1 |
commit: 55085213bb0871c830884175b80c5e4a12169d97 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 12 09:06:01 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 12 09:06:01 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=55085213 |
7 |
|
8 |
grsecurity-3.1-4.2.7-201512092320 |
9 |
|
10 |
{4.2.6 => 4.2.7}/0000_README | 6 +- |
11 |
4.2.7/1006_linux-4.2.7.patch | 4131 ++++++++++++++++++++ |
12 |
.../4420_grsecurity-3.1-4.2.7-201512092320.patch | 3288 +++++++++++++--- |
13 |
{4.2.6 => 4.2.7}/4425_grsec_remove_EI_PAX.patch | 0 |
14 |
{4.2.6 => 4.2.7}/4427_force_XATTR_PAX_tmpfs.patch | 0 |
15 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
16 |
{4.2.6 => 4.2.7}/4435_grsec-mute-warnings.patch | 0 |
17 |
.../4440_grsec-remove-protected-paths.patch | 0 |
18 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
19 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
20 |
{4.2.6 => 4.2.7}/4470_disable-compat_vdso.patch | 0 |
21 |
{4.2.6 => 4.2.7}/4475_emutramp_default_on.patch | 0 |
22 |
12 files changed, 6777 insertions(+), 648 deletions(-) |
23 |
|
24 |
diff --git a/4.2.6/0000_README b/4.2.7/0000_README |
25 |
similarity index 92% |
26 |
rename from 4.2.6/0000_README |
27 |
rename to 4.2.7/0000_README |
28 |
index ec4db38..8a09897 100644 |
29 |
--- a/4.2.6/0000_README |
30 |
+++ b/4.2.7/0000_README |
31 |
@@ -2,7 +2,11 @@ README |
32 |
----------------------------------------------------------------------------- |
33 |
Individual Patch Descriptions: |
34 |
----------------------------------------------------------------------------- |
35 |
-Patch: 4420_grsecurity-3.1-4.2.6-201512051918.patch |
36 |
+Patch: 1006_linux-4.2.7.patch |
37 |
+From: http://www.kernel.org |
38 |
+Desc: Linux 4.2.7 |
39 |
+ |
40 |
+Patch: 4420_grsecurity-3.1-4.2.7-201512092320.patch |
41 |
From: http://www.grsecurity.net |
42 |
Desc: hardened-sources base patch from upstream grsecurity |
43 |
|
44 |
|
45 |
diff --git a/4.2.7/1006_linux-4.2.7.patch b/4.2.7/1006_linux-4.2.7.patch |
46 |
new file mode 100644 |
47 |
index 0000000..ba25fa7 |
48 |
--- /dev/null |
49 |
+++ b/4.2.7/1006_linux-4.2.7.patch |
50 |
@@ -0,0 +1,4131 @@ |
51 |
+diff --git a/Documentation/devicetree/bindings/usb/dwc3.txt b/Documentation/devicetree/bindings/usb/dwc3.txt |
52 |
+index 0815eac..e12f344 100644 |
53 |
+--- a/Documentation/devicetree/bindings/usb/dwc3.txt |
54 |
++++ b/Documentation/devicetree/bindings/usb/dwc3.txt |
55 |
+@@ -35,6 +35,8 @@ Optional properties: |
56 |
+ LTSSM during USB3 Compliance mode. |
57 |
+ - snps,dis_u3_susphy_quirk: when set core will disable USB3 suspend phy. |
58 |
+ - snps,dis_u2_susphy_quirk: when set core will disable USB2 suspend phy. |
59 |
++ - snps,dis_enblslpm_quirk: when set clears the enblslpm in GUSB2PHYCFG, |
60 |
++ disabling the suspend signal to the PHY. |
61 |
+ - snps,is-utmi-l1-suspend: true when DWC3 asserts output signal |
62 |
+ utmi_l1_suspend_n, false when asserts utmi_sleep_n |
63 |
+ - snps,hird-threshold: HIRD threshold |
64 |
+diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt |
65 |
+index 6f7fafd..3e2844e 100644 |
66 |
+--- a/Documentation/filesystems/proc.txt |
67 |
++++ b/Documentation/filesystems/proc.txt |
68 |
+@@ -140,7 +140,8 @@ Table 1-1: Process specific entries in /proc |
69 |
+ stat Process status |
70 |
+ statm Process memory status information |
71 |
+ status Process status in human readable form |
72 |
+- wchan If CONFIG_KALLSYMS is set, a pre-decoded wchan |
73 |
++ wchan Present with CONFIG_KALLSYMS=y: it shows the kernel function |
74 |
++ symbol the task is blocked in - or "0" if not blocked. |
75 |
+ pagemap Page table |
76 |
+ stack Report full stack trace, enable via CONFIG_STACKTRACE |
77 |
+ smaps a extension based on maps, showing the memory consumption of |
78 |
+@@ -310,7 +311,7 @@ Table 1-4: Contents of the stat files (as of 2.6.30-rc7) |
79 |
+ blocked bitmap of blocked signals |
80 |
+ sigign bitmap of ignored signals |
81 |
+ sigcatch bitmap of caught signals |
82 |
+- wchan address where process went to sleep |
83 |
++ 0 (place holder, used to be the wchan address, use /proc/PID/wchan instead) |
84 |
+ 0 (place holder) |
85 |
+ 0 (place holder) |
86 |
+ exit_signal signal to send to parent thread on exit |
87 |
+diff --git a/Makefile b/Makefile |
88 |
+index 9ef3739..f5014ea 100644 |
89 |
+--- a/Makefile |
90 |
++++ b/Makefile |
91 |
+@@ -1,6 +1,6 @@ |
92 |
+ VERSION = 4 |
93 |
+ PATCHLEVEL = 2 |
94 |
+-SUBLEVEL = 6 |
95 |
++SUBLEVEL = 7 |
96 |
+ EXTRAVERSION = |
97 |
+ NAME = Hurr durr I'ma sheep |
98 |
+ |
99 |
+diff --git a/arch/arm/boot/dts/imx27.dtsi b/arch/arm/boot/dts/imx27.dtsi |
100 |
+index b69be5c..8c603fd 100644 |
101 |
+--- a/arch/arm/boot/dts/imx27.dtsi |
102 |
++++ b/arch/arm/boot/dts/imx27.dtsi |
103 |
+@@ -477,7 +477,10 @@ |
104 |
+ compatible = "fsl,imx27-usb"; |
105 |
+ reg = <0x10024000 0x200>; |
106 |
+ interrupts = <56>; |
107 |
+- clocks = <&clks IMX27_CLK_USB_IPG_GATE>; |
108 |
++ clocks = <&clks IMX27_CLK_USB_IPG_GATE>, |
109 |
++ <&clks IMX27_CLK_USB_AHB_GATE>, |
110 |
++ <&clks IMX27_CLK_USB_DIV>; |
111 |
++ clock-names = "ipg", "ahb", "per"; |
112 |
+ fsl,usbmisc = <&usbmisc 0>; |
113 |
+ status = "disabled"; |
114 |
+ }; |
115 |
+@@ -486,7 +489,10 @@ |
116 |
+ compatible = "fsl,imx27-usb"; |
117 |
+ reg = <0x10024200 0x200>; |
118 |
+ interrupts = <54>; |
119 |
+- clocks = <&clks IMX27_CLK_USB_IPG_GATE>; |
120 |
++ clocks = <&clks IMX27_CLK_USB_IPG_GATE>, |
121 |
++ <&clks IMX27_CLK_USB_AHB_GATE>, |
122 |
++ <&clks IMX27_CLK_USB_DIV>; |
123 |
++ clock-names = "ipg", "ahb", "per"; |
124 |
+ fsl,usbmisc = <&usbmisc 1>; |
125 |
+ dr_mode = "host"; |
126 |
+ status = "disabled"; |
127 |
+@@ -496,7 +502,10 @@ |
128 |
+ compatible = "fsl,imx27-usb"; |
129 |
+ reg = <0x10024400 0x200>; |
130 |
+ interrupts = <55>; |
131 |
+- clocks = <&clks IMX27_CLK_USB_IPG_GATE>; |
132 |
++ clocks = <&clks IMX27_CLK_USB_IPG_GATE>, |
133 |
++ <&clks IMX27_CLK_USB_AHB_GATE>, |
134 |
++ <&clks IMX27_CLK_USB_DIV>; |
135 |
++ clock-names = "ipg", "ahb", "per"; |
136 |
+ fsl,usbmisc = <&usbmisc 2>; |
137 |
+ dr_mode = "host"; |
138 |
+ status = "disabled"; |
139 |
+@@ -506,7 +515,6 @@ |
140 |
+ #index-cells = <1>; |
141 |
+ compatible = "fsl,imx27-usbmisc"; |
142 |
+ reg = <0x10024600 0x200>; |
143 |
+- clocks = <&clks IMX27_CLK_USB_AHB_GATE>; |
144 |
+ }; |
145 |
+ |
146 |
+ sahara2: sahara@10025000 { |
147 |
+diff --git a/arch/arm/boot/dts/omap5-uevm.dts b/arch/arm/boot/dts/omap5-uevm.dts |
148 |
+index 5771a14..23d645d 100644 |
149 |
+--- a/arch/arm/boot/dts/omap5-uevm.dts |
150 |
++++ b/arch/arm/boot/dts/omap5-uevm.dts |
151 |
+@@ -31,6 +31,24 @@ |
152 |
+ regulator-max-microvolt = <3000000>; |
153 |
+ }; |
154 |
+ |
155 |
++ mmc3_pwrseq: sdhci0_pwrseq { |
156 |
++ compatible = "mmc-pwrseq-simple"; |
157 |
++ clocks = <&clk32kgaudio>; |
158 |
++ clock-names = "ext_clock"; |
159 |
++ }; |
160 |
++ |
161 |
++ vmmcsdio_fixed: fixedregulator-mmcsdio { |
162 |
++ compatible = "regulator-fixed"; |
163 |
++ regulator-name = "vmmcsdio_fixed"; |
164 |
++ regulator-min-microvolt = <1800000>; |
165 |
++ regulator-max-microvolt = <1800000>; |
166 |
++ gpio = <&gpio5 12 GPIO_ACTIVE_HIGH>; /* gpio140 WLAN_EN */ |
167 |
++ enable-active-high; |
168 |
++ startup-delay-us = <70000>; |
169 |
++ pinctrl-names = "default"; |
170 |
++ pinctrl-0 = <&wlan_pins>; |
171 |
++ }; |
172 |
++ |
173 |
+ /* HS USB Host PHY on PORT 2 */ |
174 |
+ hsusb2_phy: hsusb2_phy { |
175 |
+ compatible = "usb-nop-xceiv"; |
176 |
+@@ -197,12 +215,20 @@ |
177 |
+ >; |
178 |
+ }; |
179 |
+ |
180 |
+- mcspi4_pins: pinmux_mcspi4_pins { |
181 |
++ mmc3_pins: pinmux_mmc3_pins { |
182 |
++ pinctrl-single,pins = < |
183 |
++ OMAP5_IOPAD(0x01a4, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_clk */ |
184 |
++ OMAP5_IOPAD(0x01a6, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_cmd */ |
185 |
++ OMAP5_IOPAD(0x01a8, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data0 */ |
186 |
++ OMAP5_IOPAD(0x01aa, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data1 */ |
187 |
++ OMAP5_IOPAD(0x01ac, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data2 */ |
188 |
++ OMAP5_IOPAD(0x01ae, PIN_INPUT_PULLUP | MUX_MODE0) /* wlsdio_data3 */ |
189 |
++ >; |
190 |
++ }; |
191 |
++ |
192 |
++ wlan_pins: pinmux_wlan_pins { |
193 |
+ pinctrl-single,pins = < |
194 |
+- 0x164 (PIN_INPUT | MUX_MODE1) /* mcspi4_clk */ |
195 |
+- 0x168 (PIN_INPUT | MUX_MODE1) /* mcspi4_simo */ |
196 |
+- 0x16a (PIN_INPUT | MUX_MODE1) /* mcspi4_somi */ |
197 |
+- 0x16c (PIN_INPUT | MUX_MODE1) /* mcspi4_cs0 */ |
198 |
++ OMAP5_IOPAD(0x1bc, PIN_OUTPUT | MUX_MODE6) /* mcspi1_clk.gpio5_140 */ |
199 |
+ >; |
200 |
+ }; |
201 |
+ |
202 |
+@@ -276,6 +302,12 @@ |
203 |
+ 0x1A (PIN_OUTPUT | MUX_MODE0) /* fref_clk1_out, USB hub clk */ |
204 |
+ >; |
205 |
+ }; |
206 |
++ |
207 |
++ wlcore_irq_pin: pinmux_wlcore_irq_pin { |
208 |
++ pinctrl-single,pins = < |
209 |
++ OMAP5_IOPAD(0x040, WAKEUP_EN | PIN_INPUT_PULLUP | MUX_MODE6) /* llia_wakereqin.gpio1_wk14 */ |
210 |
++ >; |
211 |
++ }; |
212 |
+ }; |
213 |
+ |
214 |
+ &mmc1 { |
215 |
+@@ -290,8 +322,25 @@ |
216 |
+ }; |
217 |
+ |
218 |
+ &mmc3 { |
219 |
++ vmmc-supply = <&vmmcsdio_fixed>; |
220 |
++ mmc-pwrseq = <&mmc3_pwrseq>; |
221 |
+ bus-width = <4>; |
222 |
+- ti,non-removable; |
223 |
++ non-removable; |
224 |
++ cap-power-off-card; |
225 |
++ pinctrl-names = "default"; |
226 |
++ pinctrl-0 = <&mmc3_pins &wlcore_irq_pin>; |
227 |
++ interrupts-extended = <&gic GIC_SPI 94 IRQ_TYPE_LEVEL_HIGH |
228 |
++ &omap5_pmx_core 0x168>; |
229 |
++ |
230 |
++ #address-cells = <1>; |
231 |
++ #size-cells = <0>; |
232 |
++ wlcore: wlcore@2 { |
233 |
++ compatible = "ti,wl1271"; |
234 |
++ reg = <2>; |
235 |
++ interrupt-parent = <&gpio1>; |
236 |
++ interrupts = <14 IRQ_TYPE_LEVEL_HIGH>; /* gpio 14 */ |
237 |
++ ref-clock-frequency = <26000000>; |
238 |
++ }; |
239 |
+ }; |
240 |
+ |
241 |
+ &mmc4 { |
242 |
+@@ -591,11 +640,6 @@ |
243 |
+ pinctrl-0 = <&mcspi3_pins>; |
244 |
+ }; |
245 |
+ |
246 |
+-&mcspi4 { |
247 |
+- pinctrl-names = "default"; |
248 |
+- pinctrl-0 = <&mcspi4_pins>; |
249 |
+-}; |
250 |
+- |
251 |
+ &uart1 { |
252 |
+ pinctrl-names = "default"; |
253 |
+ pinctrl-0 = <&uart1_pins>; |
254 |
+diff --git a/arch/arm/boot/dts/sama5d4.dtsi b/arch/arm/boot/dts/sama5d4.dtsi |
255 |
+index 3ee22ee..1ba10e4 100644 |
256 |
+--- a/arch/arm/boot/dts/sama5d4.dtsi |
257 |
++++ b/arch/arm/boot/dts/sama5d4.dtsi |
258 |
+@@ -939,11 +939,11 @@ |
259 |
+ reg = <0xf8018000 0x4000>; |
260 |
+ interrupts = <33 IRQ_TYPE_LEVEL_HIGH 6>; |
261 |
+ dmas = <&dma1 |
262 |
+- (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1)) |
263 |
+- AT91_XDMAC_DT_PERID(4)>, |
264 |
++ (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1) |
265 |
++ | AT91_XDMAC_DT_PERID(4))>, |
266 |
+ <&dma1 |
267 |
+- (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1)) |
268 |
+- AT91_XDMAC_DT_PERID(5)>; |
269 |
++ (AT91_XDMAC_DT_MEM_IF(0) | AT91_XDMAC_DT_PER_IF(1) |
270 |
++ | AT91_XDMAC_DT_PERID(5))>; |
271 |
+ dma-names = "tx", "rx"; |
272 |
+ pinctrl-names = "default"; |
273 |
+ pinctrl-0 = <&pinctrl_i2c1>; |
274 |
+diff --git a/arch/arm/boot/dts/sun6i-a31-hummingbird.dts b/arch/arm/boot/dts/sun6i-a31-hummingbird.dts |
275 |
+index d0cfada..18f26ca 100644 |
276 |
+--- a/arch/arm/boot/dts/sun6i-a31-hummingbird.dts |
277 |
++++ b/arch/arm/boot/dts/sun6i-a31-hummingbird.dts |
278 |
+@@ -184,18 +184,18 @@ |
279 |
+ regulator-name = "vcc-3v0"; |
280 |
+ }; |
281 |
+ |
282 |
+- vdd_cpu: dcdc2 { |
283 |
++ vdd_gpu: dcdc2 { |
284 |
+ regulator-always-on; |
285 |
+ regulator-min-microvolt = <700000>; |
286 |
+ regulator-max-microvolt = <1320000>; |
287 |
+- regulator-name = "vdd-cpu"; |
288 |
++ regulator-name = "vdd-gpu"; |
289 |
+ }; |
290 |
+ |
291 |
+- vdd_gpu: dcdc3 { |
292 |
++ vdd_cpu: dcdc3 { |
293 |
+ regulator-always-on; |
294 |
+ regulator-min-microvolt = <700000>; |
295 |
+ regulator-max-microvolt = <1320000>; |
296 |
+- regulator-name = "vdd-gpu"; |
297 |
++ regulator-name = "vdd-cpu"; |
298 |
+ }; |
299 |
+ |
300 |
+ vdd_sys_dll: dcdc4 { |
301 |
+diff --git a/arch/arm/common/edma.c b/arch/arm/common/edma.c |
302 |
+index 873dbfc..56fc339 100644 |
303 |
+--- a/arch/arm/common/edma.c |
304 |
++++ b/arch/arm/common/edma.c |
305 |
+@@ -406,7 +406,8 @@ static irqreturn_t dma_irq_handler(int irq, void *data) |
306 |
+ BIT(slot)); |
307 |
+ if (edma_cc[ctlr]->intr_data[channel].callback) |
308 |
+ edma_cc[ctlr]->intr_data[channel].callback( |
309 |
+- channel, EDMA_DMA_COMPLETE, |
310 |
++ EDMA_CTLR_CHAN(ctlr, channel), |
311 |
++ EDMA_DMA_COMPLETE, |
312 |
+ edma_cc[ctlr]->intr_data[channel].data); |
313 |
+ } |
314 |
+ } while (sh_ipr); |
315 |
+@@ -460,7 +461,8 @@ static irqreturn_t dma_ccerr_handler(int irq, void *data) |
316 |
+ if (edma_cc[ctlr]->intr_data[k]. |
317 |
+ callback) { |
318 |
+ edma_cc[ctlr]->intr_data[k]. |
319 |
+- callback(k, |
320 |
++ callback( |
321 |
++ EDMA_CTLR_CHAN(ctlr, k), |
322 |
+ EDMA_DMA_CC_ERROR, |
323 |
+ edma_cc[ctlr]->intr_data |
324 |
+ [k].data); |
325 |
+diff --git a/arch/arm/include/asm/irq.h b/arch/arm/include/asm/irq.h |
326 |
+index 53c15de..6a9851e 100644 |
327 |
+--- a/arch/arm/include/asm/irq.h |
328 |
++++ b/arch/arm/include/asm/irq.h |
329 |
+@@ -35,6 +35,11 @@ extern void (*handle_arch_irq)(struct pt_regs *); |
330 |
+ extern void set_handle_irq(void (*handle_irq)(struct pt_regs *)); |
331 |
+ #endif |
332 |
+ |
333 |
++static inline int nr_legacy_irqs(void) |
334 |
++{ |
335 |
++ return NR_IRQS_LEGACY; |
336 |
++} |
337 |
++ |
338 |
+ #endif |
339 |
+ |
340 |
+ #endif |
341 |
+diff --git a/arch/arm/mach-at91/pm_suspend.S b/arch/arm/mach-at91/pm_suspend.S |
342 |
+index 0d95f48..a25defd 100644 |
343 |
+--- a/arch/arm/mach-at91/pm_suspend.S |
344 |
++++ b/arch/arm/mach-at91/pm_suspend.S |
345 |
+@@ -80,6 +80,8 @@ tmp2 .req r5 |
346 |
+ * @r2: base address of second SDRAM Controller or 0 if not present |
347 |
+ * @r3: pm information |
348 |
+ */ |
349 |
++/* at91_pm_suspend_in_sram must be 8-byte aligned per the requirements of fncpy() */ |
350 |
++ .align 3 |
351 |
+ ENTRY(at91_pm_suspend_in_sram) |
352 |
+ /* Save registers on stack */ |
353 |
+ stmfd sp!, {r4 - r12, lr} |
354 |
+diff --git a/arch/arm/mach-pxa/include/mach/pxa27x.h b/arch/arm/mach-pxa/include/mach/pxa27x.h |
355 |
+index 599b925..1a42919 100644 |
356 |
+--- a/arch/arm/mach-pxa/include/mach/pxa27x.h |
357 |
++++ b/arch/arm/mach-pxa/include/mach/pxa27x.h |
358 |
+@@ -19,7 +19,7 @@ |
359 |
+ #define ARB_CORE_PARK (1<<24) /* Be parked with core when idle */ |
360 |
+ #define ARB_LOCK_FLAG (1<<23) /* Only Locking masters gain access to the bus */ |
361 |
+ |
362 |
+-extern int __init pxa27x_set_pwrmode(unsigned int mode); |
363 |
++extern int pxa27x_set_pwrmode(unsigned int mode); |
364 |
+ extern void pxa27x_cpu_pm_enter(suspend_state_t state); |
365 |
+ |
366 |
+ #endif /* __MACH_PXA27x_H */ |
367 |
+diff --git a/arch/arm/mach-pxa/pxa27x.c b/arch/arm/mach-pxa/pxa27x.c |
368 |
+index b5abdeb..aa97547 100644 |
369 |
+--- a/arch/arm/mach-pxa/pxa27x.c |
370 |
++++ b/arch/arm/mach-pxa/pxa27x.c |
371 |
+@@ -84,7 +84,7 @@ EXPORT_SYMBOL_GPL(pxa27x_configure_ac97reset); |
372 |
+ */ |
373 |
+ static unsigned int pwrmode = PWRMODE_SLEEP; |
374 |
+ |
375 |
+-int __init pxa27x_set_pwrmode(unsigned int mode) |
376 |
++int pxa27x_set_pwrmode(unsigned int mode) |
377 |
+ { |
378 |
+ switch (mode) { |
379 |
+ case PWRMODE_SLEEP: |
380 |
+diff --git a/arch/arm/mach-tegra/board-paz00.c b/arch/arm/mach-tegra/board-paz00.c |
381 |
+index fbe74c6..49d1110 100644 |
382 |
+--- a/arch/arm/mach-tegra/board-paz00.c |
383 |
++++ b/arch/arm/mach-tegra/board-paz00.c |
384 |
+@@ -39,8 +39,8 @@ static struct platform_device wifi_rfkill_device = { |
385 |
+ static struct gpiod_lookup_table wifi_gpio_lookup = { |
386 |
+ .dev_id = "rfkill_gpio", |
387 |
+ .table = { |
388 |
+- GPIO_LOOKUP_IDX("tegra-gpio", 25, NULL, 0, 0), |
389 |
+- GPIO_LOOKUP_IDX("tegra-gpio", 85, NULL, 1, 0), |
390 |
++ GPIO_LOOKUP("tegra-gpio", 25, "reset", 0), |
391 |
++ GPIO_LOOKUP("tegra-gpio", 85, "shutdown", 0), |
392 |
+ { }, |
393 |
+ }, |
394 |
+ }; |
395 |
+diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c |
396 |
+index cba12f3..25ecc6a 100644 |
397 |
+--- a/arch/arm/mm/dma-mapping.c |
398 |
++++ b/arch/arm/mm/dma-mapping.c |
399 |
+@@ -1413,12 +1413,19 @@ static int arm_iommu_mmap_attrs(struct device *dev, struct vm_area_struct *vma, |
400 |
+ unsigned long uaddr = vma->vm_start; |
401 |
+ unsigned long usize = vma->vm_end - vma->vm_start; |
402 |
+ struct page **pages = __iommu_get_pages(cpu_addr, attrs); |
403 |
++ unsigned long nr_pages = PAGE_ALIGN(size) >> PAGE_SHIFT; |
404 |
++ unsigned long off = vma->vm_pgoff; |
405 |
+ |
406 |
+ vma->vm_page_prot = __get_dma_pgprot(attrs, vma->vm_page_prot); |
407 |
+ |
408 |
+ if (!pages) |
409 |
+ return -ENXIO; |
410 |
+ |
411 |
++ if (off >= nr_pages || (usize >> PAGE_SHIFT) > nr_pages - off) |
412 |
++ return -ENXIO; |
413 |
++ |
414 |
++ pages += off; |
415 |
++ |
416 |
+ do { |
417 |
+ int ret = vm_insert_page(vma, uaddr, *pages++); |
418 |
+ if (ret) { |
419 |
+diff --git a/arch/arm64/include/asm/irq.h b/arch/arm64/include/asm/irq.h |
420 |
+index bbb251b..8b9bf54 100644 |
421 |
+--- a/arch/arm64/include/asm/irq.h |
422 |
++++ b/arch/arm64/include/asm/irq.h |
423 |
+@@ -21,4 +21,9 @@ static inline void acpi_irq_init(void) |
424 |
+ } |
425 |
+ #define acpi_irq_init acpi_irq_init |
426 |
+ |
427 |
++static inline int nr_legacy_irqs(void) |
428 |
++{ |
429 |
++ return 0; |
430 |
++} |
431 |
++ |
432 |
+ #endif |
433 |
+diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h |
434 |
+index d6dd9fd..d4264bb 100644 |
435 |
+--- a/arch/arm64/include/asm/ptrace.h |
436 |
++++ b/arch/arm64/include/asm/ptrace.h |
437 |
+@@ -83,14 +83,14 @@ |
438 |
+ #define compat_sp regs[13] |
439 |
+ #define compat_lr regs[14] |
440 |
+ #define compat_sp_hyp regs[15] |
441 |
+-#define compat_sp_irq regs[16] |
442 |
+-#define compat_lr_irq regs[17] |
443 |
+-#define compat_sp_svc regs[18] |
444 |
+-#define compat_lr_svc regs[19] |
445 |
+-#define compat_sp_abt regs[20] |
446 |
+-#define compat_lr_abt regs[21] |
447 |
+-#define compat_sp_und regs[22] |
448 |
+-#define compat_lr_und regs[23] |
449 |
++#define compat_lr_irq regs[16] |
450 |
++#define compat_sp_irq regs[17] |
451 |
++#define compat_lr_svc regs[18] |
452 |
++#define compat_sp_svc regs[19] |
453 |
++#define compat_lr_abt regs[20] |
454 |
++#define compat_sp_abt regs[21] |
455 |
++#define compat_lr_und regs[22] |
456 |
++#define compat_sp_und regs[23] |
457 |
+ #define compat_r8_fiq regs[24] |
458 |
+ #define compat_r9_fiq regs[25] |
459 |
+ #define compat_r10_fiq regs[26] |
460 |
+diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S |
461 |
+index 9807333..4d77757 100644 |
462 |
+--- a/arch/arm64/kernel/vmlinux.lds.S |
463 |
++++ b/arch/arm64/kernel/vmlinux.lds.S |
464 |
+@@ -60,9 +60,12 @@ PECOFF_FILE_ALIGNMENT = 0x200; |
465 |
+ #define PECOFF_EDATA_PADDING |
466 |
+ #endif |
467 |
+ |
468 |
+-#ifdef CONFIG_DEBUG_ALIGN_RODATA |
469 |
++#if defined(CONFIG_DEBUG_ALIGN_RODATA) |
470 |
+ #define ALIGN_DEBUG_RO . = ALIGN(1<<SECTION_SHIFT); |
471 |
+ #define ALIGN_DEBUG_RO_MIN(min) ALIGN_DEBUG_RO |
472 |
++#elif defined(CONFIG_DEBUG_RODATA) |
473 |
++#define ALIGN_DEBUG_RO . = ALIGN(1<<PAGE_SHIFT); |
474 |
++#define ALIGN_DEBUG_RO_MIN(min) ALIGN_DEBUG_RO |
475 |
+ #else |
476 |
+ #define ALIGN_DEBUG_RO |
477 |
+ #define ALIGN_DEBUG_RO_MIN(min) . = ALIGN(min); |
478 |
+diff --git a/arch/mips/ath79/setup.c b/arch/mips/ath79/setup.c |
479 |
+index 1ba2120..9a00137 100644 |
480 |
+--- a/arch/mips/ath79/setup.c |
481 |
++++ b/arch/mips/ath79/setup.c |
482 |
+@@ -216,9 +216,9 @@ void __init plat_mem_setup(void) |
483 |
+ AR71XX_RESET_SIZE); |
484 |
+ ath79_pll_base = ioremap_nocache(AR71XX_PLL_BASE, |
485 |
+ AR71XX_PLL_SIZE); |
486 |
++ ath79_detect_sys_type(); |
487 |
+ ath79_ddr_ctrl_init(); |
488 |
+ |
489 |
+- ath79_detect_sys_type(); |
490 |
+ if (mips_machtype != ATH79_MACH_GENERIC_OF) |
491 |
+ detect_memory_region(0, ATH79_MEM_SIZE_MIN, ATH79_MEM_SIZE_MAX); |
492 |
+ |
493 |
+diff --git a/arch/mips/include/asm/cdmm.h b/arch/mips/include/asm/cdmm.h |
494 |
+index 16e22ce..85dc4ce 100644 |
495 |
+--- a/arch/mips/include/asm/cdmm.h |
496 |
++++ b/arch/mips/include/asm/cdmm.h |
497 |
+@@ -84,6 +84,17 @@ void mips_cdmm_driver_unregister(struct mips_cdmm_driver *); |
498 |
+ module_driver(__mips_cdmm_driver, mips_cdmm_driver_register, \ |
499 |
+ mips_cdmm_driver_unregister) |
500 |
+ |
501 |
++/* |
502 |
++ * builtin_mips_cdmm_driver() - Helper macro for drivers that don't do anything |
503 |
++ * special in init and have no exit. This eliminates some boilerplate. Each |
504 |
++ * driver may only use this macro once, and calling it replaces device_initcall |
505 |
++ * (or in some cases, the legacy __initcall). This is meant to be a direct |
506 |
++ * parallel of module_mips_cdmm_driver() above but without the __exit stuff that |
507 |
++ * is not used for builtin cases. |
508 |
++ */ |
509 |
++#define builtin_mips_cdmm_driver(__mips_cdmm_driver) \ |
510 |
++ builtin_driver(__mips_cdmm_driver, mips_cdmm_driver_register) |
511 |
++ |
512 |
+ /* drivers/tty/mips_ejtag_fdc.c */ |
513 |
+ |
514 |
+ #ifdef CONFIG_MIPS_EJTAG_FDC_EARLYCON |
515 |
+diff --git a/arch/mips/kvm/emulate.c b/arch/mips/kvm/emulate.c |
516 |
+index d5fa3ea..41b1b09 100644 |
517 |
+--- a/arch/mips/kvm/emulate.c |
518 |
++++ b/arch/mips/kvm/emulate.c |
519 |
+@@ -1581,7 +1581,7 @@ enum emulation_result kvm_mips_emulate_cache(uint32_t inst, uint32_t *opc, |
520 |
+ |
521 |
+ base = (inst >> 21) & 0x1f; |
522 |
+ op_inst = (inst >> 16) & 0x1f; |
523 |
+- offset = inst & 0xffff; |
524 |
++ offset = (int16_t)inst; |
525 |
+ cache = (inst >> 16) & 0x3; |
526 |
+ op = (inst >> 18) & 0x7; |
527 |
+ |
528 |
+diff --git a/arch/mips/kvm/locore.S b/arch/mips/kvm/locore.S |
529 |
+index c567240..d1ee95a 100644 |
530 |
+--- a/arch/mips/kvm/locore.S |
531 |
++++ b/arch/mips/kvm/locore.S |
532 |
+@@ -165,9 +165,11 @@ FEXPORT(__kvm_mips_vcpu_run) |
533 |
+ |
534 |
+ FEXPORT(__kvm_mips_load_asid) |
535 |
+ /* Set the ASID for the Guest Kernel */ |
536 |
+- INT_SLL t0, t0, 1 /* with kseg0 @ 0x40000000, kernel */ |
537 |
+- /* addresses shift to 0x80000000 */ |
538 |
+- bltz t0, 1f /* If kernel */ |
539 |
++ PTR_L t0, VCPU_COP0(k1) |
540 |
++ LONG_L t0, COP0_STATUS(t0) |
541 |
++ andi t0, KSU_USER | ST0_ERL | ST0_EXL |
542 |
++ xori t0, KSU_USER |
543 |
++ bnez t0, 1f /* If kernel */ |
544 |
+ INT_ADDIU t1, k1, VCPU_GUEST_KERNEL_ASID /* (BD) */ |
545 |
+ INT_ADDIU t1, k1, VCPU_GUEST_USER_ASID /* else user */ |
546 |
+ 1: |
547 |
+@@ -482,9 +484,11 @@ __kvm_mips_return_to_guest: |
548 |
+ mtc0 t0, CP0_EPC |
549 |
+ |
550 |
+ /* Set the ASID for the Guest Kernel */ |
551 |
+- INT_SLL t0, t0, 1 /* with kseg0 @ 0x40000000, kernel */ |
552 |
+- /* addresses shift to 0x80000000 */ |
553 |
+- bltz t0, 1f /* If kernel */ |
554 |
++ PTR_L t0, VCPU_COP0(k1) |
555 |
++ LONG_L t0, COP0_STATUS(t0) |
556 |
++ andi t0, KSU_USER | ST0_ERL | ST0_EXL |
557 |
++ xori t0, KSU_USER |
558 |
++ bnez t0, 1f /* If kernel */ |
559 |
+ INT_ADDIU t1, k1, VCPU_GUEST_KERNEL_ASID /* (BD) */ |
560 |
+ INT_ADDIU t1, k1, VCPU_GUEST_USER_ASID /* else user */ |
561 |
+ 1: |
562 |
+diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c |
563 |
+index cd4c129..bafb32b 100644 |
564 |
+--- a/arch/mips/kvm/mips.c |
565 |
++++ b/arch/mips/kvm/mips.c |
566 |
+@@ -278,7 +278,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id) |
567 |
+ |
568 |
+ if (!gebase) { |
569 |
+ err = -ENOMEM; |
570 |
+- goto out_free_cpu; |
571 |
++ goto out_uninit_cpu; |
572 |
+ } |
573 |
+ kvm_debug("Allocated %d bytes for KVM Exception Handlers @ %p\n", |
574 |
+ ALIGN(size, PAGE_SIZE), gebase); |
575 |
+@@ -342,6 +342,9 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id) |
576 |
+ out_free_gebase: |
577 |
+ kfree(gebase); |
578 |
+ |
579 |
++out_uninit_cpu: |
580 |
++ kvm_vcpu_uninit(vcpu); |
581 |
++ |
582 |
+ out_free_cpu: |
583 |
+ kfree(vcpu); |
584 |
+ |
585 |
+diff --git a/arch/mips/lantiq/clk.c b/arch/mips/lantiq/clk.c |
586 |
+index 3fc2e6d..a0706fd 100644 |
587 |
+--- a/arch/mips/lantiq/clk.c |
588 |
++++ b/arch/mips/lantiq/clk.c |
589 |
+@@ -99,6 +99,23 @@ int clk_set_rate(struct clk *clk, unsigned long rate) |
590 |
+ } |
591 |
+ EXPORT_SYMBOL(clk_set_rate); |
592 |
+ |
593 |
++long clk_round_rate(struct clk *clk, unsigned long rate) |
594 |
++{ |
595 |
++ if (unlikely(!clk_good(clk))) |
596 |
++ return 0; |
597 |
++ if (clk->rates && *clk->rates) { |
598 |
++ unsigned long *r = clk->rates; |
599 |
++ |
600 |
++ while (*r && (*r != rate)) |
601 |
++ r++; |
602 |
++ if (!*r) { |
603 |
++ return clk->rate; |
604 |
++ } |
605 |
++ } |
606 |
++ return rate; |
607 |
++} |
608 |
++EXPORT_SYMBOL(clk_round_rate); |
609 |
++ |
610 |
+ int clk_enable(struct clk *clk) |
611 |
+ { |
612 |
+ if (unlikely(!clk_good(clk))) |
613 |
+diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c |
614 |
+index c98d897..cbee788 100644 |
615 |
+--- a/arch/s390/kvm/interrupt.c |
616 |
++++ b/arch/s390/kvm/interrupt.c |
617 |
+@@ -1051,8 +1051,7 @@ static int __inject_extcall(struct kvm_vcpu *vcpu, struct kvm_s390_irq *irq) |
618 |
+ src_id, 0, 2); |
619 |
+ |
620 |
+ /* sending vcpu invalid */ |
621 |
+- if (src_id >= KVM_MAX_VCPUS || |
622 |
+- kvm_get_vcpu(vcpu->kvm, src_id) == NULL) |
623 |
++ if (kvm_get_vcpu_by_id(vcpu->kvm, src_id) == NULL) |
624 |
+ return -EINVAL; |
625 |
+ |
626 |
+ if (sclp.has_sigpif) |
627 |
+@@ -1131,6 +1130,10 @@ static int __inject_sigp_emergency(struct kvm_vcpu *vcpu, |
628 |
+ trace_kvm_s390_inject_vcpu(vcpu->vcpu_id, KVM_S390_INT_EMERGENCY, |
629 |
+ irq->u.emerg.code, 0, 2); |
630 |
+ |
631 |
++ /* sending vcpu invalid */ |
632 |
++ if (kvm_get_vcpu_by_id(vcpu->kvm, irq->u.emerg.code) == NULL) |
633 |
++ return -EINVAL; |
634 |
++ |
635 |
+ set_bit(irq->u.emerg.code, li->sigp_emerg_pending); |
636 |
+ set_bit(IRQ_PEND_EXT_EMERGENCY, &li->pending_irqs); |
637 |
+ atomic_set_mask(CPUSTAT_EXT_INT, li->cpuflags); |
638 |
+diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c |
639 |
+index f32f843..4a001c1 100644 |
640 |
+--- a/arch/s390/kvm/kvm-s390.c |
641 |
++++ b/arch/s390/kvm/kvm-s390.c |
642 |
+@@ -289,12 +289,16 @@ static int kvm_vm_ioctl_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap) |
643 |
+ r = 0; |
644 |
+ break; |
645 |
+ case KVM_CAP_S390_VECTOR_REGISTERS: |
646 |
+- if (MACHINE_HAS_VX) { |
647 |
++ mutex_lock(&kvm->lock); |
648 |
++ if (atomic_read(&kvm->online_vcpus)) { |
649 |
++ r = -EBUSY; |
650 |
++ } else if (MACHINE_HAS_VX) { |
651 |
+ set_kvm_facility(kvm->arch.model.fac->mask, 129); |
652 |
+ set_kvm_facility(kvm->arch.model.fac->list, 129); |
653 |
+ r = 0; |
654 |
+ } else |
655 |
+ r = -EINVAL; |
656 |
++ mutex_unlock(&kvm->lock); |
657 |
+ break; |
658 |
+ case KVM_CAP_S390_USER_STSI: |
659 |
+ kvm->arch.user_stsi = 1; |
660 |
+@@ -1037,7 +1041,9 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) |
661 |
+ if (!kvm->arch.sca) |
662 |
+ goto out_err; |
663 |
+ spin_lock(&kvm_lock); |
664 |
+- sca_offset = (sca_offset + 16) & 0x7f0; |
665 |
++ sca_offset += 16; |
666 |
++ if (sca_offset + sizeof(struct sca_block) > PAGE_SIZE) |
667 |
++ sca_offset = 0; |
668 |
+ kvm->arch.sca = (struct sca_block *) ((char *) kvm->arch.sca + sca_offset); |
669 |
+ spin_unlock(&kvm_lock); |
670 |
+ |
671 |
+diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c |
672 |
+index 72e58bd..7171056 100644 |
673 |
+--- a/arch/s390/kvm/sigp.c |
674 |
++++ b/arch/s390/kvm/sigp.c |
675 |
+@@ -294,12 +294,8 @@ static int handle_sigp_dst(struct kvm_vcpu *vcpu, u8 order_code, |
676 |
+ u16 cpu_addr, u32 parameter, u64 *status_reg) |
677 |
+ { |
678 |
+ int rc; |
679 |
+- struct kvm_vcpu *dst_vcpu; |
680 |
++ struct kvm_vcpu *dst_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr); |
681 |
+ |
682 |
+- if (cpu_addr >= KVM_MAX_VCPUS) |
683 |
+- return SIGP_CC_NOT_OPERATIONAL; |
684 |
+- |
685 |
+- dst_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr); |
686 |
+ if (!dst_vcpu) |
687 |
+ return SIGP_CC_NOT_OPERATIONAL; |
688 |
+ |
689 |
+@@ -481,7 +477,7 @@ int kvm_s390_handle_sigp_pei(struct kvm_vcpu *vcpu) |
690 |
+ trace_kvm_s390_handle_sigp_pei(vcpu, order_code, cpu_addr); |
691 |
+ |
692 |
+ if (order_code == SIGP_EXTERNAL_CALL) { |
693 |
+- dest_vcpu = kvm_get_vcpu(vcpu->kvm, cpu_addr); |
694 |
++ dest_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr); |
695 |
+ BUG_ON(dest_vcpu == NULL); |
696 |
+ |
697 |
+ kvm_s390_vcpu_wakeup(dest_vcpu); |
698 |
+diff --git a/arch/tile/kernel/usb.c b/arch/tile/kernel/usb.c |
699 |
+index f0da5a2..9f1e05e 100644 |
700 |
+--- a/arch/tile/kernel/usb.c |
701 |
++++ b/arch/tile/kernel/usb.c |
702 |
+@@ -22,6 +22,7 @@ |
703 |
+ #include <linux/platform_device.h> |
704 |
+ #include <linux/usb/tilegx.h> |
705 |
+ #include <linux/init.h> |
706 |
++#include <linux/module.h> |
707 |
+ #include <linux/types.h> |
708 |
+ |
709 |
+ static u64 ehci_dmamask = DMA_BIT_MASK(32); |
710 |
+diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h |
711 |
+index ccffa53..39bcefc 100644 |
712 |
+--- a/arch/x86/include/asm/i8259.h |
713 |
++++ b/arch/x86/include/asm/i8259.h |
714 |
+@@ -60,6 +60,7 @@ struct legacy_pic { |
715 |
+ void (*mask_all)(void); |
716 |
+ void (*restore_mask)(void); |
717 |
+ void (*init)(int auto_eoi); |
718 |
++ int (*probe)(void); |
719 |
+ int (*irq_pending)(unsigned int irq); |
720 |
+ void (*make_irq)(unsigned int irq); |
721 |
+ }; |
722 |
+diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h |
723 |
+index e16466e..e9cd7be 100644 |
724 |
+--- a/arch/x86/include/asm/kvm_emulate.h |
725 |
++++ b/arch/x86/include/asm/kvm_emulate.h |
726 |
+@@ -112,6 +112,16 @@ struct x86_emulate_ops { |
727 |
+ struct x86_exception *fault); |
728 |
+ |
729 |
+ /* |
730 |
++ * read_phys: Read bytes of standard (non-emulated/special) memory. |
731 |
++ * Used for descriptor reading. |
732 |
++ * @addr: [IN ] Physical address from which to read. |
733 |
++ * @val: [OUT] Value read from memory. |
734 |
++ * @bytes: [IN ] Number of bytes to read from memory. |
735 |
++ */ |
736 |
++ int (*read_phys)(struct x86_emulate_ctxt *ctxt, unsigned long addr, |
737 |
++ void *val, unsigned int bytes); |
738 |
++ |
739 |
++ /* |
740 |
+ * write_std: Write bytes of standard (non-emulated/special) memory. |
741 |
+ * Used for descriptor writing. |
742 |
+ * @addr: [IN ] Linear address to which to write. |
743 |
+diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h |
744 |
+index b5d7640..8a4add8 100644 |
745 |
+--- a/arch/x86/include/uapi/asm/svm.h |
746 |
++++ b/arch/x86/include/uapi/asm/svm.h |
747 |
+@@ -100,6 +100,7 @@ |
748 |
+ { SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \ |
749 |
+ { SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \ |
750 |
+ { SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \ |
751 |
++ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \ |
752 |
+ { SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \ |
753 |
+ { SVM_EXIT_INTR, "interrupt" }, \ |
754 |
+ { SVM_EXIT_NMI, "nmi" }, \ |
755 |
+diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c |
756 |
+index 2683f36..ea4ba83 100644 |
757 |
+--- a/arch/x86/kernel/apic/vector.c |
758 |
++++ b/arch/x86/kernel/apic/vector.c |
759 |
+@@ -360,7 +360,11 @@ int __init arch_probe_nr_irqs(void) |
760 |
+ if (nr < nr_irqs) |
761 |
+ nr_irqs = nr; |
762 |
+ |
763 |
+- return nr_legacy_irqs(); |
764 |
++ /* |
765 |
++ * We don't know if PIC is present at this point so we need to do |
766 |
++ * probe() to get the right number of legacy IRQs. |
767 |
++ */ |
768 |
++ return legacy_pic->probe(); |
769 |
+ } |
770 |
+ |
771 |
+ #ifdef CONFIG_X86_IO_APIC |
772 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
773 |
+index cb9e5df..e4f929d 100644 |
774 |
+--- a/arch/x86/kernel/cpu/common.c |
775 |
++++ b/arch/x86/kernel/cpu/common.c |
776 |
+@@ -272,10 +272,9 @@ __setup("nosmap", setup_disable_smap); |
777 |
+ |
778 |
+ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
779 |
+ { |
780 |
+- unsigned long eflags; |
781 |
++ unsigned long eflags = native_save_fl(); |
782 |
+ |
783 |
+ /* This should have been cleared long ago */ |
784 |
+- raw_local_save_flags(eflags); |
785 |
+ BUG_ON(eflags & X86_EFLAGS_AC); |
786 |
+ |
787 |
+ if (cpu_has(c, X86_FEATURE_SMAP)) { |
788 |
+diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c |
789 |
+index 50ec9af..6545e6d 100644 |
790 |
+--- a/arch/x86/kernel/fpu/signal.c |
791 |
++++ b/arch/x86/kernel/fpu/signal.c |
792 |
+@@ -385,20 +385,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame, |
793 |
+ */ |
794 |
+ void fpu__init_prepare_fx_sw_frame(void) |
795 |
+ { |
796 |
+- int fsave_header_size = sizeof(struct fregs_state); |
797 |
+ int size = xstate_size + FP_XSTATE_MAGIC2_SIZE; |
798 |
+ |
799 |
+- if (config_enabled(CONFIG_X86_32)) |
800 |
+- size += fsave_header_size; |
801 |
+- |
802 |
+ fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1; |
803 |
+ fx_sw_reserved.extended_size = size; |
804 |
+ fx_sw_reserved.xfeatures = xfeatures_mask; |
805 |
+ fx_sw_reserved.xstate_size = xstate_size; |
806 |
+ |
807 |
+- if (config_enabled(CONFIG_IA32_EMULATION)) { |
808 |
++ if (config_enabled(CONFIG_IA32_EMULATION) || |
809 |
++ config_enabled(CONFIG_X86_32)) { |
810 |
++ int fsave_header_size = sizeof(struct fregs_state); |
811 |
++ |
812 |
+ fx_sw_reserved_ia32 = fx_sw_reserved; |
813 |
+- fx_sw_reserved_ia32.extended_size += fsave_header_size; |
814 |
++ fx_sw_reserved_ia32.extended_size = size + fsave_header_size; |
815 |
+ } |
816 |
+ } |
817 |
+ |
818 |
+diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c |
819 |
+index 62fc001..2c4ac07 100644 |
820 |
+--- a/arch/x86/kernel/fpu/xstate.c |
821 |
++++ b/arch/x86/kernel/fpu/xstate.c |
822 |
+@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature) |
823 |
+ if (!boot_cpu_has(X86_FEATURE_XSAVE)) |
824 |
+ return NULL; |
825 |
+ |
826 |
+- xsave = ¤t->thread.fpu.state.xsave; |
827 |
+ /* |
828 |
+ * We should not ever be requesting features that we |
829 |
+ * have not enabled. Remember that pcntxt_mask is |
830 |
+diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S |
831 |
+index 1d40ca8..ffdc0e8 100644 |
832 |
+--- a/arch/x86/kernel/head_64.S |
833 |
++++ b/arch/x86/kernel/head_64.S |
834 |
+@@ -65,6 +65,9 @@ startup_64: |
835 |
+ * tables and then reload them. |
836 |
+ */ |
837 |
+ |
838 |
++ /* Sanitize CPU configuration */ |
839 |
++ call verify_cpu |
840 |
++ |
841 |
+ /* |
842 |
+ * Compute the delta between the address I am compiled to run at and the |
843 |
+ * address I am actually running at. |
844 |
+@@ -174,6 +177,9 @@ ENTRY(secondary_startup_64) |
845 |
+ * after the boot processor executes this code. |
846 |
+ */ |
847 |
+ |
848 |
++ /* Sanitize CPU configuration */ |
849 |
++ call verify_cpu |
850 |
++ |
851 |
+ movq $(init_level4_pgt - __START_KERNEL_map), %rax |
852 |
+ 1: |
853 |
+ |
854 |
+@@ -288,6 +294,8 @@ ENTRY(secondary_startup_64) |
855 |
+ pushq %rax # target address in negative space |
856 |
+ lretq |
857 |
+ |
858 |
++#include "verify_cpu.S" |
859 |
++ |
860 |
+ #ifdef CONFIG_HOTPLUG_CPU |
861 |
+ /* |
862 |
+ * Boot CPU0 entry point. It's called from play_dead(). Everything has been set |
863 |
+diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c |
864 |
+index 16cb827..be22f5a 100644 |
865 |
+--- a/arch/x86/kernel/i8259.c |
866 |
++++ b/arch/x86/kernel/i8259.c |
867 |
+@@ -295,16 +295,11 @@ static void unmask_8259A(void) |
868 |
+ raw_spin_unlock_irqrestore(&i8259A_lock, flags); |
869 |
+ } |
870 |
+ |
871 |
+-static void init_8259A(int auto_eoi) |
872 |
++static int probe_8259A(void) |
873 |
+ { |
874 |
+ unsigned long flags; |
875 |
+ unsigned char probe_val = ~(1 << PIC_CASCADE_IR); |
876 |
+ unsigned char new_val; |
877 |
+- |
878 |
+- i8259A_auto_eoi = auto_eoi; |
879 |
+- |
880 |
+- raw_spin_lock_irqsave(&i8259A_lock, flags); |
881 |
+- |
882 |
+ /* |
883 |
+ * Check to see if we have a PIC. |
884 |
+ * Mask all except the cascade and read |
885 |
+@@ -312,16 +307,28 @@ static void init_8259A(int auto_eoi) |
886 |
+ * have a PIC, we will read 0xff as opposed to the |
887 |
+ * value we wrote. |
888 |
+ */ |
889 |
++ raw_spin_lock_irqsave(&i8259A_lock, flags); |
890 |
++ |
891 |
+ outb(0xff, PIC_SLAVE_IMR); /* mask all of 8259A-2 */ |
892 |
+ outb(probe_val, PIC_MASTER_IMR); |
893 |
+ new_val = inb(PIC_MASTER_IMR); |
894 |
+ if (new_val != probe_val) { |
895 |
+ printk(KERN_INFO "Using NULL legacy PIC\n"); |
896 |
+ legacy_pic = &null_legacy_pic; |
897 |
+- raw_spin_unlock_irqrestore(&i8259A_lock, flags); |
898 |
+- return; |
899 |
+ } |
900 |
+ |
901 |
++ raw_spin_unlock_irqrestore(&i8259A_lock, flags); |
902 |
++ return nr_legacy_irqs(); |
903 |
++} |
904 |
++ |
905 |
++static void init_8259A(int auto_eoi) |
906 |
++{ |
907 |
++ unsigned long flags; |
908 |
++ |
909 |
++ i8259A_auto_eoi = auto_eoi; |
910 |
++ |
911 |
++ raw_spin_lock_irqsave(&i8259A_lock, flags); |
912 |
++ |
913 |
+ outb(0xff, PIC_MASTER_IMR); /* mask all of 8259A-1 */ |
914 |
+ |
915 |
+ /* |
916 |
+@@ -379,6 +386,10 @@ static int legacy_pic_irq_pending_noop(unsigned int irq) |
917 |
+ { |
918 |
+ return 0; |
919 |
+ } |
920 |
++static int legacy_pic_probe(void) |
921 |
++{ |
922 |
++ return 0; |
923 |
++} |
924 |
+ |
925 |
+ struct legacy_pic null_legacy_pic = { |
926 |
+ .nr_legacy_irqs = 0, |
927 |
+@@ -388,6 +399,7 @@ struct legacy_pic null_legacy_pic = { |
928 |
+ .mask_all = legacy_pic_noop, |
929 |
+ .restore_mask = legacy_pic_noop, |
930 |
+ .init = legacy_pic_int_noop, |
931 |
++ .probe = legacy_pic_probe, |
932 |
+ .irq_pending = legacy_pic_irq_pending_noop, |
933 |
+ .make_irq = legacy_pic_uint_noop, |
934 |
+ }; |
935 |
+@@ -400,6 +412,7 @@ struct legacy_pic default_legacy_pic = { |
936 |
+ .mask_all = mask_8259A, |
937 |
+ .restore_mask = unmask_8259A, |
938 |
+ .init = init_8259A, |
939 |
++ .probe = probe_8259A, |
940 |
+ .irq_pending = i8259A_irq_pending, |
941 |
+ .make_irq = make_8259A_irq, |
942 |
+ }; |
943 |
+diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
944 |
+index 80f874b..1e6f70f 100644 |
945 |
+--- a/arch/x86/kernel/setup.c |
946 |
++++ b/arch/x86/kernel/setup.c |
947 |
+@@ -1198,6 +1198,14 @@ void __init setup_arch(char **cmdline_p) |
948 |
+ clone_pgd_range(initial_page_table + KERNEL_PGD_BOUNDARY, |
949 |
+ swapper_pg_dir + KERNEL_PGD_BOUNDARY, |
950 |
+ KERNEL_PGD_PTRS); |
951 |
++ |
952 |
++ /* |
953 |
++ * sync back low identity map too. It is used for example |
954 |
++ * in the 32-bit EFI stub. |
955 |
++ */ |
956 |
++ clone_pgd_range(initial_page_table, |
957 |
++ swapper_pg_dir + KERNEL_PGD_BOUNDARY, |
958 |
++ min(KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY)); |
959 |
+ #endif |
960 |
+ |
961 |
+ tboot_probe(); |
962 |
+diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S |
963 |
+index b9242ba..4cf401f 100644 |
964 |
+--- a/arch/x86/kernel/verify_cpu.S |
965 |
++++ b/arch/x86/kernel/verify_cpu.S |
966 |
+@@ -34,10 +34,11 @@ |
967 |
+ #include <asm/msr-index.h> |
968 |
+ |
969 |
+ verify_cpu: |
970 |
+- pushfl # Save caller passed flags |
971 |
+- pushl $0 # Kill any dangerous flags |
972 |
+- popfl |
973 |
++ pushf # Save caller passed flags |
974 |
++ push $0 # Kill any dangerous flags |
975 |
++ popf |
976 |
+ |
977 |
++#ifndef __x86_64__ |
978 |
+ pushfl # standard way to check for cpuid |
979 |
+ popl %eax |
980 |
+ movl %eax,%ebx |
981 |
+@@ -48,6 +49,7 @@ verify_cpu: |
982 |
+ popl %eax |
983 |
+ cmpl %eax,%ebx |
984 |
+ jz verify_cpu_no_longmode # cpu has no cpuid |
985 |
++#endif |
986 |
+ |
987 |
+ movl $0x0,%eax # See if cpuid 1 is implemented |
988 |
+ cpuid |
989 |
+@@ -130,10 +132,10 @@ verify_cpu_sse_test: |
990 |
+ jmp verify_cpu_sse_test # try again |
991 |
+ |
992 |
+ verify_cpu_no_longmode: |
993 |
+- popfl # Restore caller passed flags |
994 |
++ popf # Restore caller passed flags |
995 |
+ movl $1,%eax |
996 |
+ ret |
997 |
+ verify_cpu_sse_ok: |
998 |
+- popfl # Restore caller passed flags |
999 |
++ popf # Restore caller passed flags |
1000 |
+ xorl %eax, %eax |
1001 |
+ ret |
1002 |
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c |
1003 |
+index 2392541a..f17c342 100644 |
1004 |
+--- a/arch/x86/kvm/emulate.c |
1005 |
++++ b/arch/x86/kvm/emulate.c |
1006 |
+@@ -2272,8 +2272,8 @@ static int emulator_has_longmode(struct x86_emulate_ctxt *ctxt) |
1007 |
+ #define GET_SMSTATE(type, smbase, offset) \ |
1008 |
+ ({ \ |
1009 |
+ type __val; \ |
1010 |
+- int r = ctxt->ops->read_std(ctxt, smbase + offset, &__val, \ |
1011 |
+- sizeof(__val), NULL); \ |
1012 |
++ int r = ctxt->ops->read_phys(ctxt, smbase + offset, &__val, \ |
1013 |
++ sizeof(__val)); \ |
1014 |
+ if (r != X86EMUL_CONTINUE) \ |
1015 |
+ return X86EMUL_UNHANDLEABLE; \ |
1016 |
+ __val; \ |
1017 |
+@@ -2484,17 +2484,36 @@ static int em_rsm(struct x86_emulate_ctxt *ctxt) |
1018 |
+ |
1019 |
+ /* |
1020 |
+ * Get back to real mode, to prepare a safe state in which to load |
1021 |
+- * CR0/CR3/CR4/EFER. Also this will ensure that addresses passed |
1022 |
+- * to read_std/write_std are not virtual. |
1023 |
+- * |
1024 |
+- * CR4.PCIDE must be zero, because it is a 64-bit mode only feature. |
1025 |
++ * CR0/CR3/CR4/EFER. It's all a bit more complicated if the vCPU |
1026 |
++ * supports long mode. |
1027 |
+ */ |
1028 |
++ cr4 = ctxt->ops->get_cr(ctxt, 4); |
1029 |
++ if (emulator_has_longmode(ctxt)) { |
1030 |
++ struct desc_struct cs_desc; |
1031 |
++ |
1032 |
++ /* Zero CR4.PCIDE before CR0.PG. */ |
1033 |
++ if (cr4 & X86_CR4_PCIDE) { |
1034 |
++ ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PCIDE); |
1035 |
++ cr4 &= ~X86_CR4_PCIDE; |
1036 |
++ } |
1037 |
++ |
1038 |
++ /* A 32-bit code segment is required to clear EFER.LMA. */ |
1039 |
++ memset(&cs_desc, 0, sizeof(cs_desc)); |
1040 |
++ cs_desc.type = 0xb; |
1041 |
++ cs_desc.s = cs_desc.g = cs_desc.p = 1; |
1042 |
++ ctxt->ops->set_segment(ctxt, 0, &cs_desc, 0, VCPU_SREG_CS); |
1043 |
++ } |
1044 |
++ |
1045 |
++ /* For the 64-bit case, this will clear EFER.LMA. */ |
1046 |
+ cr0 = ctxt->ops->get_cr(ctxt, 0); |
1047 |
+ if (cr0 & X86_CR0_PE) |
1048 |
+ ctxt->ops->set_cr(ctxt, 0, cr0 & ~(X86_CR0_PG | X86_CR0_PE)); |
1049 |
+- cr4 = ctxt->ops->get_cr(ctxt, 4); |
1050 |
++ |
1051 |
++ /* Now clear CR4.PAE (which must be done before clearing EFER.LME). */ |
1052 |
+ if (cr4 & X86_CR4_PAE) |
1053 |
+ ctxt->ops->set_cr(ctxt, 4, cr4 & ~X86_CR4_PAE); |
1054 |
++ |
1055 |
++ /* And finally go back to 32-bit mode. */ |
1056 |
+ efer = 0; |
1057 |
+ ctxt->ops->set_msr(ctxt, MSR_EFER, efer); |
1058 |
+ |
1059 |
+@@ -4455,7 +4474,7 @@ static const struct opcode twobyte_table[256] = { |
1060 |
+ F(DstMem | SrcReg | Src2CL | ModRM, em_shld), N, N, |
1061 |
+ /* 0xA8 - 0xAF */ |
1062 |
+ I(Stack | Src2GS, em_push_sreg), I(Stack | Src2GS, em_pop_sreg), |
1063 |
+- II(No64 | EmulateOnUD | ImplicitOps, em_rsm, rsm), |
1064 |
++ II(EmulateOnUD | ImplicitOps, em_rsm, rsm), |
1065 |
+ F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts), |
1066 |
+ F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd), |
1067 |
+ F(DstMem | SrcReg | Src2CL | ModRM, em_shrd), |
1068 |
+diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
1069 |
+index 2a5ca97..236e346 100644 |
1070 |
+--- a/arch/x86/kvm/lapic.c |
1071 |
++++ b/arch/x86/kvm/lapic.c |
1072 |
+@@ -348,6 +348,8 @@ void kvm_apic_update_irr(struct kvm_vcpu *vcpu, u32 *pir) |
1073 |
+ struct kvm_lapic *apic = vcpu->arch.apic; |
1074 |
+ |
1075 |
+ __kvm_apic_update_irr(pir, apic->regs); |
1076 |
++ |
1077 |
++ kvm_make_request(KVM_REQ_EVENT, vcpu); |
1078 |
+ } |
1079 |
+ EXPORT_SYMBOL_GPL(kvm_apic_update_irr); |
1080 |
+ |
1081 |
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
1082 |
+index 2d32b67..00da6e8 100644 |
1083 |
+--- a/arch/x86/kvm/svm.c |
1084 |
++++ b/arch/x86/kvm/svm.c |
1085 |
+@@ -1085,7 +1085,7 @@ static u64 svm_compute_tsc_offset(struct kvm_vcpu *vcpu, u64 target_tsc) |
1086 |
+ return target_tsc - tsc; |
1087 |
+ } |
1088 |
+ |
1089 |
+-static void init_vmcb(struct vcpu_svm *svm, bool init_event) |
1090 |
++static void init_vmcb(struct vcpu_svm *svm) |
1091 |
+ { |
1092 |
+ struct vmcb_control_area *control = &svm->vmcb->control; |
1093 |
+ struct vmcb_save_area *save = &svm->vmcb->save; |
1094 |
+@@ -1106,6 +1106,7 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event) |
1095 |
+ set_exception_intercept(svm, PF_VECTOR); |
1096 |
+ set_exception_intercept(svm, UD_VECTOR); |
1097 |
+ set_exception_intercept(svm, MC_VECTOR); |
1098 |
++ set_exception_intercept(svm, AC_VECTOR); |
1099 |
+ |
1100 |
+ set_intercept(svm, INTERCEPT_INTR); |
1101 |
+ set_intercept(svm, INTERCEPT_NMI); |
1102 |
+@@ -1156,8 +1157,7 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event) |
1103 |
+ init_sys_seg(&save->ldtr, SEG_TYPE_LDT); |
1104 |
+ init_sys_seg(&save->tr, SEG_TYPE_BUSY_TSS16); |
1105 |
+ |
1106 |
+- if (!init_event) |
1107 |
+- svm_set_efer(&svm->vcpu, 0); |
1108 |
++ svm_set_efer(&svm->vcpu, 0); |
1109 |
+ save->dr6 = 0xffff0ff0; |
1110 |
+ kvm_set_rflags(&svm->vcpu, 2); |
1111 |
+ save->rip = 0x0000fff0; |
1112 |
+@@ -1211,7 +1211,7 @@ static void svm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) |
1113 |
+ if (kvm_vcpu_is_reset_bsp(&svm->vcpu)) |
1114 |
+ svm->vcpu.arch.apic_base |= MSR_IA32_APICBASE_BSP; |
1115 |
+ } |
1116 |
+- init_vmcb(svm, init_event); |
1117 |
++ init_vmcb(svm); |
1118 |
+ |
1119 |
+ kvm_cpuid(vcpu, &eax, &dummy, &dummy, &dummy); |
1120 |
+ kvm_register_write(vcpu, VCPU_REGS_RDX, eax); |
1121 |
+@@ -1267,7 +1267,7 @@ static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id) |
1122 |
+ clear_page(svm->vmcb); |
1123 |
+ svm->vmcb_pa = page_to_pfn(page) << PAGE_SHIFT; |
1124 |
+ svm->asid_generation = 0; |
1125 |
+- init_vmcb(svm, false); |
1126 |
++ init_vmcb(svm); |
1127 |
+ |
1128 |
+ svm_init_osvw(&svm->vcpu); |
1129 |
+ |
1130 |
+@@ -1795,6 +1795,12 @@ static int ud_interception(struct vcpu_svm *svm) |
1131 |
+ return 1; |
1132 |
+ } |
1133 |
+ |
1134 |
++static int ac_interception(struct vcpu_svm *svm) |
1135 |
++{ |
1136 |
++ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0); |
1137 |
++ return 1; |
1138 |
++} |
1139 |
++ |
1140 |
+ static void svm_fpu_activate(struct kvm_vcpu *vcpu) |
1141 |
+ { |
1142 |
+ struct vcpu_svm *svm = to_svm(vcpu); |
1143 |
+@@ -1889,7 +1895,7 @@ static int shutdown_interception(struct vcpu_svm *svm) |
1144 |
+ * so reinitialize it. |
1145 |
+ */ |
1146 |
+ clear_page(svm->vmcb); |
1147 |
+- init_vmcb(svm, false); |
1148 |
++ init_vmcb(svm); |
1149 |
+ |
1150 |
+ kvm_run->exit_reason = KVM_EXIT_SHUTDOWN; |
1151 |
+ return 0; |
1152 |
+@@ -3369,6 +3375,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { |
1153 |
+ [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception, |
1154 |
+ [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception, |
1155 |
+ [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception, |
1156 |
++ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception, |
1157 |
+ [SVM_EXIT_INTR] = intr_interception, |
1158 |
+ [SVM_EXIT_NMI] = nmi_interception, |
1159 |
+ [SVM_EXIT_SMI] = nop_on_interception, |
1160 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
1161 |
+index aa9e822..e77d75b 100644 |
1162 |
+--- a/arch/x86/kvm/vmx.c |
1163 |
++++ b/arch/x86/kvm/vmx.c |
1164 |
+@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu) |
1165 |
+ u32 eb; |
1166 |
+ |
1167 |
+ eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) | |
1168 |
+- (1u << NM_VECTOR) | (1u << DB_VECTOR); |
1169 |
++ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR); |
1170 |
+ if ((vcpu->guest_debug & |
1171 |
+ (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) == |
1172 |
+ (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) |
1173 |
+@@ -4780,8 +4780,7 @@ static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) |
1174 |
+ vmx_set_cr0(vcpu, cr0); /* enter rmode */ |
1175 |
+ vmx->vcpu.arch.cr0 = cr0; |
1176 |
+ vmx_set_cr4(vcpu, 0); |
1177 |
+- if (!init_event) |
1178 |
+- vmx_set_efer(vcpu, 0); |
1179 |
++ vmx_set_efer(vcpu, 0); |
1180 |
+ vmx_fpu_activate(vcpu); |
1181 |
+ update_exception_bitmap(vcpu); |
1182 |
+ |
1183 |
+@@ -5118,6 +5117,9 @@ static int handle_exception(struct kvm_vcpu *vcpu) |
1184 |
+ return handle_rmode_exception(vcpu, ex_no, error_code); |
1185 |
+ |
1186 |
+ switch (ex_no) { |
1187 |
++ case AC_VECTOR: |
1188 |
++ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code); |
1189 |
++ return 1; |
1190 |
+ case DB_VECTOR: |
1191 |
+ dr6 = vmcs_readl(EXIT_QUALIFICATION); |
1192 |
+ if (!(vcpu->guest_debug & |
1193 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
1194 |
+index 373328b..2781e2b 100644 |
1195 |
+--- a/arch/x86/kvm/x86.c |
1196 |
++++ b/arch/x86/kvm/x86.c |
1197 |
+@@ -621,7 +621,9 @@ int kvm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0) |
1198 |
+ if ((cr0 ^ old_cr0) & update_bits) |
1199 |
+ kvm_mmu_reset_context(vcpu); |
1200 |
+ |
1201 |
+- if ((cr0 ^ old_cr0) & X86_CR0_CD) |
1202 |
++ if (((cr0 ^ old_cr0) & X86_CR0_CD) && |
1203 |
++ kvm_arch_has_noncoherent_dma(vcpu->kvm) && |
1204 |
++ !kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) |
1205 |
+ kvm_zap_gfn_range(vcpu->kvm, 0, ~0ULL); |
1206 |
+ |
1207 |
+ return 0; |
1208 |
+@@ -4260,6 +4262,15 @@ static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, |
1209 |
+ return kvm_read_guest_virt_helper(addr, val, bytes, vcpu, 0, exception); |
1210 |
+ } |
1211 |
+ |
1212 |
++static int kvm_read_guest_phys_system(struct x86_emulate_ctxt *ctxt, |
1213 |
++ unsigned long addr, void *val, unsigned int bytes) |
1214 |
++{ |
1215 |
++ struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); |
1216 |
++ int r = kvm_vcpu_read_guest(vcpu, addr, val, bytes); |
1217 |
++ |
1218 |
++ return r < 0 ? X86EMUL_IO_NEEDED : X86EMUL_CONTINUE; |
1219 |
++} |
1220 |
++ |
1221 |
+ int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt, |
1222 |
+ gva_t addr, void *val, |
1223 |
+ unsigned int bytes, |
1224 |
+@@ -4995,6 +5006,7 @@ static const struct x86_emulate_ops emulate_ops = { |
1225 |
+ .write_gpr = emulator_write_gpr, |
1226 |
+ .read_std = kvm_read_guest_virt_system, |
1227 |
+ .write_std = kvm_write_guest_virt_system, |
1228 |
++ .read_phys = kvm_read_guest_phys_system, |
1229 |
+ .fetch = kvm_fetch_guest_virt, |
1230 |
+ .read_emulated = emulator_read_emulated, |
1231 |
+ .write_emulated = emulator_write_emulated, |
1232 |
+diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c |
1233 |
+index db1b0bc..c28f618 100644 |
1234 |
+--- a/arch/x86/mm/mpx.c |
1235 |
++++ b/arch/x86/mm/mpx.c |
1236 |
+@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm, |
1237 |
+ } |
1238 |
+ |
1239 |
+ /* |
1240 |
++ * We only want to do a 4-byte get_user() on 32-bit. Otherwise, |
1241 |
++ * we might run off the end of the bounds table if we are on |
1242 |
++ * a 64-bit kernel and try to get 8 bytes. |
1243 |
++ */ |
1244 |
++int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret, |
1245 |
++ long __user *bd_entry_ptr) |
1246 |
++{ |
1247 |
++ u32 bd_entry_32; |
1248 |
++ int ret; |
1249 |
++ |
1250 |
++ if (is_64bit_mm(mm)) |
1251 |
++ return get_user(*bd_entry_ret, bd_entry_ptr); |
1252 |
++ |
1253 |
++ /* |
1254 |
++ * Note that get_user() uses the type of the *pointer* to |
1255 |
++ * establish the size of the get, not the destination. |
1256 |
++ */ |
1257 |
++ ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr); |
1258 |
++ *bd_entry_ret = bd_entry_32; |
1259 |
++ return ret; |
1260 |
++} |
1261 |
++ |
1262 |
++/* |
1263 |
+ * Get the base of bounds tables pointed by specific bounds |
1264 |
+ * directory entry. |
1265 |
+ */ |
1266 |
+@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm, |
1267 |
+ int need_write = 0; |
1268 |
+ |
1269 |
+ pagefault_disable(); |
1270 |
+- ret = get_user(bd_entry, bd_entry_ptr); |
1271 |
++ ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr); |
1272 |
+ pagefault_enable(); |
1273 |
+ if (!ret) |
1274 |
+ break; |
1275 |
+@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm, |
1276 |
+ */ |
1277 |
+ static inline unsigned long bd_entry_virt_space(struct mm_struct *mm) |
1278 |
+ { |
1279 |
+- unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits); |
1280 |
+- if (is_64bit_mm(mm)) |
1281 |
+- return virt_space / MPX_BD_NR_ENTRIES_64; |
1282 |
+- else |
1283 |
+- return virt_space / MPX_BD_NR_ENTRIES_32; |
1284 |
++ unsigned long long virt_space; |
1285 |
++ unsigned long long GB = (1ULL << 30); |
1286 |
++ |
1287 |
++ /* |
1288 |
++ * This covers 32-bit emulation as well as 32-bit kernels |
1289 |
++ * running on 64-bit harware. |
1290 |
++ */ |
1291 |
++ if (!is_64bit_mm(mm)) |
1292 |
++ return (4ULL * GB) / MPX_BD_NR_ENTRIES_32; |
1293 |
++ |
1294 |
++ /* |
1295 |
++ * 'x86_virt_bits' returns what the hardware is capable |
1296 |
++ * of, and returns the full >32-bit adddress space when |
1297 |
++ * running 32-bit kernels on 64-bit hardware. |
1298 |
++ */ |
1299 |
++ virt_space = (1ULL << boot_cpu_data.x86_virt_bits); |
1300 |
++ return virt_space / MPX_BD_NR_ENTRIES_64; |
1301 |
+ } |
1302 |
+ |
1303 |
+ /* |
1304 |
+diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c |
1305 |
+index e527a3e..fa893c3 100644 |
1306 |
+--- a/drivers/bluetooth/ath3k.c |
1307 |
++++ b/drivers/bluetooth/ath3k.c |
1308 |
+@@ -93,6 +93,7 @@ static const struct usb_device_id ath3k_table[] = { |
1309 |
+ { USB_DEVICE(0x04CA, 0x300f) }, |
1310 |
+ { USB_DEVICE(0x04CA, 0x3010) }, |
1311 |
+ { USB_DEVICE(0x0930, 0x0219) }, |
1312 |
++ { USB_DEVICE(0x0930, 0x021c) }, |
1313 |
+ { USB_DEVICE(0x0930, 0x0220) }, |
1314 |
+ { USB_DEVICE(0x0930, 0x0227) }, |
1315 |
+ { USB_DEVICE(0x0b05, 0x17d0) }, |
1316 |
+@@ -104,6 +105,7 @@ static const struct usb_device_id ath3k_table[] = { |
1317 |
+ { USB_DEVICE(0x0CF3, 0x311F) }, |
1318 |
+ { USB_DEVICE(0x0cf3, 0x3121) }, |
1319 |
+ { USB_DEVICE(0x0CF3, 0x817a) }, |
1320 |
++ { USB_DEVICE(0x0CF3, 0x817b) }, |
1321 |
+ { USB_DEVICE(0x0cf3, 0xe003) }, |
1322 |
+ { USB_DEVICE(0x0CF3, 0xE004) }, |
1323 |
+ { USB_DEVICE(0x0CF3, 0xE005) }, |
1324 |
+@@ -153,6 +155,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { |
1325 |
+ { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, |
1326 |
+ { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, |
1327 |
+ { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, |
1328 |
++ { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, |
1329 |
+ { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, |
1330 |
+ { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, |
1331 |
+ { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, |
1332 |
+@@ -164,6 +167,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { |
1333 |
+ { USB_DEVICE(0x0cf3, 0x311F), .driver_info = BTUSB_ATH3012 }, |
1334 |
+ { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, |
1335 |
+ { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 }, |
1336 |
++ { USB_DEVICE(0x0CF3, 0x817b), .driver_info = BTUSB_ATH3012 }, |
1337 |
+ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, |
1338 |
+ { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, |
