1 |
commit: 255753c89d48f9d5e6428111ab1439c1ed6d1985 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jan 13 19:29:52 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 13 19:29:52 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=255753c8 |
7 |
|
8 |
proj/linux-patches: Linux patch 4.20.2 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1001_linux-4.20.2.patch | 3086 +++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 3090 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 543d775..0e0dc28 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -47,6 +47,10 @@ Patch: 1000_linux-4.20.1.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.20.1 |
23 |
|
24 |
+Patch: 1001_linux-4.20.2.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.20.2 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1001_linux-4.20.2.patch b/1001_linux-4.20.2.patch |
33 |
new file mode 100644 |
34 |
index 0000000..212bec9 |
35 |
--- /dev/null |
36 |
+++ b/1001_linux-4.20.2.patch |
37 |
@@ -0,0 +1,3086 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 84d2f8deea30..4ba3dd0bf35d 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 20 |
46 |
+-SUBLEVEL = 1 |
47 |
++SUBLEVEL = 2 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Shy Crocodile |
50 |
+ |
51 |
+diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c |
52 |
+index 6327fd79b0fb..fd59fef9931b 100644 |
53 |
+--- a/arch/powerpc/kernel/signal_32.c |
54 |
++++ b/arch/powerpc/kernel/signal_32.c |
55 |
+@@ -848,7 +848,23 @@ static long restore_tm_user_regs(struct pt_regs *regs, |
56 |
+ /* If TM bits are set to the reserved value, it's an invalid context */ |
57 |
+ if (MSR_TM_RESV(msr_hi)) |
58 |
+ return 1; |
59 |
+- /* Pull in the MSR TM bits from the user context */ |
60 |
++ |
61 |
++ /* |
62 |
++ * Disabling preemption, since it is unsafe to be preempted |
63 |
++ * with MSR[TS] set without recheckpointing. |
64 |
++ */ |
65 |
++ preempt_disable(); |
66 |
++ |
67 |
++ /* |
68 |
++ * CAUTION: |
69 |
++ * After regs->MSR[TS] being updated, make sure that get_user(), |
70 |
++ * put_user() or similar functions are *not* called. These |
71 |
++ * functions can generate page faults which will cause the process |
72 |
++ * to be de-scheduled with MSR[TS] set but without calling |
73 |
++ * tm_recheckpoint(). This can cause a bug. |
74 |
++ * |
75 |
++ * Pull in the MSR TM bits from the user context |
76 |
++ */ |
77 |
+ regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr_hi & MSR_TS_MASK); |
78 |
+ /* Now, recheckpoint. This loads up all of the checkpointed (older) |
79 |
+ * registers, including FP and V[S]Rs. After recheckpointing, the |
80 |
+@@ -873,6 +889,8 @@ static long restore_tm_user_regs(struct pt_regs *regs, |
81 |
+ } |
82 |
+ #endif |
83 |
+ |
84 |
++ preempt_enable(); |
85 |
++ |
86 |
+ return 0; |
87 |
+ } |
88 |
+ #endif |
89 |
+@@ -1140,11 +1158,11 @@ SYSCALL_DEFINE0(rt_sigreturn) |
90 |
+ { |
91 |
+ struct rt_sigframe __user *rt_sf; |
92 |
+ struct pt_regs *regs = current_pt_regs(); |
93 |
+- int tm_restore = 0; |
94 |
+ #ifdef CONFIG_PPC_TRANSACTIONAL_MEM |
95 |
+ struct ucontext __user *uc_transact; |
96 |
+ unsigned long msr_hi; |
97 |
+ unsigned long tmp; |
98 |
++ int tm_restore = 0; |
99 |
+ #endif |
100 |
+ /* Always make any pending restarted system calls return -EINTR */ |
101 |
+ current->restart_block.fn = do_no_restart_syscall; |
102 |
+@@ -1192,19 +1210,11 @@ SYSCALL_DEFINE0(rt_sigreturn) |
103 |
+ goto bad; |
104 |
+ } |
105 |
+ } |
106 |
+- if (!tm_restore) { |
107 |
+- /* |
108 |
+- * Unset regs->msr because ucontext MSR TS is not |
109 |
+- * set, and recheckpoint was not called. This avoid |
110 |
+- * hitting a TM Bad thing at RFID |
111 |
+- */ |
112 |
+- regs->msr &= ~MSR_TS_MASK; |
113 |
+- } |
114 |
+- /* Fall through, for non-TM restore */ |
115 |
+-#endif |
116 |
+ if (!tm_restore) |
117 |
+- if (do_setcontext(&rt_sf->uc, regs, 1)) |
118 |
+- goto bad; |
119 |
++ /* Fall through, for non-TM restore */ |
120 |
++#endif |
121 |
++ if (do_setcontext(&rt_sf->uc, regs, 1)) |
122 |
++ goto bad; |
123 |
+ |
124 |
+ /* |
125 |
+ * It's not clear whether or why it is desirable to save the |
126 |
+diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c |
127 |
+index daa28cb72272..bbd1c73243d7 100644 |
128 |
+--- a/arch/powerpc/kernel/signal_64.c |
129 |
++++ b/arch/powerpc/kernel/signal_64.c |
130 |
+@@ -467,20 +467,6 @@ static long restore_tm_sigcontexts(struct task_struct *tsk, |
131 |
+ if (MSR_TM_RESV(msr)) |
132 |
+ return -EINVAL; |
133 |
+ |
134 |
+- /* pull in MSR TS bits from user context */ |
135 |
+- regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr & MSR_TS_MASK); |
136 |
+- |
137 |
+- /* |
138 |
+- * Ensure that TM is enabled in regs->msr before we leave the signal |
139 |
+- * handler. It could be the case that (a) user disabled the TM bit |
140 |
+- * through the manipulation of the MSR bits in uc_mcontext or (b) the |
141 |
+- * TM bit was disabled because a sufficient number of context switches |
142 |
+- * happened whilst in the signal handler and load_tm overflowed, |
143 |
+- * disabling the TM bit. In either case we can end up with an illegal |
144 |
+- * TM state leading to a TM Bad Thing when we return to userspace. |
145 |
+- */ |
146 |
+- regs->msr |= MSR_TM; |
147 |
+- |
148 |
+ /* pull in MSR LE from user context */ |
149 |
+ regs->msr = (regs->msr & ~MSR_LE) | (msr & MSR_LE); |
150 |
+ |
151 |
+@@ -572,6 +558,34 @@ static long restore_tm_sigcontexts(struct task_struct *tsk, |
152 |
+ tm_enable(); |
153 |
+ /* Make sure the transaction is marked as failed */ |
154 |
+ tsk->thread.tm_texasr |= TEXASR_FS; |
155 |
++ |
156 |
++ /* |
157 |
++ * Disabling preemption, since it is unsafe to be preempted |
158 |
++ * with MSR[TS] set without recheckpointing. |
159 |
++ */ |
160 |
++ preempt_disable(); |
161 |
++ |
162 |
++ /* pull in MSR TS bits from user context */ |
163 |
++ regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr & MSR_TS_MASK); |
164 |
++ |
165 |
++ /* |
166 |
++ * Ensure that TM is enabled in regs->msr before we leave the signal |
167 |
++ * handler. It could be the case that (a) user disabled the TM bit |
168 |
++ * through the manipulation of the MSR bits in uc_mcontext or (b) the |
169 |
++ * TM bit was disabled because a sufficient number of context switches |
170 |
++ * happened whilst in the signal handler and load_tm overflowed, |
171 |
++ * disabling the TM bit. In either case we can end up with an illegal |
172 |
++ * TM state leading to a TM Bad Thing when we return to userspace. |
173 |
++ * |
174 |
++ * CAUTION: |
175 |
++ * After regs->MSR[TS] being updated, make sure that get_user(), |
176 |
++ * put_user() or similar functions are *not* called. These |
177 |
++ * functions can generate page faults which will cause the process |
178 |
++ * to be de-scheduled with MSR[TS] set but without calling |
179 |
++ * tm_recheckpoint(). This can cause a bug. |
180 |
++ */ |
181 |
++ regs->msr |= MSR_TM; |
182 |
++ |
183 |
+ /* This loads the checkpointed FP/VEC state, if used */ |
184 |
+ tm_recheckpoint(&tsk->thread); |
185 |
+ |
186 |
+@@ -585,6 +599,8 @@ static long restore_tm_sigcontexts(struct task_struct *tsk, |
187 |
+ regs->msr |= MSR_VEC; |
188 |
+ } |
189 |
+ |
190 |
++ preempt_enable(); |
191 |
++ |
192 |
+ return err; |
193 |
+ } |
194 |
+ #endif |
195 |
+@@ -740,23 +756,11 @@ SYSCALL_DEFINE0(rt_sigreturn) |
196 |
+ &uc_transact->uc_mcontext)) |
197 |
+ goto badframe; |
198 |
+ } |
199 |
+-#endif |
200 |
++ else |
201 |
+ /* Fall through, for non-TM restore */ |
202 |
+- if (!MSR_TM_ACTIVE(msr)) { |
203 |
+- /* |
204 |
+- * Unset MSR[TS] on the thread regs since MSR from user |
205 |
+- * context does not have MSR active, and recheckpoint was |
206 |
+- * not called since restore_tm_sigcontexts() was not called |
207 |
+- * also. |
208 |
+- * |
209 |
+- * If not unsetting it, the code can RFID to userspace with |
210 |
+- * MSR[TS] set, but without CPU in the proper state, |
211 |
+- * causing a TM bad thing. |
212 |
+- */ |
213 |
+- current->thread.regs->msr &= ~MSR_TS_MASK; |
214 |
+- if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext)) |
215 |
+- goto badframe; |
216 |
+- } |
217 |
++#endif |
218 |
++ if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext)) |
219 |
++ goto badframe; |
220 |
+ |
221 |
+ if (restore_altstack(&uc->uc_stack)) |
222 |
+ goto badframe; |
223 |
+diff --git a/arch/powerpc/platforms/4xx/ocm.c b/arch/powerpc/platforms/4xx/ocm.c |
224 |
+index f5bbd4563342..3632de52db0a 100644 |
225 |
+--- a/arch/powerpc/platforms/4xx/ocm.c |
226 |
++++ b/arch/powerpc/platforms/4xx/ocm.c |
227 |
+@@ -179,7 +179,7 @@ static void __init ocm_init_node(int count, struct device_node *node) |
228 |
+ /* ioremap the non-cached region */ |
229 |
+ if (ocm->nc.memtotal) { |
230 |
+ ocm->nc.virt = __ioremap(ocm->nc.phys, ocm->nc.memtotal, |
231 |
+- _PAGE_EXEC | PAGE_KERNEL_NCG); |
232 |
++ _PAGE_EXEC | pgprot_val(PAGE_KERNEL_NCG)); |
233 |
+ |
234 |
+ if (!ocm->nc.virt) { |
235 |
+ printk(KERN_ERR |
236 |
+@@ -194,7 +194,7 @@ static void __init ocm_init_node(int count, struct device_node *node) |
237 |
+ |
238 |
+ if (ocm->c.memtotal) { |
239 |
+ ocm->c.virt = __ioremap(ocm->c.phys, ocm->c.memtotal, |
240 |
+- _PAGE_EXEC | PAGE_KERNEL); |
241 |
++ _PAGE_EXEC | pgprot_val(PAGE_KERNEL)); |
242 |
+ |
243 |
+ if (!ocm->c.virt) { |
244 |
+ printk(KERN_ERR |
245 |
+diff --git a/block/blk-mq-sched.c b/block/blk-mq-sched.c |
246 |
+index 29bfe8017a2d..da1de190a3b1 100644 |
247 |
+--- a/block/blk-mq-sched.c |
248 |
++++ b/block/blk-mq-sched.c |
249 |
+@@ -54,13 +54,14 @@ void blk_mq_sched_assign_ioc(struct request *rq, struct bio *bio) |
250 |
+ * Mark a hardware queue as needing a restart. For shared queues, maintain |
251 |
+ * a count of how many hardware queues are marked for restart. |
252 |
+ */ |
253 |
+-static void blk_mq_sched_mark_restart_hctx(struct blk_mq_hw_ctx *hctx) |
254 |
++void blk_mq_sched_mark_restart_hctx(struct blk_mq_hw_ctx *hctx) |
255 |
+ { |
256 |
+ if (test_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state)) |
257 |
+ return; |
258 |
+ |
259 |
+ set_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state); |
260 |
+ } |
261 |
++EXPORT_SYMBOL_GPL(blk_mq_sched_mark_restart_hctx); |
262 |
+ |
263 |
+ void blk_mq_sched_restart(struct blk_mq_hw_ctx *hctx) |
264 |
+ { |
265 |
+diff --git a/block/blk-mq-sched.h b/block/blk-mq-sched.h |
266 |
+index 8a9544203173..38e06e23821f 100644 |
267 |
+--- a/block/blk-mq-sched.h |
268 |
++++ b/block/blk-mq-sched.h |
269 |
+@@ -15,6 +15,7 @@ bool blk_mq_sched_try_merge(struct request_queue *q, struct bio *bio, |
270 |
+ struct request **merged_request); |
271 |
+ bool __blk_mq_sched_bio_merge(struct request_queue *q, struct bio *bio); |
272 |
+ bool blk_mq_sched_try_insert_merge(struct request_queue *q, struct request *rq); |
273 |
++void blk_mq_sched_mark_restart_hctx(struct blk_mq_hw_ctx *hctx); |
274 |
+ void blk_mq_sched_restart(struct blk_mq_hw_ctx *hctx); |
275 |
+ |
276 |
+ void blk_mq_sched_insert_request(struct request *rq, bool at_head, |
277 |
+diff --git a/block/blk-stat.h b/block/blk-stat.h |
278 |
+index f4a1568e81a4..17b47a86eefb 100644 |
279 |
+--- a/block/blk-stat.h |
280 |
++++ b/block/blk-stat.h |
281 |
+@@ -145,6 +145,11 @@ static inline void blk_stat_activate_nsecs(struct blk_stat_callback *cb, |
282 |
+ mod_timer(&cb->timer, jiffies + nsecs_to_jiffies(nsecs)); |
283 |
+ } |
284 |
+ |
285 |
++static inline void blk_stat_deactivate(struct blk_stat_callback *cb) |
286 |
++{ |
287 |
++ del_timer_sync(&cb->timer); |
288 |
++} |
289 |
++ |
290 |
+ /** |
291 |
+ * blk_stat_activate_msecs() - Gather block statistics during a time window in |
292 |
+ * milliseconds. |
293 |
+diff --git a/block/blk-wbt.c b/block/blk-wbt.c |
294 |
+index 8ac93fcbaa2e..0c62bf4eca75 100644 |
295 |
+--- a/block/blk-wbt.c |
296 |
++++ b/block/blk-wbt.c |
297 |
+@@ -760,8 +760,10 @@ void wbt_disable_default(struct request_queue *q) |
298 |
+ if (!rqos) |
299 |
+ return; |
300 |
+ rwb = RQWB(rqos); |
301 |
+- if (rwb->enable_state == WBT_STATE_ON_DEFAULT) |
302 |
++ if (rwb->enable_state == WBT_STATE_ON_DEFAULT) { |
303 |
++ blk_stat_deactivate(rwb->cb); |
304 |
+ rwb->wb_normal = 0; |
305 |
++ } |
306 |
+ } |
307 |
+ EXPORT_SYMBOL_GPL(wbt_disable_default); |
308 |
+ |
309 |
+diff --git a/block/mq-deadline.c b/block/mq-deadline.c |
310 |
+index 099a9e05854c..d5e21ce44d2c 100644 |
311 |
+--- a/block/mq-deadline.c |
312 |
++++ b/block/mq-deadline.c |
313 |
+@@ -373,9 +373,16 @@ done: |
314 |
+ |
315 |
+ /* |
316 |
+ * One confusing aspect here is that we get called for a specific |
317 |
+- * hardware queue, but we return a request that may not be for a |
318 |
++ * hardware queue, but we may return a request that is for a |
319 |
+ * different hardware queue. This is because mq-deadline has shared |
320 |
+ * state for all hardware queues, in terms of sorting, FIFOs, etc. |
321 |
++ * |
322 |
++ * For a zoned block device, __dd_dispatch_request() may return NULL |
323 |
++ * if all the queued write requests are directed at zones that are already |
324 |
++ * locked due to on-going write requests. In this case, make sure to mark |
325 |
++ * the queue as needing a restart to ensure that the queue is run again |
326 |
++ * and the pending writes dispatched once the target zones for the ongoing |
327 |
++ * write requests are unlocked in dd_finish_request(). |
328 |
+ */ |
329 |
+ static struct request *dd_dispatch_request(struct blk_mq_hw_ctx *hctx) |
330 |
+ { |
331 |
+@@ -384,6 +391,9 @@ static struct request *dd_dispatch_request(struct blk_mq_hw_ctx *hctx) |
332 |
+ |
333 |
+ spin_lock(&dd->lock); |
334 |
+ rq = __dd_dispatch_request(dd); |
335 |
++ if (!rq && blk_queue_is_zoned(hctx->queue) && |
336 |
++ !list_empty(&dd->fifo_list[WRITE])) |
337 |
++ blk_mq_sched_mark_restart_hctx(hctx); |
338 |
+ spin_unlock(&dd->lock); |
339 |
+ |
340 |
+ return rq; |
341 |
+diff --git a/drivers/base/dd.c b/drivers/base/dd.c |
342 |
+index 169412ee4ae8..dbba123e058d 100644 |
343 |
+--- a/drivers/base/dd.c |
344 |
++++ b/drivers/base/dd.c |
345 |
+@@ -933,11 +933,11 @@ static void __device_release_driver(struct device *dev, struct device *parent) |
346 |
+ |
347 |
+ while (device_links_busy(dev)) { |
348 |
+ device_unlock(dev); |
349 |
+- if (parent) |
350 |
++ if (parent && dev->bus->need_parent_lock) |
351 |
+ device_unlock(parent); |
352 |
+ |
353 |
+ device_links_unbind_consumers(dev); |
354 |
+- if (parent) |
355 |
++ if (parent && dev->bus->need_parent_lock) |
356 |
+ device_lock(parent); |
357 |
+ |
358 |
+ device_lock(dev); |
359 |
+diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c |
360 |
+index 4879595200e1..8e6a0db6555f 100644 |
361 |
+--- a/drivers/block/zram/zram_drv.c |
362 |
++++ b/drivers/block/zram/zram_drv.c |
363 |
+@@ -382,8 +382,10 @@ static ssize_t backing_dev_store(struct device *dev, |
364 |
+ |
365 |
+ bdev = bdgrab(I_BDEV(inode)); |
366 |
+ err = blkdev_get(bdev, FMODE_READ | FMODE_WRITE | FMODE_EXCL, zram); |
367 |
+- if (err < 0) |
368 |
++ if (err < 0) { |
369 |
++ bdev = NULL; |
370 |
+ goto out; |
371 |
++ } |
372 |
+ |
373 |
+ nr_pages = i_size_read(inode) >> PAGE_SHIFT; |
374 |
+ bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long); |
375 |
+diff --git a/drivers/dax/pmem.c b/drivers/dax/pmem.c |
376 |
+index 99e2aace8078..2c1f459c0c63 100644 |
377 |
+--- a/drivers/dax/pmem.c |
378 |
++++ b/drivers/dax/pmem.c |
379 |
+@@ -48,9 +48,8 @@ static void dax_pmem_percpu_exit(void *data) |
380 |
+ percpu_ref_exit(ref); |
381 |
+ } |
382 |
+ |
383 |
+-static void dax_pmem_percpu_kill(void *data) |
384 |
++static void dax_pmem_percpu_kill(struct percpu_ref *ref) |
385 |
+ { |
386 |
+- struct percpu_ref *ref = data; |
387 |
+ struct dax_pmem *dax_pmem = to_dax_pmem(ref); |
388 |
+ |
389 |
+ dev_dbg(dax_pmem->dev, "trace\n"); |
390 |
+@@ -112,17 +111,10 @@ static int dax_pmem_probe(struct device *dev) |
391 |
+ } |
392 |
+ |
393 |
+ dax_pmem->pgmap.ref = &dax_pmem->ref; |
394 |
