1 |
commit: a564b9e2d597e3b892211ac546222ac3794b10aa |
2 |
Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Oct 13 15:00:14 2021 +0000 |
4 |
Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 13 15:00:18 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=a564b9e2 |
7 |
|
8 |
Linux patch 4.19.211 |
9 |
|
10 |
Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1210_linux-4.19.211.patch | 663 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 667 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index c0c1a0a..ac7acb4 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -879,6 +879,10 @@ Patch: 1209_linux-4.19.210.patch |
21 |
From: https://www.kernel.org |
22 |
Desc: Linux 4.19.210 |
23 |
|
24 |
+Patch: 1210_linux-4.19.211.patch |
25 |
+From: https://www.kernel.org |
26 |
+Desc: Linux 4.19.211 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1210_linux-4.19.211.patch b/1210_linux-4.19.211.patch |
33 |
new file mode 100644 |
34 |
index 0000000..eea7bdb |
35 |
--- /dev/null |
36 |
+++ b/1210_linux-4.19.211.patch |
37 |
@@ -0,0 +1,663 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index d9c39b3c05d56..d4e6f5d326b06 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 4 |
45 |
+ PATCHLEVEL = 19 |
46 |
+-SUBLEVEL = 210 |
47 |
++SUBLEVEL = 211 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = "People's Front" |
50 |
+ |
51 |
+diff --git a/arch/arm/boot/dts/omap3430-sdp.dts b/arch/arm/boot/dts/omap3430-sdp.dts |
52 |
+index d652708f6bef5..56e3db08e9690 100644 |
53 |
+--- a/arch/arm/boot/dts/omap3430-sdp.dts |
54 |
++++ b/arch/arm/boot/dts/omap3430-sdp.dts |
55 |
+@@ -104,7 +104,7 @@ |
56 |
+ |
57 |
+ nand@1,0 { |
58 |
+ compatible = "ti,omap2-nand"; |
59 |
+- reg = <0 0 4>; /* CS0, offset 0, IO size 4 */ |
60 |
++ reg = <1 0 4>; /* CS1, offset 0, IO size 4 */ |
61 |
+ interrupt-parent = <&gpmc>; |
62 |
+ interrupts = <0 IRQ_TYPE_NONE>, /* fifoevent */ |
63 |
+ <1 IRQ_TYPE_NONE>; /* termcount */ |
64 |
+diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi |
65 |
+index d0153bbbdbeb8..00daa844bf8c6 100644 |
66 |
+--- a/arch/arm/boot/dts/qcom-apq8064.dtsi |
67 |
++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi |
68 |
+@@ -1182,7 +1182,7 @@ |
69 |
+ }; |
70 |
+ |
71 |
+ gpu: adreno-3xx@4300000 { |
72 |
+- compatible = "qcom,adreno-3xx"; |
73 |
++ compatible = "qcom,adreno-320.2", "qcom,adreno"; |
74 |
+ reg = <0x04300000 0x20000>; |
75 |
+ reg-names = "kgsl_3d0_reg_memory"; |
76 |
+ interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>; |
77 |
+@@ -1197,7 +1197,6 @@ |
78 |
+ <&mmcc GFX3D_AHB_CLK>, |
79 |
+ <&mmcc GFX3D_AXI_CLK>, |
80 |
+ <&mmcc MMSS_IMEM_AHB_CLK>; |
81 |
+- qcom,chipid = <0x03020002>; |
82 |
+ |
83 |
+ iommus = <&gfx3d 0 |
84 |
+ &gfx3d 1 |
85 |
+diff --git a/arch/arm/mach-imx/pm-imx6.c b/arch/arm/mach-imx/pm-imx6.c |
86 |
+index 4bfefbec971a6..c3ca6e2cf7ffb 100644 |
87 |
+--- a/arch/arm/mach-imx/pm-imx6.c |
88 |
++++ b/arch/arm/mach-imx/pm-imx6.c |
89 |
+@@ -15,6 +15,7 @@ |
90 |
+ #include <linux/io.h> |
91 |
+ #include <linux/irq.h> |
92 |
+ #include <linux/genalloc.h> |
93 |
++#include <linux/irqchip/arm-gic.h> |
94 |
+ #include <linux/mfd/syscon.h> |
95 |
+ #include <linux/mfd/syscon/imx6q-iomuxc-gpr.h> |
96 |
+ #include <linux/of.h> |
97 |
+@@ -622,6 +623,7 @@ static void __init imx6_pm_common_init(const struct imx6_pm_socdata |
98 |
+ |
99 |
+ static void imx6_pm_stby_poweroff(void) |
100 |
+ { |
101 |
++ gic_cpu_if_down(0); |
