Merge tag 'v4.11-rc6' into perf/core, to pick up fixes

+1

.mailmap

··· 171 171 Vladimir Davydov <vdavydov.dev@gmail.com> <vdavydov@virtuozzo.com> 172 172 Vladimir Davydov <vdavydov.dev@gmail.com> <vdavydov@parallels.com> 173 173 Takashi YOSHII <takashi.yoshii.zj@renesas.com> 174 + Yakir Yang <kuankuan.y@gmail.com> <ykk@rock-chips.com> 174 175 Yusuke Goda <goda.yusuke@renesas.com> 175 176 Gustavo Padovan <gustavo@las.ic.unicamp.br> 176 177 Gustavo Padovan <padovan@profusion.mobi>

+6

Documentation/admin-guide/kernel-parameters.txt

··· 1725 1725 kernel and module base offset ASLR (Address Space 1726 1726 Layout Randomization). 1727 1727 1728 + kasan_multi_shot 1729 + [KNL] Enforce KASAN (Kernel Address Sanitizer) to print 1730 + report on every invalid memory access. Without this 1731 + parameter KASAN will print report only for the first 1732 + invalid access. 1733 + 1728 1734 keepinitrd [HW,ARM] 1729 1735 1730 1736 kernelcore= [KNL,X86,IA-64,PPC]

+2 -1

Documentation/devicetree/bindings/rng/omap_rng.txt

··· 12 12 - reg : Offset and length of the register set for the module 13 13 - interrupts : the interrupt number for the RNG module. 14 14 Used for "ti,omap4-rng" and "inside-secure,safexcel-eip76" 15 - - clocks: the trng clock source 15 + - clocks: the trng clock source. Only mandatory for the 16 + "inside-secure,safexcel-eip76" compatible. 16 17 17 18 Example: 18 19 /* AM335x */

+1 -2

Documentation/filesystems/Locking

··· 58 58 int (*permission) (struct inode *, int, unsigned int); 59 59 int (*get_acl)(struct inode *, int); 60 60 int (*setattr) (struct dentry *, struct iattr *); 61 - int (*getattr) (const struct path *, struct dentry *, struct kstat *, 62 - u32, unsigned int); 61 + int (*getattr) (const struct path *, struct kstat *, u32, unsigned int); 63 62 ssize_t (*listxattr) (struct dentry *, char *, size_t); 64 63 int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start, u64 len); 65 64 void (*update_time)(struct inode *, struct timespec *, int);

+6

Documentation/filesystems/porting

··· 600 600 [recommended] 601 601 ->readlink is optional for symlinks. Don't set, unless filesystem needs 602 602 to fake something for readlink(2). 603 + -- 604 + [mandatory] 605 + ->getattr() is now passed a struct path rather than a vfsmount and 606 + dentry separately, and it now has request_mask and query_flags arguments 607 + to specify the fields and sync type requested by statx. Filesystems not 608 + supporting any statx-specific features may ignore the new arguments.

+1 -2

Documentation/filesystems/vfs.txt

··· 382 382 int (*permission) (struct inode *, int); 383 383 int (*get_acl)(struct inode *, int); 384 384 int (*setattr) (struct dentry *, struct iattr *); 385 - int (*getattr) (const struct path *, struct dentry *, struct kstat *, 386 - u32, unsigned int); 385 + int (*getattr) (const struct path *, struct kstat *, u32, unsigned int); 387 386 ssize_t (*listxattr) (struct dentry *, char *, size_t); 388 387 void (*update_time)(struct inode *, struct timespec *, int); 389 388 int (*atomic_open)(struct inode *, struct dentry *, struct file *,

+7 -1

Documentation/pinctrl.txt

··· 77 77 78 78 int __init foo_probe(void) 79 79 { 80 + int error; 81 + 80 82 struct pinctrl_dev *pctl; 81 83 82 - return pinctrl_register_and_init(&foo_desc, <PARENT>, NULL, &pctl); 84 + error = pinctrl_register_and_init(&foo_desc, <PARENT>, NULL, &pctl); 85 + if (error) 86 + return error; 87 + 88 + return pinctrl_enable(pctl); 83 89 } 84 90 85 91 To enable the pinctrl subsystem and the subgroups for PINMUX and PINCONF and

+1 -1

Documentation/process/stable-kernel-rules.rst

··· 124 124 125 125 .. code-block:: none 126 126 127 - Cc: <stable@vger.kernel.org> # 3.3.x- 127 + Cc: <stable@vger.kernel.org> # 3.3.x 128 128 129 129 The tag has the meaning of: 130 130

+6

Documentation/virtual/kvm/devices/arm-vgic.txt

··· 83 83 84 84 Bits for undefined preemption levels are RAZ/WI. 85 85 86 + For historical reasons and to provide ABI compatibility with userspace we 87 + export the GICC_PMR register in the format of the GICH_VMCR.VMPriMask 88 + field in the lower 5 bits of a word, meaning that userspace must always 89 + use the lower 5 bits to communicate with the KVM device and must shift the 90 + value left by 3 places to obtain the actual priority mask level. 91 + 86 92 Limitations: 87 93 - Priorities are not implemented, and registers are RAZ/WI 88 94 - Currently only implemented for KVM_DEV_TYPE_ARM_VGIC_V2.

+14 -4

MAINTAINERS

··· 4117 4117 F: lib/lru_cache.c 4118 4118 F: Documentation/blockdev/drbd/ 4119 4119 4120 - DRIVER CORE, KOBJECTS, DEBUGFS, KERNFS AND SYSFS 4120 + DRIVER CORE, KOBJECTS, DEBUGFS AND SYSFS 4121 4121 M: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 4122 4122 T: git git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git 4123 4123 S: Supported 4124 4124 F: Documentation/kobject.txt 4125 4125 F: drivers/base/ 4126 4126 F: fs/debugfs/ 4127 - F: fs/kernfs/ 4128 4127 F: fs/sysfs/ 4129 4128 F: include/linux/debugfs.h 4130 4129 F: include/linux/kobj* ··· 4927 4928 F: net/bridge/ 4928 4929 4929 4930 ETHERNET PHY LIBRARY 4931 + M: Andrew Lunn <andrew@lunn.ch> 4930 4932 M: Florian Fainelli <f.fainelli@gmail.com> 4931 4933 L: netdev@vger.kernel.org 4932 4934 S: Maintained ··· 7089 7089 F: fs/autofs4/ 7090 7090 7091 7091 KERNEL BUILD + files below scripts/ (unless maintained elsewhere) 7092 + M: Masahiro Yamada <yamada.masahiro@socionext.com> 7092 7093 M: Michal Marek <mmarek@suse.com> 7093 - T: git git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild.git for-next 7094 - T: git git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild.git rc-fixes 7094 + T: git git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git 7095 7095 L: linux-kbuild@vger.kernel.org 7096 7096 S: Maintained 7097 7097 F: Documentation/kbuild/ ··· 7207 7207 F: arch/mips/include/uapi/asm/kvm* 7208 7208 F: arch/mips/include/asm/kvm* 7209 7209 F: arch/mips/kvm/ 7210 + 7211 + KERNFS 7212 + M: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 7213 + M: Tejun Heo <tj@kernel.org> 7214 + T: git git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git 7215 + S: Supported 7216 + F: include/linux/kernfs.h 7217 + F: fs/kernfs/ 7210 7218 7211 7219 KEXEC 7212 7220 M: Eric Biederman <ebiederm@xmission.com> ··· 10822 10814 F: block/partitions/ibm.c 10823 10815 10824 10816 S390 NETWORK DRIVERS 10817 + M: Julian Wiedmann <jwi@linux.vnet.ibm.com> 10825 10818 M: Ursula Braun <ubraun@linux.vnet.ibm.com> 10826 10819 L: linux-s390@vger.kernel.org 10827 10820 W: http://www.ibm.com/developerworks/linux/linux390/ ··· 10853 10844 F: drivers/s390/scsi/zfcp_* 10854 10845 10855 10846 S390 IUCV NETWORK LAYER 10847 + M: Julian Wiedmann <jwi@linux.vnet.ibm.com> 10856 10848 M: Ursula Braun <ubraun@linux.vnet.ibm.com> 10857 10849 L: linux-s390@vger.kernel.org 10858 10850 W: http://www.ibm.com/developerworks/linux/linux390/

+8 -8

Makefile

··· 1 1 VERSION = 4 2 2 PATCHLEVEL = 11 3 3 SUBLEVEL = 0 4 - EXTRAVERSION = -rc4 4 + EXTRAVERSION = -rc6 5 5 NAME = Fearless Coyote 6 6 7 7 # *DOCUMENTATION* ··· 372 372 CFLAGS_KERNEL = 373 373 AFLAGS_KERNEL = 374 374 LDFLAGS_vmlinux = 375 - CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im -Wno-maybe-uninitialized 375 + CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) 376 376 CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) 377 377 378 378 ··· 653 653 # Tell gcc to never replace conditional load with a non-conditional one 654 654 KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) 655 655 656 + # check for 'asm goto' 657 + ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC) $(KBUILD_CFLAGS)), y) 658 + KBUILD_CFLAGS += -DCC_HAVE_ASM_GOTO 659 + KBUILD_AFLAGS += -DCC_HAVE_ASM_GOTO 660 + endif 661 + 656 662 include scripts/Makefile.gcc-plugins 657 663 658 664 ifdef CONFIG_READABLE_ASM ··· 803 797 804 798 # use the deterministic mode of AR if available 805 799 KBUILD_ARFLAGS := $(call ar-option,D) 806 - 807 - # check for 'asm goto' 808 - ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC) $(KBUILD_CFLAGS)), y) 809 - KBUILD_CFLAGS += -DCC_HAVE_ASM_GOTO 810 - KBUILD_AFLAGS += -DCC_HAVE_ASM_GOTO 811 - endif 812 800 813 801 include scripts/Makefile.kasan 814 802 include scripts/Makefile.extrawarn

+1 -1

arch/alpha/kernel/osf_sys.c

··· 1290 1290 /* copy relevant bits of struct timex. */ 1291 1291 if (copy_from_user(&txc, txc_p, offsetof(struct timex32, time)) || 1292 1292 copy_from_user(&txc.tick, &txc_p->tick, sizeof(struct timex32) - 1293 - offsetof(struct timex32, time))) 1293 + offsetof(struct timex32, tick))) 1294 1294 return -EFAULT; 1295 1295 1296 1296 ret = do_adjtimex(&txc);

+1

arch/arc/boot/dts/skeleton.dtsi

··· 26 26 device_type = "cpu"; 27 27 compatible = "snps,arc770d"; 28 28 reg = <0>; 29 + clocks = <&core_clk>; 29 30 }; 30 31 }; 31 32

+1

arch/arc/boot/dts/skeleton_hs.dtsi

··· 21 21 device_type = "cpu"; 22 22 compatible = "snps,archs38"; 23 23 reg = <0>; 24 + clocks = <&core_clk>; 24 25 }; 25 26 }; 26 27

+20 -1

arch/arc/boot/dts/skeleton_hs_idu.dtsi

··· 19 19 20 20 cpu@0 { 21 21 device_type = "cpu"; 22 - compatible = "snps,archs38xN"; 22 + compatible = "snps,archs38"; 23 23 reg = <0>; 24 + clocks = <&core_clk>; 25 + }; 26 + cpu@1 { 27 + device_type = "cpu"; 28 + compatible = "snps,archs38"; 29 + reg = <1>; 30 + clocks = <&core_clk>; 31 + }; 32 + cpu@2 { 33 + device_type = "cpu"; 34 + compatible = "snps,archs38"; 35 + reg = <2>; 36 + clocks = <&core_clk>; 37 + }; 38 + cpu@3 { 39 + device_type = "cpu"; 40 + compatible = "snps,archs38"; 41 + reg = <3>; 42 + clocks = <&core_clk>; 24 43 }; 25 44 }; 26 45

+13 -7

arch/arc/boot/dts/vdk_axs10x_mb.dtsi

··· 112 112 interrupts = <7>; 113 113 bus-width = <4>; 114 114 }; 115 + }; 115 116 116 - /* Embedded Vision subsystem UIO mappings; only relevant for EV VDK */ 117 - uio_ev: uio@0xD0000000 { 118 - compatible = "generic-uio"; 119 - reg = <0xD0000000 0x2000 0xD1000000 0x2000 0x90000000 0x10000000 0xC0000000 0x10000000>; 120 - reg-names = "ev_gsa", "ev_ctrl", "ev_shared_mem", "ev_code_mem"; 121 - interrupts = <23>; 122 - }; 117 + /* 118 + * Embedded Vision subsystem UIO mappings; only relevant for EV VDK 119 + * 120 + * This node is intentionally put outside of MB above becase 121 + * it maps areas outside of MB's 0xEz-0xFz. 122 + */ 123 + uio_ev: uio@0xD0000000 { 124 + compatible = "generic-uio"; 125 + reg = <0xD0000000 0x2000 0xD1000000 0x2000 0x90000000 0x10000000 0xC0000000 0x10000000>; 126 + reg-names = "ev_gsa", "ev_ctrl", "ev_shared_mem", "ev_code_mem"; 127 + interrupt-parent = <&mb_intc>; 128 + interrupts = <23>; 123 129 }; 124 130 };

+1 -3

arch/arc/include/asm/kprobes.h

··· 54 54 void kretprobe_trampoline(void); 55 55 void trap_is_kprobe(unsigned long address, struct pt_regs *regs); 56 56 #else 57 - static void trap_is_kprobe(unsigned long address, struct pt_regs *regs) 58 - { 59 - } 57 + #define trap_is_kprobe(address, regs) 60 58 #endif /* CONFIG_KPROBES */ 61 59 62 60 #endif /* _ARC_KPROBES_H */

+9 -3

arch/arc/kernel/entry-arcv2.S

··· 100 100 ;################### Non TLB Exception Handling ############################# 101 101 102 102 ENTRY(EV_SWI) 103 - flag 1 103 + ; TODO: implement this 104 + EXCEPTION_PROLOGUE 105 + b ret_from_exception 104 106 END(EV_SWI) 105 107 106 108 ENTRY(EV_DivZero) 107 - flag 1 109 + ; TODO: implement this 110 + EXCEPTION_PROLOGUE 111 + b ret_from_exception 108 112 END(EV_DivZero) 109 113 110 114 ENTRY(EV_DCError) 111 - flag 1 115 + ; TODO: implement this 116 + EXCEPTION_PROLOGUE 117 + b ret_from_exception 112 118 END(EV_DCError) 113 119 114 120 ; ---------------------------------------------

+12 -4

arch/arc/kernel/setup.c

··· 10 10 #include <linux/fs.h> 11 11 #include <linux/delay.h> 12 12 #include <linux/root_dev.h> 13 + #include <linux/clk.h> 13 14 #include <linux/clk-provider.h> 14 15 #include <linux/clocksource.h> 15 16 #include <linux/console.h> ··· 489 488 { 490 489 char *str; 491 490 int cpu_id = ptr_to_cpu(v); 492 - struct device_node *core_clk = of_find_node_by_name(NULL, "core_clk"); 493 - u32 freq = 0; 491 + struct device *cpu_dev = get_cpu_device(cpu_id); 492 + struct clk *cpu_clk; 493 + unsigned long freq = 0; 494 494 495 495 if (!cpu_online(cpu_id)) { 496 496 seq_printf(m, "processor [%d]\t: Offline\n", cpu_id); ··· 504 502 505 503 seq_printf(m, arc_cpu_mumbojumbo(cpu_id, str, PAGE_SIZE)); 506 504 507 - of_property_read_u32(core_clk, "clock-frequency", &freq); 505 + cpu_clk = clk_get(cpu_dev, NULL); 506 + if (IS_ERR(cpu_clk)) { 507 + seq_printf(m, "CPU speed \t: Cannot get clock for processor [%d]\n", 508 + cpu_id); 509 + } else { 510 + freq = clk_get_rate(cpu_clk); 511 + } 508 512 if (freq) 509 - seq_printf(m, "CPU speed\t: %u.%02u Mhz\n", 513 + seq_printf(m, "CPU speed\t: %lu.%02lu Mhz\n", 510 514 freq / 1000000, (freq / 10000) % 100); 511 515 512 516 seq_printf(m, "Bogo MIPS\t: %lu.%02lu\n",

+3

arch/arc/mm/cache.c

··· 633 633 634 634 write_aux_reg(ARC_REG_SLC_INVALIDATE, 1); 635 635 636 + /* Make sure "busy" bit reports correct stataus, see STAR 9001165532 */ 637 + read_aux_reg(r); 638 + 636 639 /* Important to wait for flush to complete */ 637 640 while (read_aux_reg(r) & SLC_CTRL_BUSY); 638 641 }

+2 -2

arch/arm/boot/dts/sun8i-a33.dtsi

··· 113 113 simple-audio-card,mclk-fs = <512>; 114 114 simple-audio-card,aux-devs = <&codec_analog>; 115 115 simple-audio-card,routing = 116 - "Left DAC", "Digital Left DAC", 117 - "Right DAC", "Digital Right DAC"; 116 + "Left DAC", "AIF1 Slot 0 Left", 117 + "Right DAC", "AIF1 Slot 0 Right"; 118 118 status = "disabled"; 119 119 120 120 simple-audio-card,cpu {

+3

arch/arm/kvm/arm.c

··· 1124 1124 if (__hyp_get_vectors() == hyp_default_vectors) 1125 1125 cpu_init_hyp_mode(NULL); 1126 1126 } 1127 + 1128 + if (vgic_present) 1129 + kvm_vgic_init_cpu_hardware(); 1127 1130 } 1128 1131 1129 1132 static void cpu_hyp_reset(void)

+20 -3

arch/arm/kvm/mmu.c

··· 292 292 phys_addr_t addr = start, end = start + size; 293 293 phys_addr_t next; 294 294 295 + assert_spin_locked(&kvm->mmu_lock); 295 296 pgd = kvm->arch.pgd + stage2_pgd_index(addr); 296 297 do { 297 298 next = stage2_pgd_addr_end(addr, end); 298 299 if (!stage2_pgd_none(*pgd)) 299 300 unmap_stage2_puds(kvm, pgd, addr, next); 301 + /* 302 + * If the range is too large, release the kvm->mmu_lock 303 + * to prevent starvation and lockup detector warnings. 304 + */ 305 + if (next != end) 306 + cond_resched_lock(&kvm->mmu_lock); 300 307 } while (pgd++, addr = next, addr != end); 301 308 } 302 309 ··· 810 803 int idx; 811 804 812 805 idx = srcu_read_lock(&kvm->srcu); 806 + down_read(&current->mm->mmap_sem); 813 807 spin_lock(&kvm->mmu_lock); 814 808 815 809 slots = kvm_memslots(kvm); ··· 818 810 stage2_unmap_memslot(kvm, memslot); 819 811 820 812 spin_unlock(&kvm->mmu_lock); 813 + up_read(&current->mm->mmap_sem); 821 814 srcu_read_unlock(&kvm->srcu, idx); 822 815 } 823 816 ··· 838 829 if (kvm->arch.pgd == NULL) 839 830 return; 840 831 832 + spin_lock(&kvm->mmu_lock); 841 833 unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE); 834 + spin_unlock(&kvm->mmu_lock); 835 + 842 836 /* Free the HW pgd, one page at a time */ 843 837 free_pages_exact(kvm->arch.pgd, S2_PGD_SIZE); 844 838 kvm->arch.pgd = NULL; ··· 1813 1801 (KVM_PHYS_SIZE >> PAGE_SHIFT)) 1814 1802 return -EFAULT; 1815 1803 1804 + down_read(&current->mm->mmap_sem); 1816 1805 /* 1817 1806 * A memory region could potentially cover multiple VMAs, and any holes 1818 1807 * between them, so iterate over all of them to find out if we can map ··· 1857 1844 pa += vm_start - vma->vm_start; 1858 1845 1859 1846 /* IO region dirty page logging not allowed */ 1860 - if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) 1861 - return -EINVAL; 1847 + if (memslot->flags & KVM_MEM_LOG_DIRTY_PAGES) { 1848 + ret = -EINVAL; 1849 + goto out; 1850 + } 1862 1851 1863 1852 ret = kvm_phys_addr_ioremap(kvm, gpa, pa, 1864 1853 vm_end - vm_start, ··· 1872 1857 } while (hva < reg_end); 1873 1858 1874 1859 if (change == KVM_MR_FLAGS_ONLY) 1875 - return ret; 1860 + goto out; 1876 1861 1877 1862 spin_lock(&kvm->mmu_lock); 1878 1863 if (ret) ··· 1880 1865 else 1881 1866 stage2_flush_memslot(kvm, memslot); 1882 1867 spin_unlock(&kvm->mmu_lock); 1868 + out: 1869 + up_read(&current->mm->mmap_sem); 1883 1870 return ret; 1884 1871 } 1885 1872

+19 -1

arch/arm/mm/dma-mapping.c

··· 935 935 __arm_dma_free(dev, size, cpu_addr, handle, attrs, true); 936 936 } 937 937 938 + /* 939 + * The whole dma_get_sgtable() idea is fundamentally unsafe - it seems 940 + * that the intention is to allow exporting memory allocated via the 941 + * coherent DMA APIs through the dma_buf API, which only accepts a 942 + * scattertable. This presents a couple of problems: 943 + * 1. Not all memory allocated via the coherent DMA APIs is backed by 944 + * a struct page 945 + * 2. Passing coherent DMA memory into the streaming APIs is not allowed 946 + * as we will try to flush the memory through a different alias to that 947 + * actually being used (and the flushes are redundant.) 948 + */ 938 949 int arm_dma_get_sgtable(struct device *dev, struct sg_table *sgt, 939 950 void *cpu_addr, dma_addr_t handle, size_t size, 940 951 unsigned long attrs) 941 952 { 942 - struct page *page = pfn_to_page(dma_to_pfn(dev, handle)); 953 + unsigned long pfn = dma_to_pfn(dev, handle); 954 + struct page *page; 943 955 int ret; 956 + 957 + /* If the PFN is not valid, we do not have a struct page */ 958 + if (!pfn_valid(pfn)) 959 + return -ENXIO; 960 + 961 + page = pfn_to_page(pfn); 944 962 945 963 ret = sg_alloc_table(sgt, 1, GFP_KERNEL); 946 964 if (unlikely(ret))

+4 -1

arch/arm/mm/nommu.c

··· 303 303 */ 304 304 static inline bool security_extensions_enabled(void) 305 305 { 306 - return !!cpuid_feature_extract(CPUID_EXT_PFR1, 4); 306 + /* Check CPUID Identification Scheme before ID_PFR1 read */ 307 + if ((read_cpuid_id() & 0x000f0000) == 0x000f0000) 308 + return !!cpuid_feature_extract(CPUID_EXT_PFR1, 4); 309 + return 0; 307 310 } 308 311 309 312 static unsigned long __init setup_vectors_base(void)

+44 -17

arch/arm/probes/kprobes/core.c

··· 266 266 #endif 267 267 268 268 if (p) { 269 - if (cur) { 269 + if (!p->ainsn.insn_check_cc(regs->ARM_cpsr)) { 270 + /* 271 + * Probe hit but conditional execution check failed, 272 + * so just skip the instruction and continue as if 273 + * nothing had happened. 274 + * In this case, we can skip recursing check too. 275 + */ 276 + singlestep_skip(p, regs); 277 + } else if (cur) { 270 278 /* Kprobe is pending, so we're recursing. */ 271 279 switch (kcb->kprobe_status) { 272 280 case KPROBE_HIT_ACTIVE: 273 281 case KPROBE_HIT_SSDONE: 282 + case KPROBE_HIT_SS: 274 283 /* A pre- or post-handler probe got us here. */ 275 284 kprobes_inc_nmissed_count(p); 276 285 save_previous_kprobe(kcb); ··· 288 279 singlestep(p, regs, kcb); 289 280 restore_previous_kprobe(kcb); 290 281 break; 282 + case KPROBE_REENTER: 283 + /* A nested probe was hit in FIQ, it is a BUG */ 284 + pr_warn("Unrecoverable kprobe detected at %p.\n", 285 + p->addr); 286 + /* fall through */ 291 287 default: 292 288 /* impossible cases */ 293 289 BUG(); 294 290 } 295 - } else if (p->ainsn.insn_check_cc(regs->ARM_cpsr)) { 291 + } else { 296 292 /* Probe hit and conditional execution check ok. */ 297 293 set_current_kprobe(p); 298 294 kcb->kprobe_status = KPROBE_HIT_ACTIVE; ··· 318 304 } 319 305 reset_current_kprobe(); 320 306 } 321 - } else { 322 - /* 323 - * Probe hit but conditional execution check failed, 324 - * so just skip the instruction and continue as if 325 - * nothing had happened. 326 - */ 327 - singlestep_skip(p, regs); 328 307 } 329 308 } else if (cur) { 330 309 /* We probably hit a jprobe. Call its break handler. */ ··· 441 434 struct hlist_node *tmp; 442 435 unsigned long flags, orig_ret_address = 0; 443 436 unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline; 437 + kprobe_opcode_t *correct_ret_addr = NULL; 444 438 445 439 INIT_HLIST_HEAD(&empty_rp); 446 440 kretprobe_hash_lock(current, &head, &flags); ··· 464 456 /* another task is sharing our hash bucket */ 465 457 continue; 466 458 467 - if (ri->rp && ri->rp->handler) { 468 - __this_cpu_write(current_kprobe, &ri->rp->kp); 469 - get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE; 470 - ri->rp->handler(ri, regs); 471 - __this_cpu_write(current_kprobe, NULL); 472 - } 473 - 474 459 orig_ret_address = (unsigned long)ri->ret_addr; 475 - recycle_rp_inst(ri, &empty_rp); 476 460 477 461 if (orig_ret_address != trampoline_address) 478 462 /* ··· 476 476 } 477 477 478 478 kretprobe_assert(ri, orig_ret_address, trampoline_address); 479 + 480 + correct_ret_addr = ri->ret_addr; 481 + hlist_for_each_entry_safe(ri, tmp, head, hlist) { 482 + if (ri->task != current) 483 + /* another task is sharing our hash bucket */ 484 + continue; 485 + 486 + orig_ret_address = (unsigned long)ri->ret_addr; 487 + if (ri->rp && ri->rp->handler) { 488 + __this_cpu_write(current_kprobe, &ri->rp->kp); 489 + get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE; 490 + ri->ret_addr = correct_ret_addr; 491 + ri->rp->handler(ri, regs); 492 + __this_cpu_write(current_kprobe, NULL); 493 + } 494 + 495 + recycle_rp_inst(ri, &empty_rp); 496 + 497 + if (orig_ret_address != trampoline_address) 498 + /* 499 + * This is the real return address. Any other 500 + * instances associated with this task are for 501 + * other calls deeper on the call stack 502 + */ 503 + break; 504 + } 505 + 479 506 kretprobe_hash_unlock(current, &flags); 480 507 481 508 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {

+8 -3

arch/arm/probes/kprobes/test-core.c

··· 977 977 void __naked __kprobes_test_case_start(void) 978 978 { 979 979 __asm__ __volatile__ ( 980 - "stmdb sp!, {r4-r11} \n\t" 980 + "mov r2, sp \n\t" 981 + "bic r3, r2, #7 \n\t" 982 + "mov sp, r3 \n\t" 983 + "stmdb sp!, {r2-r11} \n\t" 981 984 "sub sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t" 982 985 "bic r0, lr, #1 @ r0 = inline data \n\t" 983 986 "mov r1, sp \n\t" ··· 1000 997 "movne pc, r0 \n\t" 1001 998 "mov r0, r4 \n\t" 1002 999 "add sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t" 1003 - "ldmia sp!, {r4-r11} \n\t" 1000 + "ldmia sp!, {r2-r11} \n\t" 1001 + "mov sp, r2 \n\t" 1004 1002 "mov pc, r0 \n\t" 1005 1003 ); 1006 1004 } ··· 1017 1013 "bxne r0 \n\t" 1018 1014 "mov r0, r4 \n\t" 1019 1015 "add sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t" 1020 - "ldmia sp!, {r4-r11} \n\t" 1016 + "ldmia sp!, {r2-r11} \n\t" 1017 + "mov sp, r2 \n\t" 1021 1018 "bx r0 \n\t" 1022 1019 ); 1023 1020 }

-2

arch/arm64/include/asm/current.h

··· 3 3 4 4 #include <linux/compiler.h> 5 5 6 - #include <asm/sysreg.h> 7 - 8 6 #ifndef __ASSEMBLY__ 9 7 10 8 struct task_struct;

+1 -1

arch/arm64/kernel/smp.c

··· 944 944 #ifdef CONFIG_HOTPLUG_CPU 945 945 int any_cpu = raw_smp_processor_id(); 946 946 947 - if (cpu_ops[any_cpu]->cpu_die) 947 + if (cpu_ops[any_cpu] && cpu_ops[any_cpu]->cpu_die) 948 948 return true; 949 949 #endif 950 950 return false;

-1

arch/arm64/kernel/vdso/.gitignore

··· 1 1 vdso.lds 2 - vdso-offsets.h

+24 -18

arch/arm64/mm/fault.c

··· 42 42 #include <asm/pgtable.h> 43 43 #include <asm/tlbflush.h> 44 44 45 - static const char *fault_name(unsigned int esr); 45 + struct fault_info { 46 + int (*fn)(unsigned long addr, unsigned int esr, 47 + struct pt_regs *regs); 48 + int sig; 49 + int code; 50 + const char *name; 51 + }; 52 + 53 + static const struct fault_info fault_info[]; 54 + 55 + static inline const struct fault_info *esr_to_fault_info(unsigned int esr) 56 + { 57 + return fault_info + (esr & 63); 58 + } 46 59 47 60 #ifdef CONFIG_KPROBES 48 61 static inline int notify_page_fault(struct pt_regs *regs, unsigned int esr) ··· 210 197 struct pt_regs *regs) 211 198 { 212 199 struct siginfo si; 200 + const struct fault_info *inf; 213 201 214 202 if (unhandled_signal(tsk, sig) && show_unhandled_signals_ratelimited()) { 203 + inf = esr_to_fault_info(esr); 215 204 pr_info("%s[%d]: unhandled %s (%d) at 0x%08lx, esr 0x%03x\n", 216 - tsk->comm, task_pid_nr(tsk), fault_name(esr), sig, 205 + tsk->comm, task_pid_nr(tsk), inf->name, sig, 217 206 addr, esr); 218 207 show_pte(tsk->mm, addr); 219 208 show_regs(regs); ··· 234 219 { 235 220 struct task_struct *tsk = current; 236 221 struct mm_struct *mm = tsk->active_mm; 222 + const struct fault_info *inf; 237 223 238 224 /* 239 225 * If we are in kernel mode at this point, we have no context to 240 226 * handle this fault with. 241 227 */ 242 - if (user_mode(regs)) 243 - __do_user_fault(tsk, addr, esr, SIGSEGV, SEGV_MAPERR, regs); 244 - else 228 + if (user_mode(regs)) { 229 + inf = esr_to_fault_info(esr); 230 + __do_user_fault(tsk, addr, esr, inf->sig, inf->code, regs); 231 + } else 245 232 __do_kernel_fault(mm, addr, esr, regs); 246 233 } 247 234 ··· 505 488 return 1; 506 489 } 507 490 508 - static const struct fault_info { 509 - int (*fn)(unsigned long addr, unsigned int esr, struct pt_regs *regs); 510 - int sig; 511 - int code; 512 - const char *name; 513 - } fault_info[] = { 491 + static const struct fault_info fault_info[] = { 514 492 { do_bad, SIGBUS, 0, "ttbr address size fault" }, 515 493 { do_bad, SIGBUS, 0, "level 1 address size fault" }, 516 494 { do_bad, SIGBUS, 0, "level 2 address size fault" }, ··· 572 560 { do_bad, SIGBUS, 0, "unknown 63" }, 573 561 }; 574 562 575 - static const char *fault_name(unsigned int esr) 576 - { 577 - const struct fault_info *inf = fault_info + (esr & 63); 578 - return inf->name; 579 - } 580 - 581 563 /* 582 564 * Dispatch a data abort to the relevant handler. 583 565 */ 584 566 asmlinkage void __exception do_mem_abort(unsigned long addr, unsigned int esr, 585 567 struct pt_regs *regs) 586 568 { 587 - const struct fault_info *inf = fault_info + (esr & 63); 569 + const struct fault_info *inf = esr_to_fault_info(esr); 588 570 struct siginfo info; 589 571 590 572 if (!inf->fn(addr, esr, regs))

-14

arch/arm64/mm/hugetlbpage.c

··· 294 294 hugetlb_add_hstate(PMD_SHIFT - PAGE_SHIFT); 295 295 } else if (ps == PUD_SIZE) { 296 296 hugetlb_add_hstate(PUD_SHIFT - PAGE_SHIFT); 297 - } else if (ps == (PAGE_SIZE * CONT_PTES)) { 298 - hugetlb_add_hstate(CONT_PTE_SHIFT); 299 - } else if (ps == (PMD_SIZE * CONT_PMDS)) { 300 - hugetlb_add_hstate((PMD_SHIFT + CONT_PMD_SHIFT) - PAGE_SHIFT); 301 297 } else { 302 298 hugetlb_bad_size(); 303 299 pr_err("hugepagesz: Unsupported page size %lu K\n", ps >> 10); ··· 302 306 return 1; 303 307 } 304 308 __setup("hugepagesz=", setup_hugepagesz); 305 - 306 - #ifdef CONFIG_ARM64_64K_PAGES 307 - static __init int add_default_hugepagesz(void) 308 - { 309 - if (size_to_hstate(CONT_PTES * PAGE_SIZE) == NULL) 310 - hugetlb_add_hstate(CONT_PTE_SHIFT); 311 - return 0; 312 - } 313 - arch_initcall(add_default_hugepagesz); 314 - #endif

-41

arch/c6x/kernel/ptrace.c

··· 70 70 0, sizeof(*regs)); 71 71 } 72 72 73 - static int gpr_set(struct task_struct *target, 74 - const struct user_regset *regset, 75 - unsigned int pos, unsigned int count, 76 - const void *kbuf, const void __user *ubuf) 77 - { 78 - int ret; 79 - struct pt_regs *regs = task_pt_regs(target); 80 - 81 - /* Don't copyin TSR or CSR */ 82 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 83 - &regs, 84 - 0, PT_TSR * sizeof(long)); 85 - if (ret) 86 - return ret; 87 - 88 - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 89 - PT_TSR * sizeof(long), 90 - (PT_TSR + 1) * sizeof(long)); 91 - if (ret) 92 - return ret; 93 - 94 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 95 - &regs, 96 - (PT_TSR + 1) * sizeof(long), 97 - PT_CSR * sizeof(long)); 98 - if (ret) 99 - return ret; 100 - 101 - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, 102 - PT_CSR * sizeof(long), 103 - (PT_CSR + 1) * sizeof(long)); 104 - if (ret) 105 - return ret; 106 - 107 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 108 - &regs, 109 - (PT_CSR + 1) * sizeof(long), -1); 110 - return ret; 111 - } 112 - 113 73 enum c6x_regset { 114 74 REGSET_GPR, 115 75 }; ··· 81 121 .size = sizeof(u32), 82 122 .align = sizeof(u32), 83 123 .get = gpr_get, 84 - .set = gpr_set 85 124 }, 86 125 }; 87 126

+5 -3

arch/h8300/kernel/ptrace.c

··· 95 95 long *reg = (long *)&regs; 96 96 97 97 /* build user regs in buffer */ 98 - for (r = 0; r < ARRAY_SIZE(register_offset); r++) 98 + BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0); 99 + for (r = 0; r < sizeof(regs) / sizeof(long); r++) 99 100 *reg++ = h8300_get_reg(target, r); 100 101 101 102 return user_regset_copyout(&pos, &count, &kbuf, &ubuf, ··· 114 113 long *reg; 115 114 116 115 /* build user regs in buffer */ 117 - for (reg = (long *)&regs, r = 0; r < ARRAY_SIZE(register_offset); r++) 116 + BUILD_BUG_ON(sizeof(regs) % sizeof(long) != 0); 117 + for (reg = (long *)&regs, r = 0; r < sizeof(regs) / sizeof(long); r++) 118 118 *reg++ = h8300_get_reg(target, r); 119 119 120 120 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ··· 124 122 return ret; 125 123 126 124 /* write back to pt_regs */ 127 - for (reg = (long *)&regs, r = 0; r < ARRAY_SIZE(register_offset); r++) 125 + for (reg = (long *)&regs, r = 0; r < sizeof(regs) / sizeof(long); r++) 128 126 h8300_put_reg(target, r, *reg++); 129 127 return 0; 130 128 }

+8 -7

arch/metag/include/asm/uaccess.h

··· 197 197 198 198 #define strlen_user(str) strnlen_user(str, 32767) 199 199 200 - extern unsigned long __must_check __copy_user_zeroing(void *to, 201 - const void __user *from, 202 - unsigned long n); 200 + extern unsigned long raw_copy_from_user(void *to, const void __user *from, 201 + unsigned long n); 203 202 204 203 static inline unsigned long 205 204 copy_from_user(void *to, const void __user *from, unsigned long n) 206 205 { 206 + unsigned long res = n; 207 207 if (likely(access_ok(VERIFY_READ, from, n))) 208 - return __copy_user_zeroing(to, from, n); 209 - memset(to, 0, n); 210 - return n; 208 + res = raw_copy_from_user(to, from, n); 209 + if (unlikely(res)) 210 + memset(to + (n - res), 0, res); 211 + return res; 211 212 } 212 213 213 - #define __copy_from_user(to, from, n) __copy_user_zeroing(to, from, n) 214 + #define __copy_from_user(to, from, n) raw_copy_from_user(to, from, n) 214 215 #define __copy_from_user_inatomic __copy_from_user 215 216 216 217 extern unsigned long __must_check __copy_user(void __user *to,

+15 -4

arch/metag/kernel/ptrace.c

··· 26 26 * user_regset definitions. 27 27 */ 28 28 29 + static unsigned long user_txstatus(const struct pt_regs *regs) 30 + { 31 + unsigned long data = (unsigned long)regs->ctx.Flags; 32 + 33 + if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) 34 + data |= USER_GP_REGS_STATUS_CATCH_BIT; 35 + 36 + return data; 37 + } 38 + 29 39 int metag_gp_regs_copyout(const struct pt_regs *regs, 30 40 unsigned int pos, unsigned int count, 31 41 void *kbuf, void __user *ubuf) ··· 74 64 if (ret) 75 65 goto out; 76 66 /* TXSTATUS */ 77 - data = (unsigned long)regs->ctx.Flags; 78 - if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) 79 - data |= USER_GP_REGS_STATUS_CATCH_BIT; 67 + data = user_txstatus(regs); 80 68 ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, 81 69 &data, 4*25, 4*26); 82 70 if (ret) ··· 129 121 if (ret) 130 122 goto out; 131 123 /* TXSTATUS */ 124 + data = user_txstatus(regs); 132 125 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 133 126 &data, 4*25, 4*26); 134 127 if (ret) ··· 255 246 unsigned long long *ptr; 256 247 int ret, i; 257 248 249 + if (count < 4*13) 250 + return -EINVAL; 258 251 /* Read the entire pipeline before making any changes */ 259 252 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 260 253 &rp, 0, 4*13); ··· 316 305 const void *kbuf, const void __user *ubuf) 317 306 { 318 307 int ret; 319 - void __user *tls; 308 + void __user *tls = target->thread.tls_ptr; 320 309 321 310 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); 322 311 if (ret)

+126 -198

arch/metag/lib/usercopy.c

··· 29 29 COPY \ 30 30 "1:\n" \ 31 31 " .section .fixup,\"ax\"\n" \ 32 - " MOV D1Ar1,#0\n" \ 33 32 FIXUP \ 34 33 " MOVT D1Ar1,#HI(1b)\n" \ 35 34 " JUMP D1Ar1,#LO(1b)\n" \ ··· 259 260 "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 260 261 "22:\n" \ 261 262 "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 262 - "SUB %3, %3, #32\n" \ 263 263 "23:\n" \ 264 - "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 264 + "SUB %3, %3, #32\n" \ 265 265 "24:\n" \ 266 + "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 267 + "25:\n" \ 266 268 "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 269 + "26:\n" \ 267 270 "SUB %3, %3, #32\n" \ 268 271 "DCACHE [%1+#-64], D0Ar6\n" \ 269 272 "BR $Lloop"id"\n" \ 270 273 \ 271 274 "MOV RAPF, %1\n" \ 272 - "25:\n" \ 273 - "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 274 - "26:\n" \ 275 - "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 276 - "SUB %3, %3, #32\n" \ 277 275 "27:\n" \ 278 276 "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 279 277 "28:\n" \ 280 278 "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 281 - "SUB %0, %0, #8\n" \ 282 279 "29:\n" \ 280 + "SUB %3, %3, #32\n" \ 281 + "30:\n" \ 282 + "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 283 + "31:\n" \ 284 + "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 285 + "32:\n" \ 286 + "SUB %0, %0, #8\n" \ 287 + "33:\n" \ 283 288 "SETL [%0++], D0.7, D1.7\n" \ 284 289 "SUB %3, %3, #32\n" \ 285 290 "1:" \ ··· 315 312 " .long 26b,3b\n" \ 316 313 " .long 27b,3b\n" \ 317 314 " .long 28b,3b\n" \ 318 - " .long 29b,4b\n" \ 315 + " .long 29b,3b\n" \ 316 + " .long 30b,3b\n" \ 317 + " .long 31b,3b\n" \ 318 + " .long 32b,3b\n" \ 319 + " .long 33b,4b\n" \ 319 320 " .previous\n" \ 320 321 : "=r" (to), "=r" (from), "=r" (ret), "=d" (n) \ 321 322 : "0" (to), "1" (from), "2" (ret), "3" (n) \ 322 - : "D1Ar1", "D0Ar2", "memory") 323 + : "D1Ar1", "D0Ar2", "cc", "memory") 323 324 324 325 /* rewind 'to' and 'from' pointers when a fault occurs 325 326 * ··· 349 342 #define __asm_copy_to_user_64bit_rapf_loop(to, from, ret, n, id)\ 350 343 __asm_copy_user_64bit_rapf_loop(to, from, ret, n, id, \ 351 344 "LSR D0Ar2, D0Ar2, #8\n" \ 352 - "AND D0Ar2, D0Ar2, #0x7\n" \ 345 + "ANDS D0Ar2, D0Ar2, #0x7\n" \ 353 346 "ADDZ D0Ar2, D0Ar2, #4\n" \ 354 347 "SUB D0Ar2, D0Ar2, #1\n" \ 355 348 "MOV D1Ar1, #4\n" \ ··· 410 403 "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 411 404 "22:\n" \ 412 405 "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 413 - "SUB %3, %3, #16\n" \ 414 406 "23:\n" \ 415 - "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 416 - "24:\n" \ 417 - "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 418 407 "SUB %3, %3, #16\n" \ 419 - "25:\n" \ 408 + "24:\n" \ 420 409 "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 421 - "26:\n" \ 410 + "25:\n" \ 422 411 "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 412 + "26:\n" \ 423 413 "SUB %3, %3, #16\n" \ 424 414 "27:\n" \ 425 415 "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 426 416 "28:\n" \ 427 417 "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 418 + "29:\n" \ 419 + "SUB %3, %3, #16\n" \ 420 + "30:\n" \ 421 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 422 + "31:\n" \ 423 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 424 + "32:\n" \ 428 425 "SUB %3, %3, #16\n" \ 429 426 "DCACHE [%1+#-64], D0Ar6\n" \ 430 427 "BR $Lloop"id"\n" \ 431 428 \ 432 429 "MOV RAPF, %1\n" \ 433 - "29:\n" \ 434 - "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 435 - "30:\n" \ 436 - "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 437 - "SUB %3, %3, #16\n" \ 438 - "31:\n" \ 439 - "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 440 - "32:\n" \ 441 - "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 442 - "SUB %3, %3, #16\n" \ 443 430 "33:\n" \ 444 431 "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 445 432 "34:\n" \ 446 433 "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 447 - "SUB %3, %3, #16\n" \ 448 434 "35:\n" \ 449 - "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 435 + "SUB %3, %3, #16\n" \ 450 436 "36:\n" \ 451 - "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 452 - "SUB %0, %0, #4\n" \ 437 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 453 438 "37:\n" \ 439 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 440 + "38:\n" \ 441 + "SUB %3, %3, #16\n" \ 442 + "39:\n" \ 443 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 444 + "40:\n" \ 445 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 446 + "41:\n" \ 447 + "SUB %3, %3, #16\n" \ 448 + "42:\n" \ 449 + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ 450 + "43:\n" \ 451 + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ 452 + "44:\n" \ 453 + "SUB %0, %0, #4\n" \ 454 + "45:\n" \ 454 455 "SETD [%0++], D0.7\n" \ 455 456 "SUB %3, %3, #16\n" \ 456 457 "1:" \ ··· 498 483 " .long 34b,3b\n" \ 499 484 " .long 35b,3b\n" \ 500 485 " .long 36b,3b\n" \ 501 - " .long 37b,4b\n" \ 486 + " .long 37b,3b\n" \ 487 + " .long 38b,3b\n" \ 488 + " .long 39b,3b\n" \ 489 + " .long 40b,3b\n" \ 490 + " .long 41b,3b\n" \ 491 + " .long 42b,3b\n" \ 492 + " .long 43b,3b\n" \ 493 + " .long 44b,3b\n" \ 494 + " .long 45b,4b\n" \ 502 495 " .previous\n" \ 503 496 : "=r" (to), "=r" (from), "=r" (ret), "=d" (n) \ 504 497 : "0" (to), "1" (from), "2" (ret), "3" (n) \ 505 - : "D1Ar1", "D0Ar2", "memory") 498 + : "D1Ar1", "D0Ar2", "cc", "memory") 506 499 507 500 /* rewind 'to' and 'from' pointers when a fault occurs 508 501 * ··· 536 513 #define __asm_copy_to_user_32bit_rapf_loop(to, from, ret, n, id)\ 537 514 __asm_copy_user_32bit_rapf_loop(to, from, ret, n, id, \ 538 515 "LSR D0Ar2, D0Ar2, #8\n" \ 539 - "AND D0Ar2, D0Ar2, #0x7\n" \ 516 + "ANDS D0Ar2, D0Ar2, #0x7\n" \ 540 517 "ADDZ D0Ar2, D0Ar2, #4\n" \ 541 518 "SUB D0Ar2, D0Ar2, #1\n" \ 542 519 "MOV D1Ar1, #4\n" \ ··· 561 538 if ((unsigned long) src & 1) { 562 539 __asm_copy_to_user_1(dst, src, retn); 563 540 n--; 541 + if (retn) 542 + return retn + n; 564 543 } 565 544 if ((unsigned long) dst & 1) { 566 545 /* Worst case - byte copy */ 567 546 while (n > 0) { 568 547 __asm_copy_to_user_1(dst, src, retn); 569 548 n--; 549 + if (retn) 550 + return retn + n; 570 551 } 571 552 } 572 553 if (((unsigned long) src & 2) && n >= 2) { 573 554 __asm_copy_to_user_2(dst, src, retn); 574 555 n -= 2; 556 + if (retn) 557 + return retn + n; 575 558 } 576 559 if ((unsigned long) dst & 2) { 577 560 /* Second worst case - word copy */ 578 561 while (n >= 2) { 579 562 __asm_copy_to_user_2(dst, src, retn); 580 563 n -= 2; 564 + if (retn) 565 + return retn + n; 581 566 } 582 567 } 583 568 ··· 600 569 while (n >= 8) { 601 570 __asm_copy_to_user_8x64(dst, src, retn); 602 571 n -= 8; 572 + if (retn) 573 + return retn + n; 603 574 } 604 575 } 605 576 if (n >= RAPF_MIN_BUF_SIZE) { ··· 614 581 while (n >= 8) { 615 582 __asm_copy_to_user_8x64(dst, src, retn); 616 583 n -= 8; 584 + if (retn) 585 + return retn + n; 617 586 } 618 587 } 619 588 #endif ··· 623 588 while (n >= 16) { 624 589 __asm_copy_to_user_16(dst, src, retn); 625 590 n -= 16; 591 + if (retn) 592 + return retn + n; 626 593 } 627 594 628 595 while (n >= 4) { 629 596 __asm_copy_to_user_4(dst, src, retn); 630 597 n -= 4; 598 + if (retn) 599 + return retn + n; 631 600 } 632 601 633 602 switch (n) { ··· 648 609 break; 649 610 } 650 611 612 + /* 613 + * If we get here, retn correctly reflects the number of failing 614 + * bytes. 615 + */ 651 616 return retn; 652 617 } 653 618 EXPORT_SYMBOL(__copy_user); ··· 660 617 __asm_copy_user_cont(to, from, ret, \ 661 618 " GETB D1Ar1,[%1++]\n" \ 662 619 "2: SETB [%0++],D1Ar1\n", \ 663 - "3: ADD %2,%2,#1\n" \ 664 - " SETB [%0++],D1Ar1\n", \ 620 + "3: ADD %2,%2,#1\n", \ 665 621 " .long 2b,3b\n") 666 622 667 623 #define __asm_copy_from_user_2x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 668 624 __asm_copy_user_cont(to, from, ret, \ 669 625 " GETW D1Ar1,[%1++]\n" \ 670 626 "2: SETW [%0++],D1Ar1\n" COPY, \ 671 - "3: ADD %2,%2,#2\n" \ 672 - " SETW [%0++],D1Ar1\n" FIXUP, \ 627 + "3: ADD %2,%2,#2\n" FIXUP, \ 673 628 " .long 2b,3b\n" TENTRY) 674 629 675 630 #define __asm_copy_from_user_2(to, from, ret) \ ··· 677 636 __asm_copy_from_user_2x_cont(to, from, ret, \ 678 637 " GETB D1Ar1,[%1++]\n" \ 679 638 "4: SETB [%0++],D1Ar1\n", \ 680 - "5: ADD %2,%2,#1\n" \ 681 - " SETB [%0++],D1Ar1\n", \ 639 + "5: ADD %2,%2,#1\n", \ 682 640 " .long 4b,5b\n") 683 641 684 642 #define __asm_copy_from_user_4x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 685 643 __asm_copy_user_cont(to, from, ret, \ 686 644 " GETD D1Ar1,[%1++]\n" \ 687 645 "2: SETD [%0++],D1Ar1\n" COPY, \ 688 - "3: ADD %2,%2,#4\n" \ 689 - " SETD [%0++],D1Ar1\n" FIXUP, \ 646 + "3: ADD %2,%2,#4\n" FIXUP, \ 690 647 " .long 2b,3b\n" TENTRY) 691 648 692 649 #define __asm_copy_from_user_4(to, from, ret) \ 693 650 __asm_copy_from_user_4x_cont(to, from, ret, "", "", "") 694 - 695 - #define __asm_copy_from_user_5(to, from, ret) \ 696 - __asm_copy_from_user_4x_cont(to, from, ret, \ 697 - " GETB D1Ar1,[%1++]\n" \ 698 - "4: SETB [%0++],D1Ar1\n", \ 699 - "5: ADD %2,%2,#1\n" \ 700 - " SETB [%0++],D1Ar1\n", \ 701 - " .long 4b,5b\n") 702 - 703 - #define __asm_copy_from_user_6x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 704 - __asm_copy_from_user_4x_cont(to, from, ret, \ 705 - " GETW D1Ar1,[%1++]\n" \ 706 - "4: SETW [%0++],D1Ar1\n" COPY, \ 707 - "5: ADD %2,%2,#2\n" \ 708 - " SETW [%0++],D1Ar1\n" FIXUP, \ 709 - " .long 4b,5b\n" TENTRY) 710 - 711 - #define __asm_copy_from_user_6(to, from, ret) \ 712 - __asm_copy_from_user_6x_cont(to, from, ret, "", "", "") 713 - 714 - #define __asm_copy_from_user_7(to, from, ret) \ 715 - __asm_copy_from_user_6x_cont(to, from, ret, \ 716 - " GETB D1Ar1,[%1++]\n" \ 717 - "6: SETB [%0++],D1Ar1\n", \ 718 - "7: ADD %2,%2,#1\n" \ 719 - " SETB [%0++],D1Ar1\n", \ 720 - " .long 6b,7b\n") 721 - 722 - #define __asm_copy_from_user_8x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 723 - __asm_copy_from_user_4x_cont(to, from, ret, \ 724 - " GETD D1Ar1,[%1++]\n" \ 725 - "4: SETD [%0++],D1Ar1\n" COPY, \ 726 - "5: ADD %2,%2,#4\n" \ 727 - " SETD [%0++],D1Ar1\n" FIXUP, \ 728 - " .long 4b,5b\n" TENTRY) 729 - 730 - #define __asm_copy_from_user_8(to, from, ret) \ 731 - __asm_copy_from_user_8x_cont(to, from, ret, "", "", "") 732 - 733 - #define __asm_copy_from_user_9(to, from, ret) \ 734 - __asm_copy_from_user_8x_cont(to, from, ret, \ 735 - " GETB D1Ar1,[%1++]\n" \ 736 - "6: SETB [%0++],D1Ar1\n", \ 737 - "7: ADD %2,%2,#1\n" \ 738 - " SETB [%0++],D1Ar1\n", \ 739 - " .long 6b,7b\n") 740 - 741 - #define __asm_copy_from_user_10x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 742 - __asm_copy_from_user_8x_cont(to, from, ret, \ 743 - " GETW D1Ar1,[%1++]\n" \ 744 - "6: SETW [%0++],D1Ar1\n" COPY, \ 745 - "7: ADD %2,%2,#2\n" \ 746 - " SETW [%0++],D1Ar1\n" FIXUP, \ 747 - " .long 6b,7b\n" TENTRY) 748 - 749 - #define __asm_copy_from_user_10(to, from, ret) \ 750 - __asm_copy_from_user_10x_cont(to, from, ret, "", "", "") 751 - 752 - #define __asm_copy_from_user_11(to, from, ret) \ 753 - __asm_copy_from_user_10x_cont(to, from, ret, \ 754 - " GETB D1Ar1,[%1++]\n" \ 755 - "8: SETB [%0++],D1Ar1\n", \ 756 - "9: ADD %2,%2,#1\n" \ 757 - " SETB [%0++],D1Ar1\n", \ 758 - " .long 8b,9b\n") 759 - 760 - #define __asm_copy_from_user_12x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 761 - __asm_copy_from_user_8x_cont(to, from, ret, \ 762 - " GETD D1Ar1,[%1++]\n" \ 763 - "6: SETD [%0++],D1Ar1\n" COPY, \ 764 - "7: ADD %2,%2,#4\n" \ 765 - " SETD [%0++],D1Ar1\n" FIXUP, \ 766 - " .long 6b,7b\n" TENTRY) 767 - 768 - #define __asm_copy_from_user_12(to, from, ret) \ 769 - __asm_copy_from_user_12x_cont(to, from, ret, "", "", "") 770 - 771 - #define __asm_copy_from_user_13(to, from, ret) \ 772 - __asm_copy_from_user_12x_cont(to, from, ret, \ 773 - " GETB D1Ar1,[%1++]\n" \ 774 - "8: SETB [%0++],D1Ar1\n", \ 775 - "9: ADD %2,%2,#1\n" \ 776 - " SETB [%0++],D1Ar1\n", \ 777 - " .long 8b,9b\n") 778 - 779 - #define __asm_copy_from_user_14x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 780 - __asm_copy_from_user_12x_cont(to, from, ret, \ 781 - " GETW D1Ar1,[%1++]\n" \ 782 - "8: SETW [%0++],D1Ar1\n" COPY, \ 783 - "9: ADD %2,%2,#2\n" \ 784 - " SETW [%0++],D1Ar1\n" FIXUP, \ 785 - " .long 8b,9b\n" TENTRY) 786 - 787 - #define __asm_copy_from_user_14(to, from, ret) \ 788 - __asm_copy_from_user_14x_cont(to, from, ret, "", "", "") 789 - 790 - #define __asm_copy_from_user_15(to, from, ret) \ 791 - __asm_copy_from_user_14x_cont(to, from, ret, \ 792 - " GETB D1Ar1,[%1++]\n" \ 793 - "10: SETB [%0++],D1Ar1\n", \ 794 - "11: ADD %2,%2,#1\n" \ 795 - " SETB [%0++],D1Ar1\n", \ 796 - " .long 10b,11b\n") 797 - 798 - #define __asm_copy_from_user_16x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ 799 - __asm_copy_from_user_12x_cont(to, from, ret, \ 800 - " GETD D1Ar1,[%1++]\n" \ 801 - "8: SETD [%0++],D1Ar1\n" COPY, \ 802 - "9: ADD %2,%2,#4\n" \ 803 - " SETD [%0++],D1Ar1\n" FIXUP, \ 804 - " .long 8b,9b\n" TENTRY) 805 - 806 - #define __asm_copy_from_user_16(to, from, ret) \ 807 - __asm_copy_from_user_16x_cont(to, from, ret, "", "", "") 808 651 809 652 #define __asm_copy_from_user_8x64(to, from, ret) \ 810 653 asm volatile ( \ ··· 696 771 "2: SETL [%0++],D0Ar2,D1Ar1\n" \ 697 772 "1:\n" \ 698 773 " .section .fixup,\"ax\"\n" \ 699 - " MOV D1Ar1,#0\n" \ 700 - " MOV D0Ar2,#0\n" \ 701 774 "3: ADD %2,%2,#8\n" \ 702 - " SETL [%0++],D0Ar2,D1Ar1\n" \ 703 775 " MOVT D0Ar2,#HI(1b)\n" \ 704 776 " JUMP D0Ar2,#LO(1b)\n" \ 705 777 " .previous\n" \ ··· 711 789 * 712 790 * Rationale: 713 791 * A fault occurs while reading from user buffer, which is the 714 - * source. Since the fault is at a single address, we only 715 - * need to rewind by 8 bytes. 792 + * source. 716 793 * Since we don't write to kernel buffer until we read first, 717 794 * the kernel buffer is at the right state and needn't be 718 - * corrected. 795 + * corrected, but the source must be rewound to the beginning of 796 + * the block, which is LSM_STEP*8 bytes. 797 + * LSM_STEP is bits 10:8 in TXSTATUS which is already read 798 + * and stored in D0Ar2 799 + * 800 + * NOTE: If a fault occurs at the last operation in M{G,S}ETL 801 + * LSM_STEP will be 0. ie: we do 4 writes in our case, if 802 + * a fault happens at the 4th write, LSM_STEP will be 0 803 + * instead of 4. The code copes with that. 719 804 */ 720 805 #define __asm_copy_from_user_64bit_rapf_loop(to, from, ret, n, id) \ 721 806 __asm_copy_user_64bit_rapf_loop(to, from, ret, n, id, \ 722 - "SUB %1, %1, #8\n") 807 + "LSR D0Ar2, D0Ar2, #5\n" \ 808 + "ANDS D0Ar2, D0Ar2, #0x38\n" \ 809 + "ADDZ D0Ar2, D0Ar2, #32\n" \ 810 + "SUB %1, %1, D0Ar2\n") 723 811 724 812 /* rewind 'from' pointer when a fault occurs 725 813 * 726 814 * Rationale: 727 815 * A fault occurs while reading from user buffer, which is the 728 - * source. Since the fault is at a single address, we only 729 - * need to rewind by 4 bytes. 816 + * source. 730 817 * Since we don't write to kernel buffer until we read first, 731 818 * the kernel buffer is at the right state and needn't be 732 - * corrected. 819 + * corrected, but the source must be rewound to the beginning of 820 + * the block, which is LSM_STEP*4 bytes. 821 + * LSM_STEP is bits 10:8 in TXSTATUS which is already read 822 + * and stored in D0Ar2 823 + * 824 + * NOTE: If a fault occurs at the last operation in M{G,S}ETL 825 + * LSM_STEP will be 0. ie: we do 4 writes in our case, if 826 + * a fault happens at the 4th write, LSM_STEP will be 0 827 + * instead of 4. The code copes with that. 733 828 */ 734 829 #define __asm_copy_from_user_32bit_rapf_loop(to, from, ret, n, id) \ 735 830 __asm_copy_user_32bit_rapf_loop(to, from, ret, n, id, \ 736 - "SUB %1, %1, #4\n") 831 + "LSR D0Ar2, D0Ar2, #6\n" \ 832 + "ANDS D0Ar2, D0Ar2, #0x1c\n" \ 833 + "ADDZ D0Ar2, D0Ar2, #16\n" \ 834 + "SUB %1, %1, D0Ar2\n") 737 835 738 836 739 - /* Copy from user to kernel, zeroing the bytes that were inaccessible in 740 - userland. The return-value is the number of bytes that were 741 - inaccessible. */ 742 - unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc, 743 - unsigned long n) 837 + /* 838 + * Copy from user to kernel. The return-value is the number of bytes that were 839 + * inaccessible. 840 + */ 841 + unsigned long raw_copy_from_user(void *pdst, const void __user *psrc, 842 + unsigned long n) 744 843 { 745 844 register char *dst asm ("A0.2") = pdst; 746 845 register const char __user *src asm ("A1.2") = psrc; ··· 773 830 if ((unsigned long) src & 1) { 774 831 __asm_copy_from_user_1(dst, src, retn); 775 832 n--; 833 + if (retn) 834 + return retn + n; 776 835 } 777 836 if ((unsigned long) dst & 1) { 778 837 /* Worst case - byte copy */ ··· 782 837 __asm_copy_from_user_1(dst, src, retn); 783 838 n--; 784 839 if (retn) 785 - goto copy_exception_bytes; 840 + return retn + n; 786 841 } 787 842 } 788 843 if (((unsigned long) src & 2) && n >= 2) { 789 844 __asm_copy_from_user_2(dst, src, retn); 790 845 n -= 2; 846 + if (retn) 847 + return retn + n; 791 848 } 792 849 if ((unsigned long) dst & 2) { 793 850 /* Second worst case - word copy */ ··· 797 850 __asm_copy_from_user_2(dst, src, retn); 798 851 n -= 2; 799 852 if (retn) 800 - goto copy_exception_bytes; 853 + return retn + n; 801 854 } 802 855 } 803 - 804 - /* We only need one check after the unalignment-adjustments, 805 - because if both adjustments were done, either both or 806 - neither reference had an exception. */ 807 - if (retn != 0) 808 - goto copy_exception_bytes; 809 856 810 857 #ifdef USE_RAPF 811 858 /* 64 bit copy loop */ ··· 813 872 __asm_copy_from_user_8x64(dst, src, retn); 814 873 n -= 8; 815 874 if (retn) 816 - goto copy_exception_bytes; 875 + return retn + n; 817 876 } 818 877 } 819 878 ··· 829 888 __asm_copy_from_user_8x64(dst, src, retn); 830 889 n -= 8; 831 890 if (retn) 832 - goto copy_exception_bytes; 891 + return retn + n; 833 892 } 834 893 } 835 894 #endif ··· 839 898 n -= 4; 840 899 841 900 if (retn) 842 - goto copy_exception_bytes; 901 + return retn + n; 843 902 } 844 903 845 904 /* If we get here, there were no memory read faults. */ ··· 865 924 /* If we get here, retn correctly reflects the number of failing 866 925 bytes. */ 867 926 return retn; 868 - 869 - copy_exception_bytes: 870 - /* We already have "retn" bytes cleared, and need to clear the 871 - remaining "n" bytes. A non-optimized simple byte-for-byte in-line 872 - memset is preferred here, since this isn't speed-critical code and 873 - we'd rather have this a leaf-function than calling memset. */ 874 - { 875 - char *endp; 876 - for (endp = dst + n; dst < endp; dst++) 877 - *dst = 0; 878 - } 879 - 880 - return retn + n; 881 927 } 882 - EXPORT_SYMBOL(__copy_user_zeroing); 928 + EXPORT_SYMBOL(raw_copy_from_user); 883 929 884 930 #define __asm_clear_8x64(to, ret) \ 885 931 asm volatile ( \

+1 -1

arch/mips/Kconfig

··· 1531 1531 select CPU_SUPPORTS_HIGHMEM 1532 1532 select CPU_SUPPORTS_MSA 1533 1533 select GENERIC_CSUM 1534 - select MIPS_O32_FP64_SUPPORT if MIPS32_O32 1534 + select MIPS_O32_FP64_SUPPORT if 32BIT || MIPS32_O32 1535 1535 select HAVE_KVM 1536 1536 help 1537 1537 Choose this option to build a kernel for release 6 or later of the

+1

arch/mips/include/asm/fpu.h

··· 21 21 #include <asm/cpu-features.h> 22 22 #include <asm/fpu_emulator.h> 23 23 #include <asm/hazards.h> 24 + #include <asm/ptrace.h> 24 25 #include <asm/processor.h> 25 26 #include <asm/current.h> 26 27 #include <asm/msa.h>

+15

arch/mips/include/asm/irq.h

··· 18 18 #include <irq.h> 19 19 20 20 #define IRQ_STACK_SIZE THREAD_SIZE 21 + #define IRQ_STACK_START (IRQ_STACK_SIZE - sizeof(unsigned long)) 21 22 22 23 extern void *irq_stack[NR_CPUS]; 24 + 25 + /* 26 + * The highest address on the IRQ stack contains a dummy frame put down in 27 + * genex.S (handle_int & except_vec_vi_handler) which is structured as follows: 28 + * 29 + * top ------------ 30 + * | task sp | <- irq_stack[cpu] + IRQ_STACK_START 31 + * ------------ 32 + * | | <- First frame of IRQ context 33 + * ------------ 34 + * 35 + * task sp holds a copy of the task stack pointer where the struct pt_regs 36 + * from exception entry can be found. 37 + */ 23 38 24 39 static inline bool on_irq_stack(int cpu, unsigned long sp) 25 40 {

+4 -4

arch/mips/include/asm/spinlock.h

··· 127 127 " andi %[ticket], %[ticket], 0xffff \n" 128 128 " bne %[ticket], %[my_ticket], 4f \n" 129 129 " subu %[ticket], %[my_ticket], %[ticket] \n" 130 - "2: \n" 130 + "2: .insn \n" 131 131 " .subsection 2 \n" 132 132 "4: andi %[ticket], %[ticket], 0xffff \n" 133 133 " sll %[ticket], 5 \n" ··· 202 202 " sc %[ticket], %[ticket_ptr] \n" 203 203 " beqz %[ticket], 1b \n" 204 204 " li %[ticket], 1 \n" 205 - "2: \n" 205 + "2: .insn \n" 206 206 " .subsection 2 \n" 207 207 "3: b 2b \n" 208 208 " li %[ticket], 0 \n" ··· 382 382 " .set reorder \n" 383 383 __WEAK_LLSC_MB 384 384 " li %2, 1 \n" 385 - "2: \n" 385 + "2: .insn \n" 386 386 : "=" GCC_OFF_SMALL_ASM() (rw->lock), "=&r" (tmp), "=&r" (ret) 387 387 : GCC_OFF_SMALL_ASM() (rw->lock) 388 388 : "memory"); ··· 422 422 " lui %1, 0x8000 \n" 423 423 " sc %1, %0 \n" 424 424 " li %2, 1 \n" 425 - "2: \n" 425 + "2: .insn \n" 426 426 : "=" GCC_OFF_SMALL_ASM() (rw->lock), "=&r" (tmp), 427 427 "=&r" (ret) 428 428 : GCC_OFF_SMALL_ASM() (rw->lock)

+9 -6

arch/mips/include/uapi/asm/unistd.h

··· 386 386 #define __NR_pkey_mprotect (__NR_Linux + 363) 387 387 #define __NR_pkey_alloc (__NR_Linux + 364) 388 388 #define __NR_pkey_free (__NR_Linux + 365) 389 + #define __NR_statx (__NR_Linux + 366) 389 390 390 391 391 392 /* 392 393 * Offset of the last Linux o32 flavoured syscall 393 394 */ 394 - #define __NR_Linux_syscalls 365 395 + #define __NR_Linux_syscalls 366 395 396 396 397 #endif /* _MIPS_SIM == _MIPS_SIM_ABI32 */ 397 398 398 399 #define __NR_O32_Linux 4000 399 - #define __NR_O32_Linux_syscalls 365 400 + #define __NR_O32_Linux_syscalls 366 400 401 401 402 #if _MIPS_SIM == _MIPS_SIM_ABI64 402 403 ··· 731 730 #define __NR_pkey_mprotect (__NR_Linux + 323) 732 731 #define __NR_pkey_alloc (__NR_Linux + 324) 733 732 #define __NR_pkey_free (__NR_Linux + 325) 733 + #define __NR_statx (__NR_Linux + 326) 734 734 735 735 /* 736 736 * Offset of the last Linux 64-bit flavoured syscall 737 737 */ 738 - #define __NR_Linux_syscalls 325 738 + #define __NR_Linux_syscalls 326 739 739 740 740 #endif /* _MIPS_SIM == _MIPS_SIM_ABI64 */ 741 741 742 742 #define __NR_64_Linux 5000 743 - #define __NR_64_Linux_syscalls 325 743 + #define __NR_64_Linux_syscalls 326 744 744 745 745 #if _MIPS_SIM == _MIPS_SIM_NABI32 746 746 ··· 1079 1077 #define __NR_pkey_mprotect (__NR_Linux + 327) 1080 1078 #define __NR_pkey_alloc (__NR_Linux + 328) 1081 1079 #define __NR_pkey_free (__NR_Linux + 329) 1080 + #define __NR_statx (__NR_Linux + 330) 1082 1081 1083 1082 /* 1084 1083 * Offset of the last N32 flavoured syscall 1085 1084 */ 1086 - #define __NR_Linux_syscalls 329 1085 + #define __NR_Linux_syscalls 330 1087 1086 1088 1087 #endif /* _MIPS_SIM == _MIPS_SIM_NABI32 */ 1089 1088 1090 1089 #define __NR_N32_Linux 6000 1091 - #define __NR_N32_Linux_syscalls 329 1090 + #define __NR_N32_Linux_syscalls 330 1092 1091 1093 1092 #endif /* _UAPI_ASM_UNISTD_H */

+1

arch/mips/kernel/asm-offsets.c

··· 102 102 DEFINE(_THREAD_SIZE, THREAD_SIZE); 103 103 DEFINE(_THREAD_MASK, THREAD_MASK); 104 104 DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE); 105 + DEFINE(_IRQ_STACK_START, IRQ_STACK_START); 105 106 BLANK(); 106 107 } 107 108

+1 -1

arch/mips/kernel/cps-vec.S

··· 361 361 END(mips_cps_get_bootcfg) 362 362 363 363 LEAF(mips_cps_boot_vpes) 364 - PTR_L ta2, COREBOOTCFG_VPEMASK(a0) 364 + lw ta2, COREBOOTCFG_VPEMASK(a0) 365 365 PTR_L ta3, COREBOOTCFG_VPECONFIG(a0) 366 366 367 367 #if defined(CONFIG_CPU_MIPSR6)

+1 -1

arch/mips/kernel/cpu-probe.c

··· 1824 1824 } 1825 1825 1826 1826 decode_configs(c); 1827 - c->options |= MIPS_CPU_TLBINV | MIPS_CPU_LDPTE; 1827 + c->options |= MIPS_CPU_FTLB | MIPS_CPU_TLBINV | MIPS_CPU_LDPTE; 1828 1828 c->writecombine = _CACHE_UNCACHED_ACCELERATED; 1829 1829 break; 1830 1830 default:

+8 -4

arch/mips/kernel/genex.S

··· 215 215 beq t0, t1, 2f 216 216 217 217 /* Switch to IRQ stack */ 218 - li t1, _IRQ_STACK_SIZE 218 + li t1, _IRQ_STACK_START 219 219 PTR_ADD sp, t0, t1 220 220 221 + /* Save task's sp on IRQ stack so that unwinding can follow it */ 222 + LONG_S s1, 0(sp) 221 223 2: 222 224 jal plat_irq_dispatch 223 225 ··· 327 325 beq t0, t1, 2f 328 326 329 327 /* Switch to IRQ stack */ 330 - li t1, _IRQ_STACK_SIZE 328 + li t1, _IRQ_STACK_START 331 329 PTR_ADD sp, t0, t1 332 330 331 + /* Save task's sp on IRQ stack so that unwinding can follow it */ 332 + LONG_S s1, 0(sp) 333 333 2: 334 334 jalr v0 335 335 ··· 523 519 BUILD_HANDLER reserved reserved sti verbose /* others */ 524 520 525 521 .align 5 526 - LEAF(handle_ri_rdhwr_vivt) 522 + LEAF(handle_ri_rdhwr_tlbp) 527 523 .set push 528 524 .set noat 529 525 .set noreorder ··· 542 538 .set pop 543 539 bltz k1, handle_ri /* slow path */ 544 540 /* fall thru */ 545 - END(handle_ri_rdhwr_vivt) 541 + END(handle_ri_rdhwr_tlbp) 546 542 547 543 LEAF(handle_ri_rdhwr) 548 544 .set push

+38 -18

arch/mips/kernel/process.c

··· 488 488 unsigned long pc, 489 489 unsigned long *ra) 490 490 { 491 + unsigned long low, high, irq_stack_high; 491 492 struct mips_frame_info info; 492 493 unsigned long size, ofs; 494 + struct pt_regs *regs; 493 495 int leaf; 494 - extern void ret_from_irq(void); 495 - extern void ret_from_exception(void); 496 496 497 497 if (!stack_page) 498 498 return 0; 499 499 500 500 /* 501 - * If we reached the bottom of interrupt context, 502 - * return saved pc in pt_regs. 501 + * IRQ stacks start at IRQ_STACK_START 502 + * task stacks at THREAD_SIZE - 32 503 503 */ 504 - if (pc == (unsigned long)ret_from_irq || 505 - pc == (unsigned long)ret_from_exception) { 506 - struct pt_regs *regs; 507 - if (*sp >= stack_page && 508 - *sp + sizeof(*regs) <= stack_page + THREAD_SIZE - 32) { 509 - regs = (struct pt_regs *)*sp; 510 - pc = regs->cp0_epc; 511 - if (!user_mode(regs) && __kernel_text_address(pc)) { 512 - *sp = regs->regs[29]; 513 - *ra = regs->regs[31]; 514 - return pc; 515 - } 504 + low = stack_page; 505 + if (!preemptible() && on_irq_stack(raw_smp_processor_id(), *sp)) { 506 + high = stack_page + IRQ_STACK_START; 507 + irq_stack_high = high; 508 + } else { 509 + high = stack_page + THREAD_SIZE - 32; 510 + irq_stack_high = 0; 511 + } 512 + 513 + /* 514 + * If we reached the top of the interrupt stack, start unwinding 515 + * the interrupted task stack. 516 + */ 517 + if (unlikely(*sp == irq_stack_high)) { 518 + unsigned long task_sp = *(unsigned long *)*sp; 519 + 520 + /* 521 + * Check that the pointer saved in the IRQ stack head points to 522 + * something within the stack of the current task 523 + */ 524 + if (!object_is_on_stack((void *)task_sp)) 525 + return 0; 526 + 527 + /* 528 + * Follow pointer to tasks kernel stack frame where interrupted 529 + * state was saved. 530 + */ 531 + regs = (struct pt_regs *)task_sp; 532 + pc = regs->cp0_epc; 533 + if (!user_mode(regs) && __kernel_text_address(pc)) { 534 + *sp = regs->regs[29]; 535 + *ra = regs->regs[31]; 536 + return pc; 516 537 } 517 538 return 0; 518 539 } ··· 554 533 if (leaf < 0) 555 534 return 0; 556 535 557 - if (*sp < stack_page || 558 - *sp + info.frame_size > stack_page + THREAD_SIZE - 32) 536 + if (*sp < low || *sp + info.frame_size > high) 559 537 return 0; 560 538 561 539 if (leaf)

+2 -1

arch/mips/kernel/ptrace.c

··· 456 456 &target->thread.fpu, 457 457 0, sizeof(elf_fpregset_t)); 458 458 459 - for (i = 0; i < NUM_FPU_REGS; i++) { 459 + BUILD_BUG_ON(sizeof(fpr_val) != sizeof(elf_fpreg_t)); 460 + for (i = 0; i < NUM_FPU_REGS && count >= sizeof(elf_fpreg_t); i++) { 460 461 err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 461 462 &fpr_val, i * sizeof(elf_fpreg_t), 462 463 (i + 1) * sizeof(elf_fpreg_t));

+1

arch/mips/kernel/scall32-o32.S

··· 600 600 PTR sys_pkey_mprotect 601 601 PTR sys_pkey_alloc 602 602 PTR sys_pkey_free /* 4365 */ 603 + PTR sys_statx

+1

arch/mips/kernel/scall64-64.S

··· 438 438 PTR sys_pkey_mprotect 439 439 PTR sys_pkey_alloc 440 440 PTR sys_pkey_free /* 5325 */ 441 + PTR sys_statx 441 442 .size sys_call_table,.-sys_call_table

+1

arch/mips/kernel/scall64-n32.S

··· 433 433 PTR sys_pkey_mprotect 434 434 PTR sys_pkey_alloc 435 435 PTR sys_pkey_free 436 + PTR sys_statx /* 6330 */ 436 437 .size sysn32_call_table,.-sysn32_call_table

+1

arch/mips/kernel/scall64-o32.S

··· 588 588 PTR sys_pkey_mprotect 589 589 PTR sys_pkey_alloc 590 590 PTR sys_pkey_free /* 4365 */ 591 + PTR sys_statx 591 592 .size sys32_call_table,.-sys32_call_table

+13 -4

arch/mips/kernel/traps.c

··· 83 83 extern asmlinkage void handle_sys(void); 84 84 extern asmlinkage void handle_bp(void); 85 85 extern asmlinkage void handle_ri(void); 86 - extern asmlinkage void handle_ri_rdhwr_vivt(void); 86 + extern asmlinkage void handle_ri_rdhwr_tlbp(void); 87 87 extern asmlinkage void handle_ri_rdhwr(void); 88 88 extern asmlinkage void handle_cpu(void); 89 89 extern asmlinkage void handle_ov(void); ··· 2408 2408 2409 2409 set_except_vector(EXCCODE_SYS, handle_sys); 2410 2410 set_except_vector(EXCCODE_BP, handle_bp); 2411 - set_except_vector(EXCCODE_RI, rdhwr_noopt ? handle_ri : 2412 - (cpu_has_vtag_icache ? 2413 - handle_ri_rdhwr_vivt : handle_ri_rdhwr)); 2411 + 2412 + if (rdhwr_noopt) 2413 + set_except_vector(EXCCODE_RI, handle_ri); 2414 + else { 2415 + if (cpu_has_vtag_icache) 2416 + set_except_vector(EXCCODE_RI, handle_ri_rdhwr_tlbp); 2417 + else if (current_cpu_type() == CPU_LOONGSON3) 2418 + set_except_vector(EXCCODE_RI, handle_ri_rdhwr_tlbp); 2419 + else 2420 + set_except_vector(EXCCODE_RI, handle_ri_rdhwr); 2421 + } 2422 + 2414 2423 set_except_vector(EXCCODE_CPU, handle_cpu); 2415 2424 set_except_vector(EXCCODE_OV, handle_ov); 2416 2425 set_except_vector(EXCCODE_TR, handle_tr);

+1 -1

arch/mips/lantiq/xway/sysctrl.c

··· 467 467 468 468 if (!np_xbar) 469 469 panic("Failed to load xbar nodes from devicetree"); 470 - if (of_address_to_resource(np_pmu, 0, &res_xbar)) 470 + if (of_address_to_resource(np_xbar, 0, &res_xbar)) 471 471 panic("Failed to get xbar resources"); 472 472 if (!request_mem_region(res_xbar.start, resource_size(&res_xbar), 473 473 res_xbar.name))

+2

arch/mips/mm/c-r4k.c

··· 1562 1562 vcache_size = c->vcache.sets * c->vcache.ways * c->vcache.linesz; 1563 1563 1564 1564 c->vcache.waybit = 0; 1565 + c->vcache.waysize = vcache_size / c->vcache.ways; 1565 1566 1566 1567 pr_info("Unified victim cache %ldkB %s, linesize %d bytes.\n", 1567 1568 vcache_size >> 10, way_string[c->vcache.ways], c->vcache.linesz); ··· 1665 1664 /* Loongson-3 has 4 cores, 1MB scache for each. scaches are shared */ 1666 1665 scache_size *= 4; 1667 1666 c->scache.waybit = 0; 1667 + c->scache.waysize = scache_size / c->scache.ways; 1668 1668 pr_info("Unified secondary cache %ldkB %s, linesize %d bytes.\n", 1669 1669 scache_size >> 10, way_string[c->scache.ways], c->scache.linesz); 1670 1670 if (scache_size)

