1 |
commit: 73961b305f24ed999e4af414afb420f14ca0252b |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Oct 29 17:29:31 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Oct 29 17:29:31 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=73961b30 |
7 |
|
8 |
Grsec/PaX: 2.9.1-{2.6.32.61,3.2.52,3.11.6}-201310271552 |
9 |
|
10 |
--- |
11 |
2.6.32/0000_README | 2 +- |
12 |
..._grsecurity-2.9.1-2.6.32.61-201310271545.patch} | 22 +- |
13 |
3.11.6/0000_README | 2 +- |
14 |
...420_grsecurity-2.9.1-3.11.6-201310271552.patch} | 258 +- |
15 |
{3.2.51 => 3.2.52}/0000_README | 6 +- |
16 |
{3.2.51 => 3.2.52}/1021_linux-3.2.22.patch | 0 |
17 |
{3.2.51 => 3.2.52}/1022_linux-3.2.23.patch | 0 |
18 |
{3.2.51 => 3.2.52}/1023_linux-3.2.24.patch | 0 |
19 |
{3.2.51 => 3.2.52}/1024_linux-3.2.25.patch | 0 |
20 |
{3.2.51 => 3.2.52}/1025_linux-3.2.26.patch | 0 |
21 |
{3.2.51 => 3.2.52}/1026_linux-3.2.27.patch | 0 |
22 |
{3.2.51 => 3.2.52}/1027_linux-3.2.28.patch | 0 |
23 |
{3.2.51 => 3.2.52}/1028_linux-3.2.29.patch | 0 |
24 |
{3.2.51 => 3.2.52}/1029_linux-3.2.30.patch | 0 |
25 |
{3.2.51 => 3.2.52}/1030_linux-3.2.31.patch | 0 |
26 |
{3.2.51 => 3.2.52}/1031_linux-3.2.32.patch | 0 |
27 |
{3.2.51 => 3.2.52}/1032_linux-3.2.33.patch | 0 |
28 |
{3.2.51 => 3.2.52}/1033_linux-3.2.34.patch | 0 |
29 |
{3.2.51 => 3.2.52}/1034_linux-3.2.35.patch | 0 |
30 |
{3.2.51 => 3.2.52}/1035_linux-3.2.36.patch | 0 |
31 |
{3.2.51 => 3.2.52}/1036_linux-3.2.37.patch | 0 |
32 |
{3.2.51 => 3.2.52}/1037_linux-3.2.38.patch | 0 |
33 |
{3.2.51 => 3.2.52}/1038_linux-3.2.39.patch | 0 |
34 |
{3.2.51 => 3.2.52}/1039_linux-3.2.40.patch | 0 |
35 |
{3.2.51 => 3.2.52}/1040_linux-3.2.41.patch | 0 |
36 |
{3.2.51 => 3.2.52}/1041_linux-3.2.42.patch | 0 |
37 |
{3.2.51 => 3.2.52}/1042_linux-3.2.43.patch | 0 |
38 |
{3.2.51 => 3.2.52}/1043_linux-3.2.44.patch | 0 |
39 |
{3.2.51 => 3.2.52}/1044_linux-3.2.45.patch | 0 |
40 |
{3.2.51 => 3.2.52}/1045_linux-3.2.46.patch | 0 |
41 |
{3.2.51 => 3.2.52}/1046_linux-3.2.47.patch | 0 |
42 |
{3.2.51 => 3.2.52}/1047_linux-3.2.48.patch | 0 |
43 |
{3.2.51 => 3.2.52}/1048_linux-3.2.49.patch | 0 |
44 |
{3.2.51 => 3.2.52}/1049_linux-3.2.50.patch | 0 |
45 |
{3.2.51 => 3.2.52}/1050_linux-3.2.51.patch | 0 |
46 |
3.2.52/1051_linux-3.2.52.patch | 5221 ++++++++++++++++++++ |
47 |
...4420_grsecurity-2.9.1-3.2.52-201310271550.patch | 1135 ++--- |
48 |
{3.2.51 => 3.2.52}/4425_grsec_remove_EI_PAX.patch | 0 |
49 |
.../4427_force_XATTR_PAX_tmpfs.patch | 0 |
50 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
51 |
{3.2.51 => 3.2.52}/4435_grsec-mute-warnings.patch | 0 |
52 |
.../4440_grsec-remove-protected-paths.patch | 0 |
53 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
54 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
55 |
{3.2.51 => 3.2.52}/4470_disable-compat_vdso.patch | 0 |
56 |
{3.2.51 => 3.2.52}/4475_emutramp_default_on.patch | 0 |
57 |
46 files changed, 5774 insertions(+), 872 deletions(-) |
58 |
|
59 |
diff --git a/2.6.32/0000_README b/2.6.32/0000_README |
60 |
index 381f8d3..3fdf601 100644 |
61 |
--- a/2.6.32/0000_README |
62 |
+++ b/2.6.32/0000_README |
63 |
@@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch |
64 |
From: http://www.kernel.org |
65 |
Desc: Linux 2.6.32.61 |
66 |
|
67 |
-Patch: 4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch |
68 |
+Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch |
69 |
From: http://www.grsecurity.net |
70 |
Desc: hardened-sources base patch from upstream grsecurity |
71 |
|
72 |
|
73 |
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch |
74 |
similarity index 99% |
75 |
rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch |
76 |
rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch |
77 |
index 80f4104..995d206 100644 |
78 |
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch |
79 |
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch |
80 |
@@ -115800,7 +115800,7 @@ index dba56d2..acee5d6 100644 |
81 |
tmo = req->expires - jiffies; |
82 |
if (tmo < 0) |
83 |
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
84 |
-index d717267..56de7e7 100644 |
85 |
+index d717267..f9707ae 100644 |
86 |
--- a/net/ipv4/inet_hashtables.c |
87 |
+++ b/net/ipv4/inet_hashtables.c |
88 |
@@ -18,12 +18,15 @@ |
89 |
@@ -115819,6 +115819,15 @@ index d717267..56de7e7 100644 |
90 |
/* |
91 |
* Allocate and initialize a new local port bind bucket. |
92 |
* The bindhash mutex for snum's hash chain must be held here. |
93 |
+@@ -247,7 +250,7 @@ begintw: |
94 |
+ } |
95 |
+ if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie, |
96 |
+ saddr, daddr, ports, dif))) { |
97 |
+- sock_put(sk); |
98 |
++ inet_twsk_put(inet_twsk(sk)); |
99 |
+ goto begintw; |
100 |
+ } |
101 |
+ goto out; |
102 |
@@ -491,6 +494,8 @@ ok: |
103 |
} |
104 |
spin_unlock(&head->lock); |
105 |
@@ -116814,9 +116823,18 @@ index cc4797d..7cfdfcc 100644 |
106 |
dst_release(dst); |
107 |
dst = NULL; |
108 |
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c |
109 |
-index 093e9b2..f72cddb 100644 |
110 |
+index 093e9b2..d6dbc3f 100644 |
111 |
--- a/net/ipv6/inet6_hashtables.c |
112 |
+++ b/net/ipv6/inet6_hashtables.c |
113 |
+@@ -104,7 +104,7 @@ begintw: |
114 |
+ goto out; |
115 |
+ } |
116 |
+ if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) { |
117 |
+- sock_put(sk); |
118 |
++ inet_twsk_put(inet_twsk(sk)); |
119 |
+ goto begintw; |
120 |
+ } |
121 |
+ goto out; |
122 |
@@ -119,7 +119,7 @@ out: |
123 |
} |
124 |
EXPORT_SYMBOL(__inet6_lookup_established); |
125 |
|
126 |
diff --git a/3.11.6/0000_README b/3.11.6/0000_README |
127 |
index 2d9249d..5611acb 100644 |
128 |
--- a/3.11.6/0000_README |
129 |
+++ b/3.11.6/0000_README |
130 |
@@ -2,7 +2,7 @@ README |
131 |
----------------------------------------------------------------------------- |
132 |
Individual Patch Descriptions: |
133 |
----------------------------------------------------------------------------- |
134 |
-Patch: 4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
135 |
+Patch: 4420_grsecurity-2.9.1-3.11.6-201310271552.patch |
136 |
From: http://www.grsecurity.net |
137 |
Desc: hardened-sources base patch from upstream grsecurity |
138 |
|
139 |
|
140 |
diff --git a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310260850.patch b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch |
141 |
similarity index 99% |
142 |
rename from 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
143 |
rename to 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch |
144 |
index 584d2ee..e291fc5 100644 |
145 |
--- a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310260850.patch |
146 |
+++ b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch |
147 |
@@ -44037,6 +44037,19 @@ index 4658f4c..407d155 100644 |
148 |
|
149 |
#include "ftmac100.h" |
150 |
|
151 |
+diff --git a/drivers/net/ethernet/intel/igb/igb_ethtool.c b/drivers/net/ethernet/intel/igb/igb_ethtool.c |
152 |
+index 85fe7b5..e2da180 100644 |
153 |
+--- a/drivers/net/ethernet/intel/igb/igb_ethtool.c |
154 |
++++ b/drivers/net/ethernet/intel/igb/igb_ethtool.c |
155 |
+@@ -2637,6 +2637,8 @@ static int igb_set_eee(struct net_device *netdev, |
156 |
+ (hw->phy.media_type != e1000_media_type_copper)) |
157 |
+ return -EOPNOTSUPP; |
158 |
+ |
159 |
++ memset(&eee_curr, 0, sizeof(struct ethtool_eee)); |
160 |
++ |
161 |
+ ret_val = igb_get_eee(netdev, &eee_curr); |
162 |
+ if (ret_val) |
163 |
+ return ret_val; |
164 |
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c |
165 |
index 331987d..3be1135 100644 |
166 |
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c |
167 |
@@ -44498,6 +44511,18 @@ index 3f0c4f2..bcfff0d 100644 |
168 |
sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed); |
169 |
/* Lucky card and linux use same encoding here */ |
170 |
sync.clock_type = FST_RDB(card, portConfig[i].internalClock) == |
171 |
+diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c |
172 |
+index 6a24a5a..4c0a697 100644 |
173 |
+--- a/drivers/net/wan/wanxl.c |
174 |
++++ b/drivers/net/wan/wanxl.c |
175 |
+@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
176 |
+ ifr->ifr_settings.size = size; /* data size wanted */ |
177 |
+ return -ENOBUFS; |
178 |
+ } |
179 |
++ memset(&line, 0, sizeof(line)); |
180 |
+ line.clock_type = get_status(port)->clocking; |
181 |
+ line.clock_rate = 0; |
182 |
+ line.loopback = 0; |
183 |
diff --git a/drivers/net/wimax/i2400m/rx.c b/drivers/net/wimax/i2400m/rx.c |
184 |
index 0b60295..b8bfa5b 100644 |
185 |
--- a/drivers/net/wimax/i2400m/rx.c |
186 |
@@ -54449,6 +54474,19 @@ index c7c83ff..bda9461 100644 |
187 |
parent, NULL, NULL); |
188 |
} |
189 |
EXPORT_SYMBOL_GPL(debugfs_create_dir); |
190 |
+diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c |
191 |
+index d107576..40db688 100644 |
192 |
+--- a/fs/ecryptfs/crypto.c |
193 |
++++ b/fs/ecryptfs/crypto.c |
194 |
+@@ -408,7 +408,7 @@ static loff_t lower_offset_for_page(struct ecryptfs_crypt_stat *crypt_stat, |
195 |
+ struct page *page) |
196 |
+ { |
197 |
+ return ecryptfs_lower_header_size(crypt_stat) + |
198 |
+- (page->index << PAGE_CACHE_SHIFT); |
199 |
++ ((loff_t)page->index << PAGE_CACHE_SHIFT); |
200 |
+ } |
201 |
+ |
202 |
+ /** |
203 |
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c |
204 |
index 67e9b63..a9adb68 100644 |
205 |
--- a/fs/ecryptfs/inode.c |
206 |
@@ -54471,6 +54509,27 @@ index 67e9b63..a9adb68 100644 |
207 |
if (!IS_ERR(buf)) { |
208 |
/* Free the char* */ |
209 |
kfree(buf); |
210 |
+diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c |
211 |
+index 7d52806..4725a07 100644 |
212 |
+--- a/fs/ecryptfs/keystore.c |
213 |
++++ b/fs/ecryptfs/keystore.c |
214 |
+@@ -1149,7 +1149,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
215 |
+ struct ecryptfs_msg_ctx *msg_ctx; |
216 |
+ struct ecryptfs_message *msg = NULL; |
217 |
+ char *auth_tok_sig; |
218 |
+- char *payload; |
219 |
++ char *payload = NULL; |
220 |
+ size_t payload_len = 0; |
221 |
+ int rc; |
222 |
+ |
223 |
+@@ -1203,6 +1203,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
224 |
+ } |
225 |
+ out: |
226 |
+ kfree(msg); |
227 |
++ kfree(payload); |
228 |
+ return rc; |
229 |
+ } |
230 |
+ |
231 |
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c |
232 |
index e4141f2..d8263e8 100644 |
233 |
--- a/fs/ecryptfs/miscdev.c |
234 |
@@ -76402,7 +76461,7 @@ index 429c199..4d42e38 100644 |
235 |
|
236 |
/* shm_mode upper byte flags */ |
237 |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
238 |
-index 3b71a4e..5c9f309 100644 |
239 |
+index 3b71a4e..4823435 100644 |
240 |
--- a/include/linux/skbuff.h |
241 |
+++ b/include/linux/skbuff.h |
242 |
@@ -648,7 +648,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, |
243 |
@@ -76441,7 +76500,19 @@ index 3b71a4e..5c9f309 100644 |
244 |
} |
245 |
|
246 |
/** |
247 |
-@@ -1750,7 +1750,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) |
248 |
+@@ -1316,6 +1316,11 @@ static inline int skb_pagelen(const struct sk_buff *skb) |
249 |
+ return len + skb_headlen(skb); |
250 |
+ } |
251 |
+ |
252 |
++static inline bool skb_has_frags(const struct sk_buff *skb) |
253 |
++{ |
254 |
++ return skb_shinfo(skb)->nr_frags; |
255 |
++} |
256 |
++ |
257 |
+ /** |
258 |
+ * __skb_fill_page_desc - initialise a paged fragment in an skb |
259 |
+ * @skb: buffer containing fragment to be initialised |
260 |
+@@ -1750,7 +1755,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) |
261 |
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) |
262 |
*/ |
263 |
#ifndef NET_SKB_PAD |
264 |
@@ -76450,7 +76521,7 @@ index 3b71a4e..5c9f309 100644 |
265 |
#endif |
266 |
|
267 |
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); |
268 |
-@@ -2345,7 +2345,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, |
269 |
+@@ -2345,7 +2350,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, |
270 |
int noblock, int *err); |
271 |
extern unsigned int datagram_poll(struct file *file, struct socket *sock, |
272 |
struct poll_table_struct *wait); |
273 |
@@ -76459,7 +76530,7 @@ index 3b71a4e..5c9f309 100644 |
274 |
int offset, struct iovec *to, |
275 |
int size); |
276 |
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, |
277 |
-@@ -2636,6 +2636,9 @@ static inline void nf_reset(struct sk_buff *skb) |
278 |
+@@ -2636,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb) |
279 |
nf_bridge_put(skb->nf_bridge); |
280 |
skb->nf_bridge = NULL; |
281 |
#endif |
282 |
@@ -88631,30 +88702,10 @@ index 94722a4..e661e29 100644 |
283 |
|
284 |
if (nstart < prev->vm_end) |
285 |
diff --git a/mm/mremap.c b/mm/mremap.c |
286 |
-index 0843feb..5607f47 100644 |
287 |
+index 0843feb..4f5b2e6 100644 |
288 |
--- a/mm/mremap.c |
289 |
+++ b/mm/mremap.c |
290 |
-@@ -25,6 +25,7 @@ |
291 |
- #include <asm/uaccess.h> |
292 |
- #include <asm/cacheflush.h> |
293 |
- #include <asm/tlbflush.h> |
294 |
-+#include <asm/pgalloc.h> |
295 |
- |
296 |
- #include "internal.h" |
297 |
- |
298 |
-@@ -62,8 +63,10 @@ static pmd_t *alloc_new_pmd(struct mm_struct *mm, struct vm_area_struct *vma, |
299 |
- return NULL; |
300 |
- |
301 |
- pmd = pmd_alloc(mm, pud, addr); |
302 |
-- if (!pmd) |
303 |
-+ if (!pmd) { |
304 |
-+ pud_free(mm, pud); |
305 |
- return NULL; |
306 |
-+ } |
307 |
- |
308 |
- VM_BUG_ON(pmd_trans_huge(*pmd)); |
309 |
- |
310 |
-@@ -144,6 +147,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, |
311 |
+@@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, |
312 |
continue; |
313 |
pte = ptep_get_and_clear(mm, old_addr, old_pte); |
314 |
pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); |
315 |
@@ -88667,7 +88718,7 @@ index 0843feb..5607f47 100644 |
316 |
pte = move_soft_dirty_pte(pte); |
317 |
set_pte_at(mm, new_addr, new_pte, pte); |
318 |
} |
319 |
-@@ -337,6 +346,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, |
320 |
+@@ -337,6 +343,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, |
321 |
if (is_vm_hugetlb_page(vma)) |
322 |
goto Einval; |
323 |
|
324 |
@@ -88679,7 +88730,7 @@ index 0843feb..5607f47 100644 |
325 |
/* We can't remap across vm area boundaries */ |
326 |
if (old_len > vma->vm_end - addr) |
327 |
goto Efault; |
328 |
-@@ -392,20 +406,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, |
329 |
+@@ -392,20 +403,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, |
330 |
unsigned long ret = -EINVAL; |
331 |
unsigned long charged = 0; |
332 |
unsigned long map_flags; |
333 |
@@ -88710,7 +88761,7 @@ index 0843feb..5607f47 100644 |
334 |
goto out; |
335 |
|
336 |
ret = do_munmap(mm, new_addr, new_len); |
337 |
-@@ -474,6 +493,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
338 |
+@@ -474,6 +490,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
339 |
unsigned long ret = -EINVAL; |
340 |
unsigned long charged = 0; |
341 |
bool locked = false; |
342 |
@@ -88718,7 +88769,7 @@ index 0843feb..5607f47 100644 |
343 |
|
344 |
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) |
345 |
return ret; |
346 |
-@@ -495,6 +515,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
347 |
+@@ -495,6 +512,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
348 |
if (!new_len) |
349 |
return ret; |
350 |
|
351 |
@@ -88736,7 +88787,7 @@ index 0843feb..5607f47 100644 |
352 |
down_write(¤t->mm->mmap_sem); |
353 |
|
354 |
if (flags & MREMAP_FIXED) { |
355 |
-@@ -545,6 +576,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
356 |
+@@ -545,6 +573,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
357 |
new_addr = addr; |
358 |
} |
359 |
ret = addr; |
360 |
@@ -88744,7 +88795,7 @@ index 0843feb..5607f47 100644 |
361 |
goto out; |
362 |
} |
363 |
} |
364 |
-@@ -568,7 +600,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
365 |
+@@ -568,7 +597,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, |
366 |
goto out; |
367 |
} |
368 |
|
369 |
@@ -91150,23 +91201,25 @@ index eb0a46a..5f3bae8 100644 |
370 |
|
371 |
switch (ss->ss_family) { |
372 |
diff --git a/net/compat.c b/net/compat.c |
373 |
-index f0a1ba6..0541331 100644 |
374 |
+index f0a1ba6..24e30e5 100644 |
375 |
--- a/net/compat.c |
376 |
+++ b/net/compat.c |
377 |
-@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
378 |
+@@ -71,9 +71,11 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
379 |
__get_user(kmsg->msg_controllen, &umsg->msg_controllen) || |
380 |
__get_user(kmsg->msg_flags, &umsg->msg_flags)) |
381 |
return -EFAULT; |
382 |
- kmsg->msg_name = compat_ptr(tmp1); |
383 |
- kmsg->msg_iov = compat_ptr(tmp2); |
384 |
- kmsg->msg_control = compat_ptr(tmp3); |
385 |
++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
386 |
++ return -EINVAL; |
387 |
+ kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1); |
388 |
+ kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2); |
389 |
+ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3); |
390 |
return 0; |
391 |
} |
392 |
|
393 |
-@@ -85,7 +85,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
394 |
+@@ -85,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
395 |
|
396 |
if (kern_msg->msg_namelen) { |
397 |
if (mode == VERIFY_READ) { |
398 |
@@ -91175,7 +91228,7 @@ index f0a1ba6..0541331 100644 |
399 |
kern_msg->msg_namelen, |
400 |
kern_address); |
401 |
if (err < 0) |
402 |
-@@ -96,7 +96,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
403 |
+@@ -96,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
404 |
kern_msg->msg_name = NULL; |
405 |
|
406 |
tot_len = iov_from_user_compat_to_kern(kern_iov, |
407 |
@@ -91184,7 +91237,7 @@ index f0a1ba6..0541331 100644 |
408 |
kern_msg->msg_iovlen); |
409 |
if (tot_len >= 0) |
410 |
kern_msg->msg_iov = kern_iov; |
411 |
-@@ -116,20 +116,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
412 |
+@@ -116,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
413 |
|
414 |
#define CMSG_COMPAT_FIRSTHDR(msg) \ |
415 |
(((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \ |
416 |
@@ -91208,7 +91261,7 @@ index f0a1ba6..0541331 100644 |
417 |
msg->msg_controllen) |
418 |
return NULL; |
419 |
return (struct compat_cmsghdr __user *)ptr; |
420 |
-@@ -219,7 +219,7 @@ Efault: |
421 |
+@@ -219,7 +221,7 @@ Efault: |
422 |
|
423 |
int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data) |
424 |
{ |
425 |
@@ -91217,7 +91270,7 @@ index f0a1ba6..0541331 100644 |
426 |
struct compat_cmsghdr cmhdr; |
427 |
struct compat_timeval ctv; |
428 |
struct compat_timespec cts[3]; |
429 |
-@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat |
430 |
+@@ -275,7 +277,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat |
431 |
|
432 |
void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) |
433 |
{ |
434 |
@@ -91226,7 +91279,7 @@ index f0a1ba6..0541331 100644 |
435 |
int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); |
436 |
int fdnum = scm->fp->count; |
437 |
struct file **fp = scm->fp->fp; |
438 |
-@@ -363,7 +363,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, |
439 |
+@@ -363,7 +365,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, |
440 |
return -EFAULT; |
441 |
old_fs = get_fs(); |
442 |
set_fs(KERNEL_DS); |
443 |
@@ -91235,7 +91288,7 @@ index f0a1ba6..0541331 100644 |
444 |
set_fs(old_fs); |
445 |
|
446 |
return err; |
447 |
-@@ -424,7 +424,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, |
448 |
+@@ -424,7 +426,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, |
449 |
len = sizeof(ktime); |
450 |
old_fs = get_fs(); |
451 |
set_fs(KERNEL_DS); |
452 |
@@ -91244,7 +91297,7 @@ index f0a1ba6..0541331 100644 |
453 |
set_fs(old_fs); |
454 |
|
455 |
if (!err) { |
456 |
-@@ -567,7 +567,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
457 |
+@@ -567,7 +569,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
458 |
case MCAST_JOIN_GROUP: |
459 |
case MCAST_LEAVE_GROUP: |
460 |
{ |
461 |
@@ -91253,7 +91306,7 @@ index f0a1ba6..0541331 100644 |
462 |
struct group_req __user *kgr = |
463 |
compat_alloc_user_space(sizeof(struct group_req)); |
464 |
u32 interface; |
465 |
-@@ -588,7 +588,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
466 |
+@@ -588,7 +590,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
467 |
case MCAST_BLOCK_SOURCE: |
468 |
case MCAST_UNBLOCK_SOURCE: |
469 |
{ |
470 |
@@ -91262,7 +91315,7 @@ index f0a1ba6..0541331 100644 |
471 |
struct group_source_req __user *kgsr = compat_alloc_user_space( |
472 |
sizeof(struct group_source_req)); |
473 |
u32 interface; |
474 |
-@@ -609,7 +609,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
475 |
+@@ -609,7 +611,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
476 |
} |
477 |
case MCAST_MSFILTER: |
478 |
{ |
479 |
@@ -91271,7 +91324,7 @@ index f0a1ba6..0541331 100644 |
480 |
struct group_filter __user *kgf; |
481 |
u32 interface, fmode, numsrc; |
482 |
|
483 |
-@@ -647,7 +647,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, |
484 |
+@@ -647,7 +649,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, |
485 |
char __user *optval, int __user *optlen, |
486 |
int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) |
487 |
{ |
488 |
@@ -91280,7 +91333,7 @@ index f0a1ba6..0541331 100644 |
489 |
struct group_filter __user *kgf; |
490 |
int __user *koptlen; |
491 |
u32 interface, fmode, numsrc; |
492 |
-@@ -805,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
493 |
+@@ -805,7 +807,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
494 |
|
495 |
if (call < SYS_SOCKET || call > SYS_SENDMMSG) |
496 |
return -EINVAL; |
497 |
@@ -92084,7 +92137,7 @@ index 6acb541..9ea617d 100644 |
498 |
|
499 |
void inet_get_local_port_range(int *low, int *high) |
500 |
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
501 |
-index 7bd8983..3abdcf6 100644 |
502 |
+index 7bd8983..b956690 100644 |
503 |
--- a/net/ipv4/inet_hashtables.c |
504 |
+++ b/net/ipv4/inet_hashtables.c |
505 |
@@ -18,12 +18,15 @@ |
506 |
@@ -92103,6 +92156,15 @@ index 7bd8983..3abdcf6 100644 |
507 |
/* |
508 |
* Allocate and initialize a new local port bind bucket. |
509 |
* The bindhash mutex for snum's hash chain must be held here. |
510 |
+@@ -287,7 +290,7 @@ begintw: |
511 |
+ if (unlikely(!INET_TW_MATCH(sk, net, acookie, |
512 |
+ saddr, daddr, ports, |
513 |
+ dif))) { |
514 |
+- sock_put(sk); |
515 |
++ inet_twsk_put(inet_twsk(sk)); |
516 |
+ goto begintw; |
517 |
+ } |
518 |
+ goto out; |
519 |
@@ -554,6 +557,8 @@ ok: |
520 |
twrefcnt += inet_twsk_bind_unhash(tw, hinfo); |
521 |
spin_unlock(&head->lock); |
522 |
@@ -92209,6 +92271,19 @@ index 8d6939e..19d0a95 100644 |
523 |
.kind = "gretap", |
524 |
.maxtype = IFLA_GRE_MAX, |
525 |
.policy = ipgre_policy, |
526 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
527 |
+index a04d872..7f4ab5d 100644 |
528 |
+--- a/net/ipv4/ip_output.c |
529 |
++++ b/net/ipv4/ip_output.c |
530 |
+@@ -836,7 +836,7 @@ static int __ip_append_data(struct sock *sk, |
531 |
+ csummode = CHECKSUM_PARTIAL; |
532 |
+ |
533 |
+ cork->length += length; |
534 |
+- if (((length > mtu) || (skb && skb_is_gso(skb))) && |
535 |
++ if (((length > mtu) || (skb && skb_has_frags(skb))) && |
536 |
+ (sk->sk_protocol == IPPROTO_UDP) && |
537 |
+ (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) { |
538 |
+ err = ip_ufo_append_data(sk, queue, getfrag, from, length, |
539 |
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c |
540 |
index d9c4f11..02b82dbc 100644 |
541 |
--- a/net/ipv4/ip_sockglue.c |
542 |
@@ -93213,6 +93288,19 @@ index 7cfc8d2..c5394b6 100644 |
543 |
|
544 |
table = kmemdup(ipv6_icmp_table_template, |
545 |
sizeof(ipv6_icmp_table_template), |
546 |
+diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c |
547 |
+index 32b4a16..066640e 100644 |
548 |
+--- a/net/ipv6/inet6_hashtables.c |
549 |
++++ b/net/ipv6/inet6_hashtables.c |
550 |
+@@ -116,7 +116,7 @@ begintw: |
551 |
+ } |
552 |
+ if (unlikely(!INET6_TW_MATCH(sk, net, saddr, daddr, |
553 |
+ ports, dif))) { |
554 |
+- sock_put(sk); |
555 |
++ inet_twsk_put(inet_twsk(sk)); |
556 |
+ goto begintw; |
557 |
+ } |
558 |
+ goto out; |
559 |
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c |
560 |
index 8bc717b..76fbb5d 100644 |
561 |
--- a/net/ipv6/ip6_gre.c |
562 |
@@ -93253,6 +93341,19 @@ index 8bc717b..76fbb5d 100644 |
563 |
.kind = "ip6gretap", |
564 |
.maxtype = IFLA_GRE_MAX, |
565 |
.policy = ip6gre_policy, |
566 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
567 |
+index 44df1c9..2e542d0 100644 |
568 |
+--- a/net/ipv6/ip6_output.c |
569 |
++++ b/net/ipv6/ip6_output.c |
570 |
+@@ -1252,7 +1252,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, |
571 |
+ skb = skb_peek_tail(&sk->sk_write_queue); |
572 |
+ cork->length += length; |
573 |
+ if (((length > mtu) || |
574 |
+- (skb && skb_is_gso(skb))) && |
575 |
++ (skb && skb_has_frags(skb))) && |
576 |
+ (sk->sk_protocol == IPPROTO_UDP) && |
577 |
+ (rt->dst.dev->features & NETIF_F_UFO)) { |
578 |
+ err = ip6_ufo_append_data(sk, getfrag, from, length, |
579 |
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
580 |
index cf5d490..30946f0 100644 |
581 |
--- a/net/ipv6/ip6_tunnel.c |
582 |
@@ -95644,7 +95745,7 @@ index 9a5c4c9..46e4b29 100644 |
583 |
|
584 |
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); |
585 |
diff --git a/net/socket.c b/net/socket.c |
586 |
-index b2d7c62..441a7ef 100644 |
587 |
+index b2d7c62..f703b02 100644 |
588 |
--- a/net/socket.c |
589 |
+++ b/net/socket.c |
590 |
@@ -88,6 +88,7 @@ |
591 |
@@ -95828,7 +95929,38 @@ index b2d7c62..441a7ef 100644 |
592 |
int err, err2; |
593 |
int fput_needed; |
594 |
|
595 |
-@@ -2040,7 +2106,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
596 |
+@@ -1973,6 +2039,16 @@ struct used_address { |
597 |
+ unsigned int name_len; |
598 |
+ }; |
599 |
+ |
600 |
++static int copy_msghdr_from_user(struct msghdr *kmsg, |
601 |
++ struct msghdr __user *umsg) |
602 |
++{ |
603 |
++ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) |
604 |
++ return -EFAULT; |
605 |
++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
606 |
++ return -EINVAL; |
607 |
++ return 0; |
608 |
++} |
609 |
++ |
610 |
+ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
611 |
+ struct msghdr *msg_sys, unsigned int flags, |
612 |
+ struct used_address *used_address) |
613 |
+@@ -1991,8 +2067,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
614 |
+ if (MSG_CMSG_COMPAT & flags) { |
615 |
+ if (get_compat_msghdr(msg_sys, msg_compat)) |
616 |
+ return -EFAULT; |
617 |
+- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
618 |
+- return -EFAULT; |
619 |
++ } else { |
620 |
++ err = copy_msghdr_from_user(msg_sys, msg); |
621 |
++ if (err) |
622 |
++ return err; |
623 |
++ } |
624 |
+ |
625 |
+ if (msg_sys->msg_iovlen > UIO_FASTIOV) { |
626 |
+ err = -EMSGSIZE; |
627 |
+@@ -2040,7 +2119,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
628 |
* checking falls down on this. |
629 |
*/ |
630 |
if (copy_from_user(ctl_buf, |
631 |
@@ -95837,7 +95969,7 @@ index b2d7c62..441a7ef 100644 |
632 |
ctl_len)) |
633 |
goto out_freectl; |
634 |
msg_sys->msg_control = ctl_buf; |
635 |
-@@ -2191,7 +2257,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
636 |
+@@ -2191,7 +2270,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
637 |
int err, total_len, len; |
638 |
|
639 |
/* kernel mode address */ |
640 |
@@ -95846,7 +95978,21 @@ index b2d7c62..441a7ef 100644 |
641 |
|
642 |
/* user mode address pointers */ |
643 |
struct sockaddr __user *uaddr; |
644 |
-@@ -2219,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
645 |
+@@ -2200,8 +2279,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
646 |
+ if (MSG_CMSG_COMPAT & flags) { |
647 |
+ if (get_compat_msghdr(msg_sys, msg_compat)) |
648 |
+ return -EFAULT; |
649 |
+- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
650 |
+- return -EFAULT; |
651 |
++ } else { |
652 |
++ err = copy_msghdr_from_user(msg_sys, msg); |
653 |
++ if (err) |
654 |
++ return err; |
655 |
++ } |
656 |
+ |
657 |
+ if (msg_sys->msg_iovlen > UIO_FASTIOV) { |
658 |
+ err = -EMSGSIZE; |
659 |
+@@ -2219,7 +2301,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
660 |
* kernel msghdr to use the kernel address space) |
661 |
*/ |
662 |
|
663 |
@@ -95855,7 +96001,7 @@ index b2d7c62..441a7ef 100644 |
664 |
uaddr_len = COMPAT_NAMELEN(msg); |
665 |
if (MSG_CMSG_COMPAT & flags) { |
666 |
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); |
667 |
-@@ -2974,7 +3040,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
668 |
+@@ -2974,7 +3056,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
669 |
old_fs = get_fs(); |
670 |
set_fs(KERNEL_DS); |
671 |
err = dev_ioctl(net, cmd, |
672 |
@@ -95864,7 +96010,7 @@ index b2d7c62..441a7ef 100644 |
673 |
set_fs(old_fs); |
674 |
|
675 |
return err; |
676 |
-@@ -3083,7 +3149,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
677 |
+@@ -3083,7 +3165,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
678 |
|
679 |
old_fs = get_fs(); |
680 |
set_fs(KERNEL_DS); |
681 |
@@ -95873,7 +96019,7 @@ index b2d7c62..441a7ef 100644 |
682 |
set_fs(old_fs); |
683 |
|
684 |
if (cmd == SIOCGIFMAP && !err) { |
685 |
-@@ -3188,7 +3254,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
686 |
+@@ -3188,7 +3270,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
687 |
ret |= __get_user(rtdev, &(ur4->rt_dev)); |
688 |
if (rtdev) { |
689 |
ret |= copy_from_user(devname, compat_ptr(rtdev), 15); |
690 |
@@ -95882,7 +96028,7 @@ index b2d7c62..441a7ef 100644 |
691 |
devname[15] = 0; |
692 |
} else |
693 |
r4.rt_dev = NULL; |
694 |
-@@ -3414,8 +3480,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
695 |
+@@ -3414,8 +3496,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
696 |
int __user *uoptlen; |
697 |
int err; |
698 |
|
699 |
@@ -95893,7 +96039,7 @@ index b2d7c62..441a7ef 100644 |
700 |
|
701 |
set_fs(KERNEL_DS); |
702 |
if (level == SOL_SOCKET) |
703 |
-@@ -3435,7 +3501,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
704 |
+@@ -3435,7 +3517,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
705 |
char __user *uoptval; |
706 |
int err; |
707 |
|
708 |
|
709 |
diff --git a/3.2.51/0000_README b/3.2.52/0000_README |
710 |
similarity index 96% |
711 |
rename from 3.2.51/0000_README |
712 |
rename to 3.2.52/0000_README |
713 |
index 8ba65d1..ec68a31 100644 |
714 |
--- a/3.2.51/0000_README |
715 |
+++ b/3.2.52/0000_README |
716 |
@@ -122,7 +122,11 @@ Patch: 1050_linux-3.2.51.patch |
717 |
From: http://www.kernel.org |
718 |
Desc: Linux 3.2.51 |
719 |
|
720 |
-Patch: 4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
721 |
+Patch: 1051_linux-3.2.52.patch |
722 |
+From: http://www.kernel.org |
723 |
+Desc: Linux 3.2.52 |
724 |
+ |
725 |
+Patch: 4420_grsecurity-2.9.1-3.2.52-201310271550.patch |
726 |
From: http://www.grsecurity.net |
727 |
Desc: hardened-sources base patch from upstream grsecurity |
728 |
|
729 |
|
730 |
diff --git a/3.2.51/1021_linux-3.2.22.patch b/3.2.52/1021_linux-3.2.22.patch |
731 |
similarity index 100% |
732 |
rename from 3.2.51/1021_linux-3.2.22.patch |
733 |
rename to 3.2.52/1021_linux-3.2.22.patch |
734 |
|
735 |
diff --git a/3.2.51/1022_linux-3.2.23.patch b/3.2.52/1022_linux-3.2.23.patch |
736 |
similarity index 100% |
737 |
rename from 3.2.51/1022_linux-3.2.23.patch |
738 |
rename to 3.2.52/1022_linux-3.2.23.patch |
739 |
|
740 |
diff --git a/3.2.51/1023_linux-3.2.24.patch b/3.2.52/1023_linux-3.2.24.patch |
741 |
similarity index 100% |
742 |
rename from 3.2.51/1023_linux-3.2.24.patch |
743 |
rename to 3.2.52/1023_linux-3.2.24.patch |
744 |
|
745 |
diff --git a/3.2.51/1024_linux-3.2.25.patch b/3.2.52/1024_linux-3.2.25.patch |
746 |
similarity index 100% |
747 |
rename from 3.2.51/1024_linux-3.2.25.patch |
748 |
rename to 3.2.52/1024_linux-3.2.25.patch |
749 |
|
750 |
diff --git a/3.2.51/1025_linux-3.2.26.patch b/3.2.52/1025_linux-3.2.26.patch |
751 |
similarity index 100% |
752 |
rename from 3.2.51/1025_linux-3.2.26.patch |
753 |
rename to 3.2.52/1025_linux-3.2.26.patch |
754 |
|
755 |
diff --git a/3.2.51/1026_linux-3.2.27.patch b/3.2.52/1026_linux-3.2.27.patch |
756 |
similarity index 100% |
757 |
rename from 3.2.51/1026_linux-3.2.27.patch |
758 |
rename to 3.2.52/1026_linux-3.2.27.patch |
759 |
|
760 |
diff --git a/3.2.51/1027_linux-3.2.28.patch b/3.2.52/1027_linux-3.2.28.patch |
761 |
similarity index 100% |
762 |
rename from 3.2.51/1027_linux-3.2.28.patch |
763 |
rename to 3.2.52/1027_linux-3.2.28.patch |
764 |
|
765 |
diff --git a/3.2.51/1028_linux-3.2.29.patch b/3.2.52/1028_linux-3.2.29.patch |
766 |
similarity index 100% |
767 |
rename from 3.2.51/1028_linux-3.2.29.patch |
768 |
rename to 3.2.52/1028_linux-3.2.29.patch |
769 |
|
770 |
diff --git a/3.2.51/1029_linux-3.2.30.patch b/3.2.52/1029_linux-3.2.30.patch |
771 |
similarity index 100% |
772 |
rename from 3.2.51/1029_linux-3.2.30.patch |
773 |
rename to 3.2.52/1029_linux-3.2.30.patch |
774 |
|
775 |
diff --git a/3.2.51/1030_linux-3.2.31.patch b/3.2.52/1030_linux-3.2.31.patch |
776 |
similarity index 100% |
777 |
rename from 3.2.51/1030_linux-3.2.31.patch |
778 |
rename to 3.2.52/1030_linux-3.2.31.patch |
779 |
|
780 |
diff --git a/3.2.51/1031_linux-3.2.32.patch b/3.2.52/1031_linux-3.2.32.patch |
781 |
similarity index 100% |
782 |
rename from 3.2.51/1031_linux-3.2.32.patch |
783 |
rename to 3.2.52/1031_linux-3.2.32.patch |
784 |
|
785 |
diff --git a/3.2.51/1032_linux-3.2.33.patch b/3.2.52/1032_linux-3.2.33.patch |
786 |
similarity index 100% |
787 |
rename from 3.2.51/1032_linux-3.2.33.patch |
788 |
rename to 3.2.52/1032_linux-3.2.33.patch |
789 |
|
790 |
diff --git a/3.2.51/1033_linux-3.2.34.patch b/3.2.52/1033_linux-3.2.34.patch |
791 |
similarity index 100% |
792 |
rename from 3.2.51/1033_linux-3.2.34.patch |
793 |
rename to 3.2.52/1033_linux-3.2.34.patch |
794 |
|
795 |
diff --git a/3.2.51/1034_linux-3.2.35.patch b/3.2.52/1034_linux-3.2.35.patch |
796 |
similarity index 100% |
797 |
rename from 3.2.51/1034_linux-3.2.35.patch |
798 |
rename to 3.2.52/1034_linux-3.2.35.patch |
799 |
|
800 |
diff --git a/3.2.51/1035_linux-3.2.36.patch b/3.2.52/1035_linux-3.2.36.patch |
801 |
similarity index 100% |
802 |
rename from 3.2.51/1035_linux-3.2.36.patch |
803 |
rename to 3.2.52/1035_linux-3.2.36.patch |
804 |
|
805 |
diff --git a/3.2.51/1036_linux-3.2.37.patch b/3.2.52/1036_linux-3.2.37.patch |
806 |
similarity index 100% |
807 |
rename from 3.2.51/1036_linux-3.2.37.patch |
808 |
rename to 3.2.52/1036_linux-3.2.37.patch |
809 |
|
810 |
diff --git a/3.2.51/1037_linux-3.2.38.patch b/3.2.52/1037_linux-3.2.38.patch |
811 |
similarity index 100% |
812 |
rename from 3.2.51/1037_linux-3.2.38.patch |
813 |
rename to 3.2.52/1037_linux-3.2.38.patch |
814 |
|
815 |
diff --git a/3.2.51/1038_linux-3.2.39.patch b/3.2.52/1038_linux-3.2.39.patch |
816 |
similarity index 100% |
817 |
rename from 3.2.51/1038_linux-3.2.39.patch |
818 |
rename to 3.2.52/1038_linux-3.2.39.patch |
819 |
|
820 |
diff --git a/3.2.51/1039_linux-3.2.40.patch b/3.2.52/1039_linux-3.2.40.patch |
821 |
similarity index 100% |
822 |
rename from 3.2.51/1039_linux-3.2.40.patch |
823 |
rename to 3.2.52/1039_linux-3.2.40.patch |
824 |
|
825 |
diff --git a/3.2.51/1040_linux-3.2.41.patch b/3.2.52/1040_linux-3.2.41.patch |
826 |
similarity index 100% |
827 |
rename from 3.2.51/1040_linux-3.2.41.patch |
828 |
rename to 3.2.52/1040_linux-3.2.41.patch |
829 |
|
830 |
diff --git a/3.2.51/1041_linux-3.2.42.patch b/3.2.52/1041_linux-3.2.42.patch |
831 |
similarity index 100% |
832 |
rename from 3.2.51/1041_linux-3.2.42.patch |
833 |
rename to 3.2.52/1041_linux-3.2.42.patch |
834 |
|
835 |
diff --git a/3.2.51/1042_linux-3.2.43.patch b/3.2.52/1042_linux-3.2.43.patch |
836 |
similarity index 100% |
837 |
rename from 3.2.51/1042_linux-3.2.43.patch |
838 |
rename to 3.2.52/1042_linux-3.2.43.patch |
839 |
|
840 |
diff --git a/3.2.51/1043_linux-3.2.44.patch b/3.2.52/1043_linux-3.2.44.patch |
841 |
similarity index 100% |
842 |
rename from 3.2.51/1043_linux-3.2.44.patch |
843 |
rename to 3.2.52/1043_linux-3.2.44.patch |
844 |
|
845 |
diff --git a/3.2.51/1044_linux-3.2.45.patch b/3.2.52/1044_linux-3.2.45.patch |
846 |
similarity index 100% |
847 |
rename from 3.2.51/1044_linux-3.2.45.patch |
848 |
rename to 3.2.52/1044_linux-3.2.45.patch |
849 |
|
850 |
diff --git a/3.2.51/1045_linux-3.2.46.patch b/3.2.52/1045_linux-3.2.46.patch |
851 |
similarity index 100% |
852 |
rename from 3.2.51/1045_linux-3.2.46.patch |
853 |
rename to 3.2.52/1045_linux-3.2.46.patch |
854 |
|
855 |
diff --git a/3.2.51/1046_linux-3.2.47.patch b/3.2.52/1046_linux-3.2.47.patch |
856 |
similarity index 100% |
857 |
rename from 3.2.51/1046_linux-3.2.47.patch |
858 |
rename to 3.2.52/1046_linux-3.2.47.patch |
859 |
|
860 |
diff --git a/3.2.51/1047_linux-3.2.48.patch b/3.2.52/1047_linux-3.2.48.patch |
861 |
similarity index 100% |
862 |
rename from 3.2.51/1047_linux-3.2.48.patch |
863 |
rename to 3.2.52/1047_linux-3.2.48.patch |
864 |
|
865 |
diff --git a/3.2.51/1048_linux-3.2.49.patch b/3.2.52/1048_linux-3.2.49.patch |
866 |
similarity index 100% |
867 |
rename from 3.2.51/1048_linux-3.2.49.patch |
868 |
rename to 3.2.52/1048_linux-3.2.49.patch |
869 |
|
870 |
diff --git a/3.2.51/1049_linux-3.2.50.patch b/3.2.52/1049_linux-3.2.50.patch |
871 |
similarity index 100% |
872 |
rename from 3.2.51/1049_linux-3.2.50.patch |
873 |
rename to 3.2.52/1049_linux-3.2.50.patch |
874 |
|
875 |
diff --git a/3.2.51/1050_linux-3.2.51.patch b/3.2.52/1050_linux-3.2.51.patch |
876 |
similarity index 100% |
877 |
rename from 3.2.51/1050_linux-3.2.51.patch |
878 |
rename to 3.2.52/1050_linux-3.2.51.patch |
879 |
|
880 |
diff --git a/3.2.52/1051_linux-3.2.52.patch b/3.2.52/1051_linux-3.2.52.patch |
881 |
new file mode 100644 |
882 |
index 0000000..94b9359 |
883 |
--- /dev/null |
884 |
+++ b/3.2.52/1051_linux-3.2.52.patch |
885 |
@@ -0,0 +1,5221 @@ |
886 |
+diff --git a/Makefile b/Makefile |
887 |
+index 0f11936..1dd2c09 100644 |
888 |
+--- a/Makefile |
889 |
++++ b/Makefile |
890 |
+@@ -1,6 +1,6 @@ |
891 |
+ VERSION = 3 |
892 |
+ PATCHLEVEL = 2 |
893 |
+-SUBLEVEL = 51 |
894 |
++SUBLEVEL = 52 |
895 |
+ EXTRAVERSION = |
896 |
+ NAME = Saber-toothed Squirrel |
897 |
+ |
898 |
+diff --git a/arch/arm/mach-versatile/pci.c b/arch/arm/mach-versatile/pci.c |
899 |
+index c898deb..189ed00 100644 |
900 |
+--- a/arch/arm/mach-versatile/pci.c |
901 |
++++ b/arch/arm/mach-versatile/pci.c |
902 |
+@@ -43,9 +43,9 @@ |
903 |
+ #define PCI_IMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x0) |
904 |
+ #define PCI_IMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x4) |
905 |
+ #define PCI_IMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x8) |
906 |
+-#define PCI_SMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x10) |
907 |
+-#define PCI_SMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x14) |
908 |
+-#define PCI_SMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x18) |
909 |
++#define PCI_SMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x14) |
910 |
++#define PCI_SMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x18) |
911 |
++#define PCI_SMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x1c) |
912 |
+ #define PCI_SELFID __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0xc) |
913 |
+ |
914 |
+ #define DEVICE_ID_OFFSET 0x00 |
915 |
+diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c |
916 |
+index fbdd12e..cc3f35d 100644 |
917 |
+--- a/arch/arm/mm/init.c |
918 |
++++ b/arch/arm/mm/init.c |
919 |
+@@ -98,6 +98,9 @@ void show_mem(unsigned int filter) |
920 |
+ printk("Mem-info:\n"); |
921 |
+ show_free_areas(filter); |
922 |
+ |
923 |
++ if (filter & SHOW_MEM_FILTER_PAGE_COUNT) |
924 |
++ return; |
925 |
++ |
926 |
+ for_each_bank (i, mi) { |
927 |
+ struct membank *bank = &mi->bank[i]; |
928 |
+ unsigned int pfn1, pfn2; |
929 |
+diff --git a/arch/ia64/mm/contig.c b/arch/ia64/mm/contig.c |
930 |
+index f114a3b..ce6e7a8 100644 |
931 |
+--- a/arch/ia64/mm/contig.c |
932 |
++++ b/arch/ia64/mm/contig.c |
933 |
+@@ -46,6 +46,8 @@ void show_mem(unsigned int filter) |
934 |
+ printk(KERN_INFO "Mem-info:\n"); |
935 |
+ show_free_areas(filter); |
936 |
+ printk(KERN_INFO "Node memory in pages:\n"); |
937 |
++ if (filter & SHOW_MEM_FILTER_PAGE_COUNT) |
938 |
++ return; |
939 |
+ for_each_online_pgdat(pgdat) { |
940 |
+ unsigned long present; |
941 |
+ unsigned long flags; |
942 |
+diff --git a/arch/ia64/mm/discontig.c b/arch/ia64/mm/discontig.c |
943 |
+index c641333..2230817 100644 |
944 |
+--- a/arch/ia64/mm/discontig.c |
945 |
++++ b/arch/ia64/mm/discontig.c |
946 |
+@@ -623,6 +623,8 @@ void show_mem(unsigned int filter) |
947 |
+ |
948 |
+ printk(KERN_INFO "Mem-info:\n"); |
949 |
+ show_free_areas(filter); |
950 |
++ if (filter & SHOW_MEM_FILTER_PAGE_COUNT) |
951 |
++ return; |
952 |
+ printk(KERN_INFO "Node memory in pages:\n"); |
953 |
+ for_each_online_pgdat(pgdat) { |
954 |
+ unsigned long present; |
955 |
+diff --git a/arch/m68k/kernel/vmlinux-nommu.lds b/arch/m68k/kernel/vmlinux-nommu.lds |
956 |
+new file mode 100644 |
957 |
+index 0000000..40e02d9 |
958 |
+--- /dev/null |
959 |
++++ b/arch/m68k/kernel/vmlinux-nommu.lds |
960 |
+@@ -0,0 +1,93 @@ |
961 |
++/* |
962 |
++ * vmlinux.lds.S -- master linker script for m68knommu arch |
963 |
++ * |
964 |
++ * (C) Copyright 2002-2012, Greg Ungerer <gerg@××××××××.com> |
965 |
++ * |
966 |
++ * This linker script is equipped to build either ROM loaded or RAM |
967 |
++ * run kernels. |
968 |
++ */ |
969 |
++ |
970 |
++#if defined(CONFIG_RAMKERNEL) |
971 |
++#define KTEXT_ADDR CONFIG_KERNELBASE |
972 |
++#endif |
973 |
++#if defined(CONFIG_ROMKERNEL) |
974 |
++#define KTEXT_ADDR CONFIG_ROMSTART |
975 |
++#define KDATA_ADDR CONFIG_KERNELBASE |
976 |
++#define LOAD_OFFSET KDATA_ADDR + (ADDR(.text) + SIZEOF(.text)) |
977 |
++#endif |
978 |
++ |
979 |
++#include <asm/page.h> |
980 |
++#include <asm/thread_info.h> |
981 |
++#include <asm-generic/vmlinux.lds.h> |
982 |
++ |
983 |
++OUTPUT_ARCH(m68k) |
984 |
++ENTRY(_start) |
985 |
++ |
986 |
++jiffies = jiffies_64 + 4; |
987 |
++ |
988 |
++SECTIONS { |
989 |
++ |
990 |
++#ifdef CONFIG_ROMVEC |
991 |
++ . = CONFIG_ROMVEC; |
992 |
++ .romvec : { |
993 |
++ __rom_start = .; |
994 |
++ _romvec = .; |
995 |
++ *(.romvec) |
996 |
++ *(.data..initvect) |
997 |
++ } |
998 |
++#endif |
999 |
++ |
1000 |
++ . = KTEXT_ADDR; |
1001 |
++ |
1002 |
++ _text = .; |
1003 |
++ _stext = .; |
1004 |
++ .text : { |
1005 |
++ HEAD_TEXT |
1006 |
++ TEXT_TEXT |
1007 |
++ SCHED_TEXT |
1008 |
++ LOCK_TEXT |
1009 |
++ *(.fixup) |
1010 |
++ . = ALIGN(16); |
1011 |
++ } |
1012 |
++ _etext = .; |
1013 |
++ |
1014 |
++#ifdef KDATA_ADDR |
1015 |
++ . = KDATA_ADDR; |
1016 |
++#endif |
1017 |
++ |
1018 |
++ _sdata = .; |
1019 |
++ RO_DATA_SECTION(PAGE_SIZE) |
1020 |
++ RW_DATA_SECTION(16, PAGE_SIZE, THREAD_SIZE) |
1021 |
++ _edata = .; |
1022 |
++ |
1023 |
++ EXCEPTION_TABLE(16) |
1024 |
++ NOTES |
1025 |
++ |
1026 |
++ . = ALIGN(PAGE_SIZE); |
1027 |
++ __init_begin = .; |
1028 |
++ INIT_TEXT_SECTION(PAGE_SIZE) |
1029 |
++ INIT_DATA_SECTION(16) |
1030 |
++ PERCPU_SECTION(16) |
1031 |
++ .m68k_fixup : { |
1032 |
++ __start_fixup = .; |
1033 |
++ *(.m68k_fixup) |
1034 |
++ __stop_fixup = .; |
1035 |
++ } |
1036 |
++ .init.data : { |
1037 |
++ . = ALIGN(PAGE_SIZE); |
1038 |
++ __init_end = .; |
1039 |
++ } |
1040 |
++ |
1041 |
++ _sbss = .; |
1042 |
++ BSS_SECTION(0, 0, 0) |
1043 |
++ _ebss = .; |
1044 |
++ |
1045 |
++ _end = .; |
1046 |
++ |
1047 |
++ STABS_DEBUG |
1048 |
++ .comment 0 : { *(.comment) } |
1049 |
++ |
1050 |
++ /* Sections to be discarded */ |
1051 |
++ DISCARDS |
1052 |
++} |
1053 |
++ |
1054 |
+diff --git a/arch/m68k/kernel/vmlinux.lds.S b/arch/m68k/kernel/vmlinux.lds.S |
1055 |
+index 030dabf..69ec796 100644 |
1056 |
+--- a/arch/m68k/kernel/vmlinux.lds.S |
1057 |
++++ b/arch/m68k/kernel/vmlinux.lds.S |
1058 |
+@@ -1,5 +1,14 @@ |
1059 |
+-#ifdef CONFIG_MMU |
1060 |
+-#include "vmlinux.lds_mm.S" |
1061 |
++#if defined(CONFIG_MMU) && !defined(CONFIG_COLDFIRE) |
1062 |
++PHDRS |
1063 |
++{ |
1064 |
++ text PT_LOAD FILEHDR PHDRS FLAGS (7); |
1065 |
++ data PT_LOAD FLAGS (7); |
1066 |
++} |
1067 |
++#ifdef CONFIG_SUN3 |
1068 |
++#include "vmlinux-sun3.lds" |
1069 |
+ #else |
1070 |
+-#include "vmlinux.lds_no.S" |
1071 |
++#include "vmlinux-std.lds" |
1072 |
++#endif |
1073 |
++#else |
1074 |
++#include "vmlinux-nommu.lds" |
1075 |
+ #endif |
1076 |
+diff --git a/arch/m68k/kernel/vmlinux.lds_mm.S b/arch/m68k/kernel/vmlinux.lds_mm.S |
1077 |
+deleted file mode 100644 |
1078 |
+index 99ba315..0000000 |
1079 |
+--- a/arch/m68k/kernel/vmlinux.lds_mm.S |
