1 |
commit: 256fa88d67f14d3a6ccc69d94cc038a01c2c9f56 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 29 13:32:10 2018 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 29 13:32:10 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=256fa88d |
7 |
|
8 |
Linux patch 4.4.159 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1158_linux-4.4.159.patch | 678 +++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 682 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 7661927..9f263b4 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -675,6 +675,10 @@ Patch: 1157_linux-4.4.158.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.4.158 |
23 |
|
24 |
+Patch: 1158_linux-4.4.159.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.4.159 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1158_linux-4.4.159.patch b/1158_linux-4.4.159.patch |
33 |
new file mode 100644 |
34 |
index 0000000..4bfdf07 |
35 |
--- /dev/null |
36 |
+++ b/1158_linux-4.4.159.patch |
37 |
@@ -0,0 +1,678 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index d07a6283b67e..06d5c6a6a0f6 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 4 |
45 |
+-SUBLEVEL = 158 |
46 |
++SUBLEVEL = 159 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Blurry Fish Butt |
49 |
+ |
50 |
+diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S |
51 |
+index dccd0c2e9023..3028d9b028c7 100644 |
52 |
+--- a/arch/arm64/kernel/entry.S |
53 |
++++ b/arch/arm64/kernel/entry.S |
54 |
+@@ -649,6 +649,9 @@ work_pending: |
55 |
+ bl do_notify_resume |
56 |
+ b ret_to_user |
57 |
+ work_resched: |
58 |
++#ifdef CONFIG_TRACE_IRQFLAGS |
59 |
++ bl trace_hardirqs_off // the IRQs are off here, inform the tracing code |
60 |
++#endif |
61 |
+ bl schedule |
62 |
+ |
63 |
+ /* |
64 |
+diff --git a/arch/x86/xen/pmu.c b/arch/x86/xen/pmu.c |
65 |
+index 724a08740a04..9c7358110d32 100644 |
66 |
+--- a/arch/x86/xen/pmu.c |
67 |
++++ b/arch/x86/xen/pmu.c |
68 |
+@@ -477,7 +477,7 @@ static void xen_convert_regs(const struct xen_pmu_regs *xen_regs, |
69 |
+ irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id) |
70 |
+ { |
71 |
+ int err, ret = IRQ_NONE; |
72 |
+- struct pt_regs regs; |
73 |
++ struct pt_regs regs = {0}; |
74 |
+ const struct xen_pmu_data *xenpmu_data = get_xenpmu_data(); |
75 |
+ uint8_t xenpmu_flags = get_xenpmu_flags(); |
76 |
+ |
77 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c |
78 |
+index ababdaabe870..1855b475cc0b 100644 |
79 |
+--- a/drivers/gpu/drm/nouveau/nouveau_connector.c |
80 |
++++ b/drivers/gpu/drm/nouveau/nouveau_connector.c |
81 |
+@@ -253,12 +253,16 @@ nouveau_connector_detect(struct drm_connector *connector, bool force) |
82 |
+ nv_connector->edid = NULL; |
83 |
+ } |
84 |
+ |
85 |
+- /* Outputs are only polled while runtime active, so acquiring a |
86 |
+- * runtime PM ref here is unnecessary (and would deadlock upon |
87 |
+- * runtime suspend because it waits for polling to finish). |
88 |
++ /* Outputs are only polled while runtime active, so resuming the |
89 |
++ * device here is unnecessary (and would deadlock upon runtime suspend |
90 |
++ * because it waits for polling to finish). We do however, want to |
91 |
++ * prevent the autosuspend timer from elapsing during this operation |
92 |
++ * if possible. |
93 |
+ */ |
94 |
+- if (!drm_kms_helper_is_poll_worker()) { |
95 |
+- ret = pm_runtime_get_sync(connector->dev->dev); |
96 |
++ if (drm_kms_helper_is_poll_worker()) { |
97 |
++ pm_runtime_get_noresume(dev->dev); |
98 |
++ } else { |
99 |
++ ret = pm_runtime_get_sync(dev->dev); |
100 |
+ if (ret < 0 && ret != -EACCES) |
101 |
+ return conn_status; |
102 |
+ } |
103 |
+@@ -329,10 +333,8 @@ detect_analog: |
104 |
+ |
105 |
+ out: |
106 |
+ |
