1 |
commit: 7a70358f7d8e29ea67ced2af4015fde285ae84a7 |
2 |
Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Feb 10 10:15:07 2021 +0000 |
4 |
Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Feb 10 10:15:17 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=7a70358f |
7 |
|
8 |
Linux patch 4.9.257 |
9 |
|
10 |
Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1256_linux-4.9.257.patch | 1823 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1827 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index d822171..e08f1e6 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -1067,6 +1067,10 @@ Patch: 1255_linux-4.9.256.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.256 |
23 |
|
24 |
+Patch: 1256_linux-4.9.257.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.257 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1256_linux-4.9.257.patch b/1256_linux-4.9.257.patch |
33 |
new file mode 100644 |
34 |
index 0000000..7d4e271 |
35 |
--- /dev/null |
36 |
+++ b/1256_linux-4.9.257.patch |
37 |
@@ -0,0 +1,1823 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 69af44d3dcd14..e53096154f816 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 9 |
45 |
+-SUBLEVEL = 256 |
46 |
++SUBLEVEL = 257 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Roaring Lionus |
49 |
+ |
50 |
+@@ -841,12 +841,6 @@ KBUILD_CFLAGS += $(call cc-option,-Werror=designated-init) |
51 |
+ # change __FILE__ to the relative path from the srctree |
52 |
+ KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) |
53 |
+ |
54 |
+-# ensure -fcf-protection is disabled when using retpoline as it is |
55 |
+-# incompatible with -mindirect-branch=thunk-extern |
56 |
+-ifdef CONFIG_RETPOLINE |
57 |
+-KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) |
58 |
+-endif |
59 |
+- |
60 |
+ # use the deterministic mode of AR if available |
61 |
+ KBUILD_ARFLAGS := $(call ar-option,D) |
62 |
+ |
63 |
+@@ -1141,7 +1135,7 @@ endef |
64 |
+ |
65 |
+ define filechk_version.h |
66 |
+ (echo \#define LINUX_VERSION_CODE $(shell \ |
67 |
+- expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 0$(SUBLEVEL)); \ |
68 |
++ expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 255); \ |
69 |
+ echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';) |
70 |
+ endef |
71 |
+ |
72 |
+diff --git a/arch/arm/mach-footbridge/dc21285.c b/arch/arm/mach-footbridge/dc21285.c |
73 |
+index 96a3d73ef4bf4..fd6c9169fa78e 100644 |
74 |
+--- a/arch/arm/mach-footbridge/dc21285.c |
75 |
++++ b/arch/arm/mach-footbridge/dc21285.c |
76 |
+@@ -69,15 +69,15 @@ dc21285_read_config(struct pci_bus *bus, unsigned int devfn, int where, |
77 |
+ if (addr) |
78 |
+ switch (size) { |
79 |
+ case 1: |
80 |
+- asm("ldrb %0, [%1, %2]" |
81 |
++ asm volatile("ldrb %0, [%1, %2]" |
82 |
+ : "=r" (v) : "r" (addr), "r" (where) : "cc"); |
83 |
+ break; |
84 |
+ case 2: |
85 |
+- asm("ldrh %0, [%1, %2]" |
86 |
++ asm volatile("ldrh %0, [%1, %2]" |
87 |
+ : "=r" (v) : "r" (addr), "r" (where) : "cc"); |
88 |
+ break; |
89 |
+ case 4: |
90 |
+- asm("ldr %0, [%1, %2]" |
91 |
++ asm volatile("ldr %0, [%1, %2]" |
92 |
+ : "=r" (v) : "r" (addr), "r" (where) : "cc"); |
93 |
+ break; |
94 |
+ } |
95 |
+@@ -103,17 +103,17 @@ dc21285_write_config(struct pci_bus *bus, unsigned int devfn, int where, |
96 |
+ if (addr) |
97 |
+ switch (size) { |
98 |
+ case 1: |
99 |
+- asm("strb %0, [%1, %2]" |
100 |
++ asm volatile("strb %0, [%1, %2]" |
101 |
+ : : "r" (value), "r" (addr), "r" (where) |
102 |
+ : "cc"); |
103 |
+ break; |
104 |
+ case 2: |
105 |
+- asm("strh %0, [%1, %2]" |
106 |
++ asm volatile("strh %0, [%1, %2]" |
107 |
+ : : "r" (value), "r" (addr), "r" (where) |
108 |
+ : "cc"); |
109 |
+ break; |
110 |
+ case 4: |
111 |
+- asm("str %0, [%1, %2]" |
112 |
++ asm volatile("str %0, [%1, %2]" |
113 |
+ : : "r" (value), "r" (addr), "r" (where) |
114 |
+ : "cc"); |
115 |
+ break; |
116 |
+diff --git a/arch/x86/Makefile b/arch/x86/Makefile |
117 |
+index 940ed27a62123..a95d414663b1e 100644 |
118 |
+--- a/arch/x86/Makefile |
119 |
++++ b/arch/x86/Makefile |
120 |
+@@ -137,6 +137,9 @@ else |
121 |
+ KBUILD_CFLAGS += -mno-red-zone |
122 |
+ KBUILD_CFLAGS += -mcmodel=kernel |
123 |
+ |
124 |
++ # Intel CET isn't enabled in the kernel |
125 |
++ KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none) |
126 |
++ |
127 |
+ # -funit-at-a-time shrinks the kernel .text considerably |
128 |
+ # unfortunately it makes reading oopses harder. |
129 |
+ KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time) |
130 |
+diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h |
131 |
+index f39fd349cef65..a6d034257b7bb 100644 |
132 |
+--- a/arch/x86/include/asm/apic.h |
133 |
++++ b/arch/x86/include/asm/apic.h |
134 |
+@@ -176,16 +176,6 @@ static inline void lapic_update_tsc_freq(void) { } |
135 |
+ #endif /* !CONFIG_X86_LOCAL_APIC */ |
136 |
+ |
137 |
+ #ifdef CONFIG_X86_X2APIC |
138 |
+-/* |
139 |
+- * Make previous memory operations globally visible before |
140 |
+- * sending the IPI through x2apic wrmsr. We need a serializing instruction or |
141 |
+- * mfence for this. |
142 |
+- */ |
143 |
+-static inline void x2apic_wrmsr_fence(void) |
144 |
+-{ |
145 |
+- asm volatile("mfence" : : : "memory"); |
146 |
+-} |
147 |
+- |
148 |
+ static inline void native_apic_msr_write(u32 reg, u32 v) |
149 |
+ { |
150 |
+ if (reg == APIC_DFR || reg == APIC_ID || reg == APIC_LDR || |
151 |
+diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h |
152 |
+index a0f450b21d676..89b75edf24af8 100644 |
153 |
+--- a/arch/x86/include/asm/barrier.h |
154 |
++++ b/arch/x86/include/asm/barrier.h |
155 |
+@@ -110,4 +110,22 @@ do { \ |
156 |
+ |
157 |
+ #include <asm-generic/barrier.h> |
158 |
+ |
159 |
++/* |
160 |
++ * Make previous memory operations globally visible before |
161 |
++ * a WRMSR. |
162 |
++ * |
163 |
++ * MFENCE makes writes visible, but only affects load/store |
164 |
++ * instructions. WRMSR is unfortunately not a load/store |
165 |
++ * instruction and is unaffected by MFENCE. The LFENCE ensures |
166 |
++ * that the WRMSR is not reordered. |
167 |
++ * |
168 |
++ * Most WRMSRs are full serializing instructions themselves and |
169 |
++ * do not require this barrier. This is only required for the |
170 |
++ * IA32_TSC_DEADLINE and X2APIC MSRs. |
171 |
++ */ |
172 |
++static inline void weak_wrmsr_fence(void) |
173 |
++{ |
174 |
++ asm volatile("mfence; lfence" : : : "memory"); |
175 |
++} |
176 |
++ |
177 |
+ #endif /* _ASM_X86_BARRIER_H */ |
178 |
+diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
179 |
+index 722a76b88bcc0..107a9eff587bf 100644 |
180 |
+--- a/arch/x86/kernel/apic/apic.c |
181 |
++++ b/arch/x86/kernel/apic/apic.c |
182 |
+@@ -42,6 +42,7 @@ |
183 |
+ #include <asm/x86_init.h> |
184 |
+ #include <asm/pgalloc.h> |
185 |
+ #include <linux/atomic.h> |
186 |
++#include <asm/barrier.h> |
187 |
+ #include <asm/mpspec.h> |
188 |
+ #include <asm/i8259.h> |
189 |
+ #include <asm/proto.h> |
190 |
+@@ -476,6 +477,9 @@ static int lapic_next_deadline(unsigned long delta, |
191 |
+ { |
192 |
+ u64 tsc; |
193 |
+ |
194 |
++ /* This MSR is special and need a special fence: */ |
195 |
++ weak_wrmsr_fence(); |
196 |
++ |
197 |
+ tsc = rdtsc(); |
198 |
+ wrmsrl(MSR_IA32_TSC_DEADLINE, tsc + (((u64) delta) * TSC_DIVISOR)); |
199 |
+ return 0; |
200 |
+diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c |
201 |
+index 200af5ae96626..ca64c150d1c53 100644 |
202 |
+--- a/arch/x86/kernel/apic/x2apic_cluster.c |
203 |
++++ b/arch/x86/kernel/apic/x2apic_cluster.c |
204 |
+@@ -27,7 +27,8 @@ static void x2apic_send_IPI(int cpu, int vector) |
205 |
+ { |
206 |
+ u32 dest = per_cpu(x86_cpu_to_logical_apicid, cpu); |
207 |
+ |
208 |
+- x2apic_wrmsr_fence(); |
209 |
++ /* x2apic MSRs are special and need a special fence: */ |
210 |
++ weak_wrmsr_fence(); |
211 |
+ __x2apic_send_IPI_dest(dest, vector, APIC_DEST_LOGICAL); |
212 |
+ } |
213 |
+ |
214 |
+@@ -40,7 +41,8 @@ __x2apic_send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest) |
215 |
+ unsigned long flags; |
216 |
+ u32 dest; |
217 |
+ |
218 |
+- x2apic_wrmsr_fence(); |
219 |
++ /* x2apic MSRs are special and need a special fence: */ |
220 |
++ weak_wrmsr_fence(); |
221 |
+ |
222 |
+ local_irq_save(flags); |
223 |
+ |
224 |
+diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c |
225 |
+index ff111f05a3145..8889420ea7c6f 100644 |
226 |
+--- a/arch/x86/kernel/apic/x2apic_phys.c |
227 |
++++ b/arch/x86/kernel/apic/x2apic_phys.c |
228 |
+@@ -40,7 +40,8 @@ static void x2apic_send_IPI(int cpu, int vector) |
229 |
+ { |
230 |
+ u32 dest = per_cpu(x86_cpu_to_apicid, cpu); |
231 |
+ |
232 |
+- x2apic_wrmsr_fence(); |
233 |
++ /* x2apic MSRs are special and need a special fence: */ |
234 |
++ weak_wrmsr_fence(); |
235 |
+ __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); |
236 |
+ } |
237 |
+ |
238 |
+@@ -51,7 +52,8 @@ __x2apic_send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest) |
239 |
+ unsigned long this_cpu; |
240 |
+ unsigned long flags; |
241 |
+ |
242 |
+- x2apic_wrmsr_fence(); |
243 |
++ /* x2apic MSRs are special and need a special fence: */ |
244 |
++ weak_wrmsr_fence(); |
245 |
+ |
246 |
+ local_irq_save(flags); |
247 |
+ |
248 |
+diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c |
249 |
+index 35e8fbca10ad5..c53c88b531639 100644 |
250 |
+--- a/drivers/acpi/thermal.c |
251 |
++++ b/drivers/acpi/thermal.c |
252 |
+@@ -188,6 +188,8 @@ struct acpi_thermal { |
253 |
+ int tz_enabled; |
254 |
+ int kelvin_offset; |
255 |
+ struct work_struct thermal_check_work; |
256 |
