\n\t" |
467 |
+- "mov %%" _ASM_AX ", %c[rax](%0) \n\t" |
468 |
+- "mov %%" _ASM_BX ", %c[rbx](%0) \n\t" |
469 |
+- __ASM_SIZE(pop) " %c[rcx](%0) \n\t" |
470 |
+- "mov %%" _ASM_DX ", %c[rdx](%0) \n\t" |
471 |
+- "mov %%" _ASM_SI ", %c[rsi](%0) \n\t" |
472 |
+- "mov %%" _ASM_DI ", %c[rdi](%0) \n\t" |
473 |
+- "mov %%" _ASM_BP ", %c[rbp](%0) \n\t" |
474 |
++ |
475 |
++ /* Save guest's RCX to the stack placeholder (see above) */ |
476 |
++ "mov %%" _ASM_CX ", %c[wordsize](%%" _ASM_SP ") \n\t" |
477 |
++ |
478 |
++ /* Load host's RCX, i.e. the vmx_vcpu pointer */ |
479 |
++ "pop %%" _ASM_CX " \n\t" |
480 |
++ |
481 |
++ /* Set vmx->fail based on EFLAGS.{CF,ZF} */ |
482 |
++ "setbe %c[fail](%%" _ASM_CX ")\n\t" |
483 |
++ |
484 |
++ /* Save all guest registers, including RCX from the stack */ |
485 |
++ "mov %%" _ASM_AX ", %c[rax](%%" _ASM_CX ") \n\t" |
486 |
++ "mov %%" _ASM_BX ", %c[rbx](%%" _ASM_CX ") \n\t" |
487 |
++ __ASM_SIZE(pop) " %c[rcx](%%" _ASM_CX ") \n\t" |
488 |
++ "mov %%" _ASM_DX ", %c[rdx](%%" _ASM_CX ") \n\t" |
489 |
++ "mov %%" _ASM_SI ", %c[rsi](%%" _ASM_CX ") \n\t" |
490 |
++ "mov %%" _ASM_DI ", %c[rdi](%%" _ASM_CX ") \n\t" |
491 |
++ "mov %%" _ASM_BP ", %c[rbp](%%" _ASM_CX ") \n\t" |
492 |
+ #ifdef CONFIG_X86_64 |
493 |
+- "mov %%r8, %c[r8](%0) \n\t" |
494 |
+- "mov %%r9, %c[r9](%0) \n\t" |
495 |
+- "mov %%r10, %c[r10](%0) \n\t" |
496 |
+- "mov %%r11, %c[r11](%0) \n\t" |
497 |
+- "mov %%r12, %c[r12](%0) \n\t" |
498 |
+- "mov %%r13, %c[r13](%0) \n\t" |
499 |
+- "mov %%r14, %c[r14](%0) \n\t" |
500 |
+- "mov %%r15, %c[r15](%0) \n\t" |
501 |
++ "mov %%r8, %c[r8](%%" _ASM_CX ") \n\t" |
502 |
++ "mov %%r9, %c[r9](%%" _ASM_CX ") \n\t" |
503 |
++ "mov %%r10, %c[r10](%%" _ASM_CX ") \n\t" |
504 |
++ "mov %%r11, %c[r11](%%" _ASM_CX ") \n\t" |
505 |
++ "mov %%r12, %c[r12](%%" _ASM_CX ") \n\t" |
506 |
++ "mov %%r13, %c[r13](%%" _ASM_CX ") \n\t" |
507 |
++ "mov %%r14, %c[r14](%%" _ASM_CX ") \n\t" |
508 |
++ "mov %%r15, %c[r15](%%" _ASM_CX ") \n\t" |
509 |
+ |
510 |
+ /* |
511 |
+ * Clear all general purpose registers (except RSP, which is loaded by |
512 |
+@@ -10860,7 +10868,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
513 |
+ "xor %%r15d, %%r15d \n\t" |
514 |
+ #endif |
515 |
+ "mov %%cr2, %%" _ASM_AX " \n\t" |
516 |
+- "mov %%" _ASM_AX ", %c[cr2](%0) \n\t" |
517 |
++ "mov %%" _ASM_AX ", %c[cr2](%%" _ASM_CX ") \n\t" |
518 |
+ |
519 |
+ "xor %%eax, %%eax \n\t" |
520 |
+ "xor %%ebx, %%ebx \n\t" |
521 |
+@@ -10874,7 +10882,8 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
522 |
+ ".global vmx_return \n\t" |
523 |
+ "vmx_return: " _ASM_PTR " 2b \n\t" |
524 |
+ ".popsection" |
525 |
+- : : "c"(vmx), "d"((unsigned long)HOST_RSP), "S"(evmcs_rsp), |
526 |
++ : "=c"((int){0}), "=d"((int){0}), "=S"((int){0}) |
527 |
++ : "c"(vmx), "d"((unsigned long)HOST_RSP), "S"(evmcs_rsp), |
528 |
+ [launched]"i"(offsetof(struct vcpu_vmx, __launched)), |
529 |
+ [fail]"i"(offsetof(struct vcpu_vmx, fail)), |
530 |
+ [host_rsp]"i"(offsetof(struct vcpu_vmx, host_rsp)), |
531 |
+diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c |
532 |
+index 11103efebbaa..1e6f8b0d00fb 100644 |
533 |
+--- a/drivers/hid/usbhid/hid-core.c |
534 |
++++ b/drivers/hid/usbhid/hid-core.c |
535 |
+@@ -685,16 +685,21 @@ static int usbhid_open(struct hid_device *hid) |
536 |
+ struct usbhid_device *usbhid = hid->driver_data; |
537 |
+ int res; |
538 |
+ |
539 |
++ mutex_lock(&usbhid->mutex); |
540 |
++ |
541 |
+ set_bit(HID_OPENED, &usbhid->iofl); |
542 |
+ |
543 |
+- if (hid->quirks & HID_QUIRK_ALWAYS_POLL) |
544 |
+- return 0; |
545 |
++ if (hid->quirks & HID_QUIRK_ALWAYS_POLL) { |
546 |
++ res = 0; |
547 |
++ goto Done; |
548 |
++ } |
549 |
+ |
550 |
+ res = usb_autopm_get_interface(usbhid->intf); |
551 |
+ /* the device must be awake to reliably request remote wakeup */ |
552 |
+ if (res < 0) { |
553 |
+ clear_bit(HID_OPENED, &usbhid->iofl); |
554 |
+- return -EIO; |
555 |
++ res = -EIO; |
556 |
++ goto Done; |
557 |
+ } |
558 |
+ |
559 |
+ usbhid->intf->needs_remote_wakeup = 1; |
560 |
+@@ -728,6 +733,9 @@ static int usbhid_open(struct hid_device *hid) |
561 |
+ msleep(50); |
562 |
+ |
563 |
+ clear_bit(HID_RESUME_RUNNING, &usbhid->iofl); |
564 |
++ |
565 |
++ Done: |
566 |
++ mutex_unlock(&usbhid->mutex); |
567 |
+ return res; |
568 |
+ } |
569 |
+ |
570 |
+@@ -735,6 +743,8 @@ static void usbhid_close(struct hid_device *hid) |
571 |
+ { |
572 |
+ struct usbhid_device *usbhid = hid->driver_data; |
573 |
+ |
574 |
++ mutex_lock(&usbhid->mutex); |
575 |
++ |
576 |
+ /* |
577 |
+ * Make sure we don't restart data acquisition due to |
578 |
+ * a resumption we no longer care about by avoiding racing |
579 |
+@@ -746,12 +756,13 @@ static void usbhid_close(struct hid_device *hid) |
580 |
+ clear_bit(HID_IN_POLLING, &usbhid->iofl); |
581 |
+ spin_unlock_irq(&usbhid->lock); |
582 |
+ |
583 |
+- if (hid->quirks & HID_QUIRK_ALWAYS_POLL) |
584 |
+- return; |
585 |
++ if (!(hid->quirks & HID_QUIRK_ALWAYS_POLL)) { |
586 |
++ hid_cancel_delayed_stuff(usbhid); |
587 |
++ usb_kill_urb(usbhid->urbin); |
588 |
++ usbhid->intf->needs_remote_wakeup = 0; |
589 |
++ } |
590 |
+ |
591 |
+- hid_cancel_delayed_stuff(usbhid); |
592 |
+- usb_kill_urb(usbhid->urbin); |
593 |
+- usbhid->intf->needs_remote_wakeup = 0; |
594 |
++ mutex_unlock(&usbhid->mutex); |
595 |
+ } |
596 |
+ |
597 |
+ /* |
598 |
+@@ -1060,6 +1071,8 @@ static int usbhid_start(struct hid_device *hid) |
599 |
+ unsigned int n, insize = 0; |
600 |
+ int ret; |
601 |
+ |
602 |
++ mutex_lock(&usbhid->mutex); |
603 |
++ |
604 |
+ clear_bit(HID_DISCONNECTED, &usbhid->iofl); |
605 |
+ |
606 |
+ usbhid->bufsize = HID_MIN_BUFFER_SIZE; |
607 |
