1 |
commit: 86bffc58f593d12516739efd5224b1064c00263b |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 11 12:35:53 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 11 12:35:53 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=86bffc58 |
7 |
|
8 |
Linux patch 4.19.255 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1254_linux-4.19.255.patch | 1159 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1163 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 373ac001..3ed2554f 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -1059,6 +1059,10 @@ Patch: 1253_linux-4.19.254.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.254 |
23 |
|
24 |
+Patch: 1254_linux-4.19.255.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.255 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1254_linux-4.19.255.patch b/1254_linux-4.19.255.patch |
33 |
new file mode 100644 |
34 |
index 00000000..3c932735 |
35 |
--- /dev/null |
36 |
+++ b/1254_linux-4.19.255.patch |
37 |
@@ -0,0 +1,1159 @@ |
38 |
+diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst |
39 |
+index 6bd97cd50d625..7e061ed449aaa 100644 |
40 |
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst |
41 |
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst |
42 |
+@@ -422,6 +422,14 @@ The possible values in this file are: |
43 |
+ 'RSB filling' Protection of RSB on context switch enabled |
44 |
+ ============= =========================================== |
45 |
+ |
46 |
++ - EIBRS Post-barrier Return Stack Buffer (PBRSB) protection status: |
47 |
++ |
48 |
++ =========================== ======================================================= |
49 |
++ 'PBRSB-eIBRS: SW sequence' CPU is affected and protection of RSB on VMEXIT enabled |
50 |
++ 'PBRSB-eIBRS: Vulnerable' CPU is vulnerable |
51 |
++ 'PBRSB-eIBRS: Not affected' CPU is not affected by PBRSB |
52 |
++ =========================== ======================================================= |
53 |
++ |
54 |
+ Full mitigation might require a microcode update from the CPU |
55 |
+ vendor. When the necessary microcode is not available, the kernel will |
56 |
+ report vulnerability. |
57 |
+diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt |
58 |
+index e315e6052b9fb..eb24b81372269 100644 |
59 |
+--- a/Documentation/networking/ip-sysctl.txt |
60 |
++++ b/Documentation/networking/ip-sysctl.txt |
61 |
+@@ -2170,7 +2170,14 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max |
62 |
+ Default: 4K |
63 |
+ |
64 |
+ sctp_wmem - vector of 3 INTEGERs: min, default, max |
65 |
+- Currently this tunable has no effect. |
66 |
++ Only the first value ("min") is used, "default" and "max" are |
67 |
++ ignored. |
68 |
++ |
69 |
++ min: Minimum size of send buffer that can be used by SCTP sockets. |
70 |
++ It is guaranteed to each SCTP socket (but not association) even |
71 |
++ under moderate memory pressure. |
72 |
++ |
73 |
++ Default: 4K |
74 |
+ |
75 |
+ addr_scope_policy - INTEGER |
76 |
+ Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00 |
77 |
+diff --git a/Makefile b/Makefile |
78 |
+index c7a0dc943e74c..b8e5b38e5352d 100644 |
79 |
+--- a/Makefile |
80 |
++++ b/Makefile |
81 |
+@@ -1,7 +1,7 @@ |
82 |
+ # SPDX-License-Identifier: GPL-2.0 |
83 |
+ VERSION = 4 |
84 |
+ PATCHLEVEL = 19 |
85 |
+-SUBLEVEL = 254 |
86 |
++SUBLEVEL = 255 |
87 |
+ EXTRAVERSION = |
88 |
+ NAME = "People's Front" |
89 |
+ |
90 |
+diff --git a/arch/arm/lib/xor-neon.c b/arch/arm/lib/xor-neon.c |
91 |
+index c691b901092f5..b4feebc385bca 100644 |
92 |
+--- a/arch/arm/lib/xor-neon.c |
93 |
++++ b/arch/arm/lib/xor-neon.c |
94 |
+@@ -29,8 +29,9 @@ MODULE_LICENSE("GPL"); |
95 |
+ * While older versions of GCC do not generate incorrect code, they fail to |
96 |
+ * recognize the parallel nature of these functions, and emit plain ARM code, |
97 |
+ * which is known to be slower than the optimized ARM code in asm-arm/xor.h. |
98 |
++ * |
99 |
++ * #warning This code requires at least version 4.6 of GCC |
100 |
+ */ |
101 |
+-#warning This code requires at least version 4.6 of GCC |
102 |
+ #endif |
103 |
+ |
104 |
+ #pragma GCC diagnostic ignored "-Wunused-variable" |
105 |
+diff --git a/arch/s390/include/asm/archrandom.h b/arch/s390/include/asm/archrandom.h |
106 |
+index 2c6e1c6ecbe78..4120c428dc378 100644 |
107 |
+--- a/arch/s390/include/asm/archrandom.h |
108 |
++++ b/arch/s390/include/asm/archrandom.h |
109 |
+@@ -2,7 +2,7 @@ |
110 |
+ /* |
111 |
+ * Kernel interface for the s390 arch_random_* functions |
112 |
+ * |
113 |
+- * Copyright IBM Corp. 2017, 2020 |
114 |
++ * Copyright IBM Corp. 2017, 2022 |
115 |
+ * |
116 |
+ * Author: Harald Freudenberger <freude@××××××.com> |
117 |
+ * |
118 |
+@@ -14,6 +14,7 @@ |
119 |
+ #ifdef CONFIG_ARCH_RANDOM |
120 |
+ |
121 |
+ #include <linux/static_key.h> |
122 |
++#include <linux/preempt.h> |
123 |
+ #include <linux/atomic.h> |
124 |
+ #include <asm/cpacf.h> |
125 |
+ |
126 |
+@@ -32,7 +33,8 @@ static inline bool __must_check arch_get_random_int(unsigned int *v) |
127 |
+ |
128 |
+ static inline bool __must_check arch_get_random_seed_long(unsigned long *v) |
129 |
+ { |
130 |
+- if (static_branch_likely(&s390_arch_random_available)) { |
131 |
++ if (static_branch_likely(&s390_arch_random_available) && |
132 |
++ in_task()) { |
133 |
+ cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v)); |
134 |
+ atomic64_add(sizeof(*v), &s390_arch_random_counter); |
135 |
+ return true; |
136 |
+@@ -42,7 +44,8 @@ static inline bool __must_check arch_get_random_seed_long(unsigned long *v) |
137 |
+ |
138 |
+ static inline bool __must_check arch_get_random_seed_int(unsigned int *v) |
139 |
+ { |
140 |
+- if (static_branch_likely(&s390_arch_random_available)) { |
141 |
++ if (static_branch_likely(&s390_arch_random_available) && |
142 |
++ in_task()) { |
143 |
+ cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v)); |
144 |
+ atomic64_add(sizeof(*v), &s390_arch_random_counter); |
145 |
+ return true; |
146 |
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
147 |
+index 8025b7da04951..89145ea183d6d 100644 |
148 |
+--- a/arch/x86/include/asm/cpufeatures.h |
149 |
++++ b/arch/x86/include/asm/cpufeatures.h |
150 |
+@@ -283,6 +283,7 @@ |
151 |
