Author: mpagano Date: 2014-04-15 14:23:04 +0000 (Tue, 15 Apr 2014) New Revision: 2750
Added: genpatches-2.6/trunk/3.14/1000_linux-3.14.1.patch Modified: genpatches-2.6/trunk/3.14/0000_README Log: Linux patch 3.14.1 Modified: genpatches-2.6/trunk/3.14/0000_README =================================================================== --- genpatches-2.6/trunk/3.14/0000_README 2014-04-10 16:45:15 UTC (rev 2749) +++ genpatches-2.6/trunk/3.14/0000_README 2014-04-15 14:23:04 UTC (rev 2750) @@ -42,6 +42,10 @@ Individual Patch Descriptions: -------------------------------------------------------------------------- +Patch: 1000_linux-3.14.1.patch +From: http://www.kernel.org +Desc: Linux 3.14.1 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. Added: genpatches-2.6/trunk/3.14/1000_linux-3.14.1.patch =================================================================== --- genpatches-2.6/trunk/3.14/1000_linux-3.14.1.patch (rev 0) +++ genpatches-2.6/trunk/3.14/1000_linux-3.14.1.patch 2014-04-15 14:23:04 UTC (rev 2750) @@ -0,0 +1,1221 @@ +diff --git a/Makefile b/Makefile +index e5ac8a62e6e5..7d0b6992d9ed 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 14 +-SUBLEVEL = 0 ++SUBLEVEL = 1 + EXTRAVERSION = + NAME = Shuffling Zombie Juror + +diff --git a/arch/arc/boot/dts/nsimosci.dts b/arch/arc/boot/dts/nsimosci.dts +index ea16d782af58..4f31b2eb5cdf 100644 +--- a/arch/arc/boot/dts/nsimosci.dts ++++ b/arch/arc/boot/dts/nsimosci.dts +@@ -11,13 +11,16 @@ + + / { + compatible = "snps,nsimosci"; +- clock-frequency = <80000000>; /* 80 MHZ */ ++ clock-frequency = <20000000>; /* 20 MHZ */ + #address-cells = <1>; + #size-cells = <1>; + interrupt-parent = <&intc>; + + chosen { +- bootargs = "console=tty0 consoleblank=0"; ++ /* this is for console on PGU */ ++ /* bootargs = "console=tty0 consoleblank=0"; */ ++ /* this is for console on serial */ ++ bootargs = "earlycon=uart8250,mmio32,0xc0000000,115200n8 console=ttyS0,115200n8 consoleblank=0 debug"; + }; + + aliases { +@@ -44,15 +47,14 @@ + }; + + uart0: serial@c0000000 { +- compatible = "snps,dw-apb-uart"; ++ compatible = "ns8250"; + reg = <0xc0000000 0x2000>; + interrupts = <11>; +- #clock-frequency = <80000000>; + clock-frequency = <3686400>; + baud = <115200>; + reg-shift = <2>; + reg-io-width = <4>; +- status = "okay"; ++ no-loopback-test = <1>; + }; + + pgu0: pgu@c9000000 { +diff --git a/arch/arc/configs/nsimosci_defconfig b/arch/arc/configs/nsimosci_defconfig +index 451af30914f6..c01ba35a4eff 100644 +--- a/arch/arc/configs/nsimosci_defconfig ++++ b/arch/arc/configs/nsimosci_defconfig +@@ -54,6 +54,7 @@ CONFIG_SERIO_ARC_PS2=y + CONFIG_SERIAL_8250=y + CONFIG_SERIAL_8250_CONSOLE=y + CONFIG_SERIAL_8250_DW=y ++CONFIG_SERIAL_OF_PLATFORM=y + CONFIG_SERIAL_ARC=y + CONFIG_SERIAL_ARC_CONSOLE=y + # CONFIG_HW_RANDOM is not set +diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig +index dbdd2231c75d..b2e322939256 100644 +--- a/arch/m68k/Kconfig ++++ b/arch/m68k/Kconfig +@@ -17,6 +17,7 @@ config M68K + select FPU if MMU + select ARCH_WANT_IPC_PARSE_VERSION + select ARCH_USES_GETTIMEOFFSET if MMU && !COLDFIRE ++ select HAVE_FUTEX_CMPXCHG if MMU && FUTEX + select HAVE_MOD_ARCH_SPECIFIC + select MODULES_USE_ELF_REL + select MODULES_USE_ELF_RELA +diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig +index 65a07750f4f9..bb74b21f007a 100644 +--- a/arch/s390/Kconfig ++++ b/arch/s390/Kconfig +@@ -117,6 +117,7 @@ config S390 + select HAVE_FUNCTION_GRAPH_TRACER + select HAVE_FUNCTION_TRACER + select HAVE_FUNCTION_TRACE_MCOUNT_TEST ++ select HAVE_FUTEX_CMPXCHG if FUTEX + select HAVE_KERNEL_BZIP2 + select HAVE_KERNEL_GZIP + select HAVE_KERNEL_LZ4 +diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S +index 586f41aac361..185fad49d86f 100644 +--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S ++++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S +@@ -24,10 +24,6 @@ + .align 16 + .Lbswap_mask: + .octa 0x000102030405060708090a0b0c0d0e0f +-.Lpoly: +- .octa 0xc2000000000000000000000000000001 +-.Ltwo_one: +- .octa 0x00000001000000000000000000000001 + + #define DATA %xmm0 + #define SHASH %xmm1 +@@ -134,28 +130,3 @@ ENTRY(clmul_ghash_update) + .Lupdate_just_ret: + ret + ENDPROC(clmul_ghash_update) +- +-/* +- * void clmul_ghash_setkey(be128 *shash, const u8 *key); +- * +- * Calculate hash_key << 1 mod poly +- */ +-ENTRY(clmul_ghash_setkey) +- movaps .Lbswap_mask, BSWAP +- movups (%rsi), %xmm0 +- PSHUFB_XMM BSWAP %xmm0 +- movaps %xmm0, %xmm1 +- psllq $1, %xmm0 +- psrlq $63, %xmm1 +- movaps %xmm1, %xmm2 +- pslldq $8, %xmm1 +- psrldq $8, %xmm2 +- por %xmm1, %xmm0 +- # reduction +- pshufd $0b00100100, %xmm2, %xmm1 +- pcmpeqd .Ltwo_one, %xmm1 +- pand .Lpoly, %xmm1 +- pxor %xmm1, %xmm0 +- movups %xmm0, (%rdi) +- ret +-ENDPROC(clmul_ghash_setkey) +diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c +index 6759dd1135be..d785cf2c529c 100644 +--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c ++++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c +@@ -30,8 +30,6 @@ void clmul_ghash_mul(char *dst, const be128 *shash); + void clmul_ghash_update(char *dst, const char *src, unsigned int srclen, + const be128 *shash); + +-void clmul_ghash_setkey(be128 *shash, const u8 *key); +- + struct ghash_async_ctx { + struct cryptd_ahash *cryptd_tfm; + }; +@@ -58,13 +56,23 @@ static int ghash_setkey(struct crypto_shash *tfm, + const u8 *key, unsigned int keylen) + { + struct ghash_ctx *ctx = crypto_shash_ctx(tfm); ++ be128 *x = (be128 *)key; ++ u64 a, b; + + if (keylen != GHASH_BLOCK_SIZE) { + crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); + return -EINVAL; + } + +- clmul_ghash_setkey(&ctx->shash, key); ++ /* perform multiplication by 'x' in GF(2^128) */ ++ a = be64_to_cpu(x->a); ++ b = be64_to_cpu(x->b); ++ ++ ctx->shash.a = (__be64)((b << 1) | (a >> 63)); ++ ctx->shash.b = (__be64)((a << 1) | (b >> 63)); ++ ++ if (a >> 63) ++ ctx->shash.b ^= cpu_to_be64(0xc2); + + return 0; + } +diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h +index acd86c850414..f949715e3957 100644 +--- a/arch/x86/include/asm/efi.h ++++ b/arch/x86/include/asm/efi.h +@@ -130,7 +130,8 @@ extern void efi_memory_uc(u64 addr, unsigned long size); + extern void __init efi_map_region(efi_memory_desc_t *md); + extern void __init efi_map_region_fixed(efi_memory_desc_t *md); + extern void efi_sync_low_kernel_mappings(void); +-extern void efi_setup_page_tables(void); ++extern int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages); ++extern void efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages); + extern void __init old_map_region(efi_memory_desc_t *md); + extern void __init runtime_code_page_mkexec(void); + extern void __init efi_runtime_mkexec(void); +diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h +index 1aa9ccd43223..94e40f1efdfd 100644 +--- a/arch/x86/include/asm/pgtable_types.h ++++ b/arch/x86/include/asm/pgtable_types.h +@@ -385,6 +385,8 @@ extern pte_t *lookup_address(unsigned long address, unsigned int *level); + extern phys_addr_t slow_virt_to_phys(void *__address); + extern int kernel_map_pages_in_pgd(pgd_t *pgd, u64 pfn, unsigned long address, + unsigned numpages, unsigned long page_flags); ++void kernel_unmap_pages_in_pgd(pgd_t *root, unsigned long address, ++ unsigned numpages); + #endif /* !__ASSEMBLY__ */ + + #endif /* _ASM_X86_PGTABLE_DEFS_H */ +diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c +index b3b19f46c016..a3488689e301 100644 +--- a/arch/x86/mm/pageattr.c ++++ b/arch/x86/mm/pageattr.c +@@ -692,6 +692,18 @@ static bool try_to_free_pmd_page(pmd_t *pmd) + return true; + } + ++static bool try_to_free_pud_page(pud_t *pud) ++{ ++ int i; ++ ++ for (i = 0; i < PTRS_PER_PUD; i++) ++ if (!pud_none(pud[i])) ++ return false; ++ ++ free_page((unsigned long)pud); ++ return true; ++} ++ + static bool unmap_pte_range(pmd_t *pmd, unsigned long start, unsigned long end) + { + pte_t *pte = pte_offset_kernel(pmd, start); +@@ -805,6 +817,16 @@ static void unmap_pud_range(pgd_t *pgd, unsigned long start, unsigned long end) + */ + } + ++static void unmap_pgd_range(pgd_t *root, unsigned long addr, unsigned long end) ++{ ++ pgd_t *pgd_entry = root + pgd_index(addr); ++ ++ unmap_pud_range(pgd_entry, addr, end); ++ ++ if (try_to_free_pud_page((pud_t *)pgd_page_vaddr(*pgd_entry))) ++ pgd_clear(pgd_entry); ++} ++ + static int alloc_pte_page(pmd_t *pmd) + { + pte_t *pte = (pte_t *)get_zeroed_page(GFP_KERNEL | __GFP_NOTRACK); +@@ -999,9 +1021,8 @@ static int populate_pud(struct cpa_data *cpa, unsigned long start, pgd_t *pgd, + static int populate_pgd(struct cpa_data *cpa, unsigned long addr) + { + pgprot_t pgprot = __pgprot(_KERNPG_TABLE); +- bool allocd_pgd = false; +- pgd_t *pgd_entry; + pud_t *pud = NULL; /* shut up gcc */ ++ pgd_t *pgd_entry; + int ret; + + pgd_entry = cpa->pgd + pgd_index(addr); +@@ -1015,7 +1036,6 @@ static int populate_pgd(struct cpa_data *cpa, unsigned long addr) + return -1; + + set_pgd(pgd_entry, __pgd(__pa(pud) | _KERNPG_TABLE)); +- allocd_pgd = true; + } + + pgprot_val(pgprot) &= ~pgprot_val(cpa->mask_clr); +@@ -1023,19 +1043,11 @@ static int populate_pgd(struct cpa_data *cpa, unsigned long addr) + + ret = populate_pud(cpa, addr, pgd_entry, pgprot); + if (ret < 0) { +- unmap_pud_range(pgd_entry, addr, ++ unmap_pgd_range(cpa->pgd, addr, + addr + (cpa->numpages << PAGE_SHIFT)); +- +- if (allocd_pgd) { +- /* +- * If I allocated this PUD page, I can just as well +- * free it in this error path. +- */ +- pgd_clear(pgd_entry); +- free_page((unsigned long)pud); +- } + return ret; + } ++ + cpa->numpages = ret; + return 0; + } +@@ -1861,6 +1873,12 @@ out: + return