| 1 |
commit: a564b9e2d597e3b892211ac546222ac3794b10aa |
| 2 |
Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Oct 13 15:00:14 2021 +0000 |
| 4 |
Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Oct 13 15:00:18 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=a564b9e2 |
| 7 |
|
| 8 |
Linux patch 4.19.211 |
| 9 |
|
| 10 |
Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> |
| 11 |
|
| 12 |
0000_README | 4 + |
| 13 |
1210_linux-4.19.211.patch | 663 ++++++++++++++++++++++++++++++++++++++++++++++ |
| 14 |
2 files changed, 667 insertions(+) |
| 15 |
|
| 16 |
diff --git a/0000_README b/0000_README |
| 17 |
index c0c1a0a..ac7acb4 100644 |
| 18 |
--- a/0000_README |
| 19 |
+++ b/0000_README |
| 20 |
@@ -879,6 +879,10 @@ Patch: 1209_linux-4.19.210.patch |
| 21 |
From: https://www.kernel.org |
| 22 |
Desc: Linux 4.19.210 |
| 23 |
|
| 24 |
+Patch: 1210_linux-4.19.211.patch |
| 25 |
+From: https://www.kernel.org |
| 26 |
+Desc: Linux 4.19.211 |
| 27 |
+ |
| 28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
| 29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
| 30 |
Desc: Support for namespace user.pax.* on tmpfs. |
| 31 |
|
| 32 |
diff --git a/1210_linux-4.19.211.patch b/1210_linux-4.19.211.patch |
| 33 |
new file mode 100644 |
| 34 |
index 0000000..eea7bdb |
| 35 |
--- /dev/null |
| 36 |
+++ b/1210_linux-4.19.211.patch |
| 37 |
@@ -0,0 +1,663 @@ |
| 38 |
+diff --git a/Makefile b/Makefile |
| 39 |
+index d9c39b3c05d56..d4e6f5d326b06 100644 |
| 40 |
+--- a/Makefile |
| 41 |
++++ b/Makefile |
| 42 |
+@@ -1,7 +1,7 @@ |
| 43 |
+ # SPDX-License-Identifier: GPL-2.0 |
| 44 |
+ VERSION = 4 |
| 45 |
+ PATCHLEVEL = 19 |
| 46 |
+-SUBLEVEL = 210 |
| 47 |
++SUBLEVEL = 211 |
| 48 |
+ EXTRAVERSION = |
| 49 |
+ NAME = "People's Front" |
| 50 |
+ |
| 51 |
+diff --git a/arch/arm/boot/dts/omap3430-sdp.dts b/arch/arm/boot/dts/omap3430-sdp.dts |
| 52 |
+index d652708f6bef5..56e3db08e9690 100644 |
| 53 |
+--- a/arch/arm/boot/dts/omap3430-sdp.dts |
| 54 |
++++ b/arch/arm/boot/dts/omap3430-sdp.dts |
| 55 |
+@@ -104,7 +104,7 @@ |
| 56 |
+ |
| 57 |
+ nand@1,0 { |
| 58 |
+ compatible = "ti,omap2-nand"; |
| 59 |
+- reg = <0 0 4>; /* CS0, offset 0, IO size 4 */ |
| 60 |
++ reg = <1 0 4>; /* CS1, offset 0, IO size 4 */ |
| 61 |
+ interrupt-parent = <&gpmc>; |
| 62 |
+ interrupts = <0 IRQ_TYPE_NONE>, /* fifoevent */ |
| 63 |
+ <1 IRQ_TYPE_NONE>; /* termcount */ |
| 64 |
+diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi |
| 65 |
+index d0153bbbdbeb8..00daa844bf8c6 100644 |
| 66 |
+--- a/arch/arm/boot/dts/qcom-apq8064.dtsi |
| 67 |
++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi |
| 68 |
+@@ -1182,7 +1182,7 @@ |
| 69 |
+ }; |
| 70 |
+ |
| 71 |
+ gpu: adreno-3xx@4300000 { |
| 72 |
+- compatible = "qcom,adreno-3xx"; |
| 73 |
++ compatible = "qcom,adreno-320.2", "qcom,adreno"; |
| 74 |
+ reg = <0x04300000 0x20000>; |
| 75 |
+ reg-names = "kgsl_3d0_reg_memory"; |
| 76 |
+ interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>; |
| 77 |
+@@ -1197,7 +1197,6 @@ |
| 78 |
+ <&mmcc GFX3D_AHB_CLK>, |
| 79 |
+ <&mmcc GFX3D_AXI_CLK>, |
| 80 |
+ <&mmcc MMSS_IMEM_AHB_CLK>; |
| 81 |
+- qcom,chipid = <0x03020002>; |
| 82 |
+ |
| 83 |
+ iommus = <&gfx3d 0 |
| 84 |
+ &gfx3d 1 |
| 85 |
+diff --git a/arch/arm/mach-imx/pm-imx6.c b/arch/arm/mach-imx/pm-imx6.c |
| 86 |
+index 4bfefbec971a6..c3ca6e2cf7ffb 100644 |
| 87 |
+--- a/arch/arm/mach-imx/pm-imx6.c |
| 88 |
++++ b/arch/arm/mach-imx/pm-imx6.c |
| 89 |
+@@ -15,6 +15,7 @@ |
| 90 |
+ #include <linux/io.h> |
| 91 |
+ #include <linux/irq.h> |
| 92 |
+ #include <linux/genalloc.h> |
| 93 |
++#include <linux/irqchip/arm-gic.h> |
| 94 |
+ #include <linux/mfd/syscon.h> |
