1 |
commit: 3cf9059c012c71a2844696f25f29fcbd3dacbfc0 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Dec 23 07:58:43 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Dec 23 07:58:43 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=3cf9059c |
7 |
|
8 |
grsecurity-3.1-4.3.3-201512222129 |
9 |
|
10 |
4.3.3/0000_README | 6 +- |
11 |
4.3.3/1002_linux-4.3.3.patch | 4424 -------------------- |
12 |
...> 4420_grsecurity-3.1-4.3.3-201512222129.patch} | 295 +- |
13 |
3 files changed, 241 insertions(+), 4484 deletions(-) |
14 |
|
15 |
diff --git a/4.3.3/0000_README b/4.3.3/0000_README |
16 |
index 3e1d5a0..2c1a853 100644 |
17 |
--- a/4.3.3/0000_README |
18 |
+++ b/4.3.3/0000_README |
19 |
@@ -2,11 +2,7 @@ README |
20 |
----------------------------------------------------------------------------- |
21 |
Individual Patch Descriptions: |
22 |
----------------------------------------------------------------------------- |
23 |
-Patch: 1002_linux-4.3.3.patch |
24 |
-From: http://www.kernel.org |
25 |
-Desc: Linux 4.3.3 |
26 |
- |
27 |
-Patch: 4420_grsecurity-3.1-4.3.3-201512162141.patch |
28 |
+Patch: 4420_grsecurity-3.1-4.3.3-201512222129.patch |
29 |
From: http://www.grsecurity.net |
30 |
Desc: hardened-sources base patch from upstream grsecurity |
31 |
|
32 |
|
33 |
diff --git a/4.3.3/1002_linux-4.3.3.patch b/4.3.3/1002_linux-4.3.3.patch |
34 |
deleted file mode 100644 |
35 |
index d8cd741..0000000 |
36 |
--- a/4.3.3/1002_linux-4.3.3.patch |
37 |
+++ /dev/null |
38 |
@@ -1,4424 +0,0 @@ |
39 |
-diff --git a/Makefile b/Makefile |
40 |
-index 1a4953b..2070d16 100644 |
41 |
---- a/Makefile |
42 |
-+++ b/Makefile |
43 |
-@@ -1,6 +1,6 @@ |
44 |
- VERSION = 4 |
45 |
- PATCHLEVEL = 3 |
46 |
--SUBLEVEL = 2 |
47 |
-+SUBLEVEL = 3 |
48 |
- EXTRAVERSION = |
49 |
- NAME = Blurry Fish Butt |
50 |
- |
51 |
-diff --git a/block/blk-merge.c b/block/blk-merge.c |
52 |
-index c4e9c37..0e5f4fc 100644 |
53 |
---- a/block/blk-merge.c |
54 |
-+++ b/block/blk-merge.c |
55 |
-@@ -91,7 +91,7 @@ static struct bio *blk_bio_segment_split(struct request_queue *q, |
56 |
- |
57 |
- seg_size += bv.bv_len; |
58 |
- bvprv = bv; |
59 |
-- bvprvp = &bv; |
60 |
-+ bvprvp = &bvprv; |
61 |
- sectors += bv.bv_len >> 9; |
62 |
- continue; |
63 |
- } |
64 |
-@@ -101,7 +101,7 @@ new_segment: |
65 |
- |
66 |
- nsegs++; |
67 |
- bvprv = bv; |
68 |
-- bvprvp = &bv; |
69 |
-+ bvprvp = &bvprv; |
70 |
- seg_size = bv.bv_len; |
71 |
- sectors += bv.bv_len >> 9; |
72 |
- } |
73 |
-diff --git a/certs/.gitignore b/certs/.gitignore |
74 |
-new file mode 100644 |
75 |
-index 0000000..f51aea4 |
76 |
---- /dev/null |
77 |
-+++ b/certs/.gitignore |
78 |
-@@ -0,0 +1,4 @@ |
79 |
-+# |
80 |
-+# Generated files |
81 |
-+# |
82 |
-+x509_certificate_list |
83 |
-diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c |
84 |
-index 128e7df..8630a77 100644 |
85 |
---- a/drivers/block/rbd.c |
86 |
-+++ b/drivers/block/rbd.c |
87 |
-@@ -3444,6 +3444,7 @@ static void rbd_queue_workfn(struct work_struct *work) |
88 |
- goto err_rq; |
89 |
- } |
90 |
- img_request->rq = rq; |
91 |
-+ snapc = NULL; /* img_request consumes a ref */ |
92 |
- |
93 |
- if (op_type == OBJ_OP_DISCARD) |
94 |
- result = rbd_img_request_fill(img_request, OBJ_REQUEST_NODATA, |
95 |
-diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c |
96 |
-index f51d376..c2f5117 100644 |
97 |
---- a/drivers/firewire/ohci.c |
98 |
-+++ b/drivers/firewire/ohci.c |
99 |
-@@ -3675,6 +3675,11 @@ static int pci_probe(struct pci_dev *dev, |
100 |
- |
101 |
- reg_write(ohci, OHCI1394_IsoXmitIntMaskSet, ~0); |
102 |
- ohci->it_context_support = reg_read(ohci, OHCI1394_IsoXmitIntMaskSet); |
103 |
-+ /* JMicron JMB38x often shows 0 at first read, just ignore it */ |
104 |
-+ if (!ohci->it_context_support) { |
105 |
-+ ohci_notice(ohci, "overriding IsoXmitIntMask\n"); |
106 |
-+ ohci->it_context_support = 0xf; |
107 |
-+ } |
108 |
- reg_write(ohci, OHCI1394_IsoXmitIntMaskClear, ~0); |
109 |
- ohci->it_context_mask = ohci->it_context_support; |
110 |
- ohci->n_it = hweight32(ohci->it_context_mask); |
111 |
-diff --git a/drivers/media/pci/cobalt/Kconfig b/drivers/media/pci/cobalt/Kconfig |
112 |
-index 1f88ccc..a01f0cc 100644 |
113 |
---- a/drivers/media/pci/cobalt/Kconfig |
114 |
-+++ b/drivers/media/pci/cobalt/Kconfig |
115 |
-@@ -1,6 +1,6 @@ |
116 |
- config VIDEO_COBALT |
117 |
- tristate "Cisco Cobalt support" |
118 |
-- depends on VIDEO_V4L2 && I2C && MEDIA_CONTROLLER |
119 |
-+ depends on VIDEO_V4L2 && I2C && VIDEO_V4L2_SUBDEV_API |
120 |
- depends on PCI_MSI && MTD_COMPLEX_MAPPINGS |
121 |
- depends on GPIOLIB || COMPILE_TEST |
122 |
- depends on SND |
123 |
-diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_main.c b/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
124 |
-index a937772..7f709cb 100644 |
125 |
---- a/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
126 |
-+++ b/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
127 |
-@@ -1583,8 +1583,14 @@ err_disable_device: |
128 |
- static void nicvf_remove(struct pci_dev *pdev) |
129 |
- { |
130 |
- struct net_device *netdev = pci_get_drvdata(pdev); |
131 |
-- struct nicvf *nic = netdev_priv(netdev); |
132 |
-- struct net_device *pnetdev = nic->pnicvf->netdev; |
133 |
-+ struct nicvf *nic; |
134 |
-+ struct net_device *pnetdev; |
135 |
-+ |
136 |
-+ if (!netdev) |
137 |
-+ return; |
138 |
-+ |
139 |
-+ nic = netdev_priv(netdev); |
140 |
-+ pnetdev = nic->pnicvf->netdev; |
141 |
- |
142 |
- /* Check if this Qset is assigned to different VF. |
143 |
- * If yes, clean primary and all secondary Qsets. |
144 |
-diff --git a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c |
145 |
-index 731423c..8bead97 100644 |
146 |
---- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c |
147 |
-+++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c |
148 |
-@@ -4934,26 +4934,41 @@ static void rem_slave_counters(struct mlx4_dev *dev, int slave) |
149 |
- struct res_counter *counter; |
150 |
- struct res_counter *tmp; |
151 |
- int err; |
152 |
-- int index; |
153 |
-+ int *counters_arr = NULL; |
154 |
-+ int i, j; |
155 |
- |
156 |
- err = move_all_busy(dev, slave, RES_COUNTER); |
157 |
- if (err) |
158 |
- mlx4_warn(dev, "rem_slave_counters: Could not move all counters - too busy for slave %d\n", |
159 |
- slave); |
160 |
- |
161 |
-- spin_lock_irq(mlx4_tlock(dev)); |
162 |
-- list_for_each_entry_safe(counter, tmp, counter_list, com.list) { |
163 |
-- if (counter->com.owner == slave) { |
164 |
-- index = counter->com.res_id; |
165 |
-- rb_erase(&counter->com.node, |
166 |
-- &tracker->res_tree[RES_COUNTER]); |
167 |
-- list_del(&counter->com.list); |
168 |
-- kfree(counter); |
169 |
-- __mlx4_counter_free(dev, index); |
170 |
-+ counters_arr = kmalloc_array(dev->caps.max_counters, |
171 |
-+ sizeof(*counters_arr), GFP_KERNEL); |
172 |
-+ if (!counters_arr) |
173 |
-+ return; |
174 |
-+ |
175 |
-+ do { |
176 |
-+ i = 0; |
177 |
-+ j = 0; |
178 |
-+ spin_lock_irq(mlx4_tlock(dev)); |
179 |
-+ list_for_each_entry_safe(counter, tmp, counter_list, com.list) { |
180 |
-+ if (counter->com.owner == slave) { |
181 |
-+ counters_arr[i++] = counter->com.res_id; |
182 |
-+ rb_erase(&counter->com.node, |
183 |
-+ &tracker->res_tree[RES_COUNTER]); |
184 |
-+ list_del(&counter->com.list); |
185 |
-+ kfree(counter); |
186 |
-+ } |
187 |
-+ } |
188 |
-+ spin_unlock_irq(mlx4_tlock(dev)); |
189 |
-+ |
190 |
-+ while (j < i) { |
191 |
-+ __mlx4_counter_free(dev, counters_arr[j++]); |
192 |
- mlx4_release_resource(dev, slave, RES_COUNTER, 1, 0); |
193 |
- } |
194 |
-- } |
195 |
-- spin_unlock_irq(mlx4_tlock(dev)); |
196 |
-+ } while (i); |
197 |
-+ |
198 |
-+ kfree(counters_arr); |
199 |
- } |
200 |
- |
201 |
- static void rem_slave_xrcdns(struct mlx4_dev *dev, int slave) |
202 |
-diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
203 |
-index 59874d6..443632d 100644 |
204 |
---- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
205 |
-+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
206 |
-@@ -1332,6 +1332,42 @@ static int mlx5e_modify_tir_lro(struct mlx5e_priv *priv, int tt) |
207 |
- return err; |
208 |
- } |
209 |
- |
210 |
-+static int mlx5e_refresh_tir_self_loopback_enable(struct mlx5_core_dev *mdev, |
211 |
-+ u32 tirn) |
212 |
-+{ |
213 |
-+ void *in; |
214 |
-+ int inlen; |
215 |
-+ int err; |
216 |
-+ |
217 |
-+ inlen = MLX5_ST_SZ_BYTES(modify_tir_in); |
218 |
-+ in = mlx5_vzalloc(inlen); |
219 |
-+ if (!in) |
220 |
-+ return -ENOMEM; |
221 |
-+ |
222 |
-+ MLX5_SET(modify_tir_in, in, bitmask.self_lb_en, 1); |
223 |
-+ |
224 |
-+ err = mlx5_core_modify_tir(mdev, tirn, in, inlen); |
225 |
-+ |
226 |
-+ kvfree(in); |
227 |
-+ |
228 |
-+ return err; |
229 |
-+} |
230 |
-+ |
231 |
-+static int mlx5e_refresh_tirs_self_loopback_enable(struct mlx5e_priv *priv) |
232 |
-+{ |
233 |
-+ int err; |
234 |
-+ int i; |
235 |
-+ |
236 |
-+ for (i = 0; i < MLX5E_NUM_TT; i++) { |
237 |
-+ err = mlx5e_refresh_tir_self_loopback_enable(priv->mdev, |
238 |
-+ priv->tirn[i]); |
239 |
-+ if (err) |
240 |
-+ return err; |
241 |
-+ } |
242 |
-+ |
243 |
-+ return 0; |
244 |
-+} |
245 |
-+ |
246 |
- static int mlx5e_set_dev_port_mtu(struct net_device *netdev) |
247 |
- { |
248 |
- struct mlx5e_priv *priv = netdev_priv(netdev); |
249 |
-@@ -1367,13 +1403,20 @@ int mlx5e_open_locked(struct net_device *netdev) |
250 |
- |
251 |
- err = mlx5e_set_dev_port_mtu(netdev); |
252 |
- if (err) |
253 |
-- return err; |
254 |
-+ goto err_clear_state_opened_flag; |
255 |
- |
256 |
- err = mlx5e_open_channels(priv); |
257 |
- if (err) { |
258 |
- netdev_err(netdev, "%s: mlx5e_open_channels failed, %d\n", |
259 |
- __func__, err); |
260 |
-- return err; |
261 |
-+ goto err_clear_state_opened_flag; |
262 |
-+ } |
263 |
-+ |
264 |
-+ err = mlx5e_refresh_tirs_self_loopback_enable(priv); |
265 |
-+ if (err) { |
266 |
-+ netdev_err(netdev, "%s: mlx5e_refresh_tirs_self_loopback_enable failed, %d\n", |
267 |
-+ __func__, err); |
268 |
-+ goto err_close_channels; |
269 |
- } |
270 |
- |
271 |
- mlx5e_update_carrier(priv); |
272 |
-@@ -1382,6 +1425,12 @@ int mlx5e_open_locked(struct net_device *netdev) |
273 |
- schedule_delayed_work(&priv->update_stats_work, 0); |
274 |
- |
275 |
- return 0; |
276 |
-+ |
277 |
-+err_close_channels: |
278 |
-+ mlx5e_close_channels(priv); |
279 |
-+err_clear_state_opened_flag: |
280 |
-+ clear_bit(MLX5E_STATE_OPENED, &priv->state); |
281 |
-+ return err; |
282 |
- } |
283 |
- |
284 |
- static int mlx5e_open(struct net_device *netdev) |
285 |
-@@ -1899,6 +1948,9 @@ static int mlx5e_check_required_hca_cap(struct mlx5_core_dev *mdev) |
286 |
- "Not creating net device, some required device capabilities are missing\n"); |
287 |
- return -ENOTSUPP; |
288 |
- } |
289 |
-+ if (!MLX5_CAP_ETH(mdev, self_lb_en_modifiable)) |
290 |
-+ mlx5_core_warn(mdev, "Self loop back prevention is not supported\n"); |
291 |
-+ |
292 |
- return 0; |
293 |
- } |
294 |
- |
295 |
-diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c |
296 |
-index b4f2123..79ef799 100644 |
297 |
---- a/drivers/net/ethernet/realtek/r8169.c |
298 |
-+++ b/drivers/net/ethernet/realtek/r8169.c |
299 |
-@@ -7429,15 +7429,15 @@ process_pkt: |
300 |
- |
301 |
- rtl8169_rx_vlan_tag(desc, skb); |
302 |
- |
303 |
-+ if (skb->pkt_type == PACKET_MULTICAST) |
304 |
-+ dev->stats.multicast++; |
305 |
-+ |
306 |
- napi_gro_receive(&tp->napi, skb); |
307 |
- |
308 |
- u64_stats_update_begin(&tp->rx_stats.syncp); |
309 |
- tp->rx_stats.packets++; |
310 |
- tp->rx_stats.bytes += pkt_size; |
311 |
- u64_stats_update_end(&tp->rx_stats.syncp); |
312 |
-- |
313 |
-- if (skb->pkt_type == PACKET_MULTICAST) |
314 |
-- dev->stats.multicast++; |
315 |
- } |
316 |
- release_descriptor: |
317 |
- desc->opts2 = 0; |
318 |
-diff --git a/drivers/net/phy/broadcom.c b/drivers/net/phy/broadcom.c |
319 |
-index 9c71295..85e64044 100644 |
320 |
---- a/drivers/net/phy/broadcom.c |
321 |
-+++ b/drivers/net/phy/broadcom.c |
322 |
-@@ -675,7 +675,7 @@ static struct mdio_device_id __maybe_unused broadcom_tbl[] = { |
323 |
- { PHY_ID_BCM5461, 0xfffffff0 }, |
324 |
- { PHY_ID_BCM54616S, 0xfffffff0 }, |
325 |
- { PHY_ID_BCM5464, 0xfffffff0 }, |
326 |
-- { PHY_ID_BCM5482, 0xfffffff0 }, |
327 |
-+ { PHY_ID_BCM5481, 0xfffffff0 }, |
328 |
- { PHY_ID_BCM5482, 0xfffffff0 }, |
329 |
- { PHY_ID_BCM50610, 0xfffffff0 }, |
330 |
- { PHY_ID_BCM50610M, 0xfffffff0 }, |
331 |
-diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
332 |
-index 2a7c1be..66e0853 100644 |
333 |
---- a/drivers/net/usb/qmi_wwan.c |
334 |
-+++ b/drivers/net/usb/qmi_wwan.c |
335 |
-@@ -775,6 +775,7 @@ static const struct usb_device_id products[] = { |
336 |
- {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ |
337 |
- {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */ |
338 |
- {QMI_FIXED_INTF(0x1bc7, 0x1201, 2)}, /* Telit LE920 */ |
339 |
-+ {QMI_FIXED_INTF(0x1c9e, 0x9b01, 3)}, /* XS Stick W100-2 from 4G Systems */ |
340 |
- {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */ |
341 |
- {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */ |
342 |
- {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */ |
343 |
-diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c |
344 |
-index 488c6f5..c9e309c 100644 |
345 |
---- a/drivers/net/vrf.c |
346 |
-+++ b/drivers/net/vrf.c |
347 |
-@@ -581,7 +581,6 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev, |
348 |
- { |
349 |
- struct net_vrf *vrf = netdev_priv(dev); |
350 |
- struct net_vrf_dev *vrf_ptr; |
351 |
-- int err; |
352 |
- |
353 |
- if (!data || !data[IFLA_VRF_TABLE]) |
354 |
- return -EINVAL; |
355 |
-@@ -590,26 +589,16 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev, |
356 |
- |
357 |
- dev->priv_flags |= IFF_VRF_MASTER; |
358 |
- |
359 |
-- err = -ENOMEM; |
360 |
- vrf_ptr = kmalloc(sizeof(*dev->vrf_ptr), GFP_KERNEL); |
361 |
- if (!vrf_ptr) |
362 |
-- goto out_fail; |
363 |
-+ return -ENOMEM; |
364 |
- |
365 |
- vrf_ptr->ifindex = dev->ifindex; |
366 |
- vrf_ptr->tb_id = vrf->tb_id; |
367 |
- |
368 |
-- err = register_netdevice(dev); |
369 |
-- if (err < 0) |
370 |
-- goto out_fail; |
371 |
-- |
372 |
- rcu_assign_pointer(dev->vrf_ptr, vrf_ptr); |
373 |
- |
374 |
-- return 0; |
375 |
-- |
376 |
--out_fail: |
377 |
-- kfree(vrf_ptr); |
378 |
-- free_netdev(dev); |
379 |
-- return err; |
380 |
-+ return register_netdev(dev); |
381 |
- } |
382 |
- |
383 |
- static size_t vrf_nl_getsize(const struct net_device *dev) |
384 |
-diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h |
385 |
-index 938efe3..94eea1f 100644 |
386 |
---- a/fs/btrfs/ctree.h |
387 |
-+++ b/fs/btrfs/ctree.h |
388 |
-@@ -3398,7 +3398,7 @@ int btrfs_set_disk_extent_flags(struct btrfs_trans_handle *trans, |
389 |
- int btrfs_free_extent(struct btrfs_trans_handle *trans, |
390 |
- struct btrfs_root *root, |
391 |
- u64 bytenr, u64 num_bytes, u64 parent, u64 root_objectid, |
392 |
-- u64 owner, u64 offset, int no_quota); |
393 |
-+ u64 owner, u64 offset); |
394 |
- |
395 |
- int btrfs_free_reserved_extent(struct btrfs_root *root, u64 start, u64 len, |
396 |
- int delalloc); |
397 |
-@@ -3411,7 +3411,7 @@ int btrfs_finish_extent_commit(struct btrfs_trans_handle *trans, |
398 |
- int btrfs_inc_extent_ref(struct btrfs_trans_handle *trans, |
399 |
- struct btrfs_root *root, |
400 |
- u64 bytenr, u64 num_bytes, u64 parent, |
401 |
-- u64 root_objectid, u64 owner, u64 offset, int no_quota); |
402 |
-+ u64 root_objectid, u64 owner, u64 offset); |
403 |
- |
404 |
- int btrfs_start_dirty_block_groups(struct btrfs_trans_handle *trans, |
405 |
- struct btrfs_root *root); |
406 |
-diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c |
407 |
-index ac3e81d..7832031 100644 |
408 |
---- a/fs/btrfs/delayed-ref.c |
409 |
-+++ b/fs/btrfs/delayed-ref.c |
410 |
-@@ -197,6 +197,119 @@ static inline void drop_delayed_ref(struct btrfs_trans_handle *trans, |
411 |
- trans->delayed_ref_updates--; |
412 |
- } |
413 |
- |
414 |
-+static bool merge_ref(struct btrfs_trans_handle *trans, |
415 |
-+ struct btrfs_delayed_ref_root *delayed_refs, |
416 |
-+ struct btrfs_delayed_ref_head *head, |
417 |
-+ struct btrfs_delayed_ref_node *ref, |
418 |
-+ u64 seq) |
419 |
-+{ |
420 |
-+ struct btrfs_delayed_ref_node *next; |
421 |
-+ bool done = false; |
422 |
-+ |
423 |
-+ next = list_first_entry(&head->ref_list, struct btrfs_delayed_ref_node, |
424 |
-+ list); |
425 |
-+ while (!done && &next->list != &head->ref_list) { |
426 |
-+ int mod; |
427 |
-+ struct btrfs_delayed_ref_node *next2; |
428 |
-+ |
429 |
-+ next2 = list_next_entry(next, list); |
430 |
-+ |
431 |
-+ if (next == ref) |
432 |
-+ goto next; |
433 |
-+ |
434 |
-+ if (seq && next->seq >= seq) |
435 |
-+ goto next; |
436 |
-+ |
437 |
-+ if (next->type != ref->type) |
438 |
-+ goto next; |
439 |
-+ |
440 |
-+ if ((ref->type == BTRFS_TREE_BLOCK_REF_KEY || |
441 |
-+ ref->type == BTRFS_SHARED_BLOCK_REF_KEY) && |
442 |
-+ comp_tree_refs(btrfs_delayed_node_to_tree_ref(ref), |
443 |
-+ btrfs_delayed_node_to_tree_ref(next), |
444 |
-+ ref->type)) |
445 |
-+ goto next; |
446 |
-+ if ((ref->type == BTRFS_EXTENT_DATA_REF_KEY || |
447 |
-+ ref->type == BTRFS_SHARED_DATA_REF_KEY) && |
448 |
-+ comp_data_refs(btrfs_delayed_node_to_data_ref(ref), |
449 |
-+ btrfs_delayed_node_to_data_ref(next))) |
450 |
-+ goto next; |
451 |
-+ |
452 |
-+ if (ref->action == next->action) { |
453 |
-+ mod = next->ref_mod; |
454 |
-+ } else { |
455 |
-+ if (ref->ref_mod < next->ref_mod) { |
456 |
-+ swap(ref, next); |
457 |
-+ done = true; |
458 |
-+ } |
459 |
-+ mod = -next->ref_mod; |
460 |
-+ } |
461 |
-+ |
462 |
-+ drop_delayed_ref(trans, delayed_refs, head, next); |
463 |
-+ ref->ref_mod += mod; |
464 |
-+ if (ref->ref_mod == 0) { |
465 |
-+ drop_delayed_ref(trans, delayed_refs, head, ref); |
466 |
-+ done = true; |
467 |
-+ } else { |
468 |
-+ /* |
469 |
-+ * Can't have multiples of the same ref on a tree block. |
470 |
-+ */ |
471 |
-+ WARN_ON(ref->type == BTRFS_TREE_BLOCK_REF_KEY || |
472 |
-+ ref->type == BTRFS_SHARED_BLOCK_REF_KEY); |
473 |
-+ } |
474 |
-+next: |
475 |
-+ next = next2; |
476 |
-+ } |
477 |
-+ |
478 |
-+ return done; |
479 |
-+} |
480 |
-+ |
481 |
-+void btrfs_merge_delayed_refs(struct btrfs_trans_handle *trans, |
482 |
-+ struct btrfs_fs_info *fs_info, |
483 |
-+ struct btrfs_delayed_ref_root *delayed_refs, |
484 |
-+ struct btrfs_delayed_ref_head *head) |
485 |
-+{ |
486 |
-+ struct btrfs_delayed_ref_node *ref; |
487 |
-+ u64 seq = 0; |
488 |
-+ |
489 |
-+ assert_spin_locked(&head->lock); |
490 |
-+ |
491 |
-+ if (list_empty(&head->ref_list)) |
492 |
-+ return; |
493 |
-+ |
494 |
-+ /* We don't have too many refs to merge for data. */ |
495 |
-+ if (head->is_data) |
496 |
-+ return; |
497 |
-+ |
498 |
-+ spin_lock(&fs_info->tree_mod_seq_lock); |
499 |
-+ if (!list_empty(&fs_info->tree_mod_seq_list)) { |
500 |
-+ struct seq_list *elem; |
501 |
-+ |
502 |
-+ elem = list_first_entry(&fs_info->tree_mod_seq_list, |
503 |
-+ struct seq_list, list); |
504 |
-+ seq = elem->seq; |
505 |
-+ } |
506 |
-+ spin_unlock(&fs_info->tree_mod_seq_lock); |
507 |
-+ |
508 |
-+ ref = list_first_entry(&head->ref_list, struct btrfs_delayed_ref_node, |
509 |
-+ list); |
510 |
-+ while (&ref->list != &head->ref_list) { |
511 |
-+ if (seq && ref->seq >= seq) |
512 |
-+ goto next; |
513 |
-+ |
514 |
-+ if (merge_ref(trans, delayed_refs, head, ref, seq)) { |
515 |
-+ if (list_empty(&head->ref_list)) |
516 |
-+ break; |
517 |
-+ ref = list_first_entry(&head->ref_list, |
518 |
-+ struct btrfs_delayed_ref_node, |
519 |
-+ list); |
520 |
-+ continue; |
521 |
-+ } |
522 |
-+next: |
523 |
-+ ref = list_next_entry(ref, list); |
524 |
-+ } |
525 |
-+} |
526 |
-+ |
527 |
- int btrfs_check_delayed_seq(struct btrfs_fs_info *fs_info, |
528 |
- struct btrfs_delayed_ref_root *delayed_refs, |
529 |
- u64 seq) |
530 |
-@@ -292,8 +405,7 @@ add_delayed_ref_tail_merge(struct btrfs_trans_handle *trans, |
531 |
- exist = list_entry(href->ref_list.prev, struct btrfs_delayed_ref_node, |
532 |
- list); |
533 |
- /* No need to compare bytenr nor is_head */ |
534 |
-- if (exist->type != ref->type || exist->no_quota != ref->no_quota || |
535 |
-- exist->seq != ref->seq) |
536 |
-+ if (exist->type != ref->type || exist->seq != ref->seq) |
537 |
- goto add_tail; |
538 |
- |
539 |
- if ((exist->type == BTRFS_TREE_BLOCK_REF_KEY || |
540 |
-@@ -524,7 +636,7 @@ add_delayed_tree_ref(struct btrfs_fs_info *fs_info, |
541 |
- struct btrfs_delayed_ref_head *head_ref, |
542 |
- struct btrfs_delayed_ref_node *ref, u64 bytenr, |
543 |
- u64 num_bytes, u64 parent, u64 ref_root, int level, |
544 |
-- int action, int no_quota) |
545 |
-+ int action) |
546 |
- { |
547 |
- struct btrfs_delayed_tree_ref *full_ref; |
548 |
- struct btrfs_delayed_ref_root *delayed_refs; |
549 |
-@@ -546,7 +658,6 @@ add_delayed_tree_ref(struct btrfs_fs_info *fs_info, |
550 |
- ref->action = action; |
551 |
- ref->is_head = 0; |
552 |
- ref->in_tree = 1; |
553 |
-- ref->no_quota = no_quota; |
554 |
- ref->seq = seq; |
555 |
- |
556 |
- full_ref = btrfs_delayed_node_to_tree_ref(ref); |
557 |
-@@ -579,7 +690,7 @@ add_delayed_data_ref(struct btrfs_fs_info *fs_info, |
558 |
- struct btrfs_delayed_ref_head *head_ref, |
559 |
- struct btrfs_delayed_ref_node *ref, u64 bytenr, |
560 |
- u64 num_bytes, u64 parent, u64 ref_root, u64 owner, |
561 |
-- u64 offset, int action, int no_quota) |
562 |
-+ u64 offset, int action) |
563 |
- { |
564 |
- struct btrfs_delayed_data_ref *full_ref; |
565 |
- struct btrfs_delayed_ref_root *delayed_refs; |
566 |
-@@ -602,7 +713,6 @@ add_delayed_data_ref(struct btrfs_fs_info *fs_info, |
567 |
- ref->action = action; |
568 |
- ref->is_head = 0; |
569 |
- ref->in_tree = 1; |
570 |
-- ref->no_quota = no_quota; |
571 |
- ref->seq = seq; |
572 |
- |
573 |
- full_ref = btrfs_delayed_node_to_data_ref(ref); |
574 |
-@@ -633,17 +743,13 @@ int btrfs_add_delayed_tree_ref(struct btrfs_fs_info *fs_info, |
575 |
- struct btrfs_trans_handle *trans, |
576 |
- u64 bytenr, u64 num_bytes, u64 parent, |
577 |
- u64 ref_root, int level, int action, |
578 |
-- struct btrfs_delayed_extent_op *extent_op, |
579 |
-- int no_quota) |
580 |
-+ struct btrfs_delayed_extent_op *extent_op) |
581 |
- { |
582 |
- struct btrfs_delayed_tree_ref *ref; |
583 |
- struct btrfs_delayed_ref_head *head_ref; |
584 |
- struct btrfs_delayed_ref_root *delayed_refs; |
585 |
- struct btrfs_qgroup_extent_record *record = NULL; |
586 |
- |
587 |
-- if (!is_fstree(ref_root) || !fs_info->quota_enabled) |
588 |
-- no_quota = 0; |
589 |
-- |
590 |
- BUG_ON(extent_op && extent_op->is_data); |
591 |
- ref = kmem_cache_alloc(btrfs_delayed_tree_ref_cachep, GFP_NOFS); |
592 |
- if (!ref) |
593 |
-@@ -672,8 +778,7 @@ int btrfs_add_delayed_tree_ref(struct btrfs_fs_info *fs_info, |
594 |
- bytenr, num_bytes, action, 0); |
595 |
- |
596 |
- add_delayed_tree_ref(fs_info, trans, head_ref, &ref->node, bytenr, |
597 |
-- num_bytes, parent, ref_root, level, action, |
598 |
-- no_quota); |
599 |
-+ num_bytes, parent, ref_root, level, action); |
600 |
- spin_unlock(&delayed_refs->lock); |
601 |
- |
602 |
- return 0; |
603 |
-@@ -694,17 +799,13 @@ int btrfs_add_delayed_data_ref(struct btrfs_fs_info *fs_info, |
604 |
- u64 bytenr, u64 num_bytes, |
605 |
- u64 parent, u64 ref_root, |
606 |
- u64 owner, u64 offset, int action, |
607 |
-- struct btrfs_delayed_extent_op *extent_op, |
608 |
-- int no_quota) |
609 |
-+ struct btrfs_delayed_extent_op *extent_op) |
610 |
- { |
611 |
- struct btrfs_delayed_data_ref *ref; |
612 |
- struct btrfs_delayed_ref_head *head_ref; |
613 |
- struct btrfs_delayed_ref_root *delayed_refs; |
614 |
- struct btrfs_qgroup_extent_record *record = NULL; |
615 |
- |
616 |
-- if (!is_fstree(ref_root) || !fs_info->quota_enabled) |
617 |
-- no_quota = 0; |
618 |
-- |
619 |
- BUG_ON(extent_op && !extent_op->is_data); |
620 |
- ref = kmem_cache_alloc(btrfs_delayed_data_ref_cachep, GFP_NOFS); |
621 |
- if (!ref) |
622 |
-@@ -740,7 +841,7 @@ int btrfs_add_delayed_data_ref(struct btrfs_fs_info *fs_info, |
623 |
- |
624 |
- add_delayed_data_ref(fs_info, trans, head_ref, &ref->node, bytenr, |
625 |
- num_bytes, parent, ref_root, owner, offset, |
626 |
-- action, no_quota); |
627 |
-+ action); |
628 |
- spin_unlock(&delayed_refs->lock); |
629 |
- |
630 |
- return 0; |
631 |
-diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h |
632 |
-index 13fb5e6..930887a 100644 |
633 |
---- a/fs/btrfs/delayed-ref.h |
634 |
-+++ b/fs/btrfs/delayed-ref.h |
635 |
-@@ -68,7 +68,6 @@ struct btrfs_delayed_ref_node { |
636 |
- |
637 |
- unsigned int action:8; |
638 |
- unsigned int type:8; |
639 |
-- unsigned int no_quota:1; |
640 |
- /* is this node still in the rbtree? */ |
641 |
- unsigned int is_head:1; |
642 |
- unsigned int in_tree:1; |
643 |
-@@ -233,15 +232,13 @@ int btrfs_add_delayed_tree_ref(struct btrfs_fs_info *fs_info, |
644 |
- struct btrfs_trans_handle *trans, |
645 |
- u64 bytenr, u64 num_bytes, u64 parent, |
646 |
- u64 ref_root, int level, int action, |
647 |
-- struct btrfs_delayed_extent_op *extent_op, |
648 |
-- int no_quota); |
649 |
-+ struct btrfs_delayed_extent_op *extent_op); |
650 |
- int btrfs_add_delayed_data_ref(struct btrfs_fs_info *fs_info, |
651 |
- struct btrfs_trans_handle *trans, |
652 |
- u64 bytenr, u64 num_bytes, |
653 |
- u64 parent, u64 ref_root, |
654 |
- u64 owner, u64 offset, int action, |
655 |
-- struct btrfs_delayed_extent_op *extent_op, |
656 |
-- int no_quota); |
657 |
-+ struct btrfs_delayed_extent_op *extent_op); |
658 |
- int btrfs_add_delayed_extent_op(struct btrfs_fs_info *fs_info, |
659 |
- struct btrfs_trans_handle *trans, |
660 |
- u64 bytenr, u64 num_bytes, |
661 |
-diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c |
662 |
-index 601d7d4..cadacf6 100644 |
663 |
---- a/fs/btrfs/extent-tree.c |
664 |
-+++ b/fs/btrfs/extent-tree.c |
665 |
-@@ -95,8 +95,7 @@ static int alloc_reserved_tree_block(struct btrfs_trans_handle *trans, |
666 |