1339 |
+ { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, |
1340 |
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c |
1341 |
+index b4cf8d9..7d9b09f 100644 |
1342 |
+--- a/drivers/bluetooth/btusb.c |
1343 |
++++ b/drivers/bluetooth/btusb.c |
1344 |
+@@ -192,6 +192,7 @@ static const struct usb_device_id blacklist_table[] = { |
1345 |
+ { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, |
1346 |
+ { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, |
1347 |
+ { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, |
1348 |
++ { USB_DEVICE(0x0930, 0x021c), .driver_info = BTUSB_ATH3012 }, |
1349 |
+ { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, |
1350 |
+ { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 }, |
1351 |
+ { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 }, |
1352 |
+@@ -203,6 +204,7 @@ static const struct usb_device_id blacklist_table[] = { |
1353 |
+ { USB_DEVICE(0x0cf3, 0x311f), .driver_info = BTUSB_ATH3012 }, |
1354 |
+ { USB_DEVICE(0x0cf3, 0x3121), .driver_info = BTUSB_ATH3012 }, |
1355 |
+ { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, |
1356 |
++ { USB_DEVICE(0x0cf3, 0x817b), .driver_info = BTUSB_ATH3012 }, |
1357 |
+ { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, |
1358 |
+ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, |
1359 |
+ { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, |
1360 |
+diff --git a/drivers/clk/bcm/clk-iproc-pll.c b/drivers/clk/bcm/clk-iproc-pll.c |
1361 |
+index 2dda4e8..d679ab8 100644 |
1362 |
+--- a/drivers/clk/bcm/clk-iproc-pll.c |
1363 |
++++ b/drivers/clk/bcm/clk-iproc-pll.c |
1364 |
+@@ -345,8 +345,8 @@ static unsigned long iproc_pll_recalc_rate(struct clk_hw *hw, |
1365 |
+ struct iproc_pll *pll = clk->pll; |
1366 |
+ const struct iproc_pll_ctrl *ctrl = pll->ctrl; |
1367 |
+ u32 val; |
1368 |
+- u64 ndiv; |
1369 |
+- unsigned int ndiv_int, ndiv_frac, pdiv; |
1370 |
++ u64 ndiv, ndiv_int, ndiv_frac; |
1371 |
++ unsigned int pdiv; |
1372 |
+ |
1373 |
+ if (parent_rate == 0) |
1374 |
+ return 0; |
1375 |
+@@ -366,22 +366,19 @@ static unsigned long iproc_pll_recalc_rate(struct clk_hw *hw, |
1376 |
+ val = readl(pll->pll_base + ctrl->ndiv_int.offset); |
1377 |
+ ndiv_int = (val >> ctrl->ndiv_int.shift) & |
1378 |
+ bit_mask(ctrl->ndiv_int.width); |
1379 |
+- ndiv = (u64)ndiv_int << ctrl->ndiv_int.shift; |
1380 |
++ ndiv = ndiv_int << 20; |
1381 |
+ |
1382 |
+ if (ctrl->flags & IPROC_CLK_PLL_HAS_NDIV_FRAC) { |
1383 |
+ val = readl(pll->pll_base + ctrl->ndiv_frac.offset); |
1384 |
+ ndiv_frac = (val >> ctrl->ndiv_frac.shift) & |
1385 |
+ bit_mask(ctrl->ndiv_frac.width); |
1386 |
+- |
1387 |
+- if (ndiv_frac != 0) |
1388 |
+- ndiv = ((u64)ndiv_int << ctrl->ndiv_int.shift) | |
1389 |
+- ndiv_frac; |
1390 |
++ ndiv += ndiv_frac; |
1391 |
+ } |
1392 |
+ |
1393 |
+ val = readl(pll->pll_base + ctrl->pdiv.offset); |
1394 |
+ pdiv = (val >> ctrl->pdiv.shift) & bit_mask(ctrl->pdiv.width); |
1395 |
+ |
1396 |
+- clk->rate = (ndiv * parent_rate) >> ctrl->ndiv_int.shift; |
1397 |
++ clk->rate = (ndiv * parent_rate) >> 20; |
1398 |
+ |
1399 |
+ if (pdiv == 0) |
1400 |
+ clk->rate *= 2; |
1401 |
+diff --git a/drivers/clk/versatile/clk-icst.c b/drivers/clk/versatile/clk-icst.c |
1402 |
+index bc96f10..9064636 100644 |
1403 |
+--- a/drivers/clk/versatile/clk-icst.c |
1404 |
++++ b/drivers/clk/versatile/clk-icst.c |
1405 |
+@@ -156,8 +156,10 @@ struct clk *icst_clk_register(struct device *dev, |
1406 |
+ icst->lockreg = base + desc->lock_offset; |
1407 |
+ |
1408 |
+ clk = clk_register(dev, &icst->hw); |
1409 |
+- if (IS_ERR(clk)) |
1410 |
++ if (IS_ERR(clk)) { |
1411 |
++ kfree(pclone); |
1412 |
+ kfree(icst); |
1413 |
++ } |
1414 |
+ |
1415 |
+ return clk; |
1416 |
+ } |
1417 |
+diff --git a/drivers/mfd/twl6040.c b/drivers/mfd/twl6040.c |
1418 |
+index c5265c1..6aacd20 100644 |
1419 |
+--- a/drivers/mfd/twl6040.c |
1420 |
++++ b/drivers/mfd/twl6040.c |
1421 |
+@@ -647,6 +647,8 @@ static int twl6040_probe(struct i2c_client *client, |
1422 |
+ |
1423 |
+ twl6040->clk32k = devm_clk_get(&client->dev, "clk32k"); |
1424 |
+ if (IS_ERR(twl6040->clk32k)) { |
1425 |
++ if (PTR_ERR(twl6040->clk32k) == -EPROBE_DEFER) |
1426 |
++ return -EPROBE_DEFER; |
1427 |
+ dev_info(&client->dev, "clk32k is not handled\n"); |
1428 |
+ twl6040->clk32k = NULL; |
1429 |
+ } |
1430 |
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
1431 |
+index a98dd4f..cbbb1c9 100644 |
1432 |
+--- a/drivers/net/bonding/bond_main.c |
1433 |
++++ b/drivers/net/bonding/bond_main.c |
1434 |
+@@ -1751,6 +1751,7 @@ err_undo_flags: |
1435 |
+ slave_dev->dev_addr)) |
1436 |
+ eth_hw_addr_random(bond_dev); |
1437 |
+ if (bond_dev->type != ARPHRD_ETHER) { |
1438 |
++ dev_close(bond_dev); |
1439 |
+ ether_setup(bond_dev); |
1440 |
+ bond_dev->flags |= IFF_MASTER; |
1441 |
+ bond_dev->priv_flags &= ~IFF_TX_SKB_SHARING; |
1442 |
+diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c |
1443 |
+index aede704..141c2a4 100644 |
1444 |
+--- a/drivers/net/can/dev.c |
1445 |
++++ b/drivers/net/can/dev.c |
1446 |
+@@ -915,7 +915,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev) |
1447 |
+ nla_put(skb, IFLA_CAN_BITTIMING_CONST, |
1448 |
+ sizeof(*priv->bittiming_const), priv->bittiming_const)) || |
1449 |
+ |
1450 |
+- nla_put(skb, IFLA_CAN_CLOCK, sizeof(cm), &priv->clock) || |
1451 |
++ nla_put(skb, IFLA_CAN_CLOCK, sizeof(priv->clock), &priv->clock) || |
1452 |
+ nla_put_u32(skb, IFLA_CAN_STATE, state) || |
1453 |
+ nla_put(skb, IFLA_CAN_CTRLMODE, sizeof(cm), &cm) || |
1454 |
+ nla_put_u32(skb, IFLA_CAN_RESTART_MS, priv->restart_ms) || |
1455 |
+diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c |
1456 |
+index 7b92e91..f10834b 100644 |
1457 |
+--- a/drivers/net/can/sja1000/sja1000.c |
1458 |
++++ b/drivers/net/can/sja1000/sja1000.c |
1459 |
+@@ -218,6 +218,9 @@ static void sja1000_start(struct net_device *dev) |
1460 |
+ priv->write_reg(priv, SJA1000_RXERR, 0x0); |
1461 |
+ priv->read_reg(priv, SJA1000_ECC); |
1462 |
+ |
1463 |
++ /* clear interrupt flags */ |
1464 |
++ priv->read_reg(priv, SJA1000_IR); |
1465 |
++ |
1466 |
+ /* leave reset mode */ |
1467 |
+ set_normal_mode(dev); |
1468 |
+ } |
1469 |
+diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c |
1470 |
+index a4473d8..f672dba 100644 |
1471 |
+--- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c |
1472 |
++++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c |
1473 |
+@@ -1595,7 +1595,7 @@ static void xgbe_dev_xmit(struct xgbe_channel *channel) |
1474 |
+ packet->rdesc_count, 1); |
1475 |
+ |
1476 |
+ /* Make sure ownership is written to the descriptor */ |
1477 |
+- dma_wmb(); |
1478 |
++ smp_wmb(); |
1479 |
+ |
1480 |
+ ring->cur = cur_index + 1; |
1481 |
+ if (!packet->skb->xmit_more || |
1482 |
+diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c |
1483 |
+index aae9d5e..dde0486 100644 |
1484 |
+--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c |
1485 |
++++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c |
1486 |
+@@ -1807,6 +1807,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel) |
1487 |
+ struct netdev_queue *txq; |
1488 |
+ int processed = 0; |
1489 |
+ unsigned int tx_packets = 0, tx_bytes = 0; |
1490 |
++ unsigned int cur; |
1491 |
+ |
1492 |
+ DBGPR("-->xgbe_tx_poll\n"); |
1493 |
+ |
1494 |
+@@ -1814,10 +1815,15 @@ static int xgbe_tx_poll(struct xgbe_channel *channel) |
1495 |
+ if (!ring) |
1496 |
+ return 0; |
1497 |
+ |
1498 |
++ cur = ring->cur; |
1499 |
++ |
1500 |
++ /* Be sure we get ring->cur before accessing descriptor data */ |
1501 |
++ smp_rmb(); |
1502 |
++ |
1503 |
+ txq = netdev_get_tx_queue(netdev, channel->queue_index); |
1504 |
+ |
1505 |
+ while ((processed < XGBE_TX_DESC_MAX_PROC) && |
1506 |
+- (ring->dirty != ring->cur)) { |
1507 |
++ (ring->dirty != cur)) { |
1508 |
+ rdata = XGBE_GET_DESC_DATA(ring, ring->dirty); |
1509 |
+ rdesc = rdata->rdesc; |
1510 |
+ |
1511 |
+diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c |
1512 |
+index de63266d..5d1dde3 100644 |
1513 |
+--- a/drivers/net/ethernet/freescale/fec_main.c |
1514 |
++++ b/drivers/net/ethernet/freescale/fec_main.c |
1515 |
+@@ -1775,7 +1775,7 @@ static int fec_enet_mdio_read(struct mii_bus *bus, int mii_id, int regnum) |
1516 |
+ int ret = 0; |
1517 |
+ |
1518 |
+ ret = pm_runtime_get_sync(dev); |
1519 |
+- if (IS_ERR_VALUE(ret)) |
1520 |
++ if (ret < 0) |
1521 |
+ return ret; |
1522 |
+ |
1523 |
+ fep->mii_timeout = 0; |
1524 |
+@@ -1811,11 +1811,13 @@ static int fec_enet_mdio_write(struct mii_bus *bus, int mii_id, int regnum, |
1525 |
+ struct fec_enet_private *fep = bus->priv; |
1526 |
+ struct device *dev = &fep->pdev->dev; |
1527 |
+ unsigned long time_left; |
1528 |
+- int ret = 0; |
1529 |
++ int ret; |
1530 |
+ |
1531 |
+ ret = pm_runtime_get_sync(dev); |
1532 |
+- if (IS_ERR_VALUE(ret)) |
1533 |
++ if (ret < 0) |
1534 |
+ return ret; |
1535 |
++ else |
1536 |
++ ret = 0; |
1537 |
+ |
1538 |
+ fep->mii_timeout = 0; |
1539 |
+ reinit_completion(&fep->mdio_done); |
1540 |
+@@ -2866,7 +2868,7 @@ fec_enet_open(struct net_device *ndev) |
1541 |
+ int ret; |
1542 |
+ |
1543 |
+ ret = pm_runtime_get_sync(&fep->pdev->dev); |
1544 |
+- if (IS_ERR_VALUE(ret)) |
1545 |
++ if (ret < 0) |
1546 |
+ return ret; |
1547 |
+ |
1548 |
+ pinctrl_pm_select_default_state(&fep->pdev->dev); |
1549 |
+diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c |
1550 |
+index 09ec32e..7e788073 100644 |
1551 |
+--- a/drivers/net/ethernet/marvell/mvneta.c |
1552 |
++++ b/drivers/net/ethernet/marvell/mvneta.c |
1553 |
+@@ -949,7 +949,7 @@ static void mvneta_defaults_set(struct mvneta_port *pp) |
1554 |
+ /* Set CPU queue access map - all CPUs have access to all RX |
1555 |
+ * queues and to all TX queues |
1556 |
+ */ |
1557 |
+- for (cpu = 0; cpu < CONFIG_NR_CPUS; cpu++) |
1558 |
++ for_each_present_cpu(cpu) |
1559 |
+ mvreg_write(pp, MVNETA_CPU_MAP(cpu), |
1560 |
+ (MVNETA_CPU_RXQ_ACCESS_ALL_MASK | |
1561 |
+ MVNETA_CPU_TXQ_ACCESS_ALL_MASK)); |
1562 |
+@@ -1533,12 +1533,16 @@ static int mvneta_rx(struct mvneta_port *pp, int rx_todo, |
1563 |
+ } |
1564 |
+ |
1565 |
+ skb = build_skb(data, pp->frag_size > PAGE_SIZE ? 0 : pp->frag_size); |
1566 |
+- if (!skb) |
1567 |
+- goto err_drop_frame; |
1568 |
+ |
1569 |
++ /* After refill old buffer has to be unmapped regardless |
1570 |
++ * the skb is successfully built or not. |
1571 |
++ */ |
1572 |
+ dma_unmap_single(dev->dev.parent, phys_addr, |
1573 |
+ MVNETA_RX_BUF_SIZE(pp->pkt_size), DMA_FROM_DEVICE); |
1574 |
+ |
1575 |
++ if (!skb) |
1576 |
++ goto err_drop_frame; |
1577 |
++ |
1578 |
+ rcvd_pkts++; |
1579 |
+ rcvd_bytes += rx_bytes; |
1580 |
+ |
1581 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c |
1582 |
+index 0a32020..2177e56 100644 |
1583 |
+--- a/drivers/net/ethernet/mellanox/mlx4/cmd.c |
1584 |
++++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c |
1585 |
+@@ -2398,7 +2398,7 @@ int mlx4_multi_func_init(struct mlx4_dev *dev) |
1586 |
+ } |
1587 |
+ } |
1588 |
+ |
1589 |
+- memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size); |
1590 |
++ memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe)); |
1591 |
+ priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD; |
1592 |
+ INIT_WORK(&priv->mfunc.master.comm_work, |
1593 |
+ mlx4_master_comm_channel); |
1594 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c |
1595 |
+index 8e81e53..ad8f95d 100644 |
1596 |
+--- a/drivers/net/ethernet/mellanox/mlx4/eq.c |
1597 |
++++ b/drivers/net/ethernet/mellanox/mlx4/eq.c |
1598 |
+@@ -196,7 +196,7 @@ static void slave_event(struct mlx4_dev *dev, u8 slave, struct mlx4_eqe *eqe) |
1599 |
+ return; |
1600 |
+ } |
1601 |
+ |
1602 |
+- memcpy(s_eqe, eqe, dev->caps.eqe_size - 1); |
1603 |
++ memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1); |
1604 |
+ s_eqe->slave_id = slave; |
1605 |
+ /* ensure all information is written before setting the ownersip bit */ |
1606 |
+ dma_wmb(); |
1607 |
+diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c |
1608 |
+index b1a4ea2..4dd18f4 100644 |
1609 |
+--- a/drivers/net/ethernet/sfc/ef10.c |
1610 |
++++ b/drivers/net/ethernet/sfc/ef10.c |
1611 |
+@@ -1809,7 +1809,9 @@ static void efx_ef10_tx_write(struct efx_tx_queue *tx_queue) |
1612 |
+ unsigned int write_ptr; |
1613 |
+ efx_qword_t *txd; |
1614 |
+ |
1615 |
+- BUG_ON(tx_queue->write_count == tx_queue->insert_count); |
1616 |
++ tx_queue->xmit_more_available = false; |
1617 |
++ if (unlikely(tx_queue->write_count == tx_queue->insert_count)) |
1618 |
++ return; |
1619 |
+ |
1620 |
+ do { |
1621 |
+ write_ptr = tx_queue->write_count & tx_queue->ptr_mask; |
1622 |
+diff --git a/drivers/net/ethernet/sfc/farch.c b/drivers/net/ethernet/sfc/farch.c |
1623 |
+index f08266f..5a1c5a8 100644 |
1624 |
+--- a/drivers/net/ethernet/sfc/farch.c |
1625 |
++++ b/drivers/net/ethernet/sfc/farch.c |
1626 |
+@@ -321,7 +321,9 @@ void efx_farch_tx_write(struct efx_tx_queue *tx_queue) |
1627 |
+ unsigned write_ptr; |
1628 |
+ unsigned old_write_count = tx_queue->write_count; |
1629 |
+ |
1630 |
+- BUG_ON(tx_queue->write_count == tx_queue->insert_count); |
1631 |
++ tx_queue->xmit_more_available = false; |
1632 |
++ if (unlikely(tx_queue->write_count == tx_queue->insert_count)) |
1633 |
++ return; |
1634 |
+ |
1635 |
+ do { |
1636 |
+ write_ptr = tx_queue->write_count & tx_queue->ptr_mask; |
1637 |
+diff --git a/drivers/net/ethernet/sfc/net_driver.h b/drivers/net/ethernet/sfc/net_driver.h |
1638 |
+index 47d1e3a..b8e8ce1 100644 |
1639 |
+--- a/drivers/net/ethernet/sfc/net_driver.h |
1640 |
++++ b/drivers/net/ethernet/sfc/net_driver.h |
1641 |
+@@ -219,6 +219,7 @@ struct efx_tx_buffer { |
1642 |
+ * @tso_packets: Number of packets via the TSO xmit path |
1643 |
+ * @pushes: Number of times the TX push feature has been used |
1644 |
+ * @pio_packets: Number of times the TX PIO feature has been used |
1645 |
++ * @xmit_more_available: Are any packets waiting to be pushed to the NIC |
1646 |
+ * @empty_read_count: If the completion path has seen the queue as empty |
1647 |
+ * and the transmission path has not yet checked this, the value of |
1648 |
+ * @read_count bitwise-added to %EFX_EMPTY_COUNT_VALID; otherwise 0. |
1649 |
+@@ -253,6 +254,7 @@ struct efx_tx_queue { |
1650 |
+ unsigned int tso_packets; |
1651 |
+ unsigned int pushes; |
1652 |
+ unsigned int pio_packets; |
1653 |
++ bool xmit_more_available; |
1654 |
+ /* Statistics to supplement MAC stats */ |
1655 |
+ unsigned long tx_packets; |
1656 |
+ |
1657 |
+diff --git a/drivers/net/ethernet/sfc/tx.c b/drivers/net/ethernet/sfc/tx.c |
1658 |
+index 1833a01..67f6afa 100644 |
1659 |
+--- a/drivers/net/ethernet/sfc/tx.c |
1660 |
++++ b/drivers/net/ethernet/sfc/tx.c |
1661 |
+@@ -431,8 +431,20 @@ finish_packet: |
1662 |
+ efx_tx_maybe_stop_queue(tx_queue); |
1663 |
+ |
1664 |
+ /* Pass off to hardware */ |
1665 |
+- if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq)) |
1666 |
++ if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq)) { |
1667 |
++ struct efx_tx_queue *txq2 = efx_tx_queue_partner(tx_queue); |
1668 |
++ |
1669 |
++ /* There could be packets left on the partner queue if those |
1670 |
++ * SKBs had skb->xmit_more set. If we do not push those they |
1671 |
++ * could be left for a long time and cause a netdev watchdog. |
1672 |
++ */ |
1673 |
++ if (txq2->xmit_more_available) |
1674 |
++ efx_nic_push_buffers(txq2); |
1675 |
++ |
1676 |
+ efx_nic_push_buffers(tx_queue); |
1677 |
++ } else { |
1678 |
++ tx_queue->xmit_more_available = skb->xmit_more; |
1679 |
++ } |
1680 |
+ |
1681 |
+ tx_queue->tx_packets++; |
1682 |
+ |
1683 |
+@@ -722,6 +734,7 @@ void efx_init_tx_queue(struct efx_tx_queue *tx_queue) |
1684 |
+ tx_queue->read_count = 0; |
1685 |
+ tx_queue->old_read_count = 0; |
1686 |
+ tx_queue->empty_read_count = 0 | EFX_EMPTY_COUNT_VALID; |
1687 |
++ tx_queue->xmit_more_available = false; |
1688 |
+ |
1689 |
+ /* Set up TX descriptor ring */ |
1690 |
+ efx_nic_init_tx(tx_queue); |
1691 |
+@@ -747,6 +760,7 @@ void efx_fini_tx_queue(struct efx_tx_queue *tx_queue) |
1692 |
+ |
1693 |
+ ++tx_queue->read_count; |
1694 |
+ } |
1695 |
++ tx_queue->xmit_more_available = false; |
1696 |
+ netdev_tx_reset_queue(tx_queue->core_txq); |
1697 |
+ } |
1698 |
+ |
1699 |
+@@ -1302,8 +1316,20 @@ static int efx_enqueue_skb_tso(struct efx_tx_queue *tx_queue, |
1700 |
+ efx_tx_maybe_stop_queue(tx_queue); |
1701 |
+ |
1702 |
+ /* Pass off to hardware */ |
1703 |
+- if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq)) |
1704 |
++ if (!skb->xmit_more || netif_xmit_stopped(tx_queue->core_txq)) { |
1705 |
++ struct efx_tx_queue *txq2 = efx_tx_queue_partner(tx_queue); |
1706 |
++ |
1707 |
++ /* There could be packets left on the partner queue if those |
1708 |
++ * SKBs had skb->xmit_more set. If we do not push those they |
1709 |
++ * could be left for a long time and cause a netdev watchdog. |
1710 |
++ */ |
1711 |
++ if (txq2->xmit_more_available) |
1712 |
++ efx_nic_push_buffers(txq2); |
1713 |
++ |
1714 |
+ efx_nic_push_buffers(tx_queue); |
1715 |
++ } else { |
1716 |
++ tx_queue->xmit_more_available = skb->xmit_more; |
1717 |
++ } |
1718 |
+ |
1719 |
+ tx_queue->tso_bursts++; |
1720 |
+ return NETDEV_TX_OK; |
1721 |
+diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c |
1722 |
+index 771cda2..2e51b81 100644 |
1723 |
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c |
1724 |
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c |
1725 |
+@@ -721,10 +721,13 @@ static int stmmac_get_ts_info(struct net_device *dev, |
1726 |
+ { |
1727 |
+ struct stmmac_priv *priv = netdev_priv(dev); |
1728 |
+ |
1729 |
+- if ((priv->hwts_tx_en) && (priv->hwts_rx_en)) { |
1730 |
++ if ((priv->dma_cap.time_stamp || priv->dma_cap.atime_stamp)) { |
1731 |
+ |
1732 |
+- info->so_timestamping = SOF_TIMESTAMPING_TX_HARDWARE | |
1733 |
++ info->so_timestamping = SOF_TIMESTAMPING_TX_SOFTWARE | |
1734 |
++ SOF_TIMESTAMPING_TX_HARDWARE | |
1735 |
++ SOF_TIMESTAMPING_RX_SOFTWARE | |
1736 |
+ SOF_TIMESTAMPING_RX_HARDWARE | |
1737 |
++ SOF_TIMESTAMPING_SOFTWARE | |
1738 |
+ SOF_TIMESTAMPING_RAW_HARDWARE; |
1739 |
+ |
1740 |
+ if (priv->ptp_clock) |
1741 |
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c |
1742 |
+index 248478c..197c939 100644 |
1743 |
+--- a/drivers/net/macvtap.c |
1744 |
++++ b/drivers/net/macvtap.c |
1745 |
+@@ -137,7 +137,7 @@ static const struct proto_ops macvtap_socket_ops; |
1746 |
+ #define TUN_OFFLOADS (NETIF_F_HW_CSUM | NETIF_F_TSO_ECN | NETIF_F_TSO | \ |
1747 |
+ NETIF_F_TSO6 | NETIF_F_UFO) |
1748 |
+ #define RX_OFFLOADS (NETIF_F_GRO | NETIF_F_LRO) |
1749 |
+-#define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG) |
1750 |
++#define TAP_FEATURES (NETIF_F_GSO | NETIF_F_SG | NETIF_F_FRAGLIST) |
1751 |
+ |
1752 |
+ static struct macvlan_dev *macvtap_get_vlan_rcu(const struct net_device *dev) |
1753 |
+ { |
1754 |
+diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c |
1755 |
+index 2ed7506..5e0b432 100644 |
1756 |
+--- a/drivers/net/ppp/pppoe.c |
1757 |
++++ b/drivers/net/ppp/pppoe.c |
1758 |
+@@ -589,7 +589,7 @@ static int pppoe_release(struct socket *sock) |
1759 |
+ |
1760 |
+ po = pppox_sk(sk); |
1761 |
+ |
1762 |
+- if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) { |
1763 |
++ if (po->pppoe_dev) { |
1764 |
+ dev_put(po->pppoe_dev); |
1765 |
+ po->pppoe_dev = NULL; |
1766 |
+ } |
1767 |
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
1768 |
+index 64a60af..8f1738c 100644 |
1769 |
+--- a/drivers/net/usb/qmi_wwan.c |
1770 |
++++ b/drivers/net/usb/qmi_wwan.c |
1771 |
+@@ -765,6 +765,10 @@ static const struct usb_device_id products[] = { |
1772 |
+ {QMI_FIXED_INTF(0x1199, 0x9056, 8)}, /* Sierra Wireless Modem */ |
1773 |
+ {QMI_FIXED_INTF(0x1199, 0x9057, 8)}, |
1774 |
+ {QMI_FIXED_INTF(0x1199, 0x9061, 8)}, /* Sierra Wireless Modem */ |
1775 |
++ {QMI_FIXED_INTF(0x1199, 0x9070, 8)}, /* Sierra Wireless MC74xx/EM74xx */ |
1776 |
++ {QMI_FIXED_INTF(0x1199, 0x9070, 10)}, /* Sierra Wireless MC74xx/EM74xx */ |
1777 |
++ {QMI_FIXED_INTF(0x1199, 0x9071, 8)}, /* Sierra Wireless MC74xx/EM74xx */ |
1778 |
++ {QMI_FIXED_INTF(0x1199, 0x9071, 10)}, /* Sierra Wireless MC74xx/EM74xx */ |
1779 |
+ {QMI_FIXED_INTF(0x1bbb, 0x011e, 4)}, /* Telekom Speedstick LTE II (Alcatel One Touch L100V LTE) */ |
1780 |
+ {QMI_FIXED_INTF(0x1bbb, 0x0203, 2)}, /* Alcatel L800MA */ |
1781 |
+ {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */ |
1782 |
+diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c |
1783 |
+index 0d3c474..a5ea8a9 100644 |
1784 |
+--- a/drivers/net/wireless/ath/ath10k/mac.c |
1785 |
++++ b/drivers/net/wireless/ath/ath10k/mac.c |
1786 |
+@@ -2070,7 +2070,8 @@ static void ath10k_peer_assoc_h_ht(struct ath10k *ar, |
1787 |
+ enum ieee80211_band band; |
1788 |
+ const u8 *ht_mcs_mask; |
1789 |
+ const u16 *vht_mcs_mask; |
1790 |
+- int i, n, max_nss; |
1791 |
++ int i, n; |
1792 |
++ u8 max_nss; |
1793 |
+ u32 stbc; |
1794 |
+ |
1795 |
+ lockdep_assert_held(&ar->conf_mutex); |
1796 |
+@@ -2155,7 +2156,7 @@ static void ath10k_peer_assoc_h_ht(struct ath10k *ar, |
1797 |
+ arg->peer_ht_rates.rates[i] = i; |
1798 |
+ } else { |
1799 |
+ arg->peer_ht_rates.num_rates = n; |
1800 |
+- arg->peer_num_spatial_streams = max_nss; |
1801 |
++ arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss); |
1802 |
+ } |
1803 |
+ |
1804 |
+ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n", |
1805 |
+@@ -4021,7 +4022,7 @@ static int ath10k_config(struct ieee80211_hw *hw, u32 changed) |
1806 |
+ |
1807 |
+ static u32 get_nss_from_chainmask(u16 chain_mask) |
1808 |
+ { |
1809 |
+- if ((chain_mask & 0x15) == 0x15) |
1810 |
++ if ((chain_mask & 0xf) == 0xf) |
1811 |
+ return 4; |
1812 |
+ else if ((chain_mask & 0x7) == 0x7) |
1813 |
+ return 3; |
1814 |
+diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c |
1815 |
+index 865d578d..fd6aef7 100644 |
1816 |
+--- a/drivers/net/wireless/iwlwifi/pcie/drv.c |
1817 |
++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c |
1818 |
+@@ -423,14 +423,21 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
1819 |
+ /* 8000 Series */ |
1820 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0010, iwl8260_2ac_cfg)}, |
1821 |
+ {IWL_PCI_DEVICE(0x24F3, 0x1010, iwl8260_2ac_cfg)}, |
1822 |
++ {IWL_PCI_DEVICE(0x24F3, 0x0130, iwl8260_2ac_cfg)}, |
1823 |
++ {IWL_PCI_DEVICE(0x24F3, 0x1130, iwl8260_2ac_cfg)}, |
1824 |
++ {IWL_PCI_DEVICE(0x24F3, 0x0132, iwl8260_2ac_cfg)}, |
1825 |
++ {IWL_PCI_DEVICE(0x24F3, 0x1132, iwl8260_2ac_cfg)}, |
1826 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0110, iwl8260_2ac_cfg)}, |
1827 |
++ {IWL_PCI_DEVICE(0x24F3, 0x01F0, iwl8260_2ac_cfg)}, |
1828 |
++ {IWL_PCI_DEVICE(0x24F3, 0x0012, iwl8260_2ac_cfg)}, |
1829 |
++ {IWL_PCI_DEVICE(0x24F3, 0x1012, iwl8260_2ac_cfg)}, |
1830 |
+ {IWL_PCI_DEVICE(0x24F3, 0x1110, iwl8260_2ac_cfg)}, |
1831 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0050, iwl8260_2ac_cfg)}, |
1832 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0250, iwl8260_2ac_cfg)}, |
1833 |
+ {IWL_PCI_DEVICE(0x24F3, 0x1050, iwl8260_2ac_cfg)}, |
1834 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0150, iwl8260_2ac_cfg)}, |
1835 |
++ {IWL_PCI_DEVICE(0x24F3, 0x1150, iwl8260_2ac_cfg)}, |
1836 |
+ {IWL_PCI_DEVICE(0x24F4, 0x0030, iwl8260_2ac_cfg)}, |
1837 |
+- {IWL_PCI_DEVICE(0x24F4, 0x1130, iwl8260_2ac_cfg)}, |
1838 |
+ {IWL_PCI_DEVICE(0x24F4, 0x1030, iwl8260_2ac_cfg)}, |
1839 |
+ {IWL_PCI_DEVICE(0x24F3, 0xC010, iwl8260_2ac_cfg)}, |
1840 |
+ {IWL_PCI_DEVICE(0x24F3, 0xC110, iwl8260_2ac_cfg)}, |
1841 |
+@@ -438,18 +445,28 @@ static const struct pci_device_id iwl_hw_card_ids[] = { |
1842 |
+ {IWL_PCI_DEVICE(0x24F3, 0xC050, iwl8260_2ac_cfg)}, |
1843 |
+ {IWL_PCI_DEVICE(0x24F3, 0xD050, iwl8260_2ac_cfg)}, |
1844 |
+ {IWL_PCI_DEVICE(0x24F3, 0x8010, iwl8260_2ac_cfg)}, |
1845 |
++ {IWL_PCI_DEVICE(0x24F3, 0x8110, iwl8260_2ac_cfg)}, |
1846 |
+ {IWL_PCI_DEVICE(0x24F3, 0x9010, iwl8260_2ac_cfg)}, |
1847 |
++ {IWL_PCI_DEVICE(0x24F3, 0x9110, iwl8260_2ac_cfg)}, |
1848 |
+ {IWL_PCI_DEVICE(0x24F4, 0x8030, iwl8260_2ac_cfg)}, |
1849 |
+ {IWL_PCI_DEVICE(0x24F4, 0x9030, iwl8260_2ac_cfg)}, |
1850 |
++ {IWL_PCI_DEVICE(0x24F3, 0x8130, iwl8260_2ac_cfg)}, |
1851 |
++ {IWL_PCI_DEVICE(0x24F3, 0x9130, iwl8260_2ac_cfg)}, |
1852 |
++ {IWL_PCI_DEVICE(0x24F3, 0x8132, iwl8260_2ac_cfg)}, |
1853 |
++ {IWL_PCI_DEVICE(0x24F3, 0x9132, iwl8260_2ac_cfg)}, |
1854 |
+ {IWL_PCI_DEVICE(0x24F3, 0x8050, iwl8260_2ac_cfg)}, |
1855 |
++ {IWL_PCI_DEVICE(0x24F3, 0x8150, iwl8260_2ac_cfg)}, |
1856 |
+ {IWL_PCI_DEVICE(0x24F3, 0x9050, iwl8260_2ac_cfg)}, |
1857 |
++ {IWL_PCI_DEVICE(0x24F3, 0x9150, iwl8260_2ac_cfg)}, |
1858 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0004, iwl8260_2n_cfg)}, |
1859 |
++ {IWL_PCI_DEVICE(0x24F3, 0x0044, iwl8260_2n_cfg)}, |
1860 |
+ {IWL_PCI_DEVICE(0x24F5, 0x0010, iwl4165_2ac_cfg)}, |
1861 |
+ {IWL_PCI_DEVICE(0x24F6, 0x0030, iwl4165_2ac_cfg)}, |
1862 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0810, iwl8260_2ac_cfg)}, |
1863 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0910, iwl8260_2ac_cfg)}, |
1864 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0850, iwl8260_2ac_cfg)}, |
1865 |
+ {IWL_PCI_DEVICE(0x24F3, 0x0950, iwl8260_2ac_cfg)}, |
1866 |
++ {IWL_PCI_DEVICE(0x24F3, 0x0930, iwl8260_2ac_cfg)}, |
1867 |
+ #endif /* CONFIG_IWLMVM */ |
1868 |
+ |
1869 |
+ {0} |
1870 |
+diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c |
1871 |
+index 9e144e7..dab9b91 100644 |
1872 |
+--- a/drivers/net/wireless/iwlwifi/pcie/trans.c |
1873 |
++++ b/drivers/net/wireless/iwlwifi/pcie/trans.c |
1874 |
+@@ -592,10 +592,8 @@ static int iwl_pcie_prepare_card_hw(struct iwl_trans *trans) |
1875 |
+ |
1876 |
+ do { |
1877 |
+ ret = iwl_pcie_set_hw_ready(trans); |
1878 |
+- if (ret >= 0) { |
1879 |
+- ret = 0; |
1880 |
+- goto out; |
1881 |
+- } |
1882 |
++ if (ret >= 0) |
1883 |
++ return 0; |
1884 |
+ |
1885 |
+ usleep_range(200, 1000); |
1886 |
+ t += 200; |
1887 |
+@@ -605,10 +603,6 @@ static int iwl_pcie_prepare_card_hw(struct iwl_trans *trans) |
1888 |
+ |
1889 |
+ IWL_ERR(trans, "Couldn't prepare the card\n"); |
1890 |
+ |
1891 |
+-out: |
1892 |
+- iwl_clear_bit(trans, CSR_DBG_LINK_PWR_MGMT_REG, |
1893 |
+- CSR_RESET_LINK_PWR_MGMT_DISABLED); |
1894 |
+- |
1895 |
+ return ret; |
1896 |
+ } |
1897 |
+ |
1898 |
+diff --git a/drivers/net/wireless/mwifiex/debugfs.c b/drivers/net/wireless/mwifiex/debugfs.c |
1899 |
+index 5a0636d4..5583856 100644 |
1900 |
+--- a/drivers/net/wireless/mwifiex/debugfs.c |
1901 |
++++ b/drivers/net/wireless/mwifiex/debugfs.c |
1902 |
+@@ -731,7 +731,7 @@ mwifiex_rdeeprom_read(struct file *file, char __user *ubuf, |
1903 |
+ (struct mwifiex_private *) file->private_data; |
1904 |
+ unsigned long addr = get_zeroed_page(GFP_KERNEL); |
1905 |
+ char *buf = (char *) addr; |
1906 |
+- int pos = 0, ret = 0, i; |
1907 |
++ int pos, ret, i; |
1908 |
+ u8 value[MAX_EEPROM_DATA]; |
1909 |
+ |
1910 |
+ if (!buf) |
1911 |
+@@ -739,7 +739,7 @@ mwifiex_rdeeprom_read(struct file *file, char __user *ubuf, |
1912 |
+ |
1913 |
+ if (saved_offset == -1) { |
1914 |
+ /* No command has been given */ |
1915 |
+- pos += snprintf(buf, PAGE_SIZE, "0"); |
1916 |
++ pos = snprintf(buf, PAGE_SIZE, "0"); |
1917 |
+ goto done; |
1918 |
+ } |
1919 |
+ |
1920 |
+@@ -748,17 +748,17 @@ mwifiex_rdeeprom_read(struct file *file, char __user *ubuf, |
1921 |
+ (u16) saved_bytes, value); |
1922 |
+ if (ret) { |
1923 |
+ ret = -EINVAL; |
1924 |
+- goto done; |
1925 |
++ goto out_free; |
1926 |
+ } |
1927 |
+ |
1928 |
+- pos += snprintf(buf, PAGE_SIZE, "%d %d ", saved_offset, saved_bytes); |
1929 |
++ pos = snprintf(buf, PAGE_SIZE, "%d %d ", saved_offset, saved_bytes); |
1930 |
+ |
1931 |
+ for (i = 0; i < saved_bytes; i++) |
1932 |
+- pos += snprintf(buf + strlen(buf), PAGE_SIZE, "%d ", value[i]); |
1933 |
+- |
1934 |
+- ret = simple_read_from_buffer(ubuf, count, ppos, buf, pos); |
1935 |
++ pos += scnprintf(buf + pos, PAGE_SIZE - pos, "%d ", value[i]); |
1936 |
+ |
1937 |
+ done: |
1938 |
++ ret = simple_read_from_buffer(ubuf, count, ppos, buf, pos); |
1939 |
++out_free: |
1940 |
+ free_page(addr); |
1941 |
+ return ret; |
1942 |
+ } |
1943 |
+diff --git a/drivers/staging/lustre/include/linux/lnet/lib-lnet.h b/drivers/staging/lustre/include/linux/lnet/lib-lnet.h |
1944 |
+index a9c9a07..bc3d907 100644 |
1945 |
+--- a/drivers/staging/lustre/include/linux/lnet/lib-lnet.h |
1946 |
++++ b/drivers/staging/lustre/include/linux/lnet/lib-lnet.h |
1947 |
+@@ -680,7 +680,7 @@ void lnet_debug_peer(lnet_nid_t nid); |
1948 |
+ static inline void |
1949 |
+ lnet_peer_set_alive(lnet_peer_t *lp) |
1950 |
+ { |
1951 |
+- lp->lp_last_alive = lp->lp_last_query = get_seconds(); |
1952 |
++ lp->lp_last_alive = lp->lp_last_query = jiffies; |
1953 |
+ if (!lp->lp_alive) |
1954 |
+ lnet_notify_locked(lp, 0, 1, lp->lp_last_alive); |
1955 |
+ } |
1956 |
+diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c |
1957 |
+index f8b5b33..943a0e2 100644 |
1958 |
+--- a/drivers/staging/rtl8712/usb_intf.c |
1959 |
++++ b/drivers/staging/rtl8712/usb_intf.c |
1960 |
+@@ -144,6 +144,7 @@ static struct usb_device_id rtl871x_usb_id_tbl[] = { |
1961 |
+ {USB_DEVICE(0x0DF6, 0x0058)}, |
1962 |
+ {USB_DEVICE(0x0DF6, 0x0049)}, |
1963 |
+ {USB_DEVICE(0x0DF6, 0x004C)}, |
1964 |
++ {USB_DEVICE(0x0DF6, 0x006C)}, |
1965 |
+ {USB_DEVICE(0x0DF6, 0x0064)}, |
1966 |
+ /* Skyworth */ |
1967 |
+ {USB_DEVICE(0x14b2, 0x3300)}, |
1968 |
+diff --git a/drivers/tty/mips_ejtag_fdc.c b/drivers/tty/mips_ejtag_fdc.c |
1969 |
+index 358323c..43a2ba0 100644 |
1970 |
+--- a/drivers/tty/mips_ejtag_fdc.c |
1971 |
++++ b/drivers/tty/mips_ejtag_fdc.c |
1972 |
+@@ -1045,38 +1045,6 @@ err_destroy_ports: |
1973 |
+ return ret; |
1974 |
+ } |
1975 |
+ |
1976 |
+-static int mips_ejtag_fdc_tty_remove(struct mips_cdmm_device *dev) |
1977 |
+-{ |
1978 |
+- struct mips_ejtag_fdc_tty *priv = mips_cdmm_get_drvdata(dev); |
1979 |
+- struct mips_ejtag_fdc_tty_port *dport; |
1980 |
+- int nport; |
1981 |
+- unsigned int cfg; |
1982 |
+- |
1983 |
+- if (priv->irq >= 0) { |
1984 |
+- raw_spin_lock_irq(&priv->lock); |
1985 |
+- cfg = mips_ejtag_fdc_read(priv, REG_FDCFG); |
1986 |
+- /* Disable interrupts */ |
1987 |
+- cfg &= ~(REG_FDCFG_TXINTTHRES | REG_FDCFG_RXINTTHRES); |
1988 |
+- cfg |= REG_FDCFG_TXINTTHRES_DISABLED; |
1989 |
+- cfg |= REG_FDCFG_RXINTTHRES_DISABLED; |
1990 |
+- mips_ejtag_fdc_write(priv, REG_FDCFG, cfg); |
1991 |
+- raw_spin_unlock_irq(&priv->lock); |
1992 |
+- } else { |
1993 |
+- priv->removing = true; |
1994 |
+- del_timer_sync(&priv->poll_timer); |
1995 |
+- } |
1996 |
+- kthread_stop(priv->thread); |
1997 |
+- if (dev->cpu == 0) |
1998 |
+- mips_ejtag_fdc_con.tty_drv = NULL; |
1999 |
+- tty_unregister_driver(priv->driver); |
2000 |
+- for (nport = 0; nport < NUM_TTY_CHANNELS; nport++) { |
2001 |
+- dport = &priv->ports[nport]; |
2002 |
+- tty_port_destroy(&dport->port); |
2003 |
+- } |
2004 |
+- put_tty_driver(priv->driver); |
2005 |
+- return 0; |
2006 |
+-} |
2007 |
+- |
2008 |
+ static int mips_ejtag_fdc_tty_cpu_down(struct mips_cdmm_device *dev) |
2009 |
+ { |
2010 |
+ struct mips_ejtag_fdc_tty *priv = mips_cdmm_get_drvdata(dev); |
2011 |
+@@ -1149,12 +1117,11 @@ static struct mips_cdmm_driver mips_ejtag_fdc_tty_driver = { |
2012 |
+ .name = "mips_ejtag_fdc", |
2013 |
+ }, |
2014 |
+ .probe = mips_ejtag_fdc_tty_probe, |
2015 |
+- .remove = mips_ejtag_fdc_tty_remove, |
2016 |
+ .cpu_down = mips_ejtag_fdc_tty_cpu_down, |
2017 |
+ .cpu_up = mips_ejtag_fdc_tty_cpu_up, |
2018 |
+ .id_table = mips_ejtag_fdc_tty_ids, |
2019 |
+ }; |
2020 |
+-module_mips_cdmm_driver(mips_ejtag_fdc_tty_driver); |
2021 |
++builtin_mips_cdmm_driver(mips_ejtag_fdc_tty_driver); |
2022 |
+ |
2023 |
+ static int __init mips_ejtag_fdc_init_console(void) |
2024 |
+ { |
2025 |
+diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
2026 |
+index afc1879..dedac8a 100644 |
2027 |
+--- a/drivers/tty/n_tty.c |
2028 |
++++ b/drivers/tty/n_tty.c |
2029 |
+@@ -169,7 +169,7 @@ static inline int tty_copy_to_user(struct tty_struct *tty, |
2030 |
+ { |
2031 |
+ struct n_tty_data *ldata = tty->disc_data; |
2032 |
+ |
2033 |
+- tty_audit_add_data(tty, to, n, ldata->icanon); |
2034 |
++ tty_audit_add_data(tty, from, n, ldata->icanon); |
2035 |
+ return copy_to_user(to, from, n); |
2036 |
+ } |
2037 |
+ |
2038 |
+diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c |
2039 |
+index 90ca082..3d245cd 100644 |
2040 |
+--- a/drivers/tty/tty_audit.c |
2041 |
++++ b/drivers/tty/tty_audit.c |
2042 |
+@@ -265,7 +265,7 @@ static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty, |
2043 |
+ * |
2044 |
+ * Audit @data of @size from @tty, if necessary. |
2045 |
+ */ |
2046 |
+-void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, |
2047 |
++void tty_audit_add_data(struct tty_struct *tty, const void *data, |
2048 |
+ size_t size, unsigned icanon) |
2049 |
+ { |
2050 |
+ struct tty_audit_buf *buf; |
2051 |
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
2052 |
+index 774df35..1aa0286 100644 |
2053 |
+--- a/drivers/tty/tty_io.c |
2054 |
++++ b/drivers/tty/tty_io.c |
2055 |
+@@ -1279,18 +1279,22 @@ int tty_send_xchar(struct tty_struct *tty, char ch) |
2056 |
+ int was_stopped = tty->stopped; |
2057 |
+ |
2058 |
+ if (tty->ops->send_xchar) { |
2059 |
++ down_read(&tty->termios_rwsem); |
2060 |
+ tty->ops->send_xchar(tty, ch); |
2061 |
++ up_read(&tty->termios_rwsem); |
2062 |
+ return 0; |
2063 |
+ } |
2064 |
+ |
2065 |
+ if (tty_write_lock(tty, 0) < 0) |
2066 |
+ return -ERESTARTSYS; |
2067 |
+ |
2068 |
++ down_read(&tty->termios_rwsem); |
2069 |
+ if (was_stopped) |
2070 |
+ start_tty(tty); |
2071 |
+ tty->ops->write(tty, &ch, 1); |
2072 |
+ if (was_stopped) |
2073 |
+ stop_tty(tty); |
2074 |
++ up_read(&tty->termios_rwsem); |
2075 |
+ tty_write_unlock(tty); |
2076 |
+ return 0; |
2077 |
+ } |
2078 |
+diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c |
2079 |
+index 5232fb6..043e332 100644 |
2080 |
+--- a/drivers/tty/tty_ioctl.c |
2081 |
++++ b/drivers/tty/tty_ioctl.c |
2082 |
+@@ -1142,16 +1142,12 @@ int n_tty_ioctl_helper(struct tty_struct *tty, struct file *file, |
2083 |
+ spin_unlock_irq(&tty->flow_lock); |
2084 |
+ break; |
2085 |
+ case TCIOFF: |
2086 |
+- down_read(&tty->termios_rwsem); |
2087 |
+ if (STOP_CHAR(tty) != __DISABLED_CHAR) |
2088 |
+ retval = tty_send_xchar(tty, STOP_CHAR(tty)); |
2089 |
+- up_read(&tty->termios_rwsem); |
2090 |
+ break; |
2091 |
+ case TCION: |
2092 |
+- down_read(&tty->termios_rwsem); |
2093 |
+ if (START_CHAR(tty) != __DISABLED_CHAR) |
2094 |
+ retval = tty_send_xchar(tty, START_CHAR(tty)); |
2095 |
+- up_read(&tty->termios_rwsem); |
2096 |
+ break; |
2097 |
+ default: |
2098 |
+ return -EINVAL; |
2099 |
+diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c |
2100 |
+index fa77432..846ceb9 100644 |
2101 |
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c |
2102 |
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c |
2103 |
+@@ -68,6 +68,12 @@ struct ci_hdrc_imx_data { |
2104 |
+ struct imx_usbmisc_data *usbmisc_data; |
2105 |
+ bool supports_runtime_pm; |
2106 |
+ bool in_lpm; |
2107 |
++ /* SoC before i.mx6 (except imx23/imx28) needs three clks */ |
2108 |
++ bool need_three_clks; |
2109 |
++ struct clk *clk_ipg; |
2110 |
++ struct clk *clk_ahb; |
2111 |
++ struct clk *clk_per; |
2112 |
++ /* --------------------------------- */ |
2113 |
+ }; |
2114 |
+ |
2115 |
+ /* Common functions shared by usbmisc drivers */ |
2116 |
+@@ -119,6 +125,102 @@ static struct imx_usbmisc_data *usbmisc_get_init_data(struct device *dev) |
2117 |
+ } |
2118 |
+ |
2119 |
+ /* End of common functions shared by usbmisc drivers*/ |
2120 |
++static int imx_get_clks(struct device *dev) |
2121 |
++{ |
2122 |
++ struct ci_hdrc_imx_data *data = dev_get_drvdata(dev); |
2123 |
++ int ret = 0; |
2124 |
++ |
2125 |
++ data->clk_ipg = devm_clk_get(dev, "ipg"); |
2126 |
++ if (IS_ERR(data->clk_ipg)) { |
2127 |
++ /* If the platform only needs one clocks */ |
2128 |
++ data->clk = devm_clk_get(dev, NULL); |
2129 |
++ if (IS_ERR(data->clk)) { |
2130 |
++ ret = PTR_ERR(data->clk); |
2131 |
++ dev_err(dev, |
2132 |
++ "Failed to get clks, err=%ld,%ld\n", |
2133 |
++ PTR_ERR(data->clk), PTR_ERR(data->clk_ipg)); |
2134 |
++ return ret; |
2135 |
++ } |
2136 |
++ return ret; |
2137 |
++ } |
2138 |
++ |
2139 |
++ data->clk_ahb = devm_clk_get(dev, "ahb"); |
2140 |
++ if (IS_ERR(data->clk_ahb)) { |
2141 |
++ ret = PTR_ERR(data->clk_ahb); |
2142 |
++ dev_err(dev, |
2143 |
++ "Failed to get ahb clock, err=%d\n", ret); |
2144 |
++ return ret; |
2145 |
++ } |
2146 |
++ |
2147 |
++ data->clk_per = devm_clk_get(dev, "per"); |
2148 |
++ if (IS_ERR(data->clk_per)) { |
2149 |
++ ret = PTR_ERR(data->clk_per); |
2150 |
++ dev_err(dev, |
2151 |
++ "Failed to get per clock, err=%d\n", ret); |
2152 |
++ return ret; |
2153 |
++ } |
2154 |
++ |
2155 |
++ data->need_three_clks = true; |
2156 |
++ return ret; |
2157 |
++} |
2158 |
++ |
2159 |
++static int imx_prepare_enable_clks(struct device *dev) |
2160 |
++{ |
2161 |
++ struct ci_hdrc_imx_data *data = dev_get_drvdata(dev); |
2162 |
++ int ret = 0; |
2163 |
++ |
2164 |
++ if (data->need_three_clks) { |
2165 |
++ ret = clk_prepare_enable(data->clk_ipg); |
2166 |
++ if (ret) { |
2167 |
++ dev_err(dev, |
2168 |
++ "Failed to prepare/enable ipg clk, err=%d\n", |
2169 |
++ ret); |
2170 |
++ return ret; |
2171 |
++ } |
2172 |
++ |
2173 |
++ ret = clk_prepare_enable(data->clk_ahb); |
2174 |
++ if (ret) { |
2175 |
++ dev_err(dev, |
2176 |
++ "Failed to prepare/enable ahb clk, err=%d\n", |
2177 |
++ ret); |
2178 |
++ clk_disable_unprepare(data->clk_ipg); |
2179 |
++ return ret; |
2180 |
++ } |
2181 |
++ |
2182 |
++ ret = clk_prepare_enable(data->clk_per); |
2183 |
++ if (ret) { |
2184 |
++ dev_err(dev, |
2185 |
++ "Failed to prepare/enable per clk, err=%d\n", |
2186 |
++ ret); |
2187 |
++ clk_disable_unprepare(data->clk_ahb); |
2188 |
++ clk_disable_unprepare(data->clk_ipg); |
2189 |
++ return ret; |
2190 |
++ } |
2191 |
++ } else { |
2192 |
++ ret = clk_prepare_enable(data->clk); |
2193 |
++ if (ret) { |
2194 |
++ dev_err(dev, |
2195 |
++ "Failed to prepare/enable clk, err=%d\n", |
2196 |
++ ret); |
2197 |
++ return ret; |
2198 |
++ } |
2199 |
++ } |
2200 |
++ |
2201 |
++ return ret; |
2202 |
++} |
2203 |
++ |
2204 |
++static void imx_disable_unprepare_clks(struct device *dev) |
2205 |
++{ |
2206 |
++ struct ci_hdrc_imx_data *data = dev_get_drvdata(dev); |
2207 |
++ |
2208 |
++ if (data->need_three_clks) { |
2209 |
++ clk_disable_unprepare(data->clk_per); |
2210 |
++ clk_disable_unprepare(data->clk_ahb); |
2211 |
++ clk_disable_unprepare(data->clk_ipg); |
2212 |
++ } else { |
2213 |
++ clk_disable_unprepare(data->clk); |
2214 |
++ } |
2215 |
++} |
2216 |
+ |
2217 |
+ static int ci_hdrc_imx_probe(struct platform_device *pdev) |
2218 |
+ { |
2219 |
+@@ -137,23 +239,18 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) |
2220 |
+ if (!data) |
2221 |
+ return -ENOMEM; |
2222 |
+ |
2223 |
++ platform_set_drvdata(pdev, data); |
2224 |
+ data->usbmisc_data = usbmisc_get_init_data(&pdev->dev); |
2225 |
+ if (IS_ERR(data->usbmisc_data)) |
2226 |
+ return PTR_ERR(data->usbmisc_data); |
2227 |
+ |
2228 |
+- data->clk = devm_clk_get(&pdev->dev, NULL); |
2229 |
+- if (IS_ERR(data->clk)) { |
2230 |
+- dev_err(&pdev->dev, |
2231 |
+- "Failed to get clock, err=%ld\n", PTR_ERR(data->clk)); |
2232 |
+- return PTR_ERR(data->clk); |
2233 |
+- } |
2234 |
++ ret = imx_get_clks(&pdev->dev); |
2235 |
++ if (ret) |
2236 |
++ return ret; |
2237 |
+ |
2238 |
+- ret = clk_prepare_enable(data->clk); |
2239 |
+- if (ret) { |
2240 |
+- dev_err(&pdev->dev, |
2241 |
+- "Failed to prepare or enable clock, err=%d\n", ret); |
2242 |
++ ret = imx_prepare_enable_clks(&pdev->dev); |
2243 |
++ if (ret) |
2244 |
+ return ret; |
2245 |
+- } |
2246 |
+ |
2247 |
+ data->phy = devm_usb_get_phy_by_phandle(&pdev->dev, "fsl,usbphy", 0); |
2248 |
+ if (IS_ERR(data->phy)) { |
2249 |
+@@ -196,8 +293,6 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) |
2250 |
+ goto disable_device; |
2251 |
+ } |
2252 |
+ |
2253 |
+- platform_set_drvdata(pdev, data); |
2254 |
+- |
2255 |
+ if (data->supports_runtime_pm) { |
2256 |
+ pm_runtime_set_active(&pdev->dev); |
2257 |
+ pm_runtime_enable(&pdev->dev); |
2258 |
+@@ -210,7 +305,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) |
2259 |
+ disable_device: |
2260 |
+ ci_hdrc_remove_device(data->ci_pdev); |
2261 |
+ err_clk: |
2262 |
+- clk_disable_unprepare(data->clk); |
2263 |
++ imx_disable_unprepare_clks(&pdev->dev); |
2264 |
+ return ret; |
2265 |
+ } |
2266 |
+ |
2267 |
+@@ -224,7 +319,7 @@ static int ci_hdrc_imx_remove(struct platform_device *pdev) |
2268 |
+ pm_runtime_put_noidle(&pdev->dev); |
2269 |
+ } |
2270 |
+ ci_hdrc_remove_device(data->ci_pdev); |
2271 |
+- clk_disable_unprepare(data->clk); |
2272 |
++ imx_disable_unprepare_clks(&pdev->dev); |
2273 |
+ |
2274 |
+ return 0; |
2275 |
+ } |
2276 |
+@@ -236,7 +331,7 @@ static int imx_controller_suspend(struct device *dev) |
2277 |
+ |
2278 |
+ dev_dbg(dev, "at %s\n", __func__); |
2279 |
+ |
2280 |
+- clk_disable_unprepare(data->clk); |
2281 |
++ imx_disable_unprepare_clks(dev); |
2282 |
+ data->in_lpm = true; |
2283 |
+ |
2284 |
+ return 0; |
2285 |
+@@ -254,7 +349,7 @@ static int imx_controller_resume(struct device *dev) |
2286 |
+ return 0; |
2287 |
+ } |
2288 |
+ |
2289 |
+- ret = clk_prepare_enable(data->clk); |
2290 |
++ ret = imx_prepare_enable_clks(dev); |
2291 |
+ if (ret) |
2292 |
+ return ret; |
2293 |
+ |
2294 |
+@@ -269,7 +364,7 @@ static int imx_controller_resume(struct device *dev) |
2295 |
+ return 0; |
2296 |
+ |
2297 |
+ clk_disable: |
2298 |
+- clk_disable_unprepare(data->clk); |
2299 |
++ imx_disable_unprepare_clks(dev); |
2300 |
+ return ret; |
2301 |
+ } |
2302 |
+ |
2303 |
+diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c |
2304 |
+index 6e53c24..92937c1 100644 |
2305 |
+--- a/drivers/usb/chipidea/udc.c |
2306 |
++++ b/drivers/usb/chipidea/udc.c |
2307 |
+@@ -1730,6 +1730,22 @@ static int ci_udc_start(struct usb_gadget *gadget, |
2308 |
+ return retval; |
2309 |
+ } |
2310 |
+ |
2311 |
++static void ci_udc_stop_for_otg_fsm(struct ci_hdrc *ci) |
2312 |
++{ |
2313 |
++ if (!ci_otg_is_fsm_mode(ci)) |
2314 |
++ return; |
2315 |
++ |
2316 |
++ mutex_lock(&ci->fsm.lock); |
2317 |
++ if (ci->fsm.otg->state == OTG_STATE_A_PERIPHERAL) { |
2318 |
++ ci->fsm.a_bidl_adis_tmout = 1; |
2319 |
++ ci_hdrc_otg_fsm_start(ci); |
2320 |
++ } else if (ci->fsm.otg->state == OTG_STATE_B_PERIPHERAL) { |
2321 |
++ ci->fsm.protocol = PROTO_UNDEF; |
2322 |
++ ci->fsm.otg->state = OTG_STATE_UNDEFINED; |
2323 |
++ } |
2324 |
++ mutex_unlock(&ci->fsm.lock); |
2325 |
++} |
2326 |
++ |
2327 |
+ /** |
2328 |
+ * ci_udc_stop: unregister a gadget driver |
2329 |
+ */ |
2330 |
+@@ -1754,6 +1770,7 @@ static int ci_udc_stop(struct usb_gadget *gadget) |
2331 |
+ ci->driver = NULL; |
2332 |
+ spin_unlock_irqrestore(&ci->lock, flags); |
2333 |
+ |
2334 |
++ ci_udc_stop_for_otg_fsm(ci); |
2335 |
+ return 0; |
2336 |
+ } |
2337 |
+ |
2338 |
+diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c |
2339 |
+index f38e875..8218ba7 100644 |
2340 |
+--- a/drivers/usb/class/usblp.c |
2341 |
++++ b/drivers/usb/class/usblp.c |
2342 |
+@@ -873,11 +873,11 @@ static int usblp_wwait(struct usblp *usblp, int nonblock) |
2343 |
+ |
2344 |
+ add_wait_queue(&usblp->wwait, &waita); |
2345 |
+ for (;;) { |
2346 |
+- set_current_state(TASK_INTERRUPTIBLE); |
2347 |
+ if (mutex_lock_interruptible(&usblp->mut)) { |
2348 |
+ rc = -EINTR; |
2349 |
+ break; |
2350 |
+ } |
2351 |
++ set_current_state(TASK_INTERRUPTIBLE); |
2352 |
+ rc = usblp_wtest(usblp, nonblock); |
2353 |
+ mutex_unlock(&usblp->mut); |
2354 |
+ if (rc <= 0) |
2355 |
+diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c |
2356 |
+index ff5773c..c0566ec 100644 |
2357 |
+--- a/drivers/usb/dwc3/core.c |
2358 |
++++ b/drivers/usb/dwc3/core.c |
2359 |
+@@ -490,6 +490,9 @@ static int dwc3_phy_setup(struct dwc3 *dwc) |
2360 |
+ if (dwc->dis_u2_susphy_quirk) |
2361 |
+ reg &= ~DWC3_GUSB2PHYCFG_SUSPHY; |
2362 |
+ |
2363 |
++ if (dwc->dis_enblslpm_quirk) |
2364 |
++ reg &= ~DWC3_GUSB2PHYCFG_ENBLSLPM; |
2365 |
++ |
2366 |
+ dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); |
2367 |
+ |
2368 |
+ return 0; |
2369 |
+@@ -509,12 +512,18 @@ static int dwc3_core_init(struct dwc3 *dwc) |
2370 |
+ |
2371 |
+ reg = dwc3_readl(dwc->regs, DWC3_GSNPSID); |
2372 |
+ /* This should read as U3 followed by revision number */ |
2373 |
+- if ((reg & DWC3_GSNPSID_MASK) != 0x55330000) { |
2374 |
++ if ((reg & DWC3_GSNPSID_MASK) == 0x55330000) { |
2375 |
++ /* Detected DWC_usb3 IP */ |
2376 |
++ dwc->revision = reg; |
2377 |
++ } else if ((reg & DWC3_GSNPSID_MASK) == 0x33310000) { |
2378 |
++ /* Detected DWC_usb31 IP */ |
2379 |
++ dwc->revision = dwc3_readl(dwc->regs, DWC3_VER_NUMBER); |
2380 |
++ dwc->revision |= DWC3_REVISION_IS_DWC31; |
2381 |
++ } else { |
2382 |
+ dev_err(dwc->dev, "this is not a DesignWare USB3 DRD Core\n"); |
2383 |
+ ret = -ENODEV; |
2384 |
+ goto err0; |
2385 |
+ } |
2386 |
+- dwc->revision = reg; |
2387 |
+ |
2388 |
+ /* |
2389 |
+ * Write Linux Version Code to our GUID register so it's easy to figure |
2390 |
+@@ -881,6 +890,8 @@ static int dwc3_probe(struct platform_device *pdev) |
2391 |
+ "snps,dis_u3_susphy_quirk"); |
2392 |
+ dwc->dis_u2_susphy_quirk = of_property_read_bool(node, |
2393 |
+ "snps,dis_u2_susphy_quirk"); |
2394 |
++ dwc->dis_enblslpm_quirk = device_property_read_bool(dev, |
2395 |
++ "snps,dis_enblslpm_quirk"); |
2396 |
+ |
2397 |
+ dwc->tx_de_emphasis_quirk = of_property_read_bool(node, |
2398 |
+ "snps,tx_de_emphasis_quirk"); |
2399 |
+@@ -911,6 +922,7 @@ static int dwc3_probe(struct platform_device *pdev) |
2400 |
+ dwc->rx_detect_poll_quirk = pdata->rx_detect_poll_quirk; |
2401 |
+ dwc->dis_u3_susphy_quirk = pdata->dis_u3_susphy_quirk; |
2402 |
+ dwc->dis_u2_susphy_quirk = pdata->dis_u2_susphy_quirk; |
2403 |
++ dwc->dis_enblslpm_quirk = pdata->dis_enblslpm_quirk; |
2404 |
+ |
2405 |
+ dwc->tx_de_emphasis_quirk = pdata->tx_de_emphasis_quirk; |
2406 |
+ if (pdata->tx_de_emphasis) |
2407 |
+diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h |
2408 |
+index 0447788..6e53ce9 100644 |
2409 |
+--- a/drivers/usb/dwc3/core.h |
2410 |
++++ b/drivers/usb/dwc3/core.h |
2411 |
+@@ -108,6 +108,9 @@ |
2412 |
+ #define DWC3_GPRTBIMAP_FS0 0xc188 |
2413 |
+ #define DWC3_GPRTBIMAP_FS1 0xc18c |
2414 |
+ |
2415 |
++#define DWC3_VER_NUMBER 0xc1a0 |
2416 |
++#define DWC3_VER_TYPE 0xc1a4 |
2417 |
++ |
2418 |
+ #define DWC3_GUSB2PHYCFG(n) (0xc200 + (n * 0x04)) |
2419 |
+ #define DWC3_GUSB2I2CCTL(n) (0xc240 + (n * 0x04)) |
2420 |
+ |
2421 |
+@@ -175,6 +178,7 @@ |
2422 |
+ #define DWC3_GUSB2PHYCFG_PHYSOFTRST (1 << 31) |
2423 |
+ #define DWC3_GUSB2PHYCFG_SUSPHY (1 << 6) |
2424 |
+ #define DWC3_GUSB2PHYCFG_ULPI_UTMI (1 << 4) |
2425 |
++#define DWC3_GUSB2PHYCFG_ENBLSLPM (1 << 8) |
2426 |
+ |
2427 |
+ /* Global USB2 PHY Vendor Control Register */ |
2428 |
+ #define DWC3_GUSB2PHYACC_NEWREGREQ (1 << 25) |
2429 |
+@@ -712,6 +716,8 @@ struct dwc3_scratchpad_array { |
2430 |
+ * @rx_detect_poll_quirk: set if we enable rx_detect to polling lfps quirk |
2431 |
+ * @dis_u3_susphy_quirk: set if we disable usb3 suspend phy |
2432 |
+ * @dis_u2_susphy_quirk: set if we disable usb2 suspend phy |
2433 |
++ * @dis_enblslpm_quirk: set if we clear enblslpm in GUSB2PHYCFG, |
2434 |
++ * disabling the suspend signal to the PHY. |
2435 |
+ * @tx_de_emphasis_quirk: set if we enable Tx de-emphasis quirk |
2436 |
+ * @tx_de_emphasis: Tx de-emphasis value |
2437 |
+ * 0 - -6dB de-emphasis |
2438 |
+@@ -766,6 +772,14 @@ struct dwc3 { |
2439 |
+ u32 num_event_buffers; |
2440 |
+ u32 u1u2; |
2441 |
+ u32 maximum_speed; |
2442 |
++ |
2443 |
++ /* |
2444 |
++ * All 3.1 IP version constants are greater than the 3.0 IP |
2445 |
++ * version constants. This works for most version checks in |
2446 |
++ * dwc3. However, in the future, this may not apply as |
2447 |
++ * features may be developed on newer versions of the 3.0 IP |
2448 |
++ * that are not in the 3.1 IP. |
2449 |
++ */ |
2450 |
+ u32 revision; |
2451 |
+ |
2452 |
+ #define DWC3_REVISION_173A 0x5533173a |
2453 |
+@@ -788,6 +802,13 @@ struct dwc3 { |
2454 |
+ #define DWC3_REVISION_270A 0x5533270a |
2455 |
+ #define DWC3_REVISION_280A 0x5533280a |
2456 |
+ |
2457 |
++/* |
2458 |
++ * NOTICE: we're using bit 31 as a "is usb 3.1" flag. This is really |
2459 |
++ * just so dwc31 revisions are always larger than dwc3. |
2460 |
++ */ |
2461 |
++#define DWC3_REVISION_IS_DWC31 0x80000000 |
2462 |
++#define DWC3_USB31_REVISION_110A (0x3131302a | DWC3_REVISION_IS_USB31) |
2463 |
++ |
2464 |
+ enum dwc3_ep0_next ep0_next_event; |
2465 |
+ enum dwc3_ep0_state ep0state; |
2466 |
+ enum dwc3_link_state link_state; |
2467 |
+@@ -841,6 +862,7 @@ struct dwc3 { |
2468 |
+ unsigned rx_detect_poll_quirk:1; |
2469 |
+ unsigned dis_u3_susphy_quirk:1; |
2470 |
+ unsigned dis_u2_susphy_quirk:1; |
2471 |
++ unsigned dis_enblslpm_quirk:1; |
2472 |
+ |
2473 |
+ unsigned tx_de_emphasis_quirk:1; |
2474 |
+ unsigned tx_de_emphasis:2; |
2475 |
+diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c |
2476 |
+index 27e4fc8..04b87eb 100644 |
2477 |
+--- a/drivers/usb/dwc3/dwc3-pci.c |
2478 |
++++ b/drivers/usb/dwc3/dwc3-pci.c |
2479 |
+@@ -27,6 +27,8 @@ |
2480 |
+ #include "platform_data.h" |
2481 |
+ |
2482 |
+ #define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 0xabcd |
2483 |
++#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI 0xabce |
2484 |
++#define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31 0xabcf |
2485 |
+ #define PCI_DEVICE_ID_INTEL_BYT 0x0f37 |
2486 |
+ #define PCI_DEVICE_ID_INTEL_MRFLD 0x119e |
2487 |
+ #define PCI_DEVICE_ID_INTEL_BSW 0x22B7 |
2488 |
+@@ -100,6 +102,22 @@ static int dwc3_pci_quirks(struct pci_dev *pdev) |
2489 |
+ } |
2490 |
+ } |
2491 |
+ |
2492 |
++ if (pdev->vendor == PCI_VENDOR_ID_SYNOPSYS && |
2493 |
++ (pdev->device == PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 || |
2494 |
++ pdev->device == PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI || |
2495 |
++ pdev->device == PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31)) { |
2496 |
++ |
2497 |
++ struct dwc3_platform_data pdata; |
2498 |
++ |
2499 |
++ memset(&pdata, 0, sizeof(pdata)); |
2500 |
++ pdata.usb3_lpm_capable = true; |
2501 |
++ pdata.has_lpm_erratum = true; |
2502 |
++ pdata.dis_enblslpm_quirk = true; |
2503 |
++ |
2504 |
++ return platform_device_add_data(pci_get_drvdata(pdev), &pdata, |
2505 |
++ sizeof(pdata)); |
2506 |
++ } |
2507 |
++ |
2508 |
+ return 0; |
2509 |
+ } |
2510 |
+ |
2511 |
+@@ -172,6 +190,14 @@ static const struct pci_device_id dwc3_pci_id_table[] = { |
2512 |
+ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, |
2513 |
+ PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3), |
2514 |
+ }, |
2515 |
++ { |
2516 |
++ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, |
2517 |
++ PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3_AXI), |
2518 |
++ }, |
2519 |
++ { |
2520 |
++ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, |
2521 |
++ PCI_DEVICE_ID_SYNOPSYS_HAPSUSB31), |
2522 |
++ }, |
2523 |
+ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BSW), }, |
2524 |
+ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BYT), }, |
2525 |
+ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_MRFLD), }, |
2526 |
+diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c |
2527 |
+index 333a7c0..6fbf461 100644 |
2528 |
+--- a/drivers/usb/dwc3/gadget.c |
2529 |
++++ b/drivers/usb/dwc3/gadget.c |
2530 |
+@@ -1859,27 +1859,32 @@ static int dwc3_cleanup_done_reqs(struct dwc3 *dwc, struct dwc3_ep *dep, |
2531 |
+ unsigned int i; |
2532 |
+ int ret; |
2533 |
+ |
2534 |
+- req = next_request(&dep->req_queued); |
2535 |
+- if (!req) { |
2536 |
+- WARN_ON_ONCE(1); |
2537 |
+- return 1; |
2538 |
+- } |
2539 |
+- i = 0; |
2540 |
+ do { |
2541 |
+- slot = req->start_slot + i; |
2542 |
+- if ((slot == DWC3_TRB_NUM - 1) && |
2543 |
++ req = next_request(&dep->req_queued); |
2544 |
++ if (!req) { |
2545 |
++ WARN_ON_ONCE(1); |
2546 |
++ return 1; |
2547 |
++ } |
2548 |
++ i = 0; |
2549 |
++ do { |
2550 |
++ slot = req->start_slot + i; |
2551 |
++ if ((slot == DWC3_TRB_NUM - 1) && |
2552 |
+ usb_endpoint_xfer_isoc(dep->endpoint.desc)) |
2553 |
+- slot++; |
2554 |
+- slot %= DWC3_TRB_NUM; |
2555 |
+- trb = &dep->trb_pool[slot]; |
2556 |
++ slot++; |
2557 |
++ slot %= DWC3_TRB_NUM; |
2558 |
++ trb = &dep->trb_pool[slot]; |
2559 |
++ |
2560 |
++ ret = __dwc3_cleanup_done_trbs(dwc, dep, req, trb, |
2561 |
++ event, status); |
2562 |
++ if (ret) |
2563 |
++ break; |
2564 |
++ } while (++i < req->request.num_mapped_sgs); |
2565 |
++ |
2566 |
++ dwc3_gadget_giveback(dep, req, status); |
2567 |
+ |
2568 |
+- ret = __dwc3_cleanup_done_trbs(dwc, dep, req, trb, |
2569 |
+- event, status); |
2570 |
+ if (ret) |
2571 |
+ break; |
2572 |
+- } while (++i < req->request.num_mapped_sgs); |
2573 |
+- |
2574 |
+- dwc3_gadget_giveback(dep, req, status); |
2575 |
++ } while (1); |
2576 |
+ |
2577 |
+ if (usb_endpoint_xfer_isoc(dep->endpoint.desc) && |
2578 |
+ list_empty(&dep->req_queued)) { |
2579 |
+@@ -2709,12 +2714,34 @@ int dwc3_gadget_init(struct dwc3 *dwc) |
2580 |
+ } |
2581 |
+ |
2582 |
+ dwc->gadget.ops = &dwc3_gadget_ops; |
2583 |
+- dwc->gadget.max_speed = USB_SPEED_SUPER; |
2584 |
+ dwc->gadget.speed = USB_SPEED_UNKNOWN; |
2585 |
+ dwc->gadget.sg_supported = true; |
2586 |
+ dwc->gadget.name = "dwc3-gadget"; |
2587 |
+ |
2588 |
+ /* |
2589 |
++ * FIXME We might be setting max_speed to <SUPER, however versions |
2590 |
++ * <2.20a of dwc3 have an issue with metastability (documented |
2591 |
++ * elsewhere in this driver) which tells us we can't set max speed to |
2592 |
++ * anything lower than SUPER. |
2593 |
++ * |
2594 |
++ * Because gadget.max_speed is only used by composite.c and function |
2595 |
++ * drivers (i.e. it won't go into dwc3's registers) we are allowing this |
2596 |
++ * to happen so we avoid sending SuperSpeed Capability descriptor |
2597 |
++ * together with our BOS descriptor as that could confuse host into |
2598 |
++ * thinking we can handle super speed. |
2599 |
++ * |
2600 |
++ * Note that, in fact, we won't even support GetBOS requests when speed |
2601 |
++ * is less than super speed because we don't have means, yet, to tell |
2602 |
++ * composite.c that we are USB 2.0 + LPM ECN. |
2603 |
++ */ |
2604 |
++ if (dwc->revision < DWC3_REVISION_220A) |
2605 |
++ dwc3_trace(trace_dwc3_gadget, |
2606 |
++ "Changing max_speed on rev %08x\n", |
2607 |
++ dwc->revision); |
2608 |
++ |
2609 |
++ dwc->gadget.max_speed = dwc->maximum_speed; |
2610 |
++ |
2611 |
++ /* |
2612 |
+ * Per databook, DWC3 needs buffer size to be aligned to MaxPacketSize |
2613 |
+ * on ep out. |
2614 |
+ */ |
2615 |
+diff --git a/drivers/usb/dwc3/platform_data.h b/drivers/usb/dwc3/platform_data.h |
2616 |
+index d3614ec..db29380 100644 |
2617 |
+--- a/drivers/usb/dwc3/platform_data.h |
2618 |
++++ b/drivers/usb/dwc3/platform_data.h |
2619 |
+@@ -42,6 +42,7 @@ struct dwc3_platform_data { |
2620 |
+ unsigned rx_detect_poll_quirk:1; |
2621 |
+ unsigned dis_u3_susphy_quirk:1; |
2622 |
+ unsigned dis_u2_susphy_quirk:1; |
2623 |
++ unsigned dis_enblslpm_quirk:1; |
