Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: /
Date: Wed, 05 Jan 2022 12:56:22
Message-Id: 1641387367.fe21ecac863d9081e7be747ad3e6c68678732bbd.mpagano@gentoo
1 commit: fe21ecac863d9081e7be747ad3e6c68678732bbd
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jan 5 12:56:07 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Jan 5 12:56:07 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=fe21ecac
7
8 Linux patch 4.14.261
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1260_linux-4.14.261.patch | 873 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 877 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index a35bbc39..cb71c828 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -1087,6 +1087,10 @@ Patch: 1259_linux-4.14.260.patch
21 From: https://www.kernel.org
22 Desc: Linux 4.14.260
23
24 +Patch: 1260_linux-4.14.261.patch
25 +From: https://www.kernel.org
26 +Desc: Linux 4.14.261
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1260_linux-4.14.261.patch b/1260_linux-4.14.261.patch
33 new file mode 100644
34 index 00000000..34c7f687
35 --- /dev/null
36 +++ b/1260_linux-4.14.261.patch
37 @@ -0,0 +1,873 @@
38 +diff --git a/Makefile b/Makefile
39 +index 8a87f5c06a830..38e64d636717b 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 4
45 + PATCHLEVEL = 14
46 +-SUBLEVEL = 260
47 ++SUBLEVEL = 261
48 + EXTRAVERSION =
49 + NAME = Petit Gorille
50 +
51 +diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
52 +index f89ea0866892c..1687368ea71f3 100644
53 +--- a/drivers/android/binder_alloc.c
54 ++++ b/drivers/android/binder_alloc.c
55 +@@ -619,7 +619,7 @@ static void binder_free_buf_locked(struct binder_alloc *alloc,
56 + BUG_ON(buffer->data > alloc->buffer + alloc->buffer_size);
57 +
58 + if (buffer->async_transaction) {
59 +- alloc->free_async_space += size + sizeof(struct binder_buffer);
60 ++ alloc->free_async_space += buffer_size + sizeof(struct binder_buffer);
61 +
62 + binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC_ASYNC,
63 + "%d: binder_free_buf size %zd async free %zd\n",
64 +diff --git a/drivers/hid/Kconfig b/drivers/hid/Kconfig
65 +index 5f5580fbd3518..a4fb3fccf1b28 100644
66 +--- a/drivers/hid/Kconfig
67 ++++ b/drivers/hid/Kconfig
68 +@@ -148,6 +148,7 @@ config HID_APPLEIR
69 +
70 + config HID_ASUS
71 + tristate "Asus"
72 ++ depends on USB_HID
73 + depends on LEDS_CLASS
74 + ---help---
75 + Support for Asus notebook built-in keyboard and touchpad via i2c, and
76 +diff --git a/drivers/input/joystick/spaceball.c b/drivers/input/joystick/spaceball.c
77 +index e9712a1b7cad9..43bc432e1d3aa 100644
78 +--- a/drivers/input/joystick/spaceball.c
79 ++++ b/drivers/input/joystick/spaceball.c
80 +@@ -35,6 +35,7 @@
81 + #include <linux/module.h>
82 + #include <linux/input.h>
83 + #include <linux/serio.h>
84 ++#include <asm/unaligned.h>
85 +
86 + #define DRIVER_DESC "SpaceTec SpaceBall 2003/3003/4000 FLX driver"
87 +
88 +@@ -91,9 +92,15 @@ static void spaceball_process_packet(struct spaceball* spaceball)
89 +
90 + case 'D': /* Ball data */
91 + if (spaceball->idx != 15) return;
92 +- for (i = 0; i < 6; i++)
93 ++ /*
94 ++ * Skip first three bytes; read six axes worth of data.
95 ++ * Axis values are signed 16-bit big-endian.
