diff -u linux-5.4.0/Makefile linux-5.4.0/Makefile --- linux-5.4.0/Makefile +++ linux-5.4.0/Makefile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 VERSION = 5 PATCHLEVEL = 4 -SUBLEVEL = 269 +SUBLEVEL = 271 EXTRAVERSION = NAME = Kleptomaniac Octopus diff -u linux-5.4.0/arch/arm64/boot/dts/qcom/msm8916.dtsi linux-5.4.0/arch/arm64/boot/dts/qcom/msm8916.dtsi --- linux-5.4.0/arch/arm64/boot/dts/qcom/msm8916.dtsi +++ linux-5.4.0/arch/arm64/boot/dts/qcom/msm8916.dtsi @@ -1097,8 +1097,8 @@ vddmx-supply = <&pm8916_l3>; vddpx-supply = <&pm8916_l7>; - qcom,state = <&wcnss_smp2p_out 0>; - qcom,state-names = "stop"; + qcom,smem-states = <&wcnss_smp2p_out 0>; + qcom,smem-state-names = "stop"; pinctrl-names = "default"; pinctrl-0 = <&wcnss_pin_a>; diff -u linux-5.4.0/arch/powerpc/mm/kasan/kasan_init_32.c linux-5.4.0/arch/powerpc/mm/kasan/kasan_init_32.c --- linux-5.4.0/arch/powerpc/mm/kasan/kasan_init_32.c +++ linux-5.4.0/arch/powerpc/mm/kasan/kasan_init_32.c @@ -90,8 +90,10 @@ if (ret) return ret; - if (!slab_is_available()) + if (!slab_is_available()) { + k_start = k_start & PAGE_MASK; block = memblock_alloc(k_end - k_start, PAGE_SIZE); + } for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { pmd_t *pmd = pmd_offset(pud_offset(pgd_offset_k(k_cur), k_cur), k_cur); diff -u linux-5.4.0/arch/s390/pci/pci.c linux-5.4.0/arch/s390/pci/pci.c --- linux-5.4.0/arch/s390/pci/pci.c +++ linux-5.4.0/arch/s390/pci/pci.c @@ -222,7 +222,7 @@ /* combine single writes by using store-block insn */ void __iowrite64_copy(void __iomem *to, const void *from, size_t count) { - zpci_memcpy_toio(to, from, count); + zpci_memcpy_toio(to, from, count * 8); } void __iomem *ioremap(unsigned long ioaddr, unsigned long size) diff -u linux-5.4.0/arch/x86/kernel/alternative.c linux-5.4.0/arch/x86/kernel/alternative.c --- linux-5.4.0/arch/x86/kernel/alternative.c +++ linux-5.4.0/arch/x86/kernel/alternative.c @@ -374,6 +374,17 @@ u8 insn_buff[MAX_PATCH_LEN]; DPRINTK("alt table %px, -> %px", start, end); + + /* + * In the case CONFIG_X86_5LEVEL=y, KASAN_SHADOW_START is defined using + * cpu_feature_enabled(X86_FEATURE_LA57) and is therefore patched here. + * During the process, KASAN becomes confused seeing partial LA57 + * conversion and triggers a false-positive out-of-bound report. + * + * Disable KASAN until the patching is complete. + */ + kasan_disable_current(); + /* * The scan order should be from start to end. A later scanned * alternative code can overwrite previously scanned alternative code. @@ -434,6 +445,8 @@ text_poke_early(instr, insn_buff, insn_buff_sz); } + + kasan_enable_current(); } #ifdef CONFIG_SMP diff -u linux-5.4.0/arch/x86/kernel/cpu/intel.c linux-5.4.0/arch/x86/kernel/cpu/intel.c --- linux-5.4.0/arch/x86/kernel/cpu/intel.c +++ linux-5.4.0/arch/x86/kernel/cpu/intel.c @@ -187,6 +187,90 @@ return false; } +#define MSR_IA32_TME_ACTIVATE 0x982 + +/* Helpers to access TME_ACTIVATE MSR */ +#define TME_ACTIVATE_LOCKED(x) (x & 0x1) +#define TME_ACTIVATE_ENABLED(x) (x & 0x2) + +#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ +#define TME_ACTIVATE_POLICY_AES_XTS_128 0 + +#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ + +#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ +#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 + +/* Values for mktme_status (SW only construct) */ +#define MKTME_ENABLED 0 +#define MKTME_DISABLED 1 +#define MKTME_UNINITIALIZED 2 +static int mktme_status = MKTME_UNINITIALIZED; + +static void detect_tme_early(struct cpuinfo_x86 *c) +{ + u64 tme_activate, tme_policy, tme_crypto_algs; + int keyid_bits = 0, nr_keyids = 0; + static u64 tme_activate_cpu0 = 0; + + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); + + if (mktme_status != MKTME_UNINITIALIZED) { + if (tme_activate != tme_activate_cpu0) { + /* Broken BIOS? */ + pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); + pr_err_once("x86/tme: MKTME is not usable\n"); + mktme_status = MKTME_DISABLED; + + /* Proceed. We may need to exclude bits from x86_phys_bits. */ + } + } else { + tme_activate_cpu0 = tme_activate; + } + + if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { + pr_info_once("x86/tme: not enabled by BIOS\n"); + mktme_status = MKTME_DISABLED; + return; + } + + if (mktme_status != MKTME_UNINITIALIZED) + goto detect_keyid_bits; + + pr_info("x86/tme: enabled by BIOS\n"); + + tme_policy = TME_ACTIVATE_POLICY(tme_activate); + if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) + pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); + + tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); + if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { + pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", + tme_crypto_algs); + mktme_status = MKTME_DISABLED; + } +detect_keyid_bits: + keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); + nr_keyids = (1UL << keyid_bits) - 1; + if (nr_keyids) { + pr_info_once("x86/mktme: enabled by BIOS\n"); + pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); + } else { + pr_info_once("x86/mktme: disabled by BIOS\n"); + } + + if (mktme_status == MKTME_UNINITIALIZED) { + /* MKTME is usable */ + mktme_status = MKTME_ENABLED; + } + + /* + * KeyID bits effectively lower the number of physical address + * bits. Update cpuinfo_x86::x86_phys_bits accordingly. + */ + c->x86_phys_bits -= keyid_bits; +} + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -339,6 +423,13 @@ */ if (detect_extended_topology_early(c) < 0) detect_ht_early(c); + + /* + * Adjust the number of physical bits early because it affects the + * valid bits of the MTRR mask registers. + */ + if (cpu_has(c, X86_FEATURE_TME)) + detect_tme_early(c); } #ifdef CONFIG_X86_32 @@ -540,90 +631,6 @@ } } -#define MSR_IA32_TME_ACTIVATE 0x982 - -/* Helpers to access TME_ACTIVATE MSR */ -#define TME_ACTIVATE_LOCKED(x) (x & 0x1) -#define TME_ACTIVATE_ENABLED(x) (x & 0x2) - -#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ -#define TME_ACTIVATE_POLICY_AES_XTS_128 0 - -#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ - -#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ -#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 - -/* Values for mktme_status (SW only construct) */ -#define MKTME_ENABLED 0 -#define MKTME_DISABLED 1 -#define MKTME_UNINITIALIZED 2 -static int mktme_status = MKTME_UNINITIALIZED; - -static void detect_tme(struct cpuinfo_x86 *c) -{ - u64 tme_activate, tme_policy, tme_crypto_algs; - int keyid_bits = 0, nr_keyids = 0; - static u64 tme_activate_cpu0 = 0; - - rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); - - if (mktme_status != MKTME_UNINITIALIZED) { - if (tme_activate != tme_activate_cpu0) { - /* Broken BIOS? */ - pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); - pr_err_once("x86/tme: MKTME is not usable\n"); - mktme_status = MKTME_DISABLED; - - /* Proceed. We may need to exclude bits from x86_phys_bits. */ - } - } else { - tme_activate_cpu0 = tme_activate; - } - - if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { - pr_info_once("x86/tme: not enabled by BIOS\n"); - mktme_status = MKTME_DISABLED; - return; - } - - if (mktme_status != MKTME_UNINITIALIZED) - goto detect_keyid_bits; - - pr_info("x86/tme: enabled by BIOS\n"); - - tme_policy = TME_ACTIVATE_POLICY(tme_activate); - if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) - pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); - - tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); - if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { - pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", - tme_crypto_algs); - mktme_status = MKTME_DISABLED; - } -detect_keyid_bits: - keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); - nr_keyids = (1UL << keyid_bits) - 1; - if (nr_keyids) { - pr_info_once("x86/mktme: enabled by BIOS\n"); - pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); - } else { - pr_info_once("x86/mktme: disabled by BIOS\n"); - } - - if (mktme_status == MKTME_UNINITIALIZED) { - /* MKTME is usable */ - mktme_status = MKTME_ENABLED; - } - - /* - * KeyID bits effectively lower the number of physical address - * bits. Update cpuinfo_x86::x86_phys_bits accordingly. - */ - c->x86_phys_bits -= keyid_bits; -} - static void init_cpuid_fault(struct cpuinfo_x86 *c) { u64 msr; @@ -758,9 +765,6 @@ if (cpu_has(c, X86_FEATURE_VMX)) detect_vmx_virtcap(c); - if (cpu_has(c, X86_FEATURE_TME)) - detect_tme(c); - init_intel_misc_features(c); if (tsx_ctrl_state == TSX_CTRL_ENABLE) diff -u linux-5.4.0/debian.master/changelog linux-5.4.0/debian.master/changelog --- linux-5.4.0/debian.master/changelog +++ linux-5.4.0/debian.master/changelog @@ -1,3 +1,168 @@ +linux (5.4.0-186.206) focal; urgency=medium + + * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812) + + * Mount CIFS fails with Permission denied (LP: #2061986) + - cifs: fix ntlmssp auth when there is no key exchange + + * USB stick can't be detected (LP: #2040948) + - usb: Disable USB3 LPM at shutdown + + * CVE-2024-26733 + - net: dev: Convert sa_data to flexible array in struct sockaddr + - arp: Prevent overflow in arp_req_get(). + - stddef: Introduce DECLARE_FLEX_ARRAY() helper + + * CVE-2024-26712 + - powerpc/kasan: Fix addr error caused by page alignment + + * CVE-2023-52530 + - wifi: mac80211: fix potential key use-after-free + + * CVE-2021-47063 + - drm: bridge/panel: Cleanup connector on bridge detach + + * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array- + index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux- + hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times, + especially during boot. (LP: #2058477) + - hv: hyperv.h: Replace one-element array with flexible-array member + + * CVE-2024-26614 + - tcp: make sure init the accept_queue's spinlocks once + - ipv6: init the accept_queue's spinlocks in inet6_create + + * Focal update: v5.4.271 upstream stable release (LP: #2060216) + - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter + - net: ip_tunnel: prevent perpetual headroom growth + - tun: Fix xdp_rxq_info's queue_index when detaching + - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() + - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is + detected + - net: usb: dm9601: fix wrong return value in dm9601_mdio_read + - Bluetooth: Avoid potential use-after-free in hci_error_reset + - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST + - Bluetooth: Enforce validation on max value of connection interval + - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() + - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back + - efi/capsule-loader: fix incorrect allocation size + - power: supply: bq27xxx-i2c: Do not free non existing IRQ + - ALSA: Drop leftover snd-rtctimer stuff from Makefile + - afs: Fix endless loop in directory parsing + - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() + - wifi: nl80211: reject iftype change with mesh ID change + - btrfs: dev-replace: properly validate device names + - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read + - dmaengine: fsl-qdma: init irq after reg initialization + - mmc: core: Fix eMMC initialization with 1-bit bus connection + - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers + - cachefiles: fix memory leak in cachefiles_add_cache() + - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + - gpio: 74x164: Enable output pins after registers are reset + - Linux 5.4.271 + + * Focal update: v5.4.270 upstream stable release (LP: #2060019) + - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() + - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler + - net/sched: Retire CBQ qdisc + - [Config] updateconfigs for NET_SCH_CBQ + - net/sched: Retire ATM qdisc + - [Config] updateconfigs for NET_SCH_ATM + - net/sched: Retire dsmark qdisc + - [Config] updateconfigs for NET_SCH_DSMARK + - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset + - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() + - nilfs2: replace WARN_ONs for invalid DAT metadata block requests + - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb + - sched/rt: Fix sysctl_sched_rr_timeslice intial value + - sched/rt: Disallow writing invalid values to sched_rt_period_us + - scsi: target: core: Add TMF to tmr_list handling + - dmaengine: shdma: increase size of 'dev_id' + - dmaengine: fsl-qdma: increase size of 'irq_name' + - wifi: cfg80211: fix missing interfaces when dumping + - wifi: mac80211: fix race condition on enabling fast-xmit + - fbdev: savage: Error out if pixclock equals zero + - fbdev: sis: Error out if pixclock equals zero + - ahci: asm1166: correct count of reported ports + - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_try_best_found() + - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() + - regulator: pwm-regulator: Add validity checks in continuous .get_voltage + - nvmet-tcp: fix nvme tcp ida memory leak + - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 + - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in + sctp_new + - nvmet-fc: abort command when there is no binding + - hwmon: (coretemp) Enlarge per package core count limit + - scsi: lpfc: Use unsigned type for num_sge + - firewire: core: send bus reset promptly on gap count error + - virtio-blk: Ensure no requests in virtqueues before deleting vqs. + - s390/qeth: Fix potential loss of L3-IP@ in case of network issues + - pmdomain: renesas: r8a77980-sysc: CR7 must be always on + - tcp: factor out __tcp_close() helper + - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit + - tcp: add annotations around sk->sk_shutdown accesses + - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours + - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups + - spi: mt7621: Fix an error message in mt7621_spi_probe() + - net: bridge: clear bridge's private skb space on xmit + - selftests/bpf: Avoid running unprivileged tests with alignment requirements + - Revert "drm/sun4i: dsi: Change the start delay calculation" + - drm/amdgpu: Check for valid number of registers to read + - x86/alternatives: Disable KASAN in apply_alternatives() + - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() + - iomap: Set all uptodate bits for an Uptodate page + - drm/amdgpu: Fix type of second parameter in trans_msg() callback + - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node + - PCI: tegra: Fix reporting GPIO error value + - PCI: tegra: Fix OF node reference leak + - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error + - dm-crypt: don't modify the data when using authenticated encryption + - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() + - PCI/MSI: Prevent MSI hardware interrupt number truncation + - l2tp: pass correct message length to ip6_append_data + - ARM: ep93xx: Add terminator to gpiod_lookup_table + - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() + - usb: cdns3: fix memory double free when handle zero packet + - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs + - usb: roles: don't get/set_role() when usb_role_switch is unregistered + - IB/hfi1: Fix a memleak in init_credit_return + - RDMA/bnxt_re: Return error for SRQ resize + - RDMA/srpt: Make debug output more detailed + - RDMA/srpt: fix function pointer cast warnings + - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions + - bpf, scripts: Correct GPL license name + - scsi: jazz_esp: Only build if SCSI core is builtin + - nouveau: fix function cast warnings + - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid + - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid + - afs: Increase buffer size in afs_update_volume_status() + - ipv6: sr: fix possible use-after-free and null-ptr-deref + - packet: move from strlcpy with unused retval to strscpy + - s390: use the correct count for __iowrite64_copy() + - tls: rx: jump to a more appropriate label + - tls: rx: drop pointless else after goto + - tls: stop recv() if initial process_rx_list gave us non-DATA + - netfilter: nf_tables: set dormant flag on hook register failure + - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 + - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set + - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio + - scripts/bpf: Fix xdp_md forward declaration typo + - Linux 5.4.270 + + * CVE-2023-47233 + - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach + + * CVE-2021-47070 + - uio: uio_hv_generic: use devm_kzalloc() for private data alloc + - uio_hv_generic: Fix another memory leak in error handling paths + + * CVE-2024-26622 + - tomoyo: fix UAF write bug in tomoyo_write_control() + + -- Roxana Nicolescu Fri, 26 Apr 2024 14:01:17 +0200 + linux (5.4.0-181.201) focal; urgency=medium * focal/linux: 5.4.0-181.201 -proposed tracker (LP: #2059549) diff -u linux-5.4.0/debian.master/config/annotations linux-5.4.0/debian.master/config/annotations --- linux-5.4.0/debian.master/config/annotations +++ linux-5.4.0/debian.master/config/annotations @@ -7390,15 +7390,12 @@ CONFIG_NET_RX_BUSY_POLL policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_NET_SB1000 policy<{'amd64': 'm', 'arm64': 'm', 'i386': 'm'}> CONFIG_NET_SCHED policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_NET_SCH_ATM policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm'}> CONFIG_NET_SCH_CAKE policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> -CONFIG_NET_SCH_CBQ policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_CBS policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_CHOKE policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_CODEL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_DEFAULT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}> CONFIG_NET_SCH_DRR policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> -CONFIG_NET_SCH_DSMARK policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_ETF policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> CONFIG_NET_SCH_FIFO policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_NET_SCH_FQ policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'i386': 'm', 'ppc64el': 'm', 's390x': 'm'}> diff -u linux-5.4.0/debian.master/reconstruct linux-5.4.0/debian.master/reconstruct --- linux-5.4.0/debian.master/reconstruct +++ linux-5.4.0/debian.master/reconstruct @@ -114,6 +114,9 @@ rm -f 'net/sched/cls_rsvp.h' rm -f 'net/sched/cls_rsvp6.c' rm -f 'net/sched/cls_tcindex.c' +rm -f 'net/sched/sch_atm.c' +rm -f 'net/sched/sch_cbq.c' +rm -f 'net/sched/sch_dsmark.c' rm -f 'net/xfrm/xfrm_interface.c' rm -f 'tools/build/feature/test-libpython-version.c' exit 0 diff -u linux-5.4.0/debian.master/tracking-bug linux-5.4.0/debian.master/tracking-bug --- linux-5.4.0/debian.master/tracking-bug +++ linux-5.4.0/debian.master/tracking-bug @@ -1 +1 @@ -2059549 2024.04.01-1 +2063812 2024.04.29-1 diff -u linux-5.4.0/debian.master/upstream-stable linux-5.4.0/debian.master/upstream-stable --- linux-5.4.0/debian.master/upstream-stable +++ linux-5.4.0/debian.master/upstream-stable @@ -3 +3 @@ - linux-5.4.y = v5.4.269 + linux-5.4.y = v5.4.271 diff -u linux-5.4.0/debian/changelog linux-5.4.0/debian/changelog --- linux-5.4.0/debian/changelog +++ linux-5.4.0/debian/changelog @@ -1,3 +1,168 @@ +linux (5.4.0-186.206) focal; urgency=medium + + * focal/linux: 5.4.0-186.206 -proposed tracker (LP: #2063812) + + * Mount CIFS fails with Permission denied (LP: #2061986) + - cifs: fix ntlmssp auth when there is no key exchange + + * USB stick can't be detected (LP: #2040948) + - usb: Disable USB3 LPM at shutdown + + * CVE-2024-26733 + - net: dev: Convert sa_data to flexible array in struct sockaddr + - arp: Prevent overflow in arp_req_get(). + - stddef: Introduce DECLARE_FLEX_ARRAY() helper + + * CVE-2024-26712 + - powerpc/kasan: Fix addr error caused by page alignment + + * CVE-2023-52530 + - wifi: mac80211: fix potential key use-after-free + + * CVE-2021-47063 + - drm: bridge/panel: Cleanup connector on bridge detach + + * [Ubuntu 22.04.4/linux-image-6.5.0-26-generic] Kernel output "UBSAN: array- + index-out-of-bounds in /build/linux-hwe-6.5-34pCLi/linux- + hwe-6.5-6.5.0/drivers/net/hyperv/netvsc.c:1445:41" multiple times, + especially during boot. (LP: #2058477) + - hv: hyperv.h: Replace one-element array with flexible-array member + + * CVE-2024-26614 + - tcp: make sure init the accept_queue's spinlocks once + - ipv6: init the accept_queue's spinlocks in inet6_create + + * Focal update: v5.4.271 upstream stable release (LP: #2060216) + - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter + - net: ip_tunnel: prevent perpetual headroom growth + - tun: Fix xdp_rxq_info's queue_index when detaching + - ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() + - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is + detected + - net: usb: dm9601: fix wrong return value in dm9601_mdio_read + - Bluetooth: Avoid potential use-after-free in hci_error_reset + - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST + - Bluetooth: Enforce validation on max value of connection interval + - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() + - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back + - efi/capsule-loader: fix incorrect allocation size + - power: supply: bq27xxx-i2c: Do not free non existing IRQ + - ALSA: Drop leftover snd-rtctimer stuff from Makefile + - afs: Fix endless loop in directory parsing + - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() + - wifi: nl80211: reject iftype change with mesh ID change + - btrfs: dev-replace: properly validate device names + - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read + - dmaengine: fsl-qdma: init irq after reg initialization + - mmc: core: Fix eMMC initialization with 1-bit bus connection + - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers + - cachefiles: fix memory leak in cachefiles_add_cache() + - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super + - gpio: 74x164: Enable output pins after registers are reset + - Linux 5.4.271 + + * Focal update: v5.4.270 upstream stable release (LP: #2060019) + - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() + - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler + - net/sched: Retire CBQ qdisc + - [Config] updateconfigs for NET_SCH_CBQ + - net/sched: Retire ATM qdisc + - [Config] updateconfigs for NET_SCH_ATM + - net/sched: Retire dsmark qdisc + - [Config] updateconfigs for NET_SCH_DSMARK + - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset + - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() + - nilfs2: replace WARN_ONs for invalid DAT metadata block requests + - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb + - sched/rt: Fix sysctl_sched_rr_timeslice intial value + - sched/rt: Disallow writing invalid values to sched_rt_period_us + - scsi: target: core: Add TMF to tmr_list handling + - dmaengine: shdma: increase size of 'dev_id' + - dmaengine: fsl-qdma: increase size of 'irq_name' + - wifi: cfg80211: fix missing interfaces when dumping + - wifi: mac80211: fix race condition on enabling fast-xmit + - fbdev: savage: Error out if pixclock equals zero + - fbdev: sis: Error out if pixclock equals zero + - ahci: asm1166: correct count of reported ports + - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers + - ext4: avoid allocating blocks from corrupted group in + ext4_mb_try_best_found() + - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() + - regulator: pwm-regulator: Add validity checks in continuous .get_voltage + - nvmet-tcp: fix nvme tcp ida memory leak + - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 + - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in + sctp_new + - nvmet-fc: abort command when there is no binding + - hwmon: (coretemp) Enlarge per package core count limit + - scsi: lpfc: Use unsigned type for num_sge + - firewire: core: send bus reset promptly on gap count error + - virtio-blk: Ensure no requests in virtqueues before deleting vqs. + - s390/qeth: Fix potential loss of L3-IP@ in case of network issues + - pmdomain: renesas: r8a77980-sysc: CR7 must be always on + - tcp: factor out __tcp_close() helper + - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit + - tcp: add annotations around sk->sk_shutdown accesses + - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours + - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups + - spi: mt7621: Fix an error message in mt7621_spi_probe() + - net: bridge: clear bridge's private skb space on xmit + - selftests/bpf: Avoid running unprivileged tests with alignment requirements + - Revert "drm/sun4i: dsi: Change the start delay calculation" + - drm/amdgpu: Check for valid number of registers to read + - x86/alternatives: Disable KASAN in apply_alternatives() + - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() + - iomap: Set all uptodate bits for an Uptodate page + - drm/amdgpu: Fix type of second parameter in trans_msg() callback + - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node + - PCI: tegra: Fix reporting GPIO error value + - PCI: tegra: Fix OF node reference leak + - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error + - dm-crypt: don't modify the data when using authenticated encryption + - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() + - PCI/MSI: Prevent MSI hardware interrupt number truncation + - l2tp: pass correct message length to ip6_append_data + - ARM: ep93xx: Add terminator to gpiod_lookup_table + - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() + - usb: cdns3: fix memory double free when handle zero packet + - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs + - usb: roles: don't get/set_role() when usb_role_switch is unregistered + - IB/hfi1: Fix a memleak in init_credit_return + - RDMA/bnxt_re: Return error for SRQ resize + - RDMA/srpt: Make debug output more detailed + - RDMA/srpt: fix function pointer cast warnings + - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions + - bpf, scripts: Correct GPL license name + - scsi: jazz_esp: Only build if SCSI core is builtin + - nouveau: fix function cast warnings + - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid + - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid + - afs: Increase buffer size in afs_update_volume_status() + - ipv6: sr: fix possible use-after-free and null-ptr-deref + - packet: move from strlcpy with unused retval to strscpy + - s390: use the correct count for __iowrite64_copy() + - tls: rx: jump to a more appropriate label + - tls: rx: drop pointless else after goto + - tls: stop recv() if initial process_rx_list gave us non-DATA + - netfilter: nf_tables: set dormant flag on hook register failure + - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 + - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set + - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio + - scripts/bpf: Fix xdp_md forward declaration typo + - Linux 5.4.270 + + * CVE-2023-47233 + - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach + + * CVE-2021-47070 + - uio: uio_hv_generic: use devm_kzalloc() for private data alloc + - uio_hv_generic: Fix another memory leak in error handling paths + + * CVE-2024-26622 + - tomoyo: fix UAF write bug in tomoyo_write_control() + + -- Roxana Nicolescu Fri, 26 Apr 2024 14:01:17 +0200 + linux (5.4.0-181.201) focal; urgency=medium * focal/linux: 5.4.0-181.201 -proposed tracker (LP: #2059549) diff -u linux-5.4.0/debian/control linux-5.4.0/debian/control --- linux-5.4.0/debian/control +++ linux-5.4.0/debian/control @@ -80,7 +80,7 @@ you do not want this package. Install the appropriate linux-headers package instead. -Package: linux-headers-5.4.0-181 +Package: linux-headers-5.4.0-186 Build-Profiles: Architecture: all Multi-Arch: foreign @@ -90,7 +90,7 @@ Description: Header files related to Linux kernel version 5.4.0 This package provides kernel header files for version 5.4.0, for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.4.0-181/debian.README.gz for details + /usr/share/doc/linux-headers-5.4.0-186/debian.README.gz for details Package: linux-tools-common Build-Profiles: @@ -106,18 +106,18 @@ version locked tools (such as perf and x86_energy_perf_policy) for version 5.4.0. -Package: linux-tools-5.4.0-181 +Package: linux-tools-5.4.0-186 Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-tools-common -Description: Linux kernel version specific tools for version 5.4.0-181 +Description: Linux kernel version specific tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.4.0-181 on + version 5.4.0-186 on 64 bit x86. - You probably want to install linux-tools-5.4.0-181-. + You probably want to install linux-tools-5.4.0-186-. Package: linux-cloud-tools-common Build-Profiles: @@ -130,17 +130,17 @@ This package provides the architecture independent parts for kernel version locked tools for cloud tools for version 5.4.0. -Package: linux-cloud-tools-5.4.0-181 +Package: linux-cloud-tools-5.4.0-186 Build-Profiles: Architecture: amd64 armhf Section: devel Priority: optional Depends: ${misc:Depends}, ${shlibs:Depends}, linux-cloud-tools-common -Description: Linux kernel version specific cloud tools for version 5.4.0-181 +Description: Linux kernel version specific cloud tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel - version locked tools for cloud tools for version 5.4.0-181 on + version locked tools for cloud tools for version 5.4.0-186 on 64 bit x86. - You probably want to install linux-cloud-tools-5.4.0-181-. + You probably want to install linux-cloud-tools-5.4.0-186-. Package: linux-tools-host Build-Profiles: @@ -182,17 +182,17 @@ contained in each file. -Package: linux-image-unsigned-5.4.0-181-generic +Package: linux-image-unsigned-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional Provides: linux-image, fuse-module, aufs-dkms, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-181-generic +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-186-generic Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | lilo [amd64] | flash-kernel [armhf arm64] | grub-efi-arm64 [arm64] | grub-efi-arm [armhf] | grub-ieee1275 [ppc64el], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-5.4.0-181-generic -Suggests: fdutils, linux-doc | linux-source-5.4.0, linux-tools, linux-headers-5.4.0-181-generic +Conflicts: linux-image-5.4.0-186-generic +Suggests: fdutils, linux-doc | linux-source-5.4.0, linux-tools, linux-headers-5.4.0-186-generic Description: Linux kernel image for version 5.4.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.4.0 on 64 bit x86 SMP. @@ -205,7 +205,7 @@ the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.4.0-181-generic +Package: linux-modules-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel @@ -225,12 +225,12 @@ the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.4.0-181-generic +Package: linux-modules-extra-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-181-generic | linux-image-unsigned-5.4.0-181-generic, crda | wireless-crda +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-186-generic | linux-image-unsigned-5.4.0-186-generic, crda | wireless-crda Description: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP. @@ -247,21 +247,21 @@ the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.4.0-181-generic +Package: linux-headers-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional -Depends: ${misc:Depends}, linux-headers-5.4.0-181, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-headers-5.4.0-186, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.4.0 on 64 bit x86 SMP This package provides kernel header files for version 5.4.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.4.0-181/debian.README.gz for details. + /usr/share/doc/linux-headers-5.4.0-186/debian.README.gz for details. -Package: linux-image-unsigned-5.4.0-181-generic-dbgsym +Package: linux-image-unsigned-5.4.0-186-generic-dbgsym Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel @@ -278,27 +278,27 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.4.0-181-generic +Package: linux-tools-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional -Depends: ${misc:Depends}, linux-tools-5.4.0-181 -Description: Linux kernel version specific tools for version 5.4.0-181 +Depends: ${misc:Depends}, linux-tools-5.4.0-186 +Description: Linux kernel version specific tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.4.0-181 on + version 5.4.0-186 on 64 bit x86. -Package: linux-cloud-tools-5.4.0-181-generic +Package: linux-cloud-tools-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: devel Priority: optional -Depends: ${misc:Depends}, linux-cloud-tools-5.4.0-181 -Description: Linux kernel version specific cloud tools for version 5.4.0-181 +Depends: ${misc:Depends}, linux-cloud-tools-5.4.0-186 +Description: Linux kernel version specific cloud tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.4.0-181 on + version locked tools for cloud for version 5.4.0-186 on 64 bit x86. Package: linux-udebs-generic @@ -312,7 +312,7 @@ for easier version and migration tracking. -Package: linux-buildinfo-5.4.0-181-generic +Package: linux-buildinfo-5.4.0-186-generic Build-Profiles: Architecture: amd64 armhf arm64 ppc64el s390x Section: kernel @@ -325,17 +325,17 @@ . You likely do not want to install this package. -Package: linux-image-unsigned-5.4.0-181-generic-lpae +Package: linux-image-unsigned-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional Provides: linux-image, fuse-module, aufs-dkms, kvm-api-4, redhat-cluster-modules, ivtv-modules, ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-181-generic-lpae +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-186-generic-lpae Recommends: flash-kernel [armhf] | grub-efi-arm [armhf], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-5.4.0-181-generic-lpae -Suggests: fdutils, linux-doc | linux-source-5.4.0, linux-tools, linux-headers-5.4.0-181-generic-lpae +Conflicts: linux-image-5.4.0-186-generic-lpae +Suggests: fdutils, linux-doc | linux-source-5.4.0, linux-tools, linux-headers-5.4.0-186-generic-lpae Description: Linux kernel image for version 5.4.