102 |
+ imx6_set_lpm(STOP_POWER_OFF); |
103 |
+ imx6q_suspend_finish(0); |
104 |
+ |
105 |
+diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c |
106 |
+index 79b12e7445373..dade3a3ba6662 100644 |
107 |
+--- a/arch/arm/net/bpf_jit_32.c |
108 |
++++ b/arch/arm/net/bpf_jit_32.c |
109 |
+@@ -39,6 +39,10 @@ |
110 |
+ * +-----+ |
111 |
+ * |RSVD | JIT scratchpad |
112 |
+ * current ARM_SP => +-----+ <= (BPF_FP - STACK_SIZE + SCRATCH_SIZE) |
113 |
++ * | ... | caller-saved registers |
114 |
++ * +-----+ |
115 |
++ * | ... | arguments passed on stack |
116 |
++ * ARM_SP during call => +-----| |
117 |
+ * | | |
118 |
+ * | ... | Function call stack |
119 |
+ * | | |
120 |
+@@ -66,6 +70,12 @@ |
121 |
+ * |
122 |
+ * When popping registers off the stack at the end of a BPF function, we |
123 |
+ * reference them via the current ARM_FP register. |
124 |
++ * |
125 |
++ * Some eBPF operations are implemented via a call to a helper function. |
126 |
++ * Such calls are "invisible" in the eBPF code, so it is up to the calling |
127 |
++ * program to preserve any caller-saved ARM registers during the call. The |
128 |
++ * JIT emits code to push and pop those registers onto the stack, immediately |
129 |
++ * above the callee stack frame. |
130 |
+ */ |
131 |
+ #define CALLEE_MASK (1 << ARM_R4 | 1 << ARM_R5 | 1 << ARM_R6 | \ |
132 |
+ 1 << ARM_R7 | 1 << ARM_R8 | 1 << ARM_R9 | \ |
133 |
+@@ -73,6 +83,8 @@ |
134 |
+ #define CALLEE_PUSH_MASK (CALLEE_MASK | 1 << ARM_LR) |
135 |
+ #define CALLEE_POP_MASK (CALLEE_MASK | 1 << ARM_PC) |
136 |
+ |
137 |
++#define CALLER_MASK (1 << ARM_R0 | 1 << ARM_R1 | 1 << ARM_R2 | 1 << ARM_R3) |
138 |
++ |
139 |
+ enum { |
140 |
+ /* Stack layout - these are offsets from (top of stack - 4) */ |
141 |
+ BPF_R2_HI, |
142 |
+@@ -467,6 +479,7 @@ static inline int epilogue_offset(const struct jit_ctx *ctx) |
143 |
+ |
144 |
+ static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op) |
145 |
+ { |
146 |
++ const int exclude_mask = BIT(ARM_R0) | BIT(ARM_R1); |
147 |
+ const s8 *tmp = bpf2a32[TMP_REG_1]; |
148 |
+ |
149 |
+ #if __LINUX_ARM_ARCH__ == 7 |
150 |
+@@ -498,11 +511,17 @@ static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op) |
151 |
+ emit(ARM_MOV_R(ARM_R0, rm), ctx); |
152 |
+ } |
153 |
+ |
154 |
++ /* Push caller-saved registers on stack */ |
155 |
++ emit(ARM_PUSH(CALLER_MASK & ~exclude_mask), ctx); |
156 |
++ |
157 |
+ /* Call appropriate function */ |
158 |
+ emit_mov_i(ARM_IP, op == BPF_DIV ? |
159 |
+ (u32)jit_udiv32 : (u32)jit_mod32, ctx); |
160 |
+ emit_blx_r(ARM_IP, ctx); |
161 |
+ |
162 |
++ /* Restore caller-saved registers from stack */ |
163 |
++ emit(ARM_POP(CALLER_MASK & ~exclude_mask), ctx); |
164 |
++ |
165 |
+ /* Save return value */ |
166 |
+ if (rd != ARM_R0) |
167 |
+ emit(ARM_MOV_R(rd, ARM_R0), ctx); |
168 |
+diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c |
169 |
+index 4d8cb9bb8365d..43e6597c720c2 100644 |
170 |
+--- a/arch/mips/net/bpf_jit.c |
171 |
++++ b/arch/mips/net/bpf_jit.c |
172 |
+@@ -662,6 +662,11 @@ static void build_epilogue(struct jit_ctx *ctx) |
173 |
+ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative : func) : \ |
174 |
+ func##_positive) |
175 |
+ |
176 |
++static bool is_bad_offset(int b_off) |
177 |
++{ |
178 |
++ return b_off > 0x1ffff || b_off < -0x20000; |
179 |
++} |
180 |
++ |
181 |
+ static int build_body(struct jit_ctx *ctx) |
182 |
+ { |
183 |
+ const struct bpf_prog *prog = ctx->skf; |
