1 |
commit: 9008f39a3d63e3006ef77c698aa32930cc2aebae |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 22 11:40:29 2021 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 22 11:40:29 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9008f39a |
7 |
|
8 |
Linux patch 4.19.207 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1206_linux-4.19.207.patch | 9342 +++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 9346 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 1c6d7ee..6a76482 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -863,6 +863,10 @@ Patch: 1205_linux-4.19.206.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.206 |
23 |
|
24 |
+Patch: 1206_linux-4.19.207.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.207 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1206_linux-4.19.207.patch b/1206_linux-4.19.207.patch |
33 |
new file mode 100644 |
34 |
index 0000000..7309df1 |
35 |
--- /dev/null |
36 |
+++ b/1206_linux-4.19.207.patch |
37 |
@@ -0,0 +1,9342 @@ |
38 |
+diff --git a/Documentation/admin-guide/devices.txt b/Documentation/admin-guide/devices.txt |
39 |
+index 1649117e6087d..9cd7926c87814 100644 |
40 |
+--- a/Documentation/admin-guide/devices.txt |
41 |
++++ b/Documentation/admin-guide/devices.txt |
42 |
+@@ -2993,10 +2993,10 @@ |
43 |
+ 65 = /dev/infiniband/issm1 Second InfiniBand IsSM device |
44 |
+ ... |
45 |
+ 127 = /dev/infiniband/issm63 63rd InfiniBand IsSM device |
46 |
+- 128 = /dev/infiniband/uverbs0 First InfiniBand verbs device |
47 |
+- 129 = /dev/infiniband/uverbs1 Second InfiniBand verbs device |
48 |
++ 192 = /dev/infiniband/uverbs0 First InfiniBand verbs device |
49 |
++ 193 = /dev/infiniband/uverbs1 Second InfiniBand verbs device |
50 |
+ ... |
51 |
+- 159 = /dev/infiniband/uverbs31 31st InfiniBand verbs device |
52 |
++ 223 = /dev/infiniband/uverbs31 31st InfiniBand verbs device |
53 |
+ |
54 |
+ 232 char Biometric Devices |
55 |
+ 0 = /dev/biometric/sensor0/fingerprint first fingerprint sensor on first device |
56 |
+diff --git a/Documentation/devicetree/bindings/mtd/gpmc-nand.txt b/Documentation/devicetree/bindings/mtd/gpmc-nand.txt |
57 |
+index c059ab74ed886..a4a75fa795249 100644 |
58 |
+--- a/Documentation/devicetree/bindings/mtd/gpmc-nand.txt |
59 |
++++ b/Documentation/devicetree/bindings/mtd/gpmc-nand.txt |
60 |
+@@ -122,7 +122,7 @@ on various other factors also like; |
61 |
+ so the device should have enough free bytes available its OOB/Spare |
62 |
+ area to accommodate ECC for entire page. In general following expression |
63 |
+ helps in determining if given device can accommodate ECC syndrome: |
64 |
+- "2 + (PAGESIZE / 512) * ECC_BYTES" >= OOBSIZE" |
65 |
++ "2 + (PAGESIZE / 512) * ECC_BYTES" <= OOBSIZE" |
66 |
+ where |
67 |
+ OOBSIZE number of bytes in OOB/spare area |
68 |
+ PAGESIZE number of bytes in main-area of device page |
69 |
+diff --git a/Makefile b/Makefile |
70 |
+index 3a3eea3ab10a5..77dd62aa0bbe5 100644 |
71 |
+--- a/Makefile |
72 |
++++ b/Makefile |
73 |
+@@ -1,7 +1,7 @@ |
74 |
+ # SPDX-License-Identifier: GPL-2.0 |
75 |
+ VERSION = 4 |
76 |
+ PATCHLEVEL = 19 |
77 |
+-SUBLEVEL = 206 |
78 |
++SUBLEVEL = 207 |
79 |
+ EXTRAVERSION = |
80 |
+ NAME = "People's Front" |
81 |
+ |
82 |
+diff --git a/arch/arc/mm/cache.c b/arch/arc/mm/cache.c |
83 |
+index cf9619d4efb4f..c5254c5967ed6 100644 |
84 |
+--- a/arch/arc/mm/cache.c |
85 |
++++ b/arch/arc/mm/cache.c |
86 |
+@@ -1112,7 +1112,7 @@ void clear_user_page(void *to, unsigned long u_vaddr, struct page *page) |
87 |
+ clear_page(to); |
88 |
+ clear_bit(PG_dc_clean, &page->flags); |
89 |
+ } |
90 |
+- |
91 |
++EXPORT_SYMBOL(clear_user_page); |
92 |
+ |
93 |
+ /********************************************************************** |
94 |
+ * Explicit Cache flush request from user space via syscall |
95 |
+diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile |
96 |
+index ec2327a3796d5..1b3a4144646b0 100644 |
97 |
+--- a/arch/arm/boot/compressed/Makefile |
98 |
++++ b/arch/arm/boot/compressed/Makefile |
99 |
+@@ -90,6 +90,8 @@ $(addprefix $(obj)/,$(libfdt_objs) atags_to_fdt.o): \ |
100 |
+ $(addprefix $(obj)/,$(libfdt_hdrs)) |
101 |
+ |
102 |
+ ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y) |
103 |
++CFLAGS_REMOVE_atags_to_fdt.o += -Wframe-larger-than=${CONFIG_FRAME_WARN} |
104 |
++CFLAGS_atags_to_fdt.o += -Wframe-larger-than=1280 |
105 |
+ OBJS += $(libfdt_objs) atags_to_fdt.o |
106 |
+ endif |
107 |
+ |
108 |
+diff --git a/arch/arm/boot/dts/imx53-ppd.dts b/arch/arm/boot/dts/imx53-ppd.dts |
109 |
+index f202396e3f2a8..f346673d34ead 100644 |
110 |
+--- a/arch/arm/boot/dts/imx53-ppd.dts |
111 |
++++ b/arch/arm/boot/dts/imx53-ppd.dts |
112 |
+@@ -70,6 +70,12 @@ |
113 |
+ clock-frequency = <11289600>; |
114 |
+ }; |
115 |
+ |
116 |
++ achc_24M: achc-clock { |
117 |
++ compatible = "fixed-clock"; |
118 |
++ #clock-cells = <0>; |
119 |
++ clock-frequency = <24000000>; |
120 |
++ }; |
121 |
++ |
122 |
+ sgtlsound: sound { |
123 |
+ compatible = "fsl,imx53-cpuvo-sgtl5000", |
124 |
+ "fsl,imx-audio-sgtl5000"; |
125 |
+@@ -287,16 +293,13 @@ |
126 |
+ &gpio4 12 GPIO_ACTIVE_LOW>; |
127 |
+ status = "okay"; |
128 |
+ |
129 |
+- spidev0: spi@0 { |
130 |
+- compatible = "ge,achc"; |
131 |
+- reg = <0>; |
132 |
+- spi-max-frequency = <1000000>; |
133 |
+- }; |
134 |
+- |
135 |
+- spidev1: spi@1 { |
136 |
+- compatible = "ge,achc"; |
137 |
+- reg = <1>; |
138 |
+- spi-max-frequency = <1000000>; |
139 |
++ spidev0: spi@1 { |
140 |
++ compatible = "ge,achc", "nxp,kinetis-k20"; |
141 |
++ reg = <1>, <0>; |
142 |
++ vdd-supply = <®_3v3>; |
143 |
++ vdda-supply = <®_3v3>; |
144 |
++ clocks = <&achc_24M>; |
145 |
++ reset-gpios = <&gpio3 6 GPIO_ACTIVE_LOW>; |
146 |
+ }; |
147 |
+ |
148 |
+ gpioxra0: gpio@2 { |
149 |
+diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi |
150 |
+index 4a99c92551049..d0153bbbdbeb8 100644 |
151 |
+--- a/arch/arm/boot/dts/qcom-apq8064.dtsi |
152 |
++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi |
153 |
+@@ -1296,9 +1296,9 @@ |
154 |
+ <&mmcc DSI1_BYTE_CLK>, |
155 |
+ <&mmcc DSI_PIXEL_CLK>, |
156 |
+ <&mmcc DSI1_ESC_CLK>; |
157 |
+- clock-names = "iface_clk", "bus_clk", "core_mmss_clk", |
158 |
+- "src_clk", "byte_clk", "pixel_clk", |
159 |
+- "core_clk"; |
160 |
++ clock-names = "iface", "bus", "core_mmss", |
161 |
++ "src", "byte", "pixel", |
162 |
++ "core"; |
163 |
+ |
164 |
+ assigned-clocks = <&mmcc DSI1_BYTE_SRC>, |
165 |
+ <&mmcc DSI1_ESC_SRC>, |
166 |
+diff --git a/arch/arm/boot/dts/tegra20-tamonten.dtsi b/arch/arm/boot/dts/tegra20-tamonten.dtsi |
167 |
+index 20137fc578b1b..394a6b4dc69d5 100644 |
168 |
+--- a/arch/arm/boot/dts/tegra20-tamonten.dtsi |
169 |
++++ b/arch/arm/boot/dts/tegra20-tamonten.dtsi |
170 |
+@@ -185,8 +185,9 @@ |
171 |
+ nvidia,pins = "ata", "atb", "atc", "atd", "ate", |
172 |
+ "cdev1", "cdev2", "dap1", "dtb", "gma", |
173 |
+ "gmb", "gmc", "gmd", "gme", "gpu7", |
174 |
+- "gpv", "i2cp", "pta", "rm", "slxa", |
175 |
+- "slxk", "spia", "spib", "uac"; |
176 |
++ "gpv", "i2cp", "irrx", "irtx", "pta", |
177 |
++ "rm", "slxa", "slxk", "spia", "spib", |
178 |
++ "uac"; |
179 |
+ nvidia,pull = <TEGRA_PIN_PULL_NONE>; |
180 |
+ nvidia,tristate = <TEGRA_PIN_DISABLE>; |
181 |
+ }; |
182 |
+@@ -211,7 +212,7 @@ |
183 |
+ conf_ddc { |
184 |
+ nvidia,pins = "ddc", "dta", "dtd", "kbca", |
185 |
+ "kbcb", "kbcc", "kbcd", "kbce", "kbcf", |
186 |
+- "sdc"; |
187 |
++ "sdc", "uad", "uca"; |
188 |
+ nvidia,pull = <TEGRA_PIN_PULL_UP>; |
189 |
+ nvidia,tristate = <TEGRA_PIN_DISABLE>; |
190 |
+ }; |
191 |
+@@ -221,10 +222,9 @@ |
192 |
+ "lvp0", "owc", "sdb"; |
193 |
+ nvidia,tristate = <TEGRA_PIN_ENABLE>; |
194 |
+ }; |
195 |
+- conf_irrx { |
196 |
+- nvidia,pins = "irrx", "irtx", "sdd", "spic", |
197 |
+- "spie", "spih", "uaa", "uab", "uad", |
198 |
+- "uca", "ucb"; |
199 |
++ conf_sdd { |
200 |
++ nvidia,pins = "sdd", "spic", "spie", "spih", |
201 |
++ "uaa", "uab", "ucb"; |
202 |
+ nvidia,pull = <TEGRA_PIN_PULL_UP>; |
203 |
+ nvidia,tristate = <TEGRA_PIN_ENABLE>; |
204 |
+ }; |
205 |
+diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile |
206 |
+index 8cad59465af39..8b679e2ca3c3d 100644 |
207 |
+--- a/arch/arm/kernel/Makefile |
208 |
++++ b/arch/arm/kernel/Makefile |
209 |
+@@ -17,10 +17,14 @@ CFLAGS_REMOVE_return_address.o = -pg |
210 |
+ # Object file lists. |
211 |
+ |
212 |
+ obj-y := elf.o entry-common.o irq.o opcodes.o \ |
213 |
+- process.o ptrace.o reboot.o return_address.o \ |
214 |
++ process.o ptrace.o reboot.o \ |
215 |
+ setup.o signal.o sigreturn_codes.o \ |
216 |
+ stacktrace.o sys_arm.o time.o traps.o |
217 |
+ |
218 |
++ifneq ($(CONFIG_ARM_UNWIND),y) |
219 |
++obj-$(CONFIG_FRAME_POINTER) += return_address.o |
220 |
++endif |
221 |
++ |
222 |
+ obj-$(CONFIG_ATAGS) += atags_parse.o |
223 |
+ obj-$(CONFIG_ATAGS_PROC) += atags_proc.o |
224 |
+ obj-$(CONFIG_DEPRECATED_PARAM_STRUCT) += atags_compat.o |
225 |
+diff --git a/arch/arm/kernel/return_address.c b/arch/arm/kernel/return_address.c |
226 |
+index 36ed35073289b..f945742dea449 100644 |
227 |
+--- a/arch/arm/kernel/return_address.c |
228 |
++++ b/arch/arm/kernel/return_address.c |
229 |
+@@ -10,8 +10,6 @@ |
230 |
+ */ |
231 |
+ #include <linux/export.h> |
232 |
+ #include <linux/ftrace.h> |
233 |
+- |
234 |
+-#if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND) |
235 |
+ #include <linux/sched.h> |
236 |
+ |
237 |
+ #include <asm/stacktrace.h> |
238 |
+@@ -56,6 +54,4 @@ void *return_address(unsigned int level) |
239 |
+ return NULL; |
240 |
+ } |
241 |
+ |
242 |
+-#endif /* if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND) */ |
243 |
+- |
244 |
+ EXPORT_SYMBOL_GPL(return_address); |
245 |
+diff --git a/arch/arm/mach-imx/mmdc.c b/arch/arm/mach-imx/mmdc.c |
246 |
+index ae0a61c61a6e1..14be73ca107a5 100644 |
247 |
+--- a/arch/arm/mach-imx/mmdc.c |
248 |
++++ b/arch/arm/mach-imx/mmdc.c |
249 |
+@@ -109,6 +109,7 @@ struct mmdc_pmu { |
250 |
+ struct perf_event *mmdc_events[MMDC_NUM_COUNTERS]; |
251 |
+ struct hlist_node node; |
252 |
+ struct fsl_mmdc_devtype_data *devtype_data; |
253 |
++ struct clk *mmdc_ipg_clk; |
254 |
+ }; |
255 |
+ |
256 |
+ /* |
257 |
+@@ -474,11 +475,13 @@ static int imx_mmdc_remove(struct platform_device *pdev) |
258 |
+ cpuhp_state_remove_instance_nocalls(cpuhp_mmdc_state, &pmu_mmdc->node); |
259 |
+ perf_pmu_unregister(&pmu_mmdc->pmu); |
260 |
+ iounmap(pmu_mmdc->mmdc_base); |
261 |
++ clk_disable_unprepare(pmu_mmdc->mmdc_ipg_clk); |
262 |
+ kfree(pmu_mmdc); |
263 |
+ return 0; |
264 |
+ } |
265 |
+ |
266 |
+-static int imx_mmdc_perf_init(struct platform_device *pdev, void __iomem *mmdc_base) |
267 |
++static int imx_mmdc_perf_init(struct platform_device *pdev, void __iomem *mmdc_base, |
268 |
++ struct clk *mmdc_ipg_clk) |
269 |
+ { |
270 |
+ struct mmdc_pmu *pmu_mmdc; |
271 |
+ char *name; |
272 |
+@@ -506,6 +509,7 @@ static int imx_mmdc_perf_init(struct platform_device *pdev, void __iomem *mmdc_b |
273 |
+ } |
274 |
+ |
275 |
+ mmdc_num = mmdc_pmu_init(pmu_mmdc, mmdc_base, &pdev->dev); |
276 |
++ pmu_mmdc->mmdc_ipg_clk = mmdc_ipg_clk; |
277 |
+ if (mmdc_num == 0) |
278 |
+ name = "mmdc"; |
279 |
+ else |
280 |
+@@ -541,7 +545,7 @@ pmu_free: |
281 |
+ |
282 |
+ #else |
283 |
+ #define imx_mmdc_remove NULL |
284 |
+-#define imx_mmdc_perf_init(pdev, mmdc_base) 0 |
285 |
++#define imx_mmdc_perf_init(pdev, mmdc_base, mmdc_ipg_clk) 0 |
286 |
+ #endif |
287 |
+ |
288 |
+ static int imx_mmdc_probe(struct platform_device *pdev) |
289 |
+@@ -579,9 +583,11 @@ static int imx_mmdc_probe(struct platform_device *pdev) |
290 |
+ val &= ~(1 << BP_MMDC_MAPSR_PSD); |
291 |
+ writel_relaxed(val, reg); |
292 |
+ |
293 |
+- err = imx_mmdc_perf_init(pdev, mmdc_base); |
294 |
+- if (err) |
295 |
++ err = imx_mmdc_perf_init(pdev, mmdc_base, mmdc_ipg_clk); |
296 |
++ if (err) { |
297 |
+ iounmap(mmdc_base); |
298 |
++ clk_disable_unprepare(mmdc_ipg_clk); |
299 |
++ } |
300 |
+ |
301 |
+ return err; |
302 |
+ } |
303 |
+diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c |
304 |
+index 328ced7bfaf26..79b12e7445373 100644 |
305 |
+--- a/arch/arm/net/bpf_jit_32.c |
306 |
++++ b/arch/arm/net/bpf_jit_32.c |
307 |
+@@ -1578,6 +1578,9 @@ exit: |
308 |
+ rn = arm_bpf_get_reg32(src_lo, tmp2[1], ctx); |
309 |
+ emit_ldx_r(dst, rn, off, ctx, BPF_SIZE(code)); |
310 |
+ break; |
311 |
++ /* speculation barrier */ |
312 |
++ case BPF_ST | BPF_NOSPEC: |
313 |
++ break; |
314 |
+ /* ST: *(size *)(dst + off) = imm */ |
315 |
+ case BPF_ST | BPF_MEM | BPF_W: |
316 |
+ case BPF_ST | BPF_MEM | BPF_H: |
317 |
+diff --git a/arch/arm64/boot/dts/exynos/exynos7.dtsi b/arch/arm64/boot/dts/exynos/exynos7.dtsi |
318 |
+index 5c5e57026c275..c607297922fdb 100644 |
319 |
+--- a/arch/arm64/boot/dts/exynos/exynos7.dtsi |
320 |
++++ b/arch/arm64/boot/dts/exynos/exynos7.dtsi |
321 |
+@@ -91,7 +91,7 @@ |
322 |
+ #address-cells = <0>; |
323 |
+ interrupt-controller; |
324 |
+ reg = <0x11001000 0x1000>, |
325 |
+- <0x11002000 0x1000>, |
326 |
++ <0x11002000 0x2000>, |
327 |
+ <0x11004000 0x2000>, |
328 |
+ <0x11006000 0x2000>; |
329 |
+ }; |
330 |
+diff --git a/arch/arm64/boot/dts/qcom/ipq8074-hk01.dts b/arch/arm64/boot/dts/qcom/ipq8074-hk01.dts |
331 |
+index c13ddee8262b9..58acf21d8d333 100644 |
332 |
+--- a/arch/arm64/boot/dts/qcom/ipq8074-hk01.dts |
333 |
++++ b/arch/arm64/boot/dts/qcom/ipq8074-hk01.dts |
334 |
+@@ -28,7 +28,7 @@ |
335 |
+ stdout-path = "serial0"; |
336 |
+ }; |
337 |
+ |
338 |
+- memory { |
339 |
++ memory@40000000 { |
340 |
+ device_type = "memory"; |
341 |
+ reg = <0x0 0x40000000 0x0 0x20000000>; |
342 |
+ }; |
343 |
+diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h |
344 |
+index a780f6714b445..74ab40b76ad53 100644 |
345 |
+--- a/arch/arm64/include/asm/kernel-pgtable.h |
346 |
++++ b/arch/arm64/include/asm/kernel-pgtable.h |
347 |
+@@ -76,8 +76,8 @@ |
348 |
+ #define EARLY_KASLR (0) |
349 |
+ #endif |
350 |
+ |
351 |
+-#define EARLY_ENTRIES(vstart, vend, shift) (((vend) >> (shift)) \ |
352 |
+- - ((vstart) >> (shift)) + 1 + EARLY_KASLR) |
353 |
++#define EARLY_ENTRIES(vstart, vend, shift) \ |
354 |
++ ((((vend) - 1) >> (shift)) - ((vstart) >> (shift)) + 1 + EARLY_KASLR) |
355 |
+ |
356 |
+ #define EARLY_PGDS(vstart, vend) (EARLY_ENTRIES(vstart, vend, PGDIR_SHIFT)) |
357 |
+ |
358 |
+diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c |
359 |
+index 19c87b52c001f..89ab68cb35bbd 100644 |
360 |
+--- a/arch/arm64/kernel/fpsimd.c |
361 |
++++ b/arch/arm64/kernel/fpsimd.c |
362 |
+@@ -434,7 +434,7 @@ size_t sve_state_size(struct task_struct const *task) |
363 |
+ void sve_alloc(struct task_struct *task) |
364 |
+ { |
365 |
+ if (task->thread.sve_state) { |
366 |
+- memset(task->thread.sve_state, 0, sve_state_size(current)); |
367 |
++ memset(task->thread.sve_state, 0, sve_state_size(task)); |
368 |
+ return; |
369 |
+ } |
370 |
+ |
371 |
+diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S |
372 |
+index c85ea70b92936..ea7f059dbcb6c 100644 |
373 |
+--- a/arch/arm64/kernel/head.S |
374 |
++++ b/arch/arm64/kernel/head.S |
375 |
+@@ -202,7 +202,7 @@ ENDPROC(preserve_boot_args) |
376 |
+ * to be composed of multiple pages. (This effectively scales the end index). |
377 |
+ * |
378 |
+ * vstart: virtual address of start of range |
379 |
+- * vend: virtual address of end of range |
380 |
++ * vend: virtual address of end of range - we map [vstart, vend] |
381 |
+ * shift: shift used to transform virtual address into index |
382 |
+ * ptrs: number of entries in page table |
383 |
+ * istart: index in table corresponding to vstart |
384 |
+@@ -239,17 +239,18 @@ ENDPROC(preserve_boot_args) |
385 |
+ * |
386 |
+ * tbl: location of page table |
387 |
+ * rtbl: address to be used for first level page table entry (typically tbl + PAGE_SIZE) |
388 |
+- * vstart: start address to map |
389 |
+- * vend: end address to map - we map [vstart, vend] |
390 |
++ * vstart: virtual address of start of range |
391 |
++ * vend: virtual address of end of range - we map [vstart, vend - 1] |
392 |
+ * flags: flags to use to map last level entries |
393 |
+ * phys: physical address corresponding to vstart - physical memory is contiguous |
394 |
+ * pgds: the number of pgd entries |
395 |
+ * |
396 |
+ * Temporaries: istart, iend, tmp, count, sv - these need to be different registers |
397 |
+- * Preserves: vstart, vend, flags |
398 |
+- * Corrupts: tbl, rtbl, istart, iend, tmp, count, sv |
399 |
++ * Preserves: vstart, flags |
400 |
++ * Corrupts: tbl, rtbl, vend, istart, iend, tmp, count, sv |
401 |
+ */ |
402 |
+ .macro map_memory, tbl, rtbl, vstart, vend, flags, phys, pgds, istart, iend, tmp, count, sv |
403 |
++ sub \vend, \vend, #1 |
404 |
+ add \rtbl, \tbl, #PAGE_SIZE |
405 |
+ mov \sv, \rtbl |
406 |
+ mov \count, #0 |
407 |
+diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c |
408 |
+index 7f0258ed1f5fe..6876e8205042a 100644 |
409 |
+--- a/arch/arm64/net/bpf_jit_comp.c |
410 |
++++ b/arch/arm64/net/bpf_jit_comp.c |
411 |
+@@ -685,6 +685,19 @@ emit_cond_jmp: |
412 |
+ } |
413 |
+ break; |
414 |
+ |
415 |
++ /* speculation barrier */ |
416 |
++ case BPF_ST | BPF_NOSPEC: |
417 |
++ /* |
418 |
++ * Nothing required here. |
419 |
++ * |
420 |
++ * In case of arm64, we rely on the firmware mitigation of |
421 |
++ * Speculative Store Bypass as controlled via the ssbd kernel |
422 |
++ * parameter. Whenever the mitigation is enabled, it works |
423 |
++ * for all of the kernel code with no need to provide any |
424 |
++ * additional instructions. |
425 |
++ */ |
426 |
++ break; |
427 |
++ |
428 |
+ /* ST: *(size *)(dst + off) = imm */ |
429 |
+ case BPF_ST | BPF_MEM | BPF_W: |
430 |
+ case BPF_ST | BPF_MEM | BPF_H: |
431 |
+diff --git a/arch/m68k/emu/nfeth.c b/arch/m68k/emu/nfeth.c |
432 |
+index e45ce4243aaa3..76262dc40e791 100644 |
433 |
+--- a/arch/m68k/emu/nfeth.c |
434 |
++++ b/arch/m68k/emu/nfeth.c |
435 |
+@@ -258,8 +258,8 @@ static void __exit nfeth_cleanup(void) |
436 |
+ |
437 |
+ for (i = 0; i < MAX_UNIT; i++) { |
438 |
+ if (nfeth_dev[i]) { |
439 |
+- unregister_netdev(nfeth_dev[0]); |
440 |
+- free_netdev(nfeth_dev[0]); |
441 |
++ unregister_netdev(nfeth_dev[i]); |
442 |
++ free_netdev(nfeth_dev[i]); |
443 |
+ } |
444 |
+ } |
445 |
+ free_irq(nfEtherIRQ, nfeth_interrupt); |
446 |
+diff --git a/arch/mips/mti-malta/malta-dtshim.c b/arch/mips/mti-malta/malta-dtshim.c |
447 |
+index 7859b6e498634..5b5d78a7882a4 100644 |
448 |
+--- a/arch/mips/mti-malta/malta-dtshim.c |
449 |
++++ b/arch/mips/mti-malta/malta-dtshim.c |
450 |
+@@ -26,7 +26,7 @@ |
451 |
+ #define ROCIT_CONFIG_GEN1_MEMMAP_SHIFT 8 |
452 |
+ #define ROCIT_CONFIG_GEN1_MEMMAP_MASK (0xf << 8) |
453 |
+ |
454 |
+-static unsigned char fdt_buf[16 << 10] __initdata; |
455 |
++static unsigned char fdt_buf[16 << 10] __initdata __aligned(8); |
456 |
+ |
457 |
+ /* determined physical memory size, not overridden by command line args */ |
458 |
+ extern unsigned long physical_memsize; |
459 |
+diff --git a/arch/mips/net/ebpf_jit.c b/arch/mips/net/ebpf_jit.c |
460 |
+index 3832c46286082..947a7172c814e 100644 |
461 |
+--- a/arch/mips/net/ebpf_jit.c |
462 |
++++ b/arch/mips/net/ebpf_jit.c |
463 |
+@@ -1282,6 +1282,9 @@ jeq_common: |
464 |
+ } |
465 |
+ break; |
466 |
+ |
467 |
++ case BPF_ST | BPF_NOSPEC: /* speculation barrier */ |
468 |
++ break; |
469 |
++ |
470 |
+ case BPF_ST | BPF_B | BPF_MEM: |
471 |
+ case BPF_ST | BPF_H | BPF_MEM: |
472 |
+ case BPF_ST | BPF_W | BPF_MEM: |
473 |
+diff --git a/arch/openrisc/kernel/entry.S b/arch/openrisc/kernel/entry.S |
474 |
+index 01b59d2ce1747..c2c3ce8a0f84e 100644 |
475 |
+--- a/arch/openrisc/kernel/entry.S |
476 |
++++ b/arch/openrisc/kernel/entry.S |
477 |
+@@ -551,6 +551,7 @@ EXCEPTION_ENTRY(_external_irq_handler) |
478 |
+ l.bnf 1f // ext irq enabled, all ok. |
479 |
+ l.nop |
480 |
+ |
481 |
++#ifdef CONFIG_PRINTK |
482 |
+ l.addi r1,r1,-0x8 |
483 |
+ l.movhi r3,hi(42f) |
484 |
+ l.ori r3,r3,lo(42f) |
485 |
+@@ -564,6 +565,7 @@ EXCEPTION_ENTRY(_external_irq_handler) |
486 |
+ .string "\n\rESR interrupt bug: in _external_irq_handler (ESR %x)\n\r" |
487 |
+ .align 4 |
488 |
+ .previous |
489 |
++#endif |
490 |
+ |
491 |
+ l.ori r4,r4,SPR_SR_IEE // fix the bug |
492 |
+ // l.sw PT_SR(r1),r4 |
493 |
+diff --git a/arch/parisc/kernel/signal.c b/arch/parisc/kernel/signal.c |
494 |
+index 342073f44d3f1..79b05eac2b33c 100644 |
495 |
+--- a/arch/parisc/kernel/signal.c |
496 |
++++ b/arch/parisc/kernel/signal.c |
497 |
+@@ -239,6 +239,12 @@ setup_rt_frame(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs, |
498 |
+ #endif |
499 |
+ |
500 |
+ usp = (regs->gr[30] & ~(0x01UL)); |
501 |
++#ifdef CONFIG_64BIT |
502 |
++ if (is_compat_task()) { |
503 |
++ /* The gcc alloca implementation leaves garbage in the upper 32 bits of sp */ |
504 |
++ usp = (compat_uint_t)usp; |
505 |
++ } |
506 |
++#endif |
507 |
+ /*FIXME: frame_size parameter is unused, remove it. */ |
508 |
+ frame = get_sigframe(&ksig->ka, usp, sizeof(*frame)); |
509 |
+ |
510 |
+diff --git a/arch/powerpc/boot/crt0.S b/arch/powerpc/boot/crt0.S |
511 |
+index 9b9d17437373b..0247b8e6cb1b7 100644 |
512 |
+--- a/arch/powerpc/boot/crt0.S |
513 |
++++ b/arch/powerpc/boot/crt0.S |
514 |
+@@ -49,9 +49,6 @@ p_end: .long _end |
515 |
+ p_pstack: .long _platform_stack_top |
516 |
+ #endif |
517 |
+ |
518 |
+- .globl _zimage_start |
519 |
+- /* Clang appears to require the .weak directive to be after the symbol |
520 |
+- * is defined. See https://bugs.llvm.org/show_bug.cgi?id=38921 */ |
521 |
+ .weak _zimage_start |
522 |
+ _zimage_start: |
523 |
+ .globl _zimage_start_lib |
524 |
+diff --git a/arch/powerpc/kernel/module_64.c b/arch/powerpc/kernel/module_64.c |
525 |
+index 8661eea78503f..4bf81a111179f 100644 |
526 |
+--- a/arch/powerpc/kernel/module_64.c |
527 |
++++ b/arch/powerpc/kernel/module_64.c |
528 |
+@@ -719,7 +719,7 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, |
529 |
+ /* |
530 |
+ * If found, replace it with: |
531 |
+ * addis r2, r12, (.TOC.-func)@ha |
532 |
+- * addi r2, r12, (.TOC.-func)@l |
533 |
++ * addi r2, r2, (.TOC.-func)@l |
534 |
+ */ |
535 |
+ ((uint32_t *)location)[0] = 0x3c4c0000 + PPC_HA(value); |
536 |
+ ((uint32_t *)location)[1] = 0x38420000 + PPC_LO(value); |
537 |
+diff --git a/arch/powerpc/kernel/stacktrace.c b/arch/powerpc/kernel/stacktrace.c |
538 |
+index 23b5f755e419b..dadcc8bab336a 100644 |
539 |
+--- a/arch/powerpc/kernel/stacktrace.c |
540 |
++++ b/arch/powerpc/kernel/stacktrace.c |
541 |
+@@ -8,6 +8,7 @@ |
542 |
+ * Copyright 2018 Nick Piggin, Michael Ellerman, IBM Corp. |
543 |
+ */ |
544 |
+ |
545 |
++#include <linux/delay.h> |
546 |
+ #include <linux/export.h> |
547 |
+ #include <linux/kallsyms.h> |
548 |
+ #include <linux/module.h> |
549 |
+diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c |
550 |
+index 7e3ab477f67fe..e7d56ddba43aa 100644 |
551 |
+--- a/arch/powerpc/net/bpf_jit_comp64.c |
552 |
++++ b/arch/powerpc/net/bpf_jit_comp64.c |
553 |
+@@ -596,6 +596,12 @@ emit_clear: |
554 |
+ } |
555 |
+ break; |
556 |
+ |
557 |
++ /* |
558 |
++ * BPF_ST NOSPEC (speculation barrier) |
559 |
++ */ |
560 |
++ case BPF_ST | BPF_NOSPEC: |
561 |
++ break; |
562 |
++ |
563 |
+ /* |
564 |
+ * BPF_ST(X) |
565 |
+ */ |
566 |
+diff --git a/arch/powerpc/perf/hv-gpci.c b/arch/powerpc/perf/hv-gpci.c |
567 |
+index 43fabb3cae0fa..160b86d9d8199 100644 |
568 |
+--- a/arch/powerpc/perf/hv-gpci.c |
569 |
++++ b/arch/powerpc/perf/hv-gpci.c |
570 |
+@@ -168,7 +168,7 @@ static unsigned long single_gpci_request(u32 req, u32 starting_index, |
571 |
+ */ |
572 |
+ count = 0; |
573 |
+ for (i = offset; i < offset + length; i++) |
574 |
+- count |= arg->bytes[i] << (i - offset); |
575 |
++ count |= (u64)(arg->bytes[i]) << ((length - 1 - (i - offset)) * 8); |
576 |
+ |
577 |
+ *value = count; |
578 |
+ out: |
579 |
+diff --git a/arch/s390/kernel/jump_label.c b/arch/s390/kernel/jump_label.c |
580 |
+index 68f415e334a59..10009a0cdb37c 100644 |
581 |
+--- a/arch/s390/kernel/jump_label.c |
582 |
++++ b/arch/s390/kernel/jump_label.c |
583 |
+@@ -41,7 +41,7 @@ static void jump_label_bug(struct jump_entry *entry, struct insn *expected, |
584 |
+ unsigned char *ipe = (unsigned char *)expected; |
585 |
+ unsigned char *ipn = (unsigned char *)new; |
586 |
+ |
587 |
+- pr_emerg("Jump label code mismatch at %pS [%p]\n", ipc, ipc); |
588 |
++ pr_emerg("Jump label code mismatch at %pS [%px]\n", ipc, ipc); |
589 |
+ pr_emerg("Found: %6ph\n", ipc); |
590 |
+ pr_emerg("Expected: %6ph\n", ipe); |
591 |
+ pr_emerg("New: %6ph\n", ipn); |
592 |
+diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c |
593 |
+index 3515f2b55eb9e..dc5ecaea30d71 100644 |
594 |
+--- a/arch/s390/kvm/interrupt.c |
595 |
++++ b/arch/s390/kvm/interrupt.c |
596 |
+@@ -318,13 +318,13 @@ static unsigned long deliverable_irqs(struct kvm_vcpu *vcpu) |
597 |
+ static void __set_cpu_idle(struct kvm_vcpu *vcpu) |
598 |
+ { |
599 |
+ kvm_s390_set_cpuflags(vcpu, CPUSTAT_WAIT); |
600 |
+- set_bit(vcpu->vcpu_id, vcpu->kvm->arch.float_int.idle_mask); |
601 |
++ set_bit(kvm_vcpu_get_idx(vcpu), vcpu->kvm->arch.float_int.idle_mask); |
602 |
+ } |
603 |
+ |
604 |
+ static void __unset_cpu_idle(struct kvm_vcpu *vcpu) |
605 |
+ { |
606 |
+ kvm_s390_clear_cpuflags(vcpu, CPUSTAT_WAIT); |
607 |
+- clear_bit(vcpu->vcpu_id, vcpu->kvm->arch.float_int.idle_mask); |
608 |
++ clear_bit(kvm_vcpu_get_idx(vcpu), vcpu->kvm->arch.float_int.idle_mask); |
609 |
+ } |
610 |
+ |
611 |
+ static void __reset_intercept_indicators(struct kvm_vcpu *vcpu) |
612 |
+diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h |
613 |
+index 981e3ba974616..0a2ffd5378be2 100644 |
614 |
+--- a/arch/s390/kvm/kvm-s390.h |
615 |
++++ b/arch/s390/kvm/kvm-s390.h |
616 |
+@@ -67,7 +67,7 @@ static inline int is_vcpu_stopped(struct kvm_vcpu *vcpu) |
617 |
+ |
618 |
+ static inline int is_vcpu_idle(struct kvm_vcpu *vcpu) |
619 |
+ { |
620 |
+- return test_bit(vcpu->vcpu_id, vcpu->kvm->arch.float_int.idle_mask); |
621 |
++ return test_bit(kvm_vcpu_get_idx(vcpu), vcpu->kvm->arch.float_int.idle_mask); |
622 |
+ } |
623 |
+ |
624 |
+ static inline int kvm_is_ucontrol(struct kvm *kvm) |
625 |
+diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c |
626 |
+index e42354b15e0bc..8508c2c0e2a3a 100644 |
627 |
+--- a/arch/s390/net/bpf_jit_comp.c |
628 |
++++ b/arch/s390/net/bpf_jit_comp.c |
629 |
+@@ -595,8 +595,13 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
630 |
+ case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ |
631 |
+ if (!imm) |
632 |
+ break; |
633 |
+- /* agfi %dst,-imm */ |
634 |
+- EMIT6_IMM(0xc2080000, dst_reg, -imm); |
635 |
++ if (imm == -0x80000000) { |
636 |
++ /* algfi %dst,0x80000000 */ |
637 |
++ EMIT6_IMM(0xc20a0000, dst_reg, 0x80000000); |
638 |
++ } else { |
639 |
++ /* agfi %dst,-imm */ |
640 |
++ EMIT6_IMM(0xc2080000, dst_reg, -imm); |
641 |
++ } |
642 |
+ break; |
643 |
+ /* |
644 |
+ * BPF_MUL |
645 |
+@@ -883,6 +888,11 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i |
646 |
+ break; |
647 |
+ } |
648 |
+ break; |
649 |
++ /* |
650 |
++ * BPF_NOSPEC (speculation barrier) |
651 |
++ */ |
652 |
++ case BPF_ST | BPF_NOSPEC: |
653 |
++ break; |
654 |
+ /* |
655 |
+ * BPF_ST(X) |
656 |
+ */ |
657 |
+diff --git a/arch/sparc/net/bpf_jit_comp_64.c b/arch/sparc/net/bpf_jit_comp_64.c |
658 |
+index ec4da4dc98f12..1bb1e64d4377d 100644 |
659 |
+--- a/arch/sparc/net/bpf_jit_comp_64.c |
660 |
++++ b/arch/sparc/net/bpf_jit_comp_64.c |
661 |
+@@ -1261,6 +1261,9 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx) |
662 |
+ emit(opcode | RS1(src) | rs2 | RD(dst), ctx); |
663 |
+ break; |
664 |
+ } |
665 |
++ /* speculation barrier */ |
666 |
++ case BPF_ST | BPF_NOSPEC: |
667 |
++ break; |
668 |
+ /* ST: *(size *)(dst + off) = imm */ |
669 |
+ case BPF_ST | BPF_MEM | BPF_W: |
670 |
+ case BPF_ST | BPF_MEM | BPF_H: |
671 |
+diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c |
672 |
+index 2410bd4bb48f3..2d9e1372b070c 100644 |
673 |
+--- a/arch/x86/events/amd/ibs.c |
674 |
++++ b/arch/x86/events/amd/ibs.c |
675 |
+@@ -90,6 +90,7 @@ struct perf_ibs { |
676 |
+ unsigned long offset_mask[1]; |
677 |
+ int offset_max; |
678 |
+ unsigned int fetch_count_reset_broken : 1; |
679 |
++ unsigned int fetch_ignore_if_zero_rip : 1; |
680 |
+ struct cpu_perf_ibs __percpu *pcpu; |
681 |
+ |
682 |
+ struct attribute **format_attrs; |
683 |
+@@ -674,6 +675,10 @@ fail: |
684 |
+ if (check_rip && (ibs_data.regs[2] & IBS_RIP_INVALID)) { |
685 |
+ regs.flags &= ~PERF_EFLAGS_EXACT; |
686 |
+ } else { |
687 |
++ /* Workaround for erratum #1197 */ |
688 |
++ if (perf_ibs->fetch_ignore_if_zero_rip && !(ibs_data.regs[1])) |
689 |
++ goto out; |
690 |
++ |
691 |
+ set_linear_ip(®s, ibs_data.regs[1]); |
692 |
+ regs.flags |= PERF_EFLAGS_EXACT; |
693 |
+ } |
694 |
+@@ -767,6 +772,9 @@ static __init void perf_event_ibs_init(void) |
695 |
+ if (boot_cpu_data.x86 >= 0x16 && boot_cpu_data.x86 <= 0x18) |
696 |
+ perf_ibs_fetch.fetch_count_reset_broken = 1; |
697 |
+ |
698 |
++ if (boot_cpu_data.x86 == 0x19 && boot_cpu_data.x86_model < 0x10) |
699 |
++ perf_ibs_fetch.fetch_ignore_if_zero_rip = 1; |
700 |
++ |
701 |
+ perf_ibs_pmu_init(&perf_ibs_fetch, "ibs_fetch"); |
702 |
+ |
703 |
+ if (ibs_caps & IBS_CAPS_OPCNT) { |
704 |
+diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c |
705 |
+index f03100bc5fd12..849f0ba53a9b9 100644 |
706 |
+--- a/arch/x86/events/intel/pt.c |
707 |
++++ b/arch/x86/events/intel/pt.c |
708 |
+@@ -69,7 +69,7 @@ static struct pt_cap_desc { |
709 |
+ PT_CAP(topa_multiple_entries, 0, CPUID_ECX, BIT(1)), |
710 |
+ PT_CAP(single_range_output, 0, CPUID_ECX, BIT(2)), |
711 |
+ PT_CAP(payloads_lip, 0, CPUID_ECX, BIT(31)), |
712 |
+- PT_CAP(num_address_ranges, 1, CPUID_EAX, 0x3), |
713 |
++ PT_CAP(num_address_ranges, 1, CPUID_EAX, 0x7), |
714 |
+ PT_CAP(mtc_periods, 1, CPUID_EAX, 0xffff0000), |
715 |
+ PT_CAP(cycle_thresholds, 1, CPUID_EBX, 0xffff), |
716 |
+ PT_CAP(psb_periods, 1, CPUID_EBX, 0xffff0000), |
717 |
+diff --git a/arch/x86/kernel/cpu/intel_rdt_monitor.c b/arch/x86/kernel/cpu/intel_rdt_monitor.c |
718 |
+index 6eeb17dfde48e..5fee674fe59d9 100644 |
719 |
+--- a/arch/x86/kernel/cpu/intel_rdt_monitor.c |
720 |
++++ b/arch/x86/kernel/cpu/intel_rdt_monitor.c |
721 |
+@@ -252,6 +252,12 @@ static u64 __mon_event_count(u32 rmid, struct rmid_read *rr) |
722 |
+ case QOS_L3_MBM_LOCAL_EVENT_ID: |
723 |
+ m = &rr->d->mbm_local[rmid]; |
724 |
+ break; |
725 |
++ default: |
726 |
++ /* |
727 |
++ * Code would never reach here because an invalid |
728 |
++ * event id would fail the __rmid_read. |
729 |
++ */ |
730 |
++ return RMID_VAL_ERROR; |
731 |
+ } |
732 |
+ |
733 |
+ if (rr->first) { |
734 |
+diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c |
735 |
+index 6489cc19ed069..b0f3a996df15f 100644 |
736 |
+--- a/arch/x86/kernel/reboot.c |
737 |
++++ b/arch/x86/kernel/reboot.c |
738 |
+@@ -388,10 +388,11 @@ static const struct dmi_system_id reboot_dmi_table[] __initconst = { |
739 |
+ }, |
740 |
+ { /* Handle problems with rebooting on the OptiPlex 990. */ |
741 |
+ .callback = set_pci_reboot, |
742 |
+- .ident = "Dell OptiPlex 990", |
743 |
++ .ident = "Dell OptiPlex 990 BIOS A0x", |
744 |
+ .matches = { |
745 |
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), |
746 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 990"), |
747 |
++ DMI_MATCH(DMI_BIOS_VERSION, "A0"), |
748 |
+ }, |
749 |
+ }, |
750 |
+ { /* Handle problems with rebooting on Dell 300's */ |
751 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
752 |
+index f913127e942a1..417abc9ba1ad4 100644 |
753 |
+--- a/arch/x86/kvm/x86.c |
754 |
++++ b/arch/x86/kvm/x86.c |
755 |
+@@ -2511,6 +2511,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
756 |
+ if (!msr_info->host_initiated) { |
757 |
+ s64 adj = data - vcpu->arch.ia32_tsc_adjust_msr; |
758 |
+ adjust_tsc_offset_guest(vcpu, adj); |
759 |
++ /* Before back to guest, tsc_timestamp must be adjusted |
760 |
++ * as well, otherwise guest's percpu pvclock time could jump. |
761 |
++ */ |
762 |
++ kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu); |
763 |
+ } |
764 |
+ vcpu->arch.ia32_tsc_adjust_msr = data; |
765 |
+ } |
766 |
+diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c |
767 |
+index 81e85a8dd3005..4b25a1ad18ffd 100644 |
768 |
+--- a/arch/x86/mm/init_64.c |
769 |
++++ b/arch/x86/mm/init_64.c |
770 |
+@@ -1289,18 +1289,18 @@ int kern_addr_valid(unsigned long addr) |
771 |
+ return 0; |
772 |
+ |
773 |
+ p4d = p4d_offset(pgd, addr); |
774 |
+- if (p4d_none(*p4d)) |
775 |
++ if (!p4d_present(*p4d)) |
776 |
+ return 0; |
777 |
+ |
778 |
+ pud = pud_offset(p4d, addr); |
779 |
+- if (pud_none(*pud)) |
780 |
++ if (!pud_present(*pud)) |
781 |
+ return 0; |
782 |
+ |
783 |
+ if (pud_large(*pud)) |
784 |
+ return pfn_valid(pud_pfn(*pud)); |
785 |
+ |
786 |
+ pmd = pmd_offset(pud, addr); |
787 |
+- if (pmd_none(*pmd)) |
788 |
++ if (!pmd_present(*pmd)) |
789 |
+ return 0; |
790 |
+ |
791 |
+ if (pmd_large(*pmd)) |
792 |
+diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c |
793 |
+index 924ca27a6139b..81c3d4b4c7e2c 100644 |
794 |
+--- a/arch/x86/net/bpf_jit_comp.c |
795 |
++++ b/arch/x86/net/bpf_jit_comp.c |
796 |
+@@ -731,6 +731,13 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, |
797 |
+ } |
798 |
+ break; |
799 |
+ |
800 |
++ /* speculation barrier */ |
801 |
++ case BPF_ST | BPF_NOSPEC: |
802 |
++ if (boot_cpu_has(X86_FEATURE_XMM2)) |
803 |
++ /* Emit 'lfence' */ |
804 |
++ EMIT3(0x0F, 0xAE, 0xE8); |
805 |
++ break; |
806 |
++ |
807 |
+ /* ST: *(u8*)(dst_reg + off) = imm */ |
808 |
+ case BPF_ST | BPF_MEM | BPF_B: |
809 |
+ if (is_ereg(dst_reg)) |
810 |
+diff --git a/arch/x86/net/bpf_jit_comp32.c b/arch/x86/net/bpf_jit_comp32.c |
811 |
+index adee990abab14..f48300988bc2a 100644 |
812 |
+--- a/arch/x86/net/bpf_jit_comp32.c |
813 |
++++ b/arch/x86/net/bpf_jit_comp32.c |
814 |
+@@ -1683,6 +1683,12 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, |
815 |
+ i++; |
816 |
+ break; |
817 |
+ } |
818 |
++ /* speculation barrier */ |
819 |
++ case BPF_ST | BPF_NOSPEC: |
820 |
++ if (boot_cpu_has(X86_FEATURE_XMM2)) |
821 |
++ /* Emit 'lfence' */ |
822 |
++ EMIT3(0x0F, 0xAE, 0xE8); |
823 |
++ break; |
824 |
+ /* ST: *(u8*)(dst_reg + off) = imm */ |
825 |
+ case BPF_ST | BPF_MEM | BPF_H: |
826 |
+ case BPF_ST | BPF_MEM | BPF_B: |
827 |
+diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c |
828 |
+index 1c3e9185934c4..7966136352b56 100644 |
829 |
+--- a/arch/x86/xen/enlighten_pv.c |
830 |
++++ b/arch/x86/xen/enlighten_pv.c |
831 |
+@@ -1187,6 +1187,11 @@ static void __init xen_dom0_set_legacy_features(void) |
832 |
+ x86_platform.legacy.rtc = 1; |
833 |
+ } |
834 |
+ |
835 |
++static void __init xen_domu_set_legacy_features(void) |
836 |
++{ |
837 |
++ x86_platform.legacy.rtc = 0; |
838 |
++} |
839 |
++ |
840 |
+ /* First C function to be called on Xen boot */ |
841 |
+ asmlinkage __visible void __init xen_start_kernel(void) |
842 |
+ { |
843 |
+@@ -1354,6 +1359,8 @@ asmlinkage __visible void __init xen_start_kernel(void) |
844 |
+ add_preferred_console("xenboot", 0, NULL); |
845 |
+ if (pci_xen) |
846 |
+ x86_init.pci.arch_init = pci_xen_init; |
847 |
++ x86_platform.set_legacy_features = |
848 |
++ xen_domu_set_legacy_features; |
849 |
+ } else { |
850 |
+ const struct dom0_vga_console_info *info = |
851 |
+ (void *)((char *)xen_start_info + |
852 |
+diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c |
853 |
+index 82577eec6d0a7..f9b31eb6846c4 100644 |
854 |
+--- a/arch/x86/xen/p2m.c |
855 |
++++ b/arch/x86/xen/p2m.c |
856 |
+@@ -613,8 +613,8 @@ int xen_alloc_p2m_entry(unsigned long pfn) |
857 |
+ } |
858 |
+ |
859 |
+ /* Expanded the p2m? */ |
860 |
+- if (pfn > xen_p2m_last_pfn) { |
861 |
+- xen_p2m_last_pfn = pfn; |
862 |
++ if (pfn >= xen_p2m_last_pfn) { |
863 |
++ xen_p2m_last_pfn = ALIGN(pfn + 1, P2M_PER_PAGE); |
864 |
+ HYPERVISOR_shared_info->arch.max_pfn = xen_p2m_last_pfn; |
865 |
+ } |
866 |
+ |
867 |
+diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig |
868 |
+index b9ad83a0ee5db..d9b0709d6c9ce 100644 |
869 |
+--- a/arch/xtensa/Kconfig |
870 |
++++ b/arch/xtensa/Kconfig |
871 |
+@@ -25,7 +25,7 @@ config XTENSA |
872 |
+ select HAVE_DMA_CONTIGUOUS |
873 |
+ select HAVE_EXIT_THREAD |
874 |
+ select HAVE_FUNCTION_TRACER |
875 |
+- select HAVE_FUTEX_CMPXCHG if !MMU |
876 |
++ select HAVE_FUTEX_CMPXCHG if !MMU && FUTEX |
877 |
+ select HAVE_HW_BREAKPOINT if PERF_EVENTS |
878 |
+ select HAVE_IRQ_TIME_ACCOUNTING |
879 |
+ select HAVE_MEMBLOCK |
880 |
+diff --git a/arch/xtensa/platforms/iss/console.c b/arch/xtensa/platforms/iss/console.c |
881 |
+index af81a62faba64..e7faea3d73d3b 100644 |
882 |
+--- a/arch/xtensa/platforms/iss/console.c |
883 |
++++ b/arch/xtensa/platforms/iss/console.c |
884 |
+@@ -168,9 +168,13 @@ static const struct tty_operations serial_ops = { |
885 |
+ |
886 |
+ int __init rs_init(void) |
887 |
+ { |
888 |
+- tty_port_init(&serial_port); |
889 |
++ int ret; |
890 |
+ |
891 |
+ serial_driver = alloc_tty_driver(SERIAL_MAX_NUM_LINES); |
892 |
++ if (!serial_driver) |
893 |
++ return -ENOMEM; |
894 |
++ |
895 |
++ tty_port_init(&serial_port); |
896 |
+ |
897 |
+ pr_info("%s %s\n", serial_name, serial_version); |
898 |
+ |
899 |
+@@ -190,8 +194,15 @@ int __init rs_init(void) |
900 |
+ tty_set_operations(serial_driver, &serial_ops); |
901 |
+ tty_port_link_device(&serial_port, serial_driver, 0); |
902 |
+ |
903 |
+- if (tty_register_driver(serial_driver)) |
904 |
+- panic("Couldn't register serial driver\n"); |
905 |
++ ret = tty_register_driver(serial_driver); |
906 |
++ if (ret) { |
907 |
++ pr_err("Couldn't register serial driver\n"); |
908 |
++ tty_driver_kref_put(serial_driver); |
909 |
++ tty_port_destroy(&serial_port); |
910 |
++ |
911 |
++ return ret; |
912 |
++ } |
913 |
++ |
914 |
+ return 0; |
915 |
+ } |
916 |
+ |
917 |
+diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c |
918 |
+index 5b3e5483c657c..c8c94e8e0f721 100644 |
919 |
+--- a/block/bfq-iosched.c |
920 |
++++ b/block/bfq-iosched.c |
921 |
+@@ -2137,6 +2137,15 @@ bfq_setup_merge(struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) |
922 |
+ * are likely to increase the throughput. |
923 |
+ */ |
924 |
+ bfqq->new_bfqq = new_bfqq; |
925 |
++ /* |
926 |
++ * The above assignment schedules the following redirections: |
927 |
++ * each time some I/O for bfqq arrives, the process that |
928 |
++ * generated that I/O is disassociated from bfqq and |
929 |
++ * associated with new_bfqq. Here we increases new_bfqq->ref |
930 |
++ * in advance, adding the number of processes that are |
931 |
++ * expected to be associated with new_bfqq as they happen to |
932 |
++ * issue I/O. |
933 |
++ */ |
934 |
+ new_bfqq->ref += process_refs; |
935 |
+ return new_bfqq; |
936 |
+ } |
937 |
+@@ -2196,6 +2205,10 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq, |
938 |
+ { |
939 |
+ struct bfq_queue *in_service_bfqq, *new_bfqq; |
940 |
+ |
941 |
++ /* if a merge has already been setup, then proceed with that first */ |
942 |
++ if (bfqq->new_bfqq) |
943 |
++ return bfqq->new_bfqq; |
944 |
++ |
945 |
+ /* |
946 |
+ * Prevent bfqq from being merged if it has been created too |
947 |
+ * long ago. The idea is that true cooperating processes, and |
948 |
+@@ -2210,9 +2223,6 @@ bfq_setup_cooperator(struct bfq_data *bfqd, struct bfq_queue *bfqq, |
949 |
+ if (bfq_too_late_for_merging(bfqq)) |
950 |
+ return NULL; |
951 |
+ |
952 |
+- if (bfqq->new_bfqq) |
953 |
+- return bfqq->new_bfqq; |
954 |
+- |
955 |
+ if (!io_struct || unlikely(bfqq == &bfqd->oom_bfqq)) |
956 |
+ return NULL; |
957 |
+ |
958 |
+@@ -4241,7 +4251,7 @@ bfq_set_next_ioprio_data(struct bfq_queue *bfqq, struct bfq_io_cq *bic) |
959 |
+ if (bfqq->new_ioprio >= IOPRIO_BE_NR) { |
960 |
+ pr_crit("bfq_set_next_ioprio_data: new_ioprio %d\n", |
961 |
+ bfqq->new_ioprio); |
962 |
+- bfqq->new_ioprio = IOPRIO_BE_NR; |
963 |
++ bfqq->new_ioprio = IOPRIO_BE_NR - 1; |
964 |
+ } |
965 |
+ |
966 |
+ bfqq->entity.new_weight = bfq_ioprio_to_weight(bfqq->new_ioprio); |
967 |
+diff --git a/block/blk-zoned.c b/block/blk-zoned.c |
968 |
+index c461cf63f1f40..d33e89d28dbeb 100644 |
969 |
+--- a/block/blk-zoned.c |
970 |
++++ b/block/blk-zoned.c |
971 |
+@@ -319,9 +319,6 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, |
972 |
+ if (!blk_queue_is_zoned(q)) |
973 |
+ return -ENOTTY; |
974 |
+ |
975 |
+- if (!capable(CAP_SYS_ADMIN)) |
976 |
+- return -EACCES; |
977 |
+- |
978 |
+ if (copy_from_user(&rep, argp, sizeof(struct blk_zone_report))) |
979 |
+ return -EFAULT; |
980 |
+ |
981 |
+@@ -380,9 +377,6 @@ int blkdev_reset_zones_ioctl(struct block_device *bdev, fmode_t mode, |
982 |
+ if (!blk_queue_is_zoned(q)) |
983 |
+ return -ENOTTY; |
984 |
+ |
985 |
+- if (!capable(CAP_SYS_ADMIN)) |
986 |
+- return -EACCES; |
987 |
+- |
988 |
+ if (!(mode & FMODE_WRITE)) |
989 |
+ return -EBADF; |
990 |
+ |
991 |
+diff --git a/certs/Makefile b/certs/Makefile |
992 |
+index 5d0999b9e21b1..ca3c71e3a3d9f 100644 |
993 |
+--- a/certs/Makefile |
994 |
++++ b/certs/Makefile |
995 |
+@@ -46,11 +46,19 @@ endif |
996 |
+ redirect_openssl = 2>&1 |
997 |
+ quiet_redirect_openssl = 2>&1 |
998 |
+ silent_redirect_openssl = 2>/dev/null |
999 |
++openssl_available = $(shell openssl help 2>/dev/null && echo yes) |
1000 |
+ |
1001 |
+ # We do it this way rather than having a boolean option for enabling an |
1002 |
+ # external private key, because 'make randconfig' might enable such a |
1003 |
+ # boolean option and we unfortunately can't make it depend on !RANDCONFIG. |
1004 |
+ ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") |
1005 |
++ |
1006 |
++ifeq ($(openssl_available),yes) |
1007 |
++X509TEXT=$(shell openssl x509 -in "certs/signing_key.pem" -text 2>/dev/null) |
1008 |
++ |
1009 |
++$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f "certs/signing_key.pem")) |
1010 |
++endif |
1011 |
++ |
1012 |
+ $(obj)/signing_key.pem: $(obj)/x509.genkey |
1013 |
+ @$(kecho) "###" |
1014 |
+ @$(kecho) "### Now generating an X.509 key pair to be used for signing modules." |
1015 |
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
1016 |
+index db1d86af21b4d..b95a4194a68db 100644 |
1017 |
+--- a/drivers/ata/libata-core.c |
1018 |
++++ b/drivers/ata/libata-core.c |
1019 |
+@@ -4574,6 +4574,10 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { |
1020 |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, }, |
1021 |
+ { "Samsung SSD 850*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | |
1022 |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, }, |
1023 |
++ { "Samsung SSD 860*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | |
1024 |
++ ATA_HORKAGE_ZERO_AFTER_TRIM, }, |
1025 |
++ { "Samsung SSD 870*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | |
1026 |
++ ATA_HORKAGE_ZERO_AFTER_TRIM, }, |
1027 |
+ { "FCCT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM | |
1028 |
+ ATA_HORKAGE_ZERO_AFTER_TRIM, }, |
1029 |
+ |
1030 |
+@@ -6412,7 +6416,7 @@ int ata_host_start(struct ata_host *host) |
1031 |
+ have_stop = 1; |
1032 |
+ } |
1033 |
+ |
1034 |
+- if (host->ops->host_stop) |
1035 |
++ if (host->ops && host->ops->host_stop) |
1036 |
+ have_stop = 1; |
1037 |
+ |
1038 |
+ if (have_stop) { |
1039 |
+diff --git a/drivers/ata/sata_dwc_460ex.c b/drivers/ata/sata_dwc_460ex.c |
1040 |
+index 6f142aa54f5f9..8487048c5ec9b 100644 |
1041 |
+--- a/drivers/ata/sata_dwc_460ex.c |
1042 |
++++ b/drivers/ata/sata_dwc_460ex.c |
1043 |
+@@ -1253,24 +1253,20 @@ static int sata_dwc_probe(struct platform_device *ofdev) |
1044 |
+ irq = irq_of_parse_and_map(np, 0); |
1045 |
+ if (irq == NO_IRQ) { |
1046 |
+ dev_err(&ofdev->dev, "no SATA DMA irq\n"); |
1047 |
+- err = -ENODEV; |
1048 |
+- goto error_out; |
1049 |
++ return -ENODEV; |
1050 |
+ } |
1051 |
+ |
1052 |
+ #ifdef CONFIG_SATA_DWC_OLD_DMA |
1053 |
+ if (!of_find_property(np, "dmas", NULL)) { |
1054 |
+ err = sata_dwc_dma_init_old(ofdev, hsdev); |
1055 |
+ if (err) |
1056 |
+- goto error_out; |
1057 |
++ return err; |
1058 |
+ } |
1059 |
+ #endif |
1060 |
+ |
1061 |
+ hsdev->phy = devm_phy_optional_get(hsdev->dev, "sata-phy"); |
1062 |
+- if (IS_ERR(hsdev->phy)) { |
1063 |
+- err = PTR_ERR(hsdev->phy); |
1064 |
+- hsdev->phy = NULL; |
1065 |
+- goto error_out; |
1066 |
+- } |
1067 |
++ if (IS_ERR(hsdev->phy)) |
1068 |
++ return PTR_ERR(hsdev->phy); |
1069 |
+ |
1070 |
+ err = phy_init(hsdev->phy); |
1071 |
+ if (err) |
1072 |
+diff --git a/drivers/base/power/trace.c b/drivers/base/power/trace.c |
1073 |
+index 1cda505d6a852..9664cce49109b 100644 |
1074 |
+--- a/drivers/base/power/trace.c |
1075 |
++++ b/drivers/base/power/trace.c |
1076 |
+@@ -11,6 +11,7 @@ |
1077 |
+ #include <linux/export.h> |
1078 |
+ #include <linux/rtc.h> |
1079 |
+ #include <linux/suspend.h> |
1080 |
++#include <linux/init.h> |
1081 |
+ |
1082 |
+ #include <linux/mc146818rtc.h> |
1083 |
+ |
1084 |
+@@ -165,6 +166,9 @@ void generate_pm_trace(const void *tracedata, unsigned int user) |
1085 |
+ const char *file = *(const char **)(tracedata + 2); |
1086 |
+ unsigned int user_hash_value, file_hash_value; |
1087 |
+ |
1088 |
++ if (!x86_platform.legacy.rtc) |
1089 |
++ return; |
1090 |
++ |
1091 |
+ user_hash_value = user % USERHASH; |
1092 |
+ file_hash_value = hash_string(lineno, file, FILEHASH); |
1093 |
+ set_magic_time(user_hash_value, file_hash_value, dev_hash_value); |
1094 |
+@@ -267,6 +271,9 @@ static struct notifier_block pm_trace_nb = { |
1095 |
+ |
1096 |
+ static int early_resume_init(void) |
1097 |
+ { |
1098 |
++ if (!x86_platform.legacy.rtc) |
1099 |
++ return 0; |
1100 |
++ |
1101 |
+ hash_value_early_read = read_magic_time(); |
1102 |
+ register_pm_notifier(&pm_trace_nb); |
1103 |
+ return 0; |
1104 |
+@@ -277,6 +284,9 @@ static int late_resume_init(void) |
1105 |
+ unsigned int val = hash_value_early_read; |
1106 |
+ unsigned int user, file, dev; |
1107 |
+ |
1108 |
++ if (!x86_platform.legacy.rtc) |
1109 |
++ return 0; |
1110 |
++ |
1111 |
+ user = val % USERHASH; |
1112 |
+ val = val / USERHASH; |
1113 |
+ file = val % FILEHASH; |
1114 |
+diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c |
1115 |
+index e8b3353c18eb8..330ab9c85d1b8 100644 |
1116 |
+--- a/drivers/base/regmap/regmap.c |
1117 |
++++ b/drivers/base/regmap/regmap.c |
1118 |
+@@ -1479,7 +1479,7 @@ static int _regmap_raw_write_impl(struct regmap *map, unsigned int reg, |
1119 |
+ if (ret) { |
1120 |
+ dev_err(map->dev, |
1121 |
+ "Error in caching of register: %x ret: %d\n", |
1122 |
+- reg + i, ret); |
1123 |
++ reg + regmap_get_offset(map, i), ret); |
1124 |
+ return ret; |
1125 |
+ } |
1126 |
+ } |
1127 |
+diff --git a/drivers/bcma/main.c b/drivers/bcma/main.c |
1128 |
+index fc1f4acdd189e..c0f203deaf0b5 100644 |
1129 |
+--- a/drivers/bcma/main.c |
1130 |
++++ b/drivers/bcma/main.c |
1131 |
+@@ -236,6 +236,7 @@ EXPORT_SYMBOL(bcma_core_irq); |
1132 |
+ |
1133 |
+ void bcma_prepare_core(struct bcma_bus *bus, struct bcma_device *core) |
1134 |
+ { |
1135 |
++ device_initialize(&core->dev); |
1136 |
+ core->dev.release = bcma_release_core_dev; |
1137 |
+ core->dev.bus = &bcma_bus_type; |
1138 |
+ dev_set_name(&core->dev, "bcma%d:%d", bus->num, core->core_index); |
1139 |
+@@ -299,11 +300,10 @@ static void bcma_register_core(struct bcma_bus *bus, struct bcma_device *core) |
1140 |
+ { |
1141 |
+ int err; |
1142 |
+ |
1143 |
+- err = device_register(&core->dev); |
1144 |
++ err = device_add(&core->dev); |
1145 |
+ if (err) { |
1146 |
+ bcma_err(bus, "Could not register dev for core 0x%03X\n", |
1147 |
+ core->id.id); |
1148 |
+- put_device(&core->dev); |
1149 |
+ return; |
1150 |
+ } |
1151 |
+ core->dev_registered = true; |
1152 |
+@@ -394,7 +394,7 @@ void bcma_unregister_cores(struct bcma_bus *bus) |
1153 |
+ /* Now noone uses internally-handled cores, we can free them */ |
1154 |
+ list_for_each_entry_safe(core, tmp, &bus->cores, list) { |
1155 |
+ list_del(&core->list); |
1156 |
+- kfree(core); |
1157 |
++ put_device(&core->dev); |
1158 |
+ } |
1159 |
+ } |
1160 |
+ |
1161 |
+diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig |
1162 |
+index e101f286ac353..60662771bd465 100644 |
1163 |
+--- a/drivers/block/Kconfig |
1164 |
++++ b/drivers/block/Kconfig |
1165 |
+@@ -242,7 +242,7 @@ config BLK_DEV_LOOP_MIN_COUNT |
1166 |
+ dynamically allocated with the /dev/loop-control interface. |
1167 |
+ |
1168 |
+ config BLK_DEV_CRYPTOLOOP |
1169 |
+- tristate "Cryptoloop Support" |
1170 |
++ tristate "Cryptoloop Support (DEPRECATED)" |
1171 |
+ select CRYPTO |
1172 |
+ select CRYPTO_CBC |
1173 |
+ depends on BLK_DEV_LOOP |
1174 |
+@@ -254,7 +254,7 @@ config BLK_DEV_CRYPTOLOOP |
1175 |
+ WARNING: This device is not safe for journaled file systems like |
1176 |
+ ext3 or Reiserfs. Please use the Device Mapper crypto module |
1177 |
+ instead, which can be configured to be on-disk compatible with the |
1178 |
+- cryptoloop device. |
1179 |
++ cryptoloop device. cryptoloop support will be removed in Linux 5.16. |
1180 |
+ |
1181 |
+ source "drivers/block/drbd/Kconfig" |
1182 |
+ |
1183 |
+diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c |
1184 |
+index 7033a4beda669..1b84105dfe62d 100644 |
1185 |
+--- a/drivers/block/cryptoloop.c |
1186 |
++++ b/drivers/block/cryptoloop.c |
1187 |
+@@ -201,6 +201,8 @@ init_cryptoloop(void) |
1188 |
+ |
1189 |
+ if (rc) |
1190 |
+ printk(KERN_ERR "cryptoloop: loop_register_transfer failed\n"); |
1191 |
++ else |
1192 |
++ pr_warn("the cryptoloop driver has been deprecated and will be removed in in Linux 5.16\n"); |
1193 |
+ return rc; |
1194 |
+ } |
1195 |
+ |
1196 |
+diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c |
1197 |
+index 3806fd8fef0b1..a9490c8e82a70 100644 |
1198 |
+--- a/drivers/clk/clk.c |
1199 |
++++ b/drivers/clk/clk.c |
1200 |
+@@ -46,11 +46,6 @@ static struct hlist_head *all_lists[] = { |
1201 |
+ NULL, |
1202 |
+ }; |
1203 |
+ |
1204 |
+-static struct hlist_head *orphan_list[] = { |
1205 |
+- &clk_orphan_list, |
1206 |
+- NULL, |
1207 |
+-}; |
1208 |
+- |
1209 |
+ /*** private data structures ***/ |
1210 |
+ |
1211 |
+ struct clk_core { |
1212 |
+@@ -2629,6 +2624,11 @@ static int inited = 0; |
1213 |
+ static DEFINE_MUTEX(clk_debug_lock); |
1214 |
+ static HLIST_HEAD(clk_debug_list); |
1215 |
+ |
1216 |
++static struct hlist_head *orphan_list[] = { |
1217 |
++ &clk_orphan_list, |
1218 |
++ NULL, |
1219 |
++}; |
1220 |
++ |
1221 |
+ static void clk_summary_show_one(struct seq_file *s, struct clk_core *c, |
1222 |
+ int level) |
1223 |
+ { |
1224 |
+diff --git a/drivers/clk/mvebu/kirkwood.c b/drivers/clk/mvebu/kirkwood.c |
1225 |
+index 890ebf623261b..38612cd9092eb 100644 |
1226 |
