1 |
commit: e28c47d5ba4a96b33ace817627a332757b3e1606 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Sep 12 14:37:50 2021 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Sep 12 14:37:50 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e28c47d5 |
7 |
|
8 |
Linux patch 5.10.64 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1063_linux-5.10.64.patch | 1262 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1266 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 0e463ca..8ddd447 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -295,6 +295,10 @@ Patch: 1062_linux-5.10.63.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 5.10.63 |
23 |
|
24 |
+Patch: 1063_linux-5.10.64.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 5.10.64 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1063_linux-5.10.64.patch b/1063_linux-5.10.64.patch |
33 |
new file mode 100644 |
34 |
index 0000000..e05fdf6 |
35 |
--- /dev/null |
36 |
+++ b/1063_linux-5.10.64.patch |
37 |
@@ -0,0 +1,1262 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index b2d326f4dea68..982aa1876aa04 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 5 |
45 |
+ PATCHLEVEL = 10 |
46 |
+-SUBLEVEL = 63 |
47 |
++SUBLEVEL = 64 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Dare mighty things |
50 |
+ |
51 |
+diff --git a/arch/x86/events/amd/iommu.c b/arch/x86/events/amd/iommu.c |
52 |
+index 6a98a76516214..2da6139b0977f 100644 |
53 |
+--- a/arch/x86/events/amd/iommu.c |
54 |
++++ b/arch/x86/events/amd/iommu.c |
55 |
+@@ -18,8 +18,6 @@ |
56 |
+ #include "../perf_event.h" |
57 |
+ #include "iommu.h" |
58 |
+ |
59 |
+-#define COUNTER_SHIFT 16 |
60 |
+- |
61 |
+ /* iommu pmu conf masks */ |
62 |
+ #define GET_CSOURCE(x) ((x)->conf & 0xFFULL) |
63 |
+ #define GET_DEVID(x) (((x)->conf >> 8) & 0xFFFFULL) |
64 |
+@@ -285,22 +283,31 @@ static void perf_iommu_start(struct perf_event *event, int flags) |
65 |
+ WARN_ON_ONCE(!(hwc->state & PERF_HES_UPTODATE)); |
66 |
+ hwc->state = 0; |
67 |
+ |
68 |
++ /* |
69 |
++ * To account for power-gating, which prevents write to |
70 |
++ * the counter, we need to enable the counter |
71 |
++ * before setting up counter register. |
72 |
++ */ |
73 |
++ perf_iommu_enable_event(event); |
74 |
++ |
75 |
+ if (flags & PERF_EF_RELOAD) { |
76 |
+- u64 prev_raw_count = local64_read(&hwc->prev_count); |
77 |
++ u64 count = 0; |
78 |
+ struct amd_iommu *iommu = perf_event_2_iommu(event); |
79 |
+ |
80 |
++ /* |
81 |
++ * Since the IOMMU PMU only support counting mode, |
82 |
++ * the counter always start with value zero. |
83 |
++ */ |
84 |
+ amd_iommu_pc_set_reg(iommu, hwc->iommu_bank, hwc->iommu_cntr, |
85 |
+- IOMMU_PC_COUNTER_REG, &prev_raw_count); |
86 |
++ IOMMU_PC_COUNTER_REG, &count); |
87 |
+ } |
88 |
+ |
89 |
+- perf_iommu_enable_event(event); |
90 |
+ perf_event_update_userpage(event); |
91 |
+- |
92 |
+ } |
93 |
+ |
94 |
+ static void perf_iommu_read(struct perf_event *event) |
95 |
+ { |
96 |
+- u64 count, prev, delta; |
97 |
++ u64 count; |
98 |
+ struct hw_perf_event *hwc = &event->hw; |
99 |
+ struct amd_iommu *iommu = perf_event_2_iommu(event); |
100 |
+ |
101 |
+@@ -311,14 +318,11 @@ static void perf_iommu_read(struct perf_event *event) |
102 |
+ /* IOMMU pc counter register is only 48 bits */ |
103 |
+ count &= GENMASK_ULL(47, 0); |
104 |
+ |
105 |
+- prev = local64_read(&hwc->prev_count); |
106 |
+- if (local64_cmpxchg(&hwc->prev_count, prev, count) != prev) |
107 |
+- return; |
108 |
+- |
109 |
+- /* Handle 48-bit counter overflow */ |
110 |
+- delta = (count << COUNTER_SHIFT) - (prev << COUNTER_SHIFT); |
111 |
+- delta >>= COUNTER_SHIFT; |
112 |
+- local64_add(delta, &event->count); |
113 |
++ /* |
114 |
++ * Since the counter always start with value zero, |
115 |
++ * simply just accumulate the count for the event. |
116 |
++ */ |
117 |
++ local64_add(count, &event->count); |
118 |
+ } |
119 |
+ |
120 |
+ static void perf_iommu_stop(struct perf_event *event, int flags) |
121 |
+@@ -328,15 +332,16 @@ static void perf_iommu_stop(struct perf_event *event, int flags) |
122 |
+ if (hwc->state & PERF_HES_UPTODATE) |
123 |
+ return; |
124 |
+ |
125 |
++ /* |
126 |
++ * To account for power-gating, in which reading the counter would |
127 |
++ * return zero, we need to read the register before disabling. |
128 |
++ */ |
129 |
++ perf_iommu_read(event); |
130 |
++ hwc->state |= PERF_HES_UPTODATE; |
131 |
++ |
132 |
+ perf_iommu_disable_event(event); |
133 |
+ WARN_ON_ONCE(hwc->state & PERF_HES_STOPPED); |
134 |
+ hwc->state |= PERF_HES_STOPPED; |
135 |
+- |
136 |
+- if (hwc->state & PERF_HES_UPTODATE) |
137 |
+- return; |
138 |
+- |
139 |
+- perf_iommu_read(event); |
140 |
+- hwc->state |= PERF_HES_UPTODATE; |
141 |
+ } |
142 |
+ |
143 |
+ static int perf_iommu_add(struct perf_event *event, int flags) |
144 |
+diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c |
145 |
+index b29657b76e3fa..798a6f73f8946 100644 |
146 |
+--- a/arch/x86/kernel/reboot.c |
147 |
++++ b/arch/x86/kernel/reboot.c |
148 |
+@@ -388,10 +388,11 @@ static const struct dmi_system_id reboot_dmi_table[] __initconst = { |
149 |
+ }, |
150 |
+ { /* Handle problems with rebooting on the OptiPlex 990. */ |
151 |
+ .callback = set_pci_reboot, |
152 |
+- .ident = "Dell OptiPlex 990", |
153 |
++ .ident = "Dell OptiPlex 990 BIOS A0x", |
154 |
+ .matches = { |
155 |
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), |
156 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 990"), |
157 |
++ DMI_MATCH(DMI_BIOS_VERSION, "A0"), |
158 |
+ }, |
159 |
+ }, |
160 |
+ { /* Handle problems with rebooting on Dell 300's */ |
161 |
+diff --git a/block/blk-core.c b/block/blk-core.c |
162 |
+index 2d53e2ff48ff8..fbc39756f37de 100644 |
163 |
+--- a/block/blk-core.c |
164 |
++++ b/block/blk-core.c |
165 |
+@@ -121,7 +121,6 @@ void blk_rq_init(struct request_queue *q, struct request *rq) |
166 |
+ rq->internal_tag = BLK_MQ_NO_TAG; |
167 |
+ rq->start_time_ns = ktime_get_ns(); |
168 |
+ rq->part = NULL; |
169 |
+- refcount_set(&rq->ref, 1); |
170 |
+ blk_crypto_rq_set_defaults(rq); |
171 |
+ } |
172 |
+ EXPORT_SYMBOL(blk_rq_init); |
173 |
+diff --git a/block/blk-flush.c b/block/blk-flush.c |
174 |
+index 7ee7e5e8905d5..70f1d02135ed6 100644 |
175 |
+--- a/block/blk-flush.c |
176 |
++++ b/block/blk-flush.c |
177 |
+@@ -263,6 +263,11 @@ static void flush_end_io(struct request *flush_rq, blk_status_t error) |
178 |
+ spin_unlock_irqrestore(&fq->mq_flush_lock, flags); |
179 |
+ } |
180 |
+ |
181 |
++bool is_flush_rq(struct request *rq) |
