1 |
commit: e5d216e0258419f8f3e76a26315623f825786c6d |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 9 17:51:40 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 9 17:51:40 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e5d216e0 |
7 |
|
8 |
proj/linux-patches: Linux patch 4.9.149 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1148_linux-4.9.149.patch | 1651 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1655 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 490672d..81b354f 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -635,6 +635,10 @@ Patch: 1147_linux-4.9.148.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.148 |
23 |
|
24 |
+Patch: 1148_linux-4.9.149.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.149 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1148_linux-4.9.149.patch b/1148_linux-4.9.149.patch |
33 |
new file mode 100644 |
34 |
index 0000000..95ea39d |
35 |
--- /dev/null |
36 |
+++ b/1148_linux-4.9.149.patch |
37 |
@@ -0,0 +1,1651 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index 1b71b11ea63e..1feac0246fe2 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 9 |
45 |
+-SUBLEVEL = 148 |
46 |
++SUBLEVEL = 149 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Roaring Lionus |
49 |
+ |
50 |
+diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h |
51 |
+index 0dbc1c6ab7dc..68dedca5a47e 100644 |
52 |
+--- a/arch/arm64/include/asm/kvm_arm.h |
53 |
++++ b/arch/arm64/include/asm/kvm_arm.h |
54 |
+@@ -99,7 +99,7 @@ |
55 |
+ TCR_EL2_ORGN0_MASK | TCR_EL2_IRGN0_MASK | TCR_EL2_T0SZ_MASK) |
56 |
+ |
57 |
+ /* VTCR_EL2 Registers bits */ |
58 |
+-#define VTCR_EL2_RES1 (1 << 31) |
59 |
++#define VTCR_EL2_RES1 (1U << 31) |
60 |
+ #define VTCR_EL2_HD (1 << 22) |
61 |
+ #define VTCR_EL2_HA (1 << 21) |
62 |
+ #define VTCR_EL2_PS_MASK TCR_EL2_PS_MASK |
63 |
+diff --git a/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c b/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c |
64 |
+index 37fe58c19a90..542c3ede9722 100644 |
65 |
+--- a/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c |
66 |
++++ b/arch/mips/boot/compressed/calc_vmlinuz_load_addr.c |
67 |
+@@ -13,6 +13,7 @@ |
68 |
+ #include <stdint.h> |
69 |
+ #include <stdio.h> |
70 |
+ #include <stdlib.h> |
71 |
++#include "../../../../include/linux/sizes.h" |
72 |
+ |
73 |
+ int main(int argc, char *argv[]) |
74 |
+ { |
75 |
+@@ -45,11 +46,11 @@ int main(int argc, char *argv[]) |
76 |
+ vmlinuz_load_addr = vmlinux_load_addr + vmlinux_size; |
77 |
+ |
78 |
+ /* |
79 |
+- * Align with 16 bytes: "greater than that used for any standard data |
80 |
+- * types by a MIPS compiler." -- See MIPS Run Linux (Second Edition). |
81 |
++ * Align with 64KB: KEXEC needs load sections to be aligned to PAGE_SIZE, |
82 |
++ * which may be as large as 64KB depending on the kernel configuration. |
83 |
+ */ |
84 |
+ |
85 |
+- vmlinuz_load_addr += (16 - vmlinux_size % 16); |
86 |
++ vmlinuz_load_addr += (SZ_64K - vmlinux_size % SZ_64K); |
87 |
+ |
88 |
+ printf("0x%llx\n", vmlinuz_load_addr); |
89 |
+ |
90 |
+diff --git a/arch/mips/cavium-octeon/executive/cvmx-helper.c b/arch/mips/cavium-octeon/executive/cvmx-helper.c |
91 |
+index 396236a02b8c..59defc5e88aa 100644 |
92 |
+--- a/arch/mips/cavium-octeon/executive/cvmx-helper.c |
93 |
++++ b/arch/mips/cavium-octeon/executive/cvmx-helper.c |
94 |
+@@ -290,7 +290,8 @@ static cvmx_helper_interface_mode_t __cvmx_get_mode_cn7xxx(int interface) |
95 |
+ case 3: |
96 |
+ return CVMX_HELPER_INTERFACE_MODE_LOOP; |
97 |
+ case 4: |
98 |
+- return CVMX_HELPER_INTERFACE_MODE_RGMII; |
99 |
++ /* TODO: Implement support for AGL (RGMII). */ |
100 |
++ return CVMX_HELPER_INTERFACE_MODE_DISABLED; |
101 |
+ default: |
102 |
+ return CVMX_HELPER_INTERFACE_MODE_DISABLED; |
103 |
+ } |
104 |
+diff --git a/arch/mips/include/asm/pgtable-64.h b/arch/mips/include/asm/pgtable-64.h |
105 |
+index 514cbc0a6a67..ef6f00798011 100644 |
106 |
+--- a/arch/mips/include/asm/pgtable-64.h |
107 |
++++ b/arch/mips/include/asm/pgtable-64.h |
108 |
+@@ -193,6 +193,11 @@ static inline int pmd_bad(pmd_t pmd) |
109 |
+ |
110 |
+ static inline int pmd_present(pmd_t pmd) |
111 |
+ { |
112 |
++#ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT |
113 |
++ if (unlikely(pmd_val(pmd) & _PAGE_HUGE)) |
114 |
++ return pmd_val(pmd) & _PAGE_PRESENT; |
115 |
++#endif |
116 |
++ |
117 |
+ return pmd_val(pmd) != (unsigned long) invalid_pte_table; |
118 |
+ } |
119 |
+ |
120 |
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
121 |
+index 22a0ccb17ad0..9a8167b175d5 100644 |
122 |
+--- a/arch/x86/include/asm/kvm_host.h |
123 |
++++ b/arch/x86/include/asm/kvm_host.h |
124 |
+@@ -1324,7 +1324,7 @@ asmlinkage void kvm_spurious_fault(void); |
125 |
+ "cmpb $0, kvm_rebooting \n\t" \ |
126 |
+ "jne 668b \n\t" \ |
127 |
+ __ASM_SIZE(push) " $666b \n\t" \ |
128 |
+- "call kvm_spurious_fault \n\t" \ |
129 |
++ "jmp kvm_spurious_fault \n\t" \ |
130 |
+ ".popsection \n\t" \ |
131 |
+ _ASM_EXTABLE(666b, 667b) |
132 |
+ |
133 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
134 |
+index 011050820608..9446a3a2fc69 100644 |
135 |
+--- a/arch/x86/kvm/vmx.c |
136 |
++++ b/arch/x86/kvm/vmx.c |
137 |
+@@ -6548,9 +6548,24 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu) |
138 |
+ |
139 |
+ gpa = vmcs_read64(GUEST_PHYSICAL_ADDRESS); |
140 |
+ if (!kvm_io_bus_write(vcpu, KVM_FAST_MMIO_BUS, gpa, 0, NULL)) { |
141 |
+- skip_emulated_instruction(vcpu); |
142 |
+ trace_kvm_fast_mmio(gpa); |
143 |
+- return 1; |
144 |
++ /* |
145 |
++ * Doing kvm_skip_emulated_instruction() depends on undefined |
146 |
++ * behavior: Intel's manual doesn't mandate |
147 |
++ * VM_EXIT_INSTRUCTION_LEN to be set in VMCS when EPT MISCONFIG |
148 |
++ * occurs and while on real hardware it was observed to be set, |
149 |
++ * other hypervisors (namely Hyper-V) don't set it, we end up |
150 |
++ * advancing IP with some random value. Disable fast mmio when |
151 |
++ * running nested and keep it for real hardware in hope that |
152 |
++ * VM_EXIT_INSTRUCTION_LEN will always be set correctly. |
153 |
++ */ |
154 |
++ if (!static_cpu_has(X86_FEATURE_HYPERVISOR)) { |
155 |
++ skip_emulated_instruction(vcpu); |
156 |
++ return 1; |
157 |
++ } |
158 |
++ else |
159 |
++ return x86_emulate_instruction(vcpu, gpa, EMULTYPE_SKIP, |
160 |
++ NULL, 0) == EMULATE_DONE; |
161 |
+ } |
162 |
+ |
163 |
+ ret = handle_mmio_page_fault(vcpu, gpa, true); |
164 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
165 |
+index 27d13b870e07..46e0ad71b4da 100644 |
166 |
+--- a/arch/x86/kvm/x86.c |
167 |
++++ b/arch/x86/kvm/x86.c |
168 |
+@@ -5707,7 +5707,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, |
169 |
+ * handle watchpoints yet, those would be handled in |
170 |
+ * the emulate_ops. |
171 |
+ */ |
172 |
+- if (kvm_vcpu_check_breakpoint(vcpu, &r)) |
173 |
++ if (!(emulation_type & EMULTYPE_SKIP) && |
174 |
++ kvm_vcpu_check_breakpoint(vcpu, &r)) |
175 |
+ return r; |
176 |
+ |
177 |
+ ctxt->interruptibility = 0; |
178 |
+diff --git a/drivers/base/platform-msi.c b/drivers/base/platform-msi.c |
179 |
+index be6a599bc0c1..7ba1d731dece 100644 |
180 |
+--- a/drivers/base/platform-msi.c |
181 |
++++ b/drivers/base/platform-msi.c |
182 |
+@@ -375,14 +375,16 @@ void platform_msi_domain_free(struct irq_domain *domain, unsigned int virq, |
183 |
+ unsigned int nvec) |
184 |
+ { |
185 |
+ struct platform_msi_priv_data *data = domain->host_data; |
186 |
+- struct msi_desc *desc; |
187 |
+- for_each_msi_entry(desc, data->dev) { |
188 |
++ struct msi_desc *desc, *tmp; |
189 |
++ for_each_msi_entry_safe(desc, tmp, data->dev) { |
190 |
+ if (WARN_ON(!desc->irq || desc->nvec_used != 1)) |
191 |
+ return; |
192 |
+ if (!(desc->irq >= virq && desc->irq < (virq + nvec))) |
193 |
+ continue; |
194 |
+ |
195 |
+ irq_domain_free_irqs_common(domain, desc->irq, 1); |
196 |
++ list_del(&desc->list); |
197 |
++ free_msi_entry(desc); |
198 |
+ } |
199 |
+ } |
200 |
+ |
201 |
+diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c b/drivers/char/tpm/tpm_i2c_nuvoton.c |
202 |
+index caa86b19c76d..f74f451baf6a 100644 |
203 |
+--- a/drivers/char/tpm/tpm_i2c_nuvoton.c |
204 |
++++ b/drivers/char/tpm/tpm_i2c_nuvoton.c |
205 |
+@@ -369,6 +369,7 @@ static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len) |
206 |
+ struct device *dev = chip->dev.parent; |
207 |
+ struct i2c_client *client = to_i2c_client(dev); |
208 |
+ u32 ordinal; |
209 |
++ unsigned long duration; |
210 |
+ size_t count = 0; |
211 |
+ int burst_count, bytes2write, retries, rc = -EIO; |
212 |
+ |
213 |
+@@ -455,10 +456,12 @@ static int i2c_nuvoton_send(struct tpm_chip *chip, u8 *buf, size_t len) |
214 |
+ return rc; |
215 |
+ } |
216 |
+ ordinal = be32_to_cpu(*((__be32 *) (buf + 6))); |
217 |
+- rc = i2c_nuvoton_wait_for_data_avail(chip, |
218 |
+- tpm_calc_ordinal_duration(chip, |
219 |
+- ordinal), |
220 |
+- &priv->read_queue); |