1080 |
++++ /dev/null |
1081 |
+@@ -1,10 +0,0 @@ |
1082 |
+-PHDRS |
1083 |
+-{ |
1084 |
+- text PT_LOAD FILEHDR PHDRS FLAGS (7); |
1085 |
+- data PT_LOAD FLAGS (7); |
1086 |
+-} |
1087 |
+-#ifdef CONFIG_SUN3 |
1088 |
+-#include "vmlinux-sun3.lds" |
1089 |
+-#else |
1090 |
+-#include "vmlinux-std.lds" |
1091 |
+-#endif |
1092 |
+diff --git a/arch/m68k/kernel/vmlinux.lds_no.S b/arch/m68k/kernel/vmlinux.lds_no.S |
1093 |
+deleted file mode 100644 |
1094 |
+index 4e23893..0000000 |
1095 |
+--- a/arch/m68k/kernel/vmlinux.lds_no.S |
1096 |
++++ /dev/null |
1097 |
+@@ -1,187 +0,0 @@ |
1098 |
+-/* |
1099 |
+- * vmlinux.lds.S -- master linker script for m68knommu arch |
1100 |
+- * |
1101 |
+- * (C) Copyright 2002-2006, Greg Ungerer <gerg@××××××××.com> |
1102 |
+- * |
1103 |
+- * This linker script is equipped to build either ROM loaded or RAM |
1104 |
+- * run kernels. |
1105 |
+- */ |
1106 |
+- |
1107 |
+-#include <asm-generic/vmlinux.lds.h> |
1108 |
+-#include <asm/page.h> |
1109 |
+-#include <asm/thread_info.h> |
1110 |
+- |
1111 |
+-#if defined(CONFIG_RAMKERNEL) |
1112 |
+-#define RAM_START CONFIG_KERNELBASE |
1113 |
+-#define RAM_LENGTH (CONFIG_RAMBASE + CONFIG_RAMSIZE - CONFIG_KERNELBASE) |
1114 |
+-#define TEXT ram |
1115 |
+-#define DATA ram |
1116 |
+-#define INIT ram |
1117 |
+-#define BSSS ram |
1118 |
+-#endif |
1119 |
+-#if defined(CONFIG_ROMKERNEL) || defined(CONFIG_HIMEMKERNEL) |
1120 |
+-#define RAM_START CONFIG_RAMBASE |
1121 |
+-#define RAM_LENGTH CONFIG_RAMSIZE |
1122 |
+-#define ROMVEC_START CONFIG_ROMVEC |
1123 |
+-#define ROMVEC_LENGTH CONFIG_ROMVECSIZE |
1124 |
+-#define ROM_START CONFIG_ROMSTART |
1125 |
+-#define ROM_LENGTH CONFIG_ROMSIZE |
1126 |
+-#define TEXT rom |
1127 |
+-#define DATA ram |
1128 |
+-#define INIT ram |
1129 |
+-#define BSSS ram |
1130 |
+-#endif |
1131 |
+- |
1132 |
+-#ifndef DATA_ADDR |
1133 |
+-#define DATA_ADDR |
1134 |
+-#endif |
1135 |
+- |
1136 |
+- |
1137 |
+-OUTPUT_ARCH(m68k) |
1138 |
+-ENTRY(_start) |
1139 |
+- |
1140 |
+-MEMORY { |
1141 |
+- ram : ORIGIN = RAM_START, LENGTH = RAM_LENGTH |
1142 |
+-#ifdef ROM_START |
1143 |
+- romvec : ORIGIN = ROMVEC_START, LENGTH = ROMVEC_LENGTH |
1144 |
+- rom : ORIGIN = ROM_START, LENGTH = ROM_LENGTH |
1145 |
+-#endif |
1146 |
+-} |
1147 |
+- |
1148 |
+-jiffies = jiffies_64 + 4; |
1149 |
+- |
1150 |
+-SECTIONS { |
1151 |
+- |
1152 |
+-#ifdef ROMVEC_START |
1153 |
+- . = ROMVEC_START ; |
1154 |
+- .romvec : { |
1155 |
+- __rom_start = . ; |
1156 |
+- _romvec = .; |
1157 |
+- *(.data..initvect) |
1158 |
+- } > romvec |
1159 |
+-#endif |
1160 |
+- |
1161 |
+- .text : { |
1162 |
+- _text = .; |
1163 |
+- _stext = . ; |
1164 |
+- HEAD_TEXT |
1165 |
+- TEXT_TEXT |
1166 |
+- SCHED_TEXT |
1167 |
+- LOCK_TEXT |
1168 |
+- *(.text..lock) |
1169 |
+- |
1170 |
+- . = ALIGN(16); /* Exception table */ |
1171 |
+- __start___ex_table = .; |
1172 |
+- *(__ex_table) |
1173 |
+- __stop___ex_table = .; |
1174 |
+- |
1175 |
+- *(.rodata) *(.rodata.*) |
1176 |
+- *(__vermagic) /* Kernel version magic */ |
1177 |
+- *(.rodata1) |
1178 |
+- *(.rodata.str1.1) |
1179 |
+- |
1180 |
+- /* Kernel symbol table: Normal symbols */ |
1181 |
+- . = ALIGN(4); |
1182 |
+- __start___ksymtab = .; |
1183 |
+- *(SORT(___ksymtab+*)) |
1184 |
+- __stop___ksymtab = .; |
1185 |
+- |
1186 |
+- /* Kernel symbol table: GPL-only symbols */ |
1187 |
+- __start___ksymtab_gpl = .; |
1188 |
+- *(SORT(___ksymtab_gpl+*)) |
1189 |
+- __stop___ksymtab_gpl = .; |
1190 |
+- |
1191 |
+- /* Kernel symbol table: Normal unused symbols */ |
1192 |
+- __start___ksymtab_unused = .; |
1193 |
+- *(SORT(___ksymtab_unused+*)) |
1194 |
+- __stop___ksymtab_unused = .; |
1195 |
+- |
1196 |
+- /* Kernel symbol table: GPL-only unused symbols */ |
1197 |
+- __start___ksymtab_unused_gpl = .; |
1198 |
+- *(SORT(___ksymtab_unused_gpl+*)) |
1199 |
+- __stop___ksymtab_unused_gpl = .; |
1200 |
+- |
1201 |
+- /* Kernel symbol table: GPL-future symbols */ |
1202 |
+- __start___ksymtab_gpl_future = .; |
1203 |
+- *(SORT(___ksymtab_gpl_future+*)) |
1204 |
+- __stop___ksymtab_gpl_future = .; |
1205 |
+- |
1206 |
+- /* Kernel symbol table: Normal symbols */ |
1207 |
+- __start___kcrctab = .; |
1208 |
+- *(SORT(___kcrctab+*)) |
1209 |
+- __stop___kcrctab = .; |
1210 |
+- |
1211 |
+- /* Kernel symbol table: GPL-only symbols */ |
1212 |
+- __start___kcrctab_gpl = .; |
1213 |
+- *(SORT(___kcrctab_gpl+*)) |
1214 |
+- __stop___kcrctab_gpl = .; |
1215 |
+- |
1216 |
+- /* Kernel symbol table: Normal unused symbols */ |
1217 |
+- __start___kcrctab_unused = .; |
1218 |
+- *(SORT(___kcrctab_unused+*)) |
1219 |
+- __stop___kcrctab_unused = .; |
1220 |
+- |
1221 |
+- /* Kernel symbol table: GPL-only unused symbols */ |
1222 |
+- __start___kcrctab_unused_gpl = .; |
1223 |
+- *(SORT(___kcrctab_unused_gpl+*)) |
1224 |
+- __stop___kcrctab_unused_gpl = .; |
1225 |
+- |
1226 |
+- /* Kernel symbol table: GPL-future symbols */ |
1227 |
+- __start___kcrctab_gpl_future = .; |
1228 |
+- *(SORT(___kcrctab_gpl_future+*)) |
1229 |
+- __stop___kcrctab_gpl_future = .; |
1230 |
+- |
1231 |
+- /* Kernel symbol table: strings */ |
1232 |
+- *(__ksymtab_strings) |
1233 |
+- |
1234 |
+- /* Built-in module parameters */ |
1235 |
+- . = ALIGN(4) ; |
1236 |
+- __start___param = .; |
1237 |
+- *(__param) |
1238 |
+- __stop___param = .; |
1239 |
+- |
1240 |
+- /* Built-in module versions */ |
1241 |
+- . = ALIGN(4) ; |
1242 |
+- __start___modver = .; |
1243 |
+- *(__modver) |
1244 |
+- __stop___modver = .; |
1245 |
+- |
1246 |
+- . = ALIGN(4) ; |
1247 |
+- _etext = . ; |
1248 |
+- } > TEXT |
1249 |
+- |
1250 |
+- .data DATA_ADDR : { |
1251 |
+- . = ALIGN(4); |
1252 |
+- _sdata = . ; |
1253 |
+- DATA_DATA |
1254 |
+- CACHELINE_ALIGNED_DATA(32) |
1255 |
+- PAGE_ALIGNED_DATA(PAGE_SIZE) |
1256 |
+- *(.data..shared_aligned) |
1257 |
+- INIT_TASK_DATA(THREAD_SIZE) |
1258 |
+- _edata = . ; |
1259 |
+- } > DATA |
1260 |
+- |
1261 |
+- .init.text : { |
1262 |
+- . = ALIGN(PAGE_SIZE); |
1263 |
+- __init_begin = .; |
1264 |
+- } > INIT |
1265 |
+- INIT_TEXT_SECTION(PAGE_SIZE) > INIT |
1266 |
+- INIT_DATA_SECTION(16) > INIT |
1267 |
+- .init.data : { |
1268 |
+- . = ALIGN(PAGE_SIZE); |
1269 |
+- __init_end = .; |
1270 |
+- } > INIT |
1271 |
+- |
1272 |
+- .bss : { |
1273 |
+- . = ALIGN(4); |
1274 |
+- _sbss = . ; |
1275 |
+- *(.bss) |
1276 |
+- *(COMMON) |
1277 |
+- . = ALIGN(4) ; |
1278 |
+- _ebss = . ; |
1279 |
+- _end = . ; |
1280 |
+- } > BSSS |
1281 |
+- |
1282 |
+- DISCARDS |
1283 |
+-} |
1284 |
+- |
1285 |
+diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c |
1286 |
+index 82f364e..0b62162 100644 |
1287 |
+--- a/arch/parisc/mm/init.c |
1288 |
++++ b/arch/parisc/mm/init.c |
1289 |
+@@ -685,6 +685,8 @@ void show_mem(unsigned int filter) |
1290 |
+ |
1291 |
+ printk(KERN_INFO "Mem-info:\n"); |
1292 |
+ show_free_areas(filter); |
1293 |
++ if (filter & SHOW_MEM_FILTER_PAGE_COUNT) |
1294 |
++ return; |
1295 |
+ #ifndef CONFIG_DISCONTIGMEM |
1296 |
+ i = max_mapnr; |
1297 |
+ while (i-- > 0) { |
1298 |
+diff --git a/arch/powerpc/kernel/align.c b/arch/powerpc/kernel/align.c |
1299 |
+index 8184ee9..3fcbae0 100644 |
1300 |
+--- a/arch/powerpc/kernel/align.c |
1301 |
++++ b/arch/powerpc/kernel/align.c |
1302 |
+@@ -764,6 +764,16 @@ int fix_alignment(struct pt_regs *regs) |
1303 |
+ nb = aligninfo[instr].len; |
1304 |
+ flags = aligninfo[instr].flags; |
1305 |
+ |
1306 |
++ /* ldbrx/stdbrx overlap lfs/stfs in the DSISR unfortunately */ |
1307 |
++ if (IS_XFORM(instruction) && ((instruction >> 1) & 0x3ff) == 532) { |
1308 |
++ nb = 8; |
1309 |
++ flags = LD+SW; |
1310 |
++ } else if (IS_XFORM(instruction) && |
1311 |
++ ((instruction >> 1) & 0x3ff) == 660) { |
1312 |
++ nb = 8; |
1313 |
++ flags = ST+SW; |
1314 |
++ } |
1315 |
++ |
1316 |
+ /* Byteswap little endian loads and stores */ |
1317 |
+ swiz = 0; |
1318 |
+ if (regs->msr & MSR_LE) { |
1319 |
+diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c |
1320 |
+index 0cfcf98..d0b205c 100644 |
1321 |
+--- a/arch/powerpc/kernel/iommu.c |
1322 |
++++ b/arch/powerpc/kernel/iommu.c |
1323 |
+@@ -495,7 +495,7 @@ struct iommu_table *iommu_init_table(struct iommu_table *tbl, int nid) |
1324 |
+ /* number of bytes needed for the bitmap */ |
1325 |
+ sz = (tbl->it_size + 7) >> 3; |
1326 |
+ |
1327 |
+- page = alloc_pages_node(nid, GFP_ATOMIC, get_order(sz)); |
1328 |
++ page = alloc_pages_node(nid, GFP_KERNEL, get_order(sz)); |
1329 |
+ if (!page) |
1330 |
+ panic("iommu_init_table: Can't allocate %ld bytes\n", sz); |
1331 |
+ tbl->it_map = page_address(page); |
1332 |
+diff --git a/arch/powerpc/kernel/lparcfg.c b/arch/powerpc/kernel/lparcfg.c |
1333 |
+index 826681d..26af24b 100644 |
1334 |
+--- a/arch/powerpc/kernel/lparcfg.c |
1335 |
++++ b/arch/powerpc/kernel/lparcfg.c |
1336 |
+@@ -375,6 +375,7 @@ static void parse_system_parameter_string(struct seq_file *m) |
1337 |
+ __pa(rtas_data_buf), |
1338 |
+ RTAS_DATA_BUF_SIZE); |
1339 |
+ memcpy(local_buffer, rtas_data_buf, SPLPAR_MAXLENGTH); |
1340 |
++ local_buffer[SPLPAR_MAXLENGTH - 1] = '\0'; |
1341 |
+ spin_unlock(&rtas_data_buf_lock); |
1342 |
+ |
1343 |
+ if (call_status != 0) { |
1344 |
+diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c |
1345 |
+index 55be64d..ca683a1 100644 |
1346 |
+--- a/arch/powerpc/kernel/sysfs.c |
1347 |
++++ b/arch/powerpc/kernel/sysfs.c |
1348 |
+@@ -18,6 +18,7 @@ |
1349 |
+ #include <asm/machdep.h> |
1350 |
+ #include <asm/smp.h> |
1351 |
+ #include <asm/pmc.h> |
1352 |
++#include <asm/firmware.h> |
1353 |
+ |
1354 |
+ #include "cacheinfo.h" |
1355 |
+ |
1356 |
+@@ -178,14 +179,24 @@ SYSFS_PMCSETUP(purr, SPRN_PURR); |
1357 |
+ SYSFS_PMCSETUP(spurr, SPRN_SPURR); |
1358 |
+ SYSFS_PMCSETUP(dscr, SPRN_DSCR); |
1359 |
+ |
1360 |
++/* |
1361 |
++ Lets only enable read for phyp resources and |
1362 |
++ enable write when needed with a separate function. |
1363 |
++ Lets be conservative and default to pseries. |
1364 |
++*/ |
1365 |
+ static SYSDEV_ATTR(mmcra, 0600, show_mmcra, store_mmcra); |
1366 |
+ static SYSDEV_ATTR(spurr, 0600, show_spurr, NULL); |
1367 |
+ static SYSDEV_ATTR(dscr, 0600, show_dscr, store_dscr); |
1368 |
+-static SYSDEV_ATTR(purr, 0600, show_purr, store_purr); |
1369 |
++static SYSDEV_ATTR(purr, 0400, show_purr, store_purr); |
1370 |
+ |
1371 |
+ unsigned long dscr_default = 0; |
1372 |
+ EXPORT_SYMBOL(dscr_default); |
1373 |
+ |
1374 |
++static void add_write_permission_dev_attr(struct sysdev_attribute *attr) |
1375 |
++{ |
1376 |
++ attr->attr.mode |= 0200; |
1377 |
++} |
1378 |
++ |
1379 |
+ static ssize_t show_dscr_default(struct sysdev_class *class, |
1380 |
+ struct sysdev_class_attribute *attr, char *buf) |
1381 |
+ { |
1382 |
+@@ -394,8 +405,11 @@ static void __cpuinit register_cpu_online(unsigned int cpu) |
1383 |
+ if (cpu_has_feature(CPU_FTR_MMCRA)) |
1384 |
+ sysdev_create_file(s, &attr_mmcra); |
1385 |
+ |
1386 |
+- if (cpu_has_feature(CPU_FTR_PURR)) |
1387 |
++ if (cpu_has_feature(CPU_FTR_PURR)) { |
1388 |
++ if (!firmware_has_feature(FW_FEATURE_LPAR)) |
1389 |
++ add_write_permission_dev_attr(&attr_purr); |
1390 |
+ sysdev_create_file(s, &attr_purr); |
1391 |
++ } |
1392 |
+ |
1393 |
+ if (cpu_has_feature(CPU_FTR_SPURR)) |
1394 |
+ sysdev_create_file(s, &attr_spurr); |
1395 |
+diff --git a/arch/powerpc/lib/checksum_64.S b/arch/powerpc/lib/checksum_64.S |
1396 |
+index 18245af..3cdbc64 100644 |
1397 |
+--- a/arch/powerpc/lib/checksum_64.S |
1398 |
++++ b/arch/powerpc/lib/checksum_64.S |
1399 |
+@@ -229,19 +229,35 @@ _GLOBAL(csum_partial) |
1400 |
+ blr |
1401 |
+ |
1402 |
+ |
1403 |
+- .macro source |
1404 |
++ .macro srcnr |
1405 |
+ 100: |
1406 |
+ .section __ex_table,"a" |
1407 |
+ .align 3 |
1408 |
+- .llong 100b,.Lsrc_error |
1409 |
++ .llong 100b,.Lsrc_error_nr |
1410 |
+ .previous |
1411 |
+ .endm |
1412 |
+ |
1413 |
+- .macro dest |
1414 |
++ .macro source |
1415 |
++150: |
1416 |
++ .section __ex_table,"a" |
1417 |
++ .align 3 |
1418 |
++ .llong 150b,.Lsrc_error |
1419 |
++ .previous |
1420 |
++ .endm |
1421 |
++ |
1422 |
++ .macro dstnr |
1423 |
+ 200: |
1424 |
+ .section __ex_table,"a" |
1425 |
+ .align 3 |
1426 |
+- .llong 200b,.Ldest_error |
1427 |
++ .llong 200b,.Ldest_error_nr |
1428 |
++ .previous |
1429 |
++ .endm |
1430 |
++ |
1431 |
++ .macro dest |
1432 |
++250: |
1433 |
++ .section __ex_table,"a" |
1434 |
++ .align 3 |
1435 |
++ .llong 250b,.Ldest_error |
1436 |
+ .previous |
1437 |
+ .endm |
1438 |
+ |
1439 |
+@@ -272,16 +288,16 @@ _GLOBAL(csum_partial_copy_generic) |
1440 |
+ rldicl. r6,r3,64-1,64-2 /* r6 = (r3 & 0x3) >> 1 */ |
1441 |
+ beq .Lcopy_aligned |
1442 |
+ |
1443 |
+- li r7,4 |
1444 |
+- sub r6,r7,r6 |
1445 |
++ li r9,4 |
1446 |
++ sub r6,r9,r6 |
1447 |
+ mtctr r6 |
1448 |
+ |
1449 |
+ 1: |
1450 |
+-source; lhz r6,0(r3) /* align to doubleword */ |
1451 |
++srcnr; lhz r6,0(r3) /* align to doubleword */ |
1452 |
+ subi r5,r5,2 |
1453 |
+ addi r3,r3,2 |
1454 |
+ adde r0,r0,r6 |
1455 |
+-dest; sth r6,0(r4) |
1456 |
++dstnr; sth r6,0(r4) |
1457 |
+ addi r4,r4,2 |
1458 |
+ bdnz 1b |
1459 |
+ |
1460 |
+@@ -395,10 +411,10 @@ dest; std r16,56(r4) |
1461 |
+ |
1462 |
+ mtctr r6 |
1463 |
+ 3: |
1464 |
+-source; ld r6,0(r3) |
1465 |
++srcnr; ld r6,0(r3) |
1466 |
+ addi r3,r3,8 |
1467 |
+ adde r0,r0,r6 |
1468 |
+-dest; std r6,0(r4) |
1469 |
++dstnr; std r6,0(r4) |
1470 |
+ addi r4,r4,8 |
1471 |
+ bdnz 3b |
1472 |
+ |
1473 |
+@@ -408,10 +424,10 @@ dest; std r6,0(r4) |
1474 |
+ srdi. r6,r5,2 |
1475 |
+ beq .Lcopy_tail_halfword |
1476 |
+ |
1477 |
+-source; lwz r6,0(r3) |
1478 |
++srcnr; lwz r6,0(r3) |
1479 |
+ addi r3,r3,4 |
1480 |
+ adde r0,r0,r6 |
1481 |
+-dest; stw r6,0(r4) |
1482 |
++dstnr; stw r6,0(r4) |
1483 |
+ addi r4,r4,4 |
1484 |
+ subi r5,r5,4 |
1485 |
+ |
1486 |
+@@ -419,10 +435,10 @@ dest; stw r6,0(r4) |
1487 |
+ srdi. r6,r5,1 |
1488 |
+ beq .Lcopy_tail_byte |
1489 |
+ |
1490 |
+-source; lhz r6,0(r3) |
1491 |
++srcnr; lhz r6,0(r3) |
1492 |
+ addi r3,r3,2 |
1493 |
+ adde r0,r0,r6 |
1494 |
+-dest; sth r6,0(r4) |
1495 |
++dstnr; sth r6,0(r4) |
1496 |
+ addi r4,r4,2 |
1497 |
+ subi r5,r5,2 |
1498 |
+ |
1499 |
+@@ -430,10 +446,10 @@ dest; sth r6,0(r4) |
1500 |
+ andi. r6,r5,1 |
1501 |
+ beq .Lcopy_finish |
1502 |
+ |
1503 |
+-source; lbz r6,0(r3) |
1504 |
++srcnr; lbz r6,0(r3) |
1505 |
+ sldi r9,r6,8 /* Pad the byte out to 16 bits */ |
1506 |
+ adde r0,r0,r9 |
1507 |
+-dest; stb r6,0(r4) |
1508 |
++dstnr; stb r6,0(r4) |
1509 |
+ |
1510 |
+ .Lcopy_finish: |
1511 |
+ addze r0,r0 /* add in final carry */ |
1512 |
+@@ -443,6 +459,11 @@ dest; stb r6,0(r4) |
1513 |
+ blr |
1514 |
+ |
1515 |
+ .Lsrc_error: |
1516 |
++ ld r14,STK_REG(r14)(r1) |
1517 |
++ ld r15,STK_REG(r15)(r1) |
1518 |
++ ld r16,STK_REG(r16)(r1) |
1519 |
++ addi r1,r1,STACKFRAMESIZE |
1520 |
++.Lsrc_error_nr: |
1521 |
+ cmpdi 0,r7,0 |
1522 |
+ beqlr |
1523 |
+ li r6,-EFAULT |
1524 |
+@@ -450,6 +471,11 @@ dest; stb r6,0(r4) |
1525 |
+ blr |
1526 |
+ |
1527 |
+ .Ldest_error: |
1528 |
++ ld r14,STK_REG(r14)(r1) |
1529 |
++ ld r15,STK_REG(r15)(r1) |
1530 |
++ ld r16,STK_REG(r16)(r1) |
1531 |
++ addi r1,r1,STACKFRAMESIZE |
1532 |
++.Ldest_error_nr: |
1533 |
+ cmpdi 0,r8,0 |
1534 |
+ beqlr |
1535 |
+ li r6,-EFAULT |
1536 |
+diff --git a/arch/sparc/kernel/entry.S b/arch/sparc/kernel/entry.S |
1537 |
+index f445e98..cfabc3d 100644 |
1538 |
+--- a/arch/sparc/kernel/entry.S |
1539 |
++++ b/arch/sparc/kernel/entry.S |
1540 |
+@@ -1177,7 +1177,7 @@ sys_sigreturn: |
1541 |
+ nop |
1542 |
+ |
1543 |
+ call syscall_trace |
1544 |
+- nop |
1545 |
++ mov 1, %o1 |
1546 |
+ |
1547 |
+ 1: |
1548 |
+ /* We don't want to muck with user registers like a |
1549 |
+diff --git a/arch/sparc/kernel/ktlb.S b/arch/sparc/kernel/ktlb.S |
1550 |
+index 79f3103..7c00735 100644 |
1551 |
+--- a/arch/sparc/kernel/ktlb.S |
1552 |
++++ b/arch/sparc/kernel/ktlb.S |
1553 |
+@@ -25,11 +25,10 @@ kvmap_itlb: |
1554 |
+ */ |
1555 |
+ kvmap_itlb_4v: |
1556 |
+ |
1557 |
+-kvmap_itlb_nonlinear: |
1558 |
+ /* Catch kernel NULL pointer calls. */ |
1559 |
+ sethi %hi(PAGE_SIZE), %g5 |
1560 |
+ cmp %g4, %g5 |
1561 |
+- bleu,pn %xcc, kvmap_dtlb_longpath |
1562 |
++ blu,pn %xcc, kvmap_itlb_longpath |
1563 |
+ nop |
1564 |
+ |
1565 |
+ KERN_TSB_LOOKUP_TL1(%g4, %g6, %g5, %g1, %g2, %g3, kvmap_itlb_load) |
1566 |
+diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S |
1567 |
+index 7f5f65d..817187d 100644 |
1568 |
+--- a/arch/sparc/kernel/syscalls.S |
1569 |
++++ b/arch/sparc/kernel/syscalls.S |
1570 |
+@@ -147,7 +147,7 @@ linux_syscall_trace32: |
1571 |
+ srl %i4, 0, %o4 |
1572 |
+ srl %i1, 0, %o1 |
1573 |
+ srl %i2, 0, %o2 |
1574 |
+- ba,pt %xcc, 2f |
1575 |
++ ba,pt %xcc, 5f |
1576 |
+ srl %i3, 0, %o3 |
1577 |
+ |
1578 |
+ linux_syscall_trace: |
1579 |
+@@ -177,13 +177,13 @@ linux_sparc_syscall32: |
1580 |
+ srl %i1, 0, %o1 ! IEU0 Group |
1581 |
+ ldx [%g6 + TI_FLAGS], %l0 ! Load |
1582 |
+ |
1583 |
+- srl %i5, 0, %o5 ! IEU1 |
1584 |
++ srl %i3, 0, %o3 ! IEU0 |
1585 |
+ srl %i2, 0, %o2 ! IEU0 Group |
1586 |
+ andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 |
1587 |
+ bne,pn %icc, linux_syscall_trace32 ! CTI |
1588 |
+ mov %i0, %l5 ! IEU1 |
1589 |
+- call %l7 ! CTI Group brk forced |
1590 |
+- srl %i3, 0, %o3 ! IEU0 |
1591 |
++5: call %l7 ! CTI Group brk forced |
1592 |
++ srl %i5, 0, %o5 ! IEU1 |
1593 |
+ ba,a,pt %xcc, 3f |
1594 |
+ |
1595 |
+ /* Linux native system calls enter here... */ |
1596 |
+diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S |
1597 |
+index da1b781..8fa84a3 100644 |
1598 |
+--- a/arch/sparc/kernel/trampoline_64.S |
1599 |
++++ b/arch/sparc/kernel/trampoline_64.S |
1600 |
+@@ -131,7 +131,6 @@ startup_continue: |
1601 |
+ clr %l5 |
1602 |
+ sethi %hi(num_kernel_image_mappings), %l6 |
1603 |
+ lduw [%l6 + %lo(num_kernel_image_mappings)], %l6 |
1604 |
+- add %l6, 1, %l6 |
1605 |
+ |
1606 |
+ mov 15, %l7 |
1607 |
+ BRANCH_IF_ANY_CHEETAH(g1,g5,2f) |
1608 |
+@@ -224,7 +223,6 @@ niagara_lock_tlb: |
1609 |
+ clr %l5 |
1610 |
+ sethi %hi(num_kernel_image_mappings), %l6 |
1611 |
+ lduw [%l6 + %lo(num_kernel_image_mappings)], %l6 |
1612 |
+- add %l6, 1, %l6 |
1613 |
+ |
1614 |
+ 1: |
1615 |
+ mov HV_FAST_MMU_MAP_PERM_ADDR, %o5 |
1616 |
+diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c |
1617 |
+index 1b30bb3..fbb8005 100644 |
1618 |
+--- a/arch/sparc/lib/ksyms.c |
1619 |
++++ b/arch/sparc/lib/ksyms.c |
1620 |
+@@ -131,15 +131,6 @@ EXPORT_SYMBOL(___copy_from_user); |
1621 |
+ EXPORT_SYMBOL(___copy_in_user); |
1622 |
+ EXPORT_SYMBOL(__clear_user); |
1623 |
+ |
1624 |
+-/* RW semaphores */ |
1625 |
+-EXPORT_SYMBOL(__down_read); |
1626 |
+-EXPORT_SYMBOL(__down_read_trylock); |
1627 |
+-EXPORT_SYMBOL(__down_write); |
1628 |
+-EXPORT_SYMBOL(__down_write_trylock); |
1629 |
+-EXPORT_SYMBOL(__up_read); |
1630 |
+-EXPORT_SYMBOL(__up_write); |
1631 |
+-EXPORT_SYMBOL(__downgrade_write); |
1632 |
+- |
1633 |
+ /* Atomic counter implementation. */ |
1634 |
+ EXPORT_SYMBOL(atomic_add); |
1635 |
+ EXPORT_SYMBOL(atomic_add_ret); |
1636 |
+diff --git a/arch/unicore32/mm/init.c b/arch/unicore32/mm/init.c |
1637 |
+index 3b379cd..d1af4ed 100644 |
1638 |
+--- a/arch/unicore32/mm/init.c |
1639 |
++++ b/arch/unicore32/mm/init.c |
1640 |
+@@ -65,6 +65,9 @@ void show_mem(unsigned int filter) |
1641 |
+ printk(KERN_DEFAULT "Mem-info:\n"); |
1642 |
+ show_free_areas(filter); |
1643 |
+ |
1644 |
++ if (filter & SHOW_MEM_FILTER_PAGE_COUNT) |
1645 |
++ return; |
1646 |
++ |
1647 |
+ for_each_bank(i, mi) { |
1648 |
+ struct membank *bank = &mi->bank[i]; |
1649 |
+ unsigned int pfn1, pfn2; |
1650 |
+diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c |
1651 |
+index 47f4e5f..a4e1b4b 100644 |
1652 |
+--- a/arch/x86/kernel/reboot.c |
1653 |
++++ b/arch/x86/kernel/reboot.c |
1654 |
+@@ -468,6 +468,22 @@ static struct dmi_system_id __initdata pci_reboot_dmi_table[] = { |
1655 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "Precision M6600"), |
1656 |
+ }, |
1657 |
+ }, |
1658 |
++ { /* Handle problems with rebooting on the Dell PowerEdge C6100. */ |
1659 |
++ .callback = set_pci_reboot, |
1660 |
++ .ident = "Dell PowerEdge C6100", |
1661 |
++ .matches = { |
1662 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), |
1663 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "C6100"), |
1664 |
++ }, |
1665 |
++ }, |
1666 |
++ { /* Some C6100 machines were shipped with vendor being 'Dell'. */ |
1667 |
++ .callback = set_pci_reboot, |
1668 |
++ .ident = "Dell PowerEdge C6100", |
1669 |
++ .matches = { |
1670 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Dell"), |
1671 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "C6100"), |
1672 |
++ }, |
1673 |
++ }, |
1674 |
+ { } |
1675 |
+ }; |
1676 |
+ |
1677 |
+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c |
1678 |
+index f9537e3..a18d20d 100644 |
1679 |
+--- a/arch/x86/platform/efi/efi.c |
1680 |
++++ b/arch/x86/platform/efi/efi.c |
1681 |
+@@ -703,10 +703,13 @@ void __init efi_enter_virtual_mode(void) |
1682 |
+ |
1683 |
+ for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) { |
1684 |
+ md = p; |
1685 |
+- if (!(md->attribute & EFI_MEMORY_RUNTIME) && |
1686 |
+- md->type != EFI_BOOT_SERVICES_CODE && |
1687 |
+- md->type != EFI_BOOT_SERVICES_DATA) |
1688 |
+- continue; |
1689 |
++ if (!(md->attribute & EFI_MEMORY_RUNTIME)) { |
1690 |
++#ifdef CONFIG_X86_64 |
1691 |
++ if (md->type != EFI_BOOT_SERVICES_CODE && |
1692 |
++ md->type != EFI_BOOT_SERVICES_DATA) |
1693 |
++#endif |
1694 |
++ continue; |
1695 |
++ } |
1696 |
+ |
1697 |
+ size = md->num_pages << EFI_PAGE_SHIFT; |
1698 |
+ end = md->phys_addr + size; |
1699 |
+diff --git a/crypto/api.c b/crypto/api.c |
1700 |
+index 033a714..cea3cf6 100644 |
1701 |
+--- a/crypto/api.c |
1702 |
++++ b/crypto/api.c |
1703 |
+@@ -34,6 +34,8 @@ EXPORT_SYMBOL_GPL(crypto_alg_sem); |
1704 |
+ BLOCKING_NOTIFIER_HEAD(crypto_chain); |
1705 |
+ EXPORT_SYMBOL_GPL(crypto_chain); |
1706 |
+ |
1707 |
++static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg); |
1708 |
++ |
1709 |
+ static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg) |
1710 |
+ { |
1711 |
+ atomic_inc(&alg->cra_refcnt); |
1712 |
+@@ -150,8 +152,11 @@ static struct crypto_alg *crypto_larval_add(const char *name, u32 type, |
1713 |
+ } |
1714 |
+ up_write(&crypto_alg_sem); |
1715 |
+ |
1716 |
+- if (alg != &larval->alg) |
1717 |
++ if (alg != &larval->alg) { |
1718 |
+ kfree(larval); |
1719 |
++ if (crypto_is_larval(alg)) |
1720 |
++ alg = crypto_larval_wait(alg); |
1721 |
++ } |
1722 |
+ |
1723 |
+ return alg; |
1724 |
+ } |
1725 |
+diff --git a/drivers/acpi/acpi_ipmi.c b/drivers/acpi/acpi_ipmi.c |
1726 |
+index f40acef..a6977e1 100644 |
1727 |
+--- a/drivers/acpi/acpi_ipmi.c |
1728 |
++++ b/drivers/acpi/acpi_ipmi.c |
1729 |
+@@ -39,6 +39,7 @@ |
1730 |
+ #include <linux/ipmi.h> |
1731 |
+ #include <linux/device.h> |
1732 |
+ #include <linux/pnp.h> |
1733 |
++#include <linux/spinlock.h> |
1734 |
+ |
1735 |
+ MODULE_AUTHOR("Zhao Yakui"); |
1736 |
+ MODULE_DESCRIPTION("ACPI IPMI Opregion driver"); |
1737 |
+@@ -57,7 +58,7 @@ struct acpi_ipmi_device { |
1738 |
+ struct list_head head; |
1739 |
+ /* the IPMI request message list */ |
1740 |
+ struct list_head tx_msg_list; |
1741 |
+- struct mutex tx_msg_lock; |
1742 |
++ spinlock_t tx_msg_lock; |
1743 |
+ acpi_handle handle; |
1744 |
+ struct pnp_dev *pnp_dev; |
1745 |
+ ipmi_user_t user_interface; |
1746 |
+@@ -147,6 +148,7 @@ static void acpi_format_ipmi_msg(struct acpi_ipmi_msg *tx_msg, |
1747 |
+ struct kernel_ipmi_msg *msg; |
1748 |
+ struct acpi_ipmi_buffer *buffer; |
1749 |
+ struct acpi_ipmi_device *device; |
1750 |
++ unsigned long flags; |
1751 |
+ |
1752 |
+ msg = &tx_msg->tx_message; |
1753 |
+ /* |
1754 |
+@@ -177,10 +179,10 @@ static void acpi_format_ipmi_msg(struct acpi_ipmi_msg *tx_msg, |
1755 |
+ |
1756 |
+ /* Get the msgid */ |
1757 |
+ device = tx_msg->device; |
1758 |
+- mutex_lock(&device->tx_msg_lock); |
1759 |
++ spin_lock_irqsave(&device->tx_msg_lock, flags); |
1760 |
+ device->curr_msgid++; |
1761 |
+ tx_msg->tx_msgid = device->curr_msgid; |
1762 |
+- mutex_unlock(&device->tx_msg_lock); |
1763 |
++ spin_unlock_irqrestore(&device->tx_msg_lock, flags); |
1764 |
+ } |
1765 |
+ |
1766 |
+ static void acpi_format_ipmi_response(struct acpi_ipmi_msg *msg, |
1767 |
+@@ -242,6 +244,7 @@ static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data) |
1768 |
+ int msg_found = 0; |
1769 |
+ struct acpi_ipmi_msg *tx_msg; |
1770 |
+ struct pnp_dev *pnp_dev = ipmi_device->pnp_dev; |
1771 |
++ unsigned long flags; |
1772 |
+ |
1773 |
+ if (msg->user != ipmi_device->user_interface) { |
1774 |
+ dev_warn(&pnp_dev->dev, "Unexpected response is returned. " |
1775 |
+@@ -250,7 +253,7 @@ static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data) |
1776 |
+ ipmi_free_recv_msg(msg); |
1777 |
+ return; |
1778 |
+ } |
1779 |
+- mutex_lock(&ipmi_device->tx_msg_lock); |
1780 |
++ spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); |
1781 |
+ list_for_each_entry(tx_msg, &ipmi_device->tx_msg_list, head) { |
1782 |
+ if (msg->msgid == tx_msg->tx_msgid) { |
1783 |
+ msg_found = 1; |
1784 |
+@@ -258,7 +261,7 @@ static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data) |
1785 |
+ } |
1786 |
+ } |
1787 |
+ |
1788 |
+- mutex_unlock(&ipmi_device->tx_msg_lock); |
1789 |
++ spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); |
1790 |
+ if (!msg_found) { |
1791 |
+ dev_warn(&pnp_dev->dev, "Unexpected response (msg id %ld) is " |
1792 |
+ "returned.\n", msg->msgid); |
1793 |
+@@ -378,6 +381,7 @@ acpi_ipmi_space_handler(u32 function, acpi_physical_address address, |
1794 |
+ struct acpi_ipmi_device *ipmi_device = handler_context; |
1795 |
+ int err, rem_time; |
1796 |
+ acpi_status status; |
1797 |
++ unsigned long flags; |
1798 |
+ /* |
1799 |
+ * IPMI opregion message. |
1800 |
+ * IPMI message is firstly written to the BMC and system software |
1801 |
+@@ -395,9 +399,9 @@ acpi_ipmi_space_handler(u32 function, acpi_physical_address address, |
1802 |
+ return AE_NO_MEMORY; |
1803 |
+ |
1804 |
+ acpi_format_ipmi_msg(tx_msg, address, value); |
1805 |
+- mutex_lock(&ipmi_device->tx_msg_lock); |
1806 |
++ spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); |
1807 |
+ list_add_tail(&tx_msg->head, &ipmi_device->tx_msg_list); |
1808 |
+- mutex_unlock(&ipmi_device->tx_msg_lock); |
1809 |
++ spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); |
1810 |
+ err = ipmi_request_settime(ipmi_device->user_interface, |
1811 |
+ &tx_msg->addr, |
1812 |
+ tx_msg->tx_msgid, |
1813 |
+@@ -413,9 +417,9 @@ acpi_ipmi_space_handler(u32 function, acpi_physical_address address, |
1814 |
+ status = AE_OK; |
1815 |
+ |
1816 |
+ end_label: |
1817 |
+- mutex_lock(&ipmi_device->tx_msg_lock); |
1818 |
++ spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); |
1819 |
+ list_del(&tx_msg->head); |
1820 |
+- mutex_unlock(&ipmi_device->tx_msg_lock); |
1821 |
++ spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); |
1822 |
+ kfree(tx_msg); |
1823 |
+ return status; |
1824 |
+ } |
1825 |
+@@ -457,7 +461,7 @@ static void acpi_add_ipmi_device(struct acpi_ipmi_device *ipmi_device) |
1826 |
+ |
1827 |
+ INIT_LIST_HEAD(&ipmi_device->head); |
1828 |
+ |
1829 |
+- mutex_init(&ipmi_device->tx_msg_lock); |
1830 |
++ spin_lock_init(&ipmi_device->tx_msg_lock); |
1831 |
+ INIT_LIST_HEAD(&ipmi_device->tx_msg_list); |
1832 |
+ ipmi_install_space_handler(ipmi_device); |
1833 |
+ |
1834 |
+diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c |
1835 |
+index 51de186..8176b82 100644 |
1836 |
+--- a/drivers/acpi/ec.c |
1837 |
++++ b/drivers/acpi/ec.c |
1838 |
+@@ -964,6 +964,10 @@ static struct dmi_system_id __initdata ec_dmi_table[] = { |
1839 |
+ ec_enlarge_storm_threshold, "CLEVO hardware", { |
1840 |
+ DMI_MATCH(DMI_SYS_VENDOR, "CLEVO Co."), |
1841 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "M720T/M730T"),}, NULL}, |
1842 |
++ { |
1843 |
++ ec_validate_ecdt, "ASUS hardware", { |
1844 |
++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTek Computer Inc."), |
1845 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "L4R"),}, NULL}, |
1846 |
+ {}, |
1847 |
+ }; |
1848 |
+ |
1849 |
+diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c |
1850 |
+index d3446f6..d7ad865 100644 |
1851 |
+--- a/drivers/block/cciss.c |
1852 |
++++ b/drivers/block/cciss.c |
1853 |
+@@ -1186,6 +1186,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, |
1854 |
+ int err; |
1855 |
+ u32 cp; |
1856 |
+ |
1857 |
++ memset(&arg64, 0, sizeof(arg64)); |
1858 |
+ err = 0; |
1859 |
+ err |= |
1860 |
+ copy_from_user(&arg64.LUN_info, &arg32->LUN_info, |
1861 |
+diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c |
1862 |
+index 9125bbe..504bc16 100644 |
1863 |
+--- a/drivers/block/cpqarray.c |
1864 |
++++ b/drivers/block/cpqarray.c |
1865 |
+@@ -1195,6 +1195,7 @@ out_passthru: |
1866 |
+ ida_pci_info_struct pciinfo; |
1867 |
+ |
1868 |
+ if (!arg) return -EINVAL; |
1869 |
++ memset(&pciinfo, 0, sizeof(pciinfo)); |
1870 |
+ pciinfo.bus = host->pci_dev->bus->number; |
1871 |
+ pciinfo.dev_fn = host->pci_dev->devfn; |
1872 |
+ pciinfo.board_id = host->board_id; |
1873 |
+diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c |
1874 |
+index bde72f7..3539f9b 100644 |
1875 |
+--- a/drivers/bluetooth/ath3k.c |
1876 |
++++ b/drivers/bluetooth/ath3k.c |
1877 |
+@@ -84,6 +84,7 @@ static struct usb_device_id ath3k_table[] = { |
1878 |
+ { USB_DEVICE(0x04CA, 0x3008) }, |
1879 |
+ { USB_DEVICE(0x13d3, 0x3362) }, |
1880 |
+ { USB_DEVICE(0x0CF3, 0xE004) }, |
1881 |
++ { USB_DEVICE(0x0CF3, 0xE005) }, |
1882 |
+ { USB_DEVICE(0x0930, 0x0219) }, |
1883 |
+ { USB_DEVICE(0x0489, 0xe057) }, |
1884 |
+ { USB_DEVICE(0x13d3, 0x3393) }, |
1885 |
+@@ -125,6 +126,7 @@ static struct usb_device_id ath3k_blist_tbl[] = { |
1886 |
+ { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, |
1887 |
+ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, |
1888 |
+ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, |
1889 |
++ { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, |
1890 |
+ { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, |
1891 |
+ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, |
1892 |
+ { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, |
1893 |
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c |
1894 |
+index 1bd3924..f18b5a2 100644 |
1895 |
+--- a/drivers/bluetooth/btusb.c |
1896 |
++++ b/drivers/bluetooth/btusb.c |
1897 |
+@@ -108,6 +108,7 @@ static struct usb_device_id btusb_table[] = { |
1898 |
+ |
1899 |
+ /* Broadcom BCM20702A0 */ |
1900 |
+ { USB_DEVICE(0x0b05, 0x17b5) }, |
1901 |
++ { USB_DEVICE(0x0b05, 0x17cb) }, |
1902 |
+ { USB_DEVICE(0x04ca, 0x2003) }, |
1903 |
+ { USB_DEVICE(0x0489, 0xe042) }, |
1904 |
+ { USB_DEVICE(0x413c, 0x8197) }, |
1905 |
+@@ -154,6 +155,7 @@ static struct usb_device_id blacklist_table[] = { |
1906 |
+ { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, |
1907 |
+ { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, |
1908 |
+ { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, |
1909 |
++ { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, |
1910 |
+ { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, |
1911 |
+ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, |
1912 |
+ { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, |
1913 |
+diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c |
1914 |
+index 7211f67..72f460e 100644 |
1915 |
+--- a/drivers/gpu/drm/drm_edid.c |
1916 |
++++ b/drivers/gpu/drm/drm_edid.c |
1917 |
+@@ -125,6 +125,9 @@ static struct edid_quirk { |
1918 |
+ |
1919 |
+ /* ViewSonic VA2026w */ |
1920 |
+ { "VSC", 5020, EDID_QUIRK_FORCE_REDUCED_BLANKING }, |
1921 |
++ |
1922 |
++ /* Medion MD 30217 PG */ |
1923 |
++ { "MED", 0x7b8, EDID_QUIRK_PREFER_LARGE_75 }, |
1924 |
+ }; |
1925 |
+ |
1926 |
+ /*** DDC fetch and block validation ***/ |
1927 |
+diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c |
1928 |
+index a07ccab..72163e8 100644 |
1929 |
+--- a/drivers/gpu/drm/i915/intel_dp.c |
1930 |
++++ b/drivers/gpu/drm/i915/intel_dp.c |
1931 |
+@@ -621,7 +621,18 @@ intel_dp_i2c_aux_ch(struct i2c_adapter *adapter, int mode, |
1932 |
+ DRM_DEBUG_KMS("aux_ch native nack\n"); |
1933 |
+ return -EREMOTEIO; |
1934 |
+ case AUX_NATIVE_REPLY_DEFER: |
1935 |
+- udelay(100); |
1936 |
++ /* |
1937 |
++ * For now, just give more slack to branch devices. We |
1938 |
++ * could check the DPCD for I2C bit rate capabilities, |
1939 |
++ * and if available, adjust the interval. We could also |
1940 |
++ * be more careful with DP-to-Legacy adapters where a |
1941 |
++ * long legacy cable may force very low I2C bit rates. |
1942 |
++ */ |
1943 |
++ if (intel_dp->dpcd[DP_DOWNSTREAMPORT_PRESENT] & |
1944 |
++ DP_DWN_STRM_PORT_PRESENT) |
1945 |
++ usleep_range(500, 600); |
1946 |
++ else |
1947 |
++ usleep_range(300, 400); |
1948 |
+ continue; |
1949 |
+ default: |
1950 |
+ DRM_ERROR("aux_ch invalid native reply 0x%02x\n", |
1951 |
+diff --git a/drivers/gpu/drm/i915/intel_opregion.c b/drivers/gpu/drm/i915/intel_opregion.c |
1952 |
+index cffb007..356a252 100644 |
1953 |
+--- a/drivers/gpu/drm/i915/intel_opregion.c |
1954 |
++++ b/drivers/gpu/drm/i915/intel_opregion.c |
1955 |
+@@ -161,7 +161,7 @@ static u32 asle_set_backlight(struct drm_device *dev, u32 bclp) |
1956 |
+ |
1957 |
+ max = intel_panel_get_max_backlight(dev); |
1958 |
+ intel_panel_set_backlight(dev, bclp * max / 255); |
1959 |
+- asle->cblv = (bclp*0x64)/0xff | ASLE_CBLV_VALID; |
1960 |
++ asle->cblv = DIV_ROUND_UP(bclp * 100, 255) | ASLE_CBLV_VALID; |
1961 |
+ |
1962 |
+ return 0; |
1963 |
+ } |
1964 |
+diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c |
1965 |
+index f0dc04b..3171294 100644 |
1966 |
+--- a/drivers/gpu/drm/radeon/atombios_encoders.c |
1967 |
++++ b/drivers/gpu/drm/radeon/atombios_encoders.c |
1968 |
+@@ -1385,8 +1385,12 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode) |
1969 |
+ atombios_dig_encoder_setup(encoder, ATOM_ENABLE, 0); |
1970 |
+ atombios_dig_transmitter_setup(encoder, ATOM_TRANSMITTER_ACTION_SETUP, 0, 0); |
1971 |
+ atombios_dig_transmitter_setup(encoder, ATOM_TRANSMITTER_ACTION_ENABLE, 0, 0); |
1972 |
+- /* some early dce3.2 boards have a bug in their transmitter control table */ |
1973 |
+- if ((rdev->family != CHIP_RV710) && (rdev->family != CHIP_RV730)) |
1974 |
++ /* some dce3.x boards have a bug in their transmitter control table. |
1975 |
++ * ACTION_ENABLE_OUTPUT can probably be dropped since ACTION_ENABLE |
1976 |
++ * does the same thing and more. |
1977 |
++ */ |
1978 |
++ if ((rdev->family != CHIP_RV710) && (rdev->family != CHIP_RV730) && |
1979 |
++ (rdev->family != CHIP_RS880)) |
1980 |
+ atombios_dig_transmitter_setup(encoder, ATOM_TRANSMITTER_ACTION_ENABLE_OUTPUT, 0, 0); |
1981 |
+ } |
1982 |
+ if (ENCODER_MODE_IS_DP(atombios_get_encoder_mode(encoder)) && connector) { |
1983 |
+diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c |
1984 |
+index f5962a0..a68057a 100644 |
1985 |
+--- a/drivers/gpu/drm/radeon/evergreen.c |
1986 |
++++ b/drivers/gpu/drm/radeon/evergreen.c |
1987 |
+@@ -501,7 +501,8 @@ static u32 evergreen_line_buffer_adjust(struct radeon_device *rdev, |
1988 |
+ struct drm_display_mode *mode, |
1989 |
+ struct drm_display_mode *other_mode) |
1990 |
+ { |
1991 |
+- u32 tmp; |
1992 |
++ u32 tmp, buffer_alloc, i; |
1993 |
++ u32 pipe_offset = radeon_crtc->crtc_id * 0x20; |
1994 |
+ /* |
1995 |
+ * Line Buffer Setup |
1996 |
+ * There are 3 line buffers, each one shared by 2 display controllers. |
1997 |
+@@ -524,18 +525,34 @@ static u32 evergreen_line_buffer_adjust(struct radeon_device *rdev, |
1998 |
+ * non-linked crtcs for maximum line buffer allocation. |
1999 |
+ */ |
2000 |
+ if (radeon_crtc->base.enabled && mode) { |
2001 |
+- if (other_mode) |
2002 |
++ if (other_mode) { |
2003 |
+ tmp = 0; /* 1/2 */ |
2004 |
+- else |
2005 |
++ buffer_alloc = 1; |
2006 |
++ } else { |
2007 |
+ tmp = 2; /* whole */ |
2008 |
+- } else |
2009 |
++ buffer_alloc = 2; |
2010 |
++ } |
2011 |
++ } else { |
2012 |
+ tmp = 0; |
2013 |
++ buffer_alloc = 0; |
2014 |
++ } |
2015 |
+ |
2016 |
+ /* second controller of the pair uses second half of the lb */ |
2017 |
+ if (radeon_crtc->crtc_id % 2) |
2018 |
+ tmp += 4; |
2019 |
+ WREG32(DC_LB_MEMORY_SPLIT + radeon_crtc->crtc_offset, tmp); |
2020 |
+ |
2021 |
++ if (ASIC_IS_DCE41(rdev) || ASIC_IS_DCE5(rdev)) { |
2022 |
++ WREG32(PIPE0_DMIF_BUFFER_CONTROL + pipe_offset, |
2023 |
++ DMIF_BUFFERS_ALLOCATED(buffer_alloc)); |
2024 |
++ for (i = 0; i < rdev->usec_timeout; i++) { |
2025 |
++ if (RREG32(PIPE0_DMIF_BUFFER_CONTROL + pipe_offset) & |
2026 |
++ DMIF_BUFFERS_ALLOCATED_COMPLETED) |
2027 |
++ break; |
2028 |
++ udelay(1); |
2029 |
++ } |
2030 |
++ } |
2031 |
++ |
2032 |
+ if (radeon_crtc->base.enabled && mode) { |
2033 |
+ switch (tmp) { |
2034 |
+ case 0: |
2035 |
+diff --git a/drivers/gpu/drm/radeon/evergreend.h b/drivers/gpu/drm/radeon/evergreend.h |
2036 |
+index fe44a95..47f3bd2 100644 |
2037 |
+--- a/drivers/gpu/drm/radeon/evergreend.h |
2038 |
++++ b/drivers/gpu/drm/radeon/evergreend.h |
2039 |
+@@ -459,6 +459,10 @@ |
2040 |
+ # define LATENCY_LOW_WATERMARK(x) ((x) << 0) |
2041 |
+ # define LATENCY_HIGH_WATERMARK(x) ((x) << 16) |
2042 |
+ |
2043 |
++#define PIPE0_DMIF_BUFFER_CONTROL 0x0ca0 |
2044 |
++# define DMIF_BUFFERS_ALLOCATED(x) ((x) << 0) |
2045 |
++# define DMIF_BUFFERS_ALLOCATED_COMPLETED (1 << 4) |
2046 |
++ |
2047 |
+ #define IH_RB_CNTL 0x3e00 |
2048 |
+ # define IH_RB_ENABLE (1 << 0) |
2049 |
+ # define IH_IB_SIZE(x) ((x) << 1) /* log2 */ |
2050 |
+diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c |
2051 |
+index 383b38e..cda89c6b 100644 |
2052 |
+--- a/drivers/gpu/drm/radeon/radeon_atombios.c |
2053 |
++++ b/drivers/gpu/drm/radeon/radeon_atombios.c |
2054 |
+@@ -709,13 +709,16 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev) |
2055 |
+ (ATOM_SRC_DST_TABLE_FOR_ONE_OBJECT *) |
2056 |
+ (ctx->bios + data_offset + |
2057 |
+ le16_to_cpu(router_obj->asObjects[k].usSrcDstTableOffset)); |
2058 |
++ u8 *num_dst_objs = (u8 *) |
2059 |
++ ((u8 *)router_src_dst_table + 1 + |
2060 |
++ (router_src_dst_table->ucNumberOfSrc * 2)); |
2061 |
++ u16 *dst_objs = (u16 *)(num_dst_objs + 1); |
2062 |
+ int enum_id; |
2063 |
+ |
2064 |
+ router.router_id = router_obj_id; |
2065 |
+- for (enum_id = 0; enum_id < router_src_dst_table->ucNumberOfDst; |
2066 |
+- enum_id++) { |
2067 |
++ for (enum_id = 0; enum_id < (*num_dst_objs); enum_id++) { |
2068 |
+ if (le16_to_cpu(path->usConnObjectId) == |
2069 |
+- le16_to_cpu(router_src_dst_table->usDstObjectID[enum_id])) |
2070 |
++ le16_to_cpu(dst_objs[enum_id])) |
2071 |
+ break; |
2072 |
+ } |
2073 |
+ |
2074 |
+@@ -1616,7 +1619,9 @@ struct radeon_encoder_atom_dig *radeon_atombios_get_lvds_info(struct |
2075 |
+ kfree(edid); |
2076 |
+ } |
2077 |
+ } |
2078 |
+- record += sizeof(ATOM_FAKE_EDID_PATCH_RECORD); |
2079 |
++ record += fake_edid_record->ucFakeEDIDLength ? |
2080 |
++ fake_edid_record->ucFakeEDIDLength + 2 : |
2081 |
++ sizeof(ATOM_FAKE_EDID_PATCH_RECORD); |
2082 |
+ break; |
2083 |
+ case LCD_PANEL_RESOLUTION_RECORD_TYPE: |
2084 |
+ panel_res_record = (ATOM_PANEL_RESOLUTION_PATCH_RECORD *)record; |
2085 |
+diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c |
2086 |
+index 6fd53b6..b101843 100644 |
2087 |
+--- a/drivers/gpu/drm/radeon/radeon_connectors.c |
2088 |
++++ b/drivers/gpu/drm/radeon/radeon_connectors.c |
2089 |
+@@ -1387,6 +1387,24 @@ struct drm_connector_funcs radeon_dp_connector_funcs = { |
2090 |
+ .force = radeon_dvi_force, |
2091 |
+ }; |
2092 |
+ |
2093 |
++static const struct drm_connector_funcs radeon_edp_connector_funcs = { |
2094 |
++ .dpms = drm_helper_connector_dpms, |
2095 |
++ .detect = radeon_dp_detect, |
2096 |
++ .fill_modes = drm_helper_probe_single_connector_modes, |
2097 |
++ .set_property = radeon_lvds_set_property, |
2098 |
++ .destroy = radeon_dp_connector_destroy, |
2099 |
++ .force = radeon_dvi_force, |
2100 |
++}; |
2101 |
++ |
2102 |
++static const struct drm_connector_funcs radeon_lvds_bridge_connector_funcs = { |
2103 |
++ .dpms = drm_helper_connector_dpms, |
2104 |
++ .detect = radeon_dp_detect, |
2105 |
++ .fill_modes = drm_helper_probe_single_connector_modes, |
2106 |
++ .set_property = radeon_lvds_set_property, |
2107 |
++ .destroy = radeon_dp_connector_destroy, |
2108 |
++ .force = radeon_dvi_force, |
2109 |
++}; |
2110 |
++ |
2111 |
+ void |
2112 |
+ radeon_add_atom_connector(struct drm_device *dev, |
2113 |
+ uint32_t connector_id, |
2114 |
+@@ -1478,8 +1496,6 @@ radeon_add_atom_connector(struct drm_device *dev, |
2115 |
+ goto failed; |
2116 |
+ radeon_dig_connector->igp_lane_info = igp_lane_info; |
2117 |
+ radeon_connector->con_priv = radeon_dig_connector; |
2118 |
+- drm_connector_init(dev, &radeon_connector->base, &radeon_dp_connector_funcs, connector_type); |
2119 |
+- drm_connector_helper_add(&radeon_connector->base, &radeon_dp_connector_helper_funcs); |
2120 |
+ if (i2c_bus->valid) { |
2121 |
+ /* add DP i2c bus */ |
2122 |
+ if (connector_type == DRM_MODE_CONNECTOR_eDP) |
2123 |
+@@ -1496,6 +1512,10 @@ radeon_add_atom_connector(struct drm_device *dev, |
2124 |
+ case DRM_MODE_CONNECTOR_VGA: |
2125 |
+ case DRM_MODE_CONNECTOR_DVIA: |
2126 |
+ default: |
2127 |
++ drm_connector_init(dev, &radeon_connector->base, |
2128 |
++ &radeon_dp_connector_funcs, connector_type); |
2129 |
++ drm_connector_helper_add(&radeon_connector->base, |
2130 |
++ &radeon_dp_connector_helper_funcs); |
2131 |
+ connector->interlace_allowed = true; |
2132 |
+ connector->doublescan_allowed = true; |
2133 |
+ radeon_connector->dac_load_detect = true; |
2134 |
+@@ -1508,6 +1528,10 @@ radeon_add_atom_connector(struct drm_device *dev, |
2135 |
+ case DRM_MODE_CONNECTOR_HDMIA: |
2136 |
+ case DRM_MODE_CONNECTOR_HDMIB: |
2137 |
+ case DRM_MODE_CONNECTOR_DisplayPort: |
2138 |
++ drm_connector_init(dev, &radeon_connector->base, |
2139 |
++ &radeon_dp_connector_funcs, connector_type); |
2140 |
++ drm_connector_helper_add(&radeon_connector->base, |
2141 |
++ &radeon_dp_connector_helper_funcs); |
2142 |
+ drm_connector_attach_property(&radeon_connector->base, |
2143 |
+ rdev->mode_info.underscan_property, |
2144 |
+ UNDERSCAN_OFF); |
2145 |
+@@ -1532,6 +1556,10 @@ radeon_add_atom_connector(struct drm_device *dev, |
2146 |
+ break; |
2147 |
+ case DRM_MODE_CONNECTOR_LVDS: |
2148 |
+ case DRM_MODE_CONNECTOR_eDP: |
2149 |
++ drm_connector_init(dev, &radeon_connector->base, |
2150 |
++ &radeon_lvds_bridge_connector_funcs, connector_type); |
2151 |
++ drm_connector_helper_add(&radeon_connector->base, |
2152 |
++ &radeon_dp_connector_helper_funcs); |
2153 |
+ drm_connector_attach_property(&radeon_connector->base, |
2154 |
+ dev->mode_config.scaling_mode_property, |
2155 |
+ DRM_MODE_SCALE_FULLSCREEN); |
2156 |
+@@ -1695,7 +1723,7 @@ radeon_add_atom_connector(struct drm_device *dev, |
2157 |
+ goto failed; |
2158 |
+ radeon_dig_connector->igp_lane_info = igp_lane_info; |
2159 |
+ radeon_connector->con_priv = radeon_dig_connector; |
2160 |
+- drm_connector_init(dev, &radeon_connector->base, &radeon_dp_connector_funcs, connector_type); |
2161 |
++ drm_connector_init(dev, &radeon_connector->base, &radeon_edp_connector_funcs, connector_type); |
2162 |
+ drm_connector_helper_add(&radeon_connector->base, &radeon_dp_connector_helper_funcs); |
2163 |
+ if (i2c_bus->valid) { |
2164 |
+ /* add DP i2c bus */ |
2165 |
+diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c |
2166 |
+index cd94abb..8cde84b 100644 |
2167 |
+--- a/drivers/gpu/drm/radeon/radeon_device.c |
2168 |
++++ b/drivers/gpu/drm/radeon/radeon_device.c |
2169 |
+@@ -818,10 +818,16 @@ int radeon_device_init(struct radeon_device *rdev, |
2170 |
+ return r; |
2171 |
+ } |
2172 |
+ if (radeon_testing) { |
2173 |
+- radeon_test_moves(rdev); |
2174 |
++ if (rdev->accel_working) |
2175 |
++ radeon_test_moves(rdev); |
2176 |
++ else |
2177 |
++ DRM_INFO("radeon: acceleration disabled, skipping move tests\n"); |
2178 |
+ } |
2179 |
+ if (radeon_benchmarking) { |
2180 |
+- radeon_benchmark(rdev, radeon_benchmarking); |
2181 |
++ if (rdev->accel_working) |
2182 |
++ radeon_benchmark(rdev, radeon_benchmarking); |
2183 |
++ else |
2184 |
++ DRM_INFO("radeon: acceleration disabled, skipping benchmarks\n"); |
2185 |
+ } |
2186 |
+ return 0; |
2187 |
+ } |
2188 |
+diff --git a/drivers/gpu/drm/radeon/rs400.c b/drivers/gpu/drm/radeon/rs400.c |
2189 |
+index 4dd9512..c087434 100644 |