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.4.0 on 64 bit x86 SMP. @@ -348,7 +348,7 @@ the linux-generic-lpae meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.4.0-181-generic-lpae +Package: linux-modules-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: kernel @@ -368,12 +368,12 @@ the linux-generic-lpae meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.4.0-181-generic-lpae +Package: linux-modules-extra-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-181-generic-lpae | linux-image-unsigned-5.4.0-181-generic-lpae, crda | wireless-crda +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-186-generic-lpae | linux-image-unsigned-5.4.0-186-generic-lpae, crda | wireless-crda Description: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP. @@ -390,21 +390,21 @@ the linux-generic-lpae meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.4.0-181-generic-lpae +Package: linux-headers-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: devel Priority: optional -Depends: ${misc:Depends}, linux-headers-5.4.0-181, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-headers-5.4.0-186, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.4.0 on 64 bit x86 SMP This package provides kernel header files for version 5.4.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.4.0-181/debian.README.gz for details. + /usr/share/doc/linux-headers-5.4.0-186/debian.README.gz for details. -Package: linux-image-unsigned-5.4.0-181-generic-lpae-dbgsym +Package: linux-image-unsigned-5.4.0-186-generic-lpae-dbgsym Build-Profiles: Architecture: armhf Section: devel @@ -421,27 +421,27 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.4.0-181-generic-lpae +Package: linux-tools-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: devel Priority: optional -Depends: ${misc:Depends}, linux-tools-5.4.0-181 -Description: Linux kernel version specific tools for version 5.4.0-181 +Depends: ${misc:Depends}, linux-tools-5.4.0-186 +Description: Linux kernel version specific tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.4.0-181 on + version 5.4.0-186 on 64 bit x86. -Package: linux-cloud-tools-5.4.0-181-generic-lpae +Package: linux-cloud-tools-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: devel Priority: optional -Depends: ${misc:Depends}, linux-cloud-tools-5.4.0-181 -Description: Linux kernel version specific cloud tools for version 5.4.0-181 +Depends: ${misc:Depends}, linux-cloud-tools-5.4.0-186 +Description: Linux kernel version specific cloud tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.4.0-181 on + version locked tools for cloud for version 5.4.0-186 on 64 bit x86. Package: linux-udebs-generic-lpae @@ -455,7 +455,7 @@ for easier version and migration tracking. -Package: linux-buildinfo-5.4.0-181-generic-lpae +Package: linux-buildinfo-5.4.0-186-generic-lpae Build-Profiles: Architecture: armhf Section: kernel @@ -468,17 +468,17 @@ . You likely do not want to install this package. -Package: linux-image-unsigned-5.4.0-181-lowlatency +Package: linux-image-unsigned-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: kernel Priority: optional Provides: linux-image, fuse-module, aufs-dkms, kvm-api-4, redhat-cluster-modules, ivtv-modules, virtualbox-guest-modules [amd64], ${linux:rprovides} -Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-181-lowlatency +Depends: ${misc:Depends}, ${shlibs:Depends}, kmod, linux-base (>= 4.5ubuntu1~16.04.1), linux-modules-5.4.0-186-lowlatency Recommends: grub-pc [amd64] | grub-efi-amd64 [amd64] | grub-efi-ia32 [amd64] | grub [amd64] | lilo [amd64] | flash-kernel [armhf arm64] | grub-efi-arm64 [arm64] | grub-efi-arm [armhf], initramfs-tools | linux-initramfs-tool Breaks: flash-kernel (<< 3.90ubuntu2) [arm64 armhf], s390-tools (<< 2.3.0-0ubuntu3) [s390x] -Conflicts: linux-image-5.4.0-181-lowlatency -Suggests: fdutils, linux-doc | linux-source-5.4.0, linux-tools, linux-headers-5.4.0-181-lowlatency +Conflicts: linux-image-5.4.0-186-lowlatency +Suggests: fdutils, linux-doc | linux-source-5.4.0, linux-tools, linux-headers-5.4.0-186-lowlatency Description: Linux kernel image for version 5.4.0 on 64 bit x86 SMP This package contains the unsigned Linux kernel image for version 5.4.0 on 64 bit x86 SMP. @@ -491,7 +491,7 @@ the linux-lowlatency meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-5.4.0-181-lowlatency +Package: linux-modules-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: kernel @@ -511,12 +511,12 @@ the linux-lowlatency meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-modules-extra-5.4.0-181-lowlatency +Package: linux-modules-extra-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: kernel Priority: optional -Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-181-lowlatency | linux-image-unsigned-5.4.0-181-lowlatency, crda | wireless-crda +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-image-5.4.0-186-lowlatency | linux-image-unsigned-5.4.0-186-lowlatency, crda | wireless-crda Description: Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP This package contains the Linux kernel extra modules for version 5.4.0 on 64 bit x86 SMP. @@ -533,21 +533,21 @@ the linux-lowlatency meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. -Package: linux-headers-5.4.0-181-lowlatency +Package: linux-headers-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-headers-5.4.0-181, ${shlibs:Depends} +Depends: ${misc:Depends}, linux-headers-5.4.0-186, ${shlibs:Depends} Provides: linux-headers, linux-headers-3.0 Description: Linux kernel headers for version 5.4.0 on 64 bit x86 SMP This package provides kernel header files for version 5.4.0 on 64 bit x86 SMP. . This is for sites that want the latest kernel headers. Please read - /usr/share/doc/linux-headers-5.4.0-181/debian.README.gz for details. + /usr/share/doc/linux-headers-5.4.0-186/debian.README.gz for details. -Package: linux-image-unsigned-5.4.0-181-lowlatency-dbgsym +Package: linux-image-unsigned-5.4.0-186-lowlatency-dbgsym Build-Profiles: Architecture: amd64 Section: devel @@ -564,27 +564,27 @@ is uncompressed, and unstripped. This package also includes the unstripped modules. -Package: linux-tools-5.4.0-181-lowlatency +Package: linux-tools-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-tools-5.4.0-181 -Description: Linux kernel version specific tools for version 5.4.0-181 +Depends: ${misc:Depends}, linux-tools-5.4.0-186 +Description: Linux kernel version specific tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel version locked tools (such as perf and x86_energy_perf_policy) for - version 5.4.0-181 on + version 5.4.0-186 on 64 bit x86. -Package: linux-cloud-tools-5.4.0-181-lowlatency +Package: linux-cloud-tools-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: devel Priority: optional -Depends: ${misc:Depends}, linux-cloud-tools-5.4.0-181 -Description: Linux kernel version specific cloud tools for version 5.4.0-181 +Depends: ${misc:Depends}, linux-cloud-tools-5.4.0-186 +Description: Linux kernel version specific cloud tools for version 5.4.0-186 This package provides the architecture dependant parts for kernel - version locked tools for cloud for version 5.4.0-181 on + version locked tools for cloud for version 5.4.0-186 on 64 bit x86. Package: linux-udebs-lowlatency @@ -598,7 +598,7 @@ for easier version and migration tracking. -Package: linux-buildinfo-5.4.0-181-lowlatency +Package: linux-buildinfo-5.4.0-186-lowlatency Build-Profiles: Architecture: amd64 Section: kernel diff -u linux-5.4.0/drivers/ata/ahci.c linux-5.4.0/drivers/ata/ahci.c --- linux-5.4.0/drivers/ata/ahci.c +++ linux-5.4.0/drivers/ata/ahci.c @@ -48,6 +48,7 @@ enum board_ids { /* board IDs by feature in alphabetical order */ board_ahci, + board_ahci_43bit_dma, board_ahci_ign_iferr, board_ahci_mobile, board_ahci_nomsi, @@ -126,6 +127,13 @@ .udma_mask = ATA_UDMA6, .port_ops = &ahci_ops, }, + [board_ahci_43bit_dma] = { + AHCI_HFLAGS (AHCI_HFLAG_43BIT_ONLY), + .flags = AHCI_FLAG_COMMON, + .pio_mask = ATA_PIO4, + .udma_mask = ATA_UDMA6, + .port_ops = &ahci_ops, + }, [board_ahci_ign_iferr] = { AHCI_HFLAGS (AHCI_HFLAG_IGN_IRQ_IF_ERR), .flags = AHCI_FLAG_COMMON, @@ -563,11 +571,11 @@ { PCI_VDEVICE(PROMISE, 0x3f20), board_ahci }, /* PDC42819 */ { PCI_VDEVICE(PROMISE, 0x3781), board_ahci }, /* FastTrak TX8660 ahci-mode */ - /* Asmedia */ + /* ASMedia */ { PCI_VDEVICE(ASMEDIA, 0x0601), board_ahci }, /* ASM1060 */ { PCI_VDEVICE(ASMEDIA, 0x0602), board_ahci }, /* ASM1060 */ - { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci }, /* ASM1061 */ - { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ + { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci_43bit_dma }, /* ASM1061 */ + { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci_43bit_dma }, /* ASM1061/1062 */ { PCI_VDEVICE(ASMEDIA, 0x0621), board_ahci }, /* ASM1061R */ { PCI_VDEVICE(ASMEDIA, 0x0622), board_ahci }, /* ASM1062R */ @@ -620,6 +628,11 @@ static void ahci_pci_save_initial_config(struct pci_dev *pdev, struct ahci_host_priv *hpriv) { + if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == 0x1166) { + dev_info(&pdev->dev, "ASM1166 has only six ports\n"); + hpriv->saved_port_map = 0x3f; + } + if (pdev->vendor == PCI_VENDOR_ID_JMICRON && pdev->device == 0x2361) { dev_info(&pdev->dev, "JMB361 has only one port\n"); hpriv->force_port_map = 1; @@ -913,11 +926,20 @@ #endif /* CONFIG_PM */ -static int ahci_configure_dma_masks(struct pci_dev *pdev, int using_dac) +static int ahci_configure_dma_masks(struct pci_dev *pdev, + struct ahci_host_priv *hpriv) { - const int dma_bits = using_dac ? 64 : 32; + int dma_bits; int rc; + if (hpriv->cap & HOST_CAP_64) { + dma_bits = 64; + if (hpriv->flags & AHCI_HFLAG_43BIT_ONLY) + dma_bits = 43; + } else { + dma_bits = 32; + } + /* * If the device fixup already set the dma_mask to some non-standard * value, don't extend it here. This happens on STA2X11, for example. @@ -1894,7 +1916,7 @@ ahci_gtf_filter_workaround(host); /* initialize adapter */ - rc = ahci_configure_dma_masks(pdev, hpriv->cap & HOST_CAP_64); + rc = ahci_configure_dma_masks(pdev, hpriv); if (rc) return rc; diff -u linux-5.4.0/drivers/ata/ahci.h linux-5.4.0/drivers/ata/ahci.h --- linux-5.4.0/drivers/ata/ahci.h +++ linux-5.4.0/drivers/ata/ahci.h @@ -244,6 +244,7 @@ AHCI_HFLAG_IGN_NOTSUPP_POWER_ON = BIT(27), /* ignore -EOPNOTSUPP from phy_power_on() */ AHCI_HFLAG_NO_SXS = BIT(28), /* SXS not supported */ + AHCI_HFLAG_43BIT_ONLY = BIT(29), /* 43bit DMA addr limit */ /* ap->flags bits */ diff -u linux-5.4.0/drivers/block/virtio_blk.c linux-5.4.0/drivers/block/virtio_blk.c --- linux-5.4.0/drivers/block/virtio_blk.c +++ linux-5.4.0/drivers/block/virtio_blk.c @@ -1064,14 +1064,15 @@ { struct virtio_blk *vblk = vdev->priv; + /* Ensure no requests in virtqueues before deleting vqs. */ + blk_mq_freeze_queue(vblk->disk->queue); + /* Ensure we don't receive any more interrupts */ vdev->config->reset(vdev); /* Make sure no work handler is accessing the device. */ flush_work(&vblk->config_work); - blk_mq_quiesce_queue(vblk->disk->queue); - vdev->config->del_vqs(vdev); kfree(vblk->vqs); @@ -1089,7 +1090,7 @@ virtio_device_ready(vdev); - blk_mq_unquiesce_queue(vblk->disk->queue); + blk_mq_unfreeze_queue(vblk->disk->queue); return 0; } #endif diff -u linux-5.4.0/drivers/dma/fsl-qdma.c linux-5.4.0/drivers/dma/fsl-qdma.c --- linux-5.4.0/drivers/dma/fsl-qdma.c +++ linux-5.4.0/drivers/dma/fsl-qdma.c @@ -109,6 +109,7 @@ #define FSL_QDMA_CMD_WTHROTL_OFFSET 20 #define FSL_QDMA_CMD_DSEN_OFFSET 19 #define FSL_QDMA_CMD_LWC_OFFSET 16 +#define FSL_QDMA_CMD_PF BIT(17) /* Field definition for Descriptor offset */ #define QDMA_CCDF_STATUS 20 @@ -372,7 +373,8 @@ qdma_csgf_set_f(csgf_dest, len); /* Descriptor Buffer */ cmd = cpu_to_le32(FSL_QDMA_CMD_RWTTYPE << - FSL_QDMA_CMD_RWTTYPE_OFFSET); + FSL_QDMA_CMD_RWTTYPE_OFFSET) | + FSL_QDMA_CMD_PF; sdf->data = QDMA_SDDF_CMD(cmd); cmd = cpu_to_le32(FSL_QDMA_CMD_RWTTYPE << @@ -754,7 +756,7 @@ int i; int cpu; int ret; - char irq_name[20]; + char irq_name[32]; fsl_qdma->error_irq = platform_get_irq_byname(pdev, "qdma-error"); @@ -1150,10 +1152,6 @@ if (!fsl_qdma->queue) return -ENOMEM; - ret = fsl_qdma_irq_init(pdev, fsl_qdma); - if (ret) - return ret; - fsl_qdma->irq_base = platform_get_irq_byname(pdev, "qdma-queue0"); if (fsl_qdma->irq_base < 0) return fsl_qdma->irq_base; @@ -1192,16 +1190,19 @@ platform_set_drvdata(pdev, fsl_qdma); - ret = dma_async_device_register(&fsl_qdma->dma_dev); + ret = fsl_qdma_reg_init(fsl_qdma); if (ret) { - dev_err(&pdev->dev, - "Can't register NXP Layerscape qDMA engine.\n"); + dev_err(&pdev->dev, "Can't Initialize the qDMA engine.\n"); return ret; } - ret = fsl_qdma_reg_init(fsl_qdma); + ret = fsl_qdma_irq_init(pdev, fsl_qdma); + if (ret) + return ret; + + ret = dma_async_device_register(&fsl_qdma->dma_dev); if (ret) { - dev_err(&pdev->dev, "Can't Initialize the qDMA engine.\n"); + dev_err(&pdev->dev, "Can't register NXP Layerscape qDMA engine.\n"); return ret; } diff -u linux-5.4.0/drivers/firewire/core-card.c linux-5.4.0/drivers/firewire/core-card.c --- linux-5.4.0/drivers/firewire/core-card.c +++ linux-5.4.0/drivers/firewire/core-card.c @@ -429,7 +429,23 @@ */ card->bm_generation = generation; - if (root_device == NULL) { + if (card->gap_count == 0) { + /* + * If self IDs have inconsistent gap counts, do a + * bus reset ASAP. The config rom read might never + * complete, so don't wait for it. However, still + * send a PHY configuration packet prior to the + * bus reset. The PHY configuration packet might + * fail, but 1394-2008 8.4.5.2 explicitly permits + * it in this case, so it should be safe to try. + */ + new_root_id = local_id; + /* + * We must always send a bus reset if the gap count + * is inconsistent, so bypass the 5-reset limit. + */ + card->bm_retries = 0; + } else if (root_device == NULL) { /* * Either link_on is false, or we failed to read the * config rom. In either case, pick another root. diff -u linux-5.4.0/drivers/firmware/efi/capsule-loader.c linux-5.4.0/drivers/firmware/efi/capsule-loader.c --- linux-5.4.0/drivers/firmware/efi/capsule-loader.c +++ linux-5.4.0/drivers/firmware/efi/capsule-loader.c @@ -291,7 +291,7 @@ return -ENOMEM; } - cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); + cap_info->phys = kzalloc(sizeof(phys_addr_t), GFP_KERNEL); if (!cap_info->phys) { kfree(cap_info->pages); kfree(cap_info); diff -u linux-5.4.0/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c linux-5.4.0/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c --- linux-5.4.0/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c +++ linux-5.4.0/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c @@ -651,0 +652,3 @@ + + if (info->read_mmr_reg.count > 128) + return -EINVAL; diff -u linux-5.4.0/drivers/gpu/drm/drm_syncobj.c linux-5.4.0/drivers/gpu/drm/drm_syncobj.c --- linux-5.4.0/drivers/gpu/drm/drm_syncobj.c +++ linux-5.4.0/drivers/gpu/drm/drm_syncobj.c @@ -325,6 +325,15 @@ if (!syncobj) return -ENOENT; + /* Waiting for userspace with locks help is illegal cause that can + * trivial deadlock with page faults for example. Make lockdep complain + * about it early on. + */ + if (flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) { + might_sleep(); + lockdep_assert_none_held_once(); + } + *fence = drm_syncobj_fence_get(syncobj); if (*fence) { @@ -889,6 +898,10 @@ uint64_t *points; uint32_t signaled_count, i; + if (flags & (DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT | + DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE)) + lockdep_assert_none_held_once(); + points = kmalloc_array(count, sizeof(*points), GFP_KERNEL); if (points == NULL) return -ENOMEM; @@ -955,7 +968,8 @@ * fallthough and try a 0 timeout wait! */ - if (flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT) { + if (flags & (DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT | + DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE)) { for (i = 0; i < count; ++i) drm_syncobj_fence_add_wait(syncobjs[i], &entries[i]); } diff -u linux-5.4.0/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c linux-5.4.0/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c --- linux-5.4.0/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c +++ linux-5.4.0/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadow.c @@ -154,11 +154,17 @@ return (void *)fw; } +static void +shadow_fw_release(void *fw) +{ + release_firmware(fw); +} + static const struct nvbios_source shadow_fw = { .name = "firmware", .init = shadow_fw_init, - .fini = (void(*)(void *))release_firmware, + .fini = shadow_fw_release, .read = shadow_fw_read, .rw = false, }; diff -u linux-5.4.0/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c linux-5.4.0/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c --- linux-5.4.0/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c +++ linux-5.4.0/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c @@ -365,8 +365,7 @@ static u16 sun6i_dsi_get_video_start_delay(struct sun6i_dsi *dsi, struct drm_display_mode *mode) { - u16 start = clamp(mode->vtotal - mode->vdisplay - 10, 8, 100); - u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + start; + u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + 1; if (delay > mode->vtotal) delay = delay % mode->vtotal; diff -u linux-5.4.0/drivers/hwmon/coretemp.c linux-5.4.0/drivers/hwmon/coretemp.c --- linux-5.4.0/drivers/hwmon/coretemp.c +++ linux-5.4.0/drivers/hwmon/coretemp.c @@ -40,7 +40,7 @@ #define PKG_SYSFS_ATTR_NO 1 /* Sysfs attribute for package temp */ #define BASE_SYSFS_ATTR_NO 2 /* Sysfs Base attr no for coretemp */ -#define NUM_REAL_CORES 128 /* Number of Real cores per cpu */ +#define NUM_REAL_CORES 512 /* Number of Real cores per cpu */ #define CORETEMP_NAME_LENGTH 28 /* String Length of attrs */ #define MAX_CORE_ATTRS 4 /* Maximum no of basic attrs */ #define TOTAL_ATTRS (MAX_CORE_ATTRS + 1) diff -u linux-5.4.0/drivers/infiniband/hw/bnxt_re/ib_verbs.c linux-5.4.0/drivers/infiniband/hw/bnxt_re/ib_verbs.c --- linux-5.4.0/drivers/infiniband/hw/bnxt_re/ib_verbs.c +++ linux-5.4.0/drivers/infiniband/hw/bnxt_re/ib_verbs.c @@ -1625,7 +1625,7 @@ switch (srq_attr_mask) { case IB_SRQ_MAX_WR: /* SRQ resize is not supported */ - break; + return -EINVAL; case IB_SRQ_LIMIT: /* Change the SRQ threshold */ if (srq_attr->srq_limit > srq->qplib_srq.max_wqe) @@ -1640,13 +1640,12 @@ /* On success, update the shadow */ srq->srq_limit = srq_attr->srq_limit; /* No need to Build and send response back to udata */ - break; + return 0; default: dev_err(rdev_to_dev(rdev), "Unsupported srq_attr_mask 0x%x", srq_attr_mask); return -EINVAL; } - return 0; } int bnxt_re_query_srq(struct ib_srq *ib_srq, struct ib_srq_attr *srq_attr) diff -u linux-5.4.0/drivers/infiniband/hw/hfi1/pio.c linux-5.4.0/drivers/infiniband/hw/hfi1/pio.c --- linux-5.4.0/drivers/infiniband/hw/hfi1/pio.c +++ linux-5.4.0/drivers/infiniband/hw/hfi1/pio.c @@ -2131,7 +2131,7 @@ "Unable to allocate credit return DMA range for NUMA %d\n", i); ret = -ENOMEM; - goto done; + goto free_cr_base; } } set_dev_node(&dd->pcidev->dev, dd->node); @@ -2139,6 +2139,10 @@ ret = 0; done: return ret; + +free_cr_base: + free_credit_return(dd); + goto done; } void free_credit_return(struct hfi1_devdata *dd) diff -u linux-5.4.0/drivers/infiniband/hw/hfi1/sdma.c linux-5.4.0/drivers/infiniband/hw/hfi1/sdma.c --- linux-5.4.0/drivers/infiniband/hw/hfi1/sdma.c +++ linux-5.4.0/drivers/infiniband/hw/hfi1/sdma.c @@ -3203,7 +3203,7 @@ { int rval = 0; - if ((unlikely(tx->num_desc + 1 == tx->desc_limit))) { + if ((unlikely(tx->num_desc == tx->desc_limit))) { rval = _extend_sdma_tx_descs(dd, tx); if (rval) { __sdma_txclean(dd, tx); diff -u linux-5.4.0/drivers/infiniband/ulp/srpt/ib_srpt.c linux-5.4.0/drivers/infiniband/ulp/srpt/ib_srpt.c --- linux-5.4.0/drivers/infiniband/ulp/srpt/ib_srpt.c +++ linux-5.4.0/drivers/infiniband/ulp/srpt/ib_srpt.c @@ -213,12 +213,15 @@ /** * srpt_qp_event - QP event callback function * @event: Description of the event that occurred. - * @ch: SRPT RDMA channel. + * @ptr: SRPT RDMA channel. */ -static void srpt_qp_event(struct ib_event *event, struct srpt_rdma_ch *ch) +static void srpt_qp_event(struct ib_event *event, void *ptr) { - pr_debug("QP event %d on ch=%p sess_name=%s state=%d\n", - event->event, ch, ch->sess_name, ch->state); + struct srpt_rdma_ch *ch = ptr; + + pr_debug("QP event %d on ch=%p sess_name=%s-%d state=%s\n", + event->event, ch, ch->sess_name, ch->qp->qp_num, + get_ch_state_name(ch->state)); switch (event->event) { case IB_EVENT_COMM_EST: @@ -1801,8 +1804,7 @@ } qp_init->qp_context = (void *)ch; - qp_init->event_handler - = (void(*)(struct ib_event *, void*))srpt_qp_event; + qp_init->event_handler = srpt_qp_event; qp_init->send_cq = ch->cq; qp_init->recv_cq = ch->cq; qp_init->sq_sig_type = IB_SIGNAL_REQ_WR; @@ -2005,8 +2007,8 @@ list_for_each_entry(nexus, &sport->nexus_list, entry) { list_for_each_entry(ch, &nexus->ch_list, list) { if (srpt_disconnect_ch(ch) >= 0) - pr_info("Closing channel %s because target %s_%d has been disabled\n", - ch->sess_name, + pr_info("Closing channel %s-%d because target %s_%d has been disabled\n", + ch->sess_name, ch->qp->qp_num, dev_name(&sport->sdev->device->dev), sport->port); srpt_close_ch(ch); diff -u linux-5.4.0/drivers/md/dm-crypt.c linux-5.4.0/drivers/md/dm-crypt.c --- linux-5.4.0/drivers/md/dm-crypt.c +++ linux-5.4.0/drivers/md/dm-crypt.c @@ -1627,6 +1627,12 @@ io->ctx.bio_out = clone; io->ctx.iter_out = clone->bi_iter; + if (crypt_integrity_aead(cc)) { + bio_copy_data(clone, io->base_bio); + io->ctx.bio_in = clone; + io->ctx.iter_in = clone->bi_iter; + } + sector += bio_sectors(clone); crypt_inc_pending(io); diff -u linux-5.4.0/drivers/md/dm-integrity.c linux-5.4.0/drivers/md/dm-integrity.c --- linux-5.4.0/drivers/md/dm-integrity.c +++ linux-5.4.0/drivers/md/dm-integrity.c @@ -1582,11 +1582,12 @@ } __bio_for_each_segment(bv, bio, iter, dio->bio_details.bi_iter) { + struct bio_vec bv_copy = bv; unsigned pos; char *mem, *checksums_ptr; again: - mem = (char *)kmap_atomic(bv.bv_page) + bv.bv_offset; + mem = (char *)kmap_atomic(bv_copy.bv_page) + bv_copy.bv_offset; pos = 0; checksums_ptr = checksums; do { @@ -1595,7 +1596,7 @@ sectors_to_process -= ic->sectors_per_block; pos += ic->sectors_per_block << SECTOR_SHIFT; sector += ic->sectors_per_block; - } while (pos < bv.bv_len && sectors_to_process && checksums != checksums_onstack); + } while (pos < bv_copy.bv_len && sectors_to_process && checksums != checksums_onstack); kunmap_atomic(mem); r = dm_integrity_rw_tag(ic, checksums, &dio->metadata_block, &dio->metadata_offset, @@ -1615,9 +1616,9 @@ if (!sectors_to_process) break; - if (unlikely(pos < bv.bv_len)) { - bv.bv_offset += pos; - bv.bv_len -= pos; + if (unlikely(pos < bv_copy.bv_len)) { + bv_copy.bv_offset += pos; + bv_copy.bv_len -= pos; goto again; } } diff -u linux-5.4.0/drivers/mmc/core/mmc.c linux-5.4.0/drivers/mmc/core/mmc.c --- linux-5.4.0/drivers/mmc/core/mmc.c +++ linux-5.4.0/drivers/mmc/core/mmc.c @@ -991,10 +991,12 @@ static unsigned ext_csd_bits[] = { EXT_CSD_BUS_WIDTH_8, EXT_CSD_BUS_WIDTH_4, + EXT_CSD_BUS_WIDTH_1, }; static unsigned bus_widths[] = { MMC_BUS_WIDTH_8, MMC_BUS_WIDTH_4, + MMC_BUS_WIDTH_1, }; struct mmc_host *host = card->host; unsigned idx, bus_width = 0; diff -u linux-5.4.0/drivers/net/gtp.c linux-5.4.0/drivers/net/gtp.c --- linux-5.4.0/drivers/net/gtp.c +++ linux-5.4.0/drivers/net/gtp.c @@ -1377,26 +1377,26 @@ get_random_bytes(>p_h_initval, sizeof(gtp_h_initval)); - err = rtnl_link_register(>p_link_ops); + err = register_pernet_subsys(>p_net_ops); if (err < 0) goto error_out; - err = genl_register_family(>p_genl_family); + err = rtnl_link_register(>p_link_ops); if (err < 0) - goto unreg_rtnl_link; + goto unreg_pernet_subsys; - err = register_pernet_subsys(>p_net_ops); + err = genl_register_family(>p_genl_family); if (err < 0) - goto unreg_genl_family; + goto unreg_rtnl_link; pr_info("GTP module loaded (pdp ctx size %zd bytes)\n", sizeof(struct pdp_ctx)); return 0; -unreg_genl_family: - genl_unregister_family(>p_genl_family); unreg_rtnl_link: rtnl_link_unregister(>p_link_ops); +unreg_pernet_subsys: + unregister_pernet_subsys(>p_net_ops); error_out: pr_err("error loading GTP module loaded\n"); return err; diff -u linux-5.4.0/drivers/net/tun.c linux-5.4.0/drivers/net/tun.c --- linux-5.4.0/drivers/net/tun.c +++ linux-5.4.0/drivers/net/tun.c @@ -715,6 +715,7 @@ tun->tfiles[tun->numqueues - 1]); ntfile = rtnl_dereference(tun->tfiles[index]); ntfile->queue_index = index; + ntfile->xdp_rxq.queue_index = index; rcu_assign_pointer(tun->tfiles[tun->numqueues - 1], NULL); diff -u linux-5.4.0/drivers/net/usb/dm9601.c linux-5.4.0/drivers/net/usb/dm9601.c --- linux-5.4.0/drivers/net/usb/dm9601.c +++ linux-5.4.0/drivers/net/usb/dm9601.c @@ -231,7 +231,7 @@ err = dm_read_shared_word(dev, 1, loc, &res); if (err < 0) { netdev_err(dev->net, "MDIO read error: %d\n", err); - return err; + return 0; } netdev_dbg(dev->net, diff -u linux-5.4.0/drivers/net/usb/lan78xx.c linux-5.4.0/drivers/net/usb/lan78xx.c --- linux-5.4.0/drivers/net/usb/lan78xx.c +++ linux-5.4.0/drivers/net/usb/lan78xx.c @@ -2535,7 +2535,8 @@ if (dev->chipid == ID_REV_CHIP_ID_7801_) buf &= ~MAC_CR_GMII_EN_; - if (dev->chipid == ID_REV_CHIP_ID_7800_) { + if (dev->chipid == ID_REV_CHIP_ID_7800_ || + dev->chipid == ID_REV_CHIP_ID_7850_) { ret = lan78xx_read_raw_eeprom(dev, 0, 1, &sig); if (!ret && sig != EEPROM_INDICATOR) { /* Implies there is no external eeprom. Set mac speed */ diff -u linux-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c linux-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c --- linux-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ linux-5.4.0/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -710,8 +710,7 @@ scan_request = cfg->scan_request; cfg->scan_request = NULL; - if (timer_pending(&cfg->escan_timeout)) - del_timer_sync(&cfg->escan_timeout); + del_timer_sync(&cfg->escan_timeout); if (fw_abort) { /* Do a scan abort to stop the driver's scan engine */ @@ -7240,6 +7239,7 @@ brcmf_btcoex_detach(cfg); wiphy_unregister(cfg->wiphy); wl_deinit_priv(cfg); + cancel_work_sync(&cfg->escan_timeout_work); brcmf_free_wiphy(cfg->wiphy); kfree(cfg); } diff -u linux-5.4.0/drivers/nvme/target/fc.c linux-5.4.0/drivers/nvme/target/fc.c --- linux-5.4.0/drivers/nvme/target/fc.c +++ linux-5.4.0/drivers/nvme/target/fc.c @@ -796,6 +796,9 @@ int idx; bool needrandom = true; + if (!tgtport->pe) + return NULL; + assoc = kzalloc(sizeof(*assoc), GFP_KERNEL); if (!assoc) return NULL; @@ -2183,8 +2186,9 @@ fod->req.cmd = &fod->cmdiubuf.sqe; fod->req.cqe = &fod->rspiubuf.cqe; - if (tgtport->pe) - fod->req.port = tgtport->pe->port; + if (!tgtport->pe) + goto transport_error; + fod->req.port = tgtport->pe->port; /* clear any response payload */ memset(&fod->rspiubuf, 0, sizeof(fod->rspiubuf)); diff -u linux-5.4.0/drivers/nvme/target/tcp.c linux-5.4.0/drivers/nvme/target/tcp.c --- linux-5.4.0/drivers/nvme/target/tcp.c +++ linux-5.4.0/drivers/nvme/target/tcp.c @@ -1817,6 +1817,7 @@ flush_scheduled_work(); destroy_workqueue(nvmet_tcp_wq); + ida_destroy(&nvmet_tcp_queue_ida); } module_init(nvmet_tcp_init); diff -u linux-5.4.0/drivers/pci/controller/pci-tegra.c linux-5.4.0/drivers/pci/controller/pci-tegra.c --- linux-5.4.0/drivers/pci/controller/pci-tegra.c +++ linux-5.4.0/drivers/pci/controller/pci-tegra.c @@ -2267,13 +2267,15 @@ rp->np = port; rp->base = devm_pci_remap_cfg_resource(dev, &rp->regs); - if (IS_ERR(rp->base)) - return PTR_ERR(rp->base); + if (IS_ERR(rp->base)) { + err = PTR_ERR(rp->base); + goto err_node_put; + } label = devm_kasprintf(dev, GFP_KERNEL, "pex-reset-%u", index); if (!label) { - dev_err(dev, "failed to create reset GPIO label\n"); - return -ENOMEM; + err = -ENOMEM; + goto err_node_put; } /* @@ -2289,9 +2291,10 @@ if (PTR_ERR(rp->reset_gpio) == -ENOENT) { rp->reset_gpio = NULL; } else { - dev_err(dev, "failed to get reset GPIO: %d\n", - err); - return PTR_ERR(rp->reset_gpio); + dev_err(dev, "failed to get reset GPIO: %ld\n", + PTR_ERR(rp->reset_gpio)); + err = PTR_ERR(rp->reset_gpio); + goto err_node_put; } } diff -u linux-5.4.0/drivers/pci/msi.c linux-5.4.0/drivers/pci/msi.c --- linux-5.4.0/drivers/pci/msi.c +++ linux-5.4.0/drivers/pci/msi.c @@ -1421,7 +1421,7 @@ { return (irq_hw_number_t)desc->msi_attrib.entry_nr | pci_dev_id(dev) << 11 | - (pci_domain_nr(dev->bus) & 0xFFFFFFFF) << 27; + ((irq_hw_number_t)(pci_domain_nr(dev->bus) & 0xFFFFFFFF)) << 27; } static inline bool pci_msi_desc_is_multi_msi(struct msi_desc *desc) diff -u linux-5.4.0/drivers/pinctrl/pinctrl-rockchip.c linux-5.4.0/drivers/pinctrl/pinctrl-rockchip.c --- linux-5.4.0/drivers/pinctrl/pinctrl-rockchip.c +++ linux-5.4.0/drivers/pinctrl/pinctrl-rockchip.c @@ -62,7 +62,7 @@ RK3399, }; -/** +/* * Encode variants of iomux registers into a type variable */ #define IOMUX_GPIO_ONLY BIT(0) @@ -72,6 +72,7 @@ #define IOMUX_WIDTH_3BIT BIT(4) /** + * struct rockchip_iomux * @type: iomux variant using IOMUX_* constants * @offset: if initialized to -1 it will be autocalculated, by specifying * an initial offset value the relevant source offset can be reset @@ -82,7 +83,7 @@ int offset; }; -/** +/* * enum type index corresponding to rockchip_perpin_drv_list arrays index. */ enum rockchip_pin_drv_type { @@ -94,7 +95,7 @@ DRV_TYPE_MAX }; -/** +/* * enum type index corresponding to rockchip_pull_list arrays index. */ enum rockchip_pin_pull_type { @@ -104,6 +105,7 @@ }; /** + * struct rockchip_drv * @drv_type: drive strength variant using rockchip_perpin_drv_type * @offset: if initialized to -1 it will be autocalculated, by specifying * an initial offset value the relevant source offset can be reset @@ -117,8 +119,9 @@ }; /** + * struct rockchip_pin_bank * @reg_base: register base of the gpio bank - * @reg_pull: optional separate register for additional pull settings + * @regmap_pull: optional separate register for additional pull settings * @clk: clock of the gpio bank * @irq: interrupt of the gpio bank * @saved_masks: Saved content of GPIO_INTEN at suspend time. @@ -136,6 +139,8 @@ * @gpio_chip: gpiolib chip * @grange: gpio range * @slock: spinlock for the gpio bank + * @toggle_edge_mode: bit mask to toggle (falling/rising) edge mode + * @recalced_mask: bit mask to indicate a need to recalulate the mask * @route_mask: bits describing the routing pins of per bank */ struct rockchip_pin_bank { @@ -310,6 +315,7 @@ * @bank_num: bank number. * @pin: index at register or used to calc index. * @func: the min pin. + * @route_location: the mux route location (same, pmu, grf). * @route_offset: the max pin. * @route_val: the register offset. */ @@ -322,8 +328,6 @@ u32 route_val; }; -/** - */ struct rockchip_pin_ctrl { struct rockchip_pin_bank *pin_banks; u32 nr_banks; @@ -361,9 +365,7 @@ * @name: name of the pin group, used to lookup the group. * @pins: the pins included in this group. * @npins: number of pins included in this group. - * @func: the mux function number to be programmed when selected. - * @configs: the config values to be set for each pin - * @nconfigs: number of configs for each pin + * @data: local pin configuration */ struct rockchip_pin_group { const char *name; @@ -376,7 +378,7 @@ * struct rockchip_pmx_func: represent a pin function. * @name: name of the pin function, used to lookup the function. * @groups: one or more names of pin groups that provide this function. - * @num_groups: number of groups included in @groups. + * @ngroups: number of groups included in @groups. */ struct rockchip_pmx_func { const char *name; @@ -2534,6 +2536,7 @@ np_config = of_find_node_by_phandle(be32_to_cpup(phandle)); ret = pinconf_generic_parse_dt_config(np_config, NULL, &grp->data[j].configs, &grp->data[j].nconfigs); + of_node_put(np_config); if (ret) return ret; } diff -u linux-5.4.0/drivers/power/supply/bq27xxx_battery_i2c.c linux-5.4.0/drivers/power/supply/bq27xxx_battery_i2c.c --- linux-5.4.0/drivers/power/supply/bq27xxx_battery_i2c.c +++ linux-5.4.0/drivers/power/supply/bq27xxx_battery_i2c.c @@ -217,7 +217,9 @@ { struct bq27xxx_device_info *di = i2c_get_clientdata(client); - free_irq(client->irq, di); + if (client->irq) + free_irq(client->irq, di); + bq27xxx_battery_teardown(di); mutex_lock(&battery_mutex); diff -u linux-5.4.0/drivers/regulator/pwm-regulator.c linux-5.4.0/drivers/regulator/pwm-regulator.c --- linux-5.4.0/drivers/regulator/pwm-regulator.c +++ linux-5.4.0/drivers/regulator/pwm-regulator.c @@ -158,6 +158,9 @@ pwm_get_state(drvdata->pwm, &pstate); voltage = pwm_get_relative_duty_cycle(&pstate, duty_unit); + if (voltage < min(max_uV_duty, min_uV_duty) || + voltage > max(max_uV_duty, min_uV_duty)) + return -ENOTRECOVERABLE; /* * The dutycycle for min_uV might be greater than the one for max_uV. diff -u linux-5.4.0/drivers/s390/net/qeth_l3_main.c linux-5.4.0/drivers/s390/net/qeth_l3_main.c --- linux-5.4.0/drivers/s390/net/qeth_l3_main.c +++ linux-5.4.0/drivers/s390/net/qeth_l3_main.c @@ -305,9 +305,10 @@ if (!recover) { hash_del(&addr->hnode); kfree(addr); - continue; + } else { + /* prepare for recovery */ + addr->disp_flag = QETH_DISP_ADDR_ADD; } - addr->disp_flag = QETH_DISP_ADDR_ADD; } mutex_unlock(&card->ip_lock); @@ -335,11 +336,13 @@ } else rc = qeth_l3_register_addr_entry(card, addr); - if (!rc) { + if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) { + /* keep it in the records */ addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING; if (addr->ref_counter < 1) qeth_l3_delete_ip(card, addr); } else { + /* bad address */ hash_del(&addr->hnode); kfree(addr); } diff -u linux-5.4.0/drivers/scsi/Kconfig linux-5.4.0/drivers/scsi/Kconfig --- linux-5.4.0/drivers/scsi/Kconfig +++ linux-5.4.0/drivers/scsi/Kconfig @@ -1286,7 +1286,7 @@ config JAZZ_ESP bool "MIPS JAZZ FAS216 SCSI support" - depends on MACH_JAZZ && SCSI + depends on MACH_JAZZ && SCSI=y select SCSI_SPI_ATTRS help This is the driver for the onboard SCSI host adapter of MIPS Magnum diff -u linux-5.4.0/drivers/scsi/lpfc/lpfc_scsi.c linux-5.4.0/drivers/scsi/lpfc/lpfc_scsi.c --- linux-5.4.0/drivers/scsi/lpfc/lpfc_scsi.c +++ linux-5.4.0/drivers/scsi/lpfc/lpfc_scsi.c @@ -1942,7 +1942,7 @@ * * Returns the number of SGEs added to the SGL. **/ -static int +static uint32_t lpfc_bg_setup_sgl(struct lpfc_hba *phba, struct scsi_cmnd *sc, struct sli4_sge *sgl, int datasegcnt, struct lpfc_io_buf *lpfc_cmd) @@ -1950,8 +1950,8 @@ struct scatterlist *sgde = NULL; /* s/g data entry */ struct sli4_sge_diseed *diseed = NULL; dma_addr_t physaddr; - int i = 0, num_sge = 0, status; - uint32_t reftag; + int i = 0, status; + uint32_t reftag, num_sge = 0; uint8_t txop, rxop; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS uint32_t rc; @@ -2122,7 +2122,7 @@ * * Returns the number of SGEs added to the SGL. **/ -static int +static uint32_t lpfc_bg_setup_sgl_prot(struct lpfc_hba *phba, struct scsi_cmnd *sc, struct sli4_sge *sgl, int datacnt, int protcnt, struct lpfc_io_buf *lpfc_cmd) @@ -2146,8 +2146,8 @@ uint32_t rc; #endif uint32_t checking = 1; - uint32_t dma_offset = 0; - int num_sge = 0, j = 2; + uint32_t dma_offset = 0, num_sge = 0; + int j = 2; struct sli4_hybrid_sgl *sgl_xtra = NULL; sgpe = scsi_prot_sglist(sc); diff -u linux-5.4.0/drivers/spi/spi-mt7621.c linux-5.4.0/drivers/spi/spi-mt7621.c --- linux-5.4.0/drivers/spi/spi-mt7621.c +++ linux-5.4.0/drivers/spi/spi-mt7621.c @@ -340,11 +340,9 @@ return PTR_ERR(base); clk = devm_clk_get(&pdev->dev, NULL); - if (IS_ERR(clk)) { - dev_err(&pdev->dev, "unable to get SYS clock, err=%d\n", - status); - return PTR_ERR(clk); - } + if (IS_ERR(clk)) + return dev_err_probe(&pdev->dev, PTR_ERR(clk), + "unable to get SYS clock\n"); status = clk_prepare_enable(clk); if (status) diff -u linux-5.4.0/drivers/target/target_core_device.c linux-5.4.0/drivers/target/target_core_device.c --- linux-5.4.0/drivers/target/target_core_device.c +++ linux-5.4.0/drivers/target/target_core_device.c @@ -151,7 +151,6 @@ struct se_session *se_sess = se_cmd->se_sess; struct se_node_acl *nacl = se_sess->se_node_acl; struct se_tmr_req *se_tmr = se_cmd->se_tmr_req; - unsigned long flags; rcu_read_lock(); deve = target_nacl_find_deve(nacl, unpacked_lun); @@ -182,10 +181,6 @@ se_cmd->se_dev = rcu_dereference_raw(se_lun->lun_se_dev); se_tmr->tmr_dev = rcu_dereference_raw(se_lun->lun_se_dev); - spin_lock_irqsave(&se_tmr->tmr_dev->se_tmr_lock, flags); - list_add_tail(&se_tmr->tmr_list, &se_tmr->tmr_dev->dev_tmr_list); - spin_unlock_irqrestore(&se_tmr->tmr_dev->se_tmr_lock, flags); - return 0; } EXPORT_SYMBOL(transport_lookup_tmr_lun); diff -u linux-5.4.0/drivers/target/target_core_transport.c linux-5.4.0/drivers/target/target_core_transport.c --- linux-5.4.0/drivers/target/target_core_transport.c +++ linux-5.4.0/drivers/target/target_core_transport.c @@ -3392,6 +3392,10 @@ unsigned long flags; bool aborted = false; + spin_lock_irqsave(&cmd->se_dev->se_tmr_lock, flags); + list_add_tail(&cmd->se_tmr_req->tmr_list, &cmd->se_dev->dev_tmr_list); + spin_unlock_irqrestore(&cmd->se_dev->se_tmr_lock, flags); + spin_lock_irqsave(&cmd->t_state_lock, flags); if (cmd->transport_state & CMD_T_ABORTED) { aborted = true; diff -u linux-5.4.0/drivers/uio/uio_hv_generic.c linux-5.4.0/drivers/uio/uio_hv_generic.c --- linux-5.4.0/drivers/uio/uio_hv_generic.c +++ linux-5.4.0/drivers/uio/uio_hv_generic.c @@ -247,14 +247,14 @@ return -ENOTSUPP; } - pdata = kzalloc(sizeof(*pdata), GFP_KERNEL); + pdata = devm_kzalloc(&dev->device, sizeof(*pdata), GFP_KERNEL); if (!pdata) return -ENOMEM; ret = vmbus_alloc_ring(channel, HV_RING_SIZE * PAGE_SIZE, HV_RING_SIZE * PAGE_SIZE); if (ret) - goto fail; + return ret; set_channel_read_mode(channel, HV_CALL_ISR); @@ -291,7 +291,7 @@ pdata->recv_buf = vzalloc(RECV_BUFFER_SIZE); if (pdata->recv_buf == NULL) { ret = -ENOMEM; - goto fail_close; + goto fail_free_ring; } ret = vmbus_establish_gpadl(channel, pdata->recv_buf, @@ -351,8 +351,8 @@ fail_close: hv_uio_cleanup(dev, pdata); -fail: - kfree(pdata); +fail_free_ring: + vmbus_free_ring(dev->channel); return ret; } @@ -367,10 +367,8 @@ uio_unregister_device(&pdata->info); hv_uio_cleanup(dev, pdata); - hv_set_drvdata(dev, NULL); vmbus_free_ring(dev->channel); - kfree(pdata); return 0; } diff -u linux-5.4.0/drivers/usb/cdns3/gadget.c linux-5.4.0/drivers/usb/cdns3/gadget.c --- linux-5.4.0/drivers/usb/cdns3/gadget.c +++ linux-5.4.0/drivers/usb/cdns3/gadget.c @@ -661,7 +661,11 @@ return; } - if (request->complete) { + /* + * zlp request is appended by driver, needn't call usb_gadget_giveback_request() to notify + * gadget composite driver. + */ + if (request->complete && request->buf != priv_dev->zlp_buf) { spin_unlock(&priv_dev->lock); usb_gadget_giveback_request(&priv_ep->endpoint, request); @@ -1951,11 +1955,11 @@ while (!list_empty(&priv_ep->wa2_descmiss_req_list)) { priv_req = cdns3_next_priv_request(&priv_ep->wa2_descmiss_req_list); + list_del_init(&priv_req->list); kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); - list_del_init(&priv_req->list); --priv_ep->wa2_counter; } diff -u linux-5.4.0/drivers/usb/core/port.c linux-5.4.0/drivers/usb/core/port.c --- linux-5.4.0/drivers/usb/core/port.c +++ linux-5.4.0/drivers/usb/core/port.c @@ -295,8 +295,10 @@ { struct usb_port *port_dev = to_usb_port(dev); - if (port_dev->child) + if (port_dev->child) { usb_disable_usb2_hardware_lpm(port_dev->child); + usb_unlocked_disable_lpm(port_dev->child); + } } static const struct dev_pm_ops usb_port_pm_ops = { diff -u linux-5.4.0/drivers/usb/gadget/function/f_ncm.c linux-5.4.0/drivers/usb/gadget/function/f_ncm.c --- linux-5.4.0/drivers/usb/gadget/function/f_ncm.c +++ linux-5.4.0/drivers/usb/gadget/function/f_ncm.c @@ -1349,7 +1349,15 @@ "Parsed NTB with %d frames\n", dgram_counter); to_process -= block_len; - if (to_process != 0) { + + /* + * Windows NCM driver avoids USB ZLPs by adding a 1-byte + * zero pad as needed. + */ + if (to_process == 1 && + (*(unsigned char *)(ntb_ptr + block_len) == 0x00)) { + to_process--; + } else if (to_process > 0) { ntb_ptr = (unsigned char *)(ntb_ptr + block_len); goto parse_ntb; } diff -u linux-5.4.0/drivers/usb/roles/class.c linux-5.4.0/drivers/usb/roles/class.c --- linux-5.4.0/drivers/usb/roles/class.c +++ linux-5.4.0/drivers/usb/roles/class.c @@ -20,6 +20,7 @@ struct device dev; struct mutex lock; /* device lock*/ enum usb_role role; + bool registered; /* From descriptor */ struct device *usb2_port; @@ -46,6 +47,9 @@ if (IS_ERR_OR_NULL(sw)) return 0; + if (!sw->registered) + return -EOPNOTSUPP; + mutex_lock(&sw->lock); ret = sw->set(sw->dev.parent, role); @@ -69,7 +73,7 @@ { enum usb_role role; - if (IS_ERR_OR_NULL(sw)) + if (IS_ERR_OR_NULL(sw) || !sw->registered) return USB_ROLE_NONE; mutex_lock(&sw->lock); @@ -319,6 +323,8 @@ return ERR_PTR(ret); } + sw->registered = true; + /* TODO: Symlinks for the host port and the device controller. */ return sw; @@ -333,8 +339,10 @@ */ void usb_role_switch_unregister(struct usb_role_switch *sw) { - if (!IS_ERR_OR_NULL(sw)) + if (!IS_ERR_OR_NULL(sw)) { + sw->registered = false; device_unregister(&sw->dev); + } } EXPORT_SYMBOL_GPL(usb_role_switch_unregister); diff -u linux-5.4.0/drivers/video/fbdev/savage/savagefb_driver.c linux-5.4.0/drivers/video/fbdev/savage/savagefb_driver.c --- linux-5.4.0/drivers/video/fbdev/savage/savagefb_driver.c +++ linux-5.4.0/drivers/video/fbdev/savage/savagefb_driver.c @@ -869,6 +869,9 @@ DBG("savagefb_check_var"); + if (!var->pixclock) + return -EINVAL; + var->transp.offset = 0; var->transp.length = 0; switch (var->bits_per_pixel) { diff -u linux-5.4.0/fs/afs/dir.c linux-5.4.0/fs/afs/dir.c --- linux-5.4.0/fs/afs/dir.c +++ linux-5.4.0/fs/afs/dir.c @@ -426,8 +426,10 @@ dire->u.name[0] == '.' && ctx->actor != afs_lookup_filldir && ctx->actor != afs_lookup_one_filldir && - memcmp(dire->u.name, ".__afs", 6) == 0) + memcmp(dire->u.name, ".__afs", 6) == 0) { + ctx->pos = blkoff + next * sizeof(union afs_xdr_dirent); continue; + } /* found the next entry */ if (!dir_emit(ctx, dire->u.name, nlen, diff -u linux-5.4.0/fs/afs/volume.c linux-5.4.0/fs/afs/volume.c --- linux-5.4.0/fs/afs/volume.c +++ linux-5.4.0/fs/afs/volume.c @@ -221,7 +221,7 @@ { struct afs_server_list *new, *old, *discard; struct afs_vldb_entry *vldb; - char idbuf[16]; + char idbuf[24]; int ret, idsz; _enter(""); @@ -229,7 +229,7 @@ /* We look up an ID by passing it as a decimal string in the * operation's name parameter. */ - idsz = sprintf(idbuf, "%llu", volume->vid); + idsz = snprintf(idbuf, sizeof(idbuf), "%llu", volume->vid); vldb = afs_vl_lookup_vldb(volume->cell, key, idbuf, idsz); if (IS_ERR(vldb)) { diff -u linux-5.4.0/fs/aio.c linux-5.4.0/fs/aio.c --- linux-5.4.0/fs/aio.c +++ linux-5.4.0/fs/aio.c @@ -570,6 +570,13 @@ struct kioctx *ctx = req->ki_ctx; unsigned long flags; + /* + * kiocb didn't come from aio or is neither a read nor a write, hence + * ignore it. + */ + if (!(iocb->ki_flags & IOCB_AIO_RW)) + return; + if (WARN_ON_ONCE(!list_empty(&req->ki_list))) return; @@ -1455,7 +1462,7 @@ req->ki_complete = aio_complete_rw; req->private = NULL; req->ki_pos = iocb->aio_offset; - req->ki_flags = iocb_flags(req->ki_filp); + req->ki_flags = iocb_flags(req->ki_filp) | IOCB_AIO_RW; if (iocb->aio_flags & IOCB_FLAG_RESFD) req->ki_flags |= IOCB_EVENTFD; req->ki_hint = ki_hint_validate(file_write_hint(req->ki_filp)); diff -u linux-5.4.0/fs/btrfs/dev-replace.c linux-5.4.0/fs/btrfs/dev-replace.c --- linux-5.4.0/fs/btrfs/dev-replace.c +++ linux-5.4.0/fs/btrfs/dev-replace.c @@ -535,6 +535,23 @@ return ret; } +static int btrfs_check_replace_dev_names(struct btrfs_ioctl_dev_replace_args *args) +{ + if (args->start.srcdevid == 0) { + if (memchr(args->start.srcdev_name, 0, + sizeof(args->start.srcdev_name)) == NULL) + return -ENAMETOOLONG; + } else { + args->start.srcdev_name[0] = 0; + } + + if (memchr(args->start.tgtdev_name, 0, + sizeof(args->start.tgtdev_name)) == NULL) + return -ENAMETOOLONG; + + return 0; +} + int btrfs_dev_replace_by_ioctl(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_dev_replace_args *args) { @@ -547,10 +564,9 @@ default: return -EINVAL; } - - if ((args->start.srcdevid == 0 && args->start.srcdev_name[0] == '\0') || - args->start.tgtdev_name[0] == '\0') - return -EINVAL; + ret = btrfs_check_replace_dev_names(args); + if (ret < 0) + return ret; ret = btrfs_dev_replace_start(fs_info, args->start.tgtdev_name, args->start.srcdevid, diff -u linux-5.4.0/fs/cifs/sess.c linux-5.4.0/fs/cifs/sess.c --- linux-5.4.0/fs/cifs/sess.c +++ linux-5.4.0/fs/cifs/sess.c @@ -290,8 +290,8 @@ { unsigned int tioffset; /* challenge message target info area */ unsigned int tilen; /* challenge message target info area length */ - CHALLENGE_MESSAGE *pblob = (CHALLENGE_MESSAGE *)bcc_ptr; + __u32 server_flags; if (blob_len < sizeof(CHALLENGE_MESSAGE)) { cifs_dbg(VFS, "challenge blob len %d too small\n", blob_len); @@ -309,12 +309,37 @@ return -EINVAL; } + server_flags = le32_to_cpu(pblob->NegotiateFlags); + cifs_dbg(FYI, "%s: negotiate=0x%08x challenge=0x%08x\n", __func__, + ses->ntlmssp->client_flags, server_flags); + + if ((ses->ntlmssp->client_flags & (NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN)) && + (!(server_flags & NTLMSSP_NEGOTIATE_56) && !(server_flags & NTLMSSP_NEGOTIATE_128))) { + cifs_dbg(VFS, "%s: requested signing/encryption but server did not return either 56-bit or 128-bit session key size\n", + __func__); + return -EINVAL; + } + if (!(server_flags & NTLMSSP_NEGOTIATE_NTLM) && !(server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) { + cifs_dbg(VFS, "%s: server does not seem to support either NTLMv1 or NTLMv2\n", __func__); + return -EINVAL; + } + if (ses->server->sign && !(server_flags & NTLMSSP_NEGOTIATE_SIGN)) { + cifs_dbg(VFS, "%s: forced packet signing but server does not seem to support it\n", + __func__); + return -EOPNOTSUPP; + } + if ((ses->ntlmssp->client_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && + !(server_flags & NTLMSSP_NEGOTIATE_KEY_XCH)) + pr_warn_once("%s: authentication has been weakened as server does not support key exchange\n", + __func__); + + ses->ntlmssp->server_flags = server_flags; + memcpy(ses->ntlmssp->cryptkey, pblob->Challenge, CIFS_CRYPTO_KEY_SIZE); - /* BB we could decode pblob->NegotiateFlags; some may be useful */ /* In particular we can examine sign flags */ /* BB spec says that if AvId field of MsvAvTimestamp is populated then we must set the MIC field of the AUTHENTICATE_MESSAGE */ - ses->ntlmssp->server_flags = le32_to_cpu(pblob->NegotiateFlags); + tioffset = le32_to_cpu(pblob->TargetInfoArray.BufferOffset); tilen = le16_to_cpu(pblob->TargetInfoArray.Length); if (tioffset > blob_len || tioffset + tilen > blob_len) { @@ -353,12 +378,12 @@ flags = NTLMSSP_NEGOTIATE_56 | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | - NTLMSSP_NEGOTIATE_SEAL; - if (ses->server->sign) - flags |= NTLMSSP_NEGOTIATE_SIGN; + NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_SEAL | + NTLMSSP_NEGOTIATE_SIGN; if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) flags |= NTLMSSP_NEGOTIATE_KEY_XCH; + ses->ntlmssp->client_flags = flags; sec_blob->NegotiateFlags = cpu_to_le32(flags); sec_blob->WorkstationName.BufferOffset = 0; @@ -417,15 +442,8 @@ memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); sec_blob->MessageType = NtLmAuthenticate; - flags = NTLMSSP_NEGOTIATE_56 | - NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO | - NTLMSSP_NEGOTIATE_128 | NTLMSSP_NEGOTIATE_UNICODE | - NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC | - NTLMSSP_NEGOTIATE_SEAL; - if (ses->server->sign) - flags |= NTLMSSP_NEGOTIATE_SIGN; - if (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) - flags |= NTLMSSP_NEGOTIATE_KEY_XCH; + flags = ses->ntlmssp->server_flags | NTLMSSP_REQUEST_TARGET | + NTLMSSP_NEGOTIATE_TARGET_INFO; tmp = *pbuffer + sizeof(AUTHENTICATE_MESSAGE); sec_blob->NegotiateFlags = cpu_to_le32(flags); @@ -491,9 +509,9 @@ sec_blob->WorkstationName.MaximumLength = 0; tmp += 2; - if (((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) || - (ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_EXTENDED_SEC)) - && !calc_seckey(ses)) { + if ((ses->ntlmssp->server_flags & NTLMSSP_NEGOTIATE_KEY_XCH) && + (!ses->server->session_estab || ses->ntlmssp->sesskey_per_smbsess) && + !calc_seckey(ses)) { memcpy(tmp, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE); sec_blob->SessionKey.BufferOffset = cpu_to_le32(tmp - *pbuffer); sec_blob->SessionKey.Length = cpu_to_le16(CIFS_CPHTXT_SIZE); diff -u linux-5.4.0/fs/ext4/mballoc.c linux-5.4.0/fs/ext4/mballoc.c --- linux-5.4.0/fs/ext4/mballoc.c +++ linux-5.4.0/fs/ext4/mballoc.c @@ -1802,6 +1802,9 @@ return err; ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ex.fe_start, ex.fe_len, &ex); if (max > 0) { @@ -1809,6 +1812,7 @@ ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); @@ -1835,12 +1839,10 @@ if (err) return err; - if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) { - ext4_mb_unload_buddy(e4b); - return 0; - } - ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ac->ac_g_ex.fe_start, ac->ac_g_ex.fe_len, &ex); ex.fe_logical = 0xDEADFA11; /* debug value */ @@ -1873,6 +1875,7 @@ ac->ac_b_ex = ex; ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); diff -u linux-5.4.0/fs/hugetlbfs/inode.c linux-5.4.0/fs/hugetlbfs/inode.c --- linux-5.4.0/fs/hugetlbfs/inode.c +++ linux-5.4.0/fs/hugetlbfs/inode.c @@ -1205,6 +1205,7 @@ { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1249,11 +1250,12 @@ case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps >> 20); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size: diff -u linux-5.4.0/fs/iomap/buffered-io.c linux-5.4.0/fs/iomap/buffered-io.c --- linux-5.4.0/fs/iomap/buffered-io.c +++ linux-5.4.0/fs/iomap/buffered-io.c @@ -23,6 +23,7 @@ iomap_page_create(struct inode *inode, struct page *page) { struct iomap_page *iop = to_iomap_page(page); + unsigned int nr_blocks = PAGE_SIZE / i_blocksize(inode); if (iop || i_blocksize(inode) == PAGE_SIZE) return iop; @@ -32,6 +33,8 @@ atomic_set(&iop->write_count, 0); spin_lock_init(&iop->uptodate_lock); bitmap_zero(iop->uptodate, PAGE_SIZE / SECTOR_SIZE); + if (PageUptodate(page)) + bitmap_fill(iop->uptodate, nr_blocks); /* * migrate_page_move_mapping() assumes that pages with private data have diff -u linux-5.4.0/fs/nilfs2/dat.c linux-5.4.0/fs/nilfs2/dat.c --- linux-5.4.0/fs/nilfs2/dat.c +++ linux-5.4.0/fs/nilfs2/dat.c @@ -40,8 +40,21 @@ static int nilfs_dat_prepare_entry(struct inode *dat, struct nilfs_palloc_req *req, int create) { - return nilfs_palloc_get_entry_block(dat, req->pr_entry_nr, - create, &req->pr_entry_bh); + int ret; + + ret = nilfs_palloc_get_entry_block(dat, req->pr_entry_nr, + create, &req->pr_entry_bh); + if (unlikely(ret == -ENOENT)) { + nilfs_msg(dat->i_sb, KERN_ERR, + "DAT doesn't have a block to manage vblocknr = %llu", + (unsigned long long)req->pr_entry_nr); + /* + * Return internal code -EINVAL to notify bmap layer of + * metadata corruption. + */ + ret = -EINVAL; + } + return ret; } static void nilfs_dat_commit_entry(struct inode *dat, @@ -123,11 +136,7 @@ int nilfs_dat_prepare_start(struct inode *dat, struct nilfs_palloc_req *req) { - int ret; - - ret = nilfs_dat_prepare_entry(dat, req, 0); - WARN_ON(ret == -ENOENT); - return ret; + return nilfs_dat_prepare_entry(dat, req, 0); } void nilfs_dat_commit_start(struct inode *dat, struct nilfs_palloc_req *req, @@ -154,10 +163,8 @@ int ret; ret = nilfs_dat_prepare_entry(dat, req, 0); - if (ret < 0) { - WARN_ON(ret == -ENOENT); + if (ret < 0) return ret; - } kaddr = kmap_atomic(req->pr_entry_bh->b_page); entry = nilfs_palloc_block_get_entry(dat, req->pr_entry_nr, diff -u linux-5.4.0/include/linux/fs.h linux-5.4.0/include/linux/fs.h --- linux-5.4.0/include/linux/fs.h +++ linux-5.4.0/include/linux/fs.h @@ -314,6 +314,8 @@ #define IOCB_SYNC (1 << 5) #define IOCB_WRITE (1 << 6) #define IOCB_NOWAIT (1 << 7) +/* kiocb is a read or write operation submitted by fs/aio.c. */ +#define IOCB_AIO_RW (1 << 23) struct kiocb { struct file *ki_filp; diff -u linux-5.4.0/include/linux/hyperv.h linux-5.4.0/include/linux/hyperv.h --- linux-5.4.0/include/linux/hyperv.h +++ linux-5.4.0/include/linux/hyperv.h @@ -288,7 +288,7 @@ u8 sender_owns_set; u8 reserved; u32 range_cnt; - struct vmtransfer_page_range ranges[1]; + struct vmtransfer_page_range ranges[]; } __packed; struct vmgpadl_packet_header { diff -u linux-5.4.0/include/linux/lockdep.h linux-5.4.0/include/linux/lockdep.h --- linux-5.4.0/include/linux/lockdep.h +++ linux-5.4.0/include/linux/lockdep.h @@ -405,6 +405,10 @@ WARN_ON_ONCE(debug_locks && !lockdep_is_held(l)); \ } while (0) +#define lockdep_assert_none_held_once() do { \ + WARN_ON_ONCE(debug_locks && current->lockdep_depth); \ + } while (0) + #define lockdep_recursing(tsk) ((tsk)->lockdep_recursion) #define lockdep_pin_lock(l) lock_pin_lock(&(l)->dep_map) @@ -482,6 +486,7 @@ #define lockdep_assert_held_write(l) do { (void)(l); } while (0) #define lockdep_assert_held_read(l) do { (void)(l); } while (0) #define lockdep_assert_held_once(l) do { (void)(l); } while (0) +#define lockdep_assert_none_held_once() do { } while (0) #define lockdep_recursing(tsk) (0) diff -u linux-5.4.0/include/linux/socket.h linux-5.4.0/include/linux/socket.h --- linux-5.4.0/include/linux/socket.h +++ linux-5.4.0/include/linux/socket.h @@ -30,7 +30,10 @@ struct sockaddr { sa_family_t sa_family; /* address family, AF_xxx */ - char sa_data[14]; /* 14 bytes of protocol address */ + union { + char sa_data_min[14]; /* Minimum 14 bytes of protocol address */ + DECLARE_FLEX_ARRAY(char, sa_data); + }; }; struct linger { diff -u linux-5.4.0/include/net/inet_connection_sock.h linux-5.4.0/include/net/inet_connection_sock.h --- linux-5.4.0/include/net/inet_connection_sock.h +++ linux-5.4.0/include/net/inet_connection_sock.h @@ -344,2 +344,11 @@ } + +static inline void inet_init_csk_locks(struct sock *sk) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + + spin_lock_init(&icsk->icsk_accept_queue.rskq_lock); + spin_lock_init(&icsk->icsk_accept_queue.fastopenq.lock); +} + #endif /* _INET_CONNECTION_SOCK_H */ diff -u linux-5.4.0/include/net/tcp.h linux-5.4.0/include/net/tcp.h --- linux-5.4.0/include/net/tcp.h +++ linux-5.4.0/include/net/tcp.h @@ -391,6 +391,7 @@ void tcp_init_metrics(struct sock *sk); void tcp_metrics_init(void); bool tcp_peer_is_proven(struct request_sock *req, struct dst_entry *dst); +void __tcp_close(struct sock *sk, long timeout); void tcp_close(struct sock *sk, long timeout); void tcp_init_sock(struct sock *sk); void tcp_init_transfer(struct sock *sk, int bpf_op); diff -u linux-5.4.0/kernel/sched/rt.c linux-5.4.0/kernel/sched/rt.c --- linux-5.4.0/kernel/sched/rt.c +++ linux-5.4.0/kernel/sched/rt.c @@ -8,7 +8,7 @@ #include "pelt.h" int sched_rr_timeslice = RR_TIMESLICE; -int sysctl_sched_rr_timeslice = (MSEC_PER_SEC / HZ) * RR_TIMESLICE; +int sysctl_sched_rr_timeslice = (MSEC_PER_SEC * RR_TIMESLICE) / HZ; /* More than 4 hours if BW_SHIFT equals 20. */ static const u64 max_rt_runtime = MAX_BW; @@ -2659,9 +2659,6 @@ static int sched_rt_global_validate(void) { - if (sysctl_sched_rt_period <= 0) - return -EINVAL; - if ((sysctl_sched_rt_runtime != RUNTIME_INF) && ((sysctl_sched_rt_runtime > sysctl_sched_rt_period) || ((u64)sysctl_sched_rt_runtime * @@ -2693,7 +2690,7 @@ old_period = sysctl_sched_rt_period; old_runtime = sysctl_sched_rt_runtime; - ret = proc_dointvec(table, write, buffer, lenp, ppos); + ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); if (!ret && write) { ret = sched_rt_global_validate(); @@ -2738,6 +2735,9 @@ sched_rr_timeslice = sysctl_sched_rr_timeslice <= 0 ? RR_TIMESLICE : msecs_to_jiffies(sysctl_sched_rr_timeslice); + + if (sysctl_sched_rr_timeslice <= 0) + sysctl_sched_rr_timeslice = jiffies_to_msecs(RR_TIMESLICE); } mutex_unlock(&mutex); diff -u linux-5.4.0/kernel/sysctl.c linux-5.4.0/kernel/sysctl.c --- linux-5.4.0/kernel/sysctl.c +++ linux-5.4.0/kernel/sysctl.c @@ -468,6 +468,8 @@ .maxlen = sizeof(unsigned int), .mode = 0644, .proc_handler = sched_rt_handler, + .extra1 = SYSCTL_ONE, + .extra2 = SYSCTL_INT_MAX, }, { .procname = "sched_rt_runtime_us", @@ -475,6 +477,8 @@ .maxlen = sizeof(int), .mode = 0644, .proc_handler = sched_rt_handler, + .extra1 = &neg_one, + .extra2 = SYSCTL_INT_MAX, }, { .procname = "sched_rr_timeslice_ms", diff -u linux-5.4.0/mm/memcontrol.c linux-5.4.0/mm/memcontrol.c --- linux-5.4.0/mm/memcontrol.c +++ linux-5.4.0/mm/memcontrol.c @@ -2214,6 +2214,9 @@ { struct mem_cgroup *old = stock->cached; + if (!old) + return; + if (stock->nr_pages) { page_counter_uncharge(&old->memory, stock->nr_pages); if (do_memsw_account()) @@ -2221,6 +2224,8 @@ css_put_many(&old->css, stock->nr_pages); stock->nr_pages = 0; } + + css_put(&old->css); stock->cached = NULL; } @@ -2256,6 +2261,7 @@ stock = this_cpu_ptr(&memcg_stock); if (stock->cached != memcg) { /* reset if necessary */ drain_stock(stock); + css_get(&memcg->css); stock->cached = memcg; } stock->nr_pages += nr_pages; diff -u linux-5.4.0/mm/userfaultfd.c linux-5.4.0/mm/userfaultfd.c --- linux-5.4.0/mm/userfaultfd.c +++ linux-5.4.0/mm/userfaultfd.c @@ -177,6 +177,7 @@ unsigned long dst_start, unsigned long src_start, unsigned long len, + bool *mmap_changing, bool zeropage) { int vm_alloc_shared = dst_vma->vm_flags & VM_SHARED; @@ -308,6 +309,15 @@ goto out; } down_read(&dst_mm->mmap_sem); + /* + * If memory mappings are changing because of non-cooperative + * operation (e.g. mremap) running in parallel, bail out and + * request the user to retry later + */ + if (mmap_changing && READ_ONCE(*mmap_changing)) { + err = -EAGAIN; + break; + } dst_vma = NULL; goto retry; @@ -389,6 +399,7 @@ unsigned long dst_start, unsigned long src_start, unsigned long len, + bool *mmap_changing, bool zeropage); #endif /* CONFIG_HUGETLB_PAGE */ @@ -506,7 +517,8 @@ */ if (is_vm_hugetlb_page(dst_vma)) return __mcopy_atomic_hugetlb(dst_mm, dst_vma, dst_start, - src_start, len, zeropage); + src_start, len, mmap_changing, + zeropage); if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma)) goto out_unlock; diff -u linux-5.4.0/net/bluetooth/hci_core.c linux-5.4.0/net/bluetooth/hci_core.c --- linux-5.4.0/net/bluetooth/hci_core.c +++ linux-5.4.0/net/bluetooth/hci_core.c @@ -2272,6 +2272,7 @@ { struct hci_dev *hdev = container_of(work, struct hci_dev, error_reset); + hci_dev_hold(hdev); BT_DBG("%s", hdev->name); if (hdev->hw_error) @@ -2279,10 +2280,10 @@ else bt_dev_err(hdev, "hardware error 0x%2.2x", hdev->hw_error_code); - if (hci_dev_do_close(hdev)) - return; + if (!hci_dev_do_close(hdev)) + hci_dev_do_open(hdev); - hci_dev_do_open(hdev); + hci_dev_put(hdev); } void hci_uuids_clear(struct hci_dev *hdev) diff -u linux-5.4.0/net/bluetooth/hci_event.c linux-5.4.0/net/bluetooth/hci_event.c --- linux-5.4.0/net/bluetooth/hci_event.c +++ linux-5.4.0/net/bluetooth/hci_event.c @@ -4486,9 +4486,12 @@ hci_dev_lock(hdev); conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr); - if (!conn || !hci_conn_ssp_enabled(conn)) + if (!conn || !hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) goto unlock; + /* Assume remote supports SSP since it has triggered this event */ + set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); + hci_conn_hold(conn); if (!hci_dev_test_flag(hdev, HCI_MGMT)) @@ -5783,6 +5786,10 @@ return send_conn_param_neg_reply(hdev, handle, HCI_ERROR_UNKNOWN_CONN_ID); + if (max > hcon->le_conn_max_interval) + return send_conn_param_neg_reply(hdev, handle, + HCI_ERROR_INVALID_LL_PARAMS); + if (hci_check_conn_params(min, max, latency, timeout)) return send_conn_param_neg_reply(hdev, handle, HCI_ERROR_INVALID_LL_PARAMS); diff -u linux-5.4.0/net/bluetooth/l2cap_core.c linux-5.4.0/net/bluetooth/l2cap_core.c --- linux-5.4.0/net/bluetooth/l2cap_core.c +++ linux-5.4.0/net/bluetooth/l2cap_core.c @@ -5331,7 +5331,13 @@ memset(&rsp, 0, sizeof(rsp)); - err = hci_check_conn_params(min, max, latency, to_multiplier); + if (max > hcon->le_conn_max_interval) { + BT_DBG("requested connection interval exceeds current bounds."); + err = -EINVAL; + } else { + err = hci_check_conn_params(min, max, latency, to_multiplier); + } + if (err) rsp.result = cpu_to_le16(L2CAP_CONN_PARAM_REJECTED); else diff -u linux-5.4.0/net/bridge/br_device.c linux-5.4.0/net/bridge/br_device.c --- linux-5.4.0/net/bridge/br_device.c +++ linux-5.4.0/net/bridge/br_device.c @@ -35,6 +35,8 @@ const unsigned char *dest; u16 vid = 0; + memset(skb->cb, 0, sizeof(struct br_input_skb_cb)); + rcu_read_lock(); nf_ops = rcu_dereference(nf_br_ops); if (nf_ops && nf_ops->br_dev_xmit_hook(skb)) { diff -u linux-5.4.0/net/core/dev.c linux-5.4.0/net/core/dev.c --- linux-5.4.0/net/core/dev.c +++ linux-5.4.0/net/core/dev.c @@ -8220,7 +8220,7 @@ int dev_get_mac_address(struct sockaddr *sa, struct net *net, char *dev_name) { - size_t size = sizeof(sa->sa_data); + size_t size = sizeof(sa->sa_data_min); struct net_device *dev; int ret = 0; diff -u linux-5.4.0/net/core/dev_ioctl.c linux-5.4.0/net/core/dev_ioctl.c --- linux-5.4.0/net/core/dev_ioctl.c +++ linux-5.4.0/net/core/dev_ioctl.c @@ -241,7 +241,7 @@ if (ifr->ifr_hwaddr.sa_family != dev->type) return -EINVAL; memcpy(dev->broadcast, ifr->ifr_hwaddr.sa_data, - min(sizeof(ifr->ifr_hwaddr.sa_data), + min(sizeof(ifr->ifr_hwaddr.sa_data_min), (size_t)dev->addr_len)); call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); return 0; diff -u linux-5.4.0/net/core/rtnetlink.c linux-5.4.0/net/core/rtnetlink.c --- linux-5.4.0/net/core/rtnetlink.c +++ linux-5.4.0/net/core/rtnetlink.c @@ -4586,10 +4586,9 @@ struct net *net = sock_net(skb->sk); struct ifinfomsg *ifm; struct net_device *dev; - struct nlattr *br_spec, *attr = NULL; + struct nlattr *br_spec, *attr, *br_flags_attr = NULL; int rem, err = -EOPNOTSUPP; u16 flags = 0; - bool have_flags = false; if (nlmsg_len(nlh) < sizeof(*ifm)) return -EINVAL; @@ -4607,11 +4606,11 @@ br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { - if (nla_type(attr) == IFLA_BRIDGE_FLAGS && !have_flags) { + if (nla_type(attr) == IFLA_BRIDGE_FLAGS && !br_flags_attr) { if (nla_len(attr) < sizeof(flags)) return -EINVAL; - have_flags = true; + br_flags_attr = attr; flags = nla_get_u16(attr); } @@ -4655,8 +4654,8 @@ } } - if (have_flags) - memcpy(nla_data(attr), &flags, sizeof(flags)); + if (br_flags_attr) + memcpy(nla_data(br_flags_attr), &flags, sizeof(flags)); out: return err; } diff -u linux-5.4.0/net/ipv4/af_inet.c linux-5.4.0/net/ipv4/af_inet.c --- linux-5.4.0/net/ipv4/af_inet.c +++ linux-5.4.0/net/ipv4/af_inet.c @@ -326,6 +326,9 @@ if (INET_PROTOSW_REUSE & answer_flags) sk->sk_reuse = SK_CAN_REUSE; + if (INET_PROTOSW_ICSK & answer_flags) + inet_init_csk_locks(sk); + inet = inet_sk(sk); inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0; @@ -885,7 +888,7 @@ EPOLLHUP, even on eg. unconnected UDP sockets -- RR */ /* fall through */ default: - sk->sk_shutdown |= how; + WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | how); if (sk->sk_prot->shutdown) sk->sk_prot->shutdown(sk, how); break; diff -u linux-5.4.0/net/ipv4/arp.c linux-5.4.0/net/ipv4/arp.c --- linux-5.4.0/net/ipv4/arp.c +++ linux-5.4.0/net/ipv4/arp.c @@ -1104,7 +1104,8 @@ if (neigh) { if (!(neigh->nud_state & NUD_NOARP)) { read_lock_bh(&neigh->lock); - memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len); + memcpy(r->arp_ha.sa_data, neigh->ha, + min(dev->addr_len, sizeof(r->arp_ha.sa_data_min))); r->arp_flags = arp_state_to_flags(neigh); read_unlock_bh(&neigh->lock); r->arp_ha.sa_family = dev->type; diff -u linux-5.4.0/net/ipv4/devinet.c linux-5.4.0/net/ipv4/devinet.c --- linux-5.4.0/net/ipv4/devinet.c +++ linux-5.4.0/net/ipv4/devinet.c @@ -1798,6 +1798,21 @@ return err; } +/* Combine dev_addr_genid and dev_base_seq to detect changes. + */ +static u32 inet_base_seq(const struct net *net) +{ + u32 res = atomic_read(&net->ipv4.dev_addr_genid) + + net->dev_base_seq; + + /* Must not return 0 (see nl_dump_check_consistent()). + * Chose a value far away from 0. + */ + if (!res) + res = 0x80000000; + return res; +} + static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) { const struct nlmsghdr *nlh = cb->nlh; @@ -1849,8 +1864,7 @@ idx = 0; head = &tgt_net->dev_index_head[h]; rcu_read_lock(); - cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^ - tgt_net->dev_base_seq; + cb->seq = inet_base_seq(tgt_net); hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) goto cont; @@ -2249,8 +2263,7 @@ idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); - cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ - net->dev_base_seq; + cb->seq = inet_base_seq(net); hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) goto cont; diff -u linux-5.4.0/net/ipv4/inet_connection_sock.c linux-5.4.0/net/ipv4/inet_connection_sock.c --- linux-5.4.0/net/ipv4/inet_connection_sock.c +++ linux-5.4.0/net/ipv4/inet_connection_sock.c @@ -520,6 +520,10 @@ } if (req) reqsk_put(req); + + if (newsk) + inet_init_csk_locks(newsk); + return newsk; out_err: newsk = NULL; diff -u linux-5.4.0/net/ipv4/ip_tunnel.c linux-5.4.0/net/ipv4/ip_tunnel.c --- linux-5.4.0/net/ipv4/ip_tunnel.c +++ linux-5.4.0/net/ipv4/ip_tunnel.c @@ -547,6 +547,20 @@ return 0; } +static void ip_tunnel_adj_headroom(struct net_device *dev, unsigned int headroom) +{ + /* we must cap headroom to some upperlimit, else pskb_expand_head + * will overflow header offsets in skb_headers_offset_update(). + */ + static const unsigned int max_allowed = 512; + + if (headroom > max_allowed) + headroom = max_allowed; + + if (headroom > READ_ONCE(dev->needed_headroom)) + WRITE_ONCE(dev->needed_headroom, headroom); +} + void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, u8 proto, int tunnel_hlen) { @@ -620,13 +634,13 @@ } headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len; - if (headroom > READ_ONCE(dev->needed_headroom)) - WRITE_ONCE(dev->needed_headroom, headroom); - - if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom))) { + if (skb_cow_head(skb, headroom)) { ip_rt_put(rt); goto tx_dropped; } + + ip_tunnel_adj_headroom(dev, headroom); + iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl, df, !net_eq(tunnel->net, dev_net(dev))); return; @@ -804,16 +818,16 @@ max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr) + rt->dst.header_len + ip_encap_hlen(&tunnel->encap); - if (max_headroom > READ_ONCE(dev->needed_headroom)) - WRITE_ONCE(dev->needed_headroom, max_headroom); - if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom))) { + if (skb_cow_head(skb, max_headroom)) { ip_rt_put(rt); dev->stats.tx_dropped++; kfree_skb(skb); return; } + ip_tunnel_adj_headroom(dev, max_headroom); + iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, df, !net_eq(tunnel->net, dev_net(dev))); return; diff -u linux-5.4.0/net/ipv4/tcp.c linux-5.4.0/net/ipv4/tcp.c --- linux-5.4.0/net/ipv4/tcp.c +++ linux-5.4.0/net/ipv4/tcp.c @@ -505,6 +505,7 @@ __poll_t mask; struct sock *sk = sock->sk; const struct tcp_sock *tp = tcp_sk(sk); + u8 shutdown; int state; sock_poll_wait(file, sock, wait); @@ -547,9 +548,10 @@ * NOTE. Check for TCP_CLOSE is added. The goal is to prevent * blocking on fresh not-connected or disconnected socket. --ANK */ - if (sk->sk_shutdown == SHUTDOWN_MASK || state == TCP_CLOSE) + shutdown = READ_ONCE(sk->sk_shutdown); + if (shutdown == SHUTDOWN_MASK || state == TCP_CLOSE) mask |= EPOLLHUP; - if (sk->sk_shutdown & RCV_SHUTDOWN) + if (shutdown & RCV_SHUTDOWN) mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; /* Connected or passive Fast Open socket? */ @@ -565,8 +567,8 @@ if (tcp_stream_is_readable(tp, target, sk)) mask |= EPOLLIN | EPOLLRDNORM; - if (!