96 ++ */
97 ++ data += 3;
98 ++ for (i = 0; i < ARRAY_SIZE(spaceball_axes); i++) {
99 + input_report_abs(dev, spaceball_axes[i],
100 +- (__s16)((data[2 * i + 3] << 8) | data[2 * i + 2]));
101 ++ (__s16)get_unaligned_be16(&data[i * 2]));
102 ++ }
103 + break;
104 +
105 + case 'K': /* Button data */
106 +diff --git a/drivers/input/mouse/appletouch.c b/drivers/input/mouse/appletouch.c
107 +index 81a695d0b4e04..5b4f15a232935 100644
108 +--- a/drivers/input/mouse/appletouch.c
109 ++++ b/drivers/input/mouse/appletouch.c
110 +@@ -929,6 +929,8 @@ static int atp_probe(struct usb_interface *iface,
111 + set_bit(BTN_TOOL_TRIPLETAP, input_dev->keybit);
112 + set_bit(BTN_LEFT, input_dev->keybit);
113 +
114 ++ INIT_WORK(&dev->work, atp_reinit);
115 ++
116 + error = input_register_device(dev->input);
117 + if (error)
118 + goto err_free_buffer;
119 +@@ -936,8 +938,6 @@ static int atp_probe(struct usb_interface *iface,
120 + /* save our data pointer in this interface device */
121 + usb_set_intfdata(iface, dev);
122 +
123 +- INIT_WORK(&dev->work, atp_reinit);
124 +-
125 + return 0;
126 +
127 + err_free_buffer:
128 +diff --git a/drivers/net/ethernet/freescale/fman/fman_port.c b/drivers/net/ethernet/freescale/fman/fman_port.c
129 +index ac3d791f52821..b7295f21aa580 100644
130 +--- a/drivers/net/ethernet/freescale/fman/fman_port.c
131 ++++ b/drivers/net/ethernet/freescale/fman/fman_port.c
132 +@@ -1779,7 +1779,7 @@ static int fman_port_probe(struct platform_device *of_dev)
133 + fman = dev_get_drvdata(&fm_pdev->dev);
134 + if (!fman) {
135 + err = -EINVAL;
136 +- goto return_err;
137 ++ goto put_device;
138 + }
139 +
140 + err = of_property_read_u32(port_node, "cell-index", &val);
141 +@@ -1787,7 +1787,7 @@ static int fman_port_probe(struct platform_device *of_dev)
142 + dev_err(port->dev, "%s: reading cell-index for %pOF failed\n",
143 + __func__, port_node);
144 + err = -EINVAL;
145 +- goto return_err;
146 ++ goto put_device;
147 + }
148 + port_id = (u8)val;
149 + port->dts_params.id = port_id;
150 +@@ -1821,7 +1821,7 @@ static int fman_port_probe(struct platform_device *of_dev)
151 + } else {
152 + dev_err(port->dev, "%s: Illegal port type\n", __func__);
153 + err = -EINVAL;
154 +- goto return_err;
155 ++ goto put_device;
156 + }
157 +
158 + port->dts_params.type = port_type;
159 +@@ -1835,7 +1835,7 @@ static int fman_port_probe(struct platform_device *of_dev)
160 + dev_err(port->dev, "%s: incorrect qman-channel-id\n",
161 + __func__);
162 + err = -EINVAL;
163 +- goto return_err;
164 ++ goto put_device;
165 + }
166 + port->dts_params.qman_channel_id = qman_channel_id;
167 + }
168 +@@ -1845,7 +1845,7 @@ static int fman_port_probe(struct platform_device *of_dev)
169 + dev_err(port->dev, "%s: of_address_to_resource() failed\n",
170 + __func__);
171 + err = -ENOMEM;
172 +- goto return_err;
173 ++ goto put_device;
174 + }
175 +
176 + port->dts_params.fman = fman;
177 +@@ -1870,6 +1870,8 @@ static int fman_port_probe(struct platform_device *of_dev)
178 +
179 + return 0;
180 +
181 ++put_device:
182 ++ put_device(&fm_pdev->dev);
183 + return_err:
184 + of_node_put(port_node);
185 + free_port:
186 +diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
187 +index d18a283a0ccff..408b996ff4dfb 100644
188 +--- a/drivers/net/usb/pegasus.c
189 ++++ b/drivers/net/usb/pegasus.c
190 +@@ -498,11 +498,11 @@ static void read_bulk_callback(struct urb *urb)
191 + goto goon;
192 +
193 + rx_status = buf[count - 2];
194 +- if (rx_status & 0x1e) {
195 ++ if (rx_status & 0x1c) {
196 + netif_dbg(pegasus, rx_err, net,
197 + "RX packet error %x\n", rx_status);
198 + net->stats.rx_errors++;
199 +- if (rx_status & 0x06) /* long or runt */
200 ++ if (rx_status & 0x04) /* runt */
201 + net->stats.rx_length_errors++;
202 + if (rx_status & 0x08)
203 + net->stats.rx_crc_errors++;
204 +diff --git a/drivers/nfc/st21nfca/i2c.c b/drivers/nfc/st21nfca/i2c.c
205 +index cd1f7bfa75ebe..dc9dd66cf6735 100644
206 +--- a/drivers/nfc/st21nfca/i2c.c
207 ++++ b/drivers/nfc/st21nfca/i2c.c
208 +@@ -544,7 +544,8 @@ static int st21nfca_hci_i2c_probe(struct i2c_client *client,
209 + phy->gpiod_ena = devm_gpiod_get(dev, "enable", GPIOD_OUT_LOW);
210 + if (IS_ERR(phy->gpiod_ena)) {
211 + nfc_err(dev, "Unable to get ENABLE GPIO\n");
212 +- return PTR_ERR(phy->gpiod_ena);
213 ++ r = PTR_ERR(phy->gpiod_ena);
214 ++ goto out_free;
215 + }
216 +
217 + phy->se_status.is_ese_present =
218 +@@ -555,7 +556,7 @@ static int st21nfca_hci_i2c_probe(struct i2c_client *client,
219 + r = st21nfca_hci_platform_init(phy);
220 + if (r < 0) {
221 + nfc_err(&client->dev, "Unable to reboot st21nfca\n");
222 +- return r;