182 |
++{ |
183 |
++ return rq->end_io == flush_end_io; |
184 |
++} |
185 |
++ |
186 |
+ /** |
187 |
+ * blk_kick_flush - consider issuing flush request |
188 |
+ * @q: request_queue being kicked |
189 |
+@@ -330,6 +335,14 @@ static void blk_kick_flush(struct request_queue *q, struct blk_flush_queue *fq, |
190 |
+ flush_rq->rq_flags |= RQF_FLUSH_SEQ; |
191 |
+ flush_rq->rq_disk = first_rq->rq_disk; |
192 |
+ flush_rq->end_io = flush_end_io; |
193 |
++ /* |
194 |
++ * Order WRITE ->end_io and WRITE rq->ref, and its pair is the one |
195 |
++ * implied in refcount_inc_not_zero() called from |
196 |
++ * blk_mq_find_and_get_req(), which orders WRITE/READ flush_rq->ref |
197 |
++ * and READ flush_rq->end_io |
198 |
++ */ |
199 |
++ smp_wmb(); |
200 |
++ refcount_set(&flush_rq->ref, 1); |
201 |
+ |
202 |
+ blk_flush_queue_rq(flush_rq, false); |
203 |
+ } |
204 |
+diff --git a/block/blk-mq.c b/block/blk-mq.c |
205 |
+index 044d0e3a15ad7..9e3fedbaa644b 100644 |
206 |
+--- a/block/blk-mq.c |
207 |
++++ b/block/blk-mq.c |
208 |
+@@ -929,7 +929,7 @@ static bool blk_mq_req_expired(struct request *rq, unsigned long *next) |
209 |
+ |
210 |
+ void blk_mq_put_rq_ref(struct request *rq) |
211 |
+ { |
212 |
+- if (is_flush_rq(rq, rq->mq_hctx)) |
213 |
++ if (is_flush_rq(rq)) |
214 |
+ rq->end_io(rq, 0); |
215 |
+ else if (refcount_dec_and_test(&rq->ref)) |
216 |
+ __blk_mq_free_request(rq); |
217 |
+@@ -2589,16 +2589,49 @@ static void blk_mq_remove_cpuhp(struct blk_mq_hw_ctx *hctx) |
218 |
+ &hctx->cpuhp_dead); |
219 |
+ } |
220 |
+ |
221 |
++/* |
222 |
++ * Before freeing hw queue, clearing the flush request reference in |
223 |
++ * tags->rqs[] for avoiding potential UAF. |
224 |
++ */ |
225 |
++static void blk_mq_clear_flush_rq_mapping(struct blk_mq_tags *tags, |
226 |
++ unsigned int queue_depth, struct request *flush_rq) |
227 |
++{ |
228 |
++ int i; |
229 |
++ unsigned long flags; |
230 |
++ |
231 |
++ /* The hw queue may not be mapped yet */ |
232 |
++ if (!tags) |
233 |
++ return; |
234 |
++ |
235 |
++ WARN_ON_ONCE(refcount_read(&flush_rq->ref) != 0); |
236 |
++ |
237 |
++ for (i = 0; i < queue_depth; i++) |
238 |
++ cmpxchg(&tags->rqs[i], flush_rq, NULL); |
239 |
++ |
240 |
++ /* |
241 |
++ * Wait until all pending iteration is done. |
242 |
++ * |
243 |
++ * Request reference is cleared and it is guaranteed to be observed |
244 |
++ * after the ->lock is released. |
245 |
++ */ |
246 |
++ spin_lock_irqsave(&tags->lock, flags); |
247 |
++ spin_unlock_irqrestore(&tags->lock, flags); |
248 |
++} |
249 |
++ |
250 |
+ /* hctx->ctxs will be freed in queue's release handler */ |
251 |
+ static void blk_mq_exit_hctx(struct request_queue *q, |
252 |
+ struct blk_mq_tag_set *set, |
253 |
+ struct blk_mq_hw_ctx *hctx, unsigned int hctx_idx) |
254 |
+ { |
255 |
++ struct request *flush_rq = hctx->fq->flush_rq; |
256 |
++ |
257 |
+ if (blk_mq_hw_queue_mapped(hctx)) |
258 |
+ blk_mq_tag_idle(hctx); |
259 |
+ |
260 |
++ blk_mq_clear_flush_rq_mapping(set->tags[hctx_idx], |
261 |
++ set->queue_depth, flush_rq); |
262 |
+ if (set->ops->exit_request) |
263 |
+- set->ops->exit_request(set, hctx->fq->flush_rq, hctx_idx); |
264 |
++ set->ops->exit_request(set, flush_rq, hctx_idx); |
265 |
+ |
266 |
+ if (set->ops->exit_hctx) |
267 |
+ set->ops->exit_hctx(hctx, hctx_idx); |
268 |
+diff --git a/block/blk.h b/block/blk.h |
269 |
+index dfab98465db9a..ecfd523c68d00 100644 |
270 |
+--- a/block/blk.h |
271 |
++++ b/block/blk.h |
272 |
+@@ -44,11 +44,7 @@ static inline void __blk_get_queue(struct request_queue *q) |
273 |
+ kobject_get(&q->kobj); |
274 |
+ } |
275 |
+ |
276 |
+-static inline bool |
277 |
+-is_flush_rq(struct request *req, struct blk_mq_hw_ctx *hctx) |
278 |
+-{ |
279 |
+- return hctx->fq->flush_rq == req; |
280 |
+-} |
281 |
++bool is_flush_rq(struct request *req); |
282 |
+ |
283 |
+ struct blk_flush_queue *blk_alloc_flush_queue(int node, int cmd_size, |
284 |
+ gfp_t flags); |
285 |
+diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c |
286 |
+index e690a1b09e98b..30be18bac8063 100644 |
287 |
+--- a/drivers/net/ethernet/realtek/r8169_main.c |
288 |
++++ b/drivers/net/ethernet/realtek/r8169_main.c |
289 |
+@@ -3547,6 +3547,7 @@ static void rtl_hw_start_8106(struct rtl8169_private *tp) |
290 |
+ rtl_eri_write(tp, 0x1b0, ERIAR_MASK_0011, 0x0000); |
291 |
+ |
292 |
+ rtl_pcie_state_l2l3_disable(tp); |
293 |
++ rtl_hw_aspm_clkreq_enable(tp, true); |
294 |
+ } |
295 |
+ |
296 |
+ DECLARE_RTL_COND(rtl_mac_ocp_e00e_cond) |
297 |
+diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c |
298 |
+index 6bd3a389d389c..650ffb93796f1 100644 |
299 |
+--- a/drivers/net/ethernet/xilinx/ll_temac_main.c |
300 |
++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c |
301 |
+@@ -942,10 +942,8 @@ temac_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
302 |
+ wmb(); |
303 |
+ lp->dma_out(lp, TX_TAILDESC_PTR, tail_p); /* DMA start */ |
304 |
+ |
305 |
+- if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) { |
306 |
+- netdev_info(ndev, "%s -> netif_stop_queue\n", __func__); |
307 |
++ if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) |
308 |
+ netif_stop_queue(ndev); |
309 |
+- } |
310 |
+ |
311 |
+ return NETDEV_TX_OK; |
312 |
+ } |
313 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
314 |
+index cd2401d4764f2..a91c944961caa 100644 |
315 |
+--- a/drivers/pci/quirks.c |
316 |
++++ b/drivers/pci/quirks.c |
317 |
+@@ -3246,12 +3246,12 @@ static void fixup_mpss_256(struct pci_dev *dev) |
318 |
+ { |
319 |
+ dev->pcie_mpss = 1; /* 256 bytes */ |
320 |
+ } |
321 |
+-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_SOLARFLARE, |
322 |
+- PCI_DEVICE_ID_SOLARFLARE_SFC4000A_0, fixup_mpss_256); |
323 |
+-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_SOLARFLARE, |
324 |
+- PCI_DEVICE_ID_SOLARFLARE_SFC4000A_1, fixup_mpss_256); |
325 |
+-DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_SOLARFLARE, |
326 |
+- PCI_DEVICE_ID_SOLARFLARE_SFC4000B, fixup_mpss_256); |
327 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SOLARFLARE, |
328 |
++ PCI_DEVICE_ID_SOLARFLARE_SFC4000A_0, fixup_mpss_256); |
329 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SOLARFLARE, |
330 |
++ PCI_DEVICE_ID_SOLARFLARE_SFC4000A_1, fixup_mpss_256); |
331 |
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_SOLARFLARE, |
332 |
++ PCI_DEVICE_ID_SOLARFLARE_SFC4000B, fixup_mpss_256); |
333 |
+ |
334 |
+ /* |
335 |
+ * Intel 5000 and 5100 Memory controllers have an erratum with read completion |
336 |
+diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c |
337 |
+index ad0549dac7d79..c37468887fd2a 100644 |
338 |
+--- a/drivers/tty/serial/8250/8250_omap.c |
339 |
++++ b/drivers/tty/serial/8250/8250_omap.c |
340 |
+@@ -538,6 +538,11 @@ static void omap_8250_pm(struct uart_port *port, unsigned int state, |
341 |
+ static void omap_serial_fill_features_erratas(struct uart_8250_port *up, |
342 |
+ struct omap8250_priv *priv) |
343 |
+ { |
344 |
++ const struct soc_device_attribute k3_soc_devices[] = { |
345 |
++ { .family = "AM65X", }, |
346 |
++ { .family = "J721E", .revision = "SR1.0" }, |
347 |
++ { /* sentinel */ } |
348 |
++ }; |
349 |
+ u32 mvr, scheme; |
350 |
+ u16 revision, major, minor; |
351 |
+ |
352 |
+@@ -585,6 +590,14 @@ static void omap_serial_fill_features_erratas(struct uart_8250_port *up, |
353 |
+ default: |
354 |
+ break; |
355 |
+ } |
356 |
++ |
357 |
++ /* |
358 |
++ * AM65x SR1.0, AM65x SR2.0 and J721e SR1.0 don't |
359 |
++ * don't have RHR_IT_DIS bit in IER2 register. So drop to flag |
360 |
++ * to enable errata workaround. |
361 |
++ */ |
362 |
++ if (soc_device_match(k3_soc_devices)) |
363 |
++ priv->habit &= ~UART_HAS_RHR_IT_DIS; |
364 |
+ } |
365 |
+ |
366 |
+ static void omap8250_uart_qos_work(struct work_struct *work) |
367 |
+@@ -1208,12 +1221,6 @@ static int omap8250_no_handle_irq(struct uart_port *port) |
368 |
+ return 0; |
369 |
+ } |
370 |
+ |
371 |
+-static const struct soc_device_attribute k3_soc_devices[] = { |
372 |
+- { .family = "AM65X", }, |
373 |
+- { .family = "J721E", .revision = "SR1.0" }, |
374 |
+- { /* sentinel */ } |
375 |
+-}; |
376 |
+- |
377 |
+ static struct omap8250_dma_params am654_dma = { |
378 |
+ .rx_size = SZ_2K, |
379 |
+ .rx_trigger = 1, |
380 |
+@@ -1419,13 +1426,6 @@ static int omap8250_probe(struct platform_device *pdev) |
381 |
+ up.dma->rxconf.src_maxburst = RX_TRIGGER; |
382 |
+ up.dma->txconf.dst_maxburst = TX_TRIGGER; |
383 |
+ } |
384 |
+- |
385 |
+- /* |
386 |
+- * AM65x SR1.0, AM65x SR2.0 and J721e SR1.0 don't |
387 |
+- * don't have RHR_IT_DIS bit in IER2 register |
388 |
+- */ |
389 |
+- if (soc_device_match(k3_soc_devices)) |
390 |
+- priv->habit &= ~UART_HAS_RHR_IT_DIS; |
391 |
+ } |
392 |
+ #endif |
393 |
+ ret = serial8250_register_8250_port(&up); |
394 |
+diff --git a/drivers/usb/gadget/udc/tegra-xudc.c b/drivers/usb/gadget/udc/tegra-xudc.c |
395 |
+index f3f112b08c9b1..57ee72fead45a 100644 |
396 |
+--- a/drivers/usb/gadget/udc/tegra-xudc.c |
397 |
++++ b/drivers/usb/gadget/udc/tegra-xudc.c |
398 |
+@@ -1610,7 +1610,7 @@ static void tegra_xudc_ep_context_setup(struct tegra_xudc_ep *ep) |
399 |
+ u16 maxpacket, maxburst = 0, esit = 0; |
400 |
+ u32 val; |
401 |
+ |
402 |
+- maxpacket = usb_endpoint_maxp(desc) & 0x7ff; |
403 |
++ maxpacket = usb_endpoint_maxp(desc); |
404 |
+ if (xudc->gadget.speed == USB_SPEED_SUPER) { |
405 |
+ if (!usb_endpoint_xfer_control(desc)) |
406 |
+ maxburst = comp_desc->bMaxBurst; |
407 |
+@@ -1621,7 +1621,7 @@ static void tegra_xudc_ep_context_setup(struct tegra_xudc_ep *ep) |
408 |
+ (usb_endpoint_xfer_int(desc) || |
409 |
+ usb_endpoint_xfer_isoc(desc))) { |
410 |
+ if (xudc->gadget.speed == USB_SPEED_HIGH) { |
411 |
+- maxburst = (usb_endpoint_maxp(desc) >> 11) & 0x3; |
412 |
++ maxburst = usb_endpoint_maxp_mult(desc) - 1; |
413 |
+ if (maxburst == 0x3) { |
414 |
+ dev_warn(xudc->dev, |
415 |
+ "invalid endpoint maxburst\n"); |
416 |
+diff --git a/drivers/usb/host/xhci-debugfs.c b/drivers/usb/host/xhci-debugfs.c |
417 |
+index 2c0fda57869e4..dc832ddf7033f 100644 |
418 |
+--- a/drivers/usb/host/xhci-debugfs.c |
419 |
++++ b/drivers/usb/host/xhci-debugfs.c |
420 |
+@@ -198,12 +198,13 @@ static void xhci_ring_dump_segment(struct seq_file *s, |
421 |
+ int i; |
422 |
+ dma_addr_t dma; |
423 |
+ union xhci_trb *trb; |
424 |
++ char str[XHCI_MSG_MAX]; |
425 |
+ |
426 |
+ for (i = 0; i < TRBS_PER_SEGMENT; i++) { |
427 |
+ trb = &seg->trbs[i]; |
428 |
+ dma = seg->dma + i * sizeof(*trb); |
429 |
+ seq_printf(s, "%pad: %s\n", &dma, |
430 |
+- xhci_decode_trb(le32_to_cpu(trb->generic.field[0]), |
431 |
++ xhci_decode_trb(str, XHCI_MSG_MAX, le32_to_cpu(trb->generic.field[0]), |
432 |
+ le32_to_cpu(trb->generic.field[1]), |
433 |
+ le32_to_cpu(trb->generic.field[2]), |
434 |
+ le32_to_cpu(trb->generic.field[3]))); |
435 |
+@@ -260,11 +261,13 @@ static int xhci_slot_context_show(struct seq_file *s, void *unused) |
436 |
+ struct xhci_slot_ctx *slot_ctx; |
437 |
+ struct xhci_slot_priv *priv = s->private; |
438 |
+ struct xhci_virt_device *dev = priv->dev; |
439 |
++ char str[XHCI_MSG_MAX]; |
440 |
+ |
441 |
+ xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus)); |
442 |
+ slot_ctx = xhci_get_slot_ctx(xhci, dev->out_ctx); |
443 |
+ seq_printf(s, "%pad: %s\n", &dev->out_ctx->dma, |
444 |
+- xhci_decode_slot_context(le32_to_cpu(slot_ctx->dev_info), |
445 |
++ xhci_decode_slot_context(str, |
446 |
++ le32_to_cpu(slot_ctx->dev_info), |
447 |
+ le32_to_cpu(slot_ctx->dev_info2), |
448 |
+ le32_to_cpu(slot_ctx->tt_info), |
449 |
+ le32_to_cpu(slot_ctx->dev_state))); |
450 |
+@@ -280,6 +283,7 @@ static int xhci_endpoint_context_show(struct seq_file *s, void *unused) |
451 |
+ struct xhci_ep_ctx *ep_ctx; |
452 |
+ struct xhci_slot_priv *priv = s->private; |
453 |
+ struct xhci_virt_device *dev = priv->dev; |
454 |
++ char str[XHCI_MSG_MAX]; |
455 |
+ |
456 |
+ xhci = hcd_to_xhci(bus_to_hcd(dev->udev->bus)); |
457 |
+ |
458 |
+@@ -287,7 +291,8 @@ static int xhci_endpoint_context_show(struct seq_file *s, void *unused) |
459 |
+ ep_ctx = xhci_get_ep_ctx(xhci, dev->out_ctx, ep_index); |
460 |
+ dma = dev->out_ctx->dma + (ep_index + 1) * CTX_SIZE(xhci->hcc_params); |
461 |
+ seq_printf(s, "%pad: %s\n", &dma, |
462 |
+- xhci_decode_ep_context(le32_to_cpu(ep_ctx->ep_info), |
463 |
++ xhci_decode_ep_context(str, |
464 |
++ le32_to_cpu(ep_ctx->ep_info), |
465 |
+ le32_to_cpu(ep_ctx->ep_info2), |
466 |
+ le64_to_cpu(ep_ctx->deq), |
467 |
+ le32_to_cpu(ep_ctx->tx_info))); |
468 |
+@@ -341,9 +346,10 @@ static int xhci_portsc_show(struct seq_file *s, void *unused) |
469 |
+ { |
470 |
+ struct xhci_port *port = s->private; |
471 |
+ u32 portsc; |
472 |
++ char str[XHCI_MSG_MAX]; |
473 |
+ |
474 |
+ portsc = readl(port->addr); |
475 |
+- seq_printf(s, "%s\n", xhci_decode_portsc(portsc)); |
476 |
++ seq_printf(s, "%s\n", xhci_decode_portsc(str, portsc)); |
477 |
+ |
478 |
+ return 0; |
479 |
+ } |
480 |
+diff --git a/drivers/usb/host/xhci-rcar.c b/drivers/usb/host/xhci-rcar.c |
481 |
+index 1bc4fe7b8c756..9888ba7d85b6a 100644 |