107 |
+- if (!drm_kms_helper_is_poll_worker()) { |
108 |
+- pm_runtime_mark_last_busy(connector->dev->dev); |
109 |
+- pm_runtime_put_autosuspend(connector->dev->dev); |
110 |
+- } |
111 |
++ pm_runtime_mark_last_busy(dev->dev); |
112 |
++ pm_runtime_put_autosuspend(dev->dev); |
113 |
+ |
114 |
+ return conn_status; |
115 |
+ } |
116 |
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
117 |
+index e4541c6bf3d3..4564ecf71181 100644 |
118 |
+--- a/drivers/hid/hid-core.c |
119 |
++++ b/drivers/hid/hid-core.c |
120 |
+@@ -2011,6 +2011,9 @@ static const struct hid_device_id hid_have_special_driver[] = { |
121 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS3_CONTROLLER) }, |
122 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER) }, |
123 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER) }, |
124 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2) }, |
125 |
++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2) }, |
126 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE) }, |
127 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGX_MOUSE) }, |
128 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_VAIO_VGP_MOUSE) }, |
129 |
+ { HID_USB_DEVICE(USB_VENDOR_ID_STEELSERIES, USB_DEVICE_ID_STEELSERIES_SRWS1) }, |
130 |
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h |
131 |
+index 60e2c9faa95f..00d8366a614e 100644 |
132 |
+--- a/drivers/hid/hid-ids.h |
133 |
++++ b/drivers/hid/hid-ids.h |
134 |
+@@ -879,6 +879,8 @@ |
135 |
+ #define USB_DEVICE_ID_SONY_PS3_BDREMOTE 0x0306 |
136 |
+ #define USB_DEVICE_ID_SONY_PS3_CONTROLLER 0x0268 |
137 |
+ #define USB_DEVICE_ID_SONY_PS4_CONTROLLER 0x05c4 |
138 |
++#define USB_DEVICE_ID_SONY_PS4_CONTROLLER_2 0x09cc |
139 |
++#define USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE 0x0ba0 |
140 |
+ #define USB_DEVICE_ID_SONY_MOTION_CONTROLLER 0x03d5 |
141 |
+ #define USB_DEVICE_ID_SONY_NAVIGATION_CONTROLLER 0x042f |
142 |
+ #define USB_DEVICE_ID_SONY_BUZZ_CONTROLLER 0x0002 |
143 |
+diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c |
144 |
+index 21febbb0d84e..6f3d47185bf0 100644 |
145 |
+--- a/drivers/hid/hid-sony.c |
146 |
++++ b/drivers/hid/hid-sony.c |
147 |
+@@ -2460,6 +2460,12 @@ static const struct hid_device_id sony_devices[] = { |
148 |
+ .driver_data = DUALSHOCK4_CONTROLLER_USB }, |
149 |
+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER), |
150 |
+ .driver_data = DUALSHOCK4_CONTROLLER_BT }, |
151 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2), |
152 |
++ .driver_data = DUALSHOCK4_CONTROLLER_USB }, |
153 |
++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_2), |
154 |
++ .driver_data = DUALSHOCK4_CONTROLLER_BT }, |
155 |
++ { HID_USB_DEVICE(USB_VENDOR_ID_SONY, USB_DEVICE_ID_SONY_PS4_CONTROLLER_DONGLE), |
156 |
++ .driver_data = DUALSHOCK4_CONTROLLER_USB }, |
157 |
+ { } |
158 |
+ }; |
159 |
+ MODULE_DEVICE_TABLE(hid, sony_devices); |
160 |
+diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c |
161 |
+index 53aa7515f542..04206c600098 100644 |
162 |
+--- a/drivers/infiniband/hw/cxgb4/qp.c |
163 |
++++ b/drivers/infiniband/hw/cxgb4/qp.c |
164 |
+@@ -1183,6 +1183,12 @@ static void flush_qp(struct c4iw_qp *qhp) |
165 |
+ |
166 |
+ t4_set_wq_in_error(&qhp->wq); |
167 |
+ if (qhp->ibqp.uobject) { |
168 |
++ |
169 |
++ /* for user qps, qhp->wq.flushed is protected by qhp->mutex */ |
170 |
++ if (qhp->wq.flushed) |
171 |
++ return; |
172 |
++ |
173 |
++ qhp->wq.flushed = 1; |
174 |
+ t4_set_cq_in_error(&rchp->cq); |
175 |
+ spin_lock_irqsave(&rchp->comp_handler_lock, flag); |
176 |
+ (*rchp->ibcq.comp_handler)(&rchp->ibcq, rchp->ibcq.cq_context); |
177 |
+diff --git a/drivers/net/appletalk/ipddp.c b/drivers/net/appletalk/ipddp.c |
178 |