++ struct mutex thermal_check_lock; |
257 |
++ atomic_t thermal_check_count; |
258 |
+ }; |
259 |
+ |
260 |
+ /* -------------------------------------------------------------------------- |
261 |
+@@ -513,17 +515,6 @@ static int acpi_thermal_get_trip_points(struct acpi_thermal *tz) |
262 |
+ return 0; |
263 |
+ } |
264 |
+ |
265 |
+-static void acpi_thermal_check(void *data) |
266 |
+-{ |
267 |
+- struct acpi_thermal *tz = data; |
268 |
+- |
269 |
+- if (!tz->tz_enabled) |
270 |
+- return; |
271 |
+- |
272 |
+- thermal_zone_device_update(tz->thermal_zone, |
273 |
+- THERMAL_EVENT_UNSPECIFIED); |
274 |
+-} |
275 |
+- |
276 |
+ /* sys I/F for generic thermal sysfs support */ |
277 |
+ |
278 |
+ static int thermal_get_temp(struct thermal_zone_device *thermal, int *temp) |
279 |
+@@ -557,6 +548,8 @@ static int thermal_get_mode(struct thermal_zone_device *thermal, |
280 |
+ return 0; |
281 |
+ } |
282 |
+ |
283 |
++static void acpi_thermal_check_fn(struct work_struct *work); |
284 |
++ |
285 |
+ static int thermal_set_mode(struct thermal_zone_device *thermal, |
286 |
+ enum thermal_device_mode mode) |
287 |
+ { |
288 |
+@@ -582,7 +575,7 @@ static int thermal_set_mode(struct thermal_zone_device *thermal, |
289 |
+ ACPI_DEBUG_PRINT((ACPI_DB_INFO, |
290 |
+ "%s kernel ACPI thermal control\n", |
291 |
+ tz->tz_enabled ? "Enable" : "Disable")); |
292 |
+- acpi_thermal_check(tz); |
293 |
++ acpi_thermal_check_fn(&tz->thermal_check_work); |
294 |
+ } |
295 |
+ return 0; |
296 |
+ } |
297 |
+@@ -951,6 +944,12 @@ static void acpi_thermal_unregister_thermal_zone(struct acpi_thermal *tz) |
298 |
+ Driver Interface |
299 |
+ -------------------------------------------------------------------------- */ |
300 |
+ |
301 |
++static void acpi_queue_thermal_check(struct acpi_thermal *tz) |
302 |
++{ |
303 |
++ if (!work_pending(&tz->thermal_check_work)) |
304 |
++ queue_work(acpi_thermal_pm_queue, &tz->thermal_check_work); |
305 |
++} |
306 |
++ |
307 |
+ static void acpi_thermal_notify(struct acpi_device *device, u32 event) |
308 |
+ { |
309 |
+ struct acpi_thermal *tz = acpi_driver_data(device); |
310 |
+@@ -961,17 +960,17 @@ static void acpi_thermal_notify(struct acpi_device *device, u32 event) |
311 |
+ |
312 |
+ switch (event) { |
313 |
+ case ACPI_THERMAL_NOTIFY_TEMPERATURE: |
314 |
+- acpi_thermal_check(tz); |
315 |
++ acpi_queue_thermal_check(tz); |
316 |
+ break; |
317 |
+ case ACPI_THERMAL_NOTIFY_THRESHOLDS: |
318 |
+ acpi_thermal_trips_update(tz, ACPI_TRIPS_REFRESH_THRESHOLDS); |
319 |
+- acpi_thermal_check(tz); |
320 |
++ acpi_queue_thermal_check(tz); |
321 |
+ acpi_bus_generate_netlink_event(device->pnp.device_class, |
322 |
+ dev_name(&device->dev), event, 0); |
323 |
+ break; |
324 |
+ case ACPI_THERMAL_NOTIFY_DEVICES: |
325 |
+ acpi_thermal_trips_update(tz, ACPI_TRIPS_REFRESH_DEVICES); |
326 |
+- acpi_thermal_check(tz); |
327 |
++ acpi_queue_thermal_check(tz); |
328 |
+ acpi_bus_generate_netlink_event(device->pnp.device_class, |
329 |
+ dev_name(&device->dev), event, 0); |
330 |
+ break; |
331 |
+@@ -1071,7 +1070,27 @@ static void acpi_thermal_check_fn(struct work_struct *work) |
332 |
+ { |
333 |
+ struct acpi_thermal *tz = container_of(work, struct acpi_thermal, |
334 |
+ thermal_check_work); |
335 |
+- acpi_thermal_check(tz); |
336 |
++ |
337 |
++ if (!tz->tz_enabled) |
338 |
++ return; |
339 |
++ /* |
340 |
++ * In general, it is not sufficient to check the pending bit, because |
341 |
++ * subsequent instances of this function may be queued after one of them |
342 |
++ * has started running (e.g. if _TMP sleeps). Avoid bailing out if just |
343 |
++ * one of them is running, though, because it may have done the actual |
344 |
++ * check some time ago, so allow at least one of them to block on the |
345 |
++ * mutex while another one is running the update. |
346 |
++ */ |
347 |
++ if (!atomic_add_unless(&tz->thermal_check_count, -1, 1)) |
348 |
++ return; |
349 |
++ |
350 |
++ mutex_lock(&tz->thermal_check_lock); |
351 |
++ |
352 |
++ thermal_zone_device_update(tz->thermal_zone, THERMAL_EVENT_UNSPECIFIED); |
353 |
++ |
354 |
++ atomic_inc(&tz->thermal_check_count); |
355 |
++ |
356 |
++ mutex_unlock(&tz->thermal_check_lock); |
357 |
+ } |
358 |
+ |
359 |
+ static int acpi_thermal_add(struct acpi_device *device) |
360 |
+@@ -1103,6 +1122,8 @@ static int acpi_thermal_add(struct acpi_device *device) |
361 |
+ if (result) |
362 |
+ goto free_memory; |
363 |
+ |
364 |
++ atomic_set(&tz->thermal_check_count, 3); |
365 |
++ mutex_init(&tz->thermal_check_lock); |
366 |
+ INIT_WORK(&tz->thermal_check_work, acpi_thermal_check_fn); |
367 |
+ |
368 |
+ pr_info(PREFIX "%s [%s] (%ld C)\n", acpi_device_name(device), |
369 |
+@@ -1168,7 +1189,7 @@ static int acpi_thermal_resume(struct device *dev) |
370 |
+ tz->state.active |= tz->trips.active[i].flags.enabled; |
371 |
+ } |
372 |
+ |
373 |
+- queue_work(acpi_thermal_pm_queue, &tz->thermal_check_work); |
374 |
++ acpi_queue_thermal_check(tz); |
375 |
+ |
376 |
+ return AE_OK; |
377 |
+ } |
378 |
+diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c |
379 |
+index 637f1347cd13d..815b69d35722c 100644 |
380 |
+--- a/drivers/input/joystick/xpad.c |
381 |
++++ b/drivers/input/joystick/xpad.c |
382 |
+@@ -232,9 +232,17 @@ static const struct xpad_device { |
383 |
+ { 0x0e6f, 0x0213, "Afterglow Gamepad for Xbox 360", 0, XTYPE_XBOX360 }, |
384 |
+ { 0x0e6f, 0x021f, "Rock Candy Gamepad for Xbox 360", 0, XTYPE_XBOX360 }, |
385 |
+ { 0x0e6f, 0x0246, "Rock Candy Gamepad for Xbox One 2015", 0, XTYPE_XBOXONE }, |
386 |
+- { 0x0e6f, 0x02ab, "PDP Controller for Xbox One", 0, XTYPE_XBOXONE }, |
387 |
++ { 0x0e6f, 0x02a0, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, |
388 |
++ { 0x0e6f, 0x02a1, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, |
389 |
++ { 0x0e6f, 0x02a2, "PDP Wired Controller for Xbox One - Crimson Red", 0, XTYPE_XBOXONE }, |
390 |
+ { 0x0e6f, 0x02a4, "PDP Wired Controller for Xbox One - Stealth Series", 0, XTYPE_XBOXONE }, |
391 |
+ { 0x0e6f, 0x02a6, "PDP Wired Controller for Xbox One - Camo Series", 0, XTYPE_XBOXONE }, |
392 |
++ { 0x0e6f, 0x02a7, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, |
393 |
++ { 0x0e6f, 0x02a8, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, |
394 |
++ { 0x0e6f, 0x02ab, "PDP Controller for Xbox One", 0, XTYPE_XBOXONE }, |
395 |
++ { 0x0e6f, 0x02ad, "PDP Wired Controller for Xbox One - Stealth Series", 0, XTYPE_XBOXONE }, |
396 |
++ { 0x0e6f, 0x02b3, "Afterglow Prismatic Wired Controller", 0, XTYPE_XBOXONE }, |
397 |
++ { 0x0e6f, 0x02b8, "Afterglow Prismatic Wired Controller", 0, XTYPE_XBOXONE }, |
398 |
+ { 0x0e6f, 0x0301, "Logic3 Controller", 0, XTYPE_XBOX360 }, |
399 |
+ { 0x0e6f, 0x0346, "Rock Candy Gamepad for Xbox One 2016", 0, XTYPE_XBOXONE }, |
400 |
+ { 0x0e6f, 0x0401, "Logic3 Controller", 0, XTYPE_XBOX360 }, |
401 |
+@@ -313,6 +321,9 @@ static const struct xpad_device { |
402 |
+ { 0x1bad, 0xfa01, "MadCatz GamePad", 0, XTYPE_XBOX360 }, |
403 |
+ { 0x1bad, 0xfd00, "Razer Onza TE", 0, XTYPE_XBOX360 }, |
404 |
+ { 0x1bad, 0xfd01, "Razer Onza", 0, XTYPE_XBOX360 }, |
405 |
++ { 0x20d6, 0x2001, "BDA Xbox Series X Wired Controller", 0, XTYPE_XBOXONE }, |
406 |
++ { 0x20d6, 0x281f, "PowerA Wired Controller For Xbox 360", 0, XTYPE_XBOX360 }, |
407 |
++ { 0x2e24, 0x0652, "Hyperkin Duke X-Box One pad", 0, XTYPE_XBOXONE }, |
408 |
+ { 0x24c6, 0x5000, "Razer Atrox Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, |
409 |
+ { 0x24c6, 0x5300, "PowerA MINI PROEX Controller", 0, XTYPE_XBOX360 }, |
410 |
+ { 0x24c6, 0x5303, "Xbox Airflo wired controller", 0, XTYPE_XBOX360 }, |
411 |
+@@ -446,8 +457,12 @@ static const struct usb_device_id xpad_table[] = { |
412 |
+ XPAD_XBOX360_VENDOR(0x162e), /* Joytech X-Box 360 controllers */ |
413 |
+ XPAD_XBOX360_VENDOR(0x1689), /* Razer Onza */ |
414 |
+ XPAD_XBOX360_VENDOR(0x1bad), /* Harminix Rock Band Guitar and Drums */ |
415 |
++ XPAD_XBOX360_VENDOR(0x20d6), /* PowerA Controllers */ |
416 |
++ XPAD_XBOXONE_VENDOR(0x20d6), /* PowerA Controllers */ |
417 |
+ XPAD_XBOX360_VENDOR(0x24c6), /* PowerA Controllers */ |
418 |
+ XPAD_XBOXONE_VENDOR(0x24c6), /* PowerA Controllers */ |
419 |
++ XPAD_XBOXONE_VENDOR(0x2e24), /* Hyperkin Duke X-Box One pad */ |
420 |
++ XPAD_XBOX360_VENDOR(0x2f24), /* GameSir Controllers */ |
421 |
+ { } |
422 |
+ }; |
423 |
+ |
424 |
+diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h |
425 |
+index fa07be0b4500e..2317f8d3fef6f 100644 |
426 |
+--- a/drivers/input/serio/i8042-x86ia64io.h |
427 |
++++ b/drivers/input/serio/i8042-x86ia64io.h |
428 |
+@@ -223,6 +223,8 @@ static const struct dmi_system_id __initconst i8042_dmi_noloop_table[] = { |
429 |
+ DMI_MATCH(DMI_SYS_VENDOR, "PEGATRON CORPORATION"), |
430 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "C15B"), |
431 |
+ }, |
432 |
++ }, |
433 |
++ { |
434 |
+ .matches = { |
435 |
+ DMI_MATCH(DMI_SYS_VENDOR, "ByteSpeed LLC"), |
436 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "ByteSpeed Laptop C15B"), |
437 |
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c |
438 |
+index 593a4bfcba428..b2061cfa05ab4 100644 |
439 |
+--- a/drivers/iommu/intel-iommu.c |
440 |
++++ b/drivers/iommu/intel-iommu.c |
441 |
+@@ -3323,6 +3323,12 @@ static int __init init_dmars(void) |
442 |
+ |
443 |
+ if (!ecap_pass_through(iommu->ecap)) |
444 |
+ hw_pass_through = 0; |
445 |
++ |
446 |
++ if (!intel_iommu_strict && cap_caching_mode(iommu->cap)) { |
447 |
++ pr_info("Disable batched IOTLB flush due to virtualization"); |
448 |
++ intel_iommu_strict = 1; |
