1 |
commit: da15fdc8f254f2da7da6a4e9dfa62b88ed14034e |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 9 17:59:26 2020 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 9 17:59:26 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=da15fdc8 |
7 |
|
8 |
Linux patch 4.19.144 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1143_linux-4.19.144.patch | 3925 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 3929 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index f31a3e5..be0a5e0 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -611,6 +611,10 @@ Patch: 1142_linux-4.19.143.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.143 |
23 |
|
24 |
+Patch: 1143_linux-4.19.144.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.144 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1143_linux-4.19.144.patch b/1143_linux-4.19.144.patch |
33 |
new file mode 100644 |
34 |
index 0000000..f86fb4f |
35 |
--- /dev/null |
36 |
+++ b/1143_linux-4.19.144.patch |
37 |
@@ -0,0 +1,3925 @@ |
38 |
+diff --git a/Documentation/filesystems/affs.txt b/Documentation/filesystems/affs.txt |
39 |
+index 71b63c2b98410..a8f1a58e36922 100644 |
40 |
+--- a/Documentation/filesystems/affs.txt |
41 |
++++ b/Documentation/filesystems/affs.txt |
42 |
+@@ -93,13 +93,15 @@ The Amiga protection flags RWEDRWEDHSPARWED are handled as follows: |
43 |
+ |
44 |
+ - R maps to r for user, group and others. On directories, R implies x. |
45 |
+ |
46 |
+- - If both W and D are allowed, w will be set. |
47 |
++ - W maps to w. |
48 |
+ |
49 |
+ - E maps to x. |
50 |
+ |
51 |
+- - H and P are always retained and ignored under Linux. |
52 |
++ - D is ignored. |
53 |
+ |
54 |
+- - A is always reset when a file is written to. |
55 |
++ - H, S and P are always retained and ignored under Linux. |
56 |
++ |
57 |
++ - A is cleared when a file is written to. |
58 |
+ |
59 |
+ User id and group id will be used unless set[gu]id are given as mount |
60 |
+ options. Since most of the Amiga file systems are single user systems |
61 |
+@@ -111,11 +113,13 @@ Linux -> Amiga: |
62 |
+ |
63 |
+ The Linux rwxrwxrwx file mode is handled as follows: |
64 |
+ |
65 |
+- - r permission will set R for user, group and others. |
66 |
++ - r permission will allow R for user, group and others. |
67 |
++ |
68 |
++ - w permission will allow W for user, group and others. |
69 |
+ |
70 |
+- - w permission will set W and D for user, group and others. |
71 |
++ - x permission of the user will allow E for plain files. |
72 |
+ |
73 |
+- - x permission of the user will set E for plain files. |
74 |
++ - D will be allowed for user, group and others. |
75 |
+ |
76 |
+ - All other flags (suid, sgid, ...) are ignored and will |
77 |
+ not be retained. |
78 |
+diff --git a/Makefile b/Makefile |
79 |
+index 6fa3278df77c9..ba9d0b4476e11 100644 |
80 |
+--- a/Makefile |
81 |
++++ b/Makefile |
82 |
+@@ -1,7 +1,7 @@ |
83 |
+ # SPDX-License-Identifier: GPL-2.0 |
84 |
+ VERSION = 4 |
85 |
+ PATCHLEVEL = 19 |
86 |
+-SUBLEVEL = 143 |
87 |
++SUBLEVEL = 144 |
88 |
+ EXTRAVERSION = |
89 |
+ NAME = "People's Front" |
90 |
+ |
91 |
+diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h |
92 |
+index 8b284cbf8162f..a3b6f58d188c9 100644 |
93 |
+--- a/arch/arm64/include/asm/kvm_arm.h |
94 |
++++ b/arch/arm64/include/asm/kvm_arm.h |
95 |
+@@ -83,11 +83,12 @@ |
96 |
+ * IMO: Override CPSR.I and enable signaling with VI |
97 |
+ * FMO: Override CPSR.F and enable signaling with VF |
98 |
+ * SWIO: Turn set/way invalidates into set/way clean+invalidate |
99 |
++ * PTW: Take a stage2 fault if a stage1 walk steps in device memory |
100 |
+ */ |
101 |
+ #define HCR_GUEST_FLAGS (HCR_TSC | HCR_TSW | HCR_TWE | HCR_TWI | HCR_VM | \ |
102 |
+ HCR_TVM | HCR_BSU_IS | HCR_FB | HCR_TAC | \ |
103 |
+ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ |
104 |
+- HCR_FMO | HCR_IMO) |
105 |
++ HCR_FMO | HCR_IMO | HCR_PTW ) |
106 |
+ #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) |
107 |
+ #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK) |
108 |
+ #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) |
109 |
+diff --git a/arch/arm64/include/asm/kvm_asm.h b/arch/arm64/include/asm/kvm_asm.h |
110 |
+index 102b5a5c47b6c..e3c0dba5bddea 100644 |
111 |
+--- a/arch/arm64/include/asm/kvm_asm.h |
112 |
++++ b/arch/arm64/include/asm/kvm_asm.h |
113 |
+@@ -87,6 +87,34 @@ extern u32 __init_stage2_translation(void); |
114 |
+ *__hyp_this_cpu_ptr(sym); \ |
115 |
+ }) |
116 |
+ |
117 |
++#define __KVM_EXTABLE(from, to) \ |
118 |
++ " .pushsection __kvm_ex_table, \"a\"\n" \ |
119 |
++ " .align 3\n" \ |
120 |
++ " .long (" #from " - .), (" #to " - .)\n" \ |
121 |
++ " .popsection\n" |
122 |
++ |
123 |
++ |
124 |
++#define __kvm_at(at_op, addr) \ |
125 |
++( { \ |
126 |
++ int __kvm_at_err = 0; \ |
127 |
++ u64 spsr, elr; \ |
128 |
++ asm volatile( \ |
129 |
++ " mrs %1, spsr_el2\n" \ |
130 |
++ " mrs %2, elr_el2\n" \ |
131 |
++ "1: at "at_op", %3\n" \ |
132 |
++ " isb\n" \ |
133 |
++ " b 9f\n" \ |
134 |
++ "2: msr spsr_el2, %1\n" \ |
135 |
++ " msr elr_el2, %2\n" \ |
136 |
++ " mov %w0, %4\n" \ |
137 |
++ "9:\n" \ |
138 |
++ __KVM_EXTABLE(1b, 2b) \ |
139 |
++ : "+r" (__kvm_at_err), "=&r" (spsr), "=&r" (elr) \ |
140 |
++ : "r" (addr), "i" (-EFAULT)); \ |
141 |
++ __kvm_at_err; \ |
142 |
++} ) |
143 |
++ |
144 |
++ |
145 |
+ #else /* __ASSEMBLY__ */ |
146 |
+ |
147 |
+ .macro hyp_adr_this_cpu reg, sym, tmp |
148 |
+@@ -111,6 +139,21 @@ extern u32 __init_stage2_translation(void); |
149 |
+ kern_hyp_va \vcpu |
150 |
+ .endm |
151 |
+ |
152 |
++/* |
153 |
++ * KVM extable for unexpected exceptions. |
154 |
++ * In the same format _asm_extable, but output to a different section so that |
155 |
++ * it can be mapped to EL2. The KVM version is not sorted. The caller must |
156 |
++ * ensure: |
157 |
++ * x18 has the hypervisor value to allow any Shadow-Call-Stack instrumented |
158 |
++ * code to write to it, and that SPSR_EL2 and ELR_EL2 are restored by the fixup. |
159 |
++ */ |
160 |
++.macro _kvm_extable, from, to |
161 |
++ .pushsection __kvm_ex_table, "a" |
162 |
++ .align 3 |
163 |
++ .long (\from - .), (\to - .) |
164 |
++ .popsection |
165 |
++.endm |
166 |
++ |
167 |
+ #endif |
168 |
+ |
169 |
+ #endif /* __ARM_KVM_ASM_H__ */ |
170 |
+diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S |
171 |
+index d6050c6e65bc1..69e7c8d4a00f6 100644 |
172 |
+--- a/arch/arm64/kernel/vmlinux.lds.S |
173 |
++++ b/arch/arm64/kernel/vmlinux.lds.S |
174 |
+@@ -24,6 +24,13 @@ ENTRY(_text) |
175 |
+ |
176 |
+ jiffies = jiffies_64; |
177 |
+ |
178 |
++ |
179 |
++#define HYPERVISOR_EXTABLE \ |
180 |
++ . = ALIGN(SZ_8); \ |
181 |
++ __start___kvm_ex_table = .; \ |
182 |
++ *(__kvm_ex_table) \ |
183 |
++ __stop___kvm_ex_table = .; |
184 |
++ |
185 |
+ #define HYPERVISOR_TEXT \ |
186 |
+ /* \ |
187 |
+ * Align to 4 KB so that \ |
188 |
+@@ -39,6 +46,7 @@ jiffies = jiffies_64; |
189 |
+ __hyp_idmap_text_end = .; \ |
190 |
+ __hyp_text_start = .; \ |
191 |
+ *(.hyp.text) \ |
192 |
++ HYPERVISOR_EXTABLE \ |
193 |
+ __hyp_text_end = .; |
194 |
+ |
195 |
+ #define IDMAP_TEXT \ |
196 |
+diff --git a/arch/arm64/kvm/hyp/entry.S b/arch/arm64/kvm/hyp/entry.S |
197 |
+index fad1e164fe488..fc83e932afbe3 100644 |
198 |
+--- a/arch/arm64/kvm/hyp/entry.S |
199 |
++++ b/arch/arm64/kvm/hyp/entry.S |
200 |
+@@ -17,6 +17,7 @@ |
201 |
+ |
202 |
+ #include <linux/linkage.h> |
203 |
+ |
204 |
++#include <asm/alternative.h> |
205 |
+ #include <asm/asm-offsets.h> |
206 |
+ #include <asm/assembler.h> |
207 |
+ #include <asm/fpsimdmacros.h> |
208 |
+@@ -62,6 +63,20 @@ ENTRY(__guest_enter) |
209 |
+ // Store the host regs |
210 |
+ save_callee_saved_regs x1 |
211 |
+ |
212 |
++ // Now the host state is stored if we have a pending RAS SError it must |
213 |
++ // affect the host. If any asynchronous exception is pending we defer |
214 |
++ // the guest entry. The DSB isn't necessary before v8.2 as any SError |
215 |
++ // would be fatal. |
216 |
++alternative_if ARM64_HAS_RAS_EXTN |
217 |
++ dsb nshst |
218 |
++ isb |
219 |
++alternative_else_nop_endif |
220 |
++ mrs x1, isr_el1 |
221 |
++ cbz x1, 1f |
222 |
++ mov x0, #ARM_EXCEPTION_IRQ |
223 |
++ ret |
224 |
++ |
225 |
++1: |
226 |
+ add x18, x0, #VCPU_CONTEXT |
227 |
+ |
228 |
+ // Restore guest regs x0-x17 |
229 |
+@@ -148,18 +163,22 @@ alternative_endif |
230 |
+ // This is our single instruction exception window. A pending |
231 |
+ // SError is guaranteed to occur at the earliest when we unmask |
232 |
+ // it, and at the latest just after the ISB. |
233 |
+- .global abort_guest_exit_start |
234 |
+ abort_guest_exit_start: |
235 |
+ |
236 |
+ isb |
237 |
+ |
238 |
+- .global abort_guest_exit_end |
239 |
+ abort_guest_exit_end: |
240 |
++ msr daifset, #4 // Mask aborts |
241 |
++ ret |
242 |
++ |
243 |
++ _kvm_extable abort_guest_exit_start, 9997f |
244 |
++ _kvm_extable abort_guest_exit_end, 9997f |
245 |
++9997: |
246 |
++ msr daifset, #4 // Mask aborts |
247 |
++ mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT) |
248 |
+ |
249 |
+- // If the exception took place, restore the EL1 exception |
250 |
+- // context so that we can report some information. |
251 |
+- // Merge the exception code with the SError pending bit. |
252 |
+- tbz x0, #ARM_EXIT_WITH_SERROR_BIT, 1f |
253 |
++ // restore the EL1 exception context so that we can report some |
254 |
++ // information. Merge the exception code with the SError pending bit. |
255 |
+ msr elr_el2, x2 |
256 |
+ msr esr_el2, x3 |
257 |
+ msr spsr_el2, x4 |
258 |
+diff --git a/arch/arm64/kvm/hyp/hyp-entry.S b/arch/arm64/kvm/hyp/hyp-entry.S |
259 |
+index 24b4fbafe3e4a..ea063312bca18 100644 |
260 |
+--- a/arch/arm64/kvm/hyp/hyp-entry.S |
261 |
++++ b/arch/arm64/kvm/hyp/hyp-entry.S |
262 |
+@@ -26,6 +26,30 @@ |
263 |
+ #include <asm/kvm_mmu.h> |
264 |
+ #include <asm/mmu.h> |
265 |
+ |
266 |
++.macro save_caller_saved_regs_vect |
267 |
++ /* x0 and x1 were saved in the vector entry */ |
268 |
++ stp x2, x3, [sp, #-16]! |
269 |
++ stp x4, x5, [sp, #-16]! |
270 |
++ stp x6, x7, [sp, #-16]! |
271 |
++ stp x8, x9, [sp, #-16]! |
272 |
++ stp x10, x11, [sp, #-16]! |
273 |
++ stp x12, x13, [sp, #-16]! |
274 |
++ stp x14, x15, [sp, #-16]! |
275 |
++ stp x16, x17, [sp, #-16]! |
276 |
++.endm |
277 |
++ |
278 |
++.macro restore_caller_saved_regs_vect |
279 |
++ ldp x16, x17, [sp], #16 |
280 |
++ ldp x14, x15, [sp], #16 |
281 |
++ ldp x12, x13, [sp], #16 |
282 |
++ ldp x10, x11, [sp], #16 |
283 |
++ ldp x8, x9, [sp], #16 |
284 |
++ ldp x6, x7, [sp], #16 |
285 |
++ ldp x4, x5, [sp], #16 |
286 |
++ ldp x2, x3, [sp], #16 |
287 |
++ ldp x0, x1, [sp], #16 |
288 |
++.endm |
289 |
++ |
290 |
+ .text |
291 |
+ .pushsection .hyp.text, "ax" |
292 |
+ |
293 |
+@@ -162,28 +186,24 @@ el1_error: |
294 |
+ mov x0, #ARM_EXCEPTION_EL1_SERROR |
295 |
+ b __guest_exit |
296 |
+ |
297 |
++el2_sync: |
298 |
++ save_caller_saved_regs_vect |
299 |
++ stp x29, x30, [sp, #-16]! |
300 |
++ bl kvm_unexpected_el2_exception |
301 |
++ ldp x29, x30, [sp], #16 |
302 |
++ restore_caller_saved_regs_vect |
303 |
++ |
304 |
++ eret |
305 |
++ |
306 |
+ el2_error: |
307 |
+- ldp x0, x1, [sp], #16 |
308 |
++ save_caller_saved_regs_vect |
309 |
++ stp x29, x30, [sp, #-16]! |
310 |
++ |
311 |
++ bl kvm_unexpected_el2_exception |
312 |
++ |
313 |
++ ldp x29, x30, [sp], #16 |
314 |
++ restore_caller_saved_regs_vect |
315 |
+ |
316 |
+- /* |
317 |
+- * Only two possibilities: |
318 |
+- * 1) Either we come from the exit path, having just unmasked |
319 |
+- * PSTATE.A: change the return code to an EL2 fault, and |
320 |
+- * carry on, as we're already in a sane state to handle it. |
321 |
+- * 2) Or we come from anywhere else, and that's a bug: we panic. |
322 |
+- * |
323 |
+- * For (1), x0 contains the original return code and x1 doesn't |
324 |
+- * contain anything meaningful at that stage. We can reuse them |
325 |
+- * as temp registers. |
326 |
+- * For (2), who cares? |
327 |
+- */ |
328 |
+- mrs x0, elr_el2 |
329 |
+- adr x1, abort_guest_exit_start |
330 |
+- cmp x0, x1 |
331 |
+- adr x1, abort_guest_exit_end |
332 |
+- ccmp x0, x1, #4, ne |
333 |
+- b.ne __hyp_panic |
334 |
+- mov x0, #(1 << ARM_EXIT_WITH_SERROR_BIT) |
335 |
+ eret |
336 |
+ |
337 |
+ ENTRY(__hyp_do_panic) |
338 |
+@@ -212,7 +232,6 @@ ENDPROC(\label) |
339 |
+ invalid_vector el2t_irq_invalid |
340 |
+ invalid_vector el2t_fiq_invalid |
341 |
+ invalid_vector el2t_error_invalid |
342 |
+- invalid_vector el2h_sync_invalid |
343 |
+ invalid_vector el2h_irq_invalid |
344 |
+ invalid_vector el2h_fiq_invalid |
345 |
+ invalid_vector el1_fiq_invalid |
346 |
+@@ -240,7 +259,7 @@ ENTRY(__kvm_hyp_vector) |
347 |
+ invalid_vect el2t_fiq_invalid // FIQ EL2t |
348 |
+ invalid_vect el2t_error_invalid // Error EL2t |
349 |
+ |
350 |
+- invalid_vect el2h_sync_invalid // Synchronous EL2h |
351 |
++ valid_vect el2_sync // Synchronous EL2h |
352 |
+ invalid_vect el2h_irq_invalid // IRQ EL2h |
353 |
+ invalid_vect el2h_fiq_invalid // FIQ EL2h |
354 |
+ valid_vect el2_error // Error EL2h |
355 |
+diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c |
356 |
+index 3cdefd84af545..f146bff53edf9 100644 |
357 |
+--- a/arch/arm64/kvm/hyp/switch.c |
358 |
++++ b/arch/arm64/kvm/hyp/switch.c |
359 |
+@@ -23,6 +23,7 @@ |
360 |
+ #include <kvm/arm_psci.h> |
361 |
+ |
362 |
+ #include <asm/cpufeature.h> |
363 |
++#include <asm/extable.h> |
364 |
+ #include <asm/kprobes.h> |
365 |
+ #include <asm/kvm_asm.h> |
366 |
+ #include <asm/kvm_emulate.h> |
367 |
+@@ -34,6 +35,9 @@ |
368 |
+ #include <asm/processor.h> |
369 |
+ #include <asm/thread_info.h> |
370 |
+ |
371 |
++extern struct exception_table_entry __start___kvm_ex_table; |
372 |
++extern struct exception_table_entry __stop___kvm_ex_table; |
373 |
++ |
374 |
+ /* Check whether the FP regs were dirtied while in the host-side run loop: */ |
375 |
+ static bool __hyp_text update_fp_enabled(struct kvm_vcpu *vcpu) |
376 |
+ { |
377 |
+@@ -264,10 +268,10 @@ static bool __hyp_text __translate_far_to_hpfar(u64 far, u64 *hpfar) |
378 |
+ * saved the guest context yet, and we may return early... |
379 |
+ */ |
380 |
+ par = read_sysreg(par_el1); |
381 |
+- asm volatile("at s1e1r, %0" : : "r" (far)); |
382 |
+- isb(); |
383 |
+- |
384 |
+- tmp = read_sysreg(par_el1); |
385 |
++ if (!__kvm_at("s1e1r", far)) |
386 |
++ tmp = read_sysreg(par_el1); |
387 |
++ else |
388 |
++ tmp = 1; /* back to the guest */ |
389 |
+ write_sysreg(par, par_el1); |
390 |
+ |
391 |
+ if (unlikely(tmp & 1)) |
392 |
+@@ -663,3 +667,30 @@ void __hyp_text __noreturn hyp_panic(struct kvm_cpu_context *host_ctxt) |
393 |
+ |
394 |
+ unreachable(); |
395 |
+ } |
396 |
++ |
397 |
++asmlinkage void __hyp_text kvm_unexpected_el2_exception(void) |
398 |
++{ |
399 |
++ unsigned long addr, fixup; |
400 |
++ struct kvm_cpu_context *host_ctxt; |
401 |
++ struct exception_table_entry *entry, *end; |
402 |
++ unsigned long elr_el2 = read_sysreg(elr_el2); |
403 |
++ |
404 |
++ entry = hyp_symbol_addr(__start___kvm_ex_table); |
405 |
++ end = hyp_symbol_addr(__stop___kvm_ex_table); |
406 |
++ host_ctxt = __hyp_this_cpu_ptr(kvm_host_cpu_state); |
407 |
++ |
408 |
++ while (entry < end) { |
409 |
++ addr = (unsigned long)&entry->insn + entry->insn; |
410 |
++ fixup = (unsigned long)&entry->fixup + entry->fixup; |
411 |
++ |
412 |
++ if (addr != elr_el2) { |
413 |
++ entry++; |
414 |
++ continue; |
415 |
++ } |
416 |
++ |
417 |
++ write_sysreg(fixup, elr_el2); |
418 |
++ return; |
419 |
++ } |
420 |
++ |
421 |
++ hyp_panic(host_ctxt); |
422 |
++} |
423 |
+diff --git a/arch/mips/kernel/smp-bmips.c b/arch/mips/kernel/smp-bmips.c |
424 |
+index 5ec546b5eed1c..d16e6654a6555 100644 |
425 |
+--- a/arch/mips/kernel/smp-bmips.c |
426 |
++++ b/arch/mips/kernel/smp-bmips.c |
427 |
+@@ -240,6 +240,8 @@ static int bmips_boot_secondary(int cpu, struct task_struct *idle) |
428 |
+ */ |
429 |
+ static void bmips_init_secondary(void) |
430 |
+ { |
431 |
++ bmips_cpu_setup(); |
432 |
++ |
433 |
+ switch (current_cpu_type()) { |
434 |
+ case CPU_BMIPS4350: |
435 |
+ case CPU_BMIPS4380: |
436 |
+diff --git a/arch/mips/mm/c-r4k.c b/arch/mips/mm/c-r4k.c |
437 |
+index 05a539d3a5970..7650edd5cf7ff 100644 |
438 |
+--- a/arch/mips/mm/c-r4k.c |
439 |
++++ b/arch/mips/mm/c-r4k.c |
440 |
+@@ -1789,7 +1789,11 @@ static void setup_scache(void) |
441 |
+ printk("MIPS secondary cache %ldkB, %s, linesize %d bytes.\n", |
442 |
+ scache_size >> 10, |
443 |
+ way_string[c->scache.ways], c->scache.linesz); |
444 |
++ |
445 |
++ if (current_cpu_type() == CPU_BMIPS5000) |
446 |
++ c->options |= MIPS_CPU_INCLUSIVE_CACHES; |
447 |
+ } |
448 |
++ |
449 |
+ #else |
450 |
+ if (!(c->scache.flags & MIPS_CACHE_NOT_PRESENT)) |
451 |
+ panic("Dunno how to handle MIPS32 / MIPS64 second level cache"); |
452 |
+diff --git a/arch/s390/include/asm/percpu.h b/arch/s390/include/asm/percpu.h |
453 |
+index 0095ddb58ff69..50f6661ba5664 100644 |
454 |
+--- a/arch/s390/include/asm/percpu.h |
455 |
++++ b/arch/s390/include/asm/percpu.h |
456 |
+@@ -29,7 +29,7 @@ |
457 |
+ typedef typeof(pcp) pcp_op_T__; \ |
458 |
+ pcp_op_T__ old__, new__, prev__; \ |
459 |
+ pcp_op_T__ *ptr__; \ |
460 |
+- preempt_disable(); \ |
461 |
++ preempt_disable_notrace(); \ |
462 |
+ ptr__ = raw_cpu_ptr(&(pcp)); \ |
463 |
+ prev__ = *ptr__; \ |
464 |
+ do { \ |
465 |
+@@ -37,7 +37,7 @@ |
466 |
+ new__ = old__ op (val); \ |
467 |
+ prev__ = cmpxchg(ptr__, old__, new__); \ |
468 |
+ } while (prev__ != old__); \ |
469 |
+- preempt_enable(); \ |
470 |
++ preempt_enable_notrace(); \ |
471 |
+ new__; \ |
472 |
+ }) |
473 |
+ |
474 |
+@@ -68,7 +68,7 @@ |
475 |
+ typedef typeof(pcp) pcp_op_T__; \ |
476 |
+ pcp_op_T__ val__ = (val); \ |
477 |
+ pcp_op_T__ old__, *ptr__; \ |
478 |
+- preempt_disable(); \ |
479 |
++ preempt_disable_notrace(); \ |
480 |
+ ptr__ = raw_cpu_ptr(&(pcp)); \ |
481 |
+ if (__builtin_constant_p(val__) && \ |
482 |
+ ((szcast)val__ > -129) && ((szcast)val__ < 128)) { \ |
483 |
+@@ -84,7 +84,7 @@ |
484 |
+ : [val__] "d" (val__) \ |
485 |
+ : "cc"); \ |
486 |
+ } \ |
487 |
+- preempt_enable(); \ |
488 |
++ preempt_enable_notrace(); \ |
489 |
+ } |
490 |
+ |
491 |
+ #define this_cpu_add_4(pcp, val) arch_this_cpu_add(pcp, val, "laa", "asi", int) |
492 |
+@@ -95,14 +95,14 @@ |
493 |
+ typedef typeof(pcp) pcp_op_T__; \ |
494 |
+ pcp_op_T__ val__ = (val); \ |
495 |
+ pcp_op_T__ old__, *ptr__; \ |
496 |
+- preempt_disable(); \ |
497 |
++ preempt_disable_notrace(); \ |
498 |
+ ptr__ = raw_cpu_ptr(&(pcp)); \ |
499 |
+ asm volatile( \ |
500 |
+ op " %[old__],%[val__],%[ptr__]\n" \ |
501 |
+ : [old__] "=d" (old__), [ptr__] "+Q" (*ptr__) \ |
502 |
+ : [val__] "d" (val__) \ |
503 |
+ : "cc"); \ |
504 |
+- preempt_enable(); \ |
505 |
++ preempt_enable_notrace(); \ |
506 |
+ old__ + val__; \ |
507 |
+ }) |
508 |
+ |
509 |
+@@ -114,14 +114,14 @@ |
510 |
+ typedef typeof(pcp) pcp_op_T__; \ |
511 |
+ pcp_op_T__ val__ = (val); \ |
512 |
+ pcp_op_T__ old__, *ptr__; \ |
513 |
+- preempt_disable(); \ |
514 |
++ preempt_disable_notrace(); \ |
515 |
+ ptr__ = raw_cpu_ptr(&(pcp)); \ |
516 |
+ asm volatile( \ |
517 |
+ op " %[old__],%[val__],%[ptr__]\n" \ |
518 |
+ : [old__] "=d" (old__), [ptr__] "+Q" (*ptr__) \ |
519 |
+ : [val__] "d" (val__) \ |
520 |
+ : "cc"); \ |
521 |
+- preempt_enable(); \ |
522 |
++ preempt_enable_notrace(); \ |
523 |
+ } |
524 |
+ |
525 |
+ #define this_cpu_and_4(pcp, val) arch_this_cpu_to_op(pcp, val, "lan") |
526 |
+@@ -136,10 +136,10 @@ |
527 |
+ typedef typeof(pcp) pcp_op_T__; \ |
528 |
+ pcp_op_T__ ret__; \ |
529 |
+ pcp_op_T__ *ptr__; \ |
530 |
+- preempt_disable(); \ |
531 |
++ preempt_disable_notrace(); \ |
532 |
+ ptr__ = raw_cpu_ptr(&(pcp)); \ |
533 |
+ ret__ = cmpxchg(ptr__, oval, nval); \ |
534 |
+- preempt_enable(); \ |
535 |
++ preempt_enable_notrace(); \ |
536 |
+ ret__; \ |
537 |
+ }) |
538 |
+ |
539 |
+@@ -152,10 +152,10 @@ |
540 |
+ ({ \ |
541 |
+ typeof(pcp) *ptr__; \ |
542 |
+ typeof(pcp) ret__; \ |