223 ++ goto out_free;
224 + }
225 +
226 + r = devm_request_threaded_irq(&client->dev, client->irq, NULL,
227 +@@ -564,15 +565,23 @@ static int st21nfca_hci_i2c_probe(struct i2c_client *client,
228 + ST21NFCA_HCI_DRIVER_NAME, phy);
229 + if (r < 0) {
230 + nfc_err(&client->dev, "Unable to register IRQ handler\n");
231 +- return r;
232 ++ goto out_free;
233 + }
234 +
235 +- return st21nfca_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
236 +- ST21NFCA_FRAME_HEADROOM,
237 +- ST21NFCA_FRAME_TAILROOM,
238 +- ST21NFCA_HCI_LLC_MAX_PAYLOAD,
239 +- &phy->hdev,
240 +- &phy->se_status);
241 ++ r = st21nfca_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
242 ++ ST21NFCA_FRAME_HEADROOM,
243 ++ ST21NFCA_FRAME_TAILROOM,
244 ++ ST21NFCA_HCI_LLC_MAX_PAYLOAD,
245 ++ &phy->hdev,
246 ++ &phy->se_status);
247 ++ if (r)
248 ++ goto out_free;
249 ++
250 ++ return 0;
251 ++
252 ++out_free:
253 ++ kfree_skb(phy->pending_skb);
254 ++ return r;
255 + }
256 +
257 + static int st21nfca_hci_i2c_remove(struct i2c_client *client)
258 +@@ -585,6 +594,8 @@ static int st21nfca_hci_i2c_remove(struct i2c_client *client)
259 +
260 + if (phy->powered)
261 + st21nfca_hci_i2c_disable(phy);
262 ++ if (phy->pending_skb)
263 ++ kfree_skb(phy->pending_skb);
264 +
265 + return 0;
266 + }
267 +diff --git a/drivers/platform/x86/apple-gmux.c b/drivers/platform/x86/apple-gmux.c
268 +index 7c4eb86c851ed..5463d740f3523 100644
269 +--- a/drivers/platform/x86/apple-gmux.c
270 ++++ b/drivers/platform/x86/apple-gmux.c
271 +@@ -628,7 +628,7 @@ static int gmux_probe(struct pnp_dev *pnp, const struct pnp_device_id *id)
272 + }
273 +
274 + gmux_data->iostart = res->start;
275 +- gmux_data->iolen = res->end - res->start;
276 ++ gmux_data->iolen = resource_size(res);
277 +
278 + if (gmux_data->iolen < GMUX_MIN_IO_LEN) {
279 + pr_err("gmux I/O region too small (%lu < %u)\n",
280 +diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
281 +index c77ad2b78ce49..39a1c9e18c0ea 100644
282 +--- a/drivers/scsi/lpfc/lpfc_debugfs.c
283 ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c
284 +@@ -2177,8 +2177,8 @@ lpfc_debugfs_nvmeio_trc_write(struct file *file, const char __user *buf,
285 + char mybuf[64];
286 + char *pbuf;
287 +
288 +- if (nbytes > 64)
289 +- nbytes = 64;
290 ++ if (nbytes > 63)
291 ++ nbytes = 63;
292 +
293 + memset(mybuf, 0, sizeof(mybuf));
294 +
295 +diff --git a/drivers/scsi/vmw_pvscsi.c b/drivers/scsi/vmw_pvscsi.c
296 +index 2c707b5c7b0b7..68b5177bf09d6 100644
297 +--- a/drivers/scsi/vmw_pvscsi.c
298 ++++ b/drivers/scsi/vmw_pvscsi.c
299 +@@ -578,9 +578,12 @@ static void pvscsi_complete_request(struct pvscsi_adapter *adapter,
300 + * Commands like INQUIRY may transfer less data than
301 + * requested by the initiator via bufflen. Set residual
302 + * count to make upper layer aware of the actual amount
303 +- * of data returned.
304 ++ * of data returned. There are cases when controller
305 ++ * returns zero dataLen with non zero data - do not set
306 ++ * residual count in that case.
307 + */
308 +- scsi_set_resid(cmd, scsi_bufflen(cmd) - e->dataLen);
309 ++ if (e->dataLen && (e->dataLen < scsi_bufflen(cmd)))
310 ++ scsi_set_resid(cmd, scsi_bufflen(cmd) - e->dataLen);
311 + cmd->result = (DID_OK << 16);
312 + break;
313 +
314 +diff --git a/drivers/tee/tee_private.h b/drivers/tee/tee_private.h
315 +index 21cb6be8bce94..4ef325f782d11 100644
316 +--- a/drivers/tee/tee_private.h
317 ++++ b/drivers/tee/tee_private.h
318 +@@ -31,7 +31,7 @@ struct tee_device;
319 + * @paddr: physical address of the shared memory
320 + * @kaddr: virtual address of the shared memory
321 + * @size: size of shared memory
322 +- * @dmabuf: dmabuf used to for exporting to user space
323 ++ * @refcount: reference counter
324 + * @flags: defined by TEE_SHM_* in tee_drv.h
325 + * @id: unique id of a shared memory object on this device
326 + */
327 +@@ -42,7 +42,7 @@ struct tee_shm {
328 + phys_addr_t paddr;
329 + void *kaddr;
330 + size_t size;
331 +- struct dma_buf *dmabuf;
332 ++ refcount_t refcount;
333 + u32 flags;
334 + int id;
335 + };
336 +diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c
337 +index ea3ce4e17b855..b8f171b9658b8 100644
338 +--- a/drivers/tee/tee_shm.c
339 ++++ b/drivers/tee/tee_shm.c
340 +@@ -1,5 +1,5 @@
341 + /*
342 +- * Copyright (c) 2015-2016, Linaro Limited
343 ++ * Copyright (c) 2015-2017, 2019-2021 Linaro Limited
344 + *
345 + * This software is licensed under the terms of the GNU General Public
346 + * License version 2, as published by the Free Software Foundation, and
347 +@@ -11,26 +11,19 @@
348 + * GNU General Public License for more details.