| 95 |
+ #include <linux/mfd/syscon/imx6q-iomuxc-gpr.h> |
| 96 |
+ #include <linux/of.h> |
| 97 |
+@@ -622,6 +623,7 @@ static void __init imx6_pm_common_init(const struct imx6_pm_socdata |
| 98 |
+ |
| 99 |
+ static void imx6_pm_stby_poweroff(void) |
| 100 |
+ { |
| 101 |
++ gic_cpu_if_down(0); |
| 102 |
+ imx6_set_lpm(STOP_POWER_OFF); |
| 103 |
+ imx6q_suspend_finish(0); |
| 104 |
+ |
| 105 |
+diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c |
| 106 |
+index 79b12e7445373..dade3a3ba6662 100644 |
| 107 |
+--- a/arch/arm/net/bpf_jit_32.c |
| 108 |
++++ b/arch/arm/net/bpf_jit_32.c |
| 109 |
+@@ -39,6 +39,10 @@ |
| 110 |
+ * +-----+ |
| 111 |
+ * |RSVD | JIT scratchpad |
| 112 |
+ * current ARM_SP => +-----+ <= (BPF_FP - STACK_SIZE + SCRATCH_SIZE) |
| 113 |
++ * | ... | caller-saved registers |
| 114 |
++ * +-----+ |
| 115 |
++ * | ... | arguments passed on stack |
| 116 |
++ * ARM_SP during call => +-----| |
| 117 |
+ * | | |
| 118 |
+ * | ... | Function call stack |
| 119 |
+ * | | |
| 120 |
+@@ -66,6 +70,12 @@ |
| 121 |
+ * |
| 122 |
+ * When popping registers off the stack at the end of a BPF function, we |
| 123 |
+ * reference them via the current ARM_FP register. |
| 124 |
++ * |
| 125 |
++ * Some eBPF operations are implemented via a call to a helper function. |
| 126 |
++ * Such calls are "invisible" in the eBPF code, so it is up to the calling |
| 127 |
++ * program to preserve any caller-saved ARM registers during the call. The |
| 128 |
++ * JIT emits code to push and pop those registers onto the stack, immediately |
| 129 |
++ * above the callee stack frame. |
| 130 |
+ */ |
| 131 |
+ #define CALLEE_MASK (1 << ARM_R4 | 1 << ARM_R5 | 1 << ARM_R6 | \ |
| 132 |
+ 1 << ARM_R7 | 1 << ARM_R8 | 1 << ARM_R9 | \ |
| 133 |
+@@ -73,6 +83,8 @@ |
| 134 |
+ #define CALLEE_PUSH_MASK (CALLEE_MASK | 1 << ARM_LR) |
| 135 |
+ #define CALLEE_POP_MASK (CALLEE_MASK | 1 << ARM_PC) |
| 136 |
+ |
| 137 |
++#define CALLER_MASK (1 << ARM_R0 | 1 << ARM_R1 | 1 << ARM_R2 | 1 << ARM_R3) |
| 138 |
++ |
| 139 |
+ enum { |
| 140 |
+ /* Stack layout - these are offsets from (top of stack - 4) */ |
| 141 |
+ BPF_R2_HI, |
| 142 |
+@@ -467,6 +479,7 @@ static inline int epilogue_offset(const struct jit_ctx *ctx) |
| 143 |
+ |
| 144 |
+ static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op) |
| 145 |
+ { |
| 146 |
++ const int exclude_mask = BIT(ARM_R0) | BIT(ARM_R1); |
| 147 |
+ const s8 *tmp = bpf2a32[TMP_REG_1]; |
| 148 |
+ |
| 149 |
+ #if __LINUX_ARM_ARCH__ == 7 |
| 150 |
+@@ -498,11 +511,17 @@ static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op) |
| 151 |
+ emit(ARM_MOV_R(ARM_R0, rm), ctx); |
| 152 |
+ } |
| 153 |
+ |
| 154 |
++ /* Push caller-saved registers on stack */ |
| 155 |
++ emit(ARM_PUSH(CALLER_MASK & ~exclude_mask), ctx); |
| 156 |
++ |
| 157 |
+ /* Call appropriate function */ |
| 158 |
+ emit_mov_i(ARM_IP, op == BPF_DIV ? |
| 159 |
+ (u32)jit_udiv32 : (u32)jit_mod32, ctx); |
| 160 |
+ emit_blx_r(ARM_IP, ctx); |
| 161 |
+ |
| 162 |
++ /* Restore caller-saved registers from stack */ |
| 163 |
++ emit(ARM_POP(CALLER_MASK & ~exclude_mask), ctx); |
| 164 |
++ |
| 165 |
+ /* Save return value */ |
| 166 |
+ if (rd != ARM_R0) |
| 167 |
+ emit(ARM_MOV_R(rd, ARM_R0), ctx); |
| 168 |
+diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c |
| 169 |
+index 4d8cb9bb8365d..43e6597c720c2 100644 |
| 170 |
+--- a/arch/mips/net/bpf_jit.c |
| 171 |
++++ b/arch/mips/net/bpf_jit.c |
| 172 |
+@@ -662,6 +662,11 @@ static void build_epilogue(struct jit_ctx *ctx) |
| 173 |
+ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative : func) : \ |
| 174 |
+ func##_positive) |
| 175 |
+ |
