1 |
commit: e032640bc9855a93b6cccdb01e27044c4bf6551c |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Oct 1 18:59:31 2020 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Oct 1 18:59:31 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e032640b |
7 |
|
8 |
Linux patch 4.9.238 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1237_linux-4.9.238.patch | 4359 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 4363 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 2b5f2bf..c39cf2b 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -991,6 +991,10 @@ Patch: 1236_linux-4.9.237.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.237 |
23 |
|
24 |
+Patch: 1237_linux-4.9.238.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.238 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1237_linux-4.9.238.patch b/1237_linux-4.9.238.patch |
33 |
new file mode 100644 |
34 |
index 0000000..2a0fbe4 |
35 |
--- /dev/null |
36 |
+++ b/1237_linux-4.9.238.patch |
37 |
@@ -0,0 +1,4359 @@ |
38 |
+diff --git a/Documentation/DocBook/libata.tmpl b/Documentation/DocBook/libata.tmpl |
39 |
+index d7fcdc5a43792..9b55778ab024f 100644 |
40 |
+--- a/Documentation/DocBook/libata.tmpl |
41 |
++++ b/Documentation/DocBook/libata.tmpl |
42 |
+@@ -324,7 +324,7 @@ Many legacy IDE drivers use ata_bmdma_status() as the bmdma_status() hook. |
43 |
+ |
44 |
+ <sect2><title>High-level taskfile hooks</title> |
45 |
+ <programlisting> |
46 |
+-void (*qc_prep) (struct ata_queued_cmd *qc); |
47 |
++enum ata_completion_errors (*qc_prep) (struct ata_queued_cmd *qc); |
48 |
+ int (*qc_issue) (struct ata_queued_cmd *qc); |
49 |
+ </programlisting> |
50 |
+ |
51 |
+diff --git a/Documentation/devicetree/bindings/sound/wm8994.txt b/Documentation/devicetree/bindings/sound/wm8994.txt |
52 |
+index 68c4e8d96bed6..b309de00cd836 100644 |
53 |
+--- a/Documentation/devicetree/bindings/sound/wm8994.txt |
54 |
++++ b/Documentation/devicetree/bindings/sound/wm8994.txt |
55 |
+@@ -14,9 +14,15 @@ Required properties: |
56 |
+ - #gpio-cells : Must be 2. The first cell is the pin number and the |
57 |
+ second cell is used to specify optional parameters (currently unused). |
58 |
+ |
59 |
+- - AVDD2-supply, DBVDD1-supply, DBVDD2-supply, DBVDD3-supply, CPVDD-supply, |
60 |
+- SPKVDD1-supply, SPKVDD2-supply : power supplies for the device, as covered |
61 |
+- in Documentation/devicetree/bindings/regulator/regulator.txt |
62 |
++ - power supplies for the device, as covered in |
63 |
++ Documentation/devicetree/bindings/regulator/regulator.txt, depending |
64 |
++ on compatible: |
65 |
++ - for wlf,wm1811 and wlf,wm8958: |
66 |
++ AVDD1-supply, AVDD2-supply, DBVDD1-supply, DBVDD2-supply, DBVDD3-supply, |
67 |
++ DCVDD-supply, CPVDD-supply, SPKVDD1-supply, SPKVDD2-supply |
68 |
++ - for wlf,wm8994: |
69 |
++ AVDD1-supply, AVDD2-supply, DBVDD-supply, DCVDD-supply, CPVDD-supply, |
70 |
++ SPKVDD1-supply, SPKVDD2-supply |
71 |
+ |
72 |
+ Optional properties: |
73 |
+ |
74 |
+@@ -68,11 +74,11 @@ codec: wm8994@1a { |
75 |
+ |
76 |
+ lineout1-se; |
77 |
+ |
78 |
++ AVDD1-supply = <®ulator>; |
79 |
+ AVDD2-supply = <®ulator>; |
80 |
+ CPVDD-supply = <®ulator>; |
81 |
+- DBVDD1-supply = <®ulator>; |
82 |
+- DBVDD2-supply = <®ulator>; |
83 |
+- DBVDD3-supply = <®ulator>; |
84 |
++ DBVDD-supply = <®ulator>; |
85 |
++ DCVDD-supply = <®ulator>; |
86 |
+ SPKVDD1-supply = <®ulator>; |
87 |
+ SPKVDD2-supply = <®ulator>; |
88 |
+ }; |
89 |
+diff --git a/Makefile b/Makefile |
90 |
+index 3c78b28c6a0da..41a7d6626e354 100644 |
91 |
+--- a/Makefile |
92 |
++++ b/Makefile |
93 |
+@@ -1,6 +1,6 @@ |
94 |
+ VERSION = 4 |
95 |
+ PATCHLEVEL = 9 |
96 |
+-SUBLEVEL = 237 |
97 |
++SUBLEVEL = 238 |
98 |
+ EXTRAVERSION = |
99 |
+ NAME = Roaring Lionus |
100 |
+ |
101 |
+diff --git a/arch/m68k/q40/config.c b/arch/m68k/q40/config.c |
102 |
+index ea89a24f46000..cc0f924bbdd2d 100644 |
103 |
+--- a/arch/m68k/q40/config.c |
104 |
++++ b/arch/m68k/q40/config.c |
105 |
+@@ -303,6 +303,7 @@ static int q40_get_rtc_pll(struct rtc_pll_info *pll) |
106 |
+ { |
107 |
+ int tmp = Q40_RTC_CTRL; |
108 |
+ |
109 |
++ pll->pll_ctrl = 0; |
110 |
+ pll->pll_value = tmp & Q40_RTC_PLL_MASK; |
111 |
+ if (tmp & Q40_RTC_PLL_SIGN) |
112 |
+ pll->pll_value = -pll->pll_value; |
113 |
+diff --git a/arch/mips/include/asm/cpu-type.h b/arch/mips/include/asm/cpu-type.h |
114 |
+index bdd6dc18e65c6..941efd8783344 100644 |
115 |
+--- a/arch/mips/include/asm/cpu-type.h |
116 |
++++ b/arch/mips/include/asm/cpu-type.h |
117 |
+@@ -47,6 +47,7 @@ static inline int __pure __get_cpu_type(const int cpu_type) |
118 |
+ case CPU_34K: |
119 |
+ case CPU_1004K: |
120 |
+ case CPU_74K: |
121 |
++ case CPU_1074K: |
122 |
+ case CPU_M14KC: |
123 |
+ case CPU_M14KEC: |
124 |
+ case CPU_INTERAPTIV: |
125 |
+diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c |
126 |
+index a559908d180ec..ce49c2b9db7ee 100644 |
127 |
+--- a/arch/s390/kernel/setup.c |
128 |
++++ b/arch/s390/kernel/setup.c |
129 |
+@@ -529,7 +529,7 @@ static struct notifier_block kdump_mem_nb = { |
130 |
+ /* |
131 |
+ * Make sure that the area behind memory_end is protected |
132 |
+ */ |
133 |
+-static void reserve_memory_end(void) |
134 |
++static void __init reserve_memory_end(void) |
135 |
+ { |
136 |
+ #ifdef CONFIG_CRASH_DUMP |
137 |
+ if (ipl_info.type == IPL_TYPE_FCP_DUMP && |
138 |
+@@ -547,7 +547,7 @@ static void reserve_memory_end(void) |
139 |
+ /* |
140 |
+ * Make sure that oldmem, where the dump is stored, is protected |
141 |
+ */ |
142 |
+-static void reserve_oldmem(void) |
143 |
++static void __init reserve_oldmem(void) |
144 |
+ { |
145 |
+ #ifdef CONFIG_CRASH_DUMP |
146 |
+ if (OLDMEM_BASE) |
147 |
+@@ -559,7 +559,7 @@ static void reserve_oldmem(void) |
148 |
+ /* |
149 |
+ * Make sure that oldmem, where the dump is stored, is protected |
150 |
+ */ |
151 |
+-static void remove_oldmem(void) |
152 |
++static void __init remove_oldmem(void) |
153 |
+ { |
154 |
+ #ifdef CONFIG_CRASH_DUMP |
155 |
+ if (OLDMEM_BASE) |
156 |
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
157 |
+index 4af16acc001a3..204a5ce65afda 100644 |
158 |
+--- a/arch/x86/include/asm/nospec-branch.h |
159 |
++++ b/arch/x86/include/asm/nospec-branch.h |
160 |
+@@ -321,7 +321,7 @@ DECLARE_STATIC_KEY_FALSE(mds_idle_clear); |
161 |
+ * combination with microcode which triggers a CPU buffer flush when the |
162 |
+ * instruction is executed. |
163 |
+ */ |
164 |
+-static inline void mds_clear_cpu_buffers(void) |
165 |
++static __always_inline void mds_clear_cpu_buffers(void) |
166 |
+ { |
167 |
+ static const u16 ds = __KERNEL_DS; |
168 |
+ |
169 |
+@@ -342,7 +342,7 @@ static inline void mds_clear_cpu_buffers(void) |
170 |
+ * |
171 |
+ * Clear CPU buffers if the corresponding static key is enabled |
172 |
+ */ |
173 |
+-static inline void mds_user_clear_cpu_buffers(void) |
174 |
++static __always_inline void mds_user_clear_cpu_buffers(void) |
175 |
+ { |
176 |
+ if (static_branch_likely(&mds_user_clear)) |
177 |
+ mds_clear_cpu_buffers(); |
178 |
+diff --git a/arch/x86/include/asm/pkeys.h b/arch/x86/include/asm/pkeys.h |
179 |
+index c50d6dcf4a227..4e7273e176cb7 100644 |
180 |
+--- a/arch/x86/include/asm/pkeys.h |
181 |
++++ b/arch/x86/include/asm/pkeys.h |
182 |
+@@ -3,6 +3,11 @@ |
183 |
+ |
184 |
+ #define ARCH_DEFAULT_PKEY 0 |
185 |
+ |
186 |
++/* |
187 |
++ * If more than 16 keys are ever supported, a thorough audit |
188 |
++ * will be necessary to ensure that the types that store key |
189 |
++ * numbers and masks have sufficient capacity. |
190 |
++ */ |
191 |
+ #define arch_max_pkey() (boot_cpu_has(X86_FEATURE_OSPKE) ? 16 : 1) |
192 |
+ |
193 |
+ extern int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, |
194 |
+diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c |
195 |
+index e9d7f461b7fa5..dbd396c913488 100644 |
196 |
+--- a/arch/x86/kernel/fpu/xstate.c |
197 |
++++ b/arch/x86/kernel/fpu/xstate.c |
198 |
+@@ -871,8 +871,6 @@ const void *get_xsave_field_ptr(int xsave_state) |
199 |
+ |
200 |
+ #ifdef CONFIG_ARCH_HAS_PKEYS |
201 |
+ |
202 |
+-#define NR_VALID_PKRU_BITS (CONFIG_NR_PROTECTION_KEYS * 2) |
203 |
+-#define PKRU_VALID_MASK (NR_VALID_PKRU_BITS - 1) |
204 |
+ /* |
205 |
+ * This will go out and modify PKRU register to set the access |
206 |
+ * rights for @pkey to @init_val. |
207 |
+@@ -891,6 +889,13 @@ int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, |
208 |
+ if (!boot_cpu_has(X86_FEATURE_OSPKE)) |
209 |
+ return -EINVAL; |
210 |
+ |
211 |
++ /* |
212 |
++ * This code should only be called with valid 'pkey' |
213 |
++ * values originating from in-kernel users. Complain |
214 |
++ * if a bad value is observed. |
215 |
++ */ |
216 |
++ WARN_ON_ONCE(pkey >= arch_max_pkey()); |
217 |
++ |
218 |
+ /* Set the bits we need in PKRU: */ |
219 |
+ if (init_val & PKEY_DISABLE_ACCESS) |
220 |
+ new_pkru_bits |= PKRU_AD_BIT; |
221 |
+diff --git a/arch/x86/kvm/mmutrace.h b/arch/x86/kvm/mmutrace.h |
222 |
+index 756b14ecc957a..df1076b0eabf3 100644 |
223 |
+--- a/arch/x86/kvm/mmutrace.h |
224 |
++++ b/arch/x86/kvm/mmutrace.h |
225 |
+@@ -336,7 +336,7 @@ TRACE_EVENT( |
226 |
+ /* These depend on page entry type, so compute them now. */ |
227 |
+ __field(bool, r) |
228 |
+ __field(bool, x) |
229 |
+- __field(u8, u) |
230 |
++ __field(signed char, u) |
231 |
+ ), |
232 |
+ |
233 |
+ TP_fast_assign( |
234 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
235 |
+index 6b7faa14c27bb..3c0f9be107e42 100644 |
236 |
+--- a/arch/x86/kvm/x86.c |
237 |
++++ b/arch/x86/kvm/x86.c |
238 |
+@@ -4263,10 +4263,13 @@ long kvm_arch_vm_ioctl(struct file *filp, |
239 |
+ r = -EFAULT; |
240 |
+ if (copy_from_user(&u.ps, argp, sizeof u.ps)) |
241 |
+ goto out; |
242 |
++ mutex_lock(&kvm->lock); |
243 |
+ r = -ENXIO; |
244 |
+ if (!kvm->arch.vpit) |
245 |
+- goto out; |
246 |
++ goto set_pit_out; |
247 |
+ r = kvm_vm_ioctl_set_pit(kvm, &u.ps); |
248 |
++set_pit_out: |
249 |
++ mutex_unlock(&kvm->lock); |
250 |
+ break; |
251 |
+ } |
252 |
+ case KVM_GET_PIT2: { |
253 |
+@@ -4286,10 +4289,13 @@ long kvm_arch_vm_ioctl(struct file *filp, |
254 |
+ r = -EFAULT; |
255 |
+ if (copy_from_user(&u.ps2, argp, sizeof(u.ps2))) |
256 |
+ goto out; |
257 |
++ mutex_lock(&kvm->lock); |
258 |
+ r = -ENXIO; |
259 |
+ if (!kvm->arch.vpit) |
260 |
+- goto out; |
261 |
++ goto set_pit2_out; |
262 |
+ r = kvm_vm_ioctl_set_pit2(kvm, &u.ps2); |
263 |
++set_pit2_out: |
264 |
++ mutex_unlock(&kvm->lock); |
265 |
+ break; |
266 |
+ } |
267 |
+ case KVM_REINJECT_CONTROL: { |
268 |
+diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c |
269 |
+index 307b3e28f34ce..8781b5dc97f1c 100644 |
270 |
+--- a/drivers/acpi/ec.c |
271 |
++++ b/drivers/acpi/ec.c |
272 |
+@@ -1049,29 +1049,21 @@ void acpi_ec_unblock_transactions(void) |
273 |
+ /* -------------------------------------------------------------------------- |
274 |
+ Event Management |
275 |
+ -------------------------------------------------------------------------- */ |
276 |
+-static struct acpi_ec_query_handler * |
277 |
+-acpi_ec_get_query_handler(struct acpi_ec_query_handler *handler) |
278 |
+-{ |
279 |
+- if (handler) |
280 |
+- kref_get(&handler->kref); |
281 |
+- return handler; |
282 |
+-} |
283 |
+- |
284 |
+ static struct acpi_ec_query_handler * |
285 |
+ acpi_ec_get_query_handler_by_value(struct acpi_ec *ec, u8 value) |
286 |
+ { |
287 |
+ struct acpi_ec_query_handler *handler; |
288 |
+- bool found = false; |
289 |
+ |
290 |
+ mutex_lock(&ec->mutex); |
291 |
+ list_for_each_entry(handler, &ec->list, node) { |
292 |
+ if (value == handler->query_bit) { |
293 |
+- found = true; |
294 |
+- break; |
295 |
++ kref_get(&handler->kref); |
296 |
++ mutex_unlock(&ec->mutex); |
297 |
++ return handler; |
298 |
+ } |
299 |
+ } |
300 |
+ mutex_unlock(&ec->mutex); |
301 |
+- return found ? acpi_ec_get_query_handler(handler) : NULL; |
302 |
++ return NULL; |
303 |
+ } |
304 |
+ |
305 |
+ static void acpi_ec_query_handler_release(struct kref *kref) |
306 |
+diff --git a/drivers/ata/acard-ahci.c b/drivers/ata/acard-ahci.c |
307 |
+index ed6a30cd681a0..98581ae397c12 100644 |
308 |
+--- a/drivers/ata/acard-ahci.c |
309 |
++++ b/drivers/ata/acard-ahci.c |
310 |
+@@ -72,7 +72,7 @@ struct acard_sg { |
311 |
+ __le32 size; /* bit 31 (EOT) max==0x10000 (64k) */ |
312 |
+ }; |
313 |
+ |
314 |
+-static void acard_ahci_qc_prep(struct ata_queued_cmd *qc); |
315 |
++static enum ata_completion_errors acard_ahci_qc_prep(struct ata_queued_cmd *qc); |
316 |
+ static bool acard_ahci_qc_fill_rtf(struct ata_queued_cmd *qc); |
317 |
+ static int acard_ahci_port_start(struct ata_port *ap); |
318 |
+ static int acard_ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); |
319 |
+@@ -257,7 +257,7 @@ static unsigned int acard_ahci_fill_sg(struct ata_queued_cmd *qc, void *cmd_tbl) |
320 |
+ return si; |
321 |
+ } |
322 |
+ |
323 |
+-static void acard_ahci_qc_prep(struct ata_queued_cmd *qc) |
324 |
++static enum ata_completion_errors acard_ahci_qc_prep(struct ata_queued_cmd *qc) |
325 |
+ { |
326 |
+ struct ata_port *ap = qc->ap; |
327 |
+ struct ahci_port_priv *pp = ap->private_data; |
328 |
+@@ -295,6 +295,8 @@ static void acard_ahci_qc_prep(struct ata_queued_cmd *qc) |
329 |
+ opts |= AHCI_CMD_ATAPI | AHCI_CMD_PREFETCH; |
330 |
+ |
331 |
+ ahci_fill_cmd_slot(pp, qc->tag, opts); |
332 |
++ |
333 |
++ return AC_ERR_OK; |
334 |
+ } |
335 |
+ |
336 |
+ static bool acard_ahci_qc_fill_rtf(struct ata_queued_cmd *qc) |
337 |
+diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c |
338 |
+index 1610fff19bb39..984260902d0be 100644 |
339 |
+--- a/drivers/ata/libahci.c |
340 |
++++ b/drivers/ata/libahci.c |
341 |
+@@ -73,7 +73,7 @@ static int ahci_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); |
342 |
+ static bool ahci_qc_fill_rtf(struct ata_queued_cmd *qc); |
343 |
+ static int ahci_port_start(struct ata_port *ap); |
344 |
+ static void ahci_port_stop(struct ata_port *ap); |
345 |
+-static void ahci_qc_prep(struct ata_queued_cmd *qc); |
346 |
++static enum ata_completion_errors ahci_qc_prep(struct ata_queued_cmd *qc); |
347 |
+ static int ahci_pmp_qc_defer(struct ata_queued_cmd *qc); |
348 |
+ static void ahci_freeze(struct ata_port *ap); |
349 |
+ static void ahci_thaw(struct ata_port *ap); |
350 |
+@@ -1607,7 +1607,7 @@ static int ahci_pmp_qc_defer(struct ata_queued_cmd *qc) |
351 |
+ return sata_pmp_qc_defer_cmd_switch(qc); |
352 |
+ } |
353 |
+ |
354 |
+-static void ahci_qc_prep(struct ata_queued_cmd *qc) |
355 |
++static enum ata_completion_errors ahci_qc_prep(struct ata_queued_cmd *qc) |
356 |
+ { |
357 |
+ struct ata_port *ap = qc->ap; |
358 |
+ struct ahci_port_priv *pp = ap->private_data; |
359 |
+@@ -1643,6 +1643,8 @@ static void ahci_qc_prep(struct ata_queued_cmd *qc) |
360 |
+ opts |= AHCI_CMD_ATAPI | AHCI_CMD_PREFETCH; |
361 |
+ |
362 |
+ ahci_fill_cmd_slot(pp, qc->tag, opts); |
363 |
++ |
364 |
++ return AC_ERR_OK; |
365 |
+ } |
366 |
+ |
367 |
+ static void ahci_fbs_dec_intr(struct ata_port *ap) |
368 |
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
369 |
+index 2aa10cd4c5b75..228a4cfb0e7d2 100644 |
370 |
+--- a/drivers/ata/libata-core.c |
371 |
++++ b/drivers/ata/libata-core.c |
372 |
+@@ -4895,7 +4895,10 @@ int ata_std_qc_defer(struct ata_queued_cmd *qc) |
373 |
+ return ATA_DEFER_LINK; |
374 |
+ } |
375 |
+ |
376 |
+-void ata_noop_qc_prep(struct ata_queued_cmd *qc) { } |
377 |
++enum ata_completion_errors ata_noop_qc_prep(struct ata_queued_cmd *qc) |
378 |
++{ |
379 |
++ return AC_ERR_OK; |
380 |
++} |
381 |
+ |
382 |
+ /** |
383 |
+ * ata_sg_init - Associate command with scatter-gather table. |
384 |
+@@ -5313,7 +5316,9 @@ void ata_qc_issue(struct ata_queued_cmd *qc) |
385 |
+ return; |
386 |
+ } |
387 |
+ |
388 |
+- ap->ops->qc_prep(qc); |
389 |
++ qc->err_mask |= ap->ops->qc_prep(qc); |
390 |
++ if (unlikely(qc->err_mask)) |
391 |
++ goto err; |
392 |
+ trace_ata_qc_issue(qc); |
393 |
+ qc->err_mask |= ap->ops->qc_issue(qc); |
394 |
+ if (unlikely(qc->err_mask)) |
395 |
+diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c |
396 |
+index 0e2bc5b9a78c1..0edd83cae0fd0 100644 |
397 |
+--- a/drivers/ata/libata-sff.c |
398 |
++++ b/drivers/ata/libata-sff.c |
399 |
+@@ -2742,12 +2742,14 @@ static void ata_bmdma_fill_sg_dumb(struct ata_queued_cmd *qc) |
400 |
+ * LOCKING: |
401 |
+ * spin_lock_irqsave(host lock) |
402 |
+ */ |
403 |
+-void ata_bmdma_qc_prep(struct ata_queued_cmd *qc) |
404 |
++enum ata_completion_errors ata_bmdma_qc_prep(struct ata_queued_cmd *qc) |
405 |
+ { |
406 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
407 |
+- return; |
408 |
++ return AC_ERR_OK; |
409 |
+ |
410 |
+ ata_bmdma_fill_sg(qc); |
411 |
++ |
412 |
++ return AC_ERR_OK; |
413 |
+ } |
414 |
+ EXPORT_SYMBOL_GPL(ata_bmdma_qc_prep); |
415 |
+ |
416 |
+@@ -2760,12 +2762,14 @@ EXPORT_SYMBOL_GPL(ata_bmdma_qc_prep); |
417 |
+ * LOCKING: |
418 |
+ * spin_lock_irqsave(host lock) |
419 |
+ */ |
420 |
+-void ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc) |
421 |
++enum ata_completion_errors ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc) |
422 |
+ { |
423 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
424 |
+- return; |
425 |
++ return AC_ERR_OK; |
426 |
+ |
427 |
+ ata_bmdma_fill_sg_dumb(qc); |
428 |
++ |
429 |
++ return AC_ERR_OK; |
430 |
+ } |
431 |
+ EXPORT_SYMBOL_GPL(ata_bmdma_dumb_qc_prep); |
432 |
+ |
433 |
+diff --git a/drivers/ata/pata_macio.c b/drivers/ata/pata_macio.c |
434 |
+index e347e7acd8edb..d8000bbd1e11d 100644 |
435 |
+--- a/drivers/ata/pata_macio.c |
436 |
++++ b/drivers/ata/pata_macio.c |
437 |
+@@ -507,7 +507,7 @@ static int pata_macio_cable_detect(struct ata_port *ap) |
438 |
+ return ATA_CBL_PATA40; |
439 |
+ } |
440 |
+ |
441 |
+-static void pata_macio_qc_prep(struct ata_queued_cmd *qc) |
442 |
++static enum ata_completion_errors pata_macio_qc_prep(struct ata_queued_cmd *qc) |
443 |
+ { |
444 |
+ unsigned int write = (qc->tf.flags & ATA_TFLAG_WRITE); |
445 |
+ struct ata_port *ap = qc->ap; |
446 |
+@@ -520,7 +520,7 @@ static void pata_macio_qc_prep(struct ata_queued_cmd *qc) |
447 |
+ __func__, qc, qc->flags, write, qc->dev->devno); |
448 |
+ |
449 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
450 |
+- return; |
451 |
++ return AC_ERR_OK; |
452 |
+ |
453 |
+ table = (struct dbdma_cmd *) priv->dma_table_cpu; |
454 |
+ |
455 |
+@@ -565,6 +565,8 @@ static void pata_macio_qc_prep(struct ata_queued_cmd *qc) |
456 |
+ table->command = cpu_to_le16(DBDMA_STOP); |
457 |
+ |
458 |
+ dev_dbgdma(priv->dev, "%s: %d DMA list entries\n", __func__, pi); |
459 |
++ |
460 |
++ return AC_ERR_OK; |
461 |
+ } |
462 |
+ |
463 |
+ |
464 |
+diff --git a/drivers/ata/pata_pxa.c b/drivers/ata/pata_pxa.c |
465 |
+index f6c46e9a4dc0f..d7186a503e358 100644 |
466 |
+--- a/drivers/ata/pata_pxa.c |
467 |
++++ b/drivers/ata/pata_pxa.c |
468 |
+@@ -59,25 +59,27 @@ static void pxa_ata_dma_irq(void *d) |
469 |
+ /* |
470 |
+ * Prepare taskfile for submission. |
471 |
+ */ |
472 |
+-static void pxa_qc_prep(struct ata_queued_cmd *qc) |
473 |
++static enum ata_completion_errors pxa_qc_prep(struct ata_queued_cmd *qc) |
474 |
+ { |
475 |
+ struct pata_pxa_data *pd = qc->ap->private_data; |
476 |
+ struct dma_async_tx_descriptor *tx; |
477 |
+ enum dma_transfer_direction dir; |
478 |
+ |
479 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
480 |
+- return; |
481 |
++ return AC_ERR_OK; |
482 |
+ |
483 |
+ dir = (qc->dma_dir == DMA_TO_DEVICE ? DMA_MEM_TO_DEV : DMA_DEV_TO_MEM); |
484 |
+ tx = dmaengine_prep_slave_sg(pd->dma_chan, qc->sg, qc->n_elem, dir, |
485 |
+ DMA_PREP_INTERRUPT); |
486 |
+ if (!tx) { |
487 |
+ ata_dev_err(qc->dev, "prep_slave_sg() failed\n"); |
488 |
+- return; |
489 |
++ return AC_ERR_OK; |
490 |
+ } |
491 |
+ tx->callback = pxa_ata_dma_irq; |
492 |
+ tx->callback_param = pd; |
493 |
+ pd->dma_cookie = dmaengine_submit(tx); |
494 |
++ |
495 |
++ return AC_ERR_OK; |
496 |
+ } |
497 |
+ |
498 |
+ /* |
499 |
+diff --git a/drivers/ata/pdc_adma.c b/drivers/ata/pdc_adma.c |
500 |
+index 64d682c6ee57e..11da13bea2c93 100644 |
501 |
+--- a/drivers/ata/pdc_adma.c |
502 |
++++ b/drivers/ata/pdc_adma.c |
503 |
+@@ -132,7 +132,7 @@ static int adma_ata_init_one(struct pci_dev *pdev, |
504 |
+ const struct pci_device_id *ent); |
505 |
+ static int adma_port_start(struct ata_port *ap); |
506 |
+ static void adma_port_stop(struct ata_port *ap); |
507 |
+-static void adma_qc_prep(struct ata_queued_cmd *qc); |
508 |
++static enum ata_completion_errors adma_qc_prep(struct ata_queued_cmd *qc); |
509 |
+ static unsigned int adma_qc_issue(struct ata_queued_cmd *qc); |
510 |
+ static int adma_check_atapi_dma(struct ata_queued_cmd *qc); |
511 |
+ static void adma_freeze(struct ata_port *ap); |
512 |
+@@ -311,7 +311,7 @@ static int adma_fill_sg(struct ata_queued_cmd *qc) |
513 |
+ return i; |
514 |
+ } |
515 |
+ |
516 |
+-static void adma_qc_prep(struct ata_queued_cmd *qc) |
517 |
++static enum ata_completion_errors adma_qc_prep(struct ata_queued_cmd *qc) |
518 |
+ { |
519 |
+ struct adma_port_priv *pp = qc->ap->private_data; |
520 |
+ u8 *buf = pp->pkt; |
521 |
+@@ -322,7 +322,7 @@ static void adma_qc_prep(struct ata_queued_cmd *qc) |
522 |
+ |
523 |
+ adma_enter_reg_mode(qc->ap); |
524 |
+ if (qc->tf.protocol != ATA_PROT_DMA) |
525 |
+- return; |
526 |
++ return AC_ERR_OK; |
527 |
+ |
528 |
+ buf[i++] = 0; /* Response flags */ |
529 |
+ buf[i++] = 0; /* reserved */ |
530 |
+@@ -387,6 +387,7 @@ static void adma_qc_prep(struct ata_queued_cmd *qc) |
531 |
+ printk("%s\n", obuf); |
532 |
+ } |
533 |
+ #endif |
534 |
++ return AC_ERR_OK; |
535 |
+ } |
536 |
+ |
537 |
+ static inline void adma_packet_start(struct ata_queued_cmd *qc) |
538 |
+diff --git a/drivers/ata/sata_fsl.c b/drivers/ata/sata_fsl.c |
539 |
+index a723ae9297831..100b5a3621ef3 100644 |
540 |
+--- a/drivers/ata/sata_fsl.c |
541 |
++++ b/drivers/ata/sata_fsl.c |
542 |
+@@ -513,7 +513,7 @@ static unsigned int sata_fsl_fill_sg(struct ata_queued_cmd *qc, void *cmd_desc, |
543 |
+ return num_prde; |
544 |
+ } |
545 |
+ |
546 |
+-static void sata_fsl_qc_prep(struct ata_queued_cmd *qc) |
547 |
++static enum ata_completion_errors sata_fsl_qc_prep(struct ata_queued_cmd *qc) |
548 |
+ { |
549 |
+ struct ata_port *ap = qc->ap; |
550 |
+ struct sata_fsl_port_priv *pp = ap->private_data; |
551 |
+@@ -559,6 +559,8 @@ static void sata_fsl_qc_prep(struct ata_queued_cmd *qc) |
552 |
+ |
553 |
+ VPRINTK("SATA FSL : xx_qc_prep, di = 0x%x, ttl = %d, num_prde = %d\n", |
554 |
+ desc_info, ttl_dwords, num_prde); |
555 |
++ |
556 |
++ return AC_ERR_OK; |
557 |
+ } |
558 |
+ |
559 |
+ static unsigned int sata_fsl_qc_issue(struct ata_queued_cmd *qc) |
560 |
+diff --git a/drivers/ata/sata_inic162x.c b/drivers/ata/sata_inic162x.c |
561 |
+index e81a8217f1ff7..349a175f02675 100644 |
562 |
+--- a/drivers/ata/sata_inic162x.c |
563 |
++++ b/drivers/ata/sata_inic162x.c |
564 |
+@@ -472,7 +472,7 @@ static void inic_fill_sg(struct inic_prd *prd, struct ata_queued_cmd *qc) |
565 |
+ prd[-1].flags |= PRD_END; |
566 |
+ } |
567 |
+ |
568 |
+-static void inic_qc_prep(struct ata_queued_cmd *qc) |
569 |
++static enum ata_completion_errors inic_qc_prep(struct ata_queued_cmd *qc) |
570 |
+ { |
571 |
+ struct inic_port_priv *pp = qc->ap->private_data; |
572 |
+ struct inic_pkt *pkt = pp->pkt; |
573 |
+@@ -532,6 +532,8 @@ static void inic_qc_prep(struct ata_queued_cmd *qc) |
574 |
+ inic_fill_sg(prd, qc); |
575 |
+ |
576 |
+ pp->cpb_tbl[0] = pp->pkt_dma; |