+@@ -1180,6 +1193,8 @@ static int usbhid_start(struct hid_device *hid) |
608 |
+ usbhid_set_leds(hid); |
609 |
+ device_set_wakeup_enable(&dev->dev, 1); |
610 |
+ } |
611 |
++ |
612 |
++ mutex_unlock(&usbhid->mutex); |
613 |
+ return 0; |
614 |
+ |
615 |
+ fail: |
616 |
+@@ -1190,6 +1205,7 @@ fail: |
617 |
+ usbhid->urbout = NULL; |
618 |
+ usbhid->urbctrl = NULL; |
619 |
+ hid_free_buffers(dev, hid); |
620 |
++ mutex_unlock(&usbhid->mutex); |
621 |
+ return ret; |
622 |
+ } |
623 |
+ |
624 |
+@@ -1205,6 +1221,8 @@ static void usbhid_stop(struct hid_device *hid) |
625 |
+ usbhid->intf->needs_remote_wakeup = 0; |
626 |
+ } |
627 |
+ |
628 |
++ mutex_lock(&usbhid->mutex); |
629 |
++ |
630 |
+ clear_bit(HID_STARTED, &usbhid->iofl); |
631 |
+ spin_lock_irq(&usbhid->lock); /* Sync with error and led handlers */ |
632 |
+ set_bit(HID_DISCONNECTED, &usbhid->iofl); |
633 |
+@@ -1225,6 +1243,8 @@ static void usbhid_stop(struct hid_device *hid) |
634 |
+ usbhid->urbout = NULL; |
635 |
+ |
636 |
+ hid_free_buffers(hid_to_usb_dev(hid), hid); |
637 |
++ |
638 |
++ mutex_unlock(&usbhid->mutex); |
639 |
+ } |
640 |
+ |
641 |
+ static int usbhid_power(struct hid_device *hid, int lvl) |
642 |
+@@ -1385,6 +1405,7 @@ static int usbhid_probe(struct usb_interface *intf, const struct usb_device_id * |
643 |
+ INIT_WORK(&usbhid->reset_work, hid_reset); |
644 |
+ timer_setup(&usbhid->io_retry, hid_retry_timeout, 0); |
645 |
+ spin_lock_init(&usbhid->lock); |
646 |
++ mutex_init(&usbhid->mutex); |
647 |
+ |
648 |
+ ret = hid_add_device(hid); |
649 |
+ if (ret) { |
650 |
+diff --git a/drivers/hid/usbhid/usbhid.h b/drivers/hid/usbhid/usbhid.h |
651 |
+index da9c61d54be6..caa0ee639581 100644 |
652 |
+--- a/drivers/hid/usbhid/usbhid.h |
653 |
++++ b/drivers/hid/usbhid/usbhid.h |
654 |
+@@ -93,6 +93,7 @@ struct usbhid_device { |
655 |
+ dma_addr_t outbuf_dma; /* Output buffer dma */ |
656 |
+ unsigned long last_out; /* record of last output for timeouts */ |
657 |
+ |
658 |
++ struct mutex mutex; /* start/stop/open/close */ |
659 |
+ spinlock_t lock; /* fifo spinlock */ |
660 |
+ unsigned long iofl; /* I/O flags (CTRL_RUNNING, OUT_RUNNING) */ |
661 |
+ struct timer_list io_retry; /* Retry timer */ |
662 |
+diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c |
663 |
+index 3038c975e417..8249ff3a5a8d 100644 |
664 |
+--- a/drivers/hid/wacom_sys.c |
665 |
++++ b/drivers/hid/wacom_sys.c |
666 |
+@@ -290,9 +290,11 @@ static void wacom_feature_mapping(struct hid_device *hdev, |
667 |
+ data[0] = field->report->id; |
668 |
+ ret = wacom_get_report(hdev, HID_FEATURE_REPORT, |
669 |
+ data, n, WAC_CMD_RETRIES); |
670 |
+- if (ret == n) { |
671 |
++ if (ret == n && features->type == HID_GENERIC) { |
672 |
+ ret = hid_report_raw_event(hdev, |
673 |
+ HID_FEATURE_REPORT, data, n, 0); |
674 |
++ } else if (ret == 2 && features->type != HID_GENERIC) { |
675 |
++ features->touch_max = data[1]; |
676 |
+ } else { |
677 |
+ features->touch_max = 16; |
678 |
+ hid_warn(hdev, "wacom_feature_mapping: " |
679 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
680 |
+index f008c91d4566..dca58d28d82f 100644 |
681 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
682 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
683 |
+@@ -7562,6 +7562,7 @@ static netdev_features_t bnxt_fix_features(struct net_device *dev, |
684 |
+ netdev_features_t features) |
685 |
+ { |
686 |
+ struct bnxt *bp = netdev_priv(dev); |
687 |
++ netdev_features_t vlan_features; |
688 |
+ |
689 |
+ if ((features & NETIF_F_NTUPLE) && !bnxt_rfs_capable(bp)) |
690 |
+ features &= ~NETIF_F_NTUPLE; |
691 |
+@@ -7578,12 +7579,14 @@ static netdev_features_t bnxt_fix_features(struct net_device *dev, |
692 |
+ /* Both CTAG and STAG VLAN accelaration on the RX side have to be |
693 |
+ * turned on or off together. |
694 |
+ */ |
695 |
+- if ((features & (NETIF_F_HW_VLAN_CTAG_RX | NETIF_F_HW_VLAN_STAG_RX)) != |
696 |
+- (NETIF_F_HW_VLAN_CTAG_RX | NETIF_F_HW_VLAN_STAG_RX)) { |
697 |
++ vlan_features = features & (NETIF_F_HW_VLAN_CTAG_RX | |
698 |
++ NETIF_F_HW_VLAN_STAG_RX); |
699 |
++ if (vlan_features != (NETIF_F_HW_VLAN_CTAG_RX | |
700 |
++ NETIF_F_HW_VLAN_STAG_RX)) { |
701 |
+ if (dev->features & NETIF_F_HW_VLAN_CTAG_RX) |
702 |
+ features &= ~(NETIF_F_HW_VLAN_CTAG_RX | |
703 |
+ NETIF_F_HW_VLAN_STAG_RX); |
704 |
+- else |
705 |
++ else if (vlan_features) |
706 |
+ features |= NETIF_F_HW_VLAN_CTAG_RX | |
707 |
+ NETIF_F_HW_VLAN_STAG_RX; |
708 |
+ } |
709 |
+@@ -9297,8 +9300,11 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev) |
710 |
+ } |
711 |
+ } |
712 |
+ |
713 |
+- if (result != PCI_ERS_RESULT_RECOVERED && netif_running(netdev)) |
714 |
+- dev_close(netdev); |
715 |
++ if (result != PCI_ERS_RESULT_RECOVERED) { |
716 |
++ if (netif_running(netdev)) |
717 |
++ dev_close(netdev); |
718 |
++ pci_disable_device(pdev); |
719 |
++ } |
720 |
+ |
721 |
+ rtnl_unlock(); |
722 |
+ |
723 |
+@@ -9309,7 +9315,7 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev) |
724 |
+ err); /* non-fatal, continue */ |
725 |
+ } |
726 |
+ |
727 |
+- return PCI_ERS_RESULT_RECOVERED; |
728 |
++ return result; |
729 |
+ } |
730 |
+ |
731 |
+ /** |
732 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h |
733 |
+index 585f5aef0a45..f3f5484c43e4 100644 |
734 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h |
735 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h |
736 |
+@@ -839,7 +839,6 @@ struct bnxt_vf_info { |
737 |
+ #define BNXT_VF_LINK_FORCED 0x4 |
738 |
+ #define BNXT_VF_LINK_UP 0x8 |
739 |
+ #define BNXT_VF_TRUST 0x10 |
740 |
+- u32 func_flags; /* func cfg flags */ |
741 |
+ u32 min_tx_rate; |
742 |
+ u32 max_tx_rate; |
743 |
