1 |
commit: 3038f0c1e16b2a5807f83b890d2add421177d9c4 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Mar 28 10:59:27 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Mar 28 10:59:27 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3038f0c1 |
7 |
|
8 |
Linux patch 4.19.237 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1236_linux-4.19.237.patch | 755 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 759 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 0e8f7f4a..eccf1864 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -983,6 +983,10 @@ Patch: 1235_linux-4.19.236.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.236 |
23 |
|
24 |
+Patch: 1236_linux-4.19.237.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.237 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1236_linux-4.19.237.patch b/1236_linux-4.19.237.patch |
33 |
new file mode 100644 |
34 |
index 00000000..38435553 |
35 |
--- /dev/null |
36 |
+++ b/1236_linux-4.19.237.patch |
37 |
@@ -0,0 +1,755 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index d83513c135206..834336f971c15 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 19 |
46 |
+-SUBLEVEL = 236 |
47 |
++SUBLEVEL = 237 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = "People's Front" |
50 |
+ |
51 |
+diff --git a/arch/nds32/include/asm/uaccess.h b/arch/nds32/include/asm/uaccess.h |
52 |
+index 362a32d9bd168..c8b4b8cc65294 100644 |
53 |
+--- a/arch/nds32/include/asm/uaccess.h |
54 |
++++ b/arch/nds32/include/asm/uaccess.h |
55 |
+@@ -75,9 +75,7 @@ static inline void set_fs(mm_segment_t fs) |
56 |
+ * versions are void (ie, don't return a value as such). |
57 |
+ */ |
58 |
+ |
59 |
+-#define get_user __get_user \ |
60 |
+- |
61 |
+-#define __get_user(x, ptr) \ |
62 |
++#define get_user(x, ptr) \ |
63 |
+ ({ \ |
64 |
+ long __gu_err = 0; \ |
65 |
+ __get_user_check((x), (ptr), __gu_err); \ |
66 |
+@@ -90,6 +88,14 @@ static inline void set_fs(mm_segment_t fs) |
67 |
+ (void)0; \ |
68 |
+ }) |
69 |
+ |
70 |
++#define __get_user(x, ptr) \ |
71 |
++({ \ |
72 |
++ long __gu_err = 0; \ |
73 |
++ const __typeof__(*(ptr)) __user *__p = (ptr); \ |
74 |
++ __get_user_err((x), __p, (__gu_err)); \ |
75 |
++ __gu_err; \ |
76 |
++}) |
77 |
++ |
78 |
+ #define __get_user_check(x, ptr, err) \ |
79 |
+ ({ \ |
80 |
+ const __typeof__(*(ptr)) __user *__p = (ptr); \ |
81 |
+@@ -170,12 +176,18 @@ do { \ |
82 |
+ : "r"(addr), "i"(-EFAULT) \ |
83 |
+ : "cc") |
84 |
+ |
85 |
+-#define put_user __put_user \ |
86 |
++#define put_user(x, ptr) \ |
87 |
++({ \ |
88 |
++ long __pu_err = 0; \ |
89 |
++ __put_user_check((x), (ptr), __pu_err); \ |
90 |
++ __pu_err; \ |
91 |
++}) |
92 |
+ |
93 |
+ #define __put_user(x, ptr) \ |
94 |
+ ({ \ |
95 |
+ long __pu_err = 0; \ |
96 |
+- __put_user_err((x), (ptr), __pu_err); \ |
97 |
++ __typeof__(*(ptr)) __user *__p = (ptr); \ |
98 |
++ __put_user_err((x), __p, __pu_err); \ |
99 |
+ __pu_err; \ |
100 |
+ }) |
101 |
+ |
102 |
+diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c |
103 |
+index b35c34cfbe522..8b1aa1206d980 100644 |
104 |
+--- a/arch/x86/kernel/acpi/boot.c |
105 |
++++ b/arch/x86/kernel/acpi/boot.c |
106 |
+@@ -1351,6 +1351,17 @@ static int __init disable_acpi_pci(const struct dmi_system_id *d) |
107 |
+ return 0; |
108 |
+ } |
109 |
+ |
110 |
++static int __init disable_acpi_xsdt(const struct dmi_system_id *d) |
111 |
++{ |
112 |
++ if (!acpi_force) { |
113 |
++ pr_notice("%s detected: force use of acpi=rsdt\n", d->ident); |
114 |
++ acpi_gbl_do_not_use_xsdt = TRUE; |
115 |
++ } else { |
116 |
++ pr_notice("Warning: DMI blacklist says broken, but acpi XSDT forced\n"); |
117 |
++ } |
118 |
++ return 0; |
119 |
++} |
120 |
++ |
121 |
+ static int __init dmi_disable_acpi(const struct dmi_system_id *d) |
122 |
+ { |
123 |
+ if (!acpi_force) { |
124 |
+@@ -1475,6 +1486,19 @@ static const struct dmi_system_id acpi_dmi_table[] __initconst = { |
125 |
+ DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"), |
126 |
+ }, |
127 |
+ }, |
128 |
++ /* |
129 |
++ * Boxes that need ACPI XSDT use disabled due to corrupted tables |
130 |
++ */ |
131 |
++ { |
132 |
++ .callback = disable_acpi_xsdt, |
133 |
++ .ident = "Advantech DAC-BJ01", |
134 |
++ .matches = { |
135 |
++ DMI_MATCH(DMI_SYS_VENDOR, "NEC"), |
136 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "Bearlake CRB Board"), |
137 |
++ DMI_MATCH(DMI_BIOS_VERSION, "V1.12"), |
138 |
++ DMI_MATCH(DMI_BIOS_DATE, "02/01/2011"), |
139 |
++ }, |
140 |
++ }, |
141 |
+ {} |
142 |
+ }; |
143 |
+ |
144 |
+diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c |
145 |
+index d4e42a578e186..c0c533206e02d 100644 |
146 |
+--- a/drivers/acpi/battery.c |
147 |
++++ b/drivers/acpi/battery.c |
148 |
+@@ -90,6 +90,10 @@ extern void *acpi_unlock_battery_dir(struct proc_dir_entry *acpi_battery_dir); |
149 |
+ |
150 |
+ static const struct acpi_device_id battery_device_ids[] = { |
151 |
+ {"PNP0C0A", 0}, |
152 |
++ |
153 |
++ /* Microsoft Surface Go 3 */ |
154 |
++ {"MSHW0146", 0}, |
155 |
++ |
156 |
+ {"", 0}, |
157 |
+ }; |
158 |
+ |
159 |
+@@ -1416,6 +1420,14 @@ static const struct dmi_system_id bat_dmi_table[] __initconst = { |
160 |
+ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad"), |
161 |
+ }, |
162 |
+ }, |
163 |
++ { |
164 |
++ /* Microsoft Surface Go 3 */ |
165 |
++ .callback = battery_notification_delay_quirk, |
166 |
++ .matches = { |
167 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Microsoft Corporation"), |
168 |
++ DMI_MATCH(DMI_PRODUCT_NAME, "Surface Go 3"), |
169 |
++ }, |
170 |
++ }, |
171 |
+ {}, |
172 |
+ }; |
173 |
+ |
174 |
+diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c |
175 |
+index 86ffb4af4afca..298d9c65e0848 100644 |
176 |
+--- a/drivers/acpi/video_detect.c |
177 |
++++ b/drivers/acpi/video_detect.c |
178 |
+@@ -356,6 +356,81 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
179 |
+ DMI_MATCH(DMI_BOARD_NAME, "BA51_MV"), |
180 |
+ }, |
181 |
+ }, |
182 |
++ /* |
183 |
++ * Clevo NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2 have both a |
184 |
++ * working native and video interface. However the default detection |
185 |
++ * mechanism first registers the video interface before unregistering |
186 |
++ * it again and switching to the native interface during boot. This |
187 |
++ * results in a dangling SBIOS request for backlight change for some |
188 |
++ * reason, causing the backlight to switch to ~2% once per boot on the |
189 |
++ * first power cord connect or disconnect event. Setting the native |
190 |
++ * interface explicitly circumvents this buggy behaviour, by avoiding |
191 |
++ * the unregistering process. |
192 |
++ */ |
193 |
++ { |
194 |
++ .callback = video_detect_force_native, |
195 |
++ .ident = "Clevo NL5xRU", |
196 |
++ .matches = { |
197 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
198 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
199 |
++ }, |
200 |
++ }, |
201 |
++ { |
202 |
++ .callback = video_detect_force_native, |
203 |
++ .ident = "Clevo NL5xRU", |
204 |
++ .matches = { |
205 |
++ DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
206 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
207 |
++ }, |
208 |
++ }, |
209 |
++ { |
210 |
++ .callback = video_detect_force_native, |
211 |
++ .ident = "Clevo NL5xRU", |
212 |
++ .matches = { |
213 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
214 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
215 |
++ }, |
216 |
++ }, |
217 |
++ { |
218 |
++ .callback = video_detect_force_native, |
219 |
++ .ident = "Clevo NL5xRU", |
220 |
++ .matches = { |
221 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
222 |
++ DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
223 |
++ }, |
224 |
++ }, |
225 |
++ { |
226 |
++ .callback = video_detect_force_native, |
227 |
++ .ident = "Clevo NL5xRU", |
228 |
++ .matches = { |