(sk->sk_shutdown & SEND_SHUTDOWN)) { - if (sk_stream_is_writeable(sk)) { + if (!(shutdown & SEND_SHUTDOWN)) { + if (__sk_stream_is_writeable(sk, 1)) { mask |= EPOLLOUT | EPOLLWRNORM; } else { /* send SIGIO later */ sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); @@ -578,7 +580,7 @@ * pairs with the input side. */ smp_mb__after_atomic(); - if (sk_stream_is_writeable(sk)) + if (__sk_stream_is_writeable(sk, 1)) mask |= EPOLLOUT | EPOLLWRNORM; } } else @@ -2351,14 +2353,13 @@ return too_many_orphans || out_of_socket_memory; } -void tcp_close(struct sock *sk, long timeout) +void __tcp_close(struct sock *sk, long timeout) { struct sk_buff *skb; int data_was_unread = 0; int state; - lock_sock(sk); - sk->sk_shutdown = SHUTDOWN_MASK; + WRITE_ONCE(sk->sk_shutdown, SHUTDOWN_MASK); if (sk->sk_state == TCP_LISTEN) { tcp_set_state(sk, TCP_CLOSE); @@ -2521,6 +2522,12 @@ out: bh_unlock_sock(sk); local_bh_enable(); +} + +void tcp_close(struct sock *sk, long timeout) +{ + lock_sock(sk); + __tcp_close(sk, timeout); release_sock(sk); sock_put(sk); } @@ -2624,7 +2631,7 @@ if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) inet_reset_saddr(sk); - sk->sk_shutdown = 0; + WRITE_ONCE(sk->sk_shutdown, 0); sock_reset_flag(sk, SOCK_DONE); tp->srtt_us = 0; tp->mdev_us = jiffies_to_usecs(TCP_TIMEOUT_INIT); @@ -3902,7 +3909,7 @@ if (req) reqsk_fastopen_remove(sk, req, false); - sk->sk_shutdown = SHUTDOWN_MASK; + WRITE_ONCE(sk->sk_shutdown, SHUTDOWN_MASK); if (!sock_flag(sk, SOCK_DEAD)) sk->sk_state_change(sk); diff -u linux-5.4.0/net/ipv4/tcp_input.c linux-5.4.0/net/ipv4/tcp_input.c --- linux-5.4.0/net/ipv4/tcp_input.c +++ linux-5.4.0/net/ipv4/tcp_input.c @@ -4216,7 +4216,7 @@ inet_csk_schedule_ack(sk); - sk->sk_shutdown |= RCV_SHUTDOWN; + WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | RCV_SHUTDOWN); sock_set_flag(sk, SOCK_DONE); switch (sk->sk_state) { @@ -6354,7 +6354,7 @@ break; tcp_set_state(sk, TCP_FIN_WAIT2); - sk->sk_shutdown |= SEND_SHUTDOWN; + WRITE_ONCE(sk->sk_shutdown, sk->sk_shutdown | SEND_SHUTDOWN); sk_dst_confirm(sk); diff -u linux-5.4.0/net/ipv6/addrconf.c linux-5.4.0/net/ipv6/addrconf.c --- linux-5.4.0/net/ipv6/addrconf.c +++ linux-5.4.0/net/ipv6/addrconf.c @@ -696,6 +696,22 @@ return err; } +/* Combine dev_addr_genid and dev_base_seq to detect changes. + */ +static u32 inet6_base_seq(const struct net *net) +{ + u32 res = atomic_read(&net->ipv6.dev_addr_genid) + + net->dev_base_seq; + + /* Must not return 0 (see nl_dump_check_consistent()). + * Chose a value far away from 0. + */ + if (!res) + res = 0x80000000; + return res; +} + + static int inet6_netconf_dump_devconf(struct sk_buff *skb, struct netlink_callback *cb) { @@ -729,8 +745,7 @@ idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); - cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ - net->dev_base_seq; + cb->seq = inet6_base_seq(net); hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) goto cont; @@ -5232,7 +5247,7 @@ } rcu_read_lock(); - cb->seq = atomic_read(&tgt_net->ipv6.dev_addr_genid) ^ tgt_net->dev_base_seq; + cb->seq = inet6_base_seq(tgt_net); for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &tgt_net->dev_index_head[h]; @@ -5365,9 +5380,10 @@ } addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer); - if (!addr) - return -EINVAL; - + if (!addr) { + err = -EINVAL; + goto errout; + } ifm = nlmsg_data(nlh); if (ifm->ifa_index) dev = dev_get_by_index(tgt_net, ifm->ifa_index); diff -u linux-5.4.0/net/ipv6/af_inet6.c linux-5.4.0/net/ipv6/af_inet6.c --- linux-5.4.0/net/ipv6/af_inet6.c +++ linux-5.4.0/net/ipv6/af_inet6.c @@ -194,6 +194,9 @@ if (INET_PROTOSW_REUSE & answer_flags) sk->sk_reuse = SK_CAN_REUSE; + if (INET_PROTOSW_ICSK & answer_flags) + inet_init_csk_locks(sk); + inet = inet_sk(sk); inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0; diff -u linux-5.4.0/net/ipv6/seg6.c linux-5.4.0/net/ipv6/seg6.c --- linux-5.4.0/net/ipv6/seg6.c +++ linux-5.4.0/net/ipv6/seg6.c @@ -441,22 +441,24 @@ { int err = -ENOMEM; - err = genl_register_family(&seg6_genl_family); + err = register_pernet_subsys(&ip6_segments_ops); if (err) goto out; - err = register_pernet_subsys(&ip6_segments_ops); + err = genl_register_family(&seg6_genl_family); if (err) - goto out_unregister_genl; + goto out_unregister_pernet; #ifdef CONFIG_IPV6_SEG6_LWTUNNEL err = seg6_iptunnel_init(); if (err) - goto out_unregister_pernet; + goto out_unregister_genl; err = seg6_local_init(); - if (err) - goto out_unregister_pernet; + if (err) { + seg6_iptunnel_exit(); + goto out_unregister_genl; + } #endif #ifdef CONFIG_IPV6_SEG6_HMAC @@ -477,11 +479,11 @@ #endif #endif #ifdef CONFIG_IPV6_SEG6_LWTUNNEL -out_unregister_pernet: - unregister_pernet_subsys(&ip6_segments_ops); -#endif out_unregister_genl: genl_unregister_family(&seg6_genl_family); +#endif +out_unregister_pernet: + unregister_pernet_subsys(&ip6_segments_ops); goto out; } diff -u linux-5.4.0/net/l2tp/l2tp_ip6.c linux-5.4.0/net/l2tp/l2tp_ip6.c --- linux-5.4.0/net/l2tp/l2tp_ip6.c +++ linux-5.4.0/net/l2tp/l2tp_ip6.c @@ -644,7 +644,7 @@ back_from_confirm: lock_sock(sk); - ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0; + ulen = len + (skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0); err = ip6_append_data(sk, ip_generic_getfrag, msg, ulen, transhdrlen, &ipc6, &fl6, (struct rt6_info *)dst, diff -u linux-5.4.0/net/mac80211/cfg.c linux-5.4.0/net/mac80211/cfg.c --- linux-5.4.0/net/mac80211/cfg.c +++ linux-5.4.0/net/mac80211/cfg.c @@ -491,6 +491,9 @@ sta->cipher_scheme = cs; err = ieee80211_key_link(key, sdata, sta); + /* KRACK protection, shouldn't happen but just silently accept key */ + if (err == -EALREADY) + err = 0; out_unlock: mutex_unlock(&local->sta_mtx); diff -u linux-5.4.0/net/mac80211/key.c linux-5.4.0/net/mac80211/key.c --- linux-5.4.0/net/mac80211/key.c +++ linux-5.4.0/net/mac80211/key.c @@ -808,7 +808,7 @@ */ if (ieee80211_key_identical(sdata, old_key, key)) { ieee80211_key_free_unused(key); - ret = 0; + ret = -EALREADY; goto out; } diff -u linux-5.4.0/net/mac80211/sta_info.c linux-5.4.0/net/mac80211/sta_info.c --- linux-5.4.0/net/mac80211/sta_info.c +++ linux-5.4.0/net/mac80211/sta_info.c @@ -683,6 +683,8 @@ if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_accept_plinks_update(sdata); + ieee80211_check_fast_xmit(sta); + return 0; out_remove: sta_info_hash_del(local, sta); diff -u linux-5.4.0/net/mac80211/tx.c linux-5.4.0/net/mac80211/tx.c --- linux-5.4.0/net/mac80211/tx.c +++ linux-5.4.0/net/mac80211/tx.c @@ -2919,7 +2919,7 @@ sdata->vif.type == NL80211_IFTYPE_STATION) goto out; - if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED)) + if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED) || !sta->uploaded) goto out; if (test_sta_flag(sta, WLAN_STA_PS_STA) || diff -u linux-5.4.0/net/netfilter/nf_conntrack_proto_sctp.c linux-5.4.0/net/netfilter/nf_conntrack_proto_sctp.c --- linux-5.4.0/net/netfilter/nf_conntrack_proto_sctp.c +++ linux-5.4.0/net/netfilter/nf_conntrack_proto_sctp.c @@ -299,7 +299,7 @@ pr_debug("Setting vtag %x for secondary conntrack\n", sh->vtag); ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] = sh->vtag; - } else { + } else if (sch->type == SCTP_CID_SHUTDOWN_ACK) { /* If it is a shutdown ack OOTB packet, we expect a return shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */ pr_debug("Setting vtag %x for new conn OOTB\n", diff -u linux-5.4.0/net/netfilter/nf_tables_api.c linux-5.4.0/net/netfilter/nf_tables_api.c --- linux-5.4.0/net/netfilter/nf_tables_api.c +++ linux-5.4.0/net/netfilter/nf_tables_api.c @@ -951,6 +951,7 @@ return 0; err_register_hooks: + ctx->table->flags |= NFT_TABLE_F_DORMANT; nft_trans_destroy(trans); return ret; } diff -u linux-5.4.0/net/netfilter/nft_compat.c linux-5.4.0/net/netfilter/nft_compat.c --- linux-5.4.0/net/netfilter/nft_compat.c +++ linux-5.4.0/net/netfilter/nft_compat.c @@ -336,10 +336,20 @@ if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && + ctx->family != NFPROTO_INET && ctx->family != NFPROTO_BRIDGE && ctx->family != NFPROTO_ARP) return -EOPNOTSUPP; + ret = nft_chain_validate_hooks(ctx->chain, + (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN) | + (1 << NF_INET_FORWARD) | + (1 << NF_INET_LOCAL_OUT) | + (1 << NF_INET_POST_ROUTING)); + if (ret) + return ret; + if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); @@ -584,10 +594,20 @@ if (ctx->family != NFPROTO_IPV4 && ctx->family != NFPROTO_IPV6 && + ctx->family != NFPROTO_INET && ctx->family != NFPROTO_BRIDGE && ctx->family != NFPROTO_ARP) return -EOPNOTSUPP; + ret = nft_chain_validate_hooks(ctx->chain, + (1 << NF_INET_PRE_ROUTING) | + (1 << NF_INET_LOCAL_IN) | + (1 << NF_INET_FORWARD) | + (1 << NF_INET_LOCAL_OUT) | + (1 << NF_INET_POST_ROUTING)); + if (ret) + return ret; + if (nft_is_base_chain(ctx->chain)) { const struct nft_base_chain *basechain = nft_base_chain(ctx->chain); diff -u linux-5.4.0/net/netlink/af_netlink.c linux-5.4.0/net/netlink/af_netlink.c --- linux-5.4.0/net/netlink/af_netlink.c +++ linux-5.4.0/net/netlink/af_netlink.c @@ -156,7 +156,7 @@ static struct sk_buff *netlink_to_full_skb(const struct sk_buff *skb, gfp_t gfp_mask) { - unsigned int len = skb_end_offset(skb); + unsigned int len = skb->len; struct sk_buff *new; new = alloc_skb(len, gfp_mask); diff -u linux-5.4.0/net/packet/af_packet.c linux-5.4.0/net/packet/af_packet.c --- linux-5.4.0/net/packet/af_packet.c +++ linux-5.4.0/net/packet/af_packet.c @@ -1850,7 +1850,7 @@ */ spkt->spkt_family = dev->type; - strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device)); + strscpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device)); spkt->spkt_protocol = skb->protocol; /* @@ -3223,7 +3223,7 @@ int addr_len) { struct sock *sk = sock->sk; - char name[sizeof(uaddr->sa_data) + 1]; + char name[sizeof(uaddr->sa_data_min) + 1]; /* * Check legality @@ -3234,8 +3234,8 @@ /* uaddr->sa_data comes from the userspace, it's not guaranteed to be * zero-terminated. */ - memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data)); - name[sizeof(uaddr->sa_data)] = 0; + memcpy(name, uaddr->sa_data, sizeof(uaddr->sa_data_min)); + name[sizeof(uaddr->sa_data_min)] = 0; return packet_do_bind(sk, name, 0, 0); } @@ -3507,11 +3507,11 @@ return -EOPNOTSUPP; uaddr->sa_family = AF_PACKET; - memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data)); + memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data_min)); rcu_read_lock(); dev = dev_get_by_index_rcu(sock_net(sk), READ_ONCE(pkt_sk(sk)->ifindex)); if (dev) - strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data)); + strscpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data_min)); rcu_read_unlock(); return sizeof(*uaddr); diff -u linux-5.4.0/net/sched/Kconfig linux-5.4.0/net/sched/Kconfig --- linux-5.4.0/net/sched/Kconfig +++ linux-5.4.0/net/sched/Kconfig @@ -45,23 +45,6 @@ comment "Queueing/Scheduling" -config NET_SCH_CBQ - tristate "Class Based Queueing (CBQ)" - ---help--- - Say Y here if you want to use the Class-Based Queueing (CBQ) packet - scheduling algorithm. This algorithm classifies the waiting packets - into a tree-like hierarchy of classes; the leaves of this tree are - in turn scheduled by separate algorithms. - - See the top of for more details. - - CBQ is a commonly used scheduler, so if you're unsure, you should - say Y here. Then say Y to all the queueing algorithms below that you - want to use as leaf disciplines. - - To compile this code as a module, choose M here: the - module will be called sch_cbq. - config NET_SCH_HTB tristate "Hierarchical Token Bucket (HTB)" ---help--- @@ -85,20 +68,6 @@ To compile this code as a module, choose M here: the module will be called sch_hfsc. -config NET_SCH_ATM - tristate "ATM Virtual Circuits (ATM)" - depends on ATM - ---help--- - Say Y here if you want to use the ATM pseudo-scheduler. This - provides a framework for invoking classifiers, which in turn - select classes of this queuing discipline. Each class maps - the flow(s) it is handling to a given virtual circuit. - - See the top of for more details. - - To compile this code as a module, choose M here: the - module will be called sch_atm. - config NET_SCH_PRIO tristate "Multi Band Priority Queueing (PRIO)" ---help--- @@ -217,17 +186,6 @@ To compile this code as a module, choose M here: the module will be called sch_gred. -config NET_SCH_DSMARK - tristate "Differentiated Services marker (DSMARK)" - ---help--- - Say Y if you want to schedule packets according to the - Differentiated Services architecture proposed in RFC 2475. - Technical information on this method, with pointers to associated - RFCs, is available at . - - To compile this code as a module, choose M here: the - module will be called sch_dsmark. - config NET_SCH_NETEM tristate "Network emulator (NETEM)" ---help--- diff -u linux-5.4.0/net/sched/Makefile linux-5.4.0/net/sched/Makefile --- linux-5.4.0/net/sched/Makefile +++ linux-5.4.0/net/sched/Makefile @@ -31,20 +31,17 @@ obj-$(CONFIG_NET_ACT_TUNNEL_KEY)+= act_tunnel_key.o obj-$(CONFIG_NET_ACT_CT) += act_ct.o obj-$(CONFIG_NET_SCH_FIFO) += sch_fifo.o -obj-$(CONFIG_NET_SCH_CBQ) += sch_cbq.o obj-$(CONFIG_NET_SCH_HTB) += sch_htb.o obj-$(CONFIG_NET_SCH_HFSC) += sch_hfsc.o obj-$(CONFIG_NET_SCH_RED) += sch_red.o obj-$(CONFIG_NET_SCH_GRED) += sch_gred.o obj-$(CONFIG_NET_SCH_INGRESS) += sch_ingress.o -obj-$(CONFIG_NET_SCH_DSMARK) += sch_dsmark.o obj-$(CONFIG_NET_SCH_SFB) += sch_sfb.o obj-$(CONFIG_NET_SCH_SFQ) += sch_sfq.o obj-$(CONFIG_NET_SCH_TBF) += sch_tbf.o obj-$(CONFIG_NET_SCH_TEQL) += sch_teql.o obj-$(CONFIG_NET_SCH_PRIO) += sch_prio.o obj-$(CONFIG_NET_SCH_MULTIQ) += sch_multiq.o -obj-$(CONFIG_NET_SCH_ATM) += sch_atm.o obj-$(CONFIG_NET_SCH_NETEM) += sch_netem.o obj-$(CONFIG_NET_SCH_DRR) += sch_drr.o obj-$(CONFIG_NET_SCH_PLUG) += sch_plug.o reverted: --- linux-5.4.0/net/sched/sch_atm.c +++ linux-5.4.0.orig/net/sched/sch_atm.c @@ -396,13 +396,10 @@ result = tcf_classify(skb, fl, &res, true); if (result < 0) continue; - if (result == TC_ACT_SHOT) - goto done; - flow = (struct atm_flow_data *)res.class; if (!flow) flow = lookup_flow(sch, res.classid); + goto done; - goto drop; } } flow = NULL; @@ -556,16 +553,16 @@ if (!p->link.q) p->link.q = &noop_qdisc; pr_debug("atm_tc_init: link (%p) qdisc %p\n", &p->link, p->link.q); - p->link.vcc = NULL; - p->link.sock = NULL; - p->link.common.classid = sch->handle; - p->link.ref = 1; err = tcf_block_get(&p->link.block, &p->link.filter_list, sch, extack); if (err) return err; + p->link.vcc = NULL; + p->link.sock = NULL; + p->link.common.classid = sch->handle; + p->link.ref = 1; tasklet_init(&p->task, sch_atm_dequeue, (unsigned long)sch); return 0; } reverted: --- linux-5.4.0/net/sched/sch_cbq.c +++ linux-5.4.0.orig/net/sched/sch_cbq.c @@ -231,8 +231,6 @@ result = tcf_classify(skb, fl, &res, true); if (!fl || result < 0) goto fallback; - if (result == TC_ACT_SHOT) - return NULL; cl = (void *)res.class; if (!cl) { @@ -253,7 +251,8 @@ case TC_ACT_TRAP: *qerr = NET_XMIT_SUCCESS | __NET_XMIT_STOLEN; /* fall through */ + case TC_ACT_SHOT: + return NULL; - fallthrough; case TC_ACT_RECLASSIFY: return cbq_reclassify(skb, cl); } @@ -361,7 +360,7 @@ struct sk_buff **to_free) { struct cbq_sched_data *q = qdisc_priv(sch); + int uninitialized_var(ret); - int ret; struct cbq_class *cl = cbq_classify(skb, sch, &ret); #ifdef CONFIG_NET_CLS_ACT @@ -1615,7 +1614,7 @@ err = tcf_block_get(&cl->block, &cl->filter_list, sch, extack); if (err) { kfree(cl); + return err; - goto failure; } if (tca[TCA_RATE]) { reverted: --- linux-5.4.0/net/sched/sch_dsmark.c +++ linux-5.4.0.orig/net/sched/sch_dsmark.c @@ -210,7 +210,7 @@ if (p->set_tc_index) { int wlen = skb_network_offset(skb); + switch (tc_skb_protocol(skb)) { - switch (skb_protocol(skb, true)) { case htons(ETH_P_IP): wlen += sizeof(struct iphdr); if (!pskb_may_pull(skb, wlen) || @@ -303,7 +303,7 @@ index = skb->tc_index & (p->indices - 1); pr_debug("index %d->%d\n", skb->tc_index, index); + switch (tc_skb_protocol(skb)) { - switch (skb_protocol(skb, true)) { case htons(ETH_P_IP): ipv4_change_dsfield(ip_hdr(skb), p->mv[index].mask, p->mv[index].value); @@ -320,7 +320,7 @@ */ if (p->mv[index].mask != 0xff || p->mv[index].value) pr_warn("%s: unsupported protocol %d\n", + __func__, ntohs(tc_skb_protocol(skb))); - __func__, ntohs(skb_protocol(skb, true))); break; } @@ -406,8 +406,7 @@ struct dsmark_qdisc_data *p = qdisc_priv(sch); pr_debug("%s(sch %p,[qdisc %p])\n", __func__, sch, p); + qdisc_reset(p->q); - if (p->q) - qdisc_reset(p->q); sch->qstats.backlog = 0; sch->q.qlen = 0; } diff -u linux-5.4.0/net/tls/tls_sw.c linux-5.4.0/net/tls/tls_sw.c --- linux-5.4.0/net/tls/tls_sw.c +++ linux-5.4.0/net/tls/tls_sw.c @@ -1748,6 +1748,7 @@ struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx); struct tls_prot_info *prot = &tls_ctx->prot_info; struct sk_psock *psock; + int num_async, pending; unsigned char control = 0; ssize_t decrypted = 0; struct strp_msg *rxm; @@ -1760,8 +1761,6 @@ bool is_kvec = iov_iter_is_kvec(&msg->msg_iter); bool is_peek = flags & MSG_PEEK; bool bpf_strp_enabled; - int num_async = 0; - int pending; flags |= nonblock; @@ -1778,17 +1777,18 @@ if (err < 0) { tls_err_abort(sk, err); goto end; - } else { - copied = err; } - if (len <= copied) - goto recv_end; + copied = err; + if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA)) + goto end; target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); len = len - copied; timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); + decrypted = 0; + num_async = 0; while (len && (decrypted + copied < target || ctx->recv_pkt)) { bool retain_skb = false; bool zc = false; diff -u linux-5.4.0/net/wireless/nl80211.c linux-5.4.0/net/wireless/nl80211.c --- linux-5.4.0/net/wireless/nl80211.c +++ linux-5.4.0/net/wireless/nl80211.c @@ -3350,6 +3350,7 @@ if_idx++; } + if_start = 0; wp_idx++; } out: @@ -3526,6 +3527,8 @@ if (ntype != NL80211_IFTYPE_MESH_POINT) return -EINVAL; + if (otype != NL80211_IFTYPE_MESH_POINT) + return -EINVAL; if (netif_running(dev)) return -EBUSY; diff -u linux-5.4.0/security/tomoyo/common.c linux-5.4.0/security/tomoyo/common.c --- linux-5.4.0/security/tomoyo/common.c +++ linux-5.4.0/security/tomoyo/common.c @@ -2657,7 +2657,7 @@ { int error = buffer_len; size_t avail_len = buffer_len; - char *cp0 = head->write_buf; + char *cp0; int idx; if (!head->write) @@ -2666,6 +2666,7 @@ return -EFAULT; if (mutex_lock_interruptible(&head->io_sem)) return -EINTR; + cp0 = head->write_buf; head->read_user_buf_avail = 0; idx = tomoyo_read_lock(); /* Read a line and dispatch it to the policy handler. */ diff -u linux-5.4.0/sound/core/Makefile linux-5.4.0/sound/core/Makefile --- linux-5.4.0/sound/core/Makefile +++ linux-5.4.0/sound/core/Makefile @@ -32,7 +32,6 @@ snd-rawmidi-objs := rawmidi.o snd-timer-objs := timer.o snd-hrtimer-objs := hrtimer.o -snd-rtctimer-objs := rtctimer.o snd-hwdep-objs := hwdep.o snd-seq-device-objs := seq_device.o diff -u linux-5.4.0/tools/testing/selftests/bpf/test_verifier.c linux-5.4.0/tools/testing/selftests/bpf/test_verifier.c --- linux-5.4.0/tools/testing/selftests/bpf/test_verifier.c +++ linux-5.4.0/tools/testing/selftests/bpf/test_verifier.c @@ -1091,6 +1091,19 @@ static bool test_as_unpriv(struct bpf_test *test) { +#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS + /* Some architectures have strict alignment requirements. In + * that case, the BPF verifier detects if a program has + * unaligned accesses and rejects them. A user can pass + * BPF_F_ANY_ALIGNMENT to a program to override this + * check. That, however, will only work when a privileged user + * loads a program. An unprivileged user loading a program + * with this flag will be rejected prior entering the + * verifier. + */ + if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS) + return false; +#endif return !test->prog_type || test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER || test->prog_type == BPF_PROG_TYPE_CGROUP_SKB; diff -u linux-5.4.0/virt/kvm/arm/vgic/vgic-its.c linux-5.4.0/virt/kvm/arm/vgic/vgic-its.c --- linux-5.4.0/virt/kvm/arm/vgic/vgic-its.c +++ linux-5.4.0/virt/kvm/arm/vgic/vgic-its.c @@ -459,6 +459,9 @@ } irq = vgic_get_irq(vcpu->kvm, NULL, intids[i]); + if (!irq) + continue; + raw_spin_lock_irqsave(&irq->irq_lock, flags); irq->pending_latch = pendmask & (1U << bit_nr); vgic_queue_irq_unlock(vcpu->kvm, irq, flags); @@ -1373,6 +1376,8 @@ for (i = 0; i < irq_count; i++) { irq = vgic_get_irq(kvm, NULL, intids[i]); + if (!irq) + continue; update_affinity(irq, vcpu2); only in patch2: unchanged: --- linux-5.4.0.orig/arch/arm/mach-ep93xx/core.c +++ linux-5.4.0/arch/arm/mach-ep93xx/core.c @@ -337,6 +337,7 @@ GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN), GPIO_LOOKUP_IDX("G", 0, NULL, 1, GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN), + { } }, }; only in patch2: unchanged: --- linux-5.4.0.orig/drivers/dma/sh/shdma.h +++ linux-5.4.0/drivers/dma/sh/shdma.h @@ -25,7 +25,7 @@ const struct sh_dmae_slave_config *config; /* Slave DMA configuration */ int xmit_shift; /* log_2(bytes_per_xfer) */ void __iomem *base; - char dev_id[16]; /* unique name per DMAC of channel */ + char dev_id[32]; /* unique name per DMAC of channel */ int pm_error; dma_addr_t slave_addr; }; only in patch2: unchanged: --- linux-5.4.0.orig/drivers/gpio/gpio-74x164.c +++ linux-5.4.0/drivers/gpio/gpio-74x164.c @@ -128,8 +128,6 @@ if (IS_ERR(chip->gpiod_oe)) return PTR_ERR(chip->gpiod_oe); - gpiod_set_value_cansleep(chip->gpiod_oe, 1); - spi_set_drvdata(spi, chip); chip->gpio_chip.label = spi->modalias; @@ -154,6 +152,8 @@ goto exit_destroy; } + gpiod_set_value_cansleep(chip->gpiod_oe, 1); + ret = gpiochip_add_data(&chip->gpio_chip, chip); if (!ret) return 0; only in patch2: unchanged: --- linux-5.4.0.orig/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h +++ linux-5.4.0/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h @@ -48,6 +48,8 @@ uint64_t data[AMDGPU_VF_ERROR_ENTRY_SIZE]; }; +enum idh_request; + /** * struct amdgpu_virt_ops - amdgpu device virt operations */ @@ -56,7 +58,8 @@ int (*rel_full_gpu)(struct amdgpu_device *adev, bool init); int (*reset_gpu)(struct amdgpu_device *adev); int (*wait_reset)(struct amdgpu_device *adev); - void (*trans_msg)(struct amdgpu_device *adev, u32 req, u32 data1, u32 data2, u32 data3); + void (*trans_msg)(struct amdgpu_device *adev, enum idh_request req, + u32 data1, u32 data2, u32 data3); int (*get_pp_clk)(struct amdgpu_device *adev, u32 type, char *buf); int (*force_dpm_level)(struct amdgpu_device *adev, u32 level); }; only in patch2: unchanged: --- linux-5.4.0.orig/drivers/gpu/drm/bridge/panel.c +++ linux-5.4.0/drivers/gpu/drm/bridge/panel.c @@ -87,8 +87,17 @@ static void panel_bridge_detach(struct drm_bridge *bridge) { struct panel_bridge *panel_bridge = drm_bridge_to_panel_bridge(bridge); + struct drm_connector *connector = &panel_bridge->connector; - drm_panel_detach(panel_bridge->panel); + /* + * Cleanup the connector if we know it was initialized. + * + * FIXME: This wouldn't be needed if the panel_bridge structure was + * allocated with drmm_kzalloc(). This might be tricky since the + * drm_device pointer can only be retrieved when the bridge is attached. + */ + if (connector->dev) + drm_connector_cleanup(connector); } static void panel_bridge_pre_enable(struct drm_bridge *bridge) only in patch2: unchanged: --- linux-5.4.0.orig/drivers/soc/renesas/r8a77980-sysc.c +++ linux-5.4.0/drivers/soc/renesas/r8a77980-sysc.c @@ -25,7 +25,8 @@ PD_CPU_NOCR }, { "ca53-cpu3", 0x200, 3, R8A77980_PD_CA53_CPU3, R8A77980_PD_CA53_SCU, PD_CPU_NOCR }, - { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON }, + { "cr7", 0x240, 0, R8A77980_PD_CR7, R8A77980_PD_ALWAYS_ON, + PD_CPU_NOCR }, { "a3ir", 0x180, 0, R8A77980_PD_A3IR, R8A77980_PD_ALWAYS_ON }, { "a2ir0", 0x400, 0, R8A77980_PD_A2IR0, R8A77980_PD_A3IR }, { "a2ir1", 0x400, 1, R8A77980_PD_A2IR1, R8A77980_PD_A3IR }, only in patch2: unchanged: --- linux-5.4.0.orig/drivers/video/fbdev/sis/sis_main.c +++ linux-5.4.0/drivers/video/fbdev/sis/sis_main.c @@ -1474,6 +1474,8 @@ vtotal = var->upper_margin + var->lower_margin + var->vsync_len; + if (!var->pixclock) + return -EINVAL; pixclock = var->pixclock; if((var->vmode & FB_VMODE_MASK) == FB_VMODE_NONINTERLACED) { only in patch2: unchanged: --- linux-5.4.0.orig/fs/cachefiles/bind.c +++ linux-5.4.0/fs/cachefiles/bind.c @@ -245,6 +245,8 @@ kmem_cache_free(cachefiles_object_jar, fsdef); error_root_object: cachefiles_end_secure(cache, saved_cred); + put_cred(cache->cache_cred); + cache->cache_cred = NULL; pr_err("Failed to register: %d\n", ret); return ret; } @@ -265,6 +267,7 @@ dput(cache->graveyard); mntput(cache->mnt); + put_cred(cache->cache_cred); kfree(cache->rootdirname); kfree(cache->secctx); only in patch2: unchanged: --- linux-5.4.0.orig/include/linux/stddef.h +++ linux-5.4.0/include/linux/stddef.h @@ -36,4 +36,17 @@ #define offsetofend(TYPE, MEMBER) \ (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER)) +/** + * DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union + * + * @TYPE: The type of each flexible array element + * @NAME: The name of the flexible array member + * + * In order to have a flexible array member in a union or alone in a + * struct, it needs to be wrapped in an anonymous struct with at least 1 + * named member, but that member can be empty. + */ +#define DECLARE_FLEX_ARRAY(TYPE, NAME) \ + __DECLARE_FLEX_ARRAY(TYPE, NAME) + #endif only in patch2: unchanged: --- linux-5.4.0.orig/include/uapi/linux/stddef.h +++ linux-5.4.0/include/uapi/linux/stddef.h @@ -4,3 +4,19 @@ #ifndef __always_inline #define __always_inline inline #endif + +/** + * __DECLARE_FLEX_ARRAY() - Declare a flexible array usable in a union + * + * @TYPE: The type of each flexible array element + * @NAME: The name of the flexible array member + * + * In order to have a flexible array member in a union or alone in a + * struct, it needs to be wrapped in an anonymous struct with at least 1 + * named member, but that member can be empty. + */ +#define __DECLARE_FLEX_ARRAY(TYPE, NAME) \ + struct { \ + struct { } __empty_ ## NAME; \ + TYPE NAME[]; \ + } only in patch2: unchanged: --- linux-5.4.0.orig/net/core/request_sock.c +++ linux-5.4.0/net/core/request_sock.c @@ -33,9 +33,6 @@ void reqsk_queue_alloc(struct request_sock_queue *queue) { - spin_lock_init(&queue->rskq_lock); - - spin_lock_init(&queue->fastopenq.lock); queue->fastopenq.rskq_rst_head = NULL; queue->fastopenq.rskq_rst_tail = NULL; queue->fastopenq.qlen = 0; only in patch2: unchanged: --- linux-5.4.0.orig/scripts/bpf_helpers_doc.py +++ linux-5.4.0/scripts/bpf_helpers_doc.py @@ -286,7 +286,7 @@ instructions to the kernel when the programs are loaded. The format for that string is identical to the one in use for kernel modules (Dual licenses, such as "Dual BSD/GPL", may be used). Some helper functions are only accessible to -programs that are compatible with the GNU Privacy License (GPL). +programs that are compatible with the GNU General Public License (GNU GPL). In order to use such helpers, the eBPF program must be loaded with the correct license string passed (via **attr**) to the **bpf**\ () system call, and this @@ -391,6 +391,154 @@ print('') +class PrinterHelpers(Printer): + """ + A printer for dumping collected information about helpers as C header to + be included from BPF program. + @helpers: array of Helper objects to print to standard output + """ + + type_fwds = [ + 'struct bpf_fib_lookup', + 'struct bpf_perf_event_data', + 'struct bpf_perf_event_value', + 'struct bpf_sock', + 'struct bpf_sock_addr', + 'struct bpf_sock_ops', + 'struct bpf_sock_tuple', + 'struct bpf_spin_lock', + 'struct bpf_sysctl', + 'struct bpf_tcp_sock', + 'struct bpf_tunnel_key', + 'struct bpf_xfrm_state', + 'struct pt_regs', + 'struct sk_reuseport_md', + 'struct sockaddr', + 'struct tcphdr', + + 'struct __sk_buff', + 'struct sk_msg_md', + 'struct xdp_md', + ] + known_types = { + '...', + 'void', + 'const void', + 'char', + 'const char', + 'int', + 'long', + 'unsigned long', + + '__be16', + '__be32', + '__wsum', + + 'struct bpf_fib_lookup', + 'struct bpf_perf_event_data', + 'struct bpf_perf_event_value', + 'struct bpf_sock', + 'struct bpf_sock_addr', + 'struct bpf_sock_ops', + 'struct bpf_sock_tuple', + 'struct bpf_spin_lock', + 'struct bpf_sysctl', + 'struct bpf_tcp_sock', + 'struct bpf_tunnel_key', + 'struct bpf_xfrm_state', + 'struct pt_regs', + 'struct sk_reuseport_md', + 'struct sockaddr', + 'struct tcphdr', + } + mapped_types = { + 'u8': '__u8', + 'u16': '__u16', + 'u32': '__u32', + 'u64': '__u64', + 's8': '__s8', + 's16': '__s16', + 's32': '__s32', + 's64': '__s64', + 'size_t': 'unsigned long', + 'struct bpf_map': 'void', + 'struct sk_buff': 'struct __sk_buff', + 'const struct sk_buff': 'const struct __sk_buff', + 'struct sk_msg_buff': 'struct sk_msg_md', + 'struct xdp_buff': 'struct xdp_md', + } + + def print_header(self): + header = '''\ +/* This is auto-generated file. See bpf_helpers_doc.py for details. */ + +/* Forward declarations of BPF structs */''' + + print(header) + for fwd in self.type_fwds: + print('%s;' % fwd) + print('') + + def print_footer(self): + footer = '' + print(footer) + + def map_type(self, t): + if t in self.known_types: + return t + if t in self.mapped_types: + return self.mapped_types[t] + print("") + print("Unrecognized type '%s', please add it to known types!" % t) + sys.exit(1) + + seen_helpers = set() + + def print_one(self, helper): + proto = helper.proto_break_down() + + if proto['name'] in self.seen_helpers: + return + self.seen_helpers.add(proto['name']) + + print('/*') + print(" * %s" % proto['name']) + print(" *") + if (helper.desc): + # Do not strip all newline characters: formatted code at the end of + # a section must be followed by a blank line. + for line in re.sub('\n$', '', helper.desc, count=1).split('\n'): + print(' *{}{}'.format(' \t' if line else '', line)) + + if (helper.ret): + print(' *') + print(' * Returns') + for line in helper.ret.rstrip().split('\n'): + print(' *{}{}'.format(' \t' if line else '', line)) + + print(' */') + print('static %s %s(*%s)(' % (self.map_type(proto['ret_type']), + proto['ret_star'], proto['name']), end='') + comma = '' + for i, a in enumerate(proto['args']): + t = a['type'] + n = a['name'] + if proto['name'] == 'bpf_get_socket_cookie' and i == 0: + t = 'void' + n = 'ctx' + one_arg = '{}{}'.format(comma, self.map_type(t)) + if n: + if a['star']: + one_arg += ' {}'.format(a['star']) + else: + one_arg += ' ' + one_arg += '{}'.format(n) + comma = ', ' + print(one_arg, end='') + + print(') = (void *) %d;' % len(self.seen_helpers)) + print('') + ############################################################################### # If script is launched from scripts/ from kernel tree and can access @@ -405,6 +553,8 @@ The RST-formatted output produced can be turned into a manual page with the rst2man utility. """) +argParser.add_argument('--header', action='store_true', + help='generate C header file') if (os.path.isfile(bpfh)): argParser.add_argument('--filename', help='path to include/uapi/linux/bpf.h', default=bpfh) @@ -417,5 +567,8 @@ headerParser.run() # Print formatted output to standard output. -printer = PrinterRST(headerParser.helpers) +if args.header: + printer = PrinterHelpers(headerParser.helpers) +else: + printer = PrinterRST(headerParser.helpers) printer.print_all() only in patch2: unchanged: --- linux-5.4.0.orig/scripts/kernel-doc +++ linux-5.4.0/scripts/kernel-doc @@ -1085,7 +1085,8 @@ $members =~ s/DECLARE_KFIFO\s*\(([^,)]+),\s*([^,)]+),\s*([^,)]+)\)/$2 \*$1/gos; # replace DECLARE_KFIFO_PTR $members =~ s/DECLARE_KFIFO_PTR\s*\(([^,)]+),\s*([^,)]+)\)/$2 \*$1/gos; - + # replace DECLARE_FLEX_ARRAY + $members =~ s/(?:__)?DECLARE_FLEX_ARRAY\s*\($args,\s*$args\)/$1 $2\[\]/gos; my $declaration = $members; # Split nested struct/union elements as newer ones only in patch2: unchanged: --- linux-5.4.0.orig/sound/soc/sunxi/sun4i-spdif.c +++ linux-5.4.0/sound/soc/sunxi/sun4i-spdif.c @@ -464,6 +464,11 @@ .compatible = "allwinner,sun50i-h6-spdif", .data = &sun50i_h6_spdif_quirks, }, + { + .compatible = "allwinner,sun50i-h616-spdif", + /* Essentially the same as the H6, but without RX */ + .data = &sun50i_h6_spdif_quirks, + }, { /* sentinel */ } }; MODULE_DEVICE_TABLE(of, sun4i_spdif_of_match);