2190 |
+--- a/drivers/gpu/drm/radeon/rs400.c |
2191 |
++++ b/drivers/gpu/drm/radeon/rs400.c |
2192 |
+@@ -174,10 +174,13 @@ int rs400_gart_enable(struct radeon_device *rdev) |
2193 |
+ /* FIXME: according to doc we should set HIDE_MMCFG_BAR=0, |
2194 |
+ * AGPMODE30=0 & AGP30ENHANCED=0 in NB_CNTL */ |
2195 |
+ if ((rdev->family == CHIP_RS690) || (rdev->family == CHIP_RS740)) { |
2196 |
+- WREG32_MC(RS480_MC_MISC_CNTL, |
2197 |
+- (RS480_GART_INDEX_REG_EN | RS690_BLOCK_GFX_D3_EN)); |
2198 |
++ tmp = RREG32_MC(RS480_MC_MISC_CNTL); |
2199 |
++ tmp |= RS480_GART_INDEX_REG_EN | RS690_BLOCK_GFX_D3_EN; |
2200 |
++ WREG32_MC(RS480_MC_MISC_CNTL, tmp); |
2201 |
+ } else { |
2202 |
+- WREG32_MC(RS480_MC_MISC_CNTL, RS480_GART_INDEX_REG_EN); |
2203 |
++ tmp = RREG32_MC(RS480_MC_MISC_CNTL); |
2204 |
++ tmp |= RS480_GART_INDEX_REG_EN; |
2205 |
++ WREG32_MC(RS480_MC_MISC_CNTL, tmp); |
2206 |
+ } |
2207 |
+ /* Enable gart */ |
2208 |
+ WREG32_MC(RS480_AGP_ADDRESS_SPACE_SIZE, (RS480_GART_EN | size_reg)); |
2209 |
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
2210 |
+index 611aafc..9ac4389 100644 |
2211 |
+--- a/drivers/hid/hid-core.c |
2212 |
++++ b/drivers/hid/hid-core.c |
2213 |
+@@ -59,6 +59,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, |
2214 |
+ struct hid_report_enum *report_enum = device->report_enum + type; |
2215 |
+ struct hid_report *report; |
2216 |
+ |
2217 |
++ if (id >= HID_MAX_IDS) |
2218 |
++ return NULL; |
2219 |
+ if (report_enum->report_id_hash[id]) |
2220 |
+ return report_enum->report_id_hash[id]; |
2221 |
+ |
2222 |
+@@ -216,9 +218,9 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign |
2223 |
+ { |
2224 |
+ struct hid_report *report; |
2225 |
+ struct hid_field *field; |
2226 |
+- int usages; |
2227 |
++ unsigned usages; |
2228 |
+ unsigned offset; |
2229 |
+- int i; |
2230 |
++ unsigned i; |
2231 |
+ |
2232 |
+ report = hid_register_report(parser->device, report_type, parser->global.report_id); |
2233 |
+ if (!report) { |
2234 |
+@@ -237,7 +239,8 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign |
2235 |
+ if (!parser->local.usage_index) /* Ignore padding fields */ |
2236 |
+ return 0; |
2237 |
+ |
2238 |
+- usages = max_t(int, parser->local.usage_index, parser->global.report_count); |
2239 |
++ usages = max_t(unsigned, parser->local.usage_index, |
2240 |
++ parser->global.report_count); |
2241 |
+ |
2242 |
+ field = hid_register_field(report, usages, parser->global.report_count); |
2243 |
+ if (!field) |
2244 |
+@@ -248,7 +251,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign |
2245 |
+ field->application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION); |
2246 |
+ |
2247 |
+ for (i = 0; i < usages; i++) { |
2248 |
+- int j = i; |
2249 |
++ unsigned j = i; |
2250 |
+ /* Duplicate the last usage we parsed if we have excess values */ |
2251 |
+ if (i >= parser->local.usage_index) |
2252 |
+ j = parser->local.usage_index - 1; |
2253 |
+@@ -380,8 +383,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) |
2254 |
+ |
2255 |
+ case HID_GLOBAL_ITEM_TAG_REPORT_ID: |
2256 |
+ parser->global.report_id = item_udata(item); |
2257 |
+- if (parser->global.report_id == 0) { |
2258 |
+- dbg_hid("report_id 0 is invalid\n"); |
2259 |
++ if (parser->global.report_id == 0 || |
2260 |
++ parser->global.report_id >= HID_MAX_IDS) { |
2261 |
++ dbg_hid("report_id %u is invalid\n", |
2262 |
++ parser->global.report_id); |
2263 |
+ return -1; |
2264 |
+ } |
2265 |
+ return 0; |
2266 |
+@@ -552,7 +557,7 @@ static void hid_device_release(struct device *dev) |
2267 |
+ for (i = 0; i < HID_REPORT_TYPES; i++) { |
2268 |
+ struct hid_report_enum *report_enum = device->report_enum + i; |
2269 |
+ |
2270 |
+- for (j = 0; j < 256; j++) { |
2271 |
++ for (j = 0; j < HID_MAX_IDS; j++) { |
2272 |
+ struct hid_report *report = report_enum->report_id_hash[j]; |
2273 |
+ if (report) |
2274 |
+ hid_free_report(report); |
2275 |
+@@ -710,6 +715,64 @@ err: |
2276 |
+ } |
2277 |
+ EXPORT_SYMBOL_GPL(hid_parse_report); |
2278 |
+ |
2279 |
++static const char * const hid_report_names[] = { |
2280 |
++ "HID_INPUT_REPORT", |
2281 |
++ "HID_OUTPUT_REPORT", |
2282 |
++ "HID_FEATURE_REPORT", |
2283 |
++}; |
2284 |
++/** |
2285 |
++ * hid_validate_values - validate existing device report's value indexes |
2286 |
++ * |
2287 |
++ * @device: hid device |
2288 |
++ * @type: which report type to examine |
2289 |
++ * @id: which report ID to examine (0 for first) |
2290 |
++ * @field_index: which report field to examine |
2291 |
++ * @report_counts: expected number of values |
2292 |
++ * |
2293 |
++ * Validate the number of values in a given field of a given report, after |
2294 |
++ * parsing. |
2295 |
++ */ |
2296 |
++struct hid_report *hid_validate_values(struct hid_device *hid, |
2297 |
++ unsigned int type, unsigned int id, |
2298 |
++ unsigned int field_index, |
2299 |
++ unsigned int report_counts) |
2300 |
++{ |
2301 |
++ struct hid_report *report; |
2302 |
++ |
2303 |
++ if (type > HID_FEATURE_REPORT) { |
2304 |
++ hid_err(hid, "invalid HID report type %u\n", type); |
2305 |
++ return NULL; |
2306 |
++ } |
2307 |
++ |
2308 |
++ if (id >= HID_MAX_IDS) { |
2309 |
++ hid_err(hid, "invalid HID report id %u\n", id); |
2310 |
++ return NULL; |
2311 |
++ } |
2312 |
++ |
2313 |
++ /* |
2314 |
++ * Explicitly not using hid_get_report() here since it depends on |
2315 |
++ * ->numbered being checked, which may not always be the case when |
2316 |
++ * drivers go to access report values. |
2317 |
++ */ |
2318 |
++ report = hid->report_enum[type].report_id_hash[id]; |
2319 |
++ if (!report) { |
2320 |
++ hid_err(hid, "missing %s %u\n", hid_report_names[type], id); |
2321 |
++ return NULL; |
2322 |
++ } |
2323 |
++ if (report->maxfield <= field_index) { |
2324 |
++ hid_err(hid, "not enough fields in %s %u\n", |
2325 |
++ hid_report_names[type], id); |
2326 |
++ return NULL; |
2327 |
++ } |
2328 |
++ if (report->field[field_index]->report_count < report_counts) { |
2329 |
++ hid_err(hid, "not enough values in %s %u field %u\n", |
2330 |
++ hid_report_names[type], id, field_index); |
2331 |
++ return NULL; |
2332 |
++ } |
2333 |
++ return report; |
2334 |
++} |
2335 |
++EXPORT_SYMBOL_GPL(hid_validate_values); |
2336 |
++ |
2337 |
+ /* |
2338 |
+ * Convert a signed n-bit integer to signed 32-bit integer. Common |
2339 |
+ * cases are done through the compiler, the screwed things has to be |
2340 |
+@@ -990,7 +1053,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); |
2341 |
+ |
2342 |
+ int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) |
2343 |
+ { |
2344 |
+- unsigned size = field->report_size; |
2345 |
++ unsigned size; |
2346 |
++ |
2347 |
++ if (!field) |
2348 |
++ return -1; |
2349 |
++ |
2350 |
++ size = field->report_size; |
2351 |
+ |
2352 |
+ hid_dump_input(field->report->device, field->usage + offset, value); |
2353 |
+ |
2354 |
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
2355 |
+index 08075f2..ca2b3e6 100644 |
2356 |
+--- a/drivers/hid/hid-ids.h |
2357 |
++++ b/drivers/hid/hid-ids.h |
2358 |
+@@ -581,6 +581,7 @@ |
2359 |
+ #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_16 0x0012 |
2360 |
+ #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_17 0x0013 |
2361 |
+ #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_18 0x0014 |
2362 |
++#define USB_DEVICE_ID_NTRIG_DUOSENSE 0x1500 |
2363 |
+ |
2364 |
+ #define USB_VENDOR_ID_ONTRAK 0x0a07 |
2365 |
+ #define USB_DEVICE_ID_ONTRAK_ADU100 0x0064 |
2366 |
+diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c |
2367 |
+index f333139..95c79a3 100644 |
2368 |
+--- a/drivers/hid/hid-input.c |
2369 |
++++ b/drivers/hid/hid-input.c |
2370 |
+@@ -284,6 +284,10 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel |
2371 |
+ if (field->flags & HID_MAIN_ITEM_CONSTANT) |
2372 |
+ goto ignore; |
2373 |
+ |
2374 |
++ /* Ignore if report count is out of bounds. */ |
2375 |
++ if (field->report_count < 1) |
2376 |
++ goto ignore; |
2377 |
++ |
2378 |
+ /* only LED usages are supported in output fields */ |
2379 |
+ if (field->report_type == HID_OUTPUT_REPORT && |
2380 |
+ (usage->hid & HID_USAGE_PAGE) != HID_UP_LED) { |
2381 |
+@@ -887,10 +891,15 @@ static void report_features(struct hid_device *hid) |
2382 |
+ |
2383 |
+ rep_enum = &hid->report_enum[HID_FEATURE_REPORT]; |
2384 |
+ list_for_each_entry(rep, &rep_enum->report_list, list) |
2385 |
+- for (i = 0; i < rep->maxfield; i++) |
2386 |
++ for (i = 0; i < rep->maxfield; i++) { |
2387 |
++ /* Ignore if report count is out of bounds. */ |
2388 |
++ if (rep->field[i]->report_count < 1) |
2389 |
++ continue; |
2390 |
++ |
2391 |
+ for (j = 0; j < rep->field[i]->maxusage; j++) |
2392 |
+ drv->feature_mapping(hid, rep->field[i], |
2393 |
+ rep->field[i]->usage + j); |
2394 |
++ } |
2395 |
+ } |
2396 |
+ |
2397 |
+ /* |
2398 |
+diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c |
2399 |
+index 3c31bc6..128f011 100644 |
2400 |
+--- a/drivers/hid/hid-lg2ff.c |
2401 |
++++ b/drivers/hid/hid-lg2ff.c |
2402 |
+@@ -66,26 +66,13 @@ int lg2ff_init(struct hid_device *hid) |
2403 |
+ struct hid_report *report; |
2404 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, |
2405 |
+ struct hid_input, list); |
2406 |
+- struct list_head *report_list = |
2407 |
+- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
2408 |
+ struct input_dev *dev = hidinput->input; |
2409 |
+ int error; |
2410 |
+ |
2411 |
+- if (list_empty(report_list)) { |
2412 |
+- hid_err(hid, "no output report found\n"); |
2413 |
++ /* Check that the report looks ok */ |
2414 |
++ report = hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 7); |
2415 |
++ if (!report) |
2416 |
+ return -ENODEV; |
2417 |
+- } |
2418 |
+- |
2419 |
+- report = list_entry(report_list->next, struct hid_report, list); |
2420 |
+- |
2421 |
+- if (report->maxfield < 1) { |
2422 |
+- hid_err(hid, "output report is empty\n"); |
2423 |
+- return -ENODEV; |
2424 |
+- } |
2425 |
+- if (report->field[0]->report_count < 7) { |
2426 |
+- hid_err(hid, "not enough values in the field\n"); |
2427 |
+- return -ENODEV; |
2428 |
+- } |
2429 |
+ |
2430 |
+ lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL); |
2431 |
+ if (!lg2ff) |
2432 |
+diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c |
2433 |
+index f98644c..91f981f 100644 |
2434 |
+--- a/drivers/hid/hid-lg3ff.c |
2435 |
++++ b/drivers/hid/hid-lg3ff.c |
2436 |
+@@ -68,10 +68,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data, |
2437 |
+ int x, y; |
2438 |
+ |
2439 |
+ /* |
2440 |
+- * Maxusage should always be 63 (maximum fields) |
2441 |
+- * likely a better way to ensure this data is clean |
2442 |
++ * Available values in the field should always be 63, but we only use up to |
2443 |
++ * 35. Instead, clear the entire area, however big it is. |
2444 |
+ */ |
2445 |
+- memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage); |
2446 |
++ memset(report->field[0]->value, 0, |
2447 |
++ sizeof(__s32) * report->field[0]->report_count); |
2448 |
+ |
2449 |
+ switch (effect->type) { |
2450 |
+ case FF_CONSTANT: |
2451 |
+@@ -131,32 +132,14 @@ static const signed short ff3_joystick_ac[] = { |
2452 |
+ int lg3ff_init(struct hid_device *hid) |
2453 |
+ { |
2454 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
2455 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
2456 |
+ struct input_dev *dev = hidinput->input; |
2457 |
+- struct hid_report *report; |
2458 |
+- struct hid_field *field; |
2459 |
+ const signed short *ff_bits = ff3_joystick_ac; |
2460 |
+ int error; |
2461 |
+ int i; |
2462 |
+ |
2463 |
+- /* Find the report to use */ |
2464 |
+- if (list_empty(report_list)) { |
2465 |
+- hid_err(hid, "No output report found\n"); |
2466 |
+- return -1; |
2467 |
+- } |
2468 |
+- |
2469 |
+ /* Check that the report looks ok */ |
2470 |
+- report = list_entry(report_list->next, struct hid_report, list); |
2471 |
+- if (!report) { |
2472 |
+- hid_err(hid, "NULL output report\n"); |
2473 |
+- return -1; |
2474 |
+- } |
2475 |
+- |
2476 |
+- field = report->field[0]; |
2477 |
+- if (!field) { |
2478 |
+- hid_err(hid, "NULL field\n"); |
2479 |
+- return -1; |
2480 |
+- } |
2481 |
++ if (!hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 35)) |
2482 |
++ return -ENODEV; |
2483 |
+ |
2484 |
+ /* Assume single fixed device G940 */ |
2485 |
+ for (i = 0; ff_bits[i] >= 0; i++) |
2486 |
+diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c |
2487 |
+index 103f30d..5c6bf4b 100644 |
2488 |
+--- a/drivers/hid/hid-lg4ff.c |
2489 |
++++ b/drivers/hid/hid-lg4ff.c |
2490 |
+@@ -339,33 +339,15 @@ static ssize_t lg4ff_range_store(struct device *dev, struct device_attribute *at |
2491 |
+ int lg4ff_init(struct hid_device *hid) |
2492 |
+ { |
2493 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
2494 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
2495 |
+ struct input_dev *dev = hidinput->input; |
2496 |
+- struct hid_report *report; |
2497 |
+- struct hid_field *field; |
2498 |
+ struct lg4ff_device_entry *entry; |
2499 |
+ struct usb_device_descriptor *udesc; |
2500 |
+ int error, i, j; |
2501 |
+ __u16 bcdDevice, rev_maj, rev_min; |
2502 |
+ |
2503 |
+- /* Find the report to use */ |
2504 |
+- if (list_empty(report_list)) { |
2505 |
+- hid_err(hid, "No output report found\n"); |
2506 |
+- return -1; |
2507 |
+- } |
2508 |
+- |
2509 |
+ /* Check that the report looks ok */ |
2510 |
+- report = list_entry(report_list->next, struct hid_report, list); |
2511 |
+- if (!report) { |
2512 |
+- hid_err(hid, "NULL output report\n"); |
2513 |
++ if (!hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 7)) |
2514 |
+ return -1; |
2515 |
+- } |
2516 |
+- |
2517 |
+- field = report->field[0]; |
2518 |
+- if (!field) { |
2519 |
+- hid_err(hid, "NULL field\n"); |
2520 |
+- return -1; |
2521 |
+- } |
2522 |
+ |
2523 |
+ /* Check what wheel has been connected */ |
2524 |
+ for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) { |
2525 |
+diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c |
2526 |
+index 27bc54f..1d978daa 100644 |
2527 |
+--- a/drivers/hid/hid-lgff.c |
2528 |
++++ b/drivers/hid/hid-lgff.c |
2529 |
+@@ -130,27 +130,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude) |
2530 |
+ int lgff_init(struct hid_device* hid) |
2531 |
+ { |
2532 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
2533 |
+- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
2534 |
+ struct input_dev *dev = hidinput->input; |
2535 |
+- struct hid_report *report; |
2536 |
+- struct hid_field *field; |
2537 |
+ const signed short *ff_bits = ff_joystick; |
2538 |
+ int error; |
2539 |
+ int i; |
2540 |
+ |
2541 |
+- /* Find the report to use */ |
2542 |
+- if (list_empty(report_list)) { |
2543 |
+- hid_err(hid, "No output report found\n"); |
2544 |
+- return -1; |
2545 |
+- } |
2546 |
+- |
2547 |
+ /* Check that the report looks ok */ |
2548 |
+- report = list_entry(report_list->next, struct hid_report, list); |
2549 |
+- field = report->field[0]; |
2550 |
+- if (!field) { |
2551 |
+- hid_err(hid, "NULL field\n"); |
2552 |
+- return -1; |
2553 |
+- } |
2554 |
++ if (!hid_validate_values(hid, HID_OUTPUT_REPORT, 0, 0, 7)) |
2555 |
++ return -ENODEV; |
2556 |
+ |
2557 |
+ for (i = 0; i < ARRAY_SIZE(devices); i++) { |
2558 |
+ if (dev->id.vendor == devices[i].idVendor && |
2559 |
+diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c |
2560 |
+index 8821ecc..828a0dd 100644 |
2561 |
+--- a/drivers/hid/hid-logitech-dj.c |
2562 |
++++ b/drivers/hid/hid-logitech-dj.c |
2563 |
+@@ -791,6 +791,12 @@ static int logi_dj_probe(struct hid_device *hdev, |
2564 |
+ goto hid_parse_fail; |
2565 |
+ } |
2566 |
+ |
2567 |
++ if (!hid_validate_values(hdev, HID_OUTPUT_REPORT, REPORT_ID_DJ_SHORT, |
2568 |
++ 0, DJREPORT_SHORT_LENGTH - 1)) { |
2569 |
++ retval = -ENODEV; |
2570 |
++ goto hid_parse_fail; |
2571 |
++ } |
2572 |
++ |
2573 |
+ /* Starts the usb device and connects to upper interfaces hiddev and |
2574 |
+ * hidraw */ |
2575 |
+ retval = hid_hw_start(hdev, HID_CONNECT_DEFAULT); |
2576 |
+diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c |
2577 |
+index 9fae2eb..48cba85 100644 |
2578 |
+--- a/drivers/hid/hid-ntrig.c |
2579 |
++++ b/drivers/hid/hid-ntrig.c |
2580 |
+@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) |
2581 |
+ struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. |
2582 |
+ report_id_hash[0x0d]; |
2583 |
+ |
2584 |
+- if (!report) |
2585 |
++ if (!report || report->maxfield < 1 || |
2586 |
++ report->field[0]->report_count < 1) |
2587 |
+ return -EINVAL; |
2588 |
+ |
2589 |
+ usbhid_submit_report(hdev, report, USB_DIR_IN); |
2590 |
+diff --git a/drivers/hid/hid-picolcd.c b/drivers/hid/hid-picolcd.c |
2591 |
+index 01e7d2c..1daeaca 100644 |
2592 |
+--- a/drivers/hid/hid-picolcd.c |
2593 |
++++ b/drivers/hid/hid-picolcd.c |
2594 |
+@@ -1424,7 +1424,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev, |
2595 |
+ buf += 10; |
2596 |
+ cnt -= 10; |
2597 |
+ } |
2598 |
+- if (!report) |
2599 |
++ if (!report || report->maxfield != 1) |
2600 |
+ return -EINVAL; |
2601 |
+ |
2602 |
+ while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r')) |
2603 |
+diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c |
2604 |
+index 070f93a..12786cd 100644 |
2605 |
+--- a/drivers/hid/hid-pl.c |
2606 |
++++ b/drivers/hid/hid-pl.c |
2607 |
+@@ -129,8 +129,14 @@ static int plff_init(struct hid_device *hid) |
2608 |
+ strong = &report->field[0]->value[2]; |
2609 |
+ weak = &report->field[0]->value[3]; |
2610 |
+ debug("detected single-field device"); |
2611 |
+- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && |
2612 |
+- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { |
2613 |
++ } else if (report->field[0]->maxusage == 1 && |
2614 |
++ report->field[0]->usage[0].hid == |
2615 |
++ (HID_UP_LED | 0x43) && |
2616 |
++ report->maxfield >= 4 && |
2617 |
++ report->field[0]->report_count >= 1 && |
2618 |
++ report->field[1]->report_count >= 1 && |
2619 |
++ report->field[2]->report_count >= 1 && |
2620 |
++ report->field[3]->report_count >= 1) { |
2621 |
+ report->field[0]->value[0] = 0x00; |
2622 |
+ report->field[1]->value[0] = 0x00; |
2623 |
+ strong = &report->field[2]->value[0]; |
2624 |
+diff --git a/drivers/hid/hid-speedlink.c b/drivers/hid/hid-speedlink.c |
2625 |
+index 6020137..2b03c9b 100644 |
2626 |
+--- a/drivers/hid/hid-speedlink.c |
2627 |
++++ b/drivers/hid/hid-speedlink.c |
2628 |
+@@ -3,7 +3,7 @@ |
2629 |
+ * Fixes "jumpy" cursor and removes nonexistent keyboard LEDS from |
2630 |
+ * the HID descriptor. |
2631 |
+ * |
2632 |
+- * Copyright (c) 2011 Stefan Kriwanek <mail@××××××××××××××.de> |
2633 |
++ * Copyright (c) 2011, 2013 Stefan Kriwanek <dev@××××××××××××××.de> |
2634 |
+ */ |
2635 |
+ |
2636 |
+ /* |
2637 |
+@@ -48,8 +48,13 @@ static int speedlink_event(struct hid_device *hdev, struct hid_field *field, |
2638 |
+ struct hid_usage *usage, __s32 value) |
2639 |
+ { |
2640 |
+ /* No other conditions due to usage_table. */ |
2641 |
+- /* Fix "jumpy" cursor (invalid events sent by device). */ |
2642 |
+- if (value == 256) |
2643 |
++ |
2644 |
++ /* This fixes the "jumpy" cursor occuring due to invalid events sent |
2645 |
++ * by the device. Some devices only send them with value==+256, others |
2646 |
++ * don't. However, catching abs(value)>=256 is restrictive enough not |
2647 |
++ * to interfere with devices that were bug-free (has been tested). |
2648 |
++ */ |
2649 |
++ if (abs(value) >= 256) |
2650 |
+ return 1; |
2651 |
+ /* Drop useless distance 0 events (on button clicks etc.) as well */ |
2652 |
+ if (value == 0) |
2653 |
+diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c |
2654 |
+index f6ba81d..f348f7f 100644 |
2655 |
+--- a/drivers/hid/hid-zpff.c |
2656 |
++++ b/drivers/hid/hid-zpff.c |
2657 |
+@@ -70,21 +70,13 @@ static int zpff_init(struct hid_device *hid) |
2658 |
+ struct hid_report *report; |
2659 |
+ struct hid_input *hidinput = list_entry(hid->inputs.next, |
2660 |
+ struct hid_input, list); |
2661 |
+- struct list_head *report_list = |
2662 |
+- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
2663 |
+ struct input_dev *dev = hidinput->input; |
2664 |
+- int error; |
2665 |
++ int i, error; |
2666 |
+ |
2667 |
+- if (list_empty(report_list)) { |
2668 |
+- hid_err(hid, "no output report found\n"); |
2669 |
+- return -ENODEV; |
2670 |
+- } |
2671 |
+- |
2672 |
+- report = list_entry(report_list->next, struct hid_report, list); |
2673 |
+- |
2674 |
+- if (report->maxfield < 4) { |
2675 |
+- hid_err(hid, "not enough fields in report\n"); |
2676 |
+- return -ENODEV; |
2677 |
++ for (i = 0; i < 4; i++) { |
2678 |
++ report = hid_validate_values(hid, HID_OUTPUT_REPORT, 0, i, 1); |
2679 |
++ if (!report) |
2680 |
++ return -ENODEV; |
2681 |
+ } |
2682 |
+ |
2683 |
+ zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL); |
2684 |
+diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c |
2685 |
+index 17d15bb..9e50f61 100644 |
2686 |
+--- a/drivers/hid/hidraw.c |
2687 |
++++ b/drivers/hid/hidraw.c |
2688 |
+@@ -42,7 +42,6 @@ static struct cdev hidraw_cdev; |
2689 |
+ static struct class *hidraw_class; |
2690 |
+ static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES]; |
2691 |
+ static DEFINE_MUTEX(minors_lock); |
2692 |
+-static void drop_ref(struct hidraw *hid, int exists_bit); |
2693 |
+ |
2694 |
+ static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) |
2695 |
+ { |
2696 |
+@@ -296,14 +295,37 @@ out: |
2697 |
+ |
2698 |
+ } |
2699 |
+ |
2700 |
++static void drop_ref(struct hidraw *hidraw, int exists_bit) |
2701 |
++{ |
2702 |
++ if (exists_bit) { |
2703 |
++ hid_hw_close(hidraw->hid); |
2704 |
++ hidraw->exist = 0; |
2705 |
++ if (hidraw->open) |
2706 |
++ wake_up_interruptible(&hidraw->wait); |
2707 |
++ } else { |
2708 |
++ --hidraw->open; |
2709 |
++ } |
2710 |
++ |
2711 |
++ if (!hidraw->open && !hidraw->exist) { |
2712 |
++ device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); |
2713 |
++ hidraw_table[hidraw->minor] = NULL; |
2714 |
++ kfree(hidraw); |
2715 |
++ } |
2716 |
++} |
2717 |
++ |
2718 |
+ static int hidraw_release(struct inode * inode, struct file * file) |
2719 |
+ { |
2720 |
+ unsigned int minor = iminor(inode); |
2721 |
+ struct hidraw_list *list = file->private_data; |
2722 |
+ |
2723 |
+- drop_ref(hidraw_table[minor], 0); |
2724 |
++ mutex_lock(&minors_lock); |
2725 |
++ |
2726 |
+ list_del(&list->node); |
2727 |
+ kfree(list); |
2728 |
++ |
2729 |
++ drop_ref(hidraw_table[minor], 0); |
2730 |
++ |
2731 |
++ mutex_unlock(&minors_lock); |
2732 |
+ return 0; |
2733 |
+ } |
2734 |
+ |
2735 |
+@@ -506,7 +528,12 @@ EXPORT_SYMBOL_GPL(hidraw_connect); |
2736 |
+ void hidraw_disconnect(struct hid_device *hid) |
2737 |
+ { |
2738 |
+ struct hidraw *hidraw = hid->hidraw; |
2739 |
++ |
2740 |
++ mutex_lock(&minors_lock); |
2741 |
++ |
2742 |
+ drop_ref(hidraw, 1); |
2743 |
++ |
2744 |
++ mutex_unlock(&minors_lock); |
2745 |
+ } |
2746 |
+ EXPORT_SYMBOL_GPL(hidraw_disconnect); |
2747 |
+ |
2748 |
+@@ -555,23 +582,3 @@ void hidraw_exit(void) |
2749 |
+ unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES); |
2750 |
+ |
2751 |
+ } |
2752 |
+- |
2753 |
+-static void drop_ref(struct hidraw *hidraw, int exists_bit) |
2754 |
+-{ |
2755 |
+- mutex_lock(&minors_lock); |
2756 |
+- if (exists_bit) { |
2757 |
+- hid_hw_close(hidraw->hid); |
2758 |
+- hidraw->exist = 0; |
2759 |
+- if (hidraw->open) |
2760 |
+- wake_up_interruptible(&hidraw->wait); |
2761 |
+- } else { |
2762 |
+- --hidraw->open; |
2763 |
+- } |
2764 |
+- |
2765 |
+- if (!hidraw->open && !hidraw->exist) { |
2766 |
+- device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); |
2767 |
+- hidraw_table[hidraw->minor] = NULL; |
2768 |
+- kfree(hidraw); |
2769 |
+- } |
2770 |
+- mutex_unlock(&minors_lock); |
2771 |
+-} |
2772 |
+diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c |
2773 |
+index 96a1e0f..f98fbad 100644 |
2774 |
+--- a/drivers/hid/usbhid/hid-quirks.c |
2775 |
++++ b/drivers/hid/usbhid/hid-quirks.c |
2776 |
+@@ -99,6 +99,8 @@ static const struct hid_blacklist { |
2777 |
+ { USB_VENDOR_ID_CHICONY, USB_DEVICE_ID_CHICONY_MULTI_TOUCH, HID_QUIRK_MULTI_INPUT }, |
2778 |
+ { USB_VENDOR_ID_CHICONY, USB_DEVICE_ID_CHICONY_WIRELESS, HID_QUIRK_MULTI_INPUT }, |
2779 |
+ { USB_VENDOR_ID_SIGMA_MICRO, USB_DEVICE_ID_SIGMA_MICRO_KEYBOARD, HID_QUIRK_NO_INIT_REPORTS }, |
2780 |
++ { USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_DUOSENSE, HID_QUIRK_NO_INIT_REPORTS }, |
2781 |
++ |
2782 |
+ { 0, 0 } |
2783 |
+ }; |
2784 |
+ |
2785 |
+diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c |
2786 |
+index d99aa84..30cac58 100644 |
2787 |
+--- a/drivers/hwmon/applesmc.c |
2788 |
++++ b/drivers/hwmon/applesmc.c |
2789 |
+@@ -344,8 +344,10 @@ static int applesmc_get_lower_bound(unsigned int *lo, const char *key) |
2790 |
+ while (begin != end) { |
2791 |
+ int middle = begin + (end - begin) / 2; |
2792 |
+ entry = applesmc_get_entry_by_index(middle); |
2793 |
+- if (IS_ERR(entry)) |
2794 |
++ if (IS_ERR(entry)) { |
2795 |
++ *lo = 0; |
2796 |
+ return PTR_ERR(entry); |
2797 |
++ } |
2798 |
+ if (strcmp(entry->key, key) < 0) |
2799 |
+ begin = middle + 1; |
2800 |
+ else |
2801 |
+@@ -364,8 +366,10 @@ static int applesmc_get_upper_bound(unsigned int *hi, const char *key) |
2802 |
+ while (begin != end) { |
2803 |
+ int middle = begin + (end - begin) / 2; |
2804 |
+ entry = applesmc_get_entry_by_index(middle); |
2805 |
+- if (IS_ERR(entry)) |
2806 |
++ if (IS_ERR(entry)) { |
2807 |
++ *hi = smcreg.key_count; |
2808 |
+ return PTR_ERR(entry); |
2809 |
++ } |
2810 |
+ if (strcmp(key, entry->key) < 0) |
2811 |
+ end = middle; |
2812 |
+ else |
2813 |
+@@ -485,16 +489,25 @@ static int applesmc_init_smcreg_try(void) |
2814 |
+ { |
2815 |
+ struct applesmc_registers *s = &smcreg; |
2816 |
+ bool left_light_sensor, right_light_sensor; |
2817 |
++ unsigned int count; |
2818 |
+ u8 tmp[1]; |
2819 |
+ int ret; |
2820 |
+ |
2821 |
+ if (s->init_complete) |
2822 |
+ return 0; |
2823 |
+ |
2824 |
+- ret = read_register_count(&s->key_count); |
2825 |
++ ret = read_register_count(&count); |
2826 |
+ if (ret) |
2827 |
+ return ret; |
2828 |
+ |
2829 |
++ if (s->cache && s->key_count != count) { |
2830 |
++ pr_warn("key count changed from %d to %d\n", |
2831 |
++ s->key_count, count); |
2832 |
++ kfree(s->cache); |
2833 |
++ s->cache = NULL; |
2834 |
++ } |
2835 |
++ s->key_count = count; |
2836 |
++ |
2837 |
+ if (!s->cache) |
2838 |
+ s->cache = kcalloc(s->key_count, sizeof(*s->cache), GFP_KERNEL); |
2839 |
+ if (!s->cache) |
2840 |
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c |
2841 |
+index f44a067..b4a4aaf 100644 |
2842 |
+--- a/drivers/iommu/intel-iommu.c |
2843 |
++++ b/drivers/iommu/intel-iommu.c |
2844 |
+@@ -861,56 +861,54 @@ static int dma_pte_clear_range(struct dmar_domain *domain, |
2845 |
+ return order; |
2846 |
+ } |
2847 |
+ |
2848 |
++static void dma_pte_free_level(struct dmar_domain *domain, int level, |
2849 |
++ struct dma_pte *pte, unsigned long pfn, |
2850 |
++ unsigned long start_pfn, unsigned long last_pfn) |
2851 |
++{ |
2852 |
++ pfn = max(start_pfn, pfn); |
2853 |
++ pte = &pte[pfn_level_offset(pfn, level)]; |
2854 |
++ |
2855 |
++ do { |
2856 |
++ unsigned long level_pfn; |
2857 |
++ struct dma_pte *level_pte; |
2858 |
++ |
2859 |
++ if (!dma_pte_present(pte) || dma_pte_superpage(pte)) |
2860 |
++ goto next; |
2861 |
++ |
2862 |
++ level_pfn = pfn & level_mask(level - 1); |
2863 |
++ level_pte = phys_to_virt(dma_pte_addr(pte)); |
2864 |
++ |
2865 |
++ if (level > 2) |
2866 |
++ dma_pte_free_level(domain, level - 1, level_pte, |
2867 |
++ level_pfn, start_pfn, last_pfn); |
2868 |
++ |
2869 |
++ /* If range covers entire pagetable, free it */ |
2870 |
++ if (!(start_pfn > level_pfn || |
2871 |
++ last_pfn < level_pfn + level_size(level))) { |
2872 |
++ dma_clear_pte(pte); |
2873 |
++ domain_flush_cache(domain, pte, sizeof(*pte)); |
2874 |
++ free_pgtable_page(level_pte); |
2875 |
++ } |
2876 |
++next: |
2877 |
++ pfn += level_size(level); |
2878 |
++ } while (!first_pte_in_page(++pte) && pfn <= last_pfn); |
2879 |
++} |
2880 |
++ |
2881 |
+ /* free page table pages. last level pte should already be cleared */ |
2882 |
+ static void dma_pte_free_pagetable(struct dmar_domain *domain, |
2883 |
+ unsigned long start_pfn, |
2884 |
+ unsigned long last_pfn) |
2885 |
+ { |
2886 |
+ int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT; |
2887 |
+- struct dma_pte *first_pte, *pte; |
2888 |
+- int total = agaw_to_level(domain->agaw); |
2889 |
+- int level; |
2890 |
+- unsigned long tmp; |
2891 |
+- int large_page = 2; |
2892 |
+ |
2893 |
+ BUG_ON(addr_width < BITS_PER_LONG && start_pfn >> addr_width); |
2894 |
+ BUG_ON(addr_width < BITS_PER_LONG && last_pfn >> addr_width); |
2895 |
+ BUG_ON(start_pfn > last_pfn); |
2896 |
+ |
2897 |
+ /* We don't need lock here; nobody else touches the iova range */ |
2898 |
+- level = 2; |
2899 |
+- while (level <= total) { |
2900 |
+- tmp = align_to_level(start_pfn, level); |
2901 |
+- |
2902 |
+- /* If we can't even clear one PTE at this level, we're done */ |
2903 |
+- if (tmp + level_size(level) - 1 > last_pfn) |
2904 |
+- return; |
2905 |
+- |
2906 |
+- do { |
2907 |
+- large_page = level; |
2908 |
+- first_pte = pte = dma_pfn_level_pte(domain, tmp, level, &large_page); |
2909 |
+- if (large_page > level) |
2910 |
+- level = large_page + 1; |
2911 |
+- if (!pte) { |
2912 |
+- tmp = align_to_level(tmp + 1, level + 1); |
2913 |
+- continue; |
2914 |
+- } |
2915 |
+- do { |
2916 |
+- if (dma_pte_present(pte)) { |
2917 |
+- free_pgtable_page(phys_to_virt(dma_pte_addr(pte))); |
2918 |
+- dma_clear_pte(pte); |
2919 |
+- } |
2920 |
+- pte++; |
2921 |
+- tmp += level_size(level); |
2922 |
+- } while (!first_pte_in_page(pte) && |
2923 |
+- tmp + level_size(level) - 1 <= last_pfn); |
2924 |
++ dma_pte_free_level(domain, agaw_to_level(domain->agaw), |
2925 |
++ domain->pgd, 0, start_pfn, last_pfn); |
2926 |
+ |
2927 |
+- domain_flush_cache(domain, first_pte, |
2928 |
+- (void *)pte - (void *)first_pte); |
2929 |
+- |
2930 |
+- } while (tmp && tmp + level_size(level) - 1 <= last_pfn); |
2931 |
+- level++; |
2932 |
+- } |
2933 |
+ /* free pgd */ |
2934 |
+ if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) { |
2935 |
+ free_pgtable_page(domain->pgd); |
2936 |
+diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c |
2937 |
+index b4aaa7b..5c30316 100644 |
2938 |
+--- a/drivers/md/dm-snap.c |
2939 |
++++ b/drivers/md/dm-snap.c |
2940 |
+@@ -721,17 +721,16 @@ static int calc_max_buckets(void) |
2941 |
+ */ |
2942 |
+ static int init_hash_tables(struct dm_snapshot *s) |
2943 |
+ { |
2944 |
+- sector_t hash_size, cow_dev_size, origin_dev_size, max_buckets; |
2945 |
++ sector_t hash_size, cow_dev_size, max_buckets; |
2946 |
+ |
2947 |
+ /* |
2948 |
+ * Calculate based on the size of the original volume or |
2949 |
+ * the COW volume... |
2950 |
+ */ |
2951 |
+ cow_dev_size = get_dev_size(s->cow->bdev); |
2952 |
+- origin_dev_size = get_dev_size(s->origin->bdev); |
2953 |
+ max_buckets = calc_max_buckets(); |
2954 |
+ |
2955 |
+- hash_size = min(origin_dev_size, cow_dev_size) >> s->store->chunk_shift; |
2956 |
++ hash_size = cow_dev_size >> s->store->chunk_shift; |
2957 |
+ hash_size = min(hash_size, max_buckets); |
2958 |
+ |
2959 |
+ if (hash_size < 64) |
2960 |
+diff --git a/drivers/media/video/hdpvr/hdpvr-core.c b/drivers/media/video/hdpvr/hdpvr-core.c |
2961 |
+index 441dacf..060353e 100644 |
2962 |
+--- a/drivers/media/video/hdpvr/hdpvr-core.c |
2963 |
++++ b/drivers/media/video/hdpvr/hdpvr-core.c |
2964 |
+@@ -297,6 +297,11 @@ static int hdpvr_probe(struct usb_interface *interface, |
2965 |
+ |
2966 |
+ dev->workqueue = 0; |
2967 |
+ |
2968 |
++ /* init video transfer queues first of all */ |
2969 |
++ /* to prevent oops in hdpvr_delete() on error paths */ |
2970 |
++ INIT_LIST_HEAD(&dev->free_buff_list); |
2971 |
++ INIT_LIST_HEAD(&dev->rec_buff_list); |
2972 |
++ |
2973 |
+ /* register v4l2_device early so it can be used for printks */ |
2974 |
+ if (v4l2_device_register(&interface->dev, &dev->v4l2_dev)) { |
2975 |
+ err("v4l2_device_register failed"); |
2976 |
+@@ -319,10 +324,6 @@ static int hdpvr_probe(struct usb_interface *interface, |
2977 |
+ if (!dev->workqueue) |
2978 |
+ goto error; |
2979 |
+ |
2980 |
+- /* init video transfer queues */ |
2981 |
+- INIT_LIST_HEAD(&dev->free_buff_list); |
2982 |
+- INIT_LIST_HEAD(&dev->rec_buff_list); |
2983 |
+- |
2984 |
+ dev->options = hdpvr_default_options; |
2985 |
+ |
2986 |
+ if (default_video_input < HDPVR_VIDEO_INPUTS) |
2987 |
+@@ -373,12 +374,6 @@ static int hdpvr_probe(struct usb_interface *interface, |
2988 |
+ } |
2989 |
+ mutex_unlock(&dev->io_mutex); |
2990 |
+ |
2991 |
+- if (hdpvr_register_videodev(dev, &interface->dev, |
2992 |
+- video_nr[atomic_inc_return(&dev_nr)])) { |
2993 |
+- v4l2_err(&dev->v4l2_dev, "registering videodev failed\n"); |
2994 |
+- goto error; |
2995 |
+- } |
2996 |
+- |
2997 |
+ #if defined(CONFIG_I2C) || defined(CONFIG_I2C_MODULE) |
2998 |
+ retval = hdpvr_register_i2c_adapter(dev); |
2999 |
+ if (retval < 0) { |
3000 |
+@@ -399,6 +394,13 @@ static int hdpvr_probe(struct usb_interface *interface, |
3001 |
+ } |
3002 |
+ #endif |
3003 |
+ |
3004 |
++ retval = hdpvr_register_videodev(dev, &interface->dev, |
3005 |
++ video_nr[atomic_inc_return(&dev_nr)]); |
3006 |
++ if (retval < 0) { |
3007 |
++ v4l2_err(&dev->v4l2_dev, "registering videodev failed\n"); |
3008 |
++ goto reg_fail; |
3009 |
++ } |
3010 |
++ |
3011 |
+ /* let the user know what node this device is now attached to */ |
3012 |
+ v4l2_info(&dev->v4l2_dev, "device now attached to %s\n", |
3013 |
+ video_device_node_name(dev->video_dev)); |
3014 |
+diff --git a/drivers/mmc/host/tmio_mmc_dma.c b/drivers/mmc/host/tmio_mmc_dma.c |
3015 |
+index 86f259c..be9e74d 100644 |
3016 |
+--- a/drivers/mmc/host/tmio_mmc_dma.c |
3017 |
++++ b/drivers/mmc/host/tmio_mmc_dma.c |
3018 |
+@@ -92,6 +92,7 @@ static void tmio_mmc_start_dma_rx(struct tmio_mmc_host *host) |
3019 |
+ pio: |
3020 |
+ if (!desc) { |
3021 |
+ /* DMA failed, fall back to PIO */ |
3022 |
++ tmio_mmc_enable_dma(host, false); |
3023 |
+ if (ret >= 0) |
3024 |
+ ret = -EIO; |
3025 |
+ host->chan_rx = NULL; |
3026 |
+@@ -104,7 +105,6 @@ pio: |
3027 |
+ } |
3028 |
+ dev_warn(&host->pdev->dev, |
3029 |
+ "DMA failed: %d, falling back to PIO\n", ret); |
3030 |
+- tmio_mmc_enable_dma(host, false); |
3031 |
+ } |
3032 |
+ |
3033 |
+ dev_dbg(&host->pdev->dev, "%s(): desc %p, cookie %d, sg[%d]\n", __func__, |
3034 |
+@@ -173,6 +173,7 @@ static void tmio_mmc_start_dma_tx(struct tmio_mmc_host *host) |
3035 |
+ pio: |
3036 |
+ if (!desc) { |
3037 |
+ /* DMA failed, fall back to PIO */ |
3038 |
++ tmio_mmc_enable_dma(host, false); |
3039 |
+ if (ret >= 0) |
3040 |
+ ret = -EIO; |
3041 |
+ host->chan_tx = NULL; |
3042 |
+@@ -185,7 +186,6 @@ pio: |
3043 |
+ } |
3044 |
+ dev_warn(&host->pdev->dev, |
3045 |
+ "DMA failed: %d, falling back to PIO\n", ret); |
3046 |
+- tmio_mmc_enable_dma(host, false); |
3047 |
+ } |
3048 |
+ |
3049 |
+ dev_dbg(&host->pdev->dev, "%s(): desc %p, cookie %d\n", __func__, |
3050 |
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
3051 |
+index b436b84..1bf36ac 100644 |
3052 |
+--- a/drivers/net/bonding/bond_main.c |
3053 |
++++ b/drivers/net/bonding/bond_main.c |
3054 |
+@@ -1911,6 +1911,7 @@ int bond_release(struct net_device *bond_dev, struct net_device *slave_dev) |
3055 |
+ struct bonding *bond = netdev_priv(bond_dev); |
3056 |
+ struct slave *slave, *oldcurrent; |
3057 |
+ struct sockaddr addr; |
3058 |
++ int old_flags = bond_dev->flags; |
3059 |
+ u32 old_features = bond_dev->features; |
3060 |
+ |
3061 |
+ /* slave is not a slave or master is not master of this slave */ |
3062 |
+@@ -2041,12 +2042,18 @@ int bond_release(struct net_device *bond_dev, struct net_device *slave_dev) |
3063 |
+ * already taken care of above when we detached the slave |
3064 |
+ */ |
3065 |
+ if (!USES_PRIMARY(bond->params.mode)) { |
3066 |
+- /* unset promiscuity level from slave */ |
3067 |
+- if (bond_dev->flags & IFF_PROMISC) |
3068 |
++ /* unset promiscuity level from slave |
3069 |
++ * NOTE: The NETDEV_CHANGEADDR call above may change the value |
3070 |
++ * of the IFF_PROMISC flag in the bond_dev, but we need the |
3071 |
++ * value of that flag before that change, as that was the value |
3072 |
++ * when this slave was attached, so we cache at the start of the |
3073 |
++ * function and use it here. Same goes for ALLMULTI below |
3074 |
++ */ |
3075 |
++ if (old_flags & IFF_PROMISC) |
3076 |
+ dev_set_promiscuity(slave_dev, -1); |
3077 |
+ |
3078 |
+ /* unset allmulti level from slave */ |
3079 |
+- if (bond_dev->flags & IFF_ALLMULTI) |
3080 |
++ if (old_flags & IFF_ALLMULTI) |
3081 |
+ dev_set_allmulti(slave_dev, -1); |
3082 |
+ |
3083 |
+ /* flush master's mc_list from slave */ |
3084 |
+diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c |
3085 |
+index e59d006..bb828c2 100644 |
3086 |
+--- a/drivers/net/can/flexcan.c |
3087 |
++++ b/drivers/net/can/flexcan.c |
3088 |
+@@ -60,7 +60,7 @@ |
3089 |
+ #define FLEXCAN_MCR_BCC BIT(16) |
3090 |
+ #define FLEXCAN_MCR_LPRIO_EN BIT(13) |
3091 |
+ #define FLEXCAN_MCR_AEN BIT(12) |
3092 |
+-#define FLEXCAN_MCR_MAXMB(x) ((x) & 0xf) |
3093 |
++#define FLEXCAN_MCR_MAXMB(x) ((x) & 0x1f) |
3094 |
+ #define FLEXCAN_MCR_IDAM_A (0 << 8) |
3095 |
+ #define FLEXCAN_MCR_IDAM_B (1 << 8) |
3096 |
+ #define FLEXCAN_MCR_IDAM_C (2 << 8) |
3097 |
+@@ -666,7 +666,6 @@ static int flexcan_chip_start(struct net_device *dev) |
3098 |
+ { |
3099 |
+ struct flexcan_priv *priv = netdev_priv(dev); |
3100 |
+ struct flexcan_regs __iomem *regs = priv->base; |
3101 |
+- unsigned int i; |
3102 |
+ int err; |
3103 |
+ u32 reg_mcr, reg_ctrl; |
3104 |
+ |
3105 |
+@@ -700,9 +699,11 @@ static int flexcan_chip_start(struct net_device *dev) |
3106 |
+ * |
3107 |
+ */ |
3108 |
+ reg_mcr = flexcan_read(®s->mcr); |
3109 |
++ reg_mcr &= ~FLEXCAN_MCR_MAXMB(0xff); |
3110 |
+ reg_mcr |= FLEXCAN_MCR_FRZ | FLEXCAN_MCR_FEN | FLEXCAN_MCR_HALT | |
3111 |
+ FLEXCAN_MCR_SUPV | FLEXCAN_MCR_WRN_EN | |
3112 |
+- FLEXCAN_MCR_IDAM_C; |
3113 |
++ FLEXCAN_MCR_IDAM_C | |
3114 |
++ FLEXCAN_MCR_MAXMB(FLEXCAN_TX_BUF_ID); |
3115 |
+ dev_dbg(dev->dev.parent, "%s: writing mcr=0x%08x", __func__, reg_mcr); |
3116 |
+ flexcan_write(reg_mcr, ®s->mcr); |
3117 |
+ |
3118 |
+@@ -732,16 +733,9 @@ static int flexcan_chip_start(struct net_device *dev) |
3119 |
+ dev_dbg(dev->dev.parent, "%s: writing ctrl=0x%08x", __func__, reg_ctrl); |
3120 |
+ flexcan_write(reg_ctrl, ®s->ctrl); |
3121 |
+ |
3122 |
+- for (i = 0; i < ARRAY_SIZE(regs->cantxfg); i++) { |
3123 |
+- flexcan_write(0, ®s->cantxfg[i].can_ctrl); |
3124 |
+- flexcan_write(0, ®s->cantxfg[i].can_id); |
3125 |
+- flexcan_write(0, ®s->cantxfg[i].data[0]); |
3126 |
+- flexcan_write(0, ®s->cantxfg[i].data[1]); |
3127 |
+- |
3128 |
+- /* put MB into rx queue */ |
3129 |
+- flexcan_write(FLEXCAN_MB_CNT_CODE(0x4), |
3130 |
+- ®s->cantxfg[i].can_ctrl); |
3131 |
+- } |
3132 |
++ /* Abort any pending TX, mark Mailbox as INACTIVE */ |
3133 |
++ flexcan_write(FLEXCAN_MB_CNT_CODE(0x4), |
3134 |
++ ®s->cantxfg[FLEXCAN_TX_BUF_ID].can_ctrl); |
3135 |
+ |
3136 |
+ /* acceptance mask/acceptance code (accept everything) */ |
3137 |
+ flexcan_write(0x0, ®s->rxgmask); |
3138 |
+diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c |
3139 |
+index d0722a7..fb9e7d3 100644 |
3140 |
+--- a/drivers/net/ethernet/freescale/gianfar.c |
3141 |
++++ b/drivers/net/ethernet/freescale/gianfar.c |
3142 |
+@@ -397,7 +397,13 @@ static void gfar_init_mac(struct net_device *ndev) |
3143 |
+ if (ndev->features & NETIF_F_IP_CSUM) |
3144 |
+ tctrl |= TCTRL_INIT_CSUM; |
3145 |
+ |
3146 |
+- tctrl |= TCTRL_TXSCHED_PRIO; |
3147 |
++ if (priv->prio_sched_en) |
3148 |
++ tctrl |= TCTRL_TXSCHED_PRIO; |
3149 |
++ else { |
3150 |
++ tctrl |= TCTRL_TXSCHED_WRRS; |
3151 |
++ gfar_write(®s->tr03wt, DEFAULT_WRRS_WEIGHT); |
3152 |
++ gfar_write(®s->tr47wt, DEFAULT_WRRS_WEIGHT); |
3153 |
++ } |
3154 |
+ |
3155 |
+ gfar_write(®s->tctrl, tctrl); |
3156 |
+ |
3157 |
+@@ -1157,6 +1163,9 @@ static int gfar_probe(struct platform_device *ofdev) |
3158 |
+ priv->rx_filer_enable = 1; |
3159 |
+ /* Enable most messages by default */ |
3160 |
+ priv->msg_enable = (NETIF_MSG_IFUP << 1 ) - 1; |
3161 |
++ /* use pritority h/w tx queue scheduling for single queue devices */ |
3162 |
++ if (priv->num_tx_queues == 1) |
3163 |
++ priv->prio_sched_en = 1; |
3164 |
+ |
3165 |
+ /* Carrier starts down, phylib will bring it up */ |
3166 |
+ netif_carrier_off(dev); |
3167 |
+diff --git a/drivers/net/ethernet/freescale/gianfar.h b/drivers/net/ethernet/freescale/gianfar.h |
3168 |
+index 9aa4377..abeb79a 100644 |
3169 |
+--- a/drivers/net/ethernet/freescale/gianfar.h |
3170 |
++++ b/drivers/net/ethernet/freescale/gianfar.h |
3171 |
+@@ -304,8 +304,16 @@ extern const char gfar_driver_version[]; |
3172 |
+ #define TCTRL_TFCPAUSE 0x00000008 |
3173 |
+ #define TCTRL_TXSCHED_MASK 0x00000006 |
3174 |
+ #define TCTRL_TXSCHED_INIT 0x00000000 |
3175 |
++/* priority scheduling */ |
3176 |
+ #define TCTRL_TXSCHED_PRIO 0x00000002 |
3177 |
++/* weighted round-robin scheduling (WRRS) */ |
3178 |
+ #define TCTRL_TXSCHED_WRRS 0x00000004 |
3179 |
++/* default WRRS weight and policy setting, |
3180 |
++ * tailored to the tr03wt and tr47wt registers: |
3181 |
++ * equal weight for all Tx Qs, measured in 64byte units |
3182 |
++ */ |
3183 |
++#define DEFAULT_WRRS_WEIGHT 0x18181818 |
3184 |
++ |
3185 |
+ #define TCTRL_INIT_CSUM (TCTRL_TUCSEN | TCTRL_IPCSEN) |
3186 |
+ |
3187 |
+ #define IEVENT_INIT_CLEAR 0xffffffff |
3188 |
+@@ -1101,7 +1109,8 @@ struct gfar_private { |
3189 |
+ extended_hash:1, |
3190 |
+ bd_stash_en:1, |
3191 |
+ rx_filer_enable:1, |
3192 |
+- wol_en:1; /* Wake-on-LAN enabled */ |
3193 |
++ wol_en:1, /* Wake-on-LAN enabled */ |
3194 |
++ prio_sched_en:1; /* Enable priorty based Tx scheduling in Hw */ |
3195 |
+ unsigned short padding; |
3196 |
+ |
3197 |
+ /* PHY stuff */ |
3198 |
+diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c |
3199 |
+index 8f47907..4236b82 100644 |
3200 |
+--- a/drivers/net/ethernet/realtek/8139cp.c |
3201 |
++++ b/drivers/net/ethernet/realtek/8139cp.c |
3202 |
+@@ -478,7 +478,7 @@ rx_status_loop: |
3203 |
+ |
3204 |
+ while (1) { |
3205 |
+ u32 status, len; |
3206 |
+- dma_addr_t mapping; |
3207 |
++ dma_addr_t mapping, new_mapping; |
3208 |
+ struct sk_buff *skb, *new_skb; |
3209 |
+ struct cp_desc *desc; |
3210 |
+ const unsigned buflen = cp->rx_buf_sz; |
3211 |
+@@ -520,6 +520,14 @@ rx_status_loop: |
3212 |
+ goto rx_next; |
3213 |
+ } |
3214 |
+ |
3215 |
++ new_mapping = dma_map_single(&cp->pdev->dev, new_skb->data, buflen, |
3216 |
++ PCI_DMA_FROMDEVICE); |
3217 |
++ if (dma_mapping_error(&cp->pdev->dev, new_mapping)) { |
3218 |
++ dev->stats.rx_dropped++; |
3219 |
++ kfree_skb(new_skb); |
3220 |
++ goto rx_next; |
3221 |
++ } |
3222 |
++ |
3223 |
+ dma_unmap_single(&cp->pdev->dev, mapping, |
3224 |
+ buflen, PCI_DMA_FROMDEVICE); |
3225 |
+ |
3226 |
+@@ -531,12 +539,11 @@ rx_status_loop: |
3227 |
+ |
3228 |
+ skb_put(skb, len); |
3229 |
+ |
3230 |
+- mapping = dma_map_single(&cp->pdev->dev, new_skb->data, buflen, |
3231 |
+- PCI_DMA_FROMDEVICE); |
3232 |
+ cp->rx_skb[rx_tail] = new_skb; |
3233 |
+ |
3234 |
+ cp_rx_skb(cp, skb, desc); |
3235 |
+ rx++; |
3236 |
++ mapping = new_mapping; |
3237 |
+ |
3238 |
+ rx_next: |
3239 |
+ cp->rx_ring[rx_tail].opts2 = 0; |
3240 |
+@@ -704,6 +711,22 @@ static inline u32 cp_tx_vlan_tag(struct sk_buff *skb) |
3241 |
+ TxVlanTag | swab16(vlan_tx_tag_get(skb)) : 0x00; |
3242 |
+ } |
3243 |
+ |
3244 |
++static void unwind_tx_frag_mapping(struct cp_private *cp, struct sk_buff *skb, |
3245 |
++ int first, int entry_last) |
3246 |
++{ |
3247 |
++ int frag, index; |
3248 |
++ struct cp_desc *txd; |
3249 |
++ skb_frag_t *this_frag; |
3250 |
++ for (frag = 0; frag+first < entry_last; frag++) { |
3251 |
++ index = first+frag; |
3252 |
++ cp->tx_skb[index] = NULL; |
3253 |
++ txd = &cp->tx_ring[index]; |
3254 |
++ this_frag = &skb_shinfo(skb)->frags[frag]; |
3255 |
++ dma_unmap_single(&cp->pdev->dev, le64_to_cpu(txd->addr), |
3256 |
++ skb_frag_size(this_frag), PCI_DMA_TODEVICE); |
3257 |
++ } |
3258 |
++} |
3259 |
++ |
3260 |