482 |
+--- a/drivers/usb/host/xhci-rcar.c |
483 |
++++ b/drivers/usb/host/xhci-rcar.c |
484 |
+@@ -134,6 +134,13 @@ static int xhci_rcar_download_firmware(struct usb_hcd *hcd) |
485 |
+ const struct soc_device_attribute *attr; |
486 |
+ const char *firmware_name; |
487 |
+ |
488 |
++ /* |
489 |
++ * According to the datasheet, "Upon the completion of FW Download, |
490 |
++ * there is no need to write or reload FW". |
491 |
++ */ |
492 |
++ if (readl(regs + RCAR_USB3_DL_CTRL) & RCAR_USB3_DL_CTRL_FW_SUCCESS) |
493 |
++ return 0; |
494 |
++ |
495 |
+ attr = soc_device_match(rcar_quirks_match); |
496 |
+ if (attr) |
497 |
+ quirks = (uintptr_t)attr->data; |
498 |
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c |
499 |
+index 53059ee957ad5..dc2068e3bedb7 100644 |
500 |
+--- a/drivers/usb/host/xhci-ring.c |
501 |
++++ b/drivers/usb/host/xhci-ring.c |
502 |
+@@ -1005,6 +1005,7 @@ void xhci_stop_endpoint_command_watchdog(struct timer_list *t) |
503 |
+ struct xhci_hcd *xhci = ep->xhci; |
504 |
+ unsigned long flags; |
505 |
+ u32 usbsts; |
506 |
++ char str[XHCI_MSG_MAX]; |
507 |
+ |
508 |
+ spin_lock_irqsave(&xhci->lock, flags); |
509 |
+ |
510 |
+@@ -1018,7 +1019,7 @@ void xhci_stop_endpoint_command_watchdog(struct timer_list *t) |
511 |
+ usbsts = readl(&xhci->op_regs->status); |
512 |
+ |
513 |
+ xhci_warn(xhci, "xHCI host not responding to stop endpoint command.\n"); |
514 |
+- xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(usbsts)); |
515 |
++ xhci_warn(xhci, "USBSTS:%s\n", xhci_decode_usbsts(str, usbsts)); |
516 |
+ |
517 |
+ ep->ep_state &= ~EP_STOP_CMD_PENDING; |
518 |
+ |
519 |
+diff --git a/drivers/usb/host/xhci-trace.h b/drivers/usb/host/xhci-trace.h |
520 |
+index 627abd236dbe1..a5da020772977 100644 |
521 |
+--- a/drivers/usb/host/xhci-trace.h |
522 |
++++ b/drivers/usb/host/xhci-trace.h |
523 |
+@@ -25,8 +25,6 @@ |
524 |
+ #include "xhci.h" |
525 |
+ #include "xhci-dbgcap.h" |
526 |
+ |
527 |
+-#define XHCI_MSG_MAX 500 |
528 |
+- |
529 |
+ DECLARE_EVENT_CLASS(xhci_log_msg, |
530 |
+ TP_PROTO(struct va_format *vaf), |
531 |
+ TP_ARGS(vaf), |
532 |
+@@ -122,6 +120,7 @@ DECLARE_EVENT_CLASS(xhci_log_trb, |
533 |
+ __field(u32, field1) |
534 |
+ __field(u32, field2) |
535 |
+ __field(u32, field3) |
536 |
++ __dynamic_array(char, str, XHCI_MSG_MAX) |
537 |
+ ), |
538 |
+ TP_fast_assign( |
539 |
+ __entry->type = ring->type; |
540 |
+@@ -131,7 +130,7 @@ DECLARE_EVENT_CLASS(xhci_log_trb, |
541 |
+ __entry->field3 = le32_to_cpu(trb->field[3]); |
542 |
+ ), |
543 |
+ TP_printk("%s: %s", xhci_ring_type_string(__entry->type), |
544 |
+- xhci_decode_trb(__entry->field0, __entry->field1, |
545 |
++ xhci_decode_trb(__get_str(str), XHCI_MSG_MAX, __entry->field0, __entry->field1, |
546 |
+ __entry->field2, __entry->field3) |
547 |
+ ) |
548 |
+ ); |
549 |
+@@ -323,6 +322,7 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx, |
550 |
+ __field(u32, info2) |
551 |
+ __field(u64, deq) |
552 |
+ __field(u32, tx_info) |
553 |
++ __dynamic_array(char, str, XHCI_MSG_MAX) |
554 |
+ ), |
555 |
+ TP_fast_assign( |
556 |
+ __entry->info = le32_to_cpu(ctx->ep_info); |
557 |
+@@ -330,8 +330,8 @@ DECLARE_EVENT_CLASS(xhci_log_ep_ctx, |
558 |
+ __entry->deq = le64_to_cpu(ctx->deq); |
559 |
+ __entry->tx_info = le32_to_cpu(ctx->tx_info); |
560 |
+ ), |
561 |
+- TP_printk("%s", xhci_decode_ep_context(__entry->info, |
562 |
+- __entry->info2, __entry->deq, __entry->tx_info) |
563 |
++ TP_printk("%s", xhci_decode_ep_context(__get_str(str), |
564 |
++ __entry->info, __entry->info2, __entry->deq, __entry->tx_info) |
565 |
+ ) |
566 |
+ ); |
567 |
+ |
568 |
+@@ -368,6 +368,7 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx, |
569 |
+ __field(u32, info2) |
570 |
+ __field(u32, tt_info) |
571 |
+ __field(u32, state) |
572 |
++ __dynamic_array(char, str, XHCI_MSG_MAX) |
573 |
+ ), |
574 |
+ TP_fast_assign( |
575 |
+ __entry->info = le32_to_cpu(ctx->dev_info); |
576 |
+@@ -375,9 +376,9 @@ DECLARE_EVENT_CLASS(xhci_log_slot_ctx, |
577 |
+ __entry->tt_info = le64_to_cpu(ctx->tt_info); |
578 |
+ __entry->state = le32_to_cpu(ctx->dev_state); |
579 |
+ ), |
580 |
+- TP_printk("%s", xhci_decode_slot_context(__entry->info, |
581 |
+- __entry->info2, __entry->tt_info, |
582 |
+- __entry->state) |
583 |
++ TP_printk("%s", xhci_decode_slot_context(__get_str(str), |
584 |
++ __entry->info, __entry->info2, |
585 |
++ __entry->tt_info, __entry->state) |
586 |
+ ) |
587 |
+ ); |
588 |
+ |
589 |
+@@ -432,12 +433,13 @@ DECLARE_EVENT_CLASS(xhci_log_ctrl_ctx, |
590 |
+ TP_STRUCT__entry( |
591 |
+ __field(u32, drop) |
592 |
+ __field(u32, add) |
593 |
++ __dynamic_array(char, str, XHCI_MSG_MAX) |
594 |
+ ), |
595 |
+ TP_fast_assign( |
596 |
+ __entry->drop = le32_to_cpu(ctrl_ctx->drop_flags); |
597 |
+ __entry->add = le32_to_cpu(ctrl_ctx->add_flags); |
598 |
+ ), |
599 |
+- TP_printk("%s", xhci_decode_ctrl_ctx(__entry->drop, __entry->add) |
600 |
++ TP_printk("%s", xhci_decode_ctrl_ctx(__get_str(str), __entry->drop, __entry->add) |
601 |
+ ) |
602 |
+ ); |
603 |
+ |
604 |
+@@ -523,6 +525,7 @@ DECLARE_EVENT_CLASS(xhci_log_portsc, |
605 |
+ TP_STRUCT__entry( |
606 |
+ __field(u32, portnum) |
607 |
+ __field(u32, portsc) |
608 |
++ __dynamic_array(char, str, XHCI_MSG_MAX) |
609 |
+ ), |
610 |
+ TP_fast_assign( |
611 |
+ __entry->portnum = portnum; |
612 |
+@@ -530,7 +533,7 @@ DECLARE_EVENT_CLASS(xhci_log_portsc, |
613 |
+ ), |
614 |
+ TP_printk("port-%d: %s", |
615 |
+ __entry->portnum, |
616 |
+- xhci_decode_portsc(__entry->portsc) |
617 |
++ xhci_decode_portsc(__get_str(str), __entry->portsc) |
618 |
+ ) |
619 |
+ ); |
620 |
+ |
621 |
+@@ -555,13 +558,14 @@ DECLARE_EVENT_CLASS(xhci_log_doorbell, |
622 |
+ TP_STRUCT__entry( |
623 |
+ __field(u32, slot) |
624 |
+ __field(u32, doorbell) |
625 |
++ __dynamic_array(char, str, XHCI_MSG_MAX) |
626 |
+ ), |
627 |
+ TP_fast_assign( |
628 |
+ __entry->slot = slot; |
629 |
+ __entry->doorbell = doorbell; |
630 |
+ ), |
631 |
+ TP_printk("Ring doorbell for %s", |
632 |
+- xhci_decode_doorbell(__entry->slot, __entry->doorbell) |
633 |
++ xhci_decode_doorbell(__get_str(str), __entry->slot, __entry->doorbell) |
634 |
+ ) |
635 |
+ ); |
636 |
+ |
637 |
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h |
638 |
+index c1865a121100c..1c97c8d81154d 100644 |
639 |
+--- a/drivers/usb/host/xhci.h |
640 |
++++ b/drivers/usb/host/xhci.h |
641 |
+@@ -22,6 +22,9 @@ |
642 |
+ #include "xhci-ext-caps.h" |
643 |
+ #include "pci-quirks.h" |
644 |
+ |
645 |
++/* max buffer size for trace and debug messages */ |