543 |
+- preempt_disable(); \ |
544 |
++ preempt_disable_notrace(); \ |
545 |
+ ptr__ = raw_cpu_ptr(&(pcp)); \ |
546 |
+ ret__ = xchg(ptr__, nval); \ |
547 |
+- preempt_enable(); \ |
548 |
++ preempt_enable_notrace(); \ |
549 |
+ ret__; \ |
550 |
+ }) |
551 |
+ |
552 |
+@@ -171,11 +171,11 @@ |
553 |
+ typeof(pcp1) *p1__; \ |
554 |
+ typeof(pcp2) *p2__; \ |
555 |
+ int ret__; \ |
556 |
+- preempt_disable(); \ |
557 |
++ preempt_disable_notrace(); \ |
558 |
+ p1__ = raw_cpu_ptr(&(pcp1)); \ |
559 |
+ p2__ = raw_cpu_ptr(&(pcp2)); \ |
560 |
+ ret__ = __cmpxchg_double(p1__, p2__, o1__, o2__, n1__, n2__); \ |
561 |
+- preempt_enable(); \ |
562 |
++ preempt_enable_notrace(); \ |
563 |
+ ret__; \ |
564 |
+ }) |
565 |
+ |
566 |
+diff --git a/arch/x86/mm/numa_emulation.c b/arch/x86/mm/numa_emulation.c |
567 |
+index d71d72cf6c666..4686757a74d75 100644 |
568 |
+--- a/arch/x86/mm/numa_emulation.c |
569 |
++++ b/arch/x86/mm/numa_emulation.c |
570 |
+@@ -322,7 +322,7 @@ static int __init split_nodes_size_interleave(struct numa_meminfo *ei, |
571 |
+ u64 addr, u64 max_addr, u64 size) |
572 |
+ { |
573 |
+ return split_nodes_size_interleave_uniform(ei, pi, addr, max_addr, size, |
574 |
+- 0, NULL, NUMA_NO_NODE); |
575 |
++ 0, NULL, 0); |
576 |
+ } |
577 |
+ |
578 |
+ int __init setup_emu2phys_nid(int *dfl_phys_nid) |
579 |
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
580 |
+index 6b372fa583822..fead7243930c0 100644 |
581 |
+--- a/drivers/ata/libata-core.c |
582 |
++++ b/drivers/ata/libata-core.c |
583 |
+@@ -4492,9 +4492,8 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { |
584 |
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=15573 */ |
585 |
+ { "C300-CTFDDAC128MAG", "0001", ATA_HORKAGE_NONCQ, }, |
586 |
+ |
587 |
+- /* Some Sandisk SSDs lock up hard with NCQ enabled. Reported on |
588 |
+- SD7SN6S256G and SD8SN8U256G */ |
589 |
+- { "SanDisk SD[78]SN*G", NULL, ATA_HORKAGE_NONCQ, }, |
590 |
++ /* Sandisk SD7/8/9s lock up hard on large trims */ |
591 |
++ { "SanDisk SD[789]*", NULL, ATA_HORKAGE_MAX_TRIM_128M, }, |
592 |
+ |
593 |
+ /* devices which puke on READ_NATIVE_MAX */ |
594 |
+ { "HDS724040KLSA80", "KFAOA20N", ATA_HORKAGE_BROKEN_HPA, }, |
595 |
+diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c |
596 |
+index 6c2c2b07f029e..e7af41d95490d 100644 |
597 |
+--- a/drivers/ata/libata-scsi.c |
598 |
++++ b/drivers/ata/libata-scsi.c |
599 |
+@@ -2391,6 +2391,7 @@ static unsigned int ata_scsiop_inq_89(struct ata_scsi_args *args, u8 *rbuf) |
600 |
+ |
601 |
+ static unsigned int ata_scsiop_inq_b0(struct ata_scsi_args *args, u8 *rbuf) |
602 |
+ { |
603 |
++ struct ata_device *dev = args->dev; |
604 |
+ u16 min_io_sectors; |
605 |
+ |
606 |
+ rbuf[1] = 0xb0; |
607 |
+@@ -2416,7 +2417,12 @@ static unsigned int ata_scsiop_inq_b0(struct ata_scsi_args *args, u8 *rbuf) |
608 |
+ * with the unmap bit set. |
609 |
+ */ |
610 |
+ if (ata_id_has_trim(args->id)) { |
611 |
+- put_unaligned_be64(65535 * ATA_MAX_TRIM_RNUM, &rbuf[36]); |
612 |
++ u64 max_blocks = 65535 * ATA_MAX_TRIM_RNUM; |
613 |
++ |
614 |
++ if (dev->horkage & ATA_HORKAGE_MAX_TRIM_128M) |
615 |
++ max_blocks = 128 << (20 - SECTOR_SHIFT); |
616 |
++ |
617 |
++ put_unaligned_be64(max_blocks, &rbuf[36]); |
618 |
+ put_unaligned_be32(1, &rbuf[28]); |
619 |
+ } |
620 |
+ |
621 |
+diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c |
622 |
+index 6df894d65d9e2..2d182dc1b49ed 100644 |
623 |
+--- a/drivers/cpuidle/cpuidle.c |
624 |
++++ b/drivers/cpuidle/cpuidle.c |
625 |
+@@ -148,7 +148,8 @@ static void enter_s2idle_proper(struct cpuidle_driver *drv, |
626 |
+ */ |
627 |
+ stop_critical_timings(); |
628 |
+ drv->states[index].enter_s2idle(dev, drv, index); |
629 |
+- WARN_ON(!irqs_disabled()); |
630 |
++ if (WARN_ON_ONCE(!irqs_disabled())) |
631 |
++ local_irq_disable(); |
632 |
+ /* |
633 |
+ * timekeeping_resume() that will be called by tick_unfreeze() for the |
634 |
+ * first CPU executing it calls functions containing RCU read-side |
635 |
+diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c |
636 |
+index dbc51154f1229..86427f6ba78cb 100644 |
637 |
+--- a/drivers/dma/at_hdmac.c |
638 |
++++ b/drivers/dma/at_hdmac.c |
639 |
+@@ -1677,6 +1677,8 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, |
640 |
+ return NULL; |
641 |
+ |
642 |
+ dmac_pdev = of_find_device_by_node(dma_spec->np); |
643 |
++ if (!dmac_pdev) |
644 |
++ return NULL; |
645 |
+ |
646 |
+ dma_cap_zero(mask); |
647 |
+ dma_cap_set(DMA_SLAVE, mask); |
648 |
+diff --git a/drivers/dma/of-dma.c b/drivers/dma/of-dma.c |
649 |
+index 91fd395c90c4c..8344a60c2131b 100644 |
650 |
+--- a/drivers/dma/of-dma.c |
651 |
++++ b/drivers/dma/of-dma.c |
652 |
+@@ -72,12 +72,12 @@ static struct dma_chan *of_dma_router_xlate(struct of_phandle_args *dma_spec, |
653 |
+ return NULL; |
654 |
+ |
655 |
+ chan = ofdma_target->of_dma_xlate(&dma_spec_target, ofdma_target); |
656 |
+- if (chan) { |
657 |
+- chan->router = ofdma->dma_router; |
658 |
+- chan->route_data = route_data; |
659 |
+- } else { |
660 |
++ if (IS_ERR_OR_NULL(chan)) { |
661 |
+ ofdma->dma_router->route_free(ofdma->dma_router->dev, |
662 |
+ route_data); |
663 |
++ } else { |
664 |
++ chan->router = ofdma->dma_router; |
665 |
++ chan->route_data = route_data; |
666 |
+ } |
667 |
+ |
668 |
+ /* |
669 |
+diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c |
670 |
+index bc8050c025b7b..c564df713efc3 100644 |
671 |
+--- a/drivers/dma/pl330.c |
672 |
++++ b/drivers/dma/pl330.c |
673 |
+@@ -2769,6 +2769,7 @@ pl330_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dst, |
674 |
+ while (burst != (1 << desc->rqcfg.brst_size)) |
675 |
+ desc->rqcfg.brst_size++; |
676 |
+ |
677 |
++ desc->rqcfg.brst_len = get_burst_len(desc, len); |
678 |
+ /* |
679 |
+ * If burst size is smaller than bus width then make sure we only |
680 |
+ * transfer one at a time to avoid a burst stradling an MFIFO entry. |
681 |
+@@ -2776,7 +2777,6 @@ pl330_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t dst, |
682 |
+ if (desc->rqcfg.brst_size * 8 < pl330->pcfg.data_bus_width) |
683 |
+ desc->rqcfg.brst_len = 1; |
684 |
+ |
685 |
+- desc->rqcfg.brst_len = get_burst_len(desc, len); |
686 |
+ desc->bytes_requested = len; |
687 |
+ |
688 |
+ desc->txd.flags = flags; |
689 |
+diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c |
690 |
+index 9cde79a7335c8..739ca9c2081a6 100644 |
691 |
+--- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c |
692 |
++++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c |
693 |
+@@ -117,12 +117,22 @@ static int a6xx_gmu_start(struct a6xx_gmu *gmu) |
694 |
+ { |
695 |
+ int ret; |
696 |
+ u32 val; |
697 |
++ u32 mask, reset_val; |
698 |
++ |
699 |
++ val = gmu_read(gmu, REG_A6XX_GMU_CM3_DTCM_START + 0xff8); |
700 |
++ if (val <= 0x20010004) { |
701 |
++ mask = 0xffffffff; |
702 |
++ reset_val = 0xbabeface; |
703 |
++ } else { |
704 |
++ mask = 0x1ff; |
705 |
++ reset_val = 0x100; |
706 |
++ } |
707 |
+ |
708 |
+ gmu_write(gmu, REG_A6XX_GMU_CM3_SYSRESET, 1); |
709 |
+ gmu_write(gmu, REG_A6XX_GMU_CM3_SYSRESET, 0); |
710 |
+ |
711 |
+ ret = gmu_poll_timeout(gmu, REG_A6XX_GMU_CM3_FW_INIT_RESULT, val, |
712 |
+- val == 0xbabeface, 100, 10000); |
713 |
++ (val & mask) == reset_val, 100, 10000); |
714 |
+ |
715 |
+ if (ret) |
716 |
+ dev_err(gmu->dev, "GMU firmware initialization timed out\n"); |
717 |
+diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c |
718 |
+index 6f81de85fb860..7f45486b6650b 100644 |
719 |
+--- a/drivers/gpu/drm/msm/msm_drv.c |
720 |
++++ b/drivers/gpu/drm/msm/msm_drv.c |
721 |
+@@ -1358,6 +1358,13 @@ static int msm_pdev_remove(struct platform_device *pdev) |
722 |
+ return 0; |
723 |
+ } |
724 |
+ |
725 |
++static void msm_pdev_shutdown(struct platform_device *pdev) |
726 |
++{ |
727 |
++ struct drm_device *drm = platform_get_drvdata(pdev); |
728 |
++ |
729 |
++ drm_atomic_helper_shutdown(drm); |
730 |
++} |
731 |
++ |
732 |
+ static const struct of_device_id dt_match[] = { |
733 |
+ { .compatible = "qcom,mdp4", .data = (void *)KMS_MDP4 }, |
734 |
+ { .compatible = "qcom,mdss", .data = (void *)KMS_MDP5 }, |
735 |
+@@ -1369,6 +1376,7 @@ MODULE_DEVICE_TABLE(of, dt_match); |
736 |
+ static struct platform_driver msm_platform_driver = { |
737 |
+ .probe = msm_pdev_probe, |
738 |
+ .remove = msm_pdev_remove, |
739 |
++ .shutdown = msm_pdev_shutdown, |
740 |
+ .driver = { |
741 |
+ .name = "msm", |
742 |
+ .of_match_table = dt_match, |
743 |
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
744 |
+index 2c85d075daee1..05122167d9d85 100644 |
745 |
+--- a/drivers/hid/hid-core.c |
746 |
++++ b/drivers/hid/hid-core.c |
747 |
+@@ -1425,6 +1425,17 @@ static void hid_output_field(const struct hid_device *hid, |
748 |
+ } |
749 |
+ } |
750 |
+ |
751 |
++/* |
752 |
++ * Compute the size of a report. |
753 |
++ */ |
754 |
++static size_t hid_compute_report_size(struct hid_report *report) |
755 |
++{ |
756 |
++ if (report->size) |
757 |
++ return ((report->size - 1) >> 3) + 1; |
758 |
++ |
759 |
++ return 0; |
760 |
++} |
761 |
++ |
762 |
+ /* |
763 |
+ * Create a report. 'data' has to be allocated using |
764 |
+ * hid_alloc_report_buf() so that it has proper size. |
765 |
+@@ -1437,7 +1448,7 @@ void hid_output_report(struct hid_report *report, __u8 *data) |
766 |
+ if (report->id > 0) |
767 |
+ *data++ = report->id; |
768 |
+ |
769 |
+- memset(data, 0, ((report->size - 1) >> 3) + 1); |
770 |
++ memset(data, 0, hid_compute_report_size(report)); |
771 |
+ for (n = 0; n < report->maxfield; n++) |
772 |
+ hid_output_field(report->device, report->field[n], data); |
773 |
+ } |
774 |
+@@ -1564,7 +1575,7 @@ int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size, |
775 |
+ csize--; |
776 |
+ } |
777 |
+ |
778 |
+- rsize = ((report->size - 1) >> 3) + 1; |
779 |
++ rsize = hid_compute_report_size(report); |
780 |
+ |
781 |
+ if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE) |
782 |
+ rsize = HID_MAX_BUFFER_SIZE - 1; |
783 |
+diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c |
784 |
+index 51bfe23d00bc5..a9da1526c40ae 100644 |
785 |
+--- a/drivers/hid/hid-input.c |
786 |
++++ b/drivers/hid/hid-input.c |
787 |
+@@ -1125,6 +1125,10 @@ static void hidinput_configure_usage(struct hid_input *hidinput, struct hid_fiel |
788 |
+ } |
789 |
+ |
790 |
+ mapped: |
791 |
++ /* Mapping failed, bail out */ |
792 |
++ if (!bit) |
793 |
++ return; |
794 |
++ |
795 |
+ if (device->driver->input_mapped && |
796 |
+ device->driver->input_mapped(device, hidinput, field, usage, |
797 |
+ &bit, &max) < 0) { |
798 |
+diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c |
799 |
+index 8baf10beb1d5d..ccda72f748ee5 100644 |
800 |
+--- a/drivers/hid/hid-multitouch.c |
801 |
++++ b/drivers/hid/hid-multitouch.c |
802 |
+@@ -841,6 +841,8 @@ static int mt_touch_input_mapping(struct hid_device *hdev, struct hid_input *hi, |
803 |
+ code = BTN_0 + ((usage->hid - 1) & HID_USAGE); |
804 |
+ |
805 |
+ hid_map_usage(hi, usage, bit, max, EV_KEY, code); |
806 |
++ if (!*bit) |
807 |
++ return -1; |
808 |
+ input_set_capability(hi->input, EV_KEY, code); |
809 |
+ return 1; |
810 |
+ |
811 |
+diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c |
812 |
+index 5c677ba440143..b201129a9beae 100644 |
813 |
+--- a/drivers/hwmon/applesmc.c |
814 |
++++ b/drivers/hwmon/applesmc.c |
815 |
+@@ -760,15 +760,18 @@ static ssize_t applesmc_light_show(struct device *dev, |
816 |
+ } |
817 |
+ |
818 |
+ ret = applesmc_read_key(LIGHT_SENSOR_LEFT_KEY, buffer, data_length); |
819 |
++ if (ret) |
820 |
++ goto out; |
821 |
+ /* newer macbooks report a single 10-bit bigendian value */ |
822 |
+ if (data_length == 10) { |
823 |
+ left = be16_to_cpu(*(__be16 *)(buffer + 6)) >> 2; |
824 |
+ goto out; |
825 |
+ } |
826 |
+ left = buffer[2]; |
827 |
++ |
828 |
++ ret = applesmc_read_key(LIGHT_SENSOR_RIGHT_KEY, buffer, data_length); |
829 |
+ if (ret) |
830 |
+ goto out; |
831 |
+- ret = applesmc_read_key(LIGHT_SENSOR_RIGHT_KEY, buffer, data_length); |
832 |
+ right = buffer[2]; |
833 |
+ |
834 |
+ out: |
835 |
+@@ -817,12 +820,11 @@ static ssize_t applesmc_show_fan_speed(struct device *dev, |
836 |
+ to_index(attr)); |
837 |
+ |
838 |
+ ret = applesmc_read_key(newkey, buffer, 2); |
839 |
+- speed = ((buffer[0] << 8 | buffer[1]) >> 2); |
840 |
+- |
841 |
+ if (ret) |
842 |
+ return ret; |
843 |
+- else |
844 |
+- return snprintf(sysfsbuf, PAGE_SIZE, "%u\n", speed); |
845 |
++ |
846 |
++ speed = ((buffer[0] << 8 | buffer[1]) >> 2); |
847 |
++ return snprintf(sysfsbuf, PAGE_SIZE, "%u\n", speed); |
848 |
+ } |
849 |
+ |
850 |
+ static ssize_t applesmc_store_fan_speed(struct device *dev, |
851 |
+@@ -858,12 +860,11 @@ static ssize_t applesmc_show_fan_manual(struct device *dev, |
852 |
+ u8 buffer[2]; |
853 |
+ |
854 |
+ ret = applesmc_read_key(FANS_MANUAL, buffer, 2); |
855 |
+- manual = ((buffer[0] << 8 | buffer[1]) >> to_index(attr)) & 0x01; |
856 |
+- |
857 |
+ if (ret) |
858 |
+ return ret; |
859 |
+- else |
860 |
+- return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", manual); |
861 |
++ |
862 |
++ manual = ((buffer[0] << 8 | buffer[1]) >> to_index(attr)) & 0x01; |
863 |
++ return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", manual); |
864 |
+ } |
865 |
+ |
866 |
+ static ssize_t applesmc_store_fan_manual(struct device *dev, |
867 |
+@@ -879,10 +880,11 @@ static ssize_t applesmc_store_fan_manual(struct device *dev, |
868 |
+ return -EINVAL; |
869 |
+ |
870 |
+ ret = applesmc_read_key(FANS_MANUAL, buffer, 2); |
871 |
+- val = (buffer[0] << 8 | buffer[1]); |
872 |
+ if (ret) |
873 |
+ goto out; |
874 |
+ |
875 |
++ val = (buffer[0] << 8 | buffer[1]); |
876 |
++ |
877 |
+ if (input) |
878 |
+ val = val | (0x01 << to_index(attr)); |
879 |
+ else |
880 |
+@@ -958,13 +960,12 @@ static ssize_t applesmc_key_count_show(struct device *dev, |
881 |
+ u32 count; |
882 |
+ |
883 |
+ ret = applesmc_read_key(KEY_COUNT_KEY, buffer, 4); |
884 |
+- count = ((u32)buffer[0]<<24) + ((u32)buffer[1]<<16) + |
885 |
+- ((u32)buffer[2]<<8) + buffer[3]; |
886 |
+- |
887 |
+ if (ret) |
888 |
+ return ret; |
889 |
+- else |
890 |
+- return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", count); |
891 |
++ |
892 |
++ count = ((u32)buffer[0]<<24) + ((u32)buffer[1]<<16) + |
893 |
++ ((u32)buffer[2]<<8) + buffer[3]; |
894 |
++ return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", count); |
895 |
+ } |
896 |
+ |
897 |
+ static ssize_t applesmc_key_at_index_read_show(struct device *dev, |
898 |
+diff --git a/drivers/iommu/intel_irq_remapping.c b/drivers/iommu/intel_irq_remapping.c |
899 |
+index 15a4ad31c510a..9d2d03545bb07 100644 |
900 |
+--- a/drivers/iommu/intel_irq_remapping.c |
901 |
++++ b/drivers/iommu/intel_irq_remapping.c |
902 |
+@@ -479,12 +479,18 @@ static void iommu_enable_irq_remapping(struct intel_iommu *iommu) |
903 |
+ |
904 |
+ /* Enable interrupt-remapping */ |
905 |
+ iommu->gcmd |= DMA_GCMD_IRE; |
906 |
+- iommu->gcmd &= ~DMA_GCMD_CFI; /* Block compatibility-format MSIs */ |
907 |
+ writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG); |
908 |
+- |
909 |
+ IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG, |
910 |
+ readl, (sts & DMA_GSTS_IRES), sts); |
911 |
+ |
912 |
++ /* Block compatibility-format MSIs */ |
913 |
++ if (sts & DMA_GSTS_CFIS) { |
914 |
++ iommu->gcmd &= ~DMA_GCMD_CFI; |
915 |
++ writel(iommu->gcmd, iommu->reg + DMAR_GCMD_REG); |
916 |
++ IOMMU_WAIT_OP(iommu, DMAR_GSTS_REG, |
917 |
++ readl, !(sts & DMA_GSTS_CFIS), sts); |
918 |
++ } |
919 |
++ |
920 |
+ /* |
921 |
+ * With CFI clear in the Global Command register, we should be |
922 |
+ * protected from dangerous (i.e. compatibility) interrupts |
923 |
+diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c |
924 |
+index 151aa95775be2..af6d4f898e4c1 100644 |
925 |
+--- a/drivers/md/dm-cache-metadata.c |
926 |
++++ b/drivers/md/dm-cache-metadata.c |
927 |
+@@ -537,12 +537,16 @@ static int __create_persistent_data_objects(struct dm_cache_metadata *cmd, |
928 |
+ CACHE_MAX_CONCURRENT_LOCKS); |
929 |
+ if (IS_ERR(cmd->bm)) { |
930 |
+ DMERR("could not create block manager"); |
931 |
+- return PTR_ERR(cmd->bm); |
932 |
++ r = PTR_ERR(cmd->bm); |
933 |
++ cmd->bm = NULL; |
934 |
++ return r; |
935 |
+ } |
936 |
+ |
937 |
+ r = __open_or_format_metadata(cmd, may_format_device); |
938 |
+- if (r) |
939 |
++ if (r) { |
940 |
+ dm_block_manager_destroy(cmd->bm); |
941 |
++ cmd->bm = NULL; |
942 |
++ } |
943 |
+ |
944 |
+ return r; |
945 |
+ } |
946 |
+diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c |
947 |
+index 6a26afcc1fd6b..85077f4d257a7 100644 |
948 |
+--- a/drivers/md/dm-thin-metadata.c |
949 |
++++ b/drivers/md/dm-thin-metadata.c |
950 |
+@@ -698,12 +698,16 @@ static int __create_persistent_data_objects(struct dm_pool_metadata *pmd, bool f |
951 |
+ THIN_MAX_CONCURRENT_LOCKS); |
952 |
+ if (IS_ERR(pmd->bm)) { |
953 |
+ DMERR("could not create block manager"); |
954 |
+- return PTR_ERR(pmd->bm); |
955 |
++ r = PTR_ERR(pmd->bm); |
956 |
++ pmd->bm = NULL; |
957 |
++ return r; |
958 |
+ } |
959 |
+ |
960 |
+ r = __open_or_format_metadata(pmd, format_device); |
961 |
+- if (r) |
962 |
++ if (r) { |
963 |
+ dm_block_manager_destroy(pmd->bm); |
964 |
++ pmd->bm = NULL; |
965 |
++ } |
966 |
+ |
967 |
+ return r; |
968 |
+ } |
969 |
+diff --git a/drivers/md/dm-writecache.c b/drivers/md/dm-writecache.c |
970 |
+index cc028353f9d55..776aaf5951e4a 100644 |
971 |
+--- a/drivers/md/dm-writecache.c |
972 |
++++ b/drivers/md/dm-writecache.c |
973 |
+@@ -226,6 +226,7 @@ static int persistent_memory_claim(struct dm_writecache *wc) |
974 |
+ pfn_t pfn; |
975 |
+ int id; |
976 |
+ struct page **pages; |
977 |
++ sector_t offset; |
978 |
+ |
979 |
+ wc->memory_vmapped = false; |
980 |
+ |
981 |
+@@ -244,9 +245,16 @@ static int persistent_memory_claim(struct dm_writecache *wc) |
982 |
+ goto err1; |
983 |
+ } |
984 |
+ |
985 |
++ offset = get_start_sect(wc->ssd_dev->bdev); |
986 |
++ if (offset & (PAGE_SIZE / 512 - 1)) { |
987 |
++ r = -EINVAL; |
988 |
++ goto err1; |
989 |
++ } |
990 |
++ offset >>= PAGE_SHIFT - 9; |
991 |
++ |
992 |
+ id = dax_read_lock(); |
993 |
+ |
994 |
+- da = dax_direct_access(wc->ssd_dev->dax_dev, 0, p, &wc->memory_map, &pfn); |
995 |
++ da = dax_direct_access(wc->ssd_dev->dax_dev, offset, p, &wc->memory_map, &pfn); |
996 |
+ if (da < 0) { |
997 |
+ wc->memory_map = NULL; |
998 |
+ r = da; |
999 |
+@@ -268,7 +276,7 @@ static int persistent_memory_claim(struct dm_writecache *wc) |
1000 |
+ i = 0; |
1001 |
+ do { |
1002 |
+ long daa; |
1003 |
+- daa = dax_direct_access(wc->ssd_dev->dax_dev, i, p - i, |
1004 |
++ daa = dax_direct_access(wc->ssd_dev->dax_dev, offset + i, p - i, |
1005 |
+ NULL, &pfn); |
1006 |
+ if (daa <= 0) { |
1007 |
+ r = daa ? daa : -EINVAL; |
1008 |
+diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c |
1009 |
+index c30affbd43a98..cf3df733d9605 100644 |
1010 |
+--- a/drivers/media/rc/rc-main.c |
1011 |
++++ b/drivers/media/rc/rc-main.c |
1012 |
+@@ -1245,6 +1245,10 @@ static ssize_t store_protocols(struct device *device, |
1013 |
+ } |
1014 |
+ |
1015 |
+ mutex_lock(&dev->lock); |
1016 |
++ if (!dev->registered) { |
1017 |
++ mutex_unlock(&dev->lock); |
1018 |
++ return -ENODEV; |
1019 |
++ } |
1020 |
+ |
1021 |
+ old_protocols = *current_protocols; |
1022 |
+ new_protocols = old_protocols; |
1023 |
+@@ -1383,6 +1387,10 @@ static ssize_t store_filter(struct device *device, |
1024 |
+ return -EINVAL; |
1025 |
+ |
1026 |
+ mutex_lock(&dev->lock); |
1027 |
++ if (!dev->registered) { |
1028 |
++ mutex_unlock(&dev->lock); |
1029 |
++ return -ENODEV; |
1030 |
++ } |
1031 |
+ |
1032 |
+ new_filter = *filter; |
1033 |
+ if (fattr->mask) |
1034 |
+@@ -1497,6 +1505,10 @@ static ssize_t store_wakeup_protocols(struct device *device, |
1035 |
+ int i; |
1036 |
+ |
1037 |
+ mutex_lock(&dev->lock); |
1038 |
++ if (!dev->registered) { |
1039 |
++ mutex_unlock(&dev->lock); |
1040 |
++ return -ENODEV; |
