[gentoo-commits] proj/linux-patches:4.9 commit in: /

Mike Pagano Wed, 16 May 2018 03:24:01 -0700

commit:     c6c35238786fa8f939676911cc68079a778322b3
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed May 16 10:23:28 2018 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed May 16 10:23:28 2018 +0000
URL:        https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=c6c35238


Linux patch 4.9.100

 0000_README              |    4 +
 1099_linux-4.9.100.patch | 1240 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 1244 insertions(+)

diff --git a/0000_README b/0000_README
index cdb49e4..3281660 100644
--- a/0000_README
+++ b/0000_README
@@ -439,6 +439,10 @@ Patch:  1098_linux-4.9.99.patch
 From:   http://www.kernel.org
 Desc:   Linux 4.9.99
 
+Patch:  1099_linux-4.9.100.patch
+From:   http://www.kernel.org
+Desc:   Linux 4.9.100
+
 Patch:  1500_XATTR_USER_PREFIX.patch
 From:   https://bugs.gentoo.org/show_bug.cgi?id=470644
 Desc:   Support for namespace user.pax.* on tmpfs.

diff --git a/1099_linux-4.9.100.patch b/1099_linux-4.9.100.patch
new file mode 100644
index 0000000..d7c24cf
--- /dev/null
+++ b/1099_linux-4.9.100.patch
@@ -0,0 +1,1240 @@
+diff --git a/Documentation/arm64/silicon-errata.txt 
b/Documentation/arm64/silicon-errata.txt
+index d11af52427b4..ac9489fad31b 100644
+--- a/Documentation/arm64/silicon-errata.txt
++++ b/Documentation/arm64/silicon-errata.txt
+@@ -54,6 +54,7 @@ stable kernels.
+ | ARM            | Cortex-A57      | #852523         | N/A                    
     |
+ | ARM            | Cortex-A57      | #834220         | ARM64_ERRATUM_834220   
     |
+ | ARM            | Cortex-A72      | #853709         | N/A                    
     |
++| ARM            | Cortex-A55      | #1024718        | ARM64_ERRATUM_1024718  
     |
+ | ARM            | MMU-500         | #841119,#826419 | N/A                    
     |
+ |                |                 |                 |                        
     |
+ | Cavium         | ThunderX ITS    | #22375, #24313  | CAVIUM_ERRATUM_22375   
     |
+diff --git a/Makefile b/Makefile
+index d51e99f4a987..52a41396680c 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 9
+-SUBLEVEL = 99
++SUBLEVEL = 100
+ EXTRAVERSION =
+ NAME = Roaring Lionus
+ 
+diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
+index 90e58bbbd858..d0df3611d1e2 100644
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -427,6 +427,20 @@ config ARM64_ERRATUM_843419
+ 
+         If unsure, say Y.
+ 
++config ARM64_ERRATUM_1024718
++      bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before 
make might result in incorrect update"
++      default y
++      help
++        This option adds work around for Arm Cortex-A55 Erratum 1024718.
++
++        Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect
++        update of the hardware dirty bit when the DBM/AP bits are updated
++        without a break-before-make. The work around is to disable the usage
++        of hardware DBM locally on the affected cores. CPUs not affected by
++        erratum will continue to use the feature.
++
++        If unsure, say Y.
++
+ config CAVIUM_ERRATUM_22375
+       bool "Cavium erratum 22375, 24313"
+       default y
+diff --git a/arch/arm64/include/asm/assembler.h 
b/arch/arm64/include/asm/assembler.h
+index e60375ce0dd2..bfcfec3590f6 100644
+--- a/arch/arm64/include/asm/assembler.h
++++ b/arch/arm64/include/asm/assembler.h
+@@ -25,6 +25,7 @@
+ 
+ #include <asm/asm-offsets.h>
+ #include <asm/cpufeature.h>
++#include <asm/cputype.h>
+ #include <asm/page.h>
+ #include <asm/pgtable-hwdef.h>
+ #include <asm/ptrace.h>
+@@ -435,4 +436,43 @@ alternative_endif
+       and     \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT)
+       .endm
+ 
++/*
++ * Check the MIDR_EL1 of the current CPU for a given model and a range of
++ * variant/revision. See asm/cputype.h for the macros used below.
++ *
++ *    model:          MIDR_CPU_MODEL of CPU
++ *    rv_min:         Minimum of MIDR_CPU_VAR_REV()
++ *    rv_max:         Maximum of MIDR_CPU_VAR_REV()
++ *    res:            Result register.
++ *    tmp1, tmp2, tmp3: Temporary registers
++ *
++ * Corrupts: res, tmp1, tmp2, tmp3
++ * Returns:  0, if the CPU id doesn't match. Non-zero otherwise
++ */
++      .macro  cpu_midr_match model, rv_min, rv_max, res, tmp1, tmp2, tmp3
++      mrs             \res, midr_el1
++      mov_q           \tmp1, (MIDR_REVISION_MASK | MIDR_VARIANT_MASK)
++      mov_q           \tmp2, MIDR_CPU_MODEL_MASK
++      and             \tmp3, \res, \tmp2      // Extract model
++      and             \tmp1, \res, \tmp1      // rev & variant
++      mov_q           \tmp2, \model
++      cmp             \tmp3, \tmp2
++      cset            \res, eq
++      cbz             \res, .Ldone\@          // Model matches ?
