Push to branch refs/heads/wrapfs: 47bfc168f6179b9112aa7099749228d8e870d035 --> 3b091a7d89911f4901b0d84f7b6129796d01d486
.../devicetree/bindings/clock/imx31-clock.txt | 2 +- Documentation/kernel-parameters.txt | 11 + Makefile | 4 +- arch/arc/kernel/unaligned.c | 3 +- arch/arc/mm/mmap.c | 2 +- arch/arm/boot/dts/da850-evm.dts | 1 + arch/arm/boot/dts/imx31.dtsi | 18 +- arch/arm/include/asm/cputype.h | 3 + arch/arm/kernel/hw_breakpoint.c | 16 ++ arch/arm/kernel/ptrace.c | 2 +- arch/arm/mach-ux500/pm.c | 4 +- arch/arm/mm/mmap.c | 4 +- arch/arm/xen/enlighten.c | 3 +- arch/arm64/include/uapi/asm/ptrace.h | 1 + arch/arm64/kernel/ptrace.c | 11 +- arch/c6x/kernel/ptrace.c | 41 --- arch/cris/boot/rescue/Makefile | 8 + arch/frv/mm/elf-fdpic.c | 2 +- arch/m68k/include/asm/delay.h | 2 +- arch/metag/include/asm/uaccess.h | 15 +- arch/metag/kernel/ptrace.c | 19 +- arch/metag/lib/usercopy.c | 312 ++++++++------------- arch/mips/cavium-octeon/octeon-memcpy.S | 20 +- arch/mips/configs/ip27_defconfig | 1 - arch/mips/include/asm/branch.h | 5 +- arch/mips/include/asm/checksum.h | 2 + arch/mips/kernel/branch.c | 8 +- arch/mips/kernel/crash.c | 16 +- arch/mips/kernel/kgdb.c | 48 +++- arch/mips/kernel/process.c | 153 ++++++---- arch/mips/kernel/syscall.c | 2 +- arch/mips/math-emu/cp1emu.c | 38 +++ arch/mips/mm/mmap.c | 2 +- arch/parisc/include/asm/bitops.h | 8 +- arch/parisc/include/uapi/asm/bitsperlong.h | 2 - arch/parisc/include/uapi/asm/swab.h | 5 +- arch/powerpc/Makefile | 8 + arch/powerpc/boot/ps3-head.S | 5 - arch/powerpc/boot/ps3.c | 8 +- arch/powerpc/include/asm/atomic.h | 4 +- arch/powerpc/include/asm/reg.h | 2 +- arch/powerpc/kernel/align.c | 28 +- arch/powerpc/kernel/hw_breakpoint.c | 4 +- arch/powerpc/kernel/ibmebus.c | 16 +- arch/powerpc/kernel/idle_power7.S | 2 +- arch/powerpc/kernel/kprobes.c | 11 + arch/powerpc/kernel/misc_32.S | 2 +- arch/powerpc/kernel/setup_64.c | 9 + arch/powerpc/kvm/emulate.c | 1 - arch/powerpc/lib/sstep.c | 13 + arch/powerpc/mm/slice.c | 2 +- arch/s390/boot/compressed/misc.c | 35 +-- arch/s390/include/asm/processor.h | 5 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/pci/pci_dma.c | 16 +- arch/sh/mm/mmap.c | 4 +- arch/sparc/kernel/ptrace_64.c | 2 +- arch/sparc/kernel/sys_sparc_64.c | 4 +- arch/sparc/mm/hugetlbpage.c | 2 +- arch/tile/kernel/ptrace.c | 2 +- arch/tile/mm/hugetlbpage.c | 2 +- arch/x86/crypto/ghash-clmulni-intel_glue.c | 26 ++ arch/x86/include/asm/elf.h | 2 +- arch/x86/include/asm/io.h | 4 +- arch/x86/kernel/apic/apic.c | 2 + arch/x86/kernel/cpu/common.c | 2 +- arch/x86/kernel/cpu/mcheck/mce_amd.c | 2 +- arch/x86/kernel/entry_32.S | 4 +- arch/x86/kernel/entry_64.S | 3 +- arch/x86/kernel/ftrace.c | 12 + arch/x86/kernel/kvm.c | 2 +- arch/x86/kernel/sys_x86_64.c | 4 +- arch/x86/kvm/emulate.c | 66 ++++- arch/x86/kvm/vmx.c | 15 +- arch/x86/kvm/x86.c | 2 + arch/x86/mm/hugetlbpage.c | 2 +- arch/x86/mm/init.c | 41 ++- arch/x86/mm/mmap.c | 44 ++- arch/x86/mm/numa_32.c | 1 + arch/x86/pci/acpi.c | 10 + arch/x86/pci/xen.c | 23 +- arch/x86/platform/goldfish/goldfish.c | 14 +- arch/x86/xen/time.c | 6 +- arch/xtensa/kernel/setup.c | 4 +- arch/xtensa/kernel/syscall.c | 2 +- block/bsg.c | 3 + block/genhd.c | 1 - block/scsi_ioctl.c | 3 + crypto/Makefile | 9 +- crypto/algapi.c | 1 + crypto/algif_hash.c | 2 +- crypto/algif_skcipher.c | 4 +- crypto/asymmetric_keys/rsa.c | 5 +- crypto/authenc.c | 6 +- crypto/authencesn.c | 8 +- crypto/ccm.c | 4 +- crypto/cryptd.c | 1 + crypto/gcm.c | 2 +- crypto/memneq.c | 138 +++++++++ drivers/acpi/Makefile | 1 - drivers/acpi/apei/ghes.c | 1 + drivers/acpi/osl.c | 6 +- drivers/acpi/power.c | 1 + drivers/acpi/video.c | 3 + drivers/ata/libata-scsi.c | 6 +- drivers/ata/sata_mv.c | 3 + drivers/base/power/domain.c | 4 +- drivers/bcma/main.c | 4 + drivers/char/Kconfig | 6 +- drivers/char/lp.c | 6 +- drivers/char/mem.c | 82 ++++-- drivers/char/virtio_console.c | 12 +- drivers/clk/clk-wm831x.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/cpufreq_conservative.c | 4 +- drivers/cpufreq/s3c2416-cpufreq.c | 1 - drivers/crypto/caam/caamalg.c | 4 +- drivers/crypto/caam/caamhash.c | 3 +- drivers/crypto/caam/key_gen.c | 2 +- drivers/crypto/talitos.c | 7 +- drivers/gpu/drm/ast/ast_main.c | 7 +- drivers/gpu/drm/ast/ast_post.c | 8 +- drivers/gpu/drm/i915/intel_crt.c | 9 +- drivers/gpu/drm/i915/intel_display.c | 4 +- drivers/gpu/drm/nouveau/dispnv04/hw.c | 3 +- drivers/gpu/drm/nouveau/nv50_display.c | 2 +- drivers/gpu/drm/ttm/ttm_bo.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 9 +- drivers/hid/hid-cypress.c | 3 + drivers/hid/hid-lg.c | 2 +- drivers/hid/i2c-hid/i2c-hid.c | 9 + drivers/hv/channel.c | 17 +- drivers/hv/hv.c | 7 +- drivers/hv/hv_balloon.c | 4 +- drivers/hv/hyperv_vmbus.h | 2 +- drivers/hv/vmbus_drv.c | 4 +- drivers/hwmon/ds620.c | 2 +- drivers/i2c/busses/i2c-at91.c | 36 ++- drivers/i2c/i2c-dev.c | 2 +- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/mad.c | 2 +- drivers/infiniband/core/multicast.c | 7 +- drivers/infiniband/hw/mlx4/ah.c | 6 +- drivers/infiniband/hw/mlx4/main.c | 8 +- drivers/infiniband/hw/qib/qib_iba7322.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 12 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 6 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 4 +- drivers/input/joydev.c | 18 +- drivers/input/joystick/iforce/iforce-usb.c | 3 + drivers/input/joystick/xpad.c | 6 + drivers/input/keyboard/mpr121_touchkey.c | 24 +- drivers/input/keyboard/tca8418_keypad.c | 6 +- drivers/input/misc/cm109.c | 4 + drivers/input/misc/ims-pcu.c | 4 + drivers/input/misc/yealink.c | 4 + drivers/input/serio/i8042-x86ia64io.h | 20 ++ drivers/input/tablet/hanwang.c | 3 + drivers/input/tablet/kbtab.c | 3 + drivers/iommu/amd_iommu.c | 3 +- drivers/isdn/gigaset/bas-gigaset.c | 3 + drivers/isdn/gigaset/ser-gigaset.c | 4 +- drivers/isdn/hardware/eicon/message.c | 3 +- drivers/md/bitmap.c | 5 + drivers/md/dm-crypt.c | 7 +- drivers/md/dm.c | 55 ++++ drivers/md/linear.c | 29 +- drivers/md/linear.h | 1 + drivers/md/md.c | 2 +- drivers/md/persistent-data/dm-space-map-metadata.c | 10 +- drivers/md/raid1.c | 2 +- drivers/md/raid10.c | 19 +- drivers/md/raid5.c | 9 + drivers/media/i2c/Kconfig | 1 + drivers/media/platform/davinci/vpfe_capture.c | 22 +- drivers/media/rc/imon.c | 2 +- drivers/media/rc/ite-cir.c | 2 + drivers/media/tuners/tuner-xc2028.c | 34 +-- drivers/media/usb/pvrusb2/pvrusb2-eeprom.c | 13 +- drivers/media/usb/siano/smsusb.c | 18 +- drivers/media/usb/uvc/uvc_driver.c | 118 +++++++- drivers/media/usb/uvc/uvc_queue.c | 2 +- drivers/mfd/omap-usb-tll.c | 2 +- drivers/mfd/pm8921-core.c | 9 +- drivers/misc/c2port/c2port-duramar2150.c | 4 +- drivers/mmc/card/mmc_test.c | 2 +- drivers/mmc/host/mxs-mmc.c | 6 +- drivers/mmc/host/sdhci.c | 4 +- drivers/mmc/host/ushc.c | 3 + drivers/mtd/bcm47xxpart.c | 10 +- drivers/mtd/maps/pmcmsp-flash.c | 4 +- drivers/mtd/nand/Kconfig | 2 +- drivers/mtd/ubi/upd.c | 8 +- drivers/net/can/c_can/c_can_pci.c | 1 + drivers/net/can/ti_hecc.c | 16 +- drivers/net/can/usb/esd_usb2.c | 2 +- drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 +- drivers/net/can/usb/usb_8dev.c | 9 +- .../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 8 + drivers/net/ethernet/brocade/bna/bnad.c | 4 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 4 + drivers/net/ethernet/korina.c | 8 +- drivers/net/ethernet/mellanox/mlx4/cq.c | 38 +-- drivers/net/ethernet/mellanox/mlx4/en_rx.c | 8 +- drivers/net/ethernet/mellanox/mlx4/icm.c | 7 +- drivers/net/ethernet/mellanox/mlx4/main.c | 2 - drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 20 +- drivers/net/ethernet/ti/cpmac.c | 7 +- drivers/net/ethernet/xilinx/xilinx_emaclite.c | 10 +- drivers/net/hyperv/netvsc_drv.c | 4 + drivers/net/macvtap.c | 4 +- drivers/net/phy/marvell.c | 2 - drivers/net/phy/phy.c | 2 +- drivers/net/team/team.c | 8 +- drivers/net/tun.c | 20 +- drivers/net/usb/catc.c | 56 ++-- drivers/net/usb/pegasus.c | 29 +- drivers/net/usb/rtl8150.c | 34 ++- drivers/net/vmxnet3/vmxnet3_drv.c | 2 +- drivers/net/vxlan.c | 2 +- drivers/net/wireless/ath/ath5k/mac80211-ops.c | 3 +- drivers/net/wireless/ath/ath9k/ar9003_eeprom.h | 4 +- .../net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | 5 + drivers/net/wireless/hostap/hostap_hw.c | 15 +- drivers/net/wireless/rtlwifi/usb.c | 18 ++ drivers/pci/hotplug/rpadlpar_core.c | 10 +- drivers/pinctrl/sh-pfc/pinctrl.c | 3 +- drivers/platform/goldfish/pdev_bus.c | 13 +- drivers/platform/x86/acer-wmi.c | 25 +- drivers/platform/x86/intel_mid_powerbtn.c | 4 +- drivers/rtc/interface.c | 16 +- drivers/rtc/rtc-s35390a.c | 127 +++++++-- drivers/s390/char/vmlogrdr.c | 2 +- drivers/s390/cio/qdio_thinint.c | 8 +- drivers/s390/scsi/zfcp_dbf.c | 38 ++- drivers/s390/scsi/zfcp_dbf.h | 47 +++- drivers/s390/scsi/zfcp_erp.c | 61 +++- drivers/s390/scsi/zfcp_ext.h | 4 +- drivers/s390/scsi/zfcp_fc.h | 6 +- drivers/s390/scsi/zfcp_fsf.c | 11 +- drivers/s390/scsi/zfcp_fsf.h | 3 +- drivers/s390/scsi/zfcp_reqlist.h | 30 +- drivers/s390/scsi/zfcp_scsi.c | 69 ++++- drivers/scsi/aacraid/src.c | 21 +- drivers/scsi/device_handler/scsi_dh_emc.c | 2 +- drivers/scsi/libsas/sas_ata.c | 2 +- drivers/scsi/lpfc/lpfc_init.c | 1 + drivers/scsi/mvsas/mv_94xx.c | 2 +- drivers/scsi/mvsas/mv_sas.c | 4 +- drivers/scsi/qla2xxx/qla_attr.c | 8 +- drivers/scsi/qla2xxx/qla_os.c | 24 +- drivers/scsi/scsi_lib.c | 17 +- drivers/scsi/scsi_sysfs.c | 4 - drivers/scsi/sd.c | 29 +- drivers/scsi/sg.c | 11 +- drivers/scsi/sr.c | 6 +- drivers/scsi/storvsc_drv.c | 23 +- drivers/ssb/pci.c | 1 + drivers/staging/comedi/comedi_fops.c | 7 +- drivers/staging/iio/adc/ad7606_core.c | 2 +- drivers/staging/iio/resolver/ad2s1210.c | 2 +- drivers/staging/vt6656/hostap.c | 3 +- drivers/target/iscsi/iscsi_target_parameters.c | 16 -- drivers/target/iscsi/iscsi_target_tpg.c | 1 - drivers/target/iscsi/iscsi_target_util.c | 12 +- drivers/target/target_core_fabric_configfs.c | 5 + drivers/target/target_core_pscsi.c | 47 +--- drivers/target/target_core_tpg.c | 3 + drivers/tty/n_hdlc.c | 143 +++++----- drivers/tty/nozomi.c | 2 +- drivers/tty/serial/8250/8250_pci.c | 23 +- drivers/tty/serial/efm32-uart.c | 11 +- drivers/tty/serial/ifx6x60.c | 2 +- drivers/tty/serial/msm_serial.c | 1 + drivers/tty/sysrq.c | 4 +- drivers/tty/vt/vt.c | 6 +- drivers/usb/chipidea/debug.c | 3 +- drivers/usb/class/cdc-acm.c | 17 +- drivers/usb/class/usbtmc.c | 9 +- drivers/usb/core/config.c | 10 + drivers/usb/core/hub.c | 11 +- drivers/usb/dwc3/gadget.c | 21 +- drivers/usb/dwc3/gadget.h | 14 +- drivers/usb/gadget/composite.c | 28 +- drivers/usb/gadget/dummy_hcd.c | 6 +- drivers/usb/gadget/f_acm.c | 4 +- drivers/usb/gadget/inode.c | 17 +- drivers/usb/gadget/uvc_video.c | 2 +- drivers/usb/host/ohci-q.c | 7 +- drivers/usb/host/r8a66597-hcd.c | 6 +- drivers/usb/host/uhci-pci.c | 4 + drivers/usb/host/xhci-mem.c | 42 ++- drivers/usb/host/xhci-pci.c | 1 + drivers/usb/host/xhci-plat.c | 2 + drivers/usb/host/xhci.c | 6 +- drivers/usb/host/xhci.h | 1 + drivers/usb/misc/idmouse.c | 3 + drivers/usb/misc/iowarrior.c | 21 +- drivers/usb/misc/uss720.c | 5 + drivers/usb/musb/musbhsdma.h | 2 +- drivers/usb/renesas_usbhs/common.c | 4 +- drivers/usb/renesas_usbhs/fifo.c | 50 +++- drivers/usb/renesas_usbhs/pipe.c | 13 + drivers/usb/renesas_usbhs/pipe.h | 4 + drivers/usb/serial/ark3116.c | 13 +- drivers/usb/serial/ch341.c | 90 +++--- drivers/usb/serial/console.c | 1 + drivers/usb/serial/cyberjack.c | 10 + drivers/usb/serial/digi_acceleport.c | 14 +- drivers/usb/serial/ftdi_sio.c | 31 +- drivers/usb/serial/garmin_gps.c | 1 + drivers/usb/serial/io_edgeport.c | 5 + drivers/usb/serial/io_ti.c | 25 +- drivers/usb/serial/iuu_phoenix.c | 11 + drivers/usb/serial/keyspan_pda.c | 14 + drivers/usb/serial/kl5kusb105.c | 44 ++- drivers/usb/serial/kobil_sct.c | 12 + drivers/usb/serial/mos7720.c | 51 ++-- drivers/usb/serial/mos7840.c | 14 + drivers/usb/serial/omninet.c | 19 +- drivers/usb/serial/opticon.c | 2 +- drivers/usb/serial/oti6858.c | 16 ++ drivers/usb/serial/pl2303.c | 8 + drivers/usb/serial/quatech2.c | 4 - drivers/usb/serial/safe_serial.c | 5 + drivers/usb/serial/spcp8x5.c | 22 +- drivers/usb/serial/ti_usb_3410_5052.c | 7 + drivers/usb/wusbcore/wa-hc.c | 3 + drivers/uwb/hwa-rc.c | 3 + drivers/uwb/i1480/dfu/usb.c | 3 + drivers/vfio/pci/vfio_pci.c | 33 ++- drivers/vfio/pci/vfio_pci_intrs.c | 2 +- drivers/video/console/fbcon.c | 67 +++-- drivers/video/fbcmap.c | 26 +- drivers/video/xen-fbfront.c | 4 +- drivers/virtio/virtio_balloon.c | 2 + drivers/vme/bridges/vme_ca91cx42.c | 2 +- fs/9p/acl.c | 40 ++- fs/block_dev.c | 9 +- fs/btrfs/acl.c | 6 +- fs/btrfs/delayed-inode.c | 8 - fs/btrfs/extent_io.c | 9 + fs/btrfs/ioctl.c | 4 + fs/btrfs/tree-log.c | 3 +- fs/cifs/cifs_fs_sb.h | 4 + fs/cifs/cifsfs.c | 17 +- fs/cifs/cifsglob.h | 4 +- fs/cifs/cifsproto.h | 5 +- fs/cifs/connect.c | 116 +++++++- fs/cifs/dir.c | 20 +- fs/cifs/inode.c | 22 +- fs/cifs/smb1ops.c | 10 + fs/cifs/smb2file.c | 2 +- fs/cifs/smb2pdu.c | 86 ++++-- fs/cifs/smb2proto.h | 1 + fs/dcache.c | 7 +- fs/direct-io.c | 4 +- fs/exec.c | 38 ++- fs/ext2/acl.c | 12 +- fs/ext3/acl.c | 10 +- fs/ext4/acl.c | 12 +- fs/ext4/file.c | 57 ++-- fs/ext4/inline.c | 9 +- fs/ext4/inode.c | 41 +-- fs/ext4/mballoc.c | 11 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 82 ++++-- fs/ext4/xattr.c | 19 +- fs/f2fs/acl.c | 6 +- fs/f2fs/debug.c | 1 + fs/fat/inode.c | 13 +- fs/fscache/object-list.c | 7 + fs/fuse/file.c | 8 +- fs/generic_acl.c | 12 +- fs/gfs2/acl.c | 14 +- fs/gfs2/dir.c | 4 +- fs/hugetlbfs/inode.c | 2 +- fs/ioprio.c | 2 + fs/jbd2/transaction.c | 4 +- fs/jffs2/acl.c | 9 +- fs/jfs/xattr.c | 5 +- fs/nfs/dir.c | 1 + fs/nfs/file.c | 2 +- fs/nfs/nfs4filelayoutdev.c | 3 +- fs/nfs/nfs4proc.c | 8 +- fs/nfs/nfs4xdr.c | 2 +- fs/nfsd/nfssvc.c | 36 +++ fs/ocfs2/acl.c | 20 +- fs/ocfs2/dlmglue.c | 10 + fs/ocfs2/file.c | 9 +- fs/ocfs2/ioctl.c | 129 +++------ fs/ocfs2/stackglue.c | 6 + fs/ocfs2/stackglue.h | 3 + fs/posix_acl.c | 31 ++ fs/proc/task_mmu.c | 4 - fs/reiserfs/xattr_acl.c | 8 +- fs/splice.c | 1 + fs/ubifs/tnc.c | 25 +- fs/udf/inode.c | 4 +- fs/xfs/xfs_acl.c | 15 +- fs/xfs/xfs_aops.c | 13 +- fs/xfs/xfs_buf.c | 1 + fs/xfs/xfs_log_recover.c | 1 + include/crypto/algapi.h | 18 +- include/linux/can/core.h | 7 +- include/linux/capability.h | 2 - include/linux/cpu.h | 12 +- include/linux/cred.h | 5 +- include/linux/jump_label.h | 16 ++ include/linux/key.h | 2 + include/linux/kvm_host.h | 7 +- include/linux/lockd/lockd.h | 3 +- include/linux/log2.h | 13 +- include/linux/mm.h | 53 ++-- include/linux/netdevice.h | 9 +- include/linux/nfs4.h | 3 +- include/linux/posix_acl.h | 1 + include/linux/workqueue.h | 4 +- include/net/cipso_ipv4.h | 4 + include/net/ipv6.h | 1 + include/net/iw_handler.h | 3 +- include/net/sctp/sctp.h | 4 + include/net/sctp/ulpevent.h | 6 +- include/net/tcp.h | 10 + include/rdma/ib_sa.h | 6 +- include/target/target_core_base.h | 1 + include/trace/events/syscalls.h | 1 + include/uapi/linux/can.h | 1 + include/uapi/linux/packet_diag.h | 2 +- ipc/shm.c | 13 +- kernel/cpu.c | 3 +- kernel/events/core.c | 5 +- kernel/extable.c | 2 +- kernel/futex.c | 24 +- kernel/padata.c | 5 +- kernel/printk.c | 2 +- kernel/ptrace.c | 14 +- kernel/rtmutex.c | 68 ++++- kernel/sched/core.c | 9 +- kernel/sysctl.c | 1 + kernel/time/tick-broadcast.c | 3 + kernel/trace/ring_buffer.c | 24 +- kernel/trace/trace.c | 20 +- kernel/workqueue.c | 23 +- lib/cmdline.c | 6 +- lib/digsig.c | 6 + mm/filemap.c | 5 + mm/huge_memory.c | 19 +- mm/hugetlb.c | 37 ++- mm/memory.c | 49 ---- mm/memory_hotplug.c | 12 +- mm/mempolicy.c | 20 +- mm/mmap.c | 187 ++++++------ mm/page_alloc.c | 21 +- mm/vmpressure.c | 10 +- net/8021q/vlan.c | 3 +- net/9p/client.c | 4 + net/bluetooth/bnep/core.c | 4 + net/bluetooth/cmtp/core.c | 3 + net/can/af_can.c | 12 +- net/can/af_can.h | 3 +- net/can/bcm.c | 27 +- net/can/gw.c | 2 +- net/can/raw.c | 7 +- net/ceph/messenger.c | 19 ++ net/ceph/osdmap.c | 1 - net/core/dev.c | 79 ++++-- net/core/drop_monitor.c | 39 ++- net/core/neighbour.c | 3 +- net/core/sock.c | 12 +- net/dccp/ccids/ccid2.c | 1 + net/dccp/input.c | 3 +- net/dccp/ipv4.c | 3 +- net/dccp/ipv6.c | 8 +- net/dccp/minisocks.c | 1 + net/ieee802154/6lowpan.c | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv4/cipso_ipv4.c | 4 + net/ipv4/fib_frontend.c | 12 +- net/ipv4/igmp.c | 13 +- net/ipv4/inet_connection_sock.c | 2 + net/ipv4/ip_output.c | 7 +- net/ipv4/ip_sockglue.c | 9 +- net/ipv4/ip_vti.c | 1 - net/ipv4/netfilter/arp_tables.c | 4 +- net/ipv4/netfilter/nf_nat_snmp_basic.c | 1 + net/ipv4/ping.c | 7 +- net/ipv4/route.c | 1 + net/ipv4/tcp.c | 12 + net/ipv4/tcp_cong.c | 1 + net/ipv4/tcp_input.c | 38 +-- net/ipv4/tcp_ipv4.c | 11 +- net/ipv4/tcp_minisocks.c | 1 + net/ipv4/tcp_output.c | 32 +-- net/ipv4/tcp_timer.c | 6 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 25 +- net/ipv6/ip6_gre.c | 45 +-- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 14 +- net/ipv6/ip6_tunnel.c | 55 ++-- net/ipv6/ip6mr.c | 13 +- net/ipv6/raw.c | 11 +- net/ipv6/route.c | 2 + net/ipv6/tcp_ipv6.c | 8 +- net/irda/irqueue.c | 34 ++- net/key/af_key.c | 17 +- net/l2tp/l2tp_core.c | 8 +- net/l2tp/l2tp_core.h | 4 +- net/l2tp/l2tp_debugfs.c | 10 +- net/l2tp/l2tp_ip.c | 29 +- net/l2tp/l2tp_ip6.c | 2 +- net/l2tp/l2tp_netlink.c | 7 +- net/l2tp/l2tp_ppp.c | 10 +- net/mac80211/mesh.c | 2 +- net/mac80211/pm.c | 1 + net/netfilter/ipvs/ip_vs_core.c | 19 +- net/netfilter/nf_conntrack_ecache.c | 2 + net/netfilter/nf_conntrack_extend.c | 13 +- net/netfilter/nf_conntrack_netlink.c | 1 + net/netfilter/nf_nat_core.c | 2 + net/netfilter/nfnetlink_cttimeout.c | 1 + net/netfilter/xt_TCPMSS.c | 6 +- net/packet/af_packet.c | 104 ++++--- net/rds/cong.c | 4 +- net/rxrpc/ar-key.c | 64 +++-- net/sched/act_api.c | 5 +- net/sched/cls_api.c | 4 +- net/sched/em_meta.c | 9 +- net/sctp/associola.c | 131 +++++---- net/sctp/ipv6.c | 2 + net/sctp/socket.c | 10 +- net/socket.c | 4 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 2 +- net/sunrpc/auth_gss/svcauth_gss.c | 2 +- net/unix/af_unix.c | 27 +- net/unix/garbage.c | 18 +- net/wireless/nl80211.c | 10 +- net/xfrm/xfrm_policy.c | 6 + net/xfrm/xfrm_user.c | 9 +- samples/seccomp/bpf-helper.h | 125 +++++---- security/apparmor/audit.c | 3 +- security/apparmor/domain.c | 2 +- security/apparmor/file.c | 3 +- security/apparmor/include/match.h | 1 + security/apparmor/include/policy.h | 2 + security/apparmor/lsm.c | 22 +- security/apparmor/match.c | 16 +- security/apparmor/path.c | 61 ++-- security/apparmor/policy.c | 18 +- security/apparmor/policy_unpack.c | 5 +- security/integrity/evm/evm_main.c | 3 +- security/keys/encrypted-keys/encrypted.c | 9 +- security/keys/gc.c | 2 +- security/keys/internal.h | 2 +- security/keys/key.c | 12 + security/keys/keyctl.c | 24 +- security/keys/keyring.c | 23 +- security/keys/process_keys.c | 52 ++-- security/selinux/hooks.c | 2 +- sound/core/control.c | 2 +- sound/core/seq/seq_clientmgr.c | 7 +- sound/core/seq/seq_fifo.c | 10 + sound/core/seq/seq_lock.c | 9 +- sound/core/seq/seq_memory.c | 26 +- sound/core/seq/seq_memory.h | 1 + sound/core/seq/seq_ports.c | 7 +- sound/core/seq/seq_queue.c | 33 ++- sound/core/timer.c | 18 +- sound/pci/ctxfi/cthw20k1.c | 19 +- sound/pci/ctxfi/cthw20k2.c | 18 +- sound/pci/hda/patch_realtek.c | 1 + sound/usb/card.c | 1 - sound/usb/mixer.c | 3 +- tools/perf/builtin-trace.c | 4 +- tools/perf/ui/browser.c | 2 +- tools/perf/util/trace-event-scripting.c | 6 +- tools/testing/ktest/ktest.pl | 2 +- virt/kvm/eventfd.c | 3 + virt/kvm/kvm_main.c | 41 ++- 584 files changed, 5431 insertions(+), 2694 deletions(-) commit 3b091a7d89911f4901b0d84f7b6129796d01d486 Merge: 47bfc16 e7a59c7 Author: Rohit Kumar <[email protected]> Date: Fri May 11 06:34:22 2018 -0400 Merge branch 'master' into wrapfs Merged latest changes from kernel.org commit e7a59c7f266809d17dcde20fd2055e23e7eb6895 Author: Willy Tarreau <[email protected]> Date: Sat Nov 4 23:34:48 2017 +0100 Linux 3.10.108 commit 68cbe93962196f08a1a52e81dc6d5bedaca09b06 Author: Willy Tarreau <[email protected]> Date: Thu Nov 2 23:22:31 2017 +0100 x86/apic: fix build breakage caused by incomplete backport to 3.10 Commit 928a277 ("x86/apic: Do not init irq remapping if ioapic is disabled") introduced in 3.10.105 introduced an implicit dependency of CONFIG_X86_LOCAL_APIC to CONFIG_X86_IO_APIC which was later solved as part of simplifications on the config dependencies in more recent kernels. This dependency results in build failure when CONFIG_X86_LOCAL_APIC is set without CONFIG_X86_IO_APIC (this setup requires CONFIG_SMP=n). The reason is that skip_ioapic_setup is declared in apic.c and that the backported code was picked from a context where the #ifdef surrounding the function used to cover this condition. Let's just add the appropriate #ifdef to fix the 3.10 backport. Thanks to Christoph Biedl for reporting and diagnosing this one. Reported-by: Christoph Biedl <[email protected]> Cc: Christoph Biedl <[email protected]> Cc: Jan Beulich <[email protected]> Cc: Wanpeng Li <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: "H. Peter Anvin" <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 541cbdc60ac9ca34b21db8e6e57e4d58eee66bc8 Author: Stefan Mätje <[email protected]> Date: Wed Oct 18 13:25:17 2017 +0200 can: esd_usb2: Fix can_dlc value for received RTR, frames commit 72d92e865d1560723e1957ee3f393688c49ca5bf upstream. The dlc member of the struct rx_msg contains also the ESD_RTR flag to mark received RTR frames. Without the fix the can_dlc value for received RTR frames would always be set to 8 by get_can_dlc() instead of the received value. Fixes: 96d8e90382dc ("can: Add driver for esd CAN-USB/2 device") Signed-off-by: Stefan Mätje <[email protected]> Cc: linux-stable <[email protected]> Signed-off-by: Marc Kleine-Budde <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 4de0e6b506b3ec5ce4d0517dafff4aea24c6ce73 Author: Dan Carpenter <[email protected]> Date: Tue Feb 21 21:46:37 2017 +0300 scsi: scsi_dh_emc: return success in clariion_std_inquiry() commit 4d7d39a18b8b81511f0b893b7d2203790bf8a58b upstream. We accidentally return an uninitialized variable on success. Fixes: b6ff1b14cdf4 ("[SCSI] scsi_dh: Update EMC handler") Signed-off-by: Dan Carpenter <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 40216270c67f9dcc5d73adbdcc65dd317cd4aa1d Author: Andrew Gabbasov <[email protected]> Date: Sat Sep 30 08:55:55 2017 -0700 usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options commit aec17e1e249567e82b26dafbb86de7d07fde8729 upstream. KASAN enabled configuration reports an error BUG: KASAN: use-after-free in usb_composite_overwrite_options+... [libcomposite] at addr ... Read of size 1 by task ... when some driver is un-bound and then bound again. For example, this happens with FunctionFS driver when "ffs-test" test application is run several times in a row. If the driver has empty manufacturer ID string in initial static data, it is then replaced with generated string. After driver unbinding the generated string is freed, but the driver data still keep that pointer. And if the driver is then bound again, that pointer is re-used for string emptiness check. The fix is to clean up the driver string data upon its unbinding to drop the pointer to freed memory. Fixes: cc2683c318a5 ("usb: gadget: Provide a default implementation of default manufacturer string") Cc: [email protected] Signed-off-by: Andrew Gabbasov <[email protected]> Signed-off-by: Felipe Balbi <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 49218ad1217e047e8c1cdfda7c7d40ff864c8682 Author: Haozhong Zhang <[email protected]> Date: Tue Oct 10 15:01:22 2017 +0800 KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit commit 8eb3f87d903168bdbd1222776a6b1e281f50513e upstream. When KVM emulates an exit from L2 to L1, it loads L1 CR4 into the guest CR4. Before this CR4 loading, the guest CR4 refers to L2 CR4. Because these two CR4's are in different levels of guest, we should vmx_set_cr4() rather than kvm_set_cr4() here. The latter, which is used to handle guest writes to its CR4, checks the guest change to CR4 and may fail if the change is invalid. The failure may cause trouble. Consider we start a L1 guest with non-zero L1 PCID in use, (i.e. L1 CR4.PCIDE == 1 && L1 CR3.PCID != 0) and a L2 guest with L2 PCID disabled, (i.e. L2 CR4.PCIDE == 0) and following events may happen: 1. If kvm_set_cr4() is used in load_vmcs12_host_state() to load L1 CR4 into guest CR4 (in VMCS01) for L2 to L1 exit, it will fail because of PCID check. As a result, the guest CR4 recorded in L0 KVM (i.e. vcpu->arch.cr4) is left to the value of L2 CR4. 2. Later, if L1 attempts to change its CR4, e.g., clearing VMXE bit, kvm_set_cr4() in L0 KVM will think L1 also wants to enable PCID, because the wrong L2 CR4 is used by L0 KVM as L1 CR4. As L1 CR3.PCID != 0, L0 KVM will inject GP to L1 guest. Fixes: 4704d0befb072 ("KVM: nVMX: Exiting from L2 to L1") Cc: [email protected] Signed-off-by: Haozhong Zhang <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 75840f10809bea0e3eb963d5a2fdb827044577a8 Author: Arnd Bergmann <[email protected]> Date: Tue Mar 14 13:18:45 2017 +0100 IB/qib: fix false-postive maybe-uninitialized warning commit f6aafac184a3e46e919769dd4faa8bf0dc436534 upstream. aarch64-linux-gcc-7 complains about code it doesn't fully understand: drivers/infiniband/hw/qib/qib_iba7322.c: In function 'qib_7322_txchk_change': include/asm-generic/bitops/non-atomic.h:105:35: error: 'shadow' may be used uninitialized in this function [-Werror=maybe-uninitialized] The code is right, and despite trying hard, I could not come up with a version that I liked better than just adding a fake initialization here to shut up the warning. Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters") Signed-off-by: Arnd Bergmann <[email protected]> Acked-by: Ira Weiny <[email protected]> Signed-off-by: Doug Ledford <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit f63d10b98de38d8264ed248221fb371e38b3b0b9 Author: Pan Bian <[email protected]> Date: Mon Apr 24 18:29:16 2017 +0800 team: fix memory leaks commit 72ec0bc64b9a5d8e0efcb717abfc757746b101b7 upstream. In functions team_nl_send_port_list_get() and team_nl_send_options_get(), pointer skb keeps the return value of nlmsg_new(). When the call to genlmsg_put() fails, the memory is not freed(). This will result in memory leak bugs. Fixes: 9b00cf2d1024 ("team: implement multipart netlink messages for options transfers") Signed-off-by: Pan Bian <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 90326945a4f4939725d32e62b8b31d0375950958 Author: Feras Daoud <[email protected]> Date: Wed Dec 28 14:47:24 2016 +0200 IB/ipoib: rtnl_unlock can not come after free_netdev commit 89a3987ab7a923c047c6dec008e60ad6f41fac22 upstream. The ipoib_vlan_add function calls rtnl_unlock after free_netdev, rtnl_unlock not only releases the lock, but also calls netdev_run_todo. The latter function browses the net_todo_list array and completes the unregistration of all its net_device instances. If we call free_netdev before rtnl_unlock, then netdev_run_todo call over the freed device causes panic. To fix, move rtnl_unlock call before free_netdev call. Fixes: 9baa0b036410 ("IB/ipoib: Add rtnl_link_ops support") Cc: Or Gerlitz <[email protected]> Signed-off-by: Feras Daoud <[email protected]> Signed-off-by: Erez Shitrit <[email protected]> Reviewed-by: Yuval Shaia <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Doug Ledford <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 827a5cb0a0ad3a74426a4e0d12cbc59917785fa2 Author: satoru takeuchi <[email protected]> Date: Tue Sep 12 22:42:52 2017 +0900 btrfs: prevent to set invalid default subvolid commit 6d6d282932d1a609e60dc4467677e0e863682f57 upstream. `btrfs sub set-default` succeeds to set an ID which isn't corresponding to any fs/file tree. If such the bad ID is set to a filesystem, we can't mount this filesystem without specifying `subvol` or `subvolid` mount options. Fixes: 6ef5ed0d386b ("Btrfs: add ioctl and incompat flag to set the default mount subvol") Cc: <[email protected]> Signed-off-by: Satoru Takeuchi <[email protected]> Reviewed-by: Qu Wenruo <[email protected]> Reviewed-by: David Sterba <[email protected]> Signed-off-by: David Sterba <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 7210062e8fc3e0f9519382c0ad2df3266989a96d Author: Bo Yan <[email protected]> Date: Mon Sep 18 10:03:35 2017 -0700 tracing: Erase irqsoff trace with empty write commit 8dd33bcb7050dd6f8c1432732f930932c9d3a33e upstream. One convenient way to erase trace is "echo > trace". However, this is currently broken if the current tracer is irqsoff tracer. This is because irqsoff tracer use max_buffer as the default trace buffer. Set the max_buffer as the one to be cleared when it's the trace buffer currently in use. Link: http://lkml.kernel.org/r/[email protected] Cc: <[email protected]> Cc: [email protected] Fixes: 4acd4d00f ("tracing: give easy way to clear trace buffer") Signed-off-by: Bo Yan <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit ec8c69ea4541f353451dffefd4fe1ef0f4640f3b Author: Baohong Liu <[email protected]> Date: Tue Sep 5 16:57:19 2017 -0500 tracing: Apply trace_clock changes to instance max buffer commit 170b3b1050e28d1ba0700e262f0899ffa4fccc52 upstream. Currently trace_clock timestamps are applied to both regular and max buffers only for global trace. For instance trace, trace_clock timestamps are applied only to regular buffer. But, regular and max buffers can be swapped, for example, following a snapshot. So, for instance trace, bad timestamps can be seen following a snapshot. Let's apply trace_clock timestamps to instance max buffer as well. Link: http://lkml.kernel.org/r/ebdb168d0be042dcdf51f81e696b17fabe3609c1.1504642143.git.tom.zanu...@linux.intel.com Cc: [email protected] Fixes: 277ba0446 ("tracing: Add interface to allow multiple trace buffers") Signed-off-by: Baohong Liu <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit c5378d27adda7f15e3465594694bf9688ebe970c Author: Dan Carpenter <[email protected]> Date: Wed Aug 30 16:30:35 2017 +0300 scsi: qla2xxx: Fix an integer overflow in sysfs code commit e6f77540c067b48dee10f1e33678415bfcc89017 upstream. The value of "size" comes from the user. When we add "start + size" it could lead to an integer overflow bug. It means we vmalloc() a lot more memory than we had intended. I believe that on 64 bit systems vmalloc() can succeed even if we ask it to allocate huge 4GB buffers. So we would get memory corruption and likely a crash when we call ha->isp_ops->write_optrom() and ->read_optrom(). Only root can trigger this bug. Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061 Cc: <[email protected]> Fixes: b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.") Reported-by: shqking <[email protected]> Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 92e84b6aeccac20f9e665ec515c648a29017be68 Author: Stephan Mueller <[email protected]> Date: Thu Sep 21 10:16:53 2017 +0200 crypto: AF_ALG - remove SGL terminator indicator when chaining commit 1d4ba7f963a93a2207fd103d4a36df1b5aeefea2 upstream. Fixed differently upstream as commit 2d97591ef43d ("crypto: af_alg - consolidation of duplicate code") The SGL is MAX_SGL_ENTS + 1 in size. The last SG entry is used for the chaining and is properly updated with the sg_chain invocation. During the filling-in of the initial SG entries, sg_mark_end is called for each SG entry. This is appropriate as long as no additional SGL is chained with the current SGL. However, when a new SGL is chained and the last SG entry is updated with sg_chain, the last but one entry still contains the end marker from the sg_mark_end. This end marker must be removed as otherwise a walk of the chained SGLs will cause a NULL pointer dereference at the last but one SG entry, because sg_next will return NULL. The patch only applies to all kernels up to and including 4.13. The patch 2d97591ef43d0587be22ad1b0d758d6df4999a0b added to 4.14-rc1 introduced a complete new code base which addresses this bug in a different way. Yet, that patch is too invasive for stable kernels and was therefore not marked for stable. Fixes: 8ff590903d5fc ("crypto: algif_skcipher - User-space interface for skcipher operations") Signed-off-by: Stephan Mueller <[email protected]> Acked-by: Herbert Xu <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 6f47a87d1540a9f7c294b5e79e7dcf0827840060 Author: Sabrina Dubroca <[email protected]> Date: Wed Feb 4 15:25:09 2015 +0100 ip6_gre: fix endianness errors in ip6gre_err commit d1e158e2d7a0a91110b206653f0e02376e809150 upstream. info is in network byte order, change it back to host byte order before use. In particular, the current code sets the MTU of the tunnel to a wrong (too big) value. Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Sabrina Dubroca <[email protected]> Acked-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 488ec7b227e442ec3f288ad9245d9a78ec3df57b Author: Eric Dumazet <[email protected]> Date: Fri Sep 8 15:48:47 2017 -0700 ipv6: fix typo in fib6_net_exit() commit 32a805baf0fb70b6dbedefcd7249ac7f580f9e3b upstream. IPv6 FIB should use FIB6_TABLE_HASHSZ, not FIB_TABLE_HASHSZ. Fixes: ba1cc08d9488 ("ipv6: fix memory leak with multiple tables during netns destruction") Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 4e39d5e48bac267582da35d420bf67f985105fd7 Author: Sabrina Dubroca <[email protected]> Date: Fri Sep 8 10:26:19 2017 +0200 ipv6: fix memory leak with multiple tables during netns destruction commit ba1cc08d9488c94cb8d94f545305688b72a2a300 upstream. fib6_net_exit only frees the main and local tables. If another table was created with fib6_alloc_table, we leak it when the netns is destroyed. Fix this in the same way ip_fib_net_exit cleans up tables, by walking through the whole hashtable of fib6_table's. We can get rid of the special cases for local and main, since they're also part of the hashtable. Reproducer: ip netns add x ip -net x -6 rule add from 6003:1::/64 table 100 ip netns del x Reported-by: Jianlin Shi <[email protected]> Fixes: 58f09b78b730 ("[NETNS][IPV6] ip6_fib - make it per network namespace") Signed-off-by: Sabrina Dubroca <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit dd3e5010b97a24dd08dfefce517e06dc91fb01ad Author: Arnd Bergmann <[email protected]> Date: Wed Aug 23 15:59:49 2017 +0200 qlge: avoid memcpy buffer overflow commit e58f95831e7468d25eb6e41f234842ecfe6f014f upstream. gcc-8.0.0 (snapshot) points out that we copy a variable-length string into a fixed length field using memcpy() with the destination length, and that ends up copying whatever follows the string: inlined from 'ql_core_dump' at drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:1106:2: drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:708:2: error: 'memcpy' reading 15 bytes from a region of size 14 [-Werror=stringop-overflow=] memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1); Changing it to use strncpy() will instead zero-pad the destination, which seems to be the right thing to do here. The bug is probably harmless, but it seems like a good idea to address it in stable kernels as well, if only for the purpose of building with gcc-8 without warnings. Fixes: a61f80261306 ("qlge: Add ethtool register dump function.") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 71bec91ec426598cdf2509164e713675a32e1f5b Author: James Morse <[email protected]> Date: Thu Mar 16 14:30:39 2017 +0000 ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal commit 7d64f82cceb21e6d95db312d284f5f195e120154 upstream. When removing a GHES device notified by SCI, list_del_rcu() is used, ghes_remove() should call synchronize_rcu() before it goes on to call kfree(ghes), otherwise concurrent RCU readers may still hold this list entry after it has been freed. Signed-off-by: James Morse <[email protected]> Reviewed-by: "Huang, Ying" <[email protected]> Fixes: 81e88fdc432a (ACPI, APEI, Generic Hardware Error Source POLL/IRQ/NMI notification type support) Signed-off-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 136211c28496f8c7ca1f3e70e637cdbba7e491da Author: Takashi Iwai <[email protected]> Date: Tue Aug 22 08:15:13 2017 +0200 ALSA: core: Fix unexpected error at replacing user TLV commit 88c54cdf61f508ebcf8da2d819f5dfc03e954d1d upstream. When user tries to replace the user-defined control TLV, the kernel checks the change of its content via memcmp(). The problem is that the kernel passes the return value from memcmp() as is. memcmp() gives a non-zero negative value depending on the comparison result, and this shall be recognized as an error code. The patch covers that corner-case, return 1 properly for the changed TLV. Fixes: 8aa9b586e420 ("[ALSA] Control API - more robust TLV implementation") Cc: <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit b4824101fca1c3bb111f3839c0fbc08082e9a26b Author: Arnd Bergmann <[email protected]> Date: Fri Jul 14 11:31:03 2017 +0200 staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read commit 105967ad68d2eb1a041bc041f9cf96af2a653b65 upstream. gcc-7 points out an older regression: drivers/staging/iio/resolver/ad2s1210.c: In function 'ad2s1210_read_raw': drivers/staging/iio/resolver/ad2s1210.c:515:42: error: '<<' in boolean context, did you mean '<' ? [-Werror=int-in-bool-context] The original code had 'unsigned short' here, but incorrectly got converted to 'bool'. This reverts the regression and uses a normal type instead. Fixes: 29148543c521 ("staging:iio:resolver:ad2s1210 minimal chan spec conversion.") Cc: [email protected] Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Jonathan Cameron <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit fe1fd359c1dbde1c1561802f62a16ddc67c9ac07 Author: Willem de Bruijn <[email protected]> Date: Thu Aug 10 12:41:58 2017 -0400 packet: fix tp_reserve race in packet_set_ring commit c27927e372f0785f3303e8fad94b85945e2c97b7 upstream. Updates to tp_reserve can race with reads of the field in packet_set_ring. Avoid this by holding the socket lock during updates in setsockopt PACKET_RESERVE. This bug was discovered by syzkaller. Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt") Reported-by: Andrey Konovalov <[email protected]> Signed-off-by: Willem de Bruijn <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 162f50e6914ff75f11d15e52507aa88875878fd8 Author: Tejun Heo <[email protected]> Date: Sun Jul 23 08:36:15 2017 -0400 workqueue: implicit ordered attribute should be overridable commit 0a94efb5acbb6980d7c9ab604372d93cd507e4d8 upstream. 5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be ordered") automatically enabled ordered attribute for unbound workqueues w/ max_active == 1. Because ordered workqueues reject max_active and some attribute changes, this implicit ordered mode broke cases where the user creates an unbound workqueue w/ max_active == 1 and later explicitly changes the related attributes. This patch distinguishes explicit and implicit ordered setting and overrides from attribute changes if implict. Signed-off-by: Tejun Heo <[email protected]> Fixes: 5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be ordered") Cc: Holger Hoffstätte <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit ef6fa3f56c073d7d136f7a318088a030c904f4aa Author: Mahesh Bandewar <[email protected]> Date: Wed Jul 19 15:41:33 2017 -0700 ipv4: initialize fib_trie prior to register_netdev_notifier call. commit 8799a221f5944a7d74516ecf46d58c28ec1d1f75 upstream. Net stack initialization currently initializes fib-trie after the first call to netdevice_notifier() call. In fact fib_trie initialization needs to happen before first rtnl_register(). It does not cause any problem since there are no devices UP at this moment, but trying to bring 'lo' UP at initialization would make this assumption wrong and exposes the issue. Fixes following crash Call Trace: ? alternate_node_alloc+0x76/0xa0 fib_table_insert+0x1b7/0x4b0 fib_magic.isra.17+0xea/0x120 fib_add_ifaddr+0x7b/0x190 fib_netdev_event+0xc0/0x130 register_netdevice_notifier+0x1c1/0x1d0 ip_fib_init+0x72/0x85 ip_rt_init+0x187/0x1e9 ip_init+0xe/0x1a inet_init+0x171/0x26c ? ipv4_offload_init+0x66/0x66 do_one_initcall+0x43/0x160 kernel_init_freeable+0x191/0x219 ? rest_init+0x80/0x80 kernel_init+0xe/0x150 ret_from_fork+0x22/0x30 Code: f6 46 23 04 74 86 4c 89 f7 e8 ae 45 01 00 49 89 c7 4d 85 ff 0f 85 7b ff ff ff 31 db eb 08 4c 89 ff e8 16 47 01 00 48 8b 44 24 38 <45> 8b 6e 14 4d 63 76 74 48 89 04 24 0f 1f 44 00 00 48 83 c4 08 RIP: kmem_cache_alloc+0xcf/0x1c0 RSP: ffff9b1500017c28 CR2: 0000000000000014 Fixes: 7b1a74fdbb9e ("[NETNS]: Refactor fib initialization so it can handle multiple namespaces.") Fixes: 7f9b80529b8a ("[IPV4]: fib hash|trie initialization") Signed-off-by: Mahesh Bandewar <[email protected]> Acked-by: "Eric W. Biederman" <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 50602d3e499b2419b7ff0eda022525625f90e53c Author: Leon Romanovsky <[email protected]> Date: Thu Dec 29 18:37:11 2016 +0200 net/mlx4: Remove BUG_ON from ICM allocation routine commit c1d5f8ff80ea84768f5fae1ca9d1abfbb5e6bbaa upstream. This patch removes BUG_ON() macro from mlx4_alloc_icm_coherent() by checking DMA address alignment in advance and performing proper folding in case of error. Fixes: 5b0bf5e25efe ("mlx4_core: Support ICM tables in coherent memory") Reported-by: Ozgur Karatas <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Tariq Toukan <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit c1327b455fda6390d2b1b199ce35b20d2bd3dea8 Author: Jin Yao <[email protected]> Date: Thu Jun 8 14:01:44 2017 +0800 perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target commit 80f62589fa52f530cffc50e78c0b5a2ae572d61e upstream. When the jump instruction is displayed at the row 0 in annotate view, the arrow is broken. An example: 16.86 â âââje 82 0.01 â movsd (%rsp),%xmm0 â movsd 0x8(%rsp),%xmm4 â movsd 