1 |
commit: b28b4e9d1e4258389e49dd53e4243018cdb7493a |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Sep 19 10:04:29 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 19 10:04:29 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=b28b4e9d |
7 |
|
8 |
Linux patch 4.19.74 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1073_linux-4.19.74.patch | 1433 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1437 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index d5d2e47..7734d78 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -331,6 +331,10 @@ Patch: 1072_linux-4.19.73.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.73 |
23 |
|
24 |
+Patch: 1073_linux-4.19.74.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.74 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1073_linux-4.19.74.patch b/1073_linux-4.19.74.patch |
33 |
new file mode 100644 |
34 |
index 0000000..2a11d7d |
35 |
--- /dev/null |
36 |
+++ b/1073_linux-4.19.74.patch |
37 |
@@ -0,0 +1,1433 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 9748fa3704bc..3509e0c6e5ae 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 19 |
46 |
+-SUBLEVEL = 73 |
47 |
++SUBLEVEL = 74 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = "People's Front" |
50 |
+ |
51 |
+diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h |
52 |
+index 23bea99bf8d5..1ca9e37f7cc9 100644 |
53 |
+--- a/arch/powerpc/include/asm/uaccess.h |
54 |
++++ b/arch/powerpc/include/asm/uaccess.h |
55 |
+@@ -306,6 +306,7 @@ extern unsigned long __copy_tofrom_user(void __user *to, |
56 |
+ static inline unsigned long |
57 |
+ raw_copy_in_user(void __user *to, const void __user *from, unsigned long n) |
58 |
+ { |
59 |
++ barrier_nospec(); |
60 |
+ return __copy_tofrom_user(to, from, n); |
61 |
+ } |
62 |
+ #endif /* __powerpc64__ */ |
63 |
+diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c |
64 |
+index fcb55b02990e..05ea466b9e40 100644 |
65 |
+--- a/arch/s390/kvm/interrupt.c |
66 |
++++ b/arch/s390/kvm/interrupt.c |
67 |
+@@ -1879,6 +1879,16 @@ int s390int_to_s390irq(struct kvm_s390_interrupt *s390int, |
68 |
+ case KVM_S390_MCHK: |
69 |
+ irq->u.mchk.mcic = s390int->parm64; |
70 |
+ break; |
71 |
++ case KVM_S390_INT_PFAULT_INIT: |
72 |
++ irq->u.ext.ext_params = s390int->parm; |
73 |
++ irq->u.ext.ext_params2 = s390int->parm64; |
74 |
++ break; |
75 |
++ case KVM_S390_RESTART: |
76 |
++ case KVM_S390_INT_CLOCK_COMP: |
77 |
++ case KVM_S390_INT_CPU_TIMER: |
78 |
++ break; |
79 |
++ default: |
80 |
++ return -EINVAL; |
81 |
+ } |
82 |
+ return 0; |
83 |
+ } |
84 |
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c |
85 |
+index fc7de27960e7..e0551c948c59 100644 |
86 |
+--- a/arch/s390/kvm/kvm-s390.c |
87 |
++++ b/arch/s390/kvm/kvm-s390.c |
88 |
+@@ -928,6 +928,8 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm) |
89 |
+ /* mark all the pages in active slots as dirty */ |
90 |
+ for (slotnr = 0; slotnr < slots->used_slots; slotnr++) { |
91 |
+ ms = slots->memslots + slotnr; |
92 |
++ if (!ms->dirty_bitmap) |
93 |
++ return -EINVAL; |
94 |
+ /* |
95 |
+ * The second half of the bitmap is only used on x86, |
96 |
+ * and would be wasted otherwise, so we put it to good |
97 |
+@@ -3956,7 +3958,7 @@ long kvm_arch_vcpu_async_ioctl(struct file *filp, |
98 |
+ } |
99 |
+ case KVM_S390_INTERRUPT: { |
100 |
+ struct kvm_s390_interrupt s390int; |
101 |
+- struct kvm_s390_irq s390irq; |
102 |
++ struct kvm_s390_irq s390irq = {}; |
103 |
+ |
104 |
+ if (copy_from_user(&s390int, argp, sizeof(s390int))) |
105 |
+ return -EFAULT; |
106 |
+diff --git a/arch/x86/Makefile b/arch/x86/Makefile |
107 |
+index ce0d0424a53d..4833dd7e2cc0 100644 |
108 |
+--- a/arch/x86/Makefile |
109 |
++++ b/arch/x86/Makefile |
110 |
+@@ -38,6 +38,7 @@ REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -DDISABLE_BRANCH_PROFILING \ |
111 |
+ |
112 |
+ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -ffreestanding) |
113 |
+ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -fno-stack-protector) |
114 |
++REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -Wno-address-of-packed-member) |
115 |
+ REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), $(cc_stack_align4)) |
116 |
+ export REALMODE_CFLAGS |
117 |
+ |
118 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
119 |
+index 2938b4bcc968..e83f4f6bfdac 100644 |
120 |
+--- a/arch/x86/kvm/vmx.c |
121 |
++++ b/arch/x86/kvm/vmx.c |
122 |
+@@ -8757,6 +8757,7 @@ static int handle_vmread(struct kvm_vcpu *vcpu) |
123 |
+ u32 vmx_instruction_info = vmcs_read32(VMX_INSTRUCTION_INFO); |
124 |
+ gva_t gva = 0; |
125 |
+ struct vmcs12 *vmcs12; |
126 |
++ struct x86_exception e; |
127 |
+ |
128 |
+ if (!nested_vmx_check_permission(vcpu)) |
129 |
+ return 1; |
130 |
+@@ -8798,8 +8799,10 @@ static int handle_vmread(struct kvm_vcpu *vcpu) |
131 |
+ vmx_instruction_info, true, &gva)) |
132 |
+ return 1; |
133 |
+ /* _system ok, nested_vmx_check_permission has verified cpl=0 */ |
134 |
+- kvm_write_guest_virt_system(vcpu, gva, &field_value, |
135 |
+- (is_long_mode(vcpu) ? 8 : 4), NULL); |
136 |
++ if (kvm_write_guest_virt_system(vcpu, gva, &field_value, |
137 |
++ (is_long_mode(vcpu) ? 8 : 4), |
138 |
++ NULL)) |
139 |
++ kvm_inject_page_fault(vcpu, &e); |
140 |
+ } |
141 |
+ |
142 |
+ nested_vmx_succeed(vcpu); |
143 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
144 |
+index cbc39751f36b..dbae8415cf4a 100644 |
145 |
+--- a/arch/x86/kvm/x86.c |
146 |
++++ b/arch/x86/kvm/x86.c |
147 |
+@@ -5016,6 +5016,13 @@ int kvm_write_guest_virt_system(struct kvm_vcpu *vcpu, gva_t addr, void *val, |
148 |
+ /* kvm_write_guest_virt_system can pull in tons of pages. */ |
149 |
+ vcpu->arch.l1tf_flush_l1d = true; |
150 |
+ |
151 |
++ /* |
152 |
++ * FIXME: this should call handle_emulation_failure if X86EMUL_IO_NEEDED |
153 |
++ * is returned, but our callers are not ready for that and they blindly |
154 |
++ * call kvm_inject_page_fault. Ensure that they at least do not leak |
155 |
++ * uninitialized kernel stack memory into cr2 and error code. |
156 |
++ */ |
157 |
++ memset(exception, 0, sizeof(*exception)); |
158 |
+ return kvm_write_guest_virt_helper(addr, val, bytes, vcpu, |
159 |
+ PFERR_WRITE_MASK, exception); |
160 |
+ } |
161 |
+diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile |
162 |
+index 8901a1f89cf5..10fb42da0007 100644 |
163 |
+--- a/arch/x86/purgatory/Makefile |
164 |
++++ b/arch/x86/purgatory/Makefile |
165 |
+@@ -18,37 +18,40 @@ targets += purgatory.ro |
166 |
+ KASAN_SANITIZE := n |
167 |
+ KCOV_INSTRUMENT := n |
168 |
+ |
169 |
++# These are adjustments to the compiler flags used for objects that |
170 |
++# make up the standalone purgatory.ro |
171 |
++ |
172 |
++PURGATORY_CFLAGS_REMOVE := -mcmodel=kernel |
173 |
++PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss |
174 |
++ |
175 |
+ # Default KBUILD_CFLAGS can have -pg option set when FTRACE is enabled. That |
176 |
+ # in turn leaves some undefined symbols like __fentry__ in purgatory and not |
177 |
+ # sure how to relocate those. |
178 |
+ ifdef CONFIG_FUNCTION_TRACER |
179 |
+-CFLAGS_REMOVE_sha256.o += $(CC_FLAGS_FTRACE) |
180 |
+-CFLAGS_REMOVE_purgatory.o += $(CC_FLAGS_FTRACE) |
181 |
+-CFLAGS_REMOVE_string.o += $(CC_FLAGS_FTRACE) |
182 |
+-CFLAGS_REMOVE_kexec-purgatory.o += $(CC_FLAGS_FTRACE) |
183 |
++PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_FTRACE) |
184 |
+ endif |
185 |
+ |
186 |
+ ifdef CONFIG_STACKPROTECTOR |
187 |
+-CFLAGS_REMOVE_sha256.o += -fstack-protector |
188 |
+-CFLAGS_REMOVE_purgatory.o += -fstack-protector |
189 |
+-CFLAGS_REMOVE_string.o += -fstack-protector |
190 |
+-CFLAGS_REMOVE_kexec-purgatory.o += -fstack-protector |
191 |
++PURGATORY_CFLAGS_REMOVE += -fstack-protector |
192 |
+ endif |
193 |
+ |
194 |
+ ifdef CONFIG_STACKPROTECTOR_STRONG |
