1 |
commit: a96b0651fc6a971fe0c2d4a77f574c77dfbddd0b |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Oct 26 20:49:29 2015 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 26 20:49:29 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=a96b0651 |
7 |
|
8 |
Linux patch 4.1.11 |
9 |
|
10 |
0000_README | 4 + |
11 |
1010_linux-4.1.11.patch | 8151 +++++++++++++++++++++++++++++++++++++++++++++++ |
12 |
2 files changed, 8155 insertions(+) |
13 |
|
14 |
diff --git a/0000_README b/0000_README |
15 |
index b9b941a..fa3fbdb 100644 |
16 |
--- a/0000_README |
17 |
+++ b/0000_README |
18 |
@@ -83,6 +83,10 @@ Patch: 1009_linux-4.1.10.patch |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 4.1.10 |
21 |
|
22 |
+Patch: 1010_linux-4.1.11.patch |
23 |
+From: http://www.kernel.org |
24 |
+Desc: Linux 4.1.11 |
25 |
+ |
26 |
Patch: 1500_XATTR_USER_PREFIX.patch |
27 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
28 |
Desc: Support for namespace user.pax.* on tmpfs. |
29 |
|
30 |
diff --git a/1010_linux-4.1.11.patch b/1010_linux-4.1.11.patch |
31 |
new file mode 100644 |
32 |
index 0000000..0200b32 |
33 |
--- /dev/null |
34 |
+++ b/1010_linux-4.1.11.patch |
35 |
@@ -0,0 +1,8151 @@ |
36 |
+diff --git a/Documentation/HOWTO b/Documentation/HOWTO |
37 |
+index 93aa8604630e..21152d397b88 100644 |
38 |
+--- a/Documentation/HOWTO |
39 |
++++ b/Documentation/HOWTO |
40 |
+@@ -218,16 +218,16 @@ The development process |
41 |
+ Linux kernel development process currently consists of a few different |
42 |
+ main kernel "branches" and lots of different subsystem-specific kernel |
43 |
+ branches. These different branches are: |
44 |
+- - main 3.x kernel tree |
45 |
+- - 3.x.y -stable kernel tree |
46 |
+- - 3.x -git kernel patches |
47 |
++ - main 4.x kernel tree |
48 |
++ - 4.x.y -stable kernel tree |
49 |
++ - 4.x -git kernel patches |
50 |
+ - subsystem specific kernel trees and patches |
51 |
+- - the 3.x -next kernel tree for integration tests |
52 |
++ - the 4.x -next kernel tree for integration tests |
53 |
+ |
54 |
+-3.x kernel tree |
55 |
++4.x kernel tree |
56 |
+ ----------------- |
57 |
+-3.x kernels are maintained by Linus Torvalds, and can be found on |
58 |
+-kernel.org in the pub/linux/kernel/v3.x/ directory. Its development |
59 |
++4.x kernels are maintained by Linus Torvalds, and can be found on |
60 |
++kernel.org in the pub/linux/kernel/v4.x/ directory. Its development |
61 |
+ process is as follows: |
62 |
+ - As soon as a new kernel is released a two weeks window is open, |
63 |
+ during this period of time maintainers can submit big diffs to |
64 |
+@@ -262,20 +262,20 @@ mailing list about kernel releases: |
65 |
+ released according to perceived bug status, not according to a |
66 |
+ preconceived timeline." |
67 |
+ |
68 |
+-3.x.y -stable kernel tree |
69 |
++4.x.y -stable kernel tree |
70 |
+ --------------------------- |
71 |
+ Kernels with 3-part versions are -stable kernels. They contain |
72 |
+ relatively small and critical fixes for security problems or significant |
73 |
+-regressions discovered in a given 3.x kernel. |
74 |
++regressions discovered in a given 4.x kernel. |
75 |
+ |
76 |
+ This is the recommended branch for users who want the most recent stable |
77 |
+ kernel and are not interested in helping test development/experimental |
78 |
+ versions. |
79 |
+ |
80 |
+-If no 3.x.y kernel is available, then the highest numbered 3.x |
81 |
++If no 4.x.y kernel is available, then the highest numbered 4.x |
82 |
+ kernel is the current stable kernel. |
83 |
+ |
84 |
+-3.x.y are maintained by the "stable" team <stable@×××××××××××.org>, and |
85 |
++4.x.y are maintained by the "stable" team <stable@×××××××××××.org>, and |
86 |
+ are released as needs dictate. The normal release period is approximately |
87 |
+ two weeks, but it can be longer if there are no pressing problems. A |
88 |
+ security-related problem, instead, can cause a release to happen almost |
89 |
+@@ -285,7 +285,7 @@ The file Documentation/stable_kernel_rules.txt in the kernel tree |
90 |
+ documents what kinds of changes are acceptable for the -stable tree, and |
91 |
+ how the release process works. |
92 |
+ |
93 |
+-3.x -git patches |
94 |
++4.x -git patches |
95 |
+ ------------------ |
96 |
+ These are daily snapshots of Linus' kernel tree which are managed in a |
97 |
+ git repository (hence the name.) These patches are usually released |
98 |
+@@ -317,9 +317,9 @@ revisions to it, and maintainers can mark patches as under review, |
99 |
+ accepted, or rejected. Most of these patchwork sites are listed at |
100 |
+ http://patchwork.kernel.org/. |
101 |
+ |
102 |
+-3.x -next kernel tree for integration tests |
103 |
++4.x -next kernel tree for integration tests |
104 |
+ --------------------------------------------- |
105 |
+-Before updates from subsystem trees are merged into the mainline 3.x |
106 |
++Before updates from subsystem trees are merged into the mainline 4.x |
107 |
+ tree, they need to be integration-tested. For this purpose, a special |
108 |
+ testing repository exists into which virtually all subsystem trees are |
109 |
+ pulled on an almost daily basis: |
110 |
+diff --git a/Makefile b/Makefile |
111 |
+index d02f16b510dc..c7d877b1c248 100644 |
112 |
+--- a/Makefile |
113 |
++++ b/Makefile |
114 |
+@@ -1,6 +1,6 @@ |
115 |
+ VERSION = 4 |
116 |
+ PATCHLEVEL = 1 |
117 |
+-SUBLEVEL = 10 |
118 |
++SUBLEVEL = 11 |
119 |
+ EXTRAVERSION = |
120 |
+ NAME = Series 4800 |
121 |
+ |
122 |
+diff --git a/arch/arm/Makefile b/arch/arm/Makefile |
123 |
+index 985227cbbd1b..47f10e7ad1f6 100644 |
124 |
+--- a/arch/arm/Makefile |
125 |
++++ b/arch/arm/Makefile |
126 |
+@@ -50,6 +50,14 @@ AS += -EL |
127 |
+ LD += -EL |
128 |
+ endif |
129 |
+ |
130 |
++# |
131 |
++# The Scalar Replacement of Aggregates (SRA) optimization pass in GCC 4.9 and |
132 |
++# later may result in code being generated that handles signed short and signed |
133 |
++# char struct members incorrectly. So disable it. |
134 |
++# (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65932) |
135 |
++# |
136 |
++KBUILD_CFLAGS += $(call cc-option,-fno-ipa-sra) |
137 |
++ |
138 |
+ # This selects which instruction set is used. |
139 |
+ # Note that GCC does not numerically define an architecture version |
140 |
+ # macro, but instead defines a whole series of macros which makes |
141 |
+diff --git a/arch/arm/boot/dts/imx25-pdk.dts b/arch/arm/boot/dts/imx25-pdk.dts |
142 |
+index dd45e6971bc3..9351296356dc 100644 |
143 |
+--- a/arch/arm/boot/dts/imx25-pdk.dts |
144 |
++++ b/arch/arm/boot/dts/imx25-pdk.dts |
145 |
+@@ -10,6 +10,7 @@ |
146 |
+ */ |
147 |
+ |
148 |
+ /dts-v1/; |
149 |
++#include <dt-bindings/gpio/gpio.h> |
150 |
+ #include <dt-bindings/input/input.h> |
151 |
+ #include "imx25.dtsi" |
152 |
+ |
153 |
+@@ -114,8 +115,8 @@ |
154 |
+ &esdhc1 { |
155 |
+ pinctrl-names = "default"; |
156 |
+ pinctrl-0 = <&pinctrl_esdhc1>; |
157 |
+- cd-gpios = <&gpio2 1 0>; |
158 |
+- wp-gpios = <&gpio2 0 0>; |
159 |
++ cd-gpios = <&gpio2 1 GPIO_ACTIVE_LOW>; |
160 |
++ wp-gpios = <&gpio2 0 GPIO_ACTIVE_HIGH>; |
161 |
+ status = "okay"; |
162 |
+ }; |
163 |
+ |
164 |
+diff --git a/arch/arm/boot/dts/imx51-apf51dev.dts b/arch/arm/boot/dts/imx51-apf51dev.dts |
165 |
+index 93d3ea12328c..0f3fe29b816e 100644 |
166 |
+--- a/arch/arm/boot/dts/imx51-apf51dev.dts |
167 |
++++ b/arch/arm/boot/dts/imx51-apf51dev.dts |
168 |
+@@ -98,7 +98,7 @@ |
169 |
+ &esdhc1 { |
170 |
+ pinctrl-names = "default"; |
171 |
+ pinctrl-0 = <&pinctrl_esdhc1>; |
172 |
+- cd-gpios = <&gpio2 29 GPIO_ACTIVE_HIGH>; |
173 |
++ cd-gpios = <&gpio2 29 GPIO_ACTIVE_LOW>; |
174 |
+ bus-width = <4>; |
175 |
+ status = "okay"; |
176 |
+ }; |
177 |
+diff --git a/arch/arm/boot/dts/imx53-ard.dts b/arch/arm/boot/dts/imx53-ard.dts |
178 |
+index e9337ad52f59..3bc18835fb4b 100644 |
179 |
+--- a/arch/arm/boot/dts/imx53-ard.dts |
180 |
++++ b/arch/arm/boot/dts/imx53-ard.dts |
181 |
+@@ -103,8 +103,8 @@ |
182 |
+ &esdhc1 { |
183 |
+ pinctrl-names = "default"; |
184 |
+ pinctrl-0 = <&pinctrl_esdhc1>; |
185 |
+- cd-gpios = <&gpio1 1 0>; |
186 |
+- wp-gpios = <&gpio1 9 0>; |
187 |
++ cd-gpios = <&gpio1 1 GPIO_ACTIVE_LOW>; |
188 |
++ wp-gpios = <&gpio1 9 GPIO_ACTIVE_HIGH>; |
189 |
+ status = "okay"; |
190 |
+ }; |
191 |
+ |
192 |
+diff --git a/arch/arm/boot/dts/imx53-m53evk.dts b/arch/arm/boot/dts/imx53-m53evk.dts |
193 |
+index d0e0f57eb432..53f40885c530 100644 |
194 |
+--- a/arch/arm/boot/dts/imx53-m53evk.dts |
195 |
++++ b/arch/arm/boot/dts/imx53-m53evk.dts |
196 |
+@@ -124,8 +124,8 @@ |
197 |
+ &esdhc1 { |
198 |
+ pinctrl-names = "default"; |
199 |
+ pinctrl-0 = <&pinctrl_esdhc1>; |
200 |
+- cd-gpios = <&gpio1 1 0>; |
201 |
+- wp-gpios = <&gpio1 9 0>; |
202 |
++ cd-gpios = <&gpio1 1 GPIO_ACTIVE_LOW>; |
203 |
++ wp-gpios = <&gpio1 9 GPIO_ACTIVE_HIGH>; |
204 |
+ status = "okay"; |
205 |
+ }; |
206 |
+ |
207 |
+diff --git a/arch/arm/boot/dts/imx53-qsb-common.dtsi b/arch/arm/boot/dts/imx53-qsb-common.dtsi |
208 |
+index 181ae5ebf23f..1f55187ed9ce 100644 |
209 |
+--- a/arch/arm/boot/dts/imx53-qsb-common.dtsi |
210 |
++++ b/arch/arm/boot/dts/imx53-qsb-common.dtsi |
211 |
+@@ -147,8 +147,8 @@ |
212 |
+ &esdhc3 { |
213 |
+ pinctrl-names = "default"; |
214 |
+ pinctrl-0 = <&pinctrl_esdhc3>; |
215 |
+- cd-gpios = <&gpio3 11 0>; |
216 |
+- wp-gpios = <&gpio3 12 0>; |
217 |
++ cd-gpios = <&gpio3 11 GPIO_ACTIVE_LOW>; |
218 |
++ wp-gpios = <&gpio3 12 GPIO_ACTIVE_HIGH>; |
219 |
+ bus-width = <8>; |
220 |
+ status = "okay"; |
221 |
+ }; |
222 |
+diff --git a/arch/arm/boot/dts/imx53-smd.dts b/arch/arm/boot/dts/imx53-smd.dts |
223 |
+index 1d325576bcc0..fc89ce1e5763 100644 |
224 |
+--- a/arch/arm/boot/dts/imx53-smd.dts |
225 |
++++ b/arch/arm/boot/dts/imx53-smd.dts |
226 |
+@@ -41,8 +41,8 @@ |
227 |
+ &esdhc1 { |
228 |
+ pinctrl-names = "default"; |
229 |
+ pinctrl-0 = <&pinctrl_esdhc1>; |
230 |
+- cd-gpios = <&gpio3 13 0>; |
231 |
+- wp-gpios = <&gpio4 11 0>; |
232 |
++ cd-gpios = <&gpio3 13 GPIO_ACTIVE_LOW>; |
233 |
++ wp-gpios = <&gpio4 11 GPIO_ACTIVE_HIGH>; |
234 |
+ status = "okay"; |
235 |
+ }; |
236 |
+ |
237 |
+diff --git a/arch/arm/boot/dts/imx53-tqma53.dtsi b/arch/arm/boot/dts/imx53-tqma53.dtsi |
238 |
+index 4f1f0e2868bf..e03373a58760 100644 |
239 |
+--- a/arch/arm/boot/dts/imx53-tqma53.dtsi |
240 |
++++ b/arch/arm/boot/dts/imx53-tqma53.dtsi |
241 |
+@@ -41,8 +41,8 @@ |
242 |
+ pinctrl-0 = <&pinctrl_esdhc2>, |
243 |
+ <&pinctrl_esdhc2_cdwp>; |
244 |
+ vmmc-supply = <®_3p3v>; |
245 |
+- wp-gpios = <&gpio1 2 0>; |
246 |
+- cd-gpios = <&gpio1 4 0>; |
247 |
++ wp-gpios = <&gpio1 2 GPIO_ACTIVE_HIGH>; |
248 |
++ cd-gpios = <&gpio1 4 GPIO_ACTIVE_LOW>; |
249 |
+ status = "disabled"; |
250 |
+ }; |
251 |
+ |
252 |
+diff --git a/arch/arm/boot/dts/imx53-tx53.dtsi b/arch/arm/boot/dts/imx53-tx53.dtsi |
253 |
+index 704bd72cbfec..d3e50b22064f 100644 |
254 |
+--- a/arch/arm/boot/dts/imx53-tx53.dtsi |
255 |
++++ b/arch/arm/boot/dts/imx53-tx53.dtsi |
256 |
+@@ -183,7 +183,7 @@ |
257 |
+ }; |
258 |
+ |
259 |
+ &esdhc1 { |
260 |
+- cd-gpios = <&gpio3 24 GPIO_ACTIVE_HIGH>; |
261 |
++ cd-gpios = <&gpio3 24 GPIO_ACTIVE_LOW>; |
262 |
+ fsl,wp-controller; |
263 |
+ pinctrl-names = "default"; |
264 |
+ pinctrl-0 = <&pinctrl_esdhc1>; |
265 |
+@@ -191,7 +191,7 @@ |
266 |
+ }; |
267 |
+ |
268 |
+ &esdhc2 { |
269 |
+- cd-gpios = <&gpio3 25 GPIO_ACTIVE_HIGH>; |
270 |
++ cd-gpios = <&gpio3 25 GPIO_ACTIVE_LOW>; |
271 |
+ fsl,wp-controller; |
272 |
+ pinctrl-names = "default"; |
273 |
+ pinctrl-0 = <&pinctrl_esdhc2>; |
274 |
+diff --git a/arch/arm/boot/dts/imx53-voipac-bsb.dts b/arch/arm/boot/dts/imx53-voipac-bsb.dts |
275 |
+index c17d3ad6dba5..fc51b87ad208 100644 |
276 |
+--- a/arch/arm/boot/dts/imx53-voipac-bsb.dts |
277 |
++++ b/arch/arm/boot/dts/imx53-voipac-bsb.dts |
278 |
+@@ -119,8 +119,8 @@ |
279 |
+ &esdhc2 { |
280 |
+ pinctrl-names = "default"; |
281 |
+ pinctrl-0 = <&pinctrl_esdhc2>; |
282 |
+- cd-gpios = <&gpio3 25 0>; |
283 |
+- wp-gpios = <&gpio2 19 0>; |
284 |
++ cd-gpios = <&gpio3 25 GPIO_ACTIVE_LOW>; |
285 |
++ wp-gpios = <&gpio2 19 GPIO_ACTIVE_HIGH>; |
286 |
+ vmmc-supply = <®_3p3v>; |
287 |
+ status = "okay"; |
288 |
+ }; |
289 |
+diff --git a/arch/arm/boot/dts/imx6qdl-rex.dtsi b/arch/arm/boot/dts/imx6qdl-rex.dtsi |
290 |
+index 488a640796ac..394a4ace351a 100644 |
291 |
+--- a/arch/arm/boot/dts/imx6qdl-rex.dtsi |
292 |
++++ b/arch/arm/boot/dts/imx6qdl-rex.dtsi |
293 |
+@@ -35,7 +35,6 @@ |
294 |
+ compatible = "regulator-fixed"; |
295 |
+ reg = <1>; |
296 |
+ pinctrl-names = "default"; |
297 |
+- pinctrl-0 = <&pinctrl_usbh1>; |
298 |
+ regulator-name = "usbh1_vbus"; |
299 |
+ regulator-min-microvolt = <5000000>; |
300 |
+ regulator-max-microvolt = <5000000>; |
301 |
+@@ -47,7 +46,6 @@ |
302 |
+ compatible = "regulator-fixed"; |
303 |
+ reg = <2>; |
304 |
+ pinctrl-names = "default"; |
305 |
+- pinctrl-0 = <&pinctrl_usbotg>; |
306 |
+ regulator-name = "usb_otg_vbus"; |
307 |
+ regulator-min-microvolt = <5000000>; |
308 |
+ regulator-max-microvolt = <5000000>; |
309 |
+diff --git a/arch/arm/boot/dts/omap3-beagle.dts b/arch/arm/boot/dts/omap3-beagle.dts |
310 |
+index a5474113cd50..67659a0ed13e 100644 |
311 |
+--- a/arch/arm/boot/dts/omap3-beagle.dts |
312 |
++++ b/arch/arm/boot/dts/omap3-beagle.dts |
313 |
+@@ -202,7 +202,7 @@ |
314 |
+ |
315 |
+ tfp410_pins: pinmux_tfp410_pins { |
316 |
+ pinctrl-single,pins = < |
317 |
+- 0x194 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */ |
318 |
++ 0x196 (PIN_OUTPUT | MUX_MODE4) /* hdq_sio.gpio_170 */ |
319 |
+ >; |
320 |
+ }; |
321 |
+ |
322 |
+diff --git a/arch/arm/boot/dts/omap5-uevm.dts b/arch/arm/boot/dts/omap5-uevm.dts |
323 |
+index 74777a6e200a..1b958e92d674 100644 |
324 |
+--- a/arch/arm/boot/dts/omap5-uevm.dts |
325 |
++++ b/arch/arm/boot/dts/omap5-uevm.dts |
326 |
+@@ -174,8 +174,8 @@ |
327 |
+ |
328 |
+ i2c5_pins: pinmux_i2c5_pins { |
329 |
+ pinctrl-single,pins = < |
330 |
+- 0x184 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */ |
331 |
+- 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */ |
332 |
++ 0x186 (PIN_INPUT | MUX_MODE0) /* i2c5_scl */ |
333 |
++ 0x188 (PIN_INPUT | MUX_MODE0) /* i2c5_sda */ |
334 |
+ >; |
335 |
+ }; |
336 |
+ |
337 |
+diff --git a/arch/arm/kernel/kgdb.c b/arch/arm/kernel/kgdb.c |
338 |
+index a6ad93c9bce3..fd9eefce0a7b 100644 |
339 |
+--- a/arch/arm/kernel/kgdb.c |
340 |
++++ b/arch/arm/kernel/kgdb.c |
341 |
+@@ -259,15 +259,17 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) |
342 |
+ if (err) |
343 |
+ return err; |
344 |
+ |
345 |
+- patch_text((void *)bpt->bpt_addr, |
346 |
+- *(unsigned int *)arch_kgdb_ops.gdb_bpt_instr); |
347 |
++ /* Machine is already stopped, so we can use __patch_text() directly */ |
348 |
++ __patch_text((void *)bpt->bpt_addr, |
349 |
++ *(unsigned int *)arch_kgdb_ops.gdb_bpt_instr); |
350 |
+ |
351 |
+ return err; |
352 |
+ } |
353 |
+ |
354 |
+ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) |
355 |
+ { |
356 |
+- patch_text((void *)bpt->bpt_addr, *(unsigned int *)bpt->saved_instr); |
357 |
++ /* Machine is already stopped, so we can use __patch_text() directly */ |
358 |
++ __patch_text((void *)bpt->bpt_addr, *(unsigned int *)bpt->saved_instr); |
359 |
+ |
360 |
+ return 0; |
361 |
+ } |
362 |
+diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c |
363 |
+index 423663e23791..586eef26203d 100644 |
364 |
+--- a/arch/arm/kernel/signal.c |
365 |
++++ b/arch/arm/kernel/signal.c |
366 |
+@@ -343,12 +343,17 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig, |
367 |
+ */ |
368 |
+ thumb = handler & 1; |
369 |
+ |
370 |
+-#if __LINUX_ARM_ARCH__ >= 7 |
371 |
++#if __LINUX_ARM_ARCH__ >= 6 |
372 |
+ /* |
373 |
+- * Clear the If-Then Thumb-2 execution state |
374 |
+- * ARM spec requires this to be all 000s in ARM mode |
375 |
+- * Snapdragon S4/Krait misbehaves on a Thumb=>ARM |
376 |
+- * signal transition without this. |
377 |
++ * Clear the If-Then Thumb-2 execution state. ARM spec |
378 |
++ * requires this to be all 000s in ARM mode. Snapdragon |
379 |
++ * S4/Krait misbehaves on a Thumb=>ARM signal transition |
380 |
++ * without this. |
381 |
++ * |
382 |
++ * We must do this whenever we are running on a Thumb-2 |
383 |
++ * capable CPU, which includes ARMv6T2. However, we elect |
384 |
++ * to do this whenever we're on an ARMv6 or later CPU for |
385 |
++ * simplicity. |
386 |
+ */ |
387 |
+ cpsr &= ~PSR_IT_MASK; |
388 |
+ #endif |
389 |
+diff --git a/arch/arm/kvm/interrupts_head.S b/arch/arm/kvm/interrupts_head.S |
390 |
+index 48efe2ee452c..58048b333d31 100644 |
391 |
+--- a/arch/arm/kvm/interrupts_head.S |
392 |
++++ b/arch/arm/kvm/interrupts_head.S |
393 |
+@@ -518,8 +518,7 @@ ARM_BE8(rev r6, r6 ) |
394 |
+ |
395 |
+ mrc p15, 0, r2, c14, c3, 1 @ CNTV_CTL |
396 |
+ str r2, [vcpu, #VCPU_TIMER_CNTV_CTL] |
397 |
+- bic r2, #1 @ Clear ENABLE |
398 |
+- mcr p15, 0, r2, c14, c3, 1 @ CNTV_CTL |
399 |
++ |
400 |
+ isb |
401 |
+ |
402 |
+ mrrc p15, 3, rr_lo_hi(r2, r3), c14 @ CNTV_CVAL |
403 |
+@@ -532,6 +531,9 @@ ARM_BE8(rev r6, r6 ) |
404 |
+ mcrr p15, 4, r2, r2, c14 @ CNTVOFF |
405 |
+ |
406 |
+ 1: |
407 |
++ mov r2, #0 @ Clear ENABLE |
408 |
++ mcr p15, 0, r2, c14, c3, 1 @ CNTV_CTL |
409 |
++ |
410 |
+ @ Allow physical timer/counter access for the host |
411 |
+ mrc p15, 4, r2, c14, c1, 0 @ CNTHCTL |
412 |
+ orr r2, r2, #(CNTHCTL_PL1PCEN | CNTHCTL_PL1PCTEN) |
413 |
+diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c |
414 |
+index 1d5accbd3dcf..191dcfab9f60 100644 |
415 |
+--- a/arch/arm/kvm/mmu.c |
416 |
++++ b/arch/arm/kvm/mmu.c |
417 |
+@@ -1790,8 +1790,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, |
418 |
+ if (vma->vm_flags & VM_PFNMAP) { |
419 |
+ gpa_t gpa = mem->guest_phys_addr + |
420 |
+ (vm_start - mem->userspace_addr); |
421 |
+- phys_addr_t pa = (vma->vm_pgoff << PAGE_SHIFT) + |
422 |
+- vm_start - vma->vm_start; |
423 |
++ phys_addr_t pa; |
424 |
++ |
425 |
++ pa = (phys_addr_t)vma->vm_pgoff << PAGE_SHIFT; |
426 |
++ pa += vm_start - vma->vm_start; |
427 |
+ |
428 |
+ /* IO region dirty page logging not allowed */ |
429 |
+ if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) |
430 |
+diff --git a/arch/arm/mach-exynos/mcpm-exynos.c b/arch/arm/mach-exynos/mcpm-exynos.c |
431 |
+index 9bdf54795f05..56978199c479 100644 |
432 |
+--- a/arch/arm/mach-exynos/mcpm-exynos.c |
433 |
++++ b/arch/arm/mach-exynos/mcpm-exynos.c |
434 |
+@@ -20,6 +20,7 @@ |
435 |
+ #include <asm/cputype.h> |
436 |
+ #include <asm/cp15.h> |
437 |
+ #include <asm/mcpm.h> |
438 |
++#include <asm/smp_plat.h> |
439 |
+ |
440 |
+ #include "regs-pmu.h" |
441 |
+ #include "common.h" |
442 |
+@@ -70,7 +71,31 @@ static int exynos_cpu_powerup(unsigned int cpu, unsigned int cluster) |
443 |
+ cluster >= EXYNOS5420_NR_CLUSTERS) |
444 |
+ return -EINVAL; |
445 |
+ |
446 |
+- exynos_cpu_power_up(cpunr); |
447 |
++ if (!exynos_cpu_power_state(cpunr)) { |
448 |
++ exynos_cpu_power_up(cpunr); |
449 |
++ |
450 |
++ /* |
451 |
++ * This assumes the cluster number of the big cores(Cortex A15) |
452 |
++ * is 0 and the Little cores(Cortex A7) is 1. |
453 |
++ * When the system was booted from the Little core, |
454 |
++ * they should be reset during power up cpu. |
455 |
++ */ |
456 |
++ if (cluster && |
457 |
++ cluster == MPIDR_AFFINITY_LEVEL(cpu_logical_map(0), 1)) { |
458 |
++ /* |
459 |
++ * Before we reset the Little cores, we should wait |
460 |
++ * the SPARE2 register is set to 1 because the init |
461 |
++ * codes of the iROM will set the register after |
462 |
++ * initialization. |
463 |
++ */ |
464 |
++ while (!pmu_raw_readl(S5P_PMU_SPARE2)) |
465 |
++ udelay(10); |
466 |
++ |
467 |
++ pmu_raw_writel(EXYNOS5420_KFC_CORE_RESET(cpu), |
468 |
++ EXYNOS_SWRESET); |
469 |
++ } |
470 |
++ } |
471 |
++ |
472 |
+ return 0; |
473 |
+ } |
474 |
+ |
475 |
+diff --git a/arch/arm/mach-exynos/regs-pmu.h b/arch/arm/mach-exynos/regs-pmu.h |
476 |
+index b7614333d296..fba9068ed260 100644 |
477 |
+--- a/arch/arm/mach-exynos/regs-pmu.h |
478 |
++++ b/arch/arm/mach-exynos/regs-pmu.h |
479 |
+@@ -513,6 +513,12 @@ static inline unsigned int exynos_pmu_cpunr(unsigned int mpidr) |
480 |
+ #define SPREAD_ENABLE 0xF |
481 |
+ #define SPREAD_USE_STANDWFI 0xF |
482 |
+ |
483 |
++#define EXYNOS5420_KFC_CORE_RESET0 BIT(8) |
484 |
++#define EXYNOS5420_KFC_ETM_RESET0 BIT(20) |
485 |
++ |
486 |
++#define EXYNOS5420_KFC_CORE_RESET(_nr) \ |
487 |
++ ((EXYNOS5420_KFC_CORE_RESET0 | EXYNOS5420_KFC_ETM_RESET0) << (_nr)) |
488 |
++ |
489 |
+ #define EXYNOS5420_BB_CON1 0x0784 |
490 |
+ #define EXYNOS5420_BB_SEL_EN BIT(31) |
491 |
+ #define EXYNOS5420_BB_PMOS_EN BIT(7) |
492 |
+diff --git a/arch/arm64/kernel/efi.c b/arch/arm64/kernel/efi.c |
493 |
+index 352962bc2e78..5170fd5c8e97 100644 |
494 |
+--- a/arch/arm64/kernel/efi.c |
495 |
++++ b/arch/arm64/kernel/efi.c |
496 |
+@@ -257,7 +257,8 @@ static bool __init efi_virtmap_init(void) |
497 |
+ */ |
498 |
+ if (!is_normal_ram(md)) |
499 |
+ prot = __pgprot(PROT_DEVICE_nGnRE); |
500 |
+- else if (md->type == EFI_RUNTIME_SERVICES_CODE) |
501 |
++ else if (md->type == EFI_RUNTIME_SERVICES_CODE || |
502 |
++ !PAGE_ALIGNED(md->phys_addr)) |
503 |
+ prot = PAGE_KERNEL_EXEC; |
504 |
+ else |
505 |
+ prot = PAGE_KERNEL; |
506 |
+diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S |
507 |
+index 08cafc518b9a..0f03a8fe2314 100644 |
508 |
+--- a/arch/arm64/kernel/entry-ftrace.S |
509 |
++++ b/arch/arm64/kernel/entry-ftrace.S |
510 |
+@@ -178,6 +178,24 @@ ENTRY(ftrace_stub) |
511 |
+ ENDPROC(ftrace_stub) |
512 |
+ |
513 |
+ #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
514 |
++ /* save return value regs*/ |
515 |
++ .macro save_return_regs |
516 |
++ sub sp, sp, #64 |
517 |
++ stp x0, x1, [sp] |
518 |
++ stp x2, x3, [sp, #16] |
519 |
++ stp x4, x5, [sp, #32] |
520 |
++ stp x6, x7, [sp, #48] |
521 |
++ .endm |
522 |
++ |
523 |
++ /* restore return value regs*/ |
524 |
++ .macro restore_return_regs |
525 |
++ ldp x0, x1, [sp] |
526 |
++ ldp x2, x3, [sp, #16] |
527 |
++ ldp x4, x5, [sp, #32] |
528 |
++ ldp x6, x7, [sp, #48] |
529 |
++ add sp, sp, #64 |
530 |
++ .endm |
531 |
++ |
532 |
+ /* |
533 |
+ * void ftrace_graph_caller(void) |
534 |
+ * |
535 |
+@@ -204,11 +222,11 @@ ENDPROC(ftrace_graph_caller) |
536 |
+ * only when CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST is enabled. |
537 |
+ */ |
538 |
+ ENTRY(return_to_handler) |
539 |
+- str x0, [sp, #-16]! |
540 |
++ save_return_regs |
541 |
+ mov x0, x29 // parent's fp |
542 |
+ bl ftrace_return_to_handler// addr = ftrace_return_to_hander(fp); |
543 |
+ mov x30, x0 // restore the original return address |
544 |
+- ldr x0, [sp], #16 |
545 |
++ restore_return_regs |
546 |
+ ret |
547 |
+ END(return_to_handler) |
548 |
+ #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
549 |
+diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c |
550 |
+index 96da13167d4a..fa5efaa5c3ac 100644 |
551 |
+--- a/arch/arm64/mm/fault.c |
552 |
++++ b/arch/arm64/mm/fault.c |
553 |
+@@ -279,6 +279,7 @@ retry: |
554 |
+ * starvation. |
555 |
+ */ |
556 |
+ mm_flags &= ~FAULT_FLAG_ALLOW_RETRY; |
557 |
++ mm_flags |= FAULT_FLAG_TRIED; |
558 |
+ goto retry; |
559 |
+ } |
560 |
+ } |
561 |
+diff --git a/arch/m68k/include/asm/linkage.h b/arch/m68k/include/asm/linkage.h |
562 |
+index 5a822bb790f7..066e74f666ae 100644 |
563 |
+--- a/arch/m68k/include/asm/linkage.h |
564 |
++++ b/arch/m68k/include/asm/linkage.h |
565 |
+@@ -4,4 +4,34 @@ |
566 |
+ #define __ALIGN .align 4 |
567 |
+ #define __ALIGN_STR ".align 4" |
568 |
+ |
569 |
++/* |
570 |
++ * Make sure the compiler doesn't do anything stupid with the |
571 |
++ * arguments on the stack - they are owned by the *caller*, not |
572 |
++ * the callee. This just fools gcc into not spilling into them, |
573 |
++ * and keeps it from doing tailcall recursion and/or using the |
574 |
++ * stack slots for temporaries, since they are live and "used" |
575 |
++ * all the way to the end of the function. |
576 |
++ */ |
577 |
++#define asmlinkage_protect(n, ret, args...) \ |
578 |
++ __asmlinkage_protect##n(ret, ##args) |
579 |
++#define __asmlinkage_protect_n(ret, args...) \ |
580 |
++ __asm__ __volatile__ ("" : "=r" (ret) : "0" (ret), ##args) |
581 |
++#define __asmlinkage_protect0(ret) \ |
582 |
++ __asmlinkage_protect_n(ret) |
583 |
++#define __asmlinkage_protect1(ret, arg1) \ |
584 |
++ __asmlinkage_protect_n(ret, "m" (arg1)) |
585 |
++#define __asmlinkage_protect2(ret, arg1, arg2) \ |
586 |
++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2)) |
587 |
++#define __asmlinkage_protect3(ret, arg1, arg2, arg3) \ |
588 |
++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3)) |
589 |
++#define __asmlinkage_protect4(ret, arg1, arg2, arg3, arg4) \ |
590 |
++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \ |
591 |
++ "m" (arg4)) |
592 |
++#define __asmlinkage_protect5(ret, arg1, arg2, arg3, arg4, arg5) \ |
593 |
++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \ |
594 |
++ "m" (arg4), "m" (arg5)) |
595 |
++#define __asmlinkage_protect6(ret, arg1, arg2, arg3, arg4, arg5, arg6) \ |
596 |
++ __asmlinkage_protect_n(ret, "m" (arg1), "m" (arg2), "m" (arg3), \ |
597 |
++ "m" (arg4), "m" (arg5), "m" (arg6)) |
598 |
++ |
599 |
+ #endif |
600 |
+diff --git a/arch/mips/loongson/common/env.c b/arch/mips/loongson/common/env.c |
601 |
+index 22f04ca2ff3e..2efb18aafa4f 100644 |
602 |
+--- a/arch/mips/loongson/common/env.c |
603 |
++++ b/arch/mips/loongson/common/env.c |
604 |
+@@ -64,6 +64,9 @@ void __init prom_init_env(void) |
605 |
+ } |
606 |
+ if (memsize == 0) |
607 |
+ memsize = 256; |
608 |
++ |
609 |
++ loongson_sysconf.nr_uarts = 1; |
610 |
++ |
611 |
+ pr_info("memsize=%u, highmemsize=%u\n", memsize, highmemsize); |
612 |
+ #else |
613 |
+ struct boot_params *boot_p; |
614 |
+diff --git a/arch/mips/mm/dma-default.c b/arch/mips/mm/dma-default.c |
615 |
+index 609d1241b0c4..371eec113659 100644 |
616 |
+--- a/arch/mips/mm/dma-default.c |
617 |
++++ b/arch/mips/mm/dma-default.c |
618 |
+@@ -100,7 +100,7 @@ static gfp_t massage_gfp_flags(const struct device *dev, gfp_t gfp) |
619 |
+ else |
620 |
+ #endif |
621 |
+ #if defined(CONFIG_ZONE_DMA) && !defined(CONFIG_ZONE_DMA32) |
622 |
+- if (dev->coherent_dma_mask < DMA_BIT_MASK(64)) |
623 |
++ if (dev->coherent_dma_mask < DMA_BIT_MASK(sizeof(phys_addr_t) * 8)) |
624 |
+ dma_flag = __GFP_DMA; |
625 |
+ else |
626 |
+ #endif |
627 |
+diff --git a/arch/powerpc/kvm/book3s.c b/arch/powerpc/kvm/book3s.c |
628 |
+index 453a8a47a467..964c0ce584ce 100644 |
629 |
+--- a/arch/powerpc/kvm/book3s.c |
630 |
++++ b/arch/powerpc/kvm/book3s.c |
631 |
+@@ -826,12 +826,15 @@ int kvmppc_h_logical_ci_load(struct kvm_vcpu *vcpu) |
632 |
+ unsigned long size = kvmppc_get_gpr(vcpu, 4); |
633 |
+ unsigned long addr = kvmppc_get_gpr(vcpu, 5); |
634 |
+ u64 buf; |
635 |
++ int srcu_idx; |
636 |
+ int ret; |
637 |
+ |
638 |
+ if (!is_power_of_2(size) || (size > sizeof(buf))) |
639 |
+ return H_TOO_HARD; |
640 |
+ |
641 |
++ srcu_idx = srcu_read_lock(&vcpu->kvm->srcu); |
642 |
+ ret = kvm_io_bus_read(vcpu, KVM_MMIO_BUS, addr, size, &buf); |
643 |
++ srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx); |
644 |
+ if (ret != 0) |
645 |
+ return H_TOO_HARD; |
646 |
+ |
647 |
+@@ -866,6 +869,7 @@ int kvmppc_h_logical_ci_store(struct kvm_vcpu *vcpu) |
648 |
+ unsigned long addr = kvmppc_get_gpr(vcpu, 5); |
649 |
+ unsigned long val = kvmppc_get_gpr(vcpu, 6); |
650 |
+ u64 buf; |
651 |
++ int srcu_idx; |
652 |
+ int ret; |
653 |
+ |
654 |
+ switch (size) { |
655 |
+@@ -889,7 +893,9 @@ int kvmppc_h_logical_ci_store(struct kvm_vcpu *vcpu) |
656 |
+ return H_TOO_HARD; |
657 |
+ } |
658 |
+ |
659 |
++ srcu_idx = srcu_read_lock(&vcpu->kvm->srcu); |
660 |
+ ret = kvm_io_bus_write(vcpu, KVM_MMIO_BUS, addr, size, &buf); |
661 |
++ srcu_read_unlock(&vcpu->kvm->srcu, srcu_idx); |
662 |
+ if (ret != 0) |
663 |
+ return H_TOO_HARD; |
664 |
+ |
665 |
+diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
666 |
+index 3b2d2c5b6376..ffd98b2bfa16 100644 |
667 |
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
668 |
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
669 |
+@@ -1171,6 +1171,7 @@ mc_cont: |
670 |
+ bl kvmhv_accumulate_time |
671 |
+ #endif |
672 |
+ |
673 |
++ mr r3, r12 |
674 |
+ /* Increment exit count, poke other threads to exit */ |
675 |
+ bl kvmhv_commence_exit |
676 |
+ nop |
677 |
+diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c |
678 |
+index bca2aeb6e4b6..3ff29cf6d05c 100644 |
679 |
+--- a/arch/powerpc/platforms/powernv/pci.c |
680 |
++++ b/arch/powerpc/platforms/powernv/pci.c |
681 |
+@@ -99,6 +99,7 @@ static void pnv_teardown_msi_irqs(struct pci_dev *pdev) |
682 |
+ struct pci_controller *hose = pci_bus_to_host(pdev->bus); |
683 |
+ struct pnv_phb *phb = hose->private_data; |
684 |
+ struct msi_desc *entry; |
685 |
++ irq_hw_number_t hwirq; |
686 |
+ |
687 |
+ if (WARN_ON(!phb)) |
688 |
+ return; |
689 |
+@@ -106,10 +107,10 @@ static void pnv_teardown_msi_irqs(struct pci_dev *pdev) |
690 |
+ list_for_each_entry(entry, &pdev->msi_list, list) { |
691 |
+ if (entry->irq == NO_IRQ) |
692 |
+ continue; |
693 |
++ hwirq = virq_to_hw(entry->irq); |
694 |
+ irq_set_msi_desc(entry->irq, NULL); |
695 |
+- msi_bitmap_free_hwirqs(&phb->msi_bmp, |
696 |
+- virq_to_hw(entry->irq) - phb->msi_base, 1); |
697 |
+ irq_dispose_mapping(entry->irq); |
698 |
++ msi_bitmap_free_hwirqs(&phb->msi_bmp, hwirq - phb->msi_base, 1); |
699 |
+ } |
700 |
+ } |
701 |
+ #endif /* CONFIG_PCI_MSI */ |
702 |
+diff --git a/arch/powerpc/sysdev/fsl_msi.c b/arch/powerpc/sysdev/fsl_msi.c |
703 |
+index f086c6f22dc9..fd16cb5d83f3 100644 |
704 |
+--- a/arch/powerpc/sysdev/fsl_msi.c |
705 |
++++ b/arch/powerpc/sysdev/fsl_msi.c |
706 |
+@@ -128,15 +128,16 @@ static void fsl_teardown_msi_irqs(struct pci_dev *pdev) |
707 |
+ { |
708 |
+ struct msi_desc *entry; |
709 |
+ struct fsl_msi *msi_data; |
710 |
++ irq_hw_number_t hwirq; |
711 |
+ |
712 |
+ list_for_each_entry(entry, &pdev->msi_list, list) { |
713 |
+ if (entry->irq == NO_IRQ) |
714 |
+ continue; |
715 |
++ hwirq = virq_to_hw(entry->irq); |
716 |
+ msi_data = irq_get_chip_data(entry->irq); |
717 |
+ irq_set_msi_desc(entry->irq, NULL); |
718 |
+- msi_bitmap_free_hwirqs(&msi_data->bitmap, |
719 |
+- virq_to_hw(entry->irq), 1); |
720 |
+ irq_dispose_mapping(entry->irq); |
721 |
++ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1); |
722 |
+ } |
723 |
+ |
724 |
+ return; |
725 |
+diff --git a/arch/powerpc/sysdev/mpic_pasemi_msi.c b/arch/powerpc/sysdev/mpic_pasemi_msi.c |
726 |
+index a3f660eed6de..89496cf4e04d 100644 |
727 |
+--- a/arch/powerpc/sysdev/mpic_pasemi_msi.c |
728 |
++++ b/arch/powerpc/sysdev/mpic_pasemi_msi.c |
729 |
+@@ -65,6 +65,7 @@ static struct irq_chip mpic_pasemi_msi_chip = { |
730 |
+ static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev) |
731 |
+ { |
732 |
+ struct msi_desc *entry; |
733 |
++ irq_hw_number_t hwirq; |
734 |
+ |
735 |
+ pr_debug("pasemi_msi_teardown_msi_irqs, pdev %p\n", pdev); |
736 |
+ |
737 |
+@@ -72,10 +73,11 @@ static void pasemi_msi_teardown_msi_irqs(struct pci_dev *pdev) |
738 |
+ if (entry->irq == NO_IRQ) |
739 |
+ continue; |
740 |
+ |
741 |
++ hwirq = virq_to_hw(entry->irq); |
742 |
+ irq_set_msi_desc(entry->irq, NULL); |
743 |
+- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, |
744 |
+- virq_to_hw(entry->irq), ALLOC_CHUNK); |
745 |
+ irq_dispose_mapping(entry->irq); |
746 |
++ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, |
747 |
++ hwirq, ALLOC_CHUNK); |
748 |
+ } |
749 |
+ |
750 |
+ return; |
751 |
+diff --git a/arch/powerpc/sysdev/mpic_u3msi.c b/arch/powerpc/sysdev/mpic_u3msi.c |
752 |
+index b2cef1809389..13a34b237559 100644 |
753 |
+--- a/arch/powerpc/sysdev/mpic_u3msi.c |
754 |
++++ b/arch/powerpc/sysdev/mpic_u3msi.c |
755 |
+@@ -107,15 +107,16 @@ static u64 find_u4_magic_addr(struct pci_dev *pdev, unsigned int hwirq) |
756 |
+ static void u3msi_teardown_msi_irqs(struct pci_dev *pdev) |
757 |
+ { |
758 |
+ struct msi_desc *entry; |
759 |
++ irq_hw_number_t hwirq; |
760 |
+ |
761 |
+ list_for_each_entry(entry, &pdev->msi_list, list) { |
762 |
+ if (entry->irq == NO_IRQ) |
763 |
+ continue; |
764 |
+ |
765 |
++ hwirq = virq_to_hw(entry->irq); |
766 |
+ irq_set_msi_desc(entry->irq, NULL); |
767 |
+- msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, |
768 |
+- virq_to_hw(entry->irq), 1); |
769 |
+ irq_dispose_mapping(entry->irq); |
770 |
++ msi_bitmap_free_hwirqs(&msi_mpic->msi_bitmap, hwirq, 1); |
771 |
+ } |
772 |
+ |
773 |
+ return; |
774 |
+diff --git a/arch/powerpc/sysdev/ppc4xx_msi.c b/arch/powerpc/sysdev/ppc4xx_msi.c |
775 |
+index 6e2e6aa378bb..02a137daa182 100644 |
776 |
+--- a/arch/powerpc/sysdev/ppc4xx_msi.c |
777 |
++++ b/arch/powerpc/sysdev/ppc4xx_msi.c |
778 |
+@@ -124,16 +124,17 @@ void ppc4xx_teardown_msi_irqs(struct pci_dev *dev) |
779 |
+ { |
780 |
+ struct msi_desc *entry; |
781 |
+ struct ppc4xx_msi *msi_data = &ppc4xx_msi; |
782 |
++ irq_hw_number_t hwirq; |
783 |
+ |
784 |
+ dev_dbg(&dev->dev, "PCIE-MSI: tearing down msi irqs\n"); |
785 |
+ |
786 |
+ list_for_each_entry(entry, &dev->msi_list, list) { |
787 |
+ if (entry->irq == NO_IRQ) |
788 |
+ continue; |
789 |
++ hwirq = virq_to_hw(entry->irq); |
790 |
+ irq_set_msi_desc(entry->irq, NULL); |
791 |
+- msi_bitmap_free_hwirqs(&msi_data->bitmap, |
792 |
+- virq_to_hw(entry->irq), 1); |
793 |
+ irq_dispose_mapping(entry->irq); |
794 |
++ msi_bitmap_free_hwirqs(&msi_data->bitmap, hwirq, 1); |
795 |
+ } |
796 |
+ } |
797 |
+ |
798 |
+diff --git a/arch/s390/boot/compressed/Makefile b/arch/s390/boot/compressed/Makefile |
799 |
+index d4788111c161..fac6ac9790fa 100644 |
800 |
+--- a/arch/s390/boot/compressed/Makefile |
801 |
++++ b/arch/s390/boot/compressed/Makefile |
802 |
+@@ -10,7 +10,7 @@ targets += misc.o piggy.o sizes.h head.o |
803 |
+ |
804 |
+ KBUILD_CFLAGS := -m64 -D__KERNEL__ $(LINUX_INCLUDE) -O2 |
805 |
+ KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING |
806 |
+-KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks |
807 |
++KBUILD_CFLAGS += $(cflags-y) -fno-delete-null-pointer-checks -msoft-float |
808 |
+ KBUILD_CFLAGS += $(call cc-option,-mpacked-stack) |
809 |
+ KBUILD_CFLAGS += $(call cc-option,-ffreestanding) |
810 |
+ |
811 |
+diff --git a/arch/s390/kernel/compat_signal.c b/arch/s390/kernel/compat_signal.c |
812 |
+index fe8d6924efaa..c78ba51ae285 100644 |
813 |
+--- a/arch/s390/kernel/compat_signal.c |
814 |
++++ b/arch/s390/kernel/compat_signal.c |
815 |
+@@ -48,6 +48,19 @@ typedef struct |
816 |
+ struct ucontext32 uc; |
817 |
+ } rt_sigframe32; |
818 |
+ |
819 |
++static inline void sigset_to_sigset32(unsigned long *set64, |
820 |
++ compat_sigset_word *set32) |
821 |
++{ |
822 |
++ set32[0] = (compat_sigset_word) set64[0]; |
823 |
++ set32[1] = (compat_sigset_word)(set64[0] >> 32); |
824 |
++} |
825 |
++ |
826 |
++static inline void sigset32_to_sigset(compat_sigset_word *set32, |
827 |
++ unsigned long *set64) |
828 |
++{ |
829 |
++ set64[0] = (unsigned long) set32[0] | ((unsigned long) set32[1] << 32); |
830 |
++} |
831 |
++ |
832 |
+ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from) |
833 |
+ { |
834 |
+ int err; |
835 |
+@@ -303,10 +316,12 @@ COMPAT_SYSCALL_DEFINE0(sigreturn) |
836 |
+ { |
837 |
+ struct pt_regs *regs = task_pt_regs(current); |
838 |
+ sigframe32 __user *frame = (sigframe32 __user *)regs->gprs[15]; |
839 |
++ compat_sigset_t cset; |
840 |
+ sigset_t set; |
841 |
+ |
842 |
+- if (__copy_from_user(&set.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32)) |
843 |
++ if (__copy_from_user(&cset.sig, &frame->sc.oldmask, _SIGMASK_COPY_SIZE32)) |
844 |
+ goto badframe; |
845 |
++ sigset32_to_sigset(cset.sig, set.sig); |
846 |
+ set_current_blocked(&set); |
847 |
+ if (restore_sigregs32(regs, &frame->sregs)) |
848 |
+ goto badframe; |
849 |
+@@ -323,10 +338,12 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn) |
850 |
+ { |
851 |
+ struct pt_regs *regs = task_pt_regs(current); |
852 |
+ rt_sigframe32 __user *frame = (rt_sigframe32 __user *)regs->gprs[15]; |
853 |
++ compat_sigset_t cset; |
854 |
+ sigset_t set; |
855 |
+ |
856 |
+- if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set))) |
857 |
++ if (__copy_from_user(&cset, &frame->uc.uc_sigmask, sizeof(cset))) |
858 |
+ goto badframe; |
859 |
++ sigset32_to_sigset(cset.sig, set.sig); |
860 |
+ set_current_blocked(&set); |
861 |
+ if (compat_restore_altstack(&frame->uc.uc_stack)) |
862 |
+ goto badframe; |
863 |
+@@ -397,7 +414,7 @@ static int setup_frame32(struct ksignal *ksig, sigset_t *set, |
864 |
+ return -EFAULT; |
865 |
+ |
866 |
+ /* Create struct sigcontext32 on the signal stack */ |
867 |
+- memcpy(&sc.oldmask, &set->sig, _SIGMASK_COPY_SIZE32); |
868 |
++ sigset_to_sigset32(set->sig, sc.oldmask); |
869 |
+ sc.sregs = (__u32)(unsigned long __force) &frame->sregs; |
870 |
+ if (__copy_to_user(&frame->sc, &sc, sizeof(frame->sc))) |
871 |
+ return -EFAULT; |
872 |
+@@ -458,6 +475,7 @@ static int setup_frame32(struct ksignal *ksig, sigset_t *set, |
873 |
+ static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set, |
874 |
+ struct pt_regs *regs) |
875 |
+ { |
876 |
++ compat_sigset_t cset; |
877 |
+ rt_sigframe32 __user *frame; |
878 |
+ unsigned long restorer; |
879 |
+ size_t frame_size; |
880 |
+@@ -505,11 +523,12 @@ static int setup_rt_frame32(struct ksignal *ksig, sigset_t *set, |
881 |
+ store_sigregs(); |
882 |
+ |
883 |
+ /* Create ucontext on the signal stack. */ |
884 |
++ sigset_to_sigset32(set->sig, cset.sig); |
885 |
+ if (__put_user(uc_flags, &frame->uc.uc_flags) || |
886 |
+ __put_user(0, &frame->uc.uc_link) || |
887 |
+ __compat_save_altstack(&frame->uc.uc_stack, regs->gprs[15]) || |
888 |
+ save_sigregs32(regs, &frame->uc.uc_mcontext) || |
889 |
+- __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)) || |
890 |
++ __copy_to_user(&frame->uc.uc_sigmask, &cset, sizeof(cset)) || |
891 |
+ save_sigregs_ext32(regs, &frame->uc.uc_mcontext_ext)) |
892 |
+ return -EFAULT; |
893 |
+ |
894 |
+diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c |
895 |
+index aef653193160..d1918a8c4393 100644 |
896 |
+--- a/arch/x86/kernel/alternative.c |
897 |
++++ b/arch/x86/kernel/alternative.c |
898 |
+@@ -325,10 +325,15 @@ done: |
899 |
+ |
900 |
+ static void __init_or_module optimize_nops(struct alt_instr *a, u8 *instr) |
901 |
+ { |
902 |
++ unsigned long flags; |
903 |
++ |
904 |
+ if (instr[0] != 0x90) |
905 |
+ return; |
906 |
+ |
907 |
++ local_irq_save(flags); |
908 |
+ add_nops(instr + (a->instrlen - a->padlen), a->padlen); |
909 |
++ sync_core(); |
910 |
++ local_irq_restore(flags); |
911 |
+ |
912 |
+ DUMP_BYTES(instr, a->instrlen, "%p: [%d:%d) optimized NOPs: ", |
913 |
+ instr, a->instrlen - a->padlen, a->padlen); |
914 |
+diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c |
915 |
+index cde732c1b495..307a49828826 100644 |
916 |
+--- a/arch/x86/kernel/apic/apic.c |
917 |
++++ b/arch/x86/kernel/apic/apic.c |
918 |
+@@ -336,6 +336,13 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen) |
919 |
+ apic_write(APIC_LVTT, lvtt_value); |
920 |
+ |
921 |
+ if (lvtt_value & APIC_LVT_TIMER_TSCDEADLINE) { |
922 |
++ /* |
923 |
++ * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode, |
924 |
++ * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized. |
925 |
++ * According to Intel, MFENCE can do the serialization here. |
926 |
++ */ |
927 |
++ asm volatile("mfence" : : : "memory"); |
928 |
++ |
929 |
+ printk_once(KERN_DEBUG "TSC deadline timer enabled\n"); |
930 |
+ return; |
931 |
+ } |
932 |
+diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c |
933 |
+index 2813ea0f142e..22212615a137 100644 |
934 |
+--- a/arch/x86/kernel/cpu/perf_event_intel.c |
935 |
++++ b/arch/x86/kernel/cpu/perf_event_intel.c |
936 |
+@@ -2098,9 +2098,12 @@ static struct event_constraint * |
937 |
+ intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx, |
938 |
+ struct perf_event *event) |
939 |
+ { |
940 |
+- struct event_constraint *c1 = cpuc->event_constraint[idx]; |
941 |
++ struct event_constraint *c1 = NULL; |
942 |
+ struct event_constraint *c2; |
943 |
+ |
944 |
++ if (idx >= 0) /* fake does < 0 */ |
945 |
++ c1 = cpuc->event_constraint[idx]; |
946 |
++ |
947 |
+ /* |
948 |
+ * first time only |
949 |
+ * - static constraint: no change across incremental scheduling calls |
950 |
+diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c |
951 |
+index c76d3e37c6e1..403ace539b73 100644 |
952 |
+--- a/arch/x86/kernel/crash.c |
953 |
++++ b/arch/x86/kernel/crash.c |
954 |
+@@ -184,10 +184,9 @@ void native_machine_crash_shutdown(struct pt_regs *regs) |
955 |
+ } |
956 |
+ |
957 |
+ #ifdef CONFIG_KEXEC_FILE |
958 |
+-static int get_nr_ram_ranges_callback(unsigned long start_pfn, |
959 |
+- unsigned long nr_pfn, void *arg) |
960 |
++static int get_nr_ram_ranges_callback(u64 start, u64 end, void *arg) |
961 |
+ { |
962 |
+- int *nr_ranges = arg; |
963 |
++ unsigned int *nr_ranges = arg; |
964 |
+ |
965 |
+ (*nr_ranges)++; |
966 |
+ return 0; |
967 |
+@@ -213,7 +212,7 @@ static void fill_up_crash_elf_data(struct crash_elf_data *ced, |
968 |
+ |
969 |
+ ced->image = image; |
970 |
+ |
971 |
+- walk_system_ram_range(0, -1, &nr_ranges, |
972 |
++ walk_system_ram_res(0, -1, &nr_ranges, |
973 |
+ get_nr_ram_ranges_callback); |
974 |
+ |
975 |
+ ced->max_nr_ranges = nr_ranges; |
976 |
+diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
977 |
+index 4bd6c197563d..6c9cb6073832 100644 |
978 |
+--- a/arch/x86/kernel/entry_64.S |
979 |
++++ b/arch/x86/kernel/entry_64.S |
980 |
+@@ -1393,7 +1393,18 @@ END(error_exit) |
981 |
+ /* Runs on exception stack */ |
982 |
+ ENTRY(nmi) |
983 |
+ INTR_FRAME |
984 |
++ /* |
985 |
++ * Fix up the exception frame if we're on Xen. |
986 |
++ * PARAVIRT_ADJUST_EXCEPTION_FRAME is guaranteed to push at most |
987 |
++ * one value to the stack on native, so it may clobber the rdx |
988 |
++ * scratch slot, but it won't clobber any of the important |
989 |
++ * slots past it. |
990 |
++ * |
991 |
++ * Xen is a different story, because the Xen frame itself overlaps |
992 |
++ * the "NMI executing" variable. |
993 |
++ */ |
994 |
+ PARAVIRT_ADJUST_EXCEPTION_FRAME |
995 |
++ |
996 |
+ /* |
997 |
+ * We allow breakpoints in NMIs. If a breakpoint occurs, then |
998 |
+ * the iretq it performs will take us out of NMI context. |
999 |
+@@ -1445,9 +1456,12 @@ ENTRY(nmi) |
1000 |
+ * we don't want to enable interrupts, because then we'll end |
1001 |
+ * up in an awkward situation in which IRQs are on but NMIs |
1002 |
+ * are off. |
1003 |
++ * |
1004 |
++ * We also must not push anything to the stack before switching |
1005 |
++ * stacks lest we corrupt the "NMI executing" variable. |
1006 |
+ */ |
1007 |
+ |
1008 |
+- SWAPGS |
1009 |
++ SWAPGS_UNSAFE_STACK |
1010 |
+ cld |
1011 |
+ movq %rsp, %rdx |
1012 |
+ movq PER_CPU_VAR(kernel_stack), %rsp |
1013 |
+diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c |
1014 |
+index c614dd492f5f..1f316f066c49 100644 |
1015 |
+--- a/arch/x86/kernel/paravirt.c |
1016 |
++++ b/arch/x86/kernel/paravirt.c |
1017 |
+@@ -41,10 +41,18 @@ |
1018 |
+ #include <asm/timer.h> |
1019 |
+ #include <asm/special_insns.h> |
1020 |
+ |
1021 |
+-/* nop stub */ |
1022 |
+-void _paravirt_nop(void) |
1023 |
+-{ |