229 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
230 |
++ DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
231 |
++ }, |
232 |
++ }, |
233 |
++ { |
234 |
++ .callback = video_detect_force_native, |
235 |
++ .ident = "Clevo NL5xNU", |
236 |
++ .matches = { |
237 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
238 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
239 |
++ }, |
240 |
++ }, |
241 |
++ { |
242 |
++ .callback = video_detect_force_native, |
243 |
++ .ident = "Clevo NL5xNU", |
244 |
++ .matches = { |
245 |
++ DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
246 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
247 |
++ }, |
248 |
++ }, |
249 |
++ { |
250 |
++ .callback = video_detect_force_native, |
251 |
++ .ident = "Clevo NL5xNU", |
252 |
++ .matches = { |
253 |
++ DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
254 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
255 |
++ }, |
256 |
++ }, |
257 |
+ |
258 |
+ /* |
259 |
+ * Desktops which falsely report a backlight and which our heuristics |
260 |
+diff --git a/drivers/crypto/qat/qat_common/qat_crypto.c b/drivers/crypto/qat/qat_common/qat_crypto.c |
261 |
+index 3852d31ce0a4b..37a9f969c59cd 100644 |
262 |
+--- a/drivers/crypto/qat/qat_common/qat_crypto.c |
263 |
++++ b/drivers/crypto/qat/qat_common/qat_crypto.c |
264 |
+@@ -170,6 +170,14 @@ int qat_crypto_dev_config(struct adf_accel_dev *accel_dev) |
265 |
+ goto err; |
266 |
+ if (adf_cfg_section_add(accel_dev, "Accelerator0")) |
267 |
+ goto err; |
268 |
++ |
269 |
++ /* Temporarily set the number of crypto instances to zero to avoid |
270 |
++ * registering the crypto algorithms. |
271 |
++ * This will be removed when the algorithms will support the |
272 |
++ * CRYPTO_TFM_REQ_MAY_BACKLOG flag |
273 |
++ */ |
274 |
++ instances = 0; |
275 |
++ |
276 |
+ for (i = 0; i < instances; i++) { |
277 |
+ val = i; |
278 |
+ snprintf(key, sizeof(key), ADF_CY "%d" ADF_RING_BANK_NUM, i); |
279 |
+diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c |
280 |
+index 3a489b2b99c99..86811de191edb 100644 |
281 |
+--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c |
282 |
++++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c |
283 |
+@@ -707,6 +707,12 @@ static int xgene_enet_rx_frame(struct xgene_enet_desc_ring *rx_ring, |
284 |
+ buf_pool->rx_skb[skb_index] = NULL; |
285 |
+ |
286 |
+ datalen = xgene_enet_get_data_len(le64_to_cpu(raw_desc->m1)); |
287 |
++ |
288 |
++ /* strip off CRC as HW isn't doing this */ |
289 |
++ nv = GET_VAL(NV, le64_to_cpu(raw_desc->m0)); |
290 |
++ if (!nv) |
291 |
++ datalen -= 4; |
292 |
++ |
293 |
+ skb_put(skb, datalen); |
294 |
+ prefetch(skb->data - NET_IP_ALIGN); |
295 |
+ skb->protocol = eth_type_trans(skb, ndev); |
296 |
+@@ -728,12 +734,8 @@ static int xgene_enet_rx_frame(struct xgene_enet_desc_ring *rx_ring, |
297 |
+ } |
298 |
+ } |
299 |
+ |
300 |
+- nv = GET_VAL(NV, le64_to_cpu(raw_desc->m0)); |
301 |
+- if (!nv) { |
302 |
+- /* strip off CRC as HW isn't doing this */ |
303 |
+- datalen -= 4; |
304 |
++ if (!nv) |
305 |
+ goto skip_jumbo; |
306 |
+- } |
307 |
+ |
308 |
+ slots = page_pool->slots - 1; |
309 |
+ head = page_pool->head; |
310 |
+diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c |
311 |
+index fd967a38a94a5..ced3c20d64539 100644 |
312 |
+--- a/drivers/nfc/st21nfca/se.c |
313 |
++++ b/drivers/nfc/st21nfca/se.c |
314 |
+@@ -332,6 +332,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host, |
315 |
+ return -ENOMEM; |
316 |
+ |
317 |
+ transaction->aid_len = skb->data[1]; |
318 |
++ |
319 |
++ /* Checking if the length of the AID is valid */ |
320 |
++ if (transaction->aid_len > sizeof(transaction->aid)) |
321 |
++ return -EINVAL; |
322 |
++ |
323 |
+ memcpy(transaction->aid, &skb->data[2], |
324 |
+ transaction->aid_len); |
325 |
+ |
326 |
+@@ -341,6 +346,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host, |
327 |
+ return -EPROTO; |