+index 2e4649655181..4e98e5aff7c5 100644 |
179 |
+--- a/drivers/net/appletalk/ipddp.c |
180 |
++++ b/drivers/net/appletalk/ipddp.c |
181 |
+@@ -284,8 +284,12 @@ static int ipddp_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
182 |
+ case SIOCFINDIPDDPRT: |
183 |
+ spin_lock_bh(&ipddp_route_lock); |
184 |
+ rp = __ipddp_find_route(&rcp); |
185 |
+- if (rp) |
186 |
+- memcpy(&rcp2, rp, sizeof(rcp2)); |
187 |
++ if (rp) { |
188 |
++ memset(&rcp2, 0, sizeof(rcp2)); |
189 |
++ rcp2.ip = rp->ip; |
190 |
++ rcp2.at = rp->at; |
191 |
++ rcp2.flags = rp->flags; |
192 |
++ } |
193 |
+ spin_unlock_bh(&ipddp_route_lock); |
194 |
+ |
195 |
+ if (rp) { |
196 |
+diff --git a/drivers/net/ethernet/hp/hp100.c b/drivers/net/ethernet/hp/hp100.c |
197 |
+index 3daf2d4a7ca0..884aa809baac 100644 |
198 |
+--- a/drivers/net/ethernet/hp/hp100.c |
199 |
++++ b/drivers/net/ethernet/hp/hp100.c |
200 |
+@@ -2636,7 +2636,7 @@ static int hp100_login_to_vg_hub(struct net_device *dev, u_short force_relogin) |
201 |
+ /* Wait for link to drop */ |
202 |
+ time = jiffies + (HZ / 10); |
203 |
+ do { |
204 |
+- if (~(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST)) |
205 |
++ if (!(hp100_inb(VG_LAN_CFG_1) & HP100_LINK_UP_ST)) |
206 |
+ break; |
207 |
+ if (!in_interrupt()) |
208 |
+ schedule_timeout_interruptible(1); |
209 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
210 |
+index 3270b4333668..0a4bd73caae5 100644 |
211 |
+--- a/drivers/net/xen-netfront.c |
212 |
++++ b/drivers/net/xen-netfront.c |
213 |
+@@ -892,7 +892,11 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, |
214 |
+ BUG_ON(pull_to <= skb_headlen(skb)); |
215 |
+ __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); |
216 |
+ } |
217 |
+- BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS); |
218 |
++ if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { |
219 |
++ queue->rx.rsp_cons = ++cons; |
220 |
++ kfree_skb(nskb); |
221 |
++ return ~0U; |
222 |
++ } |
223 |
+ |
224 |
+ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, |
225 |
+ skb_frag_page(nfrag), |
226 |
+@@ -1029,6 +1033,8 @@ err: |
227 |
+ skb->len += rx->status; |
228 |
+ |
229 |
+ i = xennet_fill_frags(queue, skb, &tmpq); |
230 |
++ if (unlikely(i == ~0U)) |
231 |
++ goto err; |
232 |
+ |
233 |
+ if (rx->flags & XEN_NETRXF_csum_blank) |
234 |
+ skb->ip_summed = CHECKSUM_PARTIAL; |
235 |
+diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c |
236 |
+index 1e1e59423889..3df47c1b04ec 100644 |
237 |
+--- a/drivers/platform/x86/alienware-wmi.c |
238 |
++++ b/drivers/platform/x86/alienware-wmi.c |
239 |
+@@ -463,6 +463,7 @@ static acpi_status alienware_hdmi_command(struct hdmi_args *in_args, |
240 |
+ if (obj && obj->type == ACPI_TYPE_INTEGER) |
241 |
+ *out_data = (u32) obj->integer.value; |
242 |
+ } |
243 |
++ kfree(output.pointer); |
244 |
+ return status; |
245 |
+ |
246 |
+ } |
247 |
+diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c |
248 |
+index 47e249dccb5f..b380bc7ee10a 100644 |
249 |
+--- a/drivers/target/iscsi/iscsi_target_auth.c |
250 |
++++ b/drivers/target/iscsi/iscsi_target_auth.c |
251 |
+@@ -26,18 +26,6 @@ |
252 |
+ #include "iscsi_target_nego.h" |
253 |
+ #include "iscsi_target_auth.h" |
254 |
+ |
255 |
+-static int chap_string_to_hex(unsigned char *dst, unsigned char *src, int len) |
256 |
+-{ |
257 |
+- int j = DIV_ROUND_UP(len, 2), rc; |
258 |
+- |
259 |
+- rc = hex2bin(dst, src, j); |
260 |
+- if (rc < 0) |
261 |
+- pr_debug("CHAP string contains non hex digit symbols\n"); |
262 |
+- |
263 |
+- dst[j] = '\0'; |
264 |
+- return j; |
265 |
+-} |
266 |
+- |
267 |
+ static void chap_binaryhex_to_asciihex(char *dst, char *src, int src_len) |
268 |
+ { |
269 |
+ int i; |
270 |
