1 |
commit: 16d3f8c13c8b9b34abd4f771917fcae6cc20ce89 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Oct 1 11:23:49 2020 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Oct 1 11:23:49 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=16d3f8c1 |
7 |
|
8 |
Linux patch 4.4.238 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1237_linux-4.4.238.patch | 2701 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 2705 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index d93edf8..dfe06b2 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -991,6 +991,10 @@ Patch: 1236_linux-4.4.237.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.4.237 |
23 |
|
24 |
+Patch: 1237_linux-4.4.238.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.4.238 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1237_linux-4.4.238.patch b/1237_linux-4.4.238.patch |
33 |
new file mode 100644 |
34 |
index 0000000..feef366 |
35 |
--- /dev/null |
36 |
+++ b/1237_linux-4.4.238.patch |
37 |
@@ -0,0 +1,2701 @@ |
38 |
+diff --git a/Documentation/DocBook/libata.tmpl b/Documentation/DocBook/libata.tmpl |
39 |
+index d7fcdc5a43792..9b55778ab024f 100644 |
40 |
+--- a/Documentation/DocBook/libata.tmpl |
41 |
++++ b/Documentation/DocBook/libata.tmpl |
42 |
+@@ -324,7 +324,7 @@ Many legacy IDE drivers use ata_bmdma_status() as the bmdma_status() hook. |
43 |
+ |
44 |
+ <sect2><title>High-level taskfile hooks</title> |
45 |
+ <programlisting> |
46 |
+-void (*qc_prep) (struct ata_queued_cmd *qc); |
47 |
++enum ata_completion_errors (*qc_prep) (struct ata_queued_cmd *qc); |
48 |
+ int (*qc_issue) (struct ata_queued_cmd *qc); |
49 |
+ </programlisting> |
50 |
+ |
51 |
+diff --git a/Documentation/devicetree/bindings/sound/wm8994.txt b/Documentation/devicetree/bindings/sound/wm8994.txt |
52 |
+index e045e90a0924b..0f03b8228d080 100644 |
53 |
+--- a/Documentation/devicetree/bindings/sound/wm8994.txt |
54 |
++++ b/Documentation/devicetree/bindings/sound/wm8994.txt |
55 |
+@@ -14,9 +14,15 @@ Required properties: |
56 |
+ - #gpio-cells : Must be 2. The first cell is the pin number and the |
57 |
+ second cell is used to specify optional parameters (currently unused). |
58 |
+ |
59 |
+- - AVDD2-supply, DBVDD1-supply, DBVDD2-supply, DBVDD3-supply, CPVDD-supply, |
60 |
+- SPKVDD1-supply, SPKVDD2-supply : power supplies for the device, as covered |
61 |
+- in Documentation/devicetree/bindings/regulator/regulator.txt |
62 |
++ - power supplies for the device, as covered in |
63 |
++ Documentation/devicetree/bindings/regulator/regulator.txt, depending |
64 |
++ on compatible: |
65 |
++ - for wlf,wm1811 and wlf,wm8958: |
66 |
++ AVDD1-supply, AVDD2-supply, DBVDD1-supply, DBVDD2-supply, DBVDD3-supply, |
67 |
++ DCVDD-supply, CPVDD-supply, SPKVDD1-supply, SPKVDD2-supply |
68 |
++ - for wlf,wm8994: |
69 |
++ AVDD1-supply, AVDD2-supply, DBVDD-supply, DCVDD-supply, CPVDD-supply, |
70 |
++ SPKVDD1-supply, SPKVDD2-supply |
71 |
+ |
72 |
+ Optional properties: |
73 |
+ |
74 |
+@@ -68,11 +74,11 @@ codec: wm8994@1a { |
75 |
+ |
76 |
+ lineout1-se; |
77 |
+ |
78 |
++ AVDD1-supply = <®ulator>; |
79 |
+ AVDD2-supply = <®ulator>; |
80 |
+ CPVDD-supply = <®ulator>; |
81 |
+- DBVDD1-supply = <®ulator>; |
82 |
+- DBVDD2-supply = <®ulator>; |
83 |
+- DBVDD3-supply = <®ulator>; |
84 |
++ DBVDD-supply = <®ulator>; |
85 |
++ DCVDD-supply = <®ulator>; |
86 |
+ SPKVDD1-supply = <®ulator>; |
87 |
+ SPKVDD2-supply = <®ulator>; |
88 |
+ }; |
89 |
+diff --git a/Makefile b/Makefile |
90 |
+index 003334dad3c3f..209fe98a591cd 100644 |
91 |
+--- a/Makefile |
92 |
++++ b/Makefile |
93 |
+@@ -1,6 +1,6 @@ |
94 |
+ VERSION = 4 |
95 |
+ PATCHLEVEL = 4 |
96 |
+-SUBLEVEL = 237 |
97 |
++SUBLEVEL = 238 |
98 |
+ EXTRAVERSION = |
99 |
+ NAME = Blurry Fish Butt |
100 |
+ |
101 |
+diff --git a/arch/m68k/q40/config.c b/arch/m68k/q40/config.c |
102 |
+index e90fe903613ea..4e5f04d333188 100644 |
103 |
+--- a/arch/m68k/q40/config.c |
104 |
++++ b/arch/m68k/q40/config.c |
105 |
+@@ -303,6 +303,7 @@ static int q40_get_rtc_pll(struct rtc_pll_info *pll) |
106 |
+ { |
107 |
+ int tmp = Q40_RTC_CTRL; |
108 |
+ |
109 |
++ pll->pll_ctrl = 0; |
110 |
+ pll->pll_value = tmp & Q40_RTC_PLL_MASK; |
111 |
+ if (tmp & Q40_RTC_PLL_SIGN) |
112 |
+ pll->pll_value = -pll->pll_value; |
113 |
+diff --git a/arch/mips/include/asm/cpu-type.h b/arch/mips/include/asm/cpu-type.h |
114 |
+index abee2bfd10dc1..cea0bbb71590f 100644 |
115 |
+--- a/arch/mips/include/asm/cpu-type.h |
116 |
++++ b/arch/mips/include/asm/cpu-type.h |
117 |
+@@ -46,6 +46,7 @@ static inline int __pure __get_cpu_type(const int cpu_type) |
118 |
+ case CPU_34K: |
119 |
+ case CPU_1004K: |
120 |
+ case CPU_74K: |
121 |
++ case CPU_1074K: |
122 |
+ case CPU_M14KC: |
123 |
+ case CPU_M14KEC: |
124 |
+ case CPU_INTERAPTIV: |
125 |
+diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c |
126 |
+index 47692c78d09c5..fdc5e76e1f6b0 100644 |
127 |
+--- a/arch/s390/kernel/setup.c |
128 |
++++ b/arch/s390/kernel/setup.c |
129 |
+@@ -513,7 +513,7 @@ static struct notifier_block kdump_mem_nb = { |
130 |
+ /* |
131 |
+ * Make sure that the area behind memory_end is protected |
132 |
+ */ |
133 |
+-static void reserve_memory_end(void) |
134 |
++static void __init reserve_memory_end(void) |
135 |
+ { |
136 |
+ #ifdef CONFIG_CRASH_DUMP |
137 |
+ if (ipl_info.type == IPL_TYPE_FCP_DUMP && |
138 |
+@@ -531,7 +531,7 @@ static void reserve_memory_end(void) |
139 |
+ /* |
140 |
+ * Make sure that oldmem, where the dump is stored, is protected |
141 |
+ */ |
142 |
+-static void reserve_oldmem(void) |
143 |
++static void __init reserve_oldmem(void) |
144 |
+ { |
145 |
+ #ifdef CONFIG_CRASH_DUMP |
146 |
+ if (OLDMEM_BASE) |
147 |
+@@ -543,7 +543,7 @@ static void reserve_oldmem(void) |
148 |
+ /* |
149 |
+ * Make sure that oldmem, where the dump is stored, is protected |
150 |
+ */ |
151 |
+-static void remove_oldmem(void) |
152 |
++static void __init remove_oldmem(void) |
153 |
+ { |
154 |
+ #ifdef CONFIG_CRASH_DUMP |
155 |
+ if (OLDMEM_BASE) |
156 |
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
157 |
+index 664e8505ccd63..2f84887e8934c 100644 |
158 |
+--- a/arch/x86/include/asm/nospec-branch.h |
159 |
++++ b/arch/x86/include/asm/nospec-branch.h |
160 |
+@@ -275,7 +275,7 @@ DECLARE_STATIC_KEY_FALSE(mds_idle_clear); |
161 |
+ * combination with microcode which triggers a CPU buffer flush when the |
162 |
+ * instruction is executed. |
163 |
+ */ |
164 |
+-static inline void mds_clear_cpu_buffers(void) |
165 |
++static __always_inline void mds_clear_cpu_buffers(void) |
166 |
+ { |
167 |
+ static const u16 ds = __KERNEL_DS; |
168 |
+ |
169 |
+@@ -296,7 +296,7 @@ static inline void mds_clear_cpu_buffers(void) |
170 |
+ * |
171 |
+ * Clear CPU buffers if the corresponding static key is enabled |
172 |
+ */ |
173 |
+-static inline void mds_user_clear_cpu_buffers(void) |
174 |
++static __always_inline void mds_user_clear_cpu_buffers(void) |
175 |
+ { |
176 |
+ if (static_branch_likely(&mds_user_clear)) |
177 |
+ mds_clear_cpu_buffers(); |
178 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
179 |
+index 61fc92f92e0a0..ef920da075184 100644 |
180 |
+--- a/arch/x86/kvm/x86.c |
181 |
++++ b/arch/x86/kvm/x86.c |
182 |
+@@ -4013,10 +4013,13 @@ long kvm_arch_vm_ioctl(struct file *filp, |
183 |
+ r = -EFAULT; |
184 |
+ if (copy_from_user(&u.ps, argp, sizeof u.ps)) |
185 |
+ goto out; |
186 |
++ mutex_lock(&kvm->lock); |
187 |
+ r = -ENXIO; |
188 |
+ if (!kvm->arch.vpit) |
189 |
+- goto out; |
190 |
++ goto set_pit_out; |
191 |
+ r = kvm_vm_ioctl_set_pit(kvm, &u.ps); |
192 |
++set_pit_out: |
193 |
++ mutex_unlock(&kvm->lock); |
194 |
+ break; |
195 |
+ } |
196 |
+ case KVM_GET_PIT2: { |
197 |
+@@ -4036,10 +4039,13 @@ long kvm_arch_vm_ioctl(struct file *filp, |
198 |
+ r = -EFAULT; |
199 |
+ if (copy_from_user(&u.ps2, argp, sizeof(u.ps2))) |
200 |
+ goto out; |
201 |
++ mutex_lock(&kvm->lock); |
202 |
+ r = -ENXIO; |
203 |
+ if (!kvm->arch.vpit) |
204 |
+- goto out; |
205 |
++ goto set_pit2_out; |
206 |
+ r = kvm_vm_ioctl_set_pit2(kvm, &u.ps2); |
207 |
++set_pit2_out: |
208 |
++ mutex_unlock(&kvm->lock); |
209 |
+ break; |
210 |
+ } |
211 |
+ case KVM_REINJECT_CONTROL: { |
212 |
+diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c |
213 |
+index 43f20328f830e..3096c087b7328 100644 |
214 |
+--- a/drivers/acpi/ec.c |
215 |
++++ b/drivers/acpi/ec.c |
216 |
+@@ -943,29 +943,21 @@ void acpi_ec_unblock_transactions_early(void) |
217 |
+ /* -------------------------------------------------------------------------- |
218 |
+ Event Management |
219 |
+ -------------------------------------------------------------------------- */ |
220 |
+-static struct acpi_ec_query_handler * |
221 |
+-acpi_ec_get_query_handler(struct acpi_ec_query_handler *handler) |
222 |
+-{ |
223 |
+- if (handler) |
224 |
+- kref_get(&handler->kref); |
225 |
+- return handler; |
226 |
+-} |
227 |
+- |
228 |
+ static struct acpi_ec_query_handler * |
229 |
+ acpi_ec_get_query_handler_by_value(struct acpi_ec *ec, u8 value) |
230 |
+ { |
231 |
+ struct acpi_ec_query_handler *handler; |
232 |
+- bool found = false; |
233 |
+ |
234 |
+ mutex_lock(&ec->mutex); |
235 |
+ list_for_each_entry(handler, &ec->list, node) { |
236 |
+ if (value == handler->query_bit) { |
237 |
+- found = true; |
238 |
+- break; |
239 |
++ kref_get(&handler->kref); |
240 |
++ mutex_unlock(&ec->mutex); |
241 |
++ return handler; |
242 |
+ } |
243 |
+ } |
244 |
+ mutex_unlock(&ec->mutex); |
245 |
+- return found ? acpi_ec_get_query_handler(handler) : NULL; |
246 |
++ return NULL; |
247 |
+ } |
248 |
+ |
249 |
+ static void acpi_ec_query_handler_release(struct kref *kref) |
250 |
+diff --git a/drivers/ata/acard-ahci.c b/drivers/ata/acard-ahci.c |
251 |
+index ed6a30cd681a0..98581ae397c12 100644 |
252 |
+--- a/drivers/ata/acard-ahci.c |
253 |
++++ b/drivers/ata/acard-ahci.c |
254 |
+@@ -72,7 +72,7 @@ struct acard_sg { |
255 |
+ __le32 size; /* bit 31 (EOT) max==0x10000 (64k) */ |
256 |
+ }; |
257 |
+ |
258 |
+-static void acard_ahci_qc_prep(struct ata_queued_cmd *qc); |
259 |
++static enum ata_completion_errors acard_ahci_qc_prep(struct ata_queued_cmd *qc); |
260 |
+ static bool acard_ahci_qc_fill_rtf(struct ata_queued_cmd *qc); |
261 |
+ static int acard_ahci_port_start(struct ata_port *ap); |
262 |
+ static int acard_ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); |
263 |
+@@ -257,7 +257,7 @@ static unsigned int acard_ahci_fill_sg(struct ata_queued_cmd *qc, void *cmd_tbl) |
264 |
+ return si; |
265 |
+ } |
266 |
+ |
267 |
+-static void acard_ahci_qc_prep(struct ata_queued_cmd *qc) |
268 |
++static enum ata_completion_errors acard_ahci_qc_prep(struct ata_queued_cmd *qc) |
269 |
+ { |
270 |
+ struct ata_port *ap = qc->ap; |
271 |
+ struct ahci_port_priv *pp = ap->private_data; |
272 |
+@@ -295,6 +295,8 @@ static void acard_ahci_qc_prep(struct ata_queued_cmd *qc) |
273 |
+ opts |= AHCI_CMD_ATAPI | AHCI_CMD_PREFETCH; |
274 |
+ |
275 |
+ ahci_fill_cmd_slot(pp, qc->tag, opts); |
276 |
++ |
277 |
++ return AC_ERR_OK; |
278 |
+ } |
279 |
+ |
280 |
+ static bool acard_ahci_qc_fill_rtf(struct ata_queued_cmd *qc) |
281 |
+diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c |
282 |
+index 1241cecfcfcad..48338da2ecdfa 100644 |
283 |
+--- a/drivers/ata/libahci.c |
284 |
++++ b/drivers/ata/libahci.c |
285 |
+@@ -71,7 +71,7 @@ static int ahci_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); |
286 |
+ static bool ahci_qc_fill_rtf(struct ata_queued_cmd *qc); |
287 |
+ static int ahci_port_start(struct ata_port *ap); |
288 |
+ static void ahci_port_stop(struct ata_port *ap); |
289 |
+-static void ahci_qc_prep(struct ata_queued_cmd *qc); |
290 |
++static enum ata_completion_errors ahci_qc_prep(struct ata_queued_cmd *qc); |
291 |
+ static int ahci_pmp_qc_defer(struct ata_queued_cmd *qc); |
292 |
+ static void ahci_freeze(struct ata_port *ap); |
293 |
+ static void ahci_thaw(struct ata_port *ap); |
294 |
+@@ -1535,7 +1535,7 @@ static int ahci_pmp_qc_defer(struct ata_queued_cmd *qc) |
295 |
+ return sata_pmp_qc_defer_cmd_switch(qc); |
296 |
+ } |
297 |
+ |
298 |
+-static void ahci_qc_prep(struct ata_queued_cmd *qc) |
299 |
++static enum ata_completion_errors ahci_qc_prep(struct ata_queued_cmd *qc) |
300 |
+ { |
301 |
+ struct ata_port *ap = qc->ap; |
302 |
+ struct ahci_port_priv *pp = ap->private_data; |
303 |
+@@ -1571,6 +1571,8 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc) |
304 |
+ opts |= AHCI_CMD_ATAPI | AHCI_CMD_PREFETCH; |
305 |
+ |
306 |
+ ahci_fill_cmd_slot(pp, qc->tag, opts); |
307 |
++ |
308 |
++ return AC_ERR_OK; |
309 |
+ } |
310 |
+ |
311 |
+ static void ahci_fbs_dec_intr(struct ata_port *ap) |
312 |
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
313 |
+index 17cebfe5acc82..8ed3f6d75ff13 100644 |
314 |
+--- a/drivers/ata/libata-core.c |
315 |
++++ b/drivers/ata/libata-core.c |
316 |
+@@ -4713,7 +4713,10 @@ int ata_std_qc_defer(struct ata_queued_cmd *qc) |
317 |
+ return ATA_DEFER_LINK; |
318 |
+ } |
319 |
+ |
320 |
+-void ata_noop_qc_prep(struct ata_queued_cmd *qc) { } |
321 |
++enum ata_completion_errors ata_noop_qc_prep(struct ata_queued_cmd *qc) |
322 |
++{ |
323 |
++ return AC_ERR_OK; |
324 |
++} |
325 |
+ |
326 |
+ /** |
327 |
+ * ata_sg_init - Associate command with scatter-gather table. |
328 |
+@@ -5126,7 +5129,9 @@ void ata_qc_issue(struct ata_queued_cmd *qc) |
329 |
+ return; |
330 |
+ } |
331 |
+ |
332 |
+- ap->ops->qc_prep(qc); |
333 |
++ qc->err_mask |= ap->ops->qc_prep(qc); |
334 |
++ if (unlikely(qc->err_mask)) |
335 |
++ goto err; |
336 |
+ trace_ata_qc_issue(qc); |
337 |
+ qc->err_mask |= ap->ops->qc_issue(qc); |
338 |
+ if (unlikely(qc->err_mask)) |
339 |
+diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c |
340 |
+index 1d8901fc0bfa9..0c69bc1d30c62 100644 |
341 |
+--- a/drivers/ata/libata-sff.c |
342 |
++++ b/drivers/ata/libata-sff.c |
343 |
+@@ -2741,12 +2741,14 @@ static void ata_bmdma_fill_sg_dumb(struct ata_queued_cmd *qc) |
344 |
+ * LOCKING: |
345 |
+ * spin_lock_irqsave(host lock) |
346 |
+ */ |
347 |
+-void ata_bmdma_qc_prep(struct ata_queued_cmd *qc) |
348 |
++enum ata_completion_errors ata_bmdma_qc_prep(struct ata_queued_cmd *qc) |
349 |
+ { |
350 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
351 |
+- return; |
352 |
++ return AC_ERR_OK; |
353 |
+ |
354 |
+ ata_bmdma_fill_sg(qc); |
355 |
++ |
356 |
++ return AC_ERR_OK; |
357 |
+ } |
358 |