328 |
+ |
329 |
+ transaction->params_len = skb->data[transaction->aid_len + 3]; |
330 |
++ |
331 |
++ /* Total size is allocated (skb->len - 2) minus fixed array members */ |
332 |
++ if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction))) |
333 |
++ return -EINVAL; |
334 |
++ |
335 |
+ memcpy(transaction->params, skb->data + |
336 |
+ transaction->aid_len + 4, transaction->params_len); |
337 |
+ |
338 |
+diff --git a/drivers/staging/fbtft/fb_st7789v.c b/drivers/staging/fbtft/fb_st7789v.c |
339 |
+index 3c3f387936e80..30086ae03605f 100644 |
340 |
+--- a/drivers/staging/fbtft/fb_st7789v.c |
341 |
++++ b/drivers/staging/fbtft/fb_st7789v.c |
342 |
+@@ -76,6 +76,8 @@ enum st7789v_command { |
343 |
+ */ |
344 |
+ static int init_display(struct fbtft_par *par) |
345 |
+ { |
346 |
++ par->fbtftops.reset(par); |
347 |
++ |
348 |
+ /* turn off sleep mode */ |
349 |
+ write_reg(par, MIPI_DCS_EXIT_SLEEP_MODE); |
350 |
+ mdelay(120); |
351 |
+diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c |
352 |
+index e9d58de8b5da6..77967da5d4061 100644 |
353 |
+--- a/drivers/thermal/int340x_thermal/int3400_thermal.c |
354 |
++++ b/drivers/thermal/int340x_thermal/int3400_thermal.c |
355 |
+@@ -223,6 +223,10 @@ static void int3400_notify(acpi_handle handle, |
356 |
+ thermal_prop[4] = NULL; |
357 |
+ kobject_uevent_env(&priv->thermal->device.kobj, KOBJ_CHANGE, |
358 |
+ thermal_prop); |
359 |
++ kfree(thermal_prop[0]); |
360 |
++ kfree(thermal_prop[1]); |
361 |
++ kfree(thermal_prop[2]); |
362 |
++ kfree(thermal_prop[3]); |
363 |
+ break; |
364 |
+ default: |
365 |
+ /* Ignore unknown notification codes sent to INT3400 device */ |
366 |
+diff --git a/include/net/esp.h b/include/net/esp.h |
367 |
+index 117652eb6ea32..465e38890ee98 100644 |
368 |
+--- a/include/net/esp.h |
369 |
++++ b/include/net/esp.h |
370 |
+@@ -4,6 +4,8 @@ |
371 |
+ |
372 |
+ #include <linux/skbuff.h> |
373 |
+ |
374 |
++#define ESP_SKB_FRAG_MAXSIZE (PAGE_SIZE << SKB_FRAG_PAGE_ORDER) |
375 |
++ |
376 |
+ struct ip_esp_hdr; |
377 |
+ |
378 |
+ static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb) |
379 |
+diff --git a/include/net/sock.h b/include/net/sock.h |
380 |
+index 75677050c82ed..2bf8dcf863f2c 100644 |
381 |
+--- a/include/net/sock.h |
382 |
++++ b/include/net/sock.h |
383 |
+@@ -2518,6 +2518,9 @@ extern int sysctl_optmem_max; |
384 |
+ extern __u32 sysctl_wmem_default; |
385 |
+ extern __u32 sysctl_rmem_default; |
386 |
+ |
387 |
++/* On 32bit arches, an skb frag is limited to 2^15 */ |
388 |
++#define SKB_FRAG_PAGE_ORDER get_order(32768) |
389 |
++ |
390 |
+ static inline int sk_get_wmem0(const struct sock *sk, const struct proto *proto) |
391 |
+ { |
392 |
+ /* Does this proto have per netns sysctl_wmem ? */ |
393 |
+diff --git a/net/core/sock.c b/net/core/sock.c |
394 |
+index 41a77027a549b..79f085df52cef 100644 |
395 |
+--- a/net/core/sock.c |
396 |
++++ b/net/core/sock.c |
397 |
+@@ -2207,9 +2207,6 @@ static void sk_leave_memory_pressure(struct sock *sk) |
398 |
+ } |
399 |
+ } |
400 |
+ |
401 |
+-/* On 32bit arches, an skb frag is limited to 2^15 */ |
402 |
+-#define SKB_FRAG_PAGE_ORDER get_order(32768) |
403 |
+- |
404 |
+ /** |
405 |
+ * skb_page_frag_refill - check that a page_frag contains enough room |
406 |
+ * @sz: minimum size of the fragment we want to get |
407 |
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c |
408 |
+index 0792a9e2a555f..45bb5b60b9940 100644 |
409 |
+--- a/net/ipv4/esp4.c |
410 |
++++ b/net/ipv4/esp4.c |
411 |
+@@ -275,6 +275,7 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * |
412 |
+ struct page *page; |
413 |
+ struct sk_buff *trailer; |
414 |
+ int tailen = esp->tailen; |
415 |
++ unsigned int allocsz; |
416 |
+ |
417 |
+ /* this is non-NULL only with UDP Encapsulation */ |
418 |
+ if (x->encap) { |
419 |
+@@ -284,6 +285,10 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * |
420 |
+ return err; |
421 |
+ } |
422 |
+ |
423 |
++ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES); |
424 |
++ if (allocsz > ESP_SKB_FRAG_MAXSIZE) |
425 |
++ goto cow; |
426 |
++ |
427 |
+ if (!skb_cloned(skb)) { |
428 |
+ if (tailen <= skb_tailroom(skb)) { |
429 |
+ nfrags = 1; |
430 |
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c |
431 |
+index 25317d5ccf2cc..e3abfc97fde7f 100644 |
432 |
+--- a/net/ipv6/esp6.c |
433 |
++++ b/net/ipv6/esp6.c |
434 |
+@@ -241,6 +241,11 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info |
435 |
+ struct page *page; |
436 |
+ struct sk_buff *trailer; |
437 |
+ int tailen = esp->tailen; |
438 |
++ unsigned int allocsz; |
439 |
++ |
440 |
++ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES); |
441 |
++ if (allocsz > ESP_SKB_FRAG_MAXSIZE) |
442 |
++ goto cow; |
443 |
+ |
444 |
+ if (!skb_cloned(skb)) { |
445 |
+ if (tailen <= skb_tailroom(skb)) { |
446 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
447 |
+index fd496bda7ec78..373df391dc93c 100644 |
448 |
+--- a/net/ipv6/ip6_output.c |
449 |
++++ b/net/ipv6/ip6_output.c |
450 |
+@@ -1325,8 +1325,8 @@ static int __ip6_append_data(struct sock *sk, |
451 |
+ sizeof(struct frag_hdr) : 0) + |
452 |
+ rt->rt6i_nfheader_len; |
453 |
+ |
454 |
+- if (mtu < fragheaderlen || |
455 |
+- ((mtu - fragheaderlen) & ~7) + fragheaderlen < sizeof(struct frag_hdr)) |
456 |
++ if (mtu <= fragheaderlen || |
457 |
++ ((mtu - fragheaderlen) & ~7) + fragheaderlen <= sizeof(struct frag_hdr)) |
458 |
+ goto emsgsize; |
459 |
+ |
460 |
+ maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - |
461 |
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c |
462 |
+index 89a3dc7d5d400..5cba9199c3c91 100644 |
463 |
+--- a/net/llc/af_llc.c |
464 |
++++ b/net/llc/af_llc.c |
465 |
+@@ -276,6 +276,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) |
466 |
+ { |
467 |
+ struct sock *sk = sock->sk; |
468 |
+ struct llc_sock *llc = llc_sk(sk); |
469 |
++ struct net_device *dev = NULL; |
470 |
+ struct llc_sap *sap; |
471 |
+ int rc = -EINVAL; |
472 |
+ |
473 |
+@@ -287,14 +288,14 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) |
474 |
+ goto out; |
475 |
+ rc = -ENODEV; |
476 |
+ if (sk->sk_bound_dev_if) { |
477 |
+- llc->dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if); |
478 |
+- if (llc->dev && addr->sllc_arphrd != llc->dev->type) { |
479 |
+- dev_put(llc->dev); |
480 |
+- llc->dev = NULL; |
481 |
++ dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if); |
482 |
++ if (dev && addr->sllc_arphrd != dev->type) { |
483 |
++ dev_put(dev); |
484 |
++ dev = NULL; |
485 |
+ } |
486 |
+ } else |
487 |
+- llc->dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd); |
488 |
+- if (!llc->dev) |
489 |
++ dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd); |
490 |
++ if (!dev) |
491 |
+ goto out; |
492 |
+ rc = -EUSERS; |
493 |
+ llc->laddr.lsap = llc_ui_autoport(); |
494 |
+@@ -304,6 +305,11 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) |
495 |
+ sap = llc_sap_open(llc->laddr.lsap, NULL); |
496 |
+ if (!sap) |
497 |
+ goto out; |
498 |
++ |
499 |
++ /* Note: We do not expect errors from this point. */ |
500 |
++ llc->dev = dev; |
501 |
++ dev = NULL; |
502 |
++ |
503 |
+ memcpy(llc->laddr.mac, llc->dev->dev_addr, IFHWADDRLEN); |
504 |
+ memcpy(&llc->addr, addr, sizeof(llc->addr)); |
505 |
+ /* assign new connection to its SAP */ |
506 |
+@@ -311,6 +317,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) |
507 |
+ sock_reset_flag(sk, SOCK_ZAPPED); |
508 |
+ rc = 0; |
509 |
+ out: |
510 |
++ dev_put(dev); |
511 |
+ return rc; |
512 |
+ } |
513 |
+ |
514 |
+@@ -333,6 +340,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) |
515 |
+ struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr; |
516 |
+ struct sock *sk = sock->sk; |
517 |
+ struct llc_sock *llc = llc_sk(sk); |
518 |
++ struct net_device *dev = NULL; |
519 |
+ struct llc_sap *sap; |
520 |
+ int rc = -EINVAL; |
521 |
+ |
522 |