+@@ -241,9 +229,16 @@ static int chap_server_compute_md5( |
271 |
+ pr_err("Could not find CHAP_R.\n"); |
272 |
+ goto out; |
273 |
+ } |
274 |
++ if (strlen(chap_r) != MD5_SIGNATURE_SIZE * 2) { |
275 |
++ pr_err("Malformed CHAP_R\n"); |
276 |
++ goto out; |
277 |
++ } |
278 |
++ if (hex2bin(client_digest, chap_r, MD5_SIGNATURE_SIZE) < 0) { |
279 |
++ pr_err("Malformed CHAP_R\n"); |
280 |
++ goto out; |
281 |
++ } |
282 |
+ |
283 |
+ pr_debug("[server] Got CHAP_R=%s\n", chap_r); |
284 |
+- chap_string_to_hex(client_digest, chap_r, strlen(chap_r)); |
285 |
+ |
286 |
+ tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC); |
287 |
+ if (IS_ERR(tfm)) { |
288 |
+@@ -348,9 +343,7 @@ static int chap_server_compute_md5( |
289 |
+ pr_err("Could not find CHAP_C.\n"); |
290 |
+ goto out; |
291 |
+ } |
292 |
+- pr_debug("[server] Got CHAP_C=%s\n", challenge); |
293 |
+- challenge_len = chap_string_to_hex(challenge_binhex, challenge, |
294 |
+- strlen(challenge)); |
295 |
++ challenge_len = DIV_ROUND_UP(strlen(challenge), 2); |
296 |
+ if (!challenge_len) { |
297 |
+ pr_err("Unable to convert incoming challenge\n"); |
298 |
+ goto out; |
299 |
+@@ -359,6 +352,11 @@ static int chap_server_compute_md5( |
300 |
+ pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); |
301 |
+ goto out; |
302 |
+ } |
303 |
++ if (hex2bin(challenge_binhex, challenge, challenge_len) < 0) { |
304 |
++ pr_err("Malformed CHAP_C\n"); |
305 |
++ goto out; |
306 |
++ } |
307 |
++ pr_debug("[server] Got CHAP_C=%s\n", challenge); |
308 |
+ /* |
309 |
+ * During mutual authentication, the CHAP_C generated by the |
310 |
+ * initiator must not match the original CHAP_C generated by |
311 |
+diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c |
312 |
+index 97d5a74558a3..a86bc7afb3b2 100644 |
313 |
+--- a/drivers/tty/vt/vt_ioctl.c |
314 |
++++ b/drivers/tty/vt/vt_ioctl.c |
315 |
+@@ -31,6 +31,8 @@ |
316 |
+ #include <asm/io.h> |
317 |
+ #include <asm/uaccess.h> |
318 |
+ |
319 |
++#include <linux/nospec.h> |
320 |
++ |
321 |
+ #include <linux/kbd_kern.h> |
322 |
+ #include <linux/vt_kern.h> |
323 |
+ #include <linux/kbd_diacr.h> |
324 |
+@@ -703,6 +705,8 @@ int vt_ioctl(struct tty_struct *tty, |
325 |
+ if (vsa.console == 0 || vsa.console > MAX_NR_CONSOLES) |
326 |
+ ret = -ENXIO; |
327 |
+ else { |
328 |
++ vsa.console = array_index_nospec(vsa.console, |
329 |
++ MAX_NR_CONSOLES + 1); |
330 |
+ vsa.console--; |
331 |
+ console_lock(); |
332 |
+ ret = vc_allocate(vsa.console); |
333 |
+diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c |
334 |
+index 6d17f31a31d7..8eb768bbf5b5 100644 |
335 |
+--- a/fs/ext4/dir.c |
336 |
++++ b/fs/ext4/dir.c |
337 |
+@@ -74,7 +74,7 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, |
338 |
+ else if (unlikely(rlen < EXT4_DIR_REC_LEN(de->name_len))) |
339 |
+ error_msg = "rec_len is too small for name_len"; |
340 |
+ else if (unlikely(((char *) de - buf) + rlen > size)) |
341 |
+- error_msg = "directory entry across range"; |
342 |
++ error_msg = "directory entry overrun"; |
343 |
+ else if (unlikely(le32_to_cpu(de->inode) > |
344 |
+ le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) |
345 |
+ error_msg = "inode out of bounds"; |
346 |
+@@ -83,18 +83,16 @@ int __ext4_check_dir_entry(const char *function, unsigned int line, |
347 |
+ |
348 |
+ if (filp) |
349 |
+ ext4_error_file(filp, function, line, bh->b_blocknr, |
350 |
+- "bad entry in directory: %s - offset=%u(%u), " |
351 |
+- "inode=%u, rec_len=%d, name_len=%d", |
352 |
+- error_msg, (unsigned) (offset % size), |
353 |
+- offset, le32_to_cpu(de->inode), |
354 |
+- rlen, de->name_len); |
355 |
++ "bad entry in directory: %s - offset=%u, " |
356 |
++ "inode=%u, rec_len=%d, name_len=%d, size=%d", |