221 |
++ if (chip->flags & TPM_CHIP_FLAG_TPM2) |
222 |
++ duration = tpm2_calc_ordinal_duration(chip, ordinal); |
223 |
++ else |
224 |
++ duration = tpm_calc_ordinal_duration(chip, ordinal); |
225 |
++ |
226 |
++ rc = i2c_nuvoton_wait_for_data_avail(chip, duration, &priv->read_queue); |
227 |
+ if (rc) { |
228 |
+ dev_err(dev, "%s() timeout command duration\n", __func__); |
229 |
+ i2c_nuvoton_ready(chip); |
230 |
+diff --git a/drivers/clk/rockchip/clk-rk3188.c b/drivers/clk/rockchip/clk-rk3188.c |
231 |
+index d0e722a0e8cf..523378d1396e 100644 |
232 |
+--- a/drivers/clk/rockchip/clk-rk3188.c |
233 |
++++ b/drivers/clk/rockchip/clk-rk3188.c |
234 |
+@@ -381,7 +381,7 @@ static struct rockchip_clk_branch common_clk_branches[] __initdata = { |
235 |
+ COMPOSITE_NOMUX(0, "spdif_pre", "i2s_src", 0, |
236 |
+ RK2928_CLKSEL_CON(5), 0, 7, DFLAGS, |
237 |
+ RK2928_CLKGATE_CON(0), 13, GFLAGS), |
238 |
+- COMPOSITE_FRACMUX(0, "spdif_frac", "spdif_pll", CLK_SET_RATE_PARENT, |
239 |
++ COMPOSITE_FRACMUX(0, "spdif_frac", "spdif_pre", CLK_SET_RATE_PARENT, |
240 |
+ RK2928_CLKSEL_CON(9), 0, |
241 |
+ RK2928_CLKGATE_CON(0), 14, GFLAGS, |
242 |
+ &common_spdif_fracmux), |
243 |
+diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c |
244 |
+index 471984ec2db0..30adc5745cba 100644 |
245 |
+--- a/drivers/input/mouse/elan_i2c_core.c |
246 |
++++ b/drivers/input/mouse/elan_i2c_core.c |
247 |
+@@ -1240,6 +1240,7 @@ MODULE_DEVICE_TABLE(i2c, elan_id); |
248 |
+ static const struct acpi_device_id elan_acpi_id[] = { |
249 |
+ { "ELAN0000", 0 }, |
250 |
+ { "ELAN0100", 0 }, |
251 |
++ { "ELAN0501", 0 }, |
252 |
+ { "ELAN0600", 0 }, |
253 |
+ { "ELAN0602", 0 }, |
254 |
+ { "ELAN0605", 0 }, |
255 |
+diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c |
256 |
+index dd7e38ac29bd..d15347de415a 100644 |
257 |
+--- a/drivers/isdn/capi/kcapi.c |
258 |
++++ b/drivers/isdn/capi/kcapi.c |
259 |
+@@ -851,7 +851,7 @@ u16 capi20_get_manufacturer(u32 contr, u8 *buf) |
260 |
+ u16 ret; |
261 |
+ |
262 |
+ if (contr == 0) { |
263 |
+- strlcpy(buf, capi_manufakturer, CAPI_MANUFACTURER_LEN); |
264 |
++ strncpy(buf, capi_manufakturer, CAPI_MANUFACTURER_LEN); |
265 |
+ return CAPI_NOERROR; |
266 |
+ } |
267 |
+ |
268 |
+@@ -859,7 +859,7 @@ u16 capi20_get_manufacturer(u32 contr, u8 *buf) |
269 |
+ |
270 |
+ ctr = get_capi_ctr_by_nr(contr); |
271 |
+ if (ctr && ctr->state == CAPI_CTR_RUNNING) { |
272 |
+- strlcpy(buf, ctr->manu, CAPI_MANUFACTURER_LEN); |
273 |
++ strncpy(buf, ctr->manu, CAPI_MANUFACTURER_LEN); |
274 |
+ ret = CAPI_NOERROR; |
275 |
+ } else |
276 |
+ ret = CAPI_REGNOTINSTALLED; |
277 |
+diff --git a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c |
278 |
+index 1f463f4c3024..d2f72f3635aa 100644 |
279 |
+--- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c |
280 |
++++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c |
281 |
+@@ -1618,7 +1618,7 @@ typedef struct { u16 __; u8 _; } __packed x24; |
282 |
+ unsigned s; \ |
283 |
+ \ |
284 |
+ for (s = 0; s < len; s++) { \ |
285 |
+- u8 chr = font8x16[text[s] * 16 + line]; \ |
286 |
++ u8 chr = font8x16[(u8)text[s] * 16 + line]; \ |
287 |
+ \ |
288 |
+ if (hdiv == 2 && tpg->hflip) { \ |
289 |
+ pos[3] = (chr & (0x01 << 6) ? fg : bg); \ |
290 |
+diff --git a/drivers/media/platform/vivid/vivid-vid-cap.c b/drivers/media/platform/vivid/vivid-vid-cap.c |
291 |
+index d5c84ecf2027..25d4fd4f4c0b 100644 |
292 |
+--- a/drivers/media/platform/vivid/vivid-vid-cap.c |
293 |
++++ b/drivers/media/platform/vivid/vivid-vid-cap.c |
294 |
+@@ -452,6 +452,8 @@ void vivid_update_format_cap(struct vivid_dev *dev, bool keep_controls) |
295 |
+ tpg_s_rgb_range(&dev->tpg, v4l2_ctrl_g_ctrl(dev->rgb_range_cap)); |
296 |
+ break; |
297 |
+ } |
298 |
++ vfree(dev->bitmap_cap); |
299 |
++ dev->bitmap_cap = NULL; |
300 |
+ vivid_update_quality(dev); |
301 |
+ tpg_reset_source(&dev->tpg, dev->src_rect.width, dev->src_rect.height, dev->field_cap); |
302 |
+ dev->crop_cap = dev->src_rect; |
303 |
+diff --git a/drivers/mtd/spi-nor/Kconfig b/drivers/mtd/spi-nor/Kconfig |
304 |
+index 4a682ee0f632..b4f6cadd28fe 100644 |
305 |
+--- a/drivers/mtd/spi-nor/Kconfig |
306 |
++++ b/drivers/mtd/spi-nor/Kconfig |
307 |
+@@ -31,7 +31,7 @@ config MTD_SPI_NOR_USE_4K_SECTORS |
308 |
+ |
309 |
+ config SPI_ATMEL_QUADSPI |
310 |
+ tristate "Atmel Quad SPI Controller" |
311 |
+- depends on ARCH_AT91 || (ARM && COMPILE_TEST) |
312 |
++ depends on ARCH_AT91 || (ARM && COMPILE_TEST && !ARCH_EBSA110) |
313 |
+ depends on OF && HAS_IOMEM |
314 |
+ help |
315 |
+ This enables support for the Quad SPI controller in master mode. |
316 |
+diff --git a/drivers/net/ethernet/ibm/ibmveth.c b/drivers/net/ethernet/ibm/ibmveth.c |
317 |
+index b375ae9f98ef..4996228fd7e6 100644 |
318 |
+--- a/drivers/net/ethernet/ibm/ibmveth.c |
319 |
++++ b/drivers/net/ethernet/ibm/ibmveth.c |
320 |
+@@ -1162,11 +1162,15 @@ out: |
321 |
+ |
322 |
+ map_failed_frags: |
323 |
+ last = i+1; |
324 |
+- for (i = 0; i < last; i++) |
325 |
++ for (i = 1; i < last; i++) |
326 |
+ dma_unmap_page(&adapter->vdev->dev, descs[i].fields.address, |
327 |
+ descs[i].fields.flags_len & IBMVETH_BUF_LEN_MASK, |
328 |
+ DMA_TO_DEVICE); |
329 |
+ |
330 |
++ dma_unmap_single(&adapter->vdev->dev, |
331 |
++ descs[0].fields.address, |
332 |
++ descs[0].fields.flags_len & IBMVETH_BUF_LEN_MASK, |
333 |
++ DMA_TO_DEVICE); |
334 |
+ map_failed: |
335 |
+ if (!firmware_has_feature(FW_FEATURE_CMO)) |
336 |
+ netdev_err(netdev, "tx: unable to map xmit buffer\n"); |
337 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c |
338 |
+index da1d73fe1a81..d5e8ac86c195 100644 |
339 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c |
340 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c |
341 |
+@@ -1167,11 +1167,6 @@ static int mlx5e_get_ts_info(struct net_device *dev, |
342 |
+ struct ethtool_ts_info *info) |
343 |
+ { |
344 |
+ struct mlx5e_priv *priv = netdev_priv(dev); |
345 |
+- int ret; |
346 |
+- |
347 |
+- ret = ethtool_op_get_ts_info(dev, info); |
348 |
+- if (ret) |
349 |
+- return ret; |
350 |
+ |
351 |
+ info->phc_index = priv->tstamp.ptp ? |
352 |
+ ptp_clock_index(priv->tstamp.ptp) : -1; |
353 |
+@@ -1179,9 +1174,9 @@ static int mlx5e_get_ts_info(struct net_device *dev, |
354 |
+ if (!MLX5_CAP_GEN(priv->mdev, device_frequency_khz)) |
355 |
+ return 0; |
356 |
+ |
357 |
+- info->so_timestamping |= SOF_TIMESTAMPING_TX_HARDWARE | |
358 |
+- SOF_TIMESTAMPING_RX_HARDWARE | |
359 |
+- SOF_TIMESTAMPING_RAW_HARDWARE; |
360 |
++ info->so_timestamping = SOF_TIMESTAMPING_TX_HARDWARE | |
361 |
++ SOF_TIMESTAMPING_RX_HARDWARE | |
362 |
++ SOF_TIMESTAMPING_RAW_HARDWARE; |
363 |
+ |
364 |
+ info->tx_types = BIT(HWTSTAMP_TX_OFF) | |
365 |
+ BIT(HWTSTAMP_TX_ON); |
366 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |
367 |
+index 5f3402ba9916..13dfc197bdd8 100644 |
368 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |
369 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c |
370 |
+@@ -390,7 +390,7 @@ static void del_rule(struct fs_node *node) |
371 |
+ } |
372 |
+ if ((fte->action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) && |
373 |
+ --fte->dests_size) { |
374 |
+- modify_mask = BIT(MLX5_SET_FTE_MODIFY_ENABLE_MASK_DESTINATION_LIST), |
375 |
++ modify_mask = BIT(MLX5_SET_FTE_MODIFY_ENABLE_MASK_DESTINATION_LIST); |
376 |
+ err = mlx5_cmd_update_fte(dev, ft, |
377 |
+ fg->id, |
378 |
+ modify_mask, |
379 |
+diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c |
380 |
+index f04be9e8980f..5048a6df6a8e 100644 |
381 |
+--- a/drivers/net/phy/phy_device.c |
382 |
++++ b/drivers/net/phy/phy_device.c |
383 |
+@@ -163,11 +163,8 @@ static int mdio_bus_phy_restore(struct device *dev) |
384 |
+ if (ret < 0) |
385 |
+ return ret; |
386 |
+ |
387 |
+- /* The PHY needs to renegotiate. */ |
388 |
+- phydev->link = 0; |
389 |
+- phydev->state = PHY_UP; |
390 |
+- |
391 |
+- phy_start_machine(phydev); |
392 |
++ if (phydev->attached_dev && phydev->adjust_link) |
393 |
++ phy_start_machine(phydev); |
394 |
+ |
395 |
+ return 0; |
396 |
+ } |
397 |
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
398 |
+index 2b728cc52e3a..134eb184fa22 100644 |
399 |
+--- a/drivers/net/usb/qmi_wwan.c |
400 |
++++ b/drivers/net/usb/qmi_wwan.c |
401 |
+@@ -951,7 +951,7 @@ static const struct usb_device_id products[] = { |
402 |
+ {QMI_FIXED_INTF(0x03f0, 0x4e1d, 8)}, /* HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module */ |
403 |
+ {QMI_FIXED_INTF(0x03f0, 0x9d1d, 1)}, /* HP lt4120 Snapdragon X5 LTE */ |
404 |
+ {QMI_FIXED_INTF(0x22de, 0x9061, 3)}, /* WeTelecom WPD-600N */ |
405 |
+- {QMI_FIXED_INTF(0x1e0e, 0x9001, 5)}, /* SIMCom 7230E */ |
406 |
++ {QMI_QUIRK_SET_DTR(0x1e0e, 0x9001, 5)}, /* SIMCom 7100E, 7230E, 7600E ++ */ |
407 |
+ {QMI_QUIRK_SET_DTR(0x2c7c, 0x0125, 4)}, /* Quectel EC25, EC20 R2.0 Mini PCIe */ |
408 |
+ {QMI_QUIRK_SET_DTR(0x2c7c, 0x0121, 4)}, /* Quectel EC21 Mini PCIe */ |