+21 -4

arch/mips/mm/tlbex.c

··· 760 760 static void build_huge_handler_tail(u32 **p, struct uasm_reloc **r, 761 761 struct uasm_label **l, 762 762 unsigned int pte, 763 - unsigned int ptr) 763 + unsigned int ptr, 764 + unsigned int flush) 764 765 { 765 766 #ifdef CONFIG_SMP 766 767 UASM_i_SC(p, pte, 0, ptr); ··· 770 769 #else 771 770 UASM_i_SW(p, pte, 0, ptr); 772 771 #endif 772 + if (cpu_has_ftlb && flush) { 773 + BUG_ON(!cpu_has_tlbinv); 774 + 775 + UASM_i_MFC0(p, ptr, C0_ENTRYHI); 776 + uasm_i_ori(p, ptr, ptr, MIPS_ENTRYHI_EHINV); 777 + UASM_i_MTC0(p, ptr, C0_ENTRYHI); 778 + build_tlb_write_entry(p, l, r, tlb_indexed); 779 + 780 + uasm_i_xori(p, ptr, ptr, MIPS_ENTRYHI_EHINV); 781 + UASM_i_MTC0(p, ptr, C0_ENTRYHI); 782 + build_huge_update_entries(p, pte, ptr); 783 + build_huge_tlb_write_entry(p, l, r, pte, tlb_random, 0); 784 + 785 + return; 786 + } 787 + 773 788 build_huge_update_entries(p, pte, ptr); 774 789 build_huge_tlb_write_entry(p, l, r, pte, tlb_indexed, 0); 775 790 } ··· 2216 2199 uasm_l_tlbl_goaround2(&l, p); 2217 2200 } 2218 2201 uasm_i_ori(&p, wr.r1, wr.r1, (_PAGE_ACCESSED | _PAGE_VALID)); 2219 - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2202 + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1); 2220 2203 #endif 2221 2204 2222 2205 uasm_l_nopage_tlbl(&l, p); ··· 2271 2254 build_tlb_probe_entry(&p); 2272 2255 uasm_i_ori(&p, wr.r1, wr.r1, 2273 2256 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2274 - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2257 + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 1); 2275 2258 #endif 2276 2259 2277 2260 uasm_l_nopage_tlbs(&l, p); ··· 2327 2310 build_tlb_probe_entry(&p); 2328 2311 uasm_i_ori(&p, wr.r1, wr.r1, 2329 2312 _PAGE_ACCESSED | _PAGE_MODIFIED | _PAGE_VALID | _PAGE_DIRTY); 2330 - build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2); 2313 + build_huge_handler_tail(&p, &r, &l, wr.r1, wr.r2, 0); 2331 2314 #endif 2332 2315 2333 2316 uasm_l_nopage_tlbm(&l, p);

+2 -2

arch/mips/ralink/rt3883.c

··· 35 35 static struct rt2880_pmx_func jtag_func[] = { FUNC("jtag", 0, 17, 5) }; 36 36 static struct rt2880_pmx_func mdio_func[] = { FUNC("mdio", 0, 22, 2) }; 37 37 static struct rt2880_pmx_func lna_a_func[] = { FUNC("lna a", 0, 32, 3) }; 38 - static struct rt2880_pmx_func lna_g_func[] = { FUNC("lna a", 0, 35, 3) }; 38 + static struct rt2880_pmx_func lna_g_func[] = { FUNC("lna g", 0, 35, 3) }; 39 39 static struct rt2880_pmx_func pci_func[] = { 40 40 FUNC("pci-dev", 0, 40, 32), 41 41 FUNC("pci-host2", 1, 40, 32), ··· 43 43 FUNC("pci-fnc", 3, 40, 32) 44 44 }; 45 45 static struct rt2880_pmx_func ge1_func[] = { FUNC("ge1", 0, 72, 12) }; 46 - static struct rt2880_pmx_func ge2_func[] = { FUNC("ge1", 0, 84, 12) }; 46 + static struct rt2880_pmx_func ge2_func[] = { FUNC("ge2", 0, 84, 12) }; 47 47 48 48 static struct rt2880_pmx_group rt3883_pinmux_data[] = { 49 49 GRP("i2c", i2c_func, 1, RT3883_GPIO_MODE_I2C),

+7

arch/nios2/kernel/prom.c

··· 48 48 return alloc_bootmem_align(size, align); 49 49 } 50 50 51 + int __init early_init_dt_reserve_memory_arch(phys_addr_t base, phys_addr_t size, 52 + bool nomap) 53 + { 54 + reserve_bootmem(base, size, BOOTMEM_DEFAULT); 55 + return 0; 56 + } 57 + 51 58 void __init early_init_devtree(void *params) 52 59 { 53 60 __be32 *dtb = (u32 *)__dtb_start;

+3

arch/nios2/kernel/setup.c

··· 201 201 } 202 202 #endif /* CONFIG_BLK_DEV_INITRD */ 203 203 204 + early_init_fdt_reserve_self(); 205 + early_init_fdt_scan_reserved_mem(); 206 + 204 207 unflatten_and_copy_device_tree(); 205 208 206 209 setup_cpuinfo();

+34 -25

arch/parisc/include/asm/uaccess.h

··· 65 65 ".previous\n" 66 66 67 67 /* 68 + * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry 69 + * (with lowest bit set) for which the fault handler in fixup_exception() will 70 + * load -EFAULT into %r8 for a read or write fault, and zeroes the target 71 + * register in case of a read fault in get_user(). 72 + */ 73 + #define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr )\ 74 + ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1) 75 + 76 + /* 68 77 * The page fault handler stores, in a per-cpu area, the following information 69 78 * if a fixup routine is available. 70 79 */ ··· 100 91 #define __get_user(x, ptr) \ 101 92 ({ \ 102 93 register long __gu_err __asm__ ("r8") = 0; \ 103 - register long __gu_val __asm__ ("r9") = 0; \ 94 + register long __gu_val; \ 104 95 \ 105 96 load_sr2(); \ 106 97 switch (sizeof(*(ptr))) { \ ··· 116 107 }) 117 108 118 109 #define __get_user_asm(ldx, ptr) \ 119 - __asm__("\n1:\t" ldx "\t0(%%sr2,%2),%0\n\t" \ 120 - ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_1)\ 110 + __asm__("1: " ldx " 0(%%sr2,%2),%0\n" \ 111 + "9:\n" \ 112 + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ 121 113 : "=r"(__gu_val), "=r"(__gu_err) \ 122 - : "r"(ptr), "1"(__gu_err) \ 123 - : "r1"); 114 + : "r"(ptr), "1"(__gu_err)); 124 115 125 116 #if !defined(CONFIG_64BIT) 126 117 127 118 #define __get_user_asm64(ptr) \ 128 - __asm__("\n1:\tldw 0(%%sr2,%2),%0" \ 129 - "\n2:\tldw 4(%%sr2,%2),%R0\n\t" \ 130 - ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_get_user_skip_2)\ 131 - ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_get_user_skip_1)\ 119 + __asm__(" copy %%r0,%R0\n" \ 120 + "1: ldw 0(%%sr2,%2),%0\n" \ 121 + "2: ldw 4(%%sr2,%2),%R0\n" \ 122 + "9:\n" \ 123 + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ 124 + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ 132 125 : "=r"(__gu_val), "=r"(__gu_err) \ 133 - : "r"(ptr), "1"(__gu_err) \ 134 - : "r1"); 126 + : "r"(ptr), "1"(__gu_err)); 135 127 136 128 #endif /* !defined(CONFIG_64BIT) */ 137 129 ··· 158 148 * The "__put_user/kernel_asm()" macros tell gcc they read from memory 159 149 * instead of writing. This is because they do not write to any memory 160 150 * gcc knows about, so there are no aliasing issues. These macros must 161 - * also be aware that "fixup_put_user_skip_[12]" are executed in the 162 - * context of the fault, and any registers used there must be listed 163 - * as clobbers. In this case only "r1" is used by the current routines. 164 - * r8/r9 are already listed as err/val. 151 + * also be aware that fixups are executed in the context of the fault, 152 + * and any registers used there must be listed as clobbers. 153 + * r8 is already listed as err. 165 154 */ 166 155 167 156 #define __put_user_asm(stx, x, ptr) \ 168 157 __asm__ __volatile__ ( \ 169 - "\n1:\t" stx "\t%2,0(%%sr2,%1)\n\t" \ 170 - ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_1)\ 158 + "1: " stx " %2,0(%%sr2,%1)\n" \ 159 + "9:\n" \ 160 + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ 171 161 : "=r"(__pu_err) \ 172 - : "r"(ptr), "r"(x), "0"(__pu_err) \ 173 - : "r1") 162 + : "r"(ptr), "r"(x), "0"(__pu_err)) 174 163 175 164 176 165 #if !defined(CONFIG_64BIT) 177 166 178 167 #define __put_user_asm64(__val, ptr) do { \ 179 168 __asm__ __volatile__ ( \ 180 - "\n1:\tstw %2,0(%%sr2,%1)" \ 181 - "\n2:\tstw %R2,4(%%sr2,%1)\n\t" \ 182 - ASM_EXCEPTIONTABLE_ENTRY(1b, fixup_put_user_skip_2)\ 183 - ASM_EXCEPTIONTABLE_ENTRY(2b, fixup_put_user_skip_1)\ 169 + "1: stw %2,0(%%sr2,%1)\n" \ 170 + "2: stw %R2,4(%%sr2,%1)\n" \ 171 + "9:\n" \ 172 + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ 173 + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ 184 174 : "=r"(__pu_err) \ 185 - : "r"(ptr), "r"(__val), "0"(__pu_err) \ 186 - : "r1"); \ 175 + : "r"(ptr), "r"(__val), "0"(__pu_err)); \ 187 176 } while (0) 188 177 189 178 #endif /* !defined(CONFIG_64BIT) */

-10

arch/parisc/kernel/parisc_ksyms.c

··· 47 47 EXPORT_SYMBOL(lclear_user); 48 48 EXPORT_SYMBOL(lstrnlen_user); 49 49 50 - /* Global fixups - defined as int to avoid creation of function pointers */ 51 - extern int fixup_get_user_skip_1; 52 - extern int fixup_get_user_skip_2; 53 - extern int fixup_put_user_skip_1; 54 - extern int fixup_put_user_skip_2; 55 - EXPORT_SYMBOL(fixup_get_user_skip_1); 56 - EXPORT_SYMBOL(fixup_get_user_skip_2); 57 - EXPORT_SYMBOL(fixup_put_user_skip_1); 58 - EXPORT_SYMBOL(fixup_put_user_skip_2); 59 - 60 50 #ifndef CONFIG_64BIT 61 51 /* Needed so insmod can set dp value */ 62 52 extern int $global$;

+2

arch/parisc/kernel/process.c

··· 143 143 printk(KERN_EMERG "System shut down completed.\n" 144 144 "Please power this system off now."); 145 145 146 + /* prevent soft lockup/stalled CPU messages for endless loop. */ 147 + rcu_sysrq_start(); 146 148 for (;;); 147 149 } 148 150

+1 -1

arch/parisc/lib/Makefile

··· 2 2 # Makefile for parisc-specific library files 3 3 # 4 4 5 - lib-y := lusercopy.o bitops.o checksum.o io.o memset.o fixup.o memcpy.o \ 5 + lib-y := lusercopy.o bitops.o checksum.o io.o memset.o memcpy.o \ 6 6 ucmpdi2.o delay.o 7 7 8 8 obj-y := iomap.o

-98

arch/parisc/lib/fixup.S

··· 1 - /* 2 - * Linux/PA-RISC Project (http://www.parisc-linux.org/) 3 - * 4 - * Copyright (C) 2004 Randolph Chung <tausq@debian.org> 5 - * 6 - * This program is free software; you can redistribute it and/or modify 7 - * it under the terms of the GNU General Public License as published by 8 - * the Free Software Foundation; either version 2, or (at your option) 9 - * any later version. 10 - * 11 - * This program is distributed in the hope that it will be useful, 12 - * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 - * GNU General Public License for more details. 15 - * 16 - * You should have received a copy of the GNU General Public License 17 - * along with this program; if not, write to the Free Software 18 - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 - * 20 - * Fixup routines for kernel exception handling. 21 - */ 22 - #include <asm/asm-offsets.h> 23 - #include <asm/assembly.h> 24 - #include <asm/errno.h> 25 - #include <linux/linkage.h> 26 - 27 - #ifdef CONFIG_SMP 28 - .macro get_fault_ip t1 t2 29 - loadgp 30 - addil LT%__per_cpu_offset,%r27 31 - LDREG RT%__per_cpu_offset(%r1),\t1 32 - /* t2 = smp_processor_id() */ 33 - mfctl 30,\t2 34 - ldw TI_CPU(\t2),\t2 35 - #ifdef CONFIG_64BIT 36 - extrd,u \t2,63,32,\t2 37 - #endif 38 - /* t2 = &__per_cpu_offset[smp_processor_id()]; */ 39 - LDREGX \t2(\t1),\t2 40 - addil LT%exception_data,%r27 41 - LDREG RT%exception_data(%r1),\t1 42 - /* t1 = this_cpu_ptr(&exception_data) */ 43 - add,l \t1,\t2,\t1 44 - /* %r27 = t1->fault_gp - restore gp */ 45 - LDREG EXCDATA_GP(\t1), %r27 46 - /* t1 = t1->fault_ip */ 47 - LDREG EXCDATA_IP(\t1), \t1 48 - .endm 49 - #else 50 - .macro get_fault_ip t1 t2 51 - loadgp 52 - /* t1 = this_cpu_ptr(&exception_data) */ 53 - addil LT%exception_data,%r27 54 - LDREG RT%exception_data(%r1),\t2 55 - /* %r27 = t2->fault_gp - restore gp */ 56 - LDREG EXCDATA_GP(\t2), %r27 57 - /* t1 = t2->fault_ip */ 58 - LDREG EXCDATA_IP(\t2), \t1 59 - .endm 60 - #endif 61 - 62 - .level LEVEL 63 - 64 - .text 65 - .section .fixup, "ax" 66 - 67 - /* get_user() fixups, store -EFAULT in r8, and 0 in r9 */ 68 - ENTRY_CFI(fixup_get_user_skip_1) 69 - get_fault_ip %r1,%r8 70 - ldo 4(%r1), %r1 71 - ldi -EFAULT, %r8 72 - bv %r0(%r1) 73 - copy %r0, %r9 74 - ENDPROC_CFI(fixup_get_user_skip_1) 75 - 76 - ENTRY_CFI(fixup_get_user_skip_2) 77 - get_fault_ip %r1,%r8 78 - ldo 8(%r1), %r1 79 - ldi -EFAULT, %r8 80 - bv %r0(%r1) 81 - copy %r0, %r9 82 - ENDPROC_CFI(fixup_get_user_skip_2) 83 - 84 - /* put_user() fixups, store -EFAULT in r8 */ 85 - ENTRY_CFI(fixup_put_user_skip_1) 86 - get_fault_ip %r1,%r8 87 - ldo 4(%r1), %r1 88 - bv %r0(%r1) 89 - ldi -EFAULT, %r8 90 - ENDPROC_CFI(fixup_put_user_skip_1) 91 - 92 - ENTRY_CFI(fixup_put_user_skip_2) 93 - get_fault_ip %r1,%r8 94 - ldo 8(%r1), %r1 95 - bv %r0(%r1) 96 - ldi -EFAULT, %r8 97 - ENDPROC_CFI(fixup_put_user_skip_2) 98 -

+318

arch/parisc/lib/lusercopy.S

··· 5 5 * Copyright (C) 2000 Richard Hirst <rhirst with parisc-linux.org> 6 6 * Copyright (C) 2001 Matthieu Delahaye <delahaym at esiee.fr> 7 7 * Copyright (C) 2003 Randolph Chung <tausq with parisc-linux.org> 8 + * Copyright (C) 2017 Helge Deller <deller@gmx.de> 9 + * Copyright (C) 2017 John David Anglin <dave.anglin@bell.net> 8 10 * 9 11 * 10 12 * This program is free software; you can redistribute it and/or modify ··· 132 130 ASM_EXCEPTIONTABLE_ENTRY(1b,3b) 133 131 ASM_EXCEPTIONTABLE_ENTRY(2b,3b) 134 132 133 + .procend 134 + 135 + 136 + 137 + /* 138 + * unsigned long pa_memcpy(void *dstp, const void *srcp, unsigned long len) 139 + * 140 + * Inputs: 141 + * - sr1 already contains space of source region 142 + * - sr2 already contains space of destination region 143 + * 144 + * Returns: 145 + * - number of bytes that could not be copied. 146 + * On success, this will be zero. 147 + * 148 + * This code is based on a C-implementation of a copy routine written by 149 + * Randolph Chung, which in turn was derived from the glibc. 150 + * 151 + * Several strategies are tried to try to get the best performance for various 152 + * conditions. In the optimal case, we copy by loops that copy 32- or 16-bytes 153 + * at a time using general registers. Unaligned copies are handled either by 154 + * aligning the destination and then using shift-and-write method, or in a few 155 + * cases by falling back to a byte-at-a-time copy. 156 + * 157 + * Testing with various alignments and buffer sizes shows that this code is 158 + * often >10x faster than a simple byte-at-a-time copy, even for strangely 159 + * aligned operands. It is interesting to note that the glibc version of memcpy 160 + * (written in C) is actually quite fast already. This routine is able to beat 161 + * it by 30-40% for aligned copies because of the loop unrolling, but in some 162 + * cases the glibc version is still slightly faster. This lends more 163 + * credibility that gcc can generate very good code as long as we are careful. 164 + * 165 + * Possible optimizations: 166 + * - add cache prefetching 167 + * - try not to use the post-increment address modifiers; they may create 168 + * additional interlocks. Assumption is that those were only efficient on old 169 + * machines (pre PA8000 processors) 170 + */ 171 + 172 + dst = arg0 173 + src = arg1 174 + len = arg2 175 + end = arg3 176 + t1 = r19 177 + t2 = r20 178 + t3 = r21 179 + t4 = r22 180 + srcspc = sr1 181 + dstspc = sr2 182 + 183 + t0 = r1 184 + a1 = t1 185 + a2 = t2 186 + a3 = t3 187 + a0 = t4 188 + 189 + save_src = ret0 190 + save_dst = ret1 191 + save_len = r31 192 + 193 + ENTRY_CFI(pa_memcpy) 194 + .proc 195 + .callinfo NO_CALLS 196 + .entry 197 + 198 + /* Last destination address */ 199 + add dst,len,end 200 + 201 + /* short copy with less than 16 bytes? */ 202 + cmpib,>>=,n 15,len,.Lbyte_loop 203 + 204 + /* same alignment? */ 205 + xor src,dst,t0 206 + extru t0,31,2,t1 207 + cmpib,<>,n 0,t1,.Lunaligned_copy 208 + 209 + #ifdef CONFIG_64BIT 210 + /* only do 64-bit copies if we can get aligned. */ 211 + extru t0,31,3,t1 212 + cmpib,<>,n 0,t1,.Lalign_loop32 213 + 214 + /* loop until we are 64-bit aligned */ 215 + .Lalign_loop64: 216 + extru dst,31,3,t1 217 + cmpib,=,n 0,t1,.Lcopy_loop_16 218 + 20: ldb,ma 1(srcspc,src),t1 219 + 21: stb,ma t1,1(dstspc,dst) 220 + b .Lalign_loop64 221 + ldo -1(len),len 222 + 223 + ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done) 224 + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) 225 + 226 + ldi 31,t0 227 + .Lcopy_loop_16: 228 + cmpb,COND(>>=),n t0,len,.Lword_loop 229 + 230 + 10: ldd 0(srcspc,src),t1 231 + 11: ldd 8(srcspc,src),t2 232 + ldo 16(src),src 233 + 12: std,ma t1,8(dstspc,dst) 234 + 13: std,ma t2,8(dstspc,dst) 235 + 14: ldd 0(srcspc,src),t1 236 + 15: ldd 8(srcspc,src),t2 237 + ldo 16(src),src 238 + 16: std,ma t1,8(dstspc,dst) 239 + 17: std,ma t2,8(dstspc,dst) 240 + 241 + ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done) 242 + ASM_EXCEPTIONTABLE_ENTRY(11b,.Lcopy16_fault) 243 + ASM_EXCEPTIONTABLE_ENTRY(12b,.Lcopy_done) 244 + ASM_EXCEPTIONTABLE_ENTRY(13b,.Lcopy_done) 245 + ASM_EXCEPTIONTABLE_ENTRY(14b,.Lcopy_done) 246 + ASM_EXCEPTIONTABLE_ENTRY(15b,.Lcopy16_fault) 247 + ASM_EXCEPTIONTABLE_ENTRY(16b,.Lcopy_done) 248 + ASM_EXCEPTIONTABLE_ENTRY(17b,.Lcopy_done) 249 + 250 + b .Lcopy_loop_16 251 + ldo -32(len),len 252 + 253 + .Lword_loop: 254 + cmpib,COND(>>=),n 3,len,.Lbyte_loop 255 + 20: ldw,ma 4(srcspc,src),t1 256 + 21: stw,ma t1,4(dstspc,dst) 257 + b .Lword_loop 258 + ldo -4(len),len 259 + 260 + ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done) 261 + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) 262 + 263 + #endif /* CONFIG_64BIT */ 264 + 265 + /* loop until we are 32-bit aligned */ 266 + .Lalign_loop32: 267 + extru dst,31,2,t1 268 + cmpib,=,n 0,t1,.Lcopy_loop_4 269 + 20: ldb,ma 1(srcspc,src),t1 270 + 21: stb,ma t1,1(dstspc,dst) 271 + b .Lalign_loop32 272 + ldo -1(len),len 273 + 274 + ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done) 275 + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) 276 + 277 + 278 + .Lcopy_loop_4: 279 + cmpib,COND(>>=),n 15,len,.Lbyte_loop 280 + 281 + 10: ldw 0(srcspc,src),t1 282 + 11: ldw 4(srcspc,src),t2 283 + 12: stw,ma t1,4(dstspc,dst) 284 + 13: stw,ma t2,4(dstspc,dst) 285 + 14: ldw 8(srcspc,src),t1 286 + 15: ldw 12(srcspc,src),t2 287 + ldo 16(src),src 288 + 16: stw,ma t1,4(dstspc,dst) 289 + 17: stw,ma t2,4(dstspc,dst) 290 + 291 + ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done) 292 + ASM_EXCEPTIONTABLE_ENTRY(11b,.Lcopy8_fault) 293 + ASM_EXCEPTIONTABLE_ENTRY(12b,.Lcopy_done) 294 + ASM_EXCEPTIONTABLE_ENTRY(13b,.Lcopy_done) 295 + ASM_EXCEPTIONTABLE_ENTRY(14b,.Lcopy_done) 296 + ASM_EXCEPTIONTABLE_ENTRY(15b,.Lcopy8_fault) 297 + ASM_EXCEPTIONTABLE_ENTRY(16b,.Lcopy_done) 298 + ASM_EXCEPTIONTABLE_ENTRY(17b,.Lcopy_done) 299 + 300 + b .Lcopy_loop_4 301 + ldo -16(len),len 302 + 303 + .Lbyte_loop: 304 + cmpclr,COND(<>) len,%r0,%r0 305 + b,n .Lcopy_done 306 + 20: ldb 0(srcspc,src),t1 307 + ldo 1(src),src 308 + 21: stb,ma t1,1(dstspc,dst) 309 + b .Lbyte_loop 310 + ldo -1(len),len 311 + 312 + ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done) 313 + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) 314 + 315 + .Lcopy_done: 316 + bv %r0(%r2) 317 + sub end,dst,ret0 318 + 319 + 320 + /* src and dst are not aligned the same way. */ 321 + /* need to go the hard way */ 322 + .Lunaligned_copy: 323 + /* align until dst is 32bit-word-aligned */ 324 + extru dst,31,2,t1 325 + cmpib,COND(=),n 0,t1,.Lcopy_dstaligned 326 + 20: ldb 0(srcspc,src),t1 327 + ldo 1(src),src 328 + 21: stb,ma t1,1(dstspc,dst) 329 + b .Lunaligned_copy 330 + ldo -1(len),len 331 + 332 + ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done) 333 + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) 334 + 335 + .Lcopy_dstaligned: 336 + 337 + /* store src, dst and len in safe place */ 338 + copy src,save_src 339 + copy dst,save_dst 340 + copy len,save_len 341 + 342 + /* len now needs give number of words to copy */ 343 + SHRREG len,2,len 344 + 345 + /* 346 + * Copy from a not-aligned src to an aligned dst using shifts. 347 + * Handles 4 words per loop. 348 + */ 349 + 350 + depw,z src,28,2,t0 351 + subi 32,t0,t0 352 + mtsar t0 353 + extru len,31,2,t0 354 + cmpib,= 2,t0,.Lcase2 355 + /* Make src aligned by rounding it down. */ 356 + depi 0,31,2,src 357 + 358 + cmpiclr,<> 3,t0,%r0 359 + b,n .Lcase3 360 + cmpiclr,<> 1,t0,%r0 361 + b,n .Lcase1 362 + .Lcase0: 363 + cmpb,= %r0,len,.Lcda_finish 364 + nop 365 + 366 + 1: ldw,ma 4(srcspc,src), a3 367 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 368 + 1: ldw,ma 4(srcspc,src), a0 369 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 370 + b,n .Ldo3 371 + .Lcase1: 372 + 1: ldw,ma 4(srcspc,src), a2 373 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 374 + 1: ldw,ma 4(srcspc,src), a3 375 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 376 + ldo -1(len),len 377 + cmpb,=,n %r0,len,.Ldo0 378 + .Ldo4: 379 + 1: ldw,ma 4(srcspc,src), a0 380 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 381 + shrpw a2, a3, %sar, t0 382 + 1: stw,ma t0, 4(dstspc,dst) 383 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done) 384 + .Ldo3: 385 + 1: ldw,ma 4(srcspc,src), a1 386 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 387 + shrpw a3, a0, %sar, t0 388 + 1: stw,ma t0, 4(dstspc,dst) 389 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done) 390 + .Ldo2: 391 + 1: ldw,ma 4(srcspc,src), a2 392 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 393 + shrpw a0, a1, %sar, t0 394 + 1: stw,ma t0, 4(dstspc,dst) 395 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done) 396 + .Ldo1: 397 + 1: ldw,ma 4(srcspc,src), a3 398 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 399 + shrpw a1, a2, %sar, t0 400 + 1: stw,ma t0, 4(dstspc,dst) 401 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done) 402 + ldo -4(len),len 403 + cmpb,<> %r0,len,.Ldo4 404 + nop 405 + .Ldo0: 406 + shrpw a2, a3, %sar, t0 407 + 1: stw,ma t0, 4(dstspc,dst) 408 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done) 409 + 410 + .Lcda_rdfault: 411 + .Lcda_finish: 412 + /* calculate new src, dst and len and jump to byte-copy loop */ 413 + sub dst,save_dst,t0 414 + add save_src,t0,src 415 + b .Lbyte_loop 416 + sub save_len,t0,len 417 + 418 + .Lcase3: 419 + 1: ldw,ma 4(srcspc,src), a0 420 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 421 + 1: ldw,ma 4(srcspc,src), a1 422 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 423 + b .Ldo2 424 + ldo 1(len),len 425 + .Lcase2: 426 + 1: ldw,ma 4(srcspc,src), a1 427 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 428 + 1: ldw,ma 4(srcspc,src), a2 429 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) 430 + b .Ldo1 431 + ldo 2(len),len 432 + 433 + 434 + /* fault exception fixup handlers: */ 435 + #ifdef CONFIG_64BIT 436 + .Lcopy16_fault: 437 + 10: b .Lcopy_done 438 + std,ma t1,8(dstspc,dst) 439 + ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done) 440 + #endif 441 + 442 + .Lcopy8_fault: 443 + 10: b .Lcopy_done 444 + stw,ma t1,4(dstspc,dst) 445 + ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done) 446 + 447 + .exit 448 + ENDPROC_CFI(pa_memcpy) 135 449 .procend 136 450 137 451 .end

+3 -458

arch/parisc/lib/memcpy.c

··· 2 2 * Optimized memory copy routines. 3 3 * 4 4 * Copyright (C) 2004 Randolph Chung <tausq@debian.org> 5 - * Copyright (C) 2013 Helge Deller <deller@gmx.de> 5 + * Copyright (C) 2013-2017 Helge Deller <deller@gmx.de> 6 6 * 7 7 * This program is free software; you can redistribute it and/or modify 8 8 * it under the terms of the GNU General Public License as published by ··· 21 21 * Portions derived from the GNU C Library 22 22 * Copyright (C) 1991, 1997, 2003 Free Software Foundation, Inc. 23 23 * 24 - * Several strategies are tried to try to get the best performance for various 25 - * conditions. In the optimal case, we copy 64-bytes in an unrolled loop using 26 - * fp regs. This is followed by loops that copy 32- or 16-bytes at a time using 27 - * general registers. Unaligned copies are handled either by aligning the 28 - * destination and then using shift-and-write method, or in a few cases by 29 - * falling back to a byte-at-a-time copy. 30 - * 31 - * I chose to implement this in C because it is easier to maintain and debug, 32 - * and in my experiments it appears that the C code generated by gcc (3.3/3.4 33 - * at the time of writing) is fairly optimal. Unfortunately some of the 34 - * semantics of the copy routine (exception handling) is difficult to express 35 - * in C, so we have to play some tricks to get it to work. 36 - * 37 - * All the loads and stores are done via explicit asm() code in order to use 38 - * the right space registers. 39 - * 40 - * Testing with various alignments and buffer sizes shows that this code is 41 - * often >10x faster than a simple byte-at-a-time copy, even for strangely 42 - * aligned operands. It is interesting to note that the glibc version 43 - * of memcpy (written in C) is actually quite fast already. This routine is 44 - * able to beat it by 30-40% for aligned copies because of the loop unrolling, 45 - * but in some cases the glibc version is still slightly faster. This lends 46 - * more credibility that gcc can generate very good code as long as we are 47 - * careful. 48 - * 49 - * TODO: 50 - * - cache prefetching needs more experimentation to get optimal settings 51 - * - try not to use the post-increment address modifiers; they create additional 52 - * interlocks 53 - * - replace byte-copy loops with stybs sequences 54 24 */ 55 25 56 - #ifdef __KERNEL__ 57 26 #include <linux/module.h> 58 27 #include <linux/compiler.h> 59 28 #include <linux/uaccess.h> 60 - #define s_space "%%sr1" 61 - #define d_space "%%sr2" 62 - #else 63 - #include "memcpy.h" 64 - #define s_space "%%sr0" 65 - #define d_space "%%sr0" 66 - #define pa_memcpy new2_copy 67 - #endif 68 29 69 30 DECLARE_PER_CPU(struct exception_data, exception_data); 70 - 71 - #define preserve_branch(label) do { \ 72 - volatile int dummy = 0; \ 73 - /* The following branch is never taken, it's just here to */ \ 74 - /* prevent gcc from optimizing away our exception code. */ \ 75 - if (unlikely(dummy != dummy)) \ 76 - goto label; \ 77 - } while (0) 78 31 79 32 #define get_user_space() (segment_eq(get_fs(), KERNEL_DS) ? 0 : mfsp(3)) 80 33 #define get_kernel_space() (0) 81 34 82 - #define MERGE(w0, sh_1, w1, sh_2) ({ \ 83 - unsigned int _r; \ 84 - asm volatile ( \ 85 - "mtsar %3\n" \ 86 - "shrpw %1, %2, %%sar, %0\n" \ 87 - : "=r"(_r) \ 88 - : "r"(w0), "r"(w1), "r"(sh_2) \ 89 - ); \ 90 - _r; \ 91 - }) 92 - #define THRESHOLD 16 93 - 94 - #ifdef DEBUG_MEMCPY 95 - #define DPRINTF(fmt, args...) do { printk(KERN_DEBUG "%s:%d:%s ", __FILE__, __LINE__, __func__ ); printk(KERN_DEBUG fmt, ##args ); } while (0) 96 - #else 97 - #define DPRINTF(fmt, args...) 98 - #endif 99 - 100 - #define def_load_ai_insn(_insn,_sz,_tt,_s,_a,_t,_e) \ 101 - __asm__ __volatile__ ( \ 102 - "1:\t" #_insn ",ma " #_sz "(" _s ",%1), %0\n\t" \ 103 - ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \ 104 - : _tt(_t), "+r"(_a) \ 105 - : \ 106 - : "r8") 107 - 108 - #define def_store_ai_insn(_insn,_sz,_tt,_s,_a,_t,_e) \ 109 - __asm__ __volatile__ ( \ 110 - "1:\t" #_insn ",ma %1, " #_sz "(" _s ",%0)\n\t" \ 111 - ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \ 112 - : "+r"(_a) \ 113 - : _tt(_t) \ 114 - : "r8") 115 - 116 - #define ldbma(_s, _a, _t, _e) def_load_ai_insn(ldbs,1,"=r",_s,_a,_t,_e) 117 - #define stbma(_s, _t, _a, _e) def_store_ai_insn(stbs,1,"r",_s,_a,_t,_e) 118 - #define ldwma(_s, _a, _t, _e) def_load_ai_insn(ldw,4,"=r",_s,_a,_t,_e) 119 - #define stwma(_s, _t, _a, _e) def_store_ai_insn(stw,4,"r",_s,_a,_t,_e) 120 - #define flddma(_s, _a, _t, _e) def_load_ai_insn(fldd,8,"=f",_s,_a,_t,_e) 121 - #define fstdma(_s, _t, _a, _e) def_store_ai_insn(fstd,8,"f",_s,_a,_t,_e) 122 - 123 - #define def_load_insn(_insn,_tt,_s,_o,_a,_t,_e) \ 124 - __asm__ __volatile__ ( \ 125 - "1:\t" #_insn " " #_o "(" _s ",%1), %0\n\t" \ 126 - ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \ 127 - : _tt(_t) \ 128 - : "r"(_a) \ 129 - : "r8") 130 - 131 - #define def_store_insn(_insn,_tt,_s,_t,_o,_a,_e) \ 132 - __asm__ __volatile__ ( \ 133 - "1:\t" #_insn " %0, " #_o "(" _s ",%1)\n\t" \ 134 - ASM_EXCEPTIONTABLE_ENTRY(1b,_e) \ 135 - : \ 136 - : _tt(_t), "r"(_a) \ 137 - : "r8") 138 - 139 - #define ldw(_s,_o,_a,_t,_e) def_load_insn(ldw,"=r",_s,_o,_a,_t,_e) 140 - #define stw(_s,_t,_o,_a,_e) def_store_insn(stw,"r",_s,_t,_o,_a,_e) 141 - 142 - #ifdef CONFIG_PREFETCH 143 - static inline void prefetch_src(const void *addr) 144 - { 145 - __asm__("ldw 0(" s_space ",%0), %%r0" : : "r" (addr)); 146 - } 147 - 148 - static inline void prefetch_dst(const void *addr) 149 - { 150 - __asm__("ldd 0(" d_space ",%0), %%r0" : : "r" (addr)); 151 - } 152 - #else 153 - #define prefetch_src(addr) do { } while(0) 154 - #define prefetch_dst(addr) do { } while(0) 155 - #endif 156 - 157 - #define PA_MEMCPY_OK 0 158 - #define PA_MEMCPY_LOAD_ERROR 1 159 - #define PA_MEMCPY_STORE_ERROR 2 160 - 161 - /* Copy from a not-aligned src to an aligned dst, using shifts. Handles 4 words 162 - * per loop. This code is derived from glibc. 163 - */ 164 - static noinline unsigned long copy_dstaligned(unsigned long dst, 165 - unsigned long src, unsigned long len) 166 - { 167 - /* gcc complains that a2 and a3 may be uninitialized, but actually 168 - * they cannot be. Initialize a2/a3 to shut gcc up. 169 - */ 170 - register unsigned int a0, a1, a2 = 0, a3 = 0; 171 - int sh_1, sh_2; 172 - 173 - /* prefetch_src((const void *)src); */ 174 - 175 - /* Calculate how to shift a word read at the memory operation 176 - aligned srcp to make it aligned for copy. */ 177 - sh_1 = 8 * (src % sizeof(unsigned int)); 178 - sh_2 = 8 * sizeof(unsigned int) - sh_1; 179 - 180 - /* Make src aligned by rounding it down. */ 181 - src &= -sizeof(unsigned int); 182 - 183 - switch (len % 4) 184 - { 185 - case 2: 186 - /* a1 = ((unsigned int *) src)[0]; 187 - a2 = ((unsigned int *) src)[1]; */ 188 - ldw(s_space, 0, src, a1, cda_ldw_exc); 189 - ldw(s_space, 4, src, a2, cda_ldw_exc); 190 - src -= 1 * sizeof(unsigned int); 191 - dst -= 3 * sizeof(unsigned int); 192 - len += 2; 193 - goto do1; 194 - case 3: 195 - /* a0 = ((unsigned int *) src)[0]; 196 - a1 = ((unsigned int *) src)[1]; */ 197 - ldw(s_space, 0, src, a0, cda_ldw_exc); 198 - ldw(s_space, 4, src, a1, cda_ldw_exc); 199 - src -= 0 * sizeof(unsigned int); 200 - dst -= 2 * sizeof(unsigned int); 201 - len += 1; 202 - goto do2; 203 - case 0: 204 - if (len == 0) 205 - return PA_MEMCPY_OK; 206 - /* a3 = ((unsigned int *) src)[0]; 207 - a0 = ((unsigned int *) src)[1]; */ 208 - ldw(s_space, 0, src, a3, cda_ldw_exc); 209 - ldw(s_space, 4, src, a0, cda_ldw_exc); 210 - src -=-1 * sizeof(unsigned int); 211 - dst -= 1 * sizeof(unsigned int); 212 - len += 0; 213 - goto do3; 214 - case 1: 215 - /* a2 = ((unsigned int *) src)[0]; 216 - a3 = ((unsigned int *) src)[1]; */ 217 - ldw(s_space, 0, src, a2, cda_ldw_exc); 218 - ldw(s_space, 4, src, a3, cda_ldw_exc); 219 - src -=-2 * sizeof(unsigned int); 220 - dst -= 0 * sizeof(unsigned int); 221 - len -= 1; 222 - if (len == 0) 223 - goto do0; 224 - goto do4; /* No-op. */ 225 - } 226 - 227 - do 228 - { 229 - /* prefetch_src((const void *)(src + 4 * sizeof(unsigned int))); */ 230 - do4: 231 - /* a0 = ((unsigned int *) src)[0]; */ 232 - ldw(s_space, 0, src, a0, cda_ldw_exc); 233 - /* ((unsigned int *) dst)[0] = MERGE (a2, sh_1, a3, sh_2); */ 234 - stw(d_space, MERGE (a2, sh_1, a3, sh_2), 0, dst, cda_stw_exc); 235 - do3: 236 - /* a1 = ((unsigned int *) src)[1]; */ 237 - ldw(s_space, 4, src, a1, cda_ldw_exc); 238 - /* ((unsigned int *) dst)[1] = MERGE (a3, sh_1, a0, sh_2); */ 239 - stw(d_space, MERGE (a3, sh_1, a0, sh_2), 4, dst, cda_stw_exc); 240 - do2: 241 - /* a2 = ((unsigned int *) src)[2]; */ 242 - ldw(s_space, 8, src, a2, cda_ldw_exc); 243 - /* ((unsigned int *) dst)[2] = MERGE (a0, sh_1, a1, sh_2); */ 244 - stw(d_space, MERGE (a0, sh_1, a1, sh_2), 8, dst, cda_stw_exc); 245 - do1: 246 - /* a3 = ((unsigned int *) src)[3]; */ 247 - ldw(s_space, 12, src, a3, cda_ldw_exc); 248 - /* ((unsigned int *) dst)[3] = MERGE (a1, sh_1, a2, sh_2); */ 249 - stw(d_space, MERGE (a1, sh_1, a2, sh_2), 12, dst, cda_stw_exc); 250 - 251 - src += 4 * sizeof(unsigned int); 252 - dst += 4 * sizeof(unsigned int); 253 - len -= 4; 254 - } 255 - while (len != 0); 256 - 257 - do0: 258 - /* ((unsigned int *) dst)[0] = MERGE (a2, sh_1, a3, sh_2); */ 259 - stw(d_space, MERGE (a2, sh_1, a3, sh_2), 0, dst, cda_stw_exc); 260 - 261 - preserve_branch(handle_load_error); 262 - preserve_branch(handle_store_error); 263 - 264 - return PA_MEMCPY_OK; 265 - 266 - handle_load_error: 267 - __asm__ __volatile__ ("cda_ldw_exc:\n"); 268 - return PA_MEMCPY_LOAD_ERROR; 269 - 270 - handle_store_error: 271 - __asm__ __volatile__ ("cda_stw_exc:\n"); 272 - return PA_MEMCPY_STORE_ERROR; 273 - } 274 - 275 - 276 - /* Returns PA_MEMCPY_OK, PA_MEMCPY_LOAD_ERROR or PA_MEMCPY_STORE_ERROR. 277 - * In case of an access fault the faulty address can be read from the per_cpu 278 - * exception data struct. */ 279 - static noinline unsigned long pa_memcpy_internal(void *dstp, const void *srcp, 280 - unsigned long len) 281 - { 282 - register unsigned long src, dst, t1, t2, t3; 283 - register unsigned char *pcs, *pcd; 284 - register unsigned int *pws, *pwd; 285 - register double *pds, *pdd; 286 - unsigned long ret; 287 - 288 - src = (unsigned long)srcp; 289 - dst = (unsigned long)dstp; 290 - pcs = (unsigned char *)srcp; 291 - pcd = (unsigned char *)dstp; 292 - 293 - /* prefetch_src((const void *)srcp); */ 294 - 295 - if (len < THRESHOLD) 296 - goto byte_copy; 297 - 298 - /* Check alignment */ 299 - t1 = (src ^ dst); 300 - if (unlikely(t1 & (sizeof(double)-1))) 301 - goto unaligned_copy; 302 - 303 - /* src and dst have same alignment. */ 304 - 305 - /* Copy bytes till we are double-aligned. */ 306 - t2 = src & (sizeof(double) - 1); 307 - if (unlikely(t2 != 0)) { 308 - t2 = sizeof(double) - t2; 309 - while (t2 && len) { 310 - /* *pcd++ = *pcs++; */ 311 - ldbma(s_space, pcs, t3, pmc_load_exc); 312 - len--; 313 - stbma(d_space, t3, pcd, pmc_store_exc); 314 - t2--; 315 - } 316 - } 317 - 318 - pds = (double *)pcs; 319 - pdd = (double *)pcd; 320 - 321 - #if 0 322 - /* Copy 8 doubles at a time */ 323 - while (len >= 8*sizeof(double)) { 324 - register double r1, r2, r3, r4, r5, r6, r7, r8; 325 - /* prefetch_src((char *)pds + L1_CACHE_BYTES); */ 326 - flddma(s_space, pds, r1, pmc_load_exc); 327 - flddma(s_space, pds, r2, pmc_load_exc); 328 - flddma(s_space, pds, r3, pmc_load_exc); 329 - flddma(s_space, pds, r4, pmc_load_exc); 330 - fstdma(d_space, r1, pdd, pmc_store_exc); 331 - fstdma(d_space, r2, pdd, pmc_store_exc); 332 - fstdma(d_space, r3, pdd, pmc_store_exc); 333 - fstdma(d_space, r4, pdd, pmc_store_exc); 334 - 335 - #if 0 336 - if (L1_CACHE_BYTES <= 32) 337 - prefetch_src((char *)pds + L1_CACHE_BYTES); 338 - #endif 339 - flddma(s_space, pds, r5, pmc_load_exc); 340 - flddma(s_space, pds, r6, pmc_load_exc); 341 - flddma(s_space, pds, r7, pmc_load_exc); 342 - flddma(s_space, pds, r8, pmc_load_exc); 343 - fstdma(d_space, r5, pdd, pmc_store_exc); 344 - fstdma(d_space, r6, pdd, pmc_store_exc); 345 - fstdma(d_space, r7, pdd, pmc_store_exc); 346 - fstdma(d_space, r8, pdd, pmc_store_exc); 347 - len -= 8*sizeof(double); 348 - } 349 - #endif 350 - 351 - pws = (unsigned int *)pds; 352 - pwd = (unsigned int *)pdd; 353 - 354 - word_copy: 355 - while (len >= 8*sizeof(unsigned int)) { 356 - register unsigned int r1,r2,r3,r4,r5,r6,r7,r8; 357 - /* prefetch_src((char *)pws + L1_CACHE_BYTES); */ 358 - ldwma(s_space, pws, r1, pmc_load_exc); 359 - ldwma(s_space, pws, r2, pmc_load_exc); 360 - ldwma(s_space, pws, r3, pmc_load_exc); 361 - ldwma(s_space, pws, r4, pmc_load_exc); 362 - stwma(d_space, r1, pwd, pmc_store_exc); 363 - stwma(d_space, r2, pwd, pmc_store_exc); 364 - stwma(d_space, r3, pwd, pmc_store_exc); 365 - stwma(d_space, r4, pwd, pmc_store_exc); 366 - 367 - ldwma(s_space, pws, r5, pmc_load_exc); 368 - ldwma(s_space, pws, r6, pmc_load_exc); 369 - ldwma(s_space, pws, r7, pmc_load_exc); 370 - ldwma(s_space, pws, r8, pmc_load_exc); 371 - stwma(d_space, r5, pwd, pmc_store_exc); 372 - stwma(d_space, r6, pwd, pmc_store_exc); 373 - stwma(d_space, r7, pwd, pmc_store_exc); 374 - stwma(d_space, r8, pwd, pmc_store_exc); 375 - len -= 8*sizeof(unsigned int); 376 - } 377 - 378 - while (len >= 4*sizeof(unsigned int)) { 379 - register unsigned int r1,r2,r3,r4; 380 - ldwma(s_space, pws, r1, pmc_load_exc); 381 - ldwma(s_space, pws, r2, pmc_load_exc); 382 - ldwma(s_space, pws, r3, pmc_load_exc); 383 - ldwma(s_space, pws, r4, pmc_load_exc); 384 - stwma(d_space, r1, pwd, pmc_store_exc); 385 - stwma(d_space, r2, pwd, pmc_store_exc); 386 - stwma(d_space, r3, pwd, pmc_store_exc); 387 - stwma(d_space, r4, pwd, pmc_store_exc); 388 - len -= 4*sizeof(unsigned int); 389 - } 390 - 391 - pcs = (unsigned char *)pws; 392 - pcd = (unsigned char *)pwd; 393 - 394 - byte_copy: 395 - while (len) { 396 - /* *pcd++ = *pcs++; */ 397 - ldbma(s_space, pcs, t3, pmc_load_exc); 398 - stbma(d_space, t3, pcd, pmc_store_exc); 399 - len--; 400 - } 401 - 402 - return PA_MEMCPY_OK; 403 - 404 - unaligned_copy: 405 - /* possibly we are aligned on a word, but not on a double... */ 406 - if (likely((t1 & (sizeof(unsigned int)-1)) == 0)) { 407 - t2 = src & (sizeof(unsigned int) - 1); 408 - 409 - if (unlikely(t2 != 0)) { 410 - t2 = sizeof(unsigned int) - t2; 411 - while (t2) { 412 - /* *pcd++ = *pcs++; */ 413 - ldbma(s_space, pcs, t3, pmc_load_exc); 414 - stbma(d_space, t3, pcd, pmc_store_exc); 415 - len--; 416 - t2--; 417 - } 418 - } 419 - 420 - pws = (unsigned int *)pcs; 421 - pwd = (unsigned int *)pcd; 422 - goto word_copy; 423 - } 424 - 425 - /* Align the destination. */ 426 - if (unlikely((dst & (sizeof(unsigned int) - 1)) != 0)) { 427 - t2 = sizeof(unsigned int) - (dst & (sizeof(unsigned int) - 1)); 428 - while (t2) { 429 - /* *pcd++ = *pcs++; */ 430 - ldbma(s_space, pcs, t3, pmc_load_exc); 431 - stbma(d_space, t3, pcd, pmc_store_exc); 432 - len--; 433 - t2--; 434 - } 435 - dst = (unsigned long)pcd; 436 - src = (unsigned long)pcs; 437 - } 438 - 439 - ret = copy_dstaligned(dst, src, len / sizeof(unsigned int)); 440 - if (ret) 441 - return ret; 442 - 443 - pcs += (len & -sizeof(unsigned int)); 444 - pcd += (len & -sizeof(unsigned int)); 445 - len %= sizeof(unsigned int); 446 - 447 - preserve_branch(handle_load_error); 448 - preserve_branch(handle_store_error); 449 - 450 - goto byte_copy; 451 - 452 - handle_load_error: 453 - __asm__ __volatile__ ("pmc_load_exc:\n"); 454 - return PA_MEMCPY_LOAD_ERROR; 455 - 456 - handle_store_error: 457 - __asm__ __volatile__ ("pmc_store_exc:\n"); 458 - return PA_MEMCPY_STORE_ERROR; 459 - } 460 - 461 - 462 35 /* Returns 0 for success, otherwise, returns number of bytes not transferred. */ 463 - static unsigned long pa_memcpy(void *dstp, const void *srcp, unsigned long len) 464 - { 465 - unsigned long ret, fault_addr, reference; 466 - struct exception_data *d; 36 + extern unsigned long pa_memcpy(void *dst, const void *src, 37 + unsigned long len); 467 38 468 - ret = pa_memcpy_internal(dstp, srcp, len); 469 - if (likely(ret == PA_MEMCPY_OK)) 470 - return 0; 471 - 472 - /* if a load or store fault occured we can get the faulty addr */ 473 - d = this_cpu_ptr(&exception_data); 474 - fault_addr = d->fault_addr; 475 - 476 - /* error in load or store? */ 477 - if (ret == PA_MEMCPY_LOAD_ERROR) 478 - reference = (unsigned long) srcp; 479 - else 480 - reference = (unsigned long) dstp; 481 - 482 - DPRINTF("pa_memcpy: fault type = %lu, len=%lu fault_addr=%lu ref=%lu\n", 483 - ret, len, fault_addr, reference); 484 - 485 - if (fault_addr >= reference) 486 - return len - (fault_addr - reference); 487 - else 488 - return len; 489 - } 490 - 491 - #ifdef __KERNEL__ 492 39 unsigned long __copy_to_user(void __user *dst, const void *src, 493 40 unsigned long len) 494 41 { ··· 84 537 85 538 return __probe_kernel_read(dst, src, size); 86 539 } 87 - 88 - #endif

+17

arch/parisc/mm/fault.c

··· 150 150 d->fault_space = regs->isr; 151 151 d->fault_addr = regs->ior; 152 152 153 + /* 154 + * Fix up get_user() and put_user(). 155 + * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() sets the least-significant 156 + * bit in the relative address of the fixup routine to indicate 157 + * that %r8 should be loaded with -EFAULT to report a userspace 158 + * access error. 159 + */ 160 + if (fix->fixup & 1) { 161 + regs->gr[8] = -EFAULT; 162 + 163 + /* zero target register for get_user() */ 164 + if (parisc_acctyp(0, regs->iir) == VM_READ) { 165 + int treg = regs->iir & 0x1f; 166 + regs->gr[treg] = 0; 167 + } 168 + } 169 + 153 170 regs->iaoq[0] = (unsigned long)&fix->fixup + fix->fixup; 154 171 regs->iaoq[0] &= ~3; 155 172 /*

+3

arch/powerpc/crypto/crc32c-vpmsum_glue.c

··· 33 33 } 34 34 35 35 if (len & ~VMX_ALIGN_MASK) { 36 + preempt_disable(); 36 37 pagefault_disable(); 37 38 enable_kernel_altivec(); 38 39 crc = __crc32c_vpmsum(crc, p, len & ~VMX_ALIGN_MASK); 40 + disable_kernel_altivec(); 39 41 pagefault_enable(); 42 + preempt_enable(); 40 43 } 41 44 42 45 tail = len & VMX_ALIGN_MASK;

+19 -8

arch/powerpc/kernel/align.c

··· 807 807 nb = aligninfo[instr].len; 808 808 flags = aligninfo[instr].flags; 809 809 810 - /* ldbrx/stdbrx overlap lfs/stfs in the DSISR unfortunately */ 811 - if (IS_XFORM(instruction) && ((instruction >> 1) & 0x3ff) == 532) { 812 - nb = 8; 813 - flags = LD+SW; 814 - } else if (IS_XFORM(instruction) && 815 - ((instruction >> 1) & 0x3ff) == 660) { 816 - nb = 8; 817 - flags = ST+SW; 810 + /* 811 + * Handle some cases which give overlaps in the DSISR values. 812 + */ 813 + if (IS_XFORM(instruction)) { 814 + switch (get_xop(instruction)) { 815 + case 532: /* ldbrx */ 816 + nb = 8; 817 + flags = LD+SW; 818 + break; 819 + case 660: /* stdbrx */ 820 + nb = 8; 821 + flags = ST+SW; 822 + break; 823 + case 20: /* lwarx */ 824 + case 84: /* ldarx */ 825 + case 116: /* lharx */ 826 + case 276: /* lqarx */ 827 + return 0; /* not emulated ever */ 828 + } 818 829 } 819 830 820 831 /* Byteswap little endian loads and stores */

+2 -2

arch/powerpc/kernel/misc_64.S

··· 67 67 * flush all bytes from start through stop-1 inclusive 68 68 */ 69 69 70 - _GLOBAL(flush_icache_range) 70 + _GLOBAL_TOC(flush_icache_range) 71 71 BEGIN_FTR_SECTION 72 72 PURGE_PREFETCHED_INS 73 73 blr ··· 120 120 * 121 121 * flush all bytes from start to stop-1 inclusive 122 122 */ 123 - _GLOBAL(flush_dcache_range) 123 + _GLOBAL_TOC(flush_dcache_range) 124 124 125 125 /* 126 126 * Flush the data cache to memory

+9

arch/powerpc/kernel/setup_64.c

··· 236 236 mtspr(SPRN_LPCR, lpcr | LPCR_AIL_3); 237 237 } 238 238 239 + /* 240 + * Fixup HFSCR:TM based on CPU features. The bit is set by our 241 + * early asm init because at that point we haven't updated our 242 + * CPU features from firmware and device-tree. Here we have, 243 + * so let's do it. 244 + */ 245 + if (cpu_has_feature(CPU_FTR_HVMODE) && !cpu_has_feature(CPU_FTR_TM_COMP)) 246 + mtspr(SPRN_HFSCR, mfspr(SPRN_HFSCR) & ~HFSCR_TM); 247 + 239 248 /* Set IR and DR in PACA MSR */ 240 249 get_paca()->kernel_msr = MSR_KERNEL; 241 250 }

+4

arch/powerpc/kvm/book3s_64_mmu_hv.c

··· 1487 1487 /* start new resize */ 1488 1488 1489 1489 resize = kzalloc(sizeof(*resize), GFP_KERNEL); 1490 + if (!resize) { 1491 + ret = -ENOMEM; 1492 + goto out; 1493 + } 1490 1494 resize->order = shift; 1491 1495 resize->kvm = kvm; 1492 1496 INIT_WORK(&resize->work, resize_hpt_prepare_work);

+5 -2

arch/powerpc/mm/hash_native_64.c

··· 638 638 unsigned long psize = batch->psize; 639 639 int ssize = batch->ssize; 640 640 int i; 641 + unsigned int use_local; 642 + 643 + use_local = local && mmu_has_feature(MMU_FTR_TLBIEL) && 644 + mmu_psize_defs[psize].tlbiel && !cxl_ctx_in_use(); 641 645 642 646 local_irq_save(flags); 643 647 ··· 671 667 } pte_iterate_hashed_end(); 672 668 } 673 669 674 - if (mmu_has_feature(MMU_FTR_TLBIEL) && 675 - mmu_psize_defs[psize].tlbiel && local) { 670 + if (use_local) { 676 671 asm volatile("ptesync":::"memory"); 677 672 for (i = 0; i < number; i++) { 678 673 vpn = batch->vpn[i];

+19 -16

arch/s390/boot/compressed/misc.c

··· 141 141 142 142 unsigned long decompress_kernel(void) 143 143 { 144 - unsigned long output_addr; 145 - unsigned char *output; 144 + void *output, *kernel_end; 146 145 147 - output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL; 148 - check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start); 149 - memset(&_bss, 0, &_ebss - &_bss); 150 - free_mem_ptr = (unsigned long)&_end; 151 - free_mem_end_ptr = free_mem_ptr + HEAP_SIZE; 152 - output = (unsigned char *) output_addr; 146 + output = (void *) ALIGN((unsigned long) &_end + HEAP_SIZE, PAGE_SIZE); 147 + kernel_end = output + SZ__bss_start; 148 + check_ipl_parmblock((void *) 0, (unsigned long) kernel_end); 153 149 154 150 #ifdef CONFIG_BLK_DEV_INITRD 155 151 /* 156 152 * Move the initrd right behind the end of the decompressed 157 - * kernel image. 153 + * kernel image. This also prevents initrd corruption caused by 154 + * bss clearing since kernel_end will always be located behind the 155 + * current bss section.. 158 156 */ 159 - if (INITRD_START && INITRD_SIZE && 160 - INITRD_START < (unsigned long) output + SZ__bss_start) { 161 - check_ipl_parmblock(output + SZ__bss_start, 162 - INITRD_START + INITRD_SIZE); 163 - memmove(output + SZ__bss_start, 164 - (void *) INITRD_START, INITRD_SIZE); 165 - INITRD_START = (unsigned long) output + SZ__bss_start; 157 + if (INITRD_START && INITRD_SIZE && kernel_end > (void *) INITRD_START) { 158 + check_ipl_parmblock(kernel_end, INITRD_SIZE); 159 + memmove(kernel_end, (void *) INITRD_START, INITRD_SIZE); 160 + INITRD_START = (unsigned long) kernel_end; 166 161 } 167 162 #endif 163 + 164 + /* 165 + * Clear bss section. free_mem_ptr and free_mem_end_ptr need to be 166 + * initialized afterwards since they reside in bss. 167 + */ 168 + memset(&_bss, 0, &_ebss - &_bss); 169 + free_mem_ptr = (unsigned long) &_end; 170 + free_mem_end_ptr = free_mem_ptr + HEAP_SIZE; 168 171 169 172 puts("Uncompressing Linux... "); 170 173 __decompress(input_data, input_len, NULL, NULL, output, 0, NULL, error);

-1

arch/s390/include/asm/sections.h

··· 4 4 #include <asm-generic/sections.h> 5 5 6 6 extern char _eshared[], _ehead[]; 7 - extern char __start_ro_after_init[], __end_ro_after_init[]; 8 7 9 8 #endif

+1 -1

arch/s390/include/asm/uaccess.h

··· 147 147 " jg 2b\n" \ 148 148 ".popsection\n" \ 149 149 EX_TABLE(0b,3b) EX_TABLE(1b,3b) \ 150 - : "=d" (__rc), "=Q" (*(to)) \ 150 + : "=d" (__rc), "+Q" (*(to)) \ 151 151 : "d" (size), "Q" (*(from)), \ 152 152 "d" (__reg0), "K" (-EFAULT) \ 153 153 : "cc"); \

+2 -3

arch/s390/kernel/smp.c

··· 909 909 { 910 910 struct pcpu *pcpu = pcpu_devices; 911 911 912 + WARN_ON(!cpu_present(0) || !cpu_online(0)); 912 913 pcpu->state = CPU_STATE_CONFIGURED; 913 - pcpu->address = stap(); 914 914 pcpu->lowcore = (struct lowcore *)(unsigned long) store_prefix(); 915 915 S390_lowcore.percpu_offset = __per_cpu_offset[0]; 916 916 smp_cpu_set_polarization(0, POLARIZATION_UNKNOWN); 917 - set_cpu_present(0, true); 918 - set_cpu_online(0, true); 919 917 } 920 918 921 919 void __init smp_cpus_done(unsigned int max_cpus) ··· 922 924 923 925 void __init smp_setup_processor_id(void) 924 926 { 927 + pcpu_devices[0].address = stap(); 925 928 S390_lowcore.cpu_nr = 0; 926 929 S390_lowcore.spinlock_lockval = arch_spin_lockval(0); 927 930 }

-2

arch/s390/kernel/vmlinux.lds.S

··· 63 63 64 64 . = ALIGN(PAGE_SIZE); 65 65 __start_ro_after_init = .; 66 - __start_data_ro_after_init = .; 67 66 .data..ro_after_init : { 68 67 *(.data..ro_after_init) 69 68 } 70 - __end_data_ro_after_init = .; 71 69 EXCEPTION_TABLE(16) 72 70 . = ALIGN(PAGE_SIZE); 73 71 __end_ro_after_init = .;

+2 -5

arch/s390/kvm/gaccess.c

··· 168 168 unsigned long z : 1; /* Zero Bit */ 169 169 unsigned long i : 1; /* Page-Invalid Bit */ 170 170 unsigned long p : 1; /* DAT-Protection Bit */ 171 - unsigned long co : 1; /* Change-Recording Override */ 172 - unsigned long : 8; 171 + unsigned long : 9; 173 172 }; 174 173 }; 175 174 ··· 744 745 return PGM_PAGE_TRANSLATION; 745 746 if (pte.z) 746 747 return PGM_TRANSLATION_SPEC; 747 - if (pte.co && !edat1) 748 - return PGM_TRANSLATION_SPEC; 749 748 dat_protection |= pte.p; 750 749 raddr.pfra = pte.pfra; 751 750 real_address: ··· 1179 1182 rc = gmap_read_table(sg->parent, pgt + vaddr.px * 8, &pte.val); 1180 1183 if (!rc && pte.i) 1181 1184 rc = PGM_PAGE_TRANSLATION; 1182 - if (!rc && (pte.z || (pte.co && sg->edat_level < 1))) 1185 + if (!rc && pte.z) 1183 1186 rc = PGM_TRANSLATION_SPEC; 1184 1187 shadow_page: 1185 1188 pte.p |= dat_protection;

+2 -1

arch/sparc/include/asm/page_64.h

··· 17 17 18 18 #define HPAGE_SHIFT 23 19 19 #define REAL_HPAGE_SHIFT 22 20 + #define HPAGE_2GB_SHIFT 31 20 21 #define HPAGE_256MB_SHIFT 28 21 22 #define HPAGE_64K_SHIFT 16 22 23 #define REAL_HPAGE_SIZE (_AC(1,UL) << REAL_HPAGE_SHIFT) ··· 28 27 #define HUGETLB_PAGE_ORDER (HPAGE_SHIFT - PAGE_SHIFT) 29 28 #define HAVE_ARCH_HUGETLB_UNMAPPED_AREA 30 29 #define REAL_HPAGE_PER_HPAGE (_AC(1,UL) << (HPAGE_SHIFT - REAL_HPAGE_SHIFT)) 31 - #define HUGE_MAX_HSTATE 3 30 + #define HUGE_MAX_HSTATE 4 32 31 #endif 33 32 34 33 #ifndef __ASSEMBLY__

+8 -7

arch/sparc/include/asm/pgtable_64.h

··· 679 679 return pte_pfn(pte); 680 680 } 681 681 682 + #define __HAVE_ARCH_PMD_WRITE 683 + static inline unsigned long pmd_write(pmd_t pmd) 684 + { 685 + pte_t pte = __pte(pmd_val(pmd)); 686 + 687 + return pte_write(pte); 688 + } 689 + 682 690 #ifdef CONFIG_TRANSPARENT_HUGEPAGE 683 691 static inline unsigned long pmd_dirty(pmd_t pmd) 684 692 { ··· 700 692 pte_t pte = __pte(pmd_val(pmd)); 701 693 702 694 return pte_young(pte); 703 - } 704 - 705 - static inline unsigned long pmd_write(pmd_t pmd) 706 - { 707 - pte_t pte = __pte(pmd_val(pmd)); 708 - 709 - return pte_write(pte); 710 695 } 711 696 712 697 static inline unsigned long pmd_trans_huge(pmd_t pmd)

-6

arch/sparc/include/asm/processor_32.h

··· 18 18 #include <asm/signal.h> 19 19 #include <asm/page.h> 20 20 21 - /* 22 - * The sparc has no problems with write protection 23 - */ 24 - #define wp_works_ok 1 25 - #define wp_works_ok__is_a_macro /* for versions in ksyms.c */ 26 - 27 21 /* Whee, this is STACK_TOP + PAGE_SIZE and the lowest kernel address too... 28 22 * That one page is used to protect kernel from intruders, so that 29 23 * we can make our access_ok test faster

-4

arch/sparc/include/asm/processor_64.h

··· 18 18 #include <asm/ptrace.h> 19 19 #include <asm/page.h> 20 20 21 - /* The sparc has no problems with write protection */ 22 - #define wp_works_ok 1 23 - #define wp_works_ok__is_a_macro /* for versions in ksyms.c */ 24 - 25 21 /* 26 22 * User lives in his very own context, and cannot reference us. Note 27 23 * that TASK_SIZE is a misnomer, it really gives maximum user virtual

+4

arch/sparc/kernel/head_64.S

··· 96 96 andn %g1, PSTATE_AM, %g1 97 97 wrpr %g1, 0x0, %pstate 98 98 ba,a,pt %xcc, 1f 99 + nop 99 100 100 101 .globl prom_finddev_name, prom_chosen_path, prom_root_node 101 102 .globl prom_getprop_name, prom_mmu_name, prom_peer_name ··· 614 613 nop 615 614 616 615 ba,a,pt %xcc, 80f 616 + nop 617 617 niagara4_patch: 618 618 call niagara4_patch_copyops 619 619 nop ··· 624 622 nop 625 623 626 624 ba,a,pt %xcc, 80f 625 + nop 627 626 628 627 niagara2_patch: 629 628 call niagara2_patch_copyops ··· 635 632 nop 636 633 637 634 ba,a,pt %xcc, 80f 635 + nop 638 636 639 637 niagara_patch: 640 638 call niagara_patch_copyops

+1

arch/sparc/kernel/misctrap.S

··· 82 82 call handle_stdfmna 83 83 add %sp, PTREGS_OFF, %o0 84 84 ba,a,pt %xcc, rtrap 85 + nop 85 86 .size do_stdfmna,.-do_stdfmna 86 87 87 88 .type breakpoint_trap,#function

+1 -1

arch/sparc/kernel/ptrace_64.c

··· 351 351 } 352 352 353 353 if (!ret) { 354 - unsigned long y; 354 + unsigned long y = regs->y; 355 355 356 356 ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, 357 357 &y,

+1

arch/sparc/kernel/rtrap_64.S

··· 237 237 bne,pt %xcc, user_rtt_fill_32bit 238 238 wrpr %g1, %cwp 239 239 ba,a,pt %xcc, user_rtt_fill_64bit 240 + nop 240 241 241 242 user_rtt_fill_fixup_dax: 242 243 ba,pt %xcc, user_rtt_fill_fixup_common

+1

arch/sparc/kernel/spiterrs.S

··· 86 86 rd %pc, %g7 87 87 88 88 ba,a,pt %xcc, 2f 89 + nop 89 90 90 91 1: ba,pt %xcc, etrap_irq 91 92 rd %pc, %g7

+1

arch/sparc/kernel/sun4v_tlb_miss.S

··· 352 352 call sun4v_do_mna 353 353 add %sp, PTREGS_OFF, %o0 354 354 ba,a,pt %xcc, rtrap 355 + nop 355 356 356 357 /* Privileged Action. */ 357 358 sun4v_privact:

+1

arch/sparc/kernel/urtt_fill.S

··· 92 92 call sun4v_data_access_exception 93 93 nop 94 94 ba,a,pt %xcc, rtrap 95 + nop 95 96 96 97 1: call spitfire_data_access_exception 97 98 nop

+2

arch/sparc/kernel/winfixup.S

··· 152 152 call sun4v_data_access_exception 153 153 nop 154 154 ba,a,pt %xcc, rtrap 155 + nop 155 156 1: call spitfire_data_access_exception 156 157 nop 157 158 ba,a,pt %xcc, rtrap 159 + nop

+4

arch/sparc/lib/NG2memcpy.S

··· 326 326 blu 170f 327 327 nop 328 328 ba,a,pt %xcc, 180f 329 + nop 329 330 330 331 4: /* 32 <= low bits < 48 */ 331 332 blu 150f 332 333 nop 333 334 ba,a,pt %xcc, 160f 335 + nop 334 336 5: /* 0 < low bits < 32 */ 335 337 blu,a 6f 336 338 cmp %g2, 8 ··· 340 338 blu 130f 341 339 nop 342 340 ba,a,pt %xcc, 140f 341 + nop 343 342 6: /* 0 < low bits < 16 */ 344 343 bgeu 120f 345 344 nop ··· 478 475 brz,pt %o2, 85f 479 476 sub %o0, %o1, GLOBAL_SPARE 480 477 ba,a,pt %XCC, 90f 478 + nop 481 479 482 480 .align 64 483 481 75: /* 16 < len <= 64 */

+1

arch/sparc/lib/NG4memcpy.S

··· 530 530 bne,pt %icc, 1b 531 531 EX_ST(STORE(stb, %g1, %o0 - 0x01), NG4_retl_o2_plus_1) 532 532 ba,a,pt %icc, .Lexit 533 + nop 533 534 .size FUNC_NAME, .-FUNC_NAME

+1

arch/sparc/lib/NG4memset.S

··· 102 102 bne,pt %icc, 1b 103 103 add %o0, 0x30, %o0 104 104 ba,a,pt %icc, .Lpostloop 105 + nop 105 106 .size NG4bzero,.-NG4bzero

+1

arch/sparc/lib/NGmemcpy.S

··· 394 394 brz,pt %i2, 85f 395 395 sub %o0, %i1, %i3 396 396 ba,a,pt %XCC, 90f 397 + nop 397 398 398 399 .align 64 399 400 70: /* 16 < len <= 64 */

+8 -1

arch/sparc/mm/hugetlbpage.c

··· 143 143 pte_val(entry) = pte_val(entry) & ~_PAGE_SZALL_4V; 144 144 145 145 switch (shift) { 146 + case HPAGE_2GB_SHIFT: 147 + hugepage_size = _PAGE_SZ2GB_4V; 148 + pte_val(entry) |= _PAGE_PMD_HUGE; 149 + break; 146 150 case HPAGE_256MB_SHIFT: 147 151 hugepage_size = _PAGE_SZ256MB_4V; 148 152 pte_val(entry) |= _PAGE_PMD_HUGE; ··· 187 183 unsigned int shift; 188 184 189 185 switch (tte_szbits) { 186 + case _PAGE_SZ2GB_4V: 187 + shift = HPAGE_2GB_SHIFT; 188 + break; 190 189 case _PAGE_SZ256MB_4V: 191 190 shift = HPAGE_256MB_SHIFT; 192 191 break; ··· 268 261 if (!pmd) 269 262 return NULL; 270 263 271 - if (sz == PMD_SHIFT) 264 + if (sz >= PMD_SIZE) 272 265 pte = (pte_t *)pmd; 273 266 else 274 267 pte = pte_alloc_map(mm, pmd, addr);

+5 -1

arch/sparc/mm/init_64.c

··· 337 337 hugepage_shift = ilog2(hugepage_size); 338 338 339 339 switch (hugepage_shift) { 340 + case HPAGE_2GB_SHIFT: 341 + hv_pgsz_mask = HV_PGSZ_MASK_2GB; 342 + hv_pgsz_idx = HV_PGSZ_IDX_2GB; 343 + break; 340 344 case HPAGE_256MB_SHIFT: 341 345 hv_pgsz_mask = HV_PGSZ_MASK_256MB; 342 346 hv_pgsz_idx = HV_PGSZ_IDX_256MB; ··· 1567 1563 if ((long)addr < 0L) { 1568 1564 unsigned long pa = __pa(addr); 1569 1565 1570 - if ((addr >> max_phys_bits) != 0UL) 1566 + if ((pa >> max_phys_bits) != 0UL) 1571 1567 return false; 1572 1568 1573 1569 return pfn_valid(pa >> PAGE_SHIFT);

+1

arch/sparc/mm/srmmu.c

··· 54 54 enum mbus_module srmmu_modtype; 55 55 static unsigned int hwbug_bitmask; 56 56 int vac_cache_size; 57 + EXPORT_SYMBOL(vac_cache_size); 57 58 int vac_line_size; 58 59 59 60 extern struct resource sparc_iomap;

+3 -3

arch/sparc/mm/tlb.c

··· 154 154 if (pte_val(*pte) & _PAGE_VALID) { 155 155 bool exec = pte_exec(*pte); 156 156 157 - tlb_batch_add_one(mm, vaddr, exec, false); 157 + tlb_batch_add_one(mm, vaddr, exec, PAGE_SHIFT); 158 158 } 159 159 pte++; 160 160 vaddr += PAGE_SIZE; ··· 209 209 pte_t orig_pte = __pte(pmd_val(orig)); 210 210 bool exec = pte_exec(orig_pte); 211 211 212 - tlb_batch_add_one(mm, addr, exec, true); 212 + tlb_batch_add_one(mm, addr, exec, REAL_HPAGE_SHIFT); 213 213 tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec, 214 - true); 214 + REAL_HPAGE_SHIFT); 215 215 } else { 216 216 tlb_batch_pmd_scan(mm, addr, orig); 217 217 }

+2 -2

arch/sparc/mm/tsb.c

··· 122 122 123 123 spin_lock_irqsave(&mm->context.lock, flags); 124 124 125 - if (tb->hugepage_shift < HPAGE_SHIFT) { 125 + if (tb->hugepage_shift < REAL_HPAGE_SHIFT) { 126 126 base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; 127 127 nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; 128 128 if (tlb_type == cheetah_plus || tlb_type == hypervisor) ··· 155 155 156 156 spin_lock_irqsave(&mm->context.lock, flags); 157 157 158 - if (hugepage_shift < HPAGE_SHIFT) { 158 + if (hugepage_shift < REAL_HPAGE_SHIFT) { 159 159 base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; 160 160 nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; 161 161 if (tlb_type == cheetah_plus || tlb_type == hypervisor)

+31 -4

arch/x86/Makefile

··· 120 120 # -funit-at-a-time shrinks the kernel .text considerably 121 121 # unfortunately it makes reading oopses harder. 122 122 KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time) 123 - 124 - # this works around some issues with generating unwind tables in older gccs 125 - # newer gccs do it by default 126 - KBUILD_CFLAGS += $(call cc-option,-maccumulate-outgoing-args) 127 123 endif 128 124 129 125 ifdef CONFIG_X86_X32 ··· 141 145 # Don't unroll struct assignments with kmemcheck enabled 142 146 ifeq ($(CONFIG_KMEMCHECK),y) 143 147 KBUILD_CFLAGS += $(call cc-option,-fno-builtin-memcpy) 148 + endif 149 + 150 + # 151 + # If the function graph tracer is used with mcount instead of fentry, 152 + # '-maccumulate-outgoing-args' is needed to prevent a GCC bug 153 + # (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=42109) 154 + # 155 + ifdef CONFIG_FUNCTION_GRAPH_TRACER 156 + ifndef CONFIG_HAVE_FENTRY 157 + ACCUMULATE_OUTGOING_ARGS := 1 158 + else 159 + ifeq ($(call cc-option-yn, -mfentry), n) 160 + ACCUMULATE_OUTGOING_ARGS := 1 161 + endif 162 + endif 163 + endif 164 + 165 + # 166 + # Jump labels need '-maccumulate-outgoing-args' for gcc < 4.5.2 to prevent a 167 + # GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=46226). There's no way 168 + # to test for this bug at compile-time because the test case needs to execute, 169 + # which is a no-go for cross compilers. So check the GCC version instead. 170 + # 171 + ifdef CONFIG_JUMP_LABEL 172 + ifneq ($(ACCUMULATE_OUTGOING_ARGS), 1) 173 + ACCUMULATE_OUTGOING_ARGS = $(call cc-if-fullversion, -lt, 040502, 1) 174 + endif 175 + endif 176 + 177 + ifeq ($(ACCUMULATE_OUTGOING_ARGS), 1) 178 + KBUILD_CFLAGS += -maccumulate-outgoing-args 144 179 endif 145 180 146 181 # Stackpointer is addressed different for 32 bit and 64 bit x86

-18

arch/x86/Makefile_32.cpu

··· 45 45 # cpu entries 46 46 cflags-$(CONFIG_X86_GENERIC) += $(call tune,generic,$(call tune,i686)) 47 47 48 - # Work around the pentium-mmx code generator madness of gcc4.4.x which 49 - # does stack alignment by generating horrible code _before_ the mcount 50 - # prologue (push %ebp, mov %esp, %ebp) which breaks the function graph 51 - # tracer assumptions. For i686, generic, core2 this is set by the 52 - # compiler anyway 53 - ifeq ($(CONFIG_FUNCTION_GRAPH_TRACER), y) 54 - ADD_ACCUMULATE_OUTGOING_ARGS := y 55 - endif 56 - 57 - # Work around to a bug with asm goto with first implementations of it 58 - # in gcc causing gcc to mess up the push and pop of the stack in some 59 - # uses of asm goto. 60 - ifeq ($(CONFIG_JUMP_LABEL), y) 61 - ADD_ACCUMULATE_OUTGOING_ARGS := y 62 - endif 63 - 64 - cflags-$(ADD_ACCUMULATE_OUTGOING_ARGS) += $(call cc-option,-maccumulate-outgoing-args) 65 - 66 48 # Bug fix for binutils: this option is required in order to keep 67 49 # binutils from generating NOPL instructions against our will. 68 50 ifneq ($(CONFIG_X86_P6_NOP),y)

+1

arch/x86/boot/compressed/error.c

··· 4 4 * memcpy() and memmove() are defined for the compressed boot environment. 5 5 */ 6 6 #include "misc.h" 7 + #include "error.h" 7 8 8 9 void warn(char *m) 9 10 {

+6 -3

arch/x86/events/core.c

··· 2256 2256 struct perf_event_mmap_page *userpg, u64 now) 2257 2257 { 2258 2258 struct cyc2ns_data *data; 2259 + u64 offset; 2259 2260 2260 2261 userpg->cap_user_time = 0; 2261 2262 userpg->cap_user_time_zero = 0; ··· 2264 2263 !!(event->hw.flags & PERF_X86_EVENT_RDPMC_ALLOWED); 2265 2264 userpg->pmc_width = x86_pmu.cntval_bits; 2266 2265 2267 - if (!sched_clock_stable()) 2266 + if (!using_native_sched_clock() || !sched_clock_stable()) 2268 2267 return; 2269 2268 2270 2269 data = cyc2ns_read_begin(); 2270 + 2271 + offset = data->cyc2ns_offset + __sched_clock_offset; 2271 2272 2272 2273 /* 2273 2274 * Internal timekeeping for enabled/running/stopped times ··· 2278 2275 userpg->cap_user_time = 1; 2279 2276 userpg->time_mult = data->cyc2ns_mul; 2280 2277 userpg->time_shift = data->cyc2ns_shift; 2281 - userpg->time_offset = data->cyc2ns_offset - now; 2278 + userpg->time_offset = offset - now; 2282 2279 2283 2280 /* 2284 2281 * cap_user_time_zero doesn't make sense when we're using a different ··· 2286 2283 */ 2287 2284 if (!event->attr.use_clockid) { 2288 2285 userpg->cap_user_time_zero = 1; 2289 - userpg->time_zero = data->cyc2ns_offset; 2286 + userpg->time_zero = offset; 2290 2287 } 2291 2288 2292 2289 cyc2ns_read_end(data);

+2

arch/x86/include/asm/timer.h

··· 12 12 13 13 extern int no_timer_check; 14 14 15 + extern bool using_native_sched_clock(void); 16 + 15 17 /* 16 18 * We use the full linear equation: f(x) = a + b*x, in order to allow 17 19 * a continuous function in the face of dynamic freq changes.