577 |
++ |
578 |
++ return AC_ERR_OK; |
579 |
+ } |
580 |
+ |
581 |
+ static unsigned int inic_qc_issue(struct ata_queued_cmd *qc) |
582 |
+diff --git a/drivers/ata/sata_mv.c b/drivers/ata/sata_mv.c |
583 |
+index 2f32782cea6d9..513ef298dd960 100644 |
584 |
+--- a/drivers/ata/sata_mv.c |
585 |
++++ b/drivers/ata/sata_mv.c |
586 |
+@@ -605,8 +605,8 @@ static int mv5_scr_write(struct ata_link *link, unsigned int sc_reg_in, u32 val) |
587 |
+ static int mv_port_start(struct ata_port *ap); |
588 |
+ static void mv_port_stop(struct ata_port *ap); |
589 |
+ static int mv_qc_defer(struct ata_queued_cmd *qc); |
590 |
+-static void mv_qc_prep(struct ata_queued_cmd *qc); |
591 |
+-static void mv_qc_prep_iie(struct ata_queued_cmd *qc); |
592 |
++static enum ata_completion_errors mv_qc_prep(struct ata_queued_cmd *qc); |
593 |
++static enum ata_completion_errors mv_qc_prep_iie(struct ata_queued_cmd *qc); |
594 |
+ static unsigned int mv_qc_issue(struct ata_queued_cmd *qc); |
595 |
+ static int mv_hardreset(struct ata_link *link, unsigned int *class, |
596 |
+ unsigned long deadline); |
597 |
+@@ -2044,7 +2044,7 @@ static void mv_rw_multi_errata_sata24(struct ata_queued_cmd *qc) |
598 |
+ * LOCKING: |
599 |
+ * Inherited from caller. |
600 |
+ */ |
601 |
+-static void mv_qc_prep(struct ata_queued_cmd *qc) |
602 |
++static enum ata_completion_errors mv_qc_prep(struct ata_queued_cmd *qc) |
603 |
+ { |
604 |
+ struct ata_port *ap = qc->ap; |
605 |
+ struct mv_port_priv *pp = ap->private_data; |
606 |
+@@ -2056,15 +2056,15 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
607 |
+ switch (tf->protocol) { |
608 |
+ case ATA_PROT_DMA: |
609 |
+ if (tf->command == ATA_CMD_DSM) |
610 |
+- return; |
611 |
++ return AC_ERR_OK; |
612 |
+ /* fall-thru */ |
613 |
+ case ATA_PROT_NCQ: |
614 |
+ break; /* continue below */ |
615 |
+ case ATA_PROT_PIO: |
616 |
+ mv_rw_multi_errata_sata24(qc); |
617 |
+- return; |
618 |
++ return AC_ERR_OK; |
619 |
+ default: |
620 |
+- return; |
621 |
++ return AC_ERR_OK; |
622 |
+ } |
623 |
+ |
624 |
+ /* Fill in command request block |
625 |
+@@ -2111,12 +2111,10 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
626 |
+ * non-NCQ mode are: [RW] STREAM DMA and W DMA FUA EXT, none |
627 |
+ * of which are defined/used by Linux. If we get here, this |
628 |
+ * driver needs work. |
629 |
+- * |
630 |
+- * FIXME: modify libata to give qc_prep a return value and |
631 |
+- * return error here. |
632 |
+ */ |
633 |
+- BUG_ON(tf->command); |
634 |
+- break; |
635 |
++ ata_port_err(ap, "%s: unsupported command: %.2x\n", __func__, |
636 |
++ tf->command); |
637 |
++ return AC_ERR_INVALID; |
638 |
+ } |
639 |
+ mv_crqb_pack_cmd(cw++, tf->nsect, ATA_REG_NSECT, 0); |
640 |
+ mv_crqb_pack_cmd(cw++, tf->hob_lbal, ATA_REG_LBAL, 0); |
641 |
+@@ -2129,8 +2127,10 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
642 |
+ mv_crqb_pack_cmd(cw++, tf->command, ATA_REG_CMD, 1); /* last */ |
643 |
+ |
644 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
645 |
+- return; |
646 |
++ return AC_ERR_OK; |
647 |
+ mv_fill_sg(qc); |
648 |
++ |
649 |
++ return AC_ERR_OK; |
650 |
+ } |
651 |
+ |
652 |
+ /** |
653 |
+@@ -2145,7 +2145,7 @@ static void mv_qc_prep(struct ata_queued_cmd *qc) |
654 |
+ * LOCKING: |
655 |
+ * Inherited from caller. |
656 |
+ */ |
657 |
+-static void mv_qc_prep_iie(struct ata_queued_cmd *qc) |
658 |
++static enum ata_completion_errors mv_qc_prep_iie(struct ata_queued_cmd *qc) |
659 |
+ { |
660 |
+ struct ata_port *ap = qc->ap; |
661 |
+ struct mv_port_priv *pp = ap->private_data; |
662 |
+@@ -2156,9 +2156,9 @@ static void mv_qc_prep_iie(struct ata_queued_cmd *qc) |
663 |
+ |
664 |
+ if ((tf->protocol != ATA_PROT_DMA) && |
665 |
+ (tf->protocol != ATA_PROT_NCQ)) |
666 |
+- return; |
667 |
++ return AC_ERR_OK; |
668 |
+ if (tf->command == ATA_CMD_DSM) |
669 |
+- return; /* use bmdma for this */ |
670 |
++ return AC_ERR_OK; /* use bmdma for this */ |
671 |
+ |
672 |
+ /* Fill in Gen IIE command request block */ |
673 |
+ if (!(tf->flags & ATA_TFLAG_WRITE)) |
674 |
+@@ -2199,8 +2199,10 @@ static void mv_qc_prep_iie(struct ata_queued_cmd *qc) |
675 |
+ ); |
676 |
+ |
677 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
678 |
+- return; |
679 |
++ return AC_ERR_OK; |
680 |
+ mv_fill_sg(qc); |
681 |
++ |
682 |
++ return AC_ERR_OK; |
683 |
+ } |
684 |
+ |
685 |
+ /** |
686 |
+diff --git a/drivers/ata/sata_nv.c b/drivers/ata/sata_nv.c |
687 |
+index 734f563b8d37b..bb098c4ae1775 100644 |
688 |
+--- a/drivers/ata/sata_nv.c |
689 |
++++ b/drivers/ata/sata_nv.c |
690 |
+@@ -313,7 +313,7 @@ static void nv_ck804_freeze(struct ata_port *ap); |
691 |
+ static void nv_ck804_thaw(struct ata_port *ap); |
692 |
+ static int nv_adma_slave_config(struct scsi_device *sdev); |
693 |
+ static int nv_adma_check_atapi_dma(struct ata_queued_cmd *qc); |
694 |
+-static void nv_adma_qc_prep(struct ata_queued_cmd *qc); |
695 |
++static enum ata_completion_errors nv_adma_qc_prep(struct ata_queued_cmd *qc); |
696 |
+ static unsigned int nv_adma_qc_issue(struct ata_queued_cmd *qc); |
697 |
+ static irqreturn_t nv_adma_interrupt(int irq, void *dev_instance); |
698 |
+ static void nv_adma_irq_clear(struct ata_port *ap); |
699 |
+@@ -335,7 +335,7 @@ static void nv_mcp55_freeze(struct ata_port *ap); |
700 |
+ static void nv_swncq_error_handler(struct ata_port *ap); |
701 |
+ static int nv_swncq_slave_config(struct scsi_device *sdev); |
702 |
+ static int nv_swncq_port_start(struct ata_port *ap); |
703 |
+-static void nv_swncq_qc_prep(struct ata_queued_cmd *qc); |
704 |
++static enum ata_completion_errors nv_swncq_qc_prep(struct ata_queued_cmd *qc); |
705 |
+ static void nv_swncq_fill_sg(struct ata_queued_cmd *qc); |
706 |
+ static unsigned int nv_swncq_qc_issue(struct ata_queued_cmd *qc); |
707 |
+ static void nv_swncq_irq_clear(struct ata_port *ap, u16 fis); |
708 |
+@@ -1382,7 +1382,7 @@ static int nv_adma_use_reg_mode(struct ata_queued_cmd *qc) |
709 |
+ return 1; |
710 |
+ } |
711 |
+ |
712 |
+-static void nv_adma_qc_prep(struct ata_queued_cmd *qc) |
713 |
++static enum ata_completion_errors nv_adma_qc_prep(struct ata_queued_cmd *qc) |
714 |
+ { |
715 |
+ struct nv_adma_port_priv *pp = qc->ap->private_data; |
716 |
+ struct nv_adma_cpb *cpb = &pp->cpb[qc->tag]; |
717 |
+@@ -1394,7 +1394,7 @@ static void nv_adma_qc_prep(struct ata_queued_cmd *qc) |
718 |
+ (qc->flags & ATA_QCFLAG_DMAMAP)); |
719 |
+ nv_adma_register_mode(qc->ap); |
720 |
+ ata_bmdma_qc_prep(qc); |
721 |
+- return; |
722 |
++ return AC_ERR_OK; |
723 |
+ } |
724 |
+ |
725 |
+ cpb->resp_flags = NV_CPB_RESP_DONE; |
726 |
+@@ -1426,6 +1426,8 @@ static void nv_adma_qc_prep(struct ata_queued_cmd *qc) |
727 |
+ cpb->ctl_flags = ctl_flags; |
728 |
+ wmb(); |
729 |
+ cpb->resp_flags = 0; |
730 |
++ |
731 |
++ return AC_ERR_OK; |
732 |
+ } |
733 |
+ |
734 |
+ static unsigned int nv_adma_qc_issue(struct ata_queued_cmd *qc) |
735 |
+@@ -1989,17 +1991,19 @@ static int nv_swncq_port_start(struct ata_port *ap) |
736 |
+ return 0; |
737 |
+ } |
738 |
+ |
739 |
+-static void nv_swncq_qc_prep(struct ata_queued_cmd *qc) |
740 |
++static enum ata_completion_errors nv_swncq_qc_prep(struct ata_queued_cmd *qc) |
741 |
+ { |
742 |
+ if (qc->tf.protocol != ATA_PROT_NCQ) { |
743 |
+ ata_bmdma_qc_prep(qc); |
744 |
+- return; |
745 |
++ return AC_ERR_OK; |
746 |
+ } |
747 |
+ |
748 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
749 |
+- return; |
750 |
++ return AC_ERR_OK; |
751 |
+ |
752 |
+ nv_swncq_fill_sg(qc); |
753 |
++ |
754 |
++ return AC_ERR_OK; |
755 |
+ } |
756 |
+ |
757 |
+ static void nv_swncq_fill_sg(struct ata_queued_cmd *qc) |
758 |
+diff --git a/drivers/ata/sata_promise.c b/drivers/ata/sata_promise.c |
759 |
+index 0fa211e2831cd..8ad8b376a642c 100644 |
760 |
+--- a/drivers/ata/sata_promise.c |
761 |
++++ b/drivers/ata/sata_promise.c |
762 |
+@@ -155,7 +155,7 @@ static int pdc_sata_scr_write(struct ata_link *link, unsigned int sc_reg, u32 va |
763 |
+ static int pdc_ata_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); |
764 |
+ static int pdc_common_port_start(struct ata_port *ap); |
765 |
+ static int pdc_sata_port_start(struct ata_port *ap); |
766 |
+-static void pdc_qc_prep(struct ata_queued_cmd *qc); |
767 |
++static enum ata_completion_errors pdc_qc_prep(struct ata_queued_cmd *qc); |
768 |
+ static void pdc_tf_load_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
769 |
+ static void pdc_exec_command_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
770 |
+ static int pdc_check_atapi_dma(struct ata_queued_cmd *qc); |
771 |
+@@ -649,7 +649,7 @@ static void pdc_fill_sg(struct ata_queued_cmd *qc) |
772 |
+ prd[idx - 1].flags_len |= cpu_to_le32(ATA_PRD_EOT); |
773 |
+ } |
774 |
+ |
775 |
+-static void pdc_qc_prep(struct ata_queued_cmd *qc) |
776 |
++static enum ata_completion_errors pdc_qc_prep(struct ata_queued_cmd *qc) |
777 |
+ { |
778 |
+ struct pdc_port_priv *pp = qc->ap->private_data; |
779 |
+ unsigned int i; |
780 |
+@@ -681,6 +681,8 @@ static void pdc_qc_prep(struct ata_queued_cmd *qc) |
781 |
+ default: |
782 |
+ break; |
783 |
+ } |
784 |
++ |
785 |
++ return AC_ERR_OK; |
786 |
+ } |
787 |
+ |
788 |
+ static int pdc_is_sataii_tx4(unsigned long flags) |
789 |
+diff --git a/drivers/ata/sata_qstor.c b/drivers/ata/sata_qstor.c |
790 |
+index af987a4f33d19..80ff3bbfc8269 100644 |
791 |
+--- a/drivers/ata/sata_qstor.c |
792 |
++++ b/drivers/ata/sata_qstor.c |
793 |
+@@ -116,7 +116,7 @@ static int qs_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); |
794 |
+ static int qs_ata_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); |
795 |
+ static int qs_port_start(struct ata_port *ap); |
796 |
+ static void qs_host_stop(struct ata_host *host); |
797 |
+-static void qs_qc_prep(struct ata_queued_cmd *qc); |
798 |
++static enum ata_completion_errors qs_qc_prep(struct ata_queued_cmd *qc); |
799 |
+ static unsigned int qs_qc_issue(struct ata_queued_cmd *qc); |
800 |
+ static int qs_check_atapi_dma(struct ata_queued_cmd *qc); |
801 |
+ static void qs_freeze(struct ata_port *ap); |
802 |
+@@ -276,7 +276,7 @@ static unsigned int qs_fill_sg(struct ata_queued_cmd *qc) |
803 |
+ return si; |
804 |
+ } |
805 |
+ |
806 |
+-static void qs_qc_prep(struct ata_queued_cmd *qc) |
807 |
++static enum ata_completion_errors qs_qc_prep(struct ata_queued_cmd *qc) |
808 |
+ { |
809 |
+ struct qs_port_priv *pp = qc->ap->private_data; |
810 |
+ u8 dflags = QS_DF_PORD, *buf = pp->pkt; |
811 |
+@@ -288,7 +288,7 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) |
812 |
+ |
813 |
+ qs_enter_reg_mode(qc->ap); |
814 |
+ if (qc->tf.protocol != ATA_PROT_DMA) |
815 |
+- return; |
816 |
++ return AC_ERR_OK; |
817 |
+ |
818 |
+ nelem = qs_fill_sg(qc); |
819 |
+ |
820 |
+@@ -311,6 +311,8 @@ static void qs_qc_prep(struct ata_queued_cmd *qc) |
821 |
+ |
822 |
+ /* frame information structure (FIS) */ |
823 |
+ ata_tf_to_fis(&qc->tf, 0, 1, &buf[32]); |
824 |
++ |
825 |
++ return AC_ERR_OK; |
826 |
+ } |
827 |
+ |
828 |
+ static inline void qs_packet_start(struct ata_queued_cmd *qc) |
829 |
+diff --git a/drivers/ata/sata_rcar.c b/drivers/ata/sata_rcar.c |
830 |
+index 07e146b772ead..301419325b975 100644 |
831 |
+--- a/drivers/ata/sata_rcar.c |
832 |
++++ b/drivers/ata/sata_rcar.c |
833 |
+@@ -551,12 +551,14 @@ static void sata_rcar_bmdma_fill_sg(struct ata_queued_cmd *qc) |
834 |
+ prd[si - 1].addr |= cpu_to_le32(SATA_RCAR_DTEND); |
835 |
+ } |
836 |
+ |
837 |
+-static void sata_rcar_qc_prep(struct ata_queued_cmd *qc) |
838 |
++static enum ata_completion_errors sata_rcar_qc_prep(struct ata_queued_cmd *qc) |
839 |
+ { |
840 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
841 |
+- return; |
842 |
++ return AC_ERR_OK; |
843 |
+ |
844 |
+ sata_rcar_bmdma_fill_sg(qc); |
845 |
++ |
846 |
++ return AC_ERR_OK; |
847 |
+ } |
848 |
+ |
849 |
+ static void sata_rcar_bmdma_setup(struct ata_queued_cmd *qc) |
850 |
+diff --git a/drivers/ata/sata_sil.c b/drivers/ata/sata_sil.c |
851 |
+index 29bcff086bced..73156a301912f 100644 |
852 |
+--- a/drivers/ata/sata_sil.c |
853 |
++++ b/drivers/ata/sata_sil.c |
854 |
+@@ -119,7 +119,7 @@ static void sil_dev_config(struct ata_device *dev); |
855 |
+ static int sil_scr_read(struct ata_link *link, unsigned int sc_reg, u32 *val); |
856 |
+ static int sil_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); |
857 |
+ static int sil_set_mode(struct ata_link *link, struct ata_device **r_failed); |
858 |
+-static void sil_qc_prep(struct ata_queued_cmd *qc); |
859 |
++static enum ata_completion_errors sil_qc_prep(struct ata_queued_cmd *qc); |
860 |
+ static void sil_bmdma_setup(struct ata_queued_cmd *qc); |
861 |
+ static void sil_bmdma_start(struct ata_queued_cmd *qc); |
862 |
+ static void sil_bmdma_stop(struct ata_queued_cmd *qc); |
863 |
+@@ -333,12 +333,14 @@ static void sil_fill_sg(struct ata_queued_cmd *qc) |
864 |
+ last_prd->flags_len |= cpu_to_le32(ATA_PRD_EOT); |
865 |
+ } |
866 |
+ |
867 |
+-static void sil_qc_prep(struct ata_queued_cmd *qc) |
868 |
++static enum ata_completion_errors sil_qc_prep(struct ata_queued_cmd *qc) |
869 |
+ { |
870 |
+ if (!(qc->flags & ATA_QCFLAG_DMAMAP)) |
871 |
+- return; |
872 |
++ return AC_ERR_OK; |
873 |
+ |
874 |
+ sil_fill_sg(qc); |
875 |
++ |
876 |
++ return AC_ERR_OK; |
877 |
+ } |
878 |
+ |
879 |
+ static unsigned char sil_get_device_cache_line(struct pci_dev *pdev) |
880 |
+diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c |
881 |
+index 4b1995e2d044b..ffa3bf724054d 100644 |
882 |
+--- a/drivers/ata/sata_sil24.c |
883 |
++++ b/drivers/ata/sata_sil24.c |
884 |
+@@ -336,7 +336,7 @@ static void sil24_dev_config(struct ata_device *dev); |
885 |
+ static int sil24_scr_read(struct ata_link *link, unsigned sc_reg, u32 *val); |
886 |
+ static int sil24_scr_write(struct ata_link *link, unsigned sc_reg, u32 val); |
887 |
+ static int sil24_qc_defer(struct ata_queued_cmd *qc); |
888 |
+-static void sil24_qc_prep(struct ata_queued_cmd *qc); |
889 |
++static enum ata_completion_errors sil24_qc_prep(struct ata_queued_cmd *qc); |
890 |
+ static unsigned int sil24_qc_issue(struct ata_queued_cmd *qc); |
891 |
+ static bool sil24_qc_fill_rtf(struct ata_queued_cmd *qc); |
892 |
+ static void sil24_pmp_attach(struct ata_port *ap); |
893 |
+@@ -840,7 +840,7 @@ static int sil24_qc_defer(struct ata_queued_cmd *qc) |
894 |
+ return ata_std_qc_defer(qc); |
895 |
+ } |
896 |
+ |
897 |
+-static void sil24_qc_prep(struct ata_queued_cmd *qc) |
898 |
++static enum ata_completion_errors sil24_qc_prep(struct ata_queued_cmd *qc) |
899 |
+ { |
900 |
+ struct ata_port *ap = qc->ap; |
901 |
+ struct sil24_port_priv *pp = ap->private_data; |
902 |
+@@ -884,6 +884,8 @@ static void sil24_qc_prep(struct ata_queued_cmd *qc) |
903 |
+ |
904 |
+ if (qc->flags & ATA_QCFLAG_DMAMAP) |
905 |
+ sil24_fill_sg(qc, sge); |
906 |
++ |
907 |
++ return AC_ERR_OK; |
908 |
+ } |
909 |
+ |
910 |
+ static unsigned int sil24_qc_issue(struct ata_queued_cmd *qc) |
911 |
+diff --git a/drivers/ata/sata_sx4.c b/drivers/ata/sata_sx4.c |
912 |
+index 48301cb3a3165..043953200b52a 100644 |
913 |
+--- a/drivers/ata/sata_sx4.c |
914 |
++++ b/drivers/ata/sata_sx4.c |
915 |
+@@ -218,7 +218,7 @@ static void pdc_error_handler(struct ata_port *ap); |
916 |
+ static void pdc_freeze(struct ata_port *ap); |
917 |
+ static void pdc_thaw(struct ata_port *ap); |
918 |
+ static int pdc_port_start(struct ata_port *ap); |
919 |
+-static void pdc20621_qc_prep(struct ata_queued_cmd *qc); |
920 |
++static enum ata_completion_errors pdc20621_qc_prep(struct ata_queued_cmd *qc); |
921 |
+ static void pdc_tf_load_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
922 |
+ static void pdc_exec_command_mmio(struct ata_port *ap, const struct ata_taskfile *tf); |
923 |
+ static unsigned int pdc20621_dimm_init(struct ata_host *host); |
924 |
+@@ -546,7 +546,7 @@ static void pdc20621_nodata_prep(struct ata_queued_cmd *qc) |
925 |
+ VPRINTK("ata pkt buf ofs %u, mmio copied\n", i); |
926 |
+ } |
927 |
+ |
928 |
+-static void pdc20621_qc_prep(struct ata_queued_cmd *qc) |
929 |
++static enum ata_completion_errors pdc20621_qc_prep(struct ata_queued_cmd *qc) |
930 |
+ { |
931 |
+ switch (qc->tf.protocol) { |
932 |
+ case ATA_PROT_DMA: |
933 |
+@@ -558,6 +558,8 @@ static void pdc20621_qc_prep(struct ata_queued_cmd *qc) |
934 |
+ default: |
935 |
+ break; |
936 |
+ } |
937 |
++ |
938 |
++ return AC_ERR_OK; |
939 |
+ } |
940 |
+ |
941 |
+ static void __pdc20621_push_hdma(struct ata_queued_cmd *qc, |
942 |
+diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c |
943 |
+index 88819409e0beb..9d16743c49178 100644 |
944 |
+--- a/drivers/atm/eni.c |
945 |
++++ b/drivers/atm/eni.c |
946 |
+@@ -2243,7 +2243,7 @@ static int eni_init_one(struct pci_dev *pci_dev, |
947 |
+ |
948 |
+ rc = dma_set_mask_and_coherent(&pci_dev->dev, DMA_BIT_MASK(32)); |
949 |
+ if (rc < 0) |
950 |
+- goto out; |
951 |
++ goto err_disable; |
952 |
+ |
953 |
+ rc = -ENOMEM; |
954 |
+ eni_dev = kmalloc(sizeof(struct eni_dev), GFP_KERNEL); |
955 |
+diff --git a/drivers/char/tlclk.c b/drivers/char/tlclk.c |
956 |
+index 100cd1de9939d..59e1e94d12c01 100644 |
957 |
+--- a/drivers/char/tlclk.c |
958 |
++++ b/drivers/char/tlclk.c |
959 |
+@@ -777,17 +777,21 @@ static int __init tlclk_init(void) |
960 |
+ { |
961 |
+ int ret; |
962 |
+ |
963 |
++ telclk_interrupt = (inb(TLCLK_REG7) & 0x0f); |
964 |
++ |
965 |
++ alarm_events = kzalloc( sizeof(struct tlclk_alarms), GFP_KERNEL); |
966 |
++ if (!alarm_events) { |
967 |
++ ret = -ENOMEM; |
968 |
++ goto out1; |
969 |
++ } |
970 |
++ |
971 |
+ ret = register_chrdev(tlclk_major, "telco_clock", &tlclk_fops); |
972 |
+ if (ret < 0) { |
973 |
+ printk(KERN_ERR "tlclk: can't get major %d.\n", tlclk_major); |
974 |
++ kfree(alarm_events); |
975 |
+ return ret; |
976 |
+ } |
977 |
+ tlclk_major = ret; |
978 |
+- alarm_events = kzalloc( sizeof(struct tlclk_alarms), GFP_KERNEL); |
979 |
+- if (!alarm_events) { |
980 |
+- ret = -ENOMEM; |
981 |
+- goto out1; |
982 |
+- } |
983 |
+ |
984 |
+ /* Read telecom clock IRQ number (Set by BIOS) */ |
985 |
+ if (!request_region(TLCLK_BASE, 8, "telco_clock")) { |
986 |
+@@ -796,7 +800,6 @@ static int __init tlclk_init(void) |
987 |
+ ret = -EBUSY; |
988 |
+ goto out2; |
989 |
+ } |
990 |
+- telclk_interrupt = (inb(TLCLK_REG7) & 0x0f); |
991 |
+ |
992 |
+ if (0x0F == telclk_interrupt ) { /* not MCPBL0010 ? */ |
993 |
+ printk(KERN_ERR "telclk_interrupt = 0x%x non-mcpbl0010 hw.\n", |
994 |
+@@ -837,8 +840,8 @@ out3: |
995 |
+ release_region(TLCLK_BASE, 8); |
996 |
+ out2: |
997 |
+ kfree(alarm_events); |
998 |
+-out1: |
999 |
+ unregister_chrdev(tlclk_major, "telco_clock"); |
1000 |
++out1: |
1001 |
+ return ret; |
1002 |
+ } |
1003 |
+ |
1004 |
+diff --git a/drivers/char/tpm/tpm_ibmvtpm.c b/drivers/char/tpm/tpm_ibmvtpm.c |
1005 |
+index 84eca4f93b828..0fad6cf37bab4 100644 |
1006 |
+--- a/drivers/char/tpm/tpm_ibmvtpm.c |
1007 |
++++ b/drivers/char/tpm/tpm_ibmvtpm.c |
1008 |
+@@ -550,6 +550,7 @@ static irqreturn_t ibmvtpm_interrupt(int irq, void *vtpm_instance) |
1009 |
+ */ |
1010 |
+ while ((crq = ibmvtpm_crq_get_next(ibmvtpm)) != NULL) { |
1011 |
+ ibmvtpm_crq_process(crq, ibmvtpm); |
1012 |
++ wake_up_interruptible(&ibmvtpm->crq_queue.wq); |
1013 |
+ crq->valid = 0; |
1014 |
+ smp_wmb(); |
1015 |
+ } |
1016 |
+@@ -596,6 +597,7 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, |
1017 |
+ } |
1018 |
+ |
1019 |
+ crq_q->num_entry = CRQ_RES_BUF_SIZE / sizeof(*crq_q->crq_addr); |
1020 |
++ init_waitqueue_head(&crq_q->wq); |
1021 |
+ ibmvtpm->crq_dma_handle = dma_map_single(dev, crq_q->crq_addr, |
1022 |
+ CRQ_RES_BUF_SIZE, |
1023 |
+ DMA_BIDIRECTIONAL); |
1024 |
+@@ -648,6 +650,13 @@ static int tpm_ibmvtpm_probe(struct vio_dev *vio_dev, |
1025 |
+ if (rc) |
1026 |
+ goto init_irq_cleanup; |
1027 |
+ |
1028 |
++ if (!wait_event_timeout(ibmvtpm->crq_queue.wq, |
1029 |
++ ibmvtpm->rtce_buf != NULL, |
1030 |
++ HZ)) { |
1031 |
++ dev_err(dev, "CRQ response timed out\n"); |
1032 |
++ goto init_irq_cleanup; |
1033 |
++ } |
1034 |
++ |
1035 |
+ return tpm_chip_register(chip); |
1036 |
+ init_irq_cleanup: |
1037 |
+ do { |
1038 |
+diff --git a/drivers/char/tpm/tpm_ibmvtpm.h b/drivers/char/tpm/tpm_ibmvtpm.h |
1039 |
+index 91dfe766d0800..4f6a124601db4 100644 |
1040 |
+--- a/drivers/char/tpm/tpm_ibmvtpm.h |
1041 |
++++ b/drivers/char/tpm/tpm_ibmvtpm.h |
1042 |
+@@ -31,6 +31,7 @@ struct ibmvtpm_crq_queue { |
1043 |
+ struct ibmvtpm_crq *crq_addr; |
1044 |
+ u32 index; |
1045 |
+ u32 num_entry; |
1046 |
++ wait_queue_head_t wq; |
1047 |
+ }; |
1048 |
+ |
1049 |
+ struct ibmvtpm_dev { |
1050 |
+diff --git a/drivers/clk/ti/adpll.c b/drivers/clk/ti/adpll.c |
1051 |
+index 255cafb18336a..9345eaf00938e 100644 |
1052 |
+--- a/drivers/clk/ti/adpll.c |
1053 |
++++ b/drivers/clk/ti/adpll.c |
1054 |
+@@ -193,15 +193,8 @@ static const char *ti_adpll_clk_get_name(struct ti_adpll_data *d, |
1055 |
+ if (err) |
1056 |
+ return NULL; |
1057 |
+ } else { |
1058 |
+- const char *base_name = "adpll"; |
1059 |
+- char *buf; |
1060 |
+- |
1061 |
+- buf = devm_kzalloc(d->dev, 8 + 1 + strlen(base_name) + 1 + |
1062 |
+- strlen(postfix), GFP_KERNEL); |
1063 |
+- if (!buf) |
1064 |
+- return NULL; |
1065 |
+- sprintf(buf, "%08lx.%s.%s", d->pa, base_name, postfix); |
1066 |
+- name = buf; |
1067 |
++ name = devm_kasprintf(d->dev, GFP_KERNEL, "%08lx.adpll.%s", |
1068 |
++ d->pa, postfix); |
1069 |
+ } |
1070 |
+ |
1071 |
+ return name; |
1072 |
+diff --git a/drivers/clocksource/h8300_timer8.c b/drivers/clocksource/h8300_timer8.c |
1073 |
+index 546bb180f5a44..8202e49ac64cd 100644 |
1074 |
+--- a/drivers/clocksource/h8300_timer8.c |
1075 |
++++ b/drivers/clocksource/h8300_timer8.c |
1076 |
+@@ -176,7 +176,7 @@ static int __init h8300_8timer_init(struct device_node *node) |
1077 |
+ return PTR_ERR(clk); |
1078 |
+ } |
1079 |
+ |
1080 |
+- ret = ENXIO; |
1081 |
++ ret = -ENXIO; |
1082 |
+ base = of_iomap(node, 0); |
1083 |
+ if (!base) { |
1084 |
+ pr_err("failed to map registers for clockevent\n"); |
1085 |
+diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c |
1086 |
+index b4fc65512aad3..c3b05676e0dbe 100644 |
1087 |
+--- a/drivers/cpufreq/powernv-cpufreq.c |
1088 |
++++ b/drivers/cpufreq/powernv-cpufreq.c |
1089 |
+@@ -802,6 +802,7 @@ static struct notifier_block powernv_cpufreq_reboot_nb = { |
1090 |
+ void powernv_cpufreq_work_fn(struct work_struct *work) |
1091 |
+ { |
1092 |
+ struct chip *chip = container_of(work, struct chip, throttle); |
1093 |
++ struct cpufreq_policy *policy; |
1094 |
+ unsigned int cpu; |
1095 |
+ cpumask_t mask; |
1096 |
+ |
1097 |
+@@ -816,12 +817,14 @@ void powernv_cpufreq_work_fn(struct work_struct *work) |
1098 |
+ chip->restore = false; |
1099 |
+ for_each_cpu(cpu, &mask) { |
1100 |
+ int index; |
1101 |
+- struct cpufreq_policy policy; |
1102 |
+ |
1103 |
+- cpufreq_get_policy(&policy, cpu); |
1104 |
+- index = cpufreq_table_find_index_c(&policy, policy.cur); |
1105 |
+- powernv_cpufreq_target_index(&policy, index); |
1106 |
+- cpumask_andnot(&mask, &mask, policy.cpus); |
1107 |
++ policy = cpufreq_cpu_get(cpu); |
1108 |
++ if (!policy) |
1109 |
++ continue; |
1110 |
++ index = cpufreq_table_find_index_c(policy, policy->cur); |
1111 |
++ powernv_cpufreq_target_index(policy, index); |
1112 |
++ cpumask_andnot(&mask, &mask, policy->cpus); |
1113 |
++ cpufreq_cpu_put(policy); |
1114 |
+ } |
1115 |
+ out: |
1116 |
+ put_online_cpus(); |
1117 |