0x8(%rsp),%xmm1 â movsd (%rsp),%xmm3 â divsd %xmm4,%xmm0 â divsd %xmm3,%xmm1 â movsd (%rsp),%xmm2 â addsd %xmm1,%xmm0 â addsd %xmm2,%xmm0 â movsd %xmm0,(%rsp) â82: sub $0x1,%ebx 83.03 â â jne 38 â add $0x10,%rsp â xor %eax,%eax â pop %rbx â â retq The patch increments the row number before checking with 0. Signed-off-by: Yao Jin <[email protected]> Tested-by: Arnaldo Carvalho de Melo <[email protected]> Cc: Alexander Shishkin <[email protected]> Cc: Andi Kleen <[email protected]> Cc: Jiri Olsa <[email protected]> Cc: Kan Liang <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: [email protected] Fixes: 944e1abed9e1 ("perf ui browser: Add method to draw up/down arrow line") Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Arnaldo Carvalho de Melo <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 3a7578afc3ad93519ac925f823b541b9490433f5 Author: Jan Kara <[email protected]> Date: Tue Jun 13 16:20:25 2017 +0200 udf: Fix deadlock between writeback and udf_setsize() commit f2e95355891153f66d4156bf3a142c6489cd78c6 upstream. udf_setsize() called truncate_setsize() with i_data_sem held. Thus truncate_pagecache() called from truncate_setsize() could lock a page under i_data_sem which can deadlock as page lock ranks below i_data_sem - e. g. writeback can hold page lock and try to acquire i_data_sem to map a block. Fix the problem by moving truncate_setsize() calls from under i_data_sem. It is safe for us to change i_size without holding i_data_sem as all the places that depend on i_size being stable already hold inode_lock. CC: [email protected] Fixes: 7e49b6f2480cb9a9e7322a91592e56a5c85361f5 Signed-off-by: Jan Kara <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit ad0871670732e6094c796e0d3062c7b7843891fd Author: Arnd Bergmann <[email protected]> Date: Thu May 11 08:46:44 2017 -0300 ir-core: fix gcc-7 warning on bool arithmetic commit bd7e31bbade02bc1e92aa00d5cf2cee2da66838a upstream. gcc-7 suggests that an expression using a bitwise not and a bitmask on a 'bool' variable is better written using boolean logic: drivers/media/rc/imon.c: In function 'imon_incoming_scancode': drivers/media/rc/imon.c:1725:22: error: '~' on a boolean expression [-Werror=bool-operation] ictx->pad_mouse = ~(ictx->pad_mouse) & 0x1; ^ drivers/media/rc/imon.c:1725:22: note: did you mean to use logical not? I agree. Fixes: 21677cfc562a ("V4L/DVB: ir-core: add imon driver") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 7fb443fa86195a13277194e5f112445d982e639e Author: Horia GeantÄ <[email protected]> Date: Fri Jul 7 16:57:06 2017 +0300 crypto: caam - fix signals handling commit 7459e1d25ffefa2b1be799477fcc1f6c62f6cec7 upstream. Driver does not properly handle the case when signals interrupt wait_for_completion_interruptible(): -it does not check for return value -completion structure is allocated on stack; in case a signal interrupts the sleep, it will go out of scope, causing the worker thread (caam_jr_dequeue) to fail when it accesses it wait_for_completion_interruptible() is replaced with uninterruptable wait_for_completion(). We choose to block all signals while waiting for I/O (device executing the split key generation job descriptor) since the alternative - in order to have a deterministic device state - would be to flush the job ring (aborting *all* in-progress jobs). Cc: <[email protected]> Fixes: 045e36780f115 ("crypto: caam - ahash hmac support") Fixes: 4c1ec1f930154 ("crypto: caam - refactor key_gen, sg") Signed-off-by: Horia GeantÄ <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit b569326cedfc6e0f2dc1c3cc237ad717e4a5b0f4 Author: Helge Deller <[email protected]> Date: Fri Jul 14 14:49:38 2017 -0700 mm: fix overflow check in expand_upwards() commit 37511fb5c91db93d8bd6e3f52f86e5a7ff7cfcdf upstream. Jörn Engel noticed that the expand_upwards() function might not return -ENOMEM in case the requested address is (unsigned long)-PAGE_SIZE and if the architecture didn't defined TASK_SIZE as multiple of PAGE_SIZE. Affected architectures are arm, frv, m68k, blackfin, h8300 and xtensa which all define TASK_SIZE as 0xffffffff, but since none of those have an upwards-growing stack we currently have no actual issue. Nevertheless let's fix this just in case any of the architectures with an upward-growing stack (currently parisc, metag and partly ia64) define TASK_SIZE similar. Link: http://lkml.kernel.org/r/[email protected] Fixes: bd726c90b6b8 ("Allow stack to grow up to address space limit") Signed-off-by: Helge Deller <[email protected]> Reported-by: Jörn Engel <[email protected]> Cc: Hugh Dickins <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 9efa3d527965d5d6772332841923df8d62810bfe Author: Srinivas Dasari <[email protected]> Date: Fri Jul 7 01:43:39 2017 +0300 cfg80211: Check if PMKID attribute is of expected size commit 9361df14d1cbf966409d5d6f48bb334384fbe138 upstream. nla policy checks for only maximum length of the attribute data when the attribute type is NLA_BINARY. If userspace sends less data than specified, the wireless drivers may access illegal memory. When type is NLA_UNSPEC, nla policy check ensures that userspace sends minimum specified length number of bytes. Remove type assignment to NLA_BINARY from nla_policy of NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum WLAN_PMKID_LEN bytes are received from userspace with NL80211_ATTR_PMKID. Fixes: 67fbb16be69d ("nl80211: PMKSA caching support") Cc: [email protected] Signed-off-by: Srinivas Dasari <[email protected]> Signed-off-by: Jouni Malinen <[email protected]> Signed-off-by: Johannes Berg <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit d47408188914e18508116fe473c7889208a59a7d Author: Srinivas Dasari <[email protected]> Date: Fri Jul 7 01:43:42 2017 +0300 cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES commit d7f13f7450369281a5d0ea463cc69890a15923ae upstream. validate_scan_freqs() retrieves frequencies from attributes nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with nla_get_u32(), which reads 4 bytes from each attribute without validating the size of data received. Attributes nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy. Validate size of each attribute before parsing to avoid potential buffer overread. Fixes: 2a519311926 ("cfg80211/nl80211: scanning (and mac80211 update to use it)") Cc: [email protected] Signed-off-by: Srinivas Dasari <[email protected]> Signed-off-by: Jouni Malinen <[email protected]> Signed-off-by: Johannes Berg <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit fa69abfe6a07ae3c009b30271966b871799077b6 Author: WANG Cong <[email protected]> Date: Wed Jun 21 14:34:58 2017 -0700 ipv6: avoid unregistering inet6_dev for loopback commit 60abc0be96e00ca71bac083215ac91ad2e575096 upstream. The per netns loopback_dev->ip6_ptr is unregistered and set to NULL when its mtu is set to smaller than IPV6_MIN_MTU, this leads to that we could set rt->rt6i_idev NULL after a rt6_uncached_list_flush_dev() and then crash after another call. In this case we should just bring its inet6_dev down, rather than unregistering it, at least prior to commit 176c39af29bc ("netns: fix addrconf_ifdown kernel panic") we always override the case for loopback. Thanks a lot to Andrey for finding a reliable reproducer. Fixes: 176c39af29bc ("netns: fix addrconf_ifdown kernel panic") Reported-by: Andrey Konovalov <[email protected]> Cc: Andrey Konovalov <[email protected]> Cc: Daniel Lezcano <[email protected]> Cc: David Ahern <[email protected]> Signed-off-by: Cong Wang <[email protected]> Acked-by: David Ahern <[email protected]> Tested-by: Andrey Konovalov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 98b9e94ba66c9907ff8f7276c6f9bb71cce1c4ae Author: Dan Carpenter <[email protected]> Date: Thu Feb 9 17:17:52 2017 +0000 KEYS: Fix an error code in request_master_key() commit 57cb17e764ba0aaa169d07796acce54ccfbc6cae upstream. This function has two callers and neither are able to handle a NULL return. Really, -EINVAL is the correct thing return here anyway. This fixes some static checker warnings like: security/keys/encrypted-keys/encrypted.c:709 encrypted_key_decrypt() error: uninitialized symbol 'master_key'. Fixes: 7e70cb497850 ("keys: add new key-type encrypted") Signed-off-by: Dan Carpenter <[email protected]> Acked-by: Mimi Zohar <[email protected]> Signed-off-by: James Morris <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit fe77accbd15d54708f5f4f23b585f6ca6225f9a4 Author: Radim KrÄmáŠ<[email protected]> Date: Thu May 18 19:37:30 2017 +0200 KVM: x86: zero base3 of unusable segments commit f0367ee1d64d27fa08be2407df5c125442e885e3 upstream. Static checker noticed that base3 could be used uninitialized if the segment was not present (useable). Random stack values probably would not pass VMCS entry checks. Reported-by: Dan Carpenter <[email protected]> Fixes: 1aa366163b8b ("KVM: x86 emulator: consolidate segment accessors") Reviewed-by: Paolo Bonzini <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Signed-off-by: Radim KrÄmáŠ<[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 40cfe451debb10d983378f72868359a17656be8a Author: Dan Carpenter <[email protected]> Date: Tue Feb 7 16:19:06 2017 +0300 cpufreq: s3c2416: double free on driver init error path commit a69261e4470d680185a15f748d9cdafb37c57a33 upstream. The "goto err_armclk;" error path already does a clk_put(s3c_freq->hclk); so this is a double free. Fixes: 34ee55075265 ([CPUFREQ] Add S3C2416/S3C2450 cpufreq driver) Signed-off-by: Dan Carpenter <[email protected]> Reviewed-by: Krzysztof Kozlowski <[email protected]> Acked-by: Viresh Kumar <[email protected]> Signed-off-by: Rafael J. Wysocki <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 04d006963029d0346be966d1c5e6147995d08b8d Author: Dan Carpenter <[email protected]> Date: Wed Jun 14 13:34:05 2017 +0300 xfrm: Oops on error in pfkey_msg2xfrm_state() commit 1e3d0c2c70cd3edb5deed186c5f5c75f2b84a633 upstream. There are some missing error codes here so we accidentally return NULL instead of an error pointer. It results in a NULL pointer dereference. Fixes: df71837d5024 ("[LSM-IPSec]: Security association restriction.") Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: Steffen Klassert <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit f478b4264a3c62b6b2d2b63a707e56c2f0cfdc6c Author: Dan Carpenter <[email protected]> Date: Wed Jun 14 13:35:37 2017 +0300 xfrm: NULL dereference on allocation failure commit e747f64336fc15e1c823344942923195b800aa1e upstream. The default error code in pfkey_msg2xfrm_state() is -ENOBUFS. We added a new call to security_xfrm_state_alloc() which sets "err" to zero so there several places where we can return ERR_PTR(0) if kmalloc() fails. The caller is expecting error pointers so it leads to a NULL dereference. Fixes: df71837d5024 ("[LSM-IPSec]: Security association restriction.") Signed-off-by: Dan Carpenter <[email protected]> Signed-off-by: Steffen Klassert <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 6ac502ceabf86463c4a35166851edf497960262f Author: Florian Fainelli <[email protected]> Date: Fri Dec 23 19:56:56 2016 -0800 net: korina: Fix NAPI versus resources freeing commit e6afb1ad88feddf2347ea779cfaf4d03d3cd40b6 upstream. Commit beb0babfb77e ("korina: disable napi on close and restart") introduced calls to napi_disable() that were missing before, unfortunately this leaves a small window during which NAPI has a chance to run, yet we just freed resources since korina_free_ring() has been called: Fix this by disabling NAPI first then freeing resource, and make sure that we also cancel the restart task before doing the resource freeing. Fixes: beb0babfb77e ("korina: disable napi on close and restart") Reported-by: Alexandros C. Couloumbis <[email protected]> Signed-off-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 18144201ec726dffd07cebf3df0cd2b799fc9fc0 Author: Russell King <[email protected]> Date: Tue May 30 16:21:51 2017 +0100 net: phy: fix marvell phy status reading commit 898805e0cdf7fd860ec21bf661d3a0285a3defbd upstream. The Marvell driver incorrectly provides phydev->lp_advertising as the logical and of the link partner's advert and our advert. This is incorrect - this field is supposed to store the link parter's unmodified advertisment. This allows ethtool to report the correct link partner auto-negotiation status. Fixes: be937f1f89ca ("Marvell PHY m88e1111 driver fix") Signed-off-by: Russell King <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Willy Tarreau <[email protected]> commit 240607692cd84b2ed16b0f346bdaa4f5a787322b Author: Dan Carpenter <[email protected]> Date: Mon May 8 15:55:17 2017 -0700 drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR() commit 8128a31eaadbcdfa37774bbd28f3f00bac69996a upstream. c2port_device_register() never returns NULL, it uses error pointers. Link: http://lkml.kernel.org/r/20170412083321.GC3250@mwanda Fixes: 65131cd52b9e ("c2port: add c2port support for Eurotech Duramar 2150") Signed-off-by: Dan Carpenter <[email protected]> Acked-by: Rodolfo Giometti <[email protected]> diff --git a/Documentation/devicetree/bindings/clock/imx31-clock.txt b/Documentation/devicetree/bindings/clock/imx31-clock.txt index 19df842..8163d56 100644 --- a/Documentation/devicetree/bindings/clock/imx31-clock.txt +++ b/Documentation/devicetree/bindings/clock/imx31-clock.txt @@ -77,7 +77,7 @@ Examples: clks: ccm@53f80000{ compatible = "fsl,imx31-ccm"; reg = <0x53f80000 0x4000>; - interrupts = <0 31 0x04 0 53 0x04>; + interrupts = <31>, <53>; #clock-cells = <1>; }; diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 98da831..ed0c7e3 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -955,6 +955,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. When zero, profiling data is discarded and associated debugfs files are removed at module unload time. + goldfish [X86] Enable the goldfish android emulator platform. + Don't use this when you are not running on the + android emulator + gpt [EFI] Forces disk with valid GPT signature but invalid Protective MBR to be treated as GPT. @@ -2885,6 +2889,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. spia_pedr= spia_peddr= + stack_guard_gap= [MM] + override the default stack gap protection. The value + is in page units and it defines how many pages prior + to (for stacks growing down) resp. after (for stacks + growing up) the main stack are reserved for no other + mapping. Default value is 256 pages. + stacktrace [FTRACE] Enabled the stack tracer on boot up. diff --git a/Makefile b/Makefile index 80e180e..924f98a 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ VERSION = 3 PATCHLEVEL = 10 -SUBLEVEL = 105 +SUBLEVEL = 108 EXTRAVERSION = -NAME = TOSSUG Baby Fish +NAME = END-OF-LIFE # *DOCUMENTATION* # To see a list of typical targets execute "make help" diff --git a/arch/arc/kernel/unaligned.c b/arch/arc/kernel/unaligned.c index 116d3e0..e6b365d 100644 --- a/arch/arc/kernel/unaligned.c +++ b/arch/arc/kernel/unaligned.c @@ -228,8 +228,9 @@ int misaligned_fixup(unsigned long address, struct pt_regs *regs, if (state.fault) goto fault; + /* clear any remanants of delay slot */ if (delay_mode(regs)) { - regs->ret = regs->bta; + regs->ret = regs->bta & ~1U; regs->status32 &= ~STATUS_DE_MASK; } else { regs->ret += state.instr_len; diff --git a/arch/arc/mm/mmap.c b/arch/arc/mm/mmap.c index 2e06d56..cf4ae69 100644 --- a/arch/arc/mm/mmap.c +++ b/arch/arc/mm/mmap.c @@ -64,7 +64,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, vma = find_vma(mm, addr); if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) + (!vma || addr + len <= vm_start_gap(vma))) return addr; } diff --git a/arch/arm/boot/dts/da850-evm.dts b/arch/arm/boot/dts/da850-evm.dts index c914357..d3c206e 100644 --- a/arch/arm/boot/dts/da850-evm.dts +++ b/arch/arm/boot/dts/da850-evm.dts @@ -59,6 +59,7 @@ #size-cells = <1>; compatible = "m25p64"; spi-max-frequency = <30000000>; + m25p,fast-read; reg = <0>; partition@0 { label = "U-Boot-SPL"; diff --git a/arch/arm/boot/dts/imx31.dtsi b/arch/arm/boot/dts/imx31.dtsi index c544925..b73190d 100644 --- a/arch/arm/boot/dts/imx31.dtsi +++ b/arch/arm/boot/dts/imx31.dtsi @@ -20,11 +20,11 @@ serial4 = &uart5; }; - avic: avic-interrupt-controller@60000000 { + avic: interrupt-controller@68000000 { compatible = "fsl,imx31-avic", "fsl,avic"; interrupt-controller; #interrupt-cells = <1>; - reg = <0x60000000 0x100000>; + reg = <0x68000000 0x100000>; }; soc { @@ -93,13 +93,6 @@ clock-names = "ipg", "per"; status = "disabled"; }; - - clks: ccm@53f80000{ - compatible = "fsl,imx31-ccm"; - reg = <0x53f80000 0x4000>; - interrupts = <0 31 0x04 0 53 0x04>; - #clock-cells = <1>; - }; }; aips@53f00000 { /* AIPS2 */ @@ -109,6 +102,13 @@ reg = <0x53f00000 0x100000>; ranges; + clks: ccm@53f80000{ + compatible = "fsl,imx31-ccm"; + reg = <0x53f80000 0x4000>; + interrupts = <31>, <53>; + #clock-cells = <1>; + }; + gpt: timer@53f90000 { compatible = "fsl,imx31-gpt"; reg = <0x53f90000 0x4000>; diff --git a/arch/arm/include/asm/cputype.h b/arch/arm/include/asm/cputype.h index dba62cb..f389107 100644 --- a/arch/arm/include/asm/cputype.h +++ b/arch/arm/include/asm/cputype.h @@ -58,6 +58,9 @@ #define ARM_CPU_XSCALE_ARCH_V2 0x4000 #define ARM_CPU_XSCALE_ARCH_V3 0x6000 +/* Qualcomm implemented cores */ +#define ARM_CPU_PART_SCORPION 0x510002d0 + extern unsigned int processor_id; #ifdef CONFIG_CPU_CP15 diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c index 1fd749e..b0b69e9 100644 --- a/arch/arm/kernel/hw_breakpoint.c +++ b/arch/arm/kernel/hw_breakpoint.c @@ -1066,6 +1066,22 @@ static int __init arch_hw_breakpoint_init(void) return 0; } + /* + * Scorpion CPUs (at least those in APQ8060) seem to set DBGPRSR.SPD + * whenever a WFI is issued, even if the core is not powered down, in + * violation of the architecture. When DBGPRSR.SPD is set, accesses to + * breakpoint and watchpoint registers are treated as undefined, so + * this results in boot time and runtime failures when these are + * accessed and we unexpectedly take a trap. + * + * It's not clear if/how this can be worked around, so we blacklist + * Scorpion CPUs to avoid these issues. + */ + if ((read_cpuid_id() & 0xff00fff0) == ARM_CPU_PART_SCORPION) { + pr_info("Scorpion CPU detected. Hardware breakpoints and watchpoints disabled\n"); + return 0; + } + has_ossr = core_has_os_save_restore(); /* Determine how many BRPs/WRPs are available. */ diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 4e2110d..dfdd683 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -600,7 +600,7 @@ static int gpr_set(struct task_struct *target, const void *kbuf, const void __user *ubuf) { int ret; - struct pt_regs newregs; + struct pt_regs newregs = *task_pt_regs(target); ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newregs, diff --git a/arch/arm/mach-ux500/pm.c b/arch/arm/mach-ux500/pm.c index 1a468f0..9d53256 100644 --- a/arch/arm/mach-ux500/pm.c +++ b/arch/arm/mach-ux500/pm.c @@ -128,8 +128,8 @@ bool prcmu_pending_irq(void) */ bool prcmu_is_cpu_in_wfi(int cpu) { - return readl(PRCM_ARM_WFI_STANDBY) & cpu ? PRCM_ARM_WFI_STANDBY_WFI1 : - PRCM_ARM_WFI_STANDBY_WFI0; + return readl(PRCM_ARM_WFI_STANDBY) & + (cpu ? PRCM_ARM_WFI_STANDBY_WFI1 : PRCM_ARM_WFI_STANDBY_WFI0); } /* diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index 5ef506c..984509e 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -89,7 +89,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, vma = find_vma(mm, addr); if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) + (!vma || addr + len <= vm_start_gap(vma))) return addr; } @@ -140,7 +140,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) + (!vma || addr + len <= vm_start_gap(vma))) return addr; } diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c index 81edd31..810ae2d 100644 --- a/arch/arm/xen/enlighten.c +++ b/arch/arm/xen/enlighten.c @@ -258,8 +258,7 @@ static int __init xen_guest_init(void) * for secondary CPUs as they are brought up. * For uniformity we use VCPUOP_register_vcpu_info even on cpu0. */ - xen_vcpu_info = __alloc_percpu(sizeof(struct vcpu_info), - sizeof(struct vcpu_info)); + xen_vcpu_info = alloc_percpu(struct vcpu_info); if (xen_vcpu_info == NULL) return -ENOMEM; diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 6913643..c136fd5 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -75,6 +75,7 @@ struct user_fpsimd_state { __uint128_t vregs[32]; __u32 fpsr; __u32 fpcr; + __u32 __reserved[2]; }; struct user_hwdebug_state { diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index dfad98f..015775a 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -464,6 +464,8 @@ static int hw_break_set(struct task_struct *target, /* (address, ctrl) registers */ limit = regset->n * regset->size; while (count && offset < limit) { + if (count < PTRACE_HBP_ADDR_SZ) + return -EINVAL; ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &addr, offset, offset + PTRACE_HBP_ADDR_SZ); if (ret) @@ -473,6 +475,8 @@ static int hw_break_set(struct task_struct *target, return ret; offset += PTRACE_HBP_ADDR_SZ; + if (!count) + break; ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &ctrl, offset, offset + PTRACE_HBP_CTRL_SZ); if (ret) @@ -509,7 +513,7 @@ static int gpr_set(struct task_struct *target, const struct user_regset *regset, const void *kbuf, const void __user *ubuf) { int ret; - struct user_pt_regs newregs; + struct user_pt_regs newregs = task_pt_regs(target)->user_regs; ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newregs, 0, -1); if (ret) @@ -539,7 +543,8 @@ static int fpr_set(struct task_struct *target, const struct user_regset *regset, const void *kbuf, const void __user *ubuf) { int ret; - struct user_fpsimd_state newstate; + struct user_fpsimd_state newstate = + target->thread.fpsimd_state.user_fpsimd; ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &newstate, 0, -1); if (ret) @@ -562,7 +567,7 @@ static int tls_set(struct task_struct *target, const struct user_regset *regset, const void *kbuf, const void __user *ubuf) { int ret; - unsigned long tls; + unsigned long tls = target->thread.tp_value; ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); if (ret) diff --git a/arch/c6x/kernel/ptrace.c b/arch/c6x/kernel/ptrace.c index 3c494e8..a511ac1 100644 --- a/arch/c6x/kernel/ptrace.c +++ b/arch/c6x/kernel/ptrace.c @@ -69,46 +69,6 @@ static int gpr_get(struct task_struct *target, 0, sizeof(*regs)); } -static int gpr_set(struct task_struct *target, - const struct user_regset *regset, - unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) -{ - int ret; - struct pt_regs *regs = task_pt_regs(target); - - /* Don't copyin TSR or CSR */ - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, - ®s, - 0, PT_TSR * sizeof(long)); - if (ret) - return ret; - - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, - PT_TSR * sizeof(long), - (PT_TSR + 1) * sizeof(long)); - if (ret) - return ret; - - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, - ®s, - (PT_TSR + 1) * sizeof(long), - PT_CSR * sizeof(long)); - if (ret) - return ret; - - ret = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, - PT_CSR * sizeof(long), - (PT_CSR + 1) * sizeof(long)); - if (ret) - return ret; - - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, - ®s, - (PT_CSR + 1) * sizeof(long), -1); - return ret; -} - enum c6x_regset { REGSET_GPR, }; @@ -120,7 +80,6 @@ static const struct user_regset c6x_regsets[] = { .size = sizeof(u32), .align = sizeof(u32), .get = gpr_get, - .set = gpr_set }, }; diff --git a/arch/cris/boot/rescue/Makefile b/arch/cris/boot/rescue/Makefile index 52bd0bd..d98edbb 100644 --- a/arch/cris/boot/rescue/Makefile +++ b/arch/cris/boot/rescue/Makefile @@ -10,6 +10,9 @@ asflags-y += $(LINUXINCLUDE) ccflags-y += -O2 $(LINUXINCLUDE) + +ifdef CONFIG_ETRAX_AXISFLASHMAP + arch-$(CONFIG_ETRAX_ARCH_V10) = v10 arch-$(CONFIG_ETRAX_ARCH_V32) = v32 @@ -28,6 +31,11 @@ $(obj)/rescue.bin: $(obj)/rescue.o FORCE $(call if_changed,objcopy) cp -p $(obj)/rescue.bin $(objtree) +else +$(obj)/rescue.bin: + +endif + $(obj)/testrescue.bin: $(obj)/testrescue.o $(OBJCOPY) $(OBJCOPYFLAGS) $(obj)/testrescue.o tr.bin # Pad it to 784 bytes diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c index 836f1470..efa59f1 100644 --- a/arch/frv/mm/elf-fdpic.c +++ b/arch/frv/mm/elf-fdpic.c @@ -74,7 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi addr = PAGE_ALIGN(addr); vma = find_vma(current->mm, addr); if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) + (!vma || addr + len <= vm_start_gap(vma))) goto success; } diff --git a/arch/m68k/include/asm/delay.h b/arch/m68k/include/asm/delay.h index d28fa8f..c598d84 100644 --- a/arch/m68k/include/asm/delay.h +++ b/arch/m68k/include/asm/delay.h @@ -114,6 +114,6 @@ static inline void __udelay(unsigned long usecs) */ #define HZSCALE (268435456 / (1000000 / HZ)) -#define ndelay(n) __delay(DIV_ROUND_UP((n) * ((((HZSCALE) >> 11) * (loops_per_jiffy >> 11)) >> 6), 1000)); +#define ndelay(n) __delay(DIV_ROUND_UP((n) * ((((HZSCALE) >> 11) * (loops_per_jiffy >> 11)) >> 6), 1000)) #endif /* defined(_M68K_DELAY_H) */ diff --git a/arch/metag/include/asm/uaccess.h b/arch/metag/include/asm/uaccess.h index 7841f22..9d52337 100644 --- a/arch/metag/include/asm/uaccess.h +++ b/arch/metag/include/asm/uaccess.h @@ -192,20 +192,21 @@ extern long __must_check strnlen_user(const char __user *src, long count); #define strlen_user(str) strnlen_user(str, 32767) -extern unsigned long __must_check __copy_user_zeroing(void *to, - const void __user *from, - unsigned long n); +extern unsigned long raw_copy_from_user(void *to, const void __user *from, + unsigned long n); static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n) { + unsigned long res = n; if (likely(access_ok(VERIFY_READ, from, n))) - return __copy_user_zeroing(to, from, n); - memset(to, 0, n); - return n; + res = raw_copy_from_user(to, from, n); + if (unlikely(res)) + memset(to + (n - res), 0, res); + return res; } -#define __copy_from_user(to, from, n) __copy_user_zeroing(to, from, n) +#define __copy_from_user(to, from, n) raw_copy_from_user(to, from, n) #define __copy_from_user_inatomic __copy_from_user extern unsigned long __must_check __copy_user(void __user *to, diff --git a/arch/metag/kernel/ptrace.c b/arch/metag/kernel/ptrace.c index 7563628..5e2dc7d 100644 --- a/arch/metag/kernel/ptrace.c +++ b/arch/metag/kernel/ptrace.c @@ -24,6 +24,16 @@ * user_regset definitions. */ +static unsigned long user_txstatus(const struct pt_regs *regs) +{ + unsigned long data = (unsigned long)regs->ctx.Flags; + + if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) + data |= USER_GP_REGS_STATUS_CATCH_BIT; + + return data; +} + int metag_gp_regs_copyout(const struct pt_regs *regs, unsigned int pos, unsigned int count, void *kbuf, void __user *ubuf) @@ -62,9 +72,7 @@ int metag_gp_regs_copyout(const struct pt_regs *regs, if (ret) goto out; /* TXSTATUS */ - data = (unsigned long)regs->ctx.Flags; - if (regs->ctx.SaveMask & TBICTX_CBUF_BIT) - data |= USER_GP_REGS_STATUS_CATCH_BIT; + data = user_txstatus(regs); ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &data, 4*25, 4*26); if (ret) @@ -119,6 +127,7 @@ int metag_gp_regs_copyin(struct pt_regs *regs, if (ret) goto out; /* TXSTATUS */ + data = user_txstatus(regs); ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &data, 4*25, 4*26); if (ret) @@ -244,6 +253,8 @@ int metag_rp_state_copyin(struct pt_regs *regs, unsigned long long *ptr; int ret, i; + if (count < 4*13) + return -EINVAL; /* Read the entire pipeline before making any changes */ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &rp, 0, 4*13); @@ -303,7 +314,7 @@ static int metag_tls_set(struct task_struct *target, const void *kbuf, const void __user *ubuf) { int ret; - void __user *tls; + void __user *tls = target->thread.tls_ptr; ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &tls, 0, -1); if (ret) diff --git a/arch/metag/lib/usercopy.c b/arch/metag/lib/usercopy.c index b3ebfe9..2792fc6 100644 --- a/arch/metag/lib/usercopy.c +++ b/arch/metag/lib/usercopy.c @@ -29,7 +29,6 @@ COPY \ "1:\n" \ " .section .fixup,\"ax\"\n" \ - " MOV D1Ar1,#0\n" \ FIXUP \ " MOVT D1Ar1,#HI(1b)\n" \ " JUMP D1Ar1,#LO(1b)\n" \ @@ -260,27 +259,31 @@ "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ "22:\n" \ "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ - "SUB %3, %3, #32\n" \ "23:\n" \ - "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ + "SUB %3, %3, #32\n" \ "24:\n" \ + "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ + "25:\n" \ "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "26:\n" \ "SUB %3, %3, #32\n" \ "DCACHE [%1+#-64], D0Ar6\n" \ "BR $Lloop"id"\n" \ \ "MOV RAPF, %1\n" \ - "25:\n" \ + "27:\n" \ "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "26:\n" \ + "28:\n" \ "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "29:\n" \ "SUB %3, %3, #32\n" \ - "27:\n" \ + "30:\n" \ "MGETL D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "28:\n" \ + "31:\n" \ "MSETL [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "32:\n" \ "SUB %0, %0, #8\n" \ - "29:\n" \ + "33:\n" \ "SETL [%0++], D0.7, D1.7\n" \ "SUB %3, %3, #32\n" \ "1:" \ @@ -312,11 +315,15 @@ " .long 26b,3b\n" \ " .long 27b,3b\n" \ " .long 28b,3b\n" \ - " .long 29b,4b\n" \ + " .long 29b,3b\n" \ + " .long 30b,3b\n" \ + " .long 31b,3b\n" \ + " .long 32b,3b\n" \ + " .long 33b,4b\n" \ " .previous\n" \ : "=r" (to), "=r" (from), "=r" (ret), "=d" (n) \ : "0" (to), "1" (from), "2" (ret), "3" (n) \ - : "D1Ar1", "D0Ar2", "memory") + : "D1Ar1", "D0Ar2", "cc", "memory") /* rewind 'to' and 'from' pointers when a fault occurs * @@ -342,7 +349,7 @@ #define __asm_copy_to_user_64bit_rapf_loop(to, from, ret, n, id)\ __asm_copy_user_64bit_rapf_loop(to, from, ret, n, id, \ "LSR D0Ar2, D0Ar2, #8\n" \ - "AND D0Ar2, D0Ar2, #0x7\n" \ + "ANDS D0Ar2, D0Ar2, #0x7\n" \ "ADDZ D0Ar2, D0Ar2, #4\n" \ "SUB D0Ar2, D0Ar2, #1\n" \ "MOV D1Ar1, #4\n" \ @@ -403,47 +410,55 @@ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ "22:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ - "SUB %3, %3, #16\n" \ "23:\n" \ - "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "24:\n" \ - "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ "SUB %3, %3, #16\n" \ - "25:\n" \ + "24:\n" \ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "26:\n" \ + "25:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "26:\n" \ "SUB %3, %3, #16\n" \ "27:\n" \ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ "28:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "29:\n" \ + "SUB %3, %3, #16\n" \ + "30:\n" \ + "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ + "31:\n" \ + "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "32:\n" \ "SUB %3, %3, #16\n" \ "DCACHE [%1+#-64], D0Ar6\n" \ "BR $Lloop"id"\n" \ \ "MOV RAPF, %1\n" \ - "29:\n" \ + "33:\n" \ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "30:\n" \ + "34:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "35:\n" \ "SUB %3, %3, #16\n" \ - "31:\n" \ + "36:\n" \ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "32:\n" \ + "37:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "38:\n" \ "SUB %3, %3, #16\n" \ - "33:\n" \ + "39:\n" \ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "34:\n" \ + "40:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "41:\n" \ "SUB %3, %3, #16\n" \ - "35:\n" \ + "42:\n" \ "MGETD D0FrT, D0.5, D0.6, D0.7, [%1++]\n" \ - "36:\n" \ + "43:\n" \ "MSETD [%0++], D0FrT, D0.5, D0.6, D0.7\n" \ + "44:\n" \ "SUB %0, %0, #4\n" \ - "37:\n" \ + "45:\n" \ "SETD [%0++], D0.7\n" \ "SUB %3, %3, #16\n" \ "1:" \ @@ -483,11 +498,19 @@ " .long 34b,3b\n" \ " .long 35b,3b\n" \ " .long 36b,3b\n" \ - " .long 37b,4b\n" \ + " .long 37b,3b\n" \ + " .long 38b,3b\n" \ + " .long 39b,3b\n" \ + " .long 40b,3b\n" \ + " .long 41b,3b\n" \ + " .long 42b,3b\n" \ + " .long 43b,3b\n" \ + " .long 44b,3b\n" \ + " .long 45b,4b\n" \ " .previous\n" \ : "=r" (to), "=r" (from), "=r" (ret), "=d" (n) \ : "0" (to), "1" (from), "2" (ret), "3" (n) \ - : "D1Ar1", "D0Ar2", "memory") + : "D1Ar1", "D0Ar2", "cc", "memory") /* rewind 'to' and 'from' pointers when a fault occurs * @@ -513,7 +536,7 @@ #define __asm_copy_to_user_32bit_rapf_loop(to, from, ret, n, id)\ __asm_copy_user_32bit_rapf_loop(to, from, ret, n, id, \ "LSR D0Ar2, D0Ar2, #8\n" \ - "AND D0Ar2, D0Ar2, #0x7\n" \ + "ANDS D0Ar2, D0Ar2, #0x7\n" \ "ADDZ D0Ar2, D0Ar2, #4\n" \ "SUB D0Ar2, D0Ar2, #1\n" \ "MOV D1Ar1, #4\n" \ @@ -538,23 +561,31 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, if ((unsigned long) src & 1) { __asm_copy_to_user_1(dst, src, retn); n--; + if (retn) + return retn + n; } if ((unsigned long) dst & 1) { /* Worst case - byte copy */ while (n > 0) { __asm_copy_to_user_1(dst, src, retn); n--; + if (retn) + return retn + n; } } if (((unsigned long) src & 2) && n >= 2) { __asm_copy_to_user_2(dst, src, retn); n -= 2; + if (retn) + return retn + n; } if ((unsigned long) dst & 2) { /* Second worst case - word copy */ while (n >= 2) { __asm_copy_to_user_2(dst, src, retn); n -= 2; + if (retn) + return retn + n; } } @@ -569,6 +600,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 8) { __asm_copy_to_user_8x64(dst, src, retn); n -= 8; + if (retn) + return retn + n; } } if (n >= RAPF_MIN_BUF_SIZE) { @@ -581,6 +614,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 8) { __asm_copy_to_user_8x64(dst, src, retn); n -= 8; + if (retn) + return retn + n; } } #endif @@ -588,11 +623,15 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 16) { __asm_copy_to_user_16(dst, src, retn); n -= 16; + if (retn) + return retn + n; } while (n >= 4) { __asm_copy_to_user_4(dst, src, retn); n -= 4; + if (retn) + return retn + n; } switch (n) { @@ -609,6 +648,10 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, break; } + /* + * If we get here, retn correctly reflects the number of failing + * bytes. + */ return retn; } EXPORT_SYMBOL(__copy_user); @@ -617,16 +660,14 @@ EXPORT_SYMBOL(__copy_user); __asm_copy_user_cont(to, from, ret, \ " GETB D1Ar1,[%1++]\n" \ "2: SETB [%0++],D1Ar1\n", \ - "3: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ + "3: ADD %2,%2,#1\n", \ " .long 2b,3b\n") #define __asm_copy_from_user_2x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ __asm_copy_user_cont(to, from, ret, \ " GETW D1Ar1,[%1++]\n" \ "2: SETW [%0++],D1Ar1\n" COPY, \ - "3: ADD %2,%2,#2\n" \ - " SETW [%0++],D1Ar1\n" FIXUP, \ + "3: ADD %2,%2,#2\n" FIXUP, \ " .long 2b,3b\n" TENTRY) #define __asm_copy_from_user_2(to, from, ret) \ @@ -636,145 +677,26 @@ EXPORT_SYMBOL(__copy_user); __asm_copy_from_user_2x_cont(to, from, ret, \ " GETB D1Ar1,[%1++]\n" \ "4: SETB [%0++],D1Ar1\n", \ - "5: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ + "5: ADD %2,%2,#1\n", \ " .long 4b,5b\n") #define __asm_copy_from_user_4x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ __asm_copy_user_cont(to, from, ret, \ " GETD D1Ar1,[%1++]\n" \ "2: SETD [%0++],D1Ar1\n" COPY, \ - "3: ADD %2,%2,#4\n" \ - " SETD [%0++],D1Ar1\n" FIXUP, \ + "3: ADD %2,%2,#4\n" FIXUP, \ " .long 2b,3b\n" TENTRY) #define __asm_copy_from_user_4(to, from, ret) \ __asm_copy_from_user_4x_cont(to, from, ret, "", "", "") -#define __asm_copy_from_user_5(to, from, ret) \ - __asm_copy_from_user_4x_cont(to, from, ret, \ - " GETB D1Ar1,[%1++]\n" \ - "4: SETB [%0++],D1Ar1\n", \ - "5: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ - " .long 4b,5b\n") - -#define __asm_copy_from_user_6x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ - __asm_copy_from_user_4x_cont(to, from, ret, \ - " GETW D1Ar1,[%1++]\n" \ - "4: SETW [%0++],D1Ar1\n" COPY, \ - "5: ADD %2,%2,#2\n" \ - " SETW [%0++],D1Ar1\n" FIXUP, \ - " .long 4b,5b\n" TENTRY) - -#define __asm_copy_from_user_6(to, from, ret) \ - __asm_copy_from_user_6x_cont(to, from, ret, "", "", "") - -#define __asm_copy_from_user_7(to, from, ret) \ - __asm_copy_from_user_6x_cont(to, from, ret, \ - " GETB D1Ar1,[%1++]\n" \ - "6: SETB [%0++],D1Ar1\n", \ - "7: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ - " .long 6b,7b\n") - -#define __asm_copy_from_user_8x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ - __asm_copy_from_user_4x_cont(to, from, ret, \ - " GETD D1Ar1,[%1++]\n" \ - "4: SETD [%0++],D1Ar1\n" COPY, \ - "5: ADD %2,%2,#4\n" \ - " SETD [%0++],D1Ar1\n" FIXUP, \ - " .long 4b,5b\n" TENTRY) - -#define __asm_copy_from_user_8(to, from, ret) \ - __asm_copy_from_user_8x_cont(to, from, ret, "", "", "") - -#define __asm_copy_from_user_9(to, from, ret) \ - __asm_copy_from_user_8x_cont(to, from, ret, \ - " GETB D1Ar1,[%1++]\n" \ - "6: SETB [%0++],D1Ar1\n", \ - "7: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ - " .long 6b,7b\n") - -#define __asm_copy_from_user_10x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ - __asm_copy_from_user_8x_cont(to, from, ret, \ - " GETW D1Ar1,[%1++]\n" \ - "6: SETW [%0++],D1Ar1\n" COPY, \ - "7: ADD %2,%2,#2\n" \ - " SETW [%0++],D1Ar1\n" FIXUP, \ - " .long 6b,7b\n" TENTRY) - -#define __asm_copy_from_user_10(to, from, ret) \ - __asm_copy_from_user_10x_cont(to, from, ret, "", "", "") - -#define __asm_copy_from_user_11(to, from, ret) \ - __asm_copy_from_user_10x_cont(to, from, ret, \ - " GETB D1Ar1,[%1++]\n" \ - "8: SETB [%0++],D1Ar1\n", \ - "9: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ - " .long 8b,9b\n") - -#define __asm_copy_from_user_12x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ - __asm_copy_from_user_8x_cont(to, from, ret, \ - " GETD D1Ar1,[%1++]\n" \ - "6: SETD [%0++],D1Ar1\n" COPY, \ - "7: ADD %2,%2,#4\n" \ - " SETD [%0++],D1Ar1\n" FIXUP, \ - " .long 6b,7b\n" TENTRY) - -#define __asm_copy_from_user_12(to, from, ret) \ - __asm_copy_from_user_12x_cont(to, from, ret, "", "", "") - -#define __asm_copy_from_user_13(to, from, ret) \ - __asm_copy_from_user_12x_cont(to, from, ret, \ - " GETB D1Ar1,[%1++]\n" \ - "8: SETB [%0++],D1Ar1\n", \ - "9: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ - " .long 8b,9b\n") - -#define __asm_copy_from_user_14x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ - __asm_copy_from_user_12x_cont(to, from, ret, \ - " GETW D1Ar1,[%1++]\n" \ - "8: SETW [%0++],D1Ar1\n" COPY, \ - "9: ADD %2,%2,#2\n" \ - " SETW [%0++],D1Ar1\n" FIXUP, \ - " .long 8b,9b\n" TENTRY) - -#define __asm_copy_from_user_14(to, from, ret) \ - __asm_copy_from_user_14x_cont(to, from, ret, "", "", "") - -#define __asm_copy_from_user_15(to, from, ret) \ - __asm_copy_from_user_14x_cont(to, from, ret, \ - " GETB D1Ar1,[%1++]\n" \ - "10: SETB [%0++],D1Ar1\n", \ - "11: ADD %2,%2,#1\n" \ - " SETB [%0++],D1Ar1\n", \ - " .long 10b,11b\n") - -#define __asm_copy_from_user_16x_cont(to, from, ret, COPY, FIXUP, TENTRY) \ - __asm_copy_from_user_12x_cont(to, from, ret, \ - " GETD D1Ar1,[%1++]\n" \ - "8: SETD [%0++],D1Ar1\n" COPY, \ - "9: ADD %2,%2,#4\n" \ - " SETD [%0++],D1Ar1\n" FIXUP, \ - " .long 8b,9b\n" TENTRY) - -#define __asm_copy_from_user_16(to, from, ret) \ - __asm_copy_from_user_16x_cont(to, from, ret, "", "", "") - #define __asm_copy_from_user_8x64(to, from, ret) \ asm volatile ( \ " GETL D0Ar2,D1Ar1,[%1++]\n" \ "2: SETL [%0++],D0Ar2,D1Ar1\n" \ "1:\n" \ " .section .fixup,\"ax\"\n" \ - " MOV D1Ar1,#0\n" \ - " MOV D0Ar2,#0\n" \ "3: ADD %2,%2,#8\n" \ - " SETL [%0++],D0Ar2,D1Ar1\n" \ " MOVT D0Ar2,#HI(1b)\n" \ " JUMP D0Ar2,#LO(1b)\n" \ " .previous\n" \ @@ -789,36 +711,57 @@ EXPORT_SYMBOL(__copy_user); * * Rationale: * A fault occurs while reading from user buffer, which is the - * source. Since the fault is at a single address, we only - * need to rewind by 8 bytes. + * source. * Since we don't write to kernel buffer until we read first, * the kernel buffer is at the right state and needn't be - * corrected. + * corrected, but the source must be rewound to the beginning of + * the block, which is LSM_STEP*8 bytes. + * LSM_STEP is bits 10:8 in TXSTATUS which is already read + * and stored in D0Ar2 + * + * NOTE: If a fault occurs at the last operation in M{G,S}ETL + * LSM_STEP will be 0. ie: we do 4 writes in our case, if + * a fault happens at the 4th write, LSM_STEP will be 0 + * instead of 4. The code copes with that. */ #define __asm_copy_from_user_64bit_rapf_loop(to, from, ret, n, id) \ __asm_copy_user_64bit_rapf_loop(to, from, ret, n, id, \ - "SUB %1, %1, #8\n") + "LSR D0Ar2, D0Ar2, #5\n" \ + "ANDS D0Ar2, D0Ar2, #0x38\n" \ + "ADDZ D0Ar2, D0Ar2, #32\n" \ + "SUB %1, %1, D0Ar2\n") /* rewind 'from' pointer when a fault occurs * * Rationale: * A fault occurs while reading from user buffer, which is the - * source. Since the fault is at a single address, we only - * need to rewind by 4 bytes. + * source. * Since we don't write to kernel buffer until we read first, * the kernel buffer is at the right state and needn't be - * corrected. + * corrected, but the source must be rewound to the beginning of + * the block, which is LSM_STEP*4 bytes. + * LSM_STEP is bits 10:8 in TXSTATUS which is already read + * and stored in D0Ar2 + * + * NOTE: If a fault occurs at the last operation in M{G,S}ETL + * LSM_STEP will be 0. ie: we do 4 writes in our case, if + * a fault happens at the 4th write, LSM_STEP will be 0 + * instead of 4. The code copes with that. */ #define __asm_copy_from_user_32bit_rapf_loop(to, from, ret, n, id) \ __asm_copy_user_32bit_rapf_loop(to, from, ret, n, id, \ - "SUB %1, %1, #4\n") + "LSR D0Ar2, D0Ar2, #6\n" \ + "ANDS D0Ar2, D0Ar2, #0x1c\n" \ + "ADDZ D0Ar2, D0Ar2, #16\n" \ + "SUB %1, %1, D0Ar2\n") -/* Copy from user to kernel, zeroing the bytes that were inaccessible in - userland. The return-value is the number of bytes that were - inaccessible. */ -unsigned long __copy_user_zeroing(void *pdst, const void __user *psrc, - unsigned long n) +/* + * Copy from user to kernel. The return-value is the number of bytes that were + * inaccessible.
_______________________________________________ unionfs-cvs mailing list: http://unionfs.filesystems.org/ [email protected] http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs-cvs