349 + *
350 + */
351 ++#include <linux/anon_inodes.h>
352 + #include <linux/device.h>
353 +-#include <linux/dma-buf.h>
354 +-#include <linux/fdtable.h>
355 + #include <linux/idr.h>
356 ++#include <linux/mm.h>
357 + #include <linux/sched.h>
358 + #include <linux/slab.h>
359 + #include <linux/tee_drv.h>
360 + #include "tee_private.h"
361 +
362 +-static void tee_shm_release(struct tee_shm *shm)
363 ++static void tee_shm_release(struct tee_device *teedev, struct tee_shm *shm)
364 + {
365 +- struct tee_device *teedev = shm->teedev;
366 + struct tee_shm_pool_mgr *poolm;
367 +
368 +- mutex_lock(&teedev->mutex);
369 +- idr_remove(&teedev->idr, shm->id);
370 +- if (shm->ctx)
371 +- list_del(&shm->link);
372 +- mutex_unlock(&teedev->mutex);
373 +-
374 + if (shm->flags & TEE_SHM_DMA_BUF)
375 + poolm = &teedev->pool->dma_buf_mgr;
376 + else
377 +@@ -42,53 +35,6 @@ static void tee_shm_release(struct tee_shm *shm)
378 + tee_device_put(teedev);
379 + }
380 +
381 +-static struct sg_table *tee_shm_op_map_dma_buf(struct dma_buf_attachment
382 +- *attach, enum dma_data_direction dir)
383 +-{
384 +- return NULL;
385 +-}
386 +-
387 +-static void tee_shm_op_unmap_dma_buf(struct dma_buf_attachment *attach,
388 +- struct sg_table *table,
389 +- enum dma_data_direction dir)
390 +-{
391 +-}
392 +-
393 +-static void tee_shm_op_release(struct dma_buf *dmabuf)
394 +-{
395 +- struct tee_shm *shm = dmabuf->priv;
396 +-
397 +- tee_shm_release(shm);
398 +-}
399 +-
400 +-static void *tee_shm_op_map_atomic(struct dma_buf *dmabuf, unsigned long pgnum)
401 +-{
402 +- return NULL;
403 +-}
404 +-
405 +-static void *tee_shm_op_map(struct dma_buf *dmabuf, unsigned long pgnum)
406 +-{
407 +- return NULL;
408 +-}
409 +-
410 +-static int tee_shm_op_mmap(struct dma_buf *dmabuf, struct vm_area_struct *vma)
411 +-{
412 +- struct tee_shm *shm = dmabuf->priv;
413 +- size_t size = vma->vm_end - vma->vm_start;
414 +-
415 +- return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT,
416 +- size, vma->vm_page_prot);
417 +-}
418 +-
419 +-static const struct dma_buf_ops tee_shm_dma_buf_ops = {
420 +- .map_dma_buf = tee_shm_op_map_dma_buf,
421 +- .unmap_dma_buf = tee_shm_op_unmap_dma_buf,
422 +- .release = tee_shm_op_release,
423 +- .map_atomic = tee_shm_op_map_atomic,
424 +- .map = tee_shm_op_map,
425 +- .mmap = tee_shm_op_mmap,
426 +-};
427 +-
428 + /**
429 + * tee_shm_alloc() - Allocate shared memory
430 + * @ctx: Context that allocates the shared memory
431 +@@ -135,6 +81,7 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags)
432 + goto err_dev_put;
433 + }
434 +
435 ++ refcount_set(&shm->refcount, 1);
436 + shm->flags = flags;
437 + shm->teedev = teedev;
438 + shm->ctx = ctx;
439 +@@ -157,29 +104,11 @@ struct tee_shm *tee_shm_alloc(struct tee_context *ctx, size_t size, u32 flags)
440 + goto err_pool_free;
441 + }
442 +
443 +- if (flags & TEE_SHM_DMA_BUF) {
444 +- DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
445 +-
446 +- exp_info.ops = &tee_shm_dma_buf_ops;
447 +- exp_info.size = shm->size;
448 +- exp_info.flags = O_RDWR;
449 +- exp_info.priv = shm;
450 +-
451 +- shm->dmabuf = dma_buf_export(&exp_info);
452 +- if (IS_ERR(shm->dmabuf)) {
453 +- ret = ERR_CAST(shm->dmabuf);
454 +- goto err_rem;
455 +- }
456 +- }
457 + mutex_lock(&teedev->mutex);
458 + list_add_tail(&shm->link, &ctx->list_shm);
459 + mutex_unlock(&teedev->mutex);
460 +
461 + return shm;
462 +-err_rem:
463 +- mutex_lock(&teedev->mutex);
464 +- idr_remove(&teedev->idr, shm->id);