+ static netdev_tx_t cp_start_xmit (struct sk_buff *skb, |
3261 |
+ struct net_device *dev) |
3262 |
+ { |
3263 |
+@@ -737,6 +760,9 @@ static netdev_tx_t cp_start_xmit (struct sk_buff *skb, |
3264 |
+ |
3265 |
+ len = skb->len; |
3266 |
+ mapping = dma_map_single(&cp->pdev->dev, skb->data, len, PCI_DMA_TODEVICE); |
3267 |
++ if (dma_mapping_error(&cp->pdev->dev, mapping)) |
3268 |
++ goto out_dma_error; |
3269 |
++ |
3270 |
+ txd->opts2 = opts2; |
3271 |
+ txd->addr = cpu_to_le64(mapping); |
3272 |
+ wmb(); |
3273 |
+@@ -774,6 +800,9 @@ static netdev_tx_t cp_start_xmit (struct sk_buff *skb, |
3274 |
+ first_len = skb_headlen(skb); |
3275 |
+ first_mapping = dma_map_single(&cp->pdev->dev, skb->data, |
3276 |
+ first_len, PCI_DMA_TODEVICE); |
3277 |
++ if (dma_mapping_error(&cp->pdev->dev, first_mapping)) |
3278 |
++ goto out_dma_error; |
3279 |
++ |
3280 |
+ cp->tx_skb[entry] = skb; |
3281 |
+ entry = NEXT_TX(entry); |
3282 |
+ |
3283 |
+@@ -787,6 +816,11 @@ static netdev_tx_t cp_start_xmit (struct sk_buff *skb, |
3284 |
+ mapping = dma_map_single(&cp->pdev->dev, |
3285 |
+ skb_frag_address(this_frag), |
3286 |
+ len, PCI_DMA_TODEVICE); |
3287 |
++ if (dma_mapping_error(&cp->pdev->dev, mapping)) { |
3288 |
++ unwind_tx_frag_mapping(cp, skb, first_entry, entry); |
3289 |
++ goto out_dma_error; |
3290 |
++ } |
3291 |
++ |
3292 |
+ eor = (entry == (CP_TX_RING_SIZE - 1)) ? RingEnd : 0; |
3293 |
+ |
3294 |
+ ctrl = eor | len | DescOwn; |
3295 |
+@@ -845,11 +879,16 @@ static netdev_tx_t cp_start_xmit (struct sk_buff *skb, |
3296 |
+ if (TX_BUFFS_AVAIL(cp) <= (MAX_SKB_FRAGS + 1)) |
3297 |
+ netif_stop_queue(dev); |
3298 |
+ |
3299 |
++out_unlock: |
3300 |
+ spin_unlock_irqrestore(&cp->lock, intr_flags); |
3301 |
+ |
3302 |
+ cpw8(TxPoll, NormalTxPoll); |
3303 |
+ |
3304 |
+ return NETDEV_TX_OK; |
3305 |
++out_dma_error: |
3306 |
++ kfree_skb(skb); |
3307 |
++ cp->dev->stats.tx_dropped++; |
3308 |
++ goto out_unlock; |
3309 |
+ } |
3310 |
+ |
3311 |
+ /* Set or clear the multicast filter for this adaptor. |
3312 |
+@@ -1023,6 +1062,10 @@ static int cp_refill_rx(struct cp_private *cp) |
3313 |
+ |
3314 |
+ mapping = dma_map_single(&cp->pdev->dev, skb->data, |
3315 |
+ cp->rx_buf_sz, PCI_DMA_FROMDEVICE); |
3316 |
++ if (dma_mapping_error(&cp->pdev->dev, mapping)) { |
3317 |
++ kfree_skb(skb); |
3318 |
++ goto err_out; |
3319 |
++ } |
3320 |
+ cp->rx_skb[i] = skb; |
3321 |
+ |
3322 |
+ cp->rx_ring[i].opts2 = 0; |
3323 |
+diff --git a/drivers/net/ethernet/sfc/rx.c b/drivers/net/ethernet/sfc/rx.c |
3324 |
+index 9ce8665..c231b3f 100644 |
3325 |
+--- a/drivers/net/ethernet/sfc/rx.c |
3326 |
++++ b/drivers/net/ethernet/sfc/rx.c |
3327 |
+@@ -312,8 +312,9 @@ static void efx_resurrect_rx_buffer(struct efx_rx_queue *rx_queue, |
3328 |
+ |
3329 |
+ index = rx_queue->added_count & rx_queue->ptr_mask; |
3330 |
+ new_buf = efx_rx_buffer(rx_queue, index); |
3331 |
+- new_buf->dma_addr = rx_buf->dma_addr ^ (PAGE_SIZE >> 1); |
3332 |
+ new_buf->u.page = rx_buf->u.page; |
3333 |
++ new_buf->page_offset = rx_buf->page_offset ^ (PAGE_SIZE >> 1); |
3334 |
++ new_buf->dma_addr = state->dma_addr + new_buf->page_offset; |
3335 |
+ new_buf->len = rx_buf->len; |
3336 |
+ new_buf->is_page = true; |
3337 |
+ ++rx_queue->added_count; |
3338 |
+diff --git a/drivers/net/ethernet/via/via-rhine.c b/drivers/net/ethernet/via/via-rhine.c |
3339 |
+index f34dd99..f37e0ae 100644 |
3340 |
+--- a/drivers/net/ethernet/via/via-rhine.c |
3341 |
++++ b/drivers/net/ethernet/via/via-rhine.c |
3342 |
+@@ -32,7 +32,7 @@ |
3343 |
+ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
3344 |
+ |
3345 |
+ #define DRV_NAME "via-rhine" |
3346 |
+-#define DRV_VERSION "1.5.0" |
3347 |
++#define DRV_VERSION "1.5.1" |
3348 |
+ #define DRV_RELDATE "2010-10-09" |
3349 |
+ |
3350 |
+ |
3351 |
+@@ -1518,7 +1518,12 @@ static netdev_tx_t rhine_start_tx(struct sk_buff *skb, |
3352 |
+ cpu_to_le32(TXDESC | (skb->len >= ETH_ZLEN ? skb->len : ETH_ZLEN)); |
3353 |
+ |
3354 |
+ if (unlikely(vlan_tx_tag_present(skb))) { |
3355 |
+- rp->tx_ring[entry].tx_status = cpu_to_le32((vlan_tx_tag_get(skb)) << 16); |
3356 |
++ u16 vid_pcp = vlan_tx_tag_get(skb); |
3357 |
++ |
3358 |
++ /* drop CFI/DEI bit, register needs VID and PCP */ |
3359 |
++ vid_pcp = (vid_pcp & VLAN_VID_MASK) | |
3360 |
++ ((vid_pcp & VLAN_PRIO_MASK) >> 1); |
3361 |
++ rp->tx_ring[entry].tx_status = cpu_to_le32((vid_pcp) << 16); |
3362 |
+ /* request tagging */ |
3363 |
+ rp->tx_ring[entry].desc_length |= cpu_to_le32(0x020000); |
3364 |
+ } |
3365 |
+diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c |
3366 |
+index 2681b53..e26945d 100644 |
3367 |
+--- a/drivers/net/ethernet/xilinx/ll_temac_main.c |
3368 |
++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c |
3369 |
+@@ -308,6 +308,12 @@ static int temac_dma_bd_init(struct net_device *ndev) |
3370 |
+ lp->rx_bd_p + (sizeof(*lp->rx_bd_v) * (RX_BD_NUM - 1))); |
3371 |
+ lp->dma_out(lp, TX_CURDESC_PTR, lp->tx_bd_p); |
3372 |
+ |
3373 |
++ /* Init descriptor indexes */ |
3374 |
++ lp->tx_bd_ci = 0; |
3375 |
++ lp->tx_bd_next = 0; |
3376 |
++ lp->tx_bd_tail = 0; |
3377 |
++ lp->rx_bd_ci = 0; |
3378 |
++ |
3379 |
+ return 0; |
3380 |
+ |
3381 |
+ out: |
3382 |
+diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c |
3383 |
+index 96b9e3c..b0f9015 100644 |
3384 |
+--- a/drivers/net/macvtap.c |
3385 |
++++ b/drivers/net/macvtap.c |
3386 |
+@@ -641,6 +641,28 @@ static int macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, |
3387 |
+ return 0; |
3388 |
+ } |
3389 |
+ |
3390 |
++static unsigned long iov_pages(const struct iovec *iv, int offset, |
3391 |
++ unsigned long nr_segs) |
3392 |
++{ |
3393 |
++ unsigned long seg, base; |
3394 |
++ int pages = 0, len, size; |
3395 |
++ |
3396 |
++ while (nr_segs && (offset >= iv->iov_len)) { |
3397 |
++ offset -= iv->iov_len; |
3398 |
++ ++iv; |
3399 |
++ --nr_segs; |
3400 |
++ } |
3401 |
++ |
3402 |
++ for (seg = 0; seg < nr_segs; seg++) { |
3403 |
++ base = (unsigned long)iv[seg].iov_base + offset; |
3404 |
++ len = iv[seg].iov_len - offset; |
3405 |
++ size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT; |
3406 |
++ pages += size; |
3407 |
++ offset = 0; |
3408 |
++ } |
3409 |
++ |
3410 |
++ return pages; |
3411 |
++} |
3412 |
+ |
3413 |
+ /* Get packet from user space buffer */ |
3414 |
+ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, |
3415 |
+@@ -687,31 +709,15 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, |
3416 |
+ if (unlikely(count > UIO_MAXIOV)) |
3417 |
+ goto err; |
3418 |
+ |
3419 |
+- if (m && m->msg_control && sock_flag(&q->sk, SOCK_ZEROCOPY)) |
3420 |
+- zerocopy = true; |
3421 |
+- |
3422 |
+- if (zerocopy) { |
3423 |
+- /* Userspace may produce vectors with count greater than |
3424 |
+- * MAX_SKB_FRAGS, so we need to linearize parts of the skb |
3425 |
+- * to let the rest of data to be fit in the frags. |
3426 |
+- */ |
3427 |
+- if (count > MAX_SKB_FRAGS) { |
3428 |
+- copylen = iov_length(iv, count - MAX_SKB_FRAGS); |
3429 |
+- if (copylen < vnet_hdr_len) |
3430 |
+- copylen = 0; |
3431 |
+- else |
3432 |
+- copylen -= vnet_hdr_len; |
3433 |
+- } |
3434 |
+- /* There are 256 bytes to be copied in skb, so there is enough |
3435 |
+- * room for skb expand head in case it is used. |
3436 |
+- * The rest buffer is mapped from userspace. |
3437 |
+- */ |
3438 |
+- if (copylen < vnet_hdr.hdr_len) |
3439 |
+- copylen = vnet_hdr.hdr_len; |
3440 |
+- if (!copylen) |
3441 |
+- copylen = GOODCOPY_LEN; |
3442 |
++ if (m && m->msg_control && sock_flag(&q->sk, SOCK_ZEROCOPY)) { |
3443 |
++ copylen = vnet_hdr.hdr_len ? vnet_hdr.hdr_len : GOODCOPY_LEN; |
3444 |
+ linear = copylen; |
3445 |
+- } else { |
3446 |
++ if (iov_pages(iv, vnet_hdr_len + copylen, count) |
3447 |
++ <= MAX_SKB_FRAGS) |
3448 |
++ zerocopy = true; |
3449 |
++ } |
3450 |
++ |
3451 |
++ if (!zerocopy) { |
3452 |
+ copylen = len; |
3453 |
+ linear = vnet_hdr.hdr_len; |
3454 |
+ } |
3455 |
+@@ -723,9 +729,15 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, |
3456 |
+ |
3457 |
+ if (zerocopy) |
3458 |
+ err = zerocopy_sg_from_iovec(skb, iv, vnet_hdr_len, count); |
3459 |
+- else |
3460 |
++ else { |
3461 |
+ err = skb_copy_datagram_from_iovec(skb, 0, iv, vnet_hdr_len, |
3462 |
+ len); |
3463 |
++ if (!err && m && m->msg_control) { |
3464 |
++ struct ubuf_info *uarg = m->msg_control; |
3465 |
++ uarg->callback(uarg); |
3466 |
++ } |
3467 |
++ } |
3468 |
++ |
3469 |
+ if (err) |
3470 |
+ goto err_kfree; |
3471 |
+ |
3472 |
+diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c |
3473 |
+index ad6a9d9..2b349d3 100644 |
3474 |
+--- a/drivers/net/ppp/pptp.c |
3475 |
++++ b/drivers/net/ppp/pptp.c |
3476 |
+@@ -281,7 +281,7 @@ static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) |
3477 |
+ nf_reset(skb); |
3478 |
+ |
3479 |
+ skb->ip_summed = CHECKSUM_NONE; |
3480 |
+- ip_select_ident(iph, &rt->dst, NULL); |
3481 |
++ ip_select_ident(skb, &rt->dst, NULL); |
3482 |
+ ip_send_check(iph); |
3483 |
+ |
3484 |
+ ip_local_out(skb); |
3485 |
+diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
3486 |
+index f4c5de6..ee1aab0 100644 |
3487 |
+--- a/drivers/net/tun.c |
3488 |
++++ b/drivers/net/tun.c |
3489 |
+@@ -614,8 +614,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, |
3490 |
+ int offset = 0; |
3491 |
+ |
3492 |
+ if (!(tun->flags & TUN_NO_PI)) { |
3493 |
+- if ((len -= sizeof(pi)) > count) |
3494 |
++ if (len < sizeof(pi)) |
3495 |
+ return -EINVAL; |
3496 |
++ len -= sizeof(pi); |
3497 |
+ |
3498 |
+ if (memcpy_fromiovecend((void *)&pi, iv, 0, sizeof(pi))) |
3499 |
+ return -EFAULT; |
3500 |
+@@ -623,8 +624,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, |
3501 |
+ } |
3502 |
+ |
3503 |
+ if (tun->flags & TUN_VNET_HDR) { |
3504 |
+- if ((len -= tun->vnet_hdr_sz) > count) |
3505 |
++ if (len < tun->vnet_hdr_sz) |
3506 |
+ return -EINVAL; |
3507 |
++ len -= tun->vnet_hdr_sz; |
3508 |
+ |
3509 |
+ if (memcpy_fromiovecend((void *)&gso, iv, offset, sizeof(gso))) |
3510 |
+ return -EFAULT; |
3511 |
+diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c |
3512 |
+index 2ba40cf..43aa06b 100644 |
3513 |
+--- a/drivers/net/usb/cdc_ether.c |
3514 |
++++ b/drivers/net/usb/cdc_ether.c |
3515 |
+@@ -615,6 +615,11 @@ static const struct usb_device_id products [] = { |
3516 |
+ .bInterfaceProtocol = USB_CDC_PROTO_NONE, |
3517 |
+ .driver_info = (unsigned long)&wwan_info, |
3518 |
+ }, { |
3519 |
++ /* Telit modules */ |
3520 |
++ USB_VENDOR_AND_INTERFACE_INFO(0x1bc7, USB_CLASS_COMM, |
3521 |
++ USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE), |
3522 |
++ .driver_info = (kernel_ulong_t) &wwan_info, |
3523 |
++}, { |
3524 |
+ USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ETHERNET, |
3525 |
+ USB_CDC_PROTO_NONE), |
3526 |
+ .driver_info = (unsigned long) &cdc_info, |
3527 |
+diff --git a/drivers/net/usb/dm9601.c b/drivers/net/usb/dm9601.c |
3528 |
+index fbc0e4d..136ecf3 100644 |
3529 |
+--- a/drivers/net/usb/dm9601.c |
3530 |
++++ b/drivers/net/usb/dm9601.c |
3531 |
+@@ -384,7 +384,7 @@ static void dm9601_set_multicast(struct net_device *net) |
3532 |
+ rx_ctl |= 0x02; |
3533 |
+ } else if (net->flags & IFF_ALLMULTI || |
3534 |
+ netdev_mc_count(net) > DM_MAX_MCAST) { |
3535 |
+- rx_ctl |= 0x04; |
3536 |
++ rx_ctl |= 0x08; |
3537 |
+ } else if (!netdev_mc_empty(net)) { |
3538 |
+ struct netdev_hw_addr *ha; |
3539 |
+ |
3540 |
+diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c |
3541 |
+index 73be7ff..f146824 100644 |
3542 |
+--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c |
3543 |
++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c |
3544 |
+@@ -1016,6 +1016,10 @@ static bool ar9003_hw_ani_control(struct ath_hw *ah, |
3545 |
+ * is_on == 0 means MRC CCK is OFF (more noise imm) |
3546 |
+ */ |
3547 |
+ bool is_on = param ? 1 : 0; |
3548 |
++ |
3549 |
++ if (ah->caps.rx_chainmask == 1) |
3550 |
++ break; |
3551 |
++ |
3552 |
+ REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, |
3553 |
+ AR_PHY_MRC_CCK_ENABLE, is_on); |
3554 |
+ REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, |
3555 |
+diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h |
3556 |
+index 1c269f5..7c70cf2 100644 |
3557 |
+--- a/drivers/net/wireless/ath/ath9k/ath9k.h |
3558 |
++++ b/drivers/net/wireless/ath/ath9k/ath9k.h |
3559 |
+@@ -77,10 +77,6 @@ struct ath_config { |
3560 |
+ sizeof(struct ath_buf_state)); \ |
3561 |
+ } while (0) |
3562 |
+ |
3563 |
+-#define ATH_RXBUF_RESET(_bf) do { \ |
3564 |
+- (_bf)->bf_stale = false; \ |
3565 |
+- } while (0) |
3566 |
+- |
3567 |
+ /** |
3568 |
+ * enum buffer_type - Buffer type flags |
3569 |
+ * |
3570 |
+@@ -308,6 +304,7 @@ struct ath_rx { |
3571 |
+ struct ath_buf *rx_bufptr; |
3572 |
+ struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX]; |
3573 |
+ |
3574 |
++ struct ath_buf *buf_hold; |
3575 |
+ struct sk_buff *frag; |
3576 |
+ }; |
3577 |
+ |
3578 |
+diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c |
3579 |
+index d171a72..8326c14 100644 |
3580 |
+--- a/drivers/net/wireless/ath/ath9k/recv.c |
3581 |
++++ b/drivers/net/wireless/ath/ath9k/recv.c |
3582 |
+@@ -78,8 +78,6 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf) |
3583 |
+ struct ath_desc *ds; |
3584 |
+ struct sk_buff *skb; |
3585 |
+ |
3586 |
+- ATH_RXBUF_RESET(bf); |
3587 |
+- |
3588 |
+ ds = bf->bf_desc; |
3589 |
+ ds->ds_link = 0; /* link to null */ |
3590 |
+ ds->ds_data = bf->bf_buf_addr; |
3591 |
+@@ -106,6 +104,14 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf) |
3592 |
+ sc->rx.rxlink = &ds->ds_link; |
3593 |
+ } |
3594 |
+ |
3595 |
++static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_buf *bf) |
3596 |
++{ |
3597 |
++ if (sc->rx.buf_hold) |
3598 |
++ ath_rx_buf_link(sc, sc->rx.buf_hold); |
3599 |
++ |
3600 |
++ sc->rx.buf_hold = bf; |
3601 |
++} |
3602 |
++ |
3603 |
+ static void ath_setdefantenna(struct ath_softc *sc, u32 antenna) |
3604 |
+ { |
3605 |
+ /* XXX block beacon interrupts */ |
3606 |
+@@ -153,7 +159,6 @@ static bool ath_rx_edma_buf_link(struct ath_softc *sc, |
3607 |
+ |
3608 |
+ skb = bf->bf_mpdu; |
3609 |
+ |
3610 |
+- ATH_RXBUF_RESET(bf); |
3611 |
+ memset(skb->data, 0, ah->caps.rx_status_len); |
3612 |
+ dma_sync_single_for_device(sc->dev, bf->bf_buf_addr, |
3613 |
+ ah->caps.rx_status_len, DMA_TO_DEVICE); |
3614 |
+@@ -492,6 +497,7 @@ int ath_startrecv(struct ath_softc *sc) |
3615 |
+ if (list_empty(&sc->rx.rxbuf)) |
3616 |
+ goto start_recv; |
3617 |
+ |
3618 |
++ sc->rx.buf_hold = NULL; |
3619 |
+ sc->rx.rxlink = NULL; |
3620 |
+ list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) { |
3621 |
+ ath_rx_buf_link(sc, bf); |
3622 |
+@@ -742,6 +748,9 @@ static struct ath_buf *ath_get_next_rx_buf(struct ath_softc *sc, |
3623 |
+ } |
3624 |
+ |
3625 |
+ bf = list_first_entry(&sc->rx.rxbuf, struct ath_buf, list); |
3626 |
++ if (bf == sc->rx.buf_hold) |
3627 |
++ return NULL; |
3628 |
++ |
3629 |
+ ds = bf->bf_desc; |
3630 |
+ |
3631 |
+ /* |
3632 |
+@@ -1974,7 +1983,7 @@ requeue: |
3633 |
+ if (edma) { |
3634 |
+ ath_rx_edma_buf_link(sc, qtype); |
3635 |
+ } else { |
3636 |
+- ath_rx_buf_link(sc, bf); |
3637 |
++ ath_rx_buf_relink(sc, bf); |
3638 |
+ ath9k_hw_rxena(ah); |
3639 |
+ } |
3640 |
+ } while (1); |
3641 |
+diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c |
3642 |
+index 18da100..126ed31 100644 |
3643 |
+--- a/drivers/net/wireless/ath/ath9k/xmit.c |
3644 |
++++ b/drivers/net/wireless/ath/ath9k/xmit.c |
3645 |
+@@ -2423,6 +2423,7 @@ void ath_tx_node_init(struct ath_softc *sc, struct ath_node *an) |
3646 |
+ for (acno = 0, ac = &an->ac[acno]; |
3647 |
+ acno < WME_NUM_AC; acno++, ac++) { |
3648 |
+ ac->sched = false; |
3649 |
++ ac->clear_ps_filter = true; |
3650 |
+ ac->txq = sc->tx.txq_map[acno]; |
3651 |
+ INIT_LIST_HEAD(&ac->tid_q); |
3652 |
+ } |
3653 |
+diff --git a/drivers/net/wireless/p54/p54usb.c b/drivers/net/wireless/p54/p54usb.c |
3654 |
+index 564218c..0784493 100644 |
3655 |
+--- a/drivers/net/wireless/p54/p54usb.c |
3656 |
++++ b/drivers/net/wireless/p54/p54usb.c |
3657 |
+@@ -83,6 +83,7 @@ static struct usb_device_id p54u_table[] = { |
3658 |
+ {USB_DEVICE(0x06a9, 0x000e)}, /* Westell 802.11g USB (A90-211WG-01) */ |
3659 |
+ {USB_DEVICE(0x06b9, 0x0121)}, /* Thomson SpeedTouch 121g */ |
3660 |
+ {USB_DEVICE(0x0707, 0xee13)}, /* SMC 2862W-G version 2 */ |
3661 |
++ {USB_DEVICE(0x07aa, 0x0020)}, /* Corega WLUSB2GTST USB */ |
3662 |
+ {USB_DEVICE(0x0803, 0x4310)}, /* Zoom 4410a */ |
3663 |
+ {USB_DEVICE(0x083a, 0x4521)}, /* Siemens Gigaset USB Adapter 54 version 2 */ |
3664 |
+ {USB_DEVICE(0x083a, 0x4531)}, /* T-Com Sinus 154 data II */ |
3665 |
+diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c |
3666 |
+index 67cbe5a..8fb8c9e 100644 |
3667 |
+--- a/drivers/net/wireless/rt2x00/rt2800lib.c |
3668 |
++++ b/drivers/net/wireless/rt2x00/rt2800lib.c |
3669 |
+@@ -2067,6 +2067,13 @@ static int rt2800_get_gain_calibration_delta(struct rt2x00_dev *rt2x00dev) |
3670 |
+ int i; |
3671 |
+ |
3672 |
+ /* |
3673 |
++ * First check if temperature compensation is supported. |
3674 |
++ */ |
3675 |
++ rt2x00_eeprom_read(rt2x00dev, EEPROM_NIC_CONF1, &eeprom); |
3676 |
++ if (!rt2x00_get_field16(eeprom, EEPROM_NIC_CONF1_EXTERNAL_TX_ALC)) |
3677 |
++ return 0; |
3678 |
++ |
3679 |
++ /* |
3680 |
+ * Read TSSI boundaries for temperature compensation from |
3681 |
+ * the EEPROM. |
3682 |
+ * |
3683 |
+diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h |
3684 |
+index deb87e9..82baaa2 100644 |
3685 |
+--- a/drivers/net/wireless/rtlwifi/wifi.h |
3686 |
++++ b/drivers/net/wireless/rtlwifi/wifi.h |
3687 |
+@@ -1630,7 +1630,7 @@ struct rtl_priv { |
3688 |
+ that it points to the data allocated |
3689 |
+ beyond this structure like: |
3690 |
+ rtl_pci_priv or rtl_usb_priv */ |
3691 |
+- u8 priv[0]; |
3692 |
++ u8 priv[0] __aligned(sizeof(void *)); |
3693 |
+ }; |
3694 |
+ |
3695 |
+ #define rtl_priv(hw) (((struct rtl_priv *)(hw)->priv)) |
3696 |
+diff --git a/drivers/of/base.c b/drivers/of/base.c |
3697 |
+index 9b6588e..37639a6 100644 |
3698 |
+--- a/drivers/of/base.c |
3699 |
++++ b/drivers/of/base.c |
3700 |
+@@ -1189,6 +1189,7 @@ void of_alias_scan(void * (*dt_alloc)(u64 size, u64 align)) |
3701 |
+ ap = dt_alloc(sizeof(*ap) + len + 1, 4); |
3702 |
+ if (!ap) |
3703 |
+ continue; |
3704 |
++ memset(ap, 0, sizeof(*ap) + len + 1); |
3705 |
+ ap->alias = start; |
3706 |
+ of_alias_add(ap, np, id, start, len); |
3707 |
+ } |
3708 |
+diff --git a/drivers/scsi/esp_scsi.c b/drivers/scsi/esp_scsi.c |
3709 |
+index 394ed9e..4aa30d8 100644 |
3710 |
+--- a/drivers/scsi/esp_scsi.c |
3711 |
++++ b/drivers/scsi/esp_scsi.c |
3712 |
+@@ -530,7 +530,7 @@ static int esp_need_to_nego_sync(struct esp_target_data *tp) |
3713 |
+ static int esp_alloc_lun_tag(struct esp_cmd_entry *ent, |
3714 |
+ struct esp_lun_data *lp) |
3715 |
+ { |
3716 |
+- if (!ent->tag[0]) { |
3717 |
++ if (!ent->orig_tag[0]) { |
3718 |
+ /* Non-tagged, slot already taken? */ |
3719 |
+ if (lp->non_tagged_cmd) |
3720 |
+ return -EBUSY; |
3721 |
+@@ -564,9 +564,9 @@ static int esp_alloc_lun_tag(struct esp_cmd_entry *ent, |
3722 |
+ return -EBUSY; |
3723 |
+ } |
3724 |
+ |
3725 |
+- BUG_ON(lp->tagged_cmds[ent->tag[1]]); |
3726 |
++ BUG_ON(lp->tagged_cmds[ent->orig_tag[1]]); |
3727 |
+ |
3728 |
+- lp->tagged_cmds[ent->tag[1]] = ent; |
3729 |
++ lp->tagged_cmds[ent->orig_tag[1]] = ent; |
3730 |
+ lp->num_tagged++; |
3731 |
+ |
3732 |
+ return 0; |
3733 |
+@@ -575,9 +575,9 @@ static int esp_alloc_lun_tag(struct esp_cmd_entry *ent, |
3734 |
+ static void esp_free_lun_tag(struct esp_cmd_entry *ent, |
3735 |
+ struct esp_lun_data *lp) |
3736 |
+ { |
3737 |
+- if (ent->tag[0]) { |
3738 |
+- BUG_ON(lp->tagged_cmds[ent->tag[1]] != ent); |
3739 |
+- lp->tagged_cmds[ent->tag[1]] = NULL; |
3740 |
++ if (ent->orig_tag[0]) { |
3741 |
++ BUG_ON(lp->tagged_cmds[ent->orig_tag[1]] != ent); |
3742 |
++ lp->tagged_cmds[ent->orig_tag[1]] = NULL; |
3743 |
+ lp->num_tagged--; |
3744 |
+ } else { |
3745 |
+ BUG_ON(lp->non_tagged_cmd != ent); |
3746 |
+@@ -667,6 +667,8 @@ static struct esp_cmd_entry *find_and_prep_issuable_command(struct esp *esp) |
3747 |
+ ent->tag[0] = 0; |
3748 |
+ ent->tag[1] = 0; |
3749 |
+ } |
3750 |
++ ent->orig_tag[0] = ent->tag[0]; |
3751 |
++ ent->orig_tag[1] = ent->tag[1]; |
3752 |
+ |
3753 |
+ if (esp_alloc_lun_tag(ent, lp) < 0) |
3754 |
+ continue; |
3755 |
+diff --git a/drivers/scsi/esp_scsi.h b/drivers/scsi/esp_scsi.h |
3756 |
+index 28e22ac..cd68805 100644 |
3757 |
+--- a/drivers/scsi/esp_scsi.h |
3758 |
++++ b/drivers/scsi/esp_scsi.h |
3759 |
+@@ -271,6 +271,7 @@ struct esp_cmd_entry { |
3760 |
+ #define ESP_CMD_FLAG_AUTOSENSE 0x04 /* Doing automatic REQUEST_SENSE */ |
3761 |
+ |
3762 |
+ u8 tag[2]; |
3763 |
++ u8 orig_tag[2]; |
3764 |
+ |
3765 |
+ u8 status; |
3766 |
+ u8 message; |
3767 |
+diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c |
3768 |
+index 96029e6..c874458 100644 |
3769 |
+--- a/drivers/scsi/scsi_transport_iscsi.c |
3770 |
++++ b/drivers/scsi/scsi_transport_iscsi.c |
3771 |
+@@ -2105,7 +2105,7 @@ iscsi_if_rx(struct sk_buff *skb) |
3772 |
+ break; |
3773 |
+ err = iscsi_if_send_reply(group, nlh->nlmsg_seq, |
3774 |
+ nlh->nlmsg_type, 0, 0, ev, sizeof(*ev)); |
3775 |
+- } while (err < 0 && err != -ECONNREFUSED); |
3776 |
++ } while (err < 0 && err != -ECONNREFUSED && err != -ESRCH); |
3777 |
+ skb_pull(skb, rlen); |
3778 |
+ } |
3779 |
+ mutex_unlock(&rx_queue_mutex); |
3780 |
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
3781 |
+index 17603da..f6d2b62 100644 |
3782 |
+--- a/drivers/scsi/sd.c |
3783 |
++++ b/drivers/scsi/sd.c |
3784 |
+@@ -2136,14 +2136,9 @@ sd_read_cache_type(struct scsi_disk *sdkp, unsigned char *buffer) |
3785 |
+ } |
3786 |
+ } |
3787 |
+ |
3788 |
+- if (modepage == 0x3F) { |
3789 |
+- sd_printk(KERN_ERR, sdkp, "No Caching mode page " |
3790 |
+- "present\n"); |
3791 |
+- goto defaults; |
3792 |
+- } else if ((buffer[offset] & 0x3f) != modepage) { |
3793 |
+- sd_printk(KERN_ERR, sdkp, "Got wrong page\n"); |
3794 |
+- goto defaults; |
3795 |
+- } |
3796 |
++ sd_printk(KERN_ERR, sdkp, "No Caching mode page found\n"); |
3797 |
++ goto defaults; |
3798 |
++ |
3799 |
+ Page_found: |
3800 |
+ if (modepage == 8) { |
3801 |
+ sdkp->WCE = ((buffer[offset + 2] & 0x04) != 0); |
3802 |
+diff --git a/drivers/staging/comedi/drivers/dt282x.c b/drivers/staging/comedi/drivers/dt282x.c |
3803 |
+index 95ebc26..e3adb38 100644 |
3804 |
+--- a/drivers/staging/comedi/drivers/dt282x.c |
3805 |
++++ b/drivers/staging/comedi/drivers/dt282x.c |
3806 |
+@@ -407,8 +407,9 @@ struct dt282x_private { |
3807 |
+ } \ |
3808 |
+ udelay(5); \ |
3809 |
+ } \ |
3810 |
+- if (_i) \ |
3811 |
++ if (_i) { \ |
3812 |
+ b \ |
3813 |
++ } \ |
3814 |
+ } while (0) |
3815 |
+ |
3816 |
+ static int dt282x_attach(struct comedi_device *dev, |
3817 |
+diff --git a/drivers/staging/comedi/drivers/ni_65xx.c b/drivers/staging/comedi/drivers/ni_65xx.c |
3818 |
+index 403fc09..8b564ad 100644 |
3819 |
+--- a/drivers/staging/comedi/drivers/ni_65xx.c |
3820 |
++++ b/drivers/staging/comedi/drivers/ni_65xx.c |
3821 |
+@@ -411,29 +411,25 @@ static int ni_65xx_dio_insn_bits(struct comedi_device *dev, |
3822 |
+ struct comedi_subdevice *s, |
3823 |
+ struct comedi_insn *insn, unsigned int *data) |
3824 |
+ { |
3825 |
+- unsigned base_bitfield_channel; |
3826 |
+- const unsigned max_ports_per_bitfield = 5; |
3827 |
++ int base_bitfield_channel; |
3828 |
+ unsigned read_bits = 0; |
3829 |
+- unsigned j; |
3830 |
++ int last_port_offset = ni_65xx_port_by_channel(s->n_chan - 1); |
3831 |
++ int port_offset; |
3832 |
++ |
3833 |
+ if (insn->n != 2) |
3834 |
+ return -EINVAL; |
3835 |
+ base_bitfield_channel = CR_CHAN(insn->chanspec); |
3836 |
+- for (j = 0; j < max_ports_per_bitfield; ++j) { |
3837 |
+- const unsigned port_offset = |
3838 |
+- ni_65xx_port_by_channel(base_bitfield_channel) + j; |
3839 |
+- const unsigned port = |
3840 |
+- sprivate(s)->base_port + port_offset; |
3841 |
+- unsigned base_port_channel; |
3842 |
++ for (port_offset = ni_65xx_port_by_channel(base_bitfield_channel); |
3843 |
++ port_offset <= last_port_offset; port_offset++) { |
3844 |
++ unsigned port = sprivate(s)->base_port + port_offset; |
3845 |
++ int base_port_channel = port_offset * ni_65xx_channels_per_port; |
3846 |
+ unsigned port_mask, port_data, port_read_bits; |
3847 |
+- int bitshift; |
3848 |
+- if (port >= ni_65xx_total_num_ports(board(dev))) |
3849 |
++ int bitshift = base_port_channel - base_bitfield_channel; |
3850 |
++ |
3851 |
++ if (bitshift >= 32) |
3852 |
+ break; |
3853 |
+- base_port_channel = port_offset * ni_65xx_channels_per_port; |
3854 |
+ port_mask = data[0]; |
3855 |
+ port_data = data[1]; |
3856 |
+- bitshift = base_port_channel - base_bitfield_channel; |
3857 |
+- if (bitshift >= 32 || bitshift <= -32) |
3858 |
+- break; |
3859 |
+ if (bitshift > 0) { |
3860 |
+ port_mask >>= bitshift; |
3861 |
+ port_data >>= bitshift; |
3862 |
+diff --git a/drivers/staging/vt6656/main_usb.c b/drivers/staging/vt6656/main_usb.c |
3863 |
+index 754d54e..f680766 100644 |
3864 |
+--- a/drivers/staging/vt6656/main_usb.c |
3865 |
++++ b/drivers/staging/vt6656/main_usb.c |
3866 |
+@@ -1221,6 +1221,8 @@ device_release_WPADEV(pDevice); |
3867 |
+ memset(pMgmt->abyCurrBSSID, 0, 6); |
3868 |
+ pMgmt->eCurrState = WMAC_STATE_IDLE; |
3869 |
+ |
3870 |
++ pDevice->flags &= ~DEVICE_FLAGS_OPENED; |
3871 |
++ |
3872 |
+ device_free_tx_bufs(pDevice); |
3873 |
+ device_free_rx_bufs(pDevice); |
3874 |
+ device_free_int_bufs(pDevice); |
3875 |
+@@ -1232,7 +1234,6 @@ device_release_WPADEV(pDevice); |
3876 |
+ usb_free_urb(pDevice->pInterruptURB); |
3877 |
+ |
3878 |
+ BSSvClearNodeDBTable(pDevice, 0); |
3879 |
+- pDevice->flags &=(~DEVICE_FLAGS_OPENED); |
3880 |
+ |
3881 |
+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "device_close2 \n"); |
3882 |
+ |
3883 |
+diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c |
3884 |
+index 926d483..d197b3e 100644 |
3885 |
+--- a/drivers/staging/zram/zram_drv.c |
3886 |
++++ b/drivers/staging/zram/zram_drv.c |
3887 |
+@@ -709,9 +709,7 @@ static void zram_slot_free_notify(struct block_device *bdev, |
3888 |
+ struct zram *zram; |
3889 |
+ |
3890 |
+ zram = bdev->bd_disk->private_data; |
3891 |
+- down_write(&zram->lock); |
3892 |
+ zram_free_page(zram, index); |
3893 |
+- up_write(&zram->lock); |
3894 |
+ zram_stat64_inc(zram, &zram->stats.notify_free); |
3895 |
+ } |
3896 |
+ |
3897 |
+diff --git a/drivers/staging/zram/zram_drv.h b/drivers/staging/zram/zram_drv.h |
3898 |
+index 87f2fec..e5cd246 100644 |
3899 |
+--- a/drivers/staging/zram/zram_drv.h |
3900 |
++++ b/drivers/staging/zram/zram_drv.h |
3901 |
+@@ -107,9 +107,8 @@ struct zram { |
3902 |
+ void *compress_buffer; |
3903 |
+ struct table *table; |
3904 |
+ spinlock_t stat64_lock; /* protect 64-bit stats */ |
3905 |
+- struct rw_semaphore lock; /* protect compression buffers, table, |
3906 |
+- * 32bit stat counters against concurrent |
3907 |
+- * notifications, reads and writes */ |
3908 |
++ struct rw_semaphore lock; /* protect compression buffers and table |
3909 |
++ * against concurrent read and writes */ |
3910 |
+ struct request_queue *queue; |
3911 |
+ struct gendisk *disk; |
3912 |
+ int init_done; |
3913 |
+diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c |
3914 |
+index c0b4872..f5440a7 100644 |
3915 |
+--- a/drivers/tty/serial/pch_uart.c |
3916 |
++++ b/drivers/tty/serial/pch_uart.c |
3917 |
+@@ -552,11 +552,12 @@ static int dma_push_rx(struct eg20t_port *priv, int size) |
3918 |
+ dev_warn(port->dev, "Rx overrun: dropping %u bytes\n", |
3919 |
+ size - room); |
3920 |
+ if (!room) |
3921 |
+- return room; |
3922 |
++ goto out; |
3923 |
+ |
3924 |
+ tty_insert_flip_string(tty, sg_virt(&priv->sg_rx), size); |
3925 |
+ |
3926 |
+ port->icount.rx += room; |
3927 |
++out: |
3928 |
+ tty_kref_put(tty); |
3929 |
+ |
3930 |
+ return room; |
3931 |
+@@ -970,6 +971,8 @@ static void pch_uart_err_ir(struct eg20t_port *priv, unsigned int lsr) |
3932 |
+ if (tty == NULL) { |
3933 |
+ for (i = 0; error_msg[i] != NULL; i++) |
3934 |
+ dev_err(&priv->pdev->dev, error_msg[i]); |
3935 |
++ } else { |
3936 |
++ tty_kref_put(tty); |
3937 |
+ } |
3938 |
+ } |
3939 |
+ |
3940 |
+diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c |
3941 |
+index fe8c04b..06dfb4f 100644 |
3942 |
+--- a/drivers/usb/class/cdc-wdm.c |
3943 |
++++ b/drivers/usb/class/cdc-wdm.c |
3944 |
+@@ -187,6 +187,7 @@ skip_error: |
3945 |
+ static void wdm_int_callback(struct urb *urb) |
3946 |
+ { |
3947 |
+ int rv = 0; |
3948 |
++ int responding; |
3949 |
+ int status = urb->status; |
3950 |
+ struct wdm_device *desc; |
3951 |
+ struct usb_ctrlrequest *req; |
3952 |
+@@ -260,8 +261,8 @@ static void wdm_int_callback(struct urb *urb) |
3953 |
+ desc->response->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; |
3954 |
+ spin_lock(&desc->iuspin); |
3955 |
+ clear_bit(WDM_READ, &desc->flags); |
3956 |
+- set_bit(WDM_RESPONDING, &desc->flags); |
3957 |
+- if (!test_bit(WDM_DISCONNECTING, &desc->flags) |
3958 |
++ responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); |
3959 |
++ if (!responding && !test_bit(WDM_DISCONNECTING, &desc->flags) |
3960 |
+ && !test_bit(WDM_SUSPENDING, &desc->flags)) { |
3961 |
+ rv = usb_submit_urb(desc->response, GFP_ATOMIC); |
3962 |
+ dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d", |
3963 |
+@@ -658,16 +659,20 @@ static void wdm_rxwork(struct work_struct *work) |
3964 |
+ { |
3965 |
+ struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); |
3966 |
+ unsigned long flags; |
3967 |
+- int rv; |
3968 |
++ int rv = 0; |
3969 |
++ int responding; |
3970 |
+ |
3971 |
+ spin_lock_irqsave(&desc->iuspin, flags); |
3972 |
+ if (test_bit(WDM_DISCONNECTING, &desc->flags)) { |
3973 |
+ spin_unlock_irqrestore(&desc->iuspin, flags); |
3974 |
+ } else { |
3975 |
++ responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); |
3976 |
+ spin_unlock_irqrestore(&desc->iuspin, flags); |
3977 |
+- rv = usb_submit_urb(desc->response, GFP_KERNEL); |
3978 |
++ if (!responding) |
3979 |
++ rv = usb_submit_urb(desc->response, GFP_KERNEL); |
3980 |
+ if (rv < 0 && rv != -EPERM) { |
3981 |
+ spin_lock_irqsave(&desc->iuspin, flags); |
3982 |
++ clear_bit(WDM_RESPONDING, &desc->flags); |
3983 |
+ if (!test_bit(WDM_DISCONNECTING, &desc->flags)) |
3984 |
+ schedule_work(&desc->rxwork); |
3985 |
+ spin_unlock_irqrestore(&desc->iuspin, flags); |
3986 |
+diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c |
3987 |
+index f4bdd0c..78609d3 100644 |
3988 |
+--- a/drivers/usb/core/config.c |
3989 |
++++ b/drivers/usb/core/config.c |
3990 |
+@@ -424,7 +424,8 @@ static int usb_parse_configuration(struct usb_device *dev, int cfgidx, |
3991 |
+ |
3992 |
+ memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); |
3993 |
+ if (config->desc.bDescriptorType != USB_DT_CONFIG || |
3994 |
+- config->desc.bLength < USB_DT_CONFIG_SIZE) { |
3995 |
++ config->desc.bLength < USB_DT_CONFIG_SIZE || |
3996 |
++ config->desc.bLength > size) { |
3997 |
+ dev_err(ddev, "invalid descriptor for config index %d: " |
3998 |
+ "type = 0x%X, length = %d\n", cfgidx, |
3999 |
+ config->desc.bDescriptorType, config->desc.bLength); |
4000 |
+diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c |
4001 |
+index 22f770a..49257b3 100644 |
4002 |
+--- a/drivers/usb/core/devio.c |
4003 |
++++ b/drivers/usb/core/devio.c |
4004 |
+@@ -646,6 +646,22 @@ static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, |
4005 |
+ if ((index & ~USB_DIR_IN) == 0) |
4006 |
+ return 0; |
4007 |
+ ret = findintfep(ps->dev, index); |
4008 |
++ if (ret < 0) { |
4009 |
++ /* |
4010 |
++ * Some not fully compliant Win apps seem to get |
4011 |
++ * index wrong and have the endpoint number here |
4012 |
++ * rather than the endpoint address (with the |
4013 |
++ * correct direction). Win does let this through, |
4014 |
++ * so we'll not reject it here but leave it to |
4015 |
++ * the device to not break KVM. But we warn. |
4016 |
++ */ |
4017 |
++ ret = findintfep(ps->dev, index ^ 0x80); |
4018 |
++ if (ret >= 0) |
4019 |
++ dev_info(&ps->dev->dev, |
4020 |
++ "%s: process %i (%s) requesting ep %02x but needs %02x\n", |
4021 |
++ __func__, task_pid_nr(current), |
4022 |
++ current->comm, index, index ^ 0x80); |
4023 |
++ } |
4024 |
+ if (ret >= 0) |
4025 |
+ ret = checkintf(ps, ret); |
4026 |
+ break; |
4027 |
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c |
4028 |
+index 2768a7e..a5ea85f 100644 |
4029 |
+--- a/drivers/usb/core/hub.c |
4030 |
++++ b/drivers/usb/core/hub.c |
4031 |
+@@ -3749,7 +3749,8 @@ static void hub_events(void) |
4032 |
+ hub->hdev->children[i - 1]; |
4033 |
+ |
4034 |
+ dev_dbg(hub_dev, "warm reset port %d\n", i); |
4035 |
+- if (!udev) { |
4036 |
++ if (!udev || !(portstatus & |
4037 |
++ USB_PORT_STAT_CONNECTION)) { |
4038 |
+ status = hub_port_reset(hub, i, |
4039 |
+ NULL, HUB_BH_RESET_TIME, |
4040 |
+ true); |
4041 |
+@@ -3759,8 +3760,8 @@ static void hub_events(void) |
4042 |
+ usb_lock_device(udev); |
4043 |
+ status = usb_reset_device(udev); |
4044 |
+ usb_unlock_device(udev); |
4045 |
++ connect_change = 0; |
4046 |
+ } |
4047 |
+- connect_change = 0; |
4048 |
+ } |
4049 |
+ |
4050 |
+ if (connect_change) |
4051 |
+diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c |
4052 |
+index f77c000..9edc582 100644 |
4053 |
+--- a/drivers/usb/dwc3/dwc3-pci.c |
4054 |
++++ b/drivers/usb/dwc3/dwc3-pci.c |
4055 |
+@@ -45,6 +45,8 @@ |
4056 |
+ /* FIXME define these in <linux/pci_ids.h> */ |
4057 |
+ #define PCI_VENDOR_ID_SYNOPSYS 0x16c3 |
4058 |
+ #define PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3 0xabcd |
4059 |
++#define PCI_DEVICE_ID_INTEL_BYT 0x0f37 |
4060 |
++#define PCI_DEVICE_ID_INTEL_MRFLD 0x119e |
4061 |
+ |
4062 |
+ #define DWC3_PCI_DEVS_POSSIBLE 32 |
4063 |
+ |
4064 |
+@@ -191,6 +193,8 @@ static DEFINE_PCI_DEVICE_TABLE(dwc3_pci_id_table) = { |
4065 |
+ PCI_DEVICE(PCI_VENDOR_ID_SYNOPSYS, |
4066 |
+ PCI_DEVICE_ID_SYNOPSYS_HAPSUSB3), |
4067 |
+ }, |
4068 |
++ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_BYT), }, |
4069 |
++ { PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_MRFLD), }, |
4070 |
+ { } /* Terminating Entry */ |
4071 |
+ }; |
4072 |
+ MODULE_DEVICE_TABLE(pci, dwc3_pci_id_table); |
4073 |
+diff --git a/drivers/usb/host/ehci-mxc.c b/drivers/usb/host/ehci-mxc.c |
4074 |
+index 55978fc..0874473 100644 |
4075 |
+--- a/drivers/usb/host/ehci-mxc.c |
4076 |
++++ b/drivers/usb/host/ehci-mxc.c |
4077 |
+@@ -296,7 +296,7 @@ static int __exit ehci_mxc_drv_remove(struct platform_device *pdev) |
4078 |
+ if (pdata && pdata->exit) |
4079 |
+ pdata->exit(pdev); |
4080 |
+ |
4081 |
+- if (pdata->otg) |
4082 |
++ if (pdata && pdata->otg) |
4083 |
+ otg_shutdown(pdata->otg); |
4084 |
+ |
4085 |
+ usb_remove_hcd(hcd); |
4086 |
+diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c |
4087 |
+index b71e22e..29c0421 100644 |
4088 |
+--- a/drivers/usb/host/ehci-pci.c |
4089 |
++++ b/drivers/usb/host/ehci-pci.c |
4090 |
+@@ -543,7 +543,7 @@ static struct pci_driver ehci_pci_driver = { |
4091 |
+ .remove = usb_hcd_pci_remove, |
4092 |
+ .shutdown = usb_hcd_pci_shutdown, |
4093 |
+ |
4094 |
+-#ifdef CONFIG_PM_SLEEP |
4095 |
++#ifdef CONFIG_PM |
4096 |
+ .driver = { |
4097 |
+ .pm = &usb_hcd_pci_pm_ops |
4098 |
+ }, |
4099 |
+diff --git a/drivers/usb/host/ohci-pci.c b/drivers/usb/host/ohci-pci.c |
4100 |
+index bc01b06..839cb64 100644 |
4101 |
+--- a/drivers/usb/host/ohci-pci.c |
4102 |
++++ b/drivers/usb/host/ohci-pci.c |
4103 |
+@@ -413,7 +413,7 @@ static struct pci_driver ohci_pci_driver = { |
4104 |
+ .remove = usb_hcd_pci_remove, |
4105 |
+ .shutdown = usb_hcd_pci_shutdown, |
4106 |
+ |
4107 |
+-#ifdef CONFIG_PM_SLEEP |
4108 |
++#ifdef CONFIG_PM |
4109 |
+ .driver = { |
4110 |
+ .pm = &usb_hcd_pci_pm_ops |
4111 |
+ }, |
4112 |
+diff --git a/drivers/usb/host/uhci-pci.c b/drivers/usb/host/uhci-pci.c |
4113 |
+index c300bd2f7..0f228c4 100644 |
4114 |
+--- a/drivers/usb/host/uhci-pci.c |
4115 |
++++ b/drivers/usb/host/uhci-pci.c |
4116 |
+@@ -293,7 +293,7 @@ static struct pci_driver uhci_pci_driver = { |
4117 |
+ .remove = usb_hcd_pci_remove, |
4118 |
+ .shutdown = uhci_shutdown, |
4119 |
+ |
4120 |
+-#ifdef CONFIG_PM_SLEEP |
4121 |
++#ifdef CONFIG_PM |
4122 |
+ .driver = { |
4123 |
+ .pm = &usb_hcd_pci_pm_ops |
4124 |
+ }, |
4125 |
+diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c |
4126 |
+index 79d2720..61b0668 100644 |
4127 |
+--- a/drivers/usb/host/xhci-pci.c |
4128 |
++++ b/drivers/usb/host/xhci-pci.c |
4129 |
+@@ -330,7 +330,7 @@ static struct pci_driver xhci_pci_driver = { |
4130 |
+ /* suspend and resume implemented later */ |
4131 |
+ |
4132 |
+ .shutdown = usb_hcd_pci_shutdown, |
4133 |
+-#ifdef CONFIG_PM_SLEEP |
4134 |
++#ifdef CONFIG_PM |
4135 |
+ .driver = { |
4136 |
+ .pm = &usb_hcd_pci_pm_ops |
4137 |
+ }, |
4138 |
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c |
4139 |
+index 633476e..2b4f42b 100644 |
4140 |
+--- a/drivers/usb/host/xhci-ring.c |
4141 |
++++ b/drivers/usb/host/xhci-ring.c |
4142 |
+@@ -879,8 +879,12 @@ remove_finished_td: |
4143 |
+ /* Otherwise ring the doorbell(s) to restart queued transfers */ |
4144 |
+ ring_doorbell_for_active_rings(xhci, slot_id, ep_index); |
4145 |
+ } |
4146 |
+- ep->stopped_td = NULL; |
4147 |
+- ep->stopped_trb = NULL; |
4148 |
++ |
4149 |
++ /* Clear stopped_td and stopped_trb if endpoint is not halted */ |
4150 |
++ if (!(ep->ep_state & EP_HALTED)) { |
4151 |
++ ep->stopped_td = NULL; |
4152 |
++ ep->stopped_trb = NULL; |
4153 |
++ } |
4154 |
+ |
4155 |
+ /* |
4156 |
+ * Drop the lock and complete the URBs in the cancelled TD list. |
4157 |
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c |
4158 |
+index 6e1c92a..629aa74 100644 |
4159 |
+--- a/drivers/usb/host/xhci.c |
4160 |
++++ b/drivers/usb/host/xhci.c |
4161 |
+@@ -3484,10 +3484,21 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) |
4162 |
+ { |
4163 |
+ struct xhci_hcd *xhci = hcd_to_xhci(hcd); |
4164 |
+ struct xhci_virt_device *virt_dev; |
4165 |
++ struct device *dev = hcd->self.controller; |
4166 |
+ unsigned long flags; |
4167 |
+ u32 state; |
4168 |
+ int i, ret; |
4169 |
+ |
4170 |
++#ifndef CONFIG_USB_DEFAULT_PERSIST |
4171 |
++ /* |
4172 |
++ * We called pm_runtime_get_noresume when the device was attached. |
4173 |
++ * Decrement the counter here to allow controller to runtime suspend |
4174 |
++ * if no devices remain. |
4175 |
++ */ |
4176 |
++ if (xhci->quirks & XHCI_RESET_ON_RESUME) |
4177 |
++ pm_runtime_put_noidle(dev); |
4178 |
++#endif |
4179 |
++ |
4180 |
+ ret = xhci_check_args(hcd, udev, NULL, 0, true, __func__); |
4181 |
+ /* If the host is halted due to driver unload, we still need to free the |
4182 |
+ * device. |
4183 |
+@@ -3559,6 +3570,7 @@ static int xhci_reserve_host_control_ep_resources(struct xhci_hcd *xhci) |
4184 |
+ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) |
4185 |
+ { |
4186 |
+ struct xhci_hcd *xhci = hcd_to_xhci(hcd); |
4187 |
++ struct device *dev = hcd->self.controller; |
4188 |
+ unsigned long flags; |
4189 |
+ int timeleft; |
4190 |
+ int ret; |
4191 |
+@@ -3611,6 +3623,16 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) |
4192 |
+ goto disable_slot; |
4193 |
+ } |
4194 |
+ udev->slot_id = xhci->slot_id; |
4195 |
++ |
4196 |
++#ifndef CONFIG_USB_DEFAULT_PERSIST |
4197 |
++ /* |
4198 |
++ * If resetting upon resume, we can't put the controller into runtime |
4199 |
++ * suspend if there is a device attached. |
4200 |
++ */ |
4201 |
++ if (xhci->quirks & XHCI_RESET_ON_RESUME) |
4202 |
++ pm_runtime_get_noresume(dev); |
4203 |
++#endif |
4204 |
++ |
4205 |
+ /* Is this a LS or FS device under a HS hub? */ |
4206 |
+ /* Hub or peripherial? */ |
4207 |
+ return 1; |
4208 |
+diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c |
4209 |
+index 9270d5c..8e02ff2 100644 |
4210 |
+--- a/drivers/usb/serial/mos7720.c |
4211 |
++++ b/drivers/usb/serial/mos7720.c |
4212 |
+@@ -383,7 +383,7 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport, |
4213 |
+ kfree(urbtrack); |
4214 |
+ return -ENOMEM; |
4215 |
+ } |
4216 |
+- urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_KERNEL); |
4217 |
++ urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_ATOMIC); |
4218 |
+ if (!urbtrack->setup) { |
4219 |
+ usb_free_urb(urbtrack->urb); |
4220 |
+ kfree(urbtrack); |
4221 |
+@@ -391,8 +391,8 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport, |
4222 |
+ } |
4223 |
+ urbtrack->setup->bRequestType = (__u8)0x40; |
4224 |
+ urbtrack->setup->bRequest = (__u8)0x0e; |
4225 |
+- urbtrack->setup->wValue = get_reg_value(reg, dummy); |
4226 |
+- urbtrack->setup->wIndex = get_reg_index(reg); |
4227 |
++ urbtrack->setup->wValue = cpu_to_le16(get_reg_value(reg, dummy)); |
4228 |
++ urbtrack->setup->wIndex = cpu_to_le16(get_reg_index(reg)); |
4229 |
+ urbtrack->setup->wLength = 0; |
4230 |
+ usb_fill_control_urb(urbtrack->urb, usbdev, |
4231 |
+ usb_sndctrlpipe(usbdev, 0), |
4232 |
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
4233 |
+index c2103f4..536c4ad 100644 |
4234 |
+--- a/drivers/usb/serial/option.c |
4235 |
++++ b/drivers/usb/serial/option.c |
4236 |
+@@ -81,6 +81,7 @@ static void option_instat_callback(struct urb *urb); |
4237 |
+ |
4238 |
+ #define HUAWEI_VENDOR_ID 0x12D1 |
4239 |
+ #define HUAWEI_PRODUCT_E173 0x140C |
4240 |
++#define HUAWEI_PRODUCT_E1750 0x1406 |
4241 |
+ #define HUAWEI_PRODUCT_K4505 0x1464 |
4242 |
+ #define HUAWEI_PRODUCT_K3765 0x1465 |
4243 |
+ #define HUAWEI_PRODUCT_K4605 0x14C6 |
4244 |
+@@ -581,6 +582,8 @@ static const struct usb_device_id option_ids[] = { |
4245 |
+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1c23, USB_CLASS_COMM, 0x02, 0xff) }, |
4246 |
+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E173, 0xff, 0xff, 0xff), |
4247 |
+ .driver_info = (kernel_ulong_t) &net_intf1_blacklist }, |
4248 |
++ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E1750, 0xff, 0xff, 0xff), |
4249 |
++ .driver_info = (kernel_ulong_t) &net_intf2_blacklist }, |
4250 |
+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1441, USB_CLASS_COMM, 0x02, 0xff) }, |
4251 |
+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1442, USB_CLASS_COMM, 0x02, 0xff) }, |
4252 |
+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_K4505, 0xff, 0xff, 0xff), |
4253 |
+diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c |
4254 |
+index bf1c094..b657de6 100644 |
4255 |
+--- a/drivers/xen/grant-table.c |
4256 |
++++ b/drivers/xen/grant-table.c |
4257 |
+@@ -355,9 +355,18 @@ void gnttab_request_free_callback(struct gnttab_free_callback *callback, |
4258 |
+ void (*fn)(void *), void *arg, u16 count) |
4259 |
+ { |
4260 |
+ unsigned long flags; |
4261 |
++ struct gnttab_free_callback *cb; |
4262 |
++ |
4263 |
+ spin_lock_irqsave(&gnttab_list_lock, flags); |
4264 |
+- if (callback->next) |
4265 |
+- goto out; |
4266 |
++ |
4267 |
++ /* Check if the callback is already on the list */ |
4268 |
++ cb = gnttab_free_callback_list; |
4269 |
++ while (cb) { |
4270 |
++ if (cb == callback) |
4271 |
++ goto out; |
4272 |
++ cb = cb->next; |
4273 |
++ } |
4274 |
++ |
4275 |
+ callback->fn = fn; |
4276 |
+ callback->arg = arg; |
4277 |
+ callback->count = count; |
4278 |
+diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c |
4279 |
+index f3a257d..fb001cd 100644 |
4280 |
+--- a/fs/debugfs/inode.c |
4281 |
++++ b/fs/debugfs/inode.c |
4282 |
+@@ -380,8 +380,7 @@ EXPORT_SYMBOL_GPL(debugfs_remove); |
4283 |
+ */ |
4284 |
+ void debugfs_remove_recursive(struct dentry *dentry) |
4285 |
+ { |
4286 |
+- struct dentry *child; |
4287 |
+- struct dentry *parent; |
4288 |
++ struct dentry *child, *next, *parent; |
4289 |
+ |
4290 |
+ if (!dentry) |
4291 |
+ return; |
4292 |
+@@ -391,61 +390,37 @@ void debugfs_remove_recursive(struct dentry *dentry) |
4293 |
+ return; |
4294 |
+ |
4295 |
+ parent = dentry; |
4296 |
++ down: |
4297 |
+ mutex_lock(&parent->d_inode->i_mutex); |
4298 |
++ list_for_each_entry_safe(child, next, &parent->d_subdirs, d_u.d_child) { |
4299 |
++ if (!debugfs_positive(child)) |
4300 |
++ continue; |
4301 |
+ |
4302 |
+- while (1) { |
4303 |
+- /* |
4304 |
+- * When all dentries under "parent" has been removed, |
4305 |
+- * walk up the tree until we reach our starting point. |
4306 |
+- */ |
4307 |
+- if (list_empty(&parent->d_subdirs)) { |
4308 |