- struct btrfs_root *root, |
667 |
- u64 parent, u64 root_objectid, |
668 |
- u64 flags, struct btrfs_disk_key *key, |
669 |
-- int level, struct btrfs_key *ins, |
670 |
-- int no_quota); |
671 |
-+ int level, struct btrfs_key *ins); |
672 |
- static int do_chunk_alloc(struct btrfs_trans_handle *trans, |
673 |
- struct btrfs_root *extent_root, u64 flags, |
674 |
- int force); |
675 |
-@@ -2009,8 +2008,7 @@ int btrfs_discard_extent(struct btrfs_root *root, u64 bytenr, |
676 |
- int btrfs_inc_extent_ref(struct btrfs_trans_handle *trans, |
677 |
- struct btrfs_root *root, |
678 |
- u64 bytenr, u64 num_bytes, u64 parent, |
679 |
-- u64 root_objectid, u64 owner, u64 offset, |
680 |
-- int no_quota) |
681 |
-+ u64 root_objectid, u64 owner, u64 offset) |
682 |
- { |
683 |
- int ret; |
684 |
- struct btrfs_fs_info *fs_info = root->fs_info; |
685 |
-@@ -2022,12 +2020,12 @@ int btrfs_inc_extent_ref(struct btrfs_trans_handle *trans, |
686 |
- ret = btrfs_add_delayed_tree_ref(fs_info, trans, bytenr, |
687 |
- num_bytes, |
688 |
- parent, root_objectid, (int)owner, |
689 |
-- BTRFS_ADD_DELAYED_REF, NULL, no_quota); |
690 |
-+ BTRFS_ADD_DELAYED_REF, NULL); |
691 |
- } else { |
692 |
- ret = btrfs_add_delayed_data_ref(fs_info, trans, bytenr, |
693 |
- num_bytes, |
694 |
- parent, root_objectid, owner, offset, |
695 |
-- BTRFS_ADD_DELAYED_REF, NULL, no_quota); |
696 |
-+ BTRFS_ADD_DELAYED_REF, NULL); |
697 |
- } |
698 |
- return ret; |
699 |
- } |
700 |
-@@ -2048,15 +2046,11 @@ static int __btrfs_inc_extent_ref(struct btrfs_trans_handle *trans, |
701 |
- u64 num_bytes = node->num_bytes; |
702 |
- u64 refs; |
703 |
- int ret; |
704 |
-- int no_quota = node->no_quota; |
705 |
- |
706 |
- path = btrfs_alloc_path(); |
707 |
- if (!path) |
708 |
- return -ENOMEM; |
709 |
- |
710 |
-- if (!is_fstree(root_objectid) || !root->fs_info->quota_enabled) |
711 |
-- no_quota = 1; |
712 |
-- |
713 |
- path->reada = 1; |
714 |
- path->leave_spinning = 1; |
715 |
- /* this will setup the path even if it fails to insert the back ref */ |
716 |
-@@ -2291,8 +2285,7 @@ static int run_delayed_tree_ref(struct btrfs_trans_handle *trans, |
717 |
- parent, ref_root, |
718 |
- extent_op->flags_to_set, |
719 |
- &extent_op->key, |
720 |
-- ref->level, &ins, |
721 |
-- node->no_quota); |
722 |
-+ ref->level, &ins); |
723 |
- } else if (node->action == BTRFS_ADD_DELAYED_REF) { |
724 |
- ret = __btrfs_inc_extent_ref(trans, root, node, |
725 |
- parent, ref_root, |
726 |
-@@ -2433,7 +2426,21 @@ static noinline int __btrfs_run_delayed_refs(struct btrfs_trans_handle *trans, |
727 |
- } |
728 |
- } |
729 |
- |
730 |
-+ /* |
731 |
-+ * We need to try and merge add/drops of the same ref since we |
732 |
-+ * can run into issues with relocate dropping the implicit ref |
733 |
-+ * and then it being added back again before the drop can |
734 |
-+ * finish. If we merged anything we need to re-loop so we can |
735 |
-+ * get a good ref. |
736 |
-+ * Or we can get node references of the same type that weren't |
737 |
-+ * merged when created due to bumps in the tree mod seq, and |
738 |
-+ * we need to merge them to prevent adding an inline extent |
739 |
-+ * backref before dropping it (triggering a BUG_ON at |
740 |
-+ * insert_inline_extent_backref()). |
741 |
-+ */ |
742 |
- spin_lock(&locked_ref->lock); |
743 |
-+ btrfs_merge_delayed_refs(trans, fs_info, delayed_refs, |
744 |
-+ locked_ref); |
745 |
- |
746 |
- /* |
747 |
- * locked_ref is the head node, so we have to go one |
748 |
-@@ -3109,7 +3116,7 @@ static int __btrfs_mod_ref(struct btrfs_trans_handle *trans, |
749 |
- int level; |
750 |
- int ret = 0; |
751 |
- int (*process_func)(struct btrfs_trans_handle *, struct btrfs_root *, |
752 |
-- u64, u64, u64, u64, u64, u64, int); |
753 |
-+ u64, u64, u64, u64, u64, u64); |
754 |
- |
755 |
- |
756 |
- if (btrfs_test_is_dummy_root(root)) |
757 |
-@@ -3150,15 +3157,14 @@ static int __btrfs_mod_ref(struct btrfs_trans_handle *trans, |
758 |
- key.offset -= btrfs_file_extent_offset(buf, fi); |
759 |
- ret = process_func(trans, root, bytenr, num_bytes, |
760 |
- parent, ref_root, key.objectid, |
761 |
-- key.offset, 1); |
762 |
-+ key.offset); |
763 |
- if (ret) |
764 |
- goto fail; |
765 |
- } else { |
766 |
- bytenr = btrfs_node_blockptr(buf, i); |
767 |
- num_bytes = root->nodesize; |
768 |
- ret = process_func(trans, root, bytenr, num_bytes, |
769 |
-- parent, ref_root, level - 1, 0, |
770 |
-- 1); |
771 |
-+ parent, ref_root, level - 1, 0); |
772 |
- if (ret) |
773 |
- goto fail; |
774 |
- } |
775 |
-@@ -6233,7 +6239,6 @@ static int __btrfs_free_extent(struct btrfs_trans_handle *trans, |
776 |
- int extent_slot = 0; |
777 |
- int found_extent = 0; |
778 |
- int num_to_del = 1; |
779 |
-- int no_quota = node->no_quota; |
780 |
- u32 item_size; |
781 |
- u64 refs; |
782 |
- u64 bytenr = node->bytenr; |
783 |
-@@ -6242,9 +6247,6 @@ static int __btrfs_free_extent(struct btrfs_trans_handle *trans, |
784 |
- bool skinny_metadata = btrfs_fs_incompat(root->fs_info, |
785 |
- SKINNY_METADATA); |
786 |
- |
787 |
-- if (!info->quota_enabled || !is_fstree(root_objectid)) |
788 |
-- no_quota = 1; |
789 |
-- |
790 |
- path = btrfs_alloc_path(); |
791 |
- if (!path) |
792 |
- return -ENOMEM; |
793 |
-@@ -6570,7 +6572,7 @@ void btrfs_free_tree_block(struct btrfs_trans_handle *trans, |
794 |
- buf->start, buf->len, |
795 |
- parent, root->root_key.objectid, |
796 |
- btrfs_header_level(buf), |
797 |
-- BTRFS_DROP_DELAYED_REF, NULL, 0); |
798 |
-+ BTRFS_DROP_DELAYED_REF, NULL); |
799 |
- BUG_ON(ret); /* -ENOMEM */ |
800 |
- } |
801 |
- |
802 |
-@@ -6618,7 +6620,7 @@ out: |
803 |
- /* Can return -ENOMEM */ |
804 |
- int btrfs_free_extent(struct btrfs_trans_handle *trans, struct btrfs_root *root, |
805 |
- u64 bytenr, u64 num_bytes, u64 parent, u64 root_objectid, |
806 |
-- u64 owner, u64 offset, int no_quota) |
807 |
-+ u64 owner, u64 offset) |
808 |
- { |
809 |
- int ret; |
810 |
- struct btrfs_fs_info *fs_info = root->fs_info; |
811 |
-@@ -6641,13 +6643,13 @@ int btrfs_free_extent(struct btrfs_trans_handle *trans, struct btrfs_root *root, |
812 |
- ret = btrfs_add_delayed_tree_ref(fs_info, trans, bytenr, |
813 |
- num_bytes, |
814 |
- parent, root_objectid, (int)owner, |
815 |
-- BTRFS_DROP_DELAYED_REF, NULL, no_quota); |
816 |
-+ BTRFS_DROP_DELAYED_REF, NULL); |
817 |
- } else { |
818 |
- ret = btrfs_add_delayed_data_ref(fs_info, trans, bytenr, |
819 |
- num_bytes, |
820 |
- parent, root_objectid, owner, |
821 |
- offset, BTRFS_DROP_DELAYED_REF, |
822 |
-- NULL, no_quota); |
823 |
-+ NULL); |
824 |
- } |
825 |
- return ret; |
826 |
- } |
827 |
-@@ -7429,8 +7431,7 @@ static int alloc_reserved_tree_block(struct btrfs_trans_handle *trans, |
828 |
- struct btrfs_root *root, |
829 |
- u64 parent, u64 root_objectid, |
830 |
- u64 flags, struct btrfs_disk_key *key, |
831 |
-- int level, struct btrfs_key *ins, |
832 |
-- int no_quota) |
833 |
-+ int level, struct btrfs_key *ins) |
834 |
- { |
835 |
- int ret; |
836 |
- struct btrfs_fs_info *fs_info = root->fs_info; |
837 |
-@@ -7520,7 +7521,7 @@ int btrfs_alloc_reserved_file_extent(struct btrfs_trans_handle *trans, |
838 |
- ret = btrfs_add_delayed_data_ref(root->fs_info, trans, ins->objectid, |
839 |
- ins->offset, 0, |
840 |
- root_objectid, owner, offset, |
841 |
-- BTRFS_ADD_DELAYED_EXTENT, NULL, 0); |
842 |
-+ BTRFS_ADD_DELAYED_EXTENT, NULL); |
843 |
- return ret; |
844 |
- } |
845 |
- |
846 |
-@@ -7734,7 +7735,7 @@ struct extent_buffer *btrfs_alloc_tree_block(struct btrfs_trans_handle *trans, |
847 |
- ins.objectid, ins.offset, |
848 |
- parent, root_objectid, level, |
849 |
- BTRFS_ADD_DELAYED_EXTENT, |
850 |
-- extent_op, 0); |
851 |
-+ extent_op); |
852 |
- if (ret) |
853 |
- goto out_free_delayed; |
854 |
- } |
855 |
-@@ -8282,7 +8283,7 @@ skip: |
856 |
- } |
857 |
- } |
858 |
- ret = btrfs_free_extent(trans, root, bytenr, blocksize, parent, |
859 |
-- root->root_key.objectid, level - 1, 0, 0); |
860 |
-+ root->root_key.objectid, level - 1, 0); |
861 |
- BUG_ON(ret); /* -ENOMEM */ |
862 |
- } |
863 |
- btrfs_tree_unlock(next); |
864 |
-diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c |
865 |
-index 8c6f247..e27ea7a 100644 |
866 |
---- a/fs/btrfs/file.c |
867 |
-+++ b/fs/btrfs/file.c |
868 |
-@@ -756,8 +756,16 @@ next_slot: |
869 |
- } |
870 |
- |
871 |
- btrfs_item_key_to_cpu(leaf, &key, path->slots[0]); |
872 |
-- if (key.objectid > ino || |
873 |
-- key.type > BTRFS_EXTENT_DATA_KEY || key.offset >= end) |
874 |
-+ |
875 |
-+ if (key.objectid > ino) |
876 |
-+ break; |
877 |
-+ if (WARN_ON_ONCE(key.objectid < ino) || |
878 |
-+ key.type < BTRFS_EXTENT_DATA_KEY) { |
879 |
-+ ASSERT(del_nr == 0); |
880 |
-+ path->slots[0]++; |
881 |
-+ goto next_slot; |
882 |
-+ } |
883 |
-+ if (key.type > BTRFS_EXTENT_DATA_KEY || key.offset >= end) |
884 |
- break; |
885 |
- |
886 |
- fi = btrfs_item_ptr(leaf, path->slots[0], |
887 |
-@@ -776,8 +784,8 @@ next_slot: |
888 |
- btrfs_file_extent_inline_len(leaf, |
889 |
- path->slots[0], fi); |
890 |
- } else { |
891 |
-- WARN_ON(1); |
892 |
-- extent_end = search_start; |
893 |
-+ /* can't happen */ |
894 |
-+ BUG(); |
895 |
- } |
896 |
- |
897 |
- /* |
898 |
-@@ -847,7 +855,7 @@ next_slot: |
899 |
- disk_bytenr, num_bytes, 0, |
900 |
- root->root_key.objectid, |
901 |
- new_key.objectid, |
902 |
-- start - extent_offset, 1); |
903 |
-+ start - extent_offset); |
904 |
- BUG_ON(ret); /* -ENOMEM */ |
905 |
- } |
906 |
- key.offset = start; |
907 |
-@@ -925,7 +933,7 @@ delete_extent_item: |
908 |
- disk_bytenr, num_bytes, 0, |
909 |
- root->root_key.objectid, |
910 |
- key.objectid, key.offset - |
911 |
-- extent_offset, 0); |
912 |
-+ extent_offset); |
913 |
- BUG_ON(ret); /* -ENOMEM */ |
914 |
- inode_sub_bytes(inode, |
915 |
- extent_end - key.offset); |
916 |
-@@ -1204,7 +1212,7 @@ again: |
917 |
- |
918 |
- ret = btrfs_inc_extent_ref(trans, root, bytenr, num_bytes, 0, |
919 |
- root->root_key.objectid, |
920 |
-- ino, orig_offset, 1); |
921 |
-+ ino, orig_offset); |
922 |
- BUG_ON(ret); /* -ENOMEM */ |
923 |
- |
924 |
- if (split == start) { |
925 |
-@@ -1231,7 +1239,7 @@ again: |
926 |
- del_nr++; |
927 |
- ret = btrfs_free_extent(trans, root, bytenr, num_bytes, |
928 |
- 0, root->root_key.objectid, |
929 |
-- ino, orig_offset, 0); |
930 |
-+ ino, orig_offset); |
931 |
- BUG_ON(ret); /* -ENOMEM */ |
932 |
- } |
933 |
- other_start = 0; |
934 |
-@@ -1248,7 +1256,7 @@ again: |
935 |
- del_nr++; |
936 |
- ret = btrfs_free_extent(trans, root, bytenr, num_bytes, |
937 |
- 0, root->root_key.objectid, |
938 |
-- ino, orig_offset, 0); |
939 |
-+ ino, orig_offset); |
940 |
- BUG_ON(ret); /* -ENOMEM */ |
941 |
- } |
942 |
- if (del_nr == 0) { |
943 |
-@@ -1868,8 +1876,13 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) |
944 |
- struct btrfs_log_ctx ctx; |
945 |
- int ret = 0; |
946 |
- bool full_sync = 0; |
947 |
-- const u64 len = end - start + 1; |
948 |
-+ u64 len; |
949 |
- |
950 |
-+ /* |
951 |
-+ * The range length can be represented by u64, we have to do the typecasts |
952 |
-+ * to avoid signed overflow if it's [0, LLONG_MAX] eg. from fsync() |
953 |
-+ */ |
954 |
-+ len = (u64)end - (u64)start + 1; |
955 |
- trace_btrfs_sync_file(file, datasync); |
956 |
- |
957 |
- /* |
958 |
-@@ -2057,8 +2070,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) |
959 |
- } |
960 |
- } |
961 |
- if (!full_sync) { |
962 |
-- ret = btrfs_wait_ordered_range(inode, start, |
963 |
-- end - start + 1); |
964 |
-+ ret = btrfs_wait_ordered_range(inode, start, len); |
965 |
- if (ret) { |
966 |
- btrfs_end_transaction(trans, root); |
967 |
- goto out; |
968 |
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
969 |
-index 611b66d..396e3d5 100644 |
970 |
---- a/fs/btrfs/inode.c |
971 |
-+++ b/fs/btrfs/inode.c |
972 |
-@@ -1294,8 +1294,14 @@ next_slot: |
973 |
- num_bytes = 0; |
974 |
- btrfs_item_key_to_cpu(leaf, &found_key, path->slots[0]); |
975 |
- |
976 |
-- if (found_key.objectid > ino || |
977 |
-- found_key.type > BTRFS_EXTENT_DATA_KEY || |
978 |
-+ if (found_key.objectid > ino) |
979 |
-+ break; |
980 |
-+ if (WARN_ON_ONCE(found_key.objectid < ino) || |
981 |
-+ found_key.type < BTRFS_EXTENT_DATA_KEY) { |
982 |
-+ path->slots[0]++; |
983 |
-+ goto next_slot; |
984 |
-+ } |
985 |
-+ if (found_key.type > BTRFS_EXTENT_DATA_KEY || |
986 |
- found_key.offset > end) |
987 |
- break; |
988 |
- |
989 |
-@@ -2573,7 +2579,7 @@ again: |
990 |
- ret = btrfs_inc_extent_ref(trans, root, new->bytenr, |
991 |
- new->disk_len, 0, |
992 |
- backref->root_id, backref->inum, |
993 |
-- new->file_pos, 0); /* start - extent_offset */ |
994 |
-+ new->file_pos); /* start - extent_offset */ |
995 |
- if (ret) { |
996 |
- btrfs_abort_transaction(trans, root, ret); |
997 |
- goto out_free_path; |
998 |
-@@ -4217,6 +4223,47 @@ static int truncate_space_check(struct btrfs_trans_handle *trans, |
999 |
- |
1000 |
- } |
1001 |
- |
1002 |
-+static int truncate_inline_extent(struct inode *inode, |
1003 |
-+ struct btrfs_path *path, |
1004 |
-+ struct btrfs_key *found_key, |
1005 |
-+ const u64 item_end, |
1006 |
-+ const u64 new_size) |
1007 |
-+{ |
1008 |
-+ struct extent_buffer *leaf = path->nodes[0]; |
1009 |
-+ int slot = path->slots[0]; |
1010 |
-+ struct btrfs_file_extent_item *fi; |
1011 |
-+ u32 size = (u32)(new_size - found_key->offset); |
1012 |
-+ struct btrfs_root *root = BTRFS_I(inode)->root; |
1013 |
-+ |
1014 |
-+ fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item); |
1015 |
-+ |
1016 |
-+ if (btrfs_file_extent_compression(leaf, fi) != BTRFS_COMPRESS_NONE) { |
1017 |
-+ loff_t offset = new_size; |
1018 |
-+ loff_t page_end = ALIGN(offset, PAGE_CACHE_SIZE); |
1019 |
-+ |
1020 |
-+ /* |
1021 |
-+ * Zero out the remaining of the last page of our inline extent, |
1022 |
-+ * instead of directly truncating our inline extent here - that |
1023 |
-+ * would be much more complex (decompressing all the data, then |
1024 |
-+ * compressing the truncated data, which might be bigger than |
1025 |
-+ * the size of the inline extent, resize the extent, etc). |
1026 |
-+ * We release the path because to get the page we might need to |
1027 |
-+ * read the extent item from disk (data not in the page cache). |
1028 |
-+ */ |
1029 |
-+ btrfs_release_path(path); |
1030 |
-+ return btrfs_truncate_page(inode, offset, page_end - offset, 0); |
1031 |
-+ } |
1032 |
-+ |
1033 |
-+ btrfs_set_file_extent_ram_bytes(leaf, fi, size); |
1034 |
-+ size = btrfs_file_extent_calc_inline_size(size); |
1035 |
-+ btrfs_truncate_item(root, path, size, 1); |
1036 |
-+ |
1037 |
-+ if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) |
1038 |
-+ inode_sub_bytes(inode, item_end + 1 - new_size); |
1039 |
-+ |
1040 |
-+ return 0; |
1041 |
-+} |
1042 |
-+ |
1043 |
- /* |
1044 |
- * this can truncate away extent items, csum items and directory items. |
1045 |
- * It starts at a high offset and removes keys until it can't find |
1046 |
-@@ -4411,27 +4458,40 @@ search_again: |
1047 |
- * special encodings |
1048 |
- */ |
1049 |
- if (!del_item && |
1050 |
-- btrfs_file_extent_compression(leaf, fi) == 0 && |
1051 |
- btrfs_file_extent_encryption(leaf, fi) == 0 && |
1052 |
- btrfs_file_extent_other_encoding(leaf, fi) == 0) { |
1053 |
-- u32 size = new_size - found_key.offset; |
1054 |
-- |
1055 |
-- if (test_bit(BTRFS_ROOT_REF_COWS, &root->state)) |
1056 |
-- inode_sub_bytes(inode, item_end + 1 - |
1057 |
-- new_size); |
1058 |
- |
1059 |
- /* |
1060 |
-- * update the ram bytes to properly reflect |
1061 |
-- * the new size of our item |
1062 |
-+ * Need to release path in order to truncate a |
1063 |
-+ * compressed extent. So delete any accumulated |
1064 |
-+ * extent items so far. |
1065 |
- */ |
1066 |
-- btrfs_set_file_extent_ram_bytes(leaf, fi, size); |
1067 |
-- size = |
1068 |
-- btrfs_file_extent_calc_inline_size(size); |
1069 |
-- btrfs_truncate_item(root, path, size, 1); |
1070 |
-+ if (btrfs_file_extent_compression(leaf, fi) != |
1071 |
-+ BTRFS_COMPRESS_NONE && pending_del_nr) { |
1072 |
-+ err = btrfs_del_items(trans, root, path, |
1073 |
-+ pending_del_slot, |
1074 |
-+ pending_del_nr); |
1075 |
-+ if (err) { |
1076 |
-+ btrfs_abort_transaction(trans, |
1077 |
-+ root, |
1078 |
-+ err); |
1079 |
-+ goto error; |
1080 |
-+ } |
1081 |
-+ pending_del_nr = 0; |
1082 |
-+ } |
1083 |
-+ |
1084 |
-+ err = truncate_inline_extent(inode, path, |
1085 |
-+ &found_key, |
1086 |
-+ item_end, |
1087 |
-+ new_size); |
1088 |
-+ if (err) { |
1089 |
-+ btrfs_abort_transaction(trans, |
1090 |
-+ root, err); |
1091 |
-+ goto error; |
1092 |
-+ } |
1093 |
- } else if (test_bit(BTRFS_ROOT_REF_COWS, |
1094 |
- &root->state)) { |
1095 |
-- inode_sub_bytes(inode, item_end + 1 - |
1096 |
-- found_key.offset); |
1097 |
-+ inode_sub_bytes(inode, item_end + 1 - new_size); |
1098 |
- } |
1099 |
- } |
1100 |
- delete: |
1101 |
-@@ -4461,7 +4521,7 @@ delete: |
1102 |
- ret = btrfs_free_extent(trans, root, extent_start, |
1103 |
- extent_num_bytes, 0, |
1104 |
- btrfs_header_owner(leaf), |
1105 |
-- ino, extent_offset, 0); |
1106 |
-+ ino, extent_offset); |
1107 |
- BUG_ON(ret); |
1108 |
- if (btrfs_should_throttle_delayed_refs(trans, root)) |
1109 |
- btrfs_async_run_delayed_refs(root, |
1110 |
-diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c |
1111 |
-index 8d20f3b..6548a36 100644 |
1112 |
---- a/fs/btrfs/ioctl.c |
1113 |
-+++ b/fs/btrfs/ioctl.c |
1114 |
-@@ -3203,41 +3203,6 @@ out: |
1115 |
- return ret; |
1116 |
- } |
1117 |
- |
1118 |
--/* Helper to check and see if this root currently has a ref on the given disk |
1119 |
-- * bytenr. If it does then we need to update the quota for this root. This |
1120 |
-- * doesn't do anything if quotas aren't enabled. |
1121 |
-- */ |
1122 |
--static int check_ref(struct btrfs_trans_handle *trans, struct btrfs_root *root, |
1123 |
-- u64 disko) |
1124 |
--{ |
1125 |
-- struct seq_list tree_mod_seq_elem = SEQ_LIST_INIT(tree_mod_seq_elem); |
1126 |
-- struct ulist *roots; |
1127 |
-- struct ulist_iterator uiter; |
1128 |
-- struct ulist_node *root_node = NULL; |
1129 |
-- int ret; |
1130 |
-- |
1131 |
-- if (!root->fs_info->quota_enabled) |
1132 |
-- return 1; |
1133 |
-- |
1134 |
-- btrfs_get_tree_mod_seq(root->fs_info, &tree_mod_seq_elem); |
1135 |
-- ret = btrfs_find_all_roots(trans, root->fs_info, disko, |
1136 |
-- tree_mod_seq_elem.seq, &roots); |
1137 |
-- if (ret < 0) |
1138 |
-- goto out; |
1139 |
-- ret = 0; |
1140 |
-- ULIST_ITER_INIT(&uiter); |
1141 |
-- while ((root_node = ulist_next(roots, &uiter))) { |
1142 |
-- if (root_node->val == root->objectid) { |
1143 |
-- ret = 1; |
1144 |
-- break; |
1145 |
-- } |
1146 |
-- } |
1147 |
-- ulist_free(roots); |
1148 |
--out: |
1149 |
-- btrfs_put_tree_mod_seq(root->fs_info, &tree_mod_seq_elem); |
1150 |
-- return ret; |
1151 |
--} |
1152 |
-- |
1153 |
- static int clone_finish_inode_update(struct btrfs_trans_handle *trans, |
1154 |
- struct inode *inode, |
1155 |
- u64 endoff, |
1156 |
-@@ -3328,6 +3293,150 @@ static void clone_update_extent_map(struct inode *inode, |
1157 |
- &BTRFS_I(inode)->runtime_flags); |
1158 |
- } |
1159 |
- |
1160 |
-+/* |
1161 |
-+ * Make sure we do not end up inserting an inline extent into a file that has |
1162 |
-+ * already other (non-inline) extents. If a file has an inline extent it can |
1163 |
-+ * not have any other extents and the (single) inline extent must start at the |
1164 |
-+ * file offset 0. Failing to respect these rules will lead to file corruption, |
1165 |
-+ * resulting in EIO errors on read/write operations, hitting BUG_ON's in mm, etc |
1166 |
-+ * |
1167 |
-+ * We can have extents that have been already written to disk or we can have |
1168 |
-+ * dirty ranges still in delalloc, in which case the extent maps and items are |
1169 |
-+ * created only when we run delalloc, and the delalloc ranges might fall outside |
1170 |
-+ * the range we are currently locking in the inode's io tree. So we check the |
1171 |
-+ * inode's i_size because of that (i_size updates are done while holding the |
1172 |
-+ * i_mutex, which we are holding here). |
1173 |
-+ * We also check to see if the inode has a size not greater than "datal" but has |
1174 |
-+ * extents beyond it, due to an fallocate with FALLOC_FL_KEEP_SIZE (and we are |
1175 |
-+ * protected against such concurrent fallocate calls by the i_mutex). |
1176 |
-+ * |
1177 |
-+ * If the file has no extents but a size greater than datal, do not allow the |
1178 |
-+ * copy because we would need turn the inline extent into a non-inline one (even |
1179 |
-+ * with NO_HOLES enabled). If we find our destination inode only has one inline |
1180 |
-+ * extent, just overwrite it with the source inline extent if its size is less |
1181 |
-+ * than the source extent's size, or we could copy the source inline extent's |
1182 |
-+ * data into the destination inode's inline extent if the later is greater then |
1183 |
-+ * the former. |
1184 |
-+ */ |
1185 |
-+static int clone_copy_inline_extent(struct inode *src, |
1186 |
-+ struct inode *dst, |
1187 |
-+ struct btrfs_trans_handle *trans, |
1188 |
-+ struct btrfs_path *path, |
1189 |
-+ struct btrfs_key *new_key, |
1190 |
-+ const u64 drop_start, |
1191 |
-+ const u64 datal, |
1192 |
-+ const u64 skip, |
1193 |
-+ const u64 size, |
1194 |
-+ char *inline_data) |
1195 |
-+{ |
1196 |
-+ struct btrfs_root *root = BTRFS_I(dst)->root; |
1197 |
-+ const u64 aligned_end = ALIGN(new_key->offset + datal, |
1198 |
-+ root->sectorsize); |
1199 |
-+ int ret; |
1200 |
-+ struct btrfs_key key; |
1201 |
-+ |
1202 |
-+ if (new_key->offset > 0) |
1203 |
-+ return -EOPNOTSUPP; |
1204 |
-+ |
1205 |
-+ key.objectid = btrfs_ino(dst); |
1206 |
-+ key.type = BTRFS_EXTENT_DATA_KEY; |
1207 |
-+ key.offset = 0; |
1208 |
-+ ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); |
1209 |
-+ if (ret < 0) { |
1210 |
-+ return ret; |
1211 |
-+ } else if (ret > 0) { |
1212 |
-+ if (path->slots[0] >= btrfs_header_nritems(path->nodes[0])) { |
1213 |
-+ ret = btrfs_next_leaf(root, path); |
1214 |
-+ if (ret < 0) |
1215 |
-+ return ret; |
1216 |
-+ else if (ret > 0) |
1217 |
-+ goto copy_inline_extent; |
1218 |
-+ } |
1219 |
-+ btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0]); |
1220 |
-+ if (key.objectid == btrfs_ino(dst) && |
1221 |
-+ key.type == BTRFS_EXTENT_DATA_KEY) { |
1222 |
-+ ASSERT(key.offset > 0); |
1223 |
-+ return -EOPNOTSUPP; |
1224 |
-+ } |
1225 |
-+ } else if (i_size_read(dst) <= datal) { |
1226 |
-+ struct btrfs_file_extent_item *ei; |
1227 |
-+ u64 ext_len; |
1228 |
-+ |
1229 |
-+ /* |
1230 |
-+ * If the file size is <= datal, make sure there are no other |
1231 |
-+ * extents following (can happen do to an fallocate call with |
1232 |
-+ * the flag FALLOC_FL_KEEP_SIZE). |
1233 |
-+ */ |
1234 |
-+ ei = btrfs_item_ptr(path->nodes[0], path->slots[0], |
1235 |
-+ struct btrfs_file_extent_item); |
1236 |
-+ /* |
1237 |
-+ * If it's an inline extent, it can not have other extents |
1238 |
-+ * following it. |
1239 |
-+ */ |
1240 |
-+ if (btrfs_file_extent_type(path->nodes[0], ei) == |
1241 |
-+ BTRFS_FILE_EXTENT_INLINE) |
1242 |
-+ goto copy_inline_extent; |
1243 |
-+ |
1244 |
-+ ext_len = btrfs_file_extent_num_bytes(path->nodes[0], ei); |
1245 |
-+ if (ext_len > aligned_end) |
1246 |
-+ return -EOPNOTSUPP; |
1247 |
-+ |
1248 |
-+ ret = btrfs_next_item(root, path); |
1249 |
-+ if (ret < 0) { |
1250 |
-+ return ret; |
1251 |
-+ } else if (ret == 0) { |
1252 |
-+ btrfs_item_key_to_cpu(path->nodes[0], &key, |
1253 |
-+ path->slots[0]); |
1254 |
-+ if (key.objectid == btrfs_ino(dst) && |
1255 |
-+ key.type == BTRFS_EXTENT_DATA_KEY) |
1256 |
-+ return -EOPNOTSUPP; |
1257 |
-+ } |
1258 |
-+ } |
1259 |
-+ |
1260 |
-+copy_inline_extent: |
1261 |
-+ /* |
1262 |
-+ * We have no extent items, or we have an extent at offset 0 which may |
1263 |
-+ * or may not be inlined. All these cases are dealt the same way. |
1264 |
-+ */ |
1265 |
-+ if (i_size_read(dst) > datal) { |
1266 |
-+ /* |
1267 |
-+ * If the destination inode has an inline extent... |
1268 |
-+ * This would require copying the data from the source inline |
1269 |
-+ * extent into the beginning of the destination's inline extent. |
1270 |
-+ * But this is really complex, both extents can be compressed |
1271 |
-+ * or just one of them, which would require decompressing and |
1272 |
-+ * re-compressing data (which could increase the new compressed |
1273 |
-+ * size, not allowing the compressed data to fit anymore in an |
1274 |
-+ * inline extent). |
1275 |
-+ * So just don't support this case for now (it should be rare, |
1276 |
-+ * we are not really saving space when cloning inline extents). |
1277 |
-+ */ |
1278 |
-+ return -EOPNOTSUPP; |
1279 |
-+ } |
1280 |
-+ |
1281 |
-+ btrfs_release_path(path); |
1282 |
-+ ret = btrfs_drop_extents(trans, root, dst, drop_start, aligned_end, 1); |
1283 |
-+ if (ret) |
1284 |
-+ return ret; |
1285 |
-+ ret = btrfs_insert_empty_item(trans, root, path, new_key, size); |
1286 |
-+ if (ret) |
1287 |
-+ return ret; |
1288 |
-+ |
1289 |
-+ if (skip) { |
1290 |
-+ const u32 start = btrfs_file_extent_calc_inline_size(0); |
1291 |
-+ |
1292 |
-+ memmove(inline_data + start, inline_data + start + skip, datal); |
1293 |
-+ } |
1294 |
-+ |
1295 |
-+ write_extent_buffer(path->nodes[0], inline_data, |
1296 |
-+ btrfs_item_ptr_offset(path->nodes[0], |
1297 |
-+ path->slots[0]), |
1298 |
-+ size); |
1299 |
-+ inode_add_bytes(dst, datal); |
1300 |
-+ |
1301 |
-+ return 0; |
1302 |
-+} |
1303 |
-+ |
1304 |
- /** |
1305 |
- * btrfs_clone() - clone a range from inode file to another |
1306 |
- * |
1307 |
-@@ -3352,9 +3461,7 @@ static int btrfs_clone(struct inode *src, struct inode *inode, |
1308 |
- u32 nritems; |
1309 |
- int slot; |
1310 |
- int ret; |
1311 |
-- int no_quota; |
1312 |
- const u64 len = olen_aligned; |
1313 |
-- u64 last_disko = 0; |
1314 |
- u64 last_dest_end = destoff; |
1315 |
- |
1316 |