184 |
+@@ -728,7 +733,10 @@ load_common: |
185 |
+ /* Load return register on DS for failures */ |
186 |
+ emit_reg_move(r_ret, r_zero, ctx); |
187 |
+ /* Return with error */ |
188 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
189 |
++ b_off = b_imm(prog->len, ctx); |
190 |
++ if (is_bad_offset(b_off)) |
191 |
++ return -E2BIG; |
192 |
++ emit_b(b_off, ctx); |
193 |
+ emit_nop(ctx); |
194 |
+ break; |
195 |
+ case BPF_LD | BPF_W | BPF_IND: |
196 |
+@@ -775,8 +783,10 @@ load_ind: |
197 |
+ emit_jalr(MIPS_R_RA, r_s0, ctx); |
198 |
+ emit_reg_move(MIPS_R_A0, r_skb, ctx); /* delay slot */ |
199 |
+ /* Check the error value */ |
200 |
+- emit_bcond(MIPS_COND_NE, r_ret, 0, |
201 |
+- b_imm(prog->len, ctx), ctx); |
202 |
++ b_off = b_imm(prog->len, ctx); |
203 |
++ if (is_bad_offset(b_off)) |
204 |
++ return -E2BIG; |
205 |
++ emit_bcond(MIPS_COND_NE, r_ret, 0, b_off, ctx); |
206 |
+ emit_reg_move(r_ret, r_zero, ctx); |
207 |
+ /* We are good */ |
208 |
+ /* X <- P[1:K] & 0xf */ |
209 |
+@@ -855,8 +865,10 @@ load_ind: |
210 |
+ /* A /= X */ |
211 |
+ ctx->flags |= SEEN_X | SEEN_A; |
212 |
+ /* Check if r_X is zero */ |
213 |
+- emit_bcond(MIPS_COND_EQ, r_X, r_zero, |
214 |
+- b_imm(prog->len, ctx), ctx); |
215 |
++ b_off = b_imm(prog->len, ctx); |
216 |
++ if (is_bad_offset(b_off)) |
217 |
++ return -E2BIG; |
218 |
++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); |
219 |
+ emit_load_imm(r_ret, 0, ctx); /* delay slot */ |
220 |
+ emit_div(r_A, r_X, ctx); |
221 |
+ break; |
222 |
+@@ -864,8 +876,10 @@ load_ind: |
223 |
+ /* A %= X */ |
224 |
+ ctx->flags |= SEEN_X | SEEN_A; |
225 |
+ /* Check if r_X is zero */ |
226 |
+- emit_bcond(MIPS_COND_EQ, r_X, r_zero, |
227 |
+- b_imm(prog->len, ctx), ctx); |
228 |
++ b_off = b_imm(prog->len, ctx); |
229 |
++ if (is_bad_offset(b_off)) |
230 |
++ return -E2BIG; |
231 |
++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); |
232 |
+ emit_load_imm(r_ret, 0, ctx); /* delay slot */ |
233 |
+ emit_mod(r_A, r_X, ctx); |
234 |
+ break; |
235 |
+@@ -926,7 +940,10 @@ load_ind: |
236 |
+ break; |
237 |
+ case BPF_JMP | BPF_JA: |
238 |
+ /* pc += K */ |
239 |
+- emit_b(b_imm(i + k + 1, ctx), ctx); |
240 |
++ b_off = b_imm(i + k + 1, ctx); |
241 |
++ if (is_bad_offset(b_off)) |
242 |
++ return -E2BIG; |
243 |
++ emit_b(b_off, ctx); |
244 |
+ emit_nop(ctx); |
245 |
+ break; |
246 |
+ case BPF_JMP | BPF_JEQ | BPF_K: |
247 |
+@@ -1056,12 +1073,16 @@ jmp_cmp: |
248 |
+ break; |
249 |
+ case BPF_RET | BPF_A: |
250 |
+ ctx->flags |= SEEN_A; |
251 |
+- if (i != prog->len - 1) |
252 |
++ if (i != prog->len - 1) { |
253 |
+ /* |
254 |
+ * If this is not the last instruction |
255 |
+ * then jump to the epilogue |
256 |
+ */ |
257 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
258 |
++ b_off = b_imm(prog->len, ctx); |
259 |
++ if (is_bad_offset(b_off)) |
260 |
++ return -E2BIG; |
261 |
++ emit_b(b_off, ctx); |
262 |
++ } |
263 |
+ emit_reg_move(r_ret, r_A, ctx); /* delay slot */ |
264 |
+ break; |
265 |
+ case BPF_RET | BPF_K: |
266 |
+@@ -1075,7 +1096,10 @@ jmp_cmp: |
267 |
+ * If this is not the last instruction |
268 |
+ * then jump to the epilogue |
269 |
+ */ |
270 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
271 |
++ b_off = b_imm(prog->len, ctx); |
272 |
++ if (is_bad_offset(b_off)) |
273 |
++ return -E2BIG; |
274 |
++ emit_b(b_off, ctx); |
275 |
+ emit_nop(ctx); |
276 |
+ } |
277 |
+ break; |
278 |
+@@ -1133,8 +1157,10 @@ jmp_cmp: |