409 |
+ {QMI_QUIRK_SET_DTR(0x2c7c, 0x0191, 4)}, /* Quectel EG91 */ |
410 |
+diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c |
411 |
+index 1bc5e93d2a34..eb56bb5916be 100644 |
412 |
+--- a/drivers/net/wan/x25_asy.c |
413 |
++++ b/drivers/net/wan/x25_asy.c |
414 |
+@@ -488,8 +488,10 @@ static int x25_asy_open(struct net_device *dev) |
415 |
+ |
416 |
+ /* Cleanup */ |
417 |
+ kfree(sl->xbuff); |
418 |
++ sl->xbuff = NULL; |
419 |
+ noxbuff: |
420 |
+ kfree(sl->rbuff); |
421 |
++ sl->rbuff = NULL; |
422 |
+ norbuff: |
423 |
+ return -ENOMEM; |
424 |
+ } |
425 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
426 |
+index aceae791baf3..14ceeaaa7fe5 100644 |
427 |
+--- a/drivers/net/xen-netfront.c |
428 |
++++ b/drivers/net/xen-netfront.c |
429 |
+@@ -903,7 +903,7 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue, |
430 |
+ if (skb_shinfo(skb)->nr_frags == MAX_SKB_FRAGS) { |
431 |
+ unsigned int pull_to = NETFRONT_SKB_CB(skb)->pull_to; |
432 |
+ |
433 |
+- BUG_ON(pull_to <= skb_headlen(skb)); |
434 |
++ BUG_ON(pull_to < skb_headlen(skb)); |
435 |
+ __pskb_pull_tail(skb, pull_to - skb_headlen(skb)); |
436 |
+ } |
437 |
+ if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) { |
438 |
+diff --git a/drivers/nfc/nxp-nci/firmware.c b/drivers/nfc/nxp-nci/firmware.c |
439 |
+index 5291797324ba..553011f58339 100644 |
440 |
+--- a/drivers/nfc/nxp-nci/firmware.c |
441 |
++++ b/drivers/nfc/nxp-nci/firmware.c |
442 |
+@@ -24,7 +24,7 @@ |
443 |
+ #include <linux/completion.h> |
444 |
+ #include <linux/firmware.h> |
445 |
+ #include <linux/nfc.h> |
446 |
+-#include <linux/unaligned/access_ok.h> |
447 |
++#include <asm/unaligned.h> |
448 |
+ |
449 |
+ #include "nxp-nci.h" |
450 |
+ |
451 |
+diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c |
452 |
+index 36099e557730..06a157c63416 100644 |
453 |
+--- a/drivers/nfc/nxp-nci/i2c.c |
454 |
++++ b/drivers/nfc/nxp-nci/i2c.c |
455 |
+@@ -36,7 +36,7 @@ |
456 |
+ #include <linux/of_gpio.h> |
457 |
+ #include <linux/of_irq.h> |
458 |
+ #include <linux/platform_data/nxp-nci.h> |
459 |
+-#include <linux/unaligned/access_ok.h> |
460 |
++#include <asm/unaligned.h> |
461 |
+ |
462 |
+ #include <net/nfc/nfc.h> |
463 |
+ |
464 |
+diff --git a/drivers/rtc/rtc-m41t80.c b/drivers/rtc/rtc-m41t80.c |
465 |
+index c4ca6a385790..6b6b623cc250 100644 |
466 |
+--- a/drivers/rtc/rtc-m41t80.c |
467 |
++++ b/drivers/rtc/rtc-m41t80.c |
468 |
+@@ -333,7 +333,7 @@ static int m41t80_read_alarm(struct device *dev, struct rtc_wkalrm *alrm) |
469 |
+ alrm->time.tm_min = bcd2bin(alarmvals[3] & 0x7f); |
470 |
+ alrm->time.tm_hour = bcd2bin(alarmvals[2] & 0x3f); |
471 |
+ alrm->time.tm_mday = bcd2bin(alarmvals[1] & 0x3f); |
472 |
+- alrm->time.tm_mon = bcd2bin(alarmvals[0] & 0x3f); |
473 |
++ alrm->time.tm_mon = bcd2bin(alarmvals[0] & 0x3f) - 1; |
474 |
+ |
475 |
+ alrm->enabled = !!(alarmvals[0] & M41T80_ALMON_AFE); |
476 |
+ alrm->pending = (flags & M41T80_FLAGS_AF) && alrm->enabled; |
477 |
+diff --git a/drivers/spi/spi-bcm2835.c b/drivers/spi/spi-bcm2835.c |
478 |
+index f35cc10772f6..25abf2d1732a 100644 |
479 |
+--- a/drivers/spi/spi-bcm2835.c |
480 |
++++ b/drivers/spi/spi-bcm2835.c |
481 |
+@@ -88,7 +88,7 @@ struct bcm2835_spi { |
482 |
+ u8 *rx_buf; |
483 |
+ int tx_len; |
484 |
+ int rx_len; |
485 |
+- bool dma_pending; |
486 |
++ unsigned int dma_pending; |
487 |
+ }; |
488 |
+ |
489 |
+ static inline u32 bcm2835_rd(struct bcm2835_spi *bs, unsigned reg) |
490 |
+@@ -155,8 +155,7 @@ static irqreturn_t bcm2835_spi_interrupt(int irq, void *dev_id) |
491 |
+ /* Write as many bytes as possible to FIFO */ |
492 |
+ bcm2835_wr_fifo(bs); |
493 |
+ |
494 |
+- /* based on flags decide if we can finish the transfer */ |
495 |
+- if (bcm2835_rd(bs, BCM2835_SPI_CS) & BCM2835_SPI_CS_DONE) { |
496 |
++ if (!bs->rx_len) { |
497 |
+ /* Transfer complete - reset SPI HW */ |
498 |
+ bcm2835_spi_reset_hw(master); |
499 |
+ /* wake up the framework */ |
500 |
+@@ -233,10 +232,9 @@ static void bcm2835_spi_dma_done(void *data) |
501 |
+ * is called the tx-dma must have finished - can't get to this |
502 |
+ * situation otherwise... |
503 |
+ */ |
504 |
+- dmaengine_terminate_all(master->dma_tx); |
505 |
+- |
506 |
+- /* mark as no longer pending */ |
507 |
+- bs->dma_pending = 0; |
508 |
++ if (cmpxchg(&bs->dma_pending, true, false)) { |
509 |
++ dmaengine_terminate_all(master->dma_tx); |
510 |
++ } |
511 |
+ |
512 |
+ /* and mark as completed */; |
513 |
+ complete(&master->xfer_completion); |
514 |
+@@ -342,6 +340,7 @@ static int bcm2835_spi_transfer_one_dma(struct spi_master *master, |
515 |
+ if (ret) { |
516 |
+ /* need to reset on errors */ |
517 |
+ dmaengine_terminate_all(master->dma_tx); |
518 |
++ bs->dma_pending = false; |
519 |
+ bcm2835_spi_reset_hw(master); |
520 |
+ return ret; |
521 |
+ } |
522 |
+@@ -617,10 +616,9 @@ static void bcm2835_spi_handle_err(struct spi_master *master, |
523 |
+ struct bcm2835_spi *bs = spi_master_get_devdata(master); |
524 |
+ |
525 |
+ /* if an error occurred and we have an active dma, then terminate */ |
526 |
+- if (bs->dma_pending) { |
527 |
++ if (cmpxchg(&bs->dma_pending, true, false)) { |
528 |
+ dmaengine_terminate_all(master->dma_tx); |
529 |
+ dmaengine_terminate_all(master->dma_rx); |
530 |
+- bs->dma_pending = 0; |
531 |
+ } |
532 |
+ /* and reset */ |
533 |
+ bcm2835_spi_reset_hw(master); |
534 |
+diff --git a/drivers/staging/wilc1000/wilc_sdio.c b/drivers/staging/wilc1000/wilc_sdio.c |
535 |
+index 39b73fb27398..63c8701dedcf 100644 |
536 |
+--- a/drivers/staging/wilc1000/wilc_sdio.c |
537 |
++++ b/drivers/staging/wilc1000/wilc_sdio.c |
538 |
+@@ -830,6 +830,7 @@ static int sdio_read_int(struct wilc *wilc, u32 *int_status) |
539 |
+ if (!g_sdio.irq_gpio) { |
540 |
+ int i; |
541 |
+ |
542 |
++ cmd.read_write = 0; |
543 |
+ cmd.function = 1; |
544 |
+ cmd.address = 0x04; |
545 |
+ cmd.data = 0; |
546 |
+diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c |
547 |
+index 7497f1d4a818..fcf2e51f2cfe 100644 |
548 |
+--- a/drivers/tty/serial/xilinx_uartps.c |
549 |
++++ b/drivers/tty/serial/xilinx_uartps.c |
550 |
+@@ -128,7 +128,7 @@ MODULE_PARM_DESC(rx_timeout, "Rx timeout, 1-255"); |
551 |
+ #define CDNS_UART_IXR_RXTRIG 0x00000001 /* RX FIFO trigger interrupt */ |
552 |
+ #define CDNS_UART_IXR_RXFULL 0x00000004 /* RX FIFO full interrupt. */ |
553 |
+ #define CDNS_UART_IXR_RXEMPTY 0x00000002 /* RX FIFO empty interrupt. */ |
554 |
+-#define CDNS_UART_IXR_MASK 0x00001FFF /* Valid bit mask */ |
555 |
++#define CDNS_UART_IXR_RXMASK 0x000021e7 /* Valid RX bit mask */ |
556 |
+ |
557 |
+ /* |
558 |
+ * Do not enable parity error interrupt for the following |
559 |
+@@ -362,7 +362,7 @@ static irqreturn_t cdns_uart_isr(int irq, void *dev_id) |
560 |
+ cdns_uart_handle_tx(dev_id); |
561 |
+ isrstatus &= ~CDNS_UART_IXR_TXEMPTY; |
562 |
+ } |
563 |
+- if (isrstatus & CDNS_UART_IXR_MASK) |
564 |
++ if (isrstatus & CDNS_UART_IXR_RXMASK) |
565 |
+ cdns_uart_handle_rx(dev_id, isrstatus); |
566 |
+ |
567 |
+ spin_unlock(&port->lock); |
568 |
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c |
569 |
+index cd4f96354fa8..6c0bb38c4089 100644 |
570 |
+--- a/drivers/usb/class/cdc-acm.c |
571 |
++++ b/drivers/usb/class/cdc-acm.c |
572 |
+@@ -502,6 +502,13 @@ static int acm_tty_install(struct tty_driver *driver, struct tty_struct *tty) |
573 |
+ if (retval) |
574 |
+ goto error_init_termios; |
575 |
+ |
576 |
++ /* |
577 |
++ * Suppress initial echoing for some devices which might send data |
578 |
++ * immediately after acm driver has been installed. |
579 |
++ */ |
580 |
++ if (acm->quirks & DISABLE_ECHO) |
581 |
++ tty->termios.c_lflag &= ~ECHO; |
582 |
++ |
583 |
+ tty->driver_data = acm; |
584 |
+ |
585 |
+ return 0; |
586 |
+@@ -1620,6 +1627,9 @@ static const struct usb_device_id acm_ids[] = { |
587 |
+ { USB_DEVICE(0x0e8d, 0x0003), /* FIREFLY, MediaTek Inc; andrey.arapov@×××××.com */ |
588 |
+ .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ |
589 |
+ }, |
590 |
++ { USB_DEVICE(0x0e8d, 0x2000), /* MediaTek Inc Preloader */ |
591 |
++ .driver_info = DISABLE_ECHO, /* DISABLE ECHO in termios flag */ |
592 |
++ }, |
593 |
+ { USB_DEVICE(0x0e8d, 0x3329), /* MediaTek Inc GPS */ |
594 |
+ .driver_info = NO_UNION_NORMAL, /* has no union descriptor */ |
595 |
+ }, |
596 |
+diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h |
597 |
+index b30ac5fcde68..1ad9ff9f493d 100644 |
598 |
+--- a/drivers/usb/class/cdc-acm.h |
599 |
++++ b/drivers/usb/class/cdc-acm.h |
600 |
+@@ -134,3 +134,4 @@ struct acm { |
601 |
+ #define QUIRK_CONTROL_LINE_STATE BIT(6) |
602 |
+ #define CLEAR_HALT_CONDITIONS BIT(7) |
603 |
+ #define SEND_ZERO_PACKET BIT(8) |
604 |
++#define DISABLE_ECHO BIT(9) |
605 |
+diff --git a/drivers/usb/host/r8a66597-hcd.c b/drivers/usb/host/r8a66597-hcd.c |
606 |
+index 7bf78be1fd32..72c3ed76a77d 100644 |
607 |
+--- a/drivers/usb/host/r8a66597-hcd.c |