+--- a/drivers/clk/mvebu/kirkwood.c |
1227 |
++++ b/drivers/clk/mvebu/kirkwood.c |
1228 |
+@@ -254,6 +254,7 @@ static const char *powersave_parents[] = { |
1229 |
+ static const struct clk_muxing_soc_desc kirkwood_mux_desc[] __initconst = { |
1230 |
+ { "powersave", powersave_parents, ARRAY_SIZE(powersave_parents), |
1231 |
+ 11, 1, 0 }, |
1232 |
++ { } |
1233 |
+ }; |
1234 |
+ |
1235 |
+ static struct clk *clk_muxing_get_src( |
1236 |
+diff --git a/drivers/clocksource/sh_cmt.c b/drivers/clocksource/sh_cmt.c |
1237 |
+index cec90a4c79b34..7a6d4c4c0feba 100644 |
1238 |
+--- a/drivers/clocksource/sh_cmt.c |
1239 |
++++ b/drivers/clocksource/sh_cmt.c |
1240 |
+@@ -576,7 +576,8 @@ static int sh_cmt_start(struct sh_cmt_channel *ch, unsigned long flag) |
1241 |
+ ch->flags |= flag; |
1242 |
+ |
1243 |
+ /* setup timeout if no clockevent */ |
1244 |
+- if ((flag == FLAG_CLOCKSOURCE) && (!(ch->flags & FLAG_CLOCKEVENT))) |
1245 |
++ if (ch->cmt->num_channels == 1 && |
1246 |
++ flag == FLAG_CLOCKSOURCE && (!(ch->flags & FLAG_CLOCKEVENT))) |
1247 |
+ __sh_cmt_set_next(ch, ch->max_match_value); |
1248 |
+ out: |
1249 |
+ raw_spin_unlock_irqrestore(&ch->lock, flags); |
1250 |
+@@ -612,20 +613,25 @@ static struct sh_cmt_channel *cs_to_sh_cmt(struct clocksource *cs) |
1251 |
+ static u64 sh_cmt_clocksource_read(struct clocksource *cs) |
1252 |
+ { |
1253 |
+ struct sh_cmt_channel *ch = cs_to_sh_cmt(cs); |
1254 |
+- unsigned long flags; |
1255 |
+ u32 has_wrapped; |
1256 |
+- u64 value; |
1257 |
+- u32 raw; |
1258 |
+ |
1259 |
+- raw_spin_lock_irqsave(&ch->lock, flags); |
1260 |
+- value = ch->total_cycles; |
1261 |
+- raw = sh_cmt_get_counter(ch, &has_wrapped); |
1262 |
++ if (ch->cmt->num_channels == 1) { |
1263 |
++ unsigned long flags; |
1264 |
++ u64 value; |
1265 |
++ u32 raw; |
1266 |
+ |
1267 |
+- if (unlikely(has_wrapped)) |
1268 |
+- raw += ch->match_value + 1; |
1269 |
+- raw_spin_unlock_irqrestore(&ch->lock, flags); |
1270 |
++ raw_spin_lock_irqsave(&ch->lock, flags); |
1271 |
++ value = ch->total_cycles; |
1272 |
++ raw = sh_cmt_get_counter(ch, &has_wrapped); |
1273 |
++ |
1274 |
++ if (unlikely(has_wrapped)) |
1275 |
++ raw += ch->match_value + 1; |
1276 |
++ raw_spin_unlock_irqrestore(&ch->lock, flags); |
1277 |
++ |
1278 |
++ return value + raw; |
1279 |
++ } |
1280 |
+ |
1281 |
+- return value + raw; |
1282 |
++ return sh_cmt_get_counter(ch, &has_wrapped); |
1283 |
+ } |
1284 |
+ |
1285 |
+ static int sh_cmt_clocksource_enable(struct clocksource *cs) |
1286 |
+@@ -688,7 +694,7 @@ static int sh_cmt_register_clocksource(struct sh_cmt_channel *ch, |
1287 |
+ cs->disable = sh_cmt_clocksource_disable; |
1288 |
+ cs->suspend = sh_cmt_clocksource_suspend; |
1289 |
+ cs->resume = sh_cmt_clocksource_resume; |
1290 |
+- cs->mask = CLOCKSOURCE_MASK(sizeof(u64) * 8); |
1291 |
++ cs->mask = CLOCKSOURCE_MASK(ch->cmt->info->width); |
1292 |
+ cs->flags = CLOCK_SOURCE_IS_CONTINUOUS; |
1293 |
+ |
1294 |
+ dev_info(&ch->cmt->pdev->dev, "ch%u: used as clock source\n", |
1295 |
+diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c |
1296 |
+index 5da985604692f..3ebadabf54110 100644 |
1297 |
+--- a/drivers/cpufreq/powernv-cpufreq.c |
1298 |
++++ b/drivers/cpufreq/powernv-cpufreq.c |
1299 |
+@@ -46,6 +46,7 @@ |
1300 |
+ #define MAX_PSTATE_SHIFT 32 |
1301 |
+ #define LPSTATE_SHIFT 48 |
1302 |
+ #define GPSTATE_SHIFT 56 |
1303 |
++#define MAX_NR_CHIPS 32 |
1304 |
+ |
1305 |
+ #define MAX_RAMP_DOWN_TIME 5120 |
1306 |
+ /* |
1307 |
+@@ -1051,12 +1052,20 @@ static int init_chip_info(void) |
1308 |
+ unsigned int *chip; |
1309 |
+ unsigned int cpu, i; |
1310 |
+ unsigned int prev_chip_id = UINT_MAX; |
1311 |
++ cpumask_t *chip_cpu_mask; |
1312 |
+ int ret = 0; |
1313 |
+ |
1314 |
+ chip = kcalloc(num_possible_cpus(), sizeof(*chip), GFP_KERNEL); |
1315 |
+ if (!chip) |
1316 |
+ return -ENOMEM; |
1317 |
+ |
1318 |
++ /* Allocate a chip cpu mask large enough to fit mask for all chips */ |
1319 |
++ chip_cpu_mask = kcalloc(MAX_NR_CHIPS, sizeof(cpumask_t), GFP_KERNEL); |
1320 |
++ if (!chip_cpu_mask) { |
1321 |
++ ret = -ENOMEM; |
1322 |
++ goto free_and_return; |
1323 |
++ } |
1324 |
++ |
1325 |
+ for_each_possible_cpu(cpu) { |
1326 |
+ unsigned int id = cpu_to_chip_id(cpu); |
1327 |
+ |
1328 |
+@@ -1064,22 +1073,25 @@ static int init_chip_info(void) |
1329 |
+ prev_chip_id = id; |
1330 |
+ chip[nr_chips++] = id; |
1331 |
+ } |
1332 |
++ cpumask_set_cpu(cpu, &chip_cpu_mask[nr_chips-1]); |
1333 |
+ } |
1334 |
+ |
1335 |
+ chips = kcalloc(nr_chips, sizeof(struct chip), GFP_KERNEL); |
1336 |
+ if (!chips) { |
1337 |
+ ret = -ENOMEM; |
1338 |
+- goto free_and_return; |
1339 |
++ goto out_free_chip_cpu_mask; |
1340 |
+ } |
1341 |
+ |
1342 |
+ for (i = 0; i < nr_chips; i++) { |
1343 |
+ chips[i].id = chip[i]; |
1344 |
+- cpumask_copy(&chips[i].mask, cpumask_of_node(chip[i])); |
1345 |
++ cpumask_copy(&chips[i].mask, &chip_cpu_mask[i]); |
1346 |
+ INIT_WORK(&chips[i].throttle, powernv_cpufreq_work_fn); |
1347 |
+ for_each_cpu(cpu, &chips[i].mask) |
1348 |
+ per_cpu(chip_info, cpu) = &chips[i]; |
1349 |
+ } |
1350 |
+ |
1351 |
++out_free_chip_cpu_mask: |
1352 |
++ kfree(chip_cpu_mask); |
1353 |
+ free_and_return: |
1354 |
+ kfree(chip); |
1355 |
+ return ret; |
1356 |
+diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c |
1357 |
+index b0c592073a4a3..da834ae3586b6 100644 |
1358 |
+--- a/drivers/crypto/mxs-dcp.c |
1359 |
++++ b/drivers/crypto/mxs-dcp.c |
1360 |
+@@ -167,15 +167,19 @@ static struct dcp *global_sdcp; |
1361 |
+ |
1362 |
+ static int mxs_dcp_start_dma(struct dcp_async_ctx *actx) |
1363 |
+ { |
1364 |
++ int dma_err; |
1365 |
+ struct dcp *sdcp = global_sdcp; |
1366 |
+ const int chan = actx->chan; |
1367 |
+ uint32_t stat; |
1368 |
+ unsigned long ret; |
1369 |
+ struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan]; |
1370 |
+- |
1371 |
+ dma_addr_t desc_phys = dma_map_single(sdcp->dev, desc, sizeof(*desc), |
1372 |
+ DMA_TO_DEVICE); |
1373 |
+ |
1374 |
++ dma_err = dma_mapping_error(sdcp->dev, desc_phys); |
1375 |
++ if (dma_err) |
1376 |
++ return dma_err; |
1377 |
++ |
1378 |
+ reinit_completion(&sdcp->completion[chan]); |
1379 |
+ |
1380 |
+ /* Clear status register. */ |
1381 |
+@@ -213,18 +217,29 @@ static int mxs_dcp_start_dma(struct dcp_async_ctx *actx) |
1382 |
+ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx, |
1383 |
+ struct ablkcipher_request *req, int init) |
1384 |
+ { |
1385 |
++ dma_addr_t key_phys, src_phys, dst_phys; |
1386 |
+ struct dcp *sdcp = global_sdcp; |
1387 |
+ struct dcp_dma_desc *desc = &sdcp->coh->desc[actx->chan]; |
1388 |
+ struct dcp_aes_req_ctx *rctx = ablkcipher_request_ctx(req); |
1389 |
+ int ret; |
1390 |
+ |
1391 |
+- dma_addr_t key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key, |
1392 |
+- 2 * AES_KEYSIZE_128, |
1393 |
+- DMA_TO_DEVICE); |
1394 |
+- dma_addr_t src_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_in_buf, |
1395 |
+- DCP_BUF_SZ, DMA_TO_DEVICE); |
1396 |
+- dma_addr_t dst_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_out_buf, |
1397 |
+- DCP_BUF_SZ, DMA_FROM_DEVICE); |
1398 |
++ key_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_key, |
1399 |
++ 2 * AES_KEYSIZE_128, DMA_TO_DEVICE); |
1400 |
++ ret = dma_mapping_error(sdcp->dev, key_phys); |
1401 |
++ if (ret) |
1402 |
++ return ret; |
1403 |
++ |
1404 |
++ src_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_in_buf, |
1405 |
++ DCP_BUF_SZ, DMA_TO_DEVICE); |
1406 |
++ ret = dma_mapping_error(sdcp->dev, src_phys); |
1407 |
++ if (ret) |
1408 |
++ goto err_src; |
1409 |
++ |
1410 |
++ dst_phys = dma_map_single(sdcp->dev, sdcp->coh->aes_out_buf, |
1411 |
++ DCP_BUF_SZ, DMA_FROM_DEVICE); |
1412 |
++ ret = dma_mapping_error(sdcp->dev, dst_phys); |
1413 |
++ if (ret) |
1414 |
++ goto err_dst; |
1415 |
+ |
1416 |
+ if (actx->fill % AES_BLOCK_SIZE) { |
1417 |
+ dev_err(sdcp->dev, "Invalid block size!\n"); |
1418 |
+@@ -262,10 +277,12 @@ static int mxs_dcp_run_aes(struct dcp_async_ctx *actx, |
1419 |
+ ret = mxs_dcp_start_dma(actx); |
1420 |
+ |
1421 |
+ aes_done_run: |
1422 |
++ dma_unmap_single(sdcp->dev, dst_phys, DCP_BUF_SZ, DMA_FROM_DEVICE); |
1423 |
++err_dst: |
1424 |
++ dma_unmap_single(sdcp->dev, src_phys, DCP_BUF_SZ, DMA_TO_DEVICE); |
1425 |
++err_src: |
1426 |
+ dma_unmap_single(sdcp->dev, key_phys, 2 * AES_KEYSIZE_128, |
1427 |
+ DMA_TO_DEVICE); |
1428 |
+- dma_unmap_single(sdcp->dev, src_phys, DCP_BUF_SZ, DMA_TO_DEVICE); |
1429 |
+- dma_unmap_single(sdcp->dev, dst_phys, DCP_BUF_SZ, DMA_FROM_DEVICE); |
1430 |
+ |
1431 |
+ return ret; |
1432 |
+ } |
1433 |
+@@ -280,21 +297,20 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) |
1434 |
+ |
1435 |
+ struct scatterlist *dst = req->dst; |
1436 |
+ struct scatterlist *src = req->src; |
1437 |
+- const int nents = sg_nents(req->src); |
1438 |
++ int dst_nents = sg_nents(dst); |
1439 |
+ |
1440 |
+ const int out_off = DCP_BUF_SZ; |
1441 |
+ uint8_t *in_buf = sdcp->coh->aes_in_buf; |
1442 |
+ uint8_t *out_buf = sdcp->coh->aes_out_buf; |
1443 |
+ |
1444 |
+- uint8_t *out_tmp, *src_buf, *dst_buf = NULL; |
1445 |
+ uint32_t dst_off = 0; |
1446 |
++ uint8_t *src_buf = NULL; |
1447 |
+ uint32_t last_out_len = 0; |
1448 |
+ |
1449 |
+ uint8_t *key = sdcp->coh->aes_key; |
1450 |
+ |
1451 |
+ int ret = 0; |
1452 |
+- int split = 0; |
1453 |
+- unsigned int i, len, clen, rem = 0, tlen = 0; |
1454 |
++ unsigned int i, len, clen, tlen = 0; |
1455 |
+ int init = 0; |
1456 |
+ bool limit_hit = false; |
1457 |
+ |
1458 |
+@@ -312,7 +328,7 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) |
1459 |
+ memset(key + AES_KEYSIZE_128, 0, AES_KEYSIZE_128); |
1460 |
+ } |
1461 |
+ |
1462 |
+- for_each_sg(req->src, src, nents, i) { |
1463 |
++ for_each_sg(req->src, src, sg_nents(src), i) { |
1464 |
+ src_buf = sg_virt(src); |
1465 |
+ len = sg_dma_len(src); |
1466 |
+ tlen += len; |
1467 |
+@@ -337,34 +353,17 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) |
1468 |
+ * submit the buffer. |
1469 |
+ */ |
1470 |
+ if (actx->fill == out_off || sg_is_last(src) || |
1471 |
+- limit_hit) { |
1472 |
++ limit_hit) { |
1473 |
+ ret = mxs_dcp_run_aes(actx, req, init); |
1474 |
+ if (ret) |
1475 |
+ return ret; |
1476 |
+ init = 0; |
1477 |
+ |
1478 |
+- out_tmp = out_buf; |
1479 |
++ sg_pcopy_from_buffer(dst, dst_nents, out_buf, |
1480 |
++ actx->fill, dst_off); |
1481 |
++ dst_off += actx->fill; |
1482 |
+ last_out_len = actx->fill; |
1483 |
+- while (dst && actx->fill) { |
1484 |
+- if (!split) { |
1485 |
+- dst_buf = sg_virt(dst); |
1486 |
+- dst_off = 0; |
1487 |
+- } |
1488 |
+- rem = min(sg_dma_len(dst) - dst_off, |
1489 |
+- actx->fill); |
1490 |
+- |
1491 |
+- memcpy(dst_buf + dst_off, out_tmp, rem); |
1492 |
+- out_tmp += rem; |
1493 |
+- dst_off += rem; |
1494 |
+- actx->fill -= rem; |
1495 |
+- |
1496 |
+- if (dst_off == sg_dma_len(dst)) { |
1497 |
+- dst = sg_next(dst); |
1498 |
+- split = 0; |
1499 |
+- } else { |
1500 |
+- split = 1; |
1501 |
+- } |
1502 |
+- } |
1503 |
++ actx->fill = 0; |
1504 |
+ } |
1505 |
+ } while (len); |
1506 |
+ |
1507 |
+@@ -565,6 +564,10 @@ static int mxs_dcp_run_sha(struct ahash_request *req) |
1508 |
+ dma_addr_t buf_phys = dma_map_single(sdcp->dev, sdcp->coh->sha_in_buf, |
1509 |
+ DCP_BUF_SZ, DMA_TO_DEVICE); |
1510 |
+ |
1511 |
++ ret = dma_mapping_error(sdcp->dev, buf_phys); |
1512 |
++ if (ret) |
1513 |
++ return ret; |
1514 |
++ |
1515 |
+ /* Fill in the DMA descriptor. */ |
1516 |
+ desc->control0 = MXS_DCP_CONTROL0_DECR_SEMAPHORE | |
1517 |
+ MXS_DCP_CONTROL0_INTERRUPT | |
1518 |
+@@ -597,6 +600,10 @@ static int mxs_dcp_run_sha(struct ahash_request *req) |
1519 |
+ if (rctx->fini) { |
1520 |
+ digest_phys = dma_map_single(sdcp->dev, sdcp->coh->sha_out_buf, |
1521 |
+ DCP_SHA_PAY_SZ, DMA_FROM_DEVICE); |
1522 |
++ ret = dma_mapping_error(sdcp->dev, digest_phys); |
1523 |
++ if (ret) |
1524 |
++ goto done_run; |
1525 |
++ |
1526 |
+ desc->control0 |= MXS_DCP_CONTROL0_HASH_TERM; |
1527 |
+ desc->payload = digest_phys; |
1528 |
+ } |
1529 |
+diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c |
1530 |
+index 4d31ef4724366..180f2f61b8fbc 100644 |
1531 |
+--- a/drivers/crypto/omap-sham.c |
1532 |
++++ b/drivers/crypto/omap-sham.c |
1533 |
+@@ -1739,7 +1739,7 @@ static void omap_sham_done_task(unsigned long data) |
1534 |
+ if (test_and_clear_bit(FLAGS_OUTPUT_READY, &dd->flags)) |
1535 |
+ goto finish; |
1536 |
+ } else if (test_bit(FLAGS_DMA_READY, &dd->flags)) { |
1537 |
+- if (test_and_clear_bit(FLAGS_DMA_ACTIVE, &dd->flags)) { |
1538 |
++ if (test_bit(FLAGS_DMA_ACTIVE, &dd->flags)) { |
1539 |
+ omap_sham_update_dma_stop(dd); |
1540 |
+ if (dd->err) { |
1541 |
+ err = dd->err; |
1542 |
+diff --git a/drivers/crypto/qat/qat_c3xxxvf/adf_c3xxxvf_hw_data.c b/drivers/crypto/qat/qat_c3xxxvf/adf_c3xxxvf_hw_data.c |
1543 |
+index d2d0ae445fd89..7c7d49a8a4034 100644 |
1544 |
+--- a/drivers/crypto/qat/qat_c3xxxvf/adf_c3xxxvf_hw_data.c |
1545 |
++++ b/drivers/crypto/qat/qat_c3xxxvf/adf_c3xxxvf_hw_data.c |
1546 |
+@@ -123,10 +123,10 @@ void adf_init_hw_data_c3xxxiov(struct adf_hw_device_data *hw_data) |
1547 |
+ hw_data->enable_error_correction = adf_vf_void_noop; |
1548 |
+ hw_data->init_admin_comms = adf_vf_int_noop; |
1549 |
+ hw_data->exit_admin_comms = adf_vf_void_noop; |
1550 |
+- hw_data->send_admin_init = adf_vf2pf_init; |
1551 |
++ hw_data->send_admin_init = adf_vf2pf_notify_init; |
1552 |
+ hw_data->init_arb = adf_vf_int_noop; |
1553 |
+ hw_data->exit_arb = adf_vf_void_noop; |
1554 |
+- hw_data->disable_iov = adf_vf2pf_shutdown; |
1555 |
++ hw_data->disable_iov = adf_vf2pf_notify_shutdown; |
1556 |
+ hw_data->get_accel_mask = get_accel_mask; |
1557 |
+ hw_data->get_ae_mask = get_ae_mask; |
1558 |
+ hw_data->get_num_accels = get_num_accels; |
1559 |
+diff --git a/drivers/crypto/qat/qat_c62xvf/adf_c62xvf_hw_data.c b/drivers/crypto/qat/qat_c62xvf/adf_c62xvf_hw_data.c |
1560 |
+index 38e4bc04f407b..90e8a7564756b 100644 |
1561 |
+--- a/drivers/crypto/qat/qat_c62xvf/adf_c62xvf_hw_data.c |
1562 |
++++ b/drivers/crypto/qat/qat_c62xvf/adf_c62xvf_hw_data.c |
1563 |
+@@ -123,10 +123,10 @@ void adf_init_hw_data_c62xiov(struct adf_hw_device_data *hw_data) |
1564 |
+ hw_data->enable_error_correction = adf_vf_void_noop; |
1565 |
+ hw_data->init_admin_comms = adf_vf_int_noop; |
1566 |
+ hw_data->exit_admin_comms = adf_vf_void_noop; |
1567 |
+- hw_data->send_admin_init = adf_vf2pf_init; |
1568 |
++ hw_data->send_admin_init = adf_vf2pf_notify_init; |
1569 |
+ hw_data->init_arb = adf_vf_int_noop; |
1570 |
+ hw_data->exit_arb = adf_vf_void_noop; |
1571 |
+- hw_data->disable_iov = adf_vf2pf_shutdown; |
1572 |
++ hw_data->disable_iov = adf_vf2pf_notify_shutdown; |
1573 |
+ hw_data->get_accel_mask = get_accel_mask; |
1574 |
+ hw_data->get_ae_mask = get_ae_mask; |
1575 |
+ hw_data->get_num_accels = get_num_accels; |
1576 |
+diff --git a/drivers/crypto/qat/qat_common/adf_common_drv.h b/drivers/crypto/qat/qat_common/adf_common_drv.h |
1577 |
+index d78f8d5c89c3f..289dd7e48d4a4 100644 |
1578 |
+--- a/drivers/crypto/qat/qat_common/adf_common_drv.h |
1579 |
++++ b/drivers/crypto/qat/qat_common/adf_common_drv.h |
1580 |
+@@ -239,8 +239,8 @@ void adf_enable_vf2pf_interrupts(struct adf_accel_dev *accel_dev, |
1581 |
+ void adf_enable_pf2vf_interrupts(struct adf_accel_dev *accel_dev); |
1582 |
+ void adf_disable_pf2vf_interrupts(struct adf_accel_dev *accel_dev); |
1583 |
+ |
1584 |
+-int adf_vf2pf_init(struct adf_accel_dev *accel_dev); |
1585 |
+-void adf_vf2pf_shutdown(struct adf_accel_dev *accel_dev); |
1586 |
++int adf_vf2pf_notify_init(struct adf_accel_dev *accel_dev); |
1587 |
++void adf_vf2pf_notify_shutdown(struct adf_accel_dev *accel_dev); |
1588 |
+ int adf_init_pf_wq(void); |
1589 |
+ void adf_exit_pf_wq(void); |
1590 |
+ int adf_init_vf_wq(void); |
1591 |
+@@ -263,12 +263,12 @@ static inline void adf_disable_pf2vf_interrupts(struct adf_accel_dev *accel_dev) |
1592 |
+ { |
1593 |
+ } |
1594 |
+ |
1595 |
+-static inline int adf_vf2pf_init(struct adf_accel_dev *accel_dev) |
1596 |
++static inline int adf_vf2pf_notify_init(struct adf_accel_dev *accel_dev) |
1597 |
+ { |
1598 |
+ return 0; |
1599 |
+ } |
1600 |
+ |
1601 |
+-static inline void adf_vf2pf_shutdown(struct adf_accel_dev *accel_dev) |
1602 |
++static inline void adf_vf2pf_notify_shutdown(struct adf_accel_dev *accel_dev) |
1603 |
+ { |
1604 |
+ } |
1605 |
+ |
1606 |
+diff --git a/drivers/crypto/qat/qat_common/adf_init.c b/drivers/crypto/qat/qat_common/adf_init.c |
1607 |
+index 26556c7130497..7a7d43c475342 100644 |
1608 |
+--- a/drivers/crypto/qat/qat_common/adf_init.c |
1609 |
++++ b/drivers/crypto/qat/qat_common/adf_init.c |
1610 |
+@@ -105,6 +105,7 @@ int adf_dev_init(struct adf_accel_dev *accel_dev) |
1611 |
+ struct service_hndl *service; |
1612 |
+ struct list_head *list_itr; |
1613 |
+ struct adf_hw_device_data *hw_data = accel_dev->hw_device; |
1614 |
++ int ret; |
1615 |
+ |
1616 |
+ if (!hw_data) { |
1617 |
+ dev_err(&GET_DEV(accel_dev), |
1618 |
+@@ -171,9 +172,9 @@ int adf_dev_init(struct adf_accel_dev *accel_dev) |
1619 |
+ } |
1620 |
+ |
1621 |
+ hw_data->enable_error_correction(accel_dev); |
1622 |
+- hw_data->enable_vf2pf_comms(accel_dev); |
1623 |
++ ret = hw_data->enable_vf2pf_comms(accel_dev); |
1624 |
+ |
1625 |
+- return 0; |
1626 |
++ return ret; |
1627 |
+ } |
1628 |
+ EXPORT_SYMBOL_GPL(adf_dev_init); |
1629 |
+ |
1630 |
+diff --git a/drivers/crypto/qat/qat_common/adf_isr.c b/drivers/crypto/qat/qat_common/adf_isr.c |
1631 |
+index 4898ef41fd9fd..7d319c5c071c4 100644 |
1632 |
+--- a/drivers/crypto/qat/qat_common/adf_isr.c |
1633 |
++++ b/drivers/crypto/qat/qat_common/adf_isr.c |
1634 |
+@@ -59,6 +59,8 @@ |
1635 |
+ #include "adf_transport_access_macros.h" |
1636 |
+ #include "adf_transport_internal.h" |
1637 |
+ |
1638 |
++#define ADF_MAX_NUM_VFS 32 |
1639 |
++ |
1640 |
+ static int adf_enable_msix(struct adf_accel_dev *accel_dev) |
1641 |
+ { |
1642 |
+ struct adf_accel_pci *pci_dev_info = &accel_dev->accel_pci_dev; |
1643 |
+@@ -111,7 +113,7 @@ static irqreturn_t adf_msix_isr_ae(int irq, void *dev_ptr) |
1644 |
+ struct adf_bar *pmisc = |
1645 |
+ &GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)]; |
1646 |
+ void __iomem *pmisc_bar_addr = pmisc->virt_addr; |
1647 |
+- u32 vf_mask; |
1648 |
++ unsigned long vf_mask; |
1649 |
+ |
1650 |
+ /* Get the interrupt sources triggered by VFs */ |
1651 |
+ vf_mask = ((ADF_CSR_RD(pmisc_bar_addr, ADF_ERRSOU5) & |
1652 |
+@@ -132,8 +134,7 @@ static irqreturn_t adf_msix_isr_ae(int irq, void *dev_ptr) |
1653 |
+ * unless the VF is malicious and is attempting to |
1654 |
+ * flood the host OS with VF2PF interrupts. |
1655 |
+ */ |
1656 |
+- for_each_set_bit(i, (const unsigned long *)&vf_mask, |
1657 |
+- (sizeof(vf_mask) * BITS_PER_BYTE)) { |
1658 |
++ for_each_set_bit(i, &vf_mask, ADF_MAX_NUM_VFS) { |
1659 |
+ vf_info = accel_dev->pf.vf_info + i; |
1660 |
+ |
1661 |
+ if (!__ratelimit(&vf_info->vf2pf_ratelimit)) { |
1662 |
+diff --git a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c |
1663 |
+index b3875fdf6cd72..c64481160b711 100644 |
1664 |
+--- a/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c |
1665 |
++++ b/drivers/crypto/qat/qat_common/adf_pf2vf_msg.c |
1666 |
+@@ -231,7 +231,6 @@ int adf_iov_putmsg(struct adf_accel_dev *accel_dev, u32 msg, u8 vf_nr) |
1667 |
+ |
1668 |
+ return ret; |
1669 |
+ } |
1670 |
+-EXPORT_SYMBOL_GPL(adf_iov_putmsg); |
1671 |
+ |
1672 |
+ void adf_vf2pf_req_hndl(struct adf_accel_vf_info *vf_info) |
1673 |
+ { |
1674 |
+@@ -361,6 +360,8 @@ static int adf_vf2pf_request_version(struct adf_accel_dev *accel_dev) |
1675 |
+ msg |= ADF_PFVF_COMPATIBILITY_VERSION << ADF_VF2PF_COMPAT_VER_REQ_SHIFT; |
1676 |
+ BUILD_BUG_ON(ADF_PFVF_COMPATIBILITY_VERSION > 255); |
1677 |
+ |
1678 |
++ reinit_completion(&accel_dev->vf.iov_msg_completion); |
1679 |
++ |
1680 |
+ /* Send request from VF to PF */ |
1681 |
+ ret = adf_iov_putmsg(accel_dev, msg, 0); |
1682 |
+ if (ret) { |
1683 |
+diff --git a/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c b/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c |
1684 |
+index cd5f37dffe8a6..1830194567e84 100644 |
1685 |
+--- a/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c |
1686 |
++++ b/drivers/crypto/qat/qat_common/adf_vf2pf_msg.c |
1687 |
+@@ -49,14 +49,14 @@ |
1688 |
+ #include "adf_pf2vf_msg.h" |
1689 |
+ |
1690 |
+ /** |
1691 |
+- * adf_vf2pf_init() - send init msg to PF |
1692 |
++ * adf_vf2pf_notify_init() - send init msg to PF |
1693 |
+ * @accel_dev: Pointer to acceleration VF device. |
1694 |
+ * |
1695 |
+ * Function sends an init messge from the VF to a PF |
1696 |
+ * |
1697 |
+ * Return: 0 on success, error code otherwise. |
1698 |
+ */ |
1699 |
+-int adf_vf2pf_init(struct adf_accel_dev *accel_dev) |
1700 |
++int adf_vf2pf_notify_init(struct adf_accel_dev *accel_dev) |
1701 |
+ { |
1702 |
+ u32 msg = (ADF_VF2PF_MSGORIGIN_SYSTEM | |
1703 |
+ (ADF_VF2PF_MSGTYPE_INIT << ADF_VF2PF_MSGTYPE_SHIFT)); |
1704 |
+@@ -69,17 +69,17 @@ int adf_vf2pf_init(struct adf_accel_dev *accel_dev) |
1705 |
+ set_bit(ADF_STATUS_PF_RUNNING, &accel_dev->status); |
1706 |
+ return 0; |
1707 |
+ } |
1708 |
+-EXPORT_SYMBOL_GPL(adf_vf2pf_init); |
1709 |
++EXPORT_SYMBOL_GPL(adf_vf2pf_notify_init); |
1710 |
+ |
1711 |
+ /** |
1712 |
+- * adf_vf2pf_shutdown() - send shutdown msg to PF |
1713 |
++ * adf_vf2pf_notify_shutdown() - send shutdown msg to PF |
1714 |
+ * @accel_dev: Pointer to acceleration VF device. |
1715 |
+ * |
1716 |
+ * Function sends a shutdown messge from the VF to a PF |
1717 |
+ * |
1718 |
+ * Return: void |
1719 |
+ */ |
1720 |
+-void adf_vf2pf_shutdown(struct adf_accel_dev *accel_dev) |
1721 |
++void adf_vf2pf_notify_shutdown(struct adf_accel_dev *accel_dev) |
1722 |
+ { |
1723 |
+ u32 msg = (ADF_VF2PF_MSGORIGIN_SYSTEM | |
1724 |
+ (ADF_VF2PF_MSGTYPE_SHUTDOWN << ADF_VF2PF_MSGTYPE_SHIFT)); |
1725 |
+@@ -89,4 +89,4 @@ void adf_vf2pf_shutdown(struct adf_accel_dev *accel_dev) |
1726 |
+ dev_err(&GET_DEV(accel_dev), |
1727 |
+ "Failed to send Shutdown event to PF\n"); |
1728 |
+ } |
1729 |
+-EXPORT_SYMBOL_GPL(adf_vf2pf_shutdown); |
1730 |
++EXPORT_SYMBOL_GPL(adf_vf2pf_notify_shutdown); |
1731 |
+diff --git a/drivers/crypto/qat/qat_common/adf_vf_isr.c b/drivers/crypto/qat/qat_common/adf_vf_isr.c |
1732 |
+index df9a1f35b8320..ef90902c8200d 100644 |
1733 |
+--- a/drivers/crypto/qat/qat_common/adf_vf_isr.c |
1734 |
++++ b/drivers/crypto/qat/qat_common/adf_vf_isr.c |
1735 |
+@@ -203,6 +203,7 @@ static irqreturn_t adf_isr(int irq, void *privdata) |
1736 |
+ struct adf_bar *pmisc = |
1737 |
+ &GET_BARS(accel_dev)[hw_data->get_misc_bar_id(hw_data)]; |
1738 |
+ void __iomem *pmisc_bar_addr = pmisc->virt_addr; |
1739 |
++ bool handled = false; |
1740 |
+ u32 v_int; |
1741 |
+ |
1742 |
+ /* Read VF INT source CSR to determine the source of VF interrupt */ |
1743 |
+@@ -215,7 +216,7 @@ static irqreturn_t adf_isr(int irq, void *privdata) |
1744 |
+ |
1745 |
+ /* Schedule tasklet to handle interrupt BH */ |
1746 |
+ tasklet_hi_schedule(&accel_dev->vf.pf2vf_bh_tasklet); |
1747 |
+- return IRQ_HANDLED; |
1748 |
++ handled = true; |
1749 |
+ } |
1750 |
+ |
1751 |
+ /* Check bundle interrupt */ |
1752 |
+@@ -227,10 +228,10 @@ static irqreturn_t adf_isr(int irq, void *privdata) |
1753 |
+ WRITE_CSR_INT_FLAG_AND_COL(bank->csr_addr, bank->bank_number, |
1754 |
+ 0); |
1755 |
+ tasklet_hi_schedule(&bank->resp_handler); |
1756 |
+- return IRQ_HANDLED; |
1757 |
++ handled = true; |
1758 |
+ } |
1759 |
+ |
1760 |
+- return IRQ_NONE; |
1761 |
++ return handled ? IRQ_HANDLED : IRQ_NONE; |
1762 |
+ } |
1763 |
+ |
1764 |
+ static int adf_request_msi_irq(struct adf_accel_dev *accel_dev) |
1765 |
+diff --git a/drivers/crypto/qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.c b/drivers/crypto/qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.c |
1766 |
+index a3b4dd8099a7b..3a8361c83f0b1 100644 |
1767 |
+--- a/drivers/crypto/qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.c |
1768 |
++++ b/drivers/crypto/qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.c |
1769 |
+@@ -123,10 +123,10 @@ void adf_init_hw_data_dh895xcciov(struct adf_hw_device_data *hw_data) |
1770 |
+ hw_data->enable_error_correction = adf_vf_void_noop; |
1771 |
+ hw_data->init_admin_comms = adf_vf_int_noop; |
1772 |
+ hw_data->exit_admin_comms = adf_vf_void_noop; |
1773 |
+- hw_data->send_admin_init = adf_vf2pf_init; |
1774 |
++ hw_data->send_admin_init = adf_vf2pf_notify_init; |
1775 |
+ hw_data->init_arb = adf_vf_int_noop; |
1776 |
+ hw_data->exit_arb = adf_vf_void_noop; |
1777 |
+- hw_data->disable_iov = adf_vf2pf_shutdown; |
1778 |
++ hw_data->disable_iov = adf_vf2pf_notify_shutdown; |
1779 |
+ hw_data->get_accel_mask = get_accel_mask; |
1780 |
+ hw_data->get_ae_mask = get_ae_mask; |
1781 |
+ hw_data->get_num_accels = get_num_accels; |
1782 |
+diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c |
1783 |
+index 7a55baa861e58..07e1a286ee431 100644 |
1784 |
+--- a/drivers/crypto/talitos.c |
1785 |
++++ b/drivers/crypto/talitos.c |
1786 |
+@@ -853,7 +853,11 @@ static void talitos_unregister_rng(struct device *dev) |
1787 |
+ * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP |
1788 |
+ */ |
1789 |
+ #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1) |
1790 |
++#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2 |
1791 |
+ #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE) |
1792 |
++#else |
1793 |
++#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE) |
1794 |
++#endif |
1795 |
+ #define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */ |
1796 |
+ |
1797 |
+ struct talitos_ctx { |
1798 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.c |
1799 |
+index f2739995c335a..199eccee0b0bb 100644 |
1800 |
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.c |
1801 |
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_i2c.c |
1802 |
+@@ -338,7 +338,7 @@ static void amdgpu_i2c_put_byte(struct amdgpu_i2c_chan *i2c_bus, |
1803 |
+ void |
1804 |
+ amdgpu_i2c_router_select_ddc_port(const struct amdgpu_connector *amdgpu_connector) |
1805 |
+ { |
1806 |
+- u8 val; |
1807 |
++ u8 val = 0; |
1808 |
+ |
1809 |
+ if (!amdgpu_connector->router.ddc_valid) |
1810 |
+ return; |
1811 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |
1812 |
+index b14ce112703f0..e25952d516e22 100644 |
1813 |
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |
1814 |
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |
1815 |
+@@ -216,7 +216,7 @@ void amdgpu_bo_placement_from_domain(struct amdgpu_bo *abo, u32 domain) |
1816 |
+ c++; |
1817 |
+ } |
1818 |
+ |
1819 |
+- BUG_ON(c >= AMDGPU_BO_MAX_PLACEMENTS); |
1820 |
++ BUG_ON(c > AMDGPU_BO_MAX_PLACEMENTS); |
1821 |
+ |
1822 |
+ placement->num_placement = c; |
1823 |
+ placement->placement = places; |
1824 |
+diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c |
1825 |
+index 0d9e410ca01e2..dbfe5623997d4 100644 |
1826 |
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c |
1827 |
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c |
1828 |
+@@ -92,29 +92,29 @@ static ssize_t dp_link_settings_read(struct file *f, char __user *buf, |
1829 |
+ |
1830 |
+ rd_buf_ptr = rd_buf; |
1831 |
+ |
1832 |
+- str_len = strlen("Current: %d %d %d "); |
1833 |
+- snprintf(rd_buf_ptr, str_len, "Current: %d %d %d ", |
1834 |
++ str_len = strlen("Current: %d 0x%x %d "); |
1835 |
++ snprintf(rd_buf_ptr, str_len, "Current: %d 0x%x %d ", |
1836 |
+ link->cur_link_settings.lane_count, |
1837 |
+ link->cur_link_settings.link_rate, |
1838 |
+ link->cur_link_settings.link_spread); |
1839 |
+ rd_buf_ptr += str_len; |
1840 |
+ |
1841 |
+- str_len = strlen("Verified: %d %d %d "); |
1842 |
+- snprintf(rd_buf_ptr, str_len, "Verified: %d %d %d ", |
1843 |
++ str_len = strlen("Verified: %d 0x%x %d "); |
1844 |
++ snprintf(rd_buf_ptr, str_len, "Verified: %d 0x%x %d ", |
1845 |
+ link->verified_link_cap.lane_count, |
1846 |
+ link->verified_link_cap.link_rate, |
1847 |
+ link->verified_link_cap.link_spread); |
1848 |
+ rd_buf_ptr += str_len; |
1849 |
+ |
1850 |
+- str_len = strlen("Reported: %d %d %d "); |
1851 |
+- snprintf(rd_buf_ptr, str_len, "Reported: %d %d %d ", |
1852 |
++ str_len = strlen("Reported: %d 0x%x %d "); |
1853 |
++ snprintf(rd_buf_ptr, str_len, "Reported: %d 0x%x %d ", |
1854 |
+ link->reported_link_cap.lane_count, |
1855 |
+ link->reported_link_cap.link_rate, |
1856 |
+ link->reported_link_cap.link_spread); |
1857 |
+ rd_buf_ptr += str_len; |
1858 |
+ |
1859 |
+- str_len = strlen("Preferred: %d %d %d "); |
1860 |
+- snprintf(rd_buf_ptr, str_len, "Preferred: %d %d %d\n", |
1861 |
++ str_len = strlen("Preferred: %d 0x%x %d "); |
1862 |
++ snprintf(rd_buf_ptr, str_len, "Preferred: %d 0x%x %d\n", |
1863 |
+ link->preferred_link_setting.lane_count, |
1864 |
+ link->preferred_link_setting.link_rate, |
1865 |
+ link->preferred_link_setting.link_spread); |
1866 |
+diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.c |
1867 |
+index 79bafea663542..a40ea5c685728 100644 |
1868 |
+--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.c |
1869 |
++++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.c |
1870 |
+@@ -296,10 +296,12 @@ static void dpu_hw_ctl_clear_all_blendstages(struct dpu_hw_ctl *ctx) |
1871 |
+ int i; |
1872 |
+ |
1873 |
+ for (i = 0; i < ctx->mixer_count; i++) { |
1874 |
+- DPU_REG_WRITE(c, CTL_LAYER(LM_0 + i), 0); |
1875 |
+- DPU_REG_WRITE(c, CTL_LAYER_EXT(LM_0 + i), 0); |
1876 |
+- DPU_REG_WRITE(c, CTL_LAYER_EXT2(LM_0 + i), 0); |
1877 |
+- DPU_REG_WRITE(c, CTL_LAYER_EXT3(LM_0 + i), 0); |
1878 |
++ enum dpu_lm mixer_id = ctx->mixer_hw_caps[i].id; |
1879 |
++ |
1880 |
++ DPU_REG_WRITE(c, CTL_LAYER(mixer_id), 0); |
1881 |
++ DPU_REG_WRITE(c, CTL_LAYER_EXT(mixer_id), 0); |
1882 |
++ DPU_REG_WRITE(c, CTL_LAYER_EXT2(mixer_id), 0); |
1883 |
++ DPU_REG_WRITE(c, CTL_LAYER_EXT3(mixer_id), 0); |
1884 |
+ } |
1885 |
+ } |
1886 |
+ |
1887 |
+diff --git a/drivers/gpu/drm/msm/dsi/dsi.c b/drivers/gpu/drm/msm/dsi/dsi.c |
1888 |
+index ff8164cc6738d..822cef472a7e9 100644 |
1889 |
+--- a/drivers/gpu/drm/msm/dsi/dsi.c |
1890 |
++++ b/drivers/gpu/drm/msm/dsi/dsi.c |
1891 |
+@@ -34,8 +34,10 @@ static int dsi_get_phy(struct msm_dsi *msm_dsi) |
1892 |
+ } |
1893 |
+ |
1894 |
+ phy_pdev = of_find_device_by_node(phy_node); |
1895 |
+- if (phy_pdev) |
1896 |
++ if (phy_pdev) { |
1897 |
+ msm_dsi->phy = platform_get_drvdata(phy_pdev); |
1898 |
++ msm_dsi->phy_dev = &phy_pdev->dev; |
1899 |
++ } |
1900 |
+ |
1901 |
+ of_node_put(phy_node); |
1902 |
+ |
1903 |
+@@ -44,8 +46,6 @@ static int dsi_get_phy(struct msm_dsi *msm_dsi) |
1904 |
+ return -EPROBE_DEFER; |
1905 |
+ } |
1906 |
+ |
1907 |
+- msm_dsi->phy_dev = get_device(&phy_pdev->dev); |
1908 |
+- |
1909 |
+ return 0; |
1910 |
+ } |
1911 |
+ |
1912 |
+diff --git a/drivers/gpu/ipu-v3/ipu-cpmem.c b/drivers/gpu/ipu-v3/ipu-cpmem.c |
1913 |
+index a9d2501500a19..170371770dd41 100644 |
1914 |
+--- a/drivers/gpu/ipu-v3/ipu-cpmem.c |
1915 |
++++ b/drivers/gpu/ipu-v3/ipu-cpmem.c |
1916 |
+@@ -545,21 +545,21 @@ static const struct ipu_rgb def_bgra_16 = { |
1917 |
+ .bits_per_pixel = 16, |
1918 |
+ }; |
1919 |
+ |
1920 |
+-#define Y_OFFSET(pix, x, y) ((x) + pix->width * (y)) |
1921 |
+-#define U_OFFSET(pix, x, y) ((pix->width * pix->height) + \ |
1922 |
+- (pix->width * ((y) / 2) / 2) + (x) / 2) |
1923 |
+-#define V_OFFSET(pix, x, y) ((pix->width * pix->height) + \ |
1924 |
+- (pix->width * pix->height / 4) + \ |
1925 |
+- (pix->width * ((y) / 2) / 2) + (x) / 2) |
1926 |
+-#define U2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ |
1927 |
+- (pix->width * (y) / 2) + (x) / 2) |
1928 |
+-#define V2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ |
1929 |
+- (pix->width * pix->height / 2) + \ |
1930 |
+- (pix->width * (y) / 2) + (x) / 2) |
1931 |
+-#define UV_OFFSET(pix, x, y) ((pix->width * pix->height) + \ |
1932 |
+- (pix->width * ((y) / 2)) + (x)) |
1933 |
+-#define UV2_OFFSET(pix, x, y) ((pix->width * pix->height) + \ |
1934 |
+- (pix->width * y) + (x)) |
1935 |
++#define Y_OFFSET(pix, x, y) ((x) + pix->bytesperline * (y)) |
1936 |
++#define U_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ |
1937 |
++ (pix->bytesperline * ((y) / 2) / 2) + (x) / 2) |
1938 |
++#define V_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ |
1939 |
++ (pix->bytesperline * pix->height / 4) + \ |
1940 |
++ (pix->bytesperline * ((y) / 2) / 2) + (x) / 2) |
1941 |
++#define U2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ |
1942 |
++ (pix->bytesperline * (y) / 2) + (x) / 2) |
1943 |
++#define V2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ |
1944 |
++ (pix->bytesperline * pix->height / 2) + \ |
1945 |
++ (pix->bytesperline * (y) / 2) + (x) / 2) |
1946 |
++#define UV_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ |
1947 |
++ (pix->bytesperline * ((y) / 2)) + (x)) |
1948 |
++#define UV2_OFFSET(pix, x, y) ((pix->bytesperline * pix->height) + \ |
1949 |
++ (pix->bytesperline * y) + (x)) |
1950 |
+ |
1951 |
+ #define NUM_ALPHA_CHANNELS 7 |
1952 |
+ |
1953 |
+diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c |
1954 |
+index 4dd151b2924e2..d56ef395eb693 100644 |
1955 |
+--- a/drivers/hid/hid-input.c |
1956 |
++++ b/drivers/hid/hid-input.c |
1957 |
+@@ -427,8 +427,6 @@ static int hidinput_get_battery_property(struct power_supply *psy, |
1958 |
+ |
1959 |
+ if (dev->battery_status == HID_BATTERY_UNKNOWN) |
1960 |
+ val->intval = POWER_SUPPLY_STATUS_UNKNOWN; |
1961 |
+- else if (dev->battery_capacity == 100) |
1962 |
+- val->intval = POWER_SUPPLY_STATUS_FULL; |
1963 |
+ else |
1964 |
+ val->intval = POWER_SUPPLY_STATUS_DISCHARGING; |
1965 |
+ break; |
1966 |
+diff --git a/drivers/i2c/busses/i2c-highlander.c b/drivers/i2c/busses/i2c-highlander.c |
1967 |
+index ff340d7ae2e52..6a880c2623808 100644 |
1968 |
+--- a/drivers/i2c/busses/i2c-highlander.c |
1969 |
++++ b/drivers/i2c/busses/i2c-highlander.c |
1970 |
+@@ -379,7 +379,7 @@ static int highlander_i2c_probe(struct platform_device *pdev) |
1971 |
+ platform_set_drvdata(pdev, dev); |
1972 |
+ |
1973 |
+ dev->irq = platform_get_irq(pdev, 0); |
1974 |
+- if (iic_force_poll) |
1975 |
++ if (dev->irq < 0 || iic_force_poll) |
1976 |
+ dev->irq = 0; |
1977 |
+ |
1978 |
+ if (dev->irq) { |
1979 |
+diff --git a/drivers/i2c/busses/i2c-iop3xx.c b/drivers/i2c/busses/i2c-iop3xx.c |
1980 |
+index 85cbe4b555786..d4fe7ccccb226 100644 |
1981 |
+--- a/drivers/i2c/busses/i2c-iop3xx.c |
1982 |
++++ b/drivers/i2c/busses/i2c-iop3xx.c |
1983 |
+@@ -456,16 +456,14 @@ iop3xx_i2c_probe(struct platform_device *pdev) |
1984 |
+ |
1985 |
+ irq = platform_get_irq(pdev, 0); |
1986 |
+ if (irq < 0) { |
1987 |
+- ret = -ENXIO; |
1988 |
++ ret = irq; |
1989 |
+ goto unmap; |
1990 |
+ } |
1991 |
+ ret = request_irq(irq, iop3xx_i2c_irq_handler, 0, |
1992 |
+ pdev->name, adapter_data); |
1993 |
+ |
1994 |
+- if (ret) { |
1995 |
+- ret = -EIO; |
1996 |
++ if (ret) |
1997 |
+ goto unmap; |
1998 |
+- } |
1999 |
+ |
2000 |
+ memcpy(new_adapter->name, pdev->name, strlen(pdev->name)); |
2001 |
+ new_adapter->owner = THIS_MODULE; |
2002 |
+diff --git a/drivers/i2c/busses/i2c-mt65xx.c b/drivers/i2c/busses/i2c-mt65xx.c |
2003 |
+index 2bb4d20ead32b..e09b065a6aff0 100644 |
2004 |
+--- a/drivers/i2c/busses/i2c-mt65xx.c |
2005 |
++++ b/drivers/i2c/busses/i2c-mt65xx.c |
2006 |
+@@ -804,7 +804,7 @@ static int mtk_i2c_probe(struct platform_device *pdev) |
2007 |
+ return PTR_ERR(i2c->pdmabase); |
2008 |
+ |
2009 |
+ irq = platform_get_irq(pdev, 0); |
2010 |
+- if (irq <= 0) |
2011 |
++ if (irq < 0) |
2012 |
+ return irq; |
2013 |
+ |
2014 |
+ init_completion(&i2c->msg_complete); |
2015 |
+diff --git a/drivers/i2c/busses/i2c-s3c2410.c b/drivers/i2c/busses/i2c-s3c2410.c |
2016 |
+index d3603e261a847..4c60369203882 100644 |
2017 |
+--- a/drivers/i2c/busses/i2c-s3c2410.c |
2018 |
++++ b/drivers/i2c/busses/i2c-s3c2410.c |
2019 |
+@@ -1179,7 +1179,7 @@ static int s3c24xx_i2c_probe(struct platform_device *pdev) |
2020 |
+ */ |
2021 |
+ if (!(i2c->quirks & QUIRK_POLL)) { |
2022 |
+ i2c->irq = ret = platform_get_irq(pdev, 0); |
2023 |
+- if (ret <= 0) { |
2024 |
++ if (ret < 0) { |
2025 |
+ dev_err(&pdev->dev, "cannot find IRQ\n"); |
2026 |
+ clk_unprepare(i2c->clk); |
2027 |
+ return ret; |
2028 |
+diff --git a/drivers/iio/dac/ad5624r_spi.c b/drivers/iio/dac/ad5624r_spi.c |
2029 |
+index 13fdb4dfe3562..cc3a24c43e574 100644 |
2030 |
+--- a/drivers/iio/dac/ad5624r_spi.c |
2031 |
++++ b/drivers/iio/dac/ad5624r_spi.c |
2032 |
+@@ -230,7 +230,7 @@ static int ad5624r_probe(struct spi_device *spi) |
2033 |
+ if (!indio_dev) |
2034 |
+ return -ENOMEM; |
2035 |
+ st = iio_priv(indio_dev); |
2036 |
+- st->reg = devm_regulator_get(&spi->dev, "vcc"); |
2037 |
++ st->reg = devm_regulator_get_optional(&spi->dev, "vref"); |
2038 |
+ if (!IS_ERR(st->reg)) { |
2039 |
+ ret = regulator_enable(st->reg); |
2040 |
+ if (ret) |
2041 |
+@@ -241,6 +241,22 @@ static int ad5624r_probe(struct spi_device *spi) |
2042 |
+ goto error_disable_reg; |
2043 |
+ |
2044 |
+ voltage_uv = ret; |
2045 |
++ } else { |
2046 |
++ if (PTR_ERR(st->reg) != -ENODEV) |
2047 |
++ return PTR_ERR(st->reg); |
2048 |
++ /* Backwards compatibility. This naming is not correct */ |
2049 |
++ st->reg = devm_regulator_get_optional(&spi->dev, "vcc"); |
2050 |
++ if (!IS_ERR(st->reg)) { |
2051 |
++ ret = regulator_enable(st->reg); |
2052 |
++ if (ret) |
2053 |
++ return ret; |
2054 |
++ |
2055 |
++ ret = regulator_get_voltage(st->reg); |
2056 |
++ if (ret < 0) |
2057 |
++ goto error_disable_reg; |
2058 |
++ |
2059 |
++ voltage_uv = ret; |
2060 |
++ } |
2061 |
+ } |
2062 |
+ |
2063 |
+ spi_set_drvdata(spi, indio_dev); |
2064 |
+diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c |
2065 |
+index 99dd8452724de..57aec656ab7fb 100644 |
2066 |
+--- a/drivers/infiniband/core/iwcm.c |
2067 |
++++ b/drivers/infiniband/core/iwcm.c |
2068 |
+@@ -1173,29 +1173,34 @@ static int __init iw_cm_init(void) |
2069 |
+ |
2070 |
+ ret = iwpm_init(RDMA_NL_IWCM); |
2071 |
+ if (ret) |
2072 |
+- pr_err("iw_cm: couldn't init iwpm\n"); |
2073 |
+- else |
2074 |
+- rdma_nl_register(RDMA_NL_IWCM, iwcm_nl_cb_table); |
2075 |
++ return ret; |
2076 |
++ |
2077 |
+ iwcm_wq = alloc_ordered_workqueue("iw_cm_wq", 0); |
2078 |
+ if (!iwcm_wq) |
2079 |
+- return -ENOMEM; |
2080 |
++ goto err_alloc; |
2081 |
+ |
2082 |
+ iwcm_ctl_table_hdr = register_net_sysctl(&init_net, "net/iw_cm", |
2083 |
+ iwcm_ctl_table); |
2084 |
+ if (!iwcm_ctl_table_hdr) { |
2085 |
+ pr_err("iw_cm: couldn't register sysctl paths\n"); |
2086 |
+- destroy_workqueue(iwcm_wq); |
2087 |
+- return -ENOMEM; |
2088 |
++ goto err_sysctl; |
2089 |
+ } |
2090 |
+ |
2091 |
++ rdma_nl_register(RDMA_NL_IWCM, iwcm_nl_cb_table); |
2092 |
+ return 0; |
2093 |
++ |
2094 |
++err_sysctl: |
2095 |
++ destroy_workqueue(iwcm_wq); |
2096 |
++err_alloc: |
2097 |
++ iwpm_exit(RDMA_NL_IWCM); |
2098 |
++ return -ENOMEM; |
2099 |
+ } |
2100 |
+ |
2101 |
+ static void __exit iw_cm_cleanup(void) |
2102 |
+ { |
2103 |
++ rdma_nl_unregister(RDMA_NL_IWCM); |
2104 |
+ unregister_net_sysctl_table(iwcm_ctl_table_hdr); |
2105 |
+ destroy_workqueue(iwcm_wq); |
2106 |
+- rdma_nl_unregister(RDMA_NL_IWCM); |
2107 |
+ iwpm_exit(RDMA_NL_IWCM); |
2108 |
+ } |
2109 |
+ |
2110 |
+diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c |
2111 |
+index 7787ec42f81e1..2df75db52e917 100644 |
2112 |
+--- a/drivers/md/bcache/super.c |
2113 |
++++ b/drivers/md/bcache/super.c |
2114 |
+@@ -824,20 +824,20 @@ static int bcache_device_init(struct bcache_device *d, unsigned int block_size, |
2115 |
+ n = BITS_TO_LONGS(d->nr_stripes) * sizeof(unsigned long); |
2116 |
+ d->full_dirty_stripes = kvzalloc(n, GFP_KERNEL); |
2117 |
+ if (!d->full_dirty_stripes) |
2118 |
+- return -ENOMEM; |
2119 |
++ goto out_free_stripe_sectors_dirty; |
2120 |
+ |
2121 |
+ idx = ida_simple_get(&bcache_device_idx, 0, |
2122 |
+ BCACHE_DEVICE_IDX_MAX, GFP_KERNEL); |
2123 |
+ if (idx < 0) |
2124 |
+- return idx; |
2125 |
++ goto out_free_full_dirty_stripes; |
2126 |
+ |
2127 |
+ if (bioset_init(&d->bio_split, 4, offsetof(struct bbio, bio), |
2128 |
+ BIOSET_NEED_BVECS|BIOSET_NEED_RESCUER)) |
2129 |
+- goto err; |
2130 |
++ goto out_ida_remove; |
2131 |
+ |
2132 |
+ d->disk = alloc_disk(BCACHE_MINORS); |
2133 |
+ if (!d->disk) |
2134 |
+- goto err; |
2135 |
++ goto out_bioset_exit; |
2136 |
+ |
2137 |
+ set_capacity(d->disk, sectors); |
2138 |
+ snprintf(d->disk->disk_name, DISK_NAME_LEN, "bcache%i", idx); |
2139 |
+@@ -872,8 +872,14 @@ static int bcache_device_init(struct bcache_device *d, unsigned int block_size, |
2140 |
+ |
2141 |
+ return 0; |
2142 |
+ |
2143 |
+-err: |
2144 |
++out_bioset_exit: |
2145 |
++ bioset_exit(&d->bio_split); |
2146 |
++out_ida_remove: |
2147 |
+ ida_simple_remove(&bcache_device_idx, idx); |
2148 |
++out_free_full_dirty_stripes: |
2149 |
++ kvfree(d->full_dirty_stripes); |
2150 |
++out_free_stripe_sectors_dirty: |
2151 |
++ kvfree(d->stripe_sectors_dirty); |
2152 |
+ return -ENOMEM; |
2153 |
+ |
2154 |
+ } |
2155 |
+diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c |
2156 |
+index 85559f772d0d6..a6a26f8e4d8e1 100644 |
2157 |
+--- a/drivers/md/dm-crypt.c |
2158 |
++++ b/drivers/md/dm-crypt.c |
2159 |
+@@ -2181,7 +2181,12 @@ static void *crypt_page_alloc(gfp_t gfp_mask, void *pool_data) |
2160 |
+ struct crypt_config *cc = pool_data; |
2161 |
+ struct page *page; |
2162 |
+ |
2163 |
+- if (unlikely(percpu_counter_compare(&cc->n_allocated_pages, dm_crypt_pages_per_client) >= 0) && |
2164 |
++ /* |
2165 |
++ * Note, percpu_counter_read_positive() may over (and under) estimate |
2166 |
++ * the current usage by at most (batch - 1) * num_online_cpus() pages, |
2167 |
++ * but avoids potential spinlock contention of an exact result. |
2168 |
++ */ |
2169 |
++ if (unlikely(percpu_counter_read_positive(&cc->n_allocated_pages) >= dm_crypt_pages_per_client) && |
2170 |
+ likely(gfp_mask & __GFP_NORETRY)) |
2171 |
+ return NULL; |
2172 |
+ |
2173 |
+diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c |
2174 |
+index 85077f4d257a7..a6a5cee6b9430 100644 |
2175 |
+--- a/drivers/md/dm-thin-metadata.c |
2176 |
++++ b/drivers/md/dm-thin-metadata.c |
2177 |
+@@ -901,7 +901,7 @@ int dm_pool_metadata_close(struct dm_pool_metadata *pmd) |
2178 |
+ return -EBUSY; |
2179 |
+ } |
2180 |
+ |
2181 |
+- if (!dm_bm_is_read_only(pmd->bm) && !pmd->fail_io) { |
2182 |
++ if (!pmd->fail_io && !dm_bm_is_read_only(pmd->bm)) { |
2183 |
+ r = __commit_transaction(pmd); |
2184 |
+ if (r < 0) |
2185 |
+ DMWARN("%s: __commit_transaction() failed, error = %d", |
2186 |
+diff --git a/drivers/md/persistent-data/dm-block-manager.c b/drivers/md/persistent-data/dm-block-manager.c |
2187 |
+index 492a3f8ac1199..0401daa0f7fbd 100644 |
2188 |
+--- a/drivers/md/persistent-data/dm-block-manager.c |
2189 |
++++ b/drivers/md/persistent-data/dm-block-manager.c |
2190 |
+@@ -494,7 +494,7 @@ int dm_bm_write_lock(struct dm_block_manager *bm, |
2191 |
+ void *p; |
2192 |
+ int r; |
2193 |
+ |
2194 |
+- if (bm->read_only) |
2195 |
++ if (dm_bm_is_read_only(bm)) |
2196 |
+ return -EPERM; |
2197 |
+ |
2198 |
+ p = dm_bufio_read(bm->bufio, b, (struct dm_buffer **) result); |
2199 |
+@@ -563,7 +563,7 @@ int dm_bm_write_lock_zero(struct dm_block_manager *bm, |
2200 |
+ struct buffer_aux *aux; |
2201 |
+ void *p; |
2202 |
+ |
2203 |
+- if (bm->read_only) |
2204 |
++ if (dm_bm_is_read_only(bm)) |
2205 |
+ return -EPERM; |
2206 |
+ |
2207 |
+ p = dm_bufio_new(bm->bufio, b, (struct dm_buffer **) result); |
2208 |
+@@ -603,7 +603,7 @@ EXPORT_SYMBOL_GPL(dm_bm_unlock); |
2209 |
+ |
2210 |
+ int dm_bm_flush(struct dm_block_manager *bm) |
2211 |
+ { |
2212 |
+- if (bm->read_only) |
2213 |
++ if (dm_bm_is_read_only(bm)) |
2214 |
+ return -EPERM; |
2215 |
+ |
2216 |
+ return dm_bufio_write_dirty_buffers(bm->bufio); |
2217 |
+@@ -617,19 +617,21 @@ void dm_bm_prefetch(struct dm_block_manager *bm, dm_block_t b) |
2218 |
+ |
2219 |
+ bool dm_bm_is_read_only(struct dm_block_manager *bm) |
2220 |
+ { |
2221 |
+- return bm->read_only; |
2222 |
++ return (bm ? bm->read_only : true); |
2223 |
+ } |
2224 |
+ EXPORT_SYMBOL_GPL(dm_bm_is_read_only); |
2225 |
+ |
2226 |
+ void dm_bm_set_read_only(struct dm_block_manager *bm) |
2227 |
+ { |
2228 |
+- bm->read_only = true; |
2229 |
++ if (bm) |
2230 |
++ bm->read_only = true; |
2231 |
+ } |
2232 |
+ EXPORT_SYMBOL_GPL(dm_bm_set_read_only); |
2233 |
+ |
2234 |
+ void dm_bm_set_read_write(struct dm_block_manager *bm) |
2235 |
+ { |
2236 |
+- bm->read_only = false; |
2237 |
++ if (bm) |
2238 |
++ bm->read_only = false; |
2239 |
+ } |
2240 |
+ EXPORT_SYMBOL_GPL(dm_bm_set_read_write); |
2241 |
+ |
2242 |
+diff --git a/drivers/media/dvb-frontends/dib8000.c b/drivers/media/dvb-frontends/dib8000.c |
2243 |
+index 3c3f8cb148451..5fa787e023c7e 100644 |
2244 |
+--- a/drivers/media/dvb-frontends/dib8000.c |
2245 |
++++ b/drivers/media/dvb-frontends/dib8000.c |
2246 |
+@@ -2110,32 +2110,55 @@ static void dib8000_load_ana_fe_coefs(struct dib8000_state *state, const s16 *an |
2247 |
+ dib8000_write_word(state, 117 + mode, ana_fe[mode]); |
2248 |
+ } |
2249 |
+ |
2250 |
+-static const u16 lut_prbs_2k[14] = { |
2251 |
+- 0, 0x423, 0x009, 0x5C7, 0x7A6, 0x3D8, 0x527, 0x7FF, 0x79B, 0x3D6, 0x3A2, 0x53B, 0x2F4, 0x213 |
2252 |
++static const u16 lut_prbs_2k[13] = { |
2253 |
++ 0x423, 0x009, 0x5C7, |
2254 |
++ 0x7A6, 0x3D8, 0x527, |
2255 |
++ 0x7FF, 0x79B, 0x3D6, |
2256 |
++ 0x3A2, 0x53B, 0x2F4, |
2257 |
++ 0x213 |
2258 |
+ }; |
2259 |
+-static const u16 lut_prbs_4k[14] = { |
2260 |
+- 0, 0x208, 0x0C3, 0x7B9, 0x423, 0x5C7, 0x3D8, 0x7FF, 0x3D6, 0x53B, 0x213, 0x029, 0x0D0, 0x48E |
2261 |
++ |
2262 |
++static const u16 lut_prbs_4k[13] = { |
2263 |
++ 0x208, 0x0C3, 0x7B9, |
2264 |
++ 0x423, 0x5C7, 0x3D8, |
2265 |
++ 0x7FF, 0x3D6, 0x53B, |
2266 |
++ 0x213, 0x029, 0x0D0, |
2267 |
++ 0x48E |
2268 |
+ }; |
2269 |
+-static const u16 lut_prbs_8k[14] = { |
2270 |
+- 0, 0x740, 0x069, 0x7DD, 0x208, 0x7B9, 0x5C7, 0x7FF, 0x53B, 0x029, 0x48E, 0x4C4, 0x367, 0x684 |
2271 |
++ |
2272 |
++static const u16 lut_prbs_8k[13] = { |
2273 |
++ 0x740, 0x069, 0x7DD, |
2274 |
++ 0x208, 0x7B9, 0x5C7, |
2275 |
++ 0x7FF, 0x53B, 0x029, |
2276 |
++ 0x48E, 0x4C4, 0x367, |
2277 |
++ 0x684 |
2278 |
+ }; |
2279 |
+ |
2280 |
+ static u16 dib8000_get_init_prbs(struct dib8000_state *state, u16 subchannel) |
2281 |
+ { |
2282 |
+ int sub_channel_prbs_group = 0; |
2283 |
++ int prbs_group; |
2284 |
+ |
2285 |
+- sub_channel_prbs_group = (subchannel / 3) + 1; |
2286 |
+- dprintk("sub_channel_prbs_group = %d , subchannel =%d prbs = 0x%04x\n", sub_channel_prbs_group, subchannel, lut_prbs_8k[sub_channel_prbs_group]); |
2287 |
++ sub_channel_prbs_group = subchannel / 3; |
2288 |
++ if (sub_channel_prbs_group >= ARRAY_SIZE(lut_prbs_2k)) |
2289 |
++ return 0; |
2290 |
+ |
2291 |
+ switch (state->fe[0]->dtv_property_cache.transmission_mode) { |
2292 |
+ case TRANSMISSION_MODE_2K: |
2293 |
+- return lut_prbs_2k[sub_channel_prbs_group]; |
2294 |
++ prbs_group = lut_prbs_2k[sub_channel_prbs_group]; |
2295 |
++ break; |
2296 |
+ case TRANSMISSION_MODE_4K: |
2297 |
+- return lut_prbs_4k[sub_channel_prbs_group]; |
2298 |
++ prbs_group = lut_prbs_4k[sub_channel_prbs_group]; |
2299 |
++ break; |
2300 |
+ default: |
2301 |
+ case TRANSMISSION_MODE_8K: |
2302 |
+- return lut_prbs_8k[sub_channel_prbs_group]; |
2303 |
++ prbs_group = lut_prbs_8k[sub_channel_prbs_group]; |
2304 |
+ } |
2305 |
++ |
2306 |
++ dprintk("sub_channel_prbs_group = %d , subchannel =%d prbs = 0x%04x\n", |
2307 |
++ sub_channel_prbs_group, subchannel, prbs_group); |
2308 |
++ |
2309 |
++ return prbs_group; |
2310 |
+ } |
2311 |
+ |
2312 |
+ static void dib8000_set_13seg_channel(struct dib8000_state *state) |
2313 |
+@@ -2412,10 +2435,8 @@ static void dib8000_set_isdbt_common_channel(struct dib8000_state *state, u8 seq |
2314 |
+ /* TSB or ISDBT ? apply it now */ |
2315 |
+ if (c->isdbt_sb_mode) { |
2316 |
+ dib8000_set_sb_channel(state); |
2317 |
+- if (c->isdbt_sb_subchannel < 14) |
2318 |
+- init_prbs = dib8000_get_init_prbs(state, c->isdbt_sb_subchannel); |
2319 |
+- else |
2320 |
+- init_prbs = 0; |
2321 |
++ init_prbs = dib8000_get_init_prbs(state, |
2322 |
++ c->isdbt_sb_subchannel); |
2323 |
+ } else { |
2324 |
+ dib8000_set_13seg_channel(state); |
2325 |
+ init_prbs = 0xfff; |
2326 |
+@@ -3007,6 +3028,7 @@ static int dib8000_tune(struct dvb_frontend *fe) |
2327 |
+ |
2328 |
+ unsigned long *timeout = &state->timeout; |
2329 |
+ unsigned long now = jiffies; |
2330 |
++ u16 init_prbs; |
2331 |
+ #ifdef DIB8000_AGC_FREEZE |
2332 |
+ u16 agc1, agc2; |
2333 |
+ #endif |
2334 |
+@@ -3305,8 +3327,10 @@ static int dib8000_tune(struct dvb_frontend *fe) |
2335 |
+ break; |
2336 |
+ |
2337 |
+ case CT_DEMOD_STEP_11: /* 41 : init prbs autosearch */ |
2338 |
+- if (state->subchannel <= 41) { |
2339 |
+- dib8000_set_subchannel_prbs(state, dib8000_get_init_prbs(state, state->subchannel)); |
2340 |
++ init_prbs = dib8000_get_init_prbs(state, state->subchannel); |
2341 |
++ |
2342 |
++ if (init_prbs) { |
2343 |
++ dib8000_set_subchannel_prbs(state, init_prbs); |
2344 |
+ *tune_state = CT_DEMOD_STEP_9; |
2345 |
+ } else { |
2346 |
+ *tune_state = CT_DEMOD_STOP; |
2347 |
+diff --git a/drivers/media/i2c/imx258.c b/drivers/media/i2c/imx258.c |
2348 |
+index 31a1e2294843a..85395813c0f2e 100644 |
2349 |
+--- a/drivers/media/i2c/imx258.c |
2350 |
++++ b/drivers/media/i2c/imx258.c |
2351 |
+@@ -22,7 +22,7 @@ |
2352 |
+ #define IMX258_CHIP_ID 0x0258 |
2353 |
+ |
2354 |
+ /* V_TIMING internal */ |
2355 |
+-#define IMX258_VTS_30FPS 0x0c98 |
2356 |
++#define IMX258_VTS_30FPS 0x0c50 |
2357 |
+ #define IMX258_VTS_30FPS_2K 0x0638 |
2358 |
+ #define IMX258_VTS_30FPS_VGA 0x034c |
2359 |
+ #define IMX258_VTS_MAX 0xffff |
2360 |
+@@ -46,7 +46,7 @@ |
2361 |
+ /* Analog gain control */ |
2362 |
+ #define IMX258_REG_ANALOG_GAIN 0x0204 |
2363 |
+ #define IMX258_ANA_GAIN_MIN 0 |
2364 |
+-#define IMX258_ANA_GAIN_MAX 0x1fff |
2365 |
++#define IMX258_ANA_GAIN_MAX 480 |
2366 |
+ #define IMX258_ANA_GAIN_STEP 1 |
2367 |
+ #define IMX258_ANA_GAIN_DEFAULT 0x0 |
2368 |
+ |
2369 |
+diff --git a/drivers/media/i2c/tda1997x.c b/drivers/media/i2c/tda1997x.c |
2370 |
+index d114ac5243eca..4f8dc3f56785a 100644 |
2371 |
+--- a/drivers/media/i2c/tda1997x.c |
2372 |
++++ b/drivers/media/i2c/tda1997x.c |
2373 |
+@@ -1695,14 +1695,15 @@ static int tda1997x_query_dv_timings(struct v4l2_subdev *sd, |
2374 |
+ struct v4l2_dv_timings *timings) |
2375 |
+ { |
2376 |
+ struct tda1997x_state *state = to_state(sd); |
2377 |
++ int ret; |
2378 |
+ |
2379 |
+ v4l_dbg(1, debug, state->client, "%s\n", __func__); |