+ EXPORT_SYMBOL_GPL(ata_bmdma_qc_prep); |
359 |
+ |
360 |
+@@ -2759,12 +2761,14 @@ EXPORT_SYMBOL_GPL(ata_bmdma_qc_prep); |
361 |
+ * LOCKING: |
362 |
+ * spin_lock_irqsave(host lock) |
363 |
+ */ |
364 |
+-void ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc) |
365 |
++enum ata_completion_errors ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc) |
366 |
+ { |
367 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
368 |
+- return; |
369 |
++ return AC_ERR_OK; |
370 |
+ |
371 |
+ ata_bmdma_fill_sg_dumb(qc); |
372 |
++ |
373 |
++ return AC_ERR_OK; |
374 |
+ } |
375 |
+ EXPORT_SYMBOL_GPL(ata_bmdma_dumb_qc_prep); |
376 |
+ |
377 |
+diff --git a/drivers/ata/pata_macio.c b/drivers/ata/pata_macio.c |
378 |
+index e3d4b059fcd14..f1a20d1a65be0 100644 |
379 |
+--- a/drivers/ata/pata_macio.c |
380 |
++++ b/drivers/ata/pata_macio.c |
381 |
+@@ -507,7 +507,7 @@ static int pata_macio_cable_detect(struct ata_port *ap) |
382 |
+ return ATA_CBL_PATA40; |
383 |
+ } |
384 |
+ |
385 |
+-static void pata_macio_qc_prep(struct ata_queued_cmd *qc) |
386 |
++static enum ata_completion_errors pata_macio_qc_prep(struct ata_queued_cmd *qc) |
387 |
+ { |
388 |
+ unsigned int write = (qc->tf.flags & ATA_TFLAG_WRITE); |
389 |
+ struct ata_port *ap = qc->ap; |
390 |
+@@ -520,7 +520,7 @@ static void pata_macio_qc_prep(struct ata_queued_cmd *qc) |
391 |
+ __func__, qc, qc->flags, write, qc->dev->devno); |
392 |
+ |
393 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
394 |
+- return; |
395 |
++ return AC_ERR_OK; |
396 |
+ |
397 |
+ table = (struct dbdma_cmd *) priv->dma_table_cpu; |
398 |
+ |
399 |
+@@ -565,6 +565,8 @@ static void pata_macio_qc_prep(struct ata_queued_cmd *qc) |
400 |
+ table->command = cpu_to_le16(DBDMA_STOP); |
401 |
+ |
402 |
+ dev_dbgdma(priv->dev, "%s: %d DMA list entries\n", __func__, pi); |
403 |
++ |
404 |
++ return AC_ERR_OK; |
405 |
+ } |
406 |
+ |
407 |
+ |
408 |
+diff --git a/drivers/ata/pata_pxa.c b/drivers/ata/pata_pxa.c |
409 |
+index f6c46e9a4dc0f..d7186a503e358 100644 |
410 |
+--- a/drivers/ata/pata_pxa.c |
411 |
++++ b/drivers/ata/pata_pxa.c |
412 |
+@@ -59,25 +59,27 @@ static void pxa_ata_dma_irq(void *d) |
413 |
+ /* |
414 |
+ * Prepare taskfile for submission. |
415 |
+ */ |
416 |
+-static void pxa_qc_prep(struct ata_queued_cmd *qc) |
417 |
++static enum ata_completion_errors pxa_qc_prep(struct ata_queued_cmd *qc) |
418 |
+ { |
419 |
+ struct pata_pxa_data *pd = qc->ap->private_data; |
420 |
+ struct dma_async_tx_descriptor *tx; |
421 |
+ enum dma_transfer_direction dir; |
422 |
+ |
423 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
424 |
+- return; |
425 |
++ return AC_ERR_OK; |
426 |
+ |
427 |
+ dir = (qc->dma_dir == DMA_TO_DEVICE ? DMA_MEM_TO_DEV : DMA_DEV_TO_MEM); |
428 |
+ tx = dmaengine_prep_slave_sg(pd->dma_chan, qc->sg, qc->n_elem, dir, |
429 |
+ DMA_PREP_INTERRUPT); |
430 |
+ if (!tx) { |
431 |
+ ata_dev_err(qc->dev, "prep_slave_sg() failed\n"); |
432 |
+- return; |
433 |
++ return AC_ERR_OK; |
434 |
+ } |
435 |
+ tx->callback = pxa_ata_dma_irq; |
436 |
+ tx->callback_param = pd; |
437 |
+ pd->dma_cookie = dmaengine_submit(tx); |
438 |
++ |
439 |
++ return AC_ERR_OK; |
440 |
+ } |
441 |
+ |
442 |
+ /* |
443 |
+diff --git a/drivers/ata/pdc_adma.c b/drivers/ata/pdc_adma.c |
444 |
+index 64d682c6ee57e..11da13bea2c93 100644 |
445 |
+--- a/drivers/ata/pdc_adma.c |
446 |
++++ b/drivers/ata/pdc_adma.c |
447 |
+@@ -132,7 +132,7 @@ static int adma_ata_init_one(struct pci_dev *pdev, |
448 |
+ const struct pci_device_id *ent); |
449 |
+ static int adma_port_start(struct ata_port *ap); |
450 |
+ static void adma_port_stop(struct ata_port *ap); |
451 |
+-static void adma_qc_prep(struct ata_queued_cmd *qc); |
452 |
++static enum ata_completion_errors adma_qc_prep(struct ata_queued_cmd *qc); |
453 |
+ static unsigned int adma_qc_issue(struct ata_queued_cmd *qc); |
454 |
+ static int adma_check_atapi_dma(struct ata_queued_cmd *qc); |
455 |
+ static void adma_freeze(struct ata_port *ap); |
456 |
+@@ -311,7 +311,7 @@ static int adma_fill_sg(struct ata_queued_cmd *qc) |
457 |
+ return i; |
458 |
+ } |
459 |
+ |
460 |
+-static void adma_qc_prep(struct ata_queued_cmd *qc) |
461 |
++static enum ata_completion_errors adma_qc_prep(struct ata_queued_cmd *qc) |
462 |
+ { |
463 |
+ struct adma_port_priv *pp = qc->ap->private_data; |
464 |
+ u8 *buf = pp->pkt; |
465 |
+@@ -322,7 +322,7 @@ static void adma_qc_prep(struct ata_queued_cmd *qc) |
466 |
+ |
467 |
+ adma_enter_reg_mode(qc->ap); |
468 |
+ if (qc->tf.protocol != ATA_PROT_DMA) |
469 |
+- return; |
470 |
++ return AC_ERR_OK; |
471 |
+ |
472 |
+ buf[i++] = 0; /* Response flags */ |
473 |
+ buf[i++] = 0; /* reserved */ |
474 |
+@@ -387,6 +387,7 @@ static void adma_qc_prep(struct ata_queued_cmd *qc) |
475 |
+ printk("%s\n", obuf); |
476 |
+ } |
477 |
+ #endif |
478 |
++ return AC_ERR_OK; |
479 |
+ } |
480 |
+ |
481 |
+ static inline void adma_packet_start(struct ata_queued_cmd *qc) |
482 |
+diff --git a/drivers/ata/sata_fsl.c b/drivers/ata/sata_fsl.c |
483 |
+index a723ae9297831..100b5a3621ef3 100644 |
484 |
+--- a/drivers/ata/sata_fsl.c |
485 |
++++ b/drivers/ata/sata_fsl.c |
486 |
+@@ -513,7 +513,7 @@ static unsigned int sata_fsl_fill_sg(struct ata_queued_cmd *qc, void *cmd_desc, |
487 |
+ return num_prde; |
488 |
+ } |
489 |
+ |
490 |
+-static void sata_fsl_qc_prep(struct ata_queued_cmd *qc) |
491 |
++static enum ata_completion_errors sata_fsl_qc_prep(struct ata_queued_cmd *qc) |
492 |
+ { |
493 |
+ struct ata_port *ap = qc->ap; |
494 |
+ struct sata_fsl_port_priv *pp = ap->private_data; |
495 |
+@@ -559,6 +559,8 @@ static void sata_fsl_qc_prep(struct ata_queued_cmd *qc) |
496 |
+ |
497 |
+ VPRINTK("SATA FSL : xx_qc_prep, di = 0x%x, ttl = %d, num_prde = %d\n", |
498 |
+ desc_info, ttl_dwords, num_prde); |
499 |
++ |
500 |
++ return AC_ERR_OK; |
501 |
+ } |
502 |
+ |
503 |
+ static unsigned int sata_fsl_qc_issue(struct ata_queued_cmd *qc) |
504 |
+diff --git a/drivers/ata/sata_inic162x.c b/drivers/ata/sata_inic162x.c |
505 |
+index e81a8217f1ff7..349a175f02675 100644 |
506 |
+--- a/drivers/ata/sata_inic162x.c |
507 |
++++ b/drivers/ata/sata_inic162x.c |
508 |
+@@ -472,7 +472,7 @@ static void inic_fill_sg(struct inic_prd *prd, struct ata_queued_cmd *qc) |
509 |
+ prd[-1].flags |= PRD_END; |
510 |
+ } |
511 |
+ |
512 |
+-static void inic_qc_prep(struct ata_queued_cmd *qc) |
513 |
++static enum ata_completion_errors inic_qc_prep(struct ata_queued_cmd *qc) |
514 |
+ { |
515 |
+ struct inic_port_priv *pp = qc->ap->private_data; |
516 |
+ struct inic_pkt *pkt = pp->pkt; |
517 |
+@@ -532,6 +532,8 @@ static void inic_qc_prep(struct ata_queued_cmd *qc) |
518 |
+ inic_fill_sg(prd, qc); |
519 |
+ |
520 |
+ pp->cpb_tbl[0] = pp->pkt_dma; |
521 |
++ |
522 |
++ return AC_ERR_OK; |
523 |
+ } |
524 |
+ |
525 |
+ static unsigned int inic_qc_issue(struct ata_queued_cmd *qc) |
526 |
+diff --git a/drivers/ata/sata_mv.c b/drivers/ata/sata_mv.c |
527 |
+index 729f26322095e..5718dc94c90cb 100644 |
528 |
+--- a/drivers/ata/sata_mv.c |
529 |
++++ b/drivers/ata/sata_mv.c |
530 |
+@@ -605,8 +605,8 @@ static int mv5_scr_write(struct ata_link *link, unsigned int sc_reg_in, u32 val) |
531 |
+ static int mv_port_start(struct ata_port *ap); |
532 |
+ static void mv_port_stop(struct ata_port *ap); |
533 |
+ static int mv_qc_defer(struct ata_queued_cmd *qc); |
534 |
+-static void mv_qc_prep(struct ata_queued_cmd *qc); |
535 |
+-static void mv_qc_prep_iie(struct ata_queued_cmd *qc); |
536 |
++static enum ata_completion_errors mv_qc_prep(struct ata_queued_cmd *qc); |
537 |
++static enum ata_completion_errors mv_qc_prep_iie(struct ata_queued_cmd *qc); |
538 |
+ static unsigned int mv_qc_issue(struct ata_queued_cmd *qc); |
539 |
+ static int mv_hardreset(struct ata_link *link, unsigned int *class, |
540 |
+ unsigned long deadline); |
541 |
+@@ -2046,7 +2046,7 @@ static void mv_rw_multi_errata_sata24(struct ata_queued_cmd *qc) |
542 |
+ * LOCKING: |
543 |
+ * Inherited from caller. |
544 |
+ */ |
545 |
+-static void mv_qc_prep(struct ata_queued_cmd *qc) |
546 |
++static enum ata_completion_errors mv_qc_prep(struct ata_queued_cmd *qc) |
547 |
+ { |
548 |
+ struct ata_port *ap = qc->ap; |
549 |
+ struct mv_port_priv *pp = ap->private_data; |
550 |
+@@ -2058,15 +2058,15 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
551 |
+ switch (tf->protocol) { |
552 |
+ case ATA_PROT_DMA: |
553 |
+ if (tf->command == ATA_CMD_DSM) |
554 |
+- return; |
555 |
++ return AC_ERR_OK; |
556 |
+ /* fall-thru */ |
557 |
+ case ATA_PROT_NCQ: |
558 |
+ break; /* continue below */ |
559 |
+ case ATA_PROT_PIO: |
560 |
+ mv_rw_multi_errata_sata24(qc); |
561 |
+- return; |
562 |
++ return AC_ERR_OK; |
563 |
+ default: |
564 |
+- return; |
565 |
++ return AC_ERR_OK; |
566 |
+ } |
567 |
+ |
568 |
+ /* Fill in command request block |
569 |
+@@ -2113,12 +2113,10 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
570 |
+ * non-NCQ mode are: [RW] STREAM DMA and W DMA FUA EXT, none |
571 |
+ * of which are defined/used by Linux. If we get here, this |
572 |
+ * driver needs work. |
573 |
+- * |
574 |
+- * FIXME: modify libata to give qc_prep a return value and |
575 |
+- * return error here. |
576 |
+ */ |
577 |
+- BUG_ON(tf->command); |
578 |
+- break; |
579 |
++ ata_port_err(ap, "%s: unsupported command: %.2x\n", __func__, |
580 |
++ tf->command); |
581 |
++ return AC_ERR_INVALID; |
582 |
+ } |
583 |
+ mv_crqb_pack_cmd(cw++, tf->nsect, ATA_REG_NSECT, 0); |
584 |
+ mv_crqb_pack_cmd(cw++, tf->hob_lbal, ATA_REG_LBAL, 0); |
585 |
+@@ -2131,8 +2129,10 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
586 |
+ mv_crqb_pack_cmd(cw++, tf->command, ATA_REG_CMD, 1); /* last */ |
587 |
+ |
588 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
589 |
+- return; |
590 |
++ return AC_ERR_OK; |
591 |
+ mv_fill_sg(qc); |
592 |
++ |
593 |
++ return AC_ERR_OK; |
594 |
+ } |
595 |
+ |
596 |
+ /** |
597 |
+@@ -2147,7 +2147,7 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
598 |
+ * LOCKING: |
599 |
+ * Inherited from caller. |
600 |
+ */ |
601 |
+-static void mv_qc_prep_iie(struct ata_queued_cmd *qc) |
602 |
++static enum ata_completion_errors mv_qc_prep_iie(struct ata_queued_cmd *qc) |
603 |
+ { |
604 |
+ struct ata_port *ap = qc->ap; |
605 |
+ struct mv_port_priv *pp = ap->private_data; |
606 |
+@@ -2158,9 +2158,9 @@ static void mv_qc_prep_iie(struct ata_queued_cmd *qc) |
607 |
+ |
608 |
+ if ((tf->protocol != ATA_PROT_DMA) && |
609 |
+ (tf->protocol != ATA_PROT_NCQ)) |
610 |
+- return; |
611 |
++ return AC_ERR_OK; |
612 |
+ if (tf->command == ATA_CMD_DSM) |
613 |
+- return; /* use bmdma for this */ |
614 |
++ return AC_ERR_OK; /* use bmdma for this */ |
615 |
+ |
616 |
+ /* Fill in Gen IIE command request block */ |
617 |
+ if (!(tf->flags & ATA_TFLAG_WRITE)) |
618 |
+@@ -2201,8 +2201,10 @@ static void mv_qc_prep_iie(struct ata_queued_cmd *qc) |
619 |
+ ); |
620 |
+ |
621 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
622 |
+- return; |
623 |
++ return AC_ERR_OK; |
624 |
+ mv_fill_sg(qc); |
625 |
++ |
626 |
++ return AC_ERR_OK; |
627 |
+ } |
628 |
+ |
629 |
+ /** |
630 |
+diff --git a/drivers/ata/sata_nv.c b/drivers/ata/sata_nv.c |
631 |
+index 734f563b8d37b..bb098c4ae1775 100644 |
632 |
+--- a/drivers/ata/sata_nv.c |
633 |
++++ b/drivers/ata/sata_nv.c |
634 |
+@@ -313,7 +313,7 @@ static void nv_ck804_freeze(struct ata_port *ap); |
635 |
+ static void nv_ck804_thaw(struct ata_port *ap); |
636 |
+ static int nv_adma_slave_config(struct scsi_device *sdev); |
637 |
+ static int nv_adma_check_atapi_dma(struct ata_queued_cmd *qc); |
638 |
+-static void nv_adma_qc_prep(struct ata_queued_cmd *qc); |
639 |
++static enum ata_completion_errors nv_adma_qc_prep(struct ata_queued_cmd *qc); |
640 |
+ static unsigned int nv_adma_qc_issue(struct ata_queued_cmd *qc); |
641 |
+ static irqreturn_t nv_adma_interrupt(int irq, void *dev_instance); |
642 |
+ static void nv_adma_irq_clear(struct ata_port *ap); |
643 |
+@@ -335,7 +335,7 @@ static void nv_mcp55_freeze(struct ata_port *ap); |
644 |
+ static void nv_swncq_error_handler(struct ata_port *ap); |
645 |
+ static int nv_swncq_slave_config(struct scsi_device *sdev); |
646 |
+ static int nv_swncq_port_start(struct ata_port *ap); |
647 |
+-static void nv_swncq_qc_prep(struct ata_queued_cmd *qc); |
648 |
++static enum ata_completion_errors nv_swncq_qc_prep(struct ata_queued_cmd *qc); |
649 |
+ static void nv_swncq_fill_sg(struct ata_queued_cmd *qc); |
650 |
+ static unsigned int nv_swncq_qc_issue(struct ata_queued_cmd *qc); |
651 |
+ static void nv_swncq_irq_clear(struct ata_port *ap, u16 fis); |
652 |
+@@ -1382,7 +1382,7 @@ static int nv_adma_use_reg_mode(struct ata_queued_cmd *qc) |
653 |
+ return 1; |
654 |
+ } |
655 |
+ |
656 |
+-static void nv_adma_qc_prep(struct ata_queued_cmd *qc) |
657 |
++static enum ata_completion_errors nv_adma_qc_prep(struct ata_queued_cmd *qc) |
658 |
+ { |
659 |
+ struct nv_adma_port_priv *pp = qc->ap->private_data; |
660 |
+ struct nv_adma_cpb *cpb = &pp->cpb[qc->tag]; |
661 |
+@@ -1394,7 +1394,7 @@ static void nv_adma_qc_prep(struct ata_queued_cmd *qc) |
662 |
+ (qc->flags & ATA_QCFLAG_DMAMAP)); |
663 |
+ nv_adma_register_mode(qc->ap); |
664 |
+ ata_bmdma_qc_prep(qc); |
665 |
+- return; |
666 |
++ return AC_ERR_OK; |
667 |
+ } |
668 |
+ |
669 |
+ cpb->resp_flags = NV_CPB_RESP_DONE; |
670 |
+@@ -1426,6 +1426,8 @@ static void nv_adma_qc_prep(struct ata_queued_cmd *qc) |
671 |
+ cpb->ctl_flags = ctl_flags; |
672 |
+ wmb(); |
673 |
+ cpb->resp_flags = 0; |
674 |
++ |
675 |
++ return AC_ERR_OK; |
676 |
+ } |
677 |
+ |
678 |
+ static unsigned int nv_adma_qc_issue(struct ata_queued_cmd *qc) |
679 |
+@@ -1989,17 +1991,19 @@ static int nv_swncq_port_start(struct ata_port *ap) |
680 |
+ return 0; |
681 |
+ } |
682 |
+ |
683 |
+-static void nv_swncq_qc_prep(struct ata_queued_cmd *qc) |
684 |
++static enum ata_completion_errors nv_swncq_qc_prep(struct ata_queued_cmd *qc) |
685 |
+ { |
686 |
+ if (qc->tf.protocol != ATA_PROT_NCQ) { |
687 |
+ ata_bmdma_qc_prep(qc); |
688 |
+- return; |
689 |
++ return AC_ERR_OK; |
690 |
+ } |
691 |
+ |
692 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
693 |
+- return; |
694 |
++ return AC_ERR_OK; |
695 |
+ |
696 |
+ nv_swncq_fill_sg(qc); |
697 |
++ |
698 |
++ return AC_ERR_OK; |
699 |
+ } |
700 |
+ |
701 |
+ static void nv_swncq_fill_sg(struct ata_queued_cmd *qc) |
702 |
+diff --git a/drivers/ata/sata_promise.c b/drivers/ata/sata_promise.c |