2624 |
+ |
2625 |
+ unsigned tx_de_emphasis_quirk:1; |
2626 |
+ unsigned tx_de_emphasis:2; |
2627 |
+diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c |
2628 |
+index 4095cce0..35fff45 100644 |
2629 |
+--- a/drivers/usb/gadget/udc/atmel_usba_udc.c |
2630 |
++++ b/drivers/usb/gadget/udc/atmel_usba_udc.c |
2631 |
+@@ -1634,7 +1634,7 @@ static irqreturn_t usba_udc_irq(int irq, void *devid) |
2632 |
+ spin_lock(&udc->lock); |
2633 |
+ |
2634 |
+ int_enb = usba_int_enb_get(udc); |
2635 |
+- status = usba_readl(udc, INT_STA) & int_enb; |
2636 |
++ status = usba_readl(udc, INT_STA) & (int_enb | USBA_HIGH_SPEED); |
2637 |
+ DBG(DBG_INT, "irq, status=%#08x\n", status); |
2638 |
+ |
2639 |
+ if (status & USBA_DET_SUSPEND) { |
2640 |
+diff --git a/drivers/usb/gadget/udc/net2280.c b/drivers/usb/gadget/udc/net2280.c |
2641 |
+index 2bee912..baa0191 100644 |
2642 |
+--- a/drivers/usb/gadget/udc/net2280.c |
2643 |
++++ b/drivers/usb/gadget/udc/net2280.c |
2644 |
+@@ -1846,7 +1846,7 @@ static void defect7374_disable_data_eps(struct net2280 *dev) |
2645 |
+ |
2646 |
+ for (i = 1; i < 5; i++) { |
2647 |
+ ep = &dev->ep[i]; |
2648 |
+- writel(0, &ep->cfg->ep_cfg); |
2649 |
++ writel(i, &ep->cfg->ep_cfg); |
2650 |
+ } |
2651 |
+ |
2652 |
+ /* CSROUT, CSRIN, PCIOUT, PCIIN, STATIN, RCIN */ |
2653 |
+diff --git a/drivers/usb/host/ehci-orion.c b/drivers/usb/host/ehci-orion.c |
2654 |
+index bfcbb9a..ee8d5fa 100644 |
2655 |
+--- a/drivers/usb/host/ehci-orion.c |
2656 |
++++ b/drivers/usb/host/ehci-orion.c |
2657 |
+@@ -224,7 +224,8 @@ static int ehci_orion_drv_probe(struct platform_device *pdev) |
2658 |
+ priv->phy = devm_phy_optional_get(&pdev->dev, "usb"); |
2659 |
+ if (IS_ERR(priv->phy)) { |
2660 |
+ err = PTR_ERR(priv->phy); |
2661 |
+- goto err_phy_get; |
2662 |
++ if (err != -ENOSYS) |
2663 |
++ goto err_phy_get; |
2664 |
+ } else { |
2665 |
+ err = phy_init(priv->phy); |
2666 |
+ if (err) |
2667 |
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c |
2668 |
+index d7b9f484..6062996 100644 |
2669 |
+--- a/drivers/usb/host/xhci.c |
2670 |
++++ b/drivers/usb/host/xhci.c |
2671 |
+@@ -175,6 +175,16 @@ int xhci_reset(struct xhci_hcd *xhci) |
2672 |
+ command |= CMD_RESET; |
2673 |
+ writel(command, &xhci->op_regs->command); |
2674 |
+ |
2675 |
++ /* Existing Intel xHCI controllers require a delay of 1 mS, |
2676 |
++ * after setting the CMD_RESET bit, and before accessing any |
2677 |
++ * HC registers. This allows the HC to complete the |
2678 |
++ * reset operation and be ready for HC register access. |
2679 |
++ * Without this delay, the subsequent HC register access, |
2680 |
++ * may result in a system hang very rarely. |
2681 |
++ */ |
2682 |
++ if (xhci->quirks & XHCI_INTEL_HOST) |
2683 |
++ udelay(1000); |
2684 |
++ |
2685 |
+ ret = xhci_handshake(&xhci->op_regs->command, |
2686 |
+ CMD_RESET, 0, 10 * 1000 * 1000); |
2687 |
+ if (ret) |
2688 |
+diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c |
2689 |
+index 514a6cd..2fe6d26 100644 |
2690 |
+--- a/drivers/usb/musb/musb_core.c |
2691 |
++++ b/drivers/usb/musb/musb_core.c |
2692 |
+@@ -132,7 +132,7 @@ static inline struct musb *dev_to_musb(struct device *dev) |
2693 |
+ /*-------------------------------------------------------------------------*/ |
2694 |
+ |
2695 |
+ #ifndef CONFIG_BLACKFIN |
2696 |
+-static int musb_ulpi_read(struct usb_phy *phy, u32 offset) |
2697 |
++static int musb_ulpi_read(struct usb_phy *phy, u32 reg) |
2698 |
+ { |
2699 |
+ void __iomem *addr = phy->io_priv; |
2700 |
+ int i = 0; |
2701 |
+@@ -151,7 +151,7 @@ static int musb_ulpi_read(struct usb_phy *phy, u32 offset) |
2702 |
+ * ULPICarKitControlDisableUTMI after clearing POWER_SUSPENDM. |
2703 |
+ */ |
2704 |
+ |
2705 |
+- musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)offset); |
2706 |
++ musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)reg); |
2707 |
+ musb_writeb(addr, MUSB_ULPI_REG_CONTROL, |
2708 |
+ MUSB_ULPI_REG_REQ | MUSB_ULPI_RDN_WR); |
2709 |
+ |
2710 |
+@@ -176,7 +176,7 @@ out: |
2711 |
+ return ret; |
2712 |
+ } |
2713 |
+ |
2714 |
+-static int musb_ulpi_write(struct usb_phy *phy, u32 offset, u32 data) |
2715 |
++static int musb_ulpi_write(struct usb_phy *phy, u32 val, u32 reg) |
2716 |
+ { |
2717 |
+ void __iomem *addr = phy->io_priv; |
2718 |
+ int i = 0; |
2719 |
+@@ -191,8 +191,8 @@ static int musb_ulpi_write(struct usb_phy *phy, u32 offset, u32 data) |
2720 |
+ power &= ~MUSB_POWER_SUSPENDM; |
2721 |
+ musb_writeb(addr, MUSB_POWER, power); |
2722 |
+ |
2723 |
+- musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)offset); |
2724 |
+- musb_writeb(addr, MUSB_ULPI_REG_DATA, (u8)data); |
2725 |
++ musb_writeb(addr, MUSB_ULPI_REG_ADDR, (u8)reg); |
2726 |
++ musb_writeb(addr, MUSB_ULPI_REG_DATA, (u8)val); |
2727 |
+ musb_writeb(addr, MUSB_ULPI_REG_CONTROL, MUSB_ULPI_REG_REQ); |
2728 |
+ |
2729 |
+ while (!(musb_readb(addr, MUSB_ULPI_REG_CONTROL) |
2730 |
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
2731 |
+index 7c8eb4c..4021846 100644 |
2732 |
+--- a/drivers/usb/serial/option.c |
2733 |
++++ b/drivers/usb/serial/option.c |
2734 |
+@@ -162,6 +162,7 @@ static void option_instat_callback(struct urb *urb); |
2735 |
+ #define NOVATELWIRELESS_PRODUCT_HSPA_EMBEDDED_HIGHSPEED 0x9001 |
2736 |
+ #define NOVATELWIRELESS_PRODUCT_E362 0x9010 |
2737 |
+ #define NOVATELWIRELESS_PRODUCT_E371 0x9011 |
2738 |
++#define NOVATELWIRELESS_PRODUCT_U620L 0x9022 |
2739 |
+ #define NOVATELWIRELESS_PRODUCT_G2 0xA010 |
2740 |
+ #define NOVATELWIRELESS_PRODUCT_MC551 0xB001 |
2741 |
+ |
2742 |
+@@ -357,6 +358,7 @@ static void option_instat_callback(struct urb *urb); |
2743 |
+ /* This is the 4G XS Stick W14 a.k.a. Mobilcom Debitel Surf-Stick * |
2744 |
+ * It seems to contain a Qualcomm QSC6240/6290 chipset */ |
2745 |
+ #define FOUR_G_SYSTEMS_PRODUCT_W14 0x9603 |
2746 |
++#define FOUR_G_SYSTEMS_PRODUCT_W100 0x9b01 |
2747 |
+ |
2748 |
+ /* iBall 3.5G connect wireless modem */ |
2749 |
+ #define IBALL_3_5G_CONNECT 0x9605 |
2750 |
+@@ -522,6 +524,11 @@ static const struct option_blacklist_info four_g_w14_blacklist = { |
2751 |
+ .sendsetup = BIT(0) | BIT(1), |
2752 |
+ }; |
2753 |
+ |
2754 |
++static const struct option_blacklist_info four_g_w100_blacklist = { |
2755 |
++ .sendsetup = BIT(1) | BIT(2), |
2756 |
++ .reserved = BIT(3), |
2757 |
++}; |
2758 |
++ |
2759 |
+ static const struct option_blacklist_info alcatel_x200_blacklist = { |
2760 |
+ .sendsetup = BIT(0) | BIT(1), |
2761 |
+ .reserved = BIT(4), |
2762 |
+@@ -1060,6 +1067,7 @@ static const struct usb_device_id option_ids[] = { |
2763 |
+ { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_MC551, 0xff, 0xff, 0xff) }, |
2764 |
+ { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_E362, 0xff, 0xff, 0xff) }, |
2765 |
+ { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_E371, 0xff, 0xff, 0xff) }, |
2766 |
++ { USB_DEVICE_AND_INTERFACE_INFO(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_U620L, 0xff, 0x00, 0x00) }, |
2767 |
+ |
2768 |
+ { USB_DEVICE(AMOI_VENDOR_ID, AMOI_PRODUCT_H01) }, |
2769 |
+ { USB_DEVICE(AMOI_VENDOR_ID, AMOI_PRODUCT_H01A) }, |
2770 |
+@@ -1653,6 +1661,9 @@ static const struct usb_device_id option_ids[] = { |
2771 |
+ { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W14), |
2772 |
+ .driver_info = (kernel_ulong_t)&four_g_w14_blacklist |
2773 |
+ }, |
2774 |
++ { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W100), |
2775 |
++ .driver_info = (kernel_ulong_t)&four_g_w100_blacklist |
2776 |
++ }, |
2777 |
+ { USB_DEVICE_INTERFACE_CLASS(LONGCHEER_VENDOR_ID, SPEEDUP_PRODUCT_SU9800, 0xff) }, |
2778 |
+ { USB_DEVICE(LONGCHEER_VENDOR_ID, ZOOM_PRODUCT_4597) }, |
2779 |
+ { USB_DEVICE(LONGCHEER_VENDOR_ID, IBALL_3_5G_CONNECT) }, |
2780 |
+diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c |
2781 |
+index f49d262..514fa91 100644 |
2782 |
+--- a/drivers/usb/serial/qcserial.c |
2783 |
++++ b/drivers/usb/serial/qcserial.c |
2784 |
+@@ -22,6 +22,8 @@ |
2785 |
+ #define DRIVER_AUTHOR "Qualcomm Inc" |
2786 |
+ #define DRIVER_DESC "Qualcomm USB Serial driver" |
2787 |
+ |
2788 |
++#define QUECTEL_EC20_PID 0x9215 |
2789 |
++ |
2790 |
+ /* standard device layouts supported by this driver */ |
2791 |
+ enum qcserial_layouts { |
2792 |
+ QCSERIAL_G2K = 0, /* Gobi 2000 */ |
2793 |
+@@ -169,6 +171,38 @@ static const struct usb_device_id id_table[] = { |
2794 |
+ }; |
2795 |
+ MODULE_DEVICE_TABLE(usb, id_table); |
2796 |
+ |
2797 |
++static int handle_quectel_ec20(struct device *dev, int ifnum) |
2798 |
++{ |
2799 |
++ int altsetting = 0; |
2800 |
++ |
2801 |
++ /* |
2802 |
++ * Quectel EC20 Mini PCIe LTE module layout: |
2803 |
++ * 0: DM/DIAG (use libqcdm from ModemManager for communication) |
2804 |
++ * 1: NMEA |
2805 |
++ * 2: AT-capable modem port |
2806 |
++ * 3: Modem interface |
2807 |
++ * 4: NDIS |
2808 |
++ */ |
2809 |
++ switch (ifnum) { |
2810 |
++ case 0: |
2811 |
++ dev_dbg(dev, "Quectel EC20 DM/DIAG interface found\n"); |
2812 |
++ break; |
2813 |
++ case 1: |
2814 |
++ dev_dbg(dev, "Quectel EC20 NMEA GPS interface found\n"); |
2815 |
++ break; |
2816 |
++ case 2: |
2817 |
++ case 3: |
2818 |
++ dev_dbg(dev, "Quectel EC20 Modem port found\n"); |
2819 |
++ break; |
2820 |
++ case 4: |
2821 |
++ /* Don't claim the QMI/net interface */ |
2822 |
++ altsetting = -1; |
2823 |
++ break; |
2824 |
++ } |
2825 |
++ |
2826 |
++ return altsetting; |
2827 |
++} |
2828 |
++ |
2829 |
+ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id) |
2830 |
+ { |
2831 |
+ struct usb_host_interface *intf = serial->interface->cur_altsetting; |
2832 |
+@@ -178,6 +212,10 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id) |
2833 |
+ __u8 ifnum; |
2834 |
+ int altsetting = -1; |
2835 |
+ |
2836 |
++ /* we only support vendor specific functions */ |
2837 |
++ if (intf->desc.bInterfaceClass != USB_CLASS_VENDOR_SPEC) |
2838 |
++ goto done; |
2839 |
++ |
2840 |
+ nintf = serial->dev->actconfig->desc.bNumInterfaces; |
2841 |
+ dev_dbg(dev, "Num Interfaces = %d\n", nintf); |
2842 |
+ ifnum = intf->desc.bInterfaceNumber; |
2843 |
+@@ -237,6 +275,12 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id) |
2844 |
+ altsetting = -1; |
2845 |
+ break; |
2846 |
+ case QCSERIAL_G2K: |
2847 |
++ /* handle non-standard layouts */ |
2848 |
++ if (nintf == 5 && id->idProduct == QUECTEL_EC20_PID) { |
2849 |
++ altsetting = handle_quectel_ec20(dev, ifnum); |
2850 |
++ goto done; |
2851 |
++ } |
2852 |
++ |
2853 |
+ /* |
2854 |
+ * Gobi 2K+ USB layout: |
2855 |
+ * 0: QMI/net |
2856 |
+@@ -297,29 +341,39 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id) |
2857 |
+ break; |
2858 |
+ case QCSERIAL_HWI: |
2859 |
+ /* |
2860 |
+- * Huawei layout: |
2861 |
+- * 0: AT-capable modem port |
2862 |
+- * 1: DM/DIAG |
2863 |
+- * 2: AT-capable modem port |
2864 |
+- * 3: CCID-compatible PCSC interface |
2865 |
+- * 4: QMI/net |
2866 |
+- * 5: NMEA |
2867 |
++ * Huawei devices map functions by subclass + protocol |
2868 |
++ * instead of interface numbers. The protocol identify |
2869 |
++ * a specific function, while the subclass indicate a |
2870 |
++ * specific firmware source |
2871 |
++ * |
2872 |
++ * This is a blacklist of functions known to be |
2873 |
++ * non-serial. The rest are assumed to be serial and |
2874 |
++ * will be handled by this driver |
2875 |
+ */ |
2876 |
+- switch (ifnum) { |
2877 |
+- case 0: |
2878 |
+- case 2: |
2879 |
+- dev_dbg(dev, "Modem port found\n"); |
2880 |
+- break; |
2881 |
+- case 1: |
2882 |
+- dev_dbg(dev, "DM/DIAG interface found\n"); |
2883 |
+- break; |
2884 |
+- case 5: |
2885 |
+- dev_dbg(dev, "NMEA GPS interface found\n"); |
2886 |
+- break; |
2887 |
+- default: |
2888 |
+- /* don't claim any unsupported interface */ |
2889 |
++ switch (intf->desc.bInterfaceProtocol) { |
2890 |
++ /* QMI combined (qmi_wwan) */ |
2891 |
++ case 0x07: |
2892 |
++ case 0x37: |
2893 |
++ case 0x67: |
2894 |
++ /* QMI data (qmi_wwan) */ |
2895 |
++ case 0x08: |
2896 |
++ case 0x38: |
2897 |
++ case 0x68: |
2898 |
++ /* QMI control (qmi_wwan) */ |
2899 |
++ case 0x09: |
2900 |
++ case 0x39: |
2901 |
++ case 0x69: |
2902 |
++ /* NCM like (huawei_cdc_ncm) */ |
2903 |
++ case 0x16: |
2904 |
++ case 0x46: |
2905 |
++ case 0x76: |
2906 |
+ altsetting = -1; |
2907 |
+ break; |
2908 |
++ default: |
2909 |
++ dev_dbg(dev, "Huawei type serial port found (%02x/%02x/%02x)\n", |
2910 |
++ intf->desc.bInterfaceClass, |
2911 |
++ intf->desc.bInterfaceSubClass, |
2912 |
++ intf->desc.bInterfaceProtocol); |
2913 |
+ } |
2914 |
+ break; |
2915 |
+ default: |
2916 |
+diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c |
2917 |
+index e9da41d..2694df2 100644 |
2918 |
+--- a/drivers/usb/serial/ti_usb_3410_5052.c |
2919 |
++++ b/drivers/usb/serial/ti_usb_3410_5052.c |
2920 |
+@@ -159,6 +159,7 @@ static const struct usb_device_id ti_id_table_3410[] = { |
2921 |
+ { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STEREO_PLUG_ID) }, |
2922 |
+ { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STRIP_PORT_ID) }, |
2923 |
+ { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) }, |
2924 |
++ { USB_DEVICE(HONEYWELL_VENDOR_ID, HONEYWELL_HGI80_PRODUCT_ID) }, |
2925 |
+ { } /* terminator */ |
2926 |
+ }; |
2927 |
+ |
2928 |
+@@ -191,6 +192,7 @@ static const struct usb_device_id ti_id_table_combined[] = { |
2929 |
+ { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_PRODUCT_ID) }, |
2930 |
+ { USB_DEVICE(ABBOTT_VENDOR_ID, ABBOTT_STRIP_PORT_ID) }, |
2931 |
+ { USB_DEVICE(TI_VENDOR_ID, FRI2_PRODUCT_ID) }, |
2932 |
++ { USB_DEVICE(HONEYWELL_VENDOR_ID, HONEYWELL_HGI80_PRODUCT_ID) }, |
2933 |
+ { } /* terminator */ |
2934 |
+ }; |
2935 |
+ |
2936 |
+diff --git a/drivers/usb/serial/ti_usb_3410_5052.h b/drivers/usb/serial/ti_usb_3410_5052.h |
2937 |
+index 4a2423e..98f35c6 100644 |
2938 |
+--- a/drivers/usb/serial/ti_usb_3410_5052.h |
2939 |
++++ b/drivers/usb/serial/ti_usb_3410_5052.h |
2940 |
+@@ -56,6 +56,10 @@ |
2941 |
+ #define ABBOTT_PRODUCT_ID ABBOTT_STEREO_PLUG_ID |
2942 |
+ #define ABBOTT_STRIP_PORT_ID 0x3420 |
2943 |
+ |
2944 |
++/* Honeywell vendor and product IDs */ |
2945 |
++#define HONEYWELL_VENDOR_ID 0x10ac |
2946 |
++#define HONEYWELL_HGI80_PRODUCT_ID 0x0102 /* Honeywell HGI80 */ |
2947 |
++ |
2948 |
+ /* Commands */ |
2949 |
+ #define TI_GET_VERSION 0x01 |
2950 |
+ #define TI_GET_PORT_STATUS 0x02 |
2951 |
+diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c |
2952 |
+index 96093ae..cdc3d33 100644 |
2953 |
+--- a/drivers/xen/events/events_base.c |
2954 |
++++ b/drivers/xen/events/events_base.c |
2955 |
+@@ -39,6 +39,7 @@ |
2956 |
+ #include <asm/irq.h> |
2957 |
+ #include <asm/idle.h> |
2958 |
+ #include <asm/io_apic.h> |
2959 |
++#include <asm/i8259.h> |
2960 |
+ #include <asm/xen/pci.h> |
2961 |
+ #include <xen/page.h> |
2962 |
+ #endif |
2963 |
+@@ -420,7 +421,7 @@ static int __must_check xen_allocate_irq_gsi(unsigned gsi) |
2964 |
+ return xen_allocate_irq_dynamic(); |
2965 |
+ |
2966 |
+ /* Legacy IRQ descriptors are already allocated by the arch. */ |
2967 |
+- if (gsi < NR_IRQS_LEGACY) |
2968 |
++ if (gsi < nr_legacy_irqs()) |
2969 |
+ irq = gsi; |
2970 |
+ else |
2971 |
+ irq = irq_alloc_desc_at(gsi, -1); |
2972 |
+@@ -446,7 +447,7 @@ static void xen_free_irq(unsigned irq) |
2973 |
+ kfree(info); |
2974 |
+ |
2975 |
+ /* Legacy IRQ descriptors are managed by the arch. */ |
2976 |
+- if (irq < NR_IRQS_LEGACY) |
2977 |
++ if (irq < nr_legacy_irqs()) |
2978 |
+ return; |
2979 |
+ |
2980 |
+ irq_free_desc(irq); |
2981 |
+diff --git a/fs/proc/array.c b/fs/proc/array.c |
2982 |
+index ce065cf..57fde2d 100644 |
2983 |
+--- a/fs/proc/array.c |
2984 |
++++ b/fs/proc/array.c |
2985 |
+@@ -372,7 +372,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, |
2986 |
+ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
2987 |
+ struct pid *pid, struct task_struct *task, int whole) |
2988 |
+ { |
2989 |
+- unsigned long vsize, eip, esp, wchan = ~0UL; |
2990 |
++ unsigned long vsize, eip, esp, wchan = 0; |
2991 |
+ int priority, nice; |
2992 |
+ int tty_pgrp = -1, tty_nr = 0; |
2993 |
+ sigset_t sigign, sigcatch; |
2994 |
+@@ -504,7 +504,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
2995 |
+ seq_put_decimal_ull(m, ' ', task->blocked.sig[0] & 0x7fffffffUL); |
2996 |
+ seq_put_decimal_ull(m, ' ', sigign.sig[0] & 0x7fffffffUL); |
2997 |
+ seq_put_decimal_ull(m, ' ', sigcatch.sig[0] & 0x7fffffffUL); |
2998 |
+- seq_put_decimal_ull(m, ' ', wchan); |
2999 |
++ |
3000 |
++ /* |
3001 |
++ * We used to output the absolute kernel address, but that's an |
3002 |
++ * information leak - so instead we show a 0/1 flag here, to signal |
3003 |
++ * to user-space whether there's a wchan field in /proc/PID/wchan. |
3004 |
++ * |
3005 |
++ * This works with older implementations of procps as well. |
3006 |
++ */ |
3007 |
++ if (wchan) |
3008 |
++ seq_puts(m, " 1"); |
3009 |
++ else |
3010 |
++ seq_puts(m, " 0"); |
3011 |
++ |
3012 |
+ seq_put_decimal_ull(m, ' ', 0); |
3013 |
+ seq_put_decimal_ull(m, ' ', 0); |
3014 |
+ seq_put_decimal_ll(m, ' ', task->exit_signal); |
3015 |
+diff --git a/fs/proc/base.c b/fs/proc/base.c |
3016 |
+index aa50d1a..83a43c1 100644 |
3017 |
+--- a/fs/proc/base.c |
3018 |
++++ b/fs/proc/base.c |
3019 |
+@@ -430,13 +430,10 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns, |
3020 |
+ |
3021 |
+ wchan = get_wchan(task); |
3022 |
+ |
3023 |
+- if (lookup_symbol_name(wchan, symname) < 0) { |
3024 |
+- if (!ptrace_may_access(task, PTRACE_MODE_READ)) |
3025 |
+- return 0; |
3026 |
+- seq_printf(m, "%lu", wchan); |
3027 |
+- } else { |
3028 |
++ if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname)) |
3029 |
+ seq_printf(m, "%s", symname); |
3030 |
+- } |
3031 |
++ else |
3032 |
++ seq_putc(m, '0'); |
3033 |
+ |
3034 |
+ return 0; |
3035 |
+ } |
3036 |
+diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h |
3037 |
+index 05e99b8..053f122 100644 |
3038 |
+--- a/include/linux/kvm_host.h |
3039 |
++++ b/include/linux/kvm_host.h |
3040 |
+@@ -436,6 +436,17 @@ static inline struct kvm_vcpu *kvm_get_vcpu(struct kvm *kvm, int i) |
3041 |
+ (vcpup = kvm_get_vcpu(kvm, idx)) != NULL; \ |
3042 |
+ idx++) |
3043 |
+ |
3044 |
++static inline struct kvm_vcpu *kvm_get_vcpu_by_id(struct kvm *kvm, int id) |
3045 |
++{ |
3046 |
++ struct kvm_vcpu *vcpu; |
3047 |
++ int i; |
3048 |
++ |
3049 |
++ kvm_for_each_vcpu(i, vcpu, kvm) |
3050 |
++ if (vcpu->vcpu_id == id) |
3051 |
++ return vcpu; |
3052 |
++ return NULL; |
3053 |
++} |
3054 |
++ |
3055 |
+ #define kvm_for_each_memslot(memslot, slots) \ |
3056 |
+ for (memslot = &slots->memslots[0]; \ |
3057 |
+ memslot < slots->memslots + KVM_MEM_SLOTS_NUM && memslot->npages;\ |
3058 |
+diff --git a/include/linux/tty.h b/include/linux/tty.h |
3059 |
+index ad6c891..342a760 100644 |
3060 |
+--- a/include/linux/tty.h |
3061 |
++++ b/include/linux/tty.h |
3062 |
+@@ -605,7 +605,7 @@ extern void n_tty_inherit_ops(struct tty_ldisc_ops *ops); |
3063 |
+ |
3064 |
+ /* tty_audit.c */ |
3065 |
+ #ifdef CONFIG_AUDIT |
3066 |
+-extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, |
3067 |
++extern void tty_audit_add_data(struct tty_struct *tty, const void *data, |
3068 |
+ size_t size, unsigned icanon); |
3069 |
+ extern void tty_audit_exit(void); |
3070 |
+ extern void tty_audit_fork(struct signal_struct *sig); |
3071 |
+@@ -613,8 +613,8 @@ extern void tty_audit_tiocsti(struct tty_struct *tty, char ch); |
3072 |
+ extern void tty_audit_push(struct tty_struct *tty); |
3073 |
+ extern int tty_audit_push_current(void); |
3074 |
+ #else |
3075 |
+-static inline void tty_audit_add_data(struct tty_struct *tty, |
3076 |
+- unsigned char *data, size_t size, unsigned icanon) |
3077 |
++static inline void tty_audit_add_data(struct tty_struct *tty, const void *data, |
3078 |
++ size_t size, unsigned icanon) |
3079 |
+ { |
3080 |
+ } |
3081 |
+ static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch) |
3082 |
+diff --git a/include/net/inet_common.h b/include/net/inet_common.h |
3083 |
+index 279f835..109e3ee 100644 |
3084 |
+--- a/include/net/inet_common.h |
3085 |
++++ b/include/net/inet_common.h |
3086 |
+@@ -41,7 +41,8 @@ int inet_recv_error(struct sock *sk, struct msghdr *msg, int len, |
3087 |
+ |
3088 |
+ static inline void inet_ctl_sock_destroy(struct sock *sk) |
3089 |
+ { |
3090 |
+- sock_release(sk->sk_socket); |
3091 |
++ if (sk) |
3092 |
++ sock_release(sk->sk_socket); |
3093 |
+ } |
3094 |
+ |
3095 |
+ #endif |
3096 |
+diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h |
3097 |
+index 5fa643b..ff6d78f 100644 |
3098 |
+--- a/include/net/ip_fib.h |
3099 |
++++ b/include/net/ip_fib.h |
3100 |
+@@ -306,7 +306,7 @@ void fib_flush_external(struct net *net); |
3101 |
+ |
3102 |
+ /* Exported by fib_semantics.c */ |
3103 |
+ int ip_fib_check_default(__be32 gw, struct net_device *dev); |
3104 |
+-int fib_sync_down_dev(struct net_device *dev, unsigned long event); |
3105 |
++int fib_sync_down_dev(struct net_device *dev, unsigned long event, bool force); |
3106 |
+ int fib_sync_down_addr(struct net *net, __be32 local); |
3107 |
+ int fib_sync_up(struct net_device *dev, unsigned int nh_flags); |
3108 |
+ void fib_select_multipath(struct fib_result *res); |
3109 |
+diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c |
3110 |
+index f1a117f..0bec458 100644 |
3111 |
+--- a/net/bluetooth/hidp/core.c |
3112 |
++++ b/net/bluetooth/hidp/core.c |
3113 |
+@@ -401,6 +401,20 @@ static void hidp_idle_timeout(unsigned long arg) |
3114 |
+ { |
3115 |
+ struct hidp_session *session = (struct hidp_session *) arg; |
3116 |
+ |
3117 |
++ /* The HIDP user-space API only contains calls to add and remove |
3118 |
++ * devices. There is no way to forward events of any kind. Therefore, |
3119 |
++ * we have to forcefully disconnect a device on idle-timeouts. This is |
3120 |
++ * unfortunate and weird API design, but it is spec-compliant and |
3121 |
++ * required for backwards-compatibility. Hence, on idle-timeout, we |
3122 |
++ * signal driver-detach events, so poll() will be woken up with an |
3123 |
++ * error-condition on both sockets. |
3124 |
++ */ |
3125 |
++ |
3126 |
++ session->intr_sock->sk->sk_err = EUNATCH; |
3127 |
++ session->ctrl_sock->sk->sk_err = EUNATCH; |
3128 |
++ wake_up_interruptible(sk_sleep(session->intr_sock->sk)); |
3129 |
++ wake_up_interruptible(sk_sleep(session->ctrl_sock->sk)); |
3130 |
++ |
3131 |
+ hidp_session_terminate(session); |
3132 |
+ } |
3133 |
+ |
3134 |
+diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c |
3135 |
+index 92720f3..e32a9e4 100644 |
3136 |
+--- a/net/bluetooth/mgmt.c |
3137 |
++++ b/net/bluetooth/mgmt.c |
3138 |
+@@ -3090,6 +3090,11 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, |
3139 |
+ } else { |
3140 |
+ u8 addr_type; |
3141 |
+ |
3142 |
++ if (cp->addr.type == BDADDR_LE_PUBLIC) |
3143 |
++ addr_type = ADDR_LE_DEV_PUBLIC; |
3144 |
++ else |
3145 |
++ addr_type = ADDR_LE_DEV_RANDOM; |
3146 |
++ |
3147 |
+ conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, |
3148 |
+ &cp->addr.bdaddr); |
3149 |
+ if (conn) { |
3150 |
+@@ -3105,13 +3110,10 @@ static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data, |
3151 |
+ */ |
3152 |
+ if (!cp->disconnect) |
3153 |
+ conn = NULL; |
3154 |
++ } else { |
3155 |
++ hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type); |
3156 |
+ } |
3157 |
+ |
3158 |
+- if (cp->addr.type == BDADDR_LE_PUBLIC) |
3159 |
+- addr_type = ADDR_LE_DEV_PUBLIC; |
3160 |
+- else |
3161 |
+- addr_type = ADDR_LE_DEV_RANDOM; |
3162 |
+- |
3163 |
+ hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type); |
3164 |
+ |
3165 |
+ err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type); |
3166 |
+diff --git a/net/core/dst.c b/net/core/dst.c |
3167 |
+index 002144be..cc4a086 100644 |
3168 |
+--- a/net/core/dst.c |
3169 |
++++ b/net/core/dst.c |
3170 |
+@@ -287,7 +287,7 @@ void dst_release(struct dst_entry *dst) |
3171 |
+ if (unlikely(newrefcnt < 0)) |
3172 |
+ net_warn_ratelimited("%s: dst:%p refcnt:%d\n", |
3173 |
+ __func__, dst, newrefcnt); |
3174 |
+- if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt) |
3175 |
++ if (!newrefcnt && unlikely(dst->flags & DST_NOCACHE)) |
3176 |
+ call_rcu(&dst->rcu_head, dst_destroy_rcu); |
3177 |
+ } |
3178 |
+ } |
3179 |
+diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c |
3180 |
+index 6bbc549..d7116cf 100644 |
3181 |
+--- a/net/ipv4/fib_frontend.c |
3182 |
++++ b/net/ipv4/fib_frontend.c |
3183 |
+@@ -1063,9 +1063,10 @@ static void nl_fib_lookup_exit(struct net *net) |
3184 |
+ net->ipv4.fibnl = NULL; |
3185 |
+ } |
3186 |
+ |
3187 |
+-static void fib_disable_ip(struct net_device *dev, unsigned long event) |
3188 |
++static void fib_disable_ip(struct net_device *dev, unsigned long event, |
3189 |
++ bool force) |
3190 |
+ { |
3191 |
+- if (fib_sync_down_dev(dev, event)) |
3192 |
++ if (fib_sync_down_dev(dev, event, force)) |
3193 |
+ fib_flush(dev_net(dev)); |
3194 |
+ rt_cache_flush(dev_net(dev)); |
3195 |
+ arp_ifdown(dev); |
3196 |
+@@ -1093,7 +1094,7 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, |
3197 |
+ /* Last address was deleted from this interface. |
3198 |
+ * Disable IP. |
3199 |
+ */ |
3200 |
+- fib_disable_ip(dev, event); |
3201 |
++ fib_disable_ip(dev, event, true); |
3202 |
+ } else { |
3203 |
+ rt_cache_flush(dev_net(dev)); |
3204 |
+ } |
3205 |
+@@ -1110,7 +1111,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo |
3206 |
+ unsigned int flags; |
3207 |
+ |
3208 |
+ if (event == NETDEV_UNREGISTER) { |
3209 |
+- fib_disable_ip(dev, event); |
3210 |
++ fib_disable_ip(dev, event, true); |
3211 |
+ rt_flush_dev(dev); |
3212 |
+ return NOTIFY_DONE; |
3213 |
+ } |
3214 |
+@@ -1131,14 +1132,14 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo |
3215 |
+ rt_cache_flush(net); |
3216 |
+ break; |
3217 |
+ case NETDEV_DOWN: |
3218 |
+- fib_disable_ip(dev, event); |
3219 |
++ fib_disable_ip(dev, event, false); |
3220 |
+ break; |
3221 |
+ case NETDEV_CHANGE: |
3222 |
+ flags = dev_get_flags(dev); |
3223 |
+ if (flags & (IFF_RUNNING | IFF_LOWER_UP)) |
3224 |
+ fib_sync_up(dev, RTNH_F_LINKDOWN); |
3225 |
+ else |
3226 |
+- fib_sync_down_dev(dev, event); |
3227 |
++ fib_sync_down_dev(dev, event, false); |
3228 |
+ /* fall through */ |
3229 |
+ case NETDEV_CHANGEMTU: |
3230 |
+ rt_cache_flush(net); |
3231 |
+diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c |
3232 |
+index 3a06586..71bad5c 100644 |
3233 |
+--- a/net/ipv4/fib_semantics.c |
3234 |
++++ b/net/ipv4/fib_semantics.c |
3235 |
+@@ -1132,7 +1132,13 @@ int fib_sync_down_addr(struct net *net, __be32 local) |
3236 |
+ return ret; |
3237 |
+ } |
3238 |
+ |
3239 |
+-int fib_sync_down_dev(struct net_device *dev, unsigned long event) |
3240 |
++/* Event force Flags Description |
3241 |
++ * NETDEV_CHANGE 0 LINKDOWN Carrier OFF, not for scope host |
3242 |
++ * NETDEV_DOWN 0 LINKDOWN|DEAD Link down, not for scope host |
3243 |
++ * NETDEV_DOWN 1 LINKDOWN|DEAD Last address removed |
3244 |
++ * NETDEV_UNREGISTER 1 LINKDOWN|DEAD Device removed |
3245 |
++ */ |
3246 |
++int fib_sync_down_dev(struct net_device *dev, unsigned long event, bool force) |
3247 |
+ { |
3248 |
+ int ret = 0; |
3249 |
+ int scope = RT_SCOPE_NOWHERE; |
3250 |
+@@ -1141,8 +1147,7 @@ int fib_sync_down_dev(struct net_device *dev, unsigned long event) |
3251 |
+ struct hlist_head *head = &fib_info_devhash[hash]; |
3252 |
+ struct fib_nh *nh; |
3253 |
+ |
3254 |
+- if (event == NETDEV_UNREGISTER || |
3255 |
+- event == NETDEV_DOWN) |
3256 |
++ if (force) |
3257 |
+ scope = -1; |
3258 |
+ |
3259 |
+ hlist_for_each_entry(nh, head, nh_hash) { |
3260 |
+@@ -1291,6 +1296,13 @@ int fib_sync_up(struct net_device *dev, unsigned int nh_flags) |
3261 |
+ if (!(dev->flags & IFF_UP)) |
3262 |
+ return 0; |
3263 |
+ |
3264 |
++ if (nh_flags & RTNH_F_DEAD) { |
3265 |
++ unsigned int flags = dev_get_flags(dev); |
3266 |
++ |
3267 |
++ if (flags & (IFF_RUNNING | IFF_LOWER_UP)) |
3268 |
++ nh_flags |= RTNH_F_LINKDOWN; |
3269 |
++ } |
3270 |
++ |
3271 |
+ prev_fi = NULL; |
3272 |
+ hash = fib_devindex_hashfn(dev->ifindex); |
3273 |
+ head = &fib_info_devhash[hash]; |
3274 |
+diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c |
3275 |
+index b0c6258..ea3aedb 100644 |
3276 |
+--- a/net/ipv4/fib_trie.c |
3277 |
++++ b/net/ipv4/fib_trie.c |
3278 |
+@@ -1561,7 +1561,7 @@ static struct key_vector *leaf_walk_rcu(struct key_vector **tn, t_key key) |
3279 |
+ do { |
3280 |
+ /* record parent and next child index */ |
3281 |
+ pn = n; |
3282 |
+- cindex = key ? get_index(key, pn) : 0; |
3283 |
++ cindex = (key > pn->key) ? get_index(key, pn) : 0; |
3284 |
+ |
3285 |
+ if (cindex >> pn->bits) |
3286 |
+ break; |
3287 |
+diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c |
3288 |
+index 5aa46d4..5a8ee32 100644 |
3289 |
+--- a/net/ipv4/gre_offload.c |
3290 |
++++ b/net/ipv4/gre_offload.c |
3291 |
+@@ -36,7 +36,8 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, |
3292 |
+ SKB_GSO_TCP_ECN | |
3293 |
+ SKB_GSO_GRE | |
3294 |
+ SKB_GSO_GRE_CSUM | |
3295 |
+- SKB_GSO_IPIP))) |
3296 |
++ SKB_GSO_IPIP | |
3297 |
++ SKB_GSO_SIT))) |
3298 |
+ goto out; |
3299 |
+ |
3300 |
+ if (!skb->encapsulation) |
3301 |
+diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
3302 |
+index 3a2c016..df28693 100644 |
3303 |
+--- a/net/ipv4/ipmr.c |
3304 |
++++ b/net/ipv4/ipmr.c |
3305 |
+@@ -1683,8 +1683,8 @@ static inline int ipmr_forward_finish(struct sock *sk, struct sk_buff *skb) |
3306 |
+ { |
3307 |
+ struct ip_options *opt = &(IPCB(skb)->opt); |
3308 |
+ |
3309 |
+- IP_INC_STATS_BH(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTFORWDATAGRAMS); |
3310 |
+- IP_ADD_STATS_BH(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTOCTETS, skb->len); |
3311 |
++ IP_INC_STATS(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTFORWDATAGRAMS); |
3312 |
++ IP_ADD_STATS(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTOCTETS, skb->len); |
3313 |
+ |
3314 |
+ if (unlikely(opt->optlen)) |
3315 |
+ ip_forward_options(skb); |
3316 |
+@@ -1746,7 +1746,7 @@ static void ipmr_queue_xmit(struct net *net, struct mr_table *mrt, |
3317 |
+ * to blackhole. |
3318 |
+ */ |
3319 |
+ |
3320 |
+- IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_FRAGFAILS); |
3321 |
++ IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGFAILS); |
3322 |
+ ip_rt_put(rt); |
3323 |
+ goto out_free; |
3324 |
+ } |
3325 |
+diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c |
3326 |
+index 0330ab2..a1442c5 100644 |
3327 |
+--- a/net/ipv4/sysctl_net_ipv4.c |
3328 |
++++ b/net/ipv4/sysctl_net_ipv4.c |
3329 |
+@@ -47,14 +47,14 @@ static void set_local_port_range(struct net *net, int range[2]) |
3330 |
+ { |
3331 |
+ bool same_parity = !((range[0] ^ range[1]) & 1); |
3332 |
+ |
3333 |
+- write_seqlock(&net->ipv4.ip_local_ports.lock); |
3334 |
++ write_seqlock_bh(&net->ipv4.ip_local_ports.lock); |
3335 |
+ if (same_parity && !net->ipv4.ip_local_ports.warned) { |
3336 |
+ net->ipv4.ip_local_ports.warned = true; |
3337 |
+ pr_err_ratelimited("ip_local_port_range: prefer different parity for start/end values.\n"); |
3338 |
+ } |
3339 |
+ net->ipv4.ip_local_ports.range[0] = range[0]; |
3340 |
+ net->ipv4.ip_local_ports.range[1] = range[1]; |
3341 |
+- write_sequnlock(&net->ipv4.ip_local_ports.lock); |
3342 |
++ write_sequnlock_bh(&net->ipv4.ip_local_ports.lock); |
3343 |
+ } |
3344 |
+ |
3345 |
+ /* Validate changes from /proc interface. */ |
3346 |
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
3347 |
+index b7dedd9..747a4c4 100644 |
3348 |
+--- a/net/ipv4/tcp_output.c |
3349 |
++++ b/net/ipv4/tcp_output.c |
3350 |
+@@ -3406,7 +3406,7 @@ static int tcp_xmit_probe_skb(struct sock *sk, int urgent, int mib) |
3351 |
+ */ |
3352 |
+ tcp_init_nondata_skb(skb, tp->snd_una - !urgent, TCPHDR_ACK); |
3353 |
+ skb_mstamp_get(&skb->skb_mstamp); |
3354 |
+- NET_INC_STATS_BH(sock_net(sk), mib); |
3355 |
++ NET_INC_STATS(sock_net(sk), mib); |
3356 |
+ return tcp_transmit_skb(sk, skb, 0, GFP_ATOMIC); |
3357 |
+ } |
3358 |
+ |
3359 |
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
3360 |
+index 21c2c81..c8c1fea 100644 |
3361 |
+--- a/net/ipv6/addrconf.c |
3362 |
++++ b/net/ipv6/addrconf.c |
3363 |
+@@ -411,6 +411,7 @@ static struct inet6_dev *ipv6_add_dev(struct net_device *dev) |
3364 |
+ if (err) { |
3365 |
+ ipv6_mc_destroy_dev(ndev); |
3366 |
+ del_timer(&ndev->regen_timer); |
3367 |
++ snmp6_unregister_dev(ndev); |
3368 |
+ goto err_release; |
3369 |
+ } |
3370 |
+ /* protected by rtnl_lock */ |
3371 |
+diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c |
3372 |
+index ac35a28..85c4b2f 100644 |
3373 |
+--- a/net/ipv6/sit.c |
3374 |
++++ b/net/ipv6/sit.c |
3375 |
+@@ -1394,34 +1394,20 @@ static int ipip6_tunnel_init(struct net_device *dev) |
3376 |
+ return 0; |
3377 |
+ } |
3378 |
+ |
3379 |
+-static int __net_init ipip6_fb_tunnel_init(struct net_device *dev) |
3380 |
++static void __net_init ipip6_fb_tunnel_init(struct net_device *dev) |
3381 |
+ { |
3382 |
+ struct ip_tunnel *tunnel = netdev_priv(dev); |
3383 |
+ struct iphdr *iph = &tunnel->parms.iph; |
3384 |
+ struct net *net = dev_net(dev); |
3385 |
+ struct sit_net *sitn = net_generic(net, sit_net_id); |
3386 |
+ |
3387 |
+- tunnel->dev = dev; |
3388 |
+- tunnel->net = dev_net(dev); |
3389 |
+- |
3390 |
+ iph->version = 4; |
3391 |
+ iph->protocol = IPPROTO_IPV6; |
3392 |
+ iph->ihl = 5; |
3393 |
+ iph->ttl = 64; |
3394 |
+ |
3395 |
+- dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); |
3396 |
+- if (!dev->tstats) |
3397 |
+- return -ENOMEM; |
3398 |
+- |
3399 |
+- tunnel->dst_cache = alloc_percpu(struct ip_tunnel_dst); |
3400 |
+- if (!tunnel->dst_cache) { |
3401 |
+- free_percpu(dev->tstats); |
3402 |
+- return -ENOMEM; |
3403 |
+- } |
3404 |
+- |
3405 |
+ dev_hold(dev); |
3406 |
+ rcu_assign_pointer(sitn->tunnels_wc[0], tunnel); |
3407 |
+- return 0; |
3408 |
+ } |
3409 |
+ |
3410 |
+ static int ipip6_validate(struct nlattr *tb[], struct nlattr *data[]) |
3411 |
+@@ -1831,23 +1817,19 @@ static int __net_init sit_init_net(struct net *net) |
3412 |
+ */ |
3413 |
+ sitn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL; |
3414 |
+ |
3415 |
+- err = ipip6_fb_tunnel_init(sitn->fb_tunnel_dev); |
3416 |
+- if (err) |
3417 |
+- goto err_dev_free; |
3418 |
+- |
3419 |
+- ipip6_tunnel_clone_6rd(sitn->fb_tunnel_dev, sitn); |
3420 |
+ err = register_netdev(sitn->fb_tunnel_dev); |
3421 |
+ if (err) |
3422 |
+ goto err_reg_dev; |
3423 |
+ |
3424 |
++ ipip6_tunnel_clone_6rd(sitn->fb_tunnel_dev, sitn); |
3425 |
++ ipip6_fb_tunnel_init(sitn->fb_tunnel_dev); |
3426 |
++ |
3427 |
+ t = netdev_priv(sitn->fb_tunnel_dev); |
3428 |
+ |
3429 |
+ strcpy(t->parms.name, sitn->fb_tunnel_dev->name); |
3430 |
+ return 0; |
3431 |
+ |
3432 |
+ err_reg_dev: |
3433 |
+- dev_put(sitn->fb_tunnel_dev); |
3434 |
+-err_dev_free: |
3435 |
+ ipip6_dev_free(sitn->fb_tunnel_dev); |
3436 |
+ err_alloc_dev: |
3437 |
+ return err; |
3438 |
+diff --git a/net/irda/irlmp.c b/net/irda/irlmp.c |
3439 |
+index a26c401..4396459 100644 |
3440 |
+--- a/net/irda/irlmp.c |
3441 |
++++ b/net/irda/irlmp.c |
3442 |
+@@ -1839,7 +1839,7 @@ static void *irlmp_seq_hb_idx(struct irlmp_iter_state *iter, loff_t *off) |
3443 |
+ for (element = hashbin_get_first(iter->hashbin); |
3444 |
+ element != NULL; |
3445 |
+ element = hashbin_get_next(iter->hashbin)) { |
3446 |
+- if (!off || *off-- == 0) { |
3447 |
++ if (!off || (*off)-- == 0) { |
3448 |
+ /* NB: hashbin left locked */ |
3449 |
+ return element; |
3450 |
+ } |
3451 |
+diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c |
3452 |
+index 9b2cc27..33bf779 100644 |
3453 |
+--- a/net/mac80211/mlme.c |
3454 |
++++ b/net/mac80211/mlme.c |
3455 |
+@@ -3378,7 +3378,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, |
3456 |
+ |
3457 |
+ if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold && |
3458 |
+ ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) { |
3459 |
+- int sig = ifmgd->ave_beacon_signal; |
3460 |
++ int sig = ifmgd->ave_beacon_signal / 16; |
3461 |
+ int last_sig = ifmgd->last_ave_beacon_signal; |
3462 |
+ struct ieee80211_event event = { |
3463 |
+ .type = RSSI_EVENT, |
3464 |
+@@ -4999,6 +4999,25 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, |
3465 |
+ return 0; |
3466 |
+ } |
3467 |
+ |
3468 |
++ if (ifmgd->assoc_data && |
3469 |
++ ether_addr_equal(ifmgd->assoc_data->bss->bssid, req->bssid)) { |
3470 |
++ sdata_info(sdata, |
3471 |
++ "aborting association with %pM by local choice (Reason: %u=%s)\n", |
3472 |
++ req->bssid, req->reason_code, |
3473 |
++ ieee80211_get_reason_code_string(req->reason_code)); |
3474 |
++ |
3475 |
++ drv_mgd_prepare_tx(sdata->local, sdata); |
3476 |
++ ieee80211_send_deauth_disassoc(sdata, req->bssid, |
3477 |
++ IEEE80211_STYPE_DEAUTH, |
3478 |
++ req->reason_code, tx, |
3479 |
++ frame_buf); |
3480 |
++ ieee80211_destroy_assoc_data(sdata, false); |
3481 |
++ ieee80211_report_disconnect(sdata, frame_buf, |
3482 |
++ sizeof(frame_buf), true, |
3483 |
++ req->reason_code); |
3484 |
++ return 0; |
3485 |
++ } |
3486 |
++ |
3487 |
+ if (ifmgd->associated && |
3488 |
+ ether_addr_equal(ifmgd->associated->bssid, req->bssid)) { |
3489 |
+ sdata_info(sdata, |
3490 |
+diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h |
3491 |
+index 6f14591..0b13bfa 100644 |
3492 |
+--- a/net/mac80211/trace.h |
3493 |
++++ b/net/mac80211/trace.h |
3494 |
+@@ -33,11 +33,11 @@ |
3495 |
+ __field(u32, chan_width) \ |
3496 |
+ __field(u32, center_freq1) \ |
3497 |
+ __field(u32, center_freq2) |
3498 |
+-#define CHANDEF_ASSIGN(c) \ |
3499 |
+- __entry->control_freq = (c)->chan ? (c)->chan->center_freq : 0; \ |
3500 |
+- __entry->chan_width = (c)->width; \ |
3501 |
+- __entry->center_freq1 = (c)->center_freq1; \ |
3502 |
+- __entry->center_freq2 = (c)->center_freq2; |
3503 |
++#define CHANDEF_ASSIGN(c) \ |
3504 |
++ __entry->control_freq = (c) ? ((c)->chan ? (c)->chan->center_freq : 0) : 0; \ |
3505 |
++ __entry->chan_width = (c) ? (c)->width : 0; \ |
3506 |
++ __entry->center_freq1 = (c) ? (c)->center_freq1 : 0; \ |
3507 |
++ __entry->center_freq2 = (c) ? (c)->center_freq2 : 0; |
3508 |
+ #define CHANDEF_PR_FMT " control:%d MHz width:%d center: %d/%d MHz" |
3509 |
+ #define CHANDEF_PR_ARG __entry->control_freq, __entry->chan_width, \ |
3510 |
+ __entry->center_freq1, __entry->center_freq2 |
3511 |
+diff --git a/net/mac80211/util.c b/net/mac80211/util.c |
3512 |
+index 43e5aad..f5fa8c0 100644 |
3513 |
+--- a/net/mac80211/util.c |
3514 |
++++ b/net/mac80211/util.c |
3515 |
+@@ -2984,6 +2984,13 @@ ieee80211_extend_noa_desc(struct ieee80211_noa_data *data, u32 tsf, int i) |
3516 |
+ if (end > 0) |
3517 |
+ return false; |
3518 |
+ |
3519 |
++ /* One shot NOA */ |
3520 |
++ if (data->count[i] == 1) |
3521 |
++ return false; |
3522 |
++ |
3523 |
++ if (data->desc[i].interval == 0) |
3524 |
++ return false; |
3525 |
++ |
3526 |
+ /* End time is in the past, check for repetitions */ |
3527 |
+ skip = DIV_ROUND_UP(-end, data->desc[i].interval); |
3528 |
+ if (data->count[i] < 255) { |
3529 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
3530 |
+index a133d16..8b158f7 100644 |
3531 |
+--- a/net/netlink/af_netlink.c |
3532 |
++++ b/net/netlink/af_netlink.c |
3533 |
+@@ -2346,7 +2346,7 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname, |
3534 |
+ int pos, idx, shift; |
3535 |
+ |
3536 |
+ err = 0; |
3537 |
+- netlink_table_grab(); |
3538 |
++ netlink_lock_table(); |
3539 |
+ for (pos = 0; pos * 8 < nlk->ngroups; pos += sizeof(u32)) { |
3540 |
+ if (len - pos < sizeof(u32)) |
3541 |
+ break; |
3542 |
+@@ -2361,7 +2361,7 @@ static int netlink_getsockopt(struct socket *sock, int level, int optname, |
3543 |
+ } |
3544 |
+ if (put_user(ALIGN(nlk->ngroups / 8, sizeof(u32)), optlen)) |
3545 |
+ err = -EFAULT; |
3546 |
+- netlink_table_ungrab(); |
3547 |
++ netlink_unlock_table(); |
3548 |
+ break; |
3549 |
+ } |
3550 |
+ default: |
3551 |
+diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c |
3552 |
+index 609f922..30b09f0 100644 |
3553 |
+--- a/net/nfc/nci/hci.c |
3554 |
++++ b/net/nfc/nci/hci.c |
3555 |
+@@ -101,6 +101,20 @@ struct nci_hcp_packet { |
3556 |
+ #define NCI_HCP_MSG_GET_CMD(header) (header & 0x3f) |
3557 |
+ #define NCI_HCP_MSG_GET_PIPE(header) (header & 0x7f) |
3558 |
+ |
3559 |
++static int nci_hci_result_to_errno(u8 result) |
3560 |
++{ |
3561 |
++ switch (result) { |
3562 |
++ case NCI_HCI_ANY_OK: |
3563 |
++ return 0; |
3564 |
++ case NCI_HCI_ANY_E_REG_PAR_UNKNOWN: |
3565 |
++ return -EOPNOTSUPP; |
3566 |
++ case NCI_HCI_ANY_E_TIMEOUT: |
3567 |
++ return -ETIME; |
3568 |
++ default: |
3569 |
++ return -1; |
3570 |
++ } |
3571 |
++} |
3572 |
++ |
3573 |
+ /* HCI core */ |
3574 |
+ static void nci_hci_reset_pipes(struct nci_hci_dev *hdev) |
3575 |
+ { |
3576 |
+@@ -146,18 +160,18 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe, |
3577 |
+ if (!conn_info) |
3578 |
+ return -EPROTO; |
3579 |
+ |
3580 |
+- skb = nci_skb_alloc(ndev, 2 + conn_info->max_pkt_payload_len + |
3581 |
++ i = 0; |
3582 |
++ skb = nci_skb_alloc(ndev, conn_info->max_pkt_payload_len + |
3583 |
+ NCI_DATA_HDR_SIZE, GFP_KERNEL); |
3584 |
+ if (!skb) |
3585 |
+ return -ENOMEM; |
3586 |
+ |
3587 |
+- skb_reserve(skb, 2 + NCI_DATA_HDR_SIZE); |
3588 |
++ skb_reserve(skb, NCI_DATA_HDR_SIZE + 2); |
3589 |
+ *skb_push(skb, 1) = data_type; |
3590 |
+ |
3591 |
+- i = 0; |
3592 |
+- len = conn_info->max_pkt_payload_len; |
3593 |
+- |
3594 |
+ do { |
3595 |
++ len = conn_info->max_pkt_payload_len; |
3596 |
++ |
3597 |
+ /* If last packet add NCI_HFP_NO_CHAINING */ |
3598 |
+ if (i + conn_info->max_pkt_payload_len - |
3599 |
+ (skb->len + 1) >= data_len) { |
3600 |
+@@ -177,9 +191,15 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe, |
3601 |
+ return r; |
3602 |
+ |
3603 |
+ i += len; |
3604 |
++ |
3605 |
+ if (i < data_len) { |
3606 |
+- skb_trim(skb, 0); |
3607 |
+- skb_pull(skb, len); |
3608 |
++ skb = nci_skb_alloc(ndev, |
3609 |
++ conn_info->max_pkt_payload_len + |
3610 |
++ NCI_DATA_HDR_SIZE, GFP_KERNEL); |
3611 |
++ if (!skb) |
3612 |
++ return -ENOMEM; |
3613 |
++ |
3614 |
++ skb_reserve(skb, NCI_DATA_HDR_SIZE + 1); |
3615 |
+ } |
3616 |
+ } while (i < data_len); |
3617 |
+ |
3618 |
+@@ -212,7 +232,8 @@ int nci_hci_send_cmd(struct nci_dev *ndev, u8 gate, u8 cmd, |
3619 |
+ const u8 *param, size_t param_len, |
3620 |
+ struct sk_buff **skb) |
3621 |
+ { |
3622 |
+- struct nci_conn_info *conn_info; |
3623 |
++ struct nci_hcp_message *message; |
3624 |
++ struct nci_conn_info *conn_info; |
3625 |
+ struct nci_data data; |
3626 |
+ int r; |
3627 |
+ u8 pipe = ndev->hci_dev->gate2pipe[gate]; |
3628 |
+@@ -232,9 +253,15 @@ int nci_hci_send_cmd(struct nci_dev *ndev, u8 gate, u8 cmd, |
3629 |
+ |
3630 |
+ r = nci_request(ndev, nci_hci_send_data_req, (unsigned long)&data, |
3631 |
+ msecs_to_jiffies(NCI_DATA_TIMEOUT)); |
3632 |
+- |
3633 |
+- if (r == NCI_STATUS_OK && skb) |
3634 |
+- *skb = conn_info->rx_skb; |
3635 |
++ if (r == NCI_STATUS_OK) { |
3636 |
++ message = (struct nci_hcp_message *)conn_info->rx_skb->data; |
3637 |
++ r = nci_hci_result_to_errno( |
3638 |
++ NCI_HCP_MSG_GET_CMD(message->header)); |
3639 |
++ skb_pull(conn_info->rx_skb, NCI_HCI_HCP_MESSAGE_HEADER_LEN); |
3640 |
++ |
3641 |
++ if (!r && skb) |
3642 |
++ *skb = conn_info->rx_skb; |
3643 |
++ } |
3644 |
+ |
3645 |
+ return r; |
3646 |
+ } |
3647 |
+@@ -328,9 +355,6 @@ static void nci_hci_resp_received(struct nci_dev *ndev, u8 pipe, |
3648 |
+ struct nci_conn_info *conn_info; |
3649 |
+ u8 status = result; |
3650 |
+ |
3651 |
+- if (result != NCI_HCI_ANY_OK) |
3652 |
+- goto exit; |
3653 |
+- |
3654 |
+ conn_info = ndev->hci_dev->conn_info; |
3655 |
+ if (!conn_info) { |
3656 |
+ status = NCI_STATUS_REJECTED; |
3657 |
+@@ -340,7 +364,7 @@ static void nci_hci_resp_received(struct nci_dev *ndev, u8 pipe, |
3658 |
+ conn_info->rx_skb = skb; |
3659 |
+ |
3660 |
+ exit: |
3661 |
+- nci_req_complete(ndev, status); |
3662 |
++ nci_req_complete(ndev, NCI_STATUS_OK); |
3663 |
+ } |
3664 |
+ |
3665 |
+ /* Receive hcp message for pipe, with type and cmd. |
3666 |
+@@ -378,7 +402,7 @@ static void nci_hci_msg_rx_work(struct work_struct *work) |
3667 |
+ u8 pipe, type, instruction; |
3668 |
+ |
3669 |
+ while ((skb = skb_dequeue(&hdev->msg_rx_queue)) != NULL) { |
3670 |
+- pipe = skb->data[0]; |
3671 |
++ pipe = NCI_HCP_MSG_GET_PIPE(skb->data[0]); |
3672 |
+ skb_pull(skb, NCI_HCI_HCP_PACKET_HEADER_LEN); |
3673 |
+ message = (struct nci_hcp_message *)skb->data; |
3674 |
+ type = NCI_HCP_MSG_GET_TYPE(message->header); |
3675 |
+@@ -395,7 +419,7 @@ void nci_hci_data_received_cb(void *context, |
3676 |
+ { |
3677 |
+ struct nci_dev *ndev = (struct nci_dev *)context; |
3678 |
+ struct nci_hcp_packet *packet; |
3679 |
+- u8 pipe, type, instruction; |
3680 |
++ u8 pipe, type; |
3681 |
+ struct sk_buff *hcp_skb; |
3682 |
+ struct sk_buff *frag_skb; |
3683 |
+ int msg_len; |
3684 |
+@@ -415,7 +439,7 @@ void nci_hci_data_received_cb(void *context, |
3685 |
+ |
3686 |
+ /* it's the last fragment. Does it need re-aggregation? */ |
3687 |
+ if (skb_queue_len(&ndev->hci_dev->rx_hcp_frags)) { |
3688 |
+- pipe = packet->header & NCI_HCI_FRAGMENT; |
3689 |
++ pipe = NCI_HCP_MSG_GET_PIPE(packet->header); |
3690 |
+ skb_queue_tail(&ndev->hci_dev->rx_hcp_frags, skb); |
3691 |
+ |
3692 |
+ msg_len = 0; |
3693 |
+@@ -434,7 +458,7 @@ void nci_hci_data_received_cb(void *context, |
3694 |
+ *skb_put(hcp_skb, NCI_HCI_HCP_PACKET_HEADER_LEN) = pipe; |
3695 |
+ |
3696 |
+ skb_queue_walk(&ndev->hci_dev->rx_hcp_frags, frag_skb) { |
3697 |
+- msg_len = frag_skb->len - NCI_HCI_HCP_PACKET_HEADER_LEN; |
3698 |
++ msg_len = frag_skb->len - NCI_HCI_HCP_PACKET_HEADER_LEN; |
3699 |
+ memcpy(skb_put(hcp_skb, msg_len), frag_skb->data + |
3700 |
+ NCI_HCI_HCP_PACKET_HEADER_LEN, msg_len); |
3701 |
+ } |
3702 |
+@@ -452,11 +476,10 @@ void nci_hci_data_received_cb(void *context, |
3703 |
+ packet = (struct nci_hcp_packet *)hcp_skb->data; |
3704 |
+ type = NCI_HCP_MSG_GET_TYPE(packet->message.header); |
3705 |
+ if (type == NCI_HCI_HCP_RESPONSE) { |
3706 |
+- pipe = packet->header; |
3707 |
+- instruction = NCI_HCP_MSG_GET_CMD(packet->message.header); |
3708 |
+- skb_pull(hcp_skb, NCI_HCI_HCP_PACKET_HEADER_LEN + |
3709 |
+- NCI_HCI_HCP_MESSAGE_HEADER_LEN); |
3710 |
+- nci_hci_hcp_message_rx(ndev, pipe, type, instruction, hcp_skb); |
3711 |
++ pipe = NCI_HCP_MSG_GET_PIPE(packet->header); |
3712 |
++ skb_pull(hcp_skb, NCI_HCI_HCP_PACKET_HEADER_LEN); |
3713 |
++ nci_hci_hcp_message_rx(ndev, pipe, type, |
3714 |
++ NCI_STATUS_OK, hcp_skb); |
3715 |
+ } else { |
3716 |
+ skb_queue_tail(&ndev->hci_dev->msg_rx_queue, hcp_skb); |
3717 |
+ schedule_work(&ndev->hci_dev->msg_rx_work); |
3718 |
+@@ -488,6 +511,7 @@ EXPORT_SYMBOL(nci_hci_open_pipe); |
3719 |
+ int nci_hci_set_param(struct nci_dev *ndev, u8 gate, u8 idx, |
3720 |
+ const u8 *param, size_t param_len) |
3721 |
+ { |
3722 |
++ struct nci_hcp_message *message; |
3723 |
+ struct nci_conn_info *conn_info; |
3724 |
+ struct nci_data data; |
3725 |
+ int r; |
3726 |
+@@ -520,6 +544,12 @@ int nci_hci_set_param(struct nci_dev *ndev, u8 gate, u8 idx, |
3727 |
+ r = nci_request(ndev, nci_hci_send_data_req, |
3728 |
+ (unsigned long)&data, |
3729 |
+ msecs_to_jiffies(NCI_DATA_TIMEOUT)); |
3730 |
++ if (r == NCI_STATUS_OK) { |
3731 |
++ message = (struct nci_hcp_message *)conn_info->rx_skb->data; |
3732 |
++ r = nci_hci_result_to_errno( |
3733 |
++ NCI_HCP_MSG_GET_CMD(message->header)); |
3734 |
++ skb_pull(conn_info->rx_skb, NCI_HCI_HCP_MESSAGE_HEADER_LEN); |
3735 |
++ } |
3736 |
+ |
3737 |
+ kfree(tmp); |
3738 |
+ return r; |
3739 |
+@@ -529,6 +559,7 @@ EXPORT_SYMBOL(nci_hci_set_param); |
3740 |
+ int nci_hci_get_param(struct nci_dev *ndev, u8 gate, u8 idx, |
3741 |
+ struct sk_buff **skb) |
3742 |
+ { |
3743 |
++ struct nci_hcp_message *message; |
3744 |
+ struct nci_conn_info *conn_info; |
3745 |
+ struct nci_data data; |
3746 |
+ int r; |
3747 |
+@@ -553,8 +584,15 @@ int nci_hci_get_param(struct nci_dev *ndev, u8 gate, u8 idx, |
3748 |
+ r = nci_request(ndev, nci_hci_send_data_req, (unsigned long)&data, |
3749 |
+ msecs_to_jiffies(NCI_DATA_TIMEOUT)); |
3750 |
+ |
3751 |
+- if (r == NCI_STATUS_OK) |
3752 |
+- *skb = conn_info->rx_skb; |
3753 |
++ if (r == NCI_STATUS_OK) { |
3754 |
++ message = (struct nci_hcp_message *)conn_info->rx_skb->data; |
3755 |
++ r = nci_hci_result_to_errno( |
3756 |
++ NCI_HCP_MSG_GET_CMD(message->header)); |
3757 |
++ skb_pull(conn_info->rx_skb, NCI_HCI_HCP_MESSAGE_HEADER_LEN); |
3758 |
++ |
3759 |
++ if (!r && skb) |
3760 |
++ *skb = conn_info->rx_skb; |
3761 |
++ } |
3762 |
+ |
3763 |
+ return r; |
3764 |
+ } |
3765 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
3766 |
+index 7851b12..71cb085 100644 |
3767 |
+--- a/net/packet/af_packet.c |
3768 |
++++ b/net/packet/af_packet.c |
3769 |
+@@ -2784,22 +2784,40 @@ static int packet_release(struct socket *sock) |
3770 |
+ * Attach a packet hook. |
3771 |
+ */ |
3772 |
+ |
3773 |
+-static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto) |
3774 |
++static int packet_do_bind(struct sock *sk, const char *name, int ifindex, |
3775 |
++ __be16 proto) |
3776 |
+ { |
3777 |
+ struct packet_sock *po = pkt_sk(sk); |
3778 |
+ struct net_device *dev_curr; |
3779 |
+ __be16 proto_curr; |
3780 |
+ bool need_rehook; |
3781 |
++ struct net_device *dev = NULL; |
3782 |
++ int ret = 0; |
3783 |
++ bool unlisted = false; |
3784 |
+ |
3785 |
+- if (po->fanout) { |
3786 |
+- if (dev) |
3787 |
+- dev_put(dev); |
3788 |
+- |
3789 |
++ if (po->fanout) |
3790 |
+ return -EINVAL; |
3791 |
+- } |
3792 |
+ |
3793 |
+ lock_sock(sk); |
3794 |
+ spin_lock(&po->bind_lock); |
3795 |
++ rcu_read_lock(); |
3796 |
++ |
3797 |
++ if (name) { |
3798 |
++ dev = dev_get_by_name_rcu(sock_net(sk), name); |
3799 |
++ if (!dev) { |
3800 |
++ ret = -ENODEV; |
3801 |
++ goto out_unlock; |
3802 |
++ } |
3803 |
++ } else if (ifindex) { |
3804 |
++ dev = dev_get_by_index_rcu(sock_net(sk), ifindex); |
3805 |
++ if (!dev) { |
3806 |
++ ret = -ENODEV; |
3807 |
++ goto out_unlock; |
3808 |
++ } |
3809 |
++ } |
3810 |
++ |
3811 |
++ if (dev) |
3812 |
++ dev_hold(dev); |
3813 |
+ |
3814 |
+ proto_curr = po->prot_hook.type; |
3815 |
+ dev_curr = po->prot_hook.dev; |
3816 |
+@@ -2807,14 +2825,29 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto) |
3817 |
+ need_rehook = proto_curr != proto || dev_curr != dev; |
3818 |
+ |
3819 |
+ if (need_rehook) { |
3820 |
+- unregister_prot_hook(sk, true); |
3821 |
++ if (po->running) { |
3822 |
++ rcu_read_unlock(); |
3823 |
++ __unregister_prot_hook(sk, true); |
3824 |
++ rcu_read_lock(); |
3825 |
++ dev_curr = po->prot_hook.dev; |
3826 |
++ if (dev) |
3827 |
++ unlisted = !dev_get_by_index_rcu(sock_net(sk), |
3828 |
++ dev->ifindex); |
3829 |
++ } |
3830 |
+ |
3831 |
+ po->num = proto; |
3832 |
+ po->prot_hook.type = proto; |
3833 |
+- po->prot_hook.dev = dev; |
3834 |
+ |
3835 |
+- po->ifindex = dev ? dev->ifindex : 0; |
3836 |
+- packet_cached_dev_assign(po, dev); |
3837 |
++ if (unlikely(unlisted)) { |
3838 |
++ dev_put(dev); |
3839 |
++ po->prot_hook.dev = NULL; |
3840 |
++ po->ifindex = -1; |
3841 |
++ packet_cached_dev_reset(po); |
3842 |
++ } else { |
3843 |
++ po->prot_hook.dev = dev; |
3844 |
++ po->ifindex = dev ? dev->ifindex : 0; |
3845 |
++ packet_cached_dev_assign(po, dev); |
3846 |
++ } |
3847 |
+ } |
3848 |
+ if (dev_curr) |
3849 |
+ dev_put(dev_curr); |
3850 |
+@@ -2822,7 +2855,7 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto) |
3851 |
+ if (proto == 0 || !need_rehook) |
3852 |
+ goto out_unlock; |
3853 |
+ |
3854 |
+- if (!dev || (dev->flags & IFF_UP)) { |
3855 |
++ if (!unlisted && (!dev || (dev->flags & IFF_UP))) { |
3856 |
+ register_prot_hook(sk); |
3857 |
+ } else { |
3858 |
+ sk->sk_err = ENETDOWN; |
3859 |
+@@ -2831,9 +2864,10 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto) |
3860 |
+ } |
3861 |
+ |
3862 |
+ out_unlock: |
3863 |
++ rcu_read_unlock(); |
3864 |
+ spin_unlock(&po->bind_lock); |
3865 |
+ release_sock(sk); |
3866 |
+- return 0; |
3867 |
++ return ret; |
3868 |
+ } |
3869 |
+ |
3870 |
+ /* |
3871 |
+@@ -2845,8 +2879,6 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, |
3872 |
+ { |
3873 |
+ struct sock *sk = sock->sk; |
3874 |
+ char name[15]; |
3875 |
+- struct net_device *dev; |
3876 |
+- int err = -ENODEV; |
3877 |
+ |
3878 |
+ /* |
3879 |
+ * Check legality |
3880 |
+@@ -2856,19 +2888,13 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, |
3881 |
+ return -EINVAL; |
3882 |
+ strlcpy(name, uaddr->sa_data, sizeof(name)); |
3883 |
+ |
3884 |
+- dev = dev_get_by_name(sock_net(sk), name); |
3885 |
+- if (dev) |
3886 |
+- err = packet_do_bind(sk, dev, pkt_sk(sk)->num); |
3887 |
+- return err; |
3888 |
++ return packet_do_bind(sk, name, 0, pkt_sk(sk)->num); |
3889 |
+ } |
3890 |
+ |
3891 |
+ static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) |
3892 |
+ { |
3893 |
+ struct sockaddr_ll *sll = (struct sockaddr_ll *)uaddr; |
3894 |
+ struct sock *sk = sock->sk; |
3895 |
+- struct net_device *dev = NULL; |
3896 |
+- int err; |
3897 |
+- |
3898 |
+ |
3899 |
+ /* |
3900 |
+ * Check legality |
3901 |
+@@ -2879,16 +2905,8 @@ static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len |
3902 |
+ if (sll->sll_family != AF_PACKET) |
3903 |
+ return -EINVAL; |
3904 |
+ |
3905 |
+- if (sll->sll_ifindex) { |
3906 |
+- err = -ENODEV; |
3907 |
+- dev = dev_get_by_index(sock_net(sk), sll->sll_ifindex); |
3908 |
+- if (dev == NULL) |
3909 |
+- goto out; |
3910 |
+- } |
3911 |
+- err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num); |
3912 |
+- |
3913 |
+-out: |
3914 |
+- return err; |
3915 |
++ return packet_do_bind(sk, NULL, sll->sll_ifindex, |
3916 |
++ sll->sll_protocol ? : pkt_sk(sk)->num); |
3917 |
+ } |
3918 |
+ |
3919 |
+ static struct proto packet_proto = { |
3920 |
+diff --git a/net/rds/connection.c b/net/rds/connection.c |
3921 |
+index da6da57..9d66705 100644 |
3922 |
+--- a/net/rds/connection.c |
3923 |
++++ b/net/rds/connection.c |
3924 |
+@@ -187,6 +187,12 @@ new_conn: |
3925 |
+ } |
3926 |
+ } |
3927 |
+ |
3928 |
++ if (trans == NULL) { |
3929 |
++ kmem_cache_free(rds_conn_slab, conn); |
3930 |
++ conn = ERR_PTR(-ENODEV); |
3931 |
++ goto out; |
3932 |
++ } |
3933 |
++ |
3934 |
+ conn->c_trans = trans; |
3935 |
+ |
3936 |
+ ret = trans->conn_alloc(conn, gfp); |
3937 |
+diff --git a/net/rds/tcp_recv.c b/net/rds/tcp_recv.c |
3938 |
+index fbc5ef8..27a9921 100644 |
3939 |
+--- a/net/rds/tcp_recv.c |
3940 |
++++ b/net/rds/tcp_recv.c |
3941 |
+@@ -214,8 +214,15 @@ static int rds_tcp_data_recv(read_descriptor_t *desc, struct sk_buff *skb, |
3942 |
+ } |
3943 |
+ |
3944 |
+ to_copy = min(tc->t_tinc_data_rem, left); |
3945 |
+- pskb_pull(clone, offset); |
3946 |
+- pskb_trim(clone, to_copy); |
3947 |
++ if (!pskb_pull(clone, offset) || |
3948 |
++ pskb_trim(clone, to_copy)) { |
3949 |
++ pr_warn("rds_tcp_data_recv: pull/trim failed " |
3950 |
++ "left %zu data_rem %zu skb_len %d\n", |
3951 |
++ left, tc->t_tinc_data_rem, skb->len); |
3952 |
++ kfree_skb(clone); |
3953 |
++ desc->error = -ENOMEM; |
3954 |
++ goto out; |
3955 |
++ } |
3956 |
+ skb_queue_tail(&tinc->ti_skb_list, clone); |
3957 |
+ |
3958 |
+ rdsdebug("skb %p data %p len %d off %u to_copy %zu -> " |
3959 |
+diff --git a/net/tipc/msg.c b/net/tipc/msg.c |
3960 |
+index 08b4cc7..b3a3931 100644 |