- ret = -ENOMEM; |
1317 |
-@@ -3400,7 +3507,6 @@ static int btrfs_clone(struct inode *src, struct inode *inode, |
1318 |
- |
1319 |
- nritems = btrfs_header_nritems(path->nodes[0]); |
1320 |
- process_slot: |
1321 |
-- no_quota = 1; |
1322 |
- if (path->slots[0] >= nritems) { |
1323 |
- ret = btrfs_next_leaf(BTRFS_I(src)->root, path); |
1324 |
- if (ret < 0) |
1325 |
-@@ -3552,35 +3658,13 @@ process_slot: |
1326 |
- btrfs_set_file_extent_num_bytes(leaf, extent, |
1327 |
- datal); |
1328 |
- |
1329 |
-- /* |
1330 |
-- * We need to look up the roots that point at |
1331 |
-- * this bytenr and see if the new root does. If |
1332 |
-- * it does not we need to make sure we update |
1333 |
-- * quotas appropriately. |
1334 |
-- */ |
1335 |
-- if (disko && root != BTRFS_I(src)->root && |
1336 |
-- disko != last_disko) { |
1337 |
-- no_quota = check_ref(trans, root, |
1338 |
-- disko); |
1339 |
-- if (no_quota < 0) { |
1340 |
-- btrfs_abort_transaction(trans, |
1341 |
-- root, |
1342 |
-- ret); |
1343 |
-- btrfs_end_transaction(trans, |
1344 |
-- root); |
1345 |
-- ret = no_quota; |
1346 |
-- goto out; |
1347 |
-- } |
1348 |
-- } |
1349 |
-- |
1350 |
- if (disko) { |
1351 |
- inode_add_bytes(inode, datal); |
1352 |
- ret = btrfs_inc_extent_ref(trans, root, |
1353 |
- disko, diskl, 0, |
1354 |
- root->root_key.objectid, |
1355 |
- btrfs_ino(inode), |
1356 |
-- new_key.offset - datao, |
1357 |
-- no_quota); |
1358 |
-+ new_key.offset - datao); |
1359 |
- if (ret) { |
1360 |
- btrfs_abort_transaction(trans, |
1361 |
- root, |
1362 |
-@@ -3594,21 +3678,6 @@ process_slot: |
1363 |
- } else if (type == BTRFS_FILE_EXTENT_INLINE) { |
1364 |
- u64 skip = 0; |
1365 |
- u64 trim = 0; |
1366 |
-- u64 aligned_end = 0; |
1367 |
-- |
1368 |
-- /* |
1369 |
-- * Don't copy an inline extent into an offset |
1370 |
-- * greater than zero. Having an inline extent |
1371 |
-- * at such an offset results in chaos as btrfs |
1372 |
-- * isn't prepared for such cases. Just skip |
1373 |
-- * this case for the same reasons as commented |
1374 |
-- * at btrfs_ioctl_clone(). |
1375 |
-- */ |
1376 |
-- if (last_dest_end > 0) { |
1377 |
-- ret = -EOPNOTSUPP; |
1378 |
-- btrfs_end_transaction(trans, root); |
1379 |
-- goto out; |
1380 |
-- } |
1381 |
- |
1382 |
- if (off > key.offset) { |
1383 |
- skip = off - key.offset; |
1384 |
-@@ -3626,42 +3695,22 @@ process_slot: |
1385 |
- size -= skip + trim; |
1386 |
- datal -= skip + trim; |
1387 |
- |
1388 |
-- aligned_end = ALIGN(new_key.offset + datal, |
1389 |
-- root->sectorsize); |
1390 |
-- ret = btrfs_drop_extents(trans, root, inode, |
1391 |
-- drop_start, |
1392 |
-- aligned_end, |
1393 |
-- 1); |
1394 |
-+ ret = clone_copy_inline_extent(src, inode, |
1395 |
-+ trans, path, |
1396 |
-+ &new_key, |
1397 |
-+ drop_start, |
1398 |
-+ datal, |
1399 |
-+ skip, size, buf); |
1400 |
- if (ret) { |
1401 |
- if (ret != -EOPNOTSUPP) |
1402 |
- btrfs_abort_transaction(trans, |
1403 |
-- root, ret); |
1404 |
-- btrfs_end_transaction(trans, root); |
1405 |
-- goto out; |
1406 |
-- } |
1407 |
-- |
1408 |
-- ret = btrfs_insert_empty_item(trans, root, path, |
1409 |
-- &new_key, size); |
1410 |
-- if (ret) { |
1411 |
-- btrfs_abort_transaction(trans, root, |
1412 |
-- ret); |
1413 |
-+ root, |
1414 |
-+ ret); |
1415 |
- btrfs_end_transaction(trans, root); |
1416 |
- goto out; |
1417 |
- } |
1418 |
-- |
1419 |
-- if (skip) { |
1420 |
-- u32 start = |
1421 |
-- btrfs_file_extent_calc_inline_size(0); |
1422 |
-- memmove(buf+start, buf+start+skip, |
1423 |
-- datal); |
1424 |
-- } |
1425 |
-- |
1426 |
- leaf = path->nodes[0]; |
1427 |
- slot = path->slots[0]; |
1428 |
-- write_extent_buffer(leaf, buf, |
1429 |
-- btrfs_item_ptr_offset(leaf, slot), |
1430 |
-- size); |
1431 |
-- inode_add_bytes(inode, datal); |
1432 |
- } |
1433 |
- |
1434 |
- /* If we have an implicit hole (NO_HOLES feature). */ |
1435 |
-diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c |
1436 |
-index 303babe..ab507e3 100644 |
1437 |
---- a/fs/btrfs/relocation.c |
1438 |
-+++ b/fs/btrfs/relocation.c |
1439 |
-@@ -1716,7 +1716,7 @@ int replace_file_extents(struct btrfs_trans_handle *trans, |
1440 |
- ret = btrfs_inc_extent_ref(trans, root, new_bytenr, |
1441 |
- num_bytes, parent, |
1442 |
- btrfs_header_owner(leaf), |
1443 |
-- key.objectid, key.offset, 1); |
1444 |
-+ key.objectid, key.offset); |
1445 |
- if (ret) { |
1446 |
- btrfs_abort_transaction(trans, root, ret); |
1447 |
- break; |
1448 |
-@@ -1724,7 +1724,7 @@ int replace_file_extents(struct btrfs_trans_handle *trans, |
1449 |
- |
1450 |
- ret = btrfs_free_extent(trans, root, bytenr, num_bytes, |
1451 |
- parent, btrfs_header_owner(leaf), |
1452 |
-- key.objectid, key.offset, 1); |
1453 |
-+ key.objectid, key.offset); |
1454 |
- if (ret) { |
1455 |
- btrfs_abort_transaction(trans, root, ret); |
1456 |
- break; |
1457 |
-@@ -1900,23 +1900,21 @@ again: |
1458 |
- |
1459 |
- ret = btrfs_inc_extent_ref(trans, src, old_bytenr, blocksize, |
1460 |
- path->nodes[level]->start, |
1461 |
-- src->root_key.objectid, level - 1, 0, |
1462 |
-- 1); |
1463 |
-+ src->root_key.objectid, level - 1, 0); |
1464 |
- BUG_ON(ret); |
1465 |
- ret = btrfs_inc_extent_ref(trans, dest, new_bytenr, blocksize, |
1466 |
- 0, dest->root_key.objectid, level - 1, |
1467 |
-- 0, 1); |
1468 |
-+ 0); |
1469 |
- BUG_ON(ret); |
1470 |
- |
1471 |
- ret = btrfs_free_extent(trans, src, new_bytenr, blocksize, |
1472 |
- path->nodes[level]->start, |
1473 |
-- src->root_key.objectid, level - 1, 0, |
1474 |
-- 1); |
1475 |
-+ src->root_key.objectid, level - 1, 0); |
1476 |
- BUG_ON(ret); |
1477 |
- |
1478 |
- ret = btrfs_free_extent(trans, dest, old_bytenr, blocksize, |
1479 |
- 0, dest->root_key.objectid, level - 1, |
1480 |
-- 0, 1); |
1481 |
-+ 0); |
1482 |
- BUG_ON(ret); |
1483 |
- |
1484 |
- btrfs_unlock_up_safe(path, 0); |
1485 |
-@@ -2745,7 +2743,7 @@ static int do_relocation(struct btrfs_trans_handle *trans, |
1486 |
- node->eb->start, blocksize, |
1487 |
- upper->eb->start, |
1488 |
- btrfs_header_owner(upper->eb), |
1489 |
-- node->level, 0, 1); |
1490 |
-+ node->level, 0); |
1491 |
- BUG_ON(ret); |
1492 |
- |
1493 |
- ret = btrfs_drop_subtree(trans, root, eb, upper->eb); |
1494 |
-diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c |
1495 |
-index a739b82..23bb2e4 100644 |
1496 |
---- a/fs/btrfs/send.c |
1497 |
-+++ b/fs/btrfs/send.c |
1498 |
-@@ -2353,8 +2353,14 @@ static int send_subvol_begin(struct send_ctx *sctx) |
1499 |
- } |
1500 |
- |
1501 |
- TLV_PUT_STRING(sctx, BTRFS_SEND_A_PATH, name, namelen); |
1502 |
-- TLV_PUT_UUID(sctx, BTRFS_SEND_A_UUID, |
1503 |
-- sctx->send_root->root_item.uuid); |
1504 |
-+ |
1505 |
-+ if (!btrfs_is_empty_uuid(sctx->send_root->root_item.received_uuid)) |
1506 |
-+ TLV_PUT_UUID(sctx, BTRFS_SEND_A_UUID, |
1507 |
-+ sctx->send_root->root_item.received_uuid); |
1508 |
-+ else |
1509 |
-+ TLV_PUT_UUID(sctx, BTRFS_SEND_A_UUID, |
1510 |
-+ sctx->send_root->root_item.uuid); |
1511 |
-+ |
1512 |
- TLV_PUT_U64(sctx, BTRFS_SEND_A_CTRANSID, |
1513 |
- le64_to_cpu(sctx->send_root->root_item.ctransid)); |
1514 |
- if (parent_root) { |
1515 |
-diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
1516 |
-index 1bbaace..6f8af2d 100644 |
1517 |
---- a/fs/btrfs/tree-log.c |
1518 |
-+++ b/fs/btrfs/tree-log.c |
1519 |
-@@ -691,7 +691,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, |
1520 |
- ret = btrfs_inc_extent_ref(trans, root, |
1521 |
- ins.objectid, ins.offset, |
1522 |
- 0, root->root_key.objectid, |
1523 |
-- key->objectid, offset, 0); |
1524 |
-+ key->objectid, offset); |
1525 |
- if (ret) |
1526 |
- goto out; |
1527 |
- } else { |
1528 |
-diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c |
1529 |
-index 6f518c9..1fcd7b6 100644 |
1530 |
---- a/fs/btrfs/xattr.c |
1531 |
-+++ b/fs/btrfs/xattr.c |
1532 |
-@@ -313,8 +313,10 @@ ssize_t btrfs_listxattr(struct dentry *dentry, char *buffer, size_t size) |
1533 |
- /* check to make sure this item is what we want */ |
1534 |
- if (found_key.objectid != key.objectid) |
1535 |
- break; |
1536 |
-- if (found_key.type != BTRFS_XATTR_ITEM_KEY) |
1537 |
-+ if (found_key.type > BTRFS_XATTR_ITEM_KEY) |
1538 |
- break; |
1539 |
-+ if (found_key.type < BTRFS_XATTR_ITEM_KEY) |
1540 |
-+ goto next; |
1541 |
- |
1542 |
- di = btrfs_item_ptr(leaf, slot, struct btrfs_dir_item); |
1543 |
- if (verify_dir_item(root, leaf, di)) |
1544 |
-diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c |
1545 |
-index 51cb02d..fe2c982 100644 |
1546 |
---- a/fs/ceph/mds_client.c |
1547 |
-+++ b/fs/ceph/mds_client.c |
1548 |
-@@ -1935,7 +1935,7 @@ static struct ceph_msg *create_request_message(struct ceph_mds_client *mdsc, |
1549 |
- |
1550 |
- len = sizeof(*head) + |
1551 |
- pathlen1 + pathlen2 + 2*(1 + sizeof(u32) + sizeof(u64)) + |
1552 |
-- sizeof(struct timespec); |
1553 |
-+ sizeof(struct ceph_timespec); |
1554 |
- |
1555 |
- /* calculate (max) length for cap releases */ |
1556 |
- len += sizeof(struct ceph_mds_request_release) * |
1557 |
-diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c |
1558 |
-index c711be8..9c8d233 100644 |
1559 |
---- a/fs/debugfs/inode.c |
1560 |
-+++ b/fs/debugfs/inode.c |
1561 |
-@@ -271,8 +271,12 @@ static struct dentry *start_creating(const char *name, struct dentry *parent) |
1562 |
- dput(dentry); |
1563 |
- dentry = ERR_PTR(-EEXIST); |
1564 |
- } |
1565 |
-- if (IS_ERR(dentry)) |
1566 |
-+ |
1567 |
-+ if (IS_ERR(dentry)) { |
1568 |
- mutex_unlock(&d_inode(parent)->i_mutex); |
1569 |
-+ simple_release_fs(&debugfs_mount, &debugfs_mount_count); |
1570 |
-+ } |
1571 |
-+ |
1572 |
- return dentry; |
1573 |
- } |
1574 |
- |
1575 |
-diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c |
1576 |
-index 4573155..2fab243 100644 |
1577 |
---- a/fs/ext4/crypto.c |
1578 |
-+++ b/fs/ext4/crypto.c |
1579 |
-@@ -411,7 +411,13 @@ int ext4_encrypted_zeroout(struct inode *inode, struct ext4_extent *ex) |
1580 |
- ext4_lblk_t lblk = ex->ee_block; |
1581 |
- ext4_fsblk_t pblk = ext4_ext_pblock(ex); |
1582 |
- unsigned int len = ext4_ext_get_actual_len(ex); |
1583 |
-- int err = 0; |
1584 |
-+ int ret, err = 0; |
1585 |
-+ |
1586 |
-+#if 0 |
1587 |
-+ ext4_msg(inode->i_sb, KERN_CRIT, |
1588 |
-+ "ext4_encrypted_zeroout ino %lu lblk %u len %u", |
1589 |
-+ (unsigned long) inode->i_ino, lblk, len); |
1590 |
-+#endif |
1591 |
- |
1592 |
- BUG_ON(inode->i_sb->s_blocksize != PAGE_CACHE_SIZE); |
1593 |
- |
1594 |
-@@ -437,17 +443,26 @@ int ext4_encrypted_zeroout(struct inode *inode, struct ext4_extent *ex) |
1595 |
- goto errout; |
1596 |
- } |
1597 |
- bio->bi_bdev = inode->i_sb->s_bdev; |
1598 |
-- bio->bi_iter.bi_sector = pblk; |
1599 |
-- err = bio_add_page(bio, ciphertext_page, |
1600 |
-+ bio->bi_iter.bi_sector = |
1601 |
-+ pblk << (inode->i_sb->s_blocksize_bits - 9); |
1602 |
-+ ret = bio_add_page(bio, ciphertext_page, |
1603 |
- inode->i_sb->s_blocksize, 0); |
1604 |
-- if (err) { |
1605 |
-+ if (ret != inode->i_sb->s_blocksize) { |
1606 |
-+ /* should never happen! */ |
1607 |
-+ ext4_msg(inode->i_sb, KERN_ERR, |
1608 |
-+ "bio_add_page failed: %d", ret); |
1609 |
-+ WARN_ON(1); |
1610 |
- bio_put(bio); |
1611 |
-+ err = -EIO; |
1612 |
- goto errout; |
1613 |
- } |
1614 |
- err = submit_bio_wait(WRITE, bio); |
1615 |
-+ if ((err == 0) && bio->bi_error) |
1616 |
-+ err = -EIO; |
1617 |
- bio_put(bio); |
1618 |
- if (err) |
1619 |
- goto errout; |
1620 |
-+ lblk++; pblk++; |
1621 |
- } |
1622 |
- err = 0; |
1623 |
- errout: |
1624 |
-diff --git a/fs/ext4/ext4_jbd2.c b/fs/ext4/ext4_jbd2.c |
1625 |
-index d418431..e770c1ee 100644 |
1626 |
---- a/fs/ext4/ext4_jbd2.c |
1627 |
-+++ b/fs/ext4/ext4_jbd2.c |
1628 |
-@@ -88,13 +88,13 @@ int __ext4_journal_stop(const char *where, unsigned int line, handle_t *handle) |
1629 |
- return 0; |
1630 |
- } |
1631 |
- |
1632 |
-+ err = handle->h_err; |
1633 |
- if (!handle->h_transaction) { |
1634 |
-- err = jbd2_journal_stop(handle); |
1635 |
-- return handle->h_err ? handle->h_err : err; |
1636 |
-+ rc = jbd2_journal_stop(handle); |
1637 |
-+ return err ? err : rc; |
1638 |
- } |
1639 |
- |
1640 |
- sb = handle->h_transaction->t_journal->j_private; |
1641 |
-- err = handle->h_err; |
1642 |
- rc = jbd2_journal_stop(handle); |
1643 |
- |
1644 |
- if (!err) |
1645 |
-diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c |
1646 |
-index 2553aa8..7f486e3 100644 |
1647 |
---- a/fs/ext4/extents.c |
1648 |
-+++ b/fs/ext4/extents.c |
1649 |
-@@ -3558,6 +3558,9 @@ static int ext4_ext_convert_to_initialized(handle_t *handle, |
1650 |
- max_zeroout = sbi->s_extent_max_zeroout_kb >> |
1651 |
- (inode->i_sb->s_blocksize_bits - 10); |
1652 |
- |
1653 |
-+ if (ext4_encrypted_inode(inode)) |
1654 |
-+ max_zeroout = 0; |
1655 |
-+ |
1656 |
- /* If extent is less than s_max_zeroout_kb, zeroout directly */ |
1657 |
- if (max_zeroout && (ee_len <= max_zeroout)) { |
1658 |
- err = ext4_ext_zeroout(inode, ex); |
1659 |
-diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c |
1660 |
-index 84ba4d2..17fbe38 100644 |
1661 |
---- a/fs/ext4/page-io.c |
1662 |
-+++ b/fs/ext4/page-io.c |
1663 |
-@@ -425,6 +425,7 @@ int ext4_bio_write_page(struct ext4_io_submit *io, |
1664 |
- struct buffer_head *bh, *head; |
1665 |
- int ret = 0; |
1666 |
- int nr_submitted = 0; |
1667 |
-+ int nr_to_submit = 0; |
1668 |
- |
1669 |
- blocksize = 1 << inode->i_blkbits; |
1670 |
- |
1671 |
-@@ -477,11 +478,13 @@ int ext4_bio_write_page(struct ext4_io_submit *io, |
1672 |
- unmap_underlying_metadata(bh->b_bdev, bh->b_blocknr); |
1673 |
- } |
1674 |
- set_buffer_async_write(bh); |
1675 |
-+ nr_to_submit++; |
1676 |
- } while ((bh = bh->b_this_page) != head); |
1677 |
- |
1678 |
- bh = head = page_buffers(page); |
1679 |
- |
1680 |
-- if (ext4_encrypted_inode(inode) && S_ISREG(inode->i_mode)) { |
1681 |
-+ if (ext4_encrypted_inode(inode) && S_ISREG(inode->i_mode) && |
1682 |
-+ nr_to_submit) { |
1683 |
- data_page = ext4_encrypt(inode, page); |
1684 |
- if (IS_ERR(data_page)) { |
1685 |
- ret = PTR_ERR(data_page); |
1686 |
-diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
1687 |
-index a63c7b0..df84bd2 100644 |
1688 |
---- a/fs/ext4/super.c |
1689 |
-+++ b/fs/ext4/super.c |
1690 |
-@@ -394,9 +394,13 @@ static void ext4_handle_error(struct super_block *sb) |
1691 |
- smp_wmb(); |
1692 |
- sb->s_flags |= MS_RDONLY; |
1693 |
- } |
1694 |
-- if (test_opt(sb, ERRORS_PANIC)) |
1695 |
-+ if (test_opt(sb, ERRORS_PANIC)) { |
1696 |
-+ if (EXT4_SB(sb)->s_journal && |
1697 |
-+ !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) |
1698 |
-+ return; |
1699 |
- panic("EXT4-fs (device %s): panic forced after error\n", |
1700 |
- sb->s_id); |
1701 |
-+ } |
1702 |
- } |
1703 |
- |
1704 |
- #define ext4_error_ratelimit(sb) \ |
1705 |
-@@ -585,8 +589,12 @@ void __ext4_abort(struct super_block *sb, const char *function, |
1706 |
- jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO); |
1707 |
- save_error_info(sb, function, line); |
1708 |
- } |
1709 |
-- if (test_opt(sb, ERRORS_PANIC)) |
1710 |
-+ if (test_opt(sb, ERRORS_PANIC)) { |
1711 |
-+ if (EXT4_SB(sb)->s_journal && |
1712 |
-+ !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) |
1713 |
-+ return; |
1714 |
- panic("EXT4-fs panic from previous error\n"); |
1715 |
-+ } |
1716 |
- } |
1717 |
- |
1718 |
- void __ext4_msg(struct super_block *sb, |
1719 |
-diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c |
1720 |
-index 8270fe9..37023d0 100644 |
1721 |
---- a/fs/jbd2/journal.c |
1722 |
-+++ b/fs/jbd2/journal.c |
1723 |
-@@ -2071,8 +2071,12 @@ static void __journal_abort_soft (journal_t *journal, int errno) |
1724 |
- |
1725 |
- __jbd2_journal_abort_hard(journal); |
1726 |
- |
1727 |
-- if (errno) |
1728 |
-+ if (errno) { |
1729 |
- jbd2_journal_update_sb_errno(journal); |
1730 |
-+ write_lock(&journal->j_state_lock); |
1731 |
-+ journal->j_flags |= JBD2_REC_ERR; |
1732 |
-+ write_unlock(&journal->j_state_lock); |
1733 |
-+ } |
1734 |
- } |
1735 |
- |
1736 |
- /** |
1737 |
-diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c |
1738 |
-index 326d9e1..ffdf9b9 100644 |
1739 |
---- a/fs/nfs/inode.c |
1740 |
-+++ b/fs/nfs/inode.c |
1741 |
-@@ -1824,7 +1824,11 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr) |
1742 |
- if ((long)fattr->gencount - (long)nfsi->attr_gencount > 0) |
1743 |
- nfsi->attr_gencount = fattr->gencount; |
1744 |
- } |
1745 |
-- invalid &= ~NFS_INO_INVALID_ATTR; |
1746 |
-+ |
1747 |
-+ /* Don't declare attrcache up to date if there were no attrs! */ |
1748 |
-+ if (fattr->valid != 0) |
1749 |
-+ invalid &= ~NFS_INO_INVALID_ATTR; |
1750 |
-+ |
1751 |
- /* Don't invalidate the data if we were to blame */ |
1752 |
- if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) |
1753 |
- || S_ISLNK(inode->i_mode))) |
1754 |
-diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c |
1755 |
-index 223bedd..10410e8 100644 |
1756 |
---- a/fs/nfs/nfs4client.c |
1757 |
-+++ b/fs/nfs/nfs4client.c |
1758 |
-@@ -33,7 +33,7 @@ static int nfs_get_cb_ident_idr(struct nfs_client *clp, int minorversion) |
1759 |
- return ret; |
1760 |
- idr_preload(GFP_KERNEL); |
1761 |
- spin_lock(&nn->nfs_client_lock); |
1762 |
-- ret = idr_alloc(&nn->cb_ident_idr, clp, 0, 0, GFP_NOWAIT); |
1763 |
-+ ret = idr_alloc(&nn->cb_ident_idr, clp, 1, 0, GFP_NOWAIT); |
1764 |
- if (ret >= 0) |
1765 |
- clp->cl_cb_ident = ret; |
1766 |
- spin_unlock(&nn->nfs_client_lock); |
1767 |
-diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c |
1768 |
-index 8abe271..abf5cae 100644 |
1769 |
---- a/fs/nfs/pnfs.c |
1770 |
-+++ b/fs/nfs/pnfs.c |
1771 |
-@@ -872,33 +872,38 @@ send_layoutget(struct pnfs_layout_hdr *lo, |
1772 |
- |
1773 |
- dprintk("--> %s\n", __func__); |
1774 |
- |
1775 |
-- lgp = kzalloc(sizeof(*lgp), gfp_flags); |
1776 |
-- if (lgp == NULL) |
1777 |
-- return NULL; |
1778 |
-+ /* |
1779 |
-+ * Synchronously retrieve layout information from server and |
1780 |
-+ * store in lseg. If we race with a concurrent seqid morphing |
1781 |
-+ * op, then re-send the LAYOUTGET. |
1782 |
-+ */ |
1783 |
-+ do { |
1784 |
-+ lgp = kzalloc(sizeof(*lgp), gfp_flags); |
1785 |
-+ if (lgp == NULL) |
1786 |
-+ return NULL; |
1787 |
-+ |
1788 |
-+ i_size = i_size_read(ino); |
1789 |
-+ |
1790 |
-+ lgp->args.minlength = PAGE_CACHE_SIZE; |
1791 |
-+ if (lgp->args.minlength > range->length) |
1792 |
-+ lgp->args.minlength = range->length; |
1793 |
-+ if (range->iomode == IOMODE_READ) { |
1794 |
-+ if (range->offset >= i_size) |
1795 |
-+ lgp->args.minlength = 0; |
1796 |
-+ else if (i_size - range->offset < lgp->args.minlength) |
1797 |
-+ lgp->args.minlength = i_size - range->offset; |
1798 |
-+ } |
1799 |
-+ lgp->args.maxcount = PNFS_LAYOUT_MAXSIZE; |
1800 |
-+ lgp->args.range = *range; |
1801 |
-+ lgp->args.type = server->pnfs_curr_ld->id; |
1802 |
-+ lgp->args.inode = ino; |
1803 |
-+ lgp->args.ctx = get_nfs_open_context(ctx); |
1804 |
-+ lgp->gfp_flags = gfp_flags; |
1805 |
-+ lgp->cred = lo->plh_lc_cred; |
1806 |
- |
1807 |
-- i_size = i_size_read(ino); |
1808 |
-+ lseg = nfs4_proc_layoutget(lgp, gfp_flags); |
1809 |
-+ } while (lseg == ERR_PTR(-EAGAIN)); |
1810 |
- |
1811 |
-- lgp->args.minlength = PAGE_CACHE_SIZE; |
1812 |
-- if (lgp->args.minlength > range->length) |
1813 |
-- lgp->args.minlength = range->length; |
1814 |
-- if (range->iomode == IOMODE_READ) { |
1815 |
-- if (range->offset >= i_size) |
1816 |
-- lgp->args.minlength = 0; |
1817 |
-- else if (i_size - range->offset < lgp->args.minlength) |
1818 |
-- lgp->args.minlength = i_size - range->offset; |
1819 |
-- } |
1820 |
-- lgp->args.maxcount = PNFS_LAYOUT_MAXSIZE; |
1821 |
-- lgp->args.range = *range; |
1822 |
-- lgp->args.type = server->pnfs_curr_ld->id; |
1823 |
-- lgp->args.inode = ino; |
1824 |
-- lgp->args.ctx = get_nfs_open_context(ctx); |
1825 |
-- lgp->gfp_flags = gfp_flags; |
1826 |
-- lgp->cred = lo->plh_lc_cred; |
1827 |
-- |
1828 |
-- /* Synchronously retrieve layout information from server and |
1829 |
-- * store in lseg. |
1830 |
-- */ |
1831 |
-- lseg = nfs4_proc_layoutget(lgp, gfp_flags); |
1832 |
- if (IS_ERR(lseg)) { |
1833 |
- switch (PTR_ERR(lseg)) { |
1834 |
- case -ENOMEM: |
1835 |
-@@ -1687,6 +1692,7 @@ pnfs_layout_process(struct nfs4_layoutget *lgp) |
1836 |
- /* existing state ID, make sure the sequence number matches. */ |
1837 |
- if (pnfs_layout_stateid_blocked(lo, &res->stateid)) { |
1838 |
- dprintk("%s forget reply due to sequence\n", __func__); |
1839 |
-+ status = -EAGAIN; |
1840 |
- goto out_forget_reply; |
1841 |
- } |
1842 |
- pnfs_set_layout_stateid(lo, &res->stateid, false); |
1843 |
-diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c |
1844 |
-index 0f1d569..0dea0c2 100644 |
1845 |
---- a/fs/nfsd/nfs4state.c |
1846 |
-+++ b/fs/nfsd/nfs4state.c |
1847 |
-@@ -765,16 +765,68 @@ void nfs4_unhash_stid(struct nfs4_stid *s) |
1848 |
- s->sc_type = 0; |
1849 |
- } |
1850 |
- |
1851 |
--static void |
1852 |
-+/** |
1853 |
-+ * nfs4_get_existing_delegation - Discover if this delegation already exists |
1854 |
-+ * @clp: a pointer to the nfs4_client we're granting a delegation to |
1855 |
-+ * @fp: a pointer to the nfs4_file we're granting a delegation on |
1856 |
-+ * |
1857 |
-+ * Return: |
1858 |
-+ * On success: NULL if an existing delegation was not found. |
1859 |
-+ * |
1860 |
-+ * On error: -EAGAIN if one was previously granted to this nfs4_client |
1861 |
-+ * for this nfs4_file. |
1862 |
-+ * |
1863 |
-+ */ |
1864 |
-+ |
1865 |
-+static int |
1866 |
-+nfs4_get_existing_delegation(struct nfs4_client *clp, struct nfs4_file *fp) |
1867 |
-+{ |
1868 |
-+ struct nfs4_delegation *searchdp = NULL; |
1869 |
-+ struct nfs4_client *searchclp = NULL; |
1870 |
-+ |
1871 |
-+ lockdep_assert_held(&state_lock); |
1872 |
-+ lockdep_assert_held(&fp->fi_lock); |
1873 |
-+ |
1874 |
-+ list_for_each_entry(searchdp, &fp->fi_delegations, dl_perfile) { |
1875 |
-+ searchclp = searchdp->dl_stid.sc_client; |
1876 |
-+ if (clp == searchclp) { |
1877 |
-+ return -EAGAIN; |
1878 |
-+ } |
1879 |
-+ } |
1880 |
-+ return 0; |
1881 |
-+} |
1882 |
-+ |
1883 |
-+/** |
1884 |
-+ * hash_delegation_locked - Add a delegation to the appropriate lists |
1885 |
-+ * @dp: a pointer to the nfs4_delegation we are adding. |
1886 |
-+ * @fp: a pointer to the nfs4_file we're granting a delegation on |
1887 |
-+ * |
1888 |
-+ * Return: |
1889 |
-+ * On success: NULL if the delegation was successfully hashed. |
1890 |
-+ * |
1891 |
-+ * On error: -EAGAIN if one was previously granted to this |
1892 |
-+ * nfs4_client for this nfs4_file. Delegation is not hashed. |
1893 |
-+ * |
1894 |
-+ */ |
1895 |
-+ |
1896 |
-+static int |
1897 |
- hash_delegation_locked(struct nfs4_delegation *dp, struct nfs4_file *fp) |
1898 |
- { |
1899 |
-+ int status; |
1900 |
-+ struct nfs4_client *clp = dp->dl_stid.sc_client; |
1901 |
-+ |
1902 |
- lockdep_assert_held(&state_lock); |
1903 |
- lockdep_assert_held(&fp->fi_lock); |
1904 |
- |
1905 |
-+ status = nfs4_get_existing_delegation(clp, fp); |
1906 |
-+ if (status) |
1907 |
-+ return status; |
1908 |
-+ ++fp->fi_delegees; |
1909 |
- atomic_inc(&dp->dl_stid.sc_count); |
1910 |
- dp->dl_stid.sc_type = NFS4_DELEG_STID; |
1911 |
- list_add(&dp->dl_perfile, &fp->fi_delegations); |
1912 |
-- list_add(&dp->dl_perclnt, &dp->dl_stid.sc_client->cl_delegations); |
1913 |
-+ list_add(&dp->dl_perclnt, &clp->cl_delegations); |
1914 |
-+ return 0; |
1915 |
- } |
1916 |
- |
1917 |
- static bool |
1918 |
-@@ -3360,6 +3412,7 @@ static void init_open_stateid(struct nfs4_ol_stateid *stp, struct nfs4_file *fp, |
1919 |
- stp->st_access_bmap = 0; |
1920 |
- stp->st_deny_bmap = 0; |
1921 |
- stp->st_openstp = NULL; |
1922 |
-+ init_rwsem(&stp->st_rwsem); |
1923 |
- spin_lock(&oo->oo_owner.so_client->cl_lock); |
1924 |
- list_add(&stp->st_perstateowner, &oo->oo_owner.so_stateids); |
1925 |
- spin_lock(&fp->fi_lock); |
1926 |
-@@ -3945,6 +3998,18 @@ static struct file_lock *nfs4_alloc_init_lease(struct nfs4_file *fp, int flag) |
1927 |
- return fl; |
1928 |
- } |
1929 |
- |
1930 |
-+/** |
1931 |
-+ * nfs4_setlease - Obtain a delegation by requesting lease from vfs layer |
1932 |
-+ * @dp: a pointer to the nfs4_delegation we're adding. |
1933 |
-+ * |
1934 |
-+ * Return: |
1935 |
-+ * On success: Return code will be 0 on success. |
1936 |
-+ * |
1937 |
-+ * On error: -EAGAIN if there was an existing delegation. |
1938 |
-+ * nonzero if there is an error in other cases. |
1939 |
-+ * |
1940 |
-+ */ |
1941 |
-+ |
1942 |
- static int nfs4_setlease(struct nfs4_delegation *dp) |
1943 |
- { |
1944 |
- struct nfs4_file *fp = dp->dl_stid.sc_file; |
1945 |
-@@ -3976,16 +4041,19 @@ static int nfs4_setlease(struct nfs4_delegation *dp) |
1946 |
- goto out_unlock; |
1947 |
- /* Race breaker */ |
1948 |
- if (fp->fi_deleg_file) { |
1949 |
-- status = 0; |
1950 |
-- ++fp->fi_delegees; |
1951 |
-- hash_delegation_locked(dp, fp); |
1952 |
-+ status = hash_delegation_locked(dp, fp); |
1953 |
- goto out_unlock; |
1954 |
- } |
1955 |
- fp->fi_deleg_file = filp; |
1956 |
-- fp->fi_delegees = 1; |
1957 |
-- hash_delegation_locked(dp, fp); |
1958 |
-+ fp->fi_delegees = 0; |
1959 |
-+ status = hash_delegation_locked(dp, fp); |
1960 |
- spin_unlock(&fp->fi_lock); |
1961 |
- spin_unlock(&state_lock); |
1962 |
-+ if (status) { |
1963 |
-+ /* Should never happen, this is a new fi_deleg_file */ |
1964 |
-+ WARN_ON_ONCE(1); |
1965 |
-+ goto out_fput; |
1966 |
-+ } |
1967 |
- return 0; |
1968 |
- out_unlock: |
1969 |
- spin_unlock(&fp->fi_lock); |
1970 |
-@@ -4005,6 +4073,15 @@ nfs4_set_delegation(struct nfs4_client *clp, struct svc_fh *fh, |
1971 |
- if (fp->fi_had_conflict) |
1972 |
- return ERR_PTR(-EAGAIN); |
1973 |
- |
1974 |
-+ spin_lock(&state_lock); |
1975 |
-+ spin_lock(&fp->fi_lock); |
1976 |
-+ status = nfs4_get_existing_delegation(clp, fp); |
1977 |
-+ spin_unlock(&fp->fi_lock); |
1978 |
-+ spin_unlock(&state_lock); |
1979 |
-+ |
1980 |
-+ if (status) |
1981 |
-+ return ERR_PTR(status); |