465 +- mutex_unlock(&teedev->mutex);
466 + err_pool_free:
467 + poolm->ops->free(poolm, shm);
468 + err_kfree:
469 +@@ -190,6 +119,31 @@ err_dev_put:
470 + }
471 + EXPORT_SYMBOL_GPL(tee_shm_alloc);
472 +
473 ++static int tee_shm_fop_release(struct inode *inode, struct file *filp)
474 ++{
475 ++ tee_shm_put(filp->private_data);
476 ++ return 0;
477 ++}
478 ++
479 ++static int tee_shm_fop_mmap(struct file *filp, struct vm_area_struct *vma)
480 ++{
481 ++ struct tee_shm *shm = filp->private_data;
482 ++ size_t size = vma->vm_end - vma->vm_start;
483 ++
484 ++ /* check for overflowing the buffer's size */
485 ++ if (vma->vm_pgoff + vma_pages(vma) > shm->size >> PAGE_SHIFT)
486 ++ return -EINVAL;
487 ++
488 ++ return remap_pfn_range(vma, vma->vm_start, shm->paddr >> PAGE_SHIFT,
489 ++ size, vma->vm_page_prot);
490 ++}
491 ++
492 ++static const struct file_operations tee_shm_fops = {
493 ++ .owner = THIS_MODULE,
494 ++ .release = tee_shm_fop_release,
495 ++ .mmap = tee_shm_fop_mmap,
496 ++};
497 ++
498 + /**
499 + * tee_shm_get_fd() - Increase reference count and return file descriptor
500 + * @shm: Shared memory handle
501 +@@ -203,10 +157,11 @@ int tee_shm_get_fd(struct tee_shm *shm)
502 + if ((shm->flags & req_flags) != req_flags)
503 + return -EINVAL;
504 +
505 +- get_dma_buf(shm->dmabuf);
506 +- fd = dma_buf_fd(shm->dmabuf, O_CLOEXEC);
507 ++ /* matched by tee_shm_put() in tee_shm_op_release() */
508 ++ refcount_inc(&shm->refcount);
509 ++ fd = anon_inode_getfd("tee_shm", &tee_shm_fops, shm, O_RDWR);
510 + if (fd < 0)
511 +- dma_buf_put(shm->dmabuf);
512 ++ tee_shm_put(shm);
513 + return fd;
514 + }
515 +
516 +@@ -216,17 +171,7 @@ int tee_shm_get_fd(struct tee_shm *shm)
517 + */
518 + void tee_shm_free(struct tee_shm *shm)
519 + {
520 +- /*
521 +- * dma_buf_put() decreases the dmabuf reference counter and will
522 +- * call tee_shm_release() when the last reference is gone.
523 +- *
524 +- * In the case of driver private memory we call tee_shm_release
525 +- * directly instead as it doesn't have a reference counter.
526 +- */
527 +- if (shm->flags & TEE_SHM_DMA_BUF)
528 +- dma_buf_put(shm->dmabuf);
529 +- else
530 +- tee_shm_release(shm);
531 ++ tee_shm_put(shm);
532 + }
533 + EXPORT_SYMBOL_GPL(tee_shm_free);
534 +
535 +@@ -327,10 +272,15 @@ struct tee_shm *tee_shm_get_from_id(struct tee_context *ctx, int id)
536 + teedev = ctx->teedev;
537 + mutex_lock(&teedev->mutex);
538 + shm = idr_find(&teedev->idr, id);
539 ++ /*
540 ++ * If the tee_shm was found in the IDR it must have a refcount
541 ++ * larger than 0 due to the guarantee in tee_shm_put() below. So
542 ++ * it's safe to use refcount_inc().
543 ++ */
544 + if (!shm || shm->ctx != ctx)
545 + shm = ERR_PTR(-EINVAL);
546 +- else if (shm->flags & TEE_SHM_DMA_BUF)
547 +- get_dma_buf(shm->dmabuf);
548 ++ else
549 ++ refcount_inc(&shm->refcount);
550 + mutex_unlock(&teedev->mutex);
551 + return shm;
552 + }
553 +@@ -353,7 +303,24 @@ EXPORT_SYMBOL_GPL(tee_shm_get_id);
554 + */
555 + void tee_shm_put(struct tee_shm *shm)
556 + {
557 +- if (shm->flags & TEE_SHM_DMA_BUF)
558 +- dma_buf_put(shm->dmabuf);
559 ++ struct tee_device *teedev = shm->teedev;
560 ++ bool do_release = false;
561 ++
562 ++ mutex_lock(&teedev->mutex);
563 ++ if (refcount_dec_and_test(&shm->refcount)) {
564 ++ /*
565 ++ * refcount has reached 0, we must now remove it from the
566 ++ * IDR before releasing the mutex. This will guarantee
567 ++ * that the refcount_inc() in tee_shm_get_from_id() never
568 ++ * starts from 0.