++ dax_pmem->pgmap.kill = dax_pmem_percpu_kill; |
395 |
+ addr = devm_memremap_pages(dev, &dax_pmem->pgmap); |
396 |
+- if (IS_ERR(addr)) { |
397 |
+- devm_remove_action(dev, dax_pmem_percpu_exit, &dax_pmem->ref); |
398 |
+- percpu_ref_exit(&dax_pmem->ref); |
399 |
++ if (IS_ERR(addr)) |
400 |
+ return PTR_ERR(addr); |
401 |
+- } |
402 |
+- |
403 |
+- rc = devm_add_action_or_reset(dev, dax_pmem_percpu_kill, |
404 |
+- &dax_pmem->ref); |
405 |
+- if (rc) |
406 |
+- return rc; |
407 |
+ |
408 |
+ /* adjust the dax_region resource to the start of data */ |
409 |
+ memcpy(&res, &dax_pmem->pgmap.res, sizeof(res)); |
410 |
+diff --git a/drivers/gpu/drm/nouveau/dispnv50/disp.c b/drivers/gpu/drm/nouveau/dispnv50/disp.c |
411 |
+index db1bf7f88c1f..e0e6d66de745 100644 |
412 |
+--- a/drivers/gpu/drm/nouveau/dispnv50/disp.c |
413 |
++++ b/drivers/gpu/drm/nouveau/dispnv50/disp.c |
414 |
+@@ -1262,8 +1262,16 @@ nv50_mstm_fini(struct nv50_mstm *mstm) |
415 |
+ static void |
416 |
+ nv50_mstm_init(struct nv50_mstm *mstm) |
417 |
+ { |
418 |
+- if (mstm && mstm->mgr.mst_state) |
419 |
+- drm_dp_mst_topology_mgr_resume(&mstm->mgr); |
420 |
++ int ret; |
421 |
++ |
422 |
++ if (!mstm || !mstm->mgr.mst_state) |
423 |
++ return; |
424 |
++ |
425 |
++ ret = drm_dp_mst_topology_mgr_resume(&mstm->mgr); |
426 |
++ if (ret == -1) { |
427 |
++ drm_dp_mst_topology_mgr_set_mst(&mstm->mgr, false); |
428 |
++ drm_kms_helper_hotplug_event(mstm->mgr.dev); |
429 |
++ } |
430 |
+ } |
431 |
+ |
432 |
+ static void |
433 |
+diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_psr.c b/drivers/gpu/drm/rockchip/rockchip_drm_psr.c |
434 |
+index 79d00d861a31..01ff3c858875 100644 |
435 |
+--- a/drivers/gpu/drm/rockchip/rockchip_drm_psr.c |
436 |
++++ b/drivers/gpu/drm/rockchip/rockchip_drm_psr.c |
437 |
+@@ -189,12 +189,14 @@ EXPORT_SYMBOL(rockchip_drm_psr_flush_all); |
438 |
+ int rockchip_drm_psr_register(struct drm_encoder *encoder, |
439 |
+ int (*psr_set)(struct drm_encoder *, bool enable)) |
440 |
+ { |
441 |
+- struct rockchip_drm_private *drm_drv = encoder->dev->dev_private; |
442 |
++ struct rockchip_drm_private *drm_drv; |
443 |
+ struct psr_drv *psr; |
444 |
+ |
445 |
+ if (!encoder || !psr_set) |
446 |
+ return -EINVAL; |
447 |
+ |
448 |
++ drm_drv = encoder->dev->dev_private; |
449 |
++ |
450 |
+ psr = kzalloc(sizeof(struct psr_drv), GFP_KERNEL); |
451 |
+ if (!psr) |
452 |
+ return -ENOMEM; |
453 |
+diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c |
454 |
+index c6635f23918a..ae6254b0b1ae 100644 |
455 |
+--- a/drivers/gpu/drm/vc4/vc4_plane.c |
456 |
++++ b/drivers/gpu/drm/vc4/vc4_plane.c |
457 |
+@@ -321,6 +321,7 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) |
458 |
+ if (vc4_state->is_unity) |
459 |
+ vc4_state->x_scaling[0] = VC4_SCALING_PPF; |
460 |
+ } else { |
461 |
++ vc4_state->is_yuv = false; |
462 |
+ vc4_state->x_scaling[1] = VC4_SCALING_NONE; |
463 |
+ vc4_state->y_scaling[1] = VC4_SCALING_NONE; |
464 |
+ } |
465 |
+diff --git a/drivers/hwtracing/intel_th/msu.c b/drivers/hwtracing/intel_th/msu.c |
466 |
+index d293e55553bd..ba7aaf421f36 100644 |
467 |
+--- a/drivers/hwtracing/intel_th/msu.c |
468 |
++++ b/drivers/hwtracing/intel_th/msu.c |
469 |
+@@ -1423,7 +1423,8 @@ nr_pages_store(struct device *dev, struct device_attribute *attr, |
470 |
+ if (!end) |
471 |
+ break; |
472 |
+ |
473 |
+- len -= end - p; |
474 |
++ /* consume the number and the following comma, hence +1 */ |
475 |
++ len -= end - p + 1; |
476 |
+ p = end + 1; |
477 |
+ } while (len); |
478 |
+ |
479 |
+diff --git a/drivers/hwtracing/stm/policy.c b/drivers/hwtracing/stm/policy.c |
480 |
+index 0910ec807187..4b9e44b227d8 100644 |
481 |
+--- a/drivers/hwtracing/stm/policy.c |
482 |
++++ b/drivers/hwtracing/stm/policy.c |
483 |
+@@ -440,10 +440,8 @@ stp_policy_make(struct config_group *group, const char *name) |
484 |
+ |
485 |
+ stm->policy = kzalloc(sizeof(*stm->policy), GFP_KERNEL); |
486 |
+ if (!stm->policy) { |
487 |
+- mutex_unlock(&stm->policy_mutex); |
488 |
+- stm_put_protocol(pdrv); |
489 |
+- stm_put_device(stm); |
490 |
+- return ERR_PTR(-ENOMEM); |
491 |
++ ret = ERR_PTR(-ENOMEM); |
492 |
++ goto unlock_policy; |
493 |
+ } |
494 |
+ |
495 |
+ config_group_init_type_name(&stm->policy->group, name, |
496 |
+@@ -458,7 +456,11 @@ unlock_policy: |
497 |
+ mutex_unlock(&stm->policy_mutex); |
498 |
+ |
499 |
+ if (IS_ERR(ret)) { |
500 |
+- stm_put_protocol(stm->pdrv); |
501 |
++ /* |
502 |
++ * pdrv and stm->pdrv at this point can be quite different, |
503 |
++ * and only one of them needs to be 'put' |
504 |
++ */ |
505 |
++ stm_put_protocol(pdrv); |
506 |
+ stm_put_device(stm); |
507 |
+ } |
508 |
+ |
509 |
+diff --git a/drivers/iio/adc/qcom-spmi-adc5.c b/drivers/iio/adc/qcom-spmi-adc5.c |
510 |
+index f9af6b082916..6a866cc187f7 100644 |
511 |
+--- a/drivers/iio/adc/qcom-spmi-adc5.c |
512 |
++++ b/drivers/iio/adc/qcom-spmi-adc5.c |
513 |
+@@ -423,6 +423,7 @@ struct adc5_channels { |
514 |
+ enum vadc_scale_fn_type scale_fn_type; |
515 |
+ }; |
516 |
+ |
517 |
++/* In these definitions, _pre refers to an index into adc5_prescale_ratios. */ |
518 |
+ #define ADC5_CHAN(_dname, _type, _mask, _pre, _scale) \ |
519 |
+ { \ |
520 |
+ .datasheet_name = _dname, \ |
521 |
+@@ -443,63 +444,63 @@ struct adc5_channels { |
522 |
+ _pre, _scale) \ |
523 |
+ |
524 |
+ static const struct adc5_channels adc5_chans_pmic[ADC5_MAX_CHANNEL] = { |
525 |
+- [ADC5_REF_GND] = ADC5_CHAN_VOLT("ref_gnd", 1, |
526 |
++ [ADC5_REF_GND] = ADC5_CHAN_VOLT("ref_gnd", 0, |
527 |
+ SCALE_HW_CALIB_DEFAULT) |
528 |
+- [ADC5_1P25VREF] = ADC5_CHAN_VOLT("vref_1p25", 1, |
529 |
++ [ADC5_1P25VREF] = ADC5_CHAN_VOLT("vref_1p25", 0, |
530 |
+ SCALE_HW_CALIB_DEFAULT) |
531 |
+- [ADC5_VPH_PWR] = ADC5_CHAN_VOLT("vph_pwr", 3, |
532 |
++ [ADC5_VPH_PWR] = ADC5_CHAN_VOLT("vph_pwr", 1, |
533 |
+ SCALE_HW_CALIB_DEFAULT) |
534 |
+- [ADC5_VBAT_SNS] = ADC5_CHAN_VOLT("vbat_sns", 3, |
535 |
++ [ADC5_VBAT_SNS] = ADC5_CHAN_VOLT("vbat_sns", 1, |
536 |
+ SCALE_HW_CALIB_DEFAULT) |
537 |
+- [ADC5_DIE_TEMP] = ADC5_CHAN_TEMP("die_temp", 1, |
538 |
++ [ADC5_DIE_TEMP] = ADC5_CHAN_TEMP("die_temp", 0, |
539 |
+ SCALE_HW_CALIB_PMIC_THERM) |
540 |
+- [ADC5_USB_IN_I] = ADC5_CHAN_VOLT("usb_in_i_uv", 1, |
541 |
++ [ADC5_USB_IN_I] = ADC5_CHAN_VOLT("usb_in_i_uv", 0, |
542 |
+ SCALE_HW_CALIB_DEFAULT) |
543 |
+- [ADC5_USB_IN_V_16] = ADC5_CHAN_VOLT("usb_in_v_div_16", 16, |
544 |
++ [ADC5_USB_IN_V_16] = ADC5_CHAN_VOLT("usb_in_v_div_16", 8, |
545 |
+ SCALE_HW_CALIB_DEFAULT) |
546 |
+- [ADC5_CHG_TEMP] = ADC5_CHAN_TEMP("chg_temp", 1, |
547 |
++ [ADC5_CHG_TEMP] = ADC5_CHAN_TEMP("chg_temp", 0, |
548 |
+ SCALE_HW_CALIB_PM5_CHG_TEMP) |
549 |
+ /* Charger prescales SBUx and MID_CHG to fit within 1.8V upper unit */ |
550 |
+- [ADC5_SBUx] = ADC5_CHAN_VOLT("chg_sbux", 3, |
551 |
++ [ADC5_SBUx] = ADC5_CHAN_VOLT("chg_sbux", 1, |
552 |
+ SCALE_HW_CALIB_DEFAULT) |
553 |
+- [ADC5_MID_CHG_DIV6] = ADC5_CHAN_VOLT("chg_mid_chg", 6, |
554 |
++ [ADC5_MID_CHG_DIV6] = ADC5_CHAN_VOLT("chg_mid_chg", 3, |
555 |
+ SCALE_HW_CALIB_DEFAULT) |
556 |
+- [ADC5_XO_THERM_100K_PU] = ADC5_CHAN_TEMP("xo_therm", 1, |
557 |
++ [ADC5_XO_THERM_100K_PU] = ADC5_CHAN_TEMP("xo_therm", 0, |
558 |
+ SCALE_HW_CALIB_XOTHERM) |
559 |
+- [ADC5_AMUX_THM1_100K_PU] = ADC5_CHAN_TEMP("amux_thm1_100k_pu", 1, |
560 |
++ [ADC5_AMUX_THM1_100K_PU] = ADC5_CHAN_TEMP("amux_thm1_100k_pu", 0, |
561 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
562 |
+- [ADC5_AMUX_THM2_100K_PU] = ADC5_CHAN_TEMP("amux_thm2_100k_pu", 1, |
563 |
++ [ADC5_AMUX_THM2_100K_PU] = ADC5_CHAN_TEMP("amux_thm2_100k_pu", 0, |
564 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
565 |
+- [ADC5_AMUX_THM3_100K_PU] = ADC5_CHAN_TEMP("amux_thm3_100k_pu", 1, |
566 |
++ [ADC5_AMUX_THM3_100K_PU] = ADC5_CHAN_TEMP("amux_thm3_100k_pu", 0, |
567 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
568 |
+- [ADC5_AMUX_THM2] = ADC5_CHAN_TEMP("amux_thm2", 1, |
569 |
++ [ADC5_AMUX_THM2] = ADC5_CHAN_TEMP("amux_thm2", 0, |
570 |
+ SCALE_HW_CALIB_PM5_SMB_TEMP) |
571 |
+ }; |
572 |
+ |
573 |
+ static const struct adc5_channels adc5_chans_rev2[ADC5_MAX_CHANNEL] = { |
574 |
+- [ADC5_REF_GND] = ADC5_CHAN_VOLT("ref_gnd", 1, |
575 |
++ [ADC5_REF_GND] = ADC5_CHAN_VOLT("ref_gnd", 0, |
576 |
+ SCALE_HW_CALIB_DEFAULT) |
577 |
+- [ADC5_1P25VREF] = ADC5_CHAN_VOLT("vref_1p25", 1, |
578 |
++ [ADC5_1P25VREF] = ADC5_CHAN_VOLT("vref_1p25", 0, |
579 |
+ SCALE_HW_CALIB_DEFAULT) |
580 |
+- [ADC5_VPH_PWR] = ADC5_CHAN_VOLT("vph_pwr", 3, |
581 |
++ [ADC5_VPH_PWR] = ADC5_CHAN_VOLT("vph_pwr", 1, |
582 |
+ SCALE_HW_CALIB_DEFAULT) |
583 |
+- [ADC5_VBAT_SNS] = ADC5_CHAN_VOLT("vbat_sns", 3, |
584 |
++ [ADC5_VBAT_SNS] = ADC5_CHAN_VOLT("vbat_sns", 1, |
585 |
+ SCALE_HW_CALIB_DEFAULT) |
586 |
+- [ADC5_VCOIN] = ADC5_CHAN_VOLT("vcoin", 3, |
587 |
++ [ADC5_VCOIN] = ADC5_CHAN_VOLT("vcoin", 1, |
588 |
+ SCALE_HW_CALIB_DEFAULT) |
589 |
+- [ADC5_DIE_TEMP] = ADC5_CHAN_TEMP("die_temp", 1, |
590 |
++ [ADC5_DIE_TEMP] = ADC5_CHAN_TEMP("die_temp", 0, |
591 |
+ SCALE_HW_CALIB_PMIC_THERM) |
592 |
+- [ADC5_AMUX_THM1_100K_PU] = ADC5_CHAN_TEMP("amux_thm1_100k_pu", 1, |
593 |
++ [ADC5_AMUX_THM1_100K_PU] = ADC5_CHAN_TEMP("amux_thm1_100k_pu", 0, |
594 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
595 |
+- [ADC5_AMUX_THM2_100K_PU] = ADC5_CHAN_TEMP("amux_thm2_100k_pu", 1, |
596 |
++ [ADC5_AMUX_THM2_100K_PU] = ADC5_CHAN_TEMP("amux_thm2_100k_pu", 0, |
597 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
598 |
+- [ADC5_AMUX_THM3_100K_PU] = ADC5_CHAN_TEMP("amux_thm3_100k_pu", 1, |
599 |
++ [ADC5_AMUX_THM3_100K_PU] = ADC5_CHAN_TEMP("amux_thm3_100k_pu", 0, |
600 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
601 |
+- [ADC5_AMUX_THM4_100K_PU] = ADC5_CHAN_TEMP("amux_thm4_100k_pu", 1, |
602 |
++ [ADC5_AMUX_THM4_100K_PU] = ADC5_CHAN_TEMP("amux_thm4_100k_pu", 0, |
603 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
604 |
+- [ADC5_AMUX_THM5_100K_PU] = ADC5_CHAN_TEMP("amux_thm5_100k_pu", 1, |
605 |
++ [ADC5_AMUX_THM5_100K_PU] = ADC5_CHAN_TEMP("amux_thm5_100k_pu", 0, |
606 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
607 |
+- [ADC5_XO_THERM_100K_PU] = ADC5_CHAN_TEMP("xo_therm_100k_pu", 1, |
608 |
++ [ADC5_XO_THERM_100K_PU] = ADC5_CHAN_TEMP("xo_therm_100k_pu", 0, |
609 |
+ SCALE_HW_CALIB_THERM_100K_PULLUP) |
610 |
+ }; |
611 |
+ |
612 |
+@@ -558,6 +559,9 @@ static int adc5_get_dt_channel_data(struct adc5_chip *adc, |
613 |
+ return ret; |
614 |
+ } |
615 |
+ prop->prescale = ret; |
616 |
++ } else { |
617 |
++ prop->prescale = |
618 |
++ adc->data->adc_chans[prop->channel].prescale_index; |
619 |
+ } |
620 |
+ |
621 |
+ ret = of_property_read_u32(node, "qcom,hw-settle-time", &value); |
622 |
+diff --git a/drivers/iio/dac/ad5686.c b/drivers/iio/dac/ad5686.c |
623 |
+index 0e134b13967a..eae740fceed9 100644 |
624 |
+--- a/drivers/iio/dac/ad5686.c |
625 |
++++ b/drivers/iio/dac/ad5686.c |
626 |
+@@ -124,7 +124,8 @@ static int ad5686_read_raw(struct iio_dev *indio_dev, |
627 |
+ mutex_unlock(&indio_dev->mlock); |
628 |
+ if (ret < 0) |
629 |
+ return ret; |
630 |
+- *val = ret; |
631 |
++ *val = (ret >> chan->scan_type.shift) & |
632 |
++ GENMASK(chan->scan_type.realbits - 1, 0); |
633 |
+ return IIO_VAL_INT; |
634 |
+ case IIO_CHAN_INFO_SCALE: |
635 |
+ *val = st->vref_mv; |
636 |
+diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c |
637 |
+index ba668d49c751..476abc74178e 100644 |
638 |
+--- a/drivers/infiniband/core/iwcm.c |
639 |
++++ b/drivers/infiniband/core/iwcm.c |
640 |
+@@ -502,17 +502,21 @@ static void iw_cm_check_wildcard(struct sockaddr_storage *pm_addr, |
641 |
+ */ |
642 |
+ static int iw_cm_map(struct iw_cm_id *cm_id, bool active) |
643 |
+ { |
644 |
++ const char *devname = dev_name(&cm_id->device->dev); |
645 |
++ const char *ifname = cm_id->device->iwcm->ifname; |
646 |
+ struct iwpm_dev_data pm_reg_msg; |
647 |
+ struct iwpm_sa_data pm_msg; |
648 |
+ int status; |
649 |
+ |
650 |
++ if (strlen(devname) >= sizeof(pm_reg_msg.dev_name) || |
651 |
++ strlen(ifname) >= sizeof(pm_reg_msg.if_name)) |
652 |
++ return -EINVAL; |
653 |
++ |
654 |
+ cm_id->m_local_addr = cm_id->local_addr; |
655 |
+ cm_id->m_remote_addr = cm_id->remote_addr; |
656 |
+ |
657 |
+- memcpy(pm_reg_msg.dev_name, dev_name(&cm_id->device->dev), |
658 |
+- sizeof(pm_reg_msg.dev_name)); |
659 |
+- memcpy(pm_reg_msg.if_name, cm_id->device->iwcm->ifname, |
660 |
+- sizeof(pm_reg_msg.if_name)); |
661 |
++ strncpy(pm_reg_msg.dev_name, devname, sizeof(pm_reg_msg.dev_name)); |
662 |
++ strncpy(pm_reg_msg.if_name, ifname, sizeof(pm_reg_msg.if_name)); |
663 |
+ |
664 |
+ if (iwpm_register_pid(&pm_reg_msg, RDMA_NL_IWCM) || |
665 |
+ !iwpm_valid_pid()) |
666 |
+diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c |
667 |
+index c962160292f4..f0438bc6df88 100644 |
668 |
+--- a/drivers/infiniband/sw/rxe/rxe_resp.c |
669 |
++++ b/drivers/infiniband/sw/rxe/rxe_resp.c |
670 |
+@@ -844,11 +844,16 @@ static enum resp_states do_complete(struct rxe_qp *qp, |
671 |
+ |
672 |
+ memset(&cqe, 0, sizeof(cqe)); |
673 |
+ |
674 |
+- wc->wr_id = wqe->wr_id; |
675 |
+- wc->status = qp->resp.status; |
676 |
+- wc->qp = &qp->ibqp; |
677 |
++ if (qp->rcq->is_user) { |
678 |
++ uwc->status = qp->resp.status; |
679 |
++ uwc->qp_num = qp->ibqp.qp_num; |
680 |
++ uwc->wr_id = wqe->wr_id; |
681 |
++ } else { |
682 |
++ wc->status = qp->resp.status; |
683 |
++ wc->qp = &qp->ibqp; |
684 |
++ wc->wr_id = wqe->wr_id; |
685 |
++ } |
686 |
+ |
687 |
+- /* fields after status are not required for errors */ |
688 |
+ if (wc->status == IB_WC_SUCCESS) { |
689 |
+ wc->opcode = (pkt->mask & RXE_IMMDT_MASK && |
690 |
+ pkt->mask & RXE_WRITE_MASK) ? |
691 |
+diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c |
692 |
+index 2357aa727dcf..96c767324575 100644 |
693 |
+--- a/drivers/infiniband/ulp/srpt/ib_srpt.c |
694 |
++++ b/drivers/infiniband/ulp/srpt/ib_srpt.c |
695 |
+@@ -2010,6 +2010,14 @@ static void srpt_free_ch(struct kref *kref) |
696 |
+ kfree_rcu(ch, rcu); |
697 |
+ } |
698 |
+ |
699 |
++/* |
700 |
++ * Shut down the SCSI target session, tell the connection manager to |
701 |
++ * disconnect the associated RDMA channel, transition the QP to the error |
702 |
++ * state and remove the channel from the channel list. This function is |
703 |
++ * typically called from inside srpt_zerolength_write_done(). Concurrent |
704 |
++ * srpt_zerolength_write() calls from inside srpt_close_ch() are possible |
705 |
++ * as long as the channel is on sport->nexus_list. |
706 |
++ */ |
707 |
+ static void srpt_release_channel_work(struct work_struct *w) |
708 |
+ { |
709 |
+ struct srpt_rdma_ch *ch; |
710 |
+@@ -2037,6 +2045,11 @@ static void srpt_release_channel_work(struct work_struct *w) |
711 |
+ else |
712 |
+ ib_destroy_cm_id(ch->ib_cm.cm_id); |
713 |
+ |
714 |
++ sport = ch->sport; |
715 |
++ mutex_lock(&sport->mutex); |
716 |
++ list_del_rcu(&ch->list); |
717 |
++ mutex_unlock(&sport->mutex); |
718 |
++ |
719 |
+ srpt_destroy_ch_ib(ch); |
720 |
+ |
721 |
+ srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring, |
722 |
+@@ -2047,11 +2060,6 @@ static void srpt_release_channel_work(struct work_struct *w) |
723 |
+ sdev, ch->rq_size, |
724 |
+ srp_max_req_size, DMA_FROM_DEVICE); |
725 |
+ |
726 |
+- sport = ch->sport; |
727 |
+- mutex_lock(&sport->mutex); |
728 |
+- list_del_rcu(&ch->list); |
729 |
+- mutex_unlock(&sport->mutex); |
730 |
+- |
731 |
+ wake_up(&sport->ch_releaseQ); |
732 |
+ |
733 |
+ kref_put(&ch->kref, srpt_free_ch); |
734 |
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c |
735 |
+index 41a4b8808802..f3afab82f3ee 100644 |
736 |
+--- a/drivers/iommu/intel-iommu.c |
737 |
++++ b/drivers/iommu/intel-iommu.c |
738 |
+@@ -2044,7 +2044,7 @@ static int domain_context_mapping_one(struct dmar_domain *domain, |
739 |
+ * than default. Unnecessary for PT mode. |
740 |
+ */ |
741 |
+ if (translation != CONTEXT_TT_PASS_THROUGH) { |
742 |
+- for (agaw = domain->agaw; agaw != iommu->agaw; agaw--) { |
743 |
++ for (agaw = domain->agaw; agaw > iommu->agaw; agaw--) { |
744 |
+ ret = -ENOMEM; |
745 |