1024 |
+-} |
1025 |
++/* |
1026 |
++ * nop stub, which must not clobber anything *including the stack* to |
1027 |
++ * avoid confusing the entry prologues. |
1028 |
++ */ |
1029 |
++extern void _paravirt_nop(void); |
1030 |
++asm (".pushsection .entry.text, \"ax\"\n" |
1031 |
++ ".global _paravirt_nop\n" |
1032 |
++ "_paravirt_nop:\n\t" |
1033 |
++ "ret\n\t" |
1034 |
++ ".size _paravirt_nop, . - _paravirt_nop\n\t" |
1035 |
++ ".type _paravirt_nop, @function\n\t" |
1036 |
++ ".popsection"); |
1037 |
+ |
1038 |
+ /* identity function, which can be inlined */ |
1039 |
+ u32 _paravirt_ident_32(u32 x) |
1040 |
+diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
1041 |
+index 5e0bf57d9944..58e02d938218 100644 |
1042 |
+--- a/arch/x86/kernel/process_64.c |
1043 |
++++ b/arch/x86/kernel/process_64.c |
1044 |
+@@ -499,27 +499,59 @@ void set_personality_ia32(bool x32) |
1045 |
+ } |
1046 |
+ EXPORT_SYMBOL_GPL(set_personality_ia32); |
1047 |
+ |
1048 |
++/* |
1049 |
++ * Called from fs/proc with a reference on @p to find the function |
1050 |
++ * which called into schedule(). This needs to be done carefully |
1051 |
++ * because the task might wake up and we might look at a stack |
1052 |
++ * changing under us. |
1053 |
++ */ |
1054 |
+ unsigned long get_wchan(struct task_struct *p) |
1055 |
+ { |
1056 |
+- unsigned long stack; |
1057 |
+- u64 fp, ip; |
1058 |
++ unsigned long start, bottom, top, sp, fp, ip; |
1059 |
+ int count = 0; |
1060 |
+ |
1061 |
+ if (!p || p == current || p->state == TASK_RUNNING) |
1062 |
+ return 0; |
1063 |
+- stack = (unsigned long)task_stack_page(p); |
1064 |
+- if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE) |
1065 |
++ |
1066 |
++ start = (unsigned long)task_stack_page(p); |
1067 |
++ if (!start) |
1068 |
++ return 0; |
1069 |
++ |
1070 |
++ /* |
1071 |
++ * Layout of the stack page: |
1072 |
++ * |
1073 |
++ * ----------- topmax = start + THREAD_SIZE - sizeof(unsigned long) |
1074 |
++ * PADDING |
1075 |
++ * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING |
1076 |
++ * stack |
1077 |
++ * ----------- bottom = start + sizeof(thread_info) |
1078 |
++ * thread_info |
1079 |
++ * ----------- start |
1080 |
++ * |
1081 |
++ * The tasks stack pointer points at the location where the |
1082 |
++ * framepointer is stored. The data on the stack is: |
1083 |
++ * ... IP FP ... IP FP |
1084 |
++ * |
1085 |
++ * We need to read FP and IP, so we need to adjust the upper |
1086 |
++ * bound by another unsigned long. |
1087 |
++ */ |
1088 |
++ top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; |
1089 |
++ top -= 2 * sizeof(unsigned long); |
1090 |
++ bottom = start + sizeof(struct thread_info); |
1091 |
++ |
1092 |
++ sp = READ_ONCE(p->thread.sp); |
1093 |
++ if (sp < bottom || sp > top) |
1094 |
+ return 0; |
1095 |
+- fp = *(u64 *)(p->thread.sp); |
1096 |
++ |
1097 |
++ fp = READ_ONCE(*(unsigned long *)sp); |
1098 |
+ do { |
1099 |
+- if (fp < (unsigned long)stack || |
1100 |
+- fp >= (unsigned long)stack+THREAD_SIZE) |
1101 |
++ if (fp < bottom || fp > top) |
1102 |
+ return 0; |
1103 |
+- ip = *(u64 *)(fp+8); |
1104 |
++ ip = READ_ONCE(*(unsigned long *)(fp + sizeof(unsigned long))); |
1105 |
+ if (!in_sched_functions(ip)) |
1106 |
+ return ip; |
1107 |
+- fp = *(u64 *)fp; |
1108 |
+- } while (count++ < 16); |
1109 |
++ fp = READ_ONCE(*(unsigned long *)fp); |
1110 |
++ } while (count++ < 16 && p->state != TASK_RUNNING); |
1111 |
+ return 0; |
1112 |
+ } |
1113 |
+ |
1114 |
+diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c |
1115 |
+index 505449700e0c..21187ebee7d0 100644 |
1116 |
+--- a/arch/x86/kernel/tsc.c |
1117 |
++++ b/arch/x86/kernel/tsc.c |
1118 |
+@@ -21,6 +21,7 @@ |
1119 |
+ #include <asm/hypervisor.h> |
1120 |
+ #include <asm/nmi.h> |
1121 |
+ #include <asm/x86_init.h> |
1122 |
++#include <asm/geode.h> |
1123 |
+ |
1124 |
+ unsigned int __read_mostly cpu_khz; /* TSC clocks / usec, not used here */ |
1125 |
+ EXPORT_SYMBOL(cpu_khz); |
1126 |
+@@ -1004,15 +1005,17 @@ EXPORT_SYMBOL_GPL(mark_tsc_unstable); |
1127 |
+ |
1128 |
+ static void __init check_system_tsc_reliable(void) |
1129 |
+ { |
1130 |
+-#ifdef CONFIG_MGEODE_LX |
1131 |
+- /* RTSC counts during suspend */ |
1132 |
++#if defined(CONFIG_MGEODEGX1) || defined(CONFIG_MGEODE_LX) || defined(CONFIG_X86_GENERIC) |
1133 |
++ if (is_geode_lx()) { |
1134 |
++ /* RTSC counts during suspend */ |
1135 |
+ #define RTSC_SUSP 0x100 |
1136 |
+- unsigned long res_low, res_high; |
1137 |
++ unsigned long res_low, res_high; |
1138 |
+ |
1139 |
+- rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high); |
1140 |
+- /* Geode_LX - the OLPC CPU has a very reliable TSC */ |
1141 |
+- if (res_low & RTSC_SUSP) |
1142 |
+- tsc_clocksource_reliable = 1; |
1143 |
++ rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high); |
1144 |
++ /* Geode_LX - the OLPC CPU has a very reliable TSC */ |
1145 |
++ if (res_low & RTSC_SUSP) |
1146 |
++ tsc_clocksource_reliable = 1; |
1147 |
++ } |
1148 |
+ #endif |
1149 |
+ if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE)) |
1150 |
+ tsc_clocksource_reliable = 1; |
1151 |
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
1152 |
+index 4911bf19122b..7858cd9acfe4 100644 |
1153 |
+--- a/arch/x86/kvm/svm.c |
1154 |
++++ b/arch/x86/kvm/svm.c |
1155 |
+@@ -512,7 +512,7 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu) |
1156 |
+ struct vcpu_svm *svm = to_svm(vcpu); |
1157 |
+ |
1158 |
+ if (svm->vmcb->control.next_rip != 0) { |
1159 |
+- WARN_ON(!static_cpu_has(X86_FEATURE_NRIPS)); |
1160 |
++ WARN_ON_ONCE(!static_cpu_has(X86_FEATURE_NRIPS)); |
1161 |
+ svm->next_rip = svm->vmcb->control.next_rip; |
1162 |
+ } |
1163 |
+ |
1164 |
+diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
1165 |
+index 2d73807f0d31..bc3041e1abbc 100644 |
1166 |
+--- a/arch/x86/kvm/vmx.c |
1167 |
++++ b/arch/x86/kvm/vmx.c |
1168 |
+@@ -6144,6 +6144,8 @@ static __init int hardware_setup(void) |
1169 |
+ memcpy(vmx_msr_bitmap_longmode_x2apic, |
1170 |
+ vmx_msr_bitmap_longmode, PAGE_SIZE); |
1171 |
+ |
1172 |
++ set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */ |
1173 |
++ |
1174 |
+ if (enable_apicv) { |
1175 |
+ for (msr = 0x800; msr <= 0x8ff; msr++) |
1176 |
+ vmx_disable_intercept_msr_read_x2apic(msr); |
1177 |
+diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c |
1178 |
+index 3fba623e3ba5..f9977a7a9444 100644 |
1179 |
+--- a/arch/x86/mm/init_64.c |
1180 |
++++ b/arch/x86/mm/init_64.c |
1181 |
+@@ -1132,7 +1132,7 @@ void mark_rodata_ro(void) |
1182 |
+ * has been zapped already via cleanup_highmem(). |
1183 |
+ */ |
1184 |
+ all_end = roundup((unsigned long)_brk_end, PMD_SIZE); |
1185 |
+- set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT); |
1186 |
++ set_memory_nx(text_end, (all_end - text_end) >> PAGE_SHIFT); |
1187 |
+ |
1188 |
+ rodata_test(); |
1189 |
+ |
1190 |
+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c |
1191 |
+index 841ea05e1b02..477384985ac9 100644 |
1192 |
+--- a/arch/x86/platform/efi/efi.c |
1193 |
++++ b/arch/x86/platform/efi/efi.c |
1194 |
+@@ -679,6 +679,70 @@ out: |
1195 |
+ } |
1196 |
+ |
1197 |
+ /* |
1198 |
++ * Iterate the EFI memory map in reverse order because the regions |
1199 |
++ * will be mapped top-down. The end result is the same as if we had |
1200 |
++ * mapped things forward, but doesn't require us to change the |
1201 |
++ * existing implementation of efi_map_region(). |
1202 |
++ */ |
1203 |
++static inline void *efi_map_next_entry_reverse(void *entry) |
1204 |
++{ |
1205 |
++ /* Initial call */ |
1206 |
++ if (!entry) |
1207 |
++ return memmap.map_end - memmap.desc_size; |
1208 |
++ |
1209 |
++ entry -= memmap.desc_size; |
1210 |
++ if (entry < memmap.map) |
1211 |
++ return NULL; |
1212 |
++ |
1213 |
++ return entry; |
1214 |
++} |
1215 |
++ |
1216 |
++/* |
1217 |
++ * efi_map_next_entry - Return the next EFI memory map descriptor |
1218 |
++ * @entry: Previous EFI memory map descriptor |
1219 |
++ * |
1220 |
++ * This is a helper function to iterate over the EFI memory map, which |
1221 |
++ * we do in different orders depending on the current configuration. |
1222 |
++ * |
1223 |
++ * To begin traversing the memory map @entry must be %NULL. |
1224 |
++ * |
1225 |
++ * Returns %NULL when we reach the end of the memory map. |
1226 |
++ */ |
1227 |
++static void *efi_map_next_entry(void *entry) |
1228 |
++{ |
1229 |
++ if (!efi_enabled(EFI_OLD_MEMMAP) && efi_enabled(EFI_64BIT)) { |
1230 |
++ /* |
1231 |
++ * Starting in UEFI v2.5 the EFI_PROPERTIES_TABLE |
1232 |
++ * config table feature requires us to map all entries |
1233 |
++ * in the same order as they appear in the EFI memory |
1234 |
++ * map. That is to say, entry N must have a lower |
1235 |
++ * virtual address than entry N+1. This is because the |
1236 |
++ * firmware toolchain leaves relative references in |
1237 |
++ * the code/data sections, which are split and become |
1238 |
++ * separate EFI memory regions. Mapping things |
1239 |
++ * out-of-order leads to the firmware accessing |
1240 |
++ * unmapped addresses. |
1241 |
++ * |
1242 |
++ * Since we need to map things this way whether or not |
1243 |
++ * the kernel actually makes use of |
1244 |
++ * EFI_PROPERTIES_TABLE, let's just switch to this |
1245 |
++ * scheme by default for 64-bit. |
1246 |
++ */ |
1247 |
++ return efi_map_next_entry_reverse(entry); |
1248 |
++ } |
1249 |
++ |
1250 |
++ /* Initial call */ |
1251 |
++ if (!entry) |
1252 |
++ return memmap.map; |
1253 |
++ |
1254 |
++ entry += memmap.desc_size; |
1255 |
++ if (entry >= memmap.map_end) |
1256 |
++ return NULL; |
1257 |
++ |
1258 |
++ return entry; |
1259 |
++} |
1260 |
++ |
1261 |
++/* |
1262 |
+ * Map the efi memory ranges of the runtime services and update new_mmap with |
1263 |
+ * virtual addresses. |
1264 |
+ */ |
1265 |
+@@ -688,7 +752,8 @@ static void * __init efi_map_regions(int *count, int *pg_shift) |
1266 |
+ unsigned long left = 0; |
1267 |
+ efi_memory_desc_t *md; |
1268 |
+ |
1269 |
+- for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) { |
1270 |
++ p = NULL; |
1271 |
++ while ((p = efi_map_next_entry(p))) { |
1272 |
+ md = p; |
1273 |
+ if (!(md->attribute & EFI_MEMORY_RUNTIME)) { |
1274 |
+ #ifdef CONFIG_X86_64 |
1275 |
+diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c |
1276 |
+index a671e837228d..0cc657160cb6 100644 |
1277 |
+--- a/arch/x86/xen/enlighten.c |
1278 |
++++ b/arch/x86/xen/enlighten.c |
1279 |
+@@ -33,6 +33,10 @@ |
1280 |
+ #include <linux/memblock.h> |
1281 |
+ #include <linux/edd.h> |
1282 |
+ |
1283 |
++#ifdef CONFIG_KEXEC_CORE |
1284 |
++#include <linux/kexec.h> |
1285 |
++#endif |
1286 |
++ |
1287 |
+ #include <xen/xen.h> |
1288 |
+ #include <xen/events.h> |
1289 |
+ #include <xen/interface/xen.h> |
1290 |
+@@ -1798,6 +1802,21 @@ static struct notifier_block xen_hvm_cpu_notifier = { |
1291 |
+ .notifier_call = xen_hvm_cpu_notify, |
1292 |
+ }; |
1293 |
+ |
1294 |
++#ifdef CONFIG_KEXEC_CORE |
1295 |
++static void xen_hvm_shutdown(void) |
1296 |
++{ |
1297 |
++ native_machine_shutdown(); |
1298 |
++ if (kexec_in_progress) |
1299 |
++ xen_reboot(SHUTDOWN_soft_reset); |
1300 |
++} |
1301 |
++ |
1302 |
++static void xen_hvm_crash_shutdown(struct pt_regs *regs) |
1303 |
++{ |
1304 |
++ native_machine_crash_shutdown(regs); |
1305 |
++ xen_reboot(SHUTDOWN_soft_reset); |
1306 |
++} |
1307 |
++#endif |
1308 |
++ |
1309 |
+ static void __init xen_hvm_guest_init(void) |
1310 |
+ { |
1311 |
+ if (xen_pv_domain()) |
1312 |
+@@ -1817,6 +1836,10 @@ static void __init xen_hvm_guest_init(void) |
1313 |
+ x86_init.irqs.intr_init = xen_init_IRQ; |
1314 |
+ xen_hvm_init_time_ops(); |
1315 |
+ xen_hvm_init_mmu_ops(); |
1316 |
++#ifdef CONFIG_KEXEC_CORE |
1317 |
++ machine_ops.shutdown = xen_hvm_shutdown; |
1318 |
++ machine_ops.crash_shutdown = xen_hvm_crash_shutdown; |
1319 |
++#endif |
1320 |
+ } |
1321 |
+ #endif |
1322 |
+ |
1323 |
+diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c |
1324 |
+index df0c66cb7ad3..fdba441457ec 100644 |
1325 |
+--- a/drivers/base/cacheinfo.c |
1326 |
++++ b/drivers/base/cacheinfo.c |
1327 |
+@@ -148,7 +148,11 @@ static void cache_shared_cpu_map_remove(unsigned int cpu) |
1328 |
+ |
1329 |
+ if (sibling == cpu) /* skip itself */ |
1330 |
+ continue; |
1331 |
++ |
1332 |
+ sib_cpu_ci = get_cpu_cacheinfo(sibling); |
1333 |
++ if (!sib_cpu_ci->info_list) |
1334 |
++ continue; |
1335 |
++ |
1336 |
+ sib_leaf = sib_cpu_ci->info_list + index; |
1337 |
+ cpumask_clear_cpu(cpu, &sib_leaf->shared_cpu_map); |
1338 |
+ cpumask_clear_cpu(sibling, &this_leaf->shared_cpu_map); |
1339 |
+@@ -159,6 +163,9 @@ static void cache_shared_cpu_map_remove(unsigned int cpu) |
1340 |
+ |
1341 |
+ static void free_cache_attributes(unsigned int cpu) |
1342 |
+ { |
1343 |
++ if (!per_cpu_cacheinfo(cpu)) |
1344 |
++ return; |
1345 |
++ |
1346 |
+ cache_shared_cpu_map_remove(cpu); |
1347 |
+ |
1348 |
+ kfree(per_cpu_cacheinfo(cpu)); |
1349 |
+@@ -514,8 +521,7 @@ static int cacheinfo_cpu_callback(struct notifier_block *nfb, |
1350 |
+ break; |
1351 |
+ case CPU_DEAD: |
1352 |
+ cache_remove_dev(cpu); |
1353 |
+- if (per_cpu_cacheinfo(cpu)) |
1354 |
+- free_cache_attributes(cpu); |
1355 |
++ free_cache_attributes(cpu); |
1356 |
+ break; |
1357 |
+ } |
1358 |
+ return notifier_from_errno(rc); |
1359 |
+diff --git a/drivers/base/property.c b/drivers/base/property.c |
1360 |
+index 1d0b116cae95..0a60ef1500cd 100644 |
1361 |
+--- a/drivers/base/property.c |
1362 |
++++ b/drivers/base/property.c |
1363 |
+@@ -26,9 +26,10 @@ |
1364 |
+ */ |
1365 |
+ void device_add_property_set(struct device *dev, struct property_set *pset) |
1366 |
+ { |
1367 |
+- if (pset) |
1368 |
+- pset->fwnode.type = FWNODE_PDATA; |
1369 |
++ if (!pset) |
1370 |
++ return; |
1371 |
+ |
1372 |
++ pset->fwnode.type = FWNODE_PDATA; |
1373 |
+ set_secondary_fwnode(dev, &pset->fwnode); |
1374 |
+ } |
1375 |
+ EXPORT_SYMBOL_GPL(device_add_property_set); |
1376 |
+diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c |
1377 |
+index 5799a0b9e6cc..c8941f39c919 100644 |
1378 |
+--- a/drivers/base/regmap/regmap-debugfs.c |
1379 |
++++ b/drivers/base/regmap/regmap-debugfs.c |
1380 |
+@@ -32,8 +32,7 @@ static DEFINE_MUTEX(regmap_debugfs_early_lock); |
1381 |
+ /* Calculate the length of a fixed format */ |
1382 |
+ static size_t regmap_calc_reg_len(int max_val, char *buf, size_t buf_size) |
1383 |
+ { |
1384 |
+- snprintf(buf, buf_size, "%x", max_val); |
1385 |
+- return strlen(buf); |
1386 |
++ return snprintf(NULL, 0, "%x", max_val); |
1387 |
+ } |
1388 |
+ |
1389 |
+ static ssize_t regmap_name_read_file(struct file *file, |
1390 |
+@@ -432,7 +431,7 @@ static ssize_t regmap_access_read_file(struct file *file, |
1391 |
+ /* If we're in the region the user is trying to read */ |
1392 |
+ if (p >= *ppos) { |
1393 |
+ /* ...but not beyond it */ |
1394 |
+- if (buf_pos >= count - 1 - tot_len) |
1395 |
++ if (buf_pos + tot_len + 1 >= count) |
1396 |
+ break; |
1397 |
+ |
1398 |
+ /* Format the register */ |
1399 |
+diff --git a/drivers/clk/ti/clk-3xxx.c b/drivers/clk/ti/clk-3xxx.c |
1400 |
+index 757636d166cf..4ab28cfb8d2a 100644 |
1401 |
+--- a/drivers/clk/ti/clk-3xxx.c |
1402 |
++++ b/drivers/clk/ti/clk-3xxx.c |
1403 |
+@@ -163,7 +163,6 @@ static struct ti_dt_clk omap3xxx_clks[] = { |
1404 |
+ DT_CLK(NULL, "gpio2_ick", "gpio2_ick"), |
1405 |
+ DT_CLK(NULL, "wdt3_ick", "wdt3_ick"), |
1406 |
+ DT_CLK(NULL, "uart3_ick", "uart3_ick"), |
1407 |
+- DT_CLK(NULL, "uart4_ick", "uart4_ick"), |
1408 |
+ DT_CLK(NULL, "gpt9_ick", "gpt9_ick"), |
1409 |
+ DT_CLK(NULL, "gpt8_ick", "gpt8_ick"), |
1410 |
+ DT_CLK(NULL, "gpt7_ick", "gpt7_ick"), |
1411 |
+@@ -308,6 +307,7 @@ static struct ti_dt_clk am35xx_clks[] = { |
1412 |
+ static struct ti_dt_clk omap36xx_clks[] = { |
1413 |
+ DT_CLK(NULL, "omap_192m_alwon_fck", "omap_192m_alwon_fck"), |
1414 |
+ DT_CLK(NULL, "uart4_fck", "uart4_fck"), |
1415 |
++ DT_CLK(NULL, "uart4_ick", "uart4_ick"), |
1416 |
+ { .node_name = NULL }, |
1417 |
+ }; |
1418 |
+ |
1419 |
+diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c |
1420 |
+index bab67db54b7e..663045ce6fac 100644 |
1421 |
+--- a/drivers/cpufreq/cpufreq-dt.c |
1422 |
++++ b/drivers/cpufreq/cpufreq-dt.c |
1423 |
+@@ -255,7 +255,8 @@ static int cpufreq_init(struct cpufreq_policy *policy) |
1424 |
+ rcu_read_unlock(); |
1425 |
+ |
1426 |
+ tol_uV = opp_uV * priv->voltage_tolerance / 100; |
1427 |
+- if (regulator_is_supported_voltage(cpu_reg, opp_uV, |
1428 |
++ if (regulator_is_supported_voltage(cpu_reg, |
1429 |
++ opp_uV - tol_uV, |
1430 |
+ opp_uV + tol_uV)) { |
1431 |
+ if (opp_uV < min_uV) |
1432 |
+ min_uV = opp_uV; |
1433 |
+diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c |
1434 |
+index 6f9d27f9001c..e8d16997c5cb 100644 |
1435 |
+--- a/drivers/cpufreq/intel_pstate.c |
1436 |
++++ b/drivers/cpufreq/intel_pstate.c |
1437 |
+@@ -48,9 +48,9 @@ static inline int32_t mul_fp(int32_t x, int32_t y) |
1438 |
+ return ((int64_t)x * (int64_t)y) >> FRAC_BITS; |
1439 |
+ } |
1440 |
+ |
1441 |
+-static inline int32_t div_fp(int32_t x, int32_t y) |
1442 |
++static inline int32_t div_fp(s64 x, s64 y) |
1443 |
+ { |
1444 |
+- return div_s64((int64_t)x << FRAC_BITS, y); |
1445 |
++ return div64_s64((int64_t)x << FRAC_BITS, y); |
1446 |
+ } |
1447 |
+ |
1448 |
+ static inline int ceiling_fp(int32_t x) |
1449 |
+@@ -795,7 +795,7 @@ static inline void intel_pstate_set_sample_time(struct cpudata *cpu) |
1450 |
+ static inline int32_t intel_pstate_get_scaled_busy(struct cpudata *cpu) |
1451 |
+ { |
1452 |
+ int32_t core_busy, max_pstate, current_pstate, sample_ratio; |
1453 |
+- u32 duration_us; |
1454 |
++ s64 duration_us; |
1455 |
+ u32 sample_time; |
1456 |
+ |
1457 |
+ /* |
1458 |
+@@ -822,8 +822,8 @@ static inline int32_t intel_pstate_get_scaled_busy(struct cpudata *cpu) |
1459 |
+ * to adjust our busyness. |
1460 |
+ */ |
1461 |
+ sample_time = pid_params.sample_rate_ms * USEC_PER_MSEC; |
1462 |
+- duration_us = (u32) ktime_us_delta(cpu->sample.time, |
1463 |
+- cpu->last_sample_time); |
1464 |
++ duration_us = ktime_us_delta(cpu->sample.time, |
1465 |
++ cpu->last_sample_time); |
1466 |
+ if (duration_us > sample_time * 3) { |
1467 |
+ sample_ratio = div_fp(int_tofp(sample_time), |
1468 |
+ int_tofp(duration_us)); |
1469 |
+diff --git a/drivers/dma/dw/core.c b/drivers/dma/dw/core.c |
1470 |
+index 1022c2e1a2b0..9e504d3b0d4f 100644 |
1471 |
+--- a/drivers/dma/dw/core.c |
1472 |
++++ b/drivers/dma/dw/core.c |
1473 |
+@@ -1591,7 +1591,6 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata) |
1474 |
+ INIT_LIST_HEAD(&dw->dma.channels); |
1475 |
+ for (i = 0; i < nr_channels; i++) { |
1476 |
+ struct dw_dma_chan *dwc = &dw->chan[i]; |
1477 |
+- int r = nr_channels - i - 1; |
1478 |
+ |
1479 |
+ dwc->chan.device = &dw->dma; |
1480 |
+ dma_cookie_init(&dwc->chan); |
1481 |
+@@ -1603,7 +1602,7 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata) |
1482 |
+ |
1483 |
+ /* 7 is highest priority & 0 is lowest. */ |
1484 |
+ if (pdata->chan_priority == CHAN_PRIORITY_ASCENDING) |
1485 |
+- dwc->priority = r; |
1486 |
++ dwc->priority = nr_channels - i - 1; |
1487 |
+ else |
1488 |
+ dwc->priority = i; |
1489 |
+ |
1490 |
+@@ -1622,6 +1621,7 @@ int dw_dma_probe(struct dw_dma_chip *chip, struct dw_dma_platform_data *pdata) |
1491 |
+ /* Hardware configuration */ |
1492 |
+ if (autocfg) { |
1493 |
+ unsigned int dwc_params; |
1494 |
++ unsigned int r = DW_DMA_MAX_NR_CHANNELS - i - 1; |
1495 |
+ void __iomem *addr = chip->regs + r * sizeof(u32); |
1496 |
+ |
1497 |
+ dwc_params = dma_read_byaddr(addr, DWC_PARAMS); |
1498 |
+diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c |
1499 |
+index e29560e6b40b..950c87f5d279 100644 |
1500 |
+--- a/drivers/firmware/efi/libstub/arm-stub.c |
1501 |
++++ b/drivers/firmware/efi/libstub/arm-stub.c |
1502 |
+@@ -13,6 +13,7 @@ |
1503 |
+ */ |
1504 |
+ |
1505 |
+ #include <linux/efi.h> |
1506 |
++#include <linux/sort.h> |
1507 |
+ #include <asm/efi.h> |
1508 |
+ |
1509 |
+ #include "efistub.h" |
1510 |
+@@ -305,6 +306,44 @@ fail: |
1511 |
+ */ |
1512 |
+ #define EFI_RT_VIRTUAL_BASE 0x40000000 |
1513 |
+ |
1514 |
++static int cmp_mem_desc(const void *l, const void *r) |
1515 |
++{ |
1516 |
++ const efi_memory_desc_t *left = l, *right = r; |
1517 |
++ |
1518 |
++ return (left->phys_addr > right->phys_addr) ? 1 : -1; |
1519 |
++} |
1520 |
++ |
1521 |
++/* |
1522 |
++ * Returns whether region @left ends exactly where region @right starts, |
1523 |
++ * or false if either argument is NULL. |
1524 |
++ */ |
1525 |
++static bool regions_are_adjacent(efi_memory_desc_t *left, |
1526 |
++ efi_memory_desc_t *right) |
1527 |
++{ |
1528 |
++ u64 left_end; |
1529 |
++ |
1530 |
++ if (left == NULL || right == NULL) |
1531 |
++ return false; |
1532 |
++ |
1533 |
++ left_end = left->phys_addr + left->num_pages * EFI_PAGE_SIZE; |
1534 |
++ |
1535 |
++ return left_end == right->phys_addr; |
1536 |
++} |
1537 |
++ |
1538 |
++/* |
1539 |
++ * Returns whether region @left and region @right have compatible memory type |
1540 |
++ * mapping attributes, and are both EFI_MEMORY_RUNTIME regions. |
1541 |
++ */ |
1542 |
++static bool regions_have_compatible_memory_type_attrs(efi_memory_desc_t *left, |
1543 |
++ efi_memory_desc_t *right) |
1544 |
++{ |
1545 |
++ static const u64 mem_type_mask = EFI_MEMORY_WB | EFI_MEMORY_WT | |
1546 |
++ EFI_MEMORY_WC | EFI_MEMORY_UC | |
1547 |
++ EFI_MEMORY_RUNTIME; |
1548 |
++ |
1549 |
++ return ((left->attribute ^ right->attribute) & mem_type_mask) == 0; |
1550 |
++} |
1551 |
++ |
1552 |
+ /* |
1553 |
+ * efi_get_virtmap() - create a virtual mapping for the EFI memory map |
1554 |
+ * |
1555 |
+@@ -317,33 +356,52 @@ void efi_get_virtmap(efi_memory_desc_t *memory_map, unsigned long map_size, |
1556 |
+ int *count) |
1557 |
+ { |
1558 |
+ u64 efi_virt_base = EFI_RT_VIRTUAL_BASE; |
1559 |
+- efi_memory_desc_t *out = runtime_map; |
1560 |
++ efi_memory_desc_t *in, *prev = NULL, *out = runtime_map; |
1561 |
+ int l; |
1562 |
+ |
1563 |
+- for (l = 0; l < map_size; l += desc_size) { |
1564 |
+- efi_memory_desc_t *in = (void *)memory_map + l; |
1565 |
++ /* |
1566 |
++ * To work around potential issues with the Properties Table feature |
1567 |
++ * introduced in UEFI 2.5, which may split PE/COFF executable images |
1568 |
++ * in memory into several RuntimeServicesCode and RuntimeServicesData |
1569 |
++ * regions, we need to preserve the relative offsets between adjacent |
1570 |
++ * EFI_MEMORY_RUNTIME regions with the same memory type attributes. |
1571 |
++ * The easiest way to find adjacent regions is to sort the memory map |
1572 |
++ * before traversing it. |
1573 |
++ */ |
1574 |
++ sort(memory_map, map_size / desc_size, desc_size, cmp_mem_desc, NULL); |
1575 |
++ |
1576 |
++ for (l = 0; l < map_size; l += desc_size, prev = in) { |
1577 |
+ u64 paddr, size; |
1578 |
+ |
1579 |
++ in = (void *)memory_map + l; |
1580 |
+ if (!(in->attribute & EFI_MEMORY_RUNTIME)) |
1581 |
+ continue; |
1582 |
+ |
1583 |
++ paddr = in->phys_addr; |
1584 |
++ size = in->num_pages * EFI_PAGE_SIZE; |
1585 |
++ |
1586 |
+ /* |
1587 |
+ * Make the mapping compatible with 64k pages: this allows |
1588 |
+ * a 4k page size kernel to kexec a 64k page size kernel and |
1589 |
+ * vice versa. |
1590 |
+ */ |
1591 |
+- paddr = round_down(in->phys_addr, SZ_64K); |
1592 |
+- size = round_up(in->num_pages * EFI_PAGE_SIZE + |
1593 |
+- in->phys_addr - paddr, SZ_64K); |
1594 |
+- |
1595 |
+- /* |
1596 |
+- * Avoid wasting memory on PTEs by choosing a virtual base that |
1597 |
+- * is compatible with section mappings if this region has the |
1598 |
+- * appropriate size and physical alignment. (Sections are 2 MB |
1599 |
+- * on 4k granule kernels) |
1600 |
+- */ |
1601 |
+- if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M) |
1602 |
+- efi_virt_base = round_up(efi_virt_base, SZ_2M); |
1603 |
++ if (!regions_are_adjacent(prev, in) || |
1604 |
++ !regions_have_compatible_memory_type_attrs(prev, in)) { |
1605 |
++ |
1606 |
++ paddr = round_down(in->phys_addr, SZ_64K); |
1607 |
++ size += in->phys_addr - paddr; |
1608 |
++ |
1609 |
++ /* |
1610 |
++ * Avoid wasting memory on PTEs by choosing a virtual |
1611 |
++ * base that is compatible with section mappings if this |
1612 |
++ * region has the appropriate size and physical |
1613 |
++ * alignment. (Sections are 2 MB on 4k granule kernels) |
1614 |
++ */ |
1615 |
++ if (IS_ALIGNED(in->phys_addr, SZ_2M) && size >= SZ_2M) |
1616 |
++ efi_virt_base = round_up(efi_virt_base, SZ_2M); |
1617 |
++ else |
1618 |
++ efi_virt_base = round_up(efi_virt_base, SZ_64K); |
1619 |
++ } |
1620 |
+ |
1621 |
+ in->virt_addr = efi_virt_base + in->phys_addr - paddr; |
1622 |
+ efi_virt_base += size; |
1623 |
+diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c |
1624 |
+index b0487c9f018c..7f467fdc9107 100644 |
1625 |
+--- a/drivers/gpu/drm/drm_dp_mst_topology.c |
1626 |
++++ b/drivers/gpu/drm/drm_dp_mst_topology.c |
1627 |
+@@ -804,8 +804,6 @@ static void drm_dp_destroy_mst_branch_device(struct kref *kref) |
1628 |
+ struct drm_dp_mst_port *port, *tmp; |
1629 |
+ bool wake_tx = false; |
1630 |
+ |
1631 |
+- cancel_work_sync(&mstb->mgr->work); |
1632 |
+- |
1633 |
+ /* |
1634 |
+ * destroy all ports - don't need lock |
1635 |
+ * as there are no more references to the mst branch |
1636 |
+@@ -1977,6 +1975,8 @@ void drm_dp_mst_topology_mgr_suspend(struct drm_dp_mst_topology_mgr *mgr) |
1637 |
+ drm_dp_dpcd_writeb(mgr->aux, DP_MSTM_CTRL, |
1638 |
+ DP_MST_EN | DP_UPSTREAM_IS_SRC); |
1639 |
+ mutex_unlock(&mgr->lock); |
1640 |
++ flush_work(&mgr->work); |
1641 |
++ flush_work(&mgr->destroy_connector_work); |
1642 |
+ } |
1643 |
+ EXPORT_SYMBOL(drm_dp_mst_topology_mgr_suspend); |
1644 |
+ |
1645 |
+@@ -2730,6 +2730,7 @@ EXPORT_SYMBOL(drm_dp_mst_topology_mgr_init); |
1646 |
+ */ |
1647 |
+ void drm_dp_mst_topology_mgr_destroy(struct drm_dp_mst_topology_mgr *mgr) |
1648 |
+ { |
1649 |
++ flush_work(&mgr->work); |
1650 |
+ flush_work(&mgr->destroy_connector_work); |
1651 |
+ mutex_lock(&mgr->payload_lock); |
1652 |
+ kfree(mgr->payloads); |
1653 |
+diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c |
1654 |
+index f861361a635e..4924d381b664 100644 |
1655 |
+--- a/drivers/gpu/drm/drm_lock.c |
1656 |
++++ b/drivers/gpu/drm/drm_lock.c |
1657 |
+@@ -61,6 +61,9 @@ int drm_legacy_lock(struct drm_device *dev, void *data, |
1658 |
+ struct drm_master *master = file_priv->master; |
1659 |
+ int ret = 0; |
1660 |
+ |
1661 |
++ if (drm_core_check_feature(dev, DRIVER_MODESET)) |
1662 |
++ return -EINVAL; |
1663 |
++ |
1664 |
+ ++file_priv->lock_count; |
1665 |
+ |
1666 |
+ if (lock->context == DRM_KERNEL_CONTEXT) { |
1667 |
+@@ -153,6 +156,9 @@ int drm_legacy_unlock(struct drm_device *dev, void *data, struct drm_file *file_ |
1668 |
+ struct drm_lock *lock = data; |
1669 |
+ struct drm_master *master = file_priv->master; |
1670 |
+ |
1671 |
++ if (drm_core_check_feature(dev, DRIVER_MODESET)) |
1672 |
++ return -EINVAL; |
1673 |
++ |
1674 |
+ if (lock->context == DRM_KERNEL_CONTEXT) { |
1675 |
+ DRM_ERROR("Process %d using kernel context %d\n", |
1676 |
+ task_pid_nr(current), lock->context); |
1677 |
+diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c |
1678 |
+index c684085cb56a..fadf9865709e 100644 |
1679 |
+--- a/drivers/gpu/drm/i915/intel_bios.c |
1680 |
++++ b/drivers/gpu/drm/i915/intel_bios.c |
1681 |
+@@ -41,7 +41,7 @@ find_section(struct bdb_header *bdb, int section_id) |
1682 |
+ { |
1683 |
+ u8 *base = (u8 *)bdb; |
1684 |
+ int index = 0; |
1685 |
+- u16 total, current_size; |
1686 |
++ u32 total, current_size; |
1687 |
+ u8 current_id; |
1688 |
+ |
1689 |
+ /* skip to first section */ |
1690 |
+@@ -56,6 +56,10 @@ find_section(struct bdb_header *bdb, int section_id) |
1691 |
+ current_size = *((u16 *)(base + index)); |
1692 |
+ index += 2; |
1693 |
+ |
1694 |
++ /* The MIPI Sequence Block v3+ has a separate size field. */ |
1695 |
++ if (current_id == BDB_MIPI_SEQUENCE && *(base + index) >= 3) |
1696 |
++ current_size = *((const u32 *)(base + index + 1)); |
1697 |
++ |
1698 |
+ if (index + current_size > total) |
1699 |
+ return NULL; |
1700 |
+ |
1701 |
+@@ -845,6 +849,12 @@ parse_mipi(struct drm_i915_private *dev_priv, struct bdb_header *bdb) |
1702 |
+ return; |
1703 |
+ } |
1704 |
+ |
1705 |
++ /* Fail gracefully for forward incompatible sequence block. */ |
1706 |
++ if (sequence->version >= 3) { |
1707 |
++ DRM_ERROR("Unable to parse MIPI Sequence Block v3+\n"); |
1708 |
++ return; |
1709 |
++ } |
1710 |
++ |
1711 |
+ DRM_DEBUG_DRIVER("Found MIPI sequence block\n"); |
1712 |
+ |
1713 |
+ block_size = get_blocksize(sequence); |
1714 |
+diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c |
1715 |
+index 32248791bc4b..52921a871230 100644 |
1716 |
+--- a/drivers/gpu/drm/qxl/qxl_display.c |
1717 |
++++ b/drivers/gpu/drm/qxl/qxl_display.c |
1718 |
+@@ -618,7 +618,7 @@ static int qxl_crtc_mode_set(struct drm_crtc *crtc, |
1719 |
+ adjusted_mode->hdisplay, |
1720 |
+ adjusted_mode->vdisplay); |
1721 |
+ |
1722 |
+- if (qcrtc->index == 0) |
1723 |
++ if (bo->is_primary == false) |
1724 |
+ recreate_primary = true; |
1725 |
+ |
1726 |
+ if (bo->surf.stride * bo->surf.height > qdev->vram_size) { |
1727 |
+@@ -886,13 +886,15 @@ static enum drm_connector_status qxl_conn_detect( |
1728 |
+ drm_connector_to_qxl_output(connector); |
1729 |
+ struct drm_device *ddev = connector->dev; |
1730 |
+ struct qxl_device *qdev = ddev->dev_private; |
1731 |
+- int connected; |
1732 |
++ bool connected = false; |
1733 |
+ |
1734 |
+ /* The first monitor is always connected */ |
1735 |
+- connected = (output->index == 0) || |
1736 |
+- (qdev->client_monitors_config && |
1737 |
+- qdev->client_monitors_config->count > output->index && |
1738 |
+- qxl_head_enabled(&qdev->client_monitors_config->heads[output->index])); |
1739 |
++ if (!qdev->client_monitors_config) { |
1740 |
++ if (output->index == 0) |
1741 |
++ connected = true; |
1742 |
++ } else |
1743 |
++ connected = qdev->client_monitors_config->count > output->index && |
1744 |
++ qxl_head_enabled(&qdev->client_monitors_config->heads[output->index]); |
1745 |
+ |
1746 |
+ DRM_DEBUG("#%d connected: %d\n", output->index, connected); |
1747 |
+ if (!connected) |
1748 |
+diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c |
1749 |
+index dd39f434b4a7..b4ff4c134fbb 100644 |
1750 |
+--- a/drivers/gpu/drm/radeon/atombios_encoders.c |
1751 |
++++ b/drivers/gpu/drm/radeon/atombios_encoders.c |
1752 |
+@@ -1624,8 +1624,9 @@ radeon_atom_encoder_dpms_avivo(struct drm_encoder *encoder, int mode) |
1753 |
+ } else |
1754 |
+ atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args); |
1755 |
+ if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) { |
1756 |
+- args.ucAction = ATOM_LCD_BLON; |
1757 |
+- atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args); |
1758 |
++ struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv; |
1759 |
++ |
1760 |
++ atombios_set_backlight_level(radeon_encoder, dig->backlight_level); |
1761 |
+ } |
1762 |
+ break; |
1763 |
+ case DRM_MODE_DPMS_STANDBY: |
1764 |
+@@ -1706,8 +1707,7 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode) |
1765 |
+ atombios_dig_encoder_setup(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0); |
1766 |
+ } |
1767 |
+ if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) |
1768 |
+- atombios_dig_transmitter_setup(encoder, |
1769 |
+- ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0); |
1770 |
++ atombios_set_backlight_level(radeon_encoder, dig->backlight_level); |
1771 |
+ if (ext_encoder) |
1772 |
+ atombios_external_encoder_setup(encoder, ext_encoder, ATOM_ENABLE); |
1773 |
+ break; |
1774 |
+diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c |
1775 |
+index bd1c99deac71..2aaedbe0b023 100644 |
1776 |
+--- a/drivers/hwmon/nct6775.c |
1777 |
++++ b/drivers/hwmon/nct6775.c |
1778 |
+@@ -354,6 +354,10 @@ static const u16 NCT6775_REG_TEMP_CRIT[ARRAY_SIZE(nct6775_temp_label) - 1] |
1779 |
+ |
1780 |
+ /* NCT6776 specific data */ |
1781 |
+ |
1782 |
++/* STEP_UP_TIME and STEP_DOWN_TIME regs are swapped for all chips but NCT6775 */ |
1783 |
++#define NCT6776_REG_FAN_STEP_UP_TIME NCT6775_REG_FAN_STEP_DOWN_TIME |
1784 |
++#define NCT6776_REG_FAN_STEP_DOWN_TIME NCT6775_REG_FAN_STEP_UP_TIME |
1785 |
++ |
1786 |
+ static const s8 NCT6776_ALARM_BITS[] = { |
1787 |
+ 0, 1, 2, 3, 8, 21, 20, 16, /* in0.. in7 */ |
1788 |
+ 17, -1, -1, -1, -1, -1, -1, /* in8..in14 */ |
1789 |
+@@ -3528,8 +3532,8 @@ static int nct6775_probe(struct platform_device *pdev) |
1790 |
+ data->REG_FAN_PULSES = NCT6776_REG_FAN_PULSES; |
1791 |
+ data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT; |
1792 |
+ data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME; |
1793 |
+- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME; |
1794 |
+- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME; |
1795 |
++ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME; |
1796 |
++ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME; |
1797 |
+ data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H; |
1798 |
+ data->REG_PWM[0] = NCT6775_REG_PWM; |
1799 |
+ data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT; |
1800 |
+@@ -3600,8 +3604,8 @@ static int nct6775_probe(struct platform_device *pdev) |
1801 |
+ data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES; |
1802 |
+ data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT; |
1803 |
+ data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME; |
1804 |
+- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME; |
1805 |
+- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME; |
1806 |
++ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME; |
1807 |
++ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME; |
1808 |
+ data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H; |
1809 |
+ data->REG_PWM[0] = NCT6775_REG_PWM; |
1810 |
+ data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT; |
1811 |
+@@ -3677,8 +3681,8 @@ static int nct6775_probe(struct platform_device *pdev) |
1812 |
+ data->REG_FAN_PULSES = NCT6779_REG_FAN_PULSES; |
1813 |
+ data->FAN_PULSE_SHIFT = NCT6775_FAN_PULSE_SHIFT; |
1814 |
+ data->REG_FAN_TIME[0] = NCT6775_REG_FAN_STOP_TIME; |
1815 |
+- data->REG_FAN_TIME[1] = NCT6775_REG_FAN_STEP_UP_TIME; |
1816 |
+- data->REG_FAN_TIME[2] = NCT6775_REG_FAN_STEP_DOWN_TIME; |
1817 |
++ data->REG_FAN_TIME[1] = NCT6776_REG_FAN_STEP_UP_TIME; |
1818 |
++ data->REG_FAN_TIME[2] = NCT6776_REG_FAN_STEP_DOWN_TIME; |
1819 |
+ data->REG_TOLERANCE_H = NCT6776_REG_TOLERANCE_H; |
1820 |
+ data->REG_PWM[0] = NCT6775_REG_PWM; |
1821 |
+ data->REG_PWM[1] = NCT6775_REG_FAN_START_OUTPUT; |
1822 |
+diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c |
1823 |
+index 575a072d765f..c32a934f7693 100644 |
1824 |
+--- a/drivers/infiniband/ulp/isert/ib_isert.c |
1825 |
++++ b/drivers/infiniband/ulp/isert/ib_isert.c |
1826 |
+@@ -2996,9 +2996,16 @@ isert_get_dataout(struct iscsi_conn *conn, struct iscsi_cmd *cmd, bool recovery) |
1827 |
+ static int |
1828 |
+ isert_immediate_queue(struct iscsi_conn *conn, struct iscsi_cmd *cmd, int state) |
1829 |
+ { |
1830 |
+- int ret; |
1831 |
++ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd); |
1832 |
++ int ret = 0; |
1833 |
+ |
1834 |
+ switch (state) { |
1835 |
++ case ISTATE_REMOVE: |
1836 |
++ spin_lock_bh(&conn->cmd_lock); |
1837 |
++ list_del_init(&cmd->i_conn_node); |
1838 |
++ spin_unlock_bh(&conn->cmd_lock); |
1839 |
++ isert_put_cmd(isert_cmd, true); |
1840 |
++ break; |
1841 |
+ case ISTATE_SEND_NOPIN_WANT_RESPONSE: |
1842 |
+ ret = isert_put_nopin(cmd, conn, false); |
1843 |
+ break; |
1844 |
+@@ -3363,6 +3370,41 @@ isert_wait4flush(struct isert_conn *isert_conn) |
1845 |
+ wait_for_completion(&isert_conn->wait_comp_err); |
1846 |
+ } |
1847 |
+ |
1848 |
++/** |
1849 |
++ * isert_put_unsol_pending_cmds() - Drop commands waiting for |
1850 |
++ * unsolicitate dataout |
1851 |
++ * @conn: iscsi connection |
1852 |
++ * |
1853 |
++ * We might still have commands that are waiting for unsolicited |
1854 |
++ * dataouts messages. We must put the extra reference on those |
1855 |
++ * before blocking on the target_wait_for_session_cmds |
1856 |
++ */ |
1857 |
++static void |
1858 |
++isert_put_unsol_pending_cmds(struct iscsi_conn *conn) |
1859 |
++{ |
1860 |
++ struct iscsi_cmd *cmd, *tmp; |
1861 |
++ static LIST_HEAD(drop_cmd_list); |
1862 |
++ |
1863 |
++ spin_lock_bh(&conn->cmd_lock); |
1864 |
++ list_for_each_entry_safe(cmd, tmp, &conn->conn_cmd_list, i_conn_node) { |
1865 |
++ if ((cmd->cmd_flags & ICF_NON_IMMEDIATE_UNSOLICITED_DATA) && |
1866 |
++ (cmd->write_data_done < conn->sess->sess_ops->FirstBurstLength) && |
1867 |
++ (cmd->write_data_done < cmd->se_cmd.data_length)) |
1868 |
++ list_move_tail(&cmd->i_conn_node, &drop_cmd_list); |
1869 |
++ } |
1870 |
++ spin_unlock_bh(&conn->cmd_lock); |
1871 |
++ |
1872 |
++ list_for_each_entry_safe(cmd, tmp, &drop_cmd_list, i_conn_node) { |
1873 |
++ list_del_init(&cmd->i_conn_node); |
1874 |
++ if (cmd->i_state != ISTATE_REMOVE) { |
1875 |
++ struct isert_cmd *isert_cmd = iscsit_priv_cmd(cmd); |
1876 |
++ |
1877 |
++ isert_info("conn %p dropping cmd %p\n", conn, cmd); |
1878 |
++ isert_put_cmd(isert_cmd, true); |
1879 |
++ } |
1880 |
++ } |
1881 |
++} |
1882 |
++ |
1883 |
+ static void isert_wait_conn(struct iscsi_conn *conn) |
1884 |
+ { |
1885 |
+ struct isert_conn *isert_conn = conn->context; |
1886 |
+@@ -3381,8 +3423,9 @@ static void isert_wait_conn(struct iscsi_conn *conn) |
1887 |
+ isert_conn_terminate(isert_conn); |
1888 |
+ mutex_unlock(&isert_conn->mutex); |
1889 |
+ |
1890 |
+- isert_wait4cmds(conn); |
1891 |
+ isert_wait4flush(isert_conn); |
1892 |
++ isert_put_unsol_pending_cmds(conn); |
1893 |
++ isert_wait4cmds(conn); |
1894 |
+ isert_wait4logout(isert_conn); |
1895 |
+ |
1896 |
+ queue_work(isert_release_wq, &isert_conn->release_work); |
1897 |
+diff --git a/drivers/irqchip/irq-atmel-aic5.c b/drivers/irqchip/irq-atmel-aic5.c |
1898 |
+index a2e8c3f876cb..c2c578f0b268 100644 |
1899 |
+--- a/drivers/irqchip/irq-atmel-aic5.c |
1900 |
++++ b/drivers/irqchip/irq-atmel-aic5.c |
1901 |
+@@ -88,28 +88,36 @@ static void aic5_mask(struct irq_data *d) |
1902 |
+ { |
1903 |
+ struct irq_domain *domain = d->domain; |
1904 |
+ struct irq_domain_chip_generic *dgc = domain->gc; |
1905 |
+- struct irq_chip_generic *gc = dgc->gc[0]; |
1906 |
++ struct irq_chip_generic *bgc = dgc->gc[0]; |
1907 |
++ struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d); |
1908 |
+ |
1909 |
+- /* Disable interrupt on AIC5 */ |
1910 |
+- irq_gc_lock(gc); |
1911 |
++ /* |
1912 |
++ * Disable interrupt on AIC5. We always take the lock of the |
1913 |
++ * first irq chip as all chips share the same registers. |
1914 |
++ */ |
1915 |
++ irq_gc_lock(bgc); |
1916 |
+ irq_reg_writel(gc, d->hwirq, AT91_AIC5_SSR); |
1917 |
+ irq_reg_writel(gc, 1, AT91_AIC5_IDCR); |
1918 |
+ gc->mask_cache &= ~d->mask; |
1919 |
+- irq_gc_unlock(gc); |
1920 |
++ irq_gc_unlock(bgc); |
1921 |
+ } |
1922 |
+ |
1923 |
+ static void aic5_unmask(struct irq_data *d) |
1924 |
+ { |
1925 |
+ struct irq_domain *domain = d->domain; |
1926 |
+ struct irq_domain_chip_generic *dgc = domain->gc; |
1927 |
+- struct irq_chip_generic *gc = dgc->gc[0]; |
1928 |
++ struct irq_chip_generic *bgc = dgc->gc[0]; |
1929 |
++ struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d); |
1930 |
+ |
1931 |
+- /* Enable interrupt on AIC5 */ |
1932 |
+- irq_gc_lock(gc); |
1933 |
++ /* |
1934 |
++ * Enable interrupt on AIC5. We always take the lock of the |
1935 |
++ * first irq chip as all chips share the same registers. |
1936 |
++ */ |
1937 |
++ irq_gc_lock(bgc); |
1938 |
+ irq_reg_writel(gc, d->hwirq, AT91_AIC5_SSR); |
1939 |
+ irq_reg_writel(gc, 1, AT91_AIC5_IECR); |
1940 |
+ gc->mask_cache |= d->mask; |
1941 |
+- irq_gc_unlock(gc); |
1942 |
++ irq_gc_unlock(bgc); |
1943 |
+ } |
1944 |
+ |
1945 |
+ static int aic5_retrigger(struct irq_data *d) |
1946 |
+diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c |
1947 |
+index c00e2db351ba..9a791dd52199 100644 |
1948 |
+--- a/drivers/irqchip/irq-gic-v3-its.c |
1949 |
++++ b/drivers/irqchip/irq-gic-v3-its.c |
1950 |
+@@ -921,8 +921,10 @@ retry_baser: |
1951 |
+ * non-cacheable as well. |
1952 |
+ */ |
1953 |
+ shr = tmp & GITS_BASER_SHAREABILITY_MASK; |
1954 |
+- if (!shr) |
1955 |
++ if (!shr) { |
1956 |
+ cache = GITS_BASER_nC; |
1957 |
++ __flush_dcache_area(base, alloc_size); |
1958 |
++ } |
1959 |
+ goto retry_baser; |
1960 |
+ } |
1961 |
+ |
1962 |
+@@ -1163,6 +1165,8 @@ static struct its_device *its_create_device(struct its_node *its, u32 dev_id, |
1963 |
+ return NULL; |
1964 |
+ } |
1965 |
+ |
1966 |
++ __flush_dcache_area(itt, sz); |
1967 |
++ |
1968 |
+ dev->its = its; |
1969 |
+ dev->itt = itt; |
1970 |
+ dev->nr_ites = nr_ites; |
1971 |
+diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c |
1972 |
+index 7fb2a19ac649..557f8a53a062 100644 |
1973 |
+--- a/drivers/leds/led-class.c |
1974 |
++++ b/drivers/leds/led-class.c |
1975 |
+@@ -223,12 +223,15 @@ static int led_classdev_next_name(const char *init_name, char *name, |
1976 |
+ { |
1977 |
+ unsigned int i = 0; |
1978 |
+ int ret = 0; |
1979 |
++ struct device *dev; |
1980 |
+ |
1981 |
+ strlcpy(name, init_name, len); |
1982 |
+ |
1983 |
+- while (class_find_device(leds_class, NULL, name, match_name) && |
1984 |
+- (ret < len)) |
1985 |
++ while ((ret < len) && |
1986 |
++ (dev = class_find_device(leds_class, NULL, name, match_name))) { |
1987 |
++ put_device(dev); |
1988 |
+ ret = snprintf(name, len, "%s_%u", init_name, ++i); |
1989 |
++ } |
1990 |
+ |
1991 |
+ if (ret >= len) |
1992 |
+ return -ENOMEM; |
1993 |
+diff --git a/drivers/macintosh/windfarm_core.c b/drivers/macintosh/windfarm_core.c |
1994 |
+index 3ee198b65843..cc7ece1712b5 100644 |
1995 |
+--- a/drivers/macintosh/windfarm_core.c |
1996 |
++++ b/drivers/macintosh/windfarm_core.c |
1997 |
+@@ -435,7 +435,7 @@ int wf_unregister_client(struct notifier_block *nb) |
1998 |
+ { |
1999 |
+ mutex_lock(&wf_lock); |
2000 |
+ blocking_notifier_chain_unregister(&wf_client_list, nb); |
2001 |
+- wf_client_count++; |
2002 |
++ wf_client_count--; |
2003 |
+ if (wf_client_count == 0) |
2004 |
+ wf_stop_thread(); |
2005 |
+ mutex_unlock(&wf_lock); |
2006 |
+diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c |
2007 |
+index c90118e90708..a7621a258936 100644 |
2008 |
+--- a/drivers/md/bitmap.c |
2009 |
++++ b/drivers/md/bitmap.c |
2010 |
+@@ -2000,7 +2000,8 @@ int bitmap_resize(struct bitmap *bitmap, sector_t blocks, |
2011 |
+ if (bitmap->mddev->bitmap_info.offset || bitmap->mddev->bitmap_info.file) |
2012 |
+ ret = bitmap_storage_alloc(&store, chunks, |
2013 |
+ !bitmap->mddev->bitmap_info.external, |
2014 |
+- bitmap->cluster_slot); |
2015 |
++ mddev_is_clustered(bitmap->mddev) |
2016 |
++ ? bitmap->cluster_slot : 0); |
2017 |
+ if (ret) |
2018 |
+ goto err; |
2019 |
+ |
2020 |
+diff --git a/drivers/md/dm-cache-policy-cleaner.c b/drivers/md/dm-cache-policy-cleaner.c |
2021 |
+index 004e463c9423..8308f4b434ec 100644 |
2022 |
+--- a/drivers/md/dm-cache-policy-cleaner.c |
2023 |
++++ b/drivers/md/dm-cache-policy-cleaner.c |
2024 |