357 |
++ error_msg, offset, le32_to_cpu(de->inode), |
358 |
++ rlen, de->name_len, size); |
359 |
+ else |
360 |
+ ext4_error_inode(dir, function, line, bh->b_blocknr, |
361 |
+- "bad entry in directory: %s - offset=%u(%u), " |
362 |
+- "inode=%u, rec_len=%d, name_len=%d", |
363 |
+- error_msg, (unsigned) (offset % size), |
364 |
+- offset, le32_to_cpu(de->inode), |
365 |
+- rlen, de->name_len); |
366 |
++ "bad entry in directory: %s - offset=%u, " |
367 |
++ "inode=%u, rec_len=%d, name_len=%d, size=%d", |
368 |
++ error_msg, offset, le32_to_cpu(de->inode), |
369 |
++ rlen, de->name_len, size); |
370 |
+ |
371 |
+ return 1; |
372 |
+ } |
373 |
+diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
374 |
+index c449bc089c94..1e7a9774119c 100644 |
375 |
+--- a/fs/ext4/inline.c |
376 |
++++ b/fs/ext4/inline.c |
377 |
+@@ -1756,6 +1756,7 @@ int empty_inline_dir(struct inode *dir, int *has_inline_data) |
378 |
+ { |
379 |
+ int err, inline_size; |
380 |
+ struct ext4_iloc iloc; |
381 |
++ size_t inline_len; |
382 |
+ void *inline_pos; |
383 |
+ unsigned int offset; |
384 |
+ struct ext4_dir_entry_2 *de; |
385 |
+@@ -1783,8 +1784,9 @@ int empty_inline_dir(struct inode *dir, int *has_inline_data) |
386 |
+ goto out; |
387 |
+ } |
388 |
+ |
389 |
++ inline_len = ext4_get_inline_size(dir); |
390 |
+ offset = EXT4_INLINE_DOTDOT_SIZE; |
391 |
+- while (offset < dir->i_size) { |
392 |
++ while (offset < inline_len) { |
393 |
+ de = ext4_get_inline_entry(dir, &iloc, offset, |
394 |
+ &inline_pos, &inline_size); |
395 |
+ if (ext4_check_dir_entry(dir, NULL, de, |
396 |
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c |
397 |
+index 0a512aa81bf7..4c9d799955d1 100644 |
398 |
+--- a/fs/ext4/mmp.c |
399 |
++++ b/fs/ext4/mmp.c |
400 |
+@@ -48,7 +48,6 @@ static int write_mmp_block(struct super_block *sb, struct buffer_head *bh) |
401 |
+ */ |
402 |
+ sb_start_write(sb); |
403 |
+ ext4_mmp_csum_set(sb, mmp); |
404 |
+- mark_buffer_dirty(bh); |
405 |
+ lock_buffer(bh); |
406 |
+ bh->b_end_io = end_buffer_write_sync; |
407 |
+ get_bh(bh); |
408 |
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c |
409 |
+index d2421fd38833..783280ebc2fe 100644 |
410 |
+--- a/fs/ext4/resize.c |
411 |
++++ b/fs/ext4/resize.c |
412 |
+@@ -18,6 +18,7 @@ |
413 |
+ |
414 |
+ int ext4_resize_begin(struct super_block *sb) |
415 |
+ { |
416 |
++ struct ext4_sb_info *sbi = EXT4_SB(sb); |
417 |
+ int ret = 0; |
418 |
+ |
419 |
+ if (!capable(CAP_SYS_RESOURCE)) |
420 |
+@@ -28,7 +29,7 @@ int ext4_resize_begin(struct super_block *sb) |
421 |
+ * because the user tools have no way of handling this. Probably a |
422 |
+ * bad time to do it anyways. |
423 |
+ */ |
424 |
+- if (EXT4_SB(sb)->s_sbh->b_blocknr != |
425 |
++ if (EXT4_B2C(sbi, sbi->s_sbh->b_blocknr) != |
426 |
+ le32_to_cpu(EXT4_SB(sb)->s_es->s_first_data_block)) { |
427 |
+ ext4_warning(sb, "won't resize using backup superblock at %llu", |
428 |
+ (unsigned long long)EXT4_SB(sb)->s_sbh->b_blocknr); |
429 |
+@@ -1954,6 +1955,26 @@ retry: |
430 |
+ } |
431 |
+ } |
432 |
+ |
433 |
++ /* |
434 |
++ * Make sure the last group has enough space so that it's |
435 |
++ * guaranteed to have enough space for all metadata blocks |
436 |
++ * that it might need to hold. (We might not need to store |
437 |
++ * the inode table blocks in the last block group, but there |
438 |
++ * will be cases where this might be needed.) |
439 |
++ */ |
440 |
++ if ((ext4_group_first_block_no(sb, n_group) + |
441 |
++ ext4_group_overhead_blocks(sb, n_group) + 2 + |
442 |
++ sbi->s_itb_per_group + sbi->s_cluster_ratio) >= n_blocks_count) { |
443 |
++ n_blocks_count = ext4_group_first_block_no(sb, n_group); |
444 |
++ n_group--; |
445 |