| 176 |
++static bool is_bad_offset(int b_off) |
| 177 |
++{ |
| 178 |
++ return b_off > 0x1ffff || b_off < -0x20000; |
| 179 |
++} |
| 180 |
++ |
| 181 |
+ static int build_body(struct jit_ctx *ctx) |
| 182 |
+ { |
| 183 |
+ const struct bpf_prog *prog = ctx->skf; |
| 184 |
+@@ -728,7 +733,10 @@ load_common: |
| 185 |
+ /* Load return register on DS for failures */ |
| 186 |
+ emit_reg_move(r_ret, r_zero, ctx); |
| 187 |
+ /* Return with error */ |
| 188 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
| 189 |
++ b_off = b_imm(prog->len, ctx); |
| 190 |
++ if (is_bad_offset(b_off)) |
| 191 |
++ return -E2BIG; |
| 192 |
++ emit_b(b_off, ctx); |
| 193 |
+ emit_nop(ctx); |
| 194 |
+ break; |
| 195 |
+ case BPF_LD | BPF_W | BPF_IND: |
| 196 |
+@@ -775,8 +783,10 @@ load_ind: |
| 197 |
+ emit_jalr(MIPS_R_RA, r_s0, ctx); |
| 198 |
+ emit_reg_move(MIPS_R_A0, r_skb, ctx); /* delay slot */ |
| 199 |
+ /* Check the error value */ |
| 200 |
+- emit_bcond(MIPS_COND_NE, r_ret, 0, |
| 201 |
+- b_imm(prog->len, ctx), ctx); |
| 202 |
++ b_off = b_imm(prog->len, ctx); |
| 203 |
++ if (is_bad_offset(b_off)) |
| 204 |
++ return -E2BIG; |
| 205 |
++ emit_bcond(MIPS_COND_NE, r_ret, 0, b_off, ctx); |
| 206 |
+ emit_reg_move(r_ret, r_zero, ctx); |
| 207 |
+ /* We are good */ |
| 208 |
+ /* X <- P[1:K] & 0xf */ |
| 209 |
+@@ -855,8 +865,10 @@ load_ind: |
| 210 |
+ /* A /= X */ |
| 211 |
+ ctx->flags |= SEEN_X | SEEN_A; |
| 212 |
+ /* Check if r_X is zero */ |
| 213 |
+- emit_bcond(MIPS_COND_EQ, r_X, r_zero, |
| 214 |
+- b_imm(prog->len, ctx), ctx); |
| 215 |
++ b_off = b_imm(prog->len, ctx); |
| 216 |
++ if (is_bad_offset(b_off)) |
| 217 |
++ return -E2BIG; |
| 218 |
++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); |
| 219 |
+ emit_load_imm(r_ret, 0, ctx); /* delay slot */ |
| 220 |
+ emit_div(r_A, r_X, ctx); |
| 221 |
+ break; |
| 222 |
+@@ -864,8 +876,10 @@ load_ind: |
| 223 |
+ /* A %= X */ |
| 224 |
+ ctx->flags |= SEEN_X | SEEN_A; |
| 225 |
+ /* Check if r_X is zero */ |
| 226 |
+- emit_bcond(MIPS_COND_EQ, r_X, r_zero, |
| 227 |
+- b_imm(prog->len, ctx), ctx); |
| 228 |
++ b_off = b_imm(prog->len, ctx); |
| 229 |
++ if (is_bad_offset(b_off)) |
| 230 |
++ return -E2BIG; |
| 231 |
++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); |
| 232 |
+ emit_load_imm(r_ret, 0, ctx); /* delay slot */ |
| 233 |
+ emit_mod(r_A, r_X, ctx); |
| 234 |
+ break; |
| 235 |
+@@ -926,7 +940,10 @@ load_ind: |
| 236 |
+ break; |
| 237 |
+ case BPF_JMP | BPF_JA: |
| 238 |
+ /* pc += K */ |
| 239 |
+- emit_b(b_imm(i + k + 1, ctx), ctx); |
| 240 |
++ b_off = b_imm(i + k + 1, ctx); |
| 241 |
++ if (is_bad_offset(b_off)) |
| 242 |
++ return -E2BIG; |
| 243 |
++ emit_b(b_off, ctx); |
| 244 |
+ emit_nop(ctx); |
| 245 |
+ break; |
| 246 |
+ case BPF_JMP | BPF_JEQ | BPF_K: |
| 247 |
+@@ -1056,12 +1073,16 @@ jmp_cmp: |
| 248 |
+ break; |
| 249 |
+ case BPF_RET | BPF_A: |
| 250 |
+ ctx->flags |= SEEN_A; |
| 251 |
+- if (i != prog->len - 1) |
| 252 |
++ if (i != prog->len - 1) { |
| 253 |
+ /* |
| 254 |
+ * If this is not the last instruction |
| 255 |
+ * then jump to the epilogue |
| 256 |
+ */ |
| 257 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
| 258 |
++ b_off = b_imm(prog->len, ctx); |
| 259 |
++ if (is_bad_offset(b_off)) |
| 260 |
++ return -E2BIG; |
| 261 |
++ emit_b(b_off, ctx); |
| 262 |
++ } |
| 263 |
+ emit_reg_move(r_ret, r_A, ctx); /* delay slot */ |
| 264 |
+ break; |
| 265 |
+ case BPF_RET | BPF_K: |
| 266 |
+@@ -1075,7 +1096,10 @@ jmp_cmp: |
| 267 |
+ * If this is not the last instruction |
| 268 |
+ * then jump to the epilogue |
| 269 |
+ */ |
| 270 |
+- emit_b(b_imm(prog->len, ctx), ctx); |
| 271 |