+diff --git a/drivers/devfreq/tegra-devfreq.c b/drivers/devfreq/tegra-devfreq.c |
1118 |
+index fe9dce0245bf0..a20267d93f8a4 100644 |
1119 |
+--- a/drivers/devfreq/tegra-devfreq.c |
1120 |
++++ b/drivers/devfreq/tegra-devfreq.c |
1121 |
+@@ -79,6 +79,8 @@ |
1122 |
+ |
1123 |
+ #define KHZ 1000 |
1124 |
+ |
1125 |
++#define KHZ_MAX (ULONG_MAX / KHZ) |
1126 |
++ |
1127 |
+ /* Assume that the bus is saturated if the utilization is 25% */ |
1128 |
+ #define BUS_SATURATION_RATIO 25 |
1129 |
+ |
1130 |
+@@ -179,7 +181,7 @@ struct tegra_actmon_emc_ratio { |
1131 |
+ }; |
1132 |
+ |
1133 |
+ static struct tegra_actmon_emc_ratio actmon_emc_ratios[] = { |
1134 |
+- { 1400000, ULONG_MAX }, |
1135 |
++ { 1400000, KHZ_MAX }, |
1136 |
+ { 1200000, 750000 }, |
1137 |
+ { 1100000, 600000 }, |
1138 |
+ { 1000000, 500000 }, |
1139 |
+diff --git a/drivers/dma/tegra20-apb-dma.c b/drivers/dma/tegra20-apb-dma.c |
1140 |
+index 4eaf92b2b8868..909739426f78c 100644 |
1141 |
+--- a/drivers/dma/tegra20-apb-dma.c |
1142 |
++++ b/drivers/dma/tegra20-apb-dma.c |
1143 |
+@@ -1208,8 +1208,7 @@ static void tegra_dma_free_chan_resources(struct dma_chan *dc) |
1144 |
+ |
1145 |
+ dev_dbg(tdc2dev(tdc), "Freeing channel %d\n", tdc->id); |
1146 |
+ |
1147 |
+- if (tdc->busy) |
1148 |
+- tegra_dma_terminate_all(dc); |
1149 |
++ tegra_dma_terminate_all(dc); |
1150 |
+ |
1151 |
+ spin_lock_irqsave(&tdc->lock, flags); |
1152 |
+ list_splice_init(&tdc->pending_sg_req, &sg_req_list); |
1153 |
+diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c |
1154 |
+index 9069fb8543196..514763dcc3758 100644 |
1155 |
+--- a/drivers/dma/xilinx/zynqmp_dma.c |
1156 |
++++ b/drivers/dma/xilinx/zynqmp_dma.c |
1157 |
+@@ -125,10 +125,12 @@ |
1158 |
+ /* Max transfer size per descriptor */ |
1159 |
+ #define ZYNQMP_DMA_MAX_TRANS_LEN 0x40000000 |
1160 |
+ |
1161 |
++/* Max burst lengths */ |
1162 |
++#define ZYNQMP_DMA_MAX_DST_BURST_LEN 32768U |
1163 |
++#define ZYNQMP_DMA_MAX_SRC_BURST_LEN 32768U |
1164 |
++ |
1165 |
+ /* Reset values for data attributes */ |
1166 |
+ #define ZYNQMP_DMA_AXCACHE_VAL 0xF |
1167 |
+-#define ZYNQMP_DMA_ARLEN_RST_VAL 0xF |
1168 |
+-#define ZYNQMP_DMA_AWLEN_RST_VAL 0xF |
1169 |
+ |
1170 |
+ #define ZYNQMP_DMA_SRC_ISSUE_RST_VAL 0x1F |
1171 |
+ |
1172 |
+@@ -527,17 +529,19 @@ static void zynqmp_dma_handle_ovfl_int(struct zynqmp_dma_chan *chan, u32 status) |
1173 |
+ |
1174 |
+ static void zynqmp_dma_config(struct zynqmp_dma_chan *chan) |
1175 |
+ { |
1176 |
+- u32 val; |
1177 |
++ u32 val, burst_val; |
1178 |
+ |
1179 |
+ val = readl(chan->regs + ZYNQMP_DMA_CTRL0); |
1180 |
+ val |= ZYNQMP_DMA_POINT_TYPE_SG; |
1181 |
+ writel(val, chan->regs + ZYNQMP_DMA_CTRL0); |
1182 |
+ |
1183 |
+ val = readl(chan->regs + ZYNQMP_DMA_DATA_ATTR); |
1184 |
++ burst_val = __ilog2_u32(chan->src_burst_len); |
1185 |
+ val = (val & ~ZYNQMP_DMA_ARLEN) | |
1186 |
+- (chan->src_burst_len << ZYNQMP_DMA_ARLEN_OFST); |
1187 |
++ ((burst_val << ZYNQMP_DMA_ARLEN_OFST) & ZYNQMP_DMA_ARLEN); |
1188 |
++ burst_val = __ilog2_u32(chan->dst_burst_len); |
1189 |
+ val = (val & ~ZYNQMP_DMA_AWLEN) | |
1190 |
+- (chan->dst_burst_len << ZYNQMP_DMA_AWLEN_OFST); |
1191 |
++ ((burst_val << ZYNQMP_DMA_AWLEN_OFST) & ZYNQMP_DMA_AWLEN); |
1192 |
+ writel(val, chan->regs + ZYNQMP_DMA_DATA_ATTR); |
1193 |
+ } |
1194 |
+ |
1195 |
+@@ -551,8 +555,10 @@ static int zynqmp_dma_device_config(struct dma_chan *dchan, |
1196 |
+ { |
1197 |
+ struct zynqmp_dma_chan *chan = to_chan(dchan); |
1198 |
+ |
1199 |
+- chan->src_burst_len = config->src_maxburst; |
1200 |
+- chan->dst_burst_len = config->dst_maxburst; |
1201 |
++ chan->src_burst_len = clamp(config->src_maxburst, 1U, |
1202 |
++ ZYNQMP_DMA_MAX_SRC_BURST_LEN); |
1203 |
++ chan->dst_burst_len = clamp(config->dst_maxburst, 1U, |
1204 |
++ ZYNQMP_DMA_MAX_DST_BURST_LEN); |
1205 |
+ |
1206 |
+ return 0; |
1207 |
+ } |
1208 |
+@@ -968,8 +974,8 @@ static int zynqmp_dma_chan_probe(struct zynqmp_dma_device *zdev, |
1209 |
+ return PTR_ERR(chan->regs); |
1210 |
+ |
1211 |
+ chan->bus_width = ZYNQMP_DMA_BUS_WIDTH_64; |
1212 |
+- chan->dst_burst_len = ZYNQMP_DMA_AWLEN_RST_VAL; |
1213 |
+- chan->src_burst_len = ZYNQMP_DMA_ARLEN_RST_VAL; |
1214 |
++ chan->dst_burst_len = ZYNQMP_DMA_MAX_DST_BURST_LEN; |
1215 |
++ chan->src_burst_len = ZYNQMP_DMA_MAX_SRC_BURST_LEN; |
1216 |
+ err = of_property_read_u32(node, "xlnx,bus-width", &chan->bus_width); |
1217 |
+ if (err < 0) { |
1218 |
+ dev_err(&pdev->dev, "missing xlnx,bus-width property\n"); |
1219 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/atom.c b/drivers/gpu/drm/amd/amdgpu/atom.c |
1220 |
+index 1b50e6c13fb3f..5fbf99d600587 100644 |
1221 |
+--- a/drivers/gpu/drm/amd/amdgpu/atom.c |
1222 |
++++ b/drivers/gpu/drm/amd/amdgpu/atom.c |
1223 |
+@@ -748,8 +748,8 @@ static void atom_op_jump(atom_exec_context *ctx, int *ptr, int arg) |
1224 |
+ cjiffies = jiffies; |
1225 |
+ if (time_after(cjiffies, ctx->last_jump_jiffies)) { |
1226 |
+ cjiffies -= ctx->last_jump_jiffies; |
1227 |
+- if ((jiffies_to_msecs(cjiffies) > 5000)) { |
1228 |
+- DRM_ERROR("atombios stuck in loop for more than 5secs aborting\n"); |
1229 |
++ if ((jiffies_to_msecs(cjiffies) > 10000)) { |
1230 |
++ DRM_ERROR("atombios stuck in loop for more than 10secs aborting\n"); |
1231 |
+ ctx->abort = true; |
1232 |
+ } |
1233 |
+ } else { |
1234 |
+diff --git a/drivers/gpu/drm/gma500/cdv_intel_display.c b/drivers/gpu/drm/gma500/cdv_intel_display.c |
1235 |
+index 17db4b4749d5a..2e8479744ca4a 100644 |
1236 |
+--- a/drivers/gpu/drm/gma500/cdv_intel_display.c |
1237 |
++++ b/drivers/gpu/drm/gma500/cdv_intel_display.c |
1238 |
+@@ -415,6 +415,8 @@ static bool cdv_intel_find_dp_pll(const struct gma_limit_t *limit, |
1239 |
+ struct gma_crtc *gma_crtc = to_gma_crtc(crtc); |
1240 |
+ struct gma_clock_t clock; |
1241 |
+ |
1242 |
++ memset(&clock, 0, sizeof(clock)); |
1243 |
++ |
1244 |
+ switch (refclk) { |
1245 |
+ case 27000: |
1246 |
+ if (target < 200000) { |
1247 |
+diff --git a/drivers/gpu/drm/omapdrm/dss/omapdss-boot-init.c b/drivers/gpu/drm/omapdrm/dss/omapdss-boot-init.c |
1248 |
+index 136d30484d023..46111e9ee9a25 100644 |
1249 |
+--- a/drivers/gpu/drm/omapdrm/dss/omapdss-boot-init.c |
1250 |
++++ b/drivers/gpu/drm/omapdrm/dss/omapdss-boot-init.c |
1251 |
+@@ -194,7 +194,7 @@ static int __init omapdss_boot_init(void) |
1252 |
+ dss = of_find_matching_node(NULL, omapdss_of_match); |
1253 |
+ |
1254 |
+ if (dss == NULL || !of_device_is_available(dss)) |
1255 |
+- return 0; |
1256 |
++ goto put_node; |
1257 |
+ |
1258 |
+ omapdss_walk_device(dss, true); |
1259 |
+ |
1260 |
+@@ -219,6 +219,8 @@ static int __init omapdss_boot_init(void) |
1261 |
+ kfree(n); |
1262 |
+ } |
1263 |
+ |
1264 |
++put_node: |
1265 |
++ of_node_put(dss); |
1266 |
+ return 0; |
1267 |
+ } |
1268 |
+ |
1269 |
+diff --git a/drivers/i2c/i2c-core.c b/drivers/i2c/i2c-core.c |
1270 |
+index 80d82c6792d8d..4fd7bfda2f9de 100644 |
1271 |
+--- a/drivers/i2c/i2c-core.c |
1272 |
++++ b/drivers/i2c/i2c-core.c |
1273 |
+@@ -1858,8 +1858,8 @@ static int i2c_register_adapter(struct i2c_adapter *adap) |
1274 |
+ |
1275 |
+ /* create pre-declared device nodes */ |
1276 |
+ of_i2c_register_devices(adap); |
1277 |
+- i2c_acpi_register_devices(adap); |
1278 |
+ i2c_acpi_install_space_handler(adap); |
1279 |
++ i2c_acpi_register_devices(adap); |
1280 |
+ |
1281 |
+ if (adap->nr < __i2c_first_dynamic_bus_num) |
1282 |
+ i2c_scan_static_board_info(adap); |
1283 |
+diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c |
1284 |
+index a4f4cd4932657..bb0d728f4b76f 100644 |
1285 |
+--- a/drivers/infiniband/core/ucma.c |
1286 |
++++ b/drivers/infiniband/core/ucma.c |
1287 |
+@@ -1296,13 +1296,13 @@ static ssize_t ucma_set_option(struct ucma_file *file, const char __user *inbuf, |
1288 |
+ if (copy_from_user(&cmd, inbuf, sizeof(cmd))) |
1289 |
+ return -EFAULT; |
1290 |
+ |
1291 |
++ if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) |
1292 |
++ return -EINVAL; |
1293 |
++ |
1294 |
+ ctx = ucma_get_ctx(file, cmd.id); |
1295 |
+ if (IS_ERR(ctx)) |
1296 |
+ return PTR_ERR(ctx); |
1297 |
+ |
1298 |
+- if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE)) |
1299 |
+- return -EINVAL; |
1300 |
+- |
1301 |
+ optval = memdup_user((void __user *) (unsigned long) cmd.optval, |
1302 |
+ cmd.optlen); |
1303 |
+ if (IS_ERR(optval)) { |
1304 |
+diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c |
1305 |
+index a04a53acb24ff..a60e1c1b4b5e8 100644 |
1306 |
+--- a/drivers/infiniband/hw/cxgb4/cm.c |
1307 |
++++ b/drivers/infiniband/hw/cxgb4/cm.c |
1308 |
+@@ -3245,7 +3245,7 @@ int c4iw_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) |
1309 |
+ if (raddr->sin_addr.s_addr == htonl(INADDR_ANY)) { |
1310 |
+ err = pick_local_ipaddrs(dev, cm_id); |
1311 |
+ if (err) |
1312 |
+- goto fail2; |
1313 |
++ goto fail3; |
1314 |
+ } |
1315 |
+ |
1316 |
+ /* find a route */ |
1317 |
+@@ -3267,7 +3267,7 @@ int c4iw_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) |
1318 |
+ if (ipv6_addr_type(&raddr6->sin6_addr) == IPV6_ADDR_ANY) { |
1319 |
+ err = pick_local_ip6addrs(dev, cm_id); |
1320 |
+ if (err) |
1321 |
+- goto fail2; |
1322 |
++ goto fail3; |
1323 |
+ } |
1324 |
+ |
1325 |
+ /* find a route */ |
1326 |
+diff --git a/drivers/infiniband/hw/i40iw/i40iw_cm.c b/drivers/infiniband/hw/i40iw/i40iw_cm.c |
1327 |
+index 282a726351c81..ce1a4817ab923 100644 |
1328 |
+--- a/drivers/infiniband/hw/i40iw/i40iw_cm.c |
1329 |
++++ b/drivers/infiniband/hw/i40iw/i40iw_cm.c |
1330 |
+@@ -2036,9 +2036,9 @@ static int i40iw_addr_resolve_neigh_ipv6(struct i40iw_device *iwdev, |
1331 |
+ dst = i40iw_get_dst_ipv6(&src_addr, &dst_addr); |
1332 |
+ if (!dst || dst->error) { |
1333 |
+ if (dst) { |
1334 |
+- dst_release(dst); |
1335 |
+ i40iw_pr_err("ip6_route_output returned dst->error = %d\n", |
1336 |
+ dst->error); |
1337 |
++ dst_release(dst); |
1338 |
+ } |
1339 |
+ return rc; |
1340 |
+ } |
1341 |
+diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c |
1342 |
+index d6672127808b7..186da467060cc 100644 |
1343 |
+--- a/drivers/infiniband/sw/rxe/rxe_qp.c |
1344 |
++++ b/drivers/infiniband/sw/rxe/rxe_qp.c |
1345 |
+@@ -597,15 +597,16 @@ int rxe_qp_from_attr(struct rxe_qp *qp, struct ib_qp_attr *attr, int mask, |
1346 |
+ struct ib_gid_attr sgid_attr; |
1347 |
+ |
1348 |
+ if (mask & IB_QP_MAX_QP_RD_ATOMIC) { |
1349 |
+- int max_rd_atomic = __roundup_pow_of_two(attr->max_rd_atomic); |
1350 |
++ int max_rd_atomic = attr->max_rd_atomic ? |
1351 |
++ roundup_pow_of_two(attr->max_rd_atomic) : 0; |
1352 |
+ |
1353 |
+ qp->attr.max_rd_atomic = max_rd_atomic; |
1354 |
+ atomic_set(&qp->req.rd_atomic, max_rd_atomic); |
1355 |
+ } |
1356 |
+ |
1357 |
+ if (mask & IB_QP_MAX_DEST_RD_ATOMIC) { |
1358 |
+- int max_dest_rd_atomic = |
1359 |
+- __roundup_pow_of_two(attr->max_dest_rd_atomic); |
1360 |
++ int max_dest_rd_atomic = attr->max_dest_rd_atomic ? |
1361 |
++ roundup_pow_of_two(attr->max_dest_rd_atomic) : 0; |
1362 |
+ |
1363 |
+ qp->attr.max_dest_rd_atomic = max_dest_rd_atomic; |
1364 |
+ |
1365 |
+diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h |
1366 |
+index 7fe7df56fa334..f0939fc1cfe55 100644 |
1367 |
+--- a/drivers/md/bcache/bcache.h |
1368 |
++++ b/drivers/md/bcache/bcache.h |
1369 |
+@@ -547,6 +547,7 @@ struct cache_set { |
1370 |
+ */ |
1371 |
+ wait_queue_head_t btree_cache_wait; |
1372 |
+ struct task_struct *btree_cache_alloc_lock; |
1373 |
++ spinlock_t btree_cannibalize_lock; |
1374 |
+ |
1375 |
+ /* |
1376 |
+ * When we free a btree node, we increment the gen of the bucket the |
1377 |
+diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c |
1378 |
+index 764d519a7f1c6..26e56a9952d09 100644 |
1379 |
+--- a/drivers/md/bcache/btree.c |
1380 |
++++ b/drivers/md/bcache/btree.c |
1381 |
+@@ -836,15 +836,17 @@ out: |
1382 |
+ |
1383 |
+ static int mca_cannibalize_lock(struct cache_set *c, struct btree_op *op) |
1384 |
+ { |
1385 |
+- struct task_struct *old; |
1386 |
+- |
1387 |
+- old = cmpxchg(&c->btree_cache_alloc_lock, NULL, current); |
1388 |
+- if (old && old != current) { |
1389 |
++ spin_lock(&c->btree_cannibalize_lock); |
1390 |
++ if (likely(c->btree_cache_alloc_lock == NULL)) { |
1391 |
++ c->btree_cache_alloc_lock = current; |
1392 |
++ } else if (c->btree_cache_alloc_lock != current) { |
1393 |
+ if (op) |
1394 |
+ prepare_to_wait(&c->btree_cache_wait, &op->wait, |
1395 |
+ TASK_UNINTERRUPTIBLE); |
1396 |
++ spin_unlock(&c->btree_cannibalize_lock); |
1397 |
+ return -EINTR; |
1398 |
+ } |
1399 |
++ spin_unlock(&c->btree_cannibalize_lock); |
1400 |
+ |
1401 |
+ return 0; |
1402 |
+ } |
1403 |
+@@ -879,10 +881,12 @@ static struct btree *mca_cannibalize(struct cache_set *c, struct btree_op *op, |
1404 |
+ */ |
1405 |
+ static void bch_cannibalize_unlock(struct cache_set *c) |
1406 |
+ { |
1407 |
++ spin_lock(&c->btree_cannibalize_lock); |
1408 |
+ if (c->btree_cache_alloc_lock == current) { |
1409 |
+ c->btree_cache_alloc_lock = NULL; |
1410 |
+ wake_up(&c->btree_cache_wait); |
1411 |
+ } |
1412 |
++ spin_unlock(&c->btree_cannibalize_lock); |
1413 |
+ } |
1414 |
+ |
1415 |
+ static struct btree *mca_alloc(struct cache_set *c, struct btree_op *op, |
1416 |
+diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c |
1417 |
+index 95e9a33de06a2..263c0d987929e 100644 |
1418 |
+--- a/drivers/md/bcache/super.c |
1419 |
++++ b/drivers/md/bcache/super.c |
1420 |
+@@ -1510,6 +1510,7 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) |
1421 |
+ sema_init(&c->sb_write_mutex, 1); |
1422 |
+ mutex_init(&c->bucket_lock); |
1423 |
+ init_waitqueue_head(&c->btree_cache_wait); |
1424 |
++ spin_lock_init(&c->btree_cannibalize_lock); |
1425 |
+ init_waitqueue_head(&c->bucket_wait); |
1426 |
+ init_waitqueue_head(&c->gc_wait); |
1427 |
+ sema_init(&c->uuid_write_mutex, 1); |
1428 |
+diff --git a/drivers/media/dvb-frontends/tda10071.c b/drivers/media/dvb-frontends/tda10071.c |
1429 |
+index 37ebeef2bbd0b..43343091ea93e 100644 |
1430 |
+--- a/drivers/media/dvb-frontends/tda10071.c |
1431 |
++++ b/drivers/media/dvb-frontends/tda10071.c |
1432 |
+@@ -483,10 +483,11 @@ static int tda10071_read_status(struct dvb_frontend *fe, enum fe_status *status) |
1433 |
+ goto error; |
1434 |
+ |
1435 |
+ if (dev->delivery_system == SYS_DVBS) { |
1436 |
+- dev->dvbv3_ber = buf[0] << 24 | buf[1] << 16 | |
1437 |
+- buf[2] << 8 | buf[3] << 0; |
1438 |
+- dev->post_bit_error += buf[0] << 24 | buf[1] << 16 | |
1439 |
+- buf[2] << 8 | buf[3] << 0; |
1440 |
++ u32 bit_error = buf[0] << 24 | buf[1] << 16 | |
1441 |
++ buf[2] << 8 | buf[3] << 0; |
1442 |
++ |
1443 |
++ dev->dvbv3_ber = bit_error; |
1444 |
++ dev->post_bit_error += bit_error; |
1445 |
+ c->post_bit_error.stat[0].scale = FE_SCALE_COUNTER; |
1446 |
+ c->post_bit_error.stat[0].uvalue = dev->post_bit_error; |
1447 |
+ dev->block_error += buf[4] << 8 | buf[5] << 0; |
1448 |
+diff --git a/drivers/media/platform/ti-vpe/cal.c b/drivers/media/platform/ti-vpe/cal.c |
1449 |
+index 563b9636ab63b..803e0794ca131 100644 |
1450 |
+--- a/drivers/media/platform/ti-vpe/cal.c |
1451 |
++++ b/drivers/media/platform/ti-vpe/cal.c |
1452 |
+@@ -690,12 +690,13 @@ static void pix_proc_config(struct cal_ctx *ctx) |
1453 |
+ } |
1454 |
+ |
1455 |
+ static void cal_wr_dma_config(struct cal_ctx *ctx, |
1456 |
+- unsigned int width) |
1457 |
++ unsigned int width, unsigned int height) |
1458 |
+ { |
1459 |
+ u32 val; |
1460 |
+ |
1461 |
+ val = reg_read(ctx->dev, CAL_WR_DMA_CTRL(ctx->csi2_port)); |
1462 |
+ set_field(&val, ctx->csi2_port, CAL_WR_DMA_CTRL_CPORT_MASK); |
1463 |
++ set_field(&val, height, CAL_WR_DMA_CTRL_YSIZE_MASK); |
1464 |
+ set_field(&val, CAL_WR_DMA_CTRL_DTAG_PIX_DAT, |
1465 |
+ CAL_WR_DMA_CTRL_DTAG_MASK); |
1466 |
+ set_field(&val, CAL_WR_DMA_CTRL_MODE_CONST, |
1467 |
+@@ -1321,7 +1322,8 @@ static int cal_start_streaming(struct vb2_queue *vq, unsigned int count) |
1468 |
+ csi2_lane_config(ctx); |
1469 |
+ csi2_ctx_config(ctx); |
1470 |
+ pix_proc_config(ctx); |
1471 |
+- cal_wr_dma_config(ctx, ctx->v_fmt.fmt.pix.bytesperline); |
1472 |
++ cal_wr_dma_config(ctx, ctx->v_fmt.fmt.pix.bytesperline, |
1473 |
++ ctx->v_fmt.fmt.pix.height); |
1474 |
+ cal_wr_dma_addr(ctx, addr); |
1475 |
+ csi2_ppi_enable(ctx); |
1476 |
+ |
1477 |
+diff --git a/drivers/media/usb/go7007/go7007-usb.c b/drivers/media/usb/go7007/go7007-usb.c |
1478 |
+index ed9bcaf08d5ec..ddfaabd4c0813 100644 |
1479 |
+--- a/drivers/media/usb/go7007/go7007-usb.c |
1480 |
++++ b/drivers/media/usb/go7007/go7007-usb.c |
1481 |
+@@ -1052,6 +1052,7 @@ static int go7007_usb_probe(struct usb_interface *intf, |
1482 |
+ struct go7007_usb *usb; |
1483 |
+ const struct go7007_usb_board *board; |
1484 |
+ struct usb_device *usbdev = interface_to_usbdev(intf); |
1485 |
++ struct usb_host_endpoint *ep; |
1486 |
+ unsigned num_i2c_devs; |
1487 |
+ char *name; |
1488 |
+ int video_pipe, i, v_urb_len; |
1489 |
+@@ -1147,7 +1148,8 @@ static int go7007_usb_probe(struct usb_interface *intf, |
1490 |
+ if (usb->intr_urb->transfer_buffer == NULL) |
1491 |
+ goto allocfail; |
1492 |
+ |
1493 |
+- if (go->board_id == GO7007_BOARDID_SENSORAY_2250) |
1494 |
++ ep = usb->usbdev->ep_in[4]; |
1495 |
++ if (usb_endpoint_type(&ep->desc) == USB_ENDPOINT_XFER_BULK) |
1496 |
+ usb_fill_bulk_urb(usb->intr_urb, usb->usbdev, |
1497 |
+ usb_rcvbulkpipe(usb->usbdev, 4), |
1498 |
+ usb->intr_urb->transfer_buffer, 2*sizeof(u16), |
1499 |
+diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c |
1500 |
+index 5c8ed2150c8bf..fb687368ac98c 100644 |
1501 |
+--- a/drivers/mfd/mfd-core.c |
1502 |
++++ b/drivers/mfd/mfd-core.c |
1503 |
+@@ -32,6 +32,11 @@ int mfd_cell_enable(struct platform_device *pdev) |
1504 |
+ const struct mfd_cell *cell = mfd_get_cell(pdev); |
1505 |
+ int err = 0; |
1506 |
+ |
1507 |
++ if (!cell->enable) { |
1508 |
++ dev_dbg(&pdev->dev, "No .enable() call-back registered\n"); |
1509 |
++ return 0; |
1510 |
++ } |
1511 |
++ |
1512 |
+ /* only call enable hook if the cell wasn't previously enabled */ |
1513 |
+ if (atomic_inc_return(cell->usage_count) == 1) |
1514 |
+ err = cell->enable(pdev); |
1515 |
+@@ -49,6 +54,11 @@ int mfd_cell_disable(struct platform_device *pdev) |
1516 |
+ const struct mfd_cell *cell = mfd_get_cell(pdev); |
1517 |
+ int err = 0; |
1518 |
+ |
1519 |
++ if (!cell->disable) { |
1520 |
++ dev_dbg(&pdev->dev, "No .disable() call-back registered\n"); |
1521 |
++ return 0; |
1522 |
++ } |
1523 |
++ |
1524 |
+ /* only disable if no other clients are using it */ |
1525 |
+ if (atomic_dec_return(cell->usage_count) == 0) |
1526 |
+ err = cell->disable(pdev); |
1527 |
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c |
1528 |
+index 00ba09fa6f16d..3c4819a05bf03 100644 |
1529 |
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c |
1530 |
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c |
1531 |
+@@ -722,7 +722,6 @@ static struct mtd_info *cfi_amdstd_setup(struct mtd_info *mtd) |
1532 |
+ kfree(mtd->eraseregions); |
1533 |
+ kfree(mtd); |
1534 |
+ kfree(cfi->cmdset_priv); |
1535 |
+- kfree(cfi->cfiq); |
1536 |
+ return NULL; |
1537 |
+ } |
1538 |
+ |
1539 |
+diff --git a/drivers/mtd/cmdlinepart.c b/drivers/mtd/cmdlinepart.c |
1540 |
+index fbd5affc0acfe..04fd845de05fb 100644 |
1541 |
+--- a/drivers/mtd/cmdlinepart.c |
1542 |
++++ b/drivers/mtd/cmdlinepart.c |
1543 |
+@@ -228,12 +228,29 @@ static int mtdpart_setup_real(char *s) |
1544 |
+ struct cmdline_mtd_partition *this_mtd; |
1545 |
+ struct mtd_partition *parts; |
1546 |
+ int mtd_id_len, num_parts; |
1547 |
+- char *p, *mtd_id; |
1548 |
++ char *p, *mtd_id, *semicol; |
1549 |
++ |
1550 |
++ /* |
1551 |
++ * Replace the first ';' by a NULL char so strrchr can work |
1552 |
++ * properly. |
1553 |
++ */ |
1554 |
++ semicol = strchr(s, ';'); |
1555 |
++ if (semicol) |
1556 |
++ *semicol = '\0'; |
1557 |
+ |
1558 |
+ mtd_id = s; |
1559 |
+ |
1560 |
+- /* fetch <mtd-id> */ |
1561 |
+- p = strchr(s, ':'); |
1562 |
++ /* |
1563 |
++ * fetch <mtd-id>. We use strrchr to ignore all ':' that could |
1564 |
++ * be present in the MTD name, only the last one is interpreted |
1565 |
++ * as an <mtd-id>/<part-definition> separator. |
1566 |
++ */ |
1567 |
++ p = strrchr(s, ':'); |
1568 |
++ |
1569 |
++ /* Restore the ';' now. */ |
1570 |
++ if (semicol) |
1571 |
++ *semicol = ';'; |
1572 |
++ |
1573 |
+ if (!p) { |
1574 |
+ pr_err("no mtd-id\n"); |
1575 |
+ return -EINVAL; |
1576 |
+diff --git a/drivers/mtd/nand/omap_elm.c b/drivers/mtd/nand/omap_elm.c |
1577 |
+index a3f32f939cc17..6736777a41567 100644 |
1578 |
+--- a/drivers/mtd/nand/omap_elm.c |
1579 |
++++ b/drivers/mtd/nand/omap_elm.c |
1580 |
+@@ -421,6 +421,7 @@ static int elm_probe(struct platform_device *pdev) |
1581 |
+ pm_runtime_enable(&pdev->dev); |
1582 |
+ if (pm_runtime_get_sync(&pdev->dev) < 0) { |
1583 |
+ ret = -EINVAL; |
1584 |
++ pm_runtime_put_sync(&pdev->dev); |
1585 |
+ pm_runtime_disable(&pdev->dev); |
1586 |
+ dev_err(&pdev->dev, "can't enable clock\n"); |
1587 |
+ return ret; |
1588 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c |
1589 |
+index ac03bba10e4fd..8634337e1a99d 100644 |
1590 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c |
1591 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c |
1592 |
+@@ -1000,9 +1000,12 @@ static int bnxt_set_pauseparam(struct net_device *dev, |
1593 |
+ if (!BNXT_SINGLE_PF(bp)) |
1594 |
+ return -EOPNOTSUPP; |
1595 |
+ |
1596 |
++ mutex_lock(&bp->link_lock); |
1597 |
+ if (epause->autoneg) { |
1598 |
+- if (!(link_info->autoneg & BNXT_AUTONEG_SPEED)) |
1599 |
+- return -EINVAL; |
1600 |
++ if (!(link_info->autoneg & BNXT_AUTONEG_SPEED)) { |
1601 |
++ rc = -EINVAL; |
1602 |
++ goto pause_exit; |
1603 |
++ } |
1604 |
+ |
1605 |
+ link_info->autoneg |= BNXT_AUTONEG_FLOW_CTRL; |
1606 |
+ if (bp->hwrm_spec_code >= 0x10201) |
1607 |
+@@ -1023,11 +1026,11 @@ static int bnxt_set_pauseparam(struct net_device *dev, |
1608 |
+ if (epause->tx_pause) |
1609 |
+ link_info->req_flow_ctrl |= BNXT_LINK_PAUSE_TX; |
1610 |
+ |
1611 |
+- if (netif_running(dev)) { |
1612 |
+- mutex_lock(&bp->link_lock); |
1613 |
++ if (netif_running(dev)) |
1614 |
+ rc = bnxt_hwrm_set_pause(bp); |
1615 |
+- mutex_unlock(&bp->link_lock); |
1616 |
+- } |
1617 |
++ |
1618 |
++pause_exit: |
1619 |
++ mutex_unlock(&bp->link_lock); |
1620 |
+ return rc; |
1621 |
+ } |
1622 |
+ |
1623 |
+@@ -1671,8 +1674,7 @@ static int bnxt_set_eee(struct net_device *dev, struct ethtool_eee *edata) |
1624 |
+ struct bnxt *bp = netdev_priv(dev); |
1625 |
+ struct ethtool_eee *eee = &bp->eee; |
1626 |
+ struct bnxt_link_info *link_info = &bp->link_info; |
1627 |
+- u32 advertising = |
1628 |
+- _bnxt_fw_to_ethtool_adv_spds(link_info->advertising, 0); |
1629 |
++ u32 advertising; |
1630 |
+ int rc = 0; |
1631 |
+ |
1632 |
+ if (!BNXT_SINGLE_PF(bp)) |
1633 |
+@@ -1681,19 +1683,23 @@ static int bnxt_set_eee(struct net_device *dev, struct ethtool_eee *edata) |
1634 |
+ if (!(bp->flags & BNXT_FLAG_EEE_CAP)) |
1635 |
+ return -EOPNOTSUPP; |
1636 |
+ |
1637 |
++ mutex_lock(&bp->link_lock); |
1638 |
++ advertising = _bnxt_fw_to_ethtool_adv_spds(link_info->advertising, 0); |
1639 |
+ if (!edata->eee_enabled) |
1640 |
+ goto eee_ok; |
1641 |
+ |
1642 |
+ if (!(link_info->autoneg & BNXT_AUTONEG_SPEED)) { |
1643 |
+ netdev_warn(dev, "EEE requires autoneg\n"); |
1644 |
+- return -EINVAL; |
1645 |
++ rc = -EINVAL; |
1646 |
++ goto eee_exit; |
1647 |
+ } |
1648 |
+ if (edata->tx_lpi_enabled) { |
1649 |
+ if (bp->lpi_tmr_hi && (edata->tx_lpi_timer > bp->lpi_tmr_hi || |