449 |
++ } |
450 |
++ |
451 |
+ #ifdef CONFIG_INTEL_IOMMU_SVM |
452 |
+ if (pasid_enabled(iommu)) |
453 |
+ intel_svm_alloc_pasid_tables(iommu); |
454 |
+diff --git a/drivers/mmc/core/sdio_cis.c b/drivers/mmc/core/sdio_cis.c |
455 |
+index 934c4816d78bf..14c56cf66ddc6 100644 |
456 |
+--- a/drivers/mmc/core/sdio_cis.c |
457 |
++++ b/drivers/mmc/core/sdio_cis.c |
458 |
+@@ -24,6 +24,8 @@ |
459 |
+ #include "sdio_cis.h" |
460 |
+ #include "sdio_ops.h" |
461 |
+ |
462 |
++#define SDIO_READ_CIS_TIMEOUT_MS (10 * 1000) /* 10s */ |
463 |
++ |
464 |
+ static int cistpl_vers_1(struct mmc_card *card, struct sdio_func *func, |
465 |
+ const unsigned char *buf, unsigned size) |
466 |
+ { |
467 |
+@@ -269,6 +271,8 @@ static int sdio_read_cis(struct mmc_card *card, struct sdio_func *func) |
468 |
+ |
469 |
+ do { |
470 |
+ unsigned char tpl_code, tpl_link; |
471 |
++ unsigned long timeout = jiffies + |
472 |
++ msecs_to_jiffies(SDIO_READ_CIS_TIMEOUT_MS); |
473 |
+ |
474 |
+ ret = mmc_io_rw_direct(card, 0, 0, ptr++, 0, &tpl_code); |
475 |
+ if (ret) |
476 |
+@@ -321,6 +325,8 @@ static int sdio_read_cis(struct mmc_card *card, struct sdio_func *func) |
477 |
+ prev = &this->next; |
478 |
+ |
479 |
+ if (ret == -ENOENT) { |
480 |
++ if (time_after(jiffies, timeout)) |
481 |
++ break; |
482 |
+ /* warn about unknown tuples */ |
483 |
+ pr_warn_ratelimited("%s: queuing unknown" |
484 |
+ " CIS tuple 0x%02x (%u bytes)\n", |
485 |
+diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c |
486 |
+index 84def5819d2ec..a3742a3b413cd 100644 |
487 |
+--- a/drivers/net/dsa/bcm_sf2.c |
488 |
++++ b/drivers/net/dsa/bcm_sf2.c |
489 |
+@@ -515,15 +515,19 @@ static int bcm_sf2_mdio_register(struct dsa_switch *ds) |
490 |
+ /* Find our integrated MDIO bus node */ |
491 |
+ dn = of_find_compatible_node(NULL, NULL, "brcm,unimac-mdio"); |
492 |
+ priv->master_mii_bus = of_mdio_find_bus(dn); |
493 |
+- if (!priv->master_mii_bus) |
494 |
++ if (!priv->master_mii_bus) { |
495 |
++ of_node_put(dn); |
496 |
+ return -EPROBE_DEFER; |
497 |
++ } |
498 |
+ |
499 |
+ get_device(&priv->master_mii_bus->dev); |
500 |
+ priv->master_mii_dn = dn; |
501 |
+ |
502 |
+ priv->slave_mii_bus = devm_mdiobus_alloc(ds->dev); |
503 |
+- if (!priv->slave_mii_bus) |
504 |
++ if (!priv->slave_mii_bus) { |
505 |
++ of_node_put(dn); |
506 |
+ return -ENOMEM; |
507 |
++ } |
508 |
+ |
509 |
+ priv->slave_mii_bus->priv = priv; |
510 |
+ priv->slave_mii_bus->name = "sf2 slave mii"; |
511 |
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c |
512 |
+index a8ff4f8a6b87d..f23559a2b2bd1 100644 |
513 |
+--- a/drivers/net/ethernet/ibm/ibmvnic.c |
514 |
++++ b/drivers/net/ethernet/ibm/ibmvnic.c |
515 |
+@@ -3496,6 +3496,12 @@ static irqreturn_t ibmvnic_interrupt(int irq, void *instance) |
516 |
+ while (!done) { |
517 |
+ /* Pull all the valid messages off the CRQ */ |
518 |
+ while ((crq = ibmvnic_next_crq(adapter)) != NULL) { |
519 |
++ /* This barrier makes sure ibmvnic_next_crq()'s |
520 |
++ * crq->generic.first & IBMVNIC_CRQ_CMD_RSP is loaded |
521 |
++ * before ibmvnic_handle_crq()'s |
522 |
++ * switch(gen_crq->first) and switch(gen_crq->cmd). |
523 |
++ */ |
524 |
++ dma_rmb(); |
525 |
+ ibmvnic_handle_crq(crq, adapter); |
526 |
+ crq->generic.first = 0; |
527 |
+ } |
528 |
+diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c |
529 |
+index 04b3ac17531db..7865feb8e5e83 100644 |
530 |
+--- a/drivers/scsi/ibmvscsi/ibmvfc.c |
531 |
++++ b/drivers/scsi/ibmvscsi/ibmvfc.c |
532 |
+@@ -2891,8 +2891,10 @@ static int ibmvfc_slave_configure(struct scsi_device *sdev) |
533 |
+ unsigned long flags = 0; |
534 |
+ |
535 |
+ spin_lock_irqsave(shost->host_lock, flags); |
536 |
+- if (sdev->type == TYPE_DISK) |
537 |
++ if (sdev->type == TYPE_DISK) { |
538 |
+ sdev->allow_restart = 1; |
539 |
++ blk_queue_rq_timeout(sdev->request_queue, 120 * HZ); |
540 |
++ } |
541 |
+ spin_unlock_irqrestore(shost->host_lock, flags); |
542 |
+ return 0; |
543 |
+ } |
544 |
+diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c |
545 |
+index d0a86ef806522..59fd6101f188b 100644 |
546 |
+--- a/drivers/scsi/libfc/fc_exch.c |
547 |
++++ b/drivers/scsi/libfc/fc_exch.c |
548 |
+@@ -1585,8 +1585,13 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) |
549 |
+ rc = fc_exch_done_locked(ep); |
550 |
+ WARN_ON(fc_seq_exch(sp) != ep); |
551 |
+ spin_unlock_bh(&ep->ex_lock); |
552 |
+- if (!rc) |
553 |
++ if (!rc) { |
554 |
+ fc_exch_delete(ep); |
555 |
++ } else { |
556 |
++ FC_EXCH_DBG(ep, "ep is completed already," |
557 |
++ "hence skip calling the resp\n"); |
558 |
++ goto skip_resp; |
559 |
++ } |
560 |
+ } |
561 |
+ |
562 |
+ /* |
563 |
+@@ -1605,6 +1610,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) |
564 |
+ if (!fc_invoke_resp(ep, sp, fp)) |
565 |
+ fc_frame_free(fp); |
566 |
+ |
567 |
++skip_resp: |
568 |
+ fc_exch_release(ep); |
569 |
+ return; |
570 |
+ rel: |
571 |
+@@ -1848,10 +1854,16 @@ static void fc_exch_reset(struct fc_exch *ep) |
572 |
+ |
573 |
+ fc_exch_hold(ep); |
574 |
+ |
575 |
+- if (!rc) |
576 |
++ if (!rc) { |
577 |
+ fc_exch_delete(ep); |
578 |
++ } else { |
579 |
++ FC_EXCH_DBG(ep, "ep is completed already," |
580 |
++ "hence skip calling the resp\n"); |
581 |
++ goto skip_resp; |
582 |
++ } |
583 |
+ |
584 |
+ fc_invoke_resp(ep, sp, ERR_PTR(-FC_EX_CLOSED)); |
585 |
++skip_resp: |
586 |
+ fc_seq_set_resp(sp, NULL, ep->arg); |
587 |
+ fc_exch_release(ep); |
588 |
+ } |
589 |
+diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c |
590 |
+index 76701d6ce92c3..582099f4f449f 100644 |
591 |
+--- a/drivers/usb/class/usblp.c |
592 |
++++ b/drivers/usb/class/usblp.c |
593 |
+@@ -1349,14 +1349,17 @@ static int usblp_set_protocol(struct usblp *usblp, int protocol) |
594 |
+ if (protocol < USBLP_FIRST_PROTOCOL || protocol > USBLP_LAST_PROTOCOL) |
595 |
+ return -EINVAL; |
596 |
+ |
597 |
+- alts = usblp->protocol[protocol].alt_setting; |
598 |
+- if (alts < 0) |
599 |
+- return -EINVAL; |
600 |
+- r = usb_set_interface(usblp->dev, usblp->ifnum, alts); |
601 |
+- if (r < 0) { |
602 |
+- printk(KERN_ERR "usblp: can't set desired altsetting %d on interface %d\n", |
603 |
+- alts, usblp->ifnum); |
604 |
+- return r; |
605 |
++ /* Don't unnecessarily set the interface if there's a single alt. */ |
606 |
++ if (usblp->intf->num_altsetting > 1) { |
607 |
++ alts = usblp->protocol[protocol].alt_setting; |
608 |
++ if (alts < 0) |
609 |
++ return -EINVAL; |
610 |
++ r = usb_set_interface(usblp->dev, usblp->ifnum, alts); |
611 |
++ if (r < 0) { |
612 |
++ printk(KERN_ERR "usblp: can't set desired altsetting %d on interface %d\n", |
613 |
++ alts, usblp->ifnum); |
614 |
++ return r; |
615 |
++ } |
616 |
+ } |
617 |
+ |
618 |
+ usblp->bidir = (usblp->protocol[protocol].epread != NULL); |
619 |
+diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c |
620 |
+index 9381a108a9851..6bde5db1490a1 100644 |
621 |
+--- a/drivers/usb/dwc2/gadget.c |
622 |
++++ b/drivers/usb/dwc2/gadget.c |
623 |
+@@ -942,7 +942,6 @@ static void dwc2_hsotg_complete_oursetup(struct usb_ep *ep, |
624 |
+ static struct dwc2_hsotg_ep *ep_from_windex(struct dwc2_hsotg *hsotg, |
625 |
+ u32 windex) |
626 |
+ { |
627 |
+- struct dwc2_hsotg_ep *ep; |
628 |
+ int dir = (windex & USB_DIR_IN) ? 1 : 0; |
629 |
+ int idx = windex & 0x7F; |
630 |
+ |
631 |
+@@ -952,12 +951,7 @@ static struct dwc2_hsotg_ep *ep_from_windex(struct dwc2_hsotg *hsotg, |
632 |
+ if (idx > hsotg->num_of_eps) |
633 |
+ return NULL; |
634 |
+ |
635 |
+- ep = index_to_ep(hsotg, idx, dir); |
636 |
+- |
637 |
+- if (idx && ep->dir_in != dir) |
638 |
+- return NULL; |
639 |
+- |
640 |
+- return ep; |
641 |
++ return index_to_ep(hsotg, idx, dir); |
642 |
+ } |
643 |
+ |
644 |
+ /** |
645 |
+diff --git a/drivers/usb/gadget/legacy/ether.c b/drivers/usb/gadget/legacy/ether.c |
646 |
+index 25a2c2e485920..3396e7193dba2 100644 |
647 |
+--- a/drivers/usb/gadget/legacy/ether.c |
648 |
++++ b/drivers/usb/gadget/legacy/ether.c |
649 |
+@@ -407,8 +407,10 @@ static int eth_bind(struct usb_composite_dev *cdev) |
650 |
+ struct usb_descriptor_header *usb_desc; |
651 |
+ |
652 |
+ usb_desc = usb_otg_descriptor_alloc(gadget); |
653 |
+- if (!usb_desc) |
654 |
++ if (!usb_desc) { |
655 |
++ status = -ENOMEM; |
656 |
+ goto fail1; |
657 |
++ } |
658 |
+ usb_otg_descriptor_init(gadget, usb_desc); |
659 |
+ otg_desc[0] = usb_desc; |
660 |
+ otg_desc[1] = NULL; |
661 |
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c |
662 |
+index 6e1d65fda97e0..69dbfffde4df0 100644 |
663 |
+--- a/drivers/usb/host/xhci-ring.c |
664 |
++++ b/drivers/usb/host/xhci-ring.c |
665 |
+@@ -692,11 +692,16 @@ void xhci_unmap_td_bounce_buffer(struct xhci_hcd *xhci, struct xhci_ring *ring, |
666 |
+ dma_unmap_single(dev, seg->bounce_dma, ring->bounce_buf_len, |
667 |
+ DMA_FROM_DEVICE); |
668 |
+ /* for in tranfers we need to copy the data from bounce to sg */ |
669 |
+- len = sg_pcopy_from_buffer(urb->sg, urb->num_sgs, seg->bounce_buf, |
670 |
+- seg->bounce_len, seg->bounce_offs); |
671 |
+- if (len != seg->bounce_len) |
672 |
+- xhci_warn(xhci, "WARN Wrong bounce buffer read length: %zu != %d\n", |
673 |
+- len, seg->bounce_len); |
674 |
++ if (urb->num_sgs) { |
675 |
++ len = sg_pcopy_from_buffer(urb->sg, urb->num_sgs, seg->bounce_buf, |
676 |
++ seg->bounce_len, seg->bounce_offs); |
677 |
++ if (len != seg->bounce_len) |
678 |
++ xhci_warn(xhci, "WARN Wrong bounce buffer read length: %zu != %d\n", |
679 |
++ len, seg->bounce_len); |
680 |
++ } else { |
681 |
++ memcpy(urb->transfer_buffer + seg->bounce_offs, seg->bounce_buf, |
682 |
