1 |
commit: 6e79f651605de012d8a78a3dde1bab966017a0cb |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jan 27 11:41:33 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jan 27 11:41:33 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=6e79f651 |
7 |
|
8 |
Linux patch 4.9.298 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1297_linux-4.9.298.patch | 4800 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 4804 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 124bfa64..52cd88fb 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -1231,6 +1231,10 @@ Patch: 1296_linux-4.9.297.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.297 |
23 |
|
24 |
+Patch: 1297_linux-4.9.298.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.298 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1297_linux-4.9.298.patch b/1297_linux-4.9.298.patch |
33 |
new file mode 100644 |
34 |
index 00000000..26807c93 |
35 |
--- /dev/null |
36 |
+++ b/1297_linux-4.9.298.patch |
37 |
@@ -0,0 +1,4800 @@ |
38 |
+diff --git a/Documentation/rbtree.txt b/Documentation/rbtree.txt |
39 |
+index b9d9cc57be189..9fedfedfd85fc 100644 |
40 |
+--- a/Documentation/rbtree.txt |
41 |
++++ b/Documentation/rbtree.txt |
42 |
+@@ -190,6 +190,39 @@ Example: |
43 |
+ for (node = rb_first(&mytree); node; node = rb_next(node)) |
44 |
+ printk("key=%s\n", rb_entry(node, struct mytype, node)->keystring); |
45 |
+ |
46 |
++Cached rbtrees |
47 |
++-------------- |
48 |
++ |
49 |
++Computing the leftmost (smallest) node is quite a common task for binary |
50 |
++search trees, such as for traversals or users relying on a the particular |
51 |
++order for their own logic. To this end, users can use 'struct rb_root_cached' |
52 |
++to optimize O(logN) rb_first() calls to a simple pointer fetch avoiding |
53 |
++potentially expensive tree iterations. This is done at negligible runtime |
54 |
++overhead for maintanence; albeit larger memory footprint. |
55 |
++ |
56 |
++Similar to the rb_root structure, cached rbtrees are initialized to be |
57 |
++empty via: |
58 |
++ |
59 |
++ struct rb_root_cached mytree = RB_ROOT_CACHED; |
60 |
++ |
61 |
++Cached rbtree is simply a regular rb_root with an extra pointer to cache the |
62 |
++leftmost node. This allows rb_root_cached to exist wherever rb_root does, |
63 |
++which permits augmented trees to be supported as well as only a few extra |
64 |
++interfaces: |
65 |
++ |
66 |
++ struct rb_node *rb_first_cached(struct rb_root_cached *tree); |
67 |
++ void rb_insert_color_cached(struct rb_node *, struct rb_root_cached *, bool); |
68 |
++ void rb_erase_cached(struct rb_node *node, struct rb_root_cached *); |
69 |
++ |
70 |
++Both insert and erase calls have their respective counterpart of augmented |
71 |
++trees: |
72 |
++ |
73 |
++ void rb_insert_augmented_cached(struct rb_node *node, struct rb_root_cached *, |
74 |
++ bool, struct rb_augment_callbacks *); |
75 |
++ void rb_erase_augmented_cached(struct rb_node *, struct rb_root_cached *, |
76 |
++ struct rb_augment_callbacks *); |
77 |
++ |
78 |
++ |
79 |
+ Support for Augmented rbtrees |
80 |
+ ----------------------------- |
81 |
+ |
82 |
+diff --git a/Makefile b/Makefile |
83 |
+index 70a11157b2404..b0f683f18df71 100644 |
84 |
+--- a/Makefile |
85 |
++++ b/Makefile |
86 |
+@@ -1,6 +1,6 @@ |
87 |
+ VERSION = 4 |
88 |
+ PATCHLEVEL = 9 |
89 |
+-SUBLEVEL = 297 |
90 |
++SUBLEVEL = 298 |
91 |
+ EXTRAVERSION = |
92 |
+ NAME = Roaring Lionus |
93 |
+ |
94 |
+diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi |
95 |
+index c2557cf43b3dc..d8bf83d732be3 100644 |
96 |
+--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi |
97 |
++++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi |
98 |
+@@ -25,8 +25,8 @@ |
99 |
+ #size-cells = <2>; |
100 |
+ |
101 |
+ aliases { |
102 |
+- sdhc1 = &sdhc_1; /* SDC1 eMMC slot */ |
103 |
+- sdhc2 = &sdhc_2; /* SDC2 SD card slot */ |
104 |
++ mmc0 = &sdhc_1; /* SDC1 eMMC slot */ |
105 |
++ mmc1 = &sdhc_2; /* SDC2 SD card slot */ |
106 |
+ }; |
107 |
+ |
108 |
+ chosen { }; |
109 |
+diff --git a/arch/mips/bcm63xx/clk.c b/arch/mips/bcm63xx/clk.c |
110 |
+index 4f375050ab8e9..3be875a45c834 100644 |
111 |
+--- a/arch/mips/bcm63xx/clk.c |
112 |
++++ b/arch/mips/bcm63xx/clk.c |
113 |
+@@ -342,6 +342,12 @@ struct clk *clk_get_parent(struct clk *clk) |
114 |
+ } |
115 |
+ EXPORT_SYMBOL(clk_get_parent); |
116 |
+ |
117 |
++int clk_set_parent(struct clk *clk, struct clk *parent) |
118 |
++{ |
119 |
++ return 0; |
120 |
++} |
121 |
++EXPORT_SYMBOL(clk_set_parent); |
122 |
++ |
123 |
+ unsigned long clk_get_rate(struct clk *clk) |
124 |
+ { |
125 |
+ return clk->rate; |
126 |
+diff --git a/arch/mips/include/asm/octeon/cvmx-bootinfo.h b/arch/mips/include/asm/octeon/cvmx-bootinfo.h |
127 |
+index 62787765575ef..ce6e5fddce0bf 100644 |
128 |
+--- a/arch/mips/include/asm/octeon/cvmx-bootinfo.h |
129 |
++++ b/arch/mips/include/asm/octeon/cvmx-bootinfo.h |
130 |
+@@ -315,7 +315,7 @@ enum cvmx_chip_types_enum { |
131 |
+ |
132 |
+ /* Functions to return string based on type */ |
133 |
+ #define ENUM_BRD_TYPE_CASE(x) \ |
134 |
+- case x: return(#x + 16); /* Skip CVMX_BOARD_TYPE_ */ |
135 |
++ case x: return (&#x[16]); /* Skip CVMX_BOARD_TYPE_ */ |
136 |
+ static inline const char *cvmx_board_type_to_string(enum |
137 |
+ cvmx_board_types_enum type) |
138 |
+ { |
139 |
+@@ -404,7 +404,7 @@ static inline const char *cvmx_board_type_to_string(enum |
140 |
+ } |
141 |
+ |
142 |
+ #define ENUM_CHIP_TYPE_CASE(x) \ |
143 |
+- case x: return(#x + 15); /* Skip CVMX_CHIP_TYPE */ |
144 |
++ case x: return (&#x[15]); /* Skip CVMX_CHIP_TYPE */ |
145 |
+ static inline const char *cvmx_chip_type_to_string(enum |
146 |
+ cvmx_chip_types_enum type) |
147 |
+ { |
148 |
+diff --git a/arch/mips/lantiq/clk.c b/arch/mips/lantiq/clk.c |
149 |
+index 149f0513c4f5d..d1de57b86683c 100644 |
150 |
+--- a/arch/mips/lantiq/clk.c |
151 |
++++ b/arch/mips/lantiq/clk.c |
152 |
+@@ -165,6 +165,12 @@ struct clk *of_clk_get_from_provider(struct of_phandle_args *clkspec) |
153 |
+ return NULL; |
154 |
+ } |
155 |
+ |
156 |
++int clk_set_parent(struct clk *clk, struct clk *parent) |
157 |
++{ |
158 |
++ return 0; |
159 |
++} |
160 |
++EXPORT_SYMBOL(clk_set_parent); |
161 |
++ |
162 |
+ static inline u32 get_counter_resolution(void) |
163 |
+ { |
164 |
+ u32 res; |
165 |
+diff --git a/arch/mips/mm/gup.c b/arch/mips/mm/gup.c |
166 |
+index d8c3c159289a2..71a19d20bbb7a 100644 |
167 |
+--- a/arch/mips/mm/gup.c |
168 |
++++ b/arch/mips/mm/gup.c |
169 |
+@@ -271,7 +271,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, |
170 |
+ next = pgd_addr_end(addr, end); |
171 |
+ if (pgd_none(pgd)) |
172 |
+ goto slow; |
173 |
+- if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) |
174 |
++ /* |
175 |
++ * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
176 |
++ * because get_user_pages() may need to cause an early COW in |
177 |
++ * order to avoid confusing the normal COW routines. So only |
178 |
++ * targets that are already writable are safe to do by just |
179 |
++ * looking at the page tables. |
180 |
++ */ |
181 |
++ if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) |
182 |
+ goto slow; |
183 |
+ } while (pgdp++, addr = next, addr != end); |
184 |
+ local_irq_enable(); |
185 |
+diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c |
186 |
+index 11c91697d5f9e..5b41779de2337 100644 |
187 |
+--- a/arch/parisc/kernel/traps.c |
188 |
++++ b/arch/parisc/kernel/traps.c |
189 |
+@@ -793,7 +793,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) |
190 |
+ * unless pagefault_disable() was called before. |
191 |
+ */ |
192 |
+ |
193 |
+- if (fault_space == 0 && !faulthandler_disabled()) |
194 |
++ if (faulthandler_disabled() || fault_space == 0) |
195 |
+ { |
196 |
+ /* Clean up and return if in exception table. */ |
197 |
+ if (fixup_exception(regs)) |
198 |
+diff --git a/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi b/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi |
199 |
+index 7f60b60601764..39b1c1fa0c81f 100644 |
200 |
+--- a/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi |
201 |
++++ b/arch/powerpc/boot/dts/fsl/qoriq-fman3l-0.dtsi |
202 |
+@@ -78,6 +78,7 @@ fman0: fman@400000 { |
203 |
+ #size-cells = <0>; |
204 |
+ compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; |
205 |
+ reg = <0xfc000 0x1000>; |
206 |
++ fsl,erratum-a009885; |
207 |
+ }; |
208 |
+ |
209 |
+ xmdio0: mdio@fd000 { |
210 |
+@@ -85,6 +86,7 @@ fman0: fman@400000 { |
211 |
+ #size-cells = <0>; |
212 |
+ compatible = "fsl,fman-memac-mdio", "fsl,fman-xmdio"; |
213 |
+ reg = <0xfd000 0x1000>; |
214 |
++ fsl,erratum-a009885; |
215 |
+ }; |
216 |
+ |
217 |
+ ptp_timer0: ptp-timer@fe000 { |
218 |
+diff --git a/arch/powerpc/kernel/btext.c b/arch/powerpc/kernel/btext.c |
219 |
+index 8275858a434d9..2d91ba38b4524 100644 |
220 |
+--- a/arch/powerpc/kernel/btext.c |
221 |
++++ b/arch/powerpc/kernel/btext.c |
222 |
+@@ -257,8 +257,10 @@ int __init btext_find_display(int allow_nonstdout) |
223 |
+ rc = btext_initialize(np); |
224 |
+ printk("result: %d\n", rc); |
225 |
+ } |
226 |
+- if (rc == 0) |
227 |
++ if (rc == 0) { |
228 |
++ of_node_put(np); |
229 |
+ break; |
230 |
++ } |
231 |
+ } |
232 |
+ return rc; |
233 |
+ } |
234 |
+diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c |
235 |
+index 1e8c57207346e..df3af10b8cc95 100644 |
236 |
+--- a/arch/powerpc/kernel/prom_init.c |
237 |
++++ b/arch/powerpc/kernel/prom_init.c |
238 |
+@@ -2528,7 +2528,7 @@ static void __init fixup_device_tree_efika_add_phy(void) |
239 |
+ |
240 |
+ /* Check if the phy-handle property exists - bail if it does */ |
241 |
+ rv = prom_getprop(node, "phy-handle", prop, sizeof(prop)); |
242 |
+- if (!rv) |
243 |
++ if (rv <= 0) |
244 |
+ return; |
245 |
+ |
246 |
+ /* |
247 |
+diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c |
248 |
+index 9c6f3fd580597..31675c1d678b6 100644 |
249 |
+--- a/arch/powerpc/kernel/smp.c |
250 |
++++ b/arch/powerpc/kernel/smp.c |
251 |
+@@ -759,10 +759,12 @@ void start_secondary(void *unused) |
252 |
+ BUG(); |
253 |
+ } |
254 |
+ |
255 |
++#ifdef CONFIG_PROFILING |
256 |
+ int setup_profiling_timer(unsigned int multiplier) |
257 |
+ { |
258 |
+ return 0; |
259 |
+ } |
260 |
++#endif |
261 |
+ |
262 |
+ #ifdef CONFIG_SCHED_SMT |
263 |
+ /* cpumask of CPUs with asymetric SMT dependancy */ |
264 |
+diff --git a/arch/powerpc/platforms/cell/iommu.c b/arch/powerpc/platforms/cell/iommu.c |
265 |
+index 7ff51f96a00e8..8df43781f5db9 100644 |
266 |
+--- a/arch/powerpc/platforms/cell/iommu.c |
267 |
++++ b/arch/powerpc/platforms/cell/iommu.c |
268 |
+@@ -1107,6 +1107,7 @@ static int __init cell_iommu_fixed_mapping_init(void) |
269 |
+ if (hbase < dbase || (hend > (dbase + dsize))) { |
270 |
+ pr_debug("iommu: hash window doesn't fit in" |
271 |
+ "real DMA window\n"); |
272 |
++ of_node_put(np); |
273 |
+ return -1; |
274 |
+ } |
275 |
+ } |
276 |
+diff --git a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c |
277 |
+index bf4a125faec66..db2ea6b6889de 100644 |
278 |
+--- a/arch/powerpc/platforms/embedded6xx/hlwd-pic.c |
279 |
++++ b/arch/powerpc/platforms/embedded6xx/hlwd-pic.c |
280 |
+@@ -220,6 +220,7 @@ void hlwd_pic_probe(void) |
281 |
+ irq_set_chained_handler(cascade_virq, |
282 |
+ hlwd_pic_irq_cascade); |
283 |
+ hlwd_irq_host = host; |
284 |
++ of_node_put(np); |
285 |
+ break; |
286 |
+ } |
287 |
+ } |
288 |
+diff --git a/arch/powerpc/platforms/powernv/opal-lpc.c b/arch/powerpc/platforms/powernv/opal-lpc.c |
289 |
+index e4169d68cb328..d28c4a9269c38 100644 |
290 |
+--- a/arch/powerpc/platforms/powernv/opal-lpc.c |
291 |
++++ b/arch/powerpc/platforms/powernv/opal-lpc.c |
292 |
+@@ -401,6 +401,7 @@ void opal_lpc_init(void) |
293 |
+ if (!of_get_property(np, "primary", NULL)) |
294 |
+ continue; |
295 |
+ opal_lpc_chip_id = of_get_ibm_chip_id(np); |
296 |
++ of_node_put(np); |
297 |
+ break; |
298 |
+ } |
299 |
+ if (opal_lpc_chip_id < 0) |
300 |
+diff --git a/arch/s390/mm/gup.c b/arch/s390/mm/gup.c |
301 |
+index cf045f56581e3..be1e2ed6405d3 100644 |
302 |
+--- a/arch/s390/mm/gup.c |
303 |
++++ b/arch/s390/mm/gup.c |
304 |
+@@ -261,7 +261,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, |
305 |
+ |
306 |
+ might_sleep(); |
307 |
+ start &= PAGE_MASK; |
308 |
+- nr = __get_user_pages_fast(start, nr_pages, write, pages); |
309 |
++ /* |
310 |
++ * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
311 |
++ * because get_user_pages() may need to cause an early COW in |
312 |
++ * order to avoid confusing the normal COW routines. So only |
313 |
++ * targets that are already writable are safe to do by just |
314 |
++ * looking at the page tables. |
315 |
++ */ |
316 |
++ nr = __get_user_pages_fast(start, nr_pages, 1, pages); |
317 |
+ if (nr == nr_pages) |
318 |
+ return nr; |
319 |
+ |
320 |
+diff --git a/arch/sh/mm/gup.c b/arch/sh/mm/gup.c |
321 |
+index 063c298ba56cc..7fec66e34af06 100644 |
322 |
+--- a/arch/sh/mm/gup.c |
323 |
++++ b/arch/sh/mm/gup.c |
324 |
+@@ -239,7 +239,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, |
325 |
+ next = pgd_addr_end(addr, end); |
326 |
+ if (pgd_none(pgd)) |
327 |
+ goto slow; |
328 |
+- if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) |
329 |
++ /* |
330 |
++ * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
331 |
++ * because get_user_pages() may need to cause an early COW in |
332 |
++ * order to avoid confusing the normal COW routines. So only |
333 |
++ * targets that are already writable are safe to do by just |
334 |
++ * looking at the page tables. |
335 |
++ */ |
336 |
++ if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) |
337 |
+ goto slow; |
338 |
+ } while (pgdp++, addr = next, addr != end); |
339 |
+ local_irq_enable(); |
340 |
+diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c |
341 |
+index cd0e32bbcb1de..685679f879888 100644 |
342 |
+--- a/arch/sparc/mm/gup.c |
343 |
++++ b/arch/sparc/mm/gup.c |
344 |
+@@ -218,7 +218,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, |
345 |
+ next = pgd_addr_end(addr, end); |
346 |
+ if (pgd_none(pgd)) |
347 |
+ goto slow; |
348 |
+- if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) |
349 |
++ /* |
350 |
++ * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
351 |
++ * because get_user_pages() may need to cause an early COW in |
352 |
++ * order to avoid confusing the normal COW routines. So only |
353 |
++ * targets that are already writable are safe to do by just |
354 |
++ * looking at the page tables. |
355 |
++ */ |
356 |
++ if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) |
357 |
+ goto slow; |
358 |
+ } while (pgdp++, addr = next, addr != end); |
359 |
+ |
360 |
+diff --git a/arch/um/include/shared/registers.h b/arch/um/include/shared/registers.h |
361 |
+index a74449b5b0e31..12ad7c435e97f 100644 |
362 |
+--- a/arch/um/include/shared/registers.h |
363 |
++++ b/arch/um/include/shared/registers.h |
364 |
+@@ -16,8 +16,8 @@ extern int restore_fp_registers(int pid, unsigned long *fp_regs); |
365 |
+ extern int save_fpx_registers(int pid, unsigned long *fp_regs); |
366 |
+ extern int restore_fpx_registers(int pid, unsigned long *fp_regs); |
367 |
+ extern int save_registers(int pid, struct uml_pt_regs *regs); |
368 |
+-extern int restore_registers(int pid, struct uml_pt_regs *regs); |
369 |
+-extern int init_registers(int pid); |
370 |
++extern int restore_pid_registers(int pid, struct uml_pt_regs *regs); |
371 |
++extern int init_pid_registers(int pid); |
372 |
+ extern void get_safe_registers(unsigned long *regs, unsigned long *fp_regs); |
373 |
+ extern unsigned long get_thread_reg(int reg, jmp_buf *buf); |
374 |
+ extern int get_fp_registers(int pid, unsigned long *regs); |
375 |
+diff --git a/arch/um/os-Linux/registers.c b/arch/um/os-Linux/registers.c |
376 |
+index 2ff8d4fe83c4f..34a5963bd7efd 100644 |
377 |
+--- a/arch/um/os-Linux/registers.c |
378 |
++++ b/arch/um/os-Linux/registers.c |
379 |
+@@ -21,7 +21,7 @@ int save_registers(int pid, struct uml_pt_regs *regs) |
380 |
+ return 0; |
381 |
+ } |
382 |
+ |
383 |
+-int restore_registers(int pid, struct uml_pt_regs *regs) |
384 |
++int restore_pid_registers(int pid, struct uml_pt_regs *regs) |
385 |
+ { |
386 |
+ int err; |
387 |
+ |
388 |
+@@ -36,7 +36,7 @@ int restore_registers(int pid, struct uml_pt_regs *regs) |
389 |
+ static unsigned long exec_regs[MAX_REG_NR]; |
390 |
+ static unsigned long exec_fp_regs[FP_SIZE]; |
391 |
+ |
392 |
+-int init_registers(int pid) |
393 |
++int init_pid_registers(int pid) |
394 |
+ { |
395 |
+ int err; |
396 |
+ |
397 |
+diff --git a/arch/um/os-Linux/start_up.c b/arch/um/os-Linux/start_up.c |
398 |
+index 22a358ef1b0cd..dc06933ba63d9 100644 |
399 |
+--- a/arch/um/os-Linux/start_up.c |
400 |
++++ b/arch/um/os-Linux/start_up.c |
401 |
+@@ -334,7 +334,7 @@ void __init os_early_checks(void) |
402 |
+ check_tmpexec(); |
403 |
+ |
404 |
+ pid = start_ptraced_child(); |
405 |
+- if (init_registers(pid)) |
406 |
++ if (init_pid_registers(pid)) |
407 |
+ fatal("Failed to initialize default registers"); |
408 |
+ stop_ptraced_child(pid, 1, 1); |
409 |
+ } |
410 |
+diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c |
411 |
+index 82f727fbbbd2c..549f89fb3abc9 100644 |
412 |
+--- a/arch/x86/mm/gup.c |
413 |
++++ b/arch/x86/mm/gup.c |
414 |
+@@ -454,7 +454,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, |
415 |
+ next = pgd_addr_end(addr, end); |
416 |
+ if (pgd_none(pgd)) |
417 |
+ goto slow; |
418 |
+- if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) |
419 |
++ /* |
420 |
++ * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
421 |
++ * because get_user_pages() may need to cause an early COW in |
422 |
++ * order to avoid confusing the normal COW routines. So only |
423 |
++ * targets that are already writable are safe to do by just |
424 |
++ * looking at the page tables. |
425 |
++ */ |
426 |
++ if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) |
427 |
+ goto slow; |
428 |
+ } while (pgdp++, addr = next, addr != end); |
429 |
+ local_irq_enable(); |
430 |
+diff --git a/arch/x86/um/syscalls_64.c b/arch/x86/um/syscalls_64.c |
431 |
+index e6552275320bc..40ecacb2c54b3 100644 |
432 |
+--- a/arch/x86/um/syscalls_64.c |
433 |
++++ b/arch/x86/um/syscalls_64.c |
434 |
+@@ -9,6 +9,7 @@ |
435 |
+ #include <linux/uaccess.h> |
436 |
+ #include <asm/prctl.h> /* XXX This should get the constants from libc */ |
437 |
+ #include <os.h> |
438 |
++#include <registers.h> |
439 |
+ |
440 |
+ long arch_prctl(struct task_struct *task, int code, unsigned long __user *addr) |
441 |
+ { |
442 |
+@@ -32,7 +33,7 @@ long arch_prctl(struct task_struct *task, int code, unsigned long __user *addr) |
443 |
+ switch (code) { |
444 |
+ case ARCH_SET_FS: |
445 |
+ case ARCH_SET_GS: |
446 |
+- ret = restore_registers(pid, ¤t->thread.regs.regs); |
447 |
++ ret = restore_pid_registers(pid, ¤t->thread.regs.regs); |
448 |
+ if (ret) |
449 |
+ return ret; |
450 |
+ break; |
451 |
+diff --git a/drivers/acpi/acpica/exoparg1.c b/drivers/acpi/acpica/exoparg1.c |
452 |
+index 007300433cdea..1cea26a741474 100644 |
453 |
+--- a/drivers/acpi/acpica/exoparg1.c |
454 |
++++ b/drivers/acpi/acpica/exoparg1.c |
455 |
+@@ -1029,7 +1029,8 @@ acpi_status acpi_ex_opcode_1A_0T_1R(struct acpi_walk_state *walk_state) |
456 |
+ (walk_state, return_desc, |
457 |
+ &temp_desc); |
458 |
+ if (ACPI_FAILURE(status)) { |
459 |
+- goto cleanup; |
460 |
++ return_ACPI_STATUS |
461 |
++ (status); |
462 |
+ } |
463 |
+ |
464 |
+ return_desc = temp_desc; |
465 |
+diff --git a/drivers/acpi/acpica/utdelete.c b/drivers/acpi/acpica/utdelete.c |
466 |
+index 03a2282ceb9ca..81a9c47973ce8 100644 |
467 |
+--- a/drivers/acpi/acpica/utdelete.c |
468 |
++++ b/drivers/acpi/acpica/utdelete.c |
469 |
+@@ -440,6 +440,7 @@ acpi_ut_update_ref_count(union acpi_operand_object *object, u32 action) |
470 |
+ ACPI_WARNING((AE_INFO, |
471 |
+ "Obj %p, Reference Count is already zero, cannot decrement\n", |
472 |
+ object)); |
473 |
++ return; |
474 |
+ } |
475 |
+ |
476 |
+ ACPI_DEBUG_PRINT((ACPI_DB_ALLOCATIONS, |
477 |
+diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c |
478 |
+index 4496e7a492352..7164be9710e51 100644 |
479 |
+--- a/drivers/block/floppy.c |
480 |
++++ b/drivers/block/floppy.c |
481 |
+@@ -994,7 +994,7 @@ static DECLARE_DELAYED_WORK(fd_timer, fd_timer_workfn); |
482 |
+ static void cancel_activity(void) |
483 |
+ { |
484 |
+ do_floppy = NULL; |
485 |
+- cancel_delayed_work_sync(&fd_timer); |
486 |
++ cancel_delayed_work(&fd_timer); |
487 |
+ cancel_work_sync(&floppy_work); |
488 |
+ } |
489 |
+ |
490 |
+@@ -3116,6 +3116,8 @@ static void raw_cmd_free(struct floppy_raw_cmd **ptr) |
491 |
+ } |
492 |
+ } |
493 |
+ |
494 |
++#define MAX_LEN (1UL << MAX_ORDER << PAGE_SHIFT) |
495 |
++ |
496 |
+ static int raw_cmd_copyin(int cmd, void __user *param, |
497 |
+ struct floppy_raw_cmd **rcmd) |
498 |
+ { |
499 |
+@@ -3153,7 +3155,7 @@ loop: |
500 |
+ ptr->resultcode = 0; |
501 |
+ |
502 |
+ if (ptr->flags & (FD_RAW_READ | FD_RAW_WRITE)) { |
503 |
+- if (ptr->length <= 0) |
504 |
++ if (ptr->length <= 0 || ptr->length >= MAX_LEN) |
505 |
+ return -EINVAL; |
506 |
+ ptr->kernel_data = (char *)fd_dma_mem_alloc(ptr->length); |
507 |
+ fallback_on_nodma_alloc(&ptr->kernel_data, ptr->length); |
508 |
+diff --git a/drivers/bluetooth/bfusb.c b/drivers/bluetooth/bfusb.c |
509 |
+index 3bf4ec60e0736..cee2de027e5ad 100644 |
510 |
+--- a/drivers/bluetooth/bfusb.c |
511 |
++++ b/drivers/bluetooth/bfusb.c |
512 |
+@@ -644,6 +644,9 @@ static int bfusb_probe(struct usb_interface *intf, const struct usb_device_id *i |
513 |
+ data->bulk_out_ep = bulk_out_ep->desc.bEndpointAddress; |
514 |
+ data->bulk_pkt_size = le16_to_cpu(bulk_out_ep->desc.wMaxPacketSize); |
515 |
+ |
516 |
++ if (!data->bulk_pkt_size) |
517 |
++ goto done; |
518 |
++ |
519 |
+ rwlock_init(&data->lock); |
520 |
+ |
521 |
+ data->reassembly = NULL; |
522 |
+diff --git a/drivers/char/mwave/3780i.h b/drivers/char/mwave/3780i.h |
523 |
+index 9ccb6b270b071..95164246afd1a 100644 |
524 |
+--- a/drivers/char/mwave/3780i.h |
525 |
++++ b/drivers/char/mwave/3780i.h |
526 |
+@@ -68,7 +68,7 @@ typedef struct { |
527 |
+ unsigned char ClockControl:1; /* RW: Clock control: 0=normal, 1=stop 3780i clocks */ |
528 |
+ unsigned char SoftReset:1; /* RW: Soft reset 0=normal, 1=soft reset active */ |
529 |
+ unsigned char ConfigMode:1; /* RW: Configuration mode, 0=normal, 1=config mode */ |
530 |
+- unsigned char Reserved:5; /* 0: Reserved */ |
531 |
++ unsigned short Reserved:13; /* 0: Reserved */ |
532 |
+ } DSP_ISA_SLAVE_CONTROL; |
533 |
+ |
534 |
+ |
535 |
+diff --git a/drivers/char/random.c b/drivers/char/random.c |
536 |
+index 2184d87623272..70ee86e034fcd 100644 |
537 |
+--- a/drivers/char/random.c |
538 |
++++ b/drivers/char/random.c |
539 |
+@@ -845,8 +845,8 @@ static void do_numa_crng_init(struct work_struct *work) |
540 |
+ crng_initialize(crng); |
541 |
+ pool[i] = crng; |
542 |
+ } |
543 |
+- mb(); |
544 |
+- if (cmpxchg(&crng_node_pool, NULL, pool)) { |
545 |
++ /* pairs with READ_ONCE() in select_crng() */ |
546 |
++ if (cmpxchg_release(&crng_node_pool, NULL, pool) != NULL) { |
547 |
+ for_each_node(i) |
548 |
+ kfree(pool[i]); |
549 |
+ kfree(pool); |
550 |
+@@ -859,8 +859,26 @@ static void numa_crng_init(void) |
551 |
+ { |
552 |
+ schedule_work(&numa_crng_init_work); |
553 |
+ } |
554 |
++ |
555 |
++static struct crng_state *select_crng(void) |
556 |
++{ |
557 |
++ struct crng_state **pool; |
558 |
++ int nid = numa_node_id(); |
559 |
++ |
560 |
++ /* pairs with cmpxchg_release() in do_numa_crng_init() */ |
561 |
++ pool = READ_ONCE(crng_node_pool); |
562 |
++ if (pool && pool[nid]) |
563 |
++ return pool[nid]; |
564 |
++ |
565 |
++ return &primary_crng; |
566 |
++} |
567 |
+ #else |
568 |
+ static void numa_crng_init(void) {} |
569 |
++ |
570 |
++static struct crng_state *select_crng(void) |
571 |
++{ |
572 |
++ return &primary_crng; |
573 |
++} |
574 |
+ #endif |
575 |
+ |
576 |
+ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) |
577 |
+@@ -890,7 +908,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) |
578 |
+ crng->state[i+4] ^= buf.key[i] ^ rv; |
579 |
+ } |
580 |
+ memzero_explicit(&buf, sizeof(buf)); |
581 |
+- crng->init_time = jiffies; |
582 |
++ WRITE_ONCE(crng->init_time, jiffies); |
583 |
+ if (crng == &primary_crng && crng_init < 2) { |
584 |
+ numa_crng_init(); |
585 |
+ crng_init = 2; |
586 |
+@@ -928,12 +946,15 @@ static inline void crng_wait_ready(void) |
587 |
+ static void _extract_crng(struct crng_state *crng, |
588 |
+ __u8 out[CHACHA20_BLOCK_SIZE]) |
589 |
+ { |
590 |
+- unsigned long v, flags; |
591 |
+- |
592 |
+- if (crng_ready() && |
593 |
+- (time_after(crng_global_init_time, crng->init_time) || |
594 |
+- time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL))) |
595 |
+- crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL); |
596 |
++ unsigned long v, flags, init_time; |
597 |
++ |
598 |
++ if (crng_ready()) { |
599 |
++ init_time = READ_ONCE(crng->init_time); |
600 |
++ if (time_after(READ_ONCE(crng_global_init_time), init_time) || |
601 |
++ time_after(jiffies, init_time + CRNG_RESEED_INTERVAL)) |