195 |
+-CFLAGS_REMOVE_sha256.o += -fstack-protector-strong |
196 |
+-CFLAGS_REMOVE_purgatory.o += -fstack-protector-strong |
197 |
+-CFLAGS_REMOVE_string.o += -fstack-protector-strong |
198 |
+-CFLAGS_REMOVE_kexec-purgatory.o += -fstack-protector-strong |
199 |
++PURGATORY_CFLAGS_REMOVE += -fstack-protector-strong |
200 |
+ endif |
201 |
+ |
202 |
+ ifdef CONFIG_RETPOLINE |
203 |
+-CFLAGS_REMOVE_sha256.o += $(RETPOLINE_CFLAGS) |
204 |
+-CFLAGS_REMOVE_purgatory.o += $(RETPOLINE_CFLAGS) |
205 |
+-CFLAGS_REMOVE_string.o += $(RETPOLINE_CFLAGS) |
206 |
+-CFLAGS_REMOVE_kexec-purgatory.o += $(RETPOLINE_CFLAGS) |
207 |
++PURGATORY_CFLAGS_REMOVE += $(RETPOLINE_CFLAGS) |
208 |
+ endif |
209 |
+ |
210 |
++CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) |
211 |
++CFLAGS_purgatory.o += $(PURGATORY_CFLAGS) |
212 |
++ |
213 |
++CFLAGS_REMOVE_sha256.o += $(PURGATORY_CFLAGS_REMOVE) |
214 |
++CFLAGS_sha256.o += $(PURGATORY_CFLAGS) |
215 |
++ |
216 |
++CFLAGS_REMOVE_string.o += $(PURGATORY_CFLAGS_REMOVE) |
217 |
++CFLAGS_string.o += $(PURGATORY_CFLAGS) |
218 |
++ |
219 |
+ $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE |
220 |
+ $(call if_changed,ld) |
221 |
+ |
222 |
+diff --git a/drivers/base/core.c b/drivers/base/core.c |
223 |
+index e1a8d5c06f65..fcda6313e7de 100644 |
224 |
+--- a/drivers/base/core.c |
225 |
++++ b/drivers/base/core.c |
226 |
+@@ -1648,12 +1648,63 @@ static inline struct kobject *get_glue_dir(struct device *dev) |
227 |
+ */ |
228 |
+ static void cleanup_glue_dir(struct device *dev, struct kobject *glue_dir) |
229 |
+ { |
230 |
++ unsigned int ref; |
231 |
++ |
232 |
+ /* see if we live in a "glue" directory */ |
233 |
+ if (!live_in_glue_dir(glue_dir, dev)) |
234 |
+ return; |
235 |
+ |
236 |
+ mutex_lock(&gdp_mutex); |
237 |
+- if (!kobject_has_children(glue_dir)) |
238 |
++ /** |
239 |
++ * There is a race condition between removing glue directory |
240 |
++ * and adding a new device under the glue directory. |
241 |
++ * |
242 |
++ * CPU1: CPU2: |
243 |
++ * |
244 |
++ * device_add() |
245 |
++ * get_device_parent() |
246 |
++ * class_dir_create_and_add() |
247 |
++ * kobject_add_internal() |
248 |
++ * create_dir() // create glue_dir |
249 |
++ * |
250 |
++ * device_add() |
251 |
++ * get_device_parent() |
252 |
++ * kobject_get() // get glue_dir |
253 |
++ * |
254 |
++ * device_del() |
255 |
++ * cleanup_glue_dir() |
256 |
++ * kobject_del(glue_dir) |
257 |
++ * |
258 |
++ * kobject_add() |
259 |
++ * kobject_add_internal() |
260 |
++ * create_dir() // in glue_dir |
261 |
++ * sysfs_create_dir_ns() |
262 |
++ * kernfs_create_dir_ns(sd) |
263 |
++ * |
264 |
++ * sysfs_remove_dir() // glue_dir->sd=NULL |
265 |
++ * sysfs_put() // free glue_dir->sd |
266 |
++ * |
267 |
++ * // sd is freed |
268 |
++ * kernfs_new_node(sd) |
269 |
++ * kernfs_get(glue_dir) |
270 |
++ * kernfs_add_one() |
271 |
++ * kernfs_put() |
272 |
++ * |
273 |
++ * Before CPU1 remove last child device under glue dir, if CPU2 add |
274 |
++ * a new device under glue dir, the glue_dir kobject reference count |
275 |
++ * will be increase to 2 in kobject_get(k). And CPU2 has been called |
276 |
++ * kernfs_create_dir_ns(). Meanwhile, CPU1 call sysfs_remove_dir() |
277 |
++ * and sysfs_put(). This result in glue_dir->sd is freed. |
278 |
++ * |
279 |
++ * Then the CPU2 will see a stale "empty" but still potentially used |
280 |
++ * glue dir around in kernfs_new_node(). |
281 |
++ * |
282 |
++ * In order to avoid this happening, we also should make sure that |
283 |
++ * kernfs_node for glue_dir is released in CPU1 only when refcount |
284 |
++ * for glue_dir kobj is 1. |
285 |
++ */ |
286 |
++ ref = kref_read(&glue_dir->kref); |
287 |
++ if (!kobject_has_children(glue_dir) && !--ref) |
288 |
+ kobject_del(glue_dir); |
289 |
+ kobject_put(glue_dir); |
290 |
+ mutex_unlock(&gdp_mutex); |
291 |
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c |
292 |
+index 75cf605f54e5..09c83dc2ef67 100644 |
293 |
+--- a/drivers/bluetooth/btusb.c |
294 |
++++ b/drivers/bluetooth/btusb.c |
295 |
+@@ -1139,10 +1139,6 @@ static int btusb_open(struct hci_dev *hdev) |
296 |
+ } |
297 |
+ |
298 |
+ data->intf->needs_remote_wakeup = 1; |
299 |
+- /* device specific wakeup source enabled and required for USB |
300 |
+- * remote wakeup while host is suspended |
301 |
+- */ |
302 |
+- device_wakeup_enable(&data->udev->dev); |
303 |
+ |
304 |
+ if (test_and_set_bit(BTUSB_INTR_RUNNING, &data->flags)) |
305 |
+ goto done; |
306 |
+@@ -1206,7 +1202,6 @@ static int btusb_close(struct hci_dev *hdev) |
307 |
+ goto failed; |
308 |
+ |
309 |
+ data->intf->needs_remote_wakeup = 0; |
310 |
+- device_wakeup_disable(&data->udev->dev); |
311 |
+ usb_autopm_put_interface(data->intf); |
312 |
+ |
313 |
+ failed: |
314 |
+diff --git a/drivers/clk/rockchip/clk-mmc-phase.c b/drivers/clk/rockchip/clk-mmc-phase.c |
315 |
+index 026a26bb702d..dbec84238ecd 100644 |
316 |
+--- a/drivers/clk/rockchip/clk-mmc-phase.c |
317 |
++++ b/drivers/clk/rockchip/clk-mmc-phase.c |
318 |
+@@ -61,10 +61,8 @@ static int rockchip_mmc_get_phase(struct clk_hw *hw) |
319 |
+ u32 delay_num = 0; |
320 |
+ |
321 |
+ /* See the comment for rockchip_mmc_set_phase below */ |
322 |
+- if (!rate) { |
323 |
+- pr_err("%s: invalid clk rate\n", __func__); |
324 |
++ if (!rate) |
325 |
+ return -EINVAL; |
326 |
+- } |
327 |
+ |
328 |
+ raw_value = readl(mmc_clock->reg) >> (mmc_clock->shift); |
329 |
+ |
330 |
+diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c |
331 |
+index 41b288bdcdbf..064315edd289 100644 |
332 |
+--- a/drivers/crypto/talitos.c |
333 |
++++ b/drivers/crypto/talitos.c |
334 |
+@@ -959,11 +959,13 @@ static void talitos_sg_unmap(struct device *dev, |
335 |
+ |
336 |
+ static void ipsec_esp_unmap(struct device *dev, |
337 |
+ struct talitos_edesc *edesc, |
338 |
+- struct aead_request *areq) |
339 |
++ struct aead_request *areq, bool encrypt) |
340 |
+ { |
341 |
+ struct crypto_aead *aead = crypto_aead_reqtfm(areq); |
342 |
+ struct talitos_ctx *ctx = crypto_aead_ctx(aead); |
343 |
+ unsigned int ivsize = crypto_aead_ivsize(aead); |
344 |
++ unsigned int authsize = crypto_aead_authsize(aead); |
345 |
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize); |
346 |
+ bool is_ipsec_esp = edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP; |
347 |
+ struct talitos_ptr *civ_ptr = &edesc->desc.ptr[is_ipsec_esp ? 2 : 3]; |
348 |
+ |
349 |
+@@ -972,7 +974,7 @@ static void ipsec_esp_unmap(struct device *dev, |
350 |
+ DMA_FROM_DEVICE); |
351 |
+ unmap_single_talitos_ptr(dev, civ_ptr, DMA_TO_DEVICE); |
352 |
+ |
353 |
+- talitos_sg_unmap(dev, edesc, areq->src, areq->dst, areq->cryptlen, |
354 |
++ talitos_sg_unmap(dev, edesc, areq->src, areq->dst, cryptlen, |
355 |
+ areq->assoclen); |
356 |
+ |
357 |
+ if (edesc->dma_len) |
358 |
+@@ -983,7 +985,7 @@ static void ipsec_esp_unmap(struct device *dev, |
359 |
+ unsigned int dst_nents = edesc->dst_nents ? : 1; |
360 |
+ |
361 |
+ sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize, |
362 |
+- areq->assoclen + areq->cryptlen - ivsize); |
363 |
++ areq->assoclen + cryptlen - ivsize); |
364 |
+ } |
365 |
+ } |
366 |
+ |
367 |
+@@ -1005,7 +1007,7 @@ static void ipsec_esp_encrypt_done(struct device *dev, |
368 |
+ |
369 |
+ edesc = container_of(desc, struct talitos_edesc, desc); |
370 |
+ |
371 |
+- ipsec_esp_unmap(dev, edesc, areq); |
372 |
++ ipsec_esp_unmap(dev, edesc, areq, true); |
373 |
+ |
374 |
+ /* copy the generated ICV to dst */ |
375 |
+ if (edesc->icv_ool) { |
376 |
+@@ -1039,7 +1041,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev, |
377 |
+ |
378 |
+ edesc = container_of(desc, struct talitos_edesc, desc); |
379 |
+ |
380 |
+- ipsec_esp_unmap(dev, edesc, req); |
381 |
++ ipsec_esp_unmap(dev, edesc, req, false); |
382 |
+ |