+5 -3

arch/x86/include/asm/uv/uv_hub.h

··· 485 485 486 486 if (paddr < uv_hub_info->lowmem_remap_top) 487 487 paddr |= uv_hub_info->lowmem_remap_base; 488 - paddr |= uv_hub_info->gnode_upper; 489 - if (m_val) 488 + 489 + if (m_val) { 490 + paddr |= uv_hub_info->gnode_upper; 490 491 paddr = ((paddr << uv_hub_info->m_shift) 491 492 >> uv_hub_info->m_shift) | 492 493 ((paddr >> uv_hub_info->m_val) 493 494 << uv_hub_info->n_lshift); 494 - else 495 + } else { 495 496 paddr |= uv_soc_phys_ram_to_nasid(paddr) 496 497 << uv_hub_info->gpa_shift; 498 + } 497 499 return paddr; 498 500 } 499 501

+2 -1

arch/x86/kernel/apic/x2apic_uv_x.c

··· 1105 1105 node_id.v = uv_read_local_mmr(UVH_NODE_ID); 1106 1106 uv_cpuid.gnode_shift = max_t(unsigned int, uv_cpuid.gnode_shift, mn.n_val); 1107 1107 hi->gnode_extra = (node_id.s.node_id & ~((1 << uv_cpuid.gnode_shift) - 1)) >> 1; 1108 - hi->gnode_upper = (unsigned long)hi->gnode_extra << mn.m_val; 1108 + if (mn.m_val) 1109 + hi->gnode_upper = (u64)hi->gnode_extra << mn.m_val; 1109 1110 1110 1111 if (uv_gp_table) { 1111 1112 hi->global_mmr_base = uv_gp_table->mmr_base;

+6 -1

arch/x86/kernel/cpu/mcheck/mce.c

··· 54 54 55 55 static DEFINE_MUTEX(mce_chrdev_read_mutex); 56 56 57 + static int mce_chrdev_open_count; /* #times opened */ 58 + 57 59 #define mce_log_get_idx_check(p) \ 58 60 ({ \ 59 61 RCU_LOCKDEP_WARN(!rcu_read_lock_sched_held() && \ ··· 598 596 * notifier and us registered. 599 597 */ 600 598 if (atomic_read(&num_notifiers) > 2) 599 + return NOTIFY_DONE; 600 + 601 + /* Don't print when mcelog is running */ 602 + if (mce_chrdev_open_count > 0) 601 603 return NOTIFY_DONE; 602 604 603 605 __print_mce(m); ··· 1834 1828 */ 1835 1829 1836 1830 static DEFINE_SPINLOCK(mce_chrdev_state_lock); 1837 - static int mce_chrdev_open_count; /* #times opened */ 1838 1831 static int mce_chrdev_open_exclu; /* already open exclusive? */ 1839 1832 1840 1833 static int mce_chrdev_open(struct inode *inode, struct file *file)

+1 -1

arch/x86/kernel/cpu/mcheck/mce_amd.c

··· 60 60 "load_store", 61 61 "insn_fetch", 62 62 "combined_unit", 63 - "", 63 + "decode_unit", 64 64 "northbridge", 65 65 "execution_unit", 66 66 };

+6

arch/x86/kernel/ftrace.c

··· 29 29 #include <asm/ftrace.h> 30 30 #include <asm/nops.h> 31 31 32 + #if defined(CONFIG_FUNCTION_GRAPH_TRACER) && \ 33 + !defined(CC_USING_FENTRY) && \ 34 + !defined(CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE) 35 + # error The following combination is not supported: ((compiler missing -mfentry) || (CONFIG_X86_32 and !CONFIG_DYNAMIC_FTRACE)) && CONFIG_FUNCTION_GRAPH_TRACER && CONFIG_CC_OPTIMIZE_FOR_SIZE 36 + #endif 37 + 32 38 #ifdef CONFIG_DYNAMIC_FTRACE 33 39 34 40 int ftrace_arch_code_modify_prepare(void)

+2 -2

arch/x86/kernel/tsc.c

··· 328 328 return paravirt_sched_clock(); 329 329 } 330 330 331 - static inline bool using_native_sched_clock(void) 331 + bool using_native_sched_clock(void) 332 332 { 333 333 return pv_time_ops.sched_clock == native_sched_clock; 334 334 } ··· 336 336 unsigned long long 337 337 sched_clock(void) __attribute__((alias("native_sched_clock"))); 338 338 339 - static inline bool using_native_sched_clock(void) { return true; } 339 + bool using_native_sched_clock(void) { return true; } 340 340 #endif 341 341 342 342 int check_tsc_unstable(void)

+15

arch/x86/kvm/vmx.c

··· 8198 8198 return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES); 8199 8199 case EXIT_REASON_PREEMPTION_TIMER: 8200 8200 return false; 8201 + case EXIT_REASON_PML_FULL: 8202 + /* We don't expose PML support to L1. */ 8203 + return false; 8201 8204 default: 8202 8205 return true; 8203 8206 } ··· 10268 10265 vmx_flush_tlb(vcpu); 10269 10266 } 10270 10267 10268 + } 10269 + 10270 + if (enable_pml) { 10271 + /* 10272 + * Conceptually we want to copy the PML address and index from 10273 + * vmcs01 here, and then back to vmcs01 on nested vmexit. But, 10274 + * since we always flush the log on each vmexit, this happens 10275 + * to be equivalent to simply resetting the fields in vmcs02. 10276 + */ 10277 + ASSERT(vmx->pml_pg); 10278 + vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg)); 10279 + vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1); 10271 10280 } 10272 10281 10273 10282 if (nested_cpu_has_ept(vmcs12)) {

+1 -1

arch/x86/lib/memcpy_64.S

··· 290 290 _ASM_EXTABLE_FAULT(.L_copy_leading_bytes, .L_memcpy_mcsafe_fail) 291 291 _ASM_EXTABLE_FAULT(.L_cache_w0, .L_memcpy_mcsafe_fail) 292 292 _ASM_EXTABLE_FAULT(.L_cache_w1, .L_memcpy_mcsafe_fail) 293 - _ASM_EXTABLE_FAULT(.L_cache_w3, .L_memcpy_mcsafe_fail) 293 + _ASM_EXTABLE_FAULT(.L_cache_w2, .L_memcpy_mcsafe_fail) 294 294 _ASM_EXTABLE_FAULT(.L_cache_w3, .L_memcpy_mcsafe_fail) 295 295 _ASM_EXTABLE_FAULT(.L_cache_w4, .L_memcpy_mcsafe_fail) 296 296 _ASM_EXTABLE_FAULT(.L_cache_w5, .L_memcpy_mcsafe_fail)

+2 -2

arch/x86/mm/kaslr.c

··· 48 48 #if defined(CONFIG_X86_ESPFIX64) 49 49 static const unsigned long vaddr_end = ESPFIX_BASE_ADDR; 50 50 #elif defined(CONFIG_EFI) 51 - static const unsigned long vaddr_end = EFI_VA_START; 51 + static const unsigned long vaddr_end = EFI_VA_END; 52 52 #else 53 53 static const unsigned long vaddr_end = __START_KERNEL_map; 54 54 #endif ··· 105 105 */ 106 106 BUILD_BUG_ON(vaddr_start >= vaddr_end); 107 107 BUILD_BUG_ON(IS_ENABLED(CONFIG_X86_ESPFIX64) && 108 - vaddr_end >= EFI_VA_START); 108 + vaddr_end >= EFI_VA_END); 109 109 BUILD_BUG_ON((IS_ENABLED(CONFIG_X86_ESPFIX64) || 110 110 IS_ENABLED(CONFIG_EFI)) && 111 111 vaddr_end >= __START_KERNEL_map);

+1

arch/x86/purgatory/Makefile

··· 8 8 LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib 9 9 targets += purgatory.ro 10 10 11 + KASAN_SANITIZE := n 11 12 KCOV_INSTRUMENT := n 12 13 13 14 # Default KBUILD_CFLAGS can have -pg option set when FTRACE is enabled. That

+13

arch/xtensa/include/asm/page.h

··· 164 164 165 165 #define ARCH_PFN_OFFSET (PHYS_OFFSET >> PAGE_SHIFT) 166 166 167 + #ifdef CONFIG_MMU 168 + static inline unsigned long ___pa(unsigned long va) 169 + { 170 + unsigned long off = va - PAGE_OFFSET; 171 + 172 + if (off >= XCHAL_KSEG_SIZE) 173 + off -= XCHAL_KSEG_SIZE; 174 + 175 + return off + PHYS_OFFSET; 176 + } 177 + #define __pa(x) ___pa((unsigned long)(x)) 178 + #else 167 179 #define __pa(x) \ 168 180 ((unsigned long) (x) - PAGE_OFFSET + PHYS_OFFSET) 181 + #endif 169 182 #define __va(x) \ 170 183 ((void *)((unsigned long) (x) - PHYS_OFFSET + PAGE_OFFSET)) 171 184 #define pfn_valid(pfn) \

+4 -1

arch/xtensa/include/uapi/asm/unistd.h

··· 774 774 #define __NR_pkey_free 350 775 775 __SYSCALL(350, sys_pkey_free, 1) 776 776 777 - #define __NR_syscall_count 351 777 + #define __NR_statx 351 778 + __SYSCALL(351, sys_statx, 5) 779 + 780 + #define __NR_syscall_count 352 778 781 779 782 /* 780 783 * sysxtensa syscall handler

+2 -4

arch/xtensa/kernel/traps.c

··· 483 483 484 484 static int show_trace_cb(struct stackframe *frame, void *data) 485 485 { 486 - if (kernel_text_address(frame->pc)) { 487 - pr_cont(" [<%08lx>]", frame->pc); 488 - print_symbol(" %s\n", frame->pc); 489 - } 486 + if (kernel_text_address(frame->pc)) 487 + pr_cont(" [<%08lx>] %pB\n", frame->pc, (void *)frame->pc); 490 488 return 0; 491 489 } 492 490

+136 -55

block/blk-mq-sched.c

··· 171 171 172 172 void blk_mq_sched_dispatch_requests(struct blk_mq_hw_ctx *hctx) 173 173 { 174 - struct elevator_queue *e = hctx->queue->elevator; 174 + struct request_queue *q = hctx->queue; 175 + struct elevator_queue *e = q->elevator; 175 176 const bool has_sched_dispatch = e && e->type->ops.mq.dispatch_request; 176 177 bool did_work = false; 177 178 LIST_HEAD(rq_list); ··· 204 203 */ 205 204 if (!list_empty(&rq_list)) { 206 205 blk_mq_sched_mark_restart_hctx(hctx); 207 - did_work = blk_mq_dispatch_rq_list(hctx, &rq_list); 206 + did_work = blk_mq_dispatch_rq_list(q, &rq_list); 208 207 } else if (!has_sched_dispatch) { 209 208 blk_mq_flush_busy_ctxs(hctx, &rq_list); 210 - blk_mq_dispatch_rq_list(hctx, &rq_list); 209 + blk_mq_dispatch_rq_list(q, &rq_list); 211 210 } 212 211 213 212 /* ··· 223 222 if (!rq) 224 223 break; 225 224 list_add(&rq->queuelist, &rq_list); 226 - } while (blk_mq_dispatch_rq_list(hctx, &rq_list)); 225 + } while (blk_mq_dispatch_rq_list(q, &rq_list)); 227 226 } 228 227 } 229 228 ··· 318 317 return true; 319 318 } 320 319 321 - static void blk_mq_sched_restart_hctx(struct blk_mq_hw_ctx *hctx) 320 + static bool blk_mq_sched_restart_hctx(struct blk_mq_hw_ctx *hctx) 322 321 { 323 322 if (test_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state)) { 324 323 clear_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state); 325 - if (blk_mq_hctx_has_pending(hctx)) 324 + if (blk_mq_hctx_has_pending(hctx)) { 326 325 blk_mq_run_hw_queue(hctx, true); 326 + return true; 327 + } 327 328 } 329 + return false; 328 330 } 329 331 330 - void blk_mq_sched_restart_queues(struct blk_mq_hw_ctx *hctx) 331 - { 332 - struct request_queue *q = hctx->queue; 333 - unsigned int i; 332 + /** 333 + * list_for_each_entry_rcu_rr - iterate in a round-robin fashion over rcu list 334 + * @pos: loop cursor. 335 + * @skip: the list element that will not be examined. Iteration starts at 336 + * @skip->next. 337 + * @head: head of the list to examine. This list must have at least one 338 + * element, namely @skip. 339 + * @member: name of the list_head structure within typeof(*pos). 340 + */ 341 + #define list_for_each_entry_rcu_rr(pos, skip, head, member) \ 342 + for ((pos) = (skip); \ 343 + (pos = (pos)->member.next != (head) ? list_entry_rcu( \ 344 + (pos)->member.next, typeof(*pos), member) : \ 345 + list_entry_rcu((pos)->member.next->next, typeof(*pos), member)), \ 346 + (pos) != (skip); ) 334 347 335 - if (test_bit(QUEUE_FLAG_RESTART, &q->queue_flags)) { 336 - if (test_and_clear_bit(QUEUE_FLAG_RESTART, &q->queue_flags)) { 337 - queue_for_each_hw_ctx(q, hctx, i) 338 - blk_mq_sched_restart_hctx(hctx); 348 + /* 349 + * Called after a driver tag has been freed to check whether a hctx needs to 350 + * be restarted. Restarts @hctx if its tag set is not shared. Restarts hardware 351 + * queues in a round-robin fashion if the tag set of @hctx is shared with other 352 + * hardware queues. 353 + */ 354 + void blk_mq_sched_restart(struct blk_mq_hw_ctx *const hctx) 355 + { 356 + struct blk_mq_tags *const tags = hctx->tags; 357 + struct blk_mq_tag_set *const set = hctx->queue->tag_set; 358 + struct request_queue *const queue = hctx->queue, *q; 359 + struct blk_mq_hw_ctx *hctx2; 360 + unsigned int i, j; 361 + 362 + if (set->flags & BLK_MQ_F_TAG_SHARED) { 363 + rcu_read_lock(); 364 + list_for_each_entry_rcu_rr(q, queue, &set->tag_list, 365 + tag_set_list) { 366 + queue_for_each_hw_ctx(q, hctx2, i) 367 + if (hctx2->tags == tags && 368 + blk_mq_sched_restart_hctx(hctx2)) 369 + goto done; 339 370 } 371 + j = hctx->queue_num + 1; 372 + for (i = 0; i < queue->nr_hw_queues; i++, j++) { 373 + if (j == queue->nr_hw_queues) 374 + j = 0; 375 + hctx2 = queue->queue_hw_ctx[j]; 376 + if (hctx2->tags == tags && 377 + blk_mq_sched_restart_hctx(hctx2)) 378 + break; 379 + } 380 + done: 381 + rcu_read_unlock(); 340 382 } else { 341 383 blk_mq_sched_restart_hctx(hctx); 342 384 } ··· 475 431 } 476 432 } 477 433 478 - int blk_mq_sched_setup(struct request_queue *q) 434 + static int blk_mq_sched_alloc_tags(struct request_queue *q, 435 + struct blk_mq_hw_ctx *hctx, 436 + unsigned int hctx_idx) 479 437 { 480 438 struct blk_mq_tag_set *set = q->tag_set; 481 - struct blk_mq_hw_ctx *hctx; 482 - int ret, i; 439 + int ret; 483 440 484 - /* 485 - * Default to 256, since we don't split into sync/async like the 486 - * old code did. Additionally, this is a per-hw queue depth. 487 - */ 488 - q->nr_requests = 2 * BLKDEV_MAX_RQ; 441 + hctx->sched_tags = blk_mq_alloc_rq_map(set, hctx_idx, q->nr_requests, 442 + set->reserved_tags); 443 + if (!hctx->sched_tags) 444 + return -ENOMEM; 489 445 490 - /* 491 - * We're switching to using an IO scheduler, so setup the hctx 492 - * scheduler tags and switch the request map from the regular 493 - * tags to scheduler tags. First allocate what we need, so we 494 - * can safely fail and fallback, if needed. 495 - */ 496 - ret = 0; 497 - queue_for_each_hw_ctx(q, hctx, i) { 498 - hctx->sched_tags = blk_mq_alloc_rq_map(set, i, 499 - q->nr_requests, set->reserved_tags); 500 - if (!hctx->sched_tags) { 501 - ret = -ENOMEM; 502 - break; 503 - } 504 - ret = blk_mq_alloc_rqs(set, hctx->sched_tags, i, q->nr_requests); 505 - if (ret) 506 - break; 507 - } 446 + ret = blk_mq_alloc_rqs(set, hctx->sched_tags, hctx_idx, q->nr_requests); 447 + if (ret) 448 + blk_mq_sched_free_tags(set, hctx, hctx_idx); 508 449 509 - /* 510 - * If we failed, free what we did allocate 511 - */ 512 - if (ret) { 513 - queue_for_each_hw_ctx(q, hctx, i) { 514 - if (!hctx->sched_tags) 515 - continue; 516 - blk_mq_sched_free_tags(set, hctx, i); 517 - } 518 - 519 - return ret; 520 - } 521 - 522 - return 0; 450 + return ret; 523 451 } 524 452 525 - void blk_mq_sched_teardown(struct request_queue *q) 453 + static void blk_mq_sched_tags_teardown(struct request_queue *q) 526 454 { 527 455 struct blk_mq_tag_set *set = q->tag_set; 528 456 struct blk_mq_hw_ctx *hctx; ··· 502 486 503 487 queue_for_each_hw_ctx(q, hctx, i) 504 488 blk_mq_sched_free_tags(set, hctx, i); 489 + } 490 + 491 + int blk_mq_sched_init_hctx(struct request_queue *q, struct blk_mq_hw_ctx *hctx, 492 + unsigned int hctx_idx) 493 + { 494 + struct elevator_queue *e = q->elevator; 495 + 496 + if (!e) 497 + return 0; 498 + 499 + return blk_mq_sched_alloc_tags(q, hctx, hctx_idx); 500 + } 501 + 502 + void blk_mq_sched_exit_hctx(struct request_queue *q, struct blk_mq_hw_ctx *hctx, 503 + unsigned int hctx_idx) 504 + { 505 + struct elevator_queue *e = q->elevator; 506 + 507 + if (!e) 508 + return; 509 + 510 + blk_mq_sched_free_tags(q->tag_set, hctx, hctx_idx); 511 + } 512 + 513 + int blk_mq_init_sched(struct request_queue *q, struct elevator_type *e) 514 + { 515 + struct blk_mq_hw_ctx *hctx; 516 + unsigned int i; 517 + int ret; 518 + 519 + if (!e) { 520 + q->elevator = NULL; 521 + return 0; 522 + } 523 + 524 + /* 525 + * Default to 256, since we don't split into sync/async like the 526 + * old code did. Additionally, this is a per-hw queue depth. 527 + */ 528 + q->nr_requests = 2 * BLKDEV_MAX_RQ; 529 + 530 + queue_for_each_hw_ctx(q, hctx, i) { 531 + ret = blk_mq_sched_alloc_tags(q, hctx, i); 532 + if (ret) 533 + goto err; 534 + } 535 + 536 + ret = e->ops.mq.init_sched(q, e); 537 + if (ret) 538 + goto err; 539 + 540 + return 0; 541 + 542 + err: 543 + blk_mq_sched_tags_teardown(q); 544 + q->elevator = NULL; 545 + return ret; 546 + } 547 + 548 + void blk_mq_exit_sched(struct request_queue *q, struct elevator_queue *e) 549 + { 550 + if (e->type->ops.mq.exit_sched) 551 + e->type->ops.mq.exit_sched(e); 552 + blk_mq_sched_tags_teardown(q); 553 + q->elevator = NULL; 505 554 } 506 555 507 556 int blk_mq_sched_init(struct request_queue *q)

+8 -17

block/blk-mq-sched.h

··· 19 19 struct request **merged_request); 20 20 bool __blk_mq_sched_bio_merge(struct request_queue *q, struct bio *bio); 21 21 bool blk_mq_sched_try_insert_merge(struct request_queue *q, struct request *rq); 22 - void blk_mq_sched_restart_queues(struct blk_mq_hw_ctx *hctx); 22 + void blk_mq_sched_restart(struct blk_mq_hw_ctx *hctx); 23 23 24 24 void blk_mq_sched_insert_request(struct request *rq, bool at_head, 25 25 bool run_queue, bool async, bool can_block); ··· 32 32 struct list_head *rq_list, 33 33 struct request *(*get_rq)(struct blk_mq_hw_ctx *)); 34 34 35 - int blk_mq_sched_setup(struct request_queue *q); 36 - void blk_mq_sched_teardown(struct request_queue *q); 35 + int blk_mq_init_sched(struct request_queue *q, struct elevator_type *e); 36 + void blk_mq_exit_sched(struct request_queue *q, struct elevator_queue *e); 37 + 38 + int blk_mq_sched_init_hctx(struct request_queue *q, struct blk_mq_hw_ctx *hctx, 39 + unsigned int hctx_idx); 40 + void blk_mq_sched_exit_hctx(struct request_queue *q, struct blk_mq_hw_ctx *hctx, 41 + unsigned int hctx_idx); 37 42 38 43 int blk_mq_sched_init(struct request_queue *q); 39 44 ··· 134 129 { 135 130 if (!test_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state)) 136 131 set_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state); 137 - } 138 - 139 - /* 140 - * Mark a hardware queue and the request queue it belongs to as needing a 141 - * restart. 142 - */ 143 - static inline void blk_mq_sched_mark_restart_queue(struct blk_mq_hw_ctx *hctx) 144 - { 145 - struct request_queue *q = hctx->queue; 146 - 147 - if (!test_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state)) 148 - set_bit(BLK_MQ_S_SCHED_RESTART, &hctx->state); 149 - if (!test_bit(QUEUE_FLAG_RESTART, &q->queue_flags)) 150 - set_bit(QUEUE_FLAG_RESTART, &q->queue_flags); 151 132 } 152 133 153 134 static inline bool blk_mq_sched_needs_restart(struct blk_mq_hw_ctx *hctx)

+66 -26

block/blk-mq.c

··· 321 321 322 322 rq = blk_mq_sched_get_request(q, NULL, rw, &alloc_data); 323 323 324 - blk_mq_put_ctx(alloc_data.ctx); 325 324 blk_queue_exit(q); 326 325 327 326 if (!rq) ··· 348 349 blk_mq_put_tag(hctx, hctx->tags, ctx, rq->tag); 349 350 if (sched_tag != -1) 350 351 blk_mq_sched_completed_request(hctx, rq); 351 - blk_mq_sched_restart_queues(hctx); 352 + blk_mq_sched_restart(hctx); 352 353 blk_queue_exit(q); 353 354 } 354 355 ··· 845 846 .flags = wait ? 0 : BLK_MQ_REQ_NOWAIT, 846 847 }; 847 848 848 - if (rq->tag != -1) { 849 - done: 850 - if (hctx) 851 - *hctx = data.hctx; 852 - return true; 853 - } 849 + if (rq->tag != -1) 850 + goto done; 854 851 855 852 if (blk_mq_tag_is_reserved(data.hctx->sched_tags, rq->internal_tag)) 856 853 data.flags |= BLK_MQ_REQ_RESERVED; ··· 858 863 atomic_inc(&data.hctx->nr_active); 859 864 } 860 865 data.hctx->tags->rqs[rq->tag] = rq; 861 - goto done; 862 866 } 863 867 864 - return false; 868 + done: 869 + if (hctx) 870 + *hctx = data.hctx; 871 + return rq->tag != -1; 865 872 } 866 873 867 874 static void __blk_mq_put_driver_tag(struct blk_mq_hw_ctx *hctx, ··· 960 963 return true; 961 964 } 962 965 963 - bool blk_mq_dispatch_rq_list(struct blk_mq_hw_ctx *hctx, struct list_head *list) 966 + bool blk_mq_dispatch_rq_list(struct request_queue *q, struct list_head *list) 964 967 { 965 - struct request_queue *q = hctx->queue; 968 + struct blk_mq_hw_ctx *hctx; 966 969 struct request *rq; 967 970 LIST_HEAD(driver_list); 968 971 struct list_head *dptr; 969 - int queued, ret = BLK_MQ_RQ_QUEUE_OK; 972 + int errors, queued, ret = BLK_MQ_RQ_QUEUE_OK; 973 + 974 + if (list_empty(list)) 975 + return false; 970 976 971 977 /* 972 978 * Start off with dptr being NULL, so we start the first request ··· 980 980 /* 981 981 * Now process all the entries, sending them to the driver. 982 982 */ 983 - queued = 0; 984 - while (!list_empty(list)) { 983 + errors = queued = 0; 984 + do { 985 985 struct blk_mq_queue_data bd; 986 986 987 987 rq = list_first_entry(list, struct request, queuelist); ··· 1037 1037 default: 1038 1038 pr_err("blk-mq: bad return on queue: %d\n", ret); 1039 1039 case BLK_MQ_RQ_QUEUE_ERROR: 1040 + errors++; 1040 1041 rq->errors = -EIO; 1041 1042 blk_mq_end_request(rq, rq->errors); 1042 1043 break; ··· 1052 1051 */ 1053 1052 if (!dptr && list->next != list->prev) 1054 1053 dptr = &driver_list; 1055 - } 1054 + } while (!list_empty(list)); 1056 1055 1057 1056 hctx->dispatched[queued_to_index(queued)]++; 1058 1057 ··· 1089 1088 blk_mq_run_hw_queue(hctx, true); 1090 1089 } 1091 1090 1092 - return queued != 0; 1091 + return (queued + errors) != 0; 1093 1092 } 1094 1093 1095 1094 static void __blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx) ··· 1135 1134 return hctx->next_cpu; 1136 1135 } 1137 1136 1138 - void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) 1137 + static void __blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async, 1138 + unsigned long msecs) 1139 1139 { 1140 1140 if (unlikely(blk_mq_hctx_stopped(hctx) || 1141 1141 !blk_mq_hw_queue_mapped(hctx))) ··· 1153 1151 put_cpu(); 1154 1152 } 1155 1153 1156 - kblockd_schedule_work_on(blk_mq_hctx_next_cpu(hctx), &hctx->run_work); 1154 + if (msecs == 0) 1155 + kblockd_schedule_work_on(blk_mq_hctx_next_cpu(hctx), 1156 + &hctx->run_work); 1157 + else 1158 + kblockd_schedule_delayed_work_on(blk_mq_hctx_next_cpu(hctx), 1159 + &hctx->delayed_run_work, 1160 + msecs_to_jiffies(msecs)); 1161 + } 1162 + 1163 + void blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *hctx, unsigned long msecs) 1164 + { 1165 + __blk_mq_delay_run_hw_queue(hctx, true, msecs); 1166 + } 1167 + EXPORT_SYMBOL(blk_mq_delay_run_hw_queue); 1168 + 1169 + void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) 1170 + { 1171 + __blk_mq_delay_run_hw_queue(hctx, async, 0); 1157 1172 } 1158 1173 1159 1174 void blk_mq_run_hw_queues(struct request_queue *q, bool async) ··· 1269 1250 struct blk_mq_hw_ctx *hctx; 1270 1251 1271 1252 hctx = container_of(work, struct blk_mq_hw_ctx, run_work); 1253 + 1254 + __blk_mq_run_hw_queue(hctx); 1255 + } 1256 + 1257 + static void blk_mq_delayed_run_work_fn(struct work_struct *work) 1258 + { 1259 + struct blk_mq_hw_ctx *hctx; 1260 + 1261 + hctx = container_of(work, struct blk_mq_hw_ctx, delayed_run_work.work); 1272 1262 1273 1263 __blk_mq_run_hw_queue(hctx); 1274 1264 } ··· 1951 1923 hctx->fq->flush_rq, hctx_idx, 1952 1924 flush_start_tag + hctx_idx); 1953 1925 1926 + blk_mq_sched_exit_hctx(q, hctx, hctx_idx); 1927 + 1954 1928 if (set->ops->exit_hctx) 1955 1929 set->ops->exit_hctx(hctx, hctx_idx); 1956 1930 ··· 1989 1959 node = hctx->numa_node = set->numa_node; 1990 1960 1991 1961 INIT_WORK(&hctx->run_work, blk_mq_run_work_fn); 1962 + INIT_DELAYED_WORK(&hctx->delayed_run_work, blk_mq_delayed_run_work_fn); 1992 1963 INIT_DELAYED_WORK(&hctx->delay_work, blk_mq_delay_work_fn); 1993 1964 spin_lock_init(&hctx->lock); 1994 1965 INIT_LIST_HEAD(&hctx->dispatch); ··· 2020 1989 set->ops->init_hctx(hctx, set->driver_data, hctx_idx)) 2021 1990 goto free_bitmap; 2022 1991 1992 + if (blk_mq_sched_init_hctx(q, hctx, hctx_idx)) 1993 + goto exit_hctx; 1994 + 2023 1995 hctx->fq = blk_alloc_flush_queue(q, hctx->numa_node, set->cmd_size); 2024 1996 if (!hctx->fq) 2025 - goto exit_hctx; 1997 + goto sched_exit_hctx; 2026 1998 2027 1999 if (set->ops->init_request && 2028 2000 set->ops->init_request(set->driver_data, ··· 2040 2006 2041 2007 free_fq: 2042 2008 kfree(hctx->fq); 2009 + sched_exit_hctx: 2010 + blk_mq_sched_exit_hctx(q, hctx, hctx_idx); 2043 2011 exit_hctx: 2044 2012 if (set->ops->exit_hctx) 2045 2013 set->ops->exit_hctx(hctx, hctx_idx); ··· 2267 2231 { 2268 2232 struct blk_mq_hw_ctx *hctx; 2269 2233 unsigned int i; 2270 - 2271 - blk_mq_sched_teardown(q); 2272 2234 2273 2235 /* hctx kobj stays in hctx */ 2274 2236 queue_for_each_hw_ctx(q, hctx, i) { ··· 2598 2564 return 0; 2599 2565 } 2600 2566 2567 + static int blk_mq_update_queue_map(struct blk_mq_tag_set *set) 2568 + { 2569 + if (set->ops->map_queues) 2570 + return set->ops->map_queues(set); 2571 + else 2572 + return blk_mq_map_queues(set); 2573 + } 2574 + 2601 2575 /* 2602 2576 * Alloc a tag set to be associated with one or more request queues. 2603 2577 * May fail with EINVAL for various error conditions. May adjust the ··· 2660 2618 if (!set->mq_map) 2661 2619 goto out_free_tags; 2662 2620 2663 - if (set->ops->map_queues) 2664 - ret = set->ops->map_queues(set); 2665 - else 2666 - ret = blk_mq_map_queues(set); 2621 + ret = blk_mq_update_queue_map(set); 2667 2622 if (ret) 2668 2623 goto out_free_mq_map; 2669 2624 ··· 2752 2713 blk_mq_freeze_queue(q); 2753 2714 2754 2715 set->nr_hw_queues = nr_hw_queues; 2716 + blk_mq_update_queue_map(set); 2755 2717 list_for_each_entry(q, &set->tag_list, tag_set_list) { 2756 2718 blk_mq_realloc_hw_ctxs(set, q); 2757 2719

+1 -1

block/blk-mq.h

··· 31 31 void blk_mq_free_queue(struct request_queue *q); 32 32 int blk_mq_update_nr_requests(struct request_queue *q, unsigned int nr); 33 33 void blk_mq_wake_waiters(struct request_queue *q); 34 - bool blk_mq_dispatch_rq_list(struct blk_mq_hw_ctx *, struct list_head *); 34 + bool blk_mq_dispatch_rq_list(struct request_queue *, struct list_head *); 35 35 void blk_mq_flush_busy_ctxs(struct blk_mq_hw_ctx *hctx, struct list_head *list); 36 36 bool blk_mq_hctx_has_pending(struct blk_mq_hw_ctx *hctx); 37 37 bool blk_mq_get_driver_tag(struct request *rq, struct blk_mq_hw_ctx **hctx,

+1 -1

block/blk-sysfs.c

··· 816 816 817 817 if (q->elevator) { 818 818 ioc_clear_queue(q); 819 - elevator_exit(q->elevator); 819 + elevator_exit(q, q->elevator); 820 820 } 821 821 822 822 blk_exit_rl(&q->root_rl);

+59 -55

block/elevator.c

··· 242 242 } 243 243 } 244 244 245 - if (e->uses_mq) { 246 - err = blk_mq_sched_setup(q); 247 - if (!err) 248 - err = e->ops.mq.init_sched(q, e); 249 - } else 245 + if (e->uses_mq) 246 + err = blk_mq_init_sched(q, e); 247 + else 250 248 err = e->ops.sq.elevator_init_fn(q, e); 251 - if (err) { 252 - if (e->uses_mq) 253 - blk_mq_sched_teardown(q); 249 + if (err) 254 250 elevator_put(e); 255 - } 256 251 return err; 257 252 } 258 253 EXPORT_SYMBOL(elevator_init); 259 254 260 - void elevator_exit(struct elevator_queue *e) 255 + void elevator_exit(struct request_queue *q, struct elevator_queue *e) 261 256 { 262 257 mutex_lock(&e->sysfs_lock); 263 258 if (e->uses_mq && e->type->ops.mq.exit_sched) 264 - e->type->ops.mq.exit_sched(e); 259 + blk_mq_exit_sched(q, e); 265 260 else if (!e->uses_mq && e->type->ops.sq.elevator_exit_fn) 266 261 e->type->ops.sq.elevator_exit_fn(e); 267 262 mutex_unlock(&e->sysfs_lock); ··· 941 946 } 942 947 EXPORT_SYMBOL_GPL(elv_unregister); 943 948 949 + static int elevator_switch_mq(struct request_queue *q, 950 + struct elevator_type *new_e) 951 + { 952 + int ret; 953 + 954 + blk_mq_freeze_queue(q); 955 + blk_mq_quiesce_queue(q); 956 + 957 + if (q->elevator) { 958 + if (q->elevator->registered) 959 + elv_unregister_queue(q); 960 + ioc_clear_queue(q); 961 + elevator_exit(q, q->elevator); 962 + } 963 + 964 + ret = blk_mq_init_sched(q, new_e); 965 + if (ret) 966 + goto out; 967 + 968 + if (new_e) { 969 + ret = elv_register_queue(q); 970 + if (ret) { 971 + elevator_exit(q, q->elevator); 972 + goto out; 973 + } 974 + } 975 + 976 + if (new_e) 977 + blk_add_trace_msg(q, "elv switch: %s", new_e->elevator_name); 978 + else 979 + blk_add_trace_msg(q, "elv switch: none"); 980 + 981 + out: 982 + blk_mq_unfreeze_queue(q); 983 + blk_mq_start_stopped_hw_queues(q, true); 984 + return ret; 985 + 986 + } 987 + 944 988 /* 945 989 * switch to new_e io scheduler. be careful not to introduce deadlocks - 946 990 * we don't free the old io scheduler, before we have allocated what we ··· 992 958 bool old_registered = false; 993 959 int err; 994 960 995 - if (q->mq_ops) { 996 - blk_mq_freeze_queue(q); 997 - blk_mq_quiesce_queue(q); 998 - } 961 + if (q->mq_ops) 962 + return elevator_switch_mq(q, new_e); 999 963 1000 964 /* 1001 965 * Turn on BYPASS and drain all requests w/ elevator private data. ··· 1005 973 if (old) { 1006 974 old_registered = old->registered; 1007 975 1008 - if (old->uses_mq) 1009 - blk_mq_sched_teardown(q); 1010 - 1011 - if (!q->mq_ops) 1012 - blk_queue_bypass_start(q); 976 + blk_queue_bypass_start(q); 1013 977 1014 978 /* unregister and clear all auxiliary data of the old elevator */ 1015 979 if (old_registered) ··· 1015 987 } 1016 988 1017 989 /* allocate, init and register new elevator */ 1018 - if (new_e) { 1019 - if (new_e->uses_mq) { 1020 - err = blk_mq_sched_setup(q); 1021 - if (!err) 1022 - err = new_e->ops.mq.init_sched(q, new_e); 1023 - } else 1024 - err = new_e->ops.sq.elevator_init_fn(q, new_e); 1025 - if (err) 1026 - goto fail_init; 990 + err = new_e->ops.sq.elevator_init_fn(q, new_e); 991 + if (err) 992 + goto fail_init; 1027 993 1028 - err = elv_register_queue(q); 1029 - if (err) 1030 - goto fail_register; 1031 - } else 1032 - q->elevator = NULL; 994 + err = elv_register_queue(q); 995 + if (err) 996 + goto fail_register; 1033 997 1034 998 /* done, kill the old one and finish */ 1035 999 if (old) { 1036 - elevator_exit(old); 1037 - if (!q->mq_ops) 1038 - blk_queue_bypass_end(q); 1000 + elevator_exit(q, old); 1001 + blk_queue_bypass_end(q); 1039 1002 } 1040 1003 1041 - if (q->mq_ops) { 1042 - blk_mq_unfreeze_queue(q); 1043 - blk_mq_start_stopped_hw_queues(q, true); 1044 - } 1045 - 1046 - if (new_e) 1047 - blk_add_trace_msg(q, "elv switch: %s", new_e->elevator_name); 1048 - else 1049 - blk_add_trace_msg(q, "elv switch: none"); 1004 + blk_add_trace_msg(q, "elv switch: %s", new_e->elevator_name); 1050 1005 1051 1006 return 0; 1052 1007 1053 1008 fail_register: 1054 - if (q->mq_ops) 1055 - blk_mq_sched_teardown(q); 1056 - elevator_exit(q->elevator); 1009 + elevator_exit(q, q->elevator); 1057 1010 fail_init: 1058 1011 /* switch failed, restore and re-register old elevator */ 1059 1012 if (old) { 1060 1013 q->elevator = old; 1061 1014 elv_register_queue(q); 1062 - if (!q->mq_ops) 1063 - blk_queue_bypass_end(q); 1064 - } 1065 - if (q->mq_ops) { 1066 - blk_mq_unfreeze_queue(q); 1067 - blk_mq_start_stopped_hw_queues(q, true); 1015 + blk_queue_bypass_end(q); 1068 1016 } 1069 1017 1070 1018 return err;

+5 -2

crypto/lrw.c

··· 286 286 287 287 subreq->cryptlen = LRW_BUFFER_SIZE; 288 288 if (req->cryptlen > LRW_BUFFER_SIZE) { 289 - subreq->cryptlen = min(req->cryptlen, (unsigned)PAGE_SIZE); 290 - rctx->ext = kmalloc(subreq->cryptlen, gfp); 289 + unsigned int n = min(req->cryptlen, (unsigned int)PAGE_SIZE); 290 + 291 + rctx->ext = kmalloc(n, gfp); 292 + if (rctx->ext) 293 + subreq->cryptlen = n; 291 294 } 292 295 293 296 rctx->src = req->src;

+5 -2

crypto/xts.c

··· 230 230 231 231 subreq->cryptlen = XTS_BUFFER_SIZE; 232 232 if (req->cryptlen > XTS_BUFFER_SIZE) { 233 - subreq->cryptlen = min(req->cryptlen, (unsigned)PAGE_SIZE); 234 - rctx->ext = kmalloc(subreq->cryptlen, gfp); 233 + unsigned int n = min(req->cryptlen, (unsigned int)PAGE_SIZE); 234 + 235 + rctx->ext = kmalloc(n, gfp); 236 + if (rctx->ext) 237 + subreq->cryptlen = n; 235 238 } 236 239 237 240 rctx->src = req->src;

-1

drivers/acpi/Makefile

··· 2 2 # Makefile for the Linux ACPI interpreter 3 3 # 4 4 5 - ccflags-y := -Os 6 5 ccflags-$(CONFIG_ACPI_DEBUG) += -DACPI_DEBUG_OUTPUT 7 6 8 7 #

+5 -3

drivers/acpi/acpi_platform.c

··· 25 25 ACPI_MODULE_NAME("platform"); 26 26 27 27 static const struct acpi_device_id forbidden_id_list[] = { 28 - {"PNP0000", 0}, /* PIC */ 29 - {"PNP0100", 0}, /* Timer */ 30 - {"PNP0200", 0}, /* AT DMA Controller */ 28 + {"PNP0000", 0}, /* PIC */ 29 + {"PNP0100", 0}, /* Timer */ 30 + {"PNP0200", 0}, /* AT DMA Controller */ 31 + {"ACPI0009", 0}, /* IOxAPIC */ 32 + {"ACPI000A", 0}, /* IOAPIC */ 31 33 {"", 0}, 32 34 }; 33 35

+1

drivers/acpi/apei/ghes.c

··· 1073 1073 if (list_empty(&ghes_sci)) 1074 1074 unregister_acpi_hed_notifier(&ghes_notifier_sci); 1075 1075 mutex_unlock(&ghes_list_mutex); 1076 + synchronize_rcu(); 1076 1077 break; 1077 1078 case ACPI_HEST_NOTIFY_NMI: 1078 1079 ghes_nmi_remove(ghes);

+6 -6

drivers/acpi/glue.c

··· 99 99 return -ENODEV; 100 100 101 101 /* 102 - * If the device has a _HID (or _CID) returning a valid ACPI/PNP 103 - * device ID, it is better to make it look less attractive here, so that 104 - * the other device with the same _ADR value (that may not have a valid 105 - * device ID) can be matched going forward. [This means a second spec 106 - * violation in a row, so whatever we do here is best effort anyway.] 102 + * If the device has a _HID returning a valid ACPI/PNP device ID, it is 103 + * better to make it look less attractive here, so that the other device 104 + * with the same _ADR value (that may not have a valid device ID) can be 105 + * matched going forward. [This means a second spec violation in a row, 106 + * so whatever we do here is best effort anyway.] 107 107 */ 108 - return sta_present && list_empty(&adev->pnp.ids) ? 108 + return sta_present && !adev->pnp.type.platform_id ? 109 109 FIND_CHILD_MAX_SCORE : FIND_CHILD_MIN_SCORE; 110 110 } 111 111

+6

drivers/acpi/ioapic.c

··· 45 45 struct resource *res = data; 46 46 struct resource_win win; 47 47 48 + /* 49 + * We might assign this to 'res' later, make sure all pointers are 50 + * cleared before the resource is added to the global list 51 + */ 52 + memset(&win, 0, sizeof(win)); 53 + 48 54 res->flags = 0; 49 55 if (acpi_dev_filter_resource_type(acpi_res, IORESOURCE_MEM)) 50 56 return AE_OK;

+103 -33

drivers/block/nbd.c

··· 47 47 struct nbd_sock { 48 48 struct socket *sock; 49 49 struct mutex tx_lock; 50 + struct request *pending; 51 + int sent; 50 52 }; 51 53 52 54 #define NBD_TIMEDOUT 0 ··· 126 124 127 125 static int nbd_size_clear(struct nbd_device *nbd, struct block_device *bdev) 128 126 { 129 - bd_set_size(bdev, 0); 127 + if (bdev->bd_openers <= 1) 128 + bd_set_size(bdev, 0); 130 129 set_capacity(nbd->disk, 0); 131 130 kobject_uevent(&nbd_to_dev(nbd)->kobj, KOBJ_CHANGE); 132 131 ··· 193 190 194 191 dev_err(nbd_to_dev(nbd), "Connection timed out, shutting down connection\n"); 195 192 set_bit(NBD_TIMEDOUT, &nbd->runtime_flags); 196 - req->errors++; 193 + req->errors = -EIO; 197 194 198 195 mutex_lock(&nbd->config_lock); 199 196 sock_shutdown(nbd); ··· 205 202 * Send or receive packet. 206 203 */ 207 204 static int sock_xmit(struct nbd_device *nbd, int index, int send, 208 - struct iov_iter *iter, int msg_flags) 205 + struct iov_iter *iter, int msg_flags, int *sent) 209 206 { 210 207 struct socket *sock = nbd->socks[index]->sock; 211 208 int result; ··· 240 237 result = -EPIPE; /* short read */ 241 238 break; 242 239 } 240 + if (sent) 241 + *sent += result; 243 242 } while (msg_data_left(&msg)); 244 243 245 244 tsk_restore_flags(current, pflags, PF_MEMALLOC); ··· 253 248 static int nbd_send_cmd(struct nbd_device *nbd, struct nbd_cmd *cmd, int index) 254 249 { 255 250 struct request *req = blk_mq_rq_from_pdu(cmd); 251 + struct nbd_sock *nsock = nbd->socks[index]; 256 252 int result; 257 253 struct nbd_request request = {.magic = htonl(NBD_REQUEST_MAGIC)}; 258 254 struct kvec iov = {.iov_base = &request, .iov_len = sizeof(request)}; ··· 262 256 struct bio *bio; 263 257 u32 type; 264 258 u32 tag = blk_mq_unique_tag(req); 259 + int sent = nsock->sent, skip = 0; 265 260 266 261 iov_iter_kvec(&from, WRITE | ITER_KVEC, &iov, 1, sizeof(request)); 267 262 ··· 290 283 return -EIO; 291 284 } 292 285 286 + /* We did a partial send previously, and we at least sent the whole 287 + * request struct, so just go and send the rest of the pages in the 288 + * request. 289 + */ 290 + if (sent) { 291 + if (sent >= sizeof(request)) { 292 + skip = sent - sizeof(request); 293 + goto send_pages; 294 + } 295 + iov_iter_advance(&from, sent); 296 + } 293 297 request.type = htonl(type); 294 298 if (type != NBD_CMD_FLUSH) { 295 299 request.from = cpu_to_be64((u64)blk_rq_pos(req) << 9); ··· 312 294 cmd, nbdcmd_to_ascii(type), 313 295 (unsigned long long)blk_rq_pos(req) << 9, blk_rq_bytes(req)); 314 296 result = sock_xmit(nbd, index, 1, &from, 315 - (type == NBD_CMD_WRITE) ? MSG_MORE : 0); 297 + (type == NBD_CMD_WRITE) ? MSG_MORE : 0, &sent); 316 298 if (result <= 0) { 299 + if (result == -ERESTARTSYS) { 300 + /* If we havne't sent anything we can just return BUSY, 301 + * however if we have sent something we need to make 302 + * sure we only allow this req to be sent until we are 303 + * completely done. 304 + */ 305 + if (sent) { 306 + nsock->pending = req; 307 + nsock->sent = sent; 308 + } 309 + return BLK_MQ_RQ_QUEUE_BUSY; 310 + } 317 311 dev_err_ratelimited(disk_to_dev(nbd->disk), 318 312 "Send control failed (result %d)\n", result); 319 313 return -EIO; 320 314 } 321 - 315 + send_pages: 322 316 if (type != NBD_CMD_WRITE) 323 - return 0; 317 + goto out; 324 318 325 319 bio = req->bio; 326 320 while (bio) { ··· 348 318 cmd, bvec.bv_len); 349 319 iov_iter_bvec(&from, ITER_BVEC | WRITE, 350 320 &bvec, 1, bvec.bv_len); 351 - result = sock_xmit(nbd, index, 1, &from, flags); 321 + if (skip) { 322 + if (skip >= iov_iter_count(&from)) { 323 + skip -= iov_iter_count(&from); 324 + continue; 325 + } 326 + iov_iter_advance(&from, skip); 327 + skip = 0; 328 + } 329 + result = sock_xmit(nbd, index, 1, &from, flags, &sent); 352 330 if (result <= 0) { 331 + if (result == -ERESTARTSYS) { 332 + /* We've already sent the header, we 333 + * have no choice but to set pending and 334 + * return BUSY. 335 + */ 336 + nsock->pending = req; 337 + nsock->sent = sent; 338 + return BLK_MQ_RQ_QUEUE_BUSY; 339 + } 353 340 dev_err(disk_to_dev(nbd->disk), 354 341 "Send data failed (result %d)\n", 355 342 result); ··· 383 336 } 384 337 bio = next; 385 338 } 339 + out: 340 + nsock->pending = NULL; 341 + nsock->sent = 0; 386 342 return 0; 387 343 } 388 344 ··· 403 353 404 354 reply.magic = 0; 405 355 iov_iter_kvec(&to, READ | ITER_KVEC, &iov, 1, sizeof(reply)); 406 - result = sock_xmit(nbd, index, 0, &to, MSG_WAITALL); 356 + result = sock_xmit(nbd, index, 0, &to, MSG_WAITALL, NULL); 407 357 if (result <= 0) { 408 358 if (!test_bit(NBD_DISCONNECTED, &nbd->runtime_flags) && 409 359 !test_bit(NBD_DISCONNECT_REQUESTED, &nbd->runtime_flags)) ··· 433 383 if (ntohl(reply.error)) { 434 384 dev_err(disk_to_dev(nbd->disk), "Other side returned error (%d)\n", 435 385 ntohl(reply.error)); 436 - req->errors++; 386 + req->errors = -EIO; 437 387 return cmd; 438 388 } 439 389 ··· 445 395 rq_for_each_segment(bvec, req, iter) { 446 396 iov_iter_bvec(&to, ITER_BVEC | READ, 447 397 &bvec, 1, bvec.bv_len); 448 - result = sock_xmit(nbd, index, 0, &to, MSG_WAITALL); 398 + result = sock_xmit(nbd, index, 0, &to, MSG_WAITALL, NULL); 449 399 if (result <= 0) { 450 400 dev_err(disk_to_dev(nbd->disk), "Receive data failed (result %d)\n", 451 401 result); 452 - req->errors++; 402 + req->errors = -EIO; 453 403 return cmd; 454 404 } 455 405 dev_dbg(nbd_to_dev(nbd), "request %p: got %d bytes data\n", ··· 519 469 if (!blk_mq_request_started(req)) 520 470 return; 521 471 cmd = blk_mq_rq_to_pdu(req); 522 - req->errors++; 472 + req->errors = -EIO; 523 473 nbd_end_request(cmd); 524 474 } 525 475 ··· 532 482 } 533 483 534 484 535 - static void nbd_handle_cmd(struct nbd_cmd *cmd, int index) 485 + static int nbd_handle_cmd(struct nbd_cmd *cmd, int index) 536 486 { 537 487 struct request *req = blk_mq_rq_from_pdu(cmd); 538 488 struct nbd_device *nbd = cmd->nbd; 539 489 struct nbd_sock *nsock; 490 + int ret; 540 491 541 492 if (index >= nbd->num_connections) { 542 493 dev_err_ratelimited(disk_to_dev(nbd->disk), 543 494 "Attempted send on invalid socket\n"); 544 - goto error_out; 495 + return -EINVAL; 545 496 } 546 497 547 498 if (test_bit(NBD_DISCONNECTED, &nbd->runtime_flags)) { 548 499 dev_err_ratelimited(disk_to_dev(nbd->disk), 549 500 "Attempted send on closed socket\n"); 550 - goto error_out; 501 + return -EINVAL; 551 502 } 552 503 553 504 req->errors = 0; ··· 559 508 mutex_unlock(&nsock->tx_lock); 560 509 dev_err_ratelimited(disk_to_dev(nbd->disk), 561 510 "Attempted send on closed socket\n"); 562 - goto error_out; 511 + return -EINVAL; 563 512 } 564 513 565 - if (nbd_send_cmd(nbd, cmd, index) != 0) { 566 - dev_err_ratelimited(disk_to_dev(nbd->disk), 567 - "Request send failed\n"); 568 - req->errors++; 569 - nbd_end_request(cmd); 514 + /* Handle the case that we have a pending request that was partially 515 + * transmitted that _has_ to be serviced first. We need to call requeue 516 + * here so that it gets put _after_ the request that is already on the 517 + * dispatch list. 518 + */ 519 + if (unlikely(nsock->pending && nsock->pending != req)) { 520 + blk_mq_requeue_request(req, true); 521 + ret = 0; 522 + goto out; 570 523 } 571 - 524 + ret = nbd_send_cmd(nbd, cmd, index); 525 + out: 572 526 mutex_unlock(&nsock->tx_lock); 573 - 574 - return; 575 - 576 - error_out: 577 - req->errors++; 578 - nbd_end_request(cmd); 527 + return ret; 579 528 } 580 529 581 530 static int nbd_queue_rq(struct blk_mq_hw_ctx *hctx, 582 531 const struct blk_mq_queue_data *bd) 583 532 { 584 533 struct nbd_cmd *cmd = blk_mq_rq_to_pdu(bd->rq); 534 + int ret; 585 535 586 536 /* 587 537 * Since we look at the bio's to send the request over the network we ··· 595 543 */ 596 544 init_completion(&cmd->send_complete); 597 545 blk_mq_start_request(bd->rq); 598 - nbd_handle_cmd(cmd, hctx->queue_num); 546 + 547 + /* We can be called directly from the user space process, which means we 548 + * could possibly have signals pending so our sendmsg will fail. In 549 + * this case we need to return that we are busy, otherwise error out as 550 + * appropriate. 551 + */ 552 + ret = nbd_handle_cmd(cmd, hctx->queue_num); 553 + if (ret < 0) 554 + ret = BLK_MQ_RQ_QUEUE_ERROR; 555 + if (!ret) 556 + ret = BLK_MQ_RQ_QUEUE_OK; 599 557 complete(&cmd->send_complete); 600 558 601 - return BLK_MQ_RQ_QUEUE_OK; 559 + return ret; 602 560 } 603 561 604 562 static int nbd_add_socket(struct nbd_device *nbd, struct block_device *bdev, ··· 643 581 644 582 mutex_init(&nsock->tx_lock); 645 583 nsock->sock = sock; 584 + nsock->pending = NULL; 585 + nsock->sent = 0; 646 586 socks[nbd->num_connections++] = nsock; 647 587 648 588 if (max_part) ··· 666 602 667 603 static void nbd_bdev_reset(struct block_device *bdev) 668 604 { 605 + if (bdev->bd_openers > 1) 606 + return; 669 607 set_device_ro(bdev, false); 670 608 bdev->bd_inode->i_size = 0; 671 609 if (max_part > 0) { ··· 700 634 701 635 for (i = 0; i < nbd->num_connections; i++) { 702 636 iov_iter_kvec(&from, WRITE | ITER_KVEC, &iov, 1, sizeof(request)); 703 - ret = sock_xmit(nbd, i, 1, &from, 0); 637 + ret = sock_xmit(nbd, i, 1, &from, 0, NULL); 704 638 if (ret <= 0) 705 639 dev_err(disk_to_dev(nbd->disk), 706 640 "Send disconnect failed %d\n", ret); ··· 731 665 { 732 666 sock_shutdown(nbd); 733 667 nbd_clear_que(nbd); 734 - kill_bdev(bdev); 668 + 669 + __invalidate_device(bdev, true); 735 670 nbd_bdev_reset(bdev); 736 671 /* 737 672 * We want to give the run thread a chance to wait for everybody ··· 848 781 nbd_size_set(nbd, bdev, nbd->blksize, arg); 849 782 return 0; 850 783 case NBD_SET_TIMEOUT: 851 - nbd->tag_set.timeout = arg * HZ; 784 + if (arg) { 785 + nbd->tag_set.timeout = arg * HZ; 786 + blk_queue_rq_timeout(nbd->disk->queue, arg * HZ); 787 + } 852 788 return 0; 853 789 854 790 case NBD_SET_FLAGS:

+1 -1

drivers/clocksource/clkevt-probe.c

··· 17 17 18 18 #include <linux/init.h> 19 19 #include <linux/of.h> 20 - #include <linux/clockchip.h> 20 + #include <linux/clockchips.h> 21 21 22 22 extern struct of_device_id __clkevt_of_table[]; 23 23

+21 -17

drivers/cpufreq/cpufreq.c

··· 918 918 .release = cpufreq_sysfs_release, 919 919 }; 920 920 921 - static int add_cpu_dev_symlink(struct cpufreq_policy *policy, 922 - struct device *dev) 921 + static void add_cpu_dev_symlink(struct cpufreq_policy *policy, unsigned int cpu) 923 922 { 923 + struct device *dev = get_cpu_device(cpu); 924 + 925 + if (!dev) 926 + return; 927 + 928 + if (cpumask_test_and_set_cpu(cpu, policy->real_cpus)) 929 + return; 930 + 924 931 dev_dbg(dev, "%s: Adding symlink\n", __func__); 925 - return sysfs_create_link(&dev->kobj, &policy->kobj, "cpufreq"); 932 + if (sysfs_create_link(&dev->kobj, &policy->kobj, "cpufreq")) 933 + dev_err(dev, "cpufreq symlink creation failed\n"); 926 934 } 927 935 928 936 static void remove_cpu_dev_symlink(struct cpufreq_policy *policy, ··· 1188 1180 policy->user_policy.min = policy->min; 1189 1181 policy->user_policy.max = policy->max; 1190 1182 1191 - write_lock_irqsave(&cpufreq_driver_lock, flags); 1192 - for_each_cpu(j, policy->related_cpus) 1183 + for_each_cpu(j, policy->related_cpus) { 1193 1184 per_cpu(cpufreq_cpu_data, j) = policy; 1194 - write_unlock_irqrestore(&cpufreq_driver_lock, flags); 1185 + add_cpu_dev_symlink(policy, j); 1186 + } 1195 1187 } else { 1196 1188 policy->min = policy->user_policy.min; 1197 1189 policy->max = policy->user_policy.max; ··· 1283 1275 1284 1276 if (cpufreq_driver->exit) 1285 1277 cpufreq_driver->exit(policy); 1278 + 1279 + for_each_cpu(j, policy->real_cpus) 1280 + remove_cpu_dev_symlink(policy, get_cpu_device(j)); 1281 + 1286 1282 out_free_policy: 1287 1283 cpufreq_policy_free(policy); 1288 1284 return ret; 1289 1285 } 1290 - 1291 - static int cpufreq_offline(unsigned int cpu); 1292 1286 1293 1287 /** 1294 1288 * cpufreq_add_dev - the cpufreq interface for a CPU device. ··· 1313 1303 1314 1304 /* Create sysfs link on CPU registration */ 1315 1305 policy = per_cpu(cpufreq_cpu_data, cpu); 1316 - if (!policy || cpumask_test_and_set_cpu(cpu, policy->real_cpus)) 1317 - return 0; 1306 + if (policy) 1307 + add_cpu_dev_symlink(policy, cpu); 1318 1308 1319 - ret = add_cpu_dev_symlink(policy, dev); 1320 - if (ret) { 1321 - cpumask_clear_cpu(cpu, policy->real_cpus); 1322 - cpufreq_offline(cpu); 1323 - } 1324 - 1325 - return ret; 1309 + return 0; 1326 1310 } 1327 1311 1328 1312 static int cpufreq_offline(unsigned int cpu)

+18

drivers/cpuidle/cpuidle-powernv.c

··· 175 175 drv->state_count += 1; 176 176 } 177 177 178 + /* 179 + * On the PowerNV platform cpu_present may be less than cpu_possible in 180 + * cases when firmware detects the CPU, but it is not available to the 181 + * OS. If CONFIG_HOTPLUG_CPU=n, then such CPUs are not hotplugable at 182 + * run time and hence cpu_devices are not created for those CPUs by the 183 + * generic topology_init(). 184 + * 185 + * drv->cpumask defaults to cpu_possible_mask in 186 + * __cpuidle_driver_init(). This breaks cpuidle on PowerNV where 187 + * cpu_devices are not created for CPUs in cpu_possible_mask that 188 + * cannot be hot-added later at run time. 189 + * 190 + * Trying cpuidle_register_device() on a CPU without a cpu_device is 191 + * incorrect, so pass a correct CPU mask to the generic cpuidle driver. 192 + */ 193 + 194 + drv->cpumask = (struct cpumask *)cpu_present_mask; 195 + 178 196 return 0; 179 197 } 180 198

+1

drivers/crypto/ccp/ccp-dev-v5.c

··· 1015 1015 1016 1016 const struct ccp_vdata ccpv5b = { 1017 1017 .version = CCP_VERSION(5, 0), 1018 + .dma_chan_attr = DMA_PRIVATE, 1018 1019 .setup = ccp5other_config, 1019 1020 .perform = &ccp5_actions, 1020 1021 .bar = 2,

+5

drivers/crypto/ccp/ccp-dev.h

··· 179 179 180 180 /* ------------------------ General CCP Defines ------------------------ */ 181 181 182 + #define CCP_DMA_DFLT 0x0 183 + #define CCP_DMA_PRIV 0x1 184 + #define CCP_DMA_PUB 0x2 185 + 182 186 #define CCP_DMAPOOL_MAX_SIZE 64 183 187 #define CCP_DMAPOOL_ALIGN BIT(5) 184 188 ··· 640 636 /* Structure to hold CCP version-specific values */ 641 637 struct ccp_vdata { 642 638 const unsigned int version; 639 + const unsigned int dma_chan_attr; 643 640 void (*setup)(struct ccp_device *); 644 641 const struct ccp_actions *perform; 645 642 const unsigned int bar;

+41

drivers/crypto/ccp/ccp-dmaengine.c

··· 10 10 * published by the Free Software Foundation. 11 11 */ 12 12 13 + #include <linux/module.h> 13 14 #include <linux/kernel.h> 14 15 #include <linux/dmaengine.h> 15 16 #include <linux/spinlock.h> ··· 25 24 u64 mask = _mask + 1; \ 26 25 (mask == 0) ? 64 : fls64(mask); \ 27 26 }) 27 + 28 + /* The CCP as a DMA provider can be configured for public or private 29 + * channels. Default is specified in the vdata for the device (PCI ID). 30 + * This module parameter will override for all channels on all devices: 31 + * dma_chan_attr = 0x2 to force all channels public 32 + * = 0x1 to force all channels private 33 + * = 0x0 to defer to the vdata setting 34 + * = any other value: warning, revert to 0x0 35 + */ 36 + static unsigned int dma_chan_attr = CCP_DMA_DFLT; 37 + module_param(dma_chan_attr, uint, 0444); 38 + MODULE_PARM_DESC(dma_chan_attr, "Set DMA channel visibility: 0 (default) = device defaults, 1 = make private, 2 = make public"); 39 + 40 + unsigned int ccp_get_dma_chan_attr(struct ccp_device *ccp) 41 + { 42 + switch (dma_chan_attr) { 43 + case CCP_DMA_DFLT: 44 + return ccp->vdata->dma_chan_attr; 45 + 46 + case CCP_DMA_PRIV: 47 + return DMA_PRIVATE; 48 + 49 + case CCP_DMA_PUB: 50 + return 0; 51 + 52 + default: 53 + dev_info_once(ccp->dev, "Invalid value for dma_chan_attr: %d\n", 54 + dma_chan_attr); 55 + return ccp->vdata->dma_chan_attr; 56 + } 57 + } 28 58 29 59 static void ccp_free_cmd_resources(struct ccp_device *ccp, 30 60 struct list_head *list) ··· 706 674 dma_cap_set(DMA_MEMCPY, dma_dev->cap_mask); 707 675 dma_cap_set(DMA_SG, dma_dev->cap_mask); 708 676 dma_cap_set(DMA_INTERRUPT, dma_dev->cap_mask); 677 + 678 + /* The DMA channels for this device can be set to public or private, 679 + * and overridden by the module parameter dma_chan_attr. 680 + * Default: according to the value in vdata (dma_chan_attr=0) 681 + * dma_chan_attr=0x1: all channels private (override vdata) 682 + * dma_chan_attr=0x2: all channels public (override vdata) 683 + */ 684 + if (ccp_get_dma_chan_attr(ccp) == DMA_PRIVATE) 685 + dma_cap_set(DMA_PRIVATE, dma_dev->cap_mask); 709 686 710 687 INIT_LIST_HEAD(&dma_dev->channels); 711 688 for (i = 0; i < ccp->cmd_q_count; i++) {

+4 -1

drivers/dma/bcm2835-dma.c

··· 251 251 */ 252 252 253 253 /* have we filled in period_length yet? */ 254 - if (*total_len + control_block->length < period_len) 254 + if (*total_len + control_block->length < period_len) { 255 + /* update number of bytes in this period so far */ 256 + *total_len += control_block->length; 255 257 return; 258 + } 256 259 257 260 /* calculate the length that remains to reach period_length */ 258 261 control_block->length = period_len - *total_len;

+2

drivers/dma/dmaengine.c

··· 1108 1108 switch (order) { 1109 1109 case 0 ... 1: 1110 1110 return &unmap_pool[0]; 1111 + #if IS_ENABLED(CONFIG_DMA_ENGINE_RAID) 1111 1112 case 2 ... 4: 1112 1113 return &unmap_pool[1]; 1113 1114 case 5 ... 7: 1114 1115 return &unmap_pool[2]; 1115 1116 case 8: 1116 1117 return &unmap_pool[3]; 1118 + #endif 1117 1119 default: 1118 1120 BUG(); 1119 1121 return NULL;

-1

drivers/firmware/efi/efi.c

··· 389 389 return 0; 390 390 } 391 391 } 392 - pr_err_once("requested map not found.\n"); 393 392 return -ENOENT; 394 393 } 395 394

+1 -1

drivers/firmware/efi/esrt.c

··· 254 254 255 255 rc = efi_mem_desc_lookup(efi.esrt, &md); 256 256 if (rc < 0) { 257 - pr_err("ESRT header is not in the memory map.\n"); 257 + pr_warn("ESRT header is not in the memory map.\n"); 258 258 return; 259 259 } 260 260

+9 -1

drivers/gpio/gpiolib-acpi.c

··· 266 266 goto fail_free_event; 267 267 } 268 268 269 + if (agpio->wake_capable == ACPI_WAKE_CAPABLE) 270 + enable_irq_wake(irq); 271 + 269 272 list_add_tail(&event->node, &acpi_gpio->events); 270 273 return AE_OK; 271 274 ··· 341 338 342 339 list_for_each_entry_safe_reverse(event, ep, &acpi_gpio->events, node) { 343 340 struct gpio_desc *desc; 341 + 342 + if (irqd_is_wakeup_set(irq_get_irq_data(event->irq))) 343 + disable_irq_wake(event->irq); 344 344 345 345 free_irq(event->irq, event); 346 346 desc = event->desc; ··· 577 571 } 578 572 579 573 desc = acpi_get_gpiod_by_index(adev, propname, idx, &info); 580 - if (!IS_ERR(desc) || (PTR_ERR(desc) == -EPROBE_DEFER)) 574 + if (!IS_ERR(desc)) 581 575 break; 576 + if (PTR_ERR(desc) == -EPROBE_DEFER) 577 + return ERR_CAST(desc); 582 578 } 583 579 584 580 /* Then from plain _CRS GPIOs */

+2 -2

drivers/gpu/drm/etnaviv/etnaviv_gpu.c

··· 1311 1311 goto out_pm_put; 1312 1312 } 1313 1313 1314 + mutex_lock(&gpu->lock); 1315 + 1314 1316 fence = etnaviv_gpu_fence_alloc(gpu); 1315 1317 if (!fence) { 1316 1318 event_free(gpu, event); 1317 1319 ret = -ENOMEM; 1318 1320 goto out_pm_put; 1319 1321 } 1320 - 1321 - mutex_lock(&gpu->lock); 1322 1322 1323 1323 gpu->event[event].fence = fence; 1324 1324 submit->fence = fence->seqno;

+2 -1

drivers/gpu/drm/i915/gvt/edid.c

··· 495 495 unsigned char val = edid_get_byte(vgpu); 496 496 497 497 aux_data_for_write = (val << 16); 498 - } 498 + } else 499 + aux_data_for_write = (0xff << 16); 499 500 } 500 501 /* write the return value in AUX_CH_DATA reg which includes: 501 502 * ACK of I2C_WRITE

+6 -2

drivers/gpu/drm/i915/gvt/gtt.c

··· 1837 1837 ret = gtt_entry_p2m(vgpu, &e, &m); 1838 1838 if (ret) { 1839 1839 gvt_vgpu_err("fail to translate guest gtt entry\n"); 1840 - return ret; 1840 + /* guest driver may read/write the entry when partial 1841 + * update the entry in this situation p2m will fail 1842 + * settting the shadow entry to point to a scratch page 1843 + */ 1844 + ops->set_pfn(&m, gvt->gtt.scratch_ggtt_mfn); 1841 1845 } 1842 1846 } else { 1843 1847 m = e; 1844 - m.val64 = 0; 1848 + ops->set_pfn(&m, gvt->gtt.scratch_ggtt_mfn); 1845 1849 } 1846 1850 1847 1851 ggtt_set_shadow_entry(ggtt_mm, &m, g_gtt_index);

+9 -1

drivers/gpu/drm/i915/gvt/handlers.c

··· 970 970 return 0; 971 971 } 972 972 973 + static int mbctl_write(struct intel_vgpu *vgpu, unsigned int offset, 974 + void *p_data, unsigned int bytes) 975 + { 976 + *(u32 *)p_data &= (~GEN6_MBCTL_ENABLE_BOOT_FETCH); 977 + write_vreg(vgpu, offset, p_data, bytes); 978 + return 0; 979 + } 980 + 973 981 static int vga_control_mmio_write(struct intel_vgpu *vgpu, unsigned int offset, 974 982 void *p_data, unsigned int bytes) 975 983 { ··· 2246 2238 MMIO_D(0x7180, D_ALL); 2247 2239 MMIO_D(0x7408, D_ALL); 2248 2240 MMIO_D(0x7c00, D_ALL); 2249 - MMIO_D(GEN6_MBCTL, D_ALL); 2241 + MMIO_DH(GEN6_MBCTL, D_ALL, NULL, mbctl_write); 2250 2242 MMIO_D(0x911c, D_ALL); 2251 2243 MMIO_D(0x9120, D_ALL); 2252 2244 MMIO_DFH(GEN7_UCGCTL4, D_ALL, F_CMD_ACCESS, NULL, NULL);

+2

drivers/gpu/drm/i915/gvt/kvmgt.c

··· 1326 1326 vgpu->handle = (unsigned long)info; 1327 1327 info->vgpu = vgpu; 1328 1328 info->kvm = kvm; 1329 + kvm_get_kvm(info->kvm); 1329 1330 1330 1331 kvmgt_protect_table_init(info); 1331 1332 gvt_cache_init(vgpu); ··· 1348 1347 } 1349 1348 1350 1349 kvm_page_track_unregister_notifier(info->kvm, &info->track_node); 1350 + kvm_put_kvm(info->kvm); 1351 1351 kvmgt_protect_table_destroy(info); 1352 1352 gvt_cache_destroy(info->vgpu); 1353 1353 vfree(info);

+1 -1

drivers/gpu/drm/i915/gvt/render.c

··· 207 207 l3_offset.reg = 0xb020; 208 208 for (i = 0; i < 32; i++) { 209 209 gen9_render_mocs_L3[i] = I915_READ(l3_offset); 210 - I915_WRITE(l3_offset, vgpu_vreg(vgpu, offset)); 210 + I915_WRITE(l3_offset, vgpu_vreg(vgpu, l3_offset)); 211 211 POSTING_READ(l3_offset); 212 212 l3_offset.reg += 4; 213 213 }

+6 -1

drivers/gpu/drm/i915/gvt/scheduler.c

··· 127 127 return 0; 128 128 } 129 129 130 + static inline bool is_gvt_request(struct drm_i915_gem_request *req) 131 + { 132 + return i915_gem_context_force_single_submission(req->ctx); 133 + } 134 + 130 135 static int shadow_context_status_change(struct notifier_block *nb, 131 136 unsigned long action, void *data) 132 137 { ··· 142 137 struct intel_vgpu_workload *workload = 143 138 scheduler->current_workload[req->engine->id]; 144 139 145 - if (unlikely(!workload)) 140 + if (!is_gvt_request(req) || unlikely(!workload)) 146 141 return NOTIFY_OK; 147 142 148 143 switch (action) {

+2

drivers/gpu/drm/i915/intel_ringbuffer.c

··· 2024 2024 ret = context_pin(ctx, flags); 2025 2025 if (ret) 2026 2026 goto error; 2027 + 2028 + ce->state->obj->mm.dirty = true; 2027 2029 } 2028 2030 2029 2031 /* The kernel context is only used as a placeholder for flushing the

+4 -2

drivers/gpu/drm/msm/adreno/a5xx_gpu.c

··· 1 - /* Copyright (c) 2016 The Linux Foundation. All rights reserved. 1 + /* Copyright (c) 2016-2017 The Linux Foundation. All rights reserved. 2 2 * 3 3 * This program is free software; you can redistribute it and/or modify 4 4 * it under the terms of the GNU General Public License version 2 and ··· 534 534 } 535 535 536 536 if (a5xx_gpu->gpmu_bo) { 537 - if (a5xx_gpu->gpmu_bo) 537 + if (a5xx_gpu->gpmu_iova) 538 538 msm_gem_put_iova(a5xx_gpu->gpmu_bo, gpu->id); 539 539 drm_gem_object_unreference_unlocked(a5xx_gpu->gpmu_bo); 540 540 } ··· 860 860 .idle = a5xx_idle, 861 861 .irq = a5xx_irq, 862 862 .destroy = a5xx_destroy, 863 + #ifdef CONFIG_DEBUG_FS 863 864 .show = a5xx_show, 865 + #endif 864 866 }, 865 867 .get_timestamp = a5xx_get_timestamp, 866 868 };

+19 -10

drivers/gpu/drm/msm/adreno/adreno_gpu.c

··· 418 418 return 0; 419 419 } 420 420 421 - void adreno_gpu_cleanup(struct adreno_gpu *gpu) 421 + void adreno_gpu_cleanup(struct adreno_gpu *adreno_gpu) 422 422 { 423 - if (gpu->memptrs_bo) { 424 - if (gpu->memptrs) 425 - msm_gem_put_vaddr(gpu->memptrs_bo); 423 + struct msm_gpu *gpu = &adreno_gpu->base; 426 424 427 - if (gpu->memptrs_iova) 428 - msm_gem_put_iova(gpu->memptrs_bo, gpu->base.id); 425 + if (adreno_gpu->memptrs_bo) { 426 + if (adreno_gpu->memptrs) 427 + msm_gem_put_vaddr(adreno_gpu->memptrs_bo); 429 428 430 - drm_gem_object_unreference_unlocked(gpu->memptrs_bo); 429 + if (adreno_gpu->memptrs_iova) 430 + msm_gem_put_iova(adreno_gpu->memptrs_bo, gpu->id); 431 + 432 + drm_gem_object_unreference_unlocked(adreno_gpu->memptrs_bo); 431 433 } 432 - release_firmware(gpu->pm4); 433 - release_firmware(gpu->pfp); 434 - msm_gpu_cleanup(&gpu->base); 434 + release_firmware(adreno_gpu->pm4); 435 + release_firmware(adreno_gpu->pfp); 436 + 437 + msm_gpu_cleanup(gpu); 438 + 439 + if (gpu->aspace) { 440 + gpu->aspace->mmu->funcs->detach(gpu->aspace->mmu, 441 + iommu_ports, ARRAY_SIZE(iommu_ports)); 442 + msm_gem_address_space_destroy(gpu->aspace); 443 + } 435 444 }

+1 -1

drivers/gpu/drm/msm/dsi/dsi_manager.c

··· 171 171 } 172 172 } 173 173 } else { 174 - msm_dsi_host_reset_phy(mdsi->host); 174 + msm_dsi_host_reset_phy(msm_dsi->host); 175 175 ret = enable_phy(msm_dsi, src_pll_id, &shared_timings[id]); 176 176 if (ret) 177 177 return ret;

-7

drivers/gpu/drm/msm/hdmi/hdmi_audio.c

··· 18 18 #include <linux/hdmi.h> 19 19 #include "hdmi.h" 20 20 21 - 22 - /* Supported HDMI Audio channels */ 23 - #define MSM_HDMI_AUDIO_CHANNEL_2 0 24 - #define MSM_HDMI_AUDIO_CHANNEL_4 1 25 - #define MSM_HDMI_AUDIO_CHANNEL_6 2 26 - #define MSM_HDMI_AUDIO_CHANNEL_8 3 27 - 28 21 /* maps MSM_HDMI_AUDIO_CHANNEL_n consts used by audio driver to # of channels: */ 29 22 static int nchannels[] = { 2, 4, 6, 8 }; 30 23

+2 -1

drivers/gpu/drm/msm/mdp/mdp5/mdp5_pipe.h

··· 18 18 #ifndef __MDP5_PIPE_H__ 19 19 #define __MDP5_PIPE_H__ 20 20 21 - #define SSPP_MAX (SSPP_RGB3 + 1) /* TODO: Add SSPP_MAX in mdp5.xml.h */ 21 + /* TODO: Add SSPP_MAX in mdp5.xml.h */ 22 + #define SSPP_MAX (SSPP_CURSOR1 + 1) 22 23 23 24 /* represents a hw pipe, which is dynamically assigned to a plane */ 24 25 struct mdp5_hw_pipe {

+6

drivers/gpu/drm/msm/msm_gem.c

··· 812 812 813 813 size = PAGE_ALIGN(size); 814 814 815 + /* Disallow zero sized objects as they make the underlying 816 + * infrastructure grumpy 817 + */ 818 + if (size == 0) 819 + return ERR_PTR(-EINVAL); 820 + 815 821 ret = msm_gem_new_impl(dev, size, flags, NULL, &obj); 816 822 if (ret) 817 823 goto fail;

-3

drivers/gpu/drm/msm/msm_gpu.c

··· 706 706 msm_ringbuffer_destroy(gpu->rb); 707 707 } 708 708 709 - if (gpu->aspace) 710 - msm_gem_address_space_destroy(gpu->aspace); 711 - 712 709 if (gpu->fctx) 713 710 msm_fence_context_free(gpu->fctx); 714 711 }

+2 -2

drivers/gpu/drm/radeon/radeon_ttm.c

··· 213 213 rbo->placement.num_busy_placement = 0; 214 214 for (i = 0; i < rbo->placement.num_placement; i++) { 215 215 if (rbo->placements[i].flags & TTM_PL_FLAG_VRAM) { 216 - if (rbo->placements[0].fpfn < fpfn) 217 - rbo->placements[0].fpfn = fpfn; 216 + if (rbo->placements[i].fpfn < fpfn) 217 + rbo->placements[i].fpfn = fpfn; 218 218 } else { 219 219 rbo->placement.busy_placement = 220 220 &rbo->placements[i];

+8 -6

drivers/gpu/drm/ttm/ttm_object.c

··· 179 179 if (unlikely(ret != 0)) 180 180 goto out_err0; 181 181 182 - ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL); 182 + ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false); 183 183 if (unlikely(ret != 0)) 184 184 goto out_err1; 185 185 ··· 318 318 319 319 int ttm_ref_object_add(struct ttm_object_file *tfile, 320 320 struct ttm_base_object *base, 321 - enum ttm_ref_type ref_type, bool *existed) 321 + enum ttm_ref_type ref_type, bool *existed, 322 + bool require_existed) 322 323 { 323 324 struct drm_open_hash *ht = &tfile->ref_hash[ref_type]; 324 325 struct ttm_ref_object *ref; ··· 346 345 } 347 346 348 347 rcu_read_unlock(); 348 + if (require_existed) 349 + return -EPERM; 350 + 349 351 ret = ttm_mem_global_alloc(mem_glob, sizeof(*ref), 350 352 false, false); 351 353 if (unlikely(ret != 0)) ··· 453 449 ttm_ref_object_release(&ref->kref); 454 450 } 455 451 452 + spin_unlock(&tfile->lock); 456 453 for (i = 0; i < TTM_REF_NUM; ++i) 457 454 drm_ht_remove(&tfile->ref_hash[i]); 458 455 459 - spin_unlock(&tfile->lock); 460 456 ttm_object_file_unref(&tfile); 461 457 } 462 458 EXPORT_SYMBOL(ttm_object_file_release); ··· 533 529 534 530 *p_tdev = NULL; 535 531 536 - spin_lock(&tdev->object_lock); 537 532 drm_ht_remove(&tdev->object_hash); 538 - spin_unlock(&tdev->object_lock); 539 533 540 534 kfree(tdev); 541 535 } ··· 637 635 prime = (struct ttm_prime_object *) dma_buf->priv; 638 636 base = &prime->base; 639 637 *handle = base->hash.key; 640 - ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL); 638 + ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, false); 641 639 642 640 dma_buf_put(dma_buf); 643 641

+12 -1

drivers/gpu/drm/vc4/vc4_crtc.c

··· 846 846 drm_atomic_helper_crtc_destroy_state(crtc, state); 847 847 } 848 848 849 + static void 850 + vc4_crtc_reset(struct drm_crtc *crtc) 851 + { 852 + if (crtc->state) 853 + __drm_atomic_helper_crtc_destroy_state(crtc->state); 854 + 855 + crtc->state = kzalloc(sizeof(struct vc4_crtc_state), GFP_KERNEL); 856 + if (crtc->state) 857 + crtc->state->crtc = crtc; 858 + } 859 + 849 860 static const struct drm_crtc_funcs vc4_crtc_funcs = { 850 861 .set_config = drm_atomic_helper_set_config, 851 862 .destroy = vc4_crtc_destroy, ··· 864 853 .set_property = NULL, 865 854 .cursor_set = NULL, /* handled by drm_mode_cursor_universal */ 866 855 .cursor_move = NULL, /* handled by drm_mode_cursor_universal */ 867 - .reset = drm_atomic_helper_crtc_reset, 856 + .reset = vc4_crtc_reset, 868 857 .atomic_duplicate_state = vc4_crtc_duplicate_state, 869 858 .atomic_destroy_state = vc4_crtc_destroy_state, 870 859 .gamma_set = vc4_crtc_gamma_set,