++
++      .if (\rv_min != 0)                      // Skip min check if rv_min == 0
++      mov_q           \tmp3, \rv_min
++      cmp             \tmp1, \tmp3
++      cset            \res, ge
++      .endif                                  // \rv_min != 0
++      /* Skip rv_max check if rv_min == rv_max && rv_min != 0 */
++      .if ((\rv_min != \rv_max) || \rv_min == 0)
++      mov_q           \tmp2, \rv_max
++      cmp             \tmp1, \tmp2
++      cset            \tmp2, le
++      and             \res, \res, \tmp2
++      .endif
++.Ldone\@:
++      .endm
++
+ #endif        /* __ASM_ASSEMBLER_H */
+diff --git a/arch/arm64/include/asm/cputype.h 
b/arch/arm64/include/asm/cputype.h
+index 9ee3038a6b98..39d1db68748d 100644
+--- a/arch/arm64/include/asm/cputype.h
++++ b/arch/arm64/include/asm/cputype.h
+@@ -56,6 +56,9 @@
+       (0xf                    << MIDR_ARCHITECTURE_SHIFT) | \
+       ((partnum)              << MIDR_PARTNUM_SHIFT))
+ 
++#define MIDR_CPU_VAR_REV(var, rev) \
++      (((var) << MIDR_VARIANT_SHIFT) | (rev))
++
+ #define MIDR_CPU_MODEL_MASK (MIDR_IMPLEMENTOR_MASK | MIDR_PARTNUM_MASK | \
+                            MIDR_ARCHITECTURE_MASK)
+ 
+@@ -74,6 +77,7 @@
+ 
+ #define ARM_CPU_PART_AEM_V8           0xD0F
+ #define ARM_CPU_PART_FOUNDATION               0xD00
++#define ARM_CPU_PART_CORTEX_A55               0xD05
+ #define ARM_CPU_PART_CORTEX_A57               0xD07
+ #define ARM_CPU_PART_CORTEX_A72               0xD08
+ #define ARM_CPU_PART_CORTEX_A53               0xD03
+@@ -89,6 +93,7 @@
+ #define BRCM_CPU_PART_VULCAN          0x516
+ 
+ #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, 
ARM_CPU_PART_CORTEX_A53)
++#define MIDR_CORTEX_A55 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, 
ARM_CPU_PART_CORTEX_A55)
+ #define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, 
ARM_CPU_PART_CORTEX_A57)
+ #define MIDR_CORTEX_A72 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, 
ARM_CPU_PART_CORTEX_A72)
+ #define MIDR_CORTEX_A73 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, 
ARM_CPU_PART_CORTEX_A73)
+diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
+index 619da1cbd32b..66cce2138f95 100644
+--- a/arch/arm64/mm/proc.S
++++ b/arch/arm64/mm/proc.S
+@@ -425,6 +425,11 @@ ENTRY(__cpu_setup)
+       cbz     x9, 2f
+       cmp     x9, #2
+       b.lt    1f
++#ifdef CONFIG_ARM64_ERRATUM_1024718
++      /* Disable hardware DBM on Cortex-A55 r0p0, r0p1 & r1p0 */
++      cpu_midr_match MIDR_CORTEX_A55, MIDR_CPU_VAR_REV(0, 0), 
MIDR_CPU_VAR_REV(1, 0), x1, x2, x3, x4
++      cbnz    x1, 1f
++#endif
+       orr     x10, x10, #TCR_HD               // hardware Dirty flag update
+ 1:    orr     x10, x10, #TCR_HA               // hardware Access flag update
+ 2:
+diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S 
b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+index 55fbc0c78721..79a180cf4c94 100644
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+@@ -299,7 +299,6 @@ kvm_novcpu_exit:
+       stw     r12, STACK_SLOT_TRAP(r1)
+       bl      kvmhv_commence_exit
+       nop
+-      lwz     r12, STACK_SLOT_TRAP(r1)
+       b       kvmhv_switch_to_host
+ 
+ /*
+@@ -1023,6 +1022,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
+ 
+ secondary_too_late:
+       li      r12, 0
++      stw     r12, STACK_SLOT_TRAP(r1)
+       cmpdi   r4, 0
+       beq     11f
+       stw     r12, VCPU_TRAP(r4)
+@@ -1266,12 +1266,12 @@ mc_cont:
+       bl      kvmhv_accumulate_time
+ #endif
+ 
++      stw     r12, STACK_SLOT_TRAP(r1)
+       mr      r3, r12
+       /* Increment exit count, poke other threads to exit */
+       bl      kvmhv_commence_exit
+       nop
+       ld      r9, HSTATE_KVM_VCPU(r13)
+-      lwz     r12, VCPU_TRAP(r9)
+ 
+       /* Stop others sending VCPU interrupts to this physical CPU */
+       li      r0, -1
+@@ -1549,6 +1549,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+        * POWER7/POWER8 guest -> host partition switch code.
+        * We don't have to lock against tlbies but we do
+        * have to coordinate the hardware threads.
++       * Here STACK_SLOT_TRAP(r1) contains the trap number.
+        */
+ kvmhv_switch_to_host:
+       /* Secondary threads wait for primary to do partition switch */
+@@ -1599,11 +1600,11 @@ BEGIN_FTR_SECTION
+ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+ 
+       /* If HMI, call kvmppc_realmode_hmi_handler() */
++      lwz     r12, STACK_SLOT_TRAP(r1)
+       cmpwi   r12, BOOK3S_INTERRUPT_HMI
+       bne     27f
+       bl      kvmppc_realmode_hmi_handler
+       nop
+-      li      r12, BOOK3S_INTERRUPT_HMI
+       /*
+        * At this point kvmppc_realmode_hmi_handler would have resync-ed
+        * the TB. Hence it is not required to subtract guest timebase
+@@ -1678,6 +1679,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+       li      r0, KVM_GUEST_MODE_NONE
+       stb     r0, HSTATE_IN_GUEST(r13)
+ 
++      lwz     r12, STACK_SLOT_TRAP(r1)        /* return trap # in r12 */
+       ld      r0, SFS+PPC_LR_STKOFF(r1)
+       addi    r1, r1, SFS
+       mtlr    r0
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
+index f73796db8758..02e547f9ca3f 100644
+--- a/arch/x86/events/core.c
++++ b/arch/x86/events/core.c
+@@ -26,6 +26,7 @@
+ #include <linux/cpu.h>
+ #include <linux/bitops.h>
+ #include <linux/device.h>
++#include <linux/nospec.h>
+ 
+ #include <asm/apic.h>
+ #include <asm/stacktrace.h>
+@@ -303,17 +304,20 @@ set_ext_hw_attr(struct hw_perf_event *hwc, struct 
perf_event *event)
+ 
+       config = attr->config;
+ 
+-      cache_type = (config >>  0) & 0xff;
++      cache_type = (config >> 0) & 0xff;