608 |
++++ b/drivers/usb/host/r8a66597-hcd.c |
609 |
+@@ -1990,6 +1990,8 @@ static int r8a66597_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, |
610 |
+ |
611 |
+ static void r8a66597_endpoint_disable(struct usb_hcd *hcd, |
612 |
+ struct usb_host_endpoint *hep) |
613 |
++__acquires(r8a66597->lock) |
614 |
++__releases(r8a66597->lock) |
615 |
+ { |
616 |
+ struct r8a66597 *r8a66597 = hcd_to_r8a66597(hcd); |
617 |
+ struct r8a66597_pipe *pipe = (struct r8a66597_pipe *)hep->hcpriv; |
618 |
+@@ -2002,13 +2004,14 @@ static void r8a66597_endpoint_disable(struct usb_hcd *hcd, |
619 |
+ return; |
620 |
+ pipenum = pipe->info.pipenum; |
621 |
+ |
622 |
++ spin_lock_irqsave(&r8a66597->lock, flags); |
623 |
+ if (pipenum == 0) { |
624 |
+ kfree(hep->hcpriv); |
625 |
+ hep->hcpriv = NULL; |
626 |
++ spin_unlock_irqrestore(&r8a66597->lock, flags); |
627 |
+ return; |
628 |
+ } |
629 |
+ |
630 |
+- spin_lock_irqsave(&r8a66597->lock, flags); |
631 |
+ pipe_stop(r8a66597, pipe); |
632 |
+ pipe_irq_disable(r8a66597, pipenum); |
633 |
+ disable_irq_empty(r8a66597, pipenum); |
634 |
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
635 |
+index 1e3445dd84b2..7bc2c9fef605 100644 |
636 |
+--- a/drivers/usb/serial/option.c |
637 |
++++ b/drivers/usb/serial/option.c |
638 |
+@@ -1956,6 +1956,10 @@ static const struct usb_device_id option_ids[] = { |
639 |
+ { USB_DEVICE_AND_INTERFACE_INFO(0x03f0, 0xa31d, 0xff, 0x06, 0x1b) }, |
640 |
+ { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 */ |
641 |
+ .driver_info = RSVD(4) | RSVD(5) | RSVD(6) }, |
642 |
++ { USB_DEVICE(0x2cb7, 0x0104), /* Fibocom NL678 series */ |
643 |
++ .driver_info = RSVD(4) | RSVD(5) }, |
644 |
++ { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0105, 0xff), /* Fibocom NL678 series */ |
645 |
++ .driver_info = RSVD(6) }, |
646 |
+ { } /* Terminating entry */ |
647 |
+ }; |
648 |
+ MODULE_DEVICE_TABLE(usb, option_ids); |
649 |
+diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c |
650 |
+index 3da25ad267a2..4966768d3c98 100644 |
651 |
+--- a/drivers/usb/serial/pl2303.c |
652 |
++++ b/drivers/usb/serial/pl2303.c |
653 |
+@@ -86,9 +86,14 @@ static const struct usb_device_id id_table[] = { |
654 |
+ { USB_DEVICE(YCCABLE_VENDOR_ID, YCCABLE_PRODUCT_ID) }, |
655 |
+ { USB_DEVICE(SUPERIAL_VENDOR_ID, SUPERIAL_PRODUCT_ID) }, |
656 |
+ { USB_DEVICE(HP_VENDOR_ID, HP_LD220_PRODUCT_ID) }, |
657 |
++ { USB_DEVICE(HP_VENDOR_ID, HP_LD220TA_PRODUCT_ID) }, |
658 |
+ { USB_DEVICE(HP_VENDOR_ID, HP_LD960_PRODUCT_ID) }, |
659 |
++ { USB_DEVICE(HP_VENDOR_ID, HP_LD960TA_PRODUCT_ID) }, |
660 |
+ { USB_DEVICE(HP_VENDOR_ID, HP_LCM220_PRODUCT_ID) }, |
661 |
+ { USB_DEVICE(HP_VENDOR_ID, HP_LCM960_PRODUCT_ID) }, |
662 |
++ { USB_DEVICE(HP_VENDOR_ID, HP_LM920_PRODUCT_ID) }, |
663 |
++ { USB_DEVICE(HP_VENDOR_ID, HP_LM940_PRODUCT_ID) }, |
664 |
++ { USB_DEVICE(HP_VENDOR_ID, HP_TD620_PRODUCT_ID) }, |
665 |
+ { USB_DEVICE(CRESSI_VENDOR_ID, CRESSI_EDY_PRODUCT_ID) }, |
666 |
+ { USB_DEVICE(ZEAGLE_VENDOR_ID, ZEAGLE_N2ITION3_PRODUCT_ID) }, |
667 |
+ { USB_DEVICE(SONY_VENDOR_ID, SONY_QN3USB_PRODUCT_ID) }, |
668 |
+diff --git a/drivers/usb/serial/pl2303.h b/drivers/usb/serial/pl2303.h |
669 |
+index 123289085ee2..a84f0959ab34 100644 |
670 |
+--- a/drivers/usb/serial/pl2303.h |
671 |
++++ b/drivers/usb/serial/pl2303.h |
672 |
+@@ -123,10 +123,15 @@ |
673 |
+ |
674 |
+ /* Hewlett-Packard POS Pole Displays */ |
675 |
+ #define HP_VENDOR_ID 0x03f0 |
676 |
++#define HP_LM920_PRODUCT_ID 0x026b |
677 |
++#define HP_TD620_PRODUCT_ID 0x0956 |
678 |
+ #define HP_LD960_PRODUCT_ID 0x0b39 |
679 |
+ #define HP_LCM220_PRODUCT_ID 0x3139 |
680 |
+ #define HP_LCM960_PRODUCT_ID 0x3239 |
681 |
+ #define HP_LD220_PRODUCT_ID 0x3524 |
682 |
++#define HP_LD220TA_PRODUCT_ID 0x4349 |
683 |
++#define HP_LD960TA_PRODUCT_ID 0x4439 |
684 |
++#define HP_LM940_PRODUCT_ID 0x5039 |
685 |
+ |
686 |
+ /* Cressi Edy (diving computer) PC interface */ |
687 |
+ #define CRESSI_VENDOR_ID 0x04b8 |
688 |
+diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c |
689 |
+index 4c5625cb540c..53b1b3cfce84 100644 |
690 |
+--- a/drivers/vhost/vhost.c |
691 |
++++ b/drivers/vhost/vhost.c |
692 |
+@@ -2145,6 +2145,8 @@ int vhost_add_used_n(struct vhost_virtqueue *vq, struct vring_used_elem *heads, |
693 |
+ return -EFAULT; |
694 |
+ } |
695 |
+ if (unlikely(vq->log_used)) { |
696 |
++ /* Make sure used idx is seen before log. */ |
697 |
++ smp_wmb(); |
698 |
+ /* Log used index update. */ |
699 |
+ log_write(vq->log_base, |
700 |
+ vq->log_addr + offsetof(struct vring_used, idx), |
701 |
+diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c |
702 |
+index 8257a5a97cc0..98c25b969ab8 100644 |
703 |
+--- a/fs/cifs/smb2maperror.c |
704 |
++++ b/fs/cifs/smb2maperror.c |
705 |
+@@ -377,8 +377,8 @@ static const struct status_to_posix_error smb2_error_map_table[] = { |
706 |
+ {STATUS_NONEXISTENT_EA_ENTRY, -EIO, "STATUS_NONEXISTENT_EA_ENTRY"}, |
707 |
+ {STATUS_NO_EAS_ON_FILE, -ENODATA, "STATUS_NO_EAS_ON_FILE"}, |
708 |
+ {STATUS_EA_CORRUPT_ERROR, -EIO, "STATUS_EA_CORRUPT_ERROR"}, |
709 |
+- {STATUS_FILE_LOCK_CONFLICT, -EIO, "STATUS_FILE_LOCK_CONFLICT"}, |
710 |
+- {STATUS_LOCK_NOT_GRANTED, -EIO, "STATUS_LOCK_NOT_GRANTED"}, |
711 |
++ {STATUS_FILE_LOCK_CONFLICT, -EACCES, "STATUS_FILE_LOCK_CONFLICT"}, |
712 |
++ {STATUS_LOCK_NOT_GRANTED, -EACCES, "STATUS_LOCK_NOT_GRANTED"}, |
713 |
+ {STATUS_DELETE_PENDING, -ENOENT, "STATUS_DELETE_PENDING"}, |
714 |
+ {STATUS_CTL_FILE_NOT_SUPPORTED, -ENOSYS, |
715 |
+ "STATUS_CTL_FILE_NOT_SUPPORTED"}, |
716 |
+diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c |
717 |
+index d06cfe372609..1008384d5ed5 100644 |
718 |
+--- a/fs/ext4/inline.c |
719 |
++++ b/fs/ext4/inline.c |
720 |
+@@ -702,8 +702,11 @@ int ext4_try_to_write_inline_data(struct address_space *mapping, |
721 |
+ |
722 |
+ if (!PageUptodate(page)) { |
723 |
+ ret = ext4_read_inline_page(inode, page); |
724 |
+- if (ret < 0) |
725 |
++ if (ret < 0) { |
726 |
++ unlock_page(page); |
727 |
++ put_page(page); |
728 |
+ goto out_up_read; |
729 |
++ } |
730 |
+ } |
731 |
+ |
732 |
+ ret = 1; |
733 |
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c |
734 |
+index 9be605c63ae1..58e6b8a03e90 100644 |
735 |
+--- a/fs/ext4/resize.c |
736 |
++++ b/fs/ext4/resize.c |
737 |
+@@ -1600,7 +1600,7 @@ int ext4_group_add(struct super_block *sb, struct ext4_new_group_data *input) |
738 |
+ } |
739 |
+ |
740 |
+ if (reserved_gdb || gdb_off == 0) { |
741 |
+- if (ext4_has_feature_resize_inode(sb) || |
742 |
++ if (!ext4_has_feature_resize_inode(sb) || |
743 |
+ !le16_to_cpu(es->s_reserved_gdt_blocks)) { |
744 |
+ ext4_warning(sb, |
745 |
+ "No reserved GDT blocks, can't resize"); |
746 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
747 |
+index 75177eb498ed..6810234b0b27 100644 |
748 |
+--- a/fs/ext4/super.c |
749 |
++++ b/fs/ext4/super.c |
750 |
+@@ -1076,6 +1076,16 @@ static struct dentry *ext4_fh_to_parent(struct super_block *sb, struct fid *fid, |
751 |
+ ext4_nfs_get_inode); |
752 |
+ } |
753 |
+ |
754 |
++static int ext4_nfs_commit_metadata(struct inode *inode) |
755 |
++{ |
756 |
++ struct writeback_control wbc = { |
757 |
++ .sync_mode = WB_SYNC_ALL |
758 |
++ }; |
759 |
++ |
760 |
++ trace_ext4_nfs_commit_metadata(inode); |
761 |
++ return ext4_write_inode(inode, &wbc); |
762 |
++} |
763 |
++ |
764 |
+ /* |
765 |
+ * Try to release metadata pages (indirect blocks, directories) which are |
766 |
+ * mapped via the block device. Since these pages could have journal heads |
767 |
+@@ -1258,6 +1268,7 @@ static const struct export_operations ext4_export_ops = { |
768 |
+ .fh_to_dentry = ext4_fh_to_dentry, |
769 |
+ .fh_to_parent = ext4_fh_to_parent, |
770 |
+ .get_parent = ext4_get_parent, |
771 |
++ .commit_metadata = ext4_nfs_commit_metadata, |
772 |
+ }; |
773 |
+ |
774 |
+ enum { |
775 |
+@@ -5425,9 +5436,9 @@ static int ext4_quota_enable(struct super_block *sb, int type, int format_id, |
776 |
+ qf_inode->i_flags |= S_NOQUOTA; |
777 |
+ lockdep_set_quota_inode(qf_inode, I_DATA_SEM_QUOTA); |
778 |
+ err = dquot_enable(qf_inode, type, format_id, flags); |
779 |
+- iput(qf_inode); |
780 |
+ if (err) |
781 |
+ lockdep_set_quota_inode(qf_inode, I_DATA_SEM_NORMAL); |
782 |
++ iput(qf_inode); |
783 |
+ |
784 |
+ return err; |
785 |
+ } |
786 |
+diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
787 |
+index 22f765069655..ec9beaa69abb 100644 |
788 |
+--- a/fs/ext4/xattr.c |
789 |
++++ b/fs/ext4/xattr.c |
790 |
+@@ -1499,7 +1499,7 @@ retry: |
791 |
+ base = IFIRST(header); |
792 |
+ end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size; |
793 |
+ min_offs = end - base; |
794 |
+- total_ino = sizeof(struct ext4_xattr_ibody_header); |
795 |
++ total_ino = sizeof(struct ext4_xattr_ibody_header) + sizeof(u32); |
796 |
+ |
797 |
+ error = xattr_check_inode(inode, header, end); |
798 |
+ if (error) |
799 |
+diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c |