retval; + } + ++void kernel_unmap_pages_in_pgd(pgd_t *root, unsigned long address, ++ unsigned numpages) ++{ ++ unmap_pgd_range(root, address, address + (numpages << PAGE_SHIFT)); ++} ++ + /* + * The testcases use internal knowledge of the implementation that shouldn't + * be exposed to the rest of the kernel. Include these directly here. +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c +index b97acecf3fd9..abb81b0ad83f 100644 +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -939,14 +939,36 @@ static void __init efi_map_regions_fixed(void) + + } + ++static void *realloc_pages(void *old_memmap, int old_shift) ++{ ++ void *ret; ++ ++ ret = (void *)__get_free_pages(GFP_KERNEL, old_shift + 1); ++ if (!ret) ++ goto out; ++ ++ /* ++ * A first-time allocation doesn't have anything to copy. ++ */ ++ if (!old_memmap) ++ return ret; ++ ++ memcpy(ret, old_memmap, PAGE_SIZE << old_shift); ++ ++out: ++ free_pages((unsigned long)old_memmap, old_shift); ++ return ret; ++} ++ + /* +- * Map efi memory ranges for runtime serivce and update new_memmap with virtual +- * addresses. ++ * Map the efi memory ranges of the runtime services and update new_mmap with ++ * virtual addresses. + */ +-static void * __init efi_map_regions(int *count) ++static void * __init efi_map_regions(int *count, int *pg_shift) + { ++ void *p, *new_memmap = NULL; ++ unsigned long left = 0; + efi_memory_desc_t *md; +- void *p, *tmp, *new_memmap = NULL; + + for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) { + md = p; +@@ -961,20 +983,23 @@ static void * __init efi_map_regions(int *count) + efi_map_region(md); + get_systab_virt_addr(md); + +- tmp = krealloc(new_memmap, (*count + 1) * memmap.desc_size, +- GFP_KERNEL); +- if (!tmp) +- goto out; +- new_memmap = tmp; ++ if (left < memmap.desc_size) { ++ new_memmap = realloc_pages(new_memmap, *pg_shift); ++ if (!new_memmap) ++ return NULL; ++ ++ left += PAGE_SIZE << *pg_shift; ++ (*pg_shift)++; ++ } ++ + memcpy(new_memmap + (*count * memmap.desc_size), md, + memmap.desc_size); ++ ++ left -= memmap.desc_size; + (*count)++; + } + + return new_memmap; +-out: +- kfree(new_memmap); +- return NULL; + } + + /* +@@ -1000,9 +1025,9 @@ out: + */ + void __init efi_enter_virtual_mode(void) + { +- efi_status_t status; ++ int err, count = 0, pg_shift = 0; + void *new_memmap = NULL; +- int err, count = 0; ++ efi_status_t status; + + efi.systab = NULL; + +@@ -1019,20 +1044,24 @@ void __init efi_enter_virtual_mode(void) + efi_map_regions_fixed(); + } else { + efi_merge_regions(); +- new_memmap = efi_map_regions(&count); ++ new_memmap = efi_map_regions(&count, &pg_shift); + if (!new_memmap) { + pr_err("Error reallocating memory, EFI runtime non-functional!\n"); + return; + } +- } + +- err = save_runtime_map(); +- if (err) +- pr_err("Error saving runtime map, efi runtime on kexec non-functional!!\n"); ++ err = save_runtime_map(); ++ if (err) ++ pr_err("Error saving runtime map, efi runtime on kexec non-functional!!\n"); ++ } + + BUG_ON(!efi.systab); + +- efi_setup_page_tables(); ++ if (!efi_setup) { ++ if (efi_setup_page_tables(__pa(new_memmap), 1 << pg_shift)) ++ return; ++ } ++ + efi_sync_low_kernel_mappings(); + + if (!efi_setup) { +@@ -1072,7 +1101,35 @@ void __init efi_enter_virtual_mode(void) + + efi_runtime_mkexec(); + +- kfree(new_memmap); ++ ++ /* ++ * We mapped the descriptor array into the EFI pagetable above but we're ++ * not unmapping it here. Here's why: ++ * ++ * We're copying select PGDs from the kernel page table to the EFI page ++ * table and when we do so and make changes to those PGDs like unmapping ++ * stuff from them, those changes appear in the kernel page table and we ++ * go boom. ++ * ++ * From setup_real_mode(): ++ * ++ * ... ++ * trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd; ++ * ++ * In this particular case, our allocation is in PGD 0 of the EFI page ++ * table but we've copied that PGD from PGD[272] of the EFI page table: ++ * ++ * pgd_index(__PAGE_OFFSET = 0xffff880000000000) = 272 ++ * ++ * where the direct memory mapping in kernel space is. ++ * ++ * new_memmap's VA comes from that direct mapping and thus clearing it, ++ * it would get cleared in the kernel page table too. ++ * ++ * efi_cleanup_page_tables(__pa(new_memmap), 1 << pg_shift); ++ */ ++ if (!efi_setup) ++ free_pages((unsigned long)new_memmap, pg_shift); + + /* clean DUMMY object */ + efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID, +diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c +index 0b74cdf7f816..9ee3491e31fb 100644 +--- a/arch/x86/platform/efi/efi_32.c ++++ b/arch/x86/platform/efi/efi_32.c +@@ -40,7 +40,12 @@ + static unsigned long efi_rt_eflags; + + void efi_sync_low_kernel_mappings(void) {} +-void efi_setup_page_tables(void) {} ++void __init