602 |
++ crng_reseed(crng, crng == &primary_crng ? |
603 |
++ &input_pool : NULL); |
604 |
++ } |
605 |
+ spin_lock_irqsave(&crng->lock, flags); |
606 |
+ if (arch_get_random_long(&v)) |
607 |
+ crng->state[14] ^= v; |
608 |
+@@ -945,15 +966,7 @@ static void _extract_crng(struct crng_state *crng, |
609 |
+ |
610 |
+ static void extract_crng(__u8 out[CHACHA20_BLOCK_SIZE]) |
611 |
+ { |
612 |
+- struct crng_state *crng = NULL; |
613 |
+- |
614 |
+-#ifdef CONFIG_NUMA |
615 |
+- if (crng_node_pool) |
616 |
+- crng = crng_node_pool[numa_node_id()]; |
617 |
+- if (crng == NULL) |
618 |
+-#endif |
619 |
+- crng = &primary_crng; |
620 |
+- _extract_crng(crng, out); |
621 |
++ _extract_crng(select_crng(), out); |
622 |
+ } |
623 |
+ |
624 |
+ /* |
625 |
+@@ -982,15 +995,7 @@ static void _crng_backtrack_protect(struct crng_state *crng, |
626 |
+ |
627 |
+ static void crng_backtrack_protect(__u8 tmp[CHACHA20_BLOCK_SIZE], int used) |
628 |
+ { |
629 |
+- struct crng_state *crng = NULL; |
630 |
+- |
631 |
+-#ifdef CONFIG_NUMA |
632 |
+- if (crng_node_pool) |
633 |
+- crng = crng_node_pool[numa_node_id()]; |
634 |
+- if (crng == NULL) |
635 |
+-#endif |
636 |
+- crng = &primary_crng; |
637 |
+- _crng_backtrack_protect(crng, tmp, used); |
638 |
++ _crng_backtrack_protect(select_crng(), tmp, used); |
639 |
+ } |
640 |
+ |
641 |
+ static ssize_t extract_crng_user(void __user *buf, size_t nbytes) |
642 |
+@@ -1914,7 +1919,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
643 |
+ if (crng_init < 2) |
644 |
+ return -ENODATA; |
645 |
+ crng_reseed(&primary_crng, &input_pool); |
646 |
+- crng_global_init_time = jiffies - 1; |
647 |
++ WRITE_ONCE(crng_global_init_time, jiffies - 1); |
648 |
+ return 0; |
649 |
+ default: |
650 |
+ return -EINVAL; |
651 |
+diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c |
652 |
+index 47e114ac09d01..ff1e788f92767 100644 |
653 |
+--- a/drivers/crypto/qce/sha.c |
654 |
++++ b/drivers/crypto/qce/sha.c |
655 |
+@@ -544,8 +544,8 @@ static int qce_ahash_register_one(const struct qce_ahash_def *def, |
656 |
+ |
657 |
+ ret = crypto_register_ahash(alg); |
658 |
+ if (ret) { |
659 |
+- kfree(tmpl); |
660 |
+ dev_err(qce->dev, "%s registration failed\n", base->cra_name); |
661 |
++ kfree(tmpl); |
662 |
+ return ret; |
663 |
+ } |
664 |
+ |
665 |
+diff --git a/drivers/dma/at_xdmac.c b/drivers/dma/at_xdmac.c |
666 |
+index a505be9ef96da..c15ca560fe60d 100644 |
667 |
+--- a/drivers/dma/at_xdmac.c |
668 |
++++ b/drivers/dma/at_xdmac.c |
669 |
+@@ -100,6 +100,7 @@ |
670 |
+ #define AT_XDMAC_CNDC_NDE (0x1 << 0) /* Channel x Next Descriptor Enable */ |
671 |
+ #define AT_XDMAC_CNDC_NDSUP (0x1 << 1) /* Channel x Next Descriptor Source Update */ |
672 |
+ #define AT_XDMAC_CNDC_NDDUP (0x1 << 2) /* Channel x Next Descriptor Destination Update */ |
673 |
++#define AT_XDMAC_CNDC_NDVIEW_MASK GENMASK(28, 27) |
674 |
+ #define AT_XDMAC_CNDC_NDVIEW_NDV0 (0x0 << 3) /* Channel x Next Descriptor View 0 */ |
675 |
+ #define AT_XDMAC_CNDC_NDVIEW_NDV1 (0x1 << 3) /* Channel x Next Descriptor View 1 */ |
676 |
+ #define AT_XDMAC_CNDC_NDVIEW_NDV2 (0x2 << 3) /* Channel x Next Descriptor View 2 */ |
677 |
+@@ -232,15 +233,15 @@ struct at_xdmac { |
678 |
+ |
679 |
+ /* Linked List Descriptor */ |
680 |
+ struct at_xdmac_lld { |
681 |
+- dma_addr_t mbr_nda; /* Next Descriptor Member */ |
682 |
+- u32 mbr_ubc; /* Microblock Control Member */ |
683 |
+- dma_addr_t mbr_sa; /* Source Address Member */ |
684 |
+- dma_addr_t mbr_da; /* Destination Address Member */ |
685 |
+- u32 mbr_cfg; /* Configuration Register */ |
686 |
+- u32 mbr_bc; /* Block Control Register */ |
687 |
+- u32 mbr_ds; /* Data Stride Register */ |
688 |
+- u32 mbr_sus; /* Source Microblock Stride Register */ |
689 |
+- u32 mbr_dus; /* Destination Microblock Stride Register */ |
690 |
++ u32 mbr_nda; /* Next Descriptor Member */ |
691 |
++ u32 mbr_ubc; /* Microblock Control Member */ |
692 |
++ u32 mbr_sa; /* Source Address Member */ |
693 |
++ u32 mbr_da; /* Destination Address Member */ |
694 |
++ u32 mbr_cfg; /* Configuration Register */ |
695 |
++ u32 mbr_bc; /* Block Control Register */ |
696 |
++ u32 mbr_ds; /* Data Stride Register */ |
697 |
++ u32 mbr_sus; /* Source Microblock Stride Register */ |
698 |
++ u32 mbr_dus; /* Destination Microblock Stride Register */ |
699 |
+ }; |
700 |
+ |
701 |
+ /* 64-bit alignment needed to update CNDA and CUBC registers in an atomic way. */ |
702 |
+@@ -345,9 +346,6 @@ static void at_xdmac_start_xfer(struct at_xdmac_chan *atchan, |
703 |
+ |
704 |
+ dev_vdbg(chan2dev(&atchan->chan), "%s: desc 0x%p\n", __func__, first); |
705 |
+ |
706 |
+- if (at_xdmac_chan_is_enabled(atchan)) |
707 |
+- return; |
708 |
+- |
709 |
+ /* Set transfer as active to not try to start it again. */ |
710 |
+ first->active_xfer = true; |
711 |
+ |
712 |
+@@ -363,7 +361,8 @@ static void at_xdmac_start_xfer(struct at_xdmac_chan *atchan, |
713 |
+ */ |
714 |
+ if (at_xdmac_chan_is_cyclic(atchan)) |
715 |
+ reg = AT_XDMAC_CNDC_NDVIEW_NDV1; |
716 |
+- else if (first->lld.mbr_ubc & AT_XDMAC_MBR_UBC_NDV3) |
717 |
++ else if ((first->lld.mbr_ubc & |
718 |
++ AT_XDMAC_CNDC_NDVIEW_MASK) == AT_XDMAC_MBR_UBC_NDV3) |
719 |
+ reg = AT_XDMAC_CNDC_NDVIEW_NDV3; |
720 |
+ else |
721 |
+ reg = AT_XDMAC_CNDC_NDVIEW_NDV2; |
722 |
+@@ -428,13 +427,12 @@ static dma_cookie_t at_xdmac_tx_submit(struct dma_async_tx_descriptor *tx) |
723 |
+ spin_lock_irqsave(&atchan->lock, irqflags); |
724 |
+ cookie = dma_cookie_assign(tx); |
725 |
+ |
726 |
++ list_add_tail(&desc->xfer_node, &atchan->xfers_list); |
727 |
++ spin_unlock_irqrestore(&atchan->lock, irqflags); |
728 |
++ |
729 |
+ dev_vdbg(chan2dev(tx->chan), "%s: atchan 0x%p, add desc 0x%p to xfers_list\n", |
730 |
+ __func__, atchan, desc); |
731 |
+- list_add_tail(&desc->xfer_node, &atchan->xfers_list); |
732 |
+- if (list_is_singular(&atchan->xfers_list)) |
733 |
+- at_xdmac_start_xfer(atchan, desc); |
734 |
+ |
735 |
+- spin_unlock_irqrestore(&atchan->lock, irqflags); |
736 |
+ return cookie; |
737 |
+ } |
738 |
+ |
739 |
+diff --git a/drivers/dma/mmp_pdma.c b/drivers/dma/mmp_pdma.c |
740 |
+index eb3a1f42ab065..e8b2d3e31de80 100644 |
741 |
+--- a/drivers/dma/mmp_pdma.c |
742 |
++++ b/drivers/dma/mmp_pdma.c |
743 |
+@@ -722,12 +722,6 @@ static int mmp_pdma_config(struct dma_chan *dchan, |
744 |
+ |
745 |
+ chan->dir = cfg->direction; |
746 |
+ chan->dev_addr = addr; |
747 |
+- /* FIXME: drivers should be ported over to use the filter |
748 |
+- * function. Once that's done, the following two lines can |
749 |
+- * be removed. |
750 |
+- */ |
751 |
+- if (cfg->slave_id) |
752 |
+- chan->drcmr = cfg->slave_id; |
753 |
+ |
754 |
+ return 0; |
755 |
+ } |
756 |
+diff --git a/drivers/dma/pxa_dma.c b/drivers/dma/pxa_dma.c |
757 |
+index 3f56f9ca44824..5bd1ade187d3f 100644 |
758 |
+--- a/drivers/dma/pxa_dma.c |
759 |
++++ b/drivers/dma/pxa_dma.c |
760 |
+@@ -975,13 +975,6 @@ static void pxad_get_config(struct pxad_chan *chan, |
761 |
+ *dcmd |= PXA_DCMD_BURST16; |
762 |
+ else if (maxburst == 32) |
763 |
+ *dcmd |= PXA_DCMD_BURST32; |
764 |
+- |
765 |
+- /* FIXME: drivers should be ported over to use the filter |
766 |
+- * function. Once that's done, the following two lines can |
767 |
+- * be removed. |
768 |
+- */ |
769 |
+- if (chan->cfg.slave_id) |
770 |
+- chan->drcmr = chan->cfg.slave_id; |
771 |
+ } |
772 |
+ |
773 |
+ static struct dma_async_tx_descriptor * |
774 |
+diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c |
775 |
+index 986248f7011aa..c479280590e42 100644 |
776 |
+--- a/drivers/gpio/gpiolib-acpi.c |
777 |
++++ b/drivers/gpio/gpiolib-acpi.c |
778 |
+@@ -675,10 +675,17 @@ int acpi_dev_gpio_irq_get(struct acpi_device *adev, int index) |
779 |
+ irq_flags = acpi_dev_get_irq_type(info.triggering, |
780 |
+ info.polarity); |
781 |
+ |
782 |
+- /* Set type if specified and different than the current one */ |
783 |
+- if (irq_flags != IRQ_TYPE_NONE && |
784 |
+- irq_flags != irq_get_trigger_type(irq)) |
785 |
+- irq_set_irq_type(irq, irq_flags); |
786 |
++ /* |
787 |
++ * If the IRQ is not already in use then set type |
788 |
++ * if specified and different than the current one. |
789 |
++ */ |
790 |
++ if (can_request_irq(irq, irq_flags)) { |
791 |
++ if (irq_flags != IRQ_TYPE_NONE && |
792 |
++ irq_flags != irq_get_trigger_type(irq)) |
793 |
++ irq_set_irq_type(irq, irq_flags); |
794 |
++ } else { |
795 |
++ dev_dbg(&adev->dev, "IRQ %d already in use\n", irq); |
796 |
++ } |
797 |
+ |
798 |
+ return irq; |
799 |
+ } |
800 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |
801 |
+index eb79d0d3d34f1..7264169d5f2a7 100644 |
802 |
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |
803 |
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |
804 |
+@@ -404,6 +404,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder) |
805 |
+ native_mode->vdisplay != 0 && |
806 |
+ native_mode->clock != 0) { |
807 |
+ mode = drm_mode_duplicate(dev, native_mode); |
808 |
++ if (!mode) |
809 |
++ return NULL; |
810 |
++ |
811 |
+ mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER; |
812 |
+ drm_mode_set_name(mode); |
813 |
+ |
814 |
+@@ -418,6 +421,9 @@ amdgpu_connector_lcd_native_mode(struct drm_encoder *encoder) |
815 |
+ * simpler. |
816 |
+ */ |
817 |
+ mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false); |
818 |
++ if (!mode) |
819 |
++ return NULL; |
820 |
++ |
821 |
+ mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER; |
822 |
+ DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name); |
823 |
+ } |
824 |
+diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c |
825 |
+index 07d2a8e7f78c3..202c00b17df2d 100644 |
826 |
+--- a/drivers/gpu/drm/i915/intel_pm.c |
827 |
++++ b/drivers/gpu/drm/i915/intel_pm.c |
828 |
+@@ -2274,9 +2274,9 @@ static void snb_wm_latency_quirk(struct drm_device *dev) |
829 |
+ * The BIOS provided WM memory latency values are often |
830 |
+ * inadequate for high resolution displays. Adjust them. |
831 |
+ */ |
832 |
+- changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12) | |
833 |
+- ilk_increase_wm_latency(dev_priv, dev_priv->wm.spr_latency, 12) | |
834 |
+- ilk_increase_wm_latency(dev_priv, dev_priv->wm.cur_latency, 12); |
835 |
++ changed = ilk_increase_wm_latency(dev_priv, dev_priv->wm.pri_latency, 12); |
836 |
++ changed |= ilk_increase_wm_latency(dev_priv, dev_priv->wm.spr_latency, 12); |
837 |
++ changed |= ilk_increase_wm_latency(dev_priv, dev_priv->wm.cur_latency, 12); |
838 |
+ |
839 |
+ if (!changed) |
840 |
+ return; |
841 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_sgdma.c b/drivers/gpu/drm/nouveau/nouveau_sgdma.c |
842 |
+index db35ab5883acd..d3bfd7912a994 100644 |
843 |
+--- a/drivers/gpu/drm/nouveau/nouveau_sgdma.c |
844 |
++++ b/drivers/gpu/drm/nouveau/nouveau_sgdma.c |
845 |
+@@ -105,12 +105,9 @@ nouveau_sgdma_create_ttm(struct ttm_bo_device *bdev, |
846 |
+ else |
847 |
+ nvbe->ttm.ttm.func = &nv50_sgdma_backend; |
848 |
+ |
849 |
+- if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page)) |
850 |
+- /* |
851 |
+- * A failing ttm_dma_tt_init() will call ttm_tt_destroy() |
852 |
+- * and thus our nouveau_sgdma_destroy() hook, so we don't need |
853 |
+- * to free nvbe here. |
854 |
+- */ |
855 |
++ if (ttm_dma_tt_init(&nvbe->ttm, bdev, size, page_flags, dummy_read_page)) { |
856 |
++ kfree(nvbe); |
857 |
+ return NULL; |
858 |
++ } |
859 |
+ return &nvbe->ttm.ttm; |
860 |
+ } |
861 |
+diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c |
862 |
+index 61000e3b2e793..b55403c99d804 100644 |
863 |
+--- a/drivers/gpu/drm/radeon/radeon_kms.c |
864 |
++++ b/drivers/gpu/drm/radeon/radeon_kms.c |
865 |
+@@ -630,6 +630,8 @@ void radeon_driver_lastclose_kms(struct drm_device *dev) |
866 |
+ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv) |
867 |
+ { |
868 |
+ struct radeon_device *rdev = dev->dev_private; |
869 |
++ struct radeon_fpriv *fpriv; |
870 |
++ struct radeon_vm *vm; |
871 |
+ int r; |
872 |
+ |
873 |
+ file_priv->driver_priv = NULL; |
874 |
+@@ -642,48 +644,52 @@ int radeon_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv) |
875 |
+ |
876 |
+ /* new gpu have virtual address space support */ |
877 |
+ if (rdev->family >= CHIP_CAYMAN) { |
878 |
+- struct radeon_fpriv *fpriv; |
879 |
+- struct radeon_vm *vm; |
880 |
+ |
881 |
+ fpriv = kzalloc(sizeof(*fpriv), GFP_KERNEL); |
882 |
+ if (unlikely(!fpriv)) { |
883 |
+ r = -ENOMEM; |
884 |
+- goto out_suspend; |
885 |
++ goto err_suspend; |
886 |
+ } |
887 |
+ |
888 |
+ if (rdev->accel_working) { |
889 |
+ vm = &fpriv->vm; |
890 |
+ r = radeon_vm_init(rdev, vm); |
891 |
+- if (r) { |
892 |
+- kfree(fpriv); |
893 |
+- goto out_suspend; |
894 |
+- } |
895 |
++ if (r) |
896 |
++ goto err_fpriv; |
897 |
+ |
898 |
+ r = radeon_bo_reserve(rdev->ring_tmp_bo.bo, false); |
899 |
+- if (r) { |
900 |
+- radeon_vm_fini(rdev, vm); |
901 |
+- kfree(fpriv); |
902 |
+- goto out_suspend; |
903 |
+- } |
904 |
++ if (r) |
905 |
++ goto err_vm_fini; |
906 |
+ |
907 |
+ /* map the ib pool buffer read only into |
908 |
+ * virtual address space */ |
909 |
+ vm->ib_bo_va = radeon_vm_bo_add(rdev, vm, |
910 |
+ rdev->ring_tmp_bo.bo); |
911 |
++ if (!vm->ib_bo_va) { |
912 |
++ r = -ENOMEM; |
913 |
++ goto err_vm_fini; |
914 |
++ } |
915 |
++ |
916 |
+ r = radeon_vm_bo_set_addr(rdev, vm->ib_bo_va, |
917 |
+ RADEON_VA_IB_OFFSET, |
918 |
+ RADEON_VM_PAGE_READABLE | |
919 |
+ RADEON_VM_PAGE_SNOOPED); |
920 |
+- if (r) { |
921 |
+- radeon_vm_fini(rdev, vm); |
922 |
+- kfree(fpriv); |
923 |
+- goto out_suspend; |
924 |
+- } |
925 |
++ if (r) |
926 |
++ goto err_vm_fini; |
927 |
+ } |
928 |
+ file_priv->driver_priv = fpriv; |
929 |
+ } |
930 |
+ |
931 |
+-out_suspend: |
932 |
++ pm_runtime_mark_last_busy(dev->dev); |
933 |
++ pm_runtime_put_autosuspend(dev->dev); |
934 |
++ return 0; |
935 |
++ |
936 |
++err_vm_fini: |
937 |
++ radeon_vm_fini(rdev, vm); |
938 |
++err_fpriv: |
939 |
++ kfree(fpriv); |
940 |
++ |
941 |
++err_suspend: |
942 |
+ pm_runtime_mark_last_busy(dev->dev); |
943 |
+ pm_runtime_put_autosuspend(dev->dev); |
944 |
+ return r; |
945 |
+diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c |
946 |
+index aee3c00f836e7..e4e24be523533 100644 |
947 |
+--- a/drivers/gpu/drm/ttm/ttm_tt.c |
948 |
++++ b/drivers/gpu/drm/ttm/ttm_tt.c |
949 |
+@@ -195,7 +195,6 @@ int ttm_tt_init(struct ttm_tt *ttm, struct ttm_bo_device *bdev, |
950 |
+ |
951 |
+ ttm_tt_alloc_page_directory(ttm); |
952 |
+ if (!ttm->pages) { |
953 |
+- ttm_tt_destroy(ttm); |
954 |
+ pr_err("Failed allocating page table\n"); |
955 |
+ return -ENOMEM; |
956 |
+ } |
957 |
+@@ -228,7 +227,6 @@ int ttm_dma_tt_init(struct ttm_dma_tt *ttm_dma, struct ttm_bo_device *bdev, |
958 |
+ INIT_LIST_HEAD(&ttm_dma->pages_list); |
959 |
+ ttm_dma_tt_alloc_page_directory(ttm_dma); |
960 |
+ if (!ttm->pages) { |
961 |
+- ttm_tt_destroy(ttm); |
962 |
+ pr_err("Failed allocating page table\n"); |
963 |
+ return -ENOMEM; |
964 |
+ } |
965 |
+diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c |
966 |
+index 149902619cbc8..0074091c27aa2 100644 |
967 |
+--- a/drivers/hid/hid-apple.c |
968 |
++++ b/drivers/hid/hid-apple.c |
969 |
+@@ -390,7 +390,7 @@ static int apple_input_configured(struct hid_device *hdev, |
970 |
+ |
971 |
+ if ((asc->quirks & APPLE_HAS_FN) && !asc->fn_found) { |
972 |
+ hid_info(hdev, "Fn key not found (Apple Wireless Keyboard clone?), disabling Fn key handling\n"); |
973 |
+- asc->quirks = 0; |
974 |
++ asc->quirks &= ~APPLE_HAS_FN; |
975 |
+ } |
976 |
+ |
977 |
+ return 0; |
978 |
+diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c |
979 |
+index e60e41e775020..f7705a057f0f4 100644 |
980 |
+--- a/drivers/hid/uhid.c |
981 |
++++ b/drivers/hid/uhid.c |
982 |
+@@ -33,11 +33,22 @@ |
983 |
+ |
984 |
+ struct uhid_device { |
985 |
+ struct mutex devlock; |
986 |
++ |
987 |
++ /* This flag tracks whether the HID device is usable for commands from |
988 |
++ * userspace. The flag is already set before hid_add_device(), which |
989 |
++ * runs in workqueue context, to allow hid_add_device() to communicate |
990 |
++ * with userspace. |
991 |
++ * However, if hid_add_device() fails, the flag is cleared without |
992 |
++ * holding devlock. |
993 |
++ * We guarantee that if @running changes from true to false while you're |
994 |
++ * holding @devlock, it's still fine to access @hid. |
995 |
++ */ |
996 |
+ bool running; |
997 |
+ |
998 |
+ __u8 *rd_data; |
999 |
+ uint rd_size; |
1000 |
+ |
1001 |
++ /* When this is NULL, userspace may use UHID_CREATE/UHID_CREATE2. */ |
1002 |
+ struct hid_device *hid; |
1003 |
+ struct uhid_event input_buf; |
1004 |
+ |
1005 |
+@@ -68,9 +79,18 @@ static void uhid_device_add_worker(struct work_struct *work) |
1006 |
+ if (ret) { |
1007 |
+ hid_err(uhid->hid, "Cannot register HID device: error %d\n", ret); |
1008 |
+ |
1009 |
+- hid_destroy_device(uhid->hid); |
1010 |
+- uhid->hid = NULL; |
1011 |
++ /* We used to call hid_destroy_device() here, but that's really |
1012 |
++ * messy to get right because we have to coordinate with |
1013 |
++ * concurrent writes from userspace that might be in the middle |
1014 |
++ * of using uhid->hid. |
1015 |
++ * Just leave uhid->hid as-is for now, and clean it up when |
1016 |
++ * userspace tries to close or reinitialize the uhid instance. |
1017 |
++ * |
1018 |
++ * However, we do have to clear the ->running flag and do a |
1019 |
++ * wakeup to make sure userspace knows that the device is gone. |
1020 |
++ */ |
1021 |
+ uhid->running = false; |
1022 |
++ wake_up_interruptible(&uhid->report_wait); |
1023 |
+ } |
1024 |
+ } |
1025 |
+ |
1026 |
+@@ -479,7 +499,7 @@ static int uhid_dev_create2(struct uhid_device *uhid, |
1027 |
+ void *rd_data; |
1028 |
+ int ret; |
1029 |
+ |
1030 |
+- if (uhid->running) |
1031 |
++ if (uhid->hid) |
1032 |
+ return -EALREADY; |
1033 |
+ |
1034 |
+ rd_size = ev->u.create2.rd_size; |
1035 |
+@@ -560,7 +580,7 @@ static int uhid_dev_create(struct uhid_device *uhid, |
1036 |
+ |
1037 |
+ static int uhid_dev_destroy(struct uhid_device *uhid) |
1038 |
+ { |
1039 |
+- if (!uhid->running) |
1040 |
++ if (!uhid->hid) |
1041 |
+ return -EINVAL; |
1042 |
+ |
1043 |
+ uhid->running = false; |
1044 |
+@@ -569,6 +589,7 @@ static int uhid_dev_destroy(struct uhid_device *uhid) |
1045 |
+ cancel_work_sync(&uhid->worker); |
1046 |
+ |
1047 |
+ hid_destroy_device(uhid->hid); |
1048 |
++ uhid->hid = NULL; |
1049 |
+ kfree(uhid->rd_data); |
1050 |
+ |
1051 |
+ return 0; |
1052 |
+diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c |
1053 |
+index fbf14a14bdd43..bfce62dbe0ace 100644 |
1054 |
+--- a/drivers/hid/wacom_wac.c |
1055 |
++++ b/drivers/hid/wacom_wac.c |
1056 |
+@@ -1693,6 +1693,10 @@ static void wacom_wac_finger_pre_report(struct hid_device *hdev, |
1057 |
+ struct hid_data* hid_data = &wacom_wac->hid_data; |
1058 |
+ int i; |
1059 |
+ |
1060 |
++ hid_data->cc_report = 0; |
1061 |
++ hid_data->cc_index = -1; |
1062 |
++ hid_data->cc_value_index = -1; |
1063 |
++ |
1064 |
+ for (i = 0; i < report->maxfield; i++) { |
1065 |
+ struct hid_field *field = report->field[i]; |
1066 |
+ int j; |
1067 |
+diff --git a/drivers/hsi/hsi_core.c b/drivers/hsi/hsi_core.c |
1068 |
+index e9d63b966caff..4a9fd745b8cb4 100644 |
1069 |
+--- a/drivers/hsi/hsi_core.c |
1070 |
++++ b/drivers/hsi/hsi_core.c |
1071 |
+@@ -115,6 +115,7 @@ struct hsi_client *hsi_new_client(struct hsi_port *port, |
1072 |
+ if (device_register(&cl->device) < 0) { |
1073 |
+ pr_err("hsi: failed to register client: %s\n", info->name); |
1074 |
+ put_device(&cl->device); |
1075 |
++ goto err; |
1076 |
+ } |
1077 |
+ |
1078 |
+ return cl; |
1079 |
+diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c |
1080 |
+index 96f8230cd2d33..5c32a7ef476da 100644 |
1081 |
+--- a/drivers/i2c/busses/i2c-designware-pcidrv.c |
1082 |
++++ b/drivers/i2c/busses/i2c-designware-pcidrv.c |
1083 |
+@@ -49,10 +49,10 @@ enum dw_pci_ctl_id_t { |
1084 |
+ }; |
1085 |
+ |
1086 |
+ struct dw_scl_sda_cfg { |
1087 |
+- u32 ss_hcnt; |
1088 |
+- u32 fs_hcnt; |
1089 |
+- u32 ss_lcnt; |
1090 |
+- u32 fs_lcnt; |
1091 |
++ u16 ss_hcnt; |
1092 |
++ u16 fs_hcnt; |
1093 |
++ u16 ss_lcnt; |
1094 |
++ u16 fs_lcnt; |
1095 |
+ u32 sda_hold; |
1096 |
+ }; |
1097 |
+ |
1098 |
+diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c |
1099 |
+index 0e04b27e3158d..b577c64f3b3ec 100644 |
1100 |
+--- a/drivers/i2c/busses/i2c-i801.c |
1101 |
++++ b/drivers/i2c/busses/i2c-i801.c |
1102 |
+@@ -762,6 +762,11 @@ static int i801_block_transaction(struct i801_priv *priv, |
1103 |
+ int result = 0; |
1104 |
+ unsigned char hostc; |
1105 |
+ |
1106 |
++ if (read_write == I2C_SMBUS_READ && command == I2C_SMBUS_BLOCK_DATA) |
1107 |
++ data->block[0] = I2C_SMBUS_BLOCK_MAX; |
1108 |
++ else if (data->block[0] < 1 || data->block[0] > I2C_SMBUS_BLOCK_MAX) |
1109 |
++ return -EPROTO; |
1110 |
++ |
1111 |
+ if (command == I2C_SMBUS_I2C_BLOCK_DATA) { |
1112 |
+ if (read_write == I2C_SMBUS_WRITE) { |
1113 |
+ /* set I2C_EN bit in configuration register */ |
1114 |
+@@ -775,16 +780,6 @@ static int i801_block_transaction(struct i801_priv *priv, |
1115 |
+ } |
1116 |
+ } |
1117 |
+ |
1118 |
+- if (read_write == I2C_SMBUS_WRITE |
1119 |
+- || command == I2C_SMBUS_I2C_BLOCK_DATA) { |
1120 |
+- if (data->block[0] < 1) |
1121 |
+- data->block[0] = 1; |
1122 |
+- if (data->block[0] > I2C_SMBUS_BLOCK_MAX) |
1123 |
+- data->block[0] = I2C_SMBUS_BLOCK_MAX; |
1124 |
+- } else { |
1125 |
+- data->block[0] = 32; /* max for SMBus block reads */ |
1126 |
+- } |
1127 |
+- |
1128 |
+ /* Experience has shown that the block buffer can only be used for |
1129 |
+ SMBus (not I2C) block transactions, even though the datasheet |
1130 |
+ doesn't mention this limitation. */ |
1131 |
+diff --git a/drivers/i2c/busses/i2c-mpc.c b/drivers/i2c/busses/i2c-mpc.c |
1132 |
+index 90e4f839eb1cb..d153fc28e6bfb 100644 |
1133 |
+--- a/drivers/i2c/busses/i2c-mpc.c |
1134 |
++++ b/drivers/i2c/busses/i2c-mpc.c |
1135 |
+@@ -107,23 +107,30 @@ static irqreturn_t mpc_i2c_isr(int irq, void *dev_id) |
1136 |
+ /* Sometimes 9th clock pulse isn't generated, and slave doesn't release |
1137 |
+ * the bus, because it wants to send ACK. |
1138 |
+ * Following sequence of enabling/disabling and sending start/stop generates |
1139 |
+- * the 9 pulses, so it's all OK. |
1140 |
++ * the 9 pulses, each with a START then ending with STOP, so it's all OK. |
1141 |
+ */ |
1142 |
+ static void mpc_i2c_fixup(struct mpc_i2c *i2c) |
1143 |
+ { |
1144 |
+ int k; |
1145 |
+- u32 delay_val = 1000000 / i2c->real_clk + 1; |
1146 |
+- |
1147 |
+- if (delay_val < 2) |
1148 |
+- delay_val = 2; |
1149 |
++ unsigned long flags; |
1150 |
+ |
1151 |
+ for (k = 9; k; k--) { |
1152 |
+ writeccr(i2c, 0); |
1153 |
+- writeccr(i2c, CCR_MSTA | CCR_MTX | CCR_MEN); |
1154 |
++ writeb(0, i2c->base + MPC_I2C_SR); /* clear any status bits */ |
1155 |
++ writeccr(i2c, CCR_MEN | CCR_MSTA); /* START */ |
1156 |
++ readb(i2c->base + MPC_I2C_DR); /* init xfer */ |
1157 |
++ udelay(15); /* let it hit the bus */ |
1158 |
++ local_irq_save(flags); /* should not be delayed further */ |
1159 |
++ writeccr(i2c, CCR_MEN | CCR_MSTA | CCR_RSTA); /* delay SDA */ |
1160 |
+ readb(i2c->base + MPC_I2C_DR); |
1161 |
+- writeccr(i2c, CCR_MEN); |
1162 |
+- udelay(delay_val << 1); |
1163 |
++ if (k != 1) |
1164 |
++ udelay(5); |
1165 |
++ local_irq_restore(flags); |
1166 |
+ } |
1167 |
++ writeccr(i2c, CCR_MEN); /* Initiate STOP */ |
1168 |
++ readb(i2c->base + MPC_I2C_DR); |
1169 |
++ udelay(15); /* Let STOP propagate */ |
1170 |
++ writeccr(i2c, 0); |
1171 |
+ } |
1172 |
+ |
1173 |
+ static int i2c_wait(struct mpc_i2c *i2c, unsigned timeout, int writing) |
1174 |
+diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c |
1175 |
+index 4b947d5cafe28..c5c175b72f21e 100644 |
1176 |
+--- a/drivers/infiniband/core/device.c |
1177 |
++++ b/drivers/infiniband/core/device.c |
1178 |
+@@ -870,7 +870,8 @@ int ib_find_gid(struct ib_device *device, union ib_gid *gid, |
1179 |
+ for (i = 0; i < device->port_immutable[port].gid_tbl_len; ++i) { |
1180 |
+ ret = ib_query_gid(device, port, i, &tmp_gid, NULL); |
1181 |
+ if (ret) |
1182 |
+- return ret; |
1183 |
++ continue; |
1184 |
++ |
1185 |
+ if (!memcmp(&tmp_gid, gid, sizeof *gid)) { |
1186 |
+ *port_num = port; |
1187 |
+ if (index) |
1188 |
+diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c |
1189 |
+index 87bc7b0db892b..2eeac8401c927 100644 |
1190 |
+--- a/drivers/infiniband/hw/cxgb4/qp.c |
1191 |
++++ b/drivers/infiniband/hw/cxgb4/qp.c |
1192 |
+@@ -1974,6 +1974,7 @@ int c4iw_ib_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, |
1193 |
+ memset(attr, 0, sizeof *attr); |
1194 |
+ memset(init_attr, 0, sizeof *init_attr); |
1195 |
+ attr->qp_state = to_ib_qp_state(qhp->attr.state); |
1196 |
++ attr->cur_qp_state = to_ib_qp_state(qhp->attr.state); |
1197 |
+ init_attr->cap.max_send_wr = qhp->attr.sq_num_entries; |
1198 |
+ init_attr->cap.max_recv_wr = qhp->attr.rq_num_entries; |
1199 |
+ init_attr->cap.max_send_sge = qhp->attr.sq_max_sges; |
1200 |
+diff --git a/drivers/infiniband/hw/hns/hns_roce_main.c b/drivers/infiniband/hw/hns/hns_roce_main.c |
1201 |
+index 764e35a54457e..0aa2400db8fa0 100644 |
1202 |