1041 |
++ } |
1042 |
+ |
1043 |
+ allowed = dev->allowed_wakeup_protocols; |
1044 |
+ |
1045 |
+@@ -1556,25 +1568,25 @@ static void rc_dev_release(struct device *device) |
1046 |
+ kfree(dev); |
1047 |
+ } |
1048 |
+ |
1049 |
+-#define ADD_HOTPLUG_VAR(fmt, val...) \ |
1050 |
+- do { \ |
1051 |
+- int err = add_uevent_var(env, fmt, val); \ |
1052 |
+- if (err) \ |
1053 |
+- return err; \ |
1054 |
+- } while (0) |
1055 |
+- |
1056 |
+ static int rc_dev_uevent(struct device *device, struct kobj_uevent_env *env) |
1057 |
+ { |
1058 |
+ struct rc_dev *dev = to_rc_dev(device); |
1059 |
++ int ret = 0; |
1060 |
+ |
1061 |
+- if (dev->rc_map.name) |
1062 |
+- ADD_HOTPLUG_VAR("NAME=%s", dev->rc_map.name); |
1063 |
+- if (dev->driver_name) |
1064 |
+- ADD_HOTPLUG_VAR("DRV_NAME=%s", dev->driver_name); |
1065 |
+- if (dev->device_name) |
1066 |
+- ADD_HOTPLUG_VAR("DEV_NAME=%s", dev->device_name); |
1067 |
++ mutex_lock(&dev->lock); |
1068 |
+ |
1069 |
+- return 0; |
1070 |
++ if (!dev->registered) |
1071 |
++ ret = -ENODEV; |
1072 |
++ if (ret == 0 && dev->rc_map.name) |
1073 |
++ ret = add_uevent_var(env, "NAME=%s", dev->rc_map.name); |
1074 |
++ if (ret == 0 && dev->driver_name) |
1075 |
++ ret = add_uevent_var(env, "DRV_NAME=%s", dev->driver_name); |
1076 |
++ if (ret == 0 && dev->device_name) |
1077 |
++ ret = add_uevent_var(env, "DEV_NAME=%s", dev->device_name); |
1078 |
++ |
1079 |
++ mutex_unlock(&dev->lock); |
1080 |
++ |
1081 |
++ return ret; |
1082 |
+ } |
1083 |
+ |
1084 |
+ /* |
1085 |
+@@ -1958,14 +1970,14 @@ void rc_unregister_device(struct rc_dev *dev) |
1086 |
+ del_timer_sync(&dev->timer_keyup); |
1087 |
+ del_timer_sync(&dev->timer_repeat); |
1088 |
+ |
1089 |
+- rc_free_rx_device(dev); |
1090 |
+- |
1091 |
+ mutex_lock(&dev->lock); |
1092 |
+ if (dev->users && dev->close) |
1093 |
+ dev->close(dev); |
1094 |
+ dev->registered = false; |
1095 |
+ mutex_unlock(&dev->lock); |
1096 |
+ |
1097 |
++ rc_free_rx_device(dev); |
1098 |
++ |
1099 |
+ /* |
1100 |
+ * lirc device should be freed with dev->registered = false, so |
1101 |
+ * that userspace polling will get notified. |
1102 |
+diff --git a/drivers/net/ethernet/arc/emac_mdio.c b/drivers/net/ethernet/arc/emac_mdio.c |
1103 |
+index 0187dbf3b87df..54cdafdd067db 100644 |
1104 |
+--- a/drivers/net/ethernet/arc/emac_mdio.c |
1105 |
++++ b/drivers/net/ethernet/arc/emac_mdio.c |
1106 |
+@@ -153,6 +153,7 @@ int arc_mdio_probe(struct arc_emac_priv *priv) |
1107 |
+ if (IS_ERR(data->reset_gpio)) { |
1108 |
+ error = PTR_ERR(data->reset_gpio); |
1109 |
+ dev_err(priv->dev, "Failed to request gpio: %d\n", error); |
1110 |
++ mdiobus_free(bus); |
1111 |
+ return error; |
1112 |
+ } |
1113 |
+ |
1114 |
+diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c |
1115 |
+index 6b761f6b8fd56..9a614c5cdfa22 100644 |
1116 |
+--- a/drivers/net/ethernet/broadcom/bcmsysport.c |
1117 |
++++ b/drivers/net/ethernet/broadcom/bcmsysport.c |
1118 |
+@@ -2441,8 +2441,10 @@ static int bcm_sysport_probe(struct platform_device *pdev) |
1119 |
+ priv->tx_rings = devm_kcalloc(&pdev->dev, txq, |
1120 |
+ sizeof(struct bcm_sysport_tx_ring), |
1121 |
+ GFP_KERNEL); |
1122 |
+- if (!priv->tx_rings) |
1123 |
+- return -ENOMEM; |
1124 |
++ if (!priv->tx_rings) { |
1125 |
++ ret = -ENOMEM; |
1126 |
++ goto err_free_netdev; |
1127 |
++ } |
1128 |
+ |
1129 |
+ priv->is_lite = params->is_lite; |
1130 |
+ priv->num_rx_desc_words = params->num_rx_desc_words; |
1131 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
1132 |
+index ab4d1dacb5854..a267380b267d7 100644 |
1133 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
1134 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
1135 |
+@@ -6836,16 +6836,19 @@ static ssize_t bnxt_show_temp(struct device *dev, |
1136 |
+ struct hwrm_temp_monitor_query_input req = {0}; |
1137 |
+ struct hwrm_temp_monitor_query_output *resp; |
1138 |
+ struct bnxt *bp = dev_get_drvdata(dev); |
1139 |
+- u32 temp = 0; |
1140 |
++ u32 len = 0; |
1141 |
+ |
1142 |
+ resp = bp->hwrm_cmd_resp_addr; |
1143 |
+ bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_TEMP_MONITOR_QUERY, -1, -1); |
1144 |
+ mutex_lock(&bp->hwrm_cmd_lock); |
1145 |
+- if (!_hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT)) |
1146 |
+- temp = resp->temp * 1000; /* display millidegree */ |
1147 |
++ if (!_hwrm_send_message_silent(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT)) |
1148 |
++ len = sprintf(buf, "%u\n", resp->temp * 1000); /* display millidegree */ |
1149 |
+ mutex_unlock(&bp->hwrm_cmd_lock); |
1150 |
+ |
1151 |
+- return sprintf(buf, "%u\n", temp); |
1152 |
++ if (len) |
1153 |
++ return len; |
1154 |
++ |
1155 |
++ return sprintf(buf, "unknown\n"); |
1156 |
+ } |
1157 |
+ static SENSOR_DEVICE_ATTR(temp1_input, 0444, bnxt_show_temp, NULL, 0); |
1158 |
+ |
1159 |
+@@ -7024,15 +7027,15 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init) |
1160 |
+ } |
1161 |
+ } |
1162 |
+ |
1163 |
+- bnxt_enable_napi(bp); |
1164 |
+- bnxt_debug_dev_init(bp); |
1165 |
+- |
1166 |
+ rc = bnxt_init_nic(bp, irq_re_init); |
1167 |
+ if (rc) { |
1168 |
+ netdev_err(bp->dev, "bnxt_init_nic err: %x\n", rc); |
1169 |
+- goto open_err; |
1170 |
++ goto open_err_irq; |
1171 |
+ } |
1172 |
+ |
1173 |
++ bnxt_enable_napi(bp); |
1174 |
++ bnxt_debug_dev_init(bp); |
1175 |
++ |
1176 |
+ if (link_re_init) { |
1177 |
+ mutex_lock(&bp->link_lock); |
1178 |
+ rc = bnxt_update_phy_setting(bp); |
1179 |
+@@ -7063,10 +7066,6 @@ static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init) |
1180 |
+ bnxt_vf_reps_open(bp); |
1181 |
+ return 0; |
1182 |
+ |
1183 |
+-open_err: |
1184 |
+- bnxt_debug_dev_exit(bp); |
1185 |
+- bnxt_disable_napi(bp); |
1186 |
+- |
1187 |
+ open_err_irq: |
1188 |
+ bnxt_del_napi(bp); |
1189 |
+ |
1190 |
+@@ -9128,6 +9127,7 @@ static int bnxt_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) |
1191 |
+ (long)pci_resource_start(pdev, 0), dev->dev_addr); |
1192 |
+ pcie_print_link_status(pdev); |
1193 |
+ |
1194 |
++ pci_save_state(pdev); |
1195 |
+ return 0; |
1196 |
+ |
1197 |
+ init_err_cleanup_tc: |
1198 |
+@@ -9289,6 +9289,8 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev) |
1199 |
+ "Cannot re-enable PCI device after reset.\n"); |
1200 |
+ } else { |
1201 |
+ pci_set_master(pdev); |
1202 |
++ pci_restore_state(pdev); |
1203 |
++ pci_save_state(pdev); |
1204 |
+ |
1205 |
+ err = bnxt_hwrm_func_reset(bp); |
1206 |
+ if (!err && netif_running(netdev)) |
1207 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c |
1208 |
+index 63730e449e088..a1cb99110092d 100644 |
1209 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c |
1210 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c |
1211 |
+@@ -471,7 +471,7 @@ static void bnxt_get_channels(struct net_device *dev, |
1212 |
+ int max_tx_sch_inputs; |
1213 |
+ |
1214 |
+ /* Get the most up-to-date max_tx_sch_inputs. */ |
1215 |
+- if (BNXT_NEW_RM(bp)) |
1216 |
++ if (netif_running(dev) && BNXT_NEW_RM(bp)) |
1217 |
+ bnxt_hwrm_func_resc_qcaps(bp, false); |
1218 |
+ max_tx_sch_inputs = hw_resc->max_tx_sch_inputs; |
1219 |
+ |
1220 |
+@@ -1877,6 +1877,9 @@ static int bnxt_get_nvram_directory(struct net_device *dev, u32 len, u8 *data) |
1221 |
+ if (rc != 0) |
1222 |
+ return rc; |
1223 |
+ |
1224 |
++ if (!dir_entries || !entry_length) |
1225 |
++ return -EIO; |
1226 |
++ |
1227 |
+ /* Insert 2 bytes of directory info (count and size of entries) */ |
1228 |
+ if (len < 2) |
1229 |
+ return -EINVAL; |
1230 |
+diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c |
1231 |
+index be845df050399..6fcf9646d141b 100644 |
1232 |
+--- a/drivers/net/ethernet/broadcom/tg3.c |
1233 |
++++ b/drivers/net/ethernet/broadcom/tg3.c |
1234 |
+@@ -7219,8 +7219,8 @@ static inline void tg3_reset_task_schedule(struct tg3 *tp) |
1235 |
+ |
1236 |
+ static inline void tg3_reset_task_cancel(struct tg3 *tp) |
1237 |
+ { |
1238 |
+- cancel_work_sync(&tp->reset_task); |
1239 |
+- tg3_flag_clear(tp, RESET_TASK_PENDING); |
1240 |
++ if (test_and_clear_bit(TG3_FLAG_RESET_TASK_PENDING, tp->tg3_flags)) |
1241 |
++ cancel_work_sync(&tp->reset_task); |
1242 |
+ tg3_flag_clear(tp, TX_RECOVERY_PENDING); |
1243 |
+ } |
1244 |
+ |
1245 |
+@@ -11213,18 +11213,27 @@ static void tg3_reset_task(struct work_struct *work) |
1246 |
+ |
1247 |
+ tg3_halt(tp, RESET_KIND_SHUTDOWN, 0); |
1248 |
+ err = tg3_init_hw(tp, true); |
1249 |
+- if (err) |
1250 |
++ if (err) { |
1251 |
++ tg3_full_unlock(tp); |
1252 |
++ tp->irq_sync = 0; |
1253 |
++ tg3_napi_enable(tp); |
1254 |
++ /* Clear this flag so that tg3_reset_task_cancel() will not |
1255 |
++ * call cancel_work_sync() and wait forever. |
1256 |
++ */ |
1257 |
++ tg3_flag_clear(tp, RESET_TASK_PENDING); |
1258 |
++ dev_close(tp->dev); |
1259 |
+ goto out; |
1260 |
++ } |
1261 |
+ |
1262 |
+ tg3_netif_start(tp); |
1263 |
+ |
1264 |
+-out: |
1265 |
+ tg3_full_unlock(tp); |
1266 |
+ |
1267 |
+ if (!err) |
1268 |
+ tg3_phy_start(tp); |
1269 |
+ |
1270 |
+ tg3_flag_clear(tp, RESET_TASK_PENDING); |
1271 |
++out: |
1272 |
+ rtnl_unlock(); |
1273 |
+ } |
1274 |
+ |
1275 |
+diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c |
1276 |
+index 16de0fa92ab74..5242687060b44 100644 |
1277 |
+--- a/drivers/net/ethernet/cortina/gemini.c |
1278 |
++++ b/drivers/net/ethernet/cortina/gemini.c |
1279 |
+@@ -2451,8 +2451,8 @@ static int gemini_ethernet_port_probe(struct platform_device *pdev) |
1280 |
+ port->reset = devm_reset_control_get_exclusive(dev, NULL); |
1281 |
+ if (IS_ERR(port->reset)) { |
1282 |
+ dev_err(dev, "no reset\n"); |
1283 |
+- clk_disable_unprepare(port->pclk); |
1284 |
+- return PTR_ERR(port->reset); |
1285 |
++ ret = PTR_ERR(port->reset); |
1286 |
++ goto unprepare; |
1287 |
+ } |
1288 |
+ reset_control_reset(port->reset); |
1289 |
+ usleep_range(100, 500); |
1290 |
+@@ -2507,25 +2507,25 @@ static int gemini_ethernet_port_probe(struct platform_device *pdev) |
1291 |
+ IRQF_SHARED, |
1292 |
+ port_names[port->id], |
1293 |
+ port); |
1294 |
+- if (ret) { |
1295 |
+- clk_disable_unprepare(port->pclk); |
1296 |
+- return ret; |
1297 |
+- } |
1298 |
++ if (ret) |
1299 |
++ goto unprepare; |
1300 |
+ |
1301 |
+ ret = register_netdev(netdev); |
1302 |
+- if (!ret) { |
1303 |
++ if (ret) |
1304 |
++ goto unprepare; |
1305 |
++ |
1306 |
++ netdev_info(netdev, |
1307 |
++ "irq %d, DMA @ 0x%pap, GMAC @ 0x%pap\n", |
1308 |
++ port->irq, &dmares->start, |
1309 |
++ &gmacres->start); |
1310 |
++ ret = gmac_setup_phy(netdev); |
1311 |
++ if (ret) |
1312 |
+ netdev_info(netdev, |
1313 |
+- "irq %d, DMA @ 0x%pap, GMAC @ 0x%pap\n", |
1314 |
+- port->irq, &dmares->start, |
1315 |
+- &gmacres->start); |
1316 |
+- ret = gmac_setup_phy(netdev); |
1317 |
+- if (ret) |
1318 |
+- netdev_info(netdev, |
1319 |
+- "PHY init failed, deferring to ifup time\n"); |
1320 |
+- return 0; |
1321 |
+- } |
1322 |
++ "PHY init failed, deferring to ifup time\n"); |
1323 |
++ return 0; |
1324 |
+ |
1325 |
+- port->netdev = NULL; |
1326 |
++unprepare: |
1327 |
++ clk_disable_unprepare(port->pclk); |
1328 |
+ return ret; |
1329 |
+ } |
1330 |
+ |
1331 |
+diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c b/drivers/net/ethernet/hisilicon/hns/hns_enet.c |
1332 |
+index 024b08fafd3b2..4de65a9de0a63 100644 |
1333 |
+--- a/drivers/net/ethernet/hisilicon/hns/hns_enet.c |
1334 |
++++ b/drivers/net/ethernet/hisilicon/hns/hns_enet.c |
1335 |
+@@ -2297,8 +2297,10 @@ static int hns_nic_dev_probe(struct platform_device *pdev) |
1336 |
+ priv->enet_ver = AE_VERSION_1; |
1337 |
+ else if (acpi_dev_found(hns_enet_acpi_match[1].id)) |
1338 |
+ priv->enet_ver = AE_VERSION_2; |
1339 |
+- else |
1340 |
+- return -ENXIO; |
1341 |
++ else { |
1342 |
++ ret = -ENXIO; |
1343 |
++ goto out_read_prop_fail; |
1344 |
++ } |
1345 |
+ |
1346 |
+ /* try to find port-idx-in-ae first */ |
1347 |
+ ret = acpi_node_get_property_reference(dev->fwnode, |
1348 |
+@@ -2314,7 +2316,8 @@ static int hns_nic_dev_probe(struct platform_device *pdev) |
1349 |
+ priv->fwnode = args.fwnode; |
1350 |
+ } else { |
1351 |
+ dev_err(dev, "cannot read cfg data from OF or acpi\n"); |
1352 |
+- return -ENXIO; |
1353 |
++ ret = -ENXIO; |
1354 |
++ goto out_read_prop_fail; |
1355 |
+ } |
1356 |
+ |
1357 |
+ ret = device_property_read_u32(dev, "port-idx-in-ae", &port_id); |
1358 |
+diff --git a/drivers/net/ethernet/mellanox/mlx4/mr.c b/drivers/net/ethernet/mellanox/mlx4/mr.c |
1359 |
+index 1a11bc0e16123..cfa0bba3940fb 100644 |
1360 |
+--- a/drivers/net/ethernet/mellanox/mlx4/mr.c |
1361 |
++++ b/drivers/net/ethernet/mellanox/mlx4/mr.c |
1362 |
+@@ -114,7 +114,7 @@ static int mlx4_buddy_init(struct mlx4_buddy *buddy, int max_order) |
1363 |
+ goto err_out; |
1364 |
+ |
1365 |
+ for (i = 0; i <= buddy->max_order; ++i) { |
1366 |
+- s = BITS_TO_LONGS(1 << (buddy->max_order - i)); |
1367 |
++ s = BITS_TO_LONGS(1UL << (buddy->max_order - i)); |
1368 |
+ buddy->bits[i] = kvmalloc_array(s, sizeof(long), GFP_KERNEL | __GFP_ZERO); |
1369 |
+ if (!buddy->bits[i]) |
1370 |
+ goto err_out_free; |
1371 |
+diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c |
1372 |
+index 569e698b5c807..b5066cf86c856 100644 |
1373 |
+--- a/drivers/net/ethernet/renesas/ravb_main.c |
1374 |
++++ b/drivers/net/ethernet/renesas/ravb_main.c |
1375 |
+@@ -1337,6 +1337,51 @@ static inline int ravb_hook_irq(unsigned int irq, irq_handler_t handler, |
1376 |
+ return error; |
1377 |
+ } |
1378 |
+ |
1379 |
++/* MDIO bus init function */ |
1380 |
++static int ravb_mdio_init(struct ravb_private *priv) |
1381 |
++{ |
1382 |
++ struct platform_device *pdev = priv->pdev; |
1383 |
++ struct device *dev = &pdev->dev; |
1384 |
++ int error; |
1385 |
++ |
1386 |
++ /* Bitbang init */ |
1387 |
++ priv->mdiobb.ops = &bb_ops; |
1388 |
++ |
1389 |
++ /* MII controller setting */ |
1390 |
++ priv->mii_bus = alloc_mdio_bitbang(&priv->mdiobb); |
1391 |
++ if (!priv->mii_bus) |
1392 |
++ return -ENOMEM; |
1393 |
++ |
1394 |
++ /* Hook up MII support for ethtool */ |
1395 |
++ priv->mii_bus->name = "ravb_mii"; |
1396 |
++ priv->mii_bus->parent = dev; |
1397 |
++ snprintf(priv->mii_bus->id, MII_BUS_ID_SIZE, "%s-%x", |
1398 |
++ pdev->name, pdev->id); |
1399 |
++ |
1400 |
++ /* Register MDIO bus */ |
1401 |
++ error = of_mdiobus_register(priv->mii_bus, dev->of_node); |
1402 |
++ if (error) |
1403 |
++ goto out_free_bus; |
1404 |
++ |
1405 |
++ return 0; |
1406 |
++ |
1407 |
++out_free_bus: |
1408 |
++ free_mdio_bitbang(priv->mii_bus); |
1409 |
++ return error; |
1410 |
++} |
1411 |
++ |
1412 |
++/* MDIO bus release function */ |
1413 |
++static int ravb_mdio_release(struct ravb_private *priv) |
1414 |
++{ |
1415 |
++ /* Unregister mdio bus */ |
1416 |
++ mdiobus_unregister(priv->mii_bus); |
1417 |
++ |
1418 |
++ /* Free bitbang info */ |
1419 |
++ free_mdio_bitbang(priv->mii_bus); |
1420 |
++ |
1421 |
++ return 0; |
1422 |
++} |
1423 |
++ |
1424 |
+ /* Network device open function for Ethernet AVB */ |
1425 |
+ static int ravb_open(struct net_device *ndev) |
1426 |
+ { |
1427 |
+@@ -1345,6 +1390,13 @@ static int ravb_open(struct net_device *ndev) |
1428 |
+ struct device *dev = &pdev->dev; |
1429 |
+ int error; |
1430 |
+ |
1431 |
++ /* MDIO bus init */ |
1432 |
++ error = ravb_mdio_init(priv); |
1433 |
++ if (error) { |
1434 |
++ netdev_err(ndev, "failed to initialize MDIO\n"); |
1435 |
++ return error; |
1436 |
++ } |
1437 |
++ |
1438 |
+ napi_enable(&priv->napi[RAVB_BE]); |
1439 |
+ napi_enable(&priv->napi[RAVB_NC]); |
1440 |
+ |
1441 |
+@@ -1422,6 +1474,7 @@ out_free_irq: |
1442 |
+ out_napi_off: |
1443 |
+ napi_disable(&priv->napi[RAVB_NC]); |
1444 |
+ napi_disable(&priv->napi[RAVB_BE]); |
1445 |
++ ravb_mdio_release(priv); |
1446 |
+ return error; |
1447 |
+ } |
1448 |
+ |
1449 |
+@@ -1721,6 +1774,8 @@ static int ravb_close(struct net_device *ndev) |
1450 |
+ ravb_ring_free(ndev, RAVB_BE); |
1451 |
+ ravb_ring_free(ndev, RAVB_NC); |
1452 |
+ |
1453 |
++ ravb_mdio_release(priv); |
1454 |
++ |
1455 |
+ return 0; |
1456 |
+ } |
1457 |
+ |
1458 |
+@@ -1867,51 +1922,6 @@ static const struct net_device_ops ravb_netdev_ops = { |
1459 |
+ .ndo_set_features = ravb_set_features, |
1460 |
+ }; |
1461 |
+ |
1462 |
+-/* MDIO bus init function */ |
1463 |
+-static int ravb_mdio_init(struct ravb_private *priv) |
1464 |
+-{ |
1465 |
+- struct platform_device *pdev = priv->pdev; |
1466 |
+- struct device *dev = &pdev->dev; |
1467 |
+- int error; |
1468 |
+- |
1469 |
+- /* Bitbang init */ |
1470 |
+- priv->mdiobb.ops = &bb_ops; |
1471 |
+- |
1472 |
+- /* MII controller setting */ |
1473 |
+- priv->mii_bus = alloc_mdio_bitbang(&priv->mdiobb); |
1474 |
+- if (!priv->mii_bus) |
1475 |
+- return -ENOMEM; |
1476 |
+- |
1477 |
+- /* Hook up MII support for ethtool */ |
1478 |
+- priv->mii_bus->name = "ravb_mii"; |
1479 |
+- priv->mii_bus->parent = dev; |
1480 |
+- snprintf(priv->mii_bus->id, MII_BUS_ID_SIZE, "%s-%x", |
1481 |
+- pdev->name, pdev->id); |
1482 |
+- |
1483 |
+- /* Register MDIO bus */ |
1484 |
+- error = of_mdiobus_register(priv->mii_bus, dev->of_node); |
1485 |
+- if (error) |
1486 |
+- goto out_free_bus; |
1487 |
+- |
1488 |
+- return 0; |
1489 |
+- |
1490 |
+-out_free_bus: |
1491 |
+- free_mdio_bitbang(priv->mii_bus); |
1492 |
+- return error; |
1493 |
+-} |
1494 |
+- |
1495 |
+-/* MDIO bus release function */ |
1496 |
+-static int ravb_mdio_release(struct ravb_private *priv) |
1497 |
+-{ |
1498 |
+- /* Unregister mdio bus */ |
1499 |
+- mdiobus_unregister(priv->mii_bus); |
1500 |
+- |
1501 |
+- /* Free bitbang info */ |
1502 |
+- free_mdio_bitbang(priv->mii_bus); |
1503 |
+- |
1504 |
+- return 0; |
1505 |
+-} |
1506 |
+- |
1507 |
+ static const struct of_device_id ravb_match_table[] = { |
1508 |
+ { .compatible = "renesas,etheravb-r8a7790", .data = (void *)RCAR_GEN2 }, |
1509 |
+ { .compatible = "renesas,etheravb-r8a7794", .data = (void *)RCAR_GEN2 }, |
1510 |
+@@ -2138,13 +2148,6 @@ static int ravb_probe(struct platform_device *pdev) |
1511 |
+ eth_hw_addr_random(ndev); |
1512 |
+ } |
1513 |
+ |
1514 |
+- /* MDIO bus init */ |
1515 |
+- error = ravb_mdio_init(priv); |
1516 |
+- if (error) { |
1517 |
+- dev_err(&pdev->dev, "failed to initialize MDIO\n"); |
1518 |
+- goto out_dma_free; |
1519 |
+- } |
1520 |
+- |
1521 |
+ netif_napi_add(ndev, &priv->napi[RAVB_BE], ravb_poll, 64); |
1522 |
+ netif_napi_add(ndev, &priv->napi[RAVB_NC], ravb_poll, 64); |
1523 |
+ |
1524 |
+@@ -2166,8 +2169,6 @@ static int ravb_probe(struct platform_device *pdev) |
1525 |
+ out_napi_del: |
1526 |
+ netif_napi_del(&priv->napi[RAVB_NC]); |
1527 |
+ netif_napi_del(&priv->napi[RAVB_BE]); |
1528 |
+- ravb_mdio_release(priv); |
1529 |
+-out_dma_free: |
1530 |
+ dma_free_coherent(ndev->dev.parent, priv->desc_bat_size, priv->desc_bat, |
1531 |
+ priv->desc_bat_dma); |
1532 |
+ |
1533 |
+@@ -2199,7 +2200,6 @@ static int ravb_remove(struct platform_device *pdev) |
1534 |
+ unregister_netdev(ndev); |
1535 |
+ netif_napi_del(&priv->napi[RAVB_NC]); |
1536 |
+ netif_napi_del(&priv->napi[RAVB_BE]); |
1537 |
+- ravb_mdio_release(priv); |
1538 |
+ pm_runtime_disable(&pdev->dev); |
1539 |
+ free_netdev(ndev); |
1540 |
+ platform_set_drvdata(pdev, NULL); |
1541 |
+diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c |
1542 |
+index d73850ebb671f..f2fecb6842209 100644 |
1543 |
+--- a/drivers/net/gtp.c |
1544 |
++++ b/drivers/net/gtp.c |
1545 |
+@@ -1187,6 +1187,7 @@ static int gtp_genl_fill_info(struct sk_buff *skb, u32 snd_portid, u32 snd_seq, |
1546 |
+ goto nlmsg_failure; |
1547 |
+ |
1548 |
+ if (nla_put_u32(skb, GTPA_VERSION, pctx->gtp_version) || |
1549 |
++ nla_put_u32(skb, GTPA_LINK, pctx->dev->ifindex) || |
1550 |
+ nla_put_be32(skb, GTPA_PEER_ADDRESS, pctx->peer_addr_ip4.s_addr) || |
1551 |
+ nla_put_be32(skb, GTPA_MS_ADDRESS, pctx->ms_addr_ip4.s_addr)) |
1552 |
+ goto nla_put_failure; |
1553 |
+diff --git a/drivers/net/usb/asix_common.c b/drivers/net/usb/asix_common.c |
1554 |
+index 023b8d0bf1754..8d27786acad91 100644 |
1555 |