+49 -28

drivers/gpu/drm/vmwgfx/vmwgfx_fence.c

··· 538 538 struct vmw_fence_obj **p_fence) 539 539 { 540 540 struct vmw_fence_obj *fence; 541 - int ret; 541 + int ret; 542 542 543 543 fence = kzalloc(sizeof(*fence), GFP_KERNEL); 544 544 if (unlikely(fence == NULL)) ··· 701 701 } 702 702 703 703 704 + /** 705 + * vmw_fence_obj_lookup - Look up a user-space fence object 706 + * 707 + * @tfile: A struct ttm_object_file identifying the caller. 708 + * @handle: A handle identifying the fence object. 709 + * @return: A struct vmw_user_fence base ttm object on success or 710 + * an error pointer on failure. 711 + * 712 + * The fence object is looked up and type-checked. The caller needs 713 + * to have opened the fence object first, but since that happens on 714 + * creation and fence objects aren't shareable, that's not an 715 + * issue currently. 716 + */ 717 + static struct ttm_base_object * 718 + vmw_fence_obj_lookup(struct ttm_object_file *tfile, u32 handle) 719 + { 720 + struct ttm_base_object *base = ttm_base_object_lookup(tfile, handle); 721 + 722 + if (!base) { 723 + pr_err("Invalid fence object handle 0x%08lx.\n", 724 + (unsigned long)handle); 725 + return ERR_PTR(-EINVAL); 726 + } 727 + 728 + if (base->refcount_release != vmw_user_fence_base_release) { 729 + pr_err("Invalid fence object handle 0x%08lx.\n", 730 + (unsigned long)handle); 731 + ttm_base_object_unref(&base); 732 + return ERR_PTR(-EINVAL); 733 + } 734 + 735 + return base; 736 + } 737 + 738 + 704 739 int vmw_fence_obj_wait_ioctl(struct drm_device *dev, void *data, 705 740 struct drm_file *file_priv) 706 741 { ··· 761 726 arg->kernel_cookie = jiffies + wait_timeout; 762 727 } 763 728 764 - base = ttm_base_object_lookup(tfile, arg->handle); 765 - if (unlikely(base == NULL)) { 766 - printk(KERN_ERR "Wait invalid fence object handle " 767 - "0x%08lx.\n", 768 - (unsigned long)arg->handle); 769 - return -EINVAL; 770 - } 729 + base = vmw_fence_obj_lookup(tfile, arg->handle); 730 + if (IS_ERR(base)) 731 + return PTR_ERR(base); 771 732 772 733 fence = &(container_of(base, struct vmw_user_fence, base)->fence); 773 734 ··· 802 771 struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; 803 772 struct vmw_private *dev_priv = vmw_priv(dev); 804 773 805 - base = ttm_base_object_lookup(tfile, arg->handle); 806 - if (unlikely(base == NULL)) { 807 - printk(KERN_ERR "Fence signaled invalid fence object handle " 808 - "0x%08lx.\n", 809 - (unsigned long)arg->handle); 810 - return -EINVAL; 811 - } 774 + base = vmw_fence_obj_lookup(tfile, arg->handle); 775 + if (IS_ERR(base)) 776 + return PTR_ERR(base); 812 777 813 778 fence = &(container_of(base, struct vmw_user_fence, base)->fence); 814 779 fman = fman_from_fence(fence); ··· 1051 1024 (struct drm_vmw_fence_event_arg *) data; 1052 1025 struct vmw_fence_obj *fence = NULL; 1053 1026 struct vmw_fpriv *vmw_fp = vmw_fpriv(file_priv); 1027 + struct ttm_object_file *tfile = vmw_fp->tfile; 1054 1028 struct drm_vmw_fence_rep __user *user_fence_rep = 1055 1029 (struct drm_vmw_fence_rep __user *)(unsigned long) 1056 1030 arg->fence_rep; ··· 1065 1037 */ 1066 1038 if (arg->handle) { 1067 1039 struct ttm_base_object *base = 1068 - ttm_base_object_lookup_for_ref(dev_priv->tdev, 1069 - arg->handle); 1040 + vmw_fence_obj_lookup(tfile, arg->handle); 1070 1041 1071 - if (unlikely(base == NULL)) { 1072 - DRM_ERROR("Fence event invalid fence object handle " 1073 - "0x%08lx.\n", 1074 - (unsigned long)arg->handle); 1075 - return -EINVAL; 1076 - } 1042 + if (IS_ERR(base)) 1043 + return PTR_ERR(base); 1044 + 1077 1045 fence = &(container_of(base, struct vmw_user_fence, 1078 1046 base)->fence); 1079 1047 (void) vmw_fence_obj_reference(fence); 1080 1048 1081 1049 if (user_fence_rep != NULL) { 1082 - bool existed; 1083 - 1084 1050 ret = ttm_ref_object_add(vmw_fp->tfile, base, 1085 - TTM_REF_USAGE, &existed); 1051 + TTM_REF_USAGE, NULL, false); 1086 1052 if (unlikely(ret != 0)) { 1087 1053 DRM_ERROR("Failed to reference a fence " 1088 1054 "object.\n"); ··· 1119 1097 return 0; 1120 1098 out_no_create: 1121 1099 if (user_fence_rep != NULL) 1122 - ttm_ref_object_base_unref(vmw_fpriv(file_priv)->tfile, 1123 - handle, TTM_REF_USAGE); 1100 + ttm_ref_object_base_unref(tfile, handle, TTM_REF_USAGE); 1124 1101 out_no_ref_obj: 1125 1102 vmw_fence_obj_unreference(&fence); 1126 1103 return ret;

+1 -3

drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c

··· 114 114 param->value = dev_priv->has_dx; 115 115 break; 116 116 default: 117 - DRM_ERROR("Illegal vmwgfx get param request: %d\n", 118 - param->param); 119 117 return -EINVAL; 120 118 } 121 119 ··· 184 186 bool gb_objects = !!(dev_priv->capabilities & SVGA_CAP_GBOBJECTS); 185 187 struct vmw_fpriv *vmw_fp = vmw_fpriv(file_priv); 186 188 187 - if (unlikely(arg->pad64 != 0)) { 189 + if (unlikely(arg->pad64 != 0 || arg->max_size == 0)) { 188 190 DRM_ERROR("Illegal GET_3D_CAP argument.\n"); 189 191 return -EINVAL; 190 192 }

+2 -2

drivers/gpu/drm/vmwgfx/vmwgfx_resource.c

··· 589 589 return ret; 590 590 591 591 ret = ttm_ref_object_add(tfile, &user_bo->prime.base, 592 - TTM_REF_SYNCCPU_WRITE, &existed); 592 + TTM_REF_SYNCCPU_WRITE, &existed, false); 593 593 if (ret != 0 || existed) 594 594 ttm_bo_synccpu_write_release(&user_bo->dma.base); 595 595 ··· 773 773 774 774 *handle = user_bo->prime.base.hash.key; 775 775 return ttm_ref_object_add(tfile, &user_bo->prime.base, 776 - TTM_REF_USAGE, NULL); 776 + TTM_REF_USAGE, NULL, false); 777 777 } 778 778 779 779 /*

+15 -16

drivers/gpu/drm/vmwgfx/vmwgfx_surface.c

··· 713 713 128; 714 714 715 715 num_sizes = 0; 716 - for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) 716 + for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) { 717 + if (req->mip_levels[i] > DRM_VMW_MAX_MIP_LEVELS) 718 + return -EINVAL; 717 719 num_sizes += req->mip_levels[i]; 720 + } 718 721 719 - if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * 720 - DRM_VMW_MAX_MIP_LEVELS) 722 + if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS || 723 + num_sizes == 0) 721 724 return -EINVAL; 722 725 723 726 size = vmw_user_surface_size + 128 + ··· 894 891 uint32_t handle; 895 892 struct ttm_base_object *base; 896 893 int ret; 894 + bool require_exist = false; 897 895 898 896 if (handle_type == DRM_VMW_HANDLE_PRIME) { 899 897 ret = ttm_prime_fd_to_handle(tfile, u_handle, &handle); 900 898 if (unlikely(ret != 0)) 901 899 return ret; 902 900 } else { 903 - if (unlikely(drm_is_render_client(file_priv))) { 904 - DRM_ERROR("Render client refused legacy " 905 - "surface reference.\n"); 906 - return -EACCES; 907 - } 901 + if (unlikely(drm_is_render_client(file_priv))) 902 + require_exist = true; 903 + 908 904 if (ACCESS_ONCE(vmw_fpriv(file_priv)->locked_master)) { 909 905 DRM_ERROR("Locked master refused legacy " 910 906 "surface reference.\n"); ··· 931 929 932 930 /* 933 931 * Make sure the surface creator has the same 934 - * authenticating master. 932 + * authenticating master, or is already registered with us. 935 933 */ 936 934 if (drm_is_primary_client(file_priv) && 937 - user_srf->master != file_priv->master) { 938 - DRM_ERROR("Trying to reference surface outside of" 939 - " master domain.\n"); 940 - ret = -EACCES; 941 - goto out_bad_resource; 942 - } 935 + user_srf->master != file_priv->master) 936 + require_exist = true; 943 937 944 - ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL); 938 + ret = ttm_ref_object_add(tfile, base, TTM_REF_USAGE, NULL, 939 + require_exist); 945 940 if (unlikely(ret != 0)) { 946 941 DRM_ERROR("Could not add a reference to a surface.\n"); 947 942 goto out_bad_resource;

+1

drivers/hid/hid-core.c

··· 2112 2112 { HID_USB_DEVICE(USB_VENDOR_ID_WALTOP, USB_DEVICE_ID_WALTOP_SIRIUS_BATTERY_FREE_TABLET) }, 2113 2113 { HID_USB_DEVICE(USB_VENDOR_ID_X_TENSIONS, USB_DEVICE_ID_SPEEDLINK_VAD_CEZANNE) }, 2114 2114 { HID_USB_DEVICE(USB_VENDOR_ID_XIN_MO, USB_DEVICE_ID_XIN_MO_DUAL_ARCADE) }, 2115 + { HID_USB_DEVICE(USB_VENDOR_ID_XIN_MO, USB_DEVICE_ID_THT_2P_ARCADE) }, 2115 2116 { HID_USB_DEVICE(USB_VENDOR_ID_ZEROPLUS, 0x0005) }, 2116 2117 { HID_USB_DEVICE(USB_VENDOR_ID_ZEROPLUS, 0x0030) }, 2117 2118 { HID_USB_DEVICE(USB_VENDOR_ID_ZYDACRON, USB_DEVICE_ID_ZYDACRON_REMOTE_CONTROL) },

+1

drivers/hid/hid-ids.h

··· 1082 1082 1083 1083 #define USB_VENDOR_ID_XIN_MO 0x16c0 1084 1084 #define USB_DEVICE_ID_XIN_MO_DUAL_ARCADE 0x05e1 1085 + #define USB_DEVICE_ID_THT_2P_ARCADE 0x75e1 1085 1086 1086 1087 #define USB_VENDOR_ID_XIROKU 0x1477 1087 1088 #define USB_DEVICE_ID_XIROKU_SPX 0x1006

+1

drivers/hid/hid-xinmo.c

··· 46 46 47 47 static const struct hid_device_id xinmo_devices[] = { 48 48 { HID_USB_DEVICE(USB_VENDOR_ID_XIN_MO, USB_DEVICE_ID_XIN_MO_DUAL_ARCADE) }, 49 + { HID_USB_DEVICE(USB_VENDOR_ID_XIN_MO, USB_DEVICE_ID_THT_2P_ARCADE) }, 49 50 { } 50 51 }; 51 52

+10 -8

drivers/hid/wacom_sys.c

··· 2165 2165 2166 2166 wacom_update_name(wacom, wireless ? " (WL)" : ""); 2167 2167 2168 + /* pen only Bamboo neither support touch nor pad */ 2169 + if ((features->type == BAMBOO_PEN) && 2170 + ((features->device_type & WACOM_DEVICETYPE_TOUCH) || 2171 + (features->device_type & WACOM_DEVICETYPE_PAD))) { 2172 + error = -ENODEV; 2173 + goto fail; 2174 + } 2175 + 2168 2176 error = wacom_add_shared_data(hdev); 2169 2177 if (error) 2170 2178 goto fail; ··· 2216 2208 /* touch only Bamboo doesn't support pen */ 2217 2209 if ((features->type == BAMBOO_TOUCH) && 2218 2210 (features->device_type & WACOM_DEVICETYPE_PEN)) { 2219 - error = -ENODEV; 2220 - goto fail_quirks; 2221 - } 2222 - 2223 - /* pen only Bamboo neither support touch nor pad */ 2224 - if ((features->type == BAMBOO_PEN) && 2225 - ((features->device_type & WACOM_DEVICETYPE_TOUCH) || 2226 - (features->device_type & WACOM_DEVICETYPE_PAD))) { 2211 + cancel_delayed_work_sync(&wacom->init_work); 2212 + _wacom_query_tablet_data(wacom); 2227 2213 error = -ENODEV; 2228 2214 goto fail_quirks; 2229 2215 }

+6 -28

drivers/i2c/muxes/i2c-mux-pca954x.c

··· 35 35 * warranty of any kind, whether express or implied. 36 36 */ 37 37 38 - #include <linux/acpi.h> 39 38 #include <linux/device.h> 40 39 #include <linux/gpio/consumer.h> 41 40 #include <linux/i2c.h> ··· 116 117 .has_irq = 1, 117 118 .muxtype = pca954x_isswi, 118 119 }, 120 + [pca_9546] = { 121 + .nchans = 4, 122 + .muxtype = pca954x_isswi, 123 + }, 119 124 [pca_9547] = { 120 125 .nchans = 8, 121 126 .enable = 0x8, ··· 137 134 { "pca9543", pca_9543 }, 138 135 { "pca9544", pca_9544 }, 139 136 { "pca9545", pca_9545 }, 140 - { "pca9546", pca_9545 }, 137 + { "pca9546", pca_9546 }, 141 138 { "pca9547", pca_9547 }, 142 139 { "pca9548", pca_9548 }, 143 140 { } 144 141 }; 145 142 MODULE_DEVICE_TABLE(i2c, pca954x_id); 146 - 147 - #ifdef CONFIG_ACPI 148 - static const struct acpi_device_id pca954x_acpi_ids[] = { 149 - { .id = "PCA9540", .driver_data = pca_9540 }, 150 - { .id = "PCA9542", .driver_data = pca_9542 }, 151 - { .id = "PCA9543", .driver_data = pca_9543 }, 152 - { .id = "PCA9544", .driver_data = pca_9544 }, 153 - { .id = "PCA9545", .driver_data = pca_9545 }, 154 - { .id = "PCA9546", .driver_data = pca_9545 }, 155 - { .id = "PCA9547", .driver_data = pca_9547 }, 156 - { .id = "PCA9548", .driver_data = pca_9548 }, 157 - { } 158 - }; 159 - MODULE_DEVICE_TABLE(acpi, pca954x_acpi_ids); 160 - #endif 161 143 162 144 #ifdef CONFIG_OF 163 145 static const struct of_device_id pca954x_of_match[] = { ··· 381 393 match = of_match_device(of_match_ptr(pca954x_of_match), &client->dev); 382 394 if (match) 383 395 data->chip = of_device_get_match_data(&client->dev); 384 - else if (id) 396 + else 385 397 data->chip = &chips[id->driver_data]; 386 - else { 387 - const struct acpi_device_id *acpi_id; 388 - 389 - acpi_id = acpi_match_device(ACPI_PTR(pca954x_acpi_ids), 390 - &client->dev); 391 - if (!acpi_id) 392 - return -ENODEV; 393 - data->chip = &chips[acpi_id->driver_data]; 394 - } 395 398 396 399 data->last_chan = 0; /* force the first selection */ 397 400 ··· 471 492 .name = "pca954x", 472 493 .pm = &pca954x_pm, 473 494 .of_match_table = of_match_ptr(pca954x_of_match), 474 - .acpi_match_table = ACPI_PTR(pca954x_acpi_ids), 475 495 }, 476 496 .probe = pca954x_probe, 477 497 .remove = pca954x_remove,

+2 -1

drivers/iio/accel/hid-sensor-accel-3d.c

··· 370 370 name = "accel_3d"; 371 371 channel_spec = accel_3d_channels; 372 372 channel_size = sizeof(accel_3d_channels); 373 + indio_dev->num_channels = ARRAY_SIZE(accel_3d_channels); 373 374 } else { 374 375 name = "gravity"; 375 376 channel_spec = gravity_channels; 376 377 channel_size = sizeof(gravity_channels); 378 + indio_dev->num_channels = ARRAY_SIZE(gravity_channels); 377 379 } 378 380 ret = hid_sensor_parse_common_attributes(hsdev, hsdev->usage, 379 381 &accel_state->common_attributes); ··· 397 395 goto error_free_dev_mem; 398 396 } 399 397 400 - indio_dev->num_channels = ARRAY_SIZE(accel_3d_channels); 401 398 indio_dev->dev.parent = &pdev->dev; 402 399 indio_dev->info = &accel_3d_info; 403 400 indio_dev->name = name;

+2 -2

drivers/iio/common/cros_ec_sensors/cros_ec_sensors.c

··· 61 61 ret = st->core.read_ec_sensors_data(indio_dev, 1 << idx, &data); 62 62 if (ret < 0) 63 63 break; 64 - 64 + ret = IIO_VAL_INT; 65 65 *val = data; 66 66 break; 67 67 case IIO_CHAN_INFO_CALIBBIAS: ··· 76 76 for (i = CROS_EC_SENSOR_X; i < CROS_EC_SENSOR_MAX_AXIS; i++) 77 77 st->core.calib[i] = 78 78 st->core.resp->sensor_offset.offset[i]; 79 - 79 + ret = IIO_VAL_INT; 80 80 *val = st->core.calib[idx]; 81 81 break; 82 82 case IIO_CHAN_INFO_SCALE:

+10

drivers/iio/common/hid-sensors/hid-sensor-attributes.c

··· 379 379 { 380 380 381 381 struct hid_sensor_hub_attribute_info timestamp; 382 + s32 value; 383 + int ret; 382 384 383 385 hid_sensor_get_reporting_interval(hsdev, usage_id, st); 384 386 ··· 418 416 st->power_state.index, st->power_state.report_id, 419 417 st->sensitivity.index, st->sensitivity.report_id, 420 418 timestamp.index, timestamp.report_id); 419 + 420 + ret = sensor_hub_get_feature(hsdev, 421 + st->power_state.report_id, 422 + st->power_state.index, sizeof(value), &value); 423 + if (ret < 0) 424 + return ret; 425 + if (value < 0) 426 + return -EINVAL; 421 427 422 428 return 0; 423 429 }

+12

drivers/iio/gyro/bmg160_core.c

··· 27 27 #include <linux/iio/trigger_consumer.h> 28 28 #include <linux/iio/triggered_buffer.h> 29 29 #include <linux/regmap.h> 30 + #include <linux/delay.h> 30 31 #include "bmg160.h" 31 32 32 33 #define BMG160_IRQ_NAME "bmg160_event" ··· 52 51 #define BMG160_NO_FILTER 0 53 52 #define BMG160_DEF_BW 100 54 53 #define BMG160_REG_PMU_BW_RES BIT(7) 54 + 55 + #define BMG160_GYRO_REG_RESET 0x14 56 + #define BMG160_GYRO_RESET_VAL 0xb6 55 57 56 58 #define BMG160_REG_INT_MAP_0 0x17 57 59 #define BMG160_INT_MAP_0_BIT_ANY BIT(1) ··· 239 235 struct device *dev = regmap_get_device(data->regmap); 240 236 int ret; 241 237 unsigned int val; 238 + 239 + /* 240 + * Reset chip to get it in a known good state. A delay of 30ms after 241 + * reset is required according to the datasheet. 242 + */ 243 + regmap_write(data->regmap, BMG160_GYRO_REG_RESET, 244 + BMG160_GYRO_RESET_VAL); 245 + usleep_range(30000, 30700); 242 246 243 247 ret = regmap_read(data->regmap, BMG160_REG_CHIP_ID, &val); 244 248 if (ret < 0) {

+3 -4

drivers/iio/industrialio-core.c

··· 610 610 tmp0 = (int)div_s64_rem(tmp, 1000000000, &tmp1); 611 611 return snprintf(buf, len, "%d.%09u", tmp0, abs(tmp1)); 612 612 case IIO_VAL_FRACTIONAL_LOG2: 613 - tmp = (s64)vals[0] * 1000000000LL >> vals[1]; 614 - tmp1 = do_div(tmp, 1000000000LL); 615 - tmp0 = tmp; 616 - return snprintf(buf, len, "%d.%09u", tmp0, tmp1); 613 + tmp = shift_right((s64)vals[0] * 1000000000LL, vals[1]); 614 + tmp0 = (int)div_s64_rem(tmp, 1000000000LL, &tmp1); 615 + return snprintf(buf, len, "%d.%09u", tmp0, abs(tmp1)); 617 616 case IIO_VAL_INT_MULTIPLE: 618 617 { 619 618 int i;

+1

drivers/iio/pressure/st_pressure_core.c

··· 457 457 .addr_stat_drdy = ST_SENSORS_DEFAULT_STAT_ADDR, 458 458 }, 459 459 .multi_read_bit = true, 460 + .bootime = 2, 460 461 }, 461 462 }; 462 463

+1

drivers/irqchip/Kconfig

··· 262 262 263 263 config MVEBU_ODMI 264 264 bool 265 + select GENERIC_MSI_IRQ_DOMAIN 265 266 266 267 config MVEBU_PIC 267 268 bool

+4

drivers/irqchip/irq-mips-gic.c

··· 991 991 992 992 static void __init gic_map_interrupts(struct device_node *node) 993 993 { 994 + gic_map_single_int(node, GIC_LOCAL_INT_WD); 995 + gic_map_single_int(node, GIC_LOCAL_INT_COMPARE); 994 996 gic_map_single_int(node, GIC_LOCAL_INT_TIMER); 995 997 gic_map_single_int(node, GIC_LOCAL_INT_PERFCTR); 998 + gic_map_single_int(node, GIC_LOCAL_INT_SWINT0); 999 + gic_map_single_int(node, GIC_LOCAL_INT_SWINT1); 996 1000 gic_map_single_int(node, GIC_LOCAL_INT_FDC); 997 1001 } 998 1002

+1

drivers/isdn/capi/kcapi.c

··· 1032 1032 sizeof(avmb1_carddef)))) 1033 1033 return -EFAULT; 1034 1034 cdef.cardtype = AVM_CARDTYPE_B1; 1035 + cdef.cardnr = 0; 1035 1036 } else { 1036 1037 if ((retval = copy_from_user(&cdef, data, 1037 1038 sizeof(avmb1_extcarddef))))

+5 -3

drivers/md/dm-cache-metadata.c

··· 932 932 *result = true; 933 933 934 934 r = dm_bitset_cursor_begin(&cmd->dirty_info, cmd->dirty_root, 935 - from_cblock(begin), &cmd->dirty_cursor); 935 + from_cblock(cmd->cache_blocks), &cmd->dirty_cursor); 936 936 if (r) { 937 937 DMERR("%s: dm_bitset_cursor_begin for dirty failed", __func__); 938 938 return r; ··· 959 959 return 0; 960 960 } 961 961 962 + begin = to_cblock(from_cblock(begin) + 1); 963 + if (begin == end) 964 + break; 965 + 962 966 r = dm_bitset_cursor_next(&cmd->dirty_cursor); 963 967 if (r) { 964 968 DMERR("%s: dm_bitset_cursor_next for dirty failed", __func__); 965 969 dm_bitset_cursor_end(&cmd->dirty_cursor); 966 970 return r; 967 971 } 968 - 969 - begin = to_cblock(from_cblock(begin) + 1); 970 972 } 971 973 972 974 dm_bitset_cursor_end(&cmd->dirty_cursor);

+1 -1

drivers/md/dm-raid.c

··· 3726 3726 return r; 3727 3727 3728 3728 /* Resize bitmap to adjust to changed region size (aka MD bitmap chunksize) */ 3729 - if (test_bit(RT_FLAG_RS_BITMAP_LOADED, &rs->runtime_flags) && 3729 + if (test_bit(RT_FLAG_RS_BITMAP_LOADED, &rs->runtime_flags) && mddev->bitmap && 3730 3730 mddev->bitmap_info.chunksize != to_bytes(rs->requested_bitmap_chunk_sectors)) { 3731 3731 r = bitmap_resize(mddev->bitmap, mddev->dev_sectors, 3732 3732 to_bytes(rs->requested_bitmap_chunk_sectors), 0);

+1

drivers/md/dm-rq.c

··· 755 755 /* Undo dm_start_request() before requeuing */ 756 756 rq_end_stats(md, rq); 757 757 rq_completed(md, rq_data_dir(rq), false); 758 + blk_mq_delay_run_hw_queue(hctx, 100/*ms*/); 758 759 return BLK_MQ_RQ_QUEUE_BUSY; 759 760 } 760 761

+14 -4

drivers/md/dm-verity-fec.c

··· 146 146 block = fec_buffer_rs_block(v, fio, n, i); 147 147 res = fec_decode_rs8(v, fio, block, &par[offset], neras); 148 148 if (res < 0) { 149 - dm_bufio_release(buf); 150 - 151 149 r = res; 152 150 goto error; 153 151 } ··· 170 172 done: 171 173 r = corrected; 172 174 error: 175 + dm_bufio_release(buf); 176 + 173 177 if (r < 0 && neras) 174 178 DMERR_LIMIT("%s: FEC %llu: failed to correct: %d", 175 179 v->data_dev->name, (unsigned long long)rsb, r); ··· 269 269 &is_zero) == 0) { 270 270 /* skip known zero blocks entirely */ 271 271 if (is_zero) 272 - continue; 272 + goto done; 273 273 274 274 /* 275 275 * skip if we have already found the theoretical ··· 439 439 if (!verity_fec_is_enabled(v)) 440 440 return -EOPNOTSUPP; 441 441 442 + if (fio->level >= DM_VERITY_FEC_MAX_RECURSION) { 443 + DMWARN_LIMIT("%s: FEC: recursion too deep", v->data_dev->name); 444 + return -EIO; 445 + } 446 + 447 + fio->level++; 448 + 442 449 if (type == DM_VERITY_BLOCK_TYPE_METADATA) 443 450 block += v->data_blocks; 444 451 ··· 477 470 if (r < 0) { 478 471 r = fec_decode_rsb(v, io, fio, rsb, offset, true); 479 472 if (r < 0) 480 - return r; 473 + goto done; 481 474 } 482 475 483 476 if (dest) ··· 487 480 r = verity_for_bv_block(v, io, iter, fec_bv_copy); 488 481 } 489 482 483 + done: 484 + fio->level--; 490 485 return r; 491 486 } 492 487 ··· 529 520 memset(fio->bufs, 0, sizeof(fio->bufs)); 530 521 fio->nbufs = 0; 531 522 fio->output = NULL; 523 + fio->level = 0; 532 524 } 533 525 534 526 /*

+4

drivers/md/dm-verity-fec.h

··· 27 27 #define DM_VERITY_FEC_BUF_MAX \ 28 28 (1 << (PAGE_SHIFT - DM_VERITY_FEC_BUF_RS_BITS)) 29 29 30 + /* maximum recursion level for verity_fec_decode */ 31 + #define DM_VERITY_FEC_MAX_RECURSION 4 32 + 30 33 #define DM_VERITY_OPT_FEC_DEV "use_fec_from_device" 31 34 #define DM_VERITY_OPT_FEC_BLOCKS "fec_blocks" 32 35 #define DM_VERITY_OPT_FEC_START "fec_start" ··· 61 58 unsigned nbufs; /* number of buffers allocated */ 62 59 u8 *output; /* buffer for corrected output */ 63 60 size_t output_pos; 61 + unsigned level; /* recursion level */ 64 62 }; 65 63 66 64 #ifdef CONFIG_DM_VERITY_FEC

+10 -1

drivers/mmc/host/sdhci-of-at91.c

··· 29 29 30 30 #include "sdhci-pltfm.h" 31 31 32 + #define SDMMC_MC1R 0x204 33 + #define SDMMC_MC1R_DDR BIT(3) 32 34 #define SDMMC_CACR 0x230 33 35 #define SDMMC_CACR_CAPWREN BIT(0) 34 36 #define SDMMC_CACR_KEY (0x46 << 8) ··· 105 103 sdhci_set_power_noreg(host, mode, vdd); 106 104 } 107 105 106 + void sdhci_at91_set_uhs_signaling(struct sdhci_host *host, unsigned int timing) 107 + { 108 + if (timing == MMC_TIMING_MMC_DDR52) 109 + sdhci_writeb(host, SDMMC_MC1R_DDR, SDMMC_MC1R); 110 + sdhci_set_uhs_signaling(host, timing); 111 + } 112 + 108 113 static const struct sdhci_ops sdhci_at91_sama5d2_ops = { 109 114 .set_clock = sdhci_at91_set_clock, 110 115 .set_bus_width = sdhci_set_bus_width, 111 116 .reset = sdhci_reset, 112 - .set_uhs_signaling = sdhci_set_uhs_signaling, 117 + .set_uhs_signaling = sdhci_at91_set_uhs_signaling, 113 118 .set_power = sdhci_at91_set_power, 114 119 }; 115 120

+6

drivers/mmc/host/sdhci.c

··· 1830 1830 struct sdhci_host *host = mmc_priv(mmc); 1831 1831 unsigned long flags; 1832 1832 1833 + if (enable) 1834 + pm_runtime_get_noresume(host->mmc->parent); 1835 + 1833 1836 spin_lock_irqsave(&host->lock, flags); 1834 1837 if (enable) 1835 1838 host->flags |= SDHCI_SDIO_IRQ_ENABLED; ··· 1841 1838 1842 1839 sdhci_enable_sdio_irq_nolock(host, enable); 1843 1840 spin_unlock_irqrestore(&host->lock, flags); 1841 + 1842 + if (!enable) 1843 + pm_runtime_put_noidle(host->mmc->parent); 1844 1844 } 1845 1845 1846 1846 static int sdhci_start_signal_voltage_switch(struct mmc_host *mmc,

-5

drivers/net/ethernet/aquantia/atlantic/aq_main.c

··· 100 100 goto err_exit; 101 101 ndev->mtu = new_mtu; 102 102 103 - if (netif_running(ndev)) { 104 - aq_ndev_close(ndev); 105 - aq_ndev_open(ndev); 106 - } 107 - 108 103 err_exit: 109 104 return err; 110 105 }

+19 -4

drivers/net/ethernet/aquantia/atlantic/aq_nic.c

··· 487 487 dx_buff->mss = skb_shinfo(skb)->gso_size; 488 488 dx_buff->is_txc = 1U; 489 489 490 + dx_buff->is_ipv6 = 491 + (ip_hdr(skb)->version == 6) ? 1U : 0U; 492 + 490 493 dx = aq_ring_next_dx(ring, dx); 491 494 dx_buff = &ring->buff_ring[dx]; 492 495 ++ret; ··· 513 510 if (skb->ip_summed == CHECKSUM_PARTIAL) { 514 511 dx_buff->is_ip_cso = (htons(ETH_P_IP) == skb->protocol) ? 515 512 1U : 0U; 516 - dx_buff->is_tcp_cso = 517 - (ip_hdr(skb)->protocol == IPPROTO_TCP) ? 1U : 0U; 518 - dx_buff->is_udp_cso = 519 - (ip_hdr(skb)->protocol == IPPROTO_UDP) ? 1U : 0U; 513 + 514 + if (ip_hdr(skb)->version == 4) { 515 + dx_buff->is_tcp_cso = 516 + (ip_hdr(skb)->protocol == IPPROTO_TCP) ? 517 + 1U : 0U; 518 + dx_buff->is_udp_cso = 519 + (ip_hdr(skb)->protocol == IPPROTO_UDP) ? 520 + 1U : 0U; 521 + } else if (ip_hdr(skb)->version == 6) { 522 + dx_buff->is_tcp_cso = 523 + (ipv6_hdr(skb)->nexthdr == NEXTHDR_TCP) ? 524 + 1U : 0U; 525 + dx_buff->is_udp_cso = 526 + (ipv6_hdr(skb)->nexthdr == NEXTHDR_UDP) ? 527 + 1U : 0U; 528 + } 520 529 } 521 530 522 531 for (; nr_frags--; ++frag_count) {

+1

drivers/net/ethernet/aquantia/atlantic/aq_ring.c

··· 101 101 self->hw_head = 0; 102 102 self->sw_head = 0; 103 103 self->sw_tail = 0; 104 + spin_lock_init(&self->header.lock); 104 105 return 0; 105 106 } 106 107

+2 -1

drivers/net/ethernet/aquantia/atlantic/aq_ring.h

··· 58 58 u8 len_l2; 59 59 u8 len_l3; 60 60 u8 len_l4; 61 - u8 rsvd2; 61 + u8 is_ipv6:1; 62 + u8 rsvd2:7; 62 63 u32 len_pkt; 63 64 }; 64 65 };

+4

drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c

··· 433 433 buff->len_l3 + 434 434 buff->len_l2); 435 435 is_gso = true; 436 + 437 + if (buff->is_ipv6) 438 + txd->ctl |= HW_ATL_A0_TXD_CTL_CMD_IPV6; 436 439 } else { 437 440 buff_pa_len = buff->len; 438 441 ··· 461 458 if (unlikely(buff->is_eop)) { 462 459 txd->ctl |= HW_ATL_A0_TXD_CTL_EOP; 463 460 txd->ctl |= HW_ATL_A0_TXD_CTL_CMD_WB; 461 + is_gso = false; 464 462 } 465 463 } 466 464

+4

drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c

··· 471 471 buff->len_l3 + 472 472 buff->len_l2); 473 473 is_gso = true; 474 + 475 + if (buff->is_ipv6) 476 + txd->ctl |= HW_ATL_B0_TXD_CTL_CMD_IPV6; 474 477 } else { 475 478 buff_pa_len = buff->len; 476 479 ··· 499 496 if (unlikely(buff->is_eop)) { 500 497 txd->ctl |= HW_ATL_B0_TXD_CTL_EOP; 501 498 txd->ctl |= HW_ATL_B0_TXD_CTL_CMD_WB; 499 + is_gso = false; 502 500 } 503 501 } 504 502

+3 -3

drivers/net/ethernet/broadcom/bnx2x/bnx2x.h

··· 2277 2277 GENERAL_ATTEN_OFFSET(LATCHED_ATTN_RBCP) | \ 2278 2278 GENERAL_ATTEN_OFFSET(LATCHED_ATTN_RSVD_GRC)) 2279 2279 2280 - #define HW_INTERRUT_ASSERT_SET_0 \ 2280 + #define HW_INTERRUPT_ASSERT_SET_0 \ 2281 2281 (AEU_INPUTS_ATTN_BITS_TSDM_HW_INTERRUPT | \ 2282 2282 AEU_INPUTS_ATTN_BITS_TCM_HW_INTERRUPT | \ 2283 2283 AEU_INPUTS_ATTN_BITS_TSEMI_HW_INTERRUPT | \ ··· 2290 2290 AEU_INPUTS_ATTN_BITS_TSEMI_PARITY_ERROR |\ 2291 2291 AEU_INPUTS_ATTN_BITS_TCM_PARITY_ERROR |\ 2292 2292 AEU_INPUTS_ATTN_BITS_PBCLIENT_PARITY_ERROR) 2293 - #define HW_INTERRUT_ASSERT_SET_1 \ 2293 + #define HW_INTERRUPT_ASSERT_SET_1 \ 2294 2294 (AEU_INPUTS_ATTN_BITS_QM_HW_INTERRUPT | \ 2295 2295 AEU_INPUTS_ATTN_BITS_TIMERS_HW_INTERRUPT | \ 2296 2296 AEU_INPUTS_ATTN_BITS_XSDM_HW_INTERRUPT | \ ··· 2318 2318 AEU_INPUTS_ATTN_BITS_UPB_PARITY_ERROR | \ 2319 2319 AEU_INPUTS_ATTN_BITS_CSDM_PARITY_ERROR |\ 2320 2320 AEU_INPUTS_ATTN_BITS_CCM_PARITY_ERROR) 2321 - #define HW_INTERRUT_ASSERT_SET_2 \ 2321 + #define HW_INTERRUPT_ASSERT_SET_2 \ 2322 2322 (AEU_INPUTS_ATTN_BITS_CSEMI_HW_INTERRUPT | \ 2323 2323 AEU_INPUTS_ATTN_BITS_CDU_HW_INTERRUPT | \ 2324 2324 AEU_INPUTS_ATTN_BITS_DMAE_HW_INTERRUPT | \

+9 -9

drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c

··· 4166 4166 bnx2x_release_phy_lock(bp); 4167 4167 } 4168 4168 4169 - if (attn & HW_INTERRUT_ASSERT_SET_0) { 4169 + if (attn & HW_INTERRUPT_ASSERT_SET_0) { 4170 4170 4171 4171 val = REG_RD(bp, reg_offset); 4172 - val &= ~(attn & HW_INTERRUT_ASSERT_SET_0); 4172 + val &= ~(attn & HW_INTERRUPT_ASSERT_SET_0); 4173 4173 REG_WR(bp, reg_offset, val); 4174 4174 4175 4175 BNX2X_ERR("FATAL HW block attention set0 0x%x\n", 4176 - (u32)(attn & HW_INTERRUT_ASSERT_SET_0)); 4176 + (u32)(attn & HW_INTERRUPT_ASSERT_SET_0)); 4177 4177 bnx2x_panic(); 4178 4178 } 4179 4179 } ··· 4191 4191 BNX2X_ERR("FATAL error from DORQ\n"); 4192 4192 } 4193 4193 4194 - if (attn & HW_INTERRUT_ASSERT_SET_1) { 4194 + if (attn & HW_INTERRUPT_ASSERT_SET_1) { 4195 4195 4196 4196 int port = BP_PORT(bp); 4197 4197 int reg_offset; ··· 4200 4200 MISC_REG_AEU_ENABLE1_FUNC_0_OUT_1); 4201 4201 4202 4202 val = REG_RD(bp, reg_offset); 4203 - val &= ~(attn & HW_INTERRUT_ASSERT_SET_1); 4203 + val &= ~(attn & HW_INTERRUPT_ASSERT_SET_1); 4204 4204 REG_WR(bp, reg_offset, val); 4205 4205 4206 4206 BNX2X_ERR("FATAL HW block attention set1 0x%x\n", 4207 - (u32)(attn & HW_INTERRUT_ASSERT_SET_1)); 4207 + (u32)(attn & HW_INTERRUPT_ASSERT_SET_1)); 4208 4208 bnx2x_panic(); 4209 4209 } 4210 4210 } ··· 4235 4235 } 4236 4236 } 4237 4237 4238 - if (attn & HW_INTERRUT_ASSERT_SET_2) { 4238 + if (attn & HW_INTERRUPT_ASSERT_SET_2) { 4239 4239 4240 4240 int port = BP_PORT(bp); 4241 4241 int reg_offset; ··· 4244 4244 MISC_REG_AEU_ENABLE1_FUNC_0_OUT_2); 4245 4245 4246 4246 val = REG_RD(bp, reg_offset); 4247 - val &= ~(attn & HW_INTERRUT_ASSERT_SET_2); 4247 + val &= ~(attn & HW_INTERRUPT_ASSERT_SET_2); 4248 4248 REG_WR(bp, reg_offset, val); 4249 4249 4250 4250 BNX2X_ERR("FATAL HW block attention set2 0x%x\n", 4251 - (u32)(attn & HW_INTERRUT_ASSERT_SET_2)); 4251 + (u32)(attn & HW_INTERRUPT_ASSERT_SET_2)); 4252 4252 bnx2x_panic(); 4253 4253 } 4254 4254 }

+24 -6

drivers/net/ethernet/broadcom/bnxt/bnxt.c

··· 1983 1983 1984 1984 for (j = 0; j < max_idx; j++) { 1985 1985 struct bnxt_sw_rx_bd *rx_buf = &rxr->rx_buf_ring[j]; 1986 + dma_addr_t mapping = rx_buf->mapping; 1986 1987 void *data = rx_buf->data; 1987 1988 1988 1989 if (!data) 1989 1990 continue; 1990 1991 1991 - dma_unmap_single(&pdev->dev, rx_buf->mapping, 1992 - bp->rx_buf_use_size, bp->rx_dir); 1993 - 1994 1992 rx_buf->data = NULL; 1995 1993 1996 - if (BNXT_RX_PAGE_MODE(bp)) 1994 + if (BNXT_RX_PAGE_MODE(bp)) { 1995 + mapping -= bp->rx_dma_offset; 1996 + dma_unmap_page(&pdev->dev, mapping, 1997 + PAGE_SIZE, bp->rx_dir); 1997 1998 __free_page(data); 1998 - else 1999 + } else { 2000 + dma_unmap_single(&pdev->dev, mapping, 2001 + bp->rx_buf_use_size, 2002 + bp->rx_dir); 1999 2003 kfree(data); 2004 + } 2000 2005 } 2001 2006 2002 2007 for (j = 0; j < max_agg_idx; j++) { ··· 2458 2453 } 2459 2454 2460 2455 return 0; 2456 + } 2457 + 2458 + static void bnxt_init_cp_rings(struct bnxt *bp) 2459 + { 2460 + int i; 2461 + 2462 + for (i = 0; i < bp->cp_nr_rings; i++) { 2463 + struct bnxt_cp_ring_info *cpr = &bp->bnapi[i]->cp_ring; 2464 + struct bnxt_ring_struct *ring = &cpr->cp_ring_struct; 2465 + 2466 + ring->fw_ring_id = INVALID_HW_RING_ID; 2467 + } 2461 2468 } 2462 2469 2463 2470 static int bnxt_init_rx_rings(struct bnxt *bp) ··· 4749 4732 rc = bnxt_hwrm_vnic_set_tpa(bp, i, tpa_flags); 4750 4733 if (rc) { 4751 4734 netdev_err(bp->dev, "hwrm vnic set tpa failure rc for vnic %d: %x\n", 4752 - rc, i); 4735 + i, rc); 4753 4736 return rc; 4754 4737 } 4755 4738 } ··· 5023 5006 5024 5007 static int bnxt_init_nic(struct bnxt *bp, bool irq_re_init) 5025 5008 { 5009 + bnxt_init_cp_rings(bp); 5026 5010 bnxt_init_rx_rings(bp); 5027 5011 bnxt_init_tx_rings(bp); 5028 5012 bnxt_init_ring_grps(bp, irq_re_init);

+7 -3

drivers/net/ethernet/brocade/bna/bfa_ioc.c

··· 1930 1930 bfa_ioc_send_enable(struct bfa_ioc *ioc) 1931 1931 { 1932 1932 struct bfi_ioc_ctrl_req enable_req; 1933 - struct timeval tv; 1934 1933 1935 1934 bfi_h2i_set(enable_req.mh, BFI_MC_IOC, BFI_IOC_H2I_ENABLE_REQ, 1936 1935 bfa_ioc_portid(ioc)); 1937 1936 enable_req.clscode = htons(ioc->clscode); 1938 - do_gettimeofday(&tv); 1939 - enable_req.tv_sec = ntohl(tv.tv_sec); 1937 + enable_req.rsvd = htons(0); 1938 + /* overflow in 2106 */ 1939 + enable_req.tv_sec = ntohl(ktime_get_real_seconds()); 1940 1940 bfa_ioc_mbox_send(ioc, &enable_req, sizeof(struct bfi_ioc_ctrl_req)); 1941 1941 } 1942 1942 ··· 1947 1947 1948 1948 bfi_h2i_set(disable_req.mh, BFI_MC_IOC, BFI_IOC_H2I_DISABLE_REQ, 1949 1949 bfa_ioc_portid(ioc)); 1950 + disable_req.clscode = htons(ioc->clscode); 1951 + disable_req.rsvd = htons(0); 1952 + /* overflow in 2106 */ 1953 + disable_req.tv_sec = ntohl(ktime_get_real_seconds()); 1950 1954 bfa_ioc_mbox_send(ioc, &disable_req, sizeof(struct bfi_ioc_ctrl_req)); 1951 1955 } 1952 1956

+6 -3

drivers/net/ethernet/emulex/benet/be_cmds.c

··· 4939 4939 __be_cmd_set_logical_link_config(struct be_adapter *adapter, 4940 4940 int link_state, int version, u8 domain) 4941 4941 { 4942 - struct be_mcc_wrb *wrb; 4943 4942 struct be_cmd_req_set_ll_link *req; 4943 + struct be_mcc_wrb *wrb; 4944 + u32 link_config = 0; 4944 4945 int status; 4945 4946 4946 4947 mutex_lock(&adapter->mcc_lock); ··· 4963 4962 4964 4963 if (link_state == IFLA_VF_LINK_STATE_ENABLE || 4965 4964 link_state == IFLA_VF_LINK_STATE_AUTO) 4966 - req->link_config |= PLINK_ENABLE; 4965 + link_config |= PLINK_ENABLE; 4967 4966 4968 4967 if (link_state == IFLA_VF_LINK_STATE_AUTO) 4969 - req->link_config |= PLINK_TRACK; 4968 + link_config |= PLINK_TRACK; 4969 + 4970 + req->link_config = cpu_to_le32(link_config); 4970 4971 4971 4972 status = be_mcc_notify_wait(adapter); 4972 4973 err:

+1 -3

drivers/net/ethernet/ezchip/nps_enet.c

··· 189 189 190 190 nps_enet_tx_handler(ndev); 191 191 work_done = nps_enet_rx_handler(ndev); 192 - if (work_done < budget) { 192 + if ((work_done < budget) && napi_complete_done(napi, work_done)) { 193 193 u32 buf_int_enable_value = 0; 194 - 195 - napi_complete_done(napi, work_done); 196 194 197 195 /* set tx_done and rx_rdy bits */ 198 196 buf_int_enable_value |= NPS_ENET_ENABLE << RX_RDY_SHIFT;

+2

drivers/net/ethernet/faraday/ftgmac100.c

··· 28 28 #include <linux/io.h> 29 29 #include <linux/module.h> 30 30 #include <linux/netdevice.h> 31 + #include <linux/of.h> 31 32 #include <linux/phy.h> 32 33 #include <linux/platform_device.h> 34 + #include <linux/property.h> 33 35 #include <net/ip.h> 34 36 #include <net/ncsi.h> 35 37

+7 -4

drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c

··· 82 82 else 83 83 *link_status = 0; 84 84 85 - ret = mac_cb->dsaf_dev->misc_op->get_sfp_prsnt(mac_cb, &sfp_prsnt); 86 - if (!ret) 87 - *link_status = *link_status && sfp_prsnt; 85 + if (mac_cb->media_type == HNAE_MEDIA_TYPE_FIBER) { 86 + ret = mac_cb->dsaf_dev->misc_op->get_sfp_prsnt(mac_cb, 87 + &sfp_prsnt); 88 + if (!ret) 89 + *link_status = *link_status && sfp_prsnt; 90 + } 88 91 89 92 mac_cb->link = *link_status; 90 93 } ··· 858 855 of_node_put(np); 859 856 860 857 np = of_parse_phandle(to_of_node(mac_cb->fw_port), 861 - "serdes-syscon", 0); 858 + "serdes-syscon", 0); 862 859 syscon = syscon_node_to_regmap(np); 863 860 of_node_put(np); 864 861 if (IS_ERR_OR_NULL(syscon)) {

+4 -2

drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c

··· 1519 1519 mac_key->high.bits.mac_3 = addr[3]; 1520 1520 mac_key->low.bits.mac_4 = addr[4]; 1521 1521 mac_key->low.bits.mac_5 = addr[5]; 1522 + mac_key->low.bits.port_vlan = 0; 1522 1523 dsaf_set_field(mac_key->low.bits.port_vlan, DSAF_TBL_TCAM_KEY_VLAN_M, 1523 1524 DSAF_TBL_TCAM_KEY_VLAN_S, vlan_id); 1524 1525 dsaf_set_field(mac_key->low.bits.port_vlan, DSAF_TBL_TCAM_KEY_PORT_M, ··· 2925 2924 /* find the tcam entry index for promisc */ 2926 2925 entry_index = dsaf_promisc_tcam_entry(port); 2927 2926 2927 + memset(&tbl_tcam_data, 0, sizeof(tbl_tcam_data)); 2928 + memset(&tbl_tcam_mask, 0, sizeof(tbl_tcam_mask)); 2929 + 2928 2930 /* config key mask */ 2929 2931 if (enable) { 2930 - memset(&tbl_tcam_data, 0, sizeof(tbl_tcam_data)); 2931 - memset(&tbl_tcam_mask, 0, sizeof(tbl_tcam_mask)); 2932 2932 dsaf_set_field(tbl_tcam_data.low.bits.port_vlan, 2933 2933 DSAF_TBL_TCAM_KEY_PORT_M, 2934 2934 DSAF_TBL_TCAM_KEY_PORT_S, port);

+27 -1

drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c

··· 461 461 return 0; 462 462 } 463 463 464 + int hns_mac_get_sfp_prsnt_acpi(struct hns_mac_cb *mac_cb, int *sfp_prsnt) 465 + { 466 + union acpi_object *obj; 467 + union acpi_object obj_args, argv4; 468 + 469 + obj_args.integer.type = ACPI_TYPE_INTEGER; 470 + obj_args.integer.value = mac_cb->mac_id; 471 + 472 + argv4.type = ACPI_TYPE_PACKAGE, 473 + argv4.package.count = 1, 474 + argv4.package.elements = &obj_args, 475 + 476 + obj = acpi_evaluate_dsm(ACPI_HANDLE(mac_cb->dev), 477 + hns_dsaf_acpi_dsm_uuid, 0, 478 + HNS_OP_GET_SFP_STAT_FUNC, &argv4); 479 + 480 + if (!obj || obj->type != ACPI_TYPE_INTEGER) 481 + return -ENODEV; 482 + 483 + *sfp_prsnt = obj->integer.value; 484 + 485 + ACPI_FREE(obj); 486 + 487 + return 0; 488 + } 489 + 464 490 /** 465 491 * hns_mac_config_sds_loopback - set loop back for serdes 466 492 * @mac_cb: mac control block ··· 618 592 misc_op->hns_dsaf_roce_srst = hns_dsaf_roce_srst_acpi; 619 593 620 594 misc_op->get_phy_if = hns_mac_get_phy_if_acpi; 621 - misc_op->get_sfp_prsnt = hns_mac_get_sfp_prsnt; 595 + misc_op->get_sfp_prsnt = hns_mac_get_sfp_prsnt_acpi; 622 596 623 597 misc_op->cfg_serdes_loopback = hns_mac_config_sds_loopback_acpi; 624 598 } else {

+1 -1

drivers/net/ethernet/intel/e1000e/netdev.c

··· 6274 6274 /* Quiesce the device without resetting the hardware */ 6275 6275 e1000e_down(adapter, false); 6276 6276 e1000_free_irq(adapter); 6277 - e1000e_reset_interrupt_capability(adapter); 6278 6277 } 6278 + e1000e_reset_interrupt_capability(adapter); 6279 6279 6280 6280 /* Allow time for pending master requests to run */ 6281 6281 e1000e_disable_pcie_master(&adapter->hw);

+12 -4

drivers/net/ethernet/intel/i40e/i40e_main.c

··· 4438 4438 if (!vsi->netdev) 4439 4439 return; 4440 4440 4441 - for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++) 4442 - napi_enable(&vsi->q_vectors[q_idx]->napi); 4441 + for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++) { 4442 + struct i40e_q_vector *q_vector = vsi->q_vectors[q_idx]; 4443 + 4444 + if (q_vector->rx.ring || q_vector->tx.ring) 4445 + napi_enable(&q_vector->napi); 4446 + } 4443 4447 } 4444 4448 4445 4449 /** ··· 4457 4453 if (!vsi->netdev) 4458 4454 return; 4459 4455 4460 - for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++) 4461 - napi_disable(&vsi->q_vectors[q_idx]->napi); 4456 + for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++) { 4457 + struct i40e_q_vector *q_vector = vsi->q_vectors[q_idx]; 4458 + 4459 + if (q_vector->rx.ring || q_vector->tx.ring) 4460 + napi_disable(&q_vector->napi); 4461 + } 4462 4462 } 4463 4463 4464 4464 /**

+3 -2

drivers/net/ethernet/mellanox/mlx5/core/lag.c

··· 294 294 struct netdev_notifier_changeupper_info *info) 295 295 { 296 296 struct net_device *upper = info->upper_dev, *ndev_tmp; 297 - struct netdev_lag_upper_info *lag_upper_info; 297 + struct netdev_lag_upper_info *lag_upper_info = NULL; 298 298 bool is_bonded; 299 299 int bond_status = 0; 300 300 int num_slaves = 0; ··· 303 303 if (!netif_is_lag_master(upper)) 304 304 return 0; 305 305 306 - lag_upper_info = info->upper_info; 306 + if (info->linking) 307 + lag_upper_info = info->upper_info; 307 308 308 309 /* The event may still be of interest if the slave does not belong to 309 310 * us, but is enslaved to a master which has one or more of our netdevs

+18 -2

drivers/net/ethernet/moxa/moxart_ether.c

··· 25 25 #include <linux/of_irq.h> 26 26 #include <linux/crc32.h> 27 27 #include <linux/crc32c.h> 28 + #include <linux/circ_buf.h> 28 29 29 30 #include "moxart_ether.h" 30 31 ··· 279 278 return rx; 280 279 } 281 280 281 + static int moxart_tx_queue_space(struct net_device *ndev) 282 + { 283 + struct moxart_mac_priv_t *priv = netdev_priv(ndev); 284 + 285 + return CIRC_SPACE(priv->tx_head, priv->tx_tail, TX_DESC_NUM); 286 + } 287 + 282 288 static void moxart_tx_finished(struct net_device *ndev) 283 289 { 284 290 struct moxart_mac_priv_t *priv = netdev_priv(ndev); ··· 305 297 tx_tail = TX_NEXT(tx_tail); 306 298 } 307 299 priv->tx_tail = tx_tail; 300 + if (netif_queue_stopped(ndev) && 301 + moxart_tx_queue_space(ndev) >= TX_WAKE_THRESHOLD) 302 + netif_wake_queue(ndev); 308 303 } 309 304 310 305 static irqreturn_t moxart_mac_interrupt(int irq, void *dev_id) ··· 335 324 struct moxart_mac_priv_t *priv = netdev_priv(ndev); 336 325 void *desc; 337 326 unsigned int len; 338 - unsigned int tx_head = priv->tx_head; 327 + unsigned int tx_head; 339 328 u32 txdes1; 340 329 int ret = NETDEV_TX_BUSY; 341 330 331 + spin_lock_irq(&priv->txlock); 332 + 333 + tx_head = priv->tx_head; 342 334 desc = priv->tx_desc_base + (TX_REG_DESC_SIZE * tx_head); 343 335 344 - spin_lock_irq(&priv->txlock); 336 + if (moxart_tx_queue_space(ndev) == 1) 337 + netif_stop_queue(ndev); 338 + 345 339 if (moxart_desc_read(desc + TX_REG_OFFSET_DESC0) & TX_DESC0_DMA_OWN) { 346 340 net_dbg_ratelimited("no TX space for packet\n"); 347 341 priv->stats.tx_dropped++;

+1

drivers/net/ethernet/moxa/moxart_ether.h

··· 59 59 #define TX_NEXT(N) (((N) + 1) & (TX_DESC_NUM_MASK)) 60 60 #define TX_BUF_SIZE 1600 61 61 #define TX_BUF_SIZE_MAX (TX_DESC1_BUF_SIZE_MASK+1) 62 + #define TX_WAKE_THRESHOLD 16 62 63 63 64 #define RX_DESC_NUM 64 64 65 #define RX_DESC_NUM_MASK (RX_DESC_NUM-1)

+2 -1

drivers/net/ethernet/netronome/nfp/nfp_net_common.c

··· 3275 3275 { 3276 3276 struct nfp_net *nn = netdev_priv(netdev); 3277 3277 3278 + unregister_netdev(nn->netdev); 3279 + 3278 3280 if (nn->xdp_prog) 3279 3281 bpf_prog_put(nn->xdp_prog); 3280 3282 if (nn->bpf_offload_xdp) 3281 3283 nfp_net_xdp_offload(nn, NULL); 3282 - unregister_netdev(nn->netdev); 3283 3284 }

+4 -7

drivers/net/ethernet/rocker/rocker_ofdpa.c

··· 2216 2216 { 2217 2217 bool want[OFDPA_CTRL_MAX] = { 0, }; 2218 2218 bool prev_ctrls[OFDPA_CTRL_MAX]; 2219 - u8 uninitialized_var(prev_state); 2219 + u8 prev_state; 2220 2220 int err; 2221 2221 int i; 2222 2222 2223 - if (switchdev_trans_ph_prepare(trans)) { 2224 - memcpy(prev_ctrls, ofdpa_port->ctrls, sizeof(prev_ctrls)); 2225 - prev_state = ofdpa_port->stp_state; 2226 - } 2227 - 2228 - if (ofdpa_port->stp_state == state) 2223 + prev_state = ofdpa_port->stp_state; 2224 + if (prev_state == state) 2229 2225 return 0; 2230 2226 2227 + memcpy(prev_ctrls, ofdpa_port->ctrls, sizeof(prev_ctrls)); 2231 2228 ofdpa_port->stp_state = state; 2232 2229 2233 2230 switch (state) {

+10 -6

drivers/net/ethernet/ti/cpsw.c

··· 1267 1267 static void cpsw_slave_open(struct cpsw_slave *slave, struct cpsw_priv *priv) 1268 1268 { 1269 1269 u32 slave_port; 1270 + struct phy_device *phy; 1270 1271 struct cpsw_common *cpsw = priv->cpsw; 1271 1272 1272 1273 soft_reset_slave(slave); ··· 1301 1300 1 << slave_port, 0, 0, ALE_MCAST_FWD_2); 1302 1301 1303 1302 if (slave->data->phy_node) { 1304 - slave->phy = of_phy_connect(priv->ndev, slave->data->phy_node, 1303 + phy = of_phy_connect(priv->ndev, slave->data->phy_node, 1305 1304 &cpsw_adjust_link, 0, slave->data->phy_if); 1306 - if (!slave->phy) { 1305 + if (!phy) { 1307 1306 dev_err(priv->dev, "phy \"%s\" not found on slave %d\n", 1308 1307 slave->data->phy_node->full_name, 1309 1308 slave->slave_num); 1310 1309 return; 1311 1310 } 1312 1311 } else { 1313 - slave->phy = phy_connect(priv->ndev, slave->data->phy_id, 1312 + phy = phy_connect(priv->ndev, slave->data->phy_id, 1314 1313 &cpsw_adjust_link, slave->data->phy_if); 1315 - if (IS_ERR(slave->phy)) { 1314 + if (IS_ERR(phy)) { 1316 1315 dev_err(priv->dev, 1317 1316 "phy \"%s\" not found on slave %d, err %ld\n", 1318 1317 slave->data->phy_id, slave->slave_num, 1319 - PTR_ERR(slave->phy)); 1320 - slave->phy = NULL; 1318 + PTR_ERR(phy)); 1321 1319 return; 1322 1320 } 1323 1321 } 1322 + 1323 + slave->phy = phy; 1324 1324 1325 1325 phy_attached_info(slave->phy); 1326 1326 ··· 1819 1817 } 1820 1818 1821 1819 cpsw_intr_enable(cpsw); 1820 + netif_trans_update(ndev); 1821 + netif_tx_wake_all_queues(ndev); 1822 1822 } 1823 1823 1824 1824 static int cpsw_ndo_set_mac_address(struct net_device *ndev, void *p)

+4 -4

drivers/net/irda/vlsi_ir.c

··· 418 418 memset(rd, 0, sizeof(*rd)); 419 419 rd->hw = hwmap + i; 420 420 rd->buf = kmalloc(len, GFP_KERNEL|GFP_DMA); 421 - if (rd->buf == NULL || 422 - !(busaddr = pci_map_single(pdev, rd->buf, len, dir))) { 421 + if (rd->buf) 422 + busaddr = pci_map_single(pdev, rd->buf, len, dir); 423 + if (rd->buf == NULL || pci_dma_mapping_error(pdev, busaddr)) { 423 424 if (rd->buf) { 424 425 net_err_ratelimited("%s: failed to create PCI-MAP for %p\n", 425 426 __func__, rd->buf); ··· 431 430 rd = r->rd + j; 432 431 busaddr = rd_get_addr(rd); 433 432 rd_set_addr_status(rd, 0, 0); 434 - if (busaddr) 435 - pci_unmap_single(pdev, busaddr, len, dir); 433 + pci_unmap_single(pdev, busaddr, len, dir); 436 434 kfree(rd->buf); 437 435 rd->buf = NULL; 438 436 }

+1

drivers/net/phy/mdio-boardinfo.c

··· 84 84 85 85 return 0; 86 86 } 87 + EXPORT_SYMBOL(mdiobus_register_board_info);

+1 -1

drivers/net/phy/phy.c

··· 681 681 cancel_delayed_work_sync(&phydev->state_queue); 682 682 683 683 mutex_lock(&phydev->lock); 684 - if (phydev->state > PHY_UP) 684 + if (phydev->state > PHY_UP && phydev->state != PHY_HALTED) 685 685 phydev->state = PHY_UP; 686 686 mutex_unlock(&phydev->lock); 687 687 }

+15

drivers/net/usb/cdc_ether.c

··· 532 532 #define LENOVO_VENDOR_ID 0x17ef 533 533 #define NVIDIA_VENDOR_ID 0x0955 534 534 #define HP_VENDOR_ID 0x03f0 535 + #define MICROSOFT_VENDOR_ID 0x045e 535 536 536 537 static const struct usb_device_id products[] = { 537 538 /* BLACKLIST !! ··· 758 757 /* NVIDIA Tegra USB 3.0 Ethernet Adapters (based on Realtek RTL8153) */ 759 758 { 760 759 USB_DEVICE_AND_INTERFACE_INFO(NVIDIA_VENDOR_ID, 0x09ff, USB_CLASS_COMM, 760 + USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE), 761 + .driver_info = 0, 762 + }, 763 + 764 + /* Microsoft Surface 2 dock (based on Realtek RTL8152) */ 765 + { 766 + USB_DEVICE_AND_INTERFACE_INFO(MICROSOFT_VENDOR_ID, 0x07ab, USB_CLASS_COMM, 767 + USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE), 768 + .driver_info = 0, 769 + }, 770 + 771 + /* Microsoft Surface 3 dock (based on Realtek RTL8153) */ 772 + { 773 + USB_DEVICE_AND_INTERFACE_INFO(MICROSOFT_VENDOR_ID, 0x07c6, USB_CLASS_COMM, 761 774 USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE), 762 775 .driver_info = 0, 763 776 },

+19 -2

drivers/net/usb/r8152.c

··· 517 517 518 518 /* Define these values to match your device */ 519 519 #define VENDOR_ID_REALTEK 0x0bda 520 + #define VENDOR_ID_MICROSOFT 0x045e 520 521 #define VENDOR_ID_SAMSUNG 0x04e8 521 522 #define VENDOR_ID_LENOVO 0x17ef 522 523 #define VENDOR_ID_NVIDIA 0x0955 ··· 1295 1294 } 1296 1295 } else { 1297 1296 if (netif_carrier_ok(tp->netdev)) { 1297 + netif_stop_queue(tp->netdev); 1298 1298 set_bit(RTL8152_LINK_CHG, &tp->flags); 1299 1299 schedule_delayed_work(&tp->schedule, 0); 1300 1300 } ··· 3171 3169 napi_enable(&tp->napi); 3172 3170 netif_wake_queue(netdev); 3173 3171 netif_info(tp, link, netdev, "carrier on\n"); 3172 + } else if (netif_queue_stopped(netdev) && 3173 + skb_queue_len(&tp->tx_queue) < tp->tx_qlen) { 3174 + netif_wake_queue(netdev); 3174 3175 } 3175 3176 } else { 3176 3177 if (netif_carrier_ok(netdev)) { ··· 3707 3702 tp->rtl_ops.autosuspend_en(tp, false); 3708 3703 napi_disable(&tp->napi); 3709 3704 set_bit(WORK_ENABLE, &tp->flags); 3710 - if (netif_carrier_ok(tp->netdev)) 3711 - rtl_start_rx(tp); 3705 + 3706 + if (netif_carrier_ok(tp->netdev)) { 3707 + if (rtl8152_get_speed(tp) & LINK_STATUS) { 3708 + rtl_start_rx(tp); 3709 + } else { 3710 + netif_carrier_off(tp->netdev); 3711 + tp->rtl_ops.disable(tp); 3712 + netif_info(tp, link, tp->netdev, 3713 + "linking down\n"); 3714 + } 3715 + } 3716 + 3712 3717 napi_enable(&tp->napi); 3713 3718 clear_bit(SELECTIVE_SUSPEND, &tp->flags); 3714 3719 smp_mb__after_atomic(); ··· 4522 4507 static struct usb_device_id rtl8152_table[] = { 4523 4508 {REALTEK_USB_DEVICE(VENDOR_ID_REALTEK, 0x8152)}, 4524 4509 {REALTEK_USB_DEVICE(VENDOR_ID_REALTEK, 0x8153)}, 4510 + {REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x07ab)}, 4511 + {REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x07c6)}, 4525 4512 {REALTEK_USB_DEVICE(VENDOR_ID_SAMSUNG, 0xa101)}, 4526 4513 {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x304f)}, 4527 4514 {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x3062)},

+5 -3

drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c

··· 2238 2238 struct brcmf_cfg80211_info *cfg = wiphy_priv(wiphy); 2239 2239 struct brcmf_p2p_info *p2p = &cfg->p2p; 2240 2240 struct brcmf_cfg80211_vif *vif; 2241 + enum nl80211_iftype iftype; 2241 2242 bool wait_for_disable = false; 2242 2243 int err; 2243 2244 2244 2245 brcmf_dbg(TRACE, "delete P2P vif\n"); 2245 2246 vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev); 2246 2247 2248 + iftype = vif->wdev.iftype; 2247 2249 brcmf_cfg80211_arm_vif_event(cfg, vif); 2248 - switch (vif->wdev.iftype) { 2250 + switch (iftype) { 2249 2251 case NL80211_IFTYPE_P2P_CLIENT: 2250 2252 if (test_bit(BRCMF_VIF_STATUS_DISCONNECTING, &vif->sme_state)) 2251 2253 wait_for_disable = true; ··· 2277 2275 BRCMF_P2P_DISABLE_TIMEOUT); 2278 2276 2279 2277 err = 0; 2280 - if (vif->wdev.iftype != NL80211_IFTYPE_P2P_DEVICE) { 2278 + if (iftype != NL80211_IFTYPE_P2P_DEVICE) { 2281 2279 brcmf_vif_clear_mgmt_ies(vif); 2282 2280 err = brcmf_p2p_release_p2p_if(vif); 2283 2281 } ··· 2293 2291 brcmf_remove_interface(vif->ifp, true); 2294 2292 2295 2293 brcmf_cfg80211_arm_vif_event(cfg, NULL); 2296 - if (vif->wdev.iftype != NL80211_IFTYPE_P2P_DEVICE) 2294 + if (iftype != NL80211_IFTYPE_P2P_DEVICE) 2297 2295 p2p->bss_idx[P2PAPI_BSSCFG_CONNECTION].vif = NULL; 2298 2296 2299 2297 return err;

+2

drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c

··· 1056 1056 1057 1057 if (ret) 1058 1058 return ret; 1059 + if (count == 0) 1060 + return 0; 1059 1061 1060 1062 iwl_mvm_fw_dbg_collect(mvm, FW_DBG_TRIGGER_USER, buf, 1061 1063 (count - 1), NULL);

+2 -1

drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c

··· 216 216 qmask |= BIT(vif->hw_queue[ac]); 217 217 } 218 218 219 - if (vif->type == NL80211_IFTYPE_AP) 219 + if (vif->type == NL80211_IFTYPE_AP || 220 + vif->type == NL80211_IFTYPE_ADHOC) 220 221 qmask |= BIT(vif->cab_queue); 221 222 222 223 return qmask;

+1 -1

drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c

··· 2401 2401 return; 2402 2402 2403 2403 rcu_read_lock(); 2404 - sta = mvm->fw_id_to_mac_id[notif->sta_id]; 2404 + sta = rcu_dereference(mvm->fw_id_to_mac_id[notif->sta_id]); 2405 2405 if (WARN_ON(IS_ERR_OR_NULL(sta))) { 2406 2406 rcu_read_unlock(); 2407 2407 return;

+6 -3

drivers/net/wireless/intel/iwlwifi/mvm/sta.c

··· 1806 1806 iwl_mvm_get_wd_timeout(mvm, vif, false, false); 1807 1807 int queue; 1808 1808 1809 - if (vif->type == NL80211_IFTYPE_AP) 1809 + if (vif->type == NL80211_IFTYPE_AP || 1810 + vif->type == NL80211_IFTYPE_ADHOC) 1810 1811 queue = IWL_MVM_DQA_AP_PROBE_RESP_QUEUE; 1811 1812 else if (vif->type == NL80211_IFTYPE_P2P_DEVICE) 1812 1813 queue = IWL_MVM_DQA_P2P_DEVICE_QUEUE; ··· 1838 1837 * enabled-cab_queue to the mask) 1839 1838 */ 1840 1839 if (iwl_mvm_is_dqa_supported(mvm) && 1841 - vif->type == NL80211_IFTYPE_AP) { 1840 + (vif->type == NL80211_IFTYPE_AP || 1841 + vif->type == NL80211_IFTYPE_ADHOC)) { 1842 1842 struct iwl_trans_txq_scd_cfg cfg = { 1843 1843 .fifo = IWL_MVM_TX_FIFO_MCAST, 1844 1844 .sta_id = mvmvif->bcast_sta.sta_id, ··· 1864 1862 1865 1863 lockdep_assert_held(&mvm->mutex); 1866 1864 1867 - if (vif->type == NL80211_IFTYPE_AP) 1865 + if (vif->type == NL80211_IFTYPE_AP || 1866 + vif->type == NL80211_IFTYPE_ADHOC) 1868 1867 iwl_mvm_disable_txq(mvm, vif->cab_queue, vif->cab_queue, 1869 1868 IWL_MAX_TID_COUNT, 0); 1870 1869

+5 -2

drivers/net/wireless/intel/iwlwifi/mvm/tx.c

··· 506 506 507 507 switch (info->control.vif->type) { 508 508 case NL80211_IFTYPE_AP: 509 + case NL80211_IFTYPE_ADHOC: 509 510 /* 510 511 * Handle legacy hostapd as well, where station may be added 511 512 * only after assoc. Take care of the case where we send a ··· 518 517 if (info->hw_queue == info->control.vif->cab_queue) 519 518 return info->hw_queue; 520 519 521 - WARN_ONCE(1, "fc=0x%02x", le16_to_cpu(fc)); 520 + WARN_ONCE(info->control.vif->type != NL80211_IFTYPE_ADHOC, 521 + "fc=0x%02x", le16_to_cpu(fc)); 522 522 return IWL_MVM_DQA_AP_PROBE_RESP_QUEUE; 523 523 case NL80211_IFTYPE_P2P_DEVICE: 524 524 if (ieee80211_is_mgmt(fc)) ··· 586 584 iwl_mvm_vif_from_mac80211(info.control.vif); 587 585 588 586 if (info.control.vif->type == NL80211_IFTYPE_P2P_DEVICE || 589 - info.control.vif->type == NL80211_IFTYPE_AP) { 587 + info.control.vif->type == NL80211_IFTYPE_AP || 588 + info.control.vif->type == NL80211_IFTYPE_ADHOC) { 590 589 sta_id = mvmvif->bcast_sta.sta_id; 591 590 queue = iwl_mvm_get_ctrl_vif_queue(mvm, &info, 592 591 hdr->frame_control);

+4 -2

drivers/net/wireless/realtek/rtlwifi/base.c

··· 1742 1742 unsigned long flags; 1743 1743 struct rtl_c2hcmd *c2hcmd; 1744 1744 1745 - c2hcmd = kmalloc(sizeof(*c2hcmd), GFP_KERNEL); 1745 + c2hcmd = kmalloc(sizeof(*c2hcmd), 1746 + in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); 1746 1747 1747 1748 if (!c2hcmd) 1748 1749 goto label_err; 1749 1750 1750 - c2hcmd->val = kmalloc(len, GFP_KERNEL); 1751 + c2hcmd->val = kmalloc(len, 1752 + in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); 1751 1753 1752 1754 if (!c2hcmd->val) 1753 1755 goto label_err2;

+1 -1

drivers/nvme/host/core.c

··· 270 270 memset(cmnd, 0, sizeof(*cmnd)); 271 271 cmnd->dsm.opcode = nvme_cmd_dsm; 272 272 cmnd->dsm.nsid = cpu_to_le32(ns->ns_id); 273 - cmnd->dsm.nr = segments - 1; 273 + cmnd->dsm.nr = cpu_to_le32(segments - 1); 274 274 cmnd->dsm.attributes = cpu_to_le32(NVME_DSMGMT_AD); 275 275 276 276 req->special_vec.bv_page = virt_to_page(range);

+1 -1

drivers/nvme/target/admin-cmd.c

··· 100 100 u16 status; 101 101 102 102 WARN_ON(req == NULL || slog == NULL); 103 - if (req->cmd->get_log_page.nsid == 0xFFFFFFFF) 103 + if (req->cmd->get_log_page.nsid == cpu_to_le32(0xFFFFFFFF)) 104 104 status = nvmet_get_smart_log_all(req, slog); 105 105 else 106 106 status = nvmet_get_smart_log_nsid(req, slog);

+2 -2

drivers/nvme/target/io-cmd.c

··· 180 180 181 181 sector = le64_to_cpu(write_zeroes->slba) << 182 182 (req->ns->blksize_shift - 9); 183 - nr_sector = (((sector_t)le32_to_cpu(write_zeroes->length)) << 183 + nr_sector = (((sector_t)le16_to_cpu(write_zeroes->length)) << 184 184 (req->ns->blksize_shift - 9)) + 1; 185 185 186 186 if (__blkdev_issue_zeroout(req->ns->bdev, sector, nr_sector, ··· 230 230 return 0; 231 231 case nvme_cmd_dsm: 232 232 req->execute = nvmet_execute_dsm; 233 - req->data_len = le32_to_cpu(cmd->dsm.nr + 1) * 233 + req->data_len = (le32_to_cpu(cmd->dsm.nr) + 1) * 234 234 sizeof(struct nvme_dsm_range); 235 235 return 0; 236 236 case nvme_cmd_write_zeroes:

+1

drivers/pci/dwc/Kconfig

··· 89 89 depends on PCI_MSI_IRQ_DOMAIN 90 90 select PCIEPORTBUS 91 91 select PCIE_DW_HOST 92 + select PCI_HOST_COMMON 92 93 help 93 94 Say Y here if you want PCIe controller support on HiSilicon 94 95 Hip05 and Hip06 SoCs

+4

drivers/pci/dwc/pcie-artpec6.c

··· 234 234 return 0; 235 235 } 236 236 237 + static const struct dw_pcie_ops dw_pcie_ops = { 238 + }; 239 + 237 240 static int artpec6_pcie_probe(struct platform_device *pdev) 238 241 { 239 242 struct device *dev = &pdev->dev; ··· 255 252 return -ENOMEM; 256 253 257 254 pci->dev = dev; 255 + pci->ops = &dw_pcie_ops; 258 256 259 257 artpec6_pcie->pci = pci; 260 258

+4

drivers/pci/dwc/pcie-designware-plat.c

··· 86 86 return 0; 87 87 } 88 88 89 + static const struct dw_pcie_ops dw_pcie_ops = { 90 + }; 91 + 89 92 static int dw_plat_pcie_probe(struct platform_device *pdev) 90 93 { 91 94 struct device *dev = &pdev->dev; ··· 106 103 return -ENOMEM; 107 104 108 105 pci->dev = dev; 106 + pci->ops = &dw_pcie_ops; 109 107 110 108 dw_plat_pcie->pci = pci; 111 109

+61 -3

drivers/pci/host/pci-thunder-pem.c

··· 14 14 * Copyright (C) 2015 - 2016 Cavium, Inc. 15 15 */ 16 16 17 + #include <linux/bitfield.h> 17 18 #include <linux/kernel.h> 18 19 #include <linux/init.h> 19 20 #include <linux/of_address.h> ··· 335 334 336 335 #if defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS) 337 336 337 + #define PEM_RES_BASE 0x87e0c0000000UL 338 + #define PEM_NODE_MASK GENMASK(45, 44) 339 + #define PEM_INDX_MASK GENMASK(26, 24) 340 + #define PEM_MIN_DOM_IN_NODE 4 341 + #define PEM_MAX_DOM_IN_NODE 10 342 + 343 + static void thunder_pem_reserve_range(struct device *dev, int seg, 344 + struct resource *r) 345 + { 346 + resource_size_t start = r->start, end = r->end; 347 + struct resource *res; 348 + const char *regionid; 349 + 350 + regionid = kasprintf(GFP_KERNEL, "PEM RC:%d", seg); 351 + if (!regionid) 352 + return; 353 + 354 + res = request_mem_region(start, end - start + 1, regionid); 355 + if (res) 356 + res->flags &= ~IORESOURCE_BUSY; 357 + else 358 + kfree(regionid); 359 + 360 + dev_info(dev, "%pR %s reserved\n", r, 361 + res ? "has been" : "could not be"); 362 + } 363 + 364 + static void thunder_pem_legacy_fw(struct acpi_pci_root *root, 365 + struct resource *res_pem) 366 + { 367 + int node = acpi_get_node(root->device->handle); 368 + int index; 369 + 370 + if (node == NUMA_NO_NODE) 371 + node = 0; 372 + 373 + index = root->segment - PEM_MIN_DOM_IN_NODE; 374 + index -= node * PEM_MAX_DOM_IN_NODE; 375 + res_pem->start = PEM_RES_BASE | FIELD_PREP(PEM_NODE_MASK, node) | 376 + FIELD_PREP(PEM_INDX_MASK, index); 377 + res_pem->flags = IORESOURCE_MEM; 378 + } 379 + 338 380 static int thunder_pem_acpi_init(struct pci_config_window *cfg) 339 381 { 340 382 struct device *dev = cfg->parent; ··· 390 346 if (!res_pem) 391 347 return -ENOMEM; 392 348 393 - ret = acpi_get_rc_resources(dev, "THRX0002", root->segment, res_pem); 349 + ret = acpi_get_rc_resources(dev, "CAVA02B", root->segment, res_pem); 350 + 351 + /* 352 + * If we fail to gather resources it means that we run with old 353 + * FW where we need to calculate PEM-specific resources manually. 354 + */ 394 355 if (ret) { 395 - dev_err(dev, "can't get rc base address\n"); 396 - return ret; 356 + thunder_pem_legacy_fw(root, res_pem); 357 + /* 358 + * Reserve 64K size PEM specific resources. The full 16M range 359 + * size is required for thunder_pem_init() call. 360 + */ 361 + res_pem->end = res_pem->start + SZ_64K - 1; 362 + thunder_pem_reserve_range(dev, root->segment, res_pem); 363 + res_pem->end = res_pem->start + SZ_16M - 1; 364 + 365 + /* Reserve PCI configuration space as well. */ 366 + thunder_pem_reserve_range(dev, root->segment, &cfg->res); 397 367 } 398 368 399 369 return thunder_pem_init(dev, cfg, res_pem);

+12 -12

drivers/pci/host/pcie-iproc-bcma.c

··· 44 44 { 45 45 struct device *dev = &bdev->dev; 46 46 struct iproc_pcie *pcie; 47 - LIST_HEAD(res); 48 - struct resource res_mem; 47 + LIST_HEAD(resources); 49 48 int ret; 50 49 51 50 pcie = devm_kzalloc(dev, sizeof(*pcie), GFP_KERNEL); ··· 62 63 63 64 pcie->base_addr = bdev->addr; 64 65 65 - res_mem.start = bdev->addr_s[0]; 66 - res_mem.end = bdev->addr_s[0] + SZ_128M - 1; 67 - res_mem.name = "PCIe MEM space"; 68 - res_mem.flags = IORESOURCE_MEM; 69 - pci_add_resource(&res, &res_mem); 66 + pcie->mem.start = bdev->addr_s[0]; 67 + pcie->mem.end = bdev->addr_s[0] + SZ_128M - 1; 68 + pcie->mem.name = "PCIe MEM space"; 69 + pcie->mem.flags = IORESOURCE_MEM; 70 + pci_add_resource(&resources, &pcie->mem); 70 71 71 72 pcie->map_irq = iproc_pcie_bcma_map_irq; 72 73 73 - ret = iproc_pcie_setup(pcie, &res); 74 - if (ret) 74 + ret = iproc_pcie_setup(pcie, &resources); 75 + if (ret) { 75 76 dev_err(dev, "PCIe controller setup failed\n"); 76 - 77 - pci_free_resource_list(&res); 77 + pci_free_resource_list(&resources); 78 + return ret; 79 + } 78 80 79 81 bcma_set_drvdata(bdev, pcie); 80 - return ret; 82 + return 0; 81 83 } 82 84 83 85 static void iproc_pcie_bcma_remove(struct bcma_device *bdev)

+10 -9

drivers/pci/host/pcie-iproc-platform.c

··· 51 51 struct device_node *np = dev->of_node; 52 52 struct resource reg; 53 53 resource_size_t iobase = 0; 54 - LIST_HEAD(res); 54 + LIST_HEAD(resources); 55 55 int ret; 56 56 57 57 pcie = devm_kzalloc(dev, sizeof(*pcie), GFP_KERNEL); ··· 96 96 pcie->phy = NULL; 97 97 } 98 98 99 - ret = of_pci_get_host_bridge_resources(np, 0, 0xff, &res, &iobase); 99 + ret = of_pci_get_host_bridge_resources(np, 0, 0xff, &resources, 100 + &iobase); 100 101 if (ret) { 101 - dev_err(dev, 102 - "unable to get PCI host bridge resources\n"); 102 + dev_err(dev, "unable to get PCI host bridge resources\n"); 103 103 return ret; 104 104 } 105 105 ··· 112 112 pcie->map_irq = of_irq_parse_and_map_pci; 113 113 } 114 114 115 - ret = iproc_pcie_setup(pcie, &res); 116 - if (ret) 115 + ret = iproc_pcie_setup(pcie, &resources); 116 + if (ret) { 117 117 dev_err(dev, "PCIe controller setup failed\n"); 118 - 119 - pci_free_resource_list(&res); 118 + pci_free_resource_list(&resources); 119 + return ret; 120 + } 120 121 121 122 platform_set_drvdata(pdev, pcie); 122 - return ret; 123 + return 0; 123 124 } 124 125 125 126 static int iproc_pcie_pltfm_remove(struct platform_device *pdev)

+1

drivers/pci/host/pcie-iproc.h

··· 90 90 #ifdef CONFIG_ARM 91 91 struct pci_sys_data sysdata; 92 92 #endif 93 + struct resource mem; 93 94 struct pci_bus *root_bus; 94 95 struct phy *phy; 95 96 int (*map_irq)(const struct pci_dev *, u8, u8);