646 |
++#define XHCI_MSG_MAX 500 |
647 |
++ |
648 |
+ /* xHCI PCI Configuration Registers */ |
649 |
+ #define XHCI_SBRN_OFFSET (0x60) |
650 |
+ |
651 |
+@@ -2223,15 +2226,14 @@ static inline char *xhci_slot_state_string(u32 state) |
652 |
+ } |
653 |
+ } |
654 |
+ |
655 |
+-static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
656 |
+- u32 field3) |
657 |
++static inline const char *xhci_decode_trb(char *str, size_t size, |
658 |
++ u32 field0, u32 field1, u32 field2, u32 field3) |
659 |
+ { |
660 |
+- static char str[256]; |
661 |
+ int type = TRB_FIELD_TO_TYPE(field3); |
662 |
+ |
663 |
+ switch (type) { |
664 |
+ case TRB_LINK: |
665 |
+- sprintf(str, |
666 |
++ snprintf(str, size, |
667 |
+ "LINK %08x%08x intr %d type '%s' flags %c:%c:%c:%c", |
668 |
+ field1, field0, GET_INTR_TARGET(field2), |
669 |
+ xhci_trb_type_string(type), |
670 |
+@@ -2248,7 +2250,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
671 |
+ case TRB_HC_EVENT: |
672 |
+ case TRB_DEV_NOTE: |
673 |
+ case TRB_MFINDEX_WRAP: |
674 |
+- sprintf(str, |
675 |
++ snprintf(str, size, |
676 |
+ "TRB %08x%08x status '%s' len %d slot %d ep %d type '%s' flags %c:%c", |
677 |
+ field1, field0, |
678 |
+ xhci_trb_comp_code_string(GET_COMP_CODE(field2)), |
679 |
+@@ -2261,7 +2263,8 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
680 |
+ |
681 |
+ break; |
682 |
+ case TRB_SETUP: |
683 |
+- sprintf(str, "bRequestType %02x bRequest %02x wValue %02x%02x wIndex %02x%02x wLength %d length %d TD size %d intr %d type '%s' flags %c:%c:%c", |
684 |
++ snprintf(str, size, |
685 |
++ "bRequestType %02x bRequest %02x wValue %02x%02x wIndex %02x%02x wLength %d length %d TD size %d intr %d type '%s' flags %c:%c:%c", |
686 |
+ field0 & 0xff, |
687 |
+ (field0 & 0xff00) >> 8, |
688 |
+ (field0 & 0xff000000) >> 24, |
689 |
+@@ -2278,7 +2281,8 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
690 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
691 |
+ break; |
692 |
+ case TRB_DATA: |
693 |
+- sprintf(str, "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c:%c:%c:%c", |
694 |
++ snprintf(str, size, |
695 |
++ "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c:%c:%c:%c", |
696 |
+ field1, field0, TRB_LEN(field2), GET_TD_SIZE(field2), |
697 |
+ GET_INTR_TARGET(field2), |
698 |
+ xhci_trb_type_string(type), |
699 |
+@@ -2291,7 +2295,8 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
700 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
701 |
+ break; |
702 |
+ case TRB_STATUS: |
703 |
+- sprintf(str, "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c", |
704 |
++ snprintf(str, size, |
705 |
++ "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c", |
706 |
+ field1, field0, TRB_LEN(field2), GET_TD_SIZE(field2), |
707 |
+ GET_INTR_TARGET(field2), |
708 |
+ xhci_trb_type_string(type), |
709 |
+@@ -2304,7 +2309,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
710 |
+ case TRB_ISOC: |
711 |
+ case TRB_EVENT_DATA: |
712 |
+ case TRB_TR_NOOP: |
713 |
+- sprintf(str, |
714 |
++ snprintf(str, size, |
715 |
+ "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c:%c:%c:%c:%c", |
716 |
+ field1, field0, TRB_LEN(field2), GET_TD_SIZE(field2), |
717 |
+ GET_INTR_TARGET(field2), |
718 |
+@@ -2321,21 +2326,21 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
719 |
+ |
720 |
+ case TRB_CMD_NOOP: |
721 |
+ case TRB_ENABLE_SLOT: |
722 |
+- sprintf(str, |
723 |
++ snprintf(str, size, |
724 |
+ "%s: flags %c", |
725 |
+ xhci_trb_type_string(type), |
726 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
727 |
+ break; |
728 |
+ case TRB_DISABLE_SLOT: |
729 |
+ case TRB_NEG_BANDWIDTH: |
730 |
+- sprintf(str, |
731 |
++ snprintf(str, size, |
732 |
+ "%s: slot %d flags %c", |
733 |
+ xhci_trb_type_string(type), |
734 |
+ TRB_TO_SLOT_ID(field3), |
735 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
736 |
+ break; |
737 |
+ case TRB_ADDR_DEV: |
738 |
+- sprintf(str, |
739 |
++ snprintf(str, size, |
740 |
+ "%s: ctx %08x%08x slot %d flags %c:%c", |
741 |
+ xhci_trb_type_string(type), |
742 |
+ field1, field0, |
743 |
+@@ -2344,7 +2349,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
744 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
745 |
+ break; |
746 |
+ case TRB_CONFIG_EP: |
747 |
+- sprintf(str, |
748 |
++ snprintf(str, size, |
749 |
+ "%s: ctx %08x%08x slot %d flags %c:%c", |
750 |
+ xhci_trb_type_string(type), |
751 |
+ field1, field0, |
752 |
+@@ -2353,7 +2358,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
753 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
754 |
+ break; |
755 |
+ case TRB_EVAL_CONTEXT: |
756 |
+- sprintf(str, |
757 |
++ snprintf(str, size, |
758 |
+ "%s: ctx %08x%08x slot %d flags %c", |
759 |
+ xhci_trb_type_string(type), |
760 |
+ field1, field0, |
761 |
+@@ -2361,7 +2366,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
762 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
763 |
+ break; |
764 |
+ case TRB_RESET_EP: |
765 |
+- sprintf(str, |
766 |
++ snprintf(str, size, |
767 |
+ "%s: ctx %08x%08x slot %d ep %d flags %c:%c", |
768 |
+ xhci_trb_type_string(type), |
769 |
+ field1, field0, |
770 |
+@@ -2382,7 +2387,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
771 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
772 |
+ break; |
773 |
+ case TRB_SET_DEQ: |
774 |
+- sprintf(str, |
775 |
++ snprintf(str, size, |
776 |
+ "%s: deq %08x%08x stream %d slot %d ep %d flags %c", |
777 |
+ xhci_trb_type_string(type), |
778 |
+ field1, field0, |
779 |
+@@ -2393,14 +2398,14 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
780 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
781 |
+ break; |
782 |
+ case TRB_RESET_DEV: |
783 |
+- sprintf(str, |
784 |
++ snprintf(str, size, |
785 |
+ "%s: slot %d flags %c", |
786 |
+ xhci_trb_type_string(type), |
787 |
+ TRB_TO_SLOT_ID(field3), |
788 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
789 |
+ break; |
790 |
+ case TRB_FORCE_EVENT: |
791 |
+- sprintf(str, |
792 |
++ snprintf(str, size, |
793 |
+ "%s: event %08x%08x vf intr %d vf id %d flags %c", |
794 |
+ xhci_trb_type_string(type), |
795 |
+ field1, field0, |
796 |
+@@ -2409,14 +2414,14 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
797 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
798 |
+ break; |
799 |
+ case TRB_SET_LT: |
800 |
+- sprintf(str, |
801 |
++ snprintf(str, size, |
802 |
+ "%s: belt %d flags %c", |
803 |
+ xhci_trb_type_string(type), |
804 |
+ TRB_TO_BELT(field3), |
805 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