+--- a/drivers/net/usb/asix_common.c |
1556 |
++++ b/drivers/net/usb/asix_common.c |
1557 |
+@@ -309,7 +309,7 @@ int asix_read_phy_addr(struct usbnet *dev, int internal) |
1558 |
+ |
1559 |
+ netdev_dbg(dev->net, "asix_get_phy_addr()\n"); |
1560 |
+ |
1561 |
+- if (ret < 0) { |
1562 |
++ if (ret < 2) { |
1563 |
+ netdev_err(dev->net, "Error reading PHYID register: %02x\n", ret); |
1564 |
+ goto out; |
1565 |
+ } |
1566 |
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
1567 |
+index ea3c891186147..af58bf54aa9b6 100644 |
1568 |
+--- a/drivers/net/usb/qmi_wwan.c |
1569 |
++++ b/drivers/net/usb/qmi_wwan.c |
1570 |
+@@ -1227,6 +1227,7 @@ static const struct usb_device_id products[] = { |
1571 |
+ {QMI_FIXED_INTF(0x2001, 0x7e16, 3)}, /* D-Link DWM-221 */ |
1572 |
+ {QMI_FIXED_INTF(0x2001, 0x7e19, 4)}, /* D-Link DWM-221 B1 */ |
1573 |
+ {QMI_FIXED_INTF(0x2001, 0x7e35, 4)}, /* D-Link DWM-222 */ |
1574 |
++ {QMI_FIXED_INTF(0x2001, 0x7e3d, 4)}, /* D-Link DWM-222 A2 */ |
1575 |
+ {QMI_FIXED_INTF(0x2020, 0x2031, 4)}, /* Olicard 600 */ |
1576 |
+ {QMI_FIXED_INTF(0x2020, 0x2033, 4)}, /* BroadMobi BM806U */ |
1577 |
+ {QMI_FIXED_INTF(0x2020, 0x2060, 4)}, /* BroadMobi BM818 */ |
1578 |
+@@ -1262,6 +1263,7 @@ static const struct usb_device_id products[] = { |
1579 |
+ {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ |
1580 |
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */ |
1581 |
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ |
1582 |
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */ |
1583 |
+ {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ |
1584 |
+ {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */ |
1585 |
+ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */ |
1586 |
+diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c |
1587 |
+index 776b7e9e23b9e..f28df233dfcd0 100644 |
1588 |
+--- a/drivers/nvme/target/core.c |
1589 |
++++ b/drivers/nvme/target/core.c |
1590 |
+@@ -307,6 +307,9 @@ static void nvmet_keep_alive_timer(struct work_struct *work) |
1591 |
+ |
1592 |
+ static void nvmet_start_keep_alive_timer(struct nvmet_ctrl *ctrl) |
1593 |
+ { |
1594 |
++ if (unlikely(ctrl->kato == 0)) |
1595 |
++ return; |
1596 |
++ |
1597 |
+ pr_debug("ctrl %d start keep-alive timer for %d secs\n", |
1598 |
+ ctrl->cntlid, ctrl->kato); |
1599 |
+ |
1600 |
+@@ -316,6 +319,9 @@ static void nvmet_start_keep_alive_timer(struct nvmet_ctrl *ctrl) |
1601 |
+ |
1602 |
+ static void nvmet_stop_keep_alive_timer(struct nvmet_ctrl *ctrl) |
1603 |
+ { |
1604 |
++ if (unlikely(ctrl->kato == 0)) |
1605 |
++ return; |
1606 |
++ |
1607 |
+ pr_debug("ctrl %d stop keep-alive\n", ctrl->cntlid); |
1608 |
+ |
1609 |
+ cancel_delayed_work_sync(&ctrl->ka_work); |
1610 |
+diff --git a/drivers/nvme/target/fc.c b/drivers/nvme/target/fc.c |
1611 |
+index 29b4b236afd85..77e4d184bc995 100644 |
1612 |
+--- a/drivers/nvme/target/fc.c |
1613 |
++++ b/drivers/nvme/target/fc.c |
1614 |
+@@ -1986,9 +1986,9 @@ nvmet_fc_fod_op_done(struct nvmet_fc_fcp_iod *fod) |
1615 |
+ return; |
1616 |
+ if (fcpreq->fcp_error || |
1617 |
+ fcpreq->transferred_length != fcpreq->transfer_length) { |
1618 |
+- spin_lock(&fod->flock); |
1619 |
++ spin_lock_irqsave(&fod->flock, flags); |
1620 |
+ fod->abort = true; |
1621 |
+- spin_unlock(&fod->flock); |
1622 |
++ spin_unlock_irqrestore(&fod->flock, flags); |
1623 |
+ |
1624 |
+ nvmet_req_complete(&fod->req, NVME_SC_INTERNAL); |
1625 |
+ return; |
1626 |
+diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c |
1627 |
+index 91dbac7446a47..99314e5162447 100644 |
1628 |
+--- a/drivers/target/target_core_user.c |
1629 |
++++ b/drivers/target/target_core_user.c |
1630 |
+@@ -687,8 +687,10 @@ static void scatter_data_area(struct tcmu_dev *udev, |
1631 |
+ from = kmap_atomic(sg_page(sg)) + sg->offset; |
1632 |
+ while (sg_remaining > 0) { |
1633 |
+ if (block_remaining == 0) { |
1634 |
+- if (to) |
1635 |
++ if (to) { |
1636 |
++ flush_dcache_page(page); |
1637 |
+ kunmap_atomic(to); |
1638 |
++ } |
1639 |
+ |
1640 |
+ block_remaining = DATA_BLOCK_SIZE; |
1641 |
+ dbi = tcmu_cmd_get_dbi(tcmu_cmd); |
1642 |
+@@ -733,7 +735,6 @@ static void scatter_data_area(struct tcmu_dev *udev, |
1643 |
+ memcpy(to + offset, |
1644 |
+ from + sg->length - sg_remaining, |
1645 |
+ copy_bytes); |
1646 |
+- tcmu_flush_dcache_range(to, copy_bytes); |
1647 |
+ } |
1648 |
+ |
1649 |
+ sg_remaining -= copy_bytes; |
1650 |
+@@ -742,8 +743,10 @@ static void scatter_data_area(struct tcmu_dev *udev, |
1651 |
+ kunmap_atomic(from - sg->offset); |
1652 |
+ } |
1653 |
+ |
1654 |
+- if (to) |
1655 |
++ if (to) { |
1656 |
++ flush_dcache_page(page); |
1657 |
+ kunmap_atomic(to); |
1658 |
++ } |
1659 |
+ } |
1660 |
+ |
1661 |
+ static void gather_data_area(struct tcmu_dev *udev, struct tcmu_cmd *cmd, |
1662 |
+@@ -789,13 +792,13 @@ static void gather_data_area(struct tcmu_dev *udev, struct tcmu_cmd *cmd, |
1663 |
+ dbi = tcmu_cmd_get_dbi(cmd); |
1664 |
+ page = tcmu_get_block_page(udev, dbi); |
1665 |
+ from = kmap_atomic(page); |
1666 |
++ flush_dcache_page(page); |
1667 |
+ } |
1668 |
+ copy_bytes = min_t(size_t, sg_remaining, |
1669 |
+ block_remaining); |
1670 |
+ if (read_len < copy_bytes) |
1671 |
+ copy_bytes = read_len; |
1672 |
+ offset = DATA_BLOCK_SIZE - block_remaining; |
1673 |
+- tcmu_flush_dcache_range(from, copy_bytes); |
1674 |
+ memcpy(to + sg->length - sg_remaining, from + offset, |
1675 |
+ copy_bytes); |
1676 |
+ |
1677 |
+@@ -1018,7 +1021,7 @@ static int queue_cmd_ring(struct tcmu_cmd *tcmu_cmd, sense_reason_t *scsi_err) |
1678 |
+ entry->hdr.cmd_id = 0; /* not used for PAD */ |
1679 |
+ entry->hdr.kflags = 0; |
1680 |
+ entry->hdr.uflags = 0; |
1681 |
+- tcmu_flush_dcache_range(entry, sizeof(*entry)); |
1682 |
++ tcmu_flush_dcache_range(entry, sizeof(entry->hdr)); |
1683 |
+ |
1684 |
+ UPDATE_HEAD(mb->cmd_head, pad_size, udev->cmdr_size); |
1685 |
+ tcmu_flush_dcache_range(mb, sizeof(*mb)); |
1686 |
+@@ -1083,7 +1086,7 @@ static int queue_cmd_ring(struct tcmu_cmd *tcmu_cmd, sense_reason_t *scsi_err) |
1687 |
+ cdb_off = CMDR_OFF + cmd_head + base_command_size; |
1688 |
+ memcpy((void *) mb + cdb_off, se_cmd->t_task_cdb, scsi_command_size(se_cmd->t_task_cdb)); |
1689 |
+ entry->req.cdb_off = cdb_off; |
1690 |
+- tcmu_flush_dcache_range(entry, sizeof(*entry)); |
1691 |
++ tcmu_flush_dcache_range(entry, command_size); |
1692 |
+ |
1693 |
+ UPDATE_HEAD(mb->cmd_head, command_size, udev->cmdr_size); |
1694 |
+ tcmu_flush_dcache_range(mb, sizeof(*mb)); |
1695 |
+diff --git a/drivers/thermal/ti-soc-thermal/omap4-thermal-data.c b/drivers/thermal/ti-soc-thermal/omap4-thermal-data.c |
1696 |
+index c12211eaaac4d..0b9f835d931f0 100644 |
1697 |
+--- a/drivers/thermal/ti-soc-thermal/omap4-thermal-data.c |
1698 |
++++ b/drivers/thermal/ti-soc-thermal/omap4-thermal-data.c |
1699 |
+@@ -46,20 +46,21 @@ static struct temp_sensor_data omap4430_mpu_temp_sensor_data = { |
1700 |
+ |
1701 |
+ /* |
1702 |
+ * Temperature values in milli degree celsius |
1703 |
+- * ADC code values from 530 to 923 |
1704 |
++ * ADC code values from 13 to 107, see TRM |
1705 |
++ * "18.4.10.2.3 ADC Codes Versus Temperature". |
1706 |
+ */ |
1707 |
+ static const int |
1708 |
+ omap4430_adc_to_temp[OMAP4430_ADC_END_VALUE - OMAP4430_ADC_START_VALUE + 1] = { |
1709 |
+- -38000, -35000, -34000, -32000, -30000, -28000, -26000, -24000, -22000, |
1710 |
+- -20000, -18000, -17000, -15000, -13000, -12000, -10000, -8000, -6000, |
1711 |
+- -5000, -3000, -1000, 0, 2000, 3000, 5000, 6000, 8000, 10000, 12000, |
1712 |
+- 13000, 15000, 17000, 19000, 21000, 23000, 25000, 27000, 28000, 30000, |
1713 |
+- 32000, 33000, 35000, 37000, 38000, 40000, 42000, 43000, 45000, 47000, |
1714 |
+- 48000, 50000, 52000, 53000, 55000, 57000, 58000, 60000, 62000, 64000, |
1715 |
+- 66000, 68000, 70000, 71000, 73000, 75000, 77000, 78000, 80000, 82000, |
1716 |
+- 83000, 85000, 87000, 88000, 90000, 92000, 93000, 95000, 97000, 98000, |
1717 |
+- 100000, 102000, 103000, 105000, 107000, 109000, 111000, 113000, 115000, |
1718 |
+- 117000, 118000, 120000, 122000, 123000, |
1719 |
++ -40000, -38000, -35000, -34000, -32000, -30000, -28000, -26000, -24000, |
1720 |
++ -22000, -20000, -18500, -17000, -15000, -13500, -12000, -10000, -8000, |
1721 |
++ -6500, -5000, -3500, -1500, 0, 2000, 3500, 5000, 6500, 8500, 10000, |
1722 |
++ 12000, 13500, 15000, 17000, 19000, 21000, 23000, 25000, 27000, 28500, |
1723 |
++ 30000, 32000, 33500, 35000, 37000, 38500, 40000, 42000, 43500, 45000, |
1724 |
++ 47000, 48500, 50000, 52000, 53500, 55000, 57000, 58500, 60000, 62000, |
1725 |
++ 64000, 66000, 68000, 70000, 71500, 73500, 75000, 77000, 78500, 80000, |
1726 |
++ 82000, 83500, 85000, 87000, 88500, 90000, 92000, 93500, 95000, 97000, |
1727 |
++ 98500, 100000, 102000, 103500, 105000, 107000, 109000, 111000, 113000, |
1728 |
++ 115000, 117000, 118500, 120000, 122000, 123500, 125000, |
1729 |
+ }; |
1730 |
+ |
1731 |
+ /* OMAP4430 data */ |
1732 |
+diff --git a/drivers/thermal/ti-soc-thermal/omap4xxx-bandgap.h b/drivers/thermal/ti-soc-thermal/omap4xxx-bandgap.h |
1733 |
+index b87c8659ec608..8a081abce4b5f 100644 |
1734 |
+--- a/drivers/thermal/ti-soc-thermal/omap4xxx-bandgap.h |
1735 |
++++ b/drivers/thermal/ti-soc-thermal/omap4xxx-bandgap.h |
1736 |
+@@ -67,9 +67,13 @@ |
1737 |
+ * and thresholds for OMAP4430. |
1738 |
+ */ |
1739 |
+ |
1740 |
+-/* ADC conversion table limits */ |
1741 |
+-#define OMAP4430_ADC_START_VALUE 0 |
1742 |
+-#define OMAP4430_ADC_END_VALUE 127 |
1743 |
++/* |
1744 |
++ * ADC conversion table limits. Ignore values outside the TRM listed |
1745 |
++ * range to avoid bogus thermal shutdowns. See omap4430 TRM chapter |
1746 |
++ * "18.4.10.2.3 ADC Codes Versus Temperature". |
1747 |
++ */ |
1748 |
++#define OMAP4430_ADC_START_VALUE 13 |
1749 |
++#define OMAP4430_ADC_END_VALUE 107 |
1750 |
+ /* bandgap clock limits (no control on 4430) */ |
1751 |
+ #define OMAP4430_MAX_FREQ 32768 |
1752 |
+ #define OMAP4430_MIN_FREQ 32768 |
1753 |
+diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c |
1754 |
+index 0d405cc58e722..cd0768c3e773e 100644 |
1755 |
+--- a/drivers/tty/serial/qcom_geni_serial.c |
1756 |
++++ b/drivers/tty/serial/qcom_geni_serial.c |
1757 |
+@@ -1050,7 +1050,7 @@ static unsigned int qcom_geni_serial_tx_empty(struct uart_port *uport) |
1758 |
+ } |
1759 |
+ |
1760 |
+ #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE |
1761 |
+-static int __init qcom_geni_console_setup(struct console *co, char *options) |
1762 |
++static int qcom_geni_console_setup(struct console *co, char *options) |
1763 |
+ { |
1764 |
+ struct uart_port *uport; |
1765 |
+ struct qcom_geni_serial_port *port; |
1766 |
+diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c |
1767 |
+index 66783a37f450c..9f72a6ee13b53 100644 |
1768 |
+--- a/drivers/vfio/pci/vfio_pci.c |
1769 |
++++ b/drivers/vfio/pci/vfio_pci.c |
1770 |
+@@ -29,6 +29,7 @@ |
1771 |
+ #include <linux/vfio.h> |
1772 |
+ #include <linux/vgaarb.h> |
1773 |
+ #include <linux/nospec.h> |
1774 |
++#include <linux/sched/mm.h> |
1775 |
+ |
1776 |
+ #include "vfio_pci_private.h" |
1777 |
+ |
1778 |
+@@ -181,6 +182,7 @@ no_mmap: |
1779 |
+ |
1780 |
+ static void vfio_pci_try_bus_reset(struct vfio_pci_device *vdev); |
1781 |
+ static void vfio_pci_disable(struct vfio_pci_device *vdev); |
1782 |
++static int vfio_pci_try_zap_and_vma_lock_cb(struct pci_dev *pdev, void *data); |
1783 |
+ |
1784 |
+ /* |
1785 |
+ * INTx masking requires the ability to disable INTx signaling via PCI_COMMAND |
1786 |
+@@ -623,6 +625,12 @@ int vfio_pci_register_dev_region(struct vfio_pci_device *vdev, |
1787 |
+ return 0; |
1788 |
+ } |
1789 |
+ |
1790 |
++struct vfio_devices { |
1791 |
++ struct vfio_device **devices; |
1792 |
++ int cur_index; |
1793 |
++ int max_index; |
1794 |
++}; |
1795 |
++ |
1796 |
+ static long vfio_pci_ioctl(void *device_data, |
1797 |
+ unsigned int cmd, unsigned long arg) |
1798 |
+ { |
1799 |
+@@ -696,7 +704,7 @@ static long vfio_pci_ioctl(void *device_data, |
1800 |
+ { |
1801 |
+ void __iomem *io; |
1802 |
+ size_t size; |
1803 |
+- u16 orig_cmd; |
1804 |
++ u16 cmd; |
1805 |
+ |
1806 |
+ info.offset = VFIO_PCI_INDEX_TO_OFFSET(info.index); |
1807 |
+ info.flags = 0; |
1808 |
+@@ -716,10 +724,7 @@ static long vfio_pci_ioctl(void *device_data, |
1809 |
+ * Is it really there? Enable memory decode for |
1810 |
+ * implicit access in pci_map_rom(). |
1811 |
+ */ |
1812 |
+- pci_read_config_word(pdev, PCI_COMMAND, &orig_cmd); |
1813 |
+- pci_write_config_word(pdev, PCI_COMMAND, |
1814 |
+- orig_cmd | PCI_COMMAND_MEMORY); |
1815 |
+- |
1816 |
++ cmd = vfio_pci_memory_lock_and_enable(vdev); |
1817 |
+ io = pci_map_rom(pdev, &size); |
1818 |
+ if (io) { |
1819 |
+ info.flags = VFIO_REGION_INFO_FLAG_READ; |
1820 |
+@@ -727,8 +732,8 @@ static long vfio_pci_ioctl(void *device_data, |
1821 |
+ } else { |
1822 |
+ info.size = 0; |
1823 |
+ } |
1824 |
++ vfio_pci_memory_unlock_and_restore(vdev, cmd); |
1825 |
+ |
1826 |
+- pci_write_config_word(pdev, PCI_COMMAND, orig_cmd); |
1827 |
+ break; |
1828 |
+ } |
1829 |
+ case VFIO_PCI_VGA_REGION_INDEX: |
1830 |
+@@ -865,8 +870,16 @@ static long vfio_pci_ioctl(void *device_data, |
1831 |
+ return ret; |
1832 |
+ |
1833 |
+ } else if (cmd == VFIO_DEVICE_RESET) { |
1834 |
+- return vdev->reset_works ? |
1835 |
+- pci_try_reset_function(vdev->pdev) : -EINVAL; |
1836 |
++ int ret; |
1837 |
++ |
1838 |
++ if (!vdev->reset_works) |
1839 |
++ return -EINVAL; |
1840 |
++ |
1841 |
++ vfio_pci_zap_and_down_write_memory_lock(vdev); |
1842 |
++ ret = pci_try_reset_function(vdev->pdev); |
1843 |
++ up_write(&vdev->memory_lock); |
1844 |
++ |
1845 |
++ return ret; |
1846 |
+ |
1847 |
+ } else if (cmd == VFIO_DEVICE_GET_PCI_HOT_RESET_INFO) { |
1848 |
+ struct vfio_pci_hot_reset_info hdr; |
1849 |
+@@ -946,8 +959,9 @@ reset_info_exit: |
1850 |
+ int32_t *group_fds; |
1851 |
+ struct vfio_pci_group_entry *groups; |
1852 |
+ struct vfio_pci_group_info info; |
1853 |
++ struct vfio_devices devs = { .cur_index = 0 }; |
1854 |
+ bool slot = false; |
1855 |
+- int i, count = 0, ret = 0; |
1856 |
++ int i, group_idx, mem_idx = 0, count = 0, ret = 0; |
1857 |
+ |
1858 |
+ minsz = offsetofend(struct vfio_pci_hot_reset, count); |
1859 |
+ |
1860 |
+@@ -999,9 +1013,9 @@ reset_info_exit: |
1861 |
+ * user interface and store the group and iommu ID. This |
1862 |
+ * ensures the group is held across the reset. |
1863 |
+ */ |
1864 |
+- for (i = 0; i < hdr.count; i++) { |
1865 |
++ for (group_idx = 0; group_idx < hdr.count; group_idx++) { |
1866 |
+ struct vfio_group *group; |
1867 |
+- struct fd f = fdget(group_fds[i]); |
1868 |
++ struct fd f = fdget(group_fds[group_idx]); |
1869 |
+ if (!f.file) { |
1870 |
+ ret = -EBADF; |
1871 |
+ break; |
1872 |
+@@ -1014,8 +1028,9 @@ reset_info_exit: |
1873 |
+ break; |
1874 |
+ } |
1875 |
+ |
1876 |
+- groups[i].group = group; |
1877 |
+- groups[i].id = vfio_external_user_iommu_id(group); |
1878 |
++ groups[group_idx].group = group; |
1879 |
++ groups[group_idx].id = |
1880 |
++ vfio_external_user_iommu_id(group); |
1881 |
+ } |
1882 |
+ |
1883 |
+ kfree(group_fds); |
1884 |
+@@ -1034,13 +1049,63 @@ reset_info_exit: |
1885 |
+ ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, |
1886 |
+ vfio_pci_validate_devs, |
1887 |
+ &info, slot); |
1888 |
+- if (!ret) |
1889 |
+- /* User has access, do the reset */ |
1890 |
+- ret = pci_reset_bus(vdev->pdev); |
1891 |
++ if (ret) |
1892 |
++ goto hot_reset_release; |
1893 |
++ |
1894 |
++ devs.max_index = count; |
1895 |
++ devs.devices = kcalloc(count, sizeof(struct vfio_device *), |
1896 |
++ GFP_KERNEL); |
1897 |
++ if (!devs.devices) { |
1898 |
++ ret = -ENOMEM; |
1899 |
++ goto hot_reset_release; |
1900 |
++ } |
1901 |
++ |
1902 |
++ /* |
1903 |
++ * We need to get memory_lock for each device, but devices |
1904 |
++ * can share mmap_sem, therefore we need to zap and hold |
1905 |
++ * the vma_lock for each device, and only then get each |
1906 |
++ * memory_lock. |
1907 |
++ */ |
1908 |
++ ret = vfio_pci_for_each_slot_or_bus(vdev->pdev, |
1909 |
++ vfio_pci_try_zap_and_vma_lock_cb, |
1910 |
++ &devs, slot); |
1911 |
++ if (ret) |
1912 |
++ goto hot_reset_release; |
1913 |
++ |
1914 |
++ for (; mem_idx < devs.cur_index; mem_idx++) { |
1915 |
++ struct vfio_pci_device *tmp; |
1916 |
++ |
1917 |
++ tmp = vfio_device_data(devs.devices[mem_idx]); |
1918 |
++ |
1919 |
++ ret = down_write_trylock(&tmp->memory_lock); |
1920 |
++ if (!ret) { |
1921 |
++ ret = -EBUSY; |
1922 |
++ goto hot_reset_release; |
1923 |
++ } |
1924 |
++ mutex_unlock(&tmp->vma_lock); |
1925 |
++ } |
1926 |
++ |
1927 |
++ /* User has access, do the reset */ |
1928 |
++ ret = pci_reset_bus(vdev->pdev); |
1929 |
+ |
1930 |
+ hot_reset_release: |
1931 |
+- for (i--; i >= 0; i--) |
1932 |
+- vfio_group_put_external_user(groups[i].group); |
1933 |
++ for (i = 0; i < devs.cur_index; i++) { |
1934 |
++ struct vfio_device *device; |
1935 |
++ struct vfio_pci_device *tmp; |
1936 |
++ |
1937 |
++ device = devs.devices[i]; |
1938 |
++ tmp = vfio_device_data(device); |
1939 |
++ |
1940 |
++ if (i < mem_idx) |
1941 |
++ up_write(&tmp->memory_lock); |
1942 |
++ else |
1943 |
++ mutex_unlock(&tmp->vma_lock); |
1944 |
++ vfio_device_put(device); |
1945 |
++ } |
1946 |
++ kfree(devs.devices); |
1947 |
++ |
1948 |
++ for (group_idx--; group_idx >= 0; group_idx--) |
1949 |
++ vfio_group_put_external_user(groups[group_idx].group); |
1950 |
+ |
1951 |
+ kfree(groups); |
1952 |
+ return ret; |
1953 |
+@@ -1121,6 +1186,202 @@ static ssize_t vfio_pci_write(void *device_data, const char __user *buf, |
1954 |
+ return vfio_pci_rw(device_data, (char __user *)buf, count, ppos, true); |
1955 |
+ } |
1956 |
+ |
1957 |
++/* Return 1 on zap and vma_lock acquired, 0 on contention (only with @try) */ |
1958 |
++static int vfio_pci_zap_and_vma_lock(struct vfio_pci_device *vdev, bool try) |
1959 |
++{ |
1960 |
++ struct vfio_pci_mmap_vma *mmap_vma, *tmp; |
1961 |
++ |
1962 |
++ /* |
1963 |
++ * Lock ordering: |
1964 |
++ * vma_lock is nested under mmap_sem for vm_ops callback paths. |
1965 |
++ * The memory_lock semaphore is used by both code paths calling |
1966 |
++ * into this function to zap vmas and the vm_ops.fault callback |
1967 |
++ * to protect the memory enable state of the device. |
1968 |
++ * |
1969 |
++ * When zapping vmas we need to maintain the mmap_sem => vma_lock |
1970 |
++ * ordering, which requires using vma_lock to walk vma_list to |
1971 |
++ * acquire an mm, then dropping vma_lock to get the mmap_sem and |
1972 |
++ * reacquiring vma_lock. This logic is derived from similar |
1973 |
++ * requirements in uverbs_user_mmap_disassociate(). |
1974 |
++ * |
1975 |
++ * mmap_sem must always be the top-level lock when it is taken. |
1976 |
++ * Therefore we can only hold the memory_lock write lock when |
1977 |
++ * vma_list is empty, as we'd need to take mmap_sem to clear |
1978 |
++ * entries. vma_list can only be guaranteed empty when holding |
1979 |
++ * vma_lock, thus memory_lock is nested under vma_lock. |
1980 |
++ * |
1981 |
++ * This enables the vm_ops.fault callback to acquire vma_lock, |
1982 |
++ * followed by memory_lock read lock, while already holding |
1983 |
++ * mmap_sem without risk of deadlock. |
1984 |
++ */ |
1985 |
++ while (1) { |
1986 |
++ struct mm_struct *mm = NULL; |
1987 |
++ |
1988 |
++ if (try) { |
1989 |
++ if (!mutex_trylock(&vdev->vma_lock)) |
1990 |
++ return 0; |
1991 |
++ } else { |
1992 |
++ mutex_lock(&vdev->vma_lock); |
1993 |
++ } |
1994 |
++ while (!list_empty(&vdev->vma_list)) { |
1995 |
++ mmap_vma = list_first_entry(&vdev->vma_list, |
1996 |
++ struct vfio_pci_mmap_vma, |
1997 |
++ vma_next); |
1998 |
++ mm = mmap_vma->vma->vm_mm; |
1999 |
++ if (mmget_not_zero(mm)) |
2000 |
++ break; |
2001 |
++ |
2002 |
++ list_del(&mmap_vma->vma_next); |
2003 |
++ kfree(mmap_vma); |
2004 |
++ mm = NULL; |
2005 |
++ } |
2006 |
++ if (!mm) |
2007 |
++ return 1; |