279 |
+ /* Load *dev pointer */ |
280 |
+ emit_load_ptr(r_s0, r_skb, off, ctx); |
281 |
+ /* error (0) in the delay slot */ |
282 |
+- emit_bcond(MIPS_COND_EQ, r_s0, r_zero, |
283 |
+- b_imm(prog->len, ctx), ctx); |
284 |
++ b_off = b_imm(prog->len, ctx); |
285 |
++ if (is_bad_offset(b_off)) |
286 |
++ return -E2BIG; |
287 |
++ emit_bcond(MIPS_COND_EQ, r_s0, r_zero, b_off, ctx); |
288 |
+ emit_reg_move(r_ret, r_zero, ctx); |
289 |
+ if (code == (BPF_ANC | SKF_AD_IFINDEX)) { |
290 |
+ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); |
291 |
+@@ -1244,7 +1270,10 @@ void bpf_jit_compile(struct bpf_prog *fp) |
292 |
+ |
293 |
+ /* Generate the actual JIT code */ |
294 |
+ build_prologue(&ctx); |
295 |
+- build_body(&ctx); |
296 |
++ if (build_body(&ctx)) { |
297 |
++ module_memfree(ctx.target); |
298 |
++ goto out; |
299 |
++ } |
300 |
+ build_epilogue(&ctx); |
301 |
+ |
302 |
+ /* Update the icache */ |
303 |
+diff --git a/arch/powerpc/boot/dts/fsl/t1023rdb.dts b/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
304 |
+index 5ba6fbfca2742..f82f85c65964c 100644 |
305 |
+--- a/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
306 |
++++ b/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
307 |
+@@ -154,7 +154,7 @@ |
308 |
+ |
309 |
+ fm1mac3: ethernet@e4000 { |
310 |
+ phy-handle = <&sgmii_aqr_phy3>; |
311 |
+- phy-connection-type = "sgmii-2500"; |
312 |
++ phy-connection-type = "2500base-x"; |
313 |
+ sleep = <&rcpm 0x20000000>; |
314 |
+ }; |
315 |
+ |
316 |
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
317 |
+index d994501d9179f..3dd2949b2b356 100644 |
318 |
+--- a/arch/x86/Kconfig |
319 |
++++ b/arch/x86/Kconfig |
320 |
+@@ -1387,7 +1387,7 @@ config HIGHMEM4G |
321 |
+ |
322 |
+ config HIGHMEM64G |
323 |
+ bool "64GB" |
324 |
+- depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6 |
325 |
++ depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6 |
326 |
+ select X86_PAE |
327 |
+ ---help--- |
328 |
+ Select this if you have a 32-bit processor and more than 4 |
329 |
+diff --git a/arch/xtensa/kernel/irq.c b/arch/xtensa/kernel/irq.c |
330 |
+index a48bf2d10ac2d..80cc9770a8d2d 100644 |
331 |
+--- a/arch/xtensa/kernel/irq.c |
332 |
++++ b/arch/xtensa/kernel/irq.c |
333 |
+@@ -145,7 +145,7 @@ unsigned xtensa_get_ext_irq_no(unsigned irq) |
334 |
+ |
335 |
+ void __init init_IRQ(void) |
336 |
+ { |
337 |
+-#ifdef CONFIG_OF |
338 |
++#ifdef CONFIG_USE_OF |
339 |
+ irqchip_init(); |
340 |
+ #else |
341 |
+ #ifdef CONFIG_HAVE_SMP |
342 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_debugfs.c b/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
343 |
+index 4561a786fab07..cce4833a60832 100644 |
344 |
+--- a/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
345 |
++++ b/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
346 |
+@@ -185,6 +185,7 @@ static const struct file_operations nouveau_pstate_fops = { |
347 |
+ .open = nouveau_debugfs_pstate_open, |
348 |
+ .read = seq_read, |
349 |
+ .write = nouveau_debugfs_pstate_set, |
350 |
++ .release = single_release, |
351 |
+ }; |
352 |
+ |
353 |
+ static struct drm_info_list nouveau_debugfs_list[] = { |
354 |
+diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c |
355 |
+index 8ba4122fb3404..8288cfb44cb2c 100644 |
356 |
+--- a/drivers/i2c/i2c-core-acpi.c |
357 |
++++ b/drivers/i2c/i2c-core-acpi.c |
358 |
+@@ -395,6 +395,7 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, |
359 |