806 |
+ break; |
807 |
+ case TRB_GET_BW: |
808 |
+- sprintf(str, |
809 |
++ snprintf(str, size, |
810 |
+ "%s: ctx %08x%08x slot %d speed %d flags %c", |
811 |
+ xhci_trb_type_string(type), |
812 |
+ field1, field0, |
813 |
+@@ -2425,7 +2430,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
814 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
815 |
+ break; |
816 |
+ case TRB_FORCE_HEADER: |
817 |
+- sprintf(str, |
818 |
++ snprintf(str, size, |
819 |
+ "%s: info %08x%08x%08x pkt type %d roothub port %d flags %c", |
820 |
+ xhci_trb_type_string(type), |
821 |
+ field2, field1, field0 & 0xffffffe0, |
822 |
+@@ -2434,7 +2439,7 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
823 |
+ field3 & TRB_CYCLE ? 'C' : 'c'); |
824 |
+ break; |
825 |
+ default: |
826 |
+- sprintf(str, |
827 |
++ snprintf(str, size, |
828 |
+ "type '%s' -> raw %08x %08x %08x %08x", |
829 |
+ xhci_trb_type_string(type), |
830 |
+ field0, field1, field2, field3); |
831 |
+@@ -2443,10 +2448,9 @@ static inline const char *xhci_decode_trb(u32 field0, u32 field1, u32 field2, |
832 |
+ return str; |
833 |
+ } |
834 |
+ |
835 |
+-static inline const char *xhci_decode_ctrl_ctx(unsigned long drop, |
836 |
+- unsigned long add) |
837 |
++static inline const char *xhci_decode_ctrl_ctx(char *str, |
838 |
++ unsigned long drop, unsigned long add) |
839 |
+ { |
840 |
+- static char str[1024]; |
841 |
+ unsigned int bit; |
842 |
+ int ret = 0; |
843 |
+ |
844 |
+@@ -2472,10 +2476,9 @@ static inline const char *xhci_decode_ctrl_ctx(unsigned long drop, |
845 |
+ return str; |
846 |
+ } |
847 |
+ |
848 |
+-static inline const char *xhci_decode_slot_context(u32 info, u32 info2, |
849 |
+- u32 tt_info, u32 state) |
850 |
++static inline const char *xhci_decode_slot_context(char *str, |
851 |
++ u32 info, u32 info2, u32 tt_info, u32 state) |
852 |
+ { |
853 |
+- static char str[1024]; |
854 |
+ u32 speed; |
855 |
+ u32 hub; |
856 |
+ u32 mtt; |
857 |
+@@ -2559,9 +2562,8 @@ static inline const char *xhci_portsc_link_state_string(u32 portsc) |
858 |
+ return "Unknown"; |
859 |
+ } |
860 |
+ |
861 |
+-static inline const char *xhci_decode_portsc(u32 portsc) |
862 |
++static inline const char *xhci_decode_portsc(char *str, u32 portsc) |
863 |
+ { |
864 |
+- static char str[256]; |
865 |
+ int ret; |
866 |
+ |
867 |
+ ret = sprintf(str, "%s %s %s Link:%s PortSpeed:%d ", |
868 |
+@@ -2605,9 +2607,8 @@ static inline const char *xhci_decode_portsc(u32 portsc) |
869 |
+ return str; |
870 |
+ } |
871 |
+ |
872 |
+-static inline const char *xhci_decode_usbsts(u32 usbsts) |
873 |
++static inline const char *xhci_decode_usbsts(char *str, u32 usbsts) |
874 |
+ { |
875 |
+- static char str[256]; |
876 |
+ int ret = 0; |
877 |
+ |
878 |
+ if (usbsts == ~(u32)0) |
879 |
+@@ -2634,9 +2635,8 @@ static inline const char *xhci_decode_usbsts(u32 usbsts) |
880 |
+ return str; |
881 |
+ } |
882 |
+ |
883 |
+-static inline const char *xhci_decode_doorbell(u32 slot, u32 doorbell) |
884 |
++static inline const char *xhci_decode_doorbell(char *str, u32 slot, u32 doorbell) |
885 |
+ { |
886 |
+- static char str[256]; |
887 |
+ u8 ep; |
888 |
+ u16 stream; |
889 |
+ int ret; |
890 |
+@@ -2703,10 +2703,9 @@ static inline const char *xhci_ep_type_string(u8 type) |
891 |
+ } |
892 |
+ } |
893 |
+ |
894 |
+-static inline const char *xhci_decode_ep_context(u32 info, u32 info2, u64 deq, |
895 |
+- u32 tx_info) |
896 |
++static inline const char *xhci_decode_ep_context(char *str, u32 info, |
897 |
++ u32 info2, u64 deq, u32 tx_info) |
898 |
+ { |
899 |
+- static char str[1024]; |
900 |
+ int ret; |
901 |
+ |
902 |
+ u32 esit; |
903 |
+diff --git a/drivers/usb/mtu3/mtu3_core.c b/drivers/usb/mtu3/mtu3_core.c |
904 |
+index b3b4599375668..3d328dfdbb5ed 100644 |
905 |
+--- a/drivers/usb/mtu3/mtu3_core.c |
906 |
++++ b/drivers/usb/mtu3/mtu3_core.c |
907 |
+@@ -227,11 +227,13 @@ void mtu3_set_speed(struct mtu3 *mtu, enum usb_device_speed speed) |
908 |
+ mtu3_setbits(mbase, U3D_POWER_MANAGEMENT, HS_ENABLE); |
909 |
+ break; |
910 |
+ case USB_SPEED_SUPER: |
911 |
++ mtu3_setbits(mbase, U3D_POWER_MANAGEMENT, HS_ENABLE); |
912 |
+ mtu3_clrbits(mtu->ippc_base, SSUSB_U3_CTRL(0), |
913 |
+ SSUSB_U3_PORT_SSP_SPEED); |
914 |
+ break; |
915 |
+ case USB_SPEED_SUPER_PLUS: |
916 |
+- mtu3_setbits(mtu->ippc_base, SSUSB_U3_CTRL(0), |
917 |
++ mtu3_setbits(mbase, U3D_POWER_MANAGEMENT, HS_ENABLE); |
918 |
++ mtu3_setbits(mtu->ippc_base, SSUSB_U3_CTRL(0), |
919 |
+ SSUSB_U3_PORT_SSP_SPEED); |
920 |
+ break; |
921 |
+ default: |
922 |
+diff --git a/drivers/usb/mtu3/mtu3_gadget.c b/drivers/usb/mtu3/mtu3_gadget.c |
923 |
+index 38f17d66d5bc1..0b3aa7c65857a 100644 |
924 |
+--- a/drivers/usb/mtu3/mtu3_gadget.c |
925 |
++++ b/drivers/usb/mtu3/mtu3_gadget.c |
926 |
+@@ -64,14 +64,12 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) |
927 |
+ u32 interval = 0; |
928 |
+ u32 mult = 0; |
929 |
+ u32 burst = 0; |
930 |
+- int max_packet; |
931 |
+ int ret; |
932 |
+ |
933 |
+ desc = mep->desc; |
934 |
+ comp_desc = mep->comp_desc; |
935 |
+ mep->type = usb_endpoint_type(desc); |
936 |
+- max_packet = usb_endpoint_maxp(desc); |
937 |
+- mep->maxp = max_packet & GENMASK(10, 0); |
938 |
++ mep->maxp = usb_endpoint_maxp(desc); |
939 |
+ |
940 |
+ switch (mtu->g.speed) { |
941 |
+ case USB_SPEED_SUPER: |
942 |
+@@ -92,7 +90,7 @@ static int mtu3_ep_enable(struct mtu3_ep *mep) |
943 |
+ usb_endpoint_xfer_int(desc)) { |
944 |
+ interval = desc->bInterval; |
945 |
+ interval = clamp_val(interval, 1, 16) - 1; |
946 |
+- burst = (max_packet & GENMASK(12, 11)) >> 11; |
947 |
++ mult = usb_endpoint_maxp_mult(desc) - 1; |
948 |
+ } |
949 |
+ break; |
950 |
+ default: |
951 |
+diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c |
952 |
+index b418a0d4adb89..c713d98b4a203 100644 |
953 |
+--- a/drivers/usb/serial/mos7720.c |
954 |
++++ b/drivers/usb/serial/mos7720.c |
955 |
+@@ -226,8 +226,10 @@ static int read_mos_reg(struct usb_serial *serial, unsigned int serial_portnum, |
956 |
+ int status; |
957 |
+ |
958 |
+ buf = kmalloc(1, GFP_KERNEL); |
959 |
+- if (!buf) |
960 |
++ if (!buf) { |
961 |
++ *data = 0; |
962 |
+ return -ENOMEM; |
963 |
++ } |
964 |
+ |
965 |
+ status = usb_control_msg(usbdev, pipe, request, requesttype, value, |
966 |
+ index, buf, 1, MOS_WDR_TIMEOUT); |
967 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
968 |
+index 2d01b2bbb7465..0a1239819fd2a 100644 |
969 |
+--- a/include/linux/skbuff.h |
970 |
++++ b/include/linux/skbuff.h |
971 |