+61 -36

drivers/pinctrl/core.c

··· 2010 2010 return ERR_PTR(ret); 2011 2011 } 2012 2012 2013 - static int pinctrl_create_and_start(struct pinctrl_dev *pctldev) 2013 + static int pinctrl_claim_hogs(struct pinctrl_dev *pctldev) 2014 2014 { 2015 2015 pctldev->p = create_pinctrl(pctldev->dev, pctldev); 2016 - if (!IS_ERR(pctldev->p)) { 2017 - kref_get(&pctldev->p->users); 2018 - pctldev->hog_default = 2019 - pinctrl_lookup_state(pctldev->p, PINCTRL_STATE_DEFAULT); 2020 - if (IS_ERR(pctldev->hog_default)) { 2021 - dev_dbg(pctldev->dev, 2022 - "failed to lookup the default state\n"); 2023 - } else { 2024 - if (pinctrl_select_state(pctldev->p, 2025 - pctldev->hog_default)) 2026 - dev_err(pctldev->dev, 2027 - "failed to select default state\n"); 2028 - } 2016 + if (PTR_ERR(pctldev->p) == -ENODEV) { 2017 + dev_dbg(pctldev->dev, "no hogs found\n"); 2029 2018 2030 - pctldev->hog_sleep = 2031 - pinctrl_lookup_state(pctldev->p, 2032 - PINCTRL_STATE_SLEEP); 2033 - if (IS_ERR(pctldev->hog_sleep)) 2034 - dev_dbg(pctldev->dev, 2035 - "failed to lookup the sleep state\n"); 2019 + return 0; 2020 + } 2021 + 2022 + if (IS_ERR(pctldev->p)) { 2023 + dev_err(pctldev->dev, "error claiming hogs: %li\n", 2024 + PTR_ERR(pctldev->p)); 2025 + 2026 + return PTR_ERR(pctldev->p); 2027 + } 2028 + 2029 + kref_get(&pctldev->p->users); 2030 + pctldev->hog_default = 2031 + pinctrl_lookup_state(pctldev->p, PINCTRL_STATE_DEFAULT); 2032 + if (IS_ERR(pctldev->hog_default)) { 2033 + dev_dbg(pctldev->dev, 2034 + "failed to lookup the default state\n"); 2035 + } else { 2036 + if (pinctrl_select_state(pctldev->p, 2037 + pctldev->hog_default)) 2038 + dev_err(pctldev->dev, 2039 + "failed to select default state\n"); 2040 + } 2041 + 2042 + pctldev->hog_sleep = 2043 + pinctrl_lookup_state(pctldev->p, 2044 + PINCTRL_STATE_SLEEP); 2045 + if (IS_ERR(pctldev->hog_sleep)) 2046 + dev_dbg(pctldev->dev, 2047 + "failed to lookup the sleep state\n"); 2048 + 2049 + return 0; 2050 + } 2051 + 2052 + int pinctrl_enable(struct pinctrl_dev *pctldev) 2053 + { 2054 + int error; 2055 + 2056 + error = pinctrl_claim_hogs(pctldev); 2057 + if (error) { 2058 + dev_err(pctldev->dev, "could not claim hogs: %i\n", 2059 + error); 2060 + mutex_destroy(&pctldev->mutex); 2061 + kfree(pctldev); 2062 + 2063 + return error; 2036 2064 } 2037 2065 2038 2066 mutex_lock(&pinctrldev_list_mutex); ··· 2071 2043 2072 2044 return 0; 2073 2045 } 2046 + EXPORT_SYMBOL_GPL(pinctrl_enable); 2074 2047 2075 2048 /** 2076 2049 * pinctrl_register() - register a pin controller device ··· 2094 2065 if (IS_ERR(pctldev)) 2095 2066 return pctldev; 2096 2067 2097 - error = pinctrl_create_and_start(pctldev); 2098 - if (error) { 2099 - mutex_destroy(&pctldev->mutex); 2100 - kfree(pctldev); 2101 - 2068 + error = pinctrl_enable(pctldev); 2069 + if (error) 2102 2070 return ERR_PTR(error); 2103 - } 2104 2071 2105 2072 return pctldev; 2106 2073 2107 2074 } 2108 2075 EXPORT_SYMBOL_GPL(pinctrl_register); 2109 2076 2077 + /** 2078 + * pinctrl_register_and_init() - register and init pin controller device 2079 + * @pctldesc: descriptor for this pin controller 2080 + * @dev: parent device for this pin controller 2081 + * @driver_data: private pin controller data for this pin controller 2082 + * @pctldev: pin controller device 2083 + * 2084 + * Note that pinctrl_enable() still needs to be manually called after 2085 + * this once the driver is ready. 2086 + */ 2110 2087 int pinctrl_register_and_init(struct pinctrl_desc *pctldesc, 2111 2088 struct device *dev, void *driver_data, 2112 2089 struct pinctrl_dev **pctldev) 2113 2090 { 2114 2091 struct pinctrl_dev *p; 2115 - int error; 2116 2092 2117 2093 p = pinctrl_init_controller(pctldesc, dev, driver_data); 2118 2094 if (IS_ERR(p)) ··· 2130 2096 * pin controller driver before we do anything. 2131 2097 */ 2132 2098 *pctldev = p; 2133 - 2134 - error = pinctrl_create_and_start(p); 2135 - if (error) { 2136 - mutex_destroy(&p->mutex); 2137 - kfree(p); 2138 - *pctldev = NULL; 2139 - 2140 - return error; 2141 - } 2142 2099 2143 2100 return 0; 2144 2101 }

+1 -1

drivers/pinctrl/freescale/pinctrl-imx.c

··· 790 790 791 791 dev_info(&pdev->dev, "initialized IMX pinctrl driver\n"); 792 792 793 - return 0; 793 + return pinctrl_enable(ipctl->pctl); 794 794 795 795 free: 796 796 imx_free_resources(ipctl);

+1 -1

drivers/pinctrl/pinctrl-single.c

··· 1781 1781 dev_info(pcs->dev, "%i pins at pa %p size %u\n", 1782 1782 pcs->desc.npins, pcs->base, pcs->size); 1783 1783 1784 - return 0; 1784 + return pinctrl_enable(pcs->pctl); 1785 1785 1786 1786 free: 1787 1787 pcs_free_resources(pcs);

+9 -2

drivers/pinctrl/sh-pfc/pinctrl.c

··· 816 816 pmx->pctl_desc.pins = pmx->pins; 817 817 pmx->pctl_desc.npins = pfc->info->nr_pins; 818 818 819 - return devm_pinctrl_register_and_init(pfc->dev, &pmx->pctl_desc, pmx, 820 - &pmx->pctl); 819 + ret = devm_pinctrl_register_and_init(pfc->dev, &pmx->pctl_desc, pmx, 820 + &pmx->pctl); 821 + if (ret) { 822 + dev_err(pfc->dev, "could not register: %i\n", ret); 823 + 824 + return ret; 825 + } 826 + 827 + return pinctrl_enable(pmx->pctl); 821 828 }

+2

drivers/pinctrl/ti/pinctrl-ti-iodelay.c

··· 893 893 894 894 platform_set_drvdata(pdev, iod); 895 895 896 + return pinctrl_enable(iod->pctl); 897 + 896 898 exit_out: 897 899 of_node_put(np); 898 900 return ret;

+2 -2

drivers/rapidio/devices/tsi721.c

··· 37 37 #include "tsi721.h" 38 38 39 39 #ifdef DEBUG 40 - u32 dbg_level; 41 - module_param(dbg_level, uint, S_IWUSR | S_IRUGO); 40 + u32 tsi_dbg_level; 41 + module_param_named(dbg_level, tsi_dbg_level, uint, S_IWUSR | S_IRUGO); 42 42 MODULE_PARM_DESC(dbg_level, "Debugging output level (default 0 = none)"); 43 43 #endif 44 44

+2 -2

drivers/rapidio/devices/tsi721.h

··· 40 40 }; 41 41 42 42 #ifdef DEBUG 43 - extern u32 dbg_level; 43 + extern u32 tsi_dbg_level; 44 44 45 45 #define tsi_debug(level, dev, fmt, arg...) \ 46 46 do { \ 47 - if (DBG_##level & dbg_level) \ 47 + if (DBG_##level & tsi_dbg_level) \ 48 48 dev_dbg(dev, "%s: " fmt "\n", __func__, ##arg); \ 49 49 } while (0) 50 50 #else

+34 -19

drivers/s390/crypto/pkey_api.c

··· 572 572 rc = -EIO; 573 573 goto out; 574 574 } 575 + if (prepcblk->ccp_rscode != 0) { 576 + DEBUG_WARN( 577 + "pkey_sec2protkey unwrap secure key warning, card response %d/%d\n", 578 + (int) prepcblk->ccp_rtcode, 579 + (int) prepcblk->ccp_rscode); 580 + } 575 581 576 582 /* process response cprb param block */ 577 583 prepcblk->rpl_parmb = ((u8 *) prepcblk) + sizeof(struct CPRBX); ··· 767 761 } 768 762 769 763 /* 770 - * Fetch just the mkvp value via query_crypto_facility from adapter. 764 + * Fetch the current and old mkvp values via 765 + * query_crypto_facility from adapter. 771 766 */ 772 - static int fetch_mkvp(u16 cardnr, u16 domain, u64 *mkvp) 767 + static int fetch_mkvp(u16 cardnr, u16 domain, u64 mkvp[2]) 773 768 { 774 769 int rc, found = 0; 775 770 size_t rlen, vlen; ··· 786 779 rc = query_crypto_facility(cardnr, domain, "STATICSA", 787 780 rarray, &rlen, varray, &vlen); 788 781 if (rc == 0 && rlen > 8*8 && vlen > 184+8) { 789 - if (rarray[64] == '2') { 782 + if (rarray[8*8] == '2') { 790 783 /* current master key state is valid */ 791 - *mkvp = *((u64 *)(varray + 184)); 784 + mkvp[0] = *((u64 *)(varray + 184)); 785 + mkvp[1] = *((u64 *)(varray + 172)); 792 786 found = 1; 793 787 } 794 788 } ··· 804 796 struct list_head list; 805 797 u16 cardnr; 806 798 u16 domain; 807 - u64 mkvp; 799 + u64 mkvp[2]; 808 800 }; 809 801 810 802 /* a list with mkvp_info entries */ 811 803 static LIST_HEAD(mkvp_list); 812 804 static DEFINE_SPINLOCK(mkvp_list_lock); 813 805 814 - static int mkvp_cache_fetch(u16 cardnr, u16 domain, u64 *mkvp) 806 + static int mkvp_cache_fetch(u16 cardnr, u16 domain, u64 mkvp[2]) 815 807 { 816 808 int rc = -ENOENT; 817 809 struct mkvp_info *ptr; ··· 820 812 list_for_each_entry(ptr, &mkvp_list, list) { 821 813 if (ptr->cardnr == cardnr && 822 814 ptr->domain == domain) { 823 - *mkvp = ptr->mkvp; 815 + memcpy(mkvp, ptr->mkvp, 2 * sizeof(u64)); 824 816 rc = 0; 825 817 break; 826 818 } ··· 830 822 return rc; 831 823 } 832 824 833 - static void mkvp_cache_update(u16 cardnr, u16 domain, u64 mkvp) 825 + static void mkvp_cache_update(u16 cardnr, u16 domain, u64 mkvp[2]) 834 826 { 835 827 int found = 0; 836 828 struct mkvp_info *ptr; ··· 839 831 list_for_each_entry(ptr, &mkvp_list, list) { 840 832 if (ptr->cardnr == cardnr && 841 833 ptr->domain == domain) { 842 - ptr->mkvp = mkvp; 834 + memcpy(ptr->mkvp, mkvp, 2 * sizeof(u64)); 843 835 found = 1; 844 836 break; 845 837 } ··· 852 844 } 853 845 ptr->cardnr = cardnr; 854 846 ptr->domain = domain; 855 - ptr->mkvp = mkvp; 847 + memcpy(ptr->mkvp, mkvp, 2 * sizeof(u64)); 856 848 list_add(&ptr->list, &mkvp_list); 857 849 } 858 850 spin_unlock_bh(&mkvp_list_lock); ··· 896 888 struct secaeskeytoken *t = (struct secaeskeytoken *) seckey; 897 889 struct zcrypt_device_matrix *device_matrix; 898 890 u16 card, dom; 899 - u64 mkvp; 900 - int i, rc; 891 + u64 mkvp[2]; 892 + int i, rc, oi = -1; 901 893 902 894 /* mkvp must not be zero */ 903 895 if (t->mkvp == 0) ··· 918 910 device_matrix->device[i].functions & 0x04) { 919 911 /* an enabled CCA Coprocessor card */ 920 912 /* try cached mkvp */ 921 - if (mkvp_cache_fetch(card, dom, &mkvp) == 0 && 922 - t->mkvp == mkvp) { 913 + if (mkvp_cache_fetch(card, dom, mkvp) == 0 && 914 + t->mkvp == mkvp[0]) { 923 915 if (!verify) 924 916 break; 925 917 /* verify: fetch mkvp from adapter */ 926 - if (fetch_mkvp(card, dom, &mkvp) == 0) { 918 + if (fetch_mkvp(card, dom, mkvp) == 0) { 927 919 mkvp_cache_update(card, dom, mkvp); 928 - if (t->mkvp == mkvp) 920 + if (t->mkvp == mkvp[0]) 929 921 break; 930 922 } 931 923 } ··· 944 936 card = AP_QID_CARD(device_matrix->device[i].qid); 945 937 dom = AP_QID_QUEUE(device_matrix->device[i].qid); 946 938 /* fresh fetch mkvp from adapter */ 947 - if (fetch_mkvp(card, dom, &mkvp) == 0) { 939 + if (fetch_mkvp(card, dom, mkvp) == 0) { 948 940 mkvp_cache_update(card, dom, mkvp); 949 - if (t->mkvp == mkvp) 941 + if (t->mkvp == mkvp[0]) 950 942 break; 943 + if (t->mkvp == mkvp[1] && oi < 0) 944 + oi = i; 951 945 } 952 946 } 947 + if (i >= MAX_ZDEV_ENTRIES && oi >= 0) { 948 + /* old mkvp matched, use this card then */ 949 + card = AP_QID_CARD(device_matrix->device[oi].qid); 950 + dom = AP_QID_QUEUE(device_matrix->device[oi].qid); 951 + } 953 952 } 954 - if (i < MAX_ZDEV_ENTRIES) { 953 + if (i < MAX_ZDEV_ENTRIES || oi >= 0) { 955 954 if (pcardnr) 956 955 *pcardnr = card; 957 956 if (pdomain)

+2 -1

drivers/s390/net/qeth_core.h

··· 961 961 int qeth_bridgeport_setrole(struct qeth_card *card, enum qeth_sbp_roles role); 962 962 int qeth_bridgeport_an_set(struct qeth_card *card, int enable); 963 963 int qeth_get_priority_queue(struct qeth_card *, struct sk_buff *, int, int); 964 - int qeth_get_elements_no(struct qeth_card *, struct sk_buff *, int); 964 + int qeth_get_elements_no(struct qeth_card *card, struct sk_buff *skb, 965 + int extra_elems, int data_offset); 965 966 int qeth_get_elements_for_frags(struct sk_buff *); 966 967 int qeth_do_send_packet_fast(struct qeth_card *, struct qeth_qdio_out_q *, 967 968 struct sk_buff *, struct qeth_hdr *, int, int, int);

+3 -2

drivers/s390/net/qeth_core_main.c

··· 3837 3837 * @card: qeth card structure, to check max. elems. 3838 3838 * @skb: SKB address 3839 3839 * @extra_elems: extra elems needed, to check against max. 3840 + * @data_offset: range starts at skb->data + data_offset 3840 3841 * 3841 3842 * Returns the number of pages, and thus QDIO buffer elements, needed to cover 3842 3843 * skb data, including linear part and fragments. Checks if the result plus ··· 3845 3844 * Note: extra_elems is not included in the returned result. 3846 3845 */ 3847 3846 int qeth_get_elements_no(struct qeth_card *card, 3848 - struct sk_buff *skb, int extra_elems) 3847 + struct sk_buff *skb, int extra_elems, int data_offset) 3849 3848 { 3850 3849 int elements = qeth_get_elements_for_range( 3851 - (addr_t)skb->data, 3850 + (addr_t)skb->data + data_offset, 3852 3851 (addr_t)skb->data + skb_headlen(skb)) + 3853 3852 qeth_get_elements_for_frags(skb); 3854 3853

+3 -2

drivers/s390/net/qeth_l2_main.c

··· 849 849 * chaining we can not send long frag lists 850 850 */ 851 851 if ((card->info.type != QETH_CARD_TYPE_IQD) && 852 - !qeth_get_elements_no(card, new_skb, 0)) { 852 + !qeth_get_elements_no(card, new_skb, 0, 0)) { 853 853 int lin_rc = skb_linearize(new_skb); 854 854 855 855 if (card->options.performance_stats) { ··· 894 894 } 895 895 } 896 896 897 - elements = qeth_get_elements_no(card, new_skb, elements_needed); 897 + elements = qeth_get_elements_no(card, new_skb, elements_needed, 898 + (data_offset > 0) ? data_offset : 0); 898 899 if (!elements) { 899 900 if (data_offset >= 0) 900 901 kmem_cache_free(qeth_core_header_cache, hdr);

+7 -13

drivers/s390/net/qeth_l3_main.c

··· 2609 2609 char daddr[16]; 2610 2610 struct af_iucv_trans_hdr *iucv_hdr; 2611 2611 2612 - skb_pull(skb, 14); 2613 - card->dev->header_ops->create(skb, card->dev, 0, 2614 - card->dev->dev_addr, card->dev->dev_addr, 2615 - card->dev->addr_len); 2616 - skb_pull(skb, 14); 2617 - iucv_hdr = (struct af_iucv_trans_hdr *)skb->data; 2618 2612 memset(hdr, 0, sizeof(struct qeth_hdr)); 2619 2613 hdr->hdr.l3.id = QETH_HEADER_TYPE_LAYER3; 2620 2614 hdr->hdr.l3.ext_flags = 0; 2621 - hdr->hdr.l3.length = skb->len; 2615 + hdr->hdr.l3.length = skb->len - ETH_HLEN; 2622 2616 hdr->hdr.l3.flags = QETH_HDR_IPV6 | QETH_CAST_UNICAST; 2617 + 2618 + iucv_hdr = (struct af_iucv_trans_hdr *) (skb->data + ETH_HLEN); 2623 2619 memset(daddr, 0, sizeof(daddr)); 2624 2620 daddr[0] = 0xfe; 2625 2621 daddr[1] = 0x80; ··· 2819 2823 if ((card->info.type == QETH_CARD_TYPE_IQD) && 2820 2824 !skb_is_nonlinear(skb)) { 2821 2825 new_skb = skb; 2822 - if (new_skb->protocol == ETH_P_AF_IUCV) 2823 - data_offset = 0; 2824 - else 2825 - data_offset = ETH_HLEN; 2826 + data_offset = ETH_HLEN; 2826 2827 hdr = kmem_cache_alloc(qeth_core_header_cache, GFP_ATOMIC); 2827 2828 if (!hdr) 2828 2829 goto tx_drop; ··· 2860 2867 */ 2861 2868 if ((card->info.type != QETH_CARD_TYPE_IQD) && 2862 2869 ((use_tso && !qeth_l3_get_elements_no_tso(card, new_skb, 1)) || 2863 - (!use_tso && !qeth_get_elements_no(card, new_skb, 0)))) { 2870 + (!use_tso && !qeth_get_elements_no(card, new_skb, 0, 0)))) { 2864 2871 int lin_rc = skb_linearize(new_skb); 2865 2872 2866 2873 if (card->options.performance_stats) { ··· 2902 2909 2903 2910 elements = use_tso ? 2904 2911 qeth_l3_get_elements_no_tso(card, new_skb, hdr_elements) : 2905 - qeth_get_elements_no(card, new_skb, hdr_elements); 2912 + qeth_get_elements_no(card, new_skb, hdr_elements, 2913 + (data_offset > 0) ? data_offset : 0); 2906 2914 if (!elements) { 2907 2915 if (data_offset >= 0) 2908 2916 kmem_cache_free(qeth_core_header_cache, hdr);

+6 -8

drivers/scsi/aacraid/commsup.c

··· 2056 2056 { 2057 2057 struct hw_fib **hw_fib_p; 2058 2058 struct fib **fib_p; 2059 - int rcode = 1; 2060 2059 2061 2060 hw_fib_p = hw_fib_pool; 2062 2061 fib_p = fib_pool; ··· 2073 2074 } 2074 2075 } 2075 2076 2077 + /* 2078 + * Get the actual number of allocated fibs 2079 + */ 2076 2080 num = hw_fib_p - hw_fib_pool; 2077 - if (!num) 2078 - rcode = 0; 2079 - 2080 - return rcode; 2081 + return num; 2081 2082 } 2082 2083 2083 2084 static void wakeup_fibctx_threads(struct aac_dev *dev, ··· 2185 2186 struct fib *fib; 2186 2187 unsigned long flags; 2187 2188 spinlock_t *t_lock; 2188 - unsigned int rcode; 2189 2189 2190 2190 t_lock = dev->queues->queue[HostNormCmdQueue].lock; 2191 2191 spin_lock_irqsave(t_lock, flags); ··· 2267 2269 * Fill up fib pointer pools with actual fibs 2268 2270 * and hw_fibs 2269 2271 */ 2270 - rcode = fillup_pools(dev, hw_fib_pool, fib_pool, num); 2271 - if (!rcode) 2272 + num = fillup_pools(dev, hw_fib_pool, fib_pool, num); 2273 + if (!num) 2272 2274 goto free_mem; 2273 2275 2274 2276 /*

+24 -14

drivers/scsi/device_handler/scsi_dh_alua.c

··· 113 113 #define ALUA_POLICY_SWITCH_ALL 1 114 114 115 115 static void alua_rtpg_work(struct work_struct *work); 116 - static void alua_rtpg_queue(struct alua_port_group *pg, 116 + static bool alua_rtpg_queue(struct alua_port_group *pg, 117 117 struct scsi_device *sdev, 118 118 struct alua_queue_data *qdata, bool force); 119 119 static void alua_check(struct scsi_device *sdev, bool force); ··· 862 862 kref_put(&pg->kref, release_port_group); 863 863 } 864 864 865 - static void alua_rtpg_queue(struct alua_port_group *pg, 865 + /** 866 + * alua_rtpg_queue() - cause RTPG to be submitted asynchronously 867 + * 868 + * Returns true if and only if alua_rtpg_work() will be called asynchronously. 869 + * That function is responsible for calling @qdata->fn(). 870 + */ 871 + static bool alua_rtpg_queue(struct alua_port_group *pg, 866 872 struct scsi_device *sdev, 867 873 struct alua_queue_data *qdata, bool force) 868 874 { ··· 876 870 unsigned long flags; 877 871 struct workqueue_struct *alua_wq = kaluad_wq; 878 872 879 - if (!pg) 880 - return; 873 + if (WARN_ON_ONCE(!pg) || scsi_device_get(sdev)) 874 + return false; 881 875 882 876 spin_lock_irqsave(&pg->lock, flags); 883 877 if (qdata) { ··· 890 884 pg->flags |= ALUA_PG_RUN_RTPG; 891 885 kref_get(&pg->kref); 892 886 pg->rtpg_sdev = sdev; 893 - scsi_device_get(sdev); 894 887 start_queue = 1; 895 888 } else if (!(pg->flags & ALUA_PG_RUN_RTPG) && force) { 896 889 pg->flags |= ALUA_PG_RUN_RTPG; 897 890 /* Do not queue if the worker is already running */ 898 891 if (!(pg->flags & ALUA_PG_RUNNING)) { 899 892 kref_get(&pg->kref); 900 - sdev = NULL; 901 893 start_queue = 1; 902 894 } 903 895 } ··· 904 900 alua_wq = kaluad_sync_wq; 905 901 spin_unlock_irqrestore(&pg->lock, flags); 906 902 907 - if (start_queue && 908 - !queue_delayed_work(alua_wq, &pg->rtpg_work, 909 - msecs_to_jiffies(ALUA_RTPG_DELAY_MSECS))) { 910 - if (sdev) 911 - scsi_device_put(sdev); 912 - kref_put(&pg->kref, release_port_group); 903 + if (start_queue) { 904 + if (queue_delayed_work(alua_wq, &pg->rtpg_work, 905 + msecs_to_jiffies(ALUA_RTPG_DELAY_MSECS))) 906 + sdev = NULL; 907 + else 908 + kref_put(&pg->kref, release_port_group); 913 909 } 910 + if (sdev) 911 + scsi_device_put(sdev); 912 + 913 + return true; 914 914 } 915 915 916 916 /* ··· 1015 1007 mutex_unlock(&h->init_mutex); 1016 1008 goto out; 1017 1009 } 1018 - fn = NULL; 1019 1010 rcu_read_unlock(); 1020 1011 mutex_unlock(&h->init_mutex); 1021 1012 1022 - alua_rtpg_queue(pg, sdev, qdata, true); 1013 + if (alua_rtpg_queue(pg, sdev, qdata, true)) 1014 + fn = NULL; 1015 + else 1016 + err = SCSI_DH_DEV_OFFLINED; 1023 1017 kref_put(&pg->kref, release_port_group); 1024 1018 out: 1025 1019 if (fn)

+1

drivers/scsi/hpsa.c

··· 3885 3885 if (h->fw_support & MISC_FW_RAID_OFFLOAD_BASIC) 3886 3886 hpsa_get_ioaccel_status(h, scsi3addr, this_device); 3887 3887 volume_offline = hpsa_volume_offline(h, scsi3addr); 3888 + this_device->volume_offline = volume_offline; 3888 3889 if (volume_offline == HPSA_LV_FAILED) { 3889 3890 rc = HPSA_LV_FAILED; 3890 3891 dev_err(&h->pdev->dev,

+1 -1

drivers/scsi/libsas/sas_ata.c

··· 221 221 task->num_scatter = qc->n_elem; 222 222 } else { 223 223 for_each_sg(qc->sg, sg, qc->n_elem, si) 224 - xfer += sg->length; 224 + xfer += sg_dma_len(sg); 225 225 226 226 task->total_xfer_len = xfer; 227 227 task->num_scatter = si;

+14 -8

drivers/scsi/lpfc/lpfc_debugfs.h

··· 44 44 /* hbqinfo output buffer size */ 45 45 #define LPFC_HBQINFO_SIZE 8192 46 46 47 - enum { 48 - DUMP_FCP, 49 - DUMP_NVME, 50 - DUMP_MBX, 51 - DUMP_ELS, 52 - DUMP_NVMELS, 53 - }; 54 - 55 47 /* nvmestat output buffer size */ 56 48 #define LPFC_NVMESTAT_SIZE 8192 57 49 #define LPFC_NVMEKTIME_SIZE 8192 ··· 275 283 struct lpfc_idiag_offset offset; 276 284 void *ptr_private; 277 285 }; 286 + 287 + #else 288 + 289 + #define lpfc_nvmeio_data(phba, fmt, arg...) \ 290 + no_printk(fmt, ##arg) 291 + 278 292 #endif 293 + 294 + enum { 295 + DUMP_FCP, 296 + DUMP_NVME, 297 + DUMP_MBX, 298 + DUMP_ELS, 299 + DUMP_NVMELS, 300 + }; 279 301 280 302 /* Mask for discovery_trace */ 281 303 #define LPFC_DISC_TRC_ELS_CMD 0x1 /* Trace ELS commands */

+2 -1

drivers/scsi/lpfc/lpfc_els.c

··· 7968 7968 did, vport->port_state, ndlp->nlp_flag); 7969 7969 7970 7970 phba->fc_stat.elsRcvPRLI++; 7971 - if (vport->port_state < LPFC_DISC_AUTH) { 7971 + if ((vport->port_state < LPFC_DISC_AUTH) && 7972 + (vport->fc_flag & FC_FABRIC)) { 7972 7973 rjt_err = LSRJT_UNABLE_TPC; 7973 7974 rjt_exp = LSEXP_NOTHING_MORE; 7974 7975 break;

+2 -2

drivers/scsi/lpfc/lpfc_nvmet.c

··· 520 520 struct lpfc_hba *phba = ctxp->phba; 521 521 struct lpfc_iocbq *nvmewqeq; 522 522 unsigned long iflags; 523 - int rc, id; 523 + int rc; 524 524 525 525 #ifdef CONFIG_SCSI_LPFC_DEBUG_FS 526 526 if (phba->ktime_on) { ··· 530 530 ctxp->ts_nvme_data = ktime_get_ns(); 531 531 } 532 532 if (phba->cpucheck_on & LPFC_CHECK_NVMET_IO) { 533 - id = smp_processor_id(); 533 + int id = smp_processor_id(); 534 534 ctxp->cpu = id; 535 535 if (id < LPFC_CHECK_CPU_CNT) 536 536 phba->cpucheck_xmt_io[id]++;

+1

drivers/scsi/qedi/qedi_main.c

··· 2007 2007 2008 2008 static struct pci_device_id qedi_pci_tbl[] = { 2009 2009 { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, 0x165E) }, 2010 + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, 0x8084) }, 2010 2011 { 0 }, 2011 2012 }; 2012 2013 MODULE_DEVICE_TABLE(pci, qedi_pci_tbl);

+2 -1

drivers/scsi/qla2xxx/qla_os.c

··· 1651 1651 /* Don't abort commands in adapter during EEH 1652 1652 * recovery as it's not accessible/responding. 1653 1653 */ 1654 - if (GET_CMD_SP(sp) && !ha->flags.eeh_busy) { 1654 + if (GET_CMD_SP(sp) && !ha->flags.eeh_busy && 1655 + (sp->type == SRB_SCSI_CMD)) { 1655 1656 /* Get a reference to the sp and drop the lock. 1656 1657 * The reference ensures this sp->done() call 1657 1658 * - and not the call in qla2xxx_eh_abort() -

+3 -3

drivers/scsi/scsi_lib.c

··· 496 496 scsi_starved_list_run(sdev->host); 497 497 498 498 if (q->mq_ops) 499 - blk_mq_start_stopped_hw_queues(q, false); 499 + blk_mq_run_hw_queues(q, false); 500 500 else 501 501 blk_run_queue(q); 502 502 } ··· 667 667 !list_empty(&sdev->host->starved_list)) 668 668 kblockd_schedule_work(&sdev->requeue_work); 669 669 else 670 - blk_mq_start_stopped_hw_queues(q, true); 670 + blk_mq_run_hw_queues(q, true); 671 671 } else { 672 672 unsigned long flags; 673 673 ··· 1974 1974 case BLK_MQ_RQ_QUEUE_BUSY: 1975 1975 if (atomic_read(&sdev->device_busy) == 0 && 1976 1976 !scsi_device_blocked(sdev)) 1977 - blk_mq_delay_queue(hctx, SCSI_QUEUE_DELAY); 1977 + blk_mq_delay_run_hw_queue(hctx, SCSI_QUEUE_DELAY); 1978 1978 break; 1979 1979 case BLK_MQ_RQ_QUEUE_ERROR: 1980 1980 /*

+2

drivers/scsi/sg.c

··· 996 996 result = get_user(val, ip); 997 997 if (result) 998 998 return result; 999 + if (val > SG_MAX_CDB_SIZE) 1000 + return -ENOMEM; 999 1001 sfp->next_cmd_len = (val > 0) ? val : 0; 1000 1002 return 0; 1001 1003 case SG_GET_VERSION_NUM:

+2 -2

drivers/scsi/ufs/ufshcd-pltfrm.c

··· 309 309 310 310 mem_res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 311 311 mmio_base = devm_ioremap_resource(dev, mem_res); 312 - if (IS_ERR(*(void **)&mmio_base)) { 313 - err = PTR_ERR(*(void **)&mmio_base); 312 + if (IS_ERR(mmio_base)) { 313 + err = PTR_ERR(mmio_base); 314 314 goto out; 315 315 } 316 316

-2

drivers/scsi/ufs/ufshcd.c

··· 4662 4662 } 4663 4663 if (ufshcd_is_clkscaling_supported(hba)) 4664 4664 hba->clk_scaling.active_reqs--; 4665 - if (ufshcd_is_clkscaling_supported(hba)) 4666 - hba->clk_scaling.active_reqs--; 4667 4665 } 4668 4666 4669 4667 /* clear corresponding bits of completed commands */

+1

drivers/staging/android/ashmem.c

··· 409 409 ret = PTR_ERR(vmfile); 410 410 goto out; 411 411 } 412 + vmfile->f_mode |= FMODE_LSEEK; 412 413 asma->file = vmfile; 413 414 } 414 415 get_file(asma->file);

+25 -16

drivers/thermal/cpu_cooling.c

··· 107 107 }; 108 108 static DEFINE_IDA(cpufreq_ida); 109 109 110 - static unsigned int cpufreq_dev_count; 111 - 112 110 static DEFINE_MUTEX(cooling_list_lock); 113 111 static LIST_HEAD(cpufreq_dev_list); 114 112 ··· 393 395 394 396 opp = dev_pm_opp_find_freq_exact(cpufreq_device->cpu_dev, freq_hz, 395 397 true); 398 + if (IS_ERR(opp)) { 399 + dev_warn_ratelimited(cpufreq_device->cpu_dev, 400 + "Failed to find OPP for frequency %lu: %ld\n", 401 + freq_hz, PTR_ERR(opp)); 402 + return -EINVAL; 403 + } 404 + 396 405 voltage = dev_pm_opp_get_voltage(opp); 397 406 dev_pm_opp_put(opp); 398 407 399 408 if (voltage == 0) { 400 - dev_warn_ratelimited(cpufreq_device->cpu_dev, 401 - "Failed to get voltage for frequency %lu: %ld\n", 402 - freq_hz, IS_ERR(opp) ? PTR_ERR(opp) : 0); 409 + dev_err_ratelimited(cpufreq_device->cpu_dev, 410 + "Failed to get voltage for frequency %lu\n", 411 + freq_hz); 403 412 return -EINVAL; 404 413 } 405 414 ··· 698 693 699 694 *state = cpufreq_cooling_get_level(cpu, target_freq); 700 695 if (*state == THERMAL_CSTATE_INVALID) { 701 - dev_warn_ratelimited(&cdev->device, 702 - "Failed to convert %dKHz for cpu %d into a cdev state\n", 703 - target_freq, cpu); 696 + dev_err_ratelimited(&cdev->device, 697 + "Failed to convert %dKHz for cpu %d into a cdev state\n", 698 + target_freq, cpu); 704 699 return -EINVAL; 705 700 } 706 701 ··· 776 771 unsigned int freq, i, num_cpus; 777 772 int ret; 778 773 struct thermal_cooling_device_ops *cooling_ops; 774 + bool first; 779 775 780 776 if (!alloc_cpumask_var(&temp_mask, GFP_KERNEL)) 781 777 return ERR_PTR(-ENOMEM); ··· 880 874 cpufreq_dev->cool_dev = cool_dev; 881 875 882 876 mutex_lock(&cooling_list_lock); 883 - list_add(&cpufreq_dev->node, &cpufreq_dev_list); 884 - 885 877 /* Register the notifier for first cpufreq cooling device */ 886 - if (!cpufreq_dev_count++) 878 + first = list_empty(&cpufreq_dev_list); 879 + list_add(&cpufreq_dev->node, &cpufreq_dev_list); 880 + mutex_unlock(&cooling_list_lock); 881 + 882 + if (first) 887 883 cpufreq_register_notifier(&thermal_cpufreq_notifier_block, 888 884 CPUFREQ_POLICY_NOTIFIER); 889 - mutex_unlock(&cooling_list_lock); 890 885 891 886 goto put_policy; 892 887 ··· 1028 1021 void cpufreq_cooling_unregister(struct thermal_cooling_device *cdev) 1029 1022 { 1030 1023 struct cpufreq_cooling_device *cpufreq_dev; 1024 + bool last; 1031 1025 1032 1026 if (!cdev) 1033 1027 return; ··· 1036 1028 cpufreq_dev = cdev->devdata; 1037 1029 1038 1030 mutex_lock(&cooling_list_lock); 1031 + list_del(&cpufreq_dev->node); 1039 1032 /* Unregister the notifier for the last cpufreq cooling device */ 1040 - if (!--cpufreq_dev_count) 1033 + last = list_empty(&cpufreq_dev_list); 1034 + mutex_unlock(&cooling_list_lock); 1035 + 1036 + if (last) 1041 1037 cpufreq_unregister_notifier(&thermal_cpufreq_notifier_block, 1042 1038 CPUFREQ_POLICY_NOTIFIER); 1043 - 1044 - list_del(&cpufreq_dev->node); 1045 - mutex_unlock(&cooling_list_lock); 1046 1039 1047 1040 thermal_cooling_device_unregister(cpufreq_dev->cool_dev); 1048 1041 ida_simple_remove(&cpufreq_ida, cpufreq_dev->id);

+10 -4

drivers/thermal/devfreq_cooling.c

··· 186 186 return 0; 187 187 188 188 opp = dev_pm_opp_find_freq_exact(dev, freq, true); 189 - if (IS_ERR(opp) && (PTR_ERR(opp) == -ERANGE)) 189 + if (PTR_ERR(opp) == -ERANGE) 190 190 opp = dev_pm_opp_find_freq_exact(dev, freq, false); 191 + 192 + if (IS_ERR(opp)) { 193 + dev_err_ratelimited(dev, "Failed to find OPP for frequency %lu: %ld\n", 194 + freq, PTR_ERR(opp)); 195 + return 0; 196 + } 191 197 192 198 voltage = dev_pm_opp_get_voltage(opp) / 1000; /* mV */ 193 199 dev_pm_opp_put(opp); 194 200 195 201 if (voltage == 0) { 196 - dev_warn_ratelimited(dev, 197 - "Failed to get voltage for frequency %lu: %ld\n", 198 - freq, IS_ERR(opp) ? PTR_ERR(opp) : 0); 202 + dev_err_ratelimited(dev, 203 + "Failed to get voltage for frequency %lu\n", 204 + freq); 199 205 return 0; 200 206 } 201 207

+6 -2

drivers/tty/serial/8250/Kconfig

··· 128 128 by the parport_serial driver, enabled with CONFIG_PARPORT_SERIAL. 129 129 130 130 config SERIAL_8250_EXAR 131 - tristate "8250/16550 PCI device support" 132 - depends on SERIAL_8250_PCI 131 + tristate "8250/16550 Exar/Commtech PCI/PCIe device support" 132 + depends on SERIAL_8250_PCI 133 133 default SERIAL_8250 134 + help 135 + This builds support for XR17C1xx, XR17V3xx and some Commtech 136 + 422x PCIe serial cards that are not covered by the more generic 137 + SERIAL_8250_PCI option. 134 138 135 139 config SERIAL_8250_HP300 136 140 tristate

+21 -2

drivers/tty/serial/amba-pl011.c

··· 2452 2452 uart_console_write(&dev->port, s, n, pl011_putc); 2453 2453 } 2454 2454 2455 + /* 2456 + * On non-ACPI systems, earlycon is enabled by specifying 2457 + * "earlycon=pl011,<address>" on the kernel command line. 2458 + * 2459 + * On ACPI ARM64 systems, an "early" console is enabled via the SPCR table, 2460 + * by specifying only "earlycon" on the command line. Because it requires 2461 + * SPCR, the console starts after ACPI is parsed, which is later than a 2462 + * traditional early console. 2463 + * 2464 + * To get the traditional early console that starts before ACPI is parsed, 2465 + * specify the full "earlycon=pl011,<address>" option. 2466 + */ 2455 2467 static int __init pl011_early_console_setup(struct earlycon_device *device, 2456 2468 const char *opt) 2457 2469 { 2458 2470 if (!device->port.membase) 2459 2471 return -ENODEV; 2460 2472 2461 - device->con->write = qdf2400_e44_present ? 2462 - qdf2400_e44_early_write : pl011_early_write; 2473 + /* On QDF2400 SOCs affected by Erratum 44, the "qdf2400_e44" must 2474 + * also be specified, e.g. "earlycon=pl011,<address>,qdf2400_e44". 2475 + */ 2476 + if (!strcmp(device->options, "qdf2400_e44")) 2477 + device->con->write = qdf2400_e44_early_write; 2478 + else 2479 + device->con->write = pl011_early_write; 2480 + 2463 2481 return 0; 2464 2482 } 2465 2483 OF_EARLYCON_DECLARE(pl011, "arm,pl011", pl011_early_console_setup); 2466 2484 OF_EARLYCON_DECLARE(pl011, "arm,sbsa-uart", pl011_early_console_setup); 2485 + EARLYCON_DECLARE(qdf2400_e44, pl011_early_console_setup); 2467 2486 2468 2487 #else 2469 2488 #define AMBA_CONSOLE NULL

+8

drivers/tty/serial/atmel_serial.c

··· 1951 1951 atmel_uart_writel(port, ATMEL_PDC_TCR, 0); 1952 1952 atmel_port->pdc_tx.ofs = 0; 1953 1953 } 1954 + /* 1955 + * in uart_flush_buffer(), the xmit circular buffer has just 1956 + * been cleared, so we have to reset tx_len accordingly. 1957 + */ 1958 + atmel_port->tx_len = 0; 1954 1959 } 1955 1960 1956 1961 /* ··· 2487 2482 /* Store PDC transmit status and disable it */ 2488 2483 pdc_tx = atmel_uart_readl(port, ATMEL_PDC_PTSR) & ATMEL_PDC_TXTEN; 2489 2484 atmel_uart_writel(port, ATMEL_PDC_PTCR, ATMEL_PDC_TXTDIS); 2485 + 2486 + /* Make sure that tx path is actually able to send characters */ 2487 + atmel_uart_writel(port, ATMEL_US_CR, ATMEL_US_TXEN); 2490 2488 2491 2489 uart_console_write(port, s, count, atmel_console_putchar); 2492 2490

+1 -1

drivers/tty/serial/mxs-auart.c

··· 1088 1088 AUART_LINECTRL_BAUD_DIV_MAX); 1089 1089 baud_max = u->uartclk * 32 / AUART_LINECTRL_BAUD_DIV_MIN; 1090 1090 baud = uart_get_baud_rate(u, termios, old, baud_min, baud_max); 1091 - div = u->uartclk * 32 / baud; 1091 + div = DIV_ROUND_CLOSEST(u->uartclk * 32, baud); 1092 1092 } 1093 1093 1094 1094 ctrl |= AUART_LINECTRL_BAUD_DIVFRAC(div & 0x3F);

-1

drivers/tty/vt/keyboard.c

··· 28 28 #include <linux/module.h> 29 29 #include <linux/sched/signal.h> 30 30 #include <linux/sched/debug.h> 31 - #include <linux/sched/debug.h> 32 31 #include <linux/tty.h> 33 32 #include <linux/tty_flip.h> 34 33 #include <linux/mm.h>

+5 -2

drivers/usb/core/hcd.c

··· 520 520 */ 521 521 tbuf_size = max_t(u16, sizeof(struct usb_hub_descriptor), wLength); 522 522 tbuf = kzalloc(tbuf_size, GFP_KERNEL); 523 - if (!tbuf) 524 - return -ENOMEM; 523 + if (!tbuf) { 524 + status = -ENOMEM; 525 + goto err_alloc; 526 + } 525 527 526 528 bufp = tbuf; 527 529 ··· 736 734 } 737 735 738 736 kfree(tbuf); 737 + err_alloc: 739 738 740 739 /* any errors get returned through the urb completion */ 741 740 spin_lock_irq(&hcd_root_hub_lock);

+1

drivers/usb/host/xhci-plat.c

··· 344 344 static struct platform_driver usb_xhci_driver = { 345 345 .probe = xhci_plat_probe, 346 346 .remove = xhci_plat_remove, 347 + .shutdown = usb_hcd_platform_shutdown, 347 348 .driver = { 348 349 .name = "xhci-hcd", 349 350 .pm = DEV_PM_OPS,

+3

drivers/usb/host/xhci-ring.c

··· 1989 1989 case TRB_NORMAL: 1990 1990 td->urb->actual_length = requested - remaining; 1991 1991 goto finish_td; 1992 + case TRB_STATUS: 1993 + td->urb->actual_length = requested; 1994 + goto finish_td; 1992 1995 default: 1993 1996 xhci_warn(xhci, "WARN: unexpected TRB Type %d\n", 1994 1997 trb_type);

+25 -18

drivers/usb/host/xhci.c

··· 1477 1477 struct xhci_ring *ep_ring; 1478 1478 struct xhci_virt_ep *ep; 1479 1479 struct xhci_command *command; 1480 + struct xhci_virt_device *vdev; 1480 1481 1481 1482 xhci = hcd_to_xhci(hcd); 1482 1483 spin_lock_irqsave(&xhci->lock, flags); ··· 1486 1485 1487 1486 /* Make sure the URB hasn't completed or been unlinked already */ 1488 1487 ret = usb_hcd_check_unlink_urb(hcd, urb, status); 1489 - if (ret || !urb->hcpriv) 1488 + if (ret) 1490 1489 goto done; 1490 + 1491 + /* give back URB now if we can't queue it for cancel */ 1492 + vdev = xhci->devs[urb->dev->slot_id]; 1493 + urb_priv = urb->hcpriv; 1494 + if (!vdev || !urb_priv) 1495 + goto err_giveback; 1496 + 1497 + ep_index = xhci_get_endpoint_index(&urb->ep->desc); 1498 + ep = &vdev->eps[ep_index]; 1499 + ep_ring = xhci_urb_to_transfer_ring(xhci, urb); 1500 + if (!ep || !ep_ring) 1501 + goto err_giveback; 1502 + 1491 1503 temp = readl(&xhci->op_regs->status); 1492 1504 if (temp == 0xffffffff || (xhci->xhc_state & XHCI_STATE_HALTED)) { 1493 1505 xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb, 1494 1506 "HW died, freeing TD."); 1495 - urb_priv = urb->hcpriv; 1496 1507 for (i = urb_priv->num_tds_done; 1497 - i < urb_priv->num_tds && xhci->devs[urb->dev->slot_id]; 1508 + i < urb_priv->num_tds; 1498 1509 i++) { 1499 1510 td = &urb_priv->td[i]; 1500 1511 if (!list_empty(&td->td_list)) ··· 1514 1501 if (!list_empty(&td->cancelled_td_list)) 1515 1502 list_del_init(&td->cancelled_td_list); 1516 1503 } 1517 - 1518 - usb_hcd_unlink_urb_from_ep(hcd, urb); 1519 - spin_unlock_irqrestore(&xhci->lock, flags); 1520 - usb_hcd_giveback_urb(hcd, urb, -ESHUTDOWN); 1521 - xhci_urb_free_priv(urb_priv); 1522 - return ret; 1504 + goto err_giveback; 1523 1505 } 1524 1506 1525 - ep_index = xhci_get_endpoint_index(&urb->ep->desc); 1526 - ep = &xhci->devs[urb->dev->slot_id]->eps[ep_index]; 1527 - ep_ring = xhci_urb_to_transfer_ring(xhci, urb); 1528 - if (!ep_ring) { 1529 - ret = -EINVAL; 1530 - goto done; 1531 - } 1532 - 1533 - urb_priv = urb->hcpriv; 1534 1507 i = urb_priv->num_tds_done; 1535 1508 if (i < urb_priv->num_tds) 1536 1509 xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb, ··· 1552 1553 } 1553 1554 done: 1554 1555 spin_unlock_irqrestore(&xhci->lock, flags); 1556 + return ret; 1557 + 1558 + err_giveback: 1559 + if (urb_priv) 1560 + xhci_urb_free_priv(urb_priv); 1561 + usb_hcd_unlink_urb_from_ep(hcd, urb); 1562 + spin_unlock_irqrestore(&xhci->lock, flags); 1563 + usb_hcd_giveback_urb(hcd, urb, -ESHUTDOWN); 1555 1564 return ret; 1556 1565 } 1557 1566

+1 -1

drivers/usb/phy/phy-isp1301.c

··· 136 136 static struct i2c_driver isp1301_driver = { 137 137 .driver = { 138 138 .name = DRV_NAME, 139 - .of_match_table = of_match_ptr(isp1301_of_match), 139 + .of_match_table = isp1301_of_match, 140 140 }, 141 141 .probe = isp1301_probe, 142 142 .remove = isp1301_remove,

+3 -1

drivers/xen/xenbus/xenbus_dev_frontend.c

··· 442 442 return xenbus_command_reply(u, XS_ERROR, "ENOENT"); 443 443 444 444 rc = xenbus_dev_request_and_reply(&u->u.msg, u); 445 - if (rc) 445 + if (rc && trans) { 446 + list_del(&trans->list); 446 447 kfree(trans); 448 + } 447 449 448 450 out: 449 451 return rc;

+1 -1

fs/btrfs/ctree.h

··· 1259 1259 atomic_t will_be_snapshoted; 1260 1260 1261 1261 /* For qgroup metadata space reserve */ 1262 - atomic_t qgroup_meta_rsv; 1262 + atomic64_t qgroup_meta_rsv; 1263 1263 }; 1264 1264 static inline u32 btrfs_inode_sectorsize(const struct inode *inode) 1265 1265 {

+1 -1

fs/btrfs/disk-io.c

··· 1342 1342 atomic_set(&root->orphan_inodes, 0); 1343 1343 atomic_set(&root->refs, 1); 1344 1344 atomic_set(&root->will_be_snapshoted, 0); 1345 - atomic_set(&root->qgroup_meta_rsv, 0); 1345 + atomic64_set(&root->qgroup_meta_rsv, 0); 1346 1346 root->log_transid = 0; 1347 1347 root->log_transid_committed = -1; 1348 1348 root->last_log_commit = 0;

+29 -19

fs/btrfs/extent_io.c

··· 2584 2584 2585 2585 if (tree->ops) { 2586 2586 ret = tree->ops->readpage_io_failed_hook(page, mirror); 2587 - if (!ret && !bio->bi_error) 2588 - uptodate = 1; 2589 - } else { 2590 - /* 2591 - * The generic bio_readpage_error handles errors the 2592 - * following way: If possible, new read requests are 2593 - * created and submitted and will end up in 2594 - * end_bio_extent_readpage as well (if we're lucky, not 2595 - * in the !uptodate case). In that case it returns 0 and 2596 - * we just go on with the next page in our bio. If it 2597 - * can't handle the error it will return -EIO and we 2598 - * remain responsible for that page. 2599 - */ 2600 - ret = bio_readpage_error(bio, offset, page, start, end, 2601 - mirror); 2602 - if (ret == 0) { 2603 - uptodate = !bio->bi_error; 2604 - offset += len; 2605 - continue; 2587 + if (ret == -EAGAIN) { 2588 + /* 2589 + * Data inode's readpage_io_failed_hook() always 2590 + * returns -EAGAIN. 2591 + * 2592 + * The generic bio_readpage_error handles errors 2593 + * the following way: If possible, new read 2594 + * requests are created and submitted and will 2595 + * end up in end_bio_extent_readpage as well (if 2596 + * we're lucky, not in the !uptodate case). In 2597 + * that case it returns 0 and we just go on with 2598 + * the next page in our bio. If it can't handle 2599 + * the error it will return -EIO and we remain 2600 + * responsible for that page. 2601 + */ 2602 + ret = bio_readpage_error(bio, offset, page, 2603 + start, end, mirror); 2604 + if (ret == 0) { 2605 + uptodate = !bio->bi_error; 2606 + offset += len; 2607 + continue; 2608 + } 2606 2609 } 2610 + 2611 + /* 2612 + * metadata's readpage_io_failed_hook() always returns 2613 + * -EIO and fixes nothing. -EIO is also returned if 2614 + * data inode error could not be fixed. 2615 + */ 2616 + ASSERT(ret == -EIO); 2607 2617 } 2608 2618 readpage_ok: 2609 2619 if (likely(uptodate)) {

+3 -3

fs/btrfs/inode.c

··· 10523 10523 } 10524 10524 10525 10525 __attribute__((const)) 10526 - static int dummy_readpage_io_failed_hook(struct page *page, int failed_mirror) 10526 + static int btrfs_readpage_io_failed_hook(struct page *page, int failed_mirror) 10527 10527 { 10528 - return 0; 10528 + return -EAGAIN; 10529 10529 } 10530 10530 10531 10531 static const struct inode_operations btrfs_dir_inode_operations = { ··· 10570 10570 .submit_bio_hook = btrfs_submit_bio_hook, 10571 10571 .readpage_end_io_hook = btrfs_readpage_end_io_hook, 10572 10572 .merge_bio_hook = btrfs_merge_bio_hook, 10573 - .readpage_io_failed_hook = dummy_readpage_io_failed_hook, 10573 + .readpage_io_failed_hook = btrfs_readpage_io_failed_hook, 10574 10574 10575 10575 /* optional callbacks */ 10576 10576 .fill_delalloc = run_delalloc_range,

+5 -5

fs/btrfs/qgroup.c

··· 2948 2948 ret = qgroup_reserve(root, num_bytes, enforce); 2949 2949 if (ret < 0) 2950 2950 return ret; 2951 - atomic_add(num_bytes, &root->qgroup_meta_rsv); 2951 + atomic64_add(num_bytes, &root->qgroup_meta_rsv); 2952 2952 return ret; 2953 2953 } 2954 2954 2955 2955 void btrfs_qgroup_free_meta_all(struct btrfs_root *root) 2956 2956 { 2957 2957 struct btrfs_fs_info *fs_info = root->fs_info; 2958 - int reserved; 2958 + u64 reserved; 2959 2959 2960 2960 if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags) || 2961 2961 !is_fstree(root->objectid)) 2962 2962 return; 2963 2963 2964 - reserved = atomic_xchg(&root->qgroup_meta_rsv, 0); 2964 + reserved = atomic64_xchg(&root->qgroup_meta_rsv, 0); 2965 2965 if (reserved == 0) 2966 2966 return; 2967 2967 btrfs_qgroup_free_refroot(fs_info, root->objectid, reserved); ··· 2976 2976 return; 2977 2977 2978 2978 BUG_ON(num_bytes != round_down(num_bytes, fs_info->nodesize)); 2979 - WARN_ON(atomic_read(&root->qgroup_meta_rsv) < num_bytes); 2980 - atomic_sub(num_bytes, &root->qgroup_meta_rsv); 2979 + WARN_ON(atomic64_read(&root->qgroup_meta_rsv) < num_bytes); 2980 + atomic64_sub(num_bytes, &root->qgroup_meta_rsv); 2981 2981 btrfs_qgroup_free_refroot(fs_info, root->objectid, num_bytes); 2982 2982 } 2983 2983

+6 -1

fs/btrfs/send.c

··· 6305 6305 goto out; 6306 6306 } 6307 6307 6308 + /* 6309 + * Check that we don't overflow at later allocations, we request 6310 + * clone_sources_count + 1 items, and compare to unsigned long inside 6311 + * access_ok. 6312 + */ 6308 6313 if (arg->clone_sources_count > 6309 - ULLONG_MAX / sizeof(*arg->clone_sources)) { 6314 + ULONG_MAX / sizeof(struct clone_root) - 1) { 6310 6315 ret = -EINVAL; 6311 6316 goto out; 6312 6317 }

+87

fs/cifs/cifsfs.c

··· 972 972 return rc; 973 973 } 974 974 975 + ssize_t cifs_file_copychunk_range(unsigned int xid, 976 + struct file *src_file, loff_t off, 977 + struct file *dst_file, loff_t destoff, 978 + size_t len, unsigned int flags) 979 + { 980 + struct inode *src_inode = file_inode(src_file); 981 + struct inode *target_inode = file_inode(dst_file); 982 + struct cifsFileInfo *smb_file_src; 983 + struct cifsFileInfo *smb_file_target; 984 + struct cifs_tcon *src_tcon; 985 + struct cifs_tcon *target_tcon; 986 + ssize_t rc; 987 + 988 + cifs_dbg(FYI, "copychunk range\n"); 989 + 990 + if (src_inode == target_inode) { 991 + rc = -EINVAL; 992 + goto out; 993 + } 994 + 995 + if (!src_file->private_data || !dst_file->private_data) { 996 + rc = -EBADF; 997 + cifs_dbg(VFS, "missing cifsFileInfo on copy range src file\n"); 998 + goto out; 999 + } 1000 + 1001 + rc = -EXDEV; 1002 + smb_file_target = dst_file->private_data; 1003 + smb_file_src = src_file->private_data; 1004 + src_tcon = tlink_tcon(smb_file_src->tlink); 1005 + target_tcon = tlink_tcon(smb_file_target->tlink); 1006 + 1007 + if (src_tcon->ses != target_tcon->ses) { 1008 + cifs_dbg(VFS, "source and target of copy not on same server\n"); 1009 + goto out; 1010 + } 1011 + 1012 + /* 1013 + * Note: cifs case is easier than btrfs since server responsible for 1014 + * checks for proper open modes and file type and if it wants 1015 + * server could even support copy of range where source = target 1016 + */ 1017 + lock_two_nondirectories(target_inode, src_inode); 1018 + 1019 + cifs_dbg(FYI, "about to flush pages\n"); 1020 + /* should we flush first and last page first */ 1021 + truncate_inode_pages(&target_inode->i_data, 0); 1022 + 1023 + if (target_tcon->ses->server->ops->copychunk_range) 1024 + rc = target_tcon->ses->server->ops->copychunk_range(xid, 1025 + smb_file_src, smb_file_target, off, len, destoff); 1026 + else 1027 + rc = -EOPNOTSUPP; 1028 + 1029 + /* force revalidate of size and timestamps of target file now 1030 + * that target is updated on the server 1031 + */ 1032 + CIFS_I(target_inode)->time = 0; 1033 + /* although unlocking in the reverse order from locking is not 1034 + * strictly necessary here it is a little cleaner to be consistent 1035 + */ 1036 + unlock_two_nondirectories(src_inode, target_inode); 1037 + 1038 + out: 1039 + return rc; 1040 + } 1041 + 1042 + static ssize_t cifs_copy_file_range(struct file *src_file, loff_t off, 1043 + struct file *dst_file, loff_t destoff, 1044 + size_t len, unsigned int flags) 1045 + { 1046 + unsigned int xid = get_xid(); 1047 + ssize_t rc; 1048 + 1049 + rc = cifs_file_copychunk_range(xid, src_file, off, dst_file, destoff, 1050 + len, flags); 1051 + free_xid(xid); 1052 + return rc; 1053 + } 1054 + 975 1055 const struct file_operations cifs_file_ops = { 976 1056 .read_iter = cifs_loose_read_iter, 977 1057 .write_iter = cifs_file_write_iter, ··· 1064 984 .splice_read = generic_file_splice_read, 1065 985 .llseek = cifs_llseek, 1066 986 .unlocked_ioctl = cifs_ioctl, 987 + .copy_file_range = cifs_copy_file_range, 1067 988 .clone_file_range = cifs_clone_file_range, 1068 989 .setlease = cifs_setlease, 1069 990 .fallocate = cifs_fallocate, ··· 1082 1001 .splice_read = generic_file_splice_read, 1083 1002 .llseek = cifs_llseek, 1084 1003 .unlocked_ioctl = cifs_ioctl, 1004 + .copy_file_range = cifs_copy_file_range, 1085 1005 .clone_file_range = cifs_clone_file_range, 1086 1006 .setlease = cifs_setlease, 1087 1007 .fallocate = cifs_fallocate, ··· 1100 1018 .mmap = cifs_file_mmap, 1101 1019 .splice_read = generic_file_splice_read, 1102 1020 .unlocked_ioctl = cifs_ioctl, 1021 + .copy_file_range = cifs_copy_file_range, 1103 1022 .clone_file_range = cifs_clone_file_range, 1104 1023 .llseek = cifs_llseek, 1105 1024 .setlease = cifs_setlease, ··· 1118 1035 .splice_read = generic_file_splice_read, 1119 1036 .llseek = cifs_llseek, 1120 1037 .unlocked_ioctl = cifs_ioctl, 1038 + .copy_file_range = cifs_copy_file_range, 1121 1039 .clone_file_range = cifs_clone_file_range, 1122 1040 .setlease = cifs_setlease, 1123 1041 .fallocate = cifs_fallocate, ··· 1135 1051 .splice_read = generic_file_splice_read, 1136 1052 .llseek = cifs_llseek, 1137 1053 .unlocked_ioctl = cifs_ioctl, 1054 + .copy_file_range = cifs_copy_file_range, 1138 1055 .clone_file_range = cifs_clone_file_range, 1139 1056 .setlease = cifs_setlease, 1140 1057 .fallocate = cifs_fallocate, ··· 1152 1067 .mmap = cifs_file_mmap, 1153 1068 .splice_read = generic_file_splice_read, 1154 1069 .unlocked_ioctl = cifs_ioctl, 1070 + .copy_file_range = cifs_copy_file_range, 1155 1071 .clone_file_range = cifs_clone_file_range, 1156 1072 .llseek = cifs_llseek, 1157 1073 .setlease = cifs_setlease, ··· 1164 1078 .release = cifs_closedir, 1165 1079 .read = generic_read_dir, 1166 1080 .unlocked_ioctl = cifs_ioctl, 1081 + .copy_file_range = cifs_copy_file_range, 1167 1082 .clone_file_range = cifs_clone_file_range, 1168 1083 .llseek = generic_file_llseek, 1169 1084 };

+5

fs/cifs/cifsfs.h

··· 139 139 # define cifs_listxattr NULL 140 140 #endif 141 141 142 + extern ssize_t cifs_file_copychunk_range(unsigned int xid, 143 + struct file *src_file, loff_t off, 144 + struct file *dst_file, loff_t destoff, 145 + size_t len, unsigned int flags); 146 + 142 147 extern long cifs_ioctl(struct file *filep, unsigned int cmd, unsigned long arg); 143 148 #ifdef CONFIG_CIFS_NFSD_EXPORT 144 149 extern const struct export_operations cifs_export_ops;

+15 -3

fs/cifs/cifsglob.h

··· 243 243 /* verify the message */ 244 244 int (*check_message)(char *, unsigned int, struct TCP_Server_Info *); 245 245 bool (*is_oplock_break)(char *, struct TCP_Server_Info *); 246 + int (*handle_cancelled_mid)(char *, struct TCP_Server_Info *); 246 247 void (*downgrade_oplock)(struct TCP_Server_Info *, 247 248 struct cifsInodeInfo *, bool); 248 249 /* process transaction2 response */ ··· 408 407 char * (*create_lease_buf)(u8 *, u8); 409 408 /* parse lease context buffer and return oplock/epoch info */ 410 409 __u8 (*parse_lease_buf)(void *, unsigned int *); 411 - int (*clone_range)(const unsigned int, struct cifsFileInfo *src_file, 412 - struct cifsFileInfo *target_file, u64 src_off, u64 len, 413 - u64 dest_off); 410 + ssize_t (*copychunk_range)(const unsigned int, 411 + struct cifsFileInfo *src_file, 412 + struct cifsFileInfo *target_file, 413 + u64 src_off, u64 len, u64 dest_off); 414 414 int (*duplicate_extents)(const unsigned int, struct cifsFileInfo *src, 415 415 struct cifsFileInfo *target_file, u64 src_off, u64 len, 416 416 u64 dest_off); ··· 1345 1343 void *callback_data; /* general purpose pointer for callback */ 1346 1344 void *resp_buf; /* pointer to received SMB header */ 1347 1345 int mid_state; /* wish this were enum but can not pass to wait_event */ 1346 + unsigned int mid_flags; 1348 1347 __le16 command; /* smb command code */ 1349 1348 bool large_buf:1; /* if valid response, is pointer to large buf */ 1350 1349 bool multiRsp:1; /* multiple trans2 responses for one request */ 1351 1350 bool multiEnd:1; /* both received */ 1352 1351 bool decrypted:1; /* decrypted entry */ 1352 + }; 1353 + 1354 + struct close_cancelled_open { 1355 + struct cifs_fid fid; 1356 + struct cifs_tcon *tcon; 1357 + struct work_struct work; 1353 1358 }; 1354 1359 1355 1360 /* Make code in transport.c a little cleaner by moving ··· 1489 1480 #define MID_RETRY_NEEDED 8 /* session closed while this request out */ 1490 1481 #define MID_RESPONSE_MALFORMED 0x10 1491 1482 #define MID_SHUTDOWN 0x20 1483 + 1484 + /* Flags */ 1485 + #define MID_WAIT_CANCELLED 1 /* Cancelled while waiting for response */ 1492 1486 1493 1487 /* Types of response buffer returned from SendReceive2 */ 1494 1488 #define CIFS_NO_BUFFER 0 /* Response buffer not returned */

+2 -1

fs/cifs/cifsproto.h

··· 79 79 extern void cifs_wake_up_task(struct mid_q_entry *mid); 80 80 extern int cifs_handle_standard(struct TCP_Server_Info *server, 81 81 struct mid_q_entry *mid); 82 - extern int cifs_discard_remaining_data(struct TCP_Server_Info *server); 82 + extern int cifs_discard_remaining_data(struct TCP_Server_Info *server, 83 + char *buf); 83 84 extern int cifs_call_async(struct TCP_Server_Info *server, 84 85 struct smb_rqst *rqst, 85 86 mid_receive_t *receive, mid_callback_t *callback,

+7 -4

fs/cifs/cifssmb.c

··· 1400 1400 * current bigbuf. 1401 1401 */ 1402 1402 int 1403 - cifs_discard_remaining_data(struct TCP_Server_Info *server) 1403 + cifs_discard_remaining_data(struct TCP_Server_Info *server, char *buf) 1404 1404 { 1405 - unsigned int rfclen = get_rfc1002_length(server->smallbuf); 1405 + unsigned int rfclen = get_rfc1002_length(buf); 1406 1406 int remaining = rfclen + 4 - server->total_read; 1407 1407 1408 1408 while (remaining > 0) { ··· 1426 1426 int length; 1427 1427 struct cifs_readdata *rdata = mid->callback_data; 1428 1428 1429 - length = cifs_discard_remaining_data(server); 1429 + length = cifs_discard_remaining_data(server, mid->resp_buf); 1430 1430 dequeue_mid(mid, rdata->result); 1431 1431 return length; 1432 1432 } ··· 1459 1459 1460 1460 if (server->ops->is_status_pending && 1461 1461 server->ops->is_status_pending(buf, server, 0)) { 1462 - cifs_discard_remaining_data(server); 1462 + cifs_discard_remaining_data(server, buf); 1463 1463 return -1; 1464 1464 } 1465 1465 ··· 1518 1518 rdata->iov[1].iov_len = server->total_read - 4; 1519 1519 cifs_dbg(FYI, "0: iov_base=%p iov_len=%u\n", 1520 1520 rdata->iov[0].iov_base, server->total_read); 1521 + 1522 + mid->resp_buf = server->smallbuf; 1523 + server->smallbuf = NULL; 1521 1524 1522 1525 /* how much data is in the response? */ 1523 1526 data_len = server->ops->read_data_length(buf);

+11 -2

fs/cifs/connect.c

··· 904 904 905 905 server->lstrp = jiffies; 906 906 if (mid_entry != NULL) { 907 + if ((mid_entry->mid_flags & MID_WAIT_CANCELLED) && 908 + mid_entry->mid_state == MID_RESPONSE_RECEIVED && 909 + server->ops->handle_cancelled_mid) 910 + server->ops->handle_cancelled_mid( 911 + mid_entry->resp_buf, 912 + server); 913 + 907 914 if (!mid_entry->multiRsp || mid_entry->multiEnd) 908 915 mid_entry->callback(mid_entry); 909 - } else if (!server->ops->is_oplock_break || 910 - !server->ops->is_oplock_break(buf, server)) { 916 + } else if (server->ops->is_oplock_break && 917 + server->ops->is_oplock_break(buf, server)) { 918 + cifs_dbg(FYI, "Received oplock break\n"); 919 + } else { 911 920 cifs_dbg(VFS, "No task to wake, unknown frame received! NumMids %d\n", 912 921 atomic_read(&midCount)); 913 922 cifs_dump_mem("Received Data is: ", buf,

+5 -61

fs/cifs/ioctl.c

··· 34 34 #include "cifs_ioctl.h" 35 35 #include <linux/btrfs.h> 36 36 37 - static int cifs_file_clone_range(unsigned int xid, struct file *src_file, 38 - struct file *dst_file) 39 - { 40 - struct inode *src_inode = file_inode(src_file); 41 - struct inode *target_inode = file_inode(dst_file); 42 - struct cifsFileInfo *smb_file_src; 43 - struct cifsFileInfo *smb_file_target; 44 - struct cifs_tcon *src_tcon; 45 - struct cifs_tcon *target_tcon; 46 - int rc; 47 - 48 - cifs_dbg(FYI, "ioctl clone range\n"); 49 - 50 - if (!src_file->private_data || !dst_file->private_data) { 51 - rc = -EBADF; 52 - cifs_dbg(VFS, "missing cifsFileInfo on copy range src file\n"); 53 - goto out; 54 - } 55 - 56 - rc = -EXDEV; 57 - smb_file_target = dst_file->private_data; 58 - smb_file_src = src_file->private_data; 59 - src_tcon = tlink_tcon(smb_file_src->tlink); 60 - target_tcon = tlink_tcon(smb_file_target->tlink); 61 - 62 - if (src_tcon->ses != target_tcon->ses) { 63 - cifs_dbg(VFS, "source and target of copy not on same server\n"); 64 - goto out; 65 - } 66 - 67 - /* 68 - * Note: cifs case is easier than btrfs since server responsible for 69 - * checks for proper open modes and file type and if it wants 70 - * server could even support copy of range where source = target 71 - */ 72 - lock_two_nondirectories(target_inode, src_inode); 73 - 74 - cifs_dbg(FYI, "about to flush pages\n"); 75 - /* should we flush first and last page first */ 76 - truncate_inode_pages(&target_inode->i_data, 0); 77 - 78 - if (target_tcon->ses->server->ops->clone_range) 79 - rc = target_tcon->ses->server->ops->clone_range(xid, 80 - smb_file_src, smb_file_target, 0, src_inode->i_size, 0); 81 - else 82 - rc = -EOPNOTSUPP; 83 - 84 - /* force revalidate of size and timestamps of target file now 85 - that target is updated on the server */ 86 - CIFS_I(target_inode)->time = 0; 87 - /* although unlocking in the reverse order from locking is not 88 - strictly necessary here it is a little cleaner to be consistent */ 89 - unlock_two_nondirectories(src_inode, target_inode); 90 - out: 91 - return rc; 92 - } 93 - 94 - static long cifs_ioctl_clone(unsigned int xid, struct file *dst_file, 37 + static long cifs_ioctl_copychunk(unsigned int xid, struct file *dst_file, 95 38 unsigned long srcfd) 96 39 { 97 40 int rc; 98 41 struct fd src_file; 99 42 struct inode *src_inode; 100 43 101 - cifs_dbg(FYI, "ioctl clone range\n"); 44 + cifs_dbg(FYI, "ioctl copychunk range\n"); 102 45 /* the destination must be opened for writing */ 103 46 if (!(dst_file->f_mode & FMODE_WRITE)) { 104 47 cifs_dbg(FYI, "file target not open for write\n"); ··· 72 129 if (S_ISDIR(src_inode->i_mode)) 73 130 goto out_fput; 74 131 75 - rc = cifs_file_clone_range(xid, src_file.file, dst_file); 132 + rc = cifs_file_copychunk_range(xid, src_file.file, 0, dst_file, 0, 133 + src_inode->i_size, 0); 76 134 77 135 out_fput: 78 136 fdput(src_file); ··· 195 251 } 196 252 break; 197 253 case CIFS_IOC_COPYCHUNK_FILE: 198 - rc = cifs_ioctl_clone(xid, filep, arg); 254 + rc = cifs_ioctl_copychunk(xid, filep, arg); 199 255 break; 200 256 case CIFS_IOC_SET_INTEGRITY: 201 257 if (pSMBFile == NULL)

+46

fs/cifs/smb2misc.c

··· 659 659 cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n"); 660 660 return false; 661 661 } 662 + 663 + void 664 + smb2_cancelled_close_fid(struct work_struct *work) 665 + { 666 + struct close_cancelled_open *cancelled = container_of(work, 667 + struct close_cancelled_open, work); 668 + 669 + cifs_dbg(VFS, "Close unmatched open\n"); 670 + 671 + SMB2_close(0, cancelled->tcon, cancelled->fid.persistent_fid, 672 + cancelled->fid.volatile_fid); 673 + cifs_put_tcon(cancelled->tcon); 674 + kfree(cancelled); 675 + } 676 + 677 + int 678 + smb2_handle_cancelled_mid(char *buffer, struct TCP_Server_Info *server) 679 + { 680 + struct smb2_sync_hdr *sync_hdr = get_sync_hdr(buffer); 681 + struct smb2_create_rsp *rsp = (struct smb2_create_rsp *)buffer; 682 + struct cifs_tcon *tcon; 683 + struct close_cancelled_open *cancelled; 684 + 685 + if (sync_hdr->Command != SMB2_CREATE || 686 + sync_hdr->Status != STATUS_SUCCESS) 687 + return 0; 688 + 689 + cancelled = kzalloc(sizeof(*cancelled), GFP_KERNEL); 690 + if (!cancelled) 691 + return -ENOMEM; 692 + 693 + tcon = smb2_find_smb_tcon(server, sync_hdr->SessionId, 694 + sync_hdr->TreeId); 695 + if (!tcon) { 696 + kfree(cancelled); 697 + return -ENOENT; 698 + } 699 + 700 + cancelled->fid.persistent_fid = rsp->PersistentFileId; 701 + cancelled->fid.volatile_fid = rsp->VolatileFileId; 702 + cancelled->tcon = tcon; 703 + INIT_WORK(&cancelled->work, smb2_cancelled_close_fid); 704 + queue_work(cifsiod_wq, &cancelled->work); 705 + 706 + return 0; 707 + }

+26 -15

fs/cifs/smb2ops.c

··· 21 21 #include <linux/vfs.h> 22 22 #include <linux/falloc.h> 23 23 #include <linux/scatterlist.h> 24 + #include <linux/uuid.h> 24 25 #include <crypto/aead.h> 25 26 #include "cifsglob.h" 26 27 #include "smb2pdu.h" ··· 593 592 return rc; 594 593 } 595 594 596 - static int 597 - smb2_clone_range(const unsigned int xid, 595 + static ssize_t 596 + smb2_copychunk_range(const unsigned int xid, 598 597 struct cifsFileInfo *srcfile, 599 598 struct cifsFileInfo *trgtfile, u64 src_off, 600 599 u64 len, u64 dest_off) ··· 606 605 struct cifs_tcon *tcon; 607 606 int chunks_copied = 0; 608 607 bool chunk_sizes_updated = false; 608 + ssize_t bytes_written, total_bytes_written = 0; 609 609 610 610 pcchunk = kmalloc(sizeof(struct copychunk_ioctl), GFP_KERNEL); 611 611 612 612 if (pcchunk == NULL) 613 613 return -ENOMEM; 614 614 615 - cifs_dbg(FYI, "in smb2_clone_range - about to call request res key\n"); 615 + cifs_dbg(FYI, "in smb2_copychunk_range - about to call request res key\n"); 616 616 /* Request a key from the server to identify the source of the copy */ 617 617 rc = SMB2_request_res_key(xid, tlink_tcon(srcfile->tlink), 618 618 srcfile->fid.persistent_fid, ··· 671 669 } 672 670 chunks_copied++; 673 671 674 - src_off += le32_to_cpu(retbuf->TotalBytesWritten); 675 - dest_off += le32_to_cpu(retbuf->TotalBytesWritten); 676 - len -= le32_to_cpu(retbuf->TotalBytesWritten); 672 + bytes_written = le32_to_cpu(retbuf->TotalBytesWritten); 673 + src_off += bytes_written; 674 + dest_off += bytes_written; 675 + len -= bytes_written; 676 + total_bytes_written += bytes_written; 677 677 678 - cifs_dbg(FYI, "Chunks %d PartialChunk %d Total %d\n", 678 + cifs_dbg(FYI, "Chunks %d PartialChunk %d Total %zu\n", 679 679 le32_to_cpu(retbuf->ChunksWritten), 680 680 le32_to_cpu(retbuf->ChunkBytesWritten), 681 - le32_to_cpu(retbuf->TotalBytesWritten)); 681 + bytes_written); 682 682 } else if (rc == -EINVAL) { 683 683 if (ret_data_len != sizeof(struct copychunk_ioctl_rsp)) 684 684 goto cchunk_out; ··· 717 713 cchunk_out: 718 714 kfree(pcchunk); 719 715 kfree(retbuf); 720 - return rc; 716 + if (rc) 717 + return rc; 718 + else 719 + return total_bytes_written; 721 720 } 722 721 723 722 static int ··· 2195 2188 if (rc) 2196 2189 goto free_pages; 2197 2190 2198 - rc = cifs_discard_remaining_data(server); 2191 + rc = cifs_discard_remaining_data(server, buf); 2199 2192 if (rc) 2200 2193 goto free_pages; 2201 2194 ··· 2221 2214 kfree(pages); 2222 2215 return rc; 2223 2216 discard_data: 2224 - cifs_discard_remaining_data(server); 2217 + cifs_discard_remaining_data(server, buf); 2225 2218 goto free_pages; 2226 2219 } 2227 2220 ··· 2329 2322 .clear_stats = smb2_clear_stats, 2330 2323 .print_stats = smb2_print_stats, 2331 2324 .is_oplock_break = smb2_is_valid_oplock_break, 2325 + .handle_cancelled_mid = smb2_handle_cancelled_mid, 2332 2326 .downgrade_oplock = smb2_downgrade_oplock, 2333 2327 .need_neg = smb2_need_neg, 2334 2328 .negotiate = smb2_negotiate, ··· 2385 2377 .set_oplock_level = smb2_set_oplock_level, 2386 2378 .create_lease_buf = smb2_create_lease_buf, 2387 2379 .parse_lease_buf = smb2_parse_lease_buf, 2388 - .clone_range = smb2_clone_range, 2380 + .copychunk_range = smb2_copychunk_range, 2389 2381 .wp_retry_size = smb2_wp_retry_size, 2390 2382 .dir_needs_close = smb2_dir_needs_close, 2391 2383 .get_dfs_refer = smb2_get_dfs_refer, ··· 2412 2404 .clear_stats = smb2_clear_stats, 2413 2405 .print_stats = smb2_print_stats, 2414 2406 .is_oplock_break = smb2_is_valid_oplock_break, 2407 + .handle_cancelled_mid = smb2_handle_cancelled_mid, 2415 2408 .downgrade_oplock = smb2_downgrade_oplock, 2416 2409 .need_neg = smb2_need_neg, 2417 2410 .negotiate = smb2_negotiate, ··· 2468 2459 .set_oplock_level = smb21_set_oplock_level, 2469 2460 .create_lease_buf = smb2_create_lease_buf, 2470 2461 .parse_lease_buf = smb2_parse_lease_buf, 2471 - .clone_range = smb2_clone_range, 2462 + .copychunk_range = smb2_copychunk_range, 2472 2463 .wp_retry_size = smb2_wp_retry_size, 2473 2464 .dir_needs_close = smb2_dir_needs_close, 2474 2465 .enum_snapshots = smb3_enum_snapshots, ··· 2497 2488 .print_stats = smb2_print_stats, 2498 2489 .dump_share_caps = smb2_dump_share_caps, 2499 2490 .is_oplock_break = smb2_is_valid_oplock_break, 2491 + .handle_cancelled_mid = smb2_handle_cancelled_mid, 2500 2492 .downgrade_oplock = smb2_downgrade_oplock, 2501 2493 .need_neg = smb2_need_neg, 2502 2494 .negotiate = smb2_negotiate, ··· 2555 2545 .set_oplock_level = smb3_set_oplock_level, 2556 2546 .create_lease_buf = smb3_create_lease_buf, 2557 2547 .parse_lease_buf = smb3_parse_lease_buf, 2558 - .clone_range = smb2_clone_range, 2548 + .copychunk_range = smb2_copychunk_range, 2559 2549 .duplicate_extents = smb2_duplicate_extents, 2560 2550 .validate_negotiate = smb3_validate_negotiate, 2561 2551 .wp_retry_size = smb2_wp_retry_size, ··· 2592 2582 .print_stats = smb2_print_stats, 2593 2583 .dump_share_caps = smb2_dump_share_caps, 2594 2584 .is_oplock_break = smb2_is_valid_oplock_break, 2585 + .handle_cancelled_mid = smb2_handle_cancelled_mid, 2595 2586 .downgrade_oplock = smb2_downgrade_oplock, 2596 2587 .need_neg = smb2_need_neg, 2597 2588 .negotiate = smb2_negotiate, ··· 2650 2639 .set_oplock_level = smb3_set_oplock_level, 2651 2640 .create_lease_buf = smb3_create_lease_buf, 2652 2641 .parse_lease_buf = smb3_parse_lease_buf, 2653 - .clone_range = smb2_clone_range, 2642 + .copychunk_range = smb2_copychunk_range, 2654 2643 .duplicate_extents = smb2_duplicate_extents, 2655 2644 /* .validate_negotiate = smb3_validate_negotiate, */ /* not used in 3.11 */ 2656 2645 .wp_retry_size = smb2_wp_retry_size,