+@@ -349,25 +357,26 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) |
523 |
+ rc = -ENODEV; |
524 |
+ rcu_read_lock(); |
525 |
+ if (sk->sk_bound_dev_if) { |
526 |
+- llc->dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if); |
527 |
+- if (llc->dev) { |
528 |
++ dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if); |
529 |
++ if (dev) { |
530 |
+ if (is_zero_ether_addr(addr->sllc_mac)) |
531 |
+- memcpy(addr->sllc_mac, llc->dev->dev_addr, |
532 |
++ memcpy(addr->sllc_mac, dev->dev_addr, |
533 |
+ IFHWADDRLEN); |
534 |
+- if (addr->sllc_arphrd != llc->dev->type || |
535 |
++ if (addr->sllc_arphrd != dev->type || |
536 |
+ !ether_addr_equal(addr->sllc_mac, |
537 |
+- llc->dev->dev_addr)) { |
538 |
++ dev->dev_addr)) { |
539 |
+ rc = -EINVAL; |
540 |
+- llc->dev = NULL; |
541 |
++ dev = NULL; |
542 |
+ } |
543 |
+ } |
544 |
+- } else |
545 |
+- llc->dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd, |
546 |
++ } else { |
547 |
++ dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd, |
548 |
+ addr->sllc_mac); |
549 |
+- if (llc->dev) |
550 |
+- dev_hold(llc->dev); |
551 |
++ } |
552 |
++ if (dev) |
553 |
++ dev_hold(dev); |
554 |
+ rcu_read_unlock(); |
555 |
+- if (!llc->dev) |
556 |
++ if (!dev) |
557 |
+ goto out; |
558 |
+ if (!addr->sllc_sap) { |
559 |
+ rc = -EUSERS; |
560 |
+@@ -400,6 +409,11 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) |
561 |
+ goto out_put; |
562 |
+ } |
563 |
+ } |
564 |
++ |
565 |
++ /* Note: We do not expect errors from this point. */ |
566 |
++ llc->dev = dev; |
567 |
++ dev = NULL; |
568 |
++ |
569 |
+ llc->laddr.lsap = addr->sllc_sap; |
570 |
+ memcpy(llc->laddr.mac, addr->sllc_mac, IFHWADDRLEN); |
571 |
+ memcpy(&llc->addr, addr, sizeof(llc->addr)); |
572 |
+@@ -410,6 +424,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) |
573 |
+ out_put: |
574 |
+ llc_sap_put(sap); |
575 |
+ out: |
576 |
++ dev_put(dev); |
577 |
+ release_sock(sk); |
578 |
+ return rc; |
579 |
+ } |
580 |
+diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c |
581 |
+index 6804cdd43befc..9348caf1c611d 100644 |
582 |
+--- a/net/mac80211/cfg.c |
583 |
++++ b/net/mac80211/cfg.c |
584 |
+@@ -1823,13 +1823,11 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh, |
585 |
+ const struct mesh_setup *setup) |
586 |
+ { |
587 |
+ u8 *new_ie; |
588 |
+- const u8 *old_ie; |
589 |
+ struct ieee80211_sub_if_data *sdata = container_of(ifmsh, |
590 |
+ struct ieee80211_sub_if_data, u.mesh); |
591 |
+ |
592 |
+ /* allocate information elements */ |
593 |
+ new_ie = NULL; |
594 |
+- old_ie = ifmsh->ie; |
595 |
+ |
596 |
+ if (setup->ie_len) { |
597 |
+ new_ie = kmemdup(setup->ie, setup->ie_len, |
598 |
+@@ -1839,7 +1837,6 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh, |
599 |
+ } |
600 |
+ ifmsh->ie_len = setup->ie_len; |
601 |
+ ifmsh->ie = new_ie; |
602 |
+- kfree(old_ie); |
603 |
+ |
604 |
+ /* now copy the rest of the setup parameters */ |
605 |
+ ifmsh->mesh_id_len = setup->mesh_id_len; |
606 |
+diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c |
607 |
+index a3850414dba2d..7dfaad783cd55 100644 |
608 |
+--- a/net/netfilter/nf_tables_core.c |
609 |
++++ b/net/netfilter/nf_tables_core.c |
610 |
+@@ -144,7 +144,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv) |
611 |
+ struct nft_rule *const *rules; |
612 |
+ const struct nft_rule *rule; |
613 |
+ const struct nft_expr *expr, *last; |
614 |
+- struct nft_regs regs; |
615 |
++ struct nft_regs regs = {}; |
616 |
+ unsigned int stackptr = 0; |
617 |
+ struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; |
618 |
+ bool genbit = READ_ONCE(net->nft.gencursor); |
619 |
+diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c |
620 |
+index cd68a0ae82d31..c85fa85285d93 100644 |
621 |
+--- a/sound/core/oss/pcm_oss.c |
622 |
++++ b/sound/core/oss/pcm_oss.c |
623 |
+@@ -789,6 +789,11 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream, |
624 |
+ |