703 |
+index 0fa211e2831cd..8ad8b376a642c 100644 |
704 |
+--- a/drivers/ata/sata_promise.c |
705 |
++++ b/drivers/ata/sata_promise.c |
706 |
+@@ -155,7 +155,7 @@ static int pdc_sata_scr_write(struct ata_link *link, unsigned int sc_reg, u32 va |
707 |
+ static int pdc_ata_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); |
708 |
+ static int pdc_common_port_start(struct ata_port *ap); |
709 |
+ static int pdc_sata_port_start(struct ata_port *ap); |
710 |
+-static void pdc_qc_prep(struct ata_queued_cmd *qc); |
711 |
++static enum ata_completion_errors pdc_qc_prep(struct ata_queued_cmd *qc); |
712 |
+ static void pdc_tf_load_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
713 |
+ static void pdc_exec_command_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
714 |
+ static int pdc_check_atapi_dma(struct ata_queued_cmd *qc); |
715 |
+@@ -649,7 +649,7 @@ static void pdc_fill_sg(struct ata_queued_cmd *qc) |
716 |
+ prd[idx - 1].flags_len |= cpu_to_le32(ATA_PRD_EOT); |
717 |
+ } |
718 |
+ |
719 |
+-static void pdc_qc_prep(struct ata_queued_cmd *qc) |
720 |
++static enum ata_completion_errors pdc_qc_prep(struct ata_queued_cmd *qc) |
721 |
+ { |
722 |
+ struct pdc_port_priv *pp = qc->ap->private_data; |
723 |
+ unsigned int i; |
724 |
+@@ -681,6 +681,8 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc) |
725 |
+ default: |
726 |
+ break; |
727 |
+ } |
728 |
++ |
729 |
++ return AC_ERR_OK; |
730 |
+ } |
731 |
+ |
732 |
+ static int pdc_is_sataii_tx4(unsigned long flags) |
733 |
+diff --git a/drivers/ata/sata_qstor.c b/drivers/ata/sata_qstor.c |
734 |
+index af987a4f33d19..80ff3bbfc8269 100644 |
735 |
+--- a/drivers/ata/sata_qstor.c |
736 |
++++ b/drivers/ata/sata_qstor.c |
737 |
+@@ -116,7 +116,7 @@ static int qs_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); |
738 |
+ static int qs_ata_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); |
739 |
+ static int qs_port_start(struct ata_port *ap); |
740 |
+ static void qs_host_stop(struct ata_host *host); |
741 |
+-static void qs_qc_prep(struct ata_queued_cmd *qc); |
742 |
++static enum ata_completion_errors qs_qc_prep(struct ata_queued_cmd *qc); |
743 |
+ static unsigned int qs_qc_issue(struct ata_queued_cmd *qc); |
744 |
+ static int qs_check_atapi_dma(struct ata_queued_cmd *qc); |
745 |
+ static void qs_freeze(struct ata_port *ap); |
746 |
+@@ -276,7 +276,7 @@ static unsigned int qs_fill_sg(struct ata_queued_cmd *qc) |
747 |
+ return si; |
748 |
+ } |
749 |
+ |
750 |
+-static void qs_qc_prep(struct ata_queued_cmd *qc) |
751 |
++static enum ata_completion_errors qs_qc_prep(struct ata_queued_cmd *qc) |
752 |
+ { |
753 |
+ struct qs_port_priv *pp = qc->ap->private_data; |
754 |
+ u8 dflags = QS_DF_PORD, *buf = pp->pkt; |
755 |
+@@ -288,7 +288,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) |
756 |
+ |
757 |
+ qs_enter_reg_mode(qc->ap); |
758 |
+ if (qc->tf.protocol != ATA_PROT_DMA) |
759 |
+- return; |
760 |
++ return AC_ERR_OK; |
761 |
+ |
762 |
+ nelem = qs_fill_sg(qc); |
763 |
+ |
764 |
+@@ -311,6 +311,8 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) |
765 |
+ |
766 |
+ /* frame information structure (FIS) */ |
767 |
+ ata_tf_to_fis(&qc->tf, 0, 1, &buf[32]); |
768 |
++ |
769 |
++ return AC_ERR_OK; |
770 |
+ } |
771 |
+ |
772 |
+ static inline void qs_packet_start(struct ata_queued_cmd *qc) |
773 |
+diff --git a/drivers/ata/sata_rcar.c b/drivers/ata/sata_rcar.c |
774 |
+index 21b80f5ee0920..4199f7a39be0b 100644 |
775 |
+--- a/drivers/ata/sata_rcar.c |
776 |
++++ b/drivers/ata/sata_rcar.c |
777 |
+@@ -551,12 +551,14 @@ static void sata_rcar_bmdma_fill_sg(struct ata_queued_cmd *qc) |
778 |
+ prd[si - 1].addr |= cpu_to_le32(SATA_RCAR_DTEND); |
779 |
+ } |
780 |
+ |
781 |
+-static void sata_rcar_qc_prep(struct ata_queued_cmd *qc) |
782 |
++static enum ata_completion_errors sata_rcar_qc_prep(struct ata_queued_cmd *qc) |
783 |
+ { |
784 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
785 |
+- return; |
786 |
++ return AC_ERR_OK; |
787 |
+ |
788 |
+ sata_rcar_bmdma_fill_sg(qc); |
789 |
++ |
790 |
++ return AC_ERR_OK; |
791 |
+ } |
792 |
+ |
793 |
+ static void sata_rcar_bmdma_setup(struct ata_queued_cmd *qc) |
794 |
+diff --git a/drivers/ata/sata_sil.c b/drivers/ata/sata_sil.c |
795 |
+index 29bcff086bced..73156a301912f 100644 |
796 |
+--- a/drivers/ata/sata_sil.c |
797 |
++++ b/drivers/ata/sata_sil.c |
798 |
+@@ -119,7 +119,7 @@ static void sil_dev_config(struct ata_device *dev); |
799 |
+ static int sil_scr_read(struct ata_link *link, unsigned int sc_reg, u32 *val); |
800 |
+ static int sil_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); |
801 |
+ static int sil_set_mode(struct ata_link *link, struct ata_device **r_failed); |
802 |
+-static void sil_qc_prep(struct ata_queued_cmd *qc); |
803 |
++static enum ata_completion_errors sil_qc_prep(struct ata_queued_cmd *qc); |
804 |
+ static void sil_bmdma_setup(struct ata_queued_cmd *qc); |
805 |
+ static void sil_bmdma_start(struct ata_queued_cmd *qc); |
806 |
+ static void sil_bmdma_stop(struct ata_queued_cmd *qc); |
807 |
+@@ -333,12 +333,14 @@ static void sil_fill_sg(struct ata_queued_cmd *qc) |
808 |
+ last_prd->flags_len |= cpu_to_le32(ATA_PRD_EOT); |
809 |
+ } |
810 |
+ |
811 |
+-static void sil_qc_prep(struct ata_queued_cmd *qc) |
812 |
++static enum ata_completion_errors sil_qc_prep(struct ata_queued_cmd *qc) |
813 |
+ { |
814 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
815 |
+- return; |
816 |
++ return AC_ERR_OK; |
817 |
+ |
818 |
+ sil_fill_sg(qc); |
819 |
++ |
820 |
++ return AC_ERR_OK; |
821 |
+ } |
822 |
+ |
823 |
+ static unsigned char sil_get_device_cache_line(struct pci_dev *pdev) |
824 |
+diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c |
825 |
+index 4b1995e2d044b..ffa3bf724054d 100644 |
826 |
+--- a/drivers/ata/sata_sil24.c |
827 |
++++ b/drivers/ata/sata_sil24.c |
828 |
+@@ -336,7 +336,7 @@ static void sil24_dev_config(struct ata_device *dev); |
829 |
+ static int sil24_scr_read(struct ata_link *link, unsigned sc_reg, u32 *val); |
830 |
+ static int sil24_scr_write(struct ata_link *link, unsigned sc_reg, u32 val); |
831 |
+ static int sil24_qc_defer(struct ata_queued_cmd *qc); |
832 |
+-static void sil24_qc_prep(struct ata_queued_cmd *qc); |
833 |
++static enum ata_completion_errors sil24_qc_prep(struct ata_queued_cmd *qc); |
834 |
+ static unsigned int sil24_qc_issue(struct ata_queued_cmd *qc); |
835 |
+ static bool sil24_qc_fill_rtf(struct ata_queued_cmd *qc); |
836 |
+ static void sil24_pmp_attach(struct ata_port *ap); |
837 |
+@@ -840,7 +840,7 @@ static int sil24_qc_defer(struct ata_queued_cmd *qc) |
838 |
+ return ata_std_qc_defer(qc); |
839 |
+ } |
840 |
+ |
841 |
+-static void sil24_qc_prep(struct ata_queued_cmd *qc) |
842 |
++static enum ata_completion_errors sil24_qc_prep(struct ata_queued_cmd *qc) |
843 |
+ { |
844 |
+ struct ata_port *ap = qc->ap; |
845 |
+ struct sil24_port_priv *pp = ap->private_data; |
846 |
+@@ -884,6 +884,8 @@ static void sil24_qc_prep(struct ata_queued_cmd *qc) |
847 |
+ |
848 |
+ if (qc->flags & ATA_QCFLAG_DMAMAP) |
849 |
+ sil24_fill_sg(qc, sge); |
850 |
++ |
851 |
++ return AC_ERR_OK; |
852 |
+ } |
853 |
+ |
854 |
+ static unsigned int sil24_qc_issue(struct ata_queued_cmd *qc) |
855 |
+diff --git a/drivers/ata/sata_sx4.c b/drivers/ata/sata_sx4.c |
856 |
+index fab504fd9cfd7..a7cd2c7ee1388 100644 |
857 |
+--- a/drivers/ata/sata_sx4.c |
858 |
++++ b/drivers/ata/sata_sx4.c |
859 |
+@@ -218,7 +218,7 @@ static void pdc_error_handler(struct ata_port *ap); |
860 |
+ static void pdc_freeze(struct ata_port *ap); |
861 |
+ static void pdc_thaw(struct ata_port *ap); |
862 |
+ static int pdc_port_start(struct ata_port *ap); |
863 |
+-static void pdc20621_qc_prep(struct ata_queued_cmd *qc); |
864 |
++static enum ata_completion_errors pdc20621_qc_prep(struct ata_queued_cmd *qc); |
865 |
+ static void pdc_tf_load_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
866 |
+ static void pdc_exec_command_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
867 |
+ static unsigned int pdc20621_dimm_init(struct ata_host *host); |
868 |
+@@ -546,7 +546,7 @@ static void pdc20621_nodata_prep(struct ata_queued_cmd *qc) |
869 |
+ VPRINTK("ata pkt buf ofs %u, mmio copied\n", i); |
870 |
+ } |
871 |
+ |
872 |
+-static void pdc20621_qc_prep(struct ata_queued_cmd *qc) |
873 |
++static enum ata_completion_errors pdc20621_qc_prep(struct ata_queued_cmd *qc) |
874 |
+ { |
875 |
+ switch (qc->tf.protocol) { |
876 |
+ case ATA_PROT_DMA: |
877 |
+@@ -558,6 +558,8 @@ static void pdc20621_qc_prep(struct ata_queued_cmd *qc) |
878 |
+ default: |
879 |
+ break; |
880 |
+ } |
881 |
++ |
882 |
++ return AC_ERR_OK; |
883 |
+ } |
884 |
+ |
885 |
+ static void __pdc20621_push_hdma(struct ata_queued_cmd *qc, |
886 |
+diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c |
887 |
+index ad591a2f7c822..340a1ee79d280 100644 |
888 |
+--- a/drivers/atm/eni.c |
889 |
++++ b/drivers/atm/eni.c |
890 |
+@@ -2242,7 +2242,7 @@ static int eni_init_one(struct pci_dev *pci_dev, |
891 |
+ |
892 |
+ rc = dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(32)); |
893 |
+ if (rc < 0) |
894 |
+- goto out; |
895 |
++ goto err_disable; |
896 |
+ |
897 |
+ rc = -ENOMEM; |
898 |
+ eni_dev = kmalloc(sizeof(struct eni_dev), GFP_KERNEL); |
899 |
+diff --git a/drivers/char/tlclk.c b/drivers/char/tlclk.c |
900 |
+index 100cd1de9939d..59e1e94d12c01 100644 |
901 |
+--- a/drivers/char/tlclk.c |
902 |
++++ b/drivers/char/tlclk.c |
903 |
+@@ -777,17 +777,21 @@ static int __init tlclk_init(void) |
904 |
+ { |
905 |
+ int ret; |
906 |
+ |
907 |
++ telclk_interrupt = (inb(TLCLK_REG7) & 0x0f); |
908 |
++ |
909 |
++ alarm_events = kzalloc( sizeof(struct tlclk_alarms), GFP_KERNEL); |
910 |
++ if (!alarm_events) { |
911 |
++ ret = -ENOMEM; |
912 |
++ goto out1; |
913 |
++ } |
914 |
++ |
915 |
+ ret = register_chrdev(tlclk_major, "telco_clock", &tlclk_fops); |
916 |
+ if (ret < 0) { |
917 |
+ printk(KERN_ERR "tlclk: can't get major %d.\n", tlclk_major); |
918 |
++ kfree(alarm_events); |
919 |
+ return ret; |
920 |
+ } |
921 |
+ tlclk_major = ret; |
922 |
+- alarm_events = kzalloc( sizeof(struct tlclk_alarms), GFP_KERNEL); |
923 |
+- if (!alarm_events) { |
924 |
+- ret = -ENOMEM; |
925 |
+- goto out1; |
926 |
+- } |
927 |
+ |
928 |
+ /* Read telecom clock IRQ number (Set by BIOS) */ |
929 |
+ if (!request_region(TLCLK_BASE, 8, "telco_clock")) { |
930 |
+@@ -796,7 +800,6 @@ static int __init tlclk_init(void) |
931 |
+ ret = -EBUSY; |
932 |
+ goto out2; |
933 |
+ } |
934 |
+- telclk_interrupt = (inb(TLCLK_REG7) & 0x0f); |
935 |
+ |
936 |
+ if (0x0F == telclk_interrupt ) { /* not MCPBL0010 ? */ |
937 |
+ printk(KERN_ERR "telclk_interrupt = 0x%x non-mcpbl0010 hw.\n", |
938 |
+@@ -837,8 +840,8 @@ out3: |
939 |
+ release_region(TLCLK_BASE, 8); |
940 |
+ out2: |
941 |
+ kfree(alarm_events); |
942 |
+-out1: |
943 |
+ unregister_chrdev(tlclk_major, "telco_clock"); |
944 |
++out1: |
945 |
+ return ret; |
946 |
+ } |
947 |
+ |
948 |
+diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c |
949 |
+index 3e6a22658b63b..d4cc1a1ac1f73 100644 |
950 |
+--- a/drivers/char/tpm/tpm_ibmvtpm.c |
951 |
++++ b/drivers/char/tpm/tpm_ibmvtpm.c |
952 |
+@@ -543,6 +543,7 @@ static irqreturn_t ibmvtpm_interrupt(int irq, void *vtpm_instance) |
953 |
+ */ |
954 |
+ while ((crq = ibmvtpm_crq_get_next(ibmvtpm)) != NULL) { |
955 |
+ ibmvtpm_crq_process(crq, ibmvtpm); |
956 |
++ wake_up_interruptible(&ibmvtpm->crq_queue.wq); |
957 |
+ crq->valid = 0; |
958 |
+ smp_wmb(); |
959 |
+ } |
960 |
+@@ -589,6 +590,7 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, |
961 |
+ } |
962 |
+ |
963 |
+ crq_q->num_entry = CRQ_RES_BUF_SIZE / sizeof(*crq_q->crq_addr); |
964 |
++ init_waitqueue_head(&crq_q->wq); |
965 |
+ ibmvtpm->crq_dma_handle = dma_map_single(dev, crq_q->crq_addr, |
966 |
+ CRQ_RES_BUF_SIZE, |
967 |
+ DMA_BIDIRECTIONAL); |
968 |
+@@ -641,6 +643,13 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, |
969 |
+ if (rc) |
970 |
+ goto init_irq_cleanup; |
971 |
+ |
972 |
++ if (!wait_event_timeout(ibmvtpm->crq_queue.wq, |
973 |
++ ibmvtpm->rtce_buf != NULL, |
974 |
++ HZ)) { |
975 |
++ dev_err(dev, "CRQ response timed out\n"); |
976 |
++ goto init_irq_cleanup; |
977 |
++ } |
978 |
++ |
979 |
+ return tpm_chip_register(chip); |
980 |
+ init_irq_cleanup: |
981 |
+ do { |
982 |
+diff --git a/drivers/char/tpm/tpm_ibmvtpm.h b/drivers/char/tpm/tpm_ibmvtpm.h |
983 |
+index 6af92890518f8..1a8c3b698f104 100644 |
984 |
+--- a/drivers/char/tpm/tpm_ibmvtpm.h |
985 |
++++ b/drivers/char/tpm/tpm_ibmvtpm.h |
986 |
+@@ -31,6 +31,7 @@ struct ibmvtpm_crq_queue { |
987 |
+ struct ibmvtpm_crq *crq_addr; |
988 |
+ u32 index; |
989 |
+ u32 num_entry; |
990 |
++ wait_queue_head_t wq; |
991 |
+ }; |
992 |
+ |
993 |
+ struct ibmvtpm_dev { |
994 |
+diff --git a/drivers/devfreq/tegra-devfreq.c b/drivers/devfreq/tegra-devfreq.c |
995 |
+index 64a2e02b87d78..0b0de6a049afb 100644 |
996 |
+--- a/drivers/devfreq/tegra-devfreq.c |
997 |
++++ b/drivers/devfreq/tegra-devfreq.c |
998 |
+@@ -79,6 +79,8 @@ |
999 |
+ |
1000 |
+ #define KHZ 1000 |
1001 |
+ |
1002 |
++#define KHZ_MAX (ULONG_MAX / KHZ) |
1003 |
++ |
1004 |
+ /* Assume that the bus is saturated if the utilization is 25% */ |
1005 |
+ #define BUS_SATURATION_RATIO 25 |
1006 |
+ |
1007 |
+@@ -179,7 +181,7 @@ struct tegra_actmon_emc_ratio { |
1008 |
+ }; |
1009 |
+ |
1010 |
+ static struct tegra_actmon_emc_ratio actmon_emc_ratios[] = { |
1011 |
+- { 1400000, ULONG_MAX }, |
1012 |
++ { 1400000, KHZ_MAX }, |
1013 |
+ { 1200000, 750000 }, |
1014 |
+ { 1100000, 600000 }, |
1015 |
+ { 1000000, 500000 }, |
1016 |
+diff --git a/drivers/dma/tegra20-apb-dma.c b/drivers/dma/tegra20-apb-dma.c |
1017 |
+index b5cf5d36de2b4..68c460a2b16ea 100644 |
1018 |
+--- a/drivers/dma/tegra20-apb-dma.c |
1019 |
++++ b/drivers/dma/tegra20-apb-dma.c |
1020 |
+@@ -1207,8 +1207,7 @@ static void tegra_dma_free_chan_resources(struct dma_chan *dc) |
1021 |
+ |
1022 |
+ dev_dbg(tdc2dev(tdc), "Freeing channel %d\n", tdc->id); |
1023 |
+ |
1024 |
+- if (tdc->busy) |
1025 |
+- tegra_dma_terminate_all(dc); |
1026 |
++ tegra_dma_terminate_all(dc); |
1027 |
+ |
1028 |
+ spin_lock_irqsave(&tdc->lock, flags); |
1029 |
+ list_splice_init(&tdc->pending_sg_req, &sg_req_list); |
1030 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/atom.c b/drivers/gpu/drm/amd/amdgpu/atom.c |
1031 |