3961 |
+--- a/net/tipc/msg.c |
3962 |
++++ b/net/tipc/msg.c |
3963 |
+@@ -121,7 +121,7 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) |
3964 |
+ { |
3965 |
+ struct sk_buff *head = *headbuf; |
3966 |
+ struct sk_buff *frag = *buf; |
3967 |
+- struct sk_buff *tail; |
3968 |
++ struct sk_buff *tail = NULL; |
3969 |
+ struct tipc_msg *msg; |
3970 |
+ u32 fragid; |
3971 |
+ int delta; |
3972 |
+@@ -141,9 +141,15 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) |
3973 |
+ if (unlikely(skb_unclone(frag, GFP_ATOMIC))) |
3974 |
+ goto err; |
3975 |
+ head = *headbuf = frag; |
3976 |
+- skb_frag_list_init(head); |
3977 |
+- TIPC_SKB_CB(head)->tail = NULL; |
3978 |
+ *buf = NULL; |
3979 |
++ TIPC_SKB_CB(head)->tail = NULL; |
3980 |
++ if (skb_is_nonlinear(head)) { |
3981 |
++ skb_walk_frags(head, tail) { |
3982 |
++ TIPC_SKB_CB(head)->tail = tail; |
3983 |
++ } |
3984 |
++ } else { |
3985 |
++ skb_frag_list_init(head); |
3986 |
++ } |
3987 |
+ return 0; |
3988 |
+ } |
3989 |
+ |
3990 |
+diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c |
3991 |
+index 66deebc..f8dfee5 100644 |
3992 |
+--- a/net/tipc/udp_media.c |
3993 |
++++ b/net/tipc/udp_media.c |
3994 |
+@@ -48,6 +48,7 @@ |
3995 |
+ #include <linux/tipc_netlink.h> |
3996 |
+ #include "core.h" |
3997 |
+ #include "bearer.h" |
3998 |
++#include "msg.h" |
3999 |
+ |
4000 |
+ /* IANA assigned UDP port */ |
4001 |
+ #define UDP_PORT_DEFAULT 6118 |
4002 |
+@@ -216,6 +217,10 @@ static int tipc_udp_recv(struct sock *sk, struct sk_buff *skb) |
4003 |
+ { |
4004 |
+ struct udp_bearer *ub; |
4005 |
+ struct tipc_bearer *b; |
4006 |
++ int usr = msg_user(buf_msg(skb)); |
4007 |
++ |
4008 |
++ if ((usr == LINK_PROTOCOL) || (usr == NAME_DISTRIBUTOR)) |
4009 |
++ skb_linearize(skb); |
4010 |
+ |
4011 |
+ ub = rcu_dereference_sk_user_data(sk); |
4012 |
+ if (!ub) { |
4013 |
+diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c |
4014 |
+index 76b4157..d059cf3 100644 |
4015 |
+--- a/net/wireless/nl80211.c |
4016 |
++++ b/net/wireless/nl80211.c |
4017 |
+@@ -3408,12 +3408,6 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) |
4018 |
+ wdev->iftype)) |
4019 |
+ return -EINVAL; |
4020 |
+ |
4021 |
+- if (info->attrs[NL80211_ATTR_ACL_POLICY]) { |
4022 |
+- params.acl = parse_acl_data(&rdev->wiphy, info); |
4023 |
+- if (IS_ERR(params.acl)) |
4024 |
+- return PTR_ERR(params.acl); |
4025 |
+- } |
4026 |
+- |
4027 |
+ if (info->attrs[NL80211_ATTR_SMPS_MODE]) { |
4028 |
+ params.smps_mode = |
4029 |
+ nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]); |
4030 |
+@@ -3437,6 +3431,12 @@ static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info) |
4031 |
+ params.smps_mode = NL80211_SMPS_OFF; |
4032 |
+ } |
4033 |
+ |
4034 |
++ if (info->attrs[NL80211_ATTR_ACL_POLICY]) { |
4035 |
++ params.acl = parse_acl_data(&rdev->wiphy, info); |
4036 |
++ if (IS_ERR(params.acl)) |
4037 |
++ return PTR_ERR(params.acl); |
4038 |
++ } |
4039 |
++ |
4040 |
+ wdev_lock(wdev); |
4041 |
+ err = rdev_start_ap(rdev, dev, ¶ms); |
4042 |
+ if (!err) { |
4043 |
+diff --git a/sound/usb/midi.c b/sound/usb/midi.c |
4044 |
+index 417ebb1..bec63e0 100644 |
4045 |
+--- a/sound/usb/midi.c |
4046 |
++++ b/sound/usb/midi.c |
4047 |
+@@ -174,6 +174,8 @@ struct snd_usb_midi_in_endpoint { |
4048 |
+ u8 running_status_length; |
4049 |
+ } ports[0x10]; |
4050 |
+ u8 seen_f5; |
4051 |
++ bool in_sysex; |
4052 |
++ u8 last_cin; |
4053 |
+ u8 error_resubmit; |
4054 |
+ int current_port; |
4055 |
+ }; |
4056 |
+@@ -468,6 +470,39 @@ static void snd_usbmidi_maudio_broken_running_status_input( |
4057 |
+ } |
4058 |
+ |
4059 |
+ /* |
4060 |
++ * QinHeng CH345 is buggy: every second packet inside a SysEx has not CIN 4 |
4061 |
++ * but the previously seen CIN, but still with three data bytes. |
4062 |
++ */ |
4063 |
++static void ch345_broken_sysex_input(struct snd_usb_midi_in_endpoint *ep, |
4064 |
++ uint8_t *buffer, int buffer_length) |
4065 |
++{ |
4066 |
++ unsigned int i, cin, length; |
4067 |
++ |
4068 |
++ for (i = 0; i + 3 < buffer_length; i += 4) { |
4069 |
++ if (buffer[i] == 0 && i > 0) |
4070 |
++ break; |
4071 |
++ cin = buffer[i] & 0x0f; |
4072 |
++ if (ep->in_sysex && |
4073 |
++ cin == ep->last_cin && |
4074 |
++ (buffer[i + 1 + (cin == 0x6)] & 0x80) == 0) |
4075 |
++ cin = 0x4; |
4076 |
++#if 0 |
4077 |
++ if (buffer[i + 1] == 0x90) { |
4078 |
++ /* |
4079 |
++ * Either a corrupted running status or a real note-on |
4080 |
++ * message; impossible to detect reliably. |
4081 |
++ */ |
4082 |
++ } |
4083 |
++#endif |
4084 |
++ length = snd_usbmidi_cin_length[cin]; |
4085 |
++ snd_usbmidi_input_data(ep, 0, &buffer[i + 1], length); |
4086 |
++ ep->in_sysex = cin == 0x4; |
4087 |
++ if (!ep->in_sysex) |
4088 |
++ ep->last_cin = cin; |
4089 |
++ } |
4090 |
++} |
4091 |
++ |
4092 |
++/* |
4093 |
+ * CME protocol: like the standard protocol, but SysEx commands are sent as a |
4094 |
+ * single USB packet preceded by a 0x0F byte. |
4095 |
+ */ |
4096 |
+@@ -660,6 +695,12 @@ static struct usb_protocol_ops snd_usbmidi_cme_ops = { |
4097 |
+ .output_packet = snd_usbmidi_output_standard_packet, |
4098 |
+ }; |
4099 |
+ |
4100 |
++static struct usb_protocol_ops snd_usbmidi_ch345_broken_sysex_ops = { |
4101 |
++ .input = ch345_broken_sysex_input, |
4102 |
++ .output = snd_usbmidi_standard_output, |
4103 |
++ .output_packet = snd_usbmidi_output_standard_packet, |
4104 |
++}; |
4105 |
++ |
4106 |
+ /* |
4107 |
+ * AKAI MPD16 protocol: |
4108 |
+ * |
4109 |
+@@ -1341,6 +1382,7 @@ static int snd_usbmidi_out_endpoint_create(struct snd_usb_midi *umidi, |
4110 |
+ * Various chips declare a packet size larger than 4 bytes, but |
4111 |
+ * do not actually work with larger packets: |
4112 |
+ */ |
4113 |
++ case USB_ID(0x0a67, 0x5011): /* Medeli DD305 */ |
4114 |
+ case USB_ID(0x0a92, 0x1020): /* ESI M4U */ |
4115 |
+ case USB_ID(0x1430, 0x474b): /* RedOctane GH MIDI INTERFACE */ |
4116 |
+ case USB_ID(0x15ca, 0x0101): /* Textech USB Midi Cable */ |
4117 |
+@@ -2375,6 +2417,10 @@ int snd_usbmidi_create(struct snd_card *card, |
4118 |
+ |
4119 |
+ err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); |
4120 |
+ break; |
4121 |
++ case QUIRK_MIDI_CH345: |
4122 |
++ umidi->usb_protocol_ops = &snd_usbmidi_ch345_broken_sysex_ops; |
4123 |
++ err = snd_usbmidi_detect_per_port_endpoints(umidi, endpoints); |
4124 |
++ break; |
4125 |
+ default: |
4126 |
+ dev_err(&umidi->dev->dev, "invalid quirk type %d\n", |
4127 |
+ quirk->type); |
4128 |
+diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h |
4129 |
+index e475665..ecc2a4e 100644 |
4130 |
+--- a/sound/usb/quirks-table.h |
4131 |
++++ b/sound/usb/quirks-table.h |
4132 |
+@@ -2820,6 +2820,17 @@ YAMAHA_DEVICE(0x7010, "UB99"), |
4133 |
+ .idProduct = 0x1020, |
4134 |
+ }, |
4135 |
+ |
4136 |
++/* QinHeng devices */ |
4137 |
++{ |
4138 |
++ USB_DEVICE(0x1a86, 0x752d), |
4139 |
++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { |
4140 |
++ .vendor_name = "QinHeng", |
4141 |
++ .product_name = "CH345", |
4142 |
++ .ifnum = 1, |
4143 |
++ .type = QUIRK_MIDI_CH345 |
4144 |
++ } |
4145 |
++}, |
4146 |
++ |
4147 |
+ /* KeithMcMillen Stringport */ |
4148 |
+ { |
4149 |
+ USB_DEVICE(0x1f38, 0x0001), |
4150 |
+diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c |
4151 |
+index 00ebc0c..eef9b8e 100644 |
4152 |
+--- a/sound/usb/quirks.c |
4153 |
++++ b/sound/usb/quirks.c |
4154 |
+@@ -535,6 +535,7 @@ int snd_usb_create_quirk(struct snd_usb_audio *chip, |
4155 |
+ [QUIRK_MIDI_CME] = create_any_midi_quirk, |
4156 |
+ [QUIRK_MIDI_AKAI] = create_any_midi_quirk, |
4157 |
+ [QUIRK_MIDI_FTDI] = create_any_midi_quirk, |
4158 |
++ [QUIRK_MIDI_CH345] = create_any_midi_quirk, |
4159 |
+ [QUIRK_AUDIO_STANDARD_INTERFACE] = create_standard_audio_quirk, |
4160 |
+ [QUIRK_AUDIO_FIXED_ENDPOINT] = create_fixed_stream_quirk, |
4161 |
+ [QUIRK_AUDIO_EDIROL_UAXX] = create_uaxx_quirk, |
4162 |
+@@ -1271,6 +1272,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip, |
4163 |
+ case USB_ID(0x20b1, 0x000a): /* Gustard DAC-X20U */ |
4164 |
+ case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */ |
4165 |
+ case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */ |
4166 |
++ case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */ |
4167 |
+ if (fp->altsetting == 3) |
4168 |
+ return SNDRV_PCM_FMTBIT_DSD_U32_BE; |
4169 |
+ break; |
4170 |
+diff --git a/sound/usb/usbaudio.h b/sound/usb/usbaudio.h |
4171 |
+index 91d0380..991aa84 100644 |
4172 |
+--- a/sound/usb/usbaudio.h |
4173 |
++++ b/sound/usb/usbaudio.h |
4174 |
+@@ -94,6 +94,7 @@ enum quirk_type { |
4175 |
+ QUIRK_MIDI_AKAI, |
4176 |
+ QUIRK_MIDI_US122L, |
4177 |
+ QUIRK_MIDI_FTDI, |
4178 |
++ QUIRK_MIDI_CH345, |
4179 |
+ QUIRK_AUDIO_STANDARD_INTERFACE, |
4180 |
+ QUIRK_AUDIO_FIXED_ENDPOINT, |
4181 |
+ QUIRK_AUDIO_EDIROL_UAXX, |
4182 |
|
4183 |
diff --git a/4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch b/4.2.7/4420_grsecurity-3.1-4.2.7-201512092320.patch |
4184 |
similarity index 98% |
4185 |
rename from 4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch |
4186 |
rename to 4.2.7/4420_grsecurity-3.1-4.2.7-201512092320.patch |
4187 |
index 9b88420..0e128e6 100644 |
4188 |
--- a/4.2.6/4420_grsecurity-3.1-4.2.6-201512051918.patch |
4189 |
+++ b/4.2.7/4420_grsecurity-3.1-4.2.7-201512092320.patch |
4190 |
@@ -406,7 +406,7 @@ index 6fccb69..60c7c7a 100644 |
4191 |
|
4192 |
A toggle value indicating if modules are allowed to be loaded |
4193 |
diff --git a/Makefile b/Makefile |
4194 |
-index 9ef3739..df5234b 100644 |
4195 |
+index f5014ea..5cc28a1 100644 |
4196 |
--- a/Makefile |
4197 |
+++ b/Makefile |
4198 |
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
4199 |
@@ -431,7 +431,7 @@ index 9ef3739..df5234b 100644 |
4200 |
$(Q)$(MAKE) $(build)=scripts/basic |
4201 |
$(Q)rm -f .tmp_quiet_recordmcount |
4202 |
|
4203 |
-@@ -615,6 +617,79 @@ endif |
4204 |
+@@ -615,6 +617,85 @@ endif |
4205 |
# Tell gcc to never replace conditional load with a non-conditional one |
4206 |
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) |
4207 |
|
4208 |
@@ -466,6 +466,12 @@ index 9ef3739..df5234b 100644 |
4209 |
+ifdef CONFIG_CHECKER_PLUGIN |
4210 |
+ifeq ($(call cc-ifversion, -ge, 0406, y), y) |
4211 |
+CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN |
4212 |
++ifdef CONFIG_CHECKER_PLUGIN_USER |
4213 |
++CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-user -DCHECKER_PLUGIN_USER |
4214 |
++endif |
4215 |
++ifdef CONFIG_CHECKER_PLUGIN_CONTEXT |
4216 |
++CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-context -DCHECKER_PLUGIN_CONTEXT |
4217 |
++endif |
4218 |
+endif |
4219 |
+endif |
4220 |
+COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so |
4221 |
@@ -511,7 +517,7 @@ index 9ef3739..df5234b 100644 |
4222 |
ifdef CONFIG_READABLE_ASM |
4223 |
# Disable optimizations that make assembler listings hard to read. |
4224 |
# reorder blocks reorders the control in the function |
4225 |
-@@ -714,7 +789,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) |
4226 |
+@@ -714,7 +795,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) |
4227 |
else |
4228 |
KBUILD_CFLAGS += -g |
4229 |
endif |
4230 |
@@ -520,7 +526,7 @@ index 9ef3739..df5234b 100644 |
4231 |
endif |
4232 |
ifdef CONFIG_DEBUG_INFO_DWARF4 |
4233 |
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,) |
4234 |
-@@ -886,7 +961,7 @@ export mod_sign_cmd |
4235 |
+@@ -886,7 +967,7 @@ export mod_sign_cmd |
4236 |
|
4237 |
|
4238 |
ifeq ($(KBUILD_EXTMOD),) |
4239 |
@@ -529,7 +535,7 @@ index 9ef3739..df5234b 100644 |
4240 |
|
4241 |
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ |
4242 |
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \ |
4243 |
-@@ -936,6 +1011,8 @@ endif |
4244 |
+@@ -936,6 +1017,8 @@ endif |
4245 |
|
4246 |
# The actual objects are generated when descending, |
4247 |
# make sure no implicit rule kicks in |
4248 |
@@ -538,7 +544,7 @@ index 9ef3739..df5234b 100644 |
4249 |
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ; |
4250 |
|
4251 |
# Handle descending into subdirectories listed in $(vmlinux-dirs) |
4252 |
-@@ -945,7 +1022,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; |
4253 |
+@@ -945,7 +1028,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; |
4254 |
# Error messages still appears in the original language |
4255 |
|
4256 |
PHONY += $(vmlinux-dirs) |
4257 |
@@ -547,7 +553,7 @@ index 9ef3739..df5234b 100644 |
4258 |
$(Q)$(MAKE) $(build)=$@ |
4259 |
|
4260 |
define filechk_kernel.release |
4261 |
-@@ -988,10 +1065,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ |
4262 |
+@@ -988,10 +1071,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ |
4263 |
|
4264 |
archprepare: archheaders archscripts prepare1 scripts_basic |
4265 |
|
4266 |
@@ -561,7 +567,7 @@ index 9ef3739..df5234b 100644 |
4267 |
prepare: prepare0 |
4268 |
|
4269 |
# Generate some files |
4270 |
-@@ -1099,6 +1179,8 @@ all: modules |
4271 |
+@@ -1099,6 +1185,8 @@ all: modules |
4272 |
# using awk while concatenating to the final file. |
4273 |
|
4274 |
PHONY += modules |
4275 |
@@ -570,7 +576,7 @@ index 9ef3739..df5234b 100644 |
4276 |
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin |
4277 |
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order |
4278 |
@$(kecho) ' Building modules, stage 2.'; |
4279 |
-@@ -1114,7 +1196,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) |
4280 |
+@@ -1114,7 +1202,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) |
4281 |
|
4282 |
# Target to prepare building external modules |
4283 |
PHONY += modules_prepare |
4284 |
@@ -579,7 +585,7 @@ index 9ef3739..df5234b 100644 |
4285 |
|
4286 |
# Target to install modules |
4287 |
PHONY += modules_install |
4288 |
-@@ -1180,7 +1262,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \ |
4289 |
+@@ -1180,7 +1268,10 @@ MRPROPER_FILES += .config .config.old .version .old_version \ |
4290 |
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ |
4291 |
signing_key.priv signing_key.x509 x509.genkey \ |
4292 |
extra_certificates signing_key.x509.keyid \ |
4293 |
@@ -591,7 +597,7 @@ index 9ef3739..df5234b 100644 |
4294 |
|
4295 |
# clean - Delete most, but leave enough to build external modules |
4296 |
# |
4297 |
-@@ -1219,7 +1304,7 @@ distclean: mrproper |
4298 |
+@@ -1219,7 +1310,7 @@ distclean: mrproper |
4299 |
@find $(srctree) $(RCS_FIND_IGNORE) \ |
4300 |
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \ |
4301 |
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ |
4302 |
@@ -600,7 +606,7 @@ index 9ef3739..df5234b 100644 |
4303 |
-type f -print | xargs rm -f |
4304 |
|
4305 |
|
4306 |
-@@ -1385,6 +1470,8 @@ PHONY += $(module-dirs) modules |
4307 |
+@@ -1385,6 +1476,8 @@ PHONY += $(module-dirs) modules |
4308 |
$(module-dirs): crmodverdir $(objtree)/Module.symvers |
4309 |
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) |
4310 |
|
4311 |
@@ -609,7 +615,7 @@ index 9ef3739..df5234b 100644 |
4312 |
modules: $(module-dirs) |
4313 |
@$(kecho) ' Building modules, stage 2.'; |
4314 |
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost |
4315 |
-@@ -1525,17 +1612,21 @@ else |
4316 |
+@@ -1525,17 +1618,21 @@ else |
4317 |
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) |
4318 |
endif |
4319 |
|
4320 |
@@ -635,7 +641,7 @@ index 9ef3739..df5234b 100644 |
4321 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
4322 |
%.symtypes: %.c prepare scripts FORCE |
4323 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
4324 |
-@@ -1547,11 +1638,15 @@ endif |
4325 |
+@@ -1547,11 +1644,15 @@ endif |
4326 |
$(build)=$(build-dir) |
4327 |
# Make sure the latest headers are built for Documentation |
4328 |
Documentation/: headers_install |
4329 |
@@ -18606,6 +18612,19 @@ index 48f99f1..d78ebf9 100644 |
4330 |
|
4331 |
#ifdef CONFIG_X86_VSMP |
4332 |
#ifdef CONFIG_SMP |
4333 |
+diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h |
4334 |
+index 9bf3ea1..4693729 100644 |
4335 |
+--- a/arch/x86/include/asm/cacheflush.h |
4336 |
++++ b/arch/x86/include/asm/cacheflush.h |
4337 |
+@@ -133,7 +133,7 @@ static inline void arch_memcpy_to_pmem(void __pmem *dst, const void *src, |
4338 |
+ * before the WARN+BUG. |
4339 |
+ */ |
4340 |
+ unwritten = __copy_from_user_inatomic_nocache((void __force *) dst, |
4341 |
+- (void __user *) src, n); |
4342 |
++ (void __force_user *) src, n); |
4343 |
+ if (WARN(unwritten, "%s: fault copying %p <- %p unwritten: %d\n", |
4344 |
+ __func__, dst, src, unwritten)) |
4345 |
+ BUG(); |
4346 |
diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h |
4347 |
index f50de69..2b0a458 100644 |
4348 |
--- a/arch/x86/include/asm/checksum_32.h |
4349 |
@@ -18710,15 +18729,18 @@ index ad19841..0784041 100644 |
4350 |
({ \ |
4351 |
__typeof__ (*(ptr)) __ret = (inc); \ |
4352 |
diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h |
4353 |
-index acdee09..a553db3 100644 |
4354 |
+index acdee09..e5c31cd 100644 |
4355 |
--- a/arch/x86/include/asm/compat.h |
4356 |
+++ b/arch/x86/include/asm/compat.h |
4357 |
-@@ -41,7 +41,7 @@ typedef s64 __attribute__((aligned(4))) compat_s64; |
4358 |
+@@ -41,7 +41,11 @@ typedef s64 __attribute__((aligned(4))) compat_s64; |
4359 |
typedef u32 compat_uint_t; |
4360 |
typedef u32 compat_ulong_t; |
4361 |
typedef u64 __attribute__((aligned(4))) compat_u64; |
4362 |
--typedef u32 compat_uptr_t; |
4363 |
++#ifdef CHECKER_PLUGIN_USER |
4364 |
+ typedef u32 compat_uptr_t; |
4365 |
++#else |
4366 |
+typedef u32 __user compat_uptr_t; |
4367 |
++#endif |
4368 |
|
4369 |
struct compat_timespec { |
4370 |
compat_time_t tv_sec; |
4371 |
@@ -19062,6 +19084,26 @@ index ced283a..ffe04cc 100644 |
4372 |
{ |
4373 |
union { |
4374 |
u64 v64; |
4375 |
+diff --git a/arch/x86/include/asm/dma.h b/arch/x86/include/asm/dma.h |
4376 |
+index fe884e1..46149ae 100644 |
4377 |
+--- a/arch/x86/include/asm/dma.h |
4378 |
++++ b/arch/x86/include/asm/dma.h |
4379 |
+@@ -149,6 +149,7 @@ |
4380 |
+ #ifdef CONFIG_ISA_DMA_API |
4381 |
+ extern spinlock_t dma_spin_lock; |
4382 |
+ |
4383 |
++static inline unsigned long claim_dma_lock(void) __acquires(&dma_spin_lock); |
4384 |
+ static inline unsigned long claim_dma_lock(void) |
4385 |
+ { |
4386 |
+ unsigned long flags; |
4387 |
+@@ -156,6 +157,7 @@ static inline unsigned long claim_dma_lock(void) |
4388 |
+ return flags; |
4389 |
+ } |
4390 |
+ |
4391 |
++static inline void release_dma_lock(unsigned long flags) __releases(&dma_spin_lock); |
4392 |
+ static inline void release_dma_lock(unsigned long flags) |
4393 |
+ { |
4394 |
+ spin_unlock_irqrestore(&dma_spin_lock, flags); |
4395 |
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h |
4396 |
index f161c18..97d43e8 100644 |
4397 |
--- a/arch/x86/include/asm/elf.h |
4398 |
@@ -19508,11 +19550,11 @@ index 6615032..9c233be 100644 |
4399 |
extern void elcr_set_level_irq(unsigned int irq); |
4400 |
|
4401 |
diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h |
4402 |
-index ccffa53..3c90c87 100644 |
4403 |
+index 39bcefc..272d904 100644 |
4404 |
--- a/arch/x86/include/asm/i8259.h |
4405 |
+++ b/arch/x86/include/asm/i8259.h |
4406 |
-@@ -62,7 +62,7 @@ struct legacy_pic { |
4407 |
- void (*init)(int auto_eoi); |
4408 |
+@@ -63,7 +63,7 @@ struct legacy_pic { |
4409 |
+ int (*probe)(void); |
4410 |
int (*irq_pending)(unsigned int irq); |
4411 |
void (*make_irq)(unsigned int irq); |
4412 |
-}; |
4413 |
@@ -22039,7 +22081,7 @@ index cd79194..6a9956f 100644 |
4414 |
} |
4415 |
|
4416 |
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h |
4417 |
-index a8df874..3dcbd7c 100644 |
4418 |
+index a8df874..e0aaf5f 100644 |
4419 |
--- a/arch/x86/include/asm/uaccess.h |
4420 |
+++ b/arch/x86/include/asm/uaccess.h |
4421 |
@@ -7,6 +7,7 @@ |
4422 |
@@ -22168,12 +22210,16 @@ index a8df874..3dcbd7c 100644 |
4423 |
"3: " ASM_CLAC "\n" \ |
4424 |
_ASM_EXTABLE_EX(1b, 2b) \ |
4425 |
_ASM_EXTABLE_EX(2b, 3b) \ |
4426 |
-@@ -260,7 +306,8 @@ extern void __put_user_8(void); |
4427 |
- __typeof__(*(ptr)) __pu_val; \ |
4428 |
+@@ -257,10 +303,11 @@ extern void __put_user_8(void); |
4429 |
+ #define put_user(x, ptr) \ |
4430 |
+ ({ \ |
4431 |
+ int __ret_pu; \ |
4432 |
+- __typeof__(*(ptr)) __pu_val; \ |
4433 |
++ __inttype(*(ptr)) __pu_val; \ |
4434 |
__chk_user_ptr(ptr); \ |
4435 |
might_fault(); \ |
4436 |
- __pu_val = x; \ |
4437 |
-+ __pu_val = (x); \ |
4438 |
++ __pu_val = (__inttype(*(ptr)))(x); \ |
4439 |
+ pax_open_userland(); \ |
4440 |
switch (sizeof(*(ptr))) { \ |
4441 |
case 1: \ |
4442 |
@@ -22186,7 +22232,20 @@ index a8df874..3dcbd7c 100644 |
4443 |
__ret_pu; \ |
4444 |
}) |
4445 |
|
4446 |
-@@ -358,8 +406,10 @@ do { \ |
4447 |
+@@ -341,10 +389,10 @@ do { \ |
4448 |
+ __chk_user_ptr(ptr); \ |
4449 |
+ switch (size) { \ |
4450 |
+ case 1: \ |
4451 |
+- __get_user_asm(x, ptr, retval, "b", "b", "=q", errret); \ |
4452 |
++ __get_user_asm(x, ptr, retval, "zbl", "k", "=r", errret);\ |
4453 |
+ break; \ |
4454 |
+ case 2: \ |
4455 |
+- __get_user_asm(x, ptr, retval, "w", "w", "=r", errret); \ |
4456 |
++ __get_user_asm(x, ptr, retval, "zwl", "k", "=r", errret);\ |
4457 |
+ break; \ |
4458 |
+ case 4: \ |
4459 |
+ __get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \ |
4460 |
+@@ -358,27 +406,31 @@ do { \ |
4461 |
} while (0) |
4462 |
|
4463 |
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ |
4464 |
@@ -22198,7 +22257,8 @@ index a8df874..3dcbd7c 100644 |
4465 |
"2: " ASM_CLAC "\n" \ |
4466 |
".section .fixup,\"ax\"\n" \ |
4467 |
"3: mov %3,%0\n" \ |
4468 |
-@@ -367,8 +417,10 @@ do { \ |
4469 |
+- " xor"itype" %"rtype"1,%"rtype"1\n" \ |
4470 |
++ " xorl %k1,%k1\n" \ |
4471 |
" jmp 2b\n" \ |
4472 |
".previous\n" \ |
4473 |
_ASM_EXTABLE(1b, 3b) \ |
4474 |
@@ -22211,6 +22271,18 @@ index a8df874..3dcbd7c 100644 |
4475 |
|
4476 |
#define __get_user_size_ex(x, ptr, size) \ |
4477 |
do { \ |
4478 |
+ __chk_user_ptr(ptr); \ |
4479 |
+ switch (size) { \ |
4480 |
+ case 1: \ |
4481 |
+- __get_user_asm_ex(x, ptr, "b", "b", "=q"); \ |
4482 |
++ __get_user_asm_ex(x, ptr, "zbl", "k", "=r"); \ |
4483 |
+ break; \ |
4484 |
+ case 2: \ |
4485 |
+- __get_user_asm_ex(x, ptr, "w", "w", "=r"); \ |
4486 |
++ __get_user_asm_ex(x, ptr, "zwl", "k", "=r"); \ |
4487 |
+ break; \ |
4488 |
+ case 4: \ |
4489 |
+ __get_user_asm_ex(x, ptr, "l", "k", "=r"); \ |
4490 |
@@ -392,7 +444,7 @@ do { \ |
4491 |
} while (0) |
4492 |
|
4493 |
@@ -22335,10 +22407,16 @@ index a8df874..3dcbd7c 100644 |
4494 |
|
4495 |
extern void __cmpxchg_wrong_size(void) |
4496 |
__compiletime_error("Bad argument size for cmpxchg"); |
4497 |
-@@ -547,18 +624,19 @@ extern void __cmpxchg_wrong_size(void) |
4498 |
- __typeof__(ptr) __uval = (uval); \ |
4499 |
- __typeof__(*(ptr)) __old = (old); \ |
4500 |
- __typeof__(*(ptr)) __new = (new); \ |
4501 |
+@@ -544,21 +621,22 @@ extern void __cmpxchg_wrong_size(void) |
4502 |
+ #define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size) \ |
4503 |
+ ({ \ |
4504 |
+ int __ret = 0; \ |
4505 |
+- __typeof__(ptr) __uval = (uval); \ |
4506 |
+- __typeof__(*(ptr)) __old = (old); \ |
4507 |
+- __typeof__(*(ptr)) __new = (new); \ |
4508 |
++ __typeof__(uval) __uval = (uval); \ |
4509 |
++ __typeof__(*(uval)) __old = (old); \ |
4510 |
++ __typeof__(*(uval)) __new = (new); \ |
4511 |
+ pax_open_userland(); \ |
4512 |
switch (size) { \ |
4513 |
case 1: \ |
4514 |
@@ -23004,18 +23082,6 @@ index 0f457e6..5970c0a 100644 |
4515 |
#define BIOS_END 0x00100000 |
4516 |
|
4517 |
#define BIOS_ROM_BASE 0xffe00000 |
4518 |
-diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h |
4519 |
-index b5d7640..8a4add8 100644 |
4520 |
---- a/arch/x86/include/uapi/asm/svm.h |
4521 |
-+++ b/arch/x86/include/uapi/asm/svm.h |
4522 |
-@@ -100,6 +100,7 @@ |
4523 |
- { SVM_EXIT_EXCP_BASE + UD_VECTOR, "UD excp" }, \ |
4524 |
- { SVM_EXIT_EXCP_BASE + PF_VECTOR, "PF excp" }, \ |
4525 |
- { SVM_EXIT_EXCP_BASE + NM_VECTOR, "NM excp" }, \ |
4526 |
-+ { SVM_EXIT_EXCP_BASE + AC_VECTOR, "AC excp" }, \ |
4527 |
- { SVM_EXIT_EXCP_BASE + MC_VECTOR, "MC excp" }, \ |
4528 |
- { SVM_EXIT_INTR, "interrupt" }, \ |
4529 |
- { SVM_EXIT_NMI, "nmi" }, \ |
4530 |
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile |
4531 |
index 0f15af4..501a76a 100644 |
4532 |
--- a/arch/x86/kernel/Makefile |
4533 |
@@ -23494,27 +23560,25 @@ index bda4886..f9c7195 100644 |
4534 |
.name = "default", |
4535 |
.probe = probe_default, |
4536 |
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c |
4537 |
-index 2683f36..0bdc74c 100644 |
4538 |
+index ea4ba83..13a7b74 100644 |
4539 |
--- a/arch/x86/kernel/apic/vector.c |
4540 |
+++ b/arch/x86/kernel/apic/vector.c |
4541 |
-@@ -36,7 +36,7 @@ static struct irq_chip lapic_controller; |
4542 |
+@@ -36,6 +36,7 @@ static struct irq_chip lapic_controller; |
4543 |
static struct apic_chip_data *legacy_irq_data[NR_IRQS_LEGACY]; |
4544 |
#endif |
4545 |
|
4546 |
--void lock_vector_lock(void) |
4547 |
-+void lock_vector_lock(void) __acquires(vector_lock) |
4548 |
++void lock_vector_lock(void) __acquires(&vector_lock); |
4549 |
+ void lock_vector_lock(void) |
4550 |
{ |
4551 |
/* Used to the online set of cpus does not change |
4552 |
- * during assign_irq_vector. |
4553 |
-@@ -44,7 +44,7 @@ void lock_vector_lock(void) |
4554 |
+@@ -44,6 +45,7 @@ void lock_vector_lock(void) |
4555 |
raw_spin_lock(&vector_lock); |
4556 |
} |
4557 |
|
4558 |
--void unlock_vector_lock(void) |
4559 |
-+void unlock_vector_lock(void) __releases(vector_lock) |
4560 |
++void unlock_vector_lock(void) __releases(&vector_lock); |
4561 |
+ void unlock_vector_lock(void) |
4562 |
{ |
4563 |
raw_spin_unlock(&vector_lock); |
4564 |
- } |
4565 |
diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c |
4566 |
index ab3219b..e8033eb 100644 |
4567 |
--- a/arch/x86/kernel/apic/x2apic_cluster.c |
4568 |
@@ -23748,7 +23812,7 @@ index 04f0fe5..3c0598c 100644 |
4569 |
|
4570 |
/* |
4571 |
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
4572 |
-index cb9e5df..0849dd8 100644 |
4573 |
+index e4f929d..0849dd8 100644 |
4574 |
--- a/arch/x86/kernel/cpu/common.c |
4575 |
+++ b/arch/x86/kernel/cpu/common.c |
4576 |
@@ -91,60 +91,6 @@ static const struct cpu_dev default_cpu = { |
4577 |
@@ -23812,19 +23876,7 @@ index cb9e5df..0849dd8 100644 |
4578 |
static int __init x86_mpx_setup(char *s) |
4579 |
{ |
4580 |
/* require an exact match without trailing characters */ |
4581 |
-@@ -272,10 +218,9 @@ __setup("nosmap", setup_disable_smap); |
4582 |
- |
4583 |
- static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
4584 |
- { |
4585 |
-- unsigned long eflags; |
4586 |
-+ unsigned long eflags = native_save_fl(); |
4587 |
- |
4588 |
- /* This should have been cleared long ago */ |
4589 |
-- raw_local_save_flags(eflags); |
4590 |
- BUG_ON(eflags & X86_EFLAGS_AC); |
4591 |
- |
4592 |
- if (cpu_has(c, X86_FEATURE_SMAP)) { |
4593 |
-@@ -287,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
4594 |
+@@ -286,6 +232,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
4595 |
} |
4596 |
} |
4597 |
|
4598 |
@@ -23934,7 +23986,7 @@ index cb9e5df..0849dd8 100644 |
4599 |
/* |
4600 |
* Some CPU features depend on higher CPUID levels, which may not always |
4601 |
* be available due to CPUID level capping or broken virtualization |
4602 |
-@@ -387,7 +435,7 @@ void switch_to_new_gdt(int cpu) |
4603 |
+@@ -386,7 +435,7 @@ void switch_to_new_gdt(int cpu) |
4604 |
{ |
4605 |
struct desc_ptr gdt_descr; |
4606 |
|
4607 |
@@ -23943,7 +23995,7 @@ index cb9e5df..0849dd8 100644 |
4608 |
gdt_descr.size = GDT_SIZE - 1; |
4609 |
load_gdt(&gdt_descr); |
4610 |
/* Reload the per-cpu base */ |
4611 |
-@@ -918,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) |
4612 |
+@@ -917,6 +966,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) |
4613 |
setup_smep(c); |
4614 |
setup_smap(c); |
4615 |
|
4616 |
@@ -23964,7 +24016,7 @@ index cb9e5df..0849dd8 100644 |
4617 |
/* |
4618 |
* The vendor-specific functions might have changed features. |
4619 |
* Now we do "generic changes." |
4620 |
-@@ -992,7 +1054,7 @@ void enable_sep_cpu(void) |
4621 |
+@@ -991,7 +1054,7 @@ void enable_sep_cpu(void) |
4622 |
int cpu; |
4623 |
|
4624 |
cpu = get_cpu(); |
4625 |
@@ -23973,7 +24025,7 @@ index cb9e5df..0849dd8 100644 |
4626 |
|
4627 |
if (!boot_cpu_has(X86_FEATURE_SEP)) |
4628 |
goto out; |
4629 |
-@@ -1138,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg) |
4630 |
+@@ -1137,10 +1200,12 @@ static __init int setup_disablecpuid(char *arg) |
4631 |
} |
4632 |
__setup("clearcpuid=", setup_disablecpuid); |
4633 |
|
4634 |
@@ -23989,7 +24041,7 @@ index cb9e5df..0849dd8 100644 |
4635 |
|
4636 |
DEFINE_PER_CPU_FIRST(union irq_stack_union, |
4637 |
irq_stack_union) __aligned(PAGE_SIZE) __visible; |
4638 |
-@@ -1253,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task); |
4639 |
+@@ -1252,21 +1317,21 @@ EXPORT_PER_CPU_SYMBOL(current_task); |
4640 |
DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT; |
4641 |
EXPORT_PER_CPU_SYMBOL(__preempt_count); |
4642 |
|
4643 |
@@ -24018,7 +24070,7 @@ index cb9e5df..0849dd8 100644 |
4644 |
/* |
4645 |
* Clear all 6 debug registers: |
4646 |
*/ |
4647 |
-@@ -1343,7 +1407,7 @@ void cpu_init(void) |
4648 |
+@@ -1342,7 +1407,7 @@ void cpu_init(void) |
4649 |
*/ |
4650 |
load_ucode_ap(); |
4651 |
|
4652 |
@@ -24027,7 +24079,7 @@ index cb9e5df..0849dd8 100644 |
4653 |
oist = &per_cpu(orig_ist, cpu); |
4654 |
|
4655 |
#ifdef CONFIG_NUMA |
4656 |
-@@ -1375,7 +1439,6 @@ void cpu_init(void) |
4657 |
+@@ -1374,7 +1439,6 @@ void cpu_init(void) |
4658 |
wrmsrl(MSR_KERNEL_GS_BASE, 0); |
4659 |
barrier(); |
4660 |
|
4661 |
@@ -24035,7 +24087,7 @@ index cb9e5df..0849dd8 100644 |
4662 |
x2apic_setup(); |
4663 |
|
4664 |
/* |
4665 |
-@@ -1427,7 +1490,7 @@ void cpu_init(void) |
4666 |
+@@ -1426,7 +1490,7 @@ void cpu_init(void) |
4667 |
{ |
4668 |
int cpu = smp_processor_id(); |
4669 |
struct task_struct *curr = current; |
4670 |
@@ -24316,6 +24368,30 @@ index 969dc17..a9c3fdd 100644 |
4671 |
} |
4672 |
|
4673 |
static void microcode_fini_cpu(int cpu) |
4674 |
+diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c |
4675 |
+index 3b533cf..b40d426 100644 |
4676 |
+--- a/arch/x86/kernel/cpu/mtrr/generic.c |
4677 |
++++ b/arch/x86/kernel/cpu/mtrr/generic.c |
4678 |
+@@ -723,7 +723,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock); |
4679 |
+ * The caller must ensure that local interrupts are disabled and |
4680 |
+ * are reenabled after post_set() has been called. |
4681 |
+ */ |
4682 |
+-static void prepare_set(void) __acquires(set_atomicity_lock) |
4683 |
++static void prepare_set(void) __acquires(&set_atomicity_lock); |
4684 |
++static void prepare_set(void) |
4685 |
+ { |
4686 |
+ unsigned long cr0; |
4687 |
+ |
4688 |
+@@ -759,7 +760,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock) |
4689 |
+ wbinvd(); |
4690 |
+ } |
4691 |
+ |
4692 |
+-static void post_set(void) __releases(set_atomicity_lock) |
4693 |
++static void post_set(void) __releases(&set_atomicity_lock); |
4694 |
++static void post_set(void) |
4695 |
+ { |
4696 |
+ /* Flush TLBs (no need to flush caches - they are disabled) */ |
4697 |
+ count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL); |
4698 |
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c |
4699 |
index e7ed0d8..57a2ab9 100644 |
4700 |
--- a/arch/x86/kernel/cpu/mtrr/main.c |
4701 |
@@ -24405,10 +24481,95 @@ index 97242a9..cf9c30e 100644 |
4702 |
|
4703 |
while (amd_iommu_v2_event_descs[i].attr.attr.name) |
4704 |
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c |
4705 |
-index 1b09c42..521004d 100644 |
4706 |
+index 1b09c42..9627a7b 100644 |
4707 |
--- a/arch/x86/kernel/cpu/perf_event_intel.c |
4708 |
+++ b/arch/x86/kernel/cpu/perf_event_intel.c |
4709 |
-@@ -3019,10 +3019,10 @@ __init int intel_pmu_init(void) |
4710 |
+@@ -1900,6 +1900,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx, |
4711 |
+ } |
4712 |
+ |
4713 |
+ static void |
4714 |
++intel_start_scheduling(struct cpu_hw_events *cpuc) __acquires(&cpuc->excl_cntrs->lock); |
4715 |
++static void |
4716 |
+ intel_start_scheduling(struct cpu_hw_events *cpuc) |
4717 |
+ { |
4718 |
+ struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs; |
4719 |
+@@ -1909,14 +1911,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc) |
4720 |
+ /* |
4721 |
+ * nothing needed if in group validation mode |
4722 |
+ */ |
4723 |
+- if (cpuc->is_fake || !is_ht_workaround_enabled()) |
4724 |
++ if (cpuc->is_fake || !is_ht_workaround_enabled()) { |
4725 |
++ __acquire(&excl_cntrs->lock); |
4726 |
+ return; |
4727 |
++ } |
4728 |
+ |
4729 |
+ /* |
4730 |
+ * no exclusion needed |
4731 |
+ */ |
4732 |
+- if (WARN_ON_ONCE(!excl_cntrs)) |
4733 |
++ if (WARN_ON_ONCE(!excl_cntrs)) { |
4734 |
++ __acquire(&excl_cntrs->lock); |
4735 |
+ return; |
4736 |
++ } |
4737 |
+ |
4738 |
+ xl = &excl_cntrs->states[tid]; |
4739 |
+ |
4740 |
+@@ -1956,6 +1962,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt |
4741 |
+ } |
4742 |
+ |
4743 |
+ static void |
4744 |
++intel_stop_scheduling(struct cpu_hw_events *cpuc) __releases(&cpuc->excl_cntrs->lock); |
4745 |
++static void |
4746 |
+ intel_stop_scheduling(struct cpu_hw_events *cpuc) |
4747 |
+ { |
4748 |
+ struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs; |
4749 |
+@@ -1965,13 +1973,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc) |
4750 |
+ /* |
4751 |
+ * nothing needed if in group validation mode |
4752 |
+ */ |
4753 |
+- if (cpuc->is_fake || !is_ht_workaround_enabled()) |
4754 |
++ if (cpuc->is_fake || !is_ht_workaround_enabled()) { |
4755 |
++ __release(&excl_cntrs->lock); |
4756 |
+ return; |
4757 |
++ } |
4758 |
++ |
4759 |
+ /* |
4760 |
+ * no exclusion needed |
4761 |
+ */ |
4762 |
+- if (WARN_ON_ONCE(!excl_cntrs)) |
4763 |
++ if (WARN_ON_ONCE(!excl_cntrs)) { |
4764 |
++ __release(&excl_cntrs->lock); |
4765 |
+ return; |
4766 |
++ } |
4767 |
+ |
4768 |
+ xl = &excl_cntrs->states[tid]; |
4769 |
+ |
4770 |
+@@ -2154,19 +2167,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc, |
4771 |
+ * unused now. |
4772 |
+ */ |
4773 |
+ if (hwc->idx >= 0) { |
4774 |
++ bool sched_started; |
4775 |
++ |
4776 |
+ xl = &excl_cntrs->states[tid]; |
4777 |
++ sched_started = xl->sched_started; |
4778 |
+ |
4779 |
+ /* |
4780 |
+ * put_constraint may be called from x86_schedule_events() |
4781 |
+ * which already has the lock held so here make locking |
4782 |
+ * conditional. |
4783 |
+ */ |
4784 |
+- if (!xl->sched_started) |
4785 |
++ if (!sched_started) |
4786 |
+ raw_spin_lock(&excl_cntrs->lock); |
4787 |
+ |
4788 |
+ xl->state[hwc->idx] = INTEL_EXCL_UNUSED; |
4789 |
+ |
4790 |
+- if (!xl->sched_started) |
4791 |
++ if (!sched_started) |
4792 |
+ raw_spin_unlock(&excl_cntrs->lock); |
4793 |
+ } |
4794 |
+ } |
4795 |
+@@ -3019,10 +3035,10 @@ __init int intel_pmu_init(void) |
4796 |
x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3); |
4797 |
|
4798 |
if (boot_cpu_has(X86_FEATURE_PDCM)) { |
4799 |
@@ -25376,7 +25537,7 @@ index dc60810..6c8a1fa 100644 |
4800 |
} |
4801 |
|
4802 |
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c |
4803 |
-index 50ec9af..32d7f10 100644 |
4804 |
+index 6545e6d..32d7f10 100644 |
4805 |
--- a/arch/x86/kernel/fpu/signal.c |
4806 |
+++ b/arch/x86/kernel/fpu/signal.c |
4807 |
@@ -54,7 +54,7 @@ static inline int check_for_xstate(struct fxregs_state __user *buf, |
4808 |
@@ -25465,34 +25626,8 @@ index 50ec9af..32d7f10 100644 |
4809 |
err = -1; |
4810 |
} else { |
4811 |
sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); |
4812 |
-@@ -385,20 +387,19 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame, |
4813 |
- */ |
4814 |
- void fpu__init_prepare_fx_sw_frame(void) |
4815 |
- { |
4816 |
-- int fsave_header_size = sizeof(struct fregs_state); |
4817 |
- int size = xstate_size + FP_XSTATE_MAGIC2_SIZE; |
4818 |
- |
4819 |
-- if (config_enabled(CONFIG_X86_32)) |
4820 |
-- size += fsave_header_size; |
4821 |
-- |
4822 |
- fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1; |
4823 |
- fx_sw_reserved.extended_size = size; |
4824 |
- fx_sw_reserved.xfeatures = xfeatures_mask; |
4825 |
- fx_sw_reserved.xstate_size = xstate_size; |
4826 |
- |
4827 |
-- if (config_enabled(CONFIG_IA32_EMULATION)) { |
4828 |
-+ if (config_enabled(CONFIG_IA32_EMULATION) || |
4829 |
-+ config_enabled(CONFIG_X86_32)) { |
4830 |
-+ int fsave_header_size = sizeof(struct fregs_state); |
4831 |
-+ |
4832 |
- fx_sw_reserved_ia32 = fx_sw_reserved; |
4833 |
-- fx_sw_reserved_ia32.extended_size += fsave_header_size; |
4834 |
-+ fx_sw_reserved_ia32.extended_size = size + fsave_header_size; |
4835 |
- } |
4836 |
- } |
4837 |
- |
4838 |
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c |
4839 |
-index 62fc001..099cbd7 100644 |
4840 |
+index 2c4ac07..099cbd7 100644 |
4841 |
--- a/arch/x86/kernel/fpu/xstate.c |
4842 |
+++ b/arch/x86/kernel/fpu/xstate.c |
4843 |
@@ -93,14 +93,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures); |
4844 |
@@ -25512,15 +25647,7 @@ index 62fc001..099cbd7 100644 |
4845 |
|
4846 |
/* |
4847 |
* None of the feature bits are in init state. So nothing else |
4848 |
-@@ -402,7 +402,6 @@ void *get_xsave_addr(struct xregs_state *xsave, int xstate_feature) |
4849 |
- if (!boot_cpu_has(X86_FEATURE_XSAVE)) |
4850 |
- return NULL; |
4851 |
- |
4852 |
-- xsave = ¤t->thread.fpu.state.xsave; |
4853 |
- /* |
4854 |
- * We should not ever be requesting features that we |
4855 |
- * have not enabled. Remember that pcntxt_mask is |
4856 |
-@@ -457,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state) |
4857 |
+@@ -456,5 +456,5 @@ const void *get_xsave_field_ptr(int xsave_state) |
4858 |
*/ |
4859 |
fpu__save(fpu); |
4860 |
|
4861 |
@@ -26102,7 +26229,7 @@ index 0e2d96f..5889003 100644 |
4862 |
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0 |
4863 |
+ .endr |
4864 |
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S |
4865 |
-index 1d40ca8..2dbedb3 100644 |
4866 |
+index ffdc0e8..2dbedb3 100644 |
4867 |
--- a/arch/x86/kernel/head_64.S |
4868 |
+++ b/arch/x86/kernel/head_64.S |
4869 |
@@ -20,6 +20,8 @@ |
4870 |
@@ -26127,17 +26254,7 @@ index 1d40ca8..2dbedb3 100644 |
4871 |
|
4872 |
.text |
4873 |
__HEAD |
4874 |
-@@ -65,6 +73,9 @@ startup_64: |
4875 |
- * tables and then reload them. |
4876 |
- */ |
4877 |
- |
4878 |
-+ /* Sanitize CPU configuration */ |
4879 |
-+ call verify_cpu |
4880 |
-+ |
4881 |
- /* |
4882 |
- * Compute the delta between the address I am compiled to run at and the |
4883 |
- * address I am actually running at. |
4884 |
-@@ -89,11 +100,33 @@ startup_64: |
4885 |
+@@ -92,11 +100,33 @@ startup_64: |
4886 |
* Fixup the physical addresses in the page table |
4887 |
*/ |
4888 |
addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) |
4889 |
@@ -26173,13 +26290,10 @@ index 1d40ca8..2dbedb3 100644 |
4890 |
|
4891 |
/* |
4892 |
* Set up the identity mapping for the switchover. These |
4893 |
-@@ -174,11 +207,16 @@ ENTRY(secondary_startup_64) |
4894 |
- * after the boot processor executes this code. |
4895 |
- */ |
4896 |
+@@ -180,11 +210,13 @@ ENTRY(secondary_startup_64) |
4897 |
+ /* Sanitize CPU configuration */ |
4898 |
+ call verify_cpu |
4899 |
|
4900 |
-+ /* Sanitize CPU configuration */ |
4901 |
-+ call verify_cpu |
4902 |
-+ |
4903 |
+ orq $-1, %rbp |
4904 |
+ |
4905 |
movq $(init_level4_pgt - __START_KERNEL_map), %rax |
4906 |
@@ -26192,7 +26306,7 @@ index 1d40ca8..2dbedb3 100644 |
4907 |
movq %rcx, %cr4 |
4908 |
|
4909 |
/* Setup early boot stage 4 level pagetables. */ |
4910 |
-@@ -199,10 +237,21 @@ ENTRY(secondary_startup_64) |
4911 |
+@@ -205,10 +237,21 @@ ENTRY(secondary_startup_64) |
4912 |
movl $MSR_EFER, %ecx |
4913 |
rdmsr |
4914 |
btsl $_EFER_SCE, %eax /* Enable System Call */ |
4915 |
@@ -26215,7 +26329,7 @@ index 1d40ca8..2dbedb3 100644 |
4916 |
1: wrmsr /* Make changes effective */ |
4917 |
|
4918 |
/* Setup cr0 */ |
4919 |
-@@ -282,12 +331,15 @@ ENTRY(secondary_startup_64) |
4920 |
+@@ -288,6 +331,7 @@ ENTRY(secondary_startup_64) |
4921 |
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, |
4922 |
* address given in m16:64. |
4923 |
*/ |
4924 |
@@ -26223,15 +26337,7 @@ index 1d40ca8..2dbedb3 100644 |
4925 |
movq initial_code(%rip),%rax |
4926 |
pushq $0 # fake return address to stop unwinder |
4927 |
pushq $__KERNEL_CS # set correct cs |
4928 |
- pushq %rax # target address in negative space |
4929 |
- lretq |
4930 |
- |
4931 |
-+#include "verify_cpu.S" |
4932 |
-+ |
4933 |
- #ifdef CONFIG_HOTPLUG_CPU |
4934 |
- /* |
4935 |
- * Boot CPU0 entry point. It's called from play_dead(). Everything has been set |
4936 |
-@@ -313,7 +365,7 @@ ENDPROC(start_cpu0) |
4937 |
+@@ -321,7 +365,7 @@ ENDPROC(start_cpu0) |
4938 |
.quad INIT_PER_CPU_VAR(irq_stack_union) |
4939 |
|
4940 |
GLOBAL(stack_start) |
4941 |
@@ -26240,7 +26346,7 @@ index 1d40ca8..2dbedb3 100644 |
4942 |
.word 0 |
4943 |
__FINITDATA |
4944 |
|
4945 |
-@@ -393,7 +445,7 @@ early_idt_handler_common: |
4946 |
+@@ -401,7 +445,7 @@ early_idt_handler_common: |
4947 |
call dump_stack |
4948 |
#ifdef CONFIG_KALLSYMS |
4949 |
leaq early_idt_ripmsg(%rip),%rdi |
4950 |
@@ -26249,7 +26355,7 @@ index 1d40ca8..2dbedb3 100644 |
4951 |
call __print_symbol |
4952 |
#endif |
4953 |
#endif /* EARLY_PRINTK */ |
4954 |
-@@ -422,6 +474,7 @@ ENDPROC(early_idt_handler_common) |
4955 |
+@@ -430,6 +474,7 @@ ENDPROC(early_idt_handler_common) |
4956 |
early_recursion_flag: |
4957 |
.long 0 |
4958 |
|
4959 |
@@ -26257,7 +26363,7 @@ index 1d40ca8..2dbedb3 100644 |
4960 |
#ifdef CONFIG_EARLY_PRINTK |
4961 |
early_idt_msg: |
4962 |
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" |
4963 |
-@@ -444,40 +497,67 @@ GLOBAL(name) |
4964 |
+@@ -452,40 +497,67 @@ GLOBAL(name) |
4965 |
__INITDATA |
4966 |
NEXT_PAGE(early_level4_pgt) |
4967 |
.fill 511,8,0 |
4968 |
@@ -26337,7 +26443,7 @@ index 1d40ca8..2dbedb3 100644 |
4969 |
|
4970 |
NEXT_PAGE(level2_kernel_pgt) |
4971 |
/* |
4972 |
-@@ -494,31 +574,79 @@ NEXT_PAGE(level2_kernel_pgt) |
4973 |
+@@ -502,31 +574,79 @@ NEXT_PAGE(level2_kernel_pgt) |
4974 |
KERNEL_IMAGE_SIZE/PMD_SIZE) |
4975 |
|
4976 |
NEXT_PAGE(level2_fixmap_pgt) |
4977 |
@@ -26455,7 +26561,7 @@ index 64341aa..b1e6632 100644 |
4978 |
+EXPORT_SYMBOL(cpu_pgd); |
4979 |
+#endif |
4980 |
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c |
4981 |
-index 16cb827..372334f 100644 |
4982 |
+index be22f5a..c5d0e1f 100644 |
4983 |
--- a/arch/x86/kernel/i8259.c |
4984 |
+++ b/arch/x86/kernel/i8259.c |
4985 |
@@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq) |
4986 |
@@ -26476,7 +26582,7 @@ index 16cb827..372334f 100644 |
4987 |
/* |
4988 |
* Theoretically we do not have to handle this IRQ, |
4989 |
* but in Linux this does not cause problems and is |
4990 |
-@@ -349,14 +349,16 @@ static void init_8259A(int auto_eoi) |
4991 |
+@@ -356,14 +356,16 @@ static void init_8259A(int auto_eoi) |
4992 |
/* (slave's support for AEOI in flat mode is to be investigated) */ |
4993 |
outb_pic(SLAVE_ICW4_DEFAULT, PIC_SLAVE_IMR); |
4994 |
|
4995 |
@@ -28544,7 +28650,7 @@ index 98111b3..73ca125 100644 |
4996 |
identity_mapped: |
4997 |
/* set return address to 0 if not preserving context */ |
4998 |
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
4999 |
-index 80f874b..b3eff67 100644 |
5000 |
+index 1e6f70f..a6b1c8a 100644 |
5001 |
--- a/arch/x86/kernel/setup.c |
5002 |
+++ b/arch/x86/kernel/setup.c |
5003 |
@@ -111,6 +111,7 @@ |
5004 |
@@ -29480,7 +29586,7 @@ index 6647624..2056791 100644 |
5005 |
force_sig_info(SIGSEGV, SEND_SIG_FORCED, current); |
5006 |
} |
5007 |
diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S |
5008 |
-index b9242ba..ae8c9cf 100644 |
5009 |
+index 4cf401f..ae8c9cf 100644 |
5010 |
--- a/arch/x86/kernel/verify_cpu.S |
5011 |
+++ b/arch/x86/kernel/verify_cpu.S |
5012 |
@@ -20,6 +20,7 @@ |
5013 |
@@ -29491,42 +29597,6 @@ index b9242ba..ae8c9cf 100644 |
5014 |
* |
5015 |
* verify_cpu, returns the status of longmode and SSE in register %eax. |
5016 |
* 0: Success 1: Failure |
5017 |
-@@ -34,10 +35,11 @@ |
5018 |
- #include <asm/msr-index.h> |
5019 |
- |
5020 |
- verify_cpu: |
5021 |
-- pushfl # Save caller passed flags |
5022 |
-- pushl $0 # Kill any dangerous flags |
5023 |
-- popfl |
5024 |
-+ pushf # Save caller passed flags |
5025 |
-+ push $0 # Kill any dangerous flags |
5026 |
-+ popf |
5027 |
- |
5028 |
-+#ifndef __x86_64__ |
5029 |
- pushfl # standard way to check for cpuid |
5030 |
- popl %eax |
5031 |
- movl %eax,%ebx |
5032 |
-@@ -48,6 +50,7 @@ verify_cpu: |
5033 |
- popl %eax |
5034 |
- cmpl %eax,%ebx |
5035 |
- jz verify_cpu_no_longmode # cpu has no cpuid |
5036 |
-+#endif |
5037 |
- |
5038 |
- movl $0x0,%eax # See if cpuid 1 is implemented |
5039 |
- cpuid |
5040 |
-@@ -130,10 +133,10 @@ verify_cpu_sse_test: |
5041 |
- jmp verify_cpu_sse_test # try again |
5042 |
- |
5043 |
- verify_cpu_no_longmode: |
5044 |
-- popfl # Restore caller passed flags |
5045 |
-+ popf # Restore caller passed flags |
5046 |
- movl $1,%eax |
5047 |
- ret |
5048 |
- verify_cpu_sse_ok: |
5049 |
-- popfl # Restore caller passed flags |
5050 |
-+ popf # Restore caller passed flags |
5051 |
- xorl %eax, %eax |
5052 |
- ret |
5053 |
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c |
5054 |
index fc9db6e..2c5865d 100644 |
5055 |
--- a/arch/x86/kernel/vm86_32.c |
5056 |
@@ -29992,10 +30062,10 @@ index 2fbea25..9e0f8c7 100644 |
5057 |
|
5058 |
out: |
5059 |
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c |
5060 |
-index 2392541a..2aefc2a 100644 |
5061 |
+index f17c342..d5d17bc 100644 |
5062 |
--- a/arch/x86/kvm/emulate.c |
5063 |
+++ b/arch/x86/kvm/emulate.c |
5064 |
-@@ -3851,7 +3851,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) |
5065 |
+@@ -3870,7 +3870,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt) |
5066 |
int cr = ctxt->modrm_reg; |
5067 |
u64 efer = 0; |
5068 |
|
5069 |
@@ -30004,8 +30074,90 @@ index 2392541a..2aefc2a 100644 |
5070 |
0xffffffff00000000ULL, |
5071 |
0, 0, 0, /* CR3 checked later */ |
5072 |
CR4_RESERVED_BITS, |
5073 |
+diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c |
5074 |
+index fef922f..18f48a0 100644 |
5075 |
+--- a/arch/x86/kvm/i8259.c |
5076 |
++++ b/arch/x86/kvm/i8259.c |
5077 |
+@@ -39,14 +39,14 @@ |
5078 |
+ |
5079 |
+ static void pic_irq_request(struct kvm *kvm, int level); |
5080 |
+ |
5081 |
++static void pic_lock(struct kvm_pic *s) __acquires(&s->lock); |
5082 |
+ static void pic_lock(struct kvm_pic *s) |
5083 |
+- __acquires(&s->lock) |
5084 |
+ { |
5085 |
+ spin_lock(&s->lock); |
5086 |
+ } |
5087 |
+ |
5088 |
++static void pic_unlock(struct kvm_pic *s) __releases(&s->lock); |
5089 |
+ static void pic_unlock(struct kvm_pic *s) |
5090 |
+- __releases(&s->lock) |
5091 |
+ { |
5092 |
+ bool wakeup = s->wakeup_needed; |
5093 |
+ struct kvm_vcpu *vcpu, *found = NULL; |
5094 |
+@@ -72,6 +72,7 @@ static void pic_unlock(struct kvm_pic *s) |
5095 |
+ } |
5096 |
+ } |
5097 |
+ |
5098 |
++static void pic_clear_isr(struct kvm_kpic_state *s, int irq) __must_hold(s->pics_state); |
5099 |
+ static void pic_clear_isr(struct kvm_kpic_state *s, int irq) |
5100 |
+ { |
5101 |
+ s->isr &= ~(1 << irq); |
5102 |
+@@ -219,6 +220,7 @@ void kvm_pic_clear_all(struct kvm_pic *s, int irq_source_id) |
5103 |
+ /* |
5104 |
+ * acknowledge interrupt 'irq' |
5105 |
+ */ |
5106 |
++static inline void pic_intack(struct kvm_kpic_state *s, int irq) __must_hold(s); |
5107 |
+ static inline void pic_intack(struct kvm_kpic_state *s, int irq) |
5108 |
+ { |
5109 |
+ s->isr |= 1 << irq; |
5110 |
+@@ -273,6 +275,7 @@ int kvm_pic_read_irq(struct kvm *kvm) |
5111 |
+ return intno; |
5112 |
+ } |
5113 |
+ |
5114 |
++void kvm_pic_reset(struct kvm_kpic_state *s) __must_hold(s); |
5115 |
+ void kvm_pic_reset(struct kvm_kpic_state *s) |
5116 |
+ { |
5117 |
+ int irq, i; |
5118 |
+@@ -307,6 +310,7 @@ void kvm_pic_reset(struct kvm_kpic_state *s) |
5119 |
+ pic_clear_isr(s, irq); |
5120 |
+ } |
5121 |
+ |
5122 |
++static void pic_ioport_write(void *opaque, u32 addr, u32 val) __must_hold(opaque); |
5123 |
+ static void pic_ioport_write(void *opaque, u32 addr, u32 val) |
5124 |
+ { |
5125 |
+ struct kvm_kpic_state *s = opaque; |
5126 |
+@@ -400,6 +404,7 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val) |
5127 |
+ } |
5128 |
+ } |
5129 |
+ |
5130 |
++static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1) __must_hold(s); |
5131 |
+ static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1) |
5132 |
+ { |
5133 |
+ int ret; |
5134 |
+@@ -422,6 +427,7 @@ static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1) |
5135 |
+ return ret; |
5136 |
+ } |
5137 |
+ |
5138 |
++static u32 pic_ioport_read(void *opaque, u32 addr1) __must_hold(opaque); |
5139 |
+ static u32 pic_ioport_read(void *opaque, u32 addr1) |
5140 |
+ { |
5141 |
+ struct kvm_kpic_state *s = opaque; |
5142 |
+diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c |
5143 |
+index 856f791..bfc7694 100644 |
5144 |
+--- a/arch/x86/kvm/ioapic.c |
5145 |
++++ b/arch/x86/kvm/ioapic.c |
5146 |
+@@ -422,6 +422,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work) |
5147 |
+ #define IOAPIC_SUCCESSIVE_IRQ_MAX_COUNT 10000 |
5148 |
+ |
5149 |
+ static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu, |
5150 |
++ struct kvm_ioapic *ioapic, int vector, int trigger_mode) __must_hold(&ioapic->lock); |
5151 |
++static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu, |
5152 |
+ struct kvm_ioapic *ioapic, int vector, int trigger_mode) |
5153 |
+ { |
5154 |
+ int i; |
5155 |
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
5156 |
-index 2a5ca97..ce8577a 100644 |
5157 |
+index 236e346..2b0f2be 100644 |
5158 |
--- a/arch/x86/kvm/lapic.c |
5159 |
+++ b/arch/x86/kvm/lapic.c |
5160 |
@@ -56,7 +56,7 @@ |
5161 |
@@ -30031,19 +30183,18 @@ index 0f67d7e..4b9fa11 100644 |
5162 |
goto error; |
5163 |
walker->ptep_user[walker->level - 1] = ptep_user; |
5164 |
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
5165 |
-index 2d32b67..976f46e 100644 |
5166 |
+index 00da6e8..7901046 100644 |
5167 |
--- a/arch/x86/kvm/svm.c |
5168 |
+++ b/arch/x86/kvm/svm.c |
5169 |
-@@ -1106,6 +1106,8 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event) |
5170 |
- set_exception_intercept(svm, PF_VECTOR); |
5171 |
+@@ -1107,6 +1107,7 @@ static void init_vmcb(struct vcpu_svm *svm) |
5172 |
set_exception_intercept(svm, UD_VECTOR); |
5173 |
set_exception_intercept(svm, MC_VECTOR); |
5174 |
-+ set_exception_intercept(svm, AC_VECTOR); |
5175 |
+ set_exception_intercept(svm, AC_VECTOR); |
5176 |
+ set_exception_intercept(svm, DB_VECTOR); |
5177 |
|
5178 |
set_intercept(svm, INTERCEPT_INTR); |
5179 |
set_intercept(svm, INTERCEPT_NMI); |
5180 |
-@@ -1641,20 +1643,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, |
5181 |
+@@ -1641,20 +1642,13 @@ static void svm_set_segment(struct kvm_vcpu *vcpu, |
5182 |
mark_dirty(svm->vmcb, VMCB_SEG); |
5183 |
} |
5184 |
|
5185 |
@@ -30065,7 +30216,7 @@ index 2d32b67..976f46e 100644 |
5186 |
if (vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP) |
5187 |
set_exception_intercept(svm, BP_VECTOR); |
5188 |
} else |
5189 |
-@@ -1760,7 +1755,6 @@ static int db_interception(struct vcpu_svm *svm) |
5190 |
+@@ -1760,7 +1754,6 @@ static int db_interception(struct vcpu_svm *svm) |
5191 |
if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP)) |
5192 |
svm->vmcb->save.rflags &= |
5193 |
~(X86_EFLAGS_TF | X86_EFLAGS_RF); |
5194 |
@@ -30073,28 +30224,7 @@ index 2d32b67..976f46e 100644 |
5195 |
} |
5196 |
|
5197 |
if (svm->vcpu.guest_debug & |
5198 |
-@@ -1795,6 +1789,12 @@ static int ud_interception(struct vcpu_svm *svm) |
5199 |
- return 1; |
5200 |
- } |
5201 |
- |
5202 |
-+static int ac_interception(struct vcpu_svm *svm) |
5203 |
-+{ |
5204 |
-+ kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0); |
5205 |
-+ return 1; |
5206 |
-+} |
5207 |
-+ |
5208 |
- static void svm_fpu_activate(struct kvm_vcpu *vcpu) |
5209 |
- { |
5210 |
- struct vcpu_svm *svm = to_svm(vcpu); |
5211 |
-@@ -3369,6 +3369,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = { |
5212 |
- [SVM_EXIT_EXCP_BASE + PF_VECTOR] = pf_interception, |
5213 |
- [SVM_EXIT_EXCP_BASE + NM_VECTOR] = nm_interception, |
5214 |
- [SVM_EXIT_EXCP_BASE + MC_VECTOR] = mc_interception, |
5215 |
-+ [SVM_EXIT_EXCP_BASE + AC_VECTOR] = ac_interception, |
5216 |
- [SVM_EXIT_INTR] = intr_interception, |
5217 |
- [SVM_EXIT_NMI] = nmi_interception, |
5218 |
- [SVM_EXIT_SMI] = nop_on_interception, |
5219 |
-@@ -3586,7 +3587,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) |
5220 |
+@@ -3593,7 +3586,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) |
5221 |
int cpu = raw_smp_processor_id(); |
5222 |
|
5223 |
struct svm_cpu_data *sd = per_cpu(svm_data, cpu); |
5224 |
@@ -30106,7 +30236,7 @@ index 2d32b67..976f46e 100644 |
5225 |
load_TR_desc(); |
5226 |
} |
5227 |
|
5228 |
-@@ -3752,7 +3757,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu) |
5229 |
+@@ -3759,7 +3756,6 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu) |
5230 |
*/ |
5231 |
svm->nmi_singlestep = true; |
5232 |
svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF); |
5233 |
@@ -30114,7 +30244,7 @@ index 2d32b67..976f46e 100644 |
5234 |
} |
5235 |
|
5236 |
static int svm_set_tss_addr(struct kvm *kvm, unsigned int addr) |
5237 |
-@@ -3982,6 +3986,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
5238 |
+@@ -3989,6 +3985,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
5239 |
#endif |
5240 |
#endif |
5241 |
|
5242 |
@@ -30125,7 +30255,7 @@ index 2d32b67..976f46e 100644 |
5243 |
reload_tss(vcpu); |
5244 |
|
5245 |
local_irq_disable(); |
5246 |
-@@ -4355,7 +4363,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu) |
5247 |
+@@ -4362,7 +4362,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu) |
5248 |
{ |
5249 |
} |
5250 |
|
5251 |
@@ -30134,7 +30264,7 @@ index 2d32b67..976f46e 100644 |
5252 |
.cpu_has_kvm_support = has_svm, |
5253 |
.disabled_by_bios = is_disabled, |
5254 |
.hardware_setup = svm_hardware_setup, |
5255 |
-@@ -4374,7 +4382,7 @@ static struct kvm_x86_ops svm_x86_ops = { |
5256 |
+@@ -4381,7 +4381,7 @@ static struct kvm_x86_ops svm_x86_ops = { |
5257 |
.vcpu_load = svm_vcpu_load, |
5258 |
.vcpu_put = svm_vcpu_put, |
5259 |
|
5260 |
@@ -30144,7 +30274,7 @@ index 2d32b67..976f46e 100644 |
5261 |
.set_msr = svm_set_msr, |
5262 |
.get_segment_base = svm_get_segment_base, |
5263 |
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
5264 |
-index aa9e8229..5f643bf 100644 |
5265 |
+index e77d75b..0f056cd 100644 |
5266 |
--- a/arch/x86/kvm/vmx.c |
5267 |
+++ b/arch/x86/kvm/vmx.c |
5268 |
@@ -1440,12 +1440,12 @@ static void vmcs_write64(unsigned long field, u64 value) |
5269 |
@@ -30162,15 +30292,6 @@ index aa9e8229..5f643bf 100644 |
5270 |
{ |
5271 |
vmcs_writel(field, vmcs_readl(field) | mask); |
5272 |
} |
5273 |
-@@ -1567,7 +1567,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu) |
5274 |
- u32 eb; |
5275 |
- |
5276 |
- eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) | |
5277 |
-- (1u << NM_VECTOR) | (1u << DB_VECTOR); |
5278 |
-+ (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR); |
5279 |
- if ((vcpu->guest_debug & |
5280 |
- (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) == |
5281 |
- (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) |
5282 |
@@ -1705,7 +1705,11 @@ static void reload_tss(void) |
5283 |
struct desc_struct *descs; |
5284 |
|
5285 |
@@ -30223,17 +30344,7 @@ index aa9e8229..5f643bf 100644 |
5286 |
|
5287 |
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); |