+4

fs/cifs/smb2pdu.c

··· 1185 1185 return -EINVAL; 1186 1186 } 1187 1187 1188 + /* SMB2 TREE_CONNECT request must be called with TreeId == 0 */ 1189 + if (tcon) 1190 + tcon->tid = 0; 1191 + 1188 1192 rc = small_smb2_init(SMB2_TREE_CONNECT, tcon, (void **) &req); 1189 1193 if (rc) { 1190 1194 kfree(unc_path);

+7

fs/cifs/smb2proto.h

··· 48 48 struct smb_rqst *rqst); 49 49 extern struct mid_q_entry *smb2_setup_async_request( 50 50 struct TCP_Server_Info *server, struct smb_rqst *rqst); 51 + extern struct cifs_ses *smb2_find_smb_ses(struct TCP_Server_Info *server, 52 + __u64 ses_id); 53 + extern struct cifs_tcon *smb2_find_smb_tcon(struct TCP_Server_Info *server, 54 + __u64 ses_id, __u32 tid); 51 55 extern int smb2_calc_signature(struct smb_rqst *rqst, 52 56 struct TCP_Server_Info *server); 53 57 extern int smb3_calc_signature(struct smb_rqst *rqst, ··· 168 164 extern int SMB2_oplock_break(const unsigned int xid, struct cifs_tcon *tcon, 169 165 const u64 persistent_fid, const u64 volatile_fid, 170 166 const __u8 oplock_level); 167 + extern int smb2_handle_cancelled_mid(char *buffer, 168 + struct TCP_Server_Info *server); 169 + void smb2_cancelled_close_fid(struct work_struct *work); 171 170 extern int SMB2_QFS_info(const unsigned int xid, struct cifs_tcon *tcon, 172 171 u64 persistent_file_id, u64 volatile_file_id, 173 172 struct kstatfs *FSData);

+53 -6

fs/cifs/smb2transport.c

··· 115 115 return 0; 116 116 } 117 117 118 + static struct cifs_ses * 119 + smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id) 120 + { 121 + struct cifs_ses *ses; 122 + 123 + list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 124 + if (ses->Suid != ses_id) 125 + continue; 126 + return ses; 127 + } 128 + 129 + return NULL; 130 + } 131 + 118 132 struct cifs_ses * 119 133 smb2_find_smb_ses(struct TCP_Server_Info *server, __u64 ses_id) 120 134 { 121 135 struct cifs_ses *ses; 122 136 123 137 spin_lock(&cifs_tcp_ses_lock); 124 - list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) { 125 - if (ses->Suid != ses_id) 126 - continue; 127 - spin_unlock(&cifs_tcp_ses_lock); 128 - return ses; 129 - } 138 + ses = smb2_find_smb_ses_unlocked(server, ses_id); 130 139 spin_unlock(&cifs_tcp_ses_lock); 131 140 141 + return ses; 142 + } 143 + 144 + static struct cifs_tcon * 145 + smb2_find_smb_sess_tcon_unlocked(struct cifs_ses *ses, __u32 tid) 146 + { 147 + struct cifs_tcon *tcon; 148 + 149 + list_for_each_entry(tcon, &ses->tcon_list, tcon_list) { 150 + if (tcon->tid != tid) 151 + continue; 152 + ++tcon->tc_count; 153 + return tcon; 154 + } 155 + 132 156 return NULL; 157 + } 158 + 159 + /* 160 + * Obtain tcon corresponding to the tid in the given 161 + * cifs_ses 162 + */ 163 + 164 + struct cifs_tcon * 165 + smb2_find_smb_tcon(struct TCP_Server_Info *server, __u64 ses_id, __u32 tid) 166 + { 167 + struct cifs_ses *ses; 168 + struct cifs_tcon *tcon; 169 + 170 + spin_lock(&cifs_tcp_ses_lock); 171 + ses = smb2_find_smb_ses_unlocked(server, ses_id); 172 + if (!ses) { 173 + spin_unlock(&cifs_tcp_ses_lock); 174 + return NULL; 175 + } 176 + tcon = smb2_find_smb_sess_tcon_unlocked(ses, tid); 177 + spin_unlock(&cifs_tcp_ses_lock); 178 + 179 + return tcon; 133 180 } 134 181 135 182 int

+2

fs/cifs/transport.c

··· 752 752 753 753 rc = wait_for_response(ses->server, midQ); 754 754 if (rc != 0) { 755 + cifs_dbg(FYI, "Cancelling wait for mid %llu\n", midQ->mid); 755 756 send_cancel(ses->server, rqst, midQ); 756 757 spin_lock(&GlobalMid_Lock); 757 758 if (midQ->mid_state == MID_REQUEST_SUBMITTED) { 759 + midQ->mid_flags |= MID_WAIT_CANCELLED; 758 760 midQ->callback = DeleteMidQEntry; 759 761 spin_unlock(&GlobalMid_Lock); 760 762 add_credits(ses->server, 1, optype);

+22 -13

fs/dax.c

··· 373 373 } 374 374 spin_lock_irq(&mapping->tree_lock); 375 375 376 + if (!entry) { 377 + /* 378 + * We needed to drop the page_tree lock while calling 379 + * radix_tree_preload() and we didn't have an entry to 380 + * lock. See if another thread inserted an entry at 381 + * our index during this time. 382 + */ 383 + entry = __radix_tree_lookup(&mapping->page_tree, index, 384 + NULL, &slot); 385 + if (entry) { 386 + radix_tree_preload_end(); 387 + spin_unlock_irq(&mapping->tree_lock); 388 + goto restart; 389 + } 390 + } 391 + 376 392 if (pmd_downgrade) { 377 393 radix_tree_delete(&mapping->page_tree, index); 378 394 mapping->nrexceptional--; ··· 404 388 if (err) { 405 389 spin_unlock_irq(&mapping->tree_lock); 406 390 /* 407 - * Someone already created the entry? This is a 408 - * normal failure when inserting PMDs in a range 409 - * that already contains PTEs. In that case we want 410 - * to return -EEXIST immediately. 411 - */ 412 - if (err == -EEXIST && !(size_flag & RADIX_DAX_PMD)) 413 - goto restart; 414 - /* 415 - * Our insertion of a DAX PMD entry failed, most 416 - * likely because it collided with a PTE sized entry 417 - * at a different index in the PMD range. We haven't 418 - * inserted anything into the radix tree and have no 419 - * waiters to wake. 391 + * Our insertion of a DAX entry failed, most likely 392 + * because we were inserting a PMD entry and it 393 + * collided with a PTE sized entry at a different 394 + * index in the PMD range. We haven't inserted 395 + * anything into the radix tree and have no waiters to 396 + * wake. 420 397 */ 421 398 return ERR_PTR(err); 422 399 }

+1

fs/ext4/ext4.h

··· 2466 2466 extern int ext4_getattr(const struct path *, struct kstat *, u32, unsigned int); 2467 2467 extern void ext4_evict_inode(struct inode *); 2468 2468 extern void ext4_clear_inode(struct inode *); 2469 + extern int ext4_file_getattr(const struct path *, struct kstat *, u32, unsigned int); 2469 2470 extern int ext4_sync_inode(handle_t *, struct inode *); 2470 2471 extern void ext4_dirty_inode(struct inode *, int); 2471 2472 extern int ext4_change_inode_journal_flag(struct inode *, int);

+1 -1

fs/ext4/file.c

··· 744 744 745 745 const struct inode_operations ext4_file_inode_operations = { 746 746 .setattr = ext4_setattr, 747 - .getattr = ext4_getattr, 747 + .getattr = ext4_file_getattr, 748 748 .listxattr = ext4_listxattr, 749 749 .get_acl = ext4_get_acl, 750 750 .set_acl = ext4_set_acl,

+38 -3

fs/ext4/inode.c

··· 5390 5390 int ext4_getattr(const struct path *path, struct kstat *stat, 5391 5391 u32 request_mask, unsigned int query_flags) 5392 5392 { 5393 - struct inode *inode; 5394 - unsigned long long delalloc_blocks; 5393 + struct inode *inode = d_inode(path->dentry); 5394 + struct ext4_inode *raw_inode; 5395 + struct ext4_inode_info *ei = EXT4_I(inode); 5396 + unsigned int flags; 5395 5397 5396 - inode = d_inode(path->dentry); 5398 + if (EXT4_FITS_IN_INODE(raw_inode, ei, i_crtime)) { 5399 + stat->result_mask |= STATX_BTIME; 5400 + stat->btime.tv_sec = ei->i_crtime.tv_sec; 5401 + stat->btime.tv_nsec = ei->i_crtime.tv_nsec; 5402 + } 5403 + 5404 + flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 5405 + if (flags & EXT4_APPEND_FL) 5406 + stat->attributes |= STATX_ATTR_APPEND; 5407 + if (flags & EXT4_COMPR_FL) 5408 + stat->attributes |= STATX_ATTR_COMPRESSED; 5409 + if (flags & EXT4_ENCRYPT_FL) 5410 + stat->attributes |= STATX_ATTR_ENCRYPTED; 5411 + if (flags & EXT4_IMMUTABLE_FL) 5412 + stat->attributes |= STATX_ATTR_IMMUTABLE; 5413 + if (flags & EXT4_NODUMP_FL) 5414 + stat->attributes |= STATX_ATTR_NODUMP; 5415 + 5416 + stat->attributes_mask |= (STATX_ATTR_APPEND | 5417 + STATX_ATTR_COMPRESSED | 5418 + STATX_ATTR_ENCRYPTED | 5419 + STATX_ATTR_IMMUTABLE | 5420 + STATX_ATTR_NODUMP); 5421 + 5397 5422 generic_fillattr(inode, stat); 5423 + return 0; 5424 + } 5425 + 5426 + int ext4_file_getattr(const struct path *path, struct kstat *stat, 5427 + u32 request_mask, unsigned int query_flags) 5428 + { 5429 + struct inode *inode = d_inode(path->dentry); 5430 + u64 delalloc_blocks; 5431 + 5432 + ext4_getattr(path, stat, request_mask, query_flags); 5398 5433 5399 5434 /* 5400 5435 * If there is inline data in the inode, the inode will normally not

+2

fs/ext4/namei.c

··· 3912 3912 .tmpfile = ext4_tmpfile, 3913 3913 .rename = ext4_rename2, 3914 3914 .setattr = ext4_setattr, 3915 + .getattr = ext4_getattr, 3915 3916 .listxattr = ext4_listxattr, 3916 3917 .get_acl = ext4_get_acl, 3917 3918 .set_acl = ext4_set_acl, ··· 3921 3920 3922 3921 const struct inode_operations ext4_special_inode_operations = { 3923 3922 .setattr = ext4_setattr, 3923 + .getattr = ext4_getattr, 3924 3924 .listxattr = ext4_listxattr, 3925 3925 .get_acl = ext4_get_acl, 3926 3926 .set_acl = ext4_set_acl,

+3

fs/ext4/symlink.c

··· 85 85 const struct inode_operations ext4_encrypted_symlink_inode_operations = { 86 86 .get_link = ext4_encrypted_get_link, 87 87 .setattr = ext4_setattr, 88 + .getattr = ext4_getattr, 88 89 .listxattr = ext4_listxattr, 89 90 }; 90 91 91 92 const struct inode_operations ext4_symlink_inode_operations = { 92 93 .get_link = page_get_link, 93 94 .setattr = ext4_setattr, 95 + .getattr = ext4_getattr, 94 96 .listxattr = ext4_listxattr, 95 97 }; 96 98 97 99 const struct inode_operations ext4_fast_symlink_inode_operations = { 98 100 .get_link = simple_get_link, 99 101 .setattr = ext4_setattr, 102 + .getattr = ext4_getattr, 100 103 .listxattr = ext4_listxattr, 101 104 };

+12 -13

fs/hugetlbfs/inode.c

··· 695 695 696 696 inode = new_inode(sb); 697 697 if (inode) { 698 - struct hugetlbfs_inode_info *info; 699 698 inode->i_ino = get_next_ino(); 700 699 inode->i_mode = S_IFDIR | config->mode; 701 700 inode->i_uid = config->uid; 702 701 inode->i_gid = config->gid; 703 702 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 704 - info = HUGETLBFS_I(inode); 705 - mpol_shared_policy_init(&info->policy, NULL); 706 703 inode->i_op = &hugetlbfs_dir_inode_operations; 707 704 inode->i_fop = &simple_dir_operations; 708 705 /* directory inodes start off with i_nlink == 2 (for "." entry) */ ··· 730 733 731 734 inode = new_inode(sb); 732 735 if (inode) { 733 - struct hugetlbfs_inode_info *info; 734 736 inode->i_ino = get_next_ino(); 735 737 inode_init_owner(inode, dir, mode); 736 738 lockdep_set_class(&inode->i_mapping->i_mmap_rwsem, ··· 737 741 inode->i_mapping->a_ops = &hugetlbfs_aops; 738 742 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); 739 743 inode->i_mapping->private_data = resv_map; 740 - info = HUGETLBFS_I(inode); 741 - /* 742 - * The policy is initialized here even if we are creating a 743 - * private inode because initialization simply creates an 744 - * an empty rb tree and calls rwlock_init(), later when we 745 - * call mpol_free_shared_policy() it will just return because 746 - * the rb tree will still be empty. 747 - */ 748 - mpol_shared_policy_init(&info->policy, NULL); 749 744 switch (mode & S_IFMT) { 750 745 default: 751 746 init_special_inode(inode, mode, dev); ··· 924 937 hugetlbfs_inc_free_inodes(sbinfo); 925 938 return NULL; 926 939 } 940 + 941 + /* 942 + * Any time after allocation, hugetlbfs_destroy_inode can be called 943 + * for the inode. mpol_free_shared_policy is unconditionally called 944 + * as part of hugetlbfs_destroy_inode. So, initialize policy here 945 + * in case of a quick call to destroy. 946 + * 947 + * Note that the policy is initialized even if we are creating a 948 + * private inode. This simplifies hugetlbfs_destroy_inode. 949 + */ 950 + mpol_shared_policy_init(&p->policy, NULL); 951 + 927 952 return &p->vfs_inode; 928 953 } 929 954

+2 -7

fs/nfs/dir.c

··· 2055 2055 { 2056 2056 struct inode *old_inode = d_inode(old_dentry); 2057 2057 struct inode *new_inode = d_inode(new_dentry); 2058 - struct dentry *dentry = NULL, *rehash = NULL; 2058 + struct dentry *dentry = NULL; 2059 2059 struct rpc_task *task; 2060 2060 int error = -EBUSY; 2061 2061 ··· 2078 2078 * To prevent any new references to the target during the 2079 2079 * rename, we unhash the dentry in advance. 2080 2080 */ 2081 - if (!d_unhashed(new_dentry)) { 2081 + if (!d_unhashed(new_dentry)) 2082 2082 d_drop(new_dentry); 2083 - rehash = new_dentry; 2084 - } 2085 2083 2086 2084 if (d_count(new_dentry) > 2) { 2087 2085 int err; ··· 2096 2098 goto out; 2097 2099 2098 2100 new_dentry = dentry; 2099 - rehash = NULL; 2100 2101 new_inode = NULL; 2101 2102 } 2102 2103 } ··· 2116 2119 error = task->tk_status; 2117 2120 rpc_put_task(task); 2118 2121 out: 2119 - if (rehash) 2120 - d_rehash(rehash); 2121 2122 trace_nfs_rename_exit(old_dir, old_dentry, 2122 2123 new_dir, new_dentry, error); 2123 2124 /* new dentry created? */

+101 -60

fs/nfs/filelayout/filelayout.c

··· 202 202 task->tk_status); 203 203 nfs4_mark_deviceid_unavailable(devid); 204 204 pnfs_error_mark_layout_for_return(inode, lseg); 205 - pnfs_set_lo_fail(lseg); 206 205 rpc_wake_up(&tbl->slot_tbl_waitq); 207 206 /* fall through */ 208 207 default: 208 + pnfs_set_lo_fail(lseg); 209 209 reset: 210 210 dprintk("%s Retry through MDS. Error %d\n", __func__, 211 211 task->tk_status); ··· 560 560 return PNFS_ATTEMPTED; 561 561 } 562 562 563 - /* 564 - * filelayout_check_layout() 565 - * 566 - * Make sure layout segment parameters are sane WRT the device. 567 - * At this point no generic layer initialization of the lseg has occurred, 568 - * and nothing has been added to the layout_hdr cache. 569 - * 570 - */ 571 563 static int 572 - filelayout_check_layout(struct pnfs_layout_hdr *lo, 573 - struct nfs4_filelayout_segment *fl, 574 - struct nfs4_layoutget_res *lgr, 575 - struct nfs4_deviceid *id, 576 - gfp_t gfp_flags) 564 + filelayout_check_deviceid(struct pnfs_layout_hdr *lo, 565 + struct nfs4_filelayout_segment *fl, 566 + gfp_t gfp_flags) 577 567 { 578 568 struct nfs4_deviceid_node *d; 579 569 struct nfs4_file_layout_dsaddr *dsaddr; 580 570 int status = -EINVAL; 581 571 582 - dprintk("--> %s\n", __func__); 583 - 584 - /* FIXME: remove this check when layout segment support is added */ 585 - if (lgr->range.offset != 0 || 586 - lgr->range.length != NFS4_MAX_UINT64) { 587 - dprintk("%s Only whole file layouts supported. Use MDS i/o\n", 588 - __func__); 589 - goto out; 590 - } 591 - 592 - if (fl->pattern_offset > lgr->range.offset) { 593 - dprintk("%s pattern_offset %lld too large\n", 594 - __func__, fl->pattern_offset); 595 - goto out; 596 - } 597 - 598 - if (!fl->stripe_unit) { 599 - dprintk("%s Invalid stripe unit (%u)\n", 600 - __func__, fl->stripe_unit); 601 - goto out; 602 - } 603 - 604 572 /* find and reference the deviceid */ 605 - d = nfs4_find_get_deviceid(NFS_SERVER(lo->plh_inode), id, 573 + d = nfs4_find_get_deviceid(NFS_SERVER(lo->plh_inode), &fl->deviceid, 606 574 lo->plh_lc_cred, gfp_flags); 607 575 if (d == NULL) 608 576 goto out; ··· 596 628 __func__, fl->num_fh); 597 629 goto out_put; 598 630 } 631 + status = 0; 632 + out: 633 + return status; 634 + out_put: 635 + nfs4_fl_put_deviceid(dsaddr); 636 + goto out; 637 + } 638 + 639 + /* 640 + * filelayout_check_layout() 641 + * 642 + * Make sure layout segment parameters are sane WRT the device. 643 + * At this point no generic layer initialization of the lseg has occurred, 644 + * and nothing has been added to the layout_hdr cache. 645 + * 646 + */ 647 + static int 648 + filelayout_check_layout(struct pnfs_layout_hdr *lo, 649 + struct nfs4_filelayout_segment *fl, 650 + struct nfs4_layoutget_res *lgr, 651 + gfp_t gfp_flags) 652 + { 653 + int status = -EINVAL; 654 + 655 + dprintk("--> %s\n", __func__); 656 + 657 + /* FIXME: remove this check when layout segment support is added */ 658 + if (lgr->range.offset != 0 || 659 + lgr->range.length != NFS4_MAX_UINT64) { 660 + dprintk("%s Only whole file layouts supported. Use MDS i/o\n", 661 + __func__); 662 + goto out; 663 + } 664 + 665 + if (fl->pattern_offset > lgr->range.offset) { 666 + dprintk("%s pattern_offset %lld too large\n", 667 + __func__, fl->pattern_offset); 668 + goto out; 669 + } 670 + 671 + if (!fl->stripe_unit) { 672 + dprintk("%s Invalid stripe unit (%u)\n", 673 + __func__, fl->stripe_unit); 674 + goto out; 675 + } 599 676 600 677 status = 0; 601 678 out: 602 679 dprintk("--> %s returns %d\n", __func__, status); 603 680 return status; 604 - out_put: 605 - nfs4_fl_put_deviceid(dsaddr); 606 - goto out; 607 681 } 608 682 609 683 static void _filelayout_free_lseg(struct nfs4_filelayout_segment *fl) ··· 667 657 filelayout_decode_layout(struct pnfs_layout_hdr *flo, 668 658 struct nfs4_filelayout_segment *fl, 669 659 struct nfs4_layoutget_res *lgr, 670 - struct nfs4_deviceid *id, 671 660 gfp_t gfp_flags) 672 661 { 673 662 struct xdr_stream stream; ··· 691 682 if (unlikely(!p)) 692 683 goto out_err; 693 684 694 - memcpy(id, p, sizeof(*id)); 685 + memcpy(&fl->deviceid, p, sizeof(fl->deviceid)); 695 686 p += XDR_QUADLEN(NFS4_DEVICEID4_SIZE); 696 - nfs4_print_deviceid(id); 687 + nfs4_print_deviceid(&fl->deviceid); 697 688 698 689 nfl_util = be32_to_cpup(p++); 699 690 if (nfl_util & NFL4_UFLG_COMMIT_THRU_MDS) ··· 840 831 { 841 832 struct nfs4_filelayout_segment *fl; 842 833 int rc; 843 - struct nfs4_deviceid id; 844 834 845 835 dprintk("--> %s\n", __func__); 846 836 fl = kzalloc(sizeof(*fl), gfp_flags); 847 837 if (!fl) 848 838 return NULL; 849 839 850 - rc = filelayout_decode_layout(layoutid, fl, lgr, &id, gfp_flags); 851 - if (rc != 0 || filelayout_check_layout(layoutid, fl, lgr, &id, gfp_flags)) { 840 + rc = filelayout_decode_layout(layoutid, fl, lgr, gfp_flags); 841 + if (rc != 0 || filelayout_check_layout(layoutid, fl, lgr, gfp_flags)) { 852 842 _filelayout_free_lseg(fl); 853 843 return NULL; 854 844 } ··· 896 888 return min(stripe_unit - (unsigned int)stripe_offset, size); 897 889 } 898 890 891 + static struct pnfs_layout_segment * 892 + fl_pnfs_update_layout(struct inode *ino, 893 + struct nfs_open_context *ctx, 894 + loff_t pos, 895 + u64 count, 896 + enum pnfs_iomode iomode, 897 + bool strict_iomode, 898 + gfp_t gfp_flags) 899 + { 900 + struct pnfs_layout_segment *lseg = NULL; 901 + struct pnfs_layout_hdr *lo; 902 + struct nfs4_filelayout_segment *fl; 903 + int status; 904 + 905 + lseg = pnfs_update_layout(ino, ctx, pos, count, iomode, strict_iomode, 906 + gfp_flags); 907 + if (!lseg) 908 + lseg = ERR_PTR(-ENOMEM); 909 + if (IS_ERR(lseg)) 910 + goto out; 911 + 912 + lo = NFS_I(ino)->layout; 913 + fl = FILELAYOUT_LSEG(lseg); 914 + 915 + status = filelayout_check_deviceid(lo, fl, gfp_flags); 916 + if (status) 917 + lseg = ERR_PTR(status); 918 + out: 919 + if (IS_ERR(lseg)) 920 + pnfs_put_lseg(lseg); 921 + return lseg; 922 + } 923 + 899 924 static void 900 925 filelayout_pg_init_read(struct nfs_pageio_descriptor *pgio, 901 926 struct nfs_page *req) 902 927 { 903 928 if (!pgio->pg_lseg) { 904 - pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, 905 - req->wb_context, 906 - 0, 907 - NFS4_MAX_UINT64, 908 - IOMODE_READ, 909 - false, 910 - GFP_KERNEL); 929 + pgio->pg_lseg = fl_pnfs_update_layout(pgio->pg_inode, 930 + req->wb_context, 931 + 0, 932 + NFS4_MAX_UINT64, 933 + IOMODE_READ, 934 + false, 935 + GFP_KERNEL); 911 936 if (IS_ERR(pgio->pg_lseg)) { 912 937 pgio->pg_error = PTR_ERR(pgio->pg_lseg); 913 938 pgio->pg_lseg = NULL; ··· 960 919 int status; 961 920 962 921 if (!pgio->pg_lseg) { 963 - pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, 964 - req->wb_context, 965 - 0, 966 - NFS4_MAX_UINT64, 967 - IOMODE_RW, 968 - false, 969 - GFP_NOFS); 922 + pgio->pg_lseg = fl_pnfs_update_layout(pgio->pg_inode, 923 + req->wb_context, 924 + 0, 925 + NFS4_MAX_UINT64, 926 + IOMODE_RW, 927 + false, 928 + GFP_NOFS); 970 929 if (IS_ERR(pgio->pg_lseg)) { 971 930 pgio->pg_error = PTR_ERR(pgio->pg_lseg); 972 931 pgio->pg_lseg = NULL;

+10 -9

fs/nfs/filelayout/filelayout.h

··· 55 55 }; 56 56 57 57 struct nfs4_filelayout_segment { 58 - struct pnfs_layout_segment generic_hdr; 59 - u32 stripe_type; 60 - u32 commit_through_mds; 61 - u32 stripe_unit; 62 - u32 first_stripe_index; 63 - u64 pattern_offset; 64 - struct nfs4_file_layout_dsaddr *dsaddr; /* Point to GETDEVINFO data */ 65 - unsigned int num_fh; 66 - struct nfs_fh **fh_array; 58 + struct pnfs_layout_segment generic_hdr; 59 + u32 stripe_type; 60 + u32 commit_through_mds; 61 + u32 stripe_unit; 62 + u32 first_stripe_index; 63 + u64 pattern_offset; 64 + struct nfs4_deviceid deviceid; 65 + struct nfs4_file_layout_dsaddr *dsaddr; /* Point to GETDEVINFO data */ 66 + unsigned int num_fh; 67 + struct nfs_fh **fh_array; 67 68 }; 68 69 69 70 struct nfs4_filelayout {

+4

fs/nfs/flexfilelayout/flexfilelayoutdev.c

··· 208 208 } else 209 209 goto outerr; 210 210 } 211 + 212 + if (IS_ERR(mirror->mirror_ds)) 213 + goto outerr; 214 + 211 215 if (mirror->mirror_ds->ds == NULL) { 212 216 struct nfs4_deviceid_node *devid; 213 217 devid = &mirror->mirror_ds->id_node;

+3 -6

fs/nfs/nfs4proc.c

··· 2442 2442 } 2443 2443 2444 2444 nfs4_stateid_copy(&stateid, &delegation->stateid); 2445 - if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags)) { 2445 + if (test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) || 2446 + !test_and_clear_bit(NFS_DELEGATION_TEST_EXPIRED, 2447 + &delegation->flags)) { 2446 2448 rcu_read_unlock(); 2447 2449 nfs_finish_clear_delegation_stateid(state, &stateid); 2448 - return; 2449 - } 2450 - 2451 - if (!test_and_clear_bit(NFS_DELEGATION_TEST_EXPIRED, &delegation->flags)) { 2452 - rcu_read_unlock(); 2453 2450 return; 2454 2451 } 2455 2452

+33 -10

fs/nfsd/nfsctl.c

··· 538 538 539 539 static ssize_t 540 540 nfsd_print_version_support(char *buf, int remaining, const char *sep, 541 - unsigned vers, unsigned minor) 541 + unsigned vers, int minor) 542 542 { 543 - const char *format = (minor == 0) ? "%s%c%u" : "%s%c%u.%u"; 543 + const char *format = minor < 0 ? "%s%c%u" : "%s%c%u.%u"; 544 544 bool supported = !!nfsd_vers(vers, NFSD_TEST); 545 545 546 - if (vers == 4 && !nfsd_minorversion(minor, NFSD_TEST)) 546 + if (vers == 4 && minor >= 0 && 547 + !nfsd_minorversion(minor, NFSD_TEST)) 547 548 supported = false; 549 + if (minor == 0 && supported) 550 + /* 551 + * special case for backward compatability. 552 + * +4.0 is never reported, it is implied by 553 + * +4, unless -4.0 is present. 554 + */ 555 + return 0; 548 556 return snprintf(buf, remaining, format, sep, 549 557 supported ? '+' : '-', vers, minor); 550 558 } ··· 562 554 char *mesg = buf; 563 555 char *vers, *minorp, sign; 564 556 int len, num, remaining; 565 - unsigned minor; 566 557 ssize_t tlen = 0; 567 558 char *sep; 568 559 struct nfsd_net *nn = net_generic(netns(file), nfsd_net_id); ··· 582 575 if (len <= 0) return -EINVAL; 583 576 do { 584 577 enum vers_op cmd; 578 + unsigned minor; 585 579 sign = *vers; 586 580 if (sign == '+' || sign == '-') 587 581 num = simple_strtol((vers+1), &minorp, 0); ··· 593 585 return -EINVAL; 594 586 if (kstrtouint(minorp+1, 0, &minor) < 0) 595 587 return -EINVAL; 596 - } else 597 - minor = 0; 588 + } 589 + 598 590 cmd = sign == '-' ? NFSD_CLEAR : NFSD_SET; 599 591 switch(num) { 600 592 case 2: ··· 602 594 nfsd_vers(num, cmd); 603 595 break; 604 596 case 4: 605 - if (nfsd_minorversion(minor, cmd) >= 0) 606 - break; 597 + if (*minorp == '.') { 598 + if (nfsd_minorversion(minor, cmd) < 0) 599 + return -EINVAL; 600 + } else if ((cmd == NFSD_SET) != nfsd_vers(num, NFSD_TEST)) { 601 + /* 602 + * Either we have +4 and no minors are enabled, 603 + * or we have -4 and at least one minor is enabled. 604 + * In either case, propagate 'cmd' to all minors. 605 + */ 606 + minor = 0; 607 + while (nfsd_minorversion(minor, cmd) >= 0) 608 + minor++; 609 + } 610 + break; 607 611 default: 608 612 return -EINVAL; 609 613 } ··· 632 612 sep = ""; 633 613 remaining = SIMPLE_TRANSACTION_LIMIT; 634 614 for (num=2 ; num <= 4 ; num++) { 615 + int minor; 635 616 if (!nfsd_vers(num, NFSD_AVAIL)) 636 617 continue; 637 - minor = 0; 618 + 619 + minor = -1; 638 620 do { 639 621 len = nfsd_print_version_support(buf, remaining, 640 622 sep, num, minor); ··· 646 624 buf += len; 647 625 tlen += len; 648 626 minor++; 649 - sep = " "; 627 + if (len) 628 + sep = " "; 650 629 } while (num == 4 && minor <= NFSD_SUPPORTED_MINOR_VERSION); 651 630 } 652 631 out:

+1

fs/nfsd/nfsproc.c

··· 786 786 { nfserr_serverfault, -ESERVERFAULT }, 787 787 { nfserr_serverfault, -ENFILE }, 788 788 { nfserr_io, -EUCLEAN }, 789 + { nfserr_perm, -ENOKEY }, 789 790 }; 790 791 int i; 791 792

+13 -15

fs/nfsd/nfssvc.c

··· 167 167 168 168 int nfsd_minorversion(u32 minorversion, enum vers_op change) 169 169 { 170 - if (minorversion > NFSD_SUPPORTED_MINOR_VERSION) 170 + if (minorversion > NFSD_SUPPORTED_MINOR_VERSION && 171 + change != NFSD_AVAIL) 171 172 return -1; 172 173 switch(change) { 173 174 case NFSD_SET: ··· 416 415 417 416 void nfsd_reset_versions(void) 418 417 { 419 - int found_one = 0; 420 418 int i; 421 419 422 - for (i = NFSD_MINVERS; i < NFSD_NRVERS; i++) { 423 - if (nfsd_program.pg_vers[i]) 424 - found_one = 1; 425 - } 420 + for (i = 0; i < NFSD_NRVERS; i++) 421 + if (nfsd_vers(i, NFSD_TEST)) 422 + return; 426 423 427 - if (!found_one) { 428 - for (i = NFSD_MINVERS; i < NFSD_NRVERS; i++) 429 - nfsd_program.pg_vers[i] = nfsd_version[i]; 430 - #if defined(CONFIG_NFSD_V2_ACL) || defined(CONFIG_NFSD_V3_ACL) 431 - for (i = NFSD_ACL_MINVERS; i < NFSD_ACL_NRVERS; i++) 432 - nfsd_acl_program.pg_vers[i] = 433 - nfsd_acl_version[i]; 434 - #endif 435 - } 424 + for (i = 0; i < NFSD_NRVERS; i++) 425 + if (i != 4) 426 + nfsd_vers(i, NFSD_SET); 427 + else { 428 + int minor = 0; 429 + while (nfsd_minorversion(minor, NFSD_SET) >= 0) 430 + minor++; 431 + } 436 432 } 437 433 438 434 /*

+7 -2

fs/orangefs/super.c

··· 263 263 if (!new_op) 264 264 return -ENOMEM; 265 265 new_op->upcall.req.features.features = 0; 266 - ret = service_operation(new_op, "orangefs_features", 0); 267 - orangefs_features = new_op->downcall.resp.features.features; 266 + ret = service_operation(new_op, "orangefs_features", 267 + ORANGEFS_OP_PRIORITY | ORANGEFS_OP_NO_MUTEX); 268 + if (!ret) 269 + orangefs_features = 270 + new_op->downcall.resp.features.features; 271 + else 272 + orangefs_features = 0; 268 273 op_release(new_op); 269 274 } else { 270 275 orangefs_features = 0;

+1

fs/proc/proc_sysctl.c

··· 1074 1074 1075 1075 if ((table->proc_handler == proc_dostring) || 1076 1076 (table->proc_handler == proc_dointvec) || 1077 + (table->proc_handler == proc_douintvec) || 1077 1078 (table->proc_handler == proc_dointvec_minmax) || 1078 1079 (table->proc_handler == proc_dointvec_jiffies) || 1079 1080 (table->proc_handler == proc_dointvec_userhz_jiffies) ||

+37 -43

fs/stat.c

··· 130 130 int vfs_statx_fd(unsigned int fd, struct kstat *stat, 131 131 u32 request_mask, unsigned int query_flags) 132 132 { 133 - struct fd f = fdget_raw(fd); 133 + struct fd f; 134 134 int error = -EBADF; 135 135 136 + if (query_flags & ~KSTAT_QUERY_FLAGS) 137 + return -EINVAL; 138 + 139 + f = fdget_raw(fd); 136 140 if (f.file) { 137 141 error = vfs_getattr(&f.file->f_path, stat, 138 142 request_mask, query_flags); ··· 158 154 * that it uses a filename and base directory to determine the file location. 159 155 * Additionally, the use of AT_SYMLINK_NOFOLLOW in flags will prevent a symlink 160 156 * at the given name from being referenced. 161 - * 162 - * The caller must have preset stat->request_mask as for vfs_getattr(). The 163 - * flags are also used to load up stat->query_flags. 164 157 * 165 158 * 0 will be returned on success, and a -ve error code if unsuccessful. 166 159 */ ··· 510 509 } 511 510 #endif /* __ARCH_WANT_STAT64 || __ARCH_WANT_COMPAT_STAT64 */ 512 511 513 - static inline int __put_timestamp(struct timespec *kts, 514 - struct statx_timestamp __user *uts) 512 + static noinline_for_stack int 513 + cp_statx(const struct kstat *stat, struct statx __user *buffer) 515 514 { 516 - return (__put_user(kts->tv_sec, &uts->tv_sec ) || 517 - __put_user(kts->tv_nsec, &uts->tv_nsec ) || 518 - __put_user(0, &uts->__reserved )); 519 - } 515 + struct statx tmp; 520 516 521 - /* 522 - * Set the statx results. 523 - */ 524 - static long statx_set_result(struct kstat *stat, struct statx __user *buffer) 525 - { 526 - uid_t uid = from_kuid_munged(current_user_ns(), stat->uid); 527 - gid_t gid = from_kgid_munged(current_user_ns(), stat->gid); 517 + memset(&tmp, 0, sizeof(tmp)); 528 518 529 - if (__put_user(stat->result_mask, &buffer->stx_mask ) || 530 - __put_user(stat->mode, &buffer->stx_mode ) || 531 - __clear_user(&buffer->__spare0, sizeof(buffer->__spare0)) || 532 - __put_user(stat->nlink, &buffer->stx_nlink ) || 533 - __put_user(uid, &buffer->stx_uid ) || 534 - __put_user(gid, &buffer->stx_gid ) || 535 - __put_user(stat->attributes, &buffer->stx_attributes ) || 536 - __put_user(stat->blksize, &buffer->stx_blksize ) || 537 - __put_user(MAJOR(stat->rdev), &buffer->stx_rdev_major ) || 538 - __put_user(MINOR(stat->rdev), &buffer->stx_rdev_minor ) || 539 - __put_user(MAJOR(stat->dev), &buffer->stx_dev_major ) || 540 - __put_user(MINOR(stat->dev), &buffer->stx_dev_minor ) || 541 - __put_timestamp(&stat->atime, &buffer->stx_atime ) || 542 - __put_timestamp(&stat->btime, &buffer->stx_btime ) || 543 - __put_timestamp(&stat->ctime, &buffer->stx_ctime ) || 544 - __put_timestamp(&stat->mtime, &buffer->stx_mtime ) || 545 - __put_user(stat->ino, &buffer->stx_ino ) || 546 - __put_user(stat->size, &buffer->stx_size ) || 547 - __put_user(stat->blocks, &buffer->stx_blocks ) || 548 - __clear_user(&buffer->__spare1, sizeof(buffer->__spare1)) || 549 - __clear_user(&buffer->__spare2, sizeof(buffer->__spare2))) 550 - return -EFAULT; 519 + tmp.stx_mask = stat->result_mask; 520 + tmp.stx_blksize = stat->blksize; 521 + tmp.stx_attributes = stat->attributes; 522 + tmp.stx_nlink = stat->nlink; 523 + tmp.stx_uid = from_kuid_munged(current_user_ns(), stat->uid); 524 + tmp.stx_gid = from_kgid_munged(current_user_ns(), stat->gid); 525 + tmp.stx_mode = stat->mode; 526 + tmp.stx_ino = stat->ino; 527 + tmp.stx_size = stat->size; 528 + tmp.stx_blocks = stat->blocks; 529 + tmp.stx_attributes_mask = stat->attributes_mask; 530 + tmp.stx_atime.tv_sec = stat->atime.tv_sec; 531 + tmp.stx_atime.tv_nsec = stat->atime.tv_nsec; 532 + tmp.stx_btime.tv_sec = stat->btime.tv_sec; 533 + tmp.stx_btime.tv_nsec = stat->btime.tv_nsec; 534 + tmp.stx_ctime.tv_sec = stat->ctime.tv_sec; 535 + tmp.stx_ctime.tv_nsec = stat->ctime.tv_nsec; 536 + tmp.stx_mtime.tv_sec = stat->mtime.tv_sec; 537 + tmp.stx_mtime.tv_nsec = stat->mtime.tv_nsec; 538 + tmp.stx_rdev_major = MAJOR(stat->rdev); 539 + tmp.stx_rdev_minor = MINOR(stat->rdev); 540 + tmp.stx_dev_major = MAJOR(stat->dev); 541 + tmp.stx_dev_minor = MINOR(stat->dev); 551 542 552 - return 0; 543 + return copy_to_user(buffer, &tmp, sizeof(tmp)) ? -EFAULT : 0; 553 544 } 554 545 555 546 /** ··· 563 570 struct kstat stat; 564 571 int error; 565 572 573 + if (mask & STATX__RESERVED) 574 + return -EINVAL; 566 575 if ((flags & AT_STATX_SYNC_TYPE) == AT_STATX_SYNC_TYPE) 567 576 return -EINVAL; 568 - if (!access_ok(VERIFY_WRITE, buffer, sizeof(*buffer))) 569 - return -EFAULT; 570 577 571 578 if (filename) 572 579 error = vfs_statx(dfd, filename, flags, &stat, mask); ··· 574 581 error = vfs_statx_fd(dfd, &stat, mask, flags); 575 582 if (error) 576 583 return error; 577 - return statx_set_result(&stat, buffer); 584 + 585 + return cp_statx(&stat, buffer); 578 586 } 579 587 580 588 /* Caller is here responsible for sufficient locking (ie. inode->i_lock) */

+4 -2

fs/sysfs/file.c

··· 108 108 { 109 109 const struct sysfs_ops *ops = sysfs_file_ops(of->kn); 110 110 struct kobject *kobj = of->kn->parent->priv; 111 - size_t len; 111 + ssize_t len; 112 112 113 113 /* 114 114 * If buf != of->prealloc_buf, we don't know how ··· 117 117 if (WARN_ON_ONCE(buf != of->prealloc_buf)) 118 118 return 0; 119 119 len = ops->show(kobj, of->kn->priv, buf); 120 + if (len < 0) 121 + return len; 120 122 if (pos) { 121 123 if (len <= pos) 122 124 return 0; 123 125 len -= pos; 124 126 memmove(buf, buf + pos, len); 125 127 } 126 - return min(count, len); 128 + return min_t(ssize_t, count, len); 127 129 } 128 130 129 131 /* kernfs write callback for regular sysfs files */

+1 -1

fs/userfaultfd.c

··· 1756 1756 * protocols: aa:... bb:... 1757 1757 */ 1758 1758 seq_printf(m, "pending:\t%lu\ntotal:\t%lu\nAPI:\t%Lx:%x:%Lx\n", 1759 - pending, total, UFFD_API, UFFD_API_FEATURES, 1759 + pending, total, UFFD_API, ctx->features, 1760 1760 UFFD_API_IOCTLS|UFFD_API_RANGE_IOCTLS); 1761 1761 } 1762 1762 #endif

+1 -2

fs/xfs/libxfs/xfs_dir2_priv.h

··· 125 125 extern int xfs_dir2_sf_lookup(struct xfs_da_args *args); 126 126 extern int xfs_dir2_sf_removename(struct xfs_da_args *args); 127 127 extern int xfs_dir2_sf_replace(struct xfs_da_args *args); 128 - extern int xfs_dir2_sf_verify(struct xfs_mount *mp, struct xfs_dir2_sf_hdr *sfp, 129 - int size); 128 + extern int xfs_dir2_sf_verify(struct xfs_inode *ip); 130 129 131 130 /* xfs_dir2_readdir.c */ 132 131 extern int xfs_readdir(struct xfs_inode *dp, struct dir_context *ctx,

+41 -22

fs/xfs/libxfs/xfs_dir2_sf.c

··· 632 632 /* Verify the consistency of an inline directory. */ 633 633 int 634 634 xfs_dir2_sf_verify( 635 - struct xfs_mount *mp, 636 - struct xfs_dir2_sf_hdr *sfp, 637 - int size) 635 + struct xfs_inode *ip) 638 636 { 637 + struct xfs_mount *mp = ip->i_mount; 638 + struct xfs_dir2_sf_hdr *sfp; 639 639 struct xfs_dir2_sf_entry *sfep; 640 640 struct xfs_dir2_sf_entry *next_sfep; 641 641 char *endp; 642 642 const struct xfs_dir_ops *dops; 643 + struct xfs_ifork *ifp; 643 644 xfs_ino_t ino; 644 645 int i; 645 646 int i8count; 646 647 int offset; 648 + int size; 649 + int error; 647 650 __uint8_t filetype; 648 651 652 + ASSERT(ip->i_d.di_format == XFS_DINODE_FMT_LOCAL); 653 + /* 654 + * xfs_iread calls us before xfs_setup_inode sets up ip->d_ops, 655 + * so we can only trust the mountpoint to have the right pointer. 656 + */ 649 657 dops = xfs_dir_get_ops(mp, NULL); 658 + 659 + ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK); 660 + sfp = (struct xfs_dir2_sf_hdr *)ifp->if_u1.if_data; 661 + size = ifp->if_bytes; 650 662 651 663 /* 652 664 * Give up if the directory is way too short. 653 665 */ 654 - XFS_WANT_CORRUPTED_RETURN(mp, size > 655 - offsetof(struct xfs_dir2_sf_hdr, parent)); 656 - XFS_WANT_CORRUPTED_RETURN(mp, size >= 657 - xfs_dir2_sf_hdr_size(sfp->i8count)); 666 + if (size <= offsetof(struct xfs_dir2_sf_hdr, parent) || 667 + size < xfs_dir2_sf_hdr_size(sfp->i8count)) 668 + return -EFSCORRUPTED; 658 669 659 670 endp = (char *)sfp + size; 660 671 661 672 /* Check .. entry */ 662 673 ino = dops->sf_get_parent_ino(sfp); 663 674 i8count = ino > XFS_DIR2_MAX_SHORT_INUM; 664 - XFS_WANT_CORRUPTED_RETURN(mp, !xfs_dir_ino_validate(mp, ino)); 675 + error = xfs_dir_ino_validate(mp, ino); 676 + if (error) 677 + return error; 665 678 offset = dops->data_first_offset; 666 679 667 680 /* Check all reported entries */ ··· 685 672 * Check the fixed-offset parts of the structure are 686 673 * within the data buffer. 687 674 */ 688 - XFS_WANT_CORRUPTED_RETURN(mp, 689 - ((char *)sfep + sizeof(*sfep)) < endp); 675 + if (((char *)sfep + sizeof(*sfep)) >= endp) 676 + return -EFSCORRUPTED; 690 677 691 678 /* Don't allow names with known bad length. */ 692 - XFS_WANT_CORRUPTED_RETURN(mp, sfep->namelen > 0); 693 - XFS_WANT_CORRUPTED_RETURN(mp, sfep->namelen < MAXNAMELEN); 679 + if (sfep->namelen == 0) 680 + return -EFSCORRUPTED; 694 681 695 682 /* 696 683 * Check that the variable-length part of the structure is ··· 698 685 * name component, so nextentry is an acceptable test. 699 686 */ 700 687 next_sfep = dops->sf_nextentry(sfp, sfep); 701 - XFS_WANT_CORRUPTED_RETURN(mp, endp >= (char *)next_sfep); 688 + if (endp < (char *)next_sfep) 689 + return -EFSCORRUPTED; 702 690 703 691 /* Check that the offsets always increase. */ 704 - XFS_WANT_CORRUPTED_RETURN(mp, 705 - xfs_dir2_sf_get_offset(sfep) >= offset); 692 + if (xfs_dir2_sf_get_offset(sfep) < offset) 693 + return -EFSCORRUPTED; 706 694 707 695 /* Check the inode number. */ 708 696 ino = dops->sf_get_ino(sfp, sfep); 709 697 i8count += ino > XFS_DIR2_MAX_SHORT_INUM; 710 - XFS_WANT_CORRUPTED_RETURN(mp, !xfs_dir_ino_validate(mp, ino)); 698 + error = xfs_dir_ino_validate(mp, ino); 699 + if (error) 700 + return error; 711 701 712 702 /* Check the file type. */ 713 703 filetype = dops->sf_get_ftype(sfep); 714 - XFS_WANT_CORRUPTED_RETURN(mp, filetype < XFS_DIR3_FT_MAX); 704 + if (filetype >= XFS_DIR3_FT_MAX) 705 + return -EFSCORRUPTED; 715 706 716 707 offset = xfs_dir2_sf_get_offset(sfep) + 717 708 dops->data_entsize(sfep->namelen); 718 709 719 710 sfep = next_sfep; 720 711 } 721 - XFS_WANT_CORRUPTED_RETURN(mp, i8count == sfp->i8count); 722 - XFS_WANT_CORRUPTED_RETURN(mp, (void *)sfep == (void *)endp); 712 + if (i8count != sfp->i8count) 713 + return -EFSCORRUPTED; 714 + if ((void *)sfep != (void *)endp) 715 + return -EFSCORRUPTED; 723 716 724 717 /* Make sure this whole thing ought to be in local format. */ 725 - XFS_WANT_CORRUPTED_RETURN(mp, offset + 726 - (sfp->count + 2) * (uint)sizeof(xfs_dir2_leaf_entry_t) + 727 - (uint)sizeof(xfs_dir2_block_tail_t) <= mp->m_dir_geo->blksize); 718 + if (offset + (sfp->count + 2) * (uint)sizeof(xfs_dir2_leaf_entry_t) + 719 + (uint)sizeof(xfs_dir2_block_tail_t) > mp->m_dir_geo->blksize) 720 + return -EFSCORRUPTED; 728 721 729 722 return 0; 730 723 }

+13 -22

fs/xfs/libxfs/xfs_inode_fork.c

··· 212 212 if (error) 213 213 return error; 214 214 215 + /* Check inline dir contents. */ 216 + if (S_ISDIR(VFS_I(ip)->i_mode) && 217 + dip->di_format == XFS_DINODE_FMT_LOCAL) { 218 + error = xfs_dir2_sf_verify(ip); 219 + if (error) { 220 + xfs_idestroy_fork(ip, XFS_DATA_FORK); 221 + return error; 222 + } 223 + } 224 + 215 225 if (xfs_is_reflink_inode(ip)) { 216 226 ASSERT(ip->i_cowfp == NULL); 217 227 xfs_ifork_init_cow(ip); ··· 332 322 int whichfork, 333 323 int size) 334 324 { 335 - int error; 336 - 337 325 /* 338 326 * If the size is unreasonable, then something 339 327 * is wrong and we just bail out rather than crash in ··· 345 337 XFS_CORRUPTION_ERROR("xfs_iformat_local", XFS_ERRLEVEL_LOW, 346 338 ip->i_mount, dip); 347 339 return -EFSCORRUPTED; 348 - } 349 - 350 - if (S_ISDIR(VFS_I(ip)->i_mode) && whichfork == XFS_DATA_FORK) { 351 - error = xfs_dir2_sf_verify(ip->i_mount, 352 - (struct xfs_dir2_sf_hdr *)XFS_DFORK_DPTR(dip), 353 - size); 354 - if (error) 355 - return error; 356 340 } 357 341 358 342 xfs_init_local_fork(ip, whichfork, XFS_DFORK_PTR(dip, whichfork), size); ··· 867 867 * In these cases, the format always takes precedence, because the 868 868 * format indicates the current state of the fork. 869 869 */ 870 - int 870 + void 871 871 xfs_iflush_fork( 872 872 xfs_inode_t *ip, 873 873 xfs_dinode_t *dip, ··· 877 877 char *cp; 878 878 xfs_ifork_t *ifp; 879 879 xfs_mount_t *mp; 880 - int error; 881 880 static const short brootflag[2] = 882 881 { XFS_ILOG_DBROOT, XFS_ILOG_ABROOT }; 883 882 static const short dataflag[2] = ··· 885 886 { XFS_ILOG_DEXT, XFS_ILOG_AEXT }; 886 887 887 888 if (!iip) 888 - return 0; 889 + return; 889 890 ifp = XFS_IFORK_PTR(ip, whichfork); 890 891 /* 891 892 * This can happen if we gave up in iformat in an error path, ··· 893 894 */ 894 895 if (!ifp) { 895 896 ASSERT(whichfork == XFS_ATTR_FORK); 896 - return 0; 897 + return; 897 898 } 898 899 cp = XFS_DFORK_PTR(dip, whichfork); 899 900 mp = ip->i_mount; 900 901 switch (XFS_IFORK_FORMAT(ip, whichfork)) { 901 902 case XFS_DINODE_FMT_LOCAL: 902 - if (S_ISDIR(VFS_I(ip)->i_mode) && whichfork == XFS_DATA_FORK) { 903 - error = xfs_dir2_sf_verify(mp, 904 - (struct xfs_dir2_sf_hdr *)ifp->if_u1.if_data, 905 - ifp->if_bytes); 906 - if (error) 907 - return error; 908 - } 909 903 if ((iip->ili_fields & dataflag[whichfork]) && 910 904 (ifp->if_bytes > 0)) { 911 905 ASSERT(ifp->if_u1.if_data != NULL); ··· 951 959 ASSERT(0); 952 960 break; 953 961 } 954 - return 0; 955 962 } 956 963 957 964 /*

+1 -1

fs/xfs/libxfs/xfs_inode_fork.h

··· 140 140 struct xfs_ifork *xfs_iext_state_to_fork(struct xfs_inode *ip, int state); 141 141 142 142 int xfs_iformat_fork(struct xfs_inode *, struct xfs_dinode *); 143 - int xfs_iflush_fork(struct xfs_inode *, struct xfs_dinode *, 143 + void xfs_iflush_fork(struct xfs_inode *, struct xfs_dinode *, 144 144 struct xfs_inode_log_item *, int); 145 145 void xfs_idestroy_fork(struct xfs_inode *, int); 146 146 void xfs_idata_realloc(struct xfs_inode *, int, int);

+9 -1

fs/xfs/xfs_bmap_util.c

··· 1311 1311 /* 1312 1312 * Now that we've unmap all full blocks we'll have to zero out any 1313 1313 * partial block at the beginning and/or end. xfs_zero_range is 1314 - * smart enough to skip any holes, including those we just created. 1314 + * smart enough to skip any holes, including those we just created, 1315 + * but we must take care not to zero beyond EOF and enlarge i_size. 1315 1316 */ 1317 + 1318 + if (offset >= XFS_ISIZE(ip)) 1319 + return 0; 1320 + 1321 + if (offset + len > XFS_ISIZE(ip)) 1322 + len = XFS_ISIZE(ip) - offset; 1323 + 1316 1324 return xfs_zero_range(ip, offset, len, NULL); 1317 1325 } 1318 1326

+10 -9

fs/xfs/xfs_inode.c

··· 50 50 #include "xfs_log.h" 51 51 #include "xfs_bmap_btree.h" 52 52 #include "xfs_reflink.h" 53 + #include "xfs_dir2_priv.h" 53 54 54 55 kmem_zone_t *xfs_inode_zone; 55 56 ··· 3476 3475 struct xfs_inode_log_item *iip = ip->i_itemp; 3477 3476 struct xfs_dinode *dip; 3478 3477 struct xfs_mount *mp = ip->i_mount; 3479 - int error; 3480 3478 3481 3479 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED)); 3482 3480 ASSERT(xfs_isiflocked(ip)); ··· 3547 3547 if (ip->i_d.di_version < 3) 3548 3548 ip->i_d.di_flushiter++; 3549 3549 3550 + /* Check the inline directory data. */ 3551 + if (S_ISDIR(VFS_I(ip)->i_mode) && 3552 + ip->i_d.di_format == XFS_DINODE_FMT_LOCAL && 3553 + xfs_dir2_sf_verify(ip)) 3554 + goto corrupt_out; 3555 + 3550 3556 /* 3551 3557 * Copy the dirty parts of the inode into the on-disk inode. We always 3552 3558 * copy out the core of the inode, because if the inode is dirty at all ··· 3564 3558 if (ip->i_d.di_flushiter == DI_MAX_FLUSH) 3565 3559 ip->i_d.di_flushiter = 0; 3566 3560 3567 - error = xfs_iflush_fork(ip, dip, iip, XFS_DATA_FORK); 3568 - if (error) 3569 - return error; 3570 - if (XFS_IFORK_Q(ip)) { 3571 - error = xfs_iflush_fork(ip, dip, iip, XFS_ATTR_FORK); 3572 - if (error) 3573 - return error; 3574 - } 3561 + xfs_iflush_fork(ip, dip, iip, XFS_DATA_FORK); 3562 + if (XFS_IFORK_Q(ip)) 3563 + xfs_iflush_fork(ip, dip, iip, XFS_ATTR_FORK); 3575 3564 xfs_inobp_check(mp, bp); 3576 3565 3577 3566 /*

+14

fs/xfs/xfs_iops.c

··· 516 516 stat->blocks = 517 517 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 518 518 519 + if (ip->i_d.di_version == 3) { 520 + if (request_mask & STATX_BTIME) { 521 + stat->result_mask |= STATX_BTIME; 522 + stat->btime.tv_sec = ip->i_d.di_crtime.t_sec; 523 + stat->btime.tv_nsec = ip->i_d.di_crtime.t_nsec; 524 + } 525 + } 526 + 527 + if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 528 + stat->attributes |= STATX_ATTR_IMMUTABLE; 529 + if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 530 + stat->attributes |= STATX_ATTR_APPEND; 531 + if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 532 + stat->attributes |= STATX_ATTR_NODUMP; 519 533 520 534 switch (inode->i_mode & S_IFMT) { 521 535 case S_IFBLK:

+1 -1

fs/xfs/xfs_itable.c

··· 583 583 return error; 584 584 585 585 bcount = MIN(left, (int)(PAGE_SIZE / sizeof(*buffer))); 586 - buffer = kmem_alloc(bcount * sizeof(*buffer), KM_SLEEP); 586 + buffer = kmem_zalloc(bcount * sizeof(*buffer), KM_SLEEP); 587 587 do { 588 588 struct xfs_inobt_rec_incore r; 589 589 int stat;

+3 -3

include/asm-generic/sections.h

··· 14 14 * [_sdata, _edata]: contains .data.* sections, may also contain .rodata.* 15 15 * and/or .init.* sections. 16 16 * [__start_rodata, __end_rodata]: contains .rodata.* sections 17 - * [__start_data_ro_after_init, __end_data_ro_after_init]: 18 - * contains data.ro_after_init section 17 + * [__start_ro_after_init, __end_ro_after_init]: 18 + * contains .data..ro_after_init section 19 19 * [__init_begin, __init_end]: contains .init.* sections, but .init.text.* 20 20 * may be out of this range on some architectures. 21 21 * [_sinittext, _einittext]: contains .init.text.* sections ··· 33 33 extern char __bss_start[], __bss_stop[]; 34 34 extern char __init_begin[], __init_end[]; 35 35 extern char _sinittext[], _einittext[]; 36 - extern char __start_data_ro_after_init[], __end_data_ro_after_init[]; 36 + extern char __start_ro_after_init[], __end_ro_after_init[]; 37 37 extern char _end[]; 38 38 extern char __per_cpu_load[], __per_cpu_start[], __per_cpu_end[]; 39 39 extern char __kprobes_text_start[], __kprobes_text_end[];

+4 -2

include/asm-generic/vmlinux.lds.h

··· 173 173 KEEP(*(__##name##_of_table_end)) 174 174 175 175 #define CLKSRC_OF_TABLES() OF_TABLE(CONFIG_CLKSRC_OF, clksrc) 176 + #define CLKEVT_OF_TABLES() OF_TABLE(CONFIG_CLKEVT_OF, clkevt) 176 177 #define IRQCHIP_OF_MATCH_TABLE() OF_TABLE(CONFIG_IRQCHIP, irqchip) 177 178 #define CLK_OF_TABLES() OF_TABLE(CONFIG_COMMON_CLK, clk) 178 179 #define IOMMU_OF_TABLES() OF_TABLE(CONFIG_OF_IOMMU, iommu) ··· 261 260 */ 262 261 #ifndef RO_AFTER_INIT_DATA 263 262 #define RO_AFTER_INIT_DATA \ 264 - __start_data_ro_after_init = .; \ 263 + VMLINUX_SYMBOL(__start_ro_after_init) = .; \ 265 264 *(.data..ro_after_init) \ 266 - __end_data_ro_after_init = .; 265 + VMLINUX_SYMBOL(__end_ro_after_init) = .; 267 266 #endif 268 267 269 268 /* ··· 560 559 CLK_OF_TABLES() \ 561 560 RESERVEDMEM_OF_TABLES() \ 562 561 CLKSRC_OF_TABLES() \ 562 + CLKEVT_OF_TABLES() \ 563 563 IOMMU_OF_TABLES() \ 564 564 CPU_METHOD_OF_TABLES() \ 565 565 CPUIDLE_METHOD_OF_TABLES() \

+4 -1

include/drm/ttm/ttm_object.h

··· 229 229 * @ref_type: The type of reference. 230 230 * @existed: Upon completion, indicates that an identical reference object 231 231 * already existed, and the refcount was upped on that object instead. 232 + * @require_existed: Fail with -EPERM if an identical ref object didn't 233 + * already exist. 232 234 * 233 235 * Checks that the base object is shareable and adds a ref object to it. 234 236 * ··· 245 243 */ 246 244 extern int ttm_ref_object_add(struct ttm_object_file *tfile, 247 245 struct ttm_base_object *base, 248 - enum ttm_ref_type ref_type, bool *existed); 246 + enum ttm_ref_type ref_type, bool *existed, 247 + bool require_existed); 249 248 250 249 extern bool ttm_ref_object_exists(struct ttm_object_file *tfile, 251 250 struct ttm_base_object *base);

+1

include/kvm/arm_vgic.h

··· 295 295 void kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu); 296 296 int kvm_vgic_map_resources(struct kvm *kvm); 297 297 int kvm_vgic_hyp_init(void); 298 + void kvm_vgic_init_cpu_hardware(void); 298 299 299 300 int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int intid, 300 301 bool level);

+2

include/linux/blk-mq.h

··· 51 51 52 52 atomic_t nr_active; 53 53 54 + struct delayed_work delayed_run_work; 54 55 struct delayed_work delay_work; 55 56 56 57 struct hlist_node cpuhp_dead; ··· 239 238 void blk_mq_start_hw_queues(struct request_queue *q); 240 239 void blk_mq_start_stopped_hw_queue(struct blk_mq_hw_ctx *hctx, bool async); 241 240 void blk_mq_start_stopped_hw_queues(struct request_queue *q, bool async); 241 + void blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *hctx, unsigned long msecs); 242 242 void blk_mq_run_hw_queues(struct request_queue *q, bool async); 243 243 void blk_mq_delay_queue(struct blk_mq_hw_ctx *hctx, unsigned long msecs); 244 244 void blk_mq_tagset_busy_iter(struct blk_mq_tag_set *tagset,

-1

include/linux/blkdev.h

··· 610 610 #define QUEUE_FLAG_FLUSH_NQ 25 /* flush not queueuable */ 611 611 #define QUEUE_FLAG_DAX 26 /* device supports DAX */ 612 612 #define QUEUE_FLAG_STATS 27 /* track rq completion times */ 613 - #define QUEUE_FLAG_RESTART 28 /* queue needs restart at completion */ 614 613 615 614 #define QUEUE_FLAG_DEFAULT ((1 << QUEUE_FLAG_IO_STAT) | \ 616 615 (1 << QUEUE_FLAG_STACKABLE) | \

+1 -1

include/linux/clockchips.h

··· 229 229 230 230 #ifdef CONFIG_CLKEVT_PROBE 231 231 extern int clockevent_probe(void); 232 - #els 232 + #else 233 233 static inline int clockevent_probe(void) { return 0; } 234 234 #endif 235 235

+1 -1

include/linux/elevator.h

··· 211 211 extern ssize_t elv_iosched_store(struct request_queue *, const char *, size_t); 212 212 213 213 extern int elevator_init(struct request_queue *, char *); 214 - extern void elevator_exit(struct elevator_queue *); 214 + extern void elevator_exit(struct request_queue *, struct elevator_queue *); 215 215 extern int elevator_change(struct request_queue *, const char *); 216 216 extern bool elv_bio_merge_ok(struct request *, struct bio *); 217 217 extern struct elevator_queue *elevator_alloc(struct request_queue *,

+3

include/linux/irqchip/arm-gic.h

··· 96 96 #define GICH_MISR_EOI (1 << 0) 97 97 #define GICH_MISR_U (1 << 1) 98 98 99 + #define GICV_PMR_PRIORITY_SHIFT 3 100 + #define GICV_PMR_PRIORITY_MASK (0x1f << GICV_PMR_PRIORITY_SHIFT) 101 + 99 102 #ifndef __ASSEMBLY__ 100 103 101 104 #include <linux/irqdomain.h>

+3

include/linux/kasan.h

··· 76 76 static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); } 77 77 size_t kasan_metadata_size(struct kmem_cache *cache); 78 78 79 + bool kasan_save_enable_multi_shot(void); 80 + void kasan_restore_multi_shot(bool enabled); 81 + 79 82 #else /* CONFIG_KASAN */ 80 83 81 84 static inline void kasan_unpoison_shadow(const void *address, size_t size) {}

+6

include/linux/memcontrol.h

··· 740 740 return false; 741 741 } 742 742 743 + static inline void mem_cgroup_update_page_stat(struct page *page, 744 + enum mem_cgroup_stat_index idx, 745 + int nr) 746 + { 747 + } 748 + 743 749 static inline void mem_cgroup_inc_page_stat(struct page *page, 744 750 enum mem_cgroup_stat_index idx) 745 751 {

+2 -1

include/linux/mfd/cros_ec.h

··· 35 35 * Max bus-specific overhead incurred by request/responses. 36 36 * I2C requires 1 additional byte for requests. 37 37 * I2C requires 2 additional bytes for responses. 38 + * SPI requires up to 32 additional bytes for responses. 38 39 * */ 39 40 #define EC_PROTO_VERSION_UNKNOWN 0 40 41 #define EC_MAX_REQUEST_OVERHEAD 1 41 - #define EC_MAX_RESPONSE_OVERHEAD 2 42 + #define EC_MAX_RESPONSE_OVERHEAD 32 42 43 43 44 /* 44 45 * Command interface between EC and AP, for LPC, I2C and SPI interfaces.

+2

include/linux/mm.h

··· 32 32 struct writeback_control; 33 33 struct bdi_writeback; 34 34 35 + void init_mm_internals(void); 36 + 35 37 #ifndef CONFIG_NEED_MULTIPLE_NODES /* Don't use mapnrs, do it properly */ 36 38 extern unsigned long max_mapnr; 37 39

+8 -8

include/linux/nvme.h

··· 64 64 * RDMA_QPTYPE field 65 65 */ 66 66 enum { 67 - NVMF_RDMA_QPTYPE_CONNECTED = 0, /* Reliable Connected */ 68 - NVMF_RDMA_QPTYPE_DATAGRAM = 1, /* Reliable Datagram */ 67 + NVMF_RDMA_QPTYPE_CONNECTED = 1, /* Reliable Connected */ 68 + NVMF_RDMA_QPTYPE_DATAGRAM = 2, /* Reliable Datagram */ 69 69 }; 70 70 71 71 /* RDMA QP Service Type codes for Discovery Log Page entry TSAS 72 72 * RDMA_QPTYPE field 73 73 */ 74 74 enum { 75 - NVMF_RDMA_PRTYPE_NOT_SPECIFIED = 0, /* No Provider Specified */ 76 - NVMF_RDMA_PRTYPE_IB = 1, /* InfiniBand */ 77 - NVMF_RDMA_PRTYPE_ROCE = 2, /* InfiniBand RoCE */ 78 - NVMF_RDMA_PRTYPE_ROCEV2 = 3, /* InfiniBand RoCEV2 */ 79 - NVMF_RDMA_PRTYPE_IWARP = 4, /* IWARP */ 75 + NVMF_RDMA_PRTYPE_NOT_SPECIFIED = 1, /* No Provider Specified */ 76 + NVMF_RDMA_PRTYPE_IB = 2, /* InfiniBand */ 77 + NVMF_RDMA_PRTYPE_ROCE = 3, /* InfiniBand RoCE */ 78 + NVMF_RDMA_PRTYPE_ROCEV2 = 4, /* InfiniBand RoCEV2 */ 79 + NVMF_RDMA_PRTYPE_IWARP = 5, /* IWARP */ 80 80 }; 81 81 82 82 /* RDMA Connection Management Service Type codes for Discovery Log Page 83 83 * entry TSAS RDMA_CMS field 84 84 */ 85 85 enum { 86 - NVMF_RDMA_CMS_RDMA_CM = 0, /* Sockets based enpoint addressing */ 86 + NVMF_RDMA_CMS_RDMA_CM = 1, /* Sockets based endpoint addressing */ 87 87 }; 88 88 89 89 #define NVMF_AQ_DEPTH 32

+2 -1

include/linux/pinctrl/pinctrl.h

··· 145 145 extern int pinctrl_register_and_init(struct pinctrl_desc *pctldesc, 146 146 struct device *dev, void *driver_data, 147 147 struct pinctrl_dev **pctldev); 148 + extern int pinctrl_enable(struct pinctrl_dev *pctldev); 148 149 149 - /* Please use pinctrl_register_and_init() instead */ 150 + /* Please use pinctrl_register_and_init() and pinctrl_enable() instead */ 150 151 extern struct pinctrl_dev *pinctrl_register(struct pinctrl_desc *pctldesc, 151 152 struct device *dev, void *driver_data); 152 153

+7 -6

include/linux/sched/clock.h

··· 54 54 } 55 55 #else 56 56 extern void sched_clock_init_late(void); 57 - /* 58 - * Architectures can set this to 1 if they have specified 59 - * CONFIG_HAVE_UNSTABLE_SCHED_CLOCK in their arch Kconfig, 60 - * but then during bootup it turns out that sched_clock() 61 - * is reliable after all: 62 - */ 63 57 extern int sched_clock_stable(void); 64 58 extern void clear_sched_clock_stable(void); 59 + 60 + /* 61 + * When sched_clock_stable(), __sched_clock_offset provides the offset 62 + * between local_clock() and sched_clock(). 63 + */ 64 + extern u64 __sched_clock_offset; 65 + 65 66 66 67 extern void sched_clock_tick(void); 67 68 extern void sched_clock_idle_sleep_event(void);

+1

include/linux/stat.h

··· 26 26 unsigned int nlink; 27 27 uint32_t blksize; /* Preferred I/O size */ 28 28 u64 attributes; 29 + u64 attributes_mask; 29 30 #define KSTAT_ATTR_FS_IOC_FLAGS \ 30 31 (STATX_ATTR_COMPRESSED | \ 31 32 STATX_ATTR_IMMUTABLE | \

+16 -6

include/net/sctp/sctp.h

··· 448 448 return frag; 449 449 } 450 450 451 - static inline void sctp_assoc_pending_pmtu(struct sock *sk, struct sctp_association *asoc) 451 + static inline void sctp_assoc_pending_pmtu(struct sctp_association *asoc) 452 452 { 453 - 454 - sctp_assoc_sync_pmtu(sk, asoc); 453 + sctp_assoc_sync_pmtu(asoc); 455 454 asoc->pmtu_pending = 0; 456 455 } 457 456 ··· 595 596 */ 596 597 static inline struct dst_entry *sctp_transport_dst_check(struct sctp_transport *t) 597 598 { 598 - if (t->dst && (!dst_check(t->dst, t->dst_cookie) || 599 - t->pathmtu != max_t(size_t, SCTP_TRUNC4(dst_mtu(t->dst)), 600 - SCTP_DEFAULT_MINSEGMENT))) 599 + if (t->dst && !dst_check(t->dst, t->dst_cookie)) 601 600 sctp_transport_dst_release(t); 602 601 603 602 return t->dst; 603 + } 604 + 605 + static inline bool sctp_transport_pmtu_check(struct sctp_transport *t) 606 + { 607 + __u32 pmtu = max_t(size_t, SCTP_TRUNC4(dst_mtu(t->dst)), 608 + SCTP_DEFAULT_MINSEGMENT); 609 + 610 + if (t->pathmtu == pmtu) 611 + return true; 612 + 613 + t->pathmtu = pmtu; 614 + 615 + return false; 604 616 } 605 617 606 618 #endif /* __net_sctp_h__ */

+6 -5

include/net/sctp/structs.h

··· 377 377 __u64 hb_nonce; 378 378 } sctp_sender_hb_info_t; 379 379 380 - struct sctp_stream *sctp_stream_new(__u16 incnt, __u16 outcnt, gfp_t gfp); 380 + int sctp_stream_new(struct sctp_association *asoc, gfp_t gfp); 381 + int sctp_stream_init(struct sctp_association *asoc, gfp_t gfp); 381 382 void sctp_stream_free(struct sctp_stream *stream); 382 383 void sctp_stream_clear(struct sctp_stream *stream); 383 384 ··· 500 499 /* Did the messenge fail to send? */ 501 500 int send_error; 502 501 u8 send_failed:1, 503 - force_delay:1, 504 502 can_delay; /* should this message be Nagle delayed */ 505 503 }; 506 504 ··· 952 952 void sctp_transport_burst_limited(struct sctp_transport *); 953 953 void sctp_transport_burst_reset(struct sctp_transport *); 954 954 unsigned long sctp_transport_timeout(struct sctp_transport *); 955 - void sctp_transport_reset(struct sctp_transport *); 956 - void sctp_transport_update_pmtu(struct sock *, struct sctp_transport *, u32); 955 + void sctp_transport_reset(struct sctp_transport *t); 956 + void sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu); 957 957 void sctp_transport_immediate_rtx(struct sctp_transport *); 958 958 void sctp_transport_dst_release(struct sctp_transport *t); 959 959 void sctp_transport_dst_confirm(struct sctp_transport *t); ··· 1878 1878 1879 1879 __u8 need_ecne:1, /* Need to send an ECNE Chunk? */ 1880 1880 temp:1, /* Is it a temporary association? */ 1881 + force_delay:1, 1881 1882 prsctp_enable:1, 1882 1883 reconf_enable:1; 1883 1884 ··· 1954 1953 1955 1954 __u32 sctp_association_get_next_tsn(struct sctp_association *); 1956 1955 1957 - void sctp_assoc_sync_pmtu(struct sock *, struct sctp_association *); 1956 + void sctp_assoc_sync_pmtu(struct sctp_association *asoc); 1958 1957 void sctp_assoc_rwnd_increase(struct sctp_association *, unsigned int); 1959 1958 void sctp_assoc_rwnd_decrease(struct sctp_association *, unsigned int); 1960 1959 void sctp_assoc_set_primary(struct sctp_association *,

+3 -2

include/uapi/linux/stat.h

··· 114 114 __u64 stx_ino; /* Inode number */ 115 115 __u64 stx_size; /* File size */ 116 116 __u64 stx_blocks; /* Number of 512-byte blocks allocated */ 117 - __u64 __spare1[1]; 117 + __u64 stx_attributes_mask; /* Mask to show what's supported in stx_attributes */ 118 118 /* 0x40 */ 119 119 struct statx_timestamp stx_atime; /* Last access time */ 120 120 struct statx_timestamp stx_btime; /* File creation time */ ··· 152 152 #define STATX_BASIC_STATS 0x000007ffU /* The stuff in the normal stat struct */ 153 153 #define STATX_BTIME 0x00000800U /* Want/got stx_btime */ 154 154 #define STATX_ALL 0x00000fffU /* All currently supported flags */ 155 + #define STATX__RESERVED 0x80000000U /* Reserved for future struct statx expansion */ 155 156 156 157 /* 157 - * Attributes to be found in stx_attributes 158 + * Attributes to be found in stx_attributes and masked in stx_attributes_mask. 158 159 * 159 160 * These give information about the features or the state of a file that might 160 161 * be of use to ordinary userspace programs such as GUIs or ls rather than

+2

init/main.c

··· 1022 1022 1023 1023 workqueue_init(); 1024 1024 1025 + init_mm_internals(); 1026 + 1025 1027 do_pre_smp_initcalls(); 1026 1028 lockup_detector_init(); 1027 1029

+1 -7

kernel/audit.h

··· 333 333 extern int audit_filter(int msgtype, unsigned int listtype); 334 334 335 335 #ifdef CONFIG_AUDITSYSCALL 336 - extern int __audit_signal_info(int sig, struct task_struct *t); 337 - static inline int audit_signal_info(int sig, struct task_struct *t) 338 - { 339 - if (auditd_test_task(t) || (audit_signals && !audit_dummy_context())) 340 - return __audit_signal_info(sig, t); 341 - return 0; 342 - } 336 + extern int audit_signal_info(int sig, struct task_struct *t); 343 337 extern void audit_filter_inodes(struct task_struct *, struct audit_context *); 344 338 extern struct list_head *audit_killed_trees(void); 345 339 #else

+13 -12

kernel/auditsc.c

··· 2249 2249 * If the audit subsystem is being terminated, record the task (pid) 2250 2250 * and uid that is doing that. 2251 2251 */ 2252 - int __audit_signal_info(int sig, struct task_struct *t) 2252 + int audit_signal_info(int sig, struct task_struct *t) 2253 2253 { 2254 2254 struct audit_aux_data_pids *axp; 2255 2255 struct task_struct *tsk = current; 2256 2256 struct audit_context *ctx = tsk->audit_context; 2257 2257 kuid_t uid = current_uid(), t_uid = task_uid(t); 2258 2258 2259 - if (auditd_test_task(t)) { 2260 - if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { 2261 - audit_sig_pid = task_tgid_nr(tsk); 2262 - if (uid_valid(tsk->loginuid)) 2263 - audit_sig_uid = tsk->loginuid; 2264 - else 2265 - audit_sig_uid = uid; 2266 - security_task_getsecid(tsk, &audit_sig_sid); 2267 - } 2268 - if (!audit_signals || audit_dummy_context()) 2269 - return 0; 2259 + if (auditd_test_task(t) && 2260 + (sig == SIGTERM || sig == SIGHUP || 2261 + sig == SIGUSR1 || sig == SIGUSR2)) { 2262 + audit_sig_pid = task_tgid_nr(tsk); 2263 + if (uid_valid(tsk->loginuid)) 2264 + audit_sig_uid = tsk->loginuid; 2265 + else 2266 + audit_sig_uid = uid; 2267 + security_task_getsecid(tsk, &audit_sig_sid); 2270 2268 } 2269 + 2270 + if (!audit_signals || audit_dummy_context()) 2271 + return 0; 2271 2272 2272 2273 /* optimize the common case by putting first signal recipient directly 2273 2274 * in audit_context */

+42 -22

kernel/bpf/verifier.c

··· 765 765 } 766 766 } 767 767 768 - static int check_ptr_alignment(struct bpf_verifier_env *env, 769 - struct bpf_reg_state *reg, int off, int size) 768 + static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg, 769 + int off, int size) 770 770 { 771 - if (reg->type != PTR_TO_PACKET && reg->type != PTR_TO_MAP_VALUE_ADJ) { 772 - if (off % size != 0) { 773 - verbose("misaligned access off %d size %d\n", 774 - off, size); 775 - return -EACCES; 776 - } else { 777 - return 0; 778 - } 779 - } 780 - 781 - if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)) 782 - /* misaligned access to packet is ok on x86,arm,arm64 */ 783 - return 0; 784 - 785 771 if (reg->id && size != 1) { 786 - verbose("Unknown packet alignment. Only byte-sized access allowed\n"); 772 + verbose("Unknown alignment. Only byte-sized access allowed in packet access.\n"); 787 773 return -EACCES; 788 774 } 789 775 790 776 /* skb->data is NET_IP_ALIGN-ed */ 791 - if (reg->type == PTR_TO_PACKET && 792 - (NET_IP_ALIGN + reg->off + off) % size != 0) { 777 + if ((NET_IP_ALIGN + reg->off + off) % size != 0) { 793 778 verbose("misaligned packet access off %d+%d+%d size %d\n", 794 779 NET_IP_ALIGN, reg->off, off, size); 795 780 return -EACCES; 796 781 } 782 + 797 783 return 0; 784 + } 785 + 786 + static int check_val_ptr_alignment(const struct bpf_reg_state *reg, 787 + int size) 788 + { 789 + if (size != 1) { 790 + verbose("Unknown alignment. Only byte-sized access allowed in value access.\n"); 791 + return -EACCES; 792 + } 793 + 794 + return 0; 795 + } 796 + 797 + static int check_ptr_alignment(const struct bpf_reg_state *reg, 798 + int off, int size) 799 + { 800 + switch (reg->type) { 801 + case PTR_TO_PACKET: 802 + return IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) ? 0 : 803 + check_pkt_ptr_alignment(reg, off, size); 804 + case PTR_TO_MAP_VALUE_ADJ: 805 + return IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) ? 0 : 806 + check_val_ptr_alignment(reg, size); 807 + default: 808 + if (off % size != 0) { 809 + verbose("misaligned access off %d size %d\n", 810 + off, size); 811 + return -EACCES; 812 + } 813 + 814 + return 0; 815 + } 798 816 } 799 817 800 818 /* check whether memory at (regno + off) is accessible for t = (read | write) ··· 836 818 if (size < 0) 837 819 return size; 838 820 839 - err = check_ptr_alignment(env, reg, off, size); 821 + err = check_ptr_alignment(reg, off, size); 840 822 if (err) 841 823 return err; 842 824 ··· 1943 1925 * register as unknown. 1944 1926 */ 1945 1927 if (env->allow_ptr_leaks && 1928 + BPF_CLASS(insn->code) == BPF_ALU64 && opcode == BPF_ADD && 1946 1929 (dst_reg->type == PTR_TO_MAP_VALUE || 1947 1930 dst_reg->type == PTR_TO_MAP_VALUE_ADJ)) 1948 1931 dst_reg->type = PTR_TO_MAP_VALUE_ADJ; ··· 1992 1973 1993 1974 for (i = 0; i < MAX_BPF_REG; i++) 1994 1975 if (regs[i].type == PTR_TO_PACKET && regs[i].id == dst_reg->id) 1995 - regs[i].range = dst_reg->off; 1976 + /* keep the maximum range already checked */ 1977 + regs[i].range = max(regs[i].range, dst_reg->off); 1996 1978 1997 1979 for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) { 1998 1980 if (state->stack_slot_type[i] != STACK_SPILL) 1999 1981 continue; 2000 1982 reg = &state->spilled_regs[i / BPF_REG_SIZE]; 2001 1983 if (reg->type == PTR_TO_PACKET && reg->id == dst_reg->id) 2002 - reg->range = dst_reg->off; 1984 + reg->range = max(reg->range, dst_reg->off); 2003 1985 } 2004 1986 } 2005 1987