+       if (cache_type >= PERF_COUNT_HW_CACHE_MAX)
+               return -EINVAL;
++      cache_type = array_index_nospec(cache_type, PERF_COUNT_HW_CACHE_MAX);
+ 
+       cache_op = (config >>  8) & 0xff;
+       if (cache_op >= PERF_COUNT_HW_CACHE_OP_MAX)
+               return -EINVAL;
++      cache_op = array_index_nospec(cache_op, PERF_COUNT_HW_CACHE_OP_MAX);
+ 
+       cache_result = (config >> 16) & 0xff;
+       if (cache_result >= PERF_COUNT_HW_CACHE_RESULT_MAX)
+               return -EINVAL;
++      cache_result = array_index_nospec(cache_result, 
PERF_COUNT_HW_CACHE_RESULT_MAX);
+ 
+       val = hw_cache_event_ids[cache_type][cache_op][cache_result];
+ 
+@@ -420,6 +424,8 @@ int x86_setup_perfctr(struct perf_event *event)
+       if (attr->config >= x86_pmu.max_events)
+               return -EINVAL;
+ 
++      attr->config = array_index_nospec((unsigned long)attr->config, 
x86_pmu.max_events);
++
+       /*
+        * The generic map:
+        */
+diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c
+index 1076c9a77292..47d526c700a1 100644
+--- a/arch/x86/events/intel/cstate.c
++++ b/arch/x86/events/intel/cstate.c
+@@ -90,6 +90,7 @@
+ #include <linux/module.h>
+ #include <linux/slab.h>
+ #include <linux/perf_event.h>
++#include <linux/nospec.h>
+ #include <asm/cpu_device_id.h>
+ #include <asm/intel-family.h>
+ #include "../perf_event.h"
+@@ -300,6 +301,7 @@ static int cstate_pmu_event_init(struct perf_event *event)
+       } else if (event->pmu == &cstate_pkg_pmu) {
+               if (cfg >= PERF_CSTATE_PKG_EVENT_MAX)
+                       return -EINVAL;
++              cfg = array_index_nospec((unsigned long)cfg, 
PERF_CSTATE_PKG_EVENT_MAX);
+               if (!pkg_msr[cfg].attr)
+                       return -EINVAL;
+               event->hw.event_base = pkg_msr[cfg].msr;
+diff --git a/arch/x86/events/msr.c b/arch/x86/events/msr.c
+index 4bb3ec69e8ea..be0b1968d60a 100644
+--- a/arch/x86/events/msr.c
++++ b/arch/x86/events/msr.c
+@@ -1,4 +1,5 @@
+ #include <linux/perf_event.h>
++#include <linux/nospec.h>
+ #include <asm/intel-family.h>
+ 
+ enum perf_msr_id {
+@@ -136,9 +137,6 @@ static int msr_event_init(struct perf_event *event)
+       if (event->attr.type != event->pmu->type)
+               return -ENOENT;
+ 
+-      if (cfg >= PERF_MSR_EVENT_MAX)
+-              return -EINVAL;
+-
+       /* unsupported modes and filters */
+       if (event->attr.exclude_user   ||
+           event->attr.exclude_kernel ||
+@@ -149,6 +147,11 @@ static int msr_event_init(struct perf_event *event)
+           event->attr.sample_period) /* no sampling */
+               return -EINVAL;
+ 
++      if (cfg >= PERF_MSR_EVENT_MAX)
++              return -EINVAL;
++
++      cfg = array_index_nospec((unsigned long)cfg, PERF_MSR_EVENT_MAX);
++
+       if (!msr[cfg].attr)
+               return -EINVAL;
+ 
+diff --git a/crypto/af_alg.c b/crypto/af_alg.c
+index ca50eeb13097..b5953f1d1a18 100644
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -157,16 +157,16 @@ static int alg_bind(struct socket *sock, struct sockaddr 
*uaddr, int addr_len)
+       void *private;
+       int err;
+ 
+-      /* If caller uses non-allowed flag, return error. */
+-      if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed))
+-              return -EINVAL;
+-
+       if (sock->state == SS_CONNECTED)
+               return -EINVAL;
+ 
+       if (addr_len != sizeof(*sa))
+               return -EINVAL;
+ 
++      /* If caller uses non-allowed flag, return error. */
++      if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed))
++              return -EINVAL;
++
+       sa->salg_type[sizeof(sa->salg_type) - 1] = 0;
+       sa->salg_name[sizeof(sa->salg_name) - 1] = 0;
+ 
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
+index e08c09fa5da0..4fe3ec122bf0 100644
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4422,6 +4422,9 @@ static const struct ata_blacklist_entry 
ata_device_blacklist [] = {
+                                               ATA_HORKAGE_ZERO_AFTER_TRIM |
+                                               ATA_HORKAGE_NOLPM, },
+ 
++      /* Sandisk devices which are known to not handle LPM well */
++      { "SanDisk SD7UB3Q*G1001",      NULL,   ATA_HORKAGE_NOLPM, },
++
+       /* devices that don't properly handle queued TRIM commands */
+       { "Micron_M500_*",              NULL,   ATA_HORKAGE_NO_NCQ_TRIM |
+                                               ATA_HORKAGE_ZERO_AFTER_TRIM, },
+diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c
+index d3dc95484161..81bfeec67b77 100644
+--- a/drivers/atm/zatm.c
++++ b/drivers/atm/zatm.c
+@@ -23,6 +23,7 @@
+ #include <linux/bitops.h>
+ #include <linux/wait.h>
+ #include <linux/slab.h>
++#include <linux/nospec.h>
+ #include <asm/byteorder.h>
+ #include <asm/string.h>
+ #include <asm/io.h>
+@@ -1458,6 +1459,8 @@ static int zatm_ioctl(struct atm_dev *dev,unsigned int 
cmd,void __user *arg)
+                                       return -EFAULT;
+                               if (pool < 0 || pool > ZATM_LAST_POOL)
+                                       return -EINVAL;
++                              pool = array_index_nospec(pool,
++                                                        ZATM_LAST_POOL + 1);
+                               spin_lock_irqsave(&zatm_dev->lock, flags);
+                               info = zatm_dev->pool_info[pool];
+                               if (cmd == ZATM_GETPOOLZ) {
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
+index f8ba5c714df5..3257647d4f74 100644