1650 |
+ edata->tx_lpi_timer < bp->lpi_tmr_lo)) { |
1651 |
+ netdev_warn(dev, "Valid LPI timer range is %d and %d microsecs\n", |
1652 |
+ bp->lpi_tmr_lo, bp->lpi_tmr_hi); |
1653 |
+- return -EINVAL; |
1654 |
++ rc = -EINVAL; |
1655 |
++ goto eee_exit; |
1656 |
+ } else if (!bp->lpi_tmr_hi) { |
1657 |
+ edata->tx_lpi_timer = eee->tx_lpi_timer; |
1658 |
+ } |
1659 |
+@@ -1703,7 +1709,8 @@ static int bnxt_set_eee(struct net_device *dev, struct ethtool_eee *edata) |
1660 |
+ } else if (edata->advertised & ~advertising) { |
1661 |
+ netdev_warn(dev, "EEE advertised %x must be a subset of autoneg advertised speeds %x\n", |
1662 |
+ edata->advertised, advertising); |
1663 |
+- return -EINVAL; |
1664 |
++ rc = -EINVAL; |
1665 |
++ goto eee_exit; |
1666 |
+ } |
1667 |
+ |
1668 |
+ eee->advertised = edata->advertised; |
1669 |
+@@ -1715,6 +1722,8 @@ eee_ok: |
1670 |
+ if (netif_running(dev)) |
1671 |
+ rc = bnxt_hwrm_set_link_setting(bp, false, true); |
1672 |
+ |
1673 |
++eee_exit: |
1674 |
++ mutex_unlock(&bp->link_lock); |
1675 |
+ return rc; |
1676 |
+ } |
1677 |
+ |
1678 |
+diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c |
1679 |
+index 3b16ee0de246e..c30792b761ee3 100644 |
1680 |
+--- a/drivers/net/ethernet/intel/e1000/e1000_main.c |
1681 |
++++ b/drivers/net/ethernet/intel/e1000/e1000_main.c |
1682 |
+@@ -568,8 +568,13 @@ void e1000_reinit_locked(struct e1000_adapter *adapter) |
1683 |
+ WARN_ON(in_interrupt()); |
1684 |
+ while (test_and_set_bit(__E1000_RESETTING, &adapter->flags)) |
1685 |
+ msleep(1); |
1686 |
+- e1000_down(adapter); |
1687 |
+- e1000_up(adapter); |
1688 |
++ |
1689 |
++ /* only run the task if not already down */ |
1690 |
++ if (!test_bit(__E1000_DOWN, &adapter->flags)) { |
1691 |
++ e1000_down(adapter); |
1692 |
++ e1000_up(adapter); |
1693 |
++ } |
1694 |
++ |
1695 |
+ clear_bit(__E1000_RESETTING, &adapter->flags); |
1696 |
+ } |
1697 |
+ |
1698 |
+@@ -1456,10 +1461,15 @@ int e1000_close(struct net_device *netdev) |
1699 |
+ struct e1000_hw *hw = &adapter->hw; |
1700 |
+ int count = E1000_CHECK_RESET_COUNT; |
1701 |
+ |
1702 |
+- while (test_bit(__E1000_RESETTING, &adapter->flags) && count--) |
1703 |
++ while (test_and_set_bit(__E1000_RESETTING, &adapter->flags) && count--) |
1704 |
+ usleep_range(10000, 20000); |
1705 |
+ |
1706 |
+- WARN_ON(test_bit(__E1000_RESETTING, &adapter->flags)); |
1707 |
++ WARN_ON(count < 0); |
1708 |
++ |
1709 |
++ /* signal that we're down so that the reset task will no longer run */ |
1710 |
++ set_bit(__E1000_DOWN, &adapter->flags); |
1711 |
++ clear_bit(__E1000_RESETTING, &adapter->flags); |
1712 |
++ |
1713 |
+ e1000_down(adapter); |
1714 |
+ e1000_power_down_phy(adapter); |
1715 |
+ e1000_free_irq(adapter); |
1716 |
+diff --git a/drivers/net/ieee802154/adf7242.c b/drivers/net/ieee802154/adf7242.c |
1717 |
+index 1b980f12663af..a605dfb15bb75 100644 |
1718 |
+--- a/drivers/net/ieee802154/adf7242.c |
1719 |
++++ b/drivers/net/ieee802154/adf7242.c |
1720 |
+@@ -834,7 +834,9 @@ static int adf7242_rx(struct adf7242_local *lp) |
1721 |
+ int ret; |
1722 |
+ u8 lqi, len_u8, *data; |
1723 |
+ |
1724 |
+- adf7242_read_reg(lp, 0, &len_u8); |
1725 |
++ ret = adf7242_read_reg(lp, 0, &len_u8); |
1726 |
++ if (ret) |
1727 |
++ return ret; |
1728 |
+ |
1729 |
+ len = len_u8; |
1730 |
+ |
1731 |
+diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c |
1732 |
+index 2f55873060220..a3ba95e96695e 100644 |
1733 |
+--- a/drivers/net/phy/phy_device.c |
1734 |
++++ b/drivers/net/phy/phy_device.c |
1735 |
+@@ -1013,7 +1013,8 @@ void phy_detach(struct phy_device *phydev) |
1736 |
+ phydev->attached_dev = NULL; |
1737 |
+ phy_suspend(phydev); |
1738 |
+ |
1739 |
+- module_put(phydev->mdio.dev.driver->owner); |
1740 |
++ if (phydev->mdio.dev.driver) |
1741 |
++ module_put(phydev->mdio.dev.driver->owner); |
1742 |
+ |
1743 |
+ /* If the device had no specific driver before (i.e. - it |
1744 |
+ * was using the generic driver), we unbind the device |
1745 |
+diff --git a/drivers/net/wan/hdlc_ppp.c b/drivers/net/wan/hdlc_ppp.c |
1746 |
+index 8a9aced850be3..63546d1317982 100644 |
1747 |
+--- a/drivers/net/wan/hdlc_ppp.c |
1748 |
++++ b/drivers/net/wan/hdlc_ppp.c |
1749 |
+@@ -386,11 +386,8 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1750 |
+ } |
1751 |
+ |
1752 |
+ for (opt = data; len; len -= opt[1], opt += opt[1]) { |
1753 |
+- if (len < 2 || len < opt[1]) { |
1754 |
+- dev->stats.rx_errors++; |
1755 |
+- kfree(out); |
1756 |
+- return; /* bad packet, drop silently */ |
1757 |
+- } |
1758 |
++ if (len < 2 || opt[1] < 2 || len < opt[1]) |
1759 |
++ goto err_out; |
1760 |
+ |
1761 |
+ if (pid == PID_LCP) |
1762 |
+ switch (opt[0]) { |
1763 |
+@@ -398,6 +395,8 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1764 |
+ continue; /* MRU always OK and > 1500 bytes? */ |
1765 |
+ |
1766 |
+ case LCP_OPTION_ACCM: /* async control character map */ |
1767 |
++ if (opt[1] < sizeof(valid_accm)) |
1768 |
++ goto err_out; |
1769 |
+ if (!memcmp(opt, valid_accm, |
1770 |
+ sizeof(valid_accm))) |
1771 |
+ continue; |
1772 |
+@@ -409,6 +408,8 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1773 |
+ } |
1774 |
+ break; |
1775 |
+ case LCP_OPTION_MAGIC: |
1776 |
++ if (len < 6) |
1777 |
++ goto err_out; |
1778 |
+ if (opt[1] != 6 || (!opt[2] && !opt[3] && |
1779 |
+ !opt[4] && !opt[5])) |
1780 |
+ break; /* reject invalid magic number */ |
1781 |
+@@ -427,6 +428,11 @@ static void ppp_cp_parse_cr(struct net_device *dev, u16 pid, u8 id, |
1782 |
+ ppp_cp_event(dev, pid, RCR_GOOD, CP_CONF_ACK, id, req_len, data); |
1783 |
+ |
1784 |
+ kfree(out); |
1785 |
++ return; |
1786 |
++ |
1787 |
++err_out: |
1788 |
++ dev->stats.rx_errors++; |
1789 |
++ kfree(out); |
1790 |
+ } |
1791 |
+ |
1792 |
+ static int ppp_rx(struct sk_buff *skb) |
1793 |
+diff --git a/drivers/net/wireless/ath/ar5523/ar5523.c b/drivers/net/wireless/ath/ar5523/ar5523.c |
1794 |
+index e492c7f0d311a..9f4ee1d125b68 100644 |
1795 |
+--- a/drivers/net/wireless/ath/ar5523/ar5523.c |
1796 |
++++ b/drivers/net/wireless/ath/ar5523/ar5523.c |
1797 |
+@@ -1769,6 +1769,8 @@ static struct usb_device_id ar5523_id_table[] = { |
1798 |
+ AR5523_DEVICE_UX(0x0846, 0x4300), /* Netgear / WG111U */ |
1799 |
+ AR5523_DEVICE_UG(0x0846, 0x4250), /* Netgear / WG111T */ |
1800 |
+ AR5523_DEVICE_UG(0x0846, 0x5f00), /* Netgear / WPN111 */ |
1801 |
++ AR5523_DEVICE_UG(0x083a, 0x4506), /* SMC / EZ Connect |
1802 |
++ SMCWUSBT-G2 */ |
1803 |
+ AR5523_DEVICE_UG(0x157e, 0x3006), /* Umedia / AR5523_1 */ |
1804 |
+ AR5523_DEVICE_UX(0x157e, 0x3205), /* Umedia / AR5523_2 */ |
1805 |
+ AR5523_DEVICE_UG(0x157e, 0x3006), /* Umedia / TEW444UBEU */ |
1806 |
+diff --git a/drivers/net/wireless/marvell/mwifiex/fw.h b/drivers/net/wireless/marvell/mwifiex/fw.h |
1807 |
+index 395d6ece2cacb..341f6ed5b3556 100644 |
1808 |
+--- a/drivers/net/wireless/marvell/mwifiex/fw.h |
1809 |
++++ b/drivers/net/wireless/marvell/mwifiex/fw.h |
1810 |
+@@ -921,7 +921,7 @@ struct mwifiex_tkip_param { |
1811 |
+ struct mwifiex_aes_param { |
1812 |
+ u8 pn[WPA_PN_SIZE]; |
1813 |
+ __le16 key_len; |
1814 |
+- u8 key[WLAN_KEY_LEN_CCMP]; |
1815 |
++ u8 key[WLAN_KEY_LEN_CCMP_256]; |
1816 |
+ } __packed; |
1817 |
+ |
1818 |
+ struct mwifiex_wapi_param { |
1819 |
+diff --git a/drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c b/drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c |
1820 |
+index 1e26936c0d727..aa84fdb709830 100644 |
1821 |
+--- a/drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c |
1822 |
++++ b/drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c |
1823 |
+@@ -625,7 +625,7 @@ static int mwifiex_ret_802_11_key_material_v2(struct mwifiex_private *priv, |
1824 |
+ key_v2 = &resp->params.key_material_v2; |
1825 |
+ |
1826 |
+ len = le16_to_cpu(key_v2->key_param_set.key_params.aes.key_len); |
1827 |
+- if (len > WLAN_KEY_LEN_CCMP) |
1828 |
++ if (len > sizeof(key_v2->key_param_set.key_params.aes.key)) |
1829 |
+ return -EINVAL; |
1830 |
+ |
1831 |
+ if (le16_to_cpu(key_v2->action) == HostCmd_ACT_GEN_SET) { |
1832 |
+@@ -641,7 +641,7 @@ static int mwifiex_ret_802_11_key_material_v2(struct mwifiex_private *priv, |
1833 |
+ return 0; |
1834 |
+ |
1835 |
+ memset(priv->aes_key_v2.key_param_set.key_params.aes.key, 0, |
1836 |
+- WLAN_KEY_LEN_CCMP); |
1837 |
++ sizeof(key_v2->key_param_set.key_params.aes.key)); |
1838 |
+ priv->aes_key_v2.key_param_set.key_params.aes.key_len = |
1839 |
+ cpu_to_le16(len); |
1840 |
+ memcpy(priv->aes_key_v2.key_param_set.key_params.aes.key, |
1841 |
+diff --git a/drivers/phy/phy-s5pv210-usb2.c b/drivers/phy/phy-s5pv210-usb2.c |
1842 |
+index 004d320767e4d..bb36cfd4e3e90 100644 |
1843 |
+--- a/drivers/phy/phy-s5pv210-usb2.c |
1844 |
++++ b/drivers/phy/phy-s5pv210-usb2.c |
1845 |
+@@ -142,6 +142,10 @@ static void s5pv210_phy_pwr(struct samsung_usb2_phy_instance *inst, bool on) |
1846 |
+ udelay(10); |
1847 |
+ rst &= ~rstbits; |
1848 |
+ writel(rst, drv->reg_phy + S5PV210_UPHYRST); |
1849 |
++ /* The following delay is necessary for the reset sequence to be |
1850 |
++ * completed |
1851 |
++ */ |
1852 |
++ udelay(80); |
1853 |
+ } else { |
1854 |
+ pwr = readl(drv->reg_phy + S5PV210_UPHYPWR); |
1855 |
+ pwr |= phypwr; |
1856 |
+diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c |
1857 |
+index 065f11a1964d4..39deea8601d68 100644 |
1858 |
+--- a/drivers/scsi/aacraid/aachba.c |
1859 |
++++ b/drivers/scsi/aacraid/aachba.c |
1860 |
+@@ -1929,13 +1929,13 @@ static int aac_read(struct scsi_cmnd * scsicmd) |
1861 |
+ scsicmd->result = DID_OK << 16 | COMMAND_COMPLETE << 8 | |
1862 |
+ SAM_STAT_CHECK_CONDITION; |
1863 |
+ set_sense(&dev->fsa_dev[cid].sense_data, |
1864 |
+- HARDWARE_ERROR, SENCODE_INTERNAL_TARGET_FAILURE, |
1865 |
++ ILLEGAL_REQUEST, SENCODE_LBA_OUT_OF_RANGE, |
1866 |
+ ASENCODE_INTERNAL_TARGET_FAILURE, 0, 0); |
1867 |
+ memcpy(scsicmd->sense_buffer, &dev->fsa_dev[cid].sense_data, |
1868 |
+ min_t(size_t, sizeof(dev->fsa_dev[cid].sense_data), |
1869 |
+ SCSI_SENSE_BUFFERSIZE)); |
1870 |
+ scsicmd->scsi_done(scsicmd); |
1871 |
+- return 1; |
1872 |
++ return 0; |
1873 |
+ } |
1874 |
+ |
1875 |
+ dprintk((KERN_DEBUG "aac_read[cpu %d]: lba = %llu, t = %ld.\n", |
1876 |
+@@ -2023,13 +2023,13 @@ static int aac_write(struct scsi_cmnd * scsicmd) |
1877 |
+ scsicmd->result = DID_OK << 16 | COMMAND_COMPLETE << 8 | |
1878 |
+ SAM_STAT_CHECK_CONDITION; |
1879 |
+ set_sense(&dev->fsa_dev[cid].sense_data, |
1880 |
+- HARDWARE_ERROR, SENCODE_INTERNAL_TARGET_FAILURE, |
1881 |
++ ILLEGAL_REQUEST, SENCODE_LBA_OUT_OF_RANGE, |
1882 |
+ ASENCODE_INTERNAL_TARGET_FAILURE, 0, 0); |
1883 |
+ memcpy(scsicmd->sense_buffer, &dev->fsa_dev[cid].sense_data, |
1884 |
+ min_t(size_t, sizeof(dev->fsa_dev[cid].sense_data), |
1885 |
+ SCSI_SENSE_BUFFERSIZE)); |
1886 |
+ scsicmd->scsi_done(scsicmd); |
1887 |
+- return 1; |
1888 |
++ return 0; |
1889 |
+ } |
1890 |
+ |
1891 |
+ dprintk((KERN_DEBUG "aac_write[cpu %d]: lba = %llu, t = %ld.\n", |
1892 |
+diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c |
1893 |
+index 52afbcff362f9..b7940fffca637 100644 |
1894 |
+--- a/drivers/scsi/lpfc/lpfc_ct.c |
1895 |
++++ b/drivers/scsi/lpfc/lpfc_ct.c |
1896 |
+@@ -1541,8 +1541,8 @@ lpfc_fdmi_hba_attr_wwnn(struct lpfc_vport *vport, struct lpfc_fdmi_attr_def *ad) |
1897 |
+ struct lpfc_fdmi_attr_entry *ae; |
1898 |
+ uint32_t size; |
1899 |
+ |
1900 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1901 |
+- memset(ae, 0, sizeof(struct lpfc_name)); |
1902 |
++ ae = &ad->AttrValue; |
1903 |
++ memset(ae, 0, sizeof(*ae)); |
1904 |
+ |
1905 |
+ memcpy(&ae->un.AttrWWN, &vport->fc_sparam.nodeName, |
1906 |
+ sizeof(struct lpfc_name)); |
1907 |
+@@ -1558,8 +1558,8 @@ lpfc_fdmi_hba_attr_manufacturer(struct lpfc_vport *vport, |
1908 |
+ struct lpfc_fdmi_attr_entry *ae; |
1909 |
+ uint32_t len, size; |
1910 |
+ |
1911 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1912 |
+- memset(ae, 0, 256); |
1913 |
++ ae = &ad->AttrValue; |
1914 |
++ memset(ae, 0, sizeof(*ae)); |
1915 |
+ |
1916 |
+ /* This string MUST be consistent with other FC platforms |
1917 |
+ * supported by Broadcom. |
1918 |
+@@ -1583,8 +1583,8 @@ lpfc_fdmi_hba_attr_sn(struct lpfc_vport *vport, struct lpfc_fdmi_attr_def *ad) |
1919 |
+ struct lpfc_fdmi_attr_entry *ae; |
1920 |
+ uint32_t len, size; |
1921 |
+ |
1922 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1923 |
+- memset(ae, 0, 256); |
1924 |
++ ae = &ad->AttrValue; |
1925 |
++ memset(ae, 0, sizeof(*ae)); |
1926 |
+ |
1927 |
+ strncpy(ae->un.AttrString, phba->SerialNumber, |
1928 |
+ sizeof(ae->un.AttrString)); |
1929 |
+@@ -1605,8 +1605,8 @@ lpfc_fdmi_hba_attr_model(struct lpfc_vport *vport, |
1930 |
+ struct lpfc_fdmi_attr_entry *ae; |
1931 |
+ uint32_t len, size; |
1932 |
+ |
1933 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1934 |
+- memset(ae, 0, 256); |
1935 |
++ ae = &ad->AttrValue; |
1936 |
++ memset(ae, 0, sizeof(*ae)); |
1937 |
+ |
1938 |
+ strncpy(ae->un.AttrString, phba->ModelName, |
1939 |
+ sizeof(ae->un.AttrString)); |
1940 |
+@@ -1626,8 +1626,8 @@ lpfc_fdmi_hba_attr_description(struct lpfc_vport *vport, |
1941 |
+ struct lpfc_fdmi_attr_entry *ae; |
1942 |
+ uint32_t len, size; |
1943 |
+ |
1944 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1945 |
+- memset(ae, 0, 256); |
1946 |
++ ae = &ad->AttrValue; |
1947 |
++ memset(ae, 0, sizeof(*ae)); |
1948 |
+ |
1949 |
+ strncpy(ae->un.AttrString, phba->ModelDesc, |
1950 |
+ sizeof(ae->un.AttrString)); |
1951 |
+@@ -1649,8 +1649,8 @@ lpfc_fdmi_hba_attr_hdw_ver(struct lpfc_vport *vport, |
1952 |
+ struct lpfc_fdmi_attr_entry *ae; |
1953 |
+ uint32_t i, j, incr, size; |
1954 |
+ |
1955 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1956 |
+- memset(ae, 0, 256); |
1957 |
++ ae = &ad->AttrValue; |
1958 |
++ memset(ae, 0, sizeof(*ae)); |
1959 |
+ |
1960 |
+ /* Convert JEDEC ID to ascii for hardware version */ |
1961 |
+ incr = vp->rev.biuRev; |
1962 |
+@@ -1679,8 +1679,8 @@ lpfc_fdmi_hba_attr_drvr_ver(struct lpfc_vport *vport, |
1963 |
+ struct lpfc_fdmi_attr_entry *ae; |
1964 |
+ uint32_t len, size; |
1965 |
+ |
1966 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1967 |
+- memset(ae, 0, 256); |
1968 |
++ ae = &ad->AttrValue; |
1969 |
++ memset(ae, 0, sizeof(*ae)); |
1970 |
+ |
1971 |
+ strncpy(ae->un.AttrString, lpfc_release_version, |
1972 |
+ sizeof(ae->un.AttrString)); |
1973 |
+@@ -1701,8 +1701,8 @@ lpfc_fdmi_hba_attr_rom_ver(struct lpfc_vport *vport, |
1974 |
+ struct lpfc_fdmi_attr_entry *ae; |
1975 |
+ uint32_t len, size; |
1976 |
+ |
1977 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1978 |
+- memset(ae, 0, 256); |
1979 |
++ ae = &ad->AttrValue; |
1980 |
++ memset(ae, 0, sizeof(*ae)); |
1981 |
+ |
1982 |
+ if (phba->sli_rev == LPFC_SLI_REV4) |
1983 |
+ lpfc_decode_firmware_rev(phba, ae->un.AttrString, 1); |
1984 |
+@@ -1726,8 +1726,8 @@ lpfc_fdmi_hba_attr_fmw_ver(struct lpfc_vport *vport, |
1985 |
+ struct lpfc_fdmi_attr_entry *ae; |
1986 |
+ uint32_t len, size; |
1987 |
+ |
1988 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
1989 |
+- memset(ae, 0, 256); |
1990 |
++ ae = &ad->AttrValue; |
1991 |
++ memset(ae, 0, sizeof(*ae)); |
1992 |
+ |
1993 |
+ lpfc_decode_firmware_rev(phba, ae->un.AttrString, 1); |
1994 |
+ len = strnlen(ae->un.AttrString, |
1995 |
+@@ -1746,8 +1746,8 @@ lpfc_fdmi_hba_attr_os_ver(struct lpfc_vport *vport, |
1996 |
+ struct lpfc_fdmi_attr_entry *ae; |
1997 |
+ uint32_t len, size; |
1998 |
+ |
1999 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2000 |
+- memset(ae, 0, 256); |
2001 |
++ ae = &ad->AttrValue; |
2002 |
++ memset(ae, 0, sizeof(*ae)); |
2003 |
+ |
2004 |
+ snprintf(ae->un.AttrString, sizeof(ae->un.AttrString), "%s %s %s", |
2005 |
+ init_utsname()->sysname, |
2006 |
+@@ -1769,7 +1769,7 @@ lpfc_fdmi_hba_attr_ct_len(struct lpfc_vport *vport, |
2007 |
+ struct lpfc_fdmi_attr_entry *ae; |
2008 |
+ uint32_t size; |
2009 |
+ |
2010 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2011 |
++ ae = &ad->AttrValue; |
2012 |
+ |
2013 |
+ ae->un.AttrInt = cpu_to_be32(LPFC_MAX_CT_SIZE); |
2014 |
+ size = FOURBYTES + sizeof(uint32_t); |
2015 |
+@@ -1785,8 +1785,8 @@ lpfc_fdmi_hba_attr_symbolic_name(struct lpfc_vport *vport, |
2016 |
+ struct lpfc_fdmi_attr_entry *ae; |
2017 |
+ uint32_t len, size; |
2018 |
+ |
2019 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2020 |
+- memset(ae, 0, 256); |
2021 |
++ ae = &ad->AttrValue; |
2022 |
++ memset(ae, 0, sizeof(*ae)); |
2023 |
+ |
2024 |
+ len = lpfc_vport_symbolic_node_name(vport, |
2025 |
+ ae->un.AttrString, 256); |
2026 |
+@@ -1804,7 +1804,7 @@ lpfc_fdmi_hba_attr_vendor_info(struct lpfc_vport *vport, |
2027 |
+ struct lpfc_fdmi_attr_entry *ae; |
2028 |
+ uint32_t size; |
2029 |
+ |
2030 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2031 |
++ ae = &ad->AttrValue; |
2032 |
+ |
2033 |
+ /* Nothing is defined for this currently */ |
2034 |
+ ae->un.AttrInt = cpu_to_be32(0); |
2035 |
+@@ -1821,7 +1821,7 @@ lpfc_fdmi_hba_attr_num_ports(struct lpfc_vport *vport, |
2036 |
+ struct lpfc_fdmi_attr_entry *ae; |
2037 |
+ uint32_t size; |
2038 |
+ |
2039 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2040 |
++ ae = &ad->AttrValue; |
2041 |
+ |
2042 |
+ /* Each driver instance corresponds to a single port */ |
2043 |
+ ae->un.AttrInt = cpu_to_be32(1); |
2044 |
+@@ -1838,8 +1838,8 @@ lpfc_fdmi_hba_attr_fabric_wwnn(struct lpfc_vport *vport, |
2045 |
+ struct lpfc_fdmi_attr_entry *ae; |
2046 |
+ uint32_t size; |
2047 |
+ |
2048 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2049 |
+- memset(ae, 0, sizeof(struct lpfc_name)); |
2050 |
++ ae = &ad->AttrValue; |
2051 |
++ memset(ae, 0, sizeof(*ae)); |
2052 |
+ |
2053 |
+ memcpy(&ae->un.AttrWWN, &vport->fabric_nodename, |
2054 |
+ sizeof(struct lpfc_name)); |
2055 |
+@@ -1857,8 +1857,8 @@ lpfc_fdmi_hba_attr_bios_ver(struct lpfc_vport *vport, |
2056 |
+ struct lpfc_fdmi_attr_entry *ae; |
2057 |
+ uint32_t len, size; |
2058 |
+ |
2059 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2060 |
+- memset(ae, 0, 256); |
2061 |
++ ae = &ad->AttrValue; |
2062 |
++ memset(ae, 0, sizeof(*ae)); |
2063 |
+ |
2064 |
+ lpfc_decode_firmware_rev(phba, ae->un.AttrString, 1); |
2065 |
+ len = strnlen(ae->un.AttrString, |
2066 |
+@@ -1877,7 +1877,7 @@ lpfc_fdmi_hba_attr_bios_state(struct lpfc_vport *vport, |
2067 |
+ struct lpfc_fdmi_attr_entry *ae; |
2068 |
+ uint32_t size; |
2069 |
+ |
2070 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2071 |
++ ae = &ad->AttrValue; |
2072 |
+ |
2073 |
+ /* Driver doesn't have access to this information */ |
2074 |
+ ae->un.AttrInt = cpu_to_be32(0); |
2075 |
+@@ -1894,8 +1894,8 @@ lpfc_fdmi_hba_attr_vendor_id(struct lpfc_vport *vport, |
2076 |
+ struct lpfc_fdmi_attr_entry *ae; |
2077 |
+ uint32_t len, size; |
2078 |
+ |
2079 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2080 |
+- memset(ae, 0, 256); |
2081 |
++ ae = &ad->AttrValue; |
2082 |
++ memset(ae, 0, sizeof(*ae)); |
2083 |
+ |
2084 |
+ strncpy(ae->un.AttrString, "EMULEX", |
2085 |
+ sizeof(ae->un.AttrString)); |
2086 |
+@@ -1916,8 +1916,8 @@ lpfc_fdmi_port_attr_fc4type(struct lpfc_vport *vport, |
2087 |
+ struct lpfc_fdmi_attr_entry *ae; |
2088 |
+ uint32_t size; |
2089 |
+ |
2090 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2091 |
+- memset(ae, 0, 32); |
2092 |
++ ae = &ad->AttrValue; |
2093 |
++ memset(ae, 0, sizeof(*ae)); |
2094 |
+ |
2095 |
+ ae->un.AttrTypes[3] = 0x02; /* Type 1 - ELS */ |
2096 |
+ ae->un.AttrTypes[2] = 0x01; /* Type 8 - FCP */ |
2097 |
+@@ -1936,7 +1936,7 @@ lpfc_fdmi_port_attr_support_speed(struct lpfc_vport *vport, |
2098 |
+ struct lpfc_fdmi_attr_entry *ae; |
2099 |
+ uint32_t size; |
2100 |
+ |
2101 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2102 |
++ ae = &ad->AttrValue; |
2103 |
+ |
2104 |
+ ae->un.AttrInt = 0; |
2105 |
+ if (!(phba->hba_flag & HBA_FCOE_MODE)) { |
2106 |
+@@ -1986,7 +1986,7 @@ lpfc_fdmi_port_attr_speed(struct lpfc_vport *vport, |
2107 |
+ struct lpfc_fdmi_attr_entry *ae; |
2108 |
+ uint32_t size; |
2109 |
+ |
2110 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2111 |
++ ae = &ad->AttrValue; |
2112 |
+ |
2113 |
+ if (!(phba->hba_flag & HBA_FCOE_MODE)) { |
2114 |
+ switch (phba->fc_linkspeed) { |
2115 |
+@@ -2050,7 +2050,7 @@ lpfc_fdmi_port_attr_max_frame(struct lpfc_vport *vport, |
2116 |
+ struct lpfc_fdmi_attr_entry *ae; |
2117 |
+ uint32_t size; |
2118 |
+ |
2119 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2120 |
++ ae = &ad->AttrValue; |
2121 |
+ |
2122 |
+ hsp = (struct serv_parm *)&vport->fc_sparam; |
2123 |
+ ae->un.AttrInt = (((uint32_t) hsp->cmn.bbRcvSizeMsb) << 8) | |
2124 |
+@@ -2070,8 +2070,8 @@ lpfc_fdmi_port_attr_os_devname(struct lpfc_vport *vport, |
2125 |
+ struct lpfc_fdmi_attr_entry *ae; |
2126 |
+ uint32_t len, size; |
2127 |
+ |
2128 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2129 |
+- memset(ae, 0, 256); |
2130 |
++ ae = &ad->AttrValue; |
2131 |
++ memset(ae, 0, sizeof(*ae)); |
2132 |
+ |
2133 |
+ snprintf(ae->un.AttrString, sizeof(ae->un.AttrString), |
2134 |
+ "/sys/class/scsi_host/host%d", shost->host_no); |
2135 |
+@@ -2091,8 +2091,8 @@ lpfc_fdmi_port_attr_host_name(struct lpfc_vport *vport, |
2136 |
+ struct lpfc_fdmi_attr_entry *ae; |
2137 |
+ uint32_t len, size; |
2138 |
+ |
2139 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2140 |
+- memset(ae, 0, 256); |
2141 |
++ ae = &ad->AttrValue; |
2142 |
++ memset(ae, 0, sizeof(*ae)); |
2143 |
+ |
2144 |
+ snprintf(ae->un.AttrString, sizeof(ae->un.AttrString), "%s", |
2145 |
+ init_utsname()->nodename); |
2146 |
+@@ -2112,8 +2112,8 @@ lpfc_fdmi_port_attr_wwnn(struct lpfc_vport *vport, |
2147 |
+ struct lpfc_fdmi_attr_entry *ae; |
2148 |
+ uint32_t size; |
2149 |
+ |
2150 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2151 |
+- memset(ae, 0, sizeof(struct lpfc_name)); |
2152 |
++ ae = &ad->AttrValue; |
2153 |
++ memset(ae, 0, sizeof(*ae)); |
2154 |
+ |
2155 |
+ memcpy(&ae->un.AttrWWN, &vport->fc_sparam.nodeName, |
2156 |
+ sizeof(struct lpfc_name)); |
2157 |
+@@ -2130,8 +2130,8 @@ lpfc_fdmi_port_attr_wwpn(struct lpfc_vport *vport, |
2158 |
+ struct lpfc_fdmi_attr_entry *ae; |
2159 |
+ uint32_t size; |
2160 |
+ |
2161 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2162 |
+- memset(ae, 0, sizeof(struct lpfc_name)); |
2163 |
++ ae = &ad->AttrValue; |
2164 |
++ memset(ae, 0, sizeof(*ae)); |
2165 |
+ |
2166 |
+ memcpy(&ae->un.AttrWWN, &vport->fc_sparam.portName, |
2167 |
+ sizeof(struct lpfc_name)); |
2168 |
+@@ -2148,8 +2148,8 @@ lpfc_fdmi_port_attr_symbolic_name(struct lpfc_vport *vport, |
2169 |
+ struct lpfc_fdmi_attr_entry *ae; |
2170 |
+ uint32_t len, size; |
2171 |
+ |
2172 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2173 |
+- memset(ae, 0, 256); |
2174 |
++ ae = &ad->AttrValue; |
2175 |
++ memset(ae, 0, sizeof(*ae)); |
2176 |
+ |
2177 |
+ len = lpfc_vport_symbolic_port_name(vport, ae->un.AttrString, 256); |
2178 |
+ len += (len & 3) ? (4 - (len & 3)) : 4; |
2179 |
+@@ -2167,7 +2167,7 @@ lpfc_fdmi_port_attr_port_type(struct lpfc_vport *vport, |
2180 |
+ struct lpfc_fdmi_attr_entry *ae; |
2181 |
+ uint32_t size; |
2182 |
+ |
2183 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2184 |
++ ae = &ad->AttrValue; |
2185 |
+ if (phba->fc_topology == LPFC_TOPOLOGY_LOOP) |
2186 |
+ ae->un.AttrInt = cpu_to_be32(LPFC_FDMI_PORTTYPE_NLPORT); |
2187 |
+ else |
2188 |
+@@ -2185,7 +2185,7 @@ lpfc_fdmi_port_attr_class(struct lpfc_vport *vport, |