+ void *hwrm_cmd_req_addr; |
744 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |
745 |
+index 3962f6fd543c..bba6f09279d5 100644 |
746 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |
747 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c |
748 |
+@@ -99,11 +99,10 @@ int bnxt_set_vf_spoofchk(struct net_device *dev, int vf_id, bool setting) |
749 |
+ if (old_setting == setting) |
750 |
+ return 0; |
751 |
+ |
752 |
+- func_flags = vf->func_flags; |
753 |
+ if (setting) |
754 |
+- func_flags |= FUNC_CFG_REQ_FLAGS_SRC_MAC_ADDR_CHECK_ENABLE; |
755 |
++ func_flags = FUNC_CFG_REQ_FLAGS_SRC_MAC_ADDR_CHECK_ENABLE; |
756 |
+ else |
757 |
+- func_flags |= FUNC_CFG_REQ_FLAGS_SRC_MAC_ADDR_CHECK_DISABLE; |
758 |
++ func_flags = FUNC_CFG_REQ_FLAGS_SRC_MAC_ADDR_CHECK_DISABLE; |
759 |
+ /*TODO: if the driver supports VLAN filter on guest VLAN, |
760 |
+ * the spoof check should also include vlan anti-spoofing |
761 |
+ */ |
762 |
+@@ -112,7 +111,6 @@ int bnxt_set_vf_spoofchk(struct net_device *dev, int vf_id, bool setting) |
763 |
+ req.flags = cpu_to_le32(func_flags); |
764 |
+ rc = hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT); |
765 |
+ if (!rc) { |
766 |
+- vf->func_flags = func_flags; |
767 |
+ if (setting) |
768 |
+ vf->flags |= BNXT_VF_SPOOFCHK; |
769 |
+ else |
770 |
+@@ -197,7 +195,6 @@ int bnxt_set_vf_mac(struct net_device *dev, int vf_id, u8 *mac) |
771 |
+ memcpy(vf->mac_addr, mac, ETH_ALEN); |
772 |
+ bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_FUNC_CFG, -1, -1); |
773 |
+ req.fid = cpu_to_le16(vf->fw_fid); |
774 |
+- req.flags = cpu_to_le32(vf->func_flags); |
775 |
+ req.enables = cpu_to_le32(FUNC_CFG_REQ_ENABLES_DFLT_MAC_ADDR); |
776 |
+ memcpy(req.dflt_mac_addr, mac, ETH_ALEN); |
777 |
+ return hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT); |
778 |
+@@ -235,7 +232,6 @@ int bnxt_set_vf_vlan(struct net_device *dev, int vf_id, u16 vlan_id, u8 qos, |
779 |
+ |
780 |
+ bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_FUNC_CFG, -1, -1); |
781 |
+ req.fid = cpu_to_le16(vf->fw_fid); |
782 |
+- req.flags = cpu_to_le32(vf->func_flags); |
783 |
+ req.dflt_vlan = cpu_to_le16(vlan_tag); |
784 |
+ req.enables = cpu_to_le32(FUNC_CFG_REQ_ENABLES_DFLT_VLAN); |
785 |
+ rc = hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT); |
786 |
+@@ -274,7 +270,6 @@ int bnxt_set_vf_bw(struct net_device *dev, int vf_id, int min_tx_rate, |
787 |
+ return 0; |
788 |
+ bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_FUNC_CFG, -1, -1); |
789 |
+ req.fid = cpu_to_le16(vf->fw_fid); |
790 |
+- req.flags = cpu_to_le32(vf->func_flags); |
791 |
+ req.enables = cpu_to_le32(FUNC_CFG_REQ_ENABLES_MAX_BW); |
792 |
+ req.max_bw = cpu_to_le32(max_tx_rate); |
793 |
+ req.enables |= cpu_to_le32(FUNC_CFG_REQ_ENABLES_MIN_BW); |
794 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c |
795 |
+index 4afe56a6eedf..f7825c7b92fe 100644 |
796 |
+--- a/drivers/net/ethernet/mellanox/mlx4/main.c |
797 |
++++ b/drivers/net/ethernet/mellanox/mlx4/main.c |
798 |
+@@ -2539,6 +2539,7 @@ static int mlx4_allocate_default_counters(struct mlx4_dev *dev) |
799 |
+ |
800 |
+ if (!err || err == -ENOSPC) { |
801 |
+ priv->def_counter[port] = idx; |
802 |
++ err = 0; |
803 |
+ } else if (err == -ENOENT) { |
804 |
+ err = 0; |
805 |
+ continue; |
806 |
+@@ -2589,7 +2590,8 @@ int mlx4_counter_alloc(struct mlx4_dev *dev, u32 *idx, u8 usage) |
807 |
+ MLX4_CMD_TIME_CLASS_A, MLX4_CMD_WRAPPED); |
808 |
+ if (!err) |
809 |
+ *idx = get_param_l(&out_param); |
810 |
+- |
811 |
++ if (WARN_ON(err == -ENOSPC)) |
812 |
++ err = -EINVAL; |
813 |
+ return err; |
814 |
+ } |
815 |
+ return __mlx4_counter_alloc(dev, idx); |
816 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c |
817 |
+index a53736c26c0c..300456684728 100644 |
818 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c |
819 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c |
820 |
+@@ -862,7 +862,6 @@ static void cmd_work_handler(struct work_struct *work) |
821 |
+ } |
822 |
+ |
823 |
+ cmd->ent_arr[ent->idx] = ent; |
824 |
+- set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state); |
825 |
+ lay = get_inst(cmd, ent->idx); |
826 |
+ ent->lay = lay; |
827 |
+ memset(lay, 0, sizeof(*lay)); |
828 |
+@@ -884,6 +883,7 @@ static void cmd_work_handler(struct work_struct *work) |
829 |
+ |
830 |
+ if (ent->callback) |
831 |
+ schedule_delayed_work(&ent->cb_timeout_work, cb_timeout); |
832 |
++ set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state); |
833 |
+ |
834 |
+ /* Skip sending command to fw if internal error */ |
835 |
+ if (pci_channel_offline(dev->pdev) || |
836 |
+@@ -896,6 +896,10 @@ static void cmd_work_handler(struct work_struct *work) |
837 |
+ MLX5_SET(mbox_out, ent->out, syndrome, drv_synd); |
838 |
+ |
839 |
+ mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true); |
840 |
++ /* no doorbell, no need to keep the entry */ |
841 |
++ free_ent(cmd, ent->idx); |
842 |
++ if (ent->callback) |
843 |
++ free_cmd(ent); |
844 |
+ return; |
845 |
+ } |
846 |
+ |
847 |
+diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c |
848 |
+index 9e2612562981..4ad3b877e5fd 100644 |
849 |
+--- a/drivers/net/macsec.c |
850 |
++++ b/drivers/net/macsec.c |
851 |
+@@ -1313,7 +1313,8 @@ static struct crypto_aead *macsec_alloc_tfm(char *key, int key_len, int icv_len) |
852 |
+ struct crypto_aead *tfm; |
853 |
+ int ret; |
854 |
+ |
855 |
+- tfm = crypto_alloc_aead("gcm(aes)", 0, 0); |
856 |
++ /* Pick a sync gcm(aes) cipher to ensure order is preserved. */ |
857 |
++ tfm = crypto_alloc_aead("gcm(aes)", 0, CRYPTO_ALG_ASYNC); |
858 |
+ |
859 |
+ if (IS_ERR(tfm)) |
860 |
+ return tfm; |
861 |