+ break; |
360 |
+ |
361 |
+ i2c_acpi_register_device(adapter, adev, &info); |
362 |
++ put_device(&adapter->dev); |
363 |
+ break; |
364 |
+ case ACPI_RECONFIG_DEVICE_REMOVE: |
365 |
+ if (!acpi_device_enumerated(adev)) |
366 |
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c |
367 |
+index 246734be51775..062b942517822 100644 |
368 |
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c |
369 |
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c |
370 |
+@@ -4724,7 +4724,8 @@ static void i40e_clear_interrupt_scheme(struct i40e_pf *pf) |
371 |
+ { |
372 |
+ int i; |
373 |
+ |
374 |
+- i40e_free_misc_vector(pf); |
375 |
++ if (test_bit(__I40E_MISC_IRQ_REQUESTED, pf->state)) |
376 |
++ i40e_free_misc_vector(pf); |
377 |
+ |
378 |
+ i40e_put_lump(pf->irq_pile, pf->iwarp_base_vector, |
379 |
+ I40E_IWARP_IRQ_PILE_ID); |
380 |
+@@ -9068,7 +9069,7 @@ static int i40e_get_capabilities(struct i40e_pf *pf, |
381 |
+ if (pf->hw.aq.asq_last_status == I40E_AQ_RC_ENOMEM) { |
382 |
+ /* retry with a larger buffer */ |
383 |
+ buf_len = data_size; |
384 |
+- } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK) { |
385 |
++ } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK || err) { |
386 |
+ dev_info(&pf->pdev->dev, |
387 |
+ "capability discovery failed, err %s aq_err %s\n", |
388 |
+ i40e_stat_str(&pf->hw, err), |
389 |
+diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c |
390 |
+index 08c81d4cfca86..3207da2224f67 100644 |
391 |
+--- a/drivers/net/phy/mdio_bus.c |
392 |
++++ b/drivers/net/phy/mdio_bus.c |
393 |
+@@ -378,6 +378,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner) |
394 |
+ bus->dev.groups = NULL; |
395 |
+ dev_set_name(&bus->dev, "%s", bus->id); |
396 |
+ |
397 |
++ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release |
398 |
++ * the device in mdiobus_free() |
399 |
++ * |
400 |
++ * State will be updated later in this function in case of success |
401 |
++ */ |
402 |
++ bus->state = MDIOBUS_UNREGISTERED; |
403 |
++ |
404 |
+ err = device_register(&bus->dev); |
405 |
+ if (err) { |
406 |
+ pr_err("mii_bus %s failed to register\n", bus->id); |
407 |
+diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c |
408 |
+index 47d518e6d5d4f..71bafc8f5ed02 100644 |
409 |
+--- a/drivers/net/phy/sfp.c |
410 |
++++ b/drivers/net/phy/sfp.c |
411 |
+@@ -113,7 +113,7 @@ static const char * const sm_state_strings[] = { |
412 |
+ [SFP_S_LINK_UP] = "link_up", |
413 |
+ [SFP_S_TX_FAULT] = "tx_fault", |
414 |
+ [SFP_S_REINIT] = "reinit", |
415 |
+- [SFP_S_TX_DISABLE] = "rx_disable", |
416 |
++ [SFP_S_TX_DISABLE] = "tx_disable", |
417 |
+ }; |
418 |
+ |
419 |
+ static const char *sm_state_to_str(unsigned short sm_state) |
420 |
+diff --git a/drivers/ptp/ptp_pch.c b/drivers/ptp/ptp_pch.c |
421 |
+index 78ccf936d3560..84feaa140f1b3 100644 |
422 |
+--- a/drivers/ptp/ptp_pch.c |
423 |
++++ b/drivers/ptp/ptp_pch.c |
424 |
+@@ -695,6 +695,7 @@ static const struct pci_device_id pch_ieee1588_pcidev_id[] = { |
425 |
+ }, |
426 |
+ {0} |
427 |
+ }; |
428 |
++MODULE_DEVICE_TABLE(pci, pch_ieee1588_pcidev_id); |
429 |
+ |
430 |
+ static struct pci_driver pch_driver = { |
431 |
+ .name = KBUILD_MODNAME, |
432 |
+diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig |
433 |
+index 70e6c956c23ce..a9f12a52f7265 100644 |
434 |
+--- a/drivers/usb/Kconfig |
435 |
++++ b/drivers/usb/Kconfig |
436 |
+@@ -175,8 +175,7 @@ source "drivers/usb/roles/Kconfig" |
437 |
+ |
438 |