2008 |
++ mutex_unlock(&vdev->vma_lock); |
2009 |
++ |
2010 |
++ if (try) { |
2011 |
++ if (!down_read_trylock(&mm->mmap_sem)) { |
2012 |
++ mmput(mm); |
2013 |
++ return 0; |
2014 |
++ } |
2015 |
++ } else { |
2016 |
++ down_read(&mm->mmap_sem); |
2017 |
++ } |
2018 |
++ if (mmget_still_valid(mm)) { |
2019 |
++ if (try) { |
2020 |
++ if (!mutex_trylock(&vdev->vma_lock)) { |
2021 |
++ up_read(&mm->mmap_sem); |
2022 |
++ mmput(mm); |
2023 |
++ return 0; |
2024 |
++ } |
2025 |
++ } else { |
2026 |
++ mutex_lock(&vdev->vma_lock); |
2027 |
++ } |
2028 |
++ list_for_each_entry_safe(mmap_vma, tmp, |
2029 |
++ &vdev->vma_list, vma_next) { |
2030 |
++ struct vm_area_struct *vma = mmap_vma->vma; |
2031 |
++ |
2032 |
++ if (vma->vm_mm != mm) |
2033 |
++ continue; |
2034 |
++ |
2035 |
++ list_del(&mmap_vma->vma_next); |
2036 |
++ kfree(mmap_vma); |
2037 |
++ |
2038 |
++ zap_vma_ptes(vma, vma->vm_start, |
2039 |
++ vma->vm_end - vma->vm_start); |
2040 |
++ } |
2041 |
++ mutex_unlock(&vdev->vma_lock); |
2042 |
++ } |
2043 |
++ up_read(&mm->mmap_sem); |
2044 |
++ mmput(mm); |
2045 |
++ } |
2046 |
++} |
2047 |
++ |
2048 |
++void vfio_pci_zap_and_down_write_memory_lock(struct vfio_pci_device *vdev) |
2049 |
++{ |
2050 |
++ vfio_pci_zap_and_vma_lock(vdev, false); |
2051 |
++ down_write(&vdev->memory_lock); |
2052 |
++ mutex_unlock(&vdev->vma_lock); |
2053 |
++} |
2054 |
++ |
2055 |
++u16 vfio_pci_memory_lock_and_enable(struct vfio_pci_device *vdev) |
2056 |
++{ |
2057 |
++ u16 cmd; |
2058 |
++ |
2059 |
++ down_write(&vdev->memory_lock); |
2060 |
++ pci_read_config_word(vdev->pdev, PCI_COMMAND, &cmd); |
2061 |
++ if (!(cmd & PCI_COMMAND_MEMORY)) |
2062 |
++ pci_write_config_word(vdev->pdev, PCI_COMMAND, |
2063 |
++ cmd | PCI_COMMAND_MEMORY); |
2064 |
++ |
2065 |
++ return cmd; |
2066 |
++} |
2067 |
++ |
2068 |
++void vfio_pci_memory_unlock_and_restore(struct vfio_pci_device *vdev, u16 cmd) |
2069 |
++{ |
2070 |
++ pci_write_config_word(vdev->pdev, PCI_COMMAND, cmd); |
2071 |
++ up_write(&vdev->memory_lock); |
2072 |
++} |
2073 |
++ |
2074 |
++/* Caller holds vma_lock */ |
2075 |
++static int __vfio_pci_add_vma(struct vfio_pci_device *vdev, |
2076 |
++ struct vm_area_struct *vma) |
2077 |
++{ |
2078 |
++ struct vfio_pci_mmap_vma *mmap_vma; |
2079 |
++ |
2080 |
++ mmap_vma = kmalloc(sizeof(*mmap_vma), GFP_KERNEL); |
2081 |
++ if (!mmap_vma) |
2082 |
++ return -ENOMEM; |
2083 |
++ |
2084 |
++ mmap_vma->vma = vma; |
2085 |
++ list_add(&mmap_vma->vma_next, &vdev->vma_list); |
2086 |
++ |
2087 |
++ return 0; |
2088 |
++} |
2089 |
++ |
2090 |
++/* |
2091 |
++ * Zap mmaps on open so that we can fault them in on access and therefore |
2092 |
++ * our vma_list only tracks mappings accessed since last zap. |
2093 |
++ */ |
2094 |
++static void vfio_pci_mmap_open(struct vm_area_struct *vma) |
2095 |
++{ |
2096 |
++ zap_vma_ptes(vma, vma->vm_start, vma->vm_end - vma->vm_start); |
2097 |
++} |
2098 |
++ |
2099 |
++static void vfio_pci_mmap_close(struct vm_area_struct *vma) |
2100 |
++{ |
2101 |
++ struct vfio_pci_device *vdev = vma->vm_private_data; |
2102 |
++ struct vfio_pci_mmap_vma *mmap_vma; |
2103 |
++ |
2104 |
++ mutex_lock(&vdev->vma_lock); |
2105 |
++ list_for_each_entry(mmap_vma, &vdev->vma_list, vma_next) { |
2106 |
++ if (mmap_vma->vma == vma) { |
2107 |
++ list_del(&mmap_vma->vma_next); |
2108 |
++ kfree(mmap_vma); |
2109 |
++ break; |
2110 |
++ } |
2111 |
++ } |
2112 |
++ mutex_unlock(&vdev->vma_lock); |
2113 |
++} |
2114 |
++ |
2115 |
++static vm_fault_t vfio_pci_mmap_fault(struct vm_fault *vmf) |
2116 |
++{ |
2117 |
++ struct vm_area_struct *vma = vmf->vma; |
2118 |
++ struct vfio_pci_device *vdev = vma->vm_private_data; |
2119 |
++ vm_fault_t ret = VM_FAULT_NOPAGE; |
2120 |
++ |
2121 |
++ mutex_lock(&vdev->vma_lock); |
2122 |
++ down_read(&vdev->memory_lock); |
2123 |
++ |
2124 |
++ if (!__vfio_pci_memory_enabled(vdev)) { |
2125 |
++ ret = VM_FAULT_SIGBUS; |
2126 |
++ mutex_unlock(&vdev->vma_lock); |
2127 |
++ goto up_out; |
2128 |
++ } |
2129 |
++ |
2130 |
++ if (__vfio_pci_add_vma(vdev, vma)) { |
2131 |
++ ret = VM_FAULT_OOM; |
2132 |
++ mutex_unlock(&vdev->vma_lock); |
2133 |
++ goto up_out; |
2134 |
++ } |
2135 |
++ |
2136 |
++ mutex_unlock(&vdev->vma_lock); |
2137 |
++ |
2138 |
++ if (remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, |
2139 |
++ vma->vm_end - vma->vm_start, vma->vm_page_prot)) |
2140 |
++ ret = VM_FAULT_SIGBUS; |
2141 |
++ |
2142 |
++up_out: |
2143 |
++ up_read(&vdev->memory_lock); |
2144 |
++ return ret; |
2145 |
++} |
2146 |
++ |
2147 |
++static const struct vm_operations_struct vfio_pci_mmap_ops = { |
2148 |
++ .open = vfio_pci_mmap_open, |
2149 |
++ .close = vfio_pci_mmap_close, |
2150 |
++ .fault = vfio_pci_mmap_fault, |
2151 |
++}; |
2152 |
++ |
2153 |
+ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma) |
2154 |
+ { |
2155 |
+ struct vfio_pci_device *vdev = device_data; |
2156 |
+@@ -1170,8 +1431,14 @@ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma) |
2157 |
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); |
2158 |
+ vma->vm_pgoff = (pci_resource_start(pdev, index) >> PAGE_SHIFT) + pgoff; |
2159 |
+ |
2160 |
+- return remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, |
2161 |
+- req_len, vma->vm_page_prot); |
2162 |
++ /* |
2163 |
++ * See remap_pfn_range(), called from vfio_pci_fault() but we can't |
2164 |
++ * change vm_flags within the fault handler. Set them now. |
2165 |
++ */ |
2166 |
++ vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; |
2167 |
++ vma->vm_ops = &vfio_pci_mmap_ops; |
2168 |
++ |
2169 |
++ return 0; |
2170 |
+ } |
2171 |
+ |
2172 |
+ static void vfio_pci_request(void *device_data, unsigned int count) |
2173 |
+@@ -1243,6 +1510,9 @@ static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) |
2174 |
+ spin_lock_init(&vdev->irqlock); |
2175 |
+ mutex_init(&vdev->ioeventfds_lock); |
2176 |
+ INIT_LIST_HEAD(&vdev->ioeventfds_list); |
2177 |
++ mutex_init(&vdev->vma_lock); |
2178 |
++ INIT_LIST_HEAD(&vdev->vma_list); |
2179 |
++ init_rwsem(&vdev->memory_lock); |
2180 |
+ |
2181 |
+ ret = vfio_add_group_dev(&pdev->dev, &vfio_pci_ops, vdev); |
2182 |
+ if (ret) { |
2183 |
+@@ -1338,12 +1608,6 @@ static struct pci_driver vfio_pci_driver = { |
2184 |
+ .err_handler = &vfio_err_handlers, |
2185 |
+ }; |
2186 |
+ |
2187 |
+-struct vfio_devices { |
2188 |
+- struct vfio_device **devices; |
2189 |
+- int cur_index; |
2190 |
+- int max_index; |
2191 |
+-}; |
2192 |
+- |
2193 |
+ static int vfio_pci_get_devs(struct pci_dev *pdev, void *data) |
2194 |
+ { |
2195 |
+ struct vfio_devices *devs = data; |
2196 |
+@@ -1365,6 +1629,39 @@ static int vfio_pci_get_devs(struct pci_dev *pdev, void *data) |
2197 |
+ return 0; |
2198 |
+ } |
2199 |
+ |
2200 |
++static int vfio_pci_try_zap_and_vma_lock_cb(struct pci_dev *pdev, void *data) |
2201 |
++{ |
2202 |
++ struct vfio_devices *devs = data; |
2203 |
++ struct vfio_device *device; |
2204 |
++ struct vfio_pci_device *vdev; |
2205 |
++ |
2206 |
++ if (devs->cur_index == devs->max_index) |
2207 |
++ return -ENOSPC; |
2208 |
++ |
2209 |
++ device = vfio_device_get_from_dev(&pdev->dev); |
2210 |
++ if (!device) |
2211 |
++ return -EINVAL; |
2212 |
++ |
2213 |
++ if (pci_dev_driver(pdev) != &vfio_pci_driver) { |
2214 |
++ vfio_device_put(device); |
2215 |
++ return -EBUSY; |
2216 |
++ } |
2217 |
++ |
2218 |
++ vdev = vfio_device_data(device); |
2219 |
++ |
2220 |
++ /* |
2221 |
++ * Locking multiple devices is prone to deadlock, runaway and |
2222 |
++ * unwind if we hit contention. |
2223 |
++ */ |
2224 |
++ if (!vfio_pci_zap_and_vma_lock(vdev, true)) { |
2225 |
++ vfio_device_put(device); |
2226 |
++ return -EBUSY; |
2227 |
++ } |
2228 |
++ |
2229 |
++ devs->devices[devs->cur_index++] = device; |
2230 |
++ return 0; |
2231 |
++} |
2232 |
++ |
2233 |
+ /* |
2234 |
+ * Attempt to do a bus/slot reset if there are devices affected by a reset for |
2235 |
+ * this device that are needs_reset and all of the affected devices are unused |
2236 |
+diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c |
2237 |
+index 36bc8f104e42e..a1a26465d224c 100644 |
2238 |
+--- a/drivers/vfio/pci/vfio_pci_config.c |
2239 |
++++ b/drivers/vfio/pci/vfio_pci_config.c |
2240 |
+@@ -398,6 +398,20 @@ static inline void p_setd(struct perm_bits *p, int off, u32 virt, u32 write) |
2241 |
+ *(__le32 *)(&p->write[off]) = cpu_to_le32(write); |
2242 |
+ } |
2243 |
+ |
2244 |
++/* Caller should hold memory_lock semaphore */ |
2245 |
++bool __vfio_pci_memory_enabled(struct vfio_pci_device *vdev) |
2246 |
++{ |
2247 |
++ struct pci_dev *pdev = vdev->pdev; |
2248 |
++ u16 cmd = le16_to_cpu(*(__le16 *)&vdev->vconfig[PCI_COMMAND]); |
2249 |
++ |
2250 |
++ /* |
2251 |
++ * SR-IOV VF memory enable is handled by the MSE bit in the |
2252 |
++ * PF SR-IOV capability, there's therefore no need to trigger |
2253 |
++ * faults based on the virtual value. |
2254 |
++ */ |
2255 |
++ return pdev->is_virtfn || (cmd & PCI_COMMAND_MEMORY); |
2256 |
++} |
2257 |
++ |
2258 |
+ /* |
2259 |
+ * Restore the *real* BARs after we detect a FLR or backdoor reset. |
2260 |
+ * (backdoor = some device specific technique that we didn't catch) |
2261 |
+@@ -558,13 +572,18 @@ static int vfio_basic_config_write(struct vfio_pci_device *vdev, int pos, |
2262 |
+ |
2263 |
+ new_cmd = le32_to_cpu(val); |
2264 |
+ |
2265 |
++ phys_io = !!(phys_cmd & PCI_COMMAND_IO); |
2266 |
++ virt_io = !!(le16_to_cpu(*virt_cmd) & PCI_COMMAND_IO); |
2267 |
++ new_io = !!(new_cmd & PCI_COMMAND_IO); |
2268 |
++ |
2269 |
+ phys_mem = !!(phys_cmd & PCI_COMMAND_MEMORY); |
2270 |
+ virt_mem = !!(le16_to_cpu(*virt_cmd) & PCI_COMMAND_MEMORY); |
2271 |
+ new_mem = !!(new_cmd & PCI_COMMAND_MEMORY); |
2272 |
+ |
2273 |
+- phys_io = !!(phys_cmd & PCI_COMMAND_IO); |
2274 |
+- virt_io = !!(le16_to_cpu(*virt_cmd) & PCI_COMMAND_IO); |
2275 |
+- new_io = !!(new_cmd & PCI_COMMAND_IO); |
2276 |
++ if (!new_mem) |
2277 |
++ vfio_pci_zap_and_down_write_memory_lock(vdev); |
2278 |
++ else |
2279 |
++ down_write(&vdev->memory_lock); |
2280 |
+ |
2281 |
+ /* |
2282 |
+ * If the user is writing mem/io enable (new_mem/io) and we |
2283 |
+@@ -581,8 +600,11 @@ static int vfio_basic_config_write(struct vfio_pci_device *vdev, int pos, |
2284 |
+ } |
2285 |
+ |
2286 |
+ count = vfio_default_config_write(vdev, pos, count, perm, offset, val); |
2287 |
+- if (count < 0) |
2288 |
++ if (count < 0) { |
2289 |
++ if (offset == PCI_COMMAND) |
2290 |
++ up_write(&vdev->memory_lock); |
2291 |
+ return count; |
2292 |
++ } |
2293 |
+ |
2294 |
+ /* |
2295 |
+ * Save current memory/io enable bits in vconfig to allow for |
2296 |
+@@ -593,6 +615,8 @@ static int vfio_basic_config_write(struct vfio_pci_device *vdev, int pos, |
2297 |
+ |
2298 |
+ *virt_cmd &= cpu_to_le16(~mask); |
2299 |
+ *virt_cmd |= cpu_to_le16(new_cmd & mask); |
2300 |
++ |
2301 |
++ up_write(&vdev->memory_lock); |
2302 |
+ } |
2303 |
+ |
2304 |
+ /* Emulate INTx disable */ |
2305 |
+@@ -830,8 +854,11 @@ static int vfio_exp_config_write(struct vfio_pci_device *vdev, int pos, |
2306 |
+ pos - offset + PCI_EXP_DEVCAP, |
2307 |
+ &cap); |
2308 |
+ |
2309 |
+- if (!ret && (cap & PCI_EXP_DEVCAP_FLR)) |
2310 |
++ if (!ret && (cap & PCI_EXP_DEVCAP_FLR)) { |
2311 |
++ vfio_pci_zap_and_down_write_memory_lock(vdev); |
2312 |
+ pci_try_reset_function(vdev->pdev); |
2313 |
++ up_write(&vdev->memory_lock); |
2314 |
++ } |
2315 |
+ } |
2316 |
+ |
2317 |
+ /* |
2318 |
+@@ -909,8 +936,11 @@ static int vfio_af_config_write(struct vfio_pci_device *vdev, int pos, |
2319 |
+ pos - offset + PCI_AF_CAP, |
2320 |
+ &cap); |
2321 |
+ |
2322 |
+- if (!ret && (cap & PCI_AF_CAP_FLR) && (cap & PCI_AF_CAP_TP)) |
2323 |
++ if (!ret && (cap & PCI_AF_CAP_FLR) && (cap & PCI_AF_CAP_TP)) { |
2324 |
++ vfio_pci_zap_and_down_write_memory_lock(vdev); |
2325 |
+ pci_try_reset_function(vdev->pdev); |
2326 |
++ up_write(&vdev->memory_lock); |
2327 |
++ } |
2328 |
+ } |
2329 |
+ |
2330 |
+ return count; |
2331 |
+@@ -1708,6 +1738,15 @@ int vfio_config_init(struct vfio_pci_device *vdev) |
2332 |
+ vconfig[PCI_INTERRUPT_PIN]); |
2333 |
+ |
2334 |
+ vconfig[PCI_INTERRUPT_PIN] = 0; /* Gratuitous for good VFs */ |
2335 |
++ |
2336 |
++ /* |
2337 |
++ * VFs do no implement the memory enable bit of the COMMAND |
2338 |
++ * register therefore we'll not have it set in our initial |
2339 |
++ * copy of config space after pci_enable_device(). For |
2340 |
++ * consistency with PFs, set the virtual enable bit here. |
2341 |
++ */ |
2342 |
++ *(__le16 *)&vconfig[PCI_COMMAND] |= |
2343 |
++ cpu_to_le16(PCI_COMMAND_MEMORY); |
2344 |
+ } |
2345 |
+ |
2346 |
+ if (!IS_ENABLED(CONFIG_VFIO_PCI_INTX) || vdev->nointx) |
2347 |
+diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c |
2348 |
+index 94594dc63c417..bdfdd506bc588 100644 |
2349 |
+--- a/drivers/vfio/pci/vfio_pci_intrs.c |
2350 |
++++ b/drivers/vfio/pci/vfio_pci_intrs.c |
2351 |
+@@ -252,6 +252,7 @@ static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix) |
2352 |
+ struct pci_dev *pdev = vdev->pdev; |
2353 |
+ unsigned int flag = msix ? PCI_IRQ_MSIX : PCI_IRQ_MSI; |
2354 |
+ int ret; |
2355 |
++ u16 cmd; |
2356 |
+ |
2357 |
+ if (!is_irq_none(vdev)) |
2358 |
+ return -EINVAL; |
2359 |
+@@ -261,13 +262,16 @@ static int vfio_msi_enable(struct vfio_pci_device *vdev, int nvec, bool msix) |
2360 |
+ return -ENOMEM; |
2361 |
+ |
2362 |
+ /* return the number of supported vectors if we can't get all: */ |
2363 |
++ cmd = vfio_pci_memory_lock_and_enable(vdev); |
2364 |
+ ret = pci_alloc_irq_vectors(pdev, 1, nvec, flag); |
2365 |
+ if (ret < nvec) { |
2366 |
+ if (ret > 0) |
2367 |
+ pci_free_irq_vectors(pdev); |
2368 |
++ vfio_pci_memory_unlock_and_restore(vdev, cmd); |
2369 |
+ kfree(vdev->ctx); |
2370 |
+ return ret; |
2371 |
+ } |
2372 |
++ vfio_pci_memory_unlock_and_restore(vdev, cmd); |
2373 |
+ |
2374 |
+ vdev->num_ctx = nvec; |
2375 |
+ vdev->irq_type = msix ? VFIO_PCI_MSIX_IRQ_INDEX : |
2376 |
+@@ -290,6 +294,7 @@ static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev, |
2377 |
+ struct pci_dev *pdev = vdev->pdev; |
2378 |
+ struct eventfd_ctx *trigger; |
2379 |
+ int irq, ret; |
2380 |
++ u16 cmd; |
2381 |
+ |
2382 |
+ if (vector < 0 || vector >= vdev->num_ctx) |
2383 |
+ return -EINVAL; |
2384 |
+@@ -298,7 +303,11 @@ static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev, |
2385 |
+ |
2386 |
+ if (vdev->ctx[vector].trigger) { |
2387 |
+ irq_bypass_unregister_producer(&vdev->ctx[vector].producer); |
2388 |
++ |
2389 |
++ cmd = vfio_pci_memory_lock_and_enable(vdev); |
2390 |
+ free_irq(irq, vdev->ctx[vector].trigger); |
2391 |
++ vfio_pci_memory_unlock_and_restore(vdev, cmd); |
2392 |
++ |
2393 |
+ kfree(vdev->ctx[vector].name); |
2394 |
+ eventfd_ctx_put(vdev->ctx[vector].trigger); |
2395 |
+ vdev->ctx[vector].trigger = NULL; |
2396 |
+@@ -326,6 +335,7 @@ static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev, |
2397 |
+ * such a reset it would be unsuccessful. To avoid this, restore the |
2398 |
+ * cached value of the message prior to enabling. |
2399 |
+ */ |
2400 |
++ cmd = vfio_pci_memory_lock_and_enable(vdev); |
2401 |
+ if (msix) { |
2402 |
+ struct msi_msg msg; |
2403 |
+ |
2404 |
+@@ -335,6 +345,7 @@ static int vfio_msi_set_vector_signal(struct vfio_pci_device *vdev, |
2405 |
+ |
2406 |
+ ret = request_irq(irq, vfio_msihandler, 0, |
2407 |
+ vdev->ctx[vector].name, trigger); |
2408 |
++ vfio_pci_memory_unlock_and_restore(vdev, cmd); |
2409 |
+ if (ret) { |
2410 |
+ kfree(vdev->ctx[vector].name); |
2411 |
+ eventfd_ctx_put(trigger); |
2412 |
+@@ -379,6 +390,7 @@ static void vfio_msi_disable(struct vfio_pci_device *vdev, bool msix) |
2413 |
+ { |
2414 |
+ struct pci_dev *pdev = vdev->pdev; |
2415 |
+ int i; |
2416 |
++ u16 cmd; |
2417 |
+ |
2418 |
+ for (i = 0; i < vdev->num_ctx; i++) { |
2419 |
+ vfio_virqfd_disable(&vdev->ctx[i].unmask); |
2420 |
+@@ -387,7 +399,9 @@ static void vfio_msi_disable(struct vfio_pci_device *vdev, bool msix) |
2421 |
+ |
2422 |
+ vfio_msi_set_block(vdev, 0, vdev->num_ctx, NULL, msix); |
2423 |
+ |
2424 |
++ cmd = vfio_pci_memory_lock_and_enable(vdev); |
2425 |
+ pci_free_irq_vectors(pdev); |
2426 |
++ vfio_pci_memory_unlock_and_restore(vdev, cmd); |
2427 |
+ |
2428 |
+ /* |
2429 |
+ * Both disable paths above use pci_intx_for_msi() to clear DisINTx |
2430 |
+diff --git a/drivers/vfio/pci/vfio_pci_private.h b/drivers/vfio/pci/vfio_pci_private.h |
2431 |
+index cde3b5d3441ad..17d2bae5b013c 100644 |
2432 |
+--- a/drivers/vfio/pci/vfio_pci_private.h |
2433 |
++++ b/drivers/vfio/pci/vfio_pci_private.h |
2434 |
+@@ -76,6 +76,11 @@ struct vfio_pci_dummy_resource { |
2435 |
+ struct list_head res_next; |
2436 |
+ }; |
2437 |
+ |
2438 |
++struct vfio_pci_mmap_vma { |
2439 |
++ struct vm_area_struct *vma; |
2440 |
++ struct list_head vma_next; |
2441 |
++}; |
2442 |
++ |
2443 |
+ struct vfio_pci_device { |
2444 |
+ struct pci_dev *pdev; |
2445 |
+ void __iomem *barmap[PCI_STD_RESOURCE_END + 1]; |
2446 |
+@@ -111,6 +116,9 @@ struct vfio_pci_device { |
2447 |
+ struct list_head dummy_resources_list; |
2448 |
+ struct mutex ioeventfds_lock; |
2449 |
+ struct list_head ioeventfds_list; |
2450 |
++ struct mutex vma_lock; |
2451 |
++ struct list_head vma_list; |
2452 |
++ struct rw_semaphore memory_lock; |
2453 |
+ }; |
2454 |
+ |
2455 |
+ #define is_intx(vdev) (vdev->irq_type == VFIO_PCI_INTX_IRQ_INDEX) |
2456 |
+@@ -149,6 +157,14 @@ extern int vfio_pci_register_dev_region(struct vfio_pci_device *vdev, |
2457 |
+ unsigned int type, unsigned int subtype, |
2458 |
+ const struct vfio_pci_regops *ops, |
2459 |
+ size_t size, u32 flags, void *data); |
2460 |
++ |
2461 |
++extern bool __vfio_pci_memory_enabled(struct vfio_pci_device *vdev); |
2462 |
++extern void vfio_pci_zap_and_down_write_memory_lock(struct vfio_pci_device |
2463 |
++ *vdev); |
2464 |
++extern u16 vfio_pci_memory_lock_and_enable(struct vfio_pci_device *vdev); |
2465 |
++extern void vfio_pci_memory_unlock_and_restore(struct vfio_pci_device *vdev, |
2466 |
++ u16 cmd); |
2467 |
++ |
2468 |
+ #ifdef CONFIG_VFIO_PCI_IGD |
2469 |
+ extern int vfio_pci_igd_init(struct vfio_pci_device *vdev); |
2470 |
+ #else |
2471 |
+diff --git a/drivers/vfio/pci/vfio_pci_rdwr.c b/drivers/vfio/pci/vfio_pci_rdwr.c |
2472 |
+index a6029d0a55244..3d0ec2bbe131f 100644 |
2473 |
+--- a/drivers/vfio/pci/vfio_pci_rdwr.c |
2474 |
++++ b/drivers/vfio/pci/vfio_pci_rdwr.c |
2475 |
+@@ -165,6 +165,7 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf, |
2476 |
+ size_t x_start = 0, x_end = 0; |
2477 |
+ resource_size_t end; |
2478 |
+ void __iomem *io; |
2479 |
++ struct resource *res = &vdev->pdev->resource[bar]; |
2480 |
+ ssize_t done; |
2481 |
+ |
2482 |
+ if (pci_resource_start(pdev, bar)) |
2483 |
+@@ -180,6 +181,14 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf, |
2484 |
+ |
2485 |
+ count = min(count, (size_t)(end - pos)); |
2486 |
+ |
2487 |
++ if (res->flags & IORESOURCE_MEM) { |
2488 |
++ down_read(&vdev->memory_lock); |
2489 |
++ if (!__vfio_pci_memory_enabled(vdev)) { |
2490 |
++ up_read(&vdev->memory_lock); |
2491 |
++ return -EIO; |
2492 |
++ } |
2493 |
++ } |
2494 |
++ |
2495 |
+ if (bar == PCI_ROM_RESOURCE) { |
2496 |
+ /* |
2497 |
+ * The ROM can fill less space than the BAR, so we start the |
2498 |
+@@ -187,13 +196,17 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf, |
2499 |
+ * filling large ROM BARs much faster. |
2500 |
+ */ |
2501 |
+ io = pci_map_rom(pdev, &x_start); |
2502 |
+- if (!io) |
2503 |
+- return -ENOMEM; |
2504 |
++ if (!io) { |
2505 |
++ done = -ENOMEM; |
2506 |
++ goto out; |
2507 |
++ } |
2508 |
+ x_end = end; |
2509 |
+ } else { |
2510 |
+ int ret = vfio_pci_setup_barmap(vdev, bar); |
2511 |
+- if (ret) |
2512 |
+- return ret; |
2513 |
++ if (ret) { |
2514 |
++ done = ret; |
2515 |
++ goto out; |
2516 |
++ } |
2517 |
+ |
2518 |
+ io = vdev->barmap[bar]; |
2519 |
+ } |
2520 |