1982 |
-+ |
1983 |
- dp = alloc_init_deleg(clp, fh, odstate); |
1984 |
- if (!dp) |
1985 |
- return ERR_PTR(-ENOMEM); |
1986 |
-@@ -4023,9 +4100,7 @@ nfs4_set_delegation(struct nfs4_client *clp, struct svc_fh *fh, |
1987 |
- status = -EAGAIN; |
1988 |
- goto out_unlock; |
1989 |
- } |
1990 |
-- ++fp->fi_delegees; |
1991 |
-- hash_delegation_locked(dp, fp); |
1992 |
-- status = 0; |
1993 |
-+ status = hash_delegation_locked(dp, fp); |
1994 |
- out_unlock: |
1995 |
- spin_unlock(&fp->fi_lock); |
1996 |
- spin_unlock(&state_lock); |
1997 |
-@@ -4187,15 +4262,20 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf |
1998 |
- */ |
1999 |
- if (stp) { |
2000 |
- /* Stateid was found, this is an OPEN upgrade */ |
2001 |
-+ down_read(&stp->st_rwsem); |
2002 |
- status = nfs4_upgrade_open(rqstp, fp, current_fh, stp, open); |
2003 |
-- if (status) |
2004 |
-+ if (status) { |
2005 |
-+ up_read(&stp->st_rwsem); |
2006 |
- goto out; |
2007 |
-+ } |
2008 |
- } else { |
2009 |
- stp = open->op_stp; |
2010 |
- open->op_stp = NULL; |
2011 |
- init_open_stateid(stp, fp, open); |
2012 |
-+ down_read(&stp->st_rwsem); |
2013 |
- status = nfs4_get_vfs_file(rqstp, fp, current_fh, stp, open); |
2014 |
- if (status) { |
2015 |
-+ up_read(&stp->st_rwsem); |
2016 |
- release_open_stateid(stp); |
2017 |
- goto out; |
2018 |
- } |
2019 |
-@@ -4207,6 +4287,7 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf |
2020 |
- } |
2021 |
- update_stateid(&stp->st_stid.sc_stateid); |
2022 |
- memcpy(&open->op_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t)); |
2023 |
-+ up_read(&stp->st_rwsem); |
2024 |
- |
2025 |
- if (nfsd4_has_session(&resp->cstate)) { |
2026 |
- if (open->op_deleg_want & NFS4_SHARE_WANT_NO_DELEG) { |
2027 |
-@@ -4819,10 +4900,13 @@ static __be32 nfs4_seqid_op_checks(struct nfsd4_compound_state *cstate, stateid_ |
2028 |
- * revoked delegations are kept only for free_stateid. |
2029 |
- */ |
2030 |
- return nfserr_bad_stateid; |
2031 |
-+ down_write(&stp->st_rwsem); |
2032 |
- status = check_stateid_generation(stateid, &stp->st_stid.sc_stateid, nfsd4_has_session(cstate)); |
2033 |
-- if (status) |
2034 |
-- return status; |
2035 |
-- return nfs4_check_fh(current_fh, &stp->st_stid); |
2036 |
-+ if (status == nfs_ok) |
2037 |
-+ status = nfs4_check_fh(current_fh, &stp->st_stid); |
2038 |
-+ if (status != nfs_ok) |
2039 |
-+ up_write(&stp->st_rwsem); |
2040 |
-+ return status; |
2041 |
- } |
2042 |
- |
2043 |
- /* |
2044 |
-@@ -4869,6 +4953,7 @@ static __be32 nfs4_preprocess_confirmed_seqid_op(struct nfsd4_compound_state *cs |
2045 |
- return status; |
2046 |
- oo = openowner(stp->st_stateowner); |
2047 |
- if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { |
2048 |
-+ up_write(&stp->st_rwsem); |
2049 |
- nfs4_put_stid(&stp->st_stid); |
2050 |
- return nfserr_bad_stateid; |
2051 |
- } |
2052 |
-@@ -4899,11 +4984,14 @@ nfsd4_open_confirm(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, |
2053 |
- goto out; |
2054 |
- oo = openowner(stp->st_stateowner); |
2055 |
- status = nfserr_bad_stateid; |
2056 |
-- if (oo->oo_flags & NFS4_OO_CONFIRMED) |
2057 |
-+ if (oo->oo_flags & NFS4_OO_CONFIRMED) { |
2058 |
-+ up_write(&stp->st_rwsem); |
2059 |
- goto put_stateid; |
2060 |
-+ } |
2061 |
- oo->oo_flags |= NFS4_OO_CONFIRMED; |
2062 |
- update_stateid(&stp->st_stid.sc_stateid); |
2063 |
- memcpy(&oc->oc_resp_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t)); |
2064 |
-+ up_write(&stp->st_rwsem); |
2065 |
- dprintk("NFSD: %s: success, seqid=%d stateid=" STATEID_FMT "\n", |
2066 |
- __func__, oc->oc_seqid, STATEID_VAL(&stp->st_stid.sc_stateid)); |
2067 |
- |
2068 |
-@@ -4982,6 +5070,7 @@ nfsd4_open_downgrade(struct svc_rqst *rqstp, |
2069 |
- memcpy(&od->od_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t)); |
2070 |
- status = nfs_ok; |
2071 |
- put_stateid: |
2072 |
-+ up_write(&stp->st_rwsem); |
2073 |
- nfs4_put_stid(&stp->st_stid); |
2074 |
- out: |
2075 |
- nfsd4_bump_seqid(cstate, status); |
2076 |
-@@ -5035,6 +5124,7 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, |
2077 |
- goto out; |
2078 |
- update_stateid(&stp->st_stid.sc_stateid); |
2079 |
- memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t)); |
2080 |
-+ up_write(&stp->st_rwsem); |
2081 |
- |
2082 |
- nfsd4_close_open_stateid(stp); |
2083 |
- |
2084 |
-@@ -5260,6 +5350,7 @@ init_lock_stateid(struct nfs4_ol_stateid *stp, struct nfs4_lockowner *lo, |
2085 |
- stp->st_access_bmap = 0; |
2086 |
- stp->st_deny_bmap = open_stp->st_deny_bmap; |
2087 |
- stp->st_openstp = open_stp; |
2088 |
-+ init_rwsem(&stp->st_rwsem); |
2089 |
- list_add(&stp->st_locks, &open_stp->st_locks); |
2090 |
- list_add(&stp->st_perstateowner, &lo->lo_owner.so_stateids); |
2091 |
- spin_lock(&fp->fi_lock); |
2092 |
-@@ -5428,6 +5519,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, |
2093 |
- &open_stp, nn); |
2094 |
- if (status) |
2095 |
- goto out; |
2096 |
-+ up_write(&open_stp->st_rwsem); |
2097 |
- open_sop = openowner(open_stp->st_stateowner); |
2098 |
- status = nfserr_bad_stateid; |
2099 |
- if (!same_clid(&open_sop->oo_owner.so_client->cl_clientid, |
2100 |
-@@ -5435,6 +5527,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, |
2101 |
- goto out; |
2102 |
- status = lookup_or_create_lock_state(cstate, open_stp, lock, |
2103 |
- &lock_stp, &new); |
2104 |
-+ if (status == nfs_ok) |
2105 |
-+ down_write(&lock_stp->st_rwsem); |
2106 |
- } else { |
2107 |
- status = nfs4_preprocess_seqid_op(cstate, |
2108 |
- lock->lk_old_lock_seqid, |
2109 |
-@@ -5540,6 +5634,8 @@ out: |
2110 |
- seqid_mutating_err(ntohl(status))) |
2111 |
- lock_sop->lo_owner.so_seqid++; |
2112 |
- |
2113 |
-+ up_write(&lock_stp->st_rwsem); |
2114 |
-+ |
2115 |
- /* |
2116 |
- * If this is a new, never-before-used stateid, and we are |
2117 |
- * returning an error, then just go ahead and release it. |
2118 |
-@@ -5709,6 +5805,7 @@ nfsd4_locku(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, |
2119 |
- fput: |
2120 |
- fput(filp); |
2121 |
- put_stateid: |
2122 |
-+ up_write(&stp->st_rwsem); |
2123 |
- nfs4_put_stid(&stp->st_stid); |
2124 |
- out: |
2125 |
- nfsd4_bump_seqid(cstate, status); |
2126 |
-diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h |
2127 |
-index 583ffc1..31bde12 100644 |
2128 |
---- a/fs/nfsd/state.h |
2129 |
-+++ b/fs/nfsd/state.h |
2130 |
-@@ -534,15 +534,16 @@ struct nfs4_file { |
2131 |
- * Better suggestions welcome. |
2132 |
- */ |
2133 |
- struct nfs4_ol_stateid { |
2134 |
-- struct nfs4_stid st_stid; /* must be first field */ |
2135 |
-- struct list_head st_perfile; |
2136 |
-- struct list_head st_perstateowner; |
2137 |
-- struct list_head st_locks; |
2138 |
-- struct nfs4_stateowner * st_stateowner; |
2139 |
-- struct nfs4_clnt_odstate * st_clnt_odstate; |
2140 |
-- unsigned char st_access_bmap; |
2141 |
-- unsigned char st_deny_bmap; |
2142 |
-- struct nfs4_ol_stateid * st_openstp; |
2143 |
-+ struct nfs4_stid st_stid; |
2144 |
-+ struct list_head st_perfile; |
2145 |
-+ struct list_head st_perstateowner; |
2146 |
-+ struct list_head st_locks; |
2147 |
-+ struct nfs4_stateowner *st_stateowner; |
2148 |
-+ struct nfs4_clnt_odstate *st_clnt_odstate; |
2149 |
-+ unsigned char st_access_bmap; |
2150 |
-+ unsigned char st_deny_bmap; |
2151 |
-+ struct nfs4_ol_stateid *st_openstp; |
2152 |
-+ struct rw_semaphore st_rwsem; |
2153 |
- }; |
2154 |
- |
2155 |
- static inline struct nfs4_ol_stateid *openlockstateid(struct nfs4_stid *s) |
2156 |
-diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c |
2157 |
-index b7dfac2..12bfa9c 100644 |
2158 |
---- a/fs/ocfs2/namei.c |
2159 |
-+++ b/fs/ocfs2/namei.c |
2160 |
-@@ -374,6 +374,8 @@ static int ocfs2_mknod(struct inode *dir, |
2161 |
- mlog_errno(status); |
2162 |
- goto leave; |
2163 |
- } |
2164 |
-+ /* update inode->i_mode after mask with "umask". */ |
2165 |
-+ inode->i_mode = mode; |
2166 |
- |
2167 |
- handle = ocfs2_start_trans(osb, ocfs2_mknod_credits(osb->sb, |
2168 |
- S_ISDIR(mode), |
2169 |
-diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h |
2170 |
-index f1f32af..3e4ff3f 100644 |
2171 |
---- a/include/linux/ipv6.h |
2172 |
-+++ b/include/linux/ipv6.h |
2173 |
-@@ -227,7 +227,7 @@ struct ipv6_pinfo { |
2174 |
- struct ipv6_ac_socklist *ipv6_ac_list; |
2175 |
- struct ipv6_fl_socklist __rcu *ipv6_fl_list; |
2176 |
- |
2177 |
-- struct ipv6_txoptions *opt; |
2178 |
-+ struct ipv6_txoptions __rcu *opt; |
2179 |
- struct sk_buff *pktoptions; |
2180 |
- struct sk_buff *rxpmtu; |
2181 |
- struct inet6_cork cork; |
2182 |
-diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h |
2183 |
-index df07e78..1abeb82 100644 |
2184 |
---- a/include/linux/jbd2.h |
2185 |
-+++ b/include/linux/jbd2.h |
2186 |
-@@ -1046,6 +1046,7 @@ struct journal_s |
2187 |
- #define JBD2_ABORT_ON_SYNCDATA_ERR 0x040 /* Abort the journal on file |
2188 |
- * data write error in ordered |
2189 |
- * mode */ |
2190 |
-+#define JBD2_REC_ERR 0x080 /* The errno in the sb has been recorded */ |
2191 |
- |
2192 |
- /* |
2193 |
- * Function declarations for the journaling transaction and buffer |
2194 |
-diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h |
2195 |
-index dd20974..1565324 100644 |
2196 |
---- a/include/linux/mlx5/mlx5_ifc.h |
2197 |
-+++ b/include/linux/mlx5/mlx5_ifc.h |
2198 |
-@@ -453,26 +453,28 @@ struct mlx5_ifc_per_protocol_networking_offload_caps_bits { |
2199 |
- u8 lro_cap[0x1]; |
2200 |
- u8 lro_psh_flag[0x1]; |
2201 |
- u8 lro_time_stamp[0x1]; |
2202 |
-- u8 reserved_0[0x6]; |
2203 |
-+ u8 reserved_0[0x3]; |
2204 |
-+ u8 self_lb_en_modifiable[0x1]; |
2205 |
-+ u8 reserved_1[0x2]; |
2206 |
- u8 max_lso_cap[0x5]; |
2207 |
-- u8 reserved_1[0x4]; |
2208 |
-+ u8 reserved_2[0x4]; |
2209 |
- u8 rss_ind_tbl_cap[0x4]; |
2210 |
-- u8 reserved_2[0x3]; |
2211 |
-+ u8 reserved_3[0x3]; |
2212 |
- u8 tunnel_lso_const_out_ip_id[0x1]; |
2213 |
-- u8 reserved_3[0x2]; |
2214 |
-+ u8 reserved_4[0x2]; |
2215 |
- u8 tunnel_statless_gre[0x1]; |
2216 |
- u8 tunnel_stateless_vxlan[0x1]; |
2217 |
- |
2218 |
-- u8 reserved_4[0x20]; |
2219 |
-+ u8 reserved_5[0x20]; |
2220 |
- |
2221 |
-- u8 reserved_5[0x10]; |
2222 |
-+ u8 reserved_6[0x10]; |
2223 |
- u8 lro_min_mss_size[0x10]; |
2224 |
- |
2225 |
-- u8 reserved_6[0x120]; |
2226 |
-+ u8 reserved_7[0x120]; |
2227 |
- |
2228 |
- u8 lro_timer_supported_periods[4][0x20]; |
2229 |
- |
2230 |
-- u8 reserved_7[0x600]; |
2231 |
-+ u8 reserved_8[0x600]; |
2232 |
- }; |
2233 |
- |
2234 |
- struct mlx5_ifc_roce_cap_bits { |
2235 |
-@@ -4051,9 +4053,11 @@ struct mlx5_ifc_modify_tis_in_bits { |
2236 |
- }; |
2237 |
- |
2238 |
- struct mlx5_ifc_modify_tir_bitmask_bits { |
2239 |
-- u8 reserved[0x20]; |
2240 |
-+ u8 reserved_0[0x20]; |
2241 |
- |
2242 |
-- u8 reserved1[0x1f]; |
2243 |
-+ u8 reserved_1[0x1b]; |
2244 |
-+ u8 self_lb_en[0x1]; |
2245 |
-+ u8 reserved_2[0x3]; |
2246 |
- u8 lro[0x1]; |
2247 |
- }; |
2248 |
- |
2249 |
-diff --git a/include/net/af_unix.h b/include/net/af_unix.h |
2250 |
-index b36d837..2a91a05 100644 |
2251 |
---- a/include/net/af_unix.h |
2252 |
-+++ b/include/net/af_unix.h |
2253 |
-@@ -62,6 +62,7 @@ struct unix_sock { |
2254 |
- #define UNIX_GC_CANDIDATE 0 |
2255 |
- #define UNIX_GC_MAYBE_CYCLE 1 |
2256 |
- struct socket_wq peer_wq; |
2257 |
-+ wait_queue_t peer_wake; |
2258 |
- }; |
2259 |
- |
2260 |
- static inline struct unix_sock *unix_sk(const struct sock *sk) |
2261 |
-diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h |
2262 |
-index aaf9700..fb961a5 100644 |
2263 |
---- a/include/net/ip6_fib.h |
2264 |
-+++ b/include/net/ip6_fib.h |
2265 |
-@@ -167,7 +167,8 @@ static inline void rt6_update_expires(struct rt6_info *rt0, int timeout) |
2266 |
- |
2267 |
- static inline u32 rt6_get_cookie(const struct rt6_info *rt) |
2268 |
- { |
2269 |
-- if (rt->rt6i_flags & RTF_PCPU || unlikely(rt->dst.flags & DST_NOCACHE)) |
2270 |
-+ if (rt->rt6i_flags & RTF_PCPU || |
2271 |
-+ (unlikely(rt->dst.flags & DST_NOCACHE) && rt->dst.from)) |
2272 |
- rt = (struct rt6_info *)(rt->dst.from); |
2273 |
- |
2274 |
- return rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; |
2275 |
-diff --git a/include/net/ip6_tunnel.h b/include/net/ip6_tunnel.h |
2276 |
-index fa915fa..d49a8f8 100644 |
2277 |
---- a/include/net/ip6_tunnel.h |
2278 |
-+++ b/include/net/ip6_tunnel.h |
2279 |
-@@ -90,11 +90,12 @@ static inline void ip6tunnel_xmit(struct sock *sk, struct sk_buff *skb, |
2280 |
- err = ip6_local_out_sk(sk, skb); |
2281 |
- |
2282 |
- if (net_xmit_eval(err) == 0) { |
2283 |
-- struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats); |
2284 |
-+ struct pcpu_sw_netstats *tstats = get_cpu_ptr(dev->tstats); |
2285 |
- u64_stats_update_begin(&tstats->syncp); |
2286 |
- tstats->tx_bytes += pkt_len; |
2287 |
- tstats->tx_packets++; |
2288 |
- u64_stats_update_end(&tstats->syncp); |
2289 |
-+ put_cpu_ptr(tstats); |
2290 |
- } else { |
2291 |
- stats->tx_errors++; |
2292 |
- stats->tx_aborted_errors++; |
2293 |
-diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h |
2294 |
-index f6dafec..62a750a 100644 |
2295 |
---- a/include/net/ip_tunnels.h |
2296 |
-+++ b/include/net/ip_tunnels.h |
2297 |
-@@ -287,12 +287,13 @@ static inline void iptunnel_xmit_stats(int err, |
2298 |
- struct pcpu_sw_netstats __percpu *stats) |
2299 |
- { |
2300 |
- if (err > 0) { |
2301 |
-- struct pcpu_sw_netstats *tstats = this_cpu_ptr(stats); |
2302 |
-+ struct pcpu_sw_netstats *tstats = get_cpu_ptr(stats); |
2303 |
- |
2304 |
- u64_stats_update_begin(&tstats->syncp); |
2305 |
- tstats->tx_bytes += err; |
2306 |
- tstats->tx_packets++; |
2307 |
- u64_stats_update_end(&tstats->syncp); |
2308 |
-+ put_cpu_ptr(tstats); |
2309 |
- } else if (err < 0) { |
2310 |
- err_stats->tx_errors++; |
2311 |
- err_stats->tx_aborted_errors++; |
2312 |
-diff --git a/include/net/ipv6.h b/include/net/ipv6.h |
2313 |
-index 711cca4..b14e158 100644 |
2314 |
---- a/include/net/ipv6.h |
2315 |
-+++ b/include/net/ipv6.h |
2316 |
-@@ -205,6 +205,7 @@ extern rwlock_t ip6_ra_lock; |
2317 |
- */ |
2318 |
- |
2319 |
- struct ipv6_txoptions { |
2320 |
-+ atomic_t refcnt; |
2321 |
- /* Length of this structure */ |
2322 |
- int tot_len; |
2323 |
- |
2324 |
-@@ -217,7 +218,7 @@ struct ipv6_txoptions { |
2325 |
- struct ipv6_opt_hdr *dst0opt; |
2326 |
- struct ipv6_rt_hdr *srcrt; /* Routing Header */ |
2327 |
- struct ipv6_opt_hdr *dst1opt; |
2328 |
-- |
2329 |
-+ struct rcu_head rcu; |
2330 |
- /* Option buffer, as read by IPV6_PKTOPTIONS, starts here. */ |
2331 |
- }; |
2332 |
- |
2333 |
-@@ -252,6 +253,24 @@ struct ipv6_fl_socklist { |
2334 |
- struct rcu_head rcu; |
2335 |
- }; |
2336 |
- |
2337 |
-+static inline struct ipv6_txoptions *txopt_get(const struct ipv6_pinfo *np) |
2338 |
-+{ |
2339 |
-+ struct ipv6_txoptions *opt; |
2340 |
-+ |
2341 |
-+ rcu_read_lock(); |
2342 |
-+ opt = rcu_dereference(np->opt); |
2343 |
-+ if (opt && !atomic_inc_not_zero(&opt->refcnt)) |
2344 |
-+ opt = NULL; |
2345 |
-+ rcu_read_unlock(); |
2346 |
-+ return opt; |
2347 |
-+} |
2348 |
-+ |
2349 |
-+static inline void txopt_put(struct ipv6_txoptions *opt) |
2350 |
-+{ |
2351 |
-+ if (opt && atomic_dec_and_test(&opt->refcnt)) |
2352 |
-+ kfree_rcu(opt, rcu); |
2353 |
-+} |
2354 |
-+ |
2355 |
- struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, __be32 label); |
2356 |
- struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions *opt_space, |
2357 |
- struct ip6_flowlabel *fl, |
2358 |
-@@ -490,6 +509,7 @@ struct ip6_create_arg { |
2359 |
- u32 user; |
2360 |
- const struct in6_addr *src; |
2361 |
- const struct in6_addr *dst; |
2362 |
-+ int iif; |
2363 |
- u8 ecn; |
2364 |
- }; |
2365 |
- |
2366 |
-diff --git a/include/net/ndisc.h b/include/net/ndisc.h |
2367 |
-index aba5695..b3a7751 100644 |
2368 |
---- a/include/net/ndisc.h |
2369 |
-+++ b/include/net/ndisc.h |
2370 |
-@@ -182,8 +182,7 @@ int ndisc_rcv(struct sk_buff *skb); |
2371 |
- |
2372 |
- void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, |
2373 |
- const struct in6_addr *solicit, |
2374 |
-- const struct in6_addr *daddr, const struct in6_addr *saddr, |
2375 |
-- struct sk_buff *oskb); |
2376 |
-+ const struct in6_addr *daddr, const struct in6_addr *saddr); |
2377 |
- |
2378 |
- void ndisc_send_rs(struct net_device *dev, |
2379 |
- const struct in6_addr *saddr, const struct in6_addr *daddr); |
2380 |
-diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h |
2381 |
-index 444faa8..f1ad8f8 100644 |
2382 |
---- a/include/net/sch_generic.h |
2383 |
-+++ b/include/net/sch_generic.h |
2384 |
-@@ -61,6 +61,9 @@ struct Qdisc { |
2385 |
- */ |
2386 |
- #define TCQ_F_WARN_NONWC (1 << 16) |
2387 |
- #define TCQ_F_CPUSTATS 0x20 /* run using percpu statistics */ |
2388 |
-+#define TCQ_F_NOPARENT 0x40 /* root of its hierarchy : |
2389 |
-+ * qdisc_tree_decrease_qlen() should stop. |
2390 |
-+ */ |
2391 |
- u32 limit; |
2392 |
- const struct Qdisc_ops *ops; |
2393 |
- struct qdisc_size_table __rcu *stab; |
2394 |
-diff --git a/include/net/switchdev.h b/include/net/switchdev.h |
2395 |
-index 319baab..731c40e 100644 |
2396 |
---- a/include/net/switchdev.h |
2397 |
-+++ b/include/net/switchdev.h |
2398 |
-@@ -272,7 +272,7 @@ static inline int switchdev_port_fdb_dump(struct sk_buff *skb, |
2399 |
- struct net_device *filter_dev, |
2400 |
- int idx) |
2401 |
- { |
2402 |
-- return -EOPNOTSUPP; |
2403 |
-+ return idx; |
2404 |
- } |
2405 |
- |
2406 |
- static inline void switchdev_port_fwd_mark_set(struct net_device *dev, |
2407 |
-diff --git a/kernel/.gitignore b/kernel/.gitignore |
2408 |
-index 790d83c..b3097bd 100644 |
2409 |
---- a/kernel/.gitignore |
2410 |
-+++ b/kernel/.gitignore |
2411 |
-@@ -5,4 +5,3 @@ config_data.h |
2412 |
- config_data.gz |
2413 |
- timeconst.h |
2414 |
- hz.bc |
2415 |
--x509_certificate_list |
2416 |
-diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c |
2417 |
-index 29ace10..7a0decf 100644 |
2418 |
---- a/kernel/bpf/arraymap.c |
2419 |
-+++ b/kernel/bpf/arraymap.c |
2420 |
-@@ -104,7 +104,7 @@ static int array_map_update_elem(struct bpf_map *map, void *key, void *value, |
2421 |
- /* all elements already exist */ |
2422 |
- return -EEXIST; |
2423 |
- |
2424 |
-- memcpy(array->value + array->elem_size * index, value, array->elem_size); |
2425 |
-+ memcpy(array->value + array->elem_size * index, value, map->value_size); |
2426 |
- return 0; |
2427 |
- } |
2428 |
- |
2429 |
-diff --git a/net/core/neighbour.c b/net/core/neighbour.c |
2430 |
-index 2b515ba..c169bba 100644 |
2431 |
---- a/net/core/neighbour.c |
2432 |
-+++ b/net/core/neighbour.c |
2433 |
-@@ -2215,7 +2215,7 @@ static int pneigh_fill_info(struct sk_buff *skb, struct pneigh_entry *pn, |
2434 |
- ndm->ndm_pad2 = 0; |
2435 |
- ndm->ndm_flags = pn->flags | NTF_PROXY; |
2436 |
- ndm->ndm_type = RTN_UNICAST; |
2437 |
-- ndm->ndm_ifindex = pn->dev->ifindex; |
2438 |
-+ ndm->ndm_ifindex = pn->dev ? pn->dev->ifindex : 0; |
2439 |
- ndm->ndm_state = NUD_NONE; |
2440 |
- |
2441 |
- if (nla_put(skb, NDA_DST, tbl->key_len, pn->key)) |
2442 |
-@@ -2290,7 +2290,7 @@ static int pneigh_dump_table(struct neigh_table *tbl, struct sk_buff *skb, |
2443 |
- if (h > s_h) |
2444 |
- s_idx = 0; |
2445 |
- for (n = tbl->phash_buckets[h], idx = 0; n; n = n->next) { |
2446 |
-- if (dev_net(n->dev) != net) |
2447 |
-+ if (pneigh_net(n) != net) |
2448 |
- continue; |
2449 |
- if (idx < s_idx) |
2450 |
- goto next; |
2451 |
-diff --git a/net/core/scm.c b/net/core/scm.c |
2452 |
-index 3b6899b..8a1741b 100644 |
2453 |
---- a/net/core/scm.c |
2454 |
-+++ b/net/core/scm.c |
2455 |
-@@ -305,6 +305,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) |
2456 |
- err = put_user(cmlen, &cm->cmsg_len); |
2457 |
- if (!err) { |
2458 |
- cmlen = CMSG_SPACE(i*sizeof(int)); |
2459 |
-+ if (msg->msg_controllen < cmlen) |
2460 |
-+ cmlen = msg->msg_controllen; |
2461 |
- msg->msg_control += cmlen; |
2462 |
- msg->msg_controllen -= cmlen; |
2463 |
- } |
2464 |
-diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c |
2465 |
-index 5165571..a049050 100644 |
2466 |
---- a/net/dccp/ipv6.c |
2467 |
-+++ b/net/dccp/ipv6.c |
2468 |
-@@ -202,7 +202,9 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req) |
2469 |
- security_req_classify_flow(req, flowi6_to_flowi(&fl6)); |
2470 |
- |
2471 |
- |
2472 |
-- final_p = fl6_update_dst(&fl6, np->opt, &final); |
2473 |
-+ rcu_read_lock(); |
2474 |
-+ final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final); |
2475 |
-+ rcu_read_unlock(); |
2476 |
- |
2477 |
- dst = ip6_dst_lookup_flow(sk, &fl6, final_p); |
2478 |
- if (IS_ERR(dst)) { |
2479 |
-@@ -219,7 +221,10 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req) |
2480 |
- &ireq->ir_v6_loc_addr, |
2481 |
- &ireq->ir_v6_rmt_addr); |
2482 |
- fl6.daddr = ireq->ir_v6_rmt_addr; |
2483 |
-- err = ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); |
2484 |
-+ rcu_read_lock(); |
2485 |
-+ err = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt), |
2486 |
-+ np->tclass); |
2487 |
-+ rcu_read_unlock(); |
2488 |
- err = net_xmit_eval(err); |
2489 |
- } |
2490 |
- |
2491 |
-@@ -415,6 +420,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, |
2492 |
- { |
2493 |
- struct inet_request_sock *ireq = inet_rsk(req); |
2494 |
- struct ipv6_pinfo *newnp, *np = inet6_sk(sk); |
2495 |
-+ struct ipv6_txoptions *opt; |
2496 |
- struct inet_sock *newinet; |
2497 |
- struct dccp6_sock *newdp6; |
2498 |
- struct sock *newsk; |
2499 |
-@@ -534,13 +540,15 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, |
2500 |
- * Yes, keeping reference count would be much more clever, but we make |
2501 |
- * one more one thing there: reattach optmem to newsk. |
2502 |
- */ |
2503 |
-- if (np->opt != NULL) |
2504 |
-- newnp->opt = ipv6_dup_options(newsk, np->opt); |
2505 |
-- |
2506 |
-+ opt = rcu_dereference(np->opt); |
2507 |
-+ if (opt) { |
2508 |
-+ opt = ipv6_dup_options(newsk, opt); |
2509 |
-+ RCU_INIT_POINTER(newnp->opt, opt); |
2510 |
-+ } |
2511 |
- inet_csk(newsk)->icsk_ext_hdr_len = 0; |
2512 |
-- if (newnp->opt != NULL) |
2513 |
-- inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + |
2514 |
-- newnp->opt->opt_flen); |
2515 |
-+ if (opt) |
2516 |
-+ inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + |
2517 |
-+ opt->opt_flen; |
2518 |
- |
2519 |
- dccp_sync_mss(newsk, dst_mtu(dst)); |
2520 |
- |
2521 |
-@@ -793,6 +801,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, |
2522 |
- struct ipv6_pinfo *np = inet6_sk(sk); |
2523 |
- struct dccp_sock *dp = dccp_sk(sk); |
2524 |
- struct in6_addr *saddr = NULL, *final_p, final; |
2525 |
-+ struct ipv6_txoptions *opt; |
2526 |
- struct flowi6 fl6; |
2527 |
- struct dst_entry *dst; |
2528 |
- int addr_type; |
2529 |
-@@ -892,7 +901,8 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, |
2530 |
- fl6.fl6_sport = inet->inet_sport; |
2531 |
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); |
2532 |
- |
2533 |
-- final_p = fl6_update_dst(&fl6, np->opt, &final); |
2534 |
-+ opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); |
2535 |
-+ final_p = fl6_update_dst(&fl6, opt, &final); |
2536 |
- |
2537 |
- dst = ip6_dst_lookup_flow(sk, &fl6, final_p); |
2538 |
- if (IS_ERR(dst)) { |
2539 |
-@@ -912,9 +922,8 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, |
2540 |
- __ip6_dst_store(sk, dst, NULL, NULL); |
2541 |
- |
2542 |
- icsk->icsk_ext_hdr_len = 0; |
2543 |
-- if (np->opt != NULL) |
2544 |
-- icsk->icsk_ext_hdr_len = (np->opt->opt_flen + |
2545 |
-- np->opt->opt_nflen); |
2546 |
-+ if (opt) |
2547 |
-+ icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; |
2548 |
- |
2549 |
- inet->inet_dport = usin->sin6_port; |
2550 |
- |
2551 |
-diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
2552 |
-index 8e8203d..ef7e2c4 100644 |
2553 |
---- a/net/ipv4/ipmr.c |
2554 |
-+++ b/net/ipv4/ipmr.c |
2555 |
-@@ -134,7 +134,7 @@ static int __ipmr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb, |
2556 |
- struct mfc_cache *c, struct rtmsg *rtm); |
2557 |
- static void mroute_netlink_event(struct mr_table *mrt, struct mfc_cache *mfc, |
2558 |
- int cmd); |
2559 |
--static void mroute_clean_tables(struct mr_table *mrt); |
2560 |
-+static void mroute_clean_tables(struct mr_table *mrt, bool all); |
2561 |
- static void ipmr_expire_process(unsigned long arg); |
2562 |
- |
2563 |
- #ifdef CONFIG_IP_MROUTE_MULTIPLE_TABLES |
2564 |
-@@ -350,7 +350,7 @@ static struct mr_table *ipmr_new_table(struct net *net, u32 id) |
2565 |
- static void ipmr_free_table(struct mr_table *mrt) |
2566 |
- { |
2567 |
- del_timer_sync(&mrt->ipmr_expire_timer); |
2568 |
-- mroute_clean_tables(mrt); |
2569 |
-+ mroute_clean_tables(mrt, true); |
2570 |
- kfree(mrt); |
2571 |
- } |
2572 |
- |
2573 |
-@@ -1208,7 +1208,7 @@ static int ipmr_mfc_add(struct net *net, struct mr_table *mrt, |
2574 |
- * Close the multicast socket, and clear the vif tables etc |
2575 |
- */ |
2576 |
- |
2577 |
--static void mroute_clean_tables(struct mr_table *mrt) |
2578 |
-+static void mroute_clean_tables(struct mr_table *mrt, bool all) |
2579 |
- { |
2580 |
- int i; |
2581 |
- LIST_HEAD(list); |
2582 |
-@@ -1217,8 +1217,9 @@ static void mroute_clean_tables(struct mr_table *mrt) |
2583 |
- /* Shut down all active vif entries */ |
2584 |
- |
2585 |
- for (i = 0; i < mrt->maxvif; i++) { |
2586 |
-- if (!(mrt->vif_table[i].flags & VIFF_STATIC)) |
2587 |
-- vif_delete(mrt, i, 0, &list); |
2588 |
-+ if (!all && (mrt->vif_table[i].flags & VIFF_STATIC)) |
2589 |
-+ continue; |
2590 |
-+ vif_delete(mrt, i, 0, &list); |
2591 |
- } |
2592 |
- unregister_netdevice_many(&list); |
2593 |
- |
2594 |
-@@ -1226,7 +1227,7 @@ static void mroute_clean_tables(struct mr_table *mrt) |
2595 |
- |
2596 |
- for (i = 0; i < MFC_LINES; i++) { |
2597 |
- list_for_each_entry_safe(c, next, &mrt->mfc_cache_array[i], list) { |
2598 |
-- if (c->mfc_flags & MFC_STATIC) |
2599 |
-+ if (!all && (c->mfc_flags & MFC_STATIC)) |
2600 |
- continue; |
2601 |
- list_del_rcu(&c->list); |
2602 |