++ seg->bounce_len); |
683 |
++ } |
684 |
+ seg->bounce_len = 0; |
685 |
+ seg->bounce_offs = 0; |
686 |
+ } |
687 |
+@@ -3196,12 +3201,16 @@ static int xhci_align_td(struct xhci_hcd *xhci, struct urb *urb, u32 enqd_len, |
688 |
+ |
689 |
+ /* create a max max_pkt sized bounce buffer pointed to by last trb */ |
690 |
+ if (usb_urb_dir_out(urb)) { |
691 |
+- len = sg_pcopy_to_buffer(urb->sg, urb->num_sgs, |
692 |
+- seg->bounce_buf, new_buff_len, enqd_len); |
693 |
+- if (len != new_buff_len) |
694 |
+- xhci_warn(xhci, |
695 |
+- "WARN Wrong bounce buffer write length: %zu != %d\n", |
696 |
+- len, new_buff_len); |
697 |
++ if (urb->num_sgs) { |
698 |
++ len = sg_pcopy_to_buffer(urb->sg, urb->num_sgs, |
699 |
++ seg->bounce_buf, new_buff_len, enqd_len); |
700 |
++ if (len != new_buff_len) |
701 |
++ xhci_warn(xhci, "WARN Wrong bounce buffer write length: %zu != %d\n", |
702 |
++ len, new_buff_len); |
703 |
++ } else { |
704 |
++ memcpy(seg->bounce_buf, urb->transfer_buffer + enqd_len, new_buff_len); |
705 |
++ } |
706 |
++ |
707 |
+ seg->bounce_dma = dma_map_single(dev, seg->bounce_buf, |
708 |
+ max_pkt, DMA_TO_DEVICE); |
709 |
+ } else { |
710 |
+diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c |
711 |
+index abf8a3cac2651..1847074b4d819 100644 |
712 |
+--- a/drivers/usb/serial/cp210x.c |
713 |
++++ b/drivers/usb/serial/cp210x.c |
714 |
+@@ -58,6 +58,7 @@ static const struct usb_device_id id_table[] = { |
715 |
+ { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */ |
716 |
+ { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */ |
717 |
+ { USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */ |
718 |
++ { USB_DEVICE(0x0988, 0x0578) }, /* Teraoka AD2000 */ |
719 |
+ { USB_DEVICE(0x0B00, 0x3070) }, /* Ingenico 3070 */ |
720 |
+ { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */ |
721 |
+ { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */ |
722 |
+@@ -198,6 +199,7 @@ static const struct usb_device_id id_table[] = { |
723 |
+ { USB_DEVICE(0x1901, 0x0194) }, /* GE Healthcare Remote Alarm Box */ |
724 |
+ { USB_DEVICE(0x1901, 0x0195) }, /* GE B850/B650/B450 CP2104 DP UART interface */ |
725 |
+ { USB_DEVICE(0x1901, 0x0196) }, /* GE B850 CP2105 DP UART interface */ |
726 |
++ { USB_DEVICE(0x199B, 0xBA30) }, /* LORD WSDA-200-USB */ |
727 |
+ { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */ |
728 |
+ { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */ |
729 |
+ { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */ |
730 |
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
731 |
+index 1998b314368e0..3c536eed07541 100644 |
732 |
+--- a/drivers/usb/serial/option.c |
733 |
++++ b/drivers/usb/serial/option.c |
734 |
+@@ -425,6 +425,8 @@ static void option_instat_callback(struct urb *urb); |
735 |
+ #define CINTERION_PRODUCT_AHXX_2RMNET 0x0084 |
736 |
+ #define CINTERION_PRODUCT_AHXX_AUDIO 0x0085 |
737 |
+ #define CINTERION_PRODUCT_CLS8 0x00b0 |
738 |
++#define CINTERION_PRODUCT_MV31_MBIM 0x00b3 |
739 |
++#define CINTERION_PRODUCT_MV31_RMNET 0x00b7 |
740 |
+ |
741 |
+ /* Olivetti products */ |
742 |
+ #define OLIVETTI_VENDOR_ID 0x0b3c |
743 |
+@@ -1896,6 +1898,10 @@ static const struct usb_device_id option_ids[] = { |
744 |
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC25_MDMNET) }, |
745 |
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) }, /* HC28 enumerates with Siemens or Cinterion VID depending on FW revision */ |
746 |
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) }, |
747 |
++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_MBIM, 0xff), |
748 |
++ .driver_info = RSVD(3)}, |
749 |
++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_RMNET, 0xff), |
750 |
++ .driver_info = RSVD(0)}, |
751 |
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100), |
752 |
+ .driver_info = RSVD(4) }, |
753 |
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD120), |
754 |
+diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c |
755 |
+index 0262c8f7e7c76..09f49dab77393 100644 |
756 |
+--- a/fs/cifs/dir.c |
757 |
++++ b/fs/cifs/dir.c |
758 |
+@@ -830,6 +830,7 @@ static int |
759 |
+ cifs_d_revalidate(struct dentry *direntry, unsigned int flags) |
760 |
+ { |
761 |
+ struct inode *inode; |
762 |
++ int rc; |
763 |
+ |
764 |
+ if (flags & LOOKUP_RCU) |
765 |
+ return -ECHILD; |
766 |
+@@ -839,8 +840,25 @@ cifs_d_revalidate(struct dentry *direntry, unsigned int flags) |
767 |
+ if ((flags & LOOKUP_REVAL) && !CIFS_CACHE_READ(CIFS_I(inode))) |
768 |
+ CIFS_I(inode)->time = 0; /* force reval */ |
769 |
+ |
770 |
+- if (cifs_revalidate_dentry(direntry)) |
771 |
+- return 0; |
772 |
++ rc = cifs_revalidate_dentry(direntry); |
773 |
++ if (rc) { |
774 |
++ cifs_dbg(FYI, "cifs_revalidate_dentry failed with rc=%d", rc); |
775 |
++ switch (rc) { |
776 |
++ case -ENOENT: |
777 |
++ case -ESTALE: |
778 |
++ /* |
779 |
++ * Those errors mean the dentry is invalid |
780 |
++ * (file was deleted or recreated) |
781 |
++ */ |
782 |
++ return 0; |
783 |
++ default: |
784 |
++ /* |
785 |
++ * Otherwise some unexpected error happened |
786 |
++ * report it as-is to VFS layer |
787 |
++ */ |
788 |
++ return rc; |
789 |
++ } |
790 |
++ } |
791 |
+ else { |
792 |
+ /* |
793 |
+ * If the inode wasn't known to be a dfs entry when |
794 |
+diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c |
795 |
+index 253b03451b727..ba1909b887efb 100644 |
796 |
+--- a/fs/hugetlbfs/inode.c |
797 |
++++ b/fs/hugetlbfs/inode.c |
798 |
+@@ -665,8 +665,9 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset, |
799 |
+ |
800 |
+ mutex_unlock(&hugetlb_fault_mutex_table[hash]); |
801 |
+ |
802 |
++ set_page_huge_active(page); |
803 |
+ /* |
804 |
+- * page_put due to reference from alloc_huge_page() |
805 |
++ * put_page() due to reference from alloc_huge_page() |
806 |
+ * unlock_page because locked by add_to_page_cache() |
807 |
+ */ |
808 |
+ put_page(page); |
809 |
+diff --git a/include/linux/elfcore.h b/include/linux/elfcore.h |
810 |
+index 698d51a0eea3f..4adf7faeaeb59 100644 |
811 |
+--- a/include/linux/elfcore.h |
812 |
++++ b/include/linux/elfcore.h |
813 |
+@@ -55,6 +55,7 @@ static inline int elf_core_copy_task_xfpregs(struct task_struct *t, elf_fpxregse |
814 |
+ } |
815 |
+ #endif |
816 |
+ |
817 |
++#if defined(CONFIG_UM) || defined(CONFIG_IA64) |
818 |
+ /* |
819 |
+ * These functions parameterize elf_core_dump in fs/binfmt_elf.c to write out |
820 |
+ * extra segments containing the gate DSO contents. Dumping its |
821 |
+@@ -69,5 +70,26 @@ elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset); |
822 |
+ extern int |
823 |
+ elf_core_write_extra_data(struct coredump_params *cprm); |
824 |
+ extern size_t elf_core_extra_data_size(void); |
825 |
++#else |
826 |
++static inline Elf_Half elf_core_extra_phdrs(void) |
827 |
++{ |
828 |
++ return 0; |
829 |
++} |
830 |
++ |
831 |
++static inline int elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset) |
832 |
++{ |
833 |
++ return 1; |
834 |
++} |
835 |
++ |
836 |
++static inline int elf_core_write_extra_data(struct coredump_params *cprm) |
837 |
++{ |
838 |
++ return 1; |
839 |
++} |
840 |
++ |
841 |
++static inline size_t elf_core_extra_data_size(void) |
842 |
++{ |
843 |
++ return 0; |
844 |
++} |
845 |
++#endif |
846 |
+ |
847 |
+ #endif /* _LINUX_ELFCORE_H */ |
848 |
+diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h |
849 |
+index 6b8a7b654771a..4e4c35a6bfc5a 100644 |
850 |
+--- a/include/linux/hugetlb.h |
851 |
++++ b/include/linux/hugetlb.h |
852 |
+@@ -502,6 +502,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm) |
853 |
+ { |
854 |
+ atomic_long_sub(l, &mm->hugetlb_usage); |
855 |
+ } |
856 |
++ |
857 |
++void set_page_huge_active(struct page *page); |
858 |
++ |
859 |
+ #else /* CONFIG_HUGETLB_PAGE */ |
860 |
+ struct hstate {}; |
861 |
+ #define alloc_huge_page(v, a, r) NULL |
862 |
+diff --git a/kernel/Makefile b/kernel/Makefile |
863 |
+index 92488cf6ad913..6c4a28cf680e4 100644 |
864 |
+--- a/kernel/Makefile |
865 |
++++ b/kernel/Makefile |
866 |
+@@ -90,7 +90,6 @@ obj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o |
867 |
+ obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o |
868 |
+ obj-$(CONFIG_TRACEPOINTS) += tracepoint.o |
869 |
+ obj-$(CONFIG_LATENCYTOP) += latencytop.o |
870 |
+-obj-$(CONFIG_ELFCORE) += elfcore.o |
871 |
+ obj-$(CONFIG_FUNCTION_TRACER) += trace/ |
872 |
+ obj-$(CONFIG_TRACING) += trace/ |
873 |
+ obj-$(CONFIG_TRACE_CLOCK) += trace/ |
874 |
+diff --git a/kernel/elfcore.c b/kernel/elfcore.c |
875 |
+deleted file mode 100644 |
876 |
+index a2b29b9bdfcb2..0000000000000 |
877 |
+--- a/kernel/elfcore.c |
878 |
++++ /dev/null |
879 |
+@@ -1,25 +0,0 @@ |
880 |
+-#include <linux/elf.h> |
881 |
+-#include <linux/fs.h> |
882 |
+-#include <linux/mm.h> |
883 |
+-#include <linux/binfmts.h> |
884 |
+-#include <linux/elfcore.h> |
885 |
+- |
886 |
+-Elf_Half __weak elf_core_extra_phdrs(void) |
887 |
+-{ |
888 |
+- return 0; |
889 |
+-} |
890 |
+- |
891 |
+-int __weak elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset) |
892 |
+-{ |
893 |
+- return 1; |
894 |
+-} |
895 |
+- |
896 |
+-int __weak elf_core_write_extra_data(struct coredump_params *cprm) |
897 |
+-{ |
898 |
+- return 1; |
899 |
+-} |
900 |
+- |
901 |
+-size_t __weak elf_core_extra_data_size(void) |
902 |
+-{ |
903 |
+- return 0; |
904 |
+-} |
905 |
+diff --git a/kernel/futex.c b/kernel/futex.c |
906 |
+index 2ef8c5aef35d0..83db5787c67ef 100644 |
907 |
+--- a/kernel/futex.c |
908 |
++++ b/kernel/futex.c |
909 |
+@@ -837,6 +837,29 @@ static struct futex_pi_state * alloc_pi_state(void) |