5288 |
vmcs_write32(HOST_IA32_SYSENTER_CS, low32); |
5289 |
-@@ -5118,6 +5129,9 @@ static int handle_exception(struct kvm_vcpu *vcpu) |
5290 |
- return handle_rmode_exception(vcpu, ex_no, error_code); |
5291 |
- |
5292 |
- switch (ex_no) { |
5293 |
-+ case AC_VECTOR: |
5294 |
-+ kvm_queue_exception_e(vcpu, AC_VECTOR, error_code); |
5295 |
-+ return 1; |
5296 |
- case DB_VECTOR: |
5297 |
- dr6 = vmcs_readl(EXIT_QUALIFICATION); |
5298 |
- if (!(vcpu->guest_debug & |
5299 |
-@@ -6097,11 +6111,17 @@ static __init int hardware_setup(void) |
5300 |
+@@ -6099,11 +6110,17 @@ static __init int hardware_setup(void) |
5301 |
* page upon invalidation. No need to do anything if not |
5302 |
* using the APIC_ACCESS_ADDR VMCS field. |
5303 |
*/ |
5304 |
@@ -30253,7 +30364,7 @@ index aa9e8229..5f643bf 100644 |
5305 |
|
5306 |
if (enable_ept && !cpu_has_vmx_ept_2m_page()) |
5307 |
kvm_disable_largepages(); |
5308 |
-@@ -6112,6 +6132,7 @@ static __init int hardware_setup(void) |
5309 |
+@@ -6114,6 +6131,7 @@ static __init int hardware_setup(void) |
5310 |
if (!cpu_has_vmx_apicv()) |
5311 |
enable_apicv = 0; |
5312 |
|
5313 |
@@ -30261,7 +30372,7 @@ index aa9e8229..5f643bf 100644 |
5314 |
if (enable_apicv) |
5315 |
kvm_x86_ops->update_cr8_intercept = NULL; |
5316 |
else { |
5317 |
-@@ -6120,6 +6141,7 @@ static __init int hardware_setup(void) |
5318 |
+@@ -6122,6 +6140,7 @@ static __init int hardware_setup(void) |
5319 |
kvm_x86_ops->deliver_posted_interrupt = NULL; |
5320 |
kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy; |
5321 |
} |
5322 |
@@ -30269,7 +30380,7 @@ index aa9e8229..5f643bf 100644 |
5323 |
|
5324 |
vmx_disable_intercept_for_msr(MSR_FS_BASE, false); |
5325 |
vmx_disable_intercept_for_msr(MSR_GS_BASE, false); |
5326 |
-@@ -6174,10 +6196,12 @@ static __init int hardware_setup(void) |
5327 |
+@@ -6176,10 +6195,12 @@ static __init int hardware_setup(void) |
5328 |
enable_pml = 0; |
5329 |
|
5330 |
if (!enable_pml) { |
5331 |
@@ -30282,7 +30393,7 @@ index aa9e8229..5f643bf 100644 |
5332 |
} |
5333 |
|
5334 |
return alloc_kvm_area(); |
5335 |
-@@ -8380,6 +8404,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5336 |
+@@ -8382,6 +8403,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5337 |
"jmp 2f \n\t" |
5338 |
"1: " __ex(ASM_VMX_VMRESUME) "\n\t" |
5339 |
"2: " |
5340 |
@@ -30295,7 +30406,7 @@ index aa9e8229..5f643bf 100644 |
5341 |
/* Save guest registers, load host registers, keep flags */ |
5342 |
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" |
5343 |
"pop %0 \n\t" |
5344 |
-@@ -8432,6 +8462,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5345 |
+@@ -8434,6 +8461,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5346 |
#endif |
5347 |
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), |
5348 |
[wordsize]"i"(sizeof(ulong)) |
5349 |
@@ -30307,7 +30418,7 @@ index aa9e8229..5f643bf 100644 |
5350 |
: "cc", "memory" |
5351 |
#ifdef CONFIG_X86_64 |
5352 |
, "rax", "rbx", "rdi", "rsi" |
5353 |
-@@ -8445,7 +8480,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5354 |
+@@ -8447,7 +8479,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5355 |
if (debugctlmsr) |
5356 |
update_debugctlmsr(debugctlmsr); |
5357 |
|
5358 |
@@ -30316,7 +30427,7 @@ index aa9e8229..5f643bf 100644 |
5359 |
/* |
5360 |
* The sysexit path does not restore ds/es, so we must set them to |
5361 |
* a reasonable value ourselves. |
5362 |
-@@ -8454,8 +8489,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5363 |
+@@ -8456,8 +8488,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
5364 |
* may be executed in interrupt context, which saves and restore segments |
5365 |
* around it, nullifying its effect. |
5366 |
*/ |
5367 |
@@ -30337,7 +30448,7 @@ index aa9e8229..5f643bf 100644 |
5368 |
#endif |
5369 |
|
5370 |
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) |
5371 |
-@@ -10309,7 +10354,7 @@ static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm, |
5372 |
+@@ -10311,7 +10353,7 @@ static void vmx_enable_log_dirty_pt_masked(struct kvm *kvm, |
5373 |
kvm_mmu_clear_dirty_pt_masked(kvm, memslot, offset, mask); |
5374 |
} |
5375 |
|
5376 |
@@ -30347,10 +30458,10 @@ index aa9e8229..5f643bf 100644 |
5377 |
.disabled_by_bios = vmx_disabled_by_bios, |
5378 |
.hardware_setup = hardware_setup, |
5379 |
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
5380 |
-index 373328b7..310cf2f 100644 |
5381 |
+index 2781e2b..b7bff94 100644 |
5382 |
--- a/arch/x86/kvm/x86.c |
5383 |
+++ b/arch/x86/kvm/x86.c |
5384 |
-@@ -1842,8 +1842,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) |
5385 |
+@@ -1844,8 +1844,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) |
5386 |
{ |
5387 |
struct kvm *kvm = vcpu->kvm; |
5388 |
int lm = is_long_mode(vcpu); |
5389 |
@@ -30361,7 +30472,7 @@ index 373328b7..310cf2f 100644 |
5390 |
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 |
5391 |
: kvm->arch.xen_hvm_config.blob_size_32; |
5392 |
u32 page_num = data & ~PAGE_MASK; |
5393 |
-@@ -2733,6 +2733,8 @@ long kvm_arch_dev_ioctl(struct file *filp, |
5394 |
+@@ -2735,6 +2735,8 @@ long kvm_arch_dev_ioctl(struct file *filp, |
5395 |
if (n < msr_list.nmsrs) |
5396 |
goto out; |
5397 |
r = -EFAULT; |
5398 |
@@ -30370,7 +30481,7 @@ index 373328b7..310cf2f 100644 |
5399 |
if (copy_to_user(user_msr_list->indices, &msrs_to_save, |
5400 |
num_msrs_to_save * sizeof(u32))) |
5401 |
goto out; |
5402 |
-@@ -3093,7 +3095,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu, |
5403 |
+@@ -3095,7 +3097,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu, |
5404 |
|
5405 |
static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu) |
5406 |
{ |
5407 |
@@ -30379,7 +30490,7 @@ index 373328b7..310cf2f 100644 |
5408 |
u64 xstate_bv = xsave->header.xfeatures; |
5409 |
u64 valid; |
5410 |
|
5411 |
-@@ -3129,7 +3131,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu) |
5412 |
+@@ -3131,7 +3133,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu) |
5413 |
|
5414 |
static void load_xsave(struct kvm_vcpu *vcpu, u8 *src) |
5415 |
{ |
5416 |
@@ -30388,7 +30499,7 @@ index 373328b7..310cf2f 100644 |
5417 |
u64 xstate_bv = *(u64 *)(src + XSAVE_HDR_OFFSET); |
5418 |
u64 valid; |
5419 |
|
5420 |
-@@ -3173,7 +3175,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu, |
5421 |
+@@ -3175,7 +3177,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu, |
5422 |
fill_xsave((u8 *) guest_xsave->region, vcpu); |
5423 |
} else { |
5424 |
memcpy(guest_xsave->region, |
5425 |
@@ -30397,7 +30508,7 @@ index 373328b7..310cf2f 100644 |
5426 |
sizeof(struct fxregs_state)); |
5427 |
*(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] = |
5428 |
XSTATE_FPSSE; |
5429 |
-@@ -3198,7 +3200,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, |
5430 |
+@@ -3200,7 +3202,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu, |
5431 |
} else { |
5432 |
if (xstate_bv & ~XSTATE_FPSSE) |
5433 |
return -EINVAL; |
5434 |
@@ -30406,7 +30517,23 @@ index 373328b7..310cf2f 100644 |
5435 |
guest_xsave->region, sizeof(struct fxregs_state)); |
5436 |
} |
5437 |
return 0; |
5438 |
-@@ -7217,7 +7219,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu, |
5439 |
+@@ -6473,6 +6475,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm, |
5440 |
+ * exiting to the userspace. Otherwise, the value will be returned to the |
5441 |
+ * userspace. |
5442 |
+ */ |
5443 |
++static int vcpu_enter_guest(struct kvm_vcpu *vcpu) __must_hold(&vcpu->kvm->srcu); |
5444 |
+ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) |
5445 |
+ { |
5446 |
+ int r; |
5447 |
+@@ -6690,6 +6693,7 @@ out: |
5448 |
+ return r; |
5449 |
+ } |
5450 |
+ |
5451 |
++static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu) __must_hold(&kvm->srcu); |
5452 |
+ static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu) |
5453 |
+ { |
5454 |
+ if (!kvm_arch_vcpu_runnable(vcpu)) { |
5455 |
+@@ -7229,7 +7233,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu, |
5456 |
int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) |
5457 |
{ |
5458 |
struct fxregs_state *fxsave = |
5459 |
@@ -30415,7 +30542,7 @@ index 373328b7..310cf2f 100644 |
5460 |
|
5461 |
memcpy(fpu->fpr, fxsave->st_space, 128); |
5462 |
fpu->fcw = fxsave->cwd; |
5463 |
-@@ -7234,7 +7236,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) |
5464 |
+@@ -7246,7 +7250,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) |
5465 |
int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) |
5466 |
{ |
5467 |
struct fxregs_state *fxsave = |
5468 |
@@ -30424,7 +30551,7 @@ index 373328b7..310cf2f 100644 |
5469 |
|
5470 |
memcpy(fxsave->st_space, fpu->fpr, 128); |
5471 |
fxsave->cwd = fpu->fcw; |
5472 |
-@@ -7250,9 +7252,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) |
5473 |
+@@ -7262,9 +7266,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu) |
5474 |
|
5475 |
static void fx_init(struct kvm_vcpu *vcpu) |
5476 |
{ |
5477 |
@@ -30436,7 +30563,7 @@ index 373328b7..310cf2f 100644 |
5478 |
host_xcr0 | XSTATE_COMPACTION_ENABLED; |
5479 |
|
5480 |
/* |
5481 |
-@@ -7276,7 +7278,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu) |
5482 |
+@@ -7288,7 +7292,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu) |
5483 |
kvm_put_guest_xcr0(vcpu); |
5484 |
vcpu->guest_fpu_loaded = 1; |
5485 |
__kernel_fpu_begin(); |
5486 |
@@ -30445,7 +30572,7 @@ index 373328b7..310cf2f 100644 |
5487 |
trace_kvm_fpu(1); |
5488 |
} |
5489 |
|
5490 |
-@@ -7554,6 +7556,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu) |
5491 |
+@@ -7566,6 +7570,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu) |
5492 |
|
5493 |
struct static_key kvm_no_apic_vcpu __read_mostly; |
5494 |
|
5495 |
@@ -30454,7 +30581,7 @@ index 373328b7..310cf2f 100644 |
5496 |
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu) |
5497 |
{ |
5498 |
struct page *page; |
5499 |
-@@ -7570,11 +7574,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu) |
5500 |
+@@ -7582,11 +7588,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu) |
5501 |
else |
5502 |
vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED; |
5503 |
|
5504 |
@@ -30473,7 +30600,7 @@ index 373328b7..310cf2f 100644 |
5505 |
vcpu->arch.pio_data = page_address(page); |
5506 |
|
5507 |
kvm_set_tsc_khz(vcpu, max_tsc_khz); |
5508 |
-@@ -7628,6 +7635,9 @@ fail_mmu_destroy: |
5509 |
+@@ -7640,6 +7649,9 @@ fail_mmu_destroy: |
5510 |
kvm_mmu_destroy(vcpu); |
5511 |
fail_free_pio_data: |
5512 |
free_page((unsigned long)vcpu->arch.pio_data); |
5513 |
@@ -30483,7 +30610,7 @@ index 373328b7..310cf2f 100644 |
5514 |
fail: |
5515 |
return r; |
5516 |
} |
5517 |
-@@ -7645,6 +7655,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu) |
5518 |
+@@ -7657,6 +7669,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu) |
5519 |
free_page((unsigned long)vcpu->arch.pio_data); |
5520 |
if (!irqchip_in_kernel(vcpu->kvm)) |
5521 |
static_key_slow_dec(&kvm_no_apic_vcpu); |
5522 |
@@ -32971,7 +33098,7 @@ index 91d93b9..4b22130 100644 |
5523 |
+EXPORT_SYMBOL(set_fs); |
5524 |
+#endif |
5525 |
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c |
5526 |
-index 0a42327..7a82465 100644 |
5527 |
+index 0a42327..45c0063 100644 |
5528 |
--- a/arch/x86/lib/usercopy_64.c |
5529 |
+++ b/arch/x86/lib/usercopy_64.c |
5530 |
@@ -18,6 +18,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) |
5531 |
@@ -33031,8 +33158,9 @@ index 0a42327..7a82465 100644 |
5532 |
|
5533 |
/* If the destination is a kernel buffer, we always clear the end */ |
5534 |
- if (!__addr_ok(to)) |
5535 |
+- memset(to, 0, len); |
5536 |
+ if (!__addr_ok(to) && (unsigned long)to >= TASK_SIZE_MAX + pax_user_shadow_base) |
5537 |
- memset(to, 0, len); |
5538 |
++ memset((void __force_kernel *)to, 0, len); |
5539 |
return len; |
5540 |
} |
5541 |
diff --git a/arch/x86/math-emu/fpu_aux.c b/arch/x86/math-emu/fpu_aux.c |
5542 |
@@ -34908,77 +35036,23 @@ index 0057a7acc..95c7edd 100644 |
5543 |
might_sleep(); |
5544 |
if (is_enabled()) /* recheck and proper locking in *_core() */ |
5545 |
diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c |
5546 |
-index db1b0bc..c28f618 100644 |
5547 |
+index c28f618..73c7772 100644 |
5548 |
--- a/arch/x86/mm/mpx.c |
5549 |
+++ b/arch/x86/mm/mpx.c |
5550 |
-@@ -622,6 +622,29 @@ static unsigned long mpx_bd_entry_to_bt_addr(struct mm_struct *mm, |
5551 |
- } |
5552 |
- |
5553 |
- /* |
5554 |
-+ * We only want to do a 4-byte get_user() on 32-bit. Otherwise, |
5555 |
-+ * we might run off the end of the bounds table if we are on |
5556 |
-+ * a 64-bit kernel and try to get 8 bytes. |
5557 |
-+ */ |
5558 |
-+int get_user_bd_entry(struct mm_struct *mm, unsigned long *bd_entry_ret, |
5559 |
-+ long __user *bd_entry_ptr) |
5560 |
-+{ |
5561 |
-+ u32 bd_entry_32; |
5562 |
-+ int ret; |
5563 |
-+ |
5564 |
-+ if (is_64bit_mm(mm)) |
5565 |
-+ return get_user(*bd_entry_ret, bd_entry_ptr); |
5566 |
-+ |
5567 |
-+ /* |
5568 |
-+ * Note that get_user() uses the type of the *pointer* to |
5569 |
-+ * establish the size of the get, not the destination. |
5570 |
-+ */ |
5571 |
-+ ret = get_user(bd_entry_32, (u32 __user *)bd_entry_ptr); |
5572 |
-+ *bd_entry_ret = bd_entry_32; |
5573 |
-+ return ret; |
5574 |
-+} |
5575 |
-+ |
5576 |
-+/* |
5577 |
- * Get the base of bounds tables pointed by specific bounds |
5578 |
- * directory entry. |
5579 |
- */ |
5580 |
-@@ -641,7 +664,7 @@ static int get_bt_addr(struct mm_struct *mm, |
5581 |
- int need_write = 0; |
5582 |
- |
5583 |
- pagefault_disable(); |
5584 |
-- ret = get_user(bd_entry, bd_entry_ptr); |
5585 |
-+ ret = get_user_bd_entry(mm, &bd_entry, bd_entry_ptr); |
5586 |
- pagefault_enable(); |
5587 |
- if (!ret) |
5588 |
- break; |
5589 |
-@@ -736,11 +759,23 @@ static unsigned long mpx_get_bt_entry_offset_bytes(struct mm_struct *mm, |
5590 |
- */ |
5591 |
- static inline unsigned long bd_entry_virt_space(struct mm_struct *mm) |
5592 |
- { |
5593 |
-- unsigned long long virt_space = (1ULL << boot_cpu_data.x86_virt_bits); |
5594 |
-- if (is_64bit_mm(mm)) |
5595 |
-- return virt_space / MPX_BD_NR_ENTRIES_64; |
5596 |
-- else |
5597 |
-- return virt_space / MPX_BD_NR_ENTRIES_32; |
5598 |
-+ unsigned long long virt_space; |
5599 |
-+ unsigned long long GB = (1ULL << 30); |
5600 |
-+ |
5601 |
-+ /* |
5602 |
-+ * This covers 32-bit emulation as well as 32-bit kernels |
5603 |
-+ * running on 64-bit harware. |
5604 |
-+ */ |
5605 |
-+ if (!is_64bit_mm(mm)) |
5606 |
-+ return (4ULL * GB) / MPX_BD_NR_ENTRIES_32; |
5607 |
-+ |
5608 |
-+ /* |
5609 |
-+ * 'x86_virt_bits' returns what the hardware is capable |
5610 |
-+ * of, and returns the full >32-bit adddress space when |
5611 |
-+ * running 32-bit kernels on 64-bit hardware. |
5612 |
-+ */ |
5613 |
-+ virt_space = (1ULL << boot_cpu_data.x86_virt_bits); |
5614 |
-+ return virt_space / MPX_BD_NR_ENTRIES_64; |
5615 |
- } |
5616 |
- |
5617 |
- /* |
5618 |
+@@ -329,11 +329,11 @@ siginfo_t *mpx_generate_siginfo(struct pt_regs *regs) |
5619 |
+ * We were not able to extract an address from the instruction, |
5620 |
+ * probably because there was something invalid in it. |
5621 |
+ */ |
5622 |
+- if (info->si_addr == (void *)-1) { |
5623 |
++ if (info->si_addr == (void __user *)-1) { |
5624 |
+ err = -EINVAL; |
5625 |
+ goto err_out; |
5626 |
+ } |
5627 |
+- trace_mpx_bounds_register_exception(info->si_addr, bndreg); |
5628 |
++ trace_mpx_bounds_register_exception((void __force_kernel *)info->si_addr, bndreg); |
5629 |
+ return info; |
5630 |
+ err_out: |
5631 |
+ /* info might be NULL, but kfree() handles that */ |
5632 |
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c |
5633 |
index 4053bb5..b1ad3dc 100644 |
5634 |
--- a/arch/x86/mm/numa.c |
5635 |
@@ -34993,7 +35067,7 @@ index 4053bb5..b1ad3dc 100644 |
5636 |
unsigned long uninitialized_var(pfn_align); |
5637 |
int i, nid; |
5638 |
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c |
5639 |
-index 727158c..54dd3ff 100644 |
5640 |
+index 727158c..e278402 100644 |
5641 |
--- a/arch/x86/mm/pageattr.c |
5642 |
+++ b/arch/x86/mm/pageattr.c |
5643 |
@@ -260,7 +260,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, |
5644 |
@@ -35090,7 +35164,28 @@ index 727158c..54dd3ff 100644 |
5645 |
|
5646 |
pgprot_val(req_prot) &= ~pgprot_val(cpa->mask_clr); |
5647 |
pgprot_val(req_prot) |= pgprot_val(cpa->mask_set); |
5648 |
-@@ -1176,7 +1200,9 @@ repeat: |
5649 |
+@@ -675,6 +699,10 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address, |
5650 |
+ return 0; |
5651 |
+ } |
5652 |
+ |
5653 |
++#if debug_pagealloc == 0 |
5654 |
++static int split_large_page(struct cpa_data *cpa, pte_t *kpte, |
5655 |
++ unsigned long address) __must_hold(&cpa_lock); |
5656 |
++#endif |
5657 |
+ static int split_large_page(struct cpa_data *cpa, pte_t *kpte, |
5658 |
+ unsigned long address) |
5659 |
+ { |
5660 |
+@@ -1118,6 +1146,9 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr, |
5661 |
+ } |
5662 |
+ } |
5663 |
+ |
5664 |
++#if debug_pagealloc == 0 |
5665 |
++static int __change_page_attr(struct cpa_data *cpa, int primary) __must_hold(&cpa_lock); |
5666 |
++#endif |
5667 |
+ static int __change_page_attr(struct cpa_data *cpa, int primary) |
5668 |
+ { |
5669 |
+ unsigned long address; |
5670 |
+@@ -1176,7 +1207,9 @@ repeat: |
5671 |
* Do we really change anything ? |
5672 |
*/ |
5673 |
if (pte_val(old_pte) != pte_val(new_pte)) { |
5674 |
@@ -39200,6 +39295,21 @@ index 5005924..9fc06c4 100644 |
5675 |
if (sif->remove_dev) { |
5676 |
subsys_dev_iter_init(&iter, subsys, NULL, NULL); |
5677 |
while ((dev = subsys_dev_iter_next(&iter))) |
5678 |
+diff --git a/drivers/base/devres.c b/drivers/base/devres.c |
5679 |
+index 8754646..6828fbe 100644 |
5680 |
+--- a/drivers/base/devres.c |
5681 |
++++ b/drivers/base/devres.c |
5682 |
+@@ -475,7 +475,9 @@ static int remove_nodes(struct device *dev, |
5683 |
+ |
5684 |
+ static int release_nodes(struct device *dev, struct list_head *first, |
5685 |
+ struct list_head *end, unsigned long flags) |
5686 |
+- __releases(&dev->devres_lock) |
5687 |
++ __releases(&dev->devres_lock); |
5688 |
++static int release_nodes(struct device *dev, struct list_head *first, |
5689 |
++ struct list_head *end, unsigned long flags) |
5690 |
+ { |
5691 |
+ LIST_HEAD(todo); |
5692 |
+ int cnt; |
5693 |
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c |
5694 |
index 68f0314..ca2a609 100644 |
5695 |
--- a/drivers/base/devtmpfs.c |
5696 |
@@ -39277,6 +39387,40 @@ index 0ee43c1..369dd62 100644 |
5697 |
pm_genpd_poweron(pd); |
5698 |
|
5699 |
return 0; |
5700 |
+diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c |
5701 |
+index e1a10a0..a6bc363 100644 |
5702 |
+--- a/drivers/base/power/runtime.c |
5703 |
++++ b/drivers/base/power/runtime.c |
5704 |
+@@ -263,8 +263,8 @@ static int rpm_check_suspend_allowed(struct device *dev) |
5705 |
+ * @cb: Runtime PM callback to run. |
5706 |
+ * @dev: Device to run the callback for. |
5707 |
+ */ |
5708 |
++static int __rpm_callback(int (*cb)(struct device *), struct device *dev) __must_hold(&dev->power.lock); |
5709 |
+ static int __rpm_callback(int (*cb)(struct device *), struct device *dev) |
5710 |
+- __releases(&dev->power.lock) __acquires(&dev->power.lock) |
5711 |
+ { |
5712 |
+ int retval; |
5713 |
+ |
5714 |
+@@ -412,8 +412,8 @@ static int rpm_callback(int (*cb)(struct device *), struct device *dev) |
5715 |
+ * |
5716 |
+ * This function must be called under dev->power.lock with interrupts disabled. |
5717 |
+ */ |
5718 |
++static int rpm_suspend(struct device *dev, int rpmflags) __must_hold(&dev->power.lock); |
5719 |
+ static int rpm_suspend(struct device *dev, int rpmflags) |
5720 |
+- __releases(&dev->power.lock) __acquires(&dev->power.lock) |
5721 |
+ { |
5722 |
+ int (*callback)(struct device *); |
5723 |
+ struct device *parent = NULL; |
5724 |
+@@ -594,8 +594,8 @@ static int rpm_suspend(struct device *dev, int rpmflags) |
5725 |
+ * |
5726 |
+ * This function must be called under dev->power.lock with interrupts disabled. |
5727 |
+ */ |
5728 |
++static int rpm_resume(struct device *dev, int rpmflags) __must_hold(&dev->power.lock); |
5729 |
+ static int rpm_resume(struct device *dev, int rpmflags) |
5730 |
+- __releases(&dev->power.lock) __acquires(&dev->power.lock) |
5731 |
+ { |
5732 |
+ int (*callback)(struct device *); |
5733 |
+ struct device *parent = NULL; |
5734 |
diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c |
5735 |
index d2be3f9..0a3167a 100644 |
5736 |
--- a/drivers/base/power/sysfs.c |
5737 |
@@ -39370,6 +39514,30 @@ index c8941f3..f7c7a7e 100644 |
5738 |
tot_len = reg_len + 10; /* ': R W V P\n' */ |
5739 |
|
5740 |
for (i = 0; i <= map->max_register; i += map->reg_stride) { |
5741 |
+diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c |
5742 |
+index 7111d04..bcda737 100644 |
5743 |
+--- a/drivers/base/regmap/regmap.c |
5744 |
++++ b/drivers/base/regmap/regmap.c |
5745 |
+@@ -340,8 +340,8 @@ static void regmap_unlock_mutex(void *__map) |
5746 |
+ mutex_unlock(&map->mutex); |
5747 |
+ } |
5748 |
+ |
5749 |
++static void regmap_lock_spinlock(void *__map) __acquires(&map->spinlock); |
5750 |
+ static void regmap_lock_spinlock(void *__map) |
5751 |
+-__acquires(&map->spinlock) |
5752 |
+ { |
5753 |
+ struct regmap *map = __map; |
5754 |
+ unsigned long flags; |
5755 |
+@@ -350,8 +350,8 @@ __acquires(&map->spinlock) |
5756 |
+ map->spinlock_flags = flags; |
5757 |
+ } |
5758 |
+ |
5759 |
++static void regmap_unlock_spinlock(void *__map) __releases(&map->spinlock); |
5760 |
+ static void regmap_unlock_spinlock(void *__map) |
5761 |
+-__releases(&map->spinlock) |
5762 |
+ { |
5763 |
+ struct regmap *map = __map; |
5764 |
+ spin_unlock_irqrestore(&map->spinlock, map->spinlock_flags); |
5765 |
diff --git a/drivers/base/syscore.c b/drivers/base/syscore.c |
5766 |
index 8d98a32..61d3165 100644 |
5767 |
--- a/drivers/base/syscore.c |
5768 |
@@ -39810,7 +39978,7 @@ index 74df8cf..e41fc24 100644 |
5769 |
if (!msg) |
5770 |
goto failed; |
5771 |
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c |
5772 |
-index c097909..13688e1 100644 |
5773 |
+index c097909..b0dd588 100644 |
5774 |
--- a/drivers/block/drbd/drbd_receiver.c |
5775 |
+++ b/drivers/block/drbd/drbd_receiver.c |
5776 |
@@ -870,7 +870,7 @@ int drbd_connected(struct drbd_peer_device *peer_device) |
5777 |
@@ -39863,7 +40031,18 @@ index c097909..13688e1 100644 |
5778 |
list_add(&epoch->list, &connection->current_epoch->list); |
5779 |
connection->current_epoch = epoch; |
5780 |
connection->epochs++; |
5781 |
-@@ -1802,7 +1802,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto |
5782 |
+@@ -1780,7 +1780,9 @@ static int e_end_resync_block(struct drbd_work *w, int unused) |
5783 |
+ } |
5784 |
+ |
5785 |
+ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t sector, |
5786 |
+- struct packet_info *pi) __releases(local) |
5787 |
++ struct packet_info *pi) __releases(local); |
5788 |
++static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t sector, |
5789 |
++ struct packet_info *pi) |
5790 |
+ { |
5791 |
+ struct drbd_device *device = peer_device->device; |
5792 |
+ struct drbd_peer_request *peer_req; |
5793 |
+@@ -1802,7 +1804,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto |
5794 |
list_add_tail(&peer_req->w.list, &device->sync_ee); |
5795 |
spin_unlock_irq(&device->resource->req_lock); |
5796 |
|
5797 |
@@ -39872,7 +40051,7 @@ index c097909..13688e1 100644 |
5798 |
if (drbd_submit_peer_request(device, peer_req, WRITE, DRBD_FAULT_RS_WR) == 0) |
5799 |
return 0; |
5800 |
|
5801 |
-@@ -1900,7 +1900,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet |
5802 |
+@@ -1900,7 +1902,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet |
5803 |
drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size); |
5804 |
} |
5805 |
|
5806 |
@@ -39881,7 +40060,7 @@ index c097909..13688e1 100644 |
5807 |
|
5808 |
return err; |
5809 |
} |
5810 |
-@@ -2290,7 +2290,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * |
5811 |
+@@ -2290,7 +2292,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * |
5812 |
|
5813 |
err = wait_for_and_update_peer_seq(peer_device, peer_seq); |
5814 |
drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size); |
5815 |
@@ -39890,7 +40069,7 @@ index c097909..13688e1 100644 |
5816 |
err2 = drbd_drain_block(peer_device, pi->size); |
5817 |
if (!err) |
5818 |
err = err2; |
5819 |
-@@ -2334,7 +2334,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * |
5820 |
+@@ -2334,7 +2336,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * |
5821 |
|
5822 |
spin_lock(&connection->epoch_lock); |
5823 |
peer_req->epoch = connection->current_epoch; |
5824 |
@@ -39899,7 +40078,7 @@ index c097909..13688e1 100644 |
5825 |
atomic_inc(&peer_req->epoch->active); |
5826 |
spin_unlock(&connection->epoch_lock); |
5827 |
|
5828 |
-@@ -2479,7 +2479,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device) |
5829 |
+@@ -2479,7 +2481,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device) |
5830 |
|
5831 |
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + |
5832 |
(int)part_stat_read(&disk->part0, sectors[1]) - |
5833 |
@@ -39908,7 +40087,7 @@ index c097909..13688e1 100644 |
5834 |
|
5835 |
if (atomic_read(&device->ap_actlog_cnt) |
5836 |
|| curr_events - device->rs_last_events > 64) { |
5837 |
-@@ -2618,7 +2618,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet |
5838 |
+@@ -2618,7 +2620,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet |
5839 |
device->use_csums = true; |
5840 |
} else if (pi->cmd == P_OV_REPLY) { |
5841 |
/* track progress, we may need to throttle */ |
5842 |
@@ -39917,7 +40096,7 @@ index c097909..13688e1 100644 |
5843 |
peer_req->w.cb = w_e_end_ov_reply; |
5844 |
dec_rs_pending(device); |
5845 |
/* drbd_rs_begin_io done when we sent this request, |
5846 |
-@@ -2691,7 +2691,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet |
5847 |
+@@ -2691,7 +2693,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet |
5848 |
goto out_free_e; |
5849 |
|
5850 |
submit_for_resync: |
5851 |
@@ -39926,7 +40105,7 @@ index c097909..13688e1 100644 |
5852 |
|
5853 |
submit: |
5854 |
update_receiver_timing_details(connection, drbd_submit_peer_request); |
5855 |
-@@ -4564,7 +4564,7 @@ struct data_cmd { |
5856 |
+@@ -4564,7 +4566,7 @@ struct data_cmd { |
5857 |
int expect_payload; |
5858 |
size_t pkt_size; |
5859 |
int (*fn)(struct drbd_connection *, struct packet_info *); |
5860 |
@@ -39935,7 +40114,7 @@ index c097909..13688e1 100644 |
5861 |
|
5862 |
static struct data_cmd drbd_cmd_handler[] = { |
5863 |
[P_DATA] = { 1, sizeof(struct p_data), receive_Data }, |
5864 |
-@@ -4678,7 +4678,7 @@ static void conn_disconnect(struct drbd_connection *connection) |
5865 |
+@@ -4678,7 +4680,7 @@ static void conn_disconnect(struct drbd_connection *connection) |
5866 |
if (!list_empty(&connection->current_epoch->list)) |
5867 |
drbd_err(connection, "ASSERTION FAILED: connection->current_epoch->list not empty\n"); |
5868 |
/* ok, no more ee's on the fly, it is safe to reset the epoch_size */ |
5869 |
@@ -39944,7 +40123,7 @@ index c097909..13688e1 100644 |
5870 |
connection->send.seen_any_write_yet = false; |
5871 |
|
5872 |
drbd_info(connection, "Connection closed\n"); |
5873 |
-@@ -5182,7 +5182,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info * |
5874 |
+@@ -5182,7 +5184,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info * |
5875 |
put_ldev(device); |
5876 |
} |
5877 |
dec_rs_pending(device); |
5878 |
@@ -39953,7 +40132,7 @@ index c097909..13688e1 100644 |
5879 |
|
5880 |
return 0; |
5881 |
} |
5882 |
-@@ -5470,7 +5470,7 @@ static int connection_finish_peer_reqs(struct drbd_connection *connection) |
5883 |
+@@ -5470,7 +5472,7 @@ static int connection_finish_peer_reqs(struct drbd_connection *connection) |
5884 |
struct asender_cmd { |
5885 |
size_t pkt_size; |
5886 |
int (*fn)(struct drbd_connection *connection, struct packet_info *); |
5887 |
@@ -39963,10 +40142,30 @@ index c097909..13688e1 100644 |
5888 |
static struct asender_cmd asender_tbl[] = { |
5889 |
[P_PING] = { 0, got_Ping }, |
5890 |
diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c |
5891 |
-index d0fae55..4469096 100644 |
5892 |
+index d0fae55..e85f28e 100644 |
5893 |
--- a/drivers/block/drbd/drbd_worker.c |
5894 |
+++ b/drivers/block/drbd/drbd_worker.c |
5895 |
-@@ -408,7 +408,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector, |
5896 |
+@@ -94,7 +94,8 @@ void drbd_md_endio(struct bio *bio, int error) |
5897 |
+ /* reads on behalf of the partner, |
5898 |
+ * "submitted" by the receiver |
5899 |
+ */ |
5900 |
+-static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __releases(local) |
5901 |
++static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __releases(local); |
5902 |
++static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) |
5903 |
+ { |
5904 |
+ unsigned long flags = 0; |
5905 |
+ struct drbd_peer_device *peer_device = peer_req->peer_device; |
5906 |
+@@ -115,7 +116,8 @@ static void drbd_endio_read_sec_final(struct drbd_peer_request *peer_req) __rele |
5907 |
+ |
5908 |
+ /* writes on behalf of the partner, or resync writes, |
5909 |
+ * "submitted" by the receiver, final stage. */ |
5910 |
+-void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) __releases(local) |
5911 |
++void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) __releases(local); |
5912 |
++void drbd_endio_write_sec_final(struct drbd_peer_request *peer_req) |
5913 |
+ { |
5914 |
+ unsigned long flags = 0; |
5915 |
+ struct drbd_peer_device *peer_device = peer_req->peer_device; |
5916 |
+@@ -408,7 +410,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector, |
5917 |
list_add_tail(&peer_req->w.list, &device->read_ee); |
5918 |
spin_unlock_irq(&device->resource->req_lock); |
5919 |
|
5920 |
@@ -39975,7 +40174,7 @@ index d0fae55..4469096 100644 |
5921 |
if (drbd_submit_peer_request(device, peer_req, READ, DRBD_FAULT_RS_RD) == 0) |
5922 |
return 0; |
5923 |
|
5924 |
-@@ -553,7 +553,7 @@ static int drbd_rs_number_requests(struct drbd_device *device) |
5925 |
+@@ -553,7 +555,7 @@ static int drbd_rs_number_requests(struct drbd_device *device) |
5926 |
unsigned int sect_in; /* Number of sectors that came in since the last turn */ |
5927 |
int number, mxb; |
5928 |
|
5929 |
@@ -39984,7 +40183,7 @@ index d0fae55..4469096 100644 |
5930 |
device->rs_in_flight -= sect_in; |
5931 |
|
5932 |
rcu_read_lock(); |
5933 |
-@@ -1595,8 +1595,8 @@ void drbd_rs_controller_reset(struct drbd_device *device) |
5934 |
+@@ -1595,8 +1597,8 @@ void drbd_rs_controller_reset(struct drbd_device *device) |
5935 |
struct gendisk *disk = device->ldev->backing_bdev->bd_contains->bd_disk; |
5936 |
struct fifo_buffer *plan; |
5937 |
|
5938 |
@@ -39995,6 +40194,20 @@ index d0fae55..4469096 100644 |
5939 |
device->rs_in_flight = 0; |
5940 |
device->rs_last_events = |
5941 |
(int)part_stat_read(&disk->part0, sectors[0]) + |
5942 |
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c |
5943 |
+index 0e385d8..0c63d6a 100644 |
5944 |
+--- a/drivers/block/nbd.c |
5945 |
++++ b/drivers/block/nbd.c |
5946 |
+@@ -538,8 +538,8 @@ static int nbd_thread(void *data) |
5947 |
+ * { printk( "Warning: Ignoring result!\n"); nbd_end_request( req ); } |
5948 |
+ */ |
5949 |
+ |
5950 |
++static void do_nbd_request(struct request_queue *q) __must_hold(q->queue_lock); |
5951 |
+ static void do_nbd_request(struct request_queue *q) |
5952 |
+- __releases(q->queue_lock) __acquires(q->queue_lock) |
5953 |
+ { |
5954 |
+ struct request *req; |
5955 |
+ |
5956 |
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c |
5957 |
index 4c20c22..caef1eb 100644 |
5958 |
--- a/drivers/block/pktcdvd.c |
5959 |
@@ -40309,7 +40522,7 @@ index bf75f63..359fa10 100644 |
5960 |
intf->proc_dir = NULL; |
5961 |
|
5962 |
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c |
5963 |
-index 8a45e92..e41b1c7 100644 |
5964 |
+index 8a45e92..3546003 100644 |
5965 |
--- a/drivers/char/ipmi/ipmi_si_intf.c |
5966 |
+++ b/drivers/char/ipmi/ipmi_si_intf.c |
5967 |
@@ -289,7 +289,7 @@ struct smi_info { |
5968 |
@@ -40333,6 +40546,25 @@ index 8a45e92..e41b1c7 100644 |
5969 |
|
5970 |
#define SI_MAX_PARMS 4 |
5971 |
|
5972 |
+@@ -1203,14 +1203,14 @@ static int smi_start_processing(void *send_info, |
5973 |
+ |
5974 |
+ new_smi->intf = intf; |
5975 |
+ |
5976 |
+- /* Try to claim any interrupts. */ |
5977 |
+- if (new_smi->irq_setup) |
5978 |
+- new_smi->irq_setup(new_smi); |
5979 |
+- |
5980 |
+ /* Set up the timer that drives the interface. */ |
5981 |
+ setup_timer(&new_smi->si_timer, smi_timeout, (long)new_smi); |
5982 |
+ smi_mod_timer(new_smi, jiffies + SI_TIMEOUT_JIFFIES); |
5983 |
+ |
5984 |
++ /* Try to claim any interrupts. */ |
5985 |
++ if (new_smi->irq_setup) |
5986 |
++ new_smi->irq_setup(new_smi); |
5987 |
++ |
5988 |
+ /* |
5989 |
+ * Check if the user forcefully enabled the daemon. |
5990 |
+ */ |
5991 |
@@ -3500,7 +3500,7 @@ static int try_smi_init(struct smi_info *new_smi) |
5992 |
atomic_set(&new_smi->req_events, 0); |
5993 |
new_smi->run_to_completion = false; |
5994 |
@@ -40741,10 +40973,10 @@ index 3a56a13..f8cbd25 100644 |
5995 |
return 0; |
5996 |
} |
5997 |
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c |
5998 |
-index d2406fe..243951a 100644 |
5999 |
+index d2406fe..473a5c0 100644 |
6000 |
--- a/drivers/char/virtio_console.c |
6001 |
+++ b/drivers/char/virtio_console.c |
6002 |
-@@ -685,7 +685,7 @@ static ssize_t fill_readbuf(struct port *port, char __user *out_buf, |
6003 |
+@@ -685,11 +685,11 @@ static ssize_t fill_readbuf(struct port *port, char __user *out_buf, |
6004 |
if (to_user) { |
6005 |
ssize_t ret; |
6006 |
|
6007 |
@@ -40753,15 +40985,20 @@ index d2406fe..243951a 100644 |
6008 |
if (ret) |
6009 |
return -EFAULT; |
6010 |
} else { |
6011 |
-@@ -789,7 +789,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, |
6012 |
- if (!port_has_data(port) && !port->host_connected) |
6013 |
- return 0; |
6014 |
+- memcpy((__force char *)out_buf, buf->buf + buf->offset, |
6015 |
++ memcpy((__force_kernel char *)out_buf, buf->buf + buf->offset, |
6016 |
+ out_count); |
6017 |
+ } |
6018 |
|
6019 |
-- return fill_readbuf(port, ubuf, count, true); |
6020 |
-+ return fill_readbuf(port, (char __force_kernel *)ubuf, count, true); |
6021 |
+@@ -1164,7 +1164,7 @@ static int get_chars(u32 vtermno, char *buf, int count) |
6022 |
+ /* If we don't have an input queue yet, we can't get input. */ |
6023 |
+ BUG_ON(!port->in_vq); |
6024 |
+ |
6025 |
+- return fill_readbuf(port, (__force char __user *)buf, count, false); |
6026 |
++ return fill_readbuf(port, (char __force_user *)buf, count, false); |
6027 |
} |
6028 |
|
6029 |
- static int wait_port_writable(struct port *port, bool nonblock) |
6030 |
+ static void resize_console(struct port *port) |
6031 |
diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c |
6032 |
index 616f5ae..747bdd0 100644 |
6033 |
--- a/drivers/clk/clk-composite.c |
6034 |
@@ -47780,7 +48017,7 @@ index 6ba47cf..a870ba2 100644 |
6035 |
pmd->bl_info.value_type.inc = data_block_inc; |
6036 |
pmd->bl_info.value_type.dec = data_block_dec; |
6037 |
diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
6038 |
-index 3e32f4e..01e0a7f 100644 |
6039 |
+index 3e32f4e..18528b7 100644 |
6040 |
--- a/drivers/md/dm.c |
6041 |
+++ b/drivers/md/dm.c |
6042 |
@@ -194,9 +194,9 @@ struct mapped_device { |
6043 |
@@ -47795,7 +48032,44 @@ index 3e32f4e..01e0a7f 100644 |
6044 |
struct list_head uevent_list; |
6045 |
spinlock_t uevent_lock; /* Protect access to uevent_list */ |
6046 |
|
6047 |
-@@ -2339,8 +2339,8 @@ static struct mapped_device *alloc_dev(int minor) |
6048 |
+@@ -705,14 +705,16 @@ static void queue_io(struct mapped_device *md, struct bio *bio) |
6049 |
+ * function to access the md->map field, and make sure they call |
6050 |
+ * dm_put_live_table() when finished. |
6051 |
+ */ |
6052 |
+-struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) __acquires(md->io_barrier) |
6053 |
++struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) __acquires(&md->io_barrier); |
6054 |
++struct dm_table *dm_get_live_table(struct mapped_device *md, int *srcu_idx) |
6055 |
+ { |
6056 |
+ *srcu_idx = srcu_read_lock(&md->io_barrier); |
6057 |
+ |
6058 |
+ return srcu_dereference(md->map, &md->io_barrier); |
6059 |
+ } |
6060 |
+ |
6061 |
+-void dm_put_live_table(struct mapped_device *md, int srcu_idx) __releases(md->io_barrier) |
6062 |
++void dm_put_live_table(struct mapped_device *md, int srcu_idx) __releases(&md->io_barrier); |
6063 |
++void dm_put_live_table(struct mapped_device *md, int srcu_idx) |
6064 |
+ { |
6065 |
+ srcu_read_unlock(&md->io_barrier, srcu_idx); |
6066 |
+ } |
6067 |
+@@ -727,13 +729,15 @@ void dm_sync_table(struct mapped_device *md) |
6068 |
+ * A fast alternative to dm_get_live_table/dm_put_live_table. |
6069 |
+ * The caller must not block between these two functions. |
6070 |
+ */ |
6071 |
+-static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) __acquires(RCU) |
6072 |
++static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) __acquires(RCU); |
6073 |
++static struct dm_table *dm_get_live_table_fast(struct mapped_device *md) |
6074 |
+ { |
6075 |
+ rcu_read_lock(); |
6076 |
+ return rcu_dereference(md->map); |
6077 |
+ } |
6078 |
+ |
6079 |
+-static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU) |
6080 |
++static void dm_put_live_table_fast(struct mapped_device *md) __releases(RCU); |
6081 |
++static void dm_put_live_table_fast(struct mapped_device *md) |
6082 |
+ { |
6083 |
+ rcu_read_unlock(); |
6084 |
+ } |
6085 |
+@@ -2339,8 +2343,8 @@ static struct mapped_device *alloc_dev(int minor) |
6086 |
spin_lock_init(&md->deferred_lock); |
6087 |
atomic_set(&md->holders, 1); |
6088 |
atomic_set(&md->open_count, 0); |
6089 |
@@ -47806,7 +48080,7 @@ index 3e32f4e..01e0a7f 100644 |
6090 |
INIT_LIST_HEAD(&md->uevent_list); |
6091 |
INIT_LIST_HEAD(&md->table_devices); |
6092 |
spin_lock_init(&md->uevent_lock); |
6093 |
-@@ -2481,7 +2481,7 @@ static void event_callback(void *context) |
6094 |
+@@ -2481,7 +2485,7 @@ static void event_callback(void *context) |
6095 |
|
6096 |
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); |
6097 |
|
6098 |
@@ -47815,7 +48089,7 @@ index 3e32f4e..01e0a7f 100644 |
6099 |
wake_up(&md->eventq); |
6100 |
} |
6101 |
|
6102 |
-@@ -3479,18 +3479,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
6103 |
+@@ -3479,18 +3483,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
6104 |
|
6105 |
uint32_t dm_next_uevent_seq(struct mapped_device *md) |
6106 |
{ |
6107 |
@@ -50347,18 +50621,9 @@ index e8c96b8..516a96c 100644 |
6108 |
Say Y here if you want to support for Freescale FlexCAN. |
6109 |
|
6110 |
diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c |
6111 |
-index aede704..ca734ed 100644 |
6112 |
+index 141c2a4..ca734ed 100644 |
6113 |
--- a/drivers/net/can/dev.c |
6114 |
+++ b/drivers/net/can/dev.c |
6115 |
-@@ -915,7 +915,7 @@ static int can_fill_info(struct sk_buff *skb, const struct net_device *dev) |
6116 |
- nla_put(skb, IFLA_CAN_BITTIMING_CONST, |
6117 |
- sizeof(*priv->bittiming_const), priv->bittiming_const)) || |
6118 |
- |
6119 |
-- nla_put(skb, IFLA_CAN_CLOCK, sizeof(cm), &priv->clock) || |
6120 |
-+ nla_put(skb, IFLA_CAN_CLOCK, sizeof(priv->clock), &priv->clock) || |
6121 |
- nla_put_u32(skb, IFLA_CAN_STATE, state) || |
6122 |
- nla_put(skb, IFLA_CAN_CTRLMODE, sizeof(cm), &cm) || |
6123 |
- nla_put_u32(skb, IFLA_CAN_RESTART_MS, priv->restart_ms) || |
6124 |
@@ -961,7 +961,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev, |
6125 |
return -EOPNOTSUPP; |
6126 |
} |
6127 |
@@ -50531,7 +50796,7 @@ index b3bc87f..5bdfdd3 100644 |
6128 |
+ .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init, |
6129 |
+}; |
6130 |
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c |
6131 |
-index a4473d8..039a2ab 100644 |
6132 |
+index f672dba3..d71818d 100644 |
6133 |
--- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c |
6134 |
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c |
6135 |
@@ -2776,7 +2776,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata) |
6136 |
@@ -50727,7 +50992,7 @@ index a4473d8..039a2ab 100644 |
6137 |
+ .set_rss_lookup_table = xgbe_set_rss_lookup_table, |
6138 |
+}; |
6139 |
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c |
6140 |
-index aae9d5e..29ce58d 100644 |
6141 |
+index dde0486..831e127 100644 |
6142 |
--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c |
6143 |
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c |
6144 |
@@ -245,7 +245,7 @@ static int xgbe_maybe_stop_tx_queue(struct xgbe_channel *channel, |
6145 |
@@ -50972,7 +51237,7 @@ index aae9d5e..29ce58d 100644 |
6146 |
struct xgbe_ring *ring = channel->tx_ring; |
6147 |
struct xgbe_ring_data *rdata; |
6148 |
struct xgbe_ring_desc *rdesc; |
6149 |
-@@ -1863,7 +1863,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel) |
6150 |
+@@ -1869,7 +1869,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel) |
6151 |
static int xgbe_rx_poll(struct xgbe_channel *channel, int budget) |
6152 |
{ |
6153 |
struct xgbe_prv_data *pdata = channel->pdata; |
6154 |
@@ -51436,19 +51701,6 @@ index e5ba040..d47531c 100644 |
6155 |
smp_mb(); |
6156 |
|
6157 |
/* need lock to prevent incorrect read while modifying cyclecounter */ |
6158 |
-diff --git a/drivers/net/ethernet/mellanox/mlx4/cmd.c b/drivers/net/ethernet/mellanox/mlx4/cmd.c |
6159 |
-index 0a32020..2177e56 100644 |
6160 |
---- a/drivers/net/ethernet/mellanox/mlx4/cmd.c |
6161 |
-+++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c |
6162 |
-@@ -2398,7 +2398,7 @@ int mlx4_multi_func_init(struct mlx4_dev *dev) |
6163 |
- } |
6164 |
- } |
6165 |
- |
6166 |
-- memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size); |
6167 |
-+ memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe)); |
6168 |
- priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD; |
6169 |
- INIT_WORK(&priv->mfunc.master.comm_work, |
6170 |
- mlx4_master_comm_channel); |
6171 |
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
6172 |
index c10d98f..72914c6 100644 |
6173 |
--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c |
6174 |
@@ -51464,19 +51716,6 @@ index c10d98f..72914c6 100644 |
6175 |
|
6176 |
netdev_tx_completed_queue(ring->tx_queue, packets, bytes); |
6177 |
|
6178 |
-diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c |
6179 |
-index 8e81e53..ad8f95d 100644 |
6180 |
---- a/drivers/net/ethernet/mellanox/mlx4/eq.c |
6181 |
-+++ b/drivers/net/ethernet/mellanox/mlx4/eq.c |
6182 |
-@@ -196,7 +196,7 @@ static void slave_event(struct mlx4_dev *dev, u8 slave, struct mlx4_eqe *eqe) |
6183 |
- return; |
6184 |
- } |
6185 |
- |
6186 |
-- memcpy(s_eqe, eqe, dev->caps.eqe_size - 1); |
6187 |
-+ memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1); |
6188 |
- s_eqe->slave_id = slave; |
6189 |
- /* ensure all information is written before setting the ownersip bit */ |
6190 |
- dma_wmb(); |
6191 |
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
6192 |
index 40206da..9d94643 100644 |
6193 |
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
6194 |
@@ -51517,6 +51756,21 @@ index 6223930..975033d 100644 |
6195 |
fifo->mempool = |
6196 |
__vxge_hw_mempool_create(vpath->hldev, |
6197 |
fifo->config->memblock_size, |
6198 |
+diff --git a/drivers/net/ethernet/nvidia/forcedeth.c b/drivers/net/ethernet/nvidia/forcedeth.c |
6199 |
+index a41bb5e..0ed99f9 100644 |
6200 |
+--- a/drivers/net/ethernet/nvidia/forcedeth.c |
6201 |
++++ b/drivers/net/ethernet/nvidia/forcedeth.c |
6202 |
+@@ -357,8 +357,8 @@ struct ring_desc { |
6203 |
+ }; |
6204 |
+ |
6205 |
+ struct ring_desc_ex { |
6206 |
+- __le32 bufhigh; |
6207 |
+- __le32 buflow; |
6208 |
++ __le32 bufhigh __intentional_overflow(0); |
6209 |
++ __le32 buflow __intentional_overflow(0); |
6210 |
+ __le32 txvlan; |
6211 |
+ __le32 flaglen; |
6212 |
+ }; |
6213 |
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c |
6214 |
index 753ea8b..674c39a 100644 |
6215 |
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c |
6216 |
@@ -51765,7 +52019,7 @@ index 9f59f17..52cb38f 100644 |
6217 |
}; |
6218 |
|
6219 |
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c |
6220 |
-index 248478c..05e8467 100644 |
6221 |
+index 197c939..5f7bee5 100644 |
6222 |
--- a/drivers/net/macvtap.c |
6223 |
+++ b/drivers/net/macvtap.c |
6224 |
@@ -485,7 +485,7 @@ static void macvtap_setup(struct net_device *dev) |
6225 |
@@ -51786,6 +52040,17 @@ index 248478c..05e8467 100644 |
6226 |
put_user(u, &ifr->ifr_flags)) |
6227 |
ret = -EFAULT; |
6228 |
macvtap_put_vlan(vlan); |
6229 |
+@@ -1173,8 +1173,8 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, |
6230 |
+ } |
6231 |
+ ret = 0; |
6232 |
+ u = vlan->dev->type; |
6233 |
+- if (copy_to_user(&ifr->ifr_name, vlan->dev->name, IFNAMSIZ) || |
6234 |
+- copy_to_user(&ifr->ifr_hwaddr.sa_data, vlan->dev->dev_addr, ETH_ALEN) || |
6235 |
++ if (copy_to_user(ifr->ifr_name, vlan->dev->name, IFNAMSIZ) || |
6236 |
++ copy_to_user(ifr->ifr_hwaddr.sa_data, vlan->dev->dev_addr, ETH_ALEN) || |
6237 |
+ put_user(u, &ifr->ifr_hwaddr.sa_family)) |
6238 |
+ ret = -EFAULT; |
6239 |
+ macvtap_put_vlan(vlan); |
6240 |
@@ -1308,7 +1308,7 @@ static int macvtap_device_event(struct notifier_block *unused, |
6241 |
return NOTIFY_DONE; |
6242 |
} |
6243 |
@@ -51862,7 +52127,7 @@ index 487be20..f4c87bc 100644 |
6244 |
err = 0; |
6245 |
break; |
6246 |
diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c |
6247 |
-index 2ed7506..cf82b13 100644 |
6248 |
+index 5e0b432..0a37f84 100644 |
6249 |
--- a/drivers/net/ppp/pppoe.c |
6250 |
+++ b/drivers/net/ppp/pppoe.c |
6251 |
@@ -568,6 +568,9 @@ static int pppoe_create(struct net *net, struct socket *sock, int kern) |
6252 |
@@ -52895,10 +53160,10 @@ index 0ffb6ff..c0b7f0e 100644 |
6253 |
memset(buf, 0, sizeof(buf)); |
6254 |
buf_size = min(count, sizeof(buf) - 1); |
6255 |
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c |
6256 |
-index 9e144e7..2f5511a 100644 |
6257 |
+index dab9b91..b169b42 100644 |
6258 |
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c |
6259 |
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c |
6260 |
-@@ -1950,7 +1950,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, |
6261 |
+@@ -1944,7 +1944,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, |
6262 |
struct isr_statistics *isr_stats = &trans_pcie->isr_stats; |
6263 |
|
6264 |
char buf[8]; |
6265 |
@@ -52907,7 +53172,7 @@ index 9e144e7..2f5511a 100644 |
6266 |
u32 reset_flag; |
6267 |
|
6268 |
memset(buf, 0, sizeof(buf)); |
6269 |
-@@ -1971,7 +1971,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, |
6270 |
+@@ -1965,7 +1965,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, |
6271 |
{ |
6272 |
struct iwl_trans *trans = file->private_data; |
6273 |
char buf[8]; |
6274 |
@@ -57016,7 +57281,7 @@ index 382d3fc..b16d625 100644 |
6275 |
|
6276 |
dlci->modem_rx = 0; |
6277 |
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
6278 |
-index afc1879..b605d4b 100644 |
6279 |
+index dedac8a..d085233 100644 |
6280 |
--- a/drivers/tty/n_tty.c |
6281 |
+++ b/drivers/tty/n_tty.c |
6282 |
@@ -2574,6 +2574,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) |
6283 |
@@ -57781,6 +58046,19 @@ index b5b4278..bb9c7b0 100644 |
6284 |
char c; |
6285 |
|
6286 |
if (get_user(c, buf)) |
6287 |
+diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c |
6288 |
+index 3d245cd..51d4d3c 100644 |
6289 |
+--- a/drivers/tty/tty_audit.c |
6290 |
++++ b/drivers/tty/tty_audit.c |
6291 |
+@@ -265,7 +265,7 @@ static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty, |
6292 |
+ * |
6293 |
+ * Audit @data of @size from @tty, if necessary. |
6294 |
+ */ |
6295 |
+-void tty_audit_add_data(struct tty_struct *tty, const void *data, |
6296 |
++void tty_audit_add_data(struct tty_struct *tty, const unsigned char *data, |
6297 |
+ size_t size, unsigned icanon) |
6298 |
+ { |
6299 |
+ struct tty_audit_buf *buf; |
6300 |
diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c |
6301 |
index 4cf263d..fd011fa 100644 |
6302 |
--- a/drivers/tty/tty_buffer.c |
6303 |
@@ -57859,10 +58137,10 @@ index 4cf263d..fd011fa 100644 |
6304 |
if (next == NULL) { |
6305 |
check_other_closed(tty); |
6306 |
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
6307 |
-index 774df35..62fa290 100644 |
6308 |
+index 1aa0286..b99e9a8 100644 |
6309 |
--- a/drivers/tty/tty_io.c |
6310 |
+++ b/drivers/tty/tty_io.c |
6311 |
-@@ -3524,7 +3524,7 @@ EXPORT_SYMBOL(tty_devnum); |
6312 |
+@@ -3528,7 +3528,7 @@ EXPORT_SYMBOL(tty_devnum); |
6313 |
|
6314 |
void tty_default_fops(struct file_operations *fops) |
6315 |
{ |
6316 |
@@ -58712,10 +58990,10 @@ index c47d3e4..35bcc1e 100644 |
6317 |
/* Device for a quirk */ |
6318 |
#define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73 |
6319 |
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c |
6320 |
-index d7b9f484..8208965 100644 |
6321 |
+index 6062996..9b6c196 100644 |
6322 |
--- a/drivers/usb/host/xhci.c |
6323 |
+++ b/drivers/usb/host/xhci.c |
6324 |
-@@ -4837,7 +4837,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) |
6325 |
+@@ -4847,7 +4847,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) |
6326 |
int retval; |
6327 |
|
6328 |
/* Accept arbitrarily long scatter-gather lists */ |
6329 |
@@ -59137,7 +59415,7 @@ index 3fc63c2..eec5e49 100644 |
6330 |
} |
6331 |
EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup); |
6332 |
diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c |
6333 |
-index 0705d88..d9429bf 100644 |
6334 |
+index 0705d88..0e17c07 100644 |
6335 |
--- a/drivers/video/fbdev/core/fbmem.c |
6336 |
+++ b/drivers/video/fbdev/core/fbmem.c |
6337 |
@@ -1301,7 +1301,7 @@ static int do_fscreeninfo_to_user(struct fb_fix_screeninfo *fix, |
6338 |
@@ -59149,6 +59427,30 @@ index 0705d88..d9429bf 100644 |
6339 |
|
6340 |
data = (__u32) (unsigned long) fix->smem_start; |
6341 |
err |= put_user(data, &fix32->smem_start); |
6342 |
+@@ -1435,10 +1435,7 @@ fb_mmap(struct file *file, struct vm_area_struct * vma) |
6343 |
+ return vm_iomap_memory(vma, start, len); |
6344 |
+ } |
6345 |
+ |
6346 |
+-static int |
6347 |
+-fb_open(struct inode *inode, struct file *file) |
6348 |
+-__acquires(&info->lock) |
6349 |
+-__releases(&info->lock) |
6350 |
++static int fb_open(struct inode *inode, struct file *file) |
6351 |
+ { |
6352 |
+ int fbidx = iminor(inode); |
6353 |
+ struct fb_info *info; |
6354 |
+@@ -1476,10 +1473,7 @@ out: |
6355 |
+ return res; |
6356 |
+ } |
6357 |
+ |
6358 |
+-static int |
6359 |
+-fb_release(struct inode *inode, struct file *file) |
6360 |
+-__acquires(&info->lock) |
6361 |
+-__releases(&info->lock) |
6362 |
++static int fb_release(struct inode *inode, struct file *file) |
6363 |
+ { |
6364 |
+ struct fb_info * const info = file->private_data; |
6365 |
+ |
6366 |
diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c |
6367 |
index 807ee22..7814cd6 100644 |
6368 |
--- a/drivers/video/fbdev/hyperv_fb.c |
6369 |
@@ -62463,10 +62765,10 @@ index 3c14e43..2630570 100644 |
6370 |
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 |
6371 |
+4 4 4 4 4 4 |
6372 |
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c |
6373 |
-index 96093ae..b9eed29 100644 |
6374 |
+index cdc3d33..2701a17 100644 |
6375 |
--- a/drivers/xen/events/events_base.c |
6376 |
+++ b/drivers/xen/events/events_base.c |
6377 |
-@@ -1568,7 +1568,7 @@ void xen_irq_resume(void) |
6378 |
+@@ -1569,7 +1569,7 @@ void xen_irq_resume(void) |
6379 |
restore_pirqs(); |
6380 |
} |
6381 |
|
6382 |
@@ -62475,7 +62777,7 @@ index 96093ae..b9eed29 100644 |
6383 |
.name = "xen-dyn", |
6384 |
|
6385 |
.irq_disable = disable_dynirq, |
6386 |
-@@ -1582,7 +1582,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = { |
6387 |
+@@ -1583,7 +1583,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = { |
6388 |
.irq_retrigger = retrigger_dynirq, |
6389 |
}; |
6390 |
|
6391 |
@@ -62484,7 +62786,7 @@ index 96093ae..b9eed29 100644 |
6392 |
.name = "xen-pirq", |
6393 |
|
6394 |
.irq_startup = startup_pirq, |
6395 |
-@@ -1602,7 +1602,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = { |
6396 |
+@@ -1603,7 +1603,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = { |
6397 |
.irq_retrigger = retrigger_dynirq, |
6398 |
}; |
6399 |
|
6400 |
@@ -74890,6 +75192,22 @@ index 0000000..43d7c4f |
6401 |
+:1095C00080080000800E00008008008080080000F5 |
6402 |
+:1095D00080000A8080000A00800009808000090065 |
6403 |
+:00000001FF |
6404 |
+diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c |
6405 |
+index b1dc518..2f97461 100644 |
6406 |
+--- a/fs/9p/vfs_inode.c |
6407 |
++++ b/fs/9p/vfs_inode.c |
6408 |
+@@ -451,9 +451,9 @@ void v9fs_evict_inode(struct inode *inode) |
6409 |
+ { |
6410 |
+ struct v9fs_inode *v9inode = V9FS_I(inode); |
6411 |
+ |
6412 |
+- truncate_inode_pages_final(inode->i_mapping); |
6413 |
++ truncate_inode_pages_final(&inode->i_data); |
6414 |
+ clear_inode(inode); |
6415 |
+- filemap_fdatawrite(inode->i_mapping); |
6416 |
++ filemap_fdatawrite(&inode->i_data); |
6417 |
+ |
6418 |
+ v9fs_cache_inode_put_cookie(inode); |
6419 |
+ /* clunk the fid stashed in writeback_fid */ |
6420 |
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt |
6421 |
index 2d0cbbd..a6d61492 100644 |
6422 |
--- a/fs/Kconfig.binfmt |
6423 |
@@ -77152,7 +77470,7 @@ index 5bb630a..043dc70 100644 |
6424 |
|
6425 |
return hit; |
6426 |
diff --git a/fs/compat.c b/fs/compat.c |
6427 |
-index 6fd272d..dd34ba2 100644 |
6428 |
+index 6fd272d..ae85f4f 100644 |
6429 |
--- a/fs/compat.c |
6430 |
+++ b/fs/compat.c |
6431 |
@@ -54,7 +54,7 @@ |
6432 |
@@ -77255,7 +77573,7 @@ index 6fd272d..dd34ba2 100644 |
6433 |
dirent = buf->previous; |
6434 |
|
6435 |
if (dirent) { |
6436 |
-@@ -1067,6 +1084,7 @@ COMPAT_SYSCALL_DEFINE3(getdents64, unsigned int, fd, |
6437 |
+@@ -1067,13 +1084,13 @@ COMPAT_SYSCALL_DEFINE3(getdents64, unsigned int, fd, |
6438 |
if (!f.file) |
6439 |
return -EBADF; |
6440 |
|
6441 |
@@ -77263,6 +77581,14 @@ index 6fd272d..dd34ba2 100644 |
6442 |
error = iterate_dir(f.file, &buf.ctx); |
6443 |
if (error >= 0) |
6444 |
error = buf.error; |
6445 |
+ lastdirent = buf.previous; |
6446 |
+ if (lastdirent) { |
6447 |
+- typeof(lastdirent->d_off) d_off = buf.ctx.pos; |
6448 |
+- if (__put_user_unaligned(d_off, &lastdirent->d_off)) |
6449 |
++ if (__put_user_unaligned(buf.ctx.pos, &lastdirent->d_off)) |
6450 |
+ error = -EFAULT; |
6451 |
+ else |
6452 |
+ error = count - buf.count; |
6453 |
diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c |
6454 |
index 4d24d17..4f8c09e 100644 |
6455 |
--- a/fs/compat_binfmt_elf.c |
6456 |
@@ -77354,7 +77680,7 @@ index c81ce7f..f3de5fd 100644 |
6457 |
/* |
6458 |
* We'll have a dentry and an inode for |
6459 |
diff --git a/fs/coredump.c b/fs/coredump.c |
6460 |
-index a8f7564..3dde349 100644 |
6461 |
+index a8f7564..0329da8 100644 |
6462 |
--- a/fs/coredump.c |
6463 |
+++ b/fs/coredump.c |
6464 |
@@ -457,8 +457,8 @@ static void wait_for_dump_helpers(struct file *file) |
6465 |
@@ -77441,6 +77767,15 @@ index a8f7564..3dde349 100644 |
6466 |
if (cprm.limit < binfmt->min_coredump) |
6467 |
goto fail_unlock; |
6468 |
|
6469 |
+@@ -654,7 +663,7 @@ void do_coredump(const siginfo_t *siginfo) |
6470 |
+ * If it doesn't exist, that's fine. If there's some |
6471 |
+ * other problem, we'll catch it at the filp_open(). |
6472 |
+ */ |
6473 |
+- (void) sys_unlink((const char __user *)cn.corename); |
6474 |