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -217,6 +217,7 @@ static const struct usb_device_id blacklist_table[] = {
+       { USB_DEVICE(0x0930, 0x0227), .driver_info = BTUSB_ATH3012 },
+       { USB_DEVICE(0x0b05, 0x17d0), .driver_info = BTUSB_ATH3012 },
+       { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 },
++      { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 },
+       { USB_DEVICE(0x0cf3, 0x3008), .driver_info = BTUSB_ATH3012 },
+       { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 },
+       { USB_DEVICE(0x0cf3, 0x311e), .driver_info = BTUSB_ATH3012 },
+@@ -249,7 +250,6 @@ static const struct usb_device_id blacklist_table[] = {
+       { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 },
+ 
+       /* QCA ROME chipset */
+-      { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_QCA_ROME },
+       { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME },
+       { USB_DEVICE(0x0cf3, 0xe009), .driver_info = BTUSB_QCA_ROME },
+       { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME },
+diff --git a/drivers/gpio/gpio-aspeed.c b/drivers/gpio/gpio-aspeed.c
+index 03a5925a423c..a9daf7121e6e 100644
+--- a/drivers/gpio/gpio-aspeed.c
++++ b/drivers/gpio/gpio-aspeed.c
+@@ -256,7 +256,7 @@ static void aspeed_gpio_irq_set_mask(struct irq_data *d, 
bool set)
+       if (set)
+               reg |= bit;
+       else
+-              reg &= bit;
++              reg &= ~bit;
+       iowrite32(reg, addr);
+ 
+       spin_unlock_irqrestore(&gpio->lock, flags);
+diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
+index 4f54ff45e09e..56b24198741c 100644
+--- a/drivers/gpio/gpiolib.c
++++ b/drivers/gpio/gpiolib.c
+@@ -425,7 +425,7 @@ static int linehandle_create(struct gpio_device *gdev, 
void __user *ip)
+       struct gpiohandle_request handlereq;
+       struct linehandle_state *lh;
+       struct file *file;
+-      int fd, i, ret;
++      int fd, i, count = 0, ret;
+ 
+       if (copy_from_user(&handlereq, ip, sizeof(handlereq)))
+               return -EFAULT;
+@@ -471,6 +471,7 @@ static int linehandle_create(struct gpio_device *gdev, 
void __user *ip)
+               if (ret)
+                       goto out_free_descs;
+               lh->descs[i] = desc;
++              count = i;
+ 
+               if (lflags & GPIOHANDLE_REQUEST_ACTIVE_LOW)
+                       set_bit(FLAG_ACTIVE_LOW, &desc->flags);
+@@ -537,7 +538,7 @@ static int linehandle_create(struct gpio_device *gdev, 
void __user *ip)
+ out_put_unused_fd:
+       put_unused_fd(fd);
+ out_free_descs:
+-      for (; i >= 0; i--)
++      for (i = 0; i < count; i++)
+               gpiod_free(lh->descs[i]);
+       kfree(lh->label);
+ out_free_lh:
+@@ -794,7 +795,7 @@ static int lineevent_create(struct gpio_device *gdev, void 
__user *ip)
+       desc = &gdev->descs[offset];
+       ret = gpiod_request(desc, le->label);
+       if (ret)
+-              goto out_free_desc;
++              goto out_free_label;
+       le->desc = desc;
+       le->eflags = eflags;
+ 
+diff --git a/drivers/gpu/drm/i915/intel_lvds.c 
b/drivers/gpu/drm/i915/intel_lvds.c
+index e1d47d51ea47..3517c0ed984a 100644
+--- a/drivers/gpu/drm/i915/intel_lvds.c
++++ b/drivers/gpu/drm/i915/intel_lvds.c
+@@ -321,7 +321,8 @@ static void intel_enable_lvds(struct intel_encoder 
*encoder,
+ 
+       I915_WRITE(PP_CONTROL(0), I915_READ(PP_CONTROL(0)) | PANEL_POWER_ON);
+       POSTING_READ(lvds_encoder->reg);
+-      if (intel_wait_for_register(dev_priv, PP_STATUS(0), PP_ON, PP_ON, 1000))
++
++      if (intel_wait_for_register(dev_priv, PP_STATUS(0), PP_ON, PP_ON, 5000))
+               DRM_ERROR("timed out waiting for panel to power on\n");
+ 
+       intel_panel_enable_backlight(intel_connector);
+diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
+index 881bf489478b..75056553b06c 100644
+--- a/drivers/gpu/drm/vc4/vc4_plane.c
++++ b/drivers/gpu/drm/vc4/vc4_plane.c
+@@ -533,7 +533,7 @@ static int vc4_plane_mode_set(struct drm_plane *plane,
+        * the scl fields here.
+        */
+       if (num_planes == 1) {
+-              scl0 = vc4_get_scl_field(state, 1);
++              scl0 = vc4_get_scl_field(state, 0);
+               scl1 = scl0;
+       } else {
+               scl0 = vc4_get_scl_field(state, 1);
+diff --git a/drivers/infiniband/core/device.c 
b/drivers/infiniband/core/device.c
+index 760ef603a468..15f4bdf89fe1 100644
+--- a/drivers/infiniband/core/device.c
++++ b/drivers/infiniband/core/device.c
+@@ -999,8 +999,7 @@ static int __init ib_core_init(void)
+               return -ENOMEM;
+ 
+       ib_comp_wq = alloc_workqueue("ib-comp-wq",
+-                      WQ_UNBOUND | WQ_HIGHPRI | WQ_MEM_RECLAIM,
+-                      WQ_UNBOUND_MAX_ACTIVE);
++                      WQ_HIGHPRI | WQ_MEM_RECLAIM | WQ_SYSFS, 0);
+       if (!ib_comp_wq) {
+               ret = -ENOMEM;
+               goto err;
+diff --git a/drivers/net/can/usb/kvaser_usb.c 
b/drivers/net/can/usb/kvaser_usb.c
+index c9d61a6dfb7a..3a75352f632b 100644
+--- a/drivers/net/can/usb/kvaser_usb.c
++++ b/drivers/net/can/usb/kvaser_usb.c
+@@ -1179,7 +1179,7 @@ static void kvaser_usb_rx_can_msg(const struct 
kvaser_usb *dev,
+ 
+       skb = alloc_can_skb(priv->netdev, &cf);
+       if (!skb) {
+-              stats->tx_dropped++;
++              stats->rx_dropped++;
+               return;
+       }
+ 
+diff --git a/drivers/thermal/samsung/exynos_tmu.c 
b/drivers/thermal/samsung/exynos_tmu.c
+index ad1186dd6132..a45810b43f70 100644
+--- a/drivers/thermal/samsung/exynos_tmu.c
++++ b/drivers/thermal/samsung/exynos_tmu.c
+@@ -185,6 +185,7 @@
+  * @regulator: pointer to the TMU regulator structure.