- mroute_netlink_event(mrt, c, RTM_DELROUTE); |
2603 |
-@@ -1261,7 +1262,7 @@ static void mrtsock_destruct(struct sock *sk) |
2604 |
- NETCONFA_IFINDEX_ALL, |
2605 |
- net->ipv4.devconf_all); |
2606 |
- RCU_INIT_POINTER(mrt->mroute_sk, NULL); |
2607 |
-- mroute_clean_tables(mrt); |
2608 |
-+ mroute_clean_tables(mrt, false); |
2609 |
- } |
2610 |
- } |
2611 |
- rtnl_unlock(); |
2612 |
-diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
2613 |
-index a8f515b..0a2b61d 100644 |
2614 |
---- a/net/ipv4/tcp_input.c |
2615 |
-+++ b/net/ipv4/tcp_input.c |
2616 |
-@@ -4457,19 +4457,34 @@ static int __must_check tcp_queue_rcv(struct sock *sk, struct sk_buff *skb, int |
2617 |
- int tcp_send_rcvq(struct sock *sk, struct msghdr *msg, size_t size) |
2618 |
- { |
2619 |
- struct sk_buff *skb; |
2620 |
-+ int err = -ENOMEM; |
2621 |
-+ int data_len = 0; |
2622 |
- bool fragstolen; |
2623 |
- |
2624 |
- if (size == 0) |
2625 |
- return 0; |
2626 |
- |
2627 |
-- skb = alloc_skb(size, sk->sk_allocation); |
2628 |
-+ if (size > PAGE_SIZE) { |
2629 |
-+ int npages = min_t(size_t, size >> PAGE_SHIFT, MAX_SKB_FRAGS); |
2630 |
-+ |
2631 |
-+ data_len = npages << PAGE_SHIFT; |
2632 |
-+ size = data_len + (size & ~PAGE_MASK); |
2633 |
-+ } |
2634 |
-+ skb = alloc_skb_with_frags(size - data_len, data_len, |
2635 |
-+ PAGE_ALLOC_COSTLY_ORDER, |
2636 |
-+ &err, sk->sk_allocation); |
2637 |
- if (!skb) |
2638 |
- goto err; |
2639 |
- |
2640 |
-+ skb_put(skb, size - data_len); |
2641 |
-+ skb->data_len = data_len; |
2642 |
-+ skb->len = size; |
2643 |
-+ |
2644 |
- if (tcp_try_rmem_schedule(sk, skb, skb->truesize)) |
2645 |
- goto err_free; |
2646 |
- |
2647 |
-- if (memcpy_from_msg(skb_put(skb, size), msg, size)) |
2648 |
-+ err = skb_copy_datagram_from_iter(skb, 0, &msg->msg_iter, size); |
2649 |
-+ if (err) |
2650 |
- goto err_free; |
2651 |
- |
2652 |
- TCP_SKB_CB(skb)->seq = tcp_sk(sk)->rcv_nxt; |
2653 |
-@@ -4485,7 +4500,8 @@ int tcp_send_rcvq(struct sock *sk, struct msghdr *msg, size_t size) |
2654 |
- err_free: |
2655 |
- kfree_skb(skb); |
2656 |
- err: |
2657 |
-- return -ENOMEM; |
2658 |
-+ return err; |
2659 |
-+ |
2660 |
- } |
2661 |
- |
2662 |
- static void tcp_data_queue(struct sock *sk, struct sk_buff *skb) |
2663 |
-@@ -5643,6 +5659,7 @@ discard: |
2664 |
- } |
2665 |
- |
2666 |
- tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1; |
2667 |
-+ tp->copied_seq = tp->rcv_nxt; |
2668 |
- tp->rcv_wup = TCP_SKB_CB(skb)->seq + 1; |
2669 |
- |
2670 |
- /* RFC1323: The window in SYN & SYN/ACK segments is |
2671 |
-diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
2672 |
-index 93898e0..a7739c8 100644 |
2673 |
---- a/net/ipv4/tcp_ipv4.c |
2674 |
-+++ b/net/ipv4/tcp_ipv4.c |
2675 |
-@@ -922,7 +922,8 @@ int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr, |
2676 |
- } |
2677 |
- |
2678 |
- md5sig = rcu_dereference_protected(tp->md5sig_info, |
2679 |
-- sock_owned_by_user(sk)); |
2680 |
-+ sock_owned_by_user(sk) || |
2681 |
-+ lockdep_is_held(&sk->sk_lock.slock)); |
2682 |
- if (!md5sig) { |
2683 |
- md5sig = kmalloc(sizeof(*md5sig), gfp); |
2684 |
- if (!md5sig) |
2685 |
-diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c |
2686 |
-index 7149ebc..04f0a05 100644 |
2687 |
---- a/net/ipv4/tcp_timer.c |
2688 |
-+++ b/net/ipv4/tcp_timer.c |
2689 |
-@@ -176,6 +176,18 @@ static int tcp_write_timeout(struct sock *sk) |
2690 |
- syn_set = true; |
2691 |
- } else { |
2692 |
- if (retransmits_timed_out(sk, sysctl_tcp_retries1, 0, 0)) { |
2693 |
-+ /* Some middle-boxes may black-hole Fast Open _after_ |
2694 |
-+ * the handshake. Therefore we conservatively disable |
2695 |
-+ * Fast Open on this path on recurring timeouts with |
2696 |
-+ * few or zero bytes acked after Fast Open. |
2697 |
-+ */ |
2698 |
-+ if (tp->syn_data_acked && |
2699 |
-+ tp->bytes_acked <= tp->rx_opt.mss_clamp) { |
2700 |
-+ tcp_fastopen_cache_set(sk, 0, NULL, true, 0); |
2701 |
-+ if (icsk->icsk_retransmits == sysctl_tcp_retries1) |
2702 |
-+ NET_INC_STATS_BH(sock_net(sk), |
2703 |
-+ LINUX_MIB_TCPFASTOPENACTIVEFAIL); |
2704 |
-+ } |
2705 |
- /* Black hole detection */ |
2706 |
- tcp_mtu_probing(icsk, sk); |
2707 |
- |
2708 |
-diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
2709 |
-index dd00828..3939dd2 100644 |
2710 |
---- a/net/ipv6/addrconf.c |
2711 |
-+++ b/net/ipv6/addrconf.c |
2712 |
-@@ -3628,7 +3628,7 @@ static void addrconf_dad_work(struct work_struct *w) |
2713 |
- |
2714 |
- /* send a neighbour solicitation for our addr */ |
2715 |
- addrconf_addr_solict_mult(&ifp->addr, &mcaddr); |
2716 |
-- ndisc_send_ns(ifp->idev->dev, NULL, &ifp->addr, &mcaddr, &in6addr_any, NULL); |
2717 |
-+ ndisc_send_ns(ifp->idev->dev, NULL, &ifp->addr, &mcaddr, &in6addr_any); |
2718 |
- out: |
2719 |
- in6_ifa_put(ifp); |
2720 |
- rtnl_unlock(); |
2721 |
-diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c |
2722 |
-index 44bb66b..38d66dd 100644 |
2723 |
---- a/net/ipv6/af_inet6.c |
2724 |
-+++ b/net/ipv6/af_inet6.c |
2725 |
-@@ -428,9 +428,11 @@ void inet6_destroy_sock(struct sock *sk) |
2726 |
- |
2727 |
- /* Free tx options */ |
2728 |
- |
2729 |
-- opt = xchg(&np->opt, NULL); |
2730 |
-- if (opt) |
2731 |
-- sock_kfree_s(sk, opt, opt->tot_len); |
2732 |
-+ opt = xchg((__force struct ipv6_txoptions **)&np->opt, NULL); |
2733 |
-+ if (opt) { |
2734 |
-+ atomic_sub(opt->tot_len, &sk->sk_omem_alloc); |
2735 |
-+ txopt_put(opt); |
2736 |
-+ } |
2737 |
- } |
2738 |
- EXPORT_SYMBOL_GPL(inet6_destroy_sock); |
2739 |
- |
2740 |
-@@ -659,7 +661,10 @@ int inet6_sk_rebuild_header(struct sock *sk) |
2741 |
- fl6.fl6_sport = inet->inet_sport; |
2742 |
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); |
2743 |
- |
2744 |
-- final_p = fl6_update_dst(&fl6, np->opt, &final); |
2745 |
-+ rcu_read_lock(); |
2746 |
-+ final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), |
2747 |
-+ &final); |
2748 |
-+ rcu_read_unlock(); |
2749 |
- |
2750 |
- dst = ip6_dst_lookup_flow(sk, &fl6, final_p); |
2751 |
- if (IS_ERR(dst)) { |
2752 |
-diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c |
2753 |
-index 9aadd57..a42a673 100644 |
2754 |
---- a/net/ipv6/datagram.c |
2755 |
-+++ b/net/ipv6/datagram.c |
2756 |
-@@ -167,8 +167,10 @@ ipv4_connected: |
2757 |
- |
2758 |
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); |
2759 |
- |
2760 |
-- opt = flowlabel ? flowlabel->opt : np->opt; |
2761 |
-+ rcu_read_lock(); |
2762 |
-+ opt = flowlabel ? flowlabel->opt : rcu_dereference(np->opt); |
2763 |
- final_p = fl6_update_dst(&fl6, opt, &final); |
2764 |
-+ rcu_read_unlock(); |
2765 |
- |
2766 |
- dst = ip6_dst_lookup_flow(sk, &fl6, final_p); |
2767 |
- err = 0; |
2768 |
-diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c |
2769 |
-index ce203b0..ea7c4d6 100644 |
2770 |
---- a/net/ipv6/exthdrs.c |
2771 |
-+++ b/net/ipv6/exthdrs.c |
2772 |
-@@ -727,6 +727,7 @@ ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) |
2773 |
- *((char **)&opt2->dst1opt) += dif; |
2774 |
- if (opt2->srcrt) |
2775 |
- *((char **)&opt2->srcrt) += dif; |
2776 |
-+ atomic_set(&opt2->refcnt, 1); |
2777 |
- } |
2778 |
- return opt2; |
2779 |
- } |
2780 |
-@@ -790,7 +791,7 @@ ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, |
2781 |
- return ERR_PTR(-ENOBUFS); |
2782 |
- |
2783 |
- memset(opt2, 0, tot_len); |
2784 |
-- |
2785 |
-+ atomic_set(&opt2->refcnt, 1); |
2786 |
- opt2->tot_len = tot_len; |
2787 |
- p = (char *)(opt2 + 1); |
2788 |
- |
2789 |
-diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c |
2790 |
-index 6927f3f..9beed30 100644 |
2791 |
---- a/net/ipv6/inet6_connection_sock.c |
2792 |
-+++ b/net/ipv6/inet6_connection_sock.c |
2793 |
-@@ -77,7 +77,9 @@ struct dst_entry *inet6_csk_route_req(struct sock *sk, |
2794 |
- memset(fl6, 0, sizeof(*fl6)); |
2795 |
- fl6->flowi6_proto = IPPROTO_TCP; |
2796 |
- fl6->daddr = ireq->ir_v6_rmt_addr; |
2797 |
-- final_p = fl6_update_dst(fl6, np->opt, &final); |
2798 |
-+ rcu_read_lock(); |
2799 |
-+ final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final); |
2800 |
-+ rcu_read_unlock(); |
2801 |
- fl6->saddr = ireq->ir_v6_loc_addr; |
2802 |
- fl6->flowi6_oif = ireq->ir_iif; |
2803 |
- fl6->flowi6_mark = ireq->ir_mark; |
2804 |
-@@ -207,7 +209,9 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk, |
2805 |
- fl6->fl6_dport = inet->inet_dport; |
2806 |
- security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); |
2807 |
- |
2808 |
-- final_p = fl6_update_dst(fl6, np->opt, &final); |
2809 |
-+ rcu_read_lock(); |
2810 |
-+ final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final); |
2811 |
-+ rcu_read_unlock(); |
2812 |
- |
2813 |
- dst = __inet6_csk_dst_check(sk, np->dst_cookie); |
2814 |
- if (!dst) { |
2815 |
-@@ -240,7 +244,8 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused |
2816 |
- /* Restore final destination back after routing done */ |
2817 |
- fl6.daddr = sk->sk_v6_daddr; |
2818 |
- |
2819 |
-- res = ip6_xmit(sk, skb, &fl6, np->opt, np->tclass); |
2820 |
-+ res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt), |
2821 |
-+ np->tclass); |
2822 |
- rcu_read_unlock(); |
2823 |
- return res; |
2824 |
- } |
2825 |
-diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
2826 |
-index eabffbb..137fca4 100644 |
2827 |
---- a/net/ipv6/ip6_tunnel.c |
2828 |
-+++ b/net/ipv6/ip6_tunnel.c |
2829 |
-@@ -177,7 +177,7 @@ void ip6_tnl_dst_reset(struct ip6_tnl *t) |
2830 |
- int i; |
2831 |
- |
2832 |
- for_each_possible_cpu(i) |
2833 |
-- ip6_tnl_per_cpu_dst_set(raw_cpu_ptr(t->dst_cache), NULL); |
2834 |
-+ ip6_tnl_per_cpu_dst_set(per_cpu_ptr(t->dst_cache, i), NULL); |
2835 |
- } |
2836 |
- EXPORT_SYMBOL_GPL(ip6_tnl_dst_reset); |
2837 |
- |
2838 |
-diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c |
2839 |
-index 0e004cc..35eee72 100644 |
2840 |
---- a/net/ipv6/ip6mr.c |
2841 |
-+++ b/net/ipv6/ip6mr.c |
2842 |
-@@ -118,7 +118,7 @@ static void mr6_netlink_event(struct mr6_table *mrt, struct mfc6_cache *mfc, |
2843 |
- int cmd); |
2844 |
- static int ip6mr_rtm_dumproute(struct sk_buff *skb, |
2845 |
- struct netlink_callback *cb); |
2846 |
--static void mroute_clean_tables(struct mr6_table *mrt); |
2847 |
-+static void mroute_clean_tables(struct mr6_table *mrt, bool all); |
2848 |
- static void ipmr_expire_process(unsigned long arg); |
2849 |
- |
2850 |
- #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES |
2851 |
-@@ -334,7 +334,7 @@ static struct mr6_table *ip6mr_new_table(struct net *net, u32 id) |
2852 |
- static void ip6mr_free_table(struct mr6_table *mrt) |
2853 |
- { |
2854 |
- del_timer_sync(&mrt->ipmr_expire_timer); |
2855 |
-- mroute_clean_tables(mrt); |
2856 |
-+ mroute_clean_tables(mrt, true); |
2857 |
- kfree(mrt); |
2858 |
- } |
2859 |
- |
2860 |
-@@ -1542,7 +1542,7 @@ static int ip6mr_mfc_add(struct net *net, struct mr6_table *mrt, |
2861 |
- * Close the multicast socket, and clear the vif tables etc |
2862 |
- */ |
2863 |
- |
2864 |
--static void mroute_clean_tables(struct mr6_table *mrt) |
2865 |
-+static void mroute_clean_tables(struct mr6_table *mrt, bool all) |
2866 |
- { |
2867 |
- int i; |
2868 |
- LIST_HEAD(list); |
2869 |
-@@ -1552,8 +1552,9 @@ static void mroute_clean_tables(struct mr6_table *mrt) |
2870 |
- * Shut down all active vif entries |
2871 |
- */ |
2872 |
- for (i = 0; i < mrt->maxvif; i++) { |
2873 |
-- if (!(mrt->vif6_table[i].flags & VIFF_STATIC)) |
2874 |
-- mif6_delete(mrt, i, &list); |
2875 |
-+ if (!all && (mrt->vif6_table[i].flags & VIFF_STATIC)) |
2876 |
-+ continue; |
2877 |
-+ mif6_delete(mrt, i, &list); |
2878 |
- } |
2879 |
- unregister_netdevice_many(&list); |
2880 |
- |
2881 |
-@@ -1562,7 +1563,7 @@ static void mroute_clean_tables(struct mr6_table *mrt) |
2882 |
- */ |
2883 |
- for (i = 0; i < MFC6_LINES; i++) { |
2884 |
- list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[i], list) { |
2885 |
-- if (c->mfc_flags & MFC_STATIC) |
2886 |
-+ if (!all && (c->mfc_flags & MFC_STATIC)) |
2887 |
- continue; |
2888 |
- write_lock_bh(&mrt_lock); |
2889 |
- list_del(&c->list); |
2890 |
-@@ -1625,7 +1626,7 @@ int ip6mr_sk_done(struct sock *sk) |
2891 |
- net->ipv6.devconf_all); |
2892 |
- write_unlock_bh(&mrt_lock); |
2893 |
- |
2894 |
-- mroute_clean_tables(mrt); |
2895 |
-+ mroute_clean_tables(mrt, false); |
2896 |
- err = 0; |
2897 |
- break; |
2898 |
- } |
2899 |
-diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
2900 |
-index 63e6956..4449ad1 100644 |
2901 |
---- a/net/ipv6/ipv6_sockglue.c |
2902 |
-+++ b/net/ipv6/ipv6_sockglue.c |
2903 |
-@@ -111,7 +111,8 @@ struct ipv6_txoptions *ipv6_update_options(struct sock *sk, |
2904 |
- icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie); |
2905 |
- } |
2906 |
- } |
2907 |
-- opt = xchg(&inet6_sk(sk)->opt, opt); |
2908 |
-+ opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt, |
2909 |
-+ opt); |
2910 |
- sk_dst_reset(sk); |
2911 |
- |
2912 |
- return opt; |
2913 |
-@@ -231,9 +232,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, |
2914 |
- sk->sk_socket->ops = &inet_dgram_ops; |
2915 |
- sk->sk_family = PF_INET; |
2916 |
- } |
2917 |
-- opt = xchg(&np->opt, NULL); |
2918 |
-- if (opt) |
2919 |
-- sock_kfree_s(sk, opt, opt->tot_len); |
2920 |
-+ opt = xchg((__force struct ipv6_txoptions **)&np->opt, |
2921 |
-+ NULL); |
2922 |
-+ if (opt) { |
2923 |
-+ atomic_sub(opt->tot_len, &sk->sk_omem_alloc); |
2924 |
-+ txopt_put(opt); |
2925 |
-+ } |
2926 |
- pktopt = xchg(&np->pktoptions, NULL); |
2927 |
- kfree_skb(pktopt); |
2928 |
- |
2929 |
-@@ -403,7 +407,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, |
2930 |
- if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) |
2931 |
- break; |
2932 |
- |
2933 |
-- opt = ipv6_renew_options(sk, np->opt, optname, |
2934 |
-+ opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); |
2935 |
-+ opt = ipv6_renew_options(sk, opt, optname, |
2936 |
- (struct ipv6_opt_hdr __user *)optval, |
2937 |
- optlen); |
2938 |
- if (IS_ERR(opt)) { |
2939 |
-@@ -432,8 +437,10 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, |
2940 |
- retv = 0; |
2941 |
- opt = ipv6_update_options(sk, opt); |
2942 |
- sticky_done: |
2943 |
-- if (opt) |
2944 |
-- sock_kfree_s(sk, opt, opt->tot_len); |
2945 |
-+ if (opt) { |
2946 |
-+ atomic_sub(opt->tot_len, &sk->sk_omem_alloc); |
2947 |
-+ txopt_put(opt); |
2948 |
-+ } |
2949 |
- break; |
2950 |
- } |
2951 |
- |
2952 |
-@@ -486,6 +493,7 @@ sticky_done: |
2953 |
- break; |
2954 |
- |
2955 |
- memset(opt, 0, sizeof(*opt)); |
2956 |
-+ atomic_set(&opt->refcnt, 1); |
2957 |
- opt->tot_len = sizeof(*opt) + optlen; |
2958 |
- retv = -EFAULT; |
2959 |
- if (copy_from_user(opt+1, optval, optlen)) |
2960 |
-@@ -502,8 +510,10 @@ update: |
2961 |
- retv = 0; |
2962 |
- opt = ipv6_update_options(sk, opt); |
2963 |
- done: |
2964 |
-- if (opt) |
2965 |
-- sock_kfree_s(sk, opt, opt->tot_len); |
2966 |
-+ if (opt) { |
2967 |
-+ atomic_sub(opt->tot_len, &sk->sk_omem_alloc); |
2968 |
-+ txopt_put(opt); |
2969 |
-+ } |
2970 |
- break; |
2971 |
- } |
2972 |
- case IPV6_UNICAST_HOPS: |
2973 |
-@@ -1110,10 +1120,11 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, |
2974 |
- case IPV6_RTHDR: |
2975 |
- case IPV6_DSTOPTS: |
2976 |
- { |
2977 |
-+ struct ipv6_txoptions *opt; |
2978 |
- |
2979 |
- lock_sock(sk); |
2980 |
-- len = ipv6_getsockopt_sticky(sk, np->opt, |
2981 |
-- optname, optval, len); |
2982 |
-+ opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); |
2983 |
-+ len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len); |
2984 |
- release_sock(sk); |
2985 |
- /* check if ipv6_getsockopt_sticky() returns err code */ |
2986 |
- if (len < 0) |
2987 |
-diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c |
2988 |
-index 083b292..41e3b5e 100644 |
2989 |
---- a/net/ipv6/mcast.c |
2990 |
-+++ b/net/ipv6/mcast.c |
2991 |
-@@ -1651,7 +1651,6 @@ out: |
2992 |
- if (!err) { |
2993 |
- ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); |
2994 |
- ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); |
2995 |
-- IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, payload_len); |
2996 |
- } else { |
2997 |
- IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); |
2998 |
- } |
2999 |
-@@ -2014,7 +2013,6 @@ out: |
3000 |
- if (!err) { |
3001 |
- ICMP6MSGOUT_INC_STATS(net, idev, type); |
3002 |
- ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); |
3003 |
-- IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, full_len); |
3004 |
- } else |
3005 |
- IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); |
3006 |
- |
3007 |
-diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c |
3008 |
-index 64a7135..9ad46cd 100644 |
3009 |
---- a/net/ipv6/ndisc.c |
3010 |
-+++ b/net/ipv6/ndisc.c |
3011 |
-@@ -553,8 +553,7 @@ static void ndisc_send_unsol_na(struct net_device *dev) |
3012 |
- |
3013 |
- void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, |
3014 |
- const struct in6_addr *solicit, |
3015 |
-- const struct in6_addr *daddr, const struct in6_addr *saddr, |
3016 |
-- struct sk_buff *oskb) |
3017 |
-+ const struct in6_addr *daddr, const struct in6_addr *saddr) |
3018 |
- { |
3019 |
- struct sk_buff *skb; |
3020 |
- struct in6_addr addr_buf; |
3021 |
-@@ -590,9 +589,6 @@ void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, |
3022 |
- ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, |
3023 |
- dev->dev_addr); |
3024 |
- |
3025 |
-- if (!(dev->priv_flags & IFF_XMIT_DST_RELEASE) && oskb) |
3026 |
-- skb_dst_copy(skb, oskb); |
3027 |
-- |
3028 |
- ndisc_send_skb(skb, daddr, saddr); |
3029 |
- } |
3030 |
- |
3031 |
-@@ -679,12 +675,12 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) |
3032 |
- "%s: trying to ucast probe in NUD_INVALID: %pI6\n", |
3033 |
- __func__, target); |
3034 |
- } |
3035 |
-- ndisc_send_ns(dev, neigh, target, target, saddr, skb); |
3036 |
-+ ndisc_send_ns(dev, neigh, target, target, saddr); |
3037 |
- } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) { |
3038 |
- neigh_app_ns(neigh); |
3039 |
- } else { |
3040 |
- addrconf_addr_solict_mult(target, &mcaddr); |
3041 |
-- ndisc_send_ns(dev, NULL, target, &mcaddr, saddr, skb); |
3042 |
-+ ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); |
3043 |
- } |
3044 |
- } |
3045 |
- |
3046 |
-diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c |
3047 |
-index c7196ad..dc50143 100644 |
3048 |
---- a/net/ipv6/netfilter/nf_conntrack_reasm.c |
3049 |
-+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c |
3050 |
-@@ -190,7 +190,7 @@ static void nf_ct_frag6_expire(unsigned long data) |
3051 |
- /* Creation primitives. */ |
3052 |
- static inline struct frag_queue *fq_find(struct net *net, __be32 id, |
3053 |
- u32 user, struct in6_addr *src, |
3054 |
-- struct in6_addr *dst, u8 ecn) |
3055 |
-+ struct in6_addr *dst, int iif, u8 ecn) |
3056 |
- { |
3057 |
- struct inet_frag_queue *q; |
3058 |
- struct ip6_create_arg arg; |
3059 |
-@@ -200,6 +200,7 @@ static inline struct frag_queue *fq_find(struct net *net, __be32 id, |
3060 |
- arg.user = user; |
3061 |
- arg.src = src; |
3062 |
- arg.dst = dst; |
3063 |
-+ arg.iif = iif; |
3064 |
- arg.ecn = ecn; |
3065 |
- |
3066 |
- local_bh_disable(); |
3067 |
-@@ -603,7 +604,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user) |
3068 |
- fhdr = (struct frag_hdr *)skb_transport_header(clone); |
3069 |
- |
3070 |
- fq = fq_find(net, fhdr->identification, user, &hdr->saddr, &hdr->daddr, |
3071 |
-- ip6_frag_ecn(hdr)); |
3072 |
-+ skb->dev ? skb->dev->ifindex : 0, ip6_frag_ecn(hdr)); |
3073 |
- if (fq == NULL) { |
3074 |
- pr_debug("Can't find and can't create new queue\n"); |
3075 |
- goto ret_orig; |
3076 |
-diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c |
3077 |
-index fdbada156..fe97729 100644 |
3078 |
---- a/net/ipv6/raw.c |
3079 |
-+++ b/net/ipv6/raw.c |
3080 |
-@@ -732,6 +732,7 @@ static int raw6_getfrag(void *from, char *to, int offset, int len, int odd, |
3081 |
- |
3082 |
- static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
3083 |
- { |
3084 |
-+ struct ipv6_txoptions *opt_to_free = NULL; |
3085 |
- struct ipv6_txoptions opt_space; |
3086 |
- DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); |
3087 |
- struct in6_addr *daddr, *final_p, final; |
3088 |
-@@ -838,8 +839,10 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
3089 |
- if (!(opt->opt_nflen|opt->opt_flen)) |
3090 |
- opt = NULL; |
3091 |
- } |
3092 |
-- if (!opt) |
3093 |
-- opt = np->opt; |
3094 |
-+ if (!opt) { |
3095 |
-+ opt = txopt_get(np); |
3096 |
-+ opt_to_free = opt; |
3097 |
-+ } |
3098 |
- if (flowlabel) |
3099 |
- opt = fl6_merge_options(&opt_space, flowlabel, opt); |
3100 |
- opt = ipv6_fixup_options(&opt_space, opt); |
3101 |
-@@ -905,6 +908,7 @@ done: |
3102 |
- dst_release(dst); |
3103 |
- out: |
3104 |
- fl6_sock_release(flowlabel); |
3105 |
-+ txopt_put(opt_to_free); |
3106 |
- return err < 0 ? err : len; |
3107 |
- do_confirm: |
3108 |
- dst_confirm(dst); |
3109 |
-diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c |
3110 |
-index f1159bb..04013a9 100644 |
3111 |
---- a/net/ipv6/reassembly.c |
3112 |
-+++ b/net/ipv6/reassembly.c |
3113 |
-@@ -108,7 +108,10 @@ bool ip6_frag_match(const struct inet_frag_queue *q, const void *a) |
3114 |
- return fq->id == arg->id && |
3115 |
- fq->user == arg->user && |
3116 |
- ipv6_addr_equal(&fq->saddr, arg->src) && |
3117 |
-- ipv6_addr_equal(&fq->daddr, arg->dst); |
3118 |
-+ ipv6_addr_equal(&fq->daddr, arg->dst) && |
3119 |
-+ (arg->iif == fq->iif || |
3120 |
-+ !(ipv6_addr_type(arg->dst) & (IPV6_ADDR_MULTICAST | |
3121 |
-+ IPV6_ADDR_LINKLOCAL))); |
3122 |
- } |
3123 |
- EXPORT_SYMBOL(ip6_frag_match); |
3124 |
- |
3125 |
-@@ -180,7 +183,7 @@ static void ip6_frag_expire(unsigned long data) |
3126 |
- |
3127 |
- static struct frag_queue * |
3128 |
- fq_find(struct net *net, __be32 id, const struct in6_addr *src, |
3129 |
-- const struct in6_addr *dst, u8 ecn) |
3130 |
-+ const struct in6_addr *dst, int iif, u8 ecn) |
3131 |
- { |
3132 |
- struct inet_frag_queue *q; |
3133 |
- struct ip6_create_arg arg; |
3134 |
-@@ -190,6 +193,7 @@ fq_find(struct net *net, __be32 id, const struct in6_addr *src, |
3135 |
- arg.user = IP6_DEFRAG_LOCAL_DELIVER; |
3136 |
- arg.src = src; |
3137 |
- arg.dst = dst; |
3138 |
-+ arg.iif = iif; |
3139 |
- arg.ecn = ecn; |
3140 |
- |
3141 |
- hash = inet6_hash_frag(id, src, dst); |
3142 |
-@@ -551,7 +555,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb) |
3143 |
- } |
3144 |
- |
3145 |
- fq = fq_find(net, fhdr->identification, &hdr->saddr, &hdr->daddr, |
3146 |
-- ip6_frag_ecn(hdr)); |
3147 |
-+ skb->dev ? skb->dev->ifindex : 0, ip6_frag_ecn(hdr)); |
3148 |
- if (fq) { |
3149 |
- int ret; |
3150 |
- |
3151 |
-diff --git a/net/ipv6/route.c b/net/ipv6/route.c |
3152 |
-index 946880a..fd0e674 100644 |
3153 |
---- a/net/ipv6/route.c |
3154 |
-+++ b/net/ipv6/route.c |
3155 |
-@@ -403,6 +403,14 @@ static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev, |
3156 |
- } |
3157 |
- } |
3158 |
- |
3159 |
-+static bool __rt6_check_expired(const struct rt6_info *rt) |
3160 |
-+{ |
3161 |
-+ if (rt->rt6i_flags & RTF_EXPIRES) |
3162 |
-+ return time_after(jiffies, rt->dst.expires); |
3163 |
-+ else |
3164 |
-+ return false; |
3165 |
-+} |
3166 |
-+ |
3167 |
- static bool rt6_check_expired(const struct rt6_info *rt) |
3168 |
- { |
3169 |
- if (rt->rt6i_flags & RTF_EXPIRES) { |
3170 |
-@@ -538,7 +546,7 @@ static void rt6_probe_deferred(struct work_struct *w) |
3171 |
- container_of(w, struct __rt6_probe_work, work); |
3172 |
- |
3173 |
- addrconf_addr_solict_mult(&work->target, &mcaddr); |
3174 |
-- ndisc_send_ns(work->dev, NULL, &work->target, &mcaddr, NULL, NULL); |
3175 |
-+ ndisc_send_ns(work->dev, NULL, &work->target, &mcaddr, NULL); |
3176 |
- dev_put(work->dev); |
3177 |
- kfree(work); |
3178 |
- } |
3179 |
-@@ -1270,7 +1278,8 @@ static struct dst_entry *rt6_check(struct rt6_info *rt, u32 cookie) |
3180 |
- |
3181 |
- static struct dst_entry *rt6_dst_from_check(struct rt6_info *rt, u32 cookie) |
3182 |
- { |
3183 |
-- if (rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK && |
3184 |
-+ if (!__rt6_check_expired(rt) && |
3185 |
-+ rt->dst.obsolete == DST_OBSOLETE_FORCE_CHK && |
3186 |
- rt6_check((struct rt6_info *)(rt->dst.from), cookie)) |
3187 |
- return &rt->dst; |
3188 |
- else |
3189 |
-@@ -1290,7 +1299,8 @@ static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie) |
3190 |
- |
3191 |
- rt6_dst_from_metrics_check(rt); |
3192 |
- |
3193 |
-- if ((rt->rt6i_flags & RTF_PCPU) || unlikely(dst->flags & DST_NOCACHE)) |
3194 |
-+ if (rt->rt6i_flags & RTF_PCPU || |
3195 |
-+ (unlikely(dst->flags & DST_NOCACHE) && rt->dst.from)) |
3196 |
- return rt6_dst_from_check(rt, cookie); |
3197 |
- else |
3198 |
- return rt6_check(rt, cookie); |
3199 |
-@@ -1340,6 +1350,12 @@ static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu) |
3200 |
- rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires); |
3201 |
- } |
3202 |
- |
3203 |
-+static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt) |
3204 |
-+{ |
3205 |
-+ return !(rt->rt6i_flags & RTF_CACHE) && |
3206 |
-+ (rt->rt6i_flags & RTF_PCPU || rt->rt6i_node); |
3207 |
-+} |
3208 |
-+ |
3209 |
- static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk, |
3210 |
- const struct ipv6hdr *iph, u32 mtu) |
3211 |
- { |
3212 |
-@@ -1353,7 +1369,7 @@ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk, |
3213 |
- if (mtu >= dst_mtu(dst)) |
3214 |
- return; |
3215 |
- |
3216 |
-- if (rt6->rt6i_flags & RTF_CACHE) { |
3217 |
-+ if (!rt6_cache_allowed_for_pmtu(rt6)) { |
3218 |
- rt6_do_update_pmtu(rt6, mtu); |
3219 |
- } else { |
3220 |
- const struct in6_addr *daddr, *saddr; |
3221 |
-diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c |
3222 |
-index 0909f4e..f30bfdc 100644 |
3223 |
---- a/net/ipv6/syncookies.c |
3224 |
-+++ b/net/ipv6/syncookies.c |
3225 |
-@@ -225,7 +225,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) |
3226 |