++ (void) sys_unlink((const char __force_user *)cn.corename); |
6475 |
+ set_fs(old_fs); |
6476 |
+ } |
6477 |
+ |
6478 |
@@ -718,7 +727,7 @@ close_fail: |
6479 |
filp_close(cprm.file, NULL); |
6480 |
fail_dropcount: |
6481 |
@@ -77460,10 +77795,34 @@ index a8f7564..3dde349 100644 |
6482 |
return 0; |
6483 |
while (nr) { |
6484 |
diff --git a/fs/dcache.c b/fs/dcache.c |
6485 |
-index e3b44ca..e0d94f1 100644 |
6486 |
+index e3b44ca..97367b7 100644 |
6487 |
--- a/fs/dcache.c |
6488 |
+++ b/fs/dcache.c |
6489 |
-@@ -545,7 +545,7 @@ static void __dentry_kill(struct dentry *dentry) |
6490 |
+@@ -341,8 +341,9 @@ static inline void dentry_rcuwalk_invalidate(struct dentry *dentry) |
6491 |
+ * and is unhashed. |
6492 |
+ */ |
6493 |
+ static void dentry_iput(struct dentry * dentry) |
6494 |
+- __releases(dentry->d_lock) |
6495 |
+- __releases(dentry->d_inode->i_lock) |
6496 |
++ __releases(&dentry->d_lock) |
6497 |
++ __releases(&dentry->d_inode->i_lock); |
6498 |
++static void dentry_iput(struct dentry * dentry) |
6499 |
+ { |
6500 |
+ struct inode *inode = dentry->d_inode; |
6501 |
+ if (inode) { |
6502 |
+@@ -366,8 +367,9 @@ static void dentry_iput(struct dentry * dentry) |
6503 |
+ * d_iput() operation if defined. dentry remains in-use. |
6504 |
+ */ |
6505 |
+ static void dentry_unlink_inode(struct dentry * dentry) |
6506 |
+- __releases(dentry->d_lock) |
6507 |
+- __releases(dentry->d_inode->i_lock) |
6508 |
++ __releases(&dentry->d_lock) |
6509 |
++ __releases(&dentry->d_inode->i_lock); |
6510 |
++static void dentry_unlink_inode(struct dentry * dentry) |
6511 |
+ { |
6512 |
+ struct inode *inode = dentry->d_inode; |
6513 |
+ __d_clear_type_and_inode(dentry); |
6514 |
+@@ -545,7 +547,7 @@ static void __dentry_kill(struct dentry *dentry) |
6515 |
* dentry_iput drops the locks, at which point nobody (except |
6516 |
* transient RCU lookups) can reach this dentry. |
6517 |
*/ |
6518 |
@@ -77472,7 +77831,17 @@ index e3b44ca..e0d94f1 100644 |
6519 |
this_cpu_dec(nr_dentry); |
6520 |
if (dentry->d_op && dentry->d_op->d_release) |
6521 |
dentry->d_op->d_release(dentry); |
6522 |
-@@ -598,7 +598,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry) |
6523 |
+@@ -567,7 +569,8 @@ static void __dentry_kill(struct dentry *dentry) |
6524 |
+ * Returns dentry requiring refcount drop, or NULL if we're done. |
6525 |
+ */ |
6526 |
+ static struct dentry *dentry_kill(struct dentry *dentry) |
6527 |
+- __releases(dentry->d_lock) |
6528 |
++ __releases(&dentry->d_lock); |
6529 |
++static struct dentry *dentry_kill(struct dentry *dentry) |
6530 |
+ { |
6531 |
+ struct inode *inode = dentry->d_inode; |
6532 |
+ struct dentry *parent = NULL; |
6533 |
+@@ -598,7 +601,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry) |
6534 |
struct dentry *parent = dentry->d_parent; |
6535 |
if (IS_ROOT(dentry)) |
6536 |
return NULL; |
6537 |
@@ -77481,7 +77850,7 @@ index e3b44ca..e0d94f1 100644 |
6538 |
return NULL; |
6539 |
if (likely(spin_trylock(&parent->d_lock))) |
6540 |
return parent; |
6541 |
-@@ -660,8 +660,8 @@ static inline bool fast_dput(struct dentry *dentry) |
6542 |
+@@ -660,8 +663,8 @@ static inline bool fast_dput(struct dentry *dentry) |
6543 |
*/ |
6544 |
if (unlikely(ret < 0)) { |
6545 |
spin_lock(&dentry->d_lock); |
6546 |
@@ -77492,7 +77861,7 @@ index e3b44ca..e0d94f1 100644 |
6547 |
spin_unlock(&dentry->d_lock); |
6548 |
return 1; |
6549 |
} |
6550 |
-@@ -716,7 +716,7 @@ static inline bool fast_dput(struct dentry *dentry) |
6551 |
+@@ -716,7 +719,7 @@ static inline bool fast_dput(struct dentry *dentry) |
6552 |
* else could have killed it and marked it dead. Either way, we |
6553 |
* don't need to do anything else. |
6554 |
*/ |
6555 |
@@ -77501,7 +77870,7 @@ index e3b44ca..e0d94f1 100644 |
6556 |
spin_unlock(&dentry->d_lock); |
6557 |
return 1; |
6558 |
} |
6559 |
-@@ -726,7 +726,7 @@ static inline bool fast_dput(struct dentry *dentry) |
6560 |
+@@ -726,7 +729,7 @@ static inline bool fast_dput(struct dentry *dentry) |
6561 |
* lock, and we just tested that it was zero, so we can just |
6562 |
* set it to 1. |
6563 |
*/ |
6564 |
@@ -77510,7 +77879,7 @@ index e3b44ca..e0d94f1 100644 |
6565 |
return 0; |
6566 |
} |
6567 |
|
6568 |
-@@ -788,7 +788,7 @@ repeat: |
6569 |
+@@ -788,7 +791,7 @@ repeat: |
6570 |
dentry->d_flags |= DCACHE_REFERENCED; |
6571 |
dentry_lru_add(dentry); |
6572 |
|
6573 |
@@ -77519,7 +77888,7 @@ index e3b44ca..e0d94f1 100644 |
6574 |
spin_unlock(&dentry->d_lock); |
6575 |
return; |
6576 |
|
6577 |
-@@ -803,7 +803,7 @@ EXPORT_SYMBOL(dput); |
6578 |
+@@ -803,7 +806,7 @@ EXPORT_SYMBOL(dput); |
6579 |
/* This must be called with d_lock held */ |
6580 |
static inline void __dget_dlock(struct dentry *dentry) |
6581 |
{ |
6582 |
@@ -77528,7 +77897,7 @@ index e3b44ca..e0d94f1 100644 |
6583 |
} |
6584 |
|
6585 |
static inline void __dget(struct dentry *dentry) |
6586 |
-@@ -844,8 +844,8 @@ repeat: |
6587 |
+@@ -844,8 +847,8 @@ repeat: |
6588 |
goto repeat; |
6589 |
} |
6590 |
rcu_read_unlock(); |
6591 |
@@ -77539,7 +77908,7 @@ index e3b44ca..e0d94f1 100644 |
6592 |
spin_unlock(&ret->d_lock); |
6593 |
return ret; |
6594 |
} |
6595 |
-@@ -923,9 +923,9 @@ restart: |
6596 |
+@@ -923,9 +926,9 @@ restart: |
6597 |
spin_lock(&inode->i_lock); |
6598 |
hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { |
6599 |
spin_lock(&dentry->d_lock); |
6600 |
@@ -77551,7 +77920,7 @@ index e3b44ca..e0d94f1 100644 |
6601 |
__dentry_kill(dentry); |
6602 |
dput(parent); |
6603 |
goto restart; |
6604 |
-@@ -960,7 +960,7 @@ static void shrink_dentry_list(struct list_head *list) |
6605 |
+@@ -960,7 +963,7 @@ static void shrink_dentry_list(struct list_head *list) |
6606 |
* We found an inuse dentry which was not removed from |
6607 |
* the LRU because of laziness during lookup. Do not free it. |
6608 |
*/ |
6609 |
@@ -77560,7 +77929,7 @@ index e3b44ca..e0d94f1 100644 |
6610 |
spin_unlock(&dentry->d_lock); |
6611 |
if (parent) |
6612 |
spin_unlock(&parent->d_lock); |
6613 |
-@@ -998,8 +998,8 @@ static void shrink_dentry_list(struct list_head *list) |
6614 |
+@@ -998,8 +1001,8 @@ static void shrink_dentry_list(struct list_head *list) |
6615 |
dentry = parent; |
6616 |
while (dentry && !lockref_put_or_lock(&dentry->d_lockref)) { |
6617 |
parent = lock_parent(dentry); |
6618 |
@@ -77571,7 +77940,7 @@ index e3b44ca..e0d94f1 100644 |
6619 |
spin_unlock(&dentry->d_lock); |
6620 |
if (parent) |
6621 |
spin_unlock(&parent->d_lock); |
6622 |
-@@ -1039,7 +1039,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item, |
6623 |
+@@ -1039,7 +1042,7 @@ static enum lru_status dentry_lru_isolate(struct list_head *item, |
6624 |
* counts, just remove them from the LRU. Otherwise give them |
6625 |
* another pass through the LRU. |
6626 |
*/ |
6627 |
@@ -77580,7 +77949,7 @@ index e3b44ca..e0d94f1 100644 |
6628 |
d_lru_isolate(lru, dentry); |
6629 |
spin_unlock(&dentry->d_lock); |
6630 |
return LRU_REMOVED; |
6631 |
-@@ -1373,7 +1373,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) |
6632 |
+@@ -1373,7 +1376,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) |
6633 |
} else { |
6634 |
if (dentry->d_flags & DCACHE_LRU_LIST) |
6635 |
d_lru_del(dentry); |
6636 |
@@ -77589,7 +77958,7 @@ index e3b44ca..e0d94f1 100644 |
6637 |
d_shrink_add(dentry, &data->dispose); |
6638 |
data->found++; |
6639 |
} |
6640 |
-@@ -1421,7 +1421,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) |
6641 |
+@@ -1421,7 +1424,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) |
6642 |
return D_WALK_CONTINUE; |
6643 |
|
6644 |
/* root with refcount 1 is fine */ |
6645 |
@@ -77598,7 +77967,7 @@ index e3b44ca..e0d94f1 100644 |
6646 |
return D_WALK_CONTINUE; |
6647 |
|
6648 |
printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} " |
6649 |
-@@ -1430,7 +1430,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) |
6650 |
+@@ -1430,7 +1433,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) |
6651 |
dentry->d_inode ? |
6652 |
dentry->d_inode->i_ino : 0UL, |
6653 |
dentry, |
6654 |
@@ -77607,7 +77976,7 @@ index e3b44ca..e0d94f1 100644 |
6655 |
dentry->d_sb->s_type->name, |
6656 |
dentry->d_sb->s_id); |
6657 |
WARN_ON(1); |
6658 |
-@@ -1571,7 +1571,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) |
6659 |
+@@ -1571,7 +1574,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) |
6660 |
dentry->d_iname[DNAME_INLINE_LEN-1] = 0; |
6661 |
if (name->len > DNAME_INLINE_LEN-1) { |
6662 |
size_t size = offsetof(struct external_name, name[1]); |
6663 |
@@ -77616,7 +77985,7 @@ index e3b44ca..e0d94f1 100644 |
6664 |
if (!p) { |
6665 |
kmem_cache_free(dentry_cache, dentry); |
6666 |
return NULL; |
6667 |
-@@ -1594,7 +1594,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) |
6668 |
+@@ -1594,7 +1597,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) |
6669 |
smp_wmb(); |
6670 |
dentry->d_name.name = dname; |
6671 |
|
6672 |
@@ -77625,7 +77994,7 @@ index e3b44ca..e0d94f1 100644 |
6673 |
dentry->d_flags = 0; |
6674 |
spin_lock_init(&dentry->d_lock); |
6675 |
seqcount_init(&dentry->d_seq); |
6676 |
-@@ -1603,6 +1603,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) |
6677 |
+@@ -1603,6 +1606,9 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) |
6678 |
dentry->d_sb = sb; |
6679 |
dentry->d_op = NULL; |
6680 |
dentry->d_fsdata = NULL; |
6681 |
@@ -77635,7 +78004,7 @@ index e3b44ca..e0d94f1 100644 |
6682 |
INIT_HLIST_BL_NODE(&dentry->d_hash); |
6683 |
INIT_LIST_HEAD(&dentry->d_lru); |
6684 |
INIT_LIST_HEAD(&dentry->d_subdirs); |
6685 |
-@@ -2327,7 +2330,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) |
6686 |
+@@ -2327,7 +2333,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) |
6687 |
goto next; |
6688 |
} |
6689 |
|
6690 |
@@ -77644,7 +78013,7 @@ index e3b44ca..e0d94f1 100644 |
6691 |
found = dentry; |
6692 |
spin_unlock(&dentry->d_lock); |
6693 |
break; |
6694 |
-@@ -2395,7 +2398,7 @@ again: |
6695 |
+@@ -2395,7 +2401,7 @@ again: |
6696 |
spin_lock(&dentry->d_lock); |
6697 |
inode = dentry->d_inode; |
6698 |
isdir = S_ISDIR(inode->i_mode); |
6699 |
@@ -77653,7 +78022,7 @@ index e3b44ca..e0d94f1 100644 |
6700 |
if (!spin_trylock(&inode->i_lock)) { |
6701 |
spin_unlock(&dentry->d_lock); |
6702 |
cpu_relax(); |
6703 |
-@@ -3344,7 +3347,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) |
6704 |
+@@ -3344,7 +3350,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) |
6705 |
|
6706 |
if (!(dentry->d_flags & DCACHE_GENOCIDE)) { |
6707 |
dentry->d_flags |= DCACHE_GENOCIDE; |
6708 |
@@ -77662,7 +78031,7 @@ index e3b44ca..e0d94f1 100644 |
6709 |
} |
6710 |
} |
6711 |
return D_WALK_CONTINUE; |
6712 |
-@@ -3452,7 +3455,8 @@ void __init vfs_caches_init_early(void) |
6713 |
+@@ -3452,7 +3458,8 @@ void __init vfs_caches_init_early(void) |
6714 |
void __init vfs_caches_init(void) |
6715 |
{ |
6716 |
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, |
6717 |
@@ -78987,7 +79356,7 @@ index ee85cd4..9dd0d20 100644 |
6718 |
} |
6719 |
EXPORT_SYMBOL(__f_setown); |
6720 |
diff --git a/fs/fhandle.c b/fs/fhandle.c |
6721 |
-index d59712d..2281df9 100644 |
6722 |
+index d59712d..2c63363 100644 |
6723 |
--- a/fs/fhandle.c |
6724 |
+++ b/fs/fhandle.c |
6725 |
@@ -8,6 +8,7 @@ |
6726 |
@@ -79017,8 +79386,17 @@ index d59712d..2281df9 100644 |
6727 |
retval = -EPERM; |
6728 |
goto out_err; |
6729 |
} |
6730 |
+@@ -197,7 +197,7 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, |
6731 |
+ /* copy the full handle */ |
6732 |
+ *handle = f_handle; |
6733 |
+ if (copy_from_user(&handle->f_handle, |
6734 |
+- &ufh->f_handle, |
6735 |
++ ufh->f_handle, |
6736 |
+ f_handle.handle_bytes)) { |
6737 |
+ retval = -EFAULT; |
6738 |
+ goto out_handle; |
6739 |
diff --git a/fs/file.c b/fs/file.c |
6740 |
-index 6c672ad..bf787b0 100644 |
6741 |
+index 6c672ad..3166d8c 100644 |
6742 |
--- a/fs/file.c |
6743 |
+++ b/fs/file.c |
6744 |
@@ -16,6 +16,7 @@ |
6745 |
@@ -79029,25 +79407,46 @@ index 6c672ad..bf787b0 100644 |
6746 |
#include <linux/fdtable.h> |
6747 |
#include <linux/bitops.h> |
6748 |
#include <linux/interrupt.h> |
6749 |
-@@ -139,7 +140,7 @@ out: |
6750 |
+@@ -139,9 +140,10 @@ out: |
6751 |
* Return <0 error code on error; 1 on successful completion. |
6752 |
* The files->file_lock should be held on entry, and will be held on exit. |
6753 |
*/ |
6754 |
-static int expand_fdtable(struct files_struct *files, int nr) |
6755 |
+- __releases(files->file_lock) |
6756 |
+- __acquires(files->file_lock) |
6757 |
++static int expand_fdtable(struct files_struct *files, unsigned int nr) |
6758 |
++ __releases(&files->file_lock) |
6759 |
++ __acquires(&files->file_lock); |
6760 |
+static int expand_fdtable(struct files_struct *files, unsigned int nr) |
6761 |
- __releases(files->file_lock) |
6762 |
- __acquires(files->file_lock) |
6763 |
{ |
6764 |
-@@ -184,7 +185,7 @@ static int expand_fdtable(struct files_struct *files, int nr) |
6765 |
+ struct fdtable *new_fdt, *cur_fdt; |
6766 |
+ |
6767 |
+@@ -184,9 +186,10 @@ static int expand_fdtable(struct files_struct *files, int nr) |
6768 |
* expanded and execution may have blocked. |
6769 |
* The files->file_lock should be held on entry, and will be held on exit. |
6770 |
*/ |
6771 |
-static int expand_files(struct files_struct *files, int nr) |
6772 |
+- __releases(files->file_lock) |
6773 |
+- __acquires(files->file_lock) |
6774 |
++static int expand_files(struct files_struct *files, unsigned int nr) |
6775 |
++ __releases(&files->file_lock) |
6776 |
++ __acquires(&files->file_lock); |
6777 |
+static int expand_files(struct files_struct *files, unsigned int nr) |
6778 |
- __releases(files->file_lock) |
6779 |
- __acquires(files->file_lock) |
6780 |
{ |
6781 |
-@@ -834,6 +835,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) |
6782 |
+ struct fdtable *fdt; |
6783 |
+ int expanded = 0; |
6784 |
+@@ -784,7 +787,9 @@ bool get_close_on_exec(unsigned int fd) |
6785 |
+ |
6786 |
+ static int do_dup2(struct files_struct *files, |
6787 |
+ struct file *file, unsigned fd, unsigned flags) |
6788 |
+-__releases(&files->file_lock) |
6789 |
++__releases(&files->file_lock); |
6790 |
++static int do_dup2(struct files_struct *files, |
6791 |
++ struct file *file, unsigned fd, unsigned flags) |
6792 |
+ { |
6793 |
+ struct file *tofree; |
6794 |
+ struct fdtable *fdt; |
6795 |
+@@ -834,6 +839,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) |
6796 |
if (!file) |
6797 |
return __close_fd(files, fd); |
6798 |
|
6799 |
@@ -79055,7 +79454,7 @@ index 6c672ad..bf787b0 100644 |
6800 |
if (fd >= rlimit(RLIMIT_NOFILE)) |
6801 |
return -EBADF; |
6802 |
|
6803 |
-@@ -860,6 +862,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) |
6804 |
+@@ -860,6 +866,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) |
6805 |
if (unlikely(oldfd == newfd)) |
6806 |
return -EINVAL; |
6807 |
|
6808 |
@@ -79063,7 +79462,7 @@ index 6c672ad..bf787b0 100644 |
6809 |
if (newfd >= rlimit(RLIMIT_NOFILE)) |
6810 |
return -EBADF; |
6811 |
|
6812 |
-@@ -915,6 +918,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) |
6813 |
+@@ -915,6 +922,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) |
6814 |
int f_dupfd(unsigned int from, struct file *file, unsigned flags) |
6815 |
{ |
6816 |
int err; |
6817 |
@@ -79087,6 +79486,53 @@ index 5797d45..7d7d79a 100644 |
6818 |
fs = __get_fs_type(name, len); |
6819 |
|
6820 |
if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { |
6821 |
+diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c |
6822 |
+index 5fa588e..21cc57d 100644 |
6823 |
+--- a/fs/fs-writeback.c |
6824 |
++++ b/fs/fs-writeback.c |
6825 |
+@@ -869,9 +869,9 @@ restart: |
6826 |
+ #else /* CONFIG_CGROUP_WRITEBACK */ |
6827 |
+ |
6828 |
+ static struct bdi_writeback * |
6829 |
++locked_inode_to_wb_and_lock_list(struct inode *inode) __releases(&inode->i_lock) __acquires(&wb->list_lock); |
6830 |
++static struct bdi_writeback * |
6831 |
+ locked_inode_to_wb_and_lock_list(struct inode *inode) |
6832 |
+- __releases(&inode->i_lock) |
6833 |
+- __acquires(&wb->list_lock) |
6834 |
+ { |
6835 |
+ struct bdi_writeback *wb = inode_to_wb(inode); |
6836 |
+ |
6837 |
+@@ -880,8 +880,8 @@ locked_inode_to_wb_and_lock_list(struct inode *inode) |
6838 |
+ return wb; |
6839 |
+ } |
6840 |
+ |
6841 |
++static struct bdi_writeback *inode_to_wb_and_lock_list(struct inode *inode) __acquires(&wb->list_lock); |
6842 |
+ static struct bdi_writeback *inode_to_wb_and_lock_list(struct inode *inode) |
6843 |
+- __acquires(&wb->list_lock) |
6844 |
+ { |
6845 |
+ struct bdi_writeback *wb = inode_to_wb(inode); |
6846 |
+ |
6847 |
+@@ -1127,9 +1127,8 @@ static int write_inode(struct inode *inode, struct writeback_control *wbc) |
6848 |
+ * Wait for writeback on an inode to complete. Called with i_lock held. |
6849 |
+ * Caller must make sure inode cannot go away when we drop i_lock. |
6850 |
+ */ |
6851 |
++static void __inode_wait_for_writeback(struct inode *inode) __must_hold(&inode->i_lock); |
6852 |
+ static void __inode_wait_for_writeback(struct inode *inode) |
6853 |
+- __releases(inode->i_lock) |
6854 |
+- __acquires(inode->i_lock) |
6855 |
+ { |
6856 |
+ DEFINE_WAIT_BIT(wq, &inode->i_state, __I_SYNC); |
6857 |
+ wait_queue_head_t *wqh; |
6858 |
+@@ -1158,8 +1157,8 @@ void inode_wait_for_writeback(struct inode *inode) |
6859 |
+ * held and drops it. It is aimed for callers not holding any inode reference |
6860 |
+ * so once i_lock is dropped, inode can go away. |
6861 |
+ */ |
6862 |
++static void inode_sleep_on_writeback(struct inode *inode) __releases(&inode->i_lock); |
6863 |
+ static void inode_sleep_on_writeback(struct inode *inode) |
6864 |
+- __releases(inode->i_lock) |
6865 |
+ { |
6866 |
+ DEFINE_WAIT(wait); |
6867 |
+ wait_queue_head_t *wqh = bit_waitqueue(&inode->i_state, __I_SYNC); |
6868 |
diff --git a/fs/fs_struct.c b/fs/fs_struct.c |
6869 |
index 7dca743..1ff87ae 100644 |
6870 |
--- a/fs/fs_struct.c |
6871 |
@@ -81099,7 +81545,7 @@ index 14db05d..687f6d8 100644 |
6872 |
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ |
6873 |
|
6874 |
diff --git a/fs/namei.c b/fs/namei.c |
6875 |
-index 36df481..c3045fd 100644 |
6876 |
+index 36df481..cb04cfe 100644 |
6877 |
--- a/fs/namei.c |
6878 |
+++ b/fs/namei.c |
6879 |
@@ -336,17 +336,32 @@ int generic_permission(struct inode *inode, int mask) |
6880 |
@@ -81304,17 +81750,18 @@ index 36df481..c3045fd 100644 |
6881 |
|
6882 |
hash = a = 0; |
6883 |
len = -sizeof(unsigned long); |
6884 |
-@@ -2000,6 +2089,9 @@ static const char *path_init(struct nameidata *nd, unsigned flags) |
6885 |
+@@ -1999,7 +2088,9 @@ static const char *path_init(struct nameidata *nd, unsigned flags) |
6886 |
+ nd->last_type = LAST_ROOT; /* if there are only slashes... */ |
6887 |
nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT; |
6888 |
nd->depth = 0; |
6889 |
- nd->total_link_count = 0; |
6890 |
+- nd->total_link_count = 0; |
6891 |
+#ifdef CONFIG_GRKERNSEC_SYMLINKOWN |
6892 |
+ nd->symlinkown_depth = 0; |
6893 |
+#endif |
6894 |
if (flags & LOOKUP_ROOT) { |
6895 |
struct dentry *root = nd->root.dentry; |
6896 |
struct inode *inode = root->d_inode; |
6897 |
-@@ -2137,6 +2229,11 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path |
6898 |
+@@ -2137,6 +2228,11 @@ static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path |
6899 |
if (!err) |
6900 |
err = complete_walk(nd); |
6901 |
|
6902 |
@@ -81326,7 +81773,7 @@ index 36df481..c3045fd 100644 |
6903 |
if (!err && nd->flags & LOOKUP_DIRECTORY) |
6904 |
if (!d_can_lookup(nd->path.dentry)) |
6905 |
err = -ENOTDIR; |
6906 |
-@@ -2185,6 +2282,10 @@ static int path_parentat(struct nameidata *nd, unsigned flags, |
6907 |
+@@ -2185,6 +2281,10 @@ static int path_parentat(struct nameidata *nd, unsigned flags, |
6908 |
err = link_path_walk(s, nd); |
6909 |
if (!err) |
6910 |
err = complete_walk(nd); |
6911 |
@@ -81337,7 +81784,7 @@ index 36df481..c3045fd 100644 |
6912 |
if (!err) { |
6913 |
*parent = nd->path; |
6914 |
nd->path.mnt = NULL; |
6915 |
-@@ -2716,6 +2817,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
6916 |
+@@ -2716,6 +2816,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
6917 |
if (flag & O_NOATIME && !inode_owner_or_capable(inode)) |
6918 |
return -EPERM; |
6919 |
|
6920 |
@@ -81351,7 +81798,7 @@ index 36df481..c3045fd 100644 |
6921 |
return 0; |
6922 |
} |
6923 |
|
6924 |
-@@ -2982,6 +3090,18 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
6925 |
+@@ -2982,6 +3089,18 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
6926 |
/* Negative dentry, just create the file */ |
6927 |
if (!dentry->d_inode && (op->open_flag & O_CREAT)) { |
6928 |
umode_t mode = op->mode; |
6929 |
@@ -81370,7 +81817,7 @@ index 36df481..c3045fd 100644 |
6930 |
if (!IS_POSIXACL(dir->d_inode)) |
6931 |
mode &= ~current_umask(); |
6932 |
/* |
6933 |
-@@ -3003,6 +3123,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
6934 |
+@@ -3003,6 +3122,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
6935 |
nd->flags & LOOKUP_EXCL); |
6936 |
if (error) |
6937 |
goto out_dput; |
6938 |
@@ -81379,7 +81826,7 @@ index 36df481..c3045fd 100644 |
6939 |
} |
6940 |
out_no_open: |
6941 |
path->dentry = dentry; |
6942 |
-@@ -3066,6 +3188,9 @@ static int do_last(struct nameidata *nd, |
6943 |
+@@ -3066,6 +3187,9 @@ static int do_last(struct nameidata *nd, |
6944 |
if (error) |
6945 |
return error; |
6946 |
|
6947 |
@@ -81389,7 +81836,7 @@ index 36df481..c3045fd 100644 |
6948 |
audit_inode(nd->name, dir, LOOKUP_PARENT); |
6949 |
/* trailing slashes? */ |
6950 |
if (unlikely(nd->last.name[nd->last.len])) |
6951 |
-@@ -3108,11 +3233,24 @@ retry_lookup: |
6952 |
+@@ -3108,11 +3232,24 @@ retry_lookup: |
6953 |
goto finish_open_created; |
6954 |
} |
6955 |
|
6956 |
@@ -81415,7 +81862,7 @@ index 36df481..c3045fd 100644 |
6957 |
|
6958 |
/* |
6959 |
* If atomic_open() acquired write access it is dropped now due to |
6960 |
-@@ -3148,6 +3286,11 @@ finish_lookup: |
6961 |
+@@ -3148,6 +3285,11 @@ finish_lookup: |
6962 |
if (unlikely(error)) |
6963 |
return error; |
6964 |
|
6965 |
@@ -81427,7 +81874,7 @@ index 36df481..c3045fd 100644 |
6966 |
if (unlikely(d_is_symlink(path.dentry)) && !(open_flag & O_PATH)) { |
6967 |
path_to_nameidata(&path, nd); |
6968 |
return -ELOOP; |
6969 |
-@@ -3170,6 +3313,12 @@ finish_open: |
6970 |
+@@ -3170,6 +3312,12 @@ finish_open: |
6971 |
path_put(&save_parent); |
6972 |
return error; |
6973 |
} |
6974 |
@@ -81440,7 +81887,7 @@ index 36df481..c3045fd 100644 |
6975 |
audit_inode(nd->name, nd->path.dentry, 0); |
6976 |
error = -EISDIR; |
6977 |
if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) |
6978 |
-@@ -3436,9 +3585,11 @@ static struct dentry *filename_create(int dfd, struct filename *name, |
6979 |
+@@ -3436,9 +3584,11 @@ static struct dentry *filename_create(int dfd, struct filename *name, |
6980 |
goto unlock; |
6981 |
|
6982 |
error = -EEXIST; |
6983 |
@@ -81454,7 +81901,7 @@ index 36df481..c3045fd 100644 |
6984 |
/* |
6985 |
* Special case - lookup gave negative, but... we had foo/bar/ |
6986 |
* From the vfs_mknod() POV we just have a negative dentry - |
6987 |
-@@ -3492,6 +3643,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname, |
6988 |
+@@ -3492,6 +3642,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname, |
6989 |
} |
6990 |
EXPORT_SYMBOL(user_path_create); |
6991 |
|
6992 |
@@ -81475,7 +81922,7 @@ index 36df481..c3045fd 100644 |
6993 |
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) |
6994 |
{ |
6995 |
int error = may_create(dir, dentry); |
6996 |
-@@ -3555,6 +3720,17 @@ retry: |
6997 |
+@@ -3555,6 +3719,17 @@ retry: |
6998 |
|
6999 |
if (!IS_POSIXACL(path.dentry->d_inode)) |
7000 |
mode &= ~current_umask(); |
7001 |
@@ -81493,7 +81940,7 @@ index 36df481..c3045fd 100644 |
7002 |
error = security_path_mknod(&path, dentry, mode, dev); |
7003 |
if (error) |
7004 |
goto out; |
7005 |
-@@ -3570,6 +3746,8 @@ retry: |
7006 |
+@@ -3570,6 +3745,8 @@ retry: |
7007 |
error = vfs_mknod(path.dentry->d_inode,dentry,mode,0); |
7008 |
break; |
7009 |
} |
7010 |
@@ -81502,7 +81949,7 @@ index 36df481..c3045fd 100644 |
7011 |
out: |
7012 |
done_path_create(&path, dentry); |
7013 |
if (retry_estale(error, lookup_flags)) { |
7014 |
-@@ -3624,9 +3802,16 @@ retry: |
7015 |
+@@ -3624,9 +3801,16 @@ retry: |
7016 |
|
7017 |
if (!IS_POSIXACL(path.dentry->d_inode)) |
7018 |
mode &= ~current_umask(); |
7019 |
@@ -81519,7 +81966,7 @@ index 36df481..c3045fd 100644 |
7020 |
done_path_create(&path, dentry); |
7021 |
if (retry_estale(error, lookup_flags)) { |
7022 |
lookup_flags |= LOOKUP_REVAL; |
7023 |
-@@ -3659,7 +3844,7 @@ void dentry_unhash(struct dentry *dentry) |
7024 |
+@@ -3659,7 +3843,7 @@ void dentry_unhash(struct dentry *dentry) |
7025 |
{ |
7026 |
shrink_dcache_parent(dentry); |
7027 |
spin_lock(&dentry->d_lock); |
7028 |
@@ -81528,7 +81975,7 @@ index 36df481..c3045fd 100644 |
7029 |
__d_drop(dentry); |
7030 |
spin_unlock(&dentry->d_lock); |
7031 |
} |
7032 |
-@@ -3712,6 +3897,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
7033 |
+@@ -3712,6 +3896,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
7034 |
struct path path; |
7035 |
struct qstr last; |
7036 |
int type; |
7037 |
@@ -81537,7 +81984,7 @@ index 36df481..c3045fd 100644 |
7038 |
unsigned int lookup_flags = 0; |
7039 |
retry: |
7040 |
name = user_path_parent(dfd, pathname, |
7041 |
-@@ -3744,10 +3931,20 @@ retry: |
7042 |
+@@ -3744,10 +3930,20 @@ retry: |
7043 |
error = -ENOENT; |
7044 |
goto exit3; |
7045 |
} |
7046 |
@@ -81558,7 +82005,7 @@ index 36df481..c3045fd 100644 |
7047 |
exit3: |
7048 |
dput(dentry); |
7049 |
exit2: |
7050 |
-@@ -3842,6 +4039,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
7051 |
+@@ -3842,6 +4038,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
7052 |
int type; |
7053 |
struct inode *inode = NULL; |
7054 |
struct inode *delegated_inode = NULL; |
7055 |
@@ -81567,7 +82014,7 @@ index 36df481..c3045fd 100644 |
7056 |
unsigned int lookup_flags = 0; |
7057 |
retry: |
7058 |
name = user_path_parent(dfd, pathname, |
7059 |
-@@ -3868,10 +4067,21 @@ retry_deleg: |
7060 |
+@@ -3868,10 +4066,21 @@ retry_deleg: |
7061 |
if (d_is_negative(dentry)) |
7062 |
goto slashes; |
7063 |
ihold(inode); |
7064 |
@@ -81589,7 +82036,7 @@ index 36df481..c3045fd 100644 |
7065 |
exit2: |
7066 |
dput(dentry); |
7067 |
} |
7068 |
-@@ -3960,9 +4170,17 @@ retry: |
7069 |
+@@ -3960,9 +4169,17 @@ retry: |
7070 |
if (IS_ERR(dentry)) |
7071 |
goto out_putname; |
7072 |
|
7073 |
@@ -81607,7 +82054,7 @@ index 36df481..c3045fd 100644 |
7074 |
done_path_create(&path, dentry); |
7075 |
if (retry_estale(error, lookup_flags)) { |
7076 |
lookup_flags |= LOOKUP_REVAL; |
7077 |
-@@ -4066,6 +4284,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
7078 |
+@@ -4066,6 +4283,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
7079 |
struct dentry *new_dentry; |
7080 |
struct path old_path, new_path; |
7081 |
struct inode *delegated_inode = NULL; |
7082 |
@@ -81615,7 +82062,7 @@ index 36df481..c3045fd 100644 |
7083 |
int how = 0; |
7084 |
int error; |
7085 |
|
7086 |
-@@ -4089,7 +4308,7 @@ retry: |
7087 |
+@@ -4089,7 +4307,7 @@ retry: |
7088 |
if (error) |
7089 |
return error; |
7090 |
|
7091 |
@@ -81624,7 +82071,7 @@ index 36df481..c3045fd 100644 |
7092 |
(how & LOOKUP_REVAL)); |
7093 |
error = PTR_ERR(new_dentry); |
7094 |
if (IS_ERR(new_dentry)) |
7095 |
-@@ -4101,11 +4320,26 @@ retry: |
7096 |
+@@ -4101,11 +4319,26 @@ retry: |
7097 |
error = may_linkat(&old_path); |
7098 |
if (unlikely(error)) |
7099 |
goto out_dput; |
7100 |
@@ -81651,7 +82098,7 @@ index 36df481..c3045fd 100644 |
7101 |
done_path_create(&new_path, new_dentry); |
7102 |
if (delegated_inode) { |
7103 |
error = break_deleg_wait(&delegated_inode); |
7104 |
-@@ -4420,6 +4654,20 @@ retry_deleg: |
7105 |
+@@ -4420,6 +4653,20 @@ retry_deleg: |
7106 |
if (new_dentry == trap) |
7107 |
goto exit5; |
7108 |
|
7109 |
@@ -81672,7 +82119,7 @@ index 36df481..c3045fd 100644 |
7110 |
error = security_path_rename(&old_path, old_dentry, |
7111 |
&new_path, new_dentry, flags); |
7112 |
if (error) |
7113 |
-@@ -4427,6 +4675,9 @@ retry_deleg: |
7114 |
+@@ -4427,6 +4674,9 @@ retry_deleg: |
7115 |
error = vfs_rename(old_path.dentry->d_inode, old_dentry, |
7116 |
new_path.dentry->d_inode, new_dentry, |
7117 |
&delegated_inode, flags); |
7118 |
@@ -81682,7 +82129,7 @@ index 36df481..c3045fd 100644 |
7119 |
exit5: |
7120 |
dput(new_dentry); |
7121 |
exit4: |
7122 |
-@@ -4483,14 +4734,24 @@ EXPORT_SYMBOL(vfs_whiteout); |
7123 |
+@@ -4483,14 +4733,24 @@ EXPORT_SYMBOL(vfs_whiteout); |
7124 |
|
7125 |
int readlink_copy(char __user *buffer, int buflen, const char *link) |
7126 |
{ |
7127 |
@@ -82400,10 +82847,41 @@ index e33dab2..cdbdad9 100644 |
7128 |
} |
7129 |
} |
7130 |
putname(tmp); |
7131 |
+diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c |
7132 |
+index 871fcb6..f038f64 100644 |
7133 |
+--- a/fs/overlayfs/copy_up.c |
7134 |
++++ b/fs/overlayfs/copy_up.c |
7135 |
+@@ -142,7 +142,7 @@ static char *ovl_read_symlink(struct dentry *realdentry) |
7136 |
+ set_fs(get_ds()); |
7137 |
+ /* The cast to a user pointer is valid due to the set_fs() */ |
7138 |
+ res = inode->i_op->readlink(realdentry, |
7139 |
+- (char __user *)buf, PAGE_SIZE - 1); |
7140 |
++ (char __force_user *)buf, PAGE_SIZE - 1); |
7141 |
+ set_fs(old_fs); |
7142 |
+ if (res < 0) { |
7143 |
+ free_page((unsigned long) buf); |
7144 |
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c |
7145 |
-index ec0c2a0..f9b5b82 100644 |
7146 |
+index ec0c2a0..3a64073 100644 |
7147 |
--- a/fs/overlayfs/inode.c |
7148 |
+++ b/fs/overlayfs/inode.c |
7149 |
+@@ -49,13 +49,13 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr) |
7150 |
+ if (err) |
7151 |
+ goto out; |
7152 |
+ |
7153 |
+- upperdentry = ovl_dentry_upper(dentry); |
7154 |
+- if (upperdentry) { |
7155 |
++ err = ovl_copy_up(dentry); |
7156 |
++ if (!err) { |
7157 |
++ upperdentry = ovl_dentry_upper(dentry); |
7158 |
++ |
7159 |
+ mutex_lock(&upperdentry->d_inode->i_mutex); |
7160 |
+ err = notify_change(upperdentry, attr, NULL); |
7161 |
+ mutex_unlock(&upperdentry->d_inode->i_mutex); |
7162 |
+- } else { |
7163 |
+- err = ovl_copy_up_last(dentry, attr, false); |
7164 |
+ } |
7165 |
+ ovl_drop_write(dentry); |
7166 |
+ out: |
7167 |
@@ -346,6 +346,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) |
7168 |
if (d_is_dir(dentry)) |
7169 |
return d_backing_inode(dentry); |
7170 |
@@ -82803,7 +83281,7 @@ index 1ade120..a86f1a2 100644 |
7171 |
help |
7172 |
Various /proc files exist to monitor process memory utilization: |
7173 |
diff --git a/fs/proc/array.c b/fs/proc/array.c |
7174 |
-index ce065cf..8974fed 100644 |
7175 |
+index 57fde2d..f6c419f 100644 |
7176 |
--- a/fs/proc/array.c |
7177 |
+++ b/fs/proc/array.c |
7178 |
@@ -60,6 +60,7 @@ |
7179 |
@@ -82861,7 +83339,7 @@ index ce065cf..8974fed 100644 |
7180 |
static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
7181 |
struct pid *pid, struct task_struct *task, int whole) |
7182 |
{ |
7183 |
-@@ -390,6 +421,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
7184 |
+@@ -390,9 +421,16 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
7185 |
char tcomm[sizeof(task->comm)]; |
7186 |
unsigned long flags; |
7187 |
|
7188 |
@@ -82874,7 +83352,11 @@ index ce065cf..8974fed 100644 |
7189 |
+ |
7190 |
state = *get_task_state(task); |
7191 |
vsize = eip = esp = 0; |
7192 |
- permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); |
7193 |
+- permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); |
7194 |
++ permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT); |
7195 |
+ mm = get_task_mm(task); |
7196 |
+ if (mm) { |
7197 |
+ vsize = task_vsize(mm); |
7198 |
@@ -460,6 +498,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
7199 |
gtime = task_gtime(task); |
7200 |
} |
7201 |
@@ -82911,7 +83393,7 @@ index ce065cf..8974fed 100644 |
7202 |
seq_put_decimal_ull(m, ' ', esp); |
7203 |
seq_put_decimal_ull(m, ' ', eip); |
7204 |
/* The signal information here is obsolete. |
7205 |
-@@ -515,7 +572,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
7206 |
+@@ -527,7 +584,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
7207 |
seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); |
7208 |
seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); |
7209 |
|
7210 |
@@ -82924,7 +83406,7 @@ index ce065cf..8974fed 100644 |
7211 |
seq_put_decimal_ull(m, ' ', mm->start_data); |
7212 |
seq_put_decimal_ull(m, ' ', mm->end_data); |
7213 |
seq_put_decimal_ull(m, ' ', mm->start_brk); |
7214 |
-@@ -553,8 +614,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, |
7215 |
+@@ -565,8 +626,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, |
7216 |
struct pid *pid, struct task_struct *task) |
7217 |
{ |
7218 |
unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; |
7219 |
@@ -82941,7 +83423,7 @@ index ce065cf..8974fed 100644 |
7220 |
if (mm) { |
7221 |
size = task_statm(mm, &shared, &text, &data, &resident); |
7222 |
mmput(mm); |
7223 |
-@@ -577,6 +645,20 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, |
7224 |
+@@ -589,6 +657,20 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, |
7225 |
return 0; |
7226 |
} |
7227 |
|
7228 |
@@ -82963,7 +83445,7 @@ index ce065cf..8974fed 100644 |
7229 |
static struct pid * |
7230 |
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) |
7231 |
diff --git a/fs/proc/base.c b/fs/proc/base.c |
7232 |
-index aa50d1a..c202cde 100644 |
7233 |
+index 83a43c1..6279ec0 100644 |
7234 |
--- a/fs/proc/base.c |
7235 |
+++ b/fs/proc/base.c |
7236 |
@@ -113,6 +113,14 @@ struct pid_entry { |
7237 |
@@ -83006,7 +83488,8 @@ index aa50d1a..c202cde 100644 |
7238 |
static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns, |
7239 |
struct pid *pid, struct task_struct *task) |
7240 |
{ |
7241 |
- struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ); |
7242 |
+- struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ); |
7243 |
++ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); |
7244 |
if (mm && !IS_ERR(mm)) { |
7245 |
unsigned int nwords = 0; |
7246 |
+ |
7247 |
@@ -83031,7 +83514,25 @@ index aa50d1a..c202cde 100644 |
7248 |
/* |
7249 |
* Provides a wchan file via kallsyms in a proper one-value-per-file format. |
7250 |
* Returns the resolved symbol. If that fails, simply return the address. |
7251 |
-@@ -459,7 +488,7 @@ static void unlock_trace(struct task_struct *task) |
7252 |
+@@ -430,7 +459,7 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns, |
7253 |
+ |
7254 |
+ wchan = get_wchan(task); |
7255 |
+ |
7256 |
+- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname)) |
7257 |
++ if (wchan && !lookup_symbol_name(wchan, symname) && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) |
7258 |
+ seq_printf(m, "%s", symname); |
7259 |
+ else |
7260 |
+ seq_putc(m, '0'); |
7261 |
+@@ -444,7 +473,7 @@ static int lock_trace(struct task_struct *task) |
7262 |
+ int err = mutex_lock_killable(&task->signal->cred_guard_mutex); |
7263 |
+ if (err) |
7264 |
+ return err; |
7265 |
+- if (!ptrace_may_access(task, PTRACE_MODE_ATTACH)) { |
7266 |
++ if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) { |
7267 |
+ mutex_unlock(&task->signal->cred_guard_mutex); |
7268 |
+ return -EPERM; |
7269 |
+ } |
7270 |
+@@ -456,7 +485,7 @@ static void unlock_trace(struct task_struct *task) |
7271 |
mutex_unlock(&task->signal->cred_guard_mutex); |
7272 |
} |
7273 |
|
7274 |
@@ -83040,7 +83541,7 @@ index aa50d1a..c202cde 100644 |
7275 |
|
7276 |
#define MAX_STACK_TRACE_DEPTH 64 |
7277 |
|
7278 |
-@@ -657,7 +686,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns, |
7279 |
+@@ -654,7 +683,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns, |
7280 |
return 0; |
7281 |
} |
7282 |
|
7283 |
@@ -83049,7 +83550,7 @@ index aa50d1a..c202cde 100644 |
7284 |
static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, |
7285 |
struct pid *pid, struct task_struct *task) |
7286 |
{ |
7287 |
-@@ -690,7 +719,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, |
7288 |
+@@ -687,7 +716,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, |
7289 |
/************************************************************************/ |
7290 |
|
7291 |
/* permission checks */ |
7292 |
@@ -83058,19 +83559,19 @@ index aa50d1a..c202cde 100644 |
7293 |
{ |
7294 |
struct task_struct *task; |
7295 |
int allowed = 0; |
7296 |
-@@ -700,7 +729,10 @@ static int proc_fd_access_allowed(struct inode *inode) |
7297 |
+@@ -697,7 +726,10 @@ static int proc_fd_access_allowed(struct inode *inode) |
7298 |
*/ |
7299 |
task = get_proc_task(inode); |
7300 |
if (task) { |
7301 |
- allowed = ptrace_may_access(task, PTRACE_MODE_READ); |
7302 |
+ if (log) |
7303 |
-+ allowed = ptrace_may_access(task, PTRACE_MODE_READ); |
7304 |
++ allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); |
7305 |
+ else |
7306 |
-+ allowed = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); |
7307 |
++ allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT); |
7308 |
put_task_struct(task); |
7309 |
} |
7310 |
return allowed; |
7311 |
-@@ -731,10 +763,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, |
7312 |
+@@ -728,11 +760,36 @@ static bool has_pid_permissions(struct pid_namespace *pid, |
7313 |
struct task_struct *task, |
7314 |
int hide_pid_min) |
7315 |
{ |
7316 |
@@ -83095,18 +83596,20 @@ index aa50d1a..c202cde 100644 |
7317 |
+ rcu_read_unlock(); |
7318 |
+ |
7319 |
+ if (!pid->hide_pid) |
7320 |
-+ return ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); |
7321 |
++ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT); |
7322 |
+#endif |
7323 |
+ |
7324 |
if (pid->hide_pid < hide_pid_min) |
7325 |
return true; |
7326 |
if (in_group_p(pid->pid_gid)) |
7327 |
return true; |
7328 |
+- return ptrace_may_access(task, PTRACE_MODE_READ); |
7329 |
+ |
7330 |
- return ptrace_may_access(task, PTRACE_MODE_READ); |
7331 |
++ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); |
7332 |
} |
7333 |
|
7334 |
-@@ -752,7 +809,11 @@ static int proc_pid_permission(struct inode *inode, int mask) |
7335 |
+ |
7336 |
+@@ -749,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask) |
7337 |
put_task_struct(task); |
7338 |
|
7339 |
if (!has_perms) { |
7340 |
@@ -83118,10 +83621,12 @@ index aa50d1a..c202cde 100644 |
7341 |
/* |
7342 |
* Let's make getdents(), stat(), and open() |
7343 |
* consistent with each other. If a process |
7344 |
-@@ -813,6 +874,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) |
7345 |
+@@ -809,7 +870,11 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) |
7346 |
+ struct mm_struct *mm = ERR_PTR(-ESRCH); |
7347 |
|
7348 |
if (task) { |
7349 |
- mm = mm_access(task, mode); |
7350 |
+- mm = mm_access(task, mode); |
7351 |
++ mm = mm_access(task, mode | PTRACE_MODE_FSCREDS); |
7352 |
+ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) { |
7353 |
+ mmput(mm); |
7354 |
+ mm = ERR_PTR(-EPERM); |
7355 |
@@ -83129,7 +83634,7 @@ index aa50d1a..c202cde 100644 |
7356 |
put_task_struct(task); |
7357 |
|
7358 |
if (!IS_ERR_OR_NULL(mm)) { |
7359 |
-@@ -834,6 +899,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) |
7360 |
+@@ -831,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) |
7361 |
return PTR_ERR(mm); |
7362 |
|
7363 |
file->private_data = mm; |
7364 |
@@ -83141,7 +83646,7 @@ index aa50d1a..c202cde 100644 |
7365 |
return 0; |
7366 |
} |
7367 |
|
7368 |
-@@ -855,6 +925,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, |
7369 |
+@@ -852,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, |
7370 |
ssize_t copied; |
7371 |
char *page; |
7372 |
|
7373 |
@@ -83159,7 +83664,7 @@ index aa50d1a..c202cde 100644 |
7374 |
if (!mm) |
7375 |
return 0; |
7376 |
|
7377 |
-@@ -867,7 +948,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, |
7378 |
+@@ -864,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, |
7379 |
goto free; |
7380 |
|
7381 |
while (count > 0) { |
7382 |
@@ -83168,7 +83673,7 @@ index aa50d1a..c202cde 100644 |
7383 |
|
7384 |
if (write && copy_from_user(page, buf, this_len)) { |
7385 |
copied = -EFAULT; |
7386 |
-@@ -959,6 +1040,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
7387 |
+@@ -956,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
7388 |
if (!mm) |
7389 |
return 0; |
7390 |
|
7391 |
@@ -83182,7 +83687,7 @@ index aa50d1a..c202cde 100644 |
7392 |
page = (char *)__get_free_page(GFP_TEMPORARY); |
7393 |
if (!page) |
7394 |
return -ENOMEM; |
7395 |
-@@ -968,7 +1056,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
7396 |
+@@ -965,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, |
7397 |
goto free; |
7398 |
while (count > 0) { |
7399 |
size_t this_len, max_len; |
7400 |
@@ -83191,7 +83696,7 @@ index aa50d1a..c202cde 100644 |
7401 |
|
7402 |
if (src >= (mm->env_end - mm->env_start)) |
7403 |
break; |
7404 |
-@@ -1582,7 +1670,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie) |
7405 |
+@@ -1579,7 +1667,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie) |
7406 |
int error = -EACCES; |
7407 |
|
7408 |
/* Are we allowed to snoop on the tasks file descriptors? */ |
7409 |
@@ -83200,7 +83705,7 @@ index aa50d1a..c202cde 100644 |
7410 |
goto out; |
7411 |
|
7412 |
error = PROC_I(inode)->op.proc_get_link(dentry, &path); |
7413 |
-@@ -1626,8 +1714,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b |
7414 |
+@@ -1623,8 +1711,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b |
7415 |
struct path path; |
7416 |
|
7417 |
/* Are we allowed to snoop on the tasks file descriptors? */ |
7418 |
@@ -83221,7 +83726,7 @@ index aa50d1a..c202cde 100644 |
7419 |
|
7420 |
error = PROC_I(inode)->op.proc_get_link(dentry, &path); |
7421 |
if (error) |
7422 |
-@@ -1677,7 +1775,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t |
7423 |
+@@ -1674,7 +1772,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t |
7424 |
rcu_read_lock(); |
7425 |
cred = __task_cred(task); |
7426 |
inode->i_uid = cred->euid; |
7427 |
@@ -83233,7 +83738,7 @@ index aa50d1a..c202cde 100644 |
7428 |
rcu_read_unlock(); |
7429 |
} |
7430 |
security_task_to_inode(task, inode); |
7431 |
-@@ -1713,10 +1815,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) |
7432 |
+@@ -1710,10 +1812,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) |
7433 |
return -ENOENT; |
7434 |
} |
7435 |
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
7436 |
@@ -83253,7 +83758,7 @@ index aa50d1a..c202cde 100644 |
7437 |
} |
7438 |
} |
7439 |
rcu_read_unlock(); |
7440 |
-@@ -1754,11 +1865,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) |
7441 |
+@@ -1751,11 +1862,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) |
7442 |
|
7443 |
if (task) { |
7444 |
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || |
7445 |
@@ -83274,7 +83779,34 @@ index aa50d1a..c202cde 100644 |
7446 |
rcu_read_unlock(); |
7447 |
} else { |
7448 |
inode->i_uid = GLOBAL_ROOT_UID; |
7449 |
-@@ -2290,6 +2410,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, |
7450 |
+@@ -1871,7 +1991,7 @@ static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags) |
7451 |
+ if (!task) |
7452 |
+ goto out_notask; |
7453 |
+ |
7454 |
+- mm = mm_access(task, PTRACE_MODE_READ); |
7455 |
++ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); |
7456 |
+ if (IS_ERR_OR_NULL(mm)) |
7457 |
+ goto out; |
7458 |
+ |
7459 |
+@@ -2003,7 +2123,7 @@ static struct dentry *proc_map_files_lookup(struct inode *dir, |
7460 |
+ goto out; |
7461 |
+ |
7462 |
+ result = -EACCES; |
7463 |
+- if (!ptrace_may_access(task, PTRACE_MODE_READ)) |
7464 |
++ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) |
7465 |
+ goto out_put_task; |
7466 |
+ |
7467 |
+ result = -ENOENT; |
7468 |
+@@ -2060,7 +2180,7 @@ proc_map_files_readdir(struct file *file, struct dir_context *ctx) |
7469 |
+ goto out; |
7470 |
+ |
7471 |
+ ret = -EACCES; |
7472 |
+- if (!ptrace_may_access(task, PTRACE_MODE_READ)) |
7473 |
++ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) |
7474 |
+ goto out_put_task; |
7475 |
+ |
7476 |
+ ret = 0; |
7477 |
+@@ -2287,6 +2407,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, |
7478 |
if (!task) |
7479 |
goto out_no_task; |
7480 |
|
7481 |
@@ -83284,7 +83816,7 @@ index aa50d1a..c202cde 100644 |
7482 |
/* |
7483 |
* Yes, it does not scale. And it should not. Don't add |
7484 |
* new entries into /proc/<tgid>/ without very good reasons. |
7485 |
-@@ -2320,6 +2443,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, |
7486 |
+@@ -2317,6 +2440,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, |
7487 |
if (!task) |
7488 |
return -ENOENT; |
7489 |
|
7490 |
@@ -83294,7 +83826,16 @@ index aa50d1a..c202cde 100644 |
7491 |
if (!dir_emit_dots(file, ctx)) |
7492 |
goto out; |
7493 |
|
7494 |
-@@ -2764,7 +2890,7 @@ static const struct pid_entry tgid_base_stuff[] = { |
7495 |
+@@ -2540,7 +2666,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh |
7496 |
+ if (result) |
7497 |
+ return result; |
7498 |
+ |
7499 |
+- if (!ptrace_may_access(task, PTRACE_MODE_READ)) { |
7500 |
++ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { |
7501 |
+ result = -EACCES; |
7502 |
+ goto out_unlock; |
7503 |
+ } |
7504 |
+@@ -2761,7 +2887,7 @@ static const struct pid_entry tgid_base_stuff[] = { |
7505 |
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), |
7506 |
#endif |
7507 |
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
7508 |
@@ -83303,7 +83844,7 @@ index aa50d1a..c202cde 100644 |
7509 |
ONE("syscall", S_IRUSR, proc_pid_syscall), |
7510 |
#endif |
7511 |
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), |
7512 |
-@@ -2789,10 +2915,10 @@ static const struct pid_entry tgid_base_stuff[] = { |
7513 |
+@@ -2786,10 +2912,10 @@ static const struct pid_entry tgid_base_stuff[] = { |
7514 |
#ifdef CONFIG_SECURITY |
7515 |
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), |
7516 |
#endif |
7517 |
@@ -83316,7 +83857,7 @@ index aa50d1a..c202cde 100644 |
7518 |
ONE("stack", S_IRUSR, proc_pid_stack), |
7519 |
#endif |
7520 |
#ifdef CONFIG_SCHED_INFO |
7521 |
-@@ -2826,6 +2952,9 @@ static const struct pid_entry tgid_base_stuff[] = { |
7522 |
+@@ -2823,6 +2949,9 @@ static const struct pid_entry tgid_base_stuff[] = { |
7523 |
#ifdef CONFIG_HARDWALL |
7524 |
ONE("hardwall", S_IRUGO, proc_pid_hardwall), |
7525 |
#endif |
7526 |
@@ -83326,7 +83867,7 @@ index aa50d1a..c202cde 100644 |
7527 |
#ifdef CONFIG_USER_NS |
7528 |
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), |
7529 |
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), |
7530 |
-@@ -2958,7 +3087,14 @@ static int proc_pid_instantiate(struct inode *dir, |
7531 |
+@@ -2955,7 +3084,14 @@ static int proc_pid_instantiate(struct inode *dir, |
7532 |
if (!inode) |
7533 |
goto out; |
7534 |
|
7535 |
@@ -83341,7 +83882,7 @@ index aa50d1a..c202cde 100644 |
7536 |
inode->i_op = &proc_tgid_base_inode_operations; |
7537 |
inode->i_fop = &proc_tgid_base_operations; |
7538 |
inode->i_flags|=S_IMMUTABLE; |
7539 |
-@@ -2996,7 +3132,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign |
7540 |
+@@ -2993,7 +3129,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign |
7541 |
if (!task) |
7542 |
goto out; |
7543 |
|
7544 |
@@ -83353,7 +83894,7 @@ index aa50d1a..c202cde 100644 |
7545 |
put_task_struct(task); |
7546 |
out: |
7547 |
return ERR_PTR(result); |
7548 |
-@@ -3110,7 +3250,7 @@ static const struct pid_entry tid_base_stuff[] = { |
7549 |
+@@ -3107,7 +3247,7 @@ static const struct pid_entry tid_base_stuff[] = { |
7550 |
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), |
7551 |
#endif |
7552 |
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
7553 |
@@ -83362,7 +83903,7 @@ index aa50d1a..c202cde 100644 |
7554 |
ONE("syscall", S_IRUSR, proc_pid_syscall), |
7555 |
#endif |
7556 |
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), |
7557 |
-@@ -3137,10 +3277,10 @@ static const struct pid_entry tid_base_stuff[] = { |
7558 |
+@@ -3134,10 +3274,10 @@ static const struct pid_entry tid_base_stuff[] = { |
7559 |
#ifdef CONFIG_SECURITY |
7560 |
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), |
7561 |
#endif |
7562 |
@@ -83778,6 +84319,28 @@ index d3ebf2e..abe1823 100644 |
7563 |
#endif |
7564 |
#ifdef CONFIG_TRANSPARENT_HUGEPAGE |
7565 |
, K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) * |
7566 |
+diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c |
7567 |
+index f6e8354..1b0ea4a 100644 |
7568 |
+--- a/fs/proc/namespaces.c |
7569 |
++++ b/fs/proc/namespaces.c |
7570 |
+@@ -42,7 +42,7 @@ static const char *proc_ns_follow_link(struct dentry *dentry, void **cookie) |
7571 |
+ if (!task) |
7572 |
+ return error; |
7573 |
+ |
7574 |
+- if (ptrace_may_access(task, PTRACE_MODE_READ)) { |
7575 |
++ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { |
7576 |
+ error = ns_get_path(&ns_path, task, ns_ops); |
7577 |
+ if (!error) |
7578 |
+ nd_jump_link(&ns_path); |
7579 |
+@@ -63,7 +63,7 @@ static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int bufl |
7580 |
+ if (!task) |
7581 |
+ return res; |
7582 |
+ |
7583 |
+- if (ptrace_may_access(task, PTRACE_MODE_READ)) { |
7584 |
++ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { |
7585 |
+ res = ns_get_name(name, sizeof(name), task, ns_ops); |
7586 |
+ if (res >= 0) |
7587 |
+ res = readlink_copy(buffer, buflen, name); |
7588 |
diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c |
7589 |
index f8595e8..e0d13cbd 100644 |
7590 |
--- a/fs/proc/nommu.c |
7591 |
@@ -84213,7 +84776,7 @@ index 510413eb..34d9a8c 100644 |
7592 |
seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); |
7593 |
|
7594 |
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
7595 |
-index ca1e091..12dd9f1 100644 |
7596 |
+index ca1e091..41c80d6 100644 |
7597 |
--- a/fs/proc/task_mmu.c |
7598 |
+++ b/fs/proc/task_mmu.c |
7599 |
@@ -13,12 +13,19 @@ |
7600 |
@@ -84381,6 +84944,15 @@ index ca1e091..12dd9f1 100644 |
7601 |
mss.resident >> 10, |
7602 |
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)), |
7603 |
mss.shared_clean >> 10, |
7604 |
+@@ -1257,7 +1308,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf, |
7605 |
+ if (!pm.buffer) |
7606 |
+ goto out_task; |
7607 |
+ |
7608 |
+- mm = mm_access(task, PTRACE_MODE_READ); |
7609 |
++ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); |
7610 |
+ ret = PTR_ERR(mm); |
7611 |
+ if (!mm || IS_ERR(mm)) |
7612 |
+ goto out_free; |
7613 |
@@ -1491,6 +1542,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) |
7614 |
char buffer[64]; |
7615 |
int nid; |
7616 |
@@ -84540,7 +85112,7 @@ index 819ef3f..f07222d 100644 |
7617 |
count = MAX_RW_COUNT; |
7618 |
ret = __vfs_write(file, p, count, pos); |
7619 |
diff --git a/fs/readdir.c b/fs/readdir.c |
7620 |
-index ced6791..936687b 100644 |
7621 |
+index ced6791..e0500c1 100644 |
7622 |
--- a/fs/readdir.c |
7623 |
+++ b/fs/readdir.c |
7624 |
@@ -18,6 +18,7 @@ |
7625 |
@@ -84624,7 +85196,7 @@ index ced6791..936687b 100644 |
7626 |
dirent = buf->previous; |
7627 |
if (dirent) { |
7628 |
if (__put_user(offset, &dirent->d_off)) |
7629 |
-@@ -293,6 +311,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, |
7630 |
+@@ -293,13 +311,13 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, |
7631 |
if (!f.file) |
7632 |
return -EBADF; |
7633 |
|
7634 |
@@ -84632,6 +85204,14 @@ index ced6791..936687b 100644 |
7635 |
error = iterate_dir(f.file, &buf.ctx); |
7636 |
if (error >= 0) |
7637 |
error = buf.error; |
7638 |
+ lastdirent = buf.previous; |
7639 |
+ if (lastdirent) { |
7640 |
+- typeof(lastdirent->d_off) d_off = buf.ctx.pos; |
7641 |
+- if (__put_user(d_off, &lastdirent->d_off)) |
7642 |
++ if (__put_user(buf.ctx.pos, &lastdirent->d_off)) |
7643 |
+ error = -EFAULT; |
7644 |
+ else |
7645 |
+ error = count - buf.count; |
7646 |
diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c |
7647 |
index 9c02d96..6562c10 100644 |
7648 |
--- a/fs/reiserfs/do_balan.c |
7649 |
@@ -85116,6 +85696,20 @@ index cccc1aa..7fe8951 100644 |
7650 |
|
7651 |
generic_fillattr(inode, stat); |
7652 |
return 0; |
7653 |
+diff --git a/fs/super.c b/fs/super.c |
7654 |
+index b613723..08704f9 100644 |
7655 |
+--- a/fs/super.c |
7656 |
++++ b/fs/super.c |
7657 |
+@@ -333,7 +333,8 @@ EXPORT_SYMBOL(deactivate_super); |
7658 |
+ * called for superblocks not in rundown mode (== ones still on ->fs_supers |
7659 |
+ * of their type), so increment of ->s_count is OK here. |
7660 |
+ */ |
7661 |
+-static int grab_super(struct super_block *s) __releases(sb_lock) |
7662 |
++static int grab_super(struct super_block *s) __releases(&sb_lock); |
7663 |
++static int grab_super(struct super_block *s) |
7664 |
+ { |
7665 |
+ s->s_count++; |
7666 |
+ spin_unlock(&sb_lock); |
7667 |
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c |
7668 |
index 94374e4..b5da3a1 100644 |
7669 |
--- a/fs/sysfs/dir.c |
7670 |
@@ -97754,7 +98348,7 @@ index ea17cca..dd56e56 100644 |
7671 |
if (small_const_nbits(nbits)) |
7672 |
return hweight_long(*src & BITMAP_LAST_WORD_MASK(nbits)); |
7673 |
diff --git a/include/linux/bitops.h b/include/linux/bitops.h |
7674 |
-index 297f5bd..5892caa 100644 |
7675 |
+index 297f5bd..7812342 100644 |
7676 |
--- a/include/linux/bitops.h |
7677 |
+++ b/include/linux/bitops.h |
7678 |
@@ -75,7 +75,7 @@ static __inline__ int get_count_order(unsigned int count) |
7679 |
@@ -97766,15 +98360,18 @@ index 297f5bd..5892caa 100644 |
7680 |
{ |
7681 |
return sizeof(w) == 4 ? hweight32(w) : hweight64(w); |
7682 |
} |
7683 |
-@@ -105,7 +105,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) |
7684 |
+@@ -105,9 +105,9 @@ static inline __u64 ror64(__u64 word, unsigned int shift) |
7685 |
* @word: value to rotate |
7686 |
* @shift: bits to roll |
7687 |
*/ |
7688 |
-static inline __u32 rol32(__u32 word, unsigned int shift) |
7689 |
+static inline __u32 __intentional_overflow(-1) rol32(__u32 word, unsigned int shift) |
7690 |
{ |
7691 |
- return (word << shift) | (word >> (32 - shift)); |
7692 |
+- return (word << shift) | (word >> (32 - shift)); |
7693 |
++ return (word << shift) | (word >> ((-shift) & 31)); |
7694 |
} |
7695 |
+ |
7696 |
+ /** |
7697 |
@@ -115,7 +115,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift) |
7698 |
* @word: value to rotate |
7699 |
* @shift: bits to roll |
7700 |
@@ -97994,7 +98591,7 @@ index dfaa7b3..58cebfb 100644 |
7701 |
* Mark a position in code as unreachable. This can be used to |
7702 |
* suppress control flow warnings after asm blocks that transfer |
7703 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
7704 |
-index e08a6ae..8d965c5 100644 |
7705 |
+index e08a6ae..42d2098 100644 |
7706 |
--- a/include/linux/compiler.h |
7707 |
+++ b/include/linux/compiler.h |
7708 |
@@ -5,11 +5,14 @@ |
7709 |
@@ -98012,7 +98609,7 @@ index e08a6ae..8d965c5 100644 |
7710 |
# define __must_hold(x) __attribute__((context(x,1,1))) |
7711 |
# define __acquires(x) __attribute__((context(x,0,1))) |
7712 |
# define __releases(x) __attribute__((context(x,1,0))) |
7713 |
-@@ -17,21 +20,39 @@ |
7714 |
+@@ -17,33 +20,78 @@ |
7715 |
# define __release(x) __context__(x,-1) |
7716 |
# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0) |
7717 |
# define __percpu __attribute__((noderef, address_space(3))) |
7718 |
@@ -98032,10 +98629,34 @@ index e08a6ae..8d965c5 100644 |
7719 |
-# define __user |
7720 |
-# define __kernel |
7721 |
+# ifdef CHECKER_PLUGIN |
7722 |
++# ifdef CHECKER_PLUGIN_USER |
7723 |
+//# define __user |
7724 |
+//# define __force_user |
7725 |
+//# define __kernel |
7726 |
+//# define __force_kernel |
7727 |
++# else |