383 |
+ if (!err) { |
384 |
+ char icvdata[SHA512_DIGEST_SIZE]; |
385 |
+@@ -1085,7 +1087,7 @@ static void ipsec_esp_decrypt_hwauth_done(struct device *dev, |
386 |
+ |
387 |
+ edesc = container_of(desc, struct talitos_edesc, desc); |
388 |
+ |
389 |
+- ipsec_esp_unmap(dev, edesc, req); |
390 |
++ ipsec_esp_unmap(dev, edesc, req, false); |
391 |
+ |
392 |
+ /* check ICV auth status */ |
393 |
+ if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) != |
394 |
+@@ -1188,6 +1190,7 @@ static int talitos_sg_map(struct device *dev, struct scatterlist *src, |
395 |
+ * fill in and submit ipsec_esp descriptor |
396 |
+ */ |
397 |
+ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, |
398 |
++ bool encrypt, |
399 |
+ void (*callback)(struct device *dev, |
400 |
+ struct talitos_desc *desc, |
401 |
+ void *context, int error)) |
402 |
+@@ -1197,7 +1200,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, |
403 |
+ struct talitos_ctx *ctx = crypto_aead_ctx(aead); |
404 |
+ struct device *dev = ctx->dev; |
405 |
+ struct talitos_desc *desc = &edesc->desc; |
406 |
+- unsigned int cryptlen = areq->cryptlen; |
407 |
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize); |
408 |
+ unsigned int ivsize = crypto_aead_ivsize(aead); |
409 |
+ int tbl_off = 0; |
410 |
+ int sg_count, ret; |
411 |
+@@ -1324,7 +1327,7 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, |
412 |
+ |
413 |
+ ret = talitos_submit(dev, ctx->ch, desc, callback, areq); |
414 |
+ if (ret != -EINPROGRESS) { |
415 |
+- ipsec_esp_unmap(dev, edesc, areq); |
416 |
++ ipsec_esp_unmap(dev, edesc, areq, encrypt); |
417 |
+ kfree(edesc); |
418 |
+ } |
419 |
+ return ret; |
420 |
+@@ -1438,9 +1441,10 @@ static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv, |
421 |
+ unsigned int authsize = crypto_aead_authsize(authenc); |
422 |
+ struct talitos_ctx *ctx = crypto_aead_ctx(authenc); |
423 |
+ unsigned int ivsize = crypto_aead_ivsize(authenc); |
424 |
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize); |
425 |
+ |
426 |
+ return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst, |
427 |
+- iv, areq->assoclen, areq->cryptlen, |
428 |
++ iv, areq->assoclen, cryptlen, |
429 |
+ authsize, ivsize, icv_stashing, |
430 |
+ areq->base.flags, encrypt); |
431 |
+ } |
432 |
+@@ -1459,7 +1463,7 @@ static int aead_encrypt(struct aead_request *req) |
433 |
+ /* set encrypt */ |
434 |
+ edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT; |
435 |
+ |
436 |
+- return ipsec_esp(edesc, req, ipsec_esp_encrypt_done); |
437 |
++ return ipsec_esp(edesc, req, true, ipsec_esp_encrypt_done); |
438 |
+ } |
439 |
+ |
440 |
+ static int aead_decrypt(struct aead_request *req) |
441 |
+@@ -1471,14 +1475,13 @@ static int aead_decrypt(struct aead_request *req) |
442 |
+ struct talitos_edesc *edesc; |
443 |
+ void *icvdata; |
444 |
+ |
445 |
+- req->cryptlen -= authsize; |
446 |
+- |
447 |
+ /* allocate extended descriptor */ |
448 |
+ edesc = aead_edesc_alloc(req, req->iv, 1, false); |
449 |
+ if (IS_ERR(edesc)) |
450 |
+ return PTR_ERR(edesc); |
451 |
+ |
452 |
+- if ((priv->features & TALITOS_FTR_HW_AUTH_CHECK) && |
453 |
++ if ((edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP) && |
454 |
++ (priv->features & TALITOS_FTR_HW_AUTH_CHECK) && |
455 |
+ ((!edesc->src_nents && !edesc->dst_nents) || |
456 |
+ priv->features & TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT)) { |
457 |
+ |
458 |
+@@ -1489,7 +1492,8 @@ static int aead_decrypt(struct aead_request *req) |
459 |
+ |
460 |
+ /* reset integrity check result bits */ |
461 |
+ |
462 |
+- return ipsec_esp(edesc, req, ipsec_esp_decrypt_hwauth_done); |
463 |
++ return ipsec_esp(edesc, req, false, |
464 |
++ ipsec_esp_decrypt_hwauth_done); |
465 |
+ } |
466 |
+ |
467 |
+ /* Have to check the ICV with software */ |
468 |
+@@ -1505,7 +1509,7 @@ static int aead_decrypt(struct aead_request *req) |
469 |
+ sg_pcopy_to_buffer(req->src, edesc->src_nents ? : 1, icvdata, authsize, |
470 |
+ req->assoclen + req->cryptlen - authsize); |
471 |
+ |
472 |
+- return ipsec_esp(edesc, req, ipsec_esp_decrypt_swauth_done); |
473 |
++ return ipsec_esp(edesc, req, false, ipsec_esp_decrypt_swauth_done); |
474 |
+ } |
475 |
+ |
476 |
+ static int ablkcipher_setkey(struct crypto_ablkcipher *cipher, |
477 |
+@@ -1538,6 +1542,18 @@ static int ablkcipher_setkey(struct crypto_ablkcipher *cipher, |
478 |
+ return 0; |
479 |
+ } |
480 |
+ |
481 |
++static int ablkcipher_aes_setkey(struct crypto_ablkcipher *cipher, |
482 |
++ const u8 *key, unsigned int keylen) |
483 |
++{ |
484 |
++ if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 || |
485 |
++ keylen == AES_KEYSIZE_256) |
486 |
++ return ablkcipher_setkey(cipher, key, keylen); |
487 |
++ |
488 |
++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN); |
489 |
++ |
490 |
++ return -EINVAL; |
491 |
++} |
492 |
++ |
493 |
+ static void common_nonsnoop_unmap(struct device *dev, |
494 |
+ struct talitos_edesc *edesc, |
495 |
+ struct ablkcipher_request *areq) |
496 |
+@@ -1660,6 +1676,14 @@ static int ablkcipher_encrypt(struct ablkcipher_request *areq) |
497 |
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq); |
498 |
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher); |
499 |
+ struct talitos_edesc *edesc; |
500 |
++ unsigned int blocksize = |
501 |
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher)); |
502 |
++ |
503 |
++ if (!areq->nbytes) |
504 |
++ return 0; |
505 |
++ |
506 |
++ if (areq->nbytes % blocksize) |
507 |
++ return -EINVAL; |
508 |
+ |
509 |
+ /* allocate extended descriptor */ |
510 |
+ edesc = ablkcipher_edesc_alloc(areq, true); |
511 |
+@@ -1677,6 +1701,14 @@ static int ablkcipher_decrypt(struct ablkcipher_request *areq) |
512 |
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq); |
513 |
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher); |
514 |
+ struct talitos_edesc *edesc; |
515 |
++ unsigned int blocksize = |
516 |
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher)); |
517 |
++ |
518 |
++ if (!areq->nbytes) |
519 |
++ return 0; |
520 |
++ |
521 |
++ if (areq->nbytes % blocksize) |
522 |
++ return -EINVAL; |
523 |
+ |
524 |
+ /* allocate extended descriptor */ |
525 |
+ edesc = ablkcipher_edesc_alloc(areq, false); |
526 |
+@@ -2705,6 +2737,7 @@ static struct talitos_alg_template driver_algs[] = { |
527 |
+ .min_keysize = AES_MIN_KEY_SIZE, |
528 |
+ .max_keysize = AES_MAX_KEY_SIZE, |
529 |
+ .ivsize = AES_BLOCK_SIZE, |
530 |
++ .setkey = ablkcipher_aes_setkey, |
531 |
+ } |
532 |
+ }, |
533 |
+ .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU | |
534 |
+@@ -2715,13 +2748,13 @@ static struct talitos_alg_template driver_algs[] = { |
535 |
+ .alg.crypto = { |
536 |
+ .cra_name = "ctr(aes)", |
537 |
+ .cra_driver_name = "ctr-aes-talitos", |
538 |
+- .cra_blocksize = AES_BLOCK_SIZE, |
539 |
++ .cra_blocksize = 1, |
540 |
+ .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | |
541 |
+ CRYPTO_ALG_ASYNC, |
542 |
+ .cra_ablkcipher = { |
543 |
+ .min_keysize = AES_MIN_KEY_SIZE, |
544 |
+ .max_keysize = AES_MAX_KEY_SIZE, |
545 |
+- .ivsize = AES_BLOCK_SIZE, |
546 |
++ .setkey = ablkcipher_aes_setkey, |
547 |
+ } |
548 |
+ }, |
549 |
+ .desc_hdr_template = DESC_HDR_TYPE_AESU_CTR_NONSNOOP | |
550 |
+diff --git a/drivers/firmware/ti_sci.c b/drivers/firmware/ti_sci.c |
551 |
+index 7fa744793bc5..5e35a66ed0ae 100644 |
552 |
+--- a/drivers/firmware/ti_sci.c |
553 |
++++ b/drivers/firmware/ti_sci.c |
554 |
+@@ -463,9 +463,9 @@ static int ti_sci_cmd_get_revision(struct ti_sci_info *info) |
555 |
+ struct ti_sci_xfer *xfer; |
556 |
+ int ret; |
557 |
+ |
558 |
+- /* No need to setup flags since it is expected to respond */ |
559 |
+ xfer = ti_sci_get_one_xfer(info, TI_SCI_MSG_VERSION, |
560 |
+- 0x0, sizeof(struct ti_sci_msg_hdr), |
561 |