800 |
+index c8f408d8a582..83a96334dc07 100644 |
801 |
+--- a/fs/f2fs/super.c |
802 |
++++ b/fs/f2fs/super.c |
803 |
+@@ -1427,10 +1427,10 @@ static int sanity_check_raw_super(struct f2fs_sb_info *sbi, |
804 |
+ return 1; |
805 |
+ } |
806 |
+ |
807 |
+- if (segment_count > (le32_to_cpu(raw_super->block_count) >> 9)) { |
808 |
++ if (segment_count > (le64_to_cpu(raw_super->block_count) >> 9)) { |
809 |
+ f2fs_msg(sb, KERN_INFO, |
810 |
+- "Wrong segment_count / block_count (%u > %u)", |
811 |
+- segment_count, le32_to_cpu(raw_super->block_count)); |
812 |
++ "Wrong segment_count / block_count (%u > %llu)", |
813 |
++ segment_count, le64_to_cpu(raw_super->block_count)); |
814 |
+ return 1; |
815 |
+ } |
816 |
+ |
817 |
+diff --git a/include/linux/msi.h b/include/linux/msi.h |
818 |
+index 0db320b7bb15..debc8aa4ec19 100644 |
819 |
+--- a/include/linux/msi.h |
820 |
++++ b/include/linux/msi.h |
821 |
+@@ -108,6 +108,8 @@ struct msi_desc { |
822 |
+ list_first_entry(dev_to_msi_list((dev)), struct msi_desc, list) |
823 |
+ #define for_each_msi_entry(desc, dev) \ |
824 |
+ list_for_each_entry((desc), dev_to_msi_list((dev)), list) |
825 |
++#define for_each_msi_entry_safe(desc, tmp, dev) \ |
826 |
++ list_for_each_entry_safe((desc), (tmp), dev_to_msi_list((dev)), list) |
827 |
+ |
828 |
+ #ifdef CONFIG_PCI_MSI |
829 |
+ #define first_pci_msi_entry(pdev) first_msi_entry(&(pdev)->dev) |
830 |
+diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h |
831 |
+index ac377a23265f..597b84d4805b 100644 |
832 |
+--- a/include/linux/ptr_ring.h |
833 |
++++ b/include/linux/ptr_ring.h |
834 |
+@@ -384,6 +384,8 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue, |
835 |
+ else if (destroy) |
836 |
+ destroy(ptr); |
837 |
+ |
838 |
++ if (producer >= size) |
839 |
++ producer = 0; |
840 |
+ r->size = size; |
841 |
+ r->producer = producer; |
842 |
+ r->consumer = 0; |
843 |
+diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h |
844 |
+index 2a1abbf8da74..95f33eeee984 100644 |
845 |
+--- a/include/net/gro_cells.h |
846 |
++++ b/include/net/gro_cells.h |
847 |
+@@ -86,6 +86,7 @@ static inline void gro_cells_destroy(struct gro_cells *gcells) |
848 |
+ for_each_possible_cpu(i) { |
849 |
+ struct gro_cell *cell = per_cpu_ptr(gcells->cells, i); |
850 |
+ |
851 |
++ napi_disable(&cell->napi); |
852 |
+ netif_napi_del(&cell->napi); |
853 |
+ __skb_queue_purge(&cell->napi_skbs); |
854 |
+ } |
855 |
+diff --git a/include/net/sock.h b/include/net/sock.h |
856 |
+index 6d42ed883bf9..15bb04dec40e 100644 |
857 |
+--- a/include/net/sock.h |
858 |
++++ b/include/net/sock.h |
859 |
+@@ -284,6 +284,7 @@ struct sock_common { |
860 |
+ * @sk_filter: socket filtering instructions |
861 |
+ * @sk_timer: sock cleanup timer |
862 |
+ * @sk_stamp: time stamp of last packet received |
863 |
++ * @sk_stamp_seq: lock for accessing sk_stamp on 32 bit architectures only |
864 |
+ * @sk_tsflags: SO_TIMESTAMPING socket options |
865 |
+ * @sk_tskey: counter to disambiguate concurrent tstamp requests |
866 |
+ * @sk_socket: Identd and reporting IO signals |
867 |
+@@ -425,6 +426,9 @@ struct sock { |
868 |
+ long sk_sndtimeo; |
869 |
+ struct timer_list sk_timer; |
870 |
+ ktime_t sk_stamp; |
871 |
++#if BITS_PER_LONG==32 |
872 |
++ seqlock_t sk_stamp_seq; |
873 |
++#endif |
874 |
+ u16 sk_tsflags; |
875 |
+ u8 sk_shutdown; |
876 |
+ u32 sk_tskey; |
877 |
+@@ -2114,6 +2118,34 @@ static inline void sk_drops_add(struct sock *sk, const struct sk_buff *skb) |
878 |
+ atomic_add(segs, &sk->sk_drops); |
879 |
+ } |
880 |
+ |
881 |
++static inline ktime_t sock_read_timestamp(struct sock *sk) |
882 |
++{ |
883 |
++#if BITS_PER_LONG==32 |
884 |
++ unsigned int seq; |
885 |
++ ktime_t kt; |
886 |
++ |
887 |
++ do { |
888 |
++ seq = read_seqbegin(&sk->sk_stamp_seq); |
889 |
++ kt = sk->sk_stamp; |
890 |
++ } while (read_seqretry(&sk->sk_stamp_seq, seq)); |
891 |
++ |
892 |
++ return kt; |
893 |
++#else |
894 |
++ return sk->sk_stamp; |
895 |
++#endif |
896 |
++} |
897 |
++ |
898 |
++static inline void sock_write_timestamp(struct sock *sk, ktime_t kt) |
899 |
++{ |
900 |
++#if BITS_PER_LONG==32 |
901 |
++ write_seqlock(&sk->sk_stamp_seq); |
902 |
++ sk->sk_stamp = kt; |
903 |
++ write_sequnlock(&sk->sk_stamp_seq); |
904 |
++#else |
905 |
++ sk->sk_stamp = kt; |
906 |
++#endif |
907 |
++} |
908 |
++ |
909 |
+ void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk, |
910 |
+ struct sk_buff *skb); |
911 |
+ void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk, |
912 |
+@@ -2138,7 +2170,7 @@ sock_recv_timestamp(struct msghdr *msg, struct sock *sk, struct sk_buff *skb) |
913 |
+ (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE))) |
914 |
+ __sock_recv_timestamp(msg, sk, skb); |
915 |
+ else |
916 |
+- sk->sk_stamp = kt; |
917 |
++ sock_write_timestamp(sk, kt); |
918 |
+ |
919 |
+ if (sock_flag(sk, SOCK_WIFI_STATUS) && skb->wifi_acked_valid) |
920 |
+ __sock_recv_wifi_status(msg, sk, skb); |
921 |
+@@ -2158,7 +2190,7 @@ static inline void sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk, |
922 |
+ if (sk->sk_flags & FLAGS_TS_OR_DROPS || sk->sk_tsflags & TSFLAGS_ANY) |
923 |
+ __sock_recv_ts_and_drops(msg, sk, skb); |
924 |
+ else |
925 |
+- sk->sk_stamp = skb->tstamp; |
926 |
++ sock_write_timestamp(sk, skb->tstamp); |
927 |
+ } |
928 |
+ |
929 |
+ void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags); |
930 |
+diff --git a/include/trace/events/ext4.h b/include/trace/events/ext4.h |
931 |
+index 09c71e9aaebf..215668b14f61 100644 |
932 |
+--- a/include/trace/events/ext4.h |
933 |
++++ b/include/trace/events/ext4.h |
934 |
+@@ -223,6 +223,26 @@ TRACE_EVENT(ext4_drop_inode, |
935 |
+ (unsigned long) __entry->ino, __entry->drop) |
936 |
+ ); |
937 |
+ |
938 |
++TRACE_EVENT(ext4_nfs_commit_metadata, |
939 |
++ TP_PROTO(struct inode *inode), |
940 |
++ |
941 |
++ TP_ARGS(inode), |
942 |
++ |
943 |
++ TP_STRUCT__entry( |
944 |
++ __field( dev_t, dev ) |
945 |
++ __field( ino_t, ino ) |
946 |
++ ), |
947 |
++ |
948 |
++ TP_fast_assign( |
949 |
++ __entry->dev = inode->i_sb->s_dev; |
950 |
++ __entry->ino = inode->i_ino; |
951 |
++ ), |
952 |
++ |
953 |
++ TP_printk("dev %d,%d ino %lu", |
954 |
++ MAJOR(__entry->dev), MINOR(__entry->dev), |
955 |
++ (unsigned long) __entry->ino) |
956 |
++); |
957 |
++ |
958 |
+ TRACE_EVENT(ext4_mark_inode_dirty, |
959 |
+ TP_PROTO(struct inode *inode, unsigned long IP), |
960 |
+ |
961 |
+diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c |
962 |
+index 2fdebabbfacd..2772f6a13fcb 100644 |
963 |
+--- a/net/ax25/af_ax25.c |
964 |
++++ b/net/ax25/af_ax25.c |
965 |
+@@ -654,15 +654,22 @@ static int ax25_setsockopt(struct socket *sock, int level, int optname, |
966 |
+ break; |
967 |
+ } |
968 |
+ |
969 |
+- dev = dev_get_by_name(&init_net, devname); |
970 |
++ rtnl_lock(); |
971 |
++ dev = __dev_get_by_name(&init_net, devname); |
972 |
+ if (!dev) { |
973 |
++ rtnl_unlock(); |
974 |
+ res = -ENODEV; |
975 |
+ break; |
976 |
+ } |
977 |
+ |
978 |
+ ax25->ax25_dev = ax25_dev_ax25dev(dev); |
979 |
++ if (!ax25->ax25_dev) { |
980 |
++ rtnl_unlock(); |
981 |
++ res = -ENODEV; |
982 |
++ break; |
983 |
++ } |
984 |
+ ax25_fillin_cb(ax25, ax25->ax25_dev); |
985 |
+- dev_put(dev); |
986 |
++ rtnl_unlock(); |
987 |
+ break; |
988 |
+ |
989 |
+ default: |
990 |
+diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c |
991 |
+index 3d106767b272..5faca5db6385 100644 |
992 |
+--- a/net/ax25/ax25_dev.c |
993 |
++++ b/net/ax25/ax25_dev.c |
994 |
+@@ -116,6 +116,7 @@ void ax25_dev_device_down(struct net_device *dev) |
995 |
+ if ((s = ax25_dev_list) == ax25_dev) { |
996 |
+ ax25_dev_list = s->next; |
997 |
+ spin_unlock_bh(&ax25_dev_lock); |
998 |
++ dev->ax25_ptr = NULL; |
999 |
+ dev_put(dev); |
1000 |
+ kfree(ax25_dev); |
1001 |
+ return; |
1002 |
+@@ -125,6 +126,7 @@ void ax25_dev_device_down(struct net_device *dev) |
1003 |
+ if (s->next == ax25_dev) { |
1004 |
+ s->next = ax25_dev->next; |
1005 |
+ spin_unlock_bh(&ax25_dev_lock); |
1006 |
++ dev->ax25_ptr = NULL; |
1007 |
+ dev_put(dev); |
1008 |
+ kfree(ax25_dev); |
1009 |
+ return; |
1010 |
+diff --git a/net/compat.c b/net/compat.c |
1011 |
+index 73671e6ec6eb..633fcf6ee369 100644 |
1012 |
+--- a/net/compat.c |
1013 |
++++ b/net/compat.c |
1014 |
+@@ -457,12 +457,14 @@ int compat_sock_get_timestamp(struct sock *sk, struct timeval __user *userstamp) |
1015 |
+ err = -ENOENT; |
1016 |
+ if (!sock_flag(sk, SOCK_TIMESTAMP)) |
1017 |
+ sock_enable_timestamp(sk, SOCK_TIMESTAMP); |
1018 |
+- tv = ktime_to_timeval(sk->sk_stamp); |
1019 |
++ tv = ktime_to_timeval(sock_read_timestamp(sk)); |
1020 |
++ |
1021 |
+ if (tv.tv_sec == -1) |
1022 |
+ return err; |
1023 |
+ if (tv.tv_sec == 0) { |
1024 |
+- sk->sk_stamp = ktime_get_real(); |
1025 |
+- tv = ktime_to_timeval(sk->sk_stamp); |
1026 |
++ ktime_t kt = ktime_get_real(); |
1027 |
++ sock_write_timestamp(sk, kt); |
1028 |