+@@ -4608,7 +4608,7 @@ static inline void skb_reset_redirect(struct sk_buff *skb) |
972 |
+ #endif |
973 |
+ } |
974 |
+ |
975 |
+-#ifdef CONFIG_KCOV |
976 |
++#if IS_ENABLED(CONFIG_KCOV) && IS_ENABLED(CONFIG_SKB_EXTENSIONS) |
977 |
+ static inline void skb_set_kcov_handle(struct sk_buff *skb, |
978 |
+ const u64 kcov_handle) |
979 |
+ { |
980 |
+@@ -4636,7 +4636,7 @@ static inline u64 skb_get_kcov_handle(struct sk_buff *skb) |
981 |
+ static inline void skb_set_kcov_handle(struct sk_buff *skb, |
982 |
+ const u64 kcov_handle) { } |
983 |
+ static inline u64 skb_get_kcov_handle(struct sk_buff *skb) { return 0; } |
984 |
+-#endif /* CONFIG_KCOV */ |
985 |
++#endif /* CONFIG_KCOV && CONFIG_SKB_EXTENSIONS */ |
986 |
+ |
987 |
+ #endif /* __KERNEL__ */ |
988 |
+ #endif /* _LINUX_SKBUFF_H */ |
989 |
+diff --git a/include/uapi/linux/termios.h b/include/uapi/linux/termios.h |
990 |
+index 33961d4e4de0d..e6da9d4433d11 100644 |
991 |
+--- a/include/uapi/linux/termios.h |
992 |
++++ b/include/uapi/linux/termios.h |
993 |
+@@ -5,19 +5,4 @@ |
994 |
+ #include <linux/types.h> |
995 |
+ #include <asm/termios.h> |
996 |
+ |
997 |
+-#define NFF 5 |
998 |
+- |
999 |
+-struct termiox |
1000 |
+-{ |
1001 |
+- __u16 x_hflag; |
1002 |
+- __u16 x_cflag; |
1003 |
+- __u16 x_rflag[NFF]; |
1004 |
+- __u16 x_sflag; |
1005 |
+-}; |
1006 |
+- |
1007 |
+-#define RTSXOFF 0x0001 /* RTS flow control on input */ |
1008 |
+-#define CTSXON 0x0002 /* CTS flow control on output */ |
1009 |
+-#define DTRXOFF 0x0004 /* DTR flow control on input */ |
1010 |
+-#define DSRXON 0x0008 /* DCD flow control on output */ |
1011 |
+- |
1012 |
+ #endif |
1013 |
+diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug |
1014 |
+index ffccc13d685bd..bf174798afcb9 100644 |
1015 |
+--- a/lib/Kconfig.debug |
1016 |
++++ b/lib/Kconfig.debug |
1017 |
+@@ -1869,7 +1869,7 @@ config KCOV |
1018 |
+ depends on CC_HAS_SANCOV_TRACE_PC || GCC_PLUGINS |
1019 |
+ select DEBUG_FS |
1020 |
+ select GCC_PLUGIN_SANCOV if !CC_HAS_SANCOV_TRACE_PC |
1021 |
+- select SKB_EXTENSIONS |
1022 |
++ select SKB_EXTENSIONS if NET |
1023 |
+ help |
1024 |
+ KCOV exposes kernel code coverage information in a form suitable |
1025 |
+ for coverage-guided fuzzing (randomized testing). |
1026 |
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
1027 |
+index 0166558d3d647..e8e0f1cec8b04 100644 |
1028 |
+--- a/mm/page_alloc.c |
1029 |
++++ b/mm/page_alloc.c |
1030 |
+@@ -996,7 +996,7 @@ static inline void __free_one_page(struct page *page, |
1031 |
+ struct page *buddy; |
1032 |
+ bool to_tail; |
1033 |
+ |
1034 |
+- max_order = min_t(unsigned int, MAX_ORDER, pageblock_order + 1); |
1035 |
++ max_order = min_t(unsigned int, MAX_ORDER - 1, pageblock_order); |
1036 |
+ |
1037 |
+ VM_BUG_ON(!zone_is_initialized(zone)); |
1038 |
+ VM_BUG_ON_PAGE(page->flags & PAGE_FLAGS_CHECK_AT_PREP, page); |
1039 |
+@@ -1009,7 +1009,7 @@ static inline void __free_one_page(struct page *page, |
1040 |
+ VM_BUG_ON_PAGE(bad_range(zone, page), page); |
1041 |
+ |
1042 |
+ continue_merging: |
1043 |
+- while (order < max_order - 1) { |
1044 |
++ while (order < max_order) { |
1045 |
+ if (compaction_capture(capc, page, order, migratetype)) { |
1046 |
+ __mod_zone_freepage_state(zone, -(1 << order), |
1047 |
+ migratetype); |
1048 |
+@@ -1035,7 +1035,7 @@ continue_merging: |
1049 |
+ pfn = combined_pfn; |
1050 |
+ order++; |
1051 |
+ } |
1052 |
+- if (max_order < MAX_ORDER) { |
1053 |
++ if (order < MAX_ORDER - 1) { |
1054 |
+ /* If we are here, it means order is >= pageblock_order. |
1055 |
+ * We want to prevent merge between freepages on isolate |
1056 |
+ * pageblock and normal pageblock. Without this, pageblock |
1057 |
+@@ -1056,7 +1056,7 @@ continue_merging: |
1058 |
+ is_migrate_isolate(buddy_mt))) |
1059 |
+ goto done_merging; |
1060 |
+ } |
1061 |
+- max_order++; |
1062 |
++ max_order = order + 1; |
1063 |
+ goto continue_merging; |
1064 |
+ } |
1065 |
+ |
1066 |
+diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c |
1067 |
+index 00576bae183d3..0c321996c6eb0 100644 |
1068 |
+--- a/net/ipv4/igmp.c |
1069 |
++++ b/net/ipv4/igmp.c |
1070 |
+@@ -2720,6 +2720,7 @@ int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u |
1071 |
+ rv = 1; |
1072 |
+ } else if (im) { |
1073 |
+ if (src_addr) { |
1074 |
++ spin_lock_bh(&im->lock); |
1075 |
+ for (psf = im->sources; psf; psf = psf->sf_next) { |
1076 |
+ if (psf->sf_inaddr == src_addr) |
1077 |
+ break; |
1078 |
+@@ -2730,6 +2731,7 @@ int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u |
1079 |
+ im->sfcount[MCAST_EXCLUDE]; |
1080 |
+ else |
1081 |
+ rv = im->sfcount[MCAST_EXCLUDE] != 0; |
1082 |
++ spin_unlock_bh(&im->lock); |
1083 |
+ } else |
1084 |
+ rv = 1; /* unspecified source; tentatively allow */ |
1085 |
+ } |
1086 |
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c |
1087 |
+index e34d05cc57549..2b5f97e1d40b9 100644 |
1088 |
+--- a/net/netfilter/nf_tables_api.c |
1089 |
++++ b/net/netfilter/nf_tables_api.c |
1090 |
+@@ -4115,6 +4115,7 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, |
1091 |
+ struct nft_table *table; |
1092 |
+ struct nft_set *set; |
1093 |
+ struct nft_ctx ctx; |
1094 |
++ size_t alloc_size; |
1095 |
+ char *name; |
1096 |
+ u64 size; |
1097 |
+ u64 timeout; |
1098 |
+@@ -4263,8 +4264,10 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, |
1099 |
+ size = 0; |
1100 |
+ if (ops->privsize != NULL) |
1101 |
+ size = ops->privsize(nla, &desc); |
1102 |
+- |
1103 |
+- set = kvzalloc(sizeof(*set) + size + udlen, GFP_KERNEL); |
1104 |
++ alloc_size = sizeof(*set) + size + udlen; |
1105 |
++ if (alloc_size < size) |
1106 |
++ return -ENOMEM; |
1107 |
++ set = kvzalloc(alloc_size, GFP_KERNEL); |
1108 |
+ if (!set) |
1109 |
+ return -ENOMEM; |
1110 |
+ |
1111 |
+@@ -4277,15 +4280,7 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, |
1112 |
+ err = nf_tables_set_alloc_name(&ctx, set, name); |
1113 |
+ kfree(name); |
1114 |
+ if (err < 0) |
1115 |
+- goto err_set_alloc_name; |
1116 |
+- |
1117 |
+- if (nla[NFTA_SET_EXPR]) { |
1118 |
+- expr = nft_set_elem_expr_alloc(&ctx, set, nla[NFTA_SET_EXPR]); |
1119 |
+- if (IS_ERR(expr)) { |
1120 |
+- err = PTR_ERR(expr); |
1121 |
+- goto err_set_alloc_name; |
1122 |
+- } |
1123 |
+- } |
1124 |
++ goto err_set_name; |
1125 |
+ |
1126 |
+ udata = NULL; |
1127 |
+ if (udlen) { |
1128 |
+@@ -4296,21 +4291,19 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, |
1129 |
+ INIT_LIST_HEAD(&set->bindings); |
1130 |
+ set->table = table; |
1131 |
+ write_pnet(&set->net, net); |
1132 |