+@@ -210,6 +223,9 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf, |
2521 |
+ |
2522 |
+ if (bar == PCI_ROM_RESOURCE) |
2523 |
+ pci_unmap_rom(pdev, io); |
2524 |
++out: |
2525 |
++ if (res->flags & IORESOURCE_MEM) |
2526 |
++ up_read(&vdev->memory_lock); |
2527 |
+ |
2528 |
+ return done; |
2529 |
+ } |
2530 |
+diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c |
2531 |
+index 52083b710b87e..05d8553635ee7 100644 |
2532 |
+--- a/drivers/vfio/vfio_iommu_type1.c |
2533 |
++++ b/drivers/vfio/vfio_iommu_type1.c |
2534 |
+@@ -343,6 +343,32 @@ static int put_pfn(unsigned long pfn, int prot) |
2535 |
+ return 0; |
2536 |
+ } |
2537 |
+ |
2538 |
++static int follow_fault_pfn(struct vm_area_struct *vma, struct mm_struct *mm, |
2539 |
++ unsigned long vaddr, unsigned long *pfn, |
2540 |
++ bool write_fault) |
2541 |
++{ |
2542 |
++ int ret; |
2543 |
++ |
2544 |
++ ret = follow_pfn(vma, vaddr, pfn); |
2545 |
++ if (ret) { |
2546 |
++ bool unlocked = false; |
2547 |
++ |
2548 |
++ ret = fixup_user_fault(NULL, mm, vaddr, |
2549 |
++ FAULT_FLAG_REMOTE | |
2550 |
++ (write_fault ? FAULT_FLAG_WRITE : 0), |
2551 |
++ &unlocked); |
2552 |
++ if (unlocked) |
2553 |
++ return -EAGAIN; |
2554 |
++ |
2555 |
++ if (ret) |
2556 |
++ return ret; |
2557 |
++ |
2558 |
++ ret = follow_pfn(vma, vaddr, pfn); |
2559 |
++ } |
2560 |
++ |
2561 |
++ return ret; |
2562 |
++} |
2563 |
++ |
2564 |
+ static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr, |
2565 |
+ int prot, unsigned long *pfn) |
2566 |
+ { |
2567 |
+@@ -382,12 +408,16 @@ static int vaddr_get_pfn(struct mm_struct *mm, unsigned long vaddr, |
2568 |
+ |
2569 |
+ down_read(&mm->mmap_sem); |
2570 |
+ |
2571 |
++retry: |
2572 |
+ vma = find_vma_intersection(mm, vaddr, vaddr + 1); |
2573 |
+ |
2574 |
+ if (vma && vma->vm_flags & VM_PFNMAP) { |
2575 |
+- if (!follow_pfn(vma, vaddr, pfn) && |
2576 |
+- is_invalid_reserved_pfn(*pfn)) |
2577 |
+- ret = 0; |
2578 |
++ ret = follow_fault_pfn(vma, mm, vaddr, pfn, prot & IOMMU_WRITE); |
2579 |
++ if (ret == -EAGAIN) |
2580 |
++ goto retry; |
2581 |
++ |
2582 |
++ if (!ret && !is_invalid_reserved_pfn(*pfn)) |
2583 |
++ ret = -EFAULT; |
2584 |
+ } |
2585 |
+ |
2586 |
+ up_read(&mm->mmap_sem); |
2587 |
+diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c |
2588 |
+index e94a61eaeceb0..f7b553faadb10 100644 |
2589 |
+--- a/drivers/xen/xenbus/xenbus_client.c |
2590 |
++++ b/drivers/xen/xenbus/xenbus_client.c |
2591 |
+@@ -365,8 +365,14 @@ int xenbus_grant_ring(struct xenbus_device *dev, void *vaddr, |
2592 |
+ int i, j; |
2593 |
+ |
2594 |
+ for (i = 0; i < nr_pages; i++) { |
2595 |
+- err = gnttab_grant_foreign_access(dev->otherend_id, |
2596 |
+- virt_to_gfn(vaddr), 0); |
2597 |
++ unsigned long gfn; |
2598 |
++ |
2599 |
++ if (is_vmalloc_addr(vaddr)) |
2600 |
++ gfn = pfn_to_gfn(vmalloc_to_pfn(vaddr)); |
2601 |
++ else |
2602 |
++ gfn = virt_to_gfn(vaddr); |
2603 |
++ |
2604 |
++ err = gnttab_grant_foreign_access(dev->otherend_id, gfn, 0); |
2605 |
+ if (err < 0) { |
2606 |
+ xenbus_dev_fatal(dev, err, |
2607 |
+ "granting access to ring page"); |
2608 |
+diff --git a/fs/affs/amigaffs.c b/fs/affs/amigaffs.c |
2609 |
+index 14a6c1b90c9fb..9a1e761b64a2b 100644 |
2610 |
+--- a/fs/affs/amigaffs.c |
2611 |
++++ b/fs/affs/amigaffs.c |
2612 |
+@@ -420,24 +420,51 @@ affs_mode_to_prot(struct inode *inode) |
2613 |
+ u32 prot = AFFS_I(inode)->i_protect; |
2614 |
+ umode_t mode = inode->i_mode; |
2615 |
+ |
2616 |
++ /* |
2617 |
++ * First, clear all RWED bits for owner, group, other. |
2618 |
++ * Then, recalculate them afresh. |
2619 |
++ * |
2620 |
++ * We'll always clear the delete-inhibit bit for the owner, as that is |
2621 |
++ * the classic single-user mode AmigaOS protection bit and we need to |
2622 |
++ * stay compatible with all scenarios. |
2623 |
++ * |
2624 |
++ * Since multi-user AmigaOS is an extension, we'll only set the |
2625 |
++ * delete-allow bit if any of the other bits in the same user class |
2626 |
++ * (group/other) are used. |
2627 |
++ */ |
2628 |
++ prot &= ~(FIBF_NOEXECUTE | FIBF_NOREAD |
2629 |
++ | FIBF_NOWRITE | FIBF_NODELETE |
2630 |
++ | FIBF_GRP_EXECUTE | FIBF_GRP_READ |
2631 |
++ | FIBF_GRP_WRITE | FIBF_GRP_DELETE |
2632 |
++ | FIBF_OTR_EXECUTE | FIBF_OTR_READ |
2633 |
++ | FIBF_OTR_WRITE | FIBF_OTR_DELETE); |
2634 |
++ |
2635 |
++ /* Classic single-user AmigaOS flags. These are inverted. */ |
2636 |
+ if (!(mode & 0100)) |
2637 |
+ prot |= FIBF_NOEXECUTE; |
2638 |
+ if (!(mode & 0400)) |
2639 |
+ prot |= FIBF_NOREAD; |
2640 |
+ if (!(mode & 0200)) |
2641 |
+ prot |= FIBF_NOWRITE; |
2642 |
++ |
2643 |
++ /* Multi-user extended flags. Not inverted. */ |
2644 |
+ if (mode & 0010) |
2645 |
+ prot |= FIBF_GRP_EXECUTE; |
2646 |
+ if (mode & 0040) |
2647 |
+ prot |= FIBF_GRP_READ; |
2648 |
+ if (mode & 0020) |
2649 |
+ prot |= FIBF_GRP_WRITE; |
2650 |
++ if (mode & 0070) |
2651 |
++ prot |= FIBF_GRP_DELETE; |
2652 |
++ |
2653 |
+ if (mode & 0001) |
2654 |
+ prot |= FIBF_OTR_EXECUTE; |
2655 |
+ if (mode & 0004) |
2656 |
+ prot |= FIBF_OTR_READ; |
2657 |
+ if (mode & 0002) |
2658 |
+ prot |= FIBF_OTR_WRITE; |
2659 |
++ if (mode & 0007) |
2660 |
++ prot |= FIBF_OTR_DELETE; |
2661 |
+ |
2662 |
+ AFFS_I(inode)->i_protect = prot; |
2663 |
+ } |
2664 |
+diff --git a/fs/affs/file.c b/fs/affs/file.c |
2665 |
+index a85817f54483f..ba084b0b214b9 100644 |
2666 |
+--- a/fs/affs/file.c |
2667 |
++++ b/fs/affs/file.c |
2668 |
+@@ -428,6 +428,24 @@ static int affs_write_begin(struct file *file, struct address_space *mapping, |
2669 |
+ return ret; |
2670 |
+ } |
2671 |
+ |
2672 |
++static int affs_write_end(struct file *file, struct address_space *mapping, |
2673 |
++ loff_t pos, unsigned int len, unsigned int copied, |
2674 |
++ struct page *page, void *fsdata) |
2675 |
++{ |
2676 |
++ struct inode *inode = mapping->host; |
2677 |
++ int ret; |
2678 |
++ |
2679 |
++ ret = generic_write_end(file, mapping, pos, len, copied, page, fsdata); |
2680 |
++ |
2681 |
++ /* Clear Archived bit on file writes, as AmigaOS would do */ |
2682 |
++ if (AFFS_I(inode)->i_protect & FIBF_ARCHIVED) { |
2683 |
++ AFFS_I(inode)->i_protect &= ~FIBF_ARCHIVED; |
2684 |
++ mark_inode_dirty(inode); |
2685 |
++ } |
2686 |
++ |
2687 |
++ return ret; |
2688 |
++} |
2689 |
++ |
2690 |
+ static sector_t _affs_bmap(struct address_space *mapping, sector_t block) |
2691 |
+ { |
2692 |
+ return generic_block_bmap(mapping,block,affs_get_block); |
2693 |
+@@ -437,7 +455,7 @@ const struct address_space_operations affs_aops = { |
2694 |
+ .readpage = affs_readpage, |
2695 |
+ .writepage = affs_writepage, |
2696 |
+ .write_begin = affs_write_begin, |
2697 |
+- .write_end = generic_write_end, |
2698 |
++ .write_end = affs_write_end, |
2699 |
+ .direct_IO = affs_direct_IO, |
2700 |
+ .bmap = _affs_bmap |
2701 |
+ }; |
2702 |
+@@ -794,6 +812,12 @@ done: |
2703 |
+ if (tmp > inode->i_size) |
2704 |
+ inode->i_size = AFFS_I(inode)->mmu_private = tmp; |
2705 |
+ |
2706 |
++ /* Clear Archived bit on file writes, as AmigaOS would do */ |
2707 |
++ if (AFFS_I(inode)->i_protect & FIBF_ARCHIVED) { |
2708 |
++ AFFS_I(inode)->i_protect &= ~FIBF_ARCHIVED; |
2709 |
++ mark_inode_dirty(inode); |
2710 |
++ } |
2711 |
++ |
2712 |
+ err_first_bh: |
2713 |
+ unlock_page(page); |
2714 |
+ put_page(page); |
2715 |
+diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c |
2716 |
+index c9943d70e2cb2..8007b6aacec60 100644 |
2717 |
+--- a/fs/btrfs/ctree.c |
2718 |
++++ b/fs/btrfs/ctree.c |
2719 |
+@@ -1347,7 +1347,8 @@ tree_mod_log_rewind(struct btrfs_fs_info *fs_info, struct btrfs_path *path, |
2720 |
+ btrfs_tree_read_unlock_blocking(eb); |
2721 |
+ free_extent_buffer(eb); |
2722 |
+ |
2723 |
+- extent_buffer_get(eb_rewin); |
2724 |
++ btrfs_set_buffer_lockdep_class(btrfs_header_owner(eb_rewin), |
2725 |
++ eb_rewin, btrfs_header_level(eb_rewin)); |
2726 |
+ btrfs_tree_read_lock(eb_rewin); |
2727 |
+ __tree_mod_log_rewind(fs_info, eb_rewin, time_seq, tm); |
2728 |
+ WARN_ON(btrfs_header_nritems(eb_rewin) > |
2729 |
+@@ -1421,8 +1422,6 @@ get_old_root(struct btrfs_root *root, u64 time_seq) |
2730 |
+ |
2731 |
+ if (!eb) |
2732 |
+ return NULL; |
2733 |
+- extent_buffer_get(eb); |
2734 |
+- btrfs_tree_read_lock(eb); |
2735 |
+ if (old_root) { |
2736 |
+ btrfs_set_header_bytenr(eb, eb->start); |
2737 |
+ btrfs_set_header_backref_rev(eb, BTRFS_MIXED_BACKREF_REV); |
2738 |
+@@ -1430,6 +1429,9 @@ get_old_root(struct btrfs_root *root, u64 time_seq) |
2739 |
+ btrfs_set_header_level(eb, old_root->level); |
2740 |
+ btrfs_set_header_generation(eb, old_generation); |
2741 |
+ } |
2742 |
++ btrfs_set_buffer_lockdep_class(btrfs_header_owner(eb), eb, |
2743 |
++ btrfs_header_level(eb)); |
2744 |
++ btrfs_tree_read_lock(eb); |
2745 |
+ if (tm) |
2746 |
+ __tree_mod_log_rewind(fs_info, eb, time_seq, tm); |
2747 |
+ else |
2748 |
+diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c |
2749 |
+index fbcd18d96c524..82d597b16152c 100644 |
2750 |
+--- a/fs/btrfs/extent_io.c |
2751 |
++++ b/fs/btrfs/extent_io.c |
2752 |
+@@ -5377,9 +5377,9 @@ void read_extent_buffer(const struct extent_buffer *eb, void *dstv, |
2753 |
+ } |
2754 |
+ } |
2755 |
+ |
2756 |
+-int read_extent_buffer_to_user(const struct extent_buffer *eb, |
2757 |
+- void __user *dstv, |
2758 |
+- unsigned long start, unsigned long len) |
2759 |
++int read_extent_buffer_to_user_nofault(const struct extent_buffer *eb, |
2760 |
++ void __user *dstv, |
2761 |
++ unsigned long start, unsigned long len) |
2762 |
+ { |
2763 |
+ size_t cur; |
2764 |
+ size_t offset; |
2765 |
+@@ -5400,7 +5400,7 @@ int read_extent_buffer_to_user(const struct extent_buffer *eb, |
2766 |
+ |
2767 |
+ cur = min(len, (PAGE_SIZE - offset)); |
2768 |
+ kaddr = page_address(page); |
2769 |
+- if (copy_to_user(dst, kaddr + offset, cur)) { |
2770 |
++ if (probe_user_write(dst, kaddr + offset, cur)) { |
2771 |
+ ret = -EFAULT; |
2772 |
+ break; |
2773 |
+ } |
2774 |
+diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h |
2775 |
+index a3598b24441e1..d5089cadd7c49 100644 |
2776 |
+--- a/fs/btrfs/extent_io.h |
2777 |
++++ b/fs/btrfs/extent_io.h |
2778 |
+@@ -448,9 +448,9 @@ int memcmp_extent_buffer(const struct extent_buffer *eb, const void *ptrv, |
2779 |
+ void read_extent_buffer(const struct extent_buffer *eb, void *dst, |
2780 |
+ unsigned long start, |
2781 |
+ unsigned long len); |
2782 |
+-int read_extent_buffer_to_user(const struct extent_buffer *eb, |
2783 |
+- void __user *dst, unsigned long start, |
2784 |
+- unsigned long len); |
2785 |
++int read_extent_buffer_to_user_nofault(const struct extent_buffer *eb, |
2786 |
++ void __user *dst, unsigned long start, |
2787 |
++ unsigned long len); |
2788 |
+ void write_extent_buffer_fsid(struct extent_buffer *eb, const void *src); |
2789 |
+ void write_extent_buffer_chunk_tree_uuid(struct extent_buffer *eb, |
2790 |
+ const void *src); |
2791 |
+diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c |
2792 |
+index a5ae02bf3652b..85990755edd90 100644 |
2793 |
+--- a/fs/btrfs/ioctl.c |
2794 |
++++ b/fs/btrfs/ioctl.c |
2795 |
+@@ -2079,9 +2079,14 @@ static noinline int copy_to_sk(struct btrfs_path *path, |
2796 |
+ sh.len = item_len; |
2797 |
+ sh.transid = found_transid; |
2798 |
+ |
2799 |
+- /* copy search result header */ |
2800 |
+- if (copy_to_user(ubuf + *sk_offset, &sh, sizeof(sh))) { |
2801 |
+- ret = -EFAULT; |
2802 |
++ /* |
2803 |
++ * Copy search result header. If we fault then loop again so we |
2804 |
++ * can fault in the pages and -EFAULT there if there's a |
2805 |
++ * problem. Otherwise we'll fault and then copy the buffer in |
2806 |
++ * properly this next time through |
2807 |
++ */ |
2808 |
++ if (probe_user_write(ubuf + *sk_offset, &sh, sizeof(sh))) { |
2809 |
++ ret = 0; |
2810 |
+ goto out; |
2811 |
+ } |
2812 |
+ |
2813 |
+@@ -2089,10 +2094,14 @@ static noinline int copy_to_sk(struct btrfs_path *path, |
2814 |
+ |
2815 |
+ if (item_len) { |
2816 |
+ char __user *up = ubuf + *sk_offset; |
2817 |
+- /* copy the item */ |
2818 |
+- if (read_extent_buffer_to_user(leaf, up, |
2819 |
+- item_off, item_len)) { |
2820 |
+- ret = -EFAULT; |
2821 |
++ /* |
2822 |
++ * Copy the item, same behavior as above, but reset the |
2823 |
++ * * sk_offset so we copy the full thing again. |
2824 |
++ */ |
2825 |
++ if (read_extent_buffer_to_user_nofault(leaf, up, |
2826 |
++ item_off, item_len)) { |
2827 |
++ ret = 0; |
2828 |
++ *sk_offset -= sizeof(sh); |
2829 |
+ goto out; |
2830 |
+ } |
2831 |
+ |
2832 |
+@@ -2180,6 +2189,10 @@ static noinline int search_ioctl(struct inode *inode, |
2833 |
+ key.offset = sk->min_offset; |
2834 |
+ |
2835 |
+ while (1) { |
2836 |
++ ret = fault_in_pages_writeable(ubuf, *buf_size - sk_offset); |
2837 |
++ if (ret) |
2838 |
++ break; |
2839 |
++ |
2840 |
+ ret = btrfs_search_forward(root, &key, path, sk->min_transid); |
2841 |
+ if (ret != 0) { |
2842 |
+ if (ret > 0) |
2843 |
+diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c |
2844 |
+index 4abb2a155ac5b..498ec4b10e610 100644 |
2845 |
+--- a/fs/btrfs/volumes.c |
2846 |
++++ b/fs/btrfs/volumes.c |
2847 |
+@@ -4172,6 +4172,7 @@ static int btrfs_uuid_scan_kthread(void *data) |
2848 |
+ goto skip; |
2849 |
+ } |
2850 |
+ update_tree: |
2851 |
++ btrfs_release_path(path); |
2852 |
+ if (!btrfs_is_empty_uuid(root_item.uuid)) { |
2853 |
+ ret = btrfs_uuid_tree_add(trans, root_item.uuid, |
2854 |
+ BTRFS_UUID_KEY_SUBVOL, |
2855 |
+@@ -4196,6 +4197,7 @@ update_tree: |
2856 |
+ } |
2857 |
+ |
2858 |
+ skip: |
2859 |
++ btrfs_release_path(path); |
2860 |
+ if (trans) { |
2861 |
+ ret = btrfs_end_transaction(trans); |
2862 |
+ trans = NULL; |
2863 |
+@@ -4203,7 +4205,6 @@ skip: |
2864 |
+ break; |
2865 |
+ } |
2866 |
+ |
2867 |
+- btrfs_release_path(path); |
2868 |
+ if (key.offset < (u64)-1) { |
2869 |
+ key.offset++; |
2870 |
+ } else if (key.type < BTRFS_ROOT_ITEM_KEY) { |
2871 |
+diff --git a/fs/ceph/file.c b/fs/ceph/file.c |
2872 |
+index faca455bd3c69..4ce2752c8b71c 100644 |
2873 |
+--- a/fs/ceph/file.c |
2874 |
++++ b/fs/ceph/file.c |
2875 |
+@@ -1819,6 +1819,7 @@ const struct file_operations ceph_file_fops = { |
2876 |
+ .mmap = ceph_mmap, |
2877 |
+ .fsync = ceph_fsync, |
2878 |
+ .lock = ceph_lock, |
2879 |
++ .setlease = simple_nosetlease, |
2880 |
+ .flock = ceph_flock, |
2881 |
+ .splice_read = generic_file_splice_read, |
2882 |
+ .splice_write = iter_file_splice_write, |
2883 |
+diff --git a/fs/eventpoll.c b/fs/eventpoll.c |
2884 |
+index f988ccd064a22..61a52bb26d127 100644 |
2885 |
+--- a/fs/eventpoll.c |
2886 |
++++ b/fs/eventpoll.c |
2887 |
+@@ -1891,9 +1891,9 @@ static int ep_loop_check_proc(void *priv, void *cookie, int call_nests) |
2888 |
+ * during ep_insert(). |
2889 |
+ */ |
2890 |
+ if (list_empty(&epi->ffd.file->f_tfile_llink)) { |
2891 |
+- get_file(epi->ffd.file); |
2892 |
+- list_add(&epi->ffd.file->f_tfile_llink, |
2893 |
+- &tfile_check_list); |
2894 |
++ if (get_file_rcu(epi->ffd.file)) |
2895 |
++ list_add(&epi->ffd.file->f_tfile_llink, |
2896 |
++ &tfile_check_list); |
2897 |
+ } |
2898 |
+ } |
2899 |
+ } |
2900 |
+diff --git a/fs/ext2/file.c b/fs/ext2/file.c |
2901 |
+index 28b2609f25c1c..d39d90c1b6709 100644 |
2902 |
+--- a/fs/ext2/file.c |
2903 |
++++ b/fs/ext2/file.c |
2904 |
+@@ -93,8 +93,10 @@ static vm_fault_t ext2_dax_fault(struct vm_fault *vmf) |
2905 |
+ struct inode *inode = file_inode(vmf->vma->vm_file); |
2906 |
+ struct ext2_inode_info *ei = EXT2_I(inode); |
2907 |
+ vm_fault_t ret; |
2908 |
++ bool write = (vmf->flags & FAULT_FLAG_WRITE) && |
2909 |
++ (vmf->vma->vm_flags & VM_SHARED); |
2910 |
+ |
2911 |
+- if (vmf->flags & FAULT_FLAG_WRITE) { |
2912 |
++ if (write) { |
2913 |
+ sb_start_pagefault(inode->i_sb); |
2914 |
+ file_update_time(vmf->vma->vm_file); |
2915 |
+ } |
2916 |
+@@ -103,7 +105,7 @@ static vm_fault_t ext2_dax_fault(struct vm_fault *vmf) |
2917 |
+ ret = dax_iomap_fault(vmf, PE_SIZE_PTE, NULL, NULL, &ext2_iomap_ops); |
2918 |
+ |
2919 |
+ up_read(&ei->dax_sem); |
2920 |
+- if (vmf->flags & FAULT_FLAG_WRITE) |
2921 |
++ if (write) |
2922 |
+ sb_end_pagefault(inode->i_sb); |
2923 |
+ return ret; |
2924 |
+ } |
2925 |
+diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c |
2926 |
+index 2652d00842d6b..087a5715cf20e 100644 |
2927 |
+--- a/fs/xfs/libxfs/xfs_attr_leaf.c |
2928 |
++++ b/fs/xfs/libxfs/xfs_attr_leaf.c |
2929 |
+@@ -935,8 +935,10 @@ xfs_attr_shortform_verify( |
2930 |
+ * struct xfs_attr_sf_entry has a variable length. |
2931 |
+ * Check the fixed-offset parts of the structure are |
2932 |
+ * within the data buffer. |
2933 |
++ * xfs_attr_sf_entry is defined with a 1-byte variable |
2934 |
++ * array at the end, so we must subtract that off. |
2935 |
+ */ |
2936 |
+- if (((char *)sfep + sizeof(*sfep)) >= endp) |
2937 |
++ if (((char *)sfep + sizeof(*sfep) - 1) >= endp) |
2938 |
+ return __this_address; |
2939 |
+ |
2940 |
+ /* Don't allow names with known bad length. */ |
2941 |
+diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c |
2942 |
+index 0b7145fdb8aa1..f35e1801f1c90 100644 |
2943 |
+--- a/fs/xfs/libxfs/xfs_bmap.c |
2944 |
++++ b/fs/xfs/libxfs/xfs_bmap.c |
2945 |
+@@ -6130,7 +6130,7 @@ xfs_bmap_validate_extent( |
2946 |
+ |
2947 |
+ isrt = XFS_IS_REALTIME_INODE(ip); |
2948 |
+ endfsb = irec->br_startblock + irec->br_blockcount - 1; |
2949 |
+- if (isrt) { |
2950 |
++ if (isrt && whichfork == XFS_DATA_FORK) { |
2951 |
+ if (!xfs_verify_rtbno(mp, irec->br_startblock)) |
2952 |
+ return __this_address; |
2953 |
+ if (!xfs_verify_rtbno(mp, endfsb)) |
2954 |
+diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c |
2955 |
+index 259549698ba7e..f22acfd53850b 100644 |
2956 |
+--- a/fs/xfs/xfs_file.c |
2957 |
++++ b/fs/xfs/xfs_file.c |
2958 |
+@@ -1095,6 +1095,14 @@ __xfs_filemap_fault( |
2959 |
+ return ret; |
2960 |
+ } |
2961 |
+ |
2962 |
++static inline bool |
2963 |
++xfs_is_write_fault( |
2964 |
++ struct vm_fault *vmf) |
2965 |
++{ |
2966 |
++ return (vmf->flags & FAULT_FLAG_WRITE) && |
2967 |
++ (vmf->vma->vm_flags & VM_SHARED); |
2968 |
++} |
2969 |
++ |
2970 |
+ static vm_fault_t |
2971 |
+ xfs_filemap_fault( |
2972 |
+ struct vm_fault *vmf) |
2973 |
+@@ -1102,7 +1110,7 @@ xfs_filemap_fault( |
2974 |
+ /* DAX can shortcut the normal fault path on write faults! */ |
2975 |
+ return __xfs_filemap_fault(vmf, PE_SIZE_PTE, |
2976 |
+ IS_DAX(file_inode(vmf->vma->vm_file)) && |
2977 |
+- (vmf->flags & FAULT_FLAG_WRITE)); |
2978 |
++ xfs_is_write_fault(vmf)); |
2979 |
+ } |
2980 |
+ |
2981 |
+ static vm_fault_t |
2982 |
+@@ -1115,7 +1123,7 @@ xfs_filemap_huge_fault( |
2983 |
+ |
2984 |
+ /* DAX can shortcut the normal fault path on write faults! */ |
2985 |
+ return __xfs_filemap_fault(vmf, pe_size, |
2986 |
+- (vmf->flags & FAULT_FLAG_WRITE)); |
2987 |
++ xfs_is_write_fault(vmf)); |
2988 |
+ } |
2989 |
+ |
2990 |
+ static vm_fault_t |
2991 |
+diff --git a/include/linux/bvec.h b/include/linux/bvec.h |
2992 |
+index fe7a22dd133b5..bc1f16e9f3f4d 100644 |
2993 |
+--- a/include/linux/bvec.h |
2994 |
++++ b/include/linux/bvec.h |
2995 |
+@@ -119,11 +119,18 @@ static inline bool bvec_iter_rewind(const struct bio_vec *bv, |
2996 |
+ return true; |
2997 |
+ } |
2998 |
+ |
2999 |
++static inline void bvec_iter_skip_zero_bvec(struct bvec_iter *iter) |
3000 |
++{ |
3001 |
++ iter->bi_bvec_done = 0; |
3002 |
++ iter->bi_idx++; |
3003 |
++} |
3004 |
++ |
3005 |
+ #define for_each_bvec(bvl, bio_vec, iter, start) \ |
3006 |
+ for (iter = (start); \ |
3007 |
+ (iter).bi_size && \ |
3008 |
+ ((bvl = bvec_iter_bvec((bio_vec), (iter))), 1); \ |
3009 |
+- bvec_iter_advance((bio_vec), &(iter), (bvl).bv_len)) |
3010 |
++ (bvl).bv_len ? (void)bvec_iter_advance((bio_vec), &(iter), \ |
3011 |
++ (bvl).bv_len) : bvec_iter_skip_zero_bvec(&(iter))) |
3012 |
+ |
3013 |
+ /* for iterating one bio from start to end */ |
3014 |
+ #define BVEC_ITER_ALL_INIT (struct bvec_iter) \ |
3015 |
+diff --git a/include/linux/hid.h b/include/linux/hid.h |
3016 |
+index 8506637f070d1..a46b6832b3733 100644 |