569 ++ */
570 ++ if (shm->ctx)
571 ++ list_del(&shm->link);
572 ++ do_release = true;
573 ++ }
574 ++ mutex_unlock(&teedev->mutex);
575 ++
576 ++ if (do_release)
577 ++ tee_shm_release(teedev, shm);
578 + }
579 + EXPORT_SYMBOL_GPL(tee_shm_put);
580 +diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
581 +index 5dfe926c251a7..6029f9b00b4a0 100644
582 +--- a/drivers/usb/gadget/function/f_fs.c
583 ++++ b/drivers/usb/gadget/function/f_fs.c
584 +@@ -1688,11 +1688,15 @@ static void ffs_data_clear(struct ffs_data *ffs)
585 +
586 + BUG_ON(ffs->gadget);
587 +
588 +- if (ffs->epfiles)
589 ++ if (ffs->epfiles) {
590 + ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
591 ++ ffs->epfiles = NULL;
592 ++ }
593 +
594 +- if (ffs->ffs_eventfd)
595 ++ if (ffs->ffs_eventfd) {
596 + eventfd_ctx_put(ffs->ffs_eventfd);
597 ++ ffs->ffs_eventfd = NULL;
598 ++ }
599 +
600 + kfree(ffs->raw_descs_data);
601 + kfree(ffs->raw_strings);
602 +@@ -1705,7 +1709,6 @@ static void ffs_data_reset(struct ffs_data *ffs)
603 +
604 + ffs_data_clear(ffs);
605 +
606 +- ffs->epfiles = NULL;
607 + ffs->raw_descs_data = NULL;
608 + ffs->raw_descs = NULL;
609 + ffs->raw_strings = NULL;
610 +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
611 +index 0e419cb53de4f..bf649af49cbdb 100644
612 +--- a/drivers/usb/host/xhci-pci.c
613 ++++ b/drivers/usb/host/xhci-pci.c
614 +@@ -100,7 +100,6 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
615 + /* Look for vendor-specific quirks */
616 + if (pdev->vendor == PCI_VENDOR_ID_FRESCO_LOGIC &&
617 + (pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_PDK ||
618 +- pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_FL1100 ||
619 + pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_FL1400)) {
620 + if (pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_PDK &&
621 + pdev->revision == 0x0) {
622 +@@ -135,6 +134,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
623 + pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_FL1009)
624 + xhci->quirks |= XHCI_BROKEN_STREAMS;
625 +
626 ++ if (pdev->vendor == PCI_VENDOR_ID_FRESCO_LOGIC &&
627 ++ pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_FL1100)
628 ++ xhci->quirks |= XHCI_TRUST_TX_LENGTH;
629 ++
630 + if (pdev->vendor == PCI_VENDOR_ID_NEC)
631 + xhci->quirks |= XHCI_NEC_HOST;
632 +
633 +diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
634 +index c713bd62428f6..6c20a08a54ae1 100644
635 +--- a/include/net/sctp/sctp.h
636 ++++ b/include/net/sctp/sctp.h
637 +@@ -118,6 +118,7 @@ extern struct percpu_counter sctp_sockets_allocated;
638 + int sctp_asconf_mgmt(struct sctp_sock *, struct sctp_sockaddr_entry *);
639 + struct sk_buff *sctp_skb_recv_datagram(struct sock *, int, int, int *);
640 +
641 ++typedef int (*sctp_callback_t)(struct sctp_endpoint *, struct sctp_transport *, void *);
642 + int sctp_transport_walk_start(struct rhashtable_iter *iter);
643 + void sctp_transport_walk_stop(struct rhashtable_iter *iter);
644 + struct sctp_transport *sctp_transport_get_next(struct net *net,
645 +@@ -128,9 +129,8 @@ int sctp_transport_lookup_process(int (*cb)(struct sctp_transport *, void *),
646 + struct net *net,
647 + const union sctp_addr *laddr,
648 + const union sctp_addr *paddr, void *p);
649 +-int sctp_for_each_transport(int (*cb)(struct sctp_transport *, void *),
650 +- int (*cb_done)(struct sctp_transport *, void *),
651 +- struct net *net, int *pos, void *p);
652 ++int sctp_transport_traverse_process(sctp_callback_t cb, sctp_callback_t cb_done,
653 ++ struct net *net, int *pos, void *p);
654 + int sctp_for_each_endpoint(int (*cb)(struct sctp_endpoint *, void *), void *p);
655 + int sctp_get_sctp_info(struct sock *sk, struct sctp_association *asoc,
656 + struct sctp_info *info);
657 +diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
658 +index 5831a304e61b2..adbd8ad778f41 100644
659 +--- a/include/net/sctp/structs.h
660 ++++ b/include/net/sctp/structs.h
661 +@@ -1272,6 +1272,7 @@ struct sctp_endpoint {
662 + reconf_enable:1;
663 +
664 + __u8 strreset_enable;
665 ++ struct rcu_head rcu;
666 + };
667 +
668 + /* Recover the outter endpoint structure. */
669 +@@ -1287,7 +1288,7 @@ static inline struct sctp_endpoint *sctp_ep(struct sctp_ep_common *base)