+ config USB_LED_TRIG |
439 |
+ bool "USB LED Triggers" |
440 |
+- depends on LEDS_CLASS && LEDS_TRIGGERS |
441 |
+- select USB_COMMON |
442 |
++ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS |
443 |
+ help |
444 |
+ This option adds LED triggers for USB host and/or gadget activity. |
445 |
+ |
446 |
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c |
447 |
+index 6959231d63b3e..0522bd2d9d3cc 100644 |
448 |
+--- a/drivers/usb/class/cdc-acm.c |
449 |
++++ b/drivers/usb/class/cdc-acm.c |
450 |
+@@ -339,6 +339,9 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) |
451 |
+ acm->iocount.overrun++; |
452 |
+ spin_unlock_irqrestore(&acm->read_lock, flags); |
453 |
+ |
454 |
++ if (newctrl & ACM_CTRL_BRK) |
455 |
++ tty_flip_buffer_push(&acm->port); |
456 |
++ |
457 |
+ if (difference) |
458 |
+ wake_up_all(&acm->wioctl); |
459 |
+ |
460 |
+@@ -474,11 +477,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags) |
461 |
+ |
462 |
+ static void acm_process_read_urb(struct acm *acm, struct urb *urb) |
463 |
+ { |
464 |
++ unsigned long flags; |
465 |
++ |
466 |
+ if (!urb->actual_length) |
467 |
+ return; |
468 |
+ |
469 |
++ spin_lock_irqsave(&acm->read_lock, flags); |
470 |
+ tty_insert_flip_string(&acm->port, urb->transfer_buffer, |
471 |
+ urb->actual_length); |
472 |
++ spin_unlock_irqrestore(&acm->read_lock, flags); |
473 |
++ |
474 |
+ tty_flip_buffer_push(&acm->port); |
475 |
+ } |
476 |
+ |
477 |
+diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c |
478 |
+index 2459e2afd65ec..19906020eb145 100644 |
479 |
+--- a/drivers/xen/balloon.c |
480 |
++++ b/drivers/xen/balloon.c |
481 |
+@@ -508,12 +508,12 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) |
482 |
+ } |
483 |
+ |
484 |
+ /* |
485 |
+- * Stop waiting if either state is not BP_EAGAIN and ballooning action is |
486 |
+- * needed, or if the credit has changed while state is BP_EAGAIN. |
487 |
++ * Stop waiting if either state is BP_DONE and ballooning action is |
488 |
++ * needed, or if the credit has changed while state is not BP_DONE. |
489 |
+ */ |
490 |
+ static bool balloon_thread_cond(enum bp_state state, long credit) |
491 |
+ { |
492 |
+- if (state != BP_EAGAIN) |
493 |
++ if (state == BP_DONE) |
494 |
+ credit = 0; |
495 |
+ |
496 |
+ return current_credit() != credit || kthread_should_stop(); |
497 |
+@@ -533,10 +533,19 @@ static int balloon_thread(void *unused) |
498 |
+ |
499 |
+ set_freezable(); |
500 |
+ for (;;) { |
501 |
+- if (state == BP_EAGAIN) |
502 |
+- timeout = balloon_stats.schedule_delay * HZ; |
503 |
+- else |
504 |
++ switch (state) { |
505 |
++ case BP_DONE: |
506 |
++ case BP_ECANCELED: |
507 |
+ timeout = 3600 * HZ; |
508 |
++ break; |
509 |
++ case BP_EAGAIN: |
510 |
++ timeout = balloon_stats.schedule_delay * HZ; |
511 |
++ break; |
512 |
++ case BP_WAIT: |
513 |
++ timeout = HZ; |
514 |
++ break; |
515 |
++ } |
516 |
++ |
517 |
+ credit = current_credit(); |
518 |
+ |
519 |
+ wait_event_freezable_timeout(balloon_thread_wq, |
520 |
+diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c |
521 |
+index a8486432be05a..74ff28fda64dc 100644 |
522 |
+--- a/drivers/xen/privcmd.c |
523 |
++++ b/drivers/xen/privcmd.c |
524 |
+@@ -835,11 +835,12 @@ static long privcmd_ioctl_mmap_resource(struct file *file, |
525 |
+ unsigned int domid = |
526 |
+ (xdata.flags & XENMEM_rsrc_acq_caller_owned) ? |
527 |
+ DOMID_SELF : kdata.dom; |
528 |
+- int num; |
529 |
++ int num, *errs = (int *)pfns; |