+ #define X86_FEATURE_CQM_MBM_LOCAL (11*32+ 3) /* LLC Local MBM monitoring */ |
152 |
+ #define X86_FEATURE_FENCE_SWAPGS_USER (11*32+ 4) /* "" LFENCE in user entry SWAPGS path */ |
153 |
+ #define X86_FEATURE_FENCE_SWAPGS_KERNEL (11*32+ 5) /* "" LFENCE in kernel entry SWAPGS path */ |
154 |
++#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+ 6) /* "" Fill RSB on VM exit when EIBRS is enabled */ |
155 |
+ |
156 |
+ /* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 13 */ |
157 |
+ #define X86_FEATURE_CLZERO (13*32+ 0) /* CLZERO instruction */ |
158 |
+@@ -395,5 +396,6 @@ |
159 |
+ #define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */ |
160 |
+ #define X86_BUG_SRBDS X86_BUG(24) /* CPU may leak RNG bits if not mitigated */ |
161 |
+ #define X86_BUG_MMIO_STALE_DATA X86_BUG(25) /* CPU is affected by Processor MMIO Stale Data vulnerabilities */ |
162 |
++#define X86_BUG_EIBRS_PBRSB X86_BUG(26) /* EIBRS is vulnerable to Post Barrier RSB Predictions */ |
163 |
+ |
164 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |
165 |
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h |
166 |
+index 586be095ed081..7a73799537bf3 100644 |
167 |
+--- a/arch/x86/include/asm/msr-index.h |
168 |
++++ b/arch/x86/include/asm/msr-index.h |
169 |
+@@ -120,6 +120,10 @@ |
170 |
+ * bit available to control VERW |
171 |
+ * behavior. |
172 |
+ */ |
173 |
++#define ARCH_CAP_PBRSB_NO BIT(24) /* |
174 |
++ * Not susceptible to Post-Barrier |
175 |
++ * Return Stack Buffer Predictions. |
176 |
++ */ |
177 |
+ |
178 |
+ #define MSR_IA32_FLUSH_CMD 0x0000010b |
179 |
+ #define L1D_FLUSH BIT(0) /* |
180 |
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
181 |
+index d3d68b6763d4e..747549934fe32 100644 |
182 |
+--- a/arch/x86/include/asm/nospec-branch.h |
183 |
++++ b/arch/x86/include/asm/nospec-branch.h |
184 |
+@@ -52,7 +52,17 @@ |
185 |
+ 774: \ |
186 |
+ dec reg; \ |
187 |
+ jnz 771b; \ |
188 |
+- add $(BITS_PER_LONG/8) * nr, sp; |
189 |
++ add $(BITS_PER_LONG/8) * nr, sp; \ |
190 |
++ /* barrier for jnz misprediction */ \ |
191 |
++ lfence; |
192 |
++ |
193 |
++/* Sequence to mitigate PBRSB on eIBRS CPUs */ |
194 |
++#define __ISSUE_UNBALANCED_RET_GUARD(sp) \ |
195 |
++ call 881f; \ |
196 |
++ int3; \ |
197 |
++881: \ |
198 |
++ add $(BITS_PER_LONG/8), sp; \ |
199 |
++ lfence; |
200 |
+ |
201 |
+ #ifdef __ASSEMBLY__ |
202 |
+ |
203 |
+@@ -269,6 +279,13 @@ static inline void vmexit_fill_RSB(void) |
204 |
+ : "=r" (loops), ASM_CALL_CONSTRAINT |
205 |
+ : : "memory" ); |
206 |
+ #endif |
207 |
++ asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE |
208 |
++ ALTERNATIVE("jmp 920f", |
209 |
++ __stringify(__ISSUE_UNBALANCED_RET_GUARD(%0)), |
210 |
++ X86_FEATURE_RSB_VMEXIT_LITE) |
211 |
++ "920:" |
212 |
++ : ASM_CALL_CONSTRAINT |
213 |
++ : : "memory" ); |
214 |
+ } |
215 |
+ |
216 |
+ static __always_inline |
217 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
218 |
+index 058e92b932623..a36be67860432 100644 |
219 |
+--- a/arch/x86/kernel/cpu/bugs.c |
220 |
++++ b/arch/x86/kernel/cpu/bugs.c |
221 |
+@@ -1043,6 +1043,49 @@ static enum spectre_v2_mitigation __init spectre_v2_select_retpoline(void) |
222 |
+ return SPECTRE_V2_RETPOLINE; |
223 |
+ } |
224 |
+ |
225 |
++static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_mitigation mode) |
226 |
++{ |
227 |
++ /* |
228 |
++ * Similar to context switches, there are two types of RSB attacks |
229 |
++ * after VM exit: |
230 |
++ * |
231 |
++ * 1) RSB underflow |
232 |
++ * |
233 |
++ * 2) Poisoned RSB entry |
234 |
++ * |
235 |
++ * When retpoline is enabled, both are mitigated by filling/clearing |
236 |
++ * the RSB. |
237 |
++ * |
238 |
++ * When IBRS is enabled, while #1 would be mitigated by the IBRS branch |
239 |
++ * prediction isolation protections, RSB still needs to be cleared |
240 |
++ * because of #2. Note that SMEP provides no protection here, unlike |
241 |
++ * user-space-poisoned RSB entries. |
242 |
++ * |
243 |
++ * eIBRS should protect against RSB poisoning, but if the EIBRS_PBRSB |
244 |
++ * bug is present then a LITE version of RSB protection is required, |
245 |
++ * just a single call needs to retire before a RET is executed. |
246 |
++ */ |
247 |
++ switch (mode) { |
248 |
++ case SPECTRE_V2_NONE: |
249 |
++ /* These modes already fill RSB at vmexit */ |
250 |
++ case SPECTRE_V2_LFENCE: |
251 |
++ case SPECTRE_V2_RETPOLINE: |
252 |
++ case SPECTRE_V2_EIBRS_RETPOLINE: |
253 |
++ return; |
254 |
++ |
255 |
++ case SPECTRE_V2_EIBRS_LFENCE: |
256 |
++ case SPECTRE_V2_EIBRS: |
257 |
++ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { |
258 |
++ setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT_LITE); |
259 |
++ pr_info("Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT\n"); |
260 |
++ } |
261 |
++ return; |
262 |
++ } |
263 |
++ |
264 |
++ pr_warn_once("Unknown Spectre v2 mode, disabling RSB mitigation at VM exit"); |
265 |
++ dump_stack(); |
266 |
++} |
267 |
++ |
268 |
+ static void __init spectre_v2_select_mitigation(void) |
269 |
+ { |
270 |
+ enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); |
271 |
+@@ -1135,6 +1178,8 @@ static void __init spectre_v2_select_mitigation(void) |
272 |
+ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
273 |
+ pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); |
274 |
+ |
275 |
++ spectre_v2_determine_rsb_fill_type_at_vmexit(mode); |
276 |
++ |
277 |
+ /* |
278 |
+ * Retpoline means the kernel is safe because it has no indirect |
279 |
+ * branches. Enhanced IBRS protects firmware too, so, enable restricted |
280 |
+@@ -1867,6 +1912,19 @@ static char *ibpb_state(void) |
281 |
+ return ""; |
282 |
+ } |
283 |
+ |
284 |
++static char *pbrsb_eibrs_state(void) |
285 |
++{ |
286 |
++ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { |
287 |
++ if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || |
288 |
++ boot_cpu_has(X86_FEATURE_RETPOLINE)) |
289 |
++ return ", PBRSB-eIBRS: SW sequence"; |
290 |
++ else |
291 |
++ return ", PBRSB-eIBRS: Vulnerable"; |
292 |
++ } else { |
293 |
++ return ", PBRSB-eIBRS: Not affected"; |
294 |
++ } |
295 |
++} |
296 |
++ |
297 |
+ static ssize_t spectre_v2_show_state(char *buf) |
298 |
+ { |
299 |