efi_dump_pagetable(void) {} ++int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) ++{ ++ return 0; ++} ++void efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages) {} + + void __init efi_map_region(efi_memory_desc_t *md) + { +diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c +index 0c2a234fef1e..666b74a09092 100644 +--- a/arch/x86/platform/efi/efi_64.c ++++ b/arch/x86/platform/efi/efi_64.c +@@ -137,12 +137,38 @@ void efi_sync_low_kernel_mappings(void) + sizeof(pgd_t) * num_pgds); + } + +-void efi_setup_page_tables(void) ++int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) + { ++ pgd_t *pgd; ++ ++ if (efi_enabled(EFI_OLD_MEMMAP)) ++ return 0; ++ + efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd; ++ pgd = __va(efi_scratch.efi_pgt); + +- if (!efi_enabled(EFI_OLD_MEMMAP)) +- efi_scratch.use_pgd = true; ++ /* ++ * It can happen that the physical address of new_memmap lands in memory ++ * which is not mapped in the EFI page table. Therefore we need to go ++ * and ident-map those pages containing the map before calling ++ * phys_efi_set_virtual_address_map(). ++ */ ++ if (kernel_map_pages_in_pgd(pgd, pa_memmap, pa_memmap, num_pages, _PAGE_NX)) { ++ pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap); ++ return 1; ++ } ++ ++ efi_scratch.use_pgd = true; ++ ++ ++ return 0; ++} ++ ++void efi_cleanup_page_tables(unsigned long pa_memmap, unsigned num_pages) ++{ ++ pgd_t *pgd = (pgd_t *)__va(real_mode_header->trampoline_pgd); ++ ++ kernel_unmap_pages_in_pgd(pgd, pa_memmap, num_pages); + } + + static void __init __map_region(efi_memory_desc_t *md, u64 va) +diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c +index 02125e6a9109..5a4da94aefb0 100644 +--- a/drivers/isdn/isdnloop/isdnloop.c ++++ b/drivers/isdn/isdnloop/isdnloop.c +@@ -518,9 +518,9 @@ static isdnloop_stat isdnloop_cmd_table[] = + static void + isdnloop_fake_err(isdnloop_card *card) + { +- char buf[60]; ++ char buf[64]; + +- sprintf(buf, "E%s", card->omsg); ++ snprintf(buf, sizeof(buf), "E%s", card->omsg); + isdnloop_fake(card, buf, -1); + isdnloop_fake(card, "NAK", -1); + } +@@ -903,6 +903,8 @@ isdnloop_parse_cmd(isdnloop_card *card) + case 7: + /* 0x;EAZ */ + p += 3; ++ if (strlen(p) >= sizeof(card->eazlist[0])) ++ break; + strcpy(card->eazlist[ch - 1], p); + break; + case 8: +@@ -1070,6 +1072,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef *sdefp) + return -EBUSY; + if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef))) + return -EFAULT; ++ ++ for (i = 0; i < 3; i++) { ++ if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i]))) ++ return -EINVAL; ++ } ++ + spin_lock_irqsave(&card->isdnloop_lock, flags); + switch (sdef.ptype) { + case ISDN_PTYPE_EURO: +@@ -1127,7 +1135,7 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card) + { + ulong a; + int i; +- char cbuf[60]; ++ char cbuf[80]; + isdn_ctrl cmd; + isdnloop_cdef cdef; + +@@ -1192,7 +1200,6 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card) + break; + if ((c->arg & 255) < ISDNLOOP_BCH) { + char *p; +- char dial[50]; + char dcode[4]; + + a = c->arg; +@@ -1204,10 +1211,10 @@ isdnloop_command(isdn_ctrl *c, isdnloop_card *card) + } else + /* Normal Dial */ + strcpy(dcode, "CAL"); +- strcpy(dial, p); +- sprintf(cbuf, "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1), +- dcode, dial, c->parm.setup.si1, +- c->parm.setup.si2, c->parm.setup.eazmsn); ++ snprintf(cbuf, sizeof(cbuf), ++ "%02d;D%s_R%s,%02d,%02d,%s\n", (int) (a + 1), ++ dcode, p, c->parm.setup.si1, ++ c->parm.setup.si2, c->parm.setup.eazmsn); + i = isdnloop_writecmd(cbuf, strlen(cbuf), 0, card); + } + break; +diff --git a/drivers/net/ethernet/cadence/at91_ether.c b/drivers/net/ethernet/cadence/at91_ether.c +index ce75de9bae9e..4a79edaf3885 100644 +--- a/drivers/net/ethernet/cadence/at91_ether.c ++++ b/drivers/net/ethernet/cadence/at91_ether.c +@@ -342,6 +342,9 @@ static int __init at91ether_probe(struct platform_device *pdev) + } + clk_enable(lp->pclk); + ++ lp->hclk = ERR_PTR(-ENOENT); ++ lp->tx_clk = ERR_PTR(-ENOENT); ++ + /* Install the interrupt handler */ + dev->irq = platform_get_irq(pdev, 0); + res = devm_request_irq(&pdev->dev, dev->irq, at91ether_interrupt, 0, dev->name, dev); +diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c +index 174a92f5fe51..7645a3ce3854 100644 +--- a/drivers/net/ethernet/sfc/ef10.c ++++ b/drivers/net/ethernet/sfc/ef10.c +@@ -565,10 +565,17 @@ static int efx_ef10_dimension_resources(struct efx_nic *efx) + * several of each (in fact that's the only option if host + * page size is >4K). So we may allocate some extra VIs just + * for writing PIO buffers through. ++ * ++ * The UC mapping contains (min_vis - 1) complete VIs and the ++ * first half of the next VI. Then the WC mapping begins with ++ * the second half of this last VI. + */ + uc_mem_map_size = PAGE_ALIGN((min_vis - 1) * EFX_VI_PAGE_SIZE + + ER_DZ_TX_PIOBUF); + if (nic_data->n_piobufs) { ++ /* pio_write_vi_base rounds down to give the number of complete ++ * VIs inside the UC mapping. ++ */ + pio_write_vi_base = uc_mem_map_size / EFX_VI_PAGE_SIZE; + wc_mem_map_size = (PAGE_ALIGN((pio_write_vi_base + + nic_data->n_piobufs) * +diff --git a/drivers/net/ethernet/sfc/efx.c b/drivers/net/ethernet/sfc/efx.c +index 83d464347021..f06c790fba5a 100644 +--- a/drivers/net/ethernet/sfc/efx.c ++++ b/drivers/net/ethernet/sfc/efx.c +@@ -1603,6 +1603,8 @@ static int efx_probe_nic(struct efx_nic *efx) + if (rc) + goto fail1; + ++ efx_set_channels(efx); ++ + rc = efx->type->dimension_resources(efx); + if (rc) + goto fail2; +@@ -1613,7 +1615,6 @@ static int efx_probe_nic(struct efx_nic *efx) + efx->rx_indir_table[i] = + ethtool_rxfh_indir_default(i, efx->rss_spread); + +- efx_set_channels(efx); + netif_set_real_num_tx_queues(efx->net_dev, efx->n_tx_channels); + netif_set_real_num_rx_queues(efx->net_dev, efx->n_rx_channels); + +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c +index 1236812c7be6..d091e52b00e1 100644 +--- a/drivers/net/vxlan.c ++++ b/drivers/net/vxlan.c +@@ -871,6 +871,9 @@ static int vxlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[], + if (err) + return err; + ++ if (vxlan->default_dst.remote_ip.sa.sa_family != ip.sa.sa_family) ++ return -EAFNOSUPPORT; ++ + spin_lock_bh(&vxlan->hash_lock); + err = vxlan_fdb_create(vxlan, addr, &ip, ndm->ndm_state, flags, + port, vni, ifindex, ndm->ndm_flags); +@@ -2612,9 +2615,10 @@ static int vxlan_newlink(struct net *net, struct net_device *dev, + vni = nla_get_u32(data[IFLA_VXLAN_ID]); + dst->remote_vni = vni; + ++ /* Unless IPv6 is explicitly requested, assume IPv4 */ ++ dst->remote_ip.sa.sa_family = AF_INET; + if (data[IFLA_VXLAN_GROUP]) { + dst->remote_ip.sin.sin_addr.s_addr = nla_get_be32(data[IFLA_VXLAN_GROUP]); +- dst->remote_ip.sa.sa_family = AF_INET; + } else if (data[IFLA_VXLAN_GROUP6]) { + if (!IS_ENABLED(CONFIG_IPV6)) + return -EPFNOSUPPORT; +diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c +index 6abf74e1351f..5bc871513505 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/rs.c ++++ b/drivers/net/wireless/iwlwifi/mvm/rs.c +@@ -211,9 +211,9 @@ static const struct rs_tx_column rs_tx_columns[] = { + .next_columns = { + RS_COLUMN_LEGACY_ANT_B, + RS_COLUMN_SISO_ANT_A, ++ RS_COLUMN_SISO_ANT_B, + RS_COLUMN_MIMO2, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, ++ RS_COLUMN_MIMO2_SGI, + }, + }, + [RS_COLUMN_LEGACY_ANT_B] = { +@@ -221,10 +221,10 @@ static const struct rs_tx_column rs_tx_columns[] = { + .ant = ANT_B, + .next_columns = { + RS_COLUMN_LEGACY_ANT_A, ++ RS_COLUMN_SISO_ANT_A, + RS_COLUMN_SISO_ANT_B, + RS_COLUMN_MIMO2, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, ++ RS_COLUMN_MIMO2_SGI, + }, + }, + [RS_COLUMN_SISO_ANT_A] = { +@@ -234,8 +234,8 @@ static const struct rs_tx_column rs_tx_columns[] = { + RS_COLUMN_SISO_ANT_B, + RS_COLUMN_MIMO2, + RS_COLUMN_SISO_ANT_A_SGI, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, ++ RS_COLUMN_SISO_ANT_B_SGI, ++ RS_COLUMN_MIMO2_SGI, + }, + .checks = { + rs_siso_allow, +@@ -248,8 +248,8 @@ static const struct rs_tx_column rs_tx_columns[] = { + RS_COLUMN_SISO_ANT_A, + RS_COLUMN_MIMO2, + RS_COLUMN_SISO_ANT_B_SGI, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, ++ RS_COLUMN_SISO_ANT_A_SGI, ++ RS_COLUMN_MIMO2_SGI, + }, + .checks = { + rs_siso_allow, +@@ -263,8 +263,8 @@ static const struct rs_tx_column rs_tx_columns[] = { + RS_COLUMN_SISO_ANT_B_SGI, + RS_COLUMN_MIMO2_SGI, + RS_COLUMN_SISO_ANT_A, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, ++ RS_COLUMN_SISO_ANT_B, ++ RS_COLUMN_MIMO2, + }, + .checks = { + rs_siso_allow, +@@ -279,8 +279,8 @@ static const struct rs_tx_column rs_tx_columns[] = { + RS_COLUMN_SISO_ANT_A_SGI, + RS_COLUMN_MIMO2_SGI, + RS_COLUMN_SISO_ANT_B, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, ++ RS_COLUMN_SISO_ANT_A, ++ RS_COLUMN_MIMO2, + }, + .checks = { + rs_siso_allow, +@@ -292,10 +292,10 @@ static const struct rs_tx_column rs_tx_columns[] = { + .ant = ANT_AB, + .next_columns = { + RS_COLUMN_SISO_ANT_A, ++ RS_COLUMN_SISO_ANT_B, ++ RS_COLUMN_SISO_ANT_A_SGI, ++ RS_COLUMN_SISO_ANT_B_SGI, + RS_COLUMN_MIMO2_SGI, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, + }, + .checks = { + rs_mimo_allow, +@@ -307,10 +307,10 @@ static const struct rs_tx_column rs_tx_columns[] = { + .sgi = true, + .next_columns = { + RS_COLUMN_SISO_ANT_A_SGI, ++ RS_COLUMN_SISO_ANT_B_SGI, ++ RS_COLUMN_SISO_ANT_A, ++ RS_COLUMN_SISO_ANT_B, + RS_COLUMN_MIMO2, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, +- RS_COLUMN_INVALID, + }, + .checks = { + rs_mimo_allow, +diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h +index ae413a2cbee7..4bf5b334664e 100644 +--- a/drivers/net/xen-netback/common.h ++++ b/drivers/net/xen-netback/common.h +@@ -113,6 +113,11 @@ struct xenvif { + domid_t domid; + unsigned int handle; + ++ /* Is this interface disabled? True when backend discovers ++ * frontend is rogue. ++ */ ++ bool disabled; ++ + /* Use NAPI for guest TX */ + struct napi_struct napi; + /* When feature-split-event-channels = 0, tx_irq = rx_irq. */ +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index 301cc037fda8..2e92d52c0a6d 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -62,6 +62,15 @@ static int xenvif_poll(struct napi_struct *napi, int budget) + struct xenvif *vif = container_of(napi, struct xenvif, napi); + int work_done; + ++ /* This vif is rogue, we pretend we've there is nothing to do ++ * for this vif to deschedule it from NAPI. But this interface ++ * will be turned off in thread context later. ++ */ ++ if (unlikely(vif->disabled)) { ++ napi_complete(napi); ++ return 0; ++ } ++ + work_done = xenvif_tx_action(vif, budget); + + if (work_done < budget) { +@@ -321,6 +330,8 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid, + vif->ip_csum = 1; + vif->dev = dev; + ++ vif->disabled = false; ++ + vif->credit_bytes = vif->remaining_credit = ~0UL; + vif->credit_usec = 0UL; + init_timer(&vif->credit_timeout); +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 438d0c09b7e6..97030c193afd 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -192,8 +192,8 @@ static bool start_new_rx_buffer(int offset, unsigned long size, int head) + * into multiple copies tend to give large frags their + * own buffers as before. + */ +- if ((offset + size > MAX_BUFFER_OFFSET) && +- (size <= MAX_BUFFER_OFFSET) && offset && !head) ++ BUG_ON(size > MAX_BUFFER_OFFSET); ++ if ((offset + size > MAX_BUFFER_OFFSET) && offset && !head) + return true; + + return false; +@@ -482,6 +482,8 @@ static void xenvif_rx_action(struct xenvif *vif) + + while ((skb = skb_dequeue(&vif->rx_queue)) != NULL) { + RING_IDX max_slots_needed; ++ RING_IDX old_req_cons; ++ RING_IDX ring_slots_used; + int i; + + /* We need a cheap worse case estimate for the number of +@@ -493,9 +495,28 @@ static void xenvif_rx_action(struct xenvif *vif) + PAGE_SIZE); + for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { + unsigned int size; ++ unsigned int offset; ++ + size = skb_frag_size(&skb_shinfo(skb)->frags[i]); +- max_slots_needed += DIV_ROUND_UP(size, PAGE_SIZE); ++ offset = skb_shinfo(skb)->frags[i].page_offset; ++ ++ /* For a worse-case estimate we need to factor in ++ * the fragment page offset as this will affect the ++ * number of times xenvif_gop_frag_copy() will ++ * call start_new_rx_buffer(). ++ */ ++ max_slots_needed += DIV_ROUND_UP(offset + size, ++ PAGE_SIZE); + } ++ ++ /* To avoid the estimate becoming too pessimal for some ++ * frontends that limit posted rx requests, cap the estimate ++ * at MAX_SKB_FRAGS. ++ */ ++ if (max_slots_needed > MAX_SKB_FRAGS) ++ max_slots_needed = MAX_SKB_FRAGS; ++ ++ /* We may need one more slot for GSO metadata */ + if (skb_is_gso(skb) && + (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4 || + skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)) +@@ -511,8 +532,12 @@ static void xenvif_rx_action(struct xenvif *vif) + vif->rx_last_skb_slots = 0; + + sco = (struct skb_cb_overlay *)skb->cb; ++ ++ old_req_cons = vif->rx.req_cons; + sco->meta_slots_used = xenvif_gop_skb(skb, &npo); +- BUG_ON(sco->meta_slots_used > max_slots_needed); ++ ring_slots_used = vif->rx.req_cons - old_req_cons; ++ ++ BUG_ON(ring_slots_used > max_slots_needed); + + __skb_queue_tail(&rxq, skb); + } +@@ -655,7 +680,8 @@ static void xenvif_tx_err(struct xenvif *vif, + static void xenvif_fatal_tx_err(struct xenvif *vif) + { + netdev_err(vif->dev, "fatal error; disabling device\n"); +- xenvif_carrier_off(vif); ++ vif->disabled = true; ++ xenvif_kick_thread(vif); + } + + static int xenvif_count_requests(struct xenvif *vif, +@@ -1126,7 +1152,7 @@ static unsigned xenvif_tx_build_gops(struct xenvif *vif, int budget) + vif->tx.sring->req_prod, vif->tx.req_cons, + XEN_NETIF_TX_RING_SIZE); + xenvif_fatal_tx_err(vif); +- continue; ++ break; + } + + work_to_do = RING_HAS_UNCONSUMED_REQUESTS(&vif->tx); +@@ -1548,7 +1574,18 @@ int xenvif_kthread(void *data) + while (!kthread_should_stop()) { + wait_event_interruptible(vif->wq, + rx_work_todo(vif) || ++ vif->disabled || + kthread_should_stop()); ++ ++ /* This frontend is found to be rogue, disable it in ++ * kthread context. Currently this is only set when ++ * netback finds out frontend sends malformed packet, ++ * but we cannot disable the interface in softirq ++ * context so we defer it here. ++ */ ++ if (unlikely(vif->disabled && netif_carrier_ok(vif->dev))) ++ xenvif_carrier_off(vif); ++ + if (kthread_should_stop()) + break; + +diff --git