- memset(&fl6, 0, sizeof(fl6)); |
3227 |
- fl6.flowi6_proto = IPPROTO_TCP; |
3228 |
- fl6.daddr = ireq->ir_v6_rmt_addr; |
3229 |
-- final_p = fl6_update_dst(&fl6, np->opt, &final); |
3230 |
-+ final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final); |
3231 |
- fl6.saddr = ireq->ir_v6_loc_addr; |
3232 |
- fl6.flowi6_oif = sk->sk_bound_dev_if; |
3233 |
- fl6.flowi6_mark = ireq->ir_mark; |
3234 |
-diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c |
3235 |
-index 97d9314..9e9b77b 100644 |
3236 |
---- a/net/ipv6/tcp_ipv6.c |
3237 |
-+++ b/net/ipv6/tcp_ipv6.c |
3238 |
-@@ -120,6 +120,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, |
3239 |
- struct ipv6_pinfo *np = inet6_sk(sk); |
3240 |
- struct tcp_sock *tp = tcp_sk(sk); |
3241 |
- struct in6_addr *saddr = NULL, *final_p, final; |
3242 |
-+ struct ipv6_txoptions *opt; |
3243 |
- struct flowi6 fl6; |
3244 |
- struct dst_entry *dst; |
3245 |
- int addr_type; |
3246 |
-@@ -235,7 +236,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, |
3247 |
- fl6.fl6_dport = usin->sin6_port; |
3248 |
- fl6.fl6_sport = inet->inet_sport; |
3249 |
- |
3250 |
-- final_p = fl6_update_dst(&fl6, np->opt, &final); |
3251 |
-+ opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk)); |
3252 |
-+ final_p = fl6_update_dst(&fl6, opt, &final); |
3253 |
- |
3254 |
- security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); |
3255 |
- |
3256 |
-@@ -263,9 +265,9 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, |
3257 |
- tcp_fetch_timewait_stamp(sk, dst); |
3258 |
- |
3259 |
- icsk->icsk_ext_hdr_len = 0; |
3260 |
-- if (np->opt) |
3261 |
-- icsk->icsk_ext_hdr_len = (np->opt->opt_flen + |
3262 |
-- np->opt->opt_nflen); |
3263 |
-+ if (opt) |
3264 |
-+ icsk->icsk_ext_hdr_len = opt->opt_flen + |
3265 |
-+ opt->opt_nflen; |
3266 |
- |
3267 |
- tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr); |
3268 |
- |
3269 |
-@@ -461,7 +463,8 @@ static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst, |
3270 |
- fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts)); |
3271 |
- |
3272 |
- skb_set_queue_mapping(skb, queue_mapping); |
3273 |
-- err = ip6_xmit(sk, skb, fl6, np->opt, np->tclass); |
3274 |
-+ err = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), |
3275 |
-+ np->tclass); |
3276 |
- err = net_xmit_eval(err); |
3277 |
- } |
3278 |
- |
3279 |
-@@ -991,6 +994,7 @@ static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, |
3280 |
- struct inet_request_sock *ireq; |
3281 |
- struct ipv6_pinfo *newnp, *np = inet6_sk(sk); |
3282 |
- struct tcp6_sock *newtcp6sk; |
3283 |
-+ struct ipv6_txoptions *opt; |
3284 |
- struct inet_sock *newinet; |
3285 |
- struct tcp_sock *newtp; |
3286 |
- struct sock *newsk; |
3287 |
-@@ -1126,13 +1130,15 @@ static struct sock *tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, |
3288 |
- but we make one more one thing there: reattach optmem |
3289 |
- to newsk. |
3290 |
- */ |
3291 |
-- if (np->opt) |
3292 |
-- newnp->opt = ipv6_dup_options(newsk, np->opt); |
3293 |
-- |
3294 |
-+ opt = rcu_dereference(np->opt); |
3295 |
-+ if (opt) { |
3296 |
-+ opt = ipv6_dup_options(newsk, opt); |
3297 |
-+ RCU_INIT_POINTER(newnp->opt, opt); |
3298 |
-+ } |
3299 |
- inet_csk(newsk)->icsk_ext_hdr_len = 0; |
3300 |
-- if (newnp->opt) |
3301 |
-- inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + |
3302 |
-- newnp->opt->opt_flen); |
3303 |
-+ if (opt) |
3304 |
-+ inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + |
3305 |
-+ opt->opt_flen; |
3306 |
- |
3307 |
- tcp_ca_openreq_child(newsk, dst); |
3308 |
- |
3309 |
-diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c |
3310 |
-index 0aba654..8379fc2 100644 |
3311 |
---- a/net/ipv6/udp.c |
3312 |
-+++ b/net/ipv6/udp.c |
3313 |
-@@ -1107,6 +1107,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
3314 |
- DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name); |
3315 |
- struct in6_addr *daddr, *final_p, final; |
3316 |
- struct ipv6_txoptions *opt = NULL; |
3317 |
-+ struct ipv6_txoptions *opt_to_free = NULL; |
3318 |
- struct ip6_flowlabel *flowlabel = NULL; |
3319 |
- struct flowi6 fl6; |
3320 |
- struct dst_entry *dst; |
3321 |
-@@ -1260,8 +1261,10 @@ do_udp_sendmsg: |
3322 |
- opt = NULL; |
3323 |
- connected = 0; |
3324 |
- } |
3325 |
-- if (!opt) |
3326 |
-- opt = np->opt; |
3327 |
-+ if (!opt) { |
3328 |
-+ opt = txopt_get(np); |
3329 |
-+ opt_to_free = opt; |
3330 |
-+ } |
3331 |
- if (flowlabel) |
3332 |
- opt = fl6_merge_options(&opt_space, flowlabel, opt); |
3333 |
- opt = ipv6_fixup_options(&opt_space, opt); |
3334 |
-@@ -1370,6 +1373,7 @@ release_dst: |
3335 |
- out: |
3336 |
- dst_release(dst); |
3337 |
- fl6_sock_release(flowlabel); |
3338 |
-+ txopt_put(opt_to_free); |
3339 |
- if (!err) |
3340 |
- return len; |
3341 |
- /* |
3342 |
-diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c |
3343 |
-index d1ded37..0ce9da9 100644 |
3344 |
---- a/net/l2tp/l2tp_ip6.c |
3345 |
-+++ b/net/l2tp/l2tp_ip6.c |
3346 |
-@@ -486,6 +486,7 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
3347 |
- DECLARE_SOCKADDR(struct sockaddr_l2tpip6 *, lsa, msg->msg_name); |
3348 |
- struct in6_addr *daddr, *final_p, final; |
3349 |
- struct ipv6_pinfo *np = inet6_sk(sk); |
3350 |
-+ struct ipv6_txoptions *opt_to_free = NULL; |
3351 |
- struct ipv6_txoptions *opt = NULL; |
3352 |
- struct ip6_flowlabel *flowlabel = NULL; |
3353 |
- struct dst_entry *dst = NULL; |
3354 |
-@@ -575,8 +576,10 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
3355 |
- opt = NULL; |
3356 |
- } |
3357 |
- |
3358 |
-- if (opt == NULL) |
3359 |
-- opt = np->opt; |
3360 |
-+ if (!opt) { |
3361 |
-+ opt = txopt_get(np); |
3362 |
-+ opt_to_free = opt; |
3363 |
-+ } |
3364 |
- if (flowlabel) |
3365 |
- opt = fl6_merge_options(&opt_space, flowlabel, opt); |
3366 |
- opt = ipv6_fixup_options(&opt_space, opt); |
3367 |
-@@ -631,6 +634,7 @@ done: |
3368 |
- dst_release(dst); |
3369 |
- out: |
3370 |
- fl6_sock_release(flowlabel); |
3371 |
-+ txopt_put(opt_to_free); |
3372 |
- |
3373 |
- return err < 0 ? err : len; |
3374 |
- |
3375 |
-diff --git a/net/openvswitch/dp_notify.c b/net/openvswitch/dp_notify.c |
3376 |
-index a7a80a6..653d073 100644 |
3377 |
---- a/net/openvswitch/dp_notify.c |
3378 |
-+++ b/net/openvswitch/dp_notify.c |
3379 |
-@@ -58,7 +58,7 @@ void ovs_dp_notify_wq(struct work_struct *work) |
3380 |
- struct hlist_node *n; |
3381 |
- |
3382 |
- hlist_for_each_entry_safe(vport, n, &dp->ports[i], dp_hash_node) { |
3383 |
-- if (vport->ops->type != OVS_VPORT_TYPE_NETDEV) |
3384 |
-+ if (vport->ops->type == OVS_VPORT_TYPE_INTERNAL) |
3385 |
- continue; |
3386 |
- |
3387 |
- if (!(vport->dev->priv_flags & IFF_OVS_DATAPATH)) |
3388 |
-diff --git a/net/openvswitch/vport-netdev.c b/net/openvswitch/vport-netdev.c |
3389 |
-index f7e8dcc..ac14c48 100644 |
3390 |
---- a/net/openvswitch/vport-netdev.c |
3391 |
-+++ b/net/openvswitch/vport-netdev.c |
3392 |
-@@ -180,9 +180,13 @@ void ovs_netdev_tunnel_destroy(struct vport *vport) |
3393 |
- if (vport->dev->priv_flags & IFF_OVS_DATAPATH) |
3394 |
- ovs_netdev_detach_dev(vport); |
3395 |
- |
3396 |
-- /* Early release so we can unregister the device */ |
3397 |
-+ /* We can be invoked by both explicit vport deletion and |
3398 |
-+ * underlying netdev deregistration; delete the link only |
3399 |
-+ * if it's not already shutting down. |
3400 |
-+ */ |
3401 |
-+ if (vport->dev->reg_state == NETREG_REGISTERED) |
3402 |
-+ rtnl_delete_link(vport->dev); |
3403 |
- dev_put(vport->dev); |
3404 |
-- rtnl_delete_link(vport->dev); |
3405 |
- vport->dev = NULL; |
3406 |
- rtnl_unlock(); |
3407 |
- |
3408 |
-diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
3409 |
-index 27b2898..4695a36 100644 |
3410 |
---- a/net/packet/af_packet.c |
3411 |
-+++ b/net/packet/af_packet.c |
3412 |
-@@ -1741,6 +1741,20 @@ static void fanout_release(struct sock *sk) |
3413 |
- kfree_rcu(po->rollover, rcu); |
3414 |
- } |
3415 |
- |
3416 |
-+static bool packet_extra_vlan_len_allowed(const struct net_device *dev, |
3417 |
-+ struct sk_buff *skb) |
3418 |
-+{ |
3419 |
-+ /* Earlier code assumed this would be a VLAN pkt, double-check |
3420 |
-+ * this now that we have the actual packet in hand. We can only |
3421 |
-+ * do this check on Ethernet devices. |
3422 |
-+ */ |
3423 |
-+ if (unlikely(dev->type != ARPHRD_ETHER)) |
3424 |
-+ return false; |
3425 |
-+ |
3426 |
-+ skb_reset_mac_header(skb); |
3427 |
-+ return likely(eth_hdr(skb)->h_proto == htons(ETH_P_8021Q)); |
3428 |
-+} |
3429 |
-+ |
3430 |
- static const struct proto_ops packet_ops; |
3431 |
- |
3432 |
- static const struct proto_ops packet_ops_spkt; |
3433 |
-@@ -1902,18 +1916,10 @@ retry: |
3434 |
- goto retry; |
3435 |
- } |
3436 |
- |
3437 |
-- if (len > (dev->mtu + dev->hard_header_len + extra_len)) { |
3438 |
-- /* Earlier code assumed this would be a VLAN pkt, |
3439 |
-- * double-check this now that we have the actual |
3440 |
-- * packet in hand. |
3441 |
-- */ |
3442 |
-- struct ethhdr *ehdr; |
3443 |
-- skb_reset_mac_header(skb); |
3444 |
-- ehdr = eth_hdr(skb); |
3445 |
-- if (ehdr->h_proto != htons(ETH_P_8021Q)) { |
3446 |
-- err = -EMSGSIZE; |
3447 |
-- goto out_unlock; |
3448 |
-- } |
3449 |
-+ if (len > (dev->mtu + dev->hard_header_len + extra_len) && |
3450 |
-+ !packet_extra_vlan_len_allowed(dev, skb)) { |
3451 |
-+ err = -EMSGSIZE; |
3452 |
-+ goto out_unlock; |
3453 |
- } |
3454 |
- |
3455 |
- skb->protocol = proto; |
3456 |
-@@ -2332,6 +2338,15 @@ static bool ll_header_truncated(const struct net_device *dev, int len) |
3457 |
- return false; |
3458 |
- } |
3459 |
- |
3460 |
-+static void tpacket_set_protocol(const struct net_device *dev, |
3461 |
-+ struct sk_buff *skb) |
3462 |
-+{ |
3463 |
-+ if (dev->type == ARPHRD_ETHER) { |
3464 |
-+ skb_reset_mac_header(skb); |
3465 |
-+ skb->protocol = eth_hdr(skb)->h_proto; |
3466 |
-+ } |
3467 |
-+} |
3468 |
-+ |
3469 |
- static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, |
3470 |
- void *frame, struct net_device *dev, int size_max, |
3471 |
- __be16 proto, unsigned char *addr, int hlen) |
3472 |
-@@ -2368,8 +2383,6 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, |
3473 |
- skb_reserve(skb, hlen); |
3474 |
- skb_reset_network_header(skb); |
3475 |
- |
3476 |
-- if (!packet_use_direct_xmit(po)) |
3477 |
-- skb_probe_transport_header(skb, 0); |
3478 |
- if (unlikely(po->tp_tx_has_off)) { |
3479 |
- int off_min, off_max, off; |
3480 |
- off_min = po->tp_hdrlen - sizeof(struct sockaddr_ll); |
3481 |
-@@ -2415,6 +2428,8 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, |
3482 |
- dev->hard_header_len); |
3483 |
- if (unlikely(err)) |
3484 |
- return err; |
3485 |
-+ if (!skb->protocol) |
3486 |
-+ tpacket_set_protocol(dev, skb); |
3487 |
- |
3488 |
- data += dev->hard_header_len; |
3489 |
- to_write -= dev->hard_header_len; |
3490 |
-@@ -2449,6 +2464,8 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, |
3491 |
- len = ((to_write > len_max) ? len_max : to_write); |
3492 |
- } |
3493 |
- |
3494 |
-+ skb_probe_transport_header(skb, 0); |
3495 |
-+ |
3496 |
- return tp_len; |
3497 |
- } |
3498 |
- |
3499 |
-@@ -2493,12 +2510,13 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) |
3500 |
- if (unlikely(!(dev->flags & IFF_UP))) |
3501 |
- goto out_put; |
3502 |
- |
3503 |
-- reserve = dev->hard_header_len + VLAN_HLEN; |
3504 |
-+ if (po->sk.sk_socket->type == SOCK_RAW) |
3505 |
-+ reserve = dev->hard_header_len; |
3506 |
- size_max = po->tx_ring.frame_size |
3507 |
- - (po->tp_hdrlen - sizeof(struct sockaddr_ll)); |
3508 |
- |
3509 |
-- if (size_max > dev->mtu + reserve) |
3510 |
-- size_max = dev->mtu + reserve; |
3511 |
-+ if (size_max > dev->mtu + reserve + VLAN_HLEN) |
3512 |
-+ size_max = dev->mtu + reserve + VLAN_HLEN; |
3513 |
- |
3514 |
- do { |
3515 |
- ph = packet_current_frame(po, &po->tx_ring, |
3516 |
-@@ -2525,18 +2543,10 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) |
3517 |
- tp_len = tpacket_fill_skb(po, skb, ph, dev, size_max, proto, |
3518 |
- addr, hlen); |
3519 |
- if (likely(tp_len >= 0) && |
3520 |
-- tp_len > dev->mtu + dev->hard_header_len) { |
3521 |
-- struct ethhdr *ehdr; |
3522 |
-- /* Earlier code assumed this would be a VLAN pkt, |
3523 |
-- * double-check this now that we have the actual |
3524 |
-- * packet in hand. |
3525 |
-- */ |
3526 |
-+ tp_len > dev->mtu + reserve && |
3527 |
-+ !packet_extra_vlan_len_allowed(dev, skb)) |
3528 |
-+ tp_len = -EMSGSIZE; |
3529 |
- |
3530 |
-- skb_reset_mac_header(skb); |
3531 |
-- ehdr = eth_hdr(skb); |
3532 |
-- if (ehdr->h_proto != htons(ETH_P_8021Q)) |
3533 |
-- tp_len = -EMSGSIZE; |
3534 |
-- } |
3535 |
- if (unlikely(tp_len < 0)) { |
3536 |
- if (po->tp_loss) { |
3537 |
- __packet_set_status(po, ph, |
3538 |
-@@ -2757,18 +2767,10 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
3539 |
- |
3540 |
- sock_tx_timestamp(sk, &skb_shinfo(skb)->tx_flags); |
3541 |
- |
3542 |
-- if (!gso_type && (len > dev->mtu + reserve + extra_len)) { |
3543 |
-- /* Earlier code assumed this would be a VLAN pkt, |
3544 |
-- * double-check this now that we have the actual |
3545 |
-- * packet in hand. |
3546 |
-- */ |
3547 |
-- struct ethhdr *ehdr; |
3548 |
-- skb_reset_mac_header(skb); |
3549 |
-- ehdr = eth_hdr(skb); |
3550 |
-- if (ehdr->h_proto != htons(ETH_P_8021Q)) { |
3551 |
-- err = -EMSGSIZE; |
3552 |
-- goto out_free; |
3553 |
-- } |
3554 |
-+ if (!gso_type && (len > dev->mtu + reserve + extra_len) && |
3555 |
-+ !packet_extra_vlan_len_allowed(dev, skb)) { |
3556 |
-+ err = -EMSGSIZE; |
3557 |
-+ goto out_free; |
3558 |
- } |
3559 |
- |
3560 |
- skb->protocol = proto; |
3561 |
-@@ -2799,8 +2801,8 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
3562 |
- len += vnet_hdr_len; |
3563 |
- } |
3564 |
- |
3565 |
-- if (!packet_use_direct_xmit(po)) |
3566 |
-- skb_probe_transport_header(skb, reserve); |
3567 |
-+ skb_probe_transport_header(skb, reserve); |
3568 |
-+ |
3569 |
- if (unlikely(extra_len == 4)) |
3570 |
- skb->no_fcs = 1; |
3571 |
- |
3572 |
-diff --git a/net/rds/connection.c b/net/rds/connection.c |
3573 |
-index 49adeef..9b2de5e 100644 |
3574 |
---- a/net/rds/connection.c |
3575 |
-+++ b/net/rds/connection.c |
3576 |
-@@ -190,12 +190,6 @@ new_conn: |
3577 |
- } |
3578 |
- } |
3579 |
- |
3580 |
-- if (trans == NULL) { |
3581 |
-- kmem_cache_free(rds_conn_slab, conn); |
3582 |
-- conn = ERR_PTR(-ENODEV); |
3583 |
-- goto out; |
3584 |
-- } |
3585 |
-- |
3586 |
- conn->c_trans = trans; |
3587 |
- |
3588 |
- ret = trans->conn_alloc(conn, gfp); |
3589 |
-diff --git a/net/rds/send.c b/net/rds/send.c |
3590 |
-index 4df61a5..859de6f 100644 |
3591 |
---- a/net/rds/send.c |
3592 |
-+++ b/net/rds/send.c |
3593 |
-@@ -1009,11 +1009,13 @@ int rds_sendmsg(struct socket *sock, struct msghdr *msg, size_t payload_len) |
3594 |
- release_sock(sk); |
3595 |
- } |
3596 |
- |
3597 |
-- /* racing with another thread binding seems ok here */ |
3598 |
-+ lock_sock(sk); |
3599 |
- if (daddr == 0 || rs->rs_bound_addr == 0) { |
3600 |
-+ release_sock(sk); |
3601 |
- ret = -ENOTCONN; /* XXX not a great errno */ |
3602 |
- goto out; |
3603 |
- } |
3604 |
-+ release_sock(sk); |
3605 |
- |
3606 |
- if (payload_len > rds_sk_sndbuf(rs)) { |
3607 |
- ret = -EMSGSIZE; |
3608 |
-diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c |
3609 |
-index f43c8f3..7ec667d 100644 |
3610 |
---- a/net/sched/sch_api.c |
3611 |
-+++ b/net/sched/sch_api.c |
3612 |
-@@ -253,7 +253,8 @@ int qdisc_set_default(const char *name) |
3613 |
- } |
3614 |
- |
3615 |
- /* We know handle. Find qdisc among all qdisc's attached to device |
3616 |
-- (root qdisc, all its children, children of children etc.) |
3617 |
-+ * (root qdisc, all its children, children of children etc.) |
3618 |
-+ * Note: caller either uses rtnl or rcu_read_lock() |
3619 |
- */ |
3620 |
- |
3621 |
- static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle) |
3622 |
-@@ -264,7 +265,7 @@ static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle) |
3623 |
- root->handle == handle) |
3624 |
- return root; |
3625 |
- |
3626 |
-- list_for_each_entry(q, &root->list, list) { |
3627 |
-+ list_for_each_entry_rcu(q, &root->list, list) { |
3628 |
- if (q->handle == handle) |
3629 |
- return q; |
3630 |
- } |
3631 |
-@@ -277,15 +278,18 @@ void qdisc_list_add(struct Qdisc *q) |
3632 |
- struct Qdisc *root = qdisc_dev(q)->qdisc; |
3633 |
- |
3634 |
- WARN_ON_ONCE(root == &noop_qdisc); |
3635 |
-- list_add_tail(&q->list, &root->list); |
3636 |
-+ ASSERT_RTNL(); |
3637 |
-+ list_add_tail_rcu(&q->list, &root->list); |
3638 |
- } |
3639 |
- } |
3640 |
- EXPORT_SYMBOL(qdisc_list_add); |
3641 |
- |
3642 |
- void qdisc_list_del(struct Qdisc *q) |
3643 |
- { |
3644 |
-- if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) |
3645 |
-- list_del(&q->list); |
3646 |
-+ if ((q->parent != TC_H_ROOT) && !(q->flags & TCQ_F_INGRESS)) { |
3647 |
-+ ASSERT_RTNL(); |
3648 |
-+ list_del_rcu(&q->list); |
3649 |
-+ } |
3650 |
- } |
3651 |
- EXPORT_SYMBOL(qdisc_list_del); |
3652 |
- |
3653 |
-@@ -750,14 +754,18 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n) |
3654 |
- if (n == 0) |
3655 |
- return; |
3656 |
- drops = max_t(int, n, 0); |
3657 |
-+ rcu_read_lock(); |
3658 |
- while ((parentid = sch->parent)) { |
3659 |
- if (TC_H_MAJ(parentid) == TC_H_MAJ(TC_H_INGRESS)) |
3660 |
-- return; |
3661 |
-+ break; |
3662 |
- |
3663 |
-+ if (sch->flags & TCQ_F_NOPARENT) |
3664 |
-+ break; |
3665 |
-+ /* TODO: perform the search on a per txq basis */ |
3666 |
- sch = qdisc_lookup(qdisc_dev(sch), TC_H_MAJ(parentid)); |
3667 |
- if (sch == NULL) { |
3668 |
-- WARN_ON(parentid != TC_H_ROOT); |
3669 |
-- return; |
3670 |
-+ WARN_ON_ONCE(parentid != TC_H_ROOT); |
3671 |
-+ break; |
3672 |
- } |
3673 |
- cops = sch->ops->cl_ops; |
3674 |
- if (cops->qlen_notify) { |
3675 |
-@@ -768,6 +776,7 @@ void qdisc_tree_decrease_qlen(struct Qdisc *sch, unsigned int n) |
3676 |
- sch->q.qlen -= n; |
3677 |
- __qdisc_qstats_drop(sch, drops); |
3678 |
- } |
3679 |
-+ rcu_read_unlock(); |
3680 |
- } |
3681 |
- EXPORT_SYMBOL(qdisc_tree_decrease_qlen); |
3682 |
- |
3683 |
-@@ -941,7 +950,7 @@ qdisc_create(struct net_device *dev, struct netdev_queue *dev_queue, |
3684 |
- } |
3685 |
- lockdep_set_class(qdisc_lock(sch), &qdisc_tx_lock); |
3686 |
- if (!netif_is_multiqueue(dev)) |
3687 |
-- sch->flags |= TCQ_F_ONETXQUEUE; |
3688 |
-+ sch->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; |
3689 |
- } |
3690 |
- |
3691 |
- sch->handle = handle; |
3692 |
-diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c |
3693 |
-index cb5d4ad..e82a1ad 100644 |
3694 |
---- a/net/sched/sch_generic.c |
3695 |
-+++ b/net/sched/sch_generic.c |
3696 |
-@@ -737,7 +737,7 @@ static void attach_one_default_qdisc(struct net_device *dev, |
3697 |
- return; |
3698 |
- } |
3699 |
- if (!netif_is_multiqueue(dev)) |
3700 |
-- qdisc->flags |= TCQ_F_ONETXQUEUE; |
3701 |
-+ qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; |
3702 |
- dev_queue->qdisc_sleeping = qdisc; |
3703 |
- } |
3704 |
- |
3705 |
-diff --git a/net/sched/sch_mq.c b/net/sched/sch_mq.c |
3706 |
-index f3cbaec..3e82f04 100644 |
3707 |
---- a/net/sched/sch_mq.c |
3708 |
-+++ b/net/sched/sch_mq.c |
3709 |
-@@ -63,7 +63,7 @@ static int mq_init(struct Qdisc *sch, struct nlattr *opt) |
3710 |
- if (qdisc == NULL) |
3711 |
- goto err; |
3712 |
- priv->qdiscs[ntx] = qdisc; |
3713 |
-- qdisc->flags |= TCQ_F_ONETXQUEUE; |
3714 |
-+ qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; |
3715 |
- } |
3716 |
- |
3717 |
- sch->flags |= TCQ_F_MQROOT; |
3718 |
-@@ -156,7 +156,7 @@ static int mq_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new, |
3719 |
- |
3720 |
- *old = dev_graft_qdisc(dev_queue, new); |
3721 |
- if (new) |
3722 |
-- new->flags |= TCQ_F_ONETXQUEUE; |
3723 |
-+ new->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; |
3724 |
- if (dev->flags & IFF_UP) |
3725 |
- dev_activate(dev); |
3726 |
- return 0; |
3727 |
-diff --git a/net/sched/sch_mqprio.c b/net/sched/sch_mqprio.c |
3728 |
-index 3811a74..ad70ecf 100644 |
3729 |
---- a/net/sched/sch_mqprio.c |
3730 |
-+++ b/net/sched/sch_mqprio.c |
3731 |
-@@ -132,7 +132,7 @@ static int mqprio_init(struct Qdisc *sch, struct nlattr *opt) |
3732 |
- goto err; |
3733 |
- } |
3734 |
- priv->qdiscs[i] = qdisc; |
3735 |
-- qdisc->flags |= TCQ_F_ONETXQUEUE; |
3736 |
-+ qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; |
3737 |
- } |
3738 |
- |
3739 |
- /* If the mqprio options indicate that hardware should own |
3740 |
-@@ -209,7 +209,7 @@ static int mqprio_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new, |
3741 |
- *old = dev_graft_qdisc(dev_queue, new); |
3742 |
- |
3743 |
- if (new) |
3744 |
-- new->flags |= TCQ_F_ONETXQUEUE; |
3745 |
-+ new->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT; |
3746 |
- |
3747 |
- if (dev->flags & IFF_UP) |
3748 |
- dev_activate(dev); |
3749 |
-diff --git a/net/sctp/auth.c b/net/sctp/auth.c |
3750 |
-index 4f15b7d..1543e39 100644 |
3751 |
---- a/net/sctp/auth.c |
3752 |
-+++ b/net/sctp/auth.c |
3753 |
-@@ -809,8 +809,8 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep, |
3754 |
- if (!has_sha1) |
3755 |
- return -EINVAL; |
3756 |
- |
3757 |
-- memcpy(ep->auth_hmacs_list->hmac_ids, &hmacs->shmac_idents[0], |
3758 |
-- hmacs->shmac_num_idents * sizeof(__u16)); |
3759 |
-+ for (i = 0; i < hmacs->shmac_num_idents; i++) |
3760 |
-+ ep->auth_hmacs_list->hmac_ids[i] = htons(hmacs->shmac_idents[i]); |
3761 |
- ep->auth_hmacs_list->param_hdr.length = htons(sizeof(sctp_paramhdr_t) + |
3762 |
- hmacs->shmac_num_idents * sizeof(__u16)); |
3763 |
- return 0; |
3764 |
-diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
3765 |
-index 17bef01..3ec88be 100644 |
3766 |
---- a/net/sctp/socket.c |
3767 |
-+++ b/net/sctp/socket.c |
3768 |
-@@ -7375,6 +7375,13 @@ struct proto sctp_prot = { |
3769 |
- |
3770 |
- #if IS_ENABLED(CONFIG_IPV6) |
3771 |
- |
3772 |
-+#include <net/transp_v6.h> |
3773 |
-+static void sctp_v6_destroy_sock(struct sock *sk) |
3774 |
-+{ |
3775 |
-+ sctp_destroy_sock(sk); |
3776 |
-+ inet6_destroy_sock(sk); |
3777 |
-+} |
3778 |
-+ |
3779 |
- struct proto sctpv6_prot = { |
3780 |
- .name = "SCTPv6", |
3781 |
- .owner = THIS_MODULE, |
3782 |
-@@ -7384,7 +7391,7 @@ struct proto sctpv6_prot = { |
3783 |
- .accept = sctp_accept, |
3784 |
- .ioctl = sctp_ioctl, |
3785 |
- .init = sctp_init_sock, |
3786 |
-- .destroy = sctp_destroy_sock, |
3787 |
-+ .destroy = sctp_v6_destroy_sock, |
3788 |
- .shutdown = sctp_shutdown, |
3789 |
- .setsockopt = sctp_setsockopt, |
3790 |
- .getsockopt = sctp_getsockopt, |
3791 |
-diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c |
3792 |
-index cd7c5f1..86f2e7c 100644 |
3793 |
---- a/net/tipc/udp_media.c |
3794 |
-+++ b/net/tipc/udp_media.c |
3795 |
-@@ -159,8 +159,11 @@ static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb, |
3796 |
- struct sk_buff *clone; |
3797 |
- struct rtable *rt; |
3798 |
- |
3799 |
-- if (skb_headroom(skb) < UDP_MIN_HEADROOM) |
3800 |
-- pskb_expand_head(skb, UDP_MIN_HEADROOM, 0, GFP_ATOMIC); |
3801 |
-+ if (skb_headroom(skb) < UDP_MIN_HEADROOM) { |
3802 |
-+ err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0, GFP_ATOMIC); |
3803 |
-+ if (err) |
3804 |
-+ goto tx_error; |
3805 |
-+ } |
3806 |
- |
3807 |
- clone = skb_clone(skb, GFP_ATOMIC); |
3808 |
- skb_set_inner_protocol(clone, htons(ETH_P_TIPC)); |
3809 |
-diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
3810 |
-index 94f6582..128b098 100644 |
3811 |
---- a/net/unix/af_unix.c |
3812 |
-+++ b/net/unix/af_unix.c |
3813 |
-@@ -326,6 +326,118 @@ found: |
3814 |
- return s; |
3815 |
- } |
3816 |
- |
3817 |
-+/* Support code for asymmetrically connected dgram sockets |
3818 |
-+ * |
3819 |
-+ * If a datagram socket is connected to a socket not itself connected |
3820 |
-+ * to the first socket (eg, /dev/log), clients may only enqueue more |
3821 |
-+ * messages if the present receive queue of the server socket is not |
3822 |
-+ * "too large". This means there's a second writeability condition |
3823 |
-+ * poll and sendmsg need to test. The dgram recv code will do a wake |
3824 |
-+ * up on the peer_wait wait queue of a socket upon reception of a |
3825 |
-+ * datagram which needs to be propagated to sleeping would-be writers |
3826 |
-+ * since these might not have sent anything so far. This can't be |
3827 |
-+ * accomplished via poll_wait because the lifetime of the server |
3828 |
-+ * socket might be less than that of its clients if these break their |
3829 |
-+ * association with it or if the server socket is closed while clients |
3830 |
-+ * are still connected to it and there's no way to inform "a polling |
3831 |
-+ * implementation" that it should let go of a certain wait queue |
3832 |
-+ * |
3833 |
-+ * In order to propagate a wake up, a wait_queue_t of the client |
3834 |
-+ * socket is enqueued on the peer_wait queue of the server socket |
3835 |
-+ * whose wake function does a wake_up on the ordinary client socket |
3836 |
-+ * wait queue. This connection is established whenever a write (or |
3837 |
-+ * poll for write) hit the flow control condition and broken when the |
3838 |
-+ * association to the server socket is dissolved or after a wake up |
3839 |
-+ * was relayed. |
3840 |
-+ */ |
3841 |
-+ |
3842 |
-+static int unix_dgram_peer_wake_relay(wait_queue_t *q, unsigned mode, int flags, |
3843 |
-+ void *key) |
3844 |
-+{ |
3845 |
-+ struct unix_sock *u; |
3846 |
-+ wait_queue_head_t *u_sleep; |
3847 |
-+ |
3848 |
-+ u = container_of(q, struct unix_sock, peer_wake); |
3849 |
-+ |
3850 |
-+ __remove_wait_queue(&unix_sk(u->peer_wake.private)->peer_wait, |
3851 |
-+ q); |
3852 |
-+ u->peer_wake.private = NULL; |
3853 |
-+ |
3854 |
-+ /* relaying can only happen while the wq still exists */ |
3855 |
-+ u_sleep = sk_sleep(&u->sk); |
3856 |
-+ if (u_sleep) |
3857 |
-+ wake_up_interruptible_poll(u_sleep, key); |
3858 |