2380 |
+ memset(timings, 0, sizeof(struct v4l2_dv_timings)); |
2381 |
+ mutex_lock(&state->lock); |
2382 |
+- tda1997x_detect_std(state, timings); |
2383 |
++ ret = tda1997x_detect_std(state, timings); |
2384 |
+ mutex_unlock(&state->lock); |
2385 |
+ |
2386 |
+- return 0; |
2387 |
++ return ret; |
2388 |
+ } |
2389 |
+ |
2390 |
+ static const struct v4l2_subdev_video_ops tda1997x_video_ops = { |
2391 |
+@@ -2229,6 +2230,7 @@ static int tda1997x_core_init(struct v4l2_subdev *sd) |
2392 |
+ /* get initial HDMI status */ |
2393 |
+ state->hdmi_status = io_read(sd, REG_HDMI_FLAGS); |
2394 |
+ |
2395 |
++ io_write(sd, REG_EDID_ENABLE, EDID_ENABLE_A_EN | EDID_ENABLE_B_EN); |
2396 |
+ return 0; |
2397 |
+ } |
2398 |
+ |
2399 |
+diff --git a/drivers/media/platform/qcom/venus/venc.c b/drivers/media/platform/qcom/venus/venc.c |
2400 |
+index 420897241248c..4197b311cff46 100644 |
2401 |
+--- a/drivers/media/platform/qcom/venus/venc.c |
2402 |
++++ b/drivers/media/platform/qcom/venus/venc.c |
2403 |
+@@ -316,6 +316,8 @@ venc_try_fmt_common(struct venus_inst *inst, struct v4l2_format *f) |
2404 |
+ else |
2405 |
+ return NULL; |
2406 |
+ fmt = find_format(inst, pixmp->pixelformat, f->type); |
2407 |
++ if (!fmt) |
2408 |
++ return NULL; |
2409 |
+ } |
2410 |
+ |
2411 |
+ pixmp->width = clamp(pixmp->width, frame_width_min(inst), |
2412 |
+diff --git a/drivers/media/platform/tegra-cec/tegra_cec.c b/drivers/media/platform/tegra-cec/tegra_cec.c |
2413 |
+index aba488cd0e645..a2c20ca799c44 100644 |
2414 |
+--- a/drivers/media/platform/tegra-cec/tegra_cec.c |
2415 |
++++ b/drivers/media/platform/tegra-cec/tegra_cec.c |
2416 |
+@@ -383,7 +383,11 @@ static int tegra_cec_probe(struct platform_device *pdev) |
2417 |
+ return -ENOENT; |
2418 |
+ } |
2419 |
+ |
2420 |
+- clk_prepare_enable(cec->clk); |
2421 |
++ ret = clk_prepare_enable(cec->clk); |
2422 |
++ if (ret) { |
2423 |
++ dev_err(&pdev->dev, "Unable to prepare clock for CEC\n"); |
2424 |
++ return ret; |
2425 |
++ } |
2426 |
+ |
2427 |
+ /* set context info. */ |
2428 |
+ cec->dev = &pdev->dev; |
2429 |
+@@ -462,9 +466,7 @@ static int tegra_cec_resume(struct platform_device *pdev) |
2430 |
+ |
2431 |
+ dev_notice(&pdev->dev, "Resuming\n"); |
2432 |
+ |
2433 |
+- clk_prepare_enable(cec->clk); |
2434 |
+- |
2435 |
+- return 0; |
2436 |
++ return clk_prepare_enable(cec->clk); |
2437 |
+ } |
2438 |
+ #endif |
2439 |
+ |
2440 |
+diff --git a/drivers/media/rc/rc-loopback.c b/drivers/media/rc/rc-loopback.c |
2441 |
+index 3822d9ebcb46c..5abbde7e5d5b3 100644 |
2442 |
+--- a/drivers/media/rc/rc-loopback.c |
2443 |
++++ b/drivers/media/rc/rc-loopback.c |
2444 |
+@@ -52,7 +52,7 @@ static int loop_set_tx_mask(struct rc_dev *dev, u32 mask) |
2445 |
+ |
2446 |
+ if ((mask & (RXMASK_REGULAR | RXMASK_LEARNING)) != mask) { |
2447 |
+ dprintk("invalid tx mask: %u\n", mask); |
2448 |
+- return -EINVAL; |
2449 |
++ return 2; |
2450 |
+ } |
2451 |
+ |
2452 |
+ dprintk("setting tx mask: %u\n", mask); |
2453 |
+diff --git a/drivers/media/usb/dvb-usb/nova-t-usb2.c b/drivers/media/usb/dvb-usb/nova-t-usb2.c |
2454 |
+index 43e0e0fd715b9..705c2901a89e8 100644 |
2455 |
+--- a/drivers/media/usb/dvb-usb/nova-t-usb2.c |
2456 |
++++ b/drivers/media/usb/dvb-usb/nova-t-usb2.c |
2457 |
+@@ -133,7 +133,7 @@ ret: |
2458 |
+ |
2459 |
+ static int nova_t_read_mac_address (struct dvb_usb_device *d, u8 mac[6]) |
2460 |
+ { |
2461 |
+- int i; |
2462 |
++ int i, ret; |
2463 |
+ u8 b; |
2464 |
+ |
2465 |
+ mac[0] = 0x00; |
2466 |
+@@ -142,7 +142,9 @@ static int nova_t_read_mac_address (struct dvb_usb_device *d, u8 mac[6]) |
2467 |
+ |
2468 |
+ /* this is a complete guess, but works for my box */ |
2469 |
+ for (i = 136; i < 139; i++) { |
2470 |
+- dibusb_read_eeprom_byte(d,i, &b); |
2471 |
++ ret = dibusb_read_eeprom_byte(d, i, &b); |
2472 |
++ if (ret) |
2473 |
++ return ret; |
2474 |
+ |
2475 |
+ mac[5 - (i - 136)] = b; |
2476 |
+ } |
2477 |
+diff --git a/drivers/media/usb/dvb-usb/vp702x.c b/drivers/media/usb/dvb-usb/vp702x.c |
2478 |
+index c3529ea59da95..fcd66757b34dc 100644 |
2479 |
+--- a/drivers/media/usb/dvb-usb/vp702x.c |
2480 |
++++ b/drivers/media/usb/dvb-usb/vp702x.c |
2481 |
+@@ -294,16 +294,22 @@ static int vp702x_rc_query(struct dvb_usb_device *d, u32 *event, int *state) |
2482 |
+ static int vp702x_read_mac_addr(struct dvb_usb_device *d,u8 mac[6]) |
2483 |
+ { |
2484 |
+ u8 i, *buf; |
2485 |
++ int ret; |
2486 |
+ struct vp702x_device_state *st = d->priv; |
2487 |
+ |
2488 |
+ mutex_lock(&st->buf_mutex); |
2489 |
+ buf = st->buf; |
2490 |
+- for (i = 6; i < 12; i++) |
2491 |
+- vp702x_usb_in_op(d, READ_EEPROM_REQ, i, 1, &buf[i - 6], 1); |
2492 |
++ for (i = 6; i < 12; i++) { |
2493 |
++ ret = vp702x_usb_in_op(d, READ_EEPROM_REQ, i, 1, |
2494 |
++ &buf[i - 6], 1); |
2495 |
++ if (ret < 0) |
2496 |
++ goto err; |
2497 |
++ } |
2498 |
+ |
2499 |
+ memcpy(mac, buf, 6); |
2500 |
++err: |
2501 |
+ mutex_unlock(&st->buf_mutex); |
2502 |
+- return 0; |
2503 |
++ return ret; |
2504 |
+ } |
2505 |
+ |
2506 |
+ static int vp702x_frontend_attach(struct dvb_usb_adapter *adap) |
2507 |
+diff --git a/drivers/media/usb/em28xx/em28xx-input.c b/drivers/media/usb/em28xx/em28xx-input.c |
2508 |
+index 3612f0d730ddd..92007a225d8ea 100644 |
2509 |
+--- a/drivers/media/usb/em28xx/em28xx-input.c |
2510 |
++++ b/drivers/media/usb/em28xx/em28xx-input.c |
2511 |
+@@ -865,7 +865,6 @@ error: |
2512 |
+ kfree(ir); |
2513 |
+ ref_put: |
2514 |
+ em28xx_shutdown_buttons(dev); |
2515 |
+- kref_put(&dev->ref, em28xx_free_device); |
2516 |
+ return err; |
2517 |
+ } |
2518 |
+ |
2519 |
+diff --git a/drivers/media/usb/go7007/go7007-driver.c b/drivers/media/usb/go7007/go7007-driver.c |
2520 |
+index 62aeebcdd7f71..c7b5a3321cd74 100644 |
2521 |
+--- a/drivers/media/usb/go7007/go7007-driver.c |
2522 |
++++ b/drivers/media/usb/go7007/go7007-driver.c |
2523 |
+@@ -699,49 +699,23 @@ struct go7007 *go7007_alloc(const struct go7007_board_info *board, |
2524 |
+ struct device *dev) |
2525 |
+ { |
2526 |
+ struct go7007 *go; |
2527 |
+- int i; |
2528 |
+ |
2529 |
+ go = kzalloc(sizeof(struct go7007), GFP_KERNEL); |
2530 |
+ if (go == NULL) |
2531 |
+ return NULL; |
2532 |
+ go->dev = dev; |
2533 |
+ go->board_info = board; |
2534 |
+- go->board_id = 0; |
2535 |
+ go->tuner_type = -1; |
2536 |
+- go->channel_number = 0; |
2537 |
+- go->name[0] = 0; |
2538 |
+ mutex_init(&go->hw_lock); |
2539 |
+ init_waitqueue_head(&go->frame_waitq); |
2540 |
+ spin_lock_init(&go->spinlock); |
2541 |
+ go->status = STATUS_INIT; |
2542 |
+- memset(&go->i2c_adapter, 0, sizeof(go->i2c_adapter)); |
2543 |
+- go->i2c_adapter_online = 0; |
2544 |
+- go->interrupt_available = 0; |
2545 |
+ init_waitqueue_head(&go->interrupt_waitq); |
2546 |
+- go->input = 0; |
2547 |
+ go7007_update_board(go); |
2548 |
+- go->encoder_h_halve = 0; |
2549 |
+- go->encoder_v_halve = 0; |
2550 |
+- go->encoder_subsample = 0; |
2551 |
+ go->format = V4L2_PIX_FMT_MJPEG; |
2552 |
+ go->bitrate = 1500000; |
2553 |
+ go->fps_scale = 1; |
2554 |
+- go->pali = 0; |
2555 |
+ go->aspect_ratio = GO7007_RATIO_1_1; |
2556 |
+- go->gop_size = 0; |
2557 |
+- go->ipb = 0; |
2558 |
+- go->closed_gop = 0; |
2559 |
+- go->repeat_seqhead = 0; |
2560 |
+- go->seq_header_enable = 0; |
2561 |
+- go->gop_header_enable = 0; |
2562 |
+- go->dvd_mode = 0; |
2563 |
+- go->interlace_coding = 0; |
2564 |
+- for (i = 0; i < 4; ++i) |
2565 |
+- go->modet[i].enable = 0; |
2566 |
+- for (i = 0; i < 1624; ++i) |
2567 |
+- go->modet_map[i] = 0; |
2568 |
+- go->audio_deliver = NULL; |
2569 |
+- go->audio_enabled = 0; |
2570 |
+ |
2571 |
+ return go; |
2572 |
+ } |
2573 |
+diff --git a/drivers/media/usb/stkwebcam/stk-webcam.c b/drivers/media/usb/stkwebcam/stk-webcam.c |
2574 |
+index e33fa78ef98dd..f46db1b6a27c4 100644 |
2575 |
+--- a/drivers/media/usb/stkwebcam/stk-webcam.c |
2576 |
++++ b/drivers/media/usb/stkwebcam/stk-webcam.c |
2577 |
+@@ -1355,7 +1355,7 @@ static int stk_camera_probe(struct usb_interface *interface, |
2578 |
+ if (!dev->isoc_ep) { |
2579 |
+ pr_err("Could not find isoc-in endpoint\n"); |
2580 |
+ err = -ENODEV; |
2581 |
+- goto error; |
2582 |
++ goto error_put; |
2583 |
+ } |
2584 |
+ dev->vsettings.palette = V4L2_PIX_FMT_RGB565; |
2585 |
+ dev->vsettings.mode = MODE_VGA; |
2586 |
+@@ -1368,10 +1368,12 @@ static int stk_camera_probe(struct usb_interface *interface, |
2587 |
+ |
2588 |
+ err = stk_register_video_device(dev); |
2589 |
+ if (err) |
2590 |
+- goto error; |
2591 |
++ goto error_put; |
2592 |
+ |
2593 |
+ return 0; |
2594 |
+ |
2595 |
++error_put: |
2596 |
++ usb_put_intf(interface); |
2597 |
+ error: |
2598 |
+ v4l2_ctrl_handler_free(hdl); |
2599 |
+ v4l2_device_unregister(&dev->v4l2_dev); |
2600 |
+diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c |
2601 |
+index 06167c51af128..2ca1e8ce6159d 100644 |
2602 |
+--- a/drivers/media/usb/uvc/uvc_v4l2.c |
2603 |
++++ b/drivers/media/usb/uvc/uvc_v4l2.c |
2604 |
+@@ -900,8 +900,8 @@ static int uvc_ioctl_g_input(struct file *file, void *fh, unsigned int *input) |
2605 |
+ { |
2606 |
+ struct uvc_fh *handle = fh; |
2607 |
+ struct uvc_video_chain *chain = handle->chain; |
2608 |
++ u8 *buf; |
2609 |
+ int ret; |
2610 |
+- u8 i; |
2611 |
+ |
2612 |
+ if (chain->selector == NULL || |
2613 |
+ (chain->dev->quirks & UVC_QUIRK_IGNORE_SELECTOR_UNIT)) { |
2614 |
+@@ -909,22 +909,27 @@ static int uvc_ioctl_g_input(struct file *file, void *fh, unsigned int *input) |
2615 |
+ return 0; |
2616 |
+ } |
2617 |
+ |
2618 |
++ buf = kmalloc(1, GFP_KERNEL); |
2619 |
++ if (!buf) |
2620 |
++ return -ENOMEM; |
2621 |
++ |
2622 |
+ ret = uvc_query_ctrl(chain->dev, UVC_GET_CUR, chain->selector->id, |
2623 |
+ chain->dev->intfnum, UVC_SU_INPUT_SELECT_CONTROL, |
2624 |
+- &i, 1); |
2625 |
+- if (ret < 0) |
2626 |
+- return ret; |
2627 |
++ buf, 1); |
2628 |
++ if (!ret) |
2629 |
++ *input = *buf - 1; |
2630 |
+ |
2631 |
+- *input = i - 1; |
2632 |
+- return 0; |
2633 |
++ kfree(buf); |
2634 |
++ |
2635 |
++ return ret; |
2636 |
+ } |
2637 |
+ |
2638 |
+ static int uvc_ioctl_s_input(struct file *file, void *fh, unsigned int input) |
2639 |
+ { |
2640 |
+ struct uvc_fh *handle = fh; |
2641 |
+ struct uvc_video_chain *chain = handle->chain; |
2642 |
++ u8 *buf; |
2643 |
+ int ret; |
2644 |
+- u32 i; |
2645 |
+ |
2646 |
+ ret = uvc_acquire_privileges(handle); |
2647 |
+ if (ret < 0) |
2648 |
+@@ -940,10 +945,17 @@ static int uvc_ioctl_s_input(struct file *file, void *fh, unsigned int input) |
2649 |
+ if (input >= chain->selector->bNrInPins) |
2650 |
+ return -EINVAL; |
2651 |
+ |
2652 |
+- i = input + 1; |
2653 |
+- return uvc_query_ctrl(chain->dev, UVC_SET_CUR, chain->selector->id, |
2654 |
+- chain->dev->intfnum, UVC_SU_INPUT_SELECT_CONTROL, |
2655 |
+- &i, 1); |
2656 |
++ buf = kmalloc(1, GFP_KERNEL); |
2657 |
++ if (!buf) |
2658 |
++ return -ENOMEM; |
2659 |
++ |
2660 |
++ *buf = input + 1; |
2661 |
++ ret = uvc_query_ctrl(chain->dev, UVC_SET_CUR, chain->selector->id, |
2662 |
++ chain->dev->intfnum, UVC_SU_INPUT_SELECT_CONTROL, |
2663 |
++ buf, 1); |
2664 |
++ kfree(buf); |
2665 |
++ |
2666 |
++ return ret; |
2667 |
+ } |
2668 |
+ |
2669 |
+ static int uvc_ioctl_queryctrl(struct file *file, void *fh, |
2670 |
+diff --git a/drivers/media/v4l2-core/v4l2-dv-timings.c b/drivers/media/v4l2-core/v4l2-dv-timings.c |
2671 |
+index a24b40dfec97a..af38c989ff336 100644 |
2672 |
+--- a/drivers/media/v4l2-core/v4l2-dv-timings.c |
2673 |
++++ b/drivers/media/v4l2-core/v4l2-dv-timings.c |
2674 |
+@@ -196,7 +196,7 @@ bool v4l2_find_dv_timings_cap(struct v4l2_dv_timings *t, |
2675 |
+ if (!v4l2_valid_dv_timings(t, cap, fnc, fnc_handle)) |
2676 |
+ return false; |
2677 |
+ |
2678 |
+- for (i = 0; i < v4l2_dv_timings_presets[i].bt.width; i++) { |
2679 |
++ for (i = 0; v4l2_dv_timings_presets[i].bt.width; i++) { |
2680 |
+ if (v4l2_valid_dv_timings(v4l2_dv_timings_presets + i, cap, |
2681 |
+ fnc, fnc_handle) && |
2682 |
+ v4l2_match_dv_timings(t, v4l2_dv_timings_presets + i, |
2683 |
+@@ -218,7 +218,7 @@ bool v4l2_find_dv_timings_cea861_vic(struct v4l2_dv_timings *t, u8 vic) |
2684 |
+ { |
2685 |
+ unsigned int i; |
2686 |
+ |
2687 |
+- for (i = 0; i < v4l2_dv_timings_presets[i].bt.width; i++) { |
2688 |
++ for (i = 0; v4l2_dv_timings_presets[i].bt.width; i++) { |
2689 |
+ const struct v4l2_bt_timings *bt = |
2690 |
+ &v4l2_dv_timings_presets[i].bt; |
2691 |
+ |
2692 |
+diff --git a/drivers/mfd/ab8500-core.c b/drivers/mfd/ab8500-core.c |
2693 |
+index 11ab17f64c649..f0527e7698677 100644 |
2694 |
+--- a/drivers/mfd/ab8500-core.c |
2695 |
++++ b/drivers/mfd/ab8500-core.c |
2696 |
+@@ -493,7 +493,7 @@ static int ab8500_handle_hierarchical_line(struct ab8500 *ab8500, |
2697 |
+ if (line == AB8540_INT_GPIO43F || line == AB8540_INT_GPIO44F) |
2698 |
+ line += 1; |
2699 |
+ |
2700 |
+- handle_nested_irq(irq_create_mapping(ab8500->domain, line)); |
2701 |
++ handle_nested_irq(irq_find_mapping(ab8500->domain, line)); |
2702 |
+ } |
2703 |
+ |
2704 |
+ return 0; |
2705 |
+diff --git a/drivers/mfd/axp20x.c b/drivers/mfd/axp20x.c |
2706 |
+index aa65931142ba7..dcb341d627582 100644 |
2707 |
+--- a/drivers/mfd/axp20x.c |
2708 |
++++ b/drivers/mfd/axp20x.c |
2709 |
+@@ -127,12 +127,13 @@ static const struct regmap_range axp288_writeable_ranges[] = { |
2710 |
+ |
2711 |
+ static const struct regmap_range axp288_volatile_ranges[] = { |
2712 |
+ regmap_reg_range(AXP20X_PWR_INPUT_STATUS, AXP288_POWER_REASON), |
2713 |
++ regmap_reg_range(AXP22X_PWR_OUT_CTRL1, AXP22X_ALDO3_V_OUT), |
2714 |
+ regmap_reg_range(AXP288_BC_GLOBAL, AXP288_BC_GLOBAL), |
2715 |
+ regmap_reg_range(AXP288_BC_DET_STAT, AXP20X_VBUS_IPSOUT_MGMT), |
2716 |
+ regmap_reg_range(AXP20X_CHRG_BAK_CTRL, AXP20X_CHRG_BAK_CTRL), |
2717 |
+ regmap_reg_range(AXP20X_IRQ1_EN, AXP20X_IPSOUT_V_HIGH_L), |
2718 |
+ regmap_reg_range(AXP20X_TIMER_CTRL, AXP20X_TIMER_CTRL), |
2719 |
+- regmap_reg_range(AXP22X_GPIO_STATE, AXP22X_GPIO_STATE), |
2720 |
++ regmap_reg_range(AXP20X_GPIO1_CTRL, AXP22X_GPIO_STATE), |
2721 |
+ regmap_reg_range(AXP288_RT_BATT_V_H, AXP288_RT_BATT_V_L), |
2722 |
+ regmap_reg_range(AXP20X_FG_RES, AXP288_FG_CC_CAP_REG), |
2723 |
+ }; |
2724 |
+diff --git a/drivers/mfd/stmpe.c b/drivers/mfd/stmpe.c |
2725 |
+index 566caca4efd8e..722ad2c368a56 100644 |
2726 |
+--- a/drivers/mfd/stmpe.c |
2727 |
++++ b/drivers/mfd/stmpe.c |
2728 |
+@@ -1035,7 +1035,7 @@ static irqreturn_t stmpe_irq(int irq, void *data) |
2729 |
+ |
2730 |
+ if (variant->id_val == STMPE801_ID || |
2731 |
+ variant->id_val == STMPE1600_ID) { |
2732 |
+- int base = irq_create_mapping(stmpe->domain, 0); |
2733 |
++ int base = irq_find_mapping(stmpe->domain, 0); |
2734 |
+ |
2735 |
+ handle_nested_irq(base); |
2736 |
+ return IRQ_HANDLED; |
2737 |
+@@ -1063,7 +1063,7 @@ static irqreturn_t stmpe_irq(int irq, void *data) |
2738 |
+ while (status) { |
2739 |
+ int bit = __ffs(status); |
2740 |
+ int line = bank * 8 + bit; |
2741 |
+- int nestedirq = irq_create_mapping(stmpe->domain, line); |
2742 |
++ int nestedirq = irq_find_mapping(stmpe->domain, line); |
2743 |
+ |
2744 |
+ handle_nested_irq(nestedirq); |
2745 |
+ status &= ~(1 << bit); |
2746 |
+diff --git a/drivers/mfd/tc3589x.c b/drivers/mfd/tc3589x.c |
2747 |
+index cc9e563f23aa6..7062baf606858 100644 |
2748 |
+--- a/drivers/mfd/tc3589x.c |
2749 |
++++ b/drivers/mfd/tc3589x.c |
2750 |
+@@ -187,7 +187,7 @@ again: |
2751 |
+ |
2752 |
+ while (status) { |
2753 |
+ int bit = __ffs(status); |
2754 |
+- int virq = irq_create_mapping(tc3589x->domain, bit); |
2755 |
++ int virq = irq_find_mapping(tc3589x->domain, bit); |
2756 |
+ |
2757 |
+ handle_nested_irq(virq); |
2758 |
+ status &= ~(1 << bit); |
2759 |
+diff --git a/drivers/mfd/wm8994-irq.c b/drivers/mfd/wm8994-irq.c |
2760 |
+index 18710f3b5c534..2c58d9b99a394 100644 |
2761 |
+--- a/drivers/mfd/wm8994-irq.c |
2762 |
++++ b/drivers/mfd/wm8994-irq.c |
2763 |
+@@ -159,7 +159,7 @@ static irqreturn_t wm8994_edge_irq(int irq, void *data) |
2764 |
+ struct wm8994 *wm8994 = data; |
2765 |
+ |
2766 |
+ while (gpio_get_value_cansleep(wm8994->pdata.irq_gpio)) |
2767 |
+- handle_nested_irq(irq_create_mapping(wm8994->edge_irq, 0)); |
2768 |
++ handle_nested_irq(irq_find_mapping(wm8994->edge_irq, 0)); |
2769 |
+ |
2770 |
+ return IRQ_HANDLED; |
2771 |
+ } |
2772 |
+diff --git a/drivers/misc/aspeed-lpc-ctrl.c b/drivers/misc/aspeed-lpc-ctrl.c |
2773 |
+index a024f8042259a..870ab0dfcde06 100644 |
2774 |
+--- a/drivers/misc/aspeed-lpc-ctrl.c |
2775 |
++++ b/drivers/misc/aspeed-lpc-ctrl.c |
2776 |
+@@ -50,7 +50,7 @@ static int aspeed_lpc_ctrl_mmap(struct file *file, struct vm_area_struct *vma) |
2777 |
+ unsigned long vsize = vma->vm_end - vma->vm_start; |
2778 |
+ pgprot_t prot = vma->vm_page_prot; |
2779 |
+ |
2780 |
+- if (vma->vm_pgoff + vsize > lpc_ctrl->mem_base + lpc_ctrl->mem_size) |
2781 |
++ if (vma->vm_pgoff + vma_pages(vma) > lpc_ctrl->mem_size >> PAGE_SHIFT) |
2782 |
+ return -EINVAL; |
2783 |
+ |
2784 |
+ /* ast2400/2500 AHB accesses are not cache coherent */ |
2785 |
+diff --git a/drivers/misc/vmw_vmci/vmci_queue_pair.c b/drivers/misc/vmw_vmci/vmci_queue_pair.c |
2786 |
+index 9bc97d6a651db..db433d285effa 100644 |
2787 |
+--- a/drivers/misc/vmw_vmci/vmci_queue_pair.c |
2788 |
++++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c |
2789 |
+@@ -2249,7 +2249,8 @@ int vmci_qp_broker_map(struct vmci_handle handle, |
2790 |
+ |
2791 |
+ result = VMCI_SUCCESS; |
2792 |
+ |
2793 |
+- if (context_id != VMCI_HOST_CONTEXT_ID) { |
2794 |
++ if (context_id != VMCI_HOST_CONTEXT_ID && |
2795 |
++ !QPBROKERSTATE_HAS_MEM(entry)) { |
2796 |
+ struct vmci_qp_page_store page_store; |
2797 |
+ |
2798 |
+ page_store.pages = guest_mem; |
2799 |
+@@ -2356,7 +2357,8 @@ int vmci_qp_broker_unmap(struct vmci_handle handle, |
2800 |
+ goto out; |
2801 |
+ } |
2802 |
+ |
2803 |
+- if (context_id != VMCI_HOST_CONTEXT_ID) { |
2804 |
++ if (context_id != VMCI_HOST_CONTEXT_ID && |
2805 |
++ QPBROKERSTATE_HAS_MEM(entry)) { |
2806 |
+ qp_acquire_queue_mutex(entry->produce_q); |
2807 |
+ result = qp_save_headers(entry); |
2808 |
+ if (result < VMCI_SUCCESS) |
2809 |
+diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c |
2810 |
+index 7b2bb32e35554..d1cc0fdbc51c8 100644 |
2811 |
+--- a/drivers/mmc/core/block.c |
2812 |
++++ b/drivers/mmc/core/block.c |
2813 |
+@@ -592,6 +592,7 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card *card, struct mmc_blk_data *md, |
2814 |
+ } |
2815 |
+ |
2816 |
+ mmc_wait_for_req(card->host, &mrq); |
2817 |
++ memcpy(&idata->ic.response, cmd.resp, sizeof(cmd.resp)); |
2818 |
+ |
2819 |
+ if (cmd.error) { |
2820 |
+ dev_err(mmc_dev(card->host), "%s: cmd error %d\n", |
2821 |
+@@ -641,8 +642,6 @@ static int __mmc_blk_ioctl_cmd(struct mmc_card *card, struct mmc_blk_data *md, |
2822 |
+ if (idata->ic.postsleep_min_us) |
2823 |
+ usleep_range(idata->ic.postsleep_min_us, idata->ic.postsleep_max_us); |
2824 |
+ |
2825 |
+- memcpy(&(idata->ic.response), cmd.resp, sizeof(cmd.resp)); |
2826 |
+- |
2827 |
+ if (idata->rpmb || (cmd.flags & MMC_RSP_R1B) == MMC_RSP_R1B) { |
2828 |
+ /* |
2829 |
+ * Ensure RPMB/R1B command has completed by polling CMD13 |
2830 |
+diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c |
2831 |
+index 8e09586f880f1..e3991df078efb 100644 |
2832 |
+--- a/drivers/mmc/host/dw_mmc.c |
2833 |
++++ b/drivers/mmc/host/dw_mmc.c |
2834 |
+@@ -808,6 +808,7 @@ static int dw_mci_edmac_start_dma(struct dw_mci *host, |
2835 |
+ int ret = 0; |
2836 |
+ |
2837 |
+ /* Set external dma config: burst size, burst width */ |
2838 |
++ memset(&cfg, 0, sizeof(cfg)); |
2839 |
+ cfg.dst_addr = host->phy_regs + fifo_offset; |
2840 |
+ cfg.src_addr = cfg.dst_addr; |
2841 |
+ cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; |
2842 |
+diff --git a/drivers/mmc/host/moxart-mmc.c b/drivers/mmc/host/moxart-mmc.c |
2843 |
+index a0670e9cd0127..5553a5643f405 100644 |
2844 |
+--- a/drivers/mmc/host/moxart-mmc.c |
2845 |
++++ b/drivers/mmc/host/moxart-mmc.c |
2846 |
+@@ -631,6 +631,7 @@ static int moxart_probe(struct platform_device *pdev) |
2847 |
+ host->dma_chan_tx, host->dma_chan_rx); |
2848 |
+ host->have_dma = true; |
2849 |
+ |
2850 |
++ memset(&cfg, 0, sizeof(cfg)); |
2851 |
+ cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; |
2852 |
+ cfg.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; |
2853 |
+ |
2854 |
+diff --git a/drivers/mmc/host/rtsx_pci_sdmmc.c b/drivers/mmc/host/rtsx_pci_sdmmc.c |
2855 |
+index 02de6a5701d6c..c1de8fa50fe8f 100644 |
2856 |
+--- a/drivers/mmc/host/rtsx_pci_sdmmc.c |
2857 |
++++ b/drivers/mmc/host/rtsx_pci_sdmmc.c |
2858 |
+@@ -551,9 +551,22 @@ static int sd_write_long_data(struct realtek_pci_sdmmc *host, |
2859 |
+ return 0; |
2860 |
+ } |
2861 |
+ |
2862 |
++static inline void sd_enable_initial_mode(struct realtek_pci_sdmmc *host) |
2863 |
++{ |
2864 |
++ rtsx_pci_write_register(host->pcr, SD_CFG1, |
2865 |
++ SD_CLK_DIVIDE_MASK, SD_CLK_DIVIDE_128); |
2866 |
++} |
2867 |
++ |
2868 |
++static inline void sd_disable_initial_mode(struct realtek_pci_sdmmc *host) |
2869 |
++{ |
2870 |
++ rtsx_pci_write_register(host->pcr, SD_CFG1, |
2871 |
++ SD_CLK_DIVIDE_MASK, SD_CLK_DIVIDE_0); |
2872 |
++} |
2873 |
++ |
2874 |
+ static int sd_rw_multi(struct realtek_pci_sdmmc *host, struct mmc_request *mrq) |
2875 |
+ { |
2876 |
+ struct mmc_data *data = mrq->data; |
2877 |
++ int err; |
2878 |
+ |
2879 |
+ if (host->sg_count < 0) { |
2880 |
+ data->error = host->sg_count; |
2881 |
+@@ -562,22 +575,19 @@ static int sd_rw_multi(struct realtek_pci_sdmmc *host, struct mmc_request *mrq) |
2882 |
+ return data->error; |
2883 |
+ } |
2884 |
+ |
2885 |
+- if (data->flags & MMC_DATA_READ) |
2886 |
+- return sd_read_long_data(host, mrq); |
2887 |
++ if (data->flags & MMC_DATA_READ) { |
2888 |
++ if (host->initial_mode) |
2889 |
++ sd_disable_initial_mode(host); |
2890 |
+ |
2891 |
+- return sd_write_long_data(host, mrq); |
2892 |
+-} |
2893 |
++ err = sd_read_long_data(host, mrq); |
2894 |
+ |
2895 |
+-static inline void sd_enable_initial_mode(struct realtek_pci_sdmmc *host) |
2896 |
+-{ |
2897 |
+- rtsx_pci_write_register(host->pcr, SD_CFG1, |
2898 |
+- SD_CLK_DIVIDE_MASK, SD_CLK_DIVIDE_128); |
2899 |
+-} |
2900 |
++ if (host->initial_mode) |
2901 |
++ sd_enable_initial_mode(host); |
2902 |
+ |
2903 |
+-static inline void sd_disable_initial_mode(struct realtek_pci_sdmmc *host) |
2904 |
+-{ |
2905 |
+- rtsx_pci_write_register(host->pcr, SD_CFG1, |
2906 |
+- SD_CLK_DIVIDE_MASK, SD_CLK_DIVIDE_0); |
2907 |
++ return err; |
2908 |
++ } |
2909 |
++ |
2910 |
++ return sd_write_long_data(host, mrq); |
2911 |
+ } |
2912 |
+ |
2913 |
+ static void sd_normal_rw(struct realtek_pci_sdmmc *host, |
2914 |
+diff --git a/drivers/mmc/host/sdhci-of-arasan.c b/drivers/mmc/host/sdhci-of-arasan.c |
2915 |
+index 9c77bfe4334f3..d1a2418b0c5e5 100644 |
2916 |
+--- a/drivers/mmc/host/sdhci-of-arasan.c |
2917 |
++++ b/drivers/mmc/host/sdhci-of-arasan.c |
2918 |
+@@ -185,7 +185,12 @@ static void sdhci_arasan_set_clock(struct sdhci_host *host, unsigned int clock) |
2919 |
+ * through low speeds without power cycling. |
2920 |
+ */ |
2921 |
+ sdhci_set_clock(host, host->max_clk); |
2922 |
+- phy_power_on(sdhci_arasan->phy); |
2923 |
++ if (phy_power_on(sdhci_arasan->phy)) { |
2924 |
++ pr_err("%s: Cannot power on phy.\n", |
2925 |
++ mmc_hostname(host->mmc)); |
2926 |
++ return; |
2927 |
++ } |
2928 |
++ |
2929 |
+ sdhci_arasan->is_phy_on = true; |
2930 |
+ |
2931 |
+ /* |
2932 |
+@@ -221,7 +226,12 @@ static void sdhci_arasan_set_clock(struct sdhci_host *host, unsigned int clock) |
2933 |
+ msleep(20); |
2934 |
+ |
2935 |
+ if (ctrl_phy) { |
2936 |
+- phy_power_on(sdhci_arasan->phy); |
2937 |
++ if (phy_power_on(sdhci_arasan->phy)) { |
2938 |
++ pr_err("%s: Cannot power on phy.\n", |
2939 |
++ mmc_hostname(host->mmc)); |
2940 |
++ return; |
2941 |
++ } |
2942 |
++ |
2943 |
+ sdhci_arasan->is_phy_on = true; |
2944 |
+ } |
2945 |
+ } |
2946 |
+@@ -395,7 +405,9 @@ static int sdhci_arasan_suspend(struct device *dev) |
2947 |
+ ret = phy_power_off(sdhci_arasan->phy); |
2948 |
+ if (ret) { |
2949 |
+ dev_err(dev, "Cannot power off phy.\n"); |
2950 |
+- sdhci_resume_host(host); |
2951 |
++ if (sdhci_resume_host(host)) |
2952 |
++ dev_err(dev, "Cannot resume host.\n"); |
2953 |
++ |
2954 |
+ return ret; |
2955 |
+ } |
2956 |
+ sdhci_arasan->is_phy_on = false; |
2957 |
+diff --git a/drivers/mtd/nand/raw/cafe_nand.c b/drivers/mtd/nand/raw/cafe_nand.c |
2958 |
+index 3304594177c6d..1fee298d5680c 100644 |
2959 |
+--- a/drivers/mtd/nand/raw/cafe_nand.c |
2960 |
++++ b/drivers/mtd/nand/raw/cafe_nand.c |
2961 |
+@@ -758,7 +758,7 @@ static int cafe_nand_probe(struct pci_dev *pdev, |
2962 |
+ "CAFE NAND", mtd); |
2963 |
+ if (err) { |
2964 |
+ dev_warn(&pdev->dev, "Could not register IRQ %d\n", pdev->irq); |
2965 |
+- goto out_ior; |
2966 |
++ goto out_free_rs; |
2967 |
+ } |
2968 |
+ |
2969 |
+ /* Disable master reset, enable NAND clock */ |
2970 |
+@@ -802,6 +802,8 @@ static int cafe_nand_probe(struct pci_dev *pdev, |
2971 |
+ /* Disable NAND IRQ in global IRQ mask register */ |
2972 |
+ cafe_writel(cafe, ~1 & cafe_readl(cafe, GLOBAL_IRQ_MASK), GLOBAL_IRQ_MASK); |
2973 |
+ free_irq(pdev->irq, mtd); |
2974 |
++ out_free_rs: |
2975 |
++ free_rs(cafe->rs); |
2976 |
+ out_ior: |
2977 |
+ pci_iounmap(pdev, cafe->mmio); |
2978 |
+ out_free_mtd: |
2979 |
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c |
2980 |
+index c814b266af794..d6c5f41b17f7e 100644 |
2981 |
+--- a/drivers/net/bonding/bond_main.c |
2982 |
++++ b/drivers/net/bonding/bond_main.c |
2983 |
+@@ -1912,7 +1912,6 @@ static int __bond_release_one(struct net_device *bond_dev, |
2984 |
+ /* recompute stats just before removing the slave */ |
2985 |
+ bond_get_stats(bond->dev, &bond->bond_stats); |
2986 |
+ |
2987 |
+- bond_upper_dev_unlink(bond, slave); |
2988 |
+ /* unregister rx_handler early so bond_handle_frame wouldn't be called |
2989 |
+ * for this slave anymore. |
2990 |
+ */ |
2991 |
+@@ -1921,6 +1920,8 @@ static int __bond_release_one(struct net_device *bond_dev, |
2992 |
+ if (BOND_MODE(bond) == BOND_MODE_8023AD) |
2993 |
+ bond_3ad_unbind_slave(slave); |
2994 |
+ |
2995 |
++ bond_upper_dev_unlink(bond, slave); |
2996 |
++ |
2997 |
+ if (bond_mode_can_use_xmit_hash(bond)) |
2998 |
+ bond_update_slave_arr(bond, slave); |
2999 |
+ |
3000 |
+diff --git a/drivers/net/dsa/b53/b53_common.c b/drivers/net/dsa/b53/b53_common.c |
3001 |
+index 7eaeab65d39f5..451121f47c89a 100644 |
3002 |
+--- a/drivers/net/dsa/b53/b53_common.c |
3003 |
++++ b/drivers/net/dsa/b53/b53_common.c |
3004 |
+@@ -2135,9 +2135,8 @@ static int b53_switch_init(struct b53_device *dev) |
3005 |
+ dev->cpu_port = 5; |
3006 |
+ } |
3007 |
+ |
3008 |
+- /* cpu port is always last */ |
3009 |
+- dev->num_ports = dev->cpu_port + 1; |
3010 |
+ dev->enabled_ports |= BIT(dev->cpu_port); |
3011 |
++ dev->num_ports = fls(dev->enabled_ports); |
3012 |
+ |
3013 |
+ /* Include non standard CPU port built-in PHYs to be probed */ |
3014 |
+ if (is539x(dev) || is531x5(dev)) { |
3015 |
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c |
3016 |
+index 77005f6366eb1..b3ff8d13c31af 100644 |
3017 |
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c |
3018 |
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c |
3019 |
+@@ -1245,7 +1245,7 @@ int bnx2x_iov_init_one(struct bnx2x *bp, int int_mode_param, |
3020 |
+ |
3021 |
+ /* SR-IOV capability was enabled but there are no VFs*/ |
3022 |
+ if (iov->total == 0) { |
3023 |
+- err = -EINVAL; |
3024 |
++ err = 0; |
3025 |
+ goto failed; |
3026 |
+ } |
3027 |
+ |
3028 |
+diff --git a/drivers/net/ethernet/cadence/macb_ptp.c b/drivers/net/ethernet/cadence/macb_ptp.c |
3029 |
+index 8f912de44defc..ecb0fb1ddde7c 100644 |
3030 |
+--- a/drivers/net/ethernet/cadence/macb_ptp.c |
3031 |
++++ b/drivers/net/ethernet/cadence/macb_ptp.c |
3032 |
+@@ -286,6 +286,12 @@ void gem_ptp_rxstamp(struct macb *bp, struct sk_buff *skb, |
3033 |
+ |
3034 |
+ if (GEM_BFEXT(DMA_RXVALID, desc->addr)) { |
3035 |
+ desc_ptp = macb_ptp_desc(bp, desc); |
3036 |
++ /* Unlikely but check */ |
3037 |
++ if (!desc_ptp) { |
3038 |
++ dev_warn_ratelimited(&bp->pdev->dev, |
3039 |
++ "Timestamp not supported in BD\n"); |
3040 |
++ return; |
3041 |
++ } |
3042 |
+ gem_hw_timestamp(bp, desc_ptp->ts_1, desc_ptp->ts_2, &ts); |
3043 |
+ memset(shhwtstamps, 0, sizeof(struct skb_shared_hwtstamps)); |
3044 |
+ shhwtstamps->hwtstamp = ktime_set(ts.tv_sec, ts.tv_nsec); |
3045 |
+@@ -318,8 +324,11 @@ int gem_ptp_txstamp(struct macb_queue *queue, struct sk_buff *skb, |
3046 |
+ if (CIRC_SPACE(head, tail, PTP_TS_BUFFER_SIZE) == 0) |
3047 |
+ return -ENOMEM; |
3048 |
+ |
3049 |
+- skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; |
3050 |
+ desc_ptp = macb_ptp_desc(queue->bp, desc); |
3051 |
++ /* Unlikely but check */ |
3052 |
++ if (!desc_ptp) |
3053 |
++ return -EINVAL; |
3054 |
++ skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; |
3055 |
+ tx_timestamp = &queue->tx_timestamps[head]; |
3056 |
+ tx_timestamp->skb = skb; |
3057 |
+ /* ensure ts_1/ts_2 is loaded after ctrl (TX_USED check) */ |
3058 |
+diff --git a/drivers/net/ethernet/chelsio/cxgb/cxgb2.c b/drivers/net/ethernet/chelsio/cxgb/cxgb2.c |
3059 |
+index 0ccdde366ae17..540d99f59226e 100644 |
3060 |
+--- a/drivers/net/ethernet/chelsio/cxgb/cxgb2.c |
3061 |
++++ b/drivers/net/ethernet/chelsio/cxgb/cxgb2.c |
3062 |
+@@ -1153,6 +1153,7 @@ static int init_one(struct pci_dev *pdev, const struct pci_device_id *ent) |
3063 |
+ if (!adapter->registered_device_map) { |
3064 |
+ pr_err("%s: could not register any net devices\n", |
3065 |
+ pci_name(pdev)); |
3066 |
++ err = -EINVAL; |
3067 |
+ goto out_release_adapter_res; |
3068 |
+ } |
3069 |
+ |
3070 |
+diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c |
3071 |
+index 19165a3548bfd..4fb80ed897f22 100644 |
3072 |
+--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c |
3073 |
++++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c |
3074 |
+@@ -29,6 +29,8 @@ static const char hns3_driver_string[] = |
3075 |
+ static const char hns3_copyright[] = "Copyright (c) 2017 Huawei Corporation."; |
3076 |
+ static struct hnae3_client client; |
3077 |
+ |
3078 |
++#define HNS3_MIN_TUN_PKT_LEN 65U |
3079 |
++ |
3080 |
+ /* hns3_pci_tbl - PCI Device ID Table |
3081 |
+ * |
3082 |
+ * Last entry must be all 0s |
3083 |
+@@ -792,8 +794,11 @@ static int hns3_set_l3l4_type_csum(struct sk_buff *skb, u8 ol4_proto, |
3084 |
+ HNS3_L4T_TCP); |
3085 |
+ break; |
3086 |
+ case IPPROTO_UDP: |
3087 |
+- if (hns3_tunnel_csum_bug(skb)) |
3088 |
+- return skb_checksum_help(skb); |
3089 |
++ if (hns3_tunnel_csum_bug(skb)) { |
3090 |
++ int ret = skb_put_padto(skb, HNS3_MIN_TUN_PKT_LEN); |
3091 |
++ |
3092 |
++ return ret ? ret : skb_checksum_help(skb); |
3093 |
++ } |
3094 |
+ |
3095 |
+ hnae3_set_bit(*type_cs_vlan_tso, HNS3_TXD_L4CS_B, 1); |
3096 |
+ hnae3_set_field(*type_cs_vlan_tso, |
3097 |
+diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c |
3098 |
+index 4008007c2e340..d97641b9928bb 100644 |
3099 |
+--- a/drivers/net/ethernet/ibm/ibmvnic.c |
3100 |
++++ b/drivers/net/ethernet/ibm/ibmvnic.c |
3101 |
+@@ -4038,6 +4038,14 @@ static int handle_login_rsp(union ibmvnic_crq *login_rsp_crq, |
3102 |
+ return 0; |
3103 |
+ } |
3104 |
+ |
3105 |
++ if (adapter->failover_pending) { |
3106 |
++ adapter->init_done_rc = -EAGAIN; |
3107 |
++ netdev_dbg(netdev, "Failover pending, ignoring login response\n"); |
3108 |
++ complete(&adapter->init_done); |
3109 |
++ /* login response buffer will be released on reset */ |
3110 |
++ return 0; |
3111 |
++ } |
3112 |
++ |
3113 |
+ netdev->mtu = adapter->req_mtu - ETH_HLEN; |
3114 |
+ |
3115 |
+ netdev_dbg(adapter->netdev, "Login Response Buffer:\n"); |
3116 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |
3117 |
+index 774f0a619a6da..f0aa7f0e54803 100644 |
3118 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |
3119 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |
3120 |
+@@ -1558,9 +1558,9 @@ static int build_match_list(struct match_list_head *match_head, |
3121 |
+ |
3122 |
+ curr_match = kmalloc(sizeof(*curr_match), GFP_ATOMIC); |
3123 |
+ if (!curr_match) { |
3124 |
++ rcu_read_unlock(); |
3125 |
+ free_match_list(match_head); |
3126 |
+- err = -ENOMEM; |
3127 |
+- goto out; |
3128 |
++ return -ENOMEM; |
3129 |
+ } |
3130 |
+ if (!tree_get_node(&g->node)) { |
3131 |
+ kfree(curr_match); |
3132 |
+@@ -1569,7 +1569,6 @@ static int build_match_list(struct match_list_head *match_head, |
3133 |
+ curr_match->g = g; |
3134 |
+ list_add_tail(&curr_match->list, &match_head->list); |
3135 |
+ } |
3136 |
+-out: |
3137 |
+ rcu_read_unlock(); |
3138 |
+ return err; |
3139 |
+ } |
3140 |
+diff --git a/drivers/net/ethernet/qlogic/qed/qed_main.c b/drivers/net/ethernet/qlogic/qed/qed_main.c |
3141 |
+index 049a83b40e469..9d77f318d11ed 100644 |
3142 |
+--- a/drivers/net/ethernet/qlogic/qed/qed_main.c |
3143 |
++++ b/drivers/net/ethernet/qlogic/qed/qed_main.c |
3144 |
+@@ -439,7 +439,12 @@ static int qed_enable_msix(struct qed_dev *cdev, |
3145 |
+ rc = cnt; |
3146 |
+ } |
3147 |
+ |
3148 |
+- if (rc > 0) { |
3149 |
++ /* For VFs, we should return with an error in case we didn't get the |
3150 |
++ * exact number of msix vectors as we requested. |
3151 |
++ * Not doing that will lead to a crash when starting queues for |
3152 |
++ * this VF. |
3153 |
++ */ |
3154 |
++ if ((IS_PF(cdev) && rc > 0) || (IS_VF(cdev) && rc == cnt)) { |
3155 |
+ /* MSI-x configuration was achieved */ |
3156 |
+ int_params->out.int_mode = QED_INT_MODE_MSIX; |
3157 |
+ int_params->out.num_vectors = rc; |
3158 |
+diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c |
3159 |
+index 0d62db3241bed..d16cadca2f7ef 100644 |
3160 |
+--- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c |
3161 |
++++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c |
3162 |
+@@ -2841,6 +2841,7 @@ qed_mcp_get_nvm_image_att(struct qed_hwfn *p_hwfn, |
3163 |
+ struct qed_nvm_image_att *p_image_att) |
3164 |
+ { |
3165 |
+ enum nvm_image_type type; |
3166 |
++ int rc; |
3167 |
+ u32 i; |
3168 |
+ |
3169 |
+ /* Translate image_id into MFW definitions */ |
3170 |
+@@ -2866,7 +2867,10 @@ qed_mcp_get_nvm_image_att(struct qed_hwfn *p_hwfn, |
3171 |
+ return -EINVAL; |
3172 |
+ } |
3173 |
+ |
3174 |
+- qed_mcp_nvm_info_populate(p_hwfn); |
3175 |
++ rc = qed_mcp_nvm_info_populate(p_hwfn); |
3176 |
++ if (rc) |
3177 |
++ return rc; |
3178 |
++ |
3179 |
+ for (i = 0; i < p_hwfn->nvm_info.num_images; i++) |
3180 |
+ if (type == p_hwfn->nvm_info.image_att[i].image_type) |
3181 |
+ break; |
3182 |
+diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c |
3183 |
+index 1aabb2e7a38b5..756c5943f5e01 100644 |
3184 |
+--- a/drivers/net/ethernet/qlogic/qede/qede_main.c |
3185 |
++++ b/drivers/net/ethernet/qlogic/qede/qede_main.c |
3186 |
+@@ -1676,6 +1676,7 @@ static void qede_sync_free_irqs(struct qede_dev *edev) |
3187 |
+ } |
3188 |
+ |
3189 |
+ edev->int_info.used_cnt = 0; |
3190 |
++ edev->int_info.msix_cnt = 0; |
3191 |
+ } |
3192 |
+ |
3193 |
+ static int qede_req_msix_irqs(struct qede_dev *edev) |
3194 |
+@@ -2193,7 +2194,6 @@ static int qede_load(struct qede_dev *edev, enum qede_load_mode mode, |
3195 |
+ goto out; |
3196 |
+ err4: |
3197 |
+ qede_sync_free_irqs(edev); |
3198 |
+- memset(&edev->int_info.msix_cnt, 0, sizeof(struct qed_int_info)); |
3199 |
+ err3: |
3200 |
+ qede_napi_disable_remove(edev); |
3201 |
+ err2: |
3202 |
+diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_init.c |
3203 |
+index c48a0e2d4d7ef..6a009d51ec510 100644 |
3204 |
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_init.c |
3205 |
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_init.c |
3206 |
+@@ -440,7 +440,6 @@ int qlcnic_pinit_from_rom(struct qlcnic_adapter *adapter) |
3207 |
+ QLCWR32(adapter, QLCNIC_CRB_PEG_NET_4 + 0x3c, 1); |
3208 |
+ msleep(20); |
3209 |
+ |
3210 |
+- qlcnic_rom_unlock(adapter); |
3211 |
+ /* big hammer don't reset CAM block on reset */ |
3212 |
+ QLCWR32(adapter, QLCNIC_ROMUSB_GLB_SW_RESET, 0xfeffffff); |
3213 |
+ |
3214 |
+diff --git a/drivers/net/ethernet/qualcomm/qca_spi.c b/drivers/net/ethernet/qualcomm/qca_spi.c |
3215 |
+index 9d188931bc09e..afd49c7fd87fe 100644 |
3216 |
+--- a/drivers/net/ethernet/qualcomm/qca_spi.c |
3217 |
++++ b/drivers/net/ethernet/qualcomm/qca_spi.c |
3218 |
+@@ -413,7 +413,7 @@ qcaspi_receive(struct qcaspi *qca) |
3219 |
+ skb_put(qca->rx_skb, retcode); |
3220 |
+ qca->rx_skb->protocol = eth_type_trans( |
3221 |
+ qca->rx_skb, qca->rx_skb->dev); |
3222 |
+- qca->rx_skb->ip_summed = CHECKSUM_UNNECESSARY; |
3223 |
++ skb_checksum_none_assert(qca->rx_skb); |
3224 |
+ netif_rx_ni(qca->rx_skb); |
3225 |
+ qca->rx_skb = netdev_alloc_skb_ip_align(net_dev, |
3226 |
+ net_dev->mtu + VLAN_ETH_HLEN); |
3227 |
+diff --git a/drivers/net/ethernet/qualcomm/qca_uart.c b/drivers/net/ethernet/qualcomm/qca_uart.c |
3228 |
+index db6068cd7a1f2..466e9d07697a1 100644 |
3229 |
+--- a/drivers/net/ethernet/qualcomm/qca_uart.c |
3230 |
++++ b/drivers/net/ethernet/qualcomm/qca_uart.c |
3231 |
+@@ -107,7 +107,7 @@ qca_tty_receive(struct serdev_device *serdev, const unsigned char *data, |
3232 |
+ skb_put(qca->rx_skb, retcode); |
3233 |
+ qca->rx_skb->protocol = eth_type_trans( |
3234 |
+ qca->rx_skb, qca->rx_skb->dev); |
3235 |
+- qca->rx_skb->ip_summed = CHECKSUM_UNNECESSARY; |
3236 |
++ skb_checksum_none_assert(qca->rx_skb); |
3237 |
+ netif_rx_ni(qca->rx_skb); |
3238 |
+ qca->rx_skb = netdev_alloc_skb_ip_align(netdev, |
3239 |
+ netdev->mtu + |
3240 |
+diff --git a/drivers/net/ethernet/rdc/r6040.c b/drivers/net/ethernet/rdc/r6040.c |
3241 |
+index aa11b70b9ca48..2199bd08f4d6a 100644 |
3242 |
+--- a/drivers/net/ethernet/rdc/r6040.c |
3243 |
++++ b/drivers/net/ethernet/rdc/r6040.c |
3244 |
+@@ -133,6 +133,8 @@ |
3245 |
+ #define PHY_ST 0x8A /* PHY status register */ |
3246 |
+ #define MAC_SM 0xAC /* MAC status machine */ |
3247 |
+ #define MAC_SM_RST 0x0002 /* MAC status machine reset */ |
3248 |
++#define MD_CSC 0xb6 /* MDC speed control register */ |
3249 |
++#define MD_CSC_DEFAULT 0x0030 |
3250 |
+ #define MAC_ID 0xBE /* Identifier register */ |
3251 |
+ |
3252 |
+ #define TX_DCNT 0x80 /* TX descriptor count */ |
3253 |
+@@ -368,8 +370,9 @@ static void r6040_reset_mac(struct r6040_private *lp) |
3254 |
+ { |
3255 |
+ void __iomem *ioaddr = lp->base; |
3256 |
+ int limit = MAC_DEF_TIMEOUT; |
3257 |
+- u16 cmd; |
3258 |
++ u16 cmd, md_csc; |
3259 |
+ |
3260 |
++ md_csc = ioread16(ioaddr + MD_CSC); |
3261 |
+ iowrite16(MAC_RST, ioaddr + MCR1); |
3262 |
+ while (limit--) { |
3263 |
+ cmd = ioread16(ioaddr + MCR1); |
3264 |
+@@ -381,6 +384,10 @@ static void r6040_reset_mac(struct r6040_private *lp) |
3265 |
+ iowrite16(MAC_SM_RST, ioaddr + MAC_SM); |
3266 |
+ iowrite16(0, ioaddr + MAC_SM); |
3267 |
+ mdelay(5); |
3268 |
++ |
3269 |
++ /* Restore MDIO clock frequency */ |
3270 |
++ if (md_csc != MD_CSC_DEFAULT) |
3271 |
++ iowrite16(md_csc, ioaddr + MD_CSC); |
3272 |
+ } |
3273 |
+ |
3274 |
+ static void r6040_init_mac_regs(struct net_device *dev) |
3275 |
+diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c |
3276 |
+index 394ab9cdfe2c7..c44aea47c1208 100644 |
3277 |
+--- a/drivers/net/ethernet/renesas/sh_eth.c |
3278 |
++++ b/drivers/net/ethernet/renesas/sh_eth.c |
3279 |
+@@ -2547,6 +2547,7 @@ static int sh_eth_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
3280 |
+ else |
3281 |
+ txdesc->status |= cpu_to_le32(TD_TACT); |
3282 |
+ |
3283 |
++ wmb(); /* cur_tx must be incremented after TACT bit was set */ |
3284 |
+ mdp->cur_tx++; |
3285 |
+ |
3286 |
+ if (!(sh_eth_read(ndev, EDTRR) & mdp->cd->edtrr_trns)) |
3287 |
+diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c |
3288 |
+index 0f56f8e336917..03b11f191c262 100644 |
3289 |
+--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c |
3290 |
++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c |
3291 |
+@@ -288,10 +288,7 @@ static int ipq806x_gmac_probe(struct platform_device *pdev) |
3292 |
+ val &= ~NSS_COMMON_GMAC_CTL_PHY_IFACE_SEL; |
3293 |
+ break; |
3294 |
+ default: |
3295 |
+- dev_err(&pdev->dev, "Unsupported PHY mode: \"%s\"\n", |
3296 |
+- phy_modes(gmac->phy_mode)); |
3297 |
+- err = -EINVAL; |
3298 |
+- goto err_remove_config_dt; |
3299 |
++ goto err_unsupported_phy; |
3300 |
+ } |
3301 |
+ regmap_write(gmac->nss_common, NSS_COMMON_GMAC_CTL(gmac->id), val); |
3302 |
+ |
3303 |
+@@ -308,10 +305,7 @@ static int ipq806x_gmac_probe(struct platform_device *pdev) |
3304 |
+ NSS_COMMON_CLK_SRC_CTRL_OFFSET(gmac->id); |
3305 |
+ break; |
3306 |
+ default: |
3307 |
+- dev_err(&pdev->dev, "Unsupported PHY mode: \"%s\"\n", |
3308 |
+- phy_modes(gmac->phy_mode)); |
3309 |
+- err = -EINVAL; |
3310 |
+- goto err_remove_config_dt; |
3311 |
++ goto err_unsupported_phy; |
3312 |
+ } |
3313 |
+ regmap_write(gmac->nss_common, NSS_COMMON_CLK_SRC_CTRL, val); |
3314 |
+ |
3315 |
+@@ -328,8 +322,7 @@ static int ipq806x_gmac_probe(struct platform_device *pdev) |
3316 |
+ NSS_COMMON_CLK_GATE_GMII_TX_EN(gmac->id); |
3317 |
+ break; |
3318 |
+ default: |
3319 |
+- /* We don't get here; the switch above will have errored out */ |
3320 |
+- unreachable(); |
3321 |
++ goto err_unsupported_phy; |
3322 |
+ } |
3323 |
+ regmap_write(gmac->nss_common, NSS_COMMON_CLK_GATE, val); |
3324 |
+ |
3325 |
+@@ -360,6 +353,11 @@ static int ipq806x_gmac_probe(struct platform_device *pdev) |
3326 |
+ |
3327 |
+ return 0; |
3328 |
+ |
3329 |
++err_unsupported_phy: |
3330 |
++ dev_err(&pdev->dev, "Unsupported PHY mode: \"%s\"\n", |
3331 |
++ phy_modes(gmac->phy_mode)); |
3332 |
++ err = -EINVAL; |
3333 |
++ |
3334 |
+ err_remove_config_dt: |
3335 |
+ stmmac_remove_config_dt(pdev, plat_dat); |
3336 |
+ |
3337 |
+diff --git a/drivers/net/ethernet/wiznet/w5100.c b/drivers/net/ethernet/wiznet/w5100.c |
3338 |
+index d8ba512f166ad..41040756307a1 100644 |
3339 |
+--- a/drivers/net/ethernet/wiznet/w5100.c |
3340 |
++++ b/drivers/net/ethernet/wiznet/w5100.c |
3341 |
+@@ -1059,6 +1059,8 @@ static int w5100_mmio_probe(struct platform_device *pdev) |
3342 |
+ mac_addr = data->mac_addr; |
3343 |
+ |
3344 |
+ mem = platform_get_resource(pdev, IORESOURCE_MEM, 0); |
3345 |
++ if (!mem) |
3346 |
++ return -EINVAL; |
3347 |
+ if (resource_size(mem) < W5100_BUS_DIRECT_SIZE) |
3348 |
+ ops = &w5100_mmio_indirect_ops; |
3349 |
+ else |
3350 |
+diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c |
3351 |
+index 939de185bc6b8..178234e94cd16 100644 |
3352 |
+--- a/drivers/net/ethernet/xilinx/ll_temac_main.c |
3353 |
++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c |
3354 |
+@@ -736,10 +736,8 @@ temac_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
3355 |
+ /* Kick off the transfer */ |
3356 |
+ lp->dma_out(lp, TX_TAILDESC_PTR, tail_p); /* DMA start */ |
3357 |
+ |
3358 |
+- if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) { |
3359 |
+- netdev_info(ndev, "%s -> netif_stop_queue\n", __func__); |
3360 |
++ if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) |
3361 |
+ netif_stop_queue(ndev); |
3362 |
+- } |
3363 |
+ |
3364 |
+ return NETDEV_TX_OK; |
3365 |
+ } |
3366 |
+diff --git a/drivers/net/phy/dp83640_reg.h b/drivers/net/phy/dp83640_reg.h |
3367 |
+index 21aa24c741b96..daae7fa58fb82 100644 |
3368 |
+--- a/drivers/net/phy/dp83640_reg.h |
3369 |
++++ b/drivers/net/phy/dp83640_reg.h |
3370 |
+@@ -5,7 +5,7 @@ |
3371 |
+ #ifndef HAVE_DP83640_REGISTERS |
3372 |
+ #define HAVE_DP83640_REGISTERS |
3373 |
+ |
3374 |
+-#define PAGE0 0x0000 |
3375 |
++/* #define PAGE0 0x0000 */ |
3376 |
+ #define PHYCR2 0x001c /* PHY Control Register 2 */ |
3377 |
+ |
3378 |
+ #define PAGE4 0x0004 |
3379 |
+diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c |
3380 |
+index 0362acd5cdcaa..cdd1b193fd4fe 100644 |
3381 |
+--- a/drivers/net/usb/cdc_mbim.c |
3382 |
++++ b/drivers/net/usb/cdc_mbim.c |
3383 |
+@@ -655,6 +655,11 @@ static const struct usb_device_id mbim_devs[] = { |
3384 |
+ .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, |
3385 |
+ }, |
3386 |
+ |
3387 |
++ /* Telit LN920 */ |
3388 |
++ { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1061, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), |
3389 |
++ .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, |
3390 |
++ }, |
3391 |
++ |
3392 |
+ /* default entry */ |
3393 |
+ { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), |
3394 |
+ .driver_info = (unsigned long)&cdc_mbim_info_zlp, |
3395 |
+diff --git a/drivers/net/wireless/ath/ath6kl/wmi.c b/drivers/net/wireless/ath/ath6kl/wmi.c |
3396 |
+index 987ebae8ea0e1..afa7a82ffd5d3 100644 |
3397 |
+--- a/drivers/net/wireless/ath/ath6kl/wmi.c |
3398 |
++++ b/drivers/net/wireless/ath/ath6kl/wmi.c |
3399 |
+@@ -2513,8 +2513,10 @@ static int ath6kl_wmi_sync_point(struct wmi *wmi, u8 if_idx) |
3400 |
+ goto free_data_skb; |
3401 |
+ |
3402 |
+ for (index = 0; index < num_pri_streams; index++) { |
3403 |
+- if (WARN_ON(!data_sync_bufs[index].skb)) |
3404 |
++ if (WARN_ON(!data_sync_bufs[index].skb)) { |
3405 |
++ ret = -ENOMEM; |
3406 |
+ goto free_data_skb; |
3407 |
++ } |
3408 |
+ |
3409 |
+ ep_id = ath6kl_ac2_endpoint_id(wmi->parent_dev, |
3410 |
+ data_sync_bufs[index]. |
3411 |
+diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c |
3412 |
+index 983e1abbd9e43..4d45d5a8ad2ed 100644 |
3413 |
+--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c |
3414 |
++++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c |
3415 |
+@@ -3351,7 +3351,8 @@ found: |
3416 |
+ "Found block at %x: code=%d ref=%d length=%d major=%d minor=%d\n", |
3417 |
+ cptr, code, reference, length, major, minor); |
3418 |
+ if ((!AR_SREV_9485(ah) && length >= 1024) || |
3419 |
+- (AR_SREV_9485(ah) && length > EEPROM_DATA_LEN_9485)) { |
3420 |
++ (AR_SREV_9485(ah) && length > EEPROM_DATA_LEN_9485) || |
3421 |
++ (length > cptr)) { |
3422 |
+ ath_dbg(common, EEPROM, "Skipping bad header\n"); |
3423 |
+ cptr -= COMP_HDR_LEN; |
3424 |
+ continue; |
3425 |
+diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c |
3426 |
+index 9f438d8e59f2f..daad9e7b17cf5 100644 |
3427 |
+--- a/drivers/net/wireless/ath/ath9k/hw.c |
3428 |
++++ b/drivers/net/wireless/ath/ath9k/hw.c |
3429 |
+@@ -1622,7 +1622,6 @@ static void ath9k_hw_apply_gpio_override(struct ath_hw *ah) |
3430 |
+ ath9k_hw_gpio_request_out(ah, i, NULL, |
3431 |
+ AR_GPIO_OUTPUT_MUX_AS_OUTPUT); |
3432 |
+ ath9k_hw_set_gpio(ah, i, !!(ah->gpio_val & BIT(i))); |
3433 |
+- ath9k_hw_gpio_free(ah, i); |
3434 |
+ } |
3435 |
+ } |
3436 |
+ |
3437 |
+@@ -2729,14 +2728,17 @@ static void ath9k_hw_gpio_cfg_output_mux(struct ath_hw *ah, u32 gpio, u32 type) |
3438 |
+ static void ath9k_hw_gpio_cfg_soc(struct ath_hw *ah, u32 gpio, bool out, |
3439 |
+ const char *label) |
3440 |
+ { |
3441 |
++ int err; |
3442 |
++ |
3443 |
+ if (ah->caps.gpio_requested & BIT(gpio)) |
3444 |
+ return; |
3445 |
+ |
3446 |
+- /* may be requested by BSP, free anyway */ |
3447 |
+- gpio_free(gpio); |
3448 |
+- |
3449 |
+- if (gpio_request_one(gpio, out ? GPIOF_OUT_INIT_LOW : GPIOF_IN, label)) |
3450 |
++ err = gpio_request_one(gpio, out ? GPIOF_OUT_INIT_LOW : GPIOF_IN, label); |
3451 |
++ if (err) { |
3452 |
++ ath_err(ath9k_hw_common(ah), "request GPIO%d failed:%d\n", |
3453 |
++ gpio, err); |
3454 |
+ return; |
3455 |
++ } |
3456 |
+ |
3457 |
+ ah->caps.gpio_requested |= BIT(gpio); |
3458 |
+ } |
3459 |
+diff --git a/drivers/ntb/test/ntb_perf.c b/drivers/ntb/test/ntb_perf.c |
3460 |
+index ad5d3919435c9..87a41d0ededc1 100644 |
3461 |
+--- a/drivers/ntb/test/ntb_perf.c |
3462 |
++++ b/drivers/ntb/test/ntb_perf.c |
3463 |
+@@ -600,6 +600,7 @@ static int perf_setup_inbuf(struct perf_peer *peer) |
3464 |
+ return -ENOMEM; |
3465 |
+ } |
3466 |
+ if (!IS_ALIGNED(peer->inbuf_xlat, xlat_align)) { |
3467 |
++ ret = -EINVAL; |
3468 |
+ dev_err(&perf->ntb->dev, "Unaligned inbuf allocated\n"); |
3469 |
+ goto err_free_inbuf; |
3470 |
+ } |
3471 |
+diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c |
3472 |
+index 8798274dc3ba7..ffd6a7204509a 100644 |
3473 |
+--- a/drivers/nvme/host/rdma.c |
3474 |
++++ b/drivers/nvme/host/rdma.c |
3475 |
+@@ -643,13 +643,13 @@ static int nvme_rdma_alloc_io_queues(struct nvme_rdma_ctrl *ctrl) |
3476 |
+ if (ret) |
3477 |
+ return ret; |
3478 |
+ |
3479 |
+- ctrl->ctrl.queue_count = nr_io_queues + 1; |
3480 |
+- if (ctrl->ctrl.queue_count < 2) { |
3481 |
++ if (nr_io_queues == 0) { |
3482 |
+ dev_err(ctrl->ctrl.device, |
3483 |
+ "unable to set any I/O queues\n"); |
3484 |
+ return -ENOMEM; |
3485 |
+ } |
3486 |
+ |
3487 |
++ ctrl->ctrl.queue_count = nr_io_queues + 1; |
3488 |
+ dev_info(ctrl->ctrl.device, |
3489 |
+ "creating %d I/O queues.\n", nr_io_queues); |
3490 |
+ |
3491 |
+diff --git a/drivers/of/kobj.c b/drivers/of/kobj.c |
3492 |
+index a32e60b024b8d..6675b5e56960c 100644 |
3493 |
+--- a/drivers/of/kobj.c |
3494 |
++++ b/drivers/of/kobj.c |
3495 |
+@@ -119,7 +119,7 @@ int __of_attach_node_sysfs(struct device_node *np) |
3496 |
+ struct property *pp; |
3497 |
+ int rc; |
3498 |
+ |
3499 |
+- if (!of_kset) |
3500 |
++ if (!IS_ENABLED(CONFIG_SYSFS) || !of_kset) |
3501 |
+ return 0; |
3502 |
+ |
3503 |
+ np->kobj.kset = of_kset; |
3504 |
+diff --git a/drivers/parport/ieee1284_ops.c b/drivers/parport/ieee1284_ops.c |
3505 |
+index 5d41dda6da4e7..75daa16f38b7f 100644 |
3506 |
+--- a/drivers/parport/ieee1284_ops.c |
3507 |
++++ b/drivers/parport/ieee1284_ops.c |
3508 |
+@@ -535,7 +535,7 @@ size_t parport_ieee1284_ecp_read_data (struct parport *port, |
3509 |
+ goto out; |
3510 |
+ |
3511 |
+ /* Yield the port for a while. */ |
3512 |
+- if (count && dev->port->irq != PARPORT_IRQ_NONE) { |
3513 |
++ if (dev->port->irq != PARPORT_IRQ_NONE) { |
3514 |
+ parport_release (dev); |
3515 |
+ schedule_timeout_interruptible(msecs_to_jiffies(40)); |
3516 |
+ parport_claim_or_block (dev); |
3517 |
+diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c |
3518 |
+index 74aa9da85aa26..a9669b28c2a6d 100644 |
3519 |
+--- a/drivers/pci/controller/pci-aardvark.c |
3520 |
++++ b/drivers/pci/controller/pci-aardvark.c |
3521 |
+@@ -166,7 +166,7 @@ |
3522 |
+ (PCIE_CONF_BUS(bus) | PCIE_CONF_DEV(PCI_SLOT(devfn)) | \ |
3523 |
+ PCIE_CONF_FUNC(PCI_FUNC(devfn)) | PCIE_CONF_REG(where)) |
3524 |
+ |
3525 |
+-#define PIO_RETRY_CNT 500 |
3526 |
++#define PIO_RETRY_CNT 750000 /* 1.5 s */ |
3527 |
+ #define PIO_RETRY_DELAY 2 /* 2 us*/ |
3528 |
+ |
3529 |
+ #define LINK_WAIT_MAX_RETRIES 10 |
3530 |
+@@ -181,6 +181,7 @@ struct advk_pcie { |
3531 |
+ struct list_head resources; |
3532 |
+ struct irq_domain *irq_domain; |
3533 |
+ struct irq_chip irq_chip; |
3534 |
++ raw_spinlock_t irq_lock; |