++ TI_SCI_FLAG_REQ_ACK_ON_PROCESSED, |
562 |
++ sizeof(struct ti_sci_msg_hdr), |
563 |
+ sizeof(*rev_info)); |
564 |
+ if (IS_ERR(xfer)) { |
565 |
+ ret = PTR_ERR(xfer); |
566 |
+@@ -593,9 +593,9 @@ static int ti_sci_get_device_state(const struct ti_sci_handle *handle, |
567 |
+ info = handle_to_ti_sci_info(handle); |
568 |
+ dev = info->dev; |
569 |
+ |
570 |
+- /* Response is expected, so need of any flags */ |
571 |
+ xfer = ti_sci_get_one_xfer(info, TI_SCI_MSG_GET_DEVICE_STATE, |
572 |
+- 0, sizeof(*req), sizeof(*resp)); |
573 |
++ TI_SCI_FLAG_REQ_ACK_ON_PROCESSED, |
574 |
++ sizeof(*req), sizeof(*resp)); |
575 |
+ if (IS_ERR(xfer)) { |
576 |
+ ret = PTR_ERR(xfer); |
577 |
+ dev_err(dev, "Message alloc failed(%d)\n", ret); |
578 |
+diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c |
579 |
+index c5e009f61021..cf2604e63599 100644 |
580 |
+--- a/drivers/gpio/gpiolib-acpi.c |
581 |
++++ b/drivers/gpio/gpiolib-acpi.c |
582 |
+@@ -10,6 +10,7 @@ |
583 |
+ * published by the Free Software Foundation. |
584 |
+ */ |
585 |
+ |
586 |
++#include <linux/dmi.h> |
587 |
+ #include <linux/errno.h> |
588 |
+ #include <linux/gpio.h> |
589 |
+ #include <linux/gpio/consumer.h> |
590 |
+@@ -23,6 +24,11 @@ |
591 |
+ |
592 |
+ #include "gpiolib.h" |
593 |
+ |
594 |
++static int run_edge_events_on_boot = -1; |
595 |
++module_param(run_edge_events_on_boot, int, 0444); |
596 |
++MODULE_PARM_DESC(run_edge_events_on_boot, |
597 |
++ "Run edge _AEI event-handlers at boot: 0=no, 1=yes, -1=auto"); |
598 |
++ |
599 |
+ /** |
600 |
+ * struct acpi_gpio_event - ACPI GPIO event handler data |
601 |
+ * |
602 |
+@@ -174,10 +180,13 @@ static void acpi_gpiochip_request_irq(struct acpi_gpio_chip *acpi_gpio, |
603 |
+ event->irq_requested = true; |
604 |
+ |
605 |
+ /* Make sure we trigger the initial state of edge-triggered IRQs */ |
606 |
+- value = gpiod_get_raw_value_cansleep(event->desc); |
607 |
+- if (((event->irqflags & IRQF_TRIGGER_RISING) && value == 1) || |
608 |
+- ((event->irqflags & IRQF_TRIGGER_FALLING) && value == 0)) |
609 |
+- event->handler(event->irq, event); |
610 |
++ if (run_edge_events_on_boot && |
611 |
++ (event->irqflags & (IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING))) { |
612 |
++ value = gpiod_get_raw_value_cansleep(event->desc); |
613 |
++ if (((event->irqflags & IRQF_TRIGGER_RISING) && value == 1) || |
614 |
++ ((event->irqflags & IRQF_TRIGGER_FALLING) && value == 0)) |
615 |
++ event->handler(event->irq, event); |
616 |
++ } |
617 |
+ } |
618 |
+ |
619 |
+ static void acpi_gpiochip_request_irqs(struct acpi_gpio_chip *acpi_gpio) |
620 |
+@@ -1253,3 +1262,28 @@ static int acpi_gpio_handle_deferred_request_irqs(void) |
621 |
+ } |
622 |
+ /* We must use _sync so that this runs after the first deferred_probe run */ |
623 |
+ late_initcall_sync(acpi_gpio_handle_deferred_request_irqs); |
624 |
++ |
625 |
++static const struct dmi_system_id run_edge_events_on_boot_blacklist[] = { |
626 |
++ { |
627 |
++ .matches = { |
628 |
++ DMI_MATCH(DMI_SYS_VENDOR, "MINIX"), |
629 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "Z83-4"), |
630 |
++ } |
631 |
++ }, |
632 |
++ {} /* Terminating entry */ |
633 |
++}; |
634 |
++ |
635 |
++static int acpi_gpio_setup_params(void) |
636 |
++{ |
637 |
++ if (run_edge_events_on_boot < 0) { |
638 |
++ if (dmi_check_system(run_edge_events_on_boot_blacklist)) |
639 |
++ run_edge_events_on_boot = 0; |
640 |
++ else |
641 |
++ run_edge_events_on_boot = 1; |
642 |
++ } |
643 |
++ |
644 |
++ return 0; |
645 |
++} |
646 |
++ |
647 |
++/* Directly after dmi_setup() which runs as core_initcall() */ |
648 |
++postcore_initcall(acpi_gpio_setup_params); |
649 |
+diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c |
650 |
+index 53395852f012..3289b53a7ba1 100644 |
651 |
+--- a/drivers/gpio/gpiolib.c |
652 |
++++ b/drivers/gpio/gpiolib.c |
653 |
+@@ -524,6 +524,14 @@ static int linehandle_create(struct gpio_device *gdev, void __user *ip) |
654 |
+ if (lflags & ~GPIOHANDLE_REQUEST_VALID_FLAGS) |
655 |
+ return -EINVAL; |
656 |
+ |
657 |
++ /* |
658 |
++ * Do not allow both INPUT & OUTPUT flags to be set as they are |
659 |
++ * contradictory. |
660 |
++ */ |
661 |
++ if ((lflags & GPIOHANDLE_REQUEST_INPUT) && |
662 |
++ (lflags & GPIOHANDLE_REQUEST_OUTPUT)) |
663 |
++ return -EINVAL; |
664 |
++ |
665 |
+ /* |
666 |
+ * Do not allow OPEN_SOURCE & OPEN_DRAIN flags in a single request. If |
667 |
+ * the hardware actually supports enabling both at the same time the |
668 |
+@@ -916,7 +924,9 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) |
669 |
+ } |
670 |
+ |
671 |
+ /* This is just wrong: we don't look for events on output lines */ |
672 |
+- if (lflags & GPIOHANDLE_REQUEST_OUTPUT) { |
673 |
++ if ((lflags & GPIOHANDLE_REQUEST_OUTPUT) || |
674 |
++ (lflags & GPIOHANDLE_REQUEST_OPEN_DRAIN) || |
675 |
++ (lflags & GPIOHANDLE_REQUEST_OPEN_SOURCE)) { |
676 |
+ ret = -EINVAL; |
677 |
+ goto out_free_label; |
678 |
+ } |
679 |
+@@ -930,10 +940,6 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) |
680 |
+ |
681 |
+ if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW) |
682 |
+ set_bit(FLAG_ACTIVE_LOW, &desc->flags); |
683 |
+- if (lflags & GPIOHANDLE_REQUEST_OPEN_DRAIN) |
684 |
+- set_bit(FLAG_OPEN_DRAIN, &desc->flags); |
685 |
+- if (lflags & GPIOHANDLE_REQUEST_OPEN_SOURCE) |
686 |
+- set_bit(FLAG_OPEN_SOURCE, &desc->flags); |
687 |
+ |
688 |
+ ret = gpiod_direction_input(desc); |
689 |
+ if (ret) |
690 |
+diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c |
691 |
+index b44bed554211..cc354b491774 100644 |
692 |
+--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c |
693 |
++++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c |
694 |
+@@ -82,6 +82,12 @@ static const struct drm_dmi_panel_orientation_data itworks_tw891 = { |
695 |
+ .orientation = DRM_MODE_PANEL_ORIENTATION_RIGHT_UP, |
696 |
+ }; |
697 |
+ |
698 |
++static const struct drm_dmi_panel_orientation_data lcd720x1280_rightside_up = { |
699 |
++ .width = 720, |
700 |
++ .height = 1280, |
701 |
++ .orientation = DRM_MODE_PANEL_ORIENTATION_RIGHT_UP, |
702 |
++}; |
703 |
++ |
704 |
+ static const struct drm_dmi_panel_orientation_data lcd800x1280_rightside_up = { |
705 |
+ .width = 800, |
706 |
+ .height = 1280, |
707 |
+@@ -109,6 +115,12 @@ static const struct dmi_system_id orientation_data[] = { |
708 |
+ DMI_EXACT_MATCH(DMI_BOARD_NAME, "Default string"), |
709 |
+ }, |
710 |
+ .driver_data = (void *)&gpd_micropc, |
711 |
++ }, { /* GPD MicroPC (later BIOS versions with proper DMI strings) */ |
712 |
++ .matches = { |
713 |
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "GPD"), |
714 |
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "MicroPC"), |
715 |
++ }, |
716 |
++ .driver_data = (void *)&lcd720x1280_rightside_up, |
717 |
+ }, { /* |
718 |
+ * GPD Pocket, note that the the DMI data is less generic then |
719 |
+ * it seems, devices with a board-vendor of "AMI Corporation" |
720 |
+diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c |
721 |
+index f6389479fccb..947bc6d62302 100644 |
722 |
+--- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c |
723 |
++++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c |
724 |
+@@ -566,12 +566,15 @@ static int mtk_drm_probe(struct platform_device *pdev) |
725 |
+ comp = devm_kzalloc(dev, sizeof(*comp), GFP_KERNEL); |
726 |
+ if (!comp) { |
727 |
+ ret = -ENOMEM; |
728 |
++ of_node_put(node); |
729 |
+ goto err_node; |
730 |
+ } |
731 |
+ |
732 |
+ ret = mtk_ddp_comp_init(dev, node, comp, comp_id, NULL); |
733 |
+- if (ret) |
734 |
++ if (ret) { |
735 |
++ of_node_put(node); |
736 |
+ goto err_node; |
737 |
++ } |
738 |
+ |
739 |
+ private->ddp_comp[comp_id] = comp; |
740 |
+ } |
741 |
+diff --git a/drivers/gpu/drm/meson/meson_plane.c b/drivers/gpu/drm/meson/meson_plane.c |