530 |
+ |
531 |
++ BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns)); |
532 |
+ num = xen_remap_domain_mfn_array(vma, |
533 |
+ kdata.addr & PAGE_MASK, |
534 |
+- pfns, kdata.num, (int *)pfns, |
535 |
++ pfns, kdata.num, errs, |
536 |
+ vma->vm_page_prot, |
537 |
+ domid, |
538 |
+ vma->vm_private_data); |
539 |
+@@ -849,7 +850,7 @@ static long privcmd_ioctl_mmap_resource(struct file *file, |
540 |
+ unsigned int i; |
541 |
+ |
542 |
+ for (i = 0; i < num; i++) { |
543 |
+- rc = pfns[i]; |
544 |
++ rc = errs[i]; |
545 |
+ if (rc < 0) |
546 |
+ break; |
547 |
+ } |
548 |
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c |
549 |
+index db0beefe65ec2..f67c5de1aeb8d 100644 |
550 |
+--- a/fs/nfsd/nfs4xdr.c |
551 |
++++ b/fs/nfsd/nfs4xdr.c |
552 |
+@@ -3124,15 +3124,18 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
553 |
+ goto fail; |
554 |
+ cd->rd_maxcount -= entry_bytes; |
555 |
+ /* |
556 |
+- * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so |
557 |
+- * let's always let through the first entry, at least: |
558 |
++ * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and |
559 |
++ * notes that it could be zero. If it is zero, then the server |
560 |
++ * should enforce only the rd_maxcount value. |
561 |
+ */ |
562 |
+- if (!cd->rd_dircount) |
563 |
+- goto fail; |
564 |
+- name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; |
565 |
+- if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) |
566 |
+- goto fail; |
567 |
+- cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); |
568 |
++ if (cd->rd_dircount) { |
569 |
++ name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; |
570 |
++ if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) |
571 |
++ goto fail; |
572 |
++ cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); |
573 |
++ if (!cd->rd_dircount) |
574 |
++ cd->rd_maxcount = 0; |
575 |
++ } |
576 |
+ |
577 |
+ cd->cookie_offset = cookie_offset; |
578 |
+ skip_entry: |
579 |
+diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c |
580 |
+index 0b4ee1ab25df0..0578c15e1a676 100644 |
581 |
+--- a/fs/overlayfs/dir.c |
582 |
++++ b/fs/overlayfs/dir.c |
583 |
+@@ -1166,9 +1166,13 @@ static int ovl_rename(struct inode *olddir, struct dentry *old, |
584 |
+ goto out_dput; |
585 |
+ } |
586 |
+ } else { |
587 |
+- if (!d_is_negative(newdentry) && |
588 |
+- (!new_opaque || !ovl_is_whiteout(newdentry))) |
589 |
+- goto out_dput; |
590 |
++ if (!d_is_negative(newdentry)) { |
591 |
++ if (!new_opaque || !ovl_is_whiteout(newdentry)) |
592 |
++ goto out_dput; |
593 |
++ } else { |
594 |
++ if (flags & RENAME_EXCHANGE) |
595 |
++ goto out_dput; |
596 |
++ } |
597 |
+ } |
598 |
+ |
599 |
+ if (olddentry == trap) |
600 |
+diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c |
601 |
+index a47d623f59fe7..92310b07cb98e 100644 |
602 |
+--- a/kernel/bpf/stackmap.c |
603 |
++++ b/kernel/bpf/stackmap.c |
604 |
+@@ -63,7 +63,8 @@ static inline int stack_map_data_size(struct bpf_map *map) |
605 |
+ |
606 |
+ static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) |
607 |
+ { |
608 |
+- u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size; |
609 |
++ u64 elem_size = sizeof(struct stack_map_bucket) + |
610 |
++ (u64)smap->map.value_size; |
611 |
+ int err; |
612 |
+ |
613 |
+ smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries, |
614 |
+diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c |
615 |