3535 |
+ struct irq_domain *msi_domain; |
3536 |
+ struct irq_domain *msi_inner_domain; |
3537 |
+ struct irq_chip msi_bottom_irq_chip; |
3538 |
+@@ -603,22 +604,28 @@ static void advk_pcie_irq_mask(struct irq_data *d) |
3539 |
+ { |
3540 |
+ struct advk_pcie *pcie = d->domain->host_data; |
3541 |
+ irq_hw_number_t hwirq = irqd_to_hwirq(d); |
3542 |
++ unsigned long flags; |
3543 |
+ u32 mask; |
3544 |
+ |
3545 |
++ raw_spin_lock_irqsave(&pcie->irq_lock, flags); |
3546 |
+ mask = advk_readl(pcie, PCIE_ISR1_MASK_REG); |
3547 |
+ mask |= PCIE_ISR1_INTX_ASSERT(hwirq); |
3548 |
+ advk_writel(pcie, mask, PCIE_ISR1_MASK_REG); |
3549 |
++ raw_spin_unlock_irqrestore(&pcie->irq_lock, flags); |
3550 |
+ } |
3551 |
+ |
3552 |
+ static void advk_pcie_irq_unmask(struct irq_data *d) |
3553 |
+ { |
3554 |
+ struct advk_pcie *pcie = d->domain->host_data; |
3555 |
+ irq_hw_number_t hwirq = irqd_to_hwirq(d); |
3556 |
++ unsigned long flags; |
3557 |
+ u32 mask; |
3558 |
+ |
3559 |
++ raw_spin_lock_irqsave(&pcie->irq_lock, flags); |
3560 |
+ mask = advk_readl(pcie, PCIE_ISR1_MASK_REG); |
3561 |
+ mask &= ~PCIE_ISR1_INTX_ASSERT(hwirq); |
3562 |
+ advk_writel(pcie, mask, PCIE_ISR1_MASK_REG); |
3563 |
++ raw_spin_unlock_irqrestore(&pcie->irq_lock, flags); |
3564 |
+ } |
3565 |
+ |
3566 |
+ static int advk_pcie_irq_map(struct irq_domain *h, |
3567 |
+@@ -701,6 +708,8 @@ static int advk_pcie_init_irq_domain(struct advk_pcie *pcie) |
3568 |
+ struct device_node *pcie_intc_node; |
3569 |
+ struct irq_chip *irq_chip; |
3570 |
+ |
3571 |
++ raw_spin_lock_init(&pcie->irq_lock); |
3572 |
++ |
3573 |
+ pcie_intc_node = of_get_next_child(node, NULL); |
3574 |
+ if (!pcie_intc_node) { |
3575 |
+ dev_err(dev, "No PCIe Intc node found\n"); |
3576 |
+diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c |
3577 |
+index 4850a1b8eec12..a86bd9660dae9 100644 |
3578 |
+--- a/drivers/pci/controller/pcie-xilinx-nwl.c |
3579 |
++++ b/drivers/pci/controller/pcie-xilinx-nwl.c |
3580 |
+@@ -6,6 +6,7 @@ |
3581 |
+ * (C) Copyright 2014 - 2015, Xilinx, Inc. |
3582 |
+ */ |
3583 |
+ |
3584 |
++#include <linux/clk.h> |
3585 |
+ #include <linux/delay.h> |
3586 |
+ #include <linux/interrupt.h> |
3587 |
+ #include <linux/irq.h> |
3588 |
+@@ -169,6 +170,7 @@ struct nwl_pcie { |
3589 |
+ u8 root_busno; |
3590 |
+ struct nwl_msi msi; |
3591 |
+ struct irq_domain *legacy_irq_domain; |
3592 |
++ struct clk *clk; |
3593 |
+ raw_spinlock_t leg_mask_lock; |
3594 |
+ }; |
3595 |
+ |
3596 |
+@@ -849,6 +851,16 @@ static int nwl_pcie_probe(struct platform_device *pdev) |
3597 |
+ return err; |
3598 |
+ } |
3599 |
+ |
3600 |
++ pcie->clk = devm_clk_get(dev, NULL); |
3601 |
++ if (IS_ERR(pcie->clk)) |
3602 |
++ return PTR_ERR(pcie->clk); |
3603 |
++ |
3604 |
++ err = clk_prepare_enable(pcie->clk); |
3605 |
++ if (err) { |
3606 |
++ dev_err(dev, "can't enable PCIe ref clock\n"); |
3607 |
++ return err; |
3608 |
++ } |
3609 |
++ |
3610 |
+ err = nwl_pcie_bridge_init(pcie); |
3611 |
+ if (err) { |
3612 |
+ dev_err(dev, "HW Initialization failed\n"); |
3613 |
+diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c |
3614 |
+index bc80b0f0ea1ba..f65800d63856b 100644 |
3615 |
+--- a/drivers/pci/msi.c |
3616 |
++++ b/drivers/pci/msi.c |
3617 |
+@@ -754,6 +754,9 @@ static void msix_mask_all(void __iomem *base, int tsize) |
3618 |
+ u32 ctrl = PCI_MSIX_ENTRY_CTRL_MASKBIT; |
3619 |
+ int i; |
3620 |
+ |
3621 |
++ if (pci_msi_ignore_mask) |
3622 |
++ return; |
3623 |
++ |
3624 |
+ for (i = 0; i < tsize; i++, base += PCI_MSIX_ENTRY_SIZE) |
3625 |
+ writel(ctrl, base + PCI_MSIX_ENTRY_VECTOR_CTRL); |
3626 |
+ } |
3627 |
+diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c |
3628 |
+index 9ebf32de85757..97d69b9be1d49 100644 |
3629 |
+--- a/drivers/pci/pci.c |
3630 |
++++ b/drivers/pci/pci.c |
3631 |
+@@ -224,7 +224,7 @@ static int pci_dev_str_match_path(struct pci_dev *dev, const char *path, |
3632 |
+ |
3633 |
+ *endptr = strchrnul(path, ';'); |
3634 |
+ |
3635 |
+- wpath = kmemdup_nul(path, *endptr - path, GFP_KERNEL); |
3636 |
++ wpath = kmemdup_nul(path, *endptr - path, GFP_ATOMIC); |
3637 |
+ if (!wpath) |
3638 |
+ return -ENOMEM; |
3639 |
+ |
3640 |
+@@ -1591,11 +1591,7 @@ static int pci_enable_device_flags(struct pci_dev *dev, unsigned long flags) |
3641 |
+ * so that things like MSI message writing will behave as expected |
3642 |
+ * (e.g. if the device really is in D0 at enable time). |
3643 |
+ */ |
3644 |
+- if (dev->pm_cap) { |
3645 |
+- u16 pmcsr; |
3646 |
+- pci_read_config_word(dev, dev->pm_cap + PCI_PM_CTRL, &pmcsr); |
3647 |
+- dev->current_state = (pmcsr & PCI_PM_CTRL_STATE_MASK); |
3648 |
+- } |
3649 |
++ pci_update_current_state(dev, dev->current_state); |
3650 |
+ |
3651 |
+ if (atomic_inc_return(&dev->enable_cnt) > 1) |
3652 |
+ return 0; /* already enabled */ |
3653 |
+@@ -2170,7 +2166,14 @@ static int __pci_enable_wake(struct pci_dev *dev, pci_power_t state, bool enable |
3654 |
+ if (enable) { |
3655 |
+ int error; |
3656 |
+ |
3657 |
+- if (pci_pme_capable(dev, state)) |
3658 |
++ /* |
3659 |
++ * Enable PME signaling if the device can signal PME from |
3660 |
++ * D3cold regardless of whether or not it can signal PME from |
3661 |
++ * the current target state, because that will allow it to |
3662 |
++ * signal PME when the hierarchy above it goes into D3cold and |
3663 |
++ * the device itself ends up in D3cold as a result of that. |
3664 |
++ */ |
3665 |
++ if (pci_pme_capable(dev, state) || pci_pme_capable(dev, PCI_D3cold)) |
3666 |
+ pci_pme_active(dev, true); |
3667 |
+ else |
3668 |
+ ret = 1; |
3669 |
+@@ -2274,16 +2277,20 @@ static pci_power_t pci_target_state(struct pci_dev *dev, bool wakeup) |
3670 |
+ if (dev->current_state == PCI_D3cold) |
3671 |
+ target_state = PCI_D3cold; |
3672 |
+ |
3673 |
+- if (wakeup) { |
3674 |
++ if (wakeup && dev->pme_support) { |
3675 |
++ pci_power_t state = target_state; |
3676 |
++ |
3677 |
+ /* |
3678 |
+ * Find the deepest state from which the device can generate |
3679 |
+ * PME#. |
3680 |
+ */ |
3681 |
+- if (dev->pme_support) { |
3682 |
+- while (target_state |
3683 |
+- && !(dev->pme_support & (1 << target_state))) |
3684 |
+- target_state--; |
3685 |
+- } |
3686 |
++ while (state && !(dev->pme_support & (1 << state))) |
3687 |
++ state--; |
3688 |
++ |
3689 |
++ if (state) |
3690 |
++ return state; |
3691 |
++ else if (dev->pme_support & 1) |
3692 |
++ return PCI_D0; |
3693 |
+ } |
3694 |
+ |
3695 |
+ return target_state; |
3696 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
3697 |
+index 7e873b6b7d558..4eb8900b9a5cd 100644 |
3698 |
+--- a/drivers/pci/quirks.c |
3699 |
++++ b/drivers/pci/quirks.c |
3700 |
+@@ -3152,12 +3152,13 @@ static void fixup_mpss_256(struct pci_dev *dev) |
3701 |
+ { |
3702 |
+ dev->pcie_mpss = 1; /* 256 bytes */ |
3703 |
+ } |
3704 |
+-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_SOLARFLARE, |
3705 |
+- PCI_DEVICE_ID_SOLARFLARE_SFC4000A_0, fixup_mpss_256); |
3706 |
+-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_SOLARFLARE, |
3707 |
+- PCI_DEVICE_ID_SOLARFLARE_SFC4000A_1, fixup_mpss_256); |
3708 |
+-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_SOLARFLARE, |
3709 |
+- PCI_DEVICE_ID_SOLARFLARE_SFC4000B, fixup_mpss_256); |
3710 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SOLARFLARE, |
3711 |
++ PCI_DEVICE_ID_SOLARFLARE_SFC4000A_0, fixup_mpss_256); |
3712 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SOLARFLARE, |
3713 |
++ PCI_DEVICE_ID_SOLARFLARE_SFC4000A_1, fixup_mpss_256); |
3714 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SOLARFLARE, |
3715 |
++ PCI_DEVICE_ID_SOLARFLARE_SFC4000B, fixup_mpss_256); |
3716 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_ASMEDIA, 0x0612, fixup_mpss_256); |
3717 |
+ |
3718 |
+ /* |
3719 |
+ * Intel 5000 and 5100 Memory controllers have an erratum with read completion |
3720 |
+@@ -4777,6 +4778,10 @@ static const struct pci_dev_acs_enabled { |
3721 |
+ { 0x10df, 0x720, pci_quirk_mf_endpoint_acs }, /* Emulex Skyhawk-R */ |
3722 |
+ /* Cavium ThunderX */ |
3723 |
+ { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs }, |
3724 |
++ /* Cavium multi-function devices */ |
3725 |
++ { PCI_VENDOR_ID_CAVIUM, 0xA026, pci_quirk_mf_endpoint_acs }, |
3726 |
++ { PCI_VENDOR_ID_CAVIUM, 0xA059, pci_quirk_mf_endpoint_acs }, |
3727 |
++ { PCI_VENDOR_ID_CAVIUM, 0xA060, pci_quirk_mf_endpoint_acs }, |
3728 |
+ /* APM X-Gene */ |
3729 |
+ { PCI_VENDOR_ID_AMCC, 0xE004, pci_quirk_xgene_acs }, |
3730 |
+ /* Ampere Computing */ |
3731 |
+@@ -5253,7 +5258,7 @@ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, |
3732 |
+ PCI_CLASS_MULTIMEDIA_HD_AUDIO, 8, quirk_gpu_hda); |
3733 |
+ |
3734 |
+ /* |
3735 |
+- * Create device link for NVIDIA GPU with integrated USB xHCI Host |
3736 |
++ * Create device link for GPUs with integrated USB xHCI Host |
3737 |
+ * controller to VGA. |
3738 |
+ */ |
3739 |
+ static void quirk_gpu_usb(struct pci_dev *usb) |
3740 |
+@@ -5262,9 +5267,11 @@ static void quirk_gpu_usb(struct pci_dev *usb) |
3741 |
+ } |
3742 |
+ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, |
3743 |
+ PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb); |
3744 |
++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID, |
3745 |
++ PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb); |
3746 |
+ |
3747 |
+ /* |
3748 |
+- * Create device link for NVIDIA GPU with integrated Type-C UCSI controller |
3749 |
++ * Create device link for GPUs with integrated Type-C UCSI controller |
3750 |
+ * to VGA. Currently there is no class code defined for UCSI device over PCI |
3751 |
+ * so using UNKNOWN class for now and it will be updated when UCSI |
3752 |
+ * over PCI gets a class code. |
3753 |
+@@ -5277,6 +5284,9 @@ static void quirk_gpu_usb_typec_ucsi(struct pci_dev *ucsi) |
3754 |
+ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, |
3755 |
+ PCI_CLASS_SERIAL_UNKNOWN, 8, |
3756 |
+ quirk_gpu_usb_typec_ucsi); |
3757 |
++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID, |
3758 |
++ PCI_CLASS_SERIAL_UNKNOWN, 8, |
3759 |
++ quirk_gpu_usb_typec_ucsi); |
3760 |
+ |
3761 |
+ /* |
3762 |
+ * Enable the NVIDIA GPU integrated HDA controller if the BIOS left it |
3763 |
+diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c |
3764 |
+index a7bdd10fccf33..68ac8a0f5c72e 100644 |
3765 |
+--- a/drivers/pci/syscall.c |
3766 |
++++ b/drivers/pci/syscall.c |
3767 |
+@@ -21,8 +21,10 @@ SYSCALL_DEFINE5(pciconfig_read, unsigned long, bus, unsigned long, dfn, |
3768 |
+ long err; |
3769 |
+ int cfg_ret; |
3770 |
+ |
3771 |
++ err = -EPERM; |
3772 |
++ dev = NULL; |
3773 |
+ if (!capable(CAP_SYS_ADMIN)) |
3774 |
+- return -EPERM; |
3775 |
++ goto error; |
3776 |
+ |
3777 |
+ err = -ENODEV; |
3778 |
+ dev = pci_get_domain_bus_and_slot(0, bus, dfn); |
3779 |
+diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c |
3780 |
+index 04a4e761e9a9c..c2f807bf34899 100644 |
3781 |
+--- a/drivers/pinctrl/pinctrl-single.c |
3782 |
++++ b/drivers/pinctrl/pinctrl-single.c |
3783 |
+@@ -1201,6 +1201,7 @@ static int pcs_parse_bits_in_pinctrl_entry(struct pcs_device *pcs, |
3784 |
+ |
3785 |
+ if (PCS_HAS_PINCONF) { |
3786 |
+ dev_err(pcs->dev, "pinconf not supported\n"); |
3787 |
++ res = -ENOTSUPP; |
3788 |
+ goto free_pingroups; |
3789 |
+ } |
3790 |
+ |
3791 |
+diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.c b/drivers/pinctrl/samsung/pinctrl-samsung.c |
3792 |
+index c05217edcb0e0..82407e4a16427 100644 |
3793 |
+--- a/drivers/pinctrl/samsung/pinctrl-samsung.c |
3794 |
++++ b/drivers/pinctrl/samsung/pinctrl-samsung.c |
3795 |
+@@ -918,7 +918,7 @@ static int samsung_pinctrl_register(struct platform_device *pdev, |
3796 |
+ pin_bank->grange.pin_base = drvdata->pin_base |
3797 |
+ + pin_bank->pin_base; |
3798 |
+ pin_bank->grange.base = pin_bank->grange.pin_base; |
3799 |
+- pin_bank->grange.npins = pin_bank->gpio_chip.ngpio; |
3800 |
++ pin_bank->grange.npins = pin_bank->nr_pins; |
3801 |
+ pin_bank->grange.gc = &pin_bank->gpio_chip; |
3802 |
+ pinctrl_add_gpio_range(drvdata->pctl_dev, &pin_bank->grange); |
3803 |
+ } |
3804 |
+diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c |
3805 |
+index ac784ac66ac34..2b807c8aa869c 100644 |
3806 |
+--- a/drivers/platform/chrome/cros_ec_proto.c |
3807 |
++++ b/drivers/platform/chrome/cros_ec_proto.c |
3808 |
+@@ -219,6 +219,15 @@ static int cros_ec_host_command_proto_query(struct cros_ec_device *ec_dev, |
3809 |
+ msg->insize = sizeof(struct ec_response_get_protocol_info); |
3810 |
+ |
3811 |
+ ret = send_command(ec_dev, msg); |
3812 |
++ /* |
3813 |
++ * Send command once again when timeout occurred. |
3814 |
++ * Fingerprint MCU (FPMCU) is restarted during system boot which |
3815 |
++ * introduces small window in which FPMCU won't respond for any |
3816 |
++ * messages sent by kernel. There is no need to wait before next |
3817 |
++ * attempt because we waited at least EC_MSG_DEADLINE_MS. |
3818 |
++ */ |
3819 |
++ if (ret == -ETIMEDOUT) |
3820 |
++ ret = send_command(ec_dev, msg); |
3821 |
+ |
3822 |
+ if (ret < 0) { |
3823 |
+ dev_dbg(ec_dev->dev, |
3824 |
+diff --git a/drivers/platform/x86/dell-smbios-wmi.c b/drivers/platform/x86/dell-smbios-wmi.c |
3825 |
+index ccccce9b67efe..0ebcf412f6ca0 100644 |
3826 |
+--- a/drivers/platform/x86/dell-smbios-wmi.c |
3827 |
++++ b/drivers/platform/x86/dell-smbios-wmi.c |
3828 |
+@@ -72,6 +72,7 @@ static int run_smbios_call(struct wmi_device *wdev) |
3829 |
+ if (obj->type == ACPI_TYPE_INTEGER) |
3830 |
+ dev_dbg(&wdev->dev, "SMBIOS call failed: %llu\n", |
3831 |
+ obj->integer.value); |
3832 |
++ kfree(output.pointer); |
3833 |
+ return -EIO; |
3834 |
+ } |
3835 |
+ memcpy(&priv->buf->std, obj->buffer.pointer, obj->buffer.length); |
3836 |
+diff --git a/drivers/power/supply/axp288_fuel_gauge.c b/drivers/power/supply/axp288_fuel_gauge.c |
3837 |
+index 157cf5ec6b023..1641868c345c2 100644 |
3838 |
+--- a/drivers/power/supply/axp288_fuel_gauge.c |
3839 |
++++ b/drivers/power/supply/axp288_fuel_gauge.c |
3840 |
+@@ -158,7 +158,7 @@ static int fuel_gauge_reg_readb(struct axp288_fg_info *info, int reg) |
3841 |
+ } |
3842 |
+ |
3843 |
+ if (ret < 0) { |
3844 |
+- dev_err(&info->pdev->dev, "axp288 reg read err:%d\n", ret); |
3845 |
++ dev_err(&info->pdev->dev, "Error reading reg 0x%02x err: %d\n", reg, ret); |
3846 |
+ return ret; |
3847 |
+ } |
3848 |
+ |
3849 |
+@@ -172,7 +172,7 @@ static int fuel_gauge_reg_writeb(struct axp288_fg_info *info, int reg, u8 val) |
3850 |
+ ret = regmap_write(info->regmap, reg, (unsigned int)val); |
3851 |
+ |
3852 |
+ if (ret < 0) |
3853 |
+- dev_err(&info->pdev->dev, "axp288 reg write err:%d\n", ret); |
3854 |
++ dev_err(&info->pdev->dev, "Error writing reg 0x%02x err: %d\n", reg, ret); |
3855 |
+ |
3856 |
+ return ret; |
3857 |
+ } |
3858 |
+diff --git a/drivers/power/supply/max17042_battery.c b/drivers/power/supply/max17042_battery.c |
3859 |
+index 00a3a581e0795..a1518eb6f6c0d 100644 |
3860 |
+--- a/drivers/power/supply/max17042_battery.c |
3861 |
++++ b/drivers/power/supply/max17042_battery.c |
3862 |
+@@ -740,7 +740,7 @@ static inline void max17042_override_por_values(struct max17042_chip *chip) |
3863 |
+ struct max17042_config_data *config = chip->pdata->config_data; |
3864 |
+ |
3865 |
+ max17042_override_por(map, MAX17042_TGAIN, config->tgain); |
3866 |
+- max17042_override_por(map, MAx17042_TOFF, config->toff); |
3867 |
++ max17042_override_por(map, MAX17042_TOFF, config->toff); |
3868 |
+ max17042_override_por(map, MAX17042_CGAIN, config->cgain); |
3869 |
+ max17042_override_por(map, MAX17042_COFF, config->coff); |
3870 |
+ |
3871 |
+@@ -856,8 +856,12 @@ static irqreturn_t max17042_thread_handler(int id, void *dev) |
3872 |
+ { |
3873 |
+ struct max17042_chip *chip = dev; |
3874 |
+ u32 val; |
3875 |
++ int ret; |
3876 |
++ |
3877 |
++ ret = regmap_read(chip->regmap, MAX17042_STATUS, &val); |
3878 |
++ if (ret) |
3879 |
++ return IRQ_HANDLED; |
3880 |
+ |
3881 |
+- regmap_read(chip->regmap, MAX17042_STATUS, &val); |
3882 |
+ if ((val & STATUS_INTR_SOCMIN_BIT) || |
3883 |
+ (val & STATUS_INTR_SOCMAX_BIT)) { |
3884 |
+ dev_info(&chip->client->dev, "SOC threshold INTR\n"); |
3885 |
+diff --git a/drivers/rtc/rtc-tps65910.c b/drivers/rtc/rtc-tps65910.c |
3886 |
+index a9bbd022aeefe..9f10af7ac6efd 100644 |
3887 |
+--- a/drivers/rtc/rtc-tps65910.c |
3888 |
++++ b/drivers/rtc/rtc-tps65910.c |
3889 |
+@@ -470,6 +470,6 @@ static struct platform_driver tps65910_rtc_driver = { |
3890 |
+ }; |
3891 |
+ |
3892 |
+ module_platform_driver(tps65910_rtc_driver); |
3893 |
+-MODULE_ALIAS("platform:rtc-tps65910"); |
3894 |
++MODULE_ALIAS("platform:tps65910-rtc"); |
3895 |
+ MODULE_AUTHOR("Venu Byravarasu <vbyravarasu@××××××.com>"); |
3896 |
+ MODULE_LICENSE("GPL"); |
3897 |
+diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c |
3898 |
+index 825a8f2703b4f..6efe50d70c4bf 100644 |
3899 |
+--- a/drivers/s390/cio/css.c |
3900 |
++++ b/drivers/s390/cio/css.c |
3901 |
+@@ -364,9 +364,26 @@ static ssize_t pimpampom_show(struct device *dev, |
3902 |
+ } |
3903 |
+ static DEVICE_ATTR_RO(pimpampom); |
3904 |
+ |
3905 |
++static ssize_t dev_busid_show(struct device *dev, |
3906 |
++ struct device_attribute *attr, |
3907 |
++ char *buf) |
3908 |
++{ |
3909 |
++ struct subchannel *sch = to_subchannel(dev); |
3910 |
++ struct pmcw *pmcw = &sch->schib.pmcw; |
3911 |
++ |
3912 |
++ if ((pmcw->st == SUBCHANNEL_TYPE_IO || |
3913 |
++ pmcw->st == SUBCHANNEL_TYPE_MSG) && pmcw->dnv) |
3914 |
++ return sysfs_emit(buf, "0.%x.%04x\n", sch->schid.ssid, |
3915 |
++ pmcw->dev); |
3916 |
++ else |
3917 |
++ return sysfs_emit(buf, "none\n"); |
3918 |
++} |
3919 |
++static DEVICE_ATTR_RO(dev_busid); |
3920 |
++ |
3921 |
+ static struct attribute *io_subchannel_type_attrs[] = { |
3922 |
+ &dev_attr_chpids.attr, |
3923 |
+ &dev_attr_pimpampom.attr, |
3924 |
++ &dev_attr_dev_busid.attr, |
3925 |
+ NULL, |
3926 |
+ }; |
3927 |
+ ATTRIBUTE_GROUPS(io_subchannel_type); |
3928 |
+diff --git a/drivers/scsi/BusLogic.c b/drivers/scsi/BusLogic.c |
3929 |
+index 79b5c5457cc22..b8dd9986809b4 100644 |
3930 |
+--- a/drivers/scsi/BusLogic.c |
3931 |
++++ b/drivers/scsi/BusLogic.c |
3932 |
+@@ -3605,7 +3605,7 @@ static void blogic_msg(enum blogic_msglevel msglevel, char *fmt, |
3933 |
+ if (buf[0] != '\n' || len > 1) |
3934 |
+ printk("%sscsi%d: %s", blogic_msglevelmap[msglevel], adapter->host_no, buf); |
3935 |
+ } else |
3936 |
+- printk("%s", buf); |
3937 |
++ pr_cont("%s", buf); |
3938 |
+ } else { |
3939 |
+ if (begin) { |
3940 |
+ if (adapter != NULL && adapter->adapter_initd) |
3941 |
+@@ -3613,7 +3613,7 @@ static void blogic_msg(enum blogic_msglevel msglevel, char *fmt, |
3942 |
+ else |
3943 |
+ printk("%s%s", blogic_msglevelmap[msglevel], buf); |
3944 |
+ } else |
3945 |
+- printk("%s", buf); |
3946 |
++ pr_cont("%s", buf); |
3947 |
+ } |
3948 |
+ begin = (buf[len - 1] == '\n'); |
3949 |
+ } |
3950 |
+diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c |
3951 |
+index 7665fd641886e..ab66e1f0fdfa3 100644 |
3952 |
+--- a/drivers/scsi/qedi/qedi_main.c |
3953 |
++++ b/drivers/scsi/qedi/qedi_main.c |
3954 |
+@@ -1507,7 +1507,7 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi) |
3955 |
+ { |
3956 |
+ u32 *list; |
3957 |
+ int i; |
3958 |
+- int status = 0, rc; |
3959 |
++ int status; |
3960 |
+ u32 *pbl; |
3961 |
+ dma_addr_t page; |
3962 |
+ int num_pages; |
3963 |
+@@ -1518,14 +1518,14 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi) |
3964 |
+ */ |
3965 |
+ if (!qedi->num_queues) { |
3966 |
+ QEDI_ERR(&qedi->dbg_ctx, "No MSI-X vectors available!\n"); |
3967 |
+- return 1; |
3968 |
++ return -ENOMEM; |
3969 |
+ } |
3970 |
+ |
3971 |
+ /* Make sure we allocated the PBL that will contain the physical |
3972 |
+ * addresses of our queues |
3973 |
+ */ |
3974 |
+ if (!qedi->p_cpuq) { |
3975 |
+- status = 1; |
3976 |
++ status = -EINVAL; |
3977 |
+ goto mem_alloc_failure; |
3978 |
+ } |
3979 |
+ |
3980 |
+@@ -1540,13 +1540,13 @@ static int qedi_alloc_global_queues(struct qedi_ctx *qedi) |
3981 |
+ "qedi->global_queues=%p.\n", qedi->global_queues); |
3982 |
+ |
3983 |
+ /* Allocate DMA coherent buffers for BDQ */ |
3984 |
+- rc = qedi_alloc_bdq(qedi); |
3985 |
+- if (rc) |
3986 |
++ status = qedi_alloc_bdq(qedi); |
3987 |
++ if (status) |
3988 |
+ goto mem_alloc_failure; |
3989 |
+ |
3990 |
+ /* Allocate DMA coherent buffers for NVM_ISCSI_CFG */ |
3991 |
+- rc = qedi_alloc_nvm_iscsi_cfg(qedi); |
3992 |
+- if (rc) |
3993 |
++ status = qedi_alloc_nvm_iscsi_cfg(qedi); |
3994 |
++ if (status) |
3995 |
+ goto mem_alloc_failure; |
3996 |
+ |
3997 |
+ /* Allocate a CQ and an associated PBL for each MSI-X |
3998 |
+diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c |
3999 |
+index 7821c1695e824..dcd0f058f23e0 100644 |
4000 |
+--- a/drivers/scsi/qla2xxx/qla_nvme.c |
4001 |
++++ b/drivers/scsi/qla2xxx/qla_nvme.c |
4002 |
+@@ -88,8 +88,9 @@ static int qla_nvme_alloc_queue(struct nvme_fc_local_port *lport, |
4003 |
+ struct qla_hw_data *ha; |
4004 |
+ struct qla_qpair *qpair; |
4005 |
+ |
4006 |
+- if (!qidx) |
4007 |
+- qidx++; |
4008 |
++ /* Map admin queue and 1st IO queue to index 0 */ |
4009 |
++ if (qidx) |
4010 |
++ qidx--; |
4011 |
+ |
4012 |
+ vha = (struct scsi_qla_host *)lport->private; |
4013 |
+ ha = vha->hw; |
4014 |
+diff --git a/drivers/soc/qcom/smsm.c b/drivers/soc/qcom/smsm.c |
4015 |
+index 50214b620865e..2b49d2c212dab 100644 |
4016 |
+--- a/drivers/soc/qcom/smsm.c |
4017 |
++++ b/drivers/soc/qcom/smsm.c |
4018 |
+@@ -117,7 +117,7 @@ struct smsm_entry { |
4019 |
+ DECLARE_BITMAP(irq_enabled, 32); |
4020 |
+ DECLARE_BITMAP(irq_rising, 32); |
4021 |
+ DECLARE_BITMAP(irq_falling, 32); |
4022 |
+- u32 last_value; |
4023 |
++ unsigned long last_value; |
4024 |
+ |
4025 |
+ u32 *remote_state; |
4026 |
+ u32 *subscription; |
4027 |
+@@ -212,8 +212,7 @@ static irqreturn_t smsm_intr(int irq, void *data) |
4028 |
+ u32 val; |
4029 |
+ |
4030 |
+ val = readl(entry->remote_state); |
4031 |
+- changed = val ^ entry->last_value; |
4032 |
+- entry->last_value = val; |
4033 |
++ changed = val ^ xchg(&entry->last_value, val); |
4034 |
+ |
4035 |
+ for_each_set_bit(i, entry->irq_enabled, 32) { |
4036 |
+ if (!(changed & BIT(i))) |
4037 |
+@@ -274,6 +273,12 @@ static void smsm_unmask_irq(struct irq_data *irqd) |
4038 |
+ struct qcom_smsm *smsm = entry->smsm; |
4039 |
+ u32 val; |
4040 |
+ |
4041 |
++ /* Make sure our last cached state is up-to-date */ |
4042 |
++ if (readl(entry->remote_state) & BIT(irq)) |
4043 |
++ set_bit(irq, &entry->last_value); |
4044 |
++ else |
4045 |
++ clear_bit(irq, &entry->last_value); |
4046 |
++ |
4047 |
+ set_bit(irq, entry->irq_enabled); |
4048 |
+ |
4049 |
+ if (entry->subscription) { |
4050 |
+diff --git a/drivers/soc/rockchip/Kconfig b/drivers/soc/rockchip/Kconfig |
4051 |
+index 20da55d9cbb1e..d483b0e29b81f 100644 |
4052 |
+--- a/drivers/soc/rockchip/Kconfig |
4053 |
++++ b/drivers/soc/rockchip/Kconfig |
4054 |
+@@ -5,8 +5,8 @@ if ARCH_ROCKCHIP || COMPILE_TEST |
4055 |
+ # |
4056 |
+ |
4057 |
+ config ROCKCHIP_GRF |
4058 |
+- bool |
4059 |
+- default y |
4060 |
++ bool "Rockchip General Register Files support" if COMPILE_TEST |
4061 |
++ default y if ARCH_ROCKCHIP |
4062 |
+ help |
4063 |
+ The General Register Files are a central component providing |
4064 |
+ special additional settings registers for a lot of soc-components. |
4065 |
+diff --git a/drivers/spi/spi-fsl-dspi.c b/drivers/spi/spi-fsl-dspi.c |
4066 |
+index 25486ee8379b6..cfbf1ffb61bff 100644 |
4067 |
+--- a/drivers/spi/spi-fsl-dspi.c |
4068 |
++++ b/drivers/spi/spi-fsl-dspi.c |
4069 |
+@@ -430,6 +430,7 @@ static int dspi_request_dma(struct fsl_dspi *dspi, phys_addr_t phy_addr) |
4070 |
+ goto err_rx_dma_buf; |
4071 |
+ } |
4072 |
+ |
4073 |
++ memset(&cfg, 0, sizeof(cfg)); |
4074 |
+ cfg.src_addr = phy_addr + SPI_POPR; |
4075 |
+ cfg.dst_addr = phy_addr + SPI_PUSHR; |
4076 |
+ cfg.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; |
4077 |
+diff --git a/drivers/spi/spi-pic32.c b/drivers/spi/spi-pic32.c |
4078 |
+index 661a40c653e90..d8cdb13ce3e4a 100644 |
4079 |
+--- a/drivers/spi/spi-pic32.c |
4080 |
++++ b/drivers/spi/spi-pic32.c |
4081 |
+@@ -369,6 +369,7 @@ static int pic32_spi_dma_config(struct pic32_spi *pic32s, u32 dma_width) |
4082 |
+ struct dma_slave_config cfg; |
4083 |
+ int ret; |
4084 |
+ |
4085 |
++ memset(&cfg, 0, sizeof(cfg)); |
4086 |
+ cfg.device_fc = true; |
4087 |
+ cfg.src_addr = pic32s->dma_base + buf_offset; |
4088 |
+ cfg.dst_addr = pic32s->dma_base + buf_offset; |
4089 |
+diff --git a/drivers/spi/spi-sprd-adi.c b/drivers/spi/spi-sprd-adi.c |
4090 |
+index e41976010dc48..97f44458ee7b7 100644 |
4091 |
+--- a/drivers/spi/spi-sprd-adi.c |
4092 |
++++ b/drivers/spi/spi-sprd-adi.c |
4093 |
+@@ -99,7 +99,7 @@ |
4094 |
+ #define HWRST_STATUS_SPRDISK 0xc0 |
4095 |
+ |
4096 |
+ /* Use default timeout 50 ms that converts to watchdog values */ |
4097 |
+-#define WDG_LOAD_VAL ((50 * 1000) / 32768) |
4098 |
++#define WDG_LOAD_VAL ((50 * 32768) / 1000) |
4099 |
+ #define WDG_LOAD_MASK GENMASK(15, 0) |
4100 |
+ #define WDG_UNLOCK_KEY 0xe551 |
4101 |
+ |
4102 |
+diff --git a/drivers/staging/board/board.c b/drivers/staging/board/board.c |
4103 |
+index cb6feb34dd401..f980af0373452 100644 |
4104 |
+--- a/drivers/staging/board/board.c |
4105 |
++++ b/drivers/staging/board/board.c |
4106 |
+@@ -136,6 +136,7 @@ int __init board_staging_register_clock(const struct board_staging_clk *bsc) |
4107 |
+ static int board_staging_add_dev_domain(struct platform_device *pdev, |
4108 |
+ const char *domain) |
4109 |
+ { |
4110 |
++ struct device *dev = &pdev->dev; |
4111 |
+ struct of_phandle_args pd_args; |
4112 |
+ struct device_node *np; |
4113 |
+ |
4114 |
+@@ -148,7 +149,11 @@ static int board_staging_add_dev_domain(struct platform_device *pdev, |
4115 |
+ pd_args.np = np; |
4116 |
+ pd_args.args_count = 0; |
4117 |
+ |
4118 |
+- return of_genpd_add_device(&pd_args, &pdev->dev); |
4119 |
++ /* Initialization similar to device_pm_init_common() */ |
4120 |
++ spin_lock_init(&dev->power.lock); |
4121 |
++ dev->power.early_init = true; |
4122 |
++ |
4123 |
++ return of_genpd_add_device(&pd_args, dev); |
4124 |
+ } |
4125 |
+ #else |
4126 |
+ static inline int board_staging_add_dev_domain(struct platform_device *pdev, |
4127 |
+diff --git a/drivers/staging/ks7010/ks7010_sdio.c b/drivers/staging/ks7010/ks7010_sdio.c |
4128 |
+index 74551eb717fc7..79d0513bd2828 100644 |
4129 |
+--- a/drivers/staging/ks7010/ks7010_sdio.c |
4130 |
++++ b/drivers/staging/ks7010/ks7010_sdio.c |
4131 |
+@@ -938,9 +938,9 @@ static void ks7010_private_init(struct ks_wlan_private *priv, |
4132 |
+ memset(&priv->wstats, 0, sizeof(priv->wstats)); |
4133 |
+ |
4134 |
+ /* sleep mode */ |
4135 |
++ atomic_set(&priv->sleepstatus.status, 0); |
4136 |
+ atomic_set(&priv->sleepstatus.doze_request, 0); |
4137 |
+ atomic_set(&priv->sleepstatus.wakeup_request, 0); |
4138 |
+- atomic_set(&priv->sleepstatus.wakeup_request, 0); |
4139 |
+ |
4140 |
+ trx_device_init(priv); |
4141 |
+ hostif_init(priv); |
4142 |
+diff --git a/drivers/staging/rts5208/rtsx_scsi.c b/drivers/staging/rts5208/rtsx_scsi.c |
4143 |
+index c9a6d97938f63..68889d082c3c7 100644 |
4144 |
+--- a/drivers/staging/rts5208/rtsx_scsi.c |
4145 |
++++ b/drivers/staging/rts5208/rtsx_scsi.c |
4146 |
+@@ -2841,10 +2841,10 @@ static int get_ms_information(struct scsi_cmnd *srb, struct rtsx_chip *chip) |
4147 |
+ } |
4148 |
+ |
4149 |
+ if (dev_info_id == 0x15) { |
4150 |
+- buf_len = 0x3A; |
4151 |
++ buf_len = 0x3C; |
4152 |
+ data_len = 0x3A; |
4153 |
+ } else { |
4154 |
+- buf_len = 0x6A; |
4155 |
++ buf_len = 0x6C; |
4156 |
+ data_len = 0x6A; |
4157 |
+ } |
4158 |
+ |
4159 |
+@@ -2895,11 +2895,7 @@ static int get_ms_information(struct scsi_cmnd *srb, struct rtsx_chip *chip) |
4160 |
+ } |
4161 |
+ |
4162 |
+ rtsx_stor_set_xfer_buf(buf, buf_len, srb); |
4163 |
+- |
4164 |
+- if (dev_info_id == 0x15) |
4165 |
+- scsi_set_resid(srb, scsi_bufflen(srb) - 0x3C); |
4166 |
+- else |
4167 |
+- scsi_set_resid(srb, scsi_bufflen(srb) - 0x6C); |
4168 |
++ scsi_set_resid(srb, scsi_bufflen(srb) - buf_len); |
4169 |
+ |
4170 |
+ kfree(buf); |
4171 |
+ return STATUS_SUCCESS; |
4172 |
+diff --git a/drivers/tty/hvc/hvsi.c b/drivers/tty/hvc/hvsi.c |
4173 |
+index 66f95f758be05..73226337f5610 100644 |
4174 |
+--- a/drivers/tty/hvc/hvsi.c |
4175 |
++++ b/drivers/tty/hvc/hvsi.c |
4176 |
+@@ -1038,7 +1038,7 @@ static const struct tty_operations hvsi_ops = { |
4177 |
+ |
4178 |
+ static int __init hvsi_init(void) |
4179 |
+ { |
4180 |
+- int i; |
4181 |
++ int i, ret; |
4182 |
+ |
4183 |
+ hvsi_driver = alloc_tty_driver(hvsi_count); |
4184 |
+ if (!hvsi_driver) |
4185 |
+@@ -1069,12 +1069,25 @@ static int __init hvsi_init(void) |
4186 |
+ } |
4187 |
+ hvsi_wait = wait_for_state; /* irqs active now */ |
4188 |
+ |
4189 |
+- if (tty_register_driver(hvsi_driver)) |
4190 |
+- panic("Couldn't register hvsi console driver\n"); |
4191 |
++ ret = tty_register_driver(hvsi_driver); |
4192 |
++ if (ret) { |
4193 |
++ pr_err("Couldn't register hvsi console driver\n"); |
4194 |
++ goto err_free_irq; |
4195 |
++ } |
4196 |
+ |
4197 |
+ printk(KERN_DEBUG "HVSI: registered %i devices\n", hvsi_count); |
4198 |
+ |
4199 |
+ return 0; |
4200 |
++err_free_irq: |
4201 |
++ hvsi_wait = poll_for_state; |
4202 |
++ for (i = 0; i < hvsi_count; i++) { |
4203 |
++ struct hvsi_struct *hp = &hvsi_ports[i]; |
4204 |
++ |
4205 |
++ free_irq(hp->virq, hp); |
4206 |
++ } |
4207 |
++ tty_driver_kref_put(hvsi_driver); |
4208 |
++ |
4209 |
++ return ret; |
4210 |
+ } |
4211 |
+ device_initcall(hvsi_init); |
4212 |
+ |
4213 |
+diff --git a/drivers/tty/serial/8250/8250_pci.c b/drivers/tty/serial/8250/8250_pci.c |
4214 |
+index 725e5842b8acc..f54c18e4ae909 100644 |
4215 |
+--- a/drivers/tty/serial/8250/8250_pci.c |
4216 |
++++ b/drivers/tty/serial/8250/8250_pci.c |
4217 |
+@@ -70,7 +70,7 @@ static void moan_device(const char *str, struct pci_dev *dev) |
4218 |
+ |
4219 |
+ static int |
4220 |
+ setup_port(struct serial_private *priv, struct uart_8250_port *port, |
4221 |
+- int bar, int offset, int regshift) |
4222 |
++ u8 bar, unsigned int offset, int regshift) |
4223 |
+ { |
4224 |
+ struct pci_dev *dev = priv->dev; |
4225 |
+ |
4226 |
+diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c |
4227 |
+index 68f71298c11b5..39e821d6e5376 100644 |
4228 |
+--- a/drivers/tty/serial/8250/8250_port.c |
4229 |
++++ b/drivers/tty/serial/8250/8250_port.c |
4230 |
+@@ -132,7 +132,8 @@ static const struct serial8250_config uart_config[] = { |
4231 |
+ .name = "16C950/954", |
4232 |
+ .fifo_size = 128, |
4233 |
+ .tx_loadsz = 128, |
4234 |
+- .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10, |
4235 |
++ .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_01, |
4236 |
++ .rxtrig_bytes = {16, 32, 112, 120}, |
4237 |
+ /* UART_CAP_EFR breaks billionon CF bluetooth card. */ |
4238 |
+ .flags = UART_CAP_FIFO | UART_CAP_SLEEP, |
4239 |
+ }, |
4240 |
+diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c |
4241 |
+index deb9d4fa9cb09..b757fd1bdbfa5 100644 |
4242 |
+--- a/drivers/tty/serial/fsl_lpuart.c |
4243 |
++++ b/drivers/tty/serial/fsl_lpuart.c |
4244 |
+@@ -2164,7 +2164,7 @@ static int lpuart_probe(struct platform_device *pdev) |
4245 |
+ return PTR_ERR(sport->port.membase); |
4246 |
+ |
4247 |
+ sport->port.membase += sdata->reg_off; |
4248 |
+- sport->port.mapbase = res->start; |
4249 |
++ sport->port.mapbase = res->start + sdata->reg_off; |
4250 |
+ sport->port.dev = &pdev->dev; |
4251 |
+ sport->port.type = PORT_LPUART; |
4252 |
+ ret = platform_get_irq(pdev, 0); |
4253 |
+diff --git a/drivers/tty/serial/jsm/jsm_neo.c b/drivers/tty/serial/jsm/jsm_neo.c |
4254 |
+index bf0e2a4cb0cef..c6f927a76c3be 100644 |
4255 |
+--- a/drivers/tty/serial/jsm/jsm_neo.c |
4256 |
++++ b/drivers/tty/serial/jsm/jsm_neo.c |
4257 |
+@@ -815,7 +815,9 @@ static void neo_parse_isr(struct jsm_board *brd, u32 port) |
4258 |
+ /* Parse any modem signal changes */ |
4259 |
+ jsm_dbg(INTR, &ch->ch_bd->pci_dev, |
4260 |
+ "MOD_STAT: sending to parse_modem_sigs\n"); |
4261 |
++ spin_lock_irqsave(&ch->uart_port.lock, lock_flags); |
4262 |
+ neo_parse_modem(ch, readb(&ch->ch_neo_uart->msr)); |
4263 |
++ spin_unlock_irqrestore(&ch->uart_port.lock, lock_flags); |
4264 |
+ } |
4265 |
+ } |
4266 |
+ |
4267 |
+diff --git a/drivers/tty/serial/jsm/jsm_tty.c b/drivers/tty/serial/jsm/jsm_tty.c |
4268 |
+index 689774c073ca4..8438454ca653f 100644 |
4269 |
+--- a/drivers/tty/serial/jsm/jsm_tty.c |
4270 |
++++ b/drivers/tty/serial/jsm/jsm_tty.c |
4271 |
+@@ -187,6 +187,7 @@ static void jsm_tty_break(struct uart_port *port, int break_state) |
4272 |
+ |
4273 |
+ static int jsm_tty_open(struct uart_port *port) |
4274 |
+ { |
4275 |
++ unsigned long lock_flags; |
4276 |
+ struct jsm_board *brd; |
4277 |
+ struct jsm_channel *channel = |
4278 |
+ container_of(port, struct jsm_channel, uart_port); |
4279 |
+@@ -240,6 +241,7 @@ static int jsm_tty_open(struct uart_port *port) |
4280 |
+ channel->ch_cached_lsr = 0; |
4281 |
+ channel->ch_stops_sent = 0; |
4282 |
+ |
4283 |
++ spin_lock_irqsave(&port->lock, lock_flags); |
4284 |
+ termios = &port->state->port.tty->termios; |
4285 |
+ channel->ch_c_cflag = termios->c_cflag; |
4286 |
+ channel->ch_c_iflag = termios->c_iflag; |
4287 |
+@@ -259,6 +261,7 @@ static int jsm_tty_open(struct uart_port *port) |
4288 |
+ jsm_carrier(channel); |
4289 |
+ |
4290 |
+ channel->ch_open_count++; |
4291 |
++ spin_unlock_irqrestore(&port->lock, lock_flags); |
4292 |
+ |
4293 |
+ jsm_dbg(OPEN, &channel->ch_bd->pci_dev, "finish\n"); |
4294 |
+ return 0; |
4295 |
+diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c |
4296 |
+index db5b11879910c..6f44c5f0ef3aa 100644 |
4297 |
+--- a/drivers/tty/serial/sh-sci.c |
4298 |
++++ b/drivers/tty/serial/sh-sci.c |
4299 |
+@@ -1750,6 +1750,10 @@ static irqreturn_t sci_br_interrupt(int irq, void *ptr) |
4300 |
+ |
4301 |
+ /* Handle BREAKs */ |
4302 |
+ sci_handle_breaks(port); |
4303 |
++ |
4304 |
++ /* drop invalid character received before break was detected */ |
4305 |
++ serial_port_in(port, SCxRDR); |
4306 |
++ |
4307 |
+ sci_clear_SCxSR(port, SCxSR_BREAK_CLEAR(port)); |
4308 |
+ |
4309 |
+ return IRQ_HANDLED; |
4310 |
+@@ -1829,7 +1833,8 @@ static irqreturn_t sci_mpxed_interrupt(int irq, void *ptr) |
4311 |
+ ret = sci_er_interrupt(irq, ptr); |
4312 |
+ |
4313 |
+ /* Break Interrupt */ |
4314 |
+- if ((ssr_status & SCxSR_BRK(port)) && err_enabled) |
4315 |
++ if (s->irqs[SCIx_ERI_IRQ] != s->irqs[SCIx_BRI_IRQ] && |
4316 |
++ (ssr_status & SCxSR_BRK(port)) && err_enabled) |
4317 |
+ ret = sci_br_interrupt(irq, ptr); |
4318 |
+ |
4319 |
+ /* Overrun Interrupt */ |
4320 |
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
4321 |
+index 9e9343adc2b46..b6f42d0ee6269 100644 |
4322 |
+--- a/drivers/tty/tty_io.c |
4323 |
++++ b/drivers/tty/tty_io.c |
4324 |
+@@ -2173,8 +2173,6 @@ static int tty_fasync(int fd, struct file *filp, int on) |
4325 |
+ * Locking: |
4326 |
+ * Called functions take tty_ldiscs_lock |
4327 |
+ * current->signal->tty check is safe without locks |
4328 |
+- * |
4329 |
+- * FIXME: may race normal receive processing |
4330 |
+ */ |
4331 |
+ |
4332 |
+ static int tiocsti(struct tty_struct *tty, char __user *p) |
4333 |
+@@ -2190,8 +2188,10 @@ static int tiocsti(struct tty_struct *tty, char __user *p) |
4334 |
+ ld = tty_ldisc_ref_wait(tty); |
4335 |
+ if (!ld) |
4336 |
+ return -EIO; |
4337 |
++ tty_buffer_lock_exclusive(tty->port); |
4338 |
+ if (ld->ops->receive_buf) |
4339 |
+ ld->ops->receive_buf(tty, &ch, &mbz, 1); |
4340 |
++ tty_buffer_unlock_exclusive(tty->port); |
4341 |
+ tty_ldisc_deref(ld); |
4342 |
+ return 0; |
4343 |
+ } |
4344 |
+diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c |
4345 |
+index d85bb3ba8263f..a76ed4acb5700 100644 |
4346 |
+--- a/drivers/usb/gadget/composite.c |
4347 |
++++ b/drivers/usb/gadget/composite.c |
4348 |
+@@ -481,7 +481,7 @@ static u8 encode_bMaxPower(enum usb_device_speed speed, |
4349 |
+ { |
4350 |
+ unsigned val; |
4351 |
+ |
4352 |
+- if (c->MaxPower) |
4353 |
++ if (c->MaxPower || (c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) |
4354 |
+ val = c->MaxPower; |
4355 |
+ else |
4356 |
+ val = CONFIG_USB_GADGET_VBUS_DRAW; |
4357 |
+@@ -891,7 +891,11 @@ static int set_config(struct usb_composite_dev *cdev, |
4358 |
+ } |
4359 |
+ |
4360 |
+ /* when we return, be sure our power usage is valid */ |
4361 |
+- power = c->MaxPower ? c->MaxPower : CONFIG_USB_GADGET_VBUS_DRAW; |
4362 |
++ if (c->MaxPower || (c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) |
4363 |
++ power = c->MaxPower; |
4364 |
++ else |
4365 |
++ power = CONFIG_USB_GADGET_VBUS_DRAW; |
4366 |
++ |
4367 |
+ if (gadget->speed < USB_SPEED_SUPER) |
4368 |
+ power = min(power, 500U); |
4369 |
+ else |
4370 |
+diff --git a/drivers/usb/gadget/function/u_ether.c b/drivers/usb/gadget/function/u_ether.c |
4371 |
+index 156651df6b4da..d7a12161e5531 100644 |
4372 |
+--- a/drivers/usb/gadget/function/u_ether.c |
4373 |
++++ b/drivers/usb/gadget/function/u_ether.c |
4374 |
+@@ -491,8 +491,9 @@ static netdev_tx_t eth_start_xmit(struct sk_buff *skb, |
4375 |
+ } |
4376 |
+ spin_unlock_irqrestore(&dev->lock, flags); |
4377 |
+ |
4378 |
+- if (skb && !in) { |
4379 |
+- dev_kfree_skb_any(skb); |
4380 |
++ if (!in) { |
4381 |
++ if (skb) |
4382 |
++ dev_kfree_skb_any(skb); |
4383 |
+ return NETDEV_TX_OK; |
4384 |
+ } |
4385 |
+ |
4386 |
+diff --git a/drivers/usb/gadget/udc/at91_udc.c b/drivers/usb/gadget/udc/at91_udc.c |
4387 |
+index 03959dc86cfd8..dd5cdcdfa4030 100644 |
4388 |
+--- a/drivers/usb/gadget/udc/at91_udc.c |
4389 |
++++ b/drivers/usb/gadget/udc/at91_udc.c |
4390 |
+@@ -1879,7 +1879,9 @@ static int at91udc_probe(struct platform_device *pdev) |
4391 |
+ clk_disable(udc->iclk); |
4392 |
+ |
4393 |
+ /* request UDC and maybe VBUS irqs */ |
4394 |
+- udc->udp_irq = platform_get_irq(pdev, 0); |
4395 |
++ udc->udp_irq = retval = platform_get_irq(pdev, 0); |
4396 |
++ if (retval < 0) |
4397 |
++ goto err_unprepare_iclk; |
4398 |
+ retval = devm_request_irq(dev, udc->udp_irq, at91_udc_irq, 0, |
4399 |
+ driver_name, udc); |
4400 |
+ if (retval) { |
4401 |
+diff --git a/drivers/usb/gadget/udc/bdc/bdc_core.c b/drivers/usb/gadget/udc/bdc/bdc_core.c |
4402 |
+index e174b1b889da5..d04de117bf639 100644 |
4403 |
+--- a/drivers/usb/gadget/udc/bdc/bdc_core.c |
4404 |
++++ b/drivers/usb/gadget/udc/bdc/bdc_core.c |
4405 |
+@@ -568,7 +568,8 @@ static int bdc_probe(struct platform_device *pdev) |
4406 |
+ if (ret) { |
4407 |
+ dev_err(dev, |
4408 |
+ "No suitable DMA config available, abort\n"); |
4409 |
+- return -ENOTSUPP; |
4410 |
++ ret = -ENOTSUPP; |
4411 |
++ goto phycleanup; |
4412 |
+ } |
4413 |
+ dev_dbg(dev, "Using 32-bit address\n"); |
4414 |
+ } |
4415 |
+diff --git a/drivers/usb/gadget/udc/mv_u3d_core.c b/drivers/usb/gadget/udc/mv_u3d_core.c |
4416 |
+index 35e02a8d0091a..bdba3f48c0527 100644 |
4417 |
+--- a/drivers/usb/gadget/udc/mv_u3d_core.c |
4418 |
++++ b/drivers/usb/gadget/udc/mv_u3d_core.c |
4419 |
+@@ -1922,14 +1922,6 @@ static int mv_u3d_probe(struct platform_device *dev) |
4420 |
+ goto err_get_irq; |
4421 |
+ } |
4422 |
+ u3d->irq = r->start; |
4423 |
+- if (request_irq(u3d->irq, mv_u3d_irq, |
4424 |
+- IRQF_SHARED, driver_name, u3d)) { |
4425 |
+- u3d->irq = 0; |
4426 |
+- dev_err(&dev->dev, "Request irq %d for u3d failed\n", |
4427 |
+- u3d->irq); |
4428 |
+- retval = -ENODEV; |
4429 |
+- goto err_request_irq; |
4430 |
+- } |
4431 |
+ |
4432 |
+ /* initialize gadget structure */ |
4433 |
+ u3d->gadget.ops = &mv_u3d_ops; /* usb_gadget_ops */ |
4434 |
+@@ -1942,6 +1934,15 @@ static int mv_u3d_probe(struct platform_device *dev) |
4435 |
+ |
4436 |
+ mv_u3d_eps_init(u3d); |
4437 |
+ |
4438 |
++ if (request_irq(u3d->irq, mv_u3d_irq, |
4439 |
++ IRQF_SHARED, driver_name, u3d)) { |
4440 |
++ u3d->irq = 0; |
4441 |
++ dev_err(&dev->dev, "Request irq %d for u3d failed\n", |
4442 |
++ u3d->irq); |
4443 |
++ retval = -ENODEV; |
4444 |
++ goto err_request_irq; |
4445 |
++ } |
4446 |
++ |
4447 |
+ /* external vbus detection */ |
4448 |
+ if (u3d->vbus) { |
4449 |
+ u3d->clock_gating = 1; |
4450 |
+@@ -1965,8 +1966,8 @@ static int mv_u3d_probe(struct platform_device *dev) |
4451 |
+ |
4452 |
+ err_unregister: |
4453 |
+ free_irq(u3d->irq, u3d); |
4454 |
+-err_request_irq: |
4455 |
+ err_get_irq: |
4456 |
++err_request_irq: |
4457 |
+ kfree(u3d->status_req); |
4458 |
+ err_alloc_status_req: |
4459 |
+ kfree(u3d->eps); |
4460 |
+diff --git a/drivers/usb/host/ehci-orion.c b/drivers/usb/host/ehci-orion.c |
4461 |
+index 1ad72647a0691..da0f36af0b380 100644 |
4462 |
+--- a/drivers/usb/host/ehci-orion.c |
4463 |
++++ b/drivers/usb/host/ehci-orion.c |
4464 |
+@@ -250,8 +250,11 @@ static int ehci_orion_drv_probe(struct platform_device *pdev) |
4465 |
+ * the clock does not exists. |
4466 |
+ */ |
4467 |
+ priv->clk = devm_clk_get(&pdev->dev, NULL); |
4468 |
+- if (!IS_ERR(priv->clk)) |
4469 |
+- clk_prepare_enable(priv->clk); |
4470 |
++ if (!IS_ERR(priv->clk)) { |
4471 |
++ err = clk_prepare_enable(priv->clk); |
4472 |
++ if (err) |
4473 |
++ goto err_put_hcd; |
4474 |
++ } |
4475 |
+ |
4476 |
+ priv->phy = devm_phy_optional_get(&pdev->dev, "usb"); |
4477 |
+ if (IS_ERR(priv->phy)) { |
4478 |
+@@ -312,6 +315,7 @@ err_phy_init: |
4479 |
+ err_phy_get: |
4480 |
+ if (!IS_ERR(priv->clk)) |
4481 |
+ clk_disable_unprepare(priv->clk); |
4482 |
++err_put_hcd: |
4483 |
+ usb_put_hcd(hcd); |
4484 |
+ err: |
4485 |
+ dev_err(&pdev->dev, "init %s fail, %d\n", |
4486 |
+diff --git a/drivers/usb/host/fotg210-hcd.c b/drivers/usb/host/fotg210-hcd.c |
4487 |
+index 226b38274a6ef..1577424319613 100644 |
4488 |
+--- a/drivers/usb/host/fotg210-hcd.c |
4489 |
++++ b/drivers/usb/host/fotg210-hcd.c |
4490 |
+@@ -2509,11 +2509,6 @@ retry_xacterr: |
4491 |
+ return count; |
4492 |
+ } |
4493 |
+ |
4494 |
+-/* high bandwidth multiplier, as encoded in highspeed endpoint descriptors */ |
4495 |
+-#define hb_mult(wMaxPacketSize) (1 + (((wMaxPacketSize) >> 11) & 0x03)) |
4496 |
+-/* ... and packet size, for any kind of endpoint descriptor */ |
4497 |
+-#define max_packet(wMaxPacketSize) ((wMaxPacketSize) & 0x07ff) |
4498 |
+- |
4499 |
+ /* reverse of qh_urb_transaction: free a list of TDs. |
4500 |
+ * used for cleanup after errors, before HC sees an URB's TDs. |
4501 |
+ */ |
4502 |
+@@ -2599,7 +2594,7 @@ static struct list_head *qh_urb_transaction(struct fotg210_hcd *fotg210, |
4503 |
+ token |= (1 /* "in" */ << 8); |
4504 |
+ /* else it's already initted to "out" pid (0 << 8) */ |
4505 |
+ |
4506 |
+- maxpacket = max_packet(usb_maxpacket(urb->dev, urb->pipe, !is_input)); |
4507 |
++ maxpacket = usb_maxpacket(urb->dev, urb->pipe, !is_input); |
4508 |
+ |
4509 |
+ /* |
4510 |
+ * buffer gets wrapped in one or more qtds; |
4511 |
+@@ -2713,9 +2708,11 @@ static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb, |
4512 |
+ gfp_t flags) |
4513 |
+ { |
4514 |
+ struct fotg210_qh *qh = fotg210_qh_alloc(fotg210, flags); |
4515 |
++ struct usb_host_endpoint *ep; |
4516 |
+ u32 info1 = 0, info2 = 0; |
4517 |
+ int is_input, type; |
4518 |
+ int maxp = 0; |
4519 |
++ int mult; |
4520 |
+ struct usb_tt *tt = urb->dev->tt; |
4521 |
+ struct fotg210_qh_hw *hw; |
4522 |
+ |
4523 |
+@@ -2730,14 +2727,15 @@ static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb, |
4524 |
+ |
4525 |
+ is_input = usb_pipein(urb->pipe); |
4526 |
+ type = usb_pipetype(urb->pipe); |
4527 |
+- maxp = usb_maxpacket(urb->dev, urb->pipe, !is_input); |
4528 |
++ ep = usb_pipe_endpoint(urb->dev, urb->pipe); |
4529 |
++ maxp = usb_endpoint_maxp(&ep->desc); |
4530 |
++ mult = usb_endpoint_maxp_mult(&ep->desc); |
4531 |
+ |
4532 |
+ /* 1024 byte maxpacket is a hardware ceiling. High bandwidth |
4533 |
+ * acts like up to 3KB, but is built from smaller packets. |
4534 |
+ */ |
4535 |
+- if (max_packet(maxp) > 1024) { |
4536 |
+- fotg210_dbg(fotg210, "bogus qh maxpacket %d\n", |
4537 |
+- max_packet(maxp)); |
4538 |
++ if (maxp > 1024) { |
4539 |
++ fotg210_dbg(fotg210, "bogus qh maxpacket %d\n", maxp); |
4540 |
+ goto done; |
4541 |
+ } |
4542 |
+ |
4543 |
+@@ -2751,8 +2749,7 @@ static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb, |
4544 |
+ */ |
4545 |
+ if (type == PIPE_INTERRUPT) { |
4546 |
+ qh->usecs = NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH, |
4547 |
+- is_input, 0, |
4548 |
+- hb_mult(maxp) * max_packet(maxp))); |
4549 |
++ is_input, 0, mult * maxp)); |
4550 |
+ qh->start = NO_FRAME; |
4551 |
+ |
4552 |
+ if (urb->dev->speed == USB_SPEED_HIGH) { |
4553 |
+@@ -2789,7 +2786,7 @@ static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb, |
4554 |
+ think_time = tt ? tt->think_time : 0; |
4555 |
+ qh->tt_usecs = NS_TO_US(think_time + |
4556 |
+ usb_calc_bus_time(urb->dev->speed, |
4557 |
+- is_input, 0, max_packet(maxp))); |
4558 |
++ is_input, 0, maxp)); |
4559 |
+ qh->period = urb->interval; |
4560 |
+ if (qh->period > fotg210->periodic_size) { |
4561 |
+ qh->period = fotg210->periodic_size; |
4562 |
+@@ -2852,11 +2849,11 @@ static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb, |
4563 |
+ * to help them do so. So now people expect to use |
4564 |
+ * such nonconformant devices with Linux too; sigh. |
4565 |
+ */ |
4566 |
+- info1 |= max_packet(maxp) << 16; |
4567 |
++ info1 |= maxp << 16; |
4568 |
+ info2 |= (FOTG210_TUNE_MULT_HS << 30); |
4569 |
+ } else { /* PIPE_INTERRUPT */ |
4570 |
+- info1 |= max_packet(maxp) << 16; |
4571 |
+- info2 |= hb_mult(maxp) << 30; |
4572 |
++ info1 |= maxp << 16; |
4573 |
++ info2 |= mult << 30; |
4574 |
+ } |
4575 |
+ break; |
4576 |
+ default: |
4577 |
+@@ -3926,6 +3923,7 @@ static void iso_stream_init(struct fotg210_hcd *fotg210, |
4578 |
+ int is_input; |
4579 |
+ long bandwidth; |
4580 |
+ unsigned multi; |
4581 |
++ struct usb_host_endpoint *ep; |
4582 |
+ |
4583 |
+ /* |
4584 |
+ * this might be a "high bandwidth" highspeed endpoint, |
4585 |
+@@ -3933,14 +3931,14 @@ static void iso_stream_init(struct fotg210_hcd *fotg210, |
4586 |
+ */ |
4587 |
+ epnum = usb_pipeendpoint(pipe); |
4588 |
+ is_input = usb_pipein(pipe) ? USB_DIR_IN : 0; |
4589 |
+- maxp = usb_maxpacket(dev, pipe, !is_input); |
4590 |
++ ep = usb_pipe_endpoint(dev, pipe); |
4591 |
++ maxp = usb_endpoint_maxp(&ep->desc); |
4592 |
+ if (is_input) |
4593 |
+ buf1 = (1 << 11); |
4594 |
+ else |
4595 |
+ buf1 = 0; |
4596 |
+ |
4597 |
+- maxp = max_packet(maxp); |
4598 |
+- multi = hb_mult(maxp); |
4599 |
++ multi = usb_endpoint_maxp_mult(&ep->desc); |
4600 |
+ buf1 |= maxp; |
4601 |
+ maxp *= multi; |
4602 |
+ |
4603 |
+@@ -4461,13 +4459,12 @@ static bool itd_complete(struct fotg210_hcd *fotg210, struct fotg210_itd *itd) |
4604 |
+ |
4605 |
+ /* HC need not update length with this error */ |
4606 |
+ if (!(t & FOTG210_ISOC_BABBLE)) { |
4607 |
+- desc->actual_length = |
4608 |
+- fotg210_itdlen(urb, desc, t); |
4609 |
++ desc->actual_length = FOTG210_ITD_LENGTH(t); |
4610 |
+ urb->actual_length += desc->actual_length; |
4611 |
+ } |
4612 |
+ } else if (likely((t & FOTG210_ISOC_ACTIVE) == 0)) { |
4613 |
+ desc->status = 0; |
4614 |
+- desc->actual_length = fotg210_itdlen(urb, desc, t); |
4615 |
++ desc->actual_length = FOTG210_ITD_LENGTH(t); |
4616 |
+ urb->actual_length += desc->actual_length; |
4617 |
+ } else { |
4618 |
+ /* URB was too late */ |
4619 |
+diff --git a/drivers/usb/host/fotg210.h b/drivers/usb/host/fotg210.h |
4620 |
+index 7fcd785c7bc85..0f1da9503bc67 100644 |
4621 |
+--- a/drivers/usb/host/fotg210.h |
4622 |
++++ b/drivers/usb/host/fotg210.h |
4623 |
+@@ -683,11 +683,6 @@ static inline unsigned fotg210_read_frame_index(struct fotg210_hcd *fotg210) |
4624 |
+ return fotg210_readl(fotg210, &fotg210->regs->frame_index); |
4625 |
+ } |
4626 |
+ |
4627 |
+-#define fotg210_itdlen(urb, desc, t) ({ \ |
4628 |
+- usb_pipein((urb)->pipe) ? \ |
4629 |
+- (desc)->length - FOTG210_ITD_LENGTH(t) : \ |
4630 |
+- FOTG210_ITD_LENGTH(t); \ |
4631 |
+-}) |
4632 |
+ /*-------------------------------------------------------------------------*/ |
4633 |
+ |
4634 |
+ #endif /* __LINUX_FOTG210_H */ |
4635 |
+diff --git a/drivers/usb/host/ohci-tmio.c b/drivers/usb/host/ohci-tmio.c |
4636 |
+index a631dbb369d76..983a00e2988dc 100644 |
4637 |
+--- a/drivers/usb/host/ohci-tmio.c |
4638 |
++++ b/drivers/usb/host/ohci-tmio.c |
4639 |
+@@ -199,6 +199,9 @@ static int ohci_hcd_tmio_drv_probe(struct platform_device *dev) |
4640 |
+ if (!cell) |
4641 |
+ return -EINVAL; |
4642 |
+ |
4643 |
++ if (irq < 0) |
4644 |
++ return irq; |
4645 |
++ |
4646 |
+ hcd = usb_create_hcd(&ohci_tmio_hc_driver, &dev->dev, dev_name(&dev->dev)); |
4647 |
+ if (!hcd) { |
4648 |
+ ret = -ENOMEM; |
4649 |
+diff --git a/drivers/usb/host/xhci-rcar.c b/drivers/usb/host/xhci-rcar.c |
4650 |
+index 2b0ccd150209f..4ebbe2c232926 100644 |
4651 |
+--- a/drivers/usb/host/xhci-rcar.c |
4652 |
++++ b/drivers/usb/host/xhci-rcar.c |
4653 |
+@@ -143,6 +143,13 @@ static int xhci_rcar_download_firmware(struct usb_hcd *hcd) |
4654 |
+ const struct soc_device_attribute *attr; |
4655 |
+ const char *firmware_name; |
4656 |
+ |
4657 |
++ /* |
4658 |
++ * According to the datasheet, "Upon the completion of FW Download, |
4659 |
++ * there is no need to write or reload FW". |
4660 |
++ */ |
4661 |
++ if (readl(regs + RCAR_USB3_DL_CTRL) & RCAR_USB3_DL_CTRL_FW_SUCCESS) |
4662 |
++ return 0; |
4663 |
++ |
4664 |
+ attr = soc_device_match(rcar_quirks_match); |
4665 |
+ if (attr) |
4666 |
+ quirks = (uintptr_t)attr->data; |
4667 |
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c |
4668 |
+index c4e3760abd5b4..bebab0ec29786 100644 |
4669 |
+--- a/drivers/usb/host/xhci.c |
4670 |
++++ b/drivers/usb/host/xhci.c |
4671 |
+@@ -4580,19 +4580,19 @@ static u16 xhci_calculate_u1_timeout(struct xhci_hcd *xhci, |
4672 |
+ { |
4673 |
+ unsigned long long timeout_ns; |
4674 |
+ |
4675 |
+- if (xhci->quirks & XHCI_INTEL_HOST) |
4676 |
+- timeout_ns = xhci_calculate_intel_u1_timeout(udev, desc); |
4677 |
+- else |
4678 |
+- timeout_ns = udev->u1_params.sel; |
4679 |
+- |
4680 |
+ /* Prevent U1 if service interval is shorter than U1 exit latency */ |
4681 |
+ if (usb_endpoint_xfer_int(desc) || usb_endpoint_xfer_isoc(desc)) { |
4682 |
+- if (xhci_service_interval_to_ns(desc) <= timeout_ns) { |
4683 |
++ if (xhci_service_interval_to_ns(desc) <= udev->u1_params.mel) { |
4684 |
+ dev_dbg(&udev->dev, "Disable U1, ESIT shorter than exit latency\n"); |
4685 |
+ return USB3_LPM_DISABLED; |
4686 |
+ } |
4687 |
+ } |
4688 |
+ |
4689 |
++ if (xhci->quirks & XHCI_INTEL_HOST) |
4690 |