742 |
+index 12c80dfcff59..c7daae53fa1f 100644 |
743 |
+--- a/drivers/gpu/drm/meson/meson_plane.c |
744 |
++++ b/drivers/gpu/drm/meson/meson_plane.c |
745 |
+@@ -120,6 +120,13 @@ static void meson_plane_atomic_update(struct drm_plane *plane, |
746 |
+ priv->viu.osd1_blk0_cfg[0] |= OSD_BLK_MODE_32 | |
747 |
+ OSD_COLOR_MATRIX_32_ARGB; |
748 |
+ break; |
749 |
++ case DRM_FORMAT_XBGR8888: |
750 |
++ /* For XRGB, replace the pixel's alpha by 0xFF */ |
751 |
++ writel_bits_relaxed(OSD_REPLACE_EN, OSD_REPLACE_EN, |
752 |
++ priv->io_base + _REG(VIU_OSD1_CTRL_STAT2)); |
753 |
++ priv->viu.osd1_blk0_cfg[0] |= OSD_BLK_MODE_32 | |
754 |
++ OSD_COLOR_MATRIX_32_ABGR; |
755 |
++ break; |
756 |
+ case DRM_FORMAT_ARGB8888: |
757 |
+ /* For ARGB, use the pixel's alpha */ |
758 |
+ writel_bits_relaxed(OSD_REPLACE_EN, 0, |
759 |
+@@ -127,6 +134,13 @@ static void meson_plane_atomic_update(struct drm_plane *plane, |
760 |
+ priv->viu.osd1_blk0_cfg[0] |= OSD_BLK_MODE_32 | |
761 |
+ OSD_COLOR_MATRIX_32_ARGB; |
762 |
+ break; |
763 |
++ case DRM_FORMAT_ABGR8888: |
764 |
++ /* For ARGB, use the pixel's alpha */ |
765 |
++ writel_bits_relaxed(OSD_REPLACE_EN, 0, |
766 |
++ priv->io_base + _REG(VIU_OSD1_CTRL_STAT2)); |
767 |
++ priv->viu.osd1_blk0_cfg[0] |= OSD_BLK_MODE_32 | |
768 |
++ OSD_COLOR_MATRIX_32_ABGR; |
769 |
++ break; |
770 |
+ case DRM_FORMAT_RGB888: |
771 |
+ priv->viu.osd1_blk0_cfg[0] |= OSD_BLK_MODE_24 | |
772 |
+ OSD_COLOR_MATRIX_24_RGB; |
773 |
+@@ -196,7 +210,9 @@ static const struct drm_plane_funcs meson_plane_funcs = { |
774 |
+ |
775 |
+ static const uint32_t supported_drm_formats[] = { |
776 |
+ DRM_FORMAT_ARGB8888, |
777 |
++ DRM_FORMAT_ABGR8888, |
778 |
+ DRM_FORMAT_XRGB8888, |
779 |
++ DRM_FORMAT_XBGR8888, |
780 |
+ DRM_FORMAT_RGB888, |
781 |
+ DRM_FORMAT_RGB565, |
782 |
+ }; |
783 |
+diff --git a/drivers/iio/adc/stm32-dfsdm-adc.c b/drivers/iio/adc/stm32-dfsdm-adc.c |
784 |
+index 15a115210108..f5586dd6414d 100644 |
785 |
+--- a/drivers/iio/adc/stm32-dfsdm-adc.c |
786 |
++++ b/drivers/iio/adc/stm32-dfsdm-adc.c |
787 |
+@@ -981,11 +981,11 @@ static int stm32_dfsdm_adc_chan_init_one(struct iio_dev *indio_dev, |
788 |
+ ch->info_mask_shared_by_all = BIT(IIO_CHAN_INFO_OVERSAMPLING_RATIO); |
789 |
+ |
790 |
+ if (adc->dev_data->type == DFSDM_AUDIO) { |
791 |
+- ch->scan_type.sign = 's'; |
792 |
+ ch->ext_info = dfsdm_adc_audio_ext_info; |
793 |
+ } else { |
794 |
+- ch->scan_type.sign = 'u'; |
795 |
++ ch->scan_type.shift = 8; |
796 |
+ } |
797 |
++ ch->scan_type.sign = 's'; |
798 |
+ ch->scan_type.realbits = 24; |
799 |
+ ch->scan_type.storagebits = 32; |
800 |
+ |
801 |
+diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c |
802 |
+index ef5560b848ab..21786a442368 100644 |
803 |
+--- a/drivers/isdn/capi/capi.c |
804 |
++++ b/drivers/isdn/capi/capi.c |
805 |
+@@ -688,6 +688,9 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos |
806 |
+ if (!cdev->ap.applid) |
807 |
+ return -ENODEV; |
808 |
+ |
809 |
++ if (count < CAPIMSG_BASELEN) |
810 |
++ return -EINVAL; |
811 |
++ |
812 |
+ skb = alloc_skb(count, GFP_USER); |
813 |
+ if (!skb) |
814 |
+ return -ENOMEM; |
815 |
+@@ -698,7 +701,8 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos |
816 |
+ } |
817 |
+ mlen = CAPIMSG_LEN(skb->data); |
818 |
+ if (CAPIMSG_CMD(skb->data) == CAPI_DATA_B3_REQ) { |
819 |
+- if ((size_t)(mlen + CAPIMSG_DATALEN(skb->data)) != count) { |
820 |
++ if (count < CAPI_DATA_B3_REQ_LEN || |
821 |
++ (size_t)(mlen + CAPIMSG_DATALEN(skb->data)) != count) { |
822 |
+ kfree_skb(skb); |
823 |
+ return -EINVAL; |
824 |
+ } |
825 |
+@@ -711,6 +715,10 @@ capi_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos |
826 |
+ CAPIMSG_SETAPPID(skb->data, cdev->ap.applid); |
827 |
+ |
828 |
+ if (CAPIMSG_CMD(skb->data) == CAPI_DISCONNECT_B3_RESP) { |
829 |
++ if (count < CAPI_DISCONNECT_B3_RESP_LEN) { |
830 |
++ kfree_skb(skb); |
831 |
++ return -EINVAL; |
832 |
++ } |
833 |
+ mutex_lock(&cdev->lock); |
834 |
+ capincci_free(cdev, CAPIMSG_NCCI(skb->data)); |
835 |
+ mutex_unlock(&cdev->lock); |
836 |
+diff --git a/drivers/mtd/nand/raw/mtk_nand.c b/drivers/mtd/nand/raw/mtk_nand.c |
837 |
+index dce5b7e44e7a..ab5a8778c4b2 100644 |
838 |
+--- a/drivers/mtd/nand/raw/mtk_nand.c |
839 |
++++ b/drivers/mtd/nand/raw/mtk_nand.c |
840 |
+@@ -863,19 +863,21 @@ static int mtk_nfc_write_oob_std(struct mtd_info *mtd, struct nand_chip *chip, |
841 |
+ return mtk_nfc_write_page_raw(mtd, chip, NULL, 1, page); |
842 |
+ } |
843 |
+ |
844 |
+-static int mtk_nfc_update_ecc_stats(struct mtd_info *mtd, u8 *buf, u32 sectors) |
845 |
++static int mtk_nfc_update_ecc_stats(struct mtd_info *mtd, u8 *buf, u32 start, |
846 |
++ u32 sectors) |
847 |
+ { |
848 |
+ struct nand_chip *chip = mtd_to_nand(mtd); |
849 |
+ struct mtk_nfc *nfc = nand_get_controller_data(chip); |
850 |
+ struct mtk_nfc_nand_chip *mtk_nand = to_mtk_nand(chip); |
851 |
+ struct mtk_ecc_stats stats; |
852 |
++ u32 reg_size = mtk_nand->fdm.reg_size; |
853 |
+ int rc, i; |
854 |
+ |
855 |
+ rc = nfi_readl(nfc, NFI_STA) & STA_EMP_PAGE; |
856 |
+ if (rc) { |
857 |
+ memset(buf, 0xff, sectors * chip->ecc.size); |
858 |
+ for (i = 0; i < sectors; i++) |
859 |
+- memset(oob_ptr(chip, i), 0xff, mtk_nand->fdm.reg_size); |
860 |
++ memset(oob_ptr(chip, start + i), 0xff, reg_size); |
861 |
+ return 0; |
862 |
+ } |
863 |
+ |
864 |
+@@ -895,7 +897,7 @@ static int mtk_nfc_read_subpage(struct mtd_info *mtd, struct nand_chip *chip, |
865 |
+ u32 spare = mtk_nand->spare_per_sector; |
866 |
+ u32 column, sectors, start, end, reg; |
867 |
+ dma_addr_t addr; |
868 |
+- int bitflips; |
869 |
++ int bitflips = 0; |
870 |
+ size_t len; |
871 |
+ u8 *buf; |
872 |
+ int rc; |
873 |
+@@ -962,14 +964,11 @@ static int mtk_nfc_read_subpage(struct mtd_info *mtd, struct nand_chip *chip, |
874 |
+ if (rc < 0) { |
875 |
+ dev_err(nfc->dev, "subpage done timeout\n"); |
876 |
+ bitflips = -EIO; |
877 |
+- } else { |
878 |
+- bitflips = 0; |
879 |
+- if (!raw) { |
880 |
+- rc = mtk_ecc_wait_done(nfc->ecc, ECC_DECODE); |
881 |
+- bitflips = rc < 0 ? -ETIMEDOUT : |
882 |
+- mtk_nfc_update_ecc_stats(mtd, buf, sectors); |
883 |
+- mtk_nfc_read_fdm(chip, start, sectors); |
884 |
+- } |
885 |
++ } else if (!raw) { |
886 |
++ rc = mtk_ecc_wait_done(nfc->ecc, ECC_DECODE); |
887 |
++ bitflips = rc < 0 ? -ETIMEDOUT : |
888 |
++ mtk_nfc_update_ecc_stats(mtd, buf, start, sectors); |
889 |
++ mtk_nfc_read_fdm(chip, start, sectors); |
890 |
+ } |
891 |
+ |
892 |
+ dma_unmap_single(nfc->dev, addr, len, DMA_FROM_DEVICE); |
893 |
+diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c |
894 |
+index 410d5d3aa393..85280765d793 100644 |
895 |
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c |
896 |
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c |
897 |
+@@ -34,6 +34,7 @@ |
898 |
+ #include <net/tc_act/tc_mirred.h> |
899 |
+ #include <net/vxlan.h> |
900 |
+ #include <net/mpls.h> |
901 |
++#include <net/xfrm.h> |
902 |
+ |
903 |
+ #include "ixgbe.h" |
904 |
+ #include "ixgbe_common.h" |
905 |
+@@ -2625,7 +2626,7 @@ adjust_by_size: |
906 |
+ /* 16K ints/sec to 9.2K ints/sec */ |
907 |
+ avg_wire_size *= 15; |
908 |
+ avg_wire_size += 11452; |
909 |
+- } else if (avg_wire_size <= 1980) { |
910 |
++ } else if (avg_wire_size < 1968) { |
911 |
+ /* 9.2K ints/sec to 8K ints/sec */ |
912 |
+ avg_wire_size *= 5; |
913 |
+ avg_wire_size += 22420; |
914 |
+@@ -2658,6 +2659,8 @@ adjust_by_size: |
915 |
+ case IXGBE_LINK_SPEED_2_5GB_FULL: |
916 |
+ case IXGBE_LINK_SPEED_1GB_FULL: |
917 |
+ case IXGBE_LINK_SPEED_10_FULL: |
918 |
++ if (avg_wire_size > 8064) |
919 |
++ avg_wire_size = 8064; |
920 |
+ itr += DIV_ROUND_UP(avg_wire_size, |
921 |
+ IXGBE_ITR_ADAPTIVE_MIN_INC * 64) * |
922 |
+ IXGBE_ITR_ADAPTIVE_MIN_INC; |
923 |
+@@ -8599,7 +8602,8 @@ netdev_tx_t ixgbe_xmit_frame_ring(struct sk_buff *skb, |