+index ec2b58a09f763..c00cb376263a0 100644 |
616 |
+--- a/net/bridge/br_netlink.c |
617 |
++++ b/net/bridge/br_netlink.c |
618 |
+@@ -1511,7 +1511,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr) |
619 |
+ } |
620 |
+ |
621 |
+ return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) + |
622 |
+- nla_total_size(sizeof(struct br_mcast_stats)) + |
623 |
++ nla_total_size_64bit(sizeof(struct br_mcast_stats)) + |
624 |
+ nla_total_size(0); |
625 |
+ } |
626 |
+ |
627 |
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
628 |
+index 055fd09ac1114..83de32e34bb55 100644 |
629 |
+--- a/net/core/rtnetlink.c |
630 |
++++ b/net/core/rtnetlink.c |
631 |
+@@ -4512,7 +4512,7 @@ nla_put_failure: |
632 |
+ static size_t if_nlmsg_stats_size(const struct net_device *dev, |
633 |
+ u32 filter_mask) |
634 |
+ { |
635 |
+- size_t size = 0; |
636 |
++ size_t size = NLMSG_ALIGN(sizeof(struct if_stats_msg)); |
637 |
+ |
638 |
+ if (stats_attr_valid(filter_mask, IFLA_STATS_LINK_64, 0)) |
639 |
+ size += nla_total_size_64bit(sizeof(struct rtnl_link_stats64)); |
640 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
641 |
+index b0fd268ed65e5..dd4e4289d0d2a 100644 |
642 |
+--- a/net/netlink/af_netlink.c |
643 |
++++ b/net/netlink/af_netlink.c |
644 |
+@@ -599,7 +599,10 @@ static int netlink_insert(struct sock *sk, u32 portid) |
645 |
+ |
646 |
+ /* We need to ensure that the socket is hashed and visible. */ |
647 |
+ smp_wmb(); |
648 |
+- nlk_sk(sk)->bound = portid; |
649 |
++ /* Paired with lockless reads from netlink_bind(), |
650 |
++ * netlink_connect() and netlink_sendmsg(). |
651 |
++ */ |
652 |
++ WRITE_ONCE(nlk_sk(sk)->bound, portid); |
653 |
+ |
654 |
+ err: |
655 |
+ release_sock(sk); |
656 |
+@@ -1018,7 +1021,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, |
657 |
+ else if (nlk->ngroups < 8*sizeof(groups)) |
658 |
+ groups &= (1UL << nlk->ngroups) - 1; |
659 |
+ |
660 |
+- bound = nlk->bound; |
661 |
++ /* Paired with WRITE_ONCE() in netlink_insert() */ |
662 |
++ bound = READ_ONCE(nlk->bound); |
663 |
+ if (bound) { |
664 |
+ /* Ensure nlk->portid is up-to-date. */ |
665 |
+ smp_rmb(); |
666 |
+@@ -1104,8 +1108,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, |
667 |
+ |
668 |
+ /* No need for barriers here as we return to user-space without |
669 |
+ * using any of the bound attributes. |
670 |
++ * Paired with WRITE_ONCE() in netlink_insert(). |
671 |
+ */ |
672 |
+- if (!nlk->bound) |
673 |
++ if (!READ_ONCE(nlk->bound)) |
674 |
+ err = netlink_autobind(sock); |
675 |
+ |
676 |
+ if (err == 0) { |
677 |
+@@ -1870,7 +1875,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) |
678 |
+ dst_group = nlk->dst_group; |
679 |
+ } |
680 |
+ |
681 |
+- if (!nlk->bound) { |
682 |
++ /* Paired with WRITE_ONCE() in netlink_insert() */ |
683 |
++ if (!READ_ONCE(nlk->bound)) { |
684 |
+ err = netlink_autobind(sock); |
685 |
+ if (err) |
686 |
+ goto out; |
687 |
+diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c |
688 |
+index 24893d3b5d229..bcd3ca97caea1 100644 |
689 |
+--- a/net/sched/sch_fifo.c |
690 |
++++ b/net/sched/sch_fifo.c |
691 |
+@@ -152,6 +152,9 @@ int fifo_set_limit(struct Qdisc *q, unsigned int limit) |
692 |
+ if (strncmp(q->ops->id + 1, "fifo", 4) != 0) |
693 |
+ return 0; |
694 |
+ |
695 |
++ if (!q->ops->change) |
696 |
++ return 0; |
697 |
++ |
698 |
+ nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL); |
699 |
+ if (nla) { |
700 |
+ nla->nla_type = RTM_NEWQDISC; |