625 |
+ if (oss_period_size < 16) |
626 |
+ return -EINVAL; |
627 |
++ |
628 |
++ /* don't allocate too large period; 1MB period must be enough */ |
629 |
++ if (oss_period_size > 1024 * 1024) |
630 |
++ return -ENOMEM; |
631 |
++ |
632 |
+ runtime->oss.period_bytes = oss_period_size; |
633 |
+ runtime->oss.period_frames = 1; |
634 |
+ runtime->oss.periods = oss_periods; |
635 |
+@@ -1060,10 +1065,9 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream) |
636 |
+ goto failure; |
637 |
+ } |
638 |
+ #endif |
639 |
+- oss_period_size *= oss_frame_size; |
640 |
+- |
641 |
+- oss_buffer_size = oss_period_size * runtime->oss.periods; |
642 |
+- if (oss_buffer_size < 0) { |
643 |
++ oss_period_size = array_size(oss_period_size, oss_frame_size); |
644 |
++ oss_buffer_size = array_size(oss_period_size, runtime->oss.periods); |
645 |
++ if (oss_buffer_size <= 0) { |
646 |
+ err = -EINVAL; |
647 |
+ goto failure; |
648 |
+ } |
649 |
+diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c |
650 |
+index da400da1fafe6..8b7bbabeea24b 100644 |
651 |
+--- a/sound/core/oss/pcm_plugin.c |
652 |
++++ b/sound/core/oss/pcm_plugin.c |
653 |
+@@ -61,7 +61,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t |
654 |
+ } |
655 |
+ if ((width = snd_pcm_format_physical_width(format->format)) < 0) |
656 |
+ return width; |
657 |
+- size = frames * format->channels * width; |
658 |
++ size = array3_size(frames, format->channels, width); |
659 |
++ /* check for too large period size once again */ |
660 |
++ if (size > 1024 * 1024) |
661 |
++ return -ENOMEM; |
662 |
+ if (snd_BUG_ON(size % 8)) |
663 |
+ return -ENXIO; |
664 |
+ size /= 8; |
665 |
+diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c |
666 |
+index db62dbe7eaa8a..c92eca6278407 100644 |
667 |
+--- a/sound/core/pcm_native.c |
668 |
++++ b/sound/core/pcm_native.c |
669 |
+@@ -1648,21 +1648,25 @@ static int snd_pcm_do_reset(struct snd_pcm_substream *substream, int state) |
670 |
+ int err = substream->ops->ioctl(substream, SNDRV_PCM_IOCTL1_RESET, NULL); |
671 |
+ if (err < 0) |
672 |
+ return err; |
673 |
++ snd_pcm_stream_lock_irq(substream); |
674 |
+ runtime->hw_ptr_base = 0; |
675 |
+ runtime->hw_ptr_interrupt = runtime->status->hw_ptr - |
676 |
+ runtime->status->hw_ptr % runtime->period_size; |
677 |
+ runtime->silence_start = runtime->status->hw_ptr; |
678 |
+ runtime->silence_filled = 0; |
679 |
++ snd_pcm_stream_unlock_irq(substream); |
680 |
+ return 0; |
681 |
+ } |
682 |
+ |
683 |
+ static void snd_pcm_post_reset(struct snd_pcm_substream *substream, int state) |
684 |
+ { |
685 |
+ struct snd_pcm_runtime *runtime = substream->runtime; |
686 |
++ snd_pcm_stream_lock_irq(substream); |
687 |
+ runtime->control->appl_ptr = runtime->status->hw_ptr; |
688 |
+ if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK && |
689 |
+ runtime->silence_size > 0) |
690 |
+ snd_pcm_playback_silence(substream, ULONG_MAX); |
691 |
++ snd_pcm_stream_unlock_irq(substream); |
692 |
+ } |
693 |
+ |
694 |
+ static const struct action_ops snd_pcm_action_reset = { |
695 |
+diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c |
696 |
+index 27b468f057dd4..34d75d4fb93f6 100644 |
697 |
+--- a/sound/pci/ac97/ac97_codec.c |
698 |
++++ b/sound/pci/ac97/ac97_codec.c |
699 |
+@@ -958,8 +958,8 @@ static int snd_ac97_ad18xx_pcm_get_volume(struct snd_kcontrol *kcontrol, struct |
700 |
+ int codec = kcontrol->private_value & 3; |
701 |
+ |
702 |
+ mutex_lock(&ac97->page_mutex); |
703 |
+- ucontrol->value.integer.value[0] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 0) & 31); |
704 |
+- ucontrol->value.integer.value[1] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 8) & 31); |
705 |
++ ucontrol->value.integer.value[0] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 8) & 31); |
706 |
++ ucontrol->value.integer.value[1] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 0) & 31); |
707 |
+ mutex_unlock(&ac97->page_mutex); |