670 + struct sctp_endpoint *sctp_endpoint_new(struct sock *, gfp_t);
671 + void sctp_endpoint_free(struct sctp_endpoint *);
672 + void sctp_endpoint_put(struct sctp_endpoint *);
673 +-void sctp_endpoint_hold(struct sctp_endpoint *);
674 ++int sctp_endpoint_hold(struct sctp_endpoint *ep);
675 + void sctp_endpoint_add_asoc(struct sctp_endpoint *, struct sctp_association *);
676 + struct sctp_association *sctp_endpoint_lookup_assoc(
677 + const struct sctp_endpoint *ep,
678 +diff --git a/include/uapi/linux/nfc.h b/include/uapi/linux/nfc.h
679 +index 399f39ff8048d..1b6d54a328bad 100644
680 +--- a/include/uapi/linux/nfc.h
681 ++++ b/include/uapi/linux/nfc.h
682 +@@ -261,7 +261,7 @@ enum nfc_sdp_attr {
683 + #define NFC_SE_ENABLED 0x1
684 +
685 + struct sockaddr_nfc {
686 +- sa_family_t sa_family;
687 ++ __kernel_sa_family_t sa_family;
688 + __u32 dev_idx;
689 + __u32 target_idx;
690 + __u32 nfc_protocol;
691 +@@ -269,14 +269,14 @@ struct sockaddr_nfc {
692 +
693 + #define NFC_LLCP_MAX_SERVICE_NAME 63
694 + struct sockaddr_nfc_llcp {
695 +- sa_family_t sa_family;
696 ++ __kernel_sa_family_t sa_family;
697 + __u32 dev_idx;
698 + __u32 target_idx;
699 + __u32 nfc_protocol;
700 + __u8 dsap; /* Destination SAP, if known */
701 + __u8 ssap; /* Source SAP to be bound to */
702 + char service_name[NFC_LLCP_MAX_SERVICE_NAME]; /* Service name URI */;
703 +- size_t service_name_len;
704 ++ __kernel_size_t service_name_len;
705 + };
706 +
707 + /* NFC socket protocols */
708 +diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
709 +index f31c09873d0f8..d0ef51d49f8a9 100644
710 +--- a/net/ipv4/af_inet.c
711 ++++ b/net/ipv4/af_inet.c
712 +@@ -1883,6 +1883,10 @@ static int __init inet_init(void)
713 +
714 + ip_init();
715 +
716 ++ /* Initialise per-cpu ipv4 mibs */
717 ++ if (init_ipv4_mibs())
718 ++ panic("%s: Cannot init ipv4 mibs\n", __func__);
719 ++
720 + /* Setup TCP slab cache for open requests. */
721 + tcp_init();
722 +
723 +@@ -1911,12 +1915,6 @@ static int __init inet_init(void)
724 +
725 + if (init_inet_pernet_ops())
726 + pr_crit("%s: Cannot init ipv4 inet pernet ops\n", __func__);
727 +- /*
728 +- * Initialise per-cpu ipv4 mibs
729 +- */
730 +-
731 +- if (init_ipv4_mibs())
732 +- pr_crit("%s: Cannot init ipv4 mibs\n", __func__);
733 +
734 + ipv4_proc_init();
735 +
736 +diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
737 +index c71b4191df1e7..8d3ee8bb6181d 100644
738 +--- a/net/sctp/endpointola.c
739 ++++ b/net/sctp/endpointola.c
740 +@@ -242,6 +242,18 @@ void sctp_endpoint_free(struct sctp_endpoint *ep)
741 + }
742 +
743 + /* Final destructor for endpoint. */
744 ++static void sctp_endpoint_destroy_rcu(struct rcu_head *head)
745 ++{
746 ++ struct sctp_endpoint *ep = container_of(head, struct sctp_endpoint, rcu);
747 ++ struct sock *sk = ep->base.sk;
748 ++
749 ++ sctp_sk(sk)->ep = NULL;
750 ++ sock_put(sk);
751 ++
752 ++ kfree(ep);
753 ++ SCTP_DBG_OBJCNT_DEC(ep);
754 ++}
755 ++
756 + static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
757 + {
758 + struct sock *sk;
759 +@@ -275,18 +287,13 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
760 + if (sctp_sk(sk)->bind_hash)
761 + sctp_put_port(sk);
762 +
763 +- sctp_sk(sk)->ep = NULL;
764 +- /* Give up our hold on the sock */
765 +- sock_put(sk);
766 +-
767 +- kfree(ep);
768 +- SCTP_DBG_OBJCNT_DEC(ep);
769 ++ call_rcu(&ep->rcu, sctp_endpoint_destroy_rcu);
770 + }
771 +
772 + /* Hold a reference to an endpoint. */
773 +-void sctp_endpoint_hold(struct sctp_endpoint *ep)
774 ++int sctp_endpoint_hold(struct sctp_endpoint *ep)
775 + {
776 +- refcount_inc(&ep->base.refcnt);
777 ++ return refcount_inc_not_zero(&ep->base.refcnt);
778 + }
779 +
780 + /* Release a reference to an endpoint and clean up if there are
781 +diff --git a/net/sctp/sctp_diag.c b/net/sctp/sctp_diag.c
782 +index 6a5a3dfa6c8d6..7c7b476bad310 100644
783 +--- a/net/sctp/sctp_diag.c
784 ++++ b/net/sctp/sctp_diag.c
785 +@@ -276,9 +276,8 @@ out:
786 + return err;
787 + }
788 +
789 +-static int sctp_sock_dump(struct sctp_transport *tsp, void *p)
790 ++static int sctp_sock_dump(struct sctp_endpoint *ep, struct sctp_transport *tsp, void *p)
791 + {