3017 |
+--- a/include/linux/hid.h |
3018 |
++++ b/include/linux/hid.h |
3019 |
+@@ -956,34 +956,49 @@ static inline void hid_device_io_stop(struct hid_device *hid) { |
3020 |
+ * @max: maximal valid usage->code to consider later (out parameter) |
3021 |
+ * @type: input event type (EV_KEY, EV_REL, ...) |
3022 |
+ * @c: code which corresponds to this usage and type |
3023 |
++ * |
3024 |
++ * The value pointed to by @bit will be set to NULL if either @type is |
3025 |
++ * an unhandled event type, or if @c is out of range for @type. This |
3026 |
++ * can be used as an error condition. |
3027 |
+ */ |
3028 |
+ static inline void hid_map_usage(struct hid_input *hidinput, |
3029 |
+ struct hid_usage *usage, unsigned long **bit, int *max, |
3030 |
+- __u8 type, __u16 c) |
3031 |
++ __u8 type, unsigned int c) |
3032 |
+ { |
3033 |
+ struct input_dev *input = hidinput->input; |
3034 |
+- |
3035 |
+- usage->type = type; |
3036 |
+- usage->code = c; |
3037 |
++ unsigned long *bmap = NULL; |
3038 |
++ unsigned int limit = 0; |
3039 |
+ |
3040 |
+ switch (type) { |
3041 |
+ case EV_ABS: |
3042 |
+- *bit = input->absbit; |
3043 |
+- *max = ABS_MAX; |
3044 |
++ bmap = input->absbit; |
3045 |
++ limit = ABS_MAX; |
3046 |
+ break; |
3047 |
+ case EV_REL: |
3048 |
+- *bit = input->relbit; |
3049 |
+- *max = REL_MAX; |
3050 |
++ bmap = input->relbit; |
3051 |
++ limit = REL_MAX; |
3052 |
+ break; |
3053 |
+ case EV_KEY: |
3054 |
+- *bit = input->keybit; |
3055 |
+- *max = KEY_MAX; |
3056 |
++ bmap = input->keybit; |
3057 |
++ limit = KEY_MAX; |
3058 |
+ break; |
3059 |
+ case EV_LED: |
3060 |
+- *bit = input->ledbit; |
3061 |
+- *max = LED_MAX; |
3062 |
++ bmap = input->ledbit; |
3063 |
++ limit = LED_MAX; |
3064 |
+ break; |
3065 |
+ } |
3066 |
++ |
3067 |
++ if (unlikely(c > limit || !bmap)) { |
3068 |
++ pr_warn_ratelimited("%s: Invalid code %d type %d\n", |
3069 |
++ input->name, c, type); |
3070 |
++ *bit = NULL; |
3071 |
++ return; |
3072 |
++ } |
3073 |
++ |
3074 |
++ usage->type = type; |
3075 |
++ usage->code = c; |
3076 |
++ *max = limit; |
3077 |
++ *bit = bmap; |
3078 |
+ } |
3079 |
+ |
3080 |
+ /** |
3081 |
+@@ -997,7 +1012,8 @@ static inline void hid_map_usage_clear(struct hid_input *hidinput, |
3082 |
+ __u8 type, __u16 c) |
3083 |
+ { |
3084 |
+ hid_map_usage(hidinput, usage, bit, max, type, c); |
3085 |
+- clear_bit(c, *bit); |
3086 |
++ if (*bit) |
3087 |
++ clear_bit(usage->code, *bit); |
3088 |
+ } |
3089 |
+ |
3090 |
+ /** |
3091 |
+diff --git a/include/linux/libata.h b/include/linux/libata.h |
3092 |
+index ed1453c15041d..afc1d72161ba5 100644 |
3093 |
+--- a/include/linux/libata.h |
3094 |
++++ b/include/linux/libata.h |
3095 |
+@@ -439,6 +439,7 @@ enum { |
3096 |
+ ATA_HORKAGE_NO_DMA_LOG = (1 << 23), /* don't use DMA for log read */ |
3097 |
+ ATA_HORKAGE_NOTRIM = (1 << 24), /* don't use TRIM */ |
3098 |
+ ATA_HORKAGE_MAX_SEC_1024 = (1 << 25), /* Limit max sects to 1024 */ |
3099 |
++ ATA_HORKAGE_MAX_TRIM_128M = (1 << 26), /* Limit max trim size to 128M */ |
3100 |
+ |
3101 |
+ /* DMA mask for user DMA control: User visible values; DO NOT |
3102 |
+ renumber */ |
3103 |
+diff --git a/include/linux/log2.h b/include/linux/log2.h |
3104 |
+index 2af7f77866d03..78496801cddf0 100644 |
3105 |
+--- a/include/linux/log2.h |
3106 |
++++ b/include/linux/log2.h |
3107 |
+@@ -177,7 +177,7 @@ unsigned long __rounddown_pow_of_two(unsigned long n) |
3108 |
+ #define roundup_pow_of_two(n) \ |
3109 |
+ ( \ |
3110 |
+ __builtin_constant_p(n) ? ( \ |
3111 |
+- (n == 1) ? 1 : \ |
3112 |
++ ((n) == 1) ? 1 : \ |
3113 |
+ (1UL << (ilog2((n) - 1) + 1)) \ |
3114 |
+ ) : \ |
3115 |
+ __roundup_pow_of_two(n) \ |
3116 |
+diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h |
3117 |
+index cf09ab37b45b7..e713476ff29db 100644 |
3118 |
+--- a/include/linux/netfilter/nfnetlink.h |
3119 |
++++ b/include/linux/netfilter/nfnetlink.h |
3120 |
+@@ -43,8 +43,7 @@ int nfnetlink_has_listeners(struct net *net, unsigned int group); |
3121 |
+ int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 portid, |
3122 |
+ unsigned int group, int echo, gfp_t flags); |
3123 |
+ int nfnetlink_set_err(struct net *net, u32 portid, u32 group, int error); |
3124 |
+-int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u32 portid, |
3125 |
+- int flags); |
3126 |
++int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u32 portid); |
3127 |
+ |
3128 |
+ static inline u16 nfnl_msg_type(u8 subsys, u8 msg_type) |
3129 |
+ { |
3130 |
+diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h |
3131 |
+index d55b68b113de1..db9b0dd0a7a3b 100644 |
3132 |
+--- a/include/linux/uaccess.h |
3133 |
++++ b/include/linux/uaccess.h |
3134 |
+@@ -242,6 +242,17 @@ static inline unsigned long __copy_from_user_inatomic_nocache(void *to, |
3135 |
+ extern long probe_kernel_read(void *dst, const void *src, size_t size); |
3136 |
+ extern long __probe_kernel_read(void *dst, const void *src, size_t size); |
3137 |
+ |
3138 |
++/* |
3139 |
++ * probe_user_read(): safely attempt to read from a location in user space |
3140 |
++ * @dst: pointer to the buffer that shall take the data |
3141 |
++ * @src: address to read from |
3142 |
++ * @size: size of the data chunk |
3143 |
++ * |
3144 |
++ * Safely read from address @src to the buffer at @dst. If a kernel fault |
3145 |
++ * happens, handle that and return -EFAULT. |
3146 |
++ */ |
3147 |
++extern long probe_user_read(void *dst, const void __user *src, size_t size); |
3148 |
++ |
3149 |
+ /* |
3150 |
+ * probe_kernel_write(): safely attempt to write to a location |
3151 |
+ * @dst: address to write to |
3152 |
+@@ -254,7 +265,22 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size); |
3153 |
+ extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); |
3154 |
+ extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size); |
3155 |
+ |
3156 |
++/* |
3157 |
++ * probe_user_write(): safely attempt to write to a location in user space |
3158 |
++ * @dst: address to write to |
3159 |
++ * @src: pointer to the data that shall be written |
3160 |
++ * @size: size of the data chunk |
3161 |
++ * |
3162 |
++ * Safely write to address @dst from the buffer at @src. If a kernel fault |
3163 |
++ * happens, handle that and return -EFAULT. |
3164 |
++ */ |
3165 |
++extern long notrace probe_user_write(void __user *dst, const void *src, size_t size); |
3166 |
++extern long notrace __probe_user_write(void __user *dst, const void *src, size_t size); |
3167 |
++ |
3168 |
+ extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count); |
3169 |
++extern long strncpy_from_unsafe_user(char *dst, const void __user *unsafe_addr, |
3170 |
++ long count); |
3171 |
++extern long strnlen_unsafe_user(const void __user *unsafe_addr, long count); |
3172 |
+ |
3173 |
+ /** |
3174 |
+ * probe_kernel_address(): safely attempt to read from a location |
3175 |
+diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h |
3176 |
+index 024636c31adcf..93253ba1eeac3 100644 |
3177 |
+--- a/include/net/netfilter/nf_tables.h |
3178 |
++++ b/include/net/netfilter/nf_tables.h |
3179 |
+@@ -130,6 +130,8 @@ static inline u8 nft_reg_load8(u32 *sreg) |
3180 |
+ static inline void nft_data_copy(u32 *dst, const struct nft_data *src, |
3181 |
+ unsigned int len) |
3182 |
+ { |
3183 |
++ if (len % NFT_REG32_SIZE) |
3184 |
++ dst[len / NFT_REG32_SIZE] = 0; |
3185 |
+ memcpy(dst, src, len); |
3186 |
+ } |
3187 |
+ |
3188 |
+diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h |
3189 |
+index 5eac62e1b68d5..cc00be102b9fb 100644 |
3190 |
+--- a/include/uapi/linux/netfilter/nf_tables.h |
3191 |
++++ b/include/uapi/linux/netfilter/nf_tables.h |
3192 |
+@@ -132,7 +132,7 @@ enum nf_tables_msg_types { |
3193 |
+ * @NFTA_LIST_ELEM: list element (NLA_NESTED) |
3194 |
+ */ |
3195 |
+ enum nft_list_attributes { |
3196 |
+- NFTA_LIST_UNPEC, |
3197 |
++ NFTA_LIST_UNSPEC, |
3198 |
+ NFTA_LIST_ELEM, |
3199 |
+ __NFTA_LIST_MAX |
3200 |
+ }; |
3201 |
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
3202 |
+index 8a5708f31aa07..27e49c5ec2194 100644 |
3203 |
+--- a/mm/hugetlb.c |
3204 |
++++ b/mm/hugetlb.c |
3205 |
+@@ -2918,6 +2918,22 @@ static unsigned int cpuset_mems_nr(unsigned int *array) |
3206 |
+ } |
3207 |
+ |
3208 |
+ #ifdef CONFIG_SYSCTL |
3209 |
++static int proc_hugetlb_doulongvec_minmax(struct ctl_table *table, int write, |
3210 |
++ void *buffer, size_t *length, |
3211 |
++ loff_t *ppos, unsigned long *out) |
3212 |
++{ |
3213 |
++ struct ctl_table dup_table; |
3214 |
++ |
3215 |
++ /* |
3216 |
++ * In order to avoid races with __do_proc_doulongvec_minmax(), we |
3217 |
++ * can duplicate the @table and alter the duplicate of it. |
3218 |
++ */ |
3219 |
++ dup_table = *table; |
3220 |
++ dup_table.data = out; |
3221 |
++ |
3222 |
++ return proc_doulongvec_minmax(&dup_table, write, buffer, length, ppos); |
3223 |
++} |
3224 |
++ |
3225 |
+ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, |
3226 |
+ struct ctl_table *table, int write, |
3227 |
+ void __user *buffer, size_t *length, loff_t *ppos) |
3228 |
+@@ -2929,9 +2945,8 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, |
3229 |
+ if (!hugepages_supported()) |
3230 |
+ return -EOPNOTSUPP; |
3231 |
+ |
3232 |
+- table->data = &tmp; |
3233 |
+- table->maxlen = sizeof(unsigned long); |
3234 |
+- ret = proc_doulongvec_minmax(table, write, buffer, length, ppos); |
3235 |
++ ret = proc_hugetlb_doulongvec_minmax(table, write, buffer, length, ppos, |
3236 |
++ &tmp); |
3237 |
+ if (ret) |
3238 |
+ goto out; |
3239 |
+ |
3240 |
+@@ -2975,9 +2990,8 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, |
3241 |
+ if (write && hstate_is_gigantic(h)) |
3242 |
+ return -EINVAL; |
3243 |
+ |
3244 |
+- table->data = &tmp; |
3245 |
+- table->maxlen = sizeof(unsigned long); |
3246 |
+- ret = proc_doulongvec_minmax(table, write, buffer, length, ppos); |
3247 |
++ ret = proc_hugetlb_doulongvec_minmax(table, write, buffer, length, ppos, |
3248 |
++ &tmp); |
3249 |
+ if (ret) |
3250 |
+ goto out; |
3251 |
+ |
3252 |
+diff --git a/mm/maccess.c b/mm/maccess.c |
3253 |
+index ec00be51a24fd..6e41ba452e5e9 100644 |
3254 |
+--- a/mm/maccess.c |
3255 |
++++ b/mm/maccess.c |
3256 |
+@@ -5,8 +5,32 @@ |
3257 |
+ #include <linux/mm.h> |
3258 |
+ #include <linux/uaccess.h> |
3259 |
+ |
3260 |
++static __always_inline long |
3261 |
++probe_read_common(void *dst, const void __user *src, size_t size) |
3262 |
++{ |
3263 |
++ long ret; |
3264 |
++ |
3265 |
++ pagefault_disable(); |
3266 |
++ ret = __copy_from_user_inatomic(dst, src, size); |
3267 |
++ pagefault_enable(); |
3268 |
++ |
3269 |
++ return ret ? -EFAULT : 0; |
3270 |
++} |
3271 |
++ |
3272 |
++static __always_inline long |
3273 |
++probe_write_common(void __user *dst, const void *src, size_t size) |
3274 |
++{ |
3275 |
++ long ret; |
3276 |
++ |
3277 |
++ pagefault_disable(); |
3278 |
++ ret = __copy_to_user_inatomic(dst, src, size); |
3279 |
++ pagefault_enable(); |
3280 |
++ |
3281 |
++ return ret ? -EFAULT : 0; |
3282 |
++} |
3283 |
++ |
3284 |
+ /** |
3285 |
+- * probe_kernel_read(): safely attempt to read from a location |
3286 |
++ * probe_kernel_read(): safely attempt to read from a kernel-space location |
3287 |
+ * @dst: pointer to the buffer that shall take the data |
3288 |
+ * @src: address to read from |
3289 |
+ * @size: size of the data chunk |
3290 |
+@@ -29,16 +53,40 @@ long __probe_kernel_read(void *dst, const void *src, size_t size) |
3291 |
+ mm_segment_t old_fs = get_fs(); |
3292 |
+ |
3293 |
+ set_fs(KERNEL_DS); |
3294 |
+- pagefault_disable(); |
3295 |
+- ret = __copy_from_user_inatomic(dst, |
3296 |
+- (__force const void __user *)src, size); |
3297 |
+- pagefault_enable(); |
3298 |
++ ret = probe_read_common(dst, (__force const void __user *)src, size); |
3299 |
+ set_fs(old_fs); |
3300 |
+ |
3301 |
+- return ret ? -EFAULT : 0; |
3302 |
++ return ret; |
3303 |
+ } |
3304 |
+ EXPORT_SYMBOL_GPL(probe_kernel_read); |
3305 |
+ |
3306 |
++/** |
3307 |
++ * probe_user_read(): safely attempt to read from a user-space location |
3308 |
++ * @dst: pointer to the buffer that shall take the data |
3309 |
++ * @src: address to read from. This must be a user address. |
3310 |
++ * @size: size of the data chunk |
3311 |
++ * |
3312 |
++ * Safely read from user address @src to the buffer at @dst. If a kernel fault |
3313 |
++ * happens, handle that and return -EFAULT. |
3314 |
++ */ |
3315 |
++ |
3316 |
++long __weak probe_user_read(void *dst, const void __user *src, size_t size) |
3317 |
++ __attribute__((alias("__probe_user_read"))); |
3318 |
++ |
3319 |
++long __probe_user_read(void *dst, const void __user *src, size_t size) |
3320 |
++{ |
3321 |
++ long ret = -EFAULT; |
3322 |
++ mm_segment_t old_fs = get_fs(); |
3323 |
++ |
3324 |
++ set_fs(USER_DS); |
3325 |
++ if (access_ok(VERIFY_READ, src, size)) |
3326 |
++ ret = probe_read_common(dst, src, size); |
3327 |
++ set_fs(old_fs); |
3328 |
++ |
3329 |
++ return ret; |
3330 |
++} |
3331 |
++EXPORT_SYMBOL_GPL(probe_user_read); |
3332 |
++ |
3333 |
+ /** |
3334 |
+ * probe_kernel_write(): safely attempt to write to a location |
3335 |
+ * @dst: address to write to |
3336 |
+@@ -48,6 +96,7 @@ EXPORT_SYMBOL_GPL(probe_kernel_read); |
3337 |
+ * Safely write to address @dst from the buffer at @src. If a kernel fault |
3338 |
+ * happens, handle that and return -EFAULT. |
3339 |
+ */ |
3340 |
++ |
3341 |
+ long __weak probe_kernel_write(void *dst, const void *src, size_t size) |
3342 |
+ __attribute__((alias("__probe_kernel_write"))); |
3343 |
+ |
3344 |
+@@ -57,15 +106,40 @@ long __probe_kernel_write(void *dst, const void *src, size_t size) |
3345 |
+ mm_segment_t old_fs = get_fs(); |
3346 |
+ |
3347 |
+ set_fs(KERNEL_DS); |
3348 |
+- pagefault_disable(); |
3349 |
+- ret = __copy_to_user_inatomic((__force void __user *)dst, src, size); |
3350 |
+- pagefault_enable(); |
3351 |
++ ret = probe_write_common((__force void __user *)dst, src, size); |
3352 |
+ set_fs(old_fs); |
3353 |
+ |
3354 |
+- return ret ? -EFAULT : 0; |
3355 |
++ return ret; |
3356 |
+ } |
3357 |
+ EXPORT_SYMBOL_GPL(probe_kernel_write); |
3358 |
+ |
3359 |
++/** |
3360 |
++ * probe_user_write(): safely attempt to write to a user-space location |
3361 |
++ * @dst: address to write to |
3362 |
++ * @src: pointer to the data that shall be written |
3363 |
++ * @size: size of the data chunk |
3364 |
++ * |
3365 |
++ * Safely write to address @dst from the buffer at @src. If a kernel fault |
3366 |
++ * happens, handle that and return -EFAULT. |
3367 |
++ */ |
3368 |
++ |
3369 |
++long __weak probe_user_write(void __user *dst, const void *src, size_t size) |
3370 |
++ __attribute__((alias("__probe_user_write"))); |
3371 |
++ |
3372 |
++long __probe_user_write(void __user *dst, const void *src, size_t size) |
3373 |
++{ |
3374 |
++ long ret = -EFAULT; |
3375 |
++ mm_segment_t old_fs = get_fs(); |
3376 |
++ |
3377 |
++ set_fs(USER_DS); |
3378 |
++ if (access_ok(VERIFY_WRITE, dst, size)) |
3379 |
++ ret = probe_write_common(dst, src, size); |
3380 |
++ set_fs(old_fs); |
3381 |
++ |
3382 |
++ return ret; |
3383 |
++} |
3384 |
++EXPORT_SYMBOL_GPL(probe_user_write); |
3385 |
++ |
3386 |
+ /** |
3387 |
+ * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address. |
3388 |
+ * @dst: Destination address, in kernel space. This buffer must be at |
3389 |
+@@ -105,3 +179,76 @@ long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count) |
3390 |
+ |
3391 |
+ return ret ? -EFAULT : src - unsafe_addr; |
3392 |
+ } |
3393 |
++ |
3394 |
++/** |
3395 |
++ * strncpy_from_unsafe_user: - Copy a NUL terminated string from unsafe user |
3396 |
++ * address. |
3397 |
++ * @dst: Destination address, in kernel space. This buffer must be at |
3398 |
++ * least @count bytes long. |
3399 |
++ * @unsafe_addr: Unsafe user address. |
3400 |
++ * @count: Maximum number of bytes to copy, including the trailing NUL. |
3401 |
++ * |
3402 |
++ * Copies a NUL-terminated string from unsafe user address to kernel buffer. |
3403 |
++ * |
3404 |
++ * On success, returns the length of the string INCLUDING the trailing NUL. |
3405 |
++ * |
3406 |
++ * If access fails, returns -EFAULT (some data may have been copied |
3407 |
++ * and the trailing NUL added). |
3408 |
++ * |
3409 |
++ * If @count is smaller than the length of the string, copies @count-1 bytes, |
3410 |
++ * sets the last byte of @dst buffer to NUL and returns @count. |
3411 |
++ */ |
3412 |
++long strncpy_from_unsafe_user(char *dst, const void __user *unsafe_addr, |
3413 |
++ long count) |
3414 |
++{ |
3415 |
++ mm_segment_t old_fs = get_fs(); |
3416 |
++ long ret; |
3417 |
++ |
3418 |
++ if (unlikely(count <= 0)) |
3419 |
++ return 0; |
3420 |
++ |
3421 |
++ set_fs(USER_DS); |
3422 |
++ pagefault_disable(); |
3423 |
++ ret = strncpy_from_user(dst, unsafe_addr, count); |
3424 |
++ pagefault_enable(); |
3425 |
++ set_fs(old_fs); |
3426 |
++ |
3427 |
++ if (ret >= count) { |
3428 |
++ ret = count; |
3429 |
++ dst[ret - 1] = '\0'; |
3430 |
++ } else if (ret > 0) { |
3431 |
++ ret++; |
3432 |
++ } |
3433 |
++ |
3434 |
++ return ret; |
3435 |
++} |
3436 |
++ |
3437 |
++/** |
3438 |
++ * strnlen_unsafe_user: - Get the size of a user string INCLUDING final NUL. |
3439 |
++ * @unsafe_addr: The string to measure. |
3440 |
++ * @count: Maximum count (including NUL) |
3441 |
++ * |
3442 |
++ * Get the size of a NUL-terminated string in user space without pagefault. |
3443 |
++ * |
3444 |
++ * Returns the size of the string INCLUDING the terminating NUL. |
3445 |
++ * |
3446 |
++ * If the string is too long, returns a number larger than @count. User |
3447 |
++ * has to check the return value against "> count". |
3448 |
++ * On exception (or invalid count), returns 0. |
3449 |
++ * |
3450 |
++ * Unlike strnlen_user, this can be used from IRQ handler etc. because |
3451 |
++ * it disables pagefaults. |
3452 |
++ */ |
3453 |
++long strnlen_unsafe_user(const void __user *unsafe_addr, long count) |
3454 |
++{ |
3455 |
++ mm_segment_t old_fs = get_fs(); |
3456 |
++ int ret; |
3457 |
++ |
3458 |
++ set_fs(USER_DS); |
3459 |
++ pagefault_disable(); |
3460 |
++ ret = strnlen_user(unsafe_addr, count); |
3461 |
++ pagefault_enable(); |
3462 |
++ set_fs(old_fs); |
3463 |
++ |
3464 |
++ return ret; |
3465 |
++} |
3466 |
+diff --git a/mm/slub.c b/mm/slub.c |
3467 |
+index 882a1e0ae89c8..dfc9b4267603e 100644 |
3468 |
+--- a/mm/slub.c |
3469 |
++++ b/mm/slub.c |
3470 |
+@@ -646,12 +646,12 @@ static void slab_fix(struct kmem_cache *s, char *fmt, ...) |
3471 |
+ } |
3472 |
+ |
3473 |
+ static bool freelist_corrupted(struct kmem_cache *s, struct page *page, |
3474 |
+- void *freelist, void *nextfree) |
3475 |
++ void **freelist, void *nextfree) |
3476 |
+ { |
3477 |
+ if ((s->flags & SLAB_CONSISTENCY_CHECKS) && |
3478 |
+- !check_valid_pointer(s, page, nextfree)) { |
3479 |
+- object_err(s, page, freelist, "Freechain corrupt"); |
3480 |
+- freelist = NULL; |
3481 |
++ !check_valid_pointer(s, page, nextfree) && freelist) { |
3482 |
++ object_err(s, page, *freelist, "Freechain corrupt"); |
3483 |
++ *freelist = NULL; |
3484 |
+ slab_fix(s, "Isolate corrupted freechain"); |
3485 |
+ return true; |
3486 |
+ } |
3487 |
+@@ -1343,7 +1343,7 @@ static inline void dec_slabs_node(struct kmem_cache *s, int node, |
3488 |
+ int objects) {} |
3489 |
+ |
3490 |
+ static bool freelist_corrupted(struct kmem_cache *s, struct page *page, |
3491 |
+- void *freelist, void *nextfree) |
3492 |
++ void **freelist, void *nextfree) |
3493 |
+ { |
3494 |
+ return false; |
3495 |
+ } |
3496 |
+@@ -2037,7 +2037,7 @@ static void deactivate_slab(struct kmem_cache *s, struct page *page, |
3497 |
+ * 'freelist' is already corrupted. So isolate all objects |
3498 |
+ * starting at 'freelist'. |
3499 |
+ */ |
3500 |
+- if (freelist_corrupted(s, page, freelist, nextfree)) |
3501 |
++ if (freelist_corrupted(s, page, &freelist, nextfree)) |
3502 |
+ break; |
3503 |
+ |