++ n_blocks_count_retry = 0; |
446 |
++ if (resize_inode) { |
447 |
++ iput(resize_inode); |
448 |
++ resize_inode = NULL; |
449 |
++ } |
450 |
++ goto retry; |
451 |
++ } |
452 |
++ |
453 |
+ /* extend the last group */ |
454 |
+ if (n_group == o_group) |
455 |
+ add = n_blocks_count - o_blocks_count; |
456 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
457 |
+index 8d18f6142da5..a3d905abbaa9 100644 |
458 |
+--- a/fs/ext4/super.c |
459 |
++++ b/fs/ext4/super.c |
460 |
+@@ -4024,11 +4024,13 @@ no_journal: |
461 |
+ block = ext4_count_free_clusters(sb); |
462 |
+ ext4_free_blocks_count_set(sbi->s_es, |
463 |
+ EXT4_C2B(sbi, block)); |
464 |
++ ext4_superblock_csum_set(sb); |
465 |
+ err = percpu_counter_init(&sbi->s_freeclusters_counter, block, |
466 |
+ GFP_KERNEL); |
467 |
+ if (!err) { |
468 |
+ unsigned long freei = ext4_count_free_inodes(sb); |
469 |
+ sbi->s_es->s_free_inodes_count = cpu_to_le32(freei); |
470 |
++ ext4_superblock_csum_set(sb); |
471 |
+ err = percpu_counter_init(&sbi->s_freeinodes_counter, freei, |
472 |
+ GFP_KERNEL); |
473 |
+ } |
474 |
+diff --git a/fs/ocfs2/buffer_head_io.c b/fs/ocfs2/buffer_head_io.c |
475 |
+index fe50ded1b4ce..272269f1c310 100644 |
476 |
+--- a/fs/ocfs2/buffer_head_io.c |
477 |
++++ b/fs/ocfs2/buffer_head_io.c |
478 |
+@@ -336,6 +336,7 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr, |
479 |
+ * for this bh as it's not marked locally |
480 |
+ * uptodate. */ |
481 |
+ status = -EIO; |
482 |
++ clear_buffer_needs_validate(bh); |
483 |
+ put_bh(bh); |
484 |
+ bhs[i] = NULL; |
485 |
+ continue; |
486 |
+diff --git a/include/net/nfc/hci.h b/include/net/nfc/hci.h |
487 |
+index 316694dafa5b..008f466d1da7 100644 |
488 |
+--- a/include/net/nfc/hci.h |
489 |
++++ b/include/net/nfc/hci.h |
490 |
+@@ -87,7 +87,7 @@ struct nfc_hci_pipe { |
491 |
+ * According to specification 102 622 chapter 4.4 Pipes, |
492 |
+ * the pipe identifier is 7 bits long. |
493 |
+ */ |
494 |
+-#define NFC_HCI_MAX_PIPES 127 |
495 |
++#define NFC_HCI_MAX_PIPES 128 |
496 |
+ struct nfc_hci_init_data { |
497 |
+ u8 gate_count; |
498 |
+ struct nfc_hci_gate gates[NFC_HCI_MAX_CUSTOM_GATES]; |
499 |
+diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
500 |
+index fdaa88f38aec..74b20e3ab8c6 100644 |
501 |
+--- a/kernel/trace/ring_buffer.c |
502 |
++++ b/kernel/trace/ring_buffer.c |
503 |
+@@ -1513,6 +1513,8 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages) |
504 |
+ tmp_iter_page = first_page; |
505 |
+ |
506 |
+ do { |
507 |
++ cond_resched(); |
508 |
++ |
509 |
+ to_remove_page = tmp_iter_page; |
510 |
+ rb_inc_page(cpu_buffer, &tmp_iter_page); |
511 |
+ |
512 |
+diff --git a/mm/shmem.c b/mm/shmem.c |
513 |
+index 1b11ccc0a3b7..8e506a45a6ef 100644 |
514 |
+--- a/mm/shmem.c |
515 |
++++ b/mm/shmem.c |
516 |
+@@ -1464,6 +1464,8 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode |
517 |
+ mpol_shared_policy_init(&info->policy, NULL); |
518 |
+ break; |
519 |
+ } |
520 |
++ |
521 |
++ lockdep_annotate_inode_mutex_key(inode); |
522 |
+ } else |
523 |
+ shmem_free_inode(sb); |
524 |
+ return inode; |
525 |
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c |
526 |
+index f60b93627876..78dc184072e8 100644 |
527 |
+--- a/net/core/neighbour.c |
528 |
++++ b/net/core/neighbour.c |
529 |
+@@ -1140,6 +1140,12 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, |
530 |
+ lladdr = neigh->ha; |
531 |
+ } |
532 |
+ |
533 |
++ /* Update confirmed timestamp for neighbour entry after we |
534 |
++ * received ARP packet even if it doesn't change IP to MAC binding. |
535 |
++ */ |
536 |
++ if (new & NUD_CONNECTED) |
537 |
++ neigh->confirmed = jiffies; |
538 |
++ |
539 |
+ /* If entry was valid and address is not changed, |