910 |
+ return pi_state; |
911 |
+ } |
912 |
+ |
913 |
++static void pi_state_update_owner(struct futex_pi_state *pi_state, |
914 |
++ struct task_struct *new_owner) |
915 |
++{ |
916 |
++ struct task_struct *old_owner = pi_state->owner; |
917 |
++ |
918 |
++ lockdep_assert_held(&pi_state->pi_mutex.wait_lock); |
919 |
++ |
920 |
++ if (old_owner) { |
921 |
++ raw_spin_lock(&old_owner->pi_lock); |
922 |
++ WARN_ON(list_empty(&pi_state->list)); |
923 |
++ list_del_init(&pi_state->list); |
924 |
++ raw_spin_unlock(&old_owner->pi_lock); |
925 |
++ } |
926 |
++ |
927 |
++ if (new_owner) { |
928 |
++ raw_spin_lock(&new_owner->pi_lock); |
929 |
++ WARN_ON(!list_empty(&pi_state->list)); |
930 |
++ list_add(&pi_state->list, &new_owner->pi_state_list); |
931 |
++ pi_state->owner = new_owner; |
932 |
++ raw_spin_unlock(&new_owner->pi_lock); |
933 |
++ } |
934 |
++} |
935 |
++ |
936 |
+ /* |
937 |
+ * Drops a reference to the pi_state object and frees or caches it |
938 |
+ * when the last reference is gone. |
939 |
+@@ -856,11 +879,8 @@ static void put_pi_state(struct futex_pi_state *pi_state) |
940 |
+ * and has cleaned up the pi_state already |
941 |
+ */ |
942 |
+ if (pi_state->owner) { |
943 |
+- raw_spin_lock_irq(&pi_state->owner->pi_lock); |
944 |
+- list_del_init(&pi_state->list); |
945 |
+- raw_spin_unlock_irq(&pi_state->owner->pi_lock); |
946 |
+- |
947 |
+- rt_mutex_proxy_unlock(&pi_state->pi_mutex, pi_state->owner); |
948 |
++ pi_state_update_owner(pi_state, NULL); |
949 |
++ rt_mutex_proxy_unlock(&pi_state->pi_mutex); |
950 |
+ } |
951 |
+ |
952 |
+ if (current->pi_state_cache) |
953 |
+@@ -941,7 +961,7 @@ static void exit_pi_state_list(struct task_struct *curr) |
954 |
+ pi_state->owner = NULL; |
955 |
+ raw_spin_unlock_irq(&curr->pi_lock); |
956 |
+ |
957 |
+- rt_mutex_unlock(&pi_state->pi_mutex); |
958 |
++ rt_mutex_futex_unlock(&pi_state->pi_mutex); |
959 |
+ |
960 |
+ spin_unlock(&hb->lock); |
961 |
+ |
962 |
+@@ -997,7 +1017,8 @@ static void exit_pi_state_list(struct task_struct *curr) |
963 |
+ * FUTEX_OWNER_DIED bit. See [4] |
964 |
+ * |
965 |
+ * [10] There is no transient state which leaves owner and user space |
966 |
+- * TID out of sync. |
967 |
++ * TID out of sync. Except one error case where the kernel is denied |
968 |
++ * write access to the user address, see fixup_pi_state_owner(). |
969 |
+ */ |
970 |
+ |
971 |
+ /* |
972 |
+@@ -1394,12 +1415,19 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this, |
973 |
+ new_owner = rt_mutex_next_owner(&pi_state->pi_mutex); |
974 |
+ |
975 |
+ /* |
976 |
+- * It is possible that the next waiter (the one that brought |
977 |
+- * this owner to the kernel) timed out and is no longer |
978 |
+- * waiting on the lock. |
979 |
++ * When we interleave with futex_lock_pi() where it does |
980 |
++ * rt_mutex_timed_futex_lock(), we might observe @this futex_q waiter, |
981 |
++ * but the rt_mutex's wait_list can be empty (either still, or again, |
982 |
++ * depending on which side we land). |
983 |
++ * |
984 |
++ * When this happens, give up our locks and try again, giving the |
985 |
++ * futex_lock_pi() instance time to complete, either by waiting on the |
986 |
++ * rtmutex or removing itself from the futex queue. |
987 |
+ */ |
988 |
+- if (!new_owner) |
989 |
+- new_owner = this->task; |
990 |
++ if (!new_owner) { |
991 |
++ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); |
992 |
++ return -EAGAIN; |
993 |
++ } |
994 |
+ |
995 |
+ /* |
996 |
+ * We pass it to the next owner. The WAITERS bit is always |
997 |
+@@ -1425,36 +1453,24 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this, |
998 |
+ else |
999 |
+ ret = -EINVAL; |
1000 |
+ } |
1001 |
+- if (ret) { |
1002 |
+- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); |
1003 |
+- return ret; |
1004 |
+- } |
1005 |
+- |
1006 |
+- raw_spin_lock(&pi_state->owner->pi_lock); |
1007 |
+- WARN_ON(list_empty(&pi_state->list)); |
1008 |
+- list_del_init(&pi_state->list); |
1009 |
+- raw_spin_unlock(&pi_state->owner->pi_lock); |
1010 |
+ |
1011 |
+- raw_spin_lock(&new_owner->pi_lock); |
1012 |
+- WARN_ON(!list_empty(&pi_state->list)); |
1013 |
+- list_add(&pi_state->list, &new_owner->pi_state_list); |
1014 |
+- pi_state->owner = new_owner; |
1015 |
+- raw_spin_unlock(&new_owner->pi_lock); |
1016 |
++ if (!ret) { |
1017 |
++ /* |
1018 |
++ * This is a point of no return; once we modified the uval |
1019 |
++ * there is no going back and subsequent operations must |
1020 |
++ * not fail. |
1021 |
++ */ |
1022 |
++ pi_state_update_owner(pi_state, new_owner); |
1023 |
++ deboost = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q); |
1024 |
++ } |
1025 |
+ |
1026 |
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); |
1027 |
+- |
1028 |
+- deboost = rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q); |
1029 |
+- |
1030 |
+- /* |
1031 |
+- * First unlock HB so the waiter does not spin on it once he got woken |
1032 |
+- * up. Second wake up the waiter before the priority is adjusted. If we |
1033 |
+- * deboost first (and lose our higher priority), then the task might get |
1034 |
+- * scheduled away before the wake up can take place. |
1035 |
+- */ |
1036 |
+ spin_unlock(&hb->lock); |
1037 |
+- wake_up_q(&wake_q); |
1038 |
+- if (deboost) |
1039 |
++ |
1040 |
++ if (deboost) { |
1041 |
++ wake_up_q(&wake_q); |
1042 |
+ rt_mutex_adjust_prio(current); |
1043 |
++ } |
1044 |
+ |
1045 |
+ return 0; |
1046 |
+ } |
1047 |
+@@ -2257,30 +2273,32 @@ static void unqueue_me_pi(struct futex_q *q) |
1048 |
+ spin_unlock(q->lock_ptr); |
1049 |
+ } |
1050 |
+ |
1051 |
+-/* |
1052 |
+- * Fixup the pi_state owner with the new owner. |
1053 |
+- * |
1054 |
+- * Must be called with hash bucket lock held and mm->sem held for non |
1055 |
+- * private futexes. |
1056 |
+- */ |
1057 |
+-static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
1058 |
+- struct task_struct *newowner) |
1059 |
++static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
1060 |
++ struct task_struct *argowner) |
1061 |
+ { |
1062 |
+- u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; |
1063 |
+ struct futex_pi_state *pi_state = q->pi_state; |
1064 |
+- struct task_struct *oldowner = pi_state->owner; |
1065 |
+- u32 uval, uninitialized_var(curval), newval; |
1066 |
+- int ret; |
1067 |
++ struct task_struct *oldowner, *newowner; |
1068 |
++ u32 uval, curval, newval, newtid; |
1069 |
++ int err = 0; |
1070 |
++ |
1071 |
++ oldowner = pi_state->owner; |
1072 |
+ |
1073 |
+ /* Owner died? */ |
1074 |
+ if (!pi_state->owner) |
1075 |
+ newtid |= FUTEX_OWNER_DIED; |
1076 |
+ |
1077 |
+ /* |
1078 |
+- * We are here either because we stole the rtmutex from the |
1079 |
+- * previous highest priority waiter or we are the highest priority |
1080 |
+- * waiter but failed to get the rtmutex the first time. |
1081 |
+- * We have to replace the newowner TID in the user space variable. |
1082 |
++ * We are here because either: |
1083 |
++ * |
1084 |
++ * - we stole the lock and pi_state->owner needs updating to reflect |
1085 |
++ * that (@argowner == current), |
1086 |
++ * |
1087 |
++ * or: |
1088 |
++ * |
1089 |
++ * - someone stole our lock and we need to fix things to point to the |
1090 |
++ * new owner (@argowner == NULL). |
1091 |
++ * |
1092 |
++ * Either way, we have to replace the TID in the user space variable. |
1093 |
+ * This must be atomic as we have to preserve the owner died bit here. |
1094 |
+ * |
1095 |
+ * Note: We write the user space value _before_ changing the pi_state |
1096 |
+@@ -2294,6 +2312,39 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
1097 |
+ * in lookup_pi_state. |
1098 |
+ */ |
1099 |
+ retry: |
1100 |
++ if (!argowner) { |
1101 |
++ if (oldowner != current) { |
1102 |
++ /* |
1103 |
++ * We raced against a concurrent self; things are |
1104 |
++ * already fixed up. Nothing to do. |
1105 |
++ */ |
1106 |
++ return 0; |
1107 |
++ } |
1108 |
++ |
1109 |
++ if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { |
1110 |
++ /* We got the lock after all, nothing to fix. */ |
1111 |
++ return 1; |
1112 |
++ } |
1113 |
++ |
1114 |
++ /* |
1115 |
++ * Since we just failed the trylock; there must be an owner. |
1116 |
++ */ |
1117 |
++ newowner = rt_mutex_owner(&pi_state->pi_mutex); |
1118 |
++ BUG_ON(!newowner); |
1119 |
++ } else { |
1120 |
++ WARN_ON_ONCE(argowner != current); |
1121 |
++ if (oldowner == current) { |
1122 |
++ /* |
1123 |
++ * We raced against a concurrent self; things are |
1124 |
++ * already fixed up. Nothing to do. |
1125 |
++ */ |
1126 |
++ return 1; |
1127 |
++ } |
1128 |
++ newowner = argowner; |
1129 |
++ } |
1130 |
++ |
1131 |
++ newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; |
1132 |
++ |
1133 |
+ if (get_futex_value_locked(&uval, uaddr)) |
1134 |
+ goto handle_fault; |
1135 |
+ |
1136 |
+@@ -2311,19 +2362,8 @@ retry: |
1137 |
+ * We fixed up user space. Now we need to fix the pi_state |
1138 |
+ * itself. |
1139 |
+ */ |
1140 |
+- if (pi_state->owner != NULL) { |
1141 |
+- raw_spin_lock_irq(&pi_state->owner->pi_lock); |
1142 |
+- WARN_ON(list_empty(&pi_state->list)); |
1143 |
+- list_del_init(&pi_state->list); |
1144 |
+- raw_spin_unlock_irq(&pi_state->owner->pi_lock); |
1145 |
+- } |
1146 |
+- |
1147 |
+- pi_state->owner = newowner; |
1148 |
++ pi_state_update_owner(pi_state, newowner); |
1149 |
+ |
1150 |
+- raw_spin_lock_irq(&newowner->pi_lock); |
1151 |
+- WARN_ON(!list_empty(&pi_state->list)); |
1152 |
+- list_add(&pi_state->list, &newowner->pi_state_list); |