924 |
+ #endif /* IXGBE_FCOE */ |
925 |
+ |
926 |
+ #ifdef CONFIG_XFRM_OFFLOAD |
927 |
+- if (skb->sp && !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx)) |
928 |
++ if (xfrm_offload(skb) && |
929 |
++ !ixgbe_ipsec_tx(tx_ring, first, &ipsec_tx)) |
930 |
+ goto out_drop; |
931 |
+ #endif |
932 |
+ tso = ixgbe_tso(tx_ring, first, &hdr_len, &ipsec_tx); |
933 |
+diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c |
934 |
+index 2e8056d48f4a..723611ac9102 100644 |
935 |
+--- a/drivers/net/phy/phylink.c |
936 |
++++ b/drivers/net/phy/phylink.c |
937 |
+@@ -380,8 +380,8 @@ static void phylink_get_fixed_state(struct phylink *pl, struct phylink_link_stat |
938 |
+ * Local device Link partner |
939 |
+ * Pause AsymDir Pause AsymDir Result |
940 |
+ * 1 X 1 X TX+RX |
941 |
+- * 0 1 1 1 RX |
942 |
+- * 1 1 0 1 TX |
943 |
++ * 0 1 1 1 TX |
944 |
++ * 1 1 0 1 RX |
945 |
+ */ |
946 |
+ static void phylink_resolve_flow(struct phylink *pl, |
947 |
+ struct phylink_link_state *state) |
948 |
+@@ -402,7 +402,7 @@ static void phylink_resolve_flow(struct phylink *pl, |
949 |
+ new_pause = MLO_PAUSE_TX | MLO_PAUSE_RX; |
950 |
+ else if (pause & MLO_PAUSE_ASYM) |
951 |
+ new_pause = state->pause & MLO_PAUSE_SYM ? |
952 |
+- MLO_PAUSE_RX : MLO_PAUSE_TX; |
953 |
++ MLO_PAUSE_TX : MLO_PAUSE_RX; |
954 |
+ } else { |
955 |
+ new_pause = pl->link_config.pause & MLO_PAUSE_TXRX_MASK; |
956 |
+ } |
957 |
+diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
958 |
+index 5fa7047ea361..e1ac1c57089f 100644 |
959 |
+--- a/drivers/net/tun.c |
960 |
++++ b/drivers/net/tun.c |
961 |
+@@ -801,7 +801,8 @@ static void tun_detach_all(struct net_device *dev) |
962 |
+ } |
963 |
+ |
964 |
+ static int tun_attach(struct tun_struct *tun, struct file *file, |
965 |
+- bool skip_filter, bool napi, bool napi_frags) |
966 |
++ bool skip_filter, bool napi, bool napi_frags, |
967 |
++ bool publish_tun) |
968 |
+ { |
969 |
+ struct tun_file *tfile = file->private_data; |
970 |
+ struct net_device *dev = tun->dev; |
971 |
+@@ -881,7 +882,8 @@ static int tun_attach(struct tun_struct *tun, struct file *file, |
972 |
+ * initialized tfile; otherwise we risk using half-initialized |
973 |
+ * object. |
974 |
+ */ |
975 |
+- rcu_assign_pointer(tfile->tun, tun); |
976 |
++ if (publish_tun) |
977 |
++ rcu_assign_pointer(tfile->tun, tun); |
978 |
+ rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile); |
979 |
+ tun->numqueues++; |
980 |
+ tun_set_real_num_queues(tun); |
981 |
+@@ -2553,7 +2555,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
982 |
+ |
983 |
+ err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER, |
984 |
+ ifr->ifr_flags & IFF_NAPI, |
985 |
+- ifr->ifr_flags & IFF_NAPI_FRAGS); |
986 |
++ ifr->ifr_flags & IFF_NAPI_FRAGS, true); |
987 |
+ if (err < 0) |
988 |
+ return err; |
989 |
+ |
990 |
+@@ -2652,13 +2654,17 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
991 |
+ |
992 |
+ INIT_LIST_HEAD(&tun->disabled); |
993 |
+ err = tun_attach(tun, file, false, ifr->ifr_flags & IFF_NAPI, |
994 |
+- ifr->ifr_flags & IFF_NAPI_FRAGS); |
995 |
++ ifr->ifr_flags & IFF_NAPI_FRAGS, false); |
996 |
+ if (err < 0) |
997 |
+ goto err_free_flow; |
998 |
+ |
999 |
+ err = register_netdevice(tun->dev); |
1000 |
+ if (err < 0) |
1001 |
+ goto err_detach; |
1002 |
++ /* free_netdev() won't check refcnt, to aovid race |
1003 |
++ * with dev_put() we need publish tun after registration. |
1004 |
++ */ |
1005 |
++ rcu_assign_pointer(tfile->tun, tun); |
1006 |
+ } |
1007 |
+ |
1008 |
+ netif_carrier_on(tun->dev); |
1009 |
+@@ -2802,7 +2808,7 @@ static int tun_set_queue(struct file *file, struct ifreq *ifr) |
1010 |
+ if (ret < 0) |
1011 |
+ goto unlock; |
1012 |
+ ret = tun_attach(tun, file, false, tun->flags & IFF_NAPI, |
1013 |
+- tun->flags & IFF_NAPI_FRAGS); |
1014 |
++ tun->flags & IFF_NAPI_FRAGS, true); |
1015 |
+ } else if (ifr->ifr_flags & IFF_DETACH_QUEUE) { |
1016 |
+ tun = rtnl_dereference(tfile->tun); |
1017 |
+ if (!tun || !(tun->flags & IFF_MULTI_QUEUE) || tfile->detached) |
1018 |
+diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c |
1019 |
+index 5c42cf81a08b..85fba64c3fcf 100644 |
1020 |
+--- a/drivers/net/usb/cdc_ether.c |
1021 |
++++ b/drivers/net/usb/cdc_ether.c |
1022 |
+@@ -221,9 +221,16 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) |
1023 |
+ goto bad_desc; |
1024 |
+ } |
1025 |
+ skip: |
1026 |
+- if ( rndis && |
1027 |
+- header.usb_cdc_acm_descriptor && |
1028 |
+- header.usb_cdc_acm_descriptor->bmCapabilities) { |
1029 |
++ /* Communcation class functions with bmCapabilities are not |
1030 |
++ * RNDIS. But some Wireless class RNDIS functions use |
1031 |
++ * bmCapabilities for their own purpose. The failsafe is |
1032 |
++ * therefore applied only to Communication class RNDIS |
1033 |
++ * functions. The rndis test is redundant, but a cheap |
1034 |
++ * optimization. |
1035 |
++ */ |
1036 |
++ if (rndis && is_rndis(&intf->cur_altsetting->desc) && |
1037 |
++ header.usb_cdc_acm_descriptor && |
1038 |
++ header.usb_cdc_acm_descriptor->bmCapabilities) { |
1039 |
+ dev_dbg(&intf->dev, |
1040 |
+ "ACM capabilities %02x, not really RNDIS?\n", |
1041 |
+ header.usb_cdc_acm_descriptor->bmCapabilities); |
1042 |
+diff --git a/drivers/net/wireless/rsi/rsi_91x_usb.c b/drivers/net/wireless/rsi/rsi_91x_usb.c |
1043 |
+index f360690396dd..14e56bee0548 100644 |
1044 |
+--- a/drivers/net/wireless/rsi/rsi_91x_usb.c |
1045 |
++++ b/drivers/net/wireless/rsi/rsi_91x_usb.c |
1046 |
+@@ -643,7 +643,6 @@ fail_rx: |
1047 |
+ kfree(rsi_dev->tx_buffer); |
1048 |
+ |
1049 |
+ fail_eps: |
1050 |
+- kfree(rsi_dev); |
1051 |
+ |
1052 |
+ return status; |
1053 |
+ } |
1054 |
+diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c |
1055 |
+index 99de51e87f7f..d32eba11c000 100644 |
1056 |
+--- a/drivers/nvmem/core.c |
1057 |
++++ b/drivers/nvmem/core.c |
1058 |
+@@ -415,10 +415,17 @@ static int nvmem_setup_compat(struct nvmem_device *nvmem, |
1059 |
+ if (!config->base_dev) |
1060 |
+ return -EINVAL; |
1061 |
+ |
1062 |
+- if (nvmem->read_only) |
1063 |
+- nvmem->eeprom = bin_attr_ro_root_nvmem; |
1064 |
+- else |
1065 |
+- nvmem->eeprom = bin_attr_rw_root_nvmem; |
1066 |
++ if (nvmem->read_only) { |
1067 |
++ if (config->root_only) |
1068 |
++ nvmem->eeprom = bin_attr_ro_root_nvmem; |
1069 |
++ else |
1070 |
++ nvmem->eeprom = bin_attr_ro_nvmem; |
1071 |
++ } else { |
1072 |
++ if (config->root_only) |
1073 |
++ nvmem->eeprom = bin_attr_rw_root_nvmem; |
1074 |
++ else |
1075 |
++ nvmem->eeprom = bin_attr_rw_nvmem; |
1076 |
++ } |
1077 |
+ nvmem->eeprom.attr.name = "eeprom"; |
1078 |
+ nvmem->eeprom.size = nvmem->size; |
1079 |
+ #ifdef CONFIG_DEBUG_LOCK_ALLOC |
1080 |
+diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c |
1081 |
+index 956ee7527d2c..ec317bcb1bca 100644 |
1082 |
+--- a/drivers/pci/pci-driver.c |
1083 |
++++ b/drivers/pci/pci-driver.c |
1084 |
+@@ -399,7 +399,8 @@ void __weak pcibios_free_irq(struct pci_dev *dev) |
1085 |
+ #ifdef CONFIG_PCI_IOV |
1086 |
+ static inline bool pci_device_can_probe(struct pci_dev *pdev) |
1087 |
+ { |
1088 |
+- return (!pdev->is_virtfn || pdev->physfn->sriov->drivers_autoprobe); |
1089 |
++ return (!pdev->is_virtfn || pdev->physfn->sriov->drivers_autoprobe || |
1090 |
++ pdev->driver_override); |
1091 |
+ } |
1092 |
+ #else |
1093 |
+ static inline bool pci_device_can_probe(struct pci_dev *pdev) |
1094 |
+diff --git a/drivers/platform/x86/pmc_atom.c b/drivers/platform/x86/pmc_atom.c |
1095 |
+index b1d804376237..6a61028cbb3c 100644 |
1096 |
+--- a/drivers/platform/x86/pmc_atom.c |
1097 |
++++ b/drivers/platform/x86/pmc_atom.c |
1098 |
+@@ -421,6 +421,14 @@ static const struct dmi_system_id critclk_systems[] = { |
1099 |
+ DMI_MATCH(DMI_BOARD_NAME, "CB3163"), |
1100 |
+ }, |
1101 |