540 |
+ do not change entry state, if new one is STALE. |
541 |
+ */ |
542 |
+@@ -1163,15 +1169,12 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new, |
543 |
+ } |
544 |
+ } |
545 |
+ |
546 |
+- /* Update timestamps only once we know we will make a change to the |
547 |
++ /* Update timestamp only once we know we will make a change to the |
548 |
+ * neighbour entry. Otherwise we risk to move the locktime window with |
549 |
+ * noop updates and ignore relevant ARP updates. |
550 |
+ */ |
551 |
+- if (new != old || lladdr != neigh->ha) { |
552 |
+- if (new & NUD_CONNECTED) |
553 |
+- neigh->confirmed = jiffies; |
554 |
++ if (new != old || lladdr != neigh->ha) |
555 |
+ neigh->updated = jiffies; |
556 |
+- } |
557 |
+ |
558 |
+ if (new != old) { |
559 |
+ neigh_del_timer(neigh); |
560 |
+diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
561 |
+index 967a47ff78a4..b12721ecb0b6 100644 |
562 |
+--- a/net/ipv4/af_inet.c |
563 |
++++ b/net/ipv4/af_inet.c |
564 |
+@@ -1280,6 +1280,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, |
565 |
+ if (encap) |
566 |
+ skb_reset_inner_headers(skb); |
567 |
+ skb->network_header = (u8 *)iph - skb->head; |
568 |
++ skb_reset_mac_len(skb); |
569 |
+ } while ((skb = skb->next)); |
570 |
+ |
571 |
+ out: |
572 |
+diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c |
573 |
+index 9e2ea4ae840d..244b9fec9d4d 100644 |
574 |
+--- a/net/ipv6/ip6_offload.c |
575 |
++++ b/net/ipv6/ip6_offload.c |
576 |
+@@ -118,6 +118,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, |
577 |
+ ipv6h = (struct ipv6hdr *)(skb_mac_header(skb) + nhoff); |
578 |
+ ipv6h->payload_len = htons(skb->len - nhoff - sizeof(*ipv6h)); |
579 |
+ skb->network_header = (u8 *)ipv6h - skb->head; |
580 |
++ skb_reset_mac_len(skb); |
581 |
+ |
582 |
+ if (udpfrag) { |
583 |
+ int err = ip6_find_1stfragopt(skb, &prevhdr); |
584 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
585 |
+index 0feede45bd28..530b62fd6b64 100644 |
586 |
+--- a/net/ipv6/ip6_output.c |
587 |
++++ b/net/ipv6/ip6_output.c |
588 |
+@@ -193,12 +193,10 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, |
589 |
+ kfree_skb(skb); |
590 |
+ return -ENOBUFS; |
591 |
+ } |
592 |
++ if (skb->sk) |
593 |
++ skb_set_owner_w(skb2, skb->sk); |
594 |
+ consume_skb(skb); |
595 |
+ skb = skb2; |
596 |
+- /* skb_set_owner_w() changes sk->sk_wmem_alloc atomically, |
597 |
+- * it is safe to call in our context (socket lock not held) |
598 |
+- */ |
599 |
+- skb_set_owner_w(skb, (struct sock *)sk); |
600 |
+ } |
601 |
+ if (opt->opt_flen) |
602 |
+ ipv6_push_frag_opts(skb, opt, &proto); |
603 |
+diff --git a/net/nfc/hci/core.c b/net/nfc/hci/core.c |
604 |
+index 2b0f0ac498d2..5a58f9f38095 100644 |
605 |
+--- a/net/nfc/hci/core.c |
606 |
++++ b/net/nfc/hci/core.c |
607 |
+@@ -209,6 +209,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, |
608 |
+ } |
609 |
+ create_info = (struct hci_create_pipe_resp *)skb->data; |
610 |
+ |
611 |
++ if (create_info->pipe >= NFC_HCI_MAX_PIPES) { |
612 |
++ status = NFC_HCI_ANY_E_NOK; |
613 |
++ goto exit; |
614 |
++ } |
615 |
++ |
616 |
+ /* Save the new created pipe and bind with local gate, |
617 |
+ * the description for skb->data[3] is destination gate id |
618 |
+ * but since we received this cmd from host controller, we |
619 |
+@@ -232,6 +237,11 @@ void nfc_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd, |
620 |
+ } |
621 |
+ delete_info = (struct hci_delete_pipe_noti *)skb->data; |
622 |
+ |
623 |
++ if (delete_info->pipe >= NFC_HCI_MAX_PIPES) { |
624 |
++ status = NFC_HCI_ANY_E_NOK; |
625 |
++ goto exit; |
626 |
++ } |
627 |
++ |
628 |
+ hdev->pipes[delete_info->pipe].gate = NFC_HCI_INVALID_GATE; |
629 |