+ if (spectre_v2_enabled == SPECTRE_V2_LFENCE) |
300 |
+@@ -1879,12 +1937,13 @@ static ssize_t spectre_v2_show_state(char *buf) |
301 |
+ spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE) |
302 |
+ return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); |
303 |
+ |
304 |
+- return sprintf(buf, "%s%s%s%s%s%s\n", |
305 |
++ return sprintf(buf, "%s%s%s%s%s%s%s\n", |
306 |
+ spectre_v2_strings[spectre_v2_enabled], |
307 |
+ ibpb_state(), |
308 |
+ boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", |
309 |
+ stibp_state(), |
310 |
+ boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", |
311 |
++ pbrsb_eibrs_state(), |
312 |
+ spectre_v2_module_string()); |
313 |
+ } |
314 |
+ |
315 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
316 |
+index 389d11b2c70e2..3ab35d5426b76 100644 |
317 |
+--- a/arch/x86/kernel/cpu/common.c |
318 |
++++ b/arch/x86/kernel/cpu/common.c |
319 |
+@@ -954,6 +954,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
320 |
+ #define MSBDS_ONLY BIT(5) |
321 |
+ #define NO_SWAPGS BIT(6) |
322 |
+ #define NO_ITLB_MULTIHIT BIT(7) |
323 |
++#define NO_EIBRS_PBRSB BIT(8) |
324 |
+ |
325 |
+ #define VULNWL(_vendor, _family, _model, _whitelist) \ |
326 |
+ { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } |
327 |
+@@ -990,7 +991,7 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
328 |
+ |
329 |
+ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
330 |
+ VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
331 |
+- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
332 |
++ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), |
333 |
+ |
334 |
+ /* |
335 |
+ * Technically, swapgs isn't serializing on AMD (despite it previously |
336 |
+@@ -1000,7 +1001,9 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
337 |
+ * good enough for our purposes. |
338 |
+ */ |
339 |
+ |
340 |
+- VULNWL_INTEL(ATOM_TREMONT_X, NO_ITLB_MULTIHIT), |
341 |
++ VULNWL_INTEL(ATOM_TREMONT, NO_EIBRS_PBRSB), |
342 |
++ VULNWL_INTEL(ATOM_TREMONT_L, NO_EIBRS_PBRSB), |
343 |
++ VULNWL_INTEL(ATOM_TREMONT_X, NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), |
344 |
+ |
345 |
+ /* AMD Family 0xf - 0x12 */ |
346 |
+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
347 |
+@@ -1154,6 +1157,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
348 |
+ !arch_cap_mmio_immune(ia32_cap)) |
349 |
+ setup_force_cpu_bug(X86_BUG_MMIO_STALE_DATA); |
350 |
+ |
351 |
++ if (cpu_has(c, X86_FEATURE_IBRS_ENHANCED) && |
352 |
++ !cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) && |
353 |
++ !(ia32_cap & ARCH_CAP_PBRSB_NO)) |
354 |
++ setup_force_cpu_bug(X86_BUG_EIBRS_PBRSB); |
355 |
++ |
356 |
+ if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) |
357 |
+ return; |
358 |
+ |
359 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
360 |
+index 44cce3e8eb18b..20ce794584a32 100644 |
361 |
+--- a/arch/x86/kvm/vmx.c |
362 |
++++ b/arch/x86/kvm/vmx.c |
363 |
+@@ -10988,6 +10988,9 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
364 |
+ #endif |
365 |
+ ); |
366 |
+ |
367 |
++ /* Eliminate branch target predictions from guest mode */ |
368 |
++ vmexit_fill_RSB(); |
369 |
++ |
370 |
+ vmx_enable_fb_clear(vmx); |
371 |
+ |
372 |
+ /* |
373 |
+@@ -11010,9 +11013,6 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) |
374 |
+ |
375 |
+ x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0); |
376 |
+ |
377 |
+- /* Eliminate branch target predictions from guest mode */ |
378 |
+- vmexit_fill_RSB(); |
379 |
+- |
380 |
+ /* All fields are clean at this point */ |
381 |
+ if (static_branch_unlikely(&enable_evmcs)) |
382 |
+ current_evmcs->hv_clean_fields |= |
383 |
+diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c |
384 |
+index 298d9c65e0848..490ae990bd3c2 100644 |
385 |
+--- a/drivers/acpi/video_detect.c |
386 |
++++ b/drivers/acpi/video_detect.c |
387 |
+@@ -371,7 +371,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
388 |
+ .callback = video_detect_force_native, |
389 |
+ .ident = "Clevo NL5xRU", |
390 |
+ .matches = { |
391 |
+- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
392 |
+ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
393 |
+ }, |
394 |
+ }, |
395 |
+@@ -379,59 +378,75 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
396 |
+ .callback = video_detect_force_native, |
397 |
+ .ident = "Clevo NL5xRU", |
398 |
+ .matches = { |
399 |
+- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
400 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
401 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
402 |
++ DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
403 |
+ }, |
404 |
+ }, |
405 |
+ { |
406 |
+ .callback = video_detect_force_native, |
407 |
+ .ident = "Clevo NL5xRU", |
408 |
+ .matches = { |
409 |
+- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
410 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
411 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
412 |
++ DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
413 |
+ }, |
414 |
+ }, |
415 |
+ { |
416 |
+ .callback = video_detect_force_native, |
417 |
+- .ident = "Clevo NL5xRU", |
418 |
++ .ident = "Clevo NL5xNU", |
419 |
+ .matches = { |
420 |
+- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
421 |
+- DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
422 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
423 |
+ }, |
424 |
+ }, |
425 |
++ /* |
426 |
++ * The TongFang PF5PU1G, PF4NU1F, PF5NU1G, and PF5LUXG/TUXEDO BA15 Gen10, |
427 |
++ * Pulse 14/15 Gen1, and Pulse 15 Gen2 have the same problem as the Clevo |
428 |
++ * NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2. See the description |
429 |
++ * above. |
430 |
++ */ |
431 |
+ { |
432 |
+ .callback = video_detect_force_native, |
433 |
+- .ident = "Clevo NL5xRU", |
434 |
++ .ident = "TongFang PF5PU1G", |
435 |
+ .matches = { |
436 |
+- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
437 |
+- DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
438 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF5PU1G"), |
439 |
+ }, |
440 |
+ }, |
441 |
+ { |
442 |
+ .callback = video_detect_force_native, |
443 |
+- .ident = "Clevo NL5xNU", |
444 |
++ .ident = "TongFang PF4NU1F", |