++ timeout_ns = xhci_calculate_intel_u1_timeout(udev, desc); |
4691 |
++ else |
4692 |
++ timeout_ns = udev->u1_params.sel; |
4693 |
++ |
4694 |
+ /* The U1 timeout is encoded in 1us intervals. |
4695 |
+ * Don't return a timeout of zero, because that's USB3_LPM_DISABLED. |
4696 |
+ */ |
4697 |
+@@ -4644,19 +4644,19 @@ static u16 xhci_calculate_u2_timeout(struct xhci_hcd *xhci, |
4698 |
+ { |
4699 |
+ unsigned long long timeout_ns; |
4700 |
+ |
4701 |
+- if (xhci->quirks & XHCI_INTEL_HOST) |
4702 |
+- timeout_ns = xhci_calculate_intel_u2_timeout(udev, desc); |
4703 |
+- else |
4704 |
+- timeout_ns = udev->u2_params.sel; |
4705 |
+- |
4706 |
+ /* Prevent U2 if service interval is shorter than U2 exit latency */ |
4707 |
+ if (usb_endpoint_xfer_int(desc) || usb_endpoint_xfer_isoc(desc)) { |
4708 |
+- if (xhci_service_interval_to_ns(desc) <= timeout_ns) { |
4709 |
++ if (xhci_service_interval_to_ns(desc) <= udev->u2_params.mel) { |
4710 |
+ dev_dbg(&udev->dev, "Disable U2, ESIT shorter than exit latency\n"); |
4711 |
+ return USB3_LPM_DISABLED; |
4712 |
+ } |
4713 |
+ } |
4714 |
+ |
4715 |
++ if (xhci->quirks & XHCI_INTEL_HOST) |
4716 |
++ timeout_ns = xhci_calculate_intel_u2_timeout(udev, desc); |
4717 |
++ else |
4718 |
++ timeout_ns = udev->u2_params.sel; |
4719 |
++ |
4720 |
+ /* The U2 timeout is encoded in 256us intervals */ |
4721 |
+ timeout_ns = DIV_ROUND_UP_ULL(timeout_ns, 256 * 1000); |
4722 |
+ /* If the necessary timeout value is bigger than what we can set in the |
4723 |
+diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c |
4724 |
+index 3828ed6d38a21..270721cf229f7 100644 |
4725 |
+--- a/drivers/usb/mtu3/mtu3_gadget.c |
4726 |
++++ b/drivers/usb/mtu3/mtu3_gadget.c |
4727 |
+@@ -69,14 +69,12 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) |
4728 |
+ u32 interval = 0; |
4729 |
+ u32 mult = 0; |
4730 |
+ u32 burst = 0; |
4731 |
+- int max_packet; |
4732 |
+ int ret; |
4733 |
+ |
4734 |
+ desc = mep->desc; |
4735 |
+ comp_desc = mep->comp_desc; |
4736 |
+ mep->type = usb_endpoint_type(desc); |
4737 |
+- max_packet = usb_endpoint_maxp(desc); |
4738 |
+- mep->maxp = max_packet & GENMASK(10, 0); |
4739 |
++ mep->maxp = usb_endpoint_maxp(desc); |
4740 |
+ |
4741 |
+ switch (mtu->g.speed) { |
4742 |
+ case USB_SPEED_SUPER: |
4743 |
+@@ -97,7 +95,7 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) |
4744 |
+ usb_endpoint_xfer_int(desc)) { |
4745 |
+ interval = desc->bInterval; |
4746 |
+ interval = clamp_val(interval, 1, 16) - 1; |
4747 |
+- burst = (max_packet & GENMASK(12, 11)) >> 11; |
4748 |
++ mult = usb_endpoint_maxp_mult(desc) - 1; |
4749 |
+ } |
4750 |
+ break; |
4751 |
+ default: |
4752 |
+diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c |
4753 |
+index 403eb97915f8a..2f6708b8b5c2f 100644 |
4754 |
+--- a/drivers/usb/musb/musb_dsps.c |
4755 |
++++ b/drivers/usb/musb/musb_dsps.c |
4756 |
+@@ -892,23 +892,22 @@ static int dsps_probe(struct platform_device *pdev) |
4757 |
+ if (!glue->usbss_base) |
4758 |
+ return -ENXIO; |
4759 |
+ |
4760 |
+- if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) { |
4761 |
+- ret = dsps_setup_optional_vbus_irq(pdev, glue); |
4762 |
+- if (ret) |
4763 |
+- goto err_iounmap; |
4764 |
+- } |
4765 |
+- |
4766 |
+ platform_set_drvdata(pdev, glue); |
4767 |
+ pm_runtime_enable(&pdev->dev); |
4768 |
+ ret = dsps_create_musb_pdev(glue, pdev); |
4769 |
+ if (ret) |
4770 |
+ goto err; |
4771 |
+ |
4772 |
++ if (usb_get_dr_mode(&pdev->dev) == USB_DR_MODE_PERIPHERAL) { |
4773 |
++ ret = dsps_setup_optional_vbus_irq(pdev, glue); |
4774 |
++ if (ret) |
4775 |
++ goto err; |
4776 |
++ } |
4777 |
++ |
4778 |
+ return 0; |
4779 |
+ |
4780 |
+ err: |
4781 |
+ pm_runtime_disable(&pdev->dev); |
4782 |
+-err_iounmap: |
4783 |
+ iounmap(glue->usbss_base); |
4784 |
+ return ret; |
4785 |
+ } |
4786 |
+diff --git a/drivers/usb/phy/phy-fsl-usb.c b/drivers/usb/phy/phy-fsl-usb.c |
4787 |
+index f7c96d209eda7..981db219234e4 100644 |
4788 |
+--- a/drivers/usb/phy/phy-fsl-usb.c |
4789 |
++++ b/drivers/usb/phy/phy-fsl-usb.c |
4790 |
+@@ -873,6 +873,8 @@ int usb_otg_start(struct platform_device *pdev) |
4791 |
+ |
4792 |
+ /* request irq */ |
4793 |
+ p_otg->irq = platform_get_irq(pdev, 0); |
4794 |
++ if (p_otg->irq < 0) |
4795 |
++ return p_otg->irq; |
4796 |
+ status = request_irq(p_otg->irq, fsl_otg_isr, |
4797 |
+ IRQF_SHARED, driver_name, p_otg); |
4798 |
+ if (status) { |
4799 |
+diff --git a/drivers/usb/phy/phy-tahvo.c b/drivers/usb/phy/phy-tahvo.c |
4800 |
+index 0981abc3d1adc..60d390e28289f 100644 |
4801 |
+--- a/drivers/usb/phy/phy-tahvo.c |
4802 |
++++ b/drivers/usb/phy/phy-tahvo.c |
4803 |
+@@ -396,7 +396,9 @@ static int tahvo_usb_probe(struct platform_device *pdev) |
4804 |
+ |
4805 |
+ dev_set_drvdata(&pdev->dev, tu); |
4806 |
+ |
4807 |
+- tu->irq = platform_get_irq(pdev, 0); |
4808 |
++ tu->irq = ret = platform_get_irq(pdev, 0); |
4809 |
++ if (ret < 0) |
4810 |
++ return ret; |
4811 |
+ ret = request_threaded_irq(tu->irq, NULL, tahvo_usb_vbus_interrupt, |
4812 |
+ IRQF_ONESHOT, |
4813 |
+ "tahvo-vbus", tu); |
4814 |
+diff --git a/drivers/usb/phy/phy-twl6030-usb.c b/drivers/usb/phy/phy-twl6030-usb.c |
4815 |
+index dade34d704198..859af6113b450 100644 |
4816 |
+--- a/drivers/usb/phy/phy-twl6030-usb.c |
4817 |
++++ b/drivers/usb/phy/phy-twl6030-usb.c |
4818 |
+@@ -342,6 +342,11 @@ static int twl6030_usb_probe(struct platform_device *pdev) |
4819 |
+ twl->irq2 = platform_get_irq(pdev, 1); |
4820 |
+ twl->linkstat = MUSB_UNKNOWN; |
4821 |
+ |
4822 |
++ if (twl->irq1 < 0) |
4823 |
++ return twl->irq1; |
4824 |
++ if (twl->irq2 < 0) |
4825 |
++ return twl->irq2; |
4826 |
++ |
4827 |
+ twl->comparator.set_vbus = twl6030_set_vbus; |
4828 |
+ twl->comparator.start_srp = twl6030_start_srp; |
4829 |
+ |
4830 |
+diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c |
4831 |
+index 1e3ee2bfbcd03..d0c8d3800254d 100644 |
4832 |
+--- a/drivers/usb/serial/mos7720.c |
4833 |
++++ b/drivers/usb/serial/mos7720.c |
4834 |
+@@ -226,8 +226,10 @@ static int read_mos_reg(struct usb_serial *serial, unsigned int serial_portnum, |
4835 |
+ int status; |
4836 |
+ |
4837 |
+ buf = kmalloc(1, GFP_KERNEL); |
4838 |
+- if (!buf) |
4839 |
++ if (!buf) { |
4840 |
++ *data = 0; |
4841 |
+ return -ENOMEM; |
4842 |
++ } |
4843 |
+ |
4844 |
+ status = usb_control_msg(usbdev, pipe, request, requesttype, value, |
4845 |
+ index, buf, 1, MOS_WDR_TIMEOUT); |
4846 |
+diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c |
4847 |
+index b13ed5a7618d8..202dc76f7beb9 100644 |
4848 |
+--- a/drivers/usb/usbip/vhci_hcd.c |
4849 |
++++ b/drivers/usb/usbip/vhci_hcd.c |
4850 |
+@@ -455,8 +455,14 @@ static int vhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, |
4851 |
+ vhci_hcd->port_status[rhport] &= ~(1 << USB_PORT_FEAT_RESET); |
4852 |
+ vhci_hcd->re_timeout = 0; |
4853 |
+ |
4854 |
++ /* |
4855 |
++ * A few drivers do usb reset during probe when |
4856 |
++ * the device could be in VDEV_ST_USED state |
4857 |
++ */ |
4858 |
+ if (vhci_hcd->vdev[rhport].ud.status == |
4859 |
+- VDEV_ST_NOTASSIGNED) { |
4860 |
++ VDEV_ST_NOTASSIGNED || |
4861 |
++ vhci_hcd->vdev[rhport].ud.status == |
4862 |
++ VDEV_ST_USED) { |
4863 |
+ usbip_dbg_vhci_rh( |
4864 |
+ " enable rhport %d (status %u)\n", |
4865 |
+ rhport, |
4866 |
+@@ -957,8 +963,32 @@ static void vhci_device_unlink_cleanup(struct vhci_device *vdev) |
4867 |
+ spin_lock(&vdev->priv_lock); |
4868 |
+ |
4869 |
+ list_for_each_entry_safe(unlink, tmp, &vdev->unlink_tx, list) { |
4870 |
++ struct urb *urb; |
4871 |
++ |
4872 |
++ /* give back urb of unsent unlink request */ |
4873 |
+ pr_info("unlink cleanup tx %lu\n", unlink->unlink_seqnum); |
4874 |
++ |
4875 |
++ urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum); |
4876 |
++ if (!urb) { |
4877 |
++ list_del(&unlink->list); |
4878 |
++ kfree(unlink); |
4879 |
++ continue; |
4880 |
++ } |
4881 |
++ |
4882 |
++ urb->status = -ENODEV; |
4883 |
++ |
4884 |
++ usb_hcd_unlink_urb_from_ep(hcd, urb); |
4885 |
++ |
4886 |
+ list_del(&unlink->list); |
4887 |
++ |
4888 |
++ spin_unlock(&vdev->priv_lock); |
4889 |
++ spin_unlock_irqrestore(&vhci->lock, flags); |
4890 |
++ |
4891 |
++ usb_hcd_giveback_urb(hcd, urb, urb->status); |
4892 |
++ |
4893 |
++ spin_lock_irqsave(&vhci->lock, flags); |
4894 |
++ spin_lock(&vdev->priv_lock); |
4895 |
++ |
4896 |
+ kfree(unlink); |
4897 |
+ } |
4898 |
+ |
4899 |
+diff --git a/drivers/vfio/Kconfig b/drivers/vfio/Kconfig |
4900 |
+index c84333eb5eb59..b7765271d0fb6 100644 |
4901 |
+--- a/drivers/vfio/Kconfig |
4902 |
++++ b/drivers/vfio/Kconfig |
4903 |
+@@ -29,7 +29,7 @@ menuconfig VFIO |
4904 |
+ |
4905 |
+ If you don't know what to do here, say N. |
4906 |
+ |
4907 |
+-menuconfig VFIO_NOIOMMU |
4908 |
++config VFIO_NOIOMMU |
4909 |
+ bool "VFIO No-IOMMU support" |
4910 |
+ depends on VFIO |
4911 |
+ help |
4912 |
+diff --git a/drivers/video/backlight/pwm_bl.c b/drivers/video/backlight/pwm_bl.c |
4913 |
+index 3a3098d4873be..6a8dd2f16b780 100644 |
4914 |
+--- a/drivers/video/backlight/pwm_bl.c |
4915 |
++++ b/drivers/video/backlight/pwm_bl.c |
4916 |
+@@ -400,6 +400,33 @@ int pwm_backlight_brightness_default(struct device *dev, |
4917 |
+ static int pwm_backlight_initial_power_state(const struct pwm_bl_data *pb) |
4918 |
+ { |
4919 |
+ struct device_node *node = pb->dev->of_node; |
4920 |
++ bool active = true; |
4921 |
++ |
4922 |
++ /* |
4923 |
++ * If the enable GPIO is present, observable (either as input |
4924 |
++ * or output) and off then the backlight is not currently active. |
4925 |
++ * */ |
4926 |
++ if (pb->enable_gpio && gpiod_get_value_cansleep(pb->enable_gpio) == 0) |
4927 |
++ active = false; |
4928 |
++ |
4929 |
++ if (!regulator_is_enabled(pb->power_supply)) |
4930 |
++ active = false; |
4931 |
++ |
4932 |
++ if (!pwm_is_enabled(pb->pwm)) |
4933 |
++ active = false; |
4934 |
++ |
4935 |
++ /* |
4936 |
++ * Synchronize the enable_gpio with the observed state of the |
4937 |
++ * hardware. |
4938 |
++ */ |
4939 |
++ if (pb->enable_gpio) |
4940 |
++ gpiod_direction_output(pb->enable_gpio, active); |
4941 |
++ |
4942 |
++ /* |
4943 |
++ * Do not change pb->enabled here! pb->enabled essentially |
4944 |
++ * tells us if we own one of the regulator's use counts and |
4945 |
++ * right now we do not. |
4946 |
++ */ |
4947 |
+ |
4948 |
+ /* Not booted with device tree or no phandle link to the node */ |
4949 |
+ if (!node || !node->phandle) |
4950 |
+@@ -411,20 +438,7 @@ static int pwm_backlight_initial_power_state(const struct pwm_bl_data *pb) |
4951 |
+ * assume that another driver will enable the backlight at the |
4952 |
+ * appropriate time. Therefore, if it is disabled, keep it so. |
4953 |
+ */ |
4954 |
+- |
4955 |
+- /* if the enable GPIO is disabled, do not enable the backlight */ |
4956 |
+- if (pb->enable_gpio && gpiod_get_value_cansleep(pb->enable_gpio) == 0) |
4957 |
+- return FB_BLANK_POWERDOWN; |
4958 |
+- |
4959 |
+- /* The regulator is disabled, do not enable the backlight */ |
4960 |
+- if (!regulator_is_enabled(pb->power_supply)) |
4961 |
+- return FB_BLANK_POWERDOWN; |
4962 |
+- |
4963 |
+- /* The PWM is disabled, keep it like this */ |
4964 |
+- if (!pwm_is_enabled(pb->pwm)) |
4965 |
+- return FB_BLANK_POWERDOWN; |
4966 |
+- |
4967 |
+- return FB_BLANK_UNBLANK; |
4968 |
++ return active ? FB_BLANK_UNBLANK: FB_BLANK_POWERDOWN; |
4969 |
+ } |
4970 |
+ |
4971 |
+ static int pwm_backlight_probe(struct platform_device *pdev) |
4972 |
+@@ -494,18 +508,6 @@ static int pwm_backlight_probe(struct platform_device *pdev) |
4973 |
+ pb->enable_gpio = gpio_to_desc(data->enable_gpio); |
4974 |
+ } |
4975 |
+ |
4976 |
+- /* |
4977 |
+- * If the GPIO is not known to be already configured as output, that |
4978 |
+- * is, if gpiod_get_direction returns either 1 or -EINVAL, change the |
4979 |
+- * direction to output and set the GPIO as active. |
4980 |
+- * Do not force the GPIO to active when it was already output as it |
4981 |
+- * could cause backlight flickering or we would enable the backlight too |
4982 |
+- * early. Leave the decision of the initial backlight state for later. |
4983 |
+- */ |
4984 |
+- if (pb->enable_gpio && |
4985 |
+- gpiod_get_direction(pb->enable_gpio) != 0) |
4986 |
+- gpiod_direction_output(pb->enable_gpio, 1); |
4987 |
+- |
4988 |
+ pb->power_supply = devm_regulator_get(&pdev->dev, "power"); |
4989 |
+ if (IS_ERR(pb->power_supply)) { |
4990 |
+ ret = PTR_ERR(pb->power_supply); |
4991 |
+diff --git a/drivers/video/fbdev/asiliantfb.c b/drivers/video/fbdev/asiliantfb.c |
4992 |
+index ea31054a28ca8..c1d6e63362259 100644 |
4993 |
+--- a/drivers/video/fbdev/asiliantfb.c |
4994 |
++++ b/drivers/video/fbdev/asiliantfb.c |
4995 |
+@@ -227,6 +227,9 @@ static int asiliantfb_check_var(struct fb_var_screeninfo *var, |
4996 |
+ { |
4997 |
+ unsigned long Ftarget, ratio, remainder; |
4998 |
+ |
4999 |
++ if (!var->pixclock) |
5000 |
++ return -EINVAL; |
5001 |
++ |
5002 |
+ ratio = 1000000 / var->pixclock; |
5003 |
+ remainder = 1000000 % var->pixclock; |
5004 |
+ Ftarget = 1000000 * ratio + (1000000 * remainder) / var->pixclock; |
5005 |
+diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c |
5006 |
+index de04c097d67c7..2297dfb494d6a 100644 |
5007 |
+--- a/drivers/video/fbdev/core/fbmem.c |
5008 |
++++ b/drivers/video/fbdev/core/fbmem.c |
5009 |
+@@ -971,6 +971,7 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) |
5010 |
+ if ((var->activate & FB_ACTIVATE_FORCE) || |
5011 |
+ memcmp(&info->var, var, sizeof(struct fb_var_screeninfo))) { |
5012 |
+ u32 activate = var->activate; |
5013 |
++ u32 unused; |
5014 |
+ |
5015 |
+ /* When using FOURCC mode, make sure the red, green, blue and |
5016 |
+ * transp fields are set to 0. |
5017 |
+@@ -995,6 +996,11 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) |
5018 |
+ if (var->xres < 8 || var->yres < 8) |
5019 |
+ return -EINVAL; |
5020 |
+ |
5021 |
++ /* Too huge resolution causes multiplication overflow. */ |
5022 |
++ if (check_mul_overflow(var->xres, var->yres, &unused) || |
5023 |
++ check_mul_overflow(var->xres_virtual, var->yres_virtual, &unused)) |
5024 |
++ return -EINVAL; |
5025 |
++ |
5026 |
+ ret = info->fbops->fb_check_var(var, info); |
5027 |
+ |
5028 |
+ if (ret) |
5029 |
+diff --git a/drivers/video/fbdev/kyro/fbdev.c b/drivers/video/fbdev/kyro/fbdev.c |
5030 |
+index a7bd9f25911b5..74bf26b527b91 100644 |
5031 |
+--- a/drivers/video/fbdev/kyro/fbdev.c |
5032 |
++++ b/drivers/video/fbdev/kyro/fbdev.c |
5033 |
+@@ -372,6 +372,11 @@ static int kyro_dev_overlay_viewport_set(u32 x, u32 y, u32 ulWidth, u32 ulHeight |
5034 |
+ /* probably haven't called CreateOverlay yet */ |
5035 |
+ return -EINVAL; |
5036 |
+ |
5037 |
++ if (ulWidth == 0 || ulWidth == 0xffffffff || |
5038 |
++ ulHeight == 0 || ulHeight == 0xffffffff || |
5039 |
++ (x < 2 && ulWidth + 2 == 0)) |
5040 |
++ return -EINVAL; |
5041 |
++ |
5042 |
+ /* Stop Ramdac Output */ |
5043 |
+ DisableRamdacOutput(deviceInfo.pSTGReg); |
5044 |
+ |
5045 |
+@@ -394,6 +399,9 @@ static int kyrofb_check_var(struct fb_var_screeninfo *var, struct fb_info *info) |
5046 |
+ { |
5047 |
+ struct kyrofb_info *par = info->par; |
5048 |
+ |
5049 |
++ if (!var->pixclock) |
5050 |
++ return -EINVAL; |
5051 |
++ |
5052 |
+ if (var->bits_per_pixel != 16 && var->bits_per_pixel != 32) { |
5053 |
+ printk(KERN_WARNING "kyrofb: depth not supported: %u\n", var->bits_per_pixel); |
5054 |
+ return -EINVAL; |
5055 |
+diff --git a/drivers/video/fbdev/riva/fbdev.c b/drivers/video/fbdev/riva/fbdev.c |
5056 |
+index cc242ba057d3e..dfa81b641f9fe 100644 |
5057 |
+--- a/drivers/video/fbdev/riva/fbdev.c |
5058 |
++++ b/drivers/video/fbdev/riva/fbdev.c |
5059 |
+@@ -1088,6 +1088,9 @@ static int rivafb_check_var(struct fb_var_screeninfo *var, struct fb_info *info) |
5060 |
+ int mode_valid = 0; |
5061 |
+ |
5062 |
+ NVTRACE_ENTER(); |
5063 |
++ if (!var->pixclock) |
5064 |
++ return -EINVAL; |
5065 |
++ |
5066 |
+ switch (var->bits_per_pixel) { |
5067 |
+ case 1 ... 8: |
5068 |
+ var->red.offset = var->green.offset = var->blue.offset = 0; |
5069 |
+diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
5070 |
+index 6f02a3f77fa83..f314b2c2d1487 100644 |
5071 |
+--- a/fs/btrfs/inode.c |
5072 |
++++ b/fs/btrfs/inode.c |
5073 |
+@@ -530,7 +530,7 @@ again: |
5074 |
+ * inode has not been flagged as nocompress. This flag can |
5075 |
+ * change at any time if we discover bad compression ratios. |
5076 |
+ */ |
5077 |
+- if (nr_pages > 1 && inode_need_compress(inode, start, end)) { |
5078 |
++ if (inode_need_compress(inode, start, end)) { |
5079 |
+ WARN_ON(pages); |
5080 |
+ pages = kcalloc(nr_pages, sizeof(struct page *), GFP_NOFS); |
5081 |
+ if (!pages) { |
5082 |
+diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c |
5083 |
+index 5a19f5ee70386..6cb4896256106 100644 |
5084 |
+--- a/fs/btrfs/volumes.c |
5085 |
++++ b/fs/btrfs/volumes.c |
5086 |
+@@ -1048,6 +1048,9 @@ static void btrfs_close_one_device(struct btrfs_device *device) |
5087 |
+ fs_devices->rw_devices--; |
5088 |
+ } |
5089 |
+ |
5090 |
++ if (device->devid == BTRFS_DEV_REPLACE_DEVID) |
5091 |
++ clear_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state); |
5092 |
++ |
5093 |
+ if (test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state)) |
5094 |
+ fs_devices->missing_devices--; |
5095 |
+ |
5096 |
+diff --git a/fs/cifs/cifs_unicode.c b/fs/cifs/cifs_unicode.c |
5097 |
+index 9986817532b10..7932e20555d2b 100644 |
5098 |
+--- a/fs/cifs/cifs_unicode.c |
5099 |
++++ b/fs/cifs/cifs_unicode.c |
5100 |
+@@ -371,14 +371,9 @@ cifs_strndup_from_utf16(const char *src, const int maxlen, |
5101 |
+ if (!dst) |
5102 |
+ return NULL; |
5103 |
+ cifs_from_utf16(dst, (__le16 *) src, len, maxlen, codepage, |
5104 |
+- NO_MAP_UNI_RSVD); |
5105 |
++ NO_MAP_UNI_RSVD); |
5106 |
+ } else { |
5107 |
+- len = strnlen(src, maxlen); |
5108 |
+- len++; |
5109 |
+- dst = kmalloc(len, GFP_KERNEL); |
5110 |
+- if (!dst) |
5111 |
+- return NULL; |
5112 |
+- strlcpy(dst, src, len); |
5113 |
++ dst = kstrndup(src, maxlen, GFP_KERNEL); |
5114 |
+ } |
5115 |
+ |
5116 |
+ return dst; |
5117 |
+diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c |
5118 |
+index aa23c00367ec4..0113dba28eb09 100644 |
5119 |
+--- a/fs/cifs/sess.c |
5120 |
++++ b/fs/cifs/sess.c |
5121 |
+@@ -602,7 +602,7 @@ sess_alloc_buffer(struct sess_data *sess_data, int wct) |
5122 |
+ return 0; |
5123 |
+ |
5124 |
+ out_free_smb_buf: |
5125 |
+- kfree(smb_buf); |
5126 |
++ cifs_small_buf_release(smb_buf); |
5127 |
+ sess_data->iov[0].iov_base = NULL; |
5128 |
+ sess_data->iov[0].iov_len = 0; |
5129 |
+ sess_data->buf0_type = CIFS_NO_BUFFER; |
5130 |
+diff --git a/fs/crypto/hooks.c b/fs/crypto/hooks.c |
5131 |
+index aa86cb2db8236..ae7a413c0bdde 100644 |
5132 |
+--- a/fs/crypto/hooks.c |
5133 |
++++ b/fs/crypto/hooks.c |
5134 |
+@@ -279,3 +279,47 @@ err_kfree: |
5135 |
+ return ERR_PTR(err); |
5136 |
+ } |
5137 |
+ EXPORT_SYMBOL_GPL(fscrypt_get_symlink); |
5138 |
++ |
5139 |
++/** |
5140 |
++ * fscrypt_symlink_getattr() - set the correct st_size for encrypted symlinks |
5141 |
++ * @path: the path for the encrypted symlink being queried |
5142 |
++ * @stat: the struct being filled with the symlink's attributes |
5143 |
++ * |
5144 |
++ * Override st_size of encrypted symlinks to be the length of the decrypted |
5145 |
++ * symlink target (or the no-key encoded symlink target, if the key is |
5146 |
++ * unavailable) rather than the length of the encrypted symlink target. This is |
5147 |
++ * necessary for st_size to match the symlink target that userspace actually |
5148 |
++ * sees. POSIX requires this, and some userspace programs depend on it. |
5149 |
++ * |
5150 |
++ * This requires reading the symlink target from disk if needed, setting up the |
5151 |
++ * inode's encryption key if possible, and then decrypting or encoding the |
5152 |
++ * symlink target. This makes lstat() more heavyweight than is normally the |
5153 |
++ * case. However, decrypted symlink targets will be cached in ->i_link, so |
5154 |
++ * usually the symlink won't have to be read and decrypted again later if/when |
5155 |
++ * it is actually followed, readlink() is called, or lstat() is called again. |
5156 |
++ * |
5157 |
++ * Return: 0 on success, -errno on failure |
5158 |
++ */ |
5159 |
++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat) |
5160 |
++{ |
5161 |
++ struct dentry *dentry = path->dentry; |
5162 |
++ struct inode *inode = d_inode(dentry); |
5163 |
++ const char *link; |
5164 |
++ DEFINE_DELAYED_CALL(done); |
5165 |
++ |
5166 |
++ /* |
5167 |
++ * To get the symlink target that userspace will see (whether it's the |
5168 |
++ * decrypted target or the no-key encoded target), we can just get it in |
5169 |
++ * the same way the VFS does during path resolution and readlink(). |
5170 |
++ */ |
5171 |
++ link = READ_ONCE(inode->i_link); |
5172 |
++ if (!link) { |
5173 |
++ link = inode->i_op->get_link(dentry, inode, &done); |
5174 |
++ if (IS_ERR(link)) |
5175 |
++ return PTR_ERR(link); |
5176 |
++ } |
5177 |
++ stat->size = strlen(link); |
5178 |
++ do_delayed_call(&done); |
5179 |
++ return 0; |
5180 |
++} |
5181 |
++EXPORT_SYMBOL_GPL(fscrypt_symlink_getattr); |
5182 |
+diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
5183 |
+index c952461876595..c64e4a1be2f29 100644 |
5184 |
+--- a/fs/ext4/inline.c |
5185 |
++++ b/fs/ext4/inline.c |
5186 |
+@@ -750,6 +750,12 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, |
5187 |
+ ext4_write_lock_xattr(inode, &no_expand); |
5188 |
+ BUG_ON(!ext4_has_inline_data(inode)); |
5189 |
+ |
5190 |
++ /* |
5191 |
++ * ei->i_inline_off may have changed since ext4_write_begin() |
5192 |
++ * called ext4_try_to_write_inline_data() |
5193 |
++ */ |
5194 |
++ (void) ext4_find_inline_data_nolock(inode); |
5195 |
++ |
5196 |
+ kaddr = kmap_atomic(page); |
5197 |
+ ext4_write_inline_data(inode, &iloc, kaddr, pos, len); |
5198 |
+ kunmap_atomic(kaddr); |
5199 |
+diff --git a/fs/ext4/symlink.c b/fs/ext4/symlink.c |
5200 |
+index dd05af983092d..a9457fed351ed 100644 |
5201 |
+--- a/fs/ext4/symlink.c |
5202 |
++++ b/fs/ext4/symlink.c |
5203 |
+@@ -52,10 +52,19 @@ static const char *ext4_encrypted_get_link(struct dentry *dentry, |
5204 |
+ return paddr; |
5205 |
+ } |
5206 |
+ |
5207 |
++static int ext4_encrypted_symlink_getattr(const struct path *path, |
5208 |
++ struct kstat *stat, u32 request_mask, |
5209 |
++ unsigned int query_flags) |
5210 |
++{ |
5211 |
++ ext4_getattr(path, stat, request_mask, query_flags); |
5212 |
++ |
5213 |
++ return fscrypt_symlink_getattr(path, stat); |
5214 |
++} |
5215 |
++ |
5216 |
+ const struct inode_operations ext4_encrypted_symlink_inode_operations = { |
5217 |
+ .get_link = ext4_encrypted_get_link, |
5218 |
+ .setattr = ext4_setattr, |
5219 |
+- .getattr = ext4_getattr, |
5220 |
++ .getattr = ext4_encrypted_symlink_getattr, |
5221 |
+ .listxattr = ext4_listxattr, |
5222 |
+ }; |
5223 |
+ |
5224 |
+diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c |
5225 |
+index 95330dfdbb1af..2a7249496c57e 100644 |
5226 |
+--- a/fs/f2fs/file.c |
5227 |
++++ b/fs/f2fs/file.c |
5228 |
+@@ -957,7 +957,6 @@ static int punch_hole(struct inode *inode, loff_t offset, loff_t len) |
5229 |
+ } |
5230 |
+ |
5231 |
+ if (pg_start < pg_end) { |
5232 |
+- struct address_space *mapping = inode->i_mapping; |
5233 |
+ loff_t blk_start, blk_end; |
5234 |
+ struct f2fs_sb_info *sbi = F2FS_I_SB(inode); |
5235 |
+ |
5236 |
+@@ -969,8 +968,7 @@ static int punch_hole(struct inode *inode, loff_t offset, loff_t len) |
5237 |
+ down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); |
5238 |
+ down_write(&F2FS_I(inode)->i_mmap_sem); |
5239 |
+ |
5240 |
+- truncate_inode_pages_range(mapping, blk_start, |
5241 |
+- blk_end - 1); |
5242 |
++ truncate_pagecache_range(inode, blk_start, blk_end - 1); |
5243 |
+ |
5244 |
+ f2fs_lock_op(sbi); |
5245 |
+ ret = f2fs_truncate_hole(inode, pg_start, pg_end); |
5246 |
+diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c |
5247 |
+index 700c39ec99f5a..38299ccfdf6ef 100644 |
5248 |
+--- a/fs/f2fs/gc.c |
5249 |
++++ b/fs/f2fs/gc.c |
5250 |
+@@ -998,8 +998,10 @@ next_step: |
5251 |
+ bool locked = false; |
5252 |
+ |
5253 |
+ if (S_ISREG(inode->i_mode)) { |
5254 |
+- if (!down_write_trylock(&fi->i_gc_rwsem[READ])) |
5255 |
++ if (!down_write_trylock(&fi->i_gc_rwsem[READ])) { |
5256 |
++ sbi->skipped_gc_rwsem++; |
5257 |
+ continue; |
5258 |
++ } |
5259 |
+ if (!down_write_trylock( |
5260 |
+ &fi->i_gc_rwsem[WRITE])) { |
5261 |
+ sbi->skipped_gc_rwsem++; |
5262 |
+diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c |
5263 |
+index e20a0f9e68455..edc80855974ac 100644 |
5264 |
+--- a/fs/f2fs/namei.c |
5265 |
++++ b/fs/f2fs/namei.c |
5266 |
+@@ -1219,9 +1219,18 @@ static const char *f2fs_encrypted_get_link(struct dentry *dentry, |
5267 |
+ return target; |
5268 |
+ } |
5269 |
+ |
5270 |
++static int f2fs_encrypted_symlink_getattr(const struct path *path, |
5271 |
++ struct kstat *stat, u32 request_mask, |
5272 |
++ unsigned int query_flags) |
5273 |
++{ |
5274 |
++ f2fs_getattr(path, stat, request_mask, query_flags); |
5275 |
++ |
5276 |
++ return fscrypt_symlink_getattr(path, stat); |
5277 |
++} |
5278 |
++ |
5279 |
+ const struct inode_operations f2fs_encrypted_symlink_inode_operations = { |
5280 |
+ .get_link = f2fs_encrypted_get_link, |
5281 |
+- .getattr = f2fs_getattr, |
5282 |
++ .getattr = f2fs_encrypted_symlink_getattr, |
5283 |
+ .setattr = f2fs_setattr, |
5284 |
+ #ifdef CONFIG_F2FS_FS_XATTR |
5285 |
+ .listxattr = f2fs_listxattr, |
5286 |
+diff --git a/fs/fcntl.c b/fs/fcntl.c |
5287 |
+index e039af1872ab2..dffb5245ae728 100644 |
5288 |
+--- a/fs/fcntl.c |
5289 |
++++ b/fs/fcntl.c |
5290 |
+@@ -993,13 +993,14 @@ static void kill_fasync_rcu(struct fasync_struct *fa, int sig, int band) |
5291 |
+ { |
5292 |
+ while (fa) { |
5293 |
+ struct fown_struct *fown; |
5294 |
++ unsigned long flags; |
5295 |
+ |
5296 |
+ if (fa->magic != FASYNC_MAGIC) { |
5297 |
+ printk(KERN_ERR "kill_fasync: bad magic number in " |
5298 |
+ "fasync_struct!\n"); |
5299 |
+ return; |
5300 |
+ } |
5301 |
+- read_lock(&fa->fa_lock); |
5302 |
++ read_lock_irqsave(&fa->fa_lock, flags); |
5303 |
+ if (fa->fa_file) { |
5304 |
+ fown = &fa->fa_file->f_owner; |
5305 |
+ /* Don't send SIGURG to processes which have not set a |
5306 |
+@@ -1008,7 +1009,7 @@ static void kill_fasync_rcu(struct fasync_struct *fa, int sig, int band) |
5307 |
+ if (!(sig == SIGURG && fown->signum == 0)) |
5308 |
+ send_sigio(fown, fa->fa_fd, band); |
5309 |
+ } |
5310 |
+- read_unlock(&fa->fa_lock); |
5311 |
++ read_unlock_irqrestore(&fa->fa_lock, flags); |
5312 |
+ fa = rcu_dereference(fa->fa_next); |
5313 |
+ } |
5314 |
+ } |
5315 |
+diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c |
5316 |
+index c550512ce3350..2ff05adfc22a4 100644 |
5317 |
+--- a/fs/fscache/cookie.c |
5318 |
++++ b/fs/fscache/cookie.c |
5319 |
+@@ -78,10 +78,8 @@ void fscache_free_cookie(struct fscache_cookie *cookie) |
5320 |
+ static int fscache_set_key(struct fscache_cookie *cookie, |
5321 |
+ const void *index_key, size_t index_key_len) |
5322 |
+ { |
5323 |
+- unsigned long long h; |
5324 |
+ u32 *buf; |
5325 |
+ int bufs; |
5326 |
+- int i; |
5327 |
+ |
5328 |
+ bufs = DIV_ROUND_UP(index_key_len, sizeof(*buf)); |
5329 |
+ |
5330 |
+@@ -95,17 +93,7 @@ static int fscache_set_key(struct fscache_cookie *cookie, |
5331 |
+ } |
5332 |
+ |
5333 |
+ memcpy(buf, index_key, index_key_len); |
5334 |
+- |
5335 |
+- /* Calculate a hash and combine this with the length in the first word |
5336 |
+- * or first half word |
5337 |
+- */ |
5338 |
+- h = (unsigned long)cookie->parent; |
5339 |
+- h += index_key_len + cookie->type; |
5340 |
+- |
5341 |
+- for (i = 0; i < bufs; i++) |
5342 |
+- h += buf[i]; |
5343 |
+- |
5344 |
+- cookie->key_hash = h ^ (h >> 32); |
5345 |
++ cookie->key_hash = fscache_hash(0, buf, bufs); |
5346 |
+ return 0; |
5347 |
+ } |
5348 |
+ |
5349 |
+diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h |
5350 |
+index d6209022e9658..cc87288a5448c 100644 |
5351 |
+--- a/fs/fscache/internal.h |
5352 |
++++ b/fs/fscache/internal.h |
5353 |
+@@ -101,6 +101,8 @@ extern struct workqueue_struct *fscache_object_wq; |
5354 |
+ extern struct workqueue_struct *fscache_op_wq; |
5355 |
+ DECLARE_PER_CPU(wait_queue_head_t, fscache_object_cong_wait); |
5356 |
+ |
5357 |
++extern unsigned int fscache_hash(unsigned int salt, unsigned int *data, unsigned int n); |
5358 |
++ |
5359 |
+ static inline bool fscache_object_congested(void) |
5360 |
+ { |
5361 |
+ return workqueue_congested(WORK_CPU_UNBOUND, fscache_object_wq); |
5362 |
+diff --git a/fs/fscache/main.c b/fs/fscache/main.c |
5363 |
+index 30ad89db1efcc..aa49234e9520a 100644 |
5364 |
+--- a/fs/fscache/main.c |
5365 |
++++ b/fs/fscache/main.c |
5366 |
+@@ -98,6 +98,45 @@ static struct ctl_table fscache_sysctls_root[] = { |
5367 |
+ }; |
5368 |
+ #endif |
5369 |
+ |
5370 |
++/* |
5371 |
++ * Mixing scores (in bits) for (7,20): |
5372 |
++ * Input delta: 1-bit 2-bit |
5373 |
++ * 1 round: 330.3 9201.6 |
5374 |
++ * 2 rounds: 1246.4 25475.4 |
5375 |
++ * 3 rounds: 1907.1 31295.1 |
5376 |
++ * 4 rounds: 2042.3 31718.6 |
5377 |
++ * Perfect: 2048 31744 |
5378 |
++ * (32*64) (32*31/2 * 64) |
5379 |
++ */ |
5380 |
++#define HASH_MIX(x, y, a) \ |
5381 |
++ ( x ^= (a), \ |
5382 |
++ y ^= x, x = rol32(x, 7),\ |
5383 |
++ x += y, y = rol32(y,20),\ |
5384 |
++ y *= 9 ) |
5385 |
++ |
5386 |
++static inline unsigned int fold_hash(unsigned long x, unsigned long y) |
5387 |
++{ |
5388 |
++ /* Use arch-optimized multiply if one exists */ |
5389 |
++ return __hash_32(y ^ __hash_32(x)); |
5390 |
++} |
5391 |
++ |
5392 |
++/* |
5393 |
++ * Generate a hash. This is derived from full_name_hash(), but we want to be |
5394 |
++ * sure it is arch independent and that it doesn't change as bits of the |
5395 |
++ * computed hash value might appear on disk. The caller also guarantees that |
5396 |
++ * the hashed data will be a series of aligned 32-bit words. |
5397 |
++ */ |
5398 |
++unsigned int fscache_hash(unsigned int salt, unsigned int *data, unsigned int n) |
5399 |
++{ |
5400 |
++ unsigned int a, x = 0, y = salt; |
5401 |
++ |
5402 |
++ for (; n; n--) { |
5403 |
++ a = *data++; |
5404 |
++ HASH_MIX(x, y, a); |
5405 |
++ } |
5406 |
++ return fold_hash(x, y); |
5407 |
++} |
5408 |
++ |
5409 |
+ /* |
5410 |
+ * initialise the fs caching module |
5411 |
+ */ |
5412 |
+diff --git a/fs/gfs2/lock_dlm.c b/fs/gfs2/lock_dlm.c |
5413 |
+index 56dddc1f8dddc..9e90e42c495ed 100644 |
5414 |
+--- a/fs/gfs2/lock_dlm.c |
5415 |
++++ b/fs/gfs2/lock_dlm.c |
5416 |
+@@ -295,6 +295,11 @@ static void gdlm_put_lock(struct gfs2_glock *gl) |
5417 |
+ gfs2_sbstats_inc(gl, GFS2_LKS_DCOUNT); |
5418 |
+ gfs2_update_request_times(gl); |
5419 |
+ |
5420 |
++ /* don't want to call dlm if we've unmounted the lock protocol */ |
5421 |
++ if (test_bit(DFL_UNMOUNT, &ls->ls_recover_flags)) { |
5422 |
++ gfs2_glock_free(gl); |
5423 |
++ return; |
5424 |
++ } |
5425 |
+ /* don't want to skip dlm_unlock writing the lvb when lock has one */ |
5426 |
+ |
5427 |
+ if (test_bit(SDF_SKIP_DLM_UNLOCK, &sdp->sd_flags) && |
5428 |
+diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c |
5429 |
+index 488a9e7f8f660..2355ad62b81fa 100644 |
5430 |
+--- a/fs/isofs/inode.c |
5431 |
++++ b/fs/isofs/inode.c |
5432 |
+@@ -157,7 +157,6 @@ struct iso9660_options{ |
5433 |
+ unsigned int overriderockperm:1; |
5434 |
+ unsigned int uid_set:1; |
5435 |
+ unsigned int gid_set:1; |
5436 |
+- unsigned int utf8:1; |
5437 |
+ unsigned char map; |
5438 |
+ unsigned char check; |
5439 |
+ unsigned int blocksize; |
5440 |
+@@ -357,7 +356,6 @@ static int parse_options(char *options, struct iso9660_options *popt) |
5441 |
+ popt->gid = GLOBAL_ROOT_GID; |
5442 |
+ popt->uid = GLOBAL_ROOT_UID; |
5443 |
+ popt->iocharset = NULL; |
5444 |
+- popt->utf8 = 0; |
5445 |
+ popt->overriderockperm = 0; |
5446 |
+ popt->session=-1; |
5447 |
+ popt->sbsector=-1; |
5448 |
+@@ -390,10 +388,13 @@ static int parse_options(char *options, struct iso9660_options *popt) |
5449 |
+ case Opt_cruft: |
5450 |
+ popt->cruft = 1; |
5451 |
+ break; |
5452 |
++#ifdef CONFIG_JOLIET |
5453 |
+ case Opt_utf8: |
5454 |
+- popt->utf8 = 1; |
5455 |
++ kfree(popt->iocharset); |
5456 |
++ popt->iocharset = kstrdup("utf8", GFP_KERNEL); |
5457 |
++ if (!popt->iocharset) |
5458 |
++ return 0; |
5459 |
+ break; |
5460 |
+-#ifdef CONFIG_JOLIET |
5461 |
+ case Opt_iocharset: |
5462 |
+ kfree(popt->iocharset); |
5463 |
+ popt->iocharset = match_strdup(&args[0]); |
5464 |
+@@ -496,7 +497,6 @@ static int isofs_show_options(struct seq_file *m, struct dentry *root) |
5465 |
+ if (sbi->s_nocompress) seq_puts(m, ",nocompress"); |
5466 |
+ if (sbi->s_overriderockperm) seq_puts(m, ",overriderockperm"); |
5467 |
+ if (sbi->s_showassoc) seq_puts(m, ",showassoc"); |
5468 |
+- if (sbi->s_utf8) seq_puts(m, ",utf8"); |
5469 |
+ |
5470 |
+ if (sbi->s_check) seq_printf(m, ",check=%c", sbi->s_check); |
5471 |
+ if (sbi->s_mapping) seq_printf(m, ",map=%c", sbi->s_mapping); |
5472 |
+@@ -519,9 +519,10 @@ static int isofs_show_options(struct seq_file *m, struct dentry *root) |
5473 |
+ seq_printf(m, ",fmode=%o", sbi->s_fmode); |
5474 |
+ |
5475 |
+ #ifdef CONFIG_JOLIET |
5476 |
+- if (sbi->s_nls_iocharset && |
5477 |
+- strcmp(sbi->s_nls_iocharset->charset, CONFIG_NLS_DEFAULT) != 0) |
5478 |
++ if (sbi->s_nls_iocharset) |
5479 |
+ seq_printf(m, ",iocharset=%s", sbi->s_nls_iocharset->charset); |
5480 |
++ else |
5481 |
++ seq_puts(m, ",iocharset=utf8"); |
5482 |
+ #endif |
5483 |
+ return 0; |
5484 |
+ } |
5485 |
+@@ -865,14 +866,13 @@ root_found: |
5486 |
+ sbi->s_nls_iocharset = NULL; |
5487 |
+ |
5488 |
+ #ifdef CONFIG_JOLIET |
5489 |
+- if (joliet_level && opt.utf8 == 0) { |
5490 |
++ if (joliet_level) { |
5491 |
+ char *p = opt.iocharset ? opt.iocharset : CONFIG_NLS_DEFAULT; |
5492 |
+- sbi->s_nls_iocharset = load_nls(p); |
5493 |
+- if (! sbi->s_nls_iocharset) { |
5494 |
+- /* Fail only if explicit charset specified */ |
5495 |
+- if (opt.iocharset) |
5496 |
++ if (strcmp(p, "utf8") != 0) { |
5497 |
++ sbi->s_nls_iocharset = opt.iocharset ? |
5498 |
++ load_nls(opt.iocharset) : load_nls_default(); |
5499 |
++ if (!sbi->s_nls_iocharset) |
5500 |
+ goto out_freesbi; |
5501 |
+- sbi->s_nls_iocharset = load_nls_default(); |
5502 |
+ } |
5503 |
+ } |
5504 |
+ #endif |
5505 |
+@@ -888,7 +888,6 @@ root_found: |
5506 |
+ sbi->s_gid = opt.gid; |
5507 |
+ sbi->s_uid_set = opt.uid_set; |
5508 |
+ sbi->s_gid_set = opt.gid_set; |
5509 |
+- sbi->s_utf8 = opt.utf8; |
5510 |
+ sbi->s_nocompress = opt.nocompress; |
5511 |
+ sbi->s_overriderockperm = opt.overriderockperm; |
5512 |
+ /* |
5513 |
+diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h |
5514 |
+index 055ec6c586f7f..dcdc191ed1834 100644 |
5515 |
+--- a/fs/isofs/isofs.h |
5516 |
++++ b/fs/isofs/isofs.h |
5517 |
+@@ -44,7 +44,6 @@ struct isofs_sb_info { |
5518 |
+ unsigned char s_session; |
5519 |
+ unsigned int s_high_sierra:1; |
5520 |
+ unsigned int s_rock:2; |
5521 |
+- unsigned int s_utf8:1; |
5522 |
+ unsigned int s_cruft:1; /* Broken disks with high byte of length |
5523 |
+ * containing junk */ |
5524 |
+ unsigned int s_nocompress:1; |
5525 |
+diff --git a/fs/isofs/joliet.c b/fs/isofs/joliet.c |
5526 |
+index be8b6a9d0b926..c0f04a1e7f695 100644 |
5527 |
+--- a/fs/isofs/joliet.c |
5528 |
++++ b/fs/isofs/joliet.c |
5529 |
+@@ -41,14 +41,12 @@ uni16_to_x8(unsigned char *ascii, __be16 *uni, int len, struct nls_table *nls) |
5530 |
+ int |
5531 |
+ get_joliet_filename(struct iso_directory_record * de, unsigned char *outname, struct inode * inode) |
5532 |
+ { |
5533 |
+- unsigned char utf8; |
5534 |
+ struct nls_table *nls; |
5535 |
+ unsigned char len = 0; |
5536 |
+ |
5537 |
+- utf8 = ISOFS_SB(inode->i_sb)->s_utf8; |
5538 |
+ nls = ISOFS_SB(inode->i_sb)->s_nls_iocharset; |
5539 |
+ |
5540 |
+- if (utf8) { |
5541 |
++ if (!nls) { |
5542 |
+ len = utf16s_to_utf8s((const wchar_t *) de->name, |
5543 |
+ de->name_len[0] >> 1, UTF16_BIG_ENDIAN, |
5544 |
+ outname, PAGE_SIZE); |
5545 |
+diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c |
5546 |
+index a87a562734077..57558a8d92e9b 100644 |
5547 |
+--- a/fs/nfs/callback_xdr.c |
5548 |
++++ b/fs/nfs/callback_xdr.c |
5549 |
+@@ -991,7 +991,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp) |
5550 |
+ |
5551 |
+ out_invalidcred: |
5552 |
+ pr_warn_ratelimited("NFS: NFSv4 callback contains invalid cred\n"); |
5553 |
+- return rpc_autherr_badcred; |
5554 |
++ return svc_return_autherr(rqstp, rpc_autherr_badcred); |
5555 |
+ } |
5556 |
+ |
5557 |
+ /* |
5558 |
+diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c |
5559 |
+index 25be2ab6ff6cc..0b4ee1ab25df0 100644 |
5560 |
+--- a/fs/overlayfs/dir.c |
5561 |
++++ b/fs/overlayfs/dir.c |
5562 |
+@@ -517,8 +517,10 @@ static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, |
5563 |
+ goto out_cleanup; |
5564 |
+ } |
5565 |
+ err = ovl_instantiate(dentry, inode, newdentry, hardlink); |
5566 |
+- if (err) |
5567 |
+- goto out_cleanup; |
5568 |
++ if (err) { |
5569 |
++ ovl_cleanup(udir, newdentry); |
5570 |
++ dput(newdentry); |
5571 |
++ } |
5572 |
+ out_dput: |
5573 |
+ dput(upper); |
5574 |
+ out_unlock: |
5575 |
+diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c |
5576 |
+index d7d2fdda4bbd0..3dbb5ac630e42 100644 |
5577 |
+--- a/fs/ubifs/file.c |
5578 |
++++ b/fs/ubifs/file.c |
5579 |
+@@ -1642,6 +1642,16 @@ static const char *ubifs_get_link(struct dentry *dentry, |
5580 |
+ return fscrypt_get_symlink(inode, ui->data, ui->data_len, done); |
5581 |
+ } |
5582 |
+ |
5583 |
++static int ubifs_symlink_getattr(const struct path *path, struct kstat *stat, |
5584 |
++ u32 request_mask, unsigned int query_flags) |
5585 |
++{ |
5586 |
++ ubifs_getattr(path, stat, request_mask, query_flags); |
5587 |
++ |
5588 |
++ if (IS_ENCRYPTED(d_inode(path->dentry))) |
5589 |
++ return fscrypt_symlink_getattr(path, stat); |
5590 |
++ return 0; |
5591 |
++} |
5592 |
++ |
5593 |
+ const struct address_space_operations ubifs_file_address_operations = { |
5594 |
+ .readpage = ubifs_readpage, |
5595 |
+ .writepage = ubifs_writepage, |
5596 |
+@@ -1669,7 +1679,7 @@ const struct inode_operations ubifs_file_inode_operations = { |
5597 |
+ const struct inode_operations ubifs_symlink_inode_operations = { |
5598 |
+ .get_link = ubifs_get_link, |
5599 |
+ .setattr = ubifs_setattr, |
5600 |
+- .getattr = ubifs_getattr, |
5601 |
++ .getattr = ubifs_symlink_getattr, |
5602 |
+ #ifdef CONFIG_UBIFS_FS_XATTR |
5603 |
+ .listxattr = ubifs_listxattr, |
5604 |
+ #endif |
5605 |
+diff --git a/fs/udf/misc.c b/fs/udf/misc.c |
5606 |
+index 401e64cde1be0..853bcff51043f 100644 |
5607 |
+--- a/fs/udf/misc.c |
5608 |
++++ b/fs/udf/misc.c |
5609 |
+@@ -173,13 +173,22 @@ struct genericFormat *udf_get_extendedattr(struct inode *inode, uint32_t type, |
5610 |
+ else |
5611 |
+ offset = le32_to_cpu(eahd->appAttrLocation); |
5612 |
+ |
5613 |
+- while (offset < iinfo->i_lenEAttr) { |
5614 |
++ while (offset + sizeof(*gaf) < iinfo->i_lenEAttr) { |
5615 |
++ uint32_t attrLength; |
5616 |
++ |
5617 |
+ gaf = (struct genericFormat *)&ea[offset]; |
5618 |
++ attrLength = le32_to_cpu(gaf->attrLength); |
5619 |
++ |
5620 |
++ /* Detect undersized elements and buffer overflows */ |
5621 |
++ if ((attrLength < sizeof(*gaf)) || |
5622 |
++ (attrLength > (iinfo->i_lenEAttr - offset))) |
5623 |
++ break; |
5624 |
++ |
5625 |
+ if (le32_to_cpu(gaf->attrType) == type && |
5626 |
+ gaf->attrSubtype == subtype) |
5627 |
+ return gaf; |
5628 |
+ else |
5629 |
+- offset += le32_to_cpu(gaf->attrLength); |
5630 |
++ offset += attrLength; |
5631 |
+ } |
5632 |
+ } |
5633 |
+ |
5634 |
+diff --git a/fs/udf/super.c b/fs/udf/super.c |
5635 |
+index c7f6243f318bb..9c71246e6d602 100644 |
5636 |
+--- a/fs/udf/super.c |
5637 |
++++ b/fs/udf/super.c |
5638 |
+@@ -112,16 +112,10 @@ struct logicalVolIntegrityDescImpUse *udf_sb_lvidiu(struct super_block *sb) |
5639 |
+ return NULL; |
5640 |
+ lvid = (struct logicalVolIntegrityDesc *)UDF_SB(sb)->s_lvid_bh->b_data; |
5641 |
+ partnum = le32_to_cpu(lvid->numOfPartitions); |
5642 |
+- if ((sb->s_blocksize - sizeof(struct logicalVolIntegrityDescImpUse) - |
5643 |
+- offsetof(struct logicalVolIntegrityDesc, impUse)) / |
5644 |
+- (2 * sizeof(uint32_t)) < partnum) { |
5645 |
+- udf_err(sb, "Logical volume integrity descriptor corrupted " |
5646 |
+- "(numOfPartitions = %u)!\n", partnum); |
5647 |
+- return NULL; |
5648 |
+- } |
5649 |
+ /* The offset is to skip freeSpaceTable and sizeTable arrays */ |
5650 |
+ offset = partnum * 2 * sizeof(uint32_t); |
5651 |
+- return (struct logicalVolIntegrityDescImpUse *)&(lvid->impUse[offset]); |
5652 |
++ return (struct logicalVolIntegrityDescImpUse *) |
5653 |
++ (((uint8_t *)(lvid + 1)) + offset); |
5654 |
+ } |
5655 |
+ |
5656 |
+ /* UDF filesystem type */ |
5657 |
+@@ -1529,6 +1523,7 @@ static void udf_load_logicalvolint(struct super_block *sb, struct kernel_extent_ |
5658 |
+ struct udf_sb_info *sbi = UDF_SB(sb); |
5659 |
+ struct logicalVolIntegrityDesc *lvid; |
5660 |
+ int indirections = 0; |
5661 |
++ u32 parts, impuselen; |
5662 |
+ |
5663 |
+ while (++indirections <= UDF_MAX_LVID_NESTING) { |
5664 |
+ final_bh = NULL; |
5665 |
+@@ -1555,15 +1550,27 @@ static void udf_load_logicalvolint(struct super_block *sb, struct kernel_extent_ |
5666 |
+ |
5667 |
+ lvid = (struct logicalVolIntegrityDesc *)final_bh->b_data; |
5668 |
+ if (lvid->nextIntegrityExt.extLength == 0) |
5669 |
+- return; |
5670 |
++ goto check; |
5671 |
+ |
5672 |
+ loc = leea_to_cpu(lvid->nextIntegrityExt); |
5673 |
+ } |
5674 |
+ |
5675 |
+ udf_warn(sb, "Too many LVID indirections (max %u), ignoring.\n", |
5676 |
+ UDF_MAX_LVID_NESTING); |
5677 |
++out_err: |
5678 |
+ brelse(sbi->s_lvid_bh); |
5679 |
+ sbi->s_lvid_bh = NULL; |
5680 |
++ return; |
5681 |
++check: |
5682 |
++ parts = le32_to_cpu(lvid->numOfPartitions); |
5683 |
++ impuselen = le32_to_cpu(lvid->lengthOfImpUse); |
5684 |
++ if (parts >= sb->s_blocksize || impuselen >= sb->s_blocksize || |
5685 |
++ sizeof(struct logicalVolIntegrityDesc) + impuselen + |
5686 |
++ 2 * parts * sizeof(u32) > sb->s_blocksize) { |
5687 |
++ udf_warn(sb, "Corrupted LVID (parts=%u, impuselen=%u), " |
5688 |
++ "ignoring.\n", parts, impuselen); |
5689 |
++ goto out_err; |
5690 |
++ } |
5691 |
+ } |
5692 |
+ |
5693 |
+ /* |
5694 |
+diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c |
5695 |
+index d269d1139f7ff..23c8efc967af2 100644 |
5696 |
+--- a/fs/userfaultfd.c |
5697 |
++++ b/fs/userfaultfd.c |
5698 |
+@@ -32,11 +32,6 @@ |
5699 |
+ |
5700 |
+ static struct kmem_cache *userfaultfd_ctx_cachep __read_mostly; |
5701 |
+ |
5702 |
+-enum userfaultfd_state { |
5703 |
+- UFFD_STATE_WAIT_API, |
5704 |
+- UFFD_STATE_RUNNING, |
5705 |
+-}; |
5706 |
+- |
5707 |
+ /* |
5708 |
+ * Start with fault_pending_wqh and fault_wqh so they're more likely |
5709 |
+ * to be in the same cacheline. |
5710 |
+@@ -68,8 +63,6 @@ struct userfaultfd_ctx { |
5711 |
+ unsigned int flags; |
5712 |
+ /* features requested from the userspace */ |
5713 |
+ unsigned int features; |
5714 |
+- /* state machine */ |
5715 |
+- enum userfaultfd_state state; |
5716 |
+ /* released */ |
5717 |
+ bool released; |
5718 |
+ /* memory mappings are changing because of non-cooperative event */ |
5719 |
+@@ -103,6 +96,14 @@ struct userfaultfd_wake_range { |
5720 |
+ unsigned long len; |
5721 |
+ }; |
5722 |
+ |
5723 |
++/* internal indication that UFFD_API ioctl was successfully executed */ |
5724 |
++#define UFFD_FEATURE_INITIALIZED (1u << 31) |
5725 |
++ |
5726 |
++static bool userfaultfd_is_initialized(struct userfaultfd_ctx *ctx) |
5727 |
++{ |
5728 |
++ return ctx->features & UFFD_FEATURE_INITIALIZED; |
5729 |
++} |
5730 |
++ |
5731 |
+ static int userfaultfd_wake_function(wait_queue_entry_t *wq, unsigned mode, |
5732 |
+ int wake_flags, void *key) |
5733 |
+ { |
5734 |
+@@ -700,7 +701,6 @@ int dup_userfaultfd(struct vm_area_struct *vma, struct list_head *fcs) |
5735 |
+ |
5736 |
+ atomic_set(&ctx->refcount, 1); |
5737 |
+ ctx->flags = octx->flags; |
5738 |
+- ctx->state = UFFD_STATE_RUNNING; |
5739 |
+ ctx->features = octx->features; |
5740 |
+ ctx->released = false; |
5741 |
+ ctx->mmap_changing = false; |
5742 |
+@@ -981,38 +981,33 @@ static __poll_t userfaultfd_poll(struct file *file, poll_table *wait) |
5743 |
+ |
5744 |
+ poll_wait(file, &ctx->fd_wqh, wait); |
5745 |
+ |
5746 |
+- switch (ctx->state) { |
5747 |
+- case UFFD_STATE_WAIT_API: |
5748 |
++ if (!userfaultfd_is_initialized(ctx)) |
5749 |
+ return EPOLLERR; |
5750 |
+- case UFFD_STATE_RUNNING: |
5751 |
+- /* |
5752 |
+- * poll() never guarantees that read won't block. |
5753 |
+- * userfaults can be waken before they're read(). |
5754 |
+- */ |
5755 |
+- if (unlikely(!(file->f_flags & O_NONBLOCK))) |
5756 |
+- return EPOLLERR; |
5757 |
+- /* |
5758 |
+- * lockless access to see if there are pending faults |
5759 |
+- * __pollwait last action is the add_wait_queue but |
5760 |
+- * the spin_unlock would allow the waitqueue_active to |
5761 |
+- * pass above the actual list_add inside |
5762 |
+- * add_wait_queue critical section. So use a full |
5763 |
+- * memory barrier to serialize the list_add write of |
5764 |
+- * add_wait_queue() with the waitqueue_active read |
5765 |
+- * below. |
5766 |
+- */ |
5767 |
+- ret = 0; |
5768 |
+- smp_mb(); |
5769 |
+- if (waitqueue_active(&ctx->fault_pending_wqh)) |
5770 |
+- ret = EPOLLIN; |
5771 |
+- else if (waitqueue_active(&ctx->event_wqh)) |
5772 |
+- ret = EPOLLIN; |
5773 |
+- |
5774 |
+- return ret; |
5775 |
+- default: |
5776 |
+- WARN_ON_ONCE(1); |
5777 |
++ |
5778 |
++ /* |
5779 |
++ * poll() never guarantees that read won't block. |
5780 |
++ * userfaults can be waken before they're read(). |
5781 |
++ */ |
5782 |
++ if (unlikely(!(file->f_flags & O_NONBLOCK))) |
5783 |
+ return EPOLLERR; |
5784 |
+- } |
5785 |
++ /* |
5786 |
++ * lockless access to see if there are pending faults |
5787 |
++ * __pollwait last action is the add_wait_queue but |
5788 |
++ * the spin_unlock would allow the waitqueue_active to |
5789 |
++ * pass above the actual list_add inside |
5790 |
++ * add_wait_queue critical section. So use a full |
5791 |
++ * memory barrier to serialize the list_add write of |
5792 |
++ * add_wait_queue() with the waitqueue_active read |
5793 |
++ * below. |
5794 |
++ */ |
5795 |
++ ret = 0; |
5796 |
++ smp_mb(); |
5797 |
++ if (waitqueue_active(&ctx->fault_pending_wqh)) |
5798 |
++ ret = EPOLLIN; |
5799 |
++ else if (waitqueue_active(&ctx->event_wqh)) |
5800 |
++ ret = EPOLLIN; |
5801 |
++ |
5802 |
++ return ret; |
5803 |
+ } |
5804 |
+ |
5805 |
+ static const struct file_operations userfaultfd_fops; |
5806 |
+@@ -1206,7 +1201,7 @@ static ssize_t userfaultfd_read(struct file *file, char __user *buf, |
5807 |
+ struct uffd_msg msg; |
5808 |
+ int no_wait = file->f_flags & O_NONBLOCK; |
5809 |
+ |
5810 |
+- if (ctx->state == UFFD_STATE_WAIT_API) |
5811 |
++ if (!userfaultfd_is_initialized(ctx)) |
5812 |
+ return -EINVAL; |
5813 |
+ |
5814 |
+ for (;;) { |
5815 |
+@@ -1808,9 +1803,10 @@ out: |
5816 |
+ static inline unsigned int uffd_ctx_features(__u64 user_features) |
5817 |
+ { |
5818 |
+ /* |
5819 |
+- * For the current set of features the bits just coincide |
5820 |
++ * For the current set of features the bits just coincide. Set |
5821 |
++ * UFFD_FEATURE_INITIALIZED to mark the features as enabled. |
5822 |
+ */ |
5823 |
+- return (unsigned int)user_features; |
5824 |
++ return (unsigned int)user_features | UFFD_FEATURE_INITIALIZED; |
5825 |
+ } |
5826 |
+ |
5827 |
+ /* |
5828 |
+@@ -1823,12 +1819,10 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx, |
5829 |
+ { |
5830 |
+ struct uffdio_api uffdio_api; |
5831 |
+ void __user *buf = (void __user *)arg; |
5832 |
++ unsigned int ctx_features; |
5833 |
+ int ret; |
5834 |
+ __u64 features; |
5835 |
+ |
5836 |
+- ret = -EINVAL; |
5837 |
+- if (ctx->state != UFFD_STATE_WAIT_API) |
5838 |
+- goto out; |
5839 |
+ ret = -EFAULT; |
5840 |
+ if (copy_from_user(&uffdio_api, buf, sizeof(uffdio_api))) |
5841 |
+ goto out; |
5842 |
+@@ -1845,9 +1839,13 @@ static int userfaultfd_api(struct userfaultfd_ctx *ctx, |
5843 |
+ ret = -EFAULT; |
5844 |
+ if (copy_to_user(buf, &uffdio_api, sizeof(uffdio_api))) |
5845 |
+ goto out; |
5846 |
+- ctx->state = UFFD_STATE_RUNNING; |
5847 |
++ |
5848 |
+ /* only enable the requested features for this uffd context */ |
5849 |
+- ctx->features = uffd_ctx_features(features); |
5850 |
++ ctx_features = uffd_ctx_features(features); |
5851 |
++ ret = -EINVAL; |
5852 |
++ if (cmpxchg(&ctx->features, 0, ctx_features) != 0) |
5853 |
++ goto err_out; |
5854 |
++ |
5855 |
+ ret = 0; |
5856 |
+ out: |
5857 |
+ return ret; |
5858 |
+@@ -1864,7 +1862,7 @@ static long userfaultfd_ioctl(struct file *file, unsigned cmd, |
5859 |
+ int ret = -EINVAL; |
5860 |
+ struct userfaultfd_ctx *ctx = file->private_data; |
5861 |
+ |
5862 |
+- if (cmd != UFFDIO_API && ctx->state == UFFD_STATE_WAIT_API) |
5863 |
++ if (cmd != UFFDIO_API && !userfaultfd_is_initialized(ctx)) |
5864 |
+ return -EINVAL; |
5865 |
+ |
5866 |
+ switch(cmd) { |
5867 |
+@@ -1962,7 +1960,6 @@ SYSCALL_DEFINE1(userfaultfd, int, flags) |
5868 |
+ atomic_set(&ctx->refcount, 1); |
5869 |
+ ctx->flags = flags; |
5870 |
+ ctx->features = 0; |
5871 |
+- ctx->state = UFFD_STATE_WAIT_API; |
5872 |
+ ctx->released = false; |
5873 |
+ ctx->mmap_changing = false; |
5874 |
+ ctx->mm = current->mm; |
5875 |
+diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h |
5876 |
+index e0b681a717bac..052e26fda2e6c 100644 |
5877 |
+--- a/include/crypto/public_key.h |
5878 |
++++ b/include/crypto/public_key.h |
5879 |
+@@ -35,9 +35,9 @@ extern void public_key_free(struct public_key *key); |
5880 |
+ struct public_key_signature { |
5881 |
+ struct asymmetric_key_id *auth_ids[2]; |
5882 |
+ u8 *s; /* Signature */ |
5883 |
+- u32 s_size; /* Number of bytes in signature */ |
5884 |
+ u8 *digest; |
5885 |
+- u8 digest_size; /* Number of bytes in digest */ |
5886 |
++ u32 s_size; /* Number of bytes in signature */ |
5887 |
++ u32 digest_size; /* Number of bytes in digest */ |
5888 |
+ const char *pkey_algo; |
5889 |
+ const char *hash_algo; |
5890 |
+ }; |
5891 |
+diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h |
5892 |
+index 1c8517320ea64..4acd06cca703d 100644 |
5893 |
+--- a/include/linux/bpf_verifier.h |
5894 |
++++ b/include/linux/bpf_verifier.h |
5895 |
+@@ -41,6 +41,7 @@ enum bpf_reg_liveness { |
5896 |
+ }; |
5897 |
+ |
5898 |
+ struct bpf_reg_state { |