+3 -2

kernel/padata.c

··· 186 186 187 187 reorder = &next_queue->reorder; 188 188 189 + spin_lock(&reorder->lock); 189 190 if (!list_empty(&reorder->list)) { 190 191 padata = list_entry(reorder->list.next, 191 192 struct padata_priv, list); 192 193 193 - spin_lock(&reorder->lock); 194 194 list_del_init(&padata->list); 195 195 atomic_dec(&pd->reorder_objects); 196 - spin_unlock(&reorder->lock); 197 196 198 197 pd->processed++; 199 198 199 + spin_unlock(&reorder->lock); 200 200 goto out; 201 201 } 202 + spin_unlock(&reorder->lock); 202 203 203 204 if (__this_cpu_read(pd->pqueue->cpu_index) == next_queue->cpu_index) { 204 205 padata = ERR_PTR(-ENODATA);

+10 -4

kernel/ptrace.c

··· 184 184 185 185 WARN_ON(!task->ptrace || task->parent != current); 186 186 187 + /* 188 + * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up remotely. 189 + * Recheck state under the lock to close this race. 190 + */ 187 191 spin_lock_irq(&task->sighand->siglock); 188 - if (__fatal_signal_pending(task)) 189 - wake_up_state(task, __TASK_TRACED); 190 - else 191 - task->state = TASK_TRACED; 192 + if (task->state == __TASK_TRACED) { 193 + if (__fatal_signal_pending(task)) 194 + wake_up_state(task, __TASK_TRACED); 195 + else 196 + task->state = TASK_TRACED; 197 + } 192 198 spin_unlock_irq(&task->sighand->siglock); 193 199 } 194 200

+27 -19

kernel/sched/clock.c

··· 96 96 static int __sched_clock_stable_early = 1; 97 97 98 98 /* 99 - * We want: ktime_get_ns() + gtod_offset == sched_clock() + raw_offset 99 + * We want: ktime_get_ns() + __gtod_offset == sched_clock() + __sched_clock_offset 100 100 */ 101 - static __read_mostly u64 raw_offset; 102 - static __read_mostly u64 gtod_offset; 101 + __read_mostly u64 __sched_clock_offset; 102 + static __read_mostly u64 __gtod_offset; 103 103 104 104 struct sched_clock_data { 105 105 u64 tick_raw; ··· 131 131 /* 132 132 * Attempt to make the (initial) unstable->stable transition continuous. 133 133 */ 134 - raw_offset = (scd->tick_gtod + gtod_offset) - (scd->tick_raw); 134 + __sched_clock_offset = (scd->tick_gtod + __gtod_offset) - (scd->tick_raw); 135 135 136 136 printk(KERN_INFO "sched_clock: Marking stable (%lld, %lld)->(%lld, %lld)\n", 137 - scd->tick_gtod, gtod_offset, 138 - scd->tick_raw, raw_offset); 137 + scd->tick_gtod, __gtod_offset, 138 + scd->tick_raw, __sched_clock_offset); 139 139 140 140 static_branch_enable(&__sched_clock_stable); 141 141 tick_dep_clear(TICK_DEP_BIT_CLOCK_UNSTABLE); 142 142 } 143 143 144 - static void __clear_sched_clock_stable(struct work_struct *work) 144 + static void __sched_clock_work(struct work_struct *work) 145 + { 146 + static_branch_disable(&__sched_clock_stable); 147 + } 148 + 149 + static DECLARE_WORK(sched_clock_work, __sched_clock_work); 150 + 151 + static void __clear_sched_clock_stable(void) 145 152 { 146 153 struct sched_clock_data *scd = this_scd(); 147 154 ··· 161 154 * 162 155 * Still do what we can. 163 156 */ 164 - gtod_offset = (scd->tick_raw + raw_offset) - (scd->tick_gtod); 157 + __gtod_offset = (scd->tick_raw + __sched_clock_offset) - (scd->tick_gtod); 165 158 166 159 printk(KERN_INFO "sched_clock: Marking unstable (%lld, %lld)<-(%lld, %lld)\n", 167 - scd->tick_gtod, gtod_offset, 168 - scd->tick_raw, raw_offset); 160 + scd->tick_gtod, __gtod_offset, 161 + scd->tick_raw, __sched_clock_offset); 169 162 170 - static_branch_disable(&__sched_clock_stable); 171 163 tick_dep_set(TICK_DEP_BIT_CLOCK_UNSTABLE); 172 - } 173 164 174 - static DECLARE_WORK(sched_clock_work, __clear_sched_clock_stable); 165 + if (sched_clock_stable()) 166 + schedule_work(&sched_clock_work); 167 + } 175 168 176 169 void clear_sched_clock_stable(void) 177 170 { ··· 180 173 smp_mb(); /* matches sched_clock_init_late() */ 181 174 182 175 if (sched_clock_running == 2) 183 - schedule_work(&sched_clock_work); 176 + __clear_sched_clock_stable(); 184 177 } 185 178 186 179 void sched_clock_init_late(void) ··· 221 214 */ 222 215 static u64 sched_clock_local(struct sched_clock_data *scd) 223 216 { 224 - u64 now, clock, old_clock, min_clock, max_clock; 217 + u64 now, clock, old_clock, min_clock, max_clock, gtod; 225 218 s64 delta; 226 219 227 220 again: ··· 238 231 * scd->tick_gtod + TICK_NSEC); 239 232 */ 240 233 241 - clock = scd->tick_gtod + gtod_offset + delta; 242 - min_clock = wrap_max(scd->tick_gtod, old_clock); 243 - max_clock = wrap_max(old_clock, scd->tick_gtod + TICK_NSEC); 234 + gtod = scd->tick_gtod + __gtod_offset; 235 + clock = gtod + delta; 236 + min_clock = wrap_max(gtod, old_clock); 237 + max_clock = wrap_max(old_clock, gtod + TICK_NSEC); 244 238 245 239 clock = wrap_max(clock, min_clock); 246 240 clock = wrap_min(clock, max_clock); ··· 325 317 u64 clock; 326 318 327 319 if (sched_clock_stable()) 328 - return sched_clock() + raw_offset; 320 + return sched_clock() + __sched_clock_offset; 329 321 330 322 if (unlikely(!sched_clock_running)) 331 323 return 0ull;

+3

kernel/sysctl.c

··· 2133 2133 if (write) { 2134 2134 if (*negp) 2135 2135 return -EINVAL; 2136 + if (*lvalp > UINT_MAX) 2137 + return -EINVAL; 2136 2138 *valp = *lvalp; 2137 2139 } else { 2138 2140 unsigned int val = *valp; 2141 + *negp = false; 2139 2142 *lvalp = (unsigned long)val; 2140 2143 } 2141 2144 return 0;

+4 -4

kernel/trace/ring_buffer.c

··· 4826 4826 rb_data[cpu].cnt = cpu; 4827 4827 rb_threads[cpu] = kthread_create(rb_test, &rb_data[cpu], 4828 4828 "rbtester/%d", cpu); 4829 - if (WARN_ON(!rb_threads[cpu])) { 4829 + if (WARN_ON(IS_ERR(rb_threads[cpu]))) { 4830 4830 pr_cont("FAILED\n"); 4831 - ret = -1; 4831 + ret = PTR_ERR(rb_threads[cpu]); 4832 4832 goto out_free; 4833 4833 } 4834 4834 ··· 4838 4838 4839 4839 /* Now create the rb hammer! */ 4840 4840 rb_hammer = kthread_run(rb_hammer_test, NULL, "rbhammer"); 4841 - if (WARN_ON(!rb_hammer)) { 4841 + if (WARN_ON(IS_ERR(rb_hammer))) { 4842 4842 pr_cont("FAILED\n"); 4843 - ret = -1; 4843 + ret = PTR_ERR(rb_hammer); 4844 4844 goto out_free; 4845 4845 } 4846 4846

+1

lib/syscall.c

··· 12 12 13 13 if (!try_get_task_stack(target)) { 14 14 /* Task has no stack, so the task isn't in a syscall. */ 15 + *sp = *pc = 0; 15 16 *callno = -1; 16 17 return 0; 17 18 }

+10

lib/test_kasan.c

··· 20 20 #include <linux/string.h> 21 21 #include <linux/uaccess.h> 22 22 #include <linux/module.h> 23 + #include <linux/kasan.h> 23 24 24 25 /* 25 26 * Note: test functions are marked noinline so that their names appear in ··· 475 474 476 475 static int __init kmalloc_tests_init(void) 477 476 { 477 + /* 478 + * Temporarily enable multi-shot mode. Otherwise, we'd only get a 479 + * report for the first case. 480 + */ 481 + bool multishot = kasan_save_enable_multi_shot(); 482 + 478 483 kmalloc_oob_right(); 479 484 kmalloc_oob_left(); 480 485 kmalloc_node_oob_right(); ··· 506 499 ksize_unpoisons_memory(); 507 500 copy_user_test(); 508 501 use_after_scope_test(); 502 + 503 + kasan_restore_multi_shot(multishot); 504 + 509 505 return -EAGAIN; 510 506 } 511 507

+6 -6

mm/huge_memory.c

··· 240 240 clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); 241 241 clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); 242 242 set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); 243 - } else if (!memcmp("defer", buf, 244 - min(sizeof("defer")-1, count))) { 245 - clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); 246 - clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); 247 - clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); 248 - set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); 249 243 } else if (!memcmp("defer+madvise", buf, 250 244 min(sizeof("defer+madvise")-1, count))) { 251 245 clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); 252 246 clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); 253 247 clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); 254 248 set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); 249 + } else if (!memcmp("defer", buf, 250 + min(sizeof("defer")-1, count))) { 251 + clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags); 252 + clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG, &transparent_hugepage_flags); 253 + clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_REQ_MADV_FLAG, &transparent_hugepage_flags); 254 + set_bit(TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_FLAG, &transparent_hugepage_flags); 255 255 } else if (!memcmp("madvise", buf, 256 256 min(sizeof("madvise")-1, count))) { 257 257 clear_bit(TRANSPARENT_HUGEPAGE_DEFRAG_DIRECT_FLAG, &transparent_hugepage_flags);

+7 -3

mm/hugetlb.c

··· 4403 4403 return 0; 4404 4404 out_err: 4405 4405 if (!vma || vma->vm_flags & VM_MAYSHARE) 4406 - region_abort(resv_map, from, to); 4406 + /* Don't call region_abort if region_chg failed */ 4407 + if (chg >= 0) 4408 + region_abort(resv_map, from, to); 4407 4409 if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER)) 4408 4410 kref_put(&resv_map->refs, resv_map_release); 4409 4411 return ret; ··· 4653 4651 { 4654 4652 struct page *page = NULL; 4655 4653 spinlock_t *ptl; 4654 + pte_t pte; 4656 4655 retry: 4657 4656 ptl = pmd_lockptr(mm, pmd); 4658 4657 spin_lock(ptl); ··· 4663 4660 */ 4664 4661 if (!pmd_huge(*pmd)) 4665 4662 goto out; 4666 - if (pmd_present(*pmd)) { 4663 + pte = huge_ptep_get((pte_t *)pmd); 4664 + if (pte_present(pte)) { 4667 4665 page = pmd_page(*pmd) + ((address & ~PMD_MASK) >> PAGE_SHIFT); 4668 4666 if (flags & FOLL_GET) 4669 4667 get_page(page); 4670 4668 } else { 4671 - if (is_hugetlb_entry_migration(huge_ptep_get((pte_t *)pmd))) { 4669 + if (is_hugetlb_entry_migration(pte)) { 4672 4670 spin_unlock(ptl); 4673 4671 __migration_entry_wait(mm, (pte_t *)pmd, ptl); 4674 4672 goto retry;

+7

mm/internal.h

··· 481 481 enum ttu_flags; 482 482 struct tlbflush_unmap_batch; 483 483 484 + 485 + /* 486 + * only for MM internal work items which do not depend on 487 + * any allocations or locks which might depend on allocations 488 + */ 489 + extern struct workqueue_struct *mm_percpu_wq; 490 + 484 491 #ifdef CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH 485 492 void try_to_unmap_flush(void); 486 493 void try_to_unmap_flush_dirty(void);

-5

mm/kasan/kasan.h

··· 96 96 << KASAN_SHADOW_SCALE_SHIFT); 97 97 } 98 98 99 - static inline bool kasan_report_enabled(void) 100 - { 101 - return !current->kasan_depth; 102 - } 103 - 104 99 void kasan_report(unsigned long addr, size_t size, 105 100 bool is_write, unsigned long ip); 106 101 void kasan_report_double_free(struct kmem_cache *cache, void *object,

+36

mm/kasan/report.c

··· 13 13 * 14 14 */ 15 15 16 + #include <linux/bitops.h> 16 17 #include <linux/ftrace.h> 18 + #include <linux/init.h> 17 19 #include <linux/kernel.h> 18 20 #include <linux/mm.h> 19 21 #include <linux/printk.h> ··· 293 291 } 294 292 295 293 kasan_end_report(&flags); 294 + } 295 + 296 + static unsigned long kasan_flags; 297 + 298 + #define KASAN_BIT_REPORTED 0 299 + #define KASAN_BIT_MULTI_SHOT 1 300 + 301 + bool kasan_save_enable_multi_shot(void) 302 + { 303 + return test_and_set_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags); 304 + } 305 + EXPORT_SYMBOL_GPL(kasan_save_enable_multi_shot); 306 + 307 + void kasan_restore_multi_shot(bool enabled) 308 + { 309 + if (!enabled) 310 + clear_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags); 311 + } 312 + EXPORT_SYMBOL_GPL(kasan_restore_multi_shot); 313 + 314 + static int __init kasan_set_multi_shot(char *str) 315 + { 316 + set_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags); 317 + return 1; 318 + } 319 + __setup("kasan_multi_shot", kasan_set_multi_shot); 320 + 321 + static inline bool kasan_report_enabled(void) 322 + { 323 + if (current->kasan_depth) 324 + return false; 325 + if (test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) 326 + return true; 327 + return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags); 296 328 } 297 329 298 330 void kasan_report(unsigned long addr, size_t size,

+1 -1

mm/kmemleak.c

··· 1416 1416 /* data/bss scanning */ 1417 1417 scan_large_block(_sdata, _edata); 1418 1418 scan_large_block(__bss_start, __bss_stop); 1419 - scan_large_block(__start_data_ro_after_init, __end_data_ro_after_init); 1419 + scan_large_block(__start_ro_after_init, __end_ro_after_init); 1420 1420 1421 1421 #ifdef CONFIG_SMP 1422 1422 /* per-cpu sections scanning */

+8 -12

mm/mempolicy.c

··· 1529 1529 COMPAT_SYSCALL_DEFINE3(set_mempolicy, int, mode, compat_ulong_t __user *, nmask, 1530 1530 compat_ulong_t, maxnode) 1531 1531 { 1532 - long err = 0; 1533 1532 unsigned long __user *nm = NULL; 1534 1533 unsigned long nr_bits, alloc_size; 1535 1534 DECLARE_BITMAP(bm, MAX_NUMNODES); ··· 1537 1538 alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; 1538 1539 1539 1540 if (nmask) { 1540 - err = compat_get_bitmap(bm, nmask, nr_bits); 1541 + if (compat_get_bitmap(bm, nmask, nr_bits)) 1542 + return -EFAULT; 1541 1543 nm = compat_alloc_user_space(alloc_size); 1542 - err |= copy_to_user(nm, bm, alloc_size); 1544 + if (copy_to_user(nm, bm, alloc_size)) 1545 + return -EFAULT; 1543 1546 } 1544 - 1545 - if (err) 1546 - return -EFAULT; 1547 1547 1548 1548 return sys_set_mempolicy(mode, nm, nr_bits+1); 1549 1549 } ··· 1551 1553 compat_ulong_t, mode, compat_ulong_t __user *, nmask, 1552 1554 compat_ulong_t, maxnode, compat_ulong_t, flags) 1553 1555 { 1554 - long err = 0; 1555 1556 unsigned long __user *nm = NULL; 1556 1557 unsigned long nr_bits, alloc_size; 1557 1558 nodemask_t bm; ··· 1559 1562 alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; 1560 1563 1561 1564 if (nmask) { 1562 - err = compat_get_bitmap(nodes_addr(bm), nmask, nr_bits); 1565 + if (compat_get_bitmap(nodes_addr(bm), nmask, nr_bits)) 1566 + return -EFAULT; 1563 1567 nm = compat_alloc_user_space(alloc_size); 1564 - err |= copy_to_user(nm, nodes_addr(bm), alloc_size); 1568 + if (copy_to_user(nm, nodes_addr(bm), alloc_size)) 1569 + return -EFAULT; 1565 1570 } 1566 - 1567 - if (err) 1568 - return -EFAULT; 1569 1571 1570 1572 return sys_mbind(start, len, mode, nm, nr_bits+1, flags); 1571 1573 }

+5 -2

mm/migrate.c

··· 209 209 210 210 VM_BUG_ON_PAGE(PageTail(page), page); 211 211 while (page_vma_mapped_walk(&pvmw)) { 212 - new = page - pvmw.page->index + 213 - linear_page_index(vma, pvmw.address); 212 + if (PageKsm(page)) 213 + new = page; 214 + else 215 + new = page - pvmw.page->index + 216 + linear_page_index(vma, pvmw.address); 214 217 215 218 get_page(new); 216 219 pte = pte_mkold(mk_pte(new, READ_ONCE(vma->vm_page_prot)));

+9 -2

mm/page_alloc.c

··· 2373 2373 */ 2374 2374 static cpumask_t cpus_with_pcps; 2375 2375 2376 + /* 2377 + * Make sure nobody triggers this path before mm_percpu_wq is fully 2378 + * initialized. 2379 + */ 2380 + if (WARN_ON_ONCE(!mm_percpu_wq)) 2381 + return; 2382 + 2376 2383 /* Workqueues cannot recurse */ 2377 2384 if (current->flags & PF_WQ_WORKER) 2378 2385 return; ··· 2429 2422 for_each_cpu(cpu, &cpus_with_pcps) { 2430 2423 struct work_struct *work = per_cpu_ptr(&pcpu_drain, cpu); 2431 2424 INIT_WORK(work, drain_local_pages_wq); 2432 - schedule_work_on(cpu, work); 2425 + queue_work_on(cpu, mm_percpu_wq, work); 2433 2426 } 2434 2427 for_each_cpu(cpu, &cpus_with_pcps) 2435 2428 flush_work(per_cpu_ptr(&pcpu_drain, cpu)); ··· 4526 4519 K(node_page_state(pgdat, NR_FILE_MAPPED)), 4527 4520 K(node_page_state(pgdat, NR_FILE_DIRTY)), 4528 4521 K(node_page_state(pgdat, NR_WRITEBACK)), 4522 + K(node_page_state(pgdat, NR_SHMEM)), 4529 4523 #ifdef CONFIG_TRANSPARENT_HUGEPAGE 4530 4524 K(node_page_state(pgdat, NR_SHMEM_THPS) * HPAGE_PMD_NR), 4531 4525 K(node_page_state(pgdat, NR_SHMEM_PMDMAPPED) 4532 4526 * HPAGE_PMD_NR), 4533 4527 K(node_page_state(pgdat, NR_ANON_THPS) * HPAGE_PMD_NR), 4534 4528 #endif 4535 - K(node_page_state(pgdat, NR_SHMEM)), 4536 4529 K(node_page_state(pgdat, NR_WRITEBACK_TEMP)), 4537 4530 K(node_page_state(pgdat, NR_UNSTABLE_NFS)), 4538 4531 node_page_state(pgdat, NR_PAGES_SCANNED),

+8 -7

mm/page_vma_mapped.c

··· 111 111 if (pvmw->pmd && !pvmw->pte) 112 112 return not_found(pvmw); 113 113 114 - /* Only for THP, seek to next pte entry makes sense */ 115 - if (pvmw->pte) { 116 - if (!PageTransHuge(pvmw->page) || PageHuge(pvmw->page)) 117 - return not_found(pvmw); 114 + if (pvmw->pte) 118 115 goto next_pte; 119 - } 120 116 121 117 if (unlikely(PageHuge(pvmw->page))) { 122 118 /* when pud is not present, pte will be NULL */ ··· 161 165 while (1) { 162 166 if (check_pte(pvmw)) 163 167 return true; 164 - next_pte: do { 168 + next_pte: 169 + /* Seek to next pte only makes sense for THP */ 170 + if (!PageTransHuge(pvmw->page) || PageHuge(pvmw->page)) 171 + return not_found(pvmw); 172 + do { 165 173 pvmw->address += PAGE_SIZE; 166 - if (pvmw->address >= 174 + if (pvmw->address >= pvmw->vma->vm_end || 175 + pvmw->address >= 167 176 __vma_address(pvmw->page, pvmw->vma) + 168 177 hpage_nr_pages(pvmw->page) * PAGE_SIZE) 169 178 return not_found(pvmw);

+2 -2

mm/rmap.c

··· 1159 1159 goto out; 1160 1160 } 1161 1161 __mod_node_page_state(page_pgdat(page), NR_FILE_MAPPED, nr); 1162 - mem_cgroup_inc_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED); 1162 + mem_cgroup_update_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED, nr); 1163 1163 out: 1164 1164 unlock_page_memcg(page); 1165 1165 } ··· 1199 1199 * pte lock(a spinlock) is held, which implies preemption disabled. 1200 1200 */ 1201 1201 __mod_node_page_state(page_pgdat(page), NR_FILE_MAPPED, -nr); 1202 - mem_cgroup_dec_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED); 1202 + mem_cgroup_update_page_stat(page, MEM_CGROUP_STAT_FILE_MAPPED, -nr); 1203 1203 1204 1204 if (unlikely(PageMlocked(page))) 1205 1205 clear_page_mlock(page);

+8 -19

mm/swap.c

··· 670 670 671 671 static DEFINE_PER_CPU(struct work_struct, lru_add_drain_work); 672 672 673 - /* 674 - * lru_add_drain_wq is used to do lru_add_drain_all() from a WQ_MEM_RECLAIM 675 - * workqueue, aiding in getting memory freed. 676 - */ 677 - static struct workqueue_struct *lru_add_drain_wq; 678 - 679 - static int __init lru_init(void) 680 - { 681 - lru_add_drain_wq = alloc_workqueue("lru-add-drain", WQ_MEM_RECLAIM, 0); 682 - 683 - if (WARN(!lru_add_drain_wq, 684 - "Failed to create workqueue lru_add_drain_wq")) 685 - return -ENOMEM; 686 - 687 - return 0; 688 - } 689 - early_initcall(lru_init); 690 - 691 673 void lru_add_drain_all(void) 692 674 { 693 675 static DEFINE_MUTEX(lock); 694 676 static struct cpumask has_work; 695 677 int cpu; 678 + 679 + /* 680 + * Make sure nobody triggers this path before mm_percpu_wq is fully 681 + * initialized. 682 + */ 683 + if (WARN_ON(!mm_percpu_wq)) 684 + return; 696 685 697 686 mutex_lock(&lock); 698 687 get_online_cpus(); ··· 696 707 pagevec_count(&per_cpu(lru_deactivate_pvecs, cpu)) || 697 708 need_activate_page_drain(cpu)) { 698 709 INIT_WORK(work, lru_add_drain_per_cpu); 699 - queue_work_on(cpu, lru_add_drain_wq, work); 710 + queue_work_on(cpu, mm_percpu_wq, work); 700 711 cpumask_set_cpu(cpu, &has_work); 701 712 } 702 713 }

+2

mm/swap_cgroup.c

··· 201 201 struct page *page = map[i]; 202 202 if (page) 203 203 __free_page(page); 204 + if (!(i % SWAP_CLUSTER_MAX)) 205 + cond_resched(); 204 206 } 205 207 vfree(map); 206 208 }

+11 -10

mm/vmstat.c

··· 1552 1552 #endif /* CONFIG_PROC_FS */ 1553 1553 1554 1554 #ifdef CONFIG_SMP 1555 - static struct workqueue_struct *vmstat_wq; 1556 1555 static DEFINE_PER_CPU(struct delayed_work, vmstat_work); 1557 1556 int sysctl_stat_interval __read_mostly = HZ; 1558 1557 ··· 1622 1623 * to occur in the future. Keep on running the 1623 1624 * update worker thread. 1624 1625 */ 1625 - queue_delayed_work_on(smp_processor_id(), vmstat_wq, 1626 + queue_delayed_work_on(smp_processor_id(), mm_percpu_wq, 1626 1627 this_cpu_ptr(&vmstat_work), 1627 1628 round_jiffies_relative(sysctl_stat_interval)); 1628 1629 } ··· 1701 1702 struct delayed_work *dw = &per_cpu(vmstat_work, cpu); 1702 1703 1703 1704 if (!delayed_work_pending(dw) && need_update(cpu)) 1704 - queue_delayed_work_on(cpu, vmstat_wq, dw, 0); 1705 + queue_delayed_work_on(cpu, mm_percpu_wq, dw, 0); 1705 1706 } 1706 1707 put_online_cpus(); 1707 1708 ··· 1717 1718 INIT_DEFERRABLE_WORK(per_cpu_ptr(&vmstat_work, cpu), 1718 1719 vmstat_update); 1719 1720 1720 - vmstat_wq = alloc_workqueue("vmstat", WQ_FREEZABLE|WQ_MEM_RECLAIM, 0); 1721 1721 schedule_delayed_work(&shepherd, 1722 1722 round_jiffies_relative(sysctl_stat_interval)); 1723 1723 } ··· 1762 1764 1763 1765 #endif 1764 1766 1765 - static int __init setup_vmstat(void) 1766 - { 1767 - #ifdef CONFIG_SMP 1768 - int ret; 1767 + struct workqueue_struct *mm_percpu_wq; 1769 1768 1769 + void __init init_mm_internals(void) 1770 + { 1771 + int ret __maybe_unused; 1772 + 1773 + mm_percpu_wq = alloc_workqueue("mm_percpu_wq", 1774 + WQ_FREEZABLE|WQ_MEM_RECLAIM, 0); 1775 + 1776 + #ifdef CONFIG_SMP 1770 1777 ret = cpuhp_setup_state_nocalls(CPUHP_MM_VMSTAT_DEAD, "mm/vmstat:dead", 1771 1778 NULL, vmstat_cpu_dead); 1772 1779 if (ret < 0) ··· 1795 1792 proc_create("vmstat", S_IRUGO, NULL, &proc_vmstat_file_operations); 1796 1793 proc_create("zoneinfo", S_IRUGO, NULL, &proc_zoneinfo_file_operations); 1797 1794 #endif 1798 - return 0; 1799 1795 } 1800 - module_init(setup_vmstat) 1801 1796 1802 1797 #if defined(CONFIG_DEBUG_FS) && defined(CONFIG_COMPACTION) 1803 1798

+1 -1

mm/workingset.c

··· 532 532 pr_info("workingset: timestamp_bits=%d max_order=%d bucket_order=%u\n", 533 533 timestamp_bits, max_order, bucket_order); 534 534 535 - ret = list_lru_init_key(&shadow_nodes, &shadow_nodes_key); 535 + ret = __list_lru_init(&shadow_nodes, true, &shadow_nodes_key); 536 536 if (ret) 537 537 goto err; 538 538 ret = register_shrinker(&workingset_shadow_shrinker);

+1 -1

net/core/flow_dissector.c

··· 390 390 unsigned char ar_tip[4]; 391 391 } *arp_eth, _arp_eth; 392 392 const struct arphdr *arp; 393 - struct arphdr *_arp; 393 + struct arphdr _arp; 394 394 395 395 arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data, 396 396 hlen, &_arp);

+2 -1

net/core/neighbour.c

··· 860 860 if (skb) 861 861 skb = skb_clone(skb, GFP_ATOMIC); 862 862 write_unlock(&neigh->lock); 863 - neigh->ops->solicit(neigh, skb); 863 + if (neigh->ops->solicit) 864 + neigh->ops->solicit(neigh, skb); 864 865 atomic_inc(&neigh->probes); 865 866 kfree_skb(skb); 866 867 }

+29 -2

net/core/secure_seq.c

··· 20 20 #include <net/tcp.h> 21 21 22 22 static siphash_key_t net_secret __read_mostly; 23 + static siphash_key_t ts_secret __read_mostly; 23 24 24 25 static __always_inline void net_secret_init(void) 25 26 { 27 + net_get_random_once(&ts_secret, sizeof(ts_secret)); 26 28 net_get_random_once(&net_secret, sizeof(net_secret)); 27 29 } 28 30 #endif ··· 47 45 #endif 48 46 49 47 #if IS_ENABLED(CONFIG_IPV6) 48 + static u32 secure_tcpv6_ts_off(const __be32 *saddr, const __be32 *daddr) 49 + { 50 + const struct { 51 + struct in6_addr saddr; 52 + struct in6_addr daddr; 53 + } __aligned(SIPHASH_ALIGNMENT) combined = { 54 + .saddr = *(struct in6_addr *)saddr, 55 + .daddr = *(struct in6_addr *)daddr, 56 + }; 57 + 58 + if (sysctl_tcp_timestamps != 1) 59 + return 0; 60 + 61 + return siphash(&combined, offsetofend(typeof(combined), daddr), 62 + &ts_secret); 63 + } 64 + 50 65 u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr, 51 66 __be16 sport, __be16 dport, u32 *tsoff) 52 67 { ··· 82 63 net_secret_init(); 83 64 hash = siphash(&combined, offsetofend(typeof(combined), dport), 84 65 &net_secret); 85 - *tsoff = sysctl_tcp_timestamps == 1 ? (hash >> 32) : 0; 66 + *tsoff = secure_tcpv6_ts_off(saddr, daddr); 86 67 return seq_scale(hash); 87 68 } 88 69 EXPORT_SYMBOL(secure_tcpv6_sequence_number); ··· 107 88 #endif 108 89 109 90 #ifdef CONFIG_INET 91 + static u32 secure_tcp_ts_off(__be32 saddr, __be32 daddr) 92 + { 93 + if (sysctl_tcp_timestamps != 1) 94 + return 0; 95 + 96 + return siphash_2u32((__force u32)saddr, (__force u32)daddr, 97 + &ts_secret); 98 + } 110 99 111 100 /* secure_tcp_sequence_number(a, b, 0, d) == secure_ipv4_port_ephemeral(a, b, d), 112 101 * but fortunately, `sport' cannot be 0 in any circumstances. If this changes, ··· 130 103 hash = siphash_3u32((__force u32)saddr, (__force u32)daddr, 131 104 (__force u32)sport << 16 | (__force u32)dport, 132 105 &net_secret); 133 - *tsoff = sysctl_tcp_timestamps == 1 ? (hash >> 32) : 0; 106 + *tsoff = secure_tcp_ts_off(saddr, daddr); 134 107 return seq_scale(hash); 135 108 } 136 109

+4 -2

net/core/sysctl_net_core.c

··· 408 408 .data = &sysctl_net_busy_poll, 409 409 .maxlen = sizeof(unsigned int), 410 410 .mode = 0644, 411 - .proc_handler = proc_dointvec 411 + .proc_handler = proc_dointvec_minmax, 412 + .extra1 = &zero, 412 413 }, 413 414 { 414 415 .procname = "busy_read", 415 416 .data = &sysctl_net_busy_read, 416 417 .maxlen = sizeof(unsigned int), 417 418 .mode = 0644, 418 - .proc_handler = proc_dointvec 419 + .proc_handler = proc_dointvec_minmax, 420 + .extra1 = &zero, 419 421 }, 420 422 #endif 421 423 #ifdef CONFIG_NET_SCHED

+1 -1

net/ipv4/ipconfig.c

··· 306 306 while ((d = next)) { 307 307 next = d->next; 308 308 dev = d->dev; 309 - if ((!ic_dev || dev != ic_dev->dev) && !netdev_uses_dsa(dev)) { 309 + if (d != ic_dev && !netdev_uses_dsa(dev)) { 310 310 pr_debug("IP-Config: Downing %s\n", dev->name); 311 311 dev_change_flags(dev, d->flags); 312 312 }

+2 -18

net/ipv4/netfilter/nf_nat_snmp_basic.c

··· 1260 1260 .timeout = 180, 1261 1261 }; 1262 1262 1263 - static struct nf_conntrack_helper snmp_helper __read_mostly = { 1264 - .me = THIS_MODULE, 1265 - .help = help, 1266 - .expect_policy = &snmp_exp_policy, 1267 - .name = "snmp", 1268 - .tuple.src.l3num = AF_INET, 1269 - .tuple.src.u.udp.port = cpu_to_be16(SNMP_PORT), 1270 - .tuple.dst.protonum = IPPROTO_UDP, 1271 - }; 1272 - 1273 1263 static struct nf_conntrack_helper snmp_trap_helper __read_mostly = { 1274 1264 .me = THIS_MODULE, 1275 1265 .help = help, ··· 1278 1288 1279 1289 static int __init nf_nat_snmp_basic_init(void) 1280 1290 { 1281 - int ret = 0; 1282 - 1283 1291 BUG_ON(nf_nat_snmp_hook != NULL); 1284 1292 RCU_INIT_POINTER(nf_nat_snmp_hook, help); 1285 1293 1286 - ret = nf_conntrack_helper_register(&snmp_trap_helper); 1287 - if (ret < 0) { 1288 - nf_conntrack_helper_unregister(&snmp_helper); 1289 - return ret; 1290 - } 1291 - return ret; 1294 + return nf_conntrack_helper_register(&snmp_trap_helper); 1292 1295 } 1293 1296 1294 1297 static void __exit nf_nat_snmp_basic_fini(void) 1295 1298 { 1296 1299 RCU_INIT_POINTER(nf_nat_snmp_hook, NULL); 1300 + synchronize_rcu(); 1297 1301 nf_conntrack_helper_unregister(&snmp_trap_helper); 1298 1302 } 1299 1303

+3 -2

net/ipv4/ping.c

··· 156 156 void ping_unhash(struct sock *sk) 157 157 { 158 158 struct inet_sock *isk = inet_sk(sk); 159 + 159 160 pr_debug("ping_unhash(isk=%p,isk->num=%u)\n", isk, isk->inet_num); 161 + write_lock_bh(&ping_table.lock); 160 162 if (sk_hashed(sk)) { 161 - write_lock_bh(&ping_table.lock); 162 163 hlist_nulls_del(&sk->sk_nulls_node); 163 164 sk_nulls_node_init(&sk->sk_nulls_node); 164 165 sock_put(sk); 165 166 isk->inet_num = 0; 166 167 isk->inet_sport = 0; 167 168 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 168 - write_unlock_bh(&ping_table.lock); 169 169 } 170 + write_unlock_bh(&ping_table.lock); 170 171 } 171 172 EXPORT_SYMBOL_GPL(ping_unhash); 172 173

+23 -18

net/ipv4/tcp_input.c

··· 126 126 #define REXMIT_LOST 1 /* retransmit packets marked lost */ 127 127 #define REXMIT_NEW 2 /* FRTO-style transmit of unsent/new packets */ 128 128 129 - static void tcp_gro_dev_warn(struct sock *sk, const struct sk_buff *skb) 129 + static void tcp_gro_dev_warn(struct sock *sk, const struct sk_buff *skb, 130 + unsigned int len) 130 131 { 131 132 static bool __once __read_mostly; 132 133 ··· 138 137 139 138 rcu_read_lock(); 140 139 dev = dev_get_by_index_rcu(sock_net(sk), skb->skb_iif); 141 - pr_warn("%s: Driver has suspect GRO implementation, TCP performance may be compromised.\n", 142 - dev ? dev->name : "Unknown driver"); 140 + if (!dev || len >= dev->mtu) 141 + pr_warn("%s: Driver has suspect GRO implementation, TCP performance may be compromised.\n", 142 + dev ? dev->name : "Unknown driver"); 143 143 rcu_read_unlock(); 144 144 } 145 145 } ··· 163 161 if (len >= icsk->icsk_ack.rcv_mss) { 164 162 icsk->icsk_ack.rcv_mss = min_t(unsigned int, len, 165 163 tcp_sk(sk)->advmss); 166 - if (unlikely(icsk->icsk_ack.rcv_mss != len)) 167 - tcp_gro_dev_warn(sk, skb); 164 + /* Account for possibly-removed options */ 165 + if (unlikely(len > icsk->icsk_ack.rcv_mss + 166 + MAX_TCP_OPTION_SPACE)) 167 + tcp_gro_dev_warn(sk, skb, len); 168 168 } else { 169 169 /* Otherwise, we make more careful check taking into account, 170 170 * that SACKs block is variable. ··· 878 874 const int ts) 879 875 { 880 876 struct tcp_sock *tp = tcp_sk(sk); 881 - if (metric > tp->reordering) { 882 - int mib_idx; 877 + int mib_idx; 883 878 879 + if (metric > tp->reordering) { 884 880 tp->reordering = min(sysctl_tcp_max_reordering, metric); 885 881 886 - /* This exciting event is worth to be remembered. 8) */ 887 - if (ts) 888 - mib_idx = LINUX_MIB_TCPTSREORDER; 889 - else if (tcp_is_reno(tp)) 890 - mib_idx = LINUX_MIB_TCPRENOREORDER; 891 - else if (tcp_is_fack(tp)) 892 - mib_idx = LINUX_MIB_TCPFACKREORDER; 893 - else 894 - mib_idx = LINUX_MIB_TCPSACKREORDER; 895 - 896 - NET_INC_STATS(sock_net(sk), mib_idx); 897 882 #if FASTRETRANS_DEBUG > 1 898 883 pr_debug("Disorder%d %d %u f%u s%u rr%d\n", 899 884 tp->rx_opt.sack_ok, inet_csk(sk)->icsk_ca_state, ··· 895 902 } 896 903 897 904 tp->rack.reord = 1; 905 + 906 + /* This exciting event is worth to be remembered. 8) */ 907 + if (ts) 908 + mib_idx = LINUX_MIB_TCPTSREORDER; 909 + else if (tcp_is_reno(tp)) 910 + mib_idx = LINUX_MIB_TCPRENOREORDER; 911 + else if (tcp_is_fack(tp)) 912 + mib_idx = LINUX_MIB_TCPFACKREORDER; 913 + else 914 + mib_idx = LINUX_MIB_TCPSACKREORDER; 915 + 916 + NET_INC_STATS(sock_net(sk), mib_idx); 898 917 } 899 918 900 919 /* This must be called before lost_out is incremented */

+2 -1

net/ipv4/tcp_recovery.c

··· 12 12 /* Account for retransmits that are lost again */ 13 13 TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_RETRANS; 14 14 tp->retrans_out -= tcp_skb_pcount(skb); 15 - NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPLOSTRETRANSMIT); 15 + NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPLOSTRETRANSMIT, 16 + tcp_skb_pcount(skb)); 16 17 } 17 18 } 18 19

+3 -3

net/kcm/kcmsock.c

··· 1687 1687 struct kcm_attach info; 1688 1688 1689 1689 if (copy_from_user(&info, (void __user *)arg, sizeof(info))) 1690 - err = -EFAULT; 1690 + return -EFAULT; 1691 1691 1692 1692 err = kcm_attach_ioctl(sock, &info); 1693 1693 ··· 1697 1697 struct kcm_unattach info; 1698 1698 1699 1699 if (copy_from_user(&info, (void __user *)arg, sizeof(info))) 1700 - err = -EFAULT; 1700 + return -EFAULT; 1701 1701 1702 1702 err = kcm_unattach_ioctl(sock, &info); 1703 1703 ··· 1708 1708 struct socket *newsock = NULL; 1709 1709 1710 1710 if (copy_from_user(&info, (void __user *)arg, sizeof(info))) 1711 - err = -EFAULT; 1711 + return -EFAULT; 1712 1712 1713 1713 err = kcm_clone(sock, &info, &newsock); 1714 1714

+126 -34

net/l2tp/l2tp_core.c

··· 278 278 } 279 279 EXPORT_SYMBOL_GPL(l2tp_session_find); 280 280 281 - struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth) 281 + /* Like l2tp_session_find() but takes a reference on the returned session. 282 + * Optionally calls session->ref() too if do_ref is true. 283 + */ 284 + struct l2tp_session *l2tp_session_get(struct net *net, 285 + struct l2tp_tunnel *tunnel, 286 + u32 session_id, bool do_ref) 287 + { 288 + struct hlist_head *session_list; 289 + struct l2tp_session *session; 290 + 291 + if (!tunnel) { 292 + struct l2tp_net *pn = l2tp_pernet(net); 293 + 294 + session_list = l2tp_session_id_hash_2(pn, session_id); 295 + 296 + rcu_read_lock_bh(); 297 + hlist_for_each_entry_rcu(session, session_list, global_hlist) { 298 + if (session->session_id == session_id) { 299 + l2tp_session_inc_refcount(session); 300 + if (do_ref && session->ref) 301 + session->ref(session); 302 + rcu_read_unlock_bh(); 303 + 304 + return session; 305 + } 306 + } 307 + rcu_read_unlock_bh(); 308 + 309 + return NULL; 310 + } 311 + 312 + session_list = l2tp_session_id_hash(tunnel, session_id); 313 + read_lock_bh(&tunnel->hlist_lock); 314 + hlist_for_each_entry(session, session_list, hlist) { 315 + if (session->session_id == session_id) { 316 + l2tp_session_inc_refcount(session); 317 + if (do_ref && session->ref) 318 + session->ref(session); 319 + read_unlock_bh(&tunnel->hlist_lock); 320 + 321 + return session; 322 + } 323 + } 324 + read_unlock_bh(&tunnel->hlist_lock); 325 + 326 + return NULL; 327 + } 328 + EXPORT_SYMBOL_GPL(l2tp_session_get); 329 + 330 + struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth, 331 + bool do_ref) 282 332 { 283 333 int hash; 284 334 struct l2tp_session *session; ··· 338 288 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) { 339 289 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) { 340 290 if (++count > nth) { 291 + l2tp_session_inc_refcount(session); 292 + if (do_ref && session->ref) 293 + session->ref(session); 341 294 read_unlock_bh(&tunnel->hlist_lock); 342 295 return session; 343 296 } ··· 351 298 352 299 return NULL; 353 300 } 354 - EXPORT_SYMBOL_GPL(l2tp_session_find_nth); 301 + EXPORT_SYMBOL_GPL(l2tp_session_get_nth); 355 302 356 303 /* Lookup a session by interface name. 357 304 * This is very inefficient but is only used by management interfaces. 358 305 */ 359 - struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname) 306 + struct l2tp_session *l2tp_session_get_by_ifname(struct net *net, char *ifname, 307 + bool do_ref) 360 308 { 361 309 struct l2tp_net *pn = l2tp_pernet(net); 362 310 int hash; ··· 367 313 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) { 368 314 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) { 369 315 if (!strcmp(session->ifname, ifname)) { 316 + l2tp_session_inc_refcount(session); 317 + if (do_ref && session->ref) 318 + session->ref(session); 370 319 rcu_read_unlock_bh(); 320 + 371 321 return session; 372 322 } 373 323 } ··· 381 323 382 324 return NULL; 383 325 } 384 - EXPORT_SYMBOL_GPL(l2tp_session_find_by_ifname); 326 + EXPORT_SYMBOL_GPL(l2tp_session_get_by_ifname); 327 + 328 + static int l2tp_session_add_to_tunnel(struct l2tp_tunnel *tunnel, 329 + struct l2tp_session *session) 330 + { 331 + struct l2tp_session *session_walk; 332 + struct hlist_head *g_head; 333 + struct hlist_head *head; 334 + struct l2tp_net *pn; 335 + 336 + head = l2tp_session_id_hash(tunnel, session->session_id); 337 + 338 + write_lock_bh(&tunnel->hlist_lock); 339 + hlist_for_each_entry(session_walk, head, hlist) 340 + if (session_walk->session_id == session->session_id) 341 + goto exist; 342 + 343 + if (tunnel->version == L2TP_HDR_VER_3) { 344 + pn = l2tp_pernet(tunnel->l2tp_net); 345 + g_head = l2tp_session_id_hash_2(l2tp_pernet(tunnel->l2tp_net), 346 + session->session_id); 347 + 348 + spin_lock_bh(&pn->l2tp_session_hlist_lock); 349 + hlist_for_each_entry(session_walk, g_head, global_hlist) 350 + if (session_walk->session_id == session->session_id) 351 + goto exist_glob; 352 + 353 + hlist_add_head_rcu(&session->global_hlist, g_head); 354 + spin_unlock_bh(&pn->l2tp_session_hlist_lock); 355 + } 356 + 357 + hlist_add_head(&session->hlist, head); 358 + write_unlock_bh(&tunnel->hlist_lock); 359 + 360 + return 0; 361 + 362 + exist_glob: 363 + spin_unlock_bh(&pn->l2tp_session_hlist_lock); 364 + exist: 365 + write_unlock_bh(&tunnel->hlist_lock); 366 + 367 + return -EEXIST; 368 + } 385 369 386 370 /* Lookup a tunnel by id 387 371 */ ··· 733 633 * a data (not control) frame before coming here. Fields up to the 734 634 * session-id have already been parsed and ptr points to the data 735 635 * after the session-id. 636 + * 637 + * session->ref() must have been called prior to l2tp_recv_common(). 638 + * session->deref() will be called automatically after skb is processed. 736 639 */ 737 640 void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, 738 641 unsigned char *ptr, unsigned char *optr, u16 hdrflags, ··· 744 641 struct l2tp_tunnel *tunnel = session->tunnel; 745 642 int offset; 746 643 u32 ns, nr; 747 - 748 - /* The ref count is increased since we now hold a pointer to 749 - * the session. Take care to decrement the refcnt when exiting 750 - * this function from now on... 751 - */ 752 - l2tp_session_inc_refcount(session); 753 - if (session->ref) 754 - (*session->ref)(session); 755 644 756 645 /* Parse and check optional cookie */ 757 646 if (session->peer_cookie_len > 0) { ··· 897 802 /* Try to dequeue as many skbs from reorder_q as we can. */ 898 803 l2tp_recv_dequeue(session); 899 804 900 - l2tp_session_dec_refcount(session); 901 - 902 805 return; 903 806 904 807 discard: ··· 905 812 906 813 if (session->deref) 907 814 (*session->deref)(session); 908 - 909 - l2tp_session_dec_refcount(session); 910 815 } 911 816 EXPORT_SYMBOL(l2tp_recv_common); 912 817 ··· 1011 920 } 1012 921 1013 922 /* Find the session context */ 1014 - session = l2tp_session_find(tunnel->l2tp_net, tunnel, session_id); 923 + session = l2tp_session_get(tunnel->l2tp_net, tunnel, session_id, true); 1015 924 if (!session || !session->recv_skb) { 925 + if (session) { 926 + if (session->deref) 927 + session->deref(session); 928 + l2tp_session_dec_refcount(session); 929 + } 930 + 1016 931 /* Not found? Pass to userspace to deal with */ 1017 932 l2tp_info(tunnel, L2TP_MSG_DATA, 1018 933 "%s: no session found (%u/%u). Passing up.\n", ··· 1027 930 } 1028 931 1029 932 l2tp_recv_common(session, skb, ptr, optr, hdrflags, length, payload_hook); 933 + l2tp_session_dec_refcount(session); 1030 934 1031 935 return 0; 1032 936 ··· 1836 1738 struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg) 1837 1739 { 1838 1740 struct l2tp_session *session; 1741 + int err; 1839 1742 1840 1743 session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL); 1841 1744 if (session != NULL) { ··· 1892 1793 1893 1794 l2tp_session_set_header_len(session, tunnel->version); 1894 1795 1796 + err = l2tp_session_add_to_tunnel(tunnel, session); 1797 + if (err) { 1798 + kfree(session); 1799 + 1800 + return ERR_PTR(err); 1801 + } 1802 + 1895 1803 /* Bump the reference count. The session context is deleted 1896 1804 * only when this drops to zero. 1897 1805 */ ··· 1908 1802 /* Ensure tunnel socket isn't deleted */ 1909 1803 sock_hold(tunnel->sock); 1910 1804 1911 - /* Add session to the tunnel's hash list */ 1912 - write_lock_bh(&tunnel->hlist_lock); 1913 - hlist_add_head(&session->hlist, 1914 - l2tp_session_id_hash(tunnel, session_id)); 1915 - write_unlock_bh(&tunnel->hlist_lock); 1916 - 1917 - /* And to the global session list if L2TPv3 */ 1918 - if (tunnel->version != L2TP_HDR_VER_2) { 1919 - struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net); 1920 - 1921 - spin_lock_bh(&pn->l2tp_session_hlist_lock); 1922 - hlist_add_head_rcu(&session->global_hlist, 1923 - l2tp_session_id_hash_2(pn, session_id)); 1924 - spin_unlock_bh(&pn->l2tp_session_hlist_lock); 1925 - } 1926 - 1927 1805 /* Ignore management session in session count value */ 1928 1806 if (session->session_id != 0) 1929 1807 atomic_inc(&l2tp_session_count); 1808 + 1809 + return session; 1930 1810 } 1931 1811 1932 - return session; 1812 + return ERR_PTR(-ENOMEM); 1933 1813 } 1934 1814 EXPORT_SYMBOL_GPL(l2tp_session_create); 1935 1815

+7 -2

net/l2tp/l2tp_core.h

··· 230 230 return tunnel; 231 231 } 232 232 233 + struct l2tp_session *l2tp_session_get(struct net *net, 234 + struct l2tp_tunnel *tunnel, 235 + u32 session_id, bool do_ref); 233 236 struct l2tp_session *l2tp_session_find(struct net *net, 234 237 struct l2tp_tunnel *tunnel, 235 238 u32 session_id); 236 - struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth); 237 - struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname); 239 + struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth, 240 + bool do_ref); 241 + struct l2tp_session *l2tp_session_get_by_ifname(struct net *net, char *ifname, 242 + bool do_ref); 238 243 struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id); 239 244 struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth); 240 245

+7 -3

net/l2tp/l2tp_debugfs.c

··· 53 53 54 54 static void l2tp_dfs_next_session(struct l2tp_dfs_seq_data *pd) 55 55 { 56 - pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx); 56 + pd->session = l2tp_session_get_nth(pd->tunnel, pd->session_idx, true); 57 57 pd->session_idx++; 58 58 59 59 if (pd->session == NULL) { ··· 238 238 } 239 239 240 240 /* Show the tunnel or session context */ 241 - if (pd->session == NULL) 241 + if (!pd->session) { 242 242 l2tp_dfs_seq_tunnel_show(m, pd->tunnel); 243 - else 243 + } else { 244 244 l2tp_dfs_seq_session_show(m, pd->session); 245 + if (pd->session->deref) 246 + pd->session->deref(pd->session); 247 + l2tp_session_dec_refcount(pd->session); 248 + } 245 249 246 250 out: 247 251 return 0;

+2 -8

net/l2tp/l2tp_eth.c

··· 221 221 goto out; 222 222 } 223 223 224 - session = l2tp_session_find(net, tunnel, session_id); 225 - if (session) { 226 - rc = -EEXIST; 227 - goto out; 228 - } 229 - 230 224 if (cfg->ifname) { 231 225 dev = dev_get_by_name(net, cfg->ifname); 232 226 if (dev) { ··· 234 240 235 241 session = l2tp_session_create(sizeof(*spriv), tunnel, session_id, 236 242 peer_session_id, cfg); 237 - if (!session) { 238 - rc = -ENOMEM; 243 + if (IS_ERR(session)) { 244 + rc = PTR_ERR(session); 239 245 goto out; 240 246 } 241 247

+15 -7

net/l2tp/l2tp_ip.c

··· 143 143 } 144 144 145 145 /* Ok, this is a data packet. Lookup the session. */ 146 - session = l2tp_session_find(net, NULL, session_id); 147 - if (session == NULL) 146 + session = l2tp_session_get(net, NULL, session_id, true); 147 + if (!session) 148 148 goto discard; 149 149 150 150 tunnel = session->tunnel; 151 - if (tunnel == NULL) 152 - goto discard; 151 + if (!tunnel) 152 + goto discard_sess; 153 153 154 154 /* Trace packet contents, if enabled */ 155 155 if (tunnel->debug & L2TP_MSG_DATA) { 156 156 length = min(32u, skb->len); 157 157 if (!pskb_may_pull(skb, length)) 158 - goto discard; 158 + goto discard_sess; 159 159 160 160 /* Point to L2TP header */ 161 161 optr = ptr = skb->data; ··· 165 165 } 166 166 167 167 l2tp_recv_common(session, skb, ptr, optr, 0, skb->len, tunnel->recv_payload_hook); 168 + l2tp_session_dec_refcount(session); 168 169 169 170 return 0; 170 171 ··· 179 178 180 179 tunnel_id = ntohl(*(__be32 *) &skb->data[4]); 181 180 tunnel = l2tp_tunnel_find(net, tunnel_id); 182 - if (tunnel != NULL) 181 + if (tunnel) { 183 182 sk = tunnel->sock; 184 - else { 183 + sock_hold(sk); 184 + } else { 185 185 struct iphdr *iph = (struct iphdr *) skb_network_header(skb); 186 186 187 187 read_lock_bh(&l2tp_ip_lock); ··· 203 201 nf_reset(skb); 204 202 205 203 return sk_receive_skb(sk, skb, 1); 204 + 205 + discard_sess: 206 + if (session->deref) 207 + session->deref(session); 208 + l2tp_session_dec_refcount(session); 209 + goto discard; 206 210 207 211 discard_put: 208 212 sock_put(sk);

+16 -7

net/l2tp/l2tp_ip6.c

··· 156 156 } 157 157 158 158 /* Ok, this is a data packet. Lookup the session. */ 159 - session = l2tp_session_find(net, NULL, session_id); 160 - if (session == NULL) 159 + session = l2tp_session_get(net, NULL, session_id, true); 160 + if (!session) 161 161 goto discard; 162 162 163 163 tunnel = session->tunnel; 164 - if (tunnel == NULL) 165 - goto discard; 164 + if (!tunnel) 165 + goto discard_sess; 166 166 167 167 /* Trace packet contents, if enabled */ 168 168 if (tunnel->debug & L2TP_MSG_DATA) { 169 169 length = min(32u, skb->len); 170 170 if (!pskb_may_pull(skb, length)) 171 - goto discard; 171 + goto discard_sess; 172 172 173 173 /* Point to L2TP header */ 174 174 optr = ptr = skb->data; ··· 179 179 180 180 l2tp_recv_common(session, skb, ptr, optr, 0, skb->len, 181 181 tunnel->recv_payload_hook); 182 + l2tp_session_dec_refcount(session); 183 + 182 184 return 0; 183 185 184 186 pass_up: ··· 193 191 194 192 tunnel_id = ntohl(*(__be32 *) &skb->data[4]); 195 193 tunnel = l2tp_tunnel_find(net, tunnel_id); 196 - if (tunnel != NULL) 194 + if (tunnel) { 197 195 sk = tunnel->sock; 198 - else { 196 + sock_hold(sk); 197 + } else { 199 198 struct ipv6hdr *iph = ipv6_hdr(skb); 200 199 201 200 read_lock_bh(&l2tp_ip6_lock); ··· 217 214 nf_reset(skb); 218 215 219 216 return sk_receive_skb(sk, skb, 1); 217 + 218 + discard_sess: 219 + if (session->deref) 220 + session->deref(session); 221 + l2tp_session_dec_refcount(session); 222 + goto discard; 220 223 221 224 discard_put: 222 225 sock_put(sk);

+35 -17

net/l2tp/l2tp_netlink.c

··· 48 48 /* Accessed under genl lock */ 49 49 static const struct l2tp_nl_cmd_ops *l2tp_nl_cmd_ops[__L2TP_PWTYPE_MAX]; 50 50 51 - static struct l2tp_session *l2tp_nl_session_find(struct genl_info *info) 51 + static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info, 52 + bool do_ref) 52 53 { 53 54 u32 tunnel_id; 54 55 u32 session_id; ··· 60 59 61 60 if (info->attrs[L2TP_ATTR_IFNAME]) { 62 61 ifname = nla_data(info->attrs[L2TP_ATTR_IFNAME]); 63 - session = l2tp_session_find_by_ifname(net, ifname); 62 + session = l2tp_session_get_by_ifname(net, ifname, do_ref); 64 63 } else if ((info->attrs[L2TP_ATTR_SESSION_ID]) && 65 64 (info->attrs[L2TP_ATTR_CONN_ID])) { 66 65 tunnel_id = nla_get_u32(info->attrs[L2TP_ATTR_CONN_ID]); 67 66 session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]); 68 67 tunnel = l2tp_tunnel_find(net, tunnel_id); 69 68 if (tunnel) 70 - session = l2tp_session_find(net, tunnel, session_id); 69 + session = l2tp_session_get(net, tunnel, session_id, 70 + do_ref); 71 71 } 72 72 73 73 return session; ··· 644 642 session_id, peer_session_id, &cfg); 645 643 646 644 if (ret >= 0) { 647 - session = l2tp_session_find(net, tunnel, session_id); 648 - if (session) 645 + session = l2tp_session_get(net, tunnel, session_id, false); 646 + if (session) { 649 647 ret = l2tp_session_notify(&l2tp_nl_family, info, session, 650 648 L2TP_CMD_SESSION_CREATE); 649 + l2tp_session_dec_refcount(session); 650 + } 651 651 } 652 652 653 653 out: ··· 662 658 struct l2tp_session *session; 663 659 u16 pw_type; 664 660 665 - session = l2tp_nl_session_find(info); 661 + session = l2tp_nl_session_get(info, true); 666 662 if (session == NULL) { 667 663 ret = -ENODEV; 668 664 goto out; ··· 676 672 if (l2tp_nl_cmd_ops[pw_type] && l2tp_nl_cmd_ops[pw_type]->session_delete) 677 673 ret = (*l2tp_nl_cmd_ops[pw_type]->session_delete)(session); 678 674 675 + if (session->deref) 676 + session->deref(session); 677 + l2tp_session_dec_refcount(session); 678 + 679 679 out: 680 680 return ret; 681 681 } ··· 689 681 int ret = 0; 690 682 struct l2tp_session *session; 691 683 692 - session = l2tp_nl_session_find(info); 684 + session = l2tp_nl_session_get(info, false); 693 685 if (session == NULL) { 694 686 ret = -ENODEV; 695 687 goto out; ··· 723 715 724 716 ret = l2tp_session_notify(&l2tp_nl_family, info, 725 717 session, L2TP_CMD_SESSION_MODIFY); 718 + 719 + l2tp_session_dec_refcount(session); 726 720 727 721 out: 728 722 return ret; ··· 821 811 struct sk_buff *msg; 822 812 int ret; 823 813 824 - session = l2tp_nl_session_find(info); 814 + session = l2tp_nl_session_get(info, false); 825 815 if (session == NULL) { 826 816 ret = -ENODEV; 827 - goto out; 817 + goto err; 828 818 } 829 819 830 820 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 831 821 if (!msg) { 832 822 ret = -ENOMEM; 833 - goto out; 823 + goto err_ref; 834 824 } 835 825 836 826 ret = l2tp_nl_session_send(msg, info->snd_portid, info->snd_seq, 837 827 0, session, L2TP_CMD_SESSION_GET); 838 828 if (ret < 0) 839 - goto err_out; 829 + goto err_ref_msg; 840 830 841 - return genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); 831 + ret = genlmsg_unicast(genl_info_net(info), msg, info->snd_portid); 842 832 843 - err_out: 833 + l2tp_session_dec_refcount(session); 834 + 835 + return ret; 836 + 837 + err_ref_msg: 844 838 nlmsg_free(msg); 845 - 846 - out: 839 + err_ref: 840 + l2tp_session_dec_refcount(session); 841 + err: 847 842 return ret; 848 843 } 849 844 ··· 867 852 goto out; 868 853 } 869 854 870 - session = l2tp_session_find_nth(tunnel, si); 855 + session = l2tp_session_get_nth(tunnel, si, false); 871 856 if (session == NULL) { 872 857 ti++; 873 858 tunnel = NULL; ··· 877 862 878 863 if (l2tp_nl_session_send(skb, NETLINK_CB(cb->skb).portid, 879 864 cb->nlh->nlmsg_seq, NLM_F_MULTI, 880 - session, L2TP_CMD_SESSION_GET) < 0) 865 + session, L2TP_CMD_SESSION_GET) < 0) { 866 + l2tp_session_dec_refcount(session); 881 867 break; 868 + } 869 + l2tp_session_dec_refcount(session); 882 870 883 871 si++; 884 872 }

+53 -43

net/l2tp/l2tp_ppp.c

··· 450 450 static void pppol2tp_session_destruct(struct sock *sk) 451 451 { 452 452 struct l2tp_session *session = sk->sk_user_data; 453 + 454 + skb_queue_purge(&sk->sk_receive_queue); 455 + skb_queue_purge(&sk->sk_write_queue); 456 + 453 457 if (session) { 454 458 sk->sk_user_data = NULL; 455 459 BUG_ON(session->magic != L2TP_SESSION_MAGIC); ··· 492 488 l2tp_session_queue_purge(session); 493 489 sock_put(sk); 494 490 } 495 - skb_queue_purge(&sk->sk_receive_queue); 496 - skb_queue_purge(&sk->sk_write_queue); 497 - 498 491 release_sock(sk); 499 492 500 493 /* This will delete the session context via ··· 583 582 int error = 0; 584 583 u32 tunnel_id, peer_tunnel_id; 585 584 u32 session_id, peer_session_id; 585 + bool drop_refcnt = false; 586 586 int ver = 2; 587 587 int fd; 588 588 ··· 685 683 if (tunnel->peer_tunnel_id == 0) 686 684 tunnel->peer_tunnel_id = peer_tunnel_id; 687 685 688 - /* Create session if it doesn't already exist. We handle the 689 - * case where a session was previously created by the netlink 690 - * interface by checking that the session doesn't already have 691 - * a socket and its tunnel socket are what we expect. If any 692 - * of those checks fail, return EEXIST to the caller. 693 - */ 694 - session = l2tp_session_find(sock_net(sk), tunnel, session_id); 695 - if (session == NULL) { 696 - /* Default MTU must allow space for UDP/L2TP/PPP 697 - * headers. 698 - */ 699 - cfg.mtu = cfg.mru = 1500 - PPPOL2TP_HEADER_OVERHEAD; 686 + session = l2tp_session_get(sock_net(sk), tunnel, session_id, false); 687 + if (session) { 688 + drop_refcnt = true; 689 + ps = l2tp_session_priv(session); 700 690 701 - /* Allocate and initialize a new session context. */ 702 - session = l2tp_session_create(sizeof(struct pppol2tp_session), 703 - tunnel, session_id, 704 - peer_session_id, &cfg); 705 - if (session == NULL) { 706 - error = -ENOMEM; 691 + /* Using a pre-existing session is fine as long as it hasn't 692 + * been connected yet. 693 + */ 694 + if (ps->sock) { 695 + error = -EEXIST; 696 + goto end; 697 + } 698 + 699 + /* consistency checks */ 700 + if (ps->tunnel_sock != tunnel->sock) { 701 + error = -EEXIST; 707 702 goto end; 708 703 } 709 704 } else { 710 - ps = l2tp_session_priv(session); 711 - error = -EEXIST; 712 - if (ps->sock != NULL) 713 - goto end; 705 + /* Default MTU must allow space for UDP/L2TP/PPP headers */ 706 + cfg.mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD; 707 + cfg.mru = cfg.mtu; 714 708 715 - /* consistency checks */ 716 - if (ps->tunnel_sock != tunnel->sock) 709 + session = l2tp_session_create(sizeof(struct pppol2tp_session), 710 + tunnel, session_id, 711 + peer_session_id, &cfg); 712 + if (IS_ERR(session)) { 713 + error = PTR_ERR(session); 717 714 goto end; 715 + } 718 716 } 719 717 720 718 /* Associate session with its PPPoL2TP socket */ ··· 779 777 session->name); 780 778 781 779 end: 780 + if (drop_refcnt) 781 + l2tp_session_dec_refcount(session); 782 782 release_sock(sk); 783 783 784 784 return error; ··· 808 804 if (tunnel->sock == NULL) 809 805 goto out; 810 806 811 - /* Check that this session doesn't already exist */ 812 - error = -EEXIST; 813 - session = l2tp_session_find(net, tunnel, session_id); 814 - if (session != NULL) 815 - goto out; 816 - 817 807 /* Default MTU values. */ 818 808 if (cfg->mtu == 0) 819 809 cfg->mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD; ··· 815 817 cfg->mru = cfg->mtu; 816 818 817 819 /* Allocate and initialize a new session context. */ 818 - error = -ENOMEM; 819 820 session = l2tp_session_create(sizeof(struct pppol2tp_session), 820 821 tunnel, session_id, 821 822 peer_session_id, cfg); 822 - if (session == NULL) 823 + if (IS_ERR(session)) { 824 + error = PTR_ERR(session); 823 825 goto out; 826 + } 824 827 825 828 ps = l2tp_session_priv(session); 826 829 ps->tunnel_sock = tunnel->sock; ··· 1139 1140 if (stats.session_id != 0) { 1140 1141 /* resend to session ioctl handler */ 1141 1142 struct l2tp_session *session = 1142 - l2tp_session_find(sock_net(sk), tunnel, stats.session_id); 1143 - if (session != NULL) 1144 - err = pppol2tp_session_ioctl(session, cmd, arg); 1145 - else 1143 + l2tp_session_get(sock_net(sk), tunnel, 1144 + stats.session_id, true); 1145 + 1146 + if (session) { 1147 + err = pppol2tp_session_ioctl(session, cmd, 1148 + arg); 1149 + if (session->deref) 1150 + session->deref(session); 1151 + l2tp_session_dec_refcount(session); 1152 + } else { 1146 1153 err = -EBADR; 1154 + } 1147 1155 break; 1148 1156 } 1149 1157 #ifdef CONFIG_XFRM ··· 1560 1554 1561 1555 static void pppol2tp_next_session(struct net *net, struct pppol2tp_seq_data *pd) 1562 1556 { 1563 - pd->session = l2tp_session_find_nth(pd->tunnel, pd->session_idx); 1557 + pd->session = l2tp_session_get_nth(pd->tunnel, pd->session_idx, true); 1564 1558 pd->session_idx++; 1565 1559 1566 1560 if (pd->session == NULL) { ··· 1687 1681 1688 1682 /* Show the tunnel or session context. 1689 1683 */ 1690 - if (pd->session == NULL) 1684 + if (!pd->session) { 1691 1685 pppol2tp_seq_tunnel_show(m, pd->tunnel); 1692 - else 1686 + } else { 1693 1687 pppol2tp_seq_session_show(m, pd->session); 1688 + if (pd->session->deref) 1689 + pd->session->deref(pd->session); 1690 + l2tp_session_dec_refcount(pd->session); 1691 + } 1694 1692 1695 1693 out: 1696 1694 return 0; ··· 1853 1843 MODULE_LICENSE("GPL"); 1854 1844 MODULE_VERSION(PPPOL2TP_DRV_VERSION); 1855 1845 MODULE_ALIAS_NET_PF_PROTO(PF_PPPOX, PX_PROTO_OL2TP); 1856 - MODULE_ALIAS_L2TP_PWTYPE(11); 1846 + MODULE_ALIAS_L2TP_PWTYPE(7);

+2 -1

net/mac80211/iface.c

··· 718 718 ieee80211_recalc_ps(local); 719 719 720 720 if (sdata->vif.type == NL80211_IFTYPE_MONITOR || 721 - sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 721 + sdata->vif.type == NL80211_IFTYPE_AP_VLAN || 722 + local->ops->wake_tx_queue) { 722 723 /* XXX: for AP_VLAN, actually track AP queues */ 723 724 netif_tx_start_all_queues(dev); 724 725 } else if (dev) {

+2

net/netfilter/nf_conntrack_ecache.c

··· 290 290 BUG_ON(notify != new); 291 291 RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL); 292 292 mutex_unlock(&nf_ct_ecache_mutex); 293 + /* synchronize_rcu() is called from ctnetlink_exit. */ 293 294 } 294 295 EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); 295 296 ··· 327 326 BUG_ON(notify != new); 328 327 RCU_INIT_POINTER(net->ct.nf_expect_event_cb, NULL); 329 328 mutex_unlock(&nf_ct_ecache_mutex); 329 + /* synchronize_rcu() is called from ctnetlink_exit. */ 330 330 } 331 331 EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); 332 332

+10 -3

net/netfilter/nf_conntrack_extend.c

··· 53 53 54 54 rcu_read_lock(); 55 55 t = rcu_dereference(nf_ct_ext_types[id]); 56 - BUG_ON(t == NULL); 56 + if (!t) { 57 + rcu_read_unlock(); 58 + return NULL; 59 + } 60 + 57 61 off = ALIGN(sizeof(struct nf_ct_ext), t->align); 58 62 len = off + t->len + var_alloc_len; 59 63 alloc_size = t->alloc_size + var_alloc_len; ··· 92 88 93 89 rcu_read_lock(); 94 90 t = rcu_dereference(nf_ct_ext_types[id]); 95 - BUG_ON(t == NULL); 91 + if (!t) { 92 + rcu_read_unlock(); 93 + return NULL; 94 + } 96 95 97 96 newoff = ALIGN(old->len, t->align); 98 97 newlen = newoff + t->len + var_alloc_len; ··· 182 175 RCU_INIT_POINTER(nf_ct_ext_types[type->id], NULL); 183 176 update_alloc_size(type); 184 177 mutex_unlock(&nf_ct_ext_type_mutex); 185 - rcu_barrier(); /* Wait for completion of call_rcu()'s */ 178 + synchronize_rcu(); 186 179 } 187 180 EXPORT_SYMBOL_GPL(nf_ct_extend_unregister);

+1

net/netfilter/nf_conntrack_netlink.c

··· 3442 3442 #ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT 3443 3443 RCU_INIT_POINTER(nfnl_ct_hook, NULL); 3444 3444 #endif 3445 + synchronize_rcu(); 3445 3446 } 3446 3447 3447 3448 module_init(ctnetlink_init);

+2

net/netfilter/nf_nat_core.c

··· 903 903 #ifdef CONFIG_XFRM 904 904 RCU_INIT_POINTER(nf_nat_decode_session_hook, NULL); 905 905 #endif 906 + synchronize_rcu(); 907 + 906 908 for (i = 0; i < NFPROTO_NUMPROTO; i++) 907 909 kfree(nf_nat_l4protos[i]); 908 910

+184 -109

net/netfilter/nfnetlink_cthelper.c

··· 32 32 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); 33 33 MODULE_DESCRIPTION("nfnl_cthelper: User-space connection tracking helpers"); 34 34 35 + struct nfnl_cthelper { 36 + struct list_head list; 37 + struct nf_conntrack_helper helper; 38 + }; 39 + 40 + static LIST_HEAD(nfnl_cthelper_list); 41 + 35 42 static int 36 43 nfnl_userspace_cthelper(struct sk_buff *skb, unsigned int protoff, 37 44 struct nf_conn *ct, enum ip_conntrack_info ctinfo) ··· 168 161 int i, ret; 169 162 struct nf_conntrack_expect_policy *expect_policy; 170 163 struct nlattr *tb[NFCTH_POLICY_SET_MAX+1]; 164 + unsigned int class_max; 171 165 172 166 ret = nla_parse_nested(tb, NFCTH_POLICY_SET_MAX, attr, 173 167 nfnl_cthelper_expect_policy_set); ··· 178 170 if (!tb[NFCTH_POLICY_SET_NUM]) 179 171 return -EINVAL; 180 172 181 - helper->expect_class_max = 182 - ntohl(nla_get_be32(tb[NFCTH_POLICY_SET_NUM])); 183 - 184 - if (helper->expect_class_max != 0 && 185 - helper->expect_class_max > NF_CT_MAX_EXPECT_CLASSES) 173 + class_max = ntohl(nla_get_be32(tb[NFCTH_POLICY_SET_NUM])); 174 + if (class_max == 0) 175 + return -EINVAL; 176 + if (class_max > NF_CT_MAX_EXPECT_CLASSES) 186 177 return -EOVERFLOW; 187 178 188 179 expect_policy = kzalloc(sizeof(struct nf_conntrack_expect_policy) * 189 - helper->expect_class_max, GFP_KERNEL); 180 + class_max, GFP_KERNEL); 190 181 if (expect_policy == NULL) 191 182 return -ENOMEM; 192 183 193 - for (i=0; i<helper->expect_class_max; i++) { 184 + for (i = 0; i < class_max; i++) { 194 185 if (!tb[NFCTH_POLICY_SET+i]) 195 186 goto err; 196 187 ··· 198 191 if (ret < 0) 199 192 goto err; 200 193 } 194 + 195 + helper->expect_class_max = class_max - 1; 201 196 helper->expect_policy = expect_policy; 202 197 return 0; 203 198 err: ··· 212 203 struct nf_conntrack_tuple *tuple) 213 204 { 214 205 struct nf_conntrack_helper *helper; 206 + struct nfnl_cthelper *nfcth; 215 207 int ret; 216 208 217 209 if (!tb[NFCTH_TUPLE] || !tb[NFCTH_POLICY] || !tb[NFCTH_PRIV_DATA_LEN]) 218 210 return -EINVAL; 219 211 220 - helper = kzalloc(sizeof(struct nf_conntrack_helper), GFP_KERNEL); 221 - if (helper == NULL) 212 + nfcth = kzalloc(sizeof(*nfcth), GFP_KERNEL); 213 + if (nfcth == NULL) 222 214 return -ENOMEM; 215 + helper = &nfcth->helper; 223 216 224 217 ret = nfnl_cthelper_parse_expect_policy(helper, tb[NFCTH_POLICY]); 225 218 if (ret < 0) 226 - goto err; 219 + goto err1; 227 220 228 221 strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN); 229 222 helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN])); ··· 256 245 257 246 ret = nf_conntrack_helper_register(helper); 258 247 if (ret < 0) 259 - goto err; 248 + goto err2; 249 + 250 + list_add_tail(&nfcth->list, &nfnl_cthelper_list); 251 + return 0; 252 + err2: 253 + kfree(helper->expect_policy); 254 + err1: 255 + kfree(nfcth); 256 + return ret; 257 + } 258 + 259 + static int 260 + nfnl_cthelper_update_policy_one(const struct nf_conntrack_expect_policy *policy, 261 + struct nf_conntrack_expect_policy *new_policy, 262 + const struct nlattr *attr) 263 + { 264 + struct nlattr *tb[NFCTH_POLICY_MAX + 1]; 265 + int err; 266 + 267 + err = nla_parse_nested(tb, NFCTH_POLICY_MAX, attr, 268 + nfnl_cthelper_expect_pol); 269 + if (err < 0) 270 + return err; 271 + 272 + if (!tb[NFCTH_POLICY_NAME] || 273 + !tb[NFCTH_POLICY_EXPECT_MAX] || 274 + !tb[NFCTH_POLICY_EXPECT_TIMEOUT]) 275 + return -EINVAL; 276 + 277 + if (nla_strcmp(tb[NFCTH_POLICY_NAME], policy->name)) 278 + return -EBUSY; 279 + 280 + new_policy->max_expected = 281 + ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX])); 282 + new_policy->timeout = 283 + ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_TIMEOUT])); 260 284 261 285 return 0; 262 - err: 263 - kfree(helper); 264 - return ret; 286 + } 287 + 288 + static int nfnl_cthelper_update_policy_all(struct nlattr *tb[], 289 + struct nf_conntrack_helper *helper) 290 + { 291 + struct nf_conntrack_expect_policy new_policy[helper->expect_class_max + 1]; 292 + struct nf_conntrack_expect_policy *policy; 293 + int i, err; 294 + 295 + /* Check first that all policy attributes are well-formed, so we don't 296 + * leave things in inconsistent state on errors. 297 + */ 298 + for (i = 0; i < helper->expect_class_max + 1; i++) { 299 + 300 + if (!tb[NFCTH_POLICY_SET + i]) 301 + return -EINVAL; 302 + 303 + err = nfnl_cthelper_update_policy_one(&helper->expect_policy[i], 304 + &new_policy[i], 305 + tb[NFCTH_POLICY_SET + i]); 306 + if (err < 0) 307 + return err; 308 + } 309 + /* Now we can safely update them. */ 310 + for (i = 0; i < helper->expect_class_max + 1; i++) { 311 + policy = (struct nf_conntrack_expect_policy *) 312 + &helper->expect_policy[i]; 313 + policy->max_expected = new_policy->max_expected; 314 + policy->timeout = new_policy->timeout; 315 + } 316 + 317 + return 0; 318 + } 319 + 320 + static int nfnl_cthelper_update_policy(struct nf_conntrack_helper *helper, 321 + const struct nlattr *attr) 322 + { 323 + struct nlattr *tb[NFCTH_POLICY_SET_MAX + 1]; 324 + unsigned int class_max; 325 + int err; 326 + 327 + err = nla_parse_nested(tb, NFCTH_POLICY_SET_MAX, attr, 328 + nfnl_cthelper_expect_policy_set); 329 + if (err < 0) 330 + return err; 331 + 332 + if (!tb[NFCTH_POLICY_SET_NUM]) 333 + return -EINVAL; 334 + 335 + class_max = ntohl(nla_get_be32(tb[NFCTH_POLICY_SET_NUM])); 336 + if (helper->expect_class_max + 1 != class_max) 337 + return -EBUSY; 338 + 339 + return nfnl_cthelper_update_policy_all(tb, helper); 265 340 } 266 341 267 342 static int ··· 360 263 return -EBUSY; 361 264 362 265 if (tb[NFCTH_POLICY]) { 363 - ret = nfnl_cthelper_parse_expect_policy(helper, 364 - tb[NFCTH_POLICY]); 266 + ret = nfnl_cthelper_update_policy(helper, tb[NFCTH_POLICY]); 365 267 if (ret < 0) 366 268 return ret; 367 269 } ··· 389 293 const char *helper_name; 390 294 struct nf_conntrack_helper *cur, *helper = NULL; 391 295 struct nf_conntrack_tuple tuple; 392 - int ret = 0, i; 296 + struct nfnl_cthelper *nlcth; 297 + int ret = 0; 393 298 394 299 if (!tb[NFCTH_NAME] || !tb[NFCTH_TUPLE]) 395 300 return -EINVAL; ··· 401 304 if (ret < 0) 402 305 return ret; 403 306 404 - rcu_read_lock(); 405 - for (i = 0; i < nf_ct_helper_hsize && !helper; i++) { 406 - hlist_for_each_entry_rcu(cur, &nf_ct_helper_hash[i], hnode) { 307 + list_for_each_entry(nlcth, &nfnl_cthelper_list, list) { 308 + cur = &nlcth->helper; 407 309 408 - /* skip non-userspace conntrack helpers. */ 409 - if (!(cur->flags & NF_CT_HELPER_F_USERSPACE)) 410 - continue; 310 + if (strncmp(cur->name, helper_name, NF_CT_HELPER_NAME_LEN)) 311 + continue; 411 312 412 - if (strncmp(cur->name, helper_name, 413 - NF_CT_HELPER_NAME_LEN) != 0) 414 - continue; 313 + if ((tuple.src.l3num != cur->tuple.src.l3num || 314 + tuple.dst.protonum != cur->tuple.dst.protonum)) 315 + continue; 415 316 416 - if ((tuple.src.l3num != cur->tuple.src.l3num || 417 - tuple.dst.protonum != cur->tuple.dst.protonum)) 418 - continue; 317 + if (nlh->nlmsg_flags & NLM_F_EXCL) 318 + return -EEXIST; 419 319 420 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 421 - ret = -EEXIST; 422 - goto err; 423 - } 424 - helper = cur; 425 - break; 426 - } 320 + helper = cur; 321 + break; 427 322 } 428 - rcu_read_unlock(); 429 323 430 324 if (helper == NULL) 431 325 ret = nfnl_cthelper_create(tb, &tuple); 432 326 else 433 327 ret = nfnl_cthelper_update(tb, helper); 434 328 435 - return ret; 436 - err: 437 - rcu_read_unlock(); 438 329 return ret; 439 330 } 440 331 ··· 462 377 goto nla_put_failure; 463 378 464 379 if (nla_put_be32(skb, NFCTH_POLICY_SET_NUM, 465 - htonl(helper->expect_class_max))) 380 + htonl(helper->expect_class_max + 1))) 466 381 goto nla_put_failure; 467 382 468 - for (i=0; i<helper->expect_class_max; i++) { 383 + for (i = 0; i < helper->expect_class_max + 1; i++) { 469 384 nest_parms2 = nla_nest_start(skb, 470 385 (NFCTH_POLICY_SET+i) | NLA_F_NESTED); 471 386 if (nest_parms2 == NULL) ··· 587 502 struct sk_buff *skb, const struct nlmsghdr *nlh, 588 503 const struct nlattr * const tb[]) 589 504 { 590 - int ret = -ENOENT, i; 505 + int ret = -ENOENT; 591 506 struct nf_conntrack_helper *cur; 592 507 struct sk_buff *skb2; 593 508 char *helper_name = NULL; 594 509 struct nf_conntrack_tuple tuple; 510 + struct nfnl_cthelper *nlcth; 595 511 bool tuple_set = false; 596 512 597 513 if (nlh->nlmsg_flags & NLM_F_DUMP) { ··· 613 527 tuple_set = true; 614 528 } 615 529 616 - for (i = 0; i < nf_ct_helper_hsize; i++) { 617 - hlist_for_each_entry_rcu(cur, &nf_ct_helper_hash[i], hnode) { 530 + list_for_each_entry(nlcth, &nfnl_cthelper_list, list) { 531 + cur = &nlcth->helper; 532 + if (helper_name && 533 + strncmp(cur->name, helper_name, NF_CT_HELPER_NAME_LEN)) 534 + continue; 618 535 619 - /* skip non-userspace conntrack helpers. */ 620 - if (!(cur->flags & NF_CT_HELPER_F_USERSPACE)) 621 - continue; 536 + if (tuple_set && 537 + (tuple.src.l3num != cur->tuple.src.l3num || 538 + tuple.dst.protonum != cur->tuple.dst.protonum)) 539 + continue; 622 540 623 - if (helper_name && strncmp(cur->name, helper_name, 624 - NF_CT_HELPER_NAME_LEN) != 0) { 625 - continue; 626 - } 627 - if (tuple_set && 628 - (tuple.src.l3num != cur->tuple.src.l3num || 629 - tuple.dst.protonum != cur->tuple.dst.protonum)) 630 - continue; 631 - 632 - skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 633 - if (skb2 == NULL) { 634 - ret = -ENOMEM; 635 - break; 636 - } 637 - 638 - ret = nfnl_cthelper_fill_info(skb2, NETLINK_CB(skb).portid, 639 - nlh->nlmsg_seq, 640 - NFNL_MSG_TYPE(nlh->nlmsg_type), 641 - NFNL_MSG_CTHELPER_NEW, cur); 642 - if (ret <= 0) { 643 - kfree_skb(skb2); 644 - break; 645 - } 646 - 647 - ret = netlink_unicast(nfnl, skb2, NETLINK_CB(skb).portid, 648 - MSG_DONTWAIT); 649 - if (ret > 0) 650 - ret = 0; 651 - 652 - /* this avoids a loop in nfnetlink. */ 653 - return ret == -EAGAIN ? -ENOBUFS : ret; 541 + skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 542 + if (skb2 == NULL) { 543 + ret = -ENOMEM; 544 + break; 654 545 } 546 + 547 + ret = nfnl_cthelper_fill_info(skb2, NETLINK_CB(skb).portid, 548 + nlh->nlmsg_seq, 549 + NFNL_MSG_TYPE(nlh->nlmsg_type), 550 + NFNL_MSG_CTHELPER_NEW, cur); 551 + if (ret <= 0) { 552 + kfree_skb(skb2); 553 + break; 554 + } 555 + 556 + ret = netlink_unicast(nfnl, skb2, NETLINK_CB(skb).portid, 557 + MSG_DONTWAIT); 558 + if (ret > 0) 559 + ret = 0; 560 + 561 + /* this avoids a loop in nfnetlink. */ 562 + return ret == -EAGAIN ? -ENOBUFS : ret; 655 563 } 656 564 return ret; 657 565 } ··· 656 576 { 657 577 char *helper_name = NULL; 658 578 struct nf_conntrack_helper *cur; 659 - struct hlist_node *tmp; 660 579 struct nf_conntrack_tuple tuple; 661 580 bool tuple_set = false, found = false; 662 - int i, j = 0, ret; 581 + struct nfnl_cthelper *nlcth, *n; 582 + int j = 0, ret; 663 583 664 584 if (tb[NFCTH_NAME]) 665 585 helper_name = nla_data(tb[NFCTH_NAME]); ··· 672 592 tuple_set = true; 673 593 } 674 594 675 - for (i = 0; i < nf_ct_helper_hsize; i++) { 676 - hlist_for_each_entry_safe(cur, tmp, &nf_ct_helper_hash[i], 677 - hnode) { 678 - /* skip non-userspace conntrack helpers. */ 679 - if (!(cur->flags & NF_CT_HELPER_F_USERSPACE)) 680 - continue; 595 + list_for_each_entry_safe(nlcth, n, &nfnl_cthelper_list, list) { 596 + cur = &nlcth->helper; 597 + j++; 681 598 682 - j++; 599 + if (helper_name && 600 + strncmp(cur->name, helper_name, NF_CT_HELPER_NAME_LEN)) 601 + continue; 683 602 684 - if (helper_name && strncmp(cur->name, helper_name, 685 - NF_CT_HELPER_NAME_LEN) != 0) { 686 - continue; 687 - } 688 - if (tuple_set && 689 - (tuple.src.l3num != cur->tuple.src.l3num || 690 - tuple.dst.protonum != cur->tuple.dst.protonum)) 691 - continue; 603 + if (tuple_set && 604 + (tuple.src.l3num != cur->tuple.src.l3num || 605 + tuple.dst.protonum != cur->tuple.dst.protonum)) 606 + continue; 692 607 693 - found = true; 694 - nf_conntrack_helper_unregister(cur); 695 - } 608 + found = true; 609 + nf_conntrack_helper_unregister(cur); 610 + kfree(cur->expect_policy); 611 + 612 + list_del(&nlcth->list); 613 + kfree(nlcth); 696 614 } 615 + 697 616 /* Make sure we return success if we flush and there is no helpers */ 698 617 return (found || j == 0) ? 0 : -ENOENT; 699 618 } ··· 741 662 static void __exit nfnl_cthelper_exit(void) 742 663 { 743 664 struct nf_conntrack_helper *cur; 744 - struct hlist_node *tmp; 745 - int i; 665 + struct nfnl_cthelper *nlcth, *n; 746 666 747 667 nfnetlink_subsys_unregister(&nfnl_cthelper_subsys); 748 668 749 - for (i=0; i<nf_ct_helper_hsize; i++) { 750 - hlist_for_each_entry_safe(cur, tmp, &nf_ct_helper_hash[i], 751 - hnode) { 752 - /* skip non-userspace conntrack helpers. */ 753 - if (!(cur->flags & NF_CT_HELPER_F_USERSPACE)) 754 - continue; 669 + list_for_each_entry_safe(nlcth, n, &nfnl_cthelper_list, list) { 670 + cur = &nlcth->helper; 755 671 756 - nf_conntrack_helper_unregister(cur); 757 - } 672 + nf_conntrack_helper_unregister(cur); 673 + kfree(cur->expect_policy); 674 + kfree(nlcth); 758 675 } 759 676 } 760 677