1153 |
+- raw_spin_unlock_irq(&newowner->pi_lock); |
1154 |
+ return 0; |
1155 |
+ |
1156 |
+ /* |
1157 |
+@@ -2339,7 +2379,7 @@ retry: |
1158 |
+ handle_fault: |
1159 |
+ spin_unlock(q->lock_ptr); |
1160 |
+ |
1161 |
+- ret = fault_in_user_writeable(uaddr); |
1162 |
++ err = fault_in_user_writeable(uaddr); |
1163 |
+ |
1164 |
+ spin_lock(q->lock_ptr); |
1165 |
+ |
1166 |
+@@ -2347,12 +2387,45 @@ handle_fault: |
1167 |
+ * Check if someone else fixed it for us: |
1168 |
+ */ |
1169 |
+ if (pi_state->owner != oldowner) |
1170 |
+- return 0; |
1171 |
++ return argowner == current; |
1172 |
+ |
1173 |
+- if (ret) |
1174 |
+- return ret; |
1175 |
++ /* Retry if err was -EAGAIN or the fault in succeeded */ |
1176 |
++ if (!err) |
1177 |
++ goto retry; |
1178 |
+ |
1179 |
+- goto retry; |
1180 |
++ /* |
1181 |
++ * fault_in_user_writeable() failed so user state is immutable. At |
1182 |
++ * best we can make the kernel state consistent but user state will |
1183 |
++ * be most likely hosed and any subsequent unlock operation will be |
1184 |
++ * rejected due to PI futex rule [10]. |
1185 |
++ * |
1186 |
++ * Ensure that the rtmutex owner is also the pi_state owner despite |
1187 |
++ * the user space value claiming something different. There is no |
1188 |
++ * point in unlocking the rtmutex if current is the owner as it |
1189 |
++ * would need to wait until the next waiter has taken the rtmutex |
1190 |
++ * to guarantee consistent state. Keep it simple. Userspace asked |
1191 |
++ * for this wreckaged state. |
1192 |
++ * |
1193 |
++ * The rtmutex has an owner - either current or some other |
1194 |
++ * task. See the EAGAIN loop above. |
1195 |
++ */ |
1196 |
++ pi_state_update_owner(pi_state, rt_mutex_owner(&pi_state->pi_mutex)); |
1197 |
++ |
1198 |
++ return err; |
1199 |
++} |
1200 |
++ |
1201 |
++static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
1202 |
++ struct task_struct *argowner) |
1203 |
++{ |
1204 |
++ struct futex_pi_state *pi_state = q->pi_state; |
1205 |
++ int ret; |
1206 |
++ |
1207 |
++ lockdep_assert_held(q->lock_ptr); |
1208 |
++ |
1209 |
++ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); |
1210 |
++ ret = __fixup_pi_state_owner(uaddr, q, argowner); |
1211 |
++ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock); |
1212 |
++ return ret; |
1213 |
+ } |
1214 |
+ |
1215 |
+ static long futex_wait_restart(struct restart_block *restart); |
1216 |
+@@ -2374,13 +2447,16 @@ static long futex_wait_restart(struct restart_block *restart); |
1217 |
+ */ |
1218 |
+ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) |
1219 |
+ { |
1220 |
+- struct task_struct *owner; |
1221 |
+ int ret = 0; |
1222 |
+ |
1223 |
+ if (locked) { |
1224 |
+ /* |
1225 |
+ * Got the lock. We might not be the anticipated owner if we |
1226 |
+ * did a lock-steal - fix up the PI-state in that case: |
1227 |
++ * |
1228 |
++ * Speculative pi_state->owner read (we don't hold wait_lock); |
1229 |
++ * since we own the lock pi_state->owner == current is the |
1230 |
++ * stable state, anything else needs more attention. |
1231 |
+ */ |
1232 |
+ if (q->pi_state->owner != current) |
1233 |
+ ret = fixup_pi_state_owner(uaddr, q, current); |
1234 |
+@@ -2388,43 +2464,24 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) |
1235 |
+ } |
1236 |
+ |
1237 |
+ /* |
1238 |
+- * Catch the rare case, where the lock was released when we were on the |
1239 |
+- * way back before we locked the hash bucket. |
1240 |
++ * If we didn't get the lock; check if anybody stole it from us. In |
1241 |
++ * that case, we need to fix up the uval to point to them instead of |
1242 |
++ * us, otherwise bad things happen. [10] |
1243 |
++ * |
1244 |
++ * Another speculative read; pi_state->owner == current is unstable |
1245 |
++ * but needs our attention. |
1246 |
+ */ |
1247 |
+ if (q->pi_state->owner == current) { |
1248 |
+- /* |
1249 |
+- * Try to get the rt_mutex now. This might fail as some other |
1250 |
+- * task acquired the rt_mutex after we removed ourself from the |
1251 |
+- * rt_mutex waiters list. |
1252 |
+- */ |
1253 |
+- if (rt_mutex_trylock(&q->pi_state->pi_mutex)) { |
1254 |
+- locked = 1; |
1255 |
+- goto out; |
1256 |
+- } |
1257 |
+- |
1258 |
+- /* |
1259 |
+- * pi_state is incorrect, some other task did a lock steal and |
1260 |
+- * we returned due to timeout or signal without taking the |
1261 |
+- * rt_mutex. Too late. |
1262 |
+- */ |
1263 |
+- raw_spin_lock_irq(&q->pi_state->pi_mutex.wait_lock); |
1264 |
+- owner = rt_mutex_owner(&q->pi_state->pi_mutex); |
1265 |
+- if (!owner) |
1266 |
+- owner = rt_mutex_next_owner(&q->pi_state->pi_mutex); |
1267 |
+- raw_spin_unlock_irq(&q->pi_state->pi_mutex.wait_lock); |
1268 |
+- ret = fixup_pi_state_owner(uaddr, q, owner); |
1269 |
++ ret = fixup_pi_state_owner(uaddr, q, NULL); |
1270 |
+ goto out; |
1271 |
+ } |
1272 |
+ |
1273 |
+ /* |
1274 |
+ * Paranoia check. If we did not take the lock, then we should not be |
1275 |
+- * the owner of the rt_mutex. |
1276 |
++ * the owner of the rt_mutex. Warn and establish consistent state. |
1277 |
+ */ |
1278 |
+- if (rt_mutex_owner(&q->pi_state->pi_mutex) == current) |
1279 |
+- printk(KERN_ERR "fixup_owner: ret = %d pi-mutex: %p " |
1280 |
+- "pi-state %p\n", ret, |
1281 |
+- q->pi_state->pi_mutex.owner, |
1282 |
+- q->pi_state->owner); |
1283 |
++ if (WARN_ON_ONCE(rt_mutex_owner(&q->pi_state->pi_mutex) == current)) |
1284 |
++ return fixup_pi_state_owner(uaddr, q, current); |
1285 |
+ |
1286 |
+ out: |
1287 |
+ return ret ? ret : locked; |
1288 |
+@@ -2721,7 +2778,7 @@ retry_private: |
1289 |
+ if (!trylock) { |
1290 |
+ ret = rt_mutex_timed_futex_lock(&q.pi_state->pi_mutex, to); |
1291 |
+ } else { |
1292 |
+- ret = rt_mutex_trylock(&q.pi_state->pi_mutex); |
1293 |
++ ret = rt_mutex_futex_trylock(&q.pi_state->pi_mutex); |
1294 |
+ /* Fixup the trylock return value: */ |
1295 |
+ ret = ret ? 0 : -EWOULDBLOCK; |
1296 |
+ } |
1297 |
+@@ -2739,13 +2796,6 @@ retry_private: |
1298 |
+ if (res) |
1299 |
+ ret = (res < 0) ? res : 0; |
1300 |
+ |
1301 |
+- /* |
1302 |
+- * If fixup_owner() faulted and was unable to handle the fault, unlock |
1303 |
+- * it and return the fault to userspace. |
1304 |
+- */ |
1305 |
+- if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current)) |
1306 |
+- rt_mutex_unlock(&q.pi_state->pi_mutex); |
1307 |
+- |
1308 |
+ /* Unqueue and drop the lock */ |
1309 |
+ unqueue_me_pi(&q); |
1310 |
+ |
1311 |
+@@ -3050,8 +3100,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, |
1312 |
+ if (q.pi_state && (q.pi_state->owner != current)) { |
1313 |
+ spin_lock(q.lock_ptr); |
1314 |
+ ret = fixup_pi_state_owner(uaddr2, &q, current); |
1315 |
+- if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) |
1316 |
+- rt_mutex_unlock(&q.pi_state->pi_mutex); |
1317 |
+ /* |
1318 |
+ * Drop the reference to the pi state which |
1319 |
+ * the requeue_pi() code acquired for us. |
1320 |
+@@ -3088,14 +3136,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, |
1321 |
+ if (res) |
1322 |
+ ret = (res < 0) ? res : 0; |
1323 |
+ |
1324 |
+- /* |
1325 |
+- * If fixup_pi_state_owner() faulted and was unable to handle |
1326 |
+- * the fault, unlock the rt_mutex and return the fault to |
1327 |
+- * userspace. |
1328 |
+- */ |
1329 |
+- if (ret && rt_mutex_owner(pi_mutex) == current) |
1330 |
+- rt_mutex_unlock(pi_mutex); |
1331 |
+- |
1332 |
+ /* Unqueue and drop the lock. */ |
1333 |
+ unqueue_me_pi(&q); |
1334 |
+ } |
1335 |
+diff --git a/kernel/kprobes.c b/kernel/kprobes.c |
1336 |
+index 3938e4670b89b..51867a2e537fa 100644 |
1337 |
+--- a/kernel/kprobes.c |
1338 |
++++ b/kernel/kprobes.c |
1339 |
+@@ -1884,6 +1884,10 @@ int register_kretprobe(struct kretprobe *rp) |
1340 |
+ int i; |
1341 |
+ void *addr; |
1342 |
+ |
1343 |
++ /* If only rp->kp.addr is specified, check reregistering kprobes */ |
1344 |
++ if (rp->kp.addr && check_kprobe_rereg(&rp->kp)) |
1345 |
++ return -EINVAL; |
1346 |
++ |
1347 |
+ if (kretprobe_blacklist_size) { |
1348 |
+ addr = kprobe_addr(&rp->kp); |
1349 |
+ if (IS_ERR(addr)) |
1350 |
+diff --git a/kernel/locking/rtmutex-debug.c b/kernel/locking/rtmutex-debug.c |
1351 |
+index 62b6cee8ea7f9..0613c4b1d0596 100644 |
1352 |
+--- a/kernel/locking/rtmutex-debug.c |
1353 |
++++ b/kernel/locking/rtmutex-debug.c |
1354 |
+@@ -173,12 +173,3 @@ void debug_rt_mutex_init(struct rt_mutex *lock, const char *name) |
1355 |
+ lock->name = name; |
1356 |
+ } |
1357 |
+ |
1358 |
+-void |
1359 |
+-rt_mutex_deadlock_account_lock(struct rt_mutex *lock, struct task_struct *task) |
1360 |
+-{ |
1361 |
+-} |
1362 |
+- |
1363 |
+-void rt_mutex_deadlock_account_unlock(struct task_struct *task) |
1364 |
+-{ |
1365 |
+-} |
1366 |
+- |
1367 |
+diff --git a/kernel/locking/rtmutex-debug.h b/kernel/locking/rtmutex-debug.h |
1368 |
+index d0519c3432b67..b585af9a1b508 100644 |
1369 |
+--- a/kernel/locking/rtmutex-debug.h |
1370 |
++++ b/kernel/locking/rtmutex-debug.h |
1371 |
+@@ -9,9 +9,6 @@ |
1372 |
+ * This file contains macros used solely by rtmutex.c. Debug version. |
1373 |
+ */ |
1374 |
+ |
1375 |
+-extern void |
1376 |
+-rt_mutex_deadlock_account_lock(struct rt_mutex *lock, struct task_struct *task); |
1377 |
+-extern void rt_mutex_deadlock_account_unlock(struct task_struct *task); |
1378 |
+ extern void debug_rt_mutex_init_waiter(struct rt_mutex_waiter *waiter); |
1379 |
+ extern void debug_rt_mutex_free_waiter(struct rt_mutex_waiter *waiter); |
1380 |
+ extern void debug_rt_mutex_init(struct rt_mutex *lock, const char *name); |
1381 |
+diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c |
1382 |
+index 7615e7722258c..6ff4156b3929e 100644 |
1383 |
+--- a/kernel/locking/rtmutex.c |
1384 |
++++ b/kernel/locking/rtmutex.c |
1385 |
+@@ -956,8 +956,6 @@ takeit: |
1386 |
+ */ |
1387 |
+ rt_mutex_set_owner(lock, task); |
1388 |
+ |
1389 |
+- rt_mutex_deadlock_account_lock(lock, task); |
1390 |
+- |
1391 |
+ return 1; |
1392 |
+ } |
1393 |
+ |
1394 |
+@@ -1316,6 +1314,19 @@ rt_mutex_slowlock(struct rt_mutex *lock, int state, |
1395 |
+ return ret; |
1396 |
+ } |
1397 |
+ |
1398 |
++static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock) |
1399 |
++{ |
1400 |
++ int ret = try_to_take_rt_mutex(lock, current, NULL); |
1401 |
++ |
1402 |
++ /* |
1403 |
++ * try_to_take_rt_mutex() sets the lock waiters bit |
1404 |
++ * unconditionally. Clean this up. |
1405 |
++ */ |
1406 |
++ fixup_rt_mutex_waiters(lock); |
1407 |
++ |
1408 |
++ return ret; |
1409 |
++} |
1410 |
++ |
1411 |
+ /* |
1412 |
+ * Slow path try-lock function: |
1413 |
+ */ |
1414 |
+@@ -1338,13 +1349,7 @@ static inline int rt_mutex_slowtrylock(struct rt_mutex *lock) |
1415 |
+ */ |
1416 |
+ raw_spin_lock_irqsave(&lock->wait_lock, flags); |
1417 |
+ |
1418 |
+- ret = try_to_take_rt_mutex(lock, current, NULL); |
1419 |
+- |
1420 |
+- /* |
1421 |
+- * try_to_take_rt_mutex() sets the lock waiters bit |
1422 |
+- * unconditionally. Clean this up. |
1423 |
+- */ |
1424 |
+- fixup_rt_mutex_waiters(lock); |
1425 |
++ ret = __rt_mutex_slowtrylock(lock); |
1426 |
+ |
1427 |
+ raw_spin_unlock_irqrestore(&lock->wait_lock, flags); |
1428 |
+ |
1429 |
+@@ -1365,8 +1370,6 @@ static bool __sched rt_mutex_slowunlock(struct rt_mutex *lock, |
1430 |
+ |
1431 |
+ debug_rt_mutex_unlock(lock); |
1432 |
+ |
1433 |
+- rt_mutex_deadlock_account_unlock(current); |
1434 |
+- |
1435 |
+ /* |
1436 |
+ * We must be careful here if the fast path is enabled. If we |
1437 |
+ * have no waiters queued we cannot set owner to NULL here |
1438 |
+@@ -1432,11 +1435,10 @@ rt_mutex_fastlock(struct rt_mutex *lock, int state, |
1439 |
+ struct hrtimer_sleeper *timeout, |
1440 |
+ enum rtmutex_chainwalk chwalk)) |
1441 |
+ { |
1442 |
+- if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) { |
1443 |
+- rt_mutex_deadlock_account_lock(lock, current); |
1444 |
++ if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) |
1445 |
+ return 0; |
1446 |
+- } else |
1447 |
+- return slowfn(lock, state, NULL, RT_MUTEX_MIN_CHAINWALK); |
1448 |
++ |
1449 |
++ return slowfn(lock, state, NULL, RT_MUTEX_MIN_CHAINWALK); |
1450 |
+ } |
1451 |
+ |
1452 |
+ static inline int |
1453 |
+@@ -1448,21 +1450,19 @@ rt_mutex_timed_fastlock(struct rt_mutex *lock, int state, |
1454 |
+ enum rtmutex_chainwalk chwalk)) |
1455 |
+ { |
1456 |
+ if (chwalk == RT_MUTEX_MIN_CHAINWALK && |
1457 |
+- likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) { |
1458 |
+- rt_mutex_deadlock_account_lock(lock, current); |
1459 |
++ likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) |
1460 |
+ return 0; |
1461 |
+- } else |
1462 |
+- return slowfn(lock, state, timeout, chwalk); |
1463 |
++ |
1464 |
++ return slowfn(lock, state, timeout, chwalk); |
1465 |
+ } |
1466 |
+ |
1467 |
+ static inline int |
1468 |
+ rt_mutex_fasttrylock(struct rt_mutex *lock, |
1469 |
+ int (*slowfn)(struct rt_mutex *lock)) |
1470 |
+ { |
1471 |
+- if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) { |
1472 |
+- rt_mutex_deadlock_account_lock(lock, current); |
1473 |
++ if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) |
1474 |
+ return 1; |
1475 |
+- } |
1476 |
++ |
1477 |
+ return slowfn(lock); |
1478 |
+ } |
1479 |
+ |
1480 |
+@@ -1472,19 +1472,18 @@ rt_mutex_fastunlock(struct rt_mutex *lock, |
1481 |
+ struct wake_q_head *wqh)) |
1482 |
+ { |
1483 |
+ WAKE_Q(wake_q); |
1484 |
++ bool deboost; |
1485 |
+ |
1486 |
+- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) { |
1487 |
+- rt_mutex_deadlock_account_unlock(current); |
1488 |
++ if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) |
1489 |
++ return; |
1490 |
+ |
1491 |
+- } else { |
1492 |
+- bool deboost = slowfn(lock, &wake_q); |
1493 |
++ deboost = slowfn(lock, &wake_q); |
1494 |
+ |
1495 |
+- wake_up_q(&wake_q); |
1496 |
++ wake_up_q(&wake_q); |
1497 |
+ |
1498 |
+- /* Undo pi boosting if necessary: */ |
1499 |
+- if (deboost) |
1500 |
+- rt_mutex_adjust_prio(current); |
1501 |
+- } |
1502 |
++ /* Undo pi boosting if necessary: */ |
1503 |
++ if (deboost) |
1504 |
++ rt_mutex_adjust_prio(current); |
1505 |
+ } |
1506 |
+ |
1507 |
+ /** |
1508 |
+@@ -1519,15 +1518,28 @@ EXPORT_SYMBOL_GPL(rt_mutex_lock_interruptible); |
1509 |
+ |
1510 |
+ /* |
1511 |
+ * Futex variant with full deadlock detection. |
1512 |
++ * Futex variants must not use the fast-path, see __rt_mutex_futex_unlock(). |
1513 |
+ */ |
1514 |
+-int rt_mutex_timed_futex_lock(struct rt_mutex *lock, |
1515 |
++int __sched rt_mutex_timed_futex_lock(struct rt_mutex *lock, |
1516 |
+ struct hrtimer_sleeper *timeout) |
1517 |
+ { |
1518 |
+ might_sleep(); |
1519 |
+ |
1520 |
+- return rt_mutex_timed_fastlock(lock, TASK_INTERRUPTIBLE, timeout, |
1521 |
+- RT_MUTEX_FULL_CHAINWALK, |
1522 |
+- rt_mutex_slowlock); |
1523 |
++ return rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE, |
1524 |
++ timeout, RT_MUTEX_FULL_CHAINWALK); |
1525 |
++} |
1526 |
++ |
1527 |
++/* |
1528 |
++ * Futex variant, must not use fastpath. |
1529 |
++ */ |
1530 |
++int __sched rt_mutex_futex_trylock(struct rt_mutex *lock) |
1531 |
++{ |
1532 |
++ return rt_mutex_slowtrylock(lock); |
1533 |
++} |
1534 |
++ |
1535 |
++int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock) |
1536 |
++{ |
1537 |
++ return __rt_mutex_slowtrylock(lock); |
1538 |
+ } |
1539 |
+ |
1540 |
+ /** |
1541 |
+@@ -1586,20 +1598,38 @@ void __sched rt_mutex_unlock(struct rt_mutex *lock) |
1542 |
+ EXPORT_SYMBOL_GPL(rt_mutex_unlock); |
1543 |
+ |
1544 |
+ /** |
1545 |
+- * rt_mutex_futex_unlock - Futex variant of rt_mutex_unlock |
1546 |
+- * @lock: the rt_mutex to be unlocked |
1547 |
+- * |
1548 |
+- * Returns: true/false indicating whether priority adjustment is |
1549 |
+- * required or not. |
1550 |
++ * Futex variant, that since futex variants do not use the fast-path, can be |
1551 |
++ * simple and will not need to retry. |
1552 |
+ */ |
1553 |
+-bool __sched rt_mutex_futex_unlock(struct rt_mutex *lock, |
1554 |
+- struct wake_q_head *wqh) |
1555 |
++bool __sched __rt_mutex_futex_unlock(struct rt_mutex *lock, |
1556 |
++ struct wake_q_head *wake_q) |
1557 |
+ { |
1558 |
+- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) { |
1559 |
+- rt_mutex_deadlock_account_unlock(current); |
1560 |
+- return false; |
1561 |
++ lockdep_assert_held(&lock->wait_lock); |
1562 |
++ |
1563 |
++ debug_rt_mutex_unlock(lock); |
1564 |
++ |
1565 |
++ if (!rt_mutex_has_waiters(lock)) { |
1566 |
++ lock->owner = NULL; |
1567 |
++ return false; /* done */ |
1568 |
++ } |
1569 |
++ |
1570 |
++ mark_wakeup_next_waiter(wake_q, lock); |
1571 |
++ return true; /* deboost and wakeups */ |
1572 |
++} |
1573 |
++ |
1574 |
++void __sched rt_mutex_futex_unlock(struct rt_mutex *lock) |
1575 |
++{ |
1576 |
++ WAKE_Q(wake_q); |
1577 |
++ bool deboost; |
1578 |
++ |
1579 |
++ raw_spin_lock_irq(&lock->wait_lock); |
1580 |
++ deboost = __rt_mutex_futex_unlock(lock, &wake_q); |
1581 |
++ raw_spin_unlock_irq(&lock->wait_lock); |
1582 |
++ |
1583 |
++ if (deboost) { |
1584 |
++ wake_up_q(&wake_q); |
1585 |
++ rt_mutex_adjust_prio(current); |
1586 |
+ } |
1587 |
+- return rt_mutex_slowunlock(lock, wqh); |
1588 |
+ } |
1589 |
+ |
1590 |
+ /** |
1591 |
+@@ -1656,7 +1686,6 @@ void rt_mutex_init_proxy_locked(struct rt_mutex *lock, |
1592 |
+ __rt_mutex_init(lock, NULL); |
1593 |
+ debug_rt_mutex_proxy_lock(lock, proxy_owner); |
1594 |
+ rt_mutex_set_owner(lock, proxy_owner); |
1595 |
+- rt_mutex_deadlock_account_lock(lock, proxy_owner); |
1596 |
+ } |
1597 |
+ |
1598 |
+ /** |
1599 |
+@@ -1667,12 +1696,10 @@ void rt_mutex_init_proxy_locked(struct rt_mutex *lock, |
1600 |
+ * No locking. Caller has to do serializing itself |
1601 |
+ * Special API call for PI-futex support |
1602 |
+ */ |
1603 |
+-void rt_mutex_proxy_unlock(struct rt_mutex *lock, |
1604 |
+- struct task_struct *proxy_owner) |
1605 |
++void rt_mutex_proxy_unlock(struct rt_mutex *lock) |
1606 |
+ { |
1607 |
+ debug_rt_mutex_proxy_unlock(lock); |
1608 |
+ rt_mutex_set_owner(lock, NULL); |
1609 |
+- rt_mutex_deadlock_account_unlock(proxy_owner); |
1610 |
+ } |
1611 |
+ |
1612 |
+ /** |
1613 |
+diff --git a/kernel/locking/rtmutex.h b/kernel/locking/rtmutex.h |
1614 |
+index c4060584c4076..6607802efa8bd 100644 |
1615 |
+--- a/kernel/locking/rtmutex.h |
1616 |
++++ b/kernel/locking/rtmutex.h |
1617 |
+@@ -11,8 +11,6 @@ |
1618 |
+ */ |
1619 |
+ |
1620 |
+ #define rt_mutex_deadlock_check(l) (0) |
1621 |
+-#define rt_mutex_deadlock_account_lock(m, t) do { } while (0) |
1622 |
+-#define rt_mutex_deadlock_account_unlock(l) do { } while (0) |
1623 |
+ #define debug_rt_mutex_init_waiter(w) do { } while (0) |
1624 |
+ #define debug_rt_mutex_free_waiter(w) do { } while (0) |
1625 |
+ #define debug_rt_mutex_lock(l) do { } while (0) |
1626 |
+diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h |
1627 |
+index 14cbafed00142..bea5d677fe343 100644 |
1628 |
+--- a/kernel/locking/rtmutex_common.h |
1629 |
++++ b/kernel/locking/rtmutex_common.h |
1630 |
+@@ -102,8 +102,7 @@ enum rtmutex_chainwalk { |
1631 |
+ extern struct task_struct *rt_mutex_next_owner(struct rt_mutex *lock); |
1632 |
+ extern void rt_mutex_init_proxy_locked(struct rt_mutex *lock, |