445 |
++ .matches = { |
446 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF4NU1F"), |
447 |
++ }, |
448 |
++ }, |
449 |
++ { |
450 |
++ .callback = video_detect_force_native, |
451 |
++ .ident = "TongFang PF4NU1F", |
452 |
+ .matches = { |
453 |
+ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
454 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
455 |
++ DMI_MATCH(DMI_BOARD_NAME, "PULSE1401"), |
456 |
+ }, |
457 |
+ }, |
458 |
+ { |
459 |
+ .callback = video_detect_force_native, |
460 |
+- .ident = "Clevo NL5xNU", |
461 |
++ .ident = "TongFang PF5NU1G", |
462 |
+ .matches = { |
463 |
+- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
464 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
465 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF5NU1G"), |
466 |
+ }, |
467 |
+ }, |
468 |
+ { |
469 |
+ .callback = video_detect_force_native, |
470 |
+- .ident = "Clevo NL5xNU", |
471 |
++ .ident = "TongFang PF5NU1G", |
472 |
+ .matches = { |
473 |
+- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
474 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
475 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
476 |
++ DMI_MATCH(DMI_BOARD_NAME, "PULSE1501"), |
477 |
++ }, |
478 |
++ }, |
479 |
++ { |
480 |
++ .callback = video_detect_force_native, |
481 |
++ .ident = "TongFang PF5LUXG", |
482 |
++ .matches = { |
483 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF5LUXG"), |
484 |
+ }, |
485 |
+ }, |
486 |
+- |
487 |
+ /* |
488 |
+ * Desktops which falsely report a backlight and which our heuristics |
489 |
+ * for this do not catch. |
490 |
+diff --git a/drivers/macintosh/adb.c b/drivers/macintosh/adb.c |
491 |
+index 76e98f0f7a3e5..2f1952fd3a457 100644 |
492 |
+--- a/drivers/macintosh/adb.c |
493 |
++++ b/drivers/macintosh/adb.c |
494 |
+@@ -645,7 +645,7 @@ do_adb_query(struct adb_request *req) |
495 |
+ |
496 |
+ switch(req->data[1]) { |
497 |
+ case ADB_QUERY_GETDEVINFO: |
498 |
+- if (req->nbytes < 3) |
499 |
++ if (req->nbytes < 3 || req->data[2] >= 16) |
500 |
+ break; |
501 |
+ mutex_lock(&adb_handler_mutex); |
502 |
+ req->reply[0] = adb_handler[req->data[2]].original_address; |
503 |
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c |
504 |
+index 3615c6533cf4f..2f3b393e55068 100644 |
505 |
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c |
506 |
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c |
507 |
+@@ -1808,11 +1808,15 @@ static void i40e_vsi_setup_queue_map(struct i40e_vsi *vsi, |
508 |
+ * non-zero req_queue_pairs says that user requested a new |
509 |
+ * queue count via ethtool's set_channels, so use this |
510 |
+ * value for queues distribution across traffic classes |
511 |
++ * We need at least one queue pair for the interface |
512 |
++ * to be usable as we see in else statement. |
513 |
+ */ |
514 |
+ if (vsi->req_queue_pairs > 0) |
515 |
+ vsi->num_queue_pairs = vsi->req_queue_pairs; |
516 |
+ else if (pf->flags & I40E_FLAG_MSIX_ENABLED) |
517 |
+ vsi->num_queue_pairs = pf->num_lan_msix; |
518 |
++ else |
519 |
++ vsi->num_queue_pairs = 1; |
520 |
+ } |
521 |
+ |
522 |
+ /* Number of queues per enabled TC */ |
523 |
+diff --git a/drivers/net/sungem_phy.c b/drivers/net/sungem_phy.c |
524 |
+index 63a8ff816e591..e556b00dfed23 100644 |
525 |
+--- a/drivers/net/sungem_phy.c |
526 |
++++ b/drivers/net/sungem_phy.c |
527 |
+@@ -453,6 +453,7 @@ static int bcm5421_init(struct mii_phy* phy) |
528 |
+ int can_low_power = 1; |
529 |
+ if (np == NULL || of_get_property(np, "no-autolowpower", NULL)) |
530 |
+ can_low_power = 0; |
531 |
++ of_node_put(np); |
532 |
+ if (can_low_power) { |
533 |
+ /* Enable automatic low-power */ |
534 |
+ sungem_phy_write(phy, 0x1c, 0x9002); |
535 |
+diff --git a/drivers/net/wireless/mediatek/mt7601u/usb.c b/drivers/net/wireless/mediatek/mt7601u/usb.c |
536 |
+index d8b7863f79261..11fef99093a7e 100644 |
537 |
+--- a/drivers/net/wireless/mediatek/mt7601u/usb.c |
538 |
++++ b/drivers/net/wireless/mediatek/mt7601u/usb.c |
539 |
+@@ -34,6 +34,7 @@ static const struct usb_device_id mt7601u_device_table[] = { |
540 |
+ { USB_DEVICE(0x2717, 0x4106) }, |
541 |
+ { USB_DEVICE(0x2955, 0x0001) }, |
542 |
+ { USB_DEVICE(0x2955, 0x1001) }, |
543 |
++ { USB_DEVICE(0x2955, 0x1003) }, |
544 |
+ { USB_DEVICE(0x2a5f, 0x1000) }, |
545 |
+ { USB_DEVICE(0x7392, 0x7710) }, |
546 |
+ { 0, } |
547 |
+diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c |
548 |
+index 0191708c9dd4e..ace4a7230bcf2 100644 |
549 |
+--- a/drivers/scsi/scsi_lib.c |
550 |
++++ b/drivers/scsi/scsi_lib.c |
551 |
+@@ -2157,8 +2157,7 @@ out_put_budget: |
552 |
+ case BLK_STS_OK: |
553 |
+ break; |
554 |
+ case BLK_STS_RESOURCE: |
555 |
+- if (atomic_read(&sdev->device_busy) || |
556 |
+- scsi_device_blocked(sdev)) |
557 |
++ if (scsi_device_blocked(sdev)) |
558 |
+ ret = BLK_STS_DEV_RESOURCE; |
559 |
+ break; |
560 |
+ default: |
561 |
+diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c |
562 |
+index 57985841a879e..eca6d6db628a4 100644 |
563 |
+--- a/drivers/scsi/ufs/ufshcd-pltfrm.c |
564 |
++++ b/drivers/scsi/ufs/ufshcd-pltfrm.c |
565 |
+@@ -124,9 +124,20 @@ out: |
566 |
+ return ret; |
567 |
+ } |
568 |
+ |
569 |
++static bool phandle_exists(const struct device_node *np, |
570 |
++ const char *phandle_name, int index) |
571 |
++{ |
572 |
++ struct device_node *parse_np = of_parse_phandle(np, phandle_name, index); |
573 |
++ |
574 |
++ if (parse_np) |
575 |
++ of_node_put(parse_np); |
576 |
++ |
577 |
++ return parse_np != NULL; |
578 |
++} |
579 |
++ |
580 |
+ #define MAX_PROP_SIZE 32 |
581 |
+ static int ufshcd_populate_vreg(struct device *dev, const char *name, |
582 |
+- struct ufs_vreg **out_vreg) |
583 |
++ struct ufs_vreg **out_vreg) |
584 |
+ { |
585 |
+ int ret = 0; |
586 |
+ char prop_name[MAX_PROP_SIZE]; |
587 |
+@@ -139,7 +150,7 @@ static int ufshcd_populate_vreg(struct device *dev, const char *name, |
588 |
+ } |
589 |
+ |
590 |
+ snprintf(prop_name, MAX_PROP_SIZE, "%s-supply", name); |
591 |
+- if (!of_parse_phandle(np, prop_name, 0)) { |
592 |
++ if (!phandle_exists(np, prop_name, 0)) { |
593 |
+ dev_info(dev, "%s: Unable to find %s regulator, assuming enabled\n", |
594 |
+ __func__, prop_name); |
595 |
+ goto out; |