+diff --git a/drivers/net/phy/dp83640.c b/drivers/net/phy/dp83640.c |
862 |
+index 59b3f1fbabd4..4fed77833157 100644 |
863 |
+--- a/drivers/net/phy/dp83640.c |
864 |
++++ b/drivers/net/phy/dp83640.c |
865 |
+@@ -1114,7 +1114,7 @@ static struct dp83640_clock *dp83640_clock_get_bus(struct mii_bus *bus) |
866 |
+ goto out; |
867 |
+ } |
868 |
+ dp83640_clock_init(clock, bus); |
869 |
+- list_add_tail(&phyter_clocks, &clock->list); |
870 |
++ list_add_tail(&clock->list, &phyter_clocks); |
871 |
+ out: |
872 |
+ mutex_unlock(&phyter_clocks_lock); |
873 |
+ |
874 |
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
875 |
+index a7804def1120..c8222cdf755d 100644 |
876 |
+--- a/drivers/net/usb/qmi_wwan.c |
877 |
++++ b/drivers/net/usb/qmi_wwan.c |
878 |
+@@ -1294,6 +1294,7 @@ static const struct usb_device_id products[] = { |
879 |
+ {QMI_FIXED_INTF(0x413c, 0x81b3, 8)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ |
880 |
+ {QMI_FIXED_INTF(0x413c, 0x81b6, 8)}, /* Dell Wireless 5811e */ |
881 |
+ {QMI_FIXED_INTF(0x413c, 0x81b6, 10)}, /* Dell Wireless 5811e */ |
882 |
++ {QMI_FIXED_INTF(0x413c, 0x81cc, 8)}, /* Dell Wireless 5816e */ |
883 |
+ {QMI_FIXED_INTF(0x413c, 0x81d7, 0)}, /* Dell Wireless 5821e */ |
884 |
+ {QMI_FIXED_INTF(0x413c, 0x81d7, 1)}, /* Dell Wireless 5821e preproduction config */ |
885 |
+ {QMI_FIXED_INTF(0x413c, 0x81e0, 0)}, /* Dell Wireless 5821e with eSIM support*/ |
886 |
+diff --git a/drivers/staging/gasket/gasket_core.c b/drivers/staging/gasket/gasket_core.c |
887 |
+index d12ab560411f..9396aeb3f431 100644 |
888 |
+--- a/drivers/staging/gasket/gasket_core.c |
889 |
++++ b/drivers/staging/gasket/gasket_core.c |
890 |
+@@ -933,6 +933,10 @@ do_map_region(const struct gasket_dev *gasket_dev, struct vm_area_struct *vma, |
891 |
+ gasket_get_bar_index(gasket_dev, |
892 |
+ (vma->vm_pgoff << PAGE_SHIFT) + |
893 |
+ driver_desc->legacy_mmap_address_offset); |
894 |
++ |
895 |
++ if (bar_index < 0) |
896 |
++ return DO_MAP_REGION_INVALID; |
897 |
++ |
898 |
+ phys_base = gasket_dev->bar_data[bar_index].phys_base + phys_offset; |
899 |
+ while (mapped_bytes < map_length) { |
900 |
+ /* |
901 |
+diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c |
902 |
+index ca8c6ddc1ca8..5c7a968a5ea6 100644 |
903 |
+--- a/drivers/tty/vt/vt.c |
904 |
++++ b/drivers/tty/vt/vt.c |
905 |
+@@ -365,9 +365,14 @@ static struct uni_screen *vc_uniscr_alloc(unsigned int cols, unsigned int rows) |
906 |
+ return uniscr; |
907 |
+ } |
908 |
+ |
909 |
++static void vc_uniscr_free(struct uni_screen *uniscr) |
910 |
++{ |
911 |
++ vfree(uniscr); |
912 |
++} |
913 |
++ |
914 |
+ static void vc_uniscr_set(struct vc_data *vc, struct uni_screen *new_uniscr) |
915 |
+ { |
916 |
+- vfree(vc->vc_uni_screen); |
917 |
++ vc_uniscr_free(vc->vc_uni_screen); |
918 |
+ vc->vc_uni_screen = new_uniscr; |
919 |
+ } |
920 |
+ |
921 |
+@@ -1233,7 +1238,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, |
922 |
+ err = resize_screen(vc, new_cols, new_rows, user); |
923 |
+ if (err) { |
924 |
+ kfree(newscreen); |
925 |
+- kfree(new_uniscr); |
926 |
++ vc_uniscr_free(new_uniscr); |
927 |
+ return err; |
928 |
+ } |
929 |
+ |
930 |
+diff --git a/drivers/usb/serial/garmin_gps.c b/drivers/usb/serial/garmin_gps.c |
931 |
+index 633550ec3025..f29c3a936a08 100644 |
932 |
+--- a/drivers/usb/serial/garmin_gps.c |
933 |
++++ b/drivers/usb/serial/garmin_gps.c |
934 |
+@@ -1138,8 +1138,8 @@ static void garmin_read_process(struct garmin_data *garmin_data_p, |
935 |
+ send it directly to the tty port */ |
936 |
+ if (garmin_data_p->flags & FLAGS_QUEUING) { |
937 |
+ pkt_add(garmin_data_p, data, data_length); |
938 |
+- } else if (bulk_data || |
939 |
+- getLayerId(data) == GARMIN_LAYERID_APPL) { |
940 |
++ } else if (bulk_data || (data_length >= sizeof(u32) && |
941 |
++ getLayerId(data) == GARMIN_LAYERID_APPL)) { |
942 |
+ |
943 |
+ spin_lock_irqsave(&garmin_data_p->lock, flags); |
944 |
+ garmin_data_p->flags |= APP_RESP_SEEN; |
945 |
+diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c |
946 |
+index 613f91add03d..ce0401d3137f 100644 |
947 |
+--- a/drivers/usb/serial/qcserial.c |
948 |
++++ b/drivers/usb/serial/qcserial.c |
949 |
+@@ -173,6 +173,7 @@ static const struct usb_device_id id_table[] = { |
950 |
+ {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ |
951 |
+ {DEVICE_SWI(0x413c, 0x81b5)}, /* Dell Wireless 5811e QDL */ |
952 |
+ {DEVICE_SWI(0x413c, 0x81b6)}, /* Dell Wireless 5811e QDL */ |
953 |
++ {DEVICE_SWI(0x413c, 0x81cc)}, /* Dell Wireless 5816e */ |
954 |
+ {DEVICE_SWI(0x413c, 0x81cf)}, /* Dell Wireless 5819 */ |
955 |
+ {DEVICE_SWI(0x413c, 0x81d0)}, /* Dell Wireless 5819 */ |
956 |
+ {DEVICE_SWI(0x413c, 0x81d1)}, /* Dell Wireless 5818 */ |
957 |
+diff --git a/drivers/usb/storage/unusual_uas.h b/drivers/usb/storage/unusual_uas.h |
958 |
+index 1b23741036ee..37157ed9a881 100644 |
959 |
+--- a/drivers/usb/storage/unusual_uas.h |
960 |
++++ b/drivers/usb/storage/unusual_uas.h |
961 |
+@@ -28,6 +28,13 @@ |
962 |
+ * and don't forget to CC: the USB development list <linux-usb@×××××××××××.org> |
963 |
+ */ |
964 |
+ |
965 |
++/* Reported-by: Julian Groß <julian.g@××××××.de> */ |
966 |
++UNUSUAL_DEV(0x059f, 0x105f, 0x0000, 0x9999, |
967 |
++ "LaCie", |
968 |
++ "2Big Quadra USB3", |
969 |
++ USB_SC_DEVICE, USB_PR_DEVICE, NULL, |
970 |
++ US_FL_NO_REPORT_OPCODES), |
971 |
++ |
972 |
+ /* |
973 |
+ * Apricorn USB3 dongle sometimes returns "USBSUSBSUSBS" in response to SCSI |
974 |
+ * commands in UAS mode. Observed with the 1.28 firmware; are there others? |
975 |
+diff --git a/fs/coredump.c b/fs/coredump.c |
976 |
+index 1e2c87acac9b..ef7ed64947e9 100644 |
977 |
+--- a/fs/coredump.c |
978 |