+1 -1

net/netfilter/nfnetlink_cttimeout.c

··· 646 646 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT 647 647 RCU_INIT_POINTER(nf_ct_timeout_find_get_hook, NULL); 648 648 RCU_INIT_POINTER(nf_ct_timeout_put_hook, NULL); 649 + synchronize_rcu(); 649 650 #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */ 650 - rcu_barrier(); 651 651 } 652 652 653 653 module_init(cttimeout_init);

+7 -2

net/netfilter/nfnetlink_queue.c

··· 443 443 skb = alloc_skb(size, GFP_ATOMIC); 444 444 if (!skb) { 445 445 skb_tx_error(entskb); 446 - return NULL; 446 + goto nlmsg_failure; 447 447 } 448 448 449 449 nlh = nlmsg_put(skb, 0, 0, ··· 452 452 if (!nlh) { 453 453 skb_tx_error(entskb); 454 454 kfree_skb(skb); 455 - return NULL; 455 + goto nlmsg_failure; 456 456 } 457 457 nfmsg = nlmsg_data(nlh); 458 458 nfmsg->nfgen_family = entry->state.pf; ··· 598 598 } 599 599 600 600 nlh->nlmsg_len = skb->len; 601 + if (seclen) 602 + security_release_secctx(secdata, seclen); 601 603 return skb; 602 604 603 605 nla_put_failure: 604 606 skb_tx_error(entskb); 605 607 kfree_skb(skb); 606 608 net_err_ratelimited("nf_queue: error creating packet message\n"); 609 + nlmsg_failure: 610 + if (seclen) 611 + security_release_secctx(secdata, seclen); 607 612 return NULL; 608 613 } 609 614

+2 -2

net/openvswitch/conntrack.c

··· 643 643 */ 644 644 if (nf_ct_is_confirmed(ct)) 645 645 nf_ct_delete(ct, 0, 0); 646 - else 647 - nf_conntrack_put(&ct->ct_general); 646 + 647 + nf_conntrack_put(&ct->ct_general); 648 648 nf_ct_set(skb, NULL, 0); 649 649 return false; 650 650 }

+8 -2

net/openvswitch/flow.c

··· 527 527 528 528 /* Link layer. */ 529 529 clear_vlan(key); 530 - if (key->mac_proto == MAC_PROTO_NONE) { 530 + if (ovs_key_mac_proto(key) == MAC_PROTO_NONE) { 531 531 if (unlikely(eth_type_vlan(skb->protocol))) 532 532 return -EINVAL; 533 533 ··· 745 745 746 746 int ovs_flow_key_update(struct sk_buff *skb, struct sw_flow_key *key) 747 747 { 748 - return key_extract(skb, key); 748 + int res; 749 + 750 + res = key_extract(skb, key); 751 + if (!res) 752 + key->mac_proto &= ~SW_FLOW_KEY_INVALID; 753 + 754 + return res; 749 755 } 750 756 751 757 static int key_extract_mac_proto(struct sk_buff *skb)

+6 -2

net/packet/af_packet.c

··· 3665 3665 return -EBUSY; 3666 3666 if (copy_from_user(&val, optval, sizeof(val))) 3667 3667 return -EFAULT; 3668 + if (val > INT_MAX) 3669 + return -EINVAL; 3668 3670 po->tp_reserve = val; 3669 3671 return 0; 3670 3672 } ··· 4195 4193 if (unlikely(!PAGE_ALIGNED(req->tp_block_size))) 4196 4194 goto out; 4197 4195 if (po->tp_version >= TPACKET_V3 && 4198 - (int)(req->tp_block_size - 4199 - BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) 4196 + req->tp_block_size <= 4197 + BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv)) 4200 4198 goto out; 4201 4199 if (unlikely(req->tp_frame_size < po->tp_hdrlen + 4202 4200 po->tp_reserve)) ··· 4206 4204 4207 4205 rb->frames_per_block = req->tp_block_size / req->tp_frame_size; 4208 4206 if (unlikely(rb->frames_per_block == 0)) 4207 + goto out; 4208 + if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr)) 4209 4209 goto out; 4210 4210 if (unlikely((rb->frames_per_block * req->tp_block_nr) != 4211 4211 req->tp_frame_nr))

+9 -4

net/sctp/associola.c

··· 246 246 if (!sctp_ulpq_init(&asoc->ulpq, asoc)) 247 247 goto fail_init; 248 248 249 + if (sctp_stream_new(asoc, gfp)) 250 + goto fail_init; 251 + 249 252 /* Assume that peer would support both address types unless we are 250 253 * told otherwise. 251 254 */ ··· 267 264 /* AUTH related initializations */ 268 265 INIT_LIST_HEAD(&asoc->endpoint_shared_keys); 269 266 if (sctp_auth_asoc_copy_shkeys(ep, asoc, gfp)) 270 - goto fail_init; 267 + goto stream_free; 271 268 272 269 asoc->active_key_id = ep->active_key_id; 273 270 asoc->prsctp_enable = ep->prsctp_enable; ··· 290 287 291 288 return asoc; 292 289 290 + stream_free: 291 + sctp_stream_free(asoc->stream); 293 292 fail_init: 294 293 sock_put(asoc->base.sk); 295 294 sctp_endpoint_put(asoc->ep); ··· 1412 1407 /* Update the association's pmtu and frag_point by going through all the 1413 1408 * transports. This routine is called when a transport's PMTU has changed. 1414 1409 */ 1415 - void sctp_assoc_sync_pmtu(struct sock *sk, struct sctp_association *asoc) 1410 + void sctp_assoc_sync_pmtu(struct sctp_association *asoc) 1416 1411 { 1417 1412 struct sctp_transport *t; 1418 1413 __u32 pmtu = 0; ··· 1424 1419 list_for_each_entry(t, &asoc->peer.transport_addr_list, 1425 1420 transports) { 1426 1421 if (t->pmtu_pending && t->dst) { 1427 - sctp_transport_update_pmtu(sk, t, 1428 - SCTP_TRUNC4(dst_mtu(t->dst))); 1422 + sctp_transport_update_pmtu( 1423 + t, SCTP_TRUNC4(dst_mtu(t->dst))); 1429 1424 t->pmtu_pending = 0; 1430 1425 } 1431 1426 if (!pmtu || (t->pathmtu < pmtu))

+2 -2

net/sctp/input.c

··· 401 401 402 402 if (t->param_flags & SPP_PMTUD_ENABLE) { 403 403 /* Update transports view of the MTU */ 404 - sctp_transport_update_pmtu(sk, t, pmtu); 404 + sctp_transport_update_pmtu(t, pmtu); 405 405 406 406 /* Update association pmtu. */ 407 - sctp_assoc_sync_pmtu(sk, asoc); 407 + sctp_assoc_sync_pmtu(asoc); 408 408 } 409 409 410 410 /* Retransmit with the new pmtu setting.

+37 -32

net/sctp/output.c

··· 86 86 { 87 87 struct sctp_transport *tp = packet->transport; 88 88 struct sctp_association *asoc = tp->asoc; 89 + struct sock *sk; 89 90 90 91 pr_debug("%s: packet:%p vtag:0x%x\n", __func__, packet, vtag); 91 - 92 92 packet->vtag = vtag; 93 93 94 - if (asoc && tp->dst) { 95 - struct sock *sk = asoc->base.sk; 94 + /* do the following jobs only once for a flush schedule */ 95 + if (!sctp_packet_empty(packet)) 96 + return; 96 97 97 - rcu_read_lock(); 98 - if (__sk_dst_get(sk) != tp->dst) { 99 - dst_hold(tp->dst); 100 - sk_setup_caps(sk, tp->dst); 101 - } 98 + /* set packet max_size with pathmtu */ 99 + packet->max_size = tp->pathmtu; 100 + if (!asoc) 101 + return; 102 102 103 - if (sk_can_gso(sk)) { 104 - struct net_device *dev = tp->dst->dev; 105 - 106 - packet->max_size = dev->gso_max_size; 107 - } else { 108 - packet->max_size = asoc->pathmtu; 109 - } 110 - rcu_read_unlock(); 111 - 112 - } else { 113 - packet->max_size = tp->pathmtu; 103 + /* update dst or transport pathmtu if in need */ 104 + sk = asoc->base.sk; 105 + if (!sctp_transport_dst_check(tp)) { 106 + sctp_transport_route(tp, NULL, sctp_sk(sk)); 107 + if (asoc->param_flags & SPP_PMTUD_ENABLE) 108 + sctp_assoc_sync_pmtu(asoc); 109 + } else if (!sctp_transport_pmtu_check(tp)) { 110 + if (asoc->param_flags & SPP_PMTUD_ENABLE) 111 + sctp_assoc_sync_pmtu(asoc); 114 112 } 115 113 116 - if (ecn_capable && sctp_packet_empty(packet)) { 117 - struct sctp_chunk *chunk; 114 + /* If there a is a prepend chunk stick it on the list before 115 + * any other chunks get appended. 116 + */ 117 + if (ecn_capable) { 118 + struct sctp_chunk *chunk = sctp_get_ecne_prepend(asoc); 118 119 119 - /* If there a is a prepend chunk stick it on the list before 120 - * any other chunks get appended. 121 - */ 122 - chunk = sctp_get_ecne_prepend(asoc); 123 120 if (chunk) 124 121 sctp_packet_append_chunk(packet, chunk); 125 122 } 123 + 124 + if (!tp->dst) 125 + return; 126 + 127 + /* set packet max_size with gso_max_size if gso is enabled*/ 128 + rcu_read_lock(); 129 + if (__sk_dst_get(sk) != tp->dst) { 130 + dst_hold(tp->dst); 131 + sk_setup_caps(sk, tp->dst); 132 + } 133 + packet->max_size = sk_can_gso(sk) ? tp->dst->dev->gso_max_size 134 + : asoc->pathmtu; 135 + rcu_read_unlock(); 126 136 } 127 137 128 138 /* Initialize the packet structure. */ ··· 592 582 sh->vtag = htonl(packet->vtag); 593 583 sh->checksum = 0; 594 584 595 - /* update dst if in need */ 596 - if (!sctp_transport_dst_check(tp)) { 597 - sctp_transport_route(tp, NULL, sctp_sk(sk)); 598 - if (asoc && asoc->param_flags & SPP_PMTUD_ENABLE) 599 - sctp_assoc_sync_pmtu(sk, asoc); 600 - } 585 + /* drop packet if no dst */ 601 586 dst = dst_clone(tp->dst); 602 587 if (!dst) { 603 588 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES); ··· 709 704 */ 710 705 711 706 if ((sctp_sk(asoc->base.sk)->nodelay || inflight == 0) && 712 - !chunk->msg->force_delay) 707 + !asoc->force_delay) 713 708 /* Nothing unacked */ 714 709 return SCTP_XMIT_OK; 715 710

+1 -2

net/sctp/outqueue.c

··· 1026 1026 /* RFC 2960 6.5 Every DATA chunk MUST carry a valid 1027 1027 * stream identifier. 1028 1028 */ 1029 - if (chunk->sinfo.sinfo_stream >= 1030 - asoc->c.sinit_num_ostreams) { 1029 + if (chunk->sinfo.sinfo_stream >= asoc->stream->outcnt) { 1031 1030 1032 1031 /* Mark as failed send. */ 1033 1032 sctp_chunk_fail(chunk, SCTP_ERROR_INV_STRM);

+2 -2

net/sctp/proc.c

··· 361 361 sctp_seq_dump_remote_addrs(seq, assoc); 362 362 seq_printf(seq, "\t%8lu %5d %5d %4d %4d %4d %8d " 363 363 "%8d %8d %8d %8d", 364 - assoc->hbinterval, assoc->c.sinit_max_instreams, 365 - assoc->c.sinit_num_ostreams, assoc->max_retrans, 364 + assoc->hbinterval, assoc->stream->incnt, 365 + assoc->stream->outcnt, assoc->max_retrans, 366 366 assoc->init_retries, assoc->shutdown_retries, 367 367 assoc->rtx_data_chunks, 368 368 atomic_read(&sk->sk_wmem_alloc),

+2 -7

net/sctp/sm_make_chunk.c

··· 2460 2460 * association. 2461 2461 */ 2462 2462 if (!asoc->temp) { 2463 - int error; 2464 - 2465 - asoc->stream = sctp_stream_new(asoc->c.sinit_max_instreams, 2466 - asoc->c.sinit_num_ostreams, gfp); 2467 - if (!asoc->stream) 2463 + if (sctp_stream_init(asoc, gfp)) 2468 2464 goto clean_up; 2469 2465 2470 - error = sctp_assoc_set_id(asoc, gfp); 2471 - if (error) 2466 + if (sctp_assoc_set_id(asoc, gfp)) 2472 2467 goto clean_up; 2473 2468 } 2474 2469

+3 -3

net/sctp/sm_statefuns.c

··· 3946 3946 3947 3947 /* Silently discard the chunk if stream-id is not valid */ 3948 3948 sctp_walk_fwdtsn(skip, chunk) { 3949 - if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams) 3949 + if (ntohs(skip->stream) >= asoc->stream->incnt) 3950 3950 goto discard_noforce; 3951 3951 } 3952 3952 ··· 4017 4017 4018 4018 /* Silently discard the chunk if stream-id is not valid */ 4019 4019 sctp_walk_fwdtsn(skip, chunk) { 4020 - if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams) 4020 + if (ntohs(skip->stream) >= asoc->stream->incnt) 4021 4021 goto gen_shutdown; 4022 4022 } 4023 4023 ··· 6353 6353 * and discard the DATA chunk. 6354 6354 */ 6355 6355 sid = ntohs(data_hdr->stream); 6356 - if (sid >= asoc->c.sinit_max_instreams) { 6356 + if (sid >= asoc->stream->incnt) { 6357 6357 /* Mark tsn as received even though we drop it */ 6358 6358 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_TSN, SCTP_U32(tsn)); 6359 6359

+9 -9

net/sctp/socket.c

··· 1907 1907 } 1908 1908 1909 1909 if (asoc->pmtu_pending) 1910 - sctp_assoc_pending_pmtu(sk, asoc); 1910 + sctp_assoc_pending_pmtu(asoc); 1911 1911 1912 1912 /* If fragmentation is disabled and the message length exceeds the 1913 1913 * association fragmentation point, return EMSGSIZE. The I-D ··· 1920 1920 } 1921 1921 1922 1922 /* Check for invalid stream. */ 1923 - if (sinfo->sinfo_stream >= asoc->c.sinit_num_ostreams) { 1923 + if (sinfo->sinfo_stream >= asoc->stream->outcnt) { 1924 1924 err = -EINVAL; 1925 1925 goto out_free; 1926 1926 } ··· 1965 1965 err = PTR_ERR(datamsg); 1966 1966 goto out_free; 1967 1967 } 1968 - datamsg->force_delay = !!(msg->msg_flags & MSG_MORE); 1968 + asoc->force_delay = !!(msg->msg_flags & MSG_MORE); 1969 1969 1970 1970 /* Now send the (possibly) fragmented message. */ 1971 1971 list_for_each_entry(chunk, &datamsg->chunks, frag_list) { ··· 2435 2435 if ((params->spp_flags & SPP_PMTUD_DISABLE) && params->spp_pathmtu) { 2436 2436 if (trans) { 2437 2437 trans->pathmtu = params->spp_pathmtu; 2438 - sctp_assoc_sync_pmtu(sctp_opt2sk(sp), asoc); 2438 + sctp_assoc_sync_pmtu(asoc); 2439 2439 } else if (asoc) { 2440 2440 asoc->pathmtu = params->spp_pathmtu; 2441 2441 } else { ··· 2451 2451 (trans->param_flags & ~SPP_PMTUD) | pmtud_change; 2452 2452 if (update) { 2453 2453 sctp_transport_pmtu(trans, sctp_opt2sk(sp)); 2454 - sctp_assoc_sync_pmtu(sctp_opt2sk(sp), asoc); 2454 + sctp_assoc_sync_pmtu(asoc); 2455 2455 } 2456 2456 } else if (asoc) { 2457 2457 asoc->param_flags = ··· 4461 4461 info->sctpi_rwnd = asoc->a_rwnd; 4462 4462 info->sctpi_unackdata = asoc->unack_data; 4463 4463 info->sctpi_penddata = sctp_tsnmap_pending(&asoc->peer.tsn_map); 4464 - info->sctpi_instrms = asoc->c.sinit_max_instreams; 4465 - info->sctpi_outstrms = asoc->c.sinit_num_ostreams; 4464 + info->sctpi_instrms = asoc->stream->incnt; 4465 + info->sctpi_outstrms = asoc->stream->outcnt; 4466 4466 list_for_each(pos, &asoc->base.inqueue.in_chunk_list) 4467 4467 info->sctpi_inqueue++; 4468 4468 list_for_each(pos, &asoc->outqueue.out_chunk_list) ··· 4691 4691 status.sstat_unackdata = asoc->unack_data; 4692 4692 4693 4693 status.sstat_penddata = sctp_tsnmap_pending(&asoc->peer.tsn_map); 4694 - status.sstat_instrms = asoc->c.sinit_max_instreams; 4695 - status.sstat_outstrms = asoc->c.sinit_num_ostreams; 4694 + status.sstat_instrms = asoc->stream->incnt; 4695 + status.sstat_outstrms = asoc->stream->outcnt; 4696 4696 status.sstat_fragmentation_point = asoc->frag_point; 4697 4697 status.sstat_primary.spinfo_assoc_id = sctp_assoc2id(transport->asoc); 4698 4698 memcpy(&status.sstat_primary.spinfo_address, &transport->ipaddr,

+35 -8

net/sctp/stream.c

··· 35 35 #include <net/sctp/sctp.h> 36 36 #include <net/sctp/sm.h> 37 37 38 - struct sctp_stream *sctp_stream_new(__u16 incnt, __u16 outcnt, gfp_t gfp) 38 + int sctp_stream_new(struct sctp_association *asoc, gfp_t gfp) 39 39 { 40 40 struct sctp_stream *stream; 41 41 int i; 42 42 43 43 stream = kzalloc(sizeof(*stream), gfp); 44 44 if (!stream) 45 - return NULL; 45 + return -ENOMEM; 46 46 47 - stream->outcnt = outcnt; 47 + stream->outcnt = asoc->c.sinit_num_ostreams; 48 48 stream->out = kcalloc(stream->outcnt, sizeof(*stream->out), gfp); 49 49 if (!stream->out) { 50 50 kfree(stream); 51 - return NULL; 51 + return -ENOMEM; 52 52 } 53 53 for (i = 0; i < stream->outcnt; i++) 54 54 stream->out[i].state = SCTP_STREAM_OPEN; 55 55 56 - stream->incnt = incnt; 56 + asoc->stream = stream; 57 + 58 + return 0; 59 + } 60 + 61 + int sctp_stream_init(struct sctp_association *asoc, gfp_t gfp) 62 + { 63 + struct sctp_stream *stream = asoc->stream; 64 + int i; 65 + 66 + /* Initial stream->out size may be very big, so free it and alloc 67 + * a new one with new outcnt to save memory. 68 + */ 69 + kfree(stream->out); 70 + stream->outcnt = asoc->c.sinit_num_ostreams; 71 + stream->out = kcalloc(stream->outcnt, sizeof(*stream->out), gfp); 72 + if (!stream->out) 73 + goto nomem; 74 + 75 + for (i = 0; i < stream->outcnt; i++) 76 + stream->out[i].state = SCTP_STREAM_OPEN; 77 + 78 + stream->incnt = asoc->c.sinit_max_instreams; 57 79 stream->in = kcalloc(stream->incnt, sizeof(*stream->in), gfp); 58 80 if (!stream->in) { 59 81 kfree(stream->out); 60 - kfree(stream); 61 - return NULL; 82 + goto nomem; 62 83 } 63 84 64 - return stream; 85 + return 0; 86 + 87 + nomem: 88 + asoc->stream = NULL; 89 + kfree(stream); 90 + 91 + return -ENOMEM; 65 92 } 66 93 67 94 void sctp_stream_free(struct sctp_stream *stream)

+7 -12

net/sctp/transport.c

··· 251 251 transport->pathmtu = SCTP_DEFAULT_MAXSEGMENT; 252 252 } 253 253 254 - void sctp_transport_update_pmtu(struct sock *sk, struct sctp_transport *t, u32 pmtu) 254 + void sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu) 255 255 { 256 - struct dst_entry *dst; 256 + struct dst_entry *dst = sctp_transport_dst_check(t); 257 257 258 258 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { 259 259 pr_warn("%s: Reported pmtu %d too low, using default minimum of %d\n", 260 - __func__, pmtu, 261 - SCTP_DEFAULT_MINSEGMENT); 260 + __func__, pmtu, SCTP_DEFAULT_MINSEGMENT); 262 261 /* Use default minimum segment size and disable 263 262 * pmtu discovery on this transport. 264 263 */ ··· 266 267 t->pathmtu = pmtu; 267 268 } 268 269 269 - dst = sctp_transport_dst_check(t); 270 - if (!dst) 271 - t->af_specific->get_dst(t, &t->saddr, &t->fl, sk); 272 - 273 270 if (dst) { 274 - dst->ops->update_pmtu(dst, sk, NULL, pmtu); 275 - 271 + dst->ops->update_pmtu(dst, t->asoc->base.sk, NULL, pmtu); 276 272 dst = sctp_transport_dst_check(t); 277 - if (!dst) 278 - t->af_specific->get_dst(t, &t->saddr, &t->fl, sk); 279 273 } 274 + 275 + if (!dst) 276 + t->af_specific->get_dst(t, &t->saddr, &t->fl, t->asoc->base.sk); 280 277 } 281 278 282 279 /* Caches the dst entry and source address for a transport's destination

+1

net/sunrpc/svcsock.c

··· 1635 1635 1636 1636 xprt = &svsk->sk_xprt; 1637 1637 svc_xprt_init(net, &svc_tcp_bc_class, xprt, serv); 1638 + set_bit(XPT_CONG_CTRL, &svsk->sk_xprt.xpt_flags); 1638 1639 1639 1640 serv->sv_bc_xprt = xprt; 1640 1641

+1

net/sunrpc/xprtrdma/svc_rdma_transport.c

··· 127 127 xprt = &cma_xprt->sc_xprt; 128 128 129 129 svc_xprt_init(net, &svc_rdma_bc_class, xprt, serv); 130 + set_bit(XPT_CONG_CTRL, &xprt->xpt_flags); 130 131 serv->sv_bc_xprt = xprt; 131 132 132 133 dprintk("svcrdma: %s(%p)\n", __func__, xprt);

+4 -6

net/wireless/sysfs.c

··· 132 132 /* Age scan results with time spent in suspend */ 133 133 cfg80211_bss_age(rdev, get_seconds() - rdev->suspend_at); 134 134 135 - if (rdev->ops->resume) { 136 - rtnl_lock(); 137 - if (rdev->wiphy.registered) 138 - ret = rdev_resume(rdev); 139 - rtnl_unlock(); 140 - } 135 + rtnl_lock(); 136 + if (rdev->wiphy.registered && rdev->ops->resume) 137 + ret = rdev_resume(rdev); 138 + rtnl_unlock(); 141 139 142 140 return ret; 143 141 }

+8 -1

net/xfrm/xfrm_user.c

··· 412 412 up = nla_data(rp); 413 413 ulen = xfrm_replay_state_esn_len(up); 414 414 415 - if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen) 415 + /* Check the overall length and the internal bitmap length to avoid 416 + * potential overflow. */ 417 + if (nla_len(rp) < ulen || 418 + xfrm_replay_state_esn_len(replay_esn) != ulen || 419 + replay_esn->bmp_len != up->bmp_len) 420 + return -EINVAL; 421 + 422 + if (up->replay_window > up->bmp_len * sizeof(__u32) * 8) 416 423 return -EINVAL; 417 424 418 425 return 0;

+8 -4

samples/statx/test-statx.c

··· 141 141 if (stx->stx_mask & STATX_BTIME) 142 142 print_time(" Birth: ", &stx->stx_btime); 143 143 144 - if (stx->stx_attributes) { 145 - unsigned char bits; 144 + if (stx->stx_attributes_mask) { 145 + unsigned char bits, mbits; 146 146 int loop, byte; 147 147 148 148 static char attr_representation[64 + 1] = ··· 160 160 printf("Attributes: %016llx (", stx->stx_attributes); 161 161 for (byte = 64 - 8; byte >= 0; byte -= 8) { 162 162 bits = stx->stx_attributes >> byte; 163 + mbits = stx->stx_attributes_mask >> byte; 163 164 for (loop = 7; loop >= 0; loop--) { 164 165 int bit = byte + loop; 165 166 166 - if (bits & 0x80) 167 + if (!(mbits & 0x80)) 168 + putchar('.'); /* Not supported */ 169 + else if (bits & 0x80) 167 170 putchar(attr_representation[63 - bit]); 168 171 else 169 - putchar('-'); 172 + putchar('-'); /* Not set */ 170 173 bits <<= 1; 174 + mbits <<= 1; 171 175 } 172 176 if (byte) 173 177 putchar(' ');

+4

scripts/Kbuild.include

··· 148 148 # Usage: EXTRA_CFLAGS += $(call cc-ifversion, -lt, 0402, -O1) 149 149 cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4)) 150 150 151 + # cc-if-fullversion 152 + # Usage: EXTRA_CFLAGS += $(call cc-if-fullversion, -lt, 040502, -O1) 153 + cc-if-fullversion = $(shell [ $(cc-fullversion) $(1) $(2) ] && echo $(3) || echo $(4)) 154 + 151 155 # cc-ldoption 152 156 # Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both) 153 157 cc-ldoption = $(call try-run,\

+1 -1

scripts/Makefile.lib

··· 155 155 # $(call addtree,-I$(obj)) locates .h files in srctree, from generated .c files 156 156 # and locates generated .h files 157 157 # FIXME: Replace both with specific CFLAGS* statements in the makefiles 158 - __c_flags = $(if $(obj),-I$(srctree)/$(src) -I$(obj)) \ 158 + __c_flags = $(if $(obj),$(call addtree,-I$(src)) -I$(obj)) \ 159 159 $(call flags,_c_flags) 160 160 __a_flags = $(call flags,_a_flags) 161 161 __cpp_flags = $(call flags,_cpp_flags)

+1 -1

scripts/kconfig/gconf.c

··· 914 914 current = menu; 915 915 display_tree_part(); 916 916 gtk_widget_set_sensitive(back_btn, TRUE); 917 - } else if ((col == COL_OPTION)) { 917 + } else if (col == COL_OPTION) { 918 918 toggle_sym_value(menu); 919 919 gtk_tree_view_expand_row(view, path, TRUE); 920 920 }

+4

sound/core/seq/seq_fifo.c

··· 267 267 /* NOTE: overflow flag is not cleared */ 268 268 spin_unlock_irqrestore(&f->lock, flags); 269 269 270 + /* close the old pool and wait until all users are gone */ 271 + snd_seq_pool_mark_closing(oldpool); 272 + snd_use_lock_sync(&f->use_lock); 273 + 270 274 /* release cells in old pool */ 271 275 for (cell = oldhead; cell; cell = next) { 272 276 next = cell->next;

+11 -1

sound/pci/hda/patch_realtek.c

··· 4858 4858 ALC292_FIXUP_DISABLE_AAMIX, 4859 4859 ALC293_FIXUP_DISABLE_AAMIX_MULTIJACK, 4860 4860 ALC298_FIXUP_DELL1_MIC_NO_PRESENCE, 4861 + ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE, 4861 4862 ALC275_FIXUP_DELL_XPS, 4862 4863 ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE, 4863 4864 ALC293_FIXUP_LENOVO_SPK_NOISE, ··· 5471 5470 .chained = true, 5472 5471 .chain_id = ALC269_FIXUP_HEADSET_MODE 5473 5472 }, 5473 + [ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE] = { 5474 + .type = HDA_FIXUP_PINS, 5475 + .v.pins = (const struct hda_pintbl[]) { 5476 + { 0x18, 0x01a1913c }, /* use as headset mic, without its own jack detect */ 5477 + { } 5478 + }, 5479 + .chained = true, 5480 + .chain_id = ALC269_FIXUP_HEADSET_MODE 5481 + }, 5474 5482 [ALC275_FIXUP_DELL_XPS] = { 5475 5483 .type = HDA_FIXUP_VERBS, 5476 5484 .v.verbs = (const struct hda_verb[]) { ··· 5552 5542 .type = HDA_FIXUP_FUNC, 5553 5543 .v.func = alc298_fixup_speaker_volume, 5554 5544 .chained = true, 5555 - .chain_id = ALC298_FIXUP_DELL1_MIC_NO_PRESENCE, 5545 + .chain_id = ALC298_FIXUP_DELL_AIO_MIC_NO_PRESENCE, 5556 5546 }, 5557 5547 [ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER] = { 5558 5548 .type = HDA_FIXUP_PINS,

+1 -1

sound/soc/atmel/atmel-classd.c

··· 349 349 } 350 350 351 351 #define CLASSD_ACLK_RATE_11M2896_MPY_8 (112896 * 100 * 8) 352 - #define CLASSD_ACLK_RATE_12M288_MPY_8 (12228 * 1000 * 8) 352 + #define CLASSD_ACLK_RATE_12M288_MPY_8 (12288 * 1000 * 8) 353 353 354 354 static struct { 355 355 int rate;

+8 -8

sound/soc/codecs/hdac_hdmi.c

··· 1534 1534 pin->mst_capable = false; 1535 1535 /* if not MST, default is port[0] */ 1536 1536 hport = &pin->ports[0]; 1537 - goto out; 1538 1537 } else { 1539 1538 for (i = 0; i < pin->num_ports; i++) { 1540 1539 pin->mst_capable = true; 1541 1540 if (pin->ports[i].id == pipe) { 1542 1541 hport = &pin->ports[i]; 1543 - goto out; 1542 + break; 1544 1543 } 1545 1544 } 1546 1545 } 1546 + 1547 + if (hport) 1548 + hdac_hdmi_present_sense(pin, hport); 1547 1549 } 1548 1550 1549 - out: 1550 - if (pin && hport) 1551 - hdac_hdmi_present_sense(pin, hport); 1552 1551 } 1553 1552 1554 1553 static struct i915_audio_component_audio_ops aops = { ··· 1997 1998 struct hdac_hdmi_pin *pin, *pin_next; 1998 1999 struct hdac_hdmi_cvt *cvt, *cvt_next; 1999 2000 struct hdac_hdmi_pcm *pcm, *pcm_next; 2000 - struct hdac_hdmi_port *port; 2001 + struct hdac_hdmi_port *port, *port_next; 2001 2002 int i; 2002 2003 2003 2004 snd_soc_unregister_codec(&edev->hdac.dev); ··· 2007 2008 if (list_empty(&pcm->port_list)) 2008 2009 continue; 2009 2010 2010 - list_for_each_entry(port, &pcm->port_list, head) 2011 - port = NULL; 2011 + list_for_each_entry_safe(port, port_next, 2012 + &pcm->port_list, head) 2013 + list_del(&port->head); 2012 2014 2013 2015 list_del(&pcm->head); 2014 2016 kfree(pcm);

+7 -3

sound/soc/codecs/rt5665.c

··· 1241 1241 static void rt5665_jd_check_handler(struct work_struct *work) 1242 1242 { 1243 1243 struct rt5665_priv *rt5665 = container_of(work, struct rt5665_priv, 1244 - calibrate_work.work); 1244 + jd_check_work.work); 1245 1245 1246 1246 if (snd_soc_read(rt5665->codec, RT5665_AJD1_CTRL) & 0x0010) { 1247 1247 /* jack out */ ··· 2252 2252 2253 2253 static const SOC_ENUM_SINGLE_DECL( 2254 2254 rt5665_if2_1_adc_in_enum, RT5665_DIG_INF2_DATA, 2255 - RT5665_IF3_ADC_IN_SFT, rt5665_if2_1_adc_in_src); 2255 + RT5665_IF2_1_ADC_IN_SFT, rt5665_if2_1_adc_in_src); 2256 2256 2257 2257 static const struct snd_kcontrol_new rt5665_if2_1_adc_in_mux = 2258 2258 SOC_DAPM_ENUM("IF2_1 ADC IN Source", rt5665_if2_1_adc_in_enum); ··· 3178 3178 {"DAC Mono Right Filter", NULL, "DAC Mono R ASRC", is_using_asrc}, 3179 3179 {"DAC Stereo1 Filter", NULL, "DAC STO1 ASRC", is_using_asrc}, 3180 3180 {"DAC Stereo2 Filter", NULL, "DAC STO2 ASRC", is_using_asrc}, 3181 + {"I2S1 ASRC", NULL, "CLKDET"}, 3182 + {"I2S2 ASRC", NULL, "CLKDET"}, 3183 + {"I2S3 ASRC", NULL, "CLKDET"}, 3181 3184 3182 3185 /*Vref*/ 3183 3186 {"Mic Det Power", NULL, "Vref2"}, ··· 3915 3912 {"Mono MIX", "MONOVOL Switch", "MONOVOL"}, 3916 3913 {"Mono Amp", NULL, "Mono MIX"}, 3917 3914 {"Mono Amp", NULL, "Vref2"}, 3915 + {"Mono Amp", NULL, "Vref3"}, 3918 3916 {"Mono Amp", NULL, "CLKDET SYS"}, 3919 3917 {"Mono Amp", NULL, "CLKDET MONO"}, 3920 3918 {"Mono Playback", "Switch", "Mono Amp"}, ··· 4802 4798 /* Enhance performance*/ 4803 4799 regmap_update_bits(rt5665->regmap, RT5665_PWR_ANLG_1, 4804 4800 RT5665_HP_DRIVER_MASK | RT5665_LDO1_DVO_MASK, 4805 - RT5665_HP_DRIVER_5X | RT5665_LDO1_DVO_09); 4801 + RT5665_HP_DRIVER_5X | RT5665_LDO1_DVO_12); 4806 4802 4807 4803 INIT_DELAYED_WORK(&rt5665->jack_detect_work, 4808 4804 rt5665_jack_detect_handler);

+1 -1

sound/soc/codecs/rt5665.h

··· 1106 1106 #define RT5665_HP_DRIVER_MASK (0x3 << 2) 1107 1107 #define RT5665_HP_DRIVER_1X (0x0 << 2) 1108 1108 #define RT5665_HP_DRIVER_3X (0x1 << 2) 1109 - #define RT5665_HP_DRIVER_5X (0x2 << 2) 1109 + #define RT5665_HP_DRIVER_5X (0x3 << 2) 1110 1110 #define RT5665_LDO1_DVO_MASK (0x3) 1111 1111 #define RT5665_LDO1_DVO_09 (0x0) 1112 1112 #define RT5665_LDO1_DVO_10 (0x1)

+7 -2

sound/soc/codecs/wm_adsp.c

··· 899 899 900 900 mutex_lock(&ctl->dsp->pwr_lock); 901 901 902 - memcpy(ctl->cache, p, ctl->len); 902 + if (ctl->flags & WMFW_CTL_FLAG_VOLATILE) 903 + ret = -EPERM; 904 + else 905 + memcpy(ctl->cache, p, ctl->len); 903 906 904 907 ctl->set = 1; 905 908 if (ctl->enabled && ctl->dsp->running) ··· 929 926 ctl->set = 1; 930 927 if (ctl->enabled && ctl->dsp->running) 931 928 ret = wm_coeff_write_control(ctl, ctl->cache, size); 929 + else if (ctl->flags & WMFW_CTL_FLAG_VOLATILE) 930 + ret = -EPERM; 932 931 } 933 932 934 933 mutex_unlock(&ctl->dsp->pwr_lock); ··· 952 947 953 948 mutex_lock(&ctl->dsp->pwr_lock); 954 949 955 - if (ctl->enabled) 950 + if (ctl->enabled && ctl->dsp->running) 956 951 ret = wm_coeff_write_acked_control(ctl, val); 957 952 else 958 953 ret = -EPERM;

+1

sound/soc/generic/simple-card-utils.c

··· 115 115 clk = devm_get_clk_from_child(dev, node, NULL); 116 116 if (!IS_ERR(clk)) { 117 117 simple_dai->sysclk = clk_get_rate(clk); 118 + simple_dai->clk = clk; 118 119 } else if (!of_property_read_u32(node, "system-clock-frequency", &val)) { 119 120 simple_dai->sysclk = val; 120 121 } else {

+1 -1

sound/soc/intel/skylake/skl-topology.c

··· 512 512 if (bc->set_params != SKL_PARAM_INIT) 513 513 continue; 514 514 515 - mconfig->formats_config.caps = (u32 *)&bc->params; 515 + mconfig->formats_config.caps = (u32 *)bc->params; 516 516 mconfig->formats_config.caps_size = bc->size; 517 517 518 518 break;

+1 -1

sound/soc/mediatek/Kconfig

··· 13 13 14 14 config SND_SOC_MT2701_CS42448 15 15 tristate "ASoc Audio driver for MT2701 with CS42448 codec" 16 - depends on SND_SOC_MT2701 16 + depends on SND_SOC_MT2701 && I2C 17 17 select SND_SOC_CS42XX8_I2C 18 18 select SND_SOC_BT_SCO 19 19 help

+20 -16

sound/soc/sh/rcar/cmd.c

··· 31 31 struct rsnd_mod *mix = rsnd_io_to_mod_mix(io); 32 32 struct device *dev = rsnd_priv_to_dev(priv); 33 33 u32 data; 34 + u32 path[] = { 35 + [1] = 1 << 0, 36 + [5] = 1 << 8, 37 + [6] = 1 << 12, 38 + [9] = 1 << 15, 39 + }; 34 40 35 41 if (!mix && !dvc) 36 42 return 0; 43 + 44 + if (ARRAY_SIZE(path) < rsnd_mod_id(mod) + 1) 45 + return -ENXIO; 37 46 38 47 if (mix) { 39 48 struct rsnd_dai *rdai; 40 49 struct rsnd_mod *src; 41 50 struct rsnd_dai_stream *tio; 42 51 int i; 43 - u32 path[] = { 44 - [0] = 0, 45 - [1] = 1 << 0, 46 - [2] = 0, 47 - [3] = 0, 48 - [4] = 0, 49 - [5] = 1 << 8 50 - }; 51 52 52 53 /* 53 54 * it is assuming that integrater is well understanding about ··· 71 70 } else { 72 71 struct rsnd_mod *src = rsnd_io_to_mod_src(io); 73 72 74 - u32 path[] = { 75 - [0] = 0x30000, 76 - [1] = 0x30001, 77 - [2] = 0x40000, 78 - [3] = 0x10000, 79 - [4] = 0x20000, 80 - [5] = 0x40100 73 + u8 cmd_case[] = { 74 + [0] = 0x3, 75 + [1] = 0x3, 76 + [2] = 0x4, 77 + [3] = 0x1, 78 + [4] = 0x2, 79 + [5] = 0x4, 80 + [6] = 0x1, 81 + [9] = 0x2, 81 82 }; 82 83 83 - data = path[rsnd_mod_id(src)]; 84 + data = path[rsnd_mod_id(src)] | 85 + cmd_case[rsnd_mod_id(src)] << 16; 84 86 } 85 87 86 88 dev_dbg(dev, "ctu/mix path = 0x%08x", data);

+16 -2

sound/soc/sh/rcar/dma.c

··· 454 454 return ioread32(rsnd_dmapp_addr(dmac, dma, reg)); 455 455 } 456 456 457 + static void rsnd_dmapp_bset(struct rsnd_dma *dma, u32 data, u32 mask, u32 reg) 458 + { 459 + struct rsnd_mod *mod = rsnd_mod_get(dma); 460 + struct rsnd_priv *priv = rsnd_mod_to_priv(mod); 461 + struct rsnd_dma_ctrl *dmac = rsnd_priv_to_dmac(priv); 462 + void __iomem *addr = rsnd_dmapp_addr(dmac, dma, reg); 463 + u32 val = ioread32(addr); 464 + 465 + val &= ~mask; 466 + val |= (data & mask); 467 + 468 + iowrite32(val, addr); 469 + } 470 + 457 471 static int rsnd_dmapp_stop(struct rsnd_mod *mod, 458 472 struct rsnd_dai_stream *io, 459 473 struct rsnd_priv *priv) ··· 475 461 struct rsnd_dma *dma = rsnd_mod_to_dma(mod); 476 462 int i; 477 463 478 - rsnd_dmapp_write(dma, 0, PDMACHCR); 464 + rsnd_dmapp_bset(dma, 0, PDMACHCR_DE, PDMACHCR); 479 465 480 466 for (i = 0; i < 1024; i++) { 481 - if (0 == rsnd_dmapp_read(dma, PDMACHCR)) 467 + if (0 == (rsnd_dmapp_read(dma, PDMACHCR) & PDMACHCR_DE)) 482 468 return 0; 483 469 udelay(1); 484 470 }

+5 -1

sound/soc/sh/rcar/ssiu.c

··· 64 64 mask1 = (1 << 4) | (1 << 20); /* mask sync bit */ 65 65 mask2 = (1 << 4); /* mask sync bit */ 66 66 val1 = val2 = 0; 67 - if (rsnd_ssi_is_pin_sharing(io)) { 67 + if (id == 8) { 68 + /* 69 + * SSI8 pin is sharing with SSI7, nothing to do. 70 + */ 71 + } else if (rsnd_ssi_is_pin_sharing(io)) { 68 72 int shift = -1; 69 73 70 74 switch (id) {

+6 -2

sound/soc/soc-core.c

··· 3326 3326 { 3327 3327 struct snd_soc_platform *platform = rtd->platform; 3328 3328 3329 - return platform->driver->pcm_new(rtd); 3329 + if (platform->driver->pcm_new) 3330 + return platform->driver->pcm_new(rtd); 3331 + else 3332 + return 0; 3330 3333 } 3331 3334 3332 3335 static void snd_soc_platform_drv_pcm_free(struct snd_pcm *pcm) ··· 3337 3334 struct snd_soc_pcm_runtime *rtd = pcm->private_data; 3338 3335 struct snd_soc_platform *platform = rtd->platform; 3339 3336 3340 - platform->driver->pcm_free(pcm); 3337 + if (platform->driver->pcm_free) 3338 + platform->driver->pcm_free(pcm); 3341 3339 } 3342 3340 3343 3341 /**

+3

sound/soc/sti/uniperif_reader.c

··· 349 349 struct uniperif *reader = priv->dai_data.uni; 350 350 int ret; 351 351 352 + reader->substream = substream; 353 + 352 354 if (!UNIPERIF_TYPE_IS_TDM(reader)) 353 355 return 0; 354 356 ··· 380 378 /* Stop the reader */ 381 379 uni_reader_stop(reader); 382 380 } 381 + reader->substream = NULL; 383 382 } 384 383 385 384 static const struct snd_soc_dai_ops uni_reader_dai_ops = {

+30 -37

sound/soc/sunxi/sun8i-codec.c

··· 259 259 return 0; 260 260 } 261 261 262 - static const struct snd_kcontrol_new sun8i_output_left_mixer_controls[] = { 263 - SOC_DAPM_SINGLE("LSlot 0", SUN8I_DAC_MXR_SRC, 264 - SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_AIF1DA0L, 1, 0), 265 - SOC_DAPM_SINGLE("LSlot 1", SUN8I_DAC_MXR_SRC, 266 - SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_AIF1DA1L, 1, 0), 267 - SOC_DAPM_SINGLE("DACL", SUN8I_DAC_MXR_SRC, 268 - SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_AIF2DACL, 1, 0), 269 - SOC_DAPM_SINGLE("ADCL", SUN8I_DAC_MXR_SRC, 270 - SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_ADCL, 1, 0), 271 - }; 272 - 273 - static const struct snd_kcontrol_new sun8i_output_right_mixer_controls[] = { 274 - SOC_DAPM_SINGLE("RSlot 0", SUN8I_DAC_MXR_SRC, 262 + static const struct snd_kcontrol_new sun8i_dac_mixer_controls[] = { 263 + SOC_DAPM_DOUBLE("AIF1 Slot 0 Digital DAC Playback Switch", 264 + SUN8I_DAC_MXR_SRC, 265 + SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_AIF1DA0L, 275 266 SUN8I_DAC_MXR_SRC_DACR_MXR_SRC_AIF1DA0R, 1, 0), 276 - SOC_DAPM_SINGLE("RSlot 1", SUN8I_DAC_MXR_SRC, 267 + SOC_DAPM_DOUBLE("AIF1 Slot 1 Digital DAC Playback Switch", 268 + SUN8I_DAC_MXR_SRC, 269 + SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_AIF1DA1L, 277 270 SUN8I_DAC_MXR_SRC_DACR_MXR_SRC_AIF1DA1R, 1, 0), 278 - SOC_DAPM_SINGLE("DACR", SUN8I_DAC_MXR_SRC, 271 + SOC_DAPM_DOUBLE("AIF2 Digital DAC Playback Switch", SUN8I_DAC_MXR_SRC, 272 + SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_AIF2DACL, 279 273 SUN8I_DAC_MXR_SRC_DACR_MXR_SRC_AIF2DACR, 1, 0), 280 - SOC_DAPM_SINGLE("ADCR", SUN8I_DAC_MXR_SRC, 274 + SOC_DAPM_DOUBLE("ADC Digital DAC Playback Switch", SUN8I_DAC_MXR_SRC, 275 + SUN8I_DAC_MXR_SRC_DACL_MXR_SRC_ADCL, 281 276 SUN8I_DAC_MXR_SRC_DACR_MXR_SRC_ADCR, 1, 0), 282 277 }; 283 278 ··· 281 286 SND_SOC_DAPM_SUPPLY("DAC", SUN8I_DAC_DIG_CTRL, SUN8I_DAC_DIG_CTRL_ENDA, 282 287 0, NULL, 0), 283 288 284 - /* Analog DAC */ 285 - SND_SOC_DAPM_DAC("Digital Left DAC", "Playback", SUN8I_AIF1_DACDAT_CTRL, 286 - SUN8I_AIF1_DACDAT_CTRL_AIF1_DA0L_ENA, 0), 287 - SND_SOC_DAPM_DAC("Digital Right DAC", "Playback", SUN8I_AIF1_DACDAT_CTRL, 288 - SUN8I_AIF1_DACDAT_CTRL_AIF1_DA0R_ENA, 0), 289 + /* Analog DAC AIF */ 290 + SND_SOC_DAPM_AIF_IN("AIF1 Slot 0 Left", "Playback", 0, 291 + SUN8I_AIF1_DACDAT_CTRL, 292 + SUN8I_AIF1_DACDAT_CTRL_AIF1_DA0L_ENA, 0), 293 + SND_SOC_DAPM_AIF_IN("AIF1 Slot 0 Right", "Playback", 0, 294 + SUN8I_AIF1_DACDAT_CTRL, 295 + SUN8I_AIF1_DACDAT_CTRL_AIF1_DA0R_ENA, 0), 289 296 290 297 /* DAC Mixers */ 291 - SND_SOC_DAPM_MIXER("Left DAC Mixer", SND_SOC_NOPM, 0, 0, 292 - sun8i_output_left_mixer_controls, 293 - ARRAY_SIZE(sun8i_output_left_mixer_controls)), 294 - SND_SOC_DAPM_MIXER("Right DAC Mixer", SND_SOC_NOPM, 0, 0, 295 - sun8i_output_right_mixer_controls, 296 - ARRAY_SIZE(sun8i_output_right_mixer_controls)), 298 + SND_SOC_DAPM_MIXER("Left Digital DAC Mixer", SND_SOC_NOPM, 0, 0, 299 + sun8i_dac_mixer_controls, 300 + ARRAY_SIZE(sun8i_dac_mixer_controls)), 301 + SND_SOC_DAPM_MIXER("Right Digital DAC Mixer", SND_SOC_NOPM, 0, 0, 302 + sun8i_dac_mixer_controls, 303 + ARRAY_SIZE(sun8i_dac_mixer_controls)), 297 304 298 305 /* Clocks */ 299 306 SND_SOC_DAPM_SUPPLY("MODCLK AFI1", SUN8I_MOD_CLK_ENA, ··· 318 321 SUN8I_MOD_RST_CTL_AIF1, 0, NULL, 0), 319 322 SND_SOC_DAPM_SUPPLY("RST DAC", SUN8I_MOD_RST_CTL, 320 323 SUN8I_MOD_RST_CTL_DAC, 0, NULL, 0), 321 - 322 - SND_SOC_DAPM_OUTPUT("HP"), 323 324 }; 324 325 325 326 static const struct snd_soc_dapm_route sun8i_codec_dapm_routes[] = { ··· 333 338 { "DAC", NULL, "MODCLK DAC" }, 334 339 335 340 /* DAC Routes */ 336 - { "Digital Left DAC", NULL, "DAC" }, 337 - { "Digital Right DAC", NULL, "DAC" }, 341 + { "AIF1 Slot 0 Right", NULL, "DAC" }, 342 + { "AIF1 Slot 0 Left", NULL, "DAC" }, 338 343 339 344 /* DAC Mixer Routes */ 340 - { "Left DAC Mixer", "LSlot 0", "Digital Left DAC"}, 341 - { "Right DAC Mixer", "RSlot 0", "Digital Right DAC"}, 342 - 343 - /* End of route : HP out */ 344 - { "HP", NULL, "Left DAC Mixer" }, 345 - { "HP", NULL, "Right DAC Mixer" }, 345 + { "Left Digital DAC Mixer", "AIF1 Slot 0 Digital DAC Playback Switch", 346 + "AIF1 Slot 0 Left"}, 347 + { "Right Digital DAC Mixer", "AIF1 Slot 0 Digital DAC Playback Switch", 348 + "AIF1 Slot 0 Right"}, 346 349 }; 347 350 348 351 static struct snd_soc_dai_ops sun8i_codec_dai_ops = {

+10

tools/include/linux/filter.h

··· 168 168 .off = OFF, \ 169 169 .imm = 0 }) 170 170 171 + /* Atomic memory add, *(uint *)(dst_reg + off16) += src_reg */ 172 + 173 + #define BPF_STX_XADD(SIZE, DST, SRC, OFF) \ 174 + ((struct bpf_insn) { \ 175 + .code = BPF_STX | BPF_SIZE(SIZE) | BPF_XADD, \ 176 + .dst_reg = DST, \ 177 + .src_reg = SRC, \ 178 + .off = OFF, \ 179 + .imm = 0 }) 180 + 171 181 /* Memory store, *(uint *) (dst_reg + off16) = imm32 */ 172 182 173 183 #define BPF_ST_MEM(SIZE, DST, OFF, IMM) \

+8 -1

tools/testing/selftests/bpf/Makefile

··· 1 1 LIBDIR := ../../../lib 2 2 BPFDIR := $(LIBDIR)/bpf 3 + APIDIR := ../../../include/uapi 4 + GENDIR := ../../../../include/generated 5 + GENHDR := $(GENDIR)/autoconf.h 3 6 4 - CFLAGS += -Wall -O2 -I../../../include/uapi -I$(LIBDIR) 7 + ifneq ($(wildcard $(GENHDR)),) 8 + GENFLAGS := -DHAVE_GENHDR 9 + endif 10 + 11 + CFLAGS += -Wall -O2 -I$(APIDIR) -I$(LIBDIR) -I$(GENDIR) $(GENFLAGS) 5 12 LDLIBS += -lcap 6 13 7 14 TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map

+285 -5

tools/testing/selftests/bpf/test_verifier.c

··· 30 30 31 31 #include <bpf/bpf.h> 32 32 33 + #ifdef HAVE_GENHDR 34 + # include "autoconf.h" 35 + #else 36 + # if defined(__i386) || defined(__x86_64) || defined(__s390x__) || defined(__aarch64__) 37 + # define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1 38 + # endif 39 + #endif 40 + 33 41 #include "../../../include/linux/filter.h" 34 42 35 43 #ifndef ARRAY_SIZE ··· 46 38 47 39 #define MAX_INSNS 512 48 40 #define MAX_FIXUPS 8 41 + 42 + #define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS (1 << 0) 49 43 50 44 struct bpf_test { 51 45 const char *descr; ··· 63 53 REJECT 64 54 } result, result_unpriv; 65 55 enum bpf_prog_type prog_type; 56 + uint8_t flags; 66 57 }; 67 58 68 59 /* Note we want this to be 64 bit aligned so that the end of our array is ··· 2443 2432 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2444 2433 }, 2445 2434 { 2435 + "direct packet access: test15 (spill with xadd)", 2436 + .insns = { 2437 + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 2438 + offsetof(struct __sk_buff, data)), 2439 + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 2440 + offsetof(struct __sk_buff, data_end)), 2441 + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 2442 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 2443 + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8), 2444 + BPF_MOV64_IMM(BPF_REG_5, 4096), 2445 + BPF_MOV64_REG(BPF_REG_4, BPF_REG_10), 2446 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, -8), 2447 + BPF_STX_MEM(BPF_DW, BPF_REG_4, BPF_REG_2, 0), 2448 + BPF_STX_XADD(BPF_DW, BPF_REG_4, BPF_REG_5, 0), 2449 + BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_4, 0), 2450 + BPF_STX_MEM(BPF_W, BPF_REG_2, BPF_REG_5, 0), 2451 + BPF_MOV64_IMM(BPF_REG_0, 0), 2452 + BPF_EXIT_INSN(), 2453 + }, 2454 + .errstr = "R2 invalid mem access 'inv'", 2455 + .result = REJECT, 2456 + .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2457 + }, 2458 + { 2446 2459 "helper access to packet: test1, valid packet_ptr range", 2447 2460 .insns = { 2448 2461 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, ··· 2969 2934 .errstr_unpriv = "R0 pointer arithmetic prohibited", 2970 2935 .result_unpriv = REJECT, 2971 2936 .result = ACCEPT, 2937 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 2972 2938 }, 2973 2939 { 2974 2940 "valid map access into an array with a variable", ··· 2993 2957 .errstr_unpriv = "R0 pointer arithmetic prohibited", 2994 2958 .result_unpriv = REJECT, 2995 2959 .result = ACCEPT, 2960 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 2996 2961 }, 2997 2962 { 2998 2963 "valid map access into an array with a signed variable", ··· 3021 2984 .errstr_unpriv = "R0 pointer arithmetic prohibited", 3022 2985 .result_unpriv = REJECT, 3023 2986 .result = ACCEPT, 2987 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3024 2988 }, 3025 2989 { 3026 2990 "invalid map access into an array with a constant", ··· 3063 3025 .errstr = "R0 min value is outside of the array range", 3064 3026 .result_unpriv = REJECT, 3065 3027 .result = REJECT, 3028 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3066 3029 }, 3067 3030 { 3068 3031 "invalid map access into an array with a variable", ··· 3087 3048 .errstr = "R0 min value is negative, either use unsigned index or do a if (index >=0) check.", 3088 3049 .result_unpriv = REJECT, 3089 3050 .result = REJECT, 3051 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3090 3052 }, 3091 3053 { 3092 3054 "invalid map access into an array with no floor check", ··· 3114 3074 .errstr = "R0 min value is negative, either use unsigned index or do a if (index >=0) check.", 3115 3075 .result_unpriv = REJECT, 3116 3076 .result = REJECT, 3077 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3117 3078 }, 3118 3079 { 3119 3080 "invalid map access into an array with a invalid max check", ··· 3141 3100 .errstr = "invalid access to map value, value_size=48 off=44 size=8", 3142 3101 .result_unpriv = REJECT, 3143 3102 .result = REJECT, 3103 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3144 3104 }, 3145 3105 { 3146 3106 "invalid map access into an array with a invalid max check", ··· 3171 3129 .errstr = "R0 min value is negative, either use unsigned index or do a if (index >=0) check.", 3172 3130 .result_unpriv = REJECT, 3173 3131 .result = REJECT, 3132 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3174 3133 }, 3175 3134 { 3176 3135 "multiple registers share map_lookup_elem result", ··· 3295 3252 .result = REJECT, 3296 3253 .errstr_unpriv = "R0 pointer arithmetic prohibited", 3297 3254 .result_unpriv = REJECT, 3255 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 3298 3256 }, 3299 3257 { 3300 3258 "constant register |= constant should keep constant type", ··· 3455 3411 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 3456 3412 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 3457 3413 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 3414 + BPF_MOV64_IMM(BPF_REG_0, 0), 3415 + BPF_EXIT_INSN(), 3416 + }, 3417 + .result = ACCEPT, 3418 + .prog_type = BPF_PROG_TYPE_LWT_XMIT, 3419 + }, 3420 + { 3421 + "overlapping checks for direct packet access", 3422 + .insns = { 3423 + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 3424 + offsetof(struct __sk_buff, data)), 3425 + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 3426 + offsetof(struct __sk_buff, data_end)), 3427 + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 3428 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 3429 + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4), 3430 + BPF_MOV64_REG(BPF_REG_1, BPF_REG_2), 3431 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6), 3432 + BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1), 3433 + BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6), 3458 3434 BPF_MOV64_IMM(BPF_REG_0, 0), 3459 3435 BPF_EXIT_INSN(), 3460 3436 }, ··· 4025 3961 .result_unpriv = REJECT, 4026 3962 }, 4027 3963 { 4028 - "map element value (adjusted) is preserved across register spilling", 3964 + "map element value or null is marked on register spilling", 3965 + .insns = { 3966 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 3967 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 3968 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 3969 + BPF_LD_MAP_FD(BPF_REG_1, 0), 3970 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 3971 + BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 3972 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -152), 3973 + BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0), 3974 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), 3975 + BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 0), 3976 + BPF_ST_MEM(BPF_DW, BPF_REG_3, 0, 42), 3977 + BPF_EXIT_INSN(), 3978 + }, 3979 + .fixup_map2 = { 3 }, 3980 + .errstr_unpriv = "R0 leaks addr", 3981 + .result = ACCEPT, 3982 + .result_unpriv = REJECT, 3983 + }, 3984 + { 3985 + "map element value store of cleared call register", 3986 + .insns = { 3987 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 3988 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 3989 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 3990 + BPF_LD_MAP_FD(BPF_REG_1, 0), 3991 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 3992 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1), 3993 + BPF_STX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 0), 3994 + BPF_EXIT_INSN(), 3995 + }, 3996 + .fixup_map2 = { 3 }, 3997 + .errstr_unpriv = "R1 !read_ok", 3998 + .errstr = "R1 !read_ok", 3999 + .result = REJECT, 4000 + .result_unpriv = REJECT, 4001 + }, 4002 + { 4003 + "map element value with unaligned store", 4004 + .insns = { 4005 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4006 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4007 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4008 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4009 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4010 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 17), 4011 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3), 4012 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 42), 4013 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 2, 43), 4014 + BPF_ST_MEM(BPF_DW, BPF_REG_0, -2, 44), 4015 + BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), 4016 + BPF_ST_MEM(BPF_DW, BPF_REG_8, 0, 32), 4017 + BPF_ST_MEM(BPF_DW, BPF_REG_8, 2, 33), 4018 + BPF_ST_MEM(BPF_DW, BPF_REG_8, -2, 34), 4019 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_8, 5), 4020 + BPF_ST_MEM(BPF_DW, BPF_REG_8, 0, 22), 4021 + BPF_ST_MEM(BPF_DW, BPF_REG_8, 4, 23), 4022 + BPF_ST_MEM(BPF_DW, BPF_REG_8, -7, 24), 4023 + BPF_MOV64_REG(BPF_REG_7, BPF_REG_8), 4024 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 3), 4025 + BPF_ST_MEM(BPF_DW, BPF_REG_7, 0, 22), 4026 + BPF_ST_MEM(BPF_DW, BPF_REG_7, 4, 23), 4027 + BPF_ST_MEM(BPF_DW, BPF_REG_7, -4, 24), 4028 + BPF_EXIT_INSN(), 4029 + }, 4030 + .fixup_map2 = { 3 }, 4031 + .errstr_unpriv = "R0 pointer arithmetic prohibited", 4032 + .result = ACCEPT, 4033 + .result_unpriv = REJECT, 4034 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 4035 + }, 4036 + { 4037 + "map element value with unaligned load", 4038 + .insns = { 4039 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4040 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4041 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4042 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4043 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4044 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11), 4045 + BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0), 4046 + BPF_JMP_IMM(BPF_JGE, BPF_REG_1, MAX_ENTRIES, 9), 4047 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3), 4048 + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 4049 + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 2), 4050 + BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), 4051 + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_8, 0), 4052 + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_8, 2), 4053 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 5), 4054 + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 4055 + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4), 4056 + BPF_EXIT_INSN(), 4057 + }, 4058 + .fixup_map2 = { 3 }, 4059 + .errstr_unpriv = "R0 pointer arithmetic prohibited", 4060 + .result = ACCEPT, 4061 + .result_unpriv = REJECT, 4062 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 4063 + }, 4064 + { 4065 + "map element value illegal alu op, 1", 4066 + .insns = { 4067 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4068 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4069 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4070 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4071 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4072 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), 4073 + BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 8), 4074 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 22), 4075 + BPF_EXIT_INSN(), 4076 + }, 4077 + .fixup_map2 = { 3 }, 4078 + .errstr_unpriv = "R0 pointer arithmetic prohibited", 4079 + .errstr = "invalid mem access 'inv'", 4080 + .result = REJECT, 4081 + .result_unpriv = REJECT, 4082 + }, 4083 + { 4084 + "map element value illegal alu op, 2", 4085 + .insns = { 4086 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4087 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4088 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4089 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4090 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4091 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), 4092 + BPF_ALU32_IMM(BPF_ADD, BPF_REG_0, 0), 4093 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 22), 4094 + BPF_EXIT_INSN(), 4095 + }, 4096 + .fixup_map2 = { 3 }, 4097 + .errstr_unpriv = "R0 pointer arithmetic prohibited", 4098 + .errstr = "invalid mem access 'inv'", 4099 + .result = REJECT, 4100 + .result_unpriv = REJECT, 4101 + }, 4102 + { 4103 + "map element value illegal alu op, 3", 4104 + .insns = { 4105 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4106 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4107 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4108 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4109 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4110 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), 4111 + BPF_ALU64_IMM(BPF_DIV, BPF_REG_0, 42), 4112 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 22), 4113 + BPF_EXIT_INSN(), 4114 + }, 4115 + .fixup_map2 = { 3 }, 4116 + .errstr_unpriv = "R0 pointer arithmetic prohibited", 4117 + .errstr = "invalid mem access 'inv'", 4118 + .result = REJECT, 4119 + .result_unpriv = REJECT, 4120 + }, 4121 + { 4122 + "map element value illegal alu op, 4", 4123 + .insns = { 4124 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4125 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4126 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4127 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4128 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4129 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), 4130 + BPF_ENDIAN(BPF_FROM_BE, BPF_REG_0, 64), 4131 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 22), 4132 + BPF_EXIT_INSN(), 4133 + }, 4134 + .fixup_map2 = { 3 }, 4135 + .errstr_unpriv = "R0 pointer arithmetic prohibited", 4136 + .errstr = "invalid mem access 'inv'", 4137 + .result = REJECT, 4138 + .result_unpriv = REJECT, 4139 + }, 4140 + { 4141 + "map element value illegal alu op, 5", 4142 + .insns = { 4143 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4144 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4145 + BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 4146 + BPF_LD_MAP_FD(BPF_REG_1, 0), 4147 + BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 4148 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7), 4149 + BPF_MOV64_IMM(BPF_REG_3, 4096), 4150 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4151 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4152 + BPF_STX_MEM(BPF_DW, BPF_REG_2, BPF_REG_0, 0), 4153 + BPF_STX_XADD(BPF_DW, BPF_REG_2, BPF_REG_3, 0), 4154 + BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_2, 0), 4155 + BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 22), 4156 + BPF_EXIT_INSN(), 4157 + }, 4158 + .fixup_map2 = { 3 }, 4159 + .errstr_unpriv = "R0 invalid mem access 'inv'", 4160 + .errstr = "R0 invalid mem access 'inv'", 4161 + .result = REJECT, 4162 + .result_unpriv = REJECT, 4163 + }, 4164 + { 4165 + "map element value is preserved across register spilling", 4029 4166 .insns = { 4030 4167 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4031 4168 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), ··· 4248 3983 .errstr_unpriv = "R0 pointer arithmetic prohibited", 4249 3984 .result = ACCEPT, 4250 3985 .result_unpriv = REJECT, 3986 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 4251 3987 }, 4252 3988 { 4253 3989 "helper access to variable memory: stack, bitwise AND + JMP, correct bounds", ··· 4687 4421 .errstr = "R0 min value is negative, either use unsigned index or do a if (index >=0) check.", 4688 4422 .result = REJECT, 4689 4423 .result_unpriv = REJECT, 4424 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 4690 4425 }, 4691 4426 { 4692 4427 "invalid range check", ··· 4719 4452 .errstr = "R0 min value is negative, either use unsigned index or do a if (index >=0) check.", 4720 4453 .result = REJECT, 4721 4454 .result_unpriv = REJECT, 4455 + .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 4722 4456 } 4723 4457 }; 4724 4458 ··· 4798 4530 static void do_test_single(struct bpf_test *test, bool unpriv, 4799 4531 int *passes, int *errors) 4800 4532 { 4533 + int fd_prog, expected_ret, reject_from_alignment; 4801 4534 struct bpf_insn *prog = test->insns; 4802 4535 int prog_len = probe_filter_length(prog); 4803 4536 int prog_type = test->prog_type; 4804 4537 int fd_f1 = -1, fd_f2 = -1, fd_f3 = -1; 4805 - int fd_prog, expected_ret; 4806 4538 const char *expected_err; 4807 4539 4808 4540 do_test_fixup(test, prog, &fd_f1, &fd_f2, &fd_f3); ··· 4815 4547 test->result_unpriv : test->result; 4816 4548 expected_err = unpriv && test->errstr_unpriv ? 4817 4549 test->errstr_unpriv : test->errstr; 4550 + 4551 + reject_from_alignment = fd_prog < 0 && 4552 + (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS) && 4553 + strstr(bpf_vlog, "Unknown alignment."); 4554 + #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 4555 + if (reject_from_alignment) { 4556 + printf("FAIL\nFailed due to alignment despite having efficient unaligned access: '%s'!\n", 4557 + strerror(errno)); 4558 + goto fail_log; 4559 + } 4560 + #endif 4818 4561 if (expected_ret == ACCEPT) { 4819 - if (fd_prog < 0) { 4562 + if (fd_prog < 0 && !reject_from_alignment) { 4820 4563 printf("FAIL\nFailed to load prog '%s'!\n", 4821 4564 strerror(errno)); 4822 4565 goto fail_log; ··· 4837 4558 printf("FAIL\nUnexpected success to load!\n"); 4838 4559 goto fail_log; 4839 4560 } 4840 - if (!strstr(bpf_vlog, expected_err)) { 4561 + if (!strstr(bpf_vlog, expected_err) && !reject_from_alignment) { 4841 4562 printf("FAIL\nUnexpected error message!\n"); 4842 4563 goto fail_log; 4843 4564 } 4844 4565 } 4845 4566 4846 4567 (*passes)++; 4847 - printf("OK\n"); 4568 + printf("OK%s\n", reject_from_alignment ? 4569 + " (NOTE: reject due to unknown alignment)" : ""); 4848 4570 close_fds: 4849 4571 close(fd_prog); 4850 4572 close(fd_f1);

+5 -5

tools/testing/selftests/powerpc/Makefile

··· 34 34 all: $(SUB_DIRS) 35 35 36 36 $(SUB_DIRS): 37 - BUILD_TARGET=$$OUTPUT/$@; mkdir -p $$BUILD_TARGET; $(MAKE) OUTPUT=$$BUILD_TARGET -k -C $@ all 37 + BUILD_TARGET=$(OUTPUT)/$@; mkdir -p $$BUILD_TARGET; $(MAKE) OUTPUT=$$BUILD_TARGET -k -C $@ all 38 38 39 39 include ../lib.mk 40 40 41 41 override define RUN_TESTS 42 42 @for TARGET in $(SUB_DIRS); do \ 43 - BUILD_TARGET=$$OUTPUT/$$TARGET; \ 43 + BUILD_TARGET=$(OUTPUT)/$$TARGET; \ 44 44 $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET run_tests;\ 45 45 done; 46 46 endef 47 47 48 48 override define INSTALL_RULE 49 49 @for TARGET in $(SUB_DIRS); do \ 50 - BUILD_TARGET=$$OUTPUT/$$TARGET; \ 50 + BUILD_TARGET=$(OUTPUT)/$$TARGET; \ 51 51 $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET install;\ 52 52 done; 53 53 endef 54 54 55 55 override define EMIT_TESTS 56 56 @for TARGET in $(SUB_DIRS); do \ 57 - BUILD_TARGET=$$OUTPUT/$$TARGET; \ 57 + BUILD_TARGET=$(OUTPUT)/$$TARGET; \ 58 58 $(MAKE) OUTPUT=$$BUILD_TARGET -s -C $$TARGET emit_tests;\ 59 59 done; 60 60 endef 61 61 62 62 clean: 63 63 @for TARGET in $(SUB_DIRS); do \ 64 - BUILD_TARGET=$$OUTPUT/$$TARGET; \ 64 + BUILD_TARGET=$(OUTPUT)/$$TARGET; \ 65 65 $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET clean; \ 66 66 done; 67 67 rm -f tags

+19

virt/kvm/arm/vgic/vgic-init.c

··· 392 392 } 393 393 394 394 /** 395 + * kvm_vgic_init_cpu_hardware - initialize the GIC VE hardware 396 + * 397 + * For a specific CPU, initialize the GIC VE hardware. 398 + */ 399 + void kvm_vgic_init_cpu_hardware(void) 400 + { 401 + BUG_ON(preemptible()); 402 + 403 + /* 404 + * We want to make sure the list registers start out clear so that we 405 + * only have the program the used registers. 406 + */ 407 + if (kvm_vgic_global_state.type == VGIC_V2) 408 + vgic_v2_init_lrs(); 409 + else 410 + kvm_call_hyp(__vgic_v3_init_lrs); 411 + } 412 + 413 + /** 395 414 * kvm_vgic_hyp_init: populates the kvm_vgic_global_state variable 396 415 * according to the host GIC model. Accordingly calls either 397 416 * vgic_v2/v3_probe which registers the KVM_DEVICE that can be

+18 -2

virt/kvm/arm/vgic/vgic-mmio-v2.c

··· 229 229 val = vmcr.ctlr; 230 230 break; 231 231 case GIC_CPU_PRIMASK: 232 - val = vmcr.pmr; 232 + /* 233 + * Our KVM_DEV_TYPE_ARM_VGIC_V2 device ABI exports the 234 + * the PMR field as GICH_VMCR.VMPriMask rather than 235 + * GICC_PMR.Priority, so we expose the upper five bits of 236 + * priority mask to userspace using the lower bits in the 237 + * unsigned long. 238 + */ 239 + val = (vmcr.pmr & GICV_PMR_PRIORITY_MASK) >> 240 + GICV_PMR_PRIORITY_SHIFT; 233 241 break; 234 242 case GIC_CPU_BINPOINT: 235 243 val = vmcr.bpr; ··· 270 262 vmcr.ctlr = val; 271 263 break; 272 264 case GIC_CPU_PRIMASK: 273 - vmcr.pmr = val; 265 + /* 266 + * Our KVM_DEV_TYPE_ARM_VGIC_V2 device ABI exports the 267 + * the PMR field as GICH_VMCR.VMPriMask rather than 268 + * GICC_PMR.Priority, so we expose the upper five bits of 269 + * priority mask to userspace using the lower bits in the 270 + * unsigned long. 271 + */ 272 + vmcr.pmr = (val << GICV_PMR_PRIORITY_SHIFT) & 273 + GICV_PMR_PRIORITY_MASK; 274 274 break; 275 275 case GIC_CPU_BINPOINT: 276 276 vmcr.bpr = val;

+19 -4

virt/kvm/arm/vgic/vgic-v2.c

··· 36 36 return (unsigned long *)val; 37 37 } 38 38 39 + static inline void vgic_v2_write_lr(int lr, u32 val) 40 + { 41 + void __iomem *base = kvm_vgic_global_state.vctrl_base; 42 + 43 + writel_relaxed(val, base + GICH_LR0 + (lr * 4)); 44 + } 45 + 46 + void vgic_v2_init_lrs(void) 47 + { 48 + int i; 49 + 50 + for (i = 0; i < kvm_vgic_global_state.nr_lr; i++) 51 + vgic_v2_write_lr(i, 0); 52 + } 53 + 39 54 void vgic_v2_process_maintenance(struct kvm_vcpu *vcpu) 40 55 { 41 56 struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2; ··· 206 191 GICH_VMCR_ALIAS_BINPOINT_MASK; 207 192 vmcr |= (vmcrp->bpr << GICH_VMCR_BINPOINT_SHIFT) & 208 193 GICH_VMCR_BINPOINT_MASK; 209 - vmcr |= (vmcrp->pmr << GICH_VMCR_PRIMASK_SHIFT) & 210 - GICH_VMCR_PRIMASK_MASK; 194 + vmcr |= ((vmcrp->pmr >> GICV_PMR_PRIORITY_SHIFT) << 195 + GICH_VMCR_PRIMASK_SHIFT) & GICH_VMCR_PRIMASK_MASK; 211 196 212 197 vcpu->arch.vgic_cpu.vgic_v2.vgic_vmcr = vmcr; 213 198 } ··· 222 207 GICH_VMCR_ALIAS_BINPOINT_SHIFT; 223 208 vmcrp->bpr = (vmcr & GICH_VMCR_BINPOINT_MASK) >> 224 209 GICH_VMCR_BINPOINT_SHIFT; 225 - vmcrp->pmr = (vmcr & GICH_VMCR_PRIMASK_MASK) >> 226 - GICH_VMCR_PRIMASK_SHIFT; 210 + vmcrp->pmr = ((vmcr & GICH_VMCR_PRIMASK_MASK) >> 211 + GICH_VMCR_PRIMASK_SHIFT) << GICV_PMR_PRIORITY_SHIFT; 227 212 } 228 213 229 214 void vgic_v2_enable(struct kvm_vcpu *vcpu)

+10 -1

virt/kvm/arm/vgic/vgic.h

··· 81 81 return irq->pending_latch || irq->line_level; 82 82 } 83 83 84 + /* 85 + * This struct provides an intermediate representation of the fields contained 86 + * in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC 87 + * state to userspace can generate either GICv2 or GICv3 CPU interface 88 + * registers regardless of the hardware backed GIC used. 89 + */ 84 90 struct vgic_vmcr { 85 91 u32 ctlr; 86 92 u32 abpr; 87 93 u32 bpr; 88 - u32 pmr; 94 + u32 pmr; /* Priority mask field in the GICC_PMR and 95 + * ICC_PMR_EL1 priority field format */ 89 96 /* Below member variable are valid only for GICv3 */ 90 97 u32 grpen0; 91 98 u32 grpen1; ··· 136 129 int vgic_v2_map_resources(struct kvm *kvm); 137 130 int vgic_register_dist_iodev(struct kvm *kvm, gpa_t dist_base_address, 138 131 enum vgic_type); 132 + 133 + void vgic_v2_init_lrs(void); 139 134 140 135 static inline void vgic_get_irq_kref(struct vgic_irq *irq) 141 136 {