+@@ -435,7 +435,7 @@ static struct dm_cache_policy *wb_create(dm_cblock_t cache_size, |
2025 |
+ static struct dm_cache_policy_type wb_policy_type = { |
2026 |
+ .name = "cleaner", |
2027 |
+ .version = {1, 0, 0}, |
2028 |
+- .hint_size = 0, |
2029 |
++ .hint_size = 4, |
2030 |
+ .owner = THIS_MODULE, |
2031 |
+ .create = wb_create |
2032 |
+ }; |
2033 |
+diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c |
2034 |
+index 5503e43e5f28..049282e6482f 100644 |
2035 |
+--- a/drivers/md/dm-crypt.c |
2036 |
++++ b/drivers/md/dm-crypt.c |
2037 |
+@@ -955,7 +955,8 @@ static void crypt_free_buffer_pages(struct crypt_config *cc, struct bio *clone); |
2038 |
+ |
2039 |
+ /* |
2040 |
+ * Generate a new unfragmented bio with the given size |
2041 |
+- * This should never violate the device limitations |
2042 |
++ * This should never violate the device limitations (but only because |
2043 |
++ * max_segment_size is being constrained to PAGE_SIZE). |
2044 |
+ * |
2045 |
+ * This function may be called concurrently. If we allocate from the mempool |
2046 |
+ * concurrently, there is a possibility of deadlock. For example, if we have |
2047 |
+@@ -2040,9 +2041,20 @@ static int crypt_iterate_devices(struct dm_target *ti, |
2048 |
+ return fn(ti, cc->dev, cc->start, ti->len, data); |
2049 |
+ } |
2050 |
+ |
2051 |
++static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits) |
2052 |
++{ |
2053 |
++ /* |
2054 |
++ * Unfortunate constraint that is required to avoid the potential |
2055 |
++ * for exceeding underlying device's max_segments limits -- due to |
2056 |
++ * crypt_alloc_buffer() possibly allocating pages for the encryption |
2057 |
++ * bio that are not as physically contiguous as the original bio. |
2058 |
++ */ |
2059 |
++ limits->max_segment_size = PAGE_SIZE; |
2060 |
++} |
2061 |
++ |
2062 |
+ static struct target_type crypt_target = { |
2063 |
+ .name = "crypt", |
2064 |
+- .version = {1, 14, 0}, |
2065 |
++ .version = {1, 14, 1}, |
2066 |
+ .module = THIS_MODULE, |
2067 |
+ .ctr = crypt_ctr, |
2068 |
+ .dtr = crypt_dtr, |
2069 |
+@@ -2054,6 +2066,7 @@ static struct target_type crypt_target = { |
2070 |
+ .message = crypt_message, |
2071 |
+ .merge = crypt_merge, |
2072 |
+ .iterate_devices = crypt_iterate_devices, |
2073 |
++ .io_hints = crypt_io_hints, |
2074 |
+ }; |
2075 |
+ |
2076 |
+ static int __init dm_crypt_init(void) |
2077 |
+diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c |
2078 |
+index 88e4c7f24986..2c1f2e13719e 100644 |
2079 |
+--- a/drivers/md/dm-raid.c |
2080 |
++++ b/drivers/md/dm-raid.c |
2081 |
+@@ -327,8 +327,7 @@ static int validate_region_size(struct raid_set *rs, unsigned long region_size) |
2082 |
+ */ |
2083 |
+ if (min_region_size > (1 << 13)) { |
2084 |
+ /* If not a power of 2, make it the next power of 2 */ |
2085 |
+- if (min_region_size & (min_region_size - 1)) |
2086 |
+- region_size = 1 << fls(region_size); |
2087 |
++ region_size = roundup_pow_of_two(min_region_size); |
2088 |
+ DMINFO("Choosing default region size of %lu sectors", |
2089 |
+ region_size); |
2090 |
+ } else { |
2091 |
+diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
2092 |
+index 697f34fba06b..8b72ceee0f61 100644 |
2093 |
+--- a/drivers/md/dm.c |
2094 |
++++ b/drivers/md/dm.c |
2095 |
+@@ -2925,8 +2925,6 @@ static void __dm_destroy(struct mapped_device *md, bool wait) |
2096 |
+ |
2097 |
+ might_sleep(); |
2098 |
+ |
2099 |
+- map = dm_get_live_table(md, &srcu_idx); |
2100 |
+- |
2101 |
+ spin_lock(&_minor_lock); |
2102 |
+ idr_replace(&_minor_idr, MINOR_ALLOCED, MINOR(disk_devt(dm_disk(md)))); |
2103 |
+ set_bit(DMF_FREEING, &md->flags); |
2104 |
+@@ -2940,14 +2938,14 @@ static void __dm_destroy(struct mapped_device *md, bool wait) |
2105 |
+ * do not race with internal suspend. |
2106 |
+ */ |
2107 |
+ mutex_lock(&md->suspend_lock); |
2108 |
++ map = dm_get_live_table(md, &srcu_idx); |
2109 |
+ if (!dm_suspended_md(md)) { |
2110 |
+ dm_table_presuspend_targets(map); |
2111 |
+ dm_table_postsuspend_targets(map); |
2112 |
+ } |
2113 |
+- mutex_unlock(&md->suspend_lock); |
2114 |
+- |
2115 |
+ /* dm_put_live_table must be before msleep, otherwise deadlock is possible */ |
2116 |
+ dm_put_live_table(md, srcu_idx); |
2117 |
++ mutex_unlock(&md->suspend_lock); |
2118 |
+ |
2119 |
+ /* |
2120 |
+ * Rare, but there may be I/O requests still going to complete, |
2121 |
+diff --git a/drivers/md/persistent-data/dm-btree-internal.h b/drivers/md/persistent-data/dm-btree-internal.h |
2122 |
+index bf2b80d5c470..8731b6ea026b 100644 |
2123 |
+--- a/drivers/md/persistent-data/dm-btree-internal.h |
2124 |
++++ b/drivers/md/persistent-data/dm-btree-internal.h |
2125 |
+@@ -138,4 +138,10 @@ int lower_bound(struct btree_node *n, uint64_t key); |
2126 |
+ |
2127 |
+ extern struct dm_block_validator btree_node_validator; |
2128 |
+ |
2129 |
++/* |
2130 |
++ * Value type for upper levels of multi-level btrees. |
2131 |
++ */ |
2132 |
++extern void init_le64_type(struct dm_transaction_manager *tm, |
2133 |
++ struct dm_btree_value_type *vt); |
2134 |
++ |
2135 |
+ #endif /* DM_BTREE_INTERNAL_H */ |
2136 |
+diff --git a/drivers/md/persistent-data/dm-btree-remove.c b/drivers/md/persistent-data/dm-btree-remove.c |
2137 |
+index a03178e91a79..7c0d75547ccf 100644 |
2138 |
+--- a/drivers/md/persistent-data/dm-btree-remove.c |
2139 |
++++ b/drivers/md/persistent-data/dm-btree-remove.c |
2140 |
+@@ -544,14 +544,6 @@ static int remove_raw(struct shadow_spine *s, struct dm_btree_info *info, |
2141 |
+ return r; |
2142 |
+ } |
2143 |
+ |
2144 |
+-static struct dm_btree_value_type le64_type = { |
2145 |
+- .context = NULL, |
2146 |
+- .size = sizeof(__le64), |
2147 |
+- .inc = NULL, |
2148 |
+- .dec = NULL, |
2149 |
+- .equal = NULL |
2150 |
+-}; |
2151 |
+- |
2152 |
+ int dm_btree_remove(struct dm_btree_info *info, dm_block_t root, |
2153 |
+ uint64_t *keys, dm_block_t *new_root) |
2154 |
+ { |
2155 |
+@@ -559,12 +551,14 @@ int dm_btree_remove(struct dm_btree_info *info, dm_block_t root, |
2156 |
+ int index = 0, r = 0; |
2157 |
+ struct shadow_spine spine; |
2158 |
+ struct btree_node *n; |
2159 |
++ struct dm_btree_value_type le64_vt; |
2160 |
+ |
2161 |
++ init_le64_type(info->tm, &le64_vt); |
2162 |
+ init_shadow_spine(&spine, info); |
2163 |
+ for (level = 0; level < info->levels; level++) { |
2164 |
+ r = remove_raw(&spine, info, |
2165 |
+ (level == last_level ? |
2166 |
+- &info->value_type : &le64_type), |
2167 |
++ &info->value_type : &le64_vt), |
2168 |
+ root, keys[level], (unsigned *)&index); |
2169 |
+ if (r < 0) |
2170 |
+ break; |
2171 |
+diff --git a/drivers/md/persistent-data/dm-btree-spine.c b/drivers/md/persistent-data/dm-btree-spine.c |
2172 |
+index 1b5e13ec7f96..0dee514ba4c5 100644 |
2173 |
+--- a/drivers/md/persistent-data/dm-btree-spine.c |
2174 |
++++ b/drivers/md/persistent-data/dm-btree-spine.c |
2175 |
+@@ -249,3 +249,40 @@ int shadow_root(struct shadow_spine *s) |
2176 |
+ { |
2177 |
+ return s->root; |
2178 |
+ } |
2179 |
++ |
2180 |
++static void le64_inc(void *context, const void *value_le) |
2181 |
++{ |
2182 |
++ struct dm_transaction_manager *tm = context; |
2183 |
++ __le64 v_le; |
2184 |
++ |
2185 |
++ memcpy(&v_le, value_le, sizeof(v_le)); |
2186 |
++ dm_tm_inc(tm, le64_to_cpu(v_le)); |
2187 |
++} |
2188 |
++ |
2189 |
++static void le64_dec(void *context, const void *value_le) |
2190 |
++{ |
2191 |
++ struct dm_transaction_manager *tm = context; |
2192 |
++ __le64 v_le; |
2193 |
++ |
2194 |
++ memcpy(&v_le, value_le, sizeof(v_le)); |
2195 |
++ dm_tm_dec(tm, le64_to_cpu(v_le)); |
2196 |
++} |
2197 |
++ |
2198 |
++static int le64_equal(void *context, const void *value1_le, const void *value2_le) |
2199 |
++{ |
2200 |
++ __le64 v1_le, v2_le; |
2201 |
++ |
2202 |
++ memcpy(&v1_le, value1_le, sizeof(v1_le)); |
2203 |
++ memcpy(&v2_le, value2_le, sizeof(v2_le)); |
2204 |
++ return v1_le == v2_le; |
2205 |
++} |
2206 |
++ |
2207 |
++void init_le64_type(struct dm_transaction_manager *tm, |
2208 |
++ struct dm_btree_value_type *vt) |
2209 |
++{ |
2210 |
++ vt->context = tm; |
2211 |
++ vt->size = sizeof(__le64); |
2212 |
++ vt->inc = le64_inc; |
2213 |
++ vt->dec = le64_dec; |
2214 |
++ vt->equal = le64_equal; |
2215 |
++} |
2216 |
+diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c |
2217 |
+index fdd3793e22f9..c7726cebc495 100644 |
2218 |
+--- a/drivers/md/persistent-data/dm-btree.c |
2219 |
++++ b/drivers/md/persistent-data/dm-btree.c |
2220 |
+@@ -667,12 +667,7 @@ static int insert(struct dm_btree_info *info, dm_block_t root, |
2221 |
+ struct btree_node *n; |
2222 |
+ struct dm_btree_value_type le64_type; |
2223 |
+ |
2224 |
+- le64_type.context = NULL; |
2225 |
+- le64_type.size = sizeof(__le64); |
2226 |
+- le64_type.inc = NULL; |
2227 |
+- le64_type.dec = NULL; |
2228 |
+- le64_type.equal = NULL; |
2229 |
+- |
2230 |
++ init_le64_type(info->tm, &le64_type); |
2231 |
+ init_shadow_spine(&spine, info); |
2232 |
+ |
2233 |
+ for (level = 0; level < (info->levels - 1); level++) { |
2234 |
+diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c |
2235 |
+index efb654eb5399..0875e5e7e09a 100644 |
2236 |
+--- a/drivers/md/raid0.c |
2237 |
++++ b/drivers/md/raid0.c |
2238 |
+@@ -83,7 +83,7 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) |
2239 |
+ char b[BDEVNAME_SIZE]; |
2240 |
+ char b2[BDEVNAME_SIZE]; |
2241 |
+ struct r0conf *conf = kzalloc(sizeof(*conf), GFP_KERNEL); |
2242 |
+- bool discard_supported = false; |
2243 |
++ unsigned short blksize = 512; |
2244 |
+ |
2245 |
+ if (!conf) |
2246 |
+ return -ENOMEM; |
2247 |
+@@ -98,6 +98,9 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) |
2248 |
+ sector_div(sectors, mddev->chunk_sectors); |
2249 |
+ rdev1->sectors = sectors * mddev->chunk_sectors; |
2250 |
+ |
2251 |
++ blksize = max(blksize, queue_logical_block_size( |
2252 |
++ rdev1->bdev->bd_disk->queue)); |
2253 |
++ |
2254 |
+ rdev_for_each(rdev2, mddev) { |
2255 |
+ pr_debug("md/raid0:%s: comparing %s(%llu)" |
2256 |
+ " with %s(%llu)\n", |
2257 |
+@@ -134,6 +137,18 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) |
2258 |
+ } |
2259 |
+ pr_debug("md/raid0:%s: FINAL %d zones\n", |
2260 |
+ mdname(mddev), conf->nr_strip_zones); |
2261 |
++ /* |
2262 |
++ * now since we have the hard sector sizes, we can make sure |
2263 |
++ * chunk size is a multiple of that sector size |
2264 |
++ */ |
2265 |
++ if ((mddev->chunk_sectors << 9) % blksize) { |
2266 |
++ printk(KERN_ERR "md/raid0:%s: chunk_size of %d not multiple of block size %d\n", |
2267 |
++ mdname(mddev), |
2268 |
++ mddev->chunk_sectors << 9, blksize); |
2269 |
++ err = -EINVAL; |
2270 |
++ goto abort; |
2271 |
++ } |
2272 |
++ |
2273 |
+ err = -ENOMEM; |
2274 |
+ conf->strip_zone = kzalloc(sizeof(struct strip_zone)* |
2275 |
+ conf->nr_strip_zones, GFP_KERNEL); |
2276 |
+@@ -188,19 +203,12 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) |
2277 |
+ } |
2278 |
+ dev[j] = rdev1; |
2279 |
+ |
2280 |
+- if (mddev->queue) |
2281 |
+- disk_stack_limits(mddev->gendisk, rdev1->bdev, |
2282 |
+- rdev1->data_offset << 9); |
2283 |
+- |
2284 |
+ if (rdev1->bdev->bd_disk->queue->merge_bvec_fn) |
2285 |
+ conf->has_merge_bvec = 1; |
2286 |
+ |
2287 |
+ if (!smallest || (rdev1->sectors < smallest->sectors)) |
2288 |
+ smallest = rdev1; |
2289 |
+ cnt++; |
2290 |
+- |
2291 |
+- if (blk_queue_discard(bdev_get_queue(rdev1->bdev))) |
2292 |
+- discard_supported = true; |
2293 |
+ } |
2294 |
+ if (cnt != mddev->raid_disks) { |
2295 |
+ printk(KERN_ERR "md/raid0:%s: too few disks (%d of %d) - " |
2296 |
+@@ -261,28 +269,6 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) |
2297 |
+ (unsigned long long)smallest->sectors); |
2298 |
+ } |
2299 |
+ |
2300 |
+- /* |
2301 |
+- * now since we have the hard sector sizes, we can make sure |
2302 |
+- * chunk size is a multiple of that sector size |
2303 |
+- */ |
2304 |
+- if ((mddev->chunk_sectors << 9) % queue_logical_block_size(mddev->queue)) { |
2305 |
+- printk(KERN_ERR "md/raid0:%s: chunk_size of %d not valid\n", |
2306 |
+- mdname(mddev), |
2307 |
+- mddev->chunk_sectors << 9); |
2308 |
+- goto abort; |
2309 |
+- } |
2310 |
+- |
2311 |
+- if (mddev->queue) { |
2312 |
+- blk_queue_io_min(mddev->queue, mddev->chunk_sectors << 9); |
2313 |
+- blk_queue_io_opt(mddev->queue, |
2314 |
+- (mddev->chunk_sectors << 9) * mddev->raid_disks); |
2315 |
+- |
2316 |
+- if (!discard_supported) |
2317 |
+- queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue); |
2318 |
+- else |
2319 |
+- queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue); |
2320 |
+- } |
2321 |
+- |
2322 |
+ pr_debug("md/raid0:%s: done.\n", mdname(mddev)); |
2323 |
+ *private_conf = conf; |
2324 |
+ |
2325 |
+@@ -433,12 +419,6 @@ static int raid0_run(struct mddev *mddev) |
2326 |
+ if (md_check_no_bitmap(mddev)) |
2327 |
+ return -EINVAL; |
2328 |
+ |
2329 |
+- if (mddev->queue) { |
2330 |
+- blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors); |
2331 |
+- blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors); |
2332 |
+- blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors); |
2333 |
+- } |
2334 |
+- |
2335 |
+ /* if private is not null, we are here after takeover */ |
2336 |
+ if (mddev->private == NULL) { |
2337 |
+ ret = create_strip_zones(mddev, &conf); |
2338 |
+@@ -447,6 +427,29 @@ static int raid0_run(struct mddev *mddev) |
2339 |
+ mddev->private = conf; |
2340 |
+ } |
2341 |
+ conf = mddev->private; |
2342 |
++ if (mddev->queue) { |
2343 |
++ struct md_rdev *rdev; |
2344 |
++ bool discard_supported = false; |
2345 |
++ |
2346 |
++ blk_queue_max_hw_sectors(mddev->queue, mddev->chunk_sectors); |
2347 |
++ blk_queue_max_write_same_sectors(mddev->queue, mddev->chunk_sectors); |
2348 |
++ blk_queue_max_discard_sectors(mddev->queue, mddev->chunk_sectors); |
2349 |
++ |
2350 |
++ blk_queue_io_min(mddev->queue, mddev->chunk_sectors << 9); |
2351 |
++ blk_queue_io_opt(mddev->queue, |
2352 |
++ (mddev->chunk_sectors << 9) * mddev->raid_disks); |
2353 |
++ |
2354 |
++ rdev_for_each(rdev, mddev) { |
2355 |
++ disk_stack_limits(mddev->gendisk, rdev->bdev, |
2356 |
++ rdev->data_offset << 9); |
2357 |
++ if (blk_queue_discard(bdev_get_queue(rdev->bdev))) |
2358 |
++ discard_supported = true; |
2359 |
++ } |
2360 |
++ if (!discard_supported) |
2361 |
++ queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, mddev->queue); |
2362 |
++ else |
2363 |
++ queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue); |
2364 |
++ } |
2365 |
+ |
2366 |
+ /* calculate array device size */ |
2367 |
+ md_set_array_sectors(mddev, raid0_size(mddev, 0, 0)); |
2368 |
+diff --git a/drivers/mmc/core/host.c b/drivers/mmc/core/host.c |
2369 |
+index 8be0df758e68..a0b1b460377d 100644 |
2370 |
+--- a/drivers/mmc/core/host.c |
2371 |
++++ b/drivers/mmc/core/host.c |
2372 |
+@@ -373,7 +373,7 @@ int mmc_of_parse(struct mmc_host *host) |
2373 |
+ 0, &cd_gpio_invert); |
2374 |
+ if (!ret) |
2375 |
+ dev_info(host->parent, "Got CD GPIO\n"); |
2376 |
+- else if (ret != -ENOENT) |
2377 |
++ else if (ret != -ENOENT && ret != -ENOSYS) |
2378 |
+ return ret; |
2379 |
+ |
2380 |
+ /* |
2381 |
+@@ -397,7 +397,7 @@ int mmc_of_parse(struct mmc_host *host) |
2382 |
+ ret = mmc_gpiod_request_ro(host, "wp", 0, false, 0, &ro_gpio_invert); |
2383 |
+ if (!ret) |
2384 |
+ dev_info(host->parent, "Got WP GPIO\n"); |
2385 |
+- else if (ret != -ENOENT) |
2386 |
++ else if (ret != -ENOENT && ret != -ENOSYS) |
2387 |
+ return ret; |
2388 |
+ |
2389 |
+ /* See the comment on CD inversion above */ |
2390 |
+diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c |
2391 |
+index 5f5adafb253a..b354c8bffb9e 100644 |
2392 |
+--- a/drivers/mmc/host/dw_mmc.c |
2393 |
++++ b/drivers/mmc/host/dw_mmc.c |
2394 |
+@@ -99,6 +99,9 @@ struct idmac_desc { |
2395 |
+ |
2396 |
+ __le32 des3; /* buffer 2 physical address */ |
2397 |
+ }; |
2398 |
++ |
2399 |
++/* Each descriptor can transfer up to 4KB of data in chained mode */ |
2400 |
++#define DW_MCI_DESC_DATA_LENGTH 0x1000 |
2401 |
+ #endif /* CONFIG_MMC_DW_IDMAC */ |
2402 |
+ |
2403 |
+ static bool dw_mci_reset(struct dw_mci *host); |
2404 |
+@@ -462,66 +465,96 @@ static void dw_mci_idmac_complete_dma(struct dw_mci *host) |
2405 |
+ static void dw_mci_translate_sglist(struct dw_mci *host, struct mmc_data *data, |
2406 |
+ unsigned int sg_len) |
2407 |
+ { |
2408 |
++ unsigned int desc_len; |
2409 |
+ int i; |
2410 |
+ if (host->dma_64bit_address == 1) { |
2411 |
+- struct idmac_desc_64addr *desc = host->sg_cpu; |
2412 |
++ struct idmac_desc_64addr *desc_first, *desc_last, *desc; |
2413 |
++ |
2414 |
++ desc_first = desc_last = desc = host->sg_cpu; |
2415 |
+ |
2416 |
+- for (i = 0; i < sg_len; i++, desc++) { |
2417 |
++ for (i = 0; i < sg_len; i++) { |
2418 |
+ unsigned int length = sg_dma_len(&data->sg[i]); |
2419 |
+ u64 mem_addr = sg_dma_address(&data->sg[i]); |
2420 |
+ |
2421 |
+- /* |
2422 |
+- * Set the OWN bit and disable interrupts for this |
2423 |
+- * descriptor |
2424 |
+- */ |
2425 |
+- desc->des0 = IDMAC_DES0_OWN | IDMAC_DES0_DIC | |
2426 |
+- IDMAC_DES0_CH; |
2427 |
+- /* Buffer length */ |
2428 |
+- IDMAC_64ADDR_SET_BUFFER1_SIZE(desc, length); |
2429 |
+- |
2430 |
+- /* Physical address to DMA to/from */ |
2431 |
+- desc->des4 = mem_addr & 0xffffffff; |
2432 |
+- desc->des5 = mem_addr >> 32; |
2433 |
++ for ( ; length ; desc++) { |
2434 |
++ desc_len = (length <= DW_MCI_DESC_DATA_LENGTH) ? |
2435 |
++ length : DW_MCI_DESC_DATA_LENGTH; |
2436 |
++ |
2437 |
++ length -= desc_len; |
2438 |
++ |
2439 |
++ /* |
2440 |
++ * Set the OWN bit and disable interrupts |
2441 |
++ * for this descriptor |
2442 |
++ */ |
2443 |
++ desc->des0 = IDMAC_DES0_OWN | IDMAC_DES0_DIC | |
2444 |
++ IDMAC_DES0_CH; |
2445 |
++ |
2446 |
++ /* Buffer length */ |
2447 |
++ IDMAC_64ADDR_SET_BUFFER1_SIZE(desc, desc_len); |
2448 |
++ |
2449 |
++ /* Physical address to DMA to/from */ |
2450 |
++ desc->des4 = mem_addr & 0xffffffff; |
2451 |
++ desc->des5 = mem_addr >> 32; |
2452 |
++ |
2453 |
++ /* Update physical address for the next desc */ |
2454 |
++ mem_addr += desc_len; |
2455 |
++ |
2456 |
++ /* Save pointer to the last descriptor */ |
2457 |
++ desc_last = desc; |
2458 |
++ } |
2459 |
+ } |
2460 |
+ |
2461 |
+ /* Set first descriptor */ |
2462 |
+- desc = host->sg_cpu; |
2463 |
+- desc->des0 |= IDMAC_DES0_FD; |
2464 |
++ desc_first->des0 |= IDMAC_DES0_FD; |
2465 |
+ |
2466 |
+ /* Set last descriptor */ |
2467 |
+- desc = host->sg_cpu + (i - 1) * |
2468 |
+- sizeof(struct idmac_desc_64addr); |
2469 |
+- desc->des0 &= ~(IDMAC_DES0_CH | IDMAC_DES0_DIC); |
2470 |
+- desc->des0 |= IDMAC_DES0_LD; |
2471 |
++ desc_last->des0 &= ~(IDMAC_DES0_CH | IDMAC_DES0_DIC); |
2472 |
++ desc_last->des0 |= IDMAC_DES0_LD; |
2473 |
+ |
2474 |
+ } else { |
2475 |
+- struct idmac_desc *desc = host->sg_cpu; |
2476 |
++ struct idmac_desc *desc_first, *desc_last, *desc; |
2477 |
++ |
2478 |
++ desc_first = desc_last = desc = host->sg_cpu; |
2479 |
+ |
2480 |
+- for (i = 0; i < sg_len; i++, desc++) { |
2481 |
++ for (i = 0; i < sg_len; i++) { |
2482 |
+ unsigned int length = sg_dma_len(&data->sg[i]); |
2483 |
+ u32 mem_addr = sg_dma_address(&data->sg[i]); |
2484 |
+ |
2485 |
+- /* |
2486 |
+- * Set the OWN bit and disable interrupts for this |
2487 |
+- * descriptor |
2488 |
+- */ |
2489 |
+- desc->des0 = cpu_to_le32(IDMAC_DES0_OWN | |
2490 |
+- IDMAC_DES0_DIC | IDMAC_DES0_CH); |
2491 |
+- /* Buffer length */ |
2492 |
+- IDMAC_SET_BUFFER1_SIZE(desc, length); |
2493 |
++ for ( ; length ; desc++) { |
2494 |
++ desc_len = (length <= DW_MCI_DESC_DATA_LENGTH) ? |
2495 |
++ length : DW_MCI_DESC_DATA_LENGTH; |
2496 |
++ |
2497 |
++ length -= desc_len; |
2498 |
++ |
2499 |
++ /* |
2500 |
++ * Set the OWN bit and disable interrupts |
2501 |
++ * for this descriptor |
2502 |
++ */ |
2503 |
++ desc->des0 = cpu_to_le32(IDMAC_DES0_OWN | |
2504 |
++ IDMAC_DES0_DIC | |
2505 |
++ IDMAC_DES0_CH); |
2506 |
++ |
2507 |
++ /* Buffer length */ |
2508 |
++ IDMAC_SET_BUFFER1_SIZE(desc, desc_len); |
2509 |
+ |
2510 |
+- /* Physical address to DMA to/from */ |
2511 |
+- desc->des2 = cpu_to_le32(mem_addr); |
2512 |
++ /* Physical address to DMA to/from */ |
2513 |
++ desc->des2 = cpu_to_le32(mem_addr); |
2514 |
++ |
2515 |
++ /* Update physical address for the next desc */ |
2516 |
++ mem_addr += desc_len; |
2517 |
++ |
2518 |
++ /* Save pointer to the last descriptor */ |
2519 |
++ desc_last = desc; |
2520 |
++ } |
2521 |
+ } |
2522 |
+ |
2523 |
+ /* Set first descriptor */ |
2524 |
+- desc = host->sg_cpu; |
2525 |
+- desc->des0 |= cpu_to_le32(IDMAC_DES0_FD); |
2526 |
++ desc_first->des0 |= cpu_to_le32(IDMAC_DES0_FD); |
2527 |
+ |
2528 |
+ /* Set last descriptor */ |
2529 |
+- desc = host->sg_cpu + (i - 1) * sizeof(struct idmac_desc); |
2530 |
+- desc->des0 &= cpu_to_le32(~(IDMAC_DES0_CH | IDMAC_DES0_DIC)); |
2531 |
+- desc->des0 |= cpu_to_le32(IDMAC_DES0_LD); |
2532 |
++ desc_last->des0 &= cpu_to_le32(~(IDMAC_DES0_CH | |
2533 |
++ IDMAC_DES0_DIC)); |
2534 |
++ desc_last->des0 |= cpu_to_le32(IDMAC_DES0_LD); |
2535 |
+ } |
2536 |
+ |
2537 |
+ wmb(); |
2538 |
+@@ -2406,7 +2439,7 @@ static int dw_mci_init_slot(struct dw_mci *host, unsigned int id) |
2539 |
+ #ifdef CONFIG_MMC_DW_IDMAC |
2540 |
+ mmc->max_segs = host->ring_size; |
2541 |
+ mmc->max_blk_size = 65536; |
2542 |
+- mmc->max_seg_size = 0x1000; |
2543 |
++ mmc->max_seg_size = DW_MCI_DESC_DATA_LENGTH; |
2544 |
+ mmc->max_req_size = mmc->max_seg_size * host->ring_size; |
2545 |
+ mmc->max_blk_count = mmc->max_req_size / 512; |
2546 |
+ #else |
2547 |
+diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c |
2548 |
+index 82f512d87cb8..461698b038f7 100644 |
2549 |
+--- a/drivers/mmc/host/sdhci-esdhc-imx.c |
2550 |
++++ b/drivers/mmc/host/sdhci-esdhc-imx.c |
2551 |
+@@ -868,6 +868,7 @@ sdhci_esdhc_imx_probe_dt(struct platform_device *pdev, |
2552 |
+ struct esdhc_platform_data *boarddata) |
2553 |
+ { |
2554 |
+ struct device_node *np = pdev->dev.of_node; |
2555 |
++ int ret; |
2556 |
+ |
2557 |
+ if (!np) |
2558 |
+ return -ENODEV; |
2559 |
+@@ -903,6 +904,14 @@ sdhci_esdhc_imx_probe_dt(struct platform_device *pdev, |
2560 |
+ |
2561 |
+ mmc_of_parse_voltage(np, &host->ocr_mask); |
2562 |
+ |
2563 |
++ /* call to generic mmc_of_parse to support additional capabilities */ |
2564 |
++ ret = mmc_of_parse(host->mmc); |
2565 |
++ if (ret) |
2566 |
++ return ret; |
2567 |
++ |
2568 |
++ if (!IS_ERR_VALUE(mmc_gpio_get_cd(host->mmc))) |
2569 |
++ host->quirks &= ~SDHCI_QUIRK_BROKEN_CARD_DETECTION; |
2570 |
++ |
2571 |
+ return 0; |
2572 |
+ } |
2573 |
+ #else |
2574 |
+@@ -924,6 +933,7 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev) |
2575 |
+ struct esdhc_platform_data *boarddata; |
2576 |
+ int err; |
2577 |
+ struct pltfm_imx_data *imx_data; |
2578 |
++ bool dt = true; |
2579 |
+ |
2580 |
+ host = sdhci_pltfm_init(pdev, &sdhci_esdhc_imx_pdata, 0); |
2581 |
+ if (IS_ERR(host)) |
2582 |
+@@ -1011,11 +1021,44 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev) |
2583 |
+ } |
2584 |
+ imx_data->boarddata = *((struct esdhc_platform_data *) |
2585 |
+ host->mmc->parent->platform_data); |
2586 |
++ dt = false; |
2587 |
++ } |
2588 |
++ /* write_protect */ |
2589 |
++ if (boarddata->wp_type == ESDHC_WP_GPIO && !dt) { |
2590 |
++ err = mmc_gpio_request_ro(host->mmc, boarddata->wp_gpio); |
2591 |
++ if (err) { |
2592 |
++ dev_err(mmc_dev(host->mmc), |
2593 |
++ "failed to request write-protect gpio!\n"); |
2594 |
++ goto disable_clk; |
2595 |
++ } |
2596 |
++ host->mmc->caps2 |= MMC_CAP2_RO_ACTIVE_HIGH; |
2597 |
+ } |
2598 |
+ |
2599 |
+ /* card_detect */ |
2600 |
+- if (boarddata->cd_type == ESDHC_CD_CONTROLLER) |
2601 |
++ switch (boarddata->cd_type) { |
2602 |
++ case ESDHC_CD_GPIO: |
2603 |
++ if (dt) |
2604 |
++ break; |
2605 |
++ err = mmc_gpio_request_cd(host->mmc, boarddata->cd_gpio, 0); |
2606 |
++ if (err) { |
2607 |
++ dev_err(mmc_dev(host->mmc), |
2608 |
++ "failed to request card-detect gpio!\n"); |
2609 |
++ goto disable_clk; |
2610 |
++ } |
2611 |
++ /* fall through */ |
2612 |
++ |
2613 |
++ case ESDHC_CD_CONTROLLER: |
2614 |
++ /* we have a working card_detect back */ |
2615 |
+ host->quirks &= ~SDHCI_QUIRK_BROKEN_CARD_DETECTION; |
2616 |
++ break; |
2617 |
++ |
2618 |
++ case ESDHC_CD_PERMANENT: |
2619 |
++ host->mmc->caps |= MMC_CAP_NONREMOVABLE; |
2620 |
++ break; |
2621 |
++ |
2622 |
++ case ESDHC_CD_NONE: |
2623 |
++ break; |
2624 |
++ } |
2625 |
+ |
2626 |
+ switch (boarddata->max_bus_width) { |
2627 |
+ case 8: |
2628 |
+@@ -1048,11 +1091,6 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev) |
2629 |
+ host->quirks2 |= SDHCI_QUIRK2_NO_1_8_V; |
2630 |
+ } |
2631 |
+ |
2632 |
+- /* call to generic mmc_of_parse to support additional capabilities */ |
2633 |
+- err = mmc_of_parse(host->mmc); |
2634 |
+- if (err) |
2635 |
+- goto disable_clk; |
2636 |
+- |
2637 |
+ err = sdhci_add_host(host); |
2638 |
+ if (err) |
2639 |
+ goto disable_clk; |
2640 |
+diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c |
2641 |
+index fd41b91436ec..cbaf3df3ebd9 100644 |
2642 |
+--- a/drivers/mmc/host/sdhci.c |
2643 |
++++ b/drivers/mmc/host/sdhci.c |
2644 |
+@@ -55,8 +55,7 @@ static int sdhci_execute_tuning(struct mmc_host *mmc, u32 opcode); |
2645 |
+ static void sdhci_tuning_timer(unsigned long data); |
2646 |
+ static void sdhci_enable_preset_value(struct sdhci_host *host, bool enable); |
2647 |
+ static int sdhci_pre_dma_transfer(struct sdhci_host *host, |
2648 |
+- struct mmc_data *data, |
2649 |
+- struct sdhci_host_next *next); |
2650 |
++ struct mmc_data *data); |
2651 |
+ static int sdhci_do_get_cd(struct sdhci_host *host); |
2652 |
+ |
2653 |
+ #ifdef CONFIG_PM |
2654 |
+@@ -510,7 +509,7 @@ static int sdhci_adma_table_pre(struct sdhci_host *host, |
2655 |
+ goto fail; |
2656 |
+ BUG_ON(host->align_addr & host->align_mask); |
2657 |
+ |
2658 |
+- host->sg_count = sdhci_pre_dma_transfer(host, data, NULL); |
2659 |
++ host->sg_count = sdhci_pre_dma_transfer(host, data); |
2660 |
+ if (host->sg_count < 0) |
2661 |
+ goto unmap_align; |
2662 |
+ |
2663 |
+@@ -649,9 +648,11 @@ static void sdhci_adma_table_post(struct sdhci_host *host, |
2664 |
+ } |
2665 |
+ } |
2666 |
+ |
2667 |
+- if (!data->host_cookie) |
2668 |
++ if (data->host_cookie == COOKIE_MAPPED) { |
2669 |
+ dma_unmap_sg(mmc_dev(host->mmc), data->sg, |
2670 |
+ data->sg_len, direction); |
2671 |
++ data->host_cookie = COOKIE_UNMAPPED; |
2672 |
++ } |
2673 |
+ } |
2674 |
+ |
2675 |
+ static u8 sdhci_calc_timeout(struct sdhci_host *host, struct mmc_command *cmd) |
2676 |
+@@ -847,7 +848,7 @@ static void sdhci_prepare_data(struct sdhci_host *host, struct mmc_command *cmd) |
2677 |
+ } else { |
2678 |
+ int sg_cnt; |
2679 |
+ |
2680 |
+- sg_cnt = sdhci_pre_dma_transfer(host, data, NULL); |
2681 |
++ sg_cnt = sdhci_pre_dma_transfer(host, data); |
2682 |
+ if (sg_cnt <= 0) { |
2683 |
+ /* |
2684 |
+ * This only happens when someone fed |
2685 |
+@@ -963,11 +964,13 @@ static void sdhci_finish_data(struct sdhci_host *host) |
2686 |
+ if (host->flags & SDHCI_USE_ADMA) |
2687 |
+ sdhci_adma_table_post(host, data); |
2688 |
+ else { |
2689 |
+- if (!data->host_cookie) |
2690 |
++ if (data->host_cookie == COOKIE_MAPPED) { |
2691 |
+ dma_unmap_sg(mmc_dev(host->mmc), |
2692 |
+ data->sg, data->sg_len, |
2693 |
+ (data->flags & MMC_DATA_READ) ? |
2694 |
+ DMA_FROM_DEVICE : DMA_TO_DEVICE); |
2695 |
++ data->host_cookie = COOKIE_UNMAPPED; |
2696 |
++ } |
2697 |
+ } |
2698 |
+ } |
2699 |
+ |
2700 |
+@@ -2131,49 +2134,36 @@ static void sdhci_post_req(struct mmc_host *mmc, struct mmc_request *mrq, |
2701 |
+ struct mmc_data *data = mrq->data; |
2702 |
+ |
2703 |
+ if (host->flags & SDHCI_REQ_USE_DMA) { |
2704 |
+- if (data->host_cookie) |
2705 |
++ if (data->host_cookie == COOKIE_GIVEN || |
2706 |
++ data->host_cookie == COOKIE_MAPPED) |
2707 |
+ dma_unmap_sg(mmc_dev(host->mmc), data->sg, data->sg_len, |
2708 |
+ data->flags & MMC_DATA_WRITE ? |
2709 |
+ DMA_TO_DEVICE : DMA_FROM_DEVICE); |
2710 |
+- mrq->data->host_cookie = 0; |
2711 |
++ data->host_cookie = COOKIE_UNMAPPED; |
2712 |
+ } |
2713 |
+ } |
2714 |
+ |
2715 |
+ static int sdhci_pre_dma_transfer(struct sdhci_host *host, |
2716 |
+- struct mmc_data *data, |
2717 |
+- struct sdhci_host_next *next) |
2718 |
++ struct mmc_data *data) |
2719 |
+ { |
2720 |
+ int sg_count; |
2721 |
+ |
2722 |
+- if (!next && data->host_cookie && |
2723 |
+- data->host_cookie != host->next_data.cookie) { |
2724 |
+- pr_debug(DRIVER_NAME "[%s] invalid cookie: %d, next-cookie %d\n", |
2725 |
+- __func__, data->host_cookie, host->next_data.cookie); |
2726 |
+- data->host_cookie = 0; |
2727 |
++ if (data->host_cookie == COOKIE_MAPPED) { |
2728 |
++ data->host_cookie = COOKIE_GIVEN; |
2729 |
++ return data->sg_count; |
2730 |
+ } |
2731 |
+ |
2732 |
+- /* Check if next job is already prepared */ |
2733 |
+- if (next || |
2734 |
+- (!next && data->host_cookie != host->next_data.cookie)) { |
2735 |
+- sg_count = dma_map_sg(mmc_dev(host->mmc), data->sg, |
2736 |
+- data->sg_len, |
2737 |
+- data->flags & MMC_DATA_WRITE ? |
2738 |
+- DMA_TO_DEVICE : DMA_FROM_DEVICE); |
2739 |
+- |
2740 |
+- } else { |
2741 |
+- sg_count = host->next_data.sg_count; |
2742 |
+- host->next_data.sg_count = 0; |
2743 |
+- } |
2744 |
++ WARN_ON(data->host_cookie == COOKIE_GIVEN); |
2745 |
+ |
2746 |
++ sg_count = dma_map_sg(mmc_dev(host->mmc), data->sg, data->sg_len, |
2747 |
++ data->flags & MMC_DATA_WRITE ? |
2748 |
++ DMA_TO_DEVICE : DMA_FROM_DEVICE); |
2749 |
+ |
2750 |
+ if (sg_count == 0) |
2751 |
+- return -EINVAL; |
2752 |
++ return -ENOSPC; |
2753 |
+ |
2754 |
+- if (next) { |
2755 |
+- next->sg_count = sg_count; |
2756 |
+- data->host_cookie = ++next->cookie < 0 ? 1 : next->cookie; |
2757 |
+- } else |
2758 |
+- host->sg_count = sg_count; |
2759 |
++ data->sg_count = sg_count; |
2760 |
++ data->host_cookie = COOKIE_MAPPED; |
2761 |
+ |
2762 |
+ return sg_count; |
2763 |
+ } |
2764 |
+@@ -2183,16 +2173,10 @@ static void sdhci_pre_req(struct mmc_host *mmc, struct mmc_request *mrq, |
2765 |
+ { |
2766 |
+ struct sdhci_host *host = mmc_priv(mmc); |
2767 |
+ |
2768 |
+- if (mrq->data->host_cookie) { |
2769 |
+- mrq->data->host_cookie = 0; |
2770 |
+- return; |
2771 |
+- } |
2772 |
++ mrq->data->host_cookie = COOKIE_UNMAPPED; |
2773 |
+ |
2774 |
+ if (host->flags & SDHCI_REQ_USE_DMA) |
2775 |
+- if (sdhci_pre_dma_transfer(host, |
2776 |
+- mrq->data, |
2777 |
+- &host->next_data) < 0) |
2778 |
+- mrq->data->host_cookie = 0; |
2779 |
++ sdhci_pre_dma_transfer(host, mrq->data); |
2780 |
+ } |
2781 |
+ |
2782 |
+ static void sdhci_card_event(struct mmc_host *mmc) |
2783 |
+@@ -3090,7 +3074,6 @@ int sdhci_add_host(struct sdhci_host *host) |
2784 |
+ host->max_clk = host->ops->get_max_clock(host); |
2785 |
+ } |
2786 |
+ |
2787 |
+- host->next_data.cookie = 1; |
2788 |
+ /* |
2789 |
+ * In case of Host Controller v3.00, find out whether clock |
2790 |
+ * multiplier is supported. |
2791 |
+diff --git a/drivers/mmc/host/sdhci.h b/drivers/mmc/host/sdhci.h |
2792 |
+index e639b7f435e5..eea23f62356a 100644 |
2793 |
+--- a/drivers/mmc/host/sdhci.h |
2794 |
++++ b/drivers/mmc/host/sdhci.h |
2795 |
+@@ -309,9 +309,10 @@ struct sdhci_adma2_64_desc { |
2796 |
+ */ |
2797 |
+ #define SDHCI_MAX_SEGS 128 |
2798 |
+ |
2799 |
+-struct sdhci_host_next { |
2800 |
+- unsigned int sg_count; |
2801 |
+- s32 cookie; |
2802 |
++enum sdhci_cookie { |
2803 |
++ COOKIE_UNMAPPED, |
2804 |
++ COOKIE_MAPPED, |
2805 |
++ COOKIE_GIVEN, |
2806 |
+ }; |
2807 |
+ |
2808 |
+ struct sdhci_host { |
2809 |
+@@ -506,7 +507,6 @@ struct sdhci_host { |
2810 |
+ #define SDHCI_TUNING_MODE_1 0 |
2811 |
+ struct timer_list tuning_timer; /* Timer for tuning */ |
2812 |
+ |
2813 |
+- struct sdhci_host_next next_data; |
2814 |
+ unsigned long private[0] ____cacheline_aligned; |
2815 |
+ }; |
2816 |
+ |
2817 |
+diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c |
2818 |
+index a4615fcc3d00..94a357d93bab 100644 |
2819 |
+--- a/drivers/mtd/nand/pxa3xx_nand.c |
2820 |
++++ b/drivers/mtd/nand/pxa3xx_nand.c |
2821 |
+@@ -1475,6 +1475,9 @@ static int pxa3xx_nand_scan(struct mtd_info *mtd) |
2822 |
+ if (pdata->keep_config && !pxa3xx_nand_detect_config(info)) |
2823 |
+ goto KEEP_CONFIG; |
2824 |
+ |
2825 |
++ /* Set a default chunk size */ |
2826 |
++ info->chunk_size = 512; |
2827 |
++ |
2828 |
+ ret = pxa3xx_nand_sensing(info); |
2829 |
+ if (ret) { |
2830 |
+ dev_info(&info->pdev->dev, "There is no chip on cs %d!\n", |
2831 |
+diff --git a/drivers/mtd/nand/sunxi_nand.c b/drivers/mtd/nand/sunxi_nand.c |
2832 |
+index 6f93b2990d25..499b8e433d3d 100644 |
2833 |
+--- a/drivers/mtd/nand/sunxi_nand.c |
2834 |
++++ b/drivers/mtd/nand/sunxi_nand.c |
2835 |
+@@ -138,6 +138,10 @@ |
2836 |
+ #define NFC_ECC_MODE GENMASK(15, 12) |
2837 |
+ #define NFC_RANDOM_SEED GENMASK(30, 16) |
2838 |
+ |
2839 |
++/* NFC_USER_DATA helper macros */ |
2840 |
++#define NFC_BUF_TO_USER_DATA(buf) ((buf)[0] | ((buf)[1] << 8) | \ |
2841 |
++ ((buf)[2] << 16) | ((buf)[3] << 24)) |
2842 |
++ |
2843 |
+ #define NFC_DEFAULT_TIMEOUT_MS 1000 |
2844 |
+ |
2845 |
+ #define NFC_SRAM_SIZE 1024 |
2846 |
+@@ -632,15 +636,9 @@ static int sunxi_nfc_hw_ecc_write_page(struct mtd_info *mtd, |
2847 |
+ offset = layout->eccpos[i * ecc->bytes] - 4 + mtd->writesize; |
2848 |
+ |
2849 |
+ /* Fill OOB data in */ |
2850 |
+- if (oob_required) { |
2851 |
+- tmp = 0xffffffff; |
2852 |
+- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, &tmp, |
2853 |
+- 4); |
2854 |
+- } else { |
2855 |
+- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, |
2856 |
+- chip->oob_poi + offset - mtd->writesize, |
2857 |
+- 4); |
2858 |
+- } |
2859 |
++ writel(NFC_BUF_TO_USER_DATA(chip->oob_poi + |
2860 |
++ layout->oobfree[i].offset), |
2861 |
++ nfc->regs + NFC_REG_USER_DATA_BASE); |
2862 |
+ |
2863 |
+ chip->cmdfunc(mtd, NAND_CMD_RNDIN, offset, -1); |
2864 |
+ |
2865 |
+@@ -770,14 +768,8 @@ static int sunxi_nfc_hw_syndrome_ecc_write_page(struct mtd_info *mtd, |
2866 |
+ offset += ecc->size; |
2867 |
+ |
2868 |
+ /* Fill OOB data in */ |
2869 |
+- if (oob_required) { |
2870 |
+- tmp = 0xffffffff; |
2871 |
+- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, &tmp, |
2872 |
+- 4); |
2873 |
+- } else { |
2874 |
+- memcpy_toio(nfc->regs + NFC_REG_USER_DATA_BASE, oob, |
2875 |
+- 4); |
2876 |
+- } |
2877 |
++ writel(NFC_BUF_TO_USER_DATA(oob), |
2878 |
++ nfc->regs + NFC_REG_USER_DATA_BASE); |
2879 |
+ |
2880 |
+ tmp = NFC_DATA_TRANS | NFC_DATA_SWAP_METHOD | NFC_ACCESS_DIR | |
2881 |
+ (1 << 30); |
2882 |
+@@ -1312,6 +1304,7 @@ static void sunxi_nand_chips_cleanup(struct sunxi_nfc *nfc) |
2883 |
+ node); |
2884 |
+ nand_release(&chip->mtd); |
2885 |
+ sunxi_nand_ecc_cleanup(&chip->nand.ecc); |
2886 |
++ list_del(&chip->node); |
2887 |
+ } |
2888 |
+ } |
2889 |
+ |
2890 |
+diff --git a/drivers/mtd/ubi/io.c b/drivers/mtd/ubi/io.c |
2891 |
+index 5bbd1f094f4e..1fc23e48fe8e 100644 |
2892 |
+--- a/drivers/mtd/ubi/io.c |
2893 |
++++ b/drivers/mtd/ubi/io.c |
2894 |
+@@ -926,6 +926,11 @@ static int validate_vid_hdr(const struct ubi_device *ubi, |
2895 |
+ goto bad; |
2896 |
+ } |
2897 |
+ |
2898 |
++ if (data_size > ubi->leb_size) { |
2899 |
++ ubi_err(ubi, "bad data_size"); |
2900 |
++ goto bad; |
2901 |
++ } |
2902 |
++ |
2903 |
+ if (vol_type == UBI_VID_STATIC) { |
2904 |
+ /* |
2905 |
+ * Although from high-level point of view static volumes may |
2906 |
+diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c |
2907 |
+index 68c9c5ea676f..bf2f916df4e2 100644 |
2908 |
+--- a/drivers/mtd/ubi/vtbl.c |
2909 |
++++ b/drivers/mtd/ubi/vtbl.c |
2910 |
+@@ -646,6 +646,7 @@ static int init_volumes(struct ubi_device *ubi, |
2911 |
+ if (ubi->corr_peb_count) |
2912 |
+ ubi_err(ubi, "%d PEBs are corrupted and not used", |
2913 |
+ ubi->corr_peb_count); |
2914 |
++ return -ENOSPC; |
2915 |
+ } |
2916 |
+ ubi->rsvd_pebs += reserved_pebs; |
2917 |
+ ubi->avail_pebs -= reserved_pebs; |
2918 |
+diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c |
2919 |
+index 16214d3d57a4..18fef94542f8 100644 |
2920 |
+--- a/drivers/mtd/ubi/wl.c |
2921 |
++++ b/drivers/mtd/ubi/wl.c |
2922 |
+@@ -1601,6 +1601,7 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai) |
2923 |
+ if (ubi->corr_peb_count) |
2924 |
+ ubi_err(ubi, "%d PEBs are corrupted and not used", |
2925 |
+ ubi->corr_peb_count); |
2926 |
++ err = -ENOSPC; |
2927 |
+ goto out_free; |
2928 |
+ } |
2929 |
+ ubi->avail_pebs -= reserved_pebs; |
2930 |
+diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c |
2931 |
+index 4f6bf996851e..7dfbcde34509 100644 |
2932 |
+--- a/drivers/net/ethernet/intel/igb/igb_main.c |
2933 |
++++ b/drivers/net/ethernet/intel/igb/igb_main.c |
2934 |
+@@ -2864,7 +2864,7 @@ static void igb_probe_vfs(struct igb_adapter *adapter) |
2935 |
+ return; |
2936 |
+ |
2937 |
+ pci_sriov_set_totalvfs(pdev, 7); |
2938 |
+- igb_pci_enable_sriov(pdev, max_vfs); |
2939 |
++ igb_enable_sriov(pdev, max_vfs); |
2940 |
+ |
2941 |
+ #endif /* CONFIG_PCI_IOV */ |
2942 |
+ } |
2943 |
+diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c |
2944 |
+index 2fd9e180272b..c5dc6b57212e 100644 |
2945 |
+--- a/drivers/net/wireless/ath/ath10k/htc.c |
2946 |
++++ b/drivers/net/wireless/ath/ath10k/htc.c |
2947 |
+@@ -163,8 +163,10 @@ int ath10k_htc_send(struct ath10k_htc *htc, |
2948 |
+ skb_cb->eid = eid; |
2949 |
+ skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE); |
2950 |
+ ret = dma_mapping_error(dev, skb_cb->paddr); |
2951 |
+- if (ret) |
2952 |
++ if (ret) { |
2953 |
++ ret = -EIO; |
2954 |
+ goto err_credits; |
2955 |
++ } |
2956 |
+ |
2957 |
+ sg_item.transfer_id = ep->eid; |
2958 |
+ sg_item.transfer_context = skb; |
2959 |
+diff --git a/drivers/net/wireless/ath/ath10k/htt_tx.c b/drivers/net/wireless/ath/ath10k/htt_tx.c |
2960 |
+index cbd2bc9e6202..7f4854a52a7c 100644 |
2961 |
+--- a/drivers/net/wireless/ath/ath10k/htt_tx.c |
2962 |
++++ b/drivers/net/wireless/ath/ath10k/htt_tx.c |
2963 |
+@@ -371,8 +371,10 @@ int ath10k_htt_mgmt_tx(struct ath10k_htt *htt, struct sk_buff *msdu) |
2964 |
+ skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len, |
2965 |
+ DMA_TO_DEVICE); |
2966 |
+ res = dma_mapping_error(dev, skb_cb->paddr); |
2967 |
+- if (res) |
2968 |
++ if (res) { |
2969 |
++ res = -EIO; |
2970 |
+ goto err_free_txdesc; |
2971 |
++ } |
2972 |
+ |
2973 |
+ skb_put(txdesc, len); |
2974 |
+ cmd = (struct htt_cmd *)txdesc->data; |
2975 |
+@@ -463,8 +465,10 @@ int ath10k_htt_tx(struct ath10k_htt *htt, struct sk_buff *msdu) |
2976 |
+ skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len, |
2977 |
+ DMA_TO_DEVICE); |
2978 |
+ res = dma_mapping_error(dev, skb_cb->paddr); |
2979 |
+- if (res) |
2980 |
++ if (res) { |
2981 |
++ res = -EIO; |
2982 |
+ goto err_free_txbuf; |
2983 |
++ } |
2984 |
+ |
2985 |
+ if (likely(use_frags)) { |
2986 |
+ frags = skb_cb->htt.txbuf->frags; |
2987 |
+diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c |
2988 |
+index 973485bd4121..5e021b0b3f9e 100644 |
2989 |
+--- a/drivers/net/wireless/ath/ath10k/mac.c |
2990 |
++++ b/drivers/net/wireless/ath/ath10k/mac.c |
2991 |
+@@ -4464,6 +4464,21 @@ static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value) |
2992 |
+ return ret; |
2993 |
+ } |
2994 |
+ |
2995 |
++static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value) |
2996 |
++{ |
2997 |
++ /* Even though there's a WMI enum for fragmentation threshold no known |
2998 |
++ * firmware actually implements it. Moreover it is not possible to rely |
2999 |
++ * frame fragmentation to mac80211 because firmware clears the "more |
3000 |
++ * fragments" bit in frame control making it impossible for remote |
3001 |
++ * devices to reassemble frames. |
3002 |
++ * |
3003 |
++ * Hence implement a dummy callback just to say fragmentation isn't |
3004 |
++ * supported. This effectively prevents mac80211 from doing frame |
3005 |
++ * fragmentation in software. |
3006 |
++ */ |
3007 |
++ return -EOPNOTSUPP; |
3008 |
++} |
3009 |
++ |
3010 |
+ static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif, |
3011 |
+ u32 queues, bool drop) |
3012 |
+ { |
3013 |
+@@ -5108,6 +5123,7 @@ static const struct ieee80211_ops ath10k_ops = { |
3014 |
+ .remain_on_channel = ath10k_remain_on_channel, |
3015 |
+ .cancel_remain_on_channel = ath10k_cancel_remain_on_channel, |
3016 |
+ .set_rts_threshold = ath10k_set_rts_threshold, |
3017 |
++ .set_frag_threshold = ath10k_mac_op_set_frag_threshold, |
3018 |
+ .flush = ath10k_flush, |
3019 |
+ .tx_last_beacon = ath10k_tx_last_beacon, |
3020 |
+ .set_antenna = ath10k_set_antenna, |
3021 |
+diff --git a/drivers/net/wireless/ath/ath10k/pci.c b/drivers/net/wireless/ath/ath10k/pci.c |
3022 |
+index ead543282128..3c4c800ab505 100644 |
3023 |
+--- a/drivers/net/wireless/ath/ath10k/pci.c |
3024 |
++++ b/drivers/net/wireless/ath/ath10k/pci.c |
3025 |
+@@ -1378,8 +1378,10 @@ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar, |
3026 |
+ |
3027 |
+ req_paddr = dma_map_single(ar->dev, treq, req_len, DMA_TO_DEVICE); |
3028 |
+ ret = dma_mapping_error(ar->dev, req_paddr); |
3029 |
+- if (ret) |
3030 |
++ if (ret) { |
3031 |
++ ret = -EIO; |
3032 |
+ goto err_dma; |
3033 |
++ } |
3034 |
+ |
3035 |
+ if (resp && resp_len) { |
3036 |
+ tresp = kzalloc(*resp_len, GFP_KERNEL); |
3037 |
+@@ -1391,8 +1393,10 @@ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar, |
3038 |
+ resp_paddr = dma_map_single(ar->dev, tresp, *resp_len, |
3039 |
+ DMA_FROM_DEVICE); |
3040 |
+ ret = dma_mapping_error(ar->dev, resp_paddr); |
3041 |
+- if (ret) |
3042 |
++ if (ret) { |
3043 |
++ ret = EIO; |
3044 |
+ goto err_req; |
3045 |
++ } |
3046 |
+ |
3047 |
+ xfer.wait_for_resp = true; |
3048 |
+ xfer.resp_len = 0; |
3049 |
+diff --git a/drivers/net/wireless/ath/ath10k/wmi.c b/drivers/net/wireless/ath/ath10k/wmi.c |
3050 |
+index c7ea77edce24..408ecd98e61b 100644 |
3051 |
+--- a/drivers/net/wireless/ath/ath10k/wmi.c |
3052 |
++++ b/drivers/net/wireless/ath/ath10k/wmi.c |
3053 |
+@@ -2517,6 +2517,7 @@ void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb) |
3054 |
+ ath10k_warn(ar, "failed to map beacon: %d\n", |
3055 |
+ ret); |
3056 |
+ dev_kfree_skb_any(bcn); |
3057 |
++ ret = -EIO; |
3058 |
+ goto skip; |
3059 |
+ } |
3060 |
+ |
3061 |
+diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c |
3062 |
+index 1c6788aecc62..40d72312f3df 100644 |
3063 |
+--- a/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c |
3064 |
++++ b/drivers/net/wireless/rsi/rsi_91x_sdio_ops.c |
3065 |
+@@ -203,8 +203,10 @@ static int rsi_load_ta_instructions(struct rsi_common *common) |
3066 |
+ |
3067 |
+ /* Copy firmware into DMA-accessible memory */ |
3068 |
+ fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); |
3069 |
+- if (!fw) |
3070 |
+- return -ENOMEM; |
3071 |
++ if (!fw) { |
3072 |
++ status = -ENOMEM; |
3073 |
++ goto out; |
3074 |
++ } |
3075 |
+ len = fw_entry->size; |
3076 |
+ |
3077 |
+ if (len % 4) |
3078 |
+@@ -217,6 +219,8 @@ static int rsi_load_ta_instructions(struct rsi_common *common) |
3079 |
+ |
3080 |
+ status = rsi_copy_to_card(common, fw, len, num_blocks); |
3081 |
+ kfree(fw); |
3082 |
++ |
3083 |
++out: |
3084 |
+ release_firmware(fw_entry); |
3085 |
+ return status; |
3086 |
+ } |
3087 |