+ pgd = phys_to_virt(dma_pte_addr(pgd)); |
746 |
+ if (!dma_pte_present(pgd)) |
747 |
+@@ -2058,7 +2058,7 @@ static int domain_context_mapping_one(struct dmar_domain *domain, |
748 |
+ translation = CONTEXT_TT_MULTI_LEVEL; |
749 |
+ |
750 |
+ context_set_address_root(context, virt_to_phys(pgd)); |
751 |
+- context_set_address_width(context, iommu->agaw); |
752 |
++ context_set_address_width(context, agaw); |
753 |
+ } else { |
754 |
+ /* |
755 |
+ * In pass through mode, AW must be programmed to |
756 |
+diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c |
757 |
+index 9038c302d5c2..44f180e47622 100644 |
758 |
+--- a/drivers/md/dm-table.c |
759 |
++++ b/drivers/md/dm-table.c |
760 |
+@@ -1927,6 +1927,9 @@ void dm_table_set_restrictions(struct dm_table *t, struct request_queue *q, |
761 |
+ */ |
762 |
+ if (blk_queue_is_zoned(q)) |
763 |
+ blk_revalidate_disk_zones(t->md->disk); |
764 |
++ |
765 |
++ /* Allow reads to exceed readahead limits */ |
766 |
++ q->backing_dev_info->io_pages = limits->max_sectors >> (PAGE_SHIFT - 9); |
767 |
+ } |
768 |
+ |
769 |
+ unsigned int dm_table_get_num_targets(struct dm_table *t) |
770 |
+diff --git a/drivers/media/pci/cx23885/cx23885-core.c b/drivers/media/pci/cx23885/cx23885-core.c |
771 |
+index 39804d830305..fd5c52b21436 100644 |
772 |
+--- a/drivers/media/pci/cx23885/cx23885-core.c |
773 |
++++ b/drivers/media/pci/cx23885/cx23885-core.c |
774 |
+@@ -23,6 +23,7 @@ |
775 |
+ #include <linux/moduleparam.h> |
776 |
+ #include <linux/kmod.h> |
777 |
+ #include <linux/kernel.h> |
778 |
++#include <linux/pci.h> |
779 |
+ #include <linux/slab.h> |
780 |
+ #include <linux/interrupt.h> |
781 |
+ #include <linux/delay.h> |
782 |
+@@ -41,6 +42,18 @@ MODULE_AUTHOR("Steven Toth <stoth@×××××××.org>"); |
783 |
+ MODULE_LICENSE("GPL"); |
784 |
+ MODULE_VERSION(CX23885_VERSION); |
785 |
+ |
786 |
++/* |
787 |
++ * Some platforms have been found to require periodic resetting of the DMA |
788 |
++ * engine. Ryzen and XEON platforms are known to be affected. The symptom |
789 |
++ * encountered is "mpeg risc op code error". Only Ryzen platforms employ |
790 |
++ * this workaround if the option equals 1. The workaround can be explicitly |
791 |
++ * disabled for all platforms by setting to 0, the workaround can be forced |
792 |
++ * on for any platform by setting to 2. |
793 |
++ */ |
794 |
++static unsigned int dma_reset_workaround = 1; |
795 |
++module_param(dma_reset_workaround, int, 0644); |
796 |
++MODULE_PARM_DESC(dma_reset_workaround, "periodic RiSC dma engine reset; 0-force disable, 1-driver detect (default), 2-force enable"); |
797 |
++ |
798 |
+ static unsigned int debug; |
799 |
+ module_param(debug, int, 0644); |
800 |
+ MODULE_PARM_DESC(debug, "enable debug messages"); |
801 |
+@@ -603,8 +616,13 @@ static void cx23885_risc_disasm(struct cx23885_tsport *port, |
802 |
+ |
803 |
+ static void cx23885_clear_bridge_error(struct cx23885_dev *dev) |
804 |
+ { |
805 |
+- uint32_t reg1_val = cx_read(TC_REQ); /* read-only */ |
806 |
+- uint32_t reg2_val = cx_read(TC_REQ_SET); |
807 |
++ uint32_t reg1_val, reg2_val; |
808 |
++ |
809 |
++ if (!dev->need_dma_reset) |
810 |
++ return; |
811 |
++ |
812 |
++ reg1_val = cx_read(TC_REQ); /* read-only */ |
813 |
++ reg2_val = cx_read(TC_REQ_SET); |
814 |
+ |
815 |
+ if (reg1_val && reg2_val) { |
816 |
+ cx_write(TC_REQ, reg1_val); |
817 |
+@@ -2058,6 +2076,37 @@ void cx23885_gpio_enable(struct cx23885_dev *dev, u32 mask, int asoutput) |
818 |
+ /* TODO: 23-19 */ |
819 |
+ } |
820 |
+ |
821 |
++static struct { |
822 |
++ int vendor, dev; |
823 |
++} const broken_dev_id[] = { |
824 |
++ /* According with |
825 |
++ * https://openbenchmarking.org/system/1703021-RI-AMDZEN08075/Ryzen%207%201800X/lspci, |
826 |
++ * 0x1451 is PCI ID for the IOMMU found on Ryzen |
827 |
++ */ |
828 |
++ { PCI_VENDOR_ID_AMD, 0x1451 }, |
829 |
++}; |
830 |
++ |
831 |
++static bool cx23885_does_need_dma_reset(void) |
832 |
++{ |
833 |
++ int i; |
834 |
++ struct pci_dev *pdev = NULL; |
835 |
++ |
836 |
++ if (dma_reset_workaround == 0) |
837 |
++ return false; |
838 |
++ else if (dma_reset_workaround == 2) |
839 |
++ return true; |
840 |
++ |
841 |
++ for (i = 0; i < ARRAY_SIZE(broken_dev_id); i++) { |
842 |
++ pdev = pci_get_device(broken_dev_id[i].vendor, |
843 |
++ broken_dev_id[i].dev, NULL); |
844 |
++ if (pdev) { |
845 |
++ pci_dev_put(pdev); |
846 |
++ return true; |
847 |
++ } |
848 |
++ } |
849 |
++ return false; |
850 |
++} |
851 |
++ |
852 |
+ static int cx23885_initdev(struct pci_dev *pci_dev, |
853 |
+ const struct pci_device_id *pci_id) |
854 |
+ { |
855 |
+@@ -2069,6 +2118,8 @@ static int cx23885_initdev(struct pci_dev *pci_dev, |
856 |
+ if (NULL == dev) |
857 |
+ return -ENOMEM; |
858 |
+ |
859 |
++ dev->need_dma_reset = cx23885_does_need_dma_reset(); |
860 |
++ |
861 |
+ err = v4l2_device_register(&pci_dev->dev, &dev->v4l2_dev); |
862 |
+ if (err < 0) |
863 |
+ goto fail_free; |
864 |
+diff --git a/drivers/media/pci/cx23885/cx23885.h b/drivers/media/pci/cx23885/cx23885.h |
865 |
+index d54c7ee1ab21..cf965efabe66 100644 |
866 |
+--- a/drivers/media/pci/cx23885/cx23885.h |
867 |
++++ b/drivers/media/pci/cx23885/cx23885.h |
868 |
+@@ -451,6 +451,8 @@ struct cx23885_dev { |
869 |
+ /* Analog raw audio */ |
870 |
+ struct cx23885_audio_dev *audio_dev; |
871 |
+ |
872 |
++ /* Does the system require periodic DMA resets? */ |
873 |
++ unsigned int need_dma_reset:1; |
874 |
+ }; |
875 |
+ |
876 |
+ static inline struct cx23885_dev *to_cx23885(struct v4l2_device *v4l2_dev) |
877 |
+diff --git a/drivers/misc/genwqe/card_utils.c b/drivers/misc/genwqe/card_utils.c |
878 |
+index 3fcb9a2fe1c9..efe2fb72d54b 100644 |
879 |
+--- a/drivers/misc/genwqe/card_utils.c |
880 |
++++ b/drivers/misc/genwqe/card_utils.c |
881 |
+@@ -215,7 +215,7 @@ u32 genwqe_crc32(u8 *buff, size_t len, u32 init) |
882 |
+ void *__genwqe_alloc_consistent(struct genwqe_dev *cd, size_t size, |
883 |
+ dma_addr_t *dma_handle) |
884 |
+ { |
885 |
+- if (get_order(size) > MAX_ORDER) |
886 |
++ if (get_order(size) >= MAX_ORDER) |
887 |
+ return NULL; |
888 |
+ |
889 |
+ return dma_zalloc_coherent(&cd->pci_dev->dev, size, dma_handle, |
890 |
+diff --git a/drivers/net/wireless/broadcom/b43/phy_common.c b/drivers/net/wireless/broadcom/b43/phy_common.c |
891 |
+index 85f2ca989565..ef3ffa5ad466 100644 |
892 |
+--- a/drivers/net/wireless/broadcom/b43/phy_common.c |
893 |
++++ b/drivers/net/wireless/broadcom/b43/phy_common.c |
894 |
+@@ -616,7 +616,7 @@ struct b43_c32 b43_cordic(int theta) |
895 |
+ u8 i; |
896 |
+ s32 tmp; |
897 |
+ s8 signx = 1; |
898 |
+- u32 angle = 0; |
899 |
++ s32 angle = 0; |
900 |
+ struct b43_c32 ret = { .i = 39797, .q = 0, }; |
901 |
+ |
902 |
+ while (theta > (180 << 16)) |
903 |
+diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c |
904 |
+index 0e39e3d1846f..d28418b05a04 100644 |
905 |
+--- a/drivers/nvdimm/pmem.c |
906 |
++++ b/drivers/nvdimm/pmem.c |
907 |
+@@ -309,8 +309,11 @@ static void pmem_release_queue(void *q) |
908 |
+ blk_cleanup_queue(q); |
909 |
+ } |
910 |
+ |
911 |
+-static void pmem_freeze_queue(void *q) |
912 |
++static void pmem_freeze_queue(struct percpu_ref *ref) |
913 |
+ { |
914 |
++ struct request_queue *q; |
915 |
++ |
916 |
++ q = container_of(ref, typeof(*q), q_usage_counter); |
917 |
+ blk_freeze_queue_start(q); |
918 |
+ } |
919 |
+ |
920 |
+@@ -402,6 +405,7 @@ static int pmem_attach_disk(struct device *dev, |
921 |
+ |
922 |
+ pmem->pfn_flags = PFN_DEV; |
923 |
+ pmem->pgmap.ref = &q->q_usage_counter; |
924 |
++ pmem->pgmap.kill = pmem_freeze_queue; |
925 |
+ if (is_nd_pfn(dev)) { |
926 |
+ if (setup_pagemap_fsdax(dev, &pmem->pgmap)) |
927 |
+ return -ENOMEM; |
928 |
+@@ -427,13 +431,6 @@ static int pmem_attach_disk(struct device *dev, |
929 |
+ memcpy(&bb_res, &nsio->res, sizeof(bb_res)); |
930 |
+ } |
931 |
+ |
932 |
+- /* |
933 |
+- * At release time the queue must be frozen before |
934 |
+- * devm_memremap_pages is unwound |
935 |
+- */ |
936 |
+- if (devm_add_action_or_reset(dev, pmem_freeze_queue, q)) |
937 |
+- return -ENOMEM; |
938 |
+- |
939 |
+ if (IS_ERR(addr)) |
940 |
+ return PTR_ERR(addr); |
941 |
+ pmem->virt_addr = addr; |
942 |
+diff --git a/drivers/of/base.c b/drivers/of/base.c |
943 |
+index 09692c9b32a7..6d20b6dcf034 100644 |
944 |
+--- a/drivers/of/base.c |
945 |
++++ b/drivers/of/base.c |
946 |
+@@ -116,9 +116,6 @@ int __weak of_node_to_nid(struct device_node *np) |
947 |
+ } |
948 |
+ #endif |
949 |
+ |
950 |
+-static struct device_node **phandle_cache; |
951 |
+-static u32 phandle_cache_mask; |
952 |
+- |
953 |
+ /* |
954 |
+ * Assumptions behind phandle_cache implementation: |
955 |
+ * - phandle property values are in a contiguous range of 1..n |
956 |
+@@ -127,6 +124,66 @@ static u32 phandle_cache_mask; |
957 |
+ * - the phandle lookup overhead reduction provided by the cache |
958 |
+ * will likely be less |
959 |
+ */ |
960 |
++ |
961 |
++static struct device_node **phandle_cache; |
962 |
++static u32 phandle_cache_mask; |
963 |
++ |
964 |
++/* |
965 |
++ * Caller must hold devtree_lock. |
966 |
++ */ |
967 |
++static void __of_free_phandle_cache(void) |
968 |
++{ |
969 |
++ u32 cache_entries = phandle_cache_mask + 1; |
970 |
++ u32 k; |
971 |
++ |
972 |
++ if (!phandle_cache) |
973 |
++ return; |
974 |
++ |
975 |
++ for (k = 0; k < cache_entries; k++) |
976 |
++ of_node_put(phandle_cache[k]); |
977 |
++ |
978 |
++ kfree(phandle_cache); |
979 |
++ phandle_cache = NULL; |
980 |
++} |
981 |
++ |
982 |
++int of_free_phandle_cache(void) |
983 |
++{ |
984 |
++ unsigned long flags; |
985 |
++ |
986 |
++ raw_spin_lock_irqsave(&devtree_lock, flags); |
987 |
++ |
988 |
++ __of_free_phandle_cache(); |
989 |
++ |
990 |
++ raw_spin_unlock_irqrestore(&devtree_lock, flags); |
991 |
++ |
992 |
++ return 0; |
993 |
++} |
994 |
++#if !defined(CONFIG_MODULES) |
995 |
++late_initcall_sync(of_free_phandle_cache); |
996 |
++#endif |
997 |
++ |
998 |
++/* |
999 |
++ * Caller must hold devtree_lock. |
1000 |
++ */ |
1001 |
++void __of_free_phandle_cache_entry(phandle handle) |
1002 |
++{ |
1003 |
++ phandle masked_handle; |
1004 |
++ struct device_node *np; |
1005 |
++ |
1006 |
++ if (!handle) |
1007 |
++ return; |
1008 |
++ |
1009 |
++ masked_handle = handle & phandle_cache_mask; |
1010 |
++ |
1011 |
++ if (phandle_cache) { |
1012 |
++ np = phandle_cache[masked_handle]; |
1013 |
++ if (np && handle == np->phandle) { |
1014 |
++ of_node_put(np); |
1015 |
++ phandle_cache[masked_handle] = NULL; |
1016 |
++ } |
1017 |
++ } |
1018 |
++} |
1019 |
++ |
1020 |
+ void of_populate_phandle_cache(void) |
1021 |
+ { |
1022 |
+ unsigned long flags; |
1023 |
+@@ -136,8 +193,7 @@ void of_populate_phandle_cache(void) |
1024 |
+ |
1025 |
+ raw_spin_lock_irqsave(&devtree_lock, flags); |
1026 |
+ |
1027 |
+- kfree(phandle_cache); |
1028 |
+- phandle_cache = NULL; |
1029 |
++ __of_free_phandle_cache(); |
1030 |
+ |
1031 |
+ for_each_of_allnodes(np) |
1032 |
+ if (np->phandle && np->phandle != OF_PHANDLE_ILLEGAL) |
1033 |
+@@ -155,30 +211,15 @@ void of_populate_phandle_cache(void) |
1034 |
+ goto out; |
1035 |
+ |
1036 |
+ for_each_of_allnodes(np) |
1037 |
+- if (np->phandle && np->phandle != OF_PHANDLE_ILLEGAL) |
1038 |
++ if (np->phandle && np->phandle != OF_PHANDLE_ILLEGAL) { |
1039 |
++ of_node_get(np); |
1040 |
+ phandle_cache[np->phandle & phandle_cache_mask] = np; |
1041 |
++ } |
1042 |
+ |
1043 |
+ out: |
1044 |
+ raw_spin_unlock_irqrestore(&devtree_lock, flags); |
1045 |
+ } |
1046 |
+ |
1047 |
+-int of_free_phandle_cache(void) |
1048 |
+-{ |
1049 |
+- unsigned long flags; |
1050 |
+- |
1051 |
+- raw_spin_lock_irqsave(&devtree_lock, flags); |
1052 |
+- |
1053 |
+- kfree(phandle_cache); |
1054 |
+- phandle_cache = NULL; |
1055 |
+- |
1056 |
+- raw_spin_unlock_irqrestore(&devtree_lock, flags); |
1057 |
+- |
1058 |
+- return 0; |
1059 |
+-} |
1060 |
+-#if !defined(CONFIG_MODULES) |
1061 |
+-late_initcall_sync(of_free_phandle_cache); |
1062 |
+-#endif |
1063 |
+- |
1064 |
+ void __init of_core_init(void) |
1065 |
+ { |
1066 |
+ struct device_node *np; |
1067 |
+@@ -1190,13 +1231,23 @@ struct device_node *of_find_node_by_phandle(phandle handle) |
1068 |
+ if (phandle_cache[masked_handle] && |
1069 |
+ handle == phandle_cache[masked_handle]->phandle) |
1070 |
+ np = phandle_cache[masked_handle]; |
1071 |
++ if (np && of_node_check_flag(np, OF_DETACHED)) { |
1072 |
++ WARN_ON(1); /* did not uncache np on node removal */ |
1073 |
++ of_node_put(np); |
1074 |
++ phandle_cache[masked_handle] = NULL; |
1075 |
++ np = NULL; |
1076 |
++ } |
1077 |
+ } |
1078 |
+ |
1079 |
+ if (!np) { |
1080 |
+ for_each_of_allnodes(np) |
1081 |
+- if (np->phandle == handle) { |
1082 |
+- if (phandle_cache) |
1083 |
++ if (np->phandle == handle && |
1084 |
++ !of_node_check_flag(np, OF_DETACHED)) { |
1085 |
++ if (phandle_cache) { |
1086 |
++ /* will put when removed from cache */ |
1087 |
++ of_node_get(np); |
1088 |
+ phandle_cache[masked_handle] = np; |
1089 |
++ } |
1090 |
+ break; |
1091 |
+ } |
1092 |
+ } |
1093 |
+diff --git a/drivers/of/dynamic.c b/drivers/of/dynamic.c |
1094 |
+index f4f8ed9b5454..ecea92f68c87 100644 |
1095 |
+--- a/drivers/of/dynamic.c |
1096 |
++++ b/drivers/of/dynamic.c |
1097 |
+@@ -268,6 +268,9 @@ void __of_detach_node(struct device_node *np) |
1098 |
+ } |
1099 |
+ |
1100 |
+ of_node_set_flag(np, OF_DETACHED); |
1101 |
++ |
1102 |
++ /* race with of_find_node_by_phandle() prevented by devtree_lock */ |
1103 |
++ __of_free_phandle_cache_entry(np->phandle); |
1104 |
+ } |
1105 |
+ |
1106 |
+ /** |
1107 |
+diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h |
1108 |
+index 5d1567025358..24786818e32e 100644 |
1109 |
+--- a/drivers/of/of_private.h |
1110 |
++++ b/drivers/of/of_private.h |
1111 |
+@@ -84,6 +84,10 @@ static inline void __of_detach_node_sysfs(struct device_node *np) {} |
1112 |
+ int of_resolve_phandles(struct device_node *tree); |
1113 |
+ #endif |
1114 |
+ |
1115 |
++#if defined(CONFIG_OF_DYNAMIC) |
1116 |
++void __of_free_phandle_cache_entry(phandle handle); |
1117 |
++#endif |
1118 |
++ |
1119 |
+ #if defined(CONFIG_OF_OVERLAY) |
1120 |
+ void of_overlay_mutex_lock(void); |
1121 |
+ void of_overlay_mutex_unlock(void); |
1122 |
+diff --git a/drivers/pci/p2pdma.c b/drivers/pci/p2pdma.c |
1123 |
+index ae3c5b25dcc7..a2eb25271c96 100644 |
1124 |
+--- a/drivers/pci/p2pdma.c |
1125 |
++++ b/drivers/pci/p2pdma.c |
1126 |
+@@ -82,10 +82,8 @@ static void pci_p2pdma_percpu_release(struct percpu_ref *ref) |
1127 |
+ complete_all(&p2p->devmap_ref_done); |
1128 |
+ } |
1129 |
+ |
1130 |
+-static void pci_p2pdma_percpu_kill(void *data) |
1131 |
++static void pci_p2pdma_percpu_kill(struct percpu_ref *ref) |
1132 |
+ { |
1133 |
+- struct percpu_ref *ref = data; |
1134 |
+- |
1135 |
+ /* |
1136 |
+ * pci_p2pdma_add_resource() may be called multiple times |
1137 |
+ * by a driver and may register the percpu_kill devm action multiple |
1138 |
+@@ -198,6 +196,7 @@ int pci_p2pdma_add_resource(struct pci_dev *pdev, int bar, size_t size, |
1139 |
+ pgmap->type = MEMORY_DEVICE_PCI_P2PDMA; |
1140 |
+ pgmap->pci_p2pdma_bus_offset = pci_bus_address(pdev, bar) - |
1141 |
+ pci_resource_start(pdev, bar); |
1142 |
++ pgmap->kill = pci_p2pdma_percpu_kill; |
1143 |
+ |
1144 |
+ addr = devm_memremap_pages(&pdev->dev, pgmap); |
1145 |
+ if (IS_ERR(addr)) { |
1146 |
+@@ -211,11 +210,6 @@ int pci_p2pdma_add_resource(struct pci_dev *pdev, int bar, size_t size, |
1147 |
+ if (error) |
1148 |
+ goto pgmap_free; |
1149 |
+ |
1150 |
+- error = devm_add_action_or_reset(&pdev->dev, pci_p2pdma_percpu_kill, |
1151 |
+- &pdev->p2pdma->devmap_ref); |
1152 |
+- if (error) |
1153 |
+- goto pgmap_free; |
1154 |
+- |
1155 |
+ pci_info(pdev, "added peer-to-peer DMA memory %pR\n", |
1156 |
+ &pgmap->res); |
1157 |
+ |
1158 |
+diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c |
1159 |
+index bef17c3fca67..33f3f475e5c6 100644 |
1160 |
+--- a/drivers/pci/pci-driver.c |
1161 |
++++ b/drivers/pci/pci-driver.c |
1162 |
+@@ -1251,30 +1251,29 @@ static int pci_pm_runtime_suspend(struct device *dev) |