++ b_off = b_imm(prog->len, ctx); |
| 272 |
++ if (is_bad_offset(b_off)) |
| 273 |
++ return -E2BIG; |
| 274 |
++ emit_b(b_off, ctx); |
| 275 |
+ emit_nop(ctx); |
| 276 |
+ } |
| 277 |
+ break; |
| 278 |
+@@ -1133,8 +1157,10 @@ jmp_cmp: |
| 279 |
+ /* Load *dev pointer */ |
| 280 |
+ emit_load_ptr(r_s0, r_skb, off, ctx); |
| 281 |
+ /* error (0) in the delay slot */ |
| 282 |
+- emit_bcond(MIPS_COND_EQ, r_s0, r_zero, |
| 283 |
+- b_imm(prog->len, ctx), ctx); |
| 284 |
++ b_off = b_imm(prog->len, ctx); |
| 285 |
++ if (is_bad_offset(b_off)) |
| 286 |
++ return -E2BIG; |
| 287 |
++ emit_bcond(MIPS_COND_EQ, r_s0, r_zero, b_off, ctx); |
| 288 |
+ emit_reg_move(r_ret, r_zero, ctx); |
| 289 |
+ if (code == (BPF_ANC | SKF_AD_IFINDEX)) { |
| 290 |
+ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); |
| 291 |
+@@ -1244,7 +1270,10 @@ void bpf_jit_compile(struct bpf_prog *fp) |
| 292 |
+ |
| 293 |
+ /* Generate the actual JIT code */ |
| 294 |
+ build_prologue(&ctx); |
| 295 |
+- build_body(&ctx); |
| 296 |
++ if (build_body(&ctx)) { |
| 297 |
++ module_memfree(ctx.target); |
| 298 |
++ goto out; |
| 299 |
++ } |
| 300 |
+ build_epilogue(&ctx); |
| 301 |
+ |
| 302 |
+ /* Update the icache */ |
| 303 |
+diff --git a/arch/powerpc/boot/dts/fsl/t1023rdb.dts b/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
| 304 |
+index 5ba6fbfca2742..f82f85c65964c 100644 |
| 305 |
+--- a/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
| 306 |
++++ b/arch/powerpc/boot/dts/fsl/t1023rdb.dts |
| 307 |
+@@ -154,7 +154,7 @@ |
| 308 |
+ |
| 309 |
+ fm1mac3: ethernet@e4000 { |
| 310 |
+ phy-handle = <&sgmii_aqr_phy3>; |
| 311 |
+- phy-connection-type = "sgmii-2500"; |
| 312 |
++ phy-connection-type = "2500base-x"; |
| 313 |
+ sleep = <&rcpm 0x20000000>; |
| 314 |
+ }; |
| 315 |
+ |
| 316 |
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
| 317 |
+index d994501d9179f..3dd2949b2b356 100644 |
| 318 |
+--- a/arch/x86/Kconfig |
| 319 |
++++ b/arch/x86/Kconfig |
| 320 |
+@@ -1387,7 +1387,7 @@ config HIGHMEM4G |
| 321 |
+ |
| 322 |
+ config HIGHMEM64G |
| 323 |
+ bool "64GB" |
| 324 |
+- depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6 |
| 325 |
++ depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6 |
| 326 |
+ select X86_PAE |
| 327 |
+ ---help--- |
| 328 |
+ Select this if you have a 32-bit processor and more than 4 |
| 329 |
+diff --git a/arch/xtensa/kernel/irq.c b/arch/xtensa/kernel/irq.c |
| 330 |
+index a48bf2d10ac2d..80cc9770a8d2d 100644 |
| 331 |
+--- a/arch/xtensa/kernel/irq.c |
| 332 |
++++ b/arch/xtensa/kernel/irq.c |
| 333 |
+@@ -145,7 +145,7 @@ unsigned xtensa_get_ext_irq_no(unsigned irq) |
| 334 |
+ |
| 335 |
+ void __init init_IRQ(void) |
| 336 |
+ { |
| 337 |
+-#ifdef CONFIG_OF |
| 338 |
++#ifdef CONFIG_USE_OF |
| 339 |
+ irqchip_init(); |
| 340 |
+ #else |
| 341 |
+ #ifdef CONFIG_HAVE_SMP |
| 342 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_debugfs.c b/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
| 343 |
+index 4561a786fab07..cce4833a60832 100644 |
| 344 |
+--- a/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
| 345 |
++++ b/drivers/gpu/drm/nouveau/nouveau_debugfs.c |
| 346 |
+@@ -185,6 +185,7 @@ static const struct file_operations nouveau_pstate_fops = { |
| 347 |
+ .open = nouveau_debugfs_pstate_open, |
| 348 |
+ .read = seq_read, |
| 349 |
+ .write = nouveau_debugfs_pstate_set, |
| 350 |
++ .release = single_release, |
| 351 |
+ }; |
| 352 |
+ |
| 353 |
+ static struct drm_info_list nouveau_debugfs_list[] = { |
| 354 |
+diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c |
| 355 |
+index 8ba4122fb3404..8288cfb44cb2c 100644 |
| 356 |
+--- a/drivers/i2c/i2c-core-acpi.c |