792 +- struct sctp_endpoint *ep = tsp->asoc->ep;
793 + struct sctp_comm_param *commp = p;
794 + struct sock *sk = ep->base.sk;
795 + struct sk_buff *skb = commp->skb;
796 +@@ -288,6 +287,8 @@ static int sctp_sock_dump(struct sctp_transport *tsp, void *p)
797 + int err = 0;
798 +
799 + lock_sock(sk);
800 ++ if (ep != tsp->asoc->ep)
801 ++ goto release;
802 + list_for_each_entry(assoc, &ep->asocs, asocs) {
803 + if (cb->args[4] < cb->args[1])
804 + goto next;
805 +@@ -330,9 +331,8 @@ release:
806 + return err;
807 + }
808 +
809 +-static int sctp_sock_filter(struct sctp_transport *tsp, void *p)
810 ++static int sctp_sock_filter(struct sctp_endpoint *ep, struct sctp_transport *tsp, void *p)
811 + {
812 +- struct sctp_endpoint *ep = tsp->asoc->ep;
813 + struct sctp_comm_param *commp = p;
814 + struct sock *sk = ep->base.sk;
815 + const struct inet_diag_req_v2 *r = commp->r;
816 +@@ -490,8 +490,8 @@ skip:
817 + if (!(idiag_states & ~(TCPF_LISTEN | TCPF_CLOSE)))
818 + goto done;
819 +
820 +- sctp_for_each_transport(sctp_sock_filter, sctp_sock_dump,
821 +- net, &pos, &commp);
822 ++ sctp_transport_traverse_process(sctp_sock_filter, sctp_sock_dump,
823 ++ net, &pos, &commp);
824 + cb->args[2] = pos;
825 +
826 + done:
827 +diff --git a/net/sctp/socket.c b/net/sctp/socket.c
828 +index 8d64caa72cbaa..fac24f329c1d0 100644
829 +--- a/net/sctp/socket.c
830 ++++ b/net/sctp/socket.c
831 +@@ -4738,11 +4738,12 @@ int sctp_transport_lookup_process(int (*cb)(struct sctp_transport *, void *),
832 + }
833 + EXPORT_SYMBOL_GPL(sctp_transport_lookup_process);
834 +
835 +-int sctp_for_each_transport(int (*cb)(struct sctp_transport *, void *),
836 +- int (*cb_done)(struct sctp_transport *, void *),
837 +- struct net *net, int *pos, void *p) {
838 ++int sctp_transport_traverse_process(sctp_callback_t cb, sctp_callback_t cb_done,
839 ++ struct net *net, int *pos, void *p)
840 ++{
841 + struct rhashtable_iter hti;
842 + struct sctp_transport *tsp;
843 ++ struct sctp_endpoint *ep;
844 + int ret;
845 +
846 + again:
847 +@@ -4752,26 +4753,32 @@ again:
848 +
849 + tsp = sctp_transport_get_idx(net, &hti, *pos + 1);
850 + for (; !IS_ERR_OR_NULL(tsp); tsp = sctp_transport_get_next(net, &hti)) {
851 +- ret = cb(tsp, p);
852 +- if (ret)
853 +- break;
854 ++ ep = tsp->asoc->ep;
855 ++ if (sctp_endpoint_hold(ep)) { /* asoc can be peeled off */
856 ++ ret = cb(ep, tsp, p);
857 ++ if (ret)
858 ++ break;
859 ++ sctp_endpoint_put(ep);
860 ++ }
861 + (*pos)++;
862 + sctp_transport_put(tsp);
863 + }
864 + sctp_transport_walk_stop(&hti);
865 +
866 + if (ret) {
867 +- if (cb_done && !cb_done(tsp, p)) {
868 ++ if (cb_done && !cb_done(ep, tsp, p)) {
869 + (*pos)++;
870 ++ sctp_endpoint_put(ep);
871 + sctp_transport_put(tsp);
872 + goto again;
873 + }
874 ++ sctp_endpoint_put(ep);
875 + sctp_transport_put(tsp);
876 + }
877 +
878 + return ret;
879 + }
880 +-EXPORT_SYMBOL_GPL(sctp_for_each_transport);
881 ++EXPORT_SYMBOL_GPL(sctp_transport_traverse_process);
882 +
883 + /* 7.2.1 Association Status (SCTP_STATUS)
884 +
885 +diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl
886 +index ebc78cb3bc7dc..5a5916fe56928 100755
887 +--- a/scripts/recordmcount.pl
888 ++++ b/scripts/recordmcount.pl
889 +@@ -252,7 +252,7 @@ if ($arch eq "x86_64") {
890 +
891 + } elsif ($arch eq "s390" && $bits == 64) {
892 + if ($cc =~ /-DCC_USING_HOTPATCH/) {
893 +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*(bcrl\\s*0,|jgnop\\s*)[0-9a-f]+ <([^\+]*)>\$";
894 ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*c0 04 00 00 00 00\\s*(brcl\\s*0,|jgnop\\s*)[0-9a-f]+ <([^\+]*)>\$";
895 + $mcount_adjust = 0;
896 + } else {
897 + $mcount_regex = "^\\s*([0-9a-fA-F]+):\\s*R_390_(PC|PLT)32DBL\\s+_mcount\\+0x2\$";
898 +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
899 +index 9bb1d492f7047..38a4db1f3aaa3 100644
900 +--- a/security/selinux/hooks.c
901 ++++ b/security/selinux/hooks.c
902 +@@ -5321,7 +5321,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
903 + struct common_audit_data ad;
904 + struct lsm_network_audit net = {0,};
905 + char *addrp;
906 +- u8 proto;
907 ++ u8 proto = 0;
908 +
909 + if (sk == NULL)
910 + return NF_ACCEPT;
Report Message
Find on MARC Find on Google Groups