+diff --git a/drivers/net/wireless/rsi/rsi_91x_usb_ops.c b/drivers/net/wireless/rsi/rsi_91x_usb_ops.c |
3088 |
+index 30c2cf7fa93b..de4900862836 100644 |
3089 |
+--- a/drivers/net/wireless/rsi/rsi_91x_usb_ops.c |
3090 |
++++ b/drivers/net/wireless/rsi/rsi_91x_usb_ops.c |
3091 |
+@@ -148,8 +148,10 @@ static int rsi_load_ta_instructions(struct rsi_common *common) |
3092 |
+ |
3093 |
+ /* Copy firmware into DMA-accessible memory */ |
3094 |
+ fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); |
3095 |
+- if (!fw) |
3096 |
+- return -ENOMEM; |
3097 |
++ if (!fw) { |
3098 |
++ status = -ENOMEM; |
3099 |
++ goto out; |
3100 |
++ } |
3101 |
+ len = fw_entry->size; |
3102 |
+ |
3103 |
+ if (len % 4) |
3104 |
+@@ -162,6 +164,8 @@ static int rsi_load_ta_instructions(struct rsi_common *common) |
3105 |
+ |
3106 |
+ status = rsi_copy_to_card(common, fw, len, num_blocks); |
3107 |
+ kfree(fw); |
3108 |
++ |
3109 |
++out: |
3110 |
+ release_firmware(fw_entry); |
3111 |
+ return status; |
3112 |
+ } |
3113 |
+diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c |
3114 |
+index e031c943286e..52f081f4dfd5 100644 |
3115 |
+--- a/drivers/net/xen-netfront.c |
3116 |
++++ b/drivers/net/xen-netfront.c |
3117 |
+@@ -1353,7 +1353,8 @@ static void xennet_disconnect_backend(struct netfront_info *info) |
3118 |
+ queue->tx_evtchn = queue->rx_evtchn = 0; |
3119 |
+ queue->tx_irq = queue->rx_irq = 0; |
3120 |
+ |
3121 |
+- napi_synchronize(&queue->napi); |
3122 |
++ if (netif_running(info->netdev)) |
3123 |
++ napi_synchronize(&queue->napi); |
3124 |
+ |
3125 |
+ xennet_release_tx_bufs(queue); |
3126 |
+ xennet_release_rx_bufs(queue); |
3127 |
+diff --git a/drivers/pci/access.c b/drivers/pci/access.c |
3128 |
+index b965c12168b7..502a82ca1db0 100644 |
3129 |
+--- a/drivers/pci/access.c |
3130 |
++++ b/drivers/pci/access.c |
3131 |
+@@ -442,7 +442,8 @@ static const struct pci_vpd_ops pci_vpd_pci22_ops = { |
3132 |
+ static ssize_t pci_vpd_f0_read(struct pci_dev *dev, loff_t pos, size_t count, |
3133 |
+ void *arg) |
3134 |
+ { |
3135 |
+- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn)); |
3136 |
++ struct pci_dev *tdev = pci_get_slot(dev->bus, |
3137 |
++ PCI_DEVFN(PCI_SLOT(dev->devfn), 0)); |
3138 |
+ ssize_t ret; |
3139 |
+ |
3140 |
+ if (!tdev) |
3141 |
+@@ -456,7 +457,8 @@ static ssize_t pci_vpd_f0_read(struct pci_dev *dev, loff_t pos, size_t count, |
3142 |
+ static ssize_t pci_vpd_f0_write(struct pci_dev *dev, loff_t pos, size_t count, |
3143 |
+ const void *arg) |
3144 |
+ { |
3145 |
+- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn)); |
3146 |
++ struct pci_dev *tdev = pci_get_slot(dev->bus, |
3147 |
++ PCI_DEVFN(PCI_SLOT(dev->devfn), 0)); |
3148 |
+ ssize_t ret; |
3149 |
+ |
3150 |
+ if (!tdev) |
3151 |
+@@ -473,22 +475,6 @@ static const struct pci_vpd_ops pci_vpd_f0_ops = { |
3152 |
+ .release = pci_vpd_pci22_release, |
3153 |
+ }; |
3154 |
+ |
3155 |
+-static int pci_vpd_f0_dev_check(struct pci_dev *dev) |
3156 |
+-{ |
3157 |
+- struct pci_dev *tdev = pci_get_slot(dev->bus, PCI_SLOT(dev->devfn)); |
3158 |
+- int ret = 0; |
3159 |
+- |
3160 |
+- if (!tdev) |
3161 |
+- return -ENODEV; |
3162 |
+- if (!tdev->vpd || !tdev->multifunction || |
3163 |
+- dev->class != tdev->class || dev->vendor != tdev->vendor || |
3164 |
+- dev->device != tdev->device) |
3165 |
+- ret = -ENODEV; |
3166 |
+- |
3167 |
+- pci_dev_put(tdev); |
3168 |
+- return ret; |
3169 |
+-} |
3170 |
+- |
3171 |
+ int pci_vpd_pci22_init(struct pci_dev *dev) |
3172 |
+ { |
3173 |
+ struct pci_vpd_pci22 *vpd; |
3174 |
+@@ -497,12 +483,7 @@ int pci_vpd_pci22_init(struct pci_dev *dev) |
3175 |
+ cap = pci_find_capability(dev, PCI_CAP_ID_VPD); |
3176 |
+ if (!cap) |
3177 |
+ return -ENODEV; |
3178 |
+- if (dev->dev_flags & PCI_DEV_FLAGS_VPD_REF_F0) { |
3179 |
+- int ret = pci_vpd_f0_dev_check(dev); |
3180 |
+ |
3181 |
+- if (ret) |
3182 |
+- return ret; |
3183 |
+- } |
3184 |
+ vpd = kzalloc(sizeof(*vpd), GFP_ATOMIC); |
3185 |
+ if (!vpd) |
3186 |
+ return -ENOMEM; |
3187 |
+diff --git a/drivers/pci/bus.c b/drivers/pci/bus.c |
3188 |
+index 6fbd3f2b5992..d3346d23963b 100644 |
3189 |
+--- a/drivers/pci/bus.c |
3190 |
++++ b/drivers/pci/bus.c |
3191 |
+@@ -256,6 +256,8 @@ bool pci_bus_clip_resource(struct pci_dev *dev, int idx) |
3192 |
+ |
3193 |
+ res->start = start; |
3194 |
+ res->end = end; |
3195 |
++ res->flags &= ~IORESOURCE_UNSET; |
3196 |
++ orig_res.flags &= ~IORESOURCE_UNSET; |
3197 |
+ dev_printk(KERN_DEBUG, &dev->dev, "%pR clipped to %pR\n", |
3198 |
+ &orig_res, res); |
3199 |
+ |
3200 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
3201 |
+index 804cd3b02c66..4a6933f02cd0 100644 |
3202 |
+--- a/drivers/pci/quirks.c |
3203 |
++++ b/drivers/pci/quirks.c |
3204 |
+@@ -1915,11 +1915,27 @@ static void quirk_netmos(struct pci_dev *dev) |
3205 |
+ DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NETMOS, PCI_ANY_ID, |
3206 |
+ PCI_CLASS_COMMUNICATION_SERIAL, 8, quirk_netmos); |
3207 |
+ |
3208 |
++/* |
3209 |
++ * Quirk non-zero PCI functions to route VPD access through function 0 for |
3210 |
++ * devices that share VPD resources between functions. The functions are |
3211 |
++ * expected to be identical devices. |
3212 |
++ */ |
3213 |
+ static void quirk_f0_vpd_link(struct pci_dev *dev) |
3214 |
+ { |
3215 |
+- if (!dev->multifunction || !PCI_FUNC(dev->devfn)) |
3216 |
++ struct pci_dev *f0; |
3217 |
++ |
3218 |
++ if (!PCI_FUNC(dev->devfn)) |
3219 |
+ return; |
3220 |
+- dev->dev_flags |= PCI_DEV_FLAGS_VPD_REF_F0; |
3221 |
++ |
3222 |
++ f0 = pci_get_slot(dev->bus, PCI_DEVFN(PCI_SLOT(dev->devfn), 0)); |
3223 |
++ if (!f0) |
3224 |
++ return; |
3225 |
++ |
3226 |
++ if (f0->vpd && dev->class == f0->class && |
3227 |
++ dev->vendor == f0->vendor && dev->device == f0->device) |
3228 |
++ dev->dev_flags |= PCI_DEV_FLAGS_VPD_REF_F0; |
3229 |
++ |
3230 |
++ pci_dev_put(f0); |
3231 |
+ } |
3232 |
+ DECLARE_PCI_FIXUP_CLASS_EARLY(PCI_VENDOR_ID_INTEL, PCI_ANY_ID, |
3233 |
+ PCI_CLASS_NETWORK_ETHERNET, 8, quirk_f0_vpd_link); |
3234 |
+diff --git a/drivers/pcmcia/sa1100_generic.c b/drivers/pcmcia/sa1100_generic.c |
3235 |
+index 803945259da8..42861cc70158 100644 |
3236 |
+--- a/drivers/pcmcia/sa1100_generic.c |
3237 |
++++ b/drivers/pcmcia/sa1100_generic.c |
3238 |
+@@ -93,7 +93,6 @@ static int sa11x0_drv_pcmcia_remove(struct platform_device *dev) |
3239 |
+ for (i = 0; i < sinfo->nskt; i++) |
3240 |
+ soc_pcmcia_remove_one(&sinfo->skt[i]); |
3241 |
+ |
3242 |
+- clk_put(sinfo->clk); |
3243 |
+ kfree(sinfo); |
3244 |
+ return 0; |
3245 |
+ } |
3246 |
+diff --git a/drivers/pcmcia/sa11xx_base.c b/drivers/pcmcia/sa11xx_base.c |
3247 |
+index cf6de2c2b329..553d70a67f80 100644 |
3248 |
+--- a/drivers/pcmcia/sa11xx_base.c |
3249 |
++++ b/drivers/pcmcia/sa11xx_base.c |
3250 |
+@@ -222,7 +222,7 @@ int sa11xx_drv_pcmcia_probe(struct device *dev, struct pcmcia_low_level *ops, |
3251 |
+ int i, ret = 0; |
3252 |
+ struct clk *clk; |
3253 |
+ |
3254 |
+- clk = clk_get(dev, NULL); |
3255 |
++ clk = devm_clk_get(dev, NULL); |
3256 |
+ if (IS_ERR(clk)) |
3257 |
+ return PTR_ERR(clk); |
3258 |
+ |
3259 |
+@@ -251,7 +251,6 @@ int sa11xx_drv_pcmcia_probe(struct device *dev, struct pcmcia_low_level *ops, |
3260 |
+ if (ret) { |
3261 |
+ while (--i >= 0) |
3262 |
+ soc_pcmcia_remove_one(&sinfo->skt[i]); |
3263 |
+- clk_put(clk); |
3264 |
+ kfree(sinfo); |
3265 |
+ } else { |
3266 |
+ dev_set_drvdata(dev, sinfo); |
3267 |
+diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c |
3268 |
+index 9956b9902bb4..93e54a0f471a 100644 |
3269 |
+--- a/drivers/platform/x86/toshiba_acpi.c |
3270 |
++++ b/drivers/platform/x86/toshiba_acpi.c |
3271 |
+@@ -2525,11 +2525,9 @@ static int toshiba_acpi_setup_keyboard(struct toshiba_acpi_dev *dev) |
3272 |
+ if (error) |
3273 |
+ return error; |
3274 |
+ |
3275 |
+- error = toshiba_hotkey_event_type_get(dev, &events_type); |
3276 |
+- if (error) { |
3277 |
+- pr_err("Unable to query Hotkey Event Type\n"); |
3278 |
+- return error; |
3279 |
+- } |
3280 |
++ if (toshiba_hotkey_event_type_get(dev, &events_type)) |
3281 |
++ pr_notice("Unable to query Hotkey Event Type\n"); |
3282 |
++ |
3283 |
+ dev->hotkey_event_type = events_type; |
3284 |
+ |
3285 |
+ dev->hotkey_dev = input_allocate_device(); |
3286 |
+diff --git a/drivers/power/avs/Kconfig b/drivers/power/avs/Kconfig |
3287 |
+index 7f3d389bd601..a67eeace6a89 100644 |
3288 |
+--- a/drivers/power/avs/Kconfig |
3289 |
++++ b/drivers/power/avs/Kconfig |
3290 |
+@@ -13,7 +13,7 @@ menuconfig POWER_AVS |
3291 |
+ |
3292 |
+ config ROCKCHIP_IODOMAIN |
3293 |
+ tristate "Rockchip IO domain support" |
3294 |
+- depends on ARCH_ROCKCHIP && OF |
3295 |
++ depends on POWER_AVS && ARCH_ROCKCHIP && OF |
3296 |
+ help |
3297 |
+ Say y here to enable support io domains on Rockchip SoCs. It is |
3298 |
+ necessary for the io domain setting of the SoC to match the |
3299 |
+diff --git a/drivers/scsi/3w-9xxx.c b/drivers/scsi/3w-9xxx.c |
3300 |
+index add419d6ff34..a56a7b243e91 100644 |
3301 |
+--- a/drivers/scsi/3w-9xxx.c |
3302 |
++++ b/drivers/scsi/3w-9xxx.c |
3303 |
+@@ -212,6 +212,17 @@ static const struct file_operations twa_fops = { |
3304 |
+ .llseek = noop_llseek, |
3305 |
+ }; |
3306 |
+ |
3307 |
++/* |
3308 |
++ * The controllers use an inline buffer instead of a mapped SGL for small, |
3309 |
++ * single entry buffers. Note that we treat a zero-length transfer like |
3310 |
++ * a mapped SGL. |
3311 |
++ */ |
3312 |
++static bool twa_command_mapped(struct scsi_cmnd *cmd) |
3313 |
++{ |
3314 |
++ return scsi_sg_count(cmd) != 1 || |
3315 |
++ scsi_bufflen(cmd) >= TW_MIN_SGL_LENGTH; |
3316 |
++} |
3317 |
++ |
3318 |
+ /* This function will complete an aen request from the isr */ |
3319 |
+ static int twa_aen_complete(TW_Device_Extension *tw_dev, int request_id) |
3320 |
+ { |
3321 |
+@@ -1339,7 +1350,8 @@ static irqreturn_t twa_interrupt(int irq, void *dev_instance) |
3322 |
+ } |
3323 |
+ |
3324 |
+ /* Now complete the io */ |
3325 |
+- scsi_dma_unmap(cmd); |
3326 |
++ if (twa_command_mapped(cmd)) |
3327 |
++ scsi_dma_unmap(cmd); |
3328 |
+ cmd->scsi_done(cmd); |
3329 |
+ tw_dev->state[request_id] = TW_S_COMPLETED; |
3330 |
+ twa_free_request_id(tw_dev, request_id); |
3331 |
+@@ -1582,7 +1594,8 @@ static int twa_reset_device_extension(TW_Device_Extension *tw_dev) |
3332 |
+ struct scsi_cmnd *cmd = tw_dev->srb[i]; |
3333 |
+ |
3334 |
+ cmd->result = (DID_RESET << 16); |
3335 |
+- scsi_dma_unmap(cmd); |
3336 |
++ if (twa_command_mapped(cmd)) |
3337 |
++ scsi_dma_unmap(cmd); |
3338 |
+ cmd->scsi_done(cmd); |
3339 |
+ } |
3340 |
+ } |
3341 |
+@@ -1765,12 +1778,14 @@ static int twa_scsi_queue_lck(struct scsi_cmnd *SCpnt, void (*done)(struct scsi_ |
3342 |
+ retval = twa_scsiop_execute_scsi(tw_dev, request_id, NULL, 0, NULL); |
3343 |
+ switch (retval) { |
3344 |
+ case SCSI_MLQUEUE_HOST_BUSY: |
3345 |
+- scsi_dma_unmap(SCpnt); |
3346 |
++ if (twa_command_mapped(SCpnt)) |
3347 |
++ scsi_dma_unmap(SCpnt); |
3348 |
+ twa_free_request_id(tw_dev, request_id); |
3349 |
+ break; |
3350 |
+ case 1: |
3351 |
+ SCpnt->result = (DID_ERROR << 16); |
3352 |
+- scsi_dma_unmap(SCpnt); |
3353 |
++ if (twa_command_mapped(SCpnt)) |
3354 |
++ scsi_dma_unmap(SCpnt); |
3355 |
+ done(SCpnt); |
3356 |
+ tw_dev->state[request_id] = TW_S_COMPLETED; |
3357 |
+ twa_free_request_id(tw_dev, request_id); |
3358 |
+@@ -1831,8 +1846,7 @@ static int twa_scsiop_execute_scsi(TW_Device_Extension *tw_dev, int request_id, |
3359 |
+ /* Map sglist from scsi layer to cmd packet */ |
3360 |
+ |
3361 |
+ if (scsi_sg_count(srb)) { |
3362 |
+- if ((scsi_sg_count(srb) == 1) && |
3363 |
+- (scsi_bufflen(srb) < TW_MIN_SGL_LENGTH)) { |
3364 |
++ if (!twa_command_mapped(srb)) { |
3365 |
+ if (srb->sc_data_direction == DMA_TO_DEVICE || |
3366 |
+ srb->sc_data_direction == DMA_BIDIRECTIONAL) |
3367 |
+ scsi_sg_copy_to_buffer(srb, |
3368 |
+@@ -1905,7 +1919,7 @@ static void twa_scsiop_execute_scsi_complete(TW_Device_Extension *tw_dev, int re |
3369 |
+ { |
3370 |
+ struct scsi_cmnd *cmd = tw_dev->srb[request_id]; |
3371 |
+ |
3372 |
+- if (scsi_bufflen(cmd) < TW_MIN_SGL_LENGTH && |
3373 |
++ if (!twa_command_mapped(cmd) && |
3374 |
+ (cmd->sc_data_direction == DMA_FROM_DEVICE || |
3375 |
+ cmd->sc_data_direction == DMA_BIDIRECTIONAL)) { |
3376 |
+ if (scsi_sg_count(cmd) == 1) { |
3377 |
+diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c |
3378 |
+index a9aa38903efe..cccab6188328 100644 |
3379 |
+--- a/drivers/scsi/ipr.c |
3380 |
++++ b/drivers/scsi/ipr.c |
3381 |
+@@ -4554,7 +4554,7 @@ static ssize_t ipr_store_raw_mode(struct device *dev, |
3382 |
+ spin_lock_irqsave(ioa_cfg->host->host_lock, lock_flags); |
3383 |
+ res = (struct ipr_resource_entry *)sdev->hostdata; |
3384 |
+ if (res) { |
3385 |
+- if (ioa_cfg->sis64 && ipr_is_af_dasd_device(res)) { |
3386 |
++ if (ipr_is_af_dasd_device(res)) { |
3387 |
+ res->raw_mode = simple_strtoul(buf, NULL, 10); |
3388 |
+ len = strlen(buf); |
3389 |
+ if (res->sdev) |
3390 |
+diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c |
3391 |
+index ce6c770d74d5..c6b93d273799 100644 |
3392 |
+--- a/drivers/scsi/scsi_error.c |
3393 |
++++ b/drivers/scsi/scsi_error.c |
3394 |
+@@ -2169,8 +2169,17 @@ int scsi_error_handler(void *data) |
3395 |
+ * We never actually get interrupted because kthread_run |
3396 |
+ * disables signal delivery for the created thread. |
3397 |
+ */ |
3398 |
+- while (!kthread_should_stop()) { |
3399 |
++ while (true) { |
3400 |
++ /* |
3401 |
++ * The sequence in kthread_stop() sets the stop flag first |
3402 |
++ * then wakes the process. To avoid missed wakeups, the task |
3403 |
++ * should always be in a non running state before the stop |
3404 |
++ * flag is checked |
3405 |
++ */ |
3406 |
+ set_current_state(TASK_INTERRUPTIBLE); |
3407 |
++ if (kthread_should_stop()) |
3408 |
++ break; |
3409 |
++ |
3410 |
+ if ((shost->host_failed == 0 && shost->host_eh_scheduled == 0) || |
3411 |
+ shost->host_failed != atomic_read(&shost->host_busy)) { |
3412 |
+ SCSI_LOG_ERROR_RECOVERY(1, |
3413 |
+diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c |
3414 |
+index e3223ac75a7c..f089082c00e1 100644 |
3415 |
+--- a/drivers/spi/spi-pxa2xx.c |
3416 |
++++ b/drivers/spi/spi-pxa2xx.c |
3417 |
+@@ -624,6 +624,10 @@ static irqreturn_t ssp_int(int irq, void *dev_id) |
3418 |
+ if (!(sccr1_reg & SSCR1_TIE)) |
3419 |
+ mask &= ~SSSR_TFS; |
3420 |
+ |
3421 |
++ /* Ignore RX timeout interrupt if it is disabled */ |
3422 |
++ if (!(sccr1_reg & SSCR1_TINTE)) |
3423 |
++ mask &= ~SSSR_TINT; |
3424 |
++ |
3425 |
+ if (!(status & mask)) |
3426 |
+ return IRQ_NONE; |
3427 |
+ |
3428 |
+diff --git a/drivers/spi/spi-xtensa-xtfpga.c b/drivers/spi/spi-xtensa-xtfpga.c |
3429 |
+index 2e32ea2f194f..be6155cba9de 100644 |
3430 |
+--- a/drivers/spi/spi-xtensa-xtfpga.c |
3431 |
++++ b/drivers/spi/spi-xtensa-xtfpga.c |
3432 |
+@@ -34,13 +34,13 @@ struct xtfpga_spi { |
3433 |
+ static inline void xtfpga_spi_write32(const struct xtfpga_spi *spi, |
3434 |
+ unsigned addr, u32 val) |
3435 |
+ { |
3436 |
+- iowrite32(val, spi->regs + addr); |
3437 |
++ __raw_writel(val, spi->regs + addr); |
3438 |
+ } |
3439 |
+ |
3440 |
+ static inline unsigned int xtfpga_spi_read32(const struct xtfpga_spi *spi, |
3441 |
+ unsigned addr) |
3442 |
+ { |
3443 |
+- return ioread32(spi->regs + addr); |
3444 |
++ return __raw_readl(spi->regs + addr); |
3445 |
+ } |
3446 |
+ |
3447 |
+ static inline void xtfpga_spi_wait_busy(struct xtfpga_spi *xspi) |
3448 |
+diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c |
3449 |
+index d35c1a13217c..029dbd33b4b2 100644 |
3450 |
+--- a/drivers/spi/spi.c |
3451 |
++++ b/drivers/spi/spi.c |
3452 |
+@@ -1427,8 +1427,7 @@ static struct class spi_master_class = { |
3453 |
+ * |
3454 |
+ * The caller is responsible for assigning the bus number and initializing |
3455 |
+ * the master's methods before calling spi_register_master(); and (after errors |
3456 |
+- * adding the device) calling spi_master_put() and kfree() to prevent a memory |
3457 |
+- * leak. |
3458 |
++ * adding the device) calling spi_master_put() to prevent a memory leak. |
3459 |
+ */ |
3460 |
+ struct spi_master *spi_alloc_master(struct device *dev, unsigned size) |
3461 |
+ { |
3462 |
+diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c |
3463 |
+index 92c909eed6b5..8fab566e0f0b 100644 |
3464 |
+--- a/drivers/spi/spidev.c |
3465 |
++++ b/drivers/spi/spidev.c |
3466 |
+@@ -664,7 +664,8 @@ static int spidev_release(struct inode *inode, struct file *filp) |
3467 |
+ kfree(spidev->rx_buffer); |
3468 |
+ spidev->rx_buffer = NULL; |
3469 |
+ |
3470 |
+- spidev->speed_hz = spidev->spi->max_speed_hz; |
3471 |
++ if (spidev->spi) |
3472 |
++ spidev->speed_hz = spidev->spi->max_speed_hz; |
3473 |
+ |
3474 |
+ /* ... after we unbound from the underlying device? */ |
3475 |
+ spin_lock_irq(&spidev->spi_lock); |
3476 |
+diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c |
3477 |
+index b0b96ab31954..abbc42a56e7c 100644 |
3478 |
+--- a/drivers/staging/android/ion/ion.c |
3479 |
++++ b/drivers/staging/android/ion/ion.c |
3480 |
+@@ -1179,13 +1179,13 @@ struct ion_handle *ion_import_dma_buf(struct ion_client *client, int fd) |
3481 |
+ mutex_unlock(&client->lock); |
3482 |
+ goto end; |
3483 |
+ } |
3484 |
+- mutex_unlock(&client->lock); |
3485 |
+ |
3486 |
+ handle = ion_handle_create(client, buffer); |
3487 |
+- if (IS_ERR(handle)) |
3488 |
++ if (IS_ERR(handle)) { |
3489 |
++ mutex_unlock(&client->lock); |
3490 |
+ goto end; |
3491 |
++ } |
3492 |
+ |
3493 |
+- mutex_lock(&client->lock); |
3494 |
+ ret = ion_handle_add(client, handle); |
3495 |
+ mutex_unlock(&client->lock); |
3496 |
+ if (ret) { |
3497 |
+diff --git a/drivers/staging/speakup/fakekey.c b/drivers/staging/speakup/fakekey.c |
3498 |
+index 4299cf45f947..5e1f16c36b49 100644 |
3499 |
+--- a/drivers/staging/speakup/fakekey.c |
3500 |
++++ b/drivers/staging/speakup/fakekey.c |
3501 |
+@@ -81,6 +81,7 @@ void speakup_fake_down_arrow(void) |
3502 |
+ __this_cpu_write(reporting_keystroke, true); |
3503 |
+ input_report_key(virt_keyboard, KEY_DOWN, PRESSED); |
3504 |
+ input_report_key(virt_keyboard, KEY_DOWN, RELEASED); |
3505 |
++ input_sync(virt_keyboard); |
3506 |
+ __this_cpu_write(reporting_keystroke, false); |
3507 |
+ |
3508 |
+ /* reenable preemption */ |
3509 |
+diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c |
3510 |
+index 0ab6e2efd28c..330bbe831066 100644 |
3511 |
+--- a/drivers/target/iscsi/iscsi_target.c |
3512 |
++++ b/drivers/target/iscsi/iscsi_target.c |
3513 |
+@@ -341,7 +341,6 @@ static struct iscsi_np *iscsit_get_np( |
3514 |
+ |
3515 |
+ struct iscsi_np *iscsit_add_np( |
3516 |
+ struct __kernel_sockaddr_storage *sockaddr, |
3517 |
+- char *ip_str, |
3518 |
+ int network_transport) |
3519 |
+ { |
3520 |
+ struct sockaddr_in *sock_in; |
3521 |
+@@ -370,11 +369,9 @@ struct iscsi_np *iscsit_add_np( |
3522 |
+ np->np_flags |= NPF_IP_NETWORK; |
3523 |
+ if (sockaddr->ss_family == AF_INET6) { |
3524 |
+ sock_in6 = (struct sockaddr_in6 *)sockaddr; |
3525 |
+- snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str); |
3526 |
+ np->np_port = ntohs(sock_in6->sin6_port); |
3527 |
+ } else { |
3528 |
+ sock_in = (struct sockaddr_in *)sockaddr; |
3529 |
+- sprintf(np->np_ip, "%s", ip_str); |
3530 |
+ np->np_port = ntohs(sock_in->sin_port); |
3531 |
+ } |
3532 |
+ |
3533 |
+@@ -411,8 +408,8 @@ struct iscsi_np *iscsit_add_np( |
3534 |
+ list_add_tail(&np->np_list, &g_np_list); |
3535 |
+ mutex_unlock(&np_lock); |
3536 |
+ |
3537 |
+- pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n", |
3538 |
+- np->np_ip, np->np_port, np->np_transport->name); |
3539 |
++ pr_debug("CORE[0] - Added Network Portal: %pISc:%hu on %s\n", |
3540 |
++ &np->np_sockaddr, np->np_port, np->np_transport->name); |
3541 |
+ |
3542 |
+ return np; |
3543 |
+ } |
3544 |
+@@ -481,8 +478,8 @@ int iscsit_del_np(struct iscsi_np *np) |
3545 |
+ list_del(&np->np_list); |
3546 |
+ mutex_unlock(&np_lock); |
3547 |
+ |
3548 |
+- pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n", |
3549 |
+- np->np_ip, np->np_port, np->np_transport->name); |
3550 |
++ pr_debug("CORE[0] - Removed Network Portal: %pISc:%hu on %s\n", |
3551 |
++ &np->np_sockaddr, np->np_port, np->np_transport->name); |
3552 |
+ |
3553 |
+ iscsit_put_transport(np->np_transport); |
3554 |
+ kfree(np); |
3555 |
+@@ -3467,7 +3464,6 @@ iscsit_build_sendtargets_response(struct iscsi_cmd *cmd, |
3556 |
+ tpg_np_list) { |
3557 |
+ struct iscsi_np *np = tpg_np->tpg_np; |
3558 |
+ bool inaddr_any = iscsit_check_inaddr_any(np); |
3559 |
+- char *fmt_str; |
3560 |
+ |
3561 |
+ if (np->np_network_transport != network_transport) |
3562 |
+ continue; |
3563 |
+@@ -3495,15 +3491,18 @@ iscsit_build_sendtargets_response(struct iscsi_cmd *cmd, |
3564 |
+ } |
3565 |
+ } |
3566 |
+ |
3567 |
+- if (np->np_sockaddr.ss_family == AF_INET6) |
3568 |
+- fmt_str = "TargetAddress=[%s]:%hu,%hu"; |
3569 |
+- else |
3570 |
+- fmt_str = "TargetAddress=%s:%hu,%hu"; |
3571 |
+- |
3572 |
+- len = sprintf(buf, fmt_str, |
3573 |
+- inaddr_any ? conn->local_ip : np->np_ip, |
3574 |
+- np->np_port, |
3575 |
+- tpg->tpgt); |
3576 |
++ if (inaddr_any) { |
3577 |
++ len = sprintf(buf, "TargetAddress=" |
3578 |
++ "%s:%hu,%hu", |
3579 |
++ conn->local_ip, |
3580 |
++ np->np_port, |
3581 |
++ tpg->tpgt); |
3582 |
++ } else { |
3583 |
++ len = sprintf(buf, "TargetAddress=" |
3584 |
++ "%pISpc,%hu", |
3585 |
++ &np->np_sockaddr, |
3586 |
++ tpg->tpgt); |
3587 |
++ } |
3588 |
+ len += 1; |
3589 |
+ |
3590 |
+ if ((len + payload_len) > buffer_len) { |
3591 |
+diff --git a/drivers/target/iscsi/iscsi_target.h b/drivers/target/iscsi/iscsi_target.h |
3592 |
+index 7d0f9c00d9c2..d294f030a097 100644 |
3593 |
+--- a/drivers/target/iscsi/iscsi_target.h |
3594 |
++++ b/drivers/target/iscsi/iscsi_target.h |
3595 |
+@@ -13,7 +13,7 @@ extern int iscsit_deaccess_np(struct iscsi_np *, struct iscsi_portal_group *, |
3596 |
+ extern bool iscsit_check_np_match(struct __kernel_sockaddr_storage *, |
3597 |
+ struct iscsi_np *, int); |
3598 |
+ extern struct iscsi_np *iscsit_add_np(struct __kernel_sockaddr_storage *, |
3599 |
+- char *, int); |
3600 |
++ int); |
3601 |
+ extern int iscsit_reset_np_thread(struct iscsi_np *, struct iscsi_tpg_np *, |
3602 |
+ struct iscsi_portal_group *, bool); |
3603 |
+ extern int iscsit_del_np(struct iscsi_np *); |
3604 |
+diff --git a/drivers/target/iscsi/iscsi_target_configfs.c b/drivers/target/iscsi/iscsi_target_configfs.c |
3605 |
+index 469fce44ebad..6f2fb546477e 100644 |
3606 |
+--- a/drivers/target/iscsi/iscsi_target_configfs.c |
3607 |
++++ b/drivers/target/iscsi/iscsi_target_configfs.c |
3608 |
+@@ -100,7 +100,7 @@ static ssize_t lio_target_np_store_sctp( |
3609 |
+ * Use existing np->np_sockaddr for SCTP network portal reference |
3610 |
+ */ |
3611 |
+ tpg_np_sctp = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr, |
3612 |
+- np->np_ip, tpg_np, ISCSI_SCTP_TCP); |
3613 |
++ tpg_np, ISCSI_SCTP_TCP); |
3614 |
+ if (!tpg_np_sctp || IS_ERR(tpg_np_sctp)) |
3615 |
+ goto out; |
3616 |
+ } else { |
3617 |
+@@ -178,7 +178,7 @@ static ssize_t lio_target_np_store_iser( |
3618 |
+ } |
3619 |
+ |
3620 |
+ tpg_np_iser = iscsit_tpg_add_network_portal(tpg, &np->np_sockaddr, |
3621 |
+- np->np_ip, tpg_np, ISCSI_INFINIBAND); |
3622 |
++ tpg_np, ISCSI_INFINIBAND); |
3623 |
+ if (IS_ERR(tpg_np_iser)) { |
3624 |
+ rc = PTR_ERR(tpg_np_iser); |
3625 |
+ goto out; |
3626 |
+@@ -249,8 +249,8 @@ static struct se_tpg_np *lio_target_call_addnptotpg( |
3627 |
+ return ERR_PTR(-EINVAL); |
3628 |
+ } |
3629 |
+ str++; /* Skip over leading "[" */ |
3630 |
+- *str2 = '\0'; /* Terminate the IPv6 address */ |
3631 |
+- str2++; /* Skip over the "]" */ |
3632 |
++ *str2 = '\0'; /* Terminate the unbracketed IPv6 address */ |
3633 |
++ str2++; /* Skip over the \0 */ |
3634 |
+ port_str = strstr(str2, ":"); |
3635 |
+ if (!port_str) { |
3636 |
+ pr_err("Unable to locate \":port\"" |
3637 |
+@@ -317,7 +317,7 @@ static struct se_tpg_np *lio_target_call_addnptotpg( |
3638 |
+ * sys/kernel/config/iscsi/$IQN/$TPG/np/$IP:$PORT/ |
3639 |
+ * |
3640 |
+ */ |
3641 |
+- tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, str, NULL, |
3642 |
++ tpg_np = iscsit_tpg_add_network_portal(tpg, &sockaddr, NULL, |
3643 |
+ ISCSI_TCP); |
3644 |
+ if (IS_ERR(tpg_np)) { |
3645 |
+ iscsit_put_tpg(tpg); |
3646 |
+@@ -345,8 +345,8 @@ static void lio_target_call_delnpfromtpg( |
3647 |
+ |
3648 |
+ se_tpg = &tpg->tpg_se_tpg; |
3649 |
+ pr_debug("LIO_Target_ConfigFS: DEREGISTER -> %s TPGT: %hu" |
3650 |
+- " PORTAL: %s:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item), |
3651 |
+- tpg->tpgt, tpg_np->tpg_np->np_ip, tpg_np->tpg_np->np_port); |
3652 |
++ " PORTAL: %pISc:%hu\n", config_item_name(&se_tpg->se_tpg_wwn->wwn_group.cg_item), |
3653 |
++ tpg->tpgt, &tpg_np->tpg_np->np_sockaddr, tpg_np->tpg_np->np_port); |
3654 |
+ |
3655 |
+ ret = iscsit_tpg_del_network_portal(tpg, tpg_np); |
3656 |
+ if (ret < 0) |
3657 |
+diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c |
3658 |
+index c3bccaddb592..39654e917cd8 100644 |
3659 |
+--- a/drivers/target/iscsi/iscsi_target_login.c |
3660 |
++++ b/drivers/target/iscsi/iscsi_target_login.c |
3661 |
+@@ -879,8 +879,8 @@ static void iscsi_handle_login_thread_timeout(unsigned long data) |
3662 |
+ struct iscsi_np *np = (struct iscsi_np *) data; |
3663 |
+ |
3664 |
+ spin_lock_bh(&np->np_thread_lock); |
3665 |
+- pr_err("iSCSI Login timeout on Network Portal %s:%hu\n", |
3666 |
+- np->np_ip, np->np_port); |
3667 |
++ pr_err("iSCSI Login timeout on Network Portal %pISc:%hu\n", |
3668 |
++ &np->np_sockaddr, np->np_port); |
3669 |
+ |
3670 |
+ if (np->np_login_timer_flags & ISCSI_TF_STOP) { |
3671 |
+ spin_unlock_bh(&np->np_thread_lock); |
3672 |
+@@ -1358,8 +1358,8 @@ static int __iscsi_target_login_thread(struct iscsi_np *np) |
3673 |
+ spin_lock_bh(&np->np_thread_lock); |
3674 |
+ if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) { |
3675 |
+ spin_unlock_bh(&np->np_thread_lock); |
3676 |
+- pr_err("iSCSI Network Portal on %s:%hu currently not" |
3677 |
+- " active.\n", np->np_ip, np->np_port); |
3678 |
++ pr_err("iSCSI Network Portal on %pISc:%hu currently not" |
3679 |
++ " active.\n", &np->np_sockaddr, np->np_port); |
3680 |
+ iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, |
3681 |
+ ISCSI_LOGIN_STATUS_SVC_UNAVAILABLE); |
3682 |
+ goto new_sess_out; |
3683 |
+diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c |
3684 |
+index 5e3295fe404d..3bc7d62c0a65 100644 |
3685 |
+--- a/drivers/target/iscsi/iscsi_target_tpg.c |
3686 |
++++ b/drivers/target/iscsi/iscsi_target_tpg.c |
3687 |
+@@ -460,7 +460,6 @@ static bool iscsit_tpg_check_network_portal( |
3688 |
+ struct iscsi_tpg_np *iscsit_tpg_add_network_portal( |
3689 |
+ struct iscsi_portal_group *tpg, |
3690 |
+ struct __kernel_sockaddr_storage *sockaddr, |
3691 |
+- char *ip_str, |
3692 |
+ struct iscsi_tpg_np *tpg_np_parent, |
3693 |
+ int network_transport) |
3694 |
+ { |
3695 |
+@@ -470,8 +469,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal( |
3696 |
+ if (!tpg_np_parent) { |
3697 |
+ if (iscsit_tpg_check_network_portal(tpg->tpg_tiqn, sockaddr, |
3698 |
+ network_transport)) { |
3699 |
+- pr_err("Network Portal: %s already exists on a" |
3700 |
+- " different TPG on %s\n", ip_str, |
3701 |
++ pr_err("Network Portal: %pISc already exists on a" |
3702 |
++ " different TPG on %s\n", sockaddr, |
3703 |
+ tpg->tpg_tiqn->tiqn); |
3704 |
+ return ERR_PTR(-EEXIST); |
3705 |
+ } |
3706 |
+@@ -484,7 +483,7 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal( |
3707 |
+ return ERR_PTR(-ENOMEM); |
3708 |
+ } |
3709 |
+ |
3710 |
+- np = iscsit_add_np(sockaddr, ip_str, network_transport); |
3711 |
++ np = iscsit_add_np(sockaddr, network_transport); |
3712 |
+ if (IS_ERR(np)) { |
3713 |
+ kfree(tpg_np); |
3714 |
+ return ERR_CAST(np); |
3715 |
+@@ -514,8 +513,8 @@ struct iscsi_tpg_np *iscsit_tpg_add_network_portal( |
3716 |
+ spin_unlock(&tpg_np_parent->tpg_np_parent_lock); |
3717 |
+ } |
3718 |
+ |
3719 |
+- pr_debug("CORE[%s] - Added Network Portal: %s:%hu,%hu on %s\n", |
3720 |
+- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt, |
3721 |
++ pr_debug("CORE[%s] - Added Network Portal: %pISc:%hu,%hu on %s\n", |
3722 |
++ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt, |
3723 |
+ np->np_transport->name); |
3724 |
+ |
3725 |
+ return tpg_np; |
3726 |
+@@ -528,8 +527,8 @@ static int iscsit_tpg_release_np( |
3727 |
+ { |
3728 |
+ iscsit_clear_tpg_np_login_thread(tpg_np, tpg, true); |
3729 |
+ |
3730 |
+- pr_debug("CORE[%s] - Removed Network Portal: %s:%hu,%hu on %s\n", |
3731 |
+- tpg->tpg_tiqn->tiqn, np->np_ip, np->np_port, tpg->tpgt, |
3732 |
++ pr_debug("CORE[%s] - Removed Network Portal: %pISc:%hu,%hu on %s\n", |
3733 |
++ tpg->tpg_tiqn->tiqn, &np->np_sockaddr, np->np_port, tpg->tpgt, |
3734 |
+ np->np_transport->name); |
3735 |
+ |
3736 |
+ tpg_np->tpg_np = NULL; |
3737 |
+diff --git a/drivers/target/iscsi/iscsi_target_tpg.h b/drivers/target/iscsi/iscsi_target_tpg.h |
3738 |
+index 95ff5bdecd71..28abda89ea98 100644 |
3739 |
+--- a/drivers/target/iscsi/iscsi_target_tpg.h |
3740 |
++++ b/drivers/target/iscsi/iscsi_target_tpg.h |
3741 |
+@@ -22,7 +22,7 @@ extern struct iscsi_node_attrib *iscsit_tpg_get_node_attrib(struct iscsi_session |
3742 |
+ extern void iscsit_tpg_del_external_nps(struct iscsi_tpg_np *); |
3743 |
+ extern struct iscsi_tpg_np *iscsit_tpg_locate_child_np(struct iscsi_tpg_np *, int); |
3744 |
+ extern struct iscsi_tpg_np *iscsit_tpg_add_network_portal(struct iscsi_portal_group *, |
3745 |
+- struct __kernel_sockaddr_storage *, char *, struct iscsi_tpg_np *, |
3746 |
++ struct __kernel_sockaddr_storage *, struct iscsi_tpg_np *, |
3747 |
+ int); |
3748 |
+ extern int iscsit_tpg_del_network_portal(struct iscsi_portal_group *, |
3749 |
+ struct iscsi_tpg_np *); |
3750 |
+diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c |
3751 |
+index a15411c79ae9..08aa7cc58694 100644 |
3752 |
+--- a/drivers/target/target_core_pr.c |
3753 |
++++ b/drivers/target/target_core_pr.c |
3754 |
+@@ -328,6 +328,9 @@ static int core_scsi3_pr_seq_non_holder( |
3755 |
+ int legacy = 0; /* Act like a legacy device and return |
3756 |
+ * RESERVATION CONFLICT on some CDBs */ |
3757 |
+ |
3758 |
++ if (!se_sess->se_node_acl->device_list) |
3759 |
++ return; |
3760 |
++ |
3761 |
+ se_deve = se_sess->se_node_acl->device_list[cmd->orig_fe_lun]; |
3762 |
+ /* |
3763 |
+ * Determine if the registration should be ignored due to |
3764 |
+diff --git a/drivers/target/target_core_ua.c b/drivers/target/target_core_ua.c |
3765 |
+index 1738b1646988..9fc33e84439a 100644 |
3766 |
+--- a/drivers/target/target_core_ua.c |
3767 |
++++ b/drivers/target/target_core_ua.c |
3768 |
+@@ -48,7 +48,7 @@ target_scsi3_ua_check(struct se_cmd *cmd) |
3769 |
+ return 0; |
3770 |
+ |
3771 |
+ nacl = sess->se_node_acl; |
3772 |
+- if (!nacl) |
3773 |
++ if (!nacl || !nacl->device_list) |
3774 |
+ return 0; |
3775 |
+ |
3776 |
+ deve = nacl->device_list[cmd->orig_fe_lun]; |
3777 |
+@@ -90,7 +90,7 @@ int core_scsi3_ua_allocate( |
3778 |
+ /* |
3779 |
+ * PASSTHROUGH OPS |
3780 |
+ */ |
3781 |
+- if (!nacl) |
3782 |
++ if (!nacl || !nacl->device_list) |
3783 |
+ return -EINVAL; |
3784 |
+ |
3785 |
+ ua = kmem_cache_zalloc(se_ua_cache, GFP_ATOMIC); |
3786 |
+@@ -208,7 +208,7 @@ void core_scsi3_ua_for_check_condition( |
3787 |
+ return; |
3788 |
+ |
3789 |
+ nacl = sess->se_node_acl; |
3790 |
+- if (!nacl) |
3791 |
++ if (!nacl || !nacl->device_list) |
3792 |
+ return; |
3793 |
+ |
3794 |
+ spin_lock_irq(&nacl->device_list_lock); |
3795 |
+@@ -276,7 +276,7 @@ int core_scsi3_ua_clear_for_request_sense( |
3796 |
+ return -EINVAL; |
3797 |
+ |
3798 |
+ nacl = sess->se_node_acl; |
3799 |
+- if (!nacl) |
3800 |
++ if (!nacl || !nacl->device_list) |
3801 |
+ return -EINVAL; |
3802 |
+ |
3803 |
+ spin_lock_irq(&nacl->device_list_lock); |
3804 |
+diff --git a/drivers/target/target_core_xcopy.c b/drivers/target/target_core_xcopy.c |
3805 |
+index 8fd680ac941b..4609305a1591 100644 |
3806 |
+--- a/drivers/target/target_core_xcopy.c |
3807 |
++++ b/drivers/target/target_core_xcopy.c |
3808 |
+@@ -465,6 +465,8 @@ int target_xcopy_setup_pt(void) |
3809 |
+ memset(&xcopy_pt_sess, 0, sizeof(struct se_session)); |
3810 |
+ INIT_LIST_HEAD(&xcopy_pt_sess.sess_list); |
3811 |
+ INIT_LIST_HEAD(&xcopy_pt_sess.sess_acl_list); |
3812 |
++ INIT_LIST_HEAD(&xcopy_pt_sess.sess_cmd_list); |
3813 |
++ spin_lock_init(&xcopy_pt_sess.sess_cmd_lock); |
3814 |
+ |
3815 |
+ xcopy_pt_nacl.se_tpg = &xcopy_pt_tpg; |
3816 |
+ xcopy_pt_nacl.nacl_sess = &xcopy_pt_sess; |
3817 |
+@@ -666,7 +668,7 @@ static int target_xcopy_read_source( |
3818 |
+ pr_debug("XCOPY: Built READ_16: LBA: %llu Sectors: %u Length: %u\n", |
3819 |
+ (unsigned long long)src_lba, src_sectors, length); |
3820 |
+ |
3821 |
+- transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, NULL, length, |
3822 |
++ transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, &xcopy_pt_sess, length, |
3823 |
+ DMA_FROM_DEVICE, 0, &xpt_cmd->sense_buffer[0]); |
3824 |
+ xop->src_pt_cmd = xpt_cmd; |
3825 |
+ |
3826 |
+@@ -726,7 +728,7 @@ static int target_xcopy_write_destination( |
3827 |
+ pr_debug("XCOPY: Built WRITE_16: LBA: %llu Sectors: %u Length: %u\n", |
3828 |
+ (unsigned long long)dst_lba, dst_sectors, length); |
3829 |
+ |
3830 |
+- transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, NULL, length, |
3831 |
++ transport_init_se_cmd(se_cmd, &xcopy_pt_tfo, &xcopy_pt_sess, length, |
3832 |
+ DMA_TO_DEVICE, 0, &xpt_cmd->sense_buffer[0]); |
3833 |
+ xop->dst_pt_cmd = xpt_cmd; |
3834 |
+ |
3835 |
+diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
3836 |
+index 16ed0b6c7f9c..6b6c6606af5f 100644 |
3837 |
+--- a/drivers/tty/n_tty.c |
3838 |
++++ b/drivers/tty/n_tty.c |
3839 |
+@@ -343,8 +343,7 @@ static void n_tty_packet_mode_flush(struct tty_struct *tty) |
3840 |
+ spin_lock_irqsave(&tty->ctrl_lock, flags); |
3841 |
+ tty->ctrl_status |= TIOCPKT_FLUSHREAD; |
3842 |
+ spin_unlock_irqrestore(&tty->ctrl_lock, flags); |
3843 |
+- if (waitqueue_active(&tty->link->read_wait)) |
3844 |
+- wake_up_interruptible(&tty->link->read_wait); |
3845 |
++ wake_up_interruptible(&tty->link->read_wait); |
3846 |
+ } |
3847 |
+ } |
3848 |
+ |
3849 |
+@@ -1383,8 +1382,7 @@ handle_newline: |
3850 |
+ put_tty_queue(c, ldata); |
3851 |
+ smp_store_release(&ldata->canon_head, ldata->read_head); |
3852 |
+ kill_fasync(&tty->fasync, SIGIO, POLL_IN); |
3853 |
+- if (waitqueue_active(&tty->read_wait)) |
3854 |
+- wake_up_interruptible_poll(&tty->read_wait, POLLIN); |
3855 |
++ wake_up_interruptible_poll(&tty->read_wait, POLLIN); |
3856 |
+ return 0; |
3857 |
+ } |
3858 |
+ } |
3859 |
+@@ -1670,8 +1668,7 @@ static void __receive_buf(struct tty_struct *tty, const unsigned char *cp, |
3860 |
+ |
3861 |
+ if ((read_cnt(ldata) >= ldata->minimum_to_wake) || L_EXTPROC(tty)) { |
3862 |
+ kill_fasync(&tty->fasync, SIGIO, POLL_IN); |
3863 |
+- if (waitqueue_active(&tty->read_wait)) |
3864 |
+- wake_up_interruptible_poll(&tty->read_wait, POLLIN); |
3865 |
++ wake_up_interruptible_poll(&tty->read_wait, POLLIN); |
3866 |
+ } |
3867 |
+ } |
3868 |
+ |
3869 |
+@@ -1890,10 +1887,8 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old) |
3870 |
+ } |
3871 |
+ |
3872 |
+ /* The termios change make the tty ready for I/O */ |
3873 |
+- if (waitqueue_active(&tty->write_wait)) |
3874 |
+- wake_up_interruptible(&tty->write_wait); |
3875 |
+- if (waitqueue_active(&tty->read_wait)) |
3876 |
+- wake_up_interruptible(&tty->read_wait); |
3877 |
++ wake_up_interruptible(&tty->write_wait); |
3878 |
++ wake_up_interruptible(&tty->read_wait); |
3879 |
+ } |
3880 |
+ |
3881 |
+ /** |
3882 |
+diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c |
3883 |
+index 4506e405c8f3..b4fd8debf941 100644 |
3884 |
+--- a/drivers/tty/serial/8250/8250_core.c |
3885 |
++++ b/drivers/tty/serial/8250/8250_core.c |
3886 |
+@@ -339,6 +339,14 @@ configured less than Maximum supported fifo bytes */ |
3887 |
+ UART_FCR7_64BYTE, |
3888 |
+ .flags = UART_CAP_FIFO, |
3889 |
+ }, |
3890 |
++ [PORT_RT2880] = { |
3891 |
++ .name = "Palmchip BK-3103", |
3892 |
++ .fifo_size = 16, |
3893 |
++ .tx_loadsz = 16, |
3894 |
++ .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10, |
3895 |
++ .rxtrig_bytes = {1, 4, 8, 14}, |
3896 |
++ .flags = UART_CAP_FIFO, |
3897 |
++ }, |
3898 |
+ }; |
3899 |
+ |
3900 |
+ /* Uart divisor latch read */ |
3901 |
+diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c |
3902 |
+index 763eb20fe321..0cc622afb67d 100644 |
3903 |
+--- a/drivers/tty/serial/amba-pl011.c |
3904 |
++++ b/drivers/tty/serial/amba-pl011.c |
3905 |
+@@ -1360,9 +1360,9 @@ static void pl011_tx_softirq(struct work_struct *work) |
3906 |
+ struct uart_amba_port *uap = |
3907 |
+ container_of(dwork, struct uart_amba_port, tx_softirq_work); |
3908 |
+ |
3909 |
+- spin_lock(&uap->port.lock); |
3910 |
++ spin_lock_irq(&uap->port.lock); |
3911 |
+ while (pl011_tx_chars(uap)) ; |
3912 |
+- spin_unlock(&uap->port.lock); |
3913 |
++ spin_unlock_irq(&uap->port.lock); |
3914 |
+ } |
3915 |
+ |
3916 |
+ static void pl011_tx_irq_seen(struct uart_amba_port *uap) |
3917 |
+diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c |
3918 |
+index 5ca1dfb0561c..85323ff75edf 100644 |
3919 |
+--- a/drivers/tty/serial/atmel_serial.c |
3920 |
++++ b/drivers/tty/serial/atmel_serial.c |
3921 |
+@@ -2640,7 +2640,7 @@ static int atmel_serial_probe(struct platform_device *pdev) |
3922 |
+ ret = atmel_init_gpios(port, &pdev->dev); |
3923 |
+ if (ret < 0) { |
3924 |
+ dev_err(&pdev->dev, "Failed to initialize GPIOs."); |
3925 |
+- goto err; |
3926 |
++ goto err_clear_bit; |
3927 |
+ } |
3928 |
+ |
3929 |
+ ret = atmel_init_port(port, pdev); |
3930 |
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
3931 |
+index e5695467598f..21837f14a403 100644 |
3932 |
+--- a/drivers/tty/tty_io.c |
3933 |
++++ b/drivers/tty/tty_io.c |
3934 |
+@@ -2144,8 +2144,24 @@ retry_open: |
3935 |
+ if (!noctty && |
3936 |
+ current->signal->leader && |
3937 |
+ !current->signal->tty && |
3938 |
+- tty->session == NULL) |
3939 |
+- __proc_set_tty(tty); |
3940 |
++ tty->session == NULL) { |
3941 |
++ /* |
3942 |
++ * Don't let a process that only has write access to the tty |
3943 |
++ * obtain the privileges associated with having a tty as |
3944 |
++ * controlling terminal (being able to reopen it with full |
3945 |
++ * access through /dev/tty, being able to perform pushback). |
3946 |
++ * Many distributions set the group of all ttys to "tty" and |
3947 |
++ * grant write-only access to all terminals for setgid tty |
3948 |
++ * binaries, which should not imply full privileges on all ttys. |
3949 |
++ * |
3950 |
++ * This could theoretically break old code that performs open() |
3951 |
++ * on a write-only file descriptor. In that case, it might be |
3952 |
++ * necessary to also permit this if |
3953 |
++ * inode_permission(inode, MAY_READ) == 0. |
3954 |
++ */ |
3955 |
++ if (filp->f_mode & FMODE_READ) |
3956 |
++ __proc_set_tty(tty); |
3957 |
++ } |
3958 |
+ spin_unlock_irq(¤t->sighand->siglock); |
3959 |
+ read_unlock(&tasklist_lock); |
3960 |
+ tty_unlock(tty); |
3961 |
+@@ -2434,7 +2450,7 @@ static int fionbio(struct file *file, int __user *p) |
3962 |
+ * Takes ->siglock() when updating signal->tty |
3963 |
+ */ |
3964 |
+ |
3965 |
+-static int tiocsctty(struct tty_struct *tty, int arg) |
3966 |
++static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) |
3967 |
+ { |
3968 |
+ int ret = 0; |
3969 |
+ |
3970 |
+@@ -2468,6 +2484,13 @@ static int tiocsctty(struct tty_struct *tty, int arg) |
3971 |
+ goto unlock; |
3972 |
+ } |
3973 |
+ } |
3974 |
++ |
3975 |
++ /* See the comment in tty_open(). */ |
3976 |
++ if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { |
3977 |
++ ret = -EPERM; |
3978 |
++ goto unlock; |
3979 |
++ } |
3980 |
++ |
3981 |
+ proc_set_tty(tty); |
3982 |
+ unlock: |
3983 |
+ read_unlock(&tasklist_lock); |
3984 |
+@@ -2860,7 +2883,7 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
3985 |
+ no_tty(); |
3986 |
+ return 0; |
3987 |
+ case TIOCSCTTY: |
3988 |
+- return tiocsctty(tty, arg); |
3989 |
++ return tiocsctty(tty, file, arg); |
3990 |
+ case TIOCGPGRP: |
3991 |
+ return tiocgpgrp(tty, real_tty, p); |
3992 |
+ case TIOCSPGRP: |
3993 |
+diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c |
3994 |
+index 389f0e034259..fa774323ebda 100644 |
3995 |
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c |
3996 |
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c |
3997 |
+@@ -56,7 +56,7 @@ static const struct of_device_id ci_hdrc_imx_dt_ids[] = { |
3998 |
+ { .compatible = "fsl,imx27-usb", .data = &imx27_usb_data}, |
3999 |
+ { .compatible = "fsl,imx6q-usb", .data = &imx6q_usb_data}, |
4000 |
+ { .compatible = "fsl,imx6sl-usb", .data = &imx6sl_usb_data}, |
4001 |
+- { .compatible = "fsl,imx6sx-usb", .data = &imx6sl_usb_data}, |
4002 |
++ { .compatible = "fsl,imx6sx-usb", .data = &imx6sx_usb_data}, |
4003 |
+ { /* sentinel */ } |
4004 |
+ }; |
4005 |
+ MODULE_DEVICE_TABLE(of, ci_hdrc_imx_dt_ids); |
4006 |
+diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c |
4007 |
+index 764f668d45a9..6e53c24fa1cb 100644 |
4008 |
+--- a/drivers/usb/chipidea/udc.c |
4009 |
++++ b/drivers/usb/chipidea/udc.c |
4010 |
+@@ -656,6 +656,44 @@ __acquires(hwep->lock) |
4011 |
+ return 0; |
4012 |
+ } |
4013 |
+ |
4014 |
++static int _ep_set_halt(struct usb_ep *ep, int value, bool check_transfer) |
4015 |
++{ |
4016 |
++ struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep); |
4017 |
++ int direction, retval = 0; |
4018 |
++ unsigned long flags; |
4019 |
++ |
4020 |
++ if (ep == NULL || hwep->ep.desc == NULL) |
4021 |
++ return -EINVAL; |
4022 |
++ |
4023 |
++ if (usb_endpoint_xfer_isoc(hwep->ep.desc)) |
4024 |
++ return -EOPNOTSUPP; |
4025 |
++ |
4026 |
++ spin_lock_irqsave(hwep->lock, flags); |
4027 |
++ |
4028 |
++ if (value && hwep->dir == TX && check_transfer && |
4029 |
++ !list_empty(&hwep->qh.queue) && |
4030 |
++ !usb_endpoint_xfer_control(hwep->ep.desc)) { |
4031 |
++ spin_unlock_irqrestore(hwep->lock, flags); |
4032 |
++ return -EAGAIN; |
4033 |
++ } |
4034 |
++ |
4035 |
++ direction = hwep->dir; |
4036 |
++ do { |
4037 |
++ retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value); |
4038 |
++ |
4039 |
++ if (!value) |
4040 |
++ hwep->wedge = 0; |
4041 |
++ |
4042 |
++ if (hwep->type == USB_ENDPOINT_XFER_CONTROL) |
4043 |
++ hwep->dir = (hwep->dir == TX) ? RX : TX; |
4044 |
++ |
4045 |
++ } while (hwep->dir != direction); |
4046 |
++ |
4047 |
++ spin_unlock_irqrestore(hwep->lock, flags); |
4048 |
++ return retval; |
4049 |
++} |
4050 |
++ |
4051 |
++ |
4052 |
+ /** |
4053 |
+ * _gadget_stop_activity: stops all USB activity, flushes & disables all endpts |
4054 |
+ * @gadget: gadget |
4055 |
+@@ -1051,7 +1089,7 @@ __acquires(ci->lock) |
4056 |
+ num += ci->hw_ep_max / 2; |
4057 |
+ |
4058 |
+ spin_unlock(&ci->lock); |
4059 |
+- err = usb_ep_set_halt(&ci->ci_hw_ep[num].ep); |
4060 |
++ err = _ep_set_halt(&ci->ci_hw_ep[num].ep, 1, false); |
4061 |
+ spin_lock(&ci->lock); |
4062 |
+ if (!err) |
4063 |
+ isr_setup_status_phase(ci); |
4064 |
+@@ -1110,8 +1148,8 @@ delegate: |
4065 |
+ |
4066 |