1163 |
+ return 0; |
1164 |
+ } |
1165 |
+ |
1166 |
+- if (!pm || !pm->runtime_suspend) |
1167 |
+- return -ENOSYS; |
1168 |
+- |
1169 |
+ pci_dev->state_saved = false; |
1170 |
+- error = pm->runtime_suspend(dev); |
1171 |
+- if (error) { |
1172 |
++ if (pm && pm->runtime_suspend) { |
1173 |
++ error = pm->runtime_suspend(dev); |
1174 |
+ /* |
1175 |
+ * -EBUSY and -EAGAIN is used to request the runtime PM core |
1176 |
+ * to schedule a new suspend, so log the event only with debug |
1177 |
+ * log level. |
1178 |
+ */ |
1179 |
+- if (error == -EBUSY || error == -EAGAIN) |
1180 |
++ if (error == -EBUSY || error == -EAGAIN) { |
1181 |
+ dev_dbg(dev, "can't suspend now (%pf returned %d)\n", |
1182 |
+ pm->runtime_suspend, error); |
1183 |
+- else |
1184 |
++ return error; |
1185 |
++ } else if (error) { |
1186 |
+ dev_err(dev, "can't suspend (%pf returned %d)\n", |
1187 |
+ pm->runtime_suspend, error); |
1188 |
+- |
1189 |
+- return error; |
1190 |
++ return error; |
1191 |
++ } |
1192 |
+ } |
1193 |
+ |
1194 |
+ pci_fixup_device(pci_fixup_suspend, pci_dev); |
1195 |
+ |
1196 |
+- if (!pci_dev->state_saved && pci_dev->current_state != PCI_D0 |
1197 |
++ if (pm && pm->runtime_suspend |
1198 |
++ && !pci_dev->state_saved && pci_dev->current_state != PCI_D0 |
1199 |
+ && pci_dev->current_state != PCI_UNKNOWN) { |
1200 |
+ WARN_ONCE(pci_dev->current_state != prev, |
1201 |
+ "PCI PM: State of device not saved by %pF\n", |
1202 |
+@@ -1292,7 +1291,7 @@ static int pci_pm_runtime_suspend(struct device *dev) |
1203 |
+ |
1204 |
+ static int pci_pm_runtime_resume(struct device *dev) |
1205 |
+ { |
1206 |
+- int rc; |
1207 |
++ int rc = 0; |
1208 |
+ struct pci_dev *pci_dev = to_pci_dev(dev); |
1209 |
+ const struct dev_pm_ops *pm = dev->driver ? dev->driver->pm : NULL; |
1210 |
+ |
1211 |
+@@ -1306,14 +1305,12 @@ static int pci_pm_runtime_resume(struct device *dev) |
1212 |
+ if (!pci_dev->driver) |
1213 |
+ return 0; |
1214 |
+ |
1215 |
+- if (!pm || !pm->runtime_resume) |
1216 |
+- return -ENOSYS; |
1217 |
+- |
1218 |
+ pci_fixup_device(pci_fixup_resume_early, pci_dev); |
1219 |
+ pci_enable_wake(pci_dev, PCI_D0, false); |
1220 |
+ pci_fixup_device(pci_fixup_resume, pci_dev); |
1221 |
+ |
1222 |
+- rc = pm->runtime_resume(dev); |
1223 |
++ if (pm && pm->runtime_resume) |
1224 |
++ rc = pm->runtime_resume(dev); |
1225 |
+ |
1226 |
+ pci_dev->runtime_d3cold = false; |
1227 |
+ |
1228 |
+diff --git a/drivers/perf/hisilicon/hisi_uncore_ddrc_pmu.c b/drivers/perf/hisilicon/hisi_uncore_ddrc_pmu.c |
1229 |
+index 1b10ea05a914..69372e2bc93c 100644 |
1230 |
+--- a/drivers/perf/hisilicon/hisi_uncore_ddrc_pmu.c |
1231 |
++++ b/drivers/perf/hisilicon/hisi_uncore_ddrc_pmu.c |
1232 |
+@@ -30,8 +30,8 @@ |
1233 |
+ #define DDRC_FLUX_RCMD 0x38c |
1234 |
+ #define DDRC_PRE_CMD 0x3c0 |
1235 |
+ #define DDRC_ACT_CMD 0x3c4 |
1236 |
+-#define DDRC_BNK_CHG 0x3c8 |
1237 |
+ #define DDRC_RNK_CHG 0x3cc |
1238 |
++#define DDRC_RW_CHG 0x3d0 |
1239 |
+ #define DDRC_EVENT_CTRL 0x6C0 |
1240 |
+ #define DDRC_INT_MASK 0x6c8 |
1241 |
+ #define DDRC_INT_STATUS 0x6cc |
1242 |
+@@ -51,7 +51,7 @@ |
1243 |
+ |
1244 |
+ static const u32 ddrc_reg_off[] = { |
1245 |
+ DDRC_FLUX_WR, DDRC_FLUX_RD, DDRC_FLUX_WCMD, DDRC_FLUX_RCMD, |
1246 |
+- DDRC_PRE_CMD, DDRC_ACT_CMD, DDRC_BNK_CHG, DDRC_RNK_CHG |
1247 |
++ DDRC_PRE_CMD, DDRC_ACT_CMD, DDRC_RNK_CHG, DDRC_RW_CHG |
1248 |
+ }; |
1249 |
+ |
1250 |
+ /* |
1251 |
+diff --git a/drivers/power/supply/olpc_battery.c b/drivers/power/supply/olpc_battery.c |
1252 |
+index 6da79ae14860..5a97e42a3547 100644 |
1253 |
+--- a/drivers/power/supply/olpc_battery.c |
1254 |
++++ b/drivers/power/supply/olpc_battery.c |
1255 |
+@@ -428,14 +428,14 @@ static int olpc_bat_get_property(struct power_supply *psy, |
1256 |
+ if (ret) |
1257 |
+ return ret; |
1258 |
+ |
1259 |
+- val->intval = (s16)be16_to_cpu(ec_word) * 100 / 256; |
1260 |
++ val->intval = (s16)be16_to_cpu(ec_word) * 10 / 256; |
1261 |
+ break; |
1262 |
+ case POWER_SUPPLY_PROP_TEMP_AMBIENT: |
1263 |
+ ret = olpc_ec_cmd(EC_AMB_TEMP, NULL, 0, (void *)&ec_word, 2); |
1264 |
+ if (ret) |
1265 |
+ return ret; |
1266 |
+ |
1267 |
+- val->intval = (int)be16_to_cpu(ec_word) * 100 / 256; |
1268 |
++ val->intval = (int)be16_to_cpu(ec_word) * 10 / 256; |
1269 |
+ break; |
1270 |
+ case POWER_SUPPLY_PROP_CHARGE_COUNTER: |
1271 |
+ ret = olpc_ec_cmd(EC_BAT_ACR, NULL, 0, (void *)&ec_word, 2); |
1272 |
+diff --git a/drivers/s390/scsi/zfcp_aux.c b/drivers/s390/scsi/zfcp_aux.c |
1273 |
+index 94f4d8fe85e0..d1b531fe9ada 100644 |
1274 |
+--- a/drivers/s390/scsi/zfcp_aux.c |
1275 |
++++ b/drivers/s390/scsi/zfcp_aux.c |
1276 |
+@@ -275,16 +275,16 @@ static void zfcp_free_low_mem_buffers(struct zfcp_adapter *adapter) |
1277 |
+ */ |
1278 |
+ int zfcp_status_read_refill(struct zfcp_adapter *adapter) |
1279 |
+ { |
1280 |
+- while (atomic_read(&adapter->stat_miss) > 0) |
1281 |
++ while (atomic_add_unless(&adapter->stat_miss, -1, 0)) |
1282 |
+ if (zfcp_fsf_status_read(adapter->qdio)) { |
1283 |
++ atomic_inc(&adapter->stat_miss); /* undo add -1 */ |
1284 |
+ if (atomic_read(&adapter->stat_miss) >= |
1285 |
+ adapter->stat_read_buf_num) { |
1286 |
+ zfcp_erp_adapter_reopen(adapter, 0, "axsref1"); |
1287 |
+ return 1; |
1288 |
+ } |
1289 |
+ break; |
1290 |
+- } else |
1291 |
+- atomic_dec(&adapter->stat_miss); |
1292 |
++ } |
1293 |
+ return 0; |
1294 |
+ } |
1295 |
+ |
1296 |
+diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c |
1297 |
+index b9e5cd79931a..462ed4ad21d2 100644 |
1298 |
+--- a/drivers/scsi/lpfc/lpfc_sli.c |
1299 |
++++ b/drivers/scsi/lpfc/lpfc_sli.c |
1300 |
+@@ -14501,7 +14501,8 @@ lpfc_sli4_queue_alloc(struct lpfc_hba *phba, uint32_t page_size, |
1301 |
+ hw_page_size))/hw_page_size; |
1302 |
+ |
1303 |
+ /* If needed, Adjust page count to match the max the adapter supports */ |
1304 |
+- if (queue->page_count > phba->sli4_hba.pc_sli4_params.wqpcnt) |
1305 |
++ if (phba->sli4_hba.pc_sli4_params.wqpcnt && |
1306 |
++ (queue->page_count > phba->sli4_hba.pc_sli4_params.wqpcnt)) |
1307 |
+ queue->page_count = phba->sli4_hba.pc_sli4_params.wqpcnt; |
1308 |
+ |
1309 |
+ INIT_LIST_HEAD(&queue->list); |
1310 |
+diff --git a/drivers/video/fbdev/pxafb.c b/drivers/video/fbdev/pxafb.c |
1311 |
+index bbed039617a4..d59c8a59f582 100644 |
1312 |
+--- a/drivers/video/fbdev/pxafb.c |
1313 |
++++ b/drivers/video/fbdev/pxafb.c |
1314 |
+@@ -2234,10 +2234,8 @@ static struct pxafb_mach_info *of_pxafb_of_mach_info(struct device *dev) |
1315 |
+ if (!info) |
1316 |
+ return ERR_PTR(-ENOMEM); |
1317 |
+ ret = of_get_pxafb_mode_info(dev, info); |
1318 |
+- if (ret) { |
1319 |
+- kfree(info->modes); |
1320 |
++ if (ret) |
1321 |
+ return ERR_PTR(ret); |
1322 |
+- } |
1323 |
+ |
1324 |
+ /* |
1325 |
+ * On purpose, neither lccrX registers nor video memory size can be |
1326 |
+diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c |
1327 |
+index f3496db4bb3e..a58666a3f8dd 100644 |
1328 |
+--- a/fs/ceph/caps.c |
1329 |
++++ b/fs/ceph/caps.c |
1330 |
+@@ -3569,7 +3569,6 @@ retry: |
1331 |
+ tcap->cap_id = t_cap_id; |
1332 |
+ tcap->seq = t_seq - 1; |
1333 |
+ tcap->issue_seq = t_seq - 1; |
1334 |
+- tcap->mseq = t_mseq; |
1335 |
+ tcap->issued |= issued; |
1336 |
+ tcap->implemented |= issued; |
1337 |
+ if (cap == ci->i_auth_cap) |
1338 |
+diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c |
1339 |
+index cc91963683de..a928ba008d7d 100644 |
1340 |
+--- a/fs/dlm/lock.c |
1341 |
++++ b/fs/dlm/lock.c |
1342 |
+@@ -1209,6 +1209,7 @@ static int create_lkb(struct dlm_ls *ls, struct dlm_lkb **lkb_ret) |
1343 |
+ |
1344 |
+ if (rv < 0) { |
1345 |
+ log_error(ls, "create_lkb idr error %d", rv); |
1346 |
++ dlm_free_lkb(lkb); |
1347 |
+ return rv; |
1348 |
+ } |
1349 |
+ |
1350 |
+@@ -4179,6 +4180,7 @@ static int receive_convert(struct dlm_ls *ls, struct dlm_message *ms) |
1351 |
+ (unsigned long long)lkb->lkb_recover_seq, |
1352 |
+ ms->m_header.h_nodeid, ms->m_lkid); |
1353 |
+ error = -ENOENT; |
1354 |
++ dlm_put_lkb(lkb); |
1355 |
+ goto fail; |
1356 |
+ } |
1357 |
+ |
1358 |
+@@ -4232,6 +4234,7 @@ static int receive_unlock(struct dlm_ls *ls, struct dlm_message *ms) |
1359 |
+ lkb->lkb_id, lkb->lkb_remid, |
1360 |
+ ms->m_header.h_nodeid, ms->m_lkid); |
1361 |
+ error = -ENOENT; |
1362 |
++ dlm_put_lkb(lkb); |
1363 |
+ goto fail; |
1364 |
+ } |
1365 |
+ |
1366 |
+@@ -5792,20 +5795,20 @@ int dlm_user_request(struct dlm_ls *ls, struct dlm_user_args *ua, |
1367 |
+ goto out; |
1368 |
+ } |
1369 |
+ } |
1370 |
+- |
1371 |
+- /* After ua is attached to lkb it will be freed by dlm_free_lkb(). |
1372 |
+- When DLM_IFL_USER is set, the dlm knows that this is a userspace |
1373 |
+- lock and that lkb_astparam is the dlm_user_args structure. */ |
1374 |
+- |
1375 |
+ error = set_lock_args(mode, &ua->lksb, flags, namelen, timeout_cs, |
1376 |
+ fake_astfn, ua, fake_bastfn, &args); |
1377 |
+- lkb->lkb_flags |= DLM_IFL_USER; |
1378 |
+- |
1379 |
+ if (error) { |
1380 |
++ kfree(ua->lksb.sb_lvbptr); |
1381 |
++ ua->lksb.sb_lvbptr = NULL; |
1382 |
++ kfree(ua); |
1383 |
+ __put_lkb(ls, lkb); |
1384 |
+ goto out; |
1385 |
+ } |
1386 |
+ |
1387 |
++ /* After ua is attached to lkb it will be freed by dlm_free_lkb(). |
1388 |
++ When DLM_IFL_USER is set, the dlm knows that this is a userspace |
1389 |
++ lock and that lkb_astparam is the dlm_user_args structure. */ |
1390 |
++ lkb->lkb_flags |= DLM_IFL_USER; |
1391 |
+ error = request_lock(ls, lkb, name, namelen, &args); |
1392 |
+ |
1393 |
+ switch (error) { |
1394 |
+diff --git a/fs/dlm/lockspace.c b/fs/dlm/lockspace.c |
1395 |
+index 5ba94be006ee..6a1529e478f3 100644 |
1396 |
+--- a/fs/dlm/lockspace.c |
1397 |
++++ b/fs/dlm/lockspace.c |
1398 |
+@@ -680,11 +680,11 @@ static int new_lockspace(const char *name, const char *cluster, |
1399 |
+ kfree(ls->ls_recover_buf); |
1400 |
+ out_lkbidr: |
1401 |
+ idr_destroy(&ls->ls_lkbidr); |
1402 |
++ out_rsbtbl: |
1403 |
+ for (i = 0; i < DLM_REMOVE_NAMES_MAX; i++) { |
1404 |
+ if (ls->ls_remove_names[i]) |
1405 |
+ kfree(ls->ls_remove_names[i]); |
1406 |
+ } |
1407 |
+- out_rsbtbl: |
1408 |
+ vfree(ls->ls_rsbtbl); |
1409 |
+ out_lsfree: |
1410 |
+ if (do_unreg) |
1411 |
+diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c |
1412 |
+index 648f0ca1ad57..998051c4aea7 100644 |
1413 |
+--- a/fs/gfs2/inode.c |
1414 |
++++ b/fs/gfs2/inode.c |
1415 |
+@@ -744,17 +744,19 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry, |
1416 |
+ the gfs2 structures. */ |
1417 |
+ if (default_acl) { |
1418 |
+ error = __gfs2_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); |
1419 |
++ if (error) |
1420 |
++ goto fail_gunlock3; |
1421 |
+ posix_acl_release(default_acl); |
1422 |
++ default_acl = NULL; |
1423 |
+ } |
1424 |
+ if (acl) { |
1425 |
+- if (!error) |
1426 |
+- error = __gfs2_set_acl(inode, acl, ACL_TYPE_ACCESS); |
1427 |
++ error = __gfs2_set_acl(inode, acl, ACL_TYPE_ACCESS); |
1428 |
++ if (error) |
1429 |
++ goto fail_gunlock3; |
1430 |
+ posix_acl_release(acl); |
1431 |
++ acl = NULL; |
1432 |
+ } |
1433 |
+ |
1434 |
+- if (error) |
1435 |
+- goto fail_gunlock3; |
1436 |
+- |
1437 |
+ error = security_inode_init_security(&ip->i_inode, &dip->i_inode, name, |
1438 |
+ &gfs2_initxattrs, NULL); |
1439 |
+ if (error) |
1440 |
+@@ -789,10 +791,8 @@ fail_free_inode: |
1441 |
+ } |
1442 |
+ gfs2_rsqa_delete(ip, NULL); |
1443 |
+ fail_free_acls: |
1444 |
+- if (default_acl) |
1445 |
+- posix_acl_release(default_acl); |
1446 |
+- if (acl) |
1447 |
+- posix_acl_release(acl); |
1448 |
++ posix_acl_release(default_acl); |
1449 |
++ posix_acl_release(acl); |
1450 |
+ fail_gunlock: |
1451 |
+ gfs2_dir_no_add(&da); |
1452 |
+ gfs2_glock_dq_uninit(ghs); |
1453 |
+diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c |
1454 |
+index b08a530433ad..8d7916570362 100644 |
1455 |
+--- a/fs/gfs2/rgrp.c |
1456 |
++++ b/fs/gfs2/rgrp.c |
1457 |
+@@ -1780,9 +1780,9 @@ static int gfs2_rbm_find(struct gfs2_rbm *rbm, u8 state, u32 *minext, |
1458 |
+ goto next_iter; |
1459 |
+ } |
1460 |
+ if (ret == -E2BIG) { |
1461 |
++ n += rbm->bii - initial_bii; |
1462 |
+ rbm->bii = 0; |
1463 |
+ rbm->offset = 0; |
1464 |
+- n += (rbm->bii - initial_bii); |
1465 |
+ goto res_covered_end_of_rgrp; |
1466 |
+ } |
1467 |
+ return ret; |
1468 |
+diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c |
1469 |
+index d20b92f271c2..0a67dd4250e9 100644 |
1470 |
+--- a/fs/lockd/clntproc.c |
1471 |
++++ b/fs/lockd/clntproc.c |
1472 |
+@@ -442,7 +442,7 @@ nlmclnt_test(struct nlm_rqst *req, struct file_lock *fl) |
1473 |
+ fl->fl_start = req->a_res.lock.fl.fl_start; |
1474 |
+ fl->fl_end = req->a_res.lock.fl.fl_end; |
1475 |
+ fl->fl_type = req->a_res.lock.fl.fl_type; |
1476 |
+- fl->fl_pid = 0; |
1477 |
++ fl->fl_pid = -req->a_res.lock.fl.fl_pid; |
1478 |
+ break; |
1479 |
+ default: |
1480 |
+ status = nlm_stat_to_errno(req->a_res.status); |
1481 |
+diff --git a/fs/lockd/xdr.c b/fs/lockd/xdr.c |
1482 |
+index 7147e4aebecc..9846f7e95282 100644 |
1483 |
+--- a/fs/lockd/xdr.c |
1484 |
++++ b/fs/lockd/xdr.c |
1485 |
+@@ -127,7 +127,7 @@ nlm_decode_lock(__be32 *p, struct nlm_lock *lock) |
1486 |
+ |
1487 |
+ locks_init_lock(fl); |
1488 |
+ fl->fl_owner = current->files; |
1489 |
+- fl->fl_pid = (pid_t)lock->svid; |
1490 |
++ fl->fl_pid = current->tgid; |
1491 |
+ fl->fl_flags = FL_POSIX; |
1492 |
+ fl->fl_type = F_RDLCK; /* as good as anything else */ |
1493 |
+ start = ntohl(*p++); |
1494 |
+@@ -269,7 +269,7 @@ nlmsvc_decode_shareargs(struct svc_rqst *rqstp, __be32 *p) |
1495 |
+ memset(lock, 0, sizeof(*lock)); |
1496 |
+ locks_init_lock(&lock->fl); |
1497 |
+ lock->svid = ~(u32) 0; |
1498 |
+- lock->fl.fl_pid = (pid_t)lock->svid; |
1499 |
++ lock->fl.fl_pid = current->tgid; |
1500 |
+ |
1501 |
+ if (!(p = nlm_decode_cookie(p, &argp->cookie)) |
1502 |
+ || !(p = xdr_decode_string_inplace(p, &lock->caller, |
1503 |
+diff --git a/fs/lockd/xdr4.c b/fs/lockd/xdr4.c |
1504 |
+index 7ed9edf9aed4..70154f376695 100644 |
1505 |
+--- a/fs/lockd/xdr4.c |
1506 |
++++ b/fs/lockd/xdr4.c |
1507 |
+@@ -119,7 +119,7 @@ nlm4_decode_lock(__be32 *p, struct nlm_lock *lock) |
1508 |
+ |
1509 |
+ locks_init_lock(fl); |
1510 |
+ fl->fl_owner = current->files; |
1511 |
+- fl->fl_pid = (pid_t)lock->svid; |
1512 |
++ fl->fl_pid = current->tgid; |
1513 |
+ fl->fl_flags = FL_POSIX; |
1514 |
+ fl->fl_type = F_RDLCK; /* as good as anything else */ |
1515 |
+ p = xdr_decode_hyper(p, &start); |
1516 |
+@@ -266,7 +266,7 @@ nlm4svc_decode_shareargs(struct svc_rqst *rqstp, __be32 *p) |
1517 |
+ memset(lock, 0, sizeof(*lock)); |
1518 |
+ locks_init_lock(&lock->fl); |
1519 |
+ lock->svid = ~(u32) 0; |
1520 |
+- lock->fl.fl_pid = (pid_t)lock->svid; |
1521 |
++ lock->fl.fl_pid = current->tgid; |
1522 |
+ |
1523 |
+ if (!(p = nlm4_decode_cookie(p, &argp->cookie)) |
1524 |
+ || !(p = xdr_decode_string_inplace(p, &lock->caller, |
1525 |
+diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c |
1526 |
+index d505990dac7c..c364acbb6aba 100644 |
1527 |
+--- a/fs/nfsd/nfs4proc.c |
1528 |
++++ b/fs/nfsd/nfs4proc.c |
1529 |
+@@ -1016,8 +1016,6 @@ nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, |
1530 |
+ |
1531 |
+ nvecs = svc_fill_write_vector(rqstp, write->wr_pagelist, |
1532 |
+ &write->wr_head, write->wr_buflen); |
1533 |
+- if (!nvecs) |
1534 |
+- return nfserr_io; |
1535 |
+ WARN_ON_ONCE(nvecs > ARRAY_SIZE(rqstp->rq_vec)); |
1536 |
+ |
1537 |
+ status = nfsd_vfs_write(rqstp, &cstate->current_fh, filp, |
1538 |
+diff --git a/include/linux/hmm.h b/include/linux/hmm.h |
1539 |
+index c6fb869a81c0..ed89fbc525d2 100644 |
1540 |
+--- a/include/linux/hmm.h |
1541 |
++++ b/include/linux/hmm.h |
1542 |
+@@ -512,8 +512,7 @@ struct hmm_devmem { |
1543 |
+ * enough and allocate struct page for it. |
1544 |
+ * |
1545 |
+ * The device driver can wrap the hmm_devmem struct inside a private device |
1546 |
+- * driver struct. The device driver must call hmm_devmem_remove() before the |
1547 |
+- * device goes away and before freeing the hmm_devmem struct memory. |
1548 |
++ * driver struct. |
1549 |
+ */ |
1550 |
+ struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops, |
1551 |
+ struct device *device, |
1552 |
+@@ -521,7 +520,6 @@ struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops, |
1553 |
+ struct hmm_devmem *hmm_devmem_add_resource(const struct hmm_devmem_ops *ops, |
1554 |
+ struct device *device, |
1555 |
+ struct resource *res); |
1556 |
+-void hmm_devmem_remove(struct hmm_devmem *devmem); |
1557 |
+ |
1558 |
+ /* |
1559 |
+ * hmm_devmem_page_set_drvdata - set per-page driver data field |
1560 |
+diff --git a/include/linux/memremap.h b/include/linux/memremap.h |
1561 |
+index 0ac69ddf5fc4..55db66b3716f 100644 |
1562 |
+--- a/include/linux/memremap.h |
1563 |
++++ b/include/linux/memremap.h |
1564 |
+@@ -111,6 +111,7 @@ typedef void (*dev_page_free_t)(struct page *page, void *data); |
1565 |
+ * @altmap: pre-allocated/reserved memory for vmemmap allocations |
1566 |
+ * @res: physical address range covered by @ref |
1567 |
+ * @ref: reference count that pins the devm_memremap_pages() mapping |
1568 |
++ * @kill: callback to transition @ref to the dead state |
1569 |
+ * @dev: host device of the mapping for debug |
1570 |
+ * @data: private data pointer for page_free() |
1571 |
+ * @type: memory type: see MEMORY_* in memory_hotplug.h |
1572 |
+@@ -122,6 +123,7 @@ struct dev_pagemap { |
1573 |
+ bool altmap_valid; |
1574 |
+ struct resource res; |
1575 |
+ struct percpu_ref *ref; |
1576 |
++ void (*kill)(struct percpu_ref *ref); |
1577 |
+ struct device *dev; |
1578 |
+ void *data; |
1579 |
+ enum memory_type type; |
1580 |
+diff --git a/kernel/fork.c b/kernel/fork.c |
1581 |
+index e2a5156bc9c3..3c16bc490583 100644 |
1582 |
+--- a/kernel/fork.c |
1583 |
++++ b/kernel/fork.c |
1584 |
+@@ -1837,8 +1837,6 @@ static __latent_entropy struct task_struct *copy_process( |
1585 |
+ |
1586 |
+ posix_cpu_timers_init(p); |
1587 |
+ |
1588 |
+- p->start_time = ktime_get_ns(); |
1589 |
+- p->real_start_time = ktime_get_boot_ns(); |
1590 |
+ p->io_context = NULL; |
1591 |
+ audit_set_context(p, NULL); |
1592 |
+ cgroup_fork(p); |
1593 |
+@@ -2004,6 +2002,17 @@ static __latent_entropy struct task_struct *copy_process( |
1594 |
+ if (retval) |
1595 |
+ goto bad_fork_free_pid; |
1596 |
+ |
1597 |
++ /* |
1598 |
++ * From this point on we must avoid any synchronous user-space |
1599 |
++ * communication until we take the tasklist-lock. In particular, we do |
1600 |
++ * not want user-space to be able to predict the process start-time by |
1601 |
++ * stalling fork(2) after we recorded the start_time but before it is |
1602 |
++ * visible to the system. |
1603 |
++ */ |
1604 |
++ |
1605 |
++ p->start_time = ktime_get_ns(); |
1606 |
++ p->real_start_time = ktime_get_boot_ns(); |
1607 |
++ |
1608 |
+ /* |
1609 |
+ * Make it visible to the rest of the system, but dont wake it up yet. |
1610 |
+ * Need tasklist lock for parent etc handling! |
1611 |
+diff --git a/kernel/memremap.c b/kernel/memremap.c |
1612 |
+index 9eced2cc9f94..3eef989ef035 100644 |
1613 |
+--- a/kernel/memremap.c |
1614 |
++++ b/kernel/memremap.c |
1615 |
+@@ -88,23 +88,25 @@ static void devm_memremap_pages_release(void *data) |
1616 |
+ resource_size_t align_start, align_size; |
1617 |
+ unsigned long pfn; |
1618 |
+ |
1619 |
++ pgmap->kill(pgmap->ref); |
1620 |
+ for_each_device_pfn(pfn, pgmap) |
1621 |
+ put_page(pfn_to_page(pfn)); |
1622 |
+ |
1623 |
+- if (percpu_ref_tryget_live(pgmap->ref)) { |
1624 |
+- dev_WARN(dev, "%s: page mapping is still live!\n", __func__); |
1625 |
+- percpu_ref_put(pgmap->ref); |
1626 |
+- } |
1627 |
+- |
1628 |
+ /* pages are dead and unused, undo the arch mapping */ |
1629 |
+ align_start = res->start & ~(SECTION_SIZE - 1); |
1630 |
+ align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE) |
1631 |
+ - align_start; |
1632 |
+ |
1633 |
+ mem_hotplug_begin(); |
1634 |
+- arch_remove_memory(align_start, align_size, pgmap->altmap_valid ? |
1635 |
+- &pgmap->altmap : NULL); |
1636 |
+- kasan_remove_zero_shadow(__va(align_start), align_size); |
1637 |
++ if (pgmap->type == MEMORY_DEVICE_PRIVATE) { |
1638 |
++ pfn = align_start >> PAGE_SHIFT; |
1639 |
++ __remove_pages(page_zone(pfn_to_page(pfn)), pfn, |
1640 |
++ align_size >> PAGE_SHIFT, NULL); |
1641 |
++ } else { |
1642 |
++ arch_remove_memory(align_start, align_size, |
1643 |
++ pgmap->altmap_valid ? &pgmap->altmap : NULL); |
1644 |
++ kasan_remove_zero_shadow(__va(align_start), align_size); |
1645 |
++ } |
1646 |
+ mem_hotplug_done(); |
1647 |
+ |
1648 |
+ untrack_pfn(NULL, PHYS_PFN(align_start), align_size); |
1649 |
+@@ -116,7 +118,7 @@ static void devm_memremap_pages_release(void *data) |
1650 |
+ /** |
1651 |
+ * devm_memremap_pages - remap and provide memmap backing for the given resource |
1652 |
+ * @dev: hosting device for @res |
1653 |
+- * @pgmap: pointer to a struct dev_pgmap |
1654 |
++ * @pgmap: pointer to a struct dev_pagemap |
1655 |
+ * |
1656 |
+ * Notes: |
1657 |
+ * 1/ At a minimum the res, ref and type members of @pgmap must be initialized |
1658 |
+@@ -125,11 +127,8 @@ static void devm_memremap_pages_release(void *data) |
1659 |
+ * 2/ The altmap field may optionally be initialized, in which case altmap_valid |
1660 |
+ * must be set to true |
1661 |
+ * |
1662 |
+- * 3/ pgmap.ref must be 'live' on entry and 'dead' before devm_memunmap_pages() |
1663 |
+- * time (or devm release event). The expected order of events is that ref has |
1664 |
+- * been through percpu_ref_kill() before devm_memremap_pages_release(). The |
1665 |
+- * wait for the completion of all references being dropped and |
1666 |
+- * percpu_ref_exit() must occur after devm_memremap_pages_release(). |
1667 |
++ * 3/ pgmap->ref must be 'live' on entry and will be killed at |
1668 |
++ * devm_memremap_pages_release() time, or if this routine fails. |
1669 |
+ * |
1670 |
+ * 4/ res is expected to be a host memory range that could feasibly be |
1671 |
+ * treated as a "System RAM" range, i.e. not a device mmio range, but |
1672 |
+@@ -145,6 +144,9 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) |
1673 |
+ pgprot_t pgprot = PAGE_KERNEL; |
1674 |
+ int error, nid, is_ram; |
1675 |
+ |
1676 |
++ if (!pgmap->ref || !pgmap->kill) |
1677 |
++ return ERR_PTR(-EINVAL); |
1678 |
++ |
1679 |
+ align_start = res->start & ~(SECTION_SIZE - 1); |
1680 |
+ align_size = ALIGN(res->start + resource_size(res), SECTION_SIZE) |
1681 |
+ - align_start; |
1682 |
+@@ -167,18 +169,13 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) |
1683 |
+ is_ram = region_intersects(align_start, align_size, |
1684 |
+ IORESOURCE_SYSTEM_RAM, IORES_DESC_NONE); |
1685 |
+ |
1686 |
+- if (is_ram == REGION_MIXED) { |
1687 |
+- WARN_ONCE(1, "%s attempted on mixed region %pr\n", |
1688 |
+- __func__, res); |
1689 |
+- return ERR_PTR(-ENXIO); |
1690 |
++ if (is_ram != REGION_DISJOINT) { |
1691 |
++ WARN_ONCE(1, "%s attempted on %s region %pr\n", __func__, |
1692 |
++ is_ram == REGION_MIXED ? "mixed" : "ram", res); |
1693 |
++ error = -ENXIO; |
1694 |
++ goto err_array; |
1695 |
+ } |
1696 |
+ |
1697 |
+- if (is_ram == REGION_INTERSECTS) |
1698 |
+- return __va(res->start); |
1699 |
+- |
1700 |
+- if (!pgmap->ref) |
1701 |
+- return ERR_PTR(-EINVAL); |
1702 |
+- |
1703 |
+ pgmap->dev = dev; |
1704 |
+ |
1705 |
+ error = xa_err(xa_store_range(&pgmap_array, PHYS_PFN(res->start), |
1706 |
+@@ -196,17 +193,40 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) |
1707 |
+ goto err_pfn_remap; |
1708 |
+ |
1709 |
+ mem_hotplug_begin(); |
1710 |
+- error = kasan_add_zero_shadow(__va(align_start), align_size); |
1711 |
+- if (error) { |
1712 |
+- mem_hotplug_done(); |
1713 |
+- goto err_kasan; |
1714 |
++ |
1715 |
++ /* |
1716 |
++ * For device private memory we call add_pages() as we only need to |
1717 |
++ * allocate and initialize struct page for the device memory. More- |
1718 |
++ * over the device memory is un-accessible thus we do not want to |
1719 |
++ * create a linear mapping for the memory like arch_add_memory() |
1720 |
++ * would do. |
1721 |
++ * |
1722 |
++ * For all other device memory types, which are accessible by |
1723 |
++ * the CPU, we do want the linear mapping and thus use |
1724 |
++ * arch_add_memory(). |
1725 |
++ */ |
1726 |
++ if (pgmap->type == MEMORY_DEVICE_PRIVATE) { |
1727 |
++ error = add_pages(nid, align_start >> PAGE_SHIFT, |
1728 |
++ align_size >> PAGE_SHIFT, NULL, false); |
1729 |
++ } else { |
1730 |
++ error = kasan_add_zero_shadow(__va(align_start), align_size); |
1731 |
++ if (error) { |
1732 |
++ mem_hotplug_done(); |
1733 |
++ goto err_kasan; |
1734 |
++ } |
1735 |
++ |
1736 |
++ error = arch_add_memory(nid, align_start, align_size, altmap, |
1737 |
++ false); |
1738 |
++ } |
1739 |
++ |
1740 |
++ if (!error) { |
1741 |
++ struct zone *zone; |
1742 |
++ |
1743 |
++ zone = &NODE_DATA(nid)->node_zones[ZONE_DEVICE]; |
1744 |
++ move_pfn_range_to_zone(zone, align_start >> PAGE_SHIFT, |
1745 |
++ align_size >> PAGE_SHIFT, altmap); |
1746 |
+ } |
1747 |
+ |
1748 |
+- error = arch_add_memory(nid, align_start, align_size, altmap, false); |
1749 |
+- if (!error) |
1750 |
+- move_pfn_range_to_zone(&NODE_DATA(nid)->node_zones[ZONE_DEVICE], |
1751 |
+- align_start >> PAGE_SHIFT, |
1752 |
+- align_size >> PAGE_SHIFT, altmap); |
1753 |
+ mem_hotplug_done(); |
1754 |
+ if (error) |
1755 |
+ goto err_add_memory; |
1756 |
+@@ -220,7 +240,10 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) |
1757 |
+ align_size >> PAGE_SHIFT, pgmap); |
1758 |
+ percpu_ref_get_many(pgmap->ref, pfn_end(pgmap) - pfn_first(pgmap)); |
1759 |
+ |
1760 |
+- devm_add_action(dev, devm_memremap_pages_release, pgmap); |
1761 |
++ error = devm_add_action_or_reset(dev, devm_memremap_pages_release, |
1762 |
++ pgmap); |
1763 |
++ if (error) |
1764 |
++ return ERR_PTR(error); |
1765 |
+ |
1766 |
+ return __va(res->start); |
1767 |
+ |
1768 |
+@@ -231,9 +254,10 @@ void *devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) |
1769 |
+ err_pfn_remap: |
1770 |
+ pgmap_array_delete(res); |
1771 |
+ err_array: |
1772 |
++ pgmap->kill(pgmap->ref); |
1773 |
+ return ERR_PTR(error); |
1774 |
+ } |
1775 |
+-EXPORT_SYMBOL(devm_memremap_pages); |
1776 |
++EXPORT_SYMBOL_GPL(devm_memremap_pages); |
1777 |
+ |
1778 |
+ unsigned long vmem_altmap_offset(struct vmem_altmap *altmap) |
1779 |
+ { |
1780 |
+diff --git a/kernel/pid.c b/kernel/pid.c |
1781 |
+index b2f6c506035d..20881598bdfa 100644 |
1782 |
+--- a/kernel/pid.c |
1783 |
++++ b/kernel/pid.c |
1784 |
+@@ -233,8 +233,10 @@ out_unlock: |
1785 |
+ |
1786 |
+ out_free: |
1787 |
+ spin_lock_irq(&pidmap_lock); |
1788 |
+- while (++i <= ns->level) |
1789 |
+- idr_remove(&ns->idr, (pid->numbers + i)->nr); |
1790 |
++ while (++i <= ns->level) { |
1791 |
++ upid = pid->numbers + i; |
1792 |
++ idr_remove(&upid->ns->idr, upid->nr); |
1793 |
++ } |
1794 |
+ |
1795 |
+ /* On failure to allocate the first pid, reset the state */ |
1796 |
+ if (ns->pid_allocated == PIDNS_ADDING) |
1797 |
+diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c |
1798 |
+index a8846ed7f352..a180abc8c925 100644 |
1799 |
+--- a/kernel/rcu/srcutree.c |
1800 |
++++ b/kernel/rcu/srcutree.c |
1801 |
+@@ -451,10 +451,12 @@ static void srcu_gp_start(struct srcu_struct *sp) |
1802 |
+ |
1803 |
+ lockdep_assert_held(&ACCESS_PRIVATE(sp, lock)); |
1804 |
+ WARN_ON_ONCE(ULONG_CMP_GE(sp->srcu_gp_seq, sp->srcu_gp_seq_needed)); |
1805 |
++ spin_lock_rcu_node(sdp); /* Interrupts already disabled. */ |
1806 |
+ rcu_segcblist_advance(&sdp->srcu_cblist, |
1807 |
+ rcu_seq_current(&sp->srcu_gp_seq)); |
1808 |
+ (void)rcu_segcblist_accelerate(&sdp->srcu_cblist, |
1809 |
+ rcu_seq_snap(&sp->srcu_gp_seq)); |
1810 |
++ spin_unlock_rcu_node(sdp); /* Interrupts remain disabled. */ |
1811 |
+ smp_mb(); /* Order prior store to ->srcu_gp_seq_needed vs. GP start. */ |
1812 |
+ rcu_seq_start(&sp->srcu_gp_seq); |
1813 |
+ state = rcu_seq_state(READ_ONCE(sp->srcu_gp_seq)); |
1814 |
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
1815 |
+index ac855b2f4774..e8f191ba3fe5 100644 |
1816 |
+--- a/kernel/sched/fair.c |
1817 |
++++ b/kernel/sched/fair.c |
1818 |
+@@ -352,10 +352,9 @@ static inline void list_del_leaf_cfs_rq(struct cfs_rq *cfs_rq) |
1819 |
+ } |
1820 |
+ } |
1821 |
+ |
1822 |
+-/* Iterate thr' all leaf cfs_rq's on a runqueue */ |
1823 |
+-#define for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos) \ |
1824 |
+- list_for_each_entry_safe(cfs_rq, pos, &rq->leaf_cfs_rq_list, \ |
1825 |
+- leaf_cfs_rq_list) |
1826 |
++/* Iterate through all leaf cfs_rq's on a runqueue: */ |
1827 |
++#define for_each_leaf_cfs_rq(rq, cfs_rq) \ |
1828 |
++ list_for_each_entry_rcu(cfs_rq, &rq->leaf_cfs_rq_list, leaf_cfs_rq_list) |
1829 |
+ |
1830 |
+ /* Do the two (enqueued) entities belong to the same group ? */ |
1831 |
+ static inline struct cfs_rq * |
1832 |
+@@ -447,8 +446,8 @@ static inline void list_del_leaf_cfs_rq(struct cfs_rq *cfs_rq) |
1833 |
+ { |
1834 |
+ } |
1835 |
+ |
1836 |
+-#define for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos) \ |
1837 |
+- for (cfs_rq = &rq->cfs, pos = NULL; cfs_rq; cfs_rq = pos) |
1838 |
++#define for_each_leaf_cfs_rq(rq, cfs_rq) \ |
1839 |
++ for (cfs_rq = &rq->cfs; cfs_rq; cfs_rq = NULL) |
1840 |
+ |
1841 |
+ static inline struct sched_entity *parent_entity(struct sched_entity *se) |
1842 |
+ { |
1843 |
+@@ -7387,27 +7386,10 @@ static inline bool others_have_blocked(struct rq *rq) |
1844 |
+ |
1845 |
+ #ifdef CONFIG_FAIR_GROUP_SCHED |
1846 |
+ |
1847 |
+-static inline bool cfs_rq_is_decayed(struct cfs_rq *cfs_rq) |
1848 |
+-{ |
1849 |
+- if (cfs_rq->load.weight) |
1850 |
+- return false; |
1851 |
+- |
1852 |
+- if (cfs_rq->avg.load_sum) |
1853 |
+- return false; |
1854 |
+- |
1855 |
+- if (cfs_rq->avg.util_sum) |
1856 |
+- return false; |
1857 |
+- |
1858 |
+- if (cfs_rq->avg.runnable_load_sum) |
1859 |
+- return false; |
1860 |
+- |
1861 |
+- return true; |
1862 |
+-} |
1863 |
+- |
1864 |
+ static void update_blocked_averages(int cpu) |
1865 |
+ { |
1866 |
+ struct rq *rq = cpu_rq(cpu); |
1867 |
+- struct cfs_rq *cfs_rq, *pos; |
1868 |
++ struct cfs_rq *cfs_rq; |
1869 |
+ const struct sched_class *curr_class; |
1870 |
+ struct rq_flags rf; |
1871 |
+ bool done = true; |
1872 |
+@@ -7419,7 +7401,7 @@ static void update_blocked_averages(int cpu) |
1873 |
+ * Iterates the task_group tree in a bottom up fashion, see |
1874 |
+ * list_add_leaf_cfs_rq() for details. |
1875 |
+ */ |
1876 |
+- for_each_leaf_cfs_rq_safe(rq, cfs_rq, pos) { |
1877 |
++ for_each_leaf_cfs_rq(rq, cfs_rq) { |
1878 |
+ struct sched_entity *se; |
1879 |
+ |
1880 |
+ /* throttled entities do not contribute to load */ |
1881 |
+@@ -7434,13 +7416,6 @@ static void update_blocked_averages(int cpu) |
1882 |
+ if (se && !skip_blocked_update(se)) |
1883 |
+ update_load_avg(cfs_rq_of(se), se, 0); |
1884 |
+ |
1885 |
+- /* |
1886 |
+- * There can be a lot of idle CPU cgroups. Don't let fully |
1887 |
+- * decayed cfs_rqs linger on the list. |
1888 |
+- */ |
1889 |
+- if (cfs_rq_is_decayed(cfs_rq)) |
1890 |
+- list_del_leaf_cfs_rq(cfs_rq); |
1891 |
+- |
1892 |
+ /* Don't need periodic decay once load/util_avg are null */ |
1893 |
+ if (cfs_rq_has_blocked(cfs_rq)) |
1894 |
+ done = false; |
1895 |
+@@ -10289,10 +10264,10 @@ const struct sched_class fair_sched_class = { |
1896 |
+ #ifdef CONFIG_SCHED_DEBUG |
1897 |
+ void print_cfs_stats(struct seq_file *m, int cpu) |
1898 |
+ { |
1899 |
+- struct cfs_rq *cfs_rq, *pos; |
1900 |
++ struct cfs_rq *cfs_rq; |
1901 |
+ |
1902 |
+ rcu_read_lock(); |
1903 |
+- for_each_leaf_cfs_rq_safe(cpu_rq(cpu), cfs_rq, pos) |
1904 |
++ for_each_leaf_cfs_rq(cpu_rq(cpu), cfs_rq) |
1905 |
+ print_cfs_rq(m, cpu, cfs_rq); |
1906 |
+ rcu_read_unlock(); |
1907 |
+ } |
1908 |
+diff --git a/lib/test_debug_virtual.c b/lib/test_debug_virtual.c |
1909 |
+index d5a06addeb27..bf864c73e462 100644 |
1910 |
+--- a/lib/test_debug_virtual.c |
1911 |
++++ b/lib/test_debug_virtual.c |
1912 |
+@@ -5,6 +5,7 @@ |
1913 |
+ #include <linux/vmalloc.h> |
1914 |
+ #include <linux/slab.h> |
1915 |
+ #include <linux/sizes.h> |
1916 |