708 |
+ return 0; |
709 |
+ } |
710 |
+diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c |
711 |
+index 452cc79b44af3..79df78a7ec56e 100644 |
712 |
+--- a/sound/pci/cmipci.c |
713 |
++++ b/sound/pci/cmipci.c |
714 |
+@@ -315,7 +315,6 @@ MODULE_PARM_DESC(joystick_port, "Joystick port address."); |
715 |
+ #define CM_MICGAINZ 0x01 /* mic boost */ |
716 |
+ #define CM_MICGAINZ_SHIFT 0 |
717 |
+ |
718 |
+-#define CM_REG_MIXER3 0x24 |
719 |
+ #define CM_REG_AUX_VOL 0x26 |
720 |
+ #define CM_VAUXL_MASK 0xf0 |
721 |
+ #define CM_VAUXR_MASK 0x0f |
722 |
+@@ -3326,7 +3325,7 @@ static void snd_cmipci_remove(struct pci_dev *pci) |
723 |
+ */ |
724 |
+ static unsigned char saved_regs[] = { |
725 |
+ CM_REG_FUNCTRL1, CM_REG_CHFORMAT, CM_REG_LEGACY_CTRL, CM_REG_MISC_CTRL, |
726 |
+- CM_REG_MIXER0, CM_REG_MIXER1, CM_REG_MIXER2, CM_REG_MIXER3, CM_REG_PLL, |
727 |
++ CM_REG_MIXER0, CM_REG_MIXER1, CM_REG_MIXER2, CM_REG_AUX_VOL, CM_REG_PLL, |
728 |
+ CM_REG_CH0_FRAME1, CM_REG_CH0_FRAME2, |
729 |
+ CM_REG_CH1_FRAME1, CM_REG_CH1_FRAME2, CM_REG_EXT_MISC, |
730 |
+ CM_REG_INT_STATUS, CM_REG_INT_HLDCLR, CM_REG_FUNCTRL0, |
731 |
+diff --git a/sound/soc/sti/uniperif_player.c b/sound/soc/sti/uniperif_player.c |
732 |
+index 4b0beb372cd94..908f13623f8cd 100644 |
733 |
+--- a/sound/soc/sti/uniperif_player.c |
734 |
++++ b/sound/soc/sti/uniperif_player.c |
735 |
+@@ -91,7 +91,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id) |
736 |
+ SET_UNIPERIF_ITM_BCLR_FIFO_ERROR(player); |
737 |
+ |
738 |
+ /* Stop the player */ |
739 |
+- snd_pcm_stop_xrun(player->substream); |
740 |
++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN); |
741 |
+ } |
742 |
+ |
743 |
+ ret = IRQ_HANDLED; |
744 |
+@@ -105,7 +105,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id) |
745 |
+ SET_UNIPERIF_ITM_BCLR_DMA_ERROR(player); |
746 |
+ |
747 |
+ /* Stop the player */ |
748 |
+- snd_pcm_stop_xrun(player->substream); |
749 |
++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN); |
750 |
+ |
751 |
+ ret = IRQ_HANDLED; |
752 |
+ } |
753 |
+@@ -138,7 +138,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id) |
754 |
+ dev_err(player->dev, "Underflow recovery failed\n"); |
755 |
+ |
756 |
+ /* Stop the player */ |
757 |
+- snd_pcm_stop_xrun(player->substream); |
758 |
++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN); |
759 |
+ |
760 |
+ ret = IRQ_HANDLED; |
761 |
+ } |
762 |
+diff --git a/sound/soc/sti/uniperif_reader.c b/sound/soc/sti/uniperif_reader.c |
763 |
+index 7b63d35ef428b..ee0055e608529 100644 |
764 |
+--- a/sound/soc/sti/uniperif_reader.c |
765 |
++++ b/sound/soc/sti/uniperif_reader.c |
766 |
+@@ -65,7 +65,7 @@ static irqreturn_t uni_reader_irq_handler(int irq, void *dev_id) |
767 |
+ if (unlikely(status & UNIPERIF_ITS_FIFO_ERROR_MASK(reader))) { |
768 |
+ dev_err(reader->dev, "FIFO error detected\n"); |
769 |
+ |
770 |
+- snd_pcm_stop_xrun(reader->substream); |
771 |
++ snd_pcm_stop(reader->substream, SNDRV_PCM_STATE_XRUN); |
772 |
+ |
773 |
+ ret = IRQ_HANDLED; |
774 |
+ } |
775 |
+diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c |
776 |
+index a74e07eff60c3..3bb89fcaa2f5c 100644 |
777 |
+--- a/sound/usb/mixer_quirks.c |
778 |
++++ b/sound/usb/mixer_quirks.c |
779 |
+@@ -1997,9 +1997,10 @@ void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer, |
780 |
+ if (unitid == 7 && cval->control == UAC_FU_VOLUME) |
781 |
+ snd_dragonfly_quirk_db_scale(mixer, cval, kctl); |
782 |
+ break; |
783 |
+- /* lowest playback value is muted on C-Media devices */ |
784 |
+- case USB_ID(0x0d8c, 0x000c): |
785 |
+- case USB_ID(0x0d8c, 0x0014): |
786 |
++ /* lowest playback value is muted on some devices */ |
787 |
++ case USB_ID(0x0d8c, 0x000c): /* C-Media */ |
788 |
++ case USB_ID(0x0d8c, 0x0014): /* C-Media */ |
789 |
++ case USB_ID(0x19f7, 0x0003): /* RODE NT-USB */ |
790 |
+ if (strstr(kctl->id.name, "Playback")) |
791 |
+ cval->min_mute = 1; |
792 |
+ break; |