596 |
+diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c |
597 |
+index 44a39a099b54e..62b49197e5f67 100644 |
598 |
+--- a/fs/ntfs/attrib.c |
599 |
++++ b/fs/ntfs/attrib.c |
600 |
+@@ -606,8 +606,12 @@ static int ntfs_attr_find(const ATTR_TYPE type, const ntfschar *name, |
601 |
+ a = (ATTR_RECORD*)((u8*)ctx->attr + |
602 |
+ le32_to_cpu(ctx->attr->length)); |
603 |
+ for (;; a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) { |
604 |
+- if ((u8*)a < (u8*)ctx->mrec || (u8*)a > (u8*)ctx->mrec + |
605 |
+- le32_to_cpu(ctx->mrec->bytes_allocated)) |
606 |
++ u8 *mrec_end = (u8 *)ctx->mrec + |
607 |
++ le32_to_cpu(ctx->mrec->bytes_allocated); |
608 |
++ u8 *name_end = (u8 *)a + le16_to_cpu(a->name_offset) + |
609 |
++ a->name_length * sizeof(ntfschar); |
610 |
++ if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end || |
611 |
++ name_end > mrec_end) |
612 |
+ break; |
613 |
+ ctx->attr = a; |
614 |
+ if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) || |
615 |
+diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h |
616 |
+index 21dbd38f724d4..da0ef935c5a97 100644 |
617 |
+--- a/include/net/bluetooth/l2cap.h |
618 |
++++ b/include/net/bluetooth/l2cap.h |
619 |
+@@ -798,6 +798,7 @@ enum { |
620 |
+ }; |
621 |
+ |
622 |
+ void l2cap_chan_hold(struct l2cap_chan *c); |
623 |
++struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c); |
624 |
+ void l2cap_chan_put(struct l2cap_chan *c); |
625 |
+ |
626 |
+ static inline void l2cap_chan_lock(struct l2cap_chan *chan) |
627 |
+diff --git a/include/net/tcp.h b/include/net/tcp.h |
628 |
+index d28fa78dedb54..436ad4bc9d4c4 100644 |
629 |
+--- a/include/net/tcp.h |
630 |
++++ b/include/net/tcp.h |
631 |
+@@ -1355,7 +1355,7 @@ void tcp_select_initial_window(const struct sock *sk, int __space, |
632 |
+ |
633 |
+ static inline int tcp_win_from_space(const struct sock *sk, int space) |
634 |
+ { |
635 |
+- int tcp_adv_win_scale = sock_net(sk)->ipv4.sysctl_tcp_adv_win_scale; |
636 |
++ int tcp_adv_win_scale = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_adv_win_scale); |
637 |
+ |
638 |
+ return tcp_adv_win_scale <= 0 ? |
639 |
+ (space>>(-tcp_adv_win_scale)) : |
640 |
+diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
641 |
+index c0d64b4144d4a..709cceef67288 100644 |
642 |
+--- a/net/bluetooth/l2cap_core.c |
643 |
++++ b/net/bluetooth/l2cap_core.c |
644 |
+@@ -113,7 +113,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn, |
645 |
+ } |
646 |
+ |
647 |
+ /* Find channel with given SCID. |
648 |
+- * Returns locked channel. */ |
649 |
++ * Returns a reference locked channel. |
650 |
++ */ |
651 |
+ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, |
652 |
+ u16 cid) |
653 |
+ { |
654 |
+@@ -121,15 +122,19 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, |
655 |
+ |
656 |
+ mutex_lock(&conn->chan_lock); |
657 |
+ c = __l2cap_get_chan_by_scid(conn, cid); |
658 |
+- if (c) |
659 |
+- l2cap_chan_lock(c); |
660 |
++ if (c) { |
661 |
++ /* Only lock if chan reference is not 0 */ |
662 |
++ c = l2cap_chan_hold_unless_zero(c); |
663 |
++ if (c) |
664 |
++ l2cap_chan_lock(c); |
665 |
++ } |
666 |
+ mutex_unlock(&conn->chan_lock); |
667 |
+ |
668 |
+ return c; |
669 |
+ } |
670 |
+ |
671 |
+ /* Find channel with given DCID. |
672 |
+- * Returns locked channel. |
673 |
++ * Returns a reference locked channel. |
674 |
+ */ |
675 |
+ static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, |
676 |
+ u16 cid) |
677 |
+@@ -138,8 +143,12 @@ static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, |
678 |
+ |
679 |
+ mutex_lock(&conn->chan_lock); |
680 |
+ c = __l2cap_get_chan_by_dcid(conn, cid); |
681 |
+- if (c) |
682 |
+- l2cap_chan_lock(c); |
683 |
++ if (c) { |
684 |
++ /* Only lock if chan reference is not 0 */ |
685 |
++ c = l2cap_chan_hold_unless_zero(c); |
686 |
++ if (c) |
687 |
++ l2cap_chan_lock(c); |
688 |
++ } |
689 |
+ mutex_unlock(&conn->chan_lock); |
690 |
+ |
691 |
+ return c; |
692 |
+@@ -164,8 +173,12 @@ static struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn, |
693 |
+ |
694 |
+ mutex_lock(&conn->chan_lock); |
695 |
+ c = __l2cap_get_chan_by_ident(conn, ident); |
696 |
+- if (c) |
697 |
+- l2cap_chan_lock(c); |
698 |
++ if (c) { |
699 |
++ /* Only lock if chan reference is not 0 */ |
700 |
++ c = l2cap_chan_hold_unless_zero(c); |
701 |
++ if (c) |
702 |
++ l2cap_chan_lock(c); |
703 |
++ } |
704 |
+ mutex_unlock(&conn->chan_lock); |
705 |
+ |
706 |
+ return c; |
707 |
+@@ -491,6 +504,16 @@ void l2cap_chan_hold(struct l2cap_chan *c) |
708 |
+ kref_get(&c->kref); |
709 |
+ } |
710 |
+ |
711 |
++struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c) |
712 |
++{ |
713 |
++ BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); |
714 |
++ |
715 |
++ if (!kref_get_unless_zero(&c->kref)) |
716 |
++ return NULL; |
717 |
++ |
718 |
++ return c; |
719 |
++} |
720 |
++ |
721 |
+ void l2cap_chan_put(struct l2cap_chan *c) |
722 |
+ { |
723 |
+ BT_DBG("chan %p orig refcnt %d", c, kref_read(&c->kref)); |
724 |
+@@ -1803,7 +1826,10 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, |
725 |
+ src_match = !bacmp(&c->src, src); |
726 |
+ dst_match = !bacmp(&c->dst, dst); |
727 |
+ if (src_match && dst_match) { |
728 |
+- l2cap_chan_hold(c); |
729 |
++ c = l2cap_chan_hold_unless_zero(c); |
730 |
++ if (!c) |
731 |
++ continue; |
732 |
++ |
733 |
+ read_unlock(&chan_list_lock); |
734 |
+ return c; |
735 |
+ } |
736 |
+@@ -1818,7 +1844,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm, |
737 |
+ } |
738 |
+ |
739 |
+ if (c1) |
740 |
+- l2cap_chan_hold(c1); |
741 |
++ c1 = l2cap_chan_hold_unless_zero(c1); |
742 |
+ |
743 |
+ read_unlock(&chan_list_lock); |
744 |
+ |
745 |
+@@ -4204,6 +4230,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, |
746 |
+ |
747 |
+ unlock: |
748 |
+ l2cap_chan_unlock(chan); |
749 |
++ l2cap_chan_put(chan); |
750 |
+ return err; |
751 |
+ } |
752 |
+ |
753 |
+@@ -4316,6 +4343,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn, |
754 |
+ |
755 |
+ done: |
756 |
+ l2cap_chan_unlock(chan); |
757 |
++ l2cap_chan_put(chan); |
758 |
+ return err; |
759 |
+ } |
760 |
+ |
761 |
+@@ -5044,6 +5072,7 @@ send_move_response: |
762 |
+ l2cap_send_move_chan_rsp(chan, result); |