+- mutex_unlock(&parent->d_inode->i_mutex); |
4309 |
+- if (parent == dentry) |
4310 |
+- break; |
4311 |
+- parent = parent->d_parent; |
4312 |
+- mutex_lock(&parent->d_inode->i_mutex); |
4313 |
+- } |
4314 |
+- child = list_entry(parent->d_subdirs.next, struct dentry, |
4315 |
+- d_u.d_child); |
4316 |
+- next_sibling: |
4317 |
+- |
4318 |
+- /* |
4319 |
+- * If "child" isn't empty, walk down the tree and |
4320 |
+- * remove all its descendants first. |
4321 |
+- */ |
4322 |
++ /* perhaps simple_empty(child) makes more sense */ |
4323 |
+ if (!list_empty(&child->d_subdirs)) { |
4324 |
+ mutex_unlock(&parent->d_inode->i_mutex); |
4325 |
+ parent = child; |
4326 |
+- mutex_lock(&parent->d_inode->i_mutex); |
4327 |
+- continue; |
4328 |
+- } |
4329 |
+- __debugfs_remove(child, parent); |
4330 |
+- if (parent->d_subdirs.next == &child->d_u.d_child) { |
4331 |
+- /* |
4332 |
+- * Try the next sibling. |
4333 |
+- */ |
4334 |
+- if (child->d_u.d_child.next != &parent->d_subdirs) { |
4335 |
+- child = list_entry(child->d_u.d_child.next, |
4336 |
+- struct dentry, |
4337 |
+- d_u.d_child); |
4338 |
+- goto next_sibling; |
4339 |
+- } |
4340 |
+- |
4341 |
+- /* |
4342 |
+- * Avoid infinite loop if we fail to remove |
4343 |
+- * one dentry. |
4344 |
+- */ |
4345 |
+- mutex_unlock(&parent->d_inode->i_mutex); |
4346 |
+- break; |
4347 |
++ goto down; |
4348 |
+ } |
4349 |
+- simple_release_fs(&debugfs_mount, &debugfs_mount_count); |
4350 |
++ up: |
4351 |
++ if (!__debugfs_remove(child, parent)) |
4352 |
++ simple_release_fs(&debugfs_mount, &debugfs_mount_count); |
4353 |
+ } |
4354 |
+ |
4355 |
+- parent = dentry->d_parent; |
4356 |
++ mutex_unlock(&parent->d_inode->i_mutex); |
4357 |
++ child = parent; |
4358 |
++ parent = parent->d_parent; |
4359 |
+ mutex_lock(&parent->d_inode->i_mutex); |
4360 |
+- __debugfs_remove(dentry, parent); |
4361 |
++ |
4362 |
++ if (child != dentry) { |
4363 |
++ next = list_entry(child->d_u.d_child.next, struct dentry, |
4364 |
++ d_u.d_child); |
4365 |
++ goto up; |
4366 |
++ } |
4367 |
++ |
4368 |
++ if (!__debugfs_remove(child, parent)) |
4369 |
++ simple_release_fs(&debugfs_mount, &debugfs_mount_count); |
4370 |
+ mutex_unlock(&parent->d_inode->i_mutex); |
4371 |
+- simple_release_fs(&debugfs_mount, &debugfs_mount_count); |
4372 |
+ } |
4373 |
+ EXPORT_SYMBOL_GPL(debugfs_remove_recursive); |
4374 |
+ |
4375 |
+diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c |
4376 |
+index 3ca3b7f..2e0e34f 100644 |
4377 |
+--- a/fs/ext4/namei.c |
4378 |
++++ b/fs/ext4/namei.c |
4379 |
+@@ -2054,7 +2054,8 @@ int ext4_orphan_del(handle_t *handle, struct inode *inode) |
4380 |
+ int err = 0; |
4381 |
+ |
4382 |
+ /* ext4_handle_valid() assumes a valid handle_t pointer */ |
4383 |
+- if (handle && !ext4_handle_valid(handle)) |
4384 |
++ if (handle && !ext4_handle_valid(handle) && |
4385 |
++ !(EXT4_SB(inode->i_sb)->s_mount_state & EXT4_ORPHAN_FS)) |
4386 |
+ return 0; |
4387 |
+ |
4388 |
+ mutex_lock(&EXT4_SB(inode->i_sb)->s_orphan_lock); |
4389 |
+diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
4390 |
+index 5ef7afb..06e2f73 100644 |
4391 |
+--- a/fs/fuse/dir.c |
4392 |
++++ b/fs/fuse/dir.c |
4393 |
+@@ -1063,6 +1063,8 @@ static int parse_dirfile(char *buf, size_t nbytes, struct file *file, |
4394 |
+ return -EIO; |
4395 |
+ if (reclen > nbytes) |
4396 |
+ break; |
4397 |
++ if (memchr(dirent->name, '/', dirent->namelen) != NULL) |
4398 |
++ return -EIO; |
4399 |
+ |
4400 |
+ over = filldir(dstbuf, dirent->name, dirent->namelen, |
4401 |
+ file->f_pos, dirent->ino, dirent->type); |
4402 |
+@@ -1282,6 +1284,7 @@ static int fuse_do_setattr(struct dentry *entry, struct iattr *attr, |
4403 |
+ { |
4404 |
+ struct inode *inode = entry->d_inode; |
4405 |
+ struct fuse_conn *fc = get_fuse_conn(inode); |
4406 |
++ struct fuse_inode *fi = get_fuse_inode(inode); |
4407 |
+ struct fuse_req *req; |
4408 |
+ struct fuse_setattr_in inarg; |
4409 |
+ struct fuse_attr_out outarg; |
4410 |
+@@ -1312,8 +1315,10 @@ static int fuse_do_setattr(struct dentry *entry, struct iattr *attr, |
4411 |
+ if (IS_ERR(req)) |
4412 |
+ return PTR_ERR(req); |
4413 |
+ |
4414 |
+- if (is_truncate) |
4415 |
++ if (is_truncate) { |
4416 |
+ fuse_set_nowrite(inode); |
4417 |
++ set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); |
4418 |
++ } |
4419 |
+ |
4420 |
+ memset(&inarg, 0, sizeof(inarg)); |
4421 |
+ memset(&outarg, 0, sizeof(outarg)); |
4422 |
+@@ -1375,12 +1380,14 @@ static int fuse_do_setattr(struct dentry *entry, struct iattr *attr, |
4423 |
+ invalidate_inode_pages2(inode->i_mapping); |
4424 |
+ } |
4425 |
+ |
4426 |
++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); |
4427 |
+ return 0; |
4428 |
+ |
4429 |
+ error: |
4430 |
+ if (is_truncate) |
4431 |
+ fuse_release_nowrite(inode); |
4432 |
+ |
4433 |
++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); |
4434 |
+ return err; |
4435 |
+ } |
4436 |
+ |
4437 |
+@@ -1439,6 +1446,8 @@ static int fuse_setxattr(struct dentry *entry, const char *name, |
4438 |
+ fc->no_setxattr = 1; |
4439 |
+ err = -EOPNOTSUPP; |
4440 |
+ } |
4441 |
++ if (!err) |
4442 |
++ fuse_invalidate_attr(inode); |
4443 |
+ return err; |
4444 |
+ } |
4445 |
+ |
4446 |
+@@ -1568,6 +1577,8 @@ static int fuse_removexattr(struct dentry *entry, const char *name) |
4447 |
+ fc->no_removexattr = 1; |
4448 |
+ err = -EOPNOTSUPP; |
4449 |
+ } |
4450 |
++ if (!err) |
4451 |
++ fuse_invalidate_attr(inode); |
4452 |
+ return err; |
4453 |
+ } |
4454 |
+ |
4455 |
+diff --git a/fs/fuse/file.c b/fs/fuse/file.c |
4456 |
+index 5242006..510d4aa 100644 |
4457 |
+--- a/fs/fuse/file.c |
4458 |
++++ b/fs/fuse/file.c |
4459 |
+@@ -519,7 +519,8 @@ static void fuse_read_update_size(struct inode *inode, loff_t size, |
4460 |
+ struct fuse_inode *fi = get_fuse_inode(inode); |
4461 |
+ |
4462 |
+ spin_lock(&fc->lock); |
4463 |
+- if (attr_ver == fi->attr_version && size < inode->i_size) { |
4464 |
++ if (attr_ver == fi->attr_version && size < inode->i_size && |
4465 |
++ !test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) { |
4466 |
+ fi->attr_version = ++fc->attr_version; |
4467 |
+ i_size_write(inode, size); |
4468 |
+ } |
4469 |
+@@ -881,12 +882,16 @@ static ssize_t fuse_perform_write(struct file *file, |
4470 |
+ { |
4471 |
+ struct inode *inode = mapping->host; |
4472 |
+ struct fuse_conn *fc = get_fuse_conn(inode); |
4473 |
++ struct fuse_inode *fi = get_fuse_inode(inode); |
4474 |
+ int err = 0; |
4475 |
+ ssize_t res = 0; |
4476 |
+ |
4477 |
+ if (is_bad_inode(inode)) |
4478 |
+ return -EIO; |
4479 |
+ |
4480 |
++ if (inode->i_size < pos + iov_iter_count(ii)) |
4481 |
++ set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); |
4482 |
++ |
4483 |
+ do { |
4484 |
+ struct fuse_req *req; |
4485 |
+ ssize_t count; |
4486 |
+@@ -921,6 +926,7 @@ static ssize_t fuse_perform_write(struct file *file, |
4487 |
+ if (res > 0) |
4488 |
+ fuse_write_update_size(inode, pos); |
4489 |
+ |
4490 |
++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); |
4491 |
+ fuse_invalidate_attr(inode); |
4492 |
+ |
4493 |
+ return res > 0 ? res : err; |
4494 |
+@@ -1251,7 +1257,6 @@ static int fuse_writepage_locked(struct page *page) |
4495 |
+ |
4496 |
+ inc_bdi_stat(mapping->backing_dev_info, BDI_WRITEBACK); |
4497 |
+ inc_zone_page_state(tmp_page, NR_WRITEBACK_TEMP); |
4498 |
+- end_page_writeback(page); |
4499 |
+ |
4500 |
+ spin_lock(&fc->lock); |
4501 |
+ list_add(&req->writepages_entry, &fi->writepages); |
4502 |
+@@ -1259,6 +1264,8 @@ static int fuse_writepage_locked(struct page *page) |
4503 |
+ fuse_flush_writepages(inode); |
4504 |
+ spin_unlock(&fc->lock); |
4505 |
+ |
4506 |
++ end_page_writeback(page); |
4507 |
++ |
4508 |
+ return 0; |
4509 |
+ |
4510 |
+ err_free: |
4511 |
+diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h |
4512 |
+index 89c4a58..52ffd24 100644 |
4513 |
+--- a/fs/fuse/fuse_i.h |
4514 |
++++ b/fs/fuse/fuse_i.h |
4515 |
+@@ -103,6 +103,15 @@ struct fuse_inode { |
4516 |
+ |
4517 |
+ /** List of writepage requestst (pending or sent) */ |
4518 |
+ struct list_head writepages; |
4519 |
++ |
4520 |
++ /** Miscellaneous bits describing inode state */ |
4521 |
++ unsigned long state; |
4522 |
++}; |
4523 |
++ |
4524 |
++/** FUSE inode state bits */ |
4525 |
++enum { |
4526 |
++ /** An operation changing file size is in progress */ |
4527 |
++ FUSE_I_SIZE_UNSTABLE, |
4528 |
+ }; |
4529 |
+ |
4530 |
+ struct fuse_conn; |
4531 |
+diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
4532 |
+index 1f82d95..912c250 100644 |
4533 |
+--- a/fs/fuse/inode.c |
4534 |
++++ b/fs/fuse/inode.c |
4535 |
+@@ -92,6 +92,7 @@ static struct inode *fuse_alloc_inode(struct super_block *sb) |
4536 |
+ fi->attr_version = 0; |
4537 |
+ fi->writectr = 0; |
4538 |
+ fi->orig_ino = 0; |
4539 |
++ fi->state = 0; |
4540 |
+ INIT_LIST_HEAD(&fi->write_files); |
4541 |
+ INIT_LIST_HEAD(&fi->queued_writes); |
4542 |
+ INIT_LIST_HEAD(&fi->writepages); |
4543 |
+@@ -200,7 +201,8 @@ void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr, |
4544 |
+ loff_t oldsize; |
4545 |
+ |
4546 |
+ spin_lock(&fc->lock); |
4547 |
+- if (attr_version != 0 && fi->attr_version > attr_version) { |
4548 |
++ if ((attr_version != 0 && fi->attr_version > attr_version) || |
4549 |
++ test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) { |
4550 |
+ spin_unlock(&fc->lock); |
4551 |
+ return; |
4552 |
+ } |
4553 |
+diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c |
4554 |
+index f950059..a5f25a7 100644 |
4555 |
+--- a/fs/isofs/inode.c |
4556 |
++++ b/fs/isofs/inode.c |
4557 |
+@@ -120,8 +120,8 @@ static void destroy_inodecache(void) |
4558 |
+ |
4559 |
+ static int isofs_remount(struct super_block *sb, int *flags, char *data) |
4560 |
+ { |
4561 |
+- /* we probably want a lot more here */ |
4562 |
+- *flags |= MS_RDONLY; |
4563 |
++ if (!(*flags & MS_RDONLY)) |
4564 |
++ return -EROFS; |
4565 |
+ return 0; |
4566 |
+ } |
4567 |
+ |
4568 |
+@@ -770,15 +770,6 @@ root_found: |
4569 |
+ */ |
4570 |
+ s->s_maxbytes = 0x80000000000LL; |
4571 |
+ |
4572 |
+- /* |
4573 |
+- * The CDROM is read-only, has no nodes (devices) on it, and since |
4574 |
+- * all of the files appear to be owned by root, we really do not want |
4575 |
+- * to allow suid. (suid or devices will not show up unless we have |
4576 |
+- * Rock Ridge extensions) |
4577 |
+- */ |
4578 |
+- |
4579 |
+- s->s_flags |= MS_RDONLY /* | MS_NODEV | MS_NOSUID */; |
4580 |
+- |
4581 |
+ /* Set this for reference. Its not currently used except on write |
4582 |
+ which we don't have .. */ |
4583 |
+ |
4584 |
+@@ -1535,6 +1526,9 @@ struct inode *isofs_iget(struct super_block *sb, |
4585 |
+ static struct dentry *isofs_mount(struct file_system_type *fs_type, |
4586 |
+ int flags, const char *dev_name, void *data) |
4587 |
+ { |
4588 |
++ /* We don't support read-write mounts */ |
4589 |
++ if (!(flags & MS_RDONLY)) |
4590 |
++ return ERR_PTR(-EACCES); |
4591 |
+ return mount_bdev(fs_type, flags, dev_name, data, isofs_fill_super); |
4592 |
+ } |
4593 |
+ |
4594 |
+diff --git a/fs/nilfs2/page.c b/fs/nilfs2/page.c |
4595 |
+index 65221a0..16eacec 100644 |
4596 |
+--- a/fs/nilfs2/page.c |
4597 |
++++ b/fs/nilfs2/page.c |
4598 |
+@@ -94,6 +94,7 @@ void nilfs_forget_buffer(struct buffer_head *bh) |
4599 |
+ clear_buffer_nilfs_volatile(bh); |
4600 |
+ clear_buffer_nilfs_checked(bh); |
4601 |
+ clear_buffer_nilfs_redirected(bh); |
4602 |
++ clear_buffer_async_write(bh); |
4603 |
+ clear_buffer_dirty(bh); |
4604 |
+ if (nilfs_page_buffers_clean(page)) |
4605 |
+ __nilfs_clear_page_dirty(page); |
4606 |
+@@ -390,6 +391,7 @@ void nilfs_clear_dirty_pages(struct address_space *mapping) |
4607 |
+ bh = head = page_buffers(page); |
4608 |
+ do { |
4609 |
+ lock_buffer(bh); |
4610 |
++ clear_buffer_async_write(bh); |
4611 |
+ clear_buffer_dirty(bh); |
4612 |
+ clear_buffer_nilfs_volatile(bh); |
4613 |
+ clear_buffer_nilfs_checked(bh); |
4614 |
+diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c |
4615 |
+index 6f24e67..233d3ed 100644 |
4616 |
+--- a/fs/nilfs2/segment.c |
4617 |
++++ b/fs/nilfs2/segment.c |
4618 |
+@@ -662,7 +662,7 @@ static size_t nilfs_lookup_dirty_data_buffers(struct inode *inode, |
4619 |
+ |
4620 |
+ bh = head = page_buffers(page); |
4621 |
+ do { |
4622 |
+- if (!buffer_dirty(bh)) |
4623 |
++ if (!buffer_dirty(bh) || buffer_async_write(bh)) |
4624 |
+ continue; |
4625 |
+ get_bh(bh); |
4626 |
+ list_add_tail(&bh->b_assoc_buffers, listp); |
4627 |
+@@ -696,7 +696,8 @@ static void nilfs_lookup_dirty_node_buffers(struct inode *inode, |
4628 |
+ for (i = 0; i < pagevec_count(&pvec); i++) { |
4629 |
+ bh = head = page_buffers(pvec.pages[i]); |
4630 |
+ do { |
4631 |
+- if (buffer_dirty(bh)) { |
4632 |
++ if (buffer_dirty(bh) && |
4633 |
++ !buffer_async_write(bh)) { |
4634 |
+ get_bh(bh); |
4635 |
+ list_add_tail(&bh->b_assoc_buffers, |
4636 |
+ listp); |
4637 |
+@@ -1576,6 +1577,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) |
4638 |
+ |
4639 |
+ list_for_each_entry(bh, &segbuf->sb_segsum_buffers, |
4640 |
+ b_assoc_buffers) { |
4641 |
++ set_buffer_async_write(bh); |
4642 |
+ if (bh->b_page != bd_page) { |
4643 |
+ if (bd_page) { |
4644 |
+ lock_page(bd_page); |
4645 |
+@@ -1589,6 +1591,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) |
4646 |
+ |
4647 |
+ list_for_each_entry(bh, &segbuf->sb_payload_buffers, |
4648 |
+ b_assoc_buffers) { |
4649 |
++ set_buffer_async_write(bh); |
4650 |
+ if (bh == segbuf->sb_super_root) { |
4651 |
+ if (bh->b_page != bd_page) { |
4652 |
+ lock_page(bd_page); |
4653 |
+@@ -1674,6 +1677,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) |
4654 |
+ list_for_each_entry(segbuf, logs, sb_list) { |
4655 |
+ list_for_each_entry(bh, &segbuf->sb_segsum_buffers, |
4656 |
+ b_assoc_buffers) { |
4657 |
++ clear_buffer_async_write(bh); |
4658 |
+ if (bh->b_page != bd_page) { |
4659 |
+ if (bd_page) |
4660 |
+ end_page_writeback(bd_page); |
4661 |
+@@ -1683,6 +1687,7 @@ static void nilfs_abort_logs(struct list_head *logs, int err) |
4662 |
+ |
4663 |
+ list_for_each_entry(bh, &segbuf->sb_payload_buffers, |
4664 |
+ b_assoc_buffers) { |
4665 |
++ clear_buffer_async_write(bh); |
4666 |
+ if (bh == segbuf->sb_super_root) { |
4667 |
+ if (bh->b_page != bd_page) { |
4668 |
+ end_page_writeback(bd_page); |
4669 |
+@@ -1752,6 +1757,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) |
4670 |
+ b_assoc_buffers) { |
4671 |
+ set_buffer_uptodate(bh); |
4672 |
+ clear_buffer_dirty(bh); |
4673 |
++ clear_buffer_async_write(bh); |
4674 |
+ if (bh->b_page != bd_page) { |
4675 |
+ if (bd_page) |
4676 |
+ end_page_writeback(bd_page); |
4677 |
+@@ -1773,6 +1779,7 @@ static void nilfs_segctor_complete_write(struct nilfs_sc_info *sci) |
4678 |
+ b_assoc_buffers) { |
4679 |
+ set_buffer_uptodate(bh); |
4680 |
+ clear_buffer_dirty(bh); |
4681 |
++ clear_buffer_async_write(bh); |
4682 |
+ clear_buffer_delay(bh); |
4683 |
+ clear_buffer_nilfs_volatile(bh); |
4684 |
+ clear_buffer_nilfs_redirected(bh); |
4685 |
+diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c |
4686 |
+index a506360..0c2f912 100644 |
4687 |
+--- a/fs/notify/fanotify/fanotify.c |
4688 |
++++ b/fs/notify/fanotify/fanotify.c |
4689 |
+@@ -18,6 +18,12 @@ static bool should_merge(struct fsnotify_event *old, struct fsnotify_event *new) |
4690 |
+ old->tgid == new->tgid) { |
4691 |
+ switch (old->data_type) { |
4692 |
+ case (FSNOTIFY_EVENT_PATH): |
4693 |
++#ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS |
4694 |
++ /* dont merge two permission events */ |
4695 |
++ if ((old->mask & FAN_ALL_PERM_EVENTS) && |
4696 |
++ (new->mask & FAN_ALL_PERM_EVENTS)) |
4697 |
++ return false; |
4698 |
++#endif |
4699 |
+ if ((old->path.mnt == new->path.mnt) && |
4700 |
+ (old->path.dentry == new->path.dentry)) |
4701 |
+ return true; |
4702 |
+diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c |
4703 |
+index 7eb1c0c..cf22847 100644 |
4704 |
+--- a/fs/ocfs2/extent_map.c |
4705 |
++++ b/fs/ocfs2/extent_map.c |
4706 |
+@@ -782,7 +782,6 @@ int ocfs2_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, |
4707 |
+ cpos = map_start >> osb->s_clustersize_bits; |
4708 |
+ mapping_end = ocfs2_clusters_for_bytes(inode->i_sb, |
4709 |
+ map_start + map_len); |
4710 |
+- mapping_end -= cpos; |
4711 |
+ is_last = 0; |
4712 |
+ while (cpos < mapping_end && !is_last) { |
4713 |
+ u32 fe_flags; |
4714 |
+diff --git a/include/linux/hid.h b/include/linux/hid.h |
4715 |
+index 331e2ef..19fe719 100644 |
4716 |
+--- a/include/linux/hid.h |
4717 |
++++ b/include/linux/hid.h |
4718 |
+@@ -416,10 +416,12 @@ struct hid_report { |
4719 |
+ struct hid_device *device; /* associated device */ |
4720 |
+ }; |
4721 |
+ |
4722 |
++#define HID_MAX_IDS 256 |
4723 |
++ |
4724 |
+ struct hid_report_enum { |
4725 |
+ unsigned numbered; |
4726 |
+ struct list_head report_list; |
4727 |
+- struct hid_report *report_id_hash[256]; |
4728 |
++ struct hid_report *report_id_hash[HID_MAX_IDS]; |
4729 |
+ }; |
4730 |
+ |
4731 |
+ #define HID_REPORT_TYPES 3 |
4732 |
+@@ -716,6 +718,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); |
4733 |
+ struct hid_device *hid_allocate_device(void); |
4734 |
+ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id); |
4735 |
+ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size); |
4736 |
++struct hid_report *hid_validate_values(struct hid_device *hid, |
4737 |
++ unsigned int type, unsigned int id, |
4738 |
++ unsigned int field_index, |
4739 |
++ unsigned int report_counts); |
4740 |
+ int hid_check_keys_pressed(struct hid_device *hid); |
4741 |
+ int hid_connect(struct hid_device *hid, unsigned int connect_mask); |
4742 |
+ void hid_disconnect(struct hid_device *hid); |
4743 |
+diff --git a/include/linux/icmpv6.h b/include/linux/icmpv6.h |
4744 |
+index ba45e6b..f5a21d0 100644 |
4745 |
+--- a/include/linux/icmpv6.h |
4746 |
++++ b/include/linux/icmpv6.h |
4747 |
+@@ -123,6 +123,8 @@ static inline struct icmp6hdr *icmp6_hdr(const struct sk_buff *skb) |
4748 |
+ #define ICMPV6_NOT_NEIGHBOUR 2 |
4749 |
+ #define ICMPV6_ADDR_UNREACH 3 |
4750 |
+ #define ICMPV6_PORT_UNREACH 4 |
4751 |
++#define ICMPV6_POLICY_FAIL 5 |
4752 |
++#define ICMPV6_REJECT_ROUTE 6 |
4753 |
+ |
4754 |
+ /* |
4755 |
+ * Codes for Time Exceeded |
4756 |
+diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h |
4757 |
+index 0c99776..84b1447 100644 |
4758 |
+--- a/include/linux/ipv6.h |
4759 |
++++ b/include/linux/ipv6.h |
4760 |
+@@ -255,6 +255,7 @@ struct inet6_skb_parm { |
4761 |
+ #define IP6SKB_XFRM_TRANSFORMED 1 |
4762 |
+ #define IP6SKB_FORWARDED 2 |
4763 |
+ #define IP6SKB_REROUTED 4 |
4764 |
++#define IP6SKB_FRAGMENTED 16 |
4765 |
+ }; |
4766 |
+ |
4767 |
+ #define IP6CB(skb) ((struct inet6_skb_parm*)((skb)->cb)) |
4768 |
+diff --git a/include/linux/mm.h b/include/linux/mm.h |
4769 |
+index d0493f6..305fd75 100644 |
4770 |
+--- a/include/linux/mm.h |
4771 |
++++ b/include/linux/mm.h |
4772 |
+@@ -865,7 +865,8 @@ extern void pagefault_out_of_memory(void); |
4773 |
+ * Flags passed to show_mem() and show_free_areas() to suppress output in |
4774 |
+ * various contexts. |
4775 |
+ */ |
4776 |
+-#define SHOW_MEM_FILTER_NODES (0x0001u) /* filter disallowed nodes */ |
4777 |
++#define SHOW_MEM_FILTER_NODES (0x0001u) /* disallowed nodes */ |
4778 |
++#define SHOW_MEM_FILTER_PAGE_COUNT (0x0002u) /* page type count */ |
4779 |
+ |
4780 |
+ extern void show_free_areas(unsigned int flags); |
4781 |
+ extern bool skip_free_areas_node(unsigned int flags, int nid); |
4782 |
+diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h |
4783 |
+index 3cfcfea..eeb6a29 100644 |
4784 |
+--- a/include/linux/perf_event.h |
4785 |
++++ b/include/linux/perf_event.h |
4786 |
+@@ -927,7 +927,7 @@ struct perf_cpu_context { |
4787 |
+ int exclusive; |
4788 |
+ struct list_head rotation_list; |
4789 |
+ int jiffies_interval; |
4790 |
+- struct pmu *active_pmu; |
4791 |
++ struct pmu *unique_pmu; |
4792 |
+ struct perf_cgroup *cgrp; |
4793 |
+ }; |
4794 |
+ |
4795 |
+diff --git a/include/linux/rculist.h b/include/linux/rculist.h |
4796 |
+index 6f95e24..3863352 100644 |
4797 |
+--- a/include/linux/rculist.h |
4798 |
++++ b/include/linux/rculist.h |
4799 |
+@@ -254,8 +254,9 @@ static inline void list_splice_init_rcu(struct list_head *list, |
4800 |
+ */ |
4801 |
+ #define list_first_or_null_rcu(ptr, type, member) \ |
4802 |
+ ({struct list_head *__ptr = (ptr); \ |
4803 |
+- struct list_head __rcu *__next = list_next_rcu(__ptr); \ |
4804 |
+- likely(__ptr != __next) ? container_of(__next, type, member) : NULL; \ |
4805 |
++ struct list_head *__next = ACCESS_ONCE(__ptr->next); \ |
4806 |
++ likely(__ptr != __next) ? \ |
4807 |
++ list_entry_rcu(__next, type, member) : NULL; \ |
4808 |
+ }) |
4809 |
+ |
4810 |
+ /** |
4811 |
+diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h |
4812 |
+index 03354d5..0daa46b 100644 |
4813 |
+--- a/include/linux/usb/hcd.h |
4814 |
++++ b/include/linux/usb/hcd.h |
4815 |
+@@ -395,7 +395,7 @@ extern int usb_hcd_pci_probe(struct pci_dev *dev, |
4816 |
+ extern void usb_hcd_pci_remove(struct pci_dev *dev); |
4817 |
+ extern void usb_hcd_pci_shutdown(struct pci_dev *dev); |
4818 |
+ |
4819 |
+-#ifdef CONFIG_PM_SLEEP |
4820 |
++#ifdef CONFIG_PM |
4821 |
+ extern const struct dev_pm_ops usb_hcd_pci_pm_ops; |
4822 |
+ #endif |
4823 |
+ #endif /* CONFIG_PCI */ |
4824 |
+diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h |
4825 |
+index e9ff3fc..34b06da 100644 |
4826 |
+--- a/include/net/inetpeer.h |
4827 |
++++ b/include/net/inetpeer.h |
4828 |
+@@ -41,6 +41,10 @@ struct inet_peer { |
4829 |
+ u32 pmtu_orig; |
4830 |
+ u32 pmtu_learned; |
4831 |
+ struct inetpeer_addr_base redirect_learned; |
4832 |
++ union { |
4833 |
++ struct list_head gc_list; |
4834 |
++ struct rcu_head gc_rcu; |
4835 |
++ }; |
4836 |
+ /* |
4837 |
+ * Once inet_peer is queued for deletion (refcnt == -1), following fields |
4838 |
+ * are not available: rid, ip_id_count, tcp_ts, tcp_ts_stamp |
4839 |
+@@ -96,6 +100,8 @@ static inline struct inet_peer *inet_getpeer_v6(const struct in6_addr *v6daddr, |
4840 |
+ extern void inet_putpeer(struct inet_peer *p); |
4841 |
+ extern bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout); |
4842 |
+ |
4843 |
++extern void inetpeer_invalidate_tree(int family); |
4844 |
++ |
4845 |
+ /* |
4846 |
+ * temporary check to make sure we dont access rid, ip_id_count, tcp_ts, |
4847 |
+ * tcp_ts_stamp if no refcount is taken on inet_peer |
4848 |
+diff --git a/include/net/ip.h b/include/net/ip.h |
4849 |
+index eca0ef7..06aed72 100644 |
4850 |
+--- a/include/net/ip.h |
4851 |
++++ b/include/net/ip.h |
4852 |
+@@ -266,9 +266,11 @@ int ip_dont_fragment(struct sock *sk, struct dst_entry *dst) |
4853 |
+ |
4854 |
+ extern void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more); |
4855 |
+ |
4856 |
+-static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, struct sock *sk) |
4857 |
++static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk) |
4858 |
+ { |
4859 |
+- if (iph->frag_off & htons(IP_DF)) { |
4860 |
++ struct iphdr *iph = ip_hdr(skb); |
4861 |
++ |
4862 |
++ if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) { |
4863 |
+ /* This is only to work around buggy Windows95/2000 |
4864 |
+ * VJ compression implementations. If the ID field |
4865 |
+ * does not change, they drop every other packet in |
4866 |
+@@ -280,9 +282,11 @@ static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst, str |
4867 |
+ __ip_select_ident(iph, dst, 0); |
4868 |
+ } |
4869 |
+ |
4870 |
+-static inline void ip_select_ident_more(struct iphdr *iph, struct dst_entry *dst, struct sock *sk, int more) |
4871 |
++static inline void ip_select_ident_more(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk, int more) |
4872 |
+ { |
4873 |
+- if (iph->frag_off & htons(IP_DF)) { |
4874 |
++ struct iphdr *iph = ip_hdr(skb); |
4875 |
++ |
4876 |
++ if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) { |
4877 |
+ if (sk && inet_sk(sk)->inet_daddr) { |
4878 |
+ iph->id = htons(inet_sk(sk)->inet_id); |
4879 |
+ inet_sk(sk)->inet_id += 1 + more; |
4880 |
+diff --git a/include/net/ipip.h b/include/net/ipip.h |
4881 |
+index a32654d..4dccfe3 100644 |
4882 |
+--- a/include/net/ipip.h |
4883 |
++++ b/include/net/ipip.h |
4884 |
+@@ -50,7 +50,7 @@ struct ip_tunnel_prl_entry { |
4885 |
+ int pkt_len = skb->len - skb_transport_offset(skb); \ |
4886 |
+ \ |
4887 |
+ skb->ip_summed = CHECKSUM_NONE; \ |
4888 |
+- ip_select_ident(iph, &rt->dst, NULL); \ |
4889 |
++ ip_select_ident(skb, &rt->dst, NULL); \ |
4890 |
+ \ |
4891 |
+ err = ip_local_out(skb); \ |
4892 |
+ if (likely(net_xmit_eval(err) == 0)) { \ |
4893 |
+diff --git a/kernel/cgroup.c b/kernel/cgroup.c |
4894 |
+index d2a01fe..2a1ffb7 100644 |
4895 |
+--- a/kernel/cgroup.c |
4896 |
++++ b/kernel/cgroup.c |
4897 |
+@@ -3504,6 +3504,7 @@ static int cgroup_write_event_control(struct cgroup *cgrp, struct cftype *cft, |
4898 |
+ const char *buffer) |
4899 |
+ { |
4900 |
+ struct cgroup_event *event = NULL; |
4901 |
++ struct cgroup *cgrp_cfile; |
4902 |
+ unsigned int efd, cfd; |
4903 |
+ struct file *efile = NULL; |
4904 |
+ struct file *cfile = NULL; |
4905 |
+@@ -3559,6 +3560,16 @@ static int cgroup_write_event_control(struct cgroup *cgrp, struct cftype *cft, |
4906 |
+ goto fail; |
4907 |
+ } |
4908 |
+ |
4909 |
++ /* |
4910 |
++ * The file to be monitored must be in the same cgroup as |
4911 |
++ * cgroup.event_control is. |
4912 |
++ */ |
4913 |
++ cgrp_cfile = __d_cgrp(cfile->f_dentry->d_parent); |
4914 |
++ if (cgrp_cfile != cgrp) { |
4915 |
++ ret = -EINVAL; |
4916 |
++ goto fail; |
4917 |
++ } |
4918 |
++ |
4919 |
+ if (!event->cft->register_event || !event->cft->unregister_event) { |
4920 |
+ ret = -EINVAL; |
4921 |
+ goto fail; |
4922 |
+diff --git a/kernel/events/core.c b/kernel/events/core.c |
4923 |
+index 5bbe443..83d5621 100644 |
4924 |
+--- a/kernel/events/core.c |
4925 |
++++ b/kernel/events/core.c |
4926 |
+@@ -242,9 +242,9 @@ perf_cgroup_match(struct perf_event *event) |
4927 |
+ return !event->cgrp || event->cgrp == cpuctx->cgrp; |
4928 |
+ } |
4929 |
+ |
4930 |
+-static inline void perf_get_cgroup(struct perf_event *event) |
4931 |
++static inline bool perf_tryget_cgroup(struct perf_event *event) |
4932 |
+ { |
4933 |
+- css_get(&event->cgrp->css); |
4934 |
++ return css_tryget(&event->cgrp->css); |
4935 |
+ } |
4936 |
+ |
4937 |
+ static inline void perf_put_cgroup(struct perf_event *event) |
4938 |
+@@ -360,6 +360,8 @@ void perf_cgroup_switch(struct task_struct *task, int mode) |
4939 |
+ |
4940 |
+ list_for_each_entry_rcu(pmu, &pmus, entry) { |
4941 |
+ cpuctx = this_cpu_ptr(pmu->pmu_cpu_context); |
4942 |
++ if (cpuctx->unique_pmu != pmu) |
4943 |
++ continue; /* ensure we process each cpuctx once */ |
4944 |
+ |
4945 |
+ /* |
4946 |
+ * perf_cgroup_events says at least one |
4947 |
+@@ -383,9 +385,10 @@ void perf_cgroup_switch(struct task_struct *task, int mode) |
4948 |
+ |
4949 |
+ if (mode & PERF_CGROUP_SWIN) { |
4950 |
+ WARN_ON_ONCE(cpuctx->cgrp); |
4951 |
+- /* set cgrp before ctxsw in to |
4952 |
+- * allow event_filter_match() to not |
4953 |
+- * have to pass task around |
4954 |
++ /* |
4955 |
++ * set cgrp before ctxsw in to allow |
4956 |
++ * event_filter_match() to not have to pass |
4957 |
++ * task around |
4958 |
+ */ |
4959 |
+ cpuctx->cgrp = perf_cgroup_from_task(task); |
4960 |
+ cpu_ctx_sched_in(cpuctx, EVENT_ALL, task); |
4961 |
+@@ -473,7 +476,11 @@ static inline int perf_cgroup_connect(int fd, struct perf_event *event, |
4962 |
+ event->cgrp = cgrp; |
4963 |
+ |
4964 |
+ /* must be done before we fput() the file */ |
4965 |
+- perf_get_cgroup(event); |
4966 |
++ if (!perf_tryget_cgroup(event)) { |
4967 |
++ event->cgrp = NULL; |
4968 |
++ ret = -ENOENT; |
4969 |
++ goto out; |
4970 |
++ } |
4971 |
+ |
4972 |
+ /* |
4973 |
+ * all events in a group must monitor |
4974 |
+@@ -4377,7 +4384,7 @@ static void perf_event_task_event(struct perf_task_event *task_event) |
4975 |
+ rcu_read_lock(); |
4976 |
+ list_for_each_entry_rcu(pmu, &pmus, entry) { |
4977 |
+ cpuctx = get_cpu_ptr(pmu->pmu_cpu_context); |
4978 |
+- if (cpuctx->active_pmu != pmu) |
4979 |
++ if (cpuctx->unique_pmu != pmu) |
4980 |
+ goto next; |
4981 |
+ perf_event_task_ctx(&cpuctx->ctx, task_event); |
4982 |
+ |
4983 |
+@@ -4523,7 +4530,7 @@ static void perf_event_comm_event(struct perf_comm_event *comm_event) |
4984 |
+ rcu_read_lock(); |
4985 |
+ list_for_each_entry_rcu(pmu, &pmus, entry) { |
4986 |
+ cpuctx = get_cpu_ptr(pmu->pmu_cpu_context); |
4987 |
+- if (cpuctx->active_pmu != pmu) |
4988 |
++ if (cpuctx->unique_pmu != pmu) |
4989 |
+ goto next; |
4990 |
+ perf_event_comm_ctx(&cpuctx->ctx, comm_event); |
4991 |
+ |
4992 |
+@@ -4719,7 +4726,7 @@ got_name: |
4993 |
+ rcu_read_lock(); |
4994 |
+ list_for_each_entry_rcu(pmu, &pmus, entry) { |
4995 |
+ cpuctx = get_cpu_ptr(pmu->pmu_cpu_context); |
4996 |
+- if (cpuctx->active_pmu != pmu) |
4997 |
++ if (cpuctx->unique_pmu != pmu) |
4998 |
+ goto next; |
4999 |
+ perf_event_mmap_ctx(&cpuctx->ctx, mmap_event, |
5000 |
+ vma->vm_flags & VM_EXEC); |
5001 |
+@@ -5741,8 +5748,8 @@ static void update_pmu_context(struct pmu *pmu, struct pmu *old_pmu) |
5002 |
+ |
5003 |
+ cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu); |
5004 |
+ |
5005 |
+- if (cpuctx->active_pmu == old_pmu) |
5006 |
+- cpuctx->active_pmu = pmu; |
5007 |
++ if (cpuctx->unique_pmu == old_pmu) |
5008 |
++ cpuctx->unique_pmu = pmu; |
5009 |
+ } |
5010 |
+ } |
5011 |
+ |
5012 |
+@@ -5877,7 +5884,7 @@ skip_type: |
5013 |
+ cpuctx->ctx.pmu = pmu; |
5014 |
+ cpuctx->jiffies_interval = 1; |
5015 |
+ INIT_LIST_HEAD(&cpuctx->rotation_list); |
5016 |
+- cpuctx->active_pmu = pmu; |
5017 |
++ cpuctx->unique_pmu = pmu; |
5018 |
+ } |
5019 |
+ |
5020 |
+ got_cpu_context: |
5021 |
+diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c |
5022 |
+index 59474c5..c261da7 100644 |
5023 |
+--- a/kernel/sched_fair.c |
5024 |
++++ b/kernel/sched_fair.c |
5025 |
+@@ -4890,11 +4890,15 @@ static void task_fork_fair(struct task_struct *p) |
5026 |
+ |
5027 |
+ update_rq_clock(rq); |
5028 |
+ |
5029 |
+- if (unlikely(task_cpu(p) != this_cpu)) { |
5030 |
+- rcu_read_lock(); |
5031 |
+- __set_task_cpu(p, this_cpu); |
5032 |
+- rcu_read_unlock(); |
5033 |
+- } |
5034 |
++ /* |
5035 |
++ * Not only the cpu but also the task_group of the parent might have |
5036 |
++ * been changed after parent->se.parent,cfs_rq were copied to |
5037 |
++ * child->se.parent,cfs_rq. So call __set_task_cpu() to make those |
5038 |
++ * of child point to valid ones. |
5039 |
++ */ |
5040 |
++ rcu_read_lock(); |
5041 |
++ __set_task_cpu(p, this_cpu); |
5042 |
++ rcu_read_unlock(); |
5043 |
+ |
5044 |
+ update_curr(cfs_rq); |
5045 |
+ |
5046 |
+diff --git a/lib/show_mem.c b/lib/show_mem.c |
5047 |
+index 4407f8c..b7c7231 100644 |
5048 |
+--- a/lib/show_mem.c |
5049 |
++++ b/lib/show_mem.c |
5050 |
+@@ -18,6 +18,9 @@ void show_mem(unsigned int filter) |
5051 |
+ printk("Mem-Info:\n"); |
5052 |
+ show_free_areas(filter); |
5053 |
+ |
5054 |
++ if (filter & SHOW_MEM_FILTER_PAGE_COUNT) |
5055 |
++ return; |
5056 |
++ |
5057 |
+ for_each_online_pgdat(pgdat) { |
5058 |
+ unsigned long i, flags; |
5059 |
+ |
5060 |
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
5061 |
+index d80ac4b..ed0ed8a 100644 |
5062 |
+--- a/mm/huge_memory.c |
5063 |
++++ b/mm/huge_memory.c |
5064 |
+@@ -1882,6 +1882,8 @@ static void collapse_huge_page(struct mm_struct *mm, |
5065 |
+ goto out; |
5066 |
+ |
5067 |
+ vma = find_vma(mm, address); |
5068 |
++ if (!vma) |
5069 |
++ goto out; |
5070 |
+ hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; |
5071 |
+ hend = vma->vm_end & HPAGE_PMD_MASK; |
5072 |
+ if (address < hstart || address + HPAGE_PMD_SIZE > hend) |
5073 |
+diff --git a/mm/memcontrol.c b/mm/memcontrol.c |
5074 |
+index d027a24..204de6a 100644 |
5075 |
+--- a/mm/memcontrol.c |
5076 |
++++ b/mm/memcontrol.c |
5077 |
+@@ -4385,7 +4385,13 @@ static int compare_thresholds(const void *a, const void *b) |
5078 |
+ const struct mem_cgroup_threshold *_a = a; |
5079 |
+ const struct mem_cgroup_threshold *_b = b; |
5080 |
+ |
5081 |
+- return _a->threshold - _b->threshold; |
5082 |
++ if (_a->threshold > _b->threshold) |
5083 |
++ return 1; |
5084 |
++ |
5085 |
++ if (_a->threshold < _b->threshold) |
5086 |
++ return -1; |
5087 |
++ |
5088 |
++ return 0; |
5089 |
+ } |
5090 |
+ |
5091 |
+ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) |
5092 |
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
5093 |
+index b5afea2..d8762b2 100644 |
5094 |
+--- a/mm/page_alloc.c |
5095 |
++++ b/mm/page_alloc.c |
5096 |
+@@ -1760,6 +1760,13 @@ void warn_alloc_failed(gfp_t gfp_mask, int order, const char *fmt, ...) |
5097 |
+ return; |
5098 |
+ |
5099 |
+ /* |
5100 |
++ * Walking all memory to count page types is very expensive and should |
5101 |
++ * be inhibited in non-blockable contexts. |
5102 |
++ */ |
5103 |
++ if (!(gfp_mask & __GFP_WAIT)) |
5104 |
++ filter |= SHOW_MEM_FILTER_PAGE_COUNT; |
5105 |
++ |
5106 |
++ /* |
5107 |
+ * This documents exceptions given to allocations in certain |
5108 |
+ * contexts that are allowed to allocate outside current's set |
5109 |
+ * of allowed nodes. |
5110 |
+diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c |
5111 |
+index b81500c..a06deca 100644 |
5112 |
+--- a/net/bridge/br_multicast.c |
5113 |
++++ b/net/bridge/br_multicast.c |
5114 |
+@@ -1155,7 +1155,8 @@ static int br_ip6_multicast_query(struct net_bridge *br, |
5115 |
+ mld2q = (struct mld2_query *)icmp6_hdr(skb); |
5116 |
+ if (!mld2q->mld2q_nsrcs) |
5117 |
+ group = &mld2q->mld2q_mca; |
5118 |
+- max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(mld2q->mld2q_mrc) : 1; |
5119 |
++ |
5120 |
++ max_delay = max(msecs_to_jiffies(MLDV2_MRC(ntohs(mld2q->mld2q_mrc))), 1UL); |
5121 |
+ } |
5122 |
+ |
5123 |
+ if (!group) |
5124 |
+diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c |
5125 |
+index dd147d7..8ac946f 100644 |
5126 |
+--- a/net/bridge/br_stp.c |
5127 |
++++ b/net/bridge/br_stp.c |
5128 |
+@@ -189,7 +189,7 @@ static void br_record_config_information(struct net_bridge_port *p, |
5129 |
+ p->designated_age = jiffies + bpdu->message_age; |
5130 |
+ |
5131 |
+ mod_timer(&p->message_age_timer, jiffies |
5132 |
+- + (p->br->max_age - bpdu->message_age)); |
5133 |
++ + (bpdu->max_age - bpdu->message_age)); |
5134 |
+ } |
5135 |
+ |
5136 |
+ /* called under bridge lock */ |
5137 |
+diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c |
5138 |
+index 5cf5222..84efbe4 100644 |
5139 |
+--- a/net/caif/cfctrl.c |
5140 |
++++ b/net/caif/cfctrl.c |
5141 |
+@@ -288,9 +288,10 @@ int cfctrl_linkup_request(struct cflayer *layer, |
5142 |
+ |
5143 |
+ count = cfctrl_cancel_req(&cfctrl->serv.layer, |
5144 |
+ user_layer); |
5145 |
+- if (count != 1) |
5146 |
++ if (count != 1) { |
5147 |
+ pr_err("Could not remove request (%d)", count); |
5148 |
+ return -ENODEV; |
5149 |
++ } |
5150 |
+ } |
5151 |
+ return 0; |
5152 |
+ } |
5153 |
+diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c |
5154 |
+index f4f3f58..a70f426 100644 |
5155 |
+--- a/net/ceph/osd_client.c |
5156 |
++++ b/net/ceph/osd_client.c |
5157 |
+@@ -1719,6 +1719,8 @@ int ceph_osdc_start_request(struct ceph_osd_client *osdc, |
5158 |
+ dout("osdc_start_request failed map, " |
5159 |
+ " will retry %lld\n", req->r_tid); |
5160 |
+ rc = 0; |
5161 |
++ } else { |
5162 |
++ __unregister_request(osdc, req); |
5163 |
+ } |
5164 |
+ goto out_unlock; |
5165 |
+ } |
5166 |
+diff --git a/net/core/netpoll.c b/net/core/netpoll.c |
5167 |
+index db4bb7a..9649cea 100644 |
5168 |
+--- a/net/core/netpoll.c |
5169 |
++++ b/net/core/netpoll.c |
5170 |
+@@ -923,15 +923,14 @@ EXPORT_SYMBOL_GPL(__netpoll_cleanup); |
5171 |
+ |
5172 |
+ void netpoll_cleanup(struct netpoll *np) |
5173 |
+ { |
5174 |
+- if (!np->dev) |
5175 |
+- return; |
5176 |
+- |
5177 |
+ rtnl_lock(); |
5178 |
++ if (!np->dev) |
5179 |
++ goto out; |
5180 |
+ __netpoll_cleanup(np); |
5181 |
+- rtnl_unlock(); |
5182 |
+- |
5183 |
+ dev_put(np->dev); |
5184 |
+ np->dev = NULL; |
5185 |
++out: |
5186 |
++ rtnl_unlock(); |
5187 |
+ } |
5188 |
+ EXPORT_SYMBOL(netpoll_cleanup); |
5189 |
+ |
5190 |
+diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c |
5191 |
+index 77a65f0..f0bdd36 100644 |
5192 |
+--- a/net/core/sysctl_net_core.c |
5193 |
++++ b/net/core/sysctl_net_core.c |
5194 |
+@@ -19,6 +19,9 @@ |
5195 |
+ #include <net/sock.h> |
5196 |
+ #include <net/net_ratelimit.h> |
5197 |
+ |
5198 |
++static int zero = 0; |
5199 |
++static int ushort_max = USHRT_MAX; |
5200 |
++ |
5201 |
+ #ifdef CONFIG_RPS |
5202 |
+ static int rps_sock_flow_sysctl(ctl_table *table, int write, |
5203 |
+ void __user *buffer, size_t *lenp, loff_t *ppos) |
5204 |
+@@ -192,7 +195,9 @@ static struct ctl_table netns_core_table[] = { |
5205 |
+ .data = &init_net.core.sysctl_somaxconn, |
5206 |
+ .maxlen = sizeof(int), |
5207 |
+ .mode = 0644, |
5208 |
+- .proc_handler = proc_dointvec |
5209 |
++ .extra1 = &zero, |
5210 |
++ .extra2 = &ushort_max, |
5211 |
++ .proc_handler = proc_dointvec_minmax |
5212 |
+ }, |
5213 |
+ { } |
5214 |
+ }; |
5215 |
+diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c |
5216 |
+index cd2d639..c7c6724 100644 |
5217 |
+--- a/net/ipv4/fib_trie.c |
5218 |
++++ b/net/ipv4/fib_trie.c |
5219 |
+@@ -72,7 +72,6 @@ |
5220 |
+ #include <linux/init.h> |
5221 |
+ #include <linux/list.h> |
5222 |
+ #include <linux/slab.h> |
5223 |
+-#include <linux/prefetch.h> |
5224 |
+ #include <linux/export.h> |
5225 |
+ #include <net/net_namespace.h> |
5226 |
+ #include <net/ip.h> |
5227 |
+@@ -1773,10 +1772,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c) |
5228 |
+ if (!c) |
5229 |
+ continue; |
5230 |
+ |
5231 |
+- if (IS_LEAF(c)) { |
5232 |
+- prefetch(rcu_dereference_rtnl(p->child[idx])); |
5233 |
++ if (IS_LEAF(c)) |
5234 |
+ return (struct leaf *) c; |
5235 |
+- } |
5236 |
+ |
5237 |
+ /* Rescan start scanning in new node */ |
5238 |
+ p = (struct tnode *) c; |
5239 |
+diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c |
5240 |
+index c8989a7..75b0860 100644 |
5241 |
+--- a/net/ipv4/igmp.c |
5242 |
++++ b/net/ipv4/igmp.c |
5243 |
+@@ -342,7 +342,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) |
5244 |
+ pip->saddr = fl4.saddr; |
5245 |
+ pip->protocol = IPPROTO_IGMP; |
5246 |
+ pip->tot_len = 0; /* filled in later */ |
5247 |
+- ip_select_ident(pip, &rt->dst, NULL); |
5248 |
++ ip_select_ident(skb, &rt->dst, NULL); |
5249 |
+ ((u8*)&pip[1])[0] = IPOPT_RA; |
5250 |
+ ((u8*)&pip[1])[1] = 4; |
5251 |
+ ((u8*)&pip[1])[2] = 0; |
5252 |
+@@ -683,7 +683,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, |
5253 |
+ iph->daddr = dst; |
5254 |
+ iph->saddr = fl4.saddr; |
5255 |
+ iph->protocol = IPPROTO_IGMP; |
5256 |
+- ip_select_ident(iph, &rt->dst, NULL); |
5257 |
++ ip_select_ident(skb, &rt->dst, NULL); |
5258 |
+ ((u8*)&iph[1])[0] = IPOPT_RA; |
5259 |
+ ((u8*)&iph[1])[1] = 4; |
5260 |
+ ((u8*)&iph[1])[2] = 0; |
5261 |
+@@ -705,7 +705,7 @@ static void igmp_gq_timer_expire(unsigned long data) |
5262 |
+ |
5263 |
+ in_dev->mr_gq_running = 0; |
5264 |
+ igmpv3_send_report(in_dev, NULL); |
5265 |
+- __in_dev_put(in_dev); |
5266 |
++ in_dev_put(in_dev); |
5267 |
+ } |
5268 |
+ |
5269 |
+ static void igmp_ifc_timer_expire(unsigned long data) |
5270 |
+@@ -717,7 +717,7 @@ static void igmp_ifc_timer_expire(unsigned long data) |
5271 |
+ in_dev->mr_ifc_count--; |
5272 |
+ igmp_ifc_start_timer(in_dev, IGMP_Unsolicited_Report_Interval); |
5273 |
+ } |
5274 |
+- __in_dev_put(in_dev); |
5275 |
++ in_dev_put(in_dev); |
5276 |
+ } |
5277 |
+ |
5278 |
+ static void igmp_ifc_event(struct in_device *in_dev) |
5279 |
+diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c |
5280 |
+index 86f13c67..58c4e696 100644 |
5281 |
+--- a/net/ipv4/inetpeer.c |
5282 |
++++ b/net/ipv4/inetpeer.c |
5283 |
+@@ -17,6 +17,7 @@ |
5284 |
+ #include <linux/kernel.h> |
5285 |
+ #include <linux/mm.h> |
5286 |
+ #include <linux/net.h> |
5287 |
++#include <linux/workqueue.h> |
5288 |
+ #include <net/ip.h> |
5289 |
+ #include <net/inetpeer.h> |
5290 |
+ #include <net/secure_seq.h> |
5291 |
+@@ -31,8 +32,8 @@ |
5292 |
+ * At the moment of writing this notes identifier of IP packets is generated |
5293 |
+ * to be unpredictable using this code only for packets subjected |
5294 |
+ * (actually or potentially) to defragmentation. I.e. DF packets less than |
5295 |
+- * PMTU in size uses a constant ID and do not use this code (see |
5296 |
+- * ip_select_ident() in include/net/ip.h). |
5297 |
++ * PMTU in size when local fragmentation is disabled use a constant ID and do |
5298 |
++ * not use this code (see ip_select_ident() in include/net/ip.h). |
5299 |
+ * |
5300 |
+ * Route cache entries hold references to our nodes. |
5301 |
+ * New cache entries get references via lookup by destination IP address in |
5302 |
+@@ -66,6 +67,11 @@ |
5303 |
+ |
5304 |
+ static struct kmem_cache *peer_cachep __read_mostly; |
5305 |
+ |
5306 |
++static LIST_HEAD(gc_list); |
5307 |
++static const int gc_delay = 60 * HZ; |
5308 |
++static struct delayed_work gc_work; |
5309 |
++static DEFINE_SPINLOCK(gc_lock); |
5310 |
++ |
5311 |
+ #define node_height(x) x->avl_height |
5312 |
+ |
5313 |
+ #define peer_avl_empty ((struct inet_peer *)&peer_fake_node) |
5314 |
+@@ -102,6 +108,50 @@ int inet_peer_threshold __read_mostly = 65536 + 128; /* start to throw entries m |
5315 |
+ int inet_peer_minttl __read_mostly = 120 * HZ; /* TTL under high load: 120 sec */ |
5316 |
+ int inet_peer_maxttl __read_mostly = 10 * 60 * HZ; /* usual time to live: 10 min */ |
5317 |
+ |
5318 |
++static void inetpeer_gc_worker(struct work_struct *work) |
5319 |
++{ |
5320 |
++ struct inet_peer *p, *n; |
5321 |
++ LIST_HEAD(list); |
5322 |
++ |
5323 |
++ spin_lock_bh(&gc_lock); |
5324 |
++ list_replace_init(&gc_list, &list); |
5325 |
++ spin_unlock_bh(&gc_lock); |
5326 |
++ |
5327 |
++ if (list_empty(&list)) |
5328 |
++ return; |
5329 |
++ |
5330 |
++ list_for_each_entry_safe(p, n, &list, gc_list) { |
5331 |
++ |
5332 |
++ if(need_resched()) |
5333 |
++ cond_resched(); |
5334 |
++ |
5335 |
++ if (p->avl_left != peer_avl_empty) { |
5336 |
++ list_add_tail(&p->avl_left->gc_list, &list); |
5337 |
++ p->avl_left = peer_avl_empty; |
5338 |
++ } |
5339 |
++ |
5340 |
++ if (p->avl_right != peer_avl_empty) { |
5341 |
++ list_add_tail(&p->avl_right->gc_list, &list); |
5342 |
++ p->avl_right = peer_avl_empty; |
5343 |
++ } |
5344 |
++ |
5345 |
++ n = list_entry(p->gc_list.next, struct inet_peer, gc_list); |
5346 |
++ |
5347 |
++ if (!atomic_read(&p->refcnt)) { |
5348 |
++ list_del(&p->gc_list); |
5349 |
++ kmem_cache_free(peer_cachep, p); |
5350 |
++ } |
5351 |
++ } |
5352 |
++ |
5353 |
++ if (list_empty(&list)) |
5354 |
++ return; |
5355 |
++ |
5356 |
++ spin_lock_bh(&gc_lock); |
5357 |
++ list_splice(&list, &gc_list); |
5358 |
++ spin_unlock_bh(&gc_lock); |
5359 |
++ |
5360 |
++ schedule_delayed_work(&gc_work, gc_delay); |
5361 |
++} |
5362 |
+ |
5363 |
+ /* Called from ip_output.c:ip_init */ |
5364 |
+ void __init inet_initpeers(void) |
5365 |
+@@ -126,6 +176,7 @@ void __init inet_initpeers(void) |
5366 |
+ 0, SLAB_HWCACHE_ALIGN | SLAB_PANIC, |
5367 |
+ NULL); |
5368 |
+ |
5369 |
++ INIT_DELAYED_WORK_DEFERRABLE(&gc_work, inetpeer_gc_worker); |
5370 |
+ } |
5371 |
+ |
5372 |
+ static int addr_compare(const struct inetpeer_addr *a, |
5373 |
+@@ -448,7 +499,7 @@ relookup: |
5374 |
+ p->pmtu_expires = 0; |
5375 |
+ p->pmtu_orig = 0; |
5376 |
+ memset(&p->redirect_learned, 0, sizeof(p->redirect_learned)); |
5377 |
+- |
5378 |
++ INIT_LIST_HEAD(&p->gc_list); |
5379 |
+ |
5380 |
+ /* Link the node. */ |
5381 |
+ link_to_pool(p, base); |
5382 |
+@@ -508,3 +559,38 @@ bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout) |
5383 |
+ return rc; |
5384 |
+ } |
5385 |
+ EXPORT_SYMBOL(inet_peer_xrlim_allow); |
5386 |
++ |
5387 |
++static void inetpeer_inval_rcu(struct rcu_head *head) |
5388 |
++{ |
5389 |
++ struct inet_peer *p = container_of(head, struct inet_peer, gc_rcu); |
5390 |
++ |
5391 |
++ spin_lock_bh(&gc_lock); |
5392 |
++ list_add_tail(&p->gc_list, &gc_list); |
5393 |
++ spin_unlock_bh(&gc_lock); |
5394 |
++ |
5395 |
++ schedule_delayed_work(&gc_work, gc_delay); |
5396 |
++} |
5397 |
++ |
5398 |
++void inetpeer_invalidate_tree(int family) |
5399 |
++{ |