++++ b/fs/coredump.c |
979 |
+@@ -753,6 +753,14 @@ void do_coredump(const siginfo_t *siginfo) |
980 |
+ if (displaced) |
981 |
+ put_files_struct(displaced); |
982 |
+ if (!dump_interrupted()) { |
983 |
++ /* |
984 |
++ * umh disabled with CONFIG_STATIC_USERMODEHELPER_PATH="" would |
985 |
++ * have this set to NULL. |
986 |
++ */ |
987 |
++ if (!cprm.file) { |
988 |
++ pr_info("Core dump to |%s disabled\n", cn.corename); |
989 |
++ goto close_fail; |
990 |
++ } |
991 |
+ file_start_write(cprm.file); |
992 |
+ core_dumped = binfmt->core_dump(&cprm); |
993 |
+ file_end_write(cprm.file); |
994 |
+diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h |
995 |
+index e0348cb0a1dd..f36727098df8 100644 |
996 |
+--- a/include/linux/virtio_net.h |
997 |
++++ b/include/linux/virtio_net.h |
998 |
+@@ -3,6 +3,8 @@ |
999 |
+ #define _LINUX_VIRTIO_NET_H |
1000 |
+ |
1001 |
+ #include <linux/if_vlan.h> |
1002 |
++#include <uapi/linux/tcp.h> |
1003 |
++#include <uapi/linux/udp.h> |
1004 |
+ #include <uapi/linux/virtio_net.h> |
1005 |
+ |
1006 |
+ static inline int virtio_net_hdr_set_proto(struct sk_buff *skb, |
1007 |
+@@ -28,17 +30,25 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, |
1008 |
+ bool little_endian) |
1009 |
+ { |
1010 |
+ unsigned int gso_type = 0; |
1011 |
++ unsigned int thlen = 0; |
1012 |
++ unsigned int ip_proto; |
1013 |
+ |
1014 |
+ if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { |
1015 |
+ switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) { |
1016 |
+ case VIRTIO_NET_HDR_GSO_TCPV4: |
1017 |
+ gso_type = SKB_GSO_TCPV4; |
1018 |
++ ip_proto = IPPROTO_TCP; |
1019 |
++ thlen = sizeof(struct tcphdr); |
1020 |
+ break; |
1021 |
+ case VIRTIO_NET_HDR_GSO_TCPV6: |
1022 |
+ gso_type = SKB_GSO_TCPV6; |
1023 |
++ ip_proto = IPPROTO_TCP; |
1024 |
++ thlen = sizeof(struct tcphdr); |
1025 |
+ break; |
1026 |
+ case VIRTIO_NET_HDR_GSO_UDP: |
1027 |
+ gso_type = SKB_GSO_UDP; |
1028 |
++ ip_proto = IPPROTO_UDP; |
1029 |
++ thlen = sizeof(struct udphdr); |
1030 |
+ break; |
1031 |
+ default: |
1032 |
+ return -EINVAL; |
1033 |
+@@ -57,16 +67,22 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, |
1034 |
+ |
1035 |
+ if (!skb_partial_csum_set(skb, start, off)) |
1036 |
+ return -EINVAL; |
1037 |
++ |
1038 |
++ if (skb_transport_offset(skb) + thlen > skb_headlen(skb)) |
1039 |
++ return -EINVAL; |
1040 |
+ } else { |
1041 |
+ /* gso packets without NEEDS_CSUM do not set transport_offset. |
1042 |
+ * probe and drop if does not match one of the above types. |
1043 |
+ */ |
1044 |
+ if (gso_type && skb->network_header) { |
1045 |
++ struct flow_keys_basic keys; |
1046 |
++ |
1047 |
+ if (!skb->protocol) |
1048 |
+ virtio_net_hdr_set_proto(skb, hdr); |
1049 |
+ retry: |
1050 |
+- skb_probe_transport_header(skb, -1); |
1051 |
+- if (!skb_transport_header_was_set(skb)) { |
1052 |
++ if (!skb_flow_dissect_flow_keys_basic(skb, &keys, |
1053 |
++ NULL, 0, 0, 0, |
1054 |
++ 0)) { |
1055 |
+ /* UFO does not specify ipv4 or 6: try both */ |
1056 |
+ if (gso_type & SKB_GSO_UDP && |
1057 |
+ skb->protocol == htons(ETH_P_IP)) { |
1058 |
+@@ -75,6 +91,12 @@ retry: |
1059 |
+ } |
1060 |
+ return -EINVAL; |
1061 |
+ } |
1062 |
++ |
1063 |
++ if (keys.control.thoff + thlen > skb_headlen(skb) || |
1064 |
++ keys.basic.ip_proto != ip_proto) |
1065 |
++ return -EINVAL; |
1066 |
++ |
1067 |
++ skb_set_transport_header(skb, keys.control.thoff); |
1068 |
+ } |
1069 |
+ } |
1070 |
+ |
1071 |
+diff --git a/ipc/mqueue.c b/ipc/mqueue.c |
1072 |
+index de4070d5472f..46d0265423f5 100644 |
1073 |
+--- a/ipc/mqueue.c |
1074 |
++++ b/ipc/mqueue.c |
1075 |
+@@ -76,6 +76,7 @@ struct mqueue_inode_info { |
1076 |
+ |
1077 |
+ struct sigevent notify; |
1078 |
+ struct pid *notify_owner; |
1079 |
++ u32 notify_self_exec_id; |
1080 |
+ struct user_namespace *notify_user_ns; |
1081 |
+ struct user_struct *user; /* user who created, for accounting */ |
1082 |
+ struct sock *notify_sock; |
1083 |
+@@ -662,28 +663,44 @@ static void __do_notify(struct mqueue_inode_info *info) |
1084 |
+ * synchronously. */ |
1085 |
+ if (info->notify_owner && |
1086 |
+ info->attr.mq_curmsgs == 1) { |
1087 |
+- struct siginfo sig_i; |
1088 |
+ switch (info->notify.sigev_notify) { |
1089 |
+ case SIGEV_NONE: |
1090 |
+ break; |
1091 |
+- case SIGEV_SIGNAL: |
1092 |
+- /* sends signal */ |
1093 |
++ case SIGEV_SIGNAL: { |
1094 |
++ struct siginfo sig_i; |
1095 |
++ struct task_struct *task; |
1096 |
++ |
1097 |
++ /* do_mq_notify() accepts sigev_signo == 0, why?? */ |
1098 |
++ if (!info->notify.sigev_signo) |
1099 |
++ break; |
1100 |
+ |
1101 |
+ clear_siginfo(&sig_i); |
1102 |
+ sig_i.si_signo = info->notify.sigev_signo; |
1103 |
+ sig_i.si_errno = 0; |
1104 |
+ sig_i.si_code = SI_MESGQ; |
1105 |
+ sig_i.si_value = info->notify.sigev_value; |
1106 |
+- /* map current pid/uid into info->owner's namespaces */ |
1107 |
+ rcu_read_lock(); |
1108 |
++ /* map current pid/uid into info->owner's namespaces */ |
1109 |
+ sig_i.si_pid = task_tgid_nr_ns(current, |
1110 |
+ ns_of_pid(info->notify_owner)); |
1111 |
+- sig_i.si_uid = from_kuid_munged(info->notify_user_ns, current_uid()); |
1112 |
++ sig_i.si_uid = from_kuid_munged(info->notify_user_ns, |
1113 |
++ current_uid()); |
1114 |
++ /* |
1115 |
++ * We can't use kill_pid_info(), this signal should |
1116 |
++ * bypass check_kill_permission(). It is from kernel |
1117 |
++ * but si_fromuser() can't know this. |
1118 |
++ * We do check the self_exec_id, to avoid sending |
1119 |
++ * signals to programs that don't expect them. |
1120 |
++ */ |
1121 |
++ task = pid_task(info->notify_owner, PIDTYPE_TGID); |
1122 |
++ if (task && task->self_exec_id == |
1123 |