+index 1b50e6c13fb3f..5fbf99d600587 100644 |
1032 |
+--- a/drivers/gpu/drm/amd/amdgpu/atom.c |
1033 |
++++ b/drivers/gpu/drm/amd/amdgpu/atom.c |
1034 |
+@@ -748,8 +748,8 @@ static void atom_op_jump(atom_exec_context *ctx, int *ptr, int arg) |
1035 |
+ cjiffies = jiffies; |
1036 |
+ if (time_after(cjiffies, ctx->last_jump_jiffies)) { |
1037 |
+ cjiffies -= ctx->last_jump_jiffies; |
1038 |
+- if ((jiffies_to_msecs(cjiffies) > 5000)) { |
1039 |
+- DRM_ERROR("atombios stuck in loop for more than 5secs aborting\n"); |
1040 |
++ if ((jiffies_to_msecs(cjiffies) > 10000)) { |
1041 |
++ DRM_ERROR("atombios stuck in loop for more than 10secs aborting\n"); |
1042 |
+ ctx->abort = true; |
1043 |
+ } |
1044 |
+ } else { |
1045 |
+diff --git a/drivers/gpu/drm/gma500/cdv_intel_display.c b/drivers/gpu/drm/gma500/cdv_intel_display.c |
1046 |
+index 7d47b3d5cc0d0..54d554d720004 100644 |
1047 |
+--- a/drivers/gpu/drm/gma500/cdv_intel_display.c |
1048 |
++++ b/drivers/gpu/drm/gma500/cdv_intel_display.c |
1049 |
+@@ -415,6 +415,8 @@ static bool cdv_intel_find_dp_pll(const struct gma_limit_t *limit, |
1050 |
+ struct gma_crtc *gma_crtc = to_gma_crtc(crtc); |
1051 |
+ struct gma_clock_t clock; |
1052 |
+ |
1053 |
++ memset(&clock, 0, sizeof(clock)); |
1054 |
++ |
1055 |
+ switch (refclk) { |
1056 |
+ case 27000: |
1057 |
+ if (target < 200000) { |
1058 |
+diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c |
1059 |
+index 3e4d3d5560bf1..6315f77b4a58c 100644 |
1060 |
+--- a/drivers/infiniband/core/ucma.c |
1061 |
++++ b/drivers/infiniband/core/ucma.c |
1062 |
+@@ -1295,13 +1295,13 @@ static ssize_t ucma_set_option(struct ucma_file *file, const char __user *inbuf, |
1063 |
+ if (copy_from_user(&cmd, inbuf, sizeof(cmd))) |
1064 |
+ return -EFAULT; |
1065 |
+ |
1066 |
++ if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) |
1067 |
++ return -EINVAL; |
1068 |
++ |
1069 |
+ ctx = ucma_get_ctx(file, cmd.id); |
1070 |
+ if (IS_ERR(ctx)) |
1071 |
+ return PTR_ERR(ctx); |
1072 |
+ |
1073 |
+- if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) |
1074 |
+- return -EINVAL; |
1075 |
+- |
1076 |
+ optval = memdup_user((void __user *) (unsigned long) cmd.optval, |
1077 |
+ cmd.optlen); |
1078 |
+ if (IS_ERR(optval)) { |
1079 |
+diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h |
1080 |
+index 7fe7df56fa334..f0939fc1cfe55 100644 |
1081 |
+--- a/drivers/md/bcache/bcache.h |
1082 |
++++ b/drivers/md/bcache/bcache.h |
1083 |
+@@ -547,6 +547,7 @@ struct cache_set { |
1084 |
+ */ |
1085 |
+ wait_queue_head_t btree_cache_wait; |
1086 |
+ struct task_struct *btree_cache_alloc_lock; |
1087 |
++ spinlock_t btree_cannibalize_lock; |
1088 |
+ |
1089 |
+ /* |
1090 |
+ * When we free a btree node, we increment the gen of the bucket the |
1091 |
+diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c |
1092 |
+index 122d975220945..bdf6071c1b184 100644 |
1093 |
+--- a/drivers/md/bcache/btree.c |
1094 |
++++ b/drivers/md/bcache/btree.c |
1095 |
+@@ -841,15 +841,17 @@ out: |
1096 |
+ |
1097 |
+ static int mca_cannibalize_lock(struct cache_set *c, struct btree_op *op) |
1098 |
+ { |
1099 |
+- struct task_struct *old; |
1100 |
+- |
1101 |
+- old = cmpxchg(&c->btree_cache_alloc_lock, NULL, current); |
1102 |
+- if (old && old != current) { |
1103 |
++ spin_lock(&c->btree_cannibalize_lock); |
1104 |
++ if (likely(c->btree_cache_alloc_lock == NULL)) { |
1105 |
++ c->btree_cache_alloc_lock = current; |
1106 |
++ } else if (c->btree_cache_alloc_lock != current) { |
1107 |
+ if (op) |
1108 |
+ prepare_to_wait(&c->btree_cache_wait, &op->wait, |
1109 |
+ TASK_UNINTERRUPTIBLE); |
1110 |
++ spin_unlock(&c->btree_cannibalize_lock); |
1111 |
+ return -EINTR; |
1112 |
+ } |
1113 |
++ spin_unlock(&c->btree_cannibalize_lock); |
1114 |
+ |
1115 |
+ return 0; |
1116 |
+ } |
1117 |
+@@ -884,10 +886,12 @@ static struct btree *mca_cannibalize(struct cache_set *c, struct btree_op *op, |
1118 |
+ */ |
1119 |
+ static void bch_cannibalize_unlock(struct cache_set *c) |
1120 |
+ { |
1121 |
++ spin_lock(&c->btree_cannibalize_lock); |
1122 |
+ if (c->btree_cache_alloc_lock == current) { |
1123 |
+ c->btree_cache_alloc_lock = NULL; |
1124 |
+ wake_up(&c->btree_cache_wait); |
1125 |
+ } |
1126 |
++ spin_unlock(&c->btree_cannibalize_lock); |
1127 |
+ } |
1128 |
+ |
1129 |
+ static struct btree *mca_alloc(struct cache_set *c, struct btree_op *op, |
1130 |
+diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c |
1131 |
+index f7f8fb079d2a9..d73f9ea776861 100644 |
1132 |
+--- a/drivers/md/bcache/super.c |
1133 |
++++ b/drivers/md/bcache/super.c |
1134 |
+@@ -1511,6 +1511,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) |
1135 |
+ sema_init(&c->sb_write_mutex, 1); |
1136 |
+ mutex_init(&c->bucket_lock); |
1137 |
+ init_waitqueue_head(&c->btree_cache_wait); |
1138 |
++ spin_lock_init(&c->btree_cannibalize_lock); |
1139 |
+ init_waitqueue_head(&c->bucket_wait); |
1140 |
+ init_waitqueue_head(&c->gc_wait); |
1141 |
+ sema_init(&c->uuid_write_mutex, 1); |
1142 |
+diff --git a/drivers/media/dvb-frontends/tda10071.c b/drivers/media/dvb-frontends/tda10071.c |
1143 |
+index 119d47596ac81..b81887c4f72a9 100644 |
1144 |
+--- a/drivers/media/dvb-frontends/tda10071.c |
1145 |
++++ b/drivers/media/dvb-frontends/tda10071.c |
1146 |
+@@ -483,10 +483,11 @@ static int tda10071_read_status(struct dvb_frontend *fe, enum fe_status *status) |
1147 |
+ goto error; |
1148 |
+ |
1149 |
+ if (dev->delivery_system == SYS_DVBS) { |
1150 |
+- dev->dvbv3_ber = buf[0] << 24 | buf[1] << 16 | |
1151 |
+- buf[2] << 8 | buf[3] << 0; |
1152 |
+- dev->post_bit_error += buf[0] << 24 | buf[1] << 16 | |
1153 |
+- buf[2] << 8 | buf[3] << 0; |
1154 |
++ u32 bit_error = buf[0] << 24 | buf[1] << 16 | |
1155 |
++ buf[2] << 8 | buf[3] << 0; |
1156 |
++ |
1157 |
++ dev->dvbv3_ber = bit_error; |
1158 |
++ dev->post_bit_error += bit_error; |
1159 |
+ c->post_bit_error.stat[0].scale = FE_SCALE_COUNTER; |
1160 |
+ c->post_bit_error.stat[0].uvalue = dev->post_bit_error; |
1161 |
+ dev->block_error += buf[4] << 8 | buf[5] << 0; |
1162 |
+diff --git a/drivers/media/usb/go7007/go7007-usb.c b/drivers/media/usb/go7007/go7007-usb.c |
1163 |
+index 4857c467e76cd..4490786936a02 100644 |
1164 |
+--- a/drivers/media/usb/go7007/go7007-usb.c |
1165 |
++++ b/drivers/media/usb/go7007/go7007-usb.c |
1166 |
+@@ -1052,6 +1052,7 @@ static int go7007_usb_probe(struct usb_interface *intf, |
1167 |
+ struct go7007_usb *usb; |
1168 |
+ const struct go7007_usb_board *board; |
1169 |
+ struct usb_device *usbdev = interface_to_usbdev(intf); |
1170 |
++ struct usb_host_endpoint *ep; |
1171 |
+ unsigned num_i2c_devs; |
1172 |
+ char *name; |
1173 |
+ int video_pipe, i, v_urb_len; |
1174 |
+@@ -1147,7 +1148,8 @@ static int go7007_usb_probe(struct usb_interface *intf, |
1175 |
+ if (usb->intr_urb->transfer_buffer == NULL) |
1176 |
+ goto allocfail; |
1177 |
+ |
1178 |
+- if (go->board_id == GO7007_BOARDID_SENSORAY_2250) |
1179 |
++ ep = usb->usbdev->ep_in[4]; |
1180 |
++ if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK) |
1181 |
+ usb_fill_bulk_urb(usb->intr_urb, usb->usbdev, |
1182 |
+ usb_rcvbulkpipe(usb->usbdev, 4), |
1183 |
+ usb->intr_urb->transfer_buffer, 2*sizeof(u16), |
1184 |
+diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c |
1185 |
+index 215bb5eeb5acf..c57e375fad6ed 100644 |
1186 |
+--- a/drivers/mfd/mfd-core.c |
1187 |
++++ b/drivers/mfd/mfd-core.c |
1188 |
+@@ -31,6 +31,11 @@ int mfd_cell_enable(struct platform_device *pdev) |
1189 |
+ const struct mfd_cell *cell = mfd_get_cell(pdev); |
1190 |
+ int err = 0; |
1191 |
+ |
1192 |
++ if (!cell->enable) { |
1193 |
++ dev_dbg(&pdev->dev, "No .enable() call-back registered\n"); |
1194 |
++ return 0; |
1195 |
++ } |
1196 |
++ |
1197 |
+ /* only call enable hook if the cell wasn't previously enabled */ |
1198 |
+ if (atomic_inc_return(cell->usage_count) == 1) |
1199 |
+ err = cell->enable(pdev); |
1200 |
+@@ -48,6 +53,11 @@ int mfd_cell_disable(struct platform_device *pdev) |
1201 |
+ const struct mfd_cell *cell = mfd_get_cell(pdev); |
1202 |
+ int err = 0; |
1203 |
+ |
1204 |
++ if (!cell->disable) { |
1205 |
++ dev_dbg(&pdev->dev, "No .disable() call-back registered\n"); |
1206 |
++ return 0; |
1207 |
++ } |
1208 |
++ |
1209 |
+ /* only disable if no other clients are using it */ |
1210 |
+ if (atomic_dec_return(cell->usage_count) == 0) |
1211 |
+ err = cell->disable(pdev); |
1212 |
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c |
1213 |
+index 972935f1b2f7e..3a3da0eeef1fb 100644 |
1214 |
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c |
1215 |
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c |
1216 |
+@@ -724,7 +724,6 @@ static struct mtd_info *cfi_amdstd_setup(struct mtd_info *mtd) |
1217 |
+ kfree(mtd->eraseregions); |
1218 |
+ kfree(mtd); |
1219 |
+ kfree(cfi->cmdset_priv); |
1220 |
+- kfree(cfi->cfiq); |
1221 |
+ return NULL; |
1222 |
+ } |
1223 |
+ |
1224 |
+diff --git a/drivers/mtd/cmdlinepart.c b/drivers/mtd/cmdlinepart.c |
1225 |
+index 08f62987cc37c..ffbc9b304beb2 100644 |
1226 |
+--- a/drivers/mtd/cmdlinepart.c |
1227 |
++++ b/drivers/mtd/cmdlinepart.c |
1228 |
+@@ -228,12 +228,29 @@ static int mtdpart_setup_real(char *s) |
1229 |
+ struct cmdline_mtd_partition *this_mtd; |
1230 |
+ struct mtd_partition *parts; |
1231 |
+ int mtd_id_len, num_parts; |
1232 |
+- char *p, *mtd_id; |
1233 |
++ char *p, *mtd_id, *semicol; |
1234 |
++ |
1235 |
++ /* |
1236 |
++ * Replace the first ';' by a NULL char so strrchr can work |
1237 |
++ * properly. |
1238 |
++ */ |
1239 |
++ semicol = strchr(s, ';'); |
1240 |
++ if (semicol) |
1241 |
++ *semicol = '\0'; |
1242 |
+ |
1243 |
+ mtd_id = s; |
1244 |
+ |
1245 |
+- /* fetch <mtd-id> */ |
1246 |
+- p = strchr(s, ':'); |
1247 |
++ /* |
1248 |
++ * fetch <mtd-id>. We use strrchr to ignore all ':' that could |
1249 |
++ * be present in the MTD name, only the last one is interpreted |
1250 |
++ * as an <mtd-id>/<part-definition> separator. |
1251 |
++ */ |
1252 |
++ p = strrchr(s, ':'); |
1253 |
++ |
1254 |
++ /* Restore the ';' now. */ |
1255 |
++ if (semicol) |
1256 |
++ *semicol = ';'; |
1257 |
++ |
1258 |
+ if (!p) { |
1259 |
+ pr_err("no mtd-id\n"); |
1260 |
+ return -EINVAL; |
1261 |
+diff --git a/drivers/mtd/nand/omap_elm.c b/drivers/mtd/nand/omap_elm.c |
1262 |
+index 235ec7992b4cf..e46b11847082a 100644 |
1263 |
+--- a/drivers/mtd/nand/omap_elm.c |
1264 |
++++ b/drivers/mtd/nand/omap_elm.c |
1265 |
+@@ -421,6 +421,7 @@ static int elm_probe(struct platform_device *pdev) |
1266 |
+ pm_runtime_enable(&pdev->dev); |
1267 |
+ if (pm_runtime_get_sync(&pdev->dev) < 0) { |
1268 |
+ ret = -EINVAL; |
1269 |
++ pm_runtime_put_sync(&pdev->dev); |
1270 |
+ pm_runtime_disable(&pdev->dev); |
1271 |
+ dev_err(&pdev->dev, "can't enable clock\n"); |
1272 |
+ return ret; |
1273 |
+diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c |
1274 |
+index f958188207fd6..e57aca6239f8e 100644 |
1275 |
+--- a/drivers/net/ethernet/intel/e1000/e1000_main.c |
1276 |
++++ b/drivers/net/ethernet/intel/e1000/e1000_main.c |
1277 |
+@@ -568,8 +568,13 @@ void e1000_reinit_locked(struct e1000_adapter *adapter) |
1278 |
+ WARN_ON(in_interrupt()); |
1279 |
+ while (test_and_set_bit(__E1000_RESETTING, &adapter->flags)) |
1280 |
+ msleep(1); |
1281 |
+- e1000_down(adapter); |
1282 |
+- e1000_up(adapter); |
1283 |
++ |
1284 |
++ /* only run the task if not already down */ |
1285 |
++ if (!test_bit(__E1000_DOWN, &adapter->flags)) { |
1286 |
++ e1000_down(adapter); |
1287 |
++ e1000_up(adapter); |
1288 |
++ } |
1289 |
++ |
1290 |
+ clear_bit(__E1000_RESETTING, &adapter->flags); |
1291 |
+ } |
1292 |
+ |
1293 |
+@@ -1456,10 +1461,15 @@ static int e1000_close(struct net_device *netdev) |
1294 |
+ struct e1000_hw *hw = &adapter->hw; |
1295 |
+ int count = E1000_CHECK_RESET_COUNT; |
1296 |
+ |
1297 |
+- while (test_bit(__E1000_RESETTING, &adapter->flags) && count--) |
1298 |
++ while (test_and_set_bit(__E1000_RESETTING, &adapter->flags) && count--) |
1299 |
+ usleep_range(10000, 20000); |
1300 |
+ |
1301 |
+- WARN_ON(test_bit(__E1000_RESETTING, &adapter->flags)); |
1302 |
++ WARN_ON(count < 0); |
1303 |
++ |
1304 |
++ /* signal that we're down so that the reset task will no longer run */ |
1305 |
++ set_bit(__E1000_DOWN, &adapter->flags); |
1306 |
++ clear_bit(__E1000_RESETTING, &adapter->flags); |
1307 |
++ |
1308 |
+ e1000_down(adapter); |
1309 |
+ e1000_power_down_phy(adapter); |
1310 |
+ e1000_free_irq(adapter); |
1311 |
+diff --git a/drivers/net/wan/hdlc_ppp.c b/drivers/net/wan/hdlc_ppp.c |
1312 |
+index 4842344a96f1d..a2559f213daed 100644 |
1313 |
+--- a/drivers/net/wan/hdlc_ppp.c |
1314 |
++++ b/drivers/net/wan/hdlc_ppp.c |
1315 |
+@@ -386,11 +386,8 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1316 |
+ } |
1317 |
+ |
1318 |
+ for (opt = data; len; len -= opt[1], opt += opt[1]) { |
1319 |
+- if (len < 2 || len < opt[1]) { |
1320 |
+- dev->stats.rx_errors++; |
1321 |
+- kfree(out); |
1322 |
+- return; /* bad packet, drop silently */ |
1323 |
+- } |
1324 |
++ if (len < 2 || opt[1] < 2 || len < opt[1]) |
1325 |
++ goto err_out; |
1326 |
+ |
1327 |
+ if (pid == PID_LCP) |
1328 |
+ switch (opt[0]) { |
1329 |
+@@ -398,6 +395,8 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1330 |
+ continue; /* MRU always OK and > 1500 bytes? */ |
1331 |
+ |
1332 |
+ case LCP_OPTION_ACCM: /* async control character map */ |
1333 |
++ if (opt[1] < sizeof(valid_accm)) |
1334 |
++ goto err_out; |
1335 |
+ if (!memcmp(opt, valid_accm, |
1336 |
+ sizeof(valid_accm))) |
1337 |
+ continue; |
1338 |
+@@ -409,6 +408,8 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1339 |
+ } |
1340 |
+ break; |
1341 |
+ case LCP_OPTION_MAGIC: |
1342 |
++ if (len < 6) |
1343 |
++ goto err_out; |
1344 |
+ if (opt[1] != 6 || (!opt[2] && !opt[3] && |
1345 |
+ !opt[4] && !opt[5])) |
1346 |
+ break; /* reject invalid magic number */ |
1347 |
+@@ -427,6 +428,11 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1348 |
+ ppp_cp_event(dev, pid, RCR_GOOD, CP_CONF_ACK, id, req_len, data); |
1349 |
+ |
1350 |
+ kfree(out); |
1351 |
++ return; |
1352 |
++ |
1353 |
++err_out: |
1354 |
++ dev->stats.rx_errors++; |
1355 |
++ kfree(out); |
1356 |
+ } |
1357 |
+ |
1358 |
+ static int ppp_rx(struct sk_buff *skb) |
1359 |
+diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c |
1360 |
+index 5bf22057459e6..bc6330b437958 100644 |
1361 |
+--- a/drivers/net/wireless/ath/ar5523/ar5523.c |