5400 |
++ struct inet_peer *old, *new, *prev; |
5401 |
++ struct inet_peer_base *base = family_to_base(family); |
5402 |
++ |
5403 |
++ write_seqlock_bh(&base->lock); |
5404 |
++ |
5405 |
++ old = base->root; |
5406 |
++ if (old == peer_avl_empty_rcu) |
5407 |
++ goto out; |
5408 |
++ |
5409 |
++ new = peer_avl_empty_rcu; |
5410 |
++ |
5411 |
++ prev = cmpxchg(&base->root, old, new); |
5412 |
++ if (prev == old) { |
5413 |
++ base->total = 0; |
5414 |
++ call_rcu(&prev->gc_rcu, inetpeer_inval_rcu); |
5415 |
++ } |
5416 |
++ |
5417 |
++out: |
5418 |
++ write_sequnlock_bh(&base->lock); |
5419 |
++} |
5420 |
++EXPORT_SYMBOL(inetpeer_invalidate_tree); |
5421 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
5422 |
+index 0bc95f3..daf408e 100644 |
5423 |
+--- a/net/ipv4/ip_output.c |
5424 |
++++ b/net/ipv4/ip_output.c |
5425 |
+@@ -162,7 +162,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, |
5426 |
+ iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); |
5427 |
+ iph->saddr = saddr; |
5428 |
+ iph->protocol = sk->sk_protocol; |
5429 |
+- ip_select_ident(iph, &rt->dst, sk); |
5430 |
++ ip_select_ident(skb, &rt->dst, sk); |
5431 |
+ |
5432 |
+ if (opt && opt->opt.optlen) { |
5433 |
+ iph->ihl += opt->opt.optlen>>2; |
5434 |
+@@ -390,7 +390,7 @@ packet_routed: |
5435 |
+ ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0); |
5436 |
+ } |
5437 |
+ |
5438 |
+- ip_select_ident_more(iph, &rt->dst, sk, |
5439 |
++ ip_select_ident_more(skb, &rt->dst, sk, |
5440 |
+ (skb_shinfo(skb)->gso_segs ?: 1) - 1); |
5441 |
+ |
5442 |
+ skb->priority = sk->sk_priority; |
5443 |
+@@ -1334,7 +1334,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk, |
5444 |
+ iph->ihl = 5; |
5445 |
+ iph->tos = inet->tos; |
5446 |
+ iph->frag_off = df; |
5447 |
+- ip_select_ident(iph, &rt->dst, sk); |
5448 |
++ ip_select_ident(skb, &rt->dst, sk); |
5449 |
+ iph->ttl = ttl; |
5450 |
+ iph->protocol = sk->sk_protocol; |
5451 |
+ iph->saddr = fl4->saddr; |
5452 |
+diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
5453 |
+index 0064394..b5e64e4 100644 |
5454 |
+--- a/net/ipv4/ipmr.c |
5455 |
++++ b/net/ipv4/ipmr.c |
5456 |
+@@ -1576,7 +1576,7 @@ static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr) |
5457 |
+ iph->protocol = IPPROTO_IPIP; |
5458 |
+ iph->ihl = 5; |
5459 |
+ iph->tot_len = htons(skb->len); |
5460 |
+- ip_select_ident(iph, skb_dst(skb), NULL); |
5461 |
++ ip_select_ident(skb, skb_dst(skb), NULL); |
5462 |
+ ip_send_check(iph); |
5463 |
+ |
5464 |
+ memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); |
5465 |
+diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c |
5466 |
+index e1d4f30..2815014 100644 |
5467 |
+--- a/net/ipv4/raw.c |
5468 |
++++ b/net/ipv4/raw.c |
5469 |
+@@ -380,7 +380,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, |
5470 |
+ iph->check = 0; |
5471 |
+ iph->tot_len = htons(length); |
5472 |
+ if (!iph->id) |
5473 |
+- ip_select_ident(iph, &rt->dst, NULL); |
5474 |
++ ip_select_ident(skb, &rt->dst, NULL); |
5475 |
+ |
5476 |
+ iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); |
5477 |
+ } |
5478 |
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
5479 |
+index 94cdbc5..c45a155a3 100644 |
5480 |
+--- a/net/ipv4/route.c |
5481 |
++++ b/net/ipv4/route.c |
5482 |
+@@ -939,6 +939,7 @@ static void rt_cache_invalidate(struct net *net) |
5483 |
+ get_random_bytes(&shuffle, sizeof(shuffle)); |
5484 |
+ atomic_add(shuffle + 1U, &net->ipv4.rt_genid); |
5485 |
+ redirect_genid++; |
5486 |
++ inetpeer_invalidate_tree(AF_INET); |
5487 |
+ } |
5488 |
+ |
5489 |
+ /* |
5490 |
+diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c |
5491 |
+index f376b05..b78eac2 100644 |
5492 |
+--- a/net/ipv4/tcp_cubic.c |
5493 |
++++ b/net/ipv4/tcp_cubic.c |
5494 |
+@@ -204,8 +204,8 @@ static u32 cubic_root(u64 a) |
5495 |
+ */ |
5496 |
+ static inline void bictcp_update(struct bictcp *ca, u32 cwnd) |
5497 |
+ { |
5498 |
+- u64 offs; |
5499 |
+- u32 delta, t, bic_target, max_cnt; |
5500 |
++ u32 delta, bic_target, max_cnt; |
5501 |
++ u64 offs, t; |
5502 |
+ |
5503 |
+ ca->ack_cnt++; /* count the number of ACKs */ |
5504 |
+ |
5505 |
+@@ -248,9 +248,11 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd) |
5506 |
+ * if the cwnd < 1 million packets !!! |
5507 |
+ */ |
5508 |
+ |
5509 |
++ t = (s32)(tcp_time_stamp - ca->epoch_start); |
5510 |
++ t += msecs_to_jiffies(ca->delay_min >> 3); |
5511 |
+ /* change the unit from HZ to bictcp_HZ */ |
5512 |
+- t = ((tcp_time_stamp + msecs_to_jiffies(ca->delay_min>>3) |
5513 |
+- - ca->epoch_start) << BICTCP_HZ) / HZ; |
5514 |
++ t <<= BICTCP_HZ; |
5515 |
++ do_div(t, HZ); |
5516 |
+ |
5517 |
+ if (t < ca->bic_K) /* t - K */ |
5518 |
+ offs = ca->bic_K - t; |
5519 |
+@@ -412,7 +414,7 @@ static void bictcp_acked(struct sock *sk, u32 cnt, s32 rtt_us) |
5520 |
+ return; |
5521 |
+ |
5522 |
+ /* Discard delay samples right after fast recovery */ |
5523 |
+- if ((s32)(tcp_time_stamp - ca->epoch_start) < HZ) |
5524 |
++ if (ca->epoch_start && (s32)(tcp_time_stamp - ca->epoch_start) < HZ) |
5525 |
+ return; |
5526 |
+ |
5527 |
+ delay = (rtt_us << 3) / USEC_PER_MSEC; |
5528 |
+diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c |
5529 |
+index ed4bf11..938553e 100644 |
5530 |
+--- a/net/ipv4/xfrm4_mode_tunnel.c |
5531 |
++++ b/net/ipv4/xfrm4_mode_tunnel.c |
5532 |
+@@ -54,7 +54,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) |
5533 |
+ |
5534 |
+ top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? |
5535 |
+ 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF)); |
5536 |
+- ip_select_ident(top_iph, dst->child, NULL); |
5537 |
++ ip_select_ident(skb, dst->child, NULL); |
5538 |
+ |
5539 |
+ top_iph->ttl = ip4_dst_hoplimit(dst->child); |
5540 |
+ |
5541 |
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
5542 |
+index 314bda2..5d41293 100644 |
5543 |
+--- a/net/ipv6/addrconf.c |
5544 |
++++ b/net/ipv6/addrconf.c |
5545 |
+@@ -913,12 +913,10 @@ retry: |
5546 |
+ if (ifp->flags & IFA_F_OPTIMISTIC) |
5547 |
+ addr_flags |= IFA_F_OPTIMISTIC; |
5548 |
+ |
5549 |
+- ift = !max_addresses || |
5550 |
+- ipv6_count_addresses(idev) < max_addresses ? |
5551 |
+- ipv6_add_addr(idev, &addr, tmp_plen, |
5552 |
+- ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
5553 |
+- addr_flags) : NULL; |
5554 |
+- if (!ift || IS_ERR(ift)) { |
5555 |
++ ift = ipv6_add_addr(idev, &addr, tmp_plen, |
5556 |
++ ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
5557 |
++ addr_flags); |
5558 |
++ if (IS_ERR(ift)) { |
5559 |
+ in6_ifa_put(ifp); |
5560 |
+ in6_dev_put(idev); |
5561 |
+ printk(KERN_INFO |
5562 |
+diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c |
5563 |
+index 90868fb..d505453 100644 |
5564 |
+--- a/net/ipv6/icmp.c |
5565 |
++++ b/net/ipv6/icmp.c |
5566 |
+@@ -911,6 +911,14 @@ static const struct icmp6_err { |
5567 |
+ .err = ECONNREFUSED, |
5568 |
+ .fatal = 1, |
5569 |
+ }, |
5570 |
++ { /* POLICY_FAIL */ |
5571 |
++ .err = EACCES, |
5572 |
++ .fatal = 1, |
5573 |
++ }, |
5574 |
++ { /* REJECT_ROUTE */ |
5575 |
++ .err = EACCES, |
5576 |
++ .fatal = 1, |
5577 |
++ }, |
5578 |
+ }; |
5579 |
+ |
5580 |
+ int icmpv6_err_convert(u8 type, u8 code, int *err) |
5581 |
+@@ -922,7 +930,7 @@ int icmpv6_err_convert(u8 type, u8 code, int *err) |
5582 |
+ switch (type) { |
5583 |
+ case ICMPV6_DEST_UNREACH: |
5584 |
+ fatal = 1; |
5585 |
+- if (code <= ICMPV6_PORT_UNREACH) { |
5586 |
++ if (code < ARRAY_SIZE(tab_unreach)) { |
5587 |
+ *err = tab_unreach[code].err; |
5588 |
+ fatal = tab_unreach[code].fatal; |
5589 |
+ } |
5590 |
+diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c |
5591 |
+index 93718f3..443724f 100644 |
5592 |
+--- a/net/ipv6/ip6_fib.c |
5593 |
++++ b/net/ipv6/ip6_fib.c |
5594 |
+@@ -862,14 +862,22 @@ static struct fib6_node * fib6_lookup_1(struct fib6_node *root, |
5595 |
+ |
5596 |
+ if (ipv6_prefix_equal(&key->addr, args->addr, key->plen)) { |
5597 |
+ #ifdef CONFIG_IPV6_SUBTREES |
5598 |
+- if (fn->subtree) |
5599 |
+- fn = fib6_lookup_1(fn->subtree, args + 1); |
5600 |
++ if (fn->subtree) { |
5601 |
++ struct fib6_node *sfn; |
5602 |
++ sfn = fib6_lookup_1(fn->subtree, |
5603 |
++ args + 1); |
5604 |
++ if (!sfn) |
5605 |
++ goto backtrack; |
5606 |
++ fn = sfn; |
5607 |
++ } |
5608 |
+ #endif |
5609 |
+- if (!fn || fn->fn_flags & RTN_RTINFO) |
5610 |
++ if (fn->fn_flags & RTN_RTINFO) |
5611 |
+ return fn; |
5612 |
+ } |
5613 |
+ } |
5614 |
+- |
5615 |
++#ifdef CONFIG_IPV6_SUBTREES |
5616 |
++backtrack: |
5617 |
++#endif |
5618 |
+ if (fn->fn_flags & RTN_ROOT) |
5619 |
+ break; |
5620 |
+ |
5621 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
5622 |
+index db60043..91d0711 100644 |
5623 |
+--- a/net/ipv6/ip6_output.c |
5624 |
++++ b/net/ipv6/ip6_output.c |
5625 |
+@@ -1125,6 +1125,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, |
5626 |
+ * udp datagram |
5627 |
+ */ |
5628 |
+ if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { |
5629 |
++ struct frag_hdr fhdr; |
5630 |
++ |
5631 |
+ skb = sock_alloc_send_skb(sk, |
5632 |
+ hh_len + fragheaderlen + transhdrlen + 20, |
5633 |
+ (flags & MSG_DONTWAIT), &err); |
5634 |
+@@ -1145,12 +1147,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, |
5635 |
+ |
5636 |
+ skb->ip_summed = CHECKSUM_PARTIAL; |
5637 |
+ skb->csum = 0; |
5638 |
+- } |
5639 |
+- |
5640 |
+- err = skb_append_datato_frags(sk,skb, getfrag, from, |
5641 |
+- (length - transhdrlen)); |
5642 |
+- if (!err) { |
5643 |
+- struct frag_hdr fhdr; |
5644 |
+ |
5645 |
+ /* Specify the length of each IPv6 datagram fragment. |
5646 |
+ * It has to be a multiple of 8. |
5647 |
+@@ -1161,15 +1157,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, |
5648 |
+ ipv6_select_ident(&fhdr, rt); |
5649 |
+ skb_shinfo(skb)->ip6_frag_id = fhdr.identification; |
5650 |
+ __skb_queue_tail(&sk->sk_write_queue, skb); |
5651 |
+- |
5652 |
+- return 0; |
5653 |
+ } |
5654 |
+- /* There is not enough support do UPD LSO, |
5655 |
+- * so follow normal path |
5656 |
+- */ |
5657 |
+- kfree_skb(skb); |
5658 |
+ |
5659 |
+- return err; |
5660 |
++ return skb_append_datato_frags(sk, skb, getfrag, from, |
5661 |
++ (length - transhdrlen)); |
5662 |
+ } |
5663 |
+ |
5664 |
+ static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, |
5665 |
+@@ -1342,27 +1333,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, |
5666 |
+ * --yoshfuji |
5667 |
+ */ |
5668 |
+ |
5669 |
+- cork->length += length; |
5670 |
+- if (length > mtu) { |
5671 |
+- int proto = sk->sk_protocol; |
5672 |
+- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ |
5673 |
+- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); |
5674 |
+- return -EMSGSIZE; |
5675 |
+- } |
5676 |
+- |
5677 |
+- if (proto == IPPROTO_UDP && |
5678 |
+- (rt->dst.dev->features & NETIF_F_UFO)) { |
5679 |
++ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || |
5680 |
++ sk->sk_protocol == IPPROTO_RAW)) { |
5681 |
++ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); |
5682 |
++ return -EMSGSIZE; |
5683 |
++ } |
5684 |
+ |
5685 |
+- err = ip6_ufo_append_data(sk, getfrag, from, length, |
5686 |
+- hh_len, fragheaderlen, |
5687 |
+- transhdrlen, mtu, flags, rt); |
5688 |
+- if (err) |
5689 |
+- goto error; |
5690 |
+- return 0; |
5691 |
+- } |
5692 |
++ skb = skb_peek_tail(&sk->sk_write_queue); |
5693 |
++ cork->length += length; |
5694 |
++ if (((length > mtu) || |
5695 |
++ (skb && skb_is_gso(skb))) && |
5696 |
++ (sk->sk_protocol == IPPROTO_UDP) && |
5697 |
++ (rt->dst.dev->features & NETIF_F_UFO)) { |
5698 |
++ err = ip6_ufo_append_data(sk, getfrag, from, length, |
5699 |
++ hh_len, fragheaderlen, |
5700 |
++ transhdrlen, mtu, flags, rt); |
5701 |
++ if (err) |
5702 |
++ goto error; |
5703 |
++ return 0; |
5704 |
+ } |
5705 |
+ |
5706 |
+- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) |
5707 |
++ if (!skb) |
5708 |
+ goto alloc_new_skb; |
5709 |
+ |
5710 |
+ while (length > 0) { |
5711 |
+diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c |
5712 |
+index c7ec4bb..d20a9be 100644 |
5713 |
+--- a/net/ipv6/mcast.c |
5714 |
++++ b/net/ipv6/mcast.c |
5715 |
+@@ -2159,7 +2159,7 @@ static void mld_gq_timer_expire(unsigned long data) |
5716 |
+ |
5717 |
+ idev->mc_gq_running = 0; |
5718 |
+ mld_send_report(idev, NULL); |
5719 |
+- __in6_dev_put(idev); |
5720 |
++ in6_dev_put(idev); |
5721 |
+ } |
5722 |
+ |
5723 |
+ static void mld_ifc_timer_expire(unsigned long data) |
5724 |
+@@ -2172,7 +2172,7 @@ static void mld_ifc_timer_expire(unsigned long data) |
5725 |
+ if (idev->mc_ifc_count) |
5726 |
+ mld_ifc_start_timer(idev, idev->mc_maxdelay); |
5727 |
+ } |
5728 |
+- __in6_dev_put(idev); |
5729 |
++ in6_dev_put(idev); |
5730 |
+ } |
5731 |
+ |
5732 |
+ static void mld_ifc_event(struct inet6_dev *idev) |
5733 |
+diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c |
5734 |
+index 9ffc37f..bc55358 100644 |
5735 |
+--- a/net/ipv6/ndisc.c |
5736 |
++++ b/net/ipv6/ndisc.c |
5737 |
+@@ -447,7 +447,6 @@ struct sk_buff *ndisc_build_skb(struct net_device *dev, |
5738 |
+ struct sk_buff *skb; |
5739 |
+ struct icmp6hdr *hdr; |
5740 |
+ int len; |
5741 |
+- int err; |
5742 |
+ u8 *opt; |
5743 |
+ |
5744 |
+ if (!dev->addr_len) |
5745 |
+@@ -457,14 +456,12 @@ struct sk_buff *ndisc_build_skb(struct net_device *dev, |
5746 |
+ if (llinfo) |
5747 |
+ len += ndisc_opt_addr_space(dev); |
5748 |
+ |
5749 |
+- skb = sock_alloc_send_skb(sk, |
5750 |
+- (MAX_HEADER + sizeof(struct ipv6hdr) + |
5751 |
+- len + LL_ALLOCATED_SPACE(dev)), |
5752 |
+- 1, &err); |
5753 |
++ skb = alloc_skb((MAX_HEADER + sizeof(struct ipv6hdr) + |
5754 |
++ len + LL_ALLOCATED_SPACE(dev)), GFP_ATOMIC); |
5755 |
+ if (!skb) { |
5756 |
+ ND_PRINTK0(KERN_ERR |
5757 |
+- "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", |
5758 |
+- __func__, err); |
5759 |
++ "ICMPv6 ND: %s() failed to allocate an skb.\n", |
5760 |
++ __func__); |
5761 |
+ return NULL; |
5762 |
+ } |
5763 |
+ |
5764 |
+@@ -492,6 +489,11 @@ struct sk_buff *ndisc_build_skb(struct net_device *dev, |
5765 |
+ csum_partial(hdr, |
5766 |
+ len, 0)); |
5767 |
+ |
5768 |
++ /* Manually assign socket ownership as we avoid calling |
5769 |
++ * sock_alloc_send_pskb() to bypass wmem buffer limits |
5770 |
++ */ |
5771 |
++ skb_set_owner_w(skb, sk); |
5772 |
++ |
5773 |
+ return skb; |
5774 |
+ } |
5775 |
+ |
5776 |
+diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c |
5777 |
+index 411fe2c..eba5deb 100644 |
5778 |
+--- a/net/ipv6/reassembly.c |
5779 |
++++ b/net/ipv6/reassembly.c |
5780 |
+@@ -517,6 +517,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev, |
5781 |
+ head->tstamp = fq->q.stamp; |
5782 |
+ ipv6_hdr(head)->payload_len = htons(payload_len); |
5783 |
+ IP6CB(head)->nhoff = nhoff; |
5784 |
++ IP6CB(head)->flags |= IP6SKB_FRAGMENTED; |
5785 |
+ |
5786 |
+ /* Yes, and fold redundant checksum back. 8) */ |
5787 |
+ if (head->ip_summed == CHECKSUM_COMPLETE) |
5788 |
+@@ -552,6 +553,9 @@ static int ipv6_frag_rcv(struct sk_buff *skb) |
5789 |
+ const struct ipv6hdr *hdr = ipv6_hdr(skb); |
5790 |
+ struct net *net = dev_net(skb_dst(skb)->dev); |
5791 |
+ |
5792 |
++ if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED) |
5793 |
++ goto fail_hdr; |
5794 |
++ |
5795 |
+ IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMREQDS); |
5796 |
+ |
5797 |
+ /* Jumbo payload inhibits frag. header */ |
5798 |
+@@ -572,6 +576,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb) |
5799 |
+ ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS); |
5800 |
+ |
5801 |
+ IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb); |
5802 |
++ IP6CB(skb)->flags |= IP6SKB_FRAGMENTED; |
5803 |
+ return 1; |
5804 |
+ } |
5805 |
+ |
5806 |
+diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c |
5807 |
+index aa2d720..38c0813 100644 |
5808 |
+--- a/net/netfilter/ipvs/ip_vs_xmit.c |
5809 |
++++ b/net/netfilter/ipvs/ip_vs_xmit.c |
5810 |
+@@ -853,7 +853,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, |
5811 |
+ iph->daddr = cp->daddr.ip; |
5812 |
+ iph->saddr = saddr; |
5813 |
+ iph->ttl = old_iph->ttl; |
5814 |
+- ip_select_ident(iph, &rt->dst, NULL); |
5815 |
++ ip_select_ident(skb, &rt->dst, NULL); |
5816 |
+ |
5817 |
+ /* Another hack: avoid icmp_send in ip_fragment */ |
5818 |
+ skb->local_df = 1; |
5819 |
+diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c |
5820 |
+index f08b9166..caa5aff 100644 |
5821 |
+--- a/net/sched/sch_htb.c |
5822 |
++++ b/net/sched/sch_htb.c |
5823 |
+@@ -86,7 +86,7 @@ struct htb_class { |
5824 |
+ unsigned int children; |
5825 |
+ struct htb_class *parent; /* parent class */ |
5826 |
+ |
5827 |
+- int prio; /* these two are used only by leaves... */ |
5828 |
++ u32 prio; /* these two are used only by leaves... */ |
5829 |
+ int quantum; /* but stored for parent-to-leaf return */ |
5830 |
+ |
5831 |
+ union { |
5832 |
+diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
5833 |
+index 8104278..0b6a391 100644 |
5834 |
+--- a/net/sctp/ipv6.c |
5835 |
++++ b/net/sctp/ipv6.c |
5836 |
+@@ -205,45 +205,24 @@ out: |
5837 |
+ in6_dev_put(idev); |
5838 |
+ } |
5839 |
+ |
5840 |
+-/* Based on tcp_v6_xmit() in tcp_ipv6.c. */ |
5841 |
+ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport) |
5842 |
+ { |
5843 |
+ struct sock *sk = skb->sk; |
5844 |
+ struct ipv6_pinfo *np = inet6_sk(sk); |
5845 |
+- struct flowi6 fl6; |
5846 |
+- |
5847 |
+- memset(&fl6, 0, sizeof(fl6)); |
5848 |
+- |
5849 |
+- fl6.flowi6_proto = sk->sk_protocol; |
5850 |
+- |
5851 |
+- /* Fill in the dest address from the route entry passed with the skb |
5852 |
+- * and the source address from the transport. |
5853 |
+- */ |
5854 |
+- ipv6_addr_copy(&fl6.daddr, &transport->ipaddr.v6.sin6_addr); |
5855 |
+- ipv6_addr_copy(&fl6.saddr, &transport->saddr.v6.sin6_addr); |
5856 |
+- |
5857 |
+- fl6.flowlabel = np->flow_label; |
5858 |
+- IP6_ECN_flow_xmit(sk, fl6.flowlabel); |
5859 |
+- if (ipv6_addr_type(&fl6.saddr) & IPV6_ADDR_LINKLOCAL) |
5860 |
+- fl6.flowi6_oif = transport->saddr.v6.sin6_scope_id; |
5861 |
+- else |
5862 |
+- fl6.flowi6_oif = sk->sk_bound_dev_if; |
5863 |
+- |
5864 |
+- if (np->opt && np->opt->srcrt) { |
5865 |
+- struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt; |
5866 |
+- ipv6_addr_copy(&fl6.daddr, rt0->addr); |
5867 |
+- } |
5868 |
++ struct flowi6 *fl6 = &transport->fl.u.ip6; |
5869 |
+ |
5870 |
+ SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, src:%pI6 dst:%pI6\n", |
5871 |
+ __func__, skb, skb->len, |
5872 |
+- &fl6.saddr, &fl6.daddr); |
5873 |
++ &fl6->saddr, &fl6->daddr); |
5874 |
+ |
5875 |
+- SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); |
5876 |
++ IP6_ECN_flow_xmit(sk, fl6->flowlabel); |
5877 |
+ |
5878 |
+ if (!(transport->param_flags & SPP_PMTUD_ENABLE)) |
5879 |
+ skb->local_df = 1; |
5880 |
+ |
5881 |
+- return ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); |
5882 |
++ SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); |
5883 |
++ |
5884 |
++ return ip6_xmit(sk, skb, fl6, np->opt, np->tclass); |
5885 |
+ } |
5886 |
+ |
5887 |
+ /* Returns the dst cache entry for the given source and destination ip |
5888 |
+@@ -256,10 +235,12 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, |
5889 |
+ struct dst_entry *dst = NULL; |
5890 |
+ struct flowi6 *fl6 = &fl->u.ip6; |
5891 |
+ struct sctp_bind_addr *bp; |
5892 |
++ struct ipv6_pinfo *np = inet6_sk(sk); |
5893 |
+ struct sctp_sockaddr_entry *laddr; |
5894 |
+ union sctp_addr *baddr = NULL; |
5895 |
+ union sctp_addr *daddr = &t->ipaddr; |
5896 |
+ union sctp_addr dst_saddr; |
5897 |
++ struct in6_addr *final_p, final; |
5898 |
+ __u8 matchlen = 0; |
5899 |
+ __u8 bmatchlen; |
5900 |
+ sctp_scope_t scope; |
5901 |
+@@ -282,7 +263,8 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, |
5902 |
+ SCTP_DEBUG_PRINTK("SRC=%pI6 - ", &fl6->saddr); |
5903 |
+ } |
5904 |
+ |
5905 |
+- dst = ip6_dst_lookup_flow(sk, fl6, NULL, false); |
5906 |
++ final_p = fl6_update_dst(fl6, np->opt, &final); |
5907 |
++ dst = ip6_dst_lookup_flow(sk, fl6, final_p, false); |
5908 |
+ if (!asoc || saddr) |
5909 |
+ goto out; |
5910 |
+ |
5911 |
+@@ -333,10 +315,12 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, |
5912 |
+ } |
5913 |
+ } |
5914 |
+ rcu_read_unlock(); |
5915 |
++ |
5916 |
+ if (baddr) { |
5917 |
+ ipv6_addr_copy(&fl6->saddr, &baddr->v6.sin6_addr); |
5918 |
+ fl6->fl6_sport = baddr->v6.sin6_port; |
5919 |
+- dst = ip6_dst_lookup_flow(sk, fl6, NULL, false); |
5920 |
++ final_p = fl6_update_dst(fl6, np->opt, &final); |
5921 |
++ dst = ip6_dst_lookup_flow(sk, fl6, final_p, false); |
5922 |
+ } |
5923 |
+ |
5924 |
+ out: |
5925 |
+diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c |
5926 |
+index 9032d50..76388b0 100644 |
5927 |
+--- a/net/sctp/sm_sideeffect.c |
5928 |
++++ b/net/sctp/sm_sideeffect.c |
5929 |
+@@ -1604,9 +1604,8 @@ static int sctp_cmd_interpreter(sctp_event_t event_type, |
5930 |
+ asoc->outqueue.outstanding_bytes; |
5931 |
+ sackh.num_gap_ack_blocks = 0; |
5932 |
+ sackh.num_dup_tsns = 0; |
5933 |
+- chunk->subh.sack_hdr = &sackh; |
5934 |
+ sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_SACK, |
5935 |
+- SCTP_CHUNK(chunk)); |
5936 |
++ SCTP_SACKH(&sackh)); |
5937 |
+ break; |
5938 |
+ |
5939 |
+ case SCTP_CMD_DISCARD_PACKET: |
5940 |
+diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
5941 |
+index ba0108f..c53d01e 100644 |
5942 |
+--- a/net/sctp/socket.c |
5943 |
++++ b/net/sctp/socket.c |
5944 |
+@@ -814,6 +814,9 @@ static int sctp_send_asconf_del_ip(struct sock *sk, |
5945 |
+ goto skip_mkasconf; |
5946 |
+ } |
5947 |
+ |
5948 |
++ if (laddr == NULL) |
5949 |
++ return -EINVAL; |
5950 |
++ |
5951 |
+ /* We do not need RCU protection throughout this loop |
5952 |
+ * because this is done under a socket lock from the |
5953 |
+ * setsockopt call. |
5954 |
+diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c |
5955 |
+index e728d4c..a224a38 100644 |
5956 |
+--- a/net/tipc/eth_media.c |
5957 |
++++ b/net/tipc/eth_media.c |
5958 |
+@@ -53,6 +53,7 @@ struct eth_bearer { |
5959 |
+ struct tipc_bearer *bearer; |
5960 |
+ struct net_device *dev; |
5961 |
+ struct packet_type tipc_packet_type; |
5962 |
++ struct work_struct setup; |
5963 |
+ }; |
5964 |
+ |
5965 |
+ static struct eth_bearer eth_bearers[MAX_ETH_BEARERS]; |
5966 |
+@@ -121,6 +122,17 @@ static int recv_msg(struct sk_buff *buf, struct net_device *dev, |
5967 |
+ } |
5968 |
+ |
5969 |
+ /** |
5970 |
++ * setup_bearer - setup association between Ethernet bearer and interface |
5971 |
++ */ |
5972 |
++static void setup_bearer(struct work_struct *work) |
5973 |
++{ |
5974 |
++ struct eth_bearer *eb_ptr = |
5975 |
++ container_of(work, struct eth_bearer, setup); |
5976 |
++ |
5977 |
++ dev_add_pack(&eb_ptr->tipc_packet_type); |
5978 |
++} |
5979 |
++ |
5980 |
++/** |
5981 |
+ * enable_bearer - attach TIPC bearer to an Ethernet interface |
5982 |
+ */ |
5983 |
+ |
5984 |
+@@ -164,7 +176,8 @@ static int enable_bearer(struct tipc_bearer *tb_ptr) |
5985 |
+ eb_ptr->tipc_packet_type.func = recv_msg; |
5986 |
+ eb_ptr->tipc_packet_type.af_packet_priv = eb_ptr; |
5987 |
+ INIT_LIST_HEAD(&(eb_ptr->tipc_packet_type.list)); |
5988 |
+- dev_add_pack(&eb_ptr->tipc_packet_type); |
5989 |
++ INIT_WORK(&eb_ptr->setup, setup_bearer); |
5990 |
++ schedule_work(&eb_ptr->setup); |
5991 |
+ |
5992 |
+ /* Associate TIPC bearer with Ethernet bearer */ |
5993 |
+ |
5994 |
+diff --git a/scripts/kernel-doc b/scripts/kernel-doc |
5995 |
+index d793001..ba3d9df 100755 |
5996 |
+--- a/scripts/kernel-doc |
5997 |
++++ b/scripts/kernel-doc |
5998 |
+@@ -2044,6 +2044,9 @@ sub process_file($) { |
5999 |
+ |
6000 |
+ $section_counter = 0; |
6001 |
+ while (<IN>) { |
6002 |
++ while (s/\\\s*$//) { |
6003 |
++ $_ .= <IN>; |
6004 |
++ } |
6005 |
+ if ($state == 0) { |
6006 |
+ if (/$doc_start/o) { |
6007 |
+ $state = 1; # next line is always the function name |
6008 |
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c |
6009 |
+index a166a85..7ebe4b7 100644 |
6010 |
+--- a/sound/pci/hda/hda_intel.c |
6011 |
++++ b/sound/pci/hda/hda_intel.c |
6012 |
+@@ -2621,6 +2621,7 @@ static struct snd_pci_quirk msi_black_list[] __devinitdata = { |
6013 |
+ SND_PCI_QUIRK(0x1043, 0x81f2, "ASUS", 0), /* Athlon64 X2 + nvidia */ |
6014 |
+ SND_PCI_QUIRK(0x1043, 0x81f6, "ASUS", 0), /* nvidia */ |
6015 |
+ SND_PCI_QUIRK(0x1043, 0x822d, "ASUS", 0), /* Athlon64 X2 + nvidia MCP55 */ |
6016 |
++ SND_PCI_QUIRK(0x1179, 0xfb44, "Toshiba Satellite C870", 0), /* AMD Hudson */ |
6017 |
+ SND_PCI_QUIRK(0x1849, 0x0888, "ASRock", 0), /* Athlon64 X2 + nvidia */ |
6018 |
+ SND_PCI_QUIRK(0xa0a0, 0x0575, "Aopen MZ915-M", 0), /* ICH6 */ |
6019 |
+ {} |
6020 |
+diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c |
6021 |
+index 55d9b30..05f097a 100644 |
6022 |
+--- a/sound/pci/hda/patch_hdmi.c |
6023 |
++++ b/sound/pci/hda/patch_hdmi.c |
6024 |
+@@ -512,6 +512,17 @@ static int hdmi_channel_allocation(struct hdmi_eld *eld, int channels) |
6025 |
+ } |
6026 |
+ } |
6027 |
+ |
6028 |
++ if (!ca) { |
6029 |
++ /* if there was no match, select the regular ALSA channel |
6030 |
++ * allocation with the matching number of channels */ |
6031 |
++ for (i = 0; i < ARRAY_SIZE(channel_allocations); i++) { |
6032 |
++ if (channels == channel_allocations[i].channels) { |
6033 |
++ ca = channel_allocations[i].ca_index; |
6034 |
++ break; |
6035 |
++ } |
6036 |
++ } |
6037 |
++ } |
6038 |
++ |
6039 |
+ snd_print_channel_allocation(eld->spk_alloc, buf, sizeof(buf)); |
6040 |
+ snd_printdd("HDMI: select CA 0x%x for %d-channel allocation: %s\n", |
6041 |
+ ca, channels, buf); |
6042 |
+diff --git a/sound/soc/codecs/88pm860x-codec.c b/sound/soc/codecs/88pm860x-codec.c |
6043 |
+index 5ca122e..290f4d3 100644 |
6044 |
+--- a/sound/soc/codecs/88pm860x-codec.c |
6045 |
++++ b/sound/soc/codecs/88pm860x-codec.c |
6046 |
+@@ -351,6 +351,9 @@ static int snd_soc_put_volsw_2r_st(struct snd_kcontrol *kcontrol, |
6047 |
+ val = ucontrol->value.integer.value[0]; |
6048 |
+ val2 = ucontrol->value.integer.value[1]; |
6049 |
+ |
6050 |
++ if (val >= ARRAY_SIZE(st_table) || val2 >= ARRAY_SIZE(st_table)) |
6051 |
++ return -EINVAL; |
6052 |
++ |
6053 |
+ err = snd_soc_update_bits(codec, reg, 0x3f, st_table[val].m); |
6054 |
+ if (err < 0) |
6055 |
+ return err; |
6056 |
+diff --git a/sound/soc/codecs/max98095.c b/sound/soc/codecs/max98095.c |
6057 |
+index 26d7b08..a52c15b 100644 |
6058 |
+--- a/sound/soc/codecs/max98095.c |
6059 |
++++ b/sound/soc/codecs/max98095.c |
6060 |
+@@ -1861,7 +1861,7 @@ static int max98095_put_eq_enum(struct snd_kcontrol *kcontrol, |
6061 |
+ struct max98095_pdata *pdata = max98095->pdata; |
6062 |
+ int channel = max98095_get_eq_channel(kcontrol->id.name); |
6063 |
+ struct max98095_cdata *cdata; |
6064 |
+- int sel = ucontrol->value.integer.value[0]; |
6065 |
++ unsigned int sel = ucontrol->value.integer.value[0]; |
6066 |
+ struct max98095_eq_cfg *coef_set; |
6067 |
+ int fs, best, best_val, i; |
6068 |
+ int regmask, regsave; |
6069 |
+@@ -2014,7 +2014,7 @@ static int max98095_put_bq_enum(struct snd_kcontrol *kcontrol, |
6070 |
+ struct max98095_pdata *pdata = max98095->pdata; |
6071 |
+ int channel = max98095_get_bq_channel(codec, kcontrol->id.name); |
6072 |
+ struct max98095_cdata *cdata; |
6073 |
+- int sel = ucontrol->value.integer.value[0]; |
6074 |
++ unsigned int sel = ucontrol->value.integer.value[0]; |
6075 |
+ struct max98095_biquad_cfg *coef_set; |
6076 |
+ int fs, best, best_val, i; |
6077 |
+ int regmask, regsave; |
6078 |
+diff --git a/sound/soc/codecs/wm8960.c b/sound/soc/codecs/wm8960.c |
6079 |
+index 2df253c..ef96ca6 100644 |
6080 |
+--- a/sound/soc/codecs/wm8960.c |
6081 |
++++ b/sound/soc/codecs/wm8960.c |
6082 |
+@@ -805,9 +805,9 @@ static int wm8960_set_dai_pll(struct snd_soc_dai *codec_dai, int pll_id, |
6083 |
+ if (pll_div.k) { |
6084 |
+ reg |= 0x20; |
6085 |
+ |
6086 |
+- snd_soc_write(codec, WM8960_PLL2, (pll_div.k >> 18) & 0x3f); |
6087 |
+- snd_soc_write(codec, WM8960_PLL3, (pll_div.k >> 9) & 0x1ff); |
6088 |
+- snd_soc_write(codec, WM8960_PLL4, pll_div.k & 0x1ff); |
6089 |
++ snd_soc_write(codec, WM8960_PLL2, (pll_div.k >> 16) & 0xff); |
6090 |
++ snd_soc_write(codec, WM8960_PLL3, (pll_div.k >> 8) & 0xff); |
6091 |
++ snd_soc_write(codec, WM8960_PLL4, pll_div.k & 0xff); |
6092 |
+ } |
6093 |
+ snd_soc_write(codec, WM8960_PLL1, reg); |
6094 |
+ |
6095 |
+diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c |
6096 |
+index 42dffa0..f7a7b9d 100644 |
6097 |
+--- a/tools/perf/util/map.c |
6098 |
++++ b/tools/perf/util/map.c |
6099 |
+@@ -16,6 +16,7 @@ const char *map_type__name[MAP__NR_TYPES] = { |
6100 |
+ static inline int is_anon_memory(const char *filename) |
6101 |
+ { |
6102 |
+ return !strcmp(filename, "//anon") || |
6103 |
++ !strcmp(filename, "/dev/zero (deleted)") || |
6104 |
+ !strcmp(filename, "/anon_hugepage (deleted)"); |
6105 |
+ } |
6106 |
+ |
6107 |
|
6108 |
diff --git a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201310260849.patch b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch |
6109 |
similarity index 99% |
6110 |
rename from 3.2.51/4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
6111 |
rename to 3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch |
6112 |
index 0ea9ee0..82cc38f 100644 |
6113 |
--- a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201310260849.patch |
6114 |
+++ b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch |
6115 |
@@ -270,7 +270,7 @@ index 88fd7f5..b318a78 100644 |
6116 |
============================================================== |
6117 |
|
6118 |
diff --git a/Makefile b/Makefile |
6119 |
-index 0f11936..8f1b567 100644 |
6120 |
+index 1dd2c09..6f850c4 100644 |
6121 |
--- a/Makefile |
6122 |
+++ b/Makefile |
6123 |
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
6124 |
@@ -4997,10 +4997,10 @@ index f2496f2..4e3cc47 100644 |
6125 |
} |
6126 |
#endif |
6127 |
diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c |
6128 |
-index 55be64d..94d8783 100644 |
6129 |
+index ca683a1..ab912dd 100644 |
6130 |
--- a/arch/powerpc/kernel/sysfs.c |
6131 |
+++ b/arch/powerpc/kernel/sysfs.c |
6132 |
-@@ -517,7 +517,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, |
6133 |
+@@ -531,7 +531,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, |
6134 |
return NOTIFY_OK; |
6135 |
} |
6136 |
|
6137 |
@@ -6979,7 +6979,7 @@ index 5e4252b..379f84f 100644 |
6138 |
mm->unmap_area = arch_unmap_area_topdown; |
6139 |
} |
6140 |
diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S |
6141 |
-index 7f5f65d..3308382 100644 |
6142 |
+index 817187d..1d4541e 100644 |
6143 |
--- a/arch/sparc/kernel/syscalls.S |
6144 |
+++ b/arch/sparc/kernel/syscalls.S |
6145 |
@@ -62,7 +62,7 @@ sys32_rt_sigreturn: |
6146 |
@@ -6993,13 +6993,13 @@ index 7f5f65d..3308382 100644 |
6147 |
call syscall_trace_leave |
6148 |
@@ -179,7 +179,7 @@ linux_sparc_syscall32: |
6149 |
|
6150 |
- srl %i5, 0, %o5 ! IEU1 |
6151 |
+ srl %i3, 0, %o3 ! IEU0 |
6152 |
srl %i2, 0, %o2 ! IEU0 Group |
6153 |
- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 |
6154 |
+ andcc %l0, _TIF_WORK_SYSCALL, %g0 |
6155 |
bne,pn %icc, linux_syscall_trace32 ! CTI |
6156 |
mov %i0, %l5 ! IEU1 |
6157 |
- call %l7 ! CTI Group brk forced |
6158 |
+ 5: call %l7 ! CTI Group brk forced |
6159 |
@@ -202,7 +202,7 @@ linux_sparc_syscall: |
6160 |
|
6161 |
mov %i3, %o3 ! IEU1 |
6162 |
@@ -7628,10 +7628,10 @@ index 59186e0..f747d7a 100644 |
6163 |
cmp %g1, %g7 |
6164 |
bne,pn %xcc, BACKOFF_LABEL(2f, 1b) |
6165 |
diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c |
6166 |
-index 1b30bb3..b4a16c7 100644 |
6167 |
+index fbb8005..984a269 100644 |
6168 |
--- a/arch/sparc/lib/ksyms.c |
6169 |
+++ b/arch/sparc/lib/ksyms.c |
6170 |
-@@ -142,12 +142,18 @@ EXPORT_SYMBOL(__downgrade_write); |
6171 |
+@@ -133,12 +133,18 @@ EXPORT_SYMBOL(__clear_user); |
6172 |
|
6173 |
/* Atomic counter implementation. */ |
6174 |
EXPORT_SYMBOL(atomic_add); |
6175 |
@@ -20837,7 +20837,7 @@ index 42eb330..139955c 100644 |
6176 |
|
6177 |
return ret; |
6178 |
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c |
6179 |
-index 47f4e5f..849a8a6 100644 |
6180 |
+index a4e1b4b..0460044 100644 |
6181 |
--- a/arch/x86/kernel/reboot.c |
6182 |
+++ b/arch/x86/kernel/reboot.c |
6183 |
@@ -35,7 +35,7 @@ void (*pm_power_off)(void); |
6184 |
@@ -20922,7 +20922,7 @@ index 47f4e5f..849a8a6 100644 |
6185 |
} |
6186 |
#ifdef CONFIG_APM_MODULE |
6187 |
EXPORT_SYMBOL(machine_real_restart); |
6188 |
-@@ -548,7 +580,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) |
6189 |
+@@ -564,7 +596,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) |
6190 |
* try to force a triple fault and then cycle between hitting the keyboard |
6191 |
* controller and doing that |
6192 |
*/ |
6193 |
@@ -20931,7 +20931,7 @@ index 47f4e5f..849a8a6 100644 |
6194 |
{ |
6195 |
int i; |
6196 |
int attempt = 0; |
6197 |
-@@ -672,13 +704,13 @@ void native_machine_shutdown(void) |
6198 |
+@@ -688,13 +720,13 @@ void native_machine_shutdown(void) |
6199 |
#endif |
6200 |
} |
6201 |
|
6202 |
@@ -20947,7 +20947,7 @@ index 47f4e5f..849a8a6 100644 |
6203 |
{ |
6204 |
printk("machine restart\n"); |
6205 |
|
6206 |
-@@ -687,7 +719,7 @@ static void native_machine_restart(char *__unused) |
6207 |
+@@ -703,7 +735,7 @@ static void native_machine_restart(char *__unused) |
6208 |
__machine_emergency_restart(0); |
6209 |
} |
6210 |
|
6211 |
@@ -20956,7 +20956,7 @@ index 47f4e5f..849a8a6 100644 |
6212 |
{ |
6213 |
/* stop other cpus and apics */ |
6214 |
machine_shutdown(); |
6215 |
-@@ -698,7 +730,7 @@ static void native_machine_halt(void) |
6216 |
+@@ -714,7 +746,7 @@ static void native_machine_halt(void) |
6217 |
stop_this_cpu(NULL); |
6218 |
} |
6219 |
|
6220 |
@@ -20965,7 +20965,7 @@ index 47f4e5f..849a8a6 100644 |
6221 |
{ |
6222 |
if (pm_power_off) { |
6223 |
if (!reboot_force) |
6224 |
-@@ -707,9 +739,10 @@ static void native_machine_power_off(void) |
6225 |
+@@ -723,9 +755,10 @@ static void native_machine_power_off(void) |
6226 |
} |
6227 |
/* a fallback in case there is no PM info available */ |
6228 |
tboot_shutdown(TB_SHUTDOWN_HALT); |
6229 |
@@ -30374,10 +30374,10 @@ index 9e76a32..48d7145 100644 |
6230 |
goto error; |
6231 |
|
6232 |
diff --git a/crypto/api.c b/crypto/api.c |
6233 |
-index 033a714..4f98dd5 100644 |
6234 |
+index cea3cf6..86a0f6f 100644 |
6235 |
--- a/crypto/api.c |
6236 |
+++ b/crypto/api.c |
6237 |
-@@ -40,6 +40,8 @@ static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg) |
6238 |
+@@ -42,6 +42,8 @@ static inline struct crypto_alg *crypto_alg_get(struct crypto_alg *alg) |
6239 |
return alg; |
6240 |
} |
6241 |
|
6242 |
@@ -30386,19 +30386,6 @@ index 033a714..4f98dd5 100644 |
6243 |
struct crypto_alg *crypto_mod_get(struct crypto_alg *alg) |
6244 |
{ |
6245 |
return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL; |
6246 |
-@@ -150,8 +152,11 @@ static struct crypto_alg *crypto_larval_add(const char *name, u32 type, |
6247 |
- } |
6248 |
- up_write(&crypto_alg_sem); |
6249 |
- |
6250 |
-- if (alg != &larval->alg) |
6251 |
-+ if (alg != &larval->alg) { |
6252 |
- kfree(larval); |
6253 |
-+ if (crypto_is_larval(alg)) |
6254 |
-+ alg = crypto_larval_wait(alg); |
6255 |
-+ } |
6256 |
- |
6257 |
- return alg; |
6258 |
- } |
6259 |
diff --git a/crypto/cryptd.c b/crypto/cryptd.c |
6260 |
index 7bdd61b..afec999 100644 |
6261 |
--- a/crypto/cryptd.c |
6262 |
@@ -31884,18 +31871,10 @@ index e8d11b6..7b1b36f 100644 |
6263 |
} |
6264 |
EXPORT_SYMBOL_GPL(unregister_syscore_ops); |
6265 |
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c |
6266 |
-index d3446f6..61ddf2c 100644 |
6267 |
+index d7ad865..61ddf2c 100644 |
6268 |
--- a/drivers/block/cciss.c |
6269 |
+++ b/drivers/block/cciss.c |
6270 |
-@@ -1186,6 +1186,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, |
6271 |
- int err; |
6272 |
- u32 cp; |
6273 |
- |
6274 |
-+ memset(&arg64, 0, sizeof(arg64)); |
6275 |
- err = 0; |
6276 |
- err |= |
6277 |
- copy_from_user(&arg64.LUN_info, &arg32->LUN_info, |
6278 |
-@@ -3007,7 +3008,7 @@ static void start_io(ctlr_info_t *h) |
6279 |
+@@ -3008,7 +3008,7 @@ static void start_io(ctlr_info_t *h) |
6280 |
while (!list_empty(&h->reqQ)) { |
6281 |
c = list_entry(h->reqQ.next, CommandList_struct, list); |
6282 |
/* can't do anything if fifo is full */ |
6283 |
@@ -31904,7 +31883,7 @@ index d3446f6..61ddf2c 100644 |
6284 |
dev_warn(&h->pdev->dev, "fifo full\n"); |
6285 |
break; |
6286 |
} |
6287 |
-@@ -3017,7 +3018,7 @@ static void start_io(ctlr_info_t *h) |
6288 |
+@@ -3018,7 +3018,7 @@ static void start_io(ctlr_info_t *h) |
6289 |
h->Qdepth--; |
6290 |
|
6291 |
/* Tell the controller execute command */ |
6292 |
@@ -31913,7 +31892,7 @@ index d3446f6..61ddf2c 100644 |
6293 |
|
6294 |
/* Put job onto the completed Q */ |
6295 |
addQ(&h->cmpQ, c); |
6296 |
-@@ -3443,17 +3444,17 @@ startio: |
6297 |
+@@ -3444,17 +3444,17 @@ startio: |
6298 |
|
6299 |
static inline unsigned long get_next_completion(ctlr_info_t *h) |
6300 |
{ |
6301 |
@@ -31934,7 +31913,7 @@ index d3446f6..61ddf2c 100644 |
6302 |
(h->interrupts_enabled == 0)); |
6303 |
} |
6304 |
|
6305 |
-@@ -3486,7 +3487,7 @@ static inline u32 next_command(ctlr_info_t *h) |
6306 |
+@@ -3487,7 +3487,7 @@ static inline u32 next_command(ctlr_info_t *h) |
6307 |
u32 a; |
6308 |
|
6309 |
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) |
6310 |
@@ -31943,7 +31922,7 @@ index d3446f6..61ddf2c 100644 |
6311 |
|
6312 |
if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { |
6313 |
a = *(h->reply_pool_head); /* Next cmd in ring buffer */ |
6314 |
-@@ -4044,7 +4045,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) |
6315 |
+@@ -4045,7 +4045,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) |
6316 |
trans_support & CFGTBL_Trans_use_short_tags); |
6317 |
|
6318 |
/* Change the access methods to the performant access methods */ |
6319 |
@@ -31952,7 +31931,7 @@ index d3446f6..61ddf2c 100644 |
6320 |
h->transMethod = CFGTBL_Trans_Performant; |
6321 |
|
6322 |
return; |
6323 |
-@@ -4316,7 +4317,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) |
6324 |
+@@ -4317,7 +4317,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) |
6325 |
if (prod_index < 0) |
6326 |
return -ENODEV; |
6327 |
h->product_name = products[prod_index].product_name; |
6328 |
@@ -31961,7 +31940,7 @@ index d3446f6..61ddf2c 100644 |
6329 |
|
6330 |
if (cciss_board_disabled(h)) { |
6331 |
dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); |
6332 |
-@@ -5041,7 +5042,7 @@ reinit_after_soft_reset: |
6333 |
+@@ -5042,7 +5042,7 @@ reinit_after_soft_reset: |
6334 |
} |
6335 |
|
6336 |
/* make sure the board interrupts are off */ |
6337 |
@@ -31970,7 +31949,7 @@ index d3446f6..61ddf2c 100644 |
6338 |
rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); |
6339 |
if (rc) |
6340 |
goto clean2; |
6341 |
-@@ -5093,7 +5094,7 @@ reinit_after_soft_reset: |
6342 |
+@@ -5094,7 +5094,7 @@ reinit_after_soft_reset: |
6343 |
* fake ones to scoop up any residual completions. |
6344 |
*/ |
6345 |
spin_lock_irqsave(&h->lock, flags); |
6346 |
@@ -31979,7 +31958,7 @@ index d3446f6..61ddf2c 100644 |
6347 |
spin_unlock_irqrestore(&h->lock, flags); |
6348 |
free_irq(h->intr[h->intr_mode], h); |
6349 |
rc = cciss_request_irq(h, cciss_msix_discard_completions, |
6350 |
-@@ -5113,9 +5114,9 @@ reinit_after_soft_reset: |
6351 |
+@@ -5114,9 +5114,9 @@ reinit_after_soft_reset: |
6352 |
dev_info(&h->pdev->dev, "Board READY.\n"); |
6353 |
dev_info(&h->pdev->dev, |
6354 |
"Waiting for stale completions to drain.\n"); |
6355 |
@@ -31991,7 +31970,7 @@ index d3446f6..61ddf2c 100644 |
6356 |
|
6357 |
rc = controller_reset_failed(h->cfgtable); |
6358 |
if (rc) |
6359 |
-@@ -5138,7 +5139,7 @@ reinit_after_soft_reset: |
6360 |
+@@ -5139,7 +5139,7 @@ reinit_after_soft_reset: |
6361 |
cciss_scsi_setup(h); |
6362 |
|
6363 |
/* Turn the interrupts on so we can service requests */ |
6364 |
@@ -32000,7 +31979,7 @@ index d3446f6..61ddf2c 100644 |
6365 |
|
6366 |
/* Get the firmware version */ |
6367 |
inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); |
6368 |
-@@ -5211,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev) |
6369 |
+@@ -5212,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev) |
6370 |
kfree(flush_buf); |
6371 |
if (return_code != IO_OK) |
6372 |
dev_warn(&h->pdev->dev, "Error flushing cache\n"); |
6373 |
@@ -32023,7 +32002,7 @@ index 7fda30e..eb5dfe0 100644 |
6374 |
/* queue and queue Info */ |
6375 |
struct list_head reqQ; |
6376 |
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c |
6377 |
-index 9125bbe..eede5c8 100644 |
6378 |
+index 504bc16..e13b631 100644 |
6379 |
--- a/drivers/block/cpqarray.c |
6380 |
+++ b/drivers/block/cpqarray.c |
6381 |
@@ -404,7 +404,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) |
6382 |
@@ -32098,7 +32077,7 @@ index 9125bbe..eede5c8 100644 |
6383 |
a1 = a; a &= ~3; |
6384 |
if ((c = h->cmpQ) == NULL) |
6385 |
{ |
6386 |
-@@ -1449,11 +1449,11 @@ static int sendcmd( |
6387 |
+@@ -1450,11 +1450,11 @@ static int sendcmd( |
6388 |
/* |
6389 |
* Disable interrupt |
6390 |
*/ |
6391 |
@@ -32112,7 +32091,7 @@ index 9125bbe..eede5c8 100644 |
6392 |
if (temp != 0) { |
6393 |
break; |
6394 |
} |
6395 |
-@@ -1466,7 +1466,7 @@ DBG( |
6396 |
+@@ -1467,7 +1467,7 @@ DBG( |
6397 |
/* |
6398 |
* Send the cmd |
6399 |
*/ |
6400 |
@@ -32121,7 +32100,7 @@ index 9125bbe..eede5c8 100644 |
6401 |
complete = pollcomplete(ctlr); |
6402 |
|
6403 |
pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr, |
6404 |
-@@ -1549,9 +1549,9 @@ static int revalidate_allvol(ctlr_info_t *host) |
6405 |
+@@ -1550,9 +1550,9 @@ static int revalidate_allvol(ctlr_info_t *host) |
6406 |
* we check the new geometry. Then turn interrupts back on when |
6407 |
* we're done. |
6408 |
*/ |
6409 |
@@ -32133,7 +32112,7 @@ index 9125bbe..eede5c8 100644 |
6410 |
|
6411 |
for(i=0; i<NWD; i++) { |
6412 |
struct gendisk *disk = ida_gendisk[ctlr][i]; |
6413 |
-@@ -1591,7 +1591,7 @@ static int pollcomplete(int ctlr) |
6414 |
+@@ -1592,7 +1592,7 @@ static int pollcomplete(int ctlr) |
6415 |
/* Wait (up to 2 seconds) for a command to complete */ |
6416 |
|
6417 |
for (i = 200000; i > 0; i--) { |
6418 |
@@ -35263,10 +35242,10 @@ index a9e33ce..09edd4b 100644 |
6419 |
|
6420 |
#endif |
6421 |
diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c |
6422 |
-index f5962a0..a542c90 100644 |
6423 |
+index a68057a..f3e26dd 100644 |
6424 |
--- a/drivers/gpu/drm/radeon/evergreen.c |
6425 |
+++ b/drivers/gpu/drm/radeon/evergreen.c |
6426 |
-@@ -3077,7 +3077,9 @@ static int evergreen_startup(struct radeon_device *rdev) |
6427 |
+@@ -3094,7 +3094,9 @@ static int evergreen_startup(struct radeon_device *rdev) |
6428 |
r = evergreen_blit_init(rdev); |
6429 |
if (r) { |
6430 |
r600_blit_fini(rdev); |
6431 |
@@ -35444,7 +35423,7 @@ index a2e1eae..8e4a0ec 100644 |
6432 |
|
6433 |
return 0; |
6434 |
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c |
6435 |
-index cd94abb..5a6052d 100644 |
6436 |
+index 8cde84b..0d3f11f 100644 |
6437 |
--- a/drivers/gpu/drm/radeon/radeon_device.c |
6438 |
+++ b/drivers/gpu/drm/radeon/radeon_device.c |
6439 |
@@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) |
6440 |
@@ -35961,112 +35940,10 @@ index 8a8725c2..afed796 100644 |
6441 |
marker = list_first_entry(&queue->head, |
6442 |
struct vmw_marker, head); |
6443 |
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
6444 |
-index 611aafc..3f9bbc0 100644 |
6445 |
+index 9ac4389..5c05af3 100644 |
6446 |
--- a/drivers/hid/hid-core.c |
6447 |
+++ b/drivers/hid/hid-core.c |
6448 |
-@@ -59,6 +59,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, |
6449 |
- struct hid_report_enum *report_enum = device->report_enum + type; |
6450 |
- struct hid_report *report; |
6451 |
- |
6452 |
-+ if (id >= HID_MAX_IDS) |
6453 |
-+ return NULL; |
6454 |
- if (report_enum->report_id_hash[id]) |
6455 |
- return report_enum->report_id_hash[id]; |
6456 |
- |
6457 |
-@@ -380,8 +382,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) |
6458 |
- |
6459 |
- case HID_GLOBAL_ITEM_TAG_REPORT_ID: |
6460 |
- parser->global.report_id = item_udata(item); |
6461 |
-- if (parser->global.report_id == 0) { |
6462 |
-- dbg_hid("report_id 0 is invalid\n"); |
6463 |
-+ if (parser->global.report_id == 0 || |
6464 |
-+ parser->global.report_id >= HID_MAX_IDS) { |
6465 |
-+ dbg_hid("report_id %u is invalid\n", |
6466 |
-+ parser->global.report_id); |