+--- a/drivers/infiniband/hw/hns/hns_roce_main.c |
1203 |
++++ b/drivers/infiniband/hw/hns/hns_roce_main.c |
1204 |
+@@ -475,6 +475,9 @@ static int hns_roce_query_gid(struct ib_device *ib_dev, u8 port_num, int index, |
1205 |
+ static int hns_roce_query_pkey(struct ib_device *ib_dev, u8 port, u16 index, |
1206 |
+ u16 *pkey) |
1207 |
+ { |
1208 |
++ if (index > 0) |
1209 |
++ return -EINVAL; |
1210 |
++ |
1211 |
+ *pkey = PKEY_ID; |
1212 |
+ |
1213 |
+ return 0; |
1214 |
+@@ -553,7 +556,7 @@ static int hns_roce_mmap(struct ib_ucontext *context, |
1215 |
+ return -EINVAL; |
1216 |
+ |
1217 |
+ if (vma->vm_pgoff == 0) { |
1218 |
+- vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); |
1219 |
++ vma->vm_page_prot = pgprot_device(vma->vm_page_prot); |
1220 |
+ if (io_remap_pfn_range(vma, vma->vm_start, |
1221 |
+ to_hr_ucontext(context)->uar.pfn, |
1222 |
+ PAGE_SIZE, vma->vm_page_prot)) |
1223 |
+diff --git a/drivers/infiniband/sw/rxe/rxe_opcode.c b/drivers/infiniband/sw/rxe/rxe_opcode.c |
1224 |
+index 61927c165b598..e67ed9141cd8a 100644 |
1225 |
+--- a/drivers/infiniband/sw/rxe/rxe_opcode.c |
1226 |
++++ b/drivers/infiniband/sw/rxe/rxe_opcode.c |
1227 |
+@@ -137,7 +137,7 @@ struct rxe_opcode_info rxe_opcode[RXE_NUM_OPCODE] = { |
1228 |
+ } |
1229 |
+ }, |
1230 |
+ [IB_OPCODE_RC_SEND_MIDDLE] = { |
1231 |
+- .name = "IB_OPCODE_RC_SEND_MIDDLE]", |
1232 |
++ .name = "IB_OPCODE_RC_SEND_MIDDLE", |
1233 |
+ .mask = RXE_PAYLOAD_MASK | RXE_REQ_MASK | RXE_SEND_MASK |
1234 |
+ | RXE_MIDDLE_MASK, |
1235 |
+ .length = RXE_BTH_BYTES, |
1236 |
+diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c |
1237 |
+index 386215245dfe2..85273da5da206 100644 |
1238 |
+--- a/drivers/md/persistent-data/dm-btree.c |
1239 |
++++ b/drivers/md/persistent-data/dm-btree.c |
1240 |
+@@ -83,14 +83,16 @@ void inc_children(struct dm_transaction_manager *tm, struct btree_node *n, |
1241 |
+ } |
1242 |
+ |
1243 |
+ static int insert_at(size_t value_size, struct btree_node *node, unsigned index, |
1244 |
+- uint64_t key, void *value) |
1245 |
+- __dm_written_to_disk(value) |
1246 |
++ uint64_t key, void *value) |
1247 |
++ __dm_written_to_disk(value) |
1248 |
+ { |
1249 |
+ uint32_t nr_entries = le32_to_cpu(node->header.nr_entries); |
1250 |
++ uint32_t max_entries = le32_to_cpu(node->header.max_entries); |
1251 |
+ __le64 key_le = cpu_to_le64(key); |
1252 |
+ |
1253 |
+ if (index > nr_entries || |
1254 |
+- index >= le32_to_cpu(node->header.max_entries)) { |
1255 |
++ index >= max_entries || |
1256 |
++ nr_entries >= max_entries) { |
1257 |
+ DMERR("too many entries in btree node for insert"); |
1258 |
+ __dm_unbless_for_disk(value); |
1259 |
+ return -ENOMEM; |
1260 |
+diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c |
1261 |
+index ca09ad2a639c4..6fa4a68e78b0d 100644 |
1262 |
+--- a/drivers/md/persistent-data/dm-space-map-common.c |
1263 |
++++ b/drivers/md/persistent-data/dm-space-map-common.c |
1264 |
+@@ -279,6 +279,11 @@ int sm_ll_lookup_bitmap(struct ll_disk *ll, dm_block_t b, uint32_t *result) |
1265 |
+ struct disk_index_entry ie_disk; |
1266 |
+ struct dm_block *blk; |
1267 |
+ |
1268 |
++ if (b >= ll->nr_blocks) { |
1269 |
++ DMERR_LIMIT("metadata block out of bounds"); |
1270 |
++ return -EINVAL; |
1271 |
++ } |
1272 |
++ |
1273 |
+ b = do_div(index, ll->entries_per_block); |
1274 |
+ r = ll->load_ie(ll, index, &ie_disk); |
1275 |
+ if (r < 0) |
1276 |
+diff --git a/drivers/media/common/saa7146/saa7146_fops.c b/drivers/media/common/saa7146/saa7146_fops.c |
1277 |
+index 930d2c94d5d30..2c9365a39270a 100644 |
1278 |
+--- a/drivers/media/common/saa7146/saa7146_fops.c |
1279 |
++++ b/drivers/media/common/saa7146/saa7146_fops.c |
1280 |
+@@ -524,7 +524,7 @@ int saa7146_vv_init(struct saa7146_dev* dev, struct saa7146_ext_vv *ext_vv) |
1281 |
+ ERR("out of memory. aborting.\n"); |
1282 |
+ kfree(vv); |
1283 |
+ v4l2_ctrl_handler_free(hdl); |
1284 |
+- return -1; |
1285 |
++ return -ENOMEM; |
1286 |
+ } |
1287 |
+ |
1288 |
+ saa7146_video_uops.init(dev,vv); |
1289 |
+diff --git a/drivers/media/dvb-core/dmxdev.c b/drivers/media/dvb-core/dmxdev.c |
1290 |
+index 0418b5a0fb645..32a2e6ffdb097 100644 |
1291 |
+--- a/drivers/media/dvb-core/dmxdev.c |
1292 |
++++ b/drivers/media/dvb-core/dmxdev.c |
1293 |
+@@ -1225,7 +1225,7 @@ static const struct dvb_device dvbdev_dvr = { |
1294 |
+ }; |
1295 |
+ int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter) |
1296 |
+ { |
1297 |
+- int i; |
1298 |
++ int i, ret; |
1299 |
+ |
1300 |
+ if (dmxdev->demux->open(dmxdev->demux) < 0) |
1301 |
+ return -EUSERS; |
1302 |
+@@ -1243,14 +1243,26 @@ int dvb_dmxdev_init(struct dmxdev *dmxdev, struct dvb_adapter *dvb_adapter) |
1303 |
+ DMXDEV_STATE_FREE); |
1304 |
+ } |
1305 |
+ |
1306 |
+- dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev, |
1307 |
++ ret = dvb_register_device(dvb_adapter, &dmxdev->dvbdev, &dvbdev_demux, dmxdev, |
1308 |
+ DVB_DEVICE_DEMUX, dmxdev->filternum); |
1309 |
+- dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr, |
1310 |
++ if (ret < 0) |
1311 |
++ goto err_register_dvbdev; |
1312 |
++ |
1313 |
++ ret = dvb_register_device(dvb_adapter, &dmxdev->dvr_dvbdev, &dvbdev_dvr, |
1314 |
+ dmxdev, DVB_DEVICE_DVR, dmxdev->filternum); |
1315 |
++ if (ret < 0) |
1316 |
++ goto err_register_dvr_dvbdev; |
1317 |
+ |
1318 |
+ dvb_ringbuffer_init(&dmxdev->dvr_buffer, NULL, 8192); |
1319 |
+ |
1320 |
+ return 0; |
1321 |
++ |
1322 |
++err_register_dvr_dvbdev: |
1323 |
++ dvb_unregister_device(dmxdev->dvbdev); |
1324 |
++err_register_dvbdev: |
1325 |
++ vfree(dmxdev->filter); |
1326 |
++ dmxdev->filter = NULL; |
1327 |
++ return ret; |
1328 |
+ } |
1329 |
+ |
1330 |
+ EXPORT_SYMBOL(dvb_dmxdev_init); |
1331 |
+diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c |
1332 |
+index ddf9c44877a25..ea2eab2d5be91 100644 |
1333 |
+--- a/drivers/media/dvb-frontends/dib8000.c |
1334 |
++++ b/drivers/media/dvb-frontends/dib8000.c |
1335 |
+@@ -4462,8 +4462,10 @@ static struct dvb_frontend *dib8000_init(struct i2c_adapter *i2c_adap, u8 i2c_ad |
1336 |
+ |
1337 |
+ state->timf_default = cfg->pll->timf; |
1338 |
+ |
1339 |
+- if (dib8000_identify(&state->i2c) == 0) |
1340 |
++ if (dib8000_identify(&state->i2c) == 0) { |
1341 |
++ kfree(fe); |
1342 |
+ goto error; |
1343 |
++ } |
1344 |
+ |
1345 |
+ dibx000_init_i2c_master(&state->i2c_master, DIB8000, state->i2c.adap, state->i2c.addr); |
1346 |
+ |
1347 |
+diff --git a/drivers/media/pci/b2c2/flexcop-pci.c b/drivers/media/pci/b2c2/flexcop-pci.c |
1348 |
+index 4cac1fc233f28..98e94cd8bfad7 100644 |
1349 |
+--- a/drivers/media/pci/b2c2/flexcop-pci.c |
1350 |
++++ b/drivers/media/pci/b2c2/flexcop-pci.c |
1351 |
+@@ -184,6 +184,8 @@ static irqreturn_t flexcop_pci_isr(int irq, void *dev_id) |
1352 |
+ dma_addr_t cur_addr = |
1353 |
+ fc->read_ibi_reg(fc,dma1_008).dma_0x8.dma_cur_addr << 2; |
1354 |
+ u32 cur_pos = cur_addr - fc_pci->dma[0].dma_addr0; |
1355 |
++ if (cur_pos > fc_pci->dma[0].size * 2) |
1356 |
++ goto error; |
1357 |
+ |
1358 |
+ deb_irq("%u irq: %08x cur_addr: %llx: cur_pos: %08x, " |
1359 |
+ "last_cur_pos: %08x ", |
1360 |
+@@ -225,6 +227,7 @@ static irqreturn_t flexcop_pci_isr(int irq, void *dev_id) |
1361 |
+ ret = IRQ_NONE; |
1362 |
+ } |
1363 |
+ |
1364 |
++error: |
1365 |
+ spin_unlock_irqrestore(&fc_pci->irq_lock, flags); |
1366 |
+ return ret; |
1367 |
+ } |
1368 |
+diff --git a/drivers/media/pci/saa7146/hexium_gemini.c b/drivers/media/pci/saa7146/hexium_gemini.c |
1369 |
+index be85a2c4318e7..be91a2de81dcc 100644 |
1370 |
+--- a/drivers/media/pci/saa7146/hexium_gemini.c |
1371 |
++++ b/drivers/media/pci/saa7146/hexium_gemini.c |
1372 |
+@@ -296,7 +296,12 @@ static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_d |
1373 |
+ hexium_set_input(hexium, 0); |
1374 |
+ hexium->cur_input = 0; |
1375 |
+ |
1376 |
+- saa7146_vv_init(dev, &vv_data); |
1377 |
++ ret = saa7146_vv_init(dev, &vv_data); |
1378 |
++ if (ret) { |
1379 |
++ i2c_del_adapter(&hexium->i2c_adapter); |
1380 |
++ kfree(hexium); |
1381 |
++ return ret; |
1382 |
++ } |
1383 |
+ |
1384 |
+ vv_data.vid_ops.vidioc_enum_input = vidioc_enum_input; |
1385 |
+ vv_data.vid_ops.vidioc_g_input = vidioc_g_input; |
1386 |
+diff --git a/drivers/media/pci/saa7146/hexium_orion.c b/drivers/media/pci/saa7146/hexium_orion.c |
1387 |
+index dc07ca37ebd06..e8e96c7a57844 100644 |
1388 |
+--- a/drivers/media/pci/saa7146/hexium_orion.c |
1389 |
++++ b/drivers/media/pci/saa7146/hexium_orion.c |
1390 |
+@@ -366,10 +366,16 @@ static struct saa7146_ext_vv vv_data; |
1391 |
+ static int hexium_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info) |
1392 |
+ { |
1393 |
+ struct hexium *hexium = (struct hexium *) dev->ext_priv; |
1394 |
++ int ret; |
1395 |
+ |
1396 |
+ DEB_EE("\n"); |
1397 |
+ |
1398 |
+- saa7146_vv_init(dev, &vv_data); |
1399 |
++ ret = saa7146_vv_init(dev, &vv_data); |
1400 |
++ if (ret) { |
1401 |
++ pr_err("Error in saa7146_vv_init()\n"); |
1402 |
++ return ret; |
1403 |
++ } |
1404 |
++ |
1405 |
+ vv_data.vid_ops.vidioc_enum_input = vidioc_enum_input; |
1406 |
+ vv_data.vid_ops.vidioc_g_input = vidioc_g_input; |
1407 |
+ vv_data.vid_ops.vidioc_s_input = vidioc_s_input; |
1408 |
+diff --git a/drivers/media/pci/saa7146/mxb.c b/drivers/media/pci/saa7146/mxb.c |
1409 |
+index 3e8753c9e1e47..849c2a1d09f99 100644 |
1410 |
+--- a/drivers/media/pci/saa7146/mxb.c |
1411 |
++++ b/drivers/media/pci/saa7146/mxb.c |
1412 |
+@@ -694,10 +694,16 @@ static struct saa7146_ext_vv vv_data; |
1413 |
+ static int mxb_attach(struct saa7146_dev *dev, struct saa7146_pci_extension_data *info) |
1414 |
+ { |
1415 |
+ struct mxb *mxb; |
1416 |
++ int ret; |
1417 |
+ |
1418 |
+ DEB_EE("dev:%p\n", dev); |
1419 |
+ |
1420 |
+- saa7146_vv_init(dev, &vv_data); |
1421 |
++ ret = saa7146_vv_init(dev, &vv_data); |
1422 |
++ if (ret) { |
1423 |
++ ERR("Error in saa7146_vv_init()"); |
1424 |
++ return ret; |
1425 |
++ } |
1426 |
++ |
1427 |
+ if (mxb_probe(dev)) { |
1428 |
+ saa7146_vv_release(dev); |
1429 |
+ return -1; |
1430 |
+diff --git a/drivers/media/rc/igorplugusb.c b/drivers/media/rc/igorplugusb.c |
1431 |
+index 5cf983be07a20..0f4c4c39bf6da 100644 |
1432 |
+--- a/drivers/media/rc/igorplugusb.c |
1433 |
++++ b/drivers/media/rc/igorplugusb.c |
1434 |
+@@ -73,9 +73,11 @@ static void igorplugusb_irdata(struct igorplugusb *ir, unsigned len) |
1435 |
+ if (start >= len) { |
1436 |
+ dev_err(ir->dev, "receive overflow invalid: %u", overflow); |
1437 |
+ } else { |
1438 |
+- if (overflow > 0) |
1439 |
++ if (overflow > 0) { |
1440 |
+ dev_warn(ir->dev, "receive overflow, at least %u lost", |
1441 |
+ overflow); |
1442 |
++ ir_raw_event_reset(ir->rc); |
1443 |
++ } |
1444 |
+ |
1445 |
+ do { |
1446 |
+ rawir.duration = ir->buf_in[i] * 85333; |
1447 |
+diff --git a/drivers/media/rc/mceusb.c b/drivers/media/rc/mceusb.c |
1448 |
+index b78d70685b1c3..49122f442b872 100644 |
1449 |
+--- a/drivers/media/rc/mceusb.c |
1450 |
++++ b/drivers/media/rc/mceusb.c |
1451 |
+@@ -1129,7 +1129,7 @@ static void mceusb_gen1_init(struct mceusb_dev *ir) |
1452 |
+ */ |
1453 |
+ ret = usb_control_msg(ir->usbdev, usb_rcvctrlpipe(ir->usbdev, 0), |
1454 |
+ USB_REQ_SET_ADDRESS, USB_TYPE_VENDOR, 0, 0, |
1455 |
+- data, USB_CTRL_MSG_SZ, HZ * 3); |
1456 |
++ data, USB_CTRL_MSG_SZ, 3000); |
1457 |
+ dev_dbg(dev, "set address - ret = %d", ret); |
1458 |
+ dev_dbg(dev, "set address - data[0] = %d, data[1] = %d", |
1459 |
+ data[0], data[1]); |
1460 |
+@@ -1137,20 +1137,20 @@ static void mceusb_gen1_init(struct mceusb_dev *ir) |
1461 |
+ /* set feature: bit rate 38400 bps */ |
1462 |
+ ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0), |
1463 |
+ USB_REQ_SET_FEATURE, USB_TYPE_VENDOR, |
1464 |
+- 0xc04e, 0x0000, NULL, 0, HZ * 3); |
1465 |
++ 0xc04e, 0x0000, NULL, 0, 3000); |
1466 |
+ |
1467 |
+ dev_dbg(dev, "set feature - ret = %d", ret); |
1468 |
+ |
1469 |
+ /* bRequest 4: set char length to 8 bits */ |
1470 |
+ ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0), |
1471 |
+ 4, USB_TYPE_VENDOR, |
1472 |
+- 0x0808, 0x0000, NULL, 0, HZ * 3); |
1473 |
++ 0x0808, 0x0000, NULL, 0, 3000); |
1474 |
+ dev_dbg(dev, "set char length - retB = %d", ret); |
1475 |
+ |
1476 |
+ /* bRequest 2: set handshaking to use DTR/DSR */ |
1477 |
+ ret = usb_control_msg(ir->usbdev, usb_sndctrlpipe(ir->usbdev, 0), |
1478 |
+ 2, USB_TYPE_VENDOR, |
1479 |
+- 0x0000, 0x0100, NULL, 0, HZ * 3); |
1480 |
++ 0x0000, 0x0100, NULL, 0, 3000); |
1481 |
+ dev_dbg(dev, "set handshake - retC = %d", ret); |
1482 |
+ |
1483 |
+ /* device resume */ |
1484 |
+diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c |
1485 |
+index 05ba47bc0b613..5f3c1c204f643 100644 |
1486 |
+--- a/drivers/media/rc/redrat3.c |
1487 |
++++ b/drivers/media/rc/redrat3.c |
1488 |
+@@ -427,7 +427,7 @@ static int redrat3_send_cmd(int cmd, struct redrat3_dev *rr3) |
1489 |
+ udev = rr3->udev; |
1490 |
+ res = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), cmd, |
1491 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, |
1492 |
+- 0x0000, 0x0000, data, sizeof(u8), HZ * 10); |
1493 |
++ 0x0000, 0x0000, data, sizeof(u8), 10000); |
1494 |
+ |
1495 |
+ if (res < 0) { |
1496 |
+ dev_err(rr3->dev, "%s: Error sending rr3 cmd res %d, data %d", |
1497 |
+@@ -493,7 +493,7 @@ static u32 redrat3_get_timeout(struct redrat3_dev *rr3) |
1498 |
+ pipe = usb_rcvctrlpipe(rr3->udev, 0); |
1499 |
+ ret = usb_control_msg(rr3->udev, pipe, RR3_GET_IR_PARAM, |
1500 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, |
1501 |
+- RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, HZ * 5); |
1502 |
++ RR3_IR_IO_SIG_TIMEOUT, 0, tmp, len, 5000); |
1503 |
+ if (ret != len) |
1504 |
+ dev_warn(rr3->dev, "Failed to read timeout from hardware\n"); |
1505 |
+ else { |
1506 |
+@@ -523,7 +523,7 @@ static int redrat3_set_timeout(struct rc_dev *rc_dev, unsigned int timeoutns) |
1507 |
+ ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), RR3_SET_IR_PARAM, |
1508 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, |
1509 |
+ RR3_IR_IO_SIG_TIMEOUT, 0, timeout, sizeof(*timeout), |
1510 |
+- HZ * 25); |
1511 |
++ 25000); |
1512 |
+ dev_dbg(dev, "set ir parm timeout %d ret 0x%02x\n", |
1513 |
+ be32_to_cpu(*timeout), ret); |
1514 |
+ |
1515 |
+@@ -557,32 +557,32 @@ static void redrat3_reset(struct redrat3_dev *rr3) |
1516 |
+ *val = 0x01; |
1517 |
+ rc = usb_control_msg(udev, rxpipe, RR3_RESET, |
1518 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, |
1519 |
+- RR3_CPUCS_REG_ADDR, 0, val, len, HZ * 25); |
1520 |
++ RR3_CPUCS_REG_ADDR, 0, val, len, 25000); |
1521 |
+ dev_dbg(dev, "reset returned 0x%02x\n", rc); |
1522 |
+ |
1523 |
+ *val = length_fuzz; |
1524 |
+ rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, |
1525 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, |
1526 |
+- RR3_IR_IO_LENGTH_FUZZ, 0, val, len, HZ * 25); |
1527 |
++ RR3_IR_IO_LENGTH_FUZZ, 0, val, len, 25000); |
1528 |
+ dev_dbg(dev, "set ir parm len fuzz %d rc 0x%02x\n", *val, rc); |
1529 |
+ |
1530 |
+ *val = (65536 - (minimum_pause * 2000)) / 256; |
1531 |
+ rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, |
1532 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, |
1533 |
+- RR3_IR_IO_MIN_PAUSE, 0, val, len, HZ * 25); |
1534 |
++ RR3_IR_IO_MIN_PAUSE, 0, val, len, 25000); |
1535 |
+ dev_dbg(dev, "set ir parm min pause %d rc 0x%02x\n", *val, rc); |
1536 |
+ |
1537 |
+ *val = periods_measure_carrier; |
1538 |
+ rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, |
1539 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, |
1540 |
+- RR3_IR_IO_PERIODS_MF, 0, val, len, HZ * 25); |
1541 |
++ RR3_IR_IO_PERIODS_MF, 0, val, len, 25000); |
1542 |
+ dev_dbg(dev, "set ir parm periods measure carrier %d rc 0x%02x", *val, |
1543 |
+ rc); |
1544 |
+ |
1545 |
+ *val = RR3_DRIVER_MAXLENS; |
1546 |
+ rc = usb_control_msg(udev, txpipe, RR3_SET_IR_PARAM, |
1547 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT, |
1548 |
+- RR3_IR_IO_MAX_LENGTHS, 0, val, len, HZ * 25); |
1549 |
++ RR3_IR_IO_MAX_LENGTHS, 0, val, len, 25000); |
1550 |
+ dev_dbg(dev, "set ir parm max lens %d rc 0x%02x\n", *val, rc); |
1551 |
+ |
1552 |
+ kfree(val); |
1553 |
+@@ -602,7 +602,7 @@ static void redrat3_get_firmware_rev(struct redrat3_dev *rr3) |
1554 |
+ rc = usb_control_msg(rr3->udev, usb_rcvctrlpipe(rr3->udev, 0), |
1555 |
+ RR3_FW_VERSION, |
1556 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, |
1557 |
+- 0, 0, buffer, RR3_FW_VERSION_LEN, HZ * 5); |
1558 |
++ 0, 0, buffer, RR3_FW_VERSION_LEN, 5000); |
1559 |
+ |
1560 |
+ if (rc >= 0) |
1561 |
+ dev_info(rr3->dev, "Firmware rev: %s", buffer); |
1562 |
+@@ -842,14 +842,14 @@ static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, |
1563 |
+ |
1564 |
+ pipe = usb_sndbulkpipe(rr3->udev, rr3->ep_out->bEndpointAddress); |
1565 |
+ ret = usb_bulk_msg(rr3->udev, pipe, irdata, |
1566 |
+- sendbuf_len, &ret_len, 10 * HZ); |
1567 |
++ sendbuf_len, &ret_len, 10000); |
1568 |
+ dev_dbg(dev, "sent %d bytes, (ret %d)\n", ret_len, ret); |
1569 |
+ |
1570 |
+ /* now tell the hardware to transmit what we sent it */ |
1571 |
+ pipe = usb_rcvctrlpipe(rr3->udev, 0); |
1572 |
+ ret = usb_control_msg(rr3->udev, pipe, RR3_TX_SEND_SIGNAL, |
1573 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, |
1574 |
+- 0, 0, irdata, 2, HZ * 10); |
1575 |
++ 0, 0, irdata, 2, 10000); |
1576 |
+ |
1577 |
+ if (ret < 0) |
1578 |
+ dev_err(dev, "Error: control msg send failed, rc %d\n", ret); |
1579 |
+diff --git a/drivers/media/tuners/msi001.c b/drivers/media/tuners/msi001.c |
1580 |
+index 3a12ef35682b5..64d98517f470f 100644 |
1581 |
+--- a/drivers/media/tuners/msi001.c |
1582 |
++++ b/drivers/media/tuners/msi001.c |
1583 |
+@@ -464,6 +464,13 @@ static int msi001_probe(struct spi_device *spi) |
1584 |
+ V4L2_CID_RF_TUNER_BANDWIDTH_AUTO, 0, 1, 1, 1); |
1585 |
+ dev->bandwidth = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops, |
1586 |
+ V4L2_CID_RF_TUNER_BANDWIDTH, 200000, 8000000, 1, 200000); |
1587 |
++ if (dev->hdl.error) { |
1588 |
++ ret = dev->hdl.error; |
1589 |
++ dev_err(&spi->dev, "Could not initialize controls\n"); |
1590 |
++ /* control init failed, free handler */ |
1591 |
++ goto err_ctrl_handler_free; |
1592 |
++ } |
1593 |
++ |
1594 |
+ v4l2_ctrl_auto_cluster(2, &dev->bandwidth_auto, 0, false); |
1595 |
+ dev->lna_gain = v4l2_ctrl_new_std(&dev->hdl, &msi001_ctrl_ops, |
1596 |
+ V4L2_CID_RF_TUNER_LNA_GAIN, 0, 1, 1, 1); |
1597 |
+diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c |
1598 |
+index 72a47da0db2ae..e56837414e2c7 100644 |
1599 |
+--- a/drivers/media/tuners/si2157.c |
1600 |
++++ b/drivers/media/tuners/si2157.c |
1601 |
+@@ -89,7 +89,7 @@ static int si2157_init(struct dvb_frontend *fe) |
1602 |
+ dev_dbg(&client->dev, "\n"); |
1603 |
+ |
1604 |
+ /* Try to get Xtal trim property, to verify tuner still running */ |
1605 |
+- memcpy(cmd.args, "\x15\x00\x04\x02", 4); |
1606 |
++ memcpy(cmd.args, "\x15\x00\x02\x04", 4); |
1607 |
+ cmd.wlen = 4; |
1608 |
+ cmd.rlen = 4; |
1609 |
+ ret = si2157_cmd_execute(client, &cmd); |
1610 |
+diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c |
1611 |
+index a93fc1839e139..3d6e991df9261 100644 |
1612 |
+--- a/drivers/media/usb/b2c2/flexcop-usb.c |
1613 |
++++ b/drivers/media/usb/b2c2/flexcop-usb.c |
1614 |
+@@ -87,7 +87,7 @@ static int flexcop_usb_readwrite_dw(struct flexcop_device *fc, u16 wRegOffsPCI, |
1615 |
+ 0, |
1616 |
+ fc_usb->data, |
1617 |
+ sizeof(u32), |
1618 |
+- B2C2_WAIT_FOR_OPERATION_RDW * HZ); |
1619 |
++ B2C2_WAIT_FOR_OPERATION_RDW); |
1620 |
+ |
1621 |
+ if (ret != sizeof(u32)) { |
1622 |
+ err("error while %s dword from %d (%d).", read ? "reading" : |
1623 |
+@@ -155,7 +155,7 @@ static int flexcop_usb_v8_memory_req(struct flexcop_usb *fc_usb, |
1624 |
+ wIndex, |
1625 |
+ fc_usb->data, |
1626 |
+ buflen, |
1627 |
+- nWaitTime * HZ); |
1628 |
++ nWaitTime); |
1629 |
+ if (ret != buflen) |
1630 |
+ ret = -EIO; |
1631 |
+ |
1632 |
+@@ -249,13 +249,13 @@ static int flexcop_usb_i2c_req(struct flexcop_i2c_adapter *i2c, |
1633 |
+ /* DKT 020208 - add this to support special case of DiSEqC */ |
1634 |
+ case USB_FUNC_I2C_CHECKWRITE: |
1635 |
+ pipe = B2C2_USB_CTRL_PIPE_OUT; |
1636 |
+- nWaitTime = 2; |
1637 |
++ nWaitTime = 2000; |
1638 |
+ request_type |= USB_DIR_OUT; |
1639 |
+ break; |
1640 |
+ case USB_FUNC_I2C_READ: |
1641 |
+ case USB_FUNC_I2C_REPEATREAD: |
1642 |
+ pipe = B2C2_USB_CTRL_PIPE_IN; |
1643 |
+- nWaitTime = 2; |
1644 |
++ nWaitTime = 2000; |
1645 |
+ request_type |= USB_DIR_IN; |
1646 |
+ break; |
1647 |
+ default: |
1648 |
+@@ -282,7 +282,7 @@ static int flexcop_usb_i2c_req(struct flexcop_i2c_adapter *i2c, |
1649 |
+ wIndex, |
1650 |
+ fc_usb->data, |
1651 |
+ buflen, |
1652 |
+- nWaitTime * HZ); |
1653 |
++ nWaitTime); |
1654 |
+ |
1655 |
+ if (ret != buflen) |
1656 |
+ ret = -EIO; |
1657 |
+diff --git a/drivers/media/usb/b2c2/flexcop-usb.h b/drivers/media/usb/b2c2/flexcop-usb.h |
1658 |
+index 25ad43166e78c..247c7dbc8a619 100644 |
1659 |
+--- a/drivers/media/usb/b2c2/flexcop-usb.h |
1660 |
++++ b/drivers/media/usb/b2c2/flexcop-usb.h |
1661 |
+@@ -90,13 +90,13 @@ typedef enum { |
1662 |
+ UTILITY_SRAM_TESTVERIFY = 0x16, |
1663 |
+ } flexcop_usb_utility_function_t; |
1664 |
+ |
1665 |
+-#define B2C2_WAIT_FOR_OPERATION_RW (1*HZ) |
1666 |
+-#define B2C2_WAIT_FOR_OPERATION_RDW (3*HZ) |
1667 |
+-#define B2C2_WAIT_FOR_OPERATION_WDW (1*HZ) |
1668 |
++#define B2C2_WAIT_FOR_OPERATION_RW 1000 |
1669 |
++#define B2C2_WAIT_FOR_OPERATION_RDW 3000 |
1670 |
++#define B2C2_WAIT_FOR_OPERATION_WDW 1000 |
1671 |
+ |
1672 |
+-#define B2C2_WAIT_FOR_OPERATION_V8READ (3*HZ) |
1673 |
+-#define B2C2_WAIT_FOR_OPERATION_V8WRITE (3*HZ) |
1674 |
+-#define B2C2_WAIT_FOR_OPERATION_V8FLASH (3*HZ) |
1675 |
++#define B2C2_WAIT_FOR_OPERATION_V8READ 3000 |
1676 |
++#define B2C2_WAIT_FOR_OPERATION_V8WRITE 3000 |
1677 |
++#define B2C2_WAIT_FOR_OPERATION_V8FLASH 3000 |
1678 |
+ |
1679 |
+ typedef enum { |
1680 |
+ V8_MEMORY_PAGE_DVB_CI = 0x20, |
1681 |
+diff --git a/drivers/media/usb/cpia2/cpia2_usb.c b/drivers/media/usb/cpia2/cpia2_usb.c |
1682 |
+index 4f4a130f17af3..447d6a52af3b8 100644 |
1683 |
+--- a/drivers/media/usb/cpia2/cpia2_usb.c |
1684 |
++++ b/drivers/media/usb/cpia2/cpia2_usb.c |
1685 |
+@@ -565,7 +565,7 @@ static int write_packet(struct usb_device *udev, |
1686 |
+ 0, /* index */ |
1687 |
+ buf, /* buffer */ |
1688 |
+ size, |
1689 |
+- HZ); |
1690 |
++ 1000); |
1691 |
+ |
1692 |
+ kfree(buf); |
1693 |
+ return ret; |
1694 |
+@@ -597,7 +597,7 @@ static int read_packet(struct usb_device *udev, |
1695 |
+ 0, /* index */ |
1696 |
+ buf, /* buffer */ |
1697 |
+ size, |
1698 |
+- HZ); |
1699 |
++ 1000); |
1700 |
+ |
1701 |
+ if (ret >= 0) |
1702 |
+ memcpy(registers, buf, size); |
1703 |
+diff --git a/drivers/media/usb/dvb-usb/dib0700_core.c b/drivers/media/usb/dvb-usb/dib0700_core.c |
1704 |
+index 4a5ea74c91d45..1b56824fbe51e 100644 |
1705 |
+--- a/drivers/media/usb/dvb-usb/dib0700_core.c |
1706 |
++++ b/drivers/media/usb/dvb-usb/dib0700_core.c |
1707 |
+@@ -610,8 +610,6 @@ int dib0700_streaming_ctrl(struct dvb_usb_adapter *adap, int onoff) |
1708 |
+ deb_info("the endpoint number (%i) is not correct, use the adapter id instead", adap->fe_adap[0].stream.props.endpoint); |
1709 |
+ if (onoff) |
1710 |
+ st->channel_state |= 1 << (adap->id); |
1711 |
+- else |
1712 |
+- st->channel_state |= 1 << ~(adap->id); |
1713 |
+ } else { |
1714 |
+ if (onoff) |
1715 |
+ st->channel_state |= 1 << (adap->fe_adap[0].stream.props.endpoint-2); |
1716 |
+diff --git a/drivers/media/usb/dvb-usb/m920x.c b/drivers/media/usb/dvb-usb/m920x.c |
1717 |
+index eafc5c82467f4..5b806779e2106 100644 |
1718 |
+--- a/drivers/media/usb/dvb-usb/m920x.c |
1719 |
++++ b/drivers/media/usb/dvb-usb/m920x.c |
1720 |
+@@ -284,6 +284,13 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu |
1721 |
+ /* Should check for ack here, if we knew how. */ |
1722 |
+ } |
1723 |
+ if (msg[i].flags & I2C_M_RD) { |
1724 |
++ char *read = kmalloc(1, GFP_KERNEL); |
1725 |
++ if (!read) { |
1726 |
++ ret = -ENOMEM; |
1727 |
++ kfree(read); |
1728 |
++ goto unlock; |
1729 |
++ } |
1730 |
++ |
1731 |
+ for (j = 0; j < msg[i].len; j++) { |
1732 |
+ /* Last byte of transaction? |
1733 |
+ * Send STOP, otherwise send ACK. */ |
1734 |
+@@ -291,9 +298,12 @@ static int m920x_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int nu |
1735 |
+ |
1736 |
+ if ((ret = m920x_read(d->udev, M9206_I2C, 0x0, |
1737 |
+ 0x20 | stop, |
1738 |
+- &msg[i].buf[j], 1)) != 0) |
1739 |
++ read, 1)) != 0) |
1740 |
+ goto unlock; |
1741 |
++ msg[i].buf[j] = read[0]; |
1742 |
+ } |
1743 |
++ |
1744 |
++ kfree(read); |
1745 |
+ } else { |
1746 |
+ for (j = 0; j < msg[i].len; j++) { |
1747 |
+ /* Last byte of transaction? Then send STOP. */ |
1748 |
+diff --git a/drivers/media/usb/em28xx/em28xx-core.c b/drivers/media/usb/em28xx/em28xx-core.c |
1749 |
+index eebd5d7088d00..fb3008a7233fe 100644 |
1750 |
+--- a/drivers/media/usb/em28xx/em28xx-core.c |
1751 |
++++ b/drivers/media/usb/em28xx/em28xx-core.c |
1752 |
+@@ -99,7 +99,7 @@ int em28xx_read_reg_req_len(struct em28xx *dev, u8 req, u16 reg, |
1753 |
+ mutex_lock(&dev->ctrl_urb_lock); |
1754 |
+ ret = usb_control_msg(dev->udev, pipe, req, |