+  * @reg_conf: pointer to structure to register with core thermal.
+  * @ntrip: number of supported trip points.
++ * @enabled: current status of TMU device
+  * @tmu_initialize: SoC specific TMU initialization method
+  * @tmu_control: SoC specific TMU control method
+  * @tmu_read: SoC specific TMU temperature read method
+@@ -205,6 +206,7 @@ struct exynos_tmu_data {
+       struct regulator *regulator;
+       struct thermal_zone_device *tzd;
+       unsigned int ntrip;
++      bool enabled;
+ 
+       int (*tmu_initialize)(struct platform_device *pdev);
+       void (*tmu_control)(struct platform_device *pdev, bool on);
+@@ -398,6 +400,7 @@ static void exynos_tmu_control(struct platform_device 
*pdev, bool on)
+       mutex_lock(&data->lock);
+       clk_enable(data->clk);
+       data->tmu_control(pdev, on);
++      data->enabled = on;
+       clk_disable(data->clk);
+       mutex_unlock(&data->lock);
+ }
+@@ -889,19 +892,24 @@ static void exynos7_tmu_control(struct platform_device 
*pdev, bool on)
+ static int exynos_get_temp(void *p, int *temp)
+ {
+       struct exynos_tmu_data *data = p;
++      int value, ret = 0;
+ 
+-      if (!data || !data->tmu_read)
++      if (!data || !data->tmu_read || !data->enabled)
+               return -EINVAL;
+ 
+       mutex_lock(&data->lock);
+       clk_enable(data->clk);
+ 
+-      *temp = code_to_temp(data, data->tmu_read(data)) * MCELSIUS;
++      value = data->tmu_read(data);
++      if (value < 0)
++              ret = value;
++      else
++              *temp = code_to_temp(data, value) * MCELSIUS;
+ 
+       clk_disable(data->clk);
+       mutex_unlock(&data->lock);
+ 
+-      return 0;
++      return ret;
+ }
+ 
+ #ifdef CONFIG_THERMAL_EMULATION
+diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
+index 99432b59c5cb..ae354ac67da1 100644
+--- a/fs/f2fs/data.c
++++ b/fs/f2fs/data.c
+@@ -844,7 +844,7 @@ static int __get_data_block(struct inode *inode, sector_t 
iblock,
+       if (!ret) {
+               map_bh(bh, inode->i_sb, map.m_pblk);
+               bh->b_state = (bh->b_state & ~F2FS_MAP_FLAGS) | map.m_flags;
+-              bh->b_size = map.m_len << inode->i_blkbits;
++              bh->b_size = (u64)map.m_len << inode->i_blkbits;
+       }
+       return ret;
+ }
+diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
+index 3d8b35f28a9b..f3aea1b8702c 100644
+--- a/fs/fs-writeback.c
++++ b/fs/fs-writeback.c
+@@ -1942,7 +1942,7 @@ void wb_workfn(struct work_struct *work)
+       }
+ 
+       if (!list_empty(&wb->work_list))
+-              mod_delayed_work(bdi_wq, &wb->dwork, 0);
++              wb_wakeup(wb);
+       else if (wb_has_dirty_io(wb) && dirty_writeback_interval)
+               wb_wakeup_delayed(wb);
+ 
+diff --git a/include/net/inet_timewait_sock.h 
b/include/net/inet_timewait_sock.h
+index c9b3eb70f340..567017b5fc9e 100644
+--- a/include/net/inet_timewait_sock.h
++++ b/include/net/inet_timewait_sock.h
+@@ -55,6 +55,7 @@ struct inet_timewait_sock {
+ #define tw_family             __tw_common.skc_family
+ #define tw_state              __tw_common.skc_state
+ #define tw_reuse              __tw_common.skc_reuse
++#define tw_reuseport          __tw_common.skc_reuseport
+ #define tw_ipv6only           __tw_common.skc_ipv6only
+ #define tw_bound_dev_if               __tw_common.skc_bound_dev_if
+ #define tw_node                       __tw_common.skc_nulls_node
+diff --git a/include/net/nexthop.h b/include/net/nexthop.h
+index 3334dbfa5aa4..7fc78663ec9d 100644
+--- a/include/net/nexthop.h
++++ b/include/net/nexthop.h
+@@ -6,7 +6,7 @@
+ 
+ static inline int rtnh_ok(const struct rtnexthop *rtnh, int remaining)
+ {
+-      return remaining >= sizeof(*rtnh) &&
++      return remaining >= (int)sizeof(*rtnh) &&
+              rtnh->rtnh_len >= sizeof(*rtnh) &&
+              rtnh->rtnh_len <= remaining;
+ }
+diff --git a/kernel/events/callchain.c b/kernel/events/callchain.c
+index 04988d6466bf..c265f1c3ae50 100644
+--- a/kernel/events/callchain.c
++++ b/kernel/events/callchain.c
+@@ -129,14 +129,8 @@ int get_callchain_buffers(int event_max_stack)
+               goto exit;
+       }
+ 
+-      if (count > 1) {
+-              /* If the allocation failed, give up */
+-              if (!callchain_cpus_entries)
+-                      err = -ENOMEM;
+-              goto exit;
+-      }
+-
+-      err = alloc_callchain_buffers();
++      if (count == 1)
++              err = alloc_callchain_buffers();
+ exit:
+       if (err)
+               atomic_dec(&nr_callchain_events);
+diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
+index 257fa460b846..017f7933a37d 100644
+--- a/kernel/events/ring_buffer.c
++++ b/kernel/events/ring_buffer.c
+@@ -14,6 +14,7 @@
+ #include <linux/slab.h>
+ #include <linux/circ_buf.h>
+ #include <linux/poll.h>
++#include <linux/nospec.h>
+ 
+ #include "internal.h"
+ 
+@@ -844,8 +845,10 @@ perf_mmap_to_page(struct ring_buffer *rb, unsigned long 
pgoff)
+                       return NULL;
+ 
+               /* AUX space */
+-              if (pgoff >= rb->aux_pgoff)
+-                      return virt_to_page(rb->aux_pages[pgoff - 
rb->aux_pgoff]);
++              if (pgoff >= rb->aux_pgoff) {
++                      int aux_pgoff = array_index_nospec(pgoff - 
rb->aux_pgoff, rb->aux_nr_pages);
++                      return virt_to_page(rb->aux_pages[aux_pgoff]);
++              }
+       }
+ 
+       return __perf_mmap_to_page(rb, pgoff);
+diff --git a/kernel/trace/trace_events_filter.c 
b/kernel/trace/trace_events_filter.c
+index 0193f58c45f0..e35a411bea4b 100644
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -322,6 +322,9 @@ static int regex_match_full(char *str, struct regex *r, 
int len)
+ 