1362 |
++++ b/drivers/net/wireless/ath/ar5523/ar5523.c |
1363 |
+@@ -1774,6 +1774,8 @@ static struct usb_device_id ar5523_id_table[] = { |
1364 |
+ AR5523_DEVICE_UX(0x0846, 0x4300), /* Netgear / WG111U */ |
1365 |
+ AR5523_DEVICE_UG(0x0846, 0x4250), /* Netgear / WG111T */ |
1366 |
+ AR5523_DEVICE_UG(0x0846, 0x5f00), /* Netgear / WPN111 */ |
1367 |
++ AR5523_DEVICE_UG(0x083a, 0x4506), /* SMC / EZ Connect |
1368 |
++ SMCWUSBT-G2 */ |
1369 |
+ AR5523_DEVICE_UG(0x157e, 0x3006), /* Umedia / AR5523_1 */ |
1370 |
+ AR5523_DEVICE_UX(0x157e, 0x3205), /* Umedia / AR5523_2 */ |
1371 |
+ AR5523_DEVICE_UG(0x157e, 0x3006), /* Umedia / TEW444UBEU */ |
1372 |
+diff --git a/drivers/net/wireless/mwifiex/fw.h b/drivers/net/wireless/mwifiex/fw.h |
1373 |
+index 9a5eb9ed89215..233af2292366d 100644 |
1374 |
+--- a/drivers/net/wireless/mwifiex/fw.h |
1375 |
++++ b/drivers/net/wireless/mwifiex/fw.h |
1376 |
+@@ -848,7 +848,7 @@ struct mwifiex_tkip_param { |
1377 |
+ struct mwifiex_aes_param { |
1378 |
+ u8 pn[WPA_PN_SIZE]; |
1379 |
+ __le16 key_len; |
1380 |
+- u8 key[WLAN_KEY_LEN_CCMP]; |
1381 |
++ u8 key[WLAN_KEY_LEN_CCMP_256]; |
1382 |
+ } __packed; |
1383 |
+ |
1384 |
+ struct mwifiex_wapi_param { |
1385 |
+diff --git a/drivers/net/wireless/mwifiex/sta_cmdresp.c b/drivers/net/wireless/mwifiex/sta_cmdresp.c |
1386 |
+index 9e3853c8a22da..32b0b06b74f1d 100644 |
1387 |
+--- a/drivers/net/wireless/mwifiex/sta_cmdresp.c |
1388 |
++++ b/drivers/net/wireless/mwifiex/sta_cmdresp.c |
1389 |
+@@ -631,7 +631,7 @@ static int mwifiex_ret_802_11_key_material_v2(struct mwifiex_private *priv, |
1390 |
+ key_v2 = &resp->params.key_material_v2; |
1391 |
+ |
1392 |
+ len = le16_to_cpu(key_v2->key_param_set.key_params.aes.key_len); |
1393 |
+- if (len > WLAN_KEY_LEN_CCMP) |
1394 |
++ if (len > sizeof(key_v2->key_param_set.key_params.aes.key)) |
1395 |
+ return -EINVAL; |
1396 |
+ |
1397 |
+ if (le16_to_cpu(key_v2->action) == HostCmd_ACT_GEN_SET) { |
1398 |
+@@ -647,7 +647,7 @@ static int mwifiex_ret_802_11_key_material_v2(struct mwifiex_private *priv, |
1399 |
+ return 0; |
1400 |
+ |
1401 |
+ memset(priv->aes_key_v2.key_param_set.key_params.aes.key, 0, |
1402 |
+- WLAN_KEY_LEN_CCMP); |
1403 |
++ sizeof(key_v2->key_param_set.key_params.aes.key)); |
1404 |
+ priv->aes_key_v2.key_param_set.key_params.aes.key_len = |
1405 |
+ cpu_to_le16(len); |
1406 |
+ memcpy(priv->aes_key_v2.key_param_set.key_params.aes.key, |
1407 |
+diff --git a/drivers/phy/phy-s5pv210-usb2.c b/drivers/phy/phy-s5pv210-usb2.c |
1408 |
+index 004d320767e4d..bb36cfd4e3e90 100644 |
1409 |
+--- a/drivers/phy/phy-s5pv210-usb2.c |
1410 |
++++ b/drivers/phy/phy-s5pv210-usb2.c |
1411 |
+@@ -142,6 +142,10 @@ static void s5pv210_phy_pwr(struct samsung_usb2_phy_instance *inst, bool on) |
1412 |
+ udelay(10); |
1413 |
+ rst &= ~rstbits; |
1414 |
+ writel(rst, drv->reg_phy + S5PV210_UPHYRST); |
1415 |
++ /* The following delay is necessary for the reset sequence to be |
1416 |
++ * completed |
1417 |
++ */ |
1418 |
++ udelay(80); |
1419 |
+ } else { |
1420 |
+ pwr = readl(drv->reg_phy + S5PV210_UPHYPWR); |
1421 |
+ pwr |= phypwr; |
1422 |
+diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c |
1423 |
+index de33801ca31ea..0614d05a990a6 100644 |
1424 |
+--- a/drivers/scsi/aacraid/aachba.c |
1425 |
++++ b/drivers/scsi/aacraid/aachba.c |
1426 |
+@@ -1938,13 +1938,13 @@ static int aac_read(struct scsi_cmnd * scsicmd) |
1427 |
+ scsicmd->result = DID_OK << 16 | COMMAND_COMPLETE << 8 | |
1428 |
+ SAM_STAT_CHECK_CONDITION; |
1429 |
+ set_sense(&dev->fsa_dev[cid].sense_data, |
1430 |
+- HARDWARE_ERROR, SENCODE_INTERNAL_TARGET_FAILURE, |
1431 |
++ ILLEGAL_REQUEST, SENCODE_LBA_OUT_OF_RANGE, |
1432 |
+ ASENCODE_INTERNAL_TARGET_FAILURE, 0, 0); |
1433 |
+ memcpy(scsicmd->sense_buffer, &dev->fsa_dev[cid].sense_data, |
1434 |
+ min_t(size_t, sizeof(dev->fsa_dev[cid].sense_data), |
1435 |
+ SCSI_SENSE_BUFFERSIZE)); |
1436 |
+ scsicmd->scsi_done(scsicmd); |
1437 |
+- return 1; |
1438 |
++ return 0; |
1439 |
+ } |
1440 |
+ |
1441 |
+ dprintk((KERN_DEBUG "aac_read[cpu %d]: lba = %llu, t = %ld.\n", |
1442 |
+@@ -2035,13 +2035,13 @@ static int aac_write(struct scsi_cmnd * scsicmd) |
1443 |
+ scsicmd->result = DID_OK << 16 | COMMAND_COMPLETE << 8 | |
1444 |
+ SAM_STAT_CHECK_CONDITION; |
1445 |
+ set_sense(&dev->fsa_dev[cid].sense_data, |
1446 |
+- HARDWARE_ERROR, SENCODE_INTERNAL_TARGET_FAILURE, |
1447 |
++ ILLEGAL_REQUEST, SENCODE_LBA_OUT_OF_RANGE, |
1448 |
+ ASENCODE_INTERNAL_TARGET_FAILURE, 0, 0); |
1449 |
+ memcpy(scsicmd->sense_buffer, &dev->fsa_dev[cid].sense_data, |
1450 |
+ min_t(size_t, sizeof(dev->fsa_dev[cid].sense_data), |
1451 |
+ SCSI_SENSE_BUFFERSIZE)); |
1452 |
+ scsicmd->scsi_done(scsicmd); |
1453 |
+- return 1; |
1454 |
++ return 0; |
1455 |
+ } |
1456 |
+ |
1457 |
+ dprintk((KERN_DEBUG "aac_write[cpu %d]: lba = %llu, t = %ld.\n", |
1458 |
+diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c |
1459 |
+index 7a94c2d352390..97c0d79a2601f 100644 |
1460 |
+--- a/drivers/scsi/lpfc/lpfc_sli.c |
1461 |
++++ b/drivers/scsi/lpfc/lpfc_sli.c |
1462 |
+@@ -15445,6 +15445,10 @@ lpfc_prep_seq(struct lpfc_vport *vport, struct hbq_dmabuf *seq_dmabuf) |
1463 |
+ list_add_tail(&iocbq->list, &first_iocbq->list); |
1464 |
+ } |
1465 |
+ } |
1466 |
++ /* Free the sequence's header buffer */ |
1467 |
++ if (!first_iocbq) |
1468 |
++ lpfc_in_buf_free(vport->phba, &seq_dmabuf->dbuf); |
1469 |
++ |
1470 |
+ return first_iocbq; |
1471 |
+ } |
1472 |
+ |
1473 |
+diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c |
1474 |
+index e9ea9005a984e..f24fa99da69f5 100644 |
1475 |
+--- a/drivers/tty/serial/8250/8250_core.c |
1476 |
++++ b/drivers/tty/serial/8250/8250_core.c |
1477 |
+@@ -1037,8 +1037,10 @@ int serial8250_register_8250_port(struct uart_8250_port *up) |
1478 |
+ |
1479 |
+ ret = uart_add_one_port(&serial8250_reg, |
1480 |
+ &uart->port); |
1481 |
+- if (ret == 0) |
1482 |
+- ret = uart->port.line; |
1483 |
++ if (ret) |
1484 |
++ goto err; |
1485 |
++ |
1486 |
++ ret = uart->port.line; |
1487 |
+ } else { |
1488 |
+ dev_info(uart->port.dev, |
1489 |
+ "skipping CIR port at 0x%lx / 0x%llx, IRQ %d\n", |
1490 |
+@@ -1052,6 +1054,11 @@ int serial8250_register_8250_port(struct uart_8250_port *up) |
1491 |
+ mutex_unlock(&serial_mutex); |
1492 |
+ |
1493 |
+ return ret; |
1494 |
++ |
1495 |
++err: |
1496 |
++ uart->port.dev = NULL; |
1497 |
++ mutex_unlock(&serial_mutex); |
1498 |
++ return ret; |
1499 |
+ } |
1500 |
+ EXPORT_SYMBOL(serial8250_register_8250_port); |
1501 |
+ |
1502 |
+diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c |
1503 |
+index c4383573cf668..0377b35d62b80 100644 |
1504 |
+--- a/drivers/tty/serial/8250/8250_omap.c |
1505 |
++++ b/drivers/tty/serial/8250/8250_omap.c |
1506 |
+@@ -1188,11 +1188,11 @@ static int omap8250_probe(struct platform_device *pdev) |
1507 |
+ spin_lock_init(&priv->rx_dma_lock); |
1508 |
+ |
1509 |
+ device_init_wakeup(&pdev->dev, true); |
1510 |
++ pm_runtime_enable(&pdev->dev); |
1511 |
+ pm_runtime_use_autosuspend(&pdev->dev); |
1512 |
+ pm_runtime_set_autosuspend_delay(&pdev->dev, -1); |
1513 |
+ |
1514 |
+ pm_runtime_irq_safe(&pdev->dev); |
1515 |
+- pm_runtime_enable(&pdev->dev); |
1516 |
+ |
1517 |
+ pm_runtime_get_sync(&pdev->dev); |
1518 |
+ |
1519 |
+diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c |
1520 |
+index 70a51d0bc6044..42aa37515e9bd 100644 |
1521 |
+--- a/drivers/tty/serial/samsung.c |
1522 |
++++ b/drivers/tty/serial/samsung.c |
1523 |
+@@ -1151,14 +1151,14 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport, |
1524 |
+ struct s3c24xx_uart_info *info = ourport->info; |
1525 |
+ struct clk *clk; |
1526 |
+ unsigned long rate; |
1527 |
+- unsigned int cnt, baud, quot, clk_sel, best_quot = 0; |
1528 |
++ unsigned int cnt, baud, quot, best_quot = 0; |
1529 |
+ char clkname[MAX_CLK_NAME_LENGTH]; |
1530 |
+ int calc_deviation, deviation = (1 << 30) - 1; |
1531 |
+ |
1532 |
+- clk_sel = (ourport->cfg->clk_sel) ? ourport->cfg->clk_sel : |
1533 |
+- ourport->info->def_clk_sel; |
1534 |
+ for (cnt = 0; cnt < info->num_clks; cnt++) { |
1535 |
+- if (!(clk_sel & (1 << cnt))) |
1536 |
++ /* Keep selected clock if provided */ |
1537 |
++ if (ourport->cfg->clk_sel && |
1538 |
++ !(ourport->cfg->clk_sel & (1 << cnt))) |
1539 |
+ continue; |
1540 |
+ |
1541 |
+ sprintf(clkname, "clk_uart_baud%d", cnt); |
1542 |
+diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c |
1543 |
+index 0e4f54832fc79..01aeffcdf9849 100644 |
1544 |
+--- a/drivers/tty/vt/vt.c |
1545 |
++++ b/drivers/tty/vt/vt.c |
1546 |
+@@ -2484,7 +2484,7 @@ static void console_callback(struct work_struct *ignored) |
1547 |
+ if (scrollback_delta) { |
1548 |
+ struct vc_data *vc = vc_cons[fg_console].d; |
1549 |
+ clear_selection(); |
1550 |
+- if (vc->vc_mode == KD_TEXT) |
1551 |
++ if (vc->vc_mode == KD_TEXT && vc->vc_sw->con_scrolldelta) |
1552 |
+ vc->vc_sw->con_scrolldelta(vc, scrollback_delta); |
1553 |
+ scrollback_delta = 0; |
1554 |
+ } |
1555 |
+diff --git a/drivers/usb/host/ehci-mv.c b/drivers/usb/host/ehci-mv.c |
1556 |
+index 849806a75f1ce..b29610899c9f6 100644 |
1557 |
+--- a/drivers/usb/host/ehci-mv.c |
1558 |
++++ b/drivers/usb/host/ehci-mv.c |
1559 |
+@@ -196,12 +196,10 @@ static int mv_ehci_probe(struct platform_device *pdev) |
1560 |
+ hcd->rsrc_len = resource_size(r); |
1561 |
+ hcd->regs = ehci_mv->op_regs; |
1562 |
+ |
1563 |
+- hcd->irq = platform_get_irq(pdev, 0); |
1564 |
+- if (!hcd->irq) { |
1565 |
+- dev_err(&pdev->dev, "Cannot get irq."); |
1566 |
+- retval = -ENODEV; |
1567 |
++ retval = platform_get_irq(pdev, 0); |
1568 |
++ if (retval < 0) |
1569 |
+ goto err_disable_clk; |
1570 |
+- } |
1571 |
++ hcd->irq = retval; |
1572 |
+ |
1573 |
+ ehci = hcd_to_ehci(hcd); |
1574 |
+ ehci->caps = (struct ehci_caps *) ehci_mv->cap_regs; |
1575 |
+diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c |
1576 |
+index 7a82735d53087..8276ef7f3e834 100644 |
1577 |
+--- a/drivers/vfio/pci/vfio_pci.c |
1578 |
++++ b/drivers/vfio/pci/vfio_pci.c |
1579 |
+@@ -255,6 +255,19 @@ static void vfio_pci_release(void *device_data) |
1580 |
+ if (!(--vdev->refcnt)) { |
1581 |
+ vfio_spapr_pci_eeh_release(vdev->pdev); |
1582 |
+ vfio_pci_disable(vdev); |
1583 |
++ mutex_lock(&vdev->igate); |
1584 |
++ if (vdev->err_trigger) { |
1585 |
++ eventfd_ctx_put(vdev->err_trigger); |
1586 |
++ vdev->err_trigger = NULL; |
1587 |
++ } |
1588 |
++ mutex_unlock(&vdev->igate); |
1589 |
++ |
1590 |
++ mutex_lock(&vdev->igate); |
1591 |
++ if (vdev->req_trigger) { |
1592 |
++ eventfd_ctx_put(vdev->req_trigger); |
1593 |
++ vdev->req_trigger = NULL; |
1594 |
++ } |
1595 |
++ mutex_unlock(&vdev->igate); |
1596 |
+ } |
1597 |
+ |
1598 |
+ mutex_unlock(&driver_lock); |
1599 |
+diff --git a/drivers/video/fbdev/omap2/dss/omapdss-boot-init.c b/drivers/video/fbdev/omap2/dss/omapdss-boot-init.c |
1600 |
+index 8b6f6d5fdd68b..43186fa8a13c9 100644 |
1601 |
+--- a/drivers/video/fbdev/omap2/dss/omapdss-boot-init.c |
1602 |
++++ b/drivers/video/fbdev/omap2/dss/omapdss-boot-init.c |
1603 |
+@@ -194,7 +194,7 @@ static int __init omapdss_boot_init(void) |
1604 |
+ dss = of_find_matching_node(NULL, omapdss_of_match); |
1605 |
+ |
1606 |
+ if (dss == NULL || !of_device_is_available(dss)) |
1607 |
+- return 0; |
1608 |
++ goto put_node; |
1609 |
+ |
1610 |
+ omapdss_walk_device(dss, true); |
1611 |
+ |
1612 |
+@@ -221,6 +221,8 @@ static int __init omapdss_boot_init(void) |
1613 |
+ kfree(n); |
1614 |
+ } |
1615 |
+ |
1616 |
++put_node: |
1617 |
++ of_node_put(dss); |
1618 |
+ return 0; |
1619 |
+ } |
1620 |
+ |
1621 |
+diff --git a/fs/block_dev.c b/fs/block_dev.c |
1622 |
+index b2ebfd96785b7..a71d442ef7d0e 100644 |
1623 |
+--- a/fs/block_dev.c |
1624 |
++++ b/fs/block_dev.c |
1625 |
+@@ -1515,6 +1515,16 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part) |
1626 |
+ struct gendisk *disk = bdev->bd_disk; |
1627 |
+ struct block_device *victim = NULL; |
1628 |
+ |
1629 |
++ /* |
1630 |
++ * Sync early if it looks like we're the last one. If someone else |
1631 |
++ * opens the block device between now and the decrement of bd_openers |
1632 |
++ * then we did a sync that we didn't need to, but that's not the end |
1633 |
++ * of the world and we want to avoid long (could be several minute) |
1634 |
++ * syncs while holding the mutex. |
1635 |
++ */ |
1636 |
++ if (bdev->bd_openers == 1) |
1637 |
++ sync_blockdev(bdev); |
1638 |
++ |
1639 |
+ mutex_lock_nested(&bdev->bd_mutex, for_part); |
1640 |
+ if (for_part) |
1641 |
+ bdev->bd_part_count--; |
1642 |
+diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c |
1643 |
+index 3d0497421e62b..49e693232916f 100644 |
1644 |
+--- a/fs/ceph/caps.c |
1645 |
++++ b/fs/ceph/caps.c |
1646 |
+@@ -1777,12 +1777,24 @@ ack: |
1647 |
+ if (mutex_trylock(&session->s_mutex) == 0) { |
1648 |
+ dout("inverting session/ino locks on %p\n", |
1649 |
+ session); |
1650 |
++ session = ceph_get_mds_session(session); |
1651 |
+ spin_unlock(&ci->i_ceph_lock); |
1652 |
+ if (took_snap_rwsem) { |
1653 |
+ up_read(&mdsc->snap_rwsem); |
1654 |
+ took_snap_rwsem = 0; |
1655 |
+ } |
1656 |
+- mutex_lock(&session->s_mutex); |
1657 |
++ if (session) { |
1658 |
++ mutex_lock(&session->s_mutex); |
1659 |
++ ceph_put_mds_session(session); |
1660 |
++ } else { |
1661 |
++ /* |
1662 |
++ * Because we take the reference while |
1663 |
++ * holding the i_ceph_lock, it should |
1664 |
++ * never be NULL. Throw a warning if it |
1665 |
++ * ever is. |
1666 |
++ */ |
1667 |
++ WARN_ON_ONCE(true); |
1668 |
++ } |
1669 |
+ goto retry; |
1670 |
+ } |
1671 |
+ } |
1672 |
+diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c |
1673 |
+index 8142f6bf3d310..fc265f4b839ae 100644 |
1674 |
+--- a/fs/fuse/dev.c |
1675 |
++++ b/fs/fuse/dev.c |
1676 |
+@@ -850,7 +850,6 @@ static int fuse_check_page(struct page *page) |
1677 |
+ { |
1678 |
+ if (page_mapcount(page) || |
1679 |
+ page->mapping != NULL || |
1680 |
+- page_count(page) != 1 || |
1681 |
+ (page->flags & PAGE_FLAGS_CHECK_AT_PREP & |
1682 |
+ ~(1 << PG_locked | |
1683 |
+ 1 << PG_referenced | |
1684 |
+diff --git a/fs/ubifs/io.c b/fs/ubifs/io.c |
1685 |
+index 97be412153328..9213a9e046ae0 100644 |
1686 |
+--- a/fs/ubifs/io.c |
1687 |
++++ b/fs/ubifs/io.c |
1688 |
+@@ -237,7 +237,7 @@ int ubifs_is_mapped(const struct ubifs_info *c, int lnum) |
1689 |
+ int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, |
1690 |
+ int offs, int quiet, int must_chk_crc) |