+ if (err < 0) { |
4067 |
+ spin_unlock(&ci->lock); |
4068 |
+- if (usb_ep_set_halt(&hwep->ep)) |
4069 |
+- dev_err(ci->dev, "error: ep_set_halt\n"); |
4070 |
++ if (_ep_set_halt(&hwep->ep, 1, false)) |
4071 |
++ dev_err(ci->dev, "error: _ep_set_halt\n"); |
4072 |
+ spin_lock(&ci->lock); |
4073 |
+ } |
4074 |
+ } |
4075 |
+@@ -1142,9 +1180,9 @@ __acquires(ci->lock) |
4076 |
+ err = isr_setup_status_phase(ci); |
4077 |
+ if (err < 0) { |
4078 |
+ spin_unlock(&ci->lock); |
4079 |
+- if (usb_ep_set_halt(&hwep->ep)) |
4080 |
++ if (_ep_set_halt(&hwep->ep, 1, false)) |
4081 |
+ dev_err(ci->dev, |
4082 |
+- "error: ep_set_halt\n"); |
4083 |
++ "error: _ep_set_halt\n"); |
4084 |
+ spin_lock(&ci->lock); |
4085 |
+ } |
4086 |
+ } |
4087 |
+@@ -1390,41 +1428,7 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req) |
4088 |
+ */ |
4089 |
+ static int ep_set_halt(struct usb_ep *ep, int value) |
4090 |
+ { |
4091 |
+- struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep); |
4092 |
+- int direction, retval = 0; |
4093 |
+- unsigned long flags; |
4094 |
+- |
4095 |
+- if (ep == NULL || hwep->ep.desc == NULL) |
4096 |
+- return -EINVAL; |
4097 |
+- |
4098 |
+- if (usb_endpoint_xfer_isoc(hwep->ep.desc)) |
4099 |
+- return -EOPNOTSUPP; |
4100 |
+- |
4101 |
+- spin_lock_irqsave(hwep->lock, flags); |
4102 |
+- |
4103 |
+-#ifndef STALL_IN |
4104 |
+- /* g_file_storage MS compliant but g_zero fails chapter 9 compliance */ |
4105 |
+- if (value && hwep->type == USB_ENDPOINT_XFER_BULK && hwep->dir == TX && |
4106 |
+- !list_empty(&hwep->qh.queue)) { |
4107 |
+- spin_unlock_irqrestore(hwep->lock, flags); |
4108 |
+- return -EAGAIN; |
4109 |
+- } |
4110 |
+-#endif |
4111 |
+- |
4112 |
+- direction = hwep->dir; |
4113 |
+- do { |
4114 |
+- retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value); |
4115 |
+- |
4116 |
+- if (!value) |
4117 |
+- hwep->wedge = 0; |
4118 |
+- |
4119 |
+- if (hwep->type == USB_ENDPOINT_XFER_CONTROL) |
4120 |
+- hwep->dir = (hwep->dir == TX) ? RX : TX; |
4121 |
+- |
4122 |
+- } while (hwep->dir != direction); |
4123 |
+- |
4124 |
+- spin_unlock_irqrestore(hwep->lock, flags); |
4125 |
+- return retval; |
4126 |
++ return _ep_set_halt(ep, value, true); |
4127 |
+ } |
4128 |
+ |
4129 |
+ /** |
4130 |
+diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c |
4131 |
+index b2a540b43f97..b9ddf0c1ffe5 100644 |
4132 |
+--- a/drivers/usb/core/config.c |
4133 |
++++ b/drivers/usb/core/config.c |
4134 |
+@@ -112,7 +112,7 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno, |
4135 |
+ cfgno, inum, asnum, ep->desc.bEndpointAddress); |
4136 |
+ ep->ss_ep_comp.bmAttributes = 16; |
4137 |
+ } else if (usb_endpoint_xfer_isoc(&ep->desc) && |
4138 |
+- desc->bmAttributes > 2) { |
4139 |
++ USB_SS_MULT(desc->bmAttributes) > 3) { |
4140 |
+ dev_warn(ddev, "Isoc endpoint has Mult of %d in " |
4141 |
+ "config %d interface %d altsetting %d ep %d: " |
4142 |
+ "setting to 3\n", desc->bmAttributes + 1, |
4143 |
+@@ -121,7 +121,8 @@ static void usb_parse_ss_endpoint_companion(struct device *ddev, int cfgno, |
4144 |
+ } |
4145 |
+ |
4146 |
+ if (usb_endpoint_xfer_isoc(&ep->desc)) |
4147 |
+- max_tx = (desc->bMaxBurst + 1) * (desc->bmAttributes + 1) * |
4148 |
++ max_tx = (desc->bMaxBurst + 1) * |
4149 |
++ (USB_SS_MULT(desc->bmAttributes)) * |
4150 |
+ usb_endpoint_maxp(&ep->desc); |
4151 |
+ else if (usb_endpoint_xfer_int(&ep->desc)) |
4152 |
+ max_tx = usb_endpoint_maxp(&ep->desc) * |
4153 |
+diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c |
4154 |
+index d85abfed84cc..f5a381945db2 100644 |
4155 |
+--- a/drivers/usb/core/quirks.c |
4156 |
++++ b/drivers/usb/core/quirks.c |
4157 |
+@@ -54,6 +54,13 @@ static const struct usb_device_id usb_quirk_list[] = { |
4158 |
+ { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, |
4159 |
+ { USB_DEVICE(0x046d, 0x0843), .driver_info = USB_QUIRK_DELAY_INIT }, |
4160 |
+ |
4161 |
++ /* Logitech ConferenceCam CC3000e */ |
4162 |
++ { USB_DEVICE(0x046d, 0x0847), .driver_info = USB_QUIRK_DELAY_INIT }, |
4163 |
++ { USB_DEVICE(0x046d, 0x0848), .driver_info = USB_QUIRK_DELAY_INIT }, |
4164 |
++ |
4165 |
++ /* Logitech PTZ Pro Camera */ |
4166 |
++ { USB_DEVICE(0x046d, 0x0853), .driver_info = USB_QUIRK_DELAY_INIT }, |
4167 |
++ |
4168 |
+ /* Logitech Quickcam Fusion */ |
4169 |
+ { USB_DEVICE(0x046d, 0x08c1), .driver_info = USB_QUIRK_RESET_RESUME }, |
4170 |
+ |
4171 |
+@@ -78,6 +85,12 @@ static const struct usb_device_id usb_quirk_list[] = { |
4172 |
+ /* Philips PSC805 audio device */ |
4173 |
+ { USB_DEVICE(0x0471, 0x0155), .driver_info = USB_QUIRK_RESET_RESUME }, |
4174 |
+ |
4175 |
++ /* Plantronic Audio 655 DSP */ |
4176 |
++ { USB_DEVICE(0x047f, 0xc008), .driver_info = USB_QUIRK_RESET_RESUME }, |
4177 |
++ |
4178 |
++ /* Plantronic Audio 648 USB */ |
4179 |
++ { USB_DEVICE(0x047f, 0xc013), .driver_info = USB_QUIRK_RESET_RESUME }, |
4180 |
++ |
4181 |
+ /* Artisman Watchdog Dongle */ |
4182 |
+ { USB_DEVICE(0x04b4, 0x0526), .driver_info = |
4183 |
+ USB_QUIRK_CONFIG_INTF_STRINGS }, |
4184 |
+diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c |
4185 |
+index 9a8c936cd42c..41f841fa6c4d 100644 |
4186 |
+--- a/drivers/usb/host/xhci-mem.c |
4187 |
++++ b/drivers/usb/host/xhci-mem.c |
4188 |
+@@ -1498,10 +1498,10 @@ int xhci_endpoint_init(struct xhci_hcd *xhci, |
4189 |
+ * use Event Data TRBs, and we don't chain in a link TRB on short |
4190 |
+ * transfers, we're basically dividing by 1. |
4191 |
+ * |
4192 |
+- * xHCI 1.0 specification indicates that the Average TRB Length should |
4193 |
+- * be set to 8 for control endpoints. |
4194 |
++ * xHCI 1.0 and 1.1 specification indicates that the Average TRB Length |
4195 |
++ * should be set to 8 for control endpoints. |
4196 |
+ */ |
4197 |
+- if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version == 0x100) |
4198 |
++ if (usb_endpoint_xfer_control(&ep->desc) && xhci->hci_version >= 0x100) |
4199 |
+ ep_ctx->tx_info |= cpu_to_le32(AVG_TRB_LENGTH_FOR_EP(8)); |
4200 |
+ else |
4201 |
+ ep_ctx->tx_info |= |
4202 |
+@@ -1792,8 +1792,7 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) |
4203 |
+ int size; |
4204 |
+ int i, j, num_ports; |
4205 |
+ |
4206 |
+- if (timer_pending(&xhci->cmd_timer)) |
4207 |
+- del_timer_sync(&xhci->cmd_timer); |
4208 |
++ del_timer_sync(&xhci->cmd_timer); |
4209 |
+ |
4210 |
+ /* Free the Event Ring Segment Table and the actual Event Ring */ |
4211 |
+ size = sizeof(struct xhci_erst_entry)*(xhci->erst.num_entries); |
4212 |
+@@ -2321,6 +2320,10 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) |
4213 |
+ |
4214 |
+ INIT_LIST_HEAD(&xhci->cmd_list); |
4215 |
+ |
4216 |
++ /* init command timeout timer */ |
4217 |
++ setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout, |
4218 |
++ (unsigned long)xhci); |
4219 |
++ |
4220 |
+ page_size = readl(&xhci->op_regs->page_size); |
4221 |
+ xhci_dbg_trace(xhci, trace_xhci_dbg_init, |
4222 |
+ "Supported page size register = 0x%x", page_size); |
4223 |
+@@ -2505,10 +2508,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) |
4224 |
+ "Wrote ERST address to ir_set 0."); |
4225 |
+ xhci_print_ir_set(xhci, 0); |
4226 |
+ |
4227 |
+- /* init command timeout timer */ |
4228 |
+- setup_timer(&xhci->cmd_timer, xhci_handle_command_timeout, |
4229 |
+- (unsigned long)xhci); |
4230 |
+- |
4231 |
+ /* |
4232 |
+ * XXX: Might need to set the Interrupter Moderation Register to |
4233 |
+ * something other than the default (~1ms minimum between interrupts). |
4234 |
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c |
4235 |
+index b3a0a2275f5a..ad975a2975ca 100644 |
4236 |
+--- a/drivers/usb/host/xhci-ring.c |
4237 |
++++ b/drivers/usb/host/xhci-ring.c |
4238 |
+@@ -302,6 +302,15 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci) |
4239 |
+ ret = xhci_handshake(&xhci->op_regs->cmd_ring, |
4240 |
+ CMD_RING_RUNNING, 0, 5 * 1000 * 1000); |
4241 |
+ if (ret < 0) { |
4242 |
++ /* we are about to kill xhci, give it one more chance */ |
4243 |
++ xhci_write_64(xhci, temp_64 | CMD_RING_ABORT, |
4244 |
++ &xhci->op_regs->cmd_ring); |
4245 |
++ udelay(1000); |
4246 |
++ ret = xhci_handshake(&xhci->op_regs->cmd_ring, |
4247 |
++ CMD_RING_RUNNING, 0, 3 * 1000 * 1000); |
4248 |
++ if (ret == 0) |
4249 |
++ return 0; |
4250 |
++ |
4251 |
+ xhci_err(xhci, "Stopped the command ring failed, " |
4252 |
+ "maybe the host is dead\n"); |
4253 |
+ xhci->xhc_state |= XHCI_STATE_DYING; |
4254 |
+@@ -3041,9 +3050,11 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4255 |
+ struct xhci_td *td; |
4256 |
+ struct scatterlist *sg; |
4257 |
+ int num_sgs; |
4258 |
+- int trb_buff_len, this_sg_len, running_total; |
4259 |
++ int trb_buff_len, this_sg_len, running_total, ret; |
4260 |
+ unsigned int total_packet_count; |
4261 |
++ bool zero_length_needed; |
4262 |
+ bool first_trb; |
4263 |
++ int last_trb_num; |
4264 |
+ u64 addr; |
4265 |
+ bool more_trbs_coming; |
4266 |
+ |
4267 |
+@@ -3059,13 +3070,27 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4268 |
+ total_packet_count = DIV_ROUND_UP(urb->transfer_buffer_length, |
4269 |
+ usb_endpoint_maxp(&urb->ep->desc)); |
4270 |
+ |
4271 |
+- trb_buff_len = prepare_transfer(xhci, xhci->devs[slot_id], |
4272 |
++ ret = prepare_transfer(xhci, xhci->devs[slot_id], |
4273 |
+ ep_index, urb->stream_id, |
4274 |
+ num_trbs, urb, 0, mem_flags); |
4275 |
+- if (trb_buff_len < 0) |
4276 |
+- return trb_buff_len; |
4277 |
++ if (ret < 0) |
4278 |
++ return ret; |
4279 |
+ |
4280 |
+ urb_priv = urb->hcpriv; |
4281 |
++ |
4282 |
++ /* Deal with URB_ZERO_PACKET - need one more td/trb */ |
4283 |
++ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET && |
4284 |
++ urb_priv->length == 2; |
4285 |
++ if (zero_length_needed) { |
4286 |
++ num_trbs++; |
4287 |
++ xhci_dbg(xhci, "Creating zero length td.\n"); |
4288 |
++ ret = prepare_transfer(xhci, xhci->devs[slot_id], |
4289 |
++ ep_index, urb->stream_id, |
4290 |
++ 1, urb, 1, mem_flags); |
4291 |
++ if (ret < 0) |
4292 |
++ return ret; |
4293 |
++ } |
4294 |
++ |
4295 |
+ td = urb_priv->td[0]; |
4296 |
+ |
4297 |
+ /* |
4298 |
+@@ -3095,6 +3120,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4299 |
+ trb_buff_len = urb->transfer_buffer_length; |
4300 |
+ |
4301 |
+ first_trb = true; |
4302 |
++ last_trb_num = zero_length_needed ? 2 : 1; |
4303 |
+ /* Queue the first TRB, even if it's zero-length */ |
4304 |
+ do { |
4305 |
+ u32 field = 0; |
4306 |
+@@ -3112,12 +3138,15 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4307 |
+ /* Chain all the TRBs together; clear the chain bit in the last |
4308 |
+ * TRB to indicate it's the last TRB in the chain. |
4309 |
+ */ |
4310 |
+- if (num_trbs > 1) { |
4311 |
++ if (num_trbs > last_trb_num) { |
4312 |
+ field |= TRB_CHAIN; |
4313 |
+- } else { |
4314 |
+- /* FIXME - add check for ZERO_PACKET flag before this */ |
4315 |
++ } else if (num_trbs == last_trb_num) { |
4316 |
+ td->last_trb = ep_ring->enqueue; |
4317 |
+ field |= TRB_IOC; |
4318 |
++ } else if (zero_length_needed && num_trbs == 1) { |
4319 |
++ trb_buff_len = 0; |
4320 |
++ urb_priv->td[1]->last_trb = ep_ring->enqueue; |
4321 |
++ field |= TRB_IOC; |
4322 |
+ } |
4323 |
+ |
4324 |
+ /* Only set interrupt on short packet for IN endpoints */ |
4325 |
+@@ -3179,7 +3208,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4326 |
+ if (running_total + trb_buff_len > urb->transfer_buffer_length) |
4327 |
+ trb_buff_len = |
4328 |
+ urb->transfer_buffer_length - running_total; |
4329 |
+- } while (running_total < urb->transfer_buffer_length); |
4330 |
++ } while (num_trbs > 0); |
4331 |
+ |
4332 |
+ check_trb_math(urb, num_trbs, running_total); |
4333 |
+ giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id, |
4334 |
+@@ -3197,7 +3226,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4335 |
+ int num_trbs; |
4336 |
+ struct xhci_generic_trb *start_trb; |
4337 |
+ bool first_trb; |
4338 |
++ int last_trb_num; |
4339 |
+ bool more_trbs_coming; |
4340 |
++ bool zero_length_needed; |
4341 |
+ int start_cycle; |
4342 |
+ u32 field, length_field; |
4343 |
+ |
4344 |
+@@ -3228,7 +3259,6 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4345 |
+ num_trbs++; |
4346 |
+ running_total += TRB_MAX_BUFF_SIZE; |
4347 |
+ } |
4348 |
+- /* FIXME: this doesn't deal with URB_ZERO_PACKET - need one more */ |
4349 |
+ |
4350 |
+ ret = prepare_transfer(xhci, xhci->devs[slot_id], |
4351 |
+ ep_index, urb->stream_id, |
4352 |
+@@ -3237,6 +3267,20 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4353 |
+ return ret; |
4354 |
+ |
4355 |
+ urb_priv = urb->hcpriv; |
4356 |
++ |
4357 |
++ /* Deal with URB_ZERO_PACKET - need one more td/trb */ |
4358 |
++ zero_length_needed = urb->transfer_flags & URB_ZERO_PACKET && |
4359 |
++ urb_priv->length == 2; |
4360 |
++ if (zero_length_needed) { |
4361 |
++ num_trbs++; |
4362 |
++ xhci_dbg(xhci, "Creating zero length td.\n"); |
4363 |
++ ret = prepare_transfer(xhci, xhci->devs[slot_id], |
4364 |
++ ep_index, urb->stream_id, |
4365 |
++ 1, urb, 1, mem_flags); |
4366 |
++ if (ret < 0) |
4367 |
++ return ret; |
4368 |
++ } |
4369 |
++ |
4370 |
+ td = urb_priv->td[0]; |
4371 |
+ |
4372 |
+ /* |
4373 |
+@@ -3258,7 +3302,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4374 |
+ trb_buff_len = urb->transfer_buffer_length; |
4375 |
+ |
4376 |
+ first_trb = true; |
4377 |
+- |
4378 |
++ last_trb_num = zero_length_needed ? 2 : 1; |
4379 |
+ /* Queue the first TRB, even if it's zero-length */ |
4380 |
+ do { |
4381 |
+ u32 remainder = 0; |
4382 |
+@@ -3275,12 +3319,15 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4383 |
+ /* Chain all the TRBs together; clear the chain bit in the last |
4384 |
+ * TRB to indicate it's the last TRB in the chain. |
4385 |
+ */ |
4386 |
+- if (num_trbs > 1) { |
4387 |
++ if (num_trbs > last_trb_num) { |
4388 |
+ field |= TRB_CHAIN; |
4389 |
+- } else { |
4390 |
+- /* FIXME - add check for ZERO_PACKET flag before this */ |
4391 |
++ } else if (num_trbs == last_trb_num) { |
4392 |
+ td->last_trb = ep_ring->enqueue; |
4393 |
+ field |= TRB_IOC; |
4394 |
++ } else if (zero_length_needed && num_trbs == 1) { |
4395 |
++ trb_buff_len = 0; |
4396 |
++ urb_priv->td[1]->last_trb = ep_ring->enqueue; |
4397 |
++ field |= TRB_IOC; |
4398 |
+ } |
4399 |
+ |
4400 |
+ /* Only set interrupt on short packet for IN endpoints */ |
4401 |
+@@ -3318,7 +3365,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4402 |
+ trb_buff_len = urb->transfer_buffer_length - running_total; |
4403 |
+ if (trb_buff_len > TRB_MAX_BUFF_SIZE) |
4404 |
+ trb_buff_len = TRB_MAX_BUFF_SIZE; |
4405 |
+- } while (running_total < urb->transfer_buffer_length); |
4406 |
++ } while (num_trbs > 0); |
4407 |
+ |
4408 |
+ check_trb_math(urb, num_trbs, running_total); |
4409 |
+ giveback_first_trb(xhci, slot_id, ep_index, urb->stream_id, |
4410 |
+@@ -3385,8 +3432,8 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags, |
4411 |
+ if (start_cycle == 0) |
4412 |
+ field |= 0x1; |
4413 |
+ |
4414 |
+- /* xHCI 1.0 6.4.1.2.1: Transfer Type field */ |
4415 |
+- if (xhci->hci_version == 0x100) { |
4416 |
++ /* xHCI 1.0/1.1 6.4.1.2.1: Transfer Type field */ |
4417 |
++ if (xhci->hci_version >= 0x100) { |
4418 |
+ if (urb->transfer_buffer_length > 0) { |
4419 |
+ if (setup->bRequestType & USB_DIR_IN) |
4420 |
+ field |= TRB_TX_TYPE(TRB_DATA_IN); |
4421 |
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c |
4422 |
+index c502c2277aeb..26f62b2b33f8 100644 |
4423 |
+--- a/drivers/usb/host/xhci.c |
4424 |
++++ b/drivers/usb/host/xhci.c |
4425 |
+@@ -146,7 +146,8 @@ static int xhci_start(struct xhci_hcd *xhci) |
4426 |
+ "waited %u microseconds.\n", |
4427 |
+ XHCI_MAX_HALT_USEC); |
4428 |
+ if (!ret) |
4429 |
+- xhci->xhc_state &= ~XHCI_STATE_HALTED; |
4430 |
++ xhci->xhc_state &= ~(XHCI_STATE_HALTED | XHCI_STATE_DYING); |
4431 |
++ |
4432 |
+ return ret; |
4433 |
+ } |
4434 |
+ |
4435 |
+@@ -683,8 +684,11 @@ void xhci_stop(struct usb_hcd *hcd) |
4436 |
+ u32 temp; |
4437 |
+ struct xhci_hcd *xhci = hcd_to_xhci(hcd); |
4438 |
+ |
4439 |
++ mutex_lock(&xhci->mutex); |
4440 |
++ |
4441 |
+ if (!usb_hcd_is_primary_hcd(hcd)) { |
4442 |
+ xhci_only_stop_hcd(xhci->shared_hcd); |
4443 |
++ mutex_unlock(&xhci->mutex); |
4444 |
+ return; |
4445 |
+ } |
4446 |
+ |
4447 |
+@@ -723,6 +727,7 @@ void xhci_stop(struct usb_hcd *hcd) |
4448 |
+ xhci_dbg_trace(xhci, trace_xhci_dbg_init, |
4449 |
+ "xhci_stop completed - status = %x", |
4450 |
+ readl(&xhci->op_regs->status)); |
4451 |
++ mutex_unlock(&xhci->mutex); |
4452 |
+ } |
4453 |
+ |
4454 |
+ /* |
4455 |
+@@ -1340,6 +1345,11 @@ int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flags) |
4456 |
+ |
4457 |
+ if (usb_endpoint_xfer_isoc(&urb->ep->desc)) |
4458 |
+ size = urb->number_of_packets; |
4459 |
++ else if (usb_endpoint_is_bulk_out(&urb->ep->desc) && |
4460 |
++ urb->transfer_buffer_length > 0 && |
4461 |
++ urb->transfer_flags & URB_ZERO_PACKET && |
4462 |
++ !(urb->transfer_buffer_length % usb_endpoint_maxp(&urb->ep->desc))) |
4463 |
++ size = 2; |
4464 |
+ else |
4465 |
+ size = 1; |
4466 |
+ |
4467 |
+@@ -3790,6 +3800,9 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev, |
4468 |
+ |
4469 |
+ mutex_lock(&xhci->mutex); |
4470 |
+ |
4471 |
++ if (xhci->xhc_state) /* dying or halted */ |
4472 |
++ goto out; |
4473 |
++ |
4474 |
+ if (!udev->slot_id) { |
4475 |
+ xhci_dbg_trace(xhci, trace_xhci_dbg_address, |
4476 |
+ "Bad Slot ID %d", udev->slot_id); |
4477 |
+diff --git a/drivers/usb/misc/chaoskey.c b/drivers/usb/misc/chaoskey.c |
4478 |
+index 3ad5d19e4d04..23c794813e6a 100644 |
4479 |
+--- a/drivers/usb/misc/chaoskey.c |
4480 |
++++ b/drivers/usb/misc/chaoskey.c |
4481 |
+@@ -472,7 +472,7 @@ static int chaoskey_rng_read(struct hwrng *rng, void *data, |
4482 |
+ if (this_time > max) |
4483 |
+ this_time = max; |
4484 |
+ |
4485 |
+- memcpy(data, dev->buf, this_time); |
4486 |
++ memcpy(data, dev->buf + dev->used, this_time); |
4487 |
+ |
4488 |
+ dev->used += this_time; |
4489 |
+ |
4490 |
+diff --git a/drivers/usb/musb/musb_cppi41.c b/drivers/usb/musb/musb_cppi41.c |
4491 |
+index 8bd8c5e26921..d5a140745640 100644 |
4492 |
+--- a/drivers/usb/musb/musb_cppi41.c |
4493 |
++++ b/drivers/usb/musb/musb_cppi41.c |
4494 |
+@@ -614,7 +614,7 @@ static int cppi41_dma_controller_start(struct cppi41_dma_controller *controller) |
4495 |
+ { |
4496 |
+ struct musb *musb = controller->musb; |
4497 |
+ struct device *dev = musb->controller; |
4498 |
+- struct device_node *np = dev->of_node; |
4499 |
++ struct device_node *np = dev->parent->of_node; |
4500 |
+ struct cppi41_dma_channel *cppi41_channel; |
4501 |
+ int count; |
4502 |
+ int i; |
4503 |
+@@ -664,7 +664,7 @@ static int cppi41_dma_controller_start(struct cppi41_dma_controller *controller) |
4504 |
+ musb_dma->status = MUSB_DMA_STATUS_FREE; |
4505 |
+ musb_dma->max_len = SZ_4M; |
4506 |
+ |
4507 |
+- dc = dma_request_slave_channel(dev, str); |
4508 |
++ dc = dma_request_slave_channel(dev->parent, str); |
4509 |
+ if (!dc) { |
4510 |
+ dev_err(dev, "Failed to request %s.\n", str); |
4511 |
+ ret = -EPROBE_DEFER; |
4512 |
+@@ -694,7 +694,7 @@ struct dma_controller *dma_controller_create(struct musb *musb, |
4513 |
+ struct cppi41_dma_controller *controller; |
4514 |
+ int ret = 0; |
4515 |
+ |
4516 |
+- if (!musb->controller->of_node) { |
4517 |
++ if (!musb->controller->parent->of_node) { |
4518 |
+ dev_err(musb->controller, "Need DT for the DMA engine.\n"); |
4519 |
+ return NULL; |
4520 |
+ } |
4521 |
+diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c |
4522 |
+index 65d931a28a14..dcac5e7f19e0 100644 |
4523 |
+--- a/drivers/usb/musb/musb_dsps.c |
4524 |
++++ b/drivers/usb/musb/musb_dsps.c |
4525 |
+@@ -225,8 +225,11 @@ static void dsps_musb_enable(struct musb *musb) |
4526 |
+ |
4527 |
+ dsps_writel(reg_base, wrp->epintr_set, epmask); |
4528 |
+ dsps_writel(reg_base, wrp->coreintr_set, coremask); |
4529 |
+- /* start polling for ID change. */ |
4530 |
+- mod_timer(&glue->timer, jiffies + msecs_to_jiffies(wrp->poll_timeout)); |
4531 |
++ /* start polling for ID change in dual-role idle mode */ |
4532 |
++ if (musb->xceiv->otg->state == OTG_STATE_B_IDLE && |
4533 |
++ musb->port_mode == MUSB_PORT_MODE_DUAL_ROLE) |
4534 |
++ mod_timer(&glue->timer, jiffies + |
4535 |
++ msecs_to_jiffies(wrp->poll_timeout)); |
4536 |
+ dsps_musb_try_idle(musb, 0); |
4537 |
+ } |
4538 |
+ |
4539 |
+diff --git a/drivers/usb/phy/phy-generic.c b/drivers/usb/phy/phy-generic.c |
4540 |
+index deee68eafb72..0cd85f2ccddd 100644 |
4541 |
+--- a/drivers/usb/phy/phy-generic.c |
4542 |
++++ b/drivers/usb/phy/phy-generic.c |
4543 |
+@@ -230,7 +230,8 @@ int usb_phy_gen_create_phy(struct device *dev, struct usb_phy_generic *nop, |
4544 |
+ clk_rate = pdata->clk_rate; |
4545 |
+ needs_vcc = pdata->needs_vcc; |
4546 |
+ if (gpio_is_valid(pdata->gpio_reset)) { |
4547 |
+- err = devm_gpio_request_one(dev, pdata->gpio_reset, 0, |
4548 |
++ err = devm_gpio_request_one(dev, pdata->gpio_reset, |
4549 |
++ GPIOF_ACTIVE_LOW, |
4550 |
+ dev_name(dev)); |
4551 |
+ if (!err) |
4552 |
+ nop->gpiod_reset = |
4553 |
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
4554 |
+index 876423b8892c..7c8eb4c4c175 100644 |
4555 |
+--- a/drivers/usb/serial/option.c |
4556 |
++++ b/drivers/usb/serial/option.c |
4557 |
+@@ -278,6 +278,10 @@ static void option_instat_callback(struct urb *urb); |
4558 |
+ #define ZTE_PRODUCT_MF622 0x0001 |
4559 |
+ #define ZTE_PRODUCT_MF628 0x0015 |
4560 |
+ #define ZTE_PRODUCT_MF626 0x0031 |
4561 |
++#define ZTE_PRODUCT_ZM8620_X 0x0396 |
4562 |
++#define ZTE_PRODUCT_ME3620_MBIM 0x0426 |
4563 |
++#define ZTE_PRODUCT_ME3620_X 0x1432 |
4564 |
++#define ZTE_PRODUCT_ME3620_L 0x1433 |
4565 |
+ #define ZTE_PRODUCT_AC2726 0xfff1 |
4566 |
+ #define ZTE_PRODUCT_MG880 0xfffd |
4567 |
+ #define ZTE_PRODUCT_CDMA_TECH 0xfffe |
4568 |
+@@ -544,6 +548,18 @@ static const struct option_blacklist_info zte_mc2716_z_blacklist = { |
4569 |
+ .sendsetup = BIT(1) | BIT(2) | BIT(3), |
4570 |
+ }; |
4571 |
+ |
4572 |
++static const struct option_blacklist_info zte_me3620_mbim_blacklist = { |
4573 |
++ .reserved = BIT(2) | BIT(3) | BIT(4), |
4574 |
++}; |
4575 |
++ |
4576 |
++static const struct option_blacklist_info zte_me3620_xl_blacklist = { |
4577 |
++ .reserved = BIT(3) | BIT(4) | BIT(5), |
4578 |
++}; |
4579 |
++ |
4580 |
++static const struct option_blacklist_info zte_zm8620_x_blacklist = { |
4581 |
++ .reserved = BIT(3) | BIT(4) | BIT(5), |
4582 |
++}; |
4583 |
++ |
4584 |
+ static const struct option_blacklist_info huawei_cdc12_blacklist = { |
4585 |
+ .reserved = BIT(1) | BIT(2), |
4586 |
+ }; |
4587 |
+@@ -1591,6 +1607,14 @@ static const struct usb_device_id option_ids[] = { |
4588 |
+ .driver_info = (kernel_ulong_t)&zte_ad3812_z_blacklist }, |
4589 |
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MC2716, 0xff, 0xff, 0xff), |
4590 |
+ .driver_info = (kernel_ulong_t)&zte_mc2716_z_blacklist }, |
4591 |
++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_L), |
4592 |
++ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist }, |
4593 |
++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_MBIM), |
4594 |
++ .driver_info = (kernel_ulong_t)&zte_me3620_mbim_blacklist }, |
4595 |
++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ME3620_X), |
4596 |
++ .driver_info = (kernel_ulong_t)&zte_me3620_xl_blacklist }, |
4597 |
++ { USB_DEVICE(ZTE_VENDOR_ID, ZTE_PRODUCT_ZM8620_X), |
4598 |
++ .driver_info = (kernel_ulong_t)&zte_zm8620_x_blacklist }, |
4599 |
+ { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x01) }, |
4600 |
+ { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x02, 0x05) }, |
4601 |
+ { USB_VENDOR_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0xff, 0x86, 0x10) }, |
4602 |
+diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c |
4603 |
+index 6c3734d2b45a..d3ea90bef84d 100644 |
4604 |
+--- a/drivers/usb/serial/whiteheat.c |
4605 |
++++ b/drivers/usb/serial/whiteheat.c |
4606 |
+@@ -80,6 +80,8 @@ static int whiteheat_firmware_download(struct usb_serial *serial, |
4607 |
+ static int whiteheat_firmware_attach(struct usb_serial *serial); |
4608 |
+ |
4609 |
+ /* function prototypes for the Connect Tech WhiteHEAT serial converter */ |
4610 |
++static int whiteheat_probe(struct usb_serial *serial, |
4611 |
++ const struct usb_device_id *id); |
4612 |
+ static int whiteheat_attach(struct usb_serial *serial); |
4613 |
+ static void whiteheat_release(struct usb_serial *serial); |
4614 |
+ static int whiteheat_port_probe(struct usb_serial_port *port); |
4615 |
+@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = { |
4616 |
+ .description = "Connect Tech - WhiteHEAT", |
4617 |
+ .id_table = id_table_std, |
4618 |
+ .num_ports = 4, |
4619 |
++ .probe = whiteheat_probe, |
4620 |
+ .attach = whiteheat_attach, |
4621 |
+ .release = whiteheat_release, |
4622 |
+ .port_probe = whiteheat_port_probe, |
4623 |
+@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial) |
4624 |
+ /***************************************************************************** |
4625 |
+ * Connect Tech's White Heat serial driver functions |
4626 |
+ *****************************************************************************/ |
4627 |
++ |
4628 |
++static int whiteheat_probe(struct usb_serial *serial, |
4629 |
++ const struct usb_device_id *id) |
4630 |
++{ |
4631 |
++ struct usb_host_interface *iface_desc; |
4632 |
++ struct usb_endpoint_descriptor *endpoint; |
4633 |
++ size_t num_bulk_in = 0; |
4634 |
++ size_t num_bulk_out = 0; |
4635 |
++ size_t min_num_bulk; |
4636 |
++ unsigned int i; |
4637 |
++ |
4638 |
++ iface_desc = serial->interface->cur_altsetting; |
4639 |
++ |
4640 |
++ for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) { |
4641 |
++ endpoint = &iface_desc->endpoint[i].desc; |
4642 |
++ if (usb_endpoint_is_bulk_in(endpoint)) |
4643 |
++ ++num_bulk_in; |
4644 |
++ if (usb_endpoint_is_bulk_out(endpoint)) |
4645 |
++ ++num_bulk_out; |
4646 |
++ } |
4647 |
++ |
4648 |
++ min_num_bulk = COMMAND_PORT + 1; |
4649 |
++ if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk) |
4650 |
++ return -ENODEV; |
4651 |
++ |
4652 |
++ return 0; |
4653 |
++} |
4654 |
++ |
4655 |
+ static int whiteheat_attach(struct usb_serial *serial) |
4656 |
+ { |
4657 |
+ struct usb_serial_port *command_port; |
4658 |
+diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig |
4659 |
+index 109462303087..d1e1e1704da1 100644 |
4660 |
+--- a/drivers/video/fbdev/Kconfig |
4661 |
++++ b/drivers/video/fbdev/Kconfig |
4662 |
+@@ -298,7 +298,7 @@ config FB_ARMCLCD |
4663 |
+ |
4664 |
+ # Helper logic selected only by the ARM Versatile platform family. |
4665 |
+ config PLAT_VERSATILE_CLCD |
4666 |
+- def_bool ARCH_VERSATILE || ARCH_REALVIEW || ARCH_VEXPRESS |
4667 |
++ def_bool ARCH_VERSATILE || ARCH_REALVIEW || ARCH_VEXPRESS || ARCH_INTEGRATOR |
4668 |
+ depends on ARM |
4669 |
+ depends on FB_ARMCLCD && FB=y |
4670 |
+ |
4671 |
+diff --git a/drivers/watchdog/sunxi_wdt.c b/drivers/watchdog/sunxi_wdt.c |
4672 |
+index a29afb37c48c..47bd8a14d01f 100644 |
4673 |
+--- a/drivers/watchdog/sunxi_wdt.c |
4674 |
++++ b/drivers/watchdog/sunxi_wdt.c |
4675 |
+@@ -184,7 +184,7 @@ static int sunxi_wdt_start(struct watchdog_device *wdt_dev) |
4676 |
+ /* Set system reset function */ |
4677 |
+ reg = readl(wdt_base + regs->wdt_cfg); |
4678 |
+ reg &= ~(regs->wdt_reset_mask); |
4679 |
+- reg |= ~(regs->wdt_reset_val); |
4680 |
++ reg |= regs->wdt_reset_val; |
4681 |
+ writel(reg, wdt_base + regs->wdt_cfg); |
4682 |
+ |
4683 |
+ /* Enable watchdog */ |
4684 |
+diff --git a/fs/block_dev.c b/fs/block_dev.c |
4685 |
+index c7e4163ede87..ccfd31f1df3a 100644 |
4686 |
+--- a/fs/block_dev.c |
4687 |
++++ b/fs/block_dev.c |
4688 |
+@@ -1234,6 +1234,13 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part) |
4689 |
+ goto out_clear; |
4690 |
+ } |
4691 |
+ bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9); |
4692 |
++ /* |
4693 |
++ * If the partition is not aligned on a page |
4694 |
++ * boundary, we can't do dax I/O to it. |
4695 |
++ */ |
4696 |
++ if ((bdev->bd_part->start_sect % (PAGE_SIZE / 512)) || |
4697 |
++ (bdev->bd_part->nr_sects % (PAGE_SIZE / 512))) |
4698 |
++ bdev->bd_inode->i_flags &= ~S_DAX; |
4699 |
+ } |
4700 |
+ } else { |
4701 |
+ if (bdev->bd_contains == bdev) { |
4702 |
+diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c |
4703 |
+index c32d226bfecc..885f533a34d9 100644 |
4704 |
+--- a/fs/btrfs/extent_io.c |
4705 |
++++ b/fs/btrfs/extent_io.c |
4706 |
+@@ -2795,7 +2795,8 @@ static int submit_extent_page(int rw, struct extent_io_tree *tree, |
4707 |
+ bio_end_io_t end_io_func, |
4708 |
+ int mirror_num, |
4709 |
+ unsigned long prev_bio_flags, |
4710 |
+- unsigned long bio_flags) |
4711 |
++ unsigned long bio_flags, |
4712 |
++ bool force_bio_submit) |
4713 |
+ { |
4714 |
+ int ret = 0; |
4715 |
+ struct bio *bio; |
4716 |
+@@ -2813,6 +2814,7 @@ static int submit_extent_page(int rw, struct extent_io_tree *tree, |
4717 |
+ contig = bio_end_sector(bio) == sector; |
4718 |
+ |
4719 |
+ if (prev_bio_flags != bio_flags || !contig || |
4720 |
++ force_bio_submit || |
4721 |
+ merge_bio(rw, tree, page, offset, page_size, bio, bio_flags) || |
4722 |
+ bio_add_page(bio, page, page_size, offset) < page_size) { |
4723 |
+ ret = submit_one_bio(rw, bio, mirror_num, |
4724 |
+@@ -2906,7 +2908,8 @@ static int __do_readpage(struct extent_io_tree *tree, |
4725 |
+ get_extent_t *get_extent, |
4726 |
+ struct extent_map **em_cached, |
4727 |
+ struct bio **bio, int mirror_num, |
4728 |
+- unsigned long *bio_flags, int rw) |
4729 |
++ unsigned long *bio_flags, int rw, |
4730 |
++ u64 *prev_em_start) |
4731 |
+ { |
4732 |
+ struct inode *inode = page->mapping->host; |
4733 |
+ u64 start = page_offset(page); |
4734 |
+@@ -2954,6 +2957,7 @@ static int __do_readpage(struct extent_io_tree *tree, |
4735 |
+ } |
4736 |
+ while (cur <= end) { |
4737 |
+ unsigned long pnr = (last_byte >> PAGE_CACHE_SHIFT) + 1; |
4738 |
++ bool force_bio_submit = false; |
4739 |
+ |
4740 |
+ if (cur >= last_byte) { |
4741 |
+ char *userpage; |
4742 |
+@@ -3004,6 +3008,49 @@ static int __do_readpage(struct extent_io_tree *tree, |
4743 |
+ block_start = em->block_start; |
4744 |
+ if (test_bit(EXTENT_FLAG_PREALLOC, &em->flags)) |
4745 |
+ block_start = EXTENT_MAP_HOLE; |
4746 |
++ |
4747 |
++ /* |
4748 |
++ * If we have a file range that points to a compressed extent |
4749 |
++ * and it's followed by a consecutive file range that points to |
4750 |
++ * to the same compressed extent (possibly with a different |
4751 |
++ * offset and/or length, so it either points to the whole extent |
4752 |
++ * or only part of it), we must make sure we do not submit a |
4753 |
++ * single bio to populate the pages for the 2 ranges because |
4754 |
++ * this makes the compressed extent read zero out the pages |
4755 |
++ * belonging to the 2nd range. Imagine the following scenario: |
4756 |
++ * |
4757 |
++ * File layout |
4758 |
++ * [0 - 8K] [8K - 24K] |
4759 |
++ * | | |
4760 |
++ * | | |
4761 |
++ * points to extent X, points to extent X, |
4762 |
++ * offset 4K, length of 8K offset 0, length 16K |
4763 |
++ * |
4764 |
++ * [extent X, compressed length = 4K uncompressed length = 16K] |
4765 |
++ * |
4766 |
++ * If the bio to read the compressed extent covers both ranges, |
4767 |
++ * it will decompress extent X into the pages belonging to the |
4768 |
++ * first range and then it will stop, zeroing out the remaining |
4769 |
++ * pages that belong to the other range that points to extent X. |
4770 |
++ * So here we make sure we submit 2 bios, one for the first |
4771 |
++ * range and another one for the third range. Both will target |
4772 |
++ * the same physical extent from disk, but we can't currently |
4773 |
++ * make the compressed bio endio callback populate the pages |
4774 |
++ * for both ranges because each compressed bio is tightly |
4775 |
++ * coupled with a single extent map, and each range can have |
4776 |
++ * an extent map with a different offset value relative to the |
4777 |
++ * uncompressed data of our extent and different lengths. This |
4778 |
++ * is a corner case so we prioritize correctness over |
4779 |
++ * non-optimal behavior (submitting 2 bios for the same extent). |
4780 |
++ */ |
4781 |
++ if (test_bit(EXTENT_FLAG_COMPRESSED, &em->flags) && |
4782 |
++ prev_em_start && *prev_em_start != (u64)-1 && |
4783 |
++ *prev_em_start != em->orig_start) |
4784 |
++ force_bio_submit = true; |
4785 |
++ |
4786 |
++ if (prev_em_start) |
4787 |
++ *prev_em_start = em->orig_start; |
4788 |
++ |
4789 |
+ free_extent_map(em); |
4790 |
+ em = NULL; |
4791 |
+ |
4792 |
+@@ -3053,7 +3100,8 @@ static int __do_readpage(struct extent_io_tree *tree, |
4793 |
+ bdev, bio, pnr, |
4794 |
+ end_bio_extent_readpage, mirror_num, |
4795 |
+ *bio_flags, |
4796 |
+- this_bio_flag); |
4797 |
++ this_bio_flag, |
4798 |
++ force_bio_submit); |
4799 |
+ if (!ret) { |
4800 |
+ nr++; |
4801 |
+ *bio_flags = this_bio_flag; |
4802 |
+@@ -3080,7 +3128,8 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree, |
4803 |
+ get_extent_t *get_extent, |
4804 |
+ struct extent_map **em_cached, |
4805 |
+ struct bio **bio, int mirror_num, |
4806 |
+- unsigned long *bio_flags, int rw) |
4807 |
++ unsigned long *bio_flags, int rw, |
4808 |
++ u64 *prev_em_start) |
4809 |
+ { |
4810 |
+ struct inode *inode; |
4811 |
+ struct btrfs_ordered_extent *ordered; |
4812 |
+@@ -3100,7 +3149,7 @@ static inline void __do_contiguous_readpages(struct extent_io_tree *tree, |
4813 |
+ |
4814 |
+ for (index = 0; index < nr_pages; index++) { |
4815 |
+ __do_readpage(tree, pages[index], get_extent, em_cached, bio, |
4816 |
+- mirror_num, bio_flags, rw); |
4817 |
++ mirror_num, bio_flags, rw, prev_em_start); |
4818 |
+ page_cache_release(pages[index]); |
4819 |
+ } |
4820 |
+ } |
4821 |
+@@ -3110,7 +3159,8 @@ static void __extent_readpages(struct extent_io_tree *tree, |
4822 |
+ int nr_pages, get_extent_t *get_extent, |
4823 |
+ struct extent_map **em_cached, |
4824 |
+ struct bio **bio, int mirror_num, |
4825 |
+- unsigned long *bio_flags, int rw) |
4826 |
++ unsigned long *bio_flags, int rw, |
4827 |
++ u64 *prev_em_start) |
4828 |
+ { |
4829 |
+ u64 start = 0; |
4830 |
+ u64 end = 0; |
4831 |
+@@ -3131,7 +3181,7 @@ static void __extent_readpages(struct extent_io_tree *tree, |
4832 |
+ index - first_index, start, |
4833 |
+ end, get_extent, em_cached, |
4834 |
+ bio, mirror_num, bio_flags, |
4835 |
+- rw); |
4836 |
++ rw, prev_em_start); |
4837 |
+ start = page_start; |
4838 |
+ end = start + PAGE_CACHE_SIZE - 1; |
4839 |
+ first_index = index; |
4840 |
+@@ -3142,7 +3192,8 @@ static void __extent_readpages(struct extent_io_tree *tree, |
4841 |
+ __do_contiguous_readpages(tree, &pages[first_index], |
4842 |
+ index - first_index, start, |
4843 |
+ end, get_extent, em_cached, bio, |
4844 |
+- mirror_num, bio_flags, rw); |
4845 |
++ mirror_num, bio_flags, rw, |
4846 |
++ prev_em_start); |
4847 |
+ } |
4848 |
+ |
4849 |
+ static int __extent_read_full_page(struct extent_io_tree *tree, |
4850 |
+@@ -3168,7 +3219,7 @@ static int __extent_read_full_page(struct extent_io_tree *tree, |
4851 |
+ } |
4852 |
+ |
4853 |
+ ret = __do_readpage(tree, page, get_extent, NULL, bio, mirror_num, |
4854 |
+- bio_flags, rw); |
4855 |
++ bio_flags, rw, NULL); |
4856 |
+ return ret; |
4857 |
+ } |
4858 |
+ |
4859 |
+@@ -3194,7 +3245,7 @@ int extent_read_full_page_nolock(struct extent_io_tree *tree, struct page *page, |
4860 |
+ int ret; |
4861 |
+ |
4862 |
+ ret = __do_readpage(tree, page, get_extent, NULL, &bio, mirror_num, |
4863 |
+- &bio_flags, READ); |
4864 |
++ &bio_flags, READ, NULL); |
4865 |
+ if (bio) |
4866 |
+ ret = submit_one_bio(READ, bio, mirror_num, bio_flags); |
4867 |
+ return ret; |
4868 |
+@@ -3447,7 +3498,7 @@ static noinline_for_stack int __extent_writepage_io(struct inode *inode, |
4869 |
+ sector, iosize, pg_offset, |
4870 |
+ bdev, &epd->bio, max_nr, |
4871 |
+ end_bio_extent_writepage, |
4872 |
+- 0, 0, 0); |
4873 |
++ 0, 0, 0, false); |
4874 |
+ if (ret) |
4875 |
+ SetPageError(page); |
4876 |
+ } |
4877 |
+@@ -3749,7 +3800,7 @@ static noinline_for_stack int write_one_eb(struct extent_buffer *eb, |
4878 |
+ ret = submit_extent_page(rw, tree, p, offset >> 9, |
4879 |
+ PAGE_CACHE_SIZE, 0, bdev, &epd->bio, |
4880 |
+ -1, end_bio_extent_buffer_writepage, |
4881 |
+- 0, epd->bio_flags, bio_flags); |
4882 |
++ 0, epd->bio_flags, bio_flags, false); |
4883 |
+ epd->bio_flags = bio_flags; |
4884 |
+ if (ret) { |
4885 |
+ set_btree_ioerr(p); |
4886 |
+@@ -4153,6 +4204,7 @@ int extent_readpages(struct extent_io_tree *tree, |
4887 |
+ struct page *page; |
4888 |
+ struct extent_map *em_cached = NULL; |
4889 |
+ int nr = 0; |
4890 |
++ u64 prev_em_start = (u64)-1; |
4891 |
+ |
4892 |
+ for (page_idx = 0; page_idx < nr_pages; page_idx++) { |
4893 |
+ page = list_entry(pages->prev, struct page, lru); |
4894 |
+@@ -4169,12 +4221,12 @@ int extent_readpages(struct extent_io_tree *tree, |
4895 |
+ if (nr < ARRAY_SIZE(pagepool)) |
4896 |
+ continue; |
4897 |
+ __extent_readpages(tree, pagepool, nr, get_extent, &em_cached, |
4898 |
+- &bio, 0, &bio_flags, READ); |
4899 |
++ &bio, 0, &bio_flags, READ, &prev_em_start); |
4900 |
+ nr = 0; |
4901 |
+ } |
4902 |
+ if (nr) |
4903 |
+ __extent_readpages(tree, pagepool, nr, get_extent, &em_cached, |
4904 |
+- &bio, 0, &bio_flags, READ); |
4905 |
++ &bio, 0, &bio_flags, READ, &prev_em_start); |
4906 |
+ |
4907 |
+ if (em_cached) |
4908 |
+ free_extent_map(em_cached); |
4909 |
+diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
4910 |
+index 8bb013672aee..e3b39f0c4666 100644 |
4911 |
+--- a/fs/btrfs/inode.c |
4912 |
++++ b/fs/btrfs/inode.c |
4913 |
+@@ -5035,7 +5035,8 @@ void btrfs_evict_inode(struct inode *inode) |
4914 |
+ goto no_delete; |
4915 |
+ } |
4916 |
+ /* do we really want it for ->i_nlink > 0 and zero btrfs_root_refs? */ |
4917 |
+- btrfs_wait_ordered_range(inode, 0, (u64)-1); |
4918 |
++ if (!special_file(inode->i_mode)) |
4919 |
++ btrfs_wait_ordered_range(inode, 0, (u64)-1); |
4920 |
+ |
4921 |
+ btrfs_free_io_failure_record(inode, 0, (u64)-1); |
4922 |
+ |
4923 |
+diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c |
4924 |
+index aa0dc2573374..afa09fce8151 100644 |
4925 |
+--- a/fs/cifs/cifsencrypt.c |
4926 |
++++ b/fs/cifs/cifsencrypt.c |
4927 |
+@@ -444,6 +444,48 @@ find_domain_name(struct cifs_ses *ses, const struct nls_table *nls_cp) |
4928 |
+ return 0; |
4929 |
+ } |
4930 |
+ |
4931 |
++/* Server has provided av pairs/target info in the type 2 challenge |
4932 |
++ * packet and we have plucked it and stored within smb session. |
4933 |
++ * We parse that blob here to find the server given timestamp |
4934 |
++ * as part of ntlmv2 authentication (or local current time as |
4935 |
++ * default in case of failure) |
4936 |
++ */ |
4937 |
++static __le64 |
4938 |
++find_timestamp(struct cifs_ses *ses) |
4939 |
++{ |
4940 |
++ unsigned int attrsize; |
4941 |
++ unsigned int type; |
4942 |
++ unsigned int onesize = sizeof(struct ntlmssp2_name); |
4943 |
++ unsigned char *blobptr; |
4944 |
++ unsigned char *blobend; |
4945 |
++ struct ntlmssp2_name *attrptr; |
4946 |
++ |
4947 |
++ if (!ses->auth_key.len || !ses->auth_key.response) |
4948 |
++ return 0; |
4949 |
++ |
4950 |
++ blobptr = ses->auth_key.response; |
4951 |
++ blobend = blobptr + ses->auth_key.len; |
4952 |
++ |
4953 |
++ while (blobptr + onesize < blobend) { |
4954 |
++ attrptr = (struct ntlmssp2_name *) blobptr; |
4955 |
++ type = le16_to_cpu(attrptr->type); |
4956 |
++ if (type == NTLMSSP_AV_EOL) |
4957 |
++ break; |
4958 |
++ blobptr += 2; /* advance attr type */ |
4959 |
++ attrsize = le16_to_cpu(attrptr->length); |
4960 |
++ blobptr += 2; /* advance attr size */ |
4961 |
++ if (blobptr + attrsize > blobend) |
4962 |
++ break; |
4963 |
++ if (type == NTLMSSP_AV_TIMESTAMP) { |
4964 |
++ if (attrsize == sizeof(u64)) |
4965 |
++ return *((__le64 *)blobptr); |
4966 |
++ } |
4967 |
++ blobptr += attrsize; /* advance attr value */ |
4968 |
++ } |
4969 |
++ |
4970 |
++ return cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); |
4971 |
++} |
4972 |
++ |
4973 |
+ static int calc_ntlmv2_hash(struct cifs_ses *ses, char *ntlmv2_hash, |
4974 |
+ const struct nls_table *nls_cp) |
4975 |
+ { |
4976 |
+@@ -641,6 +683,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) |
4977 |
+ struct ntlmv2_resp *ntlmv2; |
4978 |
+ char ntlmv2_hash[16]; |
4979 |
+ unsigned char *tiblob = NULL; /* target info blob */ |
4980 |
++ __le64 rsp_timestamp; |
4981 |
+ |
4982 |
+ if (ses->server->negflavor == CIFS_NEGFLAVOR_EXTENDED) { |
4983 |
+ if (!ses->domainName) { |
4984 |
+@@ -659,6 +702,12 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) |
4985 |
+ } |
4986 |
+ } |
4987 |
+ |
4988 |
++ /* Must be within 5 minutes of the server (or in range +/-2h |
4989 |
++ * in case of Mac OS X), so simply carry over server timestamp |
4990 |
++ * (as Windows 7 does) |
4991 |
++ */ |
4992 |
++ rsp_timestamp = find_timestamp(ses); |
4993 |
++ |
4994 |
+ baselen = CIFS_SESS_KEY_SIZE + sizeof(struct ntlmv2_resp); |
4995 |
+ tilen = ses->auth_key.len; |
4996 |
+ tiblob = ses->auth_key.response; |
4997 |
+@@ -675,8 +724,8 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp) |
4998 |
+ (ses->auth_key.response + CIFS_SESS_KEY_SIZE); |
4999 |
+ ntlmv2->blob_signature = cpu_to_le32(0x00000101); |
5000 |
+ ntlmv2->reserved = 0; |
5001 |
+- /* Must be within 5 minutes of the server */ |
5002 |
+- ntlmv2->time = cpu_to_le64(cifs_UnixTimeToNT(CURRENT_TIME)); |
5003 |
++ ntlmv2->time = rsp_timestamp; |
5004 |
++ |
5005 |
+ get_random_bytes(&ntlmv2->client_chal, sizeof(ntlmv2->client_chal)); |
5006 |
+ ntlmv2->reserved2 = 0; |
5007 |
+ |
5008 |
+diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c |
5009 |
+index f621b44cb800..6b66dd5d1540 100644 |
5010 |
+--- a/fs/cifs/inode.c |
5011 |
++++ b/fs/cifs/inode.c |
5012 |
+@@ -2034,7 +2034,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs, |
5013 |
+ struct tcon_link *tlink = NULL; |
5014 |
+ struct cifs_tcon *tcon = NULL; |
5015 |
+ struct TCP_Server_Info *server; |
5016 |
+- struct cifs_io_parms io_parms; |
5017 |
+ |
5018 |
+ /* |
5019 |
+ * To avoid spurious oplock breaks from server, in the case of |
5020 |
+@@ -2056,18 +2055,6 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs, |
5021 |
+ rc = -ENOSYS; |
5022 |
+ cifsFileInfo_put(open_file); |
5023 |
+ cifs_dbg(FYI, "SetFSize for attrs rc = %d\n", rc); |
5024 |
+- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) { |
5025 |
+- unsigned int bytes_written; |
5026 |
+- |
5027 |
+- io_parms.netfid = open_file->fid.netfid; |
5028 |
+- io_parms.pid = open_file->pid; |
5029 |
+- io_parms.tcon = tcon; |
5030 |
+- io_parms.offset = 0; |
5031 |
+- io_parms.length = attrs->ia_size; |
5032 |
+- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, |
5033 |
+- NULL, NULL, 1); |
5034 |
+- cifs_dbg(FYI, "Wrt seteof rc %d\n", rc); |
5035 |
+- } |
5036 |
+ } else |
5037 |
+ rc = -EINVAL; |
5038 |
+ |
5039 |
+@@ -2093,28 +2080,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs, |
5040 |
+ else |
5041 |
+ rc = -ENOSYS; |
5042 |
+ cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc); |