6467 |
- return -1; |
6468 |
- } |
6469 |
- return 0; |
6470 |
-@@ -552,7 +556,7 @@ static void hid_device_release(struct device *dev) |
6471 |
- for (i = 0; i < HID_REPORT_TYPES; i++) { |
6472 |
- struct hid_report_enum *report_enum = device->report_enum + i; |
6473 |
- |
6474 |
-- for (j = 0; j < 256; j++) { |
6475 |
-+ for (j = 0; j < HID_MAX_IDS; j++) { |
6476 |
- struct hid_report *report = report_enum->report_id_hash[j]; |
6477 |
- if (report) |
6478 |
- hid_free_report(report); |
6479 |
-@@ -710,6 +714,56 @@ err: |
6480 |
- } |
6481 |
- EXPORT_SYMBOL_GPL(hid_parse_report); |
6482 |
- |
6483 |
-+static const char * const hid_report_names[] = { |
6484 |
-+ "HID_INPUT_REPORT", |
6485 |
-+ "HID_OUTPUT_REPORT", |
6486 |
-+ "HID_FEATURE_REPORT", |
6487 |
-+}; |
6488 |
-+/** |
6489 |
-+ * hid_validate_report - validate existing device report |
6490 |
-+ * |
6491 |
-+ * @device: hid device |
6492 |
-+ * @type: which report type to examine |
6493 |
-+ * @id: which report ID to examine (0 for first) |
6494 |
-+ * @fields: expected number of fields |
6495 |
-+ * @report_counts: expected number of values per field |
6496 |
-+ * |
6497 |
-+ * Validate the report details after parsing. |
6498 |
-+ */ |
6499 |
-+struct hid_report *hid_validate_report(struct hid_device *hid, |
6500 |
-+ unsigned int type, unsigned int id, |
6501 |
-+ unsigned int fields, |
6502 |
-+ unsigned int report_counts) |
6503 |
-+{ |
6504 |
-+ struct hid_report *report; |
6505 |
-+ unsigned int i; |
6506 |
-+ |
6507 |
-+ if (type > HID_FEATURE_REPORT) { |
6508 |
-+ hid_err(hid, "invalid HID report %u\n", type); |
6509 |
-+ return NULL; |
6510 |
-+ } |
6511 |
-+ |
6512 |
-+ report = hid->report_enum[type].report_id_hash[id]; |
6513 |
-+ if (!report) { |
6514 |
-+ hid_err(hid, "missing %s %u\n", hid_report_names[type], id); |
6515 |
-+ return NULL; |
6516 |
-+ } |
6517 |
-+ if (report->maxfield < fields) { |
6518 |
-+ hid_err(hid, "not enough fields in %s %u\n", |
6519 |
-+ hid_report_names[type], id); |
6520 |
-+ return NULL; |
6521 |
-+ } |
6522 |
-+ for (i = 0; i < fields; i++) { |
6523 |
-+ if (report->field[i]->report_count < report_counts) { |
6524 |
-+ hid_err(hid, "not enough values in %s %u fields\n", |
6525 |
-+ hid_report_names[type], id); |
6526 |
-+ return NULL; |
6527 |
-+ } |
6528 |
-+ } |
6529 |
-+ return report; |
6530 |
-+} |
6531 |
-+EXPORT_SYMBOL_GPL(hid_validate_report); |
6532 |
-+ |
6533 |
- /* |
6534 |
- * Convert a signed n-bit integer to signed 32-bit integer. Common |
6535 |
- * cases are done through the compiler, the screwed things has to be |
6536 |
-@@ -990,7 +1044,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); |
6537 |
- |
6538 |
- int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) |
6539 |
- { |
6540 |
-- unsigned size = field->report_size; |
6541 |
-+ unsigned size; |
6542 |
-+ |
6543 |
-+ if (!field) |
6544 |
-+ return -1; |
6545 |
-+ |
6546 |
-+ size = field->report_size; |
6547 |
- |
6548 |
- hid_dump_input(field->report->device, field->usage + offset, value); |
6549 |
- |
6550 |
-@@ -2034,7 +2093,7 @@ static bool hid_ignore(struct hid_device *hdev) |
6551 |
+@@ -2102,7 +2102,7 @@ static bool hid_ignore(struct hid_device *hdev) |
6552 |
|
6553 |
int hid_add_device(struct hid_device *hdev) |
6554 |
{ |
6555 |
@@ -36075,7 +35952,7 @@ index 611aafc..3f9bbc0 100644 |
6556 |
int ret; |
6557 |
|
6558 |
if (WARN_ON(hdev->status & HID_STAT_ADDED)) |
6559 |
-@@ -2049,7 +2108,7 @@ int hid_add_device(struct hid_device *hdev) |
6560 |
+@@ -2117,7 +2117,7 @@ int hid_add_device(struct hid_device *hdev) |
6561 |
/* XXX hack, any other cleaner solution after the driver core |
6562 |
* is converted to allow more than 20 bytes as the device name? */ |
6563 |
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, |
6564 |
@@ -36084,167 +35961,6 @@ index 611aafc..3f9bbc0 100644 |
6565 |
|
6566 |
hid_debug_register(hdev, dev_name(&hdev->dev)); |
6567 |
ret = device_add(&hdev->dev); |
6568 |
-diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c |
6569 |
-index 3c31bc6..f7b432a 100644 |
6570 |
---- a/drivers/hid/hid-lg2ff.c |
6571 |
-+++ b/drivers/hid/hid-lg2ff.c |
6572 |
-@@ -66,26 +66,13 @@ int lg2ff_init(struct hid_device *hid) |
6573 |
- struct hid_report *report; |
6574 |
- struct hid_input *hidinput = list_entry(hid->inputs.next, |
6575 |
- struct hid_input, list); |
6576 |
-- struct list_head *report_list = |
6577 |
-- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
6578 |
- struct input_dev *dev = hidinput->input; |
6579 |
- int error; |
6580 |
- |
6581 |
-- if (list_empty(report_list)) { |
6582 |
-- hid_err(hid, "no output report found\n"); |
6583 |
-+ /* Check that the report looks ok */ |
6584 |
-+ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7); |
6585 |
-+ if (!report) |
6586 |
- return -ENODEV; |
6587 |
-- } |
6588 |
-- |
6589 |
-- report = list_entry(report_list->next, struct hid_report, list); |
6590 |
-- |
6591 |
-- if (report->maxfield < 1) { |
6592 |
-- hid_err(hid, "output report is empty\n"); |
6593 |
-- return -ENODEV; |
6594 |
-- } |
6595 |
-- if (report->field[0]->report_count < 7) { |
6596 |
-- hid_err(hid, "not enough values in the field\n"); |
6597 |
-- return -ENODEV; |
6598 |
-- } |
6599 |
- |
6600 |
- lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL); |
6601 |
- if (!lg2ff) |
6602 |
-diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c |
6603 |
-index f98644c..8590851 100644 |
6604 |
---- a/drivers/hid/hid-lg3ff.c |
6605 |
-+++ b/drivers/hid/hid-lg3ff.c |
6606 |
-@@ -68,10 +68,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data, |
6607 |
- int x, y; |
6608 |
- |
6609 |
- /* |
6610 |
-- * Maxusage should always be 63 (maximum fields) |
6611 |
-- * likely a better way to ensure this data is clean |
6612 |
-+ * Available values in the field should always be 63, but we only use up to |
6613 |
-+ * 35. Instead, clear the entire area, however big it is. |
6614 |
- */ |
6615 |
-- memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage); |
6616 |
-+ memset(report->field[0]->value, 0, |
6617 |
-+ sizeof(__s32) * report->field[0]->report_count); |
6618 |
- |
6619 |
- switch (effect->type) { |
6620 |
- case FF_CONSTANT: |
6621 |
-@@ -131,32 +132,14 @@ static const signed short ff3_joystick_ac[] = { |
6622 |
- int lg3ff_init(struct hid_device *hid) |
6623 |
- { |
6624 |
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
6625 |
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
6626 |
- struct input_dev *dev = hidinput->input; |
6627 |
-- struct hid_report *report; |
6628 |
-- struct hid_field *field; |
6629 |
- const signed short *ff_bits = ff3_joystick_ac; |
6630 |
- int error; |
6631 |
- int i; |
6632 |
- |
6633 |
-- /* Find the report to use */ |
6634 |
-- if (list_empty(report_list)) { |
6635 |
-- hid_err(hid, "No output report found\n"); |
6636 |
-- return -1; |
6637 |
-- } |
6638 |
-- |
6639 |
- /* Check that the report looks ok */ |
6640 |
-- report = list_entry(report_list->next, struct hid_report, list); |
6641 |
-- if (!report) { |
6642 |
-- hid_err(hid, "NULL output report\n"); |
6643 |
-- return -1; |
6644 |
-- } |
6645 |
-- |
6646 |
-- field = report->field[0]; |
6647 |
-- if (!field) { |
6648 |
-- hid_err(hid, "NULL field\n"); |
6649 |
-- return -1; |
6650 |
-- } |
6651 |
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 35)) |
6652 |
-+ return -ENODEV; |
6653 |
- |
6654 |
- /* Assume single fixed device G940 */ |
6655 |
- for (i = 0; ff_bits[i] >= 0; i++) |
6656 |
-diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c |
6657 |
-index 103f30d..b9a39e5 100644 |
6658 |
---- a/drivers/hid/hid-lg4ff.c |
6659 |
-+++ b/drivers/hid/hid-lg4ff.c |
6660 |
-@@ -339,33 +339,15 @@ static ssize_t lg4ff_range_store(struct device *dev, struct device_attribute *at |
6661 |
- int lg4ff_init(struct hid_device *hid) |
6662 |
- { |
6663 |
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
6664 |
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
6665 |
- struct input_dev *dev = hidinput->input; |
6666 |
-- struct hid_report *report; |
6667 |
-- struct hid_field *field; |
6668 |
- struct lg4ff_device_entry *entry; |
6669 |
- struct usb_device_descriptor *udesc; |
6670 |
- int error, i, j; |
6671 |
- __u16 bcdDevice, rev_maj, rev_min; |
6672 |
- |
6673 |
-- /* Find the report to use */ |
6674 |
-- if (list_empty(report_list)) { |
6675 |
-- hid_err(hid, "No output report found\n"); |
6676 |
-- return -1; |
6677 |
-- } |
6678 |
-- |
6679 |
- /* Check that the report looks ok */ |
6680 |
-- report = list_entry(report_list->next, struct hid_report, list); |
6681 |
-- if (!report) { |
6682 |
-- hid_err(hid, "NULL output report\n"); |
6683 |
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) |
6684 |
- return -1; |
6685 |
-- } |
6686 |
-- |
6687 |
-- field = report->field[0]; |
6688 |
-- if (!field) { |
6689 |
-- hid_err(hid, "NULL field\n"); |
6690 |
-- return -1; |
6691 |
-- } |
6692 |
- |
6693 |
- /* Check what wheel has been connected */ |
6694 |
- for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) { |
6695 |
-diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c |
6696 |
-index 27bc54f..6d25789 100644 |
6697 |
---- a/drivers/hid/hid-lgff.c |
6698 |
-+++ b/drivers/hid/hid-lgff.c |
6699 |
-@@ -130,27 +130,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude) |
6700 |
- int lgff_init(struct hid_device* hid) |
6701 |
- { |
6702 |
- struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); |
6703 |
-- struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
6704 |
- struct input_dev *dev = hidinput->input; |
6705 |
-- struct hid_report *report; |
6706 |
-- struct hid_field *field; |
6707 |
- const signed short *ff_bits = ff_joystick; |
6708 |
- int error; |
6709 |
- int i; |
6710 |
- |
6711 |
-- /* Find the report to use */ |
6712 |
-- if (list_empty(report_list)) { |
6713 |
-- hid_err(hid, "No output report found\n"); |
6714 |
-- return -1; |
6715 |
-- } |
6716 |
-- |
6717 |
- /* Check that the report looks ok */ |
6718 |
-- report = list_entry(report_list->next, struct hid_report, list); |
6719 |
-- field = report->field[0]; |
6720 |
-- if (!field) { |
6721 |
-- hid_err(hid, "NULL field\n"); |
6722 |
-- return -1; |
6723 |
-- } |
6724 |
-+ if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) |
6725 |
-+ return -ENODEV; |
6726 |
- |
6727 |
- for (i = 0; i < ARRAY_SIZE(devices); i++) { |
6728 |
- if (dev->id.vendor == devices[i].idVendor && |
6729 |
diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c |
6730 |
index 13af0f1..dc797c9 100644 |
6731 |
--- a/drivers/hid/hid-multitouch.c |
6732 |
@@ -36267,70 +35983,6 @@ index 13af0f1..dc797c9 100644 |
6733 |
} |
6734 |
|
6735 |
/* we have handled the hidinput part, now remains hiddev */ |
6736 |
-diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c |
6737 |
-index 9fae2eb..48cba85 100644 |
6738 |
---- a/drivers/hid/hid-ntrig.c |
6739 |
-+++ b/drivers/hid/hid-ntrig.c |
6740 |
-@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) |
6741 |
- struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. |
6742 |
- report_id_hash[0x0d]; |
6743 |
- |
6744 |
-- if (!report) |
6745 |
-+ if (!report || report->maxfield < 1 || |
6746 |
-+ report->field[0]->report_count < 1) |
6747 |
- return -EINVAL; |
6748 |
- |
6749 |
- usbhid_submit_report(hdev, report, USB_DIR_IN); |
6750 |
-diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c |
6751 |
-index 070f93a..12786cd 100644 |
6752 |
---- a/drivers/hid/hid-pl.c |
6753 |
-+++ b/drivers/hid/hid-pl.c |
6754 |
-@@ -129,8 +129,14 @@ static int plff_init(struct hid_device *hid) |
6755 |
- strong = &report->field[0]->value[2]; |
6756 |
- weak = &report->field[0]->value[3]; |
6757 |
- debug("detected single-field device"); |
6758 |
-- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && |
6759 |
-- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { |
6760 |
-+ } else if (report->field[0]->maxusage == 1 && |
6761 |
-+ report->field[0]->usage[0].hid == |
6762 |
-+ (HID_UP_LED | 0x43) && |
6763 |
-+ report->maxfield >= 4 && |
6764 |
-+ report->field[0]->report_count >= 1 && |
6765 |
-+ report->field[1]->report_count >= 1 && |
6766 |
-+ report->field[2]->report_count >= 1 && |
6767 |
-+ report->field[3]->report_count >= 1) { |
6768 |
- report->field[0]->value[0] = 0x00; |
6769 |
- report->field[1]->value[0] = 0x00; |
6770 |
- strong = &report->field[2]->value[0]; |
6771 |
-diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c |
6772 |
-index f6ba81d..f7e37f7 100644 |
6773 |
---- a/drivers/hid/hid-zpff.c |
6774 |
-+++ b/drivers/hid/hid-zpff.c |
6775 |
-@@ -70,22 +70,12 @@ static int zpff_init(struct hid_device *hid) |
6776 |
- struct hid_report *report; |
6777 |
- struct hid_input *hidinput = list_entry(hid->inputs.next, |
6778 |
- struct hid_input, list); |
6779 |
-- struct list_head *report_list = |
6780 |
-- &hid->report_enum[HID_OUTPUT_REPORT].report_list; |
6781 |
- struct input_dev *dev = hidinput->input; |
6782 |
- int error; |
6783 |
- |
6784 |
-- if (list_empty(report_list)) { |
6785 |
-- hid_err(hid, "no output report found\n"); |
6786 |
-+ report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 4, 1); |
6787 |
-+ if (!report) |
6788 |
- return -ENODEV; |
6789 |
-- } |
6790 |
-- |
6791 |
-- report = list_entry(report_list->next, struct hid_report, list); |
6792 |
-- |
6793 |
-- if (report->maxfield < 4) { |
6794 |
-- hid_err(hid, "not enough fields in report\n"); |
6795 |
-- return -ENODEV; |
6796 |
-- } |
6797 |
- |
6798 |
- zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL); |
6799 |
- if (!zpff) |
6800 |
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c |
6801 |
index 4ef02b2..8a96831 100644 |
6802 |
--- a/drivers/hid/usbhid/hiddev.c |
6803 |
@@ -36443,10 +36095,10 @@ index 66f6729..4de8c4a 100644 |
6804 |
int res = 0; |
6805 |
|
6806 |
diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c |
6807 |
-index d99aa84..c977790 100644 |
6808 |
+index 30cac58..f6406b3 100644 |
6809 |
--- a/drivers/hwmon/applesmc.c |
6810 |
+++ b/drivers/hwmon/applesmc.c |
6811 |
-@@ -1056,7 +1056,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) |
6812 |
+@@ -1069,7 +1069,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) |
6813 |
{ |
6814 |
struct applesmc_node_group *grp; |
6815 |
struct applesmc_dev_attr *node; |
6816 |
@@ -40263,10 +39915,10 @@ index a9ff89ff..461d313 100644 |
6817 |
struct sm_sysfs_attribute *vendor_attribute; |
6818 |
|
6819 |
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
6820 |
-index b436b84..d3cecc5 100644 |
6821 |
+index 1bf36ac..55c534e 100644 |
6822 |
--- a/drivers/net/bonding/bond_main.c |
6823 |
+++ b/drivers/net/bonding/bond_main.c |
6824 |
-@@ -4796,7 +4796,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[], |
6825 |
+@@ -4803,7 +4803,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[], |
6826 |
return 0; |
6827 |
} |
6828 |
|
6829 |
@@ -40275,7 +39927,7 @@ index b436b84..d3cecc5 100644 |
6830 |
.kind = "bond", |
6831 |
.priv_size = sizeof(struct bonding), |
6832 |
.setup = bond_setup, |
6833 |
-@@ -4921,8 +4921,8 @@ static void __exit bonding_exit(void) |
6834 |
+@@ -4928,8 +4928,8 @@ static void __exit bonding_exit(void) |
6835 |
|
6836 |
bond_destroy_debugfs(); |
6837 |
|
6838 |
@@ -40958,10 +40610,10 @@ index 301b39e..345c414 100644 |
6839 |
}; |
6840 |
|
6841 |
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c |
6842 |
-index 96b9e3c..d9cfb75 100644 |
6843 |
+index b0f9015..93da3cf 100644 |
6844 |
--- a/drivers/net/macvtap.c |
6845 |
+++ b/drivers/net/macvtap.c |
6846 |
-@@ -1073,7 +1073,7 @@ static int macvtap_device_event(struct notifier_block *unused, |
6847 |
+@@ -1085,7 +1085,7 @@ static int macvtap_device_event(struct notifier_block *unused, |
6848 |
return NOTIFY_DONE; |
6849 |
} |
6850 |
|
6851 |
@@ -41095,7 +40747,7 @@ index 46db5c5..37c1536 100644 |
6852 |
err = platform_driver_register(&sk_isa_driver); |
6853 |
if (err) |
6854 |
diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
6855 |
-index f4c5de6..31aa71c 100644 |
6856 |
+index ee1aab0..31aa71c 100644 |
6857 |
--- a/drivers/net/tun.c |
6858 |
+++ b/drivers/net/tun.c |
6859 |
@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev) |
6860 |
@@ -41107,29 +40759,7 @@ index f4c5de6..31aa71c 100644 |
6861 |
} |
6862 |
|
6863 |
/* Net device open. */ |
6864 |
-@@ -614,8 +614,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, |
6865 |
- int offset = 0; |
6866 |
- |
6867 |
- if (!(tun->flags & TUN_NO_PI)) { |
6868 |
-- if ((len -= sizeof(pi)) > count) |
6869 |
-+ if (len < sizeof(pi)) |
6870 |
- return -EINVAL; |
6871 |
-+ len -= sizeof(pi); |
6872 |
- |
6873 |
- if (memcpy_fromiovecend((void *)&pi, iv, 0, sizeof(pi))) |
6874 |
- return -EFAULT; |
6875 |
-@@ -623,8 +624,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, |
6876 |
- } |
6877 |
- |
6878 |
- if (tun->flags & TUN_VNET_HDR) { |
6879 |
-- if ((len -= tun->vnet_hdr_sz) > count) |
6880 |
-+ if (len < tun->vnet_hdr_sz) |
6881 |
- return -EINVAL; |
6882 |
-+ len -= tun->vnet_hdr_sz; |
6883 |
- |
6884 |
- if (memcpy_fromiovecend((void *)&gso, iv, offset, sizeof(gso))) |
6885 |
- return -EFAULT; |
6886 |
-@@ -981,10 +983,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct socket *sock, |
6887 |
+@@ -983,10 +983,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct socket *sock, |
6888 |
return ret; |
6889 |
} |
6890 |
|
6891 |
@@ -41148,7 +40778,7 @@ index f4c5de6..31aa71c 100644 |
6892 |
}; |
6893 |
|
6894 |
static struct proto tun_proto = { |
6895 |
-@@ -1111,10 +1121,11 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
6896 |
+@@ -1113,10 +1121,11 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
6897 |
tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr); |
6898 |
|
6899 |
err = -ENOMEM; |
6900 |
@@ -41161,7 +40791,7 @@ index f4c5de6..31aa71c 100644 |
6901 |
tun->socket.wq = &tun->wq; |
6902 |
init_waitqueue_head(&tun->wq.wait); |
6903 |
tun->socket.ops = &tun_socket_ops; |
6904 |
-@@ -1175,7 +1186,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
6905 |
+@@ -1177,7 +1186,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) |
6906 |
return 0; |
6907 |
|
6908 |
err_free_sk: |
6909 |
@@ -41170,7 +40800,7 @@ index f4c5de6..31aa71c 100644 |
6910 |
err_free_dev: |
6911 |
free_netdev(dev); |
6912 |
failed: |
6913 |
-@@ -1234,7 +1245,7 @@ static int set_offload(struct tun_struct *tun, unsigned long arg) |
6914 |
+@@ -1236,7 +1245,7 @@ static int set_offload(struct tun_struct *tun, unsigned long arg) |
6915 |
} |
6916 |
|
6917 |
static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
6918 |
@@ -41179,7 +40809,7 @@ index f4c5de6..31aa71c 100644 |
6919 |
{ |
6920 |
struct tun_file *tfile = file->private_data; |
6921 |
struct tun_struct *tun; |
6922 |
-@@ -1245,6 +1256,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
6923 |
+@@ -1247,6 +1256,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
6924 |
int vnet_hdr_sz; |
6925 |
int ret; |
6926 |
|
6927 |
@@ -41394,6 +41024,18 @@ index ebb9f24..7a4c491 100644 |
6928 |
sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed); |
6929 |
/* Lucky card and linux use same encoding here */ |
6930 |
sync.clock_type = FST_RDB(card, portConfig[i].internalClock) == |
6931 |
+diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c |
6932 |
+index 44b7071..c643d77 100644 |
6933 |
+--- a/drivers/net/wan/wanxl.c |
6934 |
++++ b/drivers/net/wan/wanxl.c |
6935 |
+@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
6936 |
+ ifr->ifr_settings.size = size; /* data size wanted */ |
6937 |
+ return -ENOBUFS; |
6938 |
+ } |
6939 |
++ memset(&line, 0, sizeof(line)); |
6940 |
+ line.clock_type = get_status(port)->clocking; |
6941 |
+ line.clock_rate = 0; |
6942 |
+ line.loopback = 0; |
6943 |
diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c |
6944 |
index 4045e5a..506f1cf 100644 |
6945 |
--- a/drivers/net/wireless/at76c50x-usb.c |
6946 |
@@ -43674,7 +43316,7 @@ index 1b21491..1b7f60e 100644 |
6947 |
/* |
6948 |
* Check for overflow; dev_loss_tmo is u32 |
6949 |
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c |
6950 |
-index 96029e6..4d77fa0 100644 |
6951 |
+index c874458..568a977 100644 |
6952 |
--- a/drivers/scsi/scsi_transport_iscsi.c |
6953 |
+++ b/drivers/scsi/scsi_transport_iscsi.c |
6954 |
@@ -79,7 +79,7 @@ struct iscsi_internal { |
6955 |
@@ -43736,10 +43378,10 @@ index 21a045e..ec89e03 100644 |
6956 |
|
6957 |
transport_setup_device(&rport->dev); |
6958 |
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
6959 |
-index 17603da..332e23a 100644 |
6960 |
+index f6d2b62..d9aa1a4 100644 |
6961 |
--- a/drivers/scsi/sd.c |
6962 |
+++ b/drivers/scsi/sd.c |
6963 |
-@@ -2637,7 +2637,7 @@ static int sd_probe(struct device *dev) |
6964 |
+@@ -2632,7 +2632,7 @@ static int sd_probe(struct device *dev) |
6965 |
device_initialize(&sdkp->dev); |
6966 |
sdkp->dev.parent = dev; |
6967 |
sdkp->dev.class = &sd_disk_class; |
6968 |
@@ -45276,7 +44918,7 @@ index 032e5a6..bc422e4 100644 |
6969 |
wake_up(&usb_kill_urb_queue); |
6970 |
usb_put_urb(urb); |
6971 |
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c |
6972 |
-index 2768a7e..7b5c7a9 100644 |
6973 |
+index a5ea85f..6530989 100644 |
6974 |
--- a/drivers/usb/core/hub.c |
6975 |
+++ b/drivers/usb/core/hub.c |
6976 |
@@ -25,6 +25,7 @@ |
6977 |
@@ -51444,7 +51086,7 @@ index d322929..9f4b816 100644 |
6978 |
dcache_init(); |
6979 |
inode_init(); |
6980 |
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c |
6981 |
-index f3a257d..9235188 100644 |
6982 |
+index fb001cd..95129c3 100644 |
6983 |
--- a/fs/debugfs/inode.c |
6984 |
+++ b/fs/debugfs/inode.c |
6985 |
@@ -145,6 +145,7 @@ static struct file_system_type debug_fs_type = { |
6986 |
@@ -51498,6 +51140,32 @@ index a9be90d..3cf866c 100644 |
6987 |
if (!IS_ERR(buf)) { |
6988 |
/* Free the char* */ |
6989 |
kfree(buf); |
6990 |
+diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c |
6991 |
+index ac1ad48..d80e1db 100644 |
6992 |
+--- a/fs/ecryptfs/keystore.c |
6993 |
++++ b/fs/ecryptfs/keystore.c |
6994 |
+@@ -1151,8 +1151,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
6995 |
+ struct ecryptfs_msg_ctx *msg_ctx; |
6996 |
+ struct ecryptfs_message *msg = NULL; |
6997 |
+ char *auth_tok_sig; |
6998 |
+- char *payload; |
6999 |
+- size_t payload_len; |
7000 |
++ char *payload = NULL; |
7001 |
++ size_t payload_len = 0; |
7002 |
+ int rc; |
7003 |
+ |
7004 |
+ rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok); |
7005 |
+@@ -1204,8 +1204,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, |
7006 |
+ crypt_stat->key_size); |
7007 |
+ } |
7008 |
+ out: |
7009 |
+- if (msg) |
7010 |
+- kfree(msg); |
7011 |
++ kfree(msg); |
7012 |
++ kfree(payload); |
7013 |
+ return rc; |
7014 |
+ } |
7015 |
+ |
7016 |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c |
7017 |
index 94afdfd..bdb8854 100644 |
7018 |
--- a/fs/ecryptfs/main.c |
7019 |
@@ -54577,10 +54245,10 @@ index 5c029fb..96e676c 100644 |
7020 |
if (!ret) |
7021 |
ret = -EPIPE; |
7022 |
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
7023 |
-index 5ef7afb..5fc7f4f 100644 |
7024 |
+index 06e2f73..e6c5fc8 100644 |
7025 |
--- a/fs/fuse/dir.c |
7026 |
+++ b/fs/fuse/dir.c |
7027 |
-@@ -1148,7 +1148,7 @@ static char *read_link(struct dentry *dentry) |
7028 |
+@@ -1150,7 +1150,7 @@ static char *read_link(struct dentry *dentry) |
7029 |
return link; |
7030 |
} |
7031 |
|
7032 |
@@ -54590,10 +54258,10 @@ index 5ef7afb..5fc7f4f 100644 |
7033 |
if (!IS_ERR(link)) |
7034 |
free_page((unsigned long) link); |
7035 |
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
7036 |
-index 1f82d95..763ac54 100644 |
7037 |
+index 912c250..f0aee59 100644 |
7038 |
--- a/fs/fuse/inode.c |
7039 |
+++ b/fs/fuse/inode.c |
7040 |
-@@ -1092,6 +1092,7 @@ static struct file_system_type fuse_fs_type = { |
7041 |
+@@ -1094,6 +1094,7 @@ static struct file_system_type fuse_fs_type = { |
7042 |
.mount = fuse_mount, |
7043 |
.kill_sb = fuse_kill_sb_anon, |
7044 |
}; |
7045 |
@@ -54601,7 +54269,7 @@ index 1f82d95..763ac54 100644 |
7046 |
|
7047 |
#ifdef CONFIG_BLOCK |
7048 |
static struct dentry *fuse_mount_blk(struct file_system_type *fs_type, |
7049 |
-@@ -1121,6 +1122,7 @@ static struct file_system_type fuseblk_fs_type = { |
7050 |
+@@ -1123,6 +1124,7 @@ static struct file_system_type fuseblk_fs_type = { |
7051 |
.kill_sb = fuse_kill_sb_blk, |
7052 |
.fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE, |
7053 |
}; |
7054 |
@@ -54811,10 +54479,10 @@ index e2d3633..e6f3833 100644 |
7055 |
spin_unlock(&inode->i_lock); |
7056 |
} |
7057 |
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c |
7058 |
-index f950059..78748e8 100644 |
7059 |
+index a5f25a7..8ac9cc8 100644 |
7060 |
--- a/fs/isofs/inode.c |
7061 |
+++ b/fs/isofs/inode.c |
7062 |
-@@ -1545,6 +1545,8 @@ static struct file_system_type iso9660_fs_type = { |
7063 |
+@@ -1539,6 +1539,8 @@ static struct file_system_type iso9660_fs_type = { |
7064 |
.kill_sb = kill_block_super, |
7065 |
.fs_flags = FS_REQUIRES_DEV, |
7066 |
}; |
7067 |
@@ -54823,7 +54491,7 @@ index f950059..78748e8 100644 |
7068 |
|
7069 |
static int __init init_iso9660_fs(void) |
7070 |
{ |
7071 |
-@@ -1582,5 +1584,3 @@ static void __exit exit_iso9660_fs(void) |
7072 |
+@@ -1576,5 +1578,3 @@ static void __exit exit_iso9660_fs(void) |
7073 |
module_init(init_iso9660_fs) |
7074 |
module_exit(exit_iso9660_fs) |
7075 |
MODULE_LICENSE("GPL"); |
7076 |
@@ -72735,35 +72403,6 @@ index 0000000..e7ffaaf |
7077 |
+ const int protocol); |
7078 |
+ |
7079 |
+#endif |
7080 |
-diff --git a/include/linux/hid.h b/include/linux/hid.h |
7081 |
-index 331e2ef..37c06bd 100644 |
7082 |
---- a/include/linux/hid.h |
7083 |
-+++ b/include/linux/hid.h |
7084 |
-@@ -416,10 +416,12 @@ struct hid_report { |
7085 |
- struct hid_device *device; /* associated device */ |
7086 |
- }; |
7087 |
- |
7088 |
-+#define HID_MAX_IDS 256 |
7089 |
-+ |
7090 |
- struct hid_report_enum { |
7091 |
- unsigned numbered; |
7092 |
- struct list_head report_list; |
7093 |
-- struct hid_report *report_id_hash[256]; |
7094 |
-+ struct hid_report *report_id_hash[HID_MAX_IDS]; |
7095 |
- }; |
7096 |
- |
7097 |
- #define HID_REPORT_TYPES 3 |
7098 |
-@@ -716,6 +718,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); |
7099 |
- struct hid_device *hid_allocate_device(void); |
7100 |
- struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id); |
7101 |
- int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size); |
7102 |
-+struct hid_report *hid_validate_report(struct hid_device *hid, |
7103 |
-+ unsigned int type, unsigned int id, |
7104 |
-+ unsigned int fields, |
7105 |
-+ unsigned int report_counts); |
7106 |
- int hid_check_keys_pressed(struct hid_device *hid); |
7107 |
- int hid_connect(struct hid_device *hid, unsigned int connect_mask); |
7108 |
- void hid_disconnect(struct hid_device *hid); |
7109 |
diff --git a/include/linux/highmem.h b/include/linux/highmem.h |
7110 |
index 52e9620..26c34b1 100644 |
7111 |
--- a/include/linux/highmem.h |
7112 |
@@ -73308,7 +72947,7 @@ index 3797270..7765ede 100644 |
7113 |
struct mca_bus { |
7114 |
u64 default_dma_mask; |
7115 |
diff --git a/include/linux/mm.h b/include/linux/mm.h |
7116 |
-index d0493f6..ce3ea0b 100644 |
7117 |
+index 305fd75..f0db13d 100644 |
7118 |
--- a/include/linux/mm.h |
7119 |
+++ b/include/linux/mm.h |
7120 |
@@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); |
7121 |
@@ -73345,7 +72984,7 @@ index d0493f6..ce3ea0b 100644 |
7122 |
|
7123 |
struct mmu_gather; |
7124 |
struct inode; |
7125 |
-@@ -940,8 +948,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, |
7126 |
+@@ -941,8 +949,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, |
7127 |
unsigned long *pfn); |
7128 |
int follow_phys(struct vm_area_struct *vma, unsigned long address, |
7129 |
unsigned int flags, unsigned long *prot, resource_size_t *phys); |
7130 |
@@ -73356,7 +72995,7 @@ index d0493f6..ce3ea0b 100644 |
7131 |
|
7132 |
static inline void unmap_shared_mapping_range(struct address_space *mapping, |
7133 |
loff_t const holebegin, loff_t const holelen) |
7134 |
-@@ -983,10 +991,10 @@ static inline int fixup_user_fault(struct task_struct *tsk, |
7135 |
+@@ -984,10 +992,10 @@ static inline int fixup_user_fault(struct task_struct *tsk, |
7136 |
} |
7137 |
#endif |
7138 |
|
7139 |
@@ -73371,7 +73010,7 @@ index d0493f6..ce3ea0b 100644 |
7140 |
|
7141 |
int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, |
7142 |
unsigned long start, int len, unsigned int foll_flags, |
7143 |
-@@ -1012,34 +1020,6 @@ int set_page_dirty(struct page *page); |
7144 |
+@@ -1013,34 +1021,6 @@ int set_page_dirty(struct page *page); |
7145 |
int set_page_dirty_lock(struct page *page); |
7146 |
int clear_page_dirty_for_io(struct page *page); |
7147 |
|
7148 |
@@ -73406,7 +73045,7 @@ index d0493f6..ce3ea0b 100644 |
7149 |
extern unsigned long move_page_tables(struct vm_area_struct *vma, |
7150 |
unsigned long old_addr, struct vm_area_struct *new_vma, |
7151 |
unsigned long new_addr, unsigned long len); |
7152 |
-@@ -1134,6 +1114,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) |
7153 |
+@@ -1135,6 +1115,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) |
7154 |
} |
7155 |
#endif |
7156 |
|
7157 |
@@ -73422,7 +73061,7 @@ index d0493f6..ce3ea0b 100644 |
7158 |
int vma_wants_writenotify(struct vm_area_struct *vma); |
7159 |
|
7160 |
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, |
7161 |
-@@ -1152,8 +1141,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, |
7162 |
+@@ -1153,8 +1142,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, |
7163 |
{ |
7164 |
return 0; |
7165 |
} |
7166 |
@@ -73438,7 +73077,7 @@ index d0493f6..ce3ea0b 100644 |
7167 |
#endif |
7168 |
|
7169 |
#ifdef __PAGETABLE_PMD_FOLDED |
7170 |
-@@ -1162,8 +1158,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, |
7171 |
+@@ -1163,8 +1159,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, |
7172 |
{ |
7173 |
return 0; |
7174 |
} |
7175 |
@@ -73454,7 +73093,7 @@ index d0493f6..ce3ea0b 100644 |
7176 |
#endif |
7177 |
|
7178 |
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, |
7179 |
-@@ -1181,11 +1184,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a |
7180 |
+@@ -1182,11 +1185,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a |
7181 |
NULL: pud_offset(pgd, address); |
7182 |
} |
7183 |
|
7184 |
@@ -73478,7 +73117,7 @@ index d0493f6..ce3ea0b 100644 |
7185 |
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ |
7186 |
|
7187 |
#if USE_SPLIT_PTLOCKS |
7188 |
-@@ -1419,6 +1434,7 @@ out: |
7189 |
+@@ -1420,6 +1435,7 @@ out: |
7190 |
} |
7191 |
|
7192 |
extern int do_munmap(struct mm_struct *, unsigned long, size_t); |
7193 |
@@ -73486,7 +73125,7 @@ index d0493f6..ce3ea0b 100644 |
7194 |
|
7195 |
extern unsigned long do_brk(unsigned long, unsigned long); |
7196 |
|
7197 |
-@@ -1476,6 +1492,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add |
7198 |
+@@ -1477,6 +1493,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add |
7199 |
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, |
7200 |
struct vm_area_struct **pprev); |
7201 |
|
7202 |
@@ -73497,7 +73136,7 @@ index d0493f6..ce3ea0b 100644 |
7203 |
/* Look up the first VMA which intersects the interval start_addr..end_addr-1, |
7204 |
NULL if none. Assume start_addr < end_addr. */ |
7205 |
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) |
7206 |
-@@ -1492,15 +1512,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) |
7207 |
+@@ -1493,15 +1513,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) |
7208 |
return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; |
7209 |
} |
7210 |
|
7211 |
@@ -73513,7 +73152,7 @@ index d0493f6..ce3ea0b 100644 |
7212 |
struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); |
7213 |
int remap_pfn_range(struct vm_area_struct *, unsigned long addr, |
7214 |
unsigned long pfn, unsigned long size, pgprot_t); |
7215 |
-@@ -1536,6 +1547,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); |
7216 |
+@@ -1537,6 +1548,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); |
7217 |
static inline void vm_stat_account(struct mm_struct *mm, |
7218 |
unsigned long flags, struct file *file, long pages) |
7219 |
{ |
7220 |
@@ -73526,7 +73165,7 @@ index d0493f6..ce3ea0b 100644 |
7221 |
} |
7222 |
#endif /* CONFIG_PROC_FS */ |
7223 |
|
7224 |
-@@ -1616,7 +1633,7 @@ extern int unpoison_memory(unsigned long pfn); |
7225 |
+@@ -1617,7 +1634,7 @@ extern int unpoison_memory(unsigned long pfn); |
7226 |
extern int sysctl_memory_failure_early_kill; |
7227 |
extern int sysctl_memory_failure_recovery; |
7228 |
extern void shake_page(struct page *p, int access); |
7229 |
@@ -73535,7 +73174,7 @@ index d0493f6..ce3ea0b 100644 |
7230 |
extern int soft_offline_page(struct page *page, int flags); |
7231 |
|
7232 |
extern void dump_page(struct page *page); |
7233 |
-@@ -1630,5 +1647,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, |
7234 |
+@@ -1631,5 +1648,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, |
7235 |
unsigned int pages_per_huge_page); |
7236 |
#endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ |
7237 |
|
7238 |
@@ -74041,7 +73680,7 @@ index 45fc162..01a4068 100644 |
7239 |
/** |
7240 |
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot |
7241 |
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h |
7242 |
-index 3cfcfea..0227030 100644 |
7243 |
+index eeb6a29..6eb2b52 100644 |
7244 |
--- a/include/linux/perf_event.h |
7245 |
+++ b/include/linux/perf_event.h |
7246 |
@@ -748,8 +748,8 @@ struct perf_event { |
7247 |
@@ -74327,7 +73966,7 @@ index 29e217a..a76bcd0 100644 |
7248 |
|
7249 |
/** |
7250 |
diff --git a/include/linux/rculist.h b/include/linux/rculist.h |
7251 |
-index 6f95e24..68fe817 100644 |
7252 |
+index 3863352..4ec4bfb 100644 |
7253 |
--- a/include/linux/rculist.h |
7254 |
+++ b/include/linux/rculist.h |
7255 |
@@ -39,6 +39,9 @@ static inline void __list_add_rcu(struct list_head *new, |
7256 |
@@ -74876,7 +74515,7 @@ index 92808b8..c28cac4 100644 |
7257 |
|
7258 |
/* shm_mode upper byte flags */ |
7259 |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
7260 |
-index efe50af..0d0b145 100644 |
7261 |
+index efe50af..9a039e5 100644 |
7262 |
--- a/include/linux/skbuff.h |
7263 |
+++ b/include/linux/skbuff.h |
7264 |
@@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb); |
7265 |
@@ -74915,7 +74554,19 @@ index efe50af..0d0b145 100644 |
7266 |
} |
7267 |
|
7268 |
/** |
7269 |
-@@ -1546,7 +1546,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) |
7270 |
+@@ -1157,6 +1157,11 @@ static inline int skb_pagelen(const struct sk_buff *skb) |
7271 |
+ return len + skb_headlen(skb); |
7272 |
+ } |
7273 |
+ |
7274 |
++static inline bool skb_has_frags(const struct sk_buff *skb) |
7275 |
++{ |
7276 |
++ return skb_shinfo(skb)->nr_frags; |
7277 |
++} |
7278 |
++ |
7279 |
+ /** |
7280 |
+ * __skb_fill_page_desc - initialise a paged fragment in an skb |
7281 |
+ * @skb: buffer containing fragment to be initialised |
7282 |
+@@ -1546,7 +1551,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) |
7283 |
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) |
7284 |
*/ |
7285 |
#ifndef NET_SKB_PAD |
7286 |
@@ -74924,7 +74575,7 @@ index efe50af..0d0b145 100644 |
7287 |
#endif |
7288 |
|
7289 |
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); |
7290 |
-@@ -2085,7 +2085,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, |
7291 |
+@@ -2085,7 +2090,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, |
7292 |
int noblock, int *err); |
7293 |
extern unsigned int datagram_poll(struct file *file, struct socket *sock, |
7294 |
struct poll_table_struct *wait); |
7295 |
@@ -74933,7 +74584,7 @@ index efe50af..0d0b145 100644 |
7296 |
int offset, struct iovec *to, |
7297 |
int size); |
7298 |
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, |
7299 |
-@@ -2365,6 +2365,9 @@ static inline void nf_reset(struct sk_buff *skb) |
7300 |
+@@ -2365,6 +2370,9 @@ static inline void nf_reset(struct sk_buff *skb) |
7301 |
nf_bridge_put(skb->nf_bridge); |
7302 |
skb->nf_bridge = NULL; |
7303 |
#endif |
7304 |
@@ -76139,10 +75790,10 @@ index ca2755f..85ec88c 100644 |
7305 |
/** inet_connection_sock - INET connection oriented sock |
7306 |
* |
7307 |
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h |
7308 |
-index e9ff3fc..c19998a 100644 |
7309 |
+index 34b06da..03b1d34 100644 |
7310 |
--- a/include/net/inetpeer.h |
7311 |
+++ b/include/net/inetpeer.h |
7312 |
-@@ -48,8 +48,8 @@ struct inet_peer { |
7313 |
+@@ -52,8 +52,8 @@ struct inet_peer { |
7314 |
*/ |
7315 |
union { |
7316 |
struct { |
7317 |
@@ -76153,7 +75804,7 @@ index e9ff3fc..c19998a 100644 |
7318 |
__u32 tcp_ts; |
7319 |
__u32 tcp_ts_stamp; |
7320 |
}; |
7321 |
-@@ -109,16 +109,13 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) |
7322 |
+@@ -115,16 +115,13 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) |
7323 |
/* can be called with or without local BH being disabled */ |
7324 |
static inline int inet_getid(struct inet_peer *p, int more) |
7325 |
{ |
7326 |
@@ -76176,7 +75827,7 @@ index e9ff3fc..c19998a 100644 |
7327 |
|
7328 |
#endif /* _NET_INETPEER_H */ |
7329 |
diff --git a/include/net/ip.h b/include/net/ip.h |
7330 |
-index eca0ef7..88118cb 100644 |
7331 |
+index 06aed72..54fbf5b 100644 |
7332 |
--- a/include/net/ip.h |
7333 |
+++ b/include/net/ip.h |
7334 |
@@ -214,7 +214,7 @@ extern struct local_ports { |
7335 |
@@ -77808,10 +77459,10 @@ index b463871..59495fd 100644 |
7336 |
* nsown_capable - Check superior capability to one's own user_ns |
7337 |
* @cap: The capability in question |
7338 |
diff --git a/kernel/cgroup.c b/kernel/cgroup.c |
7339 |
-index d2a01fe..493cba0 100644 |
7340 |
+index 2a1ffb7..b99a595 100644 |
7341 |
--- a/kernel/cgroup.c |
7342 |
+++ b/kernel/cgroup.c |
7343 |
-@@ -5153,7 +5153,7 @@ static int cgroup_css_links_read(struct cgroup *cont, |
7344 |
+@@ -5164,7 +5164,7 @@ static int cgroup_css_links_read(struct cgroup *cont, |
7345 |
struct css_set *cg = link->cg; |
7346 |
struct task_struct *task; |
7347 |
int count = 0; |
7348 |
@@ -78229,7 +77880,7 @@ index 63786e7..0780cac 100644 |
7349 |
#ifdef CONFIG_MODULE_UNLOAD |
7350 |
{ |
7351 |
diff --git a/kernel/events/core.c b/kernel/events/core.c |
7352 |
-index 5bbe443..c8b6b81 100644 |
7353 |
+index 83d5621..8c6738d 100644 |
7354 |
--- a/kernel/events/core.c |
7355 |
+++ b/kernel/events/core.c |
7356 |
@@ -145,8 +145,15 @@ static struct srcu_struct pmus_srcu; |
7357 |
@@ -78258,7 +77909,7 @@ index 5bbe443..c8b6b81 100644 |
7358 |
|
7359 |
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, |
7360 |
enum event_type_t event_type); |
7361 |
-@@ -2568,7 +2575,7 @@ static void __perf_event_read(void *info) |
7362 |
+@@ -2575,7 +2582,7 @@ static void __perf_event_read(void *info) |
7363 |
|
7364 |
static inline u64 perf_event_count(struct perf_event *event) |
7365 |
{ |
7366 |
@@ -78267,7 +77918,7 @@ index 5bbe443..c8b6b81 100644 |
7367 |
} |
7368 |
|
7369 |
static u64 perf_event_read(struct perf_event *event) |
7370 |
-@@ -3114,9 +3121,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) |
7371 |
+@@ -3121,9 +3128,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) |
7372 |
mutex_lock(&event->child_mutex); |
7373 |
total += perf_event_read(event); |
7374 |
*enabled += event->total_time_enabled + |
7375 |
@@ -78279,7 +77930,7 @@ index 5bbe443..c8b6b81 100644 |
7376 |
|
7377 |
list_for_each_entry(child, &event->child_list, child_list) { |
7378 |
total += perf_event_read(child); |
7379 |
-@@ -3508,10 +3515,10 @@ void perf_event_update_userpage(struct perf_event *event) |
7380 |
+@@ -3515,10 +3522,10 @@ void perf_event_update_userpage(struct perf_event *event) |
7381 |
userpg->offset -= local64_read(&event->hw.prev_count); |
7382 |
|
7383 |
userpg->time_enabled = enabled + |
7384 |
@@ -78292,7 +77943,7 @@ index 5bbe443..c8b6b81 100644 |
7385 |
|
7386 |
barrier(); |
7387 |
++userpg->lock; |
7388 |
-@@ -4019,11 +4026,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, |
7389 |
+@@ -4026,11 +4033,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, |
7390 |
values[n++] = perf_event_count(event); |
7391 |
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { |
7392 |
values[n++] = enabled + |
7393 |
@@ -78306,7 +77957,7 @@ index 5bbe443..c8b6b81 100644 |
7394 |
} |
7395 |
if (read_format & PERF_FORMAT_ID) |
7396 |
values[n++] = primary_event_id(event); |
7397 |
-@@ -4674,12 +4681,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) |
7398 |
+@@ -4681,12 +4688,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) |
7399 |
* need to add enough zero bytes after the string to handle |
7400 |
* the 64bit alignment we do later. |
7401 |
*/ |
7402 |
@@ -78321,7 +77972,7 @@ index 5bbe443..c8b6b81 100644 |
7403 |
if (IS_ERR(name)) { |
7404 |
name = strncpy(tmp, "//toolong", sizeof(tmp)); |
7405 |
goto got_name; |
7406 |
-@@ -6036,7 +6043,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, |
7407 |
+@@ -6043,7 +6050,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, |
7408 |
event->parent = parent_event; |
7409 |
|
7410 |
event->ns = get_pid_ns(current->nsproxy->pid_ns); |
7411 |
@@ -78330,7 +77981,7 @@ index 5bbe443..c8b6b81 100644 |
7412 |
|
7413 |
event->state = PERF_EVENT_STATE_INACTIVE; |
7414 |
|
7415 |
-@@ -6282,6 +6289,11 @@ SYSCALL_DEFINE5(perf_event_open, |
7416 |
+@@ -6289,6 +6296,11 @@ SYSCALL_DEFINE5(perf_event_open, |
7417 |
if (flags & ~PERF_FLAG_ALL) |
7418 |
return -EINVAL; |
7419 |
|
7420 |
@@ -78342,7 +77993,7 @@ index 5bbe443..c8b6b81 100644 |
7421 |
err = perf_copy_attr(attr_uptr, &attr); |
7422 |
if (err) |
7423 |
return err; |
7424 |
-@@ -6577,10 +6589,10 @@ static void sync_child_event(struct perf_event *child_event, |
7425 |
+@@ -6584,10 +6596,10 @@ static void sync_child_event(struct perf_event *child_event, |
7426 |
/* |
7427 |
* Add back the child's count to the parent's count: |
7428 |
*/ |
7429 |
@@ -81632,7 +81283,7 @@ index f280df1..da1281d 100644 |
7430 |
#ifdef CONFIG_RT_GROUP_SCHED |
7431 |
/* |
7432 |
diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c |
7433 |
-index 59474c5..efcae8d 100644 |
7434 |
+index c261da7..4e5221ad 100644 |
7435 |
--- a/kernel/sched_fair.c |
7436 |
+++ b/kernel/sched_fair.c |
7437 |
@@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } |
7438 |
@@ -84248,7 +83899,7 @@ index 2a07f97..2cdc054 100644 |
7439 |
set_page_address(page, (void *)vaddr); |
7440 |
|
7441 |
diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
7442 |
-index d80ac4b..9fd73bc 100644 |
7443 |
+index ed0ed8a..cc835b9 100644 |
7444 |
--- a/mm/huge_memory.c |
7445 |
+++ b/mm/huge_memory.c |
7446 |
@@ -704,7 +704,7 @@ out: |
7447 |
@@ -87238,7 +86889,7 @@ index 5a688a2..fffb9f6 100644 |
7448 |
|
7449 |
if (nstart < prev->vm_end) |
7450 |
diff --git a/mm/mremap.c b/mm/mremap.c |
7451 |
-index d6959cb..51051b9 100644 |
7452 |
+index d6959cb..7bc76da 100644 |
7453 |
--- a/mm/mremap.c |
7454 |
+++ b/mm/mremap.c |
7455 |
@@ -23,6 +23,7 @@ |
7456 |
@@ -87249,19 +86900,7 @@ index d6959cb..51051b9 100644 |
7457 |
|
7458 |
#include "internal.h" |
7459 |
|
7460 |
-@@ -60,8 +61,10 @@ static pmd_t *alloc_new_pmd(struct mm_struct *mm, struct vm_area_struct *vma, |
7461 |
- return NULL; |
7462 |
- |
7463 |
- pmd = pmd_alloc(mm, pud, addr); |
7464 |
-- if (!pmd) |
7465 |
-+ if (!pmd) { |
7466 |
-+ pud_free(mm, pud); |
7467 |
- return NULL; |
7468 |
-+ } |
7469 |
- |
7470 |
- VM_BUG_ON(pmd_trans_huge(*pmd)); |
7471 |
- |
7472 |
-@@ -106,6 +109,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, |
7473 |
+@@ -106,6 +107,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, |
7474 |
continue; |
7475 |
pte = ptep_get_and_clear(mm, old_addr, old_pte); |
7476 |
pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); |
7477 |
@@ -87274,7 +86913,7 @@ index d6959cb..51051b9 100644 |
7478 |
set_pte_at(mm, new_addr, new_pte, pte); |
7479 |
} |
7480 |
|
7481 |
-@@ -251,7 +260,6 @@ static unsigned long move_vma(struct vm_area_struct *vma, |
7482 |
+@@ -251,7 +258,6 @@ static unsigned long move_vma(struct vm_area_struct *vma, |
7483 |
* If this were a serious issue, we'd add a flag to do_munmap(). |
7484 |
*/ |
7485 |
hiwater_vm = mm->hiwater_vm; |
7486 |
@@ -87282,7 +86921,7 @@ index d6959cb..51051b9 100644 |
7487 |
vm_stat_account(mm, vma->vm_flags, vma->vm_file, new_len>>PAGE_SHIFT); |
7488 |
|
7489 |
if (do_munmap(mm, old_addr, old_len) < 0) { |