++ tv = ktime_to_timeval(kt); |
1029 |
+ } |
1030 |
+ err = 0; |
1031 |
+ if (put_user(tv.tv_sec, &ctv->tv_sec) || |
1032 |
+@@ -485,12 +487,13 @@ int compat_sock_get_timestampns(struct sock *sk, struct timespec __user *usersta |
1033 |
+ err = -ENOENT; |
1034 |
+ if (!sock_flag(sk, SOCK_TIMESTAMP)) |
1035 |
+ sock_enable_timestamp(sk, SOCK_TIMESTAMP); |
1036 |
+- ts = ktime_to_timespec(sk->sk_stamp); |
1037 |
++ ts = ktime_to_timespec(sock_read_timestamp(sk)); |
1038 |
+ if (ts.tv_sec == -1) |
1039 |
+ return err; |
1040 |
+ if (ts.tv_sec == 0) { |
1041 |
+- sk->sk_stamp = ktime_get_real(); |
1042 |
+- ts = ktime_to_timespec(sk->sk_stamp); |
1043 |
++ ktime_t kt = ktime_get_real(); |
1044 |
++ sock_write_timestamp(sk, kt); |
1045 |
++ ts = ktime_to_timespec(kt); |
1046 |
+ } |
1047 |
+ err = 0; |
1048 |
+ if (put_user(ts.tv_sec, &ctv->tv_sec) || |
1049 |
+diff --git a/net/core/sock.c b/net/core/sock.c |
1050 |
+index 1c4c43483b54..68c831e1a5c0 100644 |
1051 |
+--- a/net/core/sock.c |
1052 |
++++ b/net/core/sock.c |
1053 |
+@@ -2467,6 +2467,9 @@ void sock_init_data(struct socket *sock, struct sock *sk) |
1054 |
+ sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT; |
1055 |
+ |
1056 |
+ sk->sk_stamp = ktime_set(-1L, 0); |
1057 |
++#if BITS_PER_LONG==32 |
1058 |
++ seqlock_init(&sk->sk_stamp_seq); |
1059 |
++#endif |
1060 |
+ |
1061 |
+ #ifdef CONFIG_NET_RX_BUSY_POLL |
1062 |
+ sk->sk_napi_id = 0; |
1063 |
+diff --git a/net/ieee802154/6lowpan/tx.c b/net/ieee802154/6lowpan/tx.c |
1064 |
+index 50ed47559bb7..34d20a2a5cbd 100644 |
1065 |
+--- a/net/ieee802154/6lowpan/tx.c |
1066 |
++++ b/net/ieee802154/6lowpan/tx.c |
1067 |
+@@ -48,6 +48,9 @@ int lowpan_header_create(struct sk_buff *skb, struct net_device *ldev, |
1068 |
+ const struct ipv6hdr *hdr = ipv6_hdr(skb); |
1069 |
+ struct neighbour *n; |
1070 |
+ |
1071 |
++ if (!daddr) |
1072 |
++ return -EINVAL; |
1073 |
++ |
1074 |
+ /* TODO: |
1075 |
+ * if this package isn't ipv6 one, where should it be routed? |
1076 |
+ */ |
1077 |
+diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c |
1078 |
+index 80e48f40c3a8..496f8d86b503 100644 |
1079 |
+--- a/net/ipv4/ip_fragment.c |
1080 |
++++ b/net/ipv4/ip_fragment.c |
1081 |
+@@ -345,10 +345,10 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) |
1082 |
+ struct net *net = container_of(qp->q.net, struct net, ipv4.frags); |
1083 |
+ struct rb_node **rbn, *parent; |
1084 |
+ struct sk_buff *skb1, *prev_tail; |
1085 |
++ int ihl, end, skb1_run_end; |
1086 |
+ struct net_device *dev; |
1087 |
+ unsigned int fragsize; |
1088 |
+ int flags, offset; |
1089 |
+- int ihl, end; |
1090 |
+ int err = -ENOENT; |
1091 |
+ u8 ecn; |
1092 |
+ |
1093 |
+@@ -418,7 +418,9 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) |
1094 |
+ * overlapping fragment, the entire datagram (and any constituent |
1095 |
+ * fragments) MUST be silently discarded. |
1096 |
+ * |
1097 |
+- * We do the same here for IPv4 (and increment an snmp counter). |
1098 |
++ * We do the same here for IPv4 (and increment an snmp counter) but |
1099 |
++ * we do not want to drop the whole queue in response to a duplicate |
1100 |
++ * fragment. |
1101 |
+ */ |
1102 |
+ |
1103 |
+ /* Find out where to put this fragment. */ |
1104 |
+@@ -442,13 +444,17 @@ static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) |
1105 |
+ do { |
1106 |
+ parent = *rbn; |
1107 |
+ skb1 = rb_to_skb(parent); |
1108 |
++ skb1_run_end = skb1->ip_defrag_offset + |
1109 |
++ FRAG_CB(skb1)->frag_run_len; |
1110 |
+ if (end <= skb1->ip_defrag_offset) |
1111 |
+ rbn = &parent->rb_left; |
1112 |
+- else if (offset >= skb1->ip_defrag_offset + |
1113 |
+- FRAG_CB(skb1)->frag_run_len) |
1114 |
++ else if (offset >= skb1_run_end) |
1115 |
+ rbn = &parent->rb_right; |
1116 |
+- else /* Found an overlap with skb1. */ |
1117 |
+- goto discard_qp; |
1118 |
++ else if (offset >= skb1->ip_defrag_offset && |
1119 |
++ end <= skb1_run_end) |
1120 |
++ goto err; /* No new data, potential duplicate */ |
1121 |
++ else |
1122 |
++ goto discard_qp; /* Found an overlap */ |
1123 |
+ } while (*rbn); |
1124 |
+ /* Here we have parent properly set, and rbn pointing to |
1125 |
+ * one of its NULL left/right children. Insert skb. |
1126 |
+diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
1127 |
+index 742a3432c3ea..354926e61f06 100644 |
1128 |
+--- a/net/ipv4/ipmr.c |
1129 |
++++ b/net/ipv4/ipmr.c |
1130 |
+@@ -68,6 +68,8 @@ |
1131 |
+ #include <linux/netconf.h> |
1132 |
+ #include <net/nexthop.h> |
1133 |
+ |
1134 |
++#include <linux/nospec.h> |
1135 |
++ |
1136 |
+ struct ipmr_rule { |
1137 |
+ struct fib_rule common; |
1138 |
+ }; |
1139 |
+@@ -1562,6 +1564,7 @@ int ipmr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) |
1140 |
+ return -EFAULT; |
1141 |
+ if (vr.vifi >= mrt->maxvif) |
1142 |
+ return -EINVAL; |
1143 |
++ vr.vifi = array_index_nospec(vr.vifi, mrt->maxvif); |
1144 |
+ read_lock(&mrt_lock); |
1145 |
+ vif = &mrt->vif_table[vr.vifi]; |
1146 |
+ if (VIF_EXISTS(mrt, vr.vifi)) { |
1147 |
+diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
1148 |
+index 9c5afa5153ce..f89516d04150 100644 |
1149 |
+--- a/net/ipv6/ip6_tunnel.c |
1150 |
++++ b/net/ipv6/ip6_tunnel.c |
1151 |
+@@ -907,6 +907,7 @@ static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto, |
1152 |
+ goto drop; |
1153 |
+ if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) |
1154 |
+ goto drop; |
1155 |
++ ipv6h = ipv6_hdr(skb); |
1156 |
+ if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) |
1157 |
+ goto drop; |
1158 |
+ if (iptunnel_pull_header(skb, 0, tpi->proto, false)) |
1159 |
+diff --git a/net/ipv6/ip6_udp_tunnel.c b/net/ipv6/ip6_udp_tunnel.c |
1160 |
+index b283f293ee4a..caad40d6e74d 100644 |
1161 |
+--- a/net/ipv6/ip6_udp_tunnel.c |
1162 |
++++ b/net/ipv6/ip6_udp_tunnel.c |
1163 |
+@@ -15,7 +15,7 @@ |
1164 |
+ int udp_sock_create6(struct net *net, struct udp_port_cfg *cfg, |
1165 |
+ struct socket **sockp) |
1166 |
+ { |
1167 |
+- struct sockaddr_in6 udp6_addr; |
1168 |
++ struct sockaddr_in6 udp6_addr = {}; |
1169 |
+ int err; |
1170 |
+ struct socket *sock = NULL; |
1171 |
+ |
1172 |
+@@ -42,6 +42,7 @@ int udp_sock_create6(struct net *net, struct udp_port_cfg *cfg, |
1173 |
+ goto error; |
1174 |
+ |
1175 |
+ if (cfg->peer_udp_port) { |
1176 |
++ memset(&udp6_addr, 0, sizeof(udp6_addr)); |
1177 |
+ udp6_addr.sin6_family = AF_INET6; |
1178 |
+ memcpy(&udp6_addr.sin6_addr, &cfg->peer_ip6, |
1179 |
+ sizeof(udp6_addr.sin6_addr)); |
1180 |
+diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c |
1181 |
+index 3213921cdfee..c2b2ee71fc6c 100644 |
1182 |
+--- a/net/ipv6/ip6_vti.c |
1183 |
++++ b/net/ipv6/ip6_vti.c |
1184 |
+@@ -318,6 +318,7 @@ static int vti6_rcv(struct sk_buff *skb) |
1185 |
+ return 0; |
1186 |
+ } |
1187 |
+ |
1188 |
++ ipv6h = ipv6_hdr(skb); |
1189 |
+ if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) { |
1190 |
+ t->dev->stats.rx_dropped++; |
1191 |
+ rcu_read_unlock(); |
1192 |
+diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c |
1193 |
+index 4b93ad4fe6d8..ad597b4b22a0 100644 |
1194 |
+--- a/net/ipv6/ip6mr.c |
1195 |
++++ b/net/ipv6/ip6mr.c |
1196 |
+@@ -72,6 +72,8 @@ struct mr6_table { |
1197 |
+ #endif |
1198 |
+ }; |
1199 |
+ |
1200 |
++#include <linux/nospec.h> |
1201 |
++ |
1202 |
+ struct ip6mr_rule { |
1203 |
+ struct fib_rule common; |
1204 |
+ }; |
1205 |
+@@ -1873,6 +1875,7 @@ int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg) |
1206 |
+ return -EFAULT; |
1207 |
+ if (vr.mifi >= mrt->maxvif) |
1208 |
+ return -EINVAL; |
1209 |
++ vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif); |
1210 |
+ read_lock(&mrt_lock); |
1211 |
+ vif = &mrt->vif6_table[vr.mifi]; |
1212 |
+ if (MIF_EXISTS(mrt, vr.mifi)) { |
1213 |
+@@ -1947,6 +1950,7 @@ int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) |
1214 |
+ return -EFAULT; |
1215 |
+ if (vr.mifi >= mrt->maxvif) |
1216 |
+ return -EINVAL; |
1217 |
++ vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif); |
1218 |
+ read_lock(&mrt_lock); |
1219 |
+ vif = &mrt->vif6_table[vr.mifi]; |
1220 |
+ if (MIF_EXISTS(mrt, vr.mifi)) { |
1221 |
+diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c |
1222 |
+index ed212ffc1d9d..046ae1caecea 100644 |
1223 |
+--- a/net/netrom/af_netrom.c |
1224 |
++++ b/net/netrom/af_netrom.c |
1225 |
+@@ -153,7 +153,7 @@ static struct sock *nr_find_listener(ax25_address *addr) |
1226 |
+ sk_for_each(s, &nr_list) |
1227 |
+ if (!ax25cmp(&nr_sk(s)->source_addr, addr) && |
1228 |
+ s->sk_state == TCP_LISTEN) { |
1229 |
+- bh_lock_sock(s); |
1230 |
++ sock_hold(s); |
1231 |
+ goto found; |
1232 |
+ } |
1233 |
+ s = NULL; |
1234 |
+@@ -174,7 +174,7 @@ static struct sock *nr_find_socket(unsigned char index, unsigned char id) |
1235 |
+ struct nr_sock *nr = nr_sk(s); |
1236 |
+ |
1237 |
+ if (nr->my_index == index && nr->my_id == id) { |
1238 |
+- bh_lock_sock(s); |
1239 |