1755 |
+ USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, |
1756 |
+- 0x0000, reg, dev->urb_buf, len, HZ); |
1757 |
++ 0x0000, reg, dev->urb_buf, len, 1000); |
1758 |
+ if (ret < 0) { |
1759 |
+ if (reg_debug) |
1760 |
+ printk(" failed!\n"); |
1761 |
+@@ -182,7 +182,7 @@ int em28xx_write_regs_req(struct em28xx *dev, u8 req, u16 reg, char *buf, |
1762 |
+ memcpy(dev->urb_buf, buf, len); |
1763 |
+ ret = usb_control_msg(dev->udev, pipe, req, |
1764 |
+ USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, |
1765 |
+- 0x0000, reg, dev->urb_buf, len, HZ); |
1766 |
++ 0x0000, reg, dev->urb_buf, len, 1000); |
1767 |
+ mutex_unlock(&dev->ctrl_urb_lock); |
1768 |
+ |
1769 |
+ if (ret < 0) |
1770 |
+diff --git a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c |
1771 |
+index 0cb8dd5852357..40535db585a0e 100644 |
1772 |
+--- a/drivers/media/usb/pvrusb2/pvrusb2-hdw.c |
1773 |
++++ b/drivers/media/usb/pvrusb2/pvrusb2-hdw.c |
1774 |
+@@ -1488,7 +1488,7 @@ static int pvr2_upload_firmware1(struct pvr2_hdw *hdw) |
1775 |
+ for (address = 0; address < fwsize; address += 0x800) { |
1776 |
+ memcpy(fw_ptr, fw_entry->data + address, 0x800); |
1777 |
+ ret += usb_control_msg(hdw->usb_dev, pipe, 0xa0, 0x40, address, |
1778 |
+- 0, fw_ptr, 0x800, HZ); |
1779 |
++ 0, fw_ptr, 0x800, 1000); |
1780 |
+ } |
1781 |
+ |
1782 |
+ trace_firmware("Upload done, releasing device's CPU"); |
1783 |
+@@ -1627,7 +1627,7 @@ int pvr2_upload_firmware2(struct pvr2_hdw *hdw) |
1784 |
+ ((u32 *)fw_ptr)[icnt] = swab32(((u32 *)fw_ptr)[icnt]); |
1785 |
+ |
1786 |
+ ret |= usb_bulk_msg(hdw->usb_dev, pipe, fw_ptr,bcnt, |
1787 |
+- &actual_length, HZ); |
1788 |
++ &actual_length, 1000); |
1789 |
+ ret |= (actual_length != bcnt); |
1790 |
+ if (ret) break; |
1791 |
+ fw_done += bcnt; |
1792 |
+@@ -3486,7 +3486,7 @@ void pvr2_hdw_cpufw_set_enabled(struct pvr2_hdw *hdw, |
1793 |
+ 0xa0,0xc0, |
1794 |
+ address,0, |
1795 |
+ hdw->fw_buffer+address, |
1796 |
+- 0x800,HZ); |
1797 |
++ 0x800,1000); |
1798 |
+ if (ret < 0) break; |
1799 |
+ } |
1800 |
+ |
1801 |
+@@ -4011,7 +4011,7 @@ void pvr2_hdw_cpureset_assert(struct pvr2_hdw *hdw,int val) |
1802 |
+ /* Write the CPUCS register on the 8051. The lsb of the register |
1803 |
+ is the reset bit; a 1 asserts reset while a 0 clears it. */ |
1804 |
+ pipe = usb_sndctrlpipe(hdw->usb_dev, 0); |
1805 |
+- ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,HZ); |
1806 |
++ ret = usb_control_msg(hdw->usb_dev,pipe,0xa0,0x40,0xe600,0,da,1,1000); |
1807 |
+ if (ret < 0) { |
1808 |
+ pvr2_trace(PVR2_TRACE_ERROR_LEGS, |
1809 |
+ "cpureset_assert(%d) error=%d",val,ret); |
1810 |
+diff --git a/drivers/media/usb/s2255/s2255drv.c b/drivers/media/usb/s2255/s2255drv.c |
1811 |
+index f7bb78c1873c9..fb5636f07e7eb 100644 |
1812 |
+--- a/drivers/media/usb/s2255/s2255drv.c |
1813 |
++++ b/drivers/media/usb/s2255/s2255drv.c |
1814 |
+@@ -1913,7 +1913,7 @@ static long s2255_vendor_req(struct s2255_dev *dev, unsigned char Request, |
1815 |
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | |
1816 |
+ USB_DIR_IN, |
1817 |
+ Value, Index, buf, |
1818 |
+- TransferBufferLength, HZ * 5); |
1819 |
++ TransferBufferLength, USB_CTRL_SET_TIMEOUT); |
1820 |
+ |
1821 |
+ if (r >= 0) |
1822 |
+ memcpy(TransferBuffer, buf, TransferBufferLength); |
1823 |
+@@ -1922,7 +1922,7 @@ static long s2255_vendor_req(struct s2255_dev *dev, unsigned char Request, |
1824 |
+ r = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0), |
1825 |
+ Request, USB_TYPE_VENDOR | USB_RECIP_DEVICE, |
1826 |
+ Value, Index, buf, |
1827 |
+- TransferBufferLength, HZ * 5); |
1828 |
++ TransferBufferLength, USB_CTRL_SET_TIMEOUT); |
1829 |
+ } |
1830 |
+ kfree(buf); |
1831 |
+ return r; |
1832 |
+diff --git a/drivers/media/usb/stk1160/stk1160-core.c b/drivers/media/usb/stk1160/stk1160-core.c |
1833 |
+index bc029478065a0..a526ea2fe587a 100644 |
1834 |
+--- a/drivers/media/usb/stk1160/stk1160-core.c |
1835 |
++++ b/drivers/media/usb/stk1160/stk1160-core.c |
1836 |
+@@ -76,7 +76,7 @@ int stk1160_read_reg(struct stk1160 *dev, u16 reg, u8 *value) |
1837 |
+ return -ENOMEM; |
1838 |
+ ret = usb_control_msg(dev->udev, pipe, 0x00, |
1839 |
+ USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE, |
1840 |
+- 0x00, reg, buf, sizeof(u8), HZ); |
1841 |
++ 0x00, reg, buf, sizeof(u8), 1000); |
1842 |
+ if (ret < 0) { |
1843 |
+ stk1160_err("read failed on reg 0x%x (%d)\n", |
1844 |
+ reg, ret); |
1845 |
+@@ -96,7 +96,7 @@ int stk1160_write_reg(struct stk1160 *dev, u16 reg, u16 value) |
1846 |
+ |
1847 |
+ ret = usb_control_msg(dev->udev, pipe, 0x01, |
1848 |
+ USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, |
1849 |
+- value, reg, NULL, 0, HZ); |
1850 |
++ value, reg, NULL, 0, 1000); |
1851 |
+ if (ret < 0) { |
1852 |
+ stk1160_err("write failed on reg 0x%x (%d)\n", |
1853 |
+ reg, ret); |
1854 |
+diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c |
1855 |
+index 1d724e86f3780..2a7d178a9d069 100644 |
1856 |
+--- a/drivers/media/usb/uvc/uvc_video.c |
1857 |
++++ b/drivers/media/usb/uvc/uvc_video.c |
1858 |
+@@ -1716,6 +1716,10 @@ static int uvc_init_video(struct uvc_streaming *stream, gfp_t gfp_flags) |
1859 |
+ if (ep == NULL) |
1860 |
+ return -EIO; |
1861 |
+ |
1862 |
++ /* Reject broken descriptors. */ |
1863 |
++ if (usb_endpoint_maxp(&ep->desc) == 0) |
1864 |
++ return -EIO; |
1865 |
++ |
1866 |
+ ret = uvc_init_video_bulk(stream, ep, gfp_flags); |
1867 |
+ } |
1868 |
+ |
1869 |
+diff --git a/drivers/mfd/intel-lpss-acpi.c b/drivers/mfd/intel-lpss-acpi.c |
1870 |
+index 6bf8d643d9428..31fbfd9c4b11c 100644 |
1871 |
+--- a/drivers/mfd/intel-lpss-acpi.c |
1872 |
++++ b/drivers/mfd/intel-lpss-acpi.c |
1873 |
+@@ -84,6 +84,7 @@ static int intel_lpss_acpi_probe(struct platform_device *pdev) |
1874 |
+ { |
1875 |
+ struct intel_lpss_platform_info *info; |
1876 |
+ const struct acpi_device_id *id; |
1877 |
++ int ret; |
1878 |
+ |
1879 |
+ id = acpi_match_device(intel_lpss_acpi_ids, &pdev->dev); |
1880 |
+ if (!id) |
1881 |
+@@ -97,10 +98,14 @@ static int intel_lpss_acpi_probe(struct platform_device *pdev) |
1882 |
+ info->mem = platform_get_resource(pdev, IORESOURCE_MEM, 0); |
1883 |
+ info->irq = platform_get_irq(pdev, 0); |
1884 |
+ |
1885 |
++ ret = intel_lpss_probe(&pdev->dev, info); |
1886 |
++ if (ret) |
1887 |
++ return ret; |
1888 |
++ |
1889 |
+ pm_runtime_set_active(&pdev->dev); |
1890 |
+ pm_runtime_enable(&pdev->dev); |
1891 |
+ |
1892 |
+- return intel_lpss_probe(&pdev->dev, info); |
1893 |
++ return 0; |
1894 |
+ } |
1895 |
+ |
1896 |
+ static int intel_lpss_acpi_remove(struct platform_device *pdev) |
1897 |
+diff --git a/drivers/misc/lattice-ecp3-config.c b/drivers/misc/lattice-ecp3-config.c |
1898 |
+index 626fdcaf25101..645d26536114f 100644 |
1899 |
+--- a/drivers/misc/lattice-ecp3-config.c |
1900 |
++++ b/drivers/misc/lattice-ecp3-config.c |
1901 |
+@@ -81,12 +81,12 @@ static void firmware_load(const struct firmware *fw, void *context) |
1902 |
+ |
1903 |
+ if (fw == NULL) { |
1904 |
+ dev_err(&spi->dev, "Cannot load firmware, aborting\n"); |
1905 |
+- return; |
1906 |
++ goto out; |
1907 |
+ } |
1908 |
+ |
1909 |
+ if (fw->size == 0) { |
1910 |
+ dev_err(&spi->dev, "Error: Firmware size is 0!\n"); |
1911 |
+- return; |
1912 |
++ goto out; |
1913 |
+ } |
1914 |
+ |
1915 |
+ /* Fill dummy data (24 stuffing bits for commands) */ |
1916 |
+@@ -108,7 +108,7 @@ static void firmware_load(const struct firmware *fw, void *context) |
1917 |
+ dev_err(&spi->dev, |
1918 |
+ "Error: No supported FPGA detected (JEDEC_ID=%08x)!\n", |
1919 |
+ jedec_id); |
1920 |
+- return; |
1921 |
++ goto out; |
1922 |
+ } |
1923 |
+ |
1924 |
+ dev_info(&spi->dev, "FPGA %s detected\n", ecp3_dev[i].name); |
1925 |
+@@ -121,7 +121,7 @@ static void firmware_load(const struct firmware *fw, void *context) |
1926 |
+ buffer = kzalloc(fw->size + 8, GFP_KERNEL); |
1927 |
+ if (!buffer) { |
1928 |
+ dev_err(&spi->dev, "Error: Can't allocate memory!\n"); |
1929 |
+- return; |
1930 |
++ goto out; |
1931 |
+ } |
1932 |
+ |
1933 |
+ /* |
1934 |
+@@ -160,7 +160,7 @@ static void firmware_load(const struct firmware *fw, void *context) |
1935 |
+ "Error: Timeout waiting for FPGA to clear (status=%08x)!\n", |
1936 |
+ status); |
1937 |
+ kfree(buffer); |
1938 |
+- return; |
1939 |
++ goto out; |
1940 |
+ } |
1941 |
+ |
1942 |
+ dev_info(&spi->dev, "Configuring the FPGA...\n"); |
1943 |
+@@ -186,7 +186,7 @@ static void firmware_load(const struct firmware *fw, void *context) |
1944 |
+ release_firmware(fw); |
1945 |
+ |
1946 |
+ kfree(buffer); |
1947 |
+- |
1948 |
++out: |
1949 |
+ complete(&data->fw_loaded); |
1950 |
+ } |
1951 |
+ |
1952 |
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
1953 |
+index 2b721ed392adb..0d9226bdf6614 100644 |
1954 |
+--- a/drivers/net/bonding/bond_main.c |
1955 |
++++ b/drivers/net/bonding/bond_main.c |
1956 |
+@@ -782,14 +782,14 @@ static bool bond_should_notify_peers(struct bonding *bond) |
1957 |
+ slave = rcu_dereference(bond->curr_active_slave); |
1958 |
+ rcu_read_unlock(); |
1959 |
+ |
1960 |
+- netdev_dbg(bond->dev, "bond_should_notify_peers: slave %s\n", |
1961 |
+- slave ? slave->dev->name : "NULL"); |
1962 |
+- |
1963 |
+ if (!slave || !bond->send_peer_notif || |
1964 |
+ !netif_carrier_ok(bond->dev) || |
1965 |
+ test_bit(__LINK_STATE_LINKWATCH_PENDING, &slave->dev->state)) |
1966 |
+ return false; |
1967 |
+ |
1968 |
++ netdev_dbg(bond->dev, "bond_should_notify_peers: slave %s\n", |
1969 |
++ slave ? slave->dev->name : "NULL"); |
1970 |
++ |
1971 |
+ return true; |
1972 |
+ } |
1973 |
+ |
1974 |
+diff --git a/drivers/net/can/softing/softing_cs.c b/drivers/net/can/softing/softing_cs.c |
1975 |
+index cdc0c7433a4b5..9fbed88d6c821 100644 |
1976 |
+--- a/drivers/net/can/softing/softing_cs.c |
1977 |
++++ b/drivers/net/can/softing/softing_cs.c |
1978 |
+@@ -304,7 +304,7 @@ static int softingcs_probe(struct pcmcia_device *pcmcia) |
1979 |
+ return 0; |
1980 |
+ |
1981 |
+ platform_failed: |
1982 |
+- kfree(dev); |
1983 |
++ platform_device_put(pdev); |
1984 |
+ mem_failed: |
1985 |
+ pcmcia_bad: |
1986 |
+ pcmcia_failed: |
1987 |
+diff --git a/drivers/net/can/softing/softing_fw.c b/drivers/net/can/softing/softing_fw.c |
1988 |
+index 52fe50725d749..a74c779feb90e 100644 |
1989 |
+--- a/drivers/net/can/softing/softing_fw.c |
1990 |
++++ b/drivers/net/can/softing/softing_fw.c |
1991 |
+@@ -576,18 +576,19 @@ int softing_startstop(struct net_device *dev, int up) |
1992 |
+ if (ret < 0) |
1993 |
+ goto failed; |
1994 |
+ } |
1995 |
+- /* enable_error_frame */ |
1996 |
+- /* |
1997 |
++ |
1998 |
++ /* enable_error_frame |
1999 |
++ * |
2000 |
+ * Error reporting is switched off at the moment since |
2001 |
+ * the receiving of them is not yet 100% verified |
2002 |
+ * This should be enabled sooner or later |
2003 |
+- * |
2004 |
+- if (error_reporting) { |
2005 |
++ */ |
2006 |
++ if (0 && error_reporting) { |
2007 |
+ ret = softing_fct_cmd(card, 51, "enable_error_frame"); |
2008 |
+ if (ret < 0) |
2009 |
+ goto failed; |
2010 |
+ } |
2011 |
+- */ |
2012 |
++ |
2013 |
+ /* initialize interface */ |
2014 |
+ iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 2]); |
2015 |
+ iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 4]); |
2016 |
+diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c |
2017 |
+index d21c68882e867..75399aa1ba951 100644 |
2018 |
+--- a/drivers/net/can/usb/gs_usb.c |
2019 |
++++ b/drivers/net/can/usb/gs_usb.c |
2020 |
+@@ -328,7 +328,7 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) |
2021 |
+ |
2022 |
+ /* device reports out of range channel id */ |
2023 |
+ if (hf->channel >= GS_MAX_INTF) |
2024 |
+- goto resubmit_urb; |
2025 |
++ goto device_detach; |
2026 |
+ |
2027 |
+ dev = usbcan->canch[hf->channel]; |
2028 |
+ |
2029 |
+@@ -413,6 +413,7 @@ static void gs_usb_receive_bulk_callback(struct urb *urb) |
2030 |
+ |
2031 |
+ /* USB failure take down all interfaces */ |
2032 |
+ if (rc == -ENODEV) { |
2033 |
++ device_detach: |
2034 |
+ for (rc = 0; rc < GS_MAX_INTF; rc++) { |
2035 |
+ if (usbcan->canch[rc]) |
2036 |
+ netif_device_detach(usbcan->canch[rc]->netdev); |
2037 |
+@@ -514,6 +515,8 @@ static netdev_tx_t gs_can_start_xmit(struct sk_buff *skb, |
2038 |
+ |
2039 |
+ hf->echo_id = idx; |
2040 |
+ hf->channel = dev->channel; |
2041 |
++ hf->flags = 0; |
2042 |
++ hf->reserved = 0; |
2043 |
+ |
2044 |
+ cf = (struct can_frame *)skb->data; |
2045 |
+ |
2046 |
+diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c |
2047 |
+index e680bab27dd7e..ef24b619e0e57 100644 |
2048 |
+--- a/drivers/net/can/xilinx_can.c |
2049 |
++++ b/drivers/net/can/xilinx_can.c |
2050 |
+@@ -1302,7 +1302,12 @@ static int xcan_probe(struct platform_device *pdev) |
2051 |
+ spin_lock_init(&priv->tx_lock); |
2052 |
+ |
2053 |
+ /* Get IRQ for the device */ |
2054 |
+- ndev->irq = platform_get_irq(pdev, 0); |
2055 |
++ ret = platform_get_irq(pdev, 0); |
2056 |
++ if (ret < 0) |
2057 |
++ goto err_free; |
2058 |
++ |
2059 |
++ ndev->irq = ret; |
2060 |
++ |
2061 |
+ ndev->flags |= IFF_ECHO; /* We support local echo */ |
2062 |
+ |
2063 |
+ platform_set_drvdata(pdev, ndev); |
2064 |
+diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c |
2065 |
+index fae5517770834..6676924d5f3e7 100644 |
2066 |
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c |
2067 |
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c |
2068 |
+@@ -3358,10 +3358,12 @@ static int bcmgenet_probe(struct platform_device *pdev) |
2069 |
+ |
2070 |
+ /* Request the WOL interrupt and advertise suspend if available */ |
2071 |
+ priv->wol_irq_disabled = true; |
2072 |
+- err = devm_request_irq(&pdev->dev, priv->wol_irq, bcmgenet_wol_isr, 0, |
2073 |
+- dev->name, priv); |
2074 |
+- if (!err) |
2075 |
+- device_set_wakeup_capable(&pdev->dev, 1); |
2076 |
++ if (priv->wol_irq > 0) { |
2077 |
++ err = devm_request_irq(&pdev->dev, priv->wol_irq, |
2078 |
++ bcmgenet_wol_isr, 0, dev->name, priv); |
2079 |
++ if (!err) |
2080 |
++ device_set_wakeup_capable(&pdev->dev, 1); |
2081 |
++ } |
2082 |
+ |
2083 |
+ /* Set the needed headroom to account for any possible |
2084 |
+ * features enabling/disabling at runtime |
2085 |
+diff --git a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c |
2086 |
+index d04a6c1634452..da8d10475a08e 100644 |
2087 |
+--- a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c |
2088 |
++++ b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c |
2089 |
+@@ -32,6 +32,7 @@ |
2090 |
+ |
2091 |
+ #include <linux/tcp.h> |
2092 |
+ #include <linux/ipv6.h> |
2093 |
++#include <net/inet_ecn.h> |
2094 |
+ #include <net/route.h> |
2095 |
+ #include <net/ip6_route.h> |
2096 |
+ |
2097 |
+@@ -99,7 +100,7 @@ cxgb_find_route(struct cxgb4_lld_info *lldi, |
2098 |
+ |
2099 |
+ rt = ip_route_output_ports(&init_net, &fl4, NULL, peer_ip, local_ip, |
2100 |
+ peer_port, local_port, IPPROTO_TCP, |
2101 |
+- tos, 0); |
2102 |
++ tos & ~INET_ECN_MASK, 0); |
2103 |
+ if (IS_ERR(rt)) |
2104 |
+ return NULL; |
2105 |
+ n = dst_neigh_lookup(&rt->dst, &peer_ip); |
2106 |
+diff --git a/drivers/net/ethernet/freescale/fman/mac.c b/drivers/net/ethernet/freescale/fman/mac.c |
2107 |
+index 81021f87e4f39..93b7ed361b82e 100644 |
2108 |
+--- a/drivers/net/ethernet/freescale/fman/mac.c |
2109 |
++++ b/drivers/net/ethernet/freescale/fman/mac.c |
2110 |
+@@ -96,14 +96,17 @@ static void mac_exception(void *handle, enum fman_mac_exceptions ex) |
2111 |
+ __func__, ex); |
2112 |
+ } |
2113 |
+ |
2114 |
+-static void set_fman_mac_params(struct mac_device *mac_dev, |
2115 |
+- struct fman_mac_params *params) |
2116 |
++static int set_fman_mac_params(struct mac_device *mac_dev, |
2117 |
++ struct fman_mac_params *params) |
2118 |
+ { |
2119 |
+ struct mac_priv_s *priv = mac_dev->priv; |
2120 |
+ |
2121 |
+ params->base_addr = (typeof(params->base_addr)) |
2122 |
+ devm_ioremap(priv->dev, mac_dev->res->start, |
2123 |
+ resource_size(mac_dev->res)); |
2124 |
++ if (!params->base_addr) |
2125 |
++ return -ENOMEM; |
2126 |
++ |
2127 |
+ memcpy(¶ms->addr, mac_dev->addr, sizeof(mac_dev->addr)); |
2128 |
+ params->max_speed = priv->max_speed; |
2129 |
+ params->phy_if = priv->phy_if; |
2130 |
+@@ -114,6 +117,8 @@ static void set_fman_mac_params(struct mac_device *mac_dev, |
2131 |
+ params->event_cb = mac_exception; |
2132 |
+ params->dev_id = mac_dev; |
2133 |
+ params->internal_phy_node = priv->internal_phy_node; |
2134 |
++ |
2135 |
++ return 0; |
2136 |
+ } |
2137 |
+ |
2138 |
+ static int tgec_initialization(struct mac_device *mac_dev) |
2139 |
+@@ -125,7 +130,9 @@ static int tgec_initialization(struct mac_device *mac_dev) |
2140 |
+ |
2141 |
+ priv = mac_dev->priv; |
2142 |
+ |
2143 |
+- set_fman_mac_params(mac_dev, ¶ms); |
2144 |
++ err = set_fman_mac_params(mac_dev, ¶ms); |
2145 |
++ if (err) |
2146 |
++ goto _return; |
2147 |
+ |
2148 |
+ mac_dev->fman_mac = tgec_config(¶ms); |
2149 |
+ if (!mac_dev->fman_mac) { |
2150 |
+@@ -171,7 +178,9 @@ static int dtsec_initialization(struct mac_device *mac_dev) |
2151 |
+ |
2152 |
+ priv = mac_dev->priv; |
2153 |
+ |
2154 |
+- set_fman_mac_params(mac_dev, ¶ms); |
2155 |
++ err = set_fman_mac_params(mac_dev, ¶ms); |
2156 |
++ if (err) |
2157 |
++ goto _return; |
2158 |
+ |
2159 |
+ mac_dev->fman_mac = dtsec_config(¶ms); |
2160 |
+ if (!mac_dev->fman_mac) { |
2161 |
+@@ -220,7 +229,9 @@ static int memac_initialization(struct mac_device *mac_dev) |
2162 |
+ |
2163 |
+ priv = mac_dev->priv; |
2164 |
+ |
2165 |
+- set_fman_mac_params(mac_dev, ¶ms); |
2166 |
++ err = set_fman_mac_params(mac_dev, ¶ms); |
2167 |
++ if (err) |
2168 |
++ goto _return; |
2169 |
+ |
2170 |
+ if (priv->max_speed == SPEED_10000) |
2171 |
+ params.phy_if = PHY_INTERFACE_MODE_XGMII; |
2172 |
+diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c |
2173 |
+index 9fd68cfdd9734..fc721a59a4086 100644 |
2174 |
+--- a/drivers/net/ethernet/freescale/gianfar.c |
2175 |
++++ b/drivers/net/ethernet/freescale/gianfar.c |
2176 |
+@@ -2939,29 +2939,21 @@ static bool gfar_add_rx_frag(struct gfar_rx_buff *rxb, u32 lstatus, |
2177 |
+ { |
2178 |
+ int size = lstatus & BD_LENGTH_MASK; |
2179 |
+ struct page *page = rxb->page; |
2180 |
+- bool last = !!(lstatus & BD_LFLAG(RXBD_LAST)); |
2181 |
+- |
2182 |
+- /* Remove the FCS from the packet length */ |
2183 |
+- if (last) |
2184 |
+- size -= ETH_FCS_LEN; |
2185 |
+ |
2186 |
+ if (likely(first)) { |
2187 |
+ skb_put(skb, size); |
2188 |
+ } else { |
2189 |
+ /* the last fragments' length contains the full frame length */ |
2190 |
+- if (last) |
2191 |
++ if (lstatus & BD_LFLAG(RXBD_LAST)) |
2192 |
+ size -= skb->len; |
2193 |
+ |
2194 |
+- /* Add the last fragment if it contains something other than |
2195 |
+- * the FCS, otherwise drop it and trim off any part of the FCS |
2196 |
+- * that was already received. |
2197 |
+- */ |
2198 |
+- if (size > 0) |
2199 |
+- skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, |
2200 |
+- rxb->page_offset + RXBUF_ALIGNMENT, |
2201 |
+- size, GFAR_RXB_TRUESIZE); |
2202 |
+- else if (size < 0) |
2203 |
+- pskb_trim(skb, skb->len + size); |
2204 |
++ WARN(size < 0, "gianfar: rx fragment size underflow"); |
2205 |
++ if (size < 0) |
2206 |
++ return false; |
2207 |
++ |
2208 |
++ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page, |
2209 |
++ rxb->page_offset + RXBUF_ALIGNMENT, |
2210 |
++ size, GFAR_RXB_TRUESIZE); |
2211 |
+ } |
2212 |
+ |
2213 |
+ /* try reuse page */ |
2214 |
+@@ -3074,6 +3066,9 @@ static void gfar_process_frame(struct net_device *ndev, struct sk_buff *skb) |
2215 |
+ if (priv->padding) |
2216 |
+ skb_pull(skb, priv->padding); |
2217 |
+ |
2218 |
++ /* Trim off the FCS */ |
2219 |
++ pskb_trim(skb, skb->len - ETH_FCS_LEN); |
2220 |
++ |
2221 |
+ if (ndev->features & NETIF_F_RXCSUM) |
2222 |
+ gfar_rx_checksum(skb, fcb); |
2223 |
+ |
2224 |
+@@ -3117,6 +3112,17 @@ int gfar_clean_rx_ring(struct gfar_priv_rx_q *rx_queue, int rx_work_limit) |
2225 |
+ if (lstatus & BD_LFLAG(RXBD_EMPTY)) |
2226 |
+ break; |
2227 |
+ |
2228 |
++ /* lost RXBD_LAST descriptor due to overrun */ |
2229 |
++ if (skb && |
2230 |
++ (lstatus & BD_LFLAG(RXBD_FIRST))) { |
2231 |
++ /* discard faulty buffer */ |
2232 |
++ dev_kfree_skb(skb); |
2233 |
++ skb = NULL; |
2234 |
++ rx_queue->stats.rx_dropped++; |
2235 |
++ |
2236 |
++ /* can continue normally */ |
2237 |
++ } |
2238 |
++ |
2239 |
+ /* order rx buffer descriptor reads */ |
2240 |
+ rmb(); |
2241 |
+ |
2242 |
+diff --git a/drivers/net/ethernet/freescale/xgmac_mdio.c b/drivers/net/ethernet/freescale/xgmac_mdio.c |
2243 |
+index c82c85ef5fb34..c37aea7ba8502 100644 |
2244 |
+--- a/drivers/net/ethernet/freescale/xgmac_mdio.c |
2245 |
++++ b/drivers/net/ethernet/freescale/xgmac_mdio.c |
2246 |
+@@ -301,9 +301,10 @@ err_ioremap: |
2247 |
+ static int xgmac_mdio_remove(struct platform_device *pdev) |
2248 |
+ { |
2249 |
+ struct mii_bus *bus = platform_get_drvdata(pdev); |
2250 |
++ struct mdio_fsl_priv *priv = bus->priv; |
2251 |
+ |
2252 |
+ mdiobus_unregister(bus); |
2253 |
+- iounmap(bus->priv); |
2254 |
++ iounmap(priv->mdio_base); |
2255 |
+ mdiobus_free(bus); |
2256 |
+ |
2257 |
+ return 0; |
2258 |
+diff --git a/drivers/net/ethernet/i825xx/sni_82596.c b/drivers/net/ethernet/i825xx/sni_82596.c |
2259 |
+index 2af7f77345fbd..e4128e151b854 100644 |
2260 |
+--- a/drivers/net/ethernet/i825xx/sni_82596.c |
2261 |
++++ b/drivers/net/ethernet/i825xx/sni_82596.c |
2262 |
+@@ -122,9 +122,10 @@ static int sni_82596_probe(struct platform_device *dev) |
2263 |
+ netdevice->dev_addr[5] = readb(eth_addr + 0x06); |
2264 |
+ iounmap(eth_addr); |
2265 |
+ |
2266 |
+- if (!netdevice->irq) { |
2267 |
++ if (netdevice->irq < 0) { |
2268 |
+ printk(KERN_ERR "%s: IRQ not found for i82596 at 0x%lx\n", |
2269 |
+ __FILE__, netdevice->base_addr); |
2270 |
++ retval = netdevice->irq; |
2271 |
+ goto probe_failed; |
2272 |
+ } |
2273 |
+ |
2274 |
+diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c |
2275 |
+index 46fcf3ec2caf7..46998a58e3d96 100644 |
2276 |
+--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c |
2277 |
++++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c |
2278 |
+@@ -278,6 +278,16 @@ static int axienet_dma_bd_init(struct net_device *ndev) |
2279 |
+ axienet_dma_out32(lp, XAXIDMA_TX_CR_OFFSET, |
2280 |
+ cr | XAXIDMA_CR_RUNSTOP_MASK); |
2281 |
+ |
2282 |
++ /* Wait for PhyRstCmplt bit to be set, indicating the PHY reset has finished */ |
2283 |
++ ret = read_poll_timeout(axienet_ior, value, |
2284 |
++ value & XAE_INT_PHYRSTCMPLT_MASK, |
2285 |
++ DELAY_OF_ONE_MILLISEC, 50000, false, lp, |
2286 |
++ XAE_IS_OFFSET); |
2287 |
++ if (ret) { |
2288 |
++ dev_err(lp->dev, "%s: timeout waiting for PhyRstCmplt\n", __func__); |
2289 |
++ return ret; |
2290 |
++ } |
2291 |
++ |
2292 |
+ return 0; |
2293 |
+ out: |
2294 |
+ axienet_dma_bd_release(ndev); |
2295 |
+@@ -670,7 +680,7 @@ axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
2296 |
+ num_frag = skb_shinfo(skb)->nr_frags; |
2297 |
+ cur_p = &lp->tx_bd_v[lp->tx_bd_tail]; |
2298 |
+ |
2299 |
+- if (axienet_check_tx_bd_space(lp, num_frag)) { |
2300 |
++ if (axienet_check_tx_bd_space(lp, num_frag + 1)) { |
2301 |
+ if (netif_queue_stopped(ndev)) |
2302 |
+ return NETDEV_TX_BUSY; |
2303 |
+ |
2304 |
+@@ -680,7 +690,7 @@ axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
2305 |
+ smp_mb(); |
2306 |
+ |
2307 |
+ /* Space might have just been freed - check again */ |
2308 |
+- if (axienet_check_tx_bd_space(lp, num_frag)) |
2309 |
++ if (axienet_check_tx_bd_space(lp, num_frag + 1)) |
2310 |
+ return NETDEV_TX_BUSY; |
2311 |
+ |
2312 |
+ netif_wake_queue(ndev); |
2313 |
+diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c |
2314 |
+index 92fb664b56fbb..0fa6e2da4b5a2 100644 |
2315 |
+--- a/drivers/net/phy/mdio_bus.c |
2316 |
++++ b/drivers/net/phy/mdio_bus.c |
2317 |
+@@ -347,7 +347,7 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner) |
2318 |
+ } |
2319 |
+ |
2320 |
+ bus->state = MDIOBUS_REGISTERED; |
2321 |
+- pr_info("%s: probed\n", bus->name); |
2322 |
++ dev_dbg(&bus->dev, "probed\n"); |
2323 |
+ return 0; |
2324 |
+ |
2325 |
+ error: |
2326 |
+diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c |
2327 |
+index 0a29844676f92..6287d2ad77c6d 100644 |
2328 |
+--- a/drivers/net/ppp/ppp_generic.c |
2329 |
++++ b/drivers/net/ppp/ppp_generic.c |
2330 |
+@@ -71,6 +71,8 @@ |
2331 |
+ #define MPHDRLEN 6 /* multilink protocol header length */ |
2332 |
+ #define MPHDRLEN_SSN 4 /* ditto with short sequence numbers */ |
2333 |
+ |
2334 |
++#define PPP_PROTO_LEN 2 |
2335 |
++ |
2336 |
+ /* |
2337 |
+ * An instance of /dev/ppp can be associated with either a ppp |
2338 |
+ * interface unit or a ppp channel. In both cases, file->private_data |
2339 |
+@@ -500,6 +502,9 @@ static ssize_t ppp_write(struct file *file, const char __user *buf, |
2340 |
+ |
2341 |
+ if (!pf) |
2342 |
+ return -ENXIO; |
2343 |
++ /* All PPP packets should start with the 2-byte protocol */ |
2344 |
++ if (count < PPP_PROTO_LEN) |
2345 |
++ return -EINVAL; |
2346 |
+ ret = -ENOMEM; |
2347 |
+ skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL); |
2348 |
+ if (!skb) |
2349 |
+@@ -1563,7 +1568,7 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) |