1691 |
+ { |
1692 |
+- int err = -EINVAL, type, node_len; |
1693 |
++ int err = -EINVAL, type, node_len, dump_node = 1; |
1694 |
+ uint32_t crc, node_crc, magic; |
1695 |
+ const struct ubifs_ch *ch = buf; |
1696 |
+ |
1697 |
+@@ -290,10 +290,22 @@ int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, |
1698 |
+ out_len: |
1699 |
+ if (!quiet) |
1700 |
+ ubifs_err(c, "bad node length %d", node_len); |
1701 |
++ if (type == UBIFS_DATA_NODE && node_len > UBIFS_DATA_NODE_SZ) |
1702 |
++ dump_node = 0; |
1703 |
+ out: |
1704 |
+ if (!quiet) { |
1705 |
+ ubifs_err(c, "bad node at LEB %d:%d", lnum, offs); |
1706 |
+- ubifs_dump_node(c, buf); |
1707 |
++ if (dump_node) { |
1708 |
++ ubifs_dump_node(c, buf); |
1709 |
++ } else { |
1710 |
++ int safe_len = min3(node_len, c->leb_size - offs, |
1711 |
++ (int)UBIFS_MAX_DATA_NODE_SZ); |
1712 |
++ pr_err("\tprevent out-of-bounds memory access\n"); |
1713 |
++ pr_err("\ttruncated data node length %d\n", safe_len); |
1714 |
++ pr_err("\tcorrupted data node:\n"); |
1715 |
++ print_hex_dump(KERN_ERR, "\t", DUMP_PREFIX_OFFSET, 32, 1, |
1716 |
++ buf, safe_len, 0); |
1717 |
++ } |
1718 |
+ dump_stack(); |
1719 |
+ } |
1720 |
+ return err; |
1721 |
+diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c |
1722 |
+index da8747b870df3..4539ff4d351f9 100644 |
1723 |
+--- a/fs/xfs/libxfs/xfs_attr_leaf.c |
1724 |
++++ b/fs/xfs/libxfs/xfs_attr_leaf.c |
1725 |
+@@ -1326,7 +1326,9 @@ xfs_attr3_leaf_add_work( |
1726 |
+ for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { |
1727 |
+ if (ichdr->freemap[i].base == tmp) { |
1728 |
+ ichdr->freemap[i].base += sizeof(xfs_attr_leaf_entry_t); |
1729 |
+- ichdr->freemap[i].size -= sizeof(xfs_attr_leaf_entry_t); |
1730 |
++ ichdr->freemap[i].size -= |
1731 |
++ min_t(uint16_t, ichdr->freemap[i].size, |
1732 |
++ sizeof(xfs_attr_leaf_entry_t)); |
1733 |
+ } |
1734 |
+ } |
1735 |
+ ichdr->usedbytes += xfs_attr_leaf_entsize(leaf, args->index); |
1736 |
+diff --git a/include/linux/libata.h b/include/linux/libata.h |
1737 |
+index af561d33221d6..ec49344f7555d 100644 |
1738 |
+--- a/include/linux/libata.h |
1739 |
++++ b/include/linux/libata.h |
1740 |
+@@ -500,6 +500,7 @@ enum hsm_task_states { |
1741 |
+ }; |
1742 |
+ |
1743 |
+ enum ata_completion_errors { |
1744 |
++ AC_ERR_OK = 0, /* no error */ |
1745 |
+ AC_ERR_DEV = (1 << 0), /* device reported error */ |
1746 |
+ AC_ERR_HSM = (1 << 1), /* host state machine violation */ |
1747 |
+ AC_ERR_TIMEOUT = (1 << 2), /* timeout */ |
1748 |
+@@ -896,9 +897,9 @@ struct ata_port_operations { |
1749 |
+ /* |
1750 |
+ * Command execution |
1751 |
+ */ |
1752 |
+- int (*qc_defer)(struct ata_queued_cmd *qc); |
1753 |
+- int (*check_atapi_dma)(struct ata_queued_cmd *qc); |
1754 |
+- void (*qc_prep)(struct ata_queued_cmd *qc); |
1755 |
++ int (*qc_defer)(struct ata_queued_cmd *qc); |
1756 |
++ int (*check_atapi_dma)(struct ata_queued_cmd *qc); |
1757 |
++ enum ata_completion_errors (*qc_prep)(struct ata_queued_cmd *qc); |
1758 |
+ unsigned int (*qc_issue)(struct ata_queued_cmd *qc); |
1759 |
+ bool (*qc_fill_rtf)(struct ata_queued_cmd *qc); |
1760 |
+ |
1761 |
+@@ -1190,7 +1191,7 @@ extern int ata_xfer_mode2shift(unsigned long xfer_mode); |
1762 |
+ extern const char *ata_mode_string(unsigned long xfer_mask); |
1763 |
+ extern unsigned long ata_id_xfermask(const u16 *id); |
1764 |
+ extern int ata_std_qc_defer(struct ata_queued_cmd *qc); |
1765 |
+-extern void ata_noop_qc_prep(struct ata_queued_cmd *qc); |
1766 |
++extern enum ata_completion_errors ata_noop_qc_prep(struct ata_queued_cmd *qc); |
1767 |
+ extern void ata_sg_init(struct ata_queued_cmd *qc, struct scatterlist *sg, |
1768 |
+ unsigned int n_elem); |
1769 |
+ extern unsigned int ata_dev_classify(const struct ata_taskfile *tf); |
1770 |
+@@ -1881,9 +1882,9 @@ extern const struct ata_port_operations ata_bmdma_port_ops; |
1771 |
+ .sg_tablesize = LIBATA_MAX_PRD, \ |
1772 |
+ .dma_boundary = ATA_DMA_BOUNDARY |
1773 |
+ |
1774 |
+-extern void ata_bmdma_qc_prep(struct ata_queued_cmd *qc); |
1775 |
++extern enum ata_completion_errors ata_bmdma_qc_prep(struct ata_queued_cmd *qc); |
1776 |
+ extern unsigned int ata_bmdma_qc_issue(struct ata_queued_cmd *qc); |
1777 |
+-extern void ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc); |
1778 |
++extern enum ata_completion_errors ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc); |
1779 |
+ extern unsigned int ata_bmdma_port_intr(struct ata_port *ap, |
1780 |
+ struct ata_queued_cmd *qc); |
1781 |
+ extern irqreturn_t ata_bmdma_interrupt(int irq, void *dev_instance); |
1782 |
+diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h |
1783 |
+index 676d3d2a1a0a9..d8bae7cb86f39 100644 |
1784 |
+--- a/include/linux/mtd/map.h |
1785 |
++++ b/include/linux/mtd/map.h |
1786 |
+@@ -307,7 +307,7 @@ void map_destroy(struct mtd_info *mtd); |
1787 |
+ ({ \ |
1788 |
+ int i, ret = 1; \ |
1789 |
+ for (i = 0; i < map_words(map); i++) { \ |
1790 |
+- if (((val1).x[i] & (val2).x[i]) != (val2).x[i]) { \ |
1791 |
++ if (((val1).x[i] & (val2).x[i]) != (val3).x[i]) { \ |
1792 |
+ ret = 0; \ |
1793 |
+ break; \ |
1794 |
+ } \ |
1795 |
+diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h |
1796 |
+index e0582106ef4fa..a10f363784178 100644 |
1797 |
+--- a/include/linux/seqlock.h |
1798 |
++++ b/include/linux/seqlock.h |
1799 |
+@@ -242,6 +242,13 @@ static inline void raw_write_seqcount_end(seqcount_t *s) |
1800 |
+ * usual consistency guarantee. It is one wmb cheaper, because we can |
1801 |
+ * collapse the two back-to-back wmb()s. |
1802 |
+ * |
1803 |
++ * Note that, writes surrounding the barrier should be declared atomic (e.g. |
1804 |
++ * via WRITE_ONCE): a) to ensure the writes become visible to other threads |
1805 |
++ * atomically, avoiding compiler optimizations; b) to document which writes are |
1806 |
++ * meant to propagate to the reader critical section. This is necessary because |
1807 |
++ * neither writes before and after the barrier are enclosed in a seq-writer |
1808 |
++ * critical section that would ensure readers are aware of ongoing writes. |
1809 |
++ * |
1810 |
+ * seqcount_t seq; |
1811 |
+ * bool X = true, Y = false; |
1812 |
+ * |
1813 |
+@@ -261,11 +268,11 @@ static inline void raw_write_seqcount_end(seqcount_t *s) |
1814 |
+ * |
1815 |
+ * void write(void) |
1816 |
+ * { |
1817 |
+- * Y = true; |
1818 |
++ * WRITE_ONCE(Y, true); |
1819 |
+ * |
1820 |
+ * raw_write_seqcount_barrier(seq); |
1821 |
+ * |
1822 |
+- * X = false; |
1823 |
++ * WRITE_ONCE(X, false); |
1824 |
+ * } |
1825 |
+ */ |
1826 |
+ static inline void raw_write_seqcount_barrier(seqcount_t *s) |
1827 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
1828 |
+index 735ff1525f485..95feb153fe9a8 100644 |
1829 |
+--- a/include/linux/skbuff.h |
1830 |
++++ b/include/linux/skbuff.h |
1831 |
+@@ -1438,6 +1438,18 @@ static inline __u32 skb_queue_len(const struct sk_buff_head *list_) |
1832 |
+ return list_->qlen; |
1833 |
+ } |
1834 |
+ |
1835 |
++/** |
1836 |
++ * skb_queue_len_lockless - get queue length |
1837 |
++ * @list_: list to measure |
1838 |
++ * |
1839 |
++ * Return the length of an &sk_buff queue. |
1840 |
++ * This variant can be used in lockless contexts. |
1841 |
++ */ |
1842 |
++static inline __u32 skb_queue_len_lockless(const struct sk_buff_head *list_) |
1843 |
++{ |
1844 |
++ return READ_ONCE(list_->qlen); |
1845 |
++} |
1846 |
++ |
1847 |
+ /** |
1848 |
+ * __skb_queue_head_init - initialize non-spinlock portions of sk_buff_head |
1849 |
+ * @list: queue to initialize |
1850 |
+@@ -1641,7 +1653,7 @@ static inline void __skb_unlink(struct sk_buff *skb, struct sk_buff_head *list) |
1851 |
+ { |
1852 |
+ struct sk_buff *next, *prev; |
1853 |
+ |
1854 |
+- list->qlen--; |
1855 |
++ WRITE_ONCE(list->qlen, list->qlen - 1); |
1856 |
+ next = skb->next; |
1857 |
+ prev = skb->prev; |
1858 |
+ skb->next = skb->prev = NULL; |
1859 |
+@@ -2651,7 +2663,7 @@ static inline int skb_padto(struct sk_buff *skb, unsigned int len) |
1860 |
+ * is untouched. Otherwise it is extended. Returns zero on |
1861 |
+ * success. The skb is freed on error. |
1862 |
+ */ |
1863 |
+-static inline int skb_put_padto(struct sk_buff *skb, unsigned int len) |
1864 |
++static inline int __must_check skb_put_padto(struct sk_buff *skb, unsigned int len) |
1865 |
+ { |
1866 |
+ unsigned int size = skb->len; |
1867 |
+ |
1868 |
+diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c |
1869 |
+index f45a9a5d3e47a..af453f3c2b3dd 100644 |
1870 |
+--- a/kernel/audit_watch.c |
1871 |
++++ b/kernel/audit_watch.c |
1872 |
+@@ -316,8 +316,6 @@ static void audit_update_watch(struct audit_parent *parent, |
1873 |
+ if (oentry->rule.exe) |
1874 |
+ audit_remove_mark(oentry->rule.exe); |
1875 |
+ |
1876 |
+- audit_watch_log_rule_change(r, owatch, "updated_rules"); |
1877 |
+- |
1878 |
+ call_rcu(&oentry->rcu, audit_free_rule_rcu); |
1879 |
+ } |
1880 |
+ |
1881 |
+diff --git a/kernel/kprobes.c b/kernel/kprobes.c |
1882 |
+index 9241a29a1f9de..33c37dbc56a05 100644 |
1883 |
+--- a/kernel/kprobes.c |
1884 |
++++ b/kernel/kprobes.c |
1885 |
+@@ -2012,6 +2012,9 @@ static void kill_kprobe(struct kprobe *p) |
1886 |
+ { |
1887 |
+ struct kprobe *kp; |
1888 |
+ |
1889 |
++ if (WARN_ON_ONCE(kprobe_gone(p))) |
1890 |
++ return; |
1891 |
++ |
1892 |
+ p->flags |= KPROBE_FLAG_GONE; |
1893 |
+ if (kprobe_aggrprobe(p)) { |
1894 |
+ /* |
1895 |
+@@ -2032,9 +2035,10 @@ static void kill_kprobe(struct kprobe *p) |
1896 |
+ |
1897 |
+ /* |
1898 |
+ * The module is going away. We should disarm the kprobe which |
1899 |
+- * is using ftrace. |
1900 |
++ * is using ftrace, because ftrace framework is still available at |
1901 |
++ * MODULE_STATE_GOING notification. |
1902 |
+ */ |
1903 |
+- if (kprobe_ftrace(p)) |
1904 |
++ if (kprobe_ftrace(p) && !kprobe_disabled(p) && !kprobes_all_disarmed) |
1905 |
+ disarm_kprobe_ftrace(p); |
1906 |
+ } |
1907 |
+ |
1908 |
+@@ -2154,7 +2158,10 @@ static int kprobes_module_callback(struct notifier_block *nb, |
1909 |
+ mutex_lock(&kprobe_mutex); |
1910 |
+ for (i = 0; i < KPROBE_TABLE_SIZE; i++) { |
1911 |
+ head = &kprobe_table[i]; |
1912 |
+- hlist_for_each_entry_rcu(p, head, hlist) |
1913 |
++ hlist_for_each_entry_rcu(p, head, hlist) { |
1914 |
++ if (kprobe_gone(p)) |
1915 |
++ continue; |
1916 |
++ |
1917 |
+ if (within_module_init((unsigned long)p->addr, mod) || |
1918 |
+ (checkcore && |
1919 |
+ within_module_core((unsigned long)p->addr, mod))) { |
1920 |
+@@ -2165,6 +2172,7 @@ static int kprobes_module_callback(struct notifier_block *nb, |
1921 |
+ */ |
1922 |
+ kill_kprobe(p); |
1923 |
+ } |
1924 |
++ } |
1925 |
+ } |
1926 |
+ mutex_unlock(&kprobe_mutex); |
1927 |
+ return NOTIFY_DONE; |
1928 |
+diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c |
1929 |
+index e53a976ca28ea..b55dfb3e801f9 100644 |
1930 |
+--- a/kernel/printk/printk.c |
1931 |
++++ b/kernel/printk/printk.c |
1932 |
+@@ -2032,6 +2032,9 @@ static int __init console_setup(char *str) |
1933 |
+ char *s, *options, *brl_options = NULL; |
1934 |
+ int idx; |
1935 |
+ |
1936 |
++ if (str[0] == 0) |
1937 |
++ return 1; |
1938 |
++ |
1939 |
+ if (_braille_console_setup(&str, &brl_options)) |
1940 |
+ return 1; |
1941 |
+ |
1942 |
+diff --git a/kernel/sys.c b/kernel/sys.c |
1943 |
+index 1855f1bf113e4..e98664039cb23 100644 |
1944 |
+--- a/kernel/sys.c |
1945 |
++++ b/kernel/sys.c |
1946 |
+@@ -1183,11 +1183,13 @@ SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) |
1947 |
+ |
1948 |
+ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) |
1949 |
+ { |
1950 |
+- struct oldold_utsname tmp = {}; |
1951 |
++ struct oldold_utsname tmp; |
1952 |
+ |
1953 |
+ if (!name) |
1954 |
+ return -EFAULT; |
1955 |
+ |
1956 |
++ memset(&tmp, 0, sizeof(tmp)); |
1957 |
++ |
1958 |
+ down_read(&uts_sem); |
1959 |
+ memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN); |
1960 |
+ memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN); |
1961 |
+diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
1962 |
+index e4c6f89b6b11f..89ed01911a9a2 100644 |
1963 |
+--- a/kernel/trace/ftrace.c |
1964 |
++++ b/kernel/trace/ftrace.c |
1965 |
+@@ -2823,8 +2823,11 @@ static int referenced_filters(struct dyn_ftrace *rec) |
1966 |
+ int cnt = 0; |
1967 |
+ |
1968 |
+ for (ops = ftrace_ops_list; ops != &ftrace_list_end; ops = ops->next) { |
1969 |
+- if (ops_references_rec(ops, rec)) |
1970 |
+- cnt++; |
1971 |
++ if (ops_references_rec(ops, rec)) { |
1972 |
++ cnt++; |
1973 |
++ if (ops->flags & FTRACE_OPS_FL_SAVE_REGS) |
1974 |
++ rec->flags |= FTRACE_FL_REGS; |
1975 |
++ } |
1976 |
+ } |
1977 |
+ |
1978 |
+ return cnt; |
1979 |
+@@ -2874,7 +2877,7 @@ static int ftrace_update_code(struct module *mod, struct ftrace_page *new_pgs) |
1980 |
+ p = &pg->records[i]; |
1981 |
+ if (test) |
1982 |
+ cnt += referenced_filters(p); |
1983 |
+- p->flags = cnt; |
1984 |
++ p->flags += cnt; |
1985 |
+ |
1986 |
+ /* |
1987 |
+ * Do the initial record conversion from mcount jump |
1988 |
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
1989 |
+index 06efd18bf3e38..e4a0c0308b507 100644 |
1990 |
+--- a/kernel/trace/trace.c |
1991 |
++++ b/kernel/trace/trace.c |
1992 |
+@@ -2271,6 +2271,9 @@ int trace_array_printk(struct trace_array *tr, |
1993 |
+ if (!(global_trace.trace_flags & TRACE_ITER_PRINTK)) |
1994 |
+ return 0; |
1995 |
+ |
1996 |
++ if (!tr) |
1997 |
++ return -ENOENT; |
1998 |
++ |
1999 |
+ va_start(ap, fmt); |
2000 |
+ ret = trace_array_vprintk(tr, ip, fmt, ap); |
2001 |
+ va_end(ap); |
2002 |
+@@ -7260,7 +7263,7 @@ __init static int tracer_alloc_buffers(void) |
2003 |
+ goto out_free_buffer_mask; |
2004 |
+ |
2005 |
+ /* Only allocate trace_printk buffers if a trace_printk exists */ |
2006 |
+- if (__stop___trace_bprintk_fmt != __start___trace_bprintk_fmt) |
2007 |
++ if (&__stop___trace_bprintk_fmt != &__start___trace_bprintk_fmt) |
2008 |
+ /* Must be called before global_trace.buffer is allocated */ |
2009 |
+ trace_printk_init_buffers(); |
2010 |
+ |
2011 |
+diff --git a/kernel/trace/trace_entries.h b/kernel/trace/trace_entries.h |
2012 |
+index ee7b94a4810af..246db27dbdc99 100644 |
2013 |
+--- a/kernel/trace/trace_entries.h |
2014 |
++++ b/kernel/trace/trace_entries.h |
2015 |
+@@ -178,7 +178,7 @@ FTRACE_ENTRY(kernel_stack, stack_entry, |
2016 |
+ |
2017 |
+ F_STRUCT( |
2018 |
+ __field( int, size ) |
2019 |
+- __dynamic_array(unsigned long, caller ) |