+ }, |
1102 |
++ { |
1103 |
++ /* pmc_plt_clk* - are used for ethernet controllers */ |
1104 |
++ .ident = "Beckhoff CB4063", |
1105 |
++ .matches = { |
1106 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Beckhoff Automation"), |
1107 |
++ DMI_MATCH(DMI_BOARD_NAME, "CB4063"), |
1108 |
++ }, |
1109 |
++ }, |
1110 |
+ { |
1111 |
+ /* pmc_plt_clk* - are used for ethernet controllers */ |
1112 |
+ .ident = "Beckhoff CB6263", |
1113 |
+diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
1114 |
+index 08c5afa06aee..e561eb475339 100644 |
1115 |
+--- a/fs/btrfs/tree-log.c |
1116 |
++++ b/fs/btrfs/tree-log.c |
1117 |
+@@ -5107,7 +5107,7 @@ again: |
1118 |
+ BTRFS_I(other_inode), |
1119 |
+ LOG_OTHER_INODE, 0, LLONG_MAX, |
1120 |
+ ctx); |
1121 |
+- iput(other_inode); |
1122 |
++ btrfs_add_delayed_iput(other_inode); |
1123 |
+ if (err) |
1124 |
+ goto out_unlock; |
1125 |
+ else |
1126 |
+@@ -5519,7 +5519,7 @@ process_leaf: |
1127 |
+ } |
1128 |
+ |
1129 |
+ if (btrfs_inode_in_log(BTRFS_I(di_inode), trans->transid)) { |
1130 |
+- iput(di_inode); |
1131 |
++ btrfs_add_delayed_iput(di_inode); |
1132 |
+ break; |
1133 |
+ } |
1134 |
+ |
1135 |
+@@ -5531,7 +5531,7 @@ process_leaf: |
1136 |
+ if (!ret && |
1137 |
+ btrfs_must_commit_transaction(trans, BTRFS_I(di_inode))) |
1138 |
+ ret = 1; |
1139 |
+- iput(di_inode); |
1140 |
++ btrfs_add_delayed_iput(di_inode); |
1141 |
+ if (ret) |
1142 |
+ goto next_dir_inode; |
1143 |
+ if (ctx->log_new_dentries) { |
1144 |
+@@ -5678,7 +5678,7 @@ static int btrfs_log_all_parents(struct btrfs_trans_handle *trans, |
1145 |
+ if (!ret && ctx && ctx->log_new_dentries) |
1146 |
+ ret = log_new_dir_dentries(trans, root, |
1147 |
+ BTRFS_I(dir_inode), ctx); |
1148 |
+- iput(dir_inode); |
1149 |
++ btrfs_add_delayed_iput(dir_inode); |
1150 |
+ if (ret) |
1151 |
+ goto out; |
1152 |
+ } |
1153 |
+diff --git a/fs/ubifs/tnc.c b/fs/ubifs/tnc.c |
1154 |
+index bf416e512743..f15ac37956e7 100644 |
1155 |
+--- a/fs/ubifs/tnc.c |
1156 |
++++ b/fs/ubifs/tnc.c |
1157 |
+@@ -1165,8 +1165,8 @@ static struct ubifs_znode *dirty_cow_bottom_up(struct ubifs_info *c, |
1158 |
+ * o exact match, i.e. the found zero-level znode contains key @key, then %1 |
1159 |
+ * is returned and slot number of the matched branch is stored in @n; |
1160 |
+ * o not exact match, which means that zero-level znode does not contain |
1161 |
+- * @key, then %0 is returned and slot number of the closest branch is stored |
1162 |
+- * in @n; |
1163 |
++ * @key, then %0 is returned and slot number of the closest branch or %-1 |
1164 |
++ * is stored in @n; In this case calling tnc_next() is mandatory. |
1165 |
+ * o @key is so small that it is even less than the lowest key of the |
1166 |
+ * leftmost zero-level node, then %0 is returned and %0 is stored in @n. |
1167 |
+ * |
1168 |
+@@ -1883,13 +1883,19 @@ int ubifs_tnc_lookup_nm(struct ubifs_info *c, const union ubifs_key *key, |
1169 |
+ |
1170 |
+ static int search_dh_cookie(struct ubifs_info *c, const union ubifs_key *key, |
1171 |
+ struct ubifs_dent_node *dent, uint32_t cookie, |
1172 |
+- struct ubifs_znode **zn, int *n) |
1173 |
++ struct ubifs_znode **zn, int *n, int exact) |
1174 |
+ { |
1175 |
+ int err; |
1176 |
+ struct ubifs_znode *znode = *zn; |
1177 |
+ struct ubifs_zbranch *zbr; |
1178 |
+ union ubifs_key *dkey; |
1179 |
+ |
1180 |
++ if (!exact) { |
1181 |
++ err = tnc_next(c, &znode, n); |
1182 |
++ if (err) |
1183 |
++ return err; |
1184 |
++ } |
1185 |
++ |
1186 |
+ for (;;) { |
1187 |
+ zbr = &znode->zbranch[*n]; |
1188 |
+ dkey = &zbr->key; |
1189 |
+@@ -1931,7 +1937,7 @@ static int do_lookup_dh(struct ubifs_info *c, const union ubifs_key *key, |
1190 |
+ if (unlikely(err < 0)) |
1191 |
+ goto out_unlock; |
1192 |
+ |
1193 |
+- err = search_dh_cookie(c, key, dent, cookie, &znode, &n); |
1194 |
++ err = search_dh_cookie(c, key, dent, cookie, &znode, &n, err); |
1195 |
+ |
1196 |
+ out_unlock: |
1197 |
+ mutex_unlock(&c->tnc_mutex); |
1198 |
+@@ -2718,7 +2724,7 @@ int ubifs_tnc_remove_dh(struct ubifs_info *c, const union ubifs_key *key, |
1199 |
+ if (unlikely(err < 0)) |
1200 |
+ goto out_free; |
1201 |
+ |
1202 |
+- err = search_dh_cookie(c, key, dent, cookie, &znode, &n); |
1203 |
++ err = search_dh_cookie(c, key, dent, cookie, &znode, &n, err); |
1204 |
+ if (err) |
1205 |
+ goto out_free; |
1206 |
+ } |
1207 |
+diff --git a/include/uapi/linux/isdn/capicmd.h b/include/uapi/linux/isdn/capicmd.h |
1208 |
+index 4941628a4fb9..5ec88e7548a9 100644 |
1209 |
+--- a/include/uapi/linux/isdn/capicmd.h |
1210 |
++++ b/include/uapi/linux/isdn/capicmd.h |
1211 |
+@@ -16,6 +16,7 @@ |
1212 |
+ #define CAPI_MSG_BASELEN 8 |
1213 |
+ #define CAPI_DATA_B3_REQ_LEN (CAPI_MSG_BASELEN+4+4+2+2+2) |
1214 |
+ #define CAPI_DATA_B3_RESP_LEN (CAPI_MSG_BASELEN+4+2) |
1215 |
++#define CAPI_DISCONNECT_B3_RESP_LEN (CAPI_MSG_BASELEN+4) |
1216 |
+ |
1217 |
+ /*----- CAPI commands -----*/ |
1218 |
+ #define CAPI_ALERT 0x01 |
1219 |
+diff --git a/kernel/irq/resend.c b/kernel/irq/resend.c |
1220 |
+index 95414ad3506a..98c04ca5fa43 100644 |
1221 |
+--- a/kernel/irq/resend.c |
1222 |
++++ b/kernel/irq/resend.c |
1223 |
+@@ -36,6 +36,8 @@ static void resend_irqs(unsigned long arg) |
1224 |
+ irq = find_first_bit(irqs_resend, nr_irqs); |
1225 |
+ clear_bit(irq, irqs_resend); |
1226 |
+ desc = irq_to_desc(irq); |
1227 |
++ if (!desc) |
1228 |
++ continue; |
1229 |
+ local_irq_disable(); |
1230 |
+ desc->handle_irq(desc); |
1231 |
+ local_irq_enable(); |
1232 |
+diff --git a/kernel/module.c b/kernel/module.c |
1233 |
+index 0d86fc73d63d..8257110bf599 100644 |
1234 |
+--- a/kernel/module.c |
1235 |
++++ b/kernel/module.c |
1236 |
+@@ -1884,7 +1884,7 @@ static void mod_sysfs_teardown(struct module *mod) |
1237 |
+ mod_sysfs_fini(mod); |
1238 |
+ } |
1239 |
+ |
1240 |
+-#ifdef CONFIG_STRICT_MODULE_RWX |
1241 |
++#ifdef CONFIG_ARCH_HAS_STRICT_MODULE_RWX |
1242 |
+ /* |
1243 |
+ * LKM RO/NX protection: protect module's text/ro-data |
1244 |
+ * from modification and any data from execution. |
1245 |
+@@ -1907,6 +1907,7 @@ static void frob_text(const struct module_layout *layout, |
1246 |
+ layout->text_size >> PAGE_SHIFT); |
1247 |
+ } |
1248 |
+ |
1249 |
++#ifdef CONFIG_STRICT_MODULE_RWX |
1250 |
+ static void frob_rodata(const struct module_layout *layout, |
1251 |
+ int (*set_memory)(unsigned long start, int num_pages)) |
1252 |
+ { |
1253 |
+@@ -1956,13 +1957,9 @@ void module_enable_ro(const struct module *mod, bool after_init) |
1254 |
+ return; |
1255 |
+ |
1256 |
+ frob_text(&mod->core_layout, set_memory_ro); |
1257 |
+- frob_text(&mod->core_layout, set_memory_x); |
1258 |
+ |
1259 |
+ frob_rodata(&mod->core_layout, set_memory_ro); |
1260 |
+- |
1261 |
+ frob_text(&mod->init_layout, set_memory_ro); |
1262 |
+- frob_text(&mod->init_layout, set_memory_x); |
1263 |
+- |
1264 |
+ frob_rodata(&mod->init_layout, set_memory_ro); |
1265 |
+ |
1266 |
+ if (after_init) |
1267 |
+@@ -2043,11 +2040,23 @@ static void disable_ro_nx(const struct module_layout *layout) |
1268 |
+ frob_writable_data(layout, set_memory_x); |
1269 |
+ } |
1270 |
+ |
1271 |
+-#else |
1272 |
++#else /* !CONFIG_STRICT_MODULE_RWX */ |
1273 |
+ static void disable_ro_nx(const struct module_layout *layout) { } |
1274 |
+ static void module_enable_nx(const struct module *mod) { } |
1275 |
+ static void module_disable_nx(const struct module *mod) { } |
1276 |
+-#endif |
1277 |
++#endif /* CONFIG_STRICT_MODULE_RWX */ |
1278 |
++ |
1279 |
++static void module_enable_x(const struct module *mod) |
1280 |
++{ |
1281 |
++ frob_text(&mod->core_layout, set_memory_x); |
1282 |
++ frob_text(&mod->init_layout, set_memory_x); |
1283 |
++} |
1284 |
++#else /* !CONFIG_ARCH_HAS_STRICT_MODULE_RWX */ |
1285 |
++static void disable_ro_nx(const struct module_layout *layout) { } |