763 |
+ |
764 |
+ l2cap_chan_unlock(chan); |
765 |
++ l2cap_chan_put(chan); |
766 |
+ |
767 |
+ return 0; |
768 |
+ } |
769 |
+@@ -5136,6 +5165,7 @@ static void l2cap_move_continue(struct l2cap_conn *conn, u16 icid, u16 result) |
770 |
+ } |
771 |
+ |
772 |
+ l2cap_chan_unlock(chan); |
773 |
++ l2cap_chan_put(chan); |
774 |
+ } |
775 |
+ |
776 |
+ static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, |
777 |
+@@ -5165,6 +5195,7 @@ static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, |
778 |
+ l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); |
779 |
+ |
780 |
+ l2cap_chan_unlock(chan); |
781 |
++ l2cap_chan_put(chan); |
782 |
+ } |
783 |
+ |
784 |
+ static int l2cap_move_channel_rsp(struct l2cap_conn *conn, |
785 |
+@@ -5228,6 +5259,7 @@ static int l2cap_move_channel_confirm(struct l2cap_conn *conn, |
786 |
+ l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); |
787 |
+ |
788 |
+ l2cap_chan_unlock(chan); |
789 |
++ l2cap_chan_put(chan); |
790 |
+ |
791 |
+ return 0; |
792 |
+ } |
793 |
+@@ -5263,6 +5295,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn, |
794 |
+ } |
795 |
+ |
796 |
+ l2cap_chan_unlock(chan); |
797 |
++ l2cap_chan_put(chan); |
798 |
+ |
799 |
+ return 0; |
800 |
+ } |
801 |
+@@ -5635,12 +5668,11 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, |
802 |
+ if (credits > max_credits) { |
803 |
+ BT_ERR("LE credits overflow"); |
804 |
+ l2cap_send_disconn_req(chan, ECONNRESET); |
805 |
+- l2cap_chan_unlock(chan); |
806 |
+ |
807 |
+ /* Return 0 so that we don't trigger an unnecessary |
808 |
+ * command reject packet. |
809 |
+ */ |
810 |
+- return 0; |
811 |
++ goto unlock; |
812 |
+ } |
813 |
+ |
814 |
+ chan->tx_credits += credits; |
815 |
+@@ -5651,7 +5683,9 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn, |
816 |
+ if (chan->tx_credits) |
817 |
+ chan->ops->resume(chan); |
818 |
+ |
819 |
++unlock: |
820 |
+ l2cap_chan_unlock(chan); |
821 |
++ l2cap_chan_put(chan); |
822 |
+ |
823 |
+ return 0; |
824 |
+ } |
825 |
+@@ -6949,6 +6983,7 @@ drop: |
826 |
+ |
827 |
+ done: |
828 |
+ l2cap_chan_unlock(chan); |
829 |
++ l2cap_chan_put(chan); |
830 |
+ } |
831 |
+ |
832 |
+ static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, |
833 |
+@@ -7353,7 +7388,7 @@ static struct l2cap_chan *l2cap_global_fixed_chan(struct l2cap_chan *c, |
834 |
+ if (src_type != c->src_type) |
835 |
+ continue; |
836 |
+ |
837 |
+- l2cap_chan_hold(c); |
838 |
++ c = l2cap_chan_hold_unless_zero(c); |
839 |
+ read_unlock(&chan_list_lock); |
840 |
+ return c; |
841 |
+ } |
842 |
+diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c |
843 |
+index b831825f234f6..a08acb54b6b00 100644 |
844 |
+--- a/net/ipv4/igmp.c |
845 |
++++ b/net/ipv4/igmp.c |
846 |
+@@ -831,7 +831,7 @@ static void igmp_ifc_event(struct in_device *in_dev) |
847 |
+ struct net *net = dev_net(in_dev->dev); |
848 |
+ if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) |
849 |
+ return; |
850 |
+- WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv); |
851 |
++ WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv)); |
852 |
+ igmp_ifc_start_timer(in_dev, 1); |
853 |
+ } |
854 |
+ |
855 |
+@@ -1013,7 +1013,7 @@ static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, |
856 |
+ * received value was zero, use the default or statically |
857 |
+ * configured value. |
858 |
+ */ |
859 |
+- in_dev->mr_qrv = ih3->qrv ?: net->ipv4.sysctl_igmp_qrv; |
860 |
++ in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
861 |
+ in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; |
862 |
+ |
863 |
+ /* RFC3376, 8.3. Query Response Interval: |
864 |
+@@ -1192,7 +1192,7 @@ static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im) |
865 |
+ pmc->interface = im->interface; |
866 |
+ in_dev_hold(in_dev); |
867 |
+ pmc->multiaddr = im->multiaddr; |
868 |
+- pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
869 |
++ pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
870 |
+ pmc->sfmode = im->sfmode; |
871 |
+ if (pmc->sfmode == MCAST_INCLUDE) { |
872 |
+ struct ip_sf_list *psf; |
873 |
+@@ -1243,9 +1243,11 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) |
874 |
+ swap(im->tomb, pmc->tomb); |
875 |
+ swap(im->sources, pmc->sources); |
876 |
+ for (psf = im->sources; psf; psf = psf->sf_next) |
877 |
+- psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
878 |
++ psf->sf_crcount = in_dev->mr_qrv ?: |
879 |
++ READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
880 |
+ } else { |
881 |
+- im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
882 |
++ im->crcount = in_dev->mr_qrv ?: |
883 |
++ READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
884 |
+ } |
885 |
+ in_dev_put(pmc->interface); |
886 |
+ kfree_pmc(pmc); |
887 |
+@@ -1347,7 +1349,7 @@ static void igmp_group_added(struct ip_mc_list *im) |
888 |
+ if (in_dev->dead) |
889 |
+ return; |
890 |
+ |
891 |
+- im->unsolicit_count = net->ipv4.sysctl_igmp_qrv; |
892 |
++ im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
893 |
+ if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { |
894 |
+ spin_lock_bh(&im->lock); |
895 |
+ igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); |
896 |
+@@ -1361,7 +1363,7 @@ static void igmp_group_added(struct ip_mc_list *im) |
897 |
+ * IN() to IN(A). |
898 |
+ */ |
899 |
+ if (im->sfmode == MCAST_EXCLUDE) |
900 |
+- im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
901 |
++ im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
902 |
+ |
903 |
+ igmp_ifc_event(in_dev); |
904 |
+ #endif |
905 |
+@@ -1769,7 +1771,7 @@ static void ip_mc_reset(struct in_device *in_dev) |
906 |
+ |
907 |
+ in_dev->mr_qi = IGMP_QUERY_INTERVAL; |
908 |
+ in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; |
909 |
+- in_dev->mr_qrv = net->ipv4.sysctl_igmp_qrv; |
910 |
++ in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
911 |
+ } |
912 |
+ #else |
913 |
+ static void ip_mc_reset(struct in_device *in_dev) |
914 |
+@@ -1903,7 +1905,7 @@ static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, |
915 |
+ #ifdef CONFIG_IP_MULTICAST |
916 |
+ if (psf->sf_oldin && |
917 |
+ !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { |
918 |
+- psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
919 |
++ psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
920 |
+ psf->sf_next = pmc->tomb; |
921 |
+ pmc->tomb = psf; |
922 |
+ rv = 1; |
923 |
+@@ -1967,7 +1969,7 @@ static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, |
924 |
+ /* filter mode change */ |
925 |
+ pmc->sfmode = MCAST_INCLUDE; |
926 |
+ #ifdef CONFIG_IP_MULTICAST |
927 |
+- pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
928 |
++ pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
929 |
+ WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); |
930 |
+ for (psf = pmc->sources; psf; psf = psf->sf_next) |
931 |
+ psf->sf_crcount = 0; |
932 |
+@@ -2146,7 +2148,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, |
933 |
+ #ifdef CONFIG_IP_MULTICAST |
934 |
+ /* else no filters; keep old mode for reports */ |
935 |
+ |
936 |
+- pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; |
937 |
++ pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); |
938 |
+ WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); |
939 |
+ for (psf = pmc->sources; psf; psf = psf->sf_next) |
940 |
+ psf->sf_crcount = 0; |
941 |
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c |
942 |
+index 7acc0d07f1486..768a7daab5596 100644 |
943 |
+--- a/net/ipv4/tcp.c |
944 |
++++ b/net/ipv4/tcp.c |
945 |
+@@ -706,7 +706,7 @@ static bool tcp_should_autocork(struct sock *sk, struct sk_buff *skb, |
946 |
+ int size_goal) |
947 |
+ { |
948 |
+ return skb->len < size_goal && |
949 |
+- sock_net(sk)->ipv4.sysctl_tcp_autocorking && |
950 |
++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_autocorking) && |
951 |
+ !tcp_rtx_queue_empty(sk) && |
952 |
+ refcount_read(&sk->sk_wmem_alloc) > skb->truesize; |
953 |
+ } |
954 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
955 |
+index 26f0994da31bf..e1d065ea5a158 100644 |
956 |
+--- a/net/ipv4/tcp_input.c |
957 |
++++ b/net/ipv4/tcp_input.c |
958 |
+@@ -432,7 +432,7 @@ static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb) |
959 |
+ */ |
960 |
+ void tcp_init_buffer_space(struct sock *sk) |
961 |
+ { |
962 |
+- int tcp_app_win = sock_net(sk)->ipv4.sysctl_tcp_app_win; |
963 |
++ int tcp_app_win = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_app_win); |
964 |
+ struct tcp_sock *tp = tcp_sk(sk); |
965 |
+ int maxwin; |
966 |
+ |
967 |
+@@ -2018,7 +2018,7 @@ void tcp_enter_loss(struct sock *sk) |
968 |
+ * loss recovery is underway except recurring timeout(s) on |
969 |
+ * the same SND.UNA (sec 3.2). Disable F-RTO on path MTU probing |
970 |
+ */ |
971 |
+- tp->frto = net->ipv4.sysctl_tcp_frto && |
972 |
++ tp->frto = READ_ONCE(net->ipv4.sysctl_tcp_frto) && |
973 |
+ (new_recovery || icsk->icsk_retransmits) && |
974 |
+ !inet_csk(sk)->icsk_mtup.probe_size; |
975 |
+ } |
976 |
+@@ -2903,7 +2903,7 @@ static void tcp_fastretrans_alert(struct sock *sk, const u32 prior_snd_una, |
977 |
+ |
978 |
+ static void tcp_update_rtt_min(struct sock *sk, u32 rtt_us, const int flag) |
979 |
+ { |
980 |
+- u32 wlen = sock_net(sk)->ipv4.sysctl_tcp_min_rtt_wlen * HZ; |
981 |
++ u32 wlen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_rtt_wlen) * HZ; |
982 |
+ struct tcp_sock *tp = tcp_sk(sk); |
983 |
+ |
984 |
+ if ((flag & FLAG_ACK_MAYBE_DELAYED) && rtt_us > tcp_min_rtt(tp)) { |
985 |
+@@ -3420,7 +3420,8 @@ static bool __tcp_oow_rate_limited(struct net *net, int mib_idx, |
986 |
+ if (*last_oow_ack_time) { |
987 |
+ s32 elapsed = (s32)(tcp_jiffies32 - *last_oow_ack_time); |
988 |
+ |
989 |
+- if (0 <= elapsed && elapsed < net->ipv4.sysctl_tcp_invalid_ratelimit) { |
990 |
++ if (0 <= elapsed && |
991 |
++ elapsed < READ_ONCE(net->ipv4.sysctl_tcp_invalid_ratelimit)) { |
992 |
+ NET_INC_STATS(net, mib_idx); |
993 |
+ return true; /* rate-limited: don't send yet! */ |
994 |
+ } |
995 |
+@@ -3468,7 +3469,7 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb) |
996 |
+ /* Then check host-wide RFC 5961 rate limit. */ |
997 |
+ now = jiffies / HZ; |
998 |
+ if (now != challenge_timestamp) { |
999 |
+- u32 ack_limit = net->ipv4.sysctl_tcp_challenge_ack_limit; |
1000 |
++ u32 ack_limit = READ_ONCE(net->ipv4.sysctl_tcp_challenge_ack_limit); |
1001 |
+ u32 half = (ack_limit + 1) >> 1; |
1002 |
+ |
1003 |
+ challenge_timestamp = now; |
1004 |
+@@ -4197,7 +4198,7 @@ static void tcp_dsack_set(struct sock *sk, u32 seq, u32 end_seq) |
1005 |
+ { |
1006 |
+ struct tcp_sock *tp = tcp_sk(sk); |
1007 |
+ |
1008 |
+- if (tcp_is_sack(tp) && sock_net(sk)->ipv4.sysctl_tcp_dsack) { |
1009 |
++ if (tcp_is_sack(tp) && READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_dsack)) { |
1010 |
+ int mib_idx; |
1011 |
+ |
1012 |
+ if (before(seq, tp->rcv_nxt)) |
1013 |
+@@ -4232,7 +4233,7 @@ static void tcp_send_dupack(struct sock *sk, const struct sk_buff *skb) |
1014 |
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_DELAYEDACKLOST); |
1015 |
+ tcp_enter_quickack_mode(sk, TCP_MAX_QUICKACKS); |
1016 |
+ |
1017 |
+- if (tcp_is_sack(tp) && sock_net(sk)->ipv4.sysctl_tcp_dsack) { |
1018 |
++ if (tcp_is_sack(tp) && READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_dsack)) { |
1019 |
+ u32 end_seq = TCP_SKB_CB(skb)->end_seq; |
1020 |
+ |
1021 |
+ if (after(TCP_SKB_CB(skb)->end_seq, tp->rcv_nxt)) |
1022 |
+@@ -5238,7 +5239,7 @@ send_now: |
1023 |
+ } |
1024 |
+ |
1025 |
+ if (!tcp_is_sack(tp) || |
1026 |
+- tp->compressed_ack >= sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr) |
1027 |
++ tp->compressed_ack >= READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr)) |
1028 |
+ goto send_now; |
1029 |
+ |
1030 |
+ if (tp->compressed_ack_rcv_nxt != tp->rcv_nxt) { |
1031 |
+@@ -5261,7 +5262,8 @@ send_now: |
1032 |
+ if (tp->srtt_us && tp->srtt_us < rtt) |
1033 |
+ rtt = tp->srtt_us; |
1034 |
+ |
1035 |
+- delay = min_t(unsigned long, sock_net(sk)->ipv4.sysctl_tcp_comp_sack_delay_ns, |
1036 |
++ delay = min_t(unsigned long, |
1037 |
++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_sack_delay_ns), |
1038 |
+ rtt * (NSEC_PER_USEC >> 3)/20); |
1039 |
+ sock_hold(sk); |
1040 |
+ hrtimer_start(&tp->compressed_ack_timer, ns_to_ktime(delay), |
1041 |
+diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c |
1042 |
+index 61843c6d7a476..4960e2b6bd7f7 100644 |