2020 |
++ __array( unsigned long, caller, FTRACE_STACK_ENTRIES ) |
2021 |
+ ), |
2022 |
+ |
2023 |
+ F_printk("\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n" |
2024 |
+diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c |
2025 |
+index bd4c0bb61ad72..9d6e755d17546 100644 |
2026 |
+--- a/kernel/trace/trace_events.c |
2027 |
++++ b/kernel/trace/trace_events.c |
2028 |
+@@ -755,6 +755,8 @@ static int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set) |
2029 |
+ char *event = NULL, *sub = NULL, *match; |
2030 |
+ int ret; |
2031 |
+ |
2032 |
++ if (!tr) |
2033 |
++ return -ENOENT; |
2034 |
+ /* |
2035 |
+ * The buf format can be <subsystem>:<event-name> |
2036 |
+ * *:<event-name> means any event by that name. |
2037 |
+diff --git a/lib/string.c b/lib/string.c |
2038 |
+index c7cf65ac42ad7..c9983dc01e727 100644 |
2039 |
+--- a/lib/string.c |
2040 |
++++ b/lib/string.c |
2041 |
+@@ -235,6 +235,30 @@ ssize_t strscpy(char *dest, const char *src, size_t count) |
2042 |
+ EXPORT_SYMBOL(strscpy); |
2043 |
+ #endif |
2044 |
+ |
2045 |
++/** |
2046 |
++ * stpcpy - copy a string from src to dest returning a pointer to the new end |
2047 |
++ * of dest, including src's %NUL-terminator. May overrun dest. |
2048 |
++ * @dest: pointer to end of string being copied into. Must be large enough |
2049 |
++ * to receive copy. |
2050 |
++ * @src: pointer to the beginning of string being copied from. Must not overlap |
2051 |
++ * dest. |
2052 |
++ * |
2053 |
++ * stpcpy differs from strcpy in a key way: the return value is a pointer |
2054 |
++ * to the new %NUL-terminating character in @dest. (For strcpy, the return |
2055 |
++ * value is a pointer to the start of @dest). This interface is considered |
2056 |
++ * unsafe as it doesn't perform bounds checking of the inputs. As such it's |
2057 |
++ * not recommended for usage. Instead, its definition is provided in case |
2058 |
++ * the compiler lowers other libcalls to stpcpy. |
2059 |
++ */ |
2060 |
++char *stpcpy(char *__restrict__ dest, const char *__restrict__ src); |
2061 |
++char *stpcpy(char *__restrict__ dest, const char *__restrict__ src) |
2062 |
++{ |
2063 |
++ while ((*dest++ = *src++) != '\0') |
2064 |
++ /* nothing */; |
2065 |
++ return --dest; |
2066 |
++} |
2067 |
++EXPORT_SYMBOL(stpcpy); |
2068 |
++ |
2069 |
+ #ifndef __HAVE_ARCH_STRCAT |
2070 |
+ /** |
2071 |
+ * strcat - Append one %NUL-terminated string to another |
2072 |
+diff --git a/mm/filemap.c b/mm/filemap.c |
2073 |
+index f217120973ebe..3d0a0e409cbf5 100644 |
2074 |
+--- a/mm/filemap.c |
2075 |
++++ b/mm/filemap.c |
2076 |
+@@ -2313,6 +2313,14 @@ filler: |
2077 |
+ unlock_page(page); |
2078 |
+ goto out; |
2079 |
+ } |
2080 |
++ |
2081 |
++ /* |
2082 |
++ * A previous I/O error may have been due to temporary |
2083 |
++ * failures. |
2084 |
++ * Clear page error before actual read, PG_error will be |
2085 |
++ * set again if read page fails. |
2086 |
++ */ |
2087 |
++ ClearPageError(page); |
2088 |
+ goto filler; |
2089 |
+ |
2090 |
+ out: |
2091 |
+diff --git a/mm/mmap.c b/mm/mmap.c |
2092 |
+index 135cccce41f88..d48a654cbd237 100644 |
2093 |
+--- a/mm/mmap.c |
2094 |
++++ b/mm/mmap.c |
2095 |
+@@ -1993,6 +1993,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, |
2096 |
+ info.low_limit = mm->mmap_base; |
2097 |
+ info.high_limit = TASK_SIZE; |
2098 |
+ info.align_mask = 0; |
2099 |
++ info.align_offset = 0; |
2100 |
+ return vm_unmapped_area(&info); |
2101 |
+ } |
2102 |
+ #endif |
2103 |
+@@ -2034,6 +2035,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
2104 |
+ info.low_limit = max(PAGE_SIZE, mmap_min_addr); |
2105 |
+ info.high_limit = mm->mmap_base; |
2106 |
+ info.align_mask = 0; |
2107 |
++ info.align_offset = 0; |
2108 |
+ addr = vm_unmapped_area(&info); |
2109 |
+ |
2110 |
+ /* |
2111 |
+diff --git a/mm/pagewalk.c b/mm/pagewalk.c |
2112 |
+index c2cbd26201696..a024667a9c041 100644 |
2113 |
+--- a/mm/pagewalk.c |
2114 |
++++ b/mm/pagewalk.c |
2115 |
+@@ -14,9 +14,9 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, |
2116 |
+ err = walk->pte_entry(pte, addr, addr + PAGE_SIZE, walk); |
2117 |
+ if (err) |
2118 |
+ break; |
2119 |
+- addr += PAGE_SIZE; |
2120 |
+- if (addr == end) |
2121 |
++ if (addr >= end - PAGE_SIZE) |
2122 |
+ break; |
2123 |
++ addr += PAGE_SIZE; |
2124 |
+ pte++; |
2125 |
+ } |
2126 |
+ |
2127 |
+diff --git a/net/atm/lec.c b/net/atm/lec.c |
2128 |
+index e4afac94ff158..a38680e194436 100644 |
2129 |
+--- a/net/atm/lec.c |
2130 |
++++ b/net/atm/lec.c |
2131 |
+@@ -1290,6 +1290,12 @@ static void lec_arp_clear_vccs(struct lec_arp_table *entry) |
2132 |
+ entry->vcc = NULL; |
2133 |
+ } |
2134 |
+ if (entry->recv_vcc) { |
2135 |
++ struct atm_vcc *vcc = entry->recv_vcc; |
2136 |
++ struct lec_vcc_priv *vpriv = LEC_VCC_PRIV(vcc); |
2137 |
++ |
2138 |
++ kfree(vpriv); |
2139 |
++ vcc->user_back = NULL; |
2140 |
++ |
2141 |
+ entry->recv_vcc->push = entry->old_recv_push; |
2142 |
+ vcc_release_async(entry->recv_vcc, -EPIPE); |
2143 |
+ entry->recv_vcc = NULL; |
2144 |
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c |
2145 |
+index 9aa5daa551273..1267cbb1a329a 100644 |
2146 |
+--- a/net/batman-adv/bridge_loop_avoidance.c |
2147 |
++++ b/net/batman-adv/bridge_loop_avoidance.c |
2148 |
+@@ -73,11 +73,12 @@ static inline u32 batadv_choose_claim(const void *data, u32 size) |
2149 |
+ /* return the index of the backbone gateway */ |
2150 |
+ static inline u32 batadv_choose_backbone_gw(const void *data, u32 size) |
2151 |
+ { |
2152 |
+- const struct batadv_bla_claim *claim = (struct batadv_bla_claim *)data; |
2153 |
++ const struct batadv_bla_backbone_gw *gw; |
2154 |
+ u32 hash = 0; |
2155 |
+ |
2156 |
+- hash = jhash(&claim->addr, sizeof(claim->addr), hash); |
2157 |
+- hash = jhash(&claim->vid, sizeof(claim->vid), hash); |
2158 |
++ gw = (struct batadv_bla_backbone_gw *)data; |
2159 |
++ hash = jhash(&gw->orig, sizeof(gw->orig), hash); |
2160 |
++ hash = jhash(&gw->vid, sizeof(gw->vid), hash); |
2161 |
+ |
2162 |
+ return hash % size; |
2163 |
+ } |
2164 |
+diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c |
2165 |
+index b3e8b0e3073c2..e470410abb44d 100644 |
2166 |
+--- a/net/batman-adv/routing.c |
2167 |
++++ b/net/batman-adv/routing.c |
2168 |
+@@ -782,6 +782,10 @@ static int batadv_check_unicast_ttvn(struct batadv_priv *bat_priv, |
2169 |
+ vid = batadv_get_vid(skb, hdr_len); |
2170 |
+ ethhdr = (struct ethhdr *)(skb->data + hdr_len); |
2171 |
+ |
2172 |
++ /* do not reroute multicast frames in a unicast header */ |
2173 |
++ if (is_multicast_ether_addr(ethhdr->h_dest)) |
2174 |
++ return true; |
2175 |
++ |
2176 |
+ /* check if the destination client was served by this node and it is now |
2177 |
+ * roaming. In this case, it means that the node has got a ROAM_ADV |
2178 |
+ * message and that it knows the new destination in the mesh to re-route |
2179 |
+diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c |
2180 |
+index 16cf5633eae3e..03319ab8a7c6e 100644 |
2181 |
+--- a/net/bluetooth/hci_event.c |
2182 |
++++ b/net/bluetooth/hci_event.c |
2183 |
+@@ -41,12 +41,27 @@ |
2184 |
+ |
2185 |
+ /* Handle HCI Event packets */ |
2186 |
+ |
2187 |
+-static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) |
2188 |
++static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb, |
2189 |
++ u8 *new_status) |
2190 |
+ { |
2191 |
+ __u8 status = *((__u8 *) skb->data); |
2192 |
+ |
2193 |
+ BT_DBG("%s status 0x%2.2x", hdev->name, status); |
2194 |
+ |
2195 |
++ /* It is possible that we receive Inquiry Complete event right |
2196 |
++ * before we receive Inquiry Cancel Command Complete event, in |
2197 |
++ * which case the latter event should have status of Command |
2198 |
++ * Disallowed (0x0c). This should not be treated as error, since |
2199 |
++ * we actually achieve what Inquiry Cancel wants to achieve, |
2200 |
++ * which is to end the last Inquiry session. |
2201 |
++ */ |
2202 |
++ if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) { |
2203 |
++ bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command"); |
2204 |
++ status = 0x00; |
2205 |
++ } |
2206 |
++ |
2207 |
++ *new_status = status; |
2208 |
++ |
2209 |
+ if (status) |
2210 |
+ return; |
2211 |
+ |
2212 |
+@@ -2758,7 +2773,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb, |
2213 |
+ |
2214 |
+ switch (*opcode) { |
2215 |
+ case HCI_OP_INQUIRY_CANCEL: |
2216 |
+- hci_cc_inquiry_cancel(hdev, skb); |
2217 |
++ hci_cc_inquiry_cancel(hdev, skb, status); |
2218 |
+ break; |
2219 |
+ |
2220 |
+ case HCI_OP_PERIODIC_INQ: |
2221 |
+@@ -5230,6 +5245,11 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) |
2222 |
+ u8 status = 0, event = hdr->evt, req_evt = 0; |
2223 |
+ u16 opcode = HCI_OP_NOP; |
2224 |
+ |
2225 |
++ if (!event) { |
2226 |
++ bt_dev_warn(hdev, "Received unexpected HCI Event 00000000"); |
2227 |
++ goto done; |
2228 |
++ } |
2229 |
++ |
2230 |
+ if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { |
2231 |
+ struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; |
2232 |
+ opcode = __le16_to_cpu(cmd_hdr->opcode); |
2233 |
+@@ -5441,6 +5461,7 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) |
2234 |
+ req_complete_skb(hdev, status, opcode, orig_skb); |
2235 |
+ } |
2236 |
+ |
2237 |
++done: |
2238 |
+ kfree_skb(orig_skb); |
2239 |
+ kfree_skb(skb); |
2240 |
+ hdev->stat.evt_rx++; |
2241 |
+diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
2242 |
+index 0e31bbe1256cd..f2db50da8ce2e 100644 |
2243 |
+--- a/net/bluetooth/l2cap_core.c |
2244 |
++++ b/net/bluetooth/l2cap_core.c |
2245 |
+@@ -403,6 +403,9 @@ static void l2cap_chan_timeout(struct work_struct *work) |
2246 |
+ BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); |
2247 |
+ |
2248 |
+ mutex_lock(&conn->chan_lock); |
2249 |
++ /* __set_chan_timer() calls l2cap_chan_hold(chan) while scheduling |
2250 |
++ * this work. No need to call l2cap_chan_hold(chan) here again. |
2251 |
++ */ |
2252 |
+ l2cap_chan_lock(chan); |
2253 |
+ |
2254 |
+ if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) |
2255 |
+@@ -415,12 +418,12 @@ static void l2cap_chan_timeout(struct work_struct *work) |
2256 |
+ |
2257 |
+ l2cap_chan_close(chan, reason); |
2258 |
+ |
2259 |
+- l2cap_chan_unlock(chan); |
2260 |
+- |
2261 |
+ chan->ops->close(chan); |
2262 |
+- mutex_unlock(&conn->chan_lock); |
2263 |
+ |
2264 |
++ l2cap_chan_unlock(chan); |
2265 |
+ l2cap_chan_put(chan); |
2266 |
++ |
2267 |
++ mutex_unlock(&conn->chan_lock); |
2268 |
+ } |
2269 |
+ |
2270 |
+ struct l2cap_chan *l2cap_chan_create(void) |
2271 |
+@@ -1714,9 +1717,9 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) |
2272 |
+ |
2273 |
+ l2cap_chan_del(chan, err); |
2274 |
+ |
2275 |
+- l2cap_chan_unlock(chan); |
2276 |
+- |
2277 |
+ chan->ops->close(chan); |
2278 |
++ |
2279 |
++ l2cap_chan_unlock(chan); |
2280 |
+ l2cap_chan_put(chan); |
2281 |
+ } |
2282 |
+ |
2283 |
+@@ -4093,7 +4096,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, |
2284 |
+ return 0; |
2285 |
+ } |
2286 |
+ |
2287 |
+- if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) { |
2288 |
++ if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2 && |
2289 |
++ chan->state != BT_CONNECTED) { |
2290 |
+ cmd_reject_invalid_cid(conn, cmd->ident, chan->scid, |
2291 |
+ chan->dcid); |
2292 |
+ goto unlock; |
2293 |
+@@ -4316,6 +4320,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, |
2294 |
+ return 0; |
2295 |
+ } |
2296 |
+ |
2297 |
++ l2cap_chan_hold(chan); |
2298 |
+ l2cap_chan_lock(chan); |
2299 |
+ |
2300 |
+ rsp.dcid = cpu_to_le16(chan->scid); |
2301 |
+@@ -4324,12 +4329,11 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, |
2302 |
+ |
2303 |
+ chan->ops->set_shutdown(chan); |
2304 |
+ |
2305 |
+- l2cap_chan_hold(chan); |
2306 |
+ l2cap_chan_del(chan, ECONNRESET); |
2307 |
+ |
2308 |
+- l2cap_chan_unlock(chan); |
2309 |
+- |
2310 |
+ chan->ops->close(chan); |
2311 |
++ |
2312 |
++ l2cap_chan_unlock(chan); |
2313 |
+ l2cap_chan_put(chan); |
2314 |
+ |
2315 |
+ mutex_unlock(&conn->chan_lock); |
2316 |
+@@ -4361,20 +4365,21 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, |
2317 |
+ return 0; |
2318 |
+ } |
2319 |
+ |
2320 |
++ l2cap_chan_hold(chan); |
2321 |
+ l2cap_chan_lock(chan); |
2322 |
+ |
2323 |
+ if (chan->state != BT_DISCONN) { |
2324 |
+ l2cap_chan_unlock(chan); |
2325 |
++ l2cap_chan_put(chan); |
2326 |
+ mutex_unlock(&conn->chan_lock); |
2327 |
+ return 0; |
2328 |
+ } |
2329 |
+ |
2330 |
+- l2cap_chan_hold(chan); |
2331 |
+ l2cap_chan_del(chan, 0); |
2332 |
+ |
2333 |
+- l2cap_chan_unlock(chan); |
2334 |
+- |
2335 |
+ chan->ops->close(chan); |
2336 |
++ |
2337 |
++ l2cap_chan_unlock(chan); |
2338 |
+ l2cap_chan_put(chan); |
2339 |
+ |
2340 |
+ mutex_unlock(&conn->chan_lock); |
2341 |
+diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c |
2342 |
+index d9bbbded49ef8..e562385d9440e 100644 |
2343 |
+--- a/net/bluetooth/l2cap_sock.c |
2344 |
++++ b/net/bluetooth/l2cap_sock.c |
2345 |
+@@ -1038,7 +1038,7 @@ done: |
2346 |
+ } |
2347 |
+ |
2348 |
+ /* Kill socket (only if zapped and orphan) |
2349 |
+- * Must be called on unlocked socket. |
2350 |
++ * Must be called on unlocked socket, with l2cap channel lock. |
2351 |
+ */ |
2352 |
+ static void l2cap_sock_kill(struct sock *sk) |
2353 |
+ { |
2354 |
+@@ -1189,6 +1189,7 @@ static int l2cap_sock_release(struct socket *sock) |
2355 |
+ { |
2356 |
+ struct sock *sk = sock->sk; |
2357 |
+ int err; |
2358 |
++ struct l2cap_chan *chan; |
2359 |
+ |
2360 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
2361 |
+ |
2362 |
+@@ -1198,9 +1199,17 @@ static int l2cap_sock_release(struct socket *sock) |
2363 |
+ bt_sock_unlink(&l2cap_sk_list, sk); |
2364 |
+ |
2365 |
+ err = l2cap_sock_shutdown(sock, 2); |
2366 |
++ chan = l2cap_pi(sk)->chan; |
2367 |
++ |
2368 |
++ l2cap_chan_hold(chan); |
2369 |
++ l2cap_chan_lock(chan); |
2370 |
+ |
2371 |
+ sock_orphan(sk); |
2372 |
+ l2cap_sock_kill(sk); |
2373 |
++ |
2374 |
++ l2cap_chan_unlock(chan); |
2375 |
++ l2cap_chan_put(chan); |
2376 |
++ |
2377 |
+ return err; |
2378 |
+ } |
2379 |
+ |
2380 |
+@@ -1218,12 +1227,15 @@ static void l2cap_sock_cleanup_listen(struct sock *parent) |
2381 |
+ BT_DBG("child chan %p state %s", chan, |
2382 |
+ state_to_string(chan->state)); |
2383 |
+ |
2384 |
++ l2cap_chan_hold(chan); |
2385 |
+ l2cap_chan_lock(chan); |
2386 |
++ |
2387 |
+ __clear_chan_timer(chan); |
2388 |