++ info->notify_self_exec_id) { |
1124 |
++ do_send_sig_info(info->notify.sigev_signo, |
1125 |
++ &sig_i, task, PIDTYPE_TGID); |
1126 |
++ } |
1127 |
+ rcu_read_unlock(); |
1128 |
+- |
1129 |
+- kill_pid_info(info->notify.sigev_signo, |
1130 |
+- &sig_i, info->notify_owner); |
1131 |
+ break; |
1132 |
++ } |
1133 |
+ case SIGEV_THREAD: |
1134 |
+ set_cookie(info->notify_cookie, NOTIFY_WOKENUP); |
1135 |
+ netlink_sendskb(info->notify_sock, info->notify_cookie); |
1136 |
+@@ -1273,6 +1290,7 @@ retry: |
1137 |
+ info->notify.sigev_signo = notification->sigev_signo; |
1138 |
+ info->notify.sigev_value = notification->sigev_value; |
1139 |
+ info->notify.sigev_notify = SIGEV_SIGNAL; |
1140 |
++ info->notify_self_exec_id = current->self_exec_id; |
1141 |
+ break; |
1142 |
+ } |
1143 |
+ |
1144 |
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
1145 |
+index c41f7d1ab5fa..4966410bb0f4 100644 |
1146 |
+--- a/kernel/trace/trace.c |
1147 |
++++ b/kernel/trace/trace.c |
1148 |
+@@ -7750,6 +7750,19 @@ static int allocate_trace_buffers(struct trace_array *tr, int size) |
1149 |
+ */ |
1150 |
+ allocate_snapshot = false; |
1151 |
+ #endif |
1152 |
++ |
1153 |
++ /* |
1154 |
++ * Because of some magic with the way alloc_percpu() works on |
1155 |
++ * x86_64, we need to synchronize the pgd of all the tables, |
1156 |
++ * otherwise the trace events that happen in x86_64 page fault |
1157 |
++ * handlers can't cope with accessing the chance that a |
1158 |
++ * alloc_percpu()'d memory might be touched in the page fault trace |
1159 |
++ * event. Oh, and we need to audit all other alloc_percpu() and vmalloc() |
1160 |
++ * calls in tracing, because something might get triggered within a |
1161 |
++ * page fault trace event! |
1162 |
++ */ |
1163 |
++ vmalloc_sync_mappings(); |
1164 |
++ |
1165 |
+ return 0; |
1166 |
+ } |
1167 |
+ |
1168 |
+diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c |
1169 |
+index 65b4e28ff425..c45b017bacd4 100644 |
1170 |
+--- a/kernel/trace/trace_kprobe.c |
1171 |
++++ b/kernel/trace/trace_kprobe.c |
1172 |
+@@ -538,7 +538,7 @@ static bool __within_notrace_func(unsigned long addr) |
1173 |
+ |
1174 |
+ static bool within_notrace_func(struct trace_kprobe *tk) |
1175 |
+ { |
1176 |
+- unsigned long addr = addr = trace_kprobe_address(tk); |
1177 |
++ unsigned long addr = trace_kprobe_address(tk); |
1178 |
+ char symname[KSYM_NAME_LEN], *p; |
1179 |
+ |
1180 |
+ if (!__within_notrace_func(addr)) |
1181 |
+diff --git a/kernel/umh.c b/kernel/umh.c |
1182 |
+index c449858946af..52a9084f8541 100644 |
1183 |
+--- a/kernel/umh.c |
1184 |
++++ b/kernel/umh.c |
1185 |
+@@ -522,6 +522,11 @@ EXPORT_SYMBOL_GPL(fork_usermode_blob); |
1186 |
+ * Runs a user-space application. The application is started |
1187 |
+ * asynchronously if wait is not set, and runs as a child of system workqueues. |
1188 |
+ * (ie. it runs with full root capabilities and optimized affinity). |
1189 |
++ * |
1190 |
++ * Note: successful return value does not guarantee the helper was called at |
1191 |
++ * all. You can't rely on sub_info->{init,cleanup} being called even for |
1192 |
++ * UMH_WAIT_* wait modes as STATIC_USERMODEHELPER_PATH="" turns all helpers |
1193 |
++ * into a successful no-op. |
1194 |
+ */ |
1195 |
+ int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait) |
1196 |
+ { |
1197 |
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
1198 |
+index 57888cedf244..d8c3051387d1 100644 |
1199 |
+--- a/mm/page_alloc.c |
1200 |
++++ b/mm/page_alloc.c |
1201 |
+@@ -1422,6 +1422,7 @@ void set_zone_contiguous(struct zone *zone) |
1202 |
+ if (!__pageblock_pfn_to_page(block_start_pfn, |
1203 |
+ block_end_pfn, zone)) |
1204 |
+ return; |
1205 |
++ cond_resched(); |
1206 |
+ } |
1207 |
+ |
1208 |
+ /* We confirm that there is no hole */ |
1209 |
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c |
1210 |
+index bf9ea404abe7..0458de53cb64 100644 |
1211 |
+--- a/net/batman-adv/bat_v_ogm.c |
1212 |
++++ b/net/batman-adv/bat_v_ogm.c |
1213 |
+@@ -735,7 +735,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset, |
1214 |
+ |
1215 |
+ orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig); |
1216 |
+ if (!orig_node) |
1217 |
+- return; |
1218 |
++ goto out; |
1219 |
+ |
1220 |
+ neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming, |
1221 |
+ ethhdr->h_source); |
1222 |
+diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c |
1223 |
+index 34caf129a9bf..7f1be5a28757 100644 |
1224 |
+--- a/net/batman-adv/network-coding.c |
1225 |
++++ b/net/batman-adv/network-coding.c |
1226 |
+@@ -1021,15 +1021,8 @@ static struct batadv_nc_path *batadv_nc_get_path(struct batadv_priv *bat_priv, |
1227 |
+ */ |
1228 |
+ static u8 batadv_nc_random_weight_tq(u8 tq) |
1229 |
+ { |
1230 |
+- u8 rand_val, rand_tq; |
1231 |
+- |
1232 |
+- get_random_bytes(&rand_val, sizeof(rand_val)); |
1233 |
+- |
1234 |
+ /* randomize the estimated packet loss (max TQ - estimated TQ) */ |
1235 |
+- rand_tq = rand_val * (BATADV_TQ_MAX_VALUE - tq); |
1236 |
+- |
1237 |
+- /* normalize the randomized packet loss */ |
1238 |
+- rand_tq /= BATADV_TQ_MAX_VALUE; |
1239 |
++ u8 rand_tq = prandom_u32_max(BATADV_TQ_MAX_VALUE + 1 - tq); |
1240 |
+ |
1241 |
+ /* convert to (randomized) estimated tq again */ |
1242 |
+ return BATADV_TQ_MAX_VALUE - rand_tq; |
1243 |
+diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c |
1244 |
+index 09427fc6494a..976b038e53bf 100644 |
1245 |
+--- a/net/batman-adv/sysfs.c |
1246 |
++++ b/net/batman-adv/sysfs.c |
1247 |
+@@ -1093,7 +1093,7 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj, |
1248 |
+ ret = batadv_parse_throughput(net_dev, buff, "throughput_override", |