2189 |
+ struct lpfc_fdmi_attr_entry *ae; |
2190 |
+ uint32_t size; |
2191 |
+ |
2192 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2193 |
++ ae = &ad->AttrValue; |
2194 |
+ ae->un.AttrInt = cpu_to_be32(FC_COS_CLASS2 | FC_COS_CLASS3); |
2195 |
+ size = FOURBYTES + sizeof(uint32_t); |
2196 |
+ ad->AttrLen = cpu_to_be16(size); |
2197 |
+@@ -2200,8 +2200,8 @@ lpfc_fdmi_port_attr_fabric_wwpn(struct lpfc_vport *vport, |
2198 |
+ struct lpfc_fdmi_attr_entry *ae; |
2199 |
+ uint32_t size; |
2200 |
+ |
2201 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2202 |
+- memset(ae, 0, sizeof(struct lpfc_name)); |
2203 |
++ ae = &ad->AttrValue; |
2204 |
++ memset(ae, 0, sizeof(*ae)); |
2205 |
+ |
2206 |
+ memcpy(&ae->un.AttrWWN, &vport->fabric_portname, |
2207 |
+ sizeof(struct lpfc_name)); |
2208 |
+@@ -2218,8 +2218,8 @@ lpfc_fdmi_port_attr_active_fc4type(struct lpfc_vport *vport, |
2209 |
+ struct lpfc_fdmi_attr_entry *ae; |
2210 |
+ uint32_t size; |
2211 |
+ |
2212 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2213 |
+- memset(ae, 0, 32); |
2214 |
++ ae = &ad->AttrValue; |
2215 |
++ memset(ae, 0, sizeof(*ae)); |
2216 |
+ |
2217 |
+ ae->un.AttrTypes[3] = 0x02; /* Type 1 - ELS */ |
2218 |
+ ae->un.AttrTypes[2] = 0x01; /* Type 8 - FCP */ |
2219 |
+@@ -2237,7 +2237,7 @@ lpfc_fdmi_port_attr_port_state(struct lpfc_vport *vport, |
2220 |
+ struct lpfc_fdmi_attr_entry *ae; |
2221 |
+ uint32_t size; |
2222 |
+ |
2223 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2224 |
++ ae = &ad->AttrValue; |
2225 |
+ /* Link Up - operational */ |
2226 |
+ ae->un.AttrInt = cpu_to_be32(LPFC_FDMI_PORTSTATE_ONLINE); |
2227 |
+ size = FOURBYTES + sizeof(uint32_t); |
2228 |
+@@ -2253,7 +2253,7 @@ lpfc_fdmi_port_attr_num_disc(struct lpfc_vport *vport, |
2229 |
+ struct lpfc_fdmi_attr_entry *ae; |
2230 |
+ uint32_t size; |
2231 |
+ |
2232 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2233 |
++ ae = &ad->AttrValue; |
2234 |
+ vport->fdmi_num_disc = lpfc_find_map_node(vport); |
2235 |
+ ae->un.AttrInt = cpu_to_be32(vport->fdmi_num_disc); |
2236 |
+ size = FOURBYTES + sizeof(uint32_t); |
2237 |
+@@ -2269,7 +2269,7 @@ lpfc_fdmi_port_attr_nportid(struct lpfc_vport *vport, |
2238 |
+ struct lpfc_fdmi_attr_entry *ae; |
2239 |
+ uint32_t size; |
2240 |
+ |
2241 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2242 |
++ ae = &ad->AttrValue; |
2243 |
+ ae->un.AttrInt = cpu_to_be32(vport->fc_myDID); |
2244 |
+ size = FOURBYTES + sizeof(uint32_t); |
2245 |
+ ad->AttrLen = cpu_to_be16(size); |
2246 |
+@@ -2284,8 +2284,8 @@ lpfc_fdmi_smart_attr_service(struct lpfc_vport *vport, |
2247 |
+ struct lpfc_fdmi_attr_entry *ae; |
2248 |
+ uint32_t len, size; |
2249 |
+ |
2250 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2251 |
+- memset(ae, 0, 256); |
2252 |
++ ae = &ad->AttrValue; |
2253 |
++ memset(ae, 0, sizeof(*ae)); |
2254 |
+ |
2255 |
+ strncpy(ae->un.AttrString, "Smart SAN Initiator", |
2256 |
+ sizeof(ae->un.AttrString)); |
2257 |
+@@ -2305,8 +2305,8 @@ lpfc_fdmi_smart_attr_guid(struct lpfc_vport *vport, |
2258 |
+ struct lpfc_fdmi_attr_entry *ae; |
2259 |
+ uint32_t size; |
2260 |
+ |
2261 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2262 |
+- memset(ae, 0, 256); |
2263 |
++ ae = &ad->AttrValue; |
2264 |
++ memset(ae, 0, sizeof(*ae)); |
2265 |
+ |
2266 |
+ memcpy(&ae->un.AttrString, &vport->fc_sparam.nodeName, |
2267 |
+ sizeof(struct lpfc_name)); |
2268 |
+@@ -2326,8 +2326,8 @@ lpfc_fdmi_smart_attr_version(struct lpfc_vport *vport, |
2269 |
+ struct lpfc_fdmi_attr_entry *ae; |
2270 |
+ uint32_t len, size; |
2271 |
+ |
2272 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2273 |
+- memset(ae, 0, 256); |
2274 |
++ ae = &ad->AttrValue; |
2275 |
++ memset(ae, 0, sizeof(*ae)); |
2276 |
+ |
2277 |
+ strncpy(ae->un.AttrString, "Smart SAN Version 2.0", |
2278 |
+ sizeof(ae->un.AttrString)); |
2279 |
+@@ -2348,8 +2348,8 @@ lpfc_fdmi_smart_attr_model(struct lpfc_vport *vport, |
2280 |
+ struct lpfc_fdmi_attr_entry *ae; |
2281 |
+ uint32_t len, size; |
2282 |
+ |
2283 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2284 |
+- memset(ae, 0, 256); |
2285 |
++ ae = &ad->AttrValue; |
2286 |
++ memset(ae, 0, sizeof(*ae)); |
2287 |
+ |
2288 |
+ strncpy(ae->un.AttrString, phba->ModelName, |
2289 |
+ sizeof(ae->un.AttrString)); |
2290 |
+@@ -2368,7 +2368,7 @@ lpfc_fdmi_smart_attr_port_info(struct lpfc_vport *vport, |
2291 |
+ struct lpfc_fdmi_attr_entry *ae; |
2292 |
+ uint32_t size; |
2293 |
+ |
2294 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2295 |
++ ae = &ad->AttrValue; |
2296 |
+ |
2297 |
+ /* SRIOV (type 3) is not supported */ |
2298 |
+ if (vport->vpi) |
2299 |
+@@ -2388,7 +2388,7 @@ lpfc_fdmi_smart_attr_qos(struct lpfc_vport *vport, |
2300 |
+ struct lpfc_fdmi_attr_entry *ae; |
2301 |
+ uint32_t size; |
2302 |
+ |
2303 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2304 |
++ ae = &ad->AttrValue; |
2305 |
+ ae->un.AttrInt = cpu_to_be32(0); |
2306 |
+ size = FOURBYTES + sizeof(uint32_t); |
2307 |
+ ad->AttrLen = cpu_to_be16(size); |
2308 |
+@@ -2403,7 +2403,7 @@ lpfc_fdmi_smart_attr_security(struct lpfc_vport *vport, |
2309 |
+ struct lpfc_fdmi_attr_entry *ae; |
2310 |
+ uint32_t size; |
2311 |
+ |
2312 |
+- ae = (struct lpfc_fdmi_attr_entry *)&ad->AttrValue; |
2313 |
++ ae = &ad->AttrValue; |
2314 |
+ ae->un.AttrInt = cpu_to_be32(1); |
2315 |
+ size = FOURBYTES + sizeof(uint32_t); |
2316 |
+ ad->AttrLen = cpu_to_be16(size); |
2317 |
+@@ -2551,7 +2551,8 @@ lpfc_fdmi_cmd(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp, |
2318 |
+ /* Registered Port List */ |
2319 |
+ /* One entry (port) per adapter */ |
2320 |
+ rh->rpl.EntryCnt = cpu_to_be32(1); |
2321 |
+- memcpy(&rh->rpl.pe, &phba->pport->fc_sparam.portName, |
2322 |
++ memcpy(&rh->rpl.pe.PortName, |
2323 |
++ &phba->pport->fc_sparam.portName, |
2324 |
+ sizeof(struct lpfc_name)); |
2325 |
+ |
2326 |
+ /* point to the HBA attribute block */ |
2327 |
+diff --git a/drivers/scsi/lpfc/lpfc_hw.h b/drivers/scsi/lpfc/lpfc_hw.h |
2328 |
+index 3b970d3706008..daab21f940fb8 100644 |
2329 |
+--- a/drivers/scsi/lpfc/lpfc_hw.h |
2330 |
++++ b/drivers/scsi/lpfc/lpfc_hw.h |
2331 |
+@@ -1289,25 +1289,8 @@ struct fc_rdp_res_frame { |
2332 |
+ /* lpfc_sli_ct_request defines the CT_IU preamble for FDMI commands */ |
2333 |
+ #define SLI_CT_FDMI_Subtypes 0x10 /* Management Service Subtype */ |
2334 |
+ |
2335 |
+-/* |
2336 |
+- * Registered Port List Format |
2337 |
+- */ |
2338 |
+-struct lpfc_fdmi_reg_port_list { |
2339 |
+- uint32_t EntryCnt; |
2340 |
+- uint32_t pe; /* Variable-length array */ |
2341 |
+-}; |
2342 |
+- |
2343 |
+- |
2344 |
+ /* Definitions for HBA / Port attribute entries */ |
2345 |
+ |
2346 |
+-struct lpfc_fdmi_attr_def { /* Defined in TLV format */ |
2347 |
+- /* Structure is in Big Endian format */ |
2348 |
+- uint32_t AttrType:16; |
2349 |
+- uint32_t AttrLen:16; |
2350 |
+- uint32_t AttrValue; /* Marks start of Value (ATTRIBUTE_ENTRY) */ |
2351 |
+-}; |
2352 |
+- |
2353 |
+- |
2354 |
+ /* Attribute Entry */ |
2355 |
+ struct lpfc_fdmi_attr_entry { |
2356 |
+ union { |
2357 |
+@@ -1318,7 +1301,13 @@ struct lpfc_fdmi_attr_entry { |
2358 |
+ } un; |
2359 |
+ }; |
2360 |
+ |
2361 |
+-#define LPFC_FDMI_MAX_AE_SIZE sizeof(struct lpfc_fdmi_attr_entry) |
2362 |
++struct lpfc_fdmi_attr_def { /* Defined in TLV format */ |
2363 |
++ /* Structure is in Big Endian format */ |
2364 |
++ uint32_t AttrType:16; |
2365 |
++ uint32_t AttrLen:16; |
2366 |
++ /* Marks start of Value (ATTRIBUTE_ENTRY) */ |
2367 |
++ struct lpfc_fdmi_attr_entry AttrValue; |
2368 |
++} __packed; |
2369 |
+ |
2370 |
+ /* |
2371 |
+ * HBA Attribute Block |
2372 |
+@@ -1342,13 +1331,20 @@ struct lpfc_fdmi_hba_ident { |
2373 |
+ struct lpfc_name PortName; |
2374 |
+ }; |
2375 |
+ |
2376 |
++/* |
2377 |
++ * Registered Port List Format |
2378 |
++ */ |
2379 |
++struct lpfc_fdmi_reg_port_list { |
2380 |
++ uint32_t EntryCnt; |
2381 |
++ struct lpfc_fdmi_port_entry pe; |
2382 |
++} __packed; |
2383 |
++ |
2384 |
+ /* |
2385 |
+ * Register HBA(RHBA) |
2386 |
+ */ |
2387 |
+ struct lpfc_fdmi_reg_hba { |
2388 |
+ struct lpfc_fdmi_hba_ident hi; |
2389 |
+- struct lpfc_fdmi_reg_port_list rpl; /* variable-length array */ |
2390 |
+-/* struct lpfc_fdmi_attr_block ab; */ |
2391 |
++ struct lpfc_fdmi_reg_port_list rpl; |
2392 |
+ }; |
2393 |
+ |
2394 |
+ /* |
2395 |
+diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c |
2396 |
+index 1c34dc3355498..08c76c361e8dc 100644 |
2397 |
+--- a/drivers/scsi/lpfc/lpfc_sli.c |
2398 |
++++ b/drivers/scsi/lpfc/lpfc_sli.c |
2399 |
+@@ -15648,6 +15648,10 @@ lpfc_prep_seq(struct lpfc_vport *vport, struct hbq_dmabuf *seq_dmabuf) |
2400 |
+ list_add_tail(&iocbq->list, &first_iocbq->list); |
2401 |
+ } |
2402 |
+ } |
2403 |
++ /* Free the sequence's header buffer */ |
2404 |
++ if (!first_iocbq) |
2405 |
++ lpfc_in_buf_free(vport->phba, &seq_dmabuf->dbuf); |
2406 |
++ |
2407 |
+ return first_iocbq; |
2408 |
+ } |
2409 |
+ |
2410 |
+diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c |
2411 |
+index 6624cc07ac044..8dbfd4ffd6355 100644 |
2412 |
+--- a/drivers/tty/serial/8250/8250_core.c |
2413 |
++++ b/drivers/tty/serial/8250/8250_core.c |
2414 |
+@@ -1046,8 +1046,10 @@ int serial8250_register_8250_port(struct uart_8250_port *up) |
2415 |
+ |
2416 |
+ ret = uart_add_one_port(&serial8250_reg, |
2417 |
+ &uart->port); |
2418 |
+- if (ret == 0) |
2419 |
+- ret = uart->port.line; |
2420 |
++ if (ret) |
2421 |
++ goto err; |
2422 |
++ |
2423 |
++ ret = uart->port.line; |
2424 |
+ } else { |
2425 |
+ dev_info(uart->port.dev, |
2426 |
+ "skipping CIR port at 0x%lx / 0x%llx, IRQ %d\n", |
2427 |
+@@ -1061,6 +1063,11 @@ int serial8250_register_8250_port(struct uart_8250_port *up) |
2428 |
+ mutex_unlock(&serial_mutex); |
2429 |
+ |
2430 |
+ return ret; |
2431 |
++ |
2432 |
++err: |
2433 |
++ uart->port.dev = NULL; |
2434 |
++ mutex_unlock(&serial_mutex); |
2435 |
++ return ret; |
2436 |
+ } |
2437 |
+ EXPORT_SYMBOL(serial8250_register_8250_port); |
2438 |
+ |
2439 |
+diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c |
2440 |
+index a3adf21f9dcec..d41be02abced2 100644 |
2441 |
+--- a/drivers/tty/serial/8250/8250_omap.c |
2442 |
++++ b/drivers/tty/serial/8250/8250_omap.c |
2443 |
+@@ -773,7 +773,10 @@ static void __dma_rx_do_complete(struct uart_8250_port *p) |
2444 |
+ dmaengine_tx_status(dma->rxchan, dma->rx_cookie, &state); |
2445 |
+ |
2446 |
+ count = dma->rx_size - state.residue; |
2447 |
+- |
2448 |
++ if (count < dma->rx_size) |
2449 |
++ dmaengine_terminate_async(dma->rxchan); |
2450 |
++ if (!count) |
2451 |
++ goto unlock; |
2452 |
+ ret = tty_insert_flip_string(tty_port, dma->rx_buf, count); |
2453 |
+ |
2454 |
+ p->port.icount.rx += ret; |
2455 |
+@@ -811,7 +814,6 @@ static void omap_8250_rx_dma_flush(struct uart_8250_port *p) |
2456 |
+ spin_unlock_irqrestore(&priv->rx_dma_lock, flags); |
2457 |
+ |
2458 |
+ __dma_rx_do_complete(p); |
2459 |
+- dmaengine_terminate_all(dma->rxchan); |
2460 |
+ } |
2461 |
+ |
2462 |
+ static int omap_8250_rx_dma(struct uart_8250_port *p) |
2463 |
+@@ -1194,11 +1196,11 @@ static int omap8250_probe(struct platform_device *pdev) |
2464 |
+ spin_lock_init(&priv->rx_dma_lock); |
2465 |
+ |
2466 |
+ device_init_wakeup(&pdev->dev, true); |
2467 |
++ pm_runtime_enable(&pdev->dev); |
2468 |
+ pm_runtime_use_autosuspend(&pdev->dev); |
2469 |
+ pm_runtime_set_autosuspend_delay(&pdev->dev, -1); |
2470 |
+ |
2471 |
+ pm_runtime_irq_safe(&pdev->dev); |
2472 |
+- pm_runtime_enable(&pdev->dev); |
2473 |
+ |
2474 |
+ pm_runtime_get_sync(&pdev->dev); |
2475 |
+ |
2476 |
+diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c |
2477 |
+index 5641b877dca53..827a641ac336e 100644 |
2478 |
+--- a/drivers/tty/serial/8250/8250_port.c |
2479 |
++++ b/drivers/tty/serial/8250/8250_port.c |
2480 |
+@@ -1806,6 +1806,7 @@ int serial8250_handle_irq(struct uart_port *port, unsigned int iir) |
2481 |
+ unsigned char status; |
2482 |
+ unsigned long flags; |
2483 |
+ struct uart_8250_port *up = up_to_u8250p(port); |
2484 |
++ bool skip_rx = false; |
2485 |
+ |
2486 |
+ if (iir & UART_IIR_NO_INT) |
2487 |
+ return 0; |
2488 |
+@@ -1814,7 +1815,20 @@ int serial8250_handle_irq(struct uart_port *port, unsigned int iir) |
2489 |
+ |
2490 |
+ status = serial_port_in(port, UART_LSR); |
2491 |
+ |
2492 |
+- if (status & (UART_LSR_DR | UART_LSR_BI)) { |
2493 |
++ /* |
2494 |
++ * If port is stopped and there are no error conditions in the |
2495 |
++ * FIFO, then don't drain the FIFO, as this may lead to TTY buffer |
2496 |
++ * overflow. Not servicing, RX FIFO would trigger auto HW flow |
2497 |
++ * control when FIFO occupancy reaches preset threshold, thus |
2498 |
++ * halting RX. This only works when auto HW flow control is |
2499 |
++ * available. |
2500 |
++ */ |
2501 |
++ if (!(status & (UART_LSR_FIFOE | UART_LSR_BRK_ERROR_BITS)) && |
2502 |
++ (port->status & (UPSTAT_AUTOCTS | UPSTAT_AUTORTS)) && |
2503 |
++ !(port->read_status_mask & UART_LSR_DR)) |
2504 |
++ skip_rx = true; |
2505 |
++ |
2506 |
++ if (status & (UART_LSR_DR | UART_LSR_BI) && !skip_rx) { |
2507 |
+ if (!up->dma || handle_rx_dma(up, iir)) |
2508 |
+ status = serial8250_rx_chars(up, status); |
2509 |
+ } |
2510 |
+diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c |
2511 |
+index 4dfdb59061bea..8c89697c53573 100644 |
2512 |
+--- a/drivers/tty/serial/samsung.c |
2513 |
++++ b/drivers/tty/serial/samsung.c |
2514 |
+@@ -1157,14 +1157,14 @@ static unsigned int s3c24xx_serial_getclk(struct s3c24xx_uart_port *ourport, |
2515 |
+ struct s3c24xx_uart_info *info = ourport->info; |
2516 |
+ struct clk *clk; |
2517 |
+ unsigned long rate; |
2518 |
+- unsigned int cnt, baud, quot, clk_sel, best_quot = 0; |
2519 |
++ unsigned int cnt, baud, quot, best_quot = 0; |
2520 |
+ char clkname[MAX_CLK_NAME_LENGTH]; |
2521 |
+ int calc_deviation, deviation = (1 << 30) - 1; |
2522 |
+ |
2523 |
+- clk_sel = (ourport->cfg->clk_sel) ? ourport->cfg->clk_sel : |
2524 |
+- ourport->info->def_clk_sel; |
2525 |
+ for (cnt = 0; cnt < info->num_clks; cnt++) { |
2526 |
+- if (!(clk_sel & (1 << cnt))) |
2527 |
++ /* Keep selected clock if provided */ |
2528 |
++ if (ourport->cfg->clk_sel && |
2529 |
++ !(ourport->cfg->clk_sel & (1 << cnt))) |
2530 |
+ continue; |
2531 |
+ |
2532 |
+ sprintf(clkname, "clk_uart_baud%d", cnt); |
2533 |
+diff --git a/drivers/usb/host/ehci-mv.c b/drivers/usb/host/ehci-mv.c |
2534 |
+index 849806a75f1ce..b29610899c9f6 100644 |
2535 |
+--- a/drivers/usb/host/ehci-mv.c |
2536 |
++++ b/drivers/usb/host/ehci-mv.c |
2537 |
+@@ -196,12 +196,10 @@ static int mv_ehci_probe(struct platform_device *pdev) |
2538 |
+ hcd->rsrc_len = resource_size(r); |
2539 |
+ hcd->regs = ehci_mv->op_regs; |
2540 |
+ |
2541 |
+- hcd->irq = platform_get_irq(pdev, 0); |
2542 |
+- if (!hcd->irq) { |
2543 |
+- dev_err(&pdev->dev, "Cannot get irq."); |
2544 |
+- retval = -ENODEV; |
2545 |
++ retval = platform_get_irq(pdev, 0); |
2546 |
++ if (retval < 0) |
2547 |
+ goto err_disable_clk; |
2548 |
+- } |
2549 |
++ hcd->irq = retval; |
2550 |
+ |
2551 |
+ ehci = hcd_to_ehci(hcd); |
2552 |
+ ehci->caps = (struct ehci_caps *) ehci_mv->cap_regs; |
2553 |
+diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c |
2554 |
+index 2254c281cc766..237d5aceb302d 100644 |
2555 |
+--- a/drivers/vfio/pci/vfio_pci.c |
2556 |
++++ b/drivers/vfio/pci/vfio_pci.c |
2557 |
+@@ -392,6 +392,19 @@ static void vfio_pci_release(void *device_data) |
2558 |
+ if (!(--vdev->refcnt)) { |
2559 |
+ vfio_spapr_pci_eeh_release(vdev->pdev); |
2560 |
+ vfio_pci_disable(vdev); |
2561 |
++ mutex_lock(&vdev->igate); |
2562 |
++ if (vdev->err_trigger) { |
2563 |
++ eventfd_ctx_put(vdev->err_trigger); |
2564 |
++ vdev->err_trigger = NULL; |
2565 |
++ } |
2566 |
++ mutex_unlock(&vdev->igate); |
2567 |
++ |
2568 |
++ mutex_lock(&vdev->igate); |
2569 |
++ if (vdev->req_trigger) { |
2570 |
++ eventfd_ctx_put(vdev->req_trigger); |
2571 |
++ vdev->req_trigger = NULL; |
2572 |
++ } |
2573 |
++ mutex_unlock(&vdev->igate); |
2574 |
+ } |
2575 |
+ |
2576 |
+ mutex_unlock(&driver_lock); |
2577 |
+diff --git a/fs/block_dev.c b/fs/block_dev.c |
2578 |
+index 06f7cbe201326..98b37e77683d3 100644 |
2579 |
+--- a/fs/block_dev.c |
2580 |
++++ b/fs/block_dev.c |
2581 |
+@@ -1586,6 +1586,16 @@ static void __blkdev_put(struct block_device *bdev, fmode_t mode, int for_part) |
2582 |
+ struct gendisk *disk = bdev->bd_disk; |
2583 |
+ struct block_device *victim = NULL; |
2584 |
+ |
2585 |
++ /* |
2586 |
++ * Sync early if it looks like we're the last one. If someone else |
2587 |
++ * opens the block device between now and the decrement of bd_openers |
2588 |
++ * then we did a sync that we didn't need to, but that's not the end |
2589 |
++ * of the world and we want to avoid long (could be several minute) |
2590 |
++ * syncs while holding the mutex. |
2591 |
++ */ |
2592 |
++ if (bdev->bd_openers == 1) |
2593 |
++ sync_blockdev(bdev); |
2594 |
++ |
2595 |
+ mutex_lock_nested(&bdev->bd_mutex, for_part); |
2596 |
+ if (for_part) |
2597 |
+ bdev->bd_part_count--; |
2598 |
+diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c |
2599 |
+index c0033a0d00787..b5bff1e760a34 100644 |
2600 |
+--- a/fs/btrfs/extent-tree.c |
2601 |
++++ b/fs/btrfs/extent-tree.c |
2602 |
+@@ -9435,8 +9435,6 @@ out: |
2603 |
+ */ |
2604 |
+ if (!for_reloc && root_dropped == false) |
2605 |
+ btrfs_add_dead_root(root); |
2606 |
+- if (err && err != -EAGAIN) |
2607 |
+- btrfs_handle_fs_error(fs_info, err, NULL); |
2608 |
+ return err; |
2609 |
+ } |
2610 |
+ |
2611 |
+diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c |
2612 |
+index e11aacb35d6b5..cbd92dd89de16 100644 |
2613 |
+--- a/fs/ceph/caps.c |
2614 |
++++ b/fs/ceph/caps.c |
2615 |
+@@ -1807,12 +1807,24 @@ ack: |
2616 |
+ if (mutex_trylock(&session->s_mutex) == 0) { |
2617 |
+ dout("inverting session/ino locks on %p\n", |
2618 |
+ session); |
2619 |
++ session = ceph_get_mds_session(session); |
2620 |
+ spin_unlock(&ci->i_ceph_lock); |
2621 |
+ if (took_snap_rwsem) { |
2622 |
+ up_read(&mdsc->snap_rwsem); |
2623 |
+ took_snap_rwsem = 0; |
2624 |
+ } |
2625 |
+- mutex_lock(&session->s_mutex); |
2626 |
++ if (session) { |
2627 |
++ mutex_lock(&session->s_mutex); |
2628 |
++ ceph_put_mds_session(session); |
2629 |
++ } else { |
2630 |
++ /* |
2631 |
++ * Because we take the reference while |
2632 |
++ * holding the i_ceph_lock, it should |
2633 |
++ * never be NULL. Throw a warning if it |
2634 |
++ * ever is. |
2635 |
++ */ |
2636 |
++ WARN_ON_ONCE(true); |
2637 |
++ } |
2638 |
+ goto retry; |
2639 |
+ } |
2640 |
+ } |
2641 |
+diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h |
2642 |
+index 7ae21ad420fbf..a12258c32e8a3 100644 |
2643 |
+--- a/fs/cifs/cifsglob.h |
2644 |
++++ b/fs/cifs/cifsglob.h |
2645 |
+@@ -242,8 +242,9 @@ struct smb_version_operations { |
2646 |
+ int (*check_message)(char *, unsigned int, struct TCP_Server_Info *); |
2647 |
+ bool (*is_oplock_break)(char *, struct TCP_Server_Info *); |
2648 |
+ int (*handle_cancelled_mid)(char *, struct TCP_Server_Info *); |
2649 |
+- void (*downgrade_oplock)(struct TCP_Server_Info *, |
2650 |
+- struct cifsInodeInfo *, bool); |
2651 |
++ void (*downgrade_oplock)(struct TCP_Server_Info *server, |
2652 |
++ struct cifsInodeInfo *cinode, __u32 oplock, |
2653 |
++ unsigned int epoch, bool *purge_cache); |
2654 |
+ /* process transaction2 response */ |
2655 |
+ bool (*check_trans2)(struct mid_q_entry *, struct TCP_Server_Info *, |
2656 |
+ char *, int); |
2657 |
+@@ -1080,6 +1081,8 @@ struct cifsFileInfo { |
2658 |
+ unsigned int f_flags; |
2659 |
+ bool invalidHandle:1; /* file closed via session abend */ |
2660 |
+ bool oplock_break_cancelled:1; |
2661 |
++ unsigned int oplock_epoch; /* epoch from the lease break */ |
2662 |
++ __u32 oplock_level; /* oplock/lease level from the lease break */ |
2663 |
+ int count; |
2664 |
+ spinlock_t file_info_lock; /* protects four flag/count fields above */ |
2665 |
+ struct mutex fh_mutex; /* prevents reopen race after dead ses*/ |
2666 |
+@@ -1191,7 +1194,7 @@ struct cifsInodeInfo { |
2667 |
+ unsigned int epoch; /* used to track lease state changes */ |
2668 |
+ #define CIFS_INODE_PENDING_OPLOCK_BREAK (0) /* oplock break in progress */ |
2669 |
+ #define CIFS_INODE_PENDING_WRITERS (1) /* Writes in progress */ |
2670 |
+-#define CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2 (2) /* Downgrade oplock to L2 */ |
2671 |
++#define CIFS_INODE_FLAG_UNUSED (2) /* Unused flag */ |
2672 |
+ #define CIFS_INO_DELETE_PENDING (3) /* delete pending on server */ |
2673 |
+ #define CIFS_INO_INVALID_MAPPING (4) /* pagecache is invalid */ |
2674 |
+ #define CIFS_INO_LOCK (5) /* lock bit for synchronization */ |
2675 |
+diff --git a/fs/cifs/file.c b/fs/cifs/file.c |
2676 |
+index b2919166855f5..24508b69e78b7 100644 |
2677 |
+--- a/fs/cifs/file.c |
2678 |
++++ b/fs/cifs/file.c |
2679 |
+@@ -3531,7 +3531,8 @@ readpages_get_pages(struct address_space *mapping, struct list_head *page_list, |
2680 |
+ break; |
2681 |
+ |
2682 |
+ __SetPageLocked(page); |
2683 |
+- if (add_to_page_cache_locked(page, mapping, page->index, gfp)) { |
2684 |
++ rc = add_to_page_cache_locked(page, mapping, page->index, gfp); |
2685 |
++ if (rc) { |
2686 |
+ __ClearPageLocked(page); |
2687 |
+ break; |
2688 |
+ } |
2689 |
+@@ -3547,6 +3548,7 @@ static int cifs_readpages(struct file *file, struct address_space *mapping, |
2690 |
+ struct list_head *page_list, unsigned num_pages) |
2691 |
+ { |
2692 |
+ int rc; |
2693 |
++ int err = 0; |
2694 |
+ struct list_head tmplist; |
2695 |
+ struct cifsFileInfo *open_file = file->private_data; |
2696 |
+ struct cifs_sb_info *cifs_sb = CIFS_FILE_SB(file); |
2697 |
+@@ -3587,7 +3589,7 @@ static int cifs_readpages(struct file *file, struct address_space *mapping, |
2698 |
+ * the order of declining indexes. When we put the pages in |
2699 |
+ * the rdata->pages, then we want them in increasing order. |
2700 |
+ */ |
2701 |
+- while (!list_empty(page_list)) { |
2702 |
++ while (!list_empty(page_list) && !err) { |
2703 |
+ unsigned int i, nr_pages, bytes, rsize; |
2704 |
+ loff_t offset; |
2705 |
+ struct page *page, *tpage; |
2706 |
+@@ -3610,9 +3612,10 @@ static int cifs_readpages(struct file *file, struct address_space *mapping, |
2707 |
+ return 0; |
2708 |
+ } |
2709 |
+ |
2710 |
+- rc = readpages_get_pages(mapping, page_list, rsize, &tmplist, |
2711 |
++ nr_pages = 0; |
2712 |
++ err = readpages_get_pages(mapping, page_list, rsize, &tmplist, |
2713 |
+ &nr_pages, &offset, &bytes); |
2714 |
+- if (rc) { |
2715 |
++ if (!nr_pages) { |
2716 |
+ add_credits_and_wake_if(server, credits, 0); |
2717 |
+ break; |
2718 |
+ } |
2719 |
+@@ -3912,12 +3915,13 @@ void cifs_oplock_break(struct work_struct *work) |
2720 |
+ struct cifs_tcon *tcon = tlink_tcon(cfile->tlink); |
2721 |
+ struct TCP_Server_Info *server = tcon->ses->server; |
2722 |
+ int rc = 0; |
2723 |
++ bool purge_cache = false; |
2724 |
+ |
2725 |
+ wait_on_bit(&cinode->flags, CIFS_INODE_PENDING_WRITERS, |
2726 |
+ TASK_UNINTERRUPTIBLE); |
2727 |
+ |
2728 |
+- server->ops->downgrade_oplock(server, cinode, |
2729 |
+- test_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, &cinode->flags)); |
2730 |
++ server->ops->downgrade_oplock(server, cinode, cfile->oplock_level, |
2731 |
++ cfile->oplock_epoch, &purge_cache); |
2732 |
+ |
2733 |
+ if (!CIFS_CACHE_WRITE(cinode) && CIFS_CACHE_READ(cinode) && |