+ hdev->pipes[delete_info->pipe].dest_host = NFC_HCI_INVALID_HOST; |
630 |
+ break; |
631 |
+diff --git a/sound/firewire/bebob/bebob_maudio.c b/sound/firewire/bebob/bebob_maudio.c |
632 |
+index 07e5abdbceb5..0a576ccca3dc 100644 |
633 |
+--- a/sound/firewire/bebob/bebob_maudio.c |
634 |
++++ b/sound/firewire/bebob/bebob_maudio.c |
635 |
+@@ -96,17 +96,13 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit) |
636 |
+ struct fw_device *device = fw_parent_device(unit); |
637 |
+ int err, rcode; |
638 |
+ u64 date; |
639 |
+- __le32 cues[3] = { |
640 |
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE1), |
641 |
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE2), |
642 |
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE3) |
643 |
+- }; |
644 |
++ __le32 *cues; |
645 |
+ |
646 |
+ /* check date of software used to build */ |
647 |
+ err = snd_bebob_read_block(unit, INFO_OFFSET_SW_DATE, |
648 |
+ &date, sizeof(u64)); |
649 |
+ if (err < 0) |
650 |
+- goto end; |
651 |
++ return err; |
652 |
+ /* |
653 |
+ * firmware version 5058 or later has date later than "20070401", but |
654 |
+ * 'date' is not null-terminated. |
655 |
+@@ -114,20 +110,28 @@ int snd_bebob_maudio_load_firmware(struct fw_unit *unit) |
656 |
+ if (date < 0x3230303730343031LL) { |
657 |
+ dev_err(&unit->device, |
658 |
+ "Use firmware version 5058 or later\n"); |
659 |
+- err = -ENOSYS; |
660 |
+- goto end; |
661 |
++ return -ENXIO; |
662 |
+ } |
663 |
+ |
664 |
++ cues = kmalloc_array(3, sizeof(*cues), GFP_KERNEL); |
665 |
++ if (!cues) |
666 |
++ return -ENOMEM; |
667 |
++ |
668 |
++ cues[0] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE1); |
669 |
++ cues[1] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE2); |
670 |
++ cues[2] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE3); |
671 |
++ |
672 |
+ rcode = fw_run_transaction(device->card, TCODE_WRITE_BLOCK_REQUEST, |
673 |
+ device->node_id, device->generation, |
674 |
+ device->max_speed, BEBOB_ADDR_REG_REQ, |
675 |
+- cues, sizeof(cues)); |
676 |
++ cues, 3 * sizeof(*cues)); |
677 |
++ kfree(cues); |
678 |
+ if (rcode != RCODE_COMPLETE) { |
679 |
+ dev_err(&unit->device, |
680 |
+ "Failed to send a cue to load firmware\n"); |
681 |
+ err = -EIO; |
682 |
+ } |
683 |
+-end: |
684 |
++ |
685 |
+ return err; |
686 |
+ } |
687 |
+ |
688 |
+diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c |
689 |
+index 56fc47bd6dba..50b216fc369f 100644 |
690 |
+--- a/sound/pci/emu10k1/emufx.c |
691 |
++++ b/sound/pci/emu10k1/emufx.c |
692 |
+@@ -2520,7 +2520,7 @@ static int snd_emu10k1_fx8010_ioctl(struct snd_hwdep * hw, struct file *file, un |
693 |
+ emu->support_tlv = 1; |
694 |
+ return put_user(SNDRV_EMU10K1_VERSION, (int __user *)argp); |
695 |
+ case SNDRV_EMU10K1_IOCTL_INFO: |
696 |
+- info = kmalloc(sizeof(*info), GFP_KERNEL); |
697 |
++ info = kzalloc(sizeof(*info), GFP_KERNEL); |
698 |
+ if (!info) |
699 |
+ return -ENOMEM; |
700 |
+ snd_emu10k1_fx8010_info(emu, info); |
701 |
+diff --git a/sound/soc/codecs/cs4265.c b/sound/soc/codecs/cs4265.c |
702 |
+index 55db19ddc5ff..93b02be3a90e 100644 |
703 |
+--- a/sound/soc/codecs/cs4265.c |
704 |
++++ b/sound/soc/codecs/cs4265.c |
705 |
+@@ -157,8 +157,8 @@ static const struct snd_kcontrol_new cs4265_snd_controls[] = { |
706 |
+ SOC_SINGLE("Validity Bit Control Switch", CS4265_SPDIF_CTL2, |
707 |
+ 3, 1, 0), |
708 |
+ SOC_ENUM("SPDIF Mono/Stereo", spdif_mono_stereo_enum), |
709 |
+- SOC_SINGLE("MMTLR Data Switch", 0, |
710 |
+- 1, 1, 0), |
711 |
++ SOC_SINGLE("MMTLR Data Switch", CS4265_SPDIF_CTL2, |
712 |
++ 0, 1, 0), |
713 |
+ SOC_ENUM("Mono Channel Select", spdif_mono_select_enum), |
714 |
+ SND_SOC_BYTES("C Data Buffer", CS4265_C_DATA_BUFF, 24), |
715 |
+ }; |