5043 |
+- if ((rc == -EINVAL) || (rc == -EOPNOTSUPP)) { |
5044 |
+- __u16 netfid; |
5045 |
+- int oplock = 0; |
5046 |
+ |
5047 |
+- rc = SMBLegacyOpen(xid, tcon, full_path, FILE_OPEN, |
5048 |
+- GENERIC_WRITE, CREATE_NOT_DIR, &netfid, |
5049 |
+- &oplock, NULL, cifs_sb->local_nls, |
5050 |
+- cifs_remap(cifs_sb)); |
5051 |
+- if (rc == 0) { |
5052 |
+- unsigned int bytes_written; |
5053 |
+- |
5054 |
+- io_parms.netfid = netfid; |
5055 |
+- io_parms.pid = current->tgid; |
5056 |
+- io_parms.tcon = tcon; |
5057 |
+- io_parms.offset = 0; |
5058 |
+- io_parms.length = attrs->ia_size; |
5059 |
+- rc = CIFSSMBWrite(xid, &io_parms, &bytes_written, NULL, |
5060 |
+- NULL, 1); |
5061 |
+- cifs_dbg(FYI, "wrt seteof rc %d\n", rc); |
5062 |
+- CIFSSMBClose(xid, tcon, netfid); |
5063 |
+- } |
5064 |
+- } |
5065 |
+ if (tlink) |
5066 |
+ cifs_put_tlink(tlink); |
5067 |
+ |
5068 |
+diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c |
5069 |
+index 54daee5ad4c1..1678b9cb94c7 100644 |
5070 |
+--- a/fs/cifs/smb2ops.c |
5071 |
++++ b/fs/cifs/smb2ops.c |
5072 |
+@@ -50,9 +50,13 @@ change_conf(struct TCP_Server_Info *server) |
5073 |
+ break; |
5074 |
+ default: |
5075 |
+ server->echoes = true; |
5076 |
+- server->oplocks = true; |
5077 |
++ if (enable_oplocks) { |
5078 |
++ server->oplocks = true; |
5079 |
++ server->oplock_credits = 1; |
5080 |
++ } else |
5081 |
++ server->oplocks = false; |
5082 |
++ |
5083 |
+ server->echo_credits = 1; |
5084 |
+- server->oplock_credits = 1; |
5085 |
+ } |
5086 |
+ server->credits -= server->echo_credits + server->oplock_credits; |
5087 |
+ return 0; |
5088 |
+diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c |
5089 |
+index 54cbe19d9c08..894f259d3989 100644 |
5090 |
+--- a/fs/cifs/smb2pdu.c |
5091 |
++++ b/fs/cifs/smb2pdu.c |
5092 |
+@@ -46,6 +46,7 @@ |
5093 |
+ #include "smb2status.h" |
5094 |
+ #include "smb2glob.h" |
5095 |
+ #include "cifspdu.h" |
5096 |
++#include "cifs_spnego.h" |
5097 |
+ |
5098 |
+ /* |
5099 |
+ * The following table defines the expected "StructureSize" of SMB2 requests |
5100 |
+@@ -427,19 +428,15 @@ SMB2_negotiate(const unsigned int xid, struct cifs_ses *ses) |
5101 |
+ cifs_dbg(FYI, "missing security blob on negprot\n"); |
5102 |
+ |
5103 |
+ rc = cifs_enable_signing(server, ses->sign); |
5104 |
+-#ifdef CONFIG_SMB2_ASN1 /* BB REMOVEME when updated asn1.c ready */ |
5105 |
+ if (rc) |
5106 |
+ goto neg_exit; |
5107 |
+- if (blob_length) |
5108 |
++ if (blob_length) { |
5109 |
+ rc = decode_negTokenInit(security_blob, blob_length, server); |
5110 |
+- if (rc == 1) |
5111 |
+- rc = 0; |
5112 |
+- else if (rc == 0) { |
5113 |
+- rc = -EIO; |
5114 |
+- goto neg_exit; |
5115 |
++ if (rc == 1) |
5116 |
++ rc = 0; |
5117 |
++ else if (rc == 0) |
5118 |
++ rc = -EIO; |
5119 |
+ } |
5120 |
+-#endif |
5121 |
+- |
5122 |
+ neg_exit: |
5123 |
+ free_rsp_buf(resp_buftype, rsp); |
5124 |
+ return rc; |
5125 |
+@@ -533,7 +530,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, |
5126 |
+ __le32 phase = NtLmNegotiate; /* NTLMSSP, if needed, is multistage */ |
5127 |
+ struct TCP_Server_Info *server = ses->server; |
5128 |
+ u16 blob_length = 0; |
5129 |
+- char *security_blob; |
5130 |
++ struct key *spnego_key = NULL; |
5131 |
++ char *security_blob = NULL; |
5132 |
+ char *ntlmssp_blob = NULL; |
5133 |
+ bool use_spnego = false; /* else use raw ntlmssp */ |
5134 |
+ |
5135 |
+@@ -561,7 +559,8 @@ SMB2_sess_setup(const unsigned int xid, struct cifs_ses *ses, |
5136 |
+ ses->ntlmssp->sesskey_per_smbsess = true; |
5137 |
+ |
5138 |
+ /* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */ |
5139 |
+- ses->sectype = RawNTLMSSP; |
5140 |
++ if (ses->sectype != Kerberos && ses->sectype != RawNTLMSSP) |
5141 |
++ ses->sectype = RawNTLMSSP; |
5142 |
+ |
5143 |
+ ssetup_ntlmssp_authenticate: |
5144 |
+ if (phase == NtLmChallenge) |
5145 |
+@@ -590,7 +589,48 @@ ssetup_ntlmssp_authenticate: |
5146 |
+ iov[0].iov_base = (char *)req; |
5147 |
+ /* 4 for rfc1002 length field and 1 for pad */ |
5148 |
+ iov[0].iov_len = get_rfc1002_length(req) + 4 - 1; |
5149 |
+- if (phase == NtLmNegotiate) { |
5150 |
++ |
5151 |
++ if (ses->sectype == Kerberos) { |
5152 |
++#ifdef CONFIG_CIFS_UPCALL |
5153 |
++ struct cifs_spnego_msg *msg; |
5154 |
++ |
5155 |
++ spnego_key = cifs_get_spnego_key(ses); |
5156 |
++ if (IS_ERR(spnego_key)) { |
5157 |
++ rc = PTR_ERR(spnego_key); |
5158 |
++ spnego_key = NULL; |
5159 |
++ goto ssetup_exit; |
5160 |
++ } |
5161 |
++ |
5162 |
++ msg = spnego_key->payload.data; |
5163 |
++ /* |
5164 |
++ * check version field to make sure that cifs.upcall is |
5165 |
++ * sending us a response in an expected form |
5166 |
++ */ |
5167 |
++ if (msg->version != CIFS_SPNEGO_UPCALL_VERSION) { |
5168 |
++ cifs_dbg(VFS, |
5169 |
++ "bad cifs.upcall version. Expected %d got %d", |
5170 |
++ CIFS_SPNEGO_UPCALL_VERSION, msg->version); |
5171 |
++ rc = -EKEYREJECTED; |
5172 |
++ goto ssetup_exit; |
5173 |
++ } |
5174 |
++ ses->auth_key.response = kmemdup(msg->data, msg->sesskey_len, |
5175 |
++ GFP_KERNEL); |
5176 |
++ if (!ses->auth_key.response) { |
5177 |
++ cifs_dbg(VFS, |
5178 |
++ "Kerberos can't allocate (%u bytes) memory", |
5179 |
++ msg->sesskey_len); |
5180 |
++ rc = -ENOMEM; |
5181 |
++ goto ssetup_exit; |
5182 |
++ } |
5183 |
++ ses->auth_key.len = msg->sesskey_len; |
5184 |
++ blob_length = msg->secblob_len; |
5185 |
++ iov[1].iov_base = msg->data + msg->sesskey_len; |
5186 |
++ iov[1].iov_len = blob_length; |
5187 |
++#else |
5188 |
++ rc = -EOPNOTSUPP; |
5189 |
++ goto ssetup_exit; |
5190 |
++#endif /* CONFIG_CIFS_UPCALL */ |
5191 |
++ } else if (phase == NtLmNegotiate) { /* if not krb5 must be ntlmssp */ |
5192 |
+ ntlmssp_blob = kmalloc(sizeof(struct _NEGOTIATE_MESSAGE), |
5193 |
+ GFP_KERNEL); |
5194 |
+ if (ntlmssp_blob == NULL) { |
5195 |
+@@ -613,6 +653,8 @@ ssetup_ntlmssp_authenticate: |
5196 |
+ /* with raw NTLMSSP we don't encapsulate in SPNEGO */ |
5197 |
+ security_blob = ntlmssp_blob; |
5198 |
+ } |
5199 |
++ iov[1].iov_base = security_blob; |
5200 |
++ iov[1].iov_len = blob_length; |
5201 |
+ } else if (phase == NtLmAuthenticate) { |
5202 |
+ req->hdr.SessionId = ses->Suid; |
5203 |
+ ntlmssp_blob = kzalloc(sizeof(struct _NEGOTIATE_MESSAGE) + 500, |
5204 |
+@@ -640,6 +682,8 @@ ssetup_ntlmssp_authenticate: |
5205 |
+ } else { |
5206 |
+ security_blob = ntlmssp_blob; |
5207 |
+ } |
5208 |
++ iov[1].iov_base = security_blob; |
5209 |
++ iov[1].iov_len = blob_length; |
5210 |
+ } else { |
5211 |
+ cifs_dbg(VFS, "illegal ntlmssp phase\n"); |
5212 |
+ rc = -EIO; |
5213 |
+@@ -651,8 +695,6 @@ ssetup_ntlmssp_authenticate: |
5214 |
+ cpu_to_le16(sizeof(struct smb2_sess_setup_req) - |
5215 |
+ 1 /* pad */ - 4 /* rfc1001 len */); |
5216 |
+ req->SecurityBufferLength = cpu_to_le16(blob_length); |
5217 |
+- iov[1].iov_base = security_blob; |
5218 |
+- iov[1].iov_len = blob_length; |
5219 |
+ |
5220 |
+ inc_rfc1001_len(req, blob_length - 1 /* pad */); |
5221 |
+ |
5222 |
+@@ -663,6 +705,7 @@ ssetup_ntlmssp_authenticate: |
5223 |
+ |
5224 |
+ kfree(security_blob); |
5225 |
+ rsp = (struct smb2_sess_setup_rsp *)iov[0].iov_base; |
5226 |
++ ses->Suid = rsp->hdr.SessionId; |
5227 |
+ if (resp_buftype != CIFS_NO_BUFFER && |
5228 |
+ rsp->hdr.Status == STATUS_MORE_PROCESSING_REQUIRED) { |
5229 |
+ if (phase != NtLmNegotiate) { |
5230 |
+@@ -680,7 +723,6 @@ ssetup_ntlmssp_authenticate: |
5231 |
+ /* NTLMSSP Negotiate sent now processing challenge (response) */ |
5232 |
+ phase = NtLmChallenge; /* process ntlmssp challenge */ |
5233 |
+ rc = 0; /* MORE_PROCESSING is not an error here but expected */ |
5234 |
+- ses->Suid = rsp->hdr.SessionId; |
5235 |
+ rc = decode_ntlmssp_challenge(rsp->Buffer, |
5236 |
+ le16_to_cpu(rsp->SecurityBufferLength), ses); |
5237 |
+ } |
5238 |
+@@ -737,6 +779,10 @@ keygen_exit: |
5239 |
+ kfree(ses->auth_key.response); |
5240 |
+ ses->auth_key.response = NULL; |
5241 |
+ } |
5242 |
++ if (spnego_key) { |
5243 |
++ key_invalidate(spnego_key); |
5244 |
++ key_put(spnego_key); |
5245 |
++ } |
5246 |
+ kfree(ses->ntlmssp); |
5247 |
+ |
5248 |
+ return rc; |
5249 |
+diff --git a/fs/dcache.c b/fs/dcache.c |
5250 |
+index 5d03eb0ec0ac..0046ab7d4f3d 100644 |
5251 |
+--- a/fs/dcache.c |
5252 |
++++ b/fs/dcache.c |
5253 |
+@@ -1676,7 +1676,8 @@ void d_set_d_op(struct dentry *dentry, const struct dentry_operations *op) |
5254 |
+ DCACHE_OP_COMPARE | |
5255 |
+ DCACHE_OP_REVALIDATE | |
5256 |
+ DCACHE_OP_WEAK_REVALIDATE | |
5257 |
+- DCACHE_OP_DELETE )); |
5258 |
++ DCACHE_OP_DELETE | |
5259 |
++ DCACHE_OP_SELECT_INODE)); |
5260 |
+ dentry->d_op = op; |
5261 |
+ if (!op) |
5262 |
+ return; |
5263 |
+@@ -1692,6 +1693,8 @@ void d_set_d_op(struct dentry *dentry, const struct dentry_operations *op) |
5264 |
+ dentry->d_flags |= DCACHE_OP_DELETE; |
5265 |
+ if (op->d_prune) |
5266 |
+ dentry->d_flags |= DCACHE_OP_PRUNE; |
5267 |
++ if (op->d_select_inode) |
5268 |
++ dentry->d_flags |= DCACHE_OP_SELECT_INODE; |
5269 |
+ |
5270 |
+ } |
5271 |
+ EXPORT_SYMBOL(d_set_d_op); |
5272 |
+@@ -2923,6 +2926,13 @@ restart: |
5273 |
+ |
5274 |
+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { |
5275 |
+ struct mount *parent = ACCESS_ONCE(mnt->mnt_parent); |
5276 |
++ /* Escaped? */ |
5277 |
++ if (dentry != vfsmnt->mnt_root) { |
5278 |
++ bptr = *buffer; |
5279 |
++ blen = *buflen; |
5280 |
++ error = 3; |
5281 |
++ break; |
5282 |
++ } |
5283 |
+ /* Global root? */ |
5284 |
+ if (mnt != parent) { |
5285 |
+ dentry = ACCESS_ONCE(mnt->mnt_mountpoint); |
5286 |
+diff --git a/fs/internal.h b/fs/internal.h |
5287 |
+index 01dce1d1476b..4d5af583ab03 100644 |
5288 |
+--- a/fs/internal.h |
5289 |
++++ b/fs/internal.h |
5290 |
+@@ -107,6 +107,7 @@ extern struct file *do_file_open_root(struct dentry *, struct vfsmount *, |
5291 |
+ extern long do_handle_open(int mountdirfd, |
5292 |
+ struct file_handle __user *ufh, int open_flag); |
5293 |
+ extern int open_check_o_direct(struct file *f); |
5294 |
++extern int vfs_open(const struct path *, struct file *, const struct cred *); |
5295 |
+ |
5296 |
+ /* |
5297 |
+ * inode.c |
5298 |
+diff --git a/fs/namei.c b/fs/namei.c |
5299 |
+index fe30d3be43a8..ccd7f98d85b9 100644 |
5300 |
+--- a/fs/namei.c |
5301 |
++++ b/fs/namei.c |
5302 |
+@@ -505,6 +505,24 @@ struct nameidata { |
5303 |
+ char *saved_names[MAX_NESTED_LINKS + 1]; |
5304 |
+ }; |
5305 |
+ |
5306 |
++/** |
5307 |
++ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root |
5308 |
++ * @path: nameidate to verify |
5309 |
++ * |
5310 |
++ * Rename can sometimes move a file or directory outside of a bind |
5311 |
++ * mount, path_connected allows those cases to be detected. |
5312 |
++ */ |
5313 |
++static bool path_connected(const struct path *path) |
5314 |
++{ |
5315 |
++ struct vfsmount *mnt = path->mnt; |
5316 |
++ |
5317 |
++ /* Only bind mounts can have disconnected paths */ |
5318 |
++ if (mnt->mnt_root == mnt->mnt_sb->s_root) |
5319 |
++ return true; |
5320 |
++ |
5321 |
++ return is_subdir(path->dentry, mnt->mnt_root); |
5322 |
++} |
5323 |
++ |
5324 |
+ /* |
5325 |
+ * Path walking has 2 modes, rcu-walk and ref-walk (see |
5326 |
+ * Documentation/filesystems/path-lookup.txt). In situations when we can't |
5327 |
+@@ -1194,6 +1212,8 @@ static int follow_dotdot_rcu(struct nameidata *nd) |
5328 |
+ goto failed; |
5329 |
+ nd->path.dentry = parent; |
5330 |
+ nd->seq = seq; |
5331 |
++ if (unlikely(!path_connected(&nd->path))) |
5332 |
++ goto failed; |
5333 |
+ break; |
5334 |
+ } |
5335 |
+ if (!follow_up_rcu(&nd->path)) |
5336 |
+@@ -1290,7 +1310,7 @@ static void follow_mount(struct path *path) |
5337 |
+ } |
5338 |
+ } |
5339 |
+ |
5340 |
+-static void follow_dotdot(struct nameidata *nd) |
5341 |
++static int follow_dotdot(struct nameidata *nd) |
5342 |
+ { |
5343 |
+ if (!nd->root.mnt) |
5344 |
+ set_root(nd); |
5345 |
+@@ -1306,6 +1326,10 @@ static void follow_dotdot(struct nameidata *nd) |
5346 |
+ /* rare case of legitimate dget_parent()... */ |
5347 |
+ nd->path.dentry = dget_parent(nd->path.dentry); |
5348 |
+ dput(old); |
5349 |
++ if (unlikely(!path_connected(&nd->path))) { |
5350 |
++ path_put(&nd->path); |
5351 |
++ return -ENOENT; |
5352 |
++ } |
5353 |
+ break; |
5354 |
+ } |
5355 |
+ if (!follow_up(&nd->path)) |
5356 |
+@@ -1313,6 +1337,7 @@ static void follow_dotdot(struct nameidata *nd) |
5357 |
+ } |
5358 |
+ follow_mount(&nd->path); |
5359 |
+ nd->inode = nd->path.dentry->d_inode; |
5360 |
++ return 0; |
5361 |
+ } |
5362 |
+ |
5363 |
+ /* |
5364 |
+@@ -1428,8 +1453,6 @@ static int lookup_fast(struct nameidata *nd, |
5365 |
+ negative = d_is_negative(dentry); |
5366 |
+ if (read_seqcount_retry(&dentry->d_seq, seq)) |
5367 |
+ return -ECHILD; |
5368 |
+- if (negative) |
5369 |
+- return -ENOENT; |
5370 |
+ |
5371 |
+ /* |
5372 |
+ * This sequence count validates that the parent had no |
5373 |
+@@ -1450,6 +1473,12 @@ static int lookup_fast(struct nameidata *nd, |
5374 |
+ goto unlazy; |
5375 |
+ } |
5376 |
+ } |
5377 |
++ /* |
5378 |
++ * Note: do negative dentry check after revalidation in |
5379 |
++ * case that drops it. |
5380 |
++ */ |
5381 |
++ if (negative) |
5382 |
++ return -ENOENT; |
5383 |
+ path->mnt = mnt; |
5384 |
+ path->dentry = dentry; |
5385 |
+ if (likely(__follow_mount_rcu(nd, path, inode))) |
5386 |
+@@ -1541,7 +1570,7 @@ static inline int handle_dots(struct nameidata *nd, int type) |
5387 |
+ if (follow_dotdot_rcu(nd)) |
5388 |
+ return -ECHILD; |
5389 |
+ } else |
5390 |
+- follow_dotdot(nd); |
5391 |
++ return follow_dotdot(nd); |
5392 |
+ } |
5393 |
+ return 0; |
5394 |
+ } |
5395 |
+@@ -2290,7 +2319,7 @@ mountpoint_last(struct nameidata *nd, struct path *path) |
5396 |
+ if (unlikely(nd->last_type != LAST_NORM)) { |
5397 |
+ error = handle_dots(nd, nd->last_type); |
5398 |
+ if (error) |
5399 |
+- goto out; |
5400 |
++ return error; |
5401 |
+ dentry = dget(nd->path.dentry); |
5402 |
+ goto done; |
5403 |
+ } |
5404 |
+diff --git a/fs/nfs/filelayout/filelayout.c b/fs/nfs/filelayout/filelayout.c |
5405 |
+index a46bf6de9ce4..fb1fb2774d34 100644 |
5406 |
+--- a/fs/nfs/filelayout/filelayout.c |
5407 |
++++ b/fs/nfs/filelayout/filelayout.c |
5408 |
+@@ -628,23 +628,18 @@ out_put: |
5409 |
+ goto out; |
5410 |
+ } |
5411 |
+ |
5412 |
+-static void filelayout_free_fh_array(struct nfs4_filelayout_segment *fl) |
5413 |
++static void _filelayout_free_lseg(struct nfs4_filelayout_segment *fl) |
5414 |
+ { |
5415 |
+ int i; |
5416 |
+ |
5417 |
+- for (i = 0; i < fl->num_fh; i++) { |
5418 |
+- if (!fl->fh_array[i]) |
5419 |
+- break; |
5420 |
+- kfree(fl->fh_array[i]); |
5421 |
++ if (fl->fh_array) { |
5422 |
++ for (i = 0; i < fl->num_fh; i++) { |
5423 |
++ if (!fl->fh_array[i]) |
5424 |
++ break; |
5425 |
++ kfree(fl->fh_array[i]); |
5426 |
++ } |
5427 |
++ kfree(fl->fh_array); |
5428 |
+ } |
5429 |
+- kfree(fl->fh_array); |
5430 |
+- fl->fh_array = NULL; |
5431 |
+-} |
5432 |
+- |
5433 |
+-static void |
5434 |
+-_filelayout_free_lseg(struct nfs4_filelayout_segment *fl) |
5435 |
+-{ |
5436 |
+- filelayout_free_fh_array(fl); |
5437 |
+ kfree(fl); |
5438 |
+ } |
5439 |
+ |
5440 |
+@@ -715,21 +710,21 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo, |
5441 |
+ /* Do we want to use a mempool here? */ |
5442 |
+ fl->fh_array[i] = kmalloc(sizeof(struct nfs_fh), gfp_flags); |
5443 |
+ if (!fl->fh_array[i]) |
5444 |
+- goto out_err_free; |
5445 |
++ goto out_err; |
5446 |
+ |
5447 |
+ p = xdr_inline_decode(&stream, 4); |
5448 |
+ if (unlikely(!p)) |
5449 |
+- goto out_err_free; |
5450 |
++ goto out_err; |
5451 |
+ fl->fh_array[i]->size = be32_to_cpup(p++); |
5452 |
+ if (sizeof(struct nfs_fh) < fl->fh_array[i]->size) { |
5453 |
+ printk(KERN_ERR "NFS: Too big fh %d received %d\n", |
5454 |
+ i, fl->fh_array[i]->size); |
5455 |
+- goto out_err_free; |
5456 |
++ goto out_err; |
5457 |
+ } |
5458 |
+ |
5459 |
+ p = xdr_inline_decode(&stream, fl->fh_array[i]->size); |
5460 |
+ if (unlikely(!p)) |
5461 |
+- goto out_err_free; |
5462 |
++ goto out_err; |
5463 |
+ memcpy(fl->fh_array[i]->data, p, fl->fh_array[i]->size); |
5464 |
+ dprintk("DEBUG: %s: fh len %d\n", __func__, |
5465 |
+ fl->fh_array[i]->size); |
5466 |
+@@ -738,8 +733,6 @@ filelayout_decode_layout(struct pnfs_layout_hdr *flo, |
5467 |
+ __free_page(scratch); |
5468 |
+ return 0; |
5469 |
+ |
5470 |
+-out_err_free: |
5471 |
+- filelayout_free_fh_array(fl); |
5472 |
+ out_err: |
5473 |
+ __free_page(scratch); |
5474 |
+ return -EIO; |
5475 |
+diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c |
5476 |
+index 069914ce7641..93d355c8b467 100644 |
5477 |
+--- a/fs/nfs/pagelist.c |
5478 |
++++ b/fs/nfs/pagelist.c |
5479 |
+@@ -508,7 +508,7 @@ size_t nfs_generic_pg_test(struct nfs_pageio_descriptor *desc, |
5480 |
+ * for it without upsetting the slab allocator. |
5481 |
+ */ |
5482 |
+ if (((mirror->pg_count + req->wb_bytes) >> PAGE_SHIFT) * |
5483 |
+- sizeof(struct page) > PAGE_SIZE) |
5484 |
++ sizeof(struct page *) > PAGE_SIZE) |
5485 |
+ return 0; |
5486 |
+ |
5487 |
+ return min(mirror->pg_bsize - mirror->pg_count, (size_t)req->wb_bytes); |
5488 |
+diff --git a/fs/nfs/read.c b/fs/nfs/read.c |
5489 |
+index ae0ff7a11b40..01b8cc8e8cfc 100644 |
5490 |
+--- a/fs/nfs/read.c |
5491 |
++++ b/fs/nfs/read.c |
5492 |
+@@ -72,6 +72,9 @@ void nfs_pageio_reset_read_mds(struct nfs_pageio_descriptor *pgio) |
5493 |
+ { |
5494 |
+ struct nfs_pgio_mirror *mirror; |
5495 |
+ |
5496 |
++ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup) |
5497 |
++ pgio->pg_ops->pg_cleanup(pgio); |
5498 |
++ |
5499 |
+ pgio->pg_ops = &nfs_pgio_rw_ops; |
5500 |
+ |
5501 |
+ /* read path should never have more than one mirror */ |
5502 |
+diff --git a/fs/nfs/write.c b/fs/nfs/write.c |
5503 |
+index 07115b9b1ad2..d9851a6a2813 100644 |
5504 |
+--- a/fs/nfs/write.c |
5505 |
++++ b/fs/nfs/write.c |
5506 |
+@@ -1203,7 +1203,7 @@ static int nfs_can_extend_write(struct file *file, struct page *page, struct ino |
5507 |
+ return 1; |
5508 |
+ if (!flctx || (list_empty_careful(&flctx->flc_flock) && |
5509 |
+ list_empty_careful(&flctx->flc_posix))) |
5510 |
+- return 0; |
5511 |
++ return 1; |
5512 |
+ |
5513 |
+ /* Check to see if there are whole file write locks */ |
5514 |
+ ret = 0; |
5515 |
+@@ -1331,6 +1331,9 @@ void nfs_pageio_reset_write_mds(struct nfs_pageio_descriptor *pgio) |
5516 |
+ { |
5517 |
+ struct nfs_pgio_mirror *mirror; |
5518 |
+ |
5519 |
++ if (pgio->pg_ops && pgio->pg_ops->pg_cleanup) |
5520 |
++ pgio->pg_ops->pg_cleanup(pgio); |
5521 |
++ |
5522 |
+ pgio->pg_ops = &nfs_pgio_rw_ops; |
5523 |
+ |
5524 |
+ nfs_pageio_stop_mirroring(pgio); |
5525 |
+diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c |
5526 |
+index fdf4b41d0609..482cfd34472d 100644 |
5527 |
+--- a/fs/ocfs2/dlm/dlmmaster.c |
5528 |
++++ b/fs/ocfs2/dlm/dlmmaster.c |
5529 |
+@@ -1439,6 +1439,7 @@ int dlm_master_request_handler(struct o2net_msg *msg, u32 len, void *data, |
5530 |
+ int found, ret; |
5531 |
+ int set_maybe; |
5532 |
+ int dispatch_assert = 0; |
5533 |
++ int dispatched = 0; |
5534 |
+ |
5535 |
+ if (!dlm_grab(dlm)) |
5536 |
+ return DLM_MASTER_RESP_NO; |
5537 |
+@@ -1658,15 +1659,18 @@ send_response: |
5538 |
+ mlog(ML_ERROR, "failed to dispatch assert master work\n"); |
5539 |
+ response = DLM_MASTER_RESP_ERROR; |
5540 |
+ dlm_lockres_put(res); |
5541 |
+- } else |
5542 |
++ } else { |
5543 |
++ dispatched = 1; |
5544 |
+ __dlm_lockres_grab_inflight_worker(dlm, res); |
5545 |
++ } |
5546 |
+ spin_unlock(&res->spinlock); |
5547 |
+ } else { |
5548 |
+ if (res) |
5549 |
+ dlm_lockres_put(res); |
5550 |
+ } |
5551 |
+ |
5552 |
+- dlm_put(dlm); |
5553 |
++ if (!dispatched) |
5554 |
++ dlm_put(dlm); |
5555 |
+ return response; |
5556 |
+ } |
5557 |
+ |
5558 |
+@@ -2090,7 +2094,6 @@ int dlm_dispatch_assert_master(struct dlm_ctxt *dlm, |
5559 |
+ |
5560 |
+ |
5561 |
+ /* queue up work for dlm_assert_master_worker */ |
5562 |
+- dlm_grab(dlm); /* get an extra ref for the work item */ |
5563 |
+ dlm_init_work_item(dlm, item, dlm_assert_master_worker, NULL); |
5564 |
+ item->u.am.lockres = res; /* already have a ref */ |
5565 |
+ /* can optionally ignore node numbers higher than this node */ |
5566 |
+diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c |
5567 |
+index ce12e0b1a31f..3d90ad7ff91f 100644 |
5568 |
+--- a/fs/ocfs2/dlm/dlmrecovery.c |
5569 |
++++ b/fs/ocfs2/dlm/dlmrecovery.c |
5570 |
+@@ -1694,6 +1694,7 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data, |
5571 |
+ unsigned int hash; |
5572 |
+ int master = DLM_LOCK_RES_OWNER_UNKNOWN; |
5573 |
+ u32 flags = DLM_ASSERT_MASTER_REQUERY; |
5574 |
++ int dispatched = 0; |
5575 |
+ |
5576 |
+ if (!dlm_grab(dlm)) { |
5577 |
+ /* since the domain has gone away on this |
5578 |
+@@ -1719,8 +1720,10 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data, |
5579 |
+ dlm_put(dlm); |
5580 |
+ /* sender will take care of this and retry */ |
5581 |
+ return ret; |
5582 |
+- } else |
5583 |
++ } else { |
5584 |
++ dispatched = 1; |
5585 |
+ __dlm_lockres_grab_inflight_worker(dlm, res); |
5586 |
++ } |
5587 |
+ spin_unlock(&res->spinlock); |
5588 |
+ } else { |
5589 |
+ /* put.. incase we are not the master */ |
5590 |
+@@ -1730,7 +1733,8 @@ int dlm_master_requery_handler(struct o2net_msg *msg, u32 len, void *data, |
5591 |
+ } |
5592 |
+ spin_unlock(&dlm->spinlock); |
5593 |
+ |
5594 |
+- dlm_put(dlm); |
5595 |
++ if (!dispatched) |
5596 |
++ dlm_put(dlm); |
5597 |
+ return master; |
5598 |
+ } |
5599 |
+ |
5600 |
+diff --git a/fs/open.c b/fs/open.c |
5601 |
+index 98e5a52dc68c..f9d2bf935099 100644 |
5602 |
+--- a/fs/open.c |
5603 |
++++ b/fs/open.c |
5604 |
+@@ -678,18 +678,18 @@ int open_check_o_direct(struct file *f) |
5605 |
+ } |
5606 |
+ |
5607 |
+ static int do_dentry_open(struct file *f, |
5608 |
++ struct inode *inode, |
5609 |
+ int (*open)(struct inode *, struct file *), |
5610 |
+ const struct cred *cred) |
5611 |
+ { |
5612 |
+ static const struct file_operations empty_fops = {}; |
5613 |
+- struct inode *inode; |
5614 |
+ int error; |
5615 |
+ |
5616 |
+ f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK | |
5617 |
+ FMODE_PREAD | FMODE_PWRITE; |
5618 |
+ |
5619 |
+ path_get(&f->f_path); |
5620 |
+- inode = f->f_inode = f->f_path.dentry->d_inode; |
5621 |
++ f->f_inode = inode; |
5622 |
+ f->f_mapping = inode->i_mapping; |
5623 |
+ |
5624 |
+ if (unlikely(f->f_flags & O_PATH)) { |
5625 |
+@@ -793,7 +793,8 @@ int finish_open(struct file *file, struct dentry *dentry, |
5626 |
+ BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */ |
5627 |
+ |
5628 |
+ file->f_path.dentry = dentry; |
5629 |
+- error = do_dentry_open(file, open, current_cred()); |
5630 |
++ error = do_dentry_open(file, d_backing_inode(dentry), open, |
5631 |
++ current_cred()); |
5632 |
+ if (!error) |
5633 |
+ *opened |= FILE_OPENED; |
5634 |
+ |
5635 |
+@@ -822,6 +823,28 @@ int finish_no_open(struct file *file, struct dentry *dentry) |
5636 |
+ } |
5637 |
+ EXPORT_SYMBOL(finish_no_open); |
5638 |
+ |
5639 |
++/** |
5640 |
++ * vfs_open - open the file at the given path |
5641 |
++ * @path: path to open |
5642 |
++ * @file: newly allocated file with f_flag initialized |
5643 |
++ * @cred: credentials to use |
5644 |
++ */ |
5645 |
++int vfs_open(const struct path *path, struct file *file, |
5646 |
++ const struct cred *cred) |
5647 |
++{ |
5648 |
++ struct dentry *dentry = path->dentry; |
5649 |
++ struct inode *inode = dentry->d_inode; |
5650 |
++ |
5651 |
++ file->f_path = *path; |
5652 |
++ if (dentry->d_flags & DCACHE_OP_SELECT_INODE) { |
5653 |
++ inode = dentry->d_op->d_select_inode(dentry, file->f_flags); |
5654 |
++ if (IS_ERR(inode)) |
5655 |
++ return PTR_ERR(inode); |
5656 |
++ } |
5657 |
++ |
5658 |
++ return do_dentry_open(file, inode, NULL, cred); |
5659 |
++} |
5660 |
++ |
5661 |
+ struct file *dentry_open(const struct path *path, int flags, |
5662 |
+ const struct cred *cred) |
5663 |
+ { |
5664 |
+@@ -853,26 +876,6 @@ struct file *dentry_open(const struct path *path, int flags, |
5665 |
+ } |
5666 |
+ EXPORT_SYMBOL(dentry_open); |
5667 |
+ |
5668 |
+-/** |
5669 |
+- * vfs_open - open the file at the given path |
5670 |
+- * @path: path to open |
5671 |
+- * @filp: newly allocated file with f_flag initialized |
5672 |
+- * @cred: credentials to use |
5673 |
+- */ |
5674 |
+-int vfs_open(const struct path *path, struct file *filp, |
5675 |
+- const struct cred *cred) |
5676 |
+-{ |
5677 |
+- struct inode *inode = path->dentry->d_inode; |
5678 |
+- |
5679 |
+- if (inode->i_op->dentry_open) |
5680 |
+- return inode->i_op->dentry_open(path->dentry, filp, cred); |
5681 |
+- else { |
5682 |
+- filp->f_path = *path; |
5683 |
+- return do_dentry_open(filp, NULL, cred); |
5684 |
+- } |
5685 |
+-} |
5686 |
+-EXPORT_SYMBOL(vfs_open); |
5687 |
+- |
5688 |
+ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) |
5689 |
+ { |
5690 |
+ int lookup_flags = 0; |
5691 |
+diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c |
5692 |
+index 04f124884687..ba0db2638946 100644 |
5693 |
+--- a/fs/overlayfs/inode.c |
5694 |
++++ b/fs/overlayfs/inode.c |
5695 |
+@@ -336,37 +336,33 @@ static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type, |
5696 |
+ return true; |
5697 |
+ } |
5698 |
+ |
5699 |
+-static int ovl_dentry_open(struct dentry *dentry, struct file *file, |
5700 |
+- const struct cred *cred) |
5701 |
++struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) |
5702 |
+ { |
5703 |
+ int err; |
5704 |
+ struct path realpath; |
5705 |
+ enum ovl_path_type type; |
5706 |
+- bool want_write = false; |
5707 |
++ |
5708 |
++ if (d_is_dir(dentry)) |
5709 |
++ return d_backing_inode(dentry); |
5710 |
+ |
5711 |
+ type = ovl_path_real(dentry, &realpath); |
5712 |
+- if (ovl_open_need_copy_up(file->f_flags, type, realpath.dentry)) { |
5713 |
+- want_write = true; |
5714 |
++ if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) { |
5715 |
+ err = ovl_want_write(dentry); |
5716 |
+ if (err) |
5717 |
+- goto out; |
5718 |
++ return ERR_PTR(err); |
5719 |
+ |
5720 |
+- if (file->f_flags & O_TRUNC) |
5721 |
++ if (file_flags & O_TRUNC) |
5722 |
+ err = ovl_copy_up_last(dentry, NULL, true); |
5723 |
+ else |
5724 |
+ err = ovl_copy_up(dentry); |
5725 |
++ ovl_drop_write(dentry); |
5726 |
+ if (err) |
5727 |
+- goto out_drop_write; |
5728 |
++ return ERR_PTR(err); |
5729 |
+ |
5730 |
+ ovl_path_upper(dentry, &realpath); |
5731 |
+ } |
5732 |
+ |
5733 |
+- err = vfs_open(&realpath, file, cred); |
5734 |
+-out_drop_write: |
5735 |
+- if (want_write) |
5736 |
+- ovl_drop_write(dentry); |
5737 |
+-out: |
5738 |
+- return err; |
5739 |
++ return d_backing_inode(realpath.dentry); |
5740 |
+ } |
5741 |
+ |
5742 |
+ static const struct inode_operations ovl_file_inode_operations = { |
5743 |
+@@ -377,7 +373,6 @@ static const struct inode_operations ovl_file_inode_operations = { |
5744 |
+ .getxattr = ovl_getxattr, |
5745 |
+ .listxattr = ovl_listxattr, |
5746 |
+ .removexattr = ovl_removexattr, |
5747 |
+- .dentry_open = ovl_dentry_open, |
5748 |
+ }; |
5749 |
+ |
5750 |
+ static const struct inode_operations ovl_symlink_inode_operations = { |
5751 |
+diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h |
5752 |
+index 17ac5afc9ffb..ea5a40b06e3a 100644 |
5753 |
+--- a/fs/overlayfs/overlayfs.h |
5754 |
++++ b/fs/overlayfs/overlayfs.h |
5755 |
+@@ -173,6 +173,7 @@ ssize_t ovl_getxattr(struct dentry *dentry, const char *name, |
5756 |
+ void *value, size_t size); |
5757 |
+ ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size); |
5758 |
+ int ovl_removexattr(struct dentry *dentry, const char *name); |
5759 |
++struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags); |
5760 |
+ |
5761 |
+ struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, |
5762 |
+ struct ovl_entry *oe); |
5763 |
+diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c |
5764 |
+index 155989455a72..33f2d27a6792 100644 |
5765 |
+--- a/fs/overlayfs/super.c |
5766 |
++++ b/fs/overlayfs/super.c |
5767 |
+@@ -275,6 +275,7 @@ static void ovl_dentry_release(struct dentry *dentry) |
5768 |
+ |
5769 |
+ static const struct dentry_operations ovl_dentry_operations = { |
5770 |
+ .d_release = ovl_dentry_release, |
5771 |
++ .d_select_inode = ovl_d_select_inode, |
5772 |
+ }; |
5773 |
+ |
5774 |
+ static struct ovl_entry *ovl_alloc_entry(unsigned int numlower) |
5775 |
+diff --git a/fs/ubifs/xattr.c b/fs/ubifs/xattr.c |
5776 |
+index 96f3448b6eb4..fd65b3f1923c 100644 |
5777 |
+--- a/fs/ubifs/xattr.c |
5778 |
++++ b/fs/ubifs/xattr.c |
5779 |
+@@ -652,11 +652,8 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode, |
5780 |
+ { |
5781 |
+ int err; |
5782 |
+ |
5783 |
+- mutex_lock(&inode->i_mutex); |
5784 |
+ err = security_inode_init_security(inode, dentry, qstr, |
5785 |
+ &init_xattrs, 0); |
5786 |
+- mutex_unlock(&inode->i_mutex); |
5787 |
+- |
5788 |
+ if (err) { |
5789 |
+ struct ubifs_info *c = dentry->i_sb->s_fs_info; |
5790 |
+ ubifs_err(c, "cannot initialize security for inode %lu, error %d", |
5791 |
+diff --git a/include/linux/dcache.h b/include/linux/dcache.h |
5792 |
+index df334cbacc6d..167ec0934049 100644 |
5793 |
+--- a/include/linux/dcache.h |
5794 |
++++ b/include/linux/dcache.h |
5795 |
+@@ -160,6 +160,7 @@ struct dentry_operations { |
5796 |
+ char *(*d_dname)(struct dentry *, char *, int); |
5797 |
+ struct vfsmount *(*d_automount)(struct path *); |
5798 |
+ int (*d_manage)(struct dentry *, bool); |
5799 |
++ struct inode *(*d_select_inode)(struct dentry *, unsigned); |
5800 |
+ } ____cacheline_aligned; |
5801 |
+ |
5802 |
+ /* |
5803 |
+@@ -225,6 +226,7 @@ struct dentry_operations { |
5804 |
+ |
5805 |
+ #define DCACHE_MAY_FREE 0x00800000 |
5806 |
+ #define DCACHE_FALLTHRU 0x01000000 /* Fall through to lower layer */ |
5807 |
++#define DCACHE_OP_SELECT_INODE 0x02000000 /* Unioned entry: dcache op selects inode */ |
5808 |
+ |
5809 |
+ extern seqlock_t rename_lock; |
5810 |
+ |
5811 |
+diff --git a/include/linux/fs.h b/include/linux/fs.h |
5812 |
+index 571aab91bfc0..f93192333b37 100644 |
5813 |
+--- a/include/linux/fs.h |
5814 |
++++ b/include/linux/fs.h |
5815 |
+@@ -1641,7 +1641,6 @@ struct inode_operations { |
5816 |
+ int (*set_acl)(struct inode *, struct posix_acl *, int); |
5817 |
+ |
5818 |
+ /* WARNING: probably going away soon, do not use! */ |
5819 |
+- int (*dentry_open)(struct dentry *, struct file *, const struct cred *); |
5820 |
+ } ____cacheline_aligned; |
5821 |
+ |
5822 |
+ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, |
5823 |
+@@ -2193,7 +2192,6 @@ extern struct file *file_open_name(struct filename *, int, umode_t); |
5824 |
+ extern struct file *filp_open(const char *, int, umode_t); |
5825 |
+ extern struct file *file_open_root(struct dentry *, struct vfsmount *, |
5826 |
+ const char *, int); |
5827 |
+-extern int vfs_open(const struct path *, struct file *, const struct cred *); |
5828 |
+ extern struct file * dentry_open(const struct path *, int, const struct cred *); |
5829 |
+ extern int filp_close(struct file *, fl_owner_t id); |
5830 |
+ |
5831 |
+diff --git a/include/linux/mmc/core.h b/include/linux/mmc/core.h |
5832 |
+index de722d4e9d61..258daf914c6d 100644 |
5833 |
+--- a/include/linux/mmc/core.h |
5834 |
++++ b/include/linux/mmc/core.h |
5835 |
+@@ -121,6 +121,7 @@ struct mmc_data { |
5836 |
+ struct mmc_request *mrq; /* associated request */ |
5837 |
+ |
5838 |
+ unsigned int sg_len; /* size of scatter list */ |
5839 |
++ int sg_count; /* mapped sg entries */ |
5840 |
+ struct scatterlist *sg; /* I/O scatter list */ |
5841 |
+ s32 host_cookie; /* host private data */ |
5842 |
+ }; |
5843 |
+diff --git a/include/linux/security.h b/include/linux/security.h |
5844 |
+index 18264ea9e314..5d45b4fd91d2 100644 |
5845 |
+--- a/include/linux/security.h |
5846 |
++++ b/include/linux/security.h |
5847 |
+@@ -2527,7 +2527,7 @@ static inline int security_task_prctl(int option, unsigned long arg2, |
5848 |
+ unsigned long arg4, |
5849 |
+ unsigned long arg5) |
5850 |
+ { |
5851 |
+- return cap_task_prctl(option, arg2, arg3, arg3, arg5); |
5852 |
++ return cap_task_prctl(option, arg2, arg3, arg4, arg5); |
5853 |
+ } |
5854 |
+ |
5855 |
+ static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) |
5856 |
+diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h |
5857 |
+index d81d584157e1..e8635854a55b 100644 |
5858 |
+--- a/include/net/netfilter/nf_queue.h |
5859 |
++++ b/include/net/netfilter/nf_queue.h |
5860 |
+@@ -24,6 +24,8 @@ struct nf_queue_entry { |
5861 |
+ struct nf_queue_handler { |
5862 |
+ int (*outfn)(struct nf_queue_entry *entry, |
5863 |
+ unsigned int queuenum); |
5864 |
++ void (*nf_hook_drop)(struct net *net, |
5865 |
++ struct nf_hook_ops *ops); |
5866 |
+ }; |
5867 |
+ |
5868 |
+ void nf_register_queue_handler(const struct nf_queue_handler *qh); |
5869 |
+diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h |
5870 |
+index e6bcf55dcf20..fd0ca42b1d63 100644 |
5871 |
+--- a/include/net/netfilter/nf_tables.h |
5872 |
++++ b/include/net/netfilter/nf_tables.h |
5873 |
+@@ -125,7 +125,7 @@ static inline enum nft_data_types nft_dreg_to_type(enum nft_registers reg) |
5874 |
+ |
5875 |
+ static inline enum nft_registers nft_type_to_reg(enum nft_data_types type) |
5876 |
+ { |
5877 |
+- return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1; |
5878 |
++ return type == NFT_DATA_VERDICT ? NFT_REG_VERDICT : NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE; |
5879 |
+ } |
5880 |
+ |
5881 |
+ unsigned int nft_parse_register(const struct nlattr *attr); |
5882 |
+diff --git a/include/target/iscsi/iscsi_target_core.h b/include/target/iscsi/iscsi_target_core.h |
5883 |
+index 73abbc54063d..7bd03f867fca 100644 |
5884 |
+--- a/include/target/iscsi/iscsi_target_core.h |
5885 |
++++ b/include/target/iscsi/iscsi_target_core.h |
5886 |
+@@ -787,7 +787,6 @@ struct iscsi_np { |
5887 |
+ enum iscsi_timer_flags_table np_login_timer_flags; |
5888 |
+ u32 np_exports; |
5889 |
+ enum np_flags_table np_flags; |
5890 |
+- unsigned char np_ip[IPV6_ADDRESS_SPACE]; |
5891 |
+ u16 np_port; |
5892 |
+ spinlock_t np_thread_lock; |
5893 |
+ struct completion np_restart_comp; |
5894 |
+diff --git a/include/xen/interface/sched.h b/include/xen/interface/sched.h |
5895 |
+index 9ce083960a25..f18490985fc8 100644 |
5896 |
+--- a/include/xen/interface/sched.h |
5897 |
++++ b/include/xen/interface/sched.h |
5898 |
+@@ -107,5 +107,13 @@ struct sched_watchdog { |
5899 |
+ #define SHUTDOWN_suspend 2 /* Clean up, save suspend info, kill. */ |
5900 |
+ #define SHUTDOWN_crash 3 /* Tell controller we've crashed. */ |
5901 |
+ #define SHUTDOWN_watchdog 4 /* Restart because watchdog time expired. */ |
5902 |
++/* |
5903 |
++ * Domain asked to perform 'soft reset' for it. The expected behavior is to |
5904 |
++ * reset internal Xen state for the domain returning it to the point where it |
5905 |
++ * was created but leaving the domain's memory contents and vCPU contexts |
5906 |
++ * intact. This will allow the domain to start over and set up all Xen specific |
5907 |
++ * interfaces again. |
5908 |
++ */ |
5909 |
++#define SHUTDOWN_soft_reset 5 |
5910 |
+ |
5911 |
+ #endif /* __XEN_PUBLIC_SCHED_H__ */ |
5912 |
+diff --git a/ipc/msg.c b/ipc/msg.c |
5913 |
+index 2b6fdbb9e0e9..652540613d26 100644 |
5914 |
+--- a/ipc/msg.c |
5915 |
++++ b/ipc/msg.c |
5916 |
+@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
5917 |
+ return retval; |
5918 |
+ } |
5919 |
+ |
5920 |
+- /* ipc_addid() locks msq upon success. */ |
5921 |
+- id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); |
5922 |
+- if (id < 0) { |
5923 |
+- ipc_rcu_putref(msq, msg_rcu_free); |
5924 |
+- return id; |
5925 |
+- } |
5926 |
+- |
5927 |
+ msq->q_stime = msq->q_rtime = 0; |
5928 |
+ msq->q_ctime = get_seconds(); |
5929 |
+ msq->q_cbytes = msq->q_qnum = 0; |
5930 |
+@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params) |
5931 |
+ INIT_LIST_HEAD(&msq->q_receivers); |
5932 |
+ INIT_LIST_HEAD(&msq->q_senders); |
5933 |
+ |
5934 |
++ /* ipc_addid() locks msq upon success. */ |
5935 |
++ id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni); |
5936 |
++ if (id < 0) { |
5937 |
++ ipc_rcu_putref(msq, msg_rcu_free); |
5938 |
++ return id; |
5939 |
++ } |
5940 |
++ |
5941 |
+ ipc_unlock_object(&msq->q_perm); |
5942 |
+ rcu_read_unlock(); |
5943 |
+ |
5944 |
+diff --git a/ipc/shm.c b/ipc/shm.c |
5945 |
+index 6d767071c367..499a8bd22fad 100644 |
5946 |
+--- a/ipc/shm.c |
5947 |
++++ b/ipc/shm.c |
5948 |
+@@ -550,12 +550,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) |
5949 |
+ if (IS_ERR(file)) |
5950 |
+ goto no_file; |
5951 |
+ |
5952 |
+- id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni); |
5953 |
+- if (id < 0) { |
5954 |
+- error = id; |
5955 |
+- goto no_id; |
5956 |
+- } |
5957 |
+- |
5958 |
+ shp->shm_cprid = task_tgid_vnr(current); |
5959 |
+ shp->shm_lprid = 0; |
5960 |
+ shp->shm_atim = shp->shm_dtim = 0; |
5961 |
+@@ -564,6 +558,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) |
5962 |
+ shp->shm_nattch = 0; |
5963 |
+ shp->shm_file = file; |
5964 |
+ shp->shm_creator = current; |
5965 |
++ |
5966 |
++ id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni); |
5967 |
++ if (id < 0) { |
5968 |
++ error = id; |
5969 |
++ goto no_id; |
5970 |
++ } |
5971 |
++ |
5972 |
+ list_add(&shp->shm_clist, ¤t->sysvshm.shm_clist); |
5973 |
+ |
5974 |
+ /* |
5975 |
+diff --git a/ipc/util.c b/ipc/util.c |
5976 |
+index ff3323ef8d8b..c917e9fd10b1 100644 |
5977 |
+--- a/ipc/util.c |
5978 |
++++ b/ipc/util.c |
5979 |
+@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size) |
5980 |
+ rcu_read_lock(); |
5981 |
+ spin_lock(&new->lock); |
5982 |
+ |
5983 |
++ current_euid_egid(&euid, &egid); |
5984 |
++ new->cuid = new->uid = euid; |
5985 |
++ new->gid = new->cgid = egid; |
5986 |
++ |
5987 |
+ id = idr_alloc(&ids->ipcs_idr, new, |
5988 |
+ (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0, |
5989 |
+ GFP_NOWAIT); |
5990 |
+@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size) |
5991 |
+ |
5992 |
+ ids->in_use++; |
5993 |
+ |
5994 |
+- current_euid_egid(&euid, &egid); |
5995 |
+- new->cuid = new->uid = euid; |
5996 |
+- new->gid = new->cgid = egid; |
5997 |
+- |
5998 |
+ if (next_id < 0) { |
5999 |
+ new->seq = ids->seq++; |
6000 |
+ if (ids->seq > IPCID_SEQ_MAX) |
6001 |
+diff --git a/kernel/events/core.c b/kernel/events/core.c |
6002 |
+index 94817491407b..e1af58e23bee 100644 |
6003 |
+--- a/kernel/events/core.c |
6004 |
++++ b/kernel/events/core.c |
6005 |
+@@ -4411,14 +4411,6 @@ static void ring_buffer_wakeup(struct perf_event *event) |
6006 |
+ rcu_read_unlock(); |
6007 |
+ } |
6008 |
+ |
6009 |
+-static void rb_free_rcu(struct rcu_head *rcu_head) |
6010 |
+-{ |
6011 |
+- struct ring_buffer *rb; |
6012 |
+- |
6013 |
+- rb = container_of(rcu_head, struct ring_buffer, rcu_head); |
6014 |
+- rb_free(rb); |
6015 |
+-} |
6016 |
+- |
6017 |
+ struct ring_buffer *ring_buffer_get(struct perf_event *event) |
6018 |
+ { |
6019 |
+ struct ring_buffer *rb; |
6020 |
+diff --git a/kernel/events/internal.h b/kernel/events/internal.h |
6021 |
+index 9f6ce9ba4a04..a6adc36a3732 100644 |
6022 |
+--- a/kernel/events/internal.h |
6023 |
++++ b/kernel/events/internal.h |
6024 |
+@@ -11,6 +11,7 @@ |
6025 |
+ struct ring_buffer { |
6026 |
+ atomic_t refcount; |
6027 |
+ struct rcu_head rcu_head; |
6028 |
++ struct irq_work irq_work; |
6029 |
+ #ifdef CONFIG_PERF_USE_VMALLOC |
6030 |
+ struct work_struct work; |
6031 |
+ int page_order; /* allocation order */ |
6032 |
+@@ -55,6 +56,15 @@ struct ring_buffer { |
6033 |
+ }; |
6034 |
+ |
6035 |
+ extern void rb_free(struct ring_buffer *rb); |
6036 |
++ |
6037 |
++static inline void rb_free_rcu(struct rcu_head *rcu_head) |
6038 |
++{ |
6039 |
++ struct ring_buffer *rb; |
6040 |
++ |
6041 |
++ rb = container_of(rcu_head, struct ring_buffer, rcu_head); |
6042 |
++ rb_free(rb); |
6043 |
++} |
6044 |
++ |
6045 |
+ extern struct ring_buffer * |
6046 |
+ rb_alloc(int nr_pages, long watermark, int cpu, int flags); |
6047 |
+ extern void perf_event_wakeup(struct perf_event *event); |
6048 |
+diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c |
6049 |
+index a7604c81168e..7f63ad978cb8 100644 |
6050 |
+--- a/kernel/events/ring_buffer.c |
6051 |
++++ b/kernel/events/ring_buffer.c |
6052 |
+@@ -221,6 +221,8 @@ void perf_output_end(struct perf_output_handle *handle) |
6053 |
+ rcu_read_unlock(); |
6054 |
+ } |
6055 |
+ |
6056 |
++static void rb_irq_work(struct irq_work *work); |
6057 |
++ |
6058 |
+ static void |
6059 |
+ ring_buffer_init(struct ring_buffer *rb, long watermark, int flags) |
6060 |
+ { |
6061 |
+@@ -241,6 +243,16 @@ ring_buffer_init(struct ring_buffer *rb, long watermark, int flags) |
6062 |
+ |
6063 |
+ INIT_LIST_HEAD(&rb->event_list); |
6064 |
+ spin_lock_init(&rb->event_lock); |
6065 |
++ init_irq_work(&rb->irq_work, rb_irq_work); |
6066 |
++} |
6067 |
++ |
6068 |
++static void ring_buffer_put_async(struct ring_buffer *rb) |
6069 |
++{ |
6070 |
++ if (!atomic_dec_and_test(&rb->refcount)) |
6071 |
++ return; |
6072 |
++ |
6073 |
++ rb->rcu_head.next = (void *)rb; |
6074 |
++ irq_work_queue(&rb->irq_work); |
6075 |
+ } |
6076 |
+ |
6077 |
+ /* |
6078 |
+@@ -319,7 +331,7 @@ err_put: |
6079 |
+ rb_free_aux(rb); |
6080 |
+ |
6081 |
+ err: |
6082 |
+- ring_buffer_put(rb); |
6083 |
++ ring_buffer_put_async(rb); |
6084 |
+ handle->event = NULL; |
6085 |
+ |
6086 |
+ return NULL; |
6087 |
+@@ -370,7 +382,7 @@ void perf_aux_output_end(struct perf_output_handle *handle, unsigned long size, |
6088 |
+ |
6089 |
+ local_set(&rb->aux_nest, 0); |
6090 |
+ rb_free_aux(rb); |
6091 |
+- ring_buffer_put(rb); |
6092 |
++ ring_buffer_put_async(rb); |
6093 |
+ } |
6094 |
+ |
6095 |
+ /* |
6096 |
+@@ -559,7 +571,18 @@ static void __rb_free_aux(struct ring_buffer *rb) |
6097 |
+ void rb_free_aux(struct ring_buffer *rb) |
6098 |
+ { |
6099 |
+ if (atomic_dec_and_test(&rb->aux_refcount)) |
6100 |
++ irq_work_queue(&rb->irq_work); |
6101 |
++} |
6102 |
++ |
6103 |
++static void rb_irq_work(struct irq_work *work) |
6104 |
++{ |
6105 |
++ struct ring_buffer *rb = container_of(work, struct ring_buffer, irq_work); |
6106 |
++ |
6107 |
++ if (!atomic_read(&rb->aux_refcount)) |
6108 |
+ __rb_free_aux(rb); |
6109 |
++ |
6110 |
++ if (rb->rcu_head.next == (void *)rb) |
6111 |
++ call_rcu(&rb->rcu_head, rb_free_rcu); |
6112 |
+ } |
6113 |
+ |
6114 |
+ #ifndef CONFIG_PERF_USE_VMALLOC |
6115 |
+diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c |
6116 |
+index df2f4642d1e7..5c38f59741e2 100644 |
6117 |
+--- a/kernel/irq/proc.c |
6118 |
++++ b/kernel/irq/proc.c |
6119 |
+@@ -12,6 +12,7 @@ |
6120 |
+ #include <linux/seq_file.h> |
6121 |
+ #include <linux/interrupt.h> |
6122 |
+ #include <linux/kernel_stat.h> |
6123 |
++#include <linux/mutex.h> |
6124 |
+ |
6125 |
+ #include "internals.h" |
6126 |
+ |
6127 |
+@@ -323,18 +324,29 @@ void register_handler_proc(unsigned int irq, struct irqaction *action) |
6128 |
+ |
6129 |
+ void register_irq_proc(unsigned int irq, struct irq_desc *desc) |
6130 |
+ { |
6131 |
++ static DEFINE_MUTEX(register_lock); |
6132 |
+ char name [MAX_NAMELEN]; |
6133 |
+ |
6134 |
+- if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip) || desc->dir) |
6135 |
++ if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip)) |