| 357 |
++++ b/drivers/i2c/i2c-core-acpi.c |
| 358 |
+@@ -395,6 +395,7 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, |
| 359 |
+ break; |
| 360 |
+ |
| 361 |
+ i2c_acpi_register_device(adapter, adev, &info); |
| 362 |
++ put_device(&adapter->dev); |
| 363 |
+ break; |
| 364 |
+ case ACPI_RECONFIG_DEVICE_REMOVE: |
| 365 |
+ if (!acpi_device_enumerated(adev)) |
| 366 |
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c |
| 367 |
+index 246734be51775..062b942517822 100644 |
| 368 |
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c |
| 369 |
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c |
| 370 |
+@@ -4724,7 +4724,8 @@ static void i40e_clear_interrupt_scheme(struct i40e_pf *pf) |
| 371 |
+ { |
| 372 |
+ int i; |
| 373 |
+ |
| 374 |
+- i40e_free_misc_vector(pf); |
| 375 |
++ if (test_bit(__I40E_MISC_IRQ_REQUESTED, pf->state)) |
| 376 |
++ i40e_free_misc_vector(pf); |
| 377 |
+ |
| 378 |
+ i40e_put_lump(pf->irq_pile, pf->iwarp_base_vector, |
| 379 |
+ I40E_IWARP_IRQ_PILE_ID); |
| 380 |
+@@ -9068,7 +9069,7 @@ static int i40e_get_capabilities(struct i40e_pf *pf, |
| 381 |
+ if (pf->hw.aq.asq_last_status == I40E_AQ_RC_ENOMEM) { |
| 382 |
+ /* retry with a larger buffer */ |
| 383 |
+ buf_len = data_size; |
| 384 |
+- } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK) { |
| 385 |
++ } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK || err) { |
| 386 |
+ dev_info(&pf->pdev->dev, |
| 387 |
+ "capability discovery failed, err %s aq_err %s\n", |
| 388 |
+ i40e_stat_str(&pf->hw, err), |
| 389 |
+diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c |
| 390 |
+index 08c81d4cfca86..3207da2224f67 100644 |
| 391 |
+--- a/drivers/net/phy/mdio_bus.c |
| 392 |
++++ b/drivers/net/phy/mdio_bus.c |
| 393 |
+@@ -378,6 +378,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner) |
| 394 |
+ bus->dev.groups = NULL; |
| 395 |
+ dev_set_name(&bus->dev, "%s", bus->id); |
| 396 |
+ |
| 397 |
++ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release |
| 398 |
++ * the device in mdiobus_free() |
| 399 |
++ * |
| 400 |
++ * State will be updated later in this function in case of success |
| 401 |
++ */ |
| 402 |
++ bus->state = MDIOBUS_UNREGISTERED; |
| 403 |
++ |
| 404 |
+ err = device_register(&bus->dev); |
| 405 |
+ if (err) { |
| 406 |
+ pr_err("mii_bus %s failed to register\n", bus->id); |
| 407 |
+diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c |
| 408 |
+index 47d518e6d5d4f..71bafc8f5ed02 100644 |
| 409 |
+--- a/drivers/net/phy/sfp.c |
| 410 |
++++ b/drivers/net/phy/sfp.c |
| 411 |
+@@ -113,7 +113,7 @@ static const char * const sm_state_strings[] = { |
| 412 |
+ [SFP_S_LINK_UP] = "link_up", |
| 413 |
+ [SFP_S_TX_FAULT] = "tx_fault", |
| 414 |
+ [SFP_S_REINIT] = "reinit", |
| 415 |
+- [SFP_S_TX_DISABLE] = "rx_disable", |
| 416 |
++ [SFP_S_TX_DISABLE] = "tx_disable", |
| 417 |
+ }; |
| 418 |
+ |
| 419 |
+ static const char *sm_state_to_str(unsigned short sm_state) |
| 420 |
+diff --git a/drivers/ptp/ptp_pch.c b/drivers/ptp/ptp_pch.c |
| 421 |
+index 78ccf936d3560..84feaa140f1b3 100644 |
| 422 |
+--- a/drivers/ptp/ptp_pch.c |
| 423 |
++++ b/drivers/ptp/ptp_pch.c |
| 424 |
+@@ -695,6 +695,7 @@ static const struct pci_device_id pch_ieee1588_pcidev_id[] = { |
| 425 |
+ }, |
| 426 |
+ {0} |
| 427 |
+ }; |
| 428 |
++MODULE_DEVICE_TABLE(pci, pch_ieee1588_pcidev_id); |
| 429 |
+ |
| 430 |
+ static struct pci_driver pch_driver = { |
| 431 |
+ .name = KBUILD_MODNAME, |
| 432 |
+diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig |
| 433 |
+index 70e6c956c23ce..a9f12a52f7265 100644 |
| 434 |
+--- a/drivers/usb/Kconfig |
| 435 |
++++ b/drivers/usb/Kconfig |