++ sock_hold(s); |
1240 |
+ goto found; |
1241 |
+ } |
1242 |
+ } |
1243 |
+@@ -198,7 +198,7 @@ static struct sock *nr_find_peer(unsigned char index, unsigned char id, |
1244 |
+ |
1245 |
+ if (nr->your_index == index && nr->your_id == id && |
1246 |
+ !ax25cmp(&nr->dest_addr, dest)) { |
1247 |
+- bh_lock_sock(s); |
1248 |
++ sock_hold(s); |
1249 |
+ goto found; |
1250 |
+ } |
1251 |
+ } |
1252 |
+@@ -224,7 +224,7 @@ static unsigned short nr_find_next_circuit(void) |
1253 |
+ if (i != 0 && j != 0) { |
1254 |
+ if ((sk=nr_find_socket(i, j)) == NULL) |
1255 |
+ break; |
1256 |
+- bh_unlock_sock(sk); |
1257 |
++ sock_put(sk); |
1258 |
+ } |
1259 |
+ |
1260 |
+ id++; |
1261 |
+@@ -918,6 +918,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) |
1262 |
+ } |
1263 |
+ |
1264 |
+ if (sk != NULL) { |
1265 |
++ bh_lock_sock(sk); |
1266 |
+ skb_reset_transport_header(skb); |
1267 |
+ |
1268 |
+ if (frametype == NR_CONNACK && skb->len == 22) |
1269 |
+@@ -927,6 +928,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) |
1270 |
+ |
1271 |
+ ret = nr_process_rx_frame(sk, skb); |
1272 |
+ bh_unlock_sock(sk); |
1273 |
++ sock_put(sk); |
1274 |
+ return ret; |
1275 |
+ } |
1276 |
+ |
1277 |
+@@ -958,10 +960,12 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) |
1278 |
+ (make = nr_make_new(sk)) == NULL) { |
1279 |
+ nr_transmit_refusal(skb, 0); |
1280 |
+ if (sk) |
1281 |
+- bh_unlock_sock(sk); |
1282 |
++ sock_put(sk); |
1283 |
+ return 0; |
1284 |
+ } |
1285 |
+ |
1286 |
++ bh_lock_sock(sk); |
1287 |
++ |
1288 |
+ window = skb->data[20]; |
1289 |
+ |
1290 |
+ skb->sk = make; |
1291 |
+@@ -1014,6 +1018,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) |
1292 |
+ sk->sk_data_ready(sk); |
1293 |
+ |
1294 |
+ bh_unlock_sock(sk); |
1295 |
++ sock_put(sk); |
1296 |
+ |
1297 |
+ nr_insert_socket(make); |
1298 |
+ |
1299 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
1300 |
+index 24412e8f4061..a9d0358d4f3b 100644 |
1301 |
+--- a/net/packet/af_packet.c |
1302 |
++++ b/net/packet/af_packet.c |
1303 |
+@@ -2660,8 +2660,10 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) |
1304 |
+ sll_addr))) |
1305 |
+ goto out; |
1306 |
+ proto = saddr->sll_protocol; |
1307 |
+- addr = saddr->sll_addr; |
1308 |
++ addr = saddr->sll_halen ? saddr->sll_addr : NULL; |
1309 |
+ dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex); |
1310 |
++ if (addr && dev && saddr->sll_halen < dev->addr_len) |
1311 |
++ goto out; |
1312 |
+ } |
1313 |
+ |
1314 |
+ err = -ENXIO; |
1315 |
+@@ -2857,8 +2859,10 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
1316 |
+ if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr))) |
1317 |
+ goto out; |
1318 |
+ proto = saddr->sll_protocol; |
1319 |
+- addr = saddr->sll_addr; |
1320 |
++ addr = saddr->sll_halen ? saddr->sll_addr : NULL; |
1321 |
+ dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex); |
1322 |
++ if (addr && dev && saddr->sll_halen < dev->addr_len) |
1323 |
++ goto out; |
1324 |
+ } |
1325 |
+ |
1326 |
+ err = -ENXIO; |
1327 |
+diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
1328 |
+index f4d5efb1d231..e7866d47934d 100644 |
1329 |
+--- a/net/sctp/ipv6.c |
1330 |
++++ b/net/sctp/ipv6.c |
1331 |
+@@ -101,6 +101,7 @@ static int sctp_inet6addr_event(struct notifier_block *this, unsigned long ev, |
1332 |
+ if (addr) { |
1333 |
+ addr->a.v6.sin6_family = AF_INET6; |
1334 |
+ addr->a.v6.sin6_port = 0; |
1335 |
++ addr->a.v6.sin6_flowinfo = 0; |
1336 |
+ addr->a.v6.sin6_addr = ifa->addr; |
1337 |
+ addr->a.v6.sin6_scope_id = ifa->idev->dev->ifindex; |
1338 |
+ addr->valid = 1; |
1339 |
+diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c |
1340 |
+index 266a30c8b88b..33f599cb0936 100644 |
1341 |
+--- a/net/sunrpc/svcsock.c |
1342 |
++++ b/net/sunrpc/svcsock.c |
1343 |
+@@ -572,7 +572,7 @@ static int svc_udp_recvfrom(struct svc_rqst *rqstp) |
1344 |
+ /* Don't enable netstamp, sunrpc doesn't |
1345 |
+ need that much accuracy */ |
1346 |
+ } |
1347 |
+- svsk->sk_sk->sk_stamp = skb->tstamp; |
1348 |
++ sock_write_timestamp(svsk->sk_sk, skb->tstamp); |
1349 |
+ set_bit(XPT_DATA, &svsk->sk_xprt.xpt_flags); /* there may be more data... */ |
1350 |
+ |
1351 |
+ len = skb->len; |
1352 |
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c |
1353 |
+index 9d3f047305ce..57df99ca6347 100644 |
1354 |
+--- a/net/tipc/socket.c |
1355 |
++++ b/net/tipc/socket.c |
1356 |
+@@ -2281,11 +2281,15 @@ void tipc_sk_reinit(struct net *net) |
1357 |
+ goto walk_stop; |
1358 |
+ |
1359 |
+ while ((tsk = rhashtable_walk_next(&iter)) && !IS_ERR(tsk)) { |
1360 |
+- spin_lock_bh(&tsk->sk.sk_lock.slock); |
1361 |
++ sock_hold(&tsk->sk); |
1362 |
++ rhashtable_walk_stop(&iter); |
1363 |
++ lock_sock(&tsk->sk); |
1364 |
+ msg = &tsk->phdr; |
1365 |
+ msg_set_prevnode(msg, tn->own_addr); |
1366 |
+ msg_set_orignode(msg, tn->own_addr); |
1367 |
+- spin_unlock_bh(&tsk->sk.sk_lock.slock); |
1368 |
++ release_sock(&tsk->sk); |
1369 |
++ rhashtable_walk_start(&iter); |
1370 |
++ sock_put(&tsk->sk); |
1371 |
+ } |
1372 |
+ walk_stop: |
1373 |
+ rhashtable_walk_stop(&iter); |
1374 |
+diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c |
1375 |
+index 107375d80c70..133e72654e77 100644 |
1376 |
+--- a/net/tipc/udp_media.c |
1377 |
++++ b/net/tipc/udp_media.c |
1378 |
+@@ -243,10 +243,8 @@ static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb, |
1379 |
+ } |
1380 |
+ |
1381 |
+ err = tipc_udp_xmit(net, _skb, ub, src, &rcast->addr); |
1382 |
+- if (err) { |
1383 |
+- kfree_skb(_skb); |
1384 |
++ if (err) |
1385 |
+ goto out; |
1386 |
+- } |
1387 |
+ } |
1388 |
+ err = 0; |
1389 |
+ out: |
1390 |
+@@ -676,6 +674,11 @@ static int tipc_udp_enable(struct net *net, struct tipc_bearer *b, |
1391 |
+ if (err) |
1392 |
+ goto err; |
1393 |
+ |
1394 |
++ if (remote.proto != local.proto) { |
1395 |
++ err = -EINVAL; |
1396 |
++ goto err; |
1397 |
++ } |
1398 |
++ |
1399 |
+ b->bcast_addr.media_id = TIPC_MEDIA_TYPE_UDP; |
1400 |
+ b->bcast_addr.broadcast = 1; |
1401 |
+ rcu_assign_pointer(b->media_ptr, ub); |
1402 |
+diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c |
1403 |
+index 4aa391c5c733..008f3424dcbc 100644 |
1404 |
+--- a/net/vmw_vsock/vmci_transport.c |
1405 |
++++ b/net/vmw_vsock/vmci_transport.c |
1406 |
+@@ -272,6 +272,31 @@ vmci_transport_send_control_pkt_bh(struct sockaddr_vm *src, |
1407 |
+ false); |
1408 |
+ } |
1409 |
+ |
1410 |
++static int |
1411 |
++vmci_transport_alloc_send_control_pkt(struct sockaddr_vm *src, |
1412 |
++ struct sockaddr_vm *dst, |
1413 |
++ enum vmci_transport_packet_type type, |
1414 |
++ u64 size, |
1415 |
++ u64 mode, |
1416 |
++ struct vmci_transport_waiting_info *wait, |
1417 |
++ u16 proto, |
1418 |
++ struct vmci_handle handle) |
1419 |
++{ |
1420 |
++ struct vmci_transport_packet *pkt; |
1421 |
++ int err; |
1422 |
++ |
1423 |
++ pkt = kmalloc(sizeof(*pkt), GFP_KERNEL); |
1424 |
++ if (!pkt) |
1425 |
++ return -ENOMEM; |
1426 |
++ |
1427 |
++ err = __vmci_transport_send_control_pkt(pkt, src, dst, type, size, |
1428 |
++ mode, wait, proto, handle, |
1429 |
++ true); |
1430 |
++ kfree(pkt); |
1431 |
++ |
1432 |
++ return err; |
1433 |
++} |
1434 |
++ |
1435 |
+ static int |
1436 |
+ vmci_transport_send_control_pkt(struct sock *sk, |
1437 |
+ enum vmci_transport_packet_type type, |
1438 |
+@@ -281,9 +306,7 @@ vmci_transport_send_control_pkt(struct sock *sk, |
1439 |
+ u16 proto, |
1440 |
+ struct vmci_handle handle) |
1441 |
+ { |
1442 |
+- struct vmci_transport_packet *pkt; |
1443 |
+ struct vsock_sock *vsk; |
1444 |
+- int err; |
1445 |
+ |
1446 |
+ vsk = vsock_sk(sk); |
1447 |
+ |
1448 |
+@@ -293,17 +316,10 @@ vmci_transport_send_control_pkt(struct sock *sk, |
1449 |
+ if (!vsock_addr_bound(&vsk->remote_addr)) |
1450 |
+ return -EINVAL; |
1451 |
+ |
1452 |
+- pkt = kmalloc(sizeof(*pkt), GFP_KERNEL); |
1453 |
+- if (!pkt) |
1454 |
+- return -ENOMEM; |
1455 |
+- |
1456 |
+- err = __vmci_transport_send_control_pkt(pkt, &vsk->local_addr, |
1457 |
+- &vsk->remote_addr, type, size, |
1458 |
+- mode, wait, proto, handle, |
1459 |
+- true); |
1460 |
+- kfree(pkt); |
1461 |
+- |
1462 |
+- return err; |
1463 |
++ return vmci_transport_alloc_send_control_pkt(&vsk->local_addr, |
1464 |
++ &vsk->remote_addr, |
1465 |
++ type, size, mode, |
1466 |
++ wait, proto, handle); |
1467 |
+ } |
1468 |
+ |
1469 |
+ static int vmci_transport_send_reset_bh(struct sockaddr_vm *dst, |
1470 |
+@@ -321,12 +337,29 @@ static int vmci_transport_send_reset_bh(struct sockaddr_vm *dst, |
1471 |
+ static int vmci_transport_send_reset(struct sock *sk, |
1472 |
+ struct vmci_transport_packet *pkt) |
1473 |
+ { |
1474 |
++ struct sockaddr_vm *dst_ptr; |
1475 |
++ struct sockaddr_vm dst; |
1476 |
++ struct vsock_sock *vsk; |
1477 |
++ |
1478 |
+ if (pkt->type == VMCI_TRANSPORT_PACKET_TYPE_RST) |
1479 |
+ return 0; |
1480 |
+- return vmci_transport_send_control_pkt(sk, |
1481 |
+- VMCI_TRANSPORT_PACKET_TYPE_RST, |