1249 |
+ &tp_override); |
1250 |
+ if (!ret) |
1251 |
+- return count; |
1252 |
++ goto out; |
1253 |
+ |
1254 |
+ old_tp_override = atomic_read(&hard_iface->bat_v.throughput_override); |
1255 |
+ if (old_tp_override == tp_override) |
1256 |
+@@ -1126,6 +1126,7 @@ static ssize_t batadv_show_throughput_override(struct kobject *kobj, |
1257 |
+ |
1258 |
+ tp_override = atomic_read(&hard_iface->bat_v.throughput_override); |
1259 |
+ |
1260 |
++ batadv_hardif_put(hard_iface); |
1261 |
+ return sprintf(buff, "%u.%u MBit\n", tp_override / 10, |
1262 |
+ tp_override % 10); |
1263 |
+ } |
1264 |
+diff --git a/net/netfilter/nf_nat_proto_udp.c b/net/netfilter/nf_nat_proto_udp.c |
1265 |
+index 5790f70a83b2..d85c31c2433c 100644 |
1266 |
+--- a/net/netfilter/nf_nat_proto_udp.c |
1267 |
++++ b/net/netfilter/nf_nat_proto_udp.c |
1268 |
+@@ -66,15 +66,14 @@ static bool udp_manip_pkt(struct sk_buff *skb, |
1269 |
+ enum nf_nat_manip_type maniptype) |
1270 |
+ { |
1271 |
+ struct udphdr *hdr; |
1272 |
+- bool do_csum; |
1273 |
+ |
1274 |
+ if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) |
1275 |
+ return false; |
1276 |
+ |
1277 |
+ hdr = (struct udphdr *)(skb->data + hdroff); |
1278 |
+- do_csum = hdr->check || skb->ip_summed == CHECKSUM_PARTIAL; |
1279 |
++ __udp_manip_pkt(skb, l3proto, iphdroff, hdr, tuple, maniptype, |
1280 |
++ !!hdr->check); |
1281 |
+ |
1282 |
+- __udp_manip_pkt(skb, l3proto, iphdroff, hdr, tuple, maniptype, do_csum); |
1283 |
+ return true; |
1284 |
+ } |
1285 |
+ |
1286 |
+diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c |
1287 |
+index b0bc130947c9..131f9f8c0b09 100644 |
1288 |
+--- a/net/netfilter/nfnetlink_osf.c |
1289 |
++++ b/net/netfilter/nfnetlink_osf.c |
1290 |
+@@ -170,12 +170,12 @@ static bool nf_osf_match_one(const struct sk_buff *skb, |
1291 |
+ static const struct tcphdr *nf_osf_hdr_ctx_init(struct nf_osf_hdr_ctx *ctx, |
1292 |
+ const struct sk_buff *skb, |
1293 |
+ const struct iphdr *ip, |
1294 |
+- unsigned char *opts) |
1295 |
++ unsigned char *opts, |
1296 |
++ struct tcphdr *_tcph) |
1297 |
+ { |
1298 |
+ const struct tcphdr *tcp; |
1299 |
+- struct tcphdr _tcph; |
1300 |
+ |
1301 |
+- tcp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(struct tcphdr), &_tcph); |
1302 |
++ tcp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(struct tcphdr), _tcph); |
1303 |
+ if (!tcp) |
1304 |
+ return NULL; |
1305 |
+ |
1306 |
+@@ -210,10 +210,11 @@ nf_osf_match(const struct sk_buff *skb, u_int8_t family, |
1307 |
+ int fmatch = FMATCH_WRONG; |
1308 |
+ struct nf_osf_hdr_ctx ctx; |
1309 |
+ const struct tcphdr *tcp; |
1310 |
++ struct tcphdr _tcph; |
1311 |
+ |
1312 |
+ memset(&ctx, 0, sizeof(ctx)); |
1313 |
+ |
1314 |
+- tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts); |
1315 |
++ tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts, &_tcph); |
1316 |
+ if (!tcp) |
1317 |
+ return false; |
1318 |
+ |
1319 |
+@@ -270,10 +271,11 @@ const char *nf_osf_find(const struct sk_buff *skb, |
1320 |
+ struct nf_osf_hdr_ctx ctx; |
1321 |
+ const struct tcphdr *tcp; |
1322 |
+ const char *genre = NULL; |
1323 |
++ struct tcphdr _tcph; |
1324 |
+ |
1325 |
+ memset(&ctx, 0, sizeof(ctx)); |
1326 |
+ |
1327 |
+- tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts); |
1328 |
++ tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts, &_tcph); |
1329 |
+ if (!tcp) |
1330 |
+ return NULL; |
1331 |
+ |
1332 |
+diff --git a/net/sched/sch_choke.c b/net/sched/sch_choke.c |
1333 |
+index eafc0d17d174..63bfceeb8e3c 100644 |
1334 |
+--- a/net/sched/sch_choke.c |
1335 |
++++ b/net/sched/sch_choke.c |
1336 |
+@@ -327,7 +327,8 @@ static void choke_reset(struct Qdisc *sch) |
1337 |
+ |
1338 |
+ sch->q.qlen = 0; |
1339 |
+ sch->qstats.backlog = 0; |
1340 |
+- memset(q->tab, 0, (q->tab_mask + 1) * sizeof(struct sk_buff *)); |
1341 |
++ if (q->tab) |
1342 |
++ memset(q->tab, 0, (q->tab_mask + 1) * sizeof(struct sk_buff *)); |
1343 |
+ q->head = q->tail = 0; |
1344 |
+ red_restart(&q->vars); |
1345 |
+ } |
1346 |
+diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c |
1347 |
+index 137692cb8b4f..a862d9990be7 100644 |
1348 |
+--- a/net/sched/sch_fq_codel.c |
1349 |
++++ b/net/sched/sch_fq_codel.c |
1350 |
+@@ -429,7 +429,7 @@ static int fq_codel_change(struct Qdisc *sch, struct nlattr *opt, |
1351 |
+ q->quantum = max(256U, nla_get_u32(tb[TCA_FQ_CODEL_QUANTUM])); |
1352 |
+ |
1353 |
+ if (tb[TCA_FQ_CODEL_DROP_BATCH_SIZE]) |
1354 |
+- q->drop_batch_size = min(1U, nla_get_u32(tb[TCA_FQ_CODEL_DROP_BATCH_SIZE])); |
1355 |
++ q->drop_batch_size = max(1U, nla_get_u32(tb[TCA_FQ_CODEL_DROP_BATCH_SIZE])); |
1356 |
+ |
1357 |
+ if (tb[TCA_FQ_CODEL_MEMORY_LIMIT]) |
1358 |
+ q->memory_limit = min(1U << 31, nla_get_u32(tb[TCA_FQ_CODEL_MEMORY_LIMIT])); |
1359 |
+diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c |
1360 |
+index d483d6ba59b7..b89cf0971d3d 100644 |
1361 |
+--- a/net/sched/sch_sfq.c |
1362 |
++++ b/net/sched/sch_sfq.c |
1363 |
+@@ -641,6 +641,15 @@ static int sfq_change(struct Qdisc *sch, struct nlattr *opt) |
1364 |
+ if (ctl->divisor && |
1365 |
+ (!is_power_of_2(ctl->divisor) || ctl->divisor > 65536)) |
1366 |
+ return -EINVAL; |
1367 |
++ |
1368 |
++ /* slot->allot is a short, make sure quantum is not too big. */ |
1369 |
++ if (ctl->quantum) { |
1370 |
++ unsigned int scaled = SFQ_ALLOT_SIZE(ctl->quantum); |
1371 |
++ |
1372 |
++ if (scaled <= 0 || scaled > SHRT_MAX) |
1373 |
++ return -EINVAL; |
1374 |
++ } |
1375 |
++ |
1376 |
+ if (ctl_v1 && !red_check_params(ctl_v1->qth_min, ctl_v1->qth_max, |
1377 |
+ ctl_v1->Wlog)) |
1378 |
+ return -EINVAL; |
1379 |
+diff --git a/net/sched/sch_skbprio.c b/net/sched/sch_skbprio.c |