+ static int regex_match_front(char *str, struct regex *r, int len)
+ {
++      if (len < r->len)
++              return 0;
++
+       if (strncmp(str, r->pattern, r->len) == 0)
+               return 1;
+       return 0;
+diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
+index 0913693caf6e..788262984818 100644
+--- a/kernel/trace/trace_uprobe.c
++++ b/kernel/trace/trace_uprobe.c
+@@ -149,6 +149,8 @@ static void FETCH_FUNC_NAME(memory, string)(struct pt_regs 
*regs,
+               return;
+ 
+       ret = strncpy_from_user(dst, src, maxlen);
++      if (ret == maxlen)
++              dst[--ret] = '\0';
+ 
+       if (ret < 0) {  /* Failed to fetch string */
+               ((u8 *)get_rloc_data(dest))[0] = '\0';
+diff --git a/net/atm/lec.c b/net/atm/lec.c
+index 5d2693826afb..1e84c5226c84 100644
+--- a/net/atm/lec.c
++++ b/net/atm/lec.c
+@@ -41,6 +41,9 @@ static unsigned char bridge_ula_lec[] = { 0x01, 0x80, 0xc2, 
0x00, 0x00 };
+ #include <linux/module.h>
+ #include <linux/init.h>
+ 
++/* Hardening for Spectre-v1 */
++#include <linux/nospec.h>
++
+ #include "lec.h"
+ #include "lec_arpc.h"
+ #include "resources.h"
+@@ -697,8 +700,10 @@ static int lec_vcc_attach(struct atm_vcc *vcc, void 
__user *arg)
+       bytes_left = copy_from_user(&ioc_data, arg, sizeof(struct atmlec_ioc));
+       if (bytes_left != 0)
+               pr_info("copy from user failed for %d bytes\n", bytes_left);
+-      if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF ||
+-          !dev_lec[ioc_data.dev_num])
++      if (ioc_data.dev_num < 0 || ioc_data.dev_num >= MAX_LEC_ITF)
++              return -EINVAL;
++      ioc_data.dev_num = array_index_nospec(ioc_data.dev_num, MAX_LEC_ITF);
++      if (!dev_lec[ioc_data.dev_num])
+               return -EINVAL;
+       vpriv = kmalloc(sizeof(struct lec_vcc_priv), GFP_KERNEL);
+       if (!vpriv)
+diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
+index c0548d268e1a..e3e6a3e2ca22 100644
+--- a/net/core/dev_addr_lists.c
++++ b/net/core/dev_addr_lists.c
+@@ -57,8 +57,8 @@ static int __hw_addr_add_ex(struct netdev_hw_addr_list *list,
+               return -EINVAL;
+ 
+       list_for_each_entry(ha, &list->list, list) {
+-              if (!memcmp(ha->addr, addr, addr_len) &&
+-                  ha->type == addr_type) {
++              if (ha->type == addr_type &&
++                  !memcmp(ha->addr, addr, addr_len)) {
+                       if (global) {
+                               /* check if addr is already used as global */
+                               if (ha->global_use)
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c
+index fb422dfec848..a40ccc184b83 100644
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -903,6 +903,7 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, 
struct sk_buff *skb)
+       n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
+       n->cloned = 1;
+       n->nohdr = 0;
++      n->peeked = 0;
+       n->destructor = NULL;
+       C(tail);
+       C(end);
+diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
+index 8c7799cdd3cf..6697b180e122 100644
+--- a/net/dccp/ipv4.c
++++ b/net/dccp/ipv4.c
+@@ -620,6 +620,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff 
*skb)
+       ireq = inet_rsk(req);
+       sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr);
+       sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr);
++      ireq->ir_mark = inet_request_mark(sk, skb);
+       ireq->ireq_family = AF_INET;
+       ireq->ir_iif = sk->sk_bound_dev_if;
+ 
+diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
+index 28e8252cc5ea..6cbcf399d22b 100644
+--- a/net/dccp/ipv6.c
++++ b/net/dccp/ipv6.c
+@@ -349,6 +349,7 @@ static int dccp_v6_conn_request(struct sock *sk, struct 
sk_buff *skb)
+       ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
+       ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
+       ireq->ireq_family = AF_INET6;
++      ireq->ir_mark = inet_request_mark(sk, skb);
+ 
+       if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
+           np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
+diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
+index ddcd56c08d14..a6b34ac3139e 100644
+--- a/net/ipv4/inet_timewait_sock.c
++++ b/net/ipv4/inet_timewait_sock.c
+@@ -182,6 +182,7 @@ struct inet_timewait_sock *inet_twsk_alloc(const struct 
sock *sk,
+               tw->tw_dport        = inet->inet_dport;
+               tw->tw_family       = sk->sk_family;
+               tw->tw_reuse        = sk->sk_reuse;
++              tw->tw_reuseport    = sk->sk_reuseport;
+               tw->tw_hash         = sk->sk_hash;
+               tw->tw_ipv6only     = 0;
+               tw->tw_transparent  = inet->transparent;
+diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
+index 0fc5dad02fe8..6f501c9deaae 100644
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -2523,7 +2523,7 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
+       case TCP_REPAIR_QUEUE:
+               if (!tp->repair)
+                       err = -EPERM;
+-              else if (val < TCP_QUEUES_NR)
++              else if ((unsigned int)val < TCP_QUEUES_NR)
+                       tp->repair_queue = val;
+               else
+                       err = -EINVAL;
+diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
+index 63e6d08388ab..cc306defcc19 100644
+--- a/net/kcm/kcmsock.c
++++ b/net/kcm/kcmsock.c
+@@ -1424,6 +1424,7 @@ static int kcm_attach(struct socket *sock, struct socket 
*csock,
+        */
+       if (csk->sk_user_data) {
+               write_unlock_bh(&csk->sk_callback_lock);
++              strp_stop(&psock->strp);
+               strp_done(&psock->strp);
+               kmem_cache_free(kcm_psockp, psock);