5899 |
++ /* Ordering of fields matters. See states_equal() */ |
5900 |
+ enum bpf_reg_type type; |
5901 |
+ union { |
5902 |
+ /* valid when type == PTR_TO_PACKET */ |
5903 |
+@@ -62,7 +63,6 @@ struct bpf_reg_state { |
5904 |
+ * came from, when one is tested for != NULL. |
5905 |
+ */ |
5906 |
+ u32 id; |
5907 |
+- /* Ordering of fields matters. See states_equal() */ |
5908 |
+ /* For scalar types (SCALAR_VALUE), this represents our knowledge of |
5909 |
+ * the actual value. |
5910 |
+ * For pointer types, this represents the variable part of the offset |
5911 |
+@@ -79,15 +79,15 @@ struct bpf_reg_state { |
5912 |
+ s64 smax_value; /* maximum possible (s64)value */ |
5913 |
+ u64 umin_value; /* minimum possible (u64)value */ |
5914 |
+ u64 umax_value; /* maximum possible (u64)value */ |
5915 |
++ /* parentage chain for liveness checking */ |
5916 |
++ struct bpf_reg_state *parent; |
5917 |
+ /* Inside the callee two registers can be both PTR_TO_STACK like |
5918 |
+ * R1=fp-8 and R2=fp-8, but one of them points to this function stack |
5919 |
+ * while another to the caller's stack. To differentiate them 'frameno' |
5920 |
+ * is used which is an index in bpf_verifier_state->frame[] array |
5921 |
+ * pointing to bpf_func_state. |
5922 |
+- * This field must be second to last, for states_equal() reasons. |
5923 |
+ */ |
5924 |
+ u32 frameno; |
5925 |
+- /* This field must be last, for states_equal() reasons. */ |
5926 |
+ enum bpf_reg_liveness live; |
5927 |
+ }; |
5928 |
+ |
5929 |
+@@ -110,7 +110,6 @@ struct bpf_stack_state { |
5930 |
+ */ |
5931 |
+ struct bpf_func_state { |
5932 |
+ struct bpf_reg_state regs[MAX_BPF_REG]; |
5933 |
+- struct bpf_verifier_state *parent; |
5934 |
+ /* index of call instruction that called into this func */ |
5935 |
+ int callsite; |
5936 |
+ /* stack frame number of this function state from pov of |
5937 |
+@@ -128,11 +127,17 @@ struct bpf_func_state { |
5938 |
+ struct bpf_stack_state *stack; |
5939 |
+ }; |
5940 |
+ |
5941 |
++struct bpf_id_pair { |
5942 |
++ u32 old; |
5943 |
++ u32 cur; |
5944 |
++}; |
5945 |
++ |
5946 |
++/* Maximum number of register states that can exist at once */ |
5947 |
++#define BPF_ID_MAP_SIZE (MAX_BPF_REG + MAX_BPF_STACK / BPF_REG_SIZE) |
5948 |
+ #define MAX_CALL_FRAMES 8 |
5949 |
+ struct bpf_verifier_state { |
5950 |
+ /* call stack tracking */ |
5951 |
+ struct bpf_func_state *frame[MAX_CALL_FRAMES]; |
5952 |
+- struct bpf_verifier_state *parent; |
5953 |
+ u32 curframe; |
5954 |
+ bool speculative; |
5955 |
+ }; |
5956 |
+@@ -160,8 +165,8 @@ struct bpf_insn_aux_data { |
5957 |
+ u32 alu_limit; /* limit for add/sub register with pointer */ |
5958 |
+ }; |
5959 |
+ int ctx_field_size; /* the ctx field size for load insn, maybe 0 */ |
5960 |
+- int sanitize_stack_off; /* stack slot to be cleared */ |
5961 |
+ bool seen; /* this insn was processed by the verifier */ |
5962 |
++ bool sanitize_stack_spill; /* subject to Spectre v4 sanitation */ |
5963 |
+ u8 alu_state; /* used in combination with alu_limit */ |
5964 |
+ }; |
5965 |
+ |
5966 |
+@@ -210,11 +215,13 @@ struct bpf_verifier_env { |
5967 |
+ struct bpf_map *used_maps[MAX_USED_MAPS]; /* array of map's used by eBPF program */ |
5968 |
+ u32 used_map_cnt; /* number of used maps */ |
5969 |
+ u32 id_gen; /* used to generate unique reg IDs */ |
5970 |
++ bool explore_alu_limits; |
5971 |
+ bool allow_ptr_leaks; |
5972 |
+ bool seen_direct_write; |
5973 |
+ struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */ |
5974 |
+ struct bpf_verifier_log log; |
5975 |
+ struct bpf_subprog_info subprog_info[BPF_MAX_SUBPROGS + 1]; |
5976 |
++ struct bpf_id_pair idmap_scratch[BPF_ID_MAP_SIZE]; |
5977 |
+ u32 subprog_cnt; |
5978 |
+ }; |
5979 |
+ |
5980 |
+diff --git a/include/linux/filter.h b/include/linux/filter.h |
5981 |
+index 7c84762cb59e5..e981bd92a4e3a 100644 |
5982 |
+--- a/include/linux/filter.h |
5983 |
++++ b/include/linux/filter.h |
5984 |
+@@ -64,6 +64,11 @@ struct sock_reuseport; |
5985 |
+ /* unused opcode to mark call to interpreter with arguments */ |
5986 |
+ #define BPF_CALL_ARGS 0xe0 |
5987 |
+ |
5988 |
++/* unused opcode to mark speculation barrier for mitigating |
5989 |
++ * Speculative Store Bypass |
5990 |
++ */ |
5991 |
++#define BPF_NOSPEC 0xc0 |
5992 |
++ |
5993 |
+ /* As per nm, we expose JITed images as text (code) section for |
5994 |
+ * kallsyms. That way, tools like perf can find it to match |
5995 |
+ * addresses. |
5996 |
+@@ -354,6 +359,16 @@ struct sock_reuseport; |
5997 |
+ .off = 0, \ |
5998 |
+ .imm = 0 }) |
5999 |
+ |
6000 |
++/* Speculation barrier */ |
6001 |
++ |
6002 |
++#define BPF_ST_NOSPEC() \ |
6003 |
++ ((struct bpf_insn) { \ |
6004 |
++ .code = BPF_ST | BPF_NOSPEC, \ |
6005 |
++ .dst_reg = 0, \ |
6006 |
++ .src_reg = 0, \ |
6007 |
++ .off = 0, \ |
6008 |
++ .imm = 0 }) |
6009 |
++ |
6010 |
+ /* Internal classic blocks for direct assignment */ |
6011 |
+ |
6012 |
+ #define __BPF_STMT(CODE, K) \ |
6013 |
+diff --git a/include/linux/fscrypt_notsupp.h b/include/linux/fscrypt_notsupp.h |
6014 |
+index 93304cfeb6016..6e95c5a9b7fa1 100644 |
6015 |
+--- a/include/linux/fscrypt_notsupp.h |
6016 |
++++ b/include/linux/fscrypt_notsupp.h |
6017 |
+@@ -234,4 +234,10 @@ static inline const char *fscrypt_get_symlink(struct inode *inode, |
6018 |
+ return ERR_PTR(-EOPNOTSUPP); |
6019 |
+ } |
6020 |
+ |
6021 |
++static inline int fscrypt_symlink_getattr(const struct path *path, |
6022 |
++ struct kstat *stat) |
6023 |
++{ |
6024 |
++ return -EOPNOTSUPP; |
6025 |
++} |
6026 |
++ |
6027 |
+ #endif /* _LINUX_FSCRYPT_NOTSUPP_H */ |
6028 |
+diff --git a/include/linux/fscrypt_supp.h b/include/linux/fscrypt_supp.h |
6029 |
+index 0409c14ae1de4..f4cb4871a987f 100644 |
6030 |
+--- a/include/linux/fscrypt_supp.h |
6031 |
++++ b/include/linux/fscrypt_supp.h |
6032 |
+@@ -231,5 +231,6 @@ extern int __fscrypt_encrypt_symlink(struct inode *inode, const char *target, |
6033 |
+ extern const char *fscrypt_get_symlink(struct inode *inode, const void *caddr, |
6034 |
+ unsigned int max_size, |
6035 |
+ struct delayed_call *done); |
6036 |
++int fscrypt_symlink_getattr(const struct path *path, struct kstat *stat); |
6037 |
+ |
6038 |
+ #endif /* _LINUX_FSCRYPT_SUPP_H */ |
6039 |
+diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h |
6040 |
+index 2df83a6598182..cb7dc38e9c779 100644 |
6041 |
+--- a/include/linux/hugetlb.h |
6042 |
++++ b/include/linux/hugetlb.h |
6043 |
+@@ -513,6 +513,11 @@ static inline spinlock_t *huge_pte_lockptr(struct hstate *h, |
6044 |
+ |
6045 |
+ void hugetlb_report_usage(struct seq_file *m, struct mm_struct *mm); |
6046 |
+ |
6047 |
++static inline void hugetlb_count_init(struct mm_struct *mm) |
6048 |
++{ |
6049 |
++ atomic_long_set(&mm->hugetlb_usage, 0); |
6050 |
++} |
6051 |
++ |
6052 |
+ static inline void hugetlb_count_add(long l, struct mm_struct *mm) |
6053 |
+ { |
6054 |
+ atomic_long_add(l, &mm->hugetlb_usage); |
6055 |
+@@ -593,6 +598,10 @@ static inline spinlock_t *huge_pte_lockptr(struct hstate *h, |
6056 |
+ return &mm->page_table_lock; |
6057 |
+ } |
6058 |
+ |
6059 |
++static inline void hugetlb_count_init(struct mm_struct *mm) |
6060 |
++{ |
6061 |
++} |
6062 |
++ |
6063 |
+ static inline void hugetlb_report_usage(struct seq_file *f, struct mm_struct *m) |
6064 |
+ { |
6065 |
+ } |
6066 |
+diff --git a/include/linux/list.h b/include/linux/list.h |
6067 |
+index de04cc5ed5367..d2c12ef7a4e32 100644 |
6068 |
+--- a/include/linux/list.h |
6069 |
++++ b/include/linux/list.h |
6070 |
+@@ -484,6 +484,15 @@ static inline void list_splice_tail_init(struct list_head *list, |
6071 |
+ pos != (head); \ |
6072 |
+ pos = n, n = pos->prev) |
6073 |
+ |
6074 |
++/** |
6075 |
++ * list_entry_is_head - test if the entry points to the head of the list |
6076 |
++ * @pos: the type * to cursor |
6077 |
++ * @head: the head for your list. |
6078 |
++ * @member: the name of the list_head within the struct. |
6079 |
++ */ |
6080 |
++#define list_entry_is_head(pos, head, member) \ |
6081 |
++ (&pos->member == (head)) |
6082 |
++ |
6083 |
+ /** |
6084 |
+ * list_for_each_entry - iterate over list of given type |
6085 |
+ * @pos: the type * to use as a loop cursor. |
6086 |
+@@ -492,7 +501,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6087 |
+ */ |
6088 |
+ #define list_for_each_entry(pos, head, member) \ |
6089 |
+ for (pos = list_first_entry(head, typeof(*pos), member); \ |
6090 |
+- &pos->member != (head); \ |
6091 |
++ !list_entry_is_head(pos, head, member); \ |
6092 |
+ pos = list_next_entry(pos, member)) |
6093 |
+ |
6094 |
+ /** |
6095 |
+@@ -503,7 +512,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6096 |
+ */ |
6097 |
+ #define list_for_each_entry_reverse(pos, head, member) \ |
6098 |
+ for (pos = list_last_entry(head, typeof(*pos), member); \ |
6099 |
+- &pos->member != (head); \ |
6100 |
++ !list_entry_is_head(pos, head, member); \ |
6101 |
+ pos = list_prev_entry(pos, member)) |
6102 |
+ |
6103 |
+ /** |
6104 |
+@@ -528,7 +537,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6105 |
+ */ |
6106 |
+ #define list_for_each_entry_continue(pos, head, member) \ |
6107 |
+ for (pos = list_next_entry(pos, member); \ |
6108 |
+- &pos->member != (head); \ |
6109 |
++ !list_entry_is_head(pos, head, member); \ |
6110 |
+ pos = list_next_entry(pos, member)) |
6111 |
+ |
6112 |
+ /** |
6113 |
+@@ -542,7 +551,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6114 |
+ */ |
6115 |
+ #define list_for_each_entry_continue_reverse(pos, head, member) \ |
6116 |
+ for (pos = list_prev_entry(pos, member); \ |
6117 |
+- &pos->member != (head); \ |
6118 |
++ !list_entry_is_head(pos, head, member); \ |
6119 |
+ pos = list_prev_entry(pos, member)) |
6120 |
+ |
6121 |
+ /** |
6122 |
+@@ -554,7 +563,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6123 |
+ * Iterate over list of given type, continuing from current position. |
6124 |
+ */ |
6125 |
+ #define list_for_each_entry_from(pos, head, member) \ |
6126 |
+- for (; &pos->member != (head); \ |
6127 |
++ for (; !list_entry_is_head(pos, head, member); \ |
6128 |
+ pos = list_next_entry(pos, member)) |
6129 |
+ |
6130 |
+ /** |
6131 |
+@@ -567,7 +576,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6132 |
+ * Iterate backwards over list of given type, continuing from current position. |
6133 |
+ */ |
6134 |
+ #define list_for_each_entry_from_reverse(pos, head, member) \ |
6135 |
+- for (; &pos->member != (head); \ |
6136 |
++ for (; !list_entry_is_head(pos, head, member); \ |
6137 |
+ pos = list_prev_entry(pos, member)) |
6138 |
+ |
6139 |
+ /** |
6140 |
+@@ -580,7 +589,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6141 |
+ #define list_for_each_entry_safe(pos, n, head, member) \ |
6142 |
+ for (pos = list_first_entry(head, typeof(*pos), member), \ |
6143 |
+ n = list_next_entry(pos, member); \ |
6144 |
+- &pos->member != (head); \ |
6145 |
++ !list_entry_is_head(pos, head, member); \ |
6146 |
+ pos = n, n = list_next_entry(n, member)) |
6147 |
+ |
6148 |
+ /** |
6149 |
+@@ -596,7 +605,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6150 |
+ #define list_for_each_entry_safe_continue(pos, n, head, member) \ |
6151 |
+ for (pos = list_next_entry(pos, member), \ |
6152 |
+ n = list_next_entry(pos, member); \ |
6153 |
+- &pos->member != (head); \ |
6154 |
++ !list_entry_is_head(pos, head, member); \ |
6155 |
+ pos = n, n = list_next_entry(n, member)) |
6156 |
+ |
6157 |
+ /** |
6158 |
+@@ -611,7 +620,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6159 |
+ */ |
6160 |
+ #define list_for_each_entry_safe_from(pos, n, head, member) \ |
6161 |
+ for (n = list_next_entry(pos, member); \ |
6162 |
+- &pos->member != (head); \ |
6163 |
++ !list_entry_is_head(pos, head, member); \ |
6164 |
+ pos = n, n = list_next_entry(n, member)) |
6165 |
+ |
6166 |
+ /** |
6167 |
+@@ -627,7 +636,7 @@ static inline void list_splice_tail_init(struct list_head *list, |
6168 |
+ #define list_for_each_entry_safe_reverse(pos, n, head, member) \ |
6169 |
+ for (pos = list_last_entry(head, typeof(*pos), member), \ |
6170 |
+ n = list_prev_entry(pos, member); \ |
6171 |
+- &pos->member != (head); \ |
6172 |
++ !list_entry_is_head(pos, head, member); \ |
6173 |
+ pos = n, n = list_prev_entry(n, member)) |
6174 |
+ |
6175 |
+ /** |
6176 |
+diff --git a/include/linux/memory_hotplug.h b/include/linux/memory_hotplug.h |
6177 |
+index d17d45c41a0b0..5653178768227 100644 |
6178 |
+--- a/include/linux/memory_hotplug.h |
6179 |
++++ b/include/linux/memory_hotplug.h |
6180 |
+@@ -344,6 +344,6 @@ extern struct page *sparse_decode_mem_map(unsigned long coded_mem_map, |
6181 |
+ unsigned long pnum); |
6182 |
+ extern bool allow_online_pfn_range(int nid, unsigned long pfn, unsigned long nr_pages, |
6183 |
+ int online_type); |
6184 |
+-extern struct zone *zone_for_pfn_range(int online_type, int nid, unsigned start_pfn, |
6185 |
+- unsigned long nr_pages); |
6186 |
++extern struct zone *zone_for_pfn_range(int online_type, int nid, |
6187 |
++ unsigned long start_pfn, unsigned long nr_pages); |
6188 |
+ #endif /* __LINUX_MEMORY_HOTPLUG_H */ |
6189 |
+diff --git a/include/linux/pci.h b/include/linux/pci.h |
6190 |
+index 2fda9893962d1..6f9ca2f278b32 100644 |
6191 |
+--- a/include/linux/pci.h |
6192 |
++++ b/include/linux/pci.h |
6193 |
+@@ -1644,8 +1644,9 @@ static inline int pci_enable_device(struct pci_dev *dev) { return -EIO; } |
6194 |
+ static inline void pci_disable_device(struct pci_dev *dev) { } |
6195 |
+ static inline int pci_assign_resource(struct pci_dev *dev, int i) |
6196 |
+ { return -EBUSY; } |
6197 |
+-static inline int __pci_register_driver(struct pci_driver *drv, |
6198 |
+- struct module *owner) |
6199 |
++static inline int __must_check __pci_register_driver(struct pci_driver *drv, |
6200 |
++ struct module *owner, |
6201 |
++ const char *mod_name) |
6202 |
+ { return 0; } |
6203 |
+ static inline int pci_register_driver(struct pci_driver *drv) |
6204 |
+ { return 0; } |
6205 |
+diff --git a/include/linux/power/max17042_battery.h b/include/linux/power/max17042_battery.h |
6206 |
+index a7ed29baf44a6..86e5ad8aeee4e 100644 |
6207 |
+--- a/include/linux/power/max17042_battery.h |
6208 |
++++ b/include/linux/power/max17042_battery.h |
6209 |
+@@ -82,7 +82,7 @@ enum max17042_register { |
6210 |
+ MAX17042_RelaxCFG = 0x2A, |
6211 |
+ MAX17042_MiscCFG = 0x2B, |
6212 |
+ MAX17042_TGAIN = 0x2C, |
6213 |
+- MAx17042_TOFF = 0x2D, |
6214 |
++ MAX17042_TOFF = 0x2D, |
6215 |
+ MAX17042_CGAIN = 0x2E, |
6216 |
+ MAX17042_COFF = 0x2F, |
6217 |
+ |
6218 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
6219 |
+index 5f2e6451ece54..f97734f34746a 100644 |
6220 |
+--- a/include/linux/skbuff.h |
6221 |
++++ b/include/linux/skbuff.h |
6222 |
+@@ -1761,7 +1761,7 @@ static inline void __skb_insert(struct sk_buff *newsk, |
6223 |
+ WRITE_ONCE(newsk->prev, prev); |
6224 |
+ WRITE_ONCE(next->prev, newsk); |
6225 |
+ WRITE_ONCE(prev->next, newsk); |
6226 |
+- list->qlen++; |
6227 |
++ WRITE_ONCE(list->qlen, list->qlen + 1); |
6228 |
+ } |
6229 |
+ |
6230 |
+ static inline void __skb_queue_splice(const struct sk_buff_head *list, |
6231 |
+diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h |
6232 |
+index fdb6b317d9747..c46abf35c9bb6 100644 |
6233 |
+--- a/include/linux/sunrpc/svc.h |
6234 |
++++ b/include/linux/sunrpc/svc.h |
6235 |
+@@ -271,6 +271,7 @@ struct svc_rqst { |
6236 |
+ #define RQ_VICTIM (5) /* about to be shut down */ |
6237 |
+ #define RQ_BUSY (6) /* request is busy */ |
6238 |
+ #define RQ_DATA (7) /* request has data */ |
6239 |
++#define RQ_AUTHERR (8) /* Request status is auth error */ |
6240 |
+ unsigned long rq_flags; /* flags field */ |
6241 |
+ ktime_t rq_qtime; /* enqueue time */ |
6242 |
+ |
6243 |
+@@ -504,6 +505,7 @@ unsigned int svc_fill_write_vector(struct svc_rqst *rqstp, |
6244 |
+ char *svc_fill_symlink_pathname(struct svc_rqst *rqstp, |
6245 |
+ struct kvec *first, void *p, |
6246 |
+ size_t total); |
6247 |
++__be32 svc_return_autherr(struct svc_rqst *rqstp, __be32 auth_err); |
6248 |
+ |
6249 |
+ #define RPC_MAX_ADDRBUFLEN (63U) |
6250 |
+ |
6251 |
+diff --git a/include/uapi/linux/pkt_sched.h b/include/uapi/linux/pkt_sched.h |
6252 |
+index 8975fd1a1421f..24ce2aab89469 100644 |
6253 |
+--- a/include/uapi/linux/pkt_sched.h |
6254 |
++++ b/include/uapi/linux/pkt_sched.h |
6255 |
+@@ -779,6 +779,8 @@ struct tc_codel_xstats { |
6256 |
+ |
6257 |
+ /* FQ_CODEL */ |
6258 |
+ |
6259 |
++#define FQ_CODEL_QUANTUM_MAX (1 << 20) |
6260 |
++ |
6261 |
+ enum { |
6262 |
+ TCA_FQ_CODEL_UNSPEC, |
6263 |
+ TCA_FQ_CODEL_TARGET, |
6264 |
+diff --git a/include/uapi/linux/serial_reg.h b/include/uapi/linux/serial_reg.h |
6265 |
+index be07b5470f4bb..f51bc8f368134 100644 |
6266 |
+--- a/include/uapi/linux/serial_reg.h |
6267 |
++++ b/include/uapi/linux/serial_reg.h |
6268 |
+@@ -62,6 +62,7 @@ |
6269 |
+ * ST16C654: 8 16 56 60 8 16 32 56 PORT_16654 |
6270 |
+ * TI16C750: 1 16 32 56 xx xx xx xx PORT_16750 |
6271 |
+ * TI16C752: 8 16 56 60 8 16 32 56 |
6272 |
++ * OX16C950: 16 32 112 120 16 32 64 112 PORT_16C950 |
6273 |
+ * Tegra: 1 4 8 14 16 8 4 1 PORT_TEGRA |
6274 |
+ */ |
6275 |
+ #define UART_FCR_R_TRIG_00 0x00 |
6276 |
+diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c |
6277 |
+index d2b6d2459aad4..341402bc1202d 100644 |
6278 |
+--- a/kernel/bpf/core.c |
6279 |
++++ b/kernel/bpf/core.c |
6280 |
+@@ -33,6 +33,7 @@ |
6281 |
+ #include <linux/rcupdate.h> |
6282 |
+ #include <linux/perf_event.h> |
6283 |
+ |
6284 |
++#include <asm/barrier.h> |
6285 |
+ #include <asm/unaligned.h> |
6286 |
+ |
6287 |
+ /* Registers */ |
6288 |
+@@ -1050,6 +1051,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn, u64 *stack) |
6289 |
+ /* Non-UAPI available opcodes. */ |
6290 |
+ [BPF_JMP | BPF_CALL_ARGS] = &&JMP_CALL_ARGS, |
6291 |
+ [BPF_JMP | BPF_TAIL_CALL] = &&JMP_TAIL_CALL, |
6292 |
++ [BPF_ST | BPF_NOSPEC] = &&ST_NOSPEC, |
6293 |
+ }; |
6294 |
+ #undef BPF_INSN_3_LBL |
6295 |
+ #undef BPF_INSN_2_LBL |
6296 |
+@@ -1356,7 +1358,21 @@ out: |
6297 |
+ JMP_EXIT: |
6298 |
+ return BPF_R0; |
6299 |
+ |
6300 |
+- /* STX and ST and LDX*/ |
6301 |
++ /* ST, STX and LDX*/ |
6302 |
++ ST_NOSPEC: |
6303 |
++ /* Speculation barrier for mitigating Speculative Store Bypass. |
6304 |
++ * In case of arm64, we rely on the firmware mitigation as |
6305 |
++ * controlled via the ssbd kernel parameter. Whenever the |
6306 |
++ * mitigation is enabled, it works for all of the kernel code |
6307 |
++ * with no need to provide any additional instructions here. |
6308 |
++ * In case of x86, we use 'lfence' insn for mitigation. We |
6309 |
++ * reuse preexisting logic from Spectre v1 mitigation that |
6310 |
++ * happens to produce the required code on x86 for v4 as well. |
6311 |
++ */ |
6312 |
++#ifdef CONFIG_X86 |
6313 |
++ barrier_nospec(); |
6314 |
++#endif |
6315 |
++ CONT; |
6316 |
+ #define LDST(SIZEOP, SIZE) \ |
6317 |
+ STX_MEM_##SIZEOP: \ |
6318 |
+ *(SIZE *)(unsigned long) (DST + insn->off) = SRC; \ |
6319 |
+diff --git a/kernel/bpf/disasm.c b/kernel/bpf/disasm.c |
6320 |
+index d6b76377cb6ee..cbd75dd5992ef 100644 |
6321 |
+--- a/kernel/bpf/disasm.c |
6322 |
++++ b/kernel/bpf/disasm.c |
6323 |
+@@ -171,15 +171,17 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs, |
6324 |
+ else |
6325 |
+ verbose(cbs->private_data, "BUG_%02x\n", insn->code); |
6326 |
+ } else if (class == BPF_ST) { |
6327 |
+- if (BPF_MODE(insn->code) != BPF_MEM) { |
6328 |
++ if (BPF_MODE(insn->code) == BPF_MEM) { |
6329 |
++ verbose(cbs->private_data, "(%02x) *(%s *)(r%d %+d) = %d\n", |
6330 |
++ insn->code, |
6331 |
++ bpf_ldst_string[BPF_SIZE(insn->code) >> 3], |
6332 |
++ insn->dst_reg, |
6333 |
++ insn->off, insn->imm); |
6334 |
++ } else if (BPF_MODE(insn->code) == 0xc0 /* BPF_NOSPEC, no UAPI */) { |
6335 |
++ verbose(cbs->private_data, "(%02x) nospec\n", insn->code); |
6336 |
++ } else { |
6337 |
+ verbose(cbs->private_data, "BUG_st_%02x\n", insn->code); |
6338 |
+- return; |
6339 |
+ } |
6340 |
+- verbose(cbs->private_data, "(%02x) *(%s *)(r%d %+d) = %d\n", |
6341 |
+- insn->code, |
6342 |
+- bpf_ldst_string[BPF_SIZE(insn->code) >> 3], |
6343 |
+- insn->dst_reg, |
6344 |
+- insn->off, insn->imm); |
6345 |
+ } else if (class == BPF_LDX) { |
6346 |
+ if (BPF_MODE(insn->code) != BPF_MEM) { |
6347 |
+ verbose(cbs->private_data, "BUG_ldx_%02x\n", insn->code); |
6348 |
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c |
6349 |
+index abdc9eca463c5..9a671f604ebfe 100644 |
6350 |
+--- a/kernel/bpf/verifier.c |
6351 |
++++ b/kernel/bpf/verifier.c |
6352 |
+@@ -380,9 +380,9 @@ static int copy_stack_state(struct bpf_func_state *dst, |
6353 |
+ /* do_check() starts with zero-sized stack in struct bpf_verifier_state to |
6354 |
+ * make it consume minimal amount of memory. check_stack_write() access from |
6355 |
+ * the program calls into realloc_func_state() to grow the stack size. |
6356 |
+- * Note there is a non-zero 'parent' pointer inside bpf_verifier_state |
6357 |
+- * which this function copies over. It points to previous bpf_verifier_state |
6358 |
+- * which is never reallocated |
6359 |
++ * Note there is a non-zero parent pointer inside each reg of bpf_verifier_state |
6360 |
++ * which this function copies over. It points to corresponding reg in previous |
6361 |
++ * bpf_verifier_state which is never reallocated |
6362 |
+ */ |
6363 |
+ static int realloc_func_state(struct bpf_func_state *state, int size, |
6364 |
+ bool copy_old) |
6365 |
+@@ -467,7 +467,6 @@ static int copy_verifier_state(struct bpf_verifier_state *dst_state, |
6366 |
+ } |
6367 |
+ dst_state->speculative = src->speculative; |
6368 |
+ dst_state->curframe = src->curframe; |
6369 |
+- dst_state->parent = src->parent; |
6370 |
+ for (i = 0; i <= src->curframe; i++) { |
6371 |
+ dst = dst_state->frame[i]; |
6372 |
+ if (!dst) { |
6373 |
+@@ -739,6 +738,7 @@ static void init_reg_state(struct bpf_verifier_env *env, |
6374 |
+ for (i = 0; i < MAX_BPF_REG; i++) { |
6375 |
+ mark_reg_not_init(env, regs, i); |
6376 |
+ regs[i].live = REG_LIVE_NONE; |
6377 |
++ regs[i].parent = NULL; |
6378 |
+ } |
6379 |
+ |
6380 |
+ /* frame pointer */ |
6381 |
+@@ -883,74 +883,21 @@ next: |
6382 |
+ return 0; |
6383 |
+ } |
6384 |
+ |
6385 |
+-static |
6386 |
+-struct bpf_verifier_state *skip_callee(struct bpf_verifier_env *env, |
6387 |
+- const struct bpf_verifier_state *state, |
6388 |
+- struct bpf_verifier_state *parent, |
6389 |
+- u32 regno) |
6390 |
+-{ |
6391 |
+- struct bpf_verifier_state *tmp = NULL; |
6392 |
+- |
6393 |
+- /* 'parent' could be a state of caller and |
6394 |
+- * 'state' could be a state of callee. In such case |
6395 |
+- * parent->curframe < state->curframe |
6396 |
+- * and it's ok for r1 - r5 registers |
6397 |
+- * |
6398 |
+- * 'parent' could be a callee's state after it bpf_exit-ed. |
6399 |
+- * In such case parent->curframe > state->curframe |
6400 |
+- * and it's ok for r0 only |
6401 |
+- */ |
6402 |
+- if (parent->curframe == state->curframe || |
6403 |
+- (parent->curframe < state->curframe && |
6404 |
+- regno >= BPF_REG_1 && regno <= BPF_REG_5) || |
6405 |
+- (parent->curframe > state->curframe && |
6406 |
+- regno == BPF_REG_0)) |
6407 |
+- return parent; |
6408 |
+- |
6409 |
+- if (parent->curframe > state->curframe && |
6410 |
+- regno >= BPF_REG_6) { |
6411 |
+- /* for callee saved regs we have to skip the whole chain |
6412 |
+- * of states that belong to callee and mark as LIVE_READ |
6413 |
+- * the registers before the call |
6414 |
+- */ |
6415 |
+- tmp = parent; |
6416 |
+- while (tmp && tmp->curframe != state->curframe) { |
6417 |
+- tmp = tmp->parent; |
6418 |
+- } |
6419 |
+- if (!tmp) |
6420 |
+- goto bug; |
6421 |
+- parent = tmp; |
6422 |
+- } else { |
6423 |
+- goto bug; |
6424 |
+- } |
6425 |
+- return parent; |
6426 |
+-bug: |
6427 |
+- verbose(env, "verifier bug regno %d tmp %p\n", regno, tmp); |
6428 |
+- verbose(env, "regno %d parent frame %d current frame %d\n", |
6429 |
+- regno, parent->curframe, state->curframe); |
6430 |
+- return NULL; |
6431 |
+-} |
6432 |
+- |
6433 |
++/* Parentage chain of this register (or stack slot) should take care of all |
6434 |
++ * issues like callee-saved registers, stack slot allocation time, etc. |
6435 |
++ */ |
6436 |
+ static int mark_reg_read(struct bpf_verifier_env *env, |
6437 |
+- const struct bpf_verifier_state *state, |
6438 |
+- struct bpf_verifier_state *parent, |
6439 |
+- u32 regno) |
6440 |
++ const struct bpf_reg_state *state, |
6441 |
++ struct bpf_reg_state *parent) |
6442 |
+ { |
6443 |
+ bool writes = parent == state->parent; /* Observe write marks */ |
6444 |
+ |
6445 |
+- if (regno == BPF_REG_FP) |
6446 |
+- /* We don't need to worry about FP liveness because it's read-only */ |
6447 |
+- return 0; |
6448 |
+- |
6449 |
+ while (parent) { |
6450 |
+ /* if read wasn't screened by an earlier write ... */ |
6451 |
+- if (writes && state->frame[state->curframe]->regs[regno].live & REG_LIVE_WRITTEN) |
6452 |
++ if (writes && state->live & REG_LIVE_WRITTEN) |
6453 |
+ break; |
6454 |
+- parent = skip_callee(env, state, parent, regno); |
6455 |
+- if (!parent) |
6456 |
+- return -EFAULT; |
6457 |
+ /* ... then we depend on parent's value */ |
6458 |
+- parent->frame[parent->curframe]->regs[regno].live |= REG_LIVE_READ; |
6459 |
++ parent->live |= REG_LIVE_READ; |
6460 |
+ state = parent; |
6461 |
+ parent = state->parent; |
6462 |
+ writes = true; |
6463 |
+@@ -976,7 +923,10 @@ static int check_reg_arg(struct bpf_verifier_env *env, u32 regno, |
6464 |
+ verbose(env, "R%d !read_ok\n", regno); |
6465 |
+ return -EACCES; |
6466 |
+ } |
6467 |
+- return mark_reg_read(env, vstate, vstate->parent, regno); |
6468 |
++ /* We don't need to worry about FP liveness because it's read-only */ |
6469 |
++ if (regno != BPF_REG_FP) |
6470 |
++ return mark_reg_read(env, ®s[regno], |
6471 |
++ regs[regno].parent); |
6472 |
+ } else { |
6473 |
+ /* check whether register used as dest operand can be written to */ |
6474 |
+ if (regno == BPF_REG_FP) { |
6475 |
+@@ -1013,6 +963,23 @@ static bool register_is_null(struct bpf_reg_state *reg) |
6476 |
+ return reg->type == SCALAR_VALUE && tnum_equals_const(reg->var_off, 0); |
6477 |
+ } |
6478 |
+ |
6479 |
++static bool register_is_const(struct bpf_reg_state *reg) |
6480 |
++{ |
6481 |
++ return reg->type == SCALAR_VALUE && tnum_is_const(reg->var_off); |
6482 |
++} |
6483 |
++ |
6484 |
++static void save_register_state(struct bpf_func_state *state, |
6485 |
++ int spi, struct bpf_reg_state *reg) |
6486 |
++{ |
6487 |
++ int i; |
6488 |
++ |
6489 |
++ state->stack[spi].spilled_ptr = *reg; |
6490 |
++ state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN; |
6491 |
++ |
6492 |
++ for (i = 0; i < BPF_REG_SIZE; i++) |
6493 |
++ state->stack[spi].slot_type[i] = STACK_SPILL; |
6494 |
++} |
6495 |
++ |
6496 |
+ /* check_stack_read/write functions track spill/fill of registers, |
6497 |
+ * stack boundary and alignment are checked in check_mem_access() |
6498 |
+ */ |
6499 |
+@@ -1022,7 +989,7 @@ static int check_stack_write(struct bpf_verifier_env *env, |
6500 |
+ { |
6501 |
+ struct bpf_func_state *cur; /* state of the current function */ |
6502 |
+ int i, slot = -off - 1, spi = slot / BPF_REG_SIZE, err; |
6503 |
+- enum bpf_reg_type type; |
6504 |
++ struct bpf_reg_state *reg = NULL; |
6505 |
+ |
6506 |
+ err = realloc_func_state(state, round_up(slot + 1, BPF_REG_SIZE), |
6507 |
+ true); |
6508 |
+@@ -1039,56 +1006,45 @@ static int check_stack_write(struct bpf_verifier_env *env, |
6509 |
+ } |
6510 |
+ |
6511 |
+ cur = env->cur_state->frame[env->cur_state->curframe]; |
6512 |
+- if (value_regno >= 0 && |
6513 |
+- is_spillable_regtype((type = cur->regs[value_regno].type))) { |
6514 |
++ if (value_regno >= 0) |
6515 |
++ reg = &cur->regs[value_regno]; |
6516 |
++ if (!env->allow_ptr_leaks) { |
6517 |
++ bool sanitize = reg && is_spillable_regtype(reg->type); |
6518 |
+ |
6519 |
++ for (i = 0; i < size; i++) { |
6520 |
++ if (state->stack[spi].slot_type[i] == STACK_INVALID) { |
6521 |
++ sanitize = true; |
6522 |
++ break; |
6523 |
++ } |
6524 |
++ } |
6525 |
++ |
6526 |
++ if (sanitize) |
6527 |
++ env->insn_aux_data[insn_idx].sanitize_stack_spill = true; |
6528 |
++ } |
6529 |
++ |
6530 |
++ if (reg && size == BPF_REG_SIZE && register_is_const(reg) && |
6531 |
++ !register_is_null(reg) && env->allow_ptr_leaks) { |
6532 |
++ save_register_state(state, spi, reg); |
6533 |
++ } else if (reg && is_spillable_regtype(reg->type)) { |
6534 |
+ /* register containing pointer is being spilled into stack */ |
6535 |
+ if (size != BPF_REG_SIZE) { |
6536 |
+ verbose(env, "invalid size of register spill\n"); |
6537 |
+ return -EACCES; |
6538 |
+ } |
6539 |
+- |
6540 |
+- if (state != cur && type == PTR_TO_STACK) { |
6541 |
++ if (state != cur && reg->type == PTR_TO_STACK) { |
6542 |
+ verbose(env, "cannot spill pointers to stack into stack frame of the caller\n"); |
6543 |
+ return -EINVAL; |
6544 |
+ } |
6545 |
+- |
6546 |
+- /* save register state */ |
6547 |
+- state->stack[spi].spilled_ptr = cur->regs[value_regno]; |
6548 |
+- state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN; |
6549 |
+- |
6550 |
+- for (i = 0; i < BPF_REG_SIZE; i++) { |
6551 |
+- if (state->stack[spi].slot_type[i] == STACK_MISC && |
6552 |
+- !env->allow_ptr_leaks) { |
6553 |
+- int *poff = &env->insn_aux_data[insn_idx].sanitize_stack_off; |
6554 |
+- int soff = (-spi - 1) * BPF_REG_SIZE; |
6555 |
+- |
6556 |
+- /* detected reuse of integer stack slot with a pointer |
6557 |
+- * which means either llvm is reusing stack slot or |
6558 |
+- * an attacker is trying to exploit CVE-2018-3639 |
6559 |
+- * (speculative store bypass) |
6560 |
+- * Have to sanitize that slot with preemptive |
6561 |
+- * store of zero. |
6562 |
+- */ |
6563 |
+- if (*poff && *poff != soff) { |
6564 |
+- /* disallow programs where single insn stores |
6565 |
+- * into two different stack slots, since verifier |
6566 |
+- * cannot sanitize them |
6567 |
+- */ |
6568 |
+- verbose(env, |
6569 |
+- "insn %d cannot access two stack slots fp%d and fp%d", |
6570 |
+- insn_idx, *poff, soff); |
6571 |
+- return -EINVAL; |
6572 |
+- } |
6573 |
+- *poff = soff; |
6574 |
+- } |
6575 |
+- state->stack[spi].slot_type[i] = STACK_SPILL; |
6576 |
+- } |
6577 |
++ save_register_state(state, spi, reg); |
6578 |
+ } else { |
6579 |
+ u8 type = STACK_MISC; |
6580 |
+ |
6581 |
+- /* regular write of data into stack */ |
6582 |
+- state->stack[spi].spilled_ptr = (struct bpf_reg_state) {}; |
6583 |
++ /* regular write of data into stack destroys any spilled ptr */ |
6584 |
++ state->stack[spi].spilled_ptr.type = NOT_INIT; |
6585 |
++ /* Mark slots as STACK_MISC if they belonged to spilled ptr. */ |
6586 |
++ if (state->stack[spi].slot_type[0] == STACK_SPILL) |
6587 |
++ for (i = 0; i < BPF_REG_SIZE; i++) |
6588 |
++ state->stack[spi].slot_type[i] = STACK_MISC; |
6589 |
+ |
6590 |
+ /* only mark the slot as written if all 8 bytes were written |
6591 |
+ * otherwise read propagation may incorrectly stop too soon |
6592 |
+@@ -1102,10 +1058,10 @@ static int check_stack_write(struct bpf_verifier_env *env, |
6593 |
+ state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN; |
6594 |
+ |
6595 |
+ /* when we zero initialize stack slots mark them as such */ |
6596 |
+- if (value_regno >= 0 && |
6597 |
+- register_is_null(&cur->regs[value_regno])) |
6598 |
++ if (reg && register_is_null(reg)) |
6599 |
+ type = STACK_ZERO; |
6600 |
+ |
6601 |
++ /* Mark slots affected by this stack write. */ |
6602 |
+ for (i = 0; i < size; i++) |
6603 |
+ state->stack[spi].slot_type[(slot - i) % BPF_REG_SIZE] = |
6604 |
+ type; |
6605 |
+@@ -1113,61 +1069,6 @@ static int check_stack_write(struct bpf_verifier_env *env, |
6606 |
+ return 0; |
6607 |
+ } |
6608 |
+ |
6609 |
+-/* registers of every function are unique and mark_reg_read() propagates |
6610 |
+- * the liveness in the following cases: |
6611 |
+- * - from callee into caller for R1 - R5 that were used as arguments |
6612 |
+- * - from caller into callee for R0 that used as result of the call |
6613 |
+- * - from caller to the same caller skipping states of the callee for R6 - R9, |
6614 |
+- * since R6 - R9 are callee saved by implicit function prologue and |
6615 |
+- * caller's R6 != callee's R6, so when we propagate liveness up to |
6616 |
+- * parent states we need to skip callee states for R6 - R9. |
6617 |
+- * |
6618 |
+- * stack slot marking is different, since stacks of caller and callee are |
6619 |
+- * accessible in both (since caller can pass a pointer to caller's stack to |
6620 |
+- * callee which can pass it to another function), hence mark_stack_slot_read() |
6621 |
+- * has to propagate the stack liveness to all parent states at given frame number. |
6622 |
+- * Consider code: |
6623 |
+- * f1() { |
6624 |
+- * ptr = fp - 8; |
6625 |
+- * *ptr = ctx; |
6626 |
+- * call f2 { |
6627 |
+- * .. = *ptr; |
6628 |
+- * } |
6629 |
+- * .. = *ptr; |
6630 |
+- * } |
6631 |
+- * First *ptr is reading from f1's stack and mark_stack_slot_read() has |
6632 |
+- * to mark liveness at the f1's frame and not f2's frame. |
6633 |
+- * Second *ptr is also reading from f1's stack and mark_stack_slot_read() has |
6634 |
+- * to propagate liveness to f2 states at f1's frame level and further into |
6635 |
+- * f1 states at f1's frame level until write into that stack slot |
6636 |
+- */ |
6637 |
+-static void mark_stack_slot_read(struct bpf_verifier_env *env, |
6638 |
+- const struct bpf_verifier_state *state, |
6639 |
+- struct bpf_verifier_state *parent, |
6640 |
+- int slot, int frameno) |
6641 |
+-{ |
6642 |
+- bool writes = parent == state->parent; /* Observe write marks */ |
6643 |
+- |
6644 |
+- while (parent) { |
6645 |
+- if (parent->frame[frameno]->allocated_stack <= slot * BPF_REG_SIZE) |
6646 |
+- /* since LIVE_WRITTEN mark is only done for full 8-byte |
6647 |
+- * write the read marks are conservative and parent |
6648 |
+- * state may not even have the stack allocated. In such case |
6649 |
+- * end the propagation, since the loop reached beginning |
6650 |
+- * of the function |
6651 |
+- */ |
6652 |
+- break; |
6653 |
+- /* if read wasn't screened by an earlier write ... */ |
6654 |
+- if (writes && state->frame[frameno]->stack[slot].spilled_ptr.live & REG_LIVE_WRITTEN) |
6655 |
+- break; |
6656 |
+- /* ... then we depend on parent's value */ |
6657 |
+- parent->frame[frameno]->stack[slot].spilled_ptr.live |= REG_LIVE_READ; |
6658 |
+- state = parent; |
6659 |
+- parent = state->parent; |
6660 |
+- writes = true; |
6661 |
+- } |
6662 |
+-} |
6663 |
+- |
6664 |
+ static int check_stack_read(struct bpf_verifier_env *env, |
6665 |
+ struct bpf_func_state *reg_state /* func where register points to */, |
6666 |
+ int off, int size, int value_regno) |
6667 |
+@@ -1175,6 +1076,7 @@ static int check_stack_read(struct bpf_verifier_env *env, |
6668 |
+ struct bpf_verifier_state *vstate = env->cur_state; |
6669 |
+ struct bpf_func_state *state = vstate->frame[vstate->curframe]; |
6670 |
+ int i, slot = -off - 1, spi = slot / BPF_REG_SIZE; |
6671 |
++ struct bpf_reg_state *reg; |
6672 |
+ u8 *stype; |
6673 |
+ |
6674 |
+ if (reg_state->allocated_stack <= slot) { |
6675 |
+@@ -1183,11 +1085,20 @@ static int check_stack_read(struct bpf_verifier_env *env, |
6676 |
+ return -EACCES; |
6677 |
+ } |
6678 |
+ stype = reg_state->stack[spi].slot_type; |
6679 |
++ reg = ®_state->stack[spi].spilled_ptr; |
6680 |
+ |
6681 |
+ if (stype[0] == STACK_SPILL) { |
6682 |
+ if (size != BPF_REG_SIZE) { |
6683 |
+- verbose(env, "invalid size of register spill\n"); |
6684 |
+- return -EACCES; |
6685 |
++ if (reg->type != SCALAR_VALUE) { |
6686 |
++ verbose(env, "invalid size of register fill\n"); |
6687 |
++ return -EACCES; |
6688 |
++ } |
6689 |
++ if (value_regno >= 0) { |
6690 |
++ mark_reg_unknown(env, state->regs, value_regno); |
6691 |
++ state->regs[value_regno].live |= REG_LIVE_WRITTEN; |
6692 |
++ } |
6693 |
++ mark_reg_read(env, reg, reg->parent); |
6694 |
++ return 0; |
6695 |
+ } |
6696 |
+ for (i = 1; i < BPF_REG_SIZE; i++) { |
6697 |
+ if (stype[(slot - i) % BPF_REG_SIZE] != STACK_SPILL) { |
6698 |
+@@ -1198,16 +1109,14 @@ static int check_stack_read(struct bpf_verifier_env *env, |
6699 |
+ |
6700 |
+ if (value_regno >= 0) { |
6701 |
+ /* restore register state from stack */ |
6702 |
+- state->regs[value_regno] = reg_state->stack[spi].spilled_ptr; |
6703 |
++ state->regs[value_regno] = *reg; |
6704 |
+ /* mark reg as written since spilled pointer state likely |
6705 |
+ * has its liveness marks cleared by is_state_visited() |
6706 |
+ * which resets stack/reg liveness for state transitions |
6707 |
+ */ |
6708 |
+ state->regs[value_regno].live |= REG_LIVE_WRITTEN; |
6709 |
+ } |
6710 |
+- mark_stack_slot_read(env, vstate, vstate->parent, spi, |
6711 |
+- reg_state->frameno); |
6712 |
+- return 0; |
6713 |
++ mark_reg_read(env, reg, reg->parent); |
6714 |
+ } else { |
6715 |
+ int zeros = 0; |
6716 |
+ |
6717 |
+@@ -1222,8 +1131,7 @@ static int check_stack_read(struct bpf_verifier_env *env, |
6718 |
+ off, i, size); |
6719 |
+ return -EACCES; |
6720 |
+ } |
6721 |
+- mark_stack_slot_read(env, vstate, vstate->parent, spi, |
6722 |
+- reg_state->frameno); |
6723 |
++ mark_reg_read(env, reg, reg->parent); |
6724 |
+ if (value_regno >= 0) { |
6725 |
+ if (zeros == size) { |
6726 |
+ /* any size read into register is zero extended, |
6727 |
+@@ -1236,8 +1144,8 @@ static int check_stack_read(struct bpf_verifier_env *env, |
6728 |
+ } |
6729 |
+ state->regs[value_regno].live |= REG_LIVE_WRITTEN; |
6730 |
+ } |
6731 |
+- return 0; |
6732 |
+ } |
6733 |
++ return 0; |
6734 |
+ } |
6735 |
+ |
6736 |
+ static int check_stack_access(struct bpf_verifier_env *env, |
6737 |
+@@ -1855,6 +1763,29 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins |
6738 |
+ BPF_SIZE(insn->code), BPF_WRITE, -1, true); |
6739 |
+ } |
6740 |
+ |
6741 |
++static int __check_stack_boundary(struct bpf_verifier_env *env, u32 regno, |
6742 |
++ int off, int access_size, |
6743 |
++ bool zero_size_allowed) |
6744 |
++{ |
6745 |
++ struct bpf_reg_state *reg = cur_regs(env) + regno; |
6746 |
++ |
6747 |
++ if (off >= 0 || off < -MAX_BPF_STACK || off + access_size > 0 || |
6748 |
++ access_size < 0 || (access_size == 0 && !zero_size_allowed)) { |
6749 |
++ if (tnum_is_const(reg->var_off)) { |
6750 |
++ verbose(env, "invalid stack type R%d off=%d access_size=%d\n", |
6751 |
++ regno, off, access_size); |
6752 |
++ } else { |
6753 |
++ char tn_buf[48]; |
6754 |
++ |
6755 |
++ tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); |
6756 |
++ verbose(env, "invalid stack type R%d var_off=%s access_size=%d\n", |
6757 |
++ regno, tn_buf, access_size); |
6758 |
++ } |
6759 |
++ return -EACCES; |
6760 |
++ } |
6761 |
++ return 0; |
6762 |
++} |
6763 |
++ |
6764 |
+ /* when register 'regno' is passed into function that will read 'access_size' |
6765 |
+ * bytes from that pointer, make sure that it's within stack boundary |
6766 |
+ * and all elements of stack are initialized. |
6767 |
+@@ -1867,7 +1798,7 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, |
6768 |
+ { |
6769 |
+ struct bpf_reg_state *reg = cur_regs(env) + regno; |
6770 |
+ struct bpf_func_state *state = func(env, reg); |
6771 |
+- int off, i, slot, spi; |
6772 |
++ int err, min_off, max_off, i, j, slot, spi; |
6773 |
+ |
6774 |
+ if (reg->type != PTR_TO_STACK) { |
6775 |
+ /* Allow zero-byte read from NULL, regardless of pointer type */ |
6776 |
+@@ -1881,21 +1812,57 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, |
6777 |
+ return -EACCES; |
6778 |
+ } |
6779 |
+ |
6780 |
+- /* Only allow fixed-offset stack reads */ |
6781 |
+- if (!tnum_is_const(reg->var_off)) { |
6782 |
+- char tn_buf[48]; |
6783 |
++ if (tnum_is_const(reg->var_off)) { |
6784 |
++ min_off = max_off = reg->var_off.value + reg->off; |
6785 |
++ err = __check_stack_boundary(env, regno, min_off, access_size, |
6786 |
++ zero_size_allowed); |
6787 |
++ if (err) |
6788 |
++ return err; |
6789 |
++ } else { |
6790 |
++ /* Variable offset is prohibited for unprivileged mode for |
6791 |
++ * simplicity since it requires corresponding support in |
6792 |
++ * Spectre masking for stack ALU. |
6793 |
++ * See also retrieve_ptr_limit(). |
6794 |
++ */ |
6795 |
++ if (!env->allow_ptr_leaks) { |
6796 |
++ char tn_buf[48]; |
6797 |
+ |
6798 |
+- tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); |
6799 |
+- verbose(env, "invalid variable stack read R%d var_off=%s\n", |
6800 |
+- regno, tn_buf); |
6801 |
+- return -EACCES; |
6802 |
+- } |
6803 |
+- off = reg->off + reg->var_off.value; |
6804 |
+- if (off >= 0 || off < -MAX_BPF_STACK || off + access_size > 0 || |
6805 |
+- access_size < 0 || (access_size == 0 && !zero_size_allowed)) { |
6806 |
+- verbose(env, "invalid stack type R%d off=%d access_size=%d\n", |
6807 |
+- regno, off, access_size); |
6808 |
+- return -EACCES; |
6809 |
++ tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); |
6810 |
++ verbose(env, "R%d indirect variable offset stack access prohibited for !root, var_off=%s\n", |
6811 |
++ regno, tn_buf); |
6812 |
++ return -EACCES; |
6813 |
++ } |
6814 |
++ /* Only initialized buffer on stack is allowed to be accessed |
6815 |
++ * with variable offset. With uninitialized buffer it's hard to |
6816 |
++ * guarantee that whole memory is marked as initialized on |
6817 |
++ * helper return since specific bounds are unknown what may |
6818 |
++ * cause uninitialized stack leaking. |
6819 |
++ */ |
6820 |
++ if (meta && meta->raw_mode) |
6821 |
++ meta = NULL; |
6822 |
++ |
6823 |
++ if (reg->smax_value >= BPF_MAX_VAR_OFF || |
6824 |
++ reg->smax_value <= -BPF_MAX_VAR_OFF) { |
6825 |
++ verbose(env, "R%d unbounded indirect variable offset stack access\n", |
6826 |
++ regno); |
6827 |
++ return -EACCES; |
6828 |
++ } |
6829 |
++ min_off = reg->smin_value + reg->off; |
6830 |
++ max_off = reg->smax_value + reg->off; |
6831 |
++ err = __check_stack_boundary(env, regno, min_off, access_size, |
6832 |
++ zero_size_allowed); |
6833 |
++ if (err) { |
6834 |
++ verbose(env, "R%d min value is outside of stack bound\n", |
6835 |
++ regno); |
6836 |
++ return err; |
6837 |
++ } |
6838 |
++ err = __check_stack_boundary(env, regno, max_off, access_size, |
6839 |
++ zero_size_allowed); |
6840 |
++ if (err) { |
6841 |
++ verbose(env, "R%d max value is outside of stack bound\n", |
6842 |
++ regno); |
6843 |
++ return err; |
6844 |
++ } |
6845 |
+ } |
6846 |
+ |
6847 |
+ if (meta && meta->raw_mode) { |
6848 |
+@@ -1904,10 +1871,10 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, |
6849 |
+ return 0; |
6850 |
+ } |
6851 |
+ |
6852 |
+- for (i = 0; i < access_size; i++) { |
6853 |
++ for (i = min_off; i < max_off + access_size; i++) { |
6854 |
+ u8 *stype; |
6855 |
+ |
6856 |
+- slot = -(off + i) - 1; |
6857 |
++ slot = -i - 1; |
6858 |
+ spi = slot / BPF_REG_SIZE; |
6859 |
+ if (state->allocated_stack <= slot) |
6860 |
+ goto err; |
6861 |
+@@ -1919,18 +1886,34 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, |
6862 |
+ *stype = STACK_MISC; |
6863 |
+ goto mark; |
6864 |
+ } |
6865 |
++ if (state->stack[spi].slot_type[0] == STACK_SPILL && |
6866 |
++ state->stack[spi].spilled_ptr.type == SCALAR_VALUE) { |
6867 |
++ __mark_reg_unknown(&state->stack[spi].spilled_ptr); |
6868 |
++ for (j = 0; j < BPF_REG_SIZE; j++) |
6869 |
++ state->stack[spi].slot_type[j] = STACK_MISC; |
6870 |
++ goto mark; |
6871 |
++ } |
6872 |
++ |
6873 |
+ err: |
6874 |
+- verbose(env, "invalid indirect read from stack off %d+%d size %d\n", |
6875 |
+- off, i, access_size); |
6876 |
++ if (tnum_is_const(reg->var_off)) { |
6877 |
++ verbose(env, "invalid indirect read from stack off %d+%d size %d\n", |
6878 |
++ min_off, i - min_off, access_size); |
6879 |
++ } else { |
6880 |
++ char tn_buf[48]; |
6881 |
++ |
6882 |
++ tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); |
6883 |
++ verbose(env, "invalid indirect read from stack var_off %s+%d size %d\n", |
6884 |
++ tn_buf, i - min_off, access_size); |
6885 |
++ } |
6886 |
+ return -EACCES; |
6887 |
+ mark: |
6888 |
+ /* reading any byte out of 8-byte 'spill_slot' will cause |
6889 |
+ * the whole slot to be marked as 'read' |
6890 |
+ */ |
6891 |
+- mark_stack_slot_read(env, env->cur_state, env->cur_state->parent, |
6892 |
+- spi, state->frameno); |
6893 |
++ mark_reg_read(env, &state->stack[spi].spilled_ptr, |
6894 |
++ state->stack[spi].spilled_ptr.parent); |
6895 |
+ } |
6896 |
+- return update_stack_depth(env, state, off); |
6897 |
++ return update_stack_depth(env, state, min_off); |
6898 |
+ } |
6899 |
+ |
6900 |
+ static int check_helper_mem_access(struct bpf_verifier_env *env, int regno, |
6901 |
+@@ -2384,11 +2367,13 @@ static int check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn, |
6902 |
+ state->curframe + 1 /* frameno within this callchain */, |
6903 |
+ subprog /* subprog number within this prog */); |
6904 |
+ |
6905 |
+- /* copy r1 - r5 args that callee can access */ |
6906 |
++ /* copy r1 - r5 args that callee can access. The copy includes parent |
6907 |
++ * pointers, which connects us up to the liveness chain |
6908 |
++ */ |
6909 |
+ for (i = BPF_REG_1; i <= BPF_REG_5; i++) |
6910 |
+ callee->regs[i] = caller->regs[i]; |
6911 |
+ |
6912 |
+- /* after the call regsiters r0 - r5 were scratched */ |
6913 |
++ /* after the call registers r0 - r5 were scratched */ |
6914 |
+ for (i = 0; i < CALLER_SAVED_REGS; i++) { |
6915 |
+ mark_reg_not_init(env, caller->regs, caller_saved[i]); |
6916 |
+ check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK); |
6917 |
+@@ -2886,6 +2871,12 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env, |
6918 |
+ alu_state |= off_is_imm ? BPF_ALU_IMMEDIATE : 0; |
6919 |
+ alu_state |= ptr_is_dst_reg ? |
6920 |
+ BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; |
6921 |
++ |
6922 |
++ /* Limit pruning on unknown scalars to enable deep search for |
6923 |
++ * potential masking differences from other program paths. |
6924 |
++ */ |
6925 |
++ if (!off_is_imm) |
6926 |
++ env->explore_alu_limits = true; |
6927 |
+ } |
6928 |
+ |
6929 |
+ err = update_alu_sanitation_state(aux, alu_state, alu_limit); |
6930 |
+@@ -4798,13 +4789,6 @@ static bool range_within(struct bpf_reg_state *old, |
6931 |
+ old->smax_value >= cur->smax_value; |
6932 |
+ } |
6933 |
+ |
6934 |
+-/* Maximum number of register states that can exist at once */ |
6935 |
+-#define ID_MAP_SIZE (MAX_BPF_REG + MAX_BPF_STACK / BPF_REG_SIZE) |
6936 |
+-struct idpair { |
6937 |
+- u32 old; |
6938 |
+- u32 cur; |
6939 |
+-}; |
6940 |
+- |
6941 |
+ /* If in the old state two registers had the same id, then they need to have |
6942 |
+ * the same id in the new state as well. But that id could be different from |
6943 |
+ * the old state, so we need to track the mapping from old to new ids. |
6944 |
+@@ -4815,11 +4799,11 @@ struct idpair { |
6945 |
+ * So we look through our idmap to see if this old id has been seen before. If |
6946 |
+ * so, we require the new id to match; otherwise, we add the id pair to the map. |
6947 |
+ */ |
6948 |
+-static bool check_ids(u32 old_id, u32 cur_id, struct idpair *idmap) |
6949 |
++static bool check_ids(u32 old_id, u32 cur_id, struct bpf_id_pair *idmap) |
6950 |
+ { |
6951 |
+ unsigned int i; |
6952 |
+ |
6953 |
+- for (i = 0; i < ID_MAP_SIZE; i++) { |
6954 |
++ for (i = 0; i < BPF_ID_MAP_SIZE; i++) { |
6955 |
+ if (!idmap[i].old) { |
6956 |
+ /* Reached an empty slot; haven't seen this id before */ |
6957 |
+ idmap[i].old = old_id; |
6958 |
+@@ -4835,8 +4819,8 @@ static bool check_ids(u32 old_id, u32 cur_id, struct idpair *idmap) |
6959 |
+ } |
6960 |
+ |
6961 |
+ /* Returns true if (rold safe implies rcur safe) */ |
6962 |
+-static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, |
6963 |
+- struct idpair *idmap) |
6964 |
++static bool regsafe(struct bpf_verifier_env *env, struct bpf_reg_state *rold, |
6965 |
++ struct bpf_reg_state *rcur, struct bpf_id_pair *idmap) |
6966 |
+ { |
6967 |
+ bool equal; |
6968 |
+ |
6969 |
+@@ -4844,7 +4828,7 @@ static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, |
6970 |
+ /* explored state didn't use this */ |
6971 |
+ return true; |
6972 |
+ |
6973 |
+- equal = memcmp(rold, rcur, offsetof(struct bpf_reg_state, frameno)) == 0; |
6974 |
++ equal = memcmp(rold, rcur, offsetof(struct bpf_reg_state, parent)) == 0; |
6975 |
+ |
6976 |
+ if (rold->type == PTR_TO_STACK) |
6977 |
+ /* two stack pointers are equal only if they're pointing to |
6978 |
+@@ -4862,6 +4846,8 @@ static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, |
6979 |
+ return false; |
6980 |
+ switch (rold->type) { |
6981 |
+ case SCALAR_VALUE: |
6982 |
++ if (env->explore_alu_limits) |
6983 |
++ return false; |
6984 |
+ if (rcur->type == SCALAR_VALUE) { |
6985 |
+ /* new val must satisfy old val knowledge */ |
6986 |
+ return range_within(rold, rcur) && |
6987 |
+@@ -4938,9 +4924,8 @@ static bool regsafe(struct bpf_reg_state *rold, struct bpf_reg_state *rcur, |
6988 |
+ return false; |
6989 |
+ } |
6990 |
+ |
6991 |
+-static bool stacksafe(struct bpf_func_state *old, |
6992 |
+- struct bpf_func_state *cur, |
6993 |
+- struct idpair *idmap) |
6994 |
++static bool stacksafe(struct bpf_verifier_env *env, struct bpf_func_state *old, |
6995 |
++ struct bpf_func_state *cur, struct bpf_id_pair *idmap) |
6996 |
+ { |
6997 |
+ int i, spi; |
6998 |
+ |
6999 |
+@@ -4982,9 +4967,8 @@ static bool stacksafe(struct bpf_func_state *old, |
7000 |
+ continue; |
7001 |
+ if (old->stack[spi].slot_type[0] != STACK_SPILL) |
7002 |
+ continue; |
7003 |
+- if (!regsafe(&old->stack[spi].spilled_ptr, |
7004 |
+- &cur->stack[spi].spilled_ptr, |
7005 |
+- idmap)) |
7006 |
++ if (!regsafe(env, &old->stack[spi].spilled_ptr, |
7007 |
++ &cur->stack[spi].spilled_ptr, idmap)) |
7008 |
+ /* when explored and current stack slot are both storing |
7009 |
+ * spilled registers, check that stored pointers types |
7010 |
+ * are the same as well. |
7011 |
+@@ -5026,29 +5010,21 @@ static bool stacksafe(struct bpf_func_state *old, |
7012 |
+ * whereas register type in current state is meaningful, it means that |
7013 |
+ * the current state will reach 'bpf_exit' instruction safely |
7014 |
+ */ |
7015 |
+-static bool func_states_equal(struct bpf_func_state *old, |
7016 |
++static bool func_states_equal(struct bpf_verifier_env *env, struct bpf_func_state *old, |
7017 |
+ struct bpf_func_state *cur) |
7018 |
+ { |
7019 |
+- struct idpair *idmap; |
7020 |