1633 |
+ struct task_struct *proxy_owner); |
1634 |
+-extern void rt_mutex_proxy_unlock(struct rt_mutex *lock, |
1635 |
+- struct task_struct *proxy_owner); |
1636 |
++extern void rt_mutex_proxy_unlock(struct rt_mutex *lock); |
1637 |
+ extern int rt_mutex_start_proxy_lock(struct rt_mutex *lock, |
1638 |
+ struct rt_mutex_waiter *waiter, |
1639 |
+ struct task_struct *task); |
1640 |
+@@ -113,8 +112,13 @@ extern int rt_mutex_wait_proxy_lock(struct rt_mutex *lock, |
1641 |
+ extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock, |
1642 |
+ struct rt_mutex_waiter *waiter); |
1643 |
+ extern int rt_mutex_timed_futex_lock(struct rt_mutex *l, struct hrtimer_sleeper *to); |
1644 |
+-extern bool rt_mutex_futex_unlock(struct rt_mutex *lock, |
1645 |
+- struct wake_q_head *wqh); |
1646 |
++extern int rt_mutex_futex_trylock(struct rt_mutex *l); |
1647 |
++extern int __rt_mutex_futex_trylock(struct rt_mutex *l); |
1648 |
++ |
1649 |
++extern void rt_mutex_futex_unlock(struct rt_mutex *lock); |
1650 |
++extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock, |
1651 |
++ struct wake_q_head *wqh); |
1652 |
++ |
1653 |
+ extern void rt_mutex_adjust_prio(struct task_struct *task); |
1654 |
+ |
1655 |
+ #ifdef CONFIG_DEBUG_RT_MUTEXES |
1656 |
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
1657 |
+index 0385c57a2b7af..05ca01ef97f7f 100644 |
1658 |
+--- a/mm/huge_memory.c |
1659 |
++++ b/mm/huge_memory.c |
1660 |
+@@ -1753,7 +1753,7 @@ void __split_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd, |
1661 |
+ spinlock_t *ptl; |
1662 |
+ struct mm_struct *mm = vma->vm_mm; |
1663 |
+ unsigned long haddr = address & HPAGE_PMD_MASK; |
1664 |
+- bool was_locked = false; |
1665 |
++ bool do_unlock_page = false; |
1666 |
+ pmd_t _pmd; |
1667 |
+ |
1668 |
+ mmu_notifier_invalidate_range_start(mm, haddr, haddr + HPAGE_PMD_SIZE); |
1669 |
+@@ -1766,7 +1766,6 @@ void __split_huge_pmd(struct vm_area_struct *vma, pmd_t *pmd, |
1670 |
+ VM_BUG_ON(freeze && !page); |
1671 |
+ if (page) { |
1672 |
+ VM_WARN_ON_ONCE(!PageLocked(page)); |
1673 |
+- was_locked = true; |
1674 |
+ if (page != pmd_page(*pmd)) |
1675 |
+ goto out; |
1676 |
+ } |
1677 |
+@@ -1775,19 +1774,29 @@ repeat: |
1678 |
+ if (pmd_trans_huge(*pmd)) { |
1679 |
+ if (!page) { |
1680 |
+ page = pmd_page(*pmd); |
1681 |
+- if (unlikely(!trylock_page(page))) { |
1682 |
+- get_page(page); |
1683 |
+- _pmd = *pmd; |
1684 |
+- spin_unlock(ptl); |
1685 |
+- lock_page(page); |
1686 |
+- spin_lock(ptl); |
1687 |
+- if (unlikely(!pmd_same(*pmd, _pmd))) { |
1688 |
+- unlock_page(page); |
1689 |
++ /* |
1690 |
++ * An anonymous page must be locked, to ensure that a |
1691 |
++ * concurrent reuse_swap_page() sees stable mapcount; |
1692 |
++ * but reuse_swap_page() is not used on shmem or file, |
1693 |
++ * and page lock must not be taken when zap_pmd_range() |
1694 |
++ * calls __split_huge_pmd() while i_mmap_lock is held. |
1695 |
++ */ |
1696 |
++ if (PageAnon(page)) { |
1697 |
++ if (unlikely(!trylock_page(page))) { |
1698 |
++ get_page(page); |
1699 |
++ _pmd = *pmd; |
1700 |
++ spin_unlock(ptl); |
1701 |
++ lock_page(page); |
1702 |
++ spin_lock(ptl); |
1703 |
++ if (unlikely(!pmd_same(*pmd, _pmd))) { |
1704 |
++ unlock_page(page); |
1705 |
++ put_page(page); |
1706 |
++ page = NULL; |
1707 |
++ goto repeat; |
1708 |
++ } |
1709 |
+ put_page(page); |
1710 |
+- page = NULL; |
1711 |
+- goto repeat; |
1712 |
+ } |
1713 |
+- put_page(page); |
1714 |
++ do_unlock_page = true; |
1715 |
+ } |
1716 |
+ } |
1717 |
+ if (PageMlocked(page)) |
1718 |
+@@ -1797,7 +1806,7 @@ repeat: |
1719 |
+ __split_huge_pmd_locked(vma, pmd, haddr, freeze); |
1720 |
+ out: |
1721 |
+ spin_unlock(ptl); |
1722 |
+- if (!was_locked && page) |
1723 |
++ if (do_unlock_page) |
1724 |
+ unlock_page(page); |
1725 |
+ mmu_notifier_invalidate_range_end(mm, haddr, haddr + HPAGE_PMD_SIZE); |
1726 |
+ } |
1727 |
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
1728 |
+index 52b5e0e026d60..5a16d892c891c 100644 |
1729 |
+--- a/mm/hugetlb.c |
1730 |
++++ b/mm/hugetlb.c |
1731 |
+@@ -1210,12 +1210,11 @@ struct hstate *size_to_hstate(unsigned long size) |
1732 |
+ */ |
1733 |
+ bool page_huge_active(struct page *page) |
1734 |
+ { |
1735 |
+- VM_BUG_ON_PAGE(!PageHuge(page), page); |
1736 |
+- return PageHead(page) && PagePrivate(&page[1]); |
1737 |
++ return PageHeadHuge(page) && PagePrivate(&page[1]); |
1738 |
+ } |
1739 |
+ |
1740 |
+ /* never called for tail page */ |
1741 |
+-static void set_page_huge_active(struct page *page) |
1742 |
++void set_page_huge_active(struct page *page) |
1743 |
+ { |
1744 |
+ VM_BUG_ON_PAGE(!PageHeadHuge(page), page); |
1745 |
+ SetPagePrivate(&page[1]); |
1746 |
+@@ -4657,9 +4656,9 @@ bool isolate_huge_page(struct page *page, struct list_head *list) |
1747 |
+ { |
1748 |
+ bool ret = true; |
1749 |
+ |
1750 |
+- VM_BUG_ON_PAGE(!PageHead(page), page); |
1751 |
+ spin_lock(&hugetlb_lock); |
1752 |
+- if (!page_huge_active(page) || !get_page_unless_zero(page)) { |
1753 |
++ if (!PageHeadHuge(page) || !page_huge_active(page) || |
1754 |
++ !get_page_unless_zero(page)) { |
1755 |
+ ret = false; |
1756 |
+ goto unlock; |
1757 |
+ } |
1758 |
+diff --git a/net/lapb/lapb_out.c b/net/lapb/lapb_out.c |
1759 |
+index 482c94d9d958a..d1c7dcc234486 100644 |
1760 |
+--- a/net/lapb/lapb_out.c |
1761 |
++++ b/net/lapb/lapb_out.c |
1762 |
+@@ -87,7 +87,8 @@ void lapb_kick(struct lapb_cb *lapb) |
1763 |
+ skb = skb_dequeue(&lapb->write_queue); |
1764 |
+ |
1765 |
+ do { |
1766 |
+- if ((skbn = skb_clone(skb, GFP_ATOMIC)) == NULL) { |
1767 |
++ skbn = skb_copy(skb, GFP_ATOMIC); |
1768 |
++ if (!skbn) { |
1769 |
+ skb_queue_head(&lapb->write_queue, skb); |
1770 |
+ break; |
1771 |
+ } |
1772 |
+diff --git a/net/mac80211/driver-ops.c b/net/mac80211/driver-ops.c |
1773 |
+index f783d1377d9a8..9f0f437a09b95 100644 |
1774 |
+--- a/net/mac80211/driver-ops.c |
1775 |
++++ b/net/mac80211/driver-ops.c |
1776 |
+@@ -128,8 +128,11 @@ int drv_sta_state(struct ieee80211_local *local, |
1777 |
+ } else if (old_state == IEEE80211_STA_AUTH && |
1778 |
+ new_state == IEEE80211_STA_ASSOC) { |
1779 |
+ ret = drv_sta_add(local, sdata, &sta->sta); |
1780 |
+- if (ret == 0) |
1781 |
++ if (ret == 0) { |
1782 |
+ sta->uploaded = true; |
1783 |
++ if (rcu_access_pointer(sta->sta.rates)) |
1784 |
++ drv_sta_rate_tbl_update(local, sdata, &sta->sta); |
1785 |
++ } |
1786 |
+ } else if (old_state == IEEE80211_STA_ASSOC && |
1787 |
+ new_state == IEEE80211_STA_AUTH) { |
1788 |
+ drv_sta_remove(local, sdata, &sta->sta); |
1789 |
+diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c |
1790 |
+index e6096dfd02105..41421609a0f02 100644 |
1791 |
+--- a/net/mac80211/rate.c |
1792 |
++++ b/net/mac80211/rate.c |
1793 |
+@@ -892,7 +892,8 @@ int rate_control_set_rates(struct ieee80211_hw *hw, |
1794 |
+ if (old) |
1795 |
+ kfree_rcu(old, rcu_head); |
1796 |
+ |
1797 |
+- drv_sta_rate_tbl_update(hw_to_local(hw), sta->sdata, pubsta); |
1798 |
++ if (sta->uploaded) |
1799 |
++ drv_sta_rate_tbl_update(hw_to_local(hw), sta->sdata, pubsta); |
1800 |
+ |
1801 |
+ return 0; |
1802 |
+ } |
1803 |
+diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c |
1804 |
+index 9be82ed02e0e5..c38d68131d02e 100644 |
1805 |
+--- a/net/mac80211/rx.c |
1806 |
++++ b/net/mac80211/rx.c |
1807 |
+@@ -3802,6 +3802,8 @@ void ieee80211_check_fast_rx(struct sta_info *sta) |
1808 |
+ |
1809 |
+ rcu_read_lock(); |
1810 |
+ key = rcu_dereference(sta->ptk[sta->ptk_idx]); |
1811 |
++ if (!key) |
1812 |
++ key = rcu_dereference(sdata->default_unicast_key); |
1813 |
+ if (key) { |
1814 |
+ switch (key->conf.cipher) { |
1815 |
+ case WLAN_CIPHER_SUITE_TKIP: |
1816 |
+diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c |
1817 |
+index 912ed9b901ac9..45038c837eab4 100644 |
1818 |
+--- a/net/sched/sch_api.c |
1819 |
++++ b/net/sched/sch_api.c |
1820 |
+@@ -393,7 +393,8 @@ struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, |
1821 |
+ { |
1822 |
+ struct qdisc_rate_table *rtab; |
1823 |
+ |
1824 |
+- if (tab == NULL || r->rate == 0 || r->cell_log == 0 || |
1825 |
++ if (tab == NULL || r->rate == 0 || |
1826 |
++ r->cell_log == 0 || r->cell_log >= 32 || |
1827 |
+ nla_len(tab) != TC_RTAB_SIZE) |
1828 |
+ return NULL; |
1829 |
+ |
1830 |
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
1831 |
+index 720de648510dc..b003cb07254a8 100644 |
1832 |
+--- a/sound/pci/hda/patch_realtek.c |
1833 |
++++ b/sound/pci/hda/patch_realtek.c |
1834 |
+@@ -6284,7 +6284,7 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { |
1835 |
+ SND_HDA_PIN_QUIRK(0x10ec0299, 0x1028, "Dell", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE, |
1836 |
+ ALC225_STANDARD_PINS, |
1837 |
+ {0x12, 0xb7a60130}, |
1838 |
+- {0x13, 0xb8a60140}, |
1839 |
++ {0x13, 0xb8a61140}, |
1840 |
+ {0x17, 0x90170110}), |
1841 |
+ {} |
1842 |
+ }; |
1843 |
+diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c |
1844 |
+index d84c28eac262d..0ba5bb51bd93c 100644 |
1845 |
+--- a/tools/objtool/elf.c |
1846 |
++++ b/tools/objtool/elf.c |
1847 |
+@@ -226,8 +226,11 @@ static int read_symbols(struct elf *elf) |
1848 |
+ |
1849 |
+ symtab = find_section_by_name(elf, ".symtab"); |
1850 |
+ if (!symtab) { |
1851 |
+- WARN("missing symbol table"); |
1852 |
+- return -1; |
1853 |
++ /* |
1854 |
++ * A missing symbol table is actually possible if it's an empty |
1855 |
++ * .o file. This can happen for thunk_64.o. |
1856 |
++ */ |
1857 |
++ return 0; |
1858 |
+ } |
1859 |
+ |
1860 |
+ symbols_nr = symtab->sh.sh_size / symtab->sh.sh_entsize; |