1482 |
+- 0, 0, NULL, VSOCK_PROTO_INVALID, |
1483 |
+- VMCI_INVALID_HANDLE); |
1484 |
++ |
1485 |
++ vsk = vsock_sk(sk); |
1486 |
++ |
1487 |
++ if (!vsock_addr_bound(&vsk->local_addr)) |
1488 |
++ return -EINVAL; |
1489 |
++ |
1490 |
++ if (vsock_addr_bound(&vsk->remote_addr)) { |
1491 |
++ dst_ptr = &vsk->remote_addr; |
1492 |
++ } else { |
1493 |
++ vsock_addr_init(&dst, pkt->dg.src.context, |
1494 |
++ pkt->src_port); |
1495 |
++ dst_ptr = &dst; |
1496 |
++ } |
1497 |
++ return vmci_transport_alloc_send_control_pkt(&vsk->local_addr, dst_ptr, |
1498 |
++ VMCI_TRANSPORT_PACKET_TYPE_RST, |
1499 |
++ 0, 0, NULL, VSOCK_PROTO_INVALID, |
1500 |
++ VMCI_INVALID_HANDLE); |
1501 |
+ } |
1502 |
+ |
1503 |
+ static int vmci_transport_send_negotiate(struct sock *sk, size_t size) |
1504 |
+diff --git a/sound/core/pcm.c b/sound/core/pcm.c |
1505 |
+index 6bda8f6c5f84..cdff5f976480 100644 |
1506 |
+--- a/sound/core/pcm.c |
1507 |
++++ b/sound/core/pcm.c |
1508 |
+@@ -25,6 +25,7 @@ |
1509 |
+ #include <linux/time.h> |
1510 |
+ #include <linux/mutex.h> |
1511 |
+ #include <linux/device.h> |
1512 |
++#include <linux/nospec.h> |
1513 |
+ #include <sound/core.h> |
1514 |
+ #include <sound/minors.h> |
1515 |
+ #include <sound/pcm.h> |
1516 |
+@@ -125,6 +126,7 @@ static int snd_pcm_control_ioctl(struct snd_card *card, |
1517 |
+ return -EFAULT; |
1518 |
+ if (stream < 0 || stream > 1) |
1519 |
+ return -EINVAL; |
1520 |
++ stream = array_index_nospec(stream, 2); |
1521 |
+ if (get_user(subdevice, &info->subdevice)) |
1522 |
+ return -EFAULT; |
1523 |
+ mutex_lock(®ister_mutex); |
1524 |
+diff --git a/sound/pci/emu10k1/emufx.c b/sound/pci/emu10k1/emufx.c |
1525 |
+index 50b216fc369f..5d422d65e62b 100644 |
1526 |
+--- a/sound/pci/emu10k1/emufx.c |
1527 |
++++ b/sound/pci/emu10k1/emufx.c |
1528 |
+@@ -36,6 +36,7 @@ |
1529 |
+ #include <linux/init.h> |
1530 |
+ #include <linux/mutex.h> |
1531 |
+ #include <linux/moduleparam.h> |
1532 |
++#include <linux/nospec.h> |
1533 |
+ |
1534 |
+ #include <sound/core.h> |
1535 |
+ #include <sound/tlv.h> |
1536 |
+@@ -1000,6 +1001,8 @@ static int snd_emu10k1_ipcm_poke(struct snd_emu10k1 *emu, |
1537 |
+ |
1538 |
+ if (ipcm->substream >= EMU10K1_FX8010_PCM_COUNT) |
1539 |
+ return -EINVAL; |
1540 |
++ ipcm->substream = array_index_nospec(ipcm->substream, |
1541 |
++ EMU10K1_FX8010_PCM_COUNT); |
1542 |
+ if (ipcm->channels > 32) |
1543 |
+ return -EINVAL; |
1544 |
+ pcm = &emu->fx8010.pcm[ipcm->substream]; |
1545 |
+@@ -1046,6 +1049,8 @@ static int snd_emu10k1_ipcm_peek(struct snd_emu10k1 *emu, |
1546 |
+ |
1547 |
+ if (ipcm->substream >= EMU10K1_FX8010_PCM_COUNT) |
1548 |
+ return -EINVAL; |
1549 |
++ ipcm->substream = array_index_nospec(ipcm->substream, |
1550 |
++ EMU10K1_FX8010_PCM_COUNT); |
1551 |
+ pcm = &emu->fx8010.pcm[ipcm->substream]; |
1552 |
+ mutex_lock(&emu->fx8010.lock); |
1553 |
+ spin_lock_irq(&emu->reg_lock); |
1554 |
+diff --git a/sound/pci/hda/hda_tegra.c b/sound/pci/hda/hda_tegra.c |
1555 |
+index 0621920f7617..e85fb04ec7be 100644 |
1556 |
+--- a/sound/pci/hda/hda_tegra.c |
1557 |
++++ b/sound/pci/hda/hda_tegra.c |
1558 |
+@@ -249,10 +249,12 @@ static int hda_tegra_suspend(struct device *dev) |
1559 |
+ struct snd_card *card = dev_get_drvdata(dev); |
1560 |
+ struct azx *chip = card->private_data; |
1561 |
+ struct hda_tegra *hda = container_of(chip, struct hda_tegra, chip); |
1562 |
++ struct hdac_bus *bus = azx_bus(chip); |
1563 |
+ |
1564 |
+ snd_power_change_state(card, SNDRV_CTL_POWER_D3hot); |
1565 |
+ |
1566 |
+ azx_stop_chip(chip); |
1567 |
++ synchronize_irq(bus->irq); |
1568 |
+ azx_enter_link_reset(chip); |
1569 |
+ hda_tegra_disable_clocks(hda); |
1570 |
+ |
1571 |
+diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c |
1572 |
+index d392e867e9ab..ba9cd75e4c98 100644 |
1573 |
+--- a/sound/pci/hda/patch_conexant.c |
1574 |
++++ b/sound/pci/hda/patch_conexant.c |
1575 |
+@@ -853,6 +853,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { |
1576 |
+ SND_PCI_QUIRK(0x103c, 0x8079, "HP EliteBook 840 G3", CXT_FIXUP_HP_DOCK), |
1577 |
+ SND_PCI_QUIRK(0x103c, 0x807C, "HP EliteBook 820 G3", CXT_FIXUP_HP_DOCK), |
1578 |
+ SND_PCI_QUIRK(0x103c, 0x80FD, "HP ProBook 640 G2", CXT_FIXUP_HP_DOCK), |
1579 |
++ SND_PCI_QUIRK(0x103c, 0x828c, "HP EliteBook 840 G4", CXT_FIXUP_HP_DOCK), |
1580 |
+ SND_PCI_QUIRK(0x103c, 0x83b3, "HP EliteBook 830 G5", CXT_FIXUP_HP_DOCK), |
1581 |
+ SND_PCI_QUIRK(0x103c, 0x83d3, "HP ProBook 640 G4", CXT_FIXUP_HP_DOCK), |
1582 |
+ SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE), |
1583 |
+diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c |
1584 |
+index b94fc6357139..b044dea3c815 100644 |
1585 |
+--- a/sound/pci/rme9652/hdsp.c |
1586 |
++++ b/sound/pci/rme9652/hdsp.c |
1587 |
+@@ -30,6 +30,7 @@ |
1588 |
+ #include <linux/math64.h> |
1589 |
+ #include <linux/vmalloc.h> |
1590 |
+ #include <linux/io.h> |
1591 |
++#include <linux/nospec.h> |
1592 |
+ |
1593 |
+ #include <sound/core.h> |
1594 |
+ #include <sound/control.h> |
1595 |
+@@ -4065,15 +4066,16 @@ static int snd_hdsp_channel_info(struct snd_pcm_substream *substream, |
1596 |
+ struct snd_pcm_channel_info *info) |
1597 |
+ { |
1598 |
+ struct hdsp *hdsp = snd_pcm_substream_chip(substream); |
1599 |
+- int mapped_channel; |
1600 |
++ unsigned int channel = info->channel; |
1601 |
+ |
1602 |
+- if (snd_BUG_ON(info->channel >= hdsp->max_channels)) |
1603 |
++ if (snd_BUG_ON(channel >= hdsp->max_channels)) |
1604 |
+ return -EINVAL; |
1605 |
++ channel = array_index_nospec(channel, hdsp->max_channels); |
1606 |
+ |
1607 |
+- if ((mapped_channel = hdsp->channel_map[info->channel]) < 0) |
1608 |
++ if (hdsp->channel_map[channel] < 0) |
1609 |
+ return -EINVAL; |
1610 |
+ |
1611 |
+- info->offset = mapped_channel * HDSP_CHANNEL_BUFFER_BYTES; |
1612 |
++ info->offset = hdsp->channel_map[channel] * HDSP_CHANNEL_BUFFER_BYTES; |
1613 |
+ info->first = 0; |
1614 |
+ info->step = 32; |
1615 |
+ return 0; |
1616 |
+diff --git a/sound/synth/emux/emux_hwdep.c b/sound/synth/emux/emux_hwdep.c |
1617 |
+index e557946718a9..d9fcae071b47 100644 |
1618 |
+--- a/sound/synth/emux/emux_hwdep.c |
1619 |
++++ b/sound/synth/emux/emux_hwdep.c |
1620 |
+@@ -22,9 +22,9 @@ |
1621 |
+ #include <sound/core.h> |
1622 |
+ #include <sound/hwdep.h> |
1623 |
+ #include <linux/uaccess.h> |
1624 |
++#include <linux/nospec.h> |
1625 |
+ #include "emux_voice.h" |
1626 |
+ |
1627 |
+- |
1628 |
+ #define TMP_CLIENT_ID 0x1001 |
1629 |
+ |
1630 |
+ /* |
1631 |
+@@ -66,13 +66,16 @@ snd_emux_hwdep_misc_mode(struct snd_emux *emu, void __user *arg) |
1632 |
+ return -EFAULT; |
1633 |
+ if (info.mode < 0 || info.mode >= EMUX_MD_END) |
1634 |
+ return -EINVAL; |
1635 |
++ info.mode = array_index_nospec(info.mode, EMUX_MD_END); |
1636 |
+ |
1637 |
+ if (info.port < 0) { |
1638 |
+ for (i = 0; i < emu->num_ports; i++) |
1639 |
+ emu->portptrs[i]->ctrls[info.mode] = info.value; |
1640 |
+ } else { |
1641 |
+- if (info.port < emu->num_ports) |
1642 |
++ if (info.port < emu->num_ports) { |
1643 |
++ info.port = array_index_nospec(info.port, emu->num_ports); |
1644 |
+ emu->portptrs[info.port]->ctrls[info.mode] = info.value; |
1645 |
++ } |
1646 |
+ } |
1647 |
+ return 0; |
1648 |
+ } |
1649 |
+diff --git a/tools/perf/util/pmu.c b/tools/perf/util/pmu.c |
1650 |
+index 0f84371d4d6b..c86c1d5ea65c 100644 |
1651 |
+--- a/tools/perf/util/pmu.c |
1652 |
++++ b/tools/perf/util/pmu.c |
1653 |
+@@ -103,7 +103,7 @@ static int perf_pmu__parse_scale(struct perf_pmu_alias *alias, char *dir, char * |
1654 |
+ char path[PATH_MAX]; |
1655 |
+ char *lc; |
1656 |
+ |
1657 |
+- snprintf(path, PATH_MAX, "%s/%s.scale", dir, name); |
1658 |
++ scnprintf(path, PATH_MAX, "%s/%s.scale", dir, name); |
1659 |
+ |
1660 |
+ fd = open(path, O_RDONLY); |
1661 |
+ if (fd == -1) |
1662 |
+@@ -163,7 +163,7 @@ static int perf_pmu__parse_unit(struct perf_pmu_alias *alias, char *dir, char *n |
1663 |
+ ssize_t sret; |
1664 |
+ int fd; |
1665 |
+ |
1666 |
+- snprintf(path, PATH_MAX, "%s/%s.unit", dir, name); |
1667 |
++ scnprintf(path, PATH_MAX, "%s/%s.unit", dir, name); |
1668 |
+ |
1669 |
+ fd = open(path, O_RDONLY); |
1670 |
+ if (fd == -1) |
1671 |
+@@ -193,7 +193,7 @@ perf_pmu__parse_per_pkg(struct perf_pmu_alias *alias, char *dir, char *name) |
1672 |
+ char path[PATH_MAX]; |
1673 |
+ int fd; |
1674 |
+ |
1675 |
+- snprintf(path, PATH_MAX, "%s/%s.per-pkg", dir, name); |
1676 |
++ scnprintf(path, PATH_MAX, "%s/%s.per-pkg", dir, name); |
1677 |
+ |
1678 |
+ fd = open(path, O_RDONLY); |
1679 |
+ if (fd == -1) |
1680 |
+@@ -211,7 +211,7 @@ static int perf_pmu__parse_snapshot(struct perf_pmu_alias *alias, |
1681 |
+ char path[PATH_MAX]; |
1682 |
+ int fd; |
1683 |
+ |
1684 |
+- snprintf(path, PATH_MAX, "%s/%s.snapshot", dir, name); |
1685 |
++ scnprintf(path, PATH_MAX, "%s/%s.snapshot", dir, name); |
1686 |
+ |
1687 |
+ fd = open(path, O_RDONLY); |
1688 |
+ if (fd == -1) |