-+ |
3859 |
-+ return 0; |
3860 |
-+} |
3861 |
-+ |
3862 |
-+static int unix_dgram_peer_wake_connect(struct sock *sk, struct sock *other) |
3863 |
-+{ |
3864 |
-+ struct unix_sock *u, *u_other; |
3865 |
-+ int rc; |
3866 |
-+ |
3867 |
-+ u = unix_sk(sk); |
3868 |
-+ u_other = unix_sk(other); |
3869 |
-+ rc = 0; |
3870 |
-+ spin_lock(&u_other->peer_wait.lock); |
3871 |
-+ |
3872 |
-+ if (!u->peer_wake.private) { |
3873 |
-+ u->peer_wake.private = other; |
3874 |
-+ __add_wait_queue(&u_other->peer_wait, &u->peer_wake); |
3875 |
-+ |
3876 |
-+ rc = 1; |
3877 |
-+ } |
3878 |
-+ |
3879 |
-+ spin_unlock(&u_other->peer_wait.lock); |
3880 |
-+ return rc; |
3881 |
-+} |
3882 |
-+ |
3883 |
-+static void unix_dgram_peer_wake_disconnect(struct sock *sk, |
3884 |
-+ struct sock *other) |
3885 |
-+{ |
3886 |
-+ struct unix_sock *u, *u_other; |
3887 |
-+ |
3888 |
-+ u = unix_sk(sk); |
3889 |
-+ u_other = unix_sk(other); |
3890 |
-+ spin_lock(&u_other->peer_wait.lock); |
3891 |
-+ |
3892 |
-+ if (u->peer_wake.private == other) { |
3893 |
-+ __remove_wait_queue(&u_other->peer_wait, &u->peer_wake); |
3894 |
-+ u->peer_wake.private = NULL; |
3895 |
-+ } |
3896 |
-+ |
3897 |
-+ spin_unlock(&u_other->peer_wait.lock); |
3898 |
-+} |
3899 |
-+ |
3900 |
-+static void unix_dgram_peer_wake_disconnect_wakeup(struct sock *sk, |
3901 |
-+ struct sock *other) |
3902 |
-+{ |
3903 |
-+ unix_dgram_peer_wake_disconnect(sk, other); |
3904 |
-+ wake_up_interruptible_poll(sk_sleep(sk), |
3905 |
-+ POLLOUT | |
3906 |
-+ POLLWRNORM | |
3907 |
-+ POLLWRBAND); |
3908 |
-+} |
3909 |
-+ |
3910 |
-+/* preconditions: |
3911 |
-+ * - unix_peer(sk) == other |
3912 |
-+ * - association is stable |
3913 |
-+ */ |
3914 |
-+static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other) |
3915 |
-+{ |
3916 |
-+ int connected; |
3917 |
-+ |
3918 |
-+ connected = unix_dgram_peer_wake_connect(sk, other); |
3919 |
-+ |
3920 |
-+ if (unix_recvq_full(other)) |
3921 |
-+ return 1; |
3922 |
-+ |
3923 |
-+ if (connected) |
3924 |
-+ unix_dgram_peer_wake_disconnect(sk, other); |
3925 |
-+ |
3926 |
-+ return 0; |
3927 |
-+} |
3928 |
-+ |
3929 |
- static inline int unix_writable(struct sock *sk) |
3930 |
- { |
3931 |
- return (atomic_read(&sk->sk_wmem_alloc) << 2) <= sk->sk_sndbuf; |
3932 |
-@@ -430,6 +542,8 @@ static void unix_release_sock(struct sock *sk, int embrion) |
3933 |
- skpair->sk_state_change(skpair); |
3934 |
- sk_wake_async(skpair, SOCK_WAKE_WAITD, POLL_HUP); |
3935 |
- } |
3936 |
-+ |
3937 |
-+ unix_dgram_peer_wake_disconnect(sk, skpair); |
3938 |
- sock_put(skpair); /* It may now die */ |
3939 |
- unix_peer(sk) = NULL; |
3940 |
- } |
3941 |
-@@ -440,6 +554,7 @@ static void unix_release_sock(struct sock *sk, int embrion) |
3942 |
- if (state == TCP_LISTEN) |
3943 |
- unix_release_sock(skb->sk, 1); |
3944 |
- /* passed fds are erased in the kfree_skb hook */ |
3945 |
-+ UNIXCB(skb).consumed = skb->len; |
3946 |
- kfree_skb(skb); |
3947 |
- } |
3948 |
- |
3949 |
-@@ -664,6 +779,7 @@ static struct sock *unix_create1(struct net *net, struct socket *sock, int kern) |
3950 |
- INIT_LIST_HEAD(&u->link); |
3951 |
- mutex_init(&u->readlock); /* single task reading lock */ |
3952 |
- init_waitqueue_head(&u->peer_wait); |
3953 |
-+ init_waitqueue_func_entry(&u->peer_wake, unix_dgram_peer_wake_relay); |
3954 |
- unix_insert_socket(unix_sockets_unbound(sk), sk); |
3955 |
- out: |
3956 |
- if (sk == NULL) |
3957 |
-@@ -1031,6 +1147,8 @@ restart: |
3958 |
- if (unix_peer(sk)) { |
3959 |
- struct sock *old_peer = unix_peer(sk); |
3960 |
- unix_peer(sk) = other; |
3961 |
-+ unix_dgram_peer_wake_disconnect_wakeup(sk, old_peer); |
3962 |
-+ |
3963 |
- unix_state_double_unlock(sk, other); |
3964 |
- |
3965 |
- if (other != old_peer) |
3966 |
-@@ -1432,6 +1550,14 @@ static int unix_scm_to_skb(struct scm_cookie *scm, struct sk_buff *skb, bool sen |
3967 |
- return err; |
3968 |
- } |
3969 |
- |
3970 |
-+static bool unix_passcred_enabled(const struct socket *sock, |
3971 |
-+ const struct sock *other) |
3972 |
-+{ |
3973 |
-+ return test_bit(SOCK_PASSCRED, &sock->flags) || |
3974 |
-+ !other->sk_socket || |
3975 |
-+ test_bit(SOCK_PASSCRED, &other->sk_socket->flags); |
3976 |
-+} |
3977 |
-+ |
3978 |
- /* |
3979 |
- * Some apps rely on write() giving SCM_CREDENTIALS |
3980 |
- * We include credentials if source or destination socket |
3981 |
-@@ -1442,14 +1568,41 @@ static void maybe_add_creds(struct sk_buff *skb, const struct socket *sock, |
3982 |
- { |
3983 |
- if (UNIXCB(skb).pid) |
3984 |
- return; |
3985 |
-- if (test_bit(SOCK_PASSCRED, &sock->flags) || |
3986 |
-- !other->sk_socket || |
3987 |
-- test_bit(SOCK_PASSCRED, &other->sk_socket->flags)) { |
3988 |
-+ if (unix_passcred_enabled(sock, other)) { |
3989 |
- UNIXCB(skb).pid = get_pid(task_tgid(current)); |
3990 |
- current_uid_gid(&UNIXCB(skb).uid, &UNIXCB(skb).gid); |
3991 |
- } |
3992 |
- } |
3993 |
- |
3994 |
-+static int maybe_init_creds(struct scm_cookie *scm, |
3995 |
-+ struct socket *socket, |
3996 |
-+ const struct sock *other) |
3997 |
-+{ |
3998 |
-+ int err; |
3999 |
-+ struct msghdr msg = { .msg_controllen = 0 }; |
4000 |
-+ |
4001 |
-+ err = scm_send(socket, &msg, scm, false); |
4002 |
-+ if (err) |
4003 |
-+ return err; |
4004 |
-+ |
4005 |
-+ if (unix_passcred_enabled(socket, other)) { |
4006 |
-+ scm->pid = get_pid(task_tgid(current)); |
4007 |
-+ current_uid_gid(&scm->creds.uid, &scm->creds.gid); |
4008 |
-+ } |
4009 |
-+ return err; |
4010 |
-+} |
4011 |
-+ |
4012 |
-+static bool unix_skb_scm_eq(struct sk_buff *skb, |
4013 |
-+ struct scm_cookie *scm) |
4014 |
-+{ |
4015 |
-+ const struct unix_skb_parms *u = &UNIXCB(skb); |
4016 |
-+ |
4017 |
-+ return u->pid == scm->pid && |
4018 |
-+ uid_eq(u->uid, scm->creds.uid) && |
4019 |
-+ gid_eq(u->gid, scm->creds.gid) && |
4020 |
-+ unix_secdata_eq(scm, skb); |
4021 |
-+} |
4022 |
-+ |
4023 |
- /* |
4024 |
- * Send AF_UNIX data. |
4025 |
- */ |
4026 |
-@@ -1470,6 +1623,7 @@ static int unix_dgram_sendmsg(struct socket *sock, struct msghdr *msg, |
4027 |
- struct scm_cookie scm; |
4028 |
- int max_level; |
4029 |
- int data_len = 0; |
4030 |
-+ int sk_locked; |
4031 |
- |
4032 |
- wait_for_unix_gc(); |
4033 |
- err = scm_send(sock, msg, &scm, false); |
4034 |
-@@ -1548,12 +1702,14 @@ restart: |
4035 |
- goto out_free; |
4036 |
- } |
4037 |
- |
4038 |
-+ sk_locked = 0; |
4039 |
- unix_state_lock(other); |
4040 |
-+restart_locked: |
4041 |
- err = -EPERM; |
4042 |
- if (!unix_may_send(sk, other)) |
4043 |
- goto out_unlock; |
4044 |
- |
4045 |
-- if (sock_flag(other, SOCK_DEAD)) { |
4046 |
-+ if (unlikely(sock_flag(other, SOCK_DEAD))) { |
4047 |
- /* |
4048 |
- * Check with 1003.1g - what should |
4049 |
- * datagram error |
4050 |
-@@ -1561,10 +1717,14 @@ restart: |
4051 |
- unix_state_unlock(other); |
4052 |
- sock_put(other); |
4053 |
- |
4054 |
-+ if (!sk_locked) |
4055 |
-+ unix_state_lock(sk); |
4056 |
-+ |
4057 |
- err = 0; |
4058 |
-- unix_state_lock(sk); |
4059 |
- if (unix_peer(sk) == other) { |
4060 |
- unix_peer(sk) = NULL; |
4061 |
-+ unix_dgram_peer_wake_disconnect_wakeup(sk, other); |
4062 |
-+ |
4063 |
- unix_state_unlock(sk); |
4064 |
- |
4065 |
- unix_dgram_disconnected(sk, other); |
4066 |
-@@ -1590,21 +1750,38 @@ restart: |
4067 |
- goto out_unlock; |
4068 |
- } |
4069 |
- |
4070 |
-- if (unix_peer(other) != sk && unix_recvq_full(other)) { |
4071 |
-- if (!timeo) { |
4072 |
-- err = -EAGAIN; |
4073 |
-- goto out_unlock; |
4074 |
-+ if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { |
4075 |
-+ if (timeo) { |
4076 |
-+ timeo = unix_wait_for_peer(other, timeo); |
4077 |
-+ |
4078 |
-+ err = sock_intr_errno(timeo); |
4079 |
-+ if (signal_pending(current)) |
4080 |
-+ goto out_free; |
4081 |
-+ |
4082 |
-+ goto restart; |
4083 |
- } |
4084 |
- |
4085 |
-- timeo = unix_wait_for_peer(other, timeo); |
4086 |
-+ if (!sk_locked) { |
4087 |
-+ unix_state_unlock(other); |
4088 |
-+ unix_state_double_lock(sk, other); |
4089 |
-+ } |
4090 |
- |
4091 |
-- err = sock_intr_errno(timeo); |
4092 |
-- if (signal_pending(current)) |
4093 |
-- goto out_free; |
4094 |
-+ if (unix_peer(sk) != other || |
4095 |
-+ unix_dgram_peer_wake_me(sk, other)) { |
4096 |
-+ err = -EAGAIN; |
4097 |
-+ sk_locked = 1; |
4098 |
-+ goto out_unlock; |
4099 |
-+ } |
4100 |
- |
4101 |
-- goto restart; |
4102 |
-+ if (!sk_locked) { |
4103 |
-+ sk_locked = 1; |
4104 |
-+ goto restart_locked; |
4105 |
-+ } |
4106 |
- } |
4107 |
- |
4108 |
-+ if (unlikely(sk_locked)) |
4109 |
-+ unix_state_unlock(sk); |
4110 |
-+ |
4111 |
- if (sock_flag(other, SOCK_RCVTSTAMP)) |
4112 |
- __net_timestamp(skb); |
4113 |
- maybe_add_creds(skb, sock, other); |
4114 |
-@@ -1618,6 +1795,8 @@ restart: |
4115 |
- return len; |
4116 |
- |
4117 |
- out_unlock: |
4118 |
-+ if (sk_locked) |
4119 |
-+ unix_state_unlock(sk); |
4120 |
- unix_state_unlock(other); |
4121 |
- out_free: |
4122 |
- kfree_skb(skb); |
4123 |
-@@ -1739,8 +1918,10 @@ out_err: |
4124 |
- static ssize_t unix_stream_sendpage(struct socket *socket, struct page *page, |
4125 |
- int offset, size_t size, int flags) |
4126 |
- { |
4127 |
-- int err = 0; |
4128 |
-- bool send_sigpipe = true; |
4129 |
-+ int err; |
4130 |
-+ bool send_sigpipe = false; |
4131 |
-+ bool init_scm = true; |
4132 |
-+ struct scm_cookie scm; |
4133 |
- struct sock *other, *sk = socket->sk; |
4134 |
- struct sk_buff *skb, *newskb = NULL, *tail = NULL; |
4135 |
- |
4136 |
-@@ -1758,7 +1939,7 @@ alloc_skb: |
4137 |
- newskb = sock_alloc_send_pskb(sk, 0, 0, flags & MSG_DONTWAIT, |
4138 |
- &err, 0); |
4139 |
- if (!newskb) |
4140 |
-- return err; |
4141 |
-+ goto err; |
4142 |
- } |
4143 |
- |
4144 |
- /* we must acquire readlock as we modify already present |
4145 |
-@@ -1767,12 +1948,12 @@ alloc_skb: |
4146 |
- err = mutex_lock_interruptible(&unix_sk(other)->readlock); |
4147 |
- if (err) { |
4148 |
- err = flags & MSG_DONTWAIT ? -EAGAIN : -ERESTARTSYS; |
4149 |
-- send_sigpipe = false; |
4150 |
- goto err; |
4151 |
- } |
4152 |
- |
4153 |
- if (sk->sk_shutdown & SEND_SHUTDOWN) { |
4154 |
- err = -EPIPE; |
4155 |
-+ send_sigpipe = true; |
4156 |
- goto err_unlock; |
4157 |
- } |
4158 |
- |
4159 |
-@@ -1781,23 +1962,34 @@ alloc_skb: |
4160 |
- if (sock_flag(other, SOCK_DEAD) || |
4161 |
- other->sk_shutdown & RCV_SHUTDOWN) { |
4162 |
- err = -EPIPE; |
4163 |
-+ send_sigpipe = true; |
4164 |
- goto err_state_unlock; |
4165 |
- } |
4166 |
- |
4167 |
-+ if (init_scm) { |
4168 |
-+ err = maybe_init_creds(&scm, socket, other); |
4169 |
-+ if (err) |
4170 |
-+ goto err_state_unlock; |
4171 |
-+ init_scm = false; |
4172 |
-+ } |
4173 |
-+ |
4174 |
- skb = skb_peek_tail(&other->sk_receive_queue); |
4175 |
- if (tail && tail == skb) { |
4176 |
- skb = newskb; |
4177 |
-- } else if (!skb) { |
4178 |
-- if (newskb) |
4179 |
-+ } else if (!skb || !unix_skb_scm_eq(skb, &scm)) { |
4180 |
-+ if (newskb) { |
4181 |
- skb = newskb; |
4182 |
-- else |
4183 |
-+ } else { |
4184 |
-+ tail = skb; |
4185 |
- goto alloc_skb; |
4186 |
-+ } |
4187 |
- } else if (newskb) { |
4188 |
- /* this is fast path, we don't necessarily need to |
4189 |
- * call to kfree_skb even though with newskb == NULL |
4190 |
- * this - does no harm |
4191 |
- */ |
4192 |
- consume_skb(newskb); |
4193 |
-+ newskb = NULL; |
4194 |
- } |
4195 |
- |
4196 |
- if (skb_append_pagefrags(skb, page, offset, size)) { |
4197 |
-@@ -1810,14 +2002,20 @@ alloc_skb: |
4198 |
- skb->truesize += size; |
4199 |
- atomic_add(size, &sk->sk_wmem_alloc); |
4200 |
- |
4201 |
-- if (newskb) |
4202 |
-+ if (newskb) { |
4203 |
-+ err = unix_scm_to_skb(&scm, skb, false); |
4204 |
-+ if (err) |
4205 |
-+ goto err_state_unlock; |
4206 |
-+ spin_lock(&other->sk_receive_queue.lock); |
4207 |
- __skb_queue_tail(&other->sk_receive_queue, newskb); |
4208 |
-+ spin_unlock(&other->sk_receive_queue.lock); |
4209 |
-+ } |
4210 |
- |
4211 |
- unix_state_unlock(other); |
4212 |
- mutex_unlock(&unix_sk(other)->readlock); |
4213 |
- |
4214 |
- other->sk_data_ready(other); |
4215 |
-- |
4216 |
-+ scm_destroy(&scm); |
4217 |
- return size; |
4218 |
- |
4219 |
- err_state_unlock: |
4220 |
-@@ -1828,6 +2026,8 @@ err: |
4221 |
- kfree_skb(newskb); |
4222 |
- if (send_sigpipe && !(flags & MSG_NOSIGNAL)) |
4223 |
- send_sig(SIGPIPE, current, 0); |
4224 |
-+ if (!init_scm) |
4225 |
-+ scm_destroy(&scm); |
4226 |
- return err; |
4227 |
- } |
4228 |
- |
4229 |
-@@ -2071,6 +2271,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) |
4230 |
- |
4231 |
- do { |
4232 |
- int chunk; |
4233 |
-+ bool drop_skb; |
4234 |
- struct sk_buff *skb, *last; |
4235 |
- |
4236 |
- unix_state_lock(sk); |
4237 |
-@@ -2130,10 +2331,7 @@ unlock: |
4238 |
- |
4239 |
- if (check_creds) { |
4240 |
- /* Never glue messages from different writers */ |
4241 |
-- if ((UNIXCB(skb).pid != scm.pid) || |
4242 |
-- !uid_eq(UNIXCB(skb).uid, scm.creds.uid) || |
4243 |
-- !gid_eq(UNIXCB(skb).gid, scm.creds.gid) || |
4244 |
-- !unix_secdata_eq(&scm, skb)) |
4245 |
-+ if (!unix_skb_scm_eq(skb, &scm)) |
4246 |
- break; |
4247 |
- } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { |
4248 |
- /* Copy credentials */ |
4249 |
-@@ -2151,7 +2349,11 @@ unlock: |
4250 |
- } |
4251 |
- |
4252 |
- chunk = min_t(unsigned int, unix_skb_len(skb) - skip, size); |
4253 |
-+ skb_get(skb); |
4254 |
- chunk = state->recv_actor(skb, skip, chunk, state); |
4255 |
-+ drop_skb = !unix_skb_len(skb); |
4256 |
-+ /* skb is only safe to use if !drop_skb */ |
4257 |
-+ consume_skb(skb); |
4258 |
- if (chunk < 0) { |
4259 |
- if (copied == 0) |
4260 |
- copied = -EFAULT; |
4261 |
-@@ -2160,6 +2362,18 @@ unlock: |
4262 |
- copied += chunk; |
4263 |
- size -= chunk; |
4264 |
- |
4265 |
-+ if (drop_skb) { |
4266 |
-+ /* the skb was touched by a concurrent reader; |
4267 |
-+ * we should not expect anything from this skb |
4268 |
-+ * anymore and assume it invalid - we can be |
4269 |
-+ * sure it was dropped from the socket queue |
4270 |
-+ * |
4271 |
-+ * let's report a short read |
4272 |
-+ */ |
4273 |
-+ err = 0; |
4274 |
-+ break; |
4275 |
-+ } |
4276 |
-+ |
4277 |
- /* Mark read part of skb as used */ |
4278 |
- if (!(flags & MSG_PEEK)) { |
4279 |
- UNIXCB(skb).consumed += chunk; |
4280 |
-@@ -2453,14 +2667,16 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, |
4281 |
- return mask; |
4282 |
- |
4283 |
- writable = unix_writable(sk); |
4284 |
-- other = unix_peer_get(sk); |
4285 |
-- if (other) { |
4286 |
-- if (unix_peer(other) != sk) { |
4287 |
-- sock_poll_wait(file, &unix_sk(other)->peer_wait, wait); |
4288 |
-- if (unix_recvq_full(other)) |
4289 |
-- writable = 0; |
4290 |
-- } |
4291 |
-- sock_put(other); |
4292 |
-+ if (writable) { |
4293 |
-+ unix_state_lock(sk); |
4294 |
-+ |
4295 |
-+ other = unix_peer(sk); |
4296 |
-+ if (other && unix_peer(other) != sk && |
4297 |
-+ unix_recvq_full(other) && |
4298 |
-+ unix_dgram_peer_wake_me(sk, other)) |
4299 |
-+ writable = 0; |
4300 |
-+ |
4301 |
-+ unix_state_unlock(sk); |
4302 |
- } |
4303 |
- |
4304 |
- if (writable) |
4305 |
-diff --git a/sound/pci/Kconfig b/sound/pci/Kconfig |
4306 |
-index edfc1b8..656ce39 100644 |
4307 |
---- a/sound/pci/Kconfig |
4308 |
-+++ b/sound/pci/Kconfig |
4309 |
-@@ -25,7 +25,7 @@ config SND_ALS300 |
4310 |
- select SND_PCM |
4311 |
- select SND_AC97_CODEC |
4312 |
- select SND_OPL3_LIB |
4313 |
-- select ZONE_DMA |
4314 |
-+ depends on ZONE_DMA |
4315 |
- help |
4316 |
- Say 'Y' or 'M' to include support for Avance Logic ALS300/ALS300+ |
4317 |
- |
4318 |
-@@ -50,7 +50,7 @@ config SND_ALI5451 |
4319 |
- tristate "ALi M5451 PCI Audio Controller" |
4320 |
- select SND_MPU401_UART |
4321 |
- select SND_AC97_CODEC |
4322 |
-- select ZONE_DMA |
4323 |
-+ depends on ZONE_DMA |
4324 |
- help |
4325 |
- Say Y here to include support for the integrated AC97 sound |
4326 |
- device on motherboards using the ALi M5451 Audio Controller |
4327 |
-@@ -155,7 +155,7 @@ config SND_AZT3328 |
4328 |
- select SND_PCM |
4329 |
- select SND_RAWMIDI |
4330 |
- select SND_AC97_CODEC |
4331 |
-- select ZONE_DMA |
4332 |
-+ depends on ZONE_DMA |
4333 |
- help |
4334 |
- Say Y here to include support for Aztech AZF3328 (PCI168) |
4335 |
- soundcards. |
4336 |
-@@ -463,7 +463,7 @@ config SND_EMU10K1 |
4337 |
- select SND_HWDEP |
4338 |
- select SND_RAWMIDI |
4339 |
- select SND_AC97_CODEC |
4340 |
-- select ZONE_DMA |
4341 |
-+ depends on ZONE_DMA |
4342 |
- help |
4343 |
- Say Y to include support for Sound Blaster PCI 512, Live!, |
4344 |
- Audigy and E-mu APS (partially supported) soundcards. |
4345 |
-@@ -479,7 +479,7 @@ config SND_EMU10K1X |
4346 |
- tristate "Emu10k1X (Dell OEM Version)" |
4347 |
- select SND_AC97_CODEC |
4348 |
- select SND_RAWMIDI |
4349 |
-- select ZONE_DMA |
4350 |
-+ depends on ZONE_DMA |
4351 |
- help |
4352 |
- Say Y here to include support for the Dell OEM version of the |
4353 |
- Sound Blaster Live!. |
4354 |
-@@ -513,7 +513,7 @@ config SND_ES1938 |
4355 |
- select SND_OPL3_LIB |
4356 |
- select SND_MPU401_UART |
4357 |
- select SND_AC97_CODEC |
4358 |
-- select ZONE_DMA |
4359 |
-+ depends on ZONE_DMA |
4360 |
- help |
4361 |
- Say Y here to include support for soundcards based on ESS Solo-1 |
4362 |
- (ES1938, ES1946, ES1969) chips. |
4363 |
-@@ -525,7 +525,7 @@ config SND_ES1968 |
4364 |
- tristate "ESS ES1968/1978 (Maestro-1/2/2E)" |
4365 |
- select SND_MPU401_UART |
4366 |
- select SND_AC97_CODEC |
4367 |
-- select ZONE_DMA |
4368 |
-+ depends on ZONE_DMA |
4369 |
- help |
4370 |
- Say Y here to include support for soundcards based on ESS Maestro |
4371 |
- 1/2/2E chips. |
4372 |
-@@ -612,7 +612,7 @@ config SND_ICE1712 |
4373 |
- select SND_MPU401_UART |
4374 |
- select SND_AC97_CODEC |
4375 |
- select BITREVERSE |
4376 |
-- select ZONE_DMA |
4377 |
-+ depends on ZONE_DMA |
4378 |
- help |
4379 |
- Say Y here to include support for soundcards based on the |
4380 |
- ICE1712 (Envy24) chip. |
4381 |
-@@ -700,7 +700,7 @@ config SND_LX6464ES |
4382 |
- config SND_MAESTRO3 |
4383 |
- tristate "ESS Allegro/Maestro3" |
4384 |
- select SND_AC97_CODEC |
4385 |
-- select ZONE_DMA |
4386 |
-+ depends on ZONE_DMA |
4387 |
- help |
4388 |
- Say Y here to include support for soundcards based on ESS Maestro 3 |
4389 |
- (Allegro) chips. |
4390 |
-@@ -806,7 +806,7 @@ config SND_SIS7019 |
4391 |
- tristate "SiS 7019 Audio Accelerator" |
4392 |
- depends on X86_32 |
4393 |
- select SND_AC97_CODEC |
4394 |
-- select ZONE_DMA |
4395 |
-+ depends on ZONE_DMA |
4396 |
- help |
4397 |
- Say Y here to include support for the SiS 7019 Audio Accelerator. |
4398 |
- |
4399 |
-@@ -818,7 +818,7 @@ config SND_SONICVIBES |
4400 |
- select SND_OPL3_LIB |
4401 |
- select SND_MPU401_UART |
4402 |
- select SND_AC97_CODEC |
4403 |
-- select ZONE_DMA |
4404 |
-+ depends on ZONE_DMA |
4405 |
- help |
4406 |
- Say Y here to include support for soundcards based on the S3 |
4407 |
- SonicVibes chip. |
4408 |
-@@ -830,7 +830,7 @@ config SND_TRIDENT |
4409 |
- tristate "Trident 4D-Wave DX/NX; SiS 7018" |
4410 |
- select SND_MPU401_UART |
4411 |
- select SND_AC97_CODEC |
4412 |
-- select ZONE_DMA |
4413 |
-+ depends on ZONE_DMA |
4414 |
- help |
4415 |
- Say Y here to include support for soundcards based on Trident |
4416 |
- 4D-Wave DX/NX or SiS 7018 chips. |
4417 |
-diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c |
4418 |
-index acbfbe08..f22f5c4 100644 |
4419 |
---- a/sound/pci/hda/patch_hdmi.c |
4420 |
-+++ b/sound/pci/hda/patch_hdmi.c |
4421 |
-@@ -50,8 +50,9 @@ MODULE_PARM_DESC(static_hdmi_pcm, "Don't restrict PCM parameters per ELD info"); |
4422 |
- #define is_haswell(codec) ((codec)->core.vendor_id == 0x80862807) |
4423 |
- #define is_broadwell(codec) ((codec)->core.vendor_id == 0x80862808) |
4424 |
- #define is_skylake(codec) ((codec)->core.vendor_id == 0x80862809) |
4425 |
-+#define is_broxton(codec) ((codec)->core.vendor_id == 0x8086280a) |
4426 |
- #define is_haswell_plus(codec) (is_haswell(codec) || is_broadwell(codec) \ |
4427 |
-- || is_skylake(codec)) |
4428 |
-+ || is_skylake(codec) || is_broxton(codec)) |
4429 |
- |
4430 |
- #define is_valleyview(codec) ((codec)->core.vendor_id == 0x80862882) |
4431 |
- #define is_cherryview(codec) ((codec)->core.vendor_id == 0x80862883) |
4432 |
-diff --git a/tools/net/Makefile b/tools/net/Makefile |
4433 |
-index ee577ea..ddf8880 100644 |
4434 |
---- a/tools/net/Makefile |
4435 |
-+++ b/tools/net/Makefile |
4436 |
-@@ -4,6 +4,9 @@ CC = gcc |
4437 |
- LEX = flex |
4438 |
- YACC = bison |
4439 |
- |
4440 |
-+CFLAGS += -Wall -O2 |
4441 |
-+CFLAGS += -D__EXPORTED_HEADERS__ -I../../include/uapi -I../../include |
4442 |
-+ |
4443 |
- %.yacc.c: %.y |
4444 |
- $(YACC) -o $@ -d $< |
4445 |
- |
4446 |
-@@ -12,15 +15,13 @@ YACC = bison |
4447 |
- |
4448 |
- all : bpf_jit_disasm bpf_dbg bpf_asm |
4449 |
- |
4450 |
--bpf_jit_disasm : CFLAGS = -Wall -O2 -DPACKAGE='bpf_jit_disasm' |
4451 |
-+bpf_jit_disasm : CFLAGS += -DPACKAGE='bpf_jit_disasm' |
4452 |
- bpf_jit_disasm : LDLIBS = -lopcodes -lbfd -ldl |
4453 |
- bpf_jit_disasm : bpf_jit_disasm.o |
4454 |
- |
4455 |
--bpf_dbg : CFLAGS = -Wall -O2 |
4456 |
- bpf_dbg : LDLIBS = -lreadline |
4457 |
- bpf_dbg : bpf_dbg.o |
4458 |
- |
4459 |
--bpf_asm : CFLAGS = -Wall -O2 -I. |
4460 |
- bpf_asm : LDLIBS = |
4461 |
- bpf_asm : bpf_asm.o bpf_exp.yacc.o bpf_exp.lex.o |
4462 |
- bpf_exp.lex.o : bpf_exp.yacc.c |
4463 |
|
4464 |
diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch |
4465 |
similarity index 99% |
4466 |
rename from 4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch |
4467 |
rename to 4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch |
4468 |
index 4b7bff5..2c1d2ad 100644 |
4469 |
--- a/4.3.3/4420_grsecurity-3.1-4.3.3-201512162141.patch |
4470 |
+++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch |
4471 |
@@ -313,7 +313,7 @@ index 13f888a..250729b 100644 |
4472 |
A typical pattern in a Kbuild file looks like this: |
4473 |
|
4474 |
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
4475 |
-index 22a4b68..8c70743 100644 |
4476 |
+index 22a4b68..0ec4c2a 100644 |
4477 |
--- a/Documentation/kernel-parameters.txt |
4478 |
+++ b/Documentation/kernel-parameters.txt |
4479 |
@@ -1246,6 +1246,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
4480 |
@@ -341,7 +341,7 @@ index 22a4b68..8c70743 100644 |
4481 |
nosmap [X86] |
4482 |
Disable SMAP (Supervisor Mode Access Prevention) |
4483 |
even if it is supported by processor. |
4484 |
-@@ -2677,6 +2688,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
4485 |
+@@ -2677,6 +2688,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
4486 |
the specified number of seconds. This is to be used if |
4487 |
your oopses keep scrolling off the screen. |
4488 |
|
4489 |
@@ -366,6 +366,11 @@ index 22a4b68..8c70743 100644 |
4490 |
+ from the first 4GB of memory as the bootmem allocator |
4491 |
+ passes the memory pages to the buddy allocator. |
4492 |
+ |
4493 |
++ pax_size_overflow_report_only |
4494 |
++ Enables rate-limited logging of size_overflow plugin |
4495 |
++ violations while disabling killing of the violating |
4496 |
++ task. |
4497 |
++ |
4498 |
+ pax_weakuderef [X86-64] enables the weaker but faster form of UDEREF |
4499 |
+ when the processor supports PCID. |
4500 |
+ |
4501 |
@@ -3811,7 +3816,7 @@ index 845769e..4278fd7 100644 |
4502 |
atomic64_set(&mm->context.id, asid); |
4503 |
} |
4504 |
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c |
4505 |
-index 0d629b8..01867c8 100644 |
4506 |
+index 0d629b8..f13ad33 100644 |
4507 |
--- a/arch/arm/mm/fault.c |
4508 |
+++ b/arch/arm/mm/fault.c |
4509 |
@@ -25,6 +25,7 @@ |
4510 |
@@ -3859,7 +3864,7 @@ index 0d629b8..01867c8 100644 |
4511 |
#endif |
4512 |
|
4513 |
+#ifdef CONFIG_PAX_PAGEEXEC |
4514 |
-+ if (fsr & FSR_LNX_PF) { |
4515 |
++ if ((tsk->mm->pax_flags & MF_PAX_PAGEEXEC) && (fsr & FSR_LNX_PF)) { |
4516 |
+ pax_report_fault(regs, (void *)regs->ARM_pc, (void *)regs->ARM_sp); |
4517 |
+ do_group_exit(SIGKILL); |
4518 |
+ } |
4519 |
@@ -32731,7 +32736,7 @@ index 903ec1e..41b4708 100644 |
4520 |
} |
4521 |
|
4522 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
4523 |
-index eef44d9..b0fb164 100644 |
4524 |
+index eef44d9..79b0e58 100644 |
4525 |
--- a/arch/x86/mm/fault.c |
4526 |
+++ b/arch/x86/mm/fault.c |
4527 |
@@ -14,6 +14,8 @@ |
4528 |
@@ -33203,7 +33208,7 @@ index eef44d9..b0fb164 100644 |
4529 |
+ |
4530 |
+#ifdef CONFIG_PAX_SEGMEXEC |
4531 |
+ if (mm->pax_flags & MF_PAX_SEGMEXEC) { |
4532 |
-+ if (!(error_code & (PF_PROT | PF_WRITE)) && (ip + SEGMEXEC_TASK_SIZE == address)) |
4533 |
++ if (!(error_code & (PF_PROT | PF_WRITE)) && (ip + SEGMEXEC_TASK_SIZE == address)) |
4534 |
+ return true; |
4535 |
+ return false; |
4536 |
+ } |
4537 |
@@ -36996,6 +37001,28 @@ index ad3f276..bef6d50 100644 |
4538 |
return ERR_PTR(-EINVAL); |
4539 |
|
4540 |
nr_pages += end - start; |
4541 |
+diff --git a/block/blk-core.c b/block/blk-core.c |
4542 |
+index 18e92a6..1834d7c 100644 |
4543 |
+--- a/block/blk-core.c |
4544 |
++++ b/block/blk-core.c |
4545 |
+@@ -1616,8 +1616,6 @@ static void blk_queue_bio(struct request_queue *q, struct bio *bio) |
4546 |
+ struct request *req; |
4547 |
+ unsigned int request_count = 0; |
4548 |
+ |
4549 |
+- blk_queue_split(q, &bio, q->bio_split); |
4550 |
+- |
4551 |
+ /* |
4552 |
+ * low level driver can indicate that it wants pages above a |
4553 |
+ * certain limit bounced to low memory (ie for highmem, or even |
4554 |
+@@ -1625,6 +1623,8 @@ static void blk_queue_bio(struct request_queue *q, struct bio *bio) |
4555 |
+ */ |
4556 |
+ blk_queue_bounce(q, &bio); |
4557 |
+ |
4558 |
++ blk_queue_split(q, &bio, q->bio_split); |
4559 |
++ |
4560 |
+ if (bio_integrity_enabled(bio) && bio_integrity_prep(bio)) { |
4561 |
+ bio->bi_error = -EIO; |
4562 |
+ bio_endio(bio); |
4563 |
diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c |
4564 |
index 0736729..2ec3b48 100644 |
4565 |
--- a/block/blk-iopoll.c |
4566 |
@@ -75725,6 +75752,32 @@ index f70119f..b7d2bb4 100644 |