++#include <linux/io.h> |
1917 |
+ |
1918 |
+ #include <asm/page.h> |
1919 |
+ #ifdef CONFIG_MIPS |
1920 |
+diff --git a/mm/hmm.c b/mm/hmm.c |
1921 |
+index 90c34f3d1243..50fbaf80f95e 100644 |
1922 |
+--- a/mm/hmm.c |
1923 |
++++ b/mm/hmm.c |
1924 |
+@@ -986,19 +986,16 @@ static void hmm_devmem_ref_exit(void *data) |
1925 |
+ struct hmm_devmem *devmem; |
1926 |
+ |
1927 |
+ devmem = container_of(ref, struct hmm_devmem, ref); |
1928 |
++ wait_for_completion(&devmem->completion); |
1929 |
+ percpu_ref_exit(ref); |
1930 |
+- devm_remove_action(devmem->device, &hmm_devmem_ref_exit, data); |
1931 |
+ } |
1932 |
+ |
1933 |
+-static void hmm_devmem_ref_kill(void *data) |
1934 |
++static void hmm_devmem_ref_kill(struct percpu_ref *ref) |
1935 |
+ { |
1936 |
+- struct percpu_ref *ref = data; |
1937 |
+ struct hmm_devmem *devmem; |
1938 |
+ |
1939 |
+ devmem = container_of(ref, struct hmm_devmem, ref); |
1940 |
+ percpu_ref_kill(ref); |
1941 |
+- wait_for_completion(&devmem->completion); |
1942 |
+- devm_remove_action(devmem->device, &hmm_devmem_ref_kill, data); |
1943 |
+ } |
1944 |
+ |
1945 |
+ static int hmm_devmem_fault(struct vm_area_struct *vma, |
1946 |
+@@ -1021,172 +1018,6 @@ static void hmm_devmem_free(struct page *page, void *data) |
1947 |
+ devmem->ops->free(devmem, page); |
1948 |
+ } |
1949 |
+ |
1950 |
+-static DEFINE_MUTEX(hmm_devmem_lock); |
1951 |
+-static RADIX_TREE(hmm_devmem_radix, GFP_KERNEL); |
1952 |
+- |
1953 |
+-static void hmm_devmem_radix_release(struct resource *resource) |
1954 |
+-{ |
1955 |
+- resource_size_t key; |
1956 |
+- |
1957 |
+- mutex_lock(&hmm_devmem_lock); |
1958 |
+- for (key = resource->start; |
1959 |
+- key <= resource->end; |
1960 |
+- key += PA_SECTION_SIZE) |
1961 |
+- radix_tree_delete(&hmm_devmem_radix, key >> PA_SECTION_SHIFT); |
1962 |
+- mutex_unlock(&hmm_devmem_lock); |
1963 |
+-} |
1964 |
+- |
1965 |
+-static void hmm_devmem_release(struct device *dev, void *data) |
1966 |
+-{ |
1967 |
+- struct hmm_devmem *devmem = data; |
1968 |
+- struct resource *resource = devmem->resource; |
1969 |
+- unsigned long start_pfn, npages; |
1970 |
+- struct zone *zone; |
1971 |
+- struct page *page; |
1972 |
+- |
1973 |
+- if (percpu_ref_tryget_live(&devmem->ref)) { |
1974 |
+- dev_WARN(dev, "%s: page mapping is still live!\n", __func__); |
1975 |
+- percpu_ref_put(&devmem->ref); |
1976 |
+- } |
1977 |
+- |
1978 |
+- /* pages are dead and unused, undo the arch mapping */ |
1979 |
+- start_pfn = (resource->start & ~(PA_SECTION_SIZE - 1)) >> PAGE_SHIFT; |
1980 |
+- npages = ALIGN(resource_size(resource), PA_SECTION_SIZE) >> PAGE_SHIFT; |
1981 |
+- |
1982 |
+- page = pfn_to_page(start_pfn); |
1983 |
+- zone = page_zone(page); |
1984 |
+- |
1985 |
+- mem_hotplug_begin(); |
1986 |
+- if (resource->desc == IORES_DESC_DEVICE_PRIVATE_MEMORY) |
1987 |
+- __remove_pages(zone, start_pfn, npages, NULL); |
1988 |
+- else |
1989 |
+- arch_remove_memory(start_pfn << PAGE_SHIFT, |
1990 |
+- npages << PAGE_SHIFT, NULL); |
1991 |
+- mem_hotplug_done(); |
1992 |
+- |
1993 |
+- hmm_devmem_radix_release(resource); |
1994 |
+-} |
1995 |
+- |
1996 |
+-static int hmm_devmem_pages_create(struct hmm_devmem *devmem) |
1997 |
+-{ |
1998 |
+- resource_size_t key, align_start, align_size, align_end; |
1999 |
+- struct device *device = devmem->device; |
2000 |
+- int ret, nid, is_ram; |
2001 |
+- |
2002 |
+- align_start = devmem->resource->start & ~(PA_SECTION_SIZE - 1); |
2003 |
+- align_size = ALIGN(devmem->resource->start + |
2004 |
+- resource_size(devmem->resource), |
2005 |
+- PA_SECTION_SIZE) - align_start; |
2006 |
+- |
2007 |
+- is_ram = region_intersects(align_start, align_size, |
2008 |
+- IORESOURCE_SYSTEM_RAM, |
2009 |
+- IORES_DESC_NONE); |
2010 |
+- if (is_ram == REGION_MIXED) { |
2011 |
+- WARN_ONCE(1, "%s attempted on mixed region %pr\n", |
2012 |
+- __func__, devmem->resource); |
2013 |
+- return -ENXIO; |
2014 |
+- } |
2015 |
+- if (is_ram == REGION_INTERSECTS) |
2016 |
+- return -ENXIO; |
2017 |
+- |
2018 |
+- if (devmem->resource->desc == IORES_DESC_DEVICE_PUBLIC_MEMORY) |
2019 |
+- devmem->pagemap.type = MEMORY_DEVICE_PUBLIC; |
2020 |
+- else |
2021 |
+- devmem->pagemap.type = MEMORY_DEVICE_PRIVATE; |
2022 |
+- |
2023 |
+- devmem->pagemap.res = *devmem->resource; |
2024 |
+- devmem->pagemap.page_fault = hmm_devmem_fault; |
2025 |
+- devmem->pagemap.page_free = hmm_devmem_free; |
2026 |
+- devmem->pagemap.dev = devmem->device; |
2027 |
+- devmem->pagemap.ref = &devmem->ref; |
2028 |
+- devmem->pagemap.data = devmem; |
2029 |
+- |
2030 |
+- mutex_lock(&hmm_devmem_lock); |
2031 |
+- align_end = align_start + align_size - 1; |
2032 |
+- for (key = align_start; key <= align_end; key += PA_SECTION_SIZE) { |
2033 |
+- struct hmm_devmem *dup; |
2034 |
+- |
2035 |
+- dup = radix_tree_lookup(&hmm_devmem_radix, |
2036 |
+- key >> PA_SECTION_SHIFT); |
2037 |
+- if (dup) { |
2038 |
+- dev_err(device, "%s: collides with mapping for %s\n", |
2039 |
+- __func__, dev_name(dup->device)); |
2040 |
+- mutex_unlock(&hmm_devmem_lock); |
2041 |
+- ret = -EBUSY; |
2042 |
+- goto error; |
2043 |
+- } |
2044 |
+- ret = radix_tree_insert(&hmm_devmem_radix, |
2045 |
+- key >> PA_SECTION_SHIFT, |
2046 |
+- devmem); |
2047 |
+- if (ret) { |
2048 |
+- dev_err(device, "%s: failed: %d\n", __func__, ret); |
2049 |
+- mutex_unlock(&hmm_devmem_lock); |
2050 |
+- goto error_radix; |
2051 |
+- } |
2052 |
+- } |
2053 |
+- mutex_unlock(&hmm_devmem_lock); |
2054 |
+- |
2055 |
+- nid = dev_to_node(device); |
2056 |
+- if (nid < 0) |
2057 |
+- nid = numa_mem_id(); |
2058 |
+- |
2059 |
+- mem_hotplug_begin(); |
2060 |
+- /* |
2061 |
+- * For device private memory we call add_pages() as we only need to |
2062 |
+- * allocate and initialize struct page for the device memory. More- |
2063 |
+- * over the device memory is un-accessible thus we do not want to |
2064 |
+- * create a linear mapping for the memory like arch_add_memory() |
2065 |
+- * would do. |
2066 |
+- * |
2067 |
+- * For device public memory, which is accesible by the CPU, we do |
2068 |
+- * want the linear mapping and thus use arch_add_memory(). |
2069 |
+- */ |
2070 |
+- if (devmem->pagemap.type == MEMORY_DEVICE_PUBLIC) |
2071 |
+- ret = arch_add_memory(nid, align_start, align_size, NULL, |
2072 |
+- false); |
2073 |
+- else |
2074 |
+- ret = add_pages(nid, align_start >> PAGE_SHIFT, |
2075 |
+- align_size >> PAGE_SHIFT, NULL, false); |
2076 |
+- if (ret) { |
2077 |
+- mem_hotplug_done(); |
2078 |
+- goto error_add_memory; |
2079 |
+- } |
2080 |
+- move_pfn_range_to_zone(&NODE_DATA(nid)->node_zones[ZONE_DEVICE], |
2081 |
+- align_start >> PAGE_SHIFT, |
2082 |
+- align_size >> PAGE_SHIFT, NULL); |
2083 |
+- mem_hotplug_done(); |
2084 |
+- |
2085 |
+- /* |
2086 |
+- * Initialization of the pages has been deferred until now in order |
2087 |
+- * to allow us to do the work while not holding the hotplug lock. |
2088 |
+- */ |
2089 |
+- memmap_init_zone_device(&NODE_DATA(nid)->node_zones[ZONE_DEVICE], |
2090 |
+- align_start >> PAGE_SHIFT, |
2091 |
+- align_size >> PAGE_SHIFT, &devmem->pagemap); |
2092 |
+- |
2093 |
+- return 0; |
2094 |
+- |
2095 |
+-error_add_memory: |
2096 |
+- untrack_pfn(NULL, PHYS_PFN(align_start), align_size); |
2097 |
+-error_radix: |
2098 |
+- hmm_devmem_radix_release(devmem->resource); |
2099 |
+-error: |
2100 |
+- return ret; |
2101 |
+-} |
2102 |
+- |
2103 |
+-static int hmm_devmem_match(struct device *dev, void *data, void *match_data) |
2104 |
+-{ |
2105 |
+- struct hmm_devmem *devmem = data; |
2106 |
+- |
2107 |
+- return devmem->resource == match_data; |
2108 |
+-} |
2109 |
+- |
2110 |
+-static void hmm_devmem_pages_remove(struct hmm_devmem *devmem) |
2111 |
+-{ |
2112 |
+- devres_release(devmem->device, &hmm_devmem_release, |
2113 |
+- &hmm_devmem_match, devmem->resource); |
2114 |
+-} |
2115 |
+- |
2116 |
+ /* |
2117 |
+ * hmm_devmem_add() - hotplug ZONE_DEVICE memory for device memory |
2118 |
+ * |
2119 |
+@@ -1210,12 +1041,12 @@ struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops, |
2120 |
+ { |
2121 |
+ struct hmm_devmem *devmem; |
2122 |
+ resource_size_t addr; |
2123 |
++ void *result; |
2124 |
+ int ret; |
2125 |
+ |
2126 |
+ dev_pagemap_get_ops(); |
2127 |
+ |
2128 |
+- devmem = devres_alloc_node(&hmm_devmem_release, sizeof(*devmem), |
2129 |
+- GFP_KERNEL, dev_to_node(device)); |
2130 |
++ devmem = devm_kzalloc(device, sizeof(*devmem), GFP_KERNEL); |
2131 |
+ if (!devmem) |
2132 |
+ return ERR_PTR(-ENOMEM); |
2133 |
+ |
2134 |
+@@ -1229,11 +1060,11 @@ struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops, |
2135 |
+ ret = percpu_ref_init(&devmem->ref, &hmm_devmem_ref_release, |
2136 |
+ 0, GFP_KERNEL); |
2137 |
+ if (ret) |
2138 |
+- goto error_percpu_ref; |
2139 |
++ return ERR_PTR(ret); |
2140 |
+ |
2141 |
+- ret = devm_add_action(device, hmm_devmem_ref_exit, &devmem->ref); |
2142 |
++ ret = devm_add_action_or_reset(device, hmm_devmem_ref_exit, &devmem->ref); |
2143 |
+ if (ret) |
2144 |
+- goto error_devm_add_action; |
2145 |
++ return ERR_PTR(ret); |
2146 |
+ |
2147 |
+ size = ALIGN(size, PA_SECTION_SIZE); |
2148 |
+ addr = min((unsigned long)iomem_resource.end, |
2149 |
+@@ -1253,54 +1084,40 @@ struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops, |
2150 |
+ |
2151 |
+ devmem->resource = devm_request_mem_region(device, addr, size, |
2152 |
+ dev_name(device)); |
2153 |
+- if (!devmem->resource) { |
2154 |
+- ret = -ENOMEM; |
2155 |
+- goto error_no_resource; |
2156 |
+- } |
2157 |
++ if (!devmem->resource) |
2158 |
++ return ERR_PTR(-ENOMEM); |
2159 |
+ break; |
2160 |
+ } |
2161 |
+- if (!devmem->resource) { |
2162 |
+- ret = -ERANGE; |
2163 |
+- goto error_no_resource; |
2164 |
+- } |
2165 |
++ if (!devmem->resource) |
2166 |
++ return ERR_PTR(-ERANGE); |
2167 |
+ |
2168 |
+ devmem->resource->desc = IORES_DESC_DEVICE_PRIVATE_MEMORY; |
2169 |
+ devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT; |
2170 |
+ devmem->pfn_last = devmem->pfn_first + |
2171 |
+ (resource_size(devmem->resource) >> PAGE_SHIFT); |
2172 |
+ |
2173 |
+- ret = hmm_devmem_pages_create(devmem); |
2174 |
+- if (ret) |
2175 |
+- goto error_pages; |
2176 |
+- |
2177 |
+- devres_add(device, devmem); |
2178 |
+- |
2179 |
+- ret = devm_add_action(device, hmm_devmem_ref_kill, &devmem->ref); |
2180 |
+- if (ret) { |
2181 |
+- hmm_devmem_remove(devmem); |
2182 |
+- return ERR_PTR(ret); |
2183 |
+- } |
2184 |
++ devmem->pagemap.type = MEMORY_DEVICE_PRIVATE; |
2185 |
++ devmem->pagemap.res = *devmem->resource; |
2186 |
++ devmem->pagemap.page_fault = hmm_devmem_fault; |
2187 |
++ devmem->pagemap.page_free = hmm_devmem_free; |
2188 |
++ devmem->pagemap.altmap_valid = false; |
2189 |
++ devmem->pagemap.ref = &devmem->ref; |
2190 |
++ devmem->pagemap.data = devmem; |
2191 |
++ devmem->pagemap.kill = hmm_devmem_ref_kill; |
2192 |
+ |
2193 |
++ result = devm_memremap_pages(devmem->device, &devmem->pagemap); |
2194 |
++ if (IS_ERR(result)) |
2195 |
++ return result; |
2196 |
+ return devmem; |
2197 |
+- |
2198 |
+-error_pages: |
2199 |
+- devm_release_mem_region(device, devmem->resource->start, |
2200 |
+- resource_size(devmem->resource)); |
2201 |
+-error_no_resource: |
2202 |
+-error_devm_add_action: |
2203 |
+- hmm_devmem_ref_kill(&devmem->ref); |
2204 |
+- hmm_devmem_ref_exit(&devmem->ref); |
2205 |
+-error_percpu_ref: |
2206 |
+- devres_free(devmem); |
2207 |
+- return ERR_PTR(ret); |
2208 |
+ } |
2209 |
+-EXPORT_SYMBOL(hmm_devmem_add); |
2210 |
++EXPORT_SYMBOL_GPL(hmm_devmem_add); |
2211 |
+ |
2212 |
+ struct hmm_devmem *hmm_devmem_add_resource(const struct hmm_devmem_ops *ops, |
2213 |
+ struct device *device, |
2214 |
+ struct resource *res) |
2215 |
+ { |
2216 |
+ struct hmm_devmem *devmem; |
2217 |
++ void *result; |
2218 |
+ int ret; |
2219 |
+ |
2220 |
+ if (res->desc != IORES_DESC_DEVICE_PUBLIC_MEMORY) |
2221 |
+@@ -1308,8 +1125,7 @@ struct hmm_devmem *hmm_devmem_add_resource(const struct hmm_devmem_ops *ops, |
2222 |
+ |
2223 |
+ dev_pagemap_get_ops(); |
2224 |
+ |
2225 |
+- devmem = devres_alloc_node(&hmm_devmem_release, sizeof(*devmem), |
2226 |
+- GFP_KERNEL, dev_to_node(device)); |
2227 |
++ devmem = devm_kzalloc(device, sizeof(*devmem), GFP_KERNEL); |
2228 |
+ if (!devmem) |
2229 |
+ return ERR_PTR(-ENOMEM); |
2230 |
+ |
2231 |
+@@ -1323,71 +1139,32 @@ struct hmm_devmem *hmm_devmem_add_resource(const struct hmm_devmem_ops *ops, |
2232 |
+ ret = percpu_ref_init(&devmem->ref, &hmm_devmem_ref_release, |
2233 |
+ 0, GFP_KERNEL); |
2234 |
+ if (ret) |
2235 |
+- goto error_percpu_ref; |
2236 |
++ return ERR_PTR(ret); |
2237 |
+ |
2238 |
+- ret = devm_add_action(device, hmm_devmem_ref_exit, &devmem->ref); |
2239 |
++ ret = devm_add_action_or_reset(device, hmm_devmem_ref_exit, |
2240 |
++ &devmem->ref); |
2241 |
+ if (ret) |
2242 |
+- goto error_devm_add_action; |
2243 |
+- |
2244 |
++ return ERR_PTR(ret); |
2245 |
+ |
2246 |
+ devmem->pfn_first = devmem->resource->start >> PAGE_SHIFT; |
2247 |
+ devmem->pfn_last = devmem->pfn_first + |
2248 |
+ (resource_size(devmem->resource) >> PAGE_SHIFT); |
2249 |
+ |
2250 |
+- ret = hmm_devmem_pages_create(devmem); |
2251 |
+- if (ret) |
2252 |
+- goto error_devm_add_action; |
2253 |
+- |
2254 |
+- devres_add(device, devmem); |
2255 |
+- |
2256 |
+- ret = devm_add_action(device, hmm_devmem_ref_kill, &devmem->ref); |
2257 |
+- if (ret) { |
2258 |
+- hmm_devmem_remove(devmem); |
2259 |
+- return ERR_PTR(ret); |
2260 |
+- } |
2261 |
++ devmem->pagemap.type = MEMORY_DEVICE_PUBLIC; |
2262 |
++ devmem->pagemap.res = *devmem->resource; |
2263 |
++ devmem->pagemap.page_fault = hmm_devmem_fault; |
2264 |
++ devmem->pagemap.page_free = hmm_devmem_free; |
2265 |
++ devmem->pagemap.altmap_valid = false; |
2266 |
++ devmem->pagemap.ref = &devmem->ref; |
2267 |
++ devmem->pagemap.data = devmem; |
2268 |
++ devmem->pagemap.kill = hmm_devmem_ref_kill; |
2269 |
+ |
2270 |
++ result = devm_memremap_pages(devmem->device, &devmem->pagemap); |
2271 |
++ if (IS_ERR(result)) |
2272 |
++ return result; |
2273 |
+ return devmem; |
2274 |
+- |
2275 |
+-error_devm_add_action: |
2276 |
+- hmm_devmem_ref_kill(&devmem->ref); |
2277 |
+- hmm_devmem_ref_exit(&devmem->ref); |
2278 |
+-error_percpu_ref: |
2279 |
+- devres_free(devmem); |
2280 |
+- return ERR_PTR(ret); |
2281 |
+-} |
2282 |
+-EXPORT_SYMBOL(hmm_devmem_add_resource); |
2283 |
+- |
2284 |
+-/* |
2285 |
+- * hmm_devmem_remove() - remove device memory (kill and free ZONE_DEVICE) |
2286 |
+- * |
2287 |
+- * @devmem: hmm_devmem struct use to track and manage the ZONE_DEVICE memory |
2288 |
+- * |
2289 |
+- * This will hot-unplug memory that was hotplugged by hmm_devmem_add on behalf |
2290 |
+- * of the device driver. It will free struct page and remove the resource that |
2291 |
+- * reserved the physical address range for this device memory. |
2292 |
+- */ |
2293 |
+-void hmm_devmem_remove(struct hmm_devmem *devmem) |
2294 |
+-{ |
2295 |
+- resource_size_t start, size; |
2296 |
+- struct device *device; |
2297 |
+- bool cdm = false; |
2298 |
+- |
2299 |
+- if (!devmem) |
2300 |
+- return; |
2301 |
+- |
2302 |
+- device = devmem->device; |
2303 |
+- start = devmem->resource->start; |
2304 |
+- size = resource_size(devmem->resource); |
2305 |
+- |
2306 |
+- cdm = devmem->resource->desc == IORES_DESC_DEVICE_PUBLIC_MEMORY; |
2307 |
+- hmm_devmem_ref_kill(&devmem->ref); |
2308 |
+- hmm_devmem_ref_exit(&devmem->ref); |
2309 |
+- hmm_devmem_pages_remove(devmem); |
2310 |
+- |
2311 |
+- if (!cdm) |
2312 |
+- devm_release_mem_region(device, start, size); |
2313 |
+ } |
2314 |
+-EXPORT_SYMBOL(hmm_devmem_remove); |
2315 |
++EXPORT_SYMBOL_GPL(hmm_devmem_add_resource); |
2316 |
+ |
2317 |
+ /* |
2318 |
+ * A device driver that wants to handle multiple devices memory through a |
2319 |
+diff --git a/mm/memcontrol.c b/mm/memcontrol.c |
2320 |
+index 6e1469b80cb7..7e6bf74ddb1e 100644 |
2321 |
+--- a/mm/memcontrol.c |
2322 |
++++ b/mm/memcontrol.c |
2323 |
+@@ -1666,6 +1666,9 @@ enum oom_status { |
2324 |
+ |
2325 |
+ static enum oom_status mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int order) |