2734 |
+ cifs_has_mand_locks(cinode)) { |
2735 |
+@@ -3932,18 +3936,21 @@ void cifs_oplock_break(struct work_struct *work) |
2736 |
+ else |
2737 |
+ break_lease(inode, O_WRONLY); |
2738 |
+ rc = filemap_fdatawrite(inode->i_mapping); |
2739 |
+- if (!CIFS_CACHE_READ(cinode)) { |
2740 |
++ if (!CIFS_CACHE_READ(cinode) || purge_cache) { |
2741 |
+ rc = filemap_fdatawait(inode->i_mapping); |
2742 |
+ mapping_set_error(inode->i_mapping, rc); |
2743 |
+ cifs_zap_mapping(inode); |
2744 |
+ } |
2745 |
+ cifs_dbg(FYI, "Oplock flush inode %p rc %d\n", inode, rc); |
2746 |
++ if (CIFS_CACHE_WRITE(cinode)) |
2747 |
++ goto oplock_break_ack; |
2748 |
+ } |
2749 |
+ |
2750 |
+ rc = cifs_push_locks(cfile); |
2751 |
+ if (rc) |
2752 |
+ cifs_dbg(VFS, "Push locks rc = %d\n", rc); |
2753 |
+ |
2754 |
++oplock_break_ack: |
2755 |
+ /* |
2756 |
+ * releasing stale oplock after recent reconnect of smb session using |
2757 |
+ * a now incorrect file handle is not a data integrity issue but do |
2758 |
+diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c |
2759 |
+index 5e75df69062d8..bdf151e949166 100644 |
2760 |
+--- a/fs/cifs/misc.c |
2761 |
++++ b/fs/cifs/misc.c |
2762 |
+@@ -481,21 +481,10 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv) |
2763 |
+ set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, |
2764 |
+ &pCifsInode->flags); |
2765 |
+ |
2766 |
+- /* |
2767 |
+- * Set flag if the server downgrades the oplock |
2768 |
+- * to L2 else clear. |
2769 |
+- */ |
2770 |
+- if (pSMB->OplockLevel) |
2771 |
+- set_bit( |
2772 |
+- CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, |
2773 |
+- &pCifsInode->flags); |
2774 |
+- else |
2775 |
+- clear_bit( |
2776 |
+- CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, |
2777 |
+- &pCifsInode->flags); |
2778 |
+- |
2779 |
+- cifs_queue_oplock_break(netfile); |
2780 |
++ netfile->oplock_epoch = 0; |
2781 |
++ netfile->oplock_level = pSMB->OplockLevel; |
2782 |
+ netfile->oplock_break_cancelled = false; |
2783 |
++ cifs_queue_oplock_break(netfile); |
2784 |
+ |
2785 |
+ spin_unlock(&tcon->open_file_lock); |
2786 |
+ spin_unlock(&cifs_tcp_ses_lock); |
2787 |
+diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c |
2788 |
+index 6f5d78b172bac..9a1f01c2f0209 100644 |
2789 |
+--- a/fs/cifs/smb1ops.c |
2790 |
++++ b/fs/cifs/smb1ops.c |
2791 |
+@@ -378,12 +378,10 @@ coalesce_t2(char *second_buf, struct smb_hdr *target_hdr) |
2792 |
+ |
2793 |
+ static void |
2794 |
+ cifs_downgrade_oplock(struct TCP_Server_Info *server, |
2795 |
+- struct cifsInodeInfo *cinode, bool set_level2) |
2796 |
++ struct cifsInodeInfo *cinode, __u32 oplock, |
2797 |
++ unsigned int epoch, bool *purge_cache) |
2798 |
+ { |
2799 |
+- if (set_level2) |
2800 |
+- cifs_set_oplock_level(cinode, OPLOCK_READ); |
2801 |
+- else |
2802 |
+- cifs_set_oplock_level(cinode, 0); |
2803 |
++ cifs_set_oplock_level(cinode, oplock); |
2804 |
+ } |
2805 |
+ |
2806 |
+ static bool |
2807 |
+diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c |
2808 |
+index 7b7b47e26dbd4..bddb2d7b39824 100644 |
2809 |
+--- a/fs/cifs/smb2misc.c |
2810 |
++++ b/fs/cifs/smb2misc.c |
2811 |
+@@ -491,7 +491,7 @@ smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp, |
2812 |
+ |
2813 |
+ cifs_dbg(FYI, "found in the open list\n"); |
2814 |
+ cifs_dbg(FYI, "lease key match, lease break 0x%x\n", |
2815 |
+- le32_to_cpu(rsp->NewLeaseState)); |
2816 |
++ lease_state); |
2817 |
+ |
2818 |
+ if (ack_req) |
2819 |
+ cfile->oplock_break_cancelled = false; |
2820 |
+@@ -500,17 +500,8 @@ smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp, |
2821 |
+ |
2822 |
+ set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags); |
2823 |
+ |
2824 |
+- /* |
2825 |
+- * Set or clear flags depending on the lease state being READ. |
2826 |
+- * HANDLE caching flag should be added when the client starts |
2827 |
+- * to defer closing remote file handles with HANDLE leases. |
2828 |
+- */ |
2829 |
+- if (lease_state & SMB2_LEASE_READ_CACHING_HE) |
2830 |
+- set_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, |
2831 |
+- &cinode->flags); |
2832 |
+- else |
2833 |
+- clear_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, |
2834 |
+- &cinode->flags); |
2835 |
++ cfile->oplock_epoch = le16_to_cpu(rsp->Epoch); |
2836 |
++ cfile->oplock_level = lease_state; |
2837 |
+ |
2838 |
+ cifs_queue_oplock_break(cfile); |
2839 |
+ kfree(lw); |
2840 |
+@@ -533,7 +524,7 @@ smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp, |
2841 |
+ |
2842 |
+ cifs_dbg(FYI, "found in the pending open list\n"); |
2843 |
+ cifs_dbg(FYI, "lease key match, lease break 0x%x\n", |
2844 |
+- le32_to_cpu(rsp->NewLeaseState)); |
2845 |
++ lease_state); |
2846 |
+ |
2847 |
+ open->oplock = lease_state; |
2848 |
+ } |
2849 |
+@@ -645,18 +636,9 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server) |
2850 |
+ set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, |
2851 |
+ &cinode->flags); |
2852 |
+ |
2853 |
+- /* |
2854 |
+- * Set flag if the server downgrades the oplock |
2855 |
+- * to L2 else clear. |
2856 |
+- */ |
2857 |
+- if (rsp->OplockLevel) |
2858 |
+- set_bit( |
2859 |
+- CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, |
2860 |
+- &cinode->flags); |
2861 |
+- else |
2862 |
+- clear_bit( |
2863 |
+- CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, |
2864 |
+- &cinode->flags); |
2865 |
++ cfile->oplock_epoch = 0; |
2866 |
++ cfile->oplock_level = rsp->OplockLevel; |
2867 |
++ |
2868 |
+ spin_unlock(&cfile->file_info_lock); |
2869 |
+ |
2870 |
+ cifs_queue_oplock_break(cfile); |
2871 |
+diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c |
2872 |
+index edd4c7292be00..67edd6e03f803 100644 |
2873 |
+--- a/fs/cifs/smb2ops.c |
2874 |
++++ b/fs/cifs/smb2ops.c |
2875 |
+@@ -1379,22 +1379,38 @@ static long smb3_fallocate(struct file *file, struct cifs_tcon *tcon, int mode, |
2876 |
+ |
2877 |
+ static void |
2878 |
+ smb2_downgrade_oplock(struct TCP_Server_Info *server, |
2879 |
+- struct cifsInodeInfo *cinode, bool set_level2) |
2880 |
++ struct cifsInodeInfo *cinode, __u32 oplock, |
2881 |
++ unsigned int epoch, bool *purge_cache) |
2882 |
+ { |
2883 |
+- if (set_level2) |
2884 |
+- server->ops->set_oplock_level(cinode, SMB2_OPLOCK_LEVEL_II, |
2885 |
+- 0, NULL); |
2886 |
+- else |
2887 |
+- server->ops->set_oplock_level(cinode, 0, 0, NULL); |
2888 |
++ server->ops->set_oplock_level(cinode, oplock, 0, NULL); |
2889 |
+ } |
2890 |
+ |
2891 |
+ static void |
2892 |
+-smb21_downgrade_oplock(struct TCP_Server_Info *server, |
2893 |
+- struct cifsInodeInfo *cinode, bool set_level2) |
2894 |
++smb21_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock, |
2895 |
++ unsigned int epoch, bool *purge_cache); |
2896 |
++ |
2897 |
++static void |
2898 |
++smb3_downgrade_oplock(struct TCP_Server_Info *server, |
2899 |
++ struct cifsInodeInfo *cinode, __u32 oplock, |
2900 |
++ unsigned int epoch, bool *purge_cache) |
2901 |
+ { |
2902 |
+- server->ops->set_oplock_level(cinode, |
2903 |
+- set_level2 ? SMB2_LEASE_READ_CACHING_HE : |
2904 |
+- 0, 0, NULL); |
2905 |
++ unsigned int old_state = cinode->oplock; |
2906 |
++ unsigned int old_epoch = cinode->epoch; |
2907 |
++ unsigned int new_state; |
2908 |
++ |
2909 |
++ if (epoch > old_epoch) { |
2910 |
++ smb21_set_oplock_level(cinode, oplock, 0, NULL); |
2911 |
++ cinode->epoch = epoch; |
2912 |
++ } |
2913 |
++ |
2914 |
++ new_state = cinode->oplock; |
2915 |
++ *purge_cache = false; |
2916 |
++ |
2917 |
++ if ((old_state & CIFS_CACHE_READ_FLG) != 0 && |
2918 |
++ (new_state & CIFS_CACHE_READ_FLG) == 0) |
2919 |
++ *purge_cache = true; |
2920 |
++ else if (old_state == new_state && (epoch - old_epoch > 1)) |
2921 |
++ *purge_cache = true; |
2922 |
+ } |
2923 |
+ |
2924 |
+ static void |
2925 |
+@@ -1709,7 +1725,7 @@ struct smb_version_operations smb21_operations = { |
2926 |
+ .print_stats = smb2_print_stats, |
2927 |
+ .is_oplock_break = smb2_is_valid_oplock_break, |
2928 |
+ .handle_cancelled_mid = smb2_handle_cancelled_mid, |
2929 |
+- .downgrade_oplock = smb21_downgrade_oplock, |
2930 |
++ .downgrade_oplock = smb2_downgrade_oplock, |
2931 |
+ .need_neg = smb2_need_neg, |
2932 |
+ .negotiate = smb2_negotiate, |
2933 |
+ .negotiate_wsize = smb2_negotiate_wsize, |
2934 |
+@@ -1793,7 +1809,7 @@ struct smb_version_operations smb30_operations = { |
2935 |
+ .dump_share_caps = smb2_dump_share_caps, |
2936 |
+ .is_oplock_break = smb2_is_valid_oplock_break, |
2937 |
+ .handle_cancelled_mid = smb2_handle_cancelled_mid, |
2938 |
+- .downgrade_oplock = smb21_downgrade_oplock, |
2939 |
++ .downgrade_oplock = smb3_downgrade_oplock, |
2940 |
+ .need_neg = smb2_need_neg, |
2941 |
+ .negotiate = smb2_negotiate, |
2942 |
+ .negotiate_wsize = smb2_negotiate_wsize, |
2943 |
+@@ -1883,7 +1899,7 @@ struct smb_version_operations smb311_operations = { |
2944 |
+ .dump_share_caps = smb2_dump_share_caps, |
2945 |
+ .is_oplock_break = smb2_is_valid_oplock_break, |
2946 |
+ .handle_cancelled_mid = smb2_handle_cancelled_mid, |
2947 |
+- .downgrade_oplock = smb21_downgrade_oplock, |
2948 |
++ .downgrade_oplock = smb3_downgrade_oplock, |
2949 |
+ .need_neg = smb2_need_neg, |
2950 |
+ .negotiate = smb2_negotiate, |
2951 |
+ .negotiate_wsize = smb2_negotiate_wsize, |
2952 |
+diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h |
2953 |
+index 1af7afae3ad18..1a0c480745738 100644 |
2954 |
+--- a/fs/cifs/smb2pdu.h |
2955 |
++++ b/fs/cifs/smb2pdu.h |
2956 |
+@@ -1025,7 +1025,7 @@ struct smb2_oplock_break { |
2957 |
+ struct smb2_lease_break { |
2958 |
+ struct smb2_hdr hdr; |
2959 |
+ __le16 StructureSize; /* Must be 44 */ |
2960 |
+- __le16 Reserved; |
2961 |
++ __le16 Epoch; |
2962 |
+ __le32 Flags; |
2963 |
+ __u8 LeaseKey[16]; |
2964 |
+ __le32 CurrentLeaseState; |
2965 |
+diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c |
2966 |
+index b99225e117120..f0129c033bd66 100644 |
2967 |
+--- a/fs/fuse/dev.c |
2968 |
++++ b/fs/fuse/dev.c |
2969 |
+@@ -825,7 +825,6 @@ static int fuse_check_page(struct page *page) |
2970 |
+ { |
2971 |
+ if (page_mapcount(page) || |
2972 |
+ page->mapping != NULL || |
2973 |
+- page_count(page) != 1 || |
2974 |
+ (page->flags & PAGE_FLAGS_CHECK_AT_PREP & |
2975 |
+ ~(1 << PG_locked | |
2976 |
+ 1 << PG_referenced | |
2977 |
+diff --git a/fs/ubifs/io.c b/fs/ubifs/io.c |
2978 |
+index 97be412153328..9213a9e046ae0 100644 |
2979 |
+--- a/fs/ubifs/io.c |
2980 |
++++ b/fs/ubifs/io.c |
2981 |
+@@ -237,7 +237,7 @@ int ubifs_is_mapped(const struct ubifs_info *c, int lnum) |
2982 |
+ int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, |
2983 |
+ int offs, int quiet, int must_chk_crc) |
2984 |
+ { |
2985 |
+- int err = -EINVAL, type, node_len; |
2986 |
++ int err = -EINVAL, type, node_len, dump_node = 1; |
2987 |
+ uint32_t crc, node_crc, magic; |
2988 |
+ const struct ubifs_ch *ch = buf; |
2989 |
+ |
2990 |
+@@ -290,10 +290,22 @@ int ubifs_check_node(const struct ubifs_info *c, const void *buf, int lnum, |
2991 |
+ out_len: |
2992 |
+ if (!quiet) |
2993 |
+ ubifs_err(c, "bad node length %d", node_len); |
2994 |
++ if (type == UBIFS_DATA_NODE && node_len > UBIFS_DATA_NODE_SZ) |
2995 |
++ dump_node = 0; |
2996 |
+ out: |
2997 |
+ if (!quiet) { |
2998 |
+ ubifs_err(c, "bad node at LEB %d:%d", lnum, offs); |
2999 |
+- ubifs_dump_node(c, buf); |
3000 |
++ if (dump_node) { |
3001 |
++ ubifs_dump_node(c, buf); |
3002 |
++ } else { |
3003 |
++ int safe_len = min3(node_len, c->leb_size - offs, |
3004 |
++ (int)UBIFS_MAX_DATA_NODE_SZ); |
3005 |
++ pr_err("\tprevent out-of-bounds memory access\n"); |
3006 |
++ pr_err("\ttruncated data node length %d\n", safe_len); |
3007 |
++ pr_err("\tcorrupted data node:\n"); |
3008 |
++ print_hex_dump(KERN_ERR, "\t", DUMP_PREFIX_OFFSET, 32, 1, |
3009 |
++ buf, safe_len, 0); |
3010 |
++ } |
3011 |
+ dump_stack(); |
3012 |
+ } |
3013 |
+ return err; |
3014 |
+diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c |
3015 |
+index 7b9dd76403bfd..537acde2c497b 100644 |
3016 |
+--- a/fs/xfs/libxfs/xfs_attr_leaf.c |
3017 |
++++ b/fs/xfs/libxfs/xfs_attr_leaf.c |
3018 |
+@@ -1332,7 +1332,9 @@ xfs_attr3_leaf_add_work( |
3019 |
+ for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) { |
3020 |
+ if (ichdr->freemap[i].base == tmp) { |
3021 |
+ ichdr->freemap[i].base += sizeof(xfs_attr_leaf_entry_t); |
3022 |
+- ichdr->freemap[i].size -= sizeof(xfs_attr_leaf_entry_t); |
3023 |
++ ichdr->freemap[i].size -= |
3024 |
++ min_t(uint16_t, ichdr->freemap[i].size, |
3025 |
++ sizeof(xfs_attr_leaf_entry_t)); |
3026 |
+ } |
3027 |
+ } |
3028 |
+ ichdr->usedbytes += xfs_attr_leaf_entsize(leaf, args->index); |
3029 |
+diff --git a/fs/xfs/libxfs/xfs_dir2_node.c b/fs/xfs/libxfs/xfs_dir2_node.c |
3030 |
+index bbd1238852b3c..df7f33e60a4f6 100644 |
3031 |
+--- a/fs/xfs/libxfs/xfs_dir2_node.c |
3032 |
++++ b/fs/xfs/libxfs/xfs_dir2_node.c |
3033 |
+@@ -212,6 +212,7 @@ __xfs_dir3_free_read( |
3034 |
+ xfs_buf_ioerror(*bpp, -EFSCORRUPTED); |
3035 |
+ xfs_verifier_error(*bpp); |
3036 |
+ xfs_trans_brelse(tp, *bpp); |
3037 |
++ *bpp = NULL; |
3038 |
+ return -EFSCORRUPTED; |
3039 |
+ } |
3040 |
+ |
3041 |
+diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h |
3042 |
+index b20a0945b5500..7aea750538840 100644 |
3043 |
+--- a/include/linux/debugfs.h |
3044 |
++++ b/include/linux/debugfs.h |
3045 |
+@@ -77,6 +77,8 @@ static const struct file_operations __fops = { \ |
3046 |
+ .llseek = generic_file_llseek, \ |
3047 |
+ } |
3048 |
+ |
3049 |
++typedef struct vfsmount *(*debugfs_automount_t)(struct dentry *, void *); |
3050 |
++ |
3051 |
+ #if defined(CONFIG_DEBUG_FS) |
3052 |
+ |
3053 |
+ struct dentry *debugfs_create_file(const char *name, umode_t mode, |
3054 |
+@@ -96,7 +98,6 @@ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent); |
3055 |
+ struct dentry *debugfs_create_symlink(const char *name, struct dentry *parent, |
3056 |
+ const char *dest); |
3057 |
+ |
3058 |
+-typedef struct vfsmount *(*debugfs_automount_t)(struct dentry *, void *); |
3059 |
+ struct dentry *debugfs_create_automount(const char *name, |
3060 |
+ struct dentry *parent, |
3061 |
+ debugfs_automount_t f, |
3062 |
+@@ -211,7 +212,7 @@ static inline struct dentry *debugfs_create_symlink(const char *name, |
3063 |
+ |
3064 |
+ static inline struct dentry *debugfs_create_automount(const char *name, |
3065 |
+ struct dentry *parent, |
3066 |
+- struct vfsmount *(*f)(void *), |
3067 |
++ debugfs_automount_t f, |
3068 |
+ void *data) |
3069 |
+ { |
3070 |
+ return ERR_PTR(-ENODEV); |
3071 |
+diff --git a/include/linux/libata.h b/include/linux/libata.h |
3072 |
+index e2dac33eae964..3fabf57fd6e0d 100644 |
3073 |
+--- a/include/linux/libata.h |
3074 |
++++ b/include/linux/libata.h |
3075 |
+@@ -499,6 +499,7 @@ enum hsm_task_states { |
3076 |
+ }; |
3077 |
+ |
3078 |
+ enum ata_completion_errors { |
3079 |
++ AC_ERR_OK = 0, /* no error */ |
3080 |
+ AC_ERR_DEV = (1 << 0), /* device reported error */ |
3081 |
+ AC_ERR_HSM = (1 << 1), /* host state machine violation */ |
3082 |
+ AC_ERR_TIMEOUT = (1 << 2), /* timeout */ |
3083 |
+@@ -903,9 +904,9 @@ struct ata_port_operations { |
3084 |
+ /* |
3085 |
+ * Command execution |
3086 |
+ */ |
3087 |
+- int (*qc_defer)(struct ata_queued_cmd *qc); |
3088 |
+- int (*check_atapi_dma)(struct ata_queued_cmd *qc); |
3089 |
+- void (*qc_prep)(struct ata_queued_cmd *qc); |
3090 |
++ int (*qc_defer)(struct ata_queued_cmd *qc); |
3091 |
++ int (*check_atapi_dma)(struct ata_queued_cmd *qc); |
3092 |
++ enum ata_completion_errors (*qc_prep)(struct ata_queued_cmd *qc); |
3093 |
+ unsigned int (*qc_issue)(struct ata_queued_cmd *qc); |
3094 |
+ bool (*qc_fill_rtf)(struct ata_queued_cmd *qc); |
3095 |
+ |
3096 |
+@@ -1168,7 +1169,7 @@ extern int ata_xfer_mode2shift(unsigned long xfer_mode); |
3097 |
+ extern const char *ata_mode_string(unsigned long xfer_mask); |
3098 |
+ extern unsigned long ata_id_xfermask(const u16 *id); |
3099 |
+ extern int ata_std_qc_defer(struct ata_queued_cmd *qc); |
3100 |
+-extern void ata_noop_qc_prep(struct ata_queued_cmd *qc); |
3101 |
++extern enum ata_completion_errors ata_noop_qc_prep(struct ata_queued_cmd *qc); |
3102 |
+ extern void ata_sg_init(struct ata_queued_cmd *qc, struct scatterlist *sg, |
3103 |
+ unsigned int n_elem); |
3104 |
+ extern unsigned int ata_dev_classify(const struct ata_taskfile *tf); |
3105 |
+@@ -1881,9 +1882,9 @@ extern const struct ata_port_operations ata_bmdma_port_ops; |
3106 |
+ .sg_tablesize = LIBATA_MAX_PRD, \ |
3107 |
+ .dma_boundary = ATA_DMA_BOUNDARY |
3108 |
+ |
3109 |
+-extern void ata_bmdma_qc_prep(struct ata_queued_cmd *qc); |
3110 |
++extern enum ata_completion_errors ata_bmdma_qc_prep(struct ata_queued_cmd *qc); |
3111 |
+ extern unsigned int ata_bmdma_qc_issue(struct ata_queued_cmd *qc); |
3112 |
+-extern void ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc); |
3113 |
++extern enum ata_completion_errors ata_bmdma_dumb_qc_prep(struct ata_queued_cmd *qc); |
3114 |
+ extern unsigned int ata_bmdma_port_intr(struct ata_port *ap, |
3115 |
+ struct ata_queued_cmd *qc); |
3116 |
+ extern irqreturn_t ata_bmdma_interrupt(int irq, void *dev_instance); |
3117 |
+diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h |
3118 |
+index b5b43f94f3116..01b990e4b228a 100644 |
3119 |
+--- a/include/linux/mtd/map.h |
3120 |
++++ b/include/linux/mtd/map.h |
3121 |
+@@ -312,7 +312,7 @@ void map_destroy(struct mtd_info *mtd); |
3122 |
+ ({ \ |
3123 |
+ int i, ret = 1; \ |
3124 |
+ for (i = 0; i < map_words(map); i++) { \ |
3125 |
+- if (((val1).x[i] & (val2).x[i]) != (val2).x[i]) { \ |
3126 |
++ if (((val1).x[i] & (val2).x[i]) != (val3).x[i]) { \ |
3127 |
+ ret = 0; \ |
3128 |
+ break; \ |
3129 |
+ } \ |
3130 |
+diff --git a/include/linux/seqlock.h b/include/linux/seqlock.h |
3131 |
+index ead97654c4e9a..1613fe5c668e1 100644 |
3132 |
+--- a/include/linux/seqlock.h |
3133 |
++++ b/include/linux/seqlock.h |
3134 |
+@@ -242,6 +242,13 @@ static inline void raw_write_seqcount_end(seqcount_t *s) |
3135 |
+ * usual consistency guarantee. It is one wmb cheaper, because we can |
3136 |
+ * collapse the two back-to-back wmb()s. |
3137 |
+ * |
3138 |
++ * Note that, writes surrounding the barrier should be declared atomic (e.g. |
3139 |
++ * via WRITE_ONCE): a) to ensure the writes become visible to other threads |
3140 |
++ * atomically, avoiding compiler optimizations; b) to document which writes are |
3141 |
++ * meant to propagate to the reader critical section. This is necessary because |
3142 |
++ * neither writes before and after the barrier are enclosed in a seq-writer |
3143 |
++ * critical section that would ensure readers are aware of ongoing writes. |
3144 |
++ * |
3145 |
+ * seqcount_t seq; |
3146 |
+ * bool X = true, Y = false; |
3147 |
+ * |
3148 |
+@@ -261,11 +268,11 @@ static inline void raw_write_seqcount_end(seqcount_t *s) |
3149 |
+ * |
3150 |
+ * void write(void) |
3151 |
+ * { |
3152 |
+- * Y = true; |
3153 |
++ * WRITE_ONCE(Y, true); |
3154 |
+ * |
3155 |
+ * raw_write_seqcount_barrier(seq); |
3156 |
+ * |
3157 |
+- * X = false; |
3158 |
++ * WRITE_ONCE(X, false); |
3159 |
+ * } |
3160 |
+ */ |
3161 |
+ static inline void raw_write_seqcount_barrier(seqcount_t *s) |
3162 |
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
3163 |
+index e37112ac332f7..67b798b7115d8 100644 |
3164 |
+--- a/include/linux/skbuff.h |
3165 |
++++ b/include/linux/skbuff.h |
3166 |
+@@ -1549,6 +1549,18 @@ static inline __u32 skb_queue_len(const struct sk_buff_head *list_) |
3167 |
+ return list_->qlen; |
3168 |
+ } |
3169 |
+ |
3170 |
++/** |
3171 |
++ * skb_queue_len_lockless - get queue length |
3172 |
++ * @list_: list to measure |
3173 |
++ * |
3174 |
++ * Return the length of an &sk_buff queue. |
3175 |
++ * This variant can be used in lockless contexts. |
3176 |
++ */ |
3177 |
++static inline __u32 skb_queue_len_lockless(const struct sk_buff_head *list_) |
3178 |
++{ |
3179 |
++ return READ_ONCE(list_->qlen); |
3180 |
++} |
3181 |
++ |
3182 |
+ /** |
3183 |
+ * __skb_queue_head_init - initialize non-spinlock portions of sk_buff_head |
3184 |
+ * @list: queue to initialize |
3185 |
+@@ -1752,7 +1764,7 @@ static inline void __skb_unlink(struct sk_buff *skb, struct sk_buff_head *list) |
3186 |
+ { |
3187 |
+ struct sk_buff *next, *prev; |
3188 |
+ |
3189 |
+- list->qlen--; |
3190 |
++ WRITE_ONCE(list->qlen, list->qlen - 1); |
3191 |
+ next = skb->next; |
3192 |
+ prev = skb->prev; |
3193 |
+ skb->next = skb->prev = NULL; |
3194 |
+@@ -2795,7 +2807,7 @@ static inline int skb_padto(struct sk_buff *skb, unsigned int len) |
3195 |
+ * is untouched. Otherwise it is extended. Returns zero on |
3196 |
+ * success. The skb is freed on error. |
3197 |
+ */ |
3198 |
+-static inline int skb_put_padto(struct sk_buff *skb, unsigned int len) |
3199 |
++static inline int __must_check skb_put_padto(struct sk_buff *skb, unsigned int len) |
3200 |
+ { |
3201 |
+ unsigned int size = skb->len; |
3202 |
+ |
3203 |
+diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c |
3204 |
+index 712469a3103ac..54b30c9bd8b13 100644 |
3205 |
+--- a/kernel/audit_watch.c |
3206 |
++++ b/kernel/audit_watch.c |
3207 |
+@@ -316,8 +316,6 @@ static void audit_update_watch(struct audit_parent *parent, |
3208 |
+ if (oentry->rule.exe) |
3209 |
+ audit_remove_mark(oentry->rule.exe); |
3210 |
+ |
3211 |
+- audit_watch_log_rule_change(r, owatch, "updated_rules"); |
3212 |
+- |
3213 |
+ call_rcu(&oentry->rcu, audit_free_rule_rcu); |
3214 |
+ } |
3215 |
+ |
3216 |
+diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c |
3217 |
+index 8648d7d297081..1253261fdb3ba 100644 |
3218 |
+--- a/kernel/bpf/hashtab.c |
3219 |
++++ b/kernel/bpf/hashtab.c |
3220 |
+@@ -427,15 +427,7 @@ static void htab_elem_free_rcu(struct rcu_head *head) |
3221 |
+ struct htab_elem *l = container_of(head, struct htab_elem, rcu); |
3222 |
+ struct bpf_htab *htab = l->htab; |
3223 |
+ |
3224 |
+- /* must increment bpf_prog_active to avoid kprobe+bpf triggering while |
3225 |
+- * we're calling kfree, otherwise deadlock is possible if kprobes |
3226 |
+- * are placed somewhere inside of slub |
3227 |
+- */ |
3228 |
+- preempt_disable(); |
3229 |
+- __this_cpu_inc(bpf_prog_active); |
3230 |
+ htab_elem_free(htab, l); |
3231 |
+- __this_cpu_dec(bpf_prog_active); |
3232 |
+- preempt_enable(); |
3233 |
+ } |
3234 |
+ |
3235 |
+ static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l) |
3236 |
+diff --git a/kernel/kprobes.c b/kernel/kprobes.c |
3237 |
+index 9aa2dbe6a4568..3938e4670b89b 100644 |
3238 |
+--- a/kernel/kprobes.c |
3239 |
++++ b/kernel/kprobes.c |
3240 |
+@@ -2012,6 +2012,9 @@ static void kill_kprobe(struct kprobe *p) |
3241 |
+ { |
3242 |
+ struct kprobe *kp; |
3243 |
+ |
3244 |
++ if (WARN_ON_ONCE(kprobe_gone(p))) |
3245 |
++ return; |
3246 |
++ |
3247 |
+ p->flags |= KPROBE_FLAG_GONE; |
3248 |
+ if (kprobe_aggrprobe(p)) { |
3249 |
+ /* |
3250 |
+@@ -2032,9 +2035,10 @@ static void kill_kprobe(struct kprobe *p) |
3251 |
+ |
3252 |
+ /* |
3253 |
+ * The module is going away. We should disarm the kprobe which |
3254 |
+- * is using ftrace. |
3255 |
++ * is using ftrace, because ftrace framework is still available at |
3256 |
++ * MODULE_STATE_GOING notification. |
3257 |
+ */ |
3258 |
+- if (kprobe_ftrace(p)) |
3259 |
++ if (kprobe_ftrace(p) && !kprobe_disabled(p) && !kprobes_all_disarmed) |
3260 |
+ disarm_kprobe_ftrace(p); |
3261 |
+ } |
3262 |
+ |
3263 |
+@@ -2154,7 +2158,10 @@ static int kprobes_module_callback(struct notifier_block *nb, |