1043 |
+--- a/net/ipv4/tcp_metrics.c |
1044 |
++++ b/net/ipv4/tcp_metrics.c |
1045 |
+@@ -329,7 +329,7 @@ void tcp_update_metrics(struct sock *sk) |
1046 |
+ int m; |
1047 |
+ |
1048 |
+ sk_dst_confirm(sk); |
1049 |
+- if (net->ipv4.sysctl_tcp_nometrics_save || !dst) |
1050 |
++ if (READ_ONCE(net->ipv4.sysctl_tcp_nometrics_save) || !dst) |
1051 |
+ return; |
1052 |
+ |
1053 |
+ rcu_read_lock(); |
1054 |
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
1055 |
+index 13d9e8570ce57..3090b61e4edd1 100644 |
1056 |
+--- a/net/ipv4/tcp_output.c |
1057 |
++++ b/net/ipv4/tcp_output.c |
1058 |
+@@ -1745,7 +1745,7 @@ static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now) |
1059 |
+ |
1060 |
+ min_tso = ca_ops->min_tso_segs ? |
1061 |
+ ca_ops->min_tso_segs(sk) : |
1062 |
+- sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs; |
1063 |
++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs); |
1064 |
+ |
1065 |
+ tso_segs = tcp_tso_autosize(sk, mss_now, min_tso); |
1066 |
+ return min_t(u32, tso_segs, sk->sk_gso_max_segs); |
1067 |
+diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c |
1068 |
+index 5c9be8594483f..23ae01715e7b1 100644 |
1069 |
+--- a/net/ipv6/ping.c |
1070 |
++++ b/net/ipv6/ping.c |
1071 |
+@@ -27,6 +27,11 @@ |
1072 |
+ #include <linux/proc_fs.h> |
1073 |
+ #include <net/ping.h> |
1074 |
+ |
1075 |
++static void ping_v6_destroy(struct sock *sk) |
1076 |
++{ |
1077 |
++ inet6_destroy_sock(sk); |
1078 |
++} |
1079 |
++ |
1080 |
+ /* Compatibility glue so we can support IPv6 when it's compiled as a module */ |
1081 |
+ static int dummy_ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, |
1082 |
+ int *addr_len) |
1083 |
+@@ -170,6 +175,7 @@ struct proto pingv6_prot = { |
1084 |
+ .owner = THIS_MODULE, |
1085 |
+ .init = ping_init_sock, |
1086 |
+ .close = ping_close, |
1087 |
++ .destroy = ping_v6_destroy, |
1088 |
+ .connect = ip6_datagram_connect_v6_only, |
1089 |
+ .disconnect = __udp_disconnect, |
1090 |
+ .setsockopt = ipv6_setsockopt, |
1091 |
+diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c |
1092 |
+index a5aff2834bd6c..cd496b074a71b 100644 |
1093 |
+--- a/net/netfilter/nfnetlink_queue.c |
1094 |
++++ b/net/netfilter/nfnetlink_queue.c |
1095 |
+@@ -850,11 +850,16 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) |
1096 |
+ } |
1097 |
+ |
1098 |
+ static int |
1099 |
+-nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e, int diff) |
1100 |
++nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, int diff) |
1101 |
+ { |
1102 |
+ struct sk_buff *nskb; |
1103 |
+ |
1104 |
+ if (diff < 0) { |
1105 |
++ unsigned int min_len = skb_transport_offset(e->skb); |
1106 |
++ |
1107 |
++ if (data_len < min_len) |
1108 |
++ return -EINVAL; |
1109 |
++ |
1110 |
+ if (pskb_trim(e->skb, data_len)) |
1111 |
+ return -ENOMEM; |
1112 |
+ } else if (diff > 0) { |
1113 |
+diff --git a/net/sctp/stream_sched.c b/net/sctp/stream_sched.c |
1114 |
+index a6c04a94b08f2..3a5c0d00e96cd 100644 |
1115 |
+--- a/net/sctp/stream_sched.c |
1116 |
++++ b/net/sctp/stream_sched.c |
1117 |
+@@ -178,7 +178,7 @@ int sctp_sched_set_sched(struct sctp_association *asoc, |
1118 |
+ if (!SCTP_SO(&asoc->stream, i)->ext) |
1119 |
+ continue; |
1120 |
+ |
1121 |
+- ret = n->init_sid(&asoc->stream, i, GFP_KERNEL); |
1122 |
++ ret = n->init_sid(&asoc->stream, i, GFP_ATOMIC); |
1123 |
+ if (ret) |
1124 |
+ goto err; |
1125 |
+ } |
1126 |
+diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c |
1127 |
+index 166c621e02235..bd33d66139296 100644 |
1128 |
+--- a/tools/perf/util/symbol-elf.c |
1129 |
++++ b/tools/perf/util/symbol-elf.c |
1130 |
+@@ -201,6 +201,33 @@ Elf_Scn *elf_section_by_name(Elf *elf, GElf_Ehdr *ep, |
1131 |
+ return NULL; |
1132 |
+ } |
1133 |
+ |
1134 |
++static int elf_read_program_header(Elf *elf, u64 vaddr, GElf_Phdr *phdr) |
1135 |
++{ |
1136 |
++ size_t i, phdrnum; |
1137 |
++ u64 sz; |
1138 |
++ |
1139 |
++ if (elf_getphdrnum(elf, &phdrnum)) |
1140 |
++ return -1; |
1141 |
++ |
1142 |
++ for (i = 0; i < phdrnum; i++) { |
1143 |
++ if (gelf_getphdr(elf, i, phdr) == NULL) |
1144 |
++ return -1; |
1145 |
++ |
1146 |
++ if (phdr->p_type != PT_LOAD) |
1147 |
++ continue; |
1148 |
++ |
1149 |
++ sz = max(phdr->p_memsz, phdr->p_filesz); |
1150 |
++ if (!sz) |
1151 |
++ continue; |
1152 |
++ |
1153 |
++ if (vaddr >= phdr->p_vaddr && (vaddr < phdr->p_vaddr + sz)) |
1154 |
++ return 0; |
1155 |
++ } |
1156 |
++ |
1157 |
++ /* Not found any valid program header */ |
1158 |
++ return -1; |
1159 |
++} |
1160 |
++ |
1161 |
+ static bool want_demangle(bool is_kernel_sym) |
1162 |
+ { |
1163 |
+ return is_kernel_sym ? symbol_conf.demangle_kernel : symbol_conf.demangle; |
1164 |
+@@ -1063,6 +1090,7 @@ int dso__load_sym(struct dso *dso, struct map *map, struct symsrc *syms_ss, |
1165 |
+ sym.st_value); |
1166 |
+ used_opd = true; |
1167 |
+ } |
1168 |
++ |
1169 |
+ /* |
1170 |
+ * When loading symbols in a data mapping, ABS symbols (which |
1171 |
+ * has a value of SHN_ABS in its st_shndx) failed at |
1172 |
+@@ -1099,11 +1127,20 @@ int dso__load_sym(struct dso *dso, struct map *map, struct symsrc *syms_ss, |
1173 |
+ goto out_elf_end; |
1174 |
+ } else if ((used_opd && runtime_ss->adjust_symbols) || |
1175 |
+ (!used_opd && syms_ss->adjust_symbols)) { |
1176 |
++ GElf_Phdr phdr; |
1177 |
++ |
1178 |
++ if (elf_read_program_header(syms_ss->elf, |
1179 |
++ (u64)sym.st_value, &phdr)) { |
1180 |
++ pr_warning("%s: failed to find program header for " |
1181 |
++ "symbol: %s st_value: %#" PRIx64 "\n", |
1182 |
++ __func__, elf_name, (u64)sym.st_value); |
1183 |
++ continue; |
1184 |
++ } |
1185 |
+ pr_debug4("%s: adjusting symbol: st_value: %#" PRIx64 " " |
1186 |
+- "sh_addr: %#" PRIx64 " sh_offset: %#" PRIx64 "\n", __func__, |
1187 |
+- (u64)sym.st_value, (u64)shdr.sh_addr, |
1188 |
+- (u64)shdr.sh_offset); |
1189 |
+- sym.st_value -= shdr.sh_addr - shdr.sh_offset; |
1190 |
++ "p_vaddr: %#" PRIx64 " p_offset: %#" PRIx64 "\n", |
1191 |
++ __func__, (u64)sym.st_value, (u64)phdr.p_vaddr, |
1192 |
++ (u64)phdr.p_offset); |
1193 |
++ sym.st_value -= phdr.p_vaddr - phdr.p_offset; |
1194 |
+ } |
1195 |
+ |
1196 |
+ demangled = demangle_sym(dso, kmodule, elf_name); |