2326 |
+ { |
2327 |
++ enum oom_status ret; |
2328 |
++ bool locked; |
2329 |
++ |
2330 |
+ if (order > PAGE_ALLOC_COSTLY_ORDER) |
2331 |
+ return OOM_SKIPPED; |
2332 |
+ |
2333 |
+@@ -1700,10 +1703,23 @@ static enum oom_status mem_cgroup_oom(struct mem_cgroup *memcg, gfp_t mask, int |
2334 |
+ return OOM_ASYNC; |
2335 |
+ } |
2336 |
+ |
2337 |
++ mem_cgroup_mark_under_oom(memcg); |
2338 |
++ |
2339 |
++ locked = mem_cgroup_oom_trylock(memcg); |
2340 |
++ |
2341 |
++ if (locked) |
2342 |
++ mem_cgroup_oom_notify(memcg); |
2343 |
++ |
2344 |
++ mem_cgroup_unmark_under_oom(memcg); |
2345 |
+ if (mem_cgroup_out_of_memory(memcg, mask, order)) |
2346 |
+- return OOM_SUCCESS; |
2347 |
++ ret = OOM_SUCCESS; |
2348 |
++ else |
2349 |
++ ret = OOM_FAILED; |
2350 |
+ |
2351 |
+- return OOM_FAILED; |
2352 |
++ if (locked) |
2353 |
++ mem_cgroup_oom_unlock(memcg); |
2354 |
++ |
2355 |
++ return ret; |
2356 |
+ } |
2357 |
+ |
2358 |
+ /** |
2359 |
+diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c |
2360 |
+index 2b2b3ccbbfb5..cea0880eadfb 100644 |
2361 |
+--- a/mm/memory_hotplug.c |
2362 |
++++ b/mm/memory_hotplug.c |
2363 |
+@@ -34,6 +34,7 @@ |
2364 |
+ #include <linux/hugetlb.h> |
2365 |
+ #include <linux/memblock.h> |
2366 |
+ #include <linux/compaction.h> |
2367 |
++#include <linux/rmap.h> |
2368 |
+ |
2369 |
+ #include <asm/tlbflush.h> |
2370 |
+ |
2371 |
+@@ -1369,6 +1370,21 @@ do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) |
2372 |
+ pfn = page_to_pfn(compound_head(page)) |
2373 |
+ + hpage_nr_pages(page) - 1; |
2374 |
+ |
2375 |
++ /* |
2376 |
++ * HWPoison pages have elevated reference counts so the migration would |
2377 |
++ * fail on them. It also doesn't make any sense to migrate them in the |
2378 |
++ * first place. Still try to unmap such a page in case it is still mapped |
2379 |
++ * (e.g. current hwpoison implementation doesn't unmap KSM pages but keep |
2380 |
++ * the unmap as the catch all safety net). |
2381 |
++ */ |
2382 |
++ if (PageHWPoison(page)) { |
2383 |
++ if (WARN_ON(PageLRU(page))) |
2384 |
++ isolate_lru_page(page); |
2385 |
++ if (page_mapped(page)) |
2386 |
++ try_to_unmap(page, TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS); |
2387 |
++ continue; |
2388 |
++ } |
2389 |
++ |
2390 |
+ if (!get_page_unless_zero(page)) |
2391 |
+ continue; |
2392 |
+ /* |
2393 |
+diff --git a/mm/swapfile.c b/mm/swapfile.c |
2394 |
+index 8688ae65ef58..20d3c0f47a5f 100644 |
2395 |
+--- a/mm/swapfile.c |
2396 |
++++ b/mm/swapfile.c |
2397 |
+@@ -2197,7 +2197,8 @@ int try_to_unuse(unsigned int type, bool frontswap, |
2398 |
+ */ |
2399 |
+ if (PageSwapCache(page) && |
2400 |
+ likely(page_private(page) == entry.val) && |
2401 |
+- !page_swapped(page)) |
2402 |
++ (!PageTransCompound(page) || |
2403 |
++ !swap_page_trans_huge_swapped(si, entry))) |
2404 |
+ delete_from_swap_cache(compound_head(page)); |
2405 |
+ |
2406 |
+ /* |
2407 |
+diff --git a/net/9p/client.c b/net/9p/client.c |
2408 |
+index 2c9a17b9b46b..357214a51f13 100644 |
2409 |
+--- a/net/9p/client.c |
2410 |
++++ b/net/9p/client.c |
2411 |
+@@ -181,6 +181,12 @@ static int parse_opts(char *opts, struct p9_client *clnt) |
2412 |
+ ret = r; |
2413 |
+ continue; |
2414 |
+ } |
2415 |
++ if (option < 4096) { |
2416 |
++ p9_debug(P9_DEBUG_ERROR, |
2417 |
++ "msize should be at least 4k\n"); |
2418 |
++ ret = -EINVAL; |
2419 |
++ continue; |
2420 |
++ } |
2421 |
+ clnt->msize = option; |
2422 |
+ break; |
2423 |
+ case Opt_trans: |
2424 |
+@@ -983,10 +989,18 @@ static int p9_client_version(struct p9_client *c) |
2425 |
+ else if (!strncmp(version, "9P2000", 6)) |
2426 |
+ c->proto_version = p9_proto_legacy; |
2427 |
+ else { |
2428 |
++ p9_debug(P9_DEBUG_ERROR, |
2429 |
++ "server returned an unknown version: %s\n", version); |
2430 |
+ err = -EREMOTEIO; |
2431 |
+ goto error; |
2432 |
+ } |
2433 |
+ |
2434 |
++ if (msize < 4096) { |
2435 |
++ p9_debug(P9_DEBUG_ERROR, |
2436 |
++ "server returned a msize < 4096: %d\n", msize); |
2437 |
++ err = -EREMOTEIO; |
2438 |
++ goto error; |
2439 |
++ } |
2440 |
+ if (msize < c->msize) |
2441 |
+ c->msize = msize; |
2442 |
+ |
2443 |
+@@ -1043,6 +1057,13 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) |
2444 |
+ if (clnt->msize > clnt->trans_mod->maxsize) |
2445 |
+ clnt->msize = clnt->trans_mod->maxsize; |
2446 |
+ |
2447 |
++ if (clnt->msize < 4096) { |
2448 |
++ p9_debug(P9_DEBUG_ERROR, |
2449 |
++ "Please specify a msize of at least 4k\n"); |
2450 |
++ err = -EINVAL; |
2451 |
++ goto free_client; |
2452 |
++ } |
2453 |
++ |
2454 |
+ err = p9_client_version(clnt); |
2455 |
+ if (err) |
2456 |
+ goto close_trans; |
2457 |
+diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c |
2458 |
+index 1ece4bc3eb8d..152790ed309c 100644 |
2459 |
+--- a/net/sunrpc/auth_gss/svcauth_gss.c |
2460 |
++++ b/net/sunrpc/auth_gss/svcauth_gss.c |
2461 |
+@@ -1142,7 +1142,7 @@ static int svcauth_gss_legacy_init(struct svc_rqst *rqstp, |
2462 |
+ struct kvec *resv = &rqstp->rq_res.head[0]; |
2463 |
+ struct rsi *rsip, rsikey; |
2464 |
+ int ret; |
2465 |
+- struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id); |
2466 |
++ struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
2467 |
+ |
2468 |
+ memset(&rsikey, 0, sizeof(rsikey)); |
2469 |
+ ret = gss_read_verf(gc, argv, authp, |
2470 |
+@@ -1253,7 +1253,7 @@ static int svcauth_gss_proxy_init(struct svc_rqst *rqstp, |
2471 |
+ uint64_t handle; |
2472 |
+ int status; |
2473 |
+ int ret; |
2474 |
+- struct net *net = rqstp->rq_xprt->xpt_net; |
2475 |
++ struct net *net = SVC_NET(rqstp); |
2476 |
+ struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); |
2477 |
+ |
2478 |
+ memset(&ud, 0, sizeof(ud)); |
2479 |
+@@ -1444,7 +1444,7 @@ svcauth_gss_accept(struct svc_rqst *rqstp, __be32 *authp) |
2480 |
+ __be32 *rpcstart; |
2481 |
+ __be32 *reject_stat = resv->iov_base + resv->iov_len; |
2482 |
+ int ret; |
2483 |
+- struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id); |
2484 |
++ struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
2485 |
+ |
2486 |
+ dprintk("RPC: svcauth_gss: argv->iov_len = %zd\n", |
2487 |
+ argv->iov_len); |
2488 |
+@@ -1734,7 +1734,7 @@ svcauth_gss_release(struct svc_rqst *rqstp) |
2489 |
+ struct rpc_gss_wire_cred *gc = &gsd->clcred; |
2490 |
+ struct xdr_buf *resbuf = &rqstp->rq_res; |
2491 |
+ int stat = -EINVAL; |
2492 |
+- struct sunrpc_net *sn = net_generic(rqstp->rq_xprt->xpt_net, sunrpc_net_id); |
2493 |
++ struct sunrpc_net *sn = net_generic(SVC_NET(rqstp), sunrpc_net_id); |
2494 |
+ |
2495 |
+ if (gc->gc_proc != RPC_GSS_PROC_DATA) |
2496 |
+ goto out; |
2497 |
+diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c |
2498 |
+index f96345b1180e..12bb23b8e0c5 100644 |
2499 |
+--- a/net/sunrpc/cache.c |
2500 |
++++ b/net/sunrpc/cache.c |
2501 |
+@@ -54,6 +54,11 @@ static void cache_init(struct cache_head *h, struct cache_detail *detail) |
2502 |
+ h->last_refresh = now; |
2503 |
+ } |
2504 |
+ |
2505 |
++static void cache_fresh_locked(struct cache_head *head, time_t expiry, |
2506 |
++ struct cache_detail *detail); |
2507 |
++static void cache_fresh_unlocked(struct cache_head *head, |
2508 |
++ struct cache_detail *detail); |
2509 |
++ |
2510 |
+ static struct cache_head *sunrpc_cache_find_rcu(struct cache_detail *detail, |
2511 |
+ struct cache_head *key, |
2512 |
+ int hash) |
2513 |
+@@ -100,6 +105,7 @@ static struct cache_head *sunrpc_cache_add_entry(struct cache_detail *detail, |
2514 |
+ if (cache_is_expired(detail, tmp)) { |
2515 |
+ hlist_del_init_rcu(&tmp->cache_list); |
2516 |
+ detail->entries --; |
2517 |
++ cache_fresh_locked(tmp, 0, detail); |
2518 |
+ freeme = tmp; |
2519 |
+ break; |
2520 |
+ } |
2521 |
+@@ -115,8 +121,10 @@ static struct cache_head *sunrpc_cache_add_entry(struct cache_detail *detail, |
2522 |
+ cache_get(new); |
2523 |
+ spin_unlock(&detail->hash_lock); |
2524 |
+ |
2525 |
+- if (freeme) |
2526 |
++ if (freeme) { |
2527 |
++ cache_fresh_unlocked(freeme, detail); |
2528 |
+ cache_put(freeme, detail); |
2529 |
++ } |
2530 |
+ return new; |
2531 |
+ } |
2532 |
+ |
2533 |
+diff --git a/net/sunrpc/xprtrdma/frwr_ops.c b/net/sunrpc/xprtrdma/frwr_ops.c |
2534 |
+index fc6378cc0c1c..20ced24cc61b 100644 |
2535 |
+--- a/net/sunrpc/xprtrdma/frwr_ops.c |
2536 |
++++ b/net/sunrpc/xprtrdma/frwr_ops.c |
2537 |
+@@ -117,15 +117,15 @@ static void |
2538 |
+ frwr_mr_recycle_worker(struct work_struct *work) |
2539 |
+ { |
2540 |
+ struct rpcrdma_mr *mr = container_of(work, struct rpcrdma_mr, mr_recycle); |
2541 |
+- enum rpcrdma_frwr_state state = mr->frwr.fr_state; |
2542 |
+ struct rpcrdma_xprt *r_xprt = mr->mr_xprt; |
2543 |
+ |
2544 |
+ trace_xprtrdma_mr_recycle(mr); |
2545 |
+ |
2546 |
+- if (state != FRWR_FLUSHED_LI) { |
2547 |
++ if (mr->mr_dir != DMA_NONE) { |
2548 |
+ trace_xprtrdma_mr_unmap(mr); |
2549 |
+ ib_dma_unmap_sg(r_xprt->rx_ia.ri_device, |
2550 |
+ mr->mr_sg, mr->mr_nents, mr->mr_dir); |
2551 |
++ mr->mr_dir = DMA_NONE; |
2552 |
+ } |
2553 |
+ |
2554 |
+ spin_lock(&r_xprt->rx_buf.rb_mrlock); |
2555 |
+@@ -150,6 +150,8 @@ frwr_op_init_mr(struct rpcrdma_ia *ia, struct rpcrdma_mr *mr) |
2556 |
+ if (!mr->mr_sg) |
2557 |
+ goto out_list_err; |
2558 |
+ |
2559 |
++ frwr->fr_state = FRWR_IS_INVALID; |
2560 |
++ mr->mr_dir = DMA_NONE; |
2561 |
+ INIT_LIST_HEAD(&mr->mr_list); |
2562 |
+ INIT_WORK(&mr->mr_recycle, frwr_mr_recycle_worker); |
2563 |
+ sg_init_table(mr->mr_sg, depth); |
2564 |
+diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c |
2565 |
+index 3ddba94c939f..b9bc7f9f6bb9 100644 |
2566 |
+--- a/net/sunrpc/xprtrdma/verbs.c |
2567 |
++++ b/net/sunrpc/xprtrdma/verbs.c |
2568 |
+@@ -1329,9 +1329,12 @@ rpcrdma_mr_unmap_and_put(struct rpcrdma_mr *mr) |
2569 |
+ { |
2570 |
+ struct rpcrdma_xprt *r_xprt = mr->mr_xprt; |
2571 |
+ |
2572 |
+- trace_xprtrdma_mr_unmap(mr); |
2573 |
+- ib_dma_unmap_sg(r_xprt->rx_ia.ri_device, |
2574 |
+- mr->mr_sg, mr->mr_nents, mr->mr_dir); |
2575 |
++ if (mr->mr_dir != DMA_NONE) { |
2576 |
++ trace_xprtrdma_mr_unmap(mr); |
2577 |
++ ib_dma_unmap_sg(r_xprt->rx_ia.ri_device, |
2578 |
++ mr->mr_sg, mr->mr_nents, mr->mr_dir); |
2579 |
++ mr->mr_dir = DMA_NONE; |
2580 |
++ } |
2581 |
+ __rpcrdma_mr_put(&r_xprt->rx_buf, mr); |
2582 |
+ } |
2583 |
+ |
2584 |
+diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c |
2585 |
+index f4eadd3f7350..b63ef865ce1e 100644 |
2586 |
+--- a/security/selinux/ss/policydb.c |
2587 |
++++ b/security/selinux/ss/policydb.c |
2588 |
+@@ -2108,6 +2108,7 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, |
2589 |
+ { |
2590 |
+ int i, j, rc; |
2591 |
+ u32 nel, len; |
2592 |
++ __be64 prefixbuf[1]; |
2593 |
+ __le32 buf[3]; |
2594 |
+ struct ocontext *l, *c; |
2595 |
+ u32 nodebuf[8]; |
2596 |
+@@ -2217,21 +2218,30 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, |
2597 |
+ goto out; |
2598 |
+ break; |
2599 |
+ } |
2600 |
+- case OCON_IBPKEY: |
2601 |
+- rc = next_entry(nodebuf, fp, sizeof(u32) * 4); |
2602 |
++ case OCON_IBPKEY: { |
2603 |
++ u32 pkey_lo, pkey_hi; |
2604 |
++ |
2605 |
++ rc = next_entry(prefixbuf, fp, sizeof(u64)); |
2606 |
++ if (rc) |
2607 |
++ goto out; |
2608 |
++ |
2609 |
++ /* we need to have subnet_prefix in CPU order */ |
2610 |
++ c->u.ibpkey.subnet_prefix = be64_to_cpu(prefixbuf[0]); |
2611 |
++ |
2612 |
++ rc = next_entry(buf, fp, sizeof(u32) * 2); |
2613 |
+ if (rc) |
2614 |
+ goto out; |
2615 |
+ |
2616 |
+- c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf)); |
2617 |
++ pkey_lo = le32_to_cpu(buf[0]); |
2618 |
++ pkey_hi = le32_to_cpu(buf[1]); |
2619 |
+ |
2620 |
+- if (nodebuf[2] > 0xffff || |
2621 |
+- nodebuf[3] > 0xffff) { |
2622 |
++ if (pkey_lo > U16_MAX || pkey_hi > U16_MAX) { |
2623 |
+ rc = -EINVAL; |
2624 |
+ goto out; |
2625 |
+ } |
2626 |
+ |
2627 |
+- c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]); |
2628 |
+- c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]); |
2629 |
++ c->u.ibpkey.low_pkey = pkey_lo; |
2630 |
++ c->u.ibpkey.high_pkey = pkey_hi; |
2631 |
+ |
2632 |
+ rc = context_read_and_validate(&c->context[0], |
2633 |
+ p, |
2634 |
+@@ -2239,7 +2249,10 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, |
2635 |
+ if (rc) |
2636 |
+ goto out; |
2637 |
+ break; |
2638 |
+- case OCON_IBENDPORT: |
2639 |
++ } |
2640 |
++ case OCON_IBENDPORT: { |
2641 |
++ u32 port; |
2642 |
++ |
2643 |
+ rc = next_entry(buf, fp, sizeof(u32) * 2); |
2644 |
+ if (rc) |
2645 |
+ goto out; |
2646 |
+@@ -2249,12 +2262,13 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, |
2647 |
+ if (rc) |
2648 |
+ goto out; |
2649 |
+ |
2650 |
+- if (buf[1] > 0xff || buf[1] == 0) { |
2651 |
++ port = le32_to_cpu(buf[1]); |
2652 |
++ if (port > U8_MAX || port == 0) { |
2653 |
+ rc = -EINVAL; |
2654 |
+ goto out; |
2655 |
+ } |
2656 |
+ |
2657 |
+- c->u.ibendport.port = le32_to_cpu(buf[1]); |
2658 |
++ c->u.ibendport.port = port; |
2659 |
+ |
2660 |
+ rc = context_read_and_validate(&c->context[0], |
2661 |
+ p, |
2662 |
+@@ -2262,7 +2276,8 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info, |
2663 |
+ if (rc) |
2664 |
+ goto out; |
2665 |
+ break; |
2666 |
+- } |
2667 |
++ } /* end case */ |
2668 |
++ } /* end switch */ |
2669 |
+ } |
2670 |
+ } |
2671 |
+ rc = 0; |
2672 |
+@@ -3105,6 +3120,7 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, |
2673 |
+ { |
2674 |
+ unsigned int i, j, rc; |
2675 |
+ size_t nel, len; |
2676 |
++ __be64 prefixbuf[1]; |
2677 |
+ __le32 buf[3]; |
2678 |
+ u32 nodebuf[8]; |
2679 |
+ struct ocontext *c; |
2680 |
+@@ -3192,12 +3208,17 @@ static int ocontext_write(struct policydb *p, struct policydb_compat_info *info, |
2681 |
+ return rc; |
2682 |
+ break; |
2683 |
+ case OCON_IBPKEY: |
2684 |
+- *((__be64 *)nodebuf) = cpu_to_be64(c->u.ibpkey.subnet_prefix); |
2685 |
++ /* subnet_prefix is in CPU order */ |
2686 |
++ prefixbuf[0] = cpu_to_be64(c->u.ibpkey.subnet_prefix); |
2687 |
+ |
2688 |
+- nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey); |
2689 |
+- nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey); |
2690 |
++ rc = put_entry(prefixbuf, sizeof(u64), 1, fp); |
2691 |
++ if (rc) |
2692 |
++ return rc; |
2693 |
++ |
2694 |
++ buf[0] = cpu_to_le32(c->u.ibpkey.low_pkey); |
2695 |
++ buf[1] = cpu_to_le32(c->u.ibpkey.high_pkey); |
2696 |
+ |
2697 |
+- rc = put_entry(nodebuf, sizeof(u32), 4, fp); |
2698 |
++ rc = put_entry(buf, sizeof(u32), 2, fp); |
2699 |
+ if (rc) |
2700 |
+ return rc; |
2701 |
+ rc = context_write(p, &c->context[0], fp); |
2702 |
+diff --git a/sound/pci/cs46xx/dsp_spos.c b/sound/pci/cs46xx/dsp_spos.c |
2703 |
+index 598d140bb7cb..5fc497c6d738 100644 |
2704 |
+--- a/sound/pci/cs46xx/dsp_spos.c |
2705 |
++++ b/sound/pci/cs46xx/dsp_spos.c |
2706 |
+@@ -903,6 +903,9 @@ int cs46xx_dsp_proc_done (struct snd_cs46xx *chip) |
2707 |
+ struct dsp_spos_instance * ins = chip->dsp_spos_instance; |
2708 |
+ int i; |
2709 |
+ |
2710 |
++ if (!ins) |
2711 |
++ return 0; |
2712 |
++ |
2713 |
+ snd_info_free_entry(ins->proc_sym_info_entry); |
2714 |
+ ins->proc_sym_info_entry = NULL; |
2715 |
+ |
2716 |
+diff --git a/sound/usb/card.c b/sound/usb/card.c |
2717 |
+index a105947eaf55..746a72e23cf9 100644 |
2718 |
+--- a/sound/usb/card.c |
2719 |
++++ b/sound/usb/card.c |
2720 |
+@@ -246,7 +246,7 @@ static int snd_usb_create_streams(struct snd_usb_audio *chip, int ctrlif) |
2721 |
+ h1 = snd_usb_find_csint_desc(host_iface->extra, |
2722 |
+ host_iface->extralen, |
2723 |
+ NULL, UAC_HEADER); |
2724 |
+- if (!h1) { |
2725 |
++ if (!h1 || h1->bLength < sizeof(*h1)) { |
2726 |
+ dev_err(&dev->dev, "cannot find UAC_HEADER\n"); |
2727 |
+ return -EINVAL; |
2728 |
+ } |
2729 |
+diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c |
2730 |
+index c63c84b54969..e7d441d0e839 100644 |
2731 |
+--- a/sound/usb/mixer.c |
2732 |
++++ b/sound/usb/mixer.c |
2733 |
+@@ -753,8 +753,9 @@ static int uac_mixer_unit_get_channels(struct mixer_build *state, |
2734 |
+ struct uac_mixer_unit_descriptor *desc) |
2735 |
+ { |
2736 |
+ int mu_channels; |
2737 |
++ void *c; |
2738 |
+ |
2739 |
+- if (desc->bLength < 11) |