a/include/linux/futex.h b/include/linux/futex.h +index b0d95cac826e..6435f46d6e13 100644 +--- a/include/linux/futex.h ++++ b/include/linux/futex.h +@@ -55,7 +55,11 @@ union futex_key { + #ifdef CONFIG_FUTEX + extern void exit_robust_list(struct task_struct *curr); + extern void exit_pi_state_list(struct task_struct *curr); ++#ifdef CONFIG_HAVE_FUTEX_CMPXCHG ++#define futex_cmpxchg_enabled 1 ++#else + extern int futex_cmpxchg_enabled; ++#endif + #else + static inline void exit_robust_list(struct task_struct *curr) + { +diff --git a/init/Kconfig b/init/Kconfig +index 009a797dd242..d56cb03c1b49 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1387,6 +1387,13 @@ config FUTEX + support for "fast userspace mutexes". The resulting kernel may not + run glibc-based applications correctly. + ++config HAVE_FUTEX_CMPXCHG ++ bool ++ help ++ Architectures should select this if futex_atomic_cmpxchg_inatomic() ++ is implemented and always working. This removes a couple of runtime ++ checks. ++ + config EPOLL + bool "Enable eventpoll support" if EXPERT + default y +diff --git a/kernel/futex.c b/kernel/futex.c +index 08ec814ad9d2..6801b3751a95 100644 +--- a/kernel/futex.c ++++ b/kernel/futex.c +@@ -157,7 +157,9 @@ + * enqueue. + */ + ++#ifndef CONFIG_HAVE_FUTEX_CMPXCHG + int __read_mostly futex_cmpxchg_enabled; ++#endif + + /* + * Futex flags used to encode options to functions and preserve them across +@@ -1450,6 +1452,7 @@ retry: + hb2 = hash_futex(&key2); + + retry_private: ++ hb_waiters_inc(hb2); + double_lock_hb(hb1, hb2); + + if (likely(cmpval != NULL)) { +@@ -1459,6 +1462,7 @@ retry_private: + + if (unlikely(ret)) { + double_unlock_hb(hb1, hb2); ++ hb_waiters_dec(hb2); + + ret = get_user(curval, uaddr1); + if (ret) +@@ -1508,6 +1512,7 @@ retry_private: + break; + case -EFAULT: + double_unlock_hb(hb1, hb2); ++ hb_waiters_dec(hb2); + put_futex_key(&key2); + put_futex_key(&key1); + ret = fault_in_user_writeable(uaddr2); +@@ -1517,6 +1522,7 @@ retry_private: + case -EAGAIN: + /* The owner was exiting, try again. */ + double_unlock_hb(hb1, hb2); ++ hb_waiters_dec(hb2); + put_futex_key(&key2); + put_futex_key(&key1); + cond_resched(); +@@ -1592,6 +1598,7 @@ retry_private: + + out_unlock: + double_unlock_hb(hb1, hb2); ++ hb_waiters_dec(hb2); + + /* + * drop_futex_key_refs() must be called outside the spinlocks. During +@@ -2875,9 +2882,28 @@ SYSCALL_DEFINE6(futex, u32 __user *, uaddr, int, op, u32, val, + return do_futex(uaddr, op, val, tp, uaddr2, val2, val3); + } + +-static int __init futex_init(void) ++static void __init futex_detect_cmpxchg(void) + { ++#ifndef CONFIG_HAVE_FUTEX_CMPXCHG + u32 curval; ++ ++ /* ++ * This will fail and we want it. Some arch implementations do ++ * runtime detection of the futex_atomic_cmpxchg_inatomic() ++ * functionality. We want to know that before we call in any ++ * of the complex code paths. Also we want to prevent ++ * registration of robust lists in that case. NULL is ++ * guaranteed to fault and we get -EFAULT on functional ++ * implementation, the non-functional ones will return ++ * -ENOSYS. ++ */ ++ if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT) ++ futex_cmpxchg_enabled = 1; ++#endif ++} ++ ++static int __init futex_init(void) ++{ + unsigned int futex_shift; + unsigned long i; + +@@ -2893,18 +2919,8 @@ static int __init futex_init(void) + &futex_shift, NULL, + futex_hashsize, futex_hashsize); + futex_hashsize = 1UL << futex_shift; +- /* +- * This will fail and we want it. Some arch implementations do +- * runtime detection of the futex_atomic_cmpxchg_inatomic() +- * functionality. We want to know that before we call in any +- * of the complex code paths. Also we want to prevent +- * registration of robust lists in that case. NULL is +- * guaranteed to fault and we get -EFAULT on functional +- * implementation, the non-functional ones will return +- * -ENOSYS. +- */ +- if (cmpxchg_futex_value_locked(&curval, NULL, 0, 0) == -EFAULT) +- futex_cmpxchg_enabled = 1; ++ ++ futex_detect_cmpxchg(); + + for (i = 0; i < futex_hashsize; i++) { + atomic_set(&futex_queues[i].waiters, 0); +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 18eca7809b08..fc6754720ced 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -303,9 +303,15 @@ int nla_memcmp(const struct nlattr *nla, const void *data, + */ + int nla_strcmp(const struct nlattr *nla, const char *str) + { +- int len = strlen(str) + 1; +- int d = nla_len(nla) - len; ++ int len = strlen(str); ++ char *buf = nla_data(nla); ++ int attrlen = nla_len(nla); ++ int d; + ++ if (attrlen > 0 && buf[attrlen - 1] == '\0') ++ attrlen--; ++ ++ d = attrlen - len; + if (d == 0) + d = memcmp(nla_data(nla), str, len); + +diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c +index f2610e157660..7b326529e6a2 100644 +--- a/net/ipv6/icmp.c ++++ b/net/ipv6/icmp.c +@@ -520,7 +520,7 @@ static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) + np->tclass, NULL, &fl6, (struct rt6_info *)dst, + MSG_DONTWAIT, np->dontfrag); + if (err) { +- ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); ++ ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); + ip6_flush_pending_frames(sk); + } else { + err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 64d6073731d3..3702d179506d 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1566,8 +1566,8 @@ int ip6_push_pending_frames(struct sock *sk) + if (proto == IPPROTO_ICMPV6) { + struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); + +- ICMP6MSGOUT_INC_STATS_BH(net, idev, icmp6_hdr(skb)->icmp6_type); +- ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS); ++ ICMP6MSGOUT_INC_STATS(net, idev, icmp6_hdr(skb)->icmp6_type); ++ ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); + } + + err = ip6_local_out(skb); +diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c +index e1e47350784b..08b367c6b9cf 100644 +--- a/net/ipv6/mcast.c ++++ b/net/ipv6/mcast.c +@@ -1620,11 +1620,12 @@ static void mld_sendpack(struct sk_buff *skb) + dst_output); + out: + if (!err) { +- ICMP6MSGOUT_INC_STATS_BH(net, idev, ICMPV6_MLD2_REPORT); +- ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS); +- IP6_UPD_PO_STATS_BH(net, idev, IPSTATS_MIB_OUTMCAST, payload_len); +- } else +- IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_OUTDISCARDS); ++ ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); ++ ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); ++ IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, payload_len); ++ } else { ++ IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); ++ } + + rcu_read_unlock(); + return; +diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c +index 587bbdcb22b4..bda74291c3e0 100644 +--- a/net/ipv6/ping.c ++++ b/net/ipv6/ping.c +@@ -182,8 +182,8 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, + MSG_DONTWAIT, np->dontfrag); + + if (err) { +- ICMP6_INC_STATS_BH(sock_net(sk), rt->rt6i_idev, +- ICMP6_MIB_OUTERRORS); ++ ICMP6_INC_STATS(sock_net(sk), rt->rt6i_idev, ++ ICMP6_MIB_OUTERRORS); + ip6_flush_pending_frames(sk); + } else { + err = icmpv6_push_pending_frames(sk, &fl6, +diff --git a/net/rds/iw.c b/net/rds/iw.c +index 7826d46baa70..589935661d66 100644 +--- a/net/rds/iw.c ++++ b/net/rds/iw.c +@@ -239,7 +239,8 @@ static int rds_iw_laddr_check(__be32 addr) + ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin); + /* due to this, we will claim to support IB devices unless we + check node_type. */ +- if (ret || cm_id->device->node_type != RDMA_NODE_RNIC) ++ if (ret || !cm_id->device || ++ cm_id->device->node_type != RDMA_NODE_RNIC) + ret = -EADDRNOTAVAIL; + + rdsdebug("addr %pI4 ret %d node type %d\n", +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index b332e2cc0954..e294b86c8d88 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -1418,15 +1418,33 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent + isec->sid = sbsec->sid; + + if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { +- if (opt_dentry) { +- isec->sclass = inode_mode_to_security_class(inode->i_mode); +- rc = selinux_proc_get_sid(opt_dentry, +- isec->sclass, +- &sid); +- if (rc) +- goto out_unlock; +- isec->sid = sid; +- } ++ /* We must have a dentry to determine the label on ++ * procfs inodes */ ++ if (opt_dentry) ++ /* Called from d_instantiate or ++ * d_splice_alias. */ ++ dentry = dget(opt_dentry); ++ else ++ /* Called from selinux_complete_init, try to ++ * find a dentry. */ ++ dentry = d_find_alias(inode); ++ /* ++ * This can be hit on boot when a file is accessed ++ * before the policy is loaded. When we load policy we ++ * may find inodes that have no dentry on the ++ * sbsec->isec_head list. No reason to complain as ++ * these will get fixed up the next time we go through ++ * inode_doinit() with a dentry, before these inodes ++ * could be used again by userspace. ++ */ ++ if (!dentry) ++ goto out_unlock; ++ isec->sclass = inode_mode_to_security_class(inode->i_mode); ++ rc = selinux_proc_get_sid(dentry, isec->sclass, &sid); ++ dput(dentry); ++ if (rc) ++ goto out_unlock; ++ isec->sid = sid; + } + break; + } +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c +index e354ab1ec20f..a8dec9e9e876 100644 +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -297,9 +297,9 @@ enum { SDI0, SDI1, SDI2, SDI3, SDO0, SDO1, SDO2, SDO3 }; + #define ULI_NUM_CAPTURE 5 + #define ULI_NUM_PLAYBACK 6 + +-/* ATI HDMI may have up to 8 playbacks and 0 capture */ ++/* ATI HDMI has 1 playback and 0 capture */ + #define ATIHDMI_NUM_CAPTURE 0 +-#define ATIHDMI_NUM_PLAYBACK 8 ++#define ATIHDMI_NUM_PLAYBACK 1 + + /* TERA has 4 playback and 3 capture */ + #define TERA_NUM_CAPTURE 3