3504 |
+ do { |
3505 |
+diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c |
3506 |
+index 0458de53cb64b..04a620fd13014 100644 |
3507 |
+--- a/net/batman-adv/bat_v_ogm.c |
3508 |
++++ b/net/batman-adv/bat_v_ogm.c |
3509 |
+@@ -716,6 +716,12 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset, |
3510 |
+ ntohl(ogm_packet->seqno), ogm_throughput, ogm_packet->ttl, |
3511 |
+ ogm_packet->version, ntohs(ogm_packet->tvlv_len)); |
3512 |
+ |
3513 |
++ if (batadv_is_my_mac(bat_priv, ogm_packet->orig)) { |
3514 |
++ batadv_dbg(BATADV_DBG_BATMAN, bat_priv, |
3515 |
++ "Drop packet: originator packet from ourself\n"); |
3516 |
++ return; |
3517 |
++ } |
3518 |
++ |
3519 |
+ /* If the throughput metric is 0, immediately drop the packet. No need |
3520 |
+ * to create orig_node / neigh_node for an unusable route. |
3521 |
+ */ |
3522 |
+@@ -843,11 +849,6 @@ int batadv_v_ogm_packet_recv(struct sk_buff *skb, |
3523 |
+ if (batadv_is_my_mac(bat_priv, ethhdr->h_source)) |
3524 |
+ goto free_skb; |
3525 |
+ |
3526 |
+- ogm_packet = (struct batadv_ogm2_packet *)skb->data; |
3527 |
+- |
3528 |
+- if (batadv_is_my_mac(bat_priv, ogm_packet->orig)) |
3529 |
+- goto free_skb; |
3530 |
+- |
3531 |
+ batadv_inc_counter(bat_priv, BATADV_CNT_MGMT_RX); |
3532 |
+ batadv_add_counter(bat_priv, BATADV_CNT_MGMT_RX_BYTES, |
3533 |
+ skb->len + ETH_HLEN); |
3534 |
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c |
3535 |
+index 85faf25c29122..9b8bf06ccb613 100644 |
3536 |
+--- a/net/batman-adv/bridge_loop_avoidance.c |
3537 |
++++ b/net/batman-adv/bridge_loop_avoidance.c |
3538 |
+@@ -450,7 +450,10 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, u8 *mac, |
3539 |
+ batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES, |
3540 |
+ skb->len + ETH_HLEN); |
3541 |
+ |
3542 |
+- netif_rx(skb); |
3543 |
++ if (in_interrupt()) |
3544 |
++ netif_rx(skb); |
3545 |
++ else |
3546 |
++ netif_rx_ni(skb); |
3547 |
+ out: |
3548 |
+ if (primary_if) |
3549 |
+ batadv_hardif_put(primary_if); |
3550 |
+diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c |
3551 |
+index 140c61a3f1ecf..0c59fefc13719 100644 |
3552 |
+--- a/net/batman-adv/gateway_client.c |
3553 |
++++ b/net/batman-adv/gateway_client.c |
3554 |
+@@ -714,8 +714,10 @@ batadv_gw_dhcp_recipient_get(struct sk_buff *skb, unsigned int *header_len, |
3555 |
+ |
3556 |
+ chaddr_offset = *header_len + BATADV_DHCP_CHADDR_OFFSET; |
3557 |
+ /* store the client address if the message is going to a client */ |
3558 |
+- if (ret == BATADV_DHCP_TO_CLIENT && |
3559 |
+- pskb_may_pull(skb, chaddr_offset + ETH_ALEN)) { |
3560 |
++ if (ret == BATADV_DHCP_TO_CLIENT) { |
3561 |
++ if (!pskb_may_pull(skb, chaddr_offset + ETH_ALEN)) |
3562 |
++ return BATADV_DHCP_NO; |
3563 |
++ |
3564 |
+ /* check if the DHCP packet carries an Ethernet DHCP */ |
3565 |
+ p = skb->data + *header_len + BATADV_DHCP_HTYPE_OFFSET; |
3566 |
+ if (*p != BATADV_DHCP_HTYPE_ETHERNET) |
3567 |
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c |
3568 |
+index 1b8a53081632f..5b4632826dc66 100644 |
3569 |
+--- a/net/netfilter/nf_tables_api.c |
3570 |
++++ b/net/netfilter/nf_tables_api.c |
3571 |
+@@ -718,11 +718,11 @@ static int nf_tables_gettable(struct net *net, struct sock *nlsk, |
3572 |
+ nlh->nlmsg_seq, NFT_MSG_NEWTABLE, 0, |
3573 |
+ family, table); |
3574 |
+ if (err < 0) |
3575 |
+- goto err; |
3576 |
++ goto err_fill_table_info; |
3577 |
+ |
3578 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3579 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3580 |
+ |
3581 |
+-err: |
3582 |
++err_fill_table_info: |
3583 |
+ kfree_skb(skb2); |
3584 |
+ return err; |
3585 |
+ } |
3586 |
+@@ -1383,11 +1383,11 @@ static int nf_tables_getchain(struct net *net, struct sock *nlsk, |
3587 |
+ nlh->nlmsg_seq, NFT_MSG_NEWCHAIN, 0, |
3588 |
+ family, table, chain); |
3589 |
+ if (err < 0) |
3590 |
+- goto err; |
3591 |
++ goto err_fill_chain_info; |
3592 |
+ |
3593 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3594 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3595 |
+ |
3596 |
+-err: |
3597 |
++err_fill_chain_info: |
3598 |
+ kfree_skb(skb2); |
3599 |
+ return err; |
3600 |
+ } |
3601 |
+@@ -2488,11 +2488,11 @@ static int nf_tables_getrule(struct net *net, struct sock *nlsk, |
3602 |
+ nlh->nlmsg_seq, NFT_MSG_NEWRULE, 0, |
3603 |
+ family, table, chain, rule); |
3604 |
+ if (err < 0) |
3605 |
+- goto err; |
3606 |
++ goto err_fill_rule_info; |
3607 |
+ |
3608 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3609 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3610 |
+ |
3611 |
+-err: |
3612 |
++err_fill_rule_info: |
3613 |
+ kfree_skb(skb2); |
3614 |
+ return err; |
3615 |
+ } |
3616 |
+@@ -3204,7 +3204,8 @@ static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx, |
3617 |
+ goto nla_put_failure; |
3618 |
+ } |
3619 |
+ |
3620 |
+- if (nla_put(skb, NFTA_SET_USERDATA, set->udlen, set->udata)) |
3621 |
++ if (set->udata && |
3622 |
++ nla_put(skb, NFTA_SET_USERDATA, set->udlen, set->udata)) |
3623 |
+ goto nla_put_failure; |
3624 |
+ |
3625 |
+ desc = nla_nest_start(skb, NFTA_SET_DESC); |
3626 |
+@@ -3376,11 +3377,11 @@ static int nf_tables_getset(struct net *net, struct sock *nlsk, |
3627 |
+ |
3628 |
+ err = nf_tables_fill_set(skb2, &ctx, set, NFT_MSG_NEWSET, 0); |
3629 |
+ if (err < 0) |
3630 |
+- goto err; |
3631 |
++ goto err_fill_set_info; |
3632 |
+ |
3633 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3634 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3635 |
+ |
3636 |
+-err: |
3637 |
++err_fill_set_info: |
3638 |
+ kfree_skb(skb2); |
3639 |
+ return err; |
3640 |
+ } |
3641 |
+@@ -4156,24 +4157,18 @@ static int nft_get_set_elem(struct nft_ctx *ctx, struct nft_set *set, |
3642 |
+ err = -ENOMEM; |
3643 |
+ skb = nlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC); |
3644 |
+ if (skb == NULL) |
3645 |
+- goto err1; |
3646 |
++ return err; |
3647 |
+ |
3648 |
+ err = nf_tables_fill_setelem_info(skb, ctx, ctx->seq, ctx->portid, |
3649 |
+ NFT_MSG_NEWSETELEM, 0, set, &elem); |
3650 |
+ if (err < 0) |
3651 |
+- goto err2; |
3652 |
++ goto err_fill_setelem; |
3653 |
+ |
3654 |
+- err = nfnetlink_unicast(skb, ctx->net, ctx->portid, MSG_DONTWAIT); |
3655 |
+- /* This avoids a loop in nfnetlink. */ |
3656 |
+- if (err < 0) |
3657 |
+- goto err1; |
3658 |
++ return nfnetlink_unicast(skb, ctx->net, ctx->portid); |
3659 |
+ |
3660 |
+- return 0; |
3661 |
+-err2: |
3662 |
++err_fill_setelem: |
3663 |
+ kfree_skb(skb); |
3664 |
+-err1: |
3665 |
+- /* this avoids a loop in nfnetlink. */ |
3666 |
+- return err == -EAGAIN ? -ENOBUFS : err; |
3667 |
++ return err; |
3668 |
+ } |
3669 |
+ |
3670 |
+ /* called with rcu_read_lock held */ |
3671 |
+@@ -5272,10 +5267,11 @@ static int nf_tables_getobj(struct net *net, struct sock *nlsk, |
3672 |
+ nlh->nlmsg_seq, NFT_MSG_NEWOBJ, 0, |
3673 |
+ family, table, obj, reset); |
3674 |
+ if (err < 0) |
3675 |
+- goto err; |
3676 |
++ goto err_fill_obj_info; |
3677 |
+ |
3678 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3679 |
+-err: |
3680 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3681 |
++ |
3682 |
++err_fill_obj_info: |
3683 |
+ kfree_skb(skb2); |
3684 |
+ return err; |
3685 |
+ } |
3686 |
+@@ -5932,10 +5928,11 @@ static int nf_tables_getflowtable(struct net *net, struct sock *nlsk, |
3687 |
+ NFT_MSG_NEWFLOWTABLE, 0, family, |
3688 |
+ flowtable); |
3689 |
+ if (err < 0) |
3690 |
+- goto err; |
3691 |
++ goto err_fill_flowtable_info; |
3692 |
+ |
3693 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3694 |
+-err: |
3695 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3696 |
++ |
3697 |
++err_fill_flowtable_info: |
3698 |
+ kfree_skb(skb2); |
3699 |
+ return err; |
3700 |
+ } |
3701 |
+@@ -6096,10 +6093,11 @@ static int nf_tables_getgen(struct net *net, struct sock *nlsk, |
3702 |
+ err = nf_tables_fill_gen_info(skb2, net, NETLINK_CB(skb).portid, |
3703 |
+ nlh->nlmsg_seq); |
3704 |
+ if (err < 0) |
3705 |
+- goto err; |
3706 |
++ goto err_fill_gen_info; |
3707 |
+ |
3708 |
+- return nlmsg_unicast(nlsk, skb2, NETLINK_CB(skb).portid); |
3709 |
+-err: |
3710 |
++ return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid); |
3711 |
++ |
3712 |
++err_fill_gen_info: |
3713 |
+ kfree_skb(skb2); |
3714 |
+ return err; |
3715 |
+ } |
3716 |
+diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c |
3717 |
+index 7f2c1915763f8..9bacddc761ba4 100644 |
3718 |
+--- a/net/netfilter/nfnetlink.c |
3719 |
++++ b/net/netfilter/nfnetlink.c |
3720 |
+@@ -148,10 +148,15 @@ int nfnetlink_set_err(struct net *net, u32 portid, u32 group, int error) |
3721 |
+ } |
3722 |
+ EXPORT_SYMBOL_GPL(nfnetlink_set_err); |
3723 |
+ |
3724 |
+-int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u32 portid, |
3725 |
+- int flags) |
3726 |
++int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u32 portid) |
3727 |
+ { |
3728 |
+- return netlink_unicast(net->nfnl, skb, portid, flags); |
3729 |
++ int err; |
3730 |
++ |
3731 |
++ err = nlmsg_unicast(net->nfnl, skb, portid); |
3732 |
++ if (err == -EAGAIN) |
3733 |
++ err = -ENOBUFS; |
3734 |
++ |
3735 |
++ return err; |
3736 |
+ } |
3737 |
+ EXPORT_SYMBOL_GPL(nfnetlink_unicast); |
3738 |
+ |
3739 |
+diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c |
3740 |
+index 332c69d27b478..25298b3eb8546 100644 |
3741 |
+--- a/net/netfilter/nfnetlink_log.c |
3742 |
++++ b/net/netfilter/nfnetlink_log.c |
3743 |
+@@ -359,8 +359,7 @@ __nfulnl_send(struct nfulnl_instance *inst) |
3744 |
+ goto out; |
3745 |
+ } |
3746 |
+ } |
3747 |
+- nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid, |
3748 |
+- MSG_DONTWAIT); |
3749 |
++ nfnetlink_unicast(inst->skb, inst->net, inst->peer_portid); |
3750 |
+ out: |
3751 |
+ inst->qlen = 0; |
3752 |
+ inst->skb = NULL; |
3753 |
+diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c |
3754 |
+index d33094f4ec41e..f81a3ce0fe48e 100644 |
3755 |
+--- a/net/netfilter/nfnetlink_queue.c |
3756 |
++++ b/net/netfilter/nfnetlink_queue.c |
3757 |
+@@ -685,7 +685,7 @@ __nfqnl_enqueue_packet(struct net *net, struct nfqnl_instance *queue, |
3758 |
+ *packet_id_ptr = htonl(entry->id); |
3759 |
+ |
3760 |
+ /* nfnetlink_unicast will either free the nskb or add it to a socket */ |
3761 |
+- err = nfnetlink_unicast(nskb, net, queue->peer_portid, MSG_DONTWAIT); |
3762 |
++ err = nfnetlink_unicast(nskb, net, queue->peer_portid); |
3763 |
+ if (err < 0) { |
3764 |
+ if (queue->flags & NFQA_CFG_F_FAIL_OPEN) { |
3765 |
+ failopen = 1; |
3766 |
+diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c |
3767 |
+index 19446a89a2a81..b1a9f330a51fe 100644 |
3768 |
+--- a/net/netfilter/nft_payload.c |
3769 |
++++ b/net/netfilter/nft_payload.c |
3770 |
+@@ -79,7 +79,9 @@ static void nft_payload_eval(const struct nft_expr *expr, |
3771 |
+ u32 *dest = ®s->data[priv->dreg]; |
3772 |
+ int offset; |
3773 |
+ |
3774 |
+- dest[priv->len / NFT_REG32_SIZE] = 0; |
3775 |
++ if (priv->len % NFT_REG32_SIZE) |
3776 |
++ dest[priv->len / NFT_REG32_SIZE] = 0; |
3777 |
++ |
3778 |
+ switch (priv->base) { |
3779 |
+ case NFT_PAYLOAD_LL_HEADER: |
3780 |
+ if (!skb_mac_header_was_set(skb)) |
3781 |
+diff --git a/net/wireless/reg.c b/net/wireless/reg.c |
3782 |
+index 32f575857e415..935aebf150107 100644 |
3783 |
+--- a/net/wireless/reg.c |
3784 |
++++ b/net/wireless/reg.c |
3785 |
+@@ -2936,6 +2936,9 @@ int regulatory_hint_user(const char *alpha2, |
3786 |
+ if (WARN_ON(!alpha2)) |
3787 |
+ return -EINVAL; |
3788 |
+ |
3789 |
++ if (!is_world_regdom(alpha2) && !is_an_alpha2(alpha2)) |
3790 |
++ return -EINVAL; |
3791 |
++ |
3792 |
+ request = kzalloc(sizeof(struct regulatory_request), GFP_KERNEL); |
3793 |
+ if (!request) |
3794 |
+ return -ENOMEM; |
3795 |
+diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl |
3796 |
+index 161b0224d6ae9..7eb944cbbaeab 100755 |
3797 |
+--- a/scripts/checkpatch.pl |
3798 |
++++ b/scripts/checkpatch.pl |
3799 |
+@@ -2541,8 +2541,8 @@ sub process { |
3800 |
+ |
3801 |
+ # Check if the commit log has what seems like a diff which can confuse patch |
3802 |
+ if ($in_commit_log && !$commit_log_has_diff && |
3803 |
+- (($line =~ m@^\s+diff\b.*a/[\w/]+@ && |
3804 |
+- $line =~ m@^\s+diff\b.*a/([\w/]+)\s+b/$1\b@) || |
3805 |
++ (($line =~ m@^\s+diff\b.*a/([\w/]+)@ && |
3806 |
++ $line =~ m@^\s+diff\b.*a/[\w/]+\s+b/$1\b@) || |
3807 |
+ $line =~ m@^\s*(?:\-\-\-\s+a/|\+\+\+\s+b/)@ || |
3808 |
+ $line =~ m/^\s*\@\@ \-\d+,\d+ \+\d+,\d+ \@\@/)) { |
3809 |
+ ERROR("DIFF_IN_COMMIT_MSG", |
3810 |
+diff --git a/sound/core/oss/mulaw.c b/sound/core/oss/mulaw.c |
3811 |
+index 3788906421a73..fe27034f28460 100644 |
3812 |
+--- a/sound/core/oss/mulaw.c |
3813 |
++++ b/sound/core/oss/mulaw.c |
3814 |
+@@ -329,8 +329,8 @@ int snd_pcm_plugin_build_mulaw(struct snd_pcm_substream *plug, |
3815 |
+ snd_BUG(); |
3816 |
+ return -EINVAL; |
3817 |
+ } |
3818 |
+- if (snd_BUG_ON(!snd_pcm_format_linear(format->format))) |
3819 |
+- return -ENXIO; |
3820 |
++ if (!snd_pcm_format_linear(format->format)) |
3821 |
++ return -EINVAL; |
3822 |
+ |
3823 |
+ err = snd_pcm_plugin_build(plug, "Mu-Law<->linear conversion", |
3824 |
+ src_format, dst_format, |
3825 |
+diff --git a/sound/firewire/digi00x/digi00x.c b/sound/firewire/digi00x/digi00x.c |
3826 |
+index ef689997d6a5b..bf53e342788e2 100644 |
3827 |
+--- a/sound/firewire/digi00x/digi00x.c |
3828 |
++++ b/sound/firewire/digi00x/digi00x.c |
3829 |
+@@ -15,6 +15,7 @@ MODULE_LICENSE("GPL v2"); |
3830 |
+ #define VENDOR_DIGIDESIGN 0x00a07e |
3831 |
+ #define MODEL_CONSOLE 0x000001 |
3832 |
+ #define MODEL_RACK 0x000002 |
3833 |
++#define SPEC_VERSION 0x000001 |
3834 |
+ |
3835 |
+ static int name_card(struct snd_dg00x *dg00x) |
3836 |
+ { |
3837 |
+@@ -185,14 +186,18 @@ static const struct ieee1394_device_id snd_dg00x_id_table[] = { |
3838 |
+ /* Both of 002/003 use the same ID. */ |
3839 |
+ { |
3840 |
+ .match_flags = IEEE1394_MATCH_VENDOR_ID | |
3841 |
++ IEEE1394_MATCH_VERSION | |
3842 |
+ IEEE1394_MATCH_MODEL_ID, |
3843 |
+ .vendor_id = VENDOR_DIGIDESIGN, |
3844 |
++ .version = SPEC_VERSION, |
3845 |
+ .model_id = MODEL_CONSOLE, |
3846 |
+ }, |
3847 |
+ { |
3848 |
+ .match_flags = IEEE1394_MATCH_VENDOR_ID | |
3849 |
++ IEEE1394_MATCH_VERSION | |
3850 |
+ IEEE1394_MATCH_MODEL_ID, |
3851 |
+ .vendor_id = VENDOR_DIGIDESIGN, |
3852 |
++ .version = SPEC_VERSION, |
3853 |
+ .model_id = MODEL_RACK, |
3854 |
+ }, |
3855 |
+ {} |
3856 |
+diff --git a/sound/pci/ca0106/ca0106_main.c b/sound/pci/ca0106/ca0106_main.c |
3857 |
+index cd27b55366544..675b812e96d63 100644 |
3858 |
+--- a/sound/pci/ca0106/ca0106_main.c |
3859 |
++++ b/sound/pci/ca0106/ca0106_main.c |
3860 |
+@@ -551,7 +551,8 @@ static int snd_ca0106_pcm_power_dac(struct snd_ca0106 *chip, int channel_id, |
3861 |
+ else |
3862 |
+ /* Power down */ |
3863 |
+ chip->spi_dac_reg[reg] |= bit; |
3864 |
+- return snd_ca0106_spi_write(chip, chip->spi_dac_reg[reg]); |
3865 |
++ if (snd_ca0106_spi_write(chip, chip->spi_dac_reg[reg]) != 0) |
3866 |
++ return -ENXIO; |
3867 |
+ } |
3868 |
+ return 0; |
3869 |
+ } |
3870 |
+diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c |
3871 |
+index 419d099b5582b..b8e5f2b19ff85 100644 |
3872 |
+--- a/sound/pci/hda/patch_hdmi.c |
3873 |
++++ b/sound/pci/hda/patch_hdmi.c |
3874 |
+@@ -2574,6 +2574,7 @@ static void i915_pin_cvt_fixup(struct hda_codec *codec, |
3875 |
+ hda_nid_t cvt_nid) |
3876 |
+ { |
3877 |
+ if (per_pin) { |
3878 |
++ haswell_verify_D0(codec, per_pin->cvt_nid, per_pin->pin_nid); |
3879 |
+ snd_hda_set_dev_select(codec, per_pin->pin_nid, |
3880 |
+ per_pin->dev_id); |
3881 |
+ intel_verify_pin_cvt_connect(codec, per_pin); |
3882 |
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
3883 |
+index 9c5b3d19bfa73..8092fd5617fa7 100644 |
3884 |
+--- a/sound/pci/hda/patch_realtek.c |
3885 |
++++ b/sound/pci/hda/patch_realtek.c |
3886 |
+@@ -2452,6 +2452,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = { |
3887 |
+ SND_PCI_QUIRK(0x1462, 0x1276, "MSI-GL73", ALC1220_FIXUP_CLEVO_P950), |
3888 |
+ SND_PCI_QUIRK(0x1462, 0x1293, "MSI-GP65", ALC1220_FIXUP_CLEVO_P950), |
3889 |
+ SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD), |
3890 |
++ SND_PCI_QUIRK(0x1462, 0x9c37, "MSI X570-A PRO", ALC1220_FIXUP_CLEVO_P950), |
3891 |
+ SND_PCI_QUIRK(0x1462, 0xda57, "MSI Z270-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), |
3892 |
+ SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3), |
3893 |
+ SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX), |
3894 |
+diff --git a/tools/include/uapi/linux/perf_event.h b/tools/include/uapi/linux/perf_event.h |
3895 |
+index f35eb72739c09..a45e7b4f03163 100644 |
3896 |
+--- a/tools/include/uapi/linux/perf_event.h |
3897 |
++++ b/tools/include/uapi/linux/perf_event.h |
3898 |
+@@ -1079,7 +1079,7 @@ union perf_mem_data_src { |
3899 |
+ |
3900 |
+ #define PERF_MEM_SNOOPX_FWD 0x01 /* forward */ |
3901 |
+ /* 1 free */ |
3902 |
+-#define PERF_MEM_SNOOPX_SHIFT 37 |
3903 |
++#define PERF_MEM_SNOOPX_SHIFT 38 |
3904 |
+ |
3905 |
+ /* locked instruction */ |
3906 |
+ #define PERF_MEM_LOCK_NA 0x01 /* not available */ |
3907 |
+diff --git a/tools/perf/Documentation/perf-record.txt b/tools/perf/Documentation/perf-record.txt |
3908 |
+index 246dee081efda..edf2be251788f 100644 |
3909 |
+--- a/tools/perf/Documentation/perf-record.txt |
3910 |
++++ b/tools/perf/Documentation/perf-record.txt |
3911 |
+@@ -33,6 +33,10 @@ OPTIONS |
3912 |
+ - a raw PMU event (eventsel+umask) in the form of rNNN where NNN is a |
3913 |
+ hexadecimal event descriptor. |
3914 |
+ |
3915 |
++ - a symbolic or raw PMU event followed by an optional colon |
3916 |
++ and a list of event modifiers, e.g., cpu-cycles:p. See the |
3917 |
++ linkperf:perf-list[1] man page for details on event modifiers. |
3918 |
++ |
3919 |
+ - a symbolically formed PMU event like 'pmu/param1=0x3,param2/' where |
3920 |
+ 'param1', 'param2', etc are defined as formats for the PMU in |
3921 |
+ /sys/bus/event_source/devices/<pmu>/format/*. |
3922 |
+diff --git a/tools/perf/Documentation/perf-stat.txt b/tools/perf/Documentation/perf-stat.txt |
3923 |
+index b10a90b6a7181..239af8f71f79b 100644 |
3924 |
+--- a/tools/perf/Documentation/perf-stat.txt |
3925 |
++++ b/tools/perf/Documentation/perf-stat.txt |
3926 |
+@@ -39,6 +39,10 @@ report:: |
3927 |
+ - a raw PMU event (eventsel+umask) in the form of rNNN where NNN is a |
3928 |
+ hexadecimal event descriptor. |
3929 |
+ |
3930 |
++ - a symbolic or raw PMU event followed by an optional colon |
3931 |
++ and a list of event modifiers, e.g., cpu-cycles:p. See the |
3932 |
++ linkperf:perf-list[1] man page for details on event modifiers. |
3933 |
++ |
3934 |
+ - a symbolically formed event like 'pmu/param1=0x3,param2/' where |
3935 |
+ param1 and param2 are defined as formats for the PMU in |
3936 |
+ /sys/bus/event_source/devices/<pmu>/format/* |
3937 |
+diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c |
3938 |
+index 38b5888ef7b38..c17e594041712 100644 |
3939 |
+--- a/tools/perf/pmu-events/jevents.c |
3940 |
++++ b/tools/perf/pmu-events/jevents.c |
3941 |
+@@ -137,7 +137,7 @@ static char *fixregex(char *s) |
3942 |
+ return s; |
3943 |
+ |
3944 |
+ /* allocate space for a new string */ |
3945 |
+- fixed = (char *) malloc(len + 1); |
3946 |
++ fixed = (char *) malloc(len + esc_count + 1); |
3947 |
+ if (!fixed) |
3948 |
+ return NULL; |
3949 |
+ |
3950 |
+diff --git a/tools/testing/selftests/bpf/test_maps.c b/tools/testing/selftests/bpf/test_maps.c |
3951 |
+index 9b552c0fc47db..4e202217fae10 100644 |
3952 |
+--- a/tools/testing/selftests/bpf/test_maps.c |
3953 |
++++ b/tools/testing/selftests/bpf/test_maps.c |
3954 |
+@@ -1017,6 +1017,8 @@ static void __run_parallel(int tasks, void (*fn)(int task, void *data), |
3955 |
+ pid_t pid[tasks]; |
3956 |
+ int i; |
3957 |
+ |
3958 |
++ fflush(stdout); |
3959 |
++ |
3960 |
+ for (i = 0; i < tasks; i++) { |
3961 |
+ pid[i] = fork(); |
3962 |
+ if (pid[i] == 0) { |