+- bool ret = false; |
7021 |
+ int i; |
7022 |
+ |
7023 |
+- idmap = kcalloc(ID_MAP_SIZE, sizeof(struct idpair), GFP_KERNEL); |
7024 |
+- /* If we failed to allocate the idmap, just say it's not safe */ |
7025 |
+- if (!idmap) |
7026 |
+- return false; |
7027 |
++ memset(env->idmap_scratch, 0, sizeof(env->idmap_scratch)); |
7028 |
++ for (i = 0; i < MAX_BPF_REG; i++) |
7029 |
++ if (!regsafe(env, &old->regs[i], &cur->regs[i], |
7030 |
++ env->idmap_scratch)) |
7031 |
++ return false; |
7032 |
+ |
7033 |
+- for (i = 0; i < MAX_BPF_REG; i++) { |
7034 |
+- if (!regsafe(&old->regs[i], &cur->regs[i], idmap)) |
7035 |
+- goto out_free; |
7036 |
+- } |
7037 |
++ if (!stacksafe(env, old, cur, env->idmap_scratch)) |
7038 |
++ return false; |
7039 |
+ |
7040 |
+- if (!stacksafe(old, cur, idmap)) |
7041 |
+- goto out_free; |
7042 |
+- ret = true; |
7043 |
+-out_free: |
7044 |
+- kfree(idmap); |
7045 |
+- return ret; |
7046 |
++ return true; |
7047 |
+ } |
7048 |
+ |
7049 |
+ static bool states_equal(struct bpf_verifier_env *env, |
7050 |
+@@ -5072,7 +5048,7 @@ static bool states_equal(struct bpf_verifier_env *env, |
7051 |
+ for (i = 0; i <= old->curframe; i++) { |
7052 |
+ if (old->frame[i]->callsite != cur->frame[i]->callsite) |
7053 |
+ return false; |
7054 |
+- if (!func_states_equal(old->frame[i], cur->frame[i])) |
7055 |
++ if (!func_states_equal(env, old->frame[i], cur->frame[i])) |
7056 |
+ return false; |
7057 |
+ } |
7058 |
+ return true; |
7059 |
+@@ -5083,7 +5059,7 @@ static bool states_equal(struct bpf_verifier_env *env, |
7060 |
+ * equivalent state (jump target or such) we didn't arrive by the straight-line |
7061 |
+ * code, so read marks in the state must propagate to the parent regardless |
7062 |
+ * of the state's write marks. That's what 'parent == state->parent' comparison |
7063 |
+- * in mark_reg_read() and mark_stack_slot_read() is for. |
7064 |
++ * in mark_reg_read() is for. |
7065 |
+ */ |
7066 |
+ static int propagate_liveness(struct bpf_verifier_env *env, |
7067 |
+ const struct bpf_verifier_state *vstate, |
7068 |
+@@ -5104,7 +5080,8 @@ static int propagate_liveness(struct bpf_verifier_env *env, |
7069 |
+ if (vparent->frame[vparent->curframe]->regs[i].live & REG_LIVE_READ) |
7070 |
+ continue; |
7071 |
+ if (vstate->frame[vstate->curframe]->regs[i].live & REG_LIVE_READ) { |
7072 |
+- err = mark_reg_read(env, vstate, vparent, i); |
7073 |
++ err = mark_reg_read(env, &vstate->frame[vstate->curframe]->regs[i], |
7074 |
++ &vparent->frame[vstate->curframe]->regs[i]); |
7075 |
+ if (err) |
7076 |
+ return err; |
7077 |
+ } |
7078 |
+@@ -5119,7 +5096,8 @@ static int propagate_liveness(struct bpf_verifier_env *env, |
7079 |
+ if (parent->stack[i].spilled_ptr.live & REG_LIVE_READ) |
7080 |
+ continue; |
7081 |
+ if (state->stack[i].spilled_ptr.live & REG_LIVE_READ) |
7082 |
+- mark_stack_slot_read(env, vstate, vparent, i, frame); |
7083 |
++ mark_reg_read(env, &state->stack[i].spilled_ptr, |
7084 |
++ &parent->stack[i].spilled_ptr); |
7085 |
+ } |
7086 |
+ } |
7087 |
+ return err; |
7088 |
+@@ -5129,7 +5107,7 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx) |
7089 |
+ { |
7090 |
+ struct bpf_verifier_state_list *new_sl; |
7091 |
+ struct bpf_verifier_state_list *sl; |
7092 |
+- struct bpf_verifier_state *cur = env->cur_state; |
7093 |
++ struct bpf_verifier_state *cur = env->cur_state, *new; |
7094 |
+ int i, j, err, states_cnt = 0; |
7095 |
+ |
7096 |
+ sl = env->explored_states[insn_idx]; |
7097 |
+@@ -5175,16 +5153,18 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx) |
7098 |
+ return -ENOMEM; |
7099 |
+ |
7100 |
+ /* add new state to the head of linked list */ |
7101 |
+- err = copy_verifier_state(&new_sl->state, cur); |
7102 |
++ new = &new_sl->state; |
7103 |
++ err = copy_verifier_state(new, cur); |
7104 |
+ if (err) { |
7105 |
+- free_verifier_state(&new_sl->state, false); |
7106 |
++ free_verifier_state(new, false); |
7107 |
+ kfree(new_sl); |
7108 |
+ return err; |
7109 |
+ } |
7110 |
+ new_sl->next = env->explored_states[insn_idx]; |
7111 |
+ env->explored_states[insn_idx] = new_sl; |
7112 |
+ /* connect new state to parentage chain */ |
7113 |
+- cur->parent = &new_sl->state; |
7114 |
++ for (i = 0; i < BPF_REG_FP; i++) |
7115 |
++ cur_regs(env)[i].parent = &new->frame[new->curframe]->regs[i]; |
7116 |
+ /* clear write marks in current state: the writes we did are not writes |
7117 |
+ * our child did, so they don't screen off its reads from us. |
7118 |
+ * (There are no read marks in current state, because reads always mark |
7119 |
+@@ -5197,9 +5177,13 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx) |
7120 |
+ /* all stack frames are accessible from callee, clear them all */ |
7121 |
+ for (j = 0; j <= cur->curframe; j++) { |
7122 |
+ struct bpf_func_state *frame = cur->frame[j]; |
7123 |
++ struct bpf_func_state *newframe = new->frame[j]; |
7124 |
+ |
7125 |
+- for (i = 0; i < frame->allocated_stack / BPF_REG_SIZE; i++) |
7126 |
++ for (i = 0; i < frame->allocated_stack / BPF_REG_SIZE; i++) { |
7127 |
+ frame->stack[i].spilled_ptr.live = REG_LIVE_NONE; |
7128 |
++ frame->stack[i].spilled_ptr.parent = |
7129 |
++ &newframe->stack[i].spilled_ptr; |
7130 |
++ } |
7131 |
+ } |
7132 |
+ return 0; |
7133 |
+ } |
7134 |
+@@ -5850,34 +5834,33 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) |
7135 |
+ insn = env->prog->insnsi + delta; |
7136 |
+ |
7137 |
+ for (i = 0; i < insn_cnt; i++, insn++) { |
7138 |
++ bool ctx_access; |
7139 |
++ |
7140 |
+ if (insn->code == (BPF_LDX | BPF_MEM | BPF_B) || |
7141 |
+ insn->code == (BPF_LDX | BPF_MEM | BPF_H) || |
7142 |
+ insn->code == (BPF_LDX | BPF_MEM | BPF_W) || |
7143 |
+- insn->code == (BPF_LDX | BPF_MEM | BPF_DW)) |
7144 |
++ insn->code == (BPF_LDX | BPF_MEM | BPF_DW)) { |
7145 |
+ type = BPF_READ; |
7146 |
+- else if (insn->code == (BPF_STX | BPF_MEM | BPF_B) || |
7147 |
+- insn->code == (BPF_STX | BPF_MEM | BPF_H) || |
7148 |
+- insn->code == (BPF_STX | BPF_MEM | BPF_W) || |
7149 |
+- insn->code == (BPF_STX | BPF_MEM | BPF_DW)) |
7150 |
++ ctx_access = true; |
7151 |
++ } else if (insn->code == (BPF_STX | BPF_MEM | BPF_B) || |
7152 |
++ insn->code == (BPF_STX | BPF_MEM | BPF_H) || |
7153 |
++ insn->code == (BPF_STX | BPF_MEM | BPF_W) || |
7154 |
++ insn->code == (BPF_STX | BPF_MEM | BPF_DW) || |
7155 |
++ insn->code == (BPF_ST | BPF_MEM | BPF_B) || |
7156 |
++ insn->code == (BPF_ST | BPF_MEM | BPF_H) || |
7157 |
++ insn->code == (BPF_ST | BPF_MEM | BPF_W) || |
7158 |
++ insn->code == (BPF_ST | BPF_MEM | BPF_DW)) { |
7159 |
+ type = BPF_WRITE; |
7160 |
+- else |
7161 |
++ ctx_access = BPF_CLASS(insn->code) == BPF_STX; |
7162 |
++ } else { |
7163 |
+ continue; |
7164 |
++ } |
7165 |
+ |
7166 |
+ if (type == BPF_WRITE && |
7167 |
+- env->insn_aux_data[i + delta].sanitize_stack_off) { |
7168 |
++ env->insn_aux_data[i + delta].sanitize_stack_spill) { |
7169 |
+ struct bpf_insn patch[] = { |
7170 |
+- /* Sanitize suspicious stack slot with zero. |
7171 |
+- * There are no memory dependencies for this store, |
7172 |
+- * since it's only using frame pointer and immediate |
7173 |
+- * constant of zero |
7174 |
+- */ |
7175 |
+- BPF_ST_MEM(BPF_DW, BPF_REG_FP, |
7176 |
+- env->insn_aux_data[i + delta].sanitize_stack_off, |
7177 |
+- 0), |
7178 |
+- /* the original STX instruction will immediately |
7179 |
+- * overwrite the same stack slot with appropriate value |
7180 |
+- */ |
7181 |
+ *insn, |
7182 |
++ BPF_ST_NOSPEC(), |
7183 |
+ }; |
7184 |
+ |
7185 |
+ cnt = ARRAY_SIZE(patch); |
7186 |
+@@ -5891,6 +5874,9 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) |
7187 |
+ continue; |
7188 |
+ } |
7189 |
+ |
7190 |
++ if (!ctx_access) |
7191 |
++ continue; |
7192 |
++ |
7193 |
+ if (env->insn_aux_data[i + delta].ptr_type != PTR_TO_CTX) |
7194 |
+ continue; |
7195 |
+ |
7196 |
+diff --git a/kernel/events/core.c b/kernel/events/core.c |
7197 |
+index dd740f91de478..4a8c3f5313f96 100644 |
7198 |
+--- a/kernel/events/core.c |
7199 |
++++ b/kernel/events/core.c |
7200 |
+@@ -8914,7 +8914,7 @@ static void perf_event_addr_filters_apply(struct perf_event *event) |
7201 |
+ return; |
7202 |
+ |
7203 |
+ if (ifh->nr_file_filters) { |
7204 |
+- mm = get_task_mm(event->ctx->task); |
7205 |
++ mm = get_task_mm(task); |
7206 |
+ if (!mm) |
7207 |
+ goto restart; |
7208 |
+ |
7209 |
+diff --git a/kernel/fork.c b/kernel/fork.c |
7210 |
+index cf535b9d5db75..b658716005077 100644 |
7211 |
+--- a/kernel/fork.c |
7212 |
++++ b/kernel/fork.c |
7213 |
+@@ -964,6 +964,7 @@ static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p, |
7214 |
+ mm->pmd_huge_pte = NULL; |
7215 |
+ #endif |
7216 |
+ mm_init_uprobes_state(mm); |
7217 |
++ hugetlb_count_init(mm); |
7218 |
+ |
7219 |
+ if (current->mm) { |
7220 |
+ mm->flags = current->mm->flags & MMF_INIT_MASK; |
7221 |
+diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c |
7222 |
+index 354151fef06ae..fbc62d360419d 100644 |
7223 |
+--- a/kernel/locking/mutex.c |
7224 |
++++ b/kernel/locking/mutex.c |
7225 |
+@@ -911,7 +911,6 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, |
7226 |
+ struct ww_acquire_ctx *ww_ctx, const bool use_ww_ctx) |
7227 |
+ { |
7228 |
+ struct mutex_waiter waiter; |
7229 |
+- bool first = false; |
7230 |
+ struct ww_mutex *ww; |
7231 |
+ int ret; |
7232 |
+ |
7233 |
+@@ -986,6 +985,8 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, |
7234 |
+ |
7235 |
+ set_current_state(state); |
7236 |
+ for (;;) { |
7237 |
++ bool first; |
7238 |
++ |
7239 |
+ /* |
7240 |
+ * Once we hold wait_lock, we're serialized against |
7241 |
+ * mutex_unlock() handing the lock off to us, do a trylock |
7242 |
+@@ -1014,15 +1015,9 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, |
7243 |
+ spin_unlock(&lock->wait_lock); |
7244 |
+ schedule_preempt_disabled(); |
7245 |
+ |
7246 |
+- /* |
7247 |
+- * ww_mutex needs to always recheck its position since its waiter |
7248 |
+- * list is not FIFO ordered. |
7249 |
+- */ |
7250 |
+- if (ww_ctx || !first) { |
7251 |
+- first = __mutex_waiter_is_first(lock, &waiter); |
7252 |
+- if (first) |
7253 |
+- __mutex_set_flag(lock, MUTEX_FLAG_HANDOFF); |
7254 |
+- } |
7255 |
++ first = __mutex_waiter_is_first(lock, &waiter); |
7256 |
++ if (first) |
7257 |
++ __mutex_set_flag(lock, MUTEX_FLAG_HANDOFF); |
7258 |
+ |
7259 |
+ set_current_state(state); |
7260 |
+ /* |
7261 |
+diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c |
7262 |
+index 95271f180687e..33de14435c1f6 100644 |
7263 |
+--- a/kernel/pid_namespace.c |
7264 |
++++ b/kernel/pid_namespace.c |
7265 |
+@@ -52,7 +52,8 @@ static struct kmem_cache *create_pid_cachep(unsigned int level) |
7266 |
+ mutex_lock(&pid_caches_mutex); |
7267 |
+ /* Name collision forces to do allocation under mutex. */ |
7268 |
+ if (!*pkc) |
7269 |
+- *pkc = kmem_cache_create(name, len, 0, SLAB_HWCACHE_ALIGN, 0); |
7270 |
++ *pkc = kmem_cache_create(name, len, 0, |
7271 |
++ SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT, 0); |
7272 |
+ mutex_unlock(&pid_caches_mutex); |
7273 |
+ /* current can fail, but someone else can succeed. */ |
7274 |
+ return READ_ONCE(*pkc); |
7275 |
+diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c |
7276 |
+index aa592dc3cb401..beec5081a55af 100644 |
7277 |
+--- a/kernel/sched/deadline.c |
7278 |
++++ b/kernel/sched/deadline.c |
7279 |
+@@ -1654,6 +1654,7 @@ static void migrate_task_rq_dl(struct task_struct *p, int new_cpu __maybe_unused |
7280 |
+ */ |
7281 |
+ raw_spin_lock(&rq->lock); |
7282 |
+ if (p->dl.dl_non_contending) { |
7283 |
++ update_rq_clock(rq); |
7284 |
+ sub_running_bw(&p->dl, &rq->dl); |
7285 |
+ p->dl.dl_non_contending = 0; |
7286 |
+ /* |
7287 |
+@@ -2615,7 +2616,7 @@ void __setparam_dl(struct task_struct *p, const struct sched_attr *attr) |
7288 |
+ dl_se->dl_runtime = attr->sched_runtime; |
7289 |
+ dl_se->dl_deadline = attr->sched_deadline; |
7290 |
+ dl_se->dl_period = attr->sched_period ?: dl_se->dl_deadline; |
7291 |
+- dl_se->flags = attr->sched_flags; |
7292 |
++ dl_se->flags = attr->sched_flags & SCHED_DL_FLAGS; |
7293 |
+ dl_se->dl_bw = to_ratio(dl_se->dl_period, dl_se->dl_runtime); |
7294 |
+ dl_se->dl_density = to_ratio(dl_se->dl_deadline, dl_se->dl_runtime); |
7295 |
+ } |
7296 |
+@@ -2628,7 +2629,8 @@ void __getparam_dl(struct task_struct *p, struct sched_attr *attr) |
7297 |
+ attr->sched_runtime = dl_se->dl_runtime; |
7298 |
+ attr->sched_deadline = dl_se->dl_deadline; |
7299 |
+ attr->sched_period = dl_se->dl_period; |
7300 |
+- attr->sched_flags = dl_se->flags; |
7301 |
++ attr->sched_flags &= ~SCHED_DL_FLAGS; |
7302 |
++ attr->sched_flags |= dl_se->flags; |
7303 |
+ } |
7304 |
+ |
7305 |
+ /* |
7306 |
+@@ -2703,7 +2705,7 @@ bool dl_param_changed(struct task_struct *p, const struct sched_attr *attr) |
7307 |
+ if (dl_se->dl_runtime != attr->sched_runtime || |
7308 |
+ dl_se->dl_deadline != attr->sched_deadline || |
7309 |
+ dl_se->dl_period != attr->sched_period || |
7310 |
+- dl_se->flags != attr->sched_flags) |
7311 |
++ dl_se->flags != (attr->sched_flags & SCHED_DL_FLAGS)) |
7312 |
+ return true; |
7313 |
+ |
7314 |
+ return false; |
7315 |
+diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h |
7316 |
+index 7b7ba91e319bb..55e695080fc6b 100644 |
7317 |
+--- a/kernel/sched/sched.h |
7318 |
++++ b/kernel/sched/sched.h |
7319 |
+@@ -209,6 +209,8 @@ static inline int task_has_dl_policy(struct task_struct *p) |
7320 |
+ */ |
7321 |
+ #define SCHED_FLAG_SUGOV 0x10000000 |
7322 |
+ |
7323 |
++#define SCHED_DL_FLAGS (SCHED_FLAG_RECLAIM | SCHED_FLAG_DL_OVERRUN | SCHED_FLAG_SUGOV) |
7324 |
++ |
7325 |
+ static inline bool dl_entity_is_special(struct sched_dl_entity *dl_se) |
7326 |
+ { |
7327 |
+ #ifdef CONFIG_CPU_FREQ_GOV_SCHEDUTIL |
7328 |
+diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c |
7329 |
+index 0e04b24cec818..32ee24f5142ab 100644 |
7330 |
+--- a/kernel/time/hrtimer.c |
7331 |
++++ b/kernel/time/hrtimer.c |
7332 |
+@@ -1020,12 +1020,13 @@ static void __remove_hrtimer(struct hrtimer *timer, |
7333 |
+ * remove hrtimer, called with base lock held |
7334 |
+ */ |
7335 |
+ static inline int |
7336 |
+-remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool restart) |
7337 |
++remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, |
7338 |
++ bool restart, bool keep_local) |
7339 |
+ { |
7340 |
+ u8 state = timer->state; |
7341 |
+ |
7342 |
+ if (state & HRTIMER_STATE_ENQUEUED) { |
7343 |
+- int reprogram; |
7344 |
++ bool reprogram; |
7345 |
+ |
7346 |
+ /* |
7347 |
+ * Remove the timer and force reprogramming when high |
7348 |
+@@ -1038,8 +1039,16 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool rest |
7349 |
+ debug_deactivate(timer); |
7350 |
+ reprogram = base->cpu_base == this_cpu_ptr(&hrtimer_bases); |
7351 |
+ |
7352 |
++ /* |
7353 |
++ * If the timer is not restarted then reprogramming is |
7354 |
++ * required if the timer is local. If it is local and about |
7355 |
++ * to be restarted, avoid programming it twice (on removal |
7356 |
++ * and a moment later when it's requeued). |
7357 |
++ */ |
7358 |
+ if (!restart) |
7359 |
+ state = HRTIMER_STATE_INACTIVE; |
7360 |
++ else |
7361 |
++ reprogram &= !keep_local; |
7362 |
+ |
7363 |
+ __remove_hrtimer(timer, base, state, reprogram); |
7364 |
+ return 1; |
7365 |
+@@ -1093,9 +1102,31 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, |
7366 |
+ struct hrtimer_clock_base *base) |
7367 |
+ { |
7368 |
+ struct hrtimer_clock_base *new_base; |
7369 |
++ bool force_local, first; |
7370 |
+ |
7371 |
+- /* Remove an active timer from the queue: */ |
7372 |
+- remove_hrtimer(timer, base, true); |
7373 |
++ /* |
7374 |
++ * If the timer is on the local cpu base and is the first expiring |
7375 |
++ * timer then this might end up reprogramming the hardware twice |
7376 |
++ * (on removal and on enqueue). To avoid that by prevent the |
7377 |
++ * reprogram on removal, keep the timer local to the current CPU |
7378 |
++ * and enforce reprogramming after it is queued no matter whether |
7379 |
++ * it is the new first expiring timer again or not. |
7380 |
++ */ |
7381 |
++ force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); |
7382 |
++ force_local &= base->cpu_base->next_timer == timer; |
7383 |
++ |
7384 |
++ /* |
7385 |
++ * Remove an active timer from the queue. In case it is not queued |
7386 |
++ * on the current CPU, make sure that remove_hrtimer() updates the |
7387 |
++ * remote data correctly. |
7388 |
++ * |
7389 |
++ * If it's on the current CPU and the first expiring timer, then |
7390 |
++ * skip reprogramming, keep the timer local and enforce |
7391 |
++ * reprogramming later if it was the first expiring timer. This |
7392 |
++ * avoids programming the underlying clock event twice (once at |
7393 |
++ * removal and once after enqueue). |
7394 |
++ */ |
7395 |
++ remove_hrtimer(timer, base, true, force_local); |
7396 |
+ |
7397 |
+ if (mode & HRTIMER_MODE_REL) |
7398 |
+ tim = ktime_add_safe(tim, base->get_time()); |
7399 |
+@@ -1105,9 +1136,24 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, |
7400 |
+ hrtimer_set_expires_range_ns(timer, tim, delta_ns); |
7401 |
+ |
7402 |
+ /* Switch the timer base, if necessary: */ |
7403 |
+- new_base = switch_hrtimer_base(timer, base, mode & HRTIMER_MODE_PINNED); |
7404 |
++ if (!force_local) { |
7405 |
++ new_base = switch_hrtimer_base(timer, base, |
7406 |
++ mode & HRTIMER_MODE_PINNED); |
7407 |
++ } else { |
7408 |
++ new_base = base; |
7409 |
++ } |
7410 |
++ |
7411 |
++ first = enqueue_hrtimer(timer, new_base, mode); |
7412 |
++ if (!force_local) |
7413 |
++ return first; |
7414 |
+ |
7415 |
+- return enqueue_hrtimer(timer, new_base, mode); |
7416 |
++ /* |
7417 |
++ * Timer was forced to stay on the current CPU to avoid |
7418 |
++ * reprogramming on removal and enqueue. Force reprogram the |
7419 |
++ * hardware by evaluating the new first expiring timer. |
7420 |
++ */ |
7421 |
++ hrtimer_force_reprogram(new_base->cpu_base, 1); |
7422 |
++ return 0; |
7423 |
+ } |
7424 |
+ |
7425 |
+ /** |
7426 |
+@@ -1168,7 +1214,7 @@ int hrtimer_try_to_cancel(struct hrtimer *timer) |
7427 |
+ base = lock_hrtimer_base(timer, &flags); |
7428 |
+ |
7429 |
+ if (!hrtimer_callback_running(timer)) |
7430 |
+- ret = remove_hrtimer(timer, base, false); |
7431 |
++ ret = remove_hrtimer(timer, base, false, false); |
7432 |
+ |
7433 |
+ unlock_hrtimer_base(timer, &flags); |
7434 |
+ |
7435 |
+diff --git a/lib/mpi/mpiutil.c b/lib/mpi/mpiutil.c |
7436 |
+index 20ed0f7667871..00825028cc847 100644 |
7437 |
+--- a/lib/mpi/mpiutil.c |
7438 |
++++ b/lib/mpi/mpiutil.c |
7439 |
+@@ -91,7 +91,7 @@ int mpi_resize(MPI a, unsigned nlimbs) |
7440 |
+ return 0; /* no need to do it */ |
7441 |
+ |
7442 |
+ if (a->d) { |
7443 |
+- p = kmalloc_array(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); |
7444 |
++ p = kcalloc(nlimbs, sizeof(mpi_limb_t), GFP_KERNEL); |
7445 |
+ if (!p) |
7446 |
+ return -ENOMEM; |
7447 |
+ memcpy(p, a->d, a->alloced * sizeof(mpi_limb_t)); |
7448 |
+diff --git a/lib/test_bpf.c b/lib/test_bpf.c |
7449 |
+index 08d3d59dca173..49d79079e8b3e 100644 |
7450 |
+--- a/lib/test_bpf.c |
7451 |
++++ b/lib/test_bpf.c |
7452 |
+@@ -4293,8 +4293,8 @@ static struct bpf_test tests[] = { |
7453 |
+ .u.insns_int = { |
7454 |
+ BPF_LD_IMM64(R0, 0), |
7455 |
+ BPF_LD_IMM64(R1, 0xffffffffffffffffLL), |
7456 |
+- BPF_STX_MEM(BPF_W, R10, R1, -40), |
7457 |
+- BPF_LDX_MEM(BPF_W, R0, R10, -40), |
7458 |
++ BPF_STX_MEM(BPF_DW, R10, R1, -40), |
7459 |
++ BPF_LDX_MEM(BPF_DW, R0, R10, -40), |
7460 |
+ BPF_EXIT_INSN(), |
7461 |
+ }, |
7462 |
+ INTERNAL, |
7463 |
+@@ -6687,7 +6687,14 @@ static int run_one(const struct bpf_prog *fp, struct bpf_test *test) |
7464 |
+ u64 duration; |
7465 |
+ u32 ret; |
7466 |
+ |
7467 |
+- if (test->test[i].data_size == 0 && |
7468 |
++ /* |
7469 |
++ * NOTE: Several sub-tests may be present, in which case |
7470 |
++ * a zero {data_size, result} tuple indicates the end of |
7471 |
++ * the sub-test array. The first test is always run, |
7472 |
++ * even if both data_size and result happen to be zero. |
7473 |
++ */ |
7474 |
++ if (i > 0 && |
7475 |
++ test->test[i].data_size == 0 && |
7476 |
+ test->test[i].result == 0) |
7477 |
+ break; |
7478 |
+ |
7479 |
+diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c |
7480 |
+index e60e28131f679..20f079c81b335 100644 |
7481 |
+--- a/mm/memory_hotplug.c |
7482 |
++++ b/mm/memory_hotplug.c |
7483 |
+@@ -783,8 +783,8 @@ static inline struct zone *default_zone_for_pfn(int nid, unsigned long start_pfn |
7484 |
+ return movable_node_enabled ? movable_zone : kernel_zone; |
7485 |
+ } |
7486 |
+ |
7487 |
+-struct zone * zone_for_pfn_range(int online_type, int nid, unsigned start_pfn, |
7488 |
+- unsigned long nr_pages) |
7489 |
++struct zone *zone_for_pfn_range(int online_type, int nid, |
7490 |
++ unsigned long start_pfn, unsigned long nr_pages) |
7491 |
+ { |
7492 |
+ if (online_type == MMOP_ONLINE_KERNEL) |
7493 |
+ return default_kernel_zone_for_pfn(nid, start_pfn, nr_pages); |
7494 |
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
7495 |
+index 4446a523e684e..afcaa657a0229 100644 |
7496 |
+--- a/mm/page_alloc.c |
7497 |
++++ b/mm/page_alloc.c |
7498 |
+@@ -807,7 +807,7 @@ static inline void __free_one_page(struct page *page, |
7499 |
+ struct page *buddy; |
7500 |
+ unsigned int max_order; |
7501 |
+ |
7502 |
+- max_order = min_t(unsigned int, MAX_ORDER, pageblock_order + 1); |
7503 |
++ max_order = min_t(unsigned int, MAX_ORDER - 1, pageblock_order); |
7504 |
+ |
7505 |
+ VM_BUG_ON(!zone_is_initialized(zone)); |
7506 |
+ VM_BUG_ON_PAGE(page->flags & PAGE_FLAGS_CHECK_AT_PREP, page); |
7507 |
+@@ -820,7 +820,7 @@ static inline void __free_one_page(struct page *page, |
7508 |
+ VM_BUG_ON_PAGE(bad_range(zone, page), page); |
7509 |
+ |
7510 |
+ continue_merging: |
7511 |
+- while (order < max_order - 1) { |
7512 |
++ while (order < max_order) { |
7513 |
+ buddy_pfn = __find_buddy_pfn(pfn, order); |
7514 |
+ buddy = page + (buddy_pfn - pfn); |
7515 |
+ |
7516 |
+@@ -844,7 +844,7 @@ continue_merging: |
7517 |
+ pfn = combined_pfn; |
7518 |
+ order++; |
7519 |
+ } |
7520 |
+- if (max_order < MAX_ORDER) { |
7521 |
++ if (order < MAX_ORDER - 1) { |
7522 |
+ /* If we are here, it means order is >= pageblock_order. |
7523 |
+ * We want to prevent merge between freepages on isolate |
7524 |
+ * pageblock and normal pageblock. Without this, pageblock |
7525 |
+@@ -865,7 +865,7 @@ continue_merging: |
7526 |
+ is_migrate_isolate(buddy_mt))) |
7527 |
+ goto done_merging; |
7528 |
+ } |
7529 |
+- max_order++; |
7530 |
++ max_order = order + 1; |
7531 |
+ goto continue_merging; |
7532 |
+ } |
7533 |
+ |
7534 |
+diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c |
7535 |
+index 9daab0dd833b3..21132bf3d8503 100644 |
7536 |
+--- a/net/9p/trans_xen.c |
7537 |
++++ b/net/9p/trans_xen.c |
7538 |
+@@ -138,7 +138,7 @@ static bool p9_xen_write_todo(struct xen_9pfs_dataring *ring, RING_IDX size) |
7539 |
+ |
7540 |
+ static int p9_xen_request(struct p9_client *client, struct p9_req_t *p9_req) |
7541 |
+ { |
7542 |
+- struct xen_9pfs_front_priv *priv = NULL; |
7543 |
++ struct xen_9pfs_front_priv *priv; |
7544 |
+ RING_IDX cons, prod, masked_cons, masked_prod; |
7545 |
+ unsigned long flags; |
7546 |
+ u32 size = p9_req->tc.size; |
7547 |
+@@ -151,7 +151,7 @@ static int p9_xen_request(struct p9_client *client, struct p9_req_t *p9_req) |
7548 |
+ break; |
7549 |
+ } |
7550 |
+ read_unlock(&xen_9pfs_lock); |
7551 |
+- if (!priv || priv->client != client) |
7552 |
++ if (list_entry_is_head(priv, &xen_9pfs_devs, list)) |
7553 |
+ return -EINVAL; |
7554 |
+ |
7555 |
+ num = p9_req->tc.tag % priv->num_rings; |
7556 |
+diff --git a/net/bluetooth/cmtp/cmtp.h b/net/bluetooth/cmtp/cmtp.h |
7557 |
+index c32638dddbf94..f6b9dc4e408f2 100644 |
7558 |
+--- a/net/bluetooth/cmtp/cmtp.h |
7559 |
++++ b/net/bluetooth/cmtp/cmtp.h |
7560 |
+@@ -26,7 +26,7 @@ |
7561 |
+ #include <linux/types.h> |
7562 |
+ #include <net/bluetooth/bluetooth.h> |
7563 |
+ |
7564 |
+-#define BTNAMSIZ 18 |
7565 |
++#define BTNAMSIZ 21 |
7566 |
+ |
7567 |
+ /* CMTP ioctl defines */ |
7568 |
+ #define CMTPCONNADD _IOW('C', 200, int) |
7569 |
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c |
7570 |
+index 7a85f215da45c..26acacb2fa95f 100644 |
7571 |
+--- a/net/bluetooth/hci_core.c |
7572 |
++++ b/net/bluetooth/hci_core.c |
7573 |
+@@ -1296,6 +1296,12 @@ int hci_inquiry(void __user *arg) |
7574 |
+ goto done; |
7575 |
+ } |
7576 |
+ |
7577 |
++ /* Restrict maximum inquiry length to 60 seconds */ |
7578 |
++ if (ir.length > 60) { |
7579 |
++ err = -EINVAL; |
7580 |
++ goto done; |
7581 |
++ } |
7582 |
++ |
7583 |
+ hci_dev_lock(hdev); |
7584 |
+ if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || |
7585 |
+ inquiry_cache_empty(hdev) || ir.flags & IREQ_CACHE_FLUSH) { |
7586 |
+@@ -1622,6 +1628,14 @@ int hci_dev_do_close(struct hci_dev *hdev) |
7587 |
+ hci_request_cancel_all(hdev); |
7588 |
+ hci_req_sync_lock(hdev); |
7589 |
+ |
7590 |
++ if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) && |
7591 |
++ !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && |
7592 |
++ test_bit(HCI_UP, &hdev->flags)) { |
7593 |
++ /* Execute vendor specific shutdown routine */ |
7594 |
++ if (hdev->shutdown) |
7595 |
++ hdev->shutdown(hdev); |
7596 |
++ } |
7597 |
++ |
7598 |
+ if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { |
7599 |
+ cancel_delayed_work_sync(&hdev->cmd_timer); |
7600 |
+ hci_req_sync_unlock(hdev); |
7601 |
+diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c |
7602 |
+index 45cc864cf2b38..937cada5595ee 100644 |
7603 |
+--- a/net/bluetooth/hci_event.c |
7604 |
++++ b/net/bluetooth/hci_event.c |
7605 |
+@@ -4083,6 +4083,21 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev, |
7606 |
+ |
7607 |
+ switch (ev->status) { |
7608 |
+ case 0x00: |
7609 |
++ /* The synchronous connection complete event should only be |
7610 |
++ * sent once per new connection. Receiving a successful |
7611 |
++ * complete event when the connection status is already |
7612 |
++ * BT_CONNECTED means that the device is misbehaving and sent |
7613 |
++ * multiple complete event packets for the same new connection. |
7614 |
++ * |
7615 |
++ * Registering the device more than once can corrupt kernel |
7616 |
++ * memory, hence upon detecting this invalid event, we report |
7617 |
++ * an error and ignore the packet. |
7618 |
++ */ |
7619 |
++ if (conn->state == BT_CONNECTED) { |
7620 |
++ bt_dev_err(hdev, "Ignoring connect complete event for existing connection"); |
7621 |
++ goto unlock; |
7622 |
++ } |
7623 |
++ |
7624 |
+ conn->handle = __le16_to_cpu(ev->handle); |
7625 |
+ conn->state = BT_CONNECTED; |
7626 |
+ conn->type = ev->link_type; |
7627 |
+@@ -4786,9 +4801,64 @@ static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev, |
7628 |
+ } |
7629 |
+ #endif |
7630 |
+ |
7631 |
++static void le_conn_update_addr(struct hci_conn *conn, bdaddr_t *bdaddr, |
7632 |
++ u8 bdaddr_type, bdaddr_t *local_rpa) |
7633 |
++{ |
7634 |
++ if (conn->out) { |
7635 |
++ conn->dst_type = bdaddr_type; |
7636 |
++ conn->resp_addr_type = bdaddr_type; |
7637 |
++ bacpy(&conn->resp_addr, bdaddr); |
7638 |
++ |
7639 |
++ /* Check if the controller has set a Local RPA then it must be |
7640 |
++ * used instead or hdev->rpa. |
7641 |
++ */ |
7642 |
++ if (local_rpa && bacmp(local_rpa, BDADDR_ANY)) { |
7643 |
++ conn->init_addr_type = ADDR_LE_DEV_RANDOM; |
7644 |
++ bacpy(&conn->init_addr, local_rpa); |
7645 |
++ } else if (hci_dev_test_flag(conn->hdev, HCI_PRIVACY)) { |
7646 |
++ conn->init_addr_type = ADDR_LE_DEV_RANDOM; |
7647 |
++ bacpy(&conn->init_addr, &conn->hdev->rpa); |
7648 |
++ } else { |
7649 |
++ hci_copy_identity_address(conn->hdev, &conn->init_addr, |
7650 |
++ &conn->init_addr_type); |
7651 |
++ } |
7652 |
++ } else { |
7653 |
++ conn->resp_addr_type = conn->hdev->adv_addr_type; |
7654 |
++ /* Check if the controller has set a Local RPA then it must be |
7655 |
++ * used instead or hdev->rpa. |
7656 |
++ */ |
7657 |
++ if (local_rpa && bacmp(local_rpa, BDADDR_ANY)) { |
7658 |
++ conn->resp_addr_type = ADDR_LE_DEV_RANDOM; |
7659 |
++ bacpy(&conn->resp_addr, local_rpa); |
7660 |
++ } else if (conn->hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) { |
7661 |
++ /* In case of ext adv, resp_addr will be updated in |
7662 |
++ * Adv Terminated event. |
7663 |
++ */ |
7664 |
++ if (!ext_adv_capable(conn->hdev)) |
7665 |
++ bacpy(&conn->resp_addr, |
7666 |
++ &conn->hdev->random_addr); |
7667 |
++ } else { |
7668 |
++ bacpy(&conn->resp_addr, &conn->hdev->bdaddr); |
7669 |
++ } |
7670 |
++ |
7671 |
++ conn->init_addr_type = bdaddr_type; |
7672 |
++ bacpy(&conn->init_addr, bdaddr); |
7673 |
++ |
7674 |
++ /* For incoming connections, set the default minimum |
7675 |
++ * and maximum connection interval. They will be used |
7676 |
++ * to check if the parameters are in range and if not |
7677 |
++ * trigger the connection update procedure. |
7678 |
++ */ |
7679 |
++ conn->le_conn_min_interval = conn->hdev->le_conn_min_interval; |
7680 |
++ conn->le_conn_max_interval = conn->hdev->le_conn_max_interval; |
7681 |
++ } |
7682 |
++} |
7683 |
++ |
7684 |
+ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, |
7685 |
+- bdaddr_t *bdaddr, u8 bdaddr_type, u8 role, u16 handle, |
7686 |
+- u16 interval, u16 latency, u16 supervision_timeout) |
7687 |
++ bdaddr_t *bdaddr, u8 bdaddr_type, |
7688 |
++ bdaddr_t *local_rpa, u8 role, u16 handle, |
7689 |
++ u16 interval, u16 latency, |
7690 |
++ u16 supervision_timeout) |
7691 |
+ { |
7692 |
+ struct hci_conn_params *params; |
7693 |
+ struct hci_conn *conn; |
7694 |
+@@ -4836,32 +4906,7 @@ static void le_conn_complete_evt(struct hci_dev *hdev, u8 status, |
7695 |
+ cancel_delayed_work(&conn->le_conn_timeout); |
7696 |
+ } |
7697 |
+ |
7698 |
+- if (!conn->out) { |
7699 |
+- /* Set the responder (our side) address type based on |
7700 |
+- * the advertising address type. |
7701 |
+- */ |
7702 |
+- conn->resp_addr_type = hdev->adv_addr_type; |
7703 |
+- if (hdev->adv_addr_type == ADDR_LE_DEV_RANDOM) { |
7704 |
+- /* In case of ext adv, resp_addr will be updated in |
7705 |
+- * Adv Terminated event. |
7706 |
+- */ |
7707 |
+- if (!ext_adv_capable(hdev)) |
7708 |
+- bacpy(&conn->resp_addr, &hdev->random_addr); |
7709 |
+- } else { |
7710 |
+- bacpy(&conn->resp_addr, &hdev->bdaddr); |
7711 |
+- } |
7712 |
+- |
7713 |
+- conn->init_addr_type = bdaddr_type; |
7714 |
+- bacpy(&conn->init_addr, bdaddr); |
7715 |
+- |
7716 |
+- /* For incoming connections, set the default minimum |
7717 |
+- * and maximum connection interval. They will be used |
7718 |
+- * to check if the parameters are in range and if not |
7719 |
+- * trigger the connection update procedure. |
7720 |
+- */ |
7721 |
+- conn->le_conn_min_interval = hdev->le_conn_min_interval; |
7722 |
+- conn->le_conn_max_interval = hdev->le_conn_max_interval; |
7723 |
+- } |
7724 |
++ le_conn_update_addr(conn, bdaddr, bdaddr_type, local_rpa); |
7725 |
+ |
7726 |
+ /* Lookup the identity address from the stored connection |
7727 |
+ * address and address type. |
7728 |
+@@ -4959,7 +5004,7 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) |
7729 |
+ BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); |
7730 |
+ |
7731 |
+ le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type, |
7732 |
+- ev->role, le16_to_cpu(ev->handle), |
7733 |
++ NULL, ev->role, le16_to_cpu(ev->handle), |
7734 |
+ le16_to_cpu(ev->interval), |
7735 |
+ le16_to_cpu(ev->latency), |
7736 |
+ le16_to_cpu(ev->supervision_timeout)); |
7737 |
+@@ -4973,7 +5018,7 @@ static void hci_le_enh_conn_complete_evt(struct hci_dev *hdev, |
7738 |
+ BT_DBG("%s status 0x%2.2x", hdev->name, ev->status); |
7739 |
+ |
7740 |
+ le_conn_complete_evt(hdev, ev->status, &ev->bdaddr, ev->bdaddr_type, |
7741 |
+- ev->role, le16_to_cpu(ev->handle), |
7742 |
++ &ev->local_rpa, ev->role, le16_to_cpu(ev->handle), |
7743 |
+ le16_to_cpu(ev->interval), |
7744 |
+ le16_to_cpu(ev->latency), |
7745 |
+ le16_to_cpu(ev->supervision_timeout)); |
7746 |
+@@ -5004,7 +5049,8 @@ static void hci_le_ext_adv_term_evt(struct hci_dev *hdev, struct sk_buff *skb) |
7747 |
+ if (conn) { |
7748 |
+ struct adv_info *adv_instance; |
7749 |
+ |
7750 |
+- if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM) |
7751 |
++ if (hdev->adv_addr_type != ADDR_LE_DEV_RANDOM || |
7752 |
++ bacmp(&conn->resp_addr, BDADDR_ANY)) |
7753 |
+ return; |
7754 |
+ |
7755 |
+ if (!hdev->cur_adv_instance) { |
7756 |
+diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c |
7757 |
+index a4ca55df73908..007a01b08dbe9 100644 |
7758 |
+--- a/net/bluetooth/sco.c |
7759 |
++++ b/net/bluetooth/sco.c |
7760 |
+@@ -48,6 +48,8 @@ struct sco_conn { |
7761 |
+ spinlock_t lock; |
7762 |
+ struct sock *sk; |
7763 |
+ |
7764 |
++ struct delayed_work timeout_work; |
7765 |
++ |
7766 |
+ unsigned int mtu; |
7767 |
+ }; |
7768 |
+ |
7769 |
+@@ -73,9 +75,20 @@ struct sco_pinfo { |
7770 |
+ #define SCO_CONN_TIMEOUT (HZ * 40) |
7771 |
+ #define SCO_DISCONN_TIMEOUT (HZ * 2) |
7772 |
+ |
7773 |
+-static void sco_sock_timeout(struct timer_list *t) |
7774 |
++static void sco_sock_timeout(struct work_struct *work) |
7775 |
+ { |
7776 |
+- struct sock *sk = from_timer(sk, t, sk_timer); |
7777 |
++ struct sco_conn *conn = container_of(work, struct sco_conn, |
7778 |
++ timeout_work.work); |
7779 |
++ struct sock *sk; |
7780 |
++ |
7781 |
++ sco_conn_lock(conn); |
7782 |
++ sk = conn->sk; |
7783 |
++ if (sk) |
7784 |
++ sock_hold(sk); |
7785 |
++ sco_conn_unlock(conn); |
7786 |
++ |
7787 |
++ if (!sk) |
7788 |
++ return; |
7789 |
+ |
7790 |
+ BT_DBG("sock %p state %d", sk, sk->sk_state); |
7791 |
+ |
7792 |
+@@ -84,20 +97,26 @@ static void sco_sock_timeout(struct timer_list *t) |
7793 |
+ sk->sk_state_change(sk); |
7794 |
+ bh_unlock_sock(sk); |
7795 |
+ |
7796 |
+- sco_sock_kill(sk); |
7797 |
+ sock_put(sk); |
7798 |
+ } |
7799 |
+ |
7800 |
+ static void sco_sock_set_timer(struct sock *sk, long timeout) |
7801 |
+ { |
7802 |
++ if (!sco_pi(sk)->conn) |
7803 |
++ return; |
7804 |
++ |
7805 |
+ BT_DBG("sock %p state %d timeout %ld", sk, sk->sk_state, timeout); |
7806 |
+- sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout); |
7807 |
++ cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); |
7808 |
++ schedule_delayed_work(&sco_pi(sk)->conn->timeout_work, timeout); |
7809 |
+ } |
7810 |
+ |
7811 |
+ static void sco_sock_clear_timer(struct sock *sk) |
7812 |
+ { |
7813 |
++ if (!sco_pi(sk)->conn) |
7814 |
++ return; |
7815 |
++ |
7816 |
+ BT_DBG("sock %p state %d", sk, sk->sk_state); |
7817 |
+- sk_stop_timer(sk, &sk->sk_timer); |
7818 |
++ cancel_delayed_work(&sco_pi(sk)->conn->timeout_work); |
7819 |
+ } |
7820 |
+ |
7821 |
+ /* ---- SCO connections ---- */ |
7822 |
+@@ -176,8 +195,10 @@ static void sco_conn_del(struct hci_conn *hcon, int err) |
7823 |
+ sco_sock_clear_timer(sk); |
7824 |
+ sco_chan_del(sk, err); |
7825 |
+ bh_unlock_sock(sk); |
7826 |
+- sco_sock_kill(sk); |
7827 |
+ sock_put(sk); |
7828 |
++ |
7829 |
++ /* Ensure no more work items will run before freeing conn. */ |
7830 |
++ cancel_delayed_work_sync(&conn->timeout_work); |
7831 |
+ } |
7832 |
+ |
7833 |
+ hcon->sco_data = NULL; |
7834 |
+@@ -192,6 +213,8 @@ static void __sco_chan_add(struct sco_conn *conn, struct sock *sk, |
7835 |
+ sco_pi(sk)->conn = conn; |
7836 |
+ conn->sk = sk; |
7837 |
+ |
7838 |
++ INIT_DELAYED_WORK(&conn->timeout_work, sco_sock_timeout); |
7839 |
++ |
7840 |
+ if (parent) |
7841 |
+ bt_accept_enqueue(parent, sk, true); |
7842 |
+ } |
7843 |
+@@ -211,44 +234,32 @@ static int sco_chan_add(struct sco_conn *conn, struct sock *sk, |
7844 |
+ return err; |
7845 |
+ } |
7846 |
+ |
7847 |
+-static int sco_connect(struct sock *sk) |
7848 |
++static int sco_connect(struct hci_dev *hdev, struct sock *sk) |
7849 |
+ { |
7850 |
+ struct sco_conn *conn; |
7851 |
+ struct hci_conn *hcon; |
7852 |
+- struct hci_dev *hdev; |
7853 |
+ int err, type; |
7854 |
+ |
7855 |
+ BT_DBG("%pMR -> %pMR", &sco_pi(sk)->src, &sco_pi(sk)->dst); |
7856 |
+ |
7857 |
+- hdev = hci_get_route(&sco_pi(sk)->dst, &sco_pi(sk)->src, BDADDR_BREDR); |
7858 |
+- if (!hdev) |
7859 |
+- return -EHOSTUNREACH; |
7860 |
+- |
7861 |
+- hci_dev_lock(hdev); |
7862 |
+- |
7863 |
+ if (lmp_esco_capable(hdev) && !disable_esco) |
7864 |
+ type = ESCO_LINK; |
7865 |
+ else |
7866 |
+ type = SCO_LINK; |
7867 |
+ |
7868 |
+ if (sco_pi(sk)->setting == BT_VOICE_TRANSPARENT && |
7869 |
+- (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) { |
7870 |
+- err = -EOPNOTSUPP; |
7871 |
+- goto done; |
7872 |
+- } |
7873 |
++ (!lmp_transp_capable(hdev) || !lmp_esco_capable(hdev))) |
7874 |
++ return -EOPNOTSUPP; |
7875 |
+ |
7876 |
+ hcon = hci_connect_sco(hdev, type, &sco_pi(sk)->dst, |
7877 |
+ sco_pi(sk)->setting); |
7878 |
+- if (IS_ERR(hcon)) { |
7879 |
+- err = PTR_ERR(hcon); |
7880 |
+- goto done; |
7881 |
+- } |
7882 |
++ if (IS_ERR(hcon)) |
7883 |
++ return PTR_ERR(hcon); |
7884 |
+ |
7885 |
+ conn = sco_conn_add(hcon); |
7886 |
+ if (!conn) { |
7887 |
+ hci_conn_drop(hcon); |
7888 |
+- err = -ENOMEM; |
7889 |
+- goto done; |
7890 |
++ return -ENOMEM; |
7891 |
+ } |
7892 |
+ |
7893 |
+ /* Update source addr of the socket */ |
7894 |
+@@ -256,7 +267,7 @@ static int sco_connect(struct sock *sk) |
7895 |
+ |
7896 |
+ err = sco_chan_add(conn, sk, NULL); |
7897 |
+ if (err) |
7898 |
+- goto done; |
7899 |
++ return err; |
7900 |
+ |
7901 |
+ if (hcon->state == BT_CONNECTED) { |
7902 |
+ sco_sock_clear_timer(sk); |
7903 |
+@@ -266,9 +277,6 @@ static int sco_connect(struct sock *sk) |
7904 |
+ sco_sock_set_timer(sk, sk->sk_sndtimeo); |
7905 |
+ } |
7906 |
+ |
7907 |
+-done: |
7908 |
+- hci_dev_unlock(hdev); |
7909 |
+- hci_dev_put(hdev); |
7910 |
+ return err; |
7911 |
+ } |
7912 |
+ |
7913 |
+@@ -393,8 +401,7 @@ static void sco_sock_cleanup_listen(struct sock *parent) |
7914 |
+ */ |
7915 |
+ static void sco_sock_kill(struct sock *sk) |
7916 |
+ { |
7917 |
+- if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket || |
7918 |
+- sock_flag(sk, SOCK_DEAD)) |
7919 |
++ if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket) |
7920 |
+ return; |
7921 |
+ |
7922 |
+ BT_DBG("sk %p state %d", sk, sk->sk_state); |
7923 |
+@@ -446,7 +453,6 @@ static void sco_sock_close(struct sock *sk) |
7924 |
+ lock_sock(sk); |
7925 |
+ __sco_sock_close(sk); |
7926 |
+ release_sock(sk); |
7927 |
+- sco_sock_kill(sk); |
7928 |
+ } |
7929 |
+ |
7930 |
+ static void sco_sock_init(struct sock *sk, struct sock *parent) |
7931 |
+@@ -488,8 +494,6 @@ static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, |
7932 |
+ |
7933 |
+ sco_pi(sk)->setting = BT_VOICE_CVSD_16BIT; |
7934 |
+ |
7935 |
+- timer_setup(&sk->sk_timer, sco_sock_timeout, 0); |
7936 |
+- |
7937 |
+ bt_sock_link(&sco_sk_list, sk); |
7938 |
+ return sk; |
7939 |
+ } |
7940 |
+@@ -554,6 +558,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen |
7941 |
+ { |
7942 |
+ struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; |
7943 |
+ struct sock *sk = sock->sk; |
7944 |
++ struct hci_dev *hdev; |
7945 |
+ int err; |
7946 |
+ |
7947 |
+ BT_DBG("sk %p", sk); |
7948 |
+@@ -568,12 +573,19 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen |
7949 |
+ if (sk->sk_type != SOCK_SEQPACKET) |
7950 |
+ return -EINVAL; |
7951 |
+ |
7952 |
++ hdev = hci_get_route(&sa->sco_bdaddr, &sco_pi(sk)->src, BDADDR_BREDR); |
7953 |
++ if (!hdev) |
7954 |
++ return -EHOSTUNREACH; |
7955 |
++ hci_dev_lock(hdev); |
7956 |
++ |
7957 |
+ lock_sock(sk); |
7958 |
+ |
7959 |
+ /* Set destination address and psm */ |
7960 |
+ bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr); |
7961 |
+ |
7962 |
+- err = sco_connect(sk); |
7963 |
++ err = sco_connect(hdev, sk); |
7964 |
++ hci_dev_unlock(hdev); |
7965 |
++ hci_dev_put(hdev); |
7966 |
+ if (err) |
7967 |
+ goto done; |
7968 |
+ |
7969 |
+@@ -761,6 +773,11 @@ static void sco_conn_defer_accept(struct hci_conn *conn, u16 setting) |
7970 |
+ cp.max_latency = cpu_to_le16(0xffff); |
7971 |
+ cp.retrans_effort = 0xff; |
7972 |
+ break; |
7973 |
++ default: |
7974 |
++ /* use CVSD settings as fallback */ |
7975 |
++ cp.max_latency = cpu_to_le16(0xffff); |
7976 |
++ cp.retrans_effort = 0xff; |
7977 |
++ break; |
7978 |
+ } |
7979 |
+ |
7980 |
+ hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ, |
7981 |
+diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c |
7982 |
+index 13e2ae6be620c..8aeece7aa9e97 100644 |
7983 |
+--- a/net/caif/chnl_net.c |
7984 |
++++ b/net/caif/chnl_net.c |
7985 |
+@@ -53,20 +53,6 @@ struct chnl_net { |
7986 |
+ enum caif_states state; |
7987 |
+ }; |
7988 |
+ |
7989 |
+-static void robust_list_del(struct list_head *delete_node) |
7990 |
+-{ |
7991 |
+- struct list_head *list_node; |
7992 |
+- struct list_head *n; |
7993 |
+- ASSERT_RTNL(); |
7994 |
+- list_for_each_safe(list_node, n, &chnl_net_list) { |
7995 |
+- if (list_node == delete_node) { |
7996 |
+- list_del(list_node); |
7997 |
+- return; |
7998 |
+- } |
7999 |
+- } |
8000 |
+- WARN_ON(1); |
8001 |
+-} |
8002 |
+- |
8003 |
+ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) |
8004 |
+ { |
8005 |
+ struct sk_buff *skb; |
8006 |
+@@ -368,6 +354,7 @@ static int chnl_net_init(struct net_device *dev) |
8007 |
+ ASSERT_RTNL(); |
8008 |
+ priv = netdev_priv(dev); |
8009 |
+ strncpy(priv->name, dev->name, sizeof(priv->name)); |
8010 |
++ INIT_LIST_HEAD(&priv->list_field); |
8011 |
+ return 0; |
8012 |
+ } |
8013 |
+ |
8014 |
+@@ -376,7 +363,7 @@ static void chnl_net_uninit(struct net_device *dev) |
8015 |
+ struct chnl_net *priv; |
8016 |
+ ASSERT_RTNL(); |
8017 |
+ priv = netdev_priv(dev); |
8018 |
+- robust_list_del(&priv->list_field); |
8019 |
++ list_del_init(&priv->list_field); |
8020 |
+ } |
8021 |
+ |
8022 |
+ static const struct net_device_ops netdev_ops = { |
8023 |
+@@ -541,7 +528,7 @@ static void __exit chnl_exit_module(void) |
8024 |
+ rtnl_lock(); |
8025 |
+ list_for_each_safe(list_node, _tmp, &chnl_net_list) { |
8026 |
+ dev = list_entry(list_node, struct chnl_net, list_field); |
8027 |
+- list_del(list_node); |
8028 |
++ list_del_init(list_node); |
8029 |
+ delete_device(dev); |
8030 |
+ } |
8031 |
+ rtnl_unlock(); |
8032 |
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c |
8033 |
+index 994dd1520f07a..949694c70cbc6 100644 |
8034 |
+--- a/net/core/flow_dissector.c |
8035 |
++++ b/net/core/flow_dissector.c |
8036 |
+@@ -694,8 +694,10 @@ proto_again: |
8037 |
+ FLOW_DISSECTOR_KEY_IPV4_ADDRS, |
8038 |
+ target_container); |
8039 |
+ |
8040 |
+- memcpy(&key_addrs->v4addrs, &iph->saddr, |
8041 |
+- sizeof(key_addrs->v4addrs)); |
8042 |
++ memcpy(&key_addrs->v4addrs.src, &iph->saddr, |
8043 |
++ sizeof(key_addrs->v4addrs.src)); |
8044 |
++ memcpy(&key_addrs->v4addrs.dst, &iph->daddr, |
8045 |
++ sizeof(key_addrs->v4addrs.dst)); |
8046 |
+ key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; |
8047 |
+ } |
8048 |
+ |
8049 |
+@@ -744,8 +746,10 @@ proto_again: |
8050 |
+ FLOW_DISSECTOR_KEY_IPV6_ADDRS, |
8051 |
+ target_container); |
8052 |
+ |
8053 |
+- memcpy(&key_addrs->v6addrs, &iph->saddr, |
8054 |
+- sizeof(key_addrs->v6addrs)); |
8055 |
++ memcpy(&key_addrs->v6addrs.src, &iph->saddr, |
8056 |
++ sizeof(key_addrs->v6addrs.src)); |
8057 |
++ memcpy(&key_addrs->v6addrs.dst, &iph->daddr, |
8058 |
++ sizeof(key_addrs->v6addrs.dst)); |
8059 |
+ key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; |
8060 |
+ } |
8061 |
+ |
8062 |
+diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c |
8063 |
+index 939d8a31eb82a..26d70c00b0545 100644 |
8064 |
+--- a/net/core/net_namespace.c |
8065 |
++++ b/net/core/net_namespace.c |
8066 |
+@@ -192,9 +192,9 @@ static int net_eq_idr(int id, void *net, void *peer) |
8067 |
+ return 0; |
8068 |
+ } |
8069 |
+ |
8070 |
+-/* Should be called with nsid_lock held. If a new id is assigned, the bool alloc |
8071 |
+- * is set to true, thus the caller knows that the new id must be notified via |
8072 |
+- * rtnl. |
8073 |
++/* Must be called from RCU-critical section or with nsid_lock held. If |
8074 |
++ * a new id is assigned, the bool alloc is set to true, thus the |
8075 |
++ * caller knows that the new id must be notified via rtnl. |
8076 |
+ */ |
8077 |
+ static int __peernet2id_alloc(struct net *net, struct net *peer, bool *alloc) |
8078 |
+ { |
8079 |
+@@ -218,7 +218,7 @@ static int __peernet2id_alloc(struct net *net, struct net *peer, bool *alloc) |
8080 |
+ return NETNSA_NSID_NOT_ASSIGNED; |
8081 |
+ } |
8082 |
+ |
8083 |
+-/* should be called with nsid_lock held */ |
8084 |
++/* Must be called from RCU-critical section or with nsid_lock held */ |
8085 |
+ static int __peernet2id(struct net *net, struct net *peer) |
8086 |
+ { |
8087 |
+ bool no = false; |
8088 |
+@@ -261,9 +261,10 @@ int peernet2id(struct net *net, struct net *peer) |
8089 |
+ { |
8090 |
+ int id; |
8091 |
+ |
8092 |
+- spin_lock_bh(&net->nsid_lock); |
8093 |
++ rcu_read_lock(); |
8094 |
+ id = __peernet2id(net, peer); |
8095 |
+- spin_unlock_bh(&net->nsid_lock); |
8096 |
++ rcu_read_unlock(); |
8097 |
++ |
8098 |
+ return id; |
8099 |
+ } |
8100 |
+ EXPORT_SYMBOL(peernet2id); |
8101 |
+@@ -837,6 +838,7 @@ struct rtnl_net_dump_cb { |
8102 |
+ int s_idx; |
8103 |
+ }; |
8104 |
+ |
8105 |
++/* Runs in RCU-critical section. */ |
8106 |
+ static int rtnl_net_dumpid_one(int id, void *peer, void *data) |
8107 |
+ { |
8108 |
+ struct rtnl_net_dump_cb *net_cb = (struct rtnl_net_dump_cb *)data; |
8109 |
+@@ -867,9 +869,9 @@ static int rtnl_net_dumpid(struct sk_buff *skb, struct netlink_callback *cb) |
8110 |
+ .s_idx = cb->args[0], |
8111 |
+ }; |
8112 |
+ |
8113 |
+- spin_lock_bh(&net->nsid_lock); |
8114 |
++ rcu_read_lock(); |
8115 |
+ idr_for_each(&net->netns_ids, rtnl_net_dumpid_one, &net_cb); |
8116 |
+- spin_unlock_bh(&net->nsid_lock); |
8117 |
++ rcu_read_unlock(); |
8118 |
+ |
8119 |
+ cb->args[0] = net_cb.idx; |
8120 |
+ return skb->len; |
8121 |
+diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c |
8122 |
+index ba6fc3c1186b9..e91838a7b8497 100644 |
8123 |
+--- a/net/dccp/minisocks.c |
8124 |
++++ b/net/dccp/minisocks.c |
8125 |
+@@ -98,6 +98,8 @@ struct sock *dccp_create_openreq_child(const struct sock *sk, |
8126 |
+ newdp->dccps_role = DCCP_ROLE_SERVER; |
8127 |
+ newdp->dccps_hc_rx_ackvec = NULL; |
8128 |
+ newdp->dccps_service_list = NULL; |
8129 |
++ newdp->dccps_hc_rx_ccid = NULL; |
8130 |
++ newdp->dccps_hc_tx_ccid = NULL; |
8131 |
+ newdp->dccps_service = dreq->dreq_service; |
8132 |
+ newdp->dccps_timestamp_echo = dreq->dreq_timestamp_echo; |
8133 |
+ newdp->dccps_timestamp_time = dreq->dreq_timestamp_time; |
8134 |
+diff --git a/net/dsa/slave.c b/net/dsa/slave.c |
8135 |
+index b887d9edb9c38..f7c122357a966 100644 |
8136 |
+--- a/net/dsa/slave.c |
8137 |
++++ b/net/dsa/slave.c |
8138 |
+@@ -1226,13 +1226,11 @@ static int dsa_slave_phy_setup(struct net_device *slave_dev) |
8139 |
+ * use the switch internal MDIO bus instead |
8140 |
+ */ |
8141 |
+ ret = dsa_slave_phy_connect(slave_dev, dp->index); |
8142 |
+- if (ret) { |
8143 |
+- netdev_err(slave_dev, |
8144 |
+- "failed to connect to port %d: %d\n", |
8145 |
+- dp->index, ret); |
8146 |
+- phylink_destroy(dp->pl); |
8147 |
+- return ret; |
8148 |
+- } |
8149 |
++ } |
8150 |
++ if (ret) { |
8151 |
++ netdev_err(slave_dev, "failed to connect to PHY: %pe\n", |
8152 |
++ ERR_PTR(ret)); |
8153 |
++ phylink_destroy(dp->pl); |
8154 |
+ } |
8155 |
+ |
8156 |
+ return ret; |
8157 |
+diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c |
8158 |
+index dde6cf82e9f0a..fe10a565b7d85 100644 |
8159 |
+--- a/net/ipv4/icmp.c |
8160 |
++++ b/net/ipv4/icmp.c |
8161 |
+@@ -465,6 +465,23 @@ out_bh_enable: |
8162 |
+ local_bh_enable(); |
8163 |
+ } |
8164 |
+ |
8165 |
++/* |
8166 |
++ * The device used for looking up which routing table to use for sending an ICMP |
8167 |
++ * error is preferably the source whenever it is set, which should ensure the |
8168 |
++ * icmp error can be sent to the source host, else lookup using the routing |
8169 |
++ * table of the destination device, else use the main routing table (index 0). |
8170 |
++ */ |
8171 |
++static struct net_device *icmp_get_route_lookup_dev(struct sk_buff *skb) |
8172 |
++{ |
8173 |
++ struct net_device *route_lookup_dev = NULL; |
8174 |
++ |
8175 |
++ if (skb->dev) |
8176 |
++ route_lookup_dev = skb->dev; |
8177 |
++ else if (skb_dst(skb)) |
8178 |
++ route_lookup_dev = skb_dst(skb)->dev; |
8179 |
++ return route_lookup_dev; |
8180 |
++} |
8181 |
++ |
8182 |
+ static struct rtable *icmp_route_lookup(struct net *net, |
8183 |
+ struct flowi4 *fl4, |
8184 |
+ struct sk_buff *skb_in, |
8185 |
+@@ -473,6 +490,7 @@ static struct rtable *icmp_route_lookup(struct net *net, |
8186 |
+ int type, int code, |
8187 |
+ struct icmp_bxm *param) |
8188 |
+ { |
8189 |
++ struct net_device *route_lookup_dev; |
8190 |
+ struct rtable *rt, *rt2; |
8191 |
+ struct flowi4 fl4_dec; |
8192 |
+ int err; |
8193 |
+@@ -487,7 +505,8 @@ static struct rtable *icmp_route_lookup(struct net *net, |
8194 |
+ fl4->flowi4_proto = IPPROTO_ICMP; |
8195 |
+ fl4->fl4_icmp_type = type; |
8196 |
+ fl4->fl4_icmp_code = code; |
8197 |
+- fl4->flowi4_oif = l3mdev_master_ifindex(skb_dst(skb_in)->dev); |
8198 |
++ route_lookup_dev = icmp_get_route_lookup_dev(skb_in); |
8199 |
++ fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); |
8200 |
+ |
8201 |
+ security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4)); |
8202 |
+ rt = ip_route_output_key_hash(net, fl4, skb_in); |
8203 |
+@@ -511,7 +530,7 @@ static struct rtable *icmp_route_lookup(struct net *net, |
8204 |
+ if (err) |
8205 |
+ goto relookup_failed; |
8206 |
+ |
8207 |
+- if (inet_addr_type_dev_table(net, skb_dst(skb_in)->dev, |
8208 |
++ if (inet_addr_type_dev_table(net, route_lookup_dev, |
8209 |
+ fl4_dec.saddr) == RTN_LOCAL) { |
8210 |
+ rt2 = __ip_route_output_key(net, &fl4_dec); |
8211 |
+ if (IS_ERR(rt2)) |
8212 |
+diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c |
8213 |
+index dca7fe0ae24ad..15804cfc19a8c 100644 |
8214 |
+--- a/net/ipv4/igmp.c |
8215 |
++++ b/net/ipv4/igmp.c |
8216 |
+@@ -2743,6 +2743,7 @@ int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u |
8217 |
+ rv = 1; |
8218 |
+ } else if (im) { |
8219 |
+ if (src_addr) { |
8220 |
++ spin_lock_bh(&im->lock); |
8221 |
+ for (psf = im->sources; psf; psf = psf->sf_next) { |
8222 |
+ if (psf->sf_inaddr == src_addr) |
8223 |
+ break; |
8224 |
+@@ -2753,6 +2754,7 @@ int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u |
8225 |
+ im->sfcount[MCAST_EXCLUDE]; |