| 436 |
+@@ -175,8 +175,7 @@ source "drivers/usb/roles/Kconfig" |
| 437 |
+ |
| 438 |
+ config USB_LED_TRIG |
| 439 |
+ bool "USB LED Triggers" |
| 440 |
+- depends on LEDS_CLASS && LEDS_TRIGGERS |
| 441 |
+- select USB_COMMON |
| 442 |
++ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS |
| 443 |
+ help |
| 444 |
+ This option adds LED triggers for USB host and/or gadget activity. |
| 445 |
+ |
| 446 |
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c |
| 447 |
+index 6959231d63b3e..0522bd2d9d3cc 100644 |
| 448 |
+--- a/drivers/usb/class/cdc-acm.c |
| 449 |
++++ b/drivers/usb/class/cdc-acm.c |
| 450 |
+@@ -339,6 +339,9 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) |
| 451 |
+ acm->iocount.overrun++; |
| 452 |
+ spin_unlock_irqrestore(&acm->read_lock, flags); |
| 453 |
+ |
| 454 |
++ if (newctrl & ACM_CTRL_BRK) |
| 455 |
++ tty_flip_buffer_push(&acm->port); |
| 456 |
++ |
| 457 |
+ if (difference) |
| 458 |
+ wake_up_all(&acm->wioctl); |
| 459 |
+ |
| 460 |
+@@ -474,11 +477,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags) |
| 461 |
+ |
| 462 |
+ static void acm_process_read_urb(struct acm *acm, struct urb *urb) |
| 463 |
+ { |
| 464 |
++ unsigned long flags; |
| 465 |
++ |
| 466 |
+ if (!urb->actual_length) |
| 467 |
+ return; |
| 468 |
+ |
| 469 |
++ spin_lock_irqsave(&acm->read_lock, flags); |
| 470 |
+ tty_insert_flip_string(&acm->port, urb->transfer_buffer, |
| 471 |
+ urb->actual_length); |
| 472 |
++ spin_unlock_irqrestore(&acm->read_lock, flags); |
| 473 |
++ |
| 474 |
+ tty_flip_buffer_push(&acm->port); |
| 475 |
+ } |
| 476 |
+ |
| 477 |
+diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c |
| 478 |
+index 2459e2afd65ec..19906020eb145 100644 |
| 479 |
+--- a/drivers/xen/balloon.c |
| 480 |
++++ b/drivers/xen/balloon.c |
| 481 |
+@@ -508,12 +508,12 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) |
| 482 |
+ } |
| 483 |
+ |
| 484 |
+ /* |
| 485 |
+- * Stop waiting if either state is not BP_EAGAIN and ballooning action is |
| 486 |
+- * needed, or if the credit has changed while state is BP_EAGAIN. |
| 487 |
++ * Stop waiting if either state is BP_DONE and ballooning action is |
| 488 |
++ * needed, or if the credit has changed while state is not BP_DONE. |
| 489 |
+ */ |
| 490 |
+ static bool balloon_thread_cond(enum bp_state state, long credit) |
| 491 |
+ { |
| 492 |
+- if (state != BP_EAGAIN) |
| 493 |
++ if (state == BP_DONE) |
| 494 |
+ credit = 0; |
| 495 |
+ |
| 496 |
+ return current_credit() != credit || kthread_should_stop(); |
| 497 |
+@@ -533,10 +533,19 @@ static int balloon_thread(void *unused) |
| 498 |
+ |
| 499 |
+ set_freezable(); |
| 500 |
+ for (;;) { |
| 501 |
+- if (state == BP_EAGAIN) |
| 502 |
+- timeout = balloon_stats.schedule_delay * HZ; |
| 503 |
+- else |
| 504 |
++ switch (state) { |
| 505 |
++ case BP_DONE: |
| 506 |
++ case BP_ECANCELED: |
| 507 |
+ timeout = 3600 * HZ; |
| 508 |
++ break; |
| 509 |
++ case BP_EAGAIN: |
| 510 |
++ timeout = balloon_stats.schedule_delay * HZ; |
| 511 |
++ break; |
| 512 |
++ case BP_WAIT: |
| 513 |
++ timeout = HZ; |
| 514 |
++ break; |
| 515 |
++ } |
| 516 |
++ |
| 517 |
+ credit = current_credit(); |
| 518 |
+ |
| 519 |
+ wait_event_freezable_timeout(balloon_thread_wq, |
| 520 |
+diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c |
| 521 |
+index a8486432be05a..74ff28fda64dc 100644 |
| 522 |
+--- a/drivers/xen/privcmd.c |
| 523 |
++++ b/drivers/xen/privcmd.c |
| 524 |
+@@ -835,11 +835,12 @@ static long privcmd_ioctl_mmap_resource(struct file *file, |
| 525 |
+ unsigned int domid = |
| 526 |
+ (xdata.flags & XENMEM_rsrc_acq_caller_owned) ? |
| 527 |
+ DOMID_SELF : kdata.dom; |