7490 |
-@@ -290,6 +298,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, |
7491 |
+@@ -290,6 +296,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, |
7492 |
if (is_vm_hugetlb_page(vma)) |
7493 |
goto Einval; |
7494 |
|
7495 |
@@ -87294,7 +86933,7 @@ index d6959cb..51051b9 100644 |
7496 |
/* We can't remap across vm area boundaries */ |
7497 |
if (old_len > vma->vm_end - addr) |
7498 |
goto Efault; |
7499 |
-@@ -346,20 +359,25 @@ static unsigned long mremap_to(unsigned long addr, |
7500 |
+@@ -346,20 +357,25 @@ static unsigned long mremap_to(unsigned long addr, |
7501 |
unsigned long ret = -EINVAL; |
7502 |
unsigned long charged = 0; |
7503 |
unsigned long map_flags; |
7504 |
@@ -87325,7 +86964,7 @@ index d6959cb..51051b9 100644 |
7505 |
goto out; |
7506 |
|
7507 |
ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); |
7508 |
-@@ -431,6 +449,7 @@ unsigned long do_mremap(unsigned long addr, |
7509 |
+@@ -431,6 +447,7 @@ unsigned long do_mremap(unsigned long addr, |
7510 |
struct vm_area_struct *vma; |
7511 |
unsigned long ret = -EINVAL; |
7512 |
unsigned long charged = 0; |
7513 |
@@ -87333,7 +86972,7 @@ index d6959cb..51051b9 100644 |
7514 |
|
7515 |
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) |
7516 |
goto out; |
7517 |
-@@ -449,6 +468,17 @@ unsigned long do_mremap(unsigned long addr, |
7518 |
+@@ -449,6 +466,17 @@ unsigned long do_mremap(unsigned long addr, |
7519 |
if (!new_len) |
7520 |
goto out; |
7521 |
|
7522 |
@@ -87351,7 +86990,7 @@ index d6959cb..51051b9 100644 |
7523 |
if (flags & MREMAP_FIXED) { |
7524 |
if (flags & MREMAP_MAYMOVE) |
7525 |
ret = mremap_to(addr, old_len, new_addr, new_len); |
7526 |
-@@ -490,7 +520,6 @@ unsigned long do_mremap(unsigned long addr, |
7527 |
+@@ -490,7 +518,6 @@ unsigned long do_mremap(unsigned long addr, |
7528 |
goto out; |
7529 |
} |
7530 |
|
7531 |
@@ -87359,7 +86998,7 @@ index d6959cb..51051b9 100644 |
7532 |
vm_stat_account(mm, vma->vm_flags, vma->vm_file, pages); |
7533 |
if (vma->vm_flags & VM_LOCKED) { |
7534 |
mm->locked_vm += pages; |
7535 |
-@@ -498,6 +527,7 @@ unsigned long do_mremap(unsigned long addr, |
7536 |
+@@ -498,6 +525,7 @@ unsigned long do_mremap(unsigned long addr, |
7537 |
addr + new_len); |
7538 |
} |
7539 |
ret = addr; |
7540 |
@@ -87367,7 +87006,7 @@ index d6959cb..51051b9 100644 |
7541 |
goto out; |
7542 |
} |
7543 |
} |
7544 |
-@@ -524,7 +554,13 @@ unsigned long do_mremap(unsigned long addr, |
7545 |
+@@ -524,7 +552,13 @@ unsigned long do_mremap(unsigned long addr, |
7546 |
ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); |
7547 |
if (ret) |
7548 |
goto out; |
7549 |
@@ -87508,7 +87147,7 @@ index ea3f83b..001a216 100644 |
7550 |
.next = NULL, |
7551 |
}; |
7552 |
diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
7553 |
-index b5afea2..762ffa1 100644 |
7554 |
+index d8762b2..8a25d14 100644 |
7555 |
--- a/mm/page_alloc.c |
7556 |
+++ b/mm/page_alloc.c |
7557 |
@@ -57,6 +57,7 @@ |
7558 |
@@ -89659,10 +89298,10 @@ index 82ce164..00bd057 100644 |
7559 |
err = -EFAULT; |
7560 |
break; |
7561 |
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c |
7562 |
-index b81500c..92fc8ec 100644 |
7563 |
+index a06deca..2269299 100644 |
7564 |
--- a/net/bridge/br_multicast.c |
7565 |
+++ b/net/bridge/br_multicast.c |
7566 |
-@@ -1409,7 +1409,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, |
7567 |
+@@ -1410,7 +1410,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, |
7568 |
nexthdr = ip6h->nexthdr; |
7569 |
offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr); |
7570 |
|
7571 |
@@ -89876,7 +89515,7 @@ index 53a8e37..45c033e 100644 |
7572 |
if (!IS_ERR(debugfsdir)) { |
7573 |
|
7574 |
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c |
7575 |
-index 5cf5222..6f704ad 100644 |
7576 |
+index 84efbe4..51d47bc 100644 |
7577 |
--- a/net/caif/cfctrl.c |
7578 |
+++ b/net/caif/cfctrl.c |
7579 |
@@ -9,6 +9,7 @@ |
7580 |
@@ -90037,23 +89676,25 @@ index f78f898..d7aa843 100644 |
7581 |
|
7582 |
if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { |
7583 |
diff --git a/net/compat.c b/net/compat.c |
7584 |
-index 8c979cc..5800e81 100644 |
7585 |
+index 8c979cc..2b1960c 100644 |
7586 |
--- a/net/compat.c |
7587 |
+++ b/net/compat.c |
7588 |
-@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
7589 |
+@@ -71,9 +71,11 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
7590 |
__get_user(kmsg->msg_controllen, &umsg->msg_controllen) || |
7591 |
__get_user(kmsg->msg_flags, &umsg->msg_flags)) |
7592 |
return -EFAULT; |
7593 |
- kmsg->msg_name = compat_ptr(tmp1); |
7594 |
- kmsg->msg_iov = compat_ptr(tmp2); |
7595 |
- kmsg->msg_control = compat_ptr(tmp3); |
7596 |
++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
7597 |
++ return -EINVAL; |
7598 |
+ kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1); |
7599 |
+ kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2); |
7600 |
+ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3); |
7601 |
return 0; |
7602 |
} |
7603 |
|
7604 |
-@@ -85,7 +85,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
7605 |
+@@ -85,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
7606 |
|
7607 |
if (kern_msg->msg_namelen) { |
7608 |
if (mode == VERIFY_READ) { |
7609 |
@@ -90062,7 +89703,7 @@ index 8c979cc..5800e81 100644 |
7610 |
kern_msg->msg_namelen, |
7611 |
kern_address); |
7612 |
if (err < 0) |
7613 |
-@@ -96,7 +96,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
7614 |
+@@ -96,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
7615 |
kern_msg->msg_name = NULL; |
7616 |
|
7617 |
tot_len = iov_from_user_compat_to_kern(kern_iov, |
7618 |
@@ -90071,7 +89712,7 @@ index 8c979cc..5800e81 100644 |
7619 |
kern_msg->msg_iovlen); |
7620 |
if (tot_len >= 0) |
7621 |
kern_msg->msg_iov = kern_iov; |
7622 |
-@@ -116,20 +116,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
7623 |
+@@ -116,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, |
7624 |
|
7625 |
#define CMSG_COMPAT_FIRSTHDR(msg) \ |
7626 |
(((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \ |
7627 |
@@ -90095,7 +89736,7 @@ index 8c979cc..5800e81 100644 |
7628 |
msg->msg_controllen) |
7629 |
return NULL; |
7630 |
return (struct compat_cmsghdr __user *)ptr; |
7631 |
-@@ -221,7 +221,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat |
7632 |
+@@ -221,7 +223,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat |
7633 |
{ |
7634 |
struct compat_timeval ctv; |
7635 |
struct compat_timespec cts[3]; |
7636 |
@@ -90104,7 +89745,7 @@ index 8c979cc..5800e81 100644 |
7637 |
struct compat_cmsghdr cmhdr; |
7638 |
int cmlen; |
7639 |
|
7640 |
-@@ -273,7 +273,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat |
7641 |
+@@ -273,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat |
7642 |
|
7643 |
void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) |
7644 |
{ |
7645 |
@@ -90113,7 +89754,7 @@ index 8c979cc..5800e81 100644 |
7646 |
int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); |
7647 |
int fdnum = scm->fp->count; |
7648 |
struct file **fp = scm->fp->fp; |
7649 |
-@@ -370,7 +370,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, |
7650 |
+@@ -370,7 +372,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, |
7651 |
return -EFAULT; |
7652 |
old_fs = get_fs(); |
7653 |
set_fs(KERNEL_DS); |
7654 |
@@ -90122,7 +89763,7 @@ index 8c979cc..5800e81 100644 |
7655 |
set_fs(old_fs); |
7656 |
|
7657 |
return err; |
7658 |
-@@ -431,7 +431,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, |
7659 |
+@@ -431,7 +433,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, |
7660 |
len = sizeof(ktime); |
7661 |
old_fs = get_fs(); |
7662 |
set_fs(KERNEL_DS); |
7663 |
@@ -90131,7 +89772,7 @@ index 8c979cc..5800e81 100644 |
7664 |
set_fs(old_fs); |
7665 |
|
7666 |
if (!err) { |
7667 |
-@@ -566,7 +566,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
7668 |
+@@ -566,7 +568,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
7669 |
case MCAST_JOIN_GROUP: |
7670 |
case MCAST_LEAVE_GROUP: |
7671 |
{ |
7672 |
@@ -90140,7 +89781,7 @@ index 8c979cc..5800e81 100644 |
7673 |
struct group_req __user *kgr = |
7674 |
compat_alloc_user_space(sizeof(struct group_req)); |
7675 |
u32 interface; |
7676 |
-@@ -587,7 +587,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
7677 |
+@@ -587,7 +589,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
7678 |
case MCAST_BLOCK_SOURCE: |
7679 |
case MCAST_UNBLOCK_SOURCE: |
7680 |
{ |
7681 |
@@ -90149,7 +89790,7 @@ index 8c979cc..5800e81 100644 |
7682 |
struct group_source_req __user *kgsr = compat_alloc_user_space( |
7683 |
sizeof(struct group_source_req)); |
7684 |
u32 interface; |
7685 |
-@@ -608,7 +608,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
7686 |
+@@ -608,7 +610,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, |
7687 |
} |
7688 |
case MCAST_MSFILTER: |
7689 |
{ |
7690 |
@@ -90158,7 +89799,7 @@ index 8c979cc..5800e81 100644 |
7691 |
struct group_filter __user *kgf; |
7692 |
u32 interface, fmode, numsrc; |
7693 |
|
7694 |
-@@ -646,7 +646,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, |
7695 |
+@@ -646,7 +648,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, |
7696 |
char __user *optval, int __user *optlen, |
7697 |
int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) |
7698 |
{ |
7699 |
@@ -90167,7 +89808,7 @@ index 8c979cc..5800e81 100644 |
7700 |
struct group_filter __user *kgf; |
7701 |
int __user *koptlen; |
7702 |
u32 interface, fmode, numsrc; |
7703 |
-@@ -799,7 +799,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
7704 |
+@@ -799,7 +801,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
7705 |
|
7706 |
if (call < SYS_SOCKET || call > SYS_SENDMMSG) |
7707 |
return -EINVAL; |
7708 |
@@ -90743,10 +90384,10 @@ index 8a2c2dd..3ba3cf1 100644 |
7709 |
.exit = proto_exit_net, |
7710 |
}; |
7711 |
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c |
7712 |
-index 77a65f0..ebd69a8 100644 |
7713 |
+index f0bdd36..957fc06 100644 |
7714 |
--- a/net/core/sysctl_net_core.c |
7715 |
+++ b/net/core/sysctl_net_core.c |
7716 |
-@@ -25,7 +25,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write, |
7717 |
+@@ -28,7 +28,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write, |
7718 |
{ |
7719 |
unsigned int orig_size, size; |
7720 |
int ret, i; |
7721 |
@@ -90755,7 +90396,7 @@ index 77a65f0..ebd69a8 100644 |
7722 |
.data = &size, |
7723 |
.maxlen = sizeof(size), |
7724 |
.mode = table->mode |
7725 |
-@@ -205,29 +205,27 @@ __net_initdata struct ctl_path net_core_path[] = { |
7726 |
+@@ -210,29 +210,27 @@ __net_initdata struct ctl_path net_core_path[] = { |
7727 |
|
7728 |
static __net_init int sysctl_core_net_init(struct net *net) |
7729 |
{ |
7730 |
@@ -90791,7 +90432,7 @@ index 77a65f0..ebd69a8 100644 |
7731 |
err_dup: |
7732 |
return -ENOMEM; |
7733 |
} |
7734 |
-@@ -242,7 +240,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) |
7735 |
+@@ -247,7 +245,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) |
7736 |
kfree(tbl); |
7737 |
} |
7738 |
|
7739 |
@@ -91086,30 +90727,6 @@ index d01f9c6..284c56c 100644 |
7740 |
|
7741 |
return nh->nh_saddr; |
7742 |
} |
7743 |
-diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c |
7744 |
-index cd2d639..c7c6724 100644 |
7745 |
---- a/net/ipv4/fib_trie.c |
7746 |
-+++ b/net/ipv4/fib_trie.c |
7747 |
-@@ -72,7 +72,6 @@ |
7748 |
- #include <linux/init.h> |
7749 |
- #include <linux/list.h> |
7750 |
- #include <linux/slab.h> |
7751 |
--#include <linux/prefetch.h> |
7752 |
- #include <linux/export.h> |
7753 |
- #include <net/net_namespace.h> |
7754 |
- #include <net/ip.h> |
7755 |
-@@ -1773,10 +1772,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c) |
7756 |
- if (!c) |
7757 |
- continue; |
7758 |
- |
7759 |
-- if (IS_LEAF(c)) { |
7760 |
-- prefetch(rcu_dereference_rtnl(p->child[idx])); |
7761 |
-+ if (IS_LEAF(c)) |
7762 |
- return (struct leaf *) c; |
7763 |
-- } |
7764 |
- |
7765 |
- /* Rescan start scanning in new node */ |
7766 |
- p = (struct tnode *) c; |
7767 |
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c |
7768 |
index ab188ae..662585c 100644 |
7769 |
--- a/net/ipv4/icmp.c |
7770 |
@@ -91202,7 +90819,7 @@ index ccee270..db23c3c 100644 |
7771 |
tmo = req->expires - jiffies; |
7772 |
if (tmo < 0) |
7773 |
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c |
7774 |
-index 984ec65..97ac518 100644 |
7775 |
+index 984ec65..392d206 100644 |
7776 |
--- a/net/ipv4/inet_hashtables.c |
7777 |
+++ b/net/ipv4/inet_hashtables.c |
7778 |
@@ -18,12 +18,15 @@ |
7779 |
@@ -91221,6 +90838,15 @@ index 984ec65..97ac518 100644 |
7780 |
/* |
7781 |
* Allocate and initialize a new local port bind bucket. |
7782 |
* The bindhash mutex for snum's hash chain must be held here. |
7783 |
+@@ -268,7 +271,7 @@ begintw: |
7784 |
+ } |
7785 |
+ if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie, |
7786 |
+ saddr, daddr, ports, dif))) { |
7787 |
+- sock_put(sk); |
7788 |
++ inet_twsk_put(inet_twsk(sk)); |
7789 |
+ goto begintw; |
7790 |
+ } |
7791 |
+ goto out; |
7792 |
@@ -530,6 +533,8 @@ ok: |
7793 |
twrefcnt += inet_twsk_bind_unhash(tw, hinfo); |
7794 |
spin_unlock(&head->lock); |
7795 |
@@ -91231,10 +90857,10 @@ index 984ec65..97ac518 100644 |
7796 |
inet_twsk_deschedule(tw, death_row); |
7797 |
while (twrefcnt) { |
7798 |
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c |
7799 |
-index 86f13c67..59a35b5 100644 |
7800 |
+index 58c4e696..4f025f0 100644 |
7801 |
--- a/net/ipv4/inetpeer.c |
7802 |
+++ b/net/ipv4/inetpeer.c |
7803 |
-@@ -436,8 +436,8 @@ relookup: |
7804 |
+@@ -487,8 +487,8 @@ relookup: |
7805 |
if (p) { |
7806 |
p->daddr = *daddr; |
7807 |
atomic_set(&p->refcnt, 1); |
7808 |
@@ -91326,6 +90952,19 @@ index 5f28fab..ebd7a97 100644 |
7809 |
.kind = "gretap", |
7810 |
.maxtype = IFLA_GRE_MAX, |
7811 |
.policy = ipgre_policy, |
7812 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
7813 |
+index daf408e..16191f0 100644 |
7814 |
+--- a/net/ipv4/ip_output.c |
7815 |
++++ b/net/ipv4/ip_output.c |
7816 |
+@@ -833,7 +833,7 @@ static int __ip_append_data(struct sock *sk, |
7817 |
+ csummode = CHECKSUM_PARTIAL; |
7818 |
+ |
7819 |
+ cork->length += length; |
7820 |
+- if (((length > mtu) || (skb && skb_is_gso(skb))) && |
7821 |
++ if (((length > mtu) || (skb && skb_has_frags(skb))) && |
7822 |
+ (sk->sk_protocol == IPPROTO_UDP) && |
7823 |
+ (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) { |
7824 |
+ err = ip_ufo_append_data(sk, queue, getfrag, from, length, |
7825 |
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c |
7826 |
index 3b36002..27e6634 100644 |
7827 |
--- a/net/ipv4/ip_sockglue.c |
7828 |
@@ -91381,7 +91020,7 @@ index 99ec116..c5628fe 100644 |
7829 |
return res; |
7830 |
} |
7831 |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
7832 |
-index 0064394..2d993a0 100644 |
7833 |
+index b5e64e4..4a9a5c4 100644 |
7834 |
--- a/net/ipv4/ipmr.c |
7835 |
+++ b/net/ipv4/ipmr.c |
7836 |
@@ -1320,6 +1320,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi |
7837 |
@@ -91555,7 +91194,7 @@ index f7fdbe9..63740b7 100644 |
7838 |
.exit = ip_proc_exit_net, |
7839 |
}; |
7840 |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c |
7841 |
-index e1d4f30..5e8918e 100644 |
7842 |
+index 2815014..1d39ae6 100644 |
7843 |
--- a/net/ipv4/raw.c |
7844 |
+++ b/net/ipv4/raw.c |
7845 |
@@ -305,7 +305,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) |
7846 |
@@ -91625,7 +91264,7 @@ index e1d4f30..5e8918e 100644 |
7847 |
.exit = raw_exit_net, |
7848 |
}; |
7849 |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
7850 |
-index 94cdbc5..01d3a77 100644 |
7851 |
+index c45a155a3..dadea8d 100644 |
7852 |
--- a/net/ipv4/route.c |
7853 |
+++ b/net/ipv4/route.c |
7854 |
@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, |
7855 |
@@ -91653,9 +91292,9 @@ index 94cdbc5..01d3a77 100644 |
7856 |
- atomic_add(shuffle + 1U, &net->ipv4.rt_genid); |
7857 |
+ atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid); |
7858 |
redirect_genid++; |
7859 |
+ inetpeer_invalidate_tree(AF_INET); |
7860 |
} |
7861 |
- |
7862 |
-@@ -3022,7 +3022,7 @@ static int rt_fill_info(struct net *net, |
7863 |
+@@ -3023,7 +3023,7 @@ static int rt_fill_info(struct net *net, |
7864 |
error = rt->dst.error; |
7865 |
if (peer) { |
7866 |
inet_peer_refcheck(rt->peer); |
7867 |
@@ -91664,7 +91303,7 @@ index 94cdbc5..01d3a77 100644 |
7868 |
if (peer->tcp_ts_stamp) { |
7869 |
ts = peer->tcp_ts; |
7870 |
tsage = get_seconds() - peer->tcp_ts_stamp; |
7871 |
-@@ -3221,7 +3221,7 @@ static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write, |
7872 |
+@@ -3222,7 +3222,7 @@ static int ipv4_sysctl_rtcache_flush(ctl_table *__ctl, int write, |
7873 |
{ |
7874 |
if (write) { |
7875 |
int flush_delay; |
7876 |
@@ -91673,7 +91312,7 @@ index 94cdbc5..01d3a77 100644 |
7877 |
struct net *net; |
7878 |
|
7879 |
memcpy(&ctl, __ctl, sizeof(ctl)); |
7880 |
-@@ -3370,6 +3370,7 @@ static struct ctl_table ipv4_route_flush_table[] = { |
7881 |
+@@ -3371,6 +3371,7 @@ static struct ctl_table ipv4_route_flush_table[] = { |
7882 |
.maxlen = sizeof(int), |
7883 |
.mode = 0200, |
7884 |
.proc_handler = ipv4_sysctl_rtcache_flush, |
7885 |
@@ -91681,7 +91320,7 @@ index 94cdbc5..01d3a77 100644 |
7886 |
}, |
7887 |
{ }, |
7888 |
}; |
7889 |
-@@ -3383,25 +3384,23 @@ static __net_initdata struct ctl_path ipv4_route_path[] = { |
7890 |
+@@ -3384,25 +3385,23 @@ static __net_initdata struct ctl_path ipv4_route_path[] = { |
7891 |
|
7892 |
static __net_init int sysctl_route_net_init(struct net *net) |
7893 |
{ |
7894 |
@@ -91714,7 +91353,7 @@ index 94cdbc5..01d3a77 100644 |
7895 |
err_dup: |
7896 |
return -ENOMEM; |
7897 |
} |
7898 |
-@@ -3416,7 +3415,7 @@ static __net_exit void sysctl_route_net_exit(struct net *net) |
7899 |
+@@ -3417,7 +3416,7 @@ static __net_exit void sysctl_route_net_exit(struct net *net) |
7900 |
kfree(tbl); |
7901 |
} |
7902 |
|
7903 |
@@ -91723,7 +91362,7 @@ index 94cdbc5..01d3a77 100644 |
7904 |
.init = sysctl_route_net_init, |
7905 |
.exit = sysctl_route_net_exit, |
7906 |
}; |
7907 |
-@@ -3431,7 +3430,7 @@ static __net_init int rt_genid_init(struct net *net) |
7908 |
+@@ -3432,7 +3431,7 @@ static __net_init int rt_genid_init(struct net *net) |
7909 |
return 0; |
7910 |
} |
7911 |
|
7912 |
@@ -92259,27 +91898,10 @@ index a0b4c5d..a5818a1 100644 |
7913 |
} |
7914 |
|
7915 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
7916 |
-index 314bda2..19a815f 100644 |
7917 |
+index 5d41293..19a815f 100644 |
7918 |
--- a/net/ipv6/addrconf.c |
7919 |
+++ b/net/ipv6/addrconf.c |
7920 |
-@@ -913,12 +913,10 @@ retry: |
7921 |
- if (ifp->flags & IFA_F_OPTIMISTIC) |
7922 |
- addr_flags |= IFA_F_OPTIMISTIC; |
7923 |
- |
7924 |
-- ift = !max_addresses || |
7925 |
-- ipv6_count_addresses(idev) < max_addresses ? |
7926 |
-- ipv6_add_addr(idev, &addr, tmp_plen, |
7927 |
-- ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
7928 |
-- addr_flags) : NULL; |
7929 |
-- if (!ift || IS_ERR(ift)) { |
7930 |
-+ ift = ipv6_add_addr(idev, &addr, tmp_plen, |
7931 |
-+ ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, |
7932 |
-+ addr_flags); |
7933 |
-+ if (IS_ERR(ift)) { |
7934 |
- in6_ifa_put(ifp); |
7935 |
- in6_dev_put(idev); |
7936 |
- printk(KERN_INFO |
7937 |
-@@ -2159,7 +2157,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
7938 |
+@@ -2157,7 +2157,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
7939 |
p.iph.ihl = 5; |
7940 |
p.iph.protocol = IPPROTO_IPV6; |
7941 |
p.iph.ttl = 64; |
7942 |
@@ -92323,10 +91945,10 @@ index 65dd543..e6c6e6d 100644 |
7943 |
|
7944 |
static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
7945 |
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c |
7946 |
-index 90868fb..7aeff1e 100644 |
7947 |
+index d505453..ff99535 100644 |
7948 |
--- a/net/ipv6/icmp.c |
7949 |
+++ b/net/ipv6/icmp.c |
7950 |
-@@ -961,7 +961,7 @@ ctl_table ipv6_icmp_table_template[] = { |
7951 |
+@@ -969,7 +969,7 @@ ctl_table ipv6_icmp_table_template[] = { |
7952 |
|
7953 |
struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) |
7954 |
{ |
7955 |
@@ -92357,8 +91979,21 @@ index 1567fb1..29af910 100644 |
7956 |
__sk_dst_reset(sk); |
7957 |
dst = NULL; |
7958 |
} |
7959 |
+diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c |
7960 |
+index 73f1a00..e38290b 100644 |
7961 |
+--- a/net/ipv6/inet6_hashtables.c |
7962 |
++++ b/net/ipv6/inet6_hashtables.c |
7963 |
+@@ -110,7 +110,7 @@ begintw: |
7964 |
+ goto out; |
7965 |
+ } |
7966 |
+ if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) { |
7967 |
+- sock_put(sk); |
7968 |
++ inet_twsk_put(inet_twsk(sk)); |
7969 |
+ goto begintw; |
7970 |
+ } |
7971 |
+ goto out; |
7972 |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
7973 |
-index db60043..7f8a2c1 100644 |
7974 |
+index 91d0711..7dc5e62 100644 |
7975 |
--- a/net/ipv6/ip6_output.c |
7976 |
+++ b/net/ipv6/ip6_output.c |
7977 |
@@ -600,8 +600,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) |
7978 |
@@ -92390,92 +92025,15 @@ index db60043..7f8a2c1 100644 |
7979 |
} |
7980 |
|
7981 |
int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
7982 |
-@@ -1125,6 +1122,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, |
7983 |
- * udp datagram |
7984 |
- */ |
7985 |
- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { |
7986 |
-+ struct frag_hdr fhdr; |
7987 |
-+ |
7988 |
- skb = sock_alloc_send_skb(sk, |
7989 |
- hh_len + fragheaderlen + transhdrlen + 20, |
7990 |
- (flags & MSG_DONTWAIT), &err); |
7991 |
-@@ -1145,12 +1144,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, |
7992 |
- |
7993 |
- skb->ip_summed = CHECKSUM_PARTIAL; |
7994 |
- skb->csum = 0; |
7995 |
-- } |
7996 |
-- |
7997 |
-- err = skb_append_datato_frags(sk,skb, getfrag, from, |
7998 |
-- (length - transhdrlen)); |
7999 |
-- if (!err) { |
8000 |
-- struct frag_hdr fhdr; |
8001 |
- |
8002 |
- /* Specify the length of each IPv6 datagram fragment. |
8003 |
- * It has to be a multiple of 8. |
8004 |
-@@ -1161,15 +1154,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, |
8005 |
- ipv6_select_ident(&fhdr, rt); |
8006 |
- skb_shinfo(skb)->ip6_frag_id = fhdr.identification; |
8007 |
- __skb_queue_tail(&sk->sk_write_queue, skb); |
8008 |
-- |
8009 |
-- return 0; |
8010 |
- } |
8011 |
-- /* There is not enough support do UPD LSO, |
8012 |
-- * so follow normal path |
8013 |
-- */ |
8014 |
-- kfree_skb(skb); |
8015 |
- |
8016 |
-- return err; |
8017 |
-+ return skb_append_datato_frags(sk, skb, getfrag, from, |
8018 |
-+ (length - transhdrlen)); |
8019 |
- } |
8020 |
- |
8021 |
- static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, |
8022 |
-@@ -1342,27 +1330,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, |
8023 |
- * --yoshfuji |
8024 |
- */ |
8025 |
- |
8026 |
-+ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || |
8027 |
-+ sk->sk_protocol == IPPROTO_RAW)) { |
8028 |
-+ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); |
8029 |
-+ return -EMSGSIZE; |
8030 |
-+ } |
8031 |
-+ |
8032 |
-+ skb = skb_peek_tail(&sk->sk_write_queue); |
8033 |
+@@ -1342,7 +1339,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, |
8034 |
+ skb = skb_peek_tail(&sk->sk_write_queue); |
8035 |
cork->length += length; |
8036 |
-- if (length > mtu) { |
8037 |
-- int proto = sk->sk_protocol; |
8038 |
-- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ |
8039 |
-- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); |
8040 |
-- return -EMSGSIZE; |
8041 |
-- } |
8042 |
-- |
8043 |
-- if (proto == IPPROTO_UDP && |
8044 |
-- (rt->dst.dev->features & NETIF_F_UFO)) { |
8045 |
-- |
8046 |
-- err = ip6_ufo_append_data(sk, getfrag, from, length, |
8047 |
-- hh_len, fragheaderlen, |
8048 |
-- transhdrlen, mtu, flags, rt); |
8049 |
-- if (err) |
8050 |
-- goto error; |
8051 |
-- return 0; |
8052 |
-- } |
8053 |
-+ if (((length > mtu) || |
8054 |
-+ (skb && skb_is_gso(skb))) && |
8055 |
-+ (sk->sk_protocol == IPPROTO_UDP) && |
8056 |
-+ (rt->dst.dev->features & NETIF_F_UFO)) { |
8057 |
-+ err = ip6_ufo_append_data(sk, getfrag, from, length, |
8058 |
-+ hh_len, fragheaderlen, |
8059 |
-+ transhdrlen, mtu, flags, rt); |
8060 |
-+ if (err) |
8061 |
-+ goto error; |
8062 |
-+ return 0; |
8063 |
- } |
8064 |
- |
8065 |
-- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) |
8066 |
-+ if (!skb) |
8067 |
- goto alloc_new_skb; |
8068 |
- |
8069 |
- while (length > 0) { |
8070 |
+ if (((length > mtu) || |
8071 |
+- (skb && skb_is_gso(skb))) && |
8072 |
++ (skb && skb_has_frags(skb))) && |
8073 |
+ (sk->sk_protocol == IPPROTO_UDP) && |
8074 |
+ (rt->dst.dev->features & NETIF_F_UFO)) { |
8075 |
+ err = ip6_ufo_append_data(sk, getfrag, from, length, |
8076 |
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
8077 |
index b204df8..8f274f4 100644 |
8078 |
--- a/net/ipv6/ipv6_sockglue.c |
8079 |
@@ -92638,10 +92196,10 @@ index 6e6c2c4..c97891e 100644 |
8080 |
|
8081 |
static int raw6_seq_show(struct seq_file *seq, void *v) |
8082 |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c |
8083 |
-index 411fe2c..cdea3e4 100644 |
8084 |
+index eba5deb..61e026f 100644 |
8085 |
--- a/net/ipv6/reassembly.c |
8086 |
+++ b/net/ipv6/reassembly.c |
8087 |
-@@ -646,21 +646,21 @@ static struct ctl_table ip6_frags_ctl_table[] = { |
8088 |
+@@ -651,21 +651,21 @@ static struct ctl_table ip6_frags_ctl_table[] = { |
8089 |
|
8090 |
static int __net_init ip6_frags_ns_sysctl_register(struct net *net) |
8091 |
{ |
8092 |
@@ -92668,7 +92226,7 @@ index 411fe2c..cdea3e4 100644 |
8093 |
if (hdr == NULL) |
8094 |
goto err_reg; |
8095 |
|
8096 |
-@@ -668,8 +668,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) |
8097 |
+@@ -673,8 +673,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) |
8098 |
return 0; |
8099 |
|
8100 |
err_reg: |
8101 |
@@ -93563,7 +93121,7 @@ index 2b6678c0..aaa41fc 100644 |
8102 |
cp->old_state = cp->state; |
8103 |
/* |
8104 |
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c |
8105 |
-index aa2d720..d8aa111 100644 |
8106 |
+index 38c0813..a29519d 100644 |
8107 |
--- a/net/netfilter/ipvs/ip_vs_xmit.c |
8108 |
+++ b/net/netfilter/ipvs/ip_vs_xmit.c |
8109 |
@@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, |
8110 |
@@ -94721,100 +94279,10 @@ index 7635107..4670276 100644 |
8111 |
|
8112 |
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); |
8113 |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
8114 |
-index 8104278..c969717 100644 |
8115 |
+index 0b6a391..febcef2 100644 |
8116 |
--- a/net/sctp/ipv6.c |
8117 |
+++ b/net/sctp/ipv6.c |
8118 |
-@@ -205,45 +205,23 @@ out: |
8119 |
- in6_dev_put(idev); |
8120 |
- } |
8121 |
- |
8122 |
--/* Based on tcp_v6_xmit() in tcp_ipv6.c. */ |
8123 |
- static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport) |
8124 |
- { |
8125 |
- struct sock *sk = skb->sk; |
8126 |
- struct ipv6_pinfo *np = inet6_sk(sk); |
8127 |
-- struct flowi6 fl6; |
8128 |
-+ struct flowi6 *fl6 = &transport->fl.u.ip6; |
8129 |
- |
8130 |
-- memset(&fl6, 0, sizeof(fl6)); |
8131 |
-+ pr_debug("%s: skb:%p, len:%d, src:%pI6 dst:%pI6\n", __func__, skb, |
8132 |
-+ skb->len, &fl6->saddr, &fl6->daddr); |
8133 |
- |
8134 |
-- fl6.flowi6_proto = sk->sk_protocol; |
8135 |
-- |
8136 |
-- /* Fill in the dest address from the route entry passed with the skb |
8137 |
-- * and the source address from the transport. |
8138 |
-- */ |
8139 |
-- ipv6_addr_copy(&fl6.daddr, &transport->ipaddr.v6.sin6_addr); |
8140 |
-- ipv6_addr_copy(&fl6.saddr, &transport->saddr.v6.sin6_addr); |
8141 |
-- |
8142 |
-- fl6.flowlabel = np->flow_label; |
8143 |
-- IP6_ECN_flow_xmit(sk, fl6.flowlabel); |
8144 |
-- if (ipv6_addr_type(&fl6.saddr) & IPV6_ADDR_LINKLOCAL) |
8145 |
-- fl6.flowi6_oif = transport->saddr.v6.sin6_scope_id; |
8146 |
-- else |
8147 |
-- fl6.flowi6_oif = sk->sk_bound_dev_if; |
8148 |
-- |
8149 |
-- if (np->opt && np->opt->srcrt) { |
8150 |
-- struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt; |
8151 |
-- ipv6_addr_copy(&fl6.daddr, rt0->addr); |
8152 |
-- } |
8153 |
-- |
8154 |
-- SCTP_DEBUG_PRINTK("%s: skb:%p, len:%d, src:%pI6 dst:%pI6\n", |
8155 |
-- __func__, skb, skb->len, |
8156 |
-- &fl6.saddr, &fl6.daddr); |
8157 |
-- |
8158 |
-- SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); |
8159 |
-+ IP6_ECN_flow_xmit(sk, fl6->flowlabel); |
8160 |
- |
8161 |
- if (!(transport->param_flags & SPP_PMTUD_ENABLE)) |
8162 |
- skb->local_df = 1; |
8163 |
- |
8164 |
-- return ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); |
8165 |
-+ SCTP_INC_STATS(SCTP_MIB_OUTSCTPPACKS); |
8166 |
-+ |
8167 |
-+ return ip6_xmit(sk, skb, fl6, np->opt, np->tclass); |
8168 |
- } |
8169 |
- |
8170 |
- /* Returns the dst cache entry for the given source and destination ip |
8171 |
-@@ -256,10 +234,12 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, |
8172 |
- struct dst_entry *dst = NULL; |
8173 |
- struct flowi6 *fl6 = &fl->u.ip6; |
8174 |
- struct sctp_bind_addr *bp; |
8175 |
-+ struct ipv6_pinfo *np = inet6_sk(sk); |
8176 |
- struct sctp_sockaddr_entry *laddr; |
8177 |
- union sctp_addr *baddr = NULL; |
8178 |
- union sctp_addr *daddr = &t->ipaddr; |
8179 |
- union sctp_addr dst_saddr; |
8180 |
-+ struct in6_addr *final_p, final; |
8181 |
- __u8 matchlen = 0; |
8182 |
- __u8 bmatchlen; |
8183 |
- sctp_scope_t scope; |
8184 |
-@@ -282,7 +262,8 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, |
8185 |
- SCTP_DEBUG_PRINTK("SRC=%pI6 - ", &fl6->saddr); |
8186 |
- } |
8187 |
- |
8188 |
-- dst = ip6_dst_lookup_flow(sk, fl6, NULL, false); |
8189 |
-+ final_p = fl6_update_dst(fl6, np->opt, &final); |
8190 |
-+ dst = ip6_dst_lookup_flow(sk, fl6, final_p, false); |
8191 |
- if (!asoc || saddr) |
8192 |
- goto out; |
8193 |
- |
8194 |
-@@ -333,10 +314,12 @@ static void sctp_v6_get_dst(struct sctp_transport *t, union sctp_addr *saddr, |
8195 |
- } |
8196 |
- } |
8197 |
- rcu_read_unlock(); |
8198 |
-+ |
8199 |
- if (baddr) { |
8200 |
- ipv6_addr_copy(&fl6->saddr, &baddr->v6.sin6_addr); |
8201 |
- fl6->fl6_sport = baddr->v6.sin6_port; |
8202 |
-- dst = ip6_dst_lookup_flow(sk, fl6, NULL, false); |
8203 |
-+ final_p = fl6_update_dst(fl6, np->opt, &final); |
8204 |
-+ dst = ip6_dst_lookup_flow(sk, fl6, final_p, false); |
8205 |
- } |
8206 |
- |
8207 |
- out: |
8208 |
-@@ -977,7 +960,7 @@ static const struct inet6_protocol sctpv6_protocol = { |
8209 |
+@@ -961,7 +961,7 @@ static const struct inet6_protocol sctpv6_protocol = { |
8210 |
.flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, |
8211 |
}; |
8212 |
|
8213 |
@@ -94823,7 +94291,7 @@ index 8104278..c969717 100644 |
8214 |
.sa_family = AF_INET6, |
8215 |
.sctp_xmit = sctp_v6_xmit, |
8216 |
.setsockopt = ipv6_setsockopt, |
8217 |
-@@ -1009,7 +992,7 @@ static struct sctp_af sctp_af_inet6 = { |
8218 |
+@@ -993,7 +993,7 @@ static struct sctp_af sctp_af_inet6 = { |
8219 |
#endif |
8220 |
}; |
8221 |
|
8222 |
@@ -94832,7 +94300,7 @@ index 8104278..c969717 100644 |
8223 |
.event_msgname = sctp_inet6_event_msgname, |
8224 |
.skb_msgname = sctp_inet6_skb_msgname, |
8225 |
.af_supported = sctp_inet6_af_supported, |
8226 |
-@@ -1034,7 +1017,7 @@ void sctp_v6_pf_init(void) |
8227 |
+@@ -1018,7 +1018,7 @@ void sctp_v6_pf_init(void) |
8228 |
|
8229 |
void sctp_v6_pf_exit(void) |
8230 |
{ |
8231 |
@@ -94912,7 +94380,7 @@ index 6f6ad86..d52dc47 100644 |
8232 |
|
8233 |
static int sctp_v4_protosw_init(void) |
8234 |
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c |
8235 |
-index 9032d50..49eb875 100644 |
8236 |
+index 76388b0..a967f68 100644 |
8237 |
--- a/net/sctp/sm_sideeffect.c |
8238 |
+++ b/net/sctp/sm_sideeffect.c |
8239 |
@@ -441,7 +441,7 @@ static void sctp_generate_sack_event(unsigned long data) |
8240 |
@@ -94925,10 +94393,10 @@ index 9032d50..49eb875 100644 |
8241 |
sctp_generate_t1_cookie_event, |
8242 |
sctp_generate_t1_init_event, |
8243 |
diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
8244 |
-index ba0108f..f09fd13 100644 |
8245 |
+index c53d01e..9659111 100644 |
8246 |
--- a/net/sctp/socket.c |
8247 |
+++ b/net/sctp/socket.c |
8248 |
-@@ -2157,11 +2157,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, |
8249 |
+@@ -2160,11 +2160,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, |
8250 |
{ |
8251 |
struct sctp_association *asoc; |
8252 |
struct sctp_ulpevent *event; |
8253 |
@@ -94943,7 +94411,7 @@ index ba0108f..f09fd13 100644 |
8254 |
|
8255 |
/* |
8256 |
* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, |
8257 |
-@@ -4147,13 +4149,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, |
8258 |
+@@ -4150,13 +4152,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, |
8259 |
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, |
8260 |
int __user *optlen) |
8261 |
{ |
8262 |
@@ -94961,7 +94429,7 @@ index ba0108f..f09fd13 100644 |
8263 |
return -EFAULT; |
8264 |
return 0; |
8265 |
} |
8266 |
-@@ -4171,6 +4176,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, |
8267 |
+@@ -4174,6 +4179,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, |
8268 |
*/ |
8269 |
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) |
8270 |
{ |
8271 |
@@ -94970,7 +94438,7 @@ index ba0108f..f09fd13 100644 |
8272 |
/* Applicable to UDP-style socket only */ |
8273 |
if (sctp_style(sk, TCP)) |
8274 |
return -EOPNOTSUPP; |
8275 |
-@@ -4179,7 +4186,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv |
8276 |
+@@ -4182,7 +4189,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv |
8277 |
len = sizeof(int); |
8278 |
if (put_user(len, optlen)) |
8279 |
return -EFAULT; |
8280 |
@@ -94980,7 +94448,7 @@ index ba0108f..f09fd13 100644 |
8281 |
return -EFAULT; |
8282 |
return 0; |
8283 |
} |
8284 |
-@@ -4543,12 +4551,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, |
8285 |
+@@ -4546,12 +4554,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, |
8286 |
*/ |
8287 |
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) |
8288 |
{ |
8289 |
@@ -94997,7 +94465,7 @@ index ba0108f..f09fd13 100644 |
8290 |
return -EFAULT; |
8291 |
return 0; |
8292 |
} |
8293 |
-@@ -4589,6 +4600,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, |
8294 |
+@@ -4592,6 +4603,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, |
8295 |
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; |
8296 |
if (space_left < addrlen) |
8297 |
return -ENOMEM; |
8298 |
@@ -95060,7 +94528,7 @@ index 8da4481..d02565e 100644 |
8299 |
+ (rtt >> sctp_rto_alpha); |
8300 |
} else { |
8301 |
diff --git a/net/socket.c b/net/socket.c |
8302 |
-index cf546a3..a9b550f 100644 |
8303 |
+index cf546a3..3cb0fca 100644 |
8304 |
--- a/net/socket.c |
8305 |
+++ b/net/socket.c |
8306 |
@@ -88,6 +88,7 @@ |
8307 |
@@ -95244,7 +94712,38 @@ index cf546a3..a9b550f 100644 |
8308 |
int err, err2; |
8309 |
int fput_needed; |
8310 |
|
8311 |
-@@ -1950,7 +2016,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
8312 |
+@@ -1876,6 +1942,16 @@ struct used_address { |
8313 |
+ unsigned int name_len; |
8314 |
+ }; |
8315 |
+ |
8316 |
++static int copy_msghdr_from_user(struct msghdr *kmsg, |
8317 |
++ struct msghdr __user *umsg) |
8318 |
++{ |
8319 |
++ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) |
8320 |
++ return -EFAULT; |
8321 |
++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) |
8322 |
++ return -EINVAL; |
8323 |
++ return 0; |
8324 |
++} |
8325 |
++ |
8326 |
+ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
8327 |
+ struct msghdr *msg_sys, unsigned flags, |
8328 |
+ struct used_address *used_address) |
8329 |
+@@ -1894,8 +1970,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
8330 |
+ if (MSG_CMSG_COMPAT & flags) { |
8331 |
+ if (get_compat_msghdr(msg_sys, msg_compat)) |
8332 |
+ return -EFAULT; |
8333 |
+- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
8334 |
+- return -EFAULT; |
8335 |
++ } else { |
8336 |
++ err = copy_msghdr_from_user(msg_sys, msg); |
8337 |
++ if (err) |
8338 |
++ return err; |
8339 |
++ } |
8340 |
+ |
8341 |
+ /* do not move before msg_sys is valid */ |
8342 |
+ err = -EMSGSIZE; |
8343 |
+@@ -1950,7 +2029,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
8344 |
* checking falls down on this. |
8345 |
*/ |
8346 |
if (copy_from_user(ctl_buf, |
8347 |
@@ -95253,7 +94752,7 @@ index cf546a3..a9b550f 100644 |
8348 |
ctl_len)) |
8349 |
goto out_freectl; |
8350 |
msg_sys->msg_control = ctl_buf; |
8351 |
-@@ -2101,7 +2167,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
8352 |
+@@ -2101,7 +2180,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
8353 |
int err, iov_size, total_len, len; |
8354 |
|
8355 |
/* kernel mode address */ |
8356 |
@@ -95262,7 +94761,21 @@ index cf546a3..a9b550f 100644 |
8357 |
|
8358 |
/* user mode address pointers */ |
8359 |
struct sockaddr __user *uaddr; |
8360 |
-@@ -2131,7 +2197,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
8361 |
+@@ -2110,8 +2189,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
8362 |
+ if (MSG_CMSG_COMPAT & flags) { |
8363 |
+ if (get_compat_msghdr(msg_sys, msg_compat)) |
8364 |
+ return -EFAULT; |
8365 |
+- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
8366 |
+- return -EFAULT; |
8367 |
++ } else { |
8368 |
++ err = copy_msghdr_from_user(msg_sys, msg); |
8369 |
++ if (err) |
8370 |
++ return err; |
8371 |
++ } |
8372 |
+ |
8373 |
+ err = -EMSGSIZE; |
8374 |
+ if (msg_sys->msg_iovlen > UIO_MAXIOV) |
8375 |
+@@ -2131,7 +2213,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
8376 |
* kernel msghdr to use the kernel address space) |
8377 |
*/ |
8378 |
|
8379 |
@@ -95271,7 +94784,7 @@ index cf546a3..a9b550f 100644 |
8380 |
uaddr_len = COMPAT_NAMELEN(msg); |
8381 |
if (MSG_CMSG_COMPAT & flags) { |
8382 |
err = verify_compat_iovec(msg_sys, iov, |
8383 |
-@@ -2772,7 +2838,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
8384 |
+@@ -2772,7 +2854,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
8385 |
} |
8386 |
|
8387 |
ifr = compat_alloc_user_space(buf_size); |
8388 |
@@ -95280,7 +94793,7 @@ index cf546a3..a9b550f 100644 |
8389 |
|
8390 |
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) |
8391 |
return -EFAULT; |
8392 |
-@@ -2796,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
8393 |
+@@ -2796,12 +2878,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
8394 |
offsetof(struct ethtool_rxnfc, fs.ring_cookie)); |
8395 |
|
8396 |
if (copy_in_user(rxnfc, compat_rxnfc, |
8397 |
@@ -95297,7 +94810,7 @@ index cf546a3..a9b550f 100644 |
8398 |
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, |
8399 |
sizeof(rxnfc->rule_cnt))) |
8400 |
return -EFAULT; |
8401 |
-@@ -2813,12 +2879,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
8402 |
+@@ -2813,12 +2895,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) |
8403 |
|
8404 |
if (convert_out) { |
8405 |
if (copy_in_user(compat_rxnfc, rxnfc, |
8406 |
@@ -95314,7 +94827,7 @@ index cf546a3..a9b550f 100644 |
8407 |
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, |
8408 |
sizeof(rxnfc->rule_cnt))) |
8409 |
return -EFAULT; |
8410 |
-@@ -2888,7 +2954,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
8411 |
+@@ -2888,7 +2970,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
8412 |
old_fs = get_fs(); |
8413 |
set_fs(KERNEL_DS); |
8414 |
err = dev_ioctl(net, cmd, |
8415 |
@@ -95323,7 +94836,7 @@ index cf546a3..a9b550f 100644 |
8416 |
set_fs(old_fs); |
8417 |
|
8418 |
return err; |
8419 |
-@@ -2997,7 +3063,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
8420 |
+@@ -2997,7 +3079,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
8421 |
|
8422 |
old_fs = get_fs(); |
8423 |
set_fs(KERNEL_DS); |
8424 |
@@ -95332,7 +94845,7 @@ index cf546a3..a9b550f 100644 |
8425 |
set_fs(old_fs); |
8426 |
|
8427 |
if (cmd == SIOCGIFMAP && !err) { |
8428 |
-@@ -3102,7 +3168,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
8429 |
+@@ -3102,7 +3184,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
8430 |
ret |= __get_user(rtdev, &(ur4->rt_dev)); |
8431 |
if (rtdev) { |
8432 |
ret |= copy_from_user(devname, compat_ptr(rtdev), 15); |
8433 |
@@ -95341,7 +94854,7 @@ index cf546a3..a9b550f 100644 |
8434 |
devname[15] = 0; |
8435 |
} else |
8436 |
r4.rt_dev = NULL; |
8437 |
-@@ -3342,8 +3408,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
8438 |
+@@ -3342,8 +3424,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
8439 |
int __user *uoptlen; |
8440 |
int err; |
8441 |
|
8442 |
@@ -95352,7 +94865,7 @@ index cf546a3..a9b550f 100644 |
8443 |
|
8444 |
set_fs(KERNEL_DS); |
8445 |
if (level == SOL_SOCKET) |
8446 |
-@@ -3363,7 +3429,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
8447 |
+@@ -3363,7 +3445,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
8448 |
char __user *uoptval; |
8449 |
int err; |
8450 |
|
8451 |
@@ -96032,10 +95545,10 @@ index e758139..d29ea47 100644 |
8452 |
return (mode << 6) | (mode << 3) | mode; |
8453 |
} |
8454 |
diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c |
8455 |
-index e728d4c..dffdddf 100644 |
8456 |
+index a224a38..c31d40a 100644 |
8457 |
--- a/net/tipc/eth_media.c |
8458 |
+++ b/net/tipc/eth_media.c |
8459 |
-@@ -57,7 +57,6 @@ struct eth_bearer { |
8460 |
+@@ -58,7 +58,6 @@ struct eth_bearer { |
8461 |
|
8462 |
static struct eth_bearer eth_bearers[MAX_ETH_BEARERS]; |
8463 |
static int eth_started; |
8464 |
@@ -96043,7 +95556,7 @@ index e728d4c..dffdddf 100644 |
8465 |
|
8466 |
/** |
8467 |
* send_msg - send a TIPC message out over an Ethernet interface |
8468 |
-@@ -264,6 +263,11 @@ static char *eth_addr2str(struct tipc_media_addr *a, char *str_buf, int str_size |
8469 |
+@@ -277,6 +276,11 @@ static char *eth_addr2str(struct tipc_media_addr *a, char *str_buf, int str_size |
8470 |
* with OS for notifications about device state changes. |
8471 |
*/ |
8472 |
|
8473 |
@@ -96055,7 +95568,7 @@ index e728d4c..dffdddf 100644 |
8474 |
int tipc_eth_media_start(void) |
8475 |
{ |
8476 |
struct tipc_media_addr bcast_addr; |
8477 |
-@@ -284,8 +288,6 @@ int tipc_eth_media_start(void) |
8478 |
+@@ -297,8 +301,6 @@ int tipc_eth_media_start(void) |
8479 |
if (res) |
8480 |
return res; |
8481 |
|
8482 |
|
8483 |
diff --git a/3.2.51/4425_grsec_remove_EI_PAX.patch b/3.2.52/4425_grsec_remove_EI_PAX.patch |
8484 |
similarity index 100% |
8485 |
rename from 3.2.51/4425_grsec_remove_EI_PAX.patch |
8486 |
rename to 3.2.52/4425_grsec_remove_EI_PAX.patch |
8487 |
|
8488 |
diff --git a/3.2.51/4427_force_XATTR_PAX_tmpfs.patch b/3.2.52/4427_force_XATTR_PAX_tmpfs.patch |
8489 |
similarity index 100% |
8490 |
rename from 3.2.51/4427_force_XATTR_PAX_tmpfs.patch |
8491 |
rename to 3.2.52/4427_force_XATTR_PAX_tmpfs.patch |
8492 |
|
8493 |
diff --git a/3.2.51/4430_grsec-remove-localversion-grsec.patch b/3.2.52/4430_grsec-remove-localversion-grsec.patch |
8494 |
similarity index 100% |
8495 |
rename from 3.2.51/4430_grsec-remove-localversion-grsec.patch |
8496 |
rename to 3.2.52/4430_grsec-remove-localversion-grsec.patch |
8497 |
|
8498 |
diff --git a/3.2.51/4435_grsec-mute-warnings.patch b/3.2.52/4435_grsec-mute-warnings.patch |
8499 |
similarity index 100% |
8500 |
rename from 3.2.51/4435_grsec-mute-warnings.patch |
8501 |
rename to 3.2.52/4435_grsec-mute-warnings.patch |
8502 |
|
8503 |
diff --git a/3.2.51/4440_grsec-remove-protected-paths.patch b/3.2.52/4440_grsec-remove-protected-paths.patch |
8504 |
similarity index 100% |
8505 |
rename from 3.2.51/4440_grsec-remove-protected-paths.patch |
8506 |
rename to 3.2.52/4440_grsec-remove-protected-paths.patch |
8507 |
|
8508 |
diff --git a/3.2.51/4450_grsec-kconfig-default-gids.patch b/3.2.52/4450_grsec-kconfig-default-gids.patch |
8509 |
similarity index 100% |
8510 |
rename from 3.2.51/4450_grsec-kconfig-default-gids.patch |
8511 |
rename to 3.2.52/4450_grsec-kconfig-default-gids.patch |
8512 |
|
8513 |
diff --git a/3.2.51/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.52/4465_selinux-avc_audit-log-curr_ip.patch |
8514 |
similarity index 100% |
8515 |
rename from 3.2.51/4465_selinux-avc_audit-log-curr_ip.patch |
8516 |
rename to 3.2.52/4465_selinux-avc_audit-log-curr_ip.patch |
8517 |
|
8518 |
diff --git a/3.2.51/4470_disable-compat_vdso.patch b/3.2.52/4470_disable-compat_vdso.patch |
8519 |
similarity index 100% |
8520 |
rename from 3.2.51/4470_disable-compat_vdso.patch |
8521 |
rename to 3.2.52/4470_disable-compat_vdso.patch |
8522 |
|
8523 |
diff --git a/3.2.51/4475_emutramp_default_on.patch b/3.2.52/4475_emutramp_default_on.patch |
8524 |
similarity index 100% |
8525 |
rename from 3.2.51/4475_emutramp_default_on.patch |
8526 |
rename to 3.2.52/4475_emutramp_default_on.patch |