7728 |
++# define __user |
7729 |
++# define __force_user |
7730 |
++# define __kernel |
7731 |
++# define __force_kernel |
7732 |
++# endif |
7733 |
++# ifdef CHECKER_PLUGIN_CONTEXT |
7734 |
++# define __must_hold(x) __attribute__((context(#x,1,1))) |
7735 |
++# define __acquires(x) __attribute__((context(#x,0,1))) |
7736 |
++# define __releases(x) __attribute__((context(#x,1,0))) |
7737 |
++# define __acquire(x) __context__(#x,1) |
7738 |
++# define __release(x) __context__(#x,-1) |
7739 |
++# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0) |
7740 |
++# define __cond_unlock(x,c) ((c) ? ({ __release(x); 1; }) : 0) |
7741 |
++# else |
7742 |
++# define __must_hold(x) |
7743 |
++# define __acquires(x) |
7744 |
++# define __releases(x) |
7745 |
++# define __acquire(x) (void)0 |
7746 |
++# define __release(x) (void)0 |
7747 |
++# define __cond_lock(x,c) (c) |
7748 |
++# define __cond_unlock(x,c) (c) |
7749 |
++# endif |
7750 |
+# else |
7751 |
+# ifdef STRUCTLEAK_PLUGIN |
7752 |
+# define __user __attribute__((user)) |
7753 |
@@ -98045,6 +98666,12 @@ index e08a6ae..8d965c5 100644 |
7754 |
+# define __force_user |
7755 |
+# define __kernel |
7756 |
+# define __force_kernel |
7757 |
++# define __must_hold(x) |
7758 |
++# define __acquires(x) |
7759 |
++# define __releases(x) |
7760 |
++# define __acquire(x) (void)0 |
7761 |
++# define __release(x) (void)0 |
7762 |
++# define __cond_lock(x,c) (c) |
7763 |
+# endif |
7764 |
# define __safe |
7765 |
# define __force |
7766 |
@@ -98054,9 +98681,12 @@ index e08a6ae..8d965c5 100644 |
7767 |
# define __chk_user_ptr(x) (void)0 |
7768 |
# define __chk_io_ptr(x) (void)0 |
7769 |
# define __builtin_warning(x, y...) (1) |
7770 |
-@@ -42,8 +63,11 @@ extern void __chk_io_ptr(const volatile void __iomem *); |
7771 |
- # define __release(x) (void)0 |
7772 |
- # define __cond_lock(x,c) (c) |
7773 |
+-# define __must_hold(x) |
7774 |
+-# define __acquires(x) |
7775 |
+-# define __releases(x) |
7776 |
+-# define __acquire(x) (void)0 |
7777 |
+-# define __release(x) (void)0 |
7778 |
+-# define __cond_lock(x,c) (c) |
7779 |
# define __percpu |
7780 |
+# define __force_percpu |
7781 |
# define __rcu |
7782 |
@@ -98066,7 +98696,7 @@ index e08a6ae..8d965c5 100644 |
7783 |
#endif |
7784 |
|
7785 |
/* Indirect macros required for expanded argument pasting, eg. __LINE__. */ |
7786 |
-@@ -198,34 +222,6 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
7787 |
+@@ -198,34 +246,6 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); |
7788 |
|
7789 |
#include <uapi/linux/types.h> |
7790 |
|
7791 |
@@ -98101,7 +98731,7 @@ index e08a6ae..8d965c5 100644 |
7792 |
/* |
7793 |
* Prevent the compiler from merging or refetching reads or writes. The |
7794 |
* compiler is also forbidden from reordering successive instances of |
7795 |
-@@ -248,11 +244,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7796 |
+@@ -248,11 +268,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7797 |
* required ordering. |
7798 |
*/ |
7799 |
|
7800 |
@@ -98122,7 +98752,7 @@ index e08a6ae..8d965c5 100644 |
7801 |
|
7802 |
/** |
7803 |
* READ_ONCE_CTRL - Read a value heading a control dependency |
7804 |
-@@ -370,6 +371,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7805 |
+@@ -370,6 +395,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7806 |
# define __attribute_const__ /* unimplemented */ |
7807 |
#endif |
7808 |
|
7809 |
@@ -98161,7 +98791,7 @@ index e08a6ae..8d965c5 100644 |
7810 |
/* |
7811 |
* Tell gcc if a function is cold. The compiler will assume any path |
7812 |
* directly leading to the call is unlikely. |
7813 |
-@@ -379,6 +412,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7814 |
+@@ -379,6 +436,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7815 |
#define __cold |
7816 |
#endif |
7817 |
|
7818 |
@@ -98184,7 +98814,7 @@ index e08a6ae..8d965c5 100644 |
7819 |
/* Simple shorthand for a section definition */ |
7820 |
#ifndef __section |
7821 |
# define __section(S) __attribute__ ((__section__(#S))) |
7822 |
-@@ -393,6 +442,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7823 |
+@@ -393,6 +466,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7824 |
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) |
7825 |
#endif |
7826 |
|
7827 |
@@ -98193,7 +98823,7 @@ index e08a6ae..8d965c5 100644 |
7828 |
/* Is this type a native word size -- useful for atomic operations */ |
7829 |
#ifndef __native_word |
7830 |
# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) |
7831 |
-@@ -472,8 +523,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7832 |
+@@ -472,8 +547,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
7833 |
*/ |
7834 |
#define __ACCESS_ONCE(x) ({ \ |
7835 |
__maybe_unused typeof(x) __var = (__force typeof(x)) 0; \ |
7836 |
@@ -102074,6 +102704,41 @@ index 42dfc61..8113a99 100644 |
7837 |
|
7838 |
extern const struct proc_ns_operations netns_operations; |
7839 |
extern const struct proc_ns_operations utsns_operations; |
7840 |
+diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
7841 |
+index 987a73a..998c098 100644 |
7842 |
+--- a/include/linux/ptrace.h |
7843 |
++++ b/include/linux/ptrace.h |
7844 |
+@@ -56,7 +56,29 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead); |
7845 |
+ #define PTRACE_MODE_READ 0x01 |
7846 |
+ #define PTRACE_MODE_ATTACH 0x02 |
7847 |
+ #define PTRACE_MODE_NOAUDIT 0x04 |
7848 |
+-/* Returns true on success, false on denial. */ |
7849 |
++#define PTRACE_MODE_FSCREDS 0x08 |
7850 |
++#define PTRACE_MODE_REALCREDS 0x10 |
7851 |
++ |
7852 |
++/* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */ |
7853 |
++#define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS) |
7854 |
++#define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS) |
7855 |
++#define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS) |
7856 |
++#define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS) |
7857 |
++ |
7858 |
++/** |
7859 |
++ * ptrace_may_access - check whether the caller is permitted to access |
7860 |
++ * a target task. |
7861 |
++ * @task: target task |
7862 |
++ * @mode: selects type of access and caller credentials |
7863 |
++ * |
7864 |
++ * Returns true on success, false on denial. |
7865 |
++ * |
7866 |
++ * One of the flags PTRACE_MODE_FSCREDS and PTRACE_MODE_REALCREDS must |
7867 |
++ * be set in @mode to specify whether the access was requested through |
7868 |
++ * a filesystem syscall (should use effective capabilities and fsuid |
7869 |
++ * of the caller) or through an explicit syscall such as |
7870 |
++ * process_vm_writev or ptrace (and should use the real credentials). |
7871 |
++ */ |
7872 |
+ extern bool ptrace_may_access(struct task_struct *task, unsigned int mode); |
7873 |
+ |
7874 |
+ static inline int ptrace_reparented(struct task_struct *child) |
7875 |
diff --git a/include/linux/quota.h b/include/linux/quota.h |
7876 |
index b2505ac..5f7ab55 100644 |
7877 |
--- a/include/linux/quota.h |
7878 |
@@ -102197,6 +102862,74 @@ index 17c6b1f..a65e3f8 100644 |
7879 |
/** |
7880 |
* hlist_del_init_rcu - deletes entry from hash list with re-initialization |
7881 |
* @n: the element to delete from the hash list. |
7882 |
+diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h |
7883 |
+index 4cf5f51..87c7c91 100644 |
7884 |
+--- a/include/linux/rcupdate.h |
7885 |
++++ b/include/linux/rcupdate.h |
7886 |
+@@ -840,6 +840,7 @@ static inline void rcu_preempt_sleep_check(void) |
7887 |
+ * read-side critical sections may be preempted and they may also block, but |
7888 |
+ * only when acquiring spinlocks that are subject to priority inheritance. |
7889 |
+ */ |
7890 |
++static inline void rcu_read_lock(void) __acquires(RCU); |
7891 |
+ static inline void rcu_read_lock(void) |
7892 |
+ { |
7893 |
+ __rcu_read_lock(); |
7894 |
+@@ -894,6 +895,7 @@ static inline void rcu_read_lock(void) |
7895 |
+ * |
7896 |
+ * See rcu_read_lock() for more information. |
7897 |
+ */ |
7898 |
++static inline void rcu_read_unlock(void) __releases(RCU); |
7899 |
+ static inline void rcu_read_unlock(void) |
7900 |
+ { |
7901 |
+ rcu_lockdep_assert(rcu_is_watching(), |
7902 |
+@@ -920,6 +922,7 @@ static inline void rcu_read_unlock(void) |
7903 |
+ * rcu_read_unlock_bh() from one task if the matching rcu_read_lock_bh() |
7904 |
+ * was invoked from some other task. |
7905 |
+ */ |
7906 |
++static inline void rcu_read_lock_bh(void) __acquires(RCU_BH); |
7907 |
+ static inline void rcu_read_lock_bh(void) |
7908 |
+ { |
7909 |
+ local_bh_disable(); |
7910 |
+@@ -934,6 +937,7 @@ static inline void rcu_read_lock_bh(void) |
7911 |
+ * |
7912 |
+ * See rcu_read_lock_bh() for more information. |
7913 |
+ */ |
7914 |
++static inline void rcu_read_unlock_bh(void) __releases(RCU_BH); |
7915 |
+ static inline void rcu_read_unlock_bh(void) |
7916 |
+ { |
7917 |
+ rcu_lockdep_assert(rcu_is_watching(), |
7918 |
+@@ -956,6 +960,7 @@ static inline void rcu_read_unlock_bh(void) |
7919 |
+ * rcu_read_unlock_sched() from process context if the matching |
7920 |
+ * rcu_read_lock_sched() was invoked from an NMI handler. |
7921 |
+ */ |
7922 |
++static inline void rcu_read_lock_sched(void) __acquires(RCU_SCHED); |
7923 |
+ static inline void rcu_read_lock_sched(void) |
7924 |
+ { |
7925 |
+ preempt_disable(); |
7926 |
+@@ -966,6 +971,7 @@ static inline void rcu_read_lock_sched(void) |
7927 |
+ } |
7928 |
+ |
7929 |
+ /* Used by lockdep and tracing: cannot be traced, cannot call lockdep. */ |
7930 |
++static inline notrace void rcu_read_lock_sched_notrace(void) __acquires(RCU_SCHED); |
7931 |
+ static inline notrace void rcu_read_lock_sched_notrace(void) |
7932 |
+ { |
7933 |
+ preempt_disable_notrace(); |
7934 |
+@@ -977,6 +983,7 @@ static inline notrace void rcu_read_lock_sched_notrace(void) |
7935 |
+ * |
7936 |
+ * See rcu_read_lock_sched for more information. |
7937 |
+ */ |
7938 |
++static inline void rcu_read_unlock_sched(void) __releases(RCU_SCHED); |
7939 |
+ static inline void rcu_read_unlock_sched(void) |
7940 |
+ { |
7941 |
+ rcu_lockdep_assert(rcu_is_watching(), |
7942 |
+@@ -987,6 +994,7 @@ static inline void rcu_read_unlock_sched(void) |
7943 |
+ } |
7944 |
+ |
7945 |
+ /* Used by lockdep and tracing: cannot be traced, cannot call lockdep. */ |
7946 |
++static inline notrace void rcu_read_unlock_sched_notrace(void) __releases(RCU_SCHED); |
7947 |
+ static inline notrace void rcu_read_unlock_sched_notrace(void) |
7948 |
+ { |
7949 |
+ __release(RCU_SCHED); |
7950 |
diff --git a/include/linux/reboot.h b/include/linux/reboot.h |
7951 |
index a7ff409..03e2fa8 100644 |
7952 |
--- a/include/linux/reboot.h |
7953 |
@@ -102324,7 +103057,7 @@ index 9b1ef0c..9fa3feb 100644 |
7954 |
|
7955 |
/* |
7956 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
7957 |
-index bfca8aa..ac50d1b 100644 |
7958 |
+index bfca8aa..d0aedec 100644 |
7959 |
--- a/include/linux/sched.h |
7960 |
+++ b/include/linux/sched.h |
7961 |
@@ -7,7 +7,7 @@ |
7962 |
@@ -102641,6 +103374,15 @@ index bfca8aa..ac50d1b 100644 |
7963 |
extern struct task_struct *find_task_by_pid_ns(pid_t nr, |
7964 |
struct pid_namespace *ns); |
7965 |
|
7966 |
+@@ -2445,7 +2575,7 @@ extern void proc_caches_init(void); |
7967 |
+ extern void flush_signals(struct task_struct *); |
7968 |
+ extern void ignore_signals(struct task_struct *); |
7969 |
+ extern void flush_signal_handlers(struct task_struct *, int force_default); |
7970 |
+-extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info); |
7971 |
++extern int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) __must_hold(&tsk->sighand->siglock); |
7972 |
+ |
7973 |
+ static inline int dequeue_signal_lock(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) |
7974 |
+ { |
7975 |
@@ -2591,7 +2721,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
7976 |
extern void exit_itimers(struct signal_struct *); |
7977 |
extern void flush_itimer_signals(void); |
7978 |
@@ -102650,7 +103392,21 @@ index bfca8aa..ac50d1b 100644 |
7979 |
|
7980 |
extern int do_execve(struct filename *, |
7981 |
const char __user * const __user *, |
7982 |
-@@ -2796,9 +2926,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
7983 |
+@@ -2706,11 +2836,13 @@ static inline int thread_group_empty(struct task_struct *p) |
7984 |
+ * It must not be nested with write_lock_irq(&tasklist_lock), |
7985 |
+ * neither inside nor outside. |
7986 |
+ */ |
7987 |
++static inline void task_lock(struct task_struct *p) __acquires(&p->alloc_lock); |
7988 |
+ static inline void task_lock(struct task_struct *p) |
7989 |
+ { |
7990 |
+ spin_lock(&p->alloc_lock); |
7991 |
+ } |
7992 |
+ |
7993 |
++static inline void task_unlock(struct task_struct *p) __releases(&p->alloc_lock); |
7994 |
+ static inline void task_unlock(struct task_struct *p) |
7995 |
+ { |
7996 |
+ spin_unlock(&p->alloc_lock); |
7997 |
+@@ -2796,9 +2928,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
7998 |
#define task_stack_end_corrupted(task) \ |
7999 |
(*(end_of_stack(task)) != STACK_END_MAGIC) |
8000 |
|
8001 |
@@ -102750,6 +103506,82 @@ index d4c7271..abf5706 100644 |
8002 |
int single_open_size(struct file *, int (*)(struct seq_file *, void *), void *, size_t); |
8003 |
int single_release(struct inode *, struct file *); |
8004 |
void *__seq_open_private(struct file *, const struct seq_operations *, int); |
8005 |
+diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h |
8006 |
+index e058210..386666a 100644 |
8007 |
+--- a/include/linux/seqlock.h |
8008 |
++++ b/include/linux/seqlock.h |
8009 |
+@@ -440,42 +440,49 @@ static inline unsigned read_seqretry(const seqlock_t *sl, unsigned start) |
8010 |
+ * Acts like a normal spin_lock/unlock. |
8011 |
+ * Don't need preempt_disable() because that is in the spin_lock already. |
8012 |
+ */ |
8013 |
++static inline void write_seqlock(seqlock_t *sl) __acquires(sl); |
8014 |
+ static inline void write_seqlock(seqlock_t *sl) |
8015 |
+ { |
8016 |
+ spin_lock(&sl->lock); |
8017 |
+ write_seqcount_begin(&sl->seqcount); |
8018 |
+ } |
8019 |
+ |
8020 |
++static inline void write_sequnlock(seqlock_t *sl) __releases(sl); |
8021 |
+ static inline void write_sequnlock(seqlock_t *sl) |
8022 |
+ { |
8023 |
+ write_seqcount_end(&sl->seqcount); |
8024 |
+ spin_unlock(&sl->lock); |
8025 |
+ } |
8026 |
+ |
8027 |
++static inline void write_seqlock_bh(seqlock_t *sl) __acquires(sl); |
8028 |
+ static inline void write_seqlock_bh(seqlock_t *sl) |
8029 |
+ { |
8030 |
+ spin_lock_bh(&sl->lock); |
8031 |
+ write_seqcount_begin(&sl->seqcount); |
8032 |
+ } |
8033 |
+ |
8034 |
++static inline void write_sequnlock_bh(seqlock_t *sl) __releases(sl); |
8035 |
+ static inline void write_sequnlock_bh(seqlock_t *sl) |
8036 |
+ { |
8037 |
+ write_seqcount_end(&sl->seqcount); |
8038 |
+ spin_unlock_bh(&sl->lock); |
8039 |
+ } |
8040 |
+ |
8041 |
++static inline void write_seqlock_irq(seqlock_t *sl) __acquires(sl); |
8042 |
+ static inline void write_seqlock_irq(seqlock_t *sl) |
8043 |
+ { |
8044 |
+ spin_lock_irq(&sl->lock); |
8045 |
+ write_seqcount_begin(&sl->seqcount); |
8046 |
+ } |
8047 |
+ |
8048 |
++static inline void write_sequnlock_irq(seqlock_t *sl) __releases(sl); |
8049 |
+ static inline void write_sequnlock_irq(seqlock_t *sl) |
8050 |
+ { |
8051 |
+ write_seqcount_end(&sl->seqcount); |
8052 |
+ spin_unlock_irq(&sl->lock); |
8053 |
+ } |
8054 |
+ |
8055 |
++static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl) __acquires(sl); |
8056 |
+ static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl) |
8057 |
+ { |
8058 |
+ unsigned long flags; |
8059 |
+@@ -488,6 +495,7 @@ static inline unsigned long __write_seqlock_irqsave(seqlock_t *sl) |
8060 |
+ #define write_seqlock_irqsave(lock, flags) \ |
8061 |
+ do { flags = __write_seqlock_irqsave(lock); } while (0) |
8062 |
+ |
8063 |
++static inline void write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags) __releases(sl); |
8064 |
+ static inline void |
8065 |
+ write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags) |
8066 |
+ { |
8067 |
+@@ -500,11 +508,13 @@ write_sequnlock_irqrestore(seqlock_t *sl, unsigned long flags) |
8068 |
+ * but doesn't update the sequence number. Acts like a normal spin_lock/unlock. |
8069 |
+ * Don't need preempt_disable() because that is in the spin_lock already. |
8070 |
+ */ |
8071 |
++static inline void read_seqlock_excl(seqlock_t *sl) __acquires(sl); |
8072 |
+ static inline void read_seqlock_excl(seqlock_t *sl) |
8073 |
+ { |
8074 |
+ spin_lock(&sl->lock); |
8075 |
+ } |
8076 |
+ |
8077 |
++static inline void read_sequnlock_excl(seqlock_t *sl) __releases(sl); |
8078 |
+ static inline void read_sequnlock_excl(seqlock_t *sl) |
8079 |
+ { |
8080 |
+ spin_unlock(&sl->lock); |
8081 |
diff --git a/include/linux/shm.h b/include/linux/shm.h |
8082 |
index 6fb8016..2cf60e7 100644 |
8083 |
--- a/include/linux/shm.h |
8084 |
@@ -103026,6 +103858,112 @@ index 680f9a3..f13aeb0 100644 |
8085 |
__SONET_ITEMS |
8086 |
#undef __HANDLE_ITEM |
8087 |
}; |
8088 |
+diff --git a/include/linux/spinlock.h b/include/linux/spinlock.h |
8089 |
+index 0063b24..b2f35f7 100644 |
8090 |
+--- a/include/linux/spinlock.h |
8091 |
++++ b/include/linux/spinlock.h |
8092 |
+@@ -152,14 +152,17 @@ do { \ |
8093 |
+ extern int do_raw_spin_trylock(raw_spinlock_t *lock); |
8094 |
+ extern void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock); |
8095 |
+ #else |
8096 |
+-static inline void do_raw_spin_lock(raw_spinlock_t *lock) __acquires(lock) |
8097 |
++static inline void do_raw_spin_lock(raw_spinlock_t *lock) __acquires(lock); |
8098 |
++static inline void do_raw_spin_lock(raw_spinlock_t *lock) |
8099 |
+ { |
8100 |
+ __acquire(lock); |
8101 |
+ arch_spin_lock(&lock->raw_lock); |
8102 |
+ } |
8103 |
+ |
8104 |
+ static inline void |
8105 |
+-do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) __acquires(lock) |
8106 |
++do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) __acquires(lock); |
8107 |
++static inline void |
8108 |
++do_raw_spin_lock_flags(raw_spinlock_t *lock, unsigned long *flags) |
8109 |
+ { |
8110 |
+ __acquire(lock); |
8111 |
+ arch_spin_lock_flags(&lock->raw_lock, *flags); |
8112 |
+@@ -170,7 +173,8 @@ static inline int do_raw_spin_trylock(raw_spinlock_t *lock) |
8113 |
+ return arch_spin_trylock(&(lock)->raw_lock); |
8114 |
+ } |
8115 |
+ |
8116 |
+-static inline void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock) |
8117 |
++static inline void do_raw_spin_unlock(raw_spinlock_t *lock) __releases(lock); |
8118 |
++static inline void do_raw_spin_unlock(raw_spinlock_t *lock) |
8119 |
+ { |
8120 |
+ arch_spin_unlock(&lock->raw_lock); |
8121 |
+ __release(lock); |
8122 |
+@@ -307,11 +311,13 @@ do { \ |
8123 |
+ raw_spin_lock_init(&(_lock)->rlock); \ |
8124 |
+ } while (0) |
8125 |
+ |
8126 |
++static inline void spin_lock(spinlock_t *lock) __acquires(lock); |
8127 |
+ static inline void spin_lock(spinlock_t *lock) |
8128 |
+ { |
8129 |
+ raw_spin_lock(&lock->rlock); |
8130 |
+ } |
8131 |
+ |
8132 |
++static inline void spin_lock_bh(spinlock_t *lock) __acquires(lock); |
8133 |
+ static inline void spin_lock_bh(spinlock_t *lock) |
8134 |
+ { |
8135 |
+ raw_spin_lock_bh(&lock->rlock); |
8136 |
+@@ -337,6 +343,7 @@ do { \ |
8137 |
+ raw_spin_lock_nest_lock(spinlock_check(lock), nest_lock); \ |
8138 |
+ } while (0) |
8139 |
+ |
8140 |
++static inline void spin_lock_irq(spinlock_t *lock) __acquires(lock); |
8141 |
+ static inline void spin_lock_irq(spinlock_t *lock) |
8142 |
+ { |
8143 |
+ raw_spin_lock_irq(&lock->rlock); |
8144 |
+@@ -352,21 +359,25 @@ do { \ |
8145 |
+ raw_spin_lock_irqsave_nested(spinlock_check(lock), flags, subclass); \ |
8146 |
+ } while (0) |
8147 |
+ |
8148 |
++static inline void spin_unlock(spinlock_t *lock) __releases(lock); |
8149 |
+ static inline void spin_unlock(spinlock_t *lock) |
8150 |
+ { |
8151 |
+ raw_spin_unlock(&lock->rlock); |
8152 |
+ } |
8153 |
+ |
8154 |
++static inline void spin_unlock_bh(spinlock_t *lock) __releases(lock); |
8155 |
+ static inline void spin_unlock_bh(spinlock_t *lock) |
8156 |
+ { |
8157 |
+ raw_spin_unlock_bh(&lock->rlock); |
8158 |
+ } |
8159 |
+ |
8160 |
++static inline void spin_unlock_irq(spinlock_t *lock) __releases(lock); |
8161 |
+ static inline void spin_unlock_irq(spinlock_t *lock) |
8162 |
+ { |
8163 |
+ raw_spin_unlock_irq(&lock->rlock); |
8164 |
+ } |
8165 |
+ |
8166 |
++static inline void spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags) __releases(lock); |
8167 |
+ static inline void spin_unlock_irqrestore(spinlock_t *lock, unsigned long flags) |
8168 |
+ { |
8169 |
+ raw_spin_unlock_irqrestore(&lock->rlock, flags); |
8170 |
+diff --git a/include/linux/srcu.h b/include/linux/srcu.h |
8171 |
+index bdeb456..6412bb0 100644 |
8172 |
+--- a/include/linux/srcu.h |
8173 |
++++ b/include/linux/srcu.h |
8174 |
+@@ -213,7 +213,8 @@ static inline int srcu_read_lock_held(struct srcu_struct *sp) |
8175 |
+ * srcu_read_unlock() in an irq handler if the matching srcu_read_lock() |
8176 |
+ * was invoked in process context. |
8177 |
+ */ |
8178 |
+-static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp) |
8179 |
++static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp); |
8180 |
++static inline int srcu_read_lock(struct srcu_struct *sp) |
8181 |
+ { |
8182 |
+ int retval = __srcu_read_lock(sp); |
8183 |
+ |
8184 |
+@@ -228,8 +229,8 @@ static inline int srcu_read_lock(struct srcu_struct *sp) __acquires(sp) |
8185 |
+ * |
8186 |
+ * Exit an SRCU read-side critical section. |
8187 |
+ */ |
8188 |
++static inline void srcu_read_unlock(struct srcu_struct *sp, int idx) __releases(sp); |
8189 |
+ static inline void srcu_read_unlock(struct srcu_struct *sp, int idx) |
8190 |
+- __releases(sp) |
8191 |
+ { |
8192 |
+ rcu_lock_release(&(sp)->dep_map); |
8193 |
+ __srcu_read_unlock(sp, idx); |
8194 |
diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h |
8195 |
index 07d8e53..dc934c9 100644 |
8196 |
--- a/include/linux/sunrpc/addr.h |
8197 |
@@ -103143,7 +104081,7 @@ index e7a018e..49f8b17 100644 |
8198 |
extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, |
8199 |
unsigned long offset, size_t size, |
8200 |
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h |
8201 |
-index b45c45b..a6ae64c 100644 |
8202 |
+index b45c45b..2a4f077 100644 |
8203 |
--- a/include/linux/syscalls.h |
8204 |
+++ b/include/linux/syscalls.h |
8205 |
@@ -102,7 +102,12 @@ union bpf_attr; |
8206 |
@@ -103198,6 +104136,15 @@ index b45c45b..a6ae64c 100644 |
8207 |
const struct timespec __user *timeout); |
8208 |
asmlinkage long sys_shmat(int shmid, char __user *shmaddr, int shmflg); |
8209 |
asmlinkage long sys_shmget(key_t key, size_t size, int flag); |
8210 |
+@@ -878,7 +883,7 @@ asmlinkage long sys_seccomp(unsigned int op, unsigned int flags, |
8211 |
+ const char __user *uargs); |
8212 |
+ asmlinkage long sys_getrandom(char __user *buf, size_t count, |
8213 |
+ unsigned int flags); |
8214 |
+-asmlinkage long sys_bpf(int cmd, union bpf_attr *attr, unsigned int size); |
8215 |
++asmlinkage long sys_bpf(int cmd, union bpf_attr __user *attr, unsigned int size); |
8216 |
+ |
8217 |
+ asmlinkage long sys_execveat(int dfd, const char __user *filename, |
8218 |
+ const char __user *const __user *argv, |
8219 |
diff --git a/include/linux/syscore_ops.h b/include/linux/syscore_ops.h |
8220 |
index 27b3b0b..e093dd9 100644 |
8221 |
--- a/include/linux/syscore_ops.h |
8222 |
@@ -103365,7 +104312,7 @@ index ff307b5..f1a4468 100644 |
8223 |
|
8224 |
#endif /* _LINUX_THREAD_INFO_H */ |
8225 |
diff --git a/include/linux/tty.h b/include/linux/tty.h |
8226 |
-index ad6c891..93a8f45 100644 |
8227 |
+index 342a760..24296fa 100644 |
8228 |
--- a/include/linux/tty.h |
8229 |
+++ b/include/linux/tty.h |
8230 |
@@ -225,7 +225,7 @@ struct tty_port { |
8231 |
@@ -103395,6 +104342,26 @@ index ad6c891..93a8f45 100644 |
8232 |
} |
8233 |
|
8234 |
extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); |
8235 |
+@@ -605,7 +605,7 @@ extern void n_tty_inherit_ops(struct tty_ldisc_ops *ops); |
8236 |
+ |
8237 |
+ /* tty_audit.c */ |
8238 |
+ #ifdef CONFIG_AUDIT |
8239 |
+-extern void tty_audit_add_data(struct tty_struct *tty, const void *data, |
8240 |
++extern void tty_audit_add_data(struct tty_struct *tty, const unsigned char *data, |
8241 |
+ size_t size, unsigned icanon); |
8242 |
+ extern void tty_audit_exit(void); |
8243 |
+ extern void tty_audit_fork(struct signal_struct *sig); |
8244 |
+@@ -613,8 +613,8 @@ extern void tty_audit_tiocsti(struct tty_struct *tty, char ch); |
8245 |
+ extern void tty_audit_push(struct tty_struct *tty); |
8246 |
+ extern int tty_audit_push_current(void); |
8247 |
+ #else |
8248 |
+-static inline void tty_audit_add_data(struct tty_struct *tty, const void *data, |
8249 |
+- size_t size, unsigned icanon) |
8250 |
++static inline void tty_audit_add_data(struct tty_struct *tty, |
8251 |
++ const unsigned char *data, size_t size, unsigned icanon) |
8252 |
+ { |
8253 |
+ } |
8254 |
+ static inline void tty_audit_tiocsti(struct tty_struct *tty, char ch) |
8255 |
diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h |
8256 |
index 92e337c..f46757b 100644 |
8257 |
--- a/include/linux/tty_driver.h |
8258 |
@@ -103861,6 +104828,21 @@ index 82e7db7..f8ce3d0 100644 |
8259 |
} |
8260 |
|
8261 |
static inline void __inc_zone_page_state(struct page *page, |
8262 |
+diff --git a/include/linux/writeback.h b/include/linux/writeback.h |
8263 |
+index b333c94..6b59f39 100644 |
8264 |
+--- a/include/linux/writeback.h |
8265 |
++++ b/include/linux/writeback.h |
8266 |
+@@ -277,8 +277,9 @@ static inline void inode_detach_wb(struct inode *inode) |
8267 |
+ } |
8268 |
+ |
8269 |
+ static inline void wbc_attach_and_unlock_inode(struct writeback_control *wbc, |
8270 |
++ struct inode *inode) __releases(&inode->i_lock); |
8271 |
++static inline void wbc_attach_and_unlock_inode(struct writeback_control *wbc, |
8272 |
+ struct inode *inode) |
8273 |
+- __releases(&inode->i_lock) |
8274 |
+ { |
8275 |
+ spin_unlock(&inode->i_lock); |
8276 |
+ } |
8277 |
diff --git a/include/linux/xattr.h b/include/linux/xattr.h |
8278 |
index 91b0a68..0e9adf6 100644 |
8279 |
--- a/include/linux/xattr.h |
8280 |
@@ -104124,7 +105106,7 @@ index b8529aa..b0f7445 100644 |
8281 |
stats->tx_errors++; |
8282 |
stats->tx_aborted_errors++; |
8283 |
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h |
8284 |
-index 5fa643b..d871e20 100644 |
8285 |
+index ff6d78f..7b5933f 100644 |
8286 |
--- a/include/net/ip_fib.h |
8287 |
+++ b/include/net/ip_fib.h |
8288 |
@@ -170,7 +170,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh); |
8289 |
@@ -105221,7 +106203,7 @@ index 7530e74..e714828 100644 |
8290 |
|
8291 |
#define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ |
8292 |
diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h |
8293 |
-index 0e011eb..82681b1 100644 |
8294 |
+index 0e011eb..0020b3c 100644 |
8295 |
--- a/include/uapi/linux/swab.h |
8296 |
+++ b/include/uapi/linux/swab.h |
8297 |
@@ -43,7 +43,7 @@ |
8298 |
@@ -105229,7 +106211,7 @@ index 0e011eb..82681b1 100644 |
8299 |
*/ |
8300 |
|
8301 |
-static inline __attribute_const__ __u16 __fswab16(__u16 val) |
8302 |
-+static inline __intentional_overflow(-1) __attribute_const__ __u16 __fswab16(__u16 val) |
8303 |
++static inline __intentional_overflow(0) __attribute_const__ __u16 __fswab16(__u16 val) |
8304 |
{ |
8305 |
#ifdef __HAVE_BUILTIN_BSWAP16__ |
8306 |
return __builtin_bswap16(val); |
8307 |
@@ -105238,7 +106220,7 @@ index 0e011eb..82681b1 100644 |
8308 |
} |
8309 |
|
8310 |
-static inline __attribute_const__ __u32 __fswab32(__u32 val) |
8311 |
-+static inline __intentional_overflow(-1) __attribute_const__ __u32 __fswab32(__u32 val) |
8312 |
++static inline __intentional_overflow(0) __attribute_const__ __u32 __fswab32(__u32 val) |
8313 |
{ |
8314 |
#ifdef __HAVE_BUILTIN_BSWAP32__ |
8315 |
return __builtin_bswap32(val); |
8316 |
@@ -105247,7 +106229,7 @@ index 0e011eb..82681b1 100644 |
8317 |
} |
8318 |
|
8319 |
-static inline __attribute_const__ __u64 __fswab64(__u64 val) |
8320 |
-+static inline __intentional_overflow(-1) __attribute_const__ __u64 __fswab64(__u64 val) |
8321 |
++static inline __intentional_overflow(0) __attribute_const__ __u64 __fswab64(__u64 val) |
8322 |
{ |
8323 |
#ifdef __HAVE_BUILTIN_BSWAP64__ |
8324 |
return __builtin_bswap64(val); |
8325 |
@@ -105846,7 +106828,7 @@ index 9b3c85f..5266b0f 100644 |
8326 |
{ |
8327 |
struct timespec __user *ts64; |
8328 |
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c |
8329 |
-index 8ad93c2..efd80f8 100644 |
8330 |
+index 8ad93c2..54036e1 100644 |
8331 |
--- a/ipc/ipc_sysctl.c |
8332 |
+++ b/ipc/ipc_sysctl.c |
8333 |
@@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table) |
8334 |
@@ -105885,6 +106867,33 @@ index 8ad93c2..efd80f8 100644 |
8335 |
int dummy = 0; |
8336 |
|
8337 |
memcpy(&ipc_table, table, sizeof(ipc_table)); |
8338 |
+@@ -99,6 +99,8 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write, |
8339 |
+ static int zero; |
8340 |
+ static int one = 1; |
8341 |
+ static int int_max = INT_MAX; |
8342 |
++static unsigned long long_zero = 0; |
8343 |
++static unsigned long long_max = LONG_MAX; |
8344 |
+ |
8345 |
+ static struct ctl_table ipc_kern_table[] = { |
8346 |
+ { |
8347 |
+@@ -107,6 +109,8 @@ static struct ctl_table ipc_kern_table[] = { |
8348 |
+ .maxlen = sizeof(init_ipc_ns.shm_ctlmax), |
8349 |
+ .mode = 0644, |
8350 |
+ .proc_handler = proc_ipc_doulongvec_minmax, |
8351 |
++ .extra1 = &long_zero, |
8352 |
++ .extra2 = &long_max, |
8353 |
+ }, |
8354 |
+ { |
8355 |
+ .procname = "shmall", |
8356 |
+@@ -114,6 +118,8 @@ static struct ctl_table ipc_kern_table[] = { |
8357 |
+ .maxlen = sizeof(init_ipc_ns.shm_ctlall), |
8358 |
+ .mode = 0644, |
8359 |
+ .proc_handler = proc_ipc_doulongvec_minmax, |
8360 |
++ .extra1 = &long_zero, |
8361 |
++ .extra2 = &long_max, |
8362 |
+ }, |
8363 |
+ { |
8364 |
+ .procname = "shmmni", |
8365 |
diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c |
8366 |
index 68d4e95..1477ded 100644 |
8367 |
--- a/ipc/mq_sysctl.c |
8368 |
@@ -106723,7 +107732,7 @@ index 41213454..861e178 100644 |
8369 |
#ifdef CONFIG_MODULE_UNLOAD |
8370 |
{ |
8371 |
diff --git a/kernel/events/core.c b/kernel/events/core.c |
8372 |
-index e6feb51..470c853 100644 |
8373 |
+index e6feb51..ce984cb 100644 |
8374 |
--- a/kernel/events/core.c |
8375 |
+++ b/kernel/events/core.c |
8376 |
@@ -174,8 +174,15 @@ static struct srcu_struct pmus_srcu; |
8377 |
@@ -106761,6 +107770,15 @@ index e6feb51..470c853 100644 |
8378 |
|
8379 |
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, |
8380 |
enum event_type_t event_type); |
8381 |
+@@ -3296,7 +3303,7 @@ find_lively_task_by_vpid(pid_t vpid) |
8382 |
+ |
8383 |
+ /* Reuse ptrace permission checks for now. */ |
8384 |
+ err = -EACCES; |
8385 |
+- if (!ptrace_may_access(task, PTRACE_MODE_READ)) |
8386 |
++ if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) |
8387 |
+ goto errout; |
8388 |
+ |
8389 |
+ return task; |
8390 |
@@ -3753,9 +3760,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) |
8391 |
mutex_lock(&event->child_mutex); |
8392 |
total += perf_event_read(event); |
8393 |
@@ -106902,7 +107920,7 @@ index cb346f2..e4dc317 100644 |
8394 |
pagefault_disable(); |
8395 |
result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr, |
8396 |
diff --git a/kernel/exit.c b/kernel/exit.c |
8397 |
-index 031325e..c6342c4 100644 |
8398 |
+index 031325e..7ac751f 100644 |
8399 |
--- a/kernel/exit.c |
8400 |
+++ b/kernel/exit.c |
8401 |
@@ -171,6 +171,10 @@ void release_task(struct task_struct *p) |
8402 |
@@ -106916,7 +107934,27 @@ index 031325e..c6342c4 100644 |
8403 |
/* don't need to get the RCU readlock here - the process is dead and |
8404 |
* can't be modifying its own credentials. But shut RCU-lockdep up */ |
8405 |
rcu_read_lock(); |
8406 |
-@@ -656,6 +660,8 @@ void do_exit(long code) |
8407 |
+@@ -450,9 +454,8 @@ static struct task_struct *find_alive_thread(struct task_struct *p) |
8408 |
+ return NULL; |
8409 |
+ } |
8410 |
+ |
8411 |
++static struct task_struct *find_child_reaper(struct task_struct *father) __must_hold(&tasklist_lock); |
8412 |
+ static struct task_struct *find_child_reaper(struct task_struct *father) |
8413 |
+- __releases(&tasklist_lock) |
8414 |
+- __acquires(&tasklist_lock) |
8415 |
+ { |
8416 |
+ struct pid_namespace *pid_ns = task_active_pid_ns(father); |
8417 |
+ struct task_struct *reaper = pid_ns->child_reaper; |
8418 |
+@@ -549,6 +552,8 @@ static void reparent_leader(struct task_struct *father, struct task_struct *p, |
8419 |
+ * jobs, send them a SIGHUP and then a SIGCONT. (POSIX 3.2.2.2) |
8420 |
+ */ |
8421 |
+ static void forget_original_parent(struct task_struct *father, |
8422 |
++ struct list_head *dead) __must_hold(&tasklist_lock); |
8423 |
++static void forget_original_parent(struct task_struct *father, |
8424 |
+ struct list_head *dead) |
8425 |
+ { |
8426 |
+ struct task_struct *p, *t, *reaper; |
8427 |
+@@ -656,6 +661,8 @@ void do_exit(long code) |
8428 |
int group_dead; |
8429 |
TASKS_RCU(int tasks_rcu_i); |
8430 |
|
8431 |
@@ -106925,7 +107963,7 @@ index 031325e..c6342c4 100644 |
8432 |
profile_task_exit(tsk); |
8433 |
|
8434 |
WARN_ON(blk_needs_flush_plug(tsk)); |
8435 |
-@@ -672,7 +678,6 @@ void do_exit(long code) |
8436 |
+@@ -672,7 +679,6 @@ void do_exit(long code) |
8437 |
* mm_release()->clear_child_tid() from writing to a user-controlled |
8438 |
* kernel address. |
8439 |
*/ |
8440 |
@@ -106933,7 +107971,7 @@ index 031325e..c6342c4 100644 |
8441 |
|
8442 |
ptrace_event(PTRACE_EVENT_EXIT, code); |
8443 |
|
8444 |
-@@ -730,6 +735,9 @@ void do_exit(long code) |
8445 |
+@@ -730,6 +736,9 @@ void do_exit(long code) |
8446 |
tsk->exit_code = code; |
8447 |
taskstats_exit(tsk, group_dead); |
8448 |
|
8449 |
@@ -106943,7 +107981,7 @@ index 031325e..c6342c4 100644 |
8450 |
exit_mm(tsk); |
8451 |
|
8452 |
if (group_dead) |
8453 |
-@@ -847,7 +855,7 @@ SYSCALL_DEFINE1(exit, int, error_code) |
8454 |
+@@ -847,7 +856,7 @@ SYSCALL_DEFINE1(exit, int, error_code) |
8455 |
* Take down every thread in the group. This is called by fatal signals |
8456 |
* as well as by sys_exit_group (below). |
8457 |
*/ |
8458 |
@@ -106952,8 +107990,109 @@ index 031325e..c6342c4 100644 |
8459 |
do_group_exit(int exit_code) |
8460 |
{ |
8461 |
struct signal_struct *sig = current->signal; |
8462 |
+@@ -964,6 +973,7 @@ static int wait_noreap_copyout(struct wait_opts *wo, struct task_struct *p, |
8463 |
+ * the lock and this task is uninteresting. If we return nonzero, we have |
8464 |
+ * released the lock and the system call should return. |
8465 |
+ */ |
8466 |
++static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p) __must_hold(&tasklist_lock); |
8467 |
+ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p) |
8468 |
+ { |
8469 |
+ int state, retval, status; |
8470 |
+@@ -980,6 +990,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p) |
8471 |
+ |
8472 |
+ get_task_struct(p); |
8473 |
+ read_unlock(&tasklist_lock); |
8474 |
++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release |
8475 |
+ sched_annotate_sleep(); |
8476 |
+ |
8477 |
+ if ((exit_code & 0x7f) == 0) { |
8478 |
+@@ -1002,6 +1013,7 @@ static int wait_task_zombie(struct wait_opts *wo, struct task_struct *p) |
8479 |
+ * We own this thread, nobody else can reap it. |
8480 |
+ */ |
8481 |
+ read_unlock(&tasklist_lock); |
8482 |
++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release |
8483 |
+ sched_annotate_sleep(); |
8484 |
+ |
8485 |
+ /* |
8486 |
+@@ -1145,6 +1157,8 @@ static int *task_stopped_code(struct task_struct *p, bool ptrace) |
8487 |
+ * search should terminate. |
8488 |
+ */ |
8489 |
+ static int wait_task_stopped(struct wait_opts *wo, |
8490 |
++ int ptrace, struct task_struct *p) __must_hold(&tasklist_lock); |
8491 |
++static int wait_task_stopped(struct wait_opts *wo, |
8492 |
+ int ptrace, struct task_struct *p) |
8493 |
+ { |
8494 |
+ struct siginfo __user *infop; |
8495 |
+@@ -1192,6 +1206,7 @@ unlock_sig: |
8496 |
+ pid = task_pid_vnr(p); |
8497 |
+ why = ptrace ? CLD_TRAPPED : CLD_STOPPED; |
8498 |
+ read_unlock(&tasklist_lock); |
8499 |
++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release |
8500 |
+ sched_annotate_sleep(); |
8501 |
+ |
8502 |
+ if (unlikely(wo->wo_flags & WNOWAIT)) |
8503 |
+@@ -1229,6 +1244,7 @@ unlock_sig: |
8504 |
+ * the lock and this task is uninteresting. If we return nonzero, we have |
8505 |
+ * released the lock and the system call should return. |
8506 |
+ */ |
8507 |
++static int wait_task_continued(struct wait_opts *wo, struct task_struct *p) __must_hold(&tasklist_lock); |
8508 |
+ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p) |
8509 |
+ { |
8510 |
+ int retval; |
8511 |
+@@ -1255,6 +1271,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p) |
8512 |
+ pid = task_pid_vnr(p); |
8513 |
+ get_task_struct(p); |
8514 |
+ read_unlock(&tasklist_lock); |
8515 |
++ __acquire(&tasklist_lock); // XXX sparse can't model conditional release |
8516 |
+ sched_annotate_sleep(); |
8517 |
+ |
8518 |
+ if (!wo->wo_info) { |
8519 |
+@@ -1284,6 +1301,8 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p) |
8520 |
+ * or another error from security_task_wait(), or still -ECHILD. |
8521 |
+ */ |
8522 |
+ static int wait_consider_task(struct wait_opts *wo, int ptrace, |
8523 |
++ struct task_struct *p) __must_hold(&tasklist_lock); |
8524 |
++static int wait_consider_task(struct wait_opts *wo, int ptrace, |
8525 |
+ struct task_struct *p) |
8526 |
+ { |
8527 |
+ /* |
8528 |
+@@ -1409,6 +1428,7 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace, |
8529 |
+ * ->notask_error is 0 if there were any eligible children, |
8530 |
+ * or another error from security_task_wait(), or still -ECHILD. |
8531 |
+ */ |
8532 |
++static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk) __must_hold(&tasklist_lock); |
8533 |
+ static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk) |
8534 |
+ { |
8535 |
+ struct task_struct *p; |
8536 |
+@@ -1423,6 +1443,7 @@ static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk) |
8537 |
+ return 0; |
8538 |
+ } |
8539 |
+ |
8540 |
++static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk) __must_hold(&tasklist_lock); |
8541 |
+ static int ptrace_do_wait(struct wait_opts *wo, struct task_struct *tsk) |
8542 |
+ { |
8543 |
+ struct task_struct *p; |
8544 |
+@@ -1486,12 +1507,16 @@ repeat: |
8545 |
+ tsk = current; |
8546 |
+ do { |
8547 |
+ retval = do_wait_thread(wo, tsk); |
8548 |
+- if (retval) |
8549 |
++ if (retval) { |
8550 |
++ __release(&tasklist_lock); // XXX sparse can't model conditional release |
8551 |
+ goto end; |
8552 |
++ } |
8553 |
+ |
8554 |
+ retval = ptrace_do_wait(wo, tsk); |
8555 |
+- if (retval) |
8556 |
++ if (retval) { |
8557 |
++ __release(&tasklist_lock); // XXX sparse can't model conditional release |
8558 |
+ goto end; |
8559 |
++ } |
8560 |
+ |
8561 |
+ if (wo->wo_flags & __WNOTHREAD) |
8562 |
+ break; |
8563 |
diff --git a/kernel/fork.c b/kernel/fork.c |
8564 |
-index e769c8c..9fa1de5 100644 |
8565 |
+index e769c8c..882ebbb 100644 |
8566 |
--- a/kernel/fork.c |
8567 |
+++ b/kernel/fork.c |
8568 |
@@ -188,12 +188,54 @@ static void free_thread_info(struct thread_info *ti) |
8569 |
@@ -107287,7 +108426,7 @@ index e769c8c..9fa1de5 100644 |
8570 |
- if (mm && mm != current->mm && |
8571 |
- !ptrace_may_access(task, mode)) { |
8572 |
+ if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) || |
8573 |
-+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) { |
8574 |
++ ((mode & PTRACE_MODE_ATTACH) && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) { |
8575 |
mmput(mm); |
8576 |
mm = ERR_PTR(-EACCES); |
8577 |
} |
8578 |
@@ -107408,7 +108547,7 @@ index e769c8c..9fa1de5 100644 |
8579 |
int threads = max_threads; |
8580 |
int min = MIN_THREADS; |
8581 |
diff --git a/kernel/futex.c b/kernel/futex.c |
8582 |
-index c4a182f..e789324 100644 |
8583 |
+index c4a182f..32e2eac 100644 |
8584 |
--- a/kernel/futex.c |
8585 |
+++ b/kernel/futex.c |
8586 |
@@ -201,7 +201,7 @@ struct futex_pi_state { |
8587 |
@@ -107450,6 +108589,15 @@ index c4a182f..e789324 100644 |
8588 |
|
8589 |
pagefault_disable(); |
8590 |
ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); |
8591 |
+@@ -2782,7 +2787,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, |
8592 |
+ } |
8593 |
+ |
8594 |
+ ret = -EPERM; |
8595 |
+- if (!ptrace_may_access(p, PTRACE_MODE_READ)) |
8596 |
++ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS)) |
8597 |
+ goto err_unlock; |
8598 |
+ |
8599 |
+ head = p->robust_list; |
8600 |
@@ -3030,6 +3035,7 @@ static void __init futex_detect_cmpxchg(void) |
8601 |
{ |
8602 |
#ifndef CONFIG_HAVE_FUTEX_CMPXCHG |
8603 |
@@ -107471,7 +108619,7 @@ index c4a182f..e789324 100644 |
8604 |
} |
8605 |
|
8606 |
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c |
8607 |
-index 55c8c93..9ba7ad6 100644 |
8608 |
+index 55c8c93..5adee02 100644 |
8609 |
--- a/kernel/futex_compat.c |
8610 |
+++ b/kernel/futex_compat.c |
8611 |
@@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry, |
8612 |
@@ -107483,6 +108631,15 @@ index 55c8c93..9ba7ad6 100644 |
8613 |
compat_long_t futex_offset) |
8614 |
{ |
8615 |
compat_uptr_t base = ptr_to_compat(entry); |
8616 |
+@@ -155,7 +155,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid, |
8617 |
+ } |
8618 |
+ |
8619 |
+ ret = -EPERM; |
8620 |
+- if (!ptrace_may_access(p, PTRACE_MODE_READ)) |
8621 |
++ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS)) |
8622 |
+ goto err_unlock; |
8623 |
+ |
8624 |
+ head = p->compat_robust_list; |
8625 |
diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c |
8626 |
index 7080ae1..c9b3761 100644 |
8627 |
--- a/kernel/gcov/base.c |
8628 |
@@ -107721,7 +108878,7 @@ index 5c5987f..bc502b0 100644 |
8629 |
type, iter->name, iter->module_name); |
8630 |
} else |
8631 |
diff --git a/kernel/kcmp.c b/kernel/kcmp.c |
8632 |
-index 0aa69ea..a7fcafb 100644 |
8633 |
+index 0aa69ea..bcb17e3 100644 |
8634 |
--- a/kernel/kcmp.c |
8635 |
+++ b/kernel/kcmp.c |
8636 |
@@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, |
8637 |
@@ -107735,6 +108892,17 @@ index 0aa69ea..a7fcafb 100644 |
8638 |
rcu_read_lock(); |
8639 |
|
8640 |
/* |
8641 |
+@@ -122,8 +126,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, |
8642 |
+ &task2->signal->cred_guard_mutex); |
8643 |
+ if (ret) |
8644 |
+ goto err; |
8645 |
+- if (!ptrace_may_access(task1, PTRACE_MODE_READ) || |
8646 |
+- !ptrace_may_access(task2, PTRACE_MODE_READ)) { |
8647 |
++ if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) || |
8648 |
++ !ptrace_may_access(task2, PTRACE_MODE_READ_REALCREDS)) { |
8649 |
+ ret = -EPERM; |
8650 |
+ goto err_unlock; |
8651 |
+ } |
8652 |
diff --git a/kernel/kexec.c b/kernel/kexec.c |
8653 |
index a785c10..6dbb06f 100644 |
8654 |
--- a/kernel/kexec.c |
8655 |
@@ -109675,10 +110843,74 @@ index a7bcd28..5b368fa 100644 |
8656 |
} |
8657 |
|
8658 |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c |
8659 |
-index c8e0e05..2be5614 100644 |
8660 |
+index c8e0e05..0a6d59d 100644 |
8661 |
--- a/kernel/ptrace.c |
8662 |
+++ b/kernel/ptrace.c |
8663 |
-@@ -321,7 +321,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
8664 |
+@@ -219,6 +219,14 @@ static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) |
8665 |
+ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
8666 |
+ { |
8667 |
+ const struct cred *cred = current_cred(), *tcred; |
8668 |
++ int dumpable = 0; |
8669 |
++ kuid_t caller_uid; |
8670 |
++ kgid_t caller_gid; |
8671 |
++ |
8672 |
++ if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) { |
8673 |
++ WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n"); |
8674 |
++ return -EPERM; |
8675 |
++ } |
8676 |
+ |
8677 |
+ /* May we inspect the given task? |
8678 |
+ * This check is used both for attaching with ptrace |
8679 |
+@@ -228,18 +236,32 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
8680 |
+ * because setting up the necessary parent/child relationship |
8681 |
+ * or halting the specified task is impossible. |
8682 |
+ */ |
8683 |
+- int dumpable = 0; |
8684 |
+ /* Don't let security modules deny introspection */ |
8685 |
+ if (same_thread_group(task, current)) |
8686 |
+ return 0; |
8687 |
+ rcu_read_lock(); |
8688 |
++ if (mode & PTRACE_MODE_FSCREDS) { |
8689 |
++ caller_uid = cred->fsuid; |
8690 |
++ caller_gid = cred->fsgid; |
8691 |
++ } else { |
8692 |
++ /* |
8693 |
++ * Using the euid would make more sense here, but something |
8694 |
++ * in userland might rely on the old behavior, and this |
8695 |
++ * shouldn't be a security problem since |
8696 |
++ * PTRACE_MODE_REALCREDS implies that the caller explicitly |
8697 |
++ * used a syscall that requests access to another process |
8698 |
++ * (and not a filesystem syscall to procfs). |
8699 |
++ */ |
8700 |
++ caller_uid = cred->uid; |
8701 |
++ caller_gid = cred->gid; |
8702 |
++ } |
8703 |
+ tcred = __task_cred(task); |
8704 |
+- if (uid_eq(cred->uid, tcred->euid) && |
8705 |
+- uid_eq(cred->uid, tcred->suid) && |
8706 |
+- uid_eq(cred->uid, tcred->uid) && |
8707 |
+- gid_eq(cred->gid, tcred->egid) && |
8708 |
+- gid_eq(cred->gid, tcred->sgid) && |
8709 |
+- gid_eq(cred->gid, tcred->gid)) |
8710 |
++ if (uid_eq(caller_uid, tcred->euid) && |
8711 |
++ uid_eq(caller_uid, tcred->suid) && |
8712 |
++ uid_eq(caller_uid, tcred->uid) && |
8713 |
++ gid_eq(caller_gid, tcred->egid) && |
8714 |
++ gid_eq(caller_gid, tcred->sgid) && |
8715 |
++ gid_eq(caller_gid, tcred->gid)) |
8716 |
+ goto ok; |
8717 |
+ if (ptrace_has_cap(tcred->user_ns, mode)) |
8718 |
+ goto ok; |
8719 |
+@@ -306,7 +328,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
8720 |
+ goto out; |
8721 |
+ |
8722 |
+ task_lock(task); |
8723 |
+- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH); |
8724 |
++ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); |
8725 |
+ task_unlock(task); |
8726 |
+ if (retval) |
8727 |
+ goto unlock_creds; |
8728 |
+@@ -321,7 +343,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
8729 |
if (seize) |
8730 |
flags |= PT_SEIZED; |
8731 |
rcu_read_lock(); |
8732 |
@@ -109687,7 +110919,7 @@ index c8e0e05..2be5614 100644 |
8733 |
flags |= PT_PTRACE_CAP; |
8734 |
rcu_read_unlock(); |
8735 |
task->ptrace = flags; |
8736 |
-@@ -514,7 +514,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst |
8737 |
+@@ -514,7 +536,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst |
8738 |
break; |
8739 |
return -EIO; |
8740 |
} |
8741 |
@@ -109696,7 +110928,7 @@ index c8e0e05..2be5614 100644 |
8742 |
return -EFAULT; |
8743 |
copied += retval; |
8744 |
src += retval; |
8745 |
-@@ -802,7 +802,7 @@ int ptrace_request(struct task_struct *child, long request, |
8746 |
+@@ -802,7 +824,7 @@ int ptrace_request(struct task_struct *child, long request, |
8747 |
bool seized = child->ptrace & PT_SEIZED; |
8748 |
int ret = -EIO; |
8749 |
siginfo_t siginfo, *si; |
8750 |
@@ -109705,7 +110937,7 @@ index c8e0e05..2be5614 100644 |
8751 |
unsigned long __user *datalp = datavp; |
8752 |
unsigned long flags; |
8753 |
|
8754 |
-@@ -1048,14 +1048,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, |
8755 |
+@@ -1048,14 +1070,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, |
8756 |
goto out; |
8757 |
} |
8758 |
|
8759 |
@@ -109728,7 +110960,7 @@ index c8e0e05..2be5614 100644 |
8760 |
goto out_put_task_struct; |
8761 |
} |
8762 |
|
8763 |
-@@ -1083,7 +1090,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, |
8764 |
+@@ -1083,7 +1112,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, |
8765 |
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); |
8766 |
if (copied != sizeof(tmp)) |
8767 |
return -EIO; |
8768 |
@@ -109737,7 +110969,7 @@ index c8e0e05..2be5614 100644 |
8769 |
} |
8770 |
|
8771 |
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, |
8772 |
-@@ -1176,7 +1183,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, |
8773 |
+@@ -1176,7 +1205,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, |
8774 |
} |
8775 |
|
8776 |
COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, |
8777 |
@@ -109746,7 +110978,7 @@ index c8e0e05..2be5614 100644 |
8778 |
{ |
8779 |
struct task_struct *child; |
8780 |
long ret; |
8781 |
-@@ -1192,14 +1199,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, |
8782 |
+@@ -1192,14 +1221,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, |
8783 |
goto out; |
8784 |
} |
8785 |
|
8786 |
@@ -110359,9 +111591,29 @@ index 3ea7ffc..cb06f2d 100644 |
8787 |
} |
8788 |
|
8789 |
diff --git a/kernel/resource.c b/kernel/resource.c |
8790 |
-index fed052a..ad13346 100644 |
8791 |
+index fed052a..14936eb 100644 |
8792 |
--- a/kernel/resource.c |
8793 |
+++ b/kernel/resource.c |
8794 |
+@@ -84,8 +84,8 @@ static void *r_next(struct seq_file *m, void *v, loff_t *pos) |
8795 |
+ |
8796 |
+ enum { MAX_IORES_LEVEL = 5 }; |
8797 |
+ |
8798 |
++static void *r_start(struct seq_file *m, loff_t *pos) __acquires(&resource_lock); |
8799 |
+ static void *r_start(struct seq_file *m, loff_t *pos) |
8800 |
+- __acquires(resource_lock) |
8801 |
+ { |
8802 |
+ struct resource *p = m->private; |
8803 |
+ loff_t l = 0; |
8804 |
+@@ -95,8 +95,8 @@ static void *r_start(struct seq_file *m, loff_t *pos) |
8805 |
+ return p; |
8806 |
+ } |
8807 |
+ |
8808 |
++static void r_stop(struct seq_file *m, void *v) __releases(&resource_lock); |
8809 |
+ static void r_stop(struct seq_file *m, void *v) |
8810 |
+- __releases(resource_lock) |
8811 |
+ { |
8812 |
+ read_unlock(&resource_lock); |
8813 |
+ } |
8814 |
@@ -162,8 +162,18 @@ static const struct file_operations proc_iomem_operations = { |
8815 |
|
8816 |
static int __init ioresources_init(void) |
8817 |
@@ -110604,7 +111856,7 @@ index 08ab96b..82ab34c 100644 |
8818 |
static inline void put_prev_task(struct rq *rq, struct task_struct *prev) |
8819 |
{ |
8820 |
diff --git a/kernel/signal.c b/kernel/signal.c |
8821 |
-index 0f6bbbe..d77d2c3 100644 |
8822 |
+index 0f6bbbe..4791c7d 100644 |
8823 |
--- a/kernel/signal.c |
8824 |
+++ b/kernel/signal.c |
8825 |
@@ -53,12 +53,12 @@ static struct kmem_cache *sigqueue_cachep; |
8826 |
@@ -110650,7 +111902,15 @@ index 0f6bbbe..d77d2c3 100644 |
8827 |
if (is_global_init(tsk)) |
8828 |
return 1; |
8829 |
if (handler != SIG_IGN && handler != SIG_DFL) |
8830 |
-@@ -788,6 +791,13 @@ static int check_kill_permission(int sig, struct siginfo *info, |
8831 |
+@@ -602,6 +605,7 @@ static int __dequeue_signal(struct sigpending *pending, sigset_t *mask, |
8832 |
+ * |
8833 |
+ * All callers have to hold the siglock. |
8834 |
+ */ |
8835 |
++int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) __must_hold(&tsk->sighand->siglock); |
8836 |
+ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) |
8837 |
+ { |
8838 |
+ int signr; |
8839 |
+@@ -788,6 +792,13 @@ static int check_kill_permission(int sig, struct siginfo *info, |
8840 |
} |
8841 |
} |
8842 |
|
8843 |
@@ -110664,7 +111924,7 @@ index 0f6bbbe..d77d2c3 100644 |
8844 |
return security_task_kill(t, info, sig, 0); |
8845 |
} |
8846 |
|
8847 |
-@@ -1171,7 +1181,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) |
8848 |
+@@ -1171,7 +1182,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) |
8849 |
return send_signal(sig, info, p, 1); |
8850 |
} |
8851 |
|
8852 |
@@ -110673,7 +111933,7 @@ index 0f6bbbe..d77d2c3 100644 |
8853 |
specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) |
8854 |
{ |
8855 |
return send_signal(sig, info, t, 0); |
8856 |
-@@ -1208,6 +1218,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) |
8857 |
+@@ -1208,6 +1219,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) |
8858 |
unsigned long int flags; |
8859 |
int ret, blocked, ignored; |
8860 |
struct k_sigaction *action; |
8861 |
@@ -110681,7 +111941,7 @@ index 0f6bbbe..d77d2c3 100644 |
8862 |
|
8863 |
spin_lock_irqsave(&t->sighand->siglock, flags); |
8864 |
action = &t->sighand->action[sig-1]; |
8865 |
-@@ -1222,9 +1233,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) |
8866 |
+@@ -1222,9 +1234,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) |
8867 |
} |
8868 |
if (action->sa.sa_handler == SIG_DFL) |
8869 |
t->signal->flags &= ~SIGNAL_UNKILLABLE; |
8870 |
@@ -110700,7 +111960,7 @@ index 0f6bbbe..d77d2c3 100644 |
8871 |
return ret; |
8872 |
} |
8873 |
|
8874 |
-@@ -1305,8 +1325,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) |
8875 |
+@@ -1305,8 +1326,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) |
8876 |
ret = check_kill_permission(sig, info, p); |
8877 |
rcu_read_unlock(); |
8878 |
|
8879 |
@@ -110713,7 +111973,56 @@ index 0f6bbbe..d77d2c3 100644 |
8880 |
|
8881 |
return ret; |
8882 |
} |
8883 |
-@@ -2913,7 +2936,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) |
8884 |
+@@ -1820,9 +1844,8 @@ static int sigkill_pending(struct task_struct *tsk) |
8885 |
+ * If we actually decide not to stop at all because the tracer |
8886 |
+ * is gone, we keep current->exit_code unless clear_code. |
8887 |
+ */ |
8888 |
++static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) __must_hold(¤t->sighand->siglock); |
8889 |
+ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) |
8890 |
+- __releases(¤t->sighand->siglock) |
8891 |
+- __acquires(¤t->sighand->siglock) |
8892 |
+ { |
8893 |
+ bool gstop_done = false; |
8894 |
+ |
8895 |
+@@ -1942,6 +1965,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) |
8896 |
+ recalc_sigpending_tsk(current); |
8897 |
+ } |
8898 |
+ |
8899 |
++static void ptrace_do_notify(int signr, int exit_code, int why) __must_hold(¤t->sighand->siglock); |
8900 |
+ static void ptrace_do_notify(int signr, int exit_code, int why) |
8901 |
+ { |
8902 |
+ siginfo_t info; |
8903 |
+@@ -1989,8 +2013,8 @@ void ptrace_notify(int exit_code) |
8904 |
+ * %false if group stop is already cancelled or ptrace trap is scheduled. |
8905 |
+ * %true if participated in group stop. |
8906 |
+ */ |
8907 |
++static bool do_signal_stop(int signr) __releases(¤t->sighand->siglock); |
8908 |
+ static bool do_signal_stop(int signr) |
8909 |
+- __releases(¤t->sighand->siglock) |
8910 |
+ { |
8911 |
+ struct signal_struct *sig = current->signal; |
8912 |
+ |
8913 |
+@@ -2002,8 +2026,10 @@ static bool do_signal_stop(int signr) |
8914 |
+ WARN_ON_ONCE(signr & ~JOBCTL_STOP_SIGMASK); |
8915 |
+ |
8916 |
+ if (!likely(current->jobctl & JOBCTL_STOP_DEQUEUED) || |
8917 |
+- unlikely(signal_group_exit(sig))) |
8918 |
++ unlikely(signal_group_exit(sig))) { |
8919 |
++ __release(¤t->sighand->siglock); // XXX sparse can't model conditional release |
8920 |
+ return false; |
8921 |
++ } |
8922 |
+ /* |
8923 |
+ * There is no group stop already in progress. We must |
8924 |
+ * initiate one now. |
8925 |
+@@ -2087,6 +2113,7 @@ static bool do_signal_stop(int signr) |
8926 |
+ * Schedule it and let the caller deal with it. |
8927 |
+ */ |
8928 |
+ task_set_jobctl_pending(current, JOBCTL_TRAP_STOP); |
8929 |
++ __release(¤t->sighand->siglock); // XXX sparse can't model conditional release |
8930 |
+ return false; |
8931 |
+ } |
8932 |
+ } |
8933 |
+@@ -2913,7 +2940,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) |
8934 |
int error = -ESRCH; |
8935 |
|
8936 |
rcu_read_lock(); |
8937 |
@@ -110730,7 +112039,7 @@ index 0f6bbbe..d77d2c3 100644 |
8938 |
if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { |
8939 |
error = check_kill_permission(sig, info, p); |
8940 |
/* |
8941 |