4567 |
|
4568 |
/* for init */ |
4569 |
int __init btrfs_delayed_inode_init(void); |
4570 |
+diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c |
4571 |
+index 6a98bdd..fed3da6 100644 |
4572 |
+--- a/fs/btrfs/extent_map.c |
4573 |
++++ b/fs/btrfs/extent_map.c |
4574 |
+@@ -235,7 +235,9 @@ static void try_merge_map(struct extent_map_tree *tree, struct extent_map *em) |
4575 |
+ em->start = merge->start; |
4576 |
+ em->orig_start = merge->orig_start; |
4577 |
+ em->len += merge->len; |
4578 |
+- em->block_len += merge->block_len; |
4579 |
++ if (em->block_start != EXTENT_MAP_HOLE && |
4580 |
++ em->block_start != EXTENT_MAP_INLINE) |
4581 |
++ em->block_len += merge->block_len; |
4582 |
+ em->block_start = merge->block_start; |
4583 |
+ em->mod_len = (em->mod_len + em->mod_start) - merge->mod_start; |
4584 |
+ em->mod_start = merge->mod_start; |
4585 |
+@@ -252,7 +254,9 @@ static void try_merge_map(struct extent_map_tree *tree, struct extent_map *em) |
4586 |
+ merge = rb_entry(rb, struct extent_map, rb_node); |
4587 |
+ if (rb && mergable_maps(em, merge)) { |
4588 |
+ em->len += merge->len; |
4589 |
+- em->block_len += merge->block_len; |
4590 |
++ if (em->block_start != EXTENT_MAP_HOLE && |
4591 |
++ em->block_start != EXTENT_MAP_INLINE) |
4592 |
++ em->block_len += merge->block_len; |
4593 |
+ rb_erase(&merge->rb_node, &tree->map); |
4594 |
+ RB_CLEAR_NODE(&merge->rb_node); |
4595 |
+ em->mod_len = (merge->mod_start + merge->mod_len) - em->mod_start; |
4596 |
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
4597 |
index 396e3d5..e752d29 100644 |
4598 |
--- a/fs/btrfs/inode.c |
4599 |
@@ -77174,7 +77227,7 @@ index e4141f2..d8263e8 100644 |
4600 |
i += packet_length_size; |
4601 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
4602 |
diff --git a/fs/exec.c b/fs/exec.c |
4603 |
-index b06623a..895c666 100644 |
4604 |
+index b06623a..1c50b96 100644 |
4605 |
--- a/fs/exec.c |
4606 |
+++ b/fs/exec.c |
4607 |
@@ -56,8 +56,20 @@ |
4608 |
@@ -77670,7 +77723,7 @@ index b06623a..895c666 100644 |
4609 |
out: |
4610 |
if (bprm->mm) { |
4611 |
acct_arg_size(bprm, 0); |
4612 |
-@@ -1749,3 +1924,313 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
4613 |
+@@ -1749,3 +1924,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, |
4614 |
argv, envp, flags); |
4615 |
} |
4616 |
#endif |
4617 |
@@ -77976,11 +78029,17 @@ index b06623a..895c666 100644 |
4618 |
+ |
4619 |
+#ifdef CONFIG_PAX_SIZE_OVERFLOW |
4620 |
+ |
4621 |
++static DEFINE_RATELIMIT_STATE(size_overflow_ratelimit, 15 * HZ, 3); |
4622 |
++extern bool pax_size_overflow_report_only; |
4623 |
++ |
4624 |
+void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) |
4625 |
+{ |
4626 |
-+ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
4627 |
-+ dump_stack(); |
4628 |
-+ do_group_exit(SIGKILL); |
4629 |
++ if (!pax_size_overflow_report_only || __ratelimit(&size_overflow_ratelimit)) { |
4630 |
++ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
4631 |
++ dump_stack(); |
4632 |
++ } |
4633 |
++ if (!pax_size_overflow_report_only) |
4634 |
++ do_group_exit(SIGKILL); |
4635 |
+} |
4636 |
+EXPORT_SYMBOL(report_size_overflow); |
4637 |
+#endif |
4638 |
@@ -82413,7 +82472,7 @@ index eed2050..fb443f2 100644 |
4639 |
static struct pid * |
4640 |
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) |
4641 |
diff --git a/fs/proc/base.c b/fs/proc/base.c |
4642 |
-index 29595af..6ab6000 100644 |
4643 |
+index 29595af..aeaaf2e 100644 |
4644 |
--- a/fs/proc/base.c |
4645 |
+++ b/fs/proc/base.c |
4646 |
@@ -113,6 +113,14 @@ struct pid_entry { |
4647 |
@@ -82794,7 +82853,15 @@ index 29595af..6ab6000 100644 |
4648 |
if (!dir_emit_dots(file, ctx)) |
4649 |
goto out; |
4650 |
|
4651 |
-@@ -2519,7 +2645,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh |
4652 |
+@@ -2484,6 +2610,7 @@ static ssize_t proc_coredump_filter_write(struct file *file, |
4653 |
+ mm = get_task_mm(task); |
4654 |
+ if (!mm) |
4655 |
+ goto out_no_mm; |
4656 |
++ ret = 0; |
4657 |
+ |
4658 |
+ for (i = 0, mask = 1; i < MMF_DUMP_FILTER_BITS; i++, mask <<= 1) { |
4659 |
+ if (val & mask) |
4660 |
+@@ -2519,7 +2646,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh |
4661 |
if (result) |
4662 |
return result; |
4663 |
|
4664 |
@@ -82803,7 +82870,7 @@ index 29595af..6ab6000 100644 |
4665 |
result = -EACCES; |
4666 |
goto out_unlock; |
4667 |
} |
4668 |
-@@ -2738,7 +2864,7 @@ static const struct pid_entry tgid_base_stuff[] = { |
4669 |
+@@ -2738,7 +2865,7 @@ static const struct pid_entry tgid_base_stuff[] = { |
4670 |
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), |
4671 |
#endif |
4672 |
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
4673 |
@@ -82812,7 +82879,7 @@ index 29595af..6ab6000 100644 |
4674 |
ONE("syscall", S_IRUSR, proc_pid_syscall), |
4675 |
#endif |
4676 |
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), |
4677 |
-@@ -2763,10 +2889,10 @@ static const struct pid_entry tgid_base_stuff[] = { |
4678 |
+@@ -2763,10 +2890,10 @@ static const struct pid_entry tgid_base_stuff[] = { |
4679 |
#ifdef CONFIG_SECURITY |
4680 |
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), |
4681 |
#endif |
4682 |
@@ -82825,7 +82892,7 @@ index 29595af..6ab6000 100644 |
4683 |
ONE("stack", S_IRUSR, proc_pid_stack), |
4684 |
#endif |
4685 |
#ifdef CONFIG_SCHED_INFO |
4686 |
-@@ -2800,6 +2926,9 @@ static const struct pid_entry tgid_base_stuff[] = { |
4687 |
+@@ -2800,6 +2927,9 @@ static const struct pid_entry tgid_base_stuff[] = { |
4688 |
#ifdef CONFIG_HARDWALL |
4689 |
ONE("hardwall", S_IRUGO, proc_pid_hardwall), |
4690 |
#endif |
4691 |
@@ -82835,7 +82902,7 @@ index 29595af..6ab6000 100644 |
4692 |
#ifdef CONFIG_USER_NS |
4693 |
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), |
4694 |
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), |
4695 |
-@@ -2932,7 +3061,14 @@ static int proc_pid_instantiate(struct inode *dir, |
4696 |
+@@ -2932,7 +3062,14 @@ static int proc_pid_instantiate(struct inode *dir, |
4697 |
if (!inode) |
4698 |
goto out; |
4699 |
|
4700 |
@@ -82850,7 +82917,7 @@ index 29595af..6ab6000 100644 |
4701 |
inode->i_op = &proc_tgid_base_inode_operations; |
4702 |
inode->i_fop = &proc_tgid_base_operations; |
4703 |
inode->i_flags|=S_IMMUTABLE; |
4704 |
-@@ -2970,7 +3106,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign |
4705 |
+@@ -2970,7 +3107,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign |
4706 |
if (!task) |
4707 |
goto out; |
4708 |
|
4709 |
@@ -82862,7 +82929,7 @@ index 29595af..6ab6000 100644 |
4710 |
put_task_struct(task); |
4711 |
out: |
4712 |
return ERR_PTR(result); |
4713 |
-@@ -3084,7 +3224,7 @@ static const struct pid_entry tid_base_stuff[] = { |
4714 |
+@@ -3084,7 +3225,7 @@ static const struct pid_entry tid_base_stuff[] = { |
4715 |
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), |
4716 |
#endif |
4717 |
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), |
4718 |
@@ -82871,7 +82938,7 @@ index 29595af..6ab6000 100644 |
4719 |
ONE("syscall", S_IRUSR, proc_pid_syscall), |
4720 |
#endif |
4721 |
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), |
4722 |
-@@ -3111,10 +3251,10 @@ static const struct pid_entry tid_base_stuff[] = { |
4723 |
+@@ -3111,10 +3252,10 @@ static const struct pid_entry tid_base_stuff[] = { |
4724 |
#ifdef CONFIG_SECURITY |
4725 |
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), |
4726 |
#endif |
4727 |
@@ -84997,6 +85064,28 @@ index 8e2010d..95549ab 100644 |
4728 |
#endif /* DEBUG */ |
4729 |
|
4730 |
/* |
4731 |
+diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c |
4732 |
+index be43248..6bb4442 100644 |
4733 |
+--- a/fs/xfs/libxfs/xfs_da_btree.c |
4734 |
++++ b/fs/xfs/libxfs/xfs_da_btree.c |
4735 |
+@@ -2007,6 +2007,7 @@ xfs_da_grow_inode_int( |
4736 |
+ struct xfs_inode *dp = args->dp; |
4737 |
+ int w = args->whichfork; |
4738 |
+ xfs_rfsblock_t nblks = dp->i_d.di_nblocks; |
4739 |
++ xfs_rfsblock_t nblocks; |
4740 |
+ struct xfs_bmbt_irec map, *mapp; |
4741 |
+ int nmap, error, got, i, mapi; |
4742 |
+ |
4743 |
+@@ -2075,7 +2076,8 @@ xfs_da_grow_inode_int( |
4744 |
+ } |
4745 |
+ |
4746 |
+ /* account for newly allocated blocks in reserved blocks total */ |
4747 |
+- args->total -= dp->i_d.di_nblocks - nblks; |
4748 |
++ nblocks = dp->i_d.di_nblocks - nblks; |
4749 |
++ args->total -= nblocks; |
4750 |
+ |
4751 |
+ out_free_map: |
4752 |
+ if (mapp != &map) |
4753 |
diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c |
4754 |
index a989a9c..db30c9a 100644 |
4755 |
--- a/fs/xfs/xfs_dir2_readdir.c |
4756 |
@@ -105589,7 +105678,7 @@ index b32ad7d..05f6420 100644 |
4757 |
next_state = Reset; |
4758 |
return 0; |
4759 |
diff --git a/init/main.c b/init/main.c |
4760 |
-index 9e64d70..141e0b4 100644 |
4761 |
+index 9e64d70..2f40cd9 100644 |
4762 |
--- a/init/main.c |
4763 |
+++ b/init/main.c |
4764 |
@@ -97,6 +97,8 @@ extern void radix_tree_init(void); |
4765 |
@@ -105601,7 +105690,7 @@ index 9e64d70..141e0b4 100644 |
4766 |
/* |
4767 |
* Debug helper: via this flag we know that we are in 'early bootup code' |
4768 |
* where only the boot processor is running with IRQ disabled. This means |
4769 |
-@@ -158,6 +160,37 @@ static int __init set_reset_devices(char *str) |
4770 |
+@@ -158,6 +160,48 @@ static int __init set_reset_devices(char *str) |
4771 |
|
4772 |
__setup("reset_devices", set_reset_devices); |
4773 |
|
4774 |
@@ -105636,10 +105725,21 @@ index 9e64d70..141e0b4 100644 |
4775 |
+__setup("pax_softmode=", setup_pax_softmode); |
4776 |
+#endif |
4777 |
+ |
4778 |
++#ifdef CONFIG_PAX_SIZE_OVERFLOW |
4779 |
++bool pax_size_overflow_report_only __read_only; |
4780 |
++ |
4781 |
++static int __init setup_pax_size_overflow_report_only(char *str) |
4782 |
++{ |
4783 |
++ pax_size_overflow_report_only = true; |
4784 |
++ return 0; |
4785 |
++} |
4786 |
++early_param("pax_size_overflow_report_only", setup_pax_size_overflow_report_only); |
4787 |
++#endif |
4788 |
++ |
4789 |
static const char *argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; |
4790 |
const char *envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; |
4791 |
static const char *panic_later, *panic_param; |
4792 |
-@@ -731,7 +764,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) |
4793 |
+@@ -731,7 +775,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) |
4794 |
struct blacklist_entry *entry; |
4795 |
char *fn_name; |
4796 |
|
4797 |
@@ -105648,7 +105748,7 @@ index 9e64d70..141e0b4 100644 |
4798 |
if (!fn_name) |
4799 |
return false; |
4800 |
|
4801 |
-@@ -783,7 +816,7 @@ int __init_or_module do_one_initcall(initcall_t fn) |
4802 |
+@@ -783,7 +827,7 @@ int __init_or_module do_one_initcall(initcall_t fn) |
4803 |
{ |
4804 |
int count = preempt_count(); |
4805 |
int ret; |
4806 |
@@ -105657,7 +105757,7 @@ index 9e64d70..141e0b4 100644 |
4807 |
|
4808 |
if (initcall_blacklisted(fn)) |
4809 |
return -EPERM; |
4810 |
-@@ -793,18 +826,17 @@ int __init_or_module do_one_initcall(initcall_t fn) |
4811 |
+@@ -793,18 +837,17 @@ int __init_or_module do_one_initcall(initcall_t fn) |
4812 |
else |
4813 |
ret = fn(); |
4814 |
|
4815 |
@@ -105680,7 +105780,7 @@ index 9e64d70..141e0b4 100644 |
4816 |
return ret; |
4817 |
} |
4818 |
|
4819 |
-@@ -909,8 +941,8 @@ static int run_init_process(const char *init_filename) |
4820 |
+@@ -909,8 +952,8 @@ static int run_init_process(const char *init_filename) |
4821 |
{ |
4822 |
argv_init[0] = init_filename; |
4823 |
return do_execve(getname_kernel(init_filename), |
4824 |
@@ -105691,7 +105791,7 @@ index 9e64d70..141e0b4 100644 |
4825 |
} |
4826 |
|
4827 |
static int try_to_run_init_process(const char *init_filename) |
4828 |
-@@ -927,6 +959,10 @@ static int try_to_run_init_process(const char *init_filename) |
4829 |
+@@ -927,6 +970,10 @@ static int try_to_run_init_process(const char *init_filename) |
4830 |
return ret; |
4831 |
} |
4832 |
|
4833 |
@@ -105702,7 +105802,7 @@ index 9e64d70..141e0b4 100644 |
4834 |
static noinline void __init kernel_init_freeable(void); |
4835 |
|
4836 |
static int __ref kernel_init(void *unused) |
4837 |
-@@ -951,6 +987,11 @@ static int __ref kernel_init(void *unused) |
4838 |
+@@ -951,6 +998,11 @@ static int __ref kernel_init(void *unused) |
4839 |
ramdisk_execute_command, ret); |
4840 |
} |
4841 |
|
4842 |
@@ -105714,7 +105814,7 @@ index 9e64d70..141e0b4 100644 |
4843 |
/* |
4844 |
* We try each of these until one succeeds. |
4845 |
* |
4846 |
-@@ -1008,7 +1049,7 @@ static noinline void __init kernel_init_freeable(void) |
4847 |
+@@ -1008,7 +1060,7 @@ static noinline void __init kernel_init_freeable(void) |
4848 |
do_basic_setup(); |
4849 |
|
4850 |
/* Open the /dev/console on the rootfs, this should never fail */ |
4851 |
@@ -105723,7 +105823,7 @@ index 9e64d70..141e0b4 100644 |
4852 |
pr_err("Warning: unable to open an initial console.\n"); |
4853 |
|
4854 |
(void) sys_dup(0); |
4855 |
-@@ -1021,11 +1062,13 @@ static noinline void __init kernel_init_freeable(void) |
4856 |
+@@ -1021,11 +1073,13 @@ static noinline void __init kernel_init_freeable(void) |
4857 |
if (!ramdisk_execute_command) |
4858 |
ramdisk_execute_command = "/init"; |
4859 |
|
4860 |
@@ -109683,10 +109783,45 @@ index 99513e1..0caa643 100644 |
4861 |
} |
4862 |
|
4863 |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c |
4864 |
-index 787320d..9e9535d 100644 |
4865 |
+index 787320d..9873654 100644 |
4866 |
--- a/kernel/ptrace.c |
4867 |
+++ b/kernel/ptrace.c |
4868 |
-@@ -219,6 +219,13 @@ static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) |
4869 |
+@@ -207,18 +207,45 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state) |
4870 |
+ return ret; |
4871 |
+ } |
4872 |
+ |
4873 |
+-static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) |
4874 |
++static bool ptrace_has_cap(const struct cred *tcred, unsigned int mode) |
4875 |
+ { |
4876 |
++ struct user_namespace *tns = tcred->user_ns; |
4877 |
++ struct user_namespace *curns = current_cred()->user_ns; |
4878 |
++ |
4879 |
++ /* When a root-owned process enters a user namespace created by a |
4880 |
++ * malicious user, the user shouldn't be able to execute code under |
4881 |
++ * uid 0 by attaching to the root-owned process via ptrace. |
4882 |
++ * Therefore, similar to the capable_wrt_inode_uidgid() check, |
4883 |
++ * verify that all the uids and gids of the target process are |
4884 |
++ * mapped into the current namespace. |
4885 |
++ * No fsuid/fsgid check because __ptrace_may_access doesn't do it |
4886 |
++ * either. |
4887 |
++ */ |
4888 |
++ if (!kuid_has_mapping(curns, tcred->euid) || |
4889 |
++ !kuid_has_mapping(curns, tcred->suid) || |
4890 |
++ !kuid_has_mapping(curns, tcred->uid) || |
4891 |
++ !kgid_has_mapping(curns, tcred->egid) || |
4892 |
++ !kgid_has_mapping(curns, tcred->sgid) || |
4893 |
++ !kgid_has_mapping(curns, tcred->gid)) |
4894 |
++ return false; |
4895 |
++ |
4896 |
+ if (mode & PTRACE_MODE_NOAUDIT) |
4897 |
+- return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE); |
4898 |
++ return has_ns_capability_noaudit(current, tns, CAP_SYS_PTRACE); |
4899 |
+ else |
4900 |
+- return has_ns_capability(current, ns, CAP_SYS_PTRACE); |
4901 |
++ return has_ns_capability(current, tns, CAP_SYS_PTRACE); |
4902 |
+ } |
4903 |
+ |
4904 |
+ /* Returns 0 on success, -errno on denial. */ |
4905 |
static int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
4906 |
{ |
4907 |
const struct cred *cred = current_cred(), *tcred; |
4908 |
@@ -109700,7 +109835,7 @@ index 787320d..9e9535d 100644 |
4909 |
|
4910 |
/* May we inspect the given task? |
4911 |
* This check is used both for attaching with ptrace |
4912 |
-@@ -233,13 +240,28 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
4913 |
+@@ -233,15 +260,30 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) |
4914 |
if (same_thread_group(task, current)) |
4915 |
return 0; |
4916 |
rcu_read_lock(); |
4917 |
@@ -109733,9 +109868,21 @@ index 787320d..9e9535d 100644 |
4918 |
+ gid_eq(caller_gid, tcred->sgid) && |
4919 |
+ gid_eq(caller_gid, tcred->gid)) |
4920 |
goto ok; |
4921 |
- if (ptrace_has_cap(tcred->user_ns, mode)) |
4922 |
+- if (ptrace_has_cap(tcred->user_ns, mode)) |
4923 |
++ if (ptrace_has_cap(tcred, mode)) |
4924 |
goto ok; |
4925 |
-@@ -306,7 +328,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
4926 |
+ rcu_read_unlock(); |
4927 |
+ return -EPERM; |
4928 |
+@@ -252,7 +294,7 @@ ok: |
4929 |
+ dumpable = get_dumpable(task->mm); |
4930 |
+ rcu_read_lock(); |
4931 |
+ if (dumpable != SUID_DUMP_USER && |
4932 |
+- !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { |
4933 |
++ !ptrace_has_cap(__task_cred(task), mode)) { |
4934 |
+ rcu_read_unlock(); |
4935 |
+ return -EPERM; |
4936 |
+ } |
4937 |
+@@ -306,7 +348,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
4938 |
goto out; |
4939 |
|
4940 |
task_lock(task); |
4941 |
@@ -109744,7 +109891,7 @@ index 787320d..9e9535d 100644 |
4942 |
task_unlock(task); |
4943 |
if (retval) |
4944 |
goto unlock_creds; |
4945 |
-@@ -321,7 +343,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
4946 |
+@@ -321,7 +363,7 @@ static int ptrace_attach(struct task_struct *task, long request, |
4947 |
if (seize) |
4948 |
flags |= PT_SEIZED; |
4949 |
rcu_read_lock(); |
4950 |
@@ -109753,7 +109900,7 @@ index 787320d..9e9535d 100644 |
4951 |
flags |= PT_PTRACE_CAP; |
4952 |
rcu_read_unlock(); |
4953 |
task->ptrace = flags; |
4954 |
-@@ -514,7 +536,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst |
4955 |
+@@ -514,7 +556,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst |
4956 |
break; |
4957 |
return -EIO; |
4958 |
} |
4959 |
@@ -109762,7 +109909,7 @@ index 787320d..9e9535d 100644 |
4960 |
return -EFAULT; |
4961 |
copied += retval; |
4962 |
src += retval; |
4963 |
-@@ -815,7 +837,7 @@ int ptrace_request(struct task_struct *child, long request, |
4964 |
+@@ -815,7 +857,7 @@ int ptrace_request(struct task_struct *child, long request, |
4965 |
bool seized = child->ptrace & PT_SEIZED; |
4966 |
int ret = -EIO; |
4967 |
siginfo_t siginfo, *si; |
4968 |
@@ -109771,7 +109918,7 @@ index 787320d..9e9535d 100644 |
4969 |
unsigned long __user *datalp = datavp; |
4970 |
unsigned long flags; |
4971 |
|
4972 |
-@@ -1061,14 +1083,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, |
4973 |
+@@ -1061,14 +1103,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, |
4974 |
goto out; |
4975 |
} |
4976 |
|
4977 |
@@ -109794,7 +109941,7 @@ index 787320d..9e9535d 100644 |
4978 |
goto out_put_task_struct; |
4979 |
} |
4980 |
|
4981 |
-@@ -1096,7 +1125,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, |
4982 |
+@@ -1096,7 +1145,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, |
4983 |
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); |
4984 |
if (copied != sizeof(tmp)) |
4985 |
return -EIO; |
4986 |
@@ -109803,7 +109950,7 @@ index 787320d..9e9535d 100644 |
4987 |
} |
4988 |
|
4989 |
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, |
4990 |
-@@ -1189,7 +1218,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, |
4991 |
+@@ -1189,7 +1238,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, |
4992 |
} |
4993 |
|
4994 |
COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, |
4995 |
@@ -109812,7 +109959,7 @@ index 787320d..9e9535d 100644 |
4996 |
{ |
4997 |
struct task_struct *child; |
4998 |
long ret; |
4999 |
-@@ -1205,14 +1234,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, |
5000 |
+@@ -1205,14 +1254,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, |
5001 |
goto out; |
5002 |
} |
5003 |
|
5004 |
@@ -120164,7 +120311,7 @@ index 8a1741b..20d20e7 100644 |
5005 |
if (!err) |
5006 |
err = put_user(SCM_RIGHTS, &cm->cmsg_type); |
5007 |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
5008 |
-index fab4599..e553f88 100644 |
5009 |
+index fab4599..e488a92 100644 |
5010 |
--- a/net/core/skbuff.c |
5011 |
+++ b/net/core/skbuff.c |
5012 |
@@ -2103,7 +2103,7 @@ EXPORT_SYMBOL(__skb_checksum); |
5013 |
@@ -120193,8 +120340,18 @@ index fab4599..e553f88 100644 |
5014 |
NULL); |
5015 |
} |
5016 |
|
5017 |
+@@ -3643,7 +3645,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb, |
5018 |
+ serr->ee.ee_info = tstype; |
5019 |
+ if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) { |
5020 |
+ serr->ee.ee_data = skb_shinfo(skb)->tskey; |
5021 |
+- if (sk->sk_protocol == IPPROTO_TCP) |
5022 |
++ if (sk->sk_protocol == IPPROTO_TCP && |
5023 |
++ sk->sk_type == SOCK_STREAM) |
5024 |
+ serr->ee.ee_data -= sk->sk_tskey; |
5025 |
+ } |
5026 |
+ |
5027 |
diff --git a/net/core/sock.c b/net/core/sock.c |
5028 |
-index 3307c02..08b1281 100644 |
5029 |
+index 3307c02..3a9bfdc 100644 |
5030 |
--- a/net/core/sock.c |
5031 |
+++ b/net/core/sock.c |
5032 |
@@ -441,7 +441,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) |
5033 |
@@ -120233,7 +120390,17 @@ index 3307c02..08b1281 100644 |
5034 |
goto discard_and_relse; |
5035 |
} |
5036 |
|
5037 |
-@@ -908,6 +908,7 @@ set_rcvbuf: |
5038 |
+@@ -862,7 +862,8 @@ set_rcvbuf: |
5039 |
+ |
5040 |
+ if (val & SOF_TIMESTAMPING_OPT_ID && |
5041 |
+ !(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) { |
5042 |
+- if (sk->sk_protocol == IPPROTO_TCP) { |
5043 |
++ if (sk->sk_protocol == IPPROTO_TCP && |
5044 |
++ sk->sk_type == SOCK_STREAM) { |
5045 |
+ if (sk->sk_state != TCP_ESTABLISHED) { |
5046 |
+ ret = -EINVAL; |
5047 |
+ break; |
5048 |
+@@ -908,6 +909,7 @@ set_rcvbuf: |
5049 |
} |
5050 |
break; |
5051 |
|
5052 |
@@ -120241,7 +120408,7 @@ index 3307c02..08b1281 100644 |
5053 |
case SO_ATTACH_BPF: |
5054 |
ret = -EINVAL; |
5055 |
if (optlen == sizeof(u32)) { |
5056 |
-@@ -920,7 +921,7 @@ set_rcvbuf: |
5057 |
+@@ -920,7 +922,7 @@ set_rcvbuf: |
5058 |
ret = sk_attach_bpf(ufd, sk); |
5059 |
} |
5060 |
break; |
5061 |
@@ -120250,7 +120417,7 @@ index 3307c02..08b1281 100644 |
5062 |
case SO_DETACH_FILTER: |
5063 |
ret = sk_detach_filter(sk); |
5064 |
break; |
5065 |
-@@ -1022,12 +1023,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, |
5066 |
+@@ -1022,12 +1024,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, |
5067 |
struct timeval tm; |
5068 |
} v; |
5069 |
|
5070 |
@@ -120266,7 +120433,7 @@ index 3307c02..08b1281 100644 |
5071 |
return -EINVAL; |
5072 |
|
5073 |
memset(&v, 0, sizeof(v)); |
5074 |
-@@ -1165,11 +1166,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, |
5075 |
+@@ -1165,11 +1167,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, |
5076 |
|
5077 |
case SO_PEERNAME: |
5078 |
{ |
5079 |
@@ -120280,7 +120447,7 @@ index 3307c02..08b1281 100644 |
5080 |
return -EINVAL; |
5081 |
if (copy_to_user(optval, address, len)) |
5082 |
return -EFAULT; |
5083 |
-@@ -1257,7 +1258,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, |
5084 |
+@@ -1257,7 +1259,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, |
5085 |
|
5086 |
if (len > lv) |
5087 |
len = lv; |
5088 |
@@ -120289,7 +120456,7 @@ index 3307c02..08b1281 100644 |
5089 |
return -EFAULT; |
5090 |
lenout: |
5091 |
if (put_user(len, optlen)) |
5092 |
-@@ -1550,7 +1551,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority) |
5093 |
+@@ -1550,7 +1552,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority) |
5094 |
newsk->sk_err = 0; |
5095 |
newsk->sk_priority = 0; |
5096 |
newsk->sk_incoming_cpu = raw_smp_processor_id(); |
5097 |
@@ -120298,7 +120465,7 @@ index 3307c02..08b1281 100644 |
5098 |
/* |
5099 |
* Before updating sk_refcnt, we must commit prior changes to memory |
5100 |
* (Documentation/RCU/rculist_nulls.txt for details) |
5101 |
-@@ -2359,7 +2360,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) |
5102 |
+@@ -2359,7 +2361,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) |
5103 |
*/ |
5104 |
smp_wmb(); |
5105 |
atomic_set(&sk->sk_refcnt, 1); |
5106 |
@@ -120307,7 +120474,7 @@ index 3307c02..08b1281 100644 |
5107 |
} |
5108 |
EXPORT_SYMBOL(sock_init_data); |
5109 |
|
5110 |
-@@ -2487,6 +2488,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) |
5111 |
+@@ -2487,6 +2489,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) |
5112 |
int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, |
5113 |
int level, int type) |
5114 |
{ |
5115 |
@@ -120315,7 +120482,7 @@ index 3307c02..08b1281 100644 |
5116 |
struct sock_exterr_skb *serr; |
5117 |
struct sk_buff *skb; |
5118 |
int copied, err; |
5119 |
-@@ -2508,7 +2510,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, |
5120 |
+@@ -2508,7 +2511,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, |
5121 |
sock_recv_timestamp(msg, sk, skb); |
5122 |
|
5123 |
serr = SKB_EXT_ERR(skb); |
5124 |
@@ -121854,7 +122021,7 @@ index c10a9ee..c621a01 100644 |
5125 |
return -ENOMEM; |
5126 |
} |
5127 |
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
5128 |
-index 3939dd2..ea4fbed 100644 |
5129 |
+index 3939dd2..7372e9a 100644 |
5130 |
--- a/net/ipv6/addrconf.c |
5131 |
+++ b/net/ipv6/addrconf.c |
5132 |
@@ -178,7 +178,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { |
5133 |
@@ -121985,7 +122152,25 @@ index 3939dd2..ea4fbed 100644 |
5134 |
struct net *net = ctl->extra2; |
5135 |
struct ipv6_stable_secret *secret = ctl->data; |
5136 |
|
5137 |
-@@ -5397,7 +5410,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, |
5138 |
+@@ -5343,13 +5356,10 @@ static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, |
5139 |
+ goto out; |
5140 |
+ } |
5141 |
+ |
5142 |
+- if (!write) { |
5143 |
+- err = snprintf(str, sizeof(str), "%pI6", |
5144 |
+- &secret->secret); |
5145 |
+- if (err >= sizeof(str)) { |
5146 |
+- err = -EIO; |
5147 |
+- goto out; |
5148 |
+- } |
5149 |
++ err = snprintf(str, sizeof(str), "%pI6", &secret->secret); |
5150 |
++ if (err >= sizeof(str)) { |
5151 |
++ err = -EIO; |
5152 |
++ goto out; |
5153 |
+ } |
5154 |
+ |
5155 |
+ err = proc_dostring(&lctl, write, buffer, lenp, ppos); |
5156 |
+@@ -5397,7 +5407,7 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, |
5157 |
int *valp = ctl->data; |
5158 |
int val = *valp; |
5159 |
loff_t pos = *ppos; |