6136 |
+ return; |
6137 |
+ |
6138 |
++ /* |
6139 |
++ * irq directories are registered only when a handler is |
6140 |
++ * added, not when the descriptor is created, so multiple |
6141 |
++ * tasks might try to register at the same time. |
6142 |
++ */ |
6143 |
++ mutex_lock(®ister_lock); |
6144 |
++ |
6145 |
++ if (desc->dir) |
6146 |
++ goto out_unlock; |
6147 |
++ |
6148 |
+ memset(name, 0, MAX_NAMELEN); |
6149 |
+ sprintf(name, "%d", irq); |
6150 |
+ |
6151 |
+ /* create /proc/irq/1234 */ |
6152 |
+ desc->dir = proc_mkdir(name, root_irq_dir); |
6153 |
+ if (!desc->dir) |
6154 |
+- return; |
6155 |
++ goto out_unlock; |
6156 |
+ |
6157 |
+ #ifdef CONFIG_SMP |
6158 |
+ /* create /proc/irq/<irq>/smp_affinity */ |
6159 |
+@@ -355,6 +367,9 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc) |
6160 |
+ |
6161 |
+ proc_create_data("spurious", 0444, desc->dir, |
6162 |
+ &irq_spurious_proc_fops, (void *)(long)irq); |
6163 |
++ |
6164 |
++out_unlock: |
6165 |
++ mutex_unlock(®ister_lock); |
6166 |
+ } |
6167 |
+ |
6168 |
+ void unregister_irq_proc(unsigned int irq, struct irq_desc *desc) |
6169 |
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
6170 |
+index e6910526c84b..8476206a1e19 100644 |
6171 |
+--- a/kernel/sched/core.c |
6172 |
++++ b/kernel/sched/core.c |
6173 |
+@@ -2217,11 +2217,11 @@ static struct rq *finish_task_switch(struct task_struct *prev) |
6174 |
+ * If a task dies, then it sets TASK_DEAD in tsk->state and calls |
6175 |
+ * schedule one last time. The schedule call will never return, and |
6176 |
+ * the scheduled task must drop that reference. |
6177 |
+- * The test for TASK_DEAD must occur while the runqueue locks are |
6178 |
+- * still held, otherwise prev could be scheduled on another cpu, die |
6179 |
+- * there before we look at prev->state, and then the reference would |
6180 |
+- * be dropped twice. |
6181 |
+- * Manfred Spraul <manfred@××××××××××××.com> |
6182 |
++ * |
6183 |
++ * We must observe prev->state before clearing prev->on_cpu (in |
6184 |
++ * finish_lock_switch), otherwise a concurrent wakeup can get prev |
6185 |
++ * running on another CPU and we could rave with its RUNNING -> DEAD |
6186 |
++ * transition, resulting in a double drop. |
6187 |
+ */ |
6188 |
+ prev_state = prev->state; |
6189 |
+ vtime_task_switch(prev); |
6190 |
+@@ -2358,13 +2358,20 @@ unsigned long nr_running(void) |
6191 |
+ |
6192 |
+ /* |
6193 |
+ * Check if only the current task is running on the cpu. |
6194 |
++ * |
6195 |
++ * Caution: this function does not check that the caller has disabled |
6196 |
++ * preemption, thus the result might have a time-of-check-to-time-of-use |
6197 |
++ * race. The caller is responsible to use it correctly, for example: |
6198 |
++ * |
6199 |
++ * - from a non-preemptable section (of course) |
6200 |
++ * |
6201 |
++ * - from a thread that is bound to a single CPU |
6202 |
++ * |
6203 |
++ * - in a loop with very short iterations (e.g. a polling loop) |
6204 |
+ */ |
6205 |
+ bool single_task_running(void) |
6206 |
+ { |
6207 |
+- if (cpu_rq(smp_processor_id())->nr_running == 1) |
6208 |
+- return true; |
6209 |
+- else |
6210 |
+- return false; |
6211 |
++ return raw_rq()->nr_running == 1; |
6212 |
+ } |
6213 |
+ EXPORT_SYMBOL(single_task_running); |
6214 |
+ |
6215 |
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
6216 |
+index c2980e8733bc..77690b653ca9 100644 |
6217 |
+--- a/kernel/sched/fair.c |
6218 |
++++ b/kernel/sched/fair.c |
6219 |
+@@ -5126,18 +5126,21 @@ again: |
6220 |
+ * entity, update_curr() will update its vruntime, otherwise |
6221 |
+ * forget we've ever seen it. |
6222 |
+ */ |
6223 |
+- if (curr && curr->on_rq) |
6224 |
+- update_curr(cfs_rq); |
6225 |
+- else |
6226 |
+- curr = NULL; |
6227 |
++ if (curr) { |
6228 |
++ if (curr->on_rq) |
6229 |
++ update_curr(cfs_rq); |
6230 |
++ else |
6231 |
++ curr = NULL; |
6232 |
+ |
6233 |
+- /* |
6234 |
+- * This call to check_cfs_rq_runtime() will do the throttle and |
6235 |
+- * dequeue its entity in the parent(s). Therefore the 'simple' |
6236 |
+- * nr_running test will indeed be correct. |
6237 |
+- */ |
6238 |
+- if (unlikely(check_cfs_rq_runtime(cfs_rq))) |
6239 |
+- goto simple; |
6240 |
++ /* |
6241 |
++ * This call to check_cfs_rq_runtime() will do the |
6242 |
++ * throttle and dequeue its entity in the parent(s). |
6243 |
++ * Therefore the 'simple' nr_running test will indeed |
6244 |
++ * be correct. |
6245 |
++ */ |
6246 |
++ if (unlikely(check_cfs_rq_runtime(cfs_rq))) |
6247 |
++ goto simple; |
6248 |
++ } |
6249 |
+ |
6250 |
+ se = pick_next_entity(cfs_rq, curr); |
6251 |
+ cfs_rq = group_cfs_rq(se); |
6252 |
+diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h |
6253 |
+index e0e129993958..aa1f059de4f7 100644 |
6254 |
+--- a/kernel/sched/sched.h |
6255 |
++++ b/kernel/sched/sched.h |
6256 |
+@@ -1068,9 +1068,10 @@ static inline void finish_lock_switch(struct rq *rq, struct task_struct *prev) |
6257 |
+ * After ->on_cpu is cleared, the task can be moved to a different CPU. |
6258 |
+ * We must ensure this doesn't happen until the switch is completely |
6259 |
+ * finished. |
6260 |
++ * |
6261 |
++ * Pairs with the control dependency and rmb in try_to_wake_up(). |
6262 |
+ */ |
6263 |
+- smp_wmb(); |
6264 |
+- prev->on_cpu = 0; |
6265 |
++ smp_store_release(&prev->on_cpu, 0); |
6266 |
+ #endif |
6267 |
+ #ifdef CONFIG_DEBUG_SPINLOCK |
6268 |
+ /* this is a valid case when another task releases the spinlock */ |
6269 |
+diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c |
6270 |
+index 946acb72179f..414d9df94724 100644 |
6271 |
+--- a/kernel/time/timekeeping.c |
6272 |
++++ b/kernel/time/timekeeping.c |
6273 |
+@@ -1615,7 +1615,7 @@ static __always_inline void timekeeping_freqadjust(struct timekeeper *tk, |
6274 |
+ negative = (tick_error < 0); |
6275 |
+ |
6276 |
+ /* Sort out the magnitude of the correction */ |
6277 |
+- tick_error = abs(tick_error); |
6278 |
++ tick_error = abs64(tick_error); |
6279 |
+ for (adj = 0; tick_error > interval; adj++) |
6280 |
+ tick_error >>= 1; |
6281 |
+ |
6282 |
+diff --git a/lib/iommu-common.c b/lib/iommu-common.c |
6283 |
+index df30632f0bef..4fdeee02e0a9 100644 |
6284 |
+--- a/lib/iommu-common.c |
6285 |
++++ b/lib/iommu-common.c |
6286 |
+@@ -21,8 +21,7 @@ static DEFINE_PER_CPU(unsigned int, iommu_hash_common); |
6287 |
+ |
6288 |
+ static inline bool need_flush(struct iommu_map_table *iommu) |
6289 |
+ { |
6290 |
+- return (iommu->lazy_flush != NULL && |
6291 |
+- (iommu->flags & IOMMU_NEED_FLUSH) != 0); |
6292 |
++ return ((iommu->flags & IOMMU_NEED_FLUSH) != 0); |
6293 |
+ } |
6294 |
+ |
6295 |
+ static inline void set_flush(struct iommu_map_table *iommu) |
6296 |
+@@ -211,7 +210,8 @@ unsigned long iommu_tbl_range_alloc(struct device *dev, |
6297 |
+ goto bail; |
6298 |
+ } |
6299 |
+ } |
6300 |
+- if (n < pool->hint || need_flush(iommu)) { |
6301 |
++ if (iommu->lazy_flush && |
6302 |
++ (n < pool->hint || need_flush(iommu))) { |
6303 |
+ clear_flush(iommu); |
6304 |
+ iommu->lazy_flush(iommu); |
6305 |
+ } |
6306 |
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
6307 |
+index 8c4c1f9f9a9a..a6ff935476e3 100644 |
6308 |
+--- a/mm/hugetlb.c |
6309 |
++++ b/mm/hugetlb.c |
6310 |
+@@ -2897,6 +2897,14 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, |
6311 |
+ continue; |
6312 |
+ |
6313 |
+ /* |
6314 |
++ * Shared VMAs have their own reserves and do not affect |
6315 |
++ * MAP_PRIVATE accounting but it is possible that a shared |
6316 |
++ * VMA is using the same page so check and skip such VMAs. |
6317 |
++ */ |
6318 |
++ if (iter_vma->vm_flags & VM_MAYSHARE) |
6319 |
++ continue; |
6320 |
++ |
6321 |
++ /* |
6322 |
+ * Unmap the page from other VMAs without their own reserves. |
6323 |
+ * They get marked to be SIGKILLed if they fault in these |
6324 |
+ * areas. This is because a future no-page fault on this VMA |
6325 |
+diff --git a/mm/migrate.c b/mm/migrate.c |
6326 |
+index f53838fe3dfe..2c37b1a44a8c 100644 |
6327 |
+--- a/mm/migrate.c |
6328 |
++++ b/mm/migrate.c |
6329 |
+@@ -1062,7 +1062,7 @@ out: |
6330 |
+ if (rc != MIGRATEPAGE_SUCCESS && put_new_page) |
6331 |
+ put_new_page(new_hpage, private); |
6332 |
+ else |
6333 |
+- put_page(new_hpage); |
6334 |
++ putback_active_hugepage(new_hpage); |
6335 |
+ |
6336 |
+ if (result) { |
6337 |
+ if (rc) |
6338 |
+diff --git a/mm/slab.c b/mm/slab.c |
6339 |
+index 3dd2d1ff9d5d..330039fdcf18 100644 |
6340 |
+--- a/mm/slab.c |
6341 |
++++ b/mm/slab.c |
6342 |
+@@ -2189,9 +2189,16 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags) |
6343 |
+ size += BYTES_PER_WORD; |
6344 |
+ } |
6345 |
+ #if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC) |
6346 |
+- if (size >= kmalloc_size(INDEX_NODE + 1) |
6347 |
+- && cachep->object_size > cache_line_size() |
6348 |
+- && ALIGN(size, cachep->align) < PAGE_SIZE) { |
6349 |
++ /* |
6350 |
++ * To activate debug pagealloc, off-slab management is necessary |
6351 |
++ * requirement. In early phase of initialization, small sized slab |
6352 |
++ * doesn't get initialized so it would not be possible. So, we need |
6353 |
++ * to check size >= 256. It guarantees that all necessary small |
6354 |
++ * sized slab is initialized in current slab initialization sequence. |
6355 |
++ */ |
6356 |
++ if (!slab_early_init && size >= kmalloc_size(INDEX_NODE) && |
6357 |
++ size >= 256 && cachep->object_size > cache_line_size() && |
6358 |
++ ALIGN(size, cachep->align) < PAGE_SIZE) { |
6359 |
+ cachep->obj_offset += PAGE_SIZE - ALIGN(size, cachep->align); |
6360 |
+ size = PAGE_SIZE; |
6361 |
+ } |
6362 |
+diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c |
6363 |
+index aad022dd15df..95b3167cf036 100644 |
6364 |
+--- a/net/batman-adv/distributed-arp-table.c |
6365 |
++++ b/net/batman-adv/distributed-arp-table.c |
6366 |
+@@ -15,6 +15,7 @@ |
6367 |
+ * along with this program; if not, see <http://www.gnu.org/licenses/>. |
6368 |
+ */ |
6369 |
+ |
6370 |
++#include <linux/bitops.h> |
6371 |
+ #include <linux/if_ether.h> |
6372 |
+ #include <linux/if_arp.h> |
6373 |
+ #include <linux/if_vlan.h> |
6374 |
+@@ -422,7 +423,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res, |
6375 |
+ int j; |
6376 |
+ |
6377 |
+ /* check if orig node candidate is running DAT */ |
6378 |
+- if (!(candidate->capabilities & BATADV_ORIG_CAPA_HAS_DAT)) |
6379 |
++ if (!test_bit(BATADV_ORIG_CAPA_HAS_DAT, &candidate->capabilities)) |
6380 |
+ goto out; |
6381 |
+ |
6382 |
+ /* Check if this node has already been selected... */ |
6383 |
+@@ -682,9 +683,9 @@ static void batadv_dat_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv, |
6384 |
+ uint16_t tvlv_value_len) |
6385 |
+ { |
6386 |
+ if (flags & BATADV_TVLV_HANDLER_OGM_CIFNOTFND) |
6387 |
+- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_DAT; |
6388 |
++ clear_bit(BATADV_ORIG_CAPA_HAS_DAT, &orig->capabilities); |
6389 |
+ else |
6390 |
+- orig->capabilities |= BATADV_ORIG_CAPA_HAS_DAT; |
6391 |
++ set_bit(BATADV_ORIG_CAPA_HAS_DAT, &orig->capabilities); |
6392 |
+ } |
6393 |
+ |
6394 |
+ /** |
6395 |
+diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c |
6396 |
+index b24e4bb64fb5..8653c1a506f4 100644 |
6397 |
+--- a/net/batman-adv/multicast.c |
6398 |
++++ b/net/batman-adv/multicast.c |
6399 |
+@@ -15,6 +15,8 @@ |
6400 |
+ * along with this program; if not, see <http://www.gnu.org/licenses/>. |
6401 |
+ */ |
6402 |
+ |
6403 |
++#include <linux/bitops.h> |
6404 |
++#include <linux/bug.h> |
6405 |
+ #include "main.h" |
6406 |
+ #include "multicast.h" |
6407 |
+ #include "originator.h" |
6408 |
+@@ -565,19 +567,26 @@ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, |
6409 |
+ * |
6410 |
+ * If the BATADV_MCAST_WANT_ALL_UNSNOOPABLES flag of this originator, |
6411 |
+ * orig, has toggled then this method updates counter and list accordingly. |
6412 |
++ * |
6413 |
++ * Caller needs to hold orig->mcast_handler_lock. |
6414 |
+ */ |
6415 |
+ static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv, |
6416 |
+ struct batadv_orig_node *orig, |
6417 |
+ uint8_t mcast_flags) |
6418 |
+ { |
6419 |
++ struct hlist_node *node = &orig->mcast_want_all_unsnoopables_node; |
6420 |
++ struct hlist_head *head = &bat_priv->mcast.want_all_unsnoopables_list; |
6421 |
++ |
6422 |
+ /* switched from flag unset to set */ |
6423 |
+ if (mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES && |
6424 |
+ !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES)) { |
6425 |
+ atomic_inc(&bat_priv->mcast.num_want_all_unsnoopables); |
6426 |
+ |
6427 |
+ spin_lock_bh(&bat_priv->mcast.want_lists_lock); |
6428 |
+- hlist_add_head_rcu(&orig->mcast_want_all_unsnoopables_node, |
6429 |
+- &bat_priv->mcast.want_all_unsnoopables_list); |
6430 |
++ /* flag checks above + mcast_handler_lock prevents this */ |
6431 |
++ WARN_ON(!hlist_unhashed(node)); |
6432 |
++ |
6433 |
++ hlist_add_head_rcu(node, head); |
6434 |
+ spin_unlock_bh(&bat_priv->mcast.want_lists_lock); |
6435 |
+ /* switched from flag set to unset */ |
6436 |
+ } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES) && |
6437 |
+@@ -585,7 +594,10 @@ static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv, |
6438 |
+ atomic_dec(&bat_priv->mcast.num_want_all_unsnoopables); |
6439 |
+ |
6440 |
+ spin_lock_bh(&bat_priv->mcast.want_lists_lock); |
6441 |
+- hlist_del_rcu(&orig->mcast_want_all_unsnoopables_node); |
6442 |
++ /* flag checks above + mcast_handler_lock prevents this */ |
6443 |
++ WARN_ON(hlist_unhashed(node)); |
6444 |
++ |
6445 |
++ hlist_del_init_rcu(node); |
6446 |
+ spin_unlock_bh(&bat_priv->mcast.want_lists_lock); |
6447 |
+ } |
6448 |
+ } |
6449 |
+@@ -598,19 +610,26 @@ static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv, |
6450 |
+ * |
6451 |
+ * If the BATADV_MCAST_WANT_ALL_IPV4 flag of this originator, orig, has |
6452 |
+ * toggled then this method updates counter and list accordingly. |
6453 |
++ * |
6454 |
++ * Caller needs to hold orig->mcast_handler_lock. |
6455 |
+ */ |
6456 |
+ static void batadv_mcast_want_ipv4_update(struct batadv_priv *bat_priv, |
6457 |
+ struct batadv_orig_node *orig, |
6458 |
+ uint8_t mcast_flags) |
6459 |
+ { |
6460 |
++ struct hlist_node *node = &orig->mcast_want_all_ipv4_node; |
6461 |
++ struct hlist_head *head = &bat_priv->mcast.want_all_ipv4_list; |
6462 |
++ |
6463 |
+ /* switched from flag unset to set */ |
6464 |
+ if (mcast_flags & BATADV_MCAST_WANT_ALL_IPV4 && |
6465 |
+ !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_IPV4)) { |
6466 |
+ atomic_inc(&bat_priv->mcast.num_want_all_ipv4); |
6467 |
+ |
6468 |
+ spin_lock_bh(&bat_priv->mcast.want_lists_lock); |
6469 |
+- hlist_add_head_rcu(&orig->mcast_want_all_ipv4_node, |
6470 |
+- &bat_priv->mcast.want_all_ipv4_list); |
6471 |
++ /* flag checks above + mcast_handler_lock prevents this */ |
6472 |
++ WARN_ON(!hlist_unhashed(node)); |
6473 |
++ |
6474 |
++ hlist_add_head_rcu(node, head); |
6475 |
+ spin_unlock_bh(&bat_priv->mcast.want_lists_lock); |
6476 |
+ /* switched from flag set to unset */ |
6477 |
+ } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_IPV4) && |
6478 |
+@@ -618,7 +637,10 @@ static void batadv_mcast_want_ipv4_update(struct batadv_priv *bat_priv, |
6479 |
+ atomic_dec(&bat_priv->mcast.num_want_all_ipv4); |
6480 |
+ |
6481 |
+ spin_lock_bh(&bat_priv->mcast.want_lists_lock); |
6482 |
+- hlist_del_rcu(&orig->mcast_want_all_ipv4_node); |
6483 |
++ /* flag checks above + mcast_handler_lock prevents this */ |
6484 |
++ WARN_ON(hlist_unhashed(node)); |
6485 |
++ |
6486 |
++ hlist_del_init_rcu(node); |
6487 |
+ spin_unlock_bh(&bat_priv->mcast.want_lists_lock); |
6488 |
+ } |
6489 |
+ } |
6490 |
+@@ -631,19 +653,26 @@ static void batadv_mcast_want_ipv4_update(struct batadv_priv *bat_priv, |
6491 |
+ * |
6492 |
+ * If the BATADV_MCAST_WANT_ALL_IPV6 flag of this originator, orig, has |
6493 |
+ * toggled then this method updates counter and list accordingly. |
6494 |
++ * |
6495 |
++ * Caller needs to hold orig->mcast_handler_lock. |
6496 |
+ */ |
6497 |
+ static void batadv_mcast_want_ipv6_update(struct batadv_priv *bat_priv, |
6498 |
+ struct batadv_orig_node *orig, |
6499 |
+ uint8_t mcast_flags) |
6500 |
+ { |
6501 |
++ struct hlist_node *node = &orig->mcast_want_all_ipv6_node; |
6502 |
++ struct hlist_head *head = &bat_priv->mcast.want_all_ipv6_list; |
6503 |
++ |
6504 |
+ /* switched from flag unset to set */ |
6505 |
+ if (mcast_flags & BATADV_MCAST_WANT_ALL_IPV6 && |
6506 |
+ !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_IPV6)) { |
6507 |
+ atomic_inc(&bat_priv->mcast.num_want_all_ipv6); |
6508 |
+ |
6509 |
+ spin_lock_bh(&bat_priv->mcast.want_lists_lock); |
6510 |
+- hlist_add_head_rcu(&orig->mcast_want_all_ipv6_node, |
6511 |
+- &bat_priv->mcast.want_all_ipv6_list); |
6512 |
++ /* flag checks above + mcast_handler_lock prevents this */ |
6513 |
++ WARN_ON(!hlist_unhashed(node)); |
6514 |
++ |
6515 |
++ hlist_add_head_rcu(node, head); |
6516 |
+ spin_unlock_bh(&bat_priv->mcast.want_lists_lock); |
6517 |
+ /* switched from flag set to unset */ |
6518 |
+ } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_IPV6) && |
6519 |
+@@ -651,7 +680,10 @@ static void batadv_mcast_want_ipv6_update(struct batadv_priv *bat_priv, |
6520 |
+ atomic_dec(&bat_priv->mcast.num_want_all_ipv6); |
6521 |
+ |
6522 |
+ spin_lock_bh(&bat_priv->mcast.want_lists_lock); |
6523 |
+- hlist_del_rcu(&orig->mcast_want_all_ipv6_node); |
6524 |
++ /* flag checks above + mcast_handler_lock prevents this */ |
6525 |
++ WARN_ON(hlist_unhashed(node)); |
6526 |
++ |
6527 |
++ hlist_del_init_rcu(node); |
6528 |
+ spin_unlock_bh(&bat_priv->mcast.want_lists_lock); |
6529 |
+ } |
6530 |
+ } |
6531 |
+@@ -674,39 +706,42 @@ static void batadv_mcast_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv, |
6532 |
+ uint8_t mcast_flags = BATADV_NO_FLAGS; |
6533 |
+ bool orig_initialized; |
6534 |
+ |
6535 |
+- orig_initialized = orig->capa_initialized & BATADV_ORIG_CAPA_HAS_MCAST; |
6536 |
++ if (orig_mcast_enabled && tvlv_value && |
6537 |
++ (tvlv_value_len >= sizeof(mcast_flags))) |
6538 |
++ mcast_flags = *(uint8_t *)tvlv_value; |
6539 |
++ |
6540 |
++ spin_lock_bh(&orig->mcast_handler_lock); |
6541 |
++ orig_initialized = test_bit(BATADV_ORIG_CAPA_HAS_MCAST, |
6542 |
++ &orig->capa_initialized); |
6543 |
+ |
6544 |
+ /* If mcast support is turned on decrease the disabled mcast node |
6545 |
+ * counter only if we had increased it for this node before. If this |
6546 |
+ * is a completely new orig_node no need to decrease the counter. |
6547 |
+ */ |
6548 |
+ if (orig_mcast_enabled && |
6549 |
+- !(orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST)) { |
6550 |
++ !test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities)) { |
6551 |
+ if (orig_initialized) |
6552 |
+ atomic_dec(&bat_priv->mcast.num_disabled); |
6553 |
+- orig->capabilities |= BATADV_ORIG_CAPA_HAS_MCAST; |
6554 |
++ set_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities); |
6555 |
+ /* If mcast support is being switched off or if this is an initial |
6556 |
+ * OGM without mcast support then increase the disabled mcast |
6557 |
+ * node counter. |
6558 |
+ */ |
6559 |
+ } else if (!orig_mcast_enabled && |
6560 |
+- (orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST || |
6561 |
++ (test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities) || |
6562 |
+ !orig_initialized)) { |
6563 |
+ atomic_inc(&bat_priv->mcast.num_disabled); |
6564 |
+- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_MCAST; |
6565 |
++ clear_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities); |
6566 |
+ } |
6567 |
+ |
6568 |
+- orig->capa_initialized |= BATADV_ORIG_CAPA_HAS_MCAST; |
6569 |
+- |
6570 |
+- if (orig_mcast_enabled && tvlv_value && |
6571 |
+- (tvlv_value_len >= sizeof(mcast_flags))) |
6572 |
+- mcast_flags = *(uint8_t *)tvlv_value; |
6573 |
++ set_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capa_initialized); |
6574 |
+ |
6575 |
+ batadv_mcast_want_unsnoop_update(bat_priv, orig, mcast_flags); |
6576 |
+ batadv_mcast_want_ipv4_update(bat_priv, orig, mcast_flags); |
6577 |
+ batadv_mcast_want_ipv6_update(bat_priv, orig, mcast_flags); |
6578 |
+ |
6579 |
+ orig->mcast_flags = mcast_flags; |
6580 |
++ spin_unlock_bh(&orig->mcast_handler_lock); |
6581 |
+ } |
6582 |
+ |
6583 |
+ /** |
6584 |
+@@ -740,11 +775,15 @@ void batadv_mcast_purge_orig(struct batadv_orig_node *orig) |
6585 |
+ { |
6586 |
+ struct batadv_priv *bat_priv = orig->bat_priv; |
6587 |
+ |
6588 |
+- if (!(orig->capabilities & BATADV_ORIG_CAPA_HAS_MCAST) && |
6589 |
+- orig->capa_initialized & BATADV_ORIG_CAPA_HAS_MCAST) |
6590 |
++ spin_lock_bh(&orig->mcast_handler_lock); |
6591 |
++ |
6592 |
++ if (!test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities) && |
6593 |
++ test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capa_initialized)) |
6594 |
+ atomic_dec(&bat_priv->mcast.num_disabled); |
6595 |
+ |
6596 |
+ batadv_mcast_want_unsnoop_update(bat_priv, orig, BATADV_NO_FLAGS); |
6597 |
+ batadv_mcast_want_ipv4_update(bat_priv, orig, BATADV_NO_FLAGS); |
6598 |
+ batadv_mcast_want_ipv6_update(bat_priv, orig, BATADV_NO_FLAGS); |
6599 |
++ |
6600 |
++ spin_unlock_bh(&orig->mcast_handler_lock); |
6601 |
+ } |
6602 |
+diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c |
6603 |
+index 127cc4d7380a..a449195c5b2b 100644 |
6604 |
+--- a/net/batman-adv/network-coding.c |
6605 |
++++ b/net/batman-adv/network-coding.c |
6606 |
+@@ -15,6 +15,7 @@ |
6607 |
+ * along with this program; if not, see <http://www.gnu.org/licenses/>. |
6608 |
+ */ |
6609 |
+ |
6610 |
++#include <linux/bitops.h> |
6611 |
+ #include <linux/debugfs.h> |
6612 |
+ |
6613 |
+ #include "main.h" |
6614 |
+@@ -105,9 +106,9 @@ static void batadv_nc_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv, |
6615 |
+ uint16_t tvlv_value_len) |
6616 |
+ { |
6617 |
+ if (flags & BATADV_TVLV_HANDLER_OGM_CIFNOTFND) |
6618 |
+- orig->capabilities &= ~BATADV_ORIG_CAPA_HAS_NC; |
6619 |
++ clear_bit(BATADV_ORIG_CAPA_HAS_NC, &orig->capabilities); |
6620 |
+ else |
6621 |
+- orig->capabilities |= BATADV_ORIG_CAPA_HAS_NC; |
6622 |
++ set_bit(BATADV_ORIG_CAPA_HAS_NC, &orig->capabilities); |
6623 |
+ } |
6624 |
+ |
6625 |
+ /** |
6626 |
+@@ -871,7 +872,7 @@ void batadv_nc_update_nc_node(struct batadv_priv *bat_priv, |
6627 |
+ goto out; |
6628 |
+ |
6629 |
+ /* check if orig node is network coding enabled */ |
6630 |
+- if (!(orig_node->capabilities & BATADV_ORIG_CAPA_HAS_NC)) |
6631 |
++ if (!test_bit(BATADV_ORIG_CAPA_HAS_NC, &orig_node->capabilities)) |
6632 |
+ goto out; |
6633 |
+ |
6634 |
+ /* accept ogms from 'good' neighbors and single hop neighbors */ |
6635 |
+diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c |
6636 |
+index 90e805aba379..dfae97408628 100644 |
6637 |
+--- a/net/batman-adv/originator.c |
6638 |
++++ b/net/batman-adv/originator.c |
6639 |
+@@ -678,8 +678,13 @@ struct batadv_orig_node *batadv_orig_node_new(struct batadv_priv *bat_priv, |
6640 |
+ orig_node->last_seen = jiffies; |
6641 |
+ reset_time = jiffies - 1 - msecs_to_jiffies(BATADV_RESET_PROTECTION_MS); |
6642 |
+ orig_node->bcast_seqno_reset = reset_time; |
6643 |
++ |
6644 |
+ #ifdef CONFIG_BATMAN_ADV_MCAST |
6645 |
+ orig_node->mcast_flags = BATADV_NO_FLAGS; |
6646 |
++ INIT_HLIST_NODE(&orig_node->mcast_want_all_unsnoopables_node); |
6647 |
++ INIT_HLIST_NODE(&orig_node->mcast_want_all_ipv4_node); |
6648 |
++ INIT_HLIST_NODE(&orig_node->mcast_want_all_ipv6_node); |
6649 |
++ spin_lock_init(&orig_node->mcast_handler_lock); |
6650 |
+ #endif |
6651 |
+ |
6652 |
+ /* create a vlan object for the "untagged" LAN */ |
6653 |
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c |
6654 |
+index 5ec31d7de24f..a0b1b861b968 100644 |
6655 |
+--- a/net/batman-adv/soft-interface.c |
6656 |
++++ b/net/batman-adv/soft-interface.c |
6657 |
+@@ -172,6 +172,7 @@ static int batadv_interface_tx(struct sk_buff *skb, |
6658 |
+ int gw_mode; |
6659 |
+ enum batadv_forw_mode forw_mode; |
6660 |
+ struct batadv_orig_node *mcast_single_orig = NULL; |
6661 |
++ int network_offset = ETH_HLEN; |
6662 |
+ |
6663 |
+ if (atomic_read(&bat_priv->mesh_state) != BATADV_MESH_ACTIVE) |
6664 |
+ goto dropped; |
6665 |
+@@ -184,14 +185,18 @@ static int batadv_interface_tx(struct sk_buff *skb, |
6666 |
+ case ETH_P_8021Q: |
6667 |
+ vhdr = vlan_eth_hdr(skb); |
6668 |
+ |
6669 |
+- if (vhdr->h_vlan_encapsulated_proto != ethertype) |
6670 |
++ if (vhdr->h_vlan_encapsulated_proto != ethertype) { |
6671 |
++ network_offset += VLAN_HLEN; |
6672 |
+ break; |
6673 |
++ } |
6674 |
+ |
6675 |
+ /* fall through */ |
6676 |
+ case ETH_P_BATMAN: |
6677 |
+ goto dropped; |
6678 |
+ } |
6679 |
+ |
6680 |
++ skb_set_network_header(skb, network_offset); |
6681 |
++ |
6682 |
+ if (batadv_bla_tx(bat_priv, skb, vid)) |
6683 |
+ goto dropped; |
6684 |
+ |
6685 |
+@@ -449,6 +454,9 @@ out: |
6686 |
+ */ |
6687 |
+ void batadv_softif_vlan_free_ref(struct batadv_softif_vlan *vlan) |
6688 |
+ { |
6689 |
++ if (!vlan) |
6690 |
++ return; |
6691 |
++ |
6692 |
+ if (atomic_dec_and_test(&vlan->refcount)) { |
6693 |
+ spin_lock_bh(&vlan->bat_priv->softif_vlan_list_lock); |
6694 |
+ hlist_del_rcu(&vlan->list); |
6695 |
+diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c |
6696 |
+index 07b263a437d1..4f2a9d2c56db 100644 |
6697 |
+--- a/net/batman-adv/translation-table.c |
6698 |
++++ b/net/batman-adv/translation-table.c |
6699 |
+@@ -15,6 +15,7 @@ |
6700 |
+ * along with this program; if not, see <http://www.gnu.org/licenses/>. |
6701 |
+ */ |
6702 |
+ |
6703 |
++#include <linux/bitops.h> |
6704 |
+ #include "main.h" |
6705 |
+ #include "translation-table.h" |
6706 |
+ #include "soft-interface.h" |
6707 |
+@@ -575,6 +576,9 @@ bool batadv_tt_local_add(struct net_device *soft_iface, const uint8_t *addr, |
6708 |
+ |
6709 |
+ /* increase the refcounter of the related vlan */ |
6710 |
+ vlan = batadv_softif_vlan_get(bat_priv, vid); |
6711 |
++ if (WARN(!vlan, "adding TT local entry %pM to non-existent VLAN %d", |
6712 |
++ addr, BATADV_PRINT_VID(vid))) |
6713 |
++ goto out; |
6714 |
+ |
6715 |
+ batadv_dbg(BATADV_DBG_TT, bat_priv, |
6716 |
+ "Creating new local tt entry: %pM (vid: %d, ttvn: %d)\n", |
6717 |
+@@ -1015,6 +1019,7 @@ uint16_t batadv_tt_local_remove(struct batadv_priv *bat_priv, |
6718 |
+ struct batadv_tt_local_entry *tt_local_entry; |
6719 |
+ uint16_t flags, curr_flags = BATADV_NO_FLAGS; |
6720 |
+ struct batadv_softif_vlan *vlan; |
6721 |
++ void *tt_entry_exists; |
6722 |
+ |
6723 |
+ tt_local_entry = batadv_tt_local_hash_find(bat_priv, addr, vid); |
6724 |
+ if (!tt_local_entry) |
6725 |
+@@ -1042,11 +1047,22 @@ uint16_t batadv_tt_local_remove(struct batadv_priv *bat_priv, |
6726 |
+ * immediately purge it |
6727 |
+ */ |
6728 |
+ batadv_tt_local_event(bat_priv, tt_local_entry, BATADV_TT_CLIENT_DEL); |
6729 |
+- hlist_del_rcu(&tt_local_entry->common.hash_entry); |
6730 |
++ |
6731 |
++ tt_entry_exists = batadv_hash_remove(bat_priv->tt.local_hash, |
6732 |
++ batadv_compare_tt, |
6733 |
++ batadv_choose_tt, |
6734 |
++ &tt_local_entry->common); |
6735 |
++ if (!tt_entry_exists) |
6736 |
++ goto out; |
6737 |
++ |
6738 |
++ /* extra call to free the local tt entry */ |
6739 |
+ batadv_tt_local_entry_free_ref(tt_local_entry); |
6740 |
+ |
6741 |
+ /* decrease the reference held for this vlan */ |
6742 |
+ vlan = batadv_softif_vlan_get(bat_priv, vid); |
6743 |
++ if (!vlan) |
6744 |
++ goto out; |
6745 |
++ |
6746 |
+ batadv_softif_vlan_free_ref(vlan); |
6747 |
+ batadv_softif_vlan_free_ref(vlan); |
6748 |
+ |
6749 |
+@@ -1147,8 +1163,10 @@ static void batadv_tt_local_table_free(struct batadv_priv *bat_priv) |
6750 |
+ /* decrease the reference held for this vlan */ |
6751 |
+ vlan = batadv_softif_vlan_get(bat_priv, |
6752 |
+ tt_common_entry->vid); |
6753 |
+- batadv_softif_vlan_free_ref(vlan); |
6754 |
+- batadv_softif_vlan_free_ref(vlan); |
6755 |
++ if (vlan) { |
6756 |
++ batadv_softif_vlan_free_ref(vlan); |
6757 |
++ batadv_softif_vlan_free_ref(vlan); |
6758 |
++ } |
6759 |
+ |
6760 |
+ batadv_tt_local_entry_free_ref(tt_local); |
6761 |
+ } |
6762 |
+@@ -1843,7 +1861,7 @@ void batadv_tt_global_del_orig(struct batadv_priv *bat_priv, |
6763 |
+ } |
6764 |
+ spin_unlock_bh(list_lock); |
6765 |
+ } |
6766 |
+- orig_node->capa_initialized &= ~BATADV_ORIG_CAPA_HAS_TT; |
6767 |
++ clear_bit(BATADV_ORIG_CAPA_HAS_TT, &orig_node->capa_initialized); |
6768 |
+ } |
6769 |
+ |
6770 |
+ static bool batadv_tt_global_to_purge(struct batadv_tt_global_entry *tt_global, |
6771 |
+@@ -2802,7 +2820,7 @@ static void _batadv_tt_update_changes(struct batadv_priv *bat_priv, |
6772 |
+ return; |
6773 |
+ } |
6774 |
+ } |
6775 |
+- orig_node->capa_initialized |= BATADV_ORIG_CAPA_HAS_TT; |
6776 |
++ set_bit(BATADV_ORIG_CAPA_HAS_TT, &orig_node->capa_initialized); |
6777 |
+ } |
6778 |
+ |
6779 |
+ static void batadv_tt_fill_gtable(struct batadv_priv *bat_priv, |
6780 |
+@@ -3188,8 +3206,10 @@ static void batadv_tt_local_purge_pending_clients(struct batadv_priv *bat_priv) |
6781 |
+ |
6782 |
+ /* decrease the reference held for this vlan */ |
6783 |
+ vlan = batadv_softif_vlan_get(bat_priv, tt_common->vid); |
6784 |
+- batadv_softif_vlan_free_ref(vlan); |
6785 |
+- batadv_softif_vlan_free_ref(vlan); |
6786 |
++ if (vlan) { |
6787 |
++ batadv_softif_vlan_free_ref(vlan); |
6788 |
++ batadv_softif_vlan_free_ref(vlan); |
6789 |
++ } |
6790 |
+ |
6791 |
+ batadv_tt_local_entry_free_ref(tt_local); |
6792 |
+ } |
6793 |
+@@ -3302,7 +3322,8 @@ static void batadv_tt_update_orig(struct batadv_priv *bat_priv, |
6794 |
+ bool has_tt_init; |
6795 |
+ |
6796 |
+ tt_vlan = (struct batadv_tvlv_tt_vlan_data *)tt_buff; |
6797 |
+- has_tt_init = orig_node->capa_initialized & BATADV_ORIG_CAPA_HAS_TT; |
6798 |
++ has_tt_init = test_bit(BATADV_ORIG_CAPA_HAS_TT, |
6799 |
++ &orig_node->capa_initialized); |
6800 |
+ |
6801 |
+ /* orig table not initialised AND first diff is in the OGM OR the ttvn |
6802 |
+ * increased by one -> we can apply the attached changes |
6803 |
+diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h |
6804 |
+index 9398c3fb4174..26c37be2aa05 100644 |
6805 |
+--- a/net/batman-adv/types.h |
6806 |
++++ b/net/batman-adv/types.h |
6807 |
+@@ -204,6 +204,7 @@ struct batadv_orig_bat_iv { |
6808 |
+ * @batadv_dat_addr_t: address of the orig node in the distributed hash |
6809 |
+ * @last_seen: time when last packet from this node was received |
6810 |
+ * @bcast_seqno_reset: time when the broadcast seqno window was reset |
6811 |
++ * @mcast_handler_lock: synchronizes mcast-capability and -flag changes |
6812 |
+ * @mcast_flags: multicast flags announced by the orig node |
6813 |
+ * @mcast_want_all_unsnoop_node: a list node for the |
6814 |
+ * mcast.want_all_unsnoopables list |
6815 |
+@@ -251,13 +252,15 @@ struct batadv_orig_node { |
6816 |
+ unsigned long last_seen; |
6817 |
+ unsigned long bcast_seqno_reset; |
6818 |
+ #ifdef CONFIG_BATMAN_ADV_MCAST |
6819 |
++ /* synchronizes mcast tvlv specific orig changes */ |
6820 |
++ spinlock_t mcast_handler_lock; |
6821 |
+ uint8_t mcast_flags; |
6822 |
+ struct hlist_node mcast_want_all_unsnoopables_node; |
6823 |
+ struct hlist_node mcast_want_all_ipv4_node; |
6824 |
+ struct hlist_node mcast_want_all_ipv6_node; |
6825 |
+ #endif |
6826 |
+- uint8_t capabilities; |
6827 |
+- uint8_t capa_initialized; |
6828 |
++ unsigned long capabilities; |
6829 |
++ unsigned long capa_initialized; |
6830 |
+ atomic_t last_ttvn; |
6831 |
+ unsigned char *tt_buff; |
6832 |
+ int16_t tt_buff_len; |
6833 |
+@@ -296,10 +299,10 @@ struct batadv_orig_node { |
6834 |
+ * (= orig node announces a tvlv of type BATADV_TVLV_MCAST) |
6835 |
+ */ |
6836 |
+ enum batadv_orig_capabilities { |
6837 |
+- BATADV_ORIG_CAPA_HAS_DAT = BIT(0), |
6838 |
+- BATADV_ORIG_CAPA_HAS_NC = BIT(1), |
6839 |
+- BATADV_ORIG_CAPA_HAS_TT = BIT(2), |
6840 |
+- BATADV_ORIG_CAPA_HAS_MCAST = BIT(3), |
6841 |
++ BATADV_ORIG_CAPA_HAS_DAT, |
6842 |
++ BATADV_ORIG_CAPA_HAS_NC, |
6843 |
++ BATADV_ORIG_CAPA_HAS_TT, |
6844 |
++ BATADV_ORIG_CAPA_HAS_MCAST, |
6845 |
+ }; |
6846 |
+ |
6847 |
+ /** |
6848 |
+diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c |
6849 |
+index 7b815bcc8c9b..69ad5091e2ce 100644 |
6850 |
+--- a/net/bluetooth/smp.c |
6851 |
++++ b/net/bluetooth/smp.c |
6852 |
+@@ -2294,12 +2294,6 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) |
6853 |
+ if (!conn) |
6854 |
+ return 1; |
6855 |
+ |
6856 |
+- chan = conn->smp; |
6857 |
+- if (!chan) { |
6858 |
+- BT_ERR("SMP security requested but not available"); |
6859 |
+- return 1; |
6860 |
+- } |
6861 |
+- |
6862 |
+ if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED)) |
6863 |
+ return 1; |
6864 |
+ |
6865 |
+@@ -2313,6 +2307,12 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) |
6866 |
+ if (smp_ltk_encrypt(conn, hcon->pending_sec_level)) |
6867 |
+ return 0; |
6868 |
+ |
6869 |
++ chan = conn->smp; |
6870 |
++ if (!chan) { |
6871 |
++ BT_ERR("SMP security requested but not available"); |
6872 |
++ return 1; |
6873 |
++ } |
6874 |
++ |
6875 |
+ l2cap_chan_lock(chan); |
6876 |
+ |
6877 |
+ /* If SMP is already in progress ignore this request */ |
6878 |
+diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c |
6879 |
+index b27fc401c6a9..e664706b350c 100644 |
6880 |
+--- a/net/ipv4/inet_connection_sock.c |
6881 |
++++ b/net/ipv4/inet_connection_sock.c |
6882 |
+@@ -584,7 +584,7 @@ static bool reqsk_queue_unlink(struct request_sock_queue *queue, |
6883 |
+ } |
6884 |
+ |
6885 |
+ spin_unlock(&queue->syn_wait_lock); |
6886 |
+- if (del_timer_sync(&req->rsk_timer)) |
6887 |
++ if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer)) |
6888 |
+ reqsk_put(req); |
6889 |
+ return found; |
6890 |
+ } |
6891 |
+diff --git a/net/netfilter/core.c b/net/netfilter/core.c |
6892 |
+index e6163017c42d..5d0c6fd59475 100644 |
6893 |
+--- a/net/netfilter/core.c |
6894 |
++++ b/net/netfilter/core.c |
6895 |
+@@ -89,6 +89,7 @@ void nf_unregister_hook(struct nf_hook_ops *reg) |
6896 |
+ static_key_slow_dec(&nf_hooks_needed[reg->pf][reg->hooknum]); |
6897 |
+ #endif |
6898 |
+ synchronize_net(); |
6899 |
++ nf_queue_nf_hook_drop(reg); |
6900 |
+ } |
6901 |
+ EXPORT_SYMBOL(nf_unregister_hook); |
6902 |
+ |
6903 |
+diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c |
6904 |
+index 5d2b806a862e..38fbc194b9cb 100644 |
6905 |
+--- a/net/netfilter/ipvs/ip_vs_core.c |
6906 |
++++ b/net/netfilter/ipvs/ip_vs_core.c |
6907 |
+@@ -319,7 +319,13 @@ ip_vs_sched_persist(struct ip_vs_service *svc, |
6908 |
+ * return *ignored=0 i.e. ICMP and NF_DROP |
6909 |
+ */ |
6910 |
+ sched = rcu_dereference(svc->scheduler); |
6911 |
+- dest = sched->schedule(svc, skb, iph); |
6912 |
++ if (sched) { |
6913 |
++ /* read svc->sched_data after svc->scheduler */ |
6914 |
++ smp_rmb(); |
6915 |
++ dest = sched->schedule(svc, skb, iph); |
6916 |
++ } else { |
6917 |
++ dest = NULL; |
6918 |
++ } |
6919 |
+ if (!dest) { |
6920 |
+ IP_VS_DBG(1, "p-schedule: no dest found.\n"); |
6921 |
+ kfree(param.pe_data); |
6922 |
+@@ -467,7 +473,13 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb, |
6923 |
+ } |
6924 |
+ |
6925 |
+ sched = rcu_dereference(svc->scheduler); |
6926 |
+- dest = sched->schedule(svc, skb, iph); |
6927 |
++ if (sched) { |
6928 |
++ /* read svc->sched_data after svc->scheduler */ |
6929 |
++ smp_rmb(); |
6930 |
++ dest = sched->schedule(svc, skb, iph); |
6931 |
++ } else { |
6932 |
++ dest = NULL; |
6933 |
++ } |
6934 |
+ if (dest == NULL) { |
6935 |
+ IP_VS_DBG(1, "Schedule: no dest found.\n"); |
6936 |
+ return NULL; |
6937 |
+diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c |
6938 |
+index 285eae3a1454..24c554201a76 100644 |
6939 |
+--- a/net/netfilter/ipvs/ip_vs_ctl.c |
6940 |
++++ b/net/netfilter/ipvs/ip_vs_ctl.c |
6941 |
+@@ -842,15 +842,16 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, |
6942 |
+ __ip_vs_dst_cache_reset(dest); |
6943 |
+ spin_unlock_bh(&dest->dst_lock); |
6944 |
+ |
6945 |
+- sched = rcu_dereference_protected(svc->scheduler, 1); |
6946 |
+ if (add) { |
6947 |
+ ip_vs_start_estimator(svc->net, &dest->stats); |
6948 |
+ list_add_rcu(&dest->n_list, &svc->destinations); |
6949 |
+ svc->num_dests++; |
6950 |
+- if (sched->add_dest) |
6951 |
++ sched = rcu_dereference_protected(svc->scheduler, 1); |
6952 |
++ if (sched && sched->add_dest) |
6953 |
+ sched->add_dest(svc, dest); |
6954 |
+ } else { |
6955 |
+- if (sched->upd_dest) |
6956 |
++ sched = rcu_dereference_protected(svc->scheduler, 1); |
6957 |
++ if (sched && sched->upd_dest) |
6958 |
+ sched->upd_dest(svc, dest); |
6959 |
+ } |
6960 |
+ } |
6961 |
+@@ -1084,7 +1085,7 @@ static void __ip_vs_unlink_dest(struct ip_vs_service *svc, |
6962 |
+ struct ip_vs_scheduler *sched; |
6963 |
+ |
6964 |
+ sched = rcu_dereference_protected(svc->scheduler, 1); |
6965 |
+- if (sched->del_dest) |
6966 |
++ if (sched && sched->del_dest) |
6967 |
+ sched->del_dest(svc, dest); |
6968 |
+ } |
6969 |
+ } |
6970 |
+@@ -1175,11 +1176,14 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u, |
6971 |
+ ip_vs_use_count_inc(); |
6972 |
+ |
6973 |
+ /* Lookup the scheduler by 'u->sched_name' */ |
6974 |
+- sched = ip_vs_scheduler_get(u->sched_name); |
6975 |
+- if (sched == NULL) { |
6976 |
+- pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name); |
6977 |
+- ret = -ENOENT; |
6978 |
+- goto out_err; |
6979 |
++ if (strcmp(u->sched_name, "none")) { |
6980 |
++ sched = ip_vs_scheduler_get(u->sched_name); |
6981 |
++ if (!sched) { |
6982 |
++ pr_info("Scheduler module ip_vs_%s not found\n", |
6983 |
++ u->sched_name); |
6984 |
++ ret = -ENOENT; |
6985 |
++ goto out_err; |
6986 |
++ } |
6987 |
+ } |
6988 |
+ |
6989 |
+ if (u->pe_name && *u->pe_name) { |
6990 |
+@@ -1240,10 +1244,12 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u, |
6991 |
+ spin_lock_init(&svc->stats.lock); |
6992 |
+ |
6993 |
+ /* Bind the scheduler */ |
6994 |
+- ret = ip_vs_bind_scheduler(svc, sched); |
6995 |
+- if (ret) |
6996 |
+- goto out_err; |
6997 |
+- sched = NULL; |
6998 |
++ if (sched) { |
6999 |
++ ret = ip_vs_bind_scheduler(svc, sched); |
7000 |
++ if (ret) |
7001 |
++ goto out_err; |
7002 |
++ sched = NULL; |
7003 |
++ } |
7004 |
+ |
7005 |
+ /* Bind the ct retriever */ |
7006 |
+ RCU_INIT_POINTER(svc->pe, pe); |
7007 |
+@@ -1291,17 +1297,20 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u, |
7008 |
+ static int |
7009 |
+ ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u) |
7010 |
+ { |
7011 |
+- struct ip_vs_scheduler *sched, *old_sched; |
7012 |
++ struct ip_vs_scheduler *sched = NULL, *old_sched; |
7013 |
+ struct ip_vs_pe *pe = NULL, *old_pe = NULL; |
7014 |
+ int ret = 0; |
7015 |
+ |
7016 |
+ /* |
7017 |
+ * Lookup the scheduler, by 'u->sched_name' |
7018 |
+ */ |
7019 |
+- sched = ip_vs_scheduler_get(u->sched_name); |
7020 |
+- if (sched == NULL) { |
7021 |
+- pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name); |
7022 |
+- return -ENOENT; |
7023 |
++ if (strcmp(u->sched_name, "none")) { |
7024 |
++ sched = ip_vs_scheduler_get(u->sched_name); |
7025 |
++ if (!sched) { |
7026 |
++ pr_info("Scheduler module ip_vs_%s not found\n", |
7027 |
++ u->sched_name); |
7028 |
++ return -ENOENT; |
7029 |
++ } |
7030 |
+ } |
7031 |
+ old_sched = sched; |
7032 |
+ |
7033 |
+@@ -1329,14 +1338,20 @@ ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u) |
7034 |
+ |
7035 |
+ old_sched = rcu_dereference_protected(svc->scheduler, 1); |
7036 |
+ if (sched != old_sched) { |
7037 |
++ if (old_sched) { |
7038 |
++ ip_vs_unbind_scheduler(svc, old_sched); |
7039 |
++ RCU_INIT_POINTER(svc->scheduler, NULL); |
7040 |
++ /* Wait all svc->sched_data users */ |
7041 |
++ synchronize_rcu(); |
7042 |
++ } |
7043 |
+ /* Bind the new scheduler */ |
7044 |
+- ret = ip_vs_bind_scheduler(svc, sched); |
7045 |
+- if (ret) { |
7046 |
+- old_sched = sched; |
7047 |
+- goto out; |
7048 |
++ if (sched) { |
7049 |
++ ret = ip_vs_bind_scheduler(svc, sched); |
7050 |
++ if (ret) { |
7051 |
++ ip_vs_scheduler_put(sched); |
7052 |
++ goto out; |
7053 |
++ } |
7054 |
+ } |
7055 |
+- /* Unbind the old scheduler on success */ |
7056 |
+- ip_vs_unbind_scheduler(svc, old_sched); |
7057 |
+ } |
7058 |
+ |
7059 |
+ /* |
7060 |
+@@ -1982,6 +1997,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) |
7061 |
+ const struct ip_vs_iter *iter = seq->private; |
7062 |
+ const struct ip_vs_dest *dest; |
7063 |
+ struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler); |
7064 |
++ char *sched_name = sched ? sched->name : "none"; |
7065 |
+ |
7066 |
+ if (iter->table == ip_vs_svc_table) { |
7067 |
+ #ifdef CONFIG_IP_VS_IPV6 |
7068 |
+@@ -1990,18 +2006,18 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) |
7069 |
+ ip_vs_proto_name(svc->protocol), |
7070 |
+ &svc->addr.in6, |
7071 |
+ ntohs(svc->port), |
7072 |
+- sched->name); |
7073 |
++ sched_name); |
7074 |
+ else |
7075 |
+ #endif |
7076 |
+ seq_printf(seq, "%s %08X:%04X %s %s ", |
7077 |
+ ip_vs_proto_name(svc->protocol), |
7078 |
+ ntohl(svc->addr.ip), |
7079 |
+ ntohs(svc->port), |
7080 |
+- sched->name, |
7081 |
++ sched_name, |
7082 |
+ (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":""); |
7083 |
+ } else { |
7084 |
+ seq_printf(seq, "FWM %08X %s %s", |
7085 |
+- svc->fwmark, sched->name, |
7086 |
++ svc->fwmark, sched_name, |
7087 |
+ (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":""); |
7088 |
+ } |
7089 |
+ |
7090 |
+@@ -2427,13 +2443,15 @@ ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src) |
7091 |
+ { |
7092 |
+ struct ip_vs_scheduler *sched; |
7093 |
+ struct ip_vs_kstats kstats; |
7094 |
++ char *sched_name; |
7095 |
+ |
7096 |
+ sched = rcu_dereference_protected(src->scheduler, 1); |
7097 |
++ sched_name = sched ? sched->name : "none"; |
7098 |
+ dst->protocol = src->protocol; |
7099 |
+ dst->addr = src->addr.ip; |
7100 |
+ dst->port = src->port; |
7101 |
+ dst->fwmark = src->fwmark; |
7102 |
+- strlcpy(dst->sched_name, sched->name, sizeof(dst->sched_name)); |
7103 |
++ strlcpy(dst->sched_name, sched_name, sizeof(dst->sched_name)); |
7104 |
+ dst->flags = src->flags; |
7105 |
+ dst->timeout = src->timeout / HZ; |
7106 |
+ dst->netmask = src->netmask; |
7107 |
+@@ -2892,6 +2910,7 @@ static int ip_vs_genl_fill_service(struct sk_buff *skb, |
7108 |
+ struct ip_vs_flags flags = { .flags = svc->flags, |
7109 |
+ .mask = ~0 }; |
7110 |
+ struct ip_vs_kstats kstats; |
7111 |
++ char *sched_name; |
7112 |
+ |
7113 |
+ nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE); |
7114 |
+ if (!nl_service) |
7115 |
+@@ -2910,8 +2929,9 @@ static int ip_vs_genl_fill_service(struct sk_buff *skb, |
7116 |
+ } |
7117 |
+ |
7118 |
+ sched = rcu_dereference_protected(svc->scheduler, 1); |
7119 |
++ sched_name = sched ? sched->name : "none"; |
7120 |
+ pe = rcu_dereference_protected(svc->pe, 1); |
7121 |
+- if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched->name) || |
7122 |
++ if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched_name) || |
7123 |
+ (pe && nla_put_string(skb, IPVS_SVC_ATTR_PE_NAME, pe->name)) || |
7124 |
+ nla_put(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags) || |
7125 |
+ nla_put_u32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ) || |
7126 |