3264 |
+ mutex_lock(&kprobe_mutex); |
3265 |
+ for (i = 0; i < KPROBE_TABLE_SIZE; i++) { |
3266 |
+ head = &kprobe_table[i]; |
3267 |
+- hlist_for_each_entry_rcu(p, head, hlist) |
3268 |
++ hlist_for_each_entry_rcu(p, head, hlist) { |
3269 |
++ if (kprobe_gone(p)) |
3270 |
++ continue; |
3271 |
++ |
3272 |
+ if (within_module_init((unsigned long)p->addr, mod) || |
3273 |
+ (checkcore && |
3274 |
+ within_module_core((unsigned long)p->addr, mod))) { |
3275 |
+@@ -2165,6 +2172,7 @@ static int kprobes_module_callback(struct notifier_block *nb, |
3276 |
+ */ |
3277 |
+ kill_kprobe(p); |
3278 |
+ } |
3279 |
++ } |
3280 |
+ } |
3281 |
+ mutex_unlock(&kprobe_mutex); |
3282 |
+ return NOTIFY_DONE; |
3283 |
+diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c |
3284 |
+index c1873d325ebda..7acae2f2478d9 100644 |
3285 |
+--- a/kernel/printk/printk.c |
3286 |
++++ b/kernel/printk/printk.c |
3287 |
+@@ -2035,6 +2035,9 @@ static int __init console_setup(char *str) |
3288 |
+ char *s, *options, *brl_options = NULL; |
3289 |
+ int idx; |
3290 |
+ |
3291 |
++ if (str[0] == 0) |
3292 |
++ return 1; |
3293 |
++ |
3294 |
+ if (_braille_console_setup(&str, &brl_options)) |
3295 |
+ return 1; |
3296 |
+ |
3297 |
+diff --git a/kernel/sys.c b/kernel/sys.c |
3298 |
+index 157277cbf83aa..546cdc911dad4 100644 |
3299 |
+--- a/kernel/sys.c |
3300 |
++++ b/kernel/sys.c |
3301 |
+@@ -1183,11 +1183,13 @@ SYSCALL_DEFINE1(uname, struct old_utsname __user *, name) |
3302 |
+ |
3303 |
+ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) |
3304 |
+ { |
3305 |
+- struct oldold_utsname tmp = {}; |
3306 |
++ struct oldold_utsname tmp; |
3307 |
+ |
3308 |
+ if (!name) |
3309 |
+ return -EFAULT; |
3310 |
+ |
3311 |
++ memset(&tmp, 0, sizeof(tmp)); |
3312 |
++ |
3313 |
+ down_read(&uts_sem); |
3314 |
+ memcpy(&tmp.sysname, &utsname()->sysname, __OLD_UTS_LEN); |
3315 |
+ memcpy(&tmp.nodename, &utsname()->nodename, __OLD_UTS_LEN); |
3316 |
+diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c |
3317 |
+index e24e1f0c56906..e21b4d8b72405 100644 |
3318 |
+--- a/kernel/time/timekeeping.c |
3319 |
++++ b/kernel/time/timekeeping.c |
3320 |
+@@ -950,9 +950,8 @@ static int scale64_check_overflow(u64 mult, u64 div, u64 *base) |
3321 |
+ ((int)sizeof(u64)*8 - fls64(mult) < fls64(rem))) |
3322 |
+ return -EOVERFLOW; |
3323 |
+ tmp *= mult; |
3324 |
+- rem *= mult; |
3325 |
+ |
3326 |
+- do_div(rem, div); |
3327 |
++ rem = div64_u64(rem * mult, div); |
3328 |
+ *base = tmp + rem; |
3329 |
+ return 0; |
3330 |
+ } |
3331 |
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
3332 |
+index b2fb25aefb2fc..2388fb50d1885 100644 |
3333 |
+--- a/kernel/trace/trace.c |
3334 |
++++ b/kernel/trace/trace.c |
3335 |
+@@ -2600,6 +2600,9 @@ int trace_array_printk(struct trace_array *tr, |
3336 |
+ if (!(global_trace.trace_flags & TRACE_ITER_PRINTK)) |
3337 |
+ return 0; |
3338 |
+ |
3339 |
++ if (!tr) |
3340 |
++ return -ENOENT; |
3341 |
++ |
3342 |
+ va_start(ap, fmt); |
3343 |
+ ret = trace_array_vprintk(tr, ip, fmt, ap); |
3344 |
+ va_end(ap); |
3345 |
+@@ -7693,7 +7696,7 @@ __init static int tracer_alloc_buffers(void) |
3346 |
+ goto out_free_buffer_mask; |
3347 |
+ |
3348 |
+ /* Only allocate trace_printk buffers if a trace_printk exists */ |
3349 |
+- if (__stop___trace_bprintk_fmt != __start___trace_bprintk_fmt) |
3350 |
++ if (&__stop___trace_bprintk_fmt != &__start___trace_bprintk_fmt) |
3351 |
+ /* Must be called before global_trace.buffer is allocated */ |
3352 |
+ trace_printk_init_buffers(); |
3353 |
+ |
3354 |
+diff --git a/kernel/trace/trace_entries.h b/kernel/trace/trace_entries.h |
3355 |
+index d1cc37e78f997..1430f6bbb1a07 100644 |
3356 |
+--- a/kernel/trace/trace_entries.h |
3357 |
++++ b/kernel/trace/trace_entries.h |
3358 |
+@@ -178,7 +178,7 @@ FTRACE_ENTRY(kernel_stack, stack_entry, |
3359 |
+ |
3360 |
+ F_STRUCT( |
3361 |
+ __field( int, size ) |
3362 |
+- __dynamic_array(unsigned long, caller ) |
3363 |
++ __array( unsigned long, caller, FTRACE_STACK_ENTRIES ) |
3364 |
+ ), |
3365 |
+ |
3366 |
+ F_printk("\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n\t=> (" IP_FMT ")\n" |
3367 |
+diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c |
3368 |
+index af969f753e5e9..5bf072e437c41 100644 |
3369 |
+--- a/kernel/trace/trace_events.c |
3370 |
++++ b/kernel/trace/trace_events.c |
3371 |
+@@ -790,6 +790,8 @@ static int ftrace_set_clr_event(struct trace_array *tr, char *buf, int set) |
3372 |
+ char *event = NULL, *sub = NULL, *match; |
3373 |
+ int ret; |
3374 |
+ |
3375 |
++ if (!tr) |
3376 |
++ return -ENOENT; |
3377 |
+ /* |
3378 |
+ * The buf format can be <subsystem>:<event-name> |
3379 |
+ * *:<event-name> means any event by that name. |
3380 |
+diff --git a/lib/string.c b/lib/string.c |
3381 |
+index 8f1a2a04e22f5..d099762a9bd60 100644 |
3382 |
+--- a/lib/string.c |
3383 |
++++ b/lib/string.c |
3384 |
+@@ -235,6 +235,30 @@ ssize_t strscpy(char *dest, const char *src, size_t count) |
3385 |
+ EXPORT_SYMBOL(strscpy); |
3386 |
+ #endif |
3387 |
+ |
3388 |
++/** |
3389 |
++ * stpcpy - copy a string from src to dest returning a pointer to the new end |
3390 |
++ * of dest, including src's %NUL-terminator. May overrun dest. |
3391 |
++ * @dest: pointer to end of string being copied into. Must be large enough |
3392 |
++ * to receive copy. |
3393 |
++ * @src: pointer to the beginning of string being copied from. Must not overlap |
3394 |
++ * dest. |
3395 |
++ * |
3396 |
++ * stpcpy differs from strcpy in a key way: the return value is a pointer |
3397 |
++ * to the new %NUL-terminating character in @dest. (For strcpy, the return |
3398 |
++ * value is a pointer to the start of @dest). This interface is considered |
3399 |
++ * unsafe as it doesn't perform bounds checking of the inputs. As such it's |
3400 |
++ * not recommended for usage. Instead, its definition is provided in case |
3401 |
++ * the compiler lowers other libcalls to stpcpy. |
3402 |
++ */ |
3403 |
++char *stpcpy(char *__restrict__ dest, const char *__restrict__ src); |
3404 |
++char *stpcpy(char *__restrict__ dest, const char *__restrict__ src) |
3405 |
++{ |
3406 |
++ while ((*dest++ = *src++) != '\0') |
3407 |
++ /* nothing */; |
3408 |
++ return --dest; |
3409 |
++} |
3410 |
++EXPORT_SYMBOL(stpcpy); |
3411 |
++ |
3412 |
+ #ifndef __HAVE_ARCH_STRCAT |
3413 |
+ /** |
3414 |
+ * strcat - Append one %NUL-terminated string to another |
3415 |
+diff --git a/mm/filemap.c b/mm/filemap.c |
3416 |
+index b046d8f147e20..05af91f495f53 100644 |
3417 |
+--- a/mm/filemap.c |
3418 |
++++ b/mm/filemap.c |
3419 |
+@@ -2474,6 +2474,14 @@ filler: |
3420 |
+ unlock_page(page); |
3421 |
+ goto out; |
3422 |
+ } |
3423 |
++ |
3424 |
++ /* |
3425 |
++ * A previous I/O error may have been due to temporary |
3426 |
++ * failures. |
3427 |
++ * Clear page error before actual read, PG_error will be |
3428 |
++ * set again if read page fails. |
3429 |
++ */ |
3430 |
++ ClearPageError(page); |
3431 |
+ goto filler; |
3432 |
+ |
3433 |
+ out: |
3434 |
+diff --git a/mm/mmap.c b/mm/mmap.c |
3435 |
+index 7109f886e739e..7c8815636c482 100644 |
3436 |
+--- a/mm/mmap.c |
3437 |
++++ b/mm/mmap.c |
3438 |
+@@ -2028,6 +2028,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, |
3439 |
+ info.low_limit = mm->mmap_base; |
3440 |
+ info.high_limit = TASK_SIZE; |
3441 |
+ info.align_mask = 0; |
3442 |
++ info.align_offset = 0; |
3443 |
+ return vm_unmapped_area(&info); |
3444 |
+ } |
3445 |
+ #endif |
3446 |
+@@ -2069,6 +2070,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
3447 |
+ info.low_limit = max(PAGE_SIZE, mmap_min_addr); |
3448 |
+ info.high_limit = mm->mmap_base; |
3449 |
+ info.align_mask = 0; |
3450 |
++ info.align_offset = 0; |
3451 |
+ addr = vm_unmapped_area(&info); |
3452 |
+ |
3453 |
+ /* |
3454 |
+diff --git a/mm/pagewalk.c b/mm/pagewalk.c |
3455 |
+index d95341cffc2f6..8d6290502631a 100644 |
3456 |
+--- a/mm/pagewalk.c |
3457 |
++++ b/mm/pagewalk.c |
3458 |
+@@ -14,9 +14,9 @@ static int walk_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end, |
3459 |
+ err = walk->pte_entry(pte, addr, addr + PAGE_SIZE, walk); |
3460 |
+ if (err) |
3461 |
+ break; |
3462 |
+- addr += PAGE_SIZE; |
3463 |
+- if (addr == end) |
3464 |
++ if (addr >= end - PAGE_SIZE) |
3465 |
+ break; |
3466 |
++ addr += PAGE_SIZE; |
3467 |
+ pte++; |
3468 |
+ } |
3469 |
+ |
3470 |
+diff --git a/net/atm/lec.c b/net/atm/lec.c |
3471 |
+index 704892d79bf19..756429c95e859 100644 |
3472 |
+--- a/net/atm/lec.c |
3473 |
++++ b/net/atm/lec.c |
3474 |
+@@ -1290,6 +1290,12 @@ static void lec_arp_clear_vccs(struct lec_arp_table *entry) |
3475 |
+ entry->vcc = NULL; |
3476 |
+ } |
3477 |
+ if (entry->recv_vcc) { |
3478 |
++ struct atm_vcc *vcc = entry->recv_vcc; |
3479 |
++ struct lec_vcc_priv *vpriv = LEC_VCC_PRIV(vcc); |
3480 |
++ |
3481 |
++ kfree(vpriv); |
3482 |
++ vcc->user_back = NULL; |
3483 |
++ |
3484 |
+ entry->recv_vcc->push = entry->old_recv_push; |
3485 |
+ vcc_release_async(entry->recv_vcc, -EPIPE); |
3486 |
+ entry->recv_vcc = NULL; |
3487 |
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c |
3488 |
+index e545b42ab0b98..516c45771d59b 100644 |
3489 |
+--- a/net/batman-adv/bridge_loop_avoidance.c |
3490 |
++++ b/net/batman-adv/bridge_loop_avoidance.c |
3491 |
+@@ -36,6 +36,7 @@ |
3492 |
+ #include <linux/lockdep.h> |
3493 |
+ #include <linux/netdevice.h> |
3494 |
+ #include <linux/netlink.h> |
3495 |
++#include <linux/preempt.h> |
3496 |
+ #include <linux/rculist.h> |
3497 |
+ #include <linux/rcupdate.h> |
3498 |
+ #include <linux/seq_file.h> |
3499 |
+@@ -95,11 +96,12 @@ static inline u32 batadv_choose_claim(const void *data, u32 size) |
3500 |
+ */ |
3501 |
+ static inline u32 batadv_choose_backbone_gw(const void *data, u32 size) |
3502 |
+ { |
3503 |
+- const struct batadv_bla_claim *claim = (struct batadv_bla_claim *)data; |
3504 |
++ const struct batadv_bla_backbone_gw *gw; |
3505 |
+ u32 hash = 0; |
3506 |
+ |
3507 |
+- hash = jhash(&claim->addr, sizeof(claim->addr), hash); |
3508 |
+- hash = jhash(&claim->vid, sizeof(claim->vid), hash); |
3509 |
++ gw = (struct batadv_bla_backbone_gw *)data; |
3510 |
++ hash = jhash(&gw->orig, sizeof(gw->orig), hash); |
3511 |
++ hash = jhash(&gw->vid, sizeof(gw->vid), hash); |
3512 |
+ |
3513 |
+ return hash % size; |
3514 |
+ } |
3515 |
+@@ -1820,7 +1822,7 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3516 |
+ * @bat_priv: the bat priv with all the soft interface information |
3517 |
+ * @skb: the frame to be checked |
3518 |
+ * @vid: the VLAN ID of the frame |
3519 |
+- * @is_bcast: the packet came in a broadcast packet type. |
3520 |
++ * @packet_type: the batman packet type this frame came in |
3521 |
+ * |
3522 |
+ * batadv_bla_rx avoidance checks if: |
3523 |
+ * * we have to race for a claim |
3524 |
+@@ -1832,7 +1834,7 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3525 |
+ * further process the skb. |
3526 |
+ */ |
3527 |
+ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3528 |
+- unsigned short vid, bool is_bcast) |
3529 |
++ unsigned short vid, int packet_type) |
3530 |
+ { |
3531 |
+ struct batadv_bla_backbone_gw *backbone_gw; |
3532 |
+ struct ethhdr *ethhdr; |
3533 |
+@@ -1854,9 +1856,24 @@ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3534 |
+ goto handled; |
3535 |
+ |
3536 |
+ if (unlikely(atomic_read(&bat_priv->bla.num_requests))) |
3537 |
+- /* don't allow broadcasts while requests are in flight */ |
3538 |
+- if (is_multicast_ether_addr(ethhdr->h_dest) && is_bcast) |
3539 |
+- goto handled; |
3540 |
++ /* don't allow multicast packets while requests are in flight */ |
3541 |
++ if (is_multicast_ether_addr(ethhdr->h_dest)) |
3542 |
++ /* Both broadcast flooding or multicast-via-unicasts |
3543 |
++ * delivery might send to multiple backbone gateways |
3544 |
++ * sharing the same LAN and therefore need to coordinate |
3545 |
++ * which backbone gateway forwards into the LAN, |
3546 |
++ * by claiming the payload source address. |
3547 |
++ * |
3548 |
++ * Broadcast flooding and multicast-via-unicasts |
3549 |
++ * delivery use the following two batman packet types. |
3550 |
++ * Note: explicitly exclude BATADV_UNICAST_4ADDR, |
3551 |
++ * as the DHCP gateway feature will send explicitly |
3552 |
++ * to only one BLA gateway, so the claiming process |
3553 |
++ * should be avoided there. |
3554 |
++ */ |
3555 |
++ if (packet_type == BATADV_BCAST || |
3556 |
++ packet_type == BATADV_UNICAST) |
3557 |
++ goto handled; |
3558 |
+ |
3559 |
+ ether_addr_copy(search_claim.addr, ethhdr->h_source); |
3560 |
+ search_claim.vid = vid; |
3561 |
+@@ -1884,13 +1901,14 @@ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3562 |
+ goto allow; |
3563 |
+ } |
3564 |
+ |
3565 |
+- /* if it is a broadcast ... */ |
3566 |
+- if (is_multicast_ether_addr(ethhdr->h_dest) && is_bcast) { |
3567 |
++ /* if it is a multicast ... */ |
3568 |
++ if (is_multicast_ether_addr(ethhdr->h_dest) && |
3569 |
++ (packet_type == BATADV_BCAST || packet_type == BATADV_UNICAST)) { |
3570 |
+ /* ... drop it. the responsible gateway is in charge. |
3571 |
+ * |
3572 |
+- * We need to check is_bcast because with the gateway |
3573 |
++ * We need to check packet type because with the gateway |
3574 |
+ * feature, broadcasts (like DHCP requests) may be sent |
3575 |
+- * using a unicast packet type. |
3576 |
++ * using a unicast 4 address packet type. See comment above. |
3577 |
+ */ |
3578 |
+ goto handled; |
3579 |
+ } else { |
3580 |
+diff --git a/net/batman-adv/bridge_loop_avoidance.h b/net/batman-adv/bridge_loop_avoidance.h |
3581 |
+index 1ae93e46fb984..40b8ec9d4b1b5 100644 |
3582 |
+--- a/net/batman-adv/bridge_loop_avoidance.h |
3583 |
++++ b/net/batman-adv/bridge_loop_avoidance.h |
3584 |
+@@ -29,7 +29,7 @@ struct sk_buff; |
3585 |
+ |
3586 |
+ #ifdef CONFIG_BATMAN_ADV_BLA |
3587 |
+ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3588 |
+- unsigned short vid, bool is_bcast); |
3589 |
++ unsigned short vid, int packet_type); |
3590 |
+ bool batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, |
3591 |
+ unsigned short vid); |
3592 |
+ bool batadv_bla_is_backbone_gw(struct sk_buff *skb, |
3593 |
+@@ -56,7 +56,7 @@ int batadv_bla_claim_dump(struct sk_buff *msg, struct netlink_callback *cb); |
3594 |
+ |
3595 |
+ static inline bool batadv_bla_rx(struct batadv_priv *bat_priv, |
3596 |
+ struct sk_buff *skb, unsigned short vid, |
3597 |
+- bool is_bcast) |
3598 |
++ int packet_type) |
3599 |
+ { |
3600 |
+ return false; |
3601 |
+ } |
3602 |
+diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c |
3603 |
+index 19059ae26e519..1ba205c3ea9fa 100644 |
3604 |
+--- a/net/batman-adv/routing.c |
3605 |
++++ b/net/batman-adv/routing.c |
3606 |
+@@ -803,6 +803,10 @@ static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv, |
3607 |
+ vid = batadv_get_vid(skb, hdr_len); |
3608 |
+ ethhdr = (struct ethhdr *)(skb->data + hdr_len); |
3609 |
+ |
3610 |
++ /* do not reroute multicast frames in a unicast header */ |
3611 |
++ if (is_multicast_ether_addr(ethhdr->h_dest)) |
3612 |
++ return true; |
3613 |
++ |
3614 |
+ /* check if the destination client was served by this node and it is now |
3615 |
+ * roaming. In this case, it means that the node has got a ROAM_ADV |
3616 |
+ * message and that it knows the new destination in the mesh to re-route |
3617 |
+diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c |
3618 |
+index 99d2c453c8722..af0a8439cf08a 100644 |
3619 |
+--- a/net/batman-adv/soft-interface.c |
3620 |
++++ b/net/batman-adv/soft-interface.c |
3621 |
+@@ -415,10 +415,10 @@ void batadv_interface_rx(struct net_device *soft_iface, |
3622 |
+ struct vlan_ethhdr *vhdr; |
3623 |
+ struct ethhdr *ethhdr; |
3624 |
+ unsigned short vid; |
3625 |
+- bool is_bcast; |
3626 |
++ int packet_type; |
3627 |
+ |
3628 |
+ batadv_bcast_packet = (struct batadv_bcast_packet *)skb->data; |
3629 |
+- is_bcast = (batadv_bcast_packet->packet_type == BATADV_BCAST); |
3630 |
++ packet_type = batadv_bcast_packet->packet_type; |
3631 |
+ |
3632 |
+ skb_pull_rcsum(skb, hdr_size); |
3633 |
+ skb_reset_mac_header(skb); |
3634 |
+@@ -463,7 +463,7 @@ void batadv_interface_rx(struct net_device *soft_iface, |
3635 |
+ /* Let the bridge loop avoidance check the packet. If will |
3636 |
+ * not handle it, we can safely push it up. |
3637 |
+ */ |
3638 |
+- if (batadv_bla_rx(bat_priv, skb, vid, is_bcast)) |
3639 |
++ if (batadv_bla_rx(bat_priv, skb, vid, packet_type)) |
3640 |
+ goto out; |
3641 |
+ |
3642 |
+ if (orig_node) |
3643 |
+diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c |
3644 |
+index 757977c54d9ef..d6da119f5082e 100644 |
3645 |
+--- a/net/bluetooth/hci_event.c |
3646 |
++++ b/net/bluetooth/hci_event.c |
3647 |
+@@ -41,12 +41,27 @@ |
3648 |
+ |
3649 |
+ /* Handle HCI Event packets */ |
3650 |
+ |
3651 |
+-static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb) |
3652 |
++static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb, |
3653 |
++ u8 *new_status) |
3654 |
+ { |
3655 |
+ __u8 status = *((__u8 *) skb->data); |
3656 |
+ |
3657 |
+ BT_DBG("%s status 0x%2.2x", hdev->name, status); |
3658 |
+ |
3659 |
++ /* It is possible that we receive Inquiry Complete event right |
3660 |
++ * before we receive Inquiry Cancel Command Complete event, in |
3661 |
++ * which case the latter event should have status of Command |
3662 |
++ * Disallowed (0x0c). This should not be treated as error, since |
3663 |
++ * we actually achieve what Inquiry Cancel wants to achieve, |
3664 |
++ * which is to end the last Inquiry session. |
3665 |
++ */ |
3666 |
++ if (status == 0x0c && !test_bit(HCI_INQUIRY, &hdev->flags)) { |
3667 |
++ bt_dev_warn(hdev, "Ignoring error of Inquiry Cancel command"); |
3668 |
++ status = 0x00; |
3669 |
++ } |
3670 |
++ |
3671 |
++ *new_status = status; |
3672 |
++ |
3673 |
+ if (status) |
3674 |
+ return; |
3675 |
+ |
3676 |
+@@ -2772,7 +2787,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb, |
3677 |
+ |
3678 |
+ switch (*opcode) { |
3679 |
+ case HCI_OP_INQUIRY_CANCEL: |
3680 |
+- hci_cc_inquiry_cancel(hdev, skb); |
3681 |
++ hci_cc_inquiry_cancel(hdev, skb, status); |
3682 |
+ break; |
3683 |
+ |
3684 |
+ case HCI_OP_PERIODIC_INQ: |
3685 |
+@@ -5257,6 +5272,11 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) |
3686 |
+ u8 status = 0, event = hdr->evt, req_evt = 0; |
3687 |
+ u16 opcode = HCI_OP_NOP; |
3688 |
+ |
3689 |
++ if (!event) { |
3690 |
++ bt_dev_warn(hdev, "Received unexpected HCI Event 00000000"); |
3691 |
++ goto done; |
3692 |
++ } |
3693 |
++ |
3694 |
+ if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->hci.req_event == event) { |
3695 |
+ struct hci_command_hdr *cmd_hdr = (void *) hdev->sent_cmd->data; |
3696 |
+ opcode = __le16_to_cpu(cmd_hdr->opcode); |
3697 |
+@@ -5468,6 +5488,7 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb) |
3698 |
+ req_complete_skb(hdev, status, opcode, orig_skb); |
3699 |
+ } |
3700 |
+ |
3701 |
++done: |
3702 |
+ kfree_skb(orig_skb); |
3703 |
+ kfree_skb(skb); |
3704 |
+ hdev->stat.evt_rx++; |
3705 |
+diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
3706 |
+index 11012a5090708..5e3f5c1ba07d6 100644 |
3707 |
+--- a/net/bluetooth/l2cap_core.c |
3708 |
++++ b/net/bluetooth/l2cap_core.c |
3709 |
+@@ -414,6 +414,9 @@ static void l2cap_chan_timeout(struct work_struct *work) |
3710 |
+ BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); |
3711 |
+ |
3712 |
+ mutex_lock(&conn->chan_lock); |
3713 |
++ /* __set_chan_timer() calls l2cap_chan_hold(chan) while scheduling |
3714 |
++ * this work. No need to call l2cap_chan_hold(chan) here again. |
3715 |
++ */ |
3716 |
+ l2cap_chan_lock(chan); |
3717 |
+ |
3718 |
+ if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) |
3719 |
+@@ -426,12 +429,12 @@ static void l2cap_chan_timeout(struct work_struct *work) |
3720 |
+ |
3721 |
+ l2cap_chan_close(chan, reason); |
3722 |
+ |
3723 |
+- l2cap_chan_unlock(chan); |
3724 |
+- |
3725 |
+ chan->ops->close(chan); |
3726 |
+- mutex_unlock(&conn->chan_lock); |
3727 |
+ |
3728 |
++ l2cap_chan_unlock(chan); |
3729 |
+ l2cap_chan_put(chan); |
3730 |
++ |
3731 |
++ mutex_unlock(&conn->chan_lock); |
3732 |
+ } |
3733 |
+ |
3734 |
+ struct l2cap_chan *l2cap_chan_create(void) |
3735 |
+@@ -1725,9 +1728,9 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err) |
3736 |
+ |
3737 |
+ l2cap_chan_del(chan, err); |
3738 |
+ |
3739 |
+- l2cap_chan_unlock(chan); |
3740 |
+- |
3741 |
+ chan->ops->close(chan); |
3742 |
++ |
3743 |
++ l2cap_chan_unlock(chan); |
3744 |
+ l2cap_chan_put(chan); |
3745 |
+ } |
3746 |
+ |
3747 |
+@@ -4104,7 +4107,8 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, |
3748 |
+ return 0; |
3749 |
+ } |
3750 |
+ |
3751 |
+- if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2) { |
3752 |
++ if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2 && |
3753 |
++ chan->state != BT_CONNECTED) { |
3754 |
+ cmd_reject_invalid_cid(conn, cmd->ident, chan->scid, |
3755 |
+ chan->dcid); |
3756 |
+ goto unlock; |
3757 |
+@@ -4327,6 +4331,7 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, |
3758 |
+ return 0; |
3759 |
+ } |
3760 |
+ |
3761 |
++ l2cap_chan_hold(chan); |
3762 |
+ l2cap_chan_lock(chan); |
3763 |
+ |
3764 |
+ rsp.dcid = cpu_to_le16(chan->scid); |
3765 |
+@@ -4335,12 +4340,11 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, |
3766 |
+ |
3767 |
+ chan->ops->set_shutdown(chan); |
3768 |
+ |
3769 |
+- l2cap_chan_hold(chan); |
3770 |
+ l2cap_chan_del(chan, ECONNRESET); |
3771 |
+ |
3772 |
+- l2cap_chan_unlock(chan); |
3773 |
+- |
3774 |
+ chan->ops->close(chan); |
3775 |
++ |
3776 |
++ l2cap_chan_unlock(chan); |
3777 |
+ l2cap_chan_put(chan); |
3778 |
+ |
3779 |
+ mutex_unlock(&conn->chan_lock); |
3780 |
+@@ -4372,20 +4376,21 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, |
3781 |
+ return 0; |
3782 |
+ } |
3783 |
+ |
3784 |
++ l2cap_chan_hold(chan); |
3785 |
+ l2cap_chan_lock(chan); |
3786 |
+ |
3787 |
+ if (chan->state != BT_DISCONN) { |
3788 |
+ l2cap_chan_unlock(chan); |
3789 |
++ l2cap_chan_put(chan); |
3790 |
+ mutex_unlock(&conn->chan_lock); |
3791 |
+ return 0; |
3792 |
+ } |
3793 |
+ |
3794 |
+- l2cap_chan_hold(chan); |
3795 |
+ l2cap_chan_del(chan, 0); |
3796 |
+ |
3797 |
+- l2cap_chan_unlock(chan); |
3798 |
+- |
3799 |
+ chan->ops->close(chan); |
3800 |
++ |
3801 |
++ l2cap_chan_unlock(chan); |
3802 |
+ l2cap_chan_put(chan); |
3803 |
+ |
3804 |
+ mutex_unlock(&conn->chan_lock); |
3805 |
+diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c |
3806 |
+index a8ba752732c98..bbf08c6092f4a 100644 |
3807 |
+--- a/net/bluetooth/l2cap_sock.c |
3808 |
++++ b/net/bluetooth/l2cap_sock.c |
3809 |
+@@ -1038,7 +1038,7 @@ done: |
3810 |
+ } |
3811 |
+ |
3812 |
+ /* Kill socket (only if zapped and orphan) |
3813 |
+- * Must be called on unlocked socket. |
3814 |
++ * Must be called on unlocked socket, with l2cap channel lock. |
3815 |
+ */ |
3816 |
+ static void l2cap_sock_kill(struct sock *sk) |
3817 |
+ { |
3818 |
+@@ -1189,6 +1189,7 @@ static int l2cap_sock_release(struct socket *sock) |
3819 |
+ { |
3820 |
+ struct sock *sk = sock->sk; |
3821 |
+ int err; |
3822 |
++ struct l2cap_chan *chan; |
3823 |
+ |
3824 |
+ BT_DBG("sock %p, sk %p", sock, sk); |
3825 |
+ |
3826 |
+@@ -1198,9 +1199,17 @@ static int l2cap_sock_release(struct socket *sock) |
3827 |
+ bt_sock_unlink(&l2cap_sk_list, sk); |
3828 |
+ |
3829 |
+ err = l2cap_sock_shutdown(sock, 2); |