| 528 |
+- int num; |
| 529 |
++ int num, *errs = (int *)pfns; |
| 530 |
+ |
| 531 |
++ BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns)); |
| 532 |
+ num = xen_remap_domain_mfn_array(vma, |
| 533 |
+ kdata.addr & PAGE_MASK, |
| 534 |
+- pfns, kdata.num, (int *)pfns, |
| 535 |
++ pfns, kdata.num, errs, |
| 536 |
+ vma->vm_page_prot, |
| 537 |
+ domid, |
| 538 |
+ vma->vm_private_data); |
| 539 |
+@@ -849,7 +850,7 @@ static long privcmd_ioctl_mmap_resource(struct file *file, |
| 540 |
+ unsigned int i; |
| 541 |
+ |
| 542 |
+ for (i = 0; i < num; i++) { |
| 543 |
+- rc = pfns[i]; |
| 544 |
++ rc = errs[i]; |
| 545 |
+ if (rc < 0) |
| 546 |
+ break; |
| 547 |
+ } |
| 548 |
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c |
| 549 |
+index db0beefe65ec2..f67c5de1aeb8d 100644 |
| 550 |
+--- a/fs/nfsd/nfs4xdr.c |
| 551 |
++++ b/fs/nfsd/nfs4xdr.c |
| 552 |
+@@ -3124,15 +3124,18 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, |
| 553 |
+ goto fail; |
| 554 |
+ cd->rd_maxcount -= entry_bytes; |
| 555 |
+ /* |
| 556 |
+- * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so |
| 557 |
+- * let's always let through the first entry, at least: |
| 558 |
++ * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and |
| 559 |
++ * notes that it could be zero. If it is zero, then the server |
| 560 |
++ * should enforce only the rd_maxcount value. |
| 561 |
+ */ |
| 562 |
+- if (!cd->rd_dircount) |
| 563 |
+- goto fail; |
| 564 |
+- name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; |
| 565 |
+- if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) |
| 566 |
+- goto fail; |
| 567 |
+- cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); |
| 568 |
++ if (cd->rd_dircount) { |
| 569 |
++ name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; |
| 570 |
++ if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) |
| 571 |
++ goto fail; |
| 572 |
++ cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); |
| 573 |
++ if (!cd->rd_dircount) |
| 574 |
++ cd->rd_maxcount = 0; |
| 575 |
++ } |
| 576 |
+ |
| 577 |
+ cd->cookie_offset = cookie_offset; |
| 578 |
+ skip_entry: |
| 579 |
+diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c |
| 580 |
+index 0b4ee1ab25df0..0578c15e1a676 100644 |
| 581 |
+--- a/fs/overlayfs/dir.c |
| 582 |
++++ b/fs/overlayfs/dir.c |
| 583 |
+@@ -1166,9 +1166,13 @@ static int ovl_rename(struct inode *olddir, struct dentry *old, |
| 584 |
+ goto out_dput; |
| 585 |
+ } |
| 586 |
+ } else { |
| 587 |
+- if (!d_is_negative(newdentry) && |
| 588 |
+- (!new_opaque || !ovl_is_whiteout(newdentry))) |
| 589 |
+- goto out_dput; |
| 590 |
++ if (!d_is_negative(newdentry)) { |
| 591 |
++ if (!new_opaque || !ovl_is_whiteout(newdentry)) |
| 592 |
++ goto out_dput; |
| 593 |
++ } else { |
| 594 |
++ if (flags & RENAME_EXCHANGE) |
| 595 |
++ goto out_dput; |
| 596 |
++ } |
| 597 |
+ } |
| 598 |
+ |
| 599 |
+ if (olddentry == trap) |
| 600 |
+diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c |
| 601 |
+index a47d623f59fe7..92310b07cb98e 100644 |
| 602 |
+--- a/kernel/bpf/stackmap.c |
| 603 |
++++ b/kernel/bpf/stackmap.c |
| 604 |
+@@ -63,7 +63,8 @@ static inline int stack_map_data_size(struct bpf_map *map) |
| 605 |
+ |
| 606 |
+ static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) |
| 607 |
+ { |
| 608 |
+- u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size; |
| 609 |
++ u64 elem_size = sizeof(struct stack_map_bucket) + |
| 610 |
++ (u64)smap->map.value_size; |
| 611 |
+ int err; |
| 612 |
+ |
| 613 |
+ smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries, |
| 614 |
+diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c |