+               err = -EALREADY;
+diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
+index 74d119512d96..c5f2350a2b50 100644
+--- a/net/netfilter/ipvs/ip_vs_ctl.c
++++ b/net/netfilter/ipvs/ip_vs_ctl.c
+@@ -2393,11 +2393,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
+                       strlcpy(cfg.mcast_ifn, dm->mcast_ifn,
+                               sizeof(cfg.mcast_ifn));
+                       cfg.syncid = dm->syncid;
+-                      rtnl_lock();
+-                      mutex_lock(&ipvs->sync_mutex);
+                       ret = start_sync_thread(ipvs, &cfg, dm->state);
+-                      mutex_unlock(&ipvs->sync_mutex);
+-                      rtnl_unlock();
+               } else {
+                       mutex_lock(&ipvs->sync_mutex);
+                       ret = stop_sync_thread(ipvs, dm->state);
+@@ -3495,12 +3491,8 @@ static int ip_vs_genl_new_daemon(struct netns_ipvs 
*ipvs, struct nlattr **attrs)
+       if (ipvs->mixed_address_family_dests > 0)
+               return -EINVAL;
+ 
+-      rtnl_lock();
+-      mutex_lock(&ipvs->sync_mutex);
+       ret = start_sync_thread(ipvs, &c,
+                               nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
+-      mutex_unlock(&ipvs->sync_mutex);
+-      rtnl_unlock();
+       return ret;
+ }
+ 
+diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
+index 9350530c16c1..5fbf4b232592 100644
+--- a/net/netfilter/ipvs/ip_vs_sync.c
++++ b/net/netfilter/ipvs/ip_vs_sync.c
+@@ -48,6 +48,7 @@
+ #include <linux/kthread.h>
+ #include <linux/wait.h>
+ #include <linux/kernel.h>
++#include <linux/sched.h>
+ 
+ #include <asm/unaligned.h>            /* Used for ntoh_seq and hton_seq */
+ 
+@@ -1359,15 +1360,9 @@ static void set_mcast_pmtudisc(struct sock *sk, int val)
+ /*
+  *      Specifiy default interface for outgoing multicasts
+  */
+-static int set_mcast_if(struct sock *sk, char *ifname)
++static int set_mcast_if(struct sock *sk, struct net_device *dev)
+ {
+-      struct net_device *dev;
+       struct inet_sock *inet = inet_sk(sk);
+-      struct net *net = sock_net(sk);
+-
+-      dev = __dev_get_by_name(net, ifname);
+-      if (!dev)
+-              return -ENODEV;
+ 
+       if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if)
+               return -EINVAL;
+@@ -1395,19 +1390,14 @@ static int set_mcast_if(struct sock *sk, char *ifname)
+  *      in the in_addr structure passed in as a parameter.
+  */
+ static int
+-join_mcast_group(struct sock *sk, struct in_addr *addr, char *ifname)
++join_mcast_group(struct sock *sk, struct in_addr *addr, struct net_device 
*dev)
+ {
+-      struct net *net = sock_net(sk);
+       struct ip_mreqn mreq;
+-      struct net_device *dev;
+       int ret;
+ 
+       memset(&mreq, 0, sizeof(mreq));
+       memcpy(&mreq.imr_multiaddr, addr, sizeof(struct in_addr));
+ 
+-      dev = __dev_get_by_name(net, ifname);
+-      if (!dev)
+-              return -ENODEV;
+       if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if)
+               return -EINVAL;
+ 
+@@ -1422,15 +1412,10 @@ join_mcast_group(struct sock *sk, struct in_addr 
*addr, char *ifname)
+ 
+ #ifdef CONFIG_IP_VS_IPV6
+ static int join_mcast_group6(struct sock *sk, struct in6_addr *addr,
+-                           char *ifname)
++                           struct net_device *dev)
+ {
+-      struct net *net = sock_net(sk);
+-      struct net_device *dev;
+       int ret;
+ 
+-      dev = __dev_get_by_name(net, ifname);
+-      if (!dev)
+-              return -ENODEV;
+       if (sk->sk_bound_dev_if && dev->ifindex != sk->sk_bound_dev_if)
+               return -EINVAL;
+ 
+@@ -1442,24 +1427,18 @@ static int join_mcast_group6(struct sock *sk, struct 
in6_addr *addr,
+ }
+ #endif
+ 
+-static int bind_mcastif_addr(struct socket *sock, char *ifname)
++static int bind_mcastif_addr(struct socket *sock, struct net_device *dev)
+ {
+-      struct net *net = sock_net(sock->sk);
+-      struct net_device *dev;
+       __be32 addr;
+       struct sockaddr_in sin;
+ 
+-      dev = __dev_get_by_name(net, ifname);
+-      if (!dev)
+-              return -ENODEV;
+-
+       addr = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE);
+       if (!addr)
+               pr_err("You probably need to specify IP address on "
+                      "multicast interface.\n");
+ 
+       IP_VS_DBG(7, "binding socket with (%s) %pI4\n",
+-                ifname, &addr);
++                dev->name, &addr);
+ 
+       /* Now bind the socket with the address of multicast interface */
+       sin.sin_family       = AF_INET;
+@@ -1492,7 +1471,8 @@ static void get_mcast_sockaddr(union ipvs_sockaddr *sa, 
int *salen,
+ /*
+  *      Set up sending multicast socket over UDP
+  */
+-static struct socket *make_send_sock(struct netns_ipvs *ipvs, int id)
++static int make_send_sock(struct netns_ipvs *ipvs, int id,
++                        struct net_device *dev, struct socket **sock_ret)
+ {
+       /* multicast addr */
+       union ipvs_sockaddr mcast_addr;
+@@ -1504,9 +1484,10 @@ static struct socket *make_send_sock(struct netns_ipvs 
*ipvs, int id)
+                                 IPPROTO_UDP, &sock);
+       if (result < 0) {
+               pr_err("Error during creation of socket; terminating\n");
+-              return ERR_PTR(result);
++              goto error;
+       }
+-      result = set_mcast_if(sock->sk, ipvs->mcfg.mcast_ifn);
++      *sock_ret = sock;
++      result = set_mcast_if(sock->sk, dev);
+       if (result < 0) {
+               pr_err("Error setting outbound mcast interface\n");
+               goto error;
+@@ -1521,7 +1502,7 @@ static struct socket *make_send_sock(struct netns_ipvs 