2350 |
+ } |
2351 |
+ |
2352 |
+ ++ppp->stats64.tx_packets; |
2353 |
+- ppp->stats64.tx_bytes += skb->len - 2; |
2354 |
++ ppp->stats64.tx_bytes += skb->len - PPP_PROTO_LEN; |
2355 |
+ |
2356 |
+ switch (proto) { |
2357 |
+ case PPP_IP: |
2358 |
+diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c |
2359 |
+index 4f345bd4e6e29..95151b46f2001 100644 |
2360 |
+--- a/drivers/net/usb/mcs7830.c |
2361 |
++++ b/drivers/net/usb/mcs7830.c |
2362 |
+@@ -121,8 +121,16 @@ static const char driver_name[] = "MOSCHIP usb-ethernet driver"; |
2363 |
+ |
2364 |
+ static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data) |
2365 |
+ { |
2366 |
+- return usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ, |
2367 |
+- 0x0000, index, data, size); |
2368 |
++ int ret; |
2369 |
++ |
2370 |
++ ret = usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ, |
2371 |
++ 0x0000, index, data, size); |
2372 |
++ if (ret < 0) |
2373 |
++ return ret; |
2374 |
++ else if (ret < size) |
2375 |
++ return -ENODATA; |
2376 |
++ |
2377 |
++ return ret; |
2378 |
+ } |
2379 |
+ |
2380 |
+ static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, const void *data) |
2381 |
+diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c |
2382 |
+index 9f4ee1d125b68..0c6b33c464cd9 100644 |
2383 |
+--- a/drivers/net/wireless/ath/ar5523/ar5523.c |
2384 |
++++ b/drivers/net/wireless/ath/ar5523/ar5523.c |
2385 |
+@@ -153,6 +153,10 @@ static void ar5523_cmd_rx_cb(struct urb *urb) |
2386 |
+ ar5523_err(ar, "Invalid reply to WDCMSG_TARGET_START"); |
2387 |
+ return; |
2388 |
+ } |
2389 |
++ if (!cmd->odata) { |
2390 |
++ ar5523_err(ar, "Unexpected WDCMSG_TARGET_START reply"); |
2391 |
++ return; |
2392 |
++ } |
2393 |
+ memcpy(cmd->odata, hdr + 1, sizeof(u32)); |
2394 |
+ cmd->olen = sizeof(u32); |
2395 |
+ cmd->res = 0; |
2396 |
+diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c |
2397 |
+index ae5b33fe5ba82..374ce35940d07 100644 |
2398 |
+--- a/drivers/net/wireless/ath/ath10k/htt_tx.c |
2399 |
++++ b/drivers/net/wireless/ath/ath10k/htt_tx.c |
2400 |
+@@ -158,6 +158,9 @@ void ath10k_htt_tx_dec_pending(struct ath10k_htt *htt) |
2401 |
+ htt->num_pending_tx--; |
2402 |
+ if (htt->num_pending_tx == htt->max_num_pending_tx - 1) |
2403 |
+ ath10k_mac_tx_unlock(htt->ar, ATH10K_TX_PAUSE_Q_FULL); |
2404 |
++ |
2405 |
++ if (htt->num_pending_tx == 0) |
2406 |
++ wake_up(&htt->empty_tx_wq); |
2407 |
+ } |
2408 |
+ |
2409 |
+ int ath10k_htt_tx_inc_pending(struct ath10k_htt *htt) |
2410 |
+diff --git a/drivers/net/wireless/ath/ath10k/txrx.c b/drivers/net/wireless/ath/ath10k/txrx.c |
2411 |
+index beeb6be06939b..b6c050452b757 100644 |
2412 |
+--- a/drivers/net/wireless/ath/ath10k/txrx.c |
2413 |
++++ b/drivers/net/wireless/ath/ath10k/txrx.c |
2414 |
+@@ -89,8 +89,6 @@ int ath10k_txrx_tx_unref(struct ath10k_htt *htt, |
2415 |
+ |
2416 |
+ ath10k_htt_tx_free_msdu_id(htt, tx_done->msdu_id); |
2417 |
+ ath10k_htt_tx_dec_pending(htt); |
2418 |
+- if (htt->num_pending_tx == 0) |
2419 |
+- wake_up(&htt->empty_tx_wq); |
2420 |
+ spin_unlock_bh(&htt->tx_lock); |
2421 |
+ |
2422 |
+ dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE); |
2423 |
+diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c |
2424 |
+index 7c409cd43b709..33a6be0f21cac 100644 |
2425 |
+--- a/drivers/net/wireless/ath/ath9k/hif_usb.c |
2426 |
++++ b/drivers/net/wireless/ath/ath9k/hif_usb.c |
2427 |
+@@ -588,6 +588,13 @@ static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev, |
2428 |
+ return; |
2429 |
+ } |
2430 |
+ |
2431 |
++ if (pkt_len > 2 * MAX_RX_BUF_SIZE) { |
2432 |
++ dev_err(&hif_dev->udev->dev, |
2433 |
++ "ath9k_htc: invalid pkt_len (%x)\n", pkt_len); |
2434 |
++ RX_STAT_INC(skb_dropped); |
2435 |
++ return; |
2436 |
++ } |
2437 |
++ |
2438 |
+ pad_len = 4 - (pkt_len & 0x3); |
2439 |
+ if (pad_len == 4) |
2440 |
+ pad_len = 0; |
2441 |
+diff --git a/drivers/net/wireless/ath/wcn36xx/smd.c b/drivers/net/wireless/ath/wcn36xx/smd.c |
2442 |
+index 914c210c9e605..da2f442cab271 100644 |
2443 |
+--- a/drivers/net/wireless/ath/wcn36xx/smd.c |
2444 |
++++ b/drivers/net/wireless/ath/wcn36xx/smd.c |
2445 |
+@@ -2052,7 +2052,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn, |
2446 |
+ wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n", |
2447 |
+ tmp->bss_index); |
2448 |
+ vif = wcn36xx_priv_to_vif(tmp); |
2449 |
+- ieee80211_connection_loss(vif); |
2450 |
++ ieee80211_beacon_loss(vif); |
2451 |
+ } |
2452 |
+ return 0; |
2453 |
+ } |
2454 |
+@@ -2067,7 +2067,7 @@ static int wcn36xx_smd_missed_beacon_ind(struct wcn36xx *wcn, |
2455 |
+ wcn36xx_dbg(WCN36XX_DBG_HAL, "beacon missed bss_index %d\n", |
2456 |
+ rsp->bss_index); |
2457 |
+ vif = wcn36xx_priv_to_vif(tmp); |
2458 |
+- ieee80211_connection_loss(vif); |
2459 |
++ ieee80211_beacon_loss(vif); |
2460 |
+ return 0; |
2461 |
+ } |
2462 |
+ } |
2463 |
+diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |
2464 |
+index d46efa8d70732..f8c225a726bd4 100644 |
2465 |
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |
2466 |
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c |
2467 |
+@@ -1599,6 +1599,7 @@ static void iwl_mvm_recalc_multicast(struct iwl_mvm *mvm) |
2468 |
+ struct iwl_mvm_mc_iter_data iter_data = { |
2469 |
+ .mvm = mvm, |
2470 |
+ }; |
2471 |
++ int ret; |
2472 |
+ |
2473 |
+ lockdep_assert_held(&mvm->mutex); |
2474 |
+ |
2475 |
+@@ -1608,6 +1609,22 @@ static void iwl_mvm_recalc_multicast(struct iwl_mvm *mvm) |
2476 |
+ ieee80211_iterate_active_interfaces_atomic( |
2477 |
+ mvm->hw, IEEE80211_IFACE_ITER_NORMAL, |
2478 |
+ iwl_mvm_mc_iface_iterator, &iter_data); |
2479 |
++ |
2480 |
++ /* |
2481 |
++ * Send a (synchronous) ech command so that we wait for the |
2482 |
++ * multiple asynchronous MCAST_FILTER_CMD commands sent by |
2483 |
++ * the interface iterator. Otherwise, we might get here over |
2484 |
++ * and over again (by userspace just sending a lot of these) |
2485 |
++ * and the CPU can send them faster than the firmware can |
2486 |
++ * process them. |
2487 |
++ * Note that the CPU is still faster - but with this we'll |
2488 |
++ * actually send fewer commands overall because the CPU will |
2489 |
++ * not schedule the work in mac80211 as frequently if it's |
2490 |
++ * still running when rescheduled (possibly multiple times). |
2491 |
++ */ |
2492 |
++ ret = iwl_mvm_send_cmd_pdu(mvm, ECHO_CMD, 0, 0, NULL); |
2493 |
++ if (ret) |
2494 |
++ IWL_ERR(mvm, "Failed to synchronize multicast groups update\n"); |
2495 |
+ } |
2496 |
+ |
2497 |
+ static u64 iwl_mvm_prepare_multicast(struct ieee80211_hw *hw, |
2498 |
+diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c |
2499 |
+index fa97432054912..a8470817689cf 100644 |
2500 |
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c |
2501 |
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c |
2502 |
+@@ -1260,7 +1260,7 @@ static int iwl_mvm_check_running_scans(struct iwl_mvm *mvm, int type) |
2503 |
+ return -EIO; |
2504 |
+ } |
2505 |
+ |
2506 |
+-#define SCAN_TIMEOUT 20000 |
2507 |
++#define SCAN_TIMEOUT 30000 |
2508 |
+ |
2509 |
+ void iwl_mvm_scan_timeout_wk(struct work_struct *work) |
2510 |
+ { |
2511 |
+diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c |
2512 |
+index 2c4225e57c396..3a26add665ca0 100644 |
2513 |
+--- a/drivers/net/wireless/marvell/mwifiex/usb.c |
2514 |
++++ b/drivers/net/wireless/marvell/mwifiex/usb.c |
2515 |
+@@ -132,7 +132,8 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter, |
2516 |
+ default: |
2517 |
+ mwifiex_dbg(adapter, ERROR, |
2518 |
+ "unknown recv_type %#x\n", recv_type); |
2519 |
+- return -1; |
2520 |
++ ret = -1; |
2521 |
++ goto exit_restore_skb; |
2522 |
+ } |
2523 |
+ break; |
2524 |
+ case MWIFIEX_USB_EP_DATA: |
2525 |
+diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c |
2526 |
+index 39a6bd314ca3b..264c1d57e10bc 100644 |
2527 |
+--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c |
2528 |
++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c |
2529 |
+@@ -1037,6 +1037,7 @@ int rtl92cu_hw_init(struct ieee80211_hw *hw) |
2530 |
+ _InitPABias(hw); |
2531 |
+ rtl92c_dm_init(hw); |
2532 |
+ exit: |
2533 |
++ local_irq_disable(); |
2534 |
+ local_irq_restore(flags); |
2535 |
+ return err; |
2536 |
+ } |
2537 |
+diff --git a/drivers/parisc/pdc_stable.c b/drivers/parisc/pdc_stable.c |
2538 |
+index 3651c3871d5b4..1b4aacf2ff9a5 100644 |
2539 |
+--- a/drivers/parisc/pdc_stable.c |
2540 |
++++ b/drivers/parisc/pdc_stable.c |
2541 |
+@@ -992,8 +992,10 @@ pdcs_register_pathentries(void) |
2542 |
+ entry->kobj.kset = paths_kset; |
2543 |
+ err = kobject_init_and_add(&entry->kobj, &ktype_pdcspath, NULL, |
2544 |
+ "%s", entry->name); |
2545 |
+- if (err) |
2546 |
++ if (err) { |
2547 |
++ kobject_put(&entry->kobj); |
2548 |
+ return err; |
2549 |
++ } |
2550 |
+ |
2551 |
+ /* kobject is now registered */ |
2552 |
+ write_lock(&entry->rw_lock); |
2553 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
2554 |
+index 3ff2971102b61..8d34c6d0de796 100644 |
2555 |
+--- a/drivers/pci/quirks.c |
2556 |
++++ b/drivers/pci/quirks.c |
2557 |
+@@ -3916,6 +3916,9 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9120, |
2558 |
+ quirk_dma_func1_alias); |
2559 |
+ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9123, |
2560 |
+ quirk_dma_func1_alias); |
2561 |
++/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c136 */ |
2562 |
++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9125, |
2563 |
++ quirk_dma_func1_alias); |
2564 |
+ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128, |
2565 |
+ quirk_dma_func1_alias); |
2566 |
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */ |
2567 |
+diff --git a/drivers/pcmcia/cs.c b/drivers/pcmcia/cs.c |
2568 |
+index c3b615c94b4bf..a92cbc952b70b 100644 |
2569 |
+--- a/drivers/pcmcia/cs.c |
2570 |
++++ b/drivers/pcmcia/cs.c |
2571 |
+@@ -665,18 +665,16 @@ static int pccardd(void *__skt) |
2572 |
+ if (events || sysfs_events) |
2573 |
+ continue; |
2574 |
+ |
2575 |
++ set_current_state(TASK_INTERRUPTIBLE); |
2576 |
+ if (kthread_should_stop()) |
2577 |
+ break; |
2578 |
+ |
2579 |
+- set_current_state(TASK_INTERRUPTIBLE); |
2580 |
+- |
2581 |
+ schedule(); |
2582 |
+ |
2583 |
+- /* make sure we are running */ |
2584 |
+- __set_current_state(TASK_RUNNING); |
2585 |
+- |
2586 |
+ try_to_freeze(); |
2587 |
+ } |
2588 |
++ /* make sure we are running before we exit */ |
2589 |
++ __set_current_state(TASK_RUNNING); |
2590 |
+ |
2591 |
+ /* shut down socket, if a device is still present */ |
2592 |
+ if (skt->state & SOCKET_PRESENT) { |
2593 |
+diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c |
2594 |
+index 5ef7b46a25786..2e96d9273b780 100644 |
2595 |
+--- a/drivers/pcmcia/rsrc_nonstatic.c |
2596 |
++++ b/drivers/pcmcia/rsrc_nonstatic.c |
2597 |
+@@ -693,6 +693,9 @@ static struct resource *__nonstatic_find_io_region(struct pcmcia_socket *s, |
2598 |
+ unsigned long min = base; |
2599 |
+ int ret; |
2600 |
+ |
2601 |
++ if (!res) |
2602 |
++ return NULL; |
2603 |
++ |
2604 |
+ data.mask = align - 1; |
2605 |
+ data.offset = base & data.mask; |
2606 |
+ data.map = &s_data->io_db; |
2607 |
+@@ -812,6 +815,9 @@ static struct resource *nonstatic_find_mem_region(u_long base, u_long num, |
2608 |
+ unsigned long min, max; |
2609 |
+ int ret, i, j; |
2610 |
+ |
2611 |
++ if (!res) |
2612 |
++ return NULL; |
2613 |
++ |
2614 |
+ low = low || !(s->features & SS_CAP_PAGE_REGS); |
2615 |
+ |
2616 |
+ data.mask = align - 1; |
2617 |
+diff --git a/drivers/power/supply/bq25890_charger.c b/drivers/power/supply/bq25890_charger.c |
2618 |
+index f993a55cde20f..faf2a62435674 100644 |
2619 |
+--- a/drivers/power/supply/bq25890_charger.c |
2620 |
++++ b/drivers/power/supply/bq25890_charger.c |
2621 |
+@@ -521,12 +521,12 @@ static void bq25890_handle_state_change(struct bq25890_device *bq, |
2622 |
+ |
2623 |
+ if (!new_state->online) { /* power removed */ |
2624 |
+ /* disable ADC */ |
2625 |
+- ret = bq25890_field_write(bq, F_CONV_START, 0); |
2626 |
++ ret = bq25890_field_write(bq, F_CONV_RATE, 0); |
2627 |
+ if (ret < 0) |
2628 |
+ goto error; |
2629 |
+ } else if (!old_state.online) { /* power inserted */ |
2630 |
+ /* enable ADC, to have control of charge current/voltage */ |
2631 |
+- ret = bq25890_field_write(bq, F_CONV_START, 1); |
2632 |
++ ret = bq25890_field_write(bq, F_CONV_RATE, 1); |
2633 |
+ if (ret < 0) |
2634 |
+ goto error; |
2635 |
+ } |
2636 |
+diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c |
2637 |
+index b962dbe51750d..1dbd8419df7d7 100644 |
2638 |
+--- a/drivers/rtc/rtc-cmos.c |
2639 |
++++ b/drivers/rtc/rtc-cmos.c |
2640 |
+@@ -342,7 +342,10 @@ static int cmos_set_alarm(struct device *dev, struct rtc_wkalrm *t) |
2641 |
+ min = t->time.tm_min; |
2642 |
+ sec = t->time.tm_sec; |
2643 |
+ |
2644 |
++ spin_lock_irq(&rtc_lock); |
2645 |
+ rtc_control = CMOS_READ(RTC_CONTROL); |
2646 |
++ spin_unlock_irq(&rtc_lock); |
2647 |
++ |
2648 |
+ if (!(rtc_control & RTC_DM_BINARY) || RTC_ALWAYS_BCD) { |
2649 |
+ /* Writing 0xff means "don't care" or "match all". */ |
2650 |
+ mon = (mon <= 12) ? bin2bcd(mon) : 0xff; |
2651 |
+diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c |
2652 |
+index 9b63e46edffcc..a2a4c6e22c68d 100644 |
2653 |
+--- a/drivers/scsi/sr.c |
2654 |
++++ b/drivers/scsi/sr.c |
2655 |
+@@ -882,7 +882,7 @@ static void get_capabilities(struct scsi_cd *cd) |
2656 |
+ |
2657 |
+ |
2658 |
+ /* allocate transfer buffer */ |
2659 |
+- buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); |
2660 |
++ buffer = kmalloc(512, GFP_KERNEL); |
2661 |
+ if (!buffer) { |
2662 |
+ sr_printk(KERN_ERR, cd, "out of memory.\n"); |
2663 |
+ return; |
2664 |
+diff --git a/drivers/scsi/sr_vendor.c b/drivers/scsi/sr_vendor.c |
2665 |
+index 11a238cb22223..629bfe1b20263 100644 |
2666 |
+--- a/drivers/scsi/sr_vendor.c |
2667 |
++++ b/drivers/scsi/sr_vendor.c |
2668 |
+@@ -118,7 +118,7 @@ int sr_set_blocklength(Scsi_CD *cd, int blocklength) |
2669 |
+ density = (blocklength > 2048) ? 0x81 : 0x83; |
2670 |
+ #endif |
2671 |
+ |
2672 |
+- buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); |
2673 |
++ buffer = kmalloc(512, GFP_KERNEL); |
2674 |
+ if (!buffer) |
2675 |
+ return -ENOMEM; |
2676 |
+ |
2677 |
+@@ -166,7 +166,7 @@ int sr_cd_check(struct cdrom_device_info *cdi) |
2678 |
+ if (cd->cdi.mask & CDC_MULTI_SESSION) |
2679 |
+ return 0; |
2680 |
+ |
2681 |
+- buffer = kmalloc(512, GFP_KERNEL | GFP_DMA); |
2682 |
++ buffer = kmalloc(512, GFP_KERNEL); |
2683 |
+ if (!buffer) |
2684 |
+ return -ENOMEM; |
2685 |
+ |
2686 |
+diff --git a/drivers/scsi/ufs/tc-dwc-g210-pci.c b/drivers/scsi/ufs/tc-dwc-g210-pci.c |
2687 |
+index c09a0fef0fe60..a1785b0239667 100644 |
2688 |
+--- a/drivers/scsi/ufs/tc-dwc-g210-pci.c |
2689 |
++++ b/drivers/scsi/ufs/tc-dwc-g210-pci.c |
2690 |
+@@ -140,7 +140,6 @@ tc_dwc_g210_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) |
2691 |
+ return err; |
2692 |
+ } |
2693 |
+ |
2694 |
+- pci_set_drvdata(pdev, hba); |
2695 |
+ pm_runtime_put_noidle(&pdev->dev); |
2696 |
+ pm_runtime_allow(&pdev->dev); |
2697 |
+ |
2698 |
+diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c |
2699 |
+index b47decc1fb5ba..e9b0cc4cbb4d2 100644 |
2700 |
+--- a/drivers/scsi/ufs/ufshcd-pltfrm.c |
2701 |
++++ b/drivers/scsi/ufs/ufshcd-pltfrm.c |
2702 |
+@@ -350,8 +350,6 @@ int ufshcd_pltfrm_init(struct platform_device *pdev, |
2703 |
+ goto dealloc_host; |
2704 |
+ } |
2705 |
+ |
2706 |
+- platform_set_drvdata(pdev, hba); |
2707 |
+- |
2708 |
+ pm_runtime_set_active(&pdev->dev); |
2709 |
+ pm_runtime_enable(&pdev->dev); |
2710 |
+ |
2711 |
+diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c |
2712 |
+index a767d942bfca5..cf7946c840165 100644 |
2713 |
+--- a/drivers/scsi/ufs/ufshcd.c |
2714 |
++++ b/drivers/scsi/ufs/ufshcd.c |
2715 |
+@@ -6766,6 +6766,13 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq) |
2716 |
+ struct Scsi_Host *host = hba->host; |
2717 |
+ struct device *dev = hba->dev; |
2718 |
+ |
2719 |
++ /* |
2720 |
++ * dev_set_drvdata() must be called before any callbacks are registered |
2721 |
++ * that use dev_get_drvdata() (frequency scaling, clock scaling, hwmon, |
2722 |
++ * sysfs). |
2723 |
++ */ |
2724 |
++ dev_set_drvdata(dev, hba); |
2725 |
++ |
2726 |
+ if (!mmio_base) { |
2727 |
+ dev_err(hba->dev, |
2728 |
+ "Invalid memory reference for mmio_base is NULL\n"); |
2729 |
+diff --git a/drivers/spi/spi-meson-spifc.c b/drivers/spi/spi-meson-spifc.c |
2730 |
+index 616566e793c62..28975b6f054fa 100644 |
2731 |
+--- a/drivers/spi/spi-meson-spifc.c |
2732 |
++++ b/drivers/spi/spi-meson-spifc.c |
2733 |
+@@ -357,6 +357,7 @@ static int meson_spifc_probe(struct platform_device *pdev) |
2734 |
+ return 0; |
2735 |
+ out_clk: |
2736 |
+ clk_disable_unprepare(spifc->clk); |
2737 |
++ pm_runtime_disable(spifc->dev); |
2738 |
+ out_err: |
2739 |
+ spi_master_put(master); |
2740 |
+ return ret; |
2741 |
+diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c |
2742 |
+index 9d4e3b0d366f4..fbaf3c407989d 100644 |
2743 |
+--- a/drivers/staging/wlan-ng/hfa384x_usb.c |
2744 |
++++ b/drivers/staging/wlan-ng/hfa384x_usb.c |
2745 |
+@@ -3848,18 +3848,18 @@ static void hfa384x_usb_throttlefn(unsigned long data) |
2746 |
+ |
2747 |
+ spin_lock_irqsave(&hw->ctlxq.lock, flags); |
2748 |
+ |
2749 |
+- /* |
2750 |
+- * We need to check BOTH the RX and the TX throttle controls, |
2751 |
+- * so we use the bitwise OR instead of the logical OR. |
2752 |
+- */ |
2753 |
+ pr_debug("flags=0x%lx\n", hw->usb_flags); |
2754 |
+- if (!hw->wlandev->hwremoved && |
2755 |
+- ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && |
2756 |
+- !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) | |
2757 |
+- (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && |
2758 |
+- !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags)) |
2759 |
+- )) { |
2760 |
+- schedule_work(&hw->usb_work); |
2761 |
++ if (!hw->wlandev->hwremoved) { |
2762 |
++ bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) && |
2763 |
++ !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags); |
2764 |
++ bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) && |
2765 |
++ !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags); |
2766 |
++ /* |
2767 |
++ * We need to check BOTH the RX and the TX throttle controls, |
2768 |
++ * so we use the bitwise OR instead of the logical OR. |
2769 |
++ */ |
2770 |
++ if (rx_throttle | tx_throttle) |
2771 |
++ schedule_work(&hw->usb_work); |
2772 |
+ } |
2773 |
+ |
2774 |
+ spin_unlock_irqrestore(&hw->ctlxq.lock, flags); |
2775 |
+diff --git a/drivers/tty/serial/amba-pl010.c b/drivers/tty/serial/amba-pl010.c |
2776 |
+index 5d41d5b92619a..7f4ba92739663 100644 |
2777 |
+--- a/drivers/tty/serial/amba-pl010.c |
2778 |
++++ b/drivers/tty/serial/amba-pl010.c |
2779 |
+@@ -465,14 +465,11 @@ pl010_set_termios(struct uart_port *port, struct ktermios *termios, |
2780 |
+ if ((termios->c_cflag & CREAD) == 0) |
2781 |
+ uap->port.ignore_status_mask |= UART_DUMMY_RSR_RX; |
2782 |
+ |
2783 |
+- /* first, disable everything */ |
2784 |
+ old_cr = readb(uap->port.membase + UART010_CR) & ~UART010_CR_MSIE; |
2785 |
+ |
2786 |
+ if (UART_ENABLE_MS(port, termios->c_cflag)) |
2787 |
+ old_cr |= UART010_CR_MSIE; |
2788 |
+ |
2789 |
+- writel(0, uap->port.membase + UART010_CR); |
2790 |
+- |
2791 |
+ /* Set baud rate */ |
2792 |
+ quot -= 1; |
2793 |
+ writel((quot & 0xf00) >> 8, uap->port.membase + UART010_LCRM); |
2794 |
+diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c |
2795 |
+index e91bdd7d4c054..ad1d665e9962f 100644 |
2796 |
+--- a/drivers/tty/serial/amba-pl011.c |
2797 |
++++ b/drivers/tty/serial/amba-pl011.c |
2798 |
+@@ -2090,32 +2090,13 @@ static const char *pl011_type(struct uart_port *port) |
2799 |
+ return uap->port.type == PORT_AMBA ? uap->type : NULL; |
2800 |
+ } |
2801 |
+ |
2802 |
+-/* |
2803 |
+- * Release the memory region(s) being used by 'port' |
2804 |
+- */ |
2805 |
+-static void pl011_release_port(struct uart_port *port) |
2806 |
+-{ |
2807 |
+- release_mem_region(port->mapbase, SZ_4K); |
2808 |
+-} |
2809 |
+- |
2810 |
+-/* |
2811 |
+- * Request the memory region(s) being used by 'port' |
2812 |
+- */ |
2813 |
+-static int pl011_request_port(struct uart_port *port) |
2814 |
+-{ |
2815 |
+- return request_mem_region(port->mapbase, SZ_4K, "uart-pl011") |
2816 |
+- != NULL ? 0 : -EBUSY; |
2817 |
+-} |
2818 |
+- |
2819 |
+ /* |
2820 |
+ * Configure/autoconfigure the port. |
2821 |
+ */ |
2822 |
+ static void pl011_config_port(struct uart_port *port, int flags) |
2823 |
+ { |
2824 |
+- if (flags & UART_CONFIG_TYPE) { |
2825 |
++ if (flags & UART_CONFIG_TYPE) |
2826 |
+ port->type = PORT_AMBA; |
2827 |
+- pl011_request_port(port); |
2828 |
+- } |
2829 |
+ } |
2830 |
+ |
2831 |
+ /* |
2832 |
+@@ -2130,6 +2111,8 @@ static int pl011_verify_port(struct uart_port *port, struct serial_struct *ser) |
2833 |
+ ret = -EINVAL; |
2834 |
+ if (ser->baud_base < 9600) |
2835 |
+ ret = -EINVAL; |
2836 |
++ if (port->mapbase != (unsigned long) ser->iomem_base) |
2837 |
++ ret = -EINVAL; |
2838 |
+ return ret; |
2839 |
+ } |
2840 |
+ |
2841 |
+@@ -2147,8 +2130,6 @@ static struct uart_ops amba_pl011_pops = { |
2842 |
+ .flush_buffer = pl011_dma_flush_buffer, |
2843 |
+ .set_termios = pl011_set_termios, |
2844 |
+ .type = pl011_type, |
2845 |
+- .release_port = pl011_release_port, |
2846 |
+- .request_port = pl011_request_port, |
2847 |
+ .config_port = pl011_config_port, |
2848 |
+ .verify_port = pl011_verify_port, |
2849 |
+ #ifdef CONFIG_CONSOLE_POLL |
2850 |
+@@ -2178,8 +2159,6 @@ static const struct uart_ops sbsa_uart_pops = { |
2851 |
+ .shutdown = sbsa_uart_shutdown, |
2852 |
+ .set_termios = sbsa_uart_set_termios, |
2853 |
+ .type = pl011_type, |
2854 |
+- .release_port = pl011_release_port, |
2855 |
+- .request_port = pl011_request_port, |
2856 |
+ .config_port = pl011_config_port, |
2857 |
+ .verify_port = pl011_verify_port, |
2858 |
+ #ifdef CONFIG_CONSOLE_POLL |
2859 |
+diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c |
2860 |
+index 4a7eb85f7c857..5dd04a1145b40 100644 |
2861 |
+--- a/drivers/tty/serial/atmel_serial.c |
2862 |
++++ b/drivers/tty/serial/atmel_serial.c |
2863 |
+@@ -928,6 +928,13 @@ static void atmel_tx_dma(struct uart_port *port) |
2864 |
+ desc->callback = atmel_complete_tx_dma; |
2865 |
+ desc->callback_param = atmel_port; |
2866 |
+ atmel_port->cookie_tx = dmaengine_submit(desc); |
2867 |
++ if (dma_submit_error(atmel_port->cookie_tx)) { |
2868 |
++ dev_err(port->dev, "dma_submit_error %d\n", |
2869 |
++ atmel_port->cookie_tx); |
2870 |
++ return; |
2871 |
++ } |
2872 |
++ |
2873 |
++ dma_async_issue_pending(chan); |
2874 |
+ } |
2875 |
+ |
2876 |
+ if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS) |
2877 |
+@@ -1186,6 +1193,13 @@ static int atmel_prepare_rx_dma(struct uart_port *port) |
2878 |
+ desc->callback_param = port; |
2879 |
+ atmel_port->desc_rx = desc; |
2880 |
+ atmel_port->cookie_rx = dmaengine_submit(desc); |
2881 |
++ if (dma_submit_error(atmel_port->cookie_rx)) { |
2882 |
++ dev_err(port->dev, "dma_submit_error %d\n", |
2883 |
++ atmel_port->cookie_rx); |
2884 |
++ goto chan_err; |
2885 |
++ } |
2886 |
++ |
2887 |
++ dma_async_issue_pending(atmel_port->chan_rx); |
2888 |
+ |
2889 |
+ return 0; |
2890 |
+ |
2891 |
+diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c |
2892 |
+index e97961dc3622d..ec458add38833 100644 |
2893 |
+--- a/drivers/tty/serial/serial_core.c |
2894 |
++++ b/drivers/tty/serial/serial_core.c |
2895 |
+@@ -2349,7 +2349,8 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state, |
2896 |
+ * We probably don't need a spinlock around this, but |
2897 |
+ */ |
2898 |
+ spin_lock_irqsave(&port->lock, flags); |
2899 |
+- port->ops->set_mctrl(port, port->mctrl & TIOCM_DTR); |
2900 |
++ port->mctrl &= TIOCM_DTR; |
2901 |
++ port->ops->set_mctrl(port, port->mctrl); |
2902 |
+ spin_unlock_irqrestore(&port->lock, flags); |
2903 |
+ |
2904 |
+ /* |
2905 |
+diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c |
2906 |
+index 1dd4c65e9188a..2246731d96b0e 100644 |
2907 |
+--- a/drivers/usb/core/hcd.c |
2908 |
++++ b/drivers/usb/core/hcd.c |
2909 |
+@@ -760,6 +760,7 @@ void usb_hcd_poll_rh_status(struct usb_hcd *hcd) |
2910 |
+ { |
2911 |
+ struct urb *urb; |
2912 |
+ int length; |
2913 |
++ int status; |
2914 |
+ unsigned long flags; |
2915 |
+ char buffer[6]; /* Any root hubs with > 31 ports? */ |
2916 |
+ |
2917 |
+@@ -777,11 +778,17 @@ void usb_hcd_poll_rh_status(struct usb_hcd *hcd) |
2918 |
+ if (urb) { |
2919 |
+ clear_bit(HCD_FLAG_POLL_PENDING, &hcd->flags); |
2920 |
+ hcd->status_urb = NULL; |
2921 |
++ if (urb->transfer_buffer_length >= length) { |
2922 |
++ status = 0; |
2923 |
++ } else { |
2924 |
++ status = -EOVERFLOW; |
2925 |
++ length = urb->transfer_buffer_length; |
2926 |
++ } |
2927 |
+ urb->actual_length = length; |
2928 |
+ memcpy(urb->transfer_buffer, buffer, length); |
2929 |
+ |
2930 |
+ usb_hcd_unlink_urb_from_ep(hcd, urb); |
2931 |
+- usb_hcd_giveback_urb(hcd, urb, 0); |
2932 |
++ usb_hcd_giveback_urb(hcd, urb, status); |
2933 |
+ } else { |
2934 |
+ length = 0; |
2935 |