1380 |
+index 52c0b6d8f1d7..3d9de52849bc 100644 |
1381 |
+--- a/net/sched/sch_skbprio.c |
1382 |
++++ b/net/sched/sch_skbprio.c |
1383 |
+@@ -173,6 +173,9 @@ static int skbprio_change(struct Qdisc *sch, struct nlattr *opt, |
1384 |
+ { |
1385 |
+ struct tc_skbprio_qopt *ctl = nla_data(opt); |
1386 |
+ |
1387 |
++ if (opt->nla_len != nla_attr_size(sizeof(*ctl))) |
1388 |
++ return -EINVAL; |
1389 |
++ |
1390 |
+ sch->limit = ctl->limit; |
1391 |
+ return 0; |
1392 |
+ } |
1393 |
+diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c |
1394 |
+index 9f4d325f3a79..c437ae93b5a9 100644 |
1395 |
+--- a/net/sctp/sm_statefuns.c |
1396 |
++++ b/net/sctp/sm_statefuns.c |
1397 |
+@@ -1880,7 +1880,7 @@ static enum sctp_disposition sctp_sf_do_dupcook_a( |
1398 |
+ */ |
1399 |
+ sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(repl)); |
1400 |
+ return sctp_sf_do_9_2_start_shutdown(net, ep, asoc, |
1401 |
+- SCTP_ST_CHUNK(0), NULL, |
1402 |
++ SCTP_ST_CHUNK(0), repl, |
1403 |
+ commands); |
1404 |
+ } else { |
1405 |
+ sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE, |
1406 |
+@@ -5483,7 +5483,7 @@ enum sctp_disposition sctp_sf_do_9_2_start_shutdown( |
1407 |
+ * in the Cumulative TSN Ack field the last sequential TSN it |
1408 |
+ * has received from the peer. |
1409 |
+ */ |
1410 |
+- reply = sctp_make_shutdown(asoc, NULL); |
1411 |
++ reply = sctp_make_shutdown(asoc, arg); |
1412 |
+ if (!reply) |
1413 |
+ goto nomem; |
1414 |
+ |
1415 |
+@@ -6081,7 +6081,7 @@ enum sctp_disposition sctp_sf_autoclose_timer_expire( |
1416 |
+ disposition = SCTP_DISPOSITION_CONSUME; |
1417 |
+ if (sctp_outq_is_empty(&asoc->outqueue)) { |
1418 |
+ disposition = sctp_sf_do_9_2_start_shutdown(net, ep, asoc, type, |
1419 |
+- arg, commands); |
1420 |
++ NULL, commands); |
1421 |
+ } |
1422 |
+ |
1423 |
+ return disposition; |
1424 |
+diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c |
1425 |
+index 35558656fe02..41f4464ac6cc 100644 |
1426 |
+--- a/net/tipc/topsrv.c |
1427 |
++++ b/net/tipc/topsrv.c |
1428 |
+@@ -409,10 +409,11 @@ static int tipc_conn_rcv_from_sock(struct tipc_conn *con) |
1429 |
+ read_lock_bh(&sk->sk_callback_lock); |
1430 |
+ ret = tipc_conn_rcv_sub(srv, con, &s); |
1431 |
+ read_unlock_bh(&sk->sk_callback_lock); |
1432 |
++ if (!ret) |
1433 |
++ return 0; |
1434 |
+ } |
1435 |
+- if (ret < 0) |
1436 |
+- tipc_conn_close(con); |
1437 |
+ |
1438 |
++ tipc_conn_close(con); |
1439 |
+ return ret; |
1440 |
+ } |
1441 |
+ |
1442 |
+diff --git a/scripts/decodecode b/scripts/decodecode |
1443 |
+index 9cef558528aa..eeaa435d1bd2 100755 |
1444 |
+--- a/scripts/decodecode |
1445 |
++++ b/scripts/decodecode |
1446 |
+@@ -119,7 +119,7 @@ faultlinenum=$(( $(wc -l $T.oo | cut -d" " -f1) - \ |
1447 |
+ faultline=`cat $T.dis | head -1 | cut -d":" -f2-` |
1448 |
+ faultline=`echo "$faultline" | sed -e 's/\[/\\\[/g; s/\]/\\\]/g'` |
1449 |
+ |
1450 |
+-cat $T.oo | sed -e "${faultlinenum}s/^\(.*:\)\(.*\)/\1\*\2\t\t<-- trapping instruction/" |
1451 |
++cat $T.oo | sed -e "${faultlinenum}s/^\([^:]*:\)\(.*\)/\1\*\2\t\t<-- trapping instruction/" |
1452 |
+ echo |
1453 |
+ cat $T.aa |
1454 |
+ cleanup |
1455 |
+diff --git a/tools/objtool/check.c b/tools/objtool/check.c |
1456 |
+index 4613d796492a..4d509734b695 100644 |
1457 |
+--- a/tools/objtool/check.c |
1458 |
++++ b/tools/objtool/check.c |
1459 |
+@@ -1315,7 +1315,7 @@ static int update_insn_state_regs(struct instruction *insn, struct insn_state *s |
1460 |
+ struct cfi_reg *cfa = &state->cfa; |
1461 |
+ struct stack_op *op = &insn->stack_op; |
1462 |
+ |
1463 |
+- if (cfa->base != CFI_SP) |
1464 |
++ if (cfa->base != CFI_SP && cfa->base != CFI_SP_INDIRECT) |
1465 |
+ return 0; |
1466 |
+ |
1467 |
+ /* push */ |
1468 |
+diff --git a/virt/kvm/arm/hyp/aarch32.c b/virt/kvm/arm/hyp/aarch32.c |
1469 |
+index d31f267961e7..25c0e47d57cb 100644 |
1470 |
+--- a/virt/kvm/arm/hyp/aarch32.c |
1471 |
++++ b/virt/kvm/arm/hyp/aarch32.c |
1472 |
+@@ -125,12 +125,16 @@ static void __hyp_text kvm_adjust_itstate(struct kvm_vcpu *vcpu) |
1473 |
+ */ |
1474 |
+ void __hyp_text kvm_skip_instr32(struct kvm_vcpu *vcpu, bool is_wide_instr) |
1475 |
+ { |
1476 |
++ u32 pc = *vcpu_pc(vcpu); |
1477 |
+ bool is_thumb; |
1478 |
+ |
1479 |
+ is_thumb = !!(*vcpu_cpsr(vcpu) & PSR_AA32_T_BIT); |
1480 |
+ if (is_thumb && !is_wide_instr) |
1481 |
+- *vcpu_pc(vcpu) += 2; |
1482 |
++ pc += 2; |
1483 |
+ else |
1484 |
+- *vcpu_pc(vcpu) += 4; |
1485 |
++ pc += 4; |
1486 |
++ |
1487 |
++ *vcpu_pc(vcpu) = pc; |
1488 |
++ |
1489 |
+ kvm_adjust_itstate(vcpu); |
1490 |
+ } |
1491 |
+diff --git a/virt/kvm/arm/vgic/vgic-mmio.c b/virt/kvm/arm/vgic/vgic-mmio.c |
1492 |
+index 762f81900529..9d06a1f8e6c0 100644 |
1493 |
+--- a/virt/kvm/arm/vgic/vgic-mmio.c |
1494 |
++++ b/virt/kvm/arm/vgic/vgic-mmio.c |
1495 |
+@@ -381,7 +381,7 @@ static void vgic_mmio_change_active(struct kvm_vcpu *vcpu, struct vgic_irq *irq, |
1496 |
+ static void vgic_change_active_prepare(struct kvm_vcpu *vcpu, u32 intid) |
1497 |
+ { |
1498 |
+ if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3 || |
1499 |
+- intid > VGIC_NR_PRIVATE_IRQS) |
1500 |
++ intid >= VGIC_NR_PRIVATE_IRQS) |
1501 |
+ kvm_arm_halt_guest(vcpu->kvm); |
1502 |
+ } |
1503 |
+ |
1504 |
+@@ -389,7 +389,7 @@ static void vgic_change_active_prepare(struct kvm_vcpu *vcpu, u32 intid) |
1505 |
+ static void vgic_change_active_finish(struct kvm_vcpu *vcpu, u32 intid) |
1506 |
+ { |
1507 |
+ if (vcpu->kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3 || |
1508 |
+- intid > VGIC_NR_PRIVATE_IRQS) |
1509 |
++ intid >= VGIC_NR_PRIVATE_IRQS) |
1510 |
+ kvm_arm_resume_guest(vcpu->kvm); |
1511 |
+ } |
1512 |
+ |