2740 |
++ if (desc->bLength < sizeof(*desc)) |
2741 |
+ return -EINVAL; |
2742 |
+ if (!desc->bNrInPins) |
2743 |
+ return -EINVAL; |
2744 |
+@@ -763,6 +764,8 @@ static int uac_mixer_unit_get_channels(struct mixer_build *state, |
2745 |
+ case UAC_VERSION_1: |
2746 |
+ case UAC_VERSION_2: |
2747 |
+ default: |
2748 |
++ if (desc->bLength < sizeof(*desc) + desc->bNrInPins + 1) |
2749 |
++ return 0; /* no bmControls -> skip */ |
2750 |
+ mu_channels = uac_mixer_unit_bNrChannels(desc); |
2751 |
+ break; |
2752 |
+ case UAC_VERSION_3: |
2753 |
+@@ -772,7 +775,11 @@ static int uac_mixer_unit_get_channels(struct mixer_build *state, |
2754 |
+ } |
2755 |
+ |
2756 |
+ if (!mu_channels) |
2757 |
+- return -EINVAL; |
2758 |
++ return 0; |
2759 |
++ |
2760 |
++ c = uac_mixer_unit_bmControls(desc, state->mixer->protocol); |
2761 |
++ if (c - (void *)desc + (mu_channels - 1) / 8 >= desc->bLength) |
2762 |
++ return 0; /* no bmControls -> skip */ |
2763 |
+ |
2764 |
+ return mu_channels; |
2765 |
+ } |
2766 |
+@@ -944,7 +951,7 @@ static int check_input_term(struct mixer_build *state, int id, |
2767 |
+ struct uac_mixer_unit_descriptor *d = p1; |
2768 |
+ |
2769 |
+ err = uac_mixer_unit_get_channels(state, d); |
2770 |
+- if (err < 0) |
2771 |
++ if (err <= 0) |
2772 |
+ return err; |
2773 |
+ |
2774 |
+ term->channels = err; |
2775 |
+@@ -2068,11 +2075,15 @@ static int parse_audio_input_terminal(struct mixer_build *state, int unitid, |
2776 |
+ |
2777 |
+ if (state->mixer->protocol == UAC_VERSION_2) { |
2778 |
+ struct uac2_input_terminal_descriptor *d_v2 = raw_desc; |
2779 |
++ if (d_v2->bLength < sizeof(*d_v2)) |
2780 |
++ return -EINVAL; |
2781 |
+ control = UAC2_TE_CONNECTOR; |
2782 |
+ term_id = d_v2->bTerminalID; |
2783 |
+ bmctls = le16_to_cpu(d_v2->bmControls); |
2784 |
+ } else if (state->mixer->protocol == UAC_VERSION_3) { |
2785 |
+ struct uac3_input_terminal_descriptor *d_v3 = raw_desc; |
2786 |
++ if (d_v3->bLength < sizeof(*d_v3)) |
2787 |
++ return -EINVAL; |
2788 |
+ control = UAC3_TE_INSERTION; |
2789 |
+ term_id = d_v3->bTerminalID; |
2790 |
+ bmctls = le32_to_cpu(d_v3->bmControls); |
2791 |
+@@ -2118,7 +2129,7 @@ static int parse_audio_mixer_unit(struct mixer_build *state, int unitid, |
2792 |
+ if (err < 0) |
2793 |
+ continue; |
2794 |
+ /* no bmControls field (e.g. Maya44) -> ignore */ |
2795 |
+- if (desc->bLength <= 10 + input_pins) |
2796 |
++ if (!num_outs) |
2797 |
+ continue; |
2798 |
+ err = check_input_term(state, desc->baSourceID[pin], &iterm); |
2799 |
+ if (err < 0) |
2800 |
+@@ -2314,7 +2325,7 @@ static int build_audio_procunit(struct mixer_build *state, int unitid, |
2801 |
+ char *name) |
2802 |
+ { |
2803 |
+ struct uac_processing_unit_descriptor *desc = raw_desc; |
2804 |
+- int num_ins = desc->bNrInPins; |
2805 |
++ int num_ins; |
2806 |
+ struct usb_mixer_elem_info *cval; |
2807 |
+ struct snd_kcontrol *kctl; |
2808 |
+ int i, err, nameid, type, len; |
2809 |
+@@ -2329,7 +2340,13 @@ static int build_audio_procunit(struct mixer_build *state, int unitid, |
2810 |
+ 0, NULL, default_value_info |
2811 |
+ }; |
2812 |
+ |
2813 |
+- if (desc->bLength < 13 || desc->bLength < 13 + num_ins || |
2814 |
++ if (desc->bLength < 13) { |
2815 |
++ usb_audio_err(state->chip, "invalid %s descriptor (id %d)\n", name, unitid); |
2816 |
++ return -EINVAL; |
2817 |
++ } |
2818 |
++ |
2819 |
++ num_ins = desc->bNrInPins; |
2820 |
++ if (desc->bLength < 13 + num_ins || |
2821 |
+ desc->bLength < num_ins + uac_processing_unit_bControlSize(desc, state->mixer->protocol)) { |
2822 |
+ usb_audio_err(state->chip, "invalid %s descriptor (id %d)\n", name, unitid); |
2823 |
+ return -EINVAL; |
2824 |
+diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h |
2825 |
+index 37fc0447c071..b345beb447bd 100644 |
2826 |
+--- a/sound/usb/quirks-table.h |
2827 |
++++ b/sound/usb/quirks-table.h |
2828 |
+@@ -3326,6 +3326,9 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge", "HVR-950Q"), |
2829 |
+ } |
2830 |
+ } |
2831 |
+ }, |
2832 |
++ { |
2833 |
++ .ifnum = -1 |
2834 |
++ }, |
2835 |
+ } |
2836 |
+ } |
2837 |
+ }, |
2838 |
+@@ -3369,6 +3372,9 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge", "HVR-950Q"), |
2839 |
+ } |
2840 |
+ } |
2841 |
+ }, |
2842 |
++ { |
2843 |
++ .ifnum = -1 |
2844 |
++ }, |
2845 |
+ } |
2846 |
+ } |
2847 |
+ }, |
2848 |
+diff --git a/sound/usb/stream.c b/sound/usb/stream.c |
2849 |
+index 67cf849aa16b..d9e3de495c16 100644 |
2850 |
+--- a/sound/usb/stream.c |
2851 |
++++ b/sound/usb/stream.c |
2852 |
+@@ -596,12 +596,8 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip, |
2853 |
+ csep = snd_usb_find_desc(alts->extra, alts->extralen, NULL, USB_DT_CS_ENDPOINT); |
2854 |
+ |
2855 |
+ if (!csep || csep->bLength < 7 || |
2856 |
+- csep->bDescriptorSubtype != UAC_EP_GENERAL) { |
2857 |
+- usb_audio_warn(chip, |
2858 |
+- "%u:%d : no or invalid class specific endpoint descriptor\n", |
2859 |
+- iface_no, altsd->bAlternateSetting); |
2860 |
+- return 0; |
2861 |
+- } |
2862 |
++ csep->bDescriptorSubtype != UAC_EP_GENERAL) |
2863 |
++ goto error; |
2864 |
+ |
2865 |
+ if (protocol == UAC_VERSION_1) { |
2866 |
+ attributes = csep->bmAttributes; |
2867 |
+@@ -609,6 +605,8 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip, |
2868 |
+ struct uac2_iso_endpoint_descriptor *csep2 = |
2869 |
+ (struct uac2_iso_endpoint_descriptor *) csep; |
2870 |
+ |
2871 |
++ if (csep2->bLength < sizeof(*csep2)) |
2872 |
++ goto error; |
2873 |
+ attributes = csep->bmAttributes & UAC_EP_CS_ATTR_FILL_MAX; |
2874 |
+ |
2875 |
+ /* emulate the endpoint attributes of a v1 device */ |
2876 |
+@@ -618,12 +616,20 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip, |
2877 |
+ struct uac3_iso_endpoint_descriptor *csep3 = |
2878 |
+ (struct uac3_iso_endpoint_descriptor *) csep; |
2879 |
+ |
2880 |
++ if (csep3->bLength < sizeof(*csep3)) |
2881 |
++ goto error; |
2882 |
+ /* emulate the endpoint attributes of a v1 device */ |
2883 |
+ if (le32_to_cpu(csep3->bmControls) & UAC2_CONTROL_PITCH) |
2884 |
+ attributes |= UAC_EP_CS_ATTR_PITCH_CONTROL; |
2885 |
+ } |
2886 |
+ |
2887 |
+ return attributes; |
2888 |
++ |
2889 |
++ error: |
2890 |
++ usb_audio_warn(chip, |
2891 |
++ "%u:%d : no or invalid class specific endpoint descriptor\n", |
2892 |
++ iface_no, altsd->bAlternateSetting); |
2893 |
++ return 0; |
2894 |
+ } |
2895 |
+ |
2896 |
+ /* find an input terminal descriptor (either UAC1 or UAC2) with the given |
2897 |
+@@ -631,13 +637,17 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip, |
2898 |
+ */ |
2899 |
+ static void * |
2900 |
+ snd_usb_find_input_terminal_descriptor(struct usb_host_interface *ctrl_iface, |
2901 |
+- int terminal_id) |
2902 |
++ int terminal_id, bool uac23) |
2903 |
+ { |
2904 |
+ struct uac2_input_terminal_descriptor *term = NULL; |
2905 |
++ size_t minlen = uac23 ? sizeof(struct uac2_input_terminal_descriptor) : |
2906 |
++ sizeof(struct uac_input_terminal_descriptor); |
2907 |
+ |
2908 |
+ while ((term = snd_usb_find_csint_desc(ctrl_iface->extra, |
2909 |
+ ctrl_iface->extralen, |
2910 |
+ term, UAC_INPUT_TERMINAL))) { |
2911 |
++ if (term->bLength < minlen) |
2912 |
++ continue; |
2913 |
+ if (term->bTerminalID == terminal_id) |
2914 |
+ return term; |
2915 |
+ } |
2916 |
+@@ -655,7 +665,8 @@ snd_usb_find_output_terminal_descriptor(struct usb_host_interface *ctrl_iface, |
2917 |
+ while ((term = snd_usb_find_csint_desc(ctrl_iface->extra, |
2918 |
+ ctrl_iface->extralen, |
2919 |
+ term, UAC_OUTPUT_TERMINAL))) { |
2920 |
+- if (term->bTerminalID == terminal_id) |
2921 |
++ if (term->bLength >= sizeof(*term) && |
2922 |
++ term->bTerminalID == terminal_id) |
2923 |
+ return term; |
2924 |
+ } |
2925 |
+ |
2926 |
+@@ -729,7 +740,8 @@ snd_usb_get_audioformat_uac12(struct snd_usb_audio *chip, |
2927 |
+ format = le16_to_cpu(as->wFormatTag); /* remember the format value */ |
2928 |
+ |
2929 |
+ iterm = snd_usb_find_input_terminal_descriptor(chip->ctrl_intf, |
2930 |
+- as->bTerminalLink); |
2931 |
++ as->bTerminalLink, |
2932 |
++ false); |
2933 |
+ if (iterm) { |
2934 |
+ num_channels = iterm->bNrChannels; |
2935 |
+ chconfig = le16_to_cpu(iterm->wChannelConfig); |
2936 |
+@@ -764,7 +776,8 @@ snd_usb_get_audioformat_uac12(struct snd_usb_audio *chip, |
2937 |
+ * to extract the clock |
2938 |
+ */ |
2939 |
+ input_term = snd_usb_find_input_terminal_descriptor(chip->ctrl_intf, |
2940 |
+- as->bTerminalLink); |
2941 |
++ as->bTerminalLink, |
2942 |
++ true); |
2943 |
+ if (input_term) { |
2944 |
+ clock = input_term->bCSourceID; |
2945 |
+ if (!chconfig && (num_channels == input_term->bNrChannels)) |
2946 |
+@@ -998,7 +1011,8 @@ snd_usb_get_audioformat_uac3(struct snd_usb_audio *chip, |
2947 |
+ * to extract the clock |
2948 |
+ */ |
2949 |
+ input_term = snd_usb_find_input_terminal_descriptor(chip->ctrl_intf, |
2950 |
+- as->bTerminalLink); |
2951 |
++ as->bTerminalLink, |
2952 |
++ true); |
2953 |
+ if (input_term) { |
2954 |
+ clock = input_term->bCSourceID; |
2955 |
+ goto found_clock; |
2956 |
+diff --git a/tools/testing/nvdimm/test/iomap.c b/tools/testing/nvdimm/test/iomap.c |
2957 |
+index ff9d3a5825e1..c6635fee27d8 100644 |
2958 |
+--- a/tools/testing/nvdimm/test/iomap.c |
2959 |
++++ b/tools/testing/nvdimm/test/iomap.c |
2960 |
+@@ -104,16 +104,29 @@ void *__wrap_devm_memremap(struct device *dev, resource_size_t offset, |
2961 |
+ } |
2962 |
+ EXPORT_SYMBOL(__wrap_devm_memremap); |
2963 |
+ |
2964 |
++static void nfit_test_kill(void *_pgmap) |
2965 |
++{ |
2966 |
++ struct dev_pagemap *pgmap = _pgmap; |
2967 |
++ |
2968 |
++ pgmap->kill(pgmap->ref); |
2969 |
++} |
2970 |
++ |
2971 |
+ void *__wrap_devm_memremap_pages(struct device *dev, struct dev_pagemap *pgmap) |
2972 |
+ { |
2973 |
+ resource_size_t offset = pgmap->res.start; |
2974 |
+ struct nfit_test_resource *nfit_res = get_nfit_res(offset); |
2975 |
+ |
2976 |
+- if (nfit_res) |
2977 |
++ if (nfit_res) { |
2978 |
++ int rc; |
2979 |
++ |
2980 |
++ rc = devm_add_action_or_reset(dev, nfit_test_kill, pgmap); |
2981 |
++ if (rc) |
2982 |
++ return ERR_PTR(rc); |
2983 |
+ return nfit_res->buf + offset - nfit_res->res.start; |
2984 |
++ } |
2985 |
+ return devm_memremap_pages(dev, pgmap); |
2986 |
+ } |
2987 |
+-EXPORT_SYMBOL(__wrap_devm_memremap_pages); |
2988 |
++EXPORT_SYMBOL_GPL(__wrap_devm_memremap_pages); |
2989 |
+ |
2990 |
+ pfn_t __wrap_phys_to_pfn_t(phys_addr_t addr, unsigned long flags) |
2991 |
+ { |
2992 |
+diff --git a/tools/testing/selftests/android/Makefile b/tools/testing/selftests/android/Makefile |
2993 |
+index d9a725478375..72c25a3cb658 100644 |
2994 |
+--- a/tools/testing/selftests/android/Makefile |
2995 |
++++ b/tools/testing/selftests/android/Makefile |
2996 |
+@@ -6,7 +6,7 @@ TEST_PROGS := run.sh |
2997 |
+ |
2998 |
+ include ../lib.mk |
2999 |
+ |
3000 |
+-all: khdr |
3001 |
++all: |
3002 |
+ @for DIR in $(SUBDIRS); do \ |
3003 |
+ BUILD_TARGET=$(OUTPUT)/$$DIR; \ |
3004 |
+ mkdir $$BUILD_TARGET -p; \ |
3005 |
+diff --git a/tools/testing/selftests/futex/functional/Makefile b/tools/testing/selftests/futex/functional/Makefile |
3006 |
+index ad1eeb14fda7..30996306cabc 100644 |
3007 |
+--- a/tools/testing/selftests/futex/functional/Makefile |
3008 |
++++ b/tools/testing/selftests/futex/functional/Makefile |
3009 |
+@@ -19,6 +19,7 @@ TEST_GEN_FILES := \ |
3010 |
+ TEST_PROGS := run.sh |
3011 |
+ |
3012 |
+ top_srcdir = ../../../../.. |
3013 |
++KSFT_KHDR_INSTALL := 1 |
3014 |
+ include ../../lib.mk |
3015 |
+ |
3016 |
+ $(TEST_GEN_FILES): $(HEADERS) |
3017 |
+diff --git a/tools/testing/selftests/gpio/Makefile b/tools/testing/selftests/gpio/Makefile |
3018 |
+index 46648427d537..07f572a1bd3f 100644 |
3019 |
+--- a/tools/testing/selftests/gpio/Makefile |
3020 |
++++ b/tools/testing/selftests/gpio/Makefile |
3021 |
+@@ -10,8 +10,6 @@ TEST_PROGS_EXTENDED := gpio-mockup-chardev |
3022 |
+ GPIODIR := $(realpath ../../../gpio) |
3023 |
+ GPIOOBJ := gpio-utils.o |
3024 |
+ |
3025 |
+-include ../lib.mk |
3026 |
+- |
3027 |
+ all: $(TEST_PROGS_EXTENDED) |
3028 |
+ |
3029 |
+ override define CLEAN |
3030 |
+@@ -19,7 +17,9 @@ override define CLEAN |
3031 |
+ $(MAKE) -C $(GPIODIR) OUTPUT=$(GPIODIR)/ clean |
3032 |
+ endef |
3033 |
+ |
3034 |
+-$(TEST_PROGS_EXTENDED):| khdr |
3035 |
++KSFT_KHDR_INSTALL := 1 |
3036 |
++include ../lib.mk |
3037 |
++ |
3038 |
+ $(TEST_PROGS_EXTENDED): $(GPIODIR)/$(GPIOOBJ) |
3039 |
+ |
3040 |
+ $(GPIODIR)/$(GPIOOBJ): |
3041 |
+diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile |
3042 |
+index 01a219229238..52bfe5e76907 100644 |
3043 |
+--- a/tools/testing/selftests/kvm/Makefile |
3044 |
++++ b/tools/testing/selftests/kvm/Makefile |
3045 |
+@@ -1,6 +1,7 @@ |
3046 |
+ all: |
3047 |
+ |
3048 |
+ top_srcdir = ../../../.. |
3049 |
++KSFT_KHDR_INSTALL := 1 |
3050 |
+ UNAME_M := $(shell uname -m) |
3051 |
+ |
3052 |
+ LIBKVM = lib/assert.c lib/elf.c lib/io.c lib/kvm_util.c lib/ucall.c lib/sparsebit.c |
3053 |
+@@ -44,7 +45,6 @@ $(OUTPUT)/libkvm.a: $(LIBKVM_OBJ) |
3054 |
+ |
3055 |
+ all: $(STATIC_LIBS) |
3056 |
+ $(TEST_GEN_PROGS): $(STATIC_LIBS) |
3057 |
+-$(STATIC_LIBS):| khdr |
3058 |
+ |
3059 |
+ cscope: include_paths = $(LINUX_TOOL_INCLUDE) $(LINUX_HDR_PATH) include lib .. |
3060 |
+ cscope: |
3061 |
+diff --git a/tools/testing/selftests/lib.mk b/tools/testing/selftests/lib.mk |
3062 |
+index 0a8e75886224..8b0f16409ed7 100644 |
3063 |
+--- a/tools/testing/selftests/lib.mk |
3064 |
++++ b/tools/testing/selftests/lib.mk |
3065 |
+@@ -16,18 +16,18 @@ TEST_GEN_PROGS := $(patsubst %,$(OUTPUT)/%,$(TEST_GEN_PROGS)) |
3066 |
+ TEST_GEN_PROGS_EXTENDED := $(patsubst %,$(OUTPUT)/%,$(TEST_GEN_PROGS_EXTENDED)) |
3067 |
+ TEST_GEN_FILES := $(patsubst %,$(OUTPUT)/%,$(TEST_GEN_FILES)) |
3068 |
+ |
3069 |
++ifdef KSFT_KHDR_INSTALL |
3070 |
+ top_srcdir ?= ../../../.. |
3071 |
+ include $(top_srcdir)/scripts/subarch.include |
3072 |
+ ARCH ?= $(SUBARCH) |
3073 |
+ |
3074 |
+-all: $(TEST_GEN_PROGS) $(TEST_GEN_PROGS_EXTENDED) $(TEST_GEN_FILES) |
3075 |
+- |
3076 |
+ .PHONY: khdr |
3077 |
+ khdr: |
3078 |
+ make ARCH=$(ARCH) -C $(top_srcdir) headers_install |
3079 |
+ |
3080 |
+-ifdef KSFT_KHDR_INSTALL |
3081 |
+-$(TEST_GEN_PROGS) $(TEST_GEN_PROGS_EXTENDED) $(TEST_GEN_FILES):| khdr |
3082 |
++all: khdr $(TEST_GEN_PROGS) $(TEST_GEN_PROGS_EXTENDED) $(TEST_GEN_FILES) |
3083 |
++else |
3084 |
++all: $(TEST_GEN_PROGS) $(TEST_GEN_PROGS_EXTENDED) $(TEST_GEN_FILES) |
3085 |
+ endif |
3086 |
+ |
3087 |
+ .ONESHELL: |
3088 |
+diff --git a/tools/testing/selftests/networking/timestamping/Makefile b/tools/testing/selftests/networking/timestamping/Makefile |
3089 |
+index 14cfcf006936..c46c0eefab9e 100644 |
3090 |
+--- a/tools/testing/selftests/networking/timestamping/Makefile |
3091 |
++++ b/tools/testing/selftests/networking/timestamping/Makefile |
3092 |
+@@ -6,6 +6,7 @@ TEST_PROGS := hwtstamp_config rxtimestamp timestamping txtimestamp |
3093 |
+ all: $(TEST_PROGS) |
3094 |
+ |
3095 |
+ top_srcdir = ../../../../.. |
3096 |
++KSFT_KHDR_INSTALL := 1 |
3097 |
+ include ../../lib.mk |
3098 |
+ |
3099 |
+ clean: |
3100 |
+diff --git a/tools/testing/selftests/tc-testing/bpf/Makefile b/tools/testing/selftests/tc-testing/bpf/Makefile |
3101 |
+index dc92eb271d9a..be5a5e542804 100644 |
3102 |
+--- a/tools/testing/selftests/tc-testing/bpf/Makefile |
3103 |
++++ b/tools/testing/selftests/tc-testing/bpf/Makefile |
3104 |
+@@ -4,6 +4,7 @@ APIDIR := ../../../../include/uapi |
3105 |
+ TEST_GEN_FILES = action.o |
3106 |
+ |
3107 |
+ top_srcdir = ../../../../.. |
3108 |
++KSFT_KHDR_INSTALL := 1 |
3109 |
+ include ../../lib.mk |
3110 |
+ |
3111 |
+ CLANG ?= clang |
3112 |
+diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile |
3113 |
+index 6e67e726e5a5..e13eb6cc8901 100644 |
3114 |
+--- a/tools/testing/selftests/vm/Makefile |
3115 |
++++ b/tools/testing/selftests/vm/Makefile |
3116 |
+@@ -25,6 +25,7 @@ TEST_GEN_FILES += virtual_address_range |
3117 |
+ |
3118 |
+ TEST_PROGS := run_vmtests |
3119 |
+ |
3120 |
++KSFT_KHDR_INSTALL := 1 |
3121 |
+ include ../lib.mk |
3122 |
+ |
3123 |
+ $(OUTPUT)/userfaultfd: LDLIBS += -lpthread |