+- set->ops = ops; |
1133 |
++ set->ops = ops; |
1134 |
+ set->ktype = ktype; |
1135 |
+- set->klen = desc.klen; |
1136 |
++ set->klen = desc.klen; |
1137 |
+ set->dtype = dtype; |
1138 |
+ set->objtype = objtype; |
1139 |
+- set->dlen = desc.dlen; |
1140 |
+- set->expr = expr; |
1141 |
++ set->dlen = desc.dlen; |
1142 |
+ set->flags = flags; |
1143 |
+- set->size = desc.size; |
1144 |
++ set->size = desc.size; |
1145 |
+ set->policy = policy; |
1146 |
+- set->udlen = udlen; |
1147 |
+- set->udata = udata; |
1148 |
++ set->udlen = udlen; |
1149 |
++ set->udata = udata; |
1150 |
+ set->timeout = timeout; |
1151 |
+ set->gc_int = gc_int; |
1152 |
+- set->handle = nf_tables_alloc_handle(table); |
1153 |
+ |
1154 |
+ set->field_count = desc.field_count; |
1155 |
+ for (i = 0; i < desc.field_count; i++) |
1156 |
+@@ -4320,20 +4313,32 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, |
1157 |
+ if (err < 0) |
1158 |
+ goto err_set_init; |
1159 |
+ |
1160 |
++ if (nla[NFTA_SET_EXPR]) { |
1161 |
++ expr = nft_set_elem_expr_alloc(&ctx, set, nla[NFTA_SET_EXPR]); |
1162 |
++ if (IS_ERR(expr)) { |
1163 |
++ err = PTR_ERR(expr); |
1164 |
++ goto err_set_expr_alloc; |
1165 |
++ } |
1166 |
++ |
1167 |
++ set->expr = expr; |
1168 |
++ } |
1169 |
++ |
1170 |
++ set->handle = nf_tables_alloc_handle(table); |
1171 |
++ |
1172 |
+ err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set); |
1173 |
+ if (err < 0) |
1174 |
+- goto err_set_trans; |
1175 |
++ goto err_set_expr_alloc; |
1176 |
+ |
1177 |
+ list_add_tail_rcu(&set->list, &table->sets); |
1178 |
+ table->use++; |
1179 |
+ return 0; |
1180 |
+ |
1181 |
+-err_set_trans: |
1182 |
++err_set_expr_alloc: |
1183 |
++ if (set->expr) |
1184 |
++ nft_expr_destroy(&ctx, set->expr); |
1185 |
++ |
1186 |
+ ops->destroy(set); |
1187 |
+ err_set_init: |
1188 |
+- if (expr) |
1189 |
+- nft_expr_destroy(&ctx, expr); |
1190 |
+-err_set_alloc_name: |
1191 |
+ kfree(set->name); |
1192 |
+ err_set_name: |
1193 |
+ kvfree(set); |
1194 |
+@@ -5145,6 +5150,24 @@ static void nf_tables_set_elem_destroy(const struct nft_ctx *ctx, |
1195 |
+ kfree(elem); |
1196 |
+ } |
1197 |
+ |
1198 |
++static int nft_set_elem_expr_setup(struct nft_ctx *ctx, |
1199 |
++ const struct nft_set_ext *ext, |
1200 |
++ struct nft_expr *expr) |
1201 |
++{ |
1202 |
++ struct nft_expr *elem_expr = nft_set_ext_expr(ext); |
1203 |
++ int err; |
1204 |
++ |
1205 |
++ if (expr == NULL) |
1206 |
++ return 0; |
1207 |
++ |
1208 |
++ err = nft_expr_clone(elem_expr, expr); |
1209 |
++ if (err < 0) |
1210 |
++ return -ENOMEM; |
1211 |
++ |
1212 |
++ nft_expr_destroy(ctx, expr); |
1213 |
++ return 0; |
1214 |
++} |
1215 |
++ |
1216 |
+ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, |
1217 |
+ const struct nlattr *attr, u32 nlmsg_flags) |
1218 |
+ { |
1219 |
+@@ -5347,15 +5370,17 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, |
1220 |
+ *nft_set_ext_obj(ext) = obj; |
1221 |
+ obj->use++; |
1222 |
+ } |
1223 |
+- if (expr) { |
1224 |
+- memcpy(nft_set_ext_expr(ext), expr, expr->ops->size); |
1225 |
+- kfree(expr); |
1226 |
+- expr = NULL; |
1227 |
+- } |
1228 |
++ |
1229 |
++ err = nft_set_elem_expr_setup(ctx, ext, expr); |
1230 |
++ if (err < 0) |
1231 |
++ goto err_elem_expr; |
1232 |
++ expr = NULL; |
1233 |
+ |
1234 |
+ trans = nft_trans_elem_alloc(ctx, NFT_MSG_NEWSETELEM, set); |
1235 |
+- if (trans == NULL) |
1236 |
+- goto err_trans; |
1237 |
++ if (trans == NULL) { |
1238 |
++ err = -ENOMEM; |
1239 |
++ goto err_elem_expr; |
1240 |
++ } |
1241 |
+ |
1242 |
+ ext->genmask = nft_genmask_cur(ctx->net) | NFT_SET_ELEM_BUSY_MASK; |
1243 |
+ err = set->ops->insert(ctx->net, set, &elem, &ext2); |
1244 |
+@@ -5399,7 +5424,7 @@ err_set_full: |
1245 |
+ set->ops->remove(ctx->net, set, &elem); |
1246 |
+ err_element_clash: |
1247 |
+ kfree(trans); |
1248 |
+-err_trans: |
1249 |
++err_elem_expr: |
1250 |
+ if (obj) |
1251 |
+ obj->use--; |
1252 |
+ |
1253 |
+diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c |
1254 |
+index d7083bcb20e8c..858c8d4d659a8 100644 |
1255 |
+--- a/net/netfilter/nft_set_hash.c |
1256 |
++++ b/net/netfilter/nft_set_hash.c |
1257 |
+@@ -604,7 +604,7 @@ static u64 nft_hash_privsize(const struct nlattr * const nla[], |
1258 |
+ const struct nft_set_desc *desc) |
1259 |
+ { |
1260 |
+ return sizeof(struct nft_hash) + |
1261 |
+- nft_hash_buckets(desc->size) * sizeof(struct hlist_head); |
1262 |
++ (u64)nft_hash_buckets(desc->size) * sizeof(struct hlist_head); |
1263 |
+ } |
1264 |
+ |
1265 |
+ static int nft_hash_init(const struct nft_set *set, |
1266 |
+@@ -644,8 +644,8 @@ static bool nft_hash_estimate(const struct nft_set_desc *desc, u32 features, |
1267 |
+ return false; |
1268 |
+ |
1269 |
+ est->size = sizeof(struct nft_hash) + |
1270 |
+- nft_hash_buckets(desc->size) * sizeof(struct hlist_head) + |
1271 |
+- desc->size * sizeof(struct nft_hash_elem); |
1272 |
++ (u64)nft_hash_buckets(desc->size) * sizeof(struct hlist_head) + |
1273 |
++ (u64)desc->size * sizeof(struct nft_hash_elem); |
1274 |
+ est->lookup = NFT_SET_CLASS_O_1; |
1275 |
+ est->space = NFT_SET_CLASS_O_N; |
1276 |
+ |
1277 |
+@@ -662,8 +662,8 @@ static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features |
1278 |
+ return false; |
1279 |
+ |
1280 |
+ est->size = sizeof(struct nft_hash) + |
1281 |
+- nft_hash_buckets(desc->size) * sizeof(struct hlist_head) + |
1282 |
+- desc->size * sizeof(struct nft_hash_elem); |
1283 |
++ (u64)nft_hash_buckets(desc->size) * sizeof(struct hlist_head) + |
1284 |
++ (u64)desc->size * sizeof(struct nft_hash_elem); |
1285 |
+ est->lookup = NFT_SET_CLASS_O_1; |
1286 |
+ est->space = NFT_SET_CLASS_O_N; |
1287 |
+ |
1288 |
+diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c |
1289 |
+index 33d185b62a767..a45b27a2ed4ec 100644 |
1290 |
+--- a/sound/usb/quirks.c |
1291 |
++++ b/sound/usb/quirks.c |
1292 |
+@@ -1896,6 +1896,7 @@ static const struct registration_quirk registration_quirks[] = { |
1293 |
+ REG_QUIRK_ENTRY(0x0951, 0x16ed, 2), /* Kingston HyperX Cloud Alpha S */ |
1294 |
+ REG_QUIRK_ENTRY(0x0951, 0x16ea, 2), /* Kingston HyperX Cloud Flight S */ |
1295 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x1f46, 2), /* JBL Quantum 600 */ |
1296 |
++ REG_QUIRK_ENTRY(0x0ecb, 0x1f47, 2), /* JBL Quantum 800 */ |
1297 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x2039, 2), /* JBL Quantum 400 */ |
1298 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x203c, 2), /* JBL Quantum 600 */ |
1299 |
+ REG_QUIRK_ENTRY(0x0ecb, 0x203e, 2), /* JBL Quantum 800 */ |