8226 |
+ else |
8227 |
+ rv = im->sfcount[MCAST_EXCLUDE] != 0; |
8228 |
++ spin_unlock_bh(&im->lock); |
8229 |
+ } else |
8230 |
+ rv = 1; /* unspecified source; tentatively allow */ |
8231 |
+ } |
8232 |
+diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c |
8233 |
+index a8a37d1128201..0c431fd4b1200 100644 |
8234 |
+--- a/net/ipv4/ip_gre.c |
8235 |
++++ b/net/ipv4/ip_gre.c |
8236 |
+@@ -449,8 +449,6 @@ static void __gre_xmit(struct sk_buff *skb, struct net_device *dev, |
8237 |
+ |
8238 |
+ static int gre_handle_offloads(struct sk_buff *skb, bool csum) |
8239 |
+ { |
8240 |
+- if (csum && skb_checksum_start(skb) < skb->data) |
8241 |
+- return -EINVAL; |
8242 |
+ return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE); |
8243 |
+ } |
8244 |
+ |
8245 |
+@@ -682,15 +680,20 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb, |
8246 |
+ } |
8247 |
+ |
8248 |
+ if (dev->header_ops) { |
8249 |
++ const int pull_len = tunnel->hlen + sizeof(struct iphdr); |
8250 |
++ |
8251 |
+ if (skb_cow_head(skb, 0)) |
8252 |
+ goto free_skb; |
8253 |
+ |
8254 |
+ tnl_params = (const struct iphdr *)skb->data; |
8255 |
+ |
8256 |
++ if (pull_len > skb_transport_offset(skb)) |
8257 |
++ goto free_skb; |
8258 |
++ |
8259 |
+ /* Pull skb since ip_tunnel_xmit() needs skb->data pointing |
8260 |
+ * to gre header. |
8261 |
+ */ |
8262 |
+- skb_pull(skb, tunnel->hlen + sizeof(struct iphdr)); |
8263 |
++ skb_pull(skb, pull_len); |
8264 |
+ skb_reset_mac_header(skb); |
8265 |
+ } else { |
8266 |
+ if (skb_cow_head(skb, dev->needed_headroom)) |
8267 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
8268 |
+index e63905f7f6f95..25beecee89494 100644 |
8269 |
+--- a/net/ipv4/ip_output.c |
8270 |
++++ b/net/ipv4/ip_output.c |
8271 |
+@@ -419,8 +419,9 @@ static void ip_copy_addrs(struct iphdr *iph, const struct flowi4 *fl4) |
8272 |
+ { |
8273 |
+ BUILD_BUG_ON(offsetof(typeof(*fl4), daddr) != |
8274 |
+ offsetof(typeof(*fl4), saddr) + sizeof(fl4->saddr)); |
8275 |
+- memcpy(&iph->saddr, &fl4->saddr, |
8276 |
+- sizeof(fl4->saddr) + sizeof(fl4->daddr)); |
8277 |
++ |
8278 |
++ iph->saddr = fl4->saddr; |
8279 |
++ iph->daddr = fl4->daddr; |
8280 |
+ } |
8281 |
+ |
8282 |
+ /* Note: skb->sk can be different from sk, in case of tunnels */ |
8283 |
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
8284 |
+index 1491d239385e5..730a15fc497ca 100644 |
8285 |
+--- a/net/ipv4/route.c |
8286 |
++++ b/net/ipv4/route.c |
8287 |
+@@ -604,18 +604,25 @@ static void fnhe_flush_routes(struct fib_nh_exception *fnhe) |
8288 |
+ } |
8289 |
+ } |
8290 |
+ |
8291 |
+-static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash) |
8292 |
++static void fnhe_remove_oldest(struct fnhe_hash_bucket *hash) |
8293 |
+ { |
8294 |
+- struct fib_nh_exception *fnhe, *oldest; |
8295 |
++ struct fib_nh_exception __rcu **fnhe_p, **oldest_p; |
8296 |
++ struct fib_nh_exception *fnhe, *oldest = NULL; |
8297 |
+ |
8298 |
+- oldest = rcu_dereference(hash->chain); |
8299 |
+- for (fnhe = rcu_dereference(oldest->fnhe_next); fnhe; |
8300 |
+- fnhe = rcu_dereference(fnhe->fnhe_next)) { |
8301 |
+- if (time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp)) |
8302 |
++ for (fnhe_p = &hash->chain; ; fnhe_p = &fnhe->fnhe_next) { |
8303 |
++ fnhe = rcu_dereference_protected(*fnhe_p, |
8304 |
++ lockdep_is_held(&fnhe_lock)); |
8305 |
++ if (!fnhe) |
8306 |
++ break; |
8307 |
++ if (!oldest || |
8308 |
++ time_before(fnhe->fnhe_stamp, oldest->fnhe_stamp)) { |
8309 |
+ oldest = fnhe; |
8310 |
++ oldest_p = fnhe_p; |
8311 |
++ } |
8312 |
+ } |
8313 |
+ fnhe_flush_routes(oldest); |
8314 |
+- return oldest; |
8315 |
++ *oldest_p = oldest->fnhe_next; |
8316 |
++ kfree_rcu(oldest, rcu); |
8317 |
+ } |
8318 |
+ |
8319 |
+ static inline u32 fnhe_hashfun(__be32 daddr) |
8320 |
+@@ -692,16 +699,21 @@ static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw, |
8321 |
+ if (rt) |
8322 |
+ fill_route_from_fnhe(rt, fnhe); |
8323 |
+ } else { |
8324 |
+- if (depth > FNHE_RECLAIM_DEPTH) |
8325 |
+- fnhe = fnhe_oldest(hash); |
8326 |
+- else { |
8327 |
+- fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC); |
8328 |
+- if (!fnhe) |
8329 |
+- goto out_unlock; |
8330 |
+- |
8331 |
+- fnhe->fnhe_next = hash->chain; |
8332 |
+- rcu_assign_pointer(hash->chain, fnhe); |
8333 |
++ /* Randomize max depth to avoid some side channels attacks. */ |
8334 |
++ int max_depth = FNHE_RECLAIM_DEPTH + |
8335 |
++ prandom_u32_max(FNHE_RECLAIM_DEPTH); |
8336 |
++ |
8337 |
++ while (depth > max_depth) { |
8338 |
++ fnhe_remove_oldest(hash); |
8339 |
++ depth--; |
8340 |
+ } |
8341 |
++ |
8342 |
++ fnhe = kzalloc(sizeof(*fnhe), GFP_ATOMIC); |
8343 |
++ if (!fnhe) |
8344 |
++ goto out_unlock; |
8345 |
++ |
8346 |
++ fnhe->fnhe_next = hash->chain; |
8347 |
++ |
8348 |
+ fnhe->fnhe_genid = genid; |
8349 |
+ fnhe->fnhe_daddr = daddr; |
8350 |
+ fnhe->fnhe_gw = gw; |
8351 |
+@@ -709,6 +721,8 @@ static void update_or_create_fnhe(struct fib_nh *nh, __be32 daddr, __be32 gw, |
8352 |
+ fnhe->fnhe_mtu_locked = lock; |
8353 |
+ fnhe->fnhe_expires = max(1UL, expires); |
8354 |
+ |
8355 |
++ rcu_assign_pointer(hash->chain, fnhe); |
8356 |
++ |
8357 |
+ /* Exception created; mark the cached routes for the nexthop |
8358 |
+ * stale, so anyone caching it rechecks if this exception |
8359 |
+ * applies to them. |
8360 |
+@@ -2801,7 +2815,7 @@ static struct sk_buff *inet_rtm_getroute_build_skb(__be32 src, __be32 dst, |
8361 |
+ udph = skb_put_zero(skb, sizeof(struct udphdr)); |
8362 |
+ udph->source = sport; |
8363 |
+ udph->dest = dport; |
8364 |
+- udph->len = sizeof(struct udphdr); |
8365 |
++ udph->len = htons(sizeof(struct udphdr)); |
8366 |
+ udph->check = 0; |
8367 |
+ break; |
8368 |
+ } |
8369 |
+diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c |
8370 |
+index 2ab371f555250..119d2c2f3b047 100644 |
8371 |
+--- a/net/ipv4/tcp_fastopen.c |
8372 |
++++ b/net/ipv4/tcp_fastopen.c |
8373 |
+@@ -342,8 +342,7 @@ struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb, |
8374 |
+ return NULL; |
8375 |
+ } |
8376 |
+ |
8377 |
+- if (syn_data && |
8378 |
+- tcp_fastopen_no_cookie(sk, dst, TFO_SERVER_COOKIE_NOT_REQD)) |
8379 |
++ if (tcp_fastopen_no_cookie(sk, dst, TFO_SERVER_COOKIE_NOT_REQD)) |
8380 |
+ goto fastopen; |
8381 |
+ |
8382 |
+ if (foc->len >= 0 && /* Client presents or requests a cookie */ |
8383 |
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
8384 |
+index 36bff9291530b..5117e0aeea1af 100644 |
8385 |
+--- a/net/ipv4/tcp_input.c |
8386 |
++++ b/net/ipv4/tcp_input.c |
8387 |
+@@ -1195,7 +1195,7 @@ static u8 tcp_sacktag_one(struct sock *sk, |
8388 |
+ if (dup_sack && (sacked & TCPCB_RETRANS)) { |
8389 |
+ if (tp->undo_marker && tp->undo_retrans > 0 && |
8390 |
+ after(end_seq, tp->undo_marker)) |
8391 |
+- tp->undo_retrans--; |
8392 |
++ tp->undo_retrans = max_t(int, 0, tp->undo_retrans - pcount); |
8393 |
+ if ((sacked & TCPCB_SACKED_ACKED) && |
8394 |
+ before(start_seq, state->reord)) |
8395 |
+ state->reord = start_seq; |
8396 |
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
8397 |
+index 71236aa7388d7..de4edfbc9e466 100644 |
8398 |
+--- a/net/ipv4/tcp_ipv4.c |
8399 |
++++ b/net/ipv4/tcp_ipv4.c |
8400 |
+@@ -2177,6 +2177,7 @@ static void *tcp_get_idx(struct seq_file *seq, loff_t pos) |
8401 |
+ static void *tcp_seek_last_pos(struct seq_file *seq) |
8402 |
+ { |
8403 |
+ struct tcp_iter_state *st = seq->private; |
8404 |
++ int bucket = st->bucket; |
8405 |
+ int offset = st->offset; |
8406 |
+ int orig_num = st->num; |
8407 |
+ void *rc = NULL; |
8408 |
+@@ -2187,7 +2188,7 @@ static void *tcp_seek_last_pos(struct seq_file *seq) |
8409 |
+ break; |
8410 |
+ st->state = TCP_SEQ_STATE_LISTENING; |
8411 |
+ rc = listening_get_next(seq, NULL); |
8412 |
+- while (offset-- && rc) |
8413 |
++ while (offset-- && rc && bucket == st->bucket) |
8414 |
+ rc = listening_get_next(seq, rc); |
8415 |
+ if (rc) |
8416 |
+ break; |
8417 |
+@@ -2198,7 +2199,7 @@ static void *tcp_seek_last_pos(struct seq_file *seq) |
8418 |
+ if (st->bucket > tcp_hashinfo.ehash_mask) |
8419 |
+ break; |
8420 |
+ rc = established_get_first(seq); |
8421 |
+- while (offset-- && rc) |
8422 |
++ while (offset-- && rc && bucket == st->bucket) |
8423 |
+ rc = established_get_next(seq, rc); |
8424 |
+ } |
8425 |
+ |
8426 |
+diff --git a/net/ipv6/netfilter/nf_socket_ipv6.c b/net/ipv6/netfilter/nf_socket_ipv6.c |
8427 |
+index f14de4b6d639d..58e839e2ce1d3 100644 |
8428 |
+--- a/net/ipv6/netfilter/nf_socket_ipv6.c |
8429 |
++++ b/net/ipv6/netfilter/nf_socket_ipv6.c |
8430 |
+@@ -104,7 +104,7 @@ struct sock *nf_sk_lookup_slow_v6(struct net *net, const struct sk_buff *skb, |
8431 |
+ { |
8432 |
+ __be16 uninitialized_var(dport), uninitialized_var(sport); |
8433 |
+ const struct in6_addr *daddr = NULL, *saddr = NULL; |
8434 |
+- struct ipv6hdr *iph = ipv6_hdr(skb); |
8435 |
++ struct ipv6hdr *iph = ipv6_hdr(skb), ipv6_var; |
8436 |
+ struct sk_buff *data_skb = NULL; |
8437 |
+ int doff = 0; |
8438 |
+ int thoff = 0, tproto; |
8439 |
+@@ -134,8 +134,6 @@ struct sock *nf_sk_lookup_slow_v6(struct net *net, const struct sk_buff *skb, |
8440 |
+ thoff + sizeof(*hp); |
8441 |
+ |
8442 |
+ } else if (tproto == IPPROTO_ICMPV6) { |
8443 |
+- struct ipv6hdr ipv6_var; |
8444 |
+- |
8445 |
+ if (extract_icmp6_fields(skb, thoff, &tproto, &saddr, &daddr, |
8446 |
+ &sport, &dport, &ipv6_var)) |
8447 |
+ return NULL; |
8448 |
+diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c |
8449 |
+index 9abdc0a04d993..bf2a53d455a18 100644 |
8450 |
+--- a/net/l2tp/l2tp_core.c |
8451 |
++++ b/net/l2tp/l2tp_core.c |
8452 |
+@@ -889,8 +889,10 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb) |
8453 |
+ } |
8454 |
+ |
8455 |
+ if (tunnel->version == L2TP_HDR_VER_3 && |
8456 |
+- l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr)) |
8457 |
++ l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr)) { |
8458 |
++ l2tp_session_dec_refcount(session); |
8459 |
+ goto error; |
8460 |
++ } |
8461 |
+ |
8462 |
+ l2tp_recv_common(session, skb, ptr, optr, hdrflags, length); |
8463 |
+ l2tp_session_dec_refcount(session); |
8464 |
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c |
8465 |
+index 3530d1a5fc98e..5c5908127fcb5 100644 |
8466 |
+--- a/net/mac80211/tx.c |
8467 |
++++ b/net/mac80211/tx.c |
8468 |
+@@ -3142,7 +3142,9 @@ static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata, |
8469 |
+ if (info->control.flags & IEEE80211_TX_CTRL_AMSDU) |
8470 |
+ return true; |
8471 |
+ |
8472 |
+- if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr))) |
8473 |
++ if (!ieee80211_amsdu_realloc_pad(local, skb, |
8474 |
++ sizeof(*amsdu_hdr) + |
8475 |
++ local->hw.extra_tx_headroom)) |
8476 |
+ return false; |
8477 |
+ |
8478 |
+ data = skb_push(skb, sizeof(*amsdu_hdr)); |
8479 |
+diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c |
8480 |
+index 3e3494c8d42f8..e252f62bb8c20 100644 |
8481 |
+--- a/net/netlabel/netlabel_cipso_v4.c |
8482 |
++++ b/net/netlabel/netlabel_cipso_v4.c |
8483 |
+@@ -156,8 +156,8 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, |
8484 |
+ return -ENOMEM; |
8485 |
+ doi_def->map.std = kzalloc(sizeof(*doi_def->map.std), GFP_KERNEL); |
8486 |
+ if (doi_def->map.std == NULL) { |
8487 |
+- ret_val = -ENOMEM; |
8488 |
+- goto add_std_failure; |
8489 |
++ kfree(doi_def); |
8490 |
++ return -ENOMEM; |
8491 |
+ } |
8492 |
+ doi_def->type = CIPSO_V4_MAP_TRANS; |
8493 |
+ |
8494 |
+@@ -198,14 +198,14 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, |
8495 |
+ } |
8496 |
+ doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size, |
8497 |
+ sizeof(u32), |
8498 |
+- GFP_KERNEL); |
8499 |
++ GFP_KERNEL | __GFP_NOWARN); |
8500 |
+ if (doi_def->map.std->lvl.local == NULL) { |
8501 |
+ ret_val = -ENOMEM; |
8502 |
+ goto add_std_failure; |
8503 |
+ } |
8504 |
+ doi_def->map.std->lvl.cipso = kcalloc(doi_def->map.std->lvl.cipso_size, |
8505 |
+ sizeof(u32), |
8506 |
+- GFP_KERNEL); |
8507 |
++ GFP_KERNEL | __GFP_NOWARN); |
8508 |
+ if (doi_def->map.std->lvl.cipso == NULL) { |
8509 |
+ ret_val = -ENOMEM; |
8510 |
+ goto add_std_failure; |
8511 |
+@@ -273,7 +273,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, |
8512 |
+ doi_def->map.std->cat.local = kcalloc( |
8513 |
+ doi_def->map.std->cat.local_size, |
8514 |
+ sizeof(u32), |
8515 |
+- GFP_KERNEL); |
8516 |
++ GFP_KERNEL | __GFP_NOWARN); |
8517 |
+ if (doi_def->map.std->cat.local == NULL) { |
8518 |
+ ret_val = -ENOMEM; |
8519 |
+ goto add_std_failure; |
8520 |
+@@ -281,7 +281,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info, |
8521 |
+ doi_def->map.std->cat.cipso = kcalloc( |
8522 |
+ doi_def->map.std->cat.cipso_size, |
8523 |
+ sizeof(u32), |
8524 |
+- GFP_KERNEL); |
8525 |
++ GFP_KERNEL | __GFP_NOWARN); |
8526 |
+ if (doi_def->map.std->cat.cipso == NULL) { |
8527 |
+ ret_val = -ENOMEM; |
8528 |
+ goto add_std_failure; |
8529 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
8530 |
+index ac3fe507bc1c4..b0fd268ed65e5 100644 |
8531 |
+--- a/net/netlink/af_netlink.c |
8532 |
++++ b/net/netlink/af_netlink.c |
8533 |
+@@ -2498,13 +2498,15 @@ int nlmsg_notify(struct sock *sk, struct sk_buff *skb, u32 portid, |
8534 |
+ /* errors reported via destination sk->sk_err, but propagate |
8535 |
+ * delivery errors if NETLINK_BROADCAST_ERROR flag is set */ |
8536 |
+ err = nlmsg_multicast(sk, skb, exclude_portid, group, flags); |
8537 |
++ if (err == -ESRCH) |
8538 |
++ err = 0; |
8539 |
+ } |
8540 |
+ |
8541 |
+ if (report) { |
8542 |
+ int err2; |
8543 |
+ |
8544 |
+ err2 = nlmsg_unicast(sk, skb, portid); |
8545 |
+- if (!err || err == -ESRCH) |
8546 |
++ if (!err) |
8547 |
+ err = err2; |
8548 |
+ } |
8549 |
+ |
8550 |
+diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c |
8551 |
+index ebc3c8c7e6661..bc62e1b246539 100644 |
8552 |
+--- a/net/sched/sch_cbq.c |
8553 |
++++ b/net/sched/sch_cbq.c |
8554 |
+@@ -1616,7 +1616,7 @@ cbq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, struct nlattr **t |
8555 |
+ err = tcf_block_get(&cl->block, &cl->filter_list, sch, extack); |
8556 |
+ if (err) { |
8557 |
+ kfree(cl); |
8558 |
+- return err; |
8559 |
++ goto failure; |
8560 |
+ } |
8561 |
+ |
8562 |
+ if (tca[TCA_RATE]) { |
8563 |
+diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c |
8564 |
+index a862d9990be74..e4f69c779b8cf 100644 |
8565 |
+--- a/net/sched/sch_fq_codel.c |
8566 |
++++ b/net/sched/sch_fq_codel.c |
8567 |
+@@ -382,6 +382,7 @@ static int fq_codel_change(struct Qdisc *sch, struct nlattr *opt, |
8568 |
+ { |
8569 |
+ struct fq_codel_sched_data *q = qdisc_priv(sch); |
8570 |
+ struct nlattr *tb[TCA_FQ_CODEL_MAX + 1]; |
8571 |
++ u32 quantum = 0; |
8572 |
+ int err; |
8573 |
+ |
8574 |
+ if (!opt) |
8575 |
+@@ -399,6 +400,13 @@ static int fq_codel_change(struct Qdisc *sch, struct nlattr *opt, |
8576 |
+ q->flows_cnt > 65536) |
8577 |
+ return -EINVAL; |
8578 |
+ } |
8579 |
++ if (tb[TCA_FQ_CODEL_QUANTUM]) { |
8580 |
++ quantum = max(256U, nla_get_u32(tb[TCA_FQ_CODEL_QUANTUM])); |
8581 |
++ if (quantum > FQ_CODEL_QUANTUM_MAX) { |
8582 |
++ NL_SET_ERR_MSG(extack, "Invalid quantum"); |
8583 |
++ return -EINVAL; |
8584 |
++ } |
8585 |
++ } |
8586 |
+ sch_tree_lock(sch); |
8587 |
+ |
8588 |
+ if (tb[TCA_FQ_CODEL_TARGET]) { |
8589 |
+@@ -425,8 +433,8 @@ static int fq_codel_change(struct Qdisc *sch, struct nlattr *opt, |
8590 |
+ if (tb[TCA_FQ_CODEL_ECN]) |
8591 |
+ q->cparams.ecn = !!nla_get_u32(tb[TCA_FQ_CODEL_ECN]); |
8592 |
+ |
8593 |
+- if (tb[TCA_FQ_CODEL_QUANTUM]) |
8594 |
+- q->quantum = max(256U, nla_get_u32(tb[TCA_FQ_CODEL_QUANTUM])); |
8595 |
++ if (quantum) |
8596 |
++ q->quantum = quantum; |
8597 |
+ |
8598 |
+ if (tb[TCA_FQ_CODEL_DROP_BATCH_SIZE]) |
8599 |
+ q->drop_batch_size = max(1U, nla_get_u32(tb[TCA_FQ_CODEL_DROP_BATCH_SIZE])); |
8600 |
+diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c |
8601 |
+index a85d78d2bdb73..d9d03881e4de5 100644 |
8602 |
+--- a/net/sunrpc/auth_gss/svcauth_gss.c |
8603 |
++++ b/net/sunrpc/auth_gss/svcauth_gss.c |
8604 |
+@@ -1914,7 +1914,7 @@ gss_svc_init_net(struct net *net) |
8605 |
+ goto out2; |
8606 |
+ return 0; |
8607 |
+ out2: |
8608 |
+- destroy_use_gss_proxy_proc_entry(net); |
8609 |
++ rsi_cache_destroy_net(net); |
8610 |
+ out1: |
8611 |
+ rsc_cache_destroy_net(net); |
8612 |
+ return rv; |
8613 |
+diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c |
8614 |
+index 11d393c047728..6a606af8de819 100644 |
8615 |
+--- a/net/sunrpc/svc.c |
8616 |
++++ b/net/sunrpc/svc.c |
8617 |
+@@ -1146,6 +1146,22 @@ static __printf(2,3) void svc_printk(struct svc_rqst *rqstp, const char *fmt, .. |
8618 |
+ |
8619 |
+ extern void svc_tcp_prep_reply_hdr(struct svc_rqst *); |
8620 |
+ |
8621 |
++__be32 |
8622 |
++svc_return_autherr(struct svc_rqst *rqstp, __be32 auth_err) |
8623 |
++{ |
8624 |
++ set_bit(RQ_AUTHERR, &rqstp->rq_flags); |
8625 |
++ return auth_err; |
8626 |
++} |
8627 |
++EXPORT_SYMBOL_GPL(svc_return_autherr); |
8628 |
++ |
8629 |
++static __be32 |
8630 |
++svc_get_autherr(struct svc_rqst *rqstp, __be32 *statp) |
8631 |
++{ |
8632 |
++ if (test_and_clear_bit(RQ_AUTHERR, &rqstp->rq_flags)) |
8633 |
++ return *statp; |
8634 |
++ return rpc_auth_ok; |
8635 |
++} |
8636 |
++ |
8637 |
+ /* |
8638 |
+ * Common routine for processing the RPC request. |
8639 |
+ */ |
8640 |
+@@ -1296,11 +1312,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) |
8641 |
+ procp->pc_release(rqstp); |
8642 |
+ goto dropit; |
8643 |
+ } |
8644 |
+- if (*statp == rpc_autherr_badcred) { |
8645 |
+- if (procp->pc_release) |
8646 |
+- procp->pc_release(rqstp); |
8647 |
+- goto err_bad_auth; |
8648 |
+- } |
8649 |
++ auth_stat = svc_get_autherr(rqstp, statp); |
8650 |
++ if (auth_stat != rpc_auth_ok) |
8651 |
++ goto err_release_bad_auth; |
8652 |
+ if (*statp == rpc_success && procp->pc_encode && |
8653 |
+ !procp->pc_encode(rqstp, resv->iov_base + resv->iov_len)) { |
8654 |
+ dprintk("svc: failed to encode reply\n"); |
8655 |
+@@ -1359,6 +1373,9 @@ err_bad_rpc: |
8656 |
+ svc_putnl(resv, 2); |
8657 |
+ goto sendit; |
8658 |
+ |
8659 |
++err_release_bad_auth: |
8660 |
++ if (procp->pc_release) |
8661 |
++ procp->pc_release(rqstp); |
8662 |
+ err_bad_auth: |
8663 |
+ dprintk("svc: authentication failed (%d)\n", ntohl(auth_stat)); |
8664 |
+ serv->sv_stats->rpcbadauth++; |
8665 |
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c |
8666 |
+index 6aead6deaa6c4..848ae6dcbd822 100644 |
8667 |
+--- a/net/tipc/socket.c |
8668 |
++++ b/net/tipc/socket.c |
8669 |
+@@ -1716,6 +1716,7 @@ static int tipc_recvmsg(struct socket *sock, struct msghdr *m, |
8670 |
+ bool connected = !tipc_sk_type_connectionless(sk); |
8671 |
+ struct tipc_sock *tsk = tipc_sk(sk); |
8672 |
+ int rc, err, hlen, dlen, copy; |
8673 |
++ struct tipc_skb_cb *skb_cb; |
8674 |
+ struct sk_buff_head xmitq; |
8675 |
+ struct tipc_msg *hdr; |
8676 |
+ struct sk_buff *skb; |
8677 |
+@@ -1739,6 +1740,7 @@ static int tipc_recvmsg(struct socket *sock, struct msghdr *m, |
8678 |
+ if (unlikely(rc)) |
8679 |
+ goto exit; |
8680 |
+ skb = skb_peek(&sk->sk_receive_queue); |
8681 |
++ skb_cb = TIPC_SKB_CB(skb); |
8682 |
+ hdr = buf_msg(skb); |
8683 |
+ dlen = msg_data_sz(hdr); |
8684 |
+ hlen = msg_hdr_sz(hdr); |
8685 |
+@@ -1758,18 +1760,33 @@ static int tipc_recvmsg(struct socket *sock, struct msghdr *m, |
8686 |
+ |
8687 |
+ /* Capture data if non-error msg, otherwise just set return value */ |
8688 |
+ if (likely(!err)) { |
8689 |
+- copy = min_t(int, dlen, buflen); |
8690 |
+- if (unlikely(copy != dlen)) |
8691 |
+- m->msg_flags |= MSG_TRUNC; |
8692 |
+- rc = skb_copy_datagram_msg(skb, hlen, m, copy); |
8693 |
++ int offset = skb_cb->bytes_read; |
8694 |
++ |
8695 |
++ copy = min_t(int, dlen - offset, buflen); |
8696 |
++ rc = skb_copy_datagram_msg(skb, hlen + offset, m, copy); |
8697 |
++ if (unlikely(rc)) |
8698 |
++ goto exit; |
8699 |
++ if (unlikely(offset + copy < dlen)) { |
8700 |
++ if (flags & MSG_EOR) { |
8701 |
++ if (!(flags & MSG_PEEK)) |
8702 |
++ skb_cb->bytes_read = offset + copy; |
8703 |
++ } else { |
8704 |
++ m->msg_flags |= MSG_TRUNC; |
8705 |
++ skb_cb->bytes_read = 0; |
8706 |
++ } |
8707 |
++ } else { |
8708 |
++ if (flags & MSG_EOR) |
8709 |
++ m->msg_flags |= MSG_EOR; |
8710 |
++ skb_cb->bytes_read = 0; |
8711 |
++ } |
8712 |
+ } else { |
8713 |
+ copy = 0; |
8714 |
+ rc = 0; |
8715 |
+- if (err != TIPC_CONN_SHUTDOWN && connected && !m->msg_control) |
8716 |
++ if (err != TIPC_CONN_SHUTDOWN && connected && !m->msg_control) { |
8717 |
+ rc = -ECONNRESET; |
8718 |
++ goto exit; |
8719 |
++ } |
8720 |
+ } |
8721 |
+- if (unlikely(rc)) |
8722 |
+- goto exit; |
8723 |
+ |
8724 |
+ /* Mark message as group event if applicable */ |
8725 |
+ if (unlikely(grp_evt)) { |
8726 |
+@@ -1792,6 +1809,9 @@ static int tipc_recvmsg(struct socket *sock, struct msghdr *m, |
8727 |
+ tipc_node_distr_xmit(sock_net(sk), &xmitq); |
8728 |
+ } |
8729 |
+ |
8730 |
++ if (skb_cb->bytes_read) |
8731 |
++ goto exit; |
8732 |
++ |
8733 |
+ tsk_advance_rx_queue(sk); |
8734 |
+ |
8735 |
+ if (likely(!connected)) |
8736 |
+@@ -2203,7 +2223,7 @@ static int tipc_sk_backlog_rcv(struct sock *sk, struct sk_buff *skb) |
8737 |
+ static void tipc_sk_enqueue(struct sk_buff_head *inputq, struct sock *sk, |
8738 |
+ u32 dport, struct sk_buff_head *xmitq) |
8739 |
+ { |
8740 |
+- unsigned long time_limit = jiffies + 2; |
8741 |
++ unsigned long time_limit = jiffies + usecs_to_jiffies(20000); |
8742 |
+ struct sk_buff *skb; |
8743 |
+ unsigned int lim; |
8744 |
+ atomic_t *dcnt; |
8745 |
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
8746 |
+index 98c253afa0db2..c293a558b0d4f 100644 |
8747 |
+--- a/net/unix/af_unix.c |
8748 |
++++ b/net/unix/af_unix.c |
8749 |
+@@ -2739,7 +2739,7 @@ static __poll_t unix_dgram_poll(struct file *file, struct socket *sock, |
8750 |
+ |
8751 |
+ other = unix_peer(sk); |
8752 |
+ if (other && unix_peer(other) != sk && |
8753 |
+- unix_recvq_full(other) && |
8754 |
++ unix_recvq_full_lockless(other) && |
8755 |
+ unix_dgram_peer_wake_me(sk, other)) |
8756 |
+ writable = 0; |
8757 |
+ |
8758 |
+diff --git a/samples/bpf/test_override_return.sh b/samples/bpf/test_override_return.sh |
8759 |
+index e68b9ee6814b8..35db26f736b9d 100755 |
8760 |
+--- a/samples/bpf/test_override_return.sh |
8761 |
++++ b/samples/bpf/test_override_return.sh |
8762 |
+@@ -1,5 +1,6 @@ |
8763 |
+ #!/bin/bash |
8764 |
+ |
8765 |
++rm -r tmpmnt |
8766 |
+ rm -f testfile.img |
8767 |
+ dd if=/dev/zero of=testfile.img bs=1M seek=1000 count=1 |
8768 |
+ DEVICE=$(losetup --show -f testfile.img) |
8769 |
+diff --git a/samples/bpf/tracex7_user.c b/samples/bpf/tracex7_user.c |
8770 |
+index ea6dae78f0dff..2ed13e9f3fcb0 100644 |
8771 |
+--- a/samples/bpf/tracex7_user.c |
8772 |
++++ b/samples/bpf/tracex7_user.c |
8773 |
+@@ -13,6 +13,11 @@ int main(int argc, char **argv) |
8774 |
+ char command[256]; |
8775 |
+ int ret; |
8776 |
+ |
8777 |
++ if (!argv[1]) { |
8778 |
++ fprintf(stderr, "ERROR: Run with the btrfs device argument!\n"); |
8779 |
++ return 0; |
8780 |
++ } |
8781 |
++ |
8782 |
+ snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); |
8783 |
+ |
8784 |
+ if (load_bpf_file(filename)) { |
8785 |
+diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig |
8786 |
+index 13b446328dda0..5095b2e8fceeb 100644 |
8787 |
+--- a/security/integrity/ima/Kconfig |
8788 |
++++ b/security/integrity/ima/Kconfig |
8789 |
+@@ -5,7 +5,6 @@ config IMA |
8790 |
+ select SECURITYFS |
8791 |
+ select CRYPTO |
8792 |
+ select CRYPTO_HMAC |
8793 |
+- select CRYPTO_MD5 |
8794 |
+ select CRYPTO_SHA1 |
8795 |
+ select CRYPTO_HASH_INFO |
8796 |
+ select TCG_TPM if HAS_IOMEM && !UML |
8797 |
+diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c |
8798 |
+index 3e7a1523663b8..daad75ee74d9f 100644 |
8799 |
+--- a/security/integrity/ima/ima_mok.c |
8800 |
++++ b/security/integrity/ima/ima_mok.c |
8801 |
+@@ -26,7 +26,7 @@ struct key *ima_blacklist_keyring; |
8802 |
+ /* |
8803 |
+ * Allocate the IMA blacklist keyring |
8804 |
+ */ |
8805 |
+-__init int ima_mok_init(void) |
8806 |
++static __init int ima_mok_init(void) |
8807 |
+ { |
8808 |
+ struct key_restriction *restriction; |
8809 |
+ |
8810 |
+diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c |
8811 |
+index a7855c61c05cd..07d23b4f76f3b 100644 |
8812 |
+--- a/security/smack/smack_access.c |
8813 |
++++ b/security/smack/smack_access.c |
8814 |
+@@ -85,23 +85,22 @@ int log_policy = SMACK_AUDIT_DENIED; |
8815 |
+ int smk_access_entry(char *subject_label, char *object_label, |
8816 |
+ struct list_head *rule_list) |
8817 |
+ { |
8818 |
+- int may = -ENOENT; |
8819 |
+ struct smack_rule *srp; |
8820 |
+ |
8821 |
+ list_for_each_entry_rcu(srp, rule_list, list) { |
8822 |
+ if (srp->smk_object->smk_known == object_label && |
8823 |
+ srp->smk_subject->smk_known == subject_label) { |
8824 |
+- may = srp->smk_access; |
8825 |
+- break; |
8826 |
++ int may = srp->smk_access; |
8827 |
++ /* |
8828 |
++ * MAY_WRITE implies MAY_LOCK. |
8829 |
++ */ |
8830 |
++ if ((may & MAY_WRITE) == MAY_WRITE) |
8831 |
++ may |= MAY_LOCK; |
8832 |
++ return may; |
8833 |
+ } |
8834 |
+ } |
8835 |
+ |
8836 |
+- /* |
8837 |
+- * MAY_WRITE implies MAY_LOCK. |
8838 |
+- */ |
8839 |
+- if ((may & MAY_WRITE) == MAY_WRITE) |
8840 |
+- may |= MAY_LOCK; |
8841 |
+- return may; |
8842 |
++ return -ENOENT; |
8843 |
+ } |
8844 |
+ |
8845 |
+ /** |
8846 |
+diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c |
8847 |
+index 56295936387c3..da454eeee5c91 100644 |
8848 |
+--- a/sound/core/pcm_lib.c |
8849 |
++++ b/sound/core/pcm_lib.c |
8850 |
+@@ -1751,7 +1751,7 @@ static int snd_pcm_lib_ioctl_fifo_size(struct snd_pcm_substream *substream, |
8851 |
+ channels = params_channels(params); |
8852 |
+ frame_size = snd_pcm_format_size(format, channels); |
8853 |
+ if (frame_size > 0) |
8854 |
+- params->fifo_size /= (unsigned)frame_size; |
8855 |
++ params->fifo_size /= frame_size; |
8856 |
+ } |
8857 |
+ return 0; |
8858 |
+ } |
8859 |
+diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c |
8860 |
+index 186c0ee059da7..c4d19b88d17dc 100644 |
8861 |
+--- a/sound/soc/intel/boards/bytcr_rt5640.c |
8862 |
++++ b/sound/soc/intel/boards/bytcr_rt5640.c |
8863 |
+@@ -293,9 +293,6 @@ static const struct snd_soc_dapm_widget byt_rt5640_widgets[] = { |
8864 |
+ static const struct snd_soc_dapm_route byt_rt5640_audio_map[] = { |
8865 |
+ {"Headphone", NULL, "Platform Clock"}, |
8866 |
+ {"Headset Mic", NULL, "Platform Clock"}, |
8867 |
+- {"Internal Mic", NULL, "Platform Clock"}, |
8868 |
+- {"Speaker", NULL, "Platform Clock"}, |
8869 |
+- |
8870 |
+ {"Headset Mic", NULL, "MICBIAS1"}, |
8871 |
+ {"IN2P", NULL, "Headset Mic"}, |
8872 |
+ {"Headphone", NULL, "HPOL"}, |
8873 |
+@@ -303,19 +300,23 @@ static const struct snd_soc_dapm_route byt_rt5640_audio_map[] = { |
8874 |
+ }; |
8875 |
+ |
8876 |
+ static const struct snd_soc_dapm_route byt_rt5640_intmic_dmic1_map[] = { |
8877 |
++ {"Internal Mic", NULL, "Platform Clock"}, |
8878 |
+ {"DMIC1", NULL, "Internal Mic"}, |
8879 |
+ }; |
8880 |
+ |
8881 |
+ static const struct snd_soc_dapm_route byt_rt5640_intmic_dmic2_map[] = { |
8882 |
++ {"Internal Mic", NULL, "Platform Clock"}, |
8883 |
+ {"DMIC2", NULL, "Internal Mic"}, |
8884 |
+ }; |
8885 |
+ |
8886 |
+ static const struct snd_soc_dapm_route byt_rt5640_intmic_in1_map[] = { |
8887 |
++ {"Internal Mic", NULL, "Platform Clock"}, |
8888 |
+ {"Internal Mic", NULL, "MICBIAS1"}, |
8889 |
+ {"IN1P", NULL, "Internal Mic"}, |
8890 |
+ }; |
8891 |
+ |
8892 |
+ static const struct snd_soc_dapm_route byt_rt5640_intmic_in3_map[] = { |
8893 |
++ {"Internal Mic", NULL, "Platform Clock"}, |
8894 |
+ {"Internal Mic", NULL, "MICBIAS1"}, |
8895 |
+ {"IN3P", NULL, "Internal Mic"}, |
8896 |
+ }; |
8897 |
+@@ -357,6 +358,7 @@ static const struct snd_soc_dapm_route byt_rt5640_ssp0_aif2_map[] = { |
8898 |
+ }; |
8899 |
+ |
8900 |
+ static const struct snd_soc_dapm_route byt_rt5640_stereo_spk_map[] = { |
8901 |
++ {"Speaker", NULL, "Platform Clock"}, |
8902 |
+ {"Speaker", NULL, "SPOLP"}, |
8903 |
+ {"Speaker", NULL, "SPOLN"}, |
8904 |
+ {"Speaker", NULL, "SPORP"}, |
8905 |
+@@ -364,6 +366,7 @@ static const struct snd_soc_dapm_route byt_rt5640_stereo_spk_map[] = { |
8906 |
+ }; |
8907 |
+ |
8908 |
+ static const struct snd_soc_dapm_route byt_rt5640_mono_spk_map[] = { |
8909 |
++ {"Speaker", NULL, "Platform Clock"}, |
8910 |
+ {"Speaker", NULL, "SPOLP"}, |
8911 |
+ {"Speaker", NULL, "SPOLN"}, |
8912 |
+ }; |
8913 |
+diff --git a/sound/soc/rockchip/rockchip_i2s.c b/sound/soc/rockchip/rockchip_i2s.c |
8914 |
+index b86f76c3598cd..c6d11a59310fc 100644 |
8915 |
+--- a/sound/soc/rockchip/rockchip_i2s.c |
8916 |
++++ b/sound/soc/rockchip/rockchip_i2s.c |
8917 |
+@@ -189,7 +189,9 @@ static int rockchip_i2s_set_fmt(struct snd_soc_dai *cpu_dai, |
8918 |
+ { |
8919 |
+ struct rk_i2s_dev *i2s = to_info(cpu_dai); |
8920 |
+ unsigned int mask = 0, val = 0; |
8921 |
++ int ret = 0; |
8922 |
+ |
8923 |
++ pm_runtime_get_sync(cpu_dai->dev); |
8924 |
+ mask = I2S_CKR_MSS_MASK; |
8925 |
+ switch (fmt & SND_SOC_DAIFMT_MASTER_MASK) { |
8926 |
+ case SND_SOC_DAIFMT_CBS_CFS: |
8927 |
+@@ -202,7 +204,8 @@ static int rockchip_i2s_set_fmt(struct snd_soc_dai *cpu_dai, |
8928 |
+ i2s->is_master_mode = false; |
8929 |
+ break; |
8930 |
+ default: |
8931 |
+- return -EINVAL; |
8932 |
++ ret = -EINVAL; |
8933 |
++ goto err_pm_put; |
8934 |
+ } |
8935 |
+ |
8936 |
+ regmap_update_bits(i2s->regmap, I2S_CKR, mask, val); |
8937 |
+@@ -216,7 +219,8 @@ static int rockchip_i2s_set_fmt(struct snd_soc_dai *cpu_dai, |
8938 |
+ val = I2S_CKR_CKP_POS; |
8939 |
+ break; |
8940 |
+ default: |
8941 |
+- return -EINVAL; |
8942 |
++ ret = -EINVAL; |
8943 |
++ goto err_pm_put; |
8944 |
+ } |
8945 |
+ |
8946 |
+ regmap_update_bits(i2s->regmap, I2S_CKR, mask, val); |
8947 |
+@@ -232,14 +236,15 @@ static int rockchip_i2s_set_fmt(struct snd_soc_dai *cpu_dai, |
8948 |
+ case SND_SOC_DAIFMT_I2S: |
8949 |
+ val = I2S_TXCR_IBM_NORMAL; |
8950 |
+ break; |
8951 |
+- case SND_SOC_DAIFMT_DSP_A: /* PCM no delay mode */ |
8952 |
+- val = I2S_TXCR_TFS_PCM; |
8953 |
+- break; |
8954 |
+- case SND_SOC_DAIFMT_DSP_B: /* PCM delay 1 mode */ |
8955 |
++ case SND_SOC_DAIFMT_DSP_A: /* PCM delay 1 bit mode */ |
8956 |
+ val = I2S_TXCR_TFS_PCM | I2S_TXCR_PBM_MODE(1); |
8957 |
+ break; |
8958 |
++ case SND_SOC_DAIFMT_DSP_B: /* PCM no delay mode */ |
8959 |
++ val = I2S_TXCR_TFS_PCM; |
8960 |
++ break; |
8961 |
+ default: |
8962 |
+- return -EINVAL; |
8963 |
++ ret = -EINVAL; |
8964 |
++ goto err_pm_put; |
8965 |
+ } |
8966 |
+ |
8967 |
+ regmap_update_bits(i2s->regmap, I2S_TXCR, mask, val); |
8968 |
+@@ -255,19 +260,23 @@ static int rockchip_i2s_set_fmt(struct snd_soc_dai *cpu_dai, |
8969 |
+ case SND_SOC_DAIFMT_I2S: |
8970 |
+ val = I2S_RXCR_IBM_NORMAL; |
8971 |
+ break; |
8972 |
+- case SND_SOC_DAIFMT_DSP_A: /* PCM no delay mode */ |
8973 |
+- val = I2S_RXCR_TFS_PCM; |
8974 |
+- break; |
8975 |
+- case SND_SOC_DAIFMT_DSP_B: /* PCM delay 1 mode */ |
8976 |
++ case SND_SOC_DAIFMT_DSP_A: /* PCM delay 1 bit mode */ |
8977 |
+ val = I2S_RXCR_TFS_PCM | I2S_RXCR_PBM_MODE(1); |
8978 |
+ break; |
8979 |
++ case SND_SOC_DAIFMT_DSP_B: /* PCM no delay mode */ |
8980 |
++ val = I2S_RXCR_TFS_PCM; |
8981 |
++ break; |
8982 |
+ default: |
8983 |
+- return -EINVAL; |
8984 |
++ ret = -EINVAL; |
8985 |
++ goto err_pm_put; |
8986 |
+ } |
8987 |
+ |
8988 |
+ regmap_update_bits(i2s->regmap, I2S_RXCR, mask, val); |
8989 |
+ |
8990 |
+- return 0; |
8991 |
++err_pm_put: |
8992 |
++ pm_runtime_put(cpu_dai->dev); |
8993 |
++ |
8994 |
++ return ret; |
8995 |
+ } |
8996 |
+ |
8997 |
+ static int rockchip_i2s_hw_params(struct snd_pcm_substream *substream, |
8998 |
+diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c |
8999 |
+index 4114594e57a30..f4bdcff82f5cc 100644 |
9000 |
+--- a/sound/usb/quirks.c |
9001 |
++++ b/sound/usb/quirks.c |
9002 |
+@@ -1554,6 +1554,7 @@ static const struct registration_quirk registration_quirks[] = { |
9003 |
+ REG_QUIRK_ENTRY(0x0951, 0x16ed, 2), /* Kingston HyperX Cloud Alpha S */ |
9004 |
+ REG_QUIRK_ENTRY(0x0951, 0x16ea, 2), /* Kingston HyperX Cloud Flight S */ |
9005 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x1f46, 2), /* JBL Quantum 600 */ |
9006 |
++ REG_QUIRK_ENTRY(0x0ecb, 0x1f47, 2), /* JBL Quantum 800 */ |
9007 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x2039, 2), /* JBL Quantum 400 */ |
9008 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x203c, 2), /* JBL Quantum 600 */ |
9009 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x203e, 2), /* JBL Quantum 800 */ |
9010 |
+diff --git a/tools/perf/util/machine.c b/tools/perf/util/machine.c |
9011 |
+index ab208400ea140..4ada233b37ed1 100644 |
9012 |
+--- a/tools/perf/util/machine.c |
9013 |
++++ b/tools/perf/util/machine.c |
9014 |
+@@ -1893,6 +1893,7 @@ static int add_callchain_ip(struct thread *thread, |
9015 |
+ |
9016 |
+ al.filtered = 0; |
9017 |
+ al.sym = NULL; |
9018 |
++ al.srcline = NULL; |
9019 |
+ if (!cpumode) { |
9020 |
+ thread__find_cpumode_addr_location(thread, ip, &al); |
9021 |
+ } else { |
9022 |
+diff --git a/tools/testing/selftests/bpf/test_maps.c b/tools/testing/selftests/bpf/test_maps.c |
9023 |
+index 4e202217fae10..87ba89df98022 100644 |
9024 |
+--- a/tools/testing/selftests/bpf/test_maps.c |
9025 |
++++ b/tools/testing/selftests/bpf/test_maps.c |
9026 |
+@@ -796,7 +796,7 @@ static void test_sockmap(int tasks, void *data) |
9027 |
+ |
9028 |
+ FD_ZERO(&w); |
9029 |
+ FD_SET(sfd[3], &w); |
9030 |
+- to.tv_sec = 1; |
9031 |
++ to.tv_sec = 30; |
9032 |
+ to.tv_usec = 0; |
9033 |
+ s = select(sfd[3] + 1, &w, NULL, NULL, &to); |
9034 |
+ if (s == -1) { |
9035 |
+diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c |
9036 |
+index c7d17781dbfee..858e551432339 100644 |
9037 |
+--- a/tools/testing/selftests/bpf/test_verifier.c |
9038 |
++++ b/tools/testing/selftests/bpf/test_verifier.c |
9039 |
+@@ -956,15 +956,45 @@ static struct bpf_test tests[] = { |
9040 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), |
9041 |
+ /* mess up with R1 pointer on stack */ |
9042 |
+ BPF_ST_MEM(BPF_B, BPF_REG_10, -7, 0x23), |
9043 |
+- /* fill back into R0 should fail */ |
9044 |
++ /* fill back into R0 is fine for priv. |
9045 |
++ * R0 now becomes SCALAR_VALUE. |
9046 |
++ */ |
9047 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), |
9048 |
++ /* Load from R0 should fail. */ |
9049 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 8), |
9050 |
+ BPF_EXIT_INSN(), |
9051 |
+ }, |
9052 |
+ .errstr_unpriv = "attempt to corrupt spilled", |
9053 |
+- .errstr = "corrupted spill", |
9054 |
++ .errstr = "R0 invalid mem access 'inv", |
9055 |
+ .result = REJECT, |
9056 |
+ .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, |
9057 |
+ }, |
9058 |
++ { |
9059 |
++ "check corrupted spill/fill, LSB", |
9060 |
++ .insns = { |
9061 |
++ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), |
9062 |
++ BPF_ST_MEM(BPF_H, BPF_REG_10, -8, 0xcafe), |
9063 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), |
9064 |
++ BPF_EXIT_INSN(), |
9065 |
++ }, |
9066 |
++ .errstr_unpriv = "attempt to corrupt spilled", |
9067 |
++ .result_unpriv = REJECT, |
9068 |
++ .result = ACCEPT, |
9069 |
++ .retval = POINTER_VALUE, |
9070 |
++ }, |
9071 |
++ { |
9072 |
++ "check corrupted spill/fill, MSB", |
9073 |
++ .insns = { |
9074 |
++ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), |
9075 |
++ BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0x12345678), |
9076 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), |
9077 |
++ BPF_EXIT_INSN(), |
9078 |
++ }, |
9079 |
++ .errstr_unpriv = "attempt to corrupt spilled", |
9080 |
++ .result_unpriv = REJECT, |
9081 |
++ .result = ACCEPT, |
9082 |
++ .retval = POINTER_VALUE, |
9083 |
++ }, |
9084 |
+ { |
9085 |
+ "invalid src register in STX", |
9086 |
+ .insns = { |
9087 |
+@@ -3858,7 +3888,8 @@ static struct bpf_test tests[] = { |
9088 |
+ offsetof(struct __sk_buff, data)), |
9089 |
+ BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, |
9090 |
+ offsetof(struct __sk_buff, data_end)), |
9091 |
+- BPF_MOV64_IMM(BPF_REG_0, 0xffffffff), |
9092 |
++ BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, |
9093 |
++ offsetof(struct __sk_buff, mark)), |
9094 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), |
9095 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), |
9096 |
+ BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffff), |
9097 |
+@@ -6530,9 +6561,9 @@ static struct bpf_test tests[] = { |
9098 |
+ { |
9099 |
+ "helper access to variable memory: stack, bitwise AND, zero included", |
9100 |
+ .insns = { |
9101 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9102 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9103 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9104 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9105 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9106 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9107 |
+ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64), |
9108 |
+@@ -6547,9 +6578,9 @@ static struct bpf_test tests[] = { |
9109 |
+ { |
9110 |
+ "helper access to variable memory: stack, bitwise AND + JMP, wrong max", |
9111 |
+ .insns = { |
9112 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9113 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9114 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9115 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9116 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9117 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9118 |
+ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 65), |
9119 |
+@@ -6623,9 +6654,9 @@ static struct bpf_test tests[] = { |
9120 |
+ { |
9121 |
+ "helper access to variable memory: stack, JMP, bounds + offset", |
9122 |
+ .insns = { |
9123 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9124 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9125 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9126 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9127 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9128 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9129 |
+ BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 64, 5), |
9130 |
+@@ -6644,9 +6675,9 @@ static struct bpf_test tests[] = { |
9131 |
+ { |
9132 |
+ "helper access to variable memory: stack, JMP, wrong max", |
9133 |
+ .insns = { |
9134 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9135 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9136 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9137 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9138 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9139 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9140 |
+ BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 65, 4), |
9141 |
+@@ -6664,9 +6695,9 @@ static struct bpf_test tests[] = { |
9142 |
+ { |
9143 |
+ "helper access to variable memory: stack, JMP, no max check", |
9144 |
+ .insns = { |
9145 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9146 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9147 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9148 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9149 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9150 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9151 |
+ BPF_MOV64_IMM(BPF_REG_4, 0), |
9152 |
+@@ -6684,9 +6715,9 @@ static struct bpf_test tests[] = { |
9153 |
+ { |
9154 |
+ "helper access to variable memory: stack, JMP, no min check", |
9155 |
+ .insns = { |
9156 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9157 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9158 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9159 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9160 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9161 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9162 |
+ BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 64, 3), |
9163 |
+@@ -6702,9 +6733,9 @@ static struct bpf_test tests[] = { |
9164 |
+ { |
9165 |
+ "helper access to variable memory: stack, JMP (signed), no min check", |
9166 |
+ .insns = { |
9167 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9168 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9169 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9170 |
+- BPF_MOV64_IMM(BPF_REG_2, 16), |
9171 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), |
9172 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), |
9173 |
+ BPF_JMP_IMM(BPF_JSGT, BPF_REG_2, 64, 3), |
9174 |
+@@ -6746,6 +6777,7 @@ static struct bpf_test tests[] = { |
9175 |
+ { |
9176 |
+ "helper access to variable memory: map, JMP, wrong max", |
9177 |
+ .insns = { |
9178 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8), |
9179 |
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), |
9180 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), |
9181 |
+ BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), |
9182 |
+@@ -6753,7 +6785,7 @@ static struct bpf_test tests[] = { |
9183 |
+ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), |
9184 |
+ BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10), |
9185 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), |
9186 |
+- BPF_MOV64_IMM(BPF_REG_2, sizeof(struct test_val)), |
9187 |
++ BPF_MOV64_REG(BPF_REG_2, BPF_REG_6), |
9188 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128), |
9189 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128), |
9190 |
+ BPF_JMP_IMM(BPF_JSGT, BPF_REG_2, |
9191 |
+@@ -6765,7 +6797,7 @@ static struct bpf_test tests[] = { |
9192 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
9193 |
+ BPF_EXIT_INSN(), |
9194 |
+ }, |
9195 |
+- .fixup_map2 = { 3 }, |
9196 |
++ .fixup_map2 = { 4 }, |
9197 |
+ .errstr = "invalid access to map value, value_size=48 off=0 size=49", |
9198 |
+ .result = REJECT, |
9199 |
+ .prog_type = BPF_PROG_TYPE_TRACEPOINT, |
9200 |
+@@ -6800,6 +6832,7 @@ static struct bpf_test tests[] = { |
9201 |
+ { |
9202 |
+ "helper access to variable memory: map adjusted, JMP, wrong max", |
9203 |
+ .insns = { |
9204 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8), |
9205 |
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), |
9206 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), |
9207 |
+ BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), |
9208 |
+@@ -6808,7 +6841,7 @@ static struct bpf_test tests[] = { |
9209 |
+ BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11), |
9210 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), |
9211 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 20), |
9212 |
+- BPF_MOV64_IMM(BPF_REG_2, sizeof(struct test_val)), |
9213 |
++ BPF_MOV64_REG(BPF_REG_2, BPF_REG_6), |
9214 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128), |
9215 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128), |
9216 |
+ BPF_JMP_IMM(BPF_JSGT, BPF_REG_2, |
9217 |
+@@ -6820,7 +6853,7 @@ static struct bpf_test tests[] = { |
9218 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
9219 |
+ BPF_EXIT_INSN(), |
9220 |
+ }, |
9221 |
+- .fixup_map2 = { 3 }, |
9222 |
++ .fixup_map2 = { 4 }, |
9223 |
+ .errstr = "R1 min value is outside of the array range", |
9224 |
+ .result = REJECT, |
9225 |
+ .prog_type = BPF_PROG_TYPE_TRACEPOINT, |
9226 |
+@@ -6842,8 +6875,8 @@ static struct bpf_test tests[] = { |
9227 |
+ { |
9228 |
+ "helper access to variable memory: size > 0 not allowed on NULL (ARG_PTR_TO_MEM_OR_NULL)", |
9229 |
+ .insns = { |
9230 |
++ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), |
9231 |
+ BPF_MOV64_IMM(BPF_REG_1, 0), |
9232 |
+- BPF_MOV64_IMM(BPF_REG_2, 1), |
9233 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128), |
9234 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128), |
9235 |
+ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64), |
9236 |
+@@ -7070,6 +7103,7 @@ static struct bpf_test tests[] = { |
9237 |
+ { |
9238 |
+ "helper access to variable memory: 8 bytes leak", |
9239 |
+ .insns = { |
9240 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), |
9241 |
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), |
9242 |
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), |
9243 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
9244 |
+@@ -7080,7 +7114,6 @@ static struct bpf_test tests[] = { |
9245 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -24), |
9246 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -16), |
9247 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), |
9248 |
+- BPF_MOV64_IMM(BPF_REG_2, 1), |
9249 |
+ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128), |
9250 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128), |
9251 |
+ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 63), |
9252 |
+@@ -8465,7 +8498,7 @@ static struct bpf_test tests[] = { |
9253 |
+ .prog_type = BPF_PROG_TYPE_LWT_IN, |
9254 |
+ }, |
9255 |
+ { |
9256 |
+- "indirect variable-offset stack access", |
9257 |
++ "indirect variable-offset stack access, out of bound", |
9258 |
+ .insns = { |
9259 |
+ /* Fill the top 8 bytes of the stack */ |
9260 |
+ BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), |
9261 |
+@@ -8486,10 +8519,85 @@ static struct bpf_test tests[] = { |
9262 |
+ BPF_EXIT_INSN(), |
9263 |
+ }, |
9264 |
+ .fixup_map1 = { 5 }, |
9265 |
+- .errstr = "variable stack read R2", |
9266 |
++ .errstr = "invalid stack type R2 var_off", |
9267 |
++ .result = REJECT, |
9268 |
++ .prog_type = BPF_PROG_TYPE_LWT_IN, |
9269 |
++ }, |
9270 |
++ { |
9271 |
++ "indirect variable-offset stack access, max_off+size > max_initialized", |
9272 |
++ .insns = { |
9273 |
++ /* Fill only the second from top 8 bytes of the stack. */ |
9274 |
++ BPF_ST_MEM(BPF_DW, BPF_REG_10, -16, 0), |
9275 |
++ /* Get an unknown value. */ |
9276 |
++ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), |
9277 |
++ /* Make it small and 4-byte aligned. */ |
9278 |
++ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 4), |
9279 |
++ BPF_ALU64_IMM(BPF_SUB, BPF_REG_2, 16), |
9280 |
++ /* Add it to fp. We now have either fp-12 or fp-16, but we don't know |
9281 |
++ * which. fp-12 size 8 is partially uninitialized stack. |
9282 |
++ */ |
9283 |
++ BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_10), |
9284 |
++ /* Dereference it indirectly. */ |
9285 |
++ BPF_LD_MAP_FD(BPF_REG_1, 0), |
9286 |
++ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), |
9287 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
9288 |
++ BPF_EXIT_INSN(), |
9289 |
++ }, |
9290 |
++ .fixup_map1 = { 5 }, |
9291 |
++ .errstr = "invalid indirect read from stack var_off", |
9292 |
+ .result = REJECT, |
9293 |
+ .prog_type = BPF_PROG_TYPE_LWT_IN, |
9294 |
+ }, |
9295 |
++ { |
9296 |
++ "indirect variable-offset stack access, min_off < min_initialized", |
9297 |
++ .insns = { |
9298 |
++ /* Fill only the top 8 bytes of the stack. */ |
9299 |
++ BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), |
9300 |
++ /* Get an unknown value */ |
9301 |
++ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), |
9302 |
++ /* Make it small and 4-byte aligned. */ |
9303 |
++ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 4), |
9304 |
++ BPF_ALU64_IMM(BPF_SUB, BPF_REG_2, 16), |
9305 |
++ /* Add it to fp. We now have either fp-12 or fp-16, but we don't know |
9306 |
++ * which. fp-16 size 8 is partially uninitialized stack. |
9307 |
++ */ |
9308 |
++ BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_10), |
9309 |
++ /* Dereference it indirectly. */ |
9310 |
++ BPF_LD_MAP_FD(BPF_REG_1, 0), |
9311 |
++ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), |
9312 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
9313 |
++ BPF_EXIT_INSN(), |
9314 |
++ }, |
9315 |
++ .fixup_map1 = { 5 }, |
9316 |
++ .errstr = "invalid indirect read from stack var_off", |
9317 |
++ .result = REJECT, |
9318 |
++ .prog_type = BPF_PROG_TYPE_LWT_IN, |
9319 |
++ }, |
9320 |
++ { |
9321 |
++ "indirect variable-offset stack access, ok", |
9322 |
++ .insns = { |
9323 |
++ /* Fill the top 16 bytes of the stack. */ |
9324 |
++ BPF_ST_MEM(BPF_DW, BPF_REG_10, -16, 0), |
9325 |
++ BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), |
9326 |
++ /* Get an unknown value. */ |
9327 |
++ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), |
9328 |
++ /* Make it small and 4-byte aligned. */ |
9329 |
++ BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 4), |
9330 |
++ BPF_ALU64_IMM(BPF_SUB, BPF_REG_2, 16), |
9331 |
++ /* Add it to fp. We now have either fp-12 or fp-16, we don't know |
9332 |
++ * which, but either way it points to initialized stack. |
9333 |
++ */ |
9334 |
++ BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_10), |
9335 |
++ /* Dereference it indirectly. */ |
9336 |
++ BPF_LD_MAP_FD(BPF_REG_1, 0), |
9337 |
++ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), |
9338 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
9339 |
++ BPF_EXIT_INSN(), |
9340 |
++ }, |
9341 |
++ .fixup_map1 = { 6 }, |
9342 |
++ .result = ACCEPT, |
9343 |
++ .prog_type = BPF_PROG_TYPE_LWT_IN, |
9344 |
++ }, |
9345 |
+ { |
9346 |
+ "direct stack access with 32-bit wraparound. test1", |
9347 |
+ .insns = { |
9348 |
+diff --git a/tools/thermal/tmon/Makefile b/tools/thermal/tmon/Makefile |
9349 |
+index 735a510230c3f..45751648aacda 100644 |
9350 |
+--- a/tools/thermal/tmon/Makefile |
9351 |
++++ b/tools/thermal/tmon/Makefile |
9352 |
+@@ -10,7 +10,7 @@ CFLAGS+= -O1 ${WARNFLAGS} |
9353 |
+ # Add "-fstack-protector" only if toolchain supports it. |
9354 |
+ CFLAGS+= $(call cc-option,-fstack-protector) |
9355 |
+ CC?= $(CROSS_COMPILE)gcc |
9356 |
+-PKG_CONFIG?= pkg-config |
9357 |
++PKG_CONFIG?= $(CROSS_COMPILE)pkg-config |
9358 |
+ |
9359 |
+ CFLAGS+=-D VERSION=\"$(VERSION)\" |
9360 |
+ LDFLAGS+= |
9361 |
+diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c |
9362 |
+index 39706799ecdf8..b943ec5345cbd 100644 |
9363 |
+--- a/virt/kvm/arm/arm.c |
9364 |
++++ b/virt/kvm/arm/arm.c |
9365 |
+@@ -1137,6 +1137,14 @@ long kvm_arch_vcpu_ioctl(struct file *filp, |
9366 |
+ if (copy_from_user(®, argp, sizeof(reg))) |
9367 |
+ break; |
9368 |
+ |
9369 |
++ /* |
9370 |
++ * We could owe a reset due to PSCI. Handle the pending reset |
9371 |
++ * here to ensure userspace register accesses are ordered after |
9372 |
++ * the reset. |
9373 |
++ */ |
9374 |
++ if (kvm_check_request(KVM_REQ_VCPU_RESET, vcpu)) |
9375 |
++ kvm_reset_vcpu(vcpu); |
9376 |
++ |
9377 |
+ if (ioctl == KVM_SET_ONE_REG) |
9378 |
+ r = kvm_arm_set_reg(vcpu, ®); |
9379 |
+ else |