1286 |
++static void module_enable_nx(const struct module *mod) { } |
1287 |
++static void module_disable_nx(const struct module *mod) { } |
1288 |
++static void module_enable_x(const struct module *mod) { } |
1289 |
++#endif /* CONFIG_ARCH_HAS_STRICT_MODULE_RWX */ |
1290 |
+ |
1291 |
+ #ifdef CONFIG_LIVEPATCH |
1292 |
+ /* |
1293 |
+@@ -3604,6 +3613,7 @@ static int complete_formation(struct module *mod, struct load_info *info) |
1294 |
+ |
1295 |
+ module_enable_ro(mod, false); |
1296 |
+ module_enable_nx(mod); |
1297 |
++ module_enable_x(mod); |
1298 |
+ |
1299 |
+ /* Mark state as coming so strong_try_module_get() ignores us, |
1300 |
+ * but kallsyms etc. can see us. */ |
1301 |
+diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c |
1302 |
+index 6d9f48bd374a..55198818e3e5 100644 |
1303 |
+--- a/net/bridge/br_mdb.c |
1304 |
++++ b/net/bridge/br_mdb.c |
1305 |
+@@ -419,7 +419,7 @@ static int nlmsg_populate_rtr_fill(struct sk_buff *skb, |
1306 |
+ struct nlmsghdr *nlh; |
1307 |
+ struct nlattr *nest; |
1308 |
+ |
1309 |
+- nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), NLM_F_MULTI); |
1310 |
++ nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0); |
1311 |
+ if (!nlh) |
1312 |
+ return -EMSGSIZE; |
1313 |
+ |
1314 |
+diff --git a/net/core/dev.c b/net/core/dev.c |
1315 |
+index e4b4cb40da00..ddd8aab20adf 100644 |
1316 |
+--- a/net/core/dev.c |
1317 |
++++ b/net/core/dev.c |
1318 |
+@@ -8562,6 +8562,8 @@ int register_netdevice(struct net_device *dev) |
1319 |
+ ret = notifier_to_errno(ret); |
1320 |
+ if (ret) { |
1321 |
+ rollback_registered(dev); |
1322 |
++ rcu_barrier(); |
1323 |
++ |
1324 |
+ dev->reg_state = NETREG_UNREGISTERED; |
1325 |
+ } |
1326 |
+ /* |
1327 |
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
1328 |
+index 9b9f696281a9..0629ca89ab74 100644 |
1329 |
+--- a/net/core/skbuff.c |
1330 |
++++ b/net/core/skbuff.c |
1331 |
+@@ -3530,6 +3530,25 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb, |
1332 |
+ int pos; |
1333 |
+ int dummy; |
1334 |
+ |
1335 |
++ if (list_skb && !list_skb->head_frag && skb_headlen(list_skb) && |
1336 |
++ (skb_shinfo(head_skb)->gso_type & SKB_GSO_DODGY)) { |
1337 |
++ /* gso_size is untrusted, and we have a frag_list with a linear |
1338 |
++ * non head_frag head. |
1339 |
++ * |
1340 |
++ * (we assume checking the first list_skb member suffices; |
1341 |
++ * i.e if either of the list_skb members have non head_frag |
1342 |
++ * head, then the first one has too). |
1343 |
++ * |
1344 |
++ * If head_skb's headlen does not fit requested gso_size, it |
1345 |
++ * means that the frag_list members do NOT terminate on exact |
1346 |
++ * gso_size boundaries. Hence we cannot perform skb_frag_t page |
1347 |
++ * sharing. Therefore we must fallback to copying the frag_list |
1348 |
++ * skbs; we do so by disabling SG. |
1349 |
++ */ |
1350 |
++ if (mss != GSO_BY_FRAGS && mss != skb_headlen(head_skb)) |
1351 |
++ features &= ~NETIF_F_SG; |
1352 |
++ } |
1353 |
++ |
1354 |
+ __skb_push(head_skb, doffset); |
1355 |
+ proto = skb_network_protocol(head_skb, &dummy); |
1356 |
+ if (unlikely(!proto)) |
1357 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
1358 |
+index 4a8869d39662..14a6a489937c 100644 |
1359 |
+--- a/net/ipv4/tcp_input.c |
1360 |
++++ b/net/ipv4/tcp_input.c |
1361 |
+@@ -260,7 +260,7 @@ static void tcp_ecn_accept_cwr(struct sock *sk, const struct sk_buff *skb) |
1362 |
+ |
1363 |
+ static void tcp_ecn_withdraw_cwr(struct tcp_sock *tp) |
1364 |
+ { |
1365 |
+- tp->ecn_flags &= ~TCP_ECN_DEMAND_CWR; |
1366 |
++ tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; |
1367 |
+ } |
1368 |
+ |
1369 |
+ static void __tcp_ecn_check_ce(struct sock *sk, const struct sk_buff *skb) |
1370 |
+diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c |
1371 |
+index 4c04bccc7417..5c9be8594483 100644 |
1372 |
+--- a/net/ipv6/ping.c |
1373 |
++++ b/net/ipv6/ping.c |
1374 |
+@@ -228,7 +228,7 @@ static int __net_init ping_v6_proc_init_net(struct net *net) |
1375 |
+ return 0; |
1376 |
+ } |
1377 |
+ |
1378 |
+-static void __net_init ping_v6_proc_exit_net(struct net *net) |
1379 |
++static void __net_exit ping_v6_proc_exit_net(struct net *net) |
1380 |
+ { |
1381 |
+ remove_proc_entry("icmp6", net->proc_net); |
1382 |
+ } |
1383 |
+diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c |
1384 |
+index 77b289da7763..875f521bce0d 100644 |
1385 |
+--- a/net/sched/sch_generic.c |
1386 |
++++ b/net/sched/sch_generic.c |
1387 |
+@@ -49,6 +49,8 @@ EXPORT_SYMBOL(default_qdisc_ops); |
1388 |
+ * - updates to tree and tree walking are only done under the rtnl mutex. |
1389 |
+ */ |
1390 |
+ |
1391 |
++#define SKB_XOFF_MAGIC ((struct sk_buff *)1UL) |
1392 |
++ |
1393 |
+ static inline struct sk_buff *__skb_dequeue_bad_txq(struct Qdisc *q) |
1394 |
+ { |
1395 |
+ const struct netdev_queue *txq = q->dev_queue; |
1396 |
+@@ -74,7 +76,7 @@ static inline struct sk_buff *__skb_dequeue_bad_txq(struct Qdisc *q) |
1397 |
+ q->q.qlen--; |
1398 |
+ } |
1399 |
+ } else { |
1400 |
+- skb = NULL; |
1401 |
++ skb = SKB_XOFF_MAGIC; |
1402 |
+ } |
1403 |
+ } |
1404 |
+ |
1405 |
+@@ -272,8 +274,11 @@ validate: |
1406 |
+ return skb; |
1407 |
+ |
1408 |
+ skb = qdisc_dequeue_skb_bad_txq(q); |
1409 |
+- if (unlikely(skb)) |
1410 |
++ if (unlikely(skb)) { |
1411 |
++ if (skb == SKB_XOFF_MAGIC) |
1412 |
++ return NULL; |
1413 |
+ goto bulk; |
1414 |
++ } |
1415 |
+ skb = q->dequeue(q); |
1416 |
+ if (skb) { |
1417 |
+ bulk: |
1418 |
+diff --git a/net/sched/sch_hhf.c b/net/sched/sch_hhf.c |
1419 |
+index c3a8388dcdf6..a80fe8aa8527 100644 |
1420 |
+--- a/net/sched/sch_hhf.c |
1421 |
++++ b/net/sched/sch_hhf.c |
1422 |
+@@ -529,7 +529,7 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt, |
1423 |
+ new_hhf_non_hh_weight = nla_get_u32(tb[TCA_HHF_NON_HH_WEIGHT]); |
1424 |
+ |
1425 |
+ non_hh_quantum = (u64)new_quantum * new_hhf_non_hh_weight; |
1426 |
+- if (non_hh_quantum > INT_MAX) |
1427 |
++ if (non_hh_quantum == 0 || non_hh_quantum > INT_MAX) |
1428 |
+ return -EINVAL; |
1429 |
+ |
1430 |
+ sch_tree_lock(sch); |
1431 |
+diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c |
1432 |
+index d97b2b4b7a8b..6d36f74ad295 100644 |
1433 |
+--- a/net/sctp/protocol.c |
1434 |
++++ b/net/sctp/protocol.c |
1435 |
+@@ -1350,7 +1350,7 @@ static int __net_init sctp_ctrlsock_init(struct net *net) |
1436 |
+ return status; |
1437 |
+ } |
1438 |
+ |
1439 |
+-static void __net_init sctp_ctrlsock_exit(struct net *net) |
1440 |
++static void __net_exit sctp_ctrlsock_exit(struct net *net) |
1441 |
+ { |
1442 |
+ /* Free the control endpoint. */ |
1443 |
+ inet_ctl_sock_destroy(net->sctp.ctl_sock); |
1444 |
+diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c |
1445 |
+index 28adac31f0ff..de8a82bc6b42 100644 |
1446 |
+--- a/net/sctp/sm_sideeffect.c |
1447 |
++++ b/net/sctp/sm_sideeffect.c |
1448 |
+@@ -562,7 +562,7 @@ static void sctp_do_8_2_transport_strike(struct sctp_cmd_seq *commands, |
1449 |
+ if (net->sctp.pf_enable && |
1450 |
+ (transport->state == SCTP_ACTIVE) && |
1451 |
+ (transport->error_count < transport->pathmaxrxt) && |
1452 |
+- (transport->error_count > asoc->pf_retrans)) { |
1453 |
++ (transport->error_count > transport->pf_retrans)) { |
1454 |
+ |
1455 |
+ sctp_assoc_control_transport(asoc, transport, |
1456 |
+ SCTP_TRANSPORT_PF, |
1457 |
+diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c |
1458 |
+index 3cfeb9df64b0..e0a3dd424d8c 100644 |
1459 |
+--- a/net/tipc/name_distr.c |
1460 |
++++ b/net/tipc/name_distr.c |
1461 |
+@@ -221,7 +221,8 @@ static void tipc_publ_purge(struct net *net, struct publication *publ, u32 addr) |
1462 |
+ publ->key); |
1463 |
+ } |
1464 |
+ |
1465 |
+- kfree_rcu(p, rcu); |
1466 |
++ if (p) |
1467 |
++ kfree_rcu(p, rcu); |
1468 |
+ } |
1469 |
+ |
1470 |
+ /** |