+ set_bit(HCD_FLAG_POLL_PENDING, &hcd->flags); |
2936 |
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c |
2937 |
+index 0abcf8bbb73fe..33bf5ba438397 100644 |
2938 |
+--- a/drivers/usb/core/hub.c |
2939 |
++++ b/drivers/usb/core/hub.c |
2940 |
+@@ -1070,7 +1070,10 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) |
2941 |
+ } else { |
2942 |
+ hub_power_on(hub, true); |
2943 |
+ } |
2944 |
+- } |
2945 |
++ /* Give some time on remote wakeup to let links to transit to U0 */ |
2946 |
++ } else if (hub_is_superspeed(hub->hdev)) |
2947 |
++ msleep(20); |
2948 |
++ |
2949 |
+ init2: |
2950 |
+ |
2951 |
+ /* |
2952 |
+@@ -1185,7 +1188,7 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) |
2953 |
+ */ |
2954 |
+ if (portchange || (hub_is_superspeed(hub->hdev) && |
2955 |
+ port_resumed)) |
2956 |
+- set_bit(port1, hub->change_bits); |
2957 |
++ set_bit(port1, hub->event_bits); |
2958 |
+ |
2959 |
+ } else if (udev->persist_enabled) { |
2960 |
+ #ifdef CONFIG_PM |
2961 |
+diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c |
2962 |
+index 0336392686935..e4826454de1a7 100644 |
2963 |
+--- a/drivers/usb/gadget/function/f_fs.c |
2964 |
++++ b/drivers/usb/gadget/function/f_fs.c |
2965 |
+@@ -608,7 +608,7 @@ static int ffs_ep0_open(struct inode *inode, struct file *file) |
2966 |
+ file->private_data = ffs; |
2967 |
+ ffs_data_opened(ffs); |
2968 |
+ |
2969 |
+- return 0; |
2970 |
++ return stream_open(inode, file); |
2971 |
+ } |
2972 |
+ |
2973 |
+ static int ffs_ep0_release(struct inode *inode, struct file *file) |
2974 |
+@@ -1071,7 +1071,7 @@ ffs_epfile_open(struct inode *inode, struct file *file) |
2975 |
+ file->private_data = epfile; |
2976 |
+ ffs_data_opened(epfile->ffs); |
2977 |
+ |
2978 |
+- return 0; |
2979 |
++ return stream_open(inode, file); |
2980 |
+ } |
2981 |
+ |
2982 |
+ static int ffs_aio_cancel(struct kiocb *kiocb) |
2983 |
+diff --git a/drivers/usb/misc/ftdi-elan.c b/drivers/usb/misc/ftdi-elan.c |
2984 |
+index 9a82f8308ad7f..0738078fe8b82 100644 |
2985 |
+--- a/drivers/usb/misc/ftdi-elan.c |
2986 |
++++ b/drivers/usb/misc/ftdi-elan.c |
2987 |
+@@ -206,6 +206,7 @@ static void ftdi_elan_delete(struct kref *kref) |
2988 |
+ mutex_unlock(&ftdi_module_lock); |
2989 |
+ kfree(ftdi->bulk_in_buffer); |
2990 |
+ ftdi->bulk_in_buffer = NULL; |
2991 |
++ kfree(ftdi); |
2992 |
+ } |
2993 |
+ |
2994 |
+ static void ftdi_elan_put_kref(struct usb_ftdi *ftdi) |
2995 |
+diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c |
2996 |
+index 5e348d38ec5c9..f4cf54c256fd8 100644 |
2997 |
+--- a/drivers/w1/slaves/w1_ds28e04.c |
2998 |
++++ b/drivers/w1/slaves/w1_ds28e04.c |
2999 |
+@@ -39,7 +39,7 @@ static int w1_strong_pullup = 1; |
3000 |
+ module_param_named(strong_pullup, w1_strong_pullup, int, 0); |
3001 |
+ |
3002 |
+ /* enable/disable CRC checking on DS28E04-100 memory accesses */ |
3003 |
+-static char w1_enable_crccheck = 1; |
3004 |
++static bool w1_enable_crccheck = true; |
3005 |
+ |
3006 |
+ #define W1_EEPROM_SIZE 512 |
3007 |
+ #define W1_PAGE_COUNT 16 |
3008 |
+@@ -346,32 +346,18 @@ static BIN_ATTR_RW(pio, 1); |
3009 |
+ static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr, |
3010 |
+ char *buf) |
3011 |
+ { |
3012 |
+- if (put_user(w1_enable_crccheck + 0x30, buf)) |
3013 |
+- return -EFAULT; |
3014 |
+- |
3015 |
+- return sizeof(w1_enable_crccheck); |
3016 |
++ return sysfs_emit(buf, "%d\n", w1_enable_crccheck); |
3017 |
+ } |
3018 |
+ |
3019 |
+ static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr, |
3020 |
+ const char *buf, size_t count) |
3021 |
+ { |
3022 |
+- char val; |
3023 |
+- |
3024 |
+- if (count != 1 || !buf) |
3025 |
+- return -EINVAL; |
3026 |
++ int err = kstrtobool(buf, &w1_enable_crccheck); |
3027 |
+ |
3028 |
+- if (get_user(val, buf)) |
3029 |
+- return -EFAULT; |
3030 |
++ if (err) |
3031 |
++ return err; |
3032 |
+ |
3033 |
+- /* convert to decimal */ |
3034 |
+- val = val - 0x30; |
3035 |
+- if (val != 0 && val != 1) |
3036 |
+- return -EINVAL; |
3037 |
+- |
3038 |
+- /* set the new value */ |
3039 |
+- w1_enable_crccheck = val; |
3040 |
+- |
3041 |
+- return sizeof(w1_enable_crccheck); |
3042 |
++ return count; |
3043 |
+ } |
3044 |
+ |
3045 |
+ static DEVICE_ATTR_RW(crccheck); |
3046 |
+diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c |
3047 |
+index bb008ac507fe3..16169b35ab6e5 100644 |
3048 |
+--- a/fs/btrfs/backref.c |
3049 |
++++ b/fs/btrfs/backref.c |
3050 |
+@@ -1271,7 +1271,12 @@ again: |
3051 |
+ ret = btrfs_search_slot(trans, fs_info->extent_root, &key, path, 0, 0); |
3052 |
+ if (ret < 0) |
3053 |
+ goto out; |
3054 |
+- BUG_ON(ret == 0); |
3055 |
++ if (ret == 0) { |
3056 |
++ /* This shouldn't happen, indicates a bug or fs corruption. */ |
3057 |
++ ASSERT(ret != 0); |
3058 |
++ ret = -EUCLEAN; |
3059 |
++ goto out; |
3060 |
++ } |
3061 |
+ |
3062 |
+ #ifdef CONFIG_BTRFS_FS_RUN_SANITY_TESTS |
3063 |
+ if (trans && likely(trans->type != __TRANS_DUMMY) && |
3064 |
+@@ -1432,10 +1437,18 @@ again: |
3065 |
+ goto out; |
3066 |
+ if (!ret && extent_item_pos) { |
3067 |
+ /* |
3068 |
+- * we've recorded that parent, so we must extend |
3069 |
+- * its inode list here |
3070 |
++ * We've recorded that parent, so we must extend |
3071 |
++ * its inode list here. |
3072 |
++ * |
3073 |
++ * However if there was corruption we may not |
3074 |
++ * have found an eie, return an error in this |
3075 |
++ * case. |
3076 |
+ */ |
3077 |
+- BUG_ON(!eie); |
3078 |
++ ASSERT(eie); |
3079 |
++ if (!eie) { |
3080 |
++ ret = -EUCLEAN; |
3081 |
++ goto out; |
3082 |
++ } |
3083 |
+ while (eie->next) |
3084 |
+ eie = eie->next; |
3085 |
+ eie->next = ref->inode_list; |
3086 |
+diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c |
3087 |
+index 3a7f401e943c1..ffab7dc881574 100644 |
3088 |
+--- a/fs/dlm/lock.c |
3089 |
++++ b/fs/dlm/lock.c |
3090 |
+@@ -3975,6 +3975,14 @@ static int validate_message(struct dlm_lkb *lkb, struct dlm_message *ms) |
3091 |
+ int from = ms->m_header.h_nodeid; |
3092 |
+ int error = 0; |
3093 |
+ |
3094 |
++ /* currently mixing of user/kernel locks are not supported */ |
3095 |
++ if (ms->m_flags & DLM_IFL_USER && ~lkb->lkb_flags & DLM_IFL_USER) { |
3096 |
++ log_error(lkb->lkb_resource->res_ls, |
3097 |
++ "got user dlm message for a kernel lock"); |
3098 |
++ error = -EINVAL; |
3099 |
++ goto out; |
3100 |
++ } |
3101 |
++ |
3102 |
+ switch (ms->m_type) { |
3103 |
+ case DLM_MSG_CONVERT: |
3104 |
+ case DLM_MSG_UNLOCK: |
3105 |
+@@ -4003,6 +4011,7 @@ static int validate_message(struct dlm_lkb *lkb, struct dlm_message *ms) |
3106 |
+ error = -EINVAL; |
3107 |
+ } |
3108 |
+ |
3109 |
++out: |
3110 |
+ if (error) |
3111 |
+ log_error(lkb->lkb_resource->res_ls, |
3112 |
+ "ignore invalid message %d from %d %x %x %x %d", |
3113 |
+diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c |
3114 |
+index 75fff707beb6a..e7384a6e6a083 100644 |
3115 |
+--- a/fs/ext4/ioctl.c |
3116 |
++++ b/fs/ext4/ioctl.c |
3117 |
+@@ -760,8 +760,6 @@ resizefs_out: |
3118 |
+ sizeof(range))) |
3119 |
+ return -EFAULT; |
3120 |
+ |
3121 |
+- range.minlen = max((unsigned int)range.minlen, |
3122 |
+- q->limits.discard_granularity); |
3123 |
+ ret = ext4_trim_fs(sb, &range); |
3124 |
+ if (ret < 0) |
3125 |
+ return ret; |
3126 |
+diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
3127 |
+index 807331da9dfc1..2a7fb2cf19b81 100644 |
3128 |
+--- a/fs/ext4/mballoc.c |
3129 |
++++ b/fs/ext4/mballoc.c |
3130 |
+@@ -5224,6 +5224,7 @@ out: |
3131 |
+ */ |
3132 |
+ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) |
3133 |
+ { |
3134 |
++ struct request_queue *q = bdev_get_queue(sb->s_bdev); |
3135 |
+ struct ext4_group_info *grp; |
3136 |
+ ext4_group_t group, first_group, last_group; |
3137 |
+ ext4_grpblk_t cnt = 0, first_cluster, last_cluster; |
3138 |
+@@ -5242,6 +5243,13 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) |
3139 |
+ start >= max_blks || |
3140 |
+ range->len < sb->s_blocksize) |
3141 |
+ return -EINVAL; |
3142 |
++ /* No point to try to trim less than discard granularity */ |
3143 |
++ if (range->minlen < q->limits.discard_granularity) { |
3144 |
++ minlen = EXT4_NUM_B2C(EXT4_SB(sb), |
3145 |
++ q->limits.discard_granularity >> sb->s_blocksize_bits); |
3146 |
++ if (minlen > EXT4_CLUSTERS_PER_GROUP(sb)) |
3147 |
++ goto out; |
3148 |
++ } |
3149 |
+ if (end >= max_blks) |
3150 |
+ end = max_blks - 1; |
3151 |
+ if (end <= first_data_blk) |
3152 |
+diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c |
3153 |
+index bce2d696d6b9c..6967ab3306e7d 100644 |
3154 |
+--- a/fs/ext4/migrate.c |
3155 |
++++ b/fs/ext4/migrate.c |
3156 |
+@@ -462,12 +462,12 @@ int ext4_ext_migrate(struct inode *inode) |
3157 |
+ percpu_down_write(&sbi->s_writepages_rwsem); |
3158 |
+ |
3159 |
+ /* |
3160 |
+- * Worst case we can touch the allocation bitmaps, a bgd |
3161 |
+- * block, and a block to link in the orphan list. We do need |
3162 |
+- * need to worry about credits for modifying the quota inode. |
3163 |
++ * Worst case we can touch the allocation bitmaps and a block |
3164 |
++ * group descriptor block. We do need need to worry about |
3165 |
++ * credits for modifying the quota inode. |
3166 |
+ */ |
3167 |
+ handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, |
3168 |
+- 4 + EXT4_MAXQUOTAS_TRANS_BLOCKS(inode->i_sb)); |
3169 |
++ 3 + EXT4_MAXQUOTAS_TRANS_BLOCKS(inode->i_sb)); |
3170 |
+ |
3171 |
+ if (IS_ERR(handle)) { |
3172 |
+ retval = PTR_ERR(handle); |
3173 |
+@@ -484,6 +484,13 @@ int ext4_ext_migrate(struct inode *inode) |
3174 |
+ ext4_journal_stop(handle); |
3175 |
+ goto out_unlock; |
3176 |
+ } |
3177 |
++ /* |
3178 |
++ * Use the correct seed for checksum (i.e. the seed from 'inode'). This |
3179 |
++ * is so that the metadata blocks will have the correct checksum after |
3180 |
++ * the migration. |
3181 |
++ */ |
3182 |
++ ei = EXT4_I(inode); |
3183 |
++ EXT4_I(tmp_inode)->i_csum_seed = ei->i_csum_seed; |
3184 |
+ i_size_write(tmp_inode, i_size_read(inode)); |
3185 |
+ /* |
3186 |
+ * Set the i_nlink to zero so it will be deleted later |
3187 |
+@@ -492,7 +499,6 @@ int ext4_ext_migrate(struct inode *inode) |
3188 |
+ clear_nlink(tmp_inode); |
3189 |
+ |
3190 |
+ ext4_ext_tree_init(handle, tmp_inode); |
3191 |
+- ext4_orphan_add(handle, tmp_inode); |
3192 |
+ ext4_journal_stop(handle); |
3193 |
+ |
3194 |
+ /* |
3195 |
+@@ -517,17 +523,10 @@ int ext4_ext_migrate(struct inode *inode) |
3196 |
+ |
3197 |
+ handle = ext4_journal_start(inode, EXT4_HT_MIGRATE, 1); |
3198 |
+ if (IS_ERR(handle)) { |
3199 |
+- /* |
3200 |
+- * It is impossible to update on-disk structures without |
3201 |
+- * a handle, so just rollback in-core changes and live other |
3202 |
+- * work to orphan_list_cleanup() |
3203 |
+- */ |
3204 |
+- ext4_orphan_del(NULL, tmp_inode); |
3205 |
+ retval = PTR_ERR(handle); |
3206 |
+ goto out_tmp_inode; |
3207 |
+ } |
3208 |
+ |
3209 |
+- ei = EXT4_I(inode); |
3210 |
+ i_data = ei->i_data; |
3211 |
+ memset(&lb, 0, sizeof(lb)); |
3212 |
+ |
3213 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
3214 |
+index ca89590d1df57..e17a6396bde6c 100644 |
3215 |
+--- a/fs/ext4/super.c |
3216 |
++++ b/fs/ext4/super.c |
3217 |
+@@ -5602,7 +5602,7 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type, |
3218 |
+ struct buffer_head *bh; |
3219 |
+ handle_t *handle = journal_current_handle(); |
3220 |
+ |
3221 |
+- if (EXT4_SB(sb)->s_journal && !handle) { |
3222 |
++ if (!handle) { |
3223 |
+ ext4_msg(sb, KERN_WARNING, "Quota write (off=%llu, len=%llu)" |
3224 |
+ " cancelled because transaction is not started", |
3225 |
+ (unsigned long long)off, (unsigned long long)len); |
3226 |
+diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c |
3227 |
+index ec85765502f1f..990529da5354d 100644 |
3228 |
+--- a/fs/fuse/acl.c |
3229 |
++++ b/fs/fuse/acl.c |
3230 |
+@@ -19,6 +19,9 @@ struct posix_acl *fuse_get_acl(struct inode *inode, int type) |
3231 |
+ void *value = NULL; |
3232 |
+ struct posix_acl *acl; |
3233 |
+ |
3234 |
++ if (fuse_is_bad(inode)) |
3235 |
++ return ERR_PTR(-EIO); |
3236 |
++ |
3237 |
+ if (!fc->posix_acl || fc->no_getxattr) |
3238 |
+ return NULL; |
3239 |
+ |
3240 |
+@@ -53,6 +56,9 @@ int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type) |
3241 |
+ const char *name; |
3242 |
+ int ret; |
3243 |
+ |
3244 |
++ if (fuse_is_bad(inode)) |
3245 |
++ return -EIO; |
3246 |
++ |
3247 |
+ if (!fc->posix_acl || fc->no_setxattr) |
3248 |
+ return -EOPNOTSUPP; |
3249 |
+ |
3250 |
+diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
3251 |
+index b41cc537eb311..c40bdfab0a859 100644 |
3252 |
+--- a/fs/fuse/dir.c |
3253 |
++++ b/fs/fuse/dir.c |
3254 |
+@@ -187,7 +187,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags) |
3255 |
+ int ret; |
3256 |
+ |
3257 |
+ inode = d_inode_rcu(entry); |
3258 |
+- if (inode && is_bad_inode(inode)) |
3259 |
++ if (inode && fuse_is_bad(inode)) |
3260 |
+ goto invalid; |
3261 |
+ else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || |
3262 |
+ (flags & LOOKUP_REVAL)) { |
3263 |
+@@ -364,6 +364,9 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry, |
3264 |
+ bool outarg_valid = true; |
3265 |
+ bool locked; |
3266 |
+ |
3267 |
++ if (fuse_is_bad(dir)) |
3268 |
++ return ERR_PTR(-EIO); |
3269 |
++ |
3270 |
+ locked = fuse_lock_inode(dir); |
3271 |
+ err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name, |
3272 |
+ &outarg, &inode); |
3273 |
+@@ -504,6 +507,9 @@ static int fuse_atomic_open(struct inode *dir, struct dentry *entry, |
3274 |
+ struct fuse_conn *fc = get_fuse_conn(dir); |
3275 |
+ struct dentry *res = NULL; |
3276 |
+ |
3277 |
++ if (fuse_is_bad(dir)) |
3278 |
++ return -EIO; |
3279 |
++ |
3280 |
+ if (d_in_lookup(entry)) { |
3281 |
+ res = fuse_lookup(dir, entry, 0); |
3282 |
+ if (IS_ERR(res)) |
3283 |
+@@ -551,6 +557,9 @@ static int create_new_entry(struct fuse_conn *fc, struct fuse_args *args, |
3284 |
+ int err; |
3285 |
+ struct fuse_forget_link *forget; |
3286 |
+ |
3287 |
++ if (fuse_is_bad(dir)) |
3288 |
++ return -EIO; |
3289 |
++ |
3290 |
+ forget = fuse_alloc_forget(); |
3291 |
+ if (!forget) |
3292 |
+ return -ENOMEM; |
3293 |
+@@ -672,6 +681,9 @@ static int fuse_unlink(struct inode *dir, struct dentry *entry) |
3294 |
+ struct fuse_conn *fc = get_fuse_conn(dir); |
3295 |
+ FUSE_ARGS(args); |
3296 |
+ |
3297 |
++ if (fuse_is_bad(dir)) |
3298 |
++ return -EIO; |
3299 |
++ |
3300 |
+ args.in.h.opcode = FUSE_UNLINK; |
3301 |
+ args.in.h.nodeid = get_node_id(dir); |
3302 |
+ args.in.numargs = 1; |
3303 |
+@@ -708,6 +720,9 @@ static int fuse_rmdir(struct inode *dir, struct dentry *entry) |
3304 |
+ struct fuse_conn *fc = get_fuse_conn(dir); |
3305 |
+ FUSE_ARGS(args); |
3306 |
+ |
3307 |
++ if (fuse_is_bad(dir)) |
3308 |
++ return -EIO; |
3309 |
++ |
3310 |
+ args.in.h.opcode = FUSE_RMDIR; |
3311 |
+ args.in.h.nodeid = get_node_id(dir); |
3312 |
+ args.in.numargs = 1; |
3313 |
+@@ -786,6 +801,9 @@ static int fuse_rename2(struct inode *olddir, struct dentry *oldent, |
3314 |
+ struct fuse_conn *fc = get_fuse_conn(olddir); |
3315 |
+ int err; |
3316 |
+ |
3317 |
++ if (fuse_is_bad(olddir)) |
3318 |
++ return -EIO; |
3319 |
++ |
3320 |
+ if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE)) |
3321 |
+ return -EINVAL; |
3322 |
+ |
3323 |
+@@ -921,7 +939,7 @@ static int fuse_do_getattr(struct inode *inode, struct kstat *stat, |
3324 |
+ if (!err) { |
3325 |
+ if (fuse_invalid_attr(&outarg.attr) || |
3326 |
+ (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { |
3327 |
+- make_bad_inode(inode); |
3328 |
++ fuse_make_bad(inode); |
3329 |
+ err = -EIO; |
3330 |
+ } else { |
3331 |
+ fuse_change_attributes(inode, &outarg.attr, |
3332 |
+@@ -1114,6 +1132,9 @@ static int fuse_permission(struct inode *inode, int mask) |
3333 |
+ bool refreshed = false; |
3334 |
+ int err = 0; |
3335 |
+ |
3336 |
++ if (fuse_is_bad(inode)) |
3337 |
++ return -EIO; |
3338 |
++ |
3339 |
+ if (!fuse_allow_current_process(fc)) |
3340 |
+ return -EACCES; |
3341 |
+ |
3342 |
+@@ -1251,7 +1272,7 @@ retry: |
3343 |
+ dput(dentry); |
3344 |
+ goto retry; |
3345 |
+ } |
3346 |
+- if (is_bad_inode(inode)) { |
3347 |
++ if (fuse_is_bad(inode)) { |
3348 |
+ dput(dentry); |
3349 |
+ return -EIO; |
3350 |
+ } |
3351 |
+@@ -1349,7 +1370,7 @@ static int fuse_readdir(struct file *file, struct dir_context *ctx) |
3352 |
+ u64 attr_version = 0; |
3353 |
+ bool locked; |
3354 |
+ |
3355 |
+- if (is_bad_inode(inode)) |
3356 |
++ if (fuse_is_bad(inode)) |
3357 |
+ return -EIO; |
3358 |
+ |
3359 |
+ req = fuse_get_req(fc, 1); |
3360 |
+@@ -1409,6 +1430,9 @@ static const char *fuse_get_link(struct dentry *dentry, |
3361 |
+ if (!dentry) |
3362 |
+ return ERR_PTR(-ECHILD); |
3363 |
+ |
3364 |
++ if (fuse_is_bad(inode)) |
3365 |
++ return ERR_PTR(-EIO); |
3366 |
++ |
3367 |
+ link = kmalloc(PAGE_SIZE, GFP_KERNEL); |
3368 |
+ if (!link) |
3369 |
+ return ERR_PTR(-ENOMEM); |
3370 |
+@@ -1707,7 +1731,7 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, |
3371 |
+ |
3372 |
+ if (fuse_invalid_attr(&outarg.attr) || |
3373 |
+ (inode->i_mode ^ outarg.attr.mode) & S_IFMT) { |
3374 |
+- make_bad_inode(inode); |
3375 |
++ fuse_make_bad(inode); |
3376 |
+ err = -EIO; |
3377 |
+ goto error; |
3378 |
+ } |
3379 |
+@@ -1763,6 +1787,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) |
3380 |
+ struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; |
3381 |
+ int ret; |
3382 |
+ |
3383 |
++ if (fuse_is_bad(inode)) |
3384 |
++ return -EIO; |
3385 |
++ |
3386 |
+ if (!fuse_allow_current_process(get_fuse_conn(inode))) |
3387 |
+ return -EACCES; |
3388 |
+ |
3389 |
+@@ -1821,6 +1848,9 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, |
3390 |
+ struct inode *inode = d_inode(entry); |
3391 |
+ struct fuse_conn *fc = get_fuse_conn(inode); |
3392 |
+ |
3393 |
++ if (fuse_is_bad(inode)) |
3394 |
++ return -EIO; |
3395 |
++ |
3396 |
+ if (!fuse_allow_current_process(fc)) |
3397 |
+ return -EACCES; |
3398 |
+ |
3399 |
+diff --git a/fs/fuse/file.c b/fs/fuse/file.c |
3400 |
+index cea2317e01380..8aef8e56eb1b6 100644 |
3401 |
+--- a/fs/fuse/file.c |
3402 |
++++ b/fs/fuse/file.c |
3403 |
+@@ -206,6 +206,9 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir) |
3404 |
+ fc->atomic_o_trunc && |
3405 |
+ fc->writeback_cache; |
3406 |
+ |
3407 |
++ if (fuse_is_bad(inode)) |
3408 |
++ return -EIO; |
3409 |
++ |
3410 |
+ err = generic_file_open(inode, file); |
3411 |
+ if (err) |
3412 |
+ return err; |
3413 |
+@@ -411,7 +414,7 @@ static int fuse_flush(struct file *file, fl_owner_t id) |
3414 |
+ struct fuse_flush_in inarg; |
3415 |
+ int err; |
3416 |
+ |
3417 |
+- if (is_bad_inode(inode)) |
3418 |
++ if (fuse_is_bad(inode)) |
3419 |
+ return -EIO; |
3420 |
+ |
3421 |
+ if (fc->no_flush) |
3422 |
+@@ -459,7 +462,7 @@ int fuse_fsync_common(struct file *file, loff_t start, loff_t end, |
3423 |
+ struct fuse_fsync_in inarg; |
3424 |
+ int err; |
3425 |
+ |
3426 |
+- if (is_bad_inode(inode)) |
3427 |
++ if (fuse_is_bad(inode)) |
3428 |
+ return -EIO; |
3429 |
+ |
3430 |
+ inode_lock(inode); |
3431 |
+@@ -771,7 +774,7 @@ static int fuse_readpage(struct file *file, struct page *page) |
3432 |
+ int err; |
3433 |
+ |
3434 |
+ err = -EIO; |
3435 |
+- if (is_bad_inode(inode)) |
3436 |
++ if (fuse_is_bad(inode)) |
3437 |
+ goto out; |
3438 |
+ |
3439 |
+ err = fuse_do_readpage(file, page); |
3440 |
+@@ -898,7 +901,7 @@ static int fuse_readpages(struct file *file, struct address_space *mapping, |
3441 |
+ int nr_alloc = min_t(unsigned, nr_pages, FUSE_MAX_PAGES_PER_REQ); |
3442 |
+ |
3443 |
+ err = -EIO; |
3444 |
+- if (is_bad_inode(inode)) |
3445 |
++ if (fuse_is_bad(inode)) |
3446 |
+ goto out; |
3447 |
+ |
3448 |
+ data.file = file; |
3449 |
+@@ -928,6 +931,9 @@ static ssize_t fuse_file_read_iter(struct kiocb *iocb, struct iov_iter *to) |
3450 |
+ struct inode *inode = iocb->ki_filp->f_mapping->host; |
3451 |
+ struct fuse_conn *fc = get_fuse_conn(inode); |
3452 |
+ |
3453 |
++ if (fuse_is_bad(inode)) |
3454 |
++ return -EIO; |
3455 |
++ |
3456 |
+ /* |
3457 |
+ * In auto invalidate mode, always update attributes on read. |
3458 |
+ * Otherwise, only update if we attempt to read past EOF (to ensure |
3459 |
+@@ -1123,7 +1129,7 @@ static ssize_t fuse_perform_write(struct file *file, |
3460 |
+ int err = 0; |
3461 |
+ ssize_t res = 0; |
3462 |
+ |
3463 |
+- if (is_bad_inode(inode)) |
3464 |
++ if (fuse_is_bad(inode)) |
3465 |
+ return -EIO; |
3466 |
+ |
3467 |
+ if (inode->i_size < pos + iov_iter_count(ii)) |
3468 |
+@@ -1180,6 +1186,9 @@ static ssize_t fuse_file_write_iter(struct kiocb *iocb, struct iov_iter *from) |
3469 |
+ ssize_t err; |
3470 |
+ loff_t endbyte = 0; |
3471 |
+ |
3472 |
++ if (fuse_is_bad(inode)) |
3473 |
++ return -EIO; |
3474 |
++ |
3475 |
+ if (get_fuse_conn(inode)->writeback_cache) { |
3476 |
+ /* Update size (EOF optimization) and mode (SUID clearing) */ |
3477 |
+ err = fuse_update_attributes(mapping->host, NULL, file, NULL); |
3478 |
+@@ -1415,7 +1424,7 @@ static ssize_t __fuse_direct_read(struct fuse_io_priv *io, |
3479 |
+ struct file *file = io->file; |
3480 |
+ struct inode *inode = file_inode(file); |
3481 |
+ |
3482 |
+- if (is_bad_inode(inode)) |
3483 |
++ if (fuse_is_bad(inode)) |
3484 |
+ return -EIO; |
3485 |
+ |
3486 |
+ res = fuse_direct_io(io, iter, ppos, 0); |
3487 |
+@@ -1438,7 +1447,7 @@ static ssize_t fuse_direct_write_iter(struct kiocb *iocb, struct iov_iter *from) |
3488 |
+ struct fuse_io_priv io = FUSE_IO_PRIV_SYNC(file); |
3489 |
+ ssize_t res; |
3490 |
+ |
3491 |
+- if (is_bad_inode(inode)) |
3492 |
++ if (fuse_is_bad(inode)) |
3493 |
+ return -EIO; |
3494 |
+ |
3495 |
+ /* Don't allow parallel writes to the same file */ |
3496 |
+@@ -1911,7 +1920,7 @@ static int fuse_writepages(struct address_space *mapping, |
3497 |
+ int err; |
3498 |
+ |
3499 |
+ err = -EIO; |
3500 |
+- if (is_bad_inode(inode)) |
3501 |
++ if (fuse_is_bad(inode)) |
3502 |
+ goto out; |
3503 |
+ |
3504 |
+ data.inode = inode; |
3505 |
+@@ -2687,7 +2696,7 @@ long fuse_ioctl_common(struct file *file, unsigned int cmd, |
3506 |
+ if (!fuse_allow_current_process(fc)) |
3507 |
+ return -EACCES; |
3508 |
+ |
3509 |
+- if (is_bad_inode(inode)) |
3510 |
++ if (fuse_is_bad(inode)) |
3511 |
+ return -EIO; |
3512 |
+ |
3513 |
+ return fuse_do_ioctl(file, cmd, arg, flags); |
3514 |
+diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h |
3515 |
+index f84dd6d87d90f..7e4b0e298bc73 100644 |
3516 |
+--- a/fs/fuse/fuse_i.h |
3517 |
++++ b/fs/fuse/fuse_i.h |
3518 |
+@@ -115,6 +115,8 @@ enum { |
3519 |
+ FUSE_I_INIT_RDPLUS, |
3520 |
+ /** An operation changing file size is in progress */ |
3521 |
+ FUSE_I_SIZE_UNSTABLE, |
3522 |
++ /* Bad inode */ |
3523 |
++ FUSE_I_BAD, |
3524 |
+ }; |
3525 |
+ |
3526 |
+ struct fuse_conn; |
3527 |
+@@ -688,6 +690,17 @@ static inline u64 get_node_id(struct inode *inode) |
3528 |
+ return get_fuse_inode(inode)->nodeid; |
3529 |
+ } |
3530 |
+ |
3531 |
++static inline void fuse_make_bad(struct inode *inode) |
3532 |
++{ |
3533 |
++ remove_inode_hash(inode); |
3534 |
++ set_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state); |
3535 |
++} |
3536 |
++ |
3537 |
++static inline bool fuse_is_bad(struct inode *inode) |
3538 |
++{ |
3539 |
++ return unlikely(test_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state)); |
3540 |
++} |
3541 |
++ |
3542 |
+ /** Device operations */ |
3543 |
+ extern const struct file_operations fuse_dev_operations; |
3544 |
+ |
3545 |
+diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
3546 |
+index 7a9b1069d267b..77b8f0f264078 100644 |
3547 |
+--- a/fs/fuse/inode.c |
3548 |
++++ b/fs/fuse/inode.c |
3549 |
+@@ -316,7 +316,7 @@ struct inode *fuse_iget(struct super_block *sb, u64 nodeid, |
3550 |
+ unlock_new_inode(inode); |
3551 |
+ } else if ((inode->i_mode ^ attr->mode) & S_IFMT) { |
3552 |
+ /* Inode has changed type, any I/O on the old should fail */ |
3553 |
+- make_bad_inode(inode); |
3554 |
++ fuse_make_bad(inode); |
3555 |
+ iput(inode); |
3556 |
+ goto retry; |
3557 |
+ } |
3558 |
+diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c |
3559 |
+index 3caac46b08b0e..134bbc432ae60 100644 |
3560 |
+--- a/fs/fuse/xattr.c |
3561 |
++++ b/fs/fuse/xattr.c |
3562 |
+@@ -113,6 +113,9 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) |
3563 |
+ struct fuse_getxattr_out outarg; |
3564 |
+ ssize_t ret; |
3565 |
+ |
3566 |
++ if (fuse_is_bad(inode)) |
3567 |
++ return -EIO; |
3568 |
++ |
3569 |
+ if (!fuse_allow_current_process(fc)) |
3570 |
+ return -EACCES; |
3571 |
+ |
3572 |
+@@ -178,6 +181,9 @@ static int fuse_xattr_get(const struct xattr_handler *handler, |
3573 |
+ struct dentry *dentry, struct inode *inode, |
3574 |
+ const char *name, void *value, size_t size) |
3575 |
+ { |
3576 |
++ if (fuse_is_bad(inode)) |
3577 |
++ return -EIO; |
3578 |
++ |
3579 |
+ return fuse_getxattr(inode, name, value, size); |
3580 |
+ } |
3581 |
+ |
3582 |
+@@ -186,6 +192,9 @@ static int fuse_xattr_set(const struct xattr_handler *handler, |
3583 |
+ const char *name, const void *value, size_t size, |
3584 |
+ int flags) |
3585 |
+ { |
3586 |
++ if (fuse_is_bad(inode)) |
3587 |
++ return -EIO; |
3588 |
++ |
3589 |
+ if (!value) |
3590 |
+ return fuse_removexattr(inode, name); |