3830 |
++ chan = l2cap_pi(sk)->chan; |
3831 |
++ |
3832 |
++ l2cap_chan_hold(chan); |
3833 |
++ l2cap_chan_lock(chan); |
3834 |
+ |
3835 |
+ sock_orphan(sk); |
3836 |
+ l2cap_sock_kill(sk); |
3837 |
++ |
3838 |
++ l2cap_chan_unlock(chan); |
3839 |
++ l2cap_chan_put(chan); |
3840 |
++ |
3841 |
+ return err; |
3842 |
+ } |
3843 |
+ |
3844 |
+@@ -1218,12 +1227,15 @@ static void l2cap_sock_cleanup_listen(struct sock *parent) |
3845 |
+ BT_DBG("child chan %p state %s", chan, |
3846 |
+ state_to_string(chan->state)); |
3847 |
+ |
3848 |
++ l2cap_chan_hold(chan); |
3849 |
+ l2cap_chan_lock(chan); |
3850 |
++ |
3851 |
+ __clear_chan_timer(chan); |
3852 |
+ l2cap_chan_close(chan, ECONNRESET); |
3853 |
+- l2cap_chan_unlock(chan); |
3854 |
+- |
3855 |
+ l2cap_sock_kill(sk); |
3856 |
++ |
3857 |
++ l2cap_chan_unlock(chan); |
3858 |
++ l2cap_chan_put(chan); |
3859 |
+ } |
3860 |
+ } |
3861 |
+ |
3862 |
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c |
3863 |
+index 6578d1f8e6c4a..d267dc04d9f74 100644 |
3864 |
+--- a/net/core/neighbour.c |
3865 |
++++ b/net/core/neighbour.c |
3866 |
+@@ -2797,6 +2797,7 @@ static void *neigh_stat_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
3867 |
+ *pos = cpu+1; |
3868 |
+ return per_cpu_ptr(tbl->stats, cpu); |
3869 |
+ } |
3870 |
++ (*pos)++; |
3871 |
+ return NULL; |
3872 |
+ } |
3873 |
+ |
3874 |
+diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c |
3875 |
+index aead5ac4dbf68..ea07c91ab3488 100644 |
3876 |
+--- a/net/hsr/hsr_device.c |
3877 |
++++ b/net/hsr/hsr_device.c |
3878 |
+@@ -315,7 +315,8 @@ static void send_hsr_supervision_frame(struct hsr_port *master, |
3879 |
+ hsr_sp = (typeof(hsr_sp)) skb_put(skb, sizeof(struct hsr_sup_payload)); |
3880 |
+ ether_addr_copy(hsr_sp->MacAddressA, master->dev->dev_addr); |
3881 |
+ |
3882 |
+- skb_put_padto(skb, ETH_ZLEN + HSR_HLEN); |
3883 |
++ if (skb_put_padto(skb, ETH_ZLEN + HSR_HLEN)) |
3884 |
++ return; |
3885 |
+ |
3886 |
+ hsr_forward_skb(skb, master); |
3887 |
+ return; |
3888 |
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c |
3889 |
+index 4f3decbe6a3a5..c37e9598262e5 100644 |
3890 |
+--- a/net/ipv4/ip_output.c |
3891 |
++++ b/net/ipv4/ip_output.c |
3892 |
+@@ -73,6 +73,7 @@ |
3893 |
+ #include <net/icmp.h> |
3894 |
+ #include <net/checksum.h> |
3895 |
+ #include <net/inetpeer.h> |
3896 |
++#include <net/inet_ecn.h> |
3897 |
+ #include <net/lwtunnel.h> |
3898 |
+ #include <linux/igmp.h> |
3899 |
+ #include <linux/netfilter_ipv4.h> |
3900 |
+@@ -1611,7 +1612,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb, |
3901 |
+ if (IS_ERR(rt)) |
3902 |
+ return; |
3903 |
+ |
3904 |
+- inet_sk(sk)->tos = arg->tos; |
3905 |
++ inet_sk(sk)->tos = arg->tos & ~INET_ECN_MASK; |
3906 |
+ |
3907 |
+ sk->sk_priority = skb->priority; |
3908 |
+ sk->sk_protocol = ip_hdr(skb)->protocol; |
3909 |
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
3910 |
+index c8c51bd2d695b..e9aae4686536a 100644 |
3911 |
+--- a/net/ipv4/route.c |
3912 |
++++ b/net/ipv4/route.c |
3913 |
+@@ -271,6 +271,7 @@ static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
3914 |
+ *pos = cpu+1; |
3915 |
+ return &per_cpu(rt_cache_stat, cpu); |
3916 |
+ } |
3917 |
++ (*pos)++; |
3918 |
+ return NULL; |
3919 |
+ |
3920 |
+ } |
3921 |
+diff --git a/net/key/af_key.c b/net/key/af_key.c |
3922 |
+index d2ec620319d76..76a008b1cbe5f 100644 |
3923 |
+--- a/net/key/af_key.c |
3924 |
++++ b/net/key/af_key.c |
3925 |
+@@ -1873,6 +1873,13 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_ms |
3926 |
+ if (ext_hdrs[SADB_X_EXT_FILTER - 1]) { |
3927 |
+ struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1]; |
3928 |
+ |
3929 |
++ if ((xfilter->sadb_x_filter_splen >= |
3930 |
++ (sizeof(xfrm_address_t) << 3)) || |
3931 |
++ (xfilter->sadb_x_filter_dplen >= |
3932 |
++ (sizeof(xfrm_address_t) << 3))) { |
3933 |
++ mutex_unlock(&pfk->dump_lock); |
3934 |
++ return -EINVAL; |
3935 |
++ } |
3936 |
+ filter = kmalloc(sizeof(*filter), GFP_KERNEL); |
3937 |
+ if (filter == NULL) { |
3938 |
+ mutex_unlock(&pfk->dump_lock); |
3939 |
+diff --git a/net/mac802154/tx.c b/net/mac802154/tx.c |
3940 |
+index bcd1a5e6ebf42..2f873a0dc5836 100644 |
3941 |
+--- a/net/mac802154/tx.c |
3942 |
++++ b/net/mac802154/tx.c |
3943 |
+@@ -42,11 +42,11 @@ void ieee802154_xmit_worker(struct work_struct *work) |
3944 |
+ if (res) |
3945 |
+ goto err_tx; |
3946 |
+ |
3947 |
+- ieee802154_xmit_complete(&local->hw, skb, false); |
3948 |
+- |
3949 |
+ dev->stats.tx_packets++; |
3950 |
+ dev->stats.tx_bytes += skb->len; |
3951 |
+ |
3952 |
++ ieee802154_xmit_complete(&local->hw, skb, false); |
3953 |
++ |
3954 |
+ return; |
3955 |
+ |
3956 |
+ err_tx: |
3957 |
+@@ -86,6 +86,8 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) |
3958 |
+ |
3959 |
+ /* async is priority, otherwise sync is fallback */ |
3960 |
+ if (local->ops->xmit_async) { |
3961 |
++ unsigned int len = skb->len; |
3962 |
++ |
3963 |
+ ret = drv_xmit_async(local, skb); |
3964 |
+ if (ret) { |
3965 |
+ ieee802154_wake_queue(&local->hw); |
3966 |
+@@ -93,7 +95,7 @@ ieee802154_tx(struct ieee802154_local *local, struct sk_buff *skb) |
3967 |
+ } |
3968 |
+ |
3969 |
+ dev->stats.tx_packets++; |
3970 |
+- dev->stats.tx_bytes += skb->len; |
3971 |
++ dev->stats.tx_bytes += len; |
3972 |
+ } else { |
3973 |
+ local->tx_skb = skb; |
3974 |
+ queue_work(local->workqueue, &local->tx_work); |
3975 |
+diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c |
3976 |
+index 42ce3ed216376..56e4ac8e2e994 100644 |
3977 |
+--- a/net/sunrpc/svc_xprt.c |
3978 |
++++ b/net/sunrpc/svc_xprt.c |
3979 |
+@@ -103,8 +103,17 @@ void svc_unreg_xprt_class(struct svc_xprt_class *xcl) |
3980 |
+ } |
3981 |
+ EXPORT_SYMBOL_GPL(svc_unreg_xprt_class); |
3982 |
+ |
3983 |
+-/* |
3984 |
+- * Format the transport list for printing |
3985 |
++/** |
3986 |
++ * svc_print_xprts - Format the transport list for printing |
3987 |
++ * @buf: target buffer for formatted address |
3988 |
++ * @maxlen: length of target buffer |
3989 |
++ * |
3990 |
++ * Fills in @buf with a string containing a list of transport names, each name |
3991 |
++ * terminated with '\n'. If the buffer is too small, some entries may be |
3992 |
++ * missing, but it is guaranteed that all lines in the output buffer are |
3993 |
++ * complete. |
3994 |
++ * |
3995 |
++ * Returns positive length of the filled-in string. |
3996 |
+ */ |
3997 |
+ int svc_print_xprts(char *buf, int maxlen) |
3998 |
+ { |
3999 |
+@@ -117,9 +126,9 @@ int svc_print_xprts(char *buf, int maxlen) |
4000 |
+ list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) { |
4001 |
+ int slen; |
4002 |
+ |
4003 |
+- sprintf(tmpstr, "%s %d\n", xcl->xcl_name, xcl->xcl_max_payload); |
4004 |
+- slen = strlen(tmpstr); |
4005 |
+- if (len + slen > maxlen) |
4006 |
++ slen = snprintf(tmpstr, sizeof(tmpstr), "%s %d\n", |
4007 |
++ xcl->xcl_name, xcl->xcl_max_payload); |
4008 |
++ if (slen >= sizeof(tmpstr) || len + slen >= maxlen) |
4009 |
+ break; |
4010 |
+ len += slen; |
4011 |
+ strcat(buf, tmpstr); |
4012 |
+diff --git a/net/sunrpc/xprtrdma/svc_rdma_backchannel.c b/net/sunrpc/xprtrdma/svc_rdma_backchannel.c |
4013 |
+index 6035c5a380a6b..b3d48c6243c80 100644 |
4014 |
+--- a/net/sunrpc/xprtrdma/svc_rdma_backchannel.c |
4015 |
++++ b/net/sunrpc/xprtrdma/svc_rdma_backchannel.c |
4016 |
+@@ -277,6 +277,7 @@ xprt_rdma_bc_put(struct rpc_xprt *xprt) |
4017 |
+ { |
4018 |
+ dprintk("svcrdma: %s: xprt %p\n", __func__, xprt); |
4019 |
+ |
4020 |
++ xprt_rdma_free_addresses(xprt); |
4021 |
+ xprt_free(xprt); |
4022 |
+ module_put(THIS_MODULE); |
4023 |
+ } |
4024 |
+diff --git a/net/tipc/msg.c b/net/tipc/msg.c |
4025 |
+index 912f1fb97c06d..ea554756a786d 100644 |
4026 |
+--- a/net/tipc/msg.c |
4027 |
++++ b/net/tipc/msg.c |
4028 |
+@@ -140,7 +140,8 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf) |
4029 |
+ if (fragid == FIRST_FRAGMENT) { |
4030 |
+ if (unlikely(head)) |
4031 |
+ goto err; |
4032 |
+- if (unlikely(skb_unclone(frag, GFP_ATOMIC))) |
4033 |
++ frag = skb_unshare(frag, GFP_ATOMIC); |
4034 |
++ if (unlikely(!frag)) |
4035 |
+ goto err; |
4036 |
+ head = *headbuf = frag; |
4037 |
+ *buf = NULL; |
4038 |
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c |
4039 |
+index 32ae82a5596d9..bcd6ed6e7e25c 100644 |
4040 |
+--- a/net/unix/af_unix.c |
4041 |
++++ b/net/unix/af_unix.c |
4042 |
+@@ -191,11 +191,17 @@ static inline int unix_may_send(struct sock *sk, struct sock *osk) |
4043 |
+ return unix_peer(osk) == NULL || unix_our_peer(sk, osk); |
4044 |
+ } |
4045 |
+ |
4046 |
+-static inline int unix_recvq_full(struct sock const *sk) |
4047 |
++static inline int unix_recvq_full(const struct sock *sk) |
4048 |
+ { |
4049 |
+ return skb_queue_len(&sk->sk_receive_queue) > sk->sk_max_ack_backlog; |
4050 |
+ } |
4051 |
+ |
4052 |
++static inline int unix_recvq_full_lockless(const struct sock *sk) |
4053 |
++{ |
4054 |
++ return skb_queue_len_lockless(&sk->sk_receive_queue) > |
4055 |
++ READ_ONCE(sk->sk_max_ack_backlog); |
4056 |
++} |
4057 |
++ |
4058 |
+ struct sock *unix_peer_get(struct sock *s) |
4059 |
+ { |
4060 |
+ struct sock *peer; |
4061 |
+@@ -1793,7 +1799,8 @@ restart_locked: |
4062 |
+ * - unix_peer(sk) == sk by time of get but disconnected before lock |
4063 |
+ */ |
4064 |
+ if (other != sk && |
4065 |
+- unlikely(unix_peer(other) != sk && unix_recvq_full(other))) { |
4066 |
++ unlikely(unix_peer(other) != sk && |
4067 |
++ unix_recvq_full_lockless(other))) { |
4068 |
+ if (timeo) { |
4069 |
+ timeo = unix_wait_for_peer(other, timeo); |
4070 |
+ |
4071 |
+diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c |
4072 |
+index 72c145dd799f1..ef1226c1c3add 100644 |
4073 |
+--- a/security/selinux/selinuxfs.c |
4074 |
++++ b/security/selinux/selinuxfs.c |
4075 |
+@@ -1416,6 +1416,7 @@ static struct avc_cache_stats *sel_avc_get_stat_idx(loff_t *idx) |
4076 |
+ *idx = cpu + 1; |
4077 |
+ return &per_cpu(avc_cache_stats, cpu); |
4078 |
+ } |
4079 |
++ (*idx)++; |
4080 |
+ return NULL; |
4081 |
+ } |
4082 |
+ |
4083 |
+diff --git a/sound/hda/hdac_bus.c b/sound/hda/hdac_bus.c |
4084 |
+index 0e81ea89a5965..e3f68a76d90eb 100644 |
4085 |
+--- a/sound/hda/hdac_bus.c |
4086 |
++++ b/sound/hda/hdac_bus.c |
4087 |
+@@ -155,6 +155,7 @@ static void process_unsol_events(struct work_struct *work) |
4088 |
+ struct hdac_driver *drv; |
4089 |
+ unsigned int rp, caddr, res; |
4090 |
+ |
4091 |
++ spin_lock_irq(&bus->reg_lock); |
4092 |
+ while (bus->unsol_rp != bus->unsol_wp) { |
4093 |
+ rp = (bus->unsol_rp + 1) % HDA_UNSOL_QUEUE_SIZE; |
4094 |
+ bus->unsol_rp = rp; |
4095 |
+@@ -166,10 +167,13 @@ static void process_unsol_events(struct work_struct *work) |
4096 |
+ codec = bus->caddr_tbl[caddr & 0x0f]; |
4097 |
+ if (!codec || !codec->dev.driver) |
4098 |
+ continue; |
4099 |
++ spin_unlock_irq(&bus->reg_lock); |
4100 |
+ drv = drv_to_hdac_driver(codec->dev.driver); |
4101 |
+ if (drv->unsol_event) |
4102 |
+ drv->unsol_event(codec, res); |
4103 |
++ spin_lock_irq(&bus->reg_lock); |
4104 |
+ } |
4105 |
++ spin_unlock_irq(&bus->reg_lock); |
4106 |
+ } |
4107 |
+ |
4108 |
+ /** |
4109 |
+diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c |
4110 |
+index 3ef9af53ef497..0d5ff00cdabca 100644 |
4111 |
+--- a/sound/pci/asihpi/hpioctl.c |
4112 |
++++ b/sound/pci/asihpi/hpioctl.c |
4113 |
+@@ -346,7 +346,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev, |
4114 |
+ struct hpi_message hm; |
4115 |
+ struct hpi_response hr; |
4116 |
+ struct hpi_adapter adapter; |
4117 |
+- struct hpi_pci pci; |
4118 |
++ struct hpi_pci pci = { 0 }; |
4119 |
+ |
4120 |
+ memset(&adapter, 0, sizeof(adapter)); |
4121 |
+ |
4122 |
+@@ -502,7 +502,7 @@ int asihpi_adapter_probe(struct pci_dev *pci_dev, |
4123 |
+ return 0; |
4124 |
+ |
4125 |
+ err: |
4126 |
+- for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) { |
4127 |
++ while (--idx >= 0) { |
4128 |
+ if (pci.ap_mem_base[idx]) { |
4129 |
+ iounmap(pci.ap_mem_base[idx]); |
4130 |
+ pci.ap_mem_base[idx] = NULL; |
4131 |
+diff --git a/sound/pci/hda/hda_controller.c b/sound/pci/hda/hda_controller.c |
4132 |
+index bd0e4710d15d7..79043b481d7b6 100644 |
4133 |
+--- a/sound/pci/hda/hda_controller.c |
4134 |
++++ b/sound/pci/hda/hda_controller.c |
4135 |
+@@ -1158,16 +1158,23 @@ irqreturn_t azx_interrupt(int irq, void *dev_id) |
4136 |
+ if (snd_hdac_bus_handle_stream_irq(bus, status, stream_update)) |
4137 |
+ active = true; |
4138 |
+ |
4139 |
+- /* clear rirb int */ |
4140 |
+ status = azx_readb(chip, RIRBSTS); |
4141 |
+ if (status & RIRB_INT_MASK) { |
4142 |
++ /* |
4143 |
++ * Clearing the interrupt status here ensures that no |
4144 |
++ * interrupt gets masked after the RIRB wp is read in |
4145 |
++ * snd_hdac_bus_update_rirb. This avoids a possible |
4146 |
++ * race condition where codec response in RIRB may |
4147 |
++ * remain unserviced by IRQ, eventually falling back |
4148 |
++ * to polling mode in azx_rirb_get_response. |
4149 |
++ */ |
4150 |
++ azx_writeb(chip, RIRBSTS, RIRB_INT_MASK); |
4151 |
+ active = true; |
4152 |
+ if (status & RIRB_INT_RESPONSE) { |
4153 |
+ if (chip->driver_caps & AZX_DCAPS_CTX_WORKAROUND) |
4154 |
+ udelay(80); |
4155 |
+ snd_hdac_bus_update_rirb(bus); |
4156 |
+ } |
4157 |
+- azx_writeb(chip, RIRBSTS, RIRB_INT_MASK); |
4158 |
+ } |
4159 |
+ } while (active && ++repeat < 10); |
4160 |
+ |
4161 |
+diff --git a/sound/soc/kirkwood/kirkwood-dma.c b/sound/soc/kirkwood/kirkwood-dma.c |
4162 |
+index dafd22e874e99..e655425e4819e 100644 |
4163 |
+--- a/sound/soc/kirkwood/kirkwood-dma.c |
4164 |
++++ b/sound/soc/kirkwood/kirkwood-dma.c |
4165 |
+@@ -136,7 +136,7 @@ static int kirkwood_dma_open(struct snd_pcm_substream *substream) |
4166 |
+ err = request_irq(priv->irq, kirkwood_dma_irq, IRQF_SHARED, |
4167 |
+ "kirkwood-i2s", priv); |
4168 |
+ if (err) |
4169 |
+- return -EBUSY; |
4170 |
++ return err; |
4171 |
+ |
4172 |
+ /* |
4173 |
+ * Enable Error interrupts. We're only ack'ing them but |
4174 |
+diff --git a/sound/usb/midi.c b/sound/usb/midi.c |
4175 |
+index 0676e7d485def..b8d4b5b3e54a1 100644 |
4176 |
+--- a/sound/usb/midi.c |
4177 |
++++ b/sound/usb/midi.c |
4178 |
+@@ -1805,6 +1805,28 @@ static int snd_usbmidi_create_endpoints(struct snd_usb_midi *umidi, |
4179 |
+ return 0; |
4180 |
+ } |
4181 |
+ |
4182 |
++static struct usb_ms_endpoint_descriptor *find_usb_ms_endpoint_descriptor( |
4183 |
++ struct usb_host_endpoint *hostep) |
4184 |
++{ |
4185 |
++ unsigned char *extra = hostep->extra; |
4186 |
++ int extralen = hostep->extralen; |
4187 |
++ |
4188 |
++ while (extralen > 3) { |
4189 |
++ struct usb_ms_endpoint_descriptor *ms_ep = |
4190 |
++ (struct usb_ms_endpoint_descriptor *)extra; |
4191 |
++ |
4192 |
++ if (ms_ep->bLength > 3 && |
4193 |
++ ms_ep->bDescriptorType == USB_DT_CS_ENDPOINT && |
4194 |
++ ms_ep->bDescriptorSubtype == UAC_MS_GENERAL) |
4195 |
++ return ms_ep; |
4196 |
++ if (!extra[0]) |
4197 |
++ break; |
4198 |
++ extralen -= extra[0]; |
4199 |
++ extra += extra[0]; |
4200 |
++ } |
4201 |
++ return NULL; |
4202 |
++} |
4203 |
++ |
4204 |
+ /* |
4205 |
+ * Returns MIDIStreaming device capabilities. |
4206 |
+ */ |
4207 |
+@@ -1842,11 +1864,8 @@ static int snd_usbmidi_get_ms_info(struct snd_usb_midi *umidi, |
4208 |
+ ep = get_ep_desc(hostep); |
4209 |
+ if (!usb_endpoint_xfer_bulk(ep) && !usb_endpoint_xfer_int(ep)) |
4210 |
+ continue; |
4211 |
+- ms_ep = (struct usb_ms_endpoint_descriptor *)hostep->extra; |
4212 |
+- if (hostep->extralen < 4 || |
4213 |
+- ms_ep->bLength < 4 || |
4214 |
+- ms_ep->bDescriptorType != USB_DT_CS_ENDPOINT || |
4215 |
+- ms_ep->bDescriptorSubtype != UAC_MS_GENERAL) |
4216 |
++ ms_ep = find_usb_ms_endpoint_descriptor(hostep); |
4217 |
++ if (!ms_ep) |
4218 |
+ continue; |
4219 |
+ if (usb_endpoint_dir_out(ep)) { |
4220 |
+ if (endpoints[epidx].out_ep) { |
4221 |
+diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c |
4222 |
+index 08e1af85af384..66b7ccb33c7b1 100644 |
4223 |
+--- a/sound/usb/quirks.c |
4224 |
++++ b/sound/usb/quirks.c |
4225 |
+@@ -1320,12 +1320,13 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe, |
4226 |
+ && (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) |
4227 |
+ mdelay(20); |
4228 |
+ |
4229 |
+- /* Zoom R16/24, Logitech H650e, Jabra 550a, Kingston HyperX needs a tiny |
4230 |
+- * delay here, otherwise requests like get/set frequency return as |
4231 |
+- * failed despite actually succeeding. |
4232 |
++ /* Zoom R16/24, Logitech H650e/H570e, Jabra 550a, Kingston HyperX |
4233 |
++ * needs a tiny delay here, otherwise requests like get/set |
4234 |
++ * frequency return as failed despite actually succeeding. |
4235 |
+ */ |
4236 |
+ if ((chip->usb_id == USB_ID(0x1686, 0x00dd) || |
4237 |
+ chip->usb_id == USB_ID(0x046d, 0x0a46) || |
4238 |
++ chip->usb_id == USB_ID(0x046d, 0x0a56) || |
4239 |
+ chip->usb_id == USB_ID(0x0b0e, 0x0349) || |
4240 |
+ chip->usb_id == USB_ID(0x0951, 0x16ad)) && |
4241 |
+ (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) |
4242 |
+diff --git a/tools/gpio/gpio-hammer.c b/tools/gpio/gpio-hammer.c |
4243 |
+index 37b3f141053df..85f45800f881f 100644 |
4244 |
+--- a/tools/gpio/gpio-hammer.c |
4245 |
++++ b/tools/gpio/gpio-hammer.c |
4246 |
+@@ -171,7 +171,14 @@ int main(int argc, char **argv) |
4247 |
+ device_name = optarg; |
4248 |
+ break; |
4249 |
+ case 'o': |
4250 |
+- lines[i] = strtoul(optarg, NULL, 10); |
4251 |
++ /* |
4252 |
++ * Avoid overflow. Do not immediately error, we want to |
4253 |
++ * be able to accurately report on the amount of times |
4254 |
++ * '-o' was given to give an accurate error message |
4255 |
++ */ |
4256 |
++ if (i < GPIOHANDLES_MAX) |
4257 |
++ lines[i] = strtoul(optarg, NULL, 10); |
4258 |
++ |
4259 |
+ i++; |
4260 |
+ break; |
4261 |
+ case '?': |
4262 |
+@@ -179,6 +186,14 @@ int main(int argc, char **argv) |
4263 |
+ return -1; |
4264 |
+ } |
4265 |
+ } |
4266 |
++ |
4267 |
++ if (i >= GPIOHANDLES_MAX) { |
4268 |
++ fprintf(stderr, |
4269 |
++ "Only %d occurences of '-o' are allowed, %d were found\n", |
4270 |
++ GPIOHANDLES_MAX, i + 1); |
4271 |
++ return -1; |
4272 |
++ } |
4273 |
++ |
4274 |
+ nlines = i; |
4275 |
+ |
4276 |
+ if (!device_name || !nlines) { |
4277 |
+diff --git a/tools/objtool/check.c b/tools/objtool/check.c |
4278 |
+index c7399d7f4bc77..31c512f19662e 100644 |
4279 |
+--- a/tools/objtool/check.c |
4280 |
++++ b/tools/objtool/check.c |
4281 |
+@@ -502,7 +502,7 @@ static int add_jump_destinations(struct objtool_file *file) |
4282 |
+ insn->type != INSN_JUMP_UNCONDITIONAL) |
4283 |
+ continue; |
4284 |
+ |
4285 |
+- if (insn->ignore || insn->offset == FAKE_JUMP_OFFSET) |
4286 |
++ if (insn->offset == FAKE_JUMP_OFFSET) |
4287 |
+ continue; |
4288 |
+ |
4289 |
+ rela = find_rela_by_dest_range(insn->sec, insn->offset, |
4290 |
+diff --git a/tools/perf/util/sort.c b/tools/perf/util/sort.c |
4291 |
+index 031e64ce71564..013e3f5102258 100644 |
4292 |
+--- a/tools/perf/util/sort.c |
4293 |
++++ b/tools/perf/util/sort.c |
4294 |
+@@ -2532,7 +2532,7 @@ static char *prefix_if_not_in(const char *pre, char *str) |
4295 |
+ return str; |
4296 |
+ |
4297 |
+ if (asprintf(&n, "%s,%s", pre, str) < 0) |
4298 |
+- return NULL; |
4299 |
++ n = NULL; |
4300 |
+ |
4301 |
+ free(str); |
4302 |
+ return n; |
4303 |
+diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c |
4304 |
+index 5a50326c8158f..e155783c601ab 100644 |
4305 |
+--- a/tools/perf/util/symbol-elf.c |
4306 |
++++ b/tools/perf/util/symbol-elf.c |
4307 |
+@@ -1421,6 +1421,7 @@ struct kcore_copy_info { |
4308 |
+ u64 first_symbol; |
4309 |
+ u64 last_symbol; |
4310 |
+ u64 first_module; |
4311 |
++ u64 first_module_symbol; |
4312 |
+ u64 last_module_symbol; |
4313 |
+ struct phdr_data kernel_map; |
4314 |
+ struct phdr_data modules_map; |
4315 |
+@@ -1435,6 +1436,8 @@ static int kcore_copy__process_kallsyms(void *arg, const char *name, char type, |
4316 |
+ return 0; |
4317 |
+ |
4318 |
+ if (strchr(name, '[')) { |
4319 |
++ if (!kci->first_module_symbol || start < kci->first_module_symbol) |
4320 |
++ kci->first_module_symbol = start; |
4321 |
+ if (start > kci->last_module_symbol) |
4322 |
+ kci->last_module_symbol = start; |
4323 |
+ return 0; |
4324 |
+@@ -1559,6 +1562,10 @@ static int kcore_copy__calc_maps(struct kcore_copy_info *kci, const char *dir, |
4325 |
+ kci->etext += page_size; |
4326 |
+ } |
4327 |
+ |
4328 |
++ if (kci->first_module_symbol && |
4329 |
++ (!kci->first_module || kci->first_module_symbol < kci->first_module)) |
4330 |
++ kci->first_module = kci->first_module_symbol; |
4331 |
++ |
4332 |
+ kci->first_module = round_down(kci->first_module, page_size); |
4333 |
+ |
4334 |
+ if (kci->last_module_symbol) { |
4335 |
+diff --git a/tools/testing/selftests/x86/syscall_nt.c b/tools/testing/selftests/x86/syscall_nt.c |
4336 |
+index 43fcab367fb0a..74e6b3fc2d09e 100644 |
4337 |
+--- a/tools/testing/selftests/x86/syscall_nt.c |
4338 |
++++ b/tools/testing/selftests/x86/syscall_nt.c |
4339 |
+@@ -67,6 +67,7 @@ static void do_it(unsigned long extraflags) |
4340 |
+ set_eflags(get_eflags() | extraflags); |
4341 |
+ syscall(SYS_getpid); |
4342 |
+ flags = get_eflags(); |
4343 |
++ set_eflags(X86_EFLAGS_IF | X86_EFLAGS_FIXED); |
4344 |
+ if ((flags & extraflags) == extraflags) { |
4345 |
+ printf("[OK]\tThe syscall worked and flags are still set\n"); |
4346 |
+ } else { |
4347 |
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c |
4348 |
+index 4e4bb5dd2dcd5..5bddabb3de7c3 100644 |
4349 |
+--- a/virt/kvm/kvm_main.c |
4350 |
++++ b/virt/kvm/kvm_main.c |
4351 |
+@@ -154,6 +154,7 @@ bool kvm_is_reserved_pfn(kvm_pfn_t pfn) |
4352 |
+ */ |
4353 |
+ if (pfn_valid(pfn)) |
4354 |
+ return PageReserved(pfn_to_page(pfn)) && |
4355 |
++ !is_zero_pfn(pfn) && |
4356 |
+ !kvm_is_zone_device_pfn(pfn); |
4357 |
+ |
4358 |
+ return true; |
4359 |
+@@ -3639,7 +3640,7 @@ int kvm_io_bus_register_dev(struct kvm *kvm, enum kvm_bus bus_idx, gpa_t addr, |
4360 |
+ void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx, |
4361 |
+ struct kvm_io_device *dev) |
4362 |
+ { |
4363 |
+- int i; |
4364 |
++ int i, j; |
4365 |
+ struct kvm_io_bus *new_bus, *bus; |
4366 |
+ |
4367 |
+ bus = kvm->buses[bus_idx]; |
4368 |
+@@ -3656,17 +3657,20 @@ void kvm_io_bus_unregister_dev(struct kvm *kvm, enum kvm_bus bus_idx, |
4369 |
+ |
4370 |
+ new_bus = kmalloc(sizeof(*bus) + ((bus->dev_count - 1) * |
4371 |
+ sizeof(struct kvm_io_range)), GFP_KERNEL); |
4372 |
+- if (!new_bus) { |
4373 |
++ if (new_bus) { |
4374 |
++ memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range)); |
4375 |
++ new_bus->dev_count--; |
4376 |
++ memcpy(new_bus->range + i, bus->range + i + 1, |
4377 |
++ (new_bus->dev_count - i) * sizeof(struct kvm_io_range)); |
4378 |
++ } else { |
4379 |
+ pr_err("kvm: failed to shrink bus, removing it completely\n"); |
4380 |
+- goto broken; |
4381 |
++ for (j = 0; j < bus->dev_count; j++) { |
4382 |
++ if (j == i) |
4383 |
++ continue; |
4384 |
++ kvm_iodevice_destructor(bus->range[j].dev); |
4385 |
++ } |
4386 |
+ } |
4387 |
+ |
4388 |
+- memcpy(new_bus, bus, sizeof(*bus) + i * sizeof(struct kvm_io_range)); |
4389 |
+- new_bus->dev_count--; |
4390 |
+- memcpy(new_bus->range + i, bus->range + i + 1, |
4391 |
+- (new_bus->dev_count - i) * sizeof(struct kvm_io_range)); |
4392 |
+- |
4393 |
+-broken: |
4394 |
+ rcu_assign_pointer(kvm->buses[bus_idx], new_bus); |
4395 |
+ synchronize_srcu_expedited(&kvm->srcu); |
4396 |
+ kfree(bus); |