| 615 |
+index ec2b58a09f763..c00cb376263a0 100644 |
| 616 |
+--- a/net/bridge/br_netlink.c |
| 617 |
++++ b/net/bridge/br_netlink.c |
| 618 |
+@@ -1511,7 +1511,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr) |
| 619 |
+ } |
| 620 |
+ |
| 621 |
+ return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) + |
| 622 |
+- nla_total_size(sizeof(struct br_mcast_stats)) + |
| 623 |
++ nla_total_size_64bit(sizeof(struct br_mcast_stats)) + |
| 624 |
+ nla_total_size(0); |
| 625 |
+ } |
| 626 |
+ |
| 627 |
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
| 628 |
+index 055fd09ac1114..83de32e34bb55 100644 |
| 629 |
+--- a/net/core/rtnetlink.c |
| 630 |
++++ b/net/core/rtnetlink.c |
| 631 |
+@@ -4512,7 +4512,7 @@ nla_put_failure: |
| 632 |
+ static size_t if_nlmsg_stats_size(const struct net_device *dev, |
| 633 |
+ u32 filter_mask) |
| 634 |
+ { |
| 635 |
+- size_t size = 0; |
| 636 |
++ size_t size = NLMSG_ALIGN(sizeof(struct if_stats_msg)); |
| 637 |
+ |
| 638 |
+ if (stats_attr_valid(filter_mask, IFLA_STATS_LINK_64, 0)) |
| 639 |
+ size += nla_total_size_64bit(sizeof(struct rtnl_link_stats64)); |
| 640 |
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
| 641 |
+index b0fd268ed65e5..dd4e4289d0d2a 100644 |
| 642 |
+--- a/net/netlink/af_netlink.c |
| 643 |
++++ b/net/netlink/af_netlink.c |
| 644 |
+@@ -599,7 +599,10 @@ static int netlink_insert(struct sock *sk, u32 portid) |
| 645 |
+ |
| 646 |
+ /* We need to ensure that the socket is hashed and visible. */ |
| 647 |
+ smp_wmb(); |
| 648 |
+- nlk_sk(sk)->bound = portid; |
| 649 |
++ /* Paired with lockless reads from netlink_bind(), |
| 650 |
++ * netlink_connect() and netlink_sendmsg(). |
| 651 |
++ */ |
| 652 |
++ WRITE_ONCE(nlk_sk(sk)->bound, portid); |
| 653 |
+ |
| 654 |
+ err: |
| 655 |
+ release_sock(sk); |
| 656 |
+@@ -1018,7 +1021,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, |
| 657 |
+ else if (nlk->ngroups < 8*sizeof(groups)) |
| 658 |
+ groups &= (1UL << nlk->ngroups) - 1; |
| 659 |
+ |
| 660 |
+- bound = nlk->bound; |
| 661 |
++ /* Paired with WRITE_ONCE() in netlink_insert() */ |
| 662 |
++ bound = READ_ONCE(nlk->bound); |
| 663 |
+ if (bound) { |
| 664 |
+ /* Ensure nlk->portid is up-to-date. */ |
| 665 |
+ smp_rmb(); |
| 666 |
+@@ -1104,8 +1108,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, |
| 667 |
+ |
| 668 |
+ /* No need for barriers here as we return to user-space without |
| 669 |
+ * using any of the bound attributes. |
| 670 |
++ * Paired with WRITE_ONCE() in netlink_insert(). |
| 671 |
+ */ |
| 672 |
+- if (!nlk->bound) |
| 673 |
++ if (!READ_ONCE(nlk->bound)) |
| 674 |
+ err = netlink_autobind(sock); |
| 675 |
+ |
| 676 |
+ if (err == 0) { |
| 677 |
+@@ -1870,7 +1875,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) |
| 678 |
+ dst_group = nlk->dst_group; |
| 679 |
+ } |
| 680 |
+ |
| 681 |
+- if (!nlk->bound) { |
| 682 |
++ /* Paired with WRITE_ONCE() in netlink_insert() */ |
| 683 |
++ if (!READ_ONCE(nlk->bound)) { |
| 684 |
+ err = netlink_autobind(sock); |
| 685 |
+ if (err) |
| 686 |
+ goto out; |
| 687 |
+diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c |
| 688 |
+index 24893d3b5d229..bcd3ca97caea1 100644 |
| 689 |
+--- a/net/sched/sch_fifo.c |
| 690 |
++++ b/net/sched/sch_fifo.c |
| 691 |
+@@ -152,6 +152,9 @@ int fifo_set_limit(struct Qdisc *q, unsigned int limit) |
| 692 |
+ if (strncmp(q->ops->id + 1, "fifo", 4) != 0) |
| 693 |
+ return 0; |
| 694 |
+ |
| 695 |
++ if (!q->ops->change) |
| 696 |
++ return 0; |
| 697 |
++ |
| 698 |
+ nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL); |
| 699 |
+ if (nla) { |
| 700 |
+ nla->nla_type = RTM_NEWQDISC; |
Archives