3591 |
+ |
3592 |
+diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c |
3593 |
+index c12476e309c67..eb4e4d784d26e 100644 |
3594 |
+--- a/fs/jffs2/file.c |
3595 |
++++ b/fs/jffs2/file.c |
3596 |
+@@ -135,20 +135,15 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, |
3597 |
+ struct page *pg; |
3598 |
+ struct inode *inode = mapping->host; |
3599 |
+ struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); |
3600 |
++ struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); |
3601 |
+ pgoff_t index = pos >> PAGE_SHIFT; |
3602 |
+ uint32_t pageofs = index << PAGE_SHIFT; |
3603 |
+ int ret = 0; |
3604 |
+ |
3605 |
+- pg = grab_cache_page_write_begin(mapping, index, flags); |
3606 |
+- if (!pg) |
3607 |
+- return -ENOMEM; |
3608 |
+- *pagep = pg; |
3609 |
+- |
3610 |
+ jffs2_dbg(1, "%s()\n", __func__); |
3611 |
+ |
3612 |
+ if (pageofs > inode->i_size) { |
3613 |
+ /* Make new hole frag from old EOF to new page */ |
3614 |
+- struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); |
3615 |
+ struct jffs2_raw_inode ri; |
3616 |
+ struct jffs2_full_dnode *fn; |
3617 |
+ uint32_t alloc_len; |
3618 |
+@@ -159,7 +154,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, |
3619 |
+ ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len, |
3620 |
+ ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); |
3621 |
+ if (ret) |
3622 |
+- goto out_page; |
3623 |
++ goto out_err; |
3624 |
+ |
3625 |
+ mutex_lock(&f->sem); |
3626 |
+ memset(&ri, 0, sizeof(ri)); |
3627 |
+@@ -189,7 +184,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, |
3628 |
+ ret = PTR_ERR(fn); |
3629 |
+ jffs2_complete_reservation(c); |
3630 |
+ mutex_unlock(&f->sem); |
3631 |
+- goto out_page; |
3632 |
++ goto out_err; |
3633 |
+ } |
3634 |
+ ret = jffs2_add_full_dnode_to_inode(c, f, fn); |
3635 |
+ if (f->metadata) { |
3636 |
+@@ -204,13 +199,26 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, |
3637 |
+ jffs2_free_full_dnode(fn); |
3638 |
+ jffs2_complete_reservation(c); |
3639 |
+ mutex_unlock(&f->sem); |
3640 |
+- goto out_page; |
3641 |
++ goto out_err; |
3642 |
+ } |
3643 |
+ jffs2_complete_reservation(c); |
3644 |
+ inode->i_size = pageofs; |
3645 |
+ mutex_unlock(&f->sem); |
3646 |
+ } |
3647 |
+ |
3648 |
++ /* |
3649 |
++ * While getting a page and reading data in, lock c->alloc_sem until |
3650 |
++ * the page is Uptodate. Otherwise GC task may attempt to read the same |
3651 |
++ * page in read_cache_page(), which causes a deadlock. |
3652 |
++ */ |
3653 |
++ mutex_lock(&c->alloc_sem); |
3654 |
++ pg = grab_cache_page_write_begin(mapping, index, flags); |
3655 |
++ if (!pg) { |
3656 |
++ ret = -ENOMEM; |
3657 |
++ goto release_sem; |
3658 |
++ } |
3659 |
++ *pagep = pg; |
3660 |
++ |
3661 |
+ /* |
3662 |
+ * Read in the page if it wasn't already present. Cannot optimize away |
3663 |
+ * the whole page write case until jffs2_write_end can handle the |
3664 |
+@@ -220,15 +228,17 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping, |
3665 |
+ mutex_lock(&f->sem); |
3666 |
+ ret = jffs2_do_readpage_nolock(inode, pg); |
3667 |
+ mutex_unlock(&f->sem); |
3668 |
+- if (ret) |
3669 |
+- goto out_page; |
3670 |
++ if (ret) { |
3671 |
++ unlock_page(pg); |
3672 |
++ put_page(pg); |
3673 |
++ goto release_sem; |
3674 |
++ } |
3675 |
+ } |
3676 |
+ jffs2_dbg(1, "end write_begin(). pg->flags %lx\n", pg->flags); |
3677 |
+- return ret; |
3678 |
+ |
3679 |
+-out_page: |
3680 |
+- unlock_page(pg); |
3681 |
+- put_page(pg); |
3682 |
++release_sem: |
3683 |
++ mutex_unlock(&c->alloc_sem); |
3684 |
++out_err: |
3685 |
+ return ret; |
3686 |
+ } |
3687 |
+ |
3688 |
+diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c |
3689 |
+index 727a9e3fa806f..ce58e857ae3bc 100644 |
3690 |
+--- a/fs/ubifs/super.c |
3691 |
++++ b/fs/ubifs/super.c |
3692 |
+@@ -1695,7 +1695,6 @@ out: |
3693 |
+ kthread_stop(c->bgt); |
3694 |
+ c->bgt = NULL; |
3695 |
+ } |
3696 |
+- free_wbufs(c); |
3697 |
+ kfree(c->write_reserve_buf); |
3698 |
+ c->write_reserve_buf = NULL; |
3699 |
+ vfree(c->ileb_buf); |
3700 |
+diff --git a/include/linux/mm.h b/include/linux/mm.h |
3701 |
+index 7a4c035b187f3..81ee5d0b26424 100644 |
3702 |
+--- a/include/linux/mm.h |
3703 |
++++ b/include/linux/mm.h |
3704 |
+@@ -1269,6 +1269,8 @@ int copy_page_range(struct mm_struct *dst, struct mm_struct *src, |
3705 |
+ struct vm_area_struct *vma); |
3706 |
+ void unmap_mapping_range(struct address_space *mapping, |
3707 |
+ loff_t const holebegin, loff_t const holelen, int even_cows); |
3708 |
++int follow_pte_pmd(struct mm_struct *mm, unsigned long address, |
3709 |
++ pte_t **ptepp, pmd_t **pmdpp, spinlock_t **ptlp); |
3710 |
+ int follow_pfn(struct vm_area_struct *vma, unsigned long address, |
3711 |
+ unsigned long *pfn); |
3712 |
+ int follow_phys(struct vm_area_struct *vma, unsigned long address, |
3713 |
+diff --git a/include/linux/rbtree.h b/include/linux/rbtree.h |
3714 |
+index e585018498d59..d574361943ea8 100644 |
3715 |
+--- a/include/linux/rbtree.h |
3716 |
++++ b/include/linux/rbtree.h |
3717 |
+@@ -44,10 +44,25 @@ struct rb_root { |
3718 |
+ struct rb_node *rb_node; |
3719 |
+ }; |
3720 |
+ |
3721 |
++/* |
3722 |
++ * Leftmost-cached rbtrees. |
3723 |
++ * |
3724 |
++ * We do not cache the rightmost node based on footprint |
3725 |
++ * size vs number of potential users that could benefit |
3726 |
++ * from O(1) rb_last(). Just not worth it, users that want |
3727 |
++ * this feature can always implement the logic explicitly. |
3728 |
++ * Furthermore, users that want to cache both pointers may |
3729 |
++ * find it a bit asymmetric, but that's ok. |
3730 |
++ */ |
3731 |
++struct rb_root_cached { |
3732 |
++ struct rb_root rb_root; |
3733 |
++ struct rb_node *rb_leftmost; |
3734 |
++}; |
3735 |
+ |
3736 |
+ #define rb_parent(r) ((struct rb_node *)((r)->__rb_parent_color & ~3)) |
3737 |
+ |
3738 |
+ #define RB_ROOT (struct rb_root) { NULL, } |
3739 |
++#define RB_ROOT_CACHED (struct rb_root_cached) { {NULL, }, NULL } |
3740 |
+ #define rb_entry(ptr, type, member) container_of(ptr, type, member) |
3741 |
+ |
3742 |
+ #define RB_EMPTY_ROOT(root) (READ_ONCE((root)->rb_node) == NULL) |
3743 |
+@@ -69,6 +84,12 @@ extern struct rb_node *rb_prev(const struct rb_node *); |
3744 |
+ extern struct rb_node *rb_first(const struct rb_root *); |
3745 |
+ extern struct rb_node *rb_last(const struct rb_root *); |
3746 |
+ |
3747 |
++extern void rb_insert_color_cached(struct rb_node *, |
3748 |
++ struct rb_root_cached *, bool); |
3749 |
++extern void rb_erase_cached(struct rb_node *node, struct rb_root_cached *); |
3750 |
++/* Same as rb_first(), but O(1) */ |
3751 |
++#define rb_first_cached(root) (root)->rb_leftmost |
3752 |
++ |
3753 |
+ /* Postorder iteration - always visit the parent after its children */ |
3754 |
+ extern struct rb_node *rb_first_postorder(const struct rb_root *); |
3755 |
+ extern struct rb_node *rb_next_postorder(const struct rb_node *); |
3756 |
+diff --git a/include/linux/rbtree_augmented.h b/include/linux/rbtree_augmented.h |
3757 |
+index d076183e49bec..023d64657e956 100644 |
3758 |
+--- a/include/linux/rbtree_augmented.h |
3759 |
++++ b/include/linux/rbtree_augmented.h |
3760 |
+@@ -41,7 +41,9 @@ struct rb_augment_callbacks { |
3761 |
+ void (*rotate)(struct rb_node *old, struct rb_node *new); |
3762 |
+ }; |
3763 |
+ |
3764 |
+-extern void __rb_insert_augmented(struct rb_node *node, struct rb_root *root, |
3765 |
++extern void __rb_insert_augmented(struct rb_node *node, |
3766 |
++ struct rb_root *root, |
3767 |
++ bool newleft, struct rb_node **leftmost, |
3768 |
+ void (*augment_rotate)(struct rb_node *old, struct rb_node *new)); |
3769 |
+ /* |
3770 |
+ * Fixup the rbtree and update the augmented information when rebalancing. |
3771 |
+@@ -57,7 +59,16 @@ static inline void |
3772 |
+ rb_insert_augmented(struct rb_node *node, struct rb_root *root, |
3773 |
+ const struct rb_augment_callbacks *augment) |
3774 |
+ { |
3775 |
+- __rb_insert_augmented(node, root, augment->rotate); |
3776 |
++ __rb_insert_augmented(node, root, false, NULL, augment->rotate); |
3777 |
++} |
3778 |
++ |
3779 |
++static inline void |
3780 |
++rb_insert_augmented_cached(struct rb_node *node, |
3781 |
++ struct rb_root_cached *root, bool newleft, |
3782 |
++ const struct rb_augment_callbacks *augment) |
3783 |
++{ |
3784 |
++ __rb_insert_augmented(node, &root->rb_root, |
3785 |
++ newleft, &root->rb_leftmost, augment->rotate); |
3786 |
+ } |
3787 |
+ |
3788 |
+ #define RB_DECLARE_CALLBACKS(rbstatic, rbname, rbstruct, rbfield, \ |
3789 |
+@@ -148,6 +159,7 @@ extern void __rb_erase_color(struct rb_node *parent, struct rb_root *root, |
3790 |
+ |
3791 |
+ static __always_inline struct rb_node * |
3792 |
+ __rb_erase_augmented(struct rb_node *node, struct rb_root *root, |
3793 |
++ struct rb_node **leftmost, |
3794 |
+ const struct rb_augment_callbacks *augment) |
3795 |
+ { |
3796 |
+ struct rb_node *child = node->rb_right; |
3797 |
+@@ -155,6 +167,9 @@ __rb_erase_augmented(struct rb_node *node, struct rb_root *root, |
3798 |
+ struct rb_node *parent, *rebalance; |
3799 |
+ unsigned long pc; |
3800 |
+ |
3801 |
++ if (leftmost && node == *leftmost) |
3802 |
++ *leftmost = rb_next(node); |
3803 |
++ |
3804 |
+ if (!tmp) { |
3805 |
+ /* |
3806 |
+ * Case 1: node to erase has no more than 1 child (easy!) |
3807 |
+@@ -254,9 +269,21 @@ static __always_inline void |
3808 |
+ rb_erase_augmented(struct rb_node *node, struct rb_root *root, |
3809 |
+ const struct rb_augment_callbacks *augment) |
3810 |
+ { |
3811 |
+- struct rb_node *rebalance = __rb_erase_augmented(node, root, augment); |
3812 |
++ struct rb_node *rebalance = __rb_erase_augmented(node, root, |
3813 |
++ NULL, augment); |
3814 |
+ if (rebalance) |
3815 |
+ __rb_erase_color(rebalance, root, augment->rotate); |
3816 |
+ } |
3817 |
+ |
3818 |
++static __always_inline void |
3819 |
++rb_erase_augmented_cached(struct rb_node *node, struct rb_root_cached *root, |
3820 |
++ const struct rb_augment_callbacks *augment) |
3821 |
++{ |
3822 |
++ struct rb_node *rebalance = __rb_erase_augmented(node, &root->rb_root, |
3823 |
++ &root->rb_leftmost, |
3824 |
++ augment); |
3825 |
++ if (rebalance) |
3826 |
++ __rb_erase_color(rebalance, &root->rb_root, augment->rotate); |
3827 |
++} |
3828 |
++ |
3829 |
+ #endif /* _LINUX_RBTREE_AUGMENTED_H */ |
3830 |
+diff --git a/include/linux/timerqueue.h b/include/linux/timerqueue.h |
3831 |
+index 7eec17ad7fa19..42868a9b43657 100644 |
3832 |
+--- a/include/linux/timerqueue.h |
3833 |
++++ b/include/linux/timerqueue.h |
3834 |
+@@ -11,8 +11,7 @@ struct timerqueue_node { |
3835 |
+ }; |
3836 |
+ |
3837 |
+ struct timerqueue_head { |
3838 |
+- struct rb_root head; |
3839 |
+- struct timerqueue_node *next; |
3840 |
++ struct rb_root_cached rb_root; |
3841 |
+ }; |
3842 |
+ |
3843 |
+ |
3844 |
+@@ -28,13 +27,14 @@ extern struct timerqueue_node *timerqueue_iterate_next( |
3845 |
+ * |
3846 |
+ * @head: head of timerqueue |
3847 |
+ * |
3848 |
+- * Returns a pointer to the timer node that has the |
3849 |
+- * earliest expiration time. |
3850 |
++ * Returns a pointer to the timer node that has the earliest expiration time. |
3851 |
+ */ |
3852 |
+ static inline |
3853 |
+ struct timerqueue_node *timerqueue_getnext(struct timerqueue_head *head) |
3854 |
+ { |
3855 |
+- return head->next; |
3856 |
++ struct rb_node *leftmost = rb_first_cached(&head->rb_root); |
3857 |
++ |
3858 |
++ return rb_entry(leftmost, struct timerqueue_node, node); |
3859 |
+ } |
3860 |
+ |
3861 |
+ static inline void timerqueue_init(struct timerqueue_node *node) |
3862 |
+@@ -44,7 +44,6 @@ static inline void timerqueue_init(struct timerqueue_node *node) |
3863 |
+ |
3864 |
+ static inline void timerqueue_init_head(struct timerqueue_head *head) |
3865 |
+ { |
3866 |
+- head->head = RB_ROOT; |
3867 |
+- head->next = NULL; |
3868 |
++ head->rb_root = RB_ROOT_CACHED; |
3869 |
+ } |
3870 |
+ #endif /* _LINUX_TIMERQUEUE_H */ |
3871 |
+diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h |
3872 |
+index 5d5a137b9067f..7ec889291dc48 100644 |
3873 |
+--- a/include/net/sch_generic.h |
3874 |
++++ b/include/net/sch_generic.h |
3875 |
+@@ -837,6 +837,7 @@ struct psched_ratecfg { |
3876 |
+ u64 rate_bytes_ps; /* bytes per second */ |
3877 |
+ u32 mult; |
3878 |
+ u16 overhead; |
3879 |
++ u16 mpu; |
3880 |
+ u8 linklayer; |
3881 |
+ u8 shift; |
3882 |
+ }; |
3883 |
+@@ -846,6 +847,9 @@ static inline u64 psched_l2t_ns(const struct psched_ratecfg *r, |
3884 |
+ { |
3885 |
+ len += r->overhead; |
3886 |
+ |
3887 |
++ if (len < r->mpu) |
3888 |
++ len = r->mpu; |
3889 |
++ |
3890 |
+ if (unlikely(r->linklayer == TC_LINKLAYER_ATM)) |
3891 |
+ return ((u64)(DIV_ROUND_UP(len,48)*53) * r->mult) >> r->shift; |
3892 |
+ |
3893 |
+@@ -868,6 +872,7 @@ static inline void psched_ratecfg_getrate(struct tc_ratespec *res, |
3894 |
+ res->rate = min_t(u64, r->rate_bytes_ps, ~0U); |
3895 |
+ |
3896 |
+ res->overhead = r->overhead; |
3897 |
++ res->mpu = r->mpu; |
3898 |
+ res->linklayer = (r->linklayer & TC_LINKLAYER_MASK); |
3899 |
+ } |
3900 |
+ |
3901 |
+diff --git a/lib/rbtree.c b/lib/rbtree.c |
3902 |
+index eb8a19fee1100..53746be42903b 100644 |
3903 |
+--- a/lib/rbtree.c |
3904 |
++++ b/lib/rbtree.c |
3905 |
+@@ -95,10 +95,14 @@ __rb_rotate_set_parents(struct rb_node *old, struct rb_node *new, |
3906 |
+ |
3907 |
+ static __always_inline void |
3908 |
+ __rb_insert(struct rb_node *node, struct rb_root *root, |
3909 |
++ bool newleft, struct rb_node **leftmost, |
3910 |
+ void (*augment_rotate)(struct rb_node *old, struct rb_node *new)) |
3911 |
+ { |
3912 |
+ struct rb_node *parent = rb_red_parent(node), *gparent, *tmp; |
3913 |
+ |
3914 |
++ if (newleft) |
3915 |
++ *leftmost = node; |
3916 |
++ |
3917 |
+ while (true) { |
3918 |
+ /* |
3919 |
+ * Loop invariant: node is red |
3920 |
+@@ -417,19 +421,38 @@ static const struct rb_augment_callbacks dummy_callbacks = { |
3921 |
+ |
3922 |
+ void rb_insert_color(struct rb_node *node, struct rb_root *root) |
3923 |
+ { |
3924 |
+- __rb_insert(node, root, dummy_rotate); |
3925 |
++ __rb_insert(node, root, false, NULL, dummy_rotate); |
3926 |
+ } |
3927 |
+ EXPORT_SYMBOL(rb_insert_color); |
3928 |
+ |
3929 |
+ void rb_erase(struct rb_node *node, struct rb_root *root) |
3930 |
+ { |
3931 |
+ struct rb_node *rebalance; |
3932 |
+- rebalance = __rb_erase_augmented(node, root, &dummy_callbacks); |
3933 |
++ rebalance = __rb_erase_augmented(node, root, |
3934 |
++ NULL, &dummy_callbacks); |
3935 |
+ if (rebalance) |
3936 |
+ ____rb_erase_color(rebalance, root, dummy_rotate); |
3937 |
+ } |
3938 |
+ EXPORT_SYMBOL(rb_erase); |
3939 |
+ |
3940 |
++void rb_insert_color_cached(struct rb_node *node, |
3941 |
++ struct rb_root_cached *root, bool leftmost) |
3942 |
++{ |
3943 |
++ __rb_insert(node, &root->rb_root, leftmost, |
3944 |
++ &root->rb_leftmost, dummy_rotate); |
3945 |
++} |
3946 |
++EXPORT_SYMBOL(rb_insert_color_cached); |
3947 |
++ |
3948 |
++void rb_erase_cached(struct rb_node *node, struct rb_root_cached *root) |
3949 |
++{ |
3950 |
++ struct rb_node *rebalance; |
3951 |
++ rebalance = __rb_erase_augmented(node, &root->rb_root, |
3952 |
++ &root->rb_leftmost, &dummy_callbacks); |
3953 |
++ if (rebalance) |
3954 |
++ ____rb_erase_color(rebalance, &root->rb_root, dummy_rotate); |
3955 |
++} |
3956 |
++EXPORT_SYMBOL(rb_erase_cached); |
3957 |
++ |
3958 |
+ /* |
3959 |
+ * Augmented rbtree manipulation functions. |
3960 |
+ * |
3961 |
+@@ -438,9 +461,10 @@ EXPORT_SYMBOL(rb_erase); |
3962 |
+ */ |
3963 |
+ |
3964 |
+ void __rb_insert_augmented(struct rb_node *node, struct rb_root *root, |
3965 |
++ bool newleft, struct rb_node **leftmost, |
3966 |
+ void (*augment_rotate)(struct rb_node *old, struct rb_node *new)) |
3967 |
+ { |
3968 |
+- __rb_insert(node, root, augment_rotate); |
3969 |
++ __rb_insert(node, root, newleft, leftmost, augment_rotate); |
3970 |
+ } |
3971 |
+ EXPORT_SYMBOL(__rb_insert_augmented); |
3972 |
+ |
3973 |
+@@ -485,7 +509,7 @@ struct rb_node *rb_next(const struct rb_node *node) |
3974 |
+ * as we can. |
3975 |
+ */ |
3976 |
+ if (node->rb_right) { |
3977 |
+- node = node->rb_right; |
3978 |
++ node = node->rb_right; |
3979 |
+ while (node->rb_left) |
3980 |
+ node=node->rb_left; |
3981 |
+ return (struct rb_node *)node; |
3982 |
+@@ -517,7 +541,7 @@ struct rb_node *rb_prev(const struct rb_node *node) |
3983 |
+ * as we can. |
3984 |
+ */ |
3985 |
+ if (node->rb_left) { |
3986 |
+- node = node->rb_left; |
3987 |
++ node = node->rb_left; |
3988 |
+ while (node->rb_right) |
3989 |
+ node=node->rb_right; |
3990 |
+ return (struct rb_node *)node; |
3991 |
+diff --git a/lib/timerqueue.c b/lib/timerqueue.c |
3992 |
+index 782ae8ca2c06f..4f99b5c3ac0ec 100644 |
3993 |
+--- a/lib/timerqueue.c |
3994 |
++++ b/lib/timerqueue.c |
3995 |
+@@ -38,9 +38,10 @@ |
3996 |
+ */ |
3997 |
+ bool timerqueue_add(struct timerqueue_head *head, struct timerqueue_node *node) |
3998 |
+ { |
3999 |
+- struct rb_node **p = &head->head.rb_node; |
4000 |
++ struct rb_node **p = &head->rb_root.rb_root.rb_node; |
4001 |
+ struct rb_node *parent = NULL; |
4002 |
+- struct timerqueue_node *ptr; |
4003 |
++ struct timerqueue_node *ptr; |
4004 |
++ bool leftmost = true; |
4005 |
+ |
4006 |
+ /* Make sure we don't add nodes that are already added */ |
4007 |
+ WARN_ON_ONCE(!RB_EMPTY_NODE(&node->node)); |
4008 |
+@@ -48,19 +49,17 @@ bool timerqueue_add(struct timerqueue_head *head, struct timerqueue_node *node) |
4009 |
+ while (*p) { |
4010 |
+ parent = *p; |
4011 |
+ ptr = rb_entry(parent, struct timerqueue_node, node); |
4012 |
+- if (node->expires.tv64 < ptr->expires.tv64) |
4013 |
++ if (node->expires.tv64 < ptr->expires.tv64) { |
4014 |
+ p = &(*p)->rb_left; |
4015 |
+- else |
4016 |
++ } else { |
4017 |
+ p = &(*p)->rb_right; |
4018 |
++ leftmost = false; |
4019 |
++ } |
4020 |
+ } |
4021 |
+ rb_link_node(&node->node, parent, p); |
4022 |
+- rb_insert_color(&node->node, &head->head); |
4023 |
++ rb_insert_color_cached(&node->node, &head->rb_root, leftmost); |
4024 |
+ |
4025 |
+- if (!head->next || node->expires.tv64 < head->next->expires.tv64) { |
4026 |
+- head->next = node; |
4027 |
+- return true; |
4028 |
+- } |
4029 |
+- return false; |
4030 |
++ return leftmost; |
4031 |
+ } |
4032 |
+ EXPORT_SYMBOL_GPL(timerqueue_add); |
4033 |
+ |
4034 |
+@@ -76,16 +75,10 @@ bool timerqueue_del(struct timerqueue_head *head, struct timerqueue_node *node) |
4035 |
+ { |
4036 |
+ WARN_ON_ONCE(RB_EMPTY_NODE(&node->node)); |
4037 |
+ |
4038 |
+- /* update next pointer */ |
4039 |
+- if (head->next == node) { |
4040 |
+- struct rb_node *rbn = rb_next(&node->node); |
4041 |
+- |
4042 |
+- head->next = rbn ? |
4043 |
+- rb_entry(rbn, struct timerqueue_node, node) : NULL; |
4044 |
+- } |
4045 |
+- rb_erase(&node->node, &head->head); |
4046 |
++ rb_erase_cached(&node->node, &head->rb_root); |
4047 |
+ RB_CLEAR_NODE(&node->node); |
4048 |
+- return head->next != NULL; |
4049 |
++ |
4050 |
++ return !RB_EMPTY_ROOT(&head->rb_root.rb_root); |
4051 |
+ } |
4052 |
+ EXPORT_SYMBOL_GPL(timerqueue_del); |
4053 |
+ |
4054 |
+diff --git a/mm/gup.c b/mm/gup.c |
4055 |
+index 301dd96ef176c..0b80bf3878dcf 100644 |
4056 |
+--- a/mm/gup.c |
4057 |
++++ b/mm/gup.c |
4058 |
+@@ -1567,22 +1567,15 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, |
4059 |
+ next = pgd_addr_end(addr, end); |
4060 |
+ if (pgd_none(pgd)) |
4061 |
+ break; |
4062 |
+- /* |
4063 |
+- * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
4064 |
+- * because get_user_pages() may need to cause an early COW in |
4065 |
+- * order to avoid confusing the normal COW routines. So only |
4066 |
+- * targets that are already writable are safe to do by just |
4067 |
+- * looking at the page tables. |
4068 |
+- */ |
4069 |
+ if (unlikely(pgd_huge(pgd))) { |
4070 |
+- if (!gup_huge_pgd(pgd, pgdp, addr, next, 1, |
4071 |
++ if (!gup_huge_pgd(pgd, pgdp, addr, next, write, |
4072 |
+ pages, &nr)) |
4073 |
+ break; |
4074 |
+ } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) { |
4075 |
+ if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr, |
4076 |
+- PGDIR_SHIFT, next, 1, pages, &nr)) |
4077 |
++ PGDIR_SHIFT, next, write, pages, &nr)) |
4078 |
+ break; |
4079 |
+- } else if (!gup_pud_range(pgd, addr, next, 1, pages, &nr)) |
4080 |
++ } else if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) |
4081 |
+ break; |
4082 |
+ } while (pgdp++, addr = next, addr != end); |
4083 |
+ local_irq_restore(flags); |
4084 |
+@@ -1612,7 +1605,14 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, |
4085 |
+ int nr, ret; |
4086 |
+ |
4087 |
+ start &= PAGE_MASK; |
4088 |
+- nr = __get_user_pages_fast(start, nr_pages, write, pages); |
4089 |
++ /* |
4090 |
++ * The FAST_GUP case requires FOLL_WRITE even for pure reads, |
4091 |
++ * because get_user_pages() may need to cause an early COW in |
4092 |
++ * order to avoid confusing the normal COW routines. So only |
4093 |
++ * targets that are already writable are safe to do by just |
4094 |
++ * looking at the page tables. |
4095 |
++ */ |
4096 |
++ nr = __get_user_pages_fast(start, nr_pages, 1, pages); |
4097 |
+ ret = nr; |
4098 |
+ |
4099 |
+ if (nr < nr_pages) { |
4100 |
+diff --git a/mm/memory.c b/mm/memory.c |
4101 |
+index c2890dc104d9e..2b2cc69ddccef 100644 |
4102 |
+--- a/mm/memory.c |
4103 |
++++ b/mm/memory.c |
4104 |
+@@ -3780,8 +3780,8 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) |
4105 |
+ } |
4106 |
+ #endif /* __PAGETABLE_PMD_FOLDED */ |
4107 |
+ |
4108 |
+-static int __follow_pte(struct mm_struct *mm, unsigned long address, |
4109 |
+- pte_t **ptepp, spinlock_t **ptlp) |
4110 |
++static int __follow_pte_pmd(struct mm_struct *mm, unsigned long address, |
4111 |
++ pte_t **ptepp, pmd_t **pmdpp, spinlock_t **ptlp) |
4112 |
+ { |
4113 |
+ pgd_t *pgd; |
4114 |
+ pud_t *pud; |
4115 |
+@@ -3798,11 +3798,20 @@ static int __follow_pte(struct mm_struct *mm, unsigned long address, |
4116 |
+ |
4117 |
+ pmd = pmd_offset(pud, address); |
4118 |
+ VM_BUG_ON(pmd_trans_huge(*pmd)); |
4119 |
+- if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd))) |
4120 |
+- goto out; |
4121 |
+ |
4122 |
+- /* We cannot handle huge page PFN maps. Luckily they don't exist. */ |
4123 |
+- if (pmd_huge(*pmd)) |
4124 |
++ if (pmd_huge(*pmd)) { |
4125 |
++ if (!pmdpp) |
4126 |
++ goto out; |
4127 |
++ |
4128 |
++ *ptlp = pmd_lock(mm, pmd); |
4129 |
++ if (pmd_huge(*pmd)) { |
4130 |
++ *pmdpp = pmd; |
4131 |
++ return 0; |
4132 |
++ } |
4133 |
++ spin_unlock(*ptlp); |
4134 |
++ } |
4135 |
++ |
4136 |
++ if (pmd_none(*pmd) || unlikely(pmd_bad(*pmd))) |
4137 |
+ goto out; |
4138 |
+ |
4139 |
+ ptep = pte_offset_map_lock(mm, pmd, address, ptlp); |
4140 |
+@@ -3825,9 +3834,23 @@ static inline int follow_pte(struct mm_struct *mm, unsigned long address, |
4141 |
+ |
4142 |
+ /* (void) is needed to make gcc happy */ |
4143 |
+ (void) __cond_lock(*ptlp, |
4144 |
+- !(res = __follow_pte(mm, address, ptepp, ptlp))); |
4145 |
++ !(res = __follow_pte_pmd(mm, address, ptepp, NULL, |
4146 |
++ ptlp))); |
4147 |
++ return res; |
4148 |
++} |
4149 |
++ |
4150 |
++int follow_pte_pmd(struct mm_struct *mm, unsigned long address, |
4151 |
++ pte_t **ptepp, pmd_t **pmdpp, spinlock_t **ptlp) |
4152 |
++{ |
4153 |
++ int res; |
4154 |
++ |
4155 |
++ /* (void) is needed to make gcc happy */ |
4156 |
++ (void) __cond_lock(*ptlp, |
4157 |
++ !(res = __follow_pte_pmd(mm, address, ptepp, pmdpp, |
4158 |
++ ptlp))); |
4159 |
+ return res; |
4160 |
+ } |
4161 |
++EXPORT_SYMBOL(follow_pte_pmd); |
4162 |
+ |
4163 |
+ /** |
4164 |
+ * follow_pfn - look up PFN at a user virtual address |
4165 |
+diff --git a/mm/shmem.c b/mm/shmem.c |
4166 |
+index 31b0c09fe6c60..51aa13f596220 100644 |
4167 |
+--- a/mm/shmem.c |
4168 |
++++ b/mm/shmem.c |
4169 |
+@@ -436,7 +436,7 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, |
4170 |
+ struct shmem_inode_info *info; |
4171 |
+ struct page *page; |
4172 |
+ unsigned long batch = sc ? sc->nr_to_scan : 128; |
4173 |
+- int removed = 0, split = 0; |
4174 |
++ int split = 0; |
4175 |
+ |
4176 |
+ if (list_empty(&sbinfo->shrinklist)) |
4177 |
+ return SHRINK_STOP; |
4178 |
+@@ -451,7 +451,6 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, |
4179 |
+ /* inode is about to be evicted */ |
4180 |
+ if (!inode) { |
4181 |
+ list_del_init(&info->shrinklist); |
4182 |
+- removed++; |
4183 |
+ goto next; |
4184 |
+ } |
4185 |
+ |
4186 |
+@@ -459,12 +458,12 @@ static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, |
4187 |
+ if (round_up(inode->i_size, PAGE_SIZE) == |
4188 |
+ round_up(inode->i_size, HPAGE_PMD_SIZE)) { |
4189 |
+ list_move(&info->shrinklist, &to_remove); |
4190 |
+- removed++; |
4191 |
+ goto next; |
4192 |
+ } |
4193 |
+ |
4194 |
+ list_move(&info->shrinklist, &list); |
4195 |
+ next: |
4196 |
++ sbinfo->shrinklist_len--; |
4197 |
+ if (!--batch) |
4198 |
+ break; |
4199 |
+ } |
4200 |
+@@ -484,7 +483,7 @@ next: |
4201 |
+ inode = &info->vfs_inode; |
4202 |
+ |
4203 |
+ if (nr_to_split && split >= nr_to_split) |
4204 |
+- goto leave; |
4205 |
++ goto move_back; |
4206 |
+ |
4207 |
+ page = find_get_page(inode->i_mapping, |
4208 |