+ l2cap_chan_close(chan, ECONNRESET); |
2389 |
+- l2cap_chan_unlock(chan); |
2390 |
+- |
2391 |
+ l2cap_sock_kill(sk); |
2392 |
++ |
2393 |
++ l2cap_chan_unlock(chan); |
2394 |
++ l2cap_chan_put(chan); |
2395 |
+ } |
2396 |
+ } |
2397 |
+ |
2398 |
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c |
2399 |
+index 9849f1f4cf4f7..40d33431bc585 100644 |
2400 |
+--- a/net/core/neighbour.c |
2401 |
++++ b/net/core/neighbour.c |
2402 |
+@@ -2798,6 +2798,7 @@ static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
2403 |
+ *pos = cpu+1; |
2404 |
+ return per_cpu_ptr(tbl->stats, cpu); |
2405 |
+ } |
2406 |
++ (*pos)++; |
2407 |
+ return NULL; |
2408 |
+ } |
2409 |
+ |
2410 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
2411 |
+index d940c9e0eb024..0355f125d8361 100644 |
2412 |
+--- a/net/ipv4/ip_output.c |
2413 |
++++ b/net/ipv4/ip_output.c |
2414 |
+@@ -73,6 +73,7 @@ |
2415 |
+ #include <net/icmp.h> |
2416 |
+ #include <net/checksum.h> |
2417 |
+ #include <net/inetpeer.h> |
2418 |
++#include <net/inet_ecn.h> |
2419 |
+ #include <linux/igmp.h> |
2420 |
+ #include <linux/netfilter_ipv4.h> |
2421 |
+ #include <linux/netfilter_bridge.h> |
2422 |
+@@ -1597,7 +1598,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb, |
2423 |
+ if (IS_ERR(rt)) |
2424 |
+ return; |
2425 |
+ |
2426 |
+- inet_sk(sk)->tos = arg->tos; |
2427 |
++ inet_sk(sk)->tos = arg->tos & ~INET_ECN_MASK; |
2428 |
+ |
2429 |
+ sk->sk_priority = skb->priority; |
2430 |
+ sk->sk_protocol = ip_hdr(skb)->protocol; |
2431 |
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
2432 |
+index 542f6e0f438f1..ea1c319100a5d 100644 |
2433 |
+--- a/net/ipv4/route.c |
2434 |
++++ b/net/ipv4/route.c |
2435 |
+@@ -271,6 +271,7 @@ static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
2436 |
+ *pos = cpu+1; |
2437 |
+ return &per_cpu(rt_cache_stat, cpu); |
2438 |
+ } |
2439 |
++ (*pos)++; |
2440 |
+ return NULL; |
2441 |
+ |
2442 |
+ } |
2443 |
+diff --git a/net/key/af_key.c b/net/key/af_key.c |
2444 |
+index d2ec620319d76..76a008b1cbe5f 100644 |
2445 |
+--- a/net/key/af_key.c |
2446 |
++++ b/net/key/af_key.c |
2447 |
+@@ -1873,6 +1873,13 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_ms |
2448 |
+ if (ext_hdrs[SADB_X_EXT_FILTER - 1]) { |
2449 |
+ struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1]; |
2450 |
+ |
2451 |
++ if ((xfilter->sadb_x_filter_splen >= |
2452 |
++ (sizeof(xfrm_address_t) << 3)) || |
2453 |
++ (xfilter->sadb_x_filter_dplen >= |
2454 |
++ (sizeof(xfrm_address_t) << 3))) { |
2455 |
++ mutex_unlock(&pfk->dump_lock); |
2456 |
++ return -EINVAL; |
2457 |
++ } |
2458 |
+ filter = kmalloc(sizeof(*filter), GFP_KERNEL); |
2459 |
+ if (filter == NULL) { |
2460 |
+ mutex_unlock(&pfk->dump_lock); |
2461 |
+diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c |
2462 |
+index 2b8e80c721db1..a7cd031656801 100644 |
2463 |
+--- a/net/sunrpc/svc_xprt.c |
2464 |
++++ b/net/sunrpc/svc_xprt.c |
2465 |
+@@ -97,8 +97,17 @@ void svc_unreg_xprt_class(struct svc_xprt_class *xcl) |
2466 |
+ } |
2467 |
+ EXPORT_SYMBOL_GPL(svc_unreg_xprt_class); |
2468 |
+ |
2469 |
+-/* |
2470 |
+- * Format the transport list for printing |
2471 |
++/** |
2472 |
++ * svc_print_xprts - Format the transport list for printing |
2473 |
++ * @buf: target buffer for formatted address |
2474 |
++ * @maxlen: length of target buffer |
2475 |
++ * |
2476 |
++ * Fills in @buf with a string containing a list of transport names, each name |
2477 |
++ * terminated with '\n'. If the buffer is too small, some entries may be |
2478 |
++ * missing, but it is guaranteed that all lines in the output buffer are |
2479 |
++ * complete. |
2480 |
++ * |
2481 |
++ * Returns positive length of the filled-in string. |
2482 |
+ */ |
2483 |
+ int svc_print_xprts(char *buf, int maxlen) |
2484 |
+ { |
2485 |
+@@ -111,9 +120,9 @@ int svc_print_xprts(char *buf, int maxlen) |
2486 |
+ list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) { |
2487 |
+ int slen; |
2488 |
+ |
2489 |
+- sprintf(tmpstr, "%s %d\n", xcl->xcl_name, xcl->xcl_max_payload); |
2490 |
+- slen = strlen(tmpstr); |
2491 |
+- if (len + slen > maxlen) |
2492 |
++ slen = snprintf(tmpstr, sizeof(tmpstr), "%s %d\n", |
2493 |
++ xcl->xcl_name, xcl->xcl_max_payload); |
2494 |
++ if (slen >= sizeof(tmpstr) || len + slen >= maxlen) |
2495 |
+ break; |
2496 |
+ len += slen; |
2497 |
+ strcat(buf, tmpstr); |
2498 |
+diff --git a/net/tipc/msg.c b/net/tipc/msg.c |
2499 |
+index 67bddcb2ff466..fc1aa8bcb185d 100644 |
2500 |
+--- a/net/tipc/msg.c |
2501 |
++++ b/net/tipc/msg.c |
2502 |
+@@ -138,7 +138,8 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) |
2503 |
+ if (fragid == FIRST_FRAGMENT) { |
2504 |
+ if (unlikely(head)) |
2505 |
+ goto err; |
2506 |
+- if (unlikely(skb_unclone(frag, GFP_ATOMIC))) |
2507 |
++ frag = skb_unshare(frag, GFP_ATOMIC); |
2508 |
++ if (unlikely(!frag)) |
2509 |
+ goto err; |
2510 |
+ head = *headbuf = frag; |
2511 |
+ *buf = NULL; |
2512 |
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
2513 |
+index b5e2ef242efe7..ac78c5ac82846 100644 |
2514 |
+--- a/net/unix/af_unix.c |
2515 |
++++ b/net/unix/af_unix.c |
2516 |
+@@ -191,11 +191,17 @@ static inline int unix_may_send(struct sock *sk, struct sock *osk) |
2517 |
+ return unix_peer(osk) == NULL || unix_our_peer(sk, osk); |
2518 |
+ } |
2519 |
+ |
2520 |
+-static inline int unix_recvq_full(struct sock const *sk) |
2521 |
++static inline int unix_recvq_full(const struct sock *sk) |
2522 |
+ { |
2523 |
+ return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog; |
2524 |
+ } |
2525 |
+ |
2526 |
++static inline int unix_recvq_full_lockless(const struct sock *sk) |
2527 |
++{ |
2528 |
++ return skb_queue_len_lockless(&sk->sk_receive_queue) > |
2529 |
++ READ_ONCE(sk->sk_max_ack_backlog); |
2530 |
++} |
2531 |
++ |
2532 |
+ struct sock *unix_peer_get(struct sock *s) |
2533 |
+ { |
2534 |
+ struct sock *peer; |
2535 |
+@@ -1792,7 +1798,8 @@ restart_locked: |
2536 |
+ * - unix_peer(sk) == sk by time of get but disconnected before lock |
2537 |
+ */ |
2538 |
+ if (other != sk && |
2539 |
+- unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { |
2540 |
++ unlikely(unix_peer(other) != sk && |
2541 |
++ unix_recvq_full_lockless(other))) { |
2542 |
+ if (timeo) { |
2543 |
+ timeo = unix_wait_for_peer(other, timeo); |
2544 |
+ |
2545 |
+diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c |
2546 |
+index c02da25d7b631..7778e28cce9d7 100644 |
2547 |
+--- a/security/selinux/selinuxfs.c |
2548 |
++++ b/security/selinux/selinuxfs.c |
2549 |
+@@ -1370,6 +1370,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) |
2550 |
+ *idx = cpu + 1; |
2551 |
+ return &per_cpu(avc_cache_stats, cpu); |
2552 |
+ } |
2553 |
++ (*idx)++; |
2554 |
+ return NULL; |
2555 |
+ } |
2556 |
+ |
2557 |
+diff --git a/sound/hda/hdac_bus.c b/sound/hda/hdac_bus.c |
2558 |
+index 0e81ea89a5965..e3f68a76d90eb 100644 |
2559 |
+--- a/sound/hda/hdac_bus.c |
2560 |
++++ b/sound/hda/hdac_bus.c |
2561 |
+@@ -155,6 +155,7 @@ static void process_unsol_events(struct work_struct *work) |
2562 |
+ struct hdac_driver *drv; |
2563 |
+ unsigned int rp, caddr, res; |
2564 |
+ |
2565 |
++ spin_lock_irq(&bus->reg_lock); |
2566 |
+ while (bus->unsol_rp != bus->unsol_wp) { |
2567 |
+ rp = (bus->unsol_rp + 1) % HDA_UNSOL_QUEUE_SIZE; |
2568 |
+ bus->unsol_rp = rp; |
2569 |
+@@ -166,10 +167,13 @@ static void process_unsol_events(struct work_struct *work) |
2570 |
+ codec = bus->caddr_tbl[caddr & 0x0f]; |
2571 |
+ if (!codec || !codec->dev.driver) |
2572 |
+ continue; |
2573 |
++ spin_unlock_irq(&bus->reg_lock); |
2574 |
+ drv = drv_to_hdac_driver(codec->dev.driver); |
2575 |
+ if (drv->unsol_event) |
2576 |
+ drv->unsol_event(codec, res); |
2577 |
++ spin_lock_irq(&bus->reg_lock); |
2578 |
+ } |
2579 |
++ spin_unlock_irq(&bus->reg_lock); |
2580 |
+ } |
2581 |
+ |
2582 |
+ /** |
2583 |
+diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c |
2584 |
+index 7a32abbe0cef8..4bdcb7443b1f5 100644 |
2585 |
+--- a/sound/pci/asihpi/hpioctl.c |
2586 |
++++ b/sound/pci/asihpi/hpioctl.c |
2587 |
+@@ -346,7 +346,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev, |
2588 |
+ struct hpi_message hm; |
2589 |
+ struct hpi_response hr; |
2590 |
+ struct hpi_adapter adapter; |
2591 |
+- struct hpi_pci pci; |
2592 |
++ struct hpi_pci pci = { 0 }; |
2593 |
+ |
2594 |
+ memset(&adapter, 0, sizeof(adapter)); |
2595 |
+ |
2596 |
+@@ -502,7 +502,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev, |
2597 |
+ return 0; |
2598 |
+ |
2599 |
+ err: |
2600 |
+- for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) { |
2601 |
++ while (--idx >= 0) { |
2602 |
+ if (pci.ap_mem_base[idx]) { |
2603 |
+ iounmap(pci.ap_mem_base[idx]); |
2604 |
+ pci.ap_mem_base[idx] = NULL; |
2605 |
+diff --git a/sound/soc/kirkwood/kirkwood-dma.c b/sound/soc/kirkwood/kirkwood-dma.c |
2606 |
+index dbfdfe99c69df..231c7d97333c7 100644 |
2607 |
+--- a/sound/soc/kirkwood/kirkwood-dma.c |
2608 |
++++ b/sound/soc/kirkwood/kirkwood-dma.c |
2609 |
+@@ -136,7 +136,7 @@ static int kirkwood_dma_open(struct snd_pcm_substream *substream) |
2610 |
+ err = request_irq(priv->irq, kirkwood_dma_irq, IRQF_SHARED, |
2611 |
+ "kirkwood-i2s", priv); |
2612 |
+ if (err) |
2613 |
+- return -EBUSY; |
2614 |
++ return err; |
2615 |
+ |
2616 |
+ /* |
2617 |
+ * Enable Error interrupts. We're only ack'ing them but |
2618 |
+diff --git a/sound/usb/midi.c b/sound/usb/midi.c |
2619 |
+index 5c4a3d6c42341..934540042bc2e 100644 |
2620 |
+--- a/sound/usb/midi.c |
2621 |
++++ b/sound/usb/midi.c |
2622 |
+@@ -1803,6 +1803,28 @@ static int snd_usbmidi_create_endpoints(struct snd_usb_midi *umidi, |
2623 |
+ return 0; |
2624 |
+ } |
2625 |
+ |
2626 |
++static struct usb_ms_endpoint_descriptor *find_usb_ms_endpoint_descriptor( |
2627 |
++ struct usb_host_endpoint *hostep) |
2628 |
++{ |
2629 |
++ unsigned char *extra = hostep->extra; |
2630 |
++ int extralen = hostep->extralen; |
2631 |
++ |
2632 |
++ while (extralen > 3) { |
2633 |
++ struct usb_ms_endpoint_descriptor *ms_ep = |
2634 |
++ (struct usb_ms_endpoint_descriptor *)extra; |
2635 |
++ |
2636 |
++ if (ms_ep->bLength > 3 && |
2637 |
++ ms_ep->bDescriptorType == USB_DT_CS_ENDPOINT && |
2638 |
++ ms_ep->bDescriptorSubtype == UAC_MS_GENERAL) |
2639 |
++ return ms_ep; |
2640 |
++ if (!extra[0]) |
2641 |
++ break; |
2642 |
++ extralen -= extra[0]; |
2643 |
++ extra += extra[0]; |
2644 |
++ } |
2645 |
++ return NULL; |
2646 |
++} |
2647 |
++ |
2648 |
+ /* |
2649 |
+ * Returns MIDIStreaming device capabilities. |
2650 |
+ */ |
2651 |
+@@ -1840,11 +1862,8 @@ static int snd_usbmidi_get_ms_info(struct snd_usb_midi *umidi, |
2652 |
+ ep = get_ep_desc(hostep); |
2653 |
+ if (!usb_endpoint_xfer_bulk(ep) && !usb_endpoint_xfer_int(ep)) |
2654 |
+ continue; |
2655 |
+- ms_ep = (struct usb_ms_endpoint_descriptor *)hostep->extra; |
2656 |
+- if (hostep->extralen < 4 || |
2657 |
+- ms_ep->bLength < 4 || |
2658 |
+- ms_ep->bDescriptorType != USB_DT_CS_ENDPOINT || |
2659 |
+- ms_ep->bDescriptorSubtype != UAC_MS_GENERAL) |
2660 |
++ ms_ep = find_usb_ms_endpoint_descriptor(hostep); |
2661 |
++ if (!ms_ep) |
2662 |
+ continue; |
2663 |
+ if (usb_endpoint_dir_out(ep)) { |
2664 |
+ if (endpoints[epidx].out_ep) { |
2665 |
+diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c |
2666 |
+index 2070c02de3af5..ea55cb6b614f4 100644 |
2667 |
+--- a/tools/perf/util/symbol-elf.c |
2668 |
++++ b/tools/perf/util/symbol-elf.c |
2669 |
+@@ -1390,6 +1390,7 @@ struct kcore_copy_info { |
2670 |
+ u64 first_symbol; |
2671 |
+ u64 last_symbol; |
2672 |
+ u64 first_module; |
2673 |
++ u64 first_module_symbol; |
2674 |
+ u64 last_module_symbol; |
2675 |
+ struct phdr_data kernel_map; |
2676 |
+ struct phdr_data modules_map; |
2677 |
+@@ -1404,6 +1405,8 @@ static int kcore_copy__process_kallsyms(void *arg, const char *name, char type, |
2678 |
+ return 0; |
2679 |
+ |
2680 |
+ if (strchr(name, '[')) { |
2681 |
++ if (!kci->first_module_symbol || start < kci->first_module_symbol) |
2682 |
++ kci->first_module_symbol = start; |
2683 |
+ if (start > kci->last_module_symbol) |
2684 |
+ kci->last_module_symbol = start; |
2685 |
+ return 0; |
2686 |
+@@ -1528,6 +1531,10 @@ static int kcore_copy__calc_maps(struct kcore_copy_info *kci, const char *dir, |
2687 |
+ kci->etext += page_size; |
2688 |
+ } |
2689 |
+ |
2690 |
++ if (kci->first_module_symbol && |
2691 |
++ (!kci->first_module || kci->first_module_symbol < kci->first_module)) |
2692 |
++ kci->first_module = kci->first_module_symbol; |
2693 |
++ |
2694 |
+ kci->first_module = round_down(kci->first_module, page_size); |
2695 |
+ |
2696 |
+ if (kci->last_module_symbol) { |
2697 |
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c |
2698 |
+index 82f3a9d78cab4..ba8e8840b94b2 100644 |
2699 |
+--- a/virt/kvm/kvm_main.c |
2700 |
++++ b/virt/kvm/kvm_main.c |
2701 |
+@@ -3392,7 +3392,7 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr, |
2702 |
+ void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx, |
2703 |
+ struct kvm_io_device *dev) |
2704 |
+ { |
2705 |
+- int i; |
2706 |
++ int i, j; |
2707 |
+ struct kvm_io_bus *new_bus, *bus; |
2708 |
+ |
2709 |
+ bus = kvm->buses[bus_idx]; |
2710 |
+@@ -3409,17 +3409,20 @@ void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx, |
2711 |
+ |
2712 |
+ new_bus = kmalloc(sizeof(*bus) + ((bus->dev_count - 1) * |
2713 |
+ sizeof(struct kvm_io_range)), GFP_KERNEL); |
2714 |
+- if (!new_bus) { |
2715 |
++ if (new_bus) { |
2716 |
++ memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range)); |
2717 |
++ new_bus->dev_count--; |
2718 |
++ memcpy(new_bus->range + i, bus->range + i + 1, |
2719 |
++ (new_bus->dev_count - i) * sizeof(struct kvm_io_range)); |
2720 |
++ } else { |
2721 |
+ pr_err("kvm: failed to shrink bus, removing it completely\n"); |
2722 |
+- goto broken; |
2723 |
++ for (j = 0; j < bus->dev_count; j++) { |
2724 |
++ if (j == i) |
2725 |
++ continue; |
2726 |
++ kvm_iodevice_destructor(bus->range[j].dev); |
2727 |
++ } |
2728 |
+ } |
2729 |
+ |
2730 |
+- memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range)); |
2731 |
+- new_bus->dev_count--; |
2732 |
+- memcpy(new_bus->range + i, bus->range + i + 1, |
2733 |
+- (new_bus->dev_count - i) * sizeof(struct kvm_io_range)); |
2734 |
+- |
2735 |
+-broken: |
2736 |
+ rcu_assign_pointer(kvm->buses[bus_idx], new_bus); |
2737 |
+ synchronize_srcu_expedited(&kvm->srcu); |
2738 |
+ kfree(bus); |