+diff --git a/net/netfilter/ipvs/ip_vs_sched.c b/net/netfilter/ipvs/ip_vs_sched.c |
7127 |
+index 199760c71f39..7e8141647943 100644 |
7128 |
+--- a/net/netfilter/ipvs/ip_vs_sched.c |
7129 |
++++ b/net/netfilter/ipvs/ip_vs_sched.c |
7130 |
+@@ -74,7 +74,7 @@ void ip_vs_unbind_scheduler(struct ip_vs_service *svc, |
7131 |
+ |
7132 |
+ if (sched->done_service) |
7133 |
+ sched->done_service(svc); |
7134 |
+- /* svc->scheduler can not be set to NULL */ |
7135 |
++ /* svc->scheduler can be set to NULL only by caller */ |
7136 |
+ } |
7137 |
+ |
7138 |
+ |
7139 |
+@@ -147,21 +147,21 @@ void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler) |
7140 |
+ |
7141 |
+ void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg) |
7142 |
+ { |
7143 |
+- struct ip_vs_scheduler *sched; |
7144 |
++ struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler); |
7145 |
++ char *sched_name = sched ? sched->name : "none"; |
7146 |
+ |
7147 |
+- sched = rcu_dereference(svc->scheduler); |
7148 |
+ if (svc->fwmark) { |
7149 |
+ IP_VS_ERR_RL("%s: FWM %u 0x%08X - %s\n", |
7150 |
+- sched->name, svc->fwmark, svc->fwmark, msg); |
7151 |
++ sched_name, svc->fwmark, svc->fwmark, msg); |
7152 |
+ #ifdef CONFIG_IP_VS_IPV6 |
7153 |
+ } else if (svc->af == AF_INET6) { |
7154 |
+ IP_VS_ERR_RL("%s: %s [%pI6c]:%d - %s\n", |
7155 |
+- sched->name, ip_vs_proto_name(svc->protocol), |
7156 |
++ sched_name, ip_vs_proto_name(svc->protocol), |
7157 |
+ &svc->addr.in6, ntohs(svc->port), msg); |
7158 |
+ #endif |
7159 |
+ } else { |
7160 |
+ IP_VS_ERR_RL("%s: %s %pI4:%d - %s\n", |
7161 |
+- sched->name, ip_vs_proto_name(svc->protocol), |
7162 |
++ sched_name, ip_vs_proto_name(svc->protocol), |
7163 |
+ &svc->addr.ip, ntohs(svc->port), msg); |
7164 |
+ } |
7165 |
+ } |
7166 |
+diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c |
7167 |
+index 19b9cce6c210..150047c739fa 100644 |
7168 |
+--- a/net/netfilter/ipvs/ip_vs_sync.c |
7169 |
++++ b/net/netfilter/ipvs/ip_vs_sync.c |
7170 |
+@@ -612,7 +612,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, |
7171 |
+ pkts = atomic_add_return(1, &cp->in_pkts); |
7172 |
+ else |
7173 |
+ pkts = sysctl_sync_threshold(ipvs); |
7174 |
+- ip_vs_sync_conn(net, cp->control, pkts); |
7175 |
++ ip_vs_sync_conn(net, cp, pkts); |
7176 |
+ } |
7177 |
+ } |
7178 |
+ |
7179 |
+diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c |
7180 |
+index 19986ec5f21a..258f1e05250f 100644 |
7181 |
+--- a/net/netfilter/ipvs/ip_vs_xmit.c |
7182 |
++++ b/net/netfilter/ipvs/ip_vs_xmit.c |
7183 |
+@@ -130,7 +130,6 @@ static struct rtable *do_output_route4(struct net *net, __be32 daddr, |
7184 |
+ |
7185 |
+ memset(&fl4, 0, sizeof(fl4)); |
7186 |
+ fl4.daddr = daddr; |
7187 |
+- fl4.saddr = (rt_mode & IP_VS_RT_MODE_CONNECT) ? *saddr : 0; |
7188 |
+ fl4.flowi4_flags = (rt_mode & IP_VS_RT_MODE_KNOWN_NH) ? |
7189 |
+ FLOWI_FLAG_KNOWN_NH : 0; |
7190 |
+ |
7191 |
+@@ -519,10 +518,27 @@ static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb, |
7192 |
+ if (ret == NF_ACCEPT) { |
7193 |
+ nf_reset(skb); |
7194 |
+ skb_forward_csum(skb); |
7195 |
++ if (!skb->sk) |
7196 |
++ skb_sender_cpu_clear(skb); |
7197 |
+ } |
7198 |
+ return ret; |
7199 |
+ } |
7200 |
+ |
7201 |
++/* In the event of a remote destination, it's possible that we would have |
7202 |
++ * matches against an old socket (particularly a TIME-WAIT socket). This |
7203 |
++ * causes havoc down the line (ip_local_out et. al. expect regular sockets |
7204 |
++ * and invalid memory accesses will happen) so simply drop the association |
7205 |
++ * in this case. |
7206 |
++*/ |
7207 |
++static inline void ip_vs_drop_early_demux_sk(struct sk_buff *skb) |
7208 |
++{ |
7209 |
++ /* If dev is set, the packet came from the LOCAL_IN callback and |
7210 |
++ * not from a local TCP socket. |
7211 |
++ */ |
7212 |
++ if (skb->dev) |
7213 |
++ skb_orphan(skb); |
7214 |
++} |
7215 |
++ |
7216 |
+ /* return NF_STOLEN (sent) or NF_ACCEPT if local=1 (not sent) */ |
7217 |
+ static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb, |
7218 |
+ struct ip_vs_conn *cp, int local) |
7219 |
+@@ -534,12 +550,23 @@ static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb, |
7220 |
+ ip_vs_notrack(skb); |
7221 |
+ else |
7222 |
+ ip_vs_update_conntrack(skb, cp, 1); |
7223 |
++ |
7224 |
++ /* Remove the early_demux association unless it's bound for the |
7225 |
++ * exact same port and address on this host after translation. |
7226 |
++ */ |
7227 |
++ if (!local || cp->vport != cp->dport || |
7228 |
++ !ip_vs_addr_equal(cp->af, &cp->vaddr, &cp->daddr)) |
7229 |
++ ip_vs_drop_early_demux_sk(skb); |
7230 |
++ |
7231 |
+ if (!local) { |
7232 |
+ skb_forward_csum(skb); |
7233 |
++ if (!skb->sk) |
7234 |
++ skb_sender_cpu_clear(skb); |
7235 |
+ NF_HOOK(pf, NF_INET_LOCAL_OUT, NULL, skb, |
7236 |
+ NULL, skb_dst(skb)->dev, dst_output_sk); |
7237 |
+ } else |
7238 |
+ ret = NF_ACCEPT; |
7239 |
++ |
7240 |
+ return ret; |
7241 |
+ } |
7242 |
+ |
7243 |
+@@ -553,7 +580,10 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb, |
7244 |
+ if (likely(!(cp->flags & IP_VS_CONN_F_NFCT))) |
7245 |
+ ip_vs_notrack(skb); |
7246 |
+ if (!local) { |
7247 |
++ ip_vs_drop_early_demux_sk(skb); |
7248 |
+ skb_forward_csum(skb); |
7249 |
++ if (!skb->sk) |
7250 |
++ skb_sender_cpu_clear(skb); |
7251 |
+ NF_HOOK(pf, NF_INET_LOCAL_OUT, NULL, skb, |
7252 |
+ NULL, skb_dst(skb)->dev, dst_output_sk); |
7253 |
+ } else |
7254 |
+@@ -841,6 +871,8 @@ ip_vs_prepare_tunneled_skb(struct sk_buff *skb, int skb_af, |
7255 |
+ struct ipv6hdr *old_ipv6h = NULL; |
7256 |
+ #endif |
7257 |
+ |
7258 |
++ ip_vs_drop_early_demux_sk(skb); |
7259 |
++ |
7260 |
+ if (skb_headroom(skb) < max_headroom || skb_cloned(skb)) { |
7261 |
+ new_skb = skb_realloc_headroom(skb, max_headroom); |
7262 |
+ if (!new_skb) |
7263 |
+diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c |
7264 |
+index 7a17070c5dab..b45a4223cb05 100644 |
7265 |
+--- a/net/netfilter/nf_conntrack_expect.c |
7266 |
++++ b/net/netfilter/nf_conntrack_expect.c |
7267 |
+@@ -219,7 +219,8 @@ static inline int expect_clash(const struct nf_conntrack_expect *a, |
7268 |
+ a->mask.src.u3.all[count] & b->mask.src.u3.all[count]; |
7269 |
+ } |
7270 |
+ |
7271 |
+- return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask); |
7272 |
++ return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask) && |
7273 |
++ nf_ct_zone(a->master) == nf_ct_zone(b->master); |
7274 |
+ } |
7275 |
+ |
7276 |
+ static inline int expect_matches(const struct nf_conntrack_expect *a, |
7277 |
+diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c |
7278 |
+index d1c23940a86a..6b8b0abbfab4 100644 |
7279 |
+--- a/net/netfilter/nf_conntrack_netlink.c |
7280 |
++++ b/net/netfilter/nf_conntrack_netlink.c |
7281 |
+@@ -2995,11 +2995,6 @@ ctnetlink_create_expect(struct net *net, u16 zone, |
7282 |
+ } |
7283 |
+ |
7284 |
+ err = nf_ct_expect_related_report(exp, portid, report); |
7285 |
+- if (err < 0) |
7286 |
+- goto err_exp; |
7287 |
+- |
7288 |
+- return 0; |
7289 |
+-err_exp: |
7290 |
+ nf_ct_expect_put(exp); |
7291 |
+ err_ct: |
7292 |
+ nf_ct_put(ct); |
7293 |
+diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h |
7294 |
+index ea7f36784b3d..399210693c2a 100644 |
7295 |
+--- a/net/netfilter/nf_internals.h |
7296 |
++++ b/net/netfilter/nf_internals.h |
7297 |
+@@ -19,6 +19,7 @@ unsigned int nf_iterate(struct list_head *head, struct sk_buff *skb, |
7298 |
+ /* nf_queue.c */ |
7299 |
+ int nf_queue(struct sk_buff *skb, struct nf_hook_ops *elem, |
7300 |
+ struct nf_hook_state *state, unsigned int queuenum); |
7301 |
++void nf_queue_nf_hook_drop(struct nf_hook_ops *ops); |
7302 |
+ int __init netfilter_queue_init(void); |
7303 |
+ |
7304 |
+ /* nf_log.c */ |
7305 |
+diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c |
7306 |
+index 675d12c69e32..a5d41dfa9f05 100644 |
7307 |
+--- a/net/netfilter/nf_log.c |
7308 |
++++ b/net/netfilter/nf_log.c |
7309 |
+@@ -107,12 +107,17 @@ EXPORT_SYMBOL(nf_log_register); |
7310 |
+ |
7311 |
+ void nf_log_unregister(struct nf_logger *logger) |
7312 |
+ { |
7313 |
++ const struct nf_logger *log; |
7314 |
+ int i; |
7315 |
+ |
7316 |
+ mutex_lock(&nf_log_mutex); |
7317 |
+- for (i = 0; i < NFPROTO_NUMPROTO; i++) |
7318 |
+- RCU_INIT_POINTER(loggers[i][logger->type], NULL); |
7319 |
++ for (i = 0; i < NFPROTO_NUMPROTO; i++) { |
7320 |
++ log = nft_log_dereference(loggers[i][logger->type]); |
7321 |
++ if (log == logger) |
7322 |
++ RCU_INIT_POINTER(loggers[i][logger->type], NULL); |
7323 |
++ } |
7324 |
+ mutex_unlock(&nf_log_mutex); |
7325 |
++ synchronize_rcu(); |
7326 |
+ } |
7327 |
+ EXPORT_SYMBOL(nf_log_unregister); |
7328 |
+ |
7329 |
+diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c |
7330 |
+index 2e88032cd5ad..cd60d397fe05 100644 |
7331 |
+--- a/net/netfilter/nf_queue.c |
7332 |
++++ b/net/netfilter/nf_queue.c |
7333 |
+@@ -105,6 +105,23 @@ bool nf_queue_entry_get_refs(struct nf_queue_entry *entry) |
7334 |
+ } |
7335 |
+ EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); |
7336 |
+ |
7337 |
++void nf_queue_nf_hook_drop(struct nf_hook_ops *ops) |
7338 |
++{ |
7339 |
++ const struct nf_queue_handler *qh; |
7340 |
++ struct net *net; |
7341 |
++ |
7342 |
++ rtnl_lock(); |
7343 |
++ rcu_read_lock(); |
7344 |
++ qh = rcu_dereference(queue_handler); |
7345 |
++ if (qh) { |
7346 |
++ for_each_net(net) { |
7347 |
++ qh->nf_hook_drop(net, ops); |
7348 |
++ } |
7349 |
++ } |
7350 |
++ rcu_read_unlock(); |
7351 |
++ rtnl_unlock(); |
7352 |
++} |
7353 |
++ |
7354 |
+ /* |
7355 |
+ * Any packet that leaves via this function must come back |
7356 |
+ * through nf_reinject(). |
7357 |
+diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c |
7358 |
+index f153b07073af..f77bad46ac68 100644 |
7359 |
+--- a/net/netfilter/nf_tables_core.c |
7360 |
++++ b/net/netfilter/nf_tables_core.c |
7361 |
+@@ -114,7 +114,8 @@ unsigned int |
7362 |
+ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) |
7363 |
+ { |
7364 |
+ const struct nft_chain *chain = ops->priv, *basechain = chain; |
7365 |
+- const struct net *net = read_pnet(&nft_base_chain(basechain)->pnet); |
7366 |
++ const struct net *chain_net = read_pnet(&nft_base_chain(basechain)->pnet); |
7367 |
++ const struct net *net = dev_net(pkt->in ? pkt->in : pkt->out); |
7368 |
+ const struct nft_rule *rule; |
7369 |
+ const struct nft_expr *expr, *last; |
7370 |
+ struct nft_regs regs; |
7371 |
+@@ -124,6 +125,10 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) |
7372 |
+ int rulenum; |
7373 |
+ unsigned int gencursor = nft_genmask_cur(net); |
7374 |
+ |
7375 |
++ /* Ignore chains that are not for the current network namespace */ |
7376 |
++ if (!net_eq(net, chain_net)) |
7377 |
++ return NF_ACCEPT; |
7378 |
++ |
7379 |
+ do_chain: |
7380 |
+ rulenum = 0; |
7381 |
+ rule = list_entry(&chain->rules, struct nft_rule, list); |
7382 |
+diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c |
7383 |
+index 8b117c90ecd7..69e3ceffa14d 100644 |
7384 |
+--- a/net/netfilter/nfnetlink.c |
7385 |
++++ b/net/netfilter/nfnetlink.c |
7386 |
+@@ -432,6 +432,7 @@ done: |
7387 |
+ static void nfnetlink_rcv(struct sk_buff *skb) |
7388 |
+ { |
7389 |
+ struct nlmsghdr *nlh = nlmsg_hdr(skb); |
7390 |
++ u_int16_t res_id; |
7391 |
+ int msglen; |
7392 |
+ |
7393 |
+ if (nlh->nlmsg_len < NLMSG_HDRLEN || |
7394 |
+@@ -456,7 +457,12 @@ static void nfnetlink_rcv(struct sk_buff *skb) |
7395 |
+ |
7396 |
+ nfgenmsg = nlmsg_data(nlh); |
7397 |
+ skb_pull(skb, msglen); |
7398 |
+- nfnetlink_rcv_batch(skb, nlh, nfgenmsg->res_id); |
7399 |
++ /* Work around old nft using host byte order */ |
7400 |
++ if (nfgenmsg->res_id == NFNL_SUBSYS_NFTABLES) |
7401 |
++ res_id = NFNL_SUBSYS_NFTABLES; |
7402 |
++ else |
7403 |
++ res_id = ntohs(nfgenmsg->res_id); |
7404 |
++ nfnetlink_rcv_batch(skb, nlh, res_id); |
7405 |
+ } else { |
7406 |
+ netlink_rcv_skb(skb, &nfnetlink_rcv_msg); |
7407 |
+ } |
7408 |
+diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c |
7409 |
+index 11c7682fa0ea..32d0437abdd8 100644 |
7410 |
+--- a/net/netfilter/nfnetlink_queue_core.c |
7411 |
++++ b/net/netfilter/nfnetlink_queue_core.c |
7412 |
+@@ -824,6 +824,27 @@ static struct notifier_block nfqnl_dev_notifier = { |
7413 |
+ .notifier_call = nfqnl_rcv_dev_event, |
7414 |
+ }; |
7415 |
+ |
7416 |
++static int nf_hook_cmp(struct nf_queue_entry *entry, unsigned long ops_ptr) |
7417 |
++{ |
7418 |
++ return entry->elem == (struct nf_hook_ops *)ops_ptr; |
7419 |
++} |
7420 |
++ |
7421 |
++static void nfqnl_nf_hook_drop(struct net *net, struct nf_hook_ops *hook) |
7422 |
++{ |
7423 |
++ struct nfnl_queue_net *q = nfnl_queue_pernet(net); |
7424 |
++ int i; |
7425 |
++ |
7426 |
++ rcu_read_lock(); |
7427 |
++ for (i = 0; i < INSTANCE_BUCKETS; i++) { |
7428 |
++ struct nfqnl_instance *inst; |
7429 |
++ struct hlist_head *head = &q->instance_table[i]; |
7430 |
++ |
7431 |
++ hlist_for_each_entry_rcu(inst, head, hlist) |
7432 |
++ nfqnl_flush(inst, nf_hook_cmp, (unsigned long)hook); |
7433 |
++ } |
7434 |
++ rcu_read_unlock(); |
7435 |
++} |
7436 |
++ |
7437 |
+ static int |
7438 |
+ nfqnl_rcv_nl_event(struct notifier_block *this, |
7439 |
+ unsigned long event, void *ptr) |
7440 |
+@@ -1031,7 +1052,8 @@ static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = { |
7441 |
+ }; |
7442 |
+ |
7443 |
+ static const struct nf_queue_handler nfqh = { |
7444 |
+- .outfn = &nfqnl_enqueue_packet, |
7445 |
++ .outfn = &nfqnl_enqueue_packet, |
7446 |
++ .nf_hook_drop = &nfqnl_nf_hook_drop, |
7447 |
+ }; |
7448 |
+ |
7449 |
+ static int |
7450 |
+diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c |
7451 |
+index 7f29cfc76349..4d05c7bf5a03 100644 |
7452 |
+--- a/net/netfilter/nft_compat.c |
7453 |
++++ b/net/netfilter/nft_compat.c |
7454 |
+@@ -617,6 +617,13 @@ struct nft_xt { |
7455 |
+ |
7456 |
+ static struct nft_expr_type nft_match_type; |
7457 |
+ |
7458 |
++static bool nft_match_cmp(const struct xt_match *match, |
7459 |
++ const char *name, u32 rev, u32 family) |
7460 |
++{ |
7461 |
++ return strcmp(match->name, name) == 0 && match->revision == rev && |
7462 |
++ (match->family == NFPROTO_UNSPEC || match->family == family); |
7463 |
++} |
7464 |
++ |
7465 |
+ static const struct nft_expr_ops * |
7466 |
+ nft_match_select_ops(const struct nft_ctx *ctx, |
7467 |
+ const struct nlattr * const tb[]) |
7468 |
+@@ -624,7 +631,7 @@ nft_match_select_ops(const struct nft_ctx *ctx, |
7469 |
+ struct nft_xt *nft_match; |
7470 |
+ struct xt_match *match; |
7471 |
+ char *mt_name; |
7472 |
+- __u32 rev, family; |
7473 |
++ u32 rev, family; |
7474 |
+ |
7475 |
+ if (tb[NFTA_MATCH_NAME] == NULL || |
7476 |
+ tb[NFTA_MATCH_REV] == NULL || |
7477 |
+@@ -639,8 +646,7 @@ nft_match_select_ops(const struct nft_ctx *ctx, |
7478 |
+ list_for_each_entry(nft_match, &nft_match_list, head) { |
7479 |
+ struct xt_match *match = nft_match->ops.data; |
7480 |
+ |
7481 |
+- if (strcmp(match->name, mt_name) == 0 && |
7482 |
+- match->revision == rev && match->family == family) { |
7483 |
++ if (nft_match_cmp(match, mt_name, rev, family)) { |
7484 |
+ if (!try_module_get(match->me)) |
7485 |
+ return ERR_PTR(-ENOENT); |
7486 |
+ |
7487 |
+@@ -691,6 +697,13 @@ static LIST_HEAD(nft_target_list); |
7488 |
+ |
7489 |
+ static struct nft_expr_type nft_target_type; |
7490 |
+ |
7491 |
++static bool nft_target_cmp(const struct xt_target *tg, |
7492 |
++ const char *name, u32 rev, u32 family) |
7493 |
++{ |
7494 |
++ return strcmp(tg->name, name) == 0 && tg->revision == rev && |
7495 |
++ (tg->family == NFPROTO_UNSPEC || tg->family == family); |
7496 |
++} |
7497 |
++ |
7498 |
+ static const struct nft_expr_ops * |
7499 |
+ nft_target_select_ops(const struct nft_ctx *ctx, |
7500 |
+ const struct nlattr * const tb[]) |
7501 |
+@@ -698,7 +711,7 @@ nft_target_select_ops(const struct nft_ctx *ctx, |
7502 |
+ struct nft_xt *nft_target; |
7503 |
+ struct xt_target *target; |
7504 |
+ char *tg_name; |
7505 |
+- __u32 rev, family; |
7506 |
++ u32 rev, family; |
7507 |
+ |
7508 |
+ if (tb[NFTA_TARGET_NAME] == NULL || |
7509 |
+ tb[NFTA_TARGET_REV] == NULL || |
7510 |
+@@ -713,8 +726,7 @@ nft_target_select_ops(const struct nft_ctx *ctx, |
7511 |
+ list_for_each_entry(nft_target, &nft_target_list, head) { |
7512 |
+ struct xt_target *target = nft_target->ops.data; |
7513 |
+ |
7514 |
+- if (strcmp(target->name, tg_name) == 0 && |
7515 |
+- target->revision == rev && target->family == family) { |
7516 |
++ if (nft_target_cmp(target, tg_name, rev, family)) { |
7517 |
+ if (!try_module_get(target->me)) |
7518 |
+ return ERR_PTR(-ENOENT); |
7519 |
+ |
7520 |
+diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c |
7521 |
+index 7de33d1af9b6..7fa6d78331ed 100644 |
7522 |
+--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c |
7523 |
++++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c |
7524 |
+@@ -382,6 +382,7 @@ static int send_reply(struct svcxprt_rdma *rdma, |
7525 |
+ int byte_count) |
7526 |
+ { |
7527 |
+ struct ib_send_wr send_wr; |
7528 |
++ u32 xdr_off; |
7529 |
+ int sge_no; |
7530 |
+ int sge_bytes; |
7531 |
+ int page_no; |
7532 |
+@@ -416,8 +417,8 @@ static int send_reply(struct svcxprt_rdma *rdma, |
7533 |
+ ctxt->direction = DMA_TO_DEVICE; |
7534 |
+ |
7535 |
+ /* Map the payload indicated by 'byte_count' */ |
7536 |
++ xdr_off = 0; |
7537 |
+ for (sge_no = 1; byte_count && sge_no < vec->count; sge_no++) { |
7538 |
+- int xdr_off = 0; |
7539 |
+ sge_bytes = min_t(size_t, vec->sge[sge_no].iov_len, byte_count); |
7540 |
+ byte_count -= sge_bytes; |
7541 |
+ ctxt->sge[sge_no].addr = |
7542 |
+@@ -455,6 +456,13 @@ static int send_reply(struct svcxprt_rdma *rdma, |
7543 |
+ } |
7544 |
+ rqstp->rq_next_page = rqstp->rq_respages + 1; |
7545 |
+ |
7546 |
++ /* The loop above bumps sc_dma_used for each sge. The |
7547 |
++ * xdr_buf.tail gets a separate sge, but resides in the |
7548 |
++ * same page as xdr_buf.head. Don't count it twice. |
7549 |
++ */ |
7550 |
++ if (sge_no > ctxt->count) |
7551 |
++ atomic_dec(&rdma->sc_dma_used); |
7552 |
++ |
7553 |
+ if (sge_no > rdma->sc_max_sge) { |
7554 |
+ pr_err("svcrdma: Too many sges (%d)\n", sge_no); |
7555 |
+ goto err; |
7556 |
+diff --git a/sound/arm/Kconfig b/sound/arm/Kconfig |
7557 |
+index 885683a3b0bd..e0406211716b 100644 |
7558 |
+--- a/sound/arm/Kconfig |
7559 |
++++ b/sound/arm/Kconfig |
7560 |
+@@ -9,6 +9,14 @@ menuconfig SND_ARM |
7561 |
+ Drivers that are implemented on ASoC can be found in |
7562 |
+ "ALSA for SoC audio support" section. |
7563 |
+ |
7564 |
++config SND_PXA2XX_LIB |
7565 |
++ tristate |
7566 |
++ select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97 |
7567 |
++ select SND_DMAENGINE_PCM |
7568 |
++ |
7569 |
++config SND_PXA2XX_LIB_AC97 |
7570 |
++ bool |
7571 |
++ |
7572 |
+ if SND_ARM |
7573 |
+ |
7574 |
+ config SND_ARMAACI |
7575 |
+@@ -21,13 +29,6 @@ config SND_PXA2XX_PCM |
7576 |
+ tristate |
7577 |
+ select SND_PCM |
7578 |
+ |
7579 |
+-config SND_PXA2XX_LIB |
7580 |
+- tristate |
7581 |
+- select SND_AC97_CODEC if SND_PXA2XX_LIB_AC97 |
7582 |
+- |
7583 |
+-config SND_PXA2XX_LIB_AC97 |
7584 |
+- bool |
7585 |
+- |
7586 |
+ config SND_PXA2XX_AC97 |
7587 |
+ tristate "AC97 driver for the Intel PXA2xx chip" |
7588 |
+ depends on ARCH_PXA |
7589 |
+diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c |
7590 |
+index 3a24f7739aaa..b791529bf31c 100644 |
7591 |
+--- a/sound/pci/hda/patch_cirrus.c |
7592 |
++++ b/sound/pci/hda/patch_cirrus.c |
7593 |
+@@ -634,6 +634,7 @@ static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = { |
7594 |
+ SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11), |
7595 |
+ SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6), |
7596 |
+ SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6), |
7597 |
++ SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11), |
7598 |
+ {} /* terminator */ |
7599 |
+ }; |
7600 |
+ |
7601 |
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
7602 |
+index 6fe862594e9b..57bb5a559f8e 100644 |
7603 |
+--- a/sound/pci/hda/patch_realtek.c |
7604 |
++++ b/sound/pci/hda/patch_realtek.c |
7605 |
+@@ -4182,6 +4182,24 @@ static void alc_fixup_disable_aamix(struct hda_codec *codec, |
7606 |
+ } |
7607 |
+ } |
7608 |
+ |
7609 |
++/* fixup for Thinkpad docks: add dock pins, avoid HP parser fixup */ |
7610 |
++static void alc_fixup_tpt440_dock(struct hda_codec *codec, |
7611 |
++ const struct hda_fixup *fix, int action) |
7612 |
++{ |
7613 |
++ static const struct hda_pintbl pincfgs[] = { |
7614 |
++ { 0x16, 0x21211010 }, /* dock headphone */ |
7615 |
++ { 0x19, 0x21a11010 }, /* dock mic */ |
7616 |
++ { } |
7617 |
++ }; |
7618 |
++ struct alc_spec *spec = codec->spec; |
7619 |
++ |
7620 |
++ if (action == HDA_FIXUP_ACT_PRE_PROBE) { |
7621 |
++ spec->parse_flags = HDA_PINCFG_NO_HP_FIXUP; |
7622 |
++ codec->power_save_node = 0; /* avoid click noises */ |
7623 |
++ snd_hda_apply_pincfgs(codec, pincfgs); |
7624 |
++ } |
7625 |
++} |
7626 |
++ |
7627 |
+ static void alc_shutup_dell_xps13(struct hda_codec *codec) |
7628 |
+ { |
7629 |
+ struct alc_spec *spec = codec->spec; |
7630 |
+@@ -4507,7 +4525,6 @@ enum { |
7631 |
+ ALC255_FIXUP_HEADSET_MODE_NO_HP_MIC, |
7632 |
+ ALC293_FIXUP_DELL1_MIC_NO_PRESENCE, |
7633 |
+ ALC292_FIXUP_TPT440_DOCK, |
7634 |
+- ALC292_FIXUP_TPT440_DOCK2, |
7635 |
+ ALC283_FIXUP_BXBT2807_MIC, |
7636 |
+ ALC255_FIXUP_DELL_WMI_MIC_MUTE_LED, |
7637 |
+ ALC282_FIXUP_ASPIRE_V5_PINS, |
7638 |
+@@ -4972,17 +4989,7 @@ static const struct hda_fixup alc269_fixups[] = { |
7639 |
+ }, |
7640 |
+ [ALC292_FIXUP_TPT440_DOCK] = { |
7641 |
+ .type = HDA_FIXUP_FUNC, |
7642 |
+- .v.func = alc269_fixup_pincfg_no_hp_to_lineout, |
7643 |
+- .chained = true, |
7644 |
+- .chain_id = ALC292_FIXUP_TPT440_DOCK2 |
7645 |
+- }, |
7646 |
+- [ALC292_FIXUP_TPT440_DOCK2] = { |
7647 |
+- .type = HDA_FIXUP_PINS, |
7648 |
+- .v.pins = (const struct hda_pintbl[]) { |
7649 |
+- { 0x16, 0x21211010 }, /* dock headphone */ |
7650 |
+- { 0x19, 0x21a11010 }, /* dock mic */ |
7651 |
+- { } |
7652 |
+- }, |
7653 |
++ .v.func = alc_fixup_tpt440_dock, |
7654 |
+ .chained = true, |
7655 |
+ .chain_id = ALC269_FIXUP_LIMIT_INT_MIC_BOOST |
7656 |
+ }, |
7657 |
+@@ -5226,6 +5233,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
7658 |
+ SND_PCI_QUIRK(0x17aa, 0x2212, "Thinkpad T440", ALC292_FIXUP_TPT440_DOCK), |
7659 |
+ SND_PCI_QUIRK(0x17aa, 0x2214, "Thinkpad X240", ALC292_FIXUP_TPT440_DOCK), |
7660 |
+ SND_PCI_QUIRK(0x17aa, 0x2215, "Thinkpad", ALC269_FIXUP_LIMIT_INT_MIC_BOOST), |
7661 |
++ SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK), |
7662 |
+ SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK), |
7663 |
+ SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), |
7664 |
+ SND_PCI_QUIRK(0x17aa, 0x3978, "IdeaPad Y410P", ALC269_FIXUP_NO_SHUTUP), |
7665 |
+diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c |
7666 |
+index 25f0f45e6640..b1bc66783974 100644 |
7667 |
+--- a/sound/pci/hda/patch_sigmatel.c |
7668 |
++++ b/sound/pci/hda/patch_sigmatel.c |
7669 |
+@@ -4522,7 +4522,11 @@ static int patch_stac92hd73xx(struct hda_codec *codec) |
7670 |
+ return err; |
7671 |
+ |
7672 |
+ spec = codec->spec; |
7673 |
+- codec->power_save_node = 1; |
7674 |
++ /* enable power_save_node only for new 92HD89xx chips, as it causes |
7675 |
++ * click noises on old 92HD73xx chips. |
7676 |
++ */ |
7677 |
++ if ((codec->core.vendor_id & 0xfffffff0) != 0x111d7670) |
7678 |
++ codec->power_save_node = 1; |
7679 |
+ spec->linear_tone_beep = 0; |
7680 |
+ spec->gen.mixer_nid = 0x1d; |
7681 |
+ spec->have_spdif_mux = 1; |
7682 |
+diff --git a/sound/soc/au1x/db1200.c b/sound/soc/au1x/db1200.c |
7683 |
+index c75995f2779c..b914a08258ea 100644 |
7684 |
+--- a/sound/soc/au1x/db1200.c |
7685 |
++++ b/sound/soc/au1x/db1200.c |
7686 |
+@@ -129,6 +129,8 @@ static struct snd_soc_dai_link db1300_i2s_dai = { |
7687 |
+ .cpu_dai_name = "au1xpsc_i2s.2", |
7688 |
+ .platform_name = "au1xpsc-pcm.2", |
7689 |
+ .codec_name = "wm8731.0-001b", |
7690 |
++ .dai_fmt = SND_SOC_DAIFMT_LEFT_J | SND_SOC_DAIFMT_NB_NF | |
7691 |
++ SND_SOC_DAIFMT_CBM_CFM, |
7692 |
+ .ops = &db1200_i2s_wm8731_ops, |
7693 |
+ }; |
7694 |
+ |
7695 |
+@@ -146,6 +148,8 @@ static struct snd_soc_dai_link db1550_i2s_dai = { |
7696 |
+ .cpu_dai_name = "au1xpsc_i2s.3", |
7697 |
+ .platform_name = "au1xpsc-pcm.3", |
7698 |
+ .codec_name = "wm8731.0-001b", |
7699 |
++ .dai_fmt = SND_SOC_DAIFMT_LEFT_J | SND_SOC_DAIFMT_NB_NF | |
7700 |
++ SND_SOC_DAIFMT_CBM_CFM, |
7701 |
+ .ops = &db1200_i2s_wm8731_ops, |
7702 |
+ }; |
7703 |
+ |
7704 |
+diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c |
7705 |
+index 3593a1496056..3a29c0ac5d8a 100644 |
7706 |
+--- a/sound/soc/codecs/sgtl5000.c |
7707 |
++++ b/sound/soc/codecs/sgtl5000.c |
7708 |
+@@ -1339,8 +1339,8 @@ static int sgtl5000_probe(struct snd_soc_codec *codec) |
7709 |
+ sgtl5000->micbias_resistor << SGTL5000_BIAS_R_SHIFT); |
7710 |
+ |
7711 |
+ snd_soc_update_bits(codec, SGTL5000_CHIP_MIC_CTRL, |
7712 |
+- SGTL5000_BIAS_R_MASK, |
7713 |
+- sgtl5000->micbias_voltage << SGTL5000_BIAS_R_SHIFT); |
7714 |
++ SGTL5000_BIAS_VOLT_MASK, |
7715 |
++ sgtl5000->micbias_voltage << SGTL5000_BIAS_VOLT_SHIFT); |
7716 |
+ /* |
7717 |
+ * disable DAP |
7718 |
+ * TODO: |
7719 |
+diff --git a/sound/soc/dwc/designware_i2s.c b/sound/soc/dwc/designware_i2s.c |
7720 |
+index a3e97b46b64e..0d28e3b356f6 100644 |
7721 |
+--- a/sound/soc/dwc/designware_i2s.c |
7722 |
++++ b/sound/soc/dwc/designware_i2s.c |
7723 |
+@@ -131,10 +131,10 @@ static inline void i2s_clear_irqs(struct dw_i2s_dev *dev, u32 stream) |
7724 |
+ |
7725 |
+ if (stream == SNDRV_PCM_STREAM_PLAYBACK) { |
7726 |
+ for (i = 0; i < 4; i++) |
7727 |
+- i2s_write_reg(dev->i2s_base, TOR(i), 0); |
7728 |
++ i2s_read_reg(dev->i2s_base, TOR(i)); |
7729 |
+ } else { |
7730 |
+ for (i = 0; i < 4; i++) |
7731 |
+- i2s_write_reg(dev->i2s_base, ROR(i), 0); |
7732 |
++ i2s_read_reg(dev->i2s_base, ROR(i)); |
7733 |
+ } |
7734 |
+ } |
7735 |
+ |
7736 |
+diff --git a/sound/soc/pxa/Kconfig b/sound/soc/pxa/Kconfig |
7737 |
+index 39cea80846c3..f2bf8661dd21 100644 |
7738 |
+--- a/sound/soc/pxa/Kconfig |
7739 |
++++ b/sound/soc/pxa/Kconfig |
7740 |
+@@ -1,7 +1,6 @@ |
7741 |
+ config SND_PXA2XX_SOC |
7742 |
+ tristate "SoC Audio for the Intel PXA2xx chip" |
7743 |
+ depends on ARCH_PXA |
7744 |
+- select SND_ARM |
7745 |
+ select SND_PXA2XX_LIB |
7746 |
+ help |
7747 |
+ Say Y or M if you want to add support for codecs attached to |
7748 |
+@@ -25,7 +24,6 @@ config SND_PXA2XX_AC97 |
7749 |
+ config SND_PXA2XX_SOC_AC97 |
7750 |
+ tristate |
7751 |
+ select AC97_BUS |
7752 |
+- select SND_ARM |
7753 |
+ select SND_PXA2XX_LIB_AC97 |
7754 |
+ select SND_SOC_AC97_BUS |
7755 |
+ |
7756 |
+diff --git a/sound/soc/pxa/pxa2xx-ac97.c b/sound/soc/pxa/pxa2xx-ac97.c |
7757 |
+index 1f6054650991..9e4b04e0fbd1 100644 |
7758 |
+--- a/sound/soc/pxa/pxa2xx-ac97.c |
7759 |
++++ b/sound/soc/pxa/pxa2xx-ac97.c |
7760 |
+@@ -49,7 +49,7 @@ static struct snd_ac97_bus_ops pxa2xx_ac97_ops = { |
7761 |
+ .reset = pxa2xx_ac97_cold_reset, |
7762 |
+ }; |
7763 |
+ |
7764 |
+-static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 12; |
7765 |
++static unsigned long pxa2xx_ac97_pcm_stereo_in_req = 11; |
7766 |
+ static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = { |
7767 |
+ .addr = __PREG(PCDR), |
7768 |
+ .addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES, |
7769 |
+@@ -57,7 +57,7 @@ static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_in = { |
7770 |
+ .filter_data = &pxa2xx_ac97_pcm_stereo_in_req, |
7771 |
+ }; |
7772 |
+ |
7773 |
+-static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 11; |
7774 |
++static unsigned long pxa2xx_ac97_pcm_stereo_out_req = 12; |
7775 |
+ static struct snd_dmaengine_dai_dma_data pxa2xx_ac97_pcm_stereo_out = { |
7776 |
+ .addr = __PREG(PCDR), |
7777 |
+ .addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES, |
7778 |
+diff --git a/sound/synth/emux/emux_oss.c b/sound/synth/emux/emux_oss.c |
7779 |
+index 82e350e9501c..ac75816ada7c 100644 |
7780 |
+--- a/sound/synth/emux/emux_oss.c |
7781 |
++++ b/sound/synth/emux/emux_oss.c |
7782 |
+@@ -69,7 +69,8 @@ snd_emux_init_seq_oss(struct snd_emux *emu) |
7783 |
+ struct snd_seq_oss_reg *arg; |
7784 |
+ struct snd_seq_device *dev; |
7785 |
+ |
7786 |
+- if (snd_seq_device_new(emu->card, 0, SNDRV_SEQ_DEV_ID_OSS, |
7787 |
++ /* using device#1 here for avoiding conflicts with OPL3 */ |
7788 |
++ if (snd_seq_device_new(emu->card, 1, SNDRV_SEQ_DEV_ID_OSS, |
7789 |
+ sizeof(struct snd_seq_oss_reg), &dev) < 0) |
7790 |
+ return; |
7791 |
+ |
7792 |
+diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c |
7793 |
+index 29f94f6f0d9e..ed5461f065bd 100644 |
7794 |
+--- a/tools/lib/traceevent/event-parse.c |
7795 |
++++ b/tools/lib/traceevent/event-parse.c |
7796 |
+@@ -3721,7 +3721,7 @@ static void print_str_arg(struct trace_seq *s, void *data, int size, |
7797 |
+ struct format_field *field; |
7798 |
+ struct printk_map *printk; |
7799 |
+ long long val, fval; |
7800 |
+- unsigned long addr; |
7801 |
++ unsigned long long addr; |
7802 |
+ char *str; |
7803 |
+ unsigned char *hex; |
7804 |
+ int print; |
7805 |
+@@ -3754,13 +3754,30 @@ static void print_str_arg(struct trace_seq *s, void *data, int size, |
7806 |
+ */ |
7807 |
+ if (!(field->flags & FIELD_IS_ARRAY) && |
7808 |
+ field->size == pevent->long_size) { |
7809 |
+- addr = *(unsigned long *)(data + field->offset); |
7810 |
++ |
7811 |
++ /* Handle heterogeneous recording and processing |
7812 |
++ * architectures |
7813 |
++ * |
7814 |
++ * CASE I: |
7815 |
++ * Traces recorded on 32-bit devices (32-bit |
7816 |
++ * addressing) and processed on 64-bit devices: |
7817 |
++ * In this case, only 32 bits should be read. |
7818 |
++ * |
7819 |
++ * CASE II: |
7820 |
++ * Traces recorded on 64 bit devices and processed |
7821 |
++ * on 32-bit devices: |
7822 |
++ * In this case, 64 bits must be read. |
7823 |
++ */ |
7824 |
++ addr = (pevent->long_size == 8) ? |
7825 |
++ *(unsigned long long *)(data + field->offset) : |
7826 |
++ (unsigned long long)*(unsigned int *)(data + field->offset); |
7827 |
++ |
7828 |
+ /* Check if it matches a print format */ |
7829 |
+ printk = find_printk(pevent, addr); |
7830 |
+ if (printk) |
7831 |
+ trace_seq_puts(s, printk->printk); |
7832 |
+ else |
7833 |
+- trace_seq_printf(s, "%lx", addr); |
7834 |
++ trace_seq_printf(s, "%llx", addr); |
7835 |
+ break; |
7836 |
+ } |
7837 |
+ str = malloc(len + 1); |
7838 |
+diff --git a/tools/perf/arch/alpha/Build b/tools/perf/arch/alpha/Build |
7839 |
+new file mode 100644 |
7840 |
+index 000000000000..1bb8bf6d7fd4 |
7841 |
+--- /dev/null |
7842 |
++++ b/tools/perf/arch/alpha/Build |
7843 |
+@@ -0,0 +1 @@ |
7844 |
++# empty |
7845 |
+diff --git a/tools/perf/arch/mips/Build b/tools/perf/arch/mips/Build |
7846 |
+new file mode 100644 |
7847 |
+index 000000000000..1bb8bf6d7fd4 |
7848 |
+--- /dev/null |
7849 |
++++ b/tools/perf/arch/mips/Build |
7850 |
+@@ -0,0 +1 @@ |
7851 |
++# empty |
7852 |
+diff --git a/tools/perf/arch/parisc/Build b/tools/perf/arch/parisc/Build |
7853 |
+new file mode 100644 |
7854 |
+index 000000000000..1bb8bf6d7fd4 |
7855 |
+--- /dev/null |
7856 |
++++ b/tools/perf/arch/parisc/Build |
7857 |
+@@ -0,0 +1 @@ |
7858 |
++# empty |
7859 |
+diff --git a/tools/perf/builtin-stat.c b/tools/perf/builtin-stat.c |
7860 |
+index f7b8218785f6..a1f3ffc2786d 100644 |
7861 |
+--- a/tools/perf/builtin-stat.c |
7862 |
++++ b/tools/perf/builtin-stat.c |
7863 |
+@@ -1227,7 +1227,7 @@ static void abs_printout(int id, int nr, struct perf_evsel *evsel, double avg) |
7864 |
+ static void print_aggr(char *prefix) |
7865 |
+ { |
7866 |
+ struct perf_evsel *counter; |
7867 |
+- int cpu, cpu2, s, s2, id, nr; |
7868 |
++ int cpu, s, s2, id, nr; |
7869 |
+ double uval; |
7870 |
+ u64 ena, run, val; |
7871 |
+ |
7872 |
+@@ -1240,8 +1240,7 @@ static void print_aggr(char *prefix) |
7873 |
+ val = ena = run = 0; |
7874 |
+ nr = 0; |
7875 |
+ for (cpu = 0; cpu < perf_evsel__nr_cpus(counter); cpu++) { |
7876 |
+- cpu2 = perf_evsel__cpus(counter)->map[cpu]; |
7877 |
+- s2 = aggr_get_id(evsel_list->cpus, cpu2); |
7878 |
++ s2 = aggr_get_id(perf_evsel__cpus(counter), cpu); |
7879 |
+ if (s2 != id) |
7880 |
+ continue; |
7881 |
+ val += counter->counts->cpu[cpu].val; |
7882 |
+diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c |
7883 |
+index 918fd8ae2d80..23eea5e7fa94 100644 |
7884 |
+--- a/tools/perf/util/header.c |
7885 |
++++ b/tools/perf/util/header.c |
7886 |
+@@ -1426,7 +1426,7 @@ static int process_nrcpus(struct perf_file_section *section __maybe_unused, |
7887 |
+ if (ph->needs_swap) |
7888 |
+ nr = bswap_32(nr); |
7889 |
+ |
7890 |
+- ph->env.nr_cpus_online = nr; |
7891 |
++ ph->env.nr_cpus_avail = nr; |
7892 |
+ |
7893 |
+ ret = readn(fd, &nr, sizeof(nr)); |
7894 |
+ if (ret != sizeof(nr)) |
7895 |
+@@ -1435,7 +1435,7 @@ static int process_nrcpus(struct perf_file_section *section __maybe_unused, |
7896 |
+ if (ph->needs_swap) |
7897 |
+ nr = bswap_32(nr); |
7898 |
+ |
7899 |
+- ph->env.nr_cpus_avail = nr; |
7900 |
++ ph->env.nr_cpus_online = nr; |
7901 |
+ return 0; |
7902 |
+ } |
7903 |
+ |
7904 |
+diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c |
7905 |
+index cc22b9158b93..c7966c0fa13e 100644 |
7906 |
+--- a/tools/perf/util/hist.c |
7907 |
++++ b/tools/perf/util/hist.c |
7908 |
+@@ -151,6 +151,9 @@ void hists__calc_col_len(struct hists *hists, struct hist_entry *h) |
7909 |
+ hists__new_col_len(hists, HISTC_LOCAL_WEIGHT, 12); |
7910 |
+ hists__new_col_len(hists, HISTC_GLOBAL_WEIGHT, 12); |
7911 |
+ |
7912 |
++ if (h->srcline) |
7913 |
++ hists__new_col_len(hists, HISTC_SRCLINE, strlen(h->srcline)); |
7914 |
++ |
7915 |
+ if (h->transaction) |
7916 |
+ hists__new_col_len(hists, HISTC_TRANSACTION, |
7917 |
+ hist_entry__transaction_len()); |
7918 |
+diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c |
7919 |
+index a7ab6063e038..3ddfab315e19 100644 |
7920 |
+--- a/tools/perf/util/symbol-elf.c |
7921 |
++++ b/tools/perf/util/symbol-elf.c |
7922 |
+@@ -1253,8 +1253,6 @@ out_close: |
7923 |
+ static int kcore__init(struct kcore *kcore, char *filename, int elfclass, |
7924 |
+ bool temp) |
7925 |
+ { |
7926 |
+- GElf_Ehdr *ehdr; |
7927 |
+- |
7928 |
+ kcore->elfclass = elfclass; |
7929 |
+ |
7930 |
+ if (temp) |
7931 |
+@@ -1271,9 +1269,7 @@ static int kcore__init(struct kcore *kcore, char *filename, int elfclass, |
7932 |
+ if (!gelf_newehdr(kcore->elf, elfclass)) |
7933 |
+ goto out_end; |
7934 |
+ |
7935 |
+- ehdr = gelf_getehdr(kcore->elf, &kcore->ehdr); |
7936 |
+- if (!ehdr) |
7937 |
+- goto out_end; |
7938 |
++ memset(&kcore->ehdr, 0, sizeof(GElf_Ehdr)); |
7939 |
+ |
7940 |
+ return 0; |
7941 |
+ |
7942 |
+@@ -1330,23 +1326,18 @@ static int kcore__copy_hdr(struct kcore *from, struct kcore *to, size_t count) |
7943 |
+ static int kcore__add_phdr(struct kcore *kcore, int idx, off_t offset, |
7944 |
+ u64 addr, u64 len) |
7945 |
+ { |
7946 |
+- GElf_Phdr gphdr; |
7947 |
+- GElf_Phdr *phdr; |
7948 |
+- |
7949 |
+- phdr = gelf_getphdr(kcore->elf, idx, &gphdr); |
7950 |
+- if (!phdr) |
7951 |
+- return -1; |
7952 |
+- |
7953 |
+- phdr->p_type = PT_LOAD; |
7954 |
+- phdr->p_flags = PF_R | PF_W | PF_X; |
7955 |
+- phdr->p_offset = offset; |
7956 |
+- phdr->p_vaddr = addr; |
7957 |
+- phdr->p_paddr = 0; |
7958 |
+- phdr->p_filesz = len; |
7959 |
+- phdr->p_memsz = len; |
7960 |
+- phdr->p_align = page_size; |
7961 |
+- |
7962 |
+- if (!gelf_update_phdr(kcore->elf, idx, phdr)) |
7963 |
++ GElf_Phdr phdr = { |
7964 |
++ .p_type = PT_LOAD, |
7965 |
++ .p_flags = PF_R | PF_W | PF_X, |
7966 |
++ .p_offset = offset, |
7967 |
++ .p_vaddr = addr, |
7968 |
++ .p_paddr = 0, |
7969 |
++ .p_filesz = len, |
7970 |
++ .p_memsz = len, |
7971 |
++ .p_align = page_size, |
7972 |
++ }; |
7973 |
++ |
7974 |
++ if (!gelf_update_phdr(kcore->elf, idx, &phdr)) |
7975 |
+ return -1; |
7976 |
+ |
7977 |
+ return 0; |
7978 |
+diff --git a/virt/kvm/eventfd.c b/virt/kvm/eventfd.c |
7979 |
+index 9ff4193dfa49..79db45336e3a 100644 |
7980 |
+--- a/virt/kvm/eventfd.c |
7981 |
++++ b/virt/kvm/eventfd.c |
7982 |
+@@ -771,40 +771,14 @@ static enum kvm_bus ioeventfd_bus_from_flags(__u32 flags) |
7983 |
+ return KVM_MMIO_BUS; |
7984 |
+ } |
7985 |
+ |
7986 |
+-static int |
7987 |
+-kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
7988 |
++static int kvm_assign_ioeventfd_idx(struct kvm *kvm, |
7989 |
++ enum kvm_bus bus_idx, |
7990 |
++ struct kvm_ioeventfd *args) |
7991 |
+ { |
7992 |
+- enum kvm_bus bus_idx; |
7993 |
+- struct _ioeventfd *p; |
7994 |
+- struct eventfd_ctx *eventfd; |
7995 |
+- int ret; |
7996 |
+- |
7997 |
+- bus_idx = ioeventfd_bus_from_flags(args->flags); |
7998 |
+- /* must be natural-word sized, or 0 to ignore length */ |
7999 |
+- switch (args->len) { |
8000 |
+- case 0: |
8001 |
+- case 1: |
8002 |
+- case 2: |
8003 |
+- case 4: |
8004 |
+- case 8: |
8005 |
+- break; |
8006 |
+- default: |
8007 |
+- return -EINVAL; |
8008 |
+- } |
8009 |
+- |
8010 |
+- /* check for range overflow */ |
8011 |
+- if (args->addr + args->len < args->addr) |
8012 |
+- return -EINVAL; |
8013 |
+ |
8014 |
+- /* check for extra flags that we don't understand */ |
8015 |
+- if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK) |
8016 |
+- return -EINVAL; |
8017 |
+- |
8018 |
+- /* ioeventfd with no length can't be combined with DATAMATCH */ |
8019 |
+- if (!args->len && |
8020 |
+- args->flags & (KVM_IOEVENTFD_FLAG_PIO | |
8021 |
+- KVM_IOEVENTFD_FLAG_DATAMATCH)) |
8022 |
+- return -EINVAL; |
8023 |
++ struct eventfd_ctx *eventfd; |
8024 |
++ struct _ioeventfd *p; |
8025 |
++ int ret; |
8026 |
+ |
8027 |
+ eventfd = eventfd_ctx_fdget(args->fd); |
8028 |
+ if (IS_ERR(eventfd)) |
8029 |
+@@ -843,16 +817,6 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8030 |
+ if (ret < 0) |
8031 |
+ goto unlock_fail; |
8032 |
+ |
8033 |
+- /* When length is ignored, MMIO is also put on a separate bus, for |
8034 |
+- * faster lookups. |
8035 |
+- */ |
8036 |
+- if (!args->len && !(args->flags & KVM_IOEVENTFD_FLAG_PIO)) { |
8037 |
+- ret = kvm_io_bus_register_dev(kvm, KVM_FAST_MMIO_BUS, |
8038 |
+- p->addr, 0, &p->dev); |
8039 |
+- if (ret < 0) |
8040 |
+- goto register_fail; |
8041 |
+- } |
8042 |
+- |
8043 |
+ kvm->buses[bus_idx]->ioeventfd_count++; |
8044 |
+ list_add_tail(&p->list, &kvm->ioeventfds); |
8045 |
+ |
8046 |
+@@ -860,8 +824,6 @@ kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8047 |
+ |
8048 |
+ return 0; |
8049 |
+ |
8050 |
+-register_fail: |
8051 |
+- kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev); |
8052 |
+ unlock_fail: |
8053 |
+ mutex_unlock(&kvm->slots_lock); |
8054 |
+ |
8055 |
+@@ -873,14 +835,13 @@ fail: |
8056 |
+ } |
8057 |
+ |
8058 |
+ static int |
8059 |
+-kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8060 |
++kvm_deassign_ioeventfd_idx(struct kvm *kvm, enum kvm_bus bus_idx, |
8061 |
++ struct kvm_ioeventfd *args) |
8062 |
+ { |
8063 |
+- enum kvm_bus bus_idx; |
8064 |
+ struct _ioeventfd *p, *tmp; |
8065 |
+ struct eventfd_ctx *eventfd; |
8066 |
+ int ret = -ENOENT; |
8067 |
+ |
8068 |
+- bus_idx = ioeventfd_bus_from_flags(args->flags); |
8069 |
+ eventfd = eventfd_ctx_fdget(args->fd); |
8070 |
+ if (IS_ERR(eventfd)) |
8071 |
+ return PTR_ERR(eventfd); |
8072 |
+@@ -901,10 +862,6 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8073 |
+ continue; |
8074 |
+ |
8075 |
+ kvm_io_bus_unregister_dev(kvm, bus_idx, &p->dev); |
8076 |
+- if (!p->length) { |
8077 |
+- kvm_io_bus_unregister_dev(kvm, KVM_FAST_MMIO_BUS, |
8078 |
+- &p->dev); |
8079 |
+- } |
8080 |
+ kvm->buses[bus_idx]->ioeventfd_count--; |
8081 |
+ ioeventfd_release(p); |
8082 |
+ ret = 0; |
8083 |
+@@ -918,6 +875,71 @@ kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8084 |
+ return ret; |
8085 |
+ } |
8086 |
+ |
8087 |
++static int kvm_deassign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8088 |
++{ |
8089 |
++ enum kvm_bus bus_idx = ioeventfd_bus_from_flags(args->flags); |
8090 |
++ int ret = kvm_deassign_ioeventfd_idx(kvm, bus_idx, args); |
8091 |
++ |
8092 |
++ if (!args->len && bus_idx == KVM_MMIO_BUS) |
8093 |
++ kvm_deassign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args); |
8094 |
++ |
8095 |
++ return ret; |
8096 |
++} |
8097 |
++ |
8098 |
++static int |
8099 |
++kvm_assign_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8100 |
++{ |
8101 |
++ enum kvm_bus bus_idx; |
8102 |
++ int ret; |
8103 |
++ |
8104 |
++ bus_idx = ioeventfd_bus_from_flags(args->flags); |
8105 |
++ /* must be natural-word sized, or 0 to ignore length */ |
8106 |
++ switch (args->len) { |
8107 |
++ case 0: |
8108 |
++ case 1: |
8109 |
++ case 2: |
8110 |
++ case 4: |
8111 |
++ case 8: |
8112 |
++ break; |
8113 |
++ default: |
8114 |
++ return -EINVAL; |
8115 |
++ } |
8116 |
++ |
8117 |
++ /* check for range overflow */ |
8118 |
++ if (args->addr + args->len < args->addr) |
8119 |
++ return -EINVAL; |
8120 |
++ |
8121 |
++ /* check for extra flags that we don't understand */ |
8122 |
++ if (args->flags & ~KVM_IOEVENTFD_VALID_FLAG_MASK) |
8123 |
++ return -EINVAL; |
8124 |
++ |
8125 |
++ /* ioeventfd with no length can't be combined with DATAMATCH */ |
8126 |
++ if (!args->len && |
8127 |
++ args->flags & (KVM_IOEVENTFD_FLAG_PIO | |
8128 |
++ KVM_IOEVENTFD_FLAG_DATAMATCH)) |
8129 |
++ return -EINVAL; |
8130 |
++ |
8131 |
++ ret = kvm_assign_ioeventfd_idx(kvm, bus_idx, args); |
8132 |
++ if (ret) |
8133 |
++ goto fail; |
8134 |
++ |
8135 |
++ /* When length is ignored, MMIO is also put on a separate bus, for |
8136 |
++ * faster lookups. |
8137 |
++ */ |
8138 |
++ if (!args->len && bus_idx == KVM_MMIO_BUS) { |
8139 |
++ ret = kvm_assign_ioeventfd_idx(kvm, KVM_FAST_MMIO_BUS, args); |
8140 |
++ if (ret < 0) |
8141 |
++ goto fast_fail; |
8142 |
++ } |
8143 |
++ |
8144 |
++ return 0; |
8145 |
++ |
8146 |
++fast_fail: |
8147 |
++ kvm_deassign_ioeventfd_idx(kvm, bus_idx, args); |
8148 |
++fail: |
8149 |
++ return ret; |
8150 |
++} |
8151 |
++ |
8152 |
+ int |
8153 |
+ kvm_ioeventfd(struct kvm *kvm, struct kvm_ioeventfd *args) |
8154 |
+ { |
8155 |
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c |
8156 |
+index 90977418aeb6..85422985235f 100644 |
8157 |
+--- a/virt/kvm/kvm_main.c |
8158 |
++++ b/virt/kvm/kvm_main.c |
8159 |
+@@ -2935,10 +2935,25 @@ static void kvm_io_bus_destroy(struct kvm_io_bus *bus) |
8160 |
+ static inline int kvm_io_bus_cmp(const struct kvm_io_range *r1, |
8161 |
+ const struct kvm_io_range *r2) |
8162 |
+ { |
8163 |
+- if (r1->addr < r2->addr) |
8164 |
++ gpa_t addr1 = r1->addr; |
8165 |
++ gpa_t addr2 = r2->addr; |
8166 |
++ |
8167 |
++ if (addr1 < addr2) |
8168 |
+ return -1; |
8169 |
+- if (r1->addr + r1->len > r2->addr + r2->len) |
8170 |
++ |
8171 |
++ /* If r2->len == 0, match the exact address. If r2->len != 0, |
8172 |
++ * accept any overlapping write. Any order is acceptable for |
8173 |
++ * overlapping ranges, because kvm_io_bus_get_first_dev ensures |
8174 |
++ * we process all of them. |
8175 |
++ */ |
8176 |
++ if (r2->len) { |
8177 |
++ addr1 += r1->len; |
8178 |
++ addr2 += r2->len; |
8179 |
++ } |
8180 |
++ |
8181 |
++ if (addr1 > addr2) |
8182 |
+ return 1; |
8183 |
++ |
8184 |
+ return 0; |
8185 |
+ } |
8186 |
+ |