-@@ -3242,8 +3273,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, |
8942 |
+@@ -3242,8 +3277,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, |
8943 |
} |
8944 |
seg = get_fs(); |
8945 |
set_fs(KERNEL_DS); |
8946 |
@@ -112435,6 +113744,20 @@ index 7d567a4..407a28d 100644 |
8947 |
|
8948 |
mutex_lock(&syscall_trace_lock); |
8949 |
sys_perf_refcount_exit--; |
8950 |
+diff --git a/kernel/user.c b/kernel/user.c |
8951 |
+index b069ccb..c59fe26 100644 |
8952 |
+--- a/kernel/user.c |
8953 |
++++ b/kernel/user.c |
8954 |
+@@ -127,8 +127,8 @@ static struct user_struct *uid_hash_find(kuid_t uid, struct hlist_head *hashent) |
8955 |
+ * IRQ state (as stored in flags) is restored and uidhash_lock released |
8956 |
+ * upon function exit. |
8957 |
+ */ |
8958 |
++static void free_user(struct user_struct *up, unsigned long flags) __releases(&uidhash_lock); |
8959 |
+ static void free_user(struct user_struct *up, unsigned long flags) |
8960 |
+- __releases(&uidhash_lock) |
8961 |
+ { |
8962 |
+ uid_hash_remove(up); |
8963 |
+ spin_unlock_irqrestore(&uidhash_lock, flags); |
8964 |
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c |
8965 |
index 4109f83..fe1f830 100644 |
8966 |
--- a/kernel/user_namespace.c |
8967 |
@@ -112497,10 +113820,32 @@ index a6ffa43..e48103b 100644 |
8968 |
.thread_should_run = watchdog_should_run, |
8969 |
.thread_fn = watchdog, |
8970 |
diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
8971 |
-index 1de0f5fab..dbf1ec6 100644 |
8972 |
+index 1de0f5fab..74907c6 100644 |
8973 |
--- a/kernel/workqueue.c |
8974 |
+++ b/kernel/workqueue.c |
8975 |
-@@ -4452,7 +4452,7 @@ static void rebind_workers(struct worker_pool *pool) |
8976 |
+@@ -1858,9 +1858,8 @@ static void pool_mayday_timeout(unsigned long __pool) |
8977 |
+ * multiple times. Does GFP_KERNEL allocations. Called only from |
8978 |
+ * manager. |
8979 |
+ */ |
8980 |
++static void maybe_create_worker(struct worker_pool *pool) __must_hold(&pool->lock); |
8981 |
+ static void maybe_create_worker(struct worker_pool *pool) |
8982 |
+-__releases(&pool->lock) |
8983 |
+-__acquires(&pool->lock) |
8984 |
+ { |
8985 |
+ restart: |
8986 |
+ spin_unlock_irq(&pool->lock); |
8987 |
+@@ -1950,9 +1949,8 @@ static bool manage_workers(struct worker *worker) |
8988 |
+ * CONTEXT: |
8989 |
+ * spin_lock_irq(pool->lock) which is released and regrabbed. |
8990 |
+ */ |
8991 |
++static void process_one_work(struct worker *worker, struct work_struct *work) __must_hold(&pool->lock); |
8992 |
+ static void process_one_work(struct worker *worker, struct work_struct *work) |
8993 |
+-__releases(&pool->lock) |
8994 |
+-__acquires(&pool->lock) |
8995 |
+ { |
8996 |
+ struct pool_workqueue *pwq = get_work_pwq(work); |
8997 |
+ struct worker_pool *pool = worker->pool; |
8998 |
+@@ -4452,7 +4450,7 @@ static void rebind_workers(struct worker_pool *pool) |
8999 |
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); |
9000 |
worker_flags |= WORKER_REBOUND; |
9001 |
worker_flags &= ~WORKER_UNBOUND; |
9002 |
@@ -113280,6 +114625,30 @@ index 1356454..70ce6c6 100644 |
9003 |
}; |
9004 |
|
9005 |
void rb_insert_color(struct rb_node *node, struct rb_root *root) |
9006 |
+diff --git a/lib/rhashtable.c b/lib/rhashtable.c |
9007 |
+index cc0c697..935eddb 100644 |
9008 |
+--- a/lib/rhashtable.c |
9009 |
++++ b/lib/rhashtable.c |
9010 |
+@@ -545,8 +545,8 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_exit); |
9011 |
+ * will rewind back to the beginning and you may use it immediately |
9012 |
+ * by calling rhashtable_walk_next. |
9013 |
+ */ |
9014 |
++int rhashtable_walk_start(struct rhashtable_iter *iter) __acquires(RCU); |
9015 |
+ int rhashtable_walk_start(struct rhashtable_iter *iter) |
9016 |
+- __acquires(RCU) |
9017 |
+ { |
9018 |
+ struct rhashtable *ht = iter->ht; |
9019 |
+ |
9020 |
+@@ -632,8 +632,8 @@ EXPORT_SYMBOL_GPL(rhashtable_walk_next); |
9021 |
+ * |
9022 |
+ * Finish a hash table walk. |
9023 |
+ */ |
9024 |
++void rhashtable_walk_stop(struct rhashtable_iter *iter) __releases(RCU); |
9025 |
+ void rhashtable_walk_stop(struct rhashtable_iter *iter) |
9026 |
+- __releases(RCU) |
9027 |
+ { |
9028 |
+ struct rhashtable *ht; |
9029 |
+ struct bucket_table *tbl = iter->walker->tbl; |
9030 |
diff --git a/lib/show_mem.c b/lib/show_mem.c |
9031 |
index adc98e18..0ce83c2 100644 |
9032 |
--- a/lib/show_mem.c |
9033 |
@@ -116786,7 +118155,7 @@ index 2dd7448..9bb6305 100644 |
9034 |
|
9035 |
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ |
9036 |
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c |
9037 |
-index e88d071..d80e01a 100644 |
9038 |
+index e88d071..4043093 100644 |
9039 |
--- a/mm/process_vm_access.c |
9040 |
+++ b/mm/process_vm_access.c |
9041 |
@@ -13,6 +13,7 @@ |
9042 |
@@ -116824,18 +118193,20 @@ index e88d071..d80e01a 100644 |
9043 |
} |
9044 |
|
9045 |
if (nr_pages == 0) |
9046 |
-@@ -194,6 +195,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter, |
9047 |
+@@ -194,7 +195,12 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter, |
9048 |
goto free_proc_pages; |
9049 |
} |
9050 |
|
9051 |
+- mm = mm_access(task, PTRACE_MODE_ATTACH); |
9052 |
+ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) { |
9053 |
+ rc = -EPERM; |
9054 |
+ goto put_task_struct; |
9055 |
+ } |
9056 |
+ |
9057 |
- mm = mm_access(task, PTRACE_MODE_ATTACH); |
9058 |
++ mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); |
9059 |
if (!mm || IS_ERR(mm)) { |
9060 |
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; |
9061 |
+ /* |
9062 |
diff --git a/mm/rmap.c b/mm/rmap.c |
9063 |
index 171b687..1a4b7e8 100644 |
9064 |
--- a/mm/rmap.c |
9065 |
@@ -119556,9 +120927,18 @@ index e3be1d2..254c555 100644 |
9066 |
|
9067 |
switch (ss->ss_family) { |
9068 |
diff --git a/net/compat.c b/net/compat.c |
9069 |
-index 5cfd26a..7e43828 100644 |
9070 |
+index 5cfd26a..3c50cb0 100644 |
9071 |
--- a/net/compat.c |
9072 |
+++ b/net/compat.c |
9073 |
+@@ -58,7 +58,7 @@ int get_compat_msghdr(struct msghdr *kmsg, |
9074 |
+ |
9075 |
+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
9076 |
+ kmsg->msg_namelen = sizeof(struct sockaddr_storage); |
9077 |
+- kmsg->msg_control = compat_ptr(tmp3); |
9078 |
++ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3); |
9079 |
+ |
9080 |
+ if (save_addr) |
9081 |
+ *save_addr = compat_ptr(uaddr); |
9082 |
@@ -98,20 +98,20 @@ int get_compat_msghdr(struct msghdr *kmsg, |
9083 |
|
9084 |
#define CMSG_COMPAT_FIRSTHDR(msg) \ |
9085 |
@@ -120637,10 +122017,10 @@ index 2d9cb17..20ae904 100644 |
9086 |
#endif |
9087 |
if (dflt != &ipv4_devconf_dflt) |
9088 |
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c |
9089 |
-index 6bbc549..28d74951 100644 |
9090 |
+index d7116cf..a561739 100644 |
9091 |
--- a/net/ipv4/fib_frontend.c |
9092 |
+++ b/net/ipv4/fib_frontend.c |
9093 |
-@@ -1083,12 +1083,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, |
9094 |
+@@ -1084,12 +1084,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, |
9095 |
#ifdef CONFIG_IP_ROUTE_MULTIPATH |
9096 |
fib_sync_up(dev, RTNH_F_DEAD); |
9097 |
#endif |
9098 |
@@ -120655,7 +122035,7 @@ index 6bbc549..28d74951 100644 |
9099 |
if (!ifa->ifa_dev->ifa_list) { |
9100 |
/* Last address was deleted from this interface. |
9101 |
* Disable IP. |
9102 |
-@@ -1127,7 +1127,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo |
9103 |
+@@ -1128,7 +1128,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo |
9104 |
#ifdef CONFIG_IP_ROUTE_MULTIPATH |
9105 |
fib_sync_up(dev, RTNH_F_DEAD); |
9106 |
#endif |
9107 |
@@ -120665,7 +122045,7 @@ index 6bbc549..28d74951 100644 |
9108 |
break; |
9109 |
case NETDEV_DOWN: |
9110 |
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c |
9111 |
-index 3a06586..1020c5b 100644 |
9112 |
+index 71bad5c..114aaa3 100644 |
9113 |
--- a/net/ipv4/fib_semantics.c |
9114 |
+++ b/net/ipv4/fib_semantics.c |
9115 |
@@ -755,7 +755,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) |
9116 |
@@ -121320,7 +122700,7 @@ index e681b85..8a43a65 100644 |
9117 |
ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL); |
9118 |
if (!ip_tstamps) |
9119 |
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c |
9120 |
-index 0330ab2..4745d2c 100644 |
9121 |
+index a1442c5..73a63cd 100644 |
9122 |
--- a/net/ipv4/sysctl_net_ipv4.c |
9123 |
+++ b/net/ipv4/sysctl_net_ipv4.c |
9124 |
@@ -66,7 +66,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, |
9125 |
@@ -121715,6 +123095,19 @@ index 1b8c5ba..e1f0542 100644 |
9126 |
} |
9127 |
|
9128 |
int udp4_seq_show(struct seq_file *seq, void *v) |
9129 |
+diff --git a/net/ipv4/xfrm4_mode_transport.c b/net/ipv4/xfrm4_mode_transport.c |
9130 |
+index fd840c7..b517627 100644 |
9131 |
+--- a/net/ipv4/xfrm4_mode_transport.c |
9132 |
++++ b/net/ipv4/xfrm4_mode_transport.c |
9133 |
+@@ -18,7 +18,7 @@ |
9134 |
+ * The IP header will be moved forward to make space for the encapsulation |
9135 |
+ * header. |
9136 |
+ */ |
9137 |
+-static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb) |
9138 |
++static int __intentional_overflow(0) xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb) |
9139 |
+ { |
9140 |
+ struct iphdr *iph = ip_hdr(skb); |
9141 |
+ int ihl = iph->ihl * 4; |
9142 |
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c |
9143 |
index bff6974..c63736c 100644 |
9144 |
--- a/net/ipv4/xfrm4_policy.c |
9145 |
@@ -121769,7 +123162,7 @@ index bff6974..c63736c 100644 |
9146 |
return -ENOMEM; |
9147 |
} |
9148 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
9149 |
-index 21c2c81..373c1ba 100644 |
9150 |
+index c8c1fea..233a855 100644 |
9151 |
--- a/net/ipv6/addrconf.c |
9152 |
+++ b/net/ipv6/addrconf.c |
9153 |
@@ -178,7 +178,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { |
9154 |
@@ -121790,7 +123183,7 @@ index 21c2c81..373c1ba 100644 |
9155 |
.autoconf = 1, |
9156 |
.force_mld_version = 0, |
9157 |
.mldv1_unsolicited_report_interval = 10 * HZ, |
9158 |
-@@ -620,7 +620,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
9159 |
+@@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
9160 |
idx = 0; |
9161 |
head = &net->dev_index_head[h]; |
9162 |
rcu_read_lock(); |
9163 |
@@ -121799,7 +123192,7 @@ index 21c2c81..373c1ba 100644 |
9164 |
net->dev_base_seq; |
9165 |
hlist_for_each_entry_rcu(dev, head, index_hlist) { |
9166 |
if (idx < s_idx) |
9167 |
-@@ -2508,7 +2508,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
9168 |
+@@ -2509,7 +2509,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
9169 |
p.iph.ihl = 5; |
9170 |
p.iph.protocol = IPPROTO_IPV6; |
9171 |
p.iph.ttl = 64; |
9172 |
@@ -121808,7 +123201,7 @@ index 21c2c81..373c1ba 100644 |
9173 |
|
9174 |
if (ops->ndo_do_ioctl) { |
9175 |
mm_segment_t oldfs = get_fs(); |
9176 |
-@@ -3774,16 +3774,23 @@ static const struct file_operations if6_fops = { |
9177 |
+@@ -3775,16 +3775,23 @@ static const struct file_operations if6_fops = { |
9178 |
.release = seq_release_net, |
9179 |
}; |
9180 |
|
9181 |
@@ -121833,7 +123226,7 @@ index 21c2c81..373c1ba 100644 |
9182 |
} |
9183 |
|
9184 |
static struct pernet_operations if6_proc_net_ops = { |
9185 |
-@@ -4402,7 +4409,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, |
9186 |
+@@ -4403,7 +4410,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, |
9187 |
s_ip_idx = ip_idx = cb->args[2]; |
9188 |
|
9189 |
rcu_read_lock(); |
9190 |
@@ -121842,7 +123235,7 @@ index 21c2c81..373c1ba 100644 |
9191 |
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { |
9192 |
idx = 0; |
9193 |
head = &net->dev_index_head[h]; |
9194 |
-@@ -5059,7 +5066,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
9195 |
+@@ -5060,7 +5067,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
9196 |
rt_genid_bump_ipv6(net); |
9197 |
break; |
9198 |
} |
9199 |
@@ -121851,7 +123244,7 @@ index 21c2c81..373c1ba 100644 |
9200 |
} |
9201 |
|
9202 |
static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
9203 |
-@@ -5079,7 +5086,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, |
9204 |
+@@ -5080,7 +5087,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, |
9205 |
int *valp = ctl->data; |
9206 |
int val = *valp; |
9207 |
loff_t pos = *ppos; |
9208 |
@@ -121860,7 +123253,7 @@ index 21c2c81..373c1ba 100644 |
9209 |
int ret; |
9210 |
|
9211 |
/* |
9212 |
-@@ -5104,7 +5111,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, |
9213 |
+@@ -5105,7 +5112,7 @@ int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, |
9214 |
{ |
9215 |
struct inet6_dev *idev = ctl->extra1; |
9216 |
int min_mtu = IPV6_MIN_MTU; |
9217 |
@@ -121869,7 +123262,7 @@ index 21c2c81..373c1ba 100644 |
9218 |
|
9219 |
lctl = *ctl; |
9220 |
lctl.extra1 = &min_mtu; |
9221 |
-@@ -5179,7 +5186,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, |
9222 |
+@@ -5180,7 +5187,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, |
9223 |
int *valp = ctl->data; |
9224 |
int val = *valp; |
9225 |
loff_t pos = *ppos; |
9226 |
@@ -121878,7 +123271,7 @@ index 21c2c81..373c1ba 100644 |
9227 |
int ret; |
9228 |
|
9229 |
/* |
9230 |
-@@ -5244,7 +5251,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, |
9231 |
+@@ -5245,7 +5252,7 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, |
9232 |
int err; |
9233 |
struct in6_addr addr; |
9234 |
char str[IPV6_MAX_STRLEN]; |
9235 |
@@ -122347,7 +123740,7 @@ index dd6ebba..69d56e8 100644 |
9236 |
table = kmemdup(ipv6_route_table_template, |
9237 |
sizeof(ipv6_route_table_template), |
9238 |
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c |
9239 |
-index ac35a28..070cc8c 100644 |
9240 |
+index 85c4b2f..4e2062f 100644 |
9241 |
--- a/net/ipv6/sit.c |
9242 |
+++ b/net/ipv6/sit.c |
9243 |
@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); |
9244 |
@@ -122359,7 +123752,7 @@ index ac35a28..070cc8c 100644 |
9245 |
|
9246 |
static int sit_net_id __read_mostly; |
9247 |
struct sit_net { |
9248 |
-@@ -1749,7 +1749,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) |
9249 |
+@@ -1735,7 +1735,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) |
9250 |
unregister_netdevice_queue(dev, head); |
9251 |
} |
9252 |
|
9253 |
@@ -122652,19 +124045,6 @@ index 683346d..cb0e12d 100644 |
9254 |
seq_printf(m, "Max data size: %d\n", self->max_data_size); |
9255 |
seq_printf(m, "Max header size: %d\n", self->max_header_size); |
9256 |
|
9257 |
-diff --git a/net/irda/irlmp.c b/net/irda/irlmp.c |
9258 |
-index a26c401..4396459 100644 |
9259 |
---- a/net/irda/irlmp.c |
9260 |
-+++ b/net/irda/irlmp.c |
9261 |
-@@ -1839,7 +1839,7 @@ static void *irlmp_seq_hb_idx(struct irlmp_iter_state *iter, loff_t *off) |
9262 |
- for (element = hashbin_get_first(iter->hashbin); |
9263 |
- element != NULL; |
9264 |
- element = hashbin_get_next(iter->hashbin)) { |
9265 |
-- if (!off || *off-- == 0) { |
9266 |
-+ if (!off || (*off)-- == 0) { |
9267 |
- /* NB: hashbin left locked */ |
9268 |
- return element; |
9269 |
- } |
9270 |
diff --git a/net/irda/irproc.c b/net/irda/irproc.c |
9271 |
index b9ac598..f88cc56 100644 |
9272 |
--- a/net/irda/irproc.c |
9273 |
@@ -123043,7 +124423,7 @@ index 666ddac..0cad93b 100644 |
9274 |
goto free; |
9275 |
|
9276 |
diff --git a/net/mac80211/util.c b/net/mac80211/util.c |
9277 |
-index 43e5aad..d117c3a 100644 |
9278 |
+index f5fa8c0..c24eae8 100644 |
9279 |
--- a/net/mac80211/util.c |
9280 |
+++ b/net/mac80211/util.c |
9281 |
@@ -1761,7 +1761,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) |
9282 |
@@ -123682,7 +125062,7 @@ index 11de55e..f25e448 100644 |
9283 |
return 0; |
9284 |
} |
9285 |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
9286 |
-index a133d16..fafee70 100644 |
9287 |
+index 8b158f7..c43cfdb 100644 |
9288 |
--- a/net/netlink/af_netlink.c |
9289 |
+++ b/net/netlink/af_netlink.c |
9290 |
@@ -286,7 +286,7 @@ static void netlink_overrun(struct sock *sk) |
9291 |
@@ -123779,7 +125159,7 @@ index bc85331..0d3dce0 100644 |
9292 |
/** |
9293 |
* struct vport_portids - array of netlink portids of a vport. |
9294 |
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
9295 |
-index 7851b12..b665c0c 100644 |
9296 |
+index 71cb085..89e2202 100644 |
9297 |
--- a/net/packet/af_packet.c |
9298 |
+++ b/net/packet/af_packet.c |
9299 |
@@ -277,7 +277,7 @@ static int packet_direct_xmit(struct sk_buff *skb) |
9300 |
@@ -123800,7 +125180,7 @@ index 7851b12..b665c0c 100644 |
9301 |
spin_unlock(&sk->sk_receive_queue.lock); |
9302 |
|
9303 |
drop_n_restore: |
9304 |
-@@ -3616,7 +3616,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, |
9305 |
+@@ -3634,7 +3634,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, |
9306 |
case PACKET_HDRLEN: |
9307 |
if (len > sizeof(int)) |
9308 |
len = sizeof(int); |
9309 |
@@ -123809,7 +125189,7 @@ index 7851b12..b665c0c 100644 |
9310 |
return -EFAULT; |
9311 |
switch (val) { |
9312 |
case TPACKET_V1: |
9313 |
-@@ -3671,7 +3671,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, |
9314 |
+@@ -3689,7 +3689,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, |
9315 |
len = lv; |
9316 |
if (put_user(len, optlen)) |
9317 |
return -EFAULT; |
9318 |
@@ -128067,10 +129447,29 @@ index dec607c..2f291ad9 100644 |
9319 |
d_backing_inode(old_dentry)->i_mode |
9320 |
}; |
9321 |
diff --git a/security/commoncap.c b/security/commoncap.c |
9322 |
-index d103f5a4..3f7369a 100644 |
9323 |
+index d103f5a4..cedcad8 100644 |
9324 |
--- a/security/commoncap.c |
9325 |
+++ b/security/commoncap.c |
9326 |
-@@ -422,6 +422,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data |
9327 |
+@@ -137,12 +137,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) |
9328 |
+ { |
9329 |
+ int ret = 0; |
9330 |
+ const struct cred *cred, *child_cred; |
9331 |
++ const kernel_cap_t *caller_caps; |
9332 |
+ |
9333 |
+ rcu_read_lock(); |
9334 |
+ cred = current_cred(); |
9335 |
+ child_cred = __task_cred(child); |
9336 |
++ if (mode & PTRACE_MODE_FSCREDS) |
9337 |
++ caller_caps = &cred->cap_effective; |
9338 |
++ else |
9339 |
++ caller_caps = &cred->cap_permitted; |
9340 |
+ if (cred->user_ns == child_cred->user_ns && |
9341 |
+- cap_issubset(child_cred->cap_permitted, cred->cap_permitted)) |
9342 |
++ cap_issubset(child_cred->cap_permitted, *caller_caps)) |
9343 |
+ goto out; |
9344 |
+ if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) |
9345 |
+ goto out; |
9346 |
+@@ -422,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data |
9347 |
return 0; |
9348 |
} |
9349 |
|
9350 |
@@ -128103,7 +129502,7 @@ index d103f5a4..3f7369a 100644 |
9351 |
/* |
9352 |
* Attempt to get the on-exec apply capability sets for an executable file from |
9353 |
* its xattrs and, if present, apply them to the proposed credentials being |
9354 |
-@@ -586,6 +612,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) |
9355 |
+@@ -586,6 +617,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) |
9356 |
const struct cred *cred = current_cred(); |
9357 |
kuid_t root_uid = make_kuid(cred->user_ns, 0); |
9358 |
|
9359 |
@@ -128173,6 +129572,29 @@ index 552705d..9920f4fb 100644 |
9360 |
key = ima_hash_key(entry->digest); |
9361 |
hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); |
9362 |
return 0; |
9363 |
+diff --git a/security/keys/internal.h b/security/keys/internal.h |
9364 |
+index 5105c2c..fd59e52 100644 |
9365 |
+--- a/security/keys/internal.h |
9366 |
++++ b/security/keys/internal.h |
9367 |
+@@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype); |
9368 |
+ |
9369 |
+ extern int __key_link_begin(struct key *keyring, |
9370 |
+ const struct keyring_index_key *index_key, |
9371 |
+- struct assoc_array_edit **_edit); |
9372 |
++ struct assoc_array_edit **_edit) |
9373 |
++ __acquires(&keyring->sem) |
9374 |
++ __acquires(&keyring_serialise_link_sem); |
9375 |
+ extern int __key_link_check_live_key(struct key *keyring, struct key *key); |
9376 |
+ extern void __key_link(struct key *key, struct assoc_array_edit **_edit); |
9377 |
+ extern void __key_link_end(struct key *keyring, |
9378 |
+ const struct keyring_index_key *index_key, |
9379 |
+- struct assoc_array_edit *edit); |
9380 |
++ struct assoc_array_edit *edit) |
9381 |
++ __releases(&keyring->sem) |
9382 |
++ __releases(&keyring_serialise_link_sem); |
9383 |
+ |
9384 |
+ extern key_ref_t find_key_to_update(key_ref_t keyring_ref, |
9385 |
+ const struct keyring_index_key *index_key); |
9386 |
diff --git a/security/keys/key.c b/security/keys/key.c |
9387 |
index aee2ec5..c276071 100644 |
9388 |
--- a/security/keys/key.c |
9389 |
@@ -128230,6 +129652,28 @@ index aee2ec5..c276071 100644 |
9390 |
|
9391 |
/* record the root user tracking */ |
9392 |
rb_link_node(&root_key_user.node, |
9393 |
+diff --git a/security/keys/keyring.c b/security/keys/keyring.c |
9394 |
+index d334370..b03e5a8 100644 |
9395 |
+--- a/security/keys/keyring.c |
9396 |
++++ b/security/keys/keyring.c |
9397 |
+@@ -1071,8 +1071,6 @@ static int keyring_detect_cycle(struct key *A, struct key *B) |
9398 |
+ int __key_link_begin(struct key *keyring, |
9399 |
+ const struct keyring_index_key *index_key, |
9400 |
+ struct assoc_array_edit **_edit) |
9401 |
+- __acquires(&keyring->sem) |
9402 |
+- __acquires(&keyring_serialise_link_sem) |
9403 |
+ { |
9404 |
+ struct assoc_array_edit *edit; |
9405 |
+ int ret; |
9406 |
+@@ -1172,8 +1170,6 @@ void __key_link(struct key *key, struct assoc_array_edit **_edit) |
9407 |
+ void __key_link_end(struct key *keyring, |
9408 |
+ const struct keyring_index_key *index_key, |
9409 |
+ struct assoc_array_edit *edit) |
9410 |
+- __releases(&keyring->sem) |
9411 |
+- __releases(&keyring_serialise_link_sem) |
9412 |
+ { |
9413 |
+ BUG_ON(index_key->type == NULL); |
9414 |
+ kenter("%d,%s,", keyring->serial, index_key->type->name); |
9415 |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c |
9416 |
index 486ef6f..0d62531 100644 |
9417 |
--- a/security/keys/request_key.c |
9418 |
@@ -128308,6 +129752,26 @@ index 1450f85..a91e0bc 100644 |
9419 |
rt_genid_bump_all(net); |
9420 |
} |
9421 |
rtnl_unlock(); |
9422 |
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c |
9423 |
+index a143328..0c29901 100644 |
9424 |
+--- a/security/smack/smack_lsm.c |
9425 |
++++ b/security/smack/smack_lsm.c |
9426 |
+@@ -358,12 +358,10 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, |
9427 |
+ */ |
9428 |
+ static inline unsigned int smk_ptrace_mode(unsigned int mode) |
9429 |
+ { |
9430 |
+- switch (mode) { |
9431 |
+- case PTRACE_MODE_READ: |
9432 |
+- return MAY_READ; |
9433 |
+- case PTRACE_MODE_ATTACH: |
9434 |
++ if (mode & PTRACE_MODE_ATTACH) |
9435 |
+ return MAY_READWRITE; |
9436 |
+- } |
9437 |
++ if (mode & PTRACE_MODE_READ) |
9438 |
++ return MAY_READ; |
9439 |
+ |
9440 |
+ return 0; |
9441 |
+ } |
9442 |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c |
9443 |
index 2367b10..a0c3c51 100644 |
9444 |
--- a/security/tomoyo/file.c |
9445 |
@@ -128467,9 +129931,27 @@ index 3123e1d..951f48d 100644 |
9446 |
help |
9447 |
This selects Yama, which extends DAC support with additional |
9448 |
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c |
9449 |
-index 5ebb896..68147a2 100644 |
9450 |
+index 5ebb896..6da9ba8 100644 |
9451 |
--- a/security/yama/yama_lsm.c |
9452 |
+++ b/security/yama/yama_lsm.c |
9453 |
+@@ -281,7 +281,7 @@ static int yama_ptrace_access_check(struct task_struct *child, |
9454 |
+ int rc = 0; |
9455 |
+ |
9456 |
+ /* require ptrace target be a child of ptracer on attach */ |
9457 |
+- if (mode == PTRACE_MODE_ATTACH) { |
9458 |
++ if (mode & PTRACE_MODE_ATTACH) { |
9459 |
+ switch (ptrace_scope) { |
9460 |
+ case YAMA_SCOPE_DISABLED: |
9461 |
+ /* No additional restrictions. */ |
9462 |
+@@ -307,7 +307,7 @@ static int yama_ptrace_access_check(struct task_struct *child, |
9463 |
+ } |
9464 |
+ } |
9465 |
+ |
9466 |
+- if (rc) { |
9467 |
++ if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) { |
9468 |
+ printk_ratelimited(KERN_NOTICE |
9469 |
+ "ptrace of pid %d was attempted by: %s (pid %d)\n", |
9470 |
+ child->pid, current->comm, current->pid); |
9471 |
@@ -362,7 +362,7 @@ void __init yama_add_hooks(void) |
9472 |
static int yama_dointvec_minmax(struct ctl_table *table, int write, |
9473 |
void __user *buffer, size_t *lenp, loff_t *ppos) |
9474 |
@@ -128629,6 +130111,88 @@ index 75888dd..c940854 100644 |
9475 |
break; |
9476 |
default: |
9477 |
result = -EINVAL; |
9478 |
+diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c |
9479 |
+index b64f20d..aff6c32 100644 |
9480 |
+--- a/sound/core/seq/seq_clientmgr.c |
9481 |
++++ b/sound/core/seq/seq_clientmgr.c |
9482 |
+@@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count, |
9483 |
+ count -= sizeof(struct snd_seq_event); |
9484 |
+ buf += sizeof(struct snd_seq_event); |
9485 |
+ err = snd_seq_expand_var_event(&cell->event, count, |
9486 |
+- (char __force *)buf, 0, |
9487 |
++ (char __force_kernel *)buf, 0, |
9488 |
+ sizeof(struct snd_seq_event)); |
9489 |
+ if (err < 0) |
9490 |
+ break; |
9491 |
+@@ -1059,13 +1059,13 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf, |
9492 |
+ } |
9493 |
+ /* set user space pointer */ |
9494 |
+ event.data.ext.len = extlen | SNDRV_SEQ_EXT_USRPTR; |
9495 |
+- event.data.ext.ptr = (char __force *)buf |
9496 |
++ event.data.ext.ptr = (char __force_kernel *)buf |
9497 |
+ + sizeof(struct snd_seq_event); |
9498 |
+ len += extlen; /* increment data length */ |
9499 |
+ } else { |
9500 |
+ #ifdef CONFIG_COMPAT |
9501 |
+ if (client->convert32 && snd_seq_ev_is_varusr(&event)) { |
9502 |
+- void *ptr = (void __force *)compat_ptr(event.data.raw32.d[1]); |
9503 |
++ void *ptr = (void __force_kernel *)compat_ptr(event.data.raw32.d[1]); |
9504 |
+ event.data.ext.ptr = ptr; |
9505 |
+ } |
9506 |
+ #endif |
9507 |
+@@ -2420,7 +2420,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg) |
9508 |
+ if (client == NULL) |
9509 |
+ return -ENXIO; |
9510 |
+ fs = snd_enter_user(); |
9511 |
+- result = snd_seq_do_ioctl(client, cmd, (void __force __user *)arg); |
9512 |
++ result = snd_seq_do_ioctl(client, cmd, (void __force_user *)arg); |
9513 |
+ snd_leave_user(fs); |
9514 |
+ return result; |
9515 |
+ } |
9516 |
+diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c |
9517 |
+index 81f7c10..296bd6fd 100644 |
9518 |
+--- a/sound/core/seq/seq_compat.c |
9519 |
++++ b/sound/core/seq/seq_compat.c |
9520 |
+@@ -59,7 +59,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned |
9521 |
+ data->kernel = NULL; |
9522 |
+ |
9523 |
+ fs = snd_enter_user(); |
9524 |
+- err = snd_seq_do_ioctl(client, cmd, data); |
9525 |
++ err = snd_seq_do_ioctl(client, cmd, (void __force_user *)data); |
9526 |
+ snd_leave_user(fs); |
9527 |
+ if (err < 0) |
9528 |
+ goto error; |
9529 |
+diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c |
9530 |
+index 8010766..4bd361f 100644 |
9531 |
+--- a/sound/core/seq/seq_memory.c |
9532 |
++++ b/sound/core/seq/seq_memory.c |
9533 |
+@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event, |
9534 |
+ |
9535 |
+ if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) { |
9536 |
+ char buf[32]; |
9537 |
+- char __user *curptr = (char __force __user *)event->data.ext.ptr; |
9538 |
++ char __user *curptr = (char __force_user *)event->data.ext.ptr; |
9539 |
+ while (len > 0) { |
9540 |
+ int size = sizeof(buf); |
9541 |
+ if (len < size) |
9542 |
+@@ -158,7 +158,7 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char |
9543 |
+ if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) { |
9544 |
+ if (! in_kernel) |
9545 |
+ return -EINVAL; |
9546 |
+- if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len)) |
9547 |
++ if (copy_from_user(buf, (void __force_user *)event->data.ext.ptr, len)) |
9548 |
+ return -EFAULT; |
9549 |
+ return newlen; |
9550 |
+ } |
9551 |
+@@ -344,7 +344,7 @@ int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event, |
9552 |
+ tmp->event = src->event; |
9553 |
+ src = src->next; |
9554 |
+ } else if (is_usrptr) { |
9555 |
+- if (copy_from_user(&tmp->event, (char __force __user *)buf, size)) { |
9556 |
++ if (copy_from_user(&tmp->event, (char __force_user *)buf, size)) { |
9557 |
+ err = -EFAULT; |
9558 |
+ goto __error; |
9559 |
+ } |
9560 |
diff --git a/sound/core/sound.c b/sound/core/sound.c |
9561 |
index 175f9e4..3518d31 100644 |
9562 |
--- a/sound/core/sound.c |
9563 |
@@ -129251,12 +130815,12 @@ index 0000000..4945d82 |
9564 |
+targets += randomize_layout_seed.h randomize_layout_hash.h |
9565 |
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c |
9566 |
new file mode 100644 |
9567 |
-index 0000000..5452feea |
9568 |
+index 0000000..1264799f |
9569 |
--- /dev/null |
9570 |
+++ b/tools/gcc/checker_plugin.c |
9571 |
-@@ -0,0 +1,150 @@ |
9572 |
+@@ -0,0 +1,549 @@ |
9573 |
+/* |
9574 |
-+ * Copyright 2011-2014 by the PaX Team <pageexec@××××××××.hu> |
9575 |
++ * Copyright 2011-2015 by the PaX Team <pageexec@××××××××.hu> |
9576 |
+ * Licensed under the GPL v2 |
9577 |
+ * |
9578 |
+ * Note: the choice of the license means that the compilation process is |
9579 |
@@ -129285,8 +130849,9 @@ index 0000000..5452feea |
9580 |
+int plugin_is_GPL_compatible; |
9581 |
+ |
9582 |
+static struct plugin_info checker_plugin_info = { |
9583 |
-+ .version = "201304082245", |
9584 |
-+ .help = NULL, |
9585 |
++ .version = "201512100145", |
9586 |
++ .help = "user\tturn on user/kernel address space checking\n" |
9587 |
++ "context\tturn on locking context checking\n" |
9588 |
+}; |
9589 |
+ |
9590 |
+#define ADDR_SPACE_KERNEL 0 |
9591 |
@@ -129381,12 +130946,395 @@ index 0000000..5452feea |
9592 |
+ targetm.addr_space.convert = checker_addr_space_convert; |
9593 |
+} |
9594 |
+ |
9595 |
++static bool split_context_attribute(tree args, tree *lock, tree *in, tree *out) |
9596 |
++{ |
9597 |
++ *in = TREE_VALUE(args); |
9598 |
++ |
9599 |
++ if (TREE_CODE(*in) != INTEGER_CST) { |
9600 |
++ *lock = *in; |
9601 |
++ args = TREE_CHAIN(args); |
9602 |
++ *in = TREE_VALUE(args); |
9603 |
++ } else |
9604 |
++ *lock = NULL_TREE; |
9605 |
++ |
9606 |
++ args = TREE_CHAIN(args); |
9607 |
++ if (*lock && !args) |
9608 |
++ return false; |
9609 |
++ |
9610 |
++ *out = TREE_VALUE(args); |
9611 |
++ return true; |
9612 |
++} |
9613 |
++ |
9614 |
++static tree handle_context_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) |
9615 |
++{ |
9616 |
++ *no_add_attrs = true; |
9617 |
++ tree lock, in, out; |
9618 |
++ |
9619 |
++ if (TREE_CODE(*node) != FUNCTION_DECL) { |
9620 |
++ error("%qE attribute applies to functions only (%qD)", name, *node); |
9621 |
++ return NULL_TREE; |
9622 |
++ } |
9623 |
++ |
9624 |
++ if (!split_context_attribute(args, &lock, &in, &out)) { |
9625 |
++ error("%qE attribute needs two integers after the lock expression", name); |
9626 |
++ return NULL_TREE; |
9627 |
++ } |
9628 |
++ |
9629 |
++ if (TREE_CODE(in) != INTEGER_CST) { |
9630 |
++ error("the 'in' argument of the %qE attribute must be an integer (%qE)", name, in); |
9631 |
++ return NULL_TREE; |
9632 |
++ } |
9633 |
++ |
9634 |
++ if (TREE_CODE(out) != INTEGER_CST) { |
9635 |
++ error("the 'out' argument of the %qE attribute must be an integer (%qE)", name, out); |
9636 |
++ return NULL_TREE; |
9637 |
++ } |
9638 |
++ |
9639 |
++ *no_add_attrs = false; |
9640 |
++ return NULL_TREE; |
9641 |
++} |
9642 |
++ |
9643 |
++static struct attribute_spec context_attr = { |
9644 |
++ .name = "context", |
9645 |
++ .min_length = 2, |
9646 |
++ .max_length = 3, |
9647 |
++ .decl_required = true, |
9648 |
++ .type_required = false, |
9649 |
++ .function_type_required = false, |
9650 |
++ .handler = handle_context_attribute, |
9651 |
++#if BUILDING_GCC_VERSION >= 4007 |
9652 |
++ .affects_type_identity = true |
9653 |
++#endif |
9654 |
++}; |
9655 |
++ |
9656 |
++static void register_attributes(void *event_data, void *data) |
9657 |
++{ |
9658 |
++ register_attribute(&context_attr); |
9659 |
++} |
9660 |
++ |
9661 |
++static const char context_function[] = "__context__"; |
9662 |
++static GTY(()) tree context_function_decl; |
9663 |
++ |
9664 |
++static const char context_error[] = "__context_error__"; |
9665 |
++static GTY(()) tree context_error_decl; |
9666 |
++ |
9667 |
++static void context_start_unit(void __unused *gcc_data, void __unused *user_data) |
9668 |
++{ |
9669 |
++ tree fntype, attr; |
9670 |
++ |
9671 |
++ // void __context__(void *, int); |
9672 |
++ fntype = build_function_type_list(void_type_node, ptr_type_node, integer_type_node, NULL_TREE); |
9673 |
++ context_function_decl = build_fn_decl(context_function, fntype); |
9674 |
++ |
9675 |
++ TREE_PUBLIC(context_function_decl) = 1; |
9676 |
++ TREE_USED(context_function_decl) = 1; |
9677 |
++ DECL_EXTERNAL(context_function_decl) = 1; |
9678 |
++ DECL_ARTIFICIAL(context_function_decl) = 1; |
9679 |
++ DECL_PRESERVE_P(context_function_decl) = 1; |
9680 |
++// TREE_NOTHROW(context_function_decl) = 1; |
9681 |
++// DECL_UNINLINABLE(context_function_decl) = 1; |
9682 |
++ DECL_ASSEMBLER_NAME(context_function_decl); // for LTO |
9683 |
++ lang_hooks.decls.pushdecl(context_function_decl); |
9684 |
++ |
9685 |
++ // void __context_error__(const void *, int) __attribute__((error("context error"))); |
9686 |
++ fntype = build_function_type_list(void_type_node, const_ptr_type_node, integer_type_node, NULL_TREE); |
9687 |
++ context_error_decl = build_fn_decl(context_error, fntype); |
9688 |
++ |
9689 |
++ TREE_PUBLIC(context_error_decl) = 1; |
9690 |
++ TREE_USED(context_error_decl) = 1; |
9691 |
++ DECL_EXTERNAL(context_error_decl) = 1; |
9692 |
++ DECL_ARTIFICIAL(context_error_decl) = 1; |
9693 |
++ DECL_PRESERVE_P(context_error_decl) = 1; |
9694 |
++// TREE_NOTHROW(context_error_decl) = 1; |
9695 |
++// DECL_UNINLINABLE(context_error_decl) = 1; |
9696 |
++ TREE_THIS_VOLATILE(context_error_decl) = 1; |
9697 |
++ DECL_ASSEMBLER_NAME(context_error_decl); |
9698 |
++ |
9699 |
++ attr = tree_cons(NULL, build_string(14, "context error"), NULL); |
9700 |
++ attr = tree_cons(get_identifier("error"), attr, NULL); |
9701 |
++ decl_attributes(&context_error_decl, attr, 0); |
9702 |
++} |
9703 |
++ |
9704 |
++static bool gate_context(void) |
9705 |
++{ |
9706 |
++ tree context_attr; |
9707 |
++ |
9708 |
++return true; |
9709 |
++ |
9710 |
++ context_attr = lookup_attribute("context", DECL_ATTRIBUTES(current_function_decl)); |
9711 |
++ return context_attr != NULL_TREE; |
9712 |
++} |
9713 |
++ |
9714 |
++static basic_block verify_context_before(gimple_stmt_iterator *gsi, tree context, tree inout, tree error) |
9715 |
++{ |
9716 |
++ gimple stmt; |
9717 |
++ basic_block cond_bb, join_bb, true_bb; |
9718 |
++ edge e; |
9719 |
++ location_t loc; |
9720 |
++ const char *file; |
9721 |
++ int line; |
9722 |
++ size_t len; |
9723 |
++ tree filename; |
9724 |
++ |
9725 |
++ stmt = gsi_stmt(*gsi); |
9726 |
++ if (gimple_has_location(stmt)) { |
9727 |
++ loc = gimple_location(stmt); |
9728 |
++ file = gimple_filename(stmt); |
9729 |
++ line = gimple_lineno(stmt); |
9730 |
++ } else { |
9731 |
++ loc = DECL_SOURCE_LOCATION(current_function_decl); |
9732 |
++ file = DECL_SOURCE_FILE(current_function_decl); |
9733 |
++ line = DECL_SOURCE_LINE(current_function_decl); |
9734 |
++ } |
9735 |
++ gcc_assert(file); |
9736 |
++ |
9737 |
++ // if (context != count) __context_error__(__FILE__, __LINE__); |
9738 |
++ stmt = gimple_build_cond(NE_EXPR, context, inout, NULL_TREE, NULL_TREE); |
9739 |
++ gimple_set_location(stmt, loc); |
9740 |
++ gsi_insert_before(gsi, stmt, GSI_NEW_STMT); |
9741 |
++ |
9742 |
++ cond_bb = gsi_bb(*gsi); |
9743 |
++ gcc_assert(!gsi_end_p(*gsi)); |
9744 |
++ gcc_assert(stmt == gsi_stmt(*gsi)); |
9745 |
++ |
9746 |
++ e = split_block(cond_bb, gsi_stmt(*gsi)); |
9747 |
++ cond_bb = e->src; |
9748 |
++ join_bb = e->dest; |
9749 |
++ e->flags = EDGE_FALSE_VALUE; |
9750 |
++ e->probability = REG_BR_PROB_BASE; |
9751 |
++ |
9752 |
++ true_bb = create_empty_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb); |
9753 |
++ make_edge(cond_bb, true_bb, EDGE_TRUE_VALUE); |
9754 |
++ make_edge(true_bb, join_bb, EDGE_FALLTHRU); |
9755 |
++ |
9756 |
++ set_immediate_dominator(CDI_DOMINATORS, true_bb, cond_bb); |
9757 |
++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); |
9758 |
++ |
9759 |
++ gcc_assert(cond_bb->loop_father == join_bb->loop_father); |
9760 |
++ add_bb_to_loop(true_bb, cond_bb->loop_father); |
9761 |
++ |
9762 |
++ // insert call to builtin_trap or __context_error__ |
9763 |
++ *gsi = gsi_start_bb(true_bb); |
9764 |
++ |
9765 |
++// stmt = gimple_build_call(builtin_decl_implicit(BUILT_IN_TRAP), 0); |
9766 |
++ len = strlen(file) + 1; |
9767 |
++ filename = build_string(len, file); |
9768 |
++ TREE_TYPE(filename) = build_array_type(unsigned_char_type_node, build_index_type(size_int(len))); |
9769 |
++ filename = build1(ADDR_EXPR, const_ptr_type_node, filename); |
9770 |
++ stmt = gimple_build_call(error, 2, filename, build_int_cst(NULL_TREE, line)); |
9771 |
++ gimple_set_location(stmt, loc); |
9772 |
++ gsi_insert_after(gsi, stmt, GSI_CONTINUE_LINKING); |
9773 |
++ |
9774 |
++ *gsi = gsi_start_nondebug_bb(join_bb); |
9775 |
++ return join_bb; |
9776 |
++} |
9777 |
++ |
9778 |
++static void update_context(gimple_stmt_iterator *gsi, tree context, int diff) |
9779 |
++{ |
9780 |
++ gimple assign; |
9781 |
++ tree op; |
9782 |
++ |
9783 |
++ op = fold_build2_loc(UNKNOWN_LOCATION, PLUS_EXPR, integer_type_node, context, build_int_cst(integer_type_node, diff)); |
9784 |
++ assign = gimple_build_assign(context, op); |
9785 |
++ gsi_insert_after(gsi, assign, GSI_NEW_STMT); |
9786 |
++ update_stmt(assign); |
9787 |
++} |
9788 |
++ |
9789 |
++static basic_block track_context(basic_block bb, tree context) |
9790 |
++{ |
9791 |
++ gimple_stmt_iterator gsi; |
9792 |
++ gimple assign; |
9793 |
++ |
9794 |
++ // adjust context according to the context information on any call stmt |
9795 |
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { |
9796 |
++ gimple stmt = gsi_stmt(gsi); |
9797 |
++ tree fndecl, context_attr; |
9798 |
++ tree lock, in, out; |
9799 |
++ int incount, outcount; |
9800 |
++ |
9801 |
++ if (!is_gimple_call(stmt)) |
9802 |
++ continue; |
9803 |
++ |
9804 |
++ fndecl = gimple_call_fndecl(stmt); |
9805 |
++ if (!fndecl) |
9806 |
++ continue; |
9807 |
++ |
9808 |
++ if (fndecl == context_function_decl) { |
9809 |
++ unsigned int num_ops = gimple_num_ops(stmt); |
9810 |
++ int diff = tree_to_shwi(gimple_op(stmt, num_ops - 1)); |
9811 |
++ |
9812 |
++ gcc_assert(diff); |
9813 |
++ update_context(&gsi, context, diff); |
9814 |
++ continue; |
9815 |
++ } |
9816 |
++ |
9817 |
++ context_attr = lookup_attribute("context", DECL_ATTRIBUTES(fndecl)); |
9818 |
++ if (!context_attr) |
9819 |
++ continue; |
9820 |
++ |
9821 |
++ gcc_assert(split_context_attribute(TREE_VALUE(context_attr), &lock, &in, &out)); |
9822 |
++ incount = tree_to_shwi(in); |
9823 |
++ outcount = tree_to_shwi(out); |
9824 |
++ bb = verify_context_before(&gsi, context, in, context_error_decl); |
9825 |
++ update_context(&gsi, context, outcount - incount); |
9826 |
++ } |
9827 |
++ |
9828 |
++ return bb; |
9829 |
++} |
9830 |
++ |
9831 |
++static bool bb_any_loop(basic_block bb) |
9832 |
++{ |
9833 |
++ return bb_loop_depth(bb) || (bb->flags & BB_IRREDUCIBLE_LOOP); |
9834 |
++} |
9835 |
++ |
9836 |
++static unsigned int execute_context(void) |
9837 |
++{ |
9838 |
++ basic_block bb; |
9839 |
++ gimple assign; |
9840 |
++ gimple_stmt_iterator gsi; |
9841 |
++ tree context_attr, context; |
9842 |
++ tree lock, in, out; |
9843 |
++ |
9844 |
++ loop_optimizer_init(LOOPS_NORMAL | LOOPS_HAVE_RECORDED_EXITS); |
9845 |
++ gcc_assert(current_loops); |
9846 |
++ |
9847 |
++ calculate_dominance_info(CDI_DOMINATORS); |
9848 |
++ calculate_dominance_info(CDI_POST_DOMINATORS); |
9849 |
++ |
9850 |
++ context_attr = lookup_attribute("context", DECL_ATTRIBUTES(current_function_decl)); |
9851 |
++ if (context_attr) { |
9852 |
++ gcc_assert(split_context_attribute(TREE_VALUE(context_attr), &lock, &in, &out)); |
9853 |
++ } else { |
9854 |
++ in = out = integer_zero_node; |
9855 |
++ } |
9856 |
++ |
9857 |
++ // 1. create local context variable |
9858 |
++ context = create_tmp_var(integer_type_node, "context"); |
9859 |
++ add_referenced_var(context); |
9860 |
++ mark_sym_for_renaming(context); |
9861 |
++ |
9862 |
++ // 2. initialize local context variable |
9863 |
++ gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun))); |
9864 |
++ bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun)); |
9865 |
++ if (!single_pred_p(bb)) { |
9866 |
++ gcc_assert(bb_any_loop(bb)); |
9867 |
++ split_edge(single_succ_edge(ENTRY_BLOCK_PTR_FOR_FN(cfun))); |
9868 |
++ bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun)); |
9869 |
++ } |
9870 |
++ gsi = gsi_start_bb(bb); |
9871 |
++ assign = gimple_build_assign(context, in); |
9872 |
++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT); |
9873 |
++ update_stmt(assign); |
9874 |
++ |
9875 |
++ // 3. instrument each BB to track the local context variable |
9876 |
++ FOR_EACH_BB_FN(bb, cfun) { |
9877 |
++ bb = track_context(bb, context); |
9878 |
++ } |
9879 |
++ |
9880 |
++ // 4. verify the local context variable against the expected state |
9881 |
++ if (EDGE_COUNT(EXIT_BLOCK_PTR_FOR_FN(cfun)->preds)) { |
9882 |
++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun))); |
9883 |
++ gsi = gsi_last_nondebug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun))); |
9884 |
++ verify_context_before(&gsi, context, out, context_error_decl); |
9885 |
++ } |
9886 |
++ |
9887 |
++ free_dominance_info(CDI_DOMINATORS); |
9888 |
++ free_dominance_info(CDI_POST_DOMINATORS); |
9889 |
++ loop_optimizer_finalize(); |
9890 |
++ return 0; |
9891 |
++} |
9892 |
++ |
9893 |
++#if BUILDING_GCC_VERSION >= 4009 |
9894 |
++namespace { |
9895 |
++static const struct pass_data context_pass_data = { |
9896 |
++#else |
9897 |
++static struct gimple_opt_pass context_pass = { |
9898 |
++ .pass = { |
9899 |
++#endif |
9900 |
++ .type = GIMPLE_PASS, |
9901 |
++ .name = "context", |
9902 |
++#if BUILDING_GCC_VERSION >= 4008 |
9903 |
++ .optinfo_flags = OPTGROUP_NONE, |
9904 |
++#endif |
9905 |
++#if BUILDING_GCC_VERSION >= 5000 |
9906 |
++#elif BUILDING_GCC_VERSION == 4009 |
9907 |
++ .has_gate = true, |
9908 |
++ .has_execute = true, |
9909 |
++#else |
9910 |
++ .gate = gate_context, |
9911 |
++ .execute = execute_context, |
9912 |
++ .sub = NULL, |
9913 |
++ .next = NULL, |
9914 |
++ .static_pass_number = 0, |
9915 |
++#endif |
9916 |
++ .tv_id = TV_NONE, |
9917 |
++ .properties_required = PROP_gimple_leh | PROP_cfg, |
9918 |
++ .properties_provided = 0, |
9919 |
++ .properties_destroyed = 0, |
9920 |
++ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts, |
9921 |
++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_verify_flow | TODO_update_ssa |
9922 |
++#if BUILDING_GCC_VERSION < 4009 |
9923 |
++ } |
9924 |
++#endif |
9925 |
++}; |
9926 |
++ |
9927 |
++#if BUILDING_GCC_VERSION >= 4009 |
9928 |
++class context_pass : public gimple_opt_pass { |
9929 |
++public: |
9930 |
++ context_pass() : gimple_opt_pass(context_pass_data, g) {} |
9931 |
++#if BUILDING_GCC_VERSION >= 5000 |
9932 |
++ virtual bool gate(function *) { return gate_context(); } |
9933 |
++ virtual unsigned int execute(function *) { return execute_context(); } |
9934 |
++#else |
9935 |
++ bool gate() { return gate_context(); } |
9936 |
++ unsigned int execute() { return execute_context(); } |
9937 |
++#endif |
9938 |
++}; |
9939 |
++} |
9940 |
++ |
9941 |
++static opt_pass *make_context_pass(void) |
9942 |
++{ |
9943 |
++ return new context_pass(); |
9944 |
++} |
9945 |
++#else |
9946 |
++static struct opt_pass *make_context_pass(void) |
9947 |
++{ |
9948 |
++ return &context_pass.pass; |
9949 |
++} |
9950 |
++#endif |
9951 |
++ |
9952 |
+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) |
9953 |
+{ |
9954 |
+ const char * const plugin_name = plugin_info->base_name; |
9955 |
+ const int argc = plugin_info->argc; |
9956 |
+ const struct plugin_argument * const argv = plugin_info->argv; |
9957 |
+ int i; |
9958 |
++ bool enable_user, enable_context; |
9959 |
++ struct register_pass_info context_pass_info; |
9960 |
++ |
9961 |
++ static const struct ggc_root_tab gt_ggc_r_gt_checker[] = { |
9962 |
++ { |
9963 |
++ .base = &context_function_decl, |
9964 |
++ .nelt = 1, |
9965 |
++ .stride = sizeof(context_function_decl), |
9966 |
++ .cb = >_ggc_mx_tree_node, |
9967 |
++ .pchw = >_pch_nx_tree_node |
9968 |
++ }, |
9969 |
++ { |
9970 |
++ .base = &context_error_decl, |
9971 |
++ .nelt = 1, |
9972 |
++ .stride = sizeof(context_error_decl), |
9973 |
++ .cb = >_ggc_mx_tree_node, |
9974 |
++ .pchw = >_pch_nx_tree_node |
9975 |
++ }, |
9976 |
++ LAST_GGC_ROOT_TAB |
9977 |
++ }; |
9978 |
++ |
9979 |
++ context_pass_info.pass = make_context_pass(); |
9980 |
++// context_pass_info.reference_pass_name = "ssa"; |
9981 |
++ context_pass_info.reference_pass_name = "phiprop"; |
9982 |
++ context_pass_info.ref_pass_instance_number = 1; |
9983 |
++ context_pass_info.pos_op = PASS_POS_INSERT_AFTER; |
9984 |
+ |
9985 |
+ if (!plugin_default_version_check(version, &gcc_version)) { |
9986 |
+ error(G_("incompatible gcc/plugin versions")); |
9987 |
@@ -129395,13 +131343,28 @@ index 0000000..5452feea |
9988 |
+ |
9989 |
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &checker_plugin_info); |
9990 |
+ |
9991 |
-+ for (i = 0; i < argc; ++i) |
9992 |
++ enable_user = false; |
9993 |
++ enable_context = false; |
9994 |
++ for (i = 0; i < argc; ++i) { |
9995 |
++ if (!strcmp(argv[i].key, "user")) { |
9996 |
++ enable_user = true; |
9997 |
++ continue; |
9998 |
++ } |
9999 |
++ if (!strcmp(argv[i].key, "context")) { |
10000 |
++ enable_context = true; |
10001 |
++ continue; |
10002 |
++ } |
10003 |
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); |
10004 |
++ } |
10005 |
+ |
10006 |
-+ if (TARGET_64BIT == 0) |
10007 |
-+ return 0; |
10008 |
-+ |
10009 |
-+ register_callback(plugin_name, PLUGIN_PRAGMAS, register_checker_address_spaces, NULL); |
10010 |
++ if (enable_user) |
10011 |
++ register_callback(plugin_name, PLUGIN_PRAGMAS, register_checker_address_spaces, NULL); |
10012 |
++ if (enable_context) { |
10013 |
++ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); |
10014 |
++ register_callback(plugin_name, PLUGIN_START_UNIT, context_start_unit, NULL); |
10015 |
++ register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)>_ggc_r_gt_checker); |
10016 |
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &context_pass_info); |
10017 |
++ } |
10018 |
+ |
10019 |
+ return 0; |
10020 |
+} |
10021 |
@@ -130205,10 +132168,10 @@ index 0000000..0b98f34 |
10022 |
+} |
10023 |
diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h |
10024 |
new file mode 100644 |
10025 |
-index 0000000..2ec0551 |
10026 |
+index 0000000..9d33451 |
10027 |
--- /dev/null |
10028 |
+++ b/tools/gcc/gcc-common.h |
10029 |
-@@ -0,0 +1,812 @@ |
10030 |
+@@ -0,0 +1,813 @@ |
10031 |
+#ifndef GCC_COMMON_H_INCLUDED |
10032 |
+#define GCC_COMMON_H_INCLUDED |
10033 |
+ |
10034 |
@@ -130308,6 +132271,7 @@ index 0000000..2ec0551 |
10035 |
+#include "ipa-utils.h" |
10036 |
+ |
10037 |
+#if BUILDING_GCC_VERSION >= 4009 |
10038 |
++#include "attribs.h" |
10039 |
+#include "varasm.h" |
10040 |
+#include "stor-layout.h" |
10041 |
+#include "internal-fn.h" |
10042 |
@@ -131037,10 +133001,10 @@ index 0000000..7514850 |
10043 |
+fi |
10044 |
diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c |
10045 |
new file mode 100644 |
10046 |
-index 0000000..39c0731 |
10047 |
+index 0000000..a9d491f |
10048 |
--- /dev/null |
10049 |
+++ b/tools/gcc/initify_plugin.c |
10050 |
-@@ -0,0 +1,552 @@ |
10051 |
+@@ -0,0 +1,581 @@ |
10052 |
+/* |
10053 |
+ * Copyright 2011-2015 by Emese Revfy <re.emese@×××××.com> |
10054 |
+ * Licensed under the GPL v2, or (at your option) v3 |
10055 |
@@ -131061,7 +133025,7 @@ index 0000000..39c0731 |
10056 |
+int plugin_is_GPL_compatible; |
10057 |
+ |
10058 |
+static struct plugin_info initify_plugin_info = { |
10059 |
-+ .version = "20151128", |
10060 |
++ .version = "20151209", |
10061 |
+ .help = "initify_plugin\n", |
10062 |
+}; |
10063 |
+ |
10064 |
@@ -131250,7 +133214,7 @@ index 0000000..39c0731 |
10065 |
+ tree decl, offset; |
10066 |
+ HOST_WIDE_INT bitsize, bitpos; |
10067 |
+ enum machine_mode mode; |
10068 |
-+ int unsignedp, reversep, volatilep; |
10069 |
++ int unsignedp, reversep __unused, volatilep; |
10070 |
+ enum tree_code code = TREE_CODE(op); |
10071 |
+ |
10072 |
+ if (TREE_CODE_CLASS(code) == tcc_exceptional && code != SSA_NAME) |
10073 |
@@ -131343,10 +133307,39 @@ index 0000000..39c0731 |
10074 |
+ return false; |
10075 |
+} |
10076 |
+ |
10077 |
++static bool is_in_capture_init(const_tree vardecl) |
10078 |
++{ |
10079 |
++ unsigned int i; |
10080 |
++ tree var; |
10081 |
++ |
10082 |
++ FOR_EACH_LOCAL_DECL(cfun, i, var) { |
10083 |
++ unsigned HOST_WIDE_INT cnt; |
10084 |
++ tree index __unused, value; |
10085 |
++ const_tree initial = DECL_INITIAL(var); |
10086 |
++ |
10087 |
++ if (initial == NULL_TREE) |
10088 |
++ continue; |
10089 |
++ if (TREE_CODE(initial) != CONSTRUCTOR) |
10090 |
++ continue; |
10091 |
++ |
10092 |
++ FOR_EACH_CONSTRUCTOR_ELT(CONSTRUCTOR_ELTS(initial), cnt, index, value) { |
10093 |
++ if (TREE_CODE(value) != ADDR_EXPR) |
10094 |
++ continue; |
10095 |
++ if (TREE_OPERAND(value, 0) == vardecl) |
10096 |
++ return true; |
10097 |
++ } |
10098 |
++ } |
10099 |
++ |
10100 |
++ return false; |
10101 |
++} |
10102 |
++ |
10103 |
+static bool has_capture_use_local_var(const_tree vardecl) |
10104 |
+{ |
10105 |
+ basic_block bb; |
10106 |
+ |
10107 |
++ if (is_in_capture_init(vardecl)) |
10108 |
++ return true; |
10109 |
++ |
10110 |
+ FOR_EACH_BB_FN(bb, cfun) { |
10111 |
+ gimple_stmt_iterator gsi; |
10112 |
+ |
10113 |
@@ -133799,10 +135792,10 @@ index 0000000..f74d85a |
10114 |
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h |
10115 |
diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data |
10116 |
new file mode 100644 |
10117 |
-index 0000000..07f2628 |
10118 |
+index 0000000..8b72888 |
10119 |
--- /dev/null |
10120 |
+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data |
10121 |
-@@ -0,0 +1,12424 @@ |
10122 |
+@@ -0,0 +1,12425 @@ |
10123 |
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL |
10124 |
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL |
10125 |
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray |
10126 |
@@ -146227,6 +148220,7 @@ index 0000000..07f2628 |
10127 |
+enable_so_i_size_high_ext4_inode_18545 i_size_high ext4_inode 0 18545 NULL |
10128 |
+enable_so_nr_kvm_queued_interrupt_34927 nr kvm_queued_interrupt 0 34927 NULL |
10129 |
+enable_so_last_used_idx_vhost_virtqueue_40059 last_used_idx vhost_virtqueue 0 40059 NULL |
10130 |
++enable_so___load_segment_descriptor_fndecl_30833 __load_segment_descriptor fndecl 2-4 30833 NULL |
10131 |
diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh |
10132 |
new file mode 100644 |
10133 |
index 0000000..be9724d |
10134 |
@@ -148470,7 +150464,7 @@ index 0000000..fc58e16 |
10135 |
+} |
10136 |
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data |
10137 |
new file mode 100644 |
10138 |
-index 0000000..a907202 |
10139 |
+index 0000000..509d3f8 |
10140 |
--- /dev/null |
10141 |
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data |
10142 |
@@ -0,0 +1,20733 @@ |
10143 |
@@ -149604,7 +151598,8 @@ index 0000000..a907202 |
10144 |
+enable_so_bytes_btrfs_dio_private_3624 bytes btrfs_dio_private 0 3624 &enable_so_ns_blocksize_the_nilfs_3624 nohasharray |
10145 |
+enable_so_do_msg_fill_fndecl_3624 do_msg_fill fndecl 3 3624 &enable_so_bytes_btrfs_dio_private_3624 |
10146 |
+enable_so_offline_pages_fndecl_3625 offline_pages fndecl 1-2 3625 NULL |
10147 |
-+enable_so_tail_timestamp_event_queue_3626 tail timestamp_event_queue 0 3626 NULL |
10148 |
++enable_so_tail_timestamp_event_queue_3626 tail timestamp_event_queue 0 3626 NULL nohasharray |
10149 |
++enable_so_length_pseudo_hdr_3626 length pseudo_hdr 0 3626 &enable_so_tail_timestamp_event_queue_3626 |
10150 |
+enable_so_add_res_range_fndecl_3629 add_res_range fndecl 4 3629 NULL |
10151 |
+enable_so_cbuf_eat_fndecl_3631 cbuf_eat fndecl 2 3631 NULL |
10152 |
+enable_so_vmci_transport_queue_pair_alloc_fndecl_3639 vmci_transport_queue_pair_alloc fndecl 4-3 3639 NULL nohasharray |
10153 |
@@ -158206,7 +160201,6 @@ index 0000000..a907202 |
10154 |
+enable_so_shmem_write_begin_fndecl_30822 shmem_write_begin fndecl 3 30822 NULL |
10155 |
+enable_so_report_count_hid_field_30826 report_count hid_field 0 30826 NULL |
10156 |
+enable_so_s_root_blkno_ocfs2_super_block_30828 s_root_blkno ocfs2_super_block 0 30828 NULL |
10157 |
-+enable_so___load_segment_descriptor_fndecl_30833 __load_segment_descriptor fndecl 2-4 30833 NULL |
10158 |
+enable_so_add_memory_fndecl_30836 add_memory fndecl 3-2 30836 NULL |
10159 |
+enable_so_f2fs_read_data_pages_fndecl_30837 f2fs_read_data_pages fndecl 4 30837 NULL |
10160 |
+enable_so_shadow_root_level_kvm_mmu_30842 shadow_root_level kvm_mmu 0 30842 NULL |
10161 |
|
10162 |
diff --git a/4.2.6/4425_grsec_remove_EI_PAX.patch b/4.2.7/4425_grsec_remove_EI_PAX.patch |
10163 |
similarity index 100% |
10164 |
rename from 4.2.6/4425_grsec_remove_EI_PAX.patch |
10165 |
rename to 4.2.7/4425_grsec_remove_EI_PAX.patch |
10166 |
|
10167 |
diff --git a/4.2.6/4427_force_XATTR_PAX_tmpfs.patch b/4.2.7/4427_force_XATTR_PAX_tmpfs.patch |
10168 |
similarity index 100% |
10169 |
rename from 4.2.6/4427_force_XATTR_PAX_tmpfs.patch |
10170 |
rename to 4.2.7/4427_force_XATTR_PAX_tmpfs.patch |
10171 |
|
10172 |
diff --git a/4.2.6/4430_grsec-remove-localversion-grsec.patch b/4.2.7/4430_grsec-remove-localversion-grsec.patch |
10173 |
similarity index 100% |
10174 |
rename from 4.2.6/4430_grsec-remove-localversion-grsec.patch |
10175 |
rename to 4.2.7/4430_grsec-remove-localversion-grsec.patch |
10176 |
|
10177 |
diff --git a/4.2.6/4435_grsec-mute-warnings.patch b/4.2.7/4435_grsec-mute-warnings.patch |
10178 |
similarity index 100% |
10179 |
rename from 4.2.6/4435_grsec-mute-warnings.patch |
10180 |
rename to 4.2.7/4435_grsec-mute-warnings.patch |
10181 |
|
10182 |
diff --git a/4.2.6/4440_grsec-remove-protected-paths.patch b/4.2.7/4440_grsec-remove-protected-paths.patch |
10183 |
similarity index 100% |
10184 |
rename from 4.2.6/4440_grsec-remove-protected-paths.patch |
10185 |
rename to 4.2.7/4440_grsec-remove-protected-paths.patch |
10186 |
|
10187 |
diff --git a/4.2.6/4450_grsec-kconfig-default-gids.patch b/4.2.7/4450_grsec-kconfig-default-gids.patch |
10188 |
similarity index 100% |
10189 |
rename from 4.2.6/4450_grsec-kconfig-default-gids.patch |
10190 |
rename to 4.2.7/4450_grsec-kconfig-default-gids.patch |
10191 |
|
10192 |
diff --git a/4.2.6/4465_selinux-avc_audit-log-curr_ip.patch b/4.2.7/4465_selinux-avc_audit-log-curr_ip.patch |
10193 |
similarity index 100% |
10194 |
rename from 4.2.6/4465_selinux-avc_audit-log-curr_ip.patch |
10195 |
rename to 4.2.7/4465_selinux-avc_audit-log-curr_ip.patch |
10196 |
|
10197 |
diff --git a/4.2.6/4470_disable-compat_vdso.patch b/4.2.7/4470_disable-compat_vdso.patch |
10198 |
similarity index 100% |
10199 |
rename from 4.2.6/4470_disable-compat_vdso.patch |
10200 |
rename to 4.2.7/4470_disable-compat_vdso.patch |
10201 |
|
10202 |
diff --git a/4.2.6/4475_emutramp_default_on.patch b/4.2.7/4475_emutramp_default_on.patch |
10203 |
similarity index 100% |
10204 |
rename from 4.2.6/4475_emutramp_default_on.patch |
10205 |
rename to 4.2.7/4475_emutramp_default_on.patch |