+ (inode->i_size & HPAGE_PMD_MASK) >> PAGE_SHIFT); |
4209 |
+@@ -498,38 +497,44 @@ next: |
4210 |
+ } |
4211 |
+ |
4212 |
+ /* |
4213 |
+- * Leave the inode on the list if we failed to lock |
4214 |
+- * the page at this time. |
4215 |
++ * Move the inode on the list back to shrinklist if we failed |
4216 |
++ * to lock the page at this time. |
4217 |
+ * |
4218 |
+ * Waiting for the lock may lead to deadlock in the |
4219 |
+ * reclaim path. |
4220 |
+ */ |
4221 |
+ if (!trylock_page(page)) { |
4222 |
+ put_page(page); |
4223 |
+- goto leave; |
4224 |
++ goto move_back; |
4225 |
+ } |
4226 |
+ |
4227 |
+ ret = split_huge_page(page); |
4228 |
+ unlock_page(page); |
4229 |
+ put_page(page); |
4230 |
+ |
4231 |
+- /* If split failed leave the inode on the list */ |
4232 |
++ /* If split failed move the inode on the list back to shrinklist */ |
4233 |
+ if (ret) |
4234 |
+- goto leave; |
4235 |
++ goto move_back; |
4236 |
+ |
4237 |
+ split++; |
4238 |
+ drop: |
4239 |
+ list_del_init(&info->shrinklist); |
4240 |
+- removed++; |
4241 |
+-leave: |
4242 |
++ goto put; |
4243 |
++move_back: |
4244 |
++ /* |
4245 |
++ * Make sure the inode is either on the global list or deleted |
4246 |
++ * from any local list before iput() since it could be deleted |
4247 |
++ * in another thread once we put the inode (then the local list |
4248 |
++ * is corrupted). |
4249 |
++ */ |
4250 |
++ spin_lock(&sbinfo->shrinklist_lock); |
4251 |
++ list_move(&info->shrinklist, &sbinfo->shrinklist); |
4252 |
++ sbinfo->shrinklist_len++; |
4253 |
++ spin_unlock(&sbinfo->shrinklist_lock); |
4254 |
++put: |
4255 |
+ iput(inode); |
4256 |
+ } |
4257 |
+ |
4258 |
+- spin_lock(&sbinfo->shrinklist_lock); |
4259 |
+- list_splice_tail(&list, &sbinfo->shrinklist); |
4260 |
+- sbinfo->shrinklist_len -= removed; |
4261 |
+- spin_unlock(&sbinfo->shrinklist_lock); |
4262 |
+- |
4263 |
+ return split; |
4264 |
+ } |
4265 |
+ |
4266 |
+diff --git a/net/bluetooth/cmtp/core.c b/net/bluetooth/cmtp/core.c |
4267 |
+index 0bb150e68c53f..e2e580c747f4b 100644 |
4268 |
+--- a/net/bluetooth/cmtp/core.c |
4269 |
++++ b/net/bluetooth/cmtp/core.c |
4270 |
+@@ -499,9 +499,7 @@ static int __init cmtp_init(void) |
4271 |
+ { |
4272 |
+ BT_INFO("CMTP (CAPI Emulation) ver %s", VERSION); |
4273 |
+ |
4274 |
+- cmtp_init_sockets(); |
4275 |
+- |
4276 |
+- return 0; |
4277 |
++ return cmtp_init_sockets(); |
4278 |
+ } |
4279 |
+ |
4280 |
+ static void __exit cmtp_exit(void) |
4281 |
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c |
4282 |
+index b43f31203a430..40e6e5feb1e06 100644 |
4283 |
+--- a/net/bluetooth/hci_core.c |
4284 |
++++ b/net/bluetooth/hci_core.c |
4285 |
+@@ -3148,6 +3148,7 @@ int hci_register_dev(struct hci_dev *hdev) |
4286 |
+ return id; |
4287 |
+ |
4288 |
+ err_wqueue: |
4289 |
++ debugfs_remove_recursive(hdev->debugfs); |
4290 |
+ destroy_workqueue(hdev->workqueue); |
4291 |
+ destroy_workqueue(hdev->req_workqueue); |
4292 |
+ err: |
4293 |
+diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c |
4294 |
+index f9484755a9baf..17cfd9f8e98e0 100644 |
4295 |
+--- a/net/bluetooth/hci_event.c |
4296 |
++++ b/net/bluetooth/hci_event.c |
4297 |
+@@ -4967,7 +4967,8 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) |
4298 |
+ struct hci_ev_le_advertising_info *ev = ptr; |
4299 |
+ s8 rssi; |
4300 |
+ |
4301 |
+- if (ev->length <= HCI_MAX_AD_LENGTH) { |
4302 |
++ if (ev->length <= HCI_MAX_AD_LENGTH && |
4303 |
++ ev->data + ev->length <= skb_tail_pointer(skb)) { |
4304 |
+ rssi = ev->data[ev->length]; |
4305 |
+ process_adv_report(hdev, ev->evt_type, &ev->bdaddr, |
4306 |
+ ev->bdaddr_type, NULL, 0, rssi, |
4307 |
+@@ -4977,6 +4978,11 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb) |
4308 |
+ } |
4309 |
+ |
4310 |
+ ptr += sizeof(*ev) + ev->length + 1; |
4311 |
++ |
4312 |
++ if (ptr > (void *) skb_tail_pointer(skb) - sizeof(*ev)) { |
4313 |
++ bt_dev_err(hdev, "Malicious advertising data. Stopping processing"); |
4314 |
++ break; |
4315 |
++ } |
4316 |
+ } |
4317 |
+ |
4318 |
+ hci_dev_unlock(hdev); |
4319 |
+diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c |
4320 |
+index 7104d5e64abb3..11d4d18012fed 100644 |
4321 |
+--- a/net/bridge/br_netfilter_hooks.c |
4322 |
++++ b/net/bridge/br_netfilter_hooks.c |
4323 |
+@@ -724,6 +724,9 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff |
4324 |
+ if (nf_bridge->frag_max_size && nf_bridge->frag_max_size < mtu) |
4325 |
+ mtu = nf_bridge->frag_max_size; |
4326 |
+ |
4327 |
++ nf_bridge_update_protocol(skb); |
4328 |
++ nf_bridge_push_encap_header(skb); |
4329 |
++ |
4330 |
+ if (skb_is_gso(skb) || skb->len + mtu_reserved <= mtu) { |
4331 |
+ nf_bridge_info_free(skb); |
4332 |
+ return br_dev_queue_push_xmit(net, sk, skb); |
4333 |
+@@ -741,8 +744,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff |
4334 |
+ |
4335 |
+ IPCB(skb)->frag_max_size = nf_bridge->frag_max_size; |
4336 |
+ |
4337 |
+- nf_bridge_update_protocol(skb); |
4338 |
+- |
4339 |
+ data = this_cpu_ptr(&brnf_frag_data_storage); |
4340 |
+ |
4341 |
+ data->vlan_tci = skb->vlan_tci; |
4342 |
+@@ -765,8 +766,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff |
4343 |
+ |
4344 |
+ IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size; |
4345 |
+ |
4346 |
+- nf_bridge_update_protocol(skb); |
4347 |
+- |
4348 |
+ data = this_cpu_ptr(&brnf_frag_data_storage); |
4349 |
+ data->encap_size = nf_bridge_encap_header_len(skb); |
4350 |
+ data->size = ETH_HLEN + data->encap_size; |
4351 |
+diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c |
4352 |
+index 7630fa80db92a..48854eae294fd 100644 |
4353 |
+--- a/net/core/net_namespace.c |
4354 |
++++ b/net/core/net_namespace.c |
4355 |
+@@ -132,8 +132,10 @@ static void ops_exit_list(const struct pernet_operations *ops, |
4356 |
+ { |
4357 |
+ struct net *net; |
4358 |
+ if (ops->exit) { |
4359 |
+- list_for_each_entry(net, net_exit_list, exit_list) |
4360 |
++ list_for_each_entry(net, net_exit_list, exit_list) { |
4361 |
+ ops->exit(net); |
4362 |
++ cond_resched(); |
4363 |
++ } |
4364 |
+ } |
4365 |
+ if (ops->exit_batch) |
4366 |
+ ops->exit_batch(net_exit_list); |
4367 |
+diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c |
4368 |
+index 553cda6f887ad..b7dc20a65b649 100644 |
4369 |
+--- a/net/ipv4/cipso_ipv4.c |
4370 |
++++ b/net/ipv4/cipso_ipv4.c |
4371 |
+@@ -534,16 +534,10 @@ int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info) |
4372 |
+ ret_val = -ENOENT; |
4373 |
+ goto doi_remove_return; |
4374 |
+ } |
4375 |
+- if (!atomic_dec_and_test(&doi_def->refcount)) { |
4376 |
+- spin_unlock(&cipso_v4_doi_list_lock); |
4377 |
+- ret_val = -EBUSY; |
4378 |
+- goto doi_remove_return; |
4379 |
+- } |
4380 |
+ list_del_rcu(&doi_def->list); |
4381 |
+ spin_unlock(&cipso_v4_doi_list_lock); |
4382 |
+ |
4383 |
+- cipso_v4_cache_invalidate(); |
4384 |
+- call_rcu(&doi_def->rcu, cipso_v4_doi_free_rcu); |
4385 |
++ cipso_v4_doi_putdef(doi_def); |
4386 |
+ ret_val = 0; |
4387 |
+ |
4388 |
+ doi_remove_return: |
4389 |
+@@ -600,9 +594,6 @@ void cipso_v4_doi_putdef(struct cipso_v4_doi *doi_def) |
4390 |
+ |
4391 |
+ if (!atomic_dec_and_test(&doi_def->refcount)) |
4392 |
+ return; |
4393 |
+- spin_lock(&cipso_v4_doi_list_lock); |
4394 |
+- list_del_rcu(&doi_def->list); |
4395 |
+- spin_unlock(&cipso_v4_doi_list_lock); |
4396 |
+ |
4397 |
+ cipso_v4_cache_invalidate(); |
4398 |
+ call_rcu(&doi_def->rcu, cipso_v4_doi_free_rcu); |
4399 |
+diff --git a/net/ipv6/calipso.c b/net/ipv6/calipso.c |
4400 |
+index b206415bbde74..7628963ddacc3 100644 |
4401 |
+--- a/net/ipv6/calipso.c |
4402 |
++++ b/net/ipv6/calipso.c |
4403 |
+@@ -97,6 +97,9 @@ struct calipso_map_cache_entry { |
4404 |
+ |
4405 |
+ static struct calipso_map_cache_bkt *calipso_cache; |
4406 |
+ |
4407 |
++static void calipso_cache_invalidate(void); |
4408 |
++static void calipso_doi_putdef(struct calipso_doi *doi_def); |
4409 |
++ |
4410 |
+ /* Label Mapping Cache Functions |
4411 |
+ */ |
4412 |
+ |
4413 |
+@@ -458,15 +461,10 @@ static int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info) |
4414 |
+ ret_val = -ENOENT; |
4415 |
+ goto doi_remove_return; |
4416 |
+ } |
4417 |
+- if (!atomic_dec_and_test(&doi_def->refcount)) { |
4418 |
+- spin_unlock(&calipso_doi_list_lock); |
4419 |
+- ret_val = -EBUSY; |
4420 |
+- goto doi_remove_return; |
4421 |
+- } |
4422 |
+ list_del_rcu(&doi_def->list); |
4423 |
+ spin_unlock(&calipso_doi_list_lock); |
4424 |
+ |
4425 |
+- call_rcu(&doi_def->rcu, calipso_doi_free_rcu); |
4426 |
++ calipso_doi_putdef(doi_def); |
4427 |
+ ret_val = 0; |
4428 |
+ |
4429 |
+ doi_remove_return: |
4430 |
+@@ -522,10 +520,8 @@ static void calipso_doi_putdef(struct calipso_doi *doi_def) |
4431 |
+ |
4432 |
+ if (!atomic_dec_and_test(&doi_def->refcount)) |
4433 |
+ return; |
4434 |
+- spin_lock(&calipso_doi_list_lock); |
4435 |
+- list_del_rcu(&doi_def->list); |
4436 |
+- spin_unlock(&calipso_doi_list_lock); |
4437 |
+ |
4438 |
++ calipso_cache_invalidate(); |
4439 |
+ call_rcu(&doi_def->rcu, calipso_doi_free_rcu); |
4440 |
+ } |
4441 |
+ |
4442 |
+diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c |
4443 |
+index 422fac2a4a3c8..9a256d0fb957a 100644 |
4444 |
+--- a/net/netlabel/netlabel_cipso_v4.c |
4445 |
++++ b/net/netlabel/netlabel_cipso_v4.c |
4446 |
+@@ -587,6 +587,7 @@ list_start: |
4447 |
+ |
4448 |
+ break; |
4449 |
+ } |
4450 |
++ cipso_v4_doi_putdef(doi_def); |
4451 |
+ rcu_read_unlock(); |
4452 |
+ |
4453 |
+ genlmsg_end(ans_skb, data); |
4454 |
+@@ -595,12 +596,14 @@ list_start: |
4455 |
+ list_retry: |
4456 |
+ /* XXX - this limit is a guesstimate */ |
4457 |
+ if (nlsze_mult < 4) { |
4458 |
++ cipso_v4_doi_putdef(doi_def); |
4459 |
+ rcu_read_unlock(); |
4460 |
+ kfree_skb(ans_skb); |
4461 |
+ nlsze_mult *= 2; |
4462 |
+ goto list_start; |
4463 |
+ } |
4464 |
+ list_failure_lock: |
4465 |
++ cipso_v4_doi_putdef(doi_def); |
4466 |
+ rcu_read_unlock(); |
4467 |
+ list_failure: |
4468 |
+ kfree_skb(ans_skb); |
4469 |
+diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c |
4470 |
+index 92c6fbfd51f79..bc59b2b5f9836 100644 |
4471 |
+--- a/net/nfc/llcp_sock.c |
4472 |
++++ b/net/nfc/llcp_sock.c |
4473 |
+@@ -796,6 +796,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, |
4474 |
+ |
4475 |
+ lock_sock(sk); |
4476 |
+ |
4477 |
++ if (!llcp_sock->local) { |
4478 |
++ release_sock(sk); |
4479 |
++ return -ENODEV; |
4480 |
++ } |
4481 |
++ |
4482 |
+ if (sk->sk_type == SOCK_DGRAM) { |
4483 |
+ DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, |
4484 |
+ msg->msg_name); |
4485 |
+diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c |
4486 |
+index 04ca08f852209..daa24ec7db278 100644 |
4487 |
+--- a/net/sched/sch_generic.c |
4488 |
++++ b/net/sched/sch_generic.c |
4489 |
+@@ -996,6 +996,7 @@ void psched_ratecfg_precompute(struct psched_ratecfg *r, |
4490 |
+ { |
4491 |
+ memset(r, 0, sizeof(*r)); |
4492 |
+ r->overhead = conf->overhead; |
4493 |
++ r->mpu = conf->mpu; |
4494 |
+ r->rate_bytes_ps = max_t(u64, conf->rate, rate64); |
4495 |
+ r->linklayer = (conf->linklayer & TC_LINKLAYER_MASK); |
4496 |
+ r->mult = 1; |
4497 |
+diff --git a/net/unix/garbage.c b/net/unix/garbage.c |
4498 |
+index 8bbe1b8e4ff7f..4d283e26d8162 100644 |
4499 |
+--- a/net/unix/garbage.c |
4500 |
++++ b/net/unix/garbage.c |
4501 |
+@@ -197,8 +197,11 @@ void wait_for_unix_gc(void) |
4502 |
+ { |
4503 |
+ /* If number of inflight sockets is insane, |
4504 |
+ * force a garbage collect right now. |
4505 |
++ * Paired with the WRITE_ONCE() in unix_inflight(), |
4506 |
++ * unix_notinflight() and gc_in_progress(). |
4507 |
+ */ |
4508 |
+- if (unix_tot_inflight > UNIX_INFLIGHT_TRIGGER_GC && !gc_in_progress) |
4509 |
++ if (READ_ONCE(unix_tot_inflight) > UNIX_INFLIGHT_TRIGGER_GC && |
4510 |
++ !READ_ONCE(gc_in_progress)) |
4511 |
+ unix_gc(); |
4512 |
+ wait_event(unix_gc_wait, gc_in_progress == false); |
4513 |
+ } |
4514 |
+@@ -218,7 +221,9 @@ void unix_gc(void) |
4515 |
+ if (gc_in_progress) |
4516 |
+ goto out; |
4517 |
+ |
4518 |
+- gc_in_progress = true; |
4519 |
++ /* Paired with READ_ONCE() in wait_for_unix_gc(). */ |
4520 |
++ WRITE_ONCE(gc_in_progress, true); |
4521 |
++ |
4522 |
+ /* First, select candidates for garbage collection. Only |
4523 |
+ * in-flight sockets are considered, and from those only ones |
4524 |
+ * which don't have any external reference. |
4525 |
+@@ -304,7 +309,10 @@ void unix_gc(void) |
4526 |
+ |
4527 |
+ /* All candidates should have been detached by now. */ |
4528 |
+ BUG_ON(!list_empty(&gc_candidates)); |
4529 |
+- gc_in_progress = false; |
4530 |
++ |
4531 |
++ /* Paired with READ_ONCE() in wait_for_unix_gc(). */ |
4532 |
++ WRITE_ONCE(gc_in_progress, false); |
4533 |
++ |
4534 |
+ wake_up(&unix_gc_wait); |
4535 |
+ |
4536 |
+ out: |
4537 |
+diff --git a/net/unix/scm.c b/net/unix/scm.c |
4538 |
+index df8f636ab1d8c..bf1a8fa8c4f1d 100644 |
4539 |
+--- a/net/unix/scm.c |
4540 |
++++ b/net/unix/scm.c |
4541 |
+@@ -56,7 +56,8 @@ void unix_inflight(struct user_struct *user, struct file *fp) |
4542 |
+ } else { |
4543 |
+ BUG_ON(list_empty(&u->link)); |
4544 |
+ } |
4545 |
+- unix_tot_inflight++; |
4546 |
++ /* Paired with READ_ONCE() in wait_for_unix_gc() */ |
4547 |
++ WRITE_ONCE(unix_tot_inflight, unix_tot_inflight + 1); |
4548 |
+ } |
4549 |
+ user->unix_inflight++; |
4550 |
+ spin_unlock(&unix_gc_lock); |
4551 |
+@@ -76,7 +77,8 @@ void unix_notinflight(struct user_struct *user, struct file *fp) |
4552 |
+ |
4553 |
+ if (atomic_long_dec_and_test(&u->inflight)) |
4554 |
+ list_del_init(&u->link); |
4555 |
+- unix_tot_inflight--; |
4556 |
++ /* Paired with READ_ONCE() in wait_for_unix_gc() */ |
4557 |
++ WRITE_ONCE(unix_tot_inflight, unix_tot_inflight - 1); |
4558 |
+ } |
4559 |
+ user->unix_inflight--; |
4560 |
+ spin_unlock(&unix_gc_lock); |
4561 |
+diff --git a/scripts/dtc/dtx_diff b/scripts/dtc/dtx_diff |
4562 |
+index ec47f95991a3a..971e74f408a77 100755 |
4563 |
+--- a/scripts/dtc/dtx_diff |
4564 |
++++ b/scripts/dtc/dtx_diff |
4565 |
+@@ -56,12 +56,8 @@ Otherwise DTx is treated as a dts source file (aka .dts). |
4566 |
+ or '/include/' to be processed. |
4567 |
+ |
4568 |
+ If DTx_1 and DTx_2 are in different architectures, then this script |
4569 |
+- may not work since \${ARCH} is part of the include path. Two possible |
4570 |
+- workarounds: |
4571 |
+- |
4572 |
+- `basename $0` \\ |
4573 |
+- <(ARCH=arch_of_dtx_1 `basename $0` DTx_1) \\ |
4574 |
+- <(ARCH=arch_of_dtx_2 `basename $0` DTx_2) |
4575 |
++ may not work since \${ARCH} is part of the include path. The following |
4576 |
++ workaround can be used: |
4577 |
+ |
4578 |
+ `basename $0` ARCH=arch_of_dtx_1 DTx_1 >tmp_dtx_1.dts |
4579 |
+ `basename $0` ARCH=arch_of_dtx_2 DTx_2 >tmp_dtx_2.dts |
4580 |
+diff --git a/sound/core/jack.c b/sound/core/jack.c |
4581 |
+index 5ddf81f091fa9..36cfe1c54109d 100644 |
4582 |
+--- a/sound/core/jack.c |
4583 |
++++ b/sound/core/jack.c |
4584 |
+@@ -68,10 +68,13 @@ static int snd_jack_dev_free(struct snd_device *device) |
4585 |
+ struct snd_card *card = device->card; |
4586 |
+ struct snd_jack_kctl *jack_kctl, *tmp_jack_kctl; |
4587 |
+ |
4588 |
++ down_write(&card->controls_rwsem); |
4589 |
+ list_for_each_entry_safe(jack_kctl, tmp_jack_kctl, &jack->kctl_list, list) { |
4590 |
+ list_del_init(&jack_kctl->list); |
4591 |
+ snd_ctl_remove(card, jack_kctl->kctl); |
4592 |
+ } |
4593 |
++ up_write(&card->controls_rwsem); |
4594 |
++ |
4595 |
+ if (jack->private_free) |
4596 |
+ jack->private_free(jack); |
4597 |
+ |
4598 |
+diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c |
4599 |
+index 0ce3f42721c4d..440c16e0d0713 100644 |
4600 |
+--- a/sound/core/oss/pcm_oss.c |
4601 |
++++ b/sound/core/oss/pcm_oss.c |
4602 |
+@@ -2122,7 +2122,7 @@ static int snd_pcm_oss_set_trigger(struct snd_pcm_oss_file *pcm_oss_file, int tr |
4603 |
+ int err, cmd; |
4604 |
+ |
4605 |
+ #ifdef OSS_DEBUG |
4606 |
+- pcm_dbg(substream->pcm, "pcm_oss: trigger = 0x%x\n", trigger); |
4607 |
++ pr_debug("pcm_oss: trigger = 0x%x\n", trigger); |
4608 |
+ #endif |
4609 |
+ |
4610 |
+ psubstream = pcm_oss_file->streams[SNDRV_PCM_STREAM_PLAYBACK]; |
4611 |
+diff --git a/sound/core/pcm.c b/sound/core/pcm.c |
4612 |
+index cdff5f9764808..6ae28dcd79945 100644 |
4613 |
+--- a/sound/core/pcm.c |
4614 |
++++ b/sound/core/pcm.c |
4615 |
+@@ -857,7 +857,11 @@ EXPORT_SYMBOL(snd_pcm_new_internal); |
4616 |
+ static void free_chmap(struct snd_pcm_str *pstr) |
4617 |
+ { |
4618 |
+ if (pstr->chmap_kctl) { |
4619 |
+- snd_ctl_remove(pstr->pcm->card, pstr->chmap_kctl); |
4620 |
++ struct snd_card *card = pstr->pcm->card; |
4621 |
++ |
4622 |
++ down_write(&card->controls_rwsem); |
4623 |
++ snd_ctl_remove(card, pstr->chmap_kctl); |
4624 |
++ up_write(&card->controls_rwsem); |
4625 |
+ pstr->chmap_kctl = NULL; |
4626 |
+ } |
4627 |
+ } |
4628 |
+diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c |
4629 |
+index ea1aa07962761..b923059a22276 100644 |
4630 |
+--- a/sound/core/seq/seq_queue.c |
4631 |
++++ b/sound/core/seq/seq_queue.c |
4632 |
+@@ -257,12 +257,15 @@ struct snd_seq_queue *snd_seq_queue_find_name(char *name) |
4633 |
+ |
4634 |
+ /* -------------------------------------------------------- */ |
4635 |
+ |
4636 |
++#define MAX_CELL_PROCESSES_IN_QUEUE 1000 |
4637 |
++ |
4638 |
+ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) |
4639 |
+ { |
4640 |
+ unsigned long flags; |
4641 |
+ struct snd_seq_event_cell *cell; |
4642 |
+ snd_seq_tick_time_t cur_tick; |
4643 |
+ snd_seq_real_time_t cur_time; |
4644 |
++ int processed = 0; |
4645 |
+ |
4646 |
+ if (q == NULL) |
4647 |
+ return; |
4648 |
+@@ -285,6 +288,8 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) |
4649 |
+ if (!cell) |
4650 |
+ break; |
4651 |
+ snd_seq_dispatch_event(cell, atomic, hop); |
4652 |
++ if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE) |
4653 |
++ goto out; /* the rest processed at the next batch */ |
4654 |
+ } |
4655 |
+ |
4656 |
+ /* Process time queue... */ |
4657 |
+@@ -294,14 +299,19 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) |
4658 |
+ if (!cell) |
4659 |
+ break; |
4660 |
+ snd_seq_dispatch_event(cell, atomic, hop); |
4661 |
++ if (++processed >= MAX_CELL_PROCESSES_IN_QUEUE) |
4662 |
++ goto out; /* the rest processed at the next batch */ |
4663 |
+ } |
4664 |
+ |
4665 |
++ out: |
4666 |
+ /* free lock */ |
4667 |
+ spin_lock_irqsave(&q->check_lock, flags); |
4668 |
+ if (q->check_again) { |
4669 |
+ q->check_again = 0; |
4670 |
+- spin_unlock_irqrestore(&q->check_lock, flags); |
4671 |
+- goto __again; |
4672 |
++ if (processed < MAX_CELL_PROCESSES_IN_QUEUE) { |
4673 |
++ spin_unlock_irqrestore(&q->check_lock, flags); |
4674 |
++ goto __again; |
4675 |
++ } |
4676 |
+ } |
4677 |
+ q->check_blocked = 0; |
4678 |
+ spin_unlock_irqrestore(&q->check_lock, flags); |
4679 |
+diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c |
4680 |
+index 4e67614f15f8e..8976da3e1e288 100644 |
4681 |
+--- a/sound/pci/hda/hda_codec.c |
4682 |
++++ b/sound/pci/hda/hda_codec.c |
4683 |
+@@ -1608,8 +1608,11 @@ void snd_hda_ctls_clear(struct hda_codec *codec) |
4684 |
+ { |
4685 |
+ int i; |
4686 |
+ struct hda_nid_item *items = codec->mixers.list; |
4687 |
++ |
4688 |
++ down_write(&codec->card->controls_rwsem); |
4689 |
+ for (i = 0; i < codec->mixers.used; i++) |
4690 |
+ snd_ctl_remove(codec->card, items[i].kctl); |
4691 |
++ up_write(&codec->card->controls_rwsem); |
4692 |
+ snd_array_free(&codec->mixers); |
4693 |
+ snd_array_free(&codec->nids); |
4694 |
+ } |
4695 |
+diff --git a/sound/soc/mediatek/mt8173/mt8173-max98090.c b/sound/soc/mediatek/mt8173/mt8173-max98090.c |
4696 |
+index 5524a2c727ec7..cab30cb48366d 100644 |
4697 |
+--- a/sound/soc/mediatek/mt8173/mt8173-max98090.c |
4698 |
++++ b/sound/soc/mediatek/mt8173/mt8173-max98090.c |
4699 |
+@@ -183,6 +183,9 @@ static int mt8173_max98090_dev_probe(struct platform_device *pdev) |
4700 |
+ if (ret) |
4701 |
+ dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", |
4702 |
+ __func__, ret); |
4703 |
++ |
4704 |
++ of_node_put(codec_node); |
4705 |
++ of_node_put(platform_node); |
4706 |
+ return ret; |
4707 |
+ } |
4708 |
+ |
4709 |
+diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c |
4710 |
+index 467f7049a2886..52fdd766ee82c 100644 |
4711 |
+--- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c |
4712 |
++++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5514.c |
4713 |
+@@ -228,6 +228,8 @@ static int mt8173_rt5650_rt5514_dev_probe(struct platform_device *pdev) |
4714 |
+ if (ret) |
4715 |
+ dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", |
4716 |
+ __func__, ret); |
4717 |
++ |
4718 |
++ of_node_put(platform_node); |
4719 |
+ return ret; |
4720 |
+ } |
4721 |
+ |
4722 |
+diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c |
4723 |
+index 1b8b2a7788450..5d75b04f074fe 100644 |
4724 |
+--- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c |
4725 |
++++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c |
4726 |
+@@ -285,6 +285,8 @@ static int mt8173_rt5650_rt5676_dev_probe(struct platform_device *pdev) |
4727 |
+ if (ret) |
4728 |
+ dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", |
4729 |
+ __func__, ret); |
4730 |
++ |
4731 |
++ of_node_put(platform_node); |
4732 |
+ return ret; |
4733 |
+ } |
4734 |
+ |
4735 |
+diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650.c b/sound/soc/mediatek/mt8173/mt8173-rt5650.c |
4736 |
+index ba65f4157a7e0..d02a90201b13b 100644 |
4737 |
+--- a/sound/soc/mediatek/mt8173/mt8173-rt5650.c |
4738 |
++++ b/sound/soc/mediatek/mt8173/mt8173-rt5650.c |
4739 |
+@@ -317,6 +317,8 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev) |
4740 |
+ if (ret) |
4741 |
+ dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n", |
4742 |
+ __func__, ret); |
4743 |
++ |
4744 |
++ of_node_put(platform_node); |
4745 |
+ return ret; |
4746 |
+ } |
4747 |
+ |
4748 |
+diff --git a/sound/soc/samsung/idma.c b/sound/soc/samsung/idma.c |
4749 |
+index 3e408158625db..72014dea75422 100644 |
4750 |
+--- a/sound/soc/samsung/idma.c |
4751 |
++++ b/sound/soc/samsung/idma.c |
4752 |
+@@ -369,6 +369,8 @@ static int preallocate_idma_buffer(struct snd_pcm *pcm, int stream) |
4753 |
+ buf->addr = idma.lp_tx_addr; |
4754 |
+ buf->bytes = idma_hardware.buffer_bytes_max; |
4755 |
+ buf->area = (unsigned char * __force)ioremap(buf->addr, buf->bytes); |
4756 |
++ if (!buf->area) |
4757 |
++ return -ENOMEM; |
4758 |
+ |
4759 |
+ return 0; |
4760 |
+ } |
4761 |
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c |
4762 |
+index db859b595dba1..d9b7001227e3c 100644 |
4763 |
+--- a/virt/kvm/kvm_main.c |
4764 |
++++ b/virt/kvm/kvm_main.c |
4765 |
+@@ -1513,15 +1513,24 @@ static bool vma_is_valid(struct vm_area_struct *vma, bool write_fault) |
4766 |
+ return true; |
4767 |
+ } |
4768 |
+ |
4769 |
++static int kvm_try_get_pfn(kvm_pfn_t pfn) |
4770 |
++{ |
4771 |
++ if (kvm_is_reserved_pfn(pfn)) |
4772 |
++ return 1; |
4773 |
++ return get_page_unless_zero(pfn_to_page(pfn)); |
4774 |
++} |
4775 |
++ |
4776 |
+ static int hva_to_pfn_remapped(struct vm_area_struct *vma, |
4777 |
+ unsigned long addr, bool *async, |
4778 |
+ bool write_fault, bool *writable, |
4779 |
+ kvm_pfn_t *p_pfn) |
4780 |
+ { |
4781 |
+- unsigned long pfn; |
4782 |
++ kvm_pfn_t pfn; |
4783 |
++ pte_t *ptep; |
4784 |
++ spinlock_t *ptl; |
4785 |
+ int r; |
4786 |
+ |
4787 |
+- r = follow_pfn(vma, addr, &pfn); |
4788 |
++ r = follow_pte_pmd(vma->vm_mm, addr, &ptep, NULL, &ptl); |
4789 |
+ if (r) { |
4790 |
+ /* |
4791 |
+ * get_user_pages fails for VM_IO and VM_PFNMAP vmas and does |
4792 |
+@@ -1536,14 +1545,19 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma, |
4793 |
+ if (r) |
4794 |
+ return r; |
4795 |
+ |
4796 |
+- r = follow_pfn(vma, addr, &pfn); |
4797 |
++ r = follow_pte_pmd(vma->vm_mm, addr, &ptep, NULL, &ptl); |
4798 |
+ if (r) |
4799 |
+ return r; |
4800 |
++ } |
4801 |
+ |
4802 |
++ if (write_fault && !pte_write(*ptep)) { |
4803 |
++ pfn = KVM_PFN_ERR_RO_FAULT; |
4804 |
++ goto out; |
4805 |
+ } |
4806 |
+ |
4807 |
+ if (writable) |
4808 |
+- *writable = true; |
4809 |
++ *writable = pte_write(*ptep); |
4810 |
++ pfn = pte_pfn(*ptep); |
4811 |
+ |
4812 |
+ /* |
4813 |
+ * Get a reference here because callers of *hva_to_pfn* and |
4814 |
+@@ -1555,11 +1569,21 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma, |
4815 |
+ * Whoever called remap_pfn_range is also going to call e.g. |
4816 |
+ * unmap_mapping_range before the underlying pages are freed, |
4817 |
+ * causing a call to our MMU notifier. |
4818 |
++ * |
4819 |
++ * Certain IO or PFNMAP mappings can be backed with valid |
4820 |
++ * struct pages, but be allocated without refcounting e.g., |
4821 |
++ * tail pages of non-compound higher order allocations, which |
4822 |
++ * would then underflow the refcount when the caller does the |
4823 |
++ * required put_page. Don't allow those pages here. |
4824 |
+ */ |
4825 |
+- kvm_get_pfn(pfn); |
4826 |
++ if (!kvm_try_get_pfn(pfn)) |
4827 |
++ r = -EFAULT; |
4828 |
+ |
4829 |
++out: |
4830 |
++ pte_unmap_unlock(ptep, ptl); |
4831 |
+ *p_pfn = pfn; |
4832 |
+- return 0; |
4833 |
++ |
4834 |
++ return r; |
4835 |
+ } |
4836 |
+ |
4837 |
+ /* |