*ipvs, int id)
+               set_sock_size(sock->sk, 1, result);
+ 
+       if (AF_INET == ipvs->mcfg.mcast_af)
+-              result = bind_mcastif_addr(sock, ipvs->mcfg.mcast_ifn);
++              result = bind_mcastif_addr(sock, dev);
+       else
+               result = 0;
+       if (result < 0) {
+@@ -1537,19 +1518,18 @@ static struct socket *make_send_sock(struct netns_ipvs 
*ipvs, int id)
+               goto error;
+       }
+ 
+-      return sock;
++      return 0;
+ 
+ error:
+-      sock_release(sock);
+-      return ERR_PTR(result);
++      return result;
+ }
+ 
+ 
+ /*
+  *      Set up receiving multicast socket over UDP
+  */
+-static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id,
+-                                      int ifindex)
++static int make_receive_sock(struct netns_ipvs *ipvs, int id,
++                           struct net_device *dev, struct socket **sock_ret)
+ {
+       /* multicast addr */
+       union ipvs_sockaddr mcast_addr;
+@@ -1561,8 +1541,9 @@ static struct socket *make_receive_sock(struct 
netns_ipvs *ipvs, int id,
+                                 IPPROTO_UDP, &sock);
+       if (result < 0) {
+               pr_err("Error during creation of socket; terminating\n");
+-              return ERR_PTR(result);
++              goto error;
+       }
++      *sock_ret = sock;
+       /* it is equivalent to the REUSEADDR option in user-space */
+       sock->sk->sk_reuse = SK_CAN_REUSE;
+       result = sysctl_sync_sock_size(ipvs);
+@@ -1570,7 +1551,7 @@ static struct socket *make_receive_sock(struct 
netns_ipvs *ipvs, int id,
+               set_sock_size(sock->sk, 0, result);
+ 
+       get_mcast_sockaddr(&mcast_addr, &salen, &ipvs->bcfg, id);
+-      sock->sk->sk_bound_dev_if = ifindex;
++      sock->sk->sk_bound_dev_if = dev->ifindex;
+       result = sock->ops->bind(sock, (struct sockaddr *)&mcast_addr, salen);
+       if (result < 0) {
+               pr_err("Error binding to the multicast addr\n");
+@@ -1581,21 +1562,20 @@ static struct socket *make_receive_sock(struct 
netns_ipvs *ipvs, int id,
+ #ifdef CONFIG_IP_VS_IPV6
+       if (ipvs->bcfg.mcast_af == AF_INET6)
+               result = join_mcast_group6(sock->sk, &mcast_addr.in6.sin6_addr,
+-                                         ipvs->bcfg.mcast_ifn);
++                                         dev);
+       else
+ #endif
+               result = join_mcast_group(sock->sk, &mcast_addr.in.sin_addr,
+-                                        ipvs->bcfg.mcast_ifn);
++                                        dev);
+       if (result < 0) {
+               pr_err("Error joining to the multicast group\n");
+               goto error;
+       }
+ 
+-      return sock;
++      return 0;
+ 
+ error:
+-      sock_release(sock);
+-      return ERR_PTR(result);
++      return result;
+ }
+ 
+ 
+@@ -1780,13 +1760,12 @@ static int sync_thread_backup(void *data)
+ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c,
+                     int state)
+ {
+-      struct ip_vs_sync_thread_data *tinfo;
++      struct ip_vs_sync_thread_data *tinfo = NULL;
+       struct task_struct **array = NULL, *task;
+-      struct socket *sock;
+       struct net_device *dev;
+       char *name;
+       int (*threadfn)(void *data);
+-      int id, count, hlen;
++      int id = 0, count, hlen;
+       int result = -ENOMEM;
+       u16 mtu, min_mtu;
+ 
+@@ -1794,6 +1773,18 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
+       IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
+                 sizeof(struct ip_vs_sync_conn_v0));
+ 
++      /* Do not hold one mutex and then to block on another */
++      for (;;) {
++              rtnl_lock();
++              if (mutex_trylock(&ipvs->sync_mutex))
++                      break;
++              rtnl_unlock();
++              mutex_lock(&ipvs->sync_mutex);
++              if (rtnl_trylock())
++                      break;
++              mutex_unlock(&ipvs->sync_mutex);
++      }
++
+       if (!ipvs->sync_state) {
+               count = clamp(sysctl_sync_ports(ipvs), 1, IPVS_SYNC_PORTS_MAX);
+               ipvs->threads_mask = count - 1;
+@@ -1812,7 +1803,8 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
+       dev = __dev_get_by_name(ipvs->net, c->mcast_ifn);
+       if (!dev) {
+               pr_err("Unknown mcast interface: %s\n", c->mcast_ifn);
+-              return -ENODEV;
++              result = -ENODEV;
++              goto out_early;
+       }
+       hlen = (AF_INET6 == c->mcast_af) ?
+              sizeof(struct ipv6hdr) + sizeof(struct udphdr) :
+@@ -1829,26 +1821,30 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
+               c->sync_maxlen = mtu - hlen;
+ 
+       if (state == IP_VS_STATE_MASTER) {
++              result = -EEXIST;
+               if (ipvs->ms)
+-                      return -EEXIST;
++                      goto out_early;
+ 
+               ipvs->mcfg = *c;
+               name = "ipvs-m:%d:%d";
+               threadfn = sync_thread_master;
+       } else if (state == IP_VS_STATE_BACKUP) {
++              result = -EEXIST;
+               if (ipvs->backup_threads)
+-                      return -EEXIST;
++                      goto out_early;
+ 
+               ipvs->bcfg = *c;
+               name = "ipvs-b:%d:%d";
+               threadfn = sync_thread_backup;
+       } else {
+-              return -EINVAL;
++              result = -EINVAL;
++              goto out_early;
+       }
+ 
+       if (state == IP_VS_STATE_MASTER) {
+               struct ipvs_master_sync_state *ms;
+ 
++              result = -ENOMEM;
+               ipvs->ms = kzalloc(count * sizeof(ipvs->ms[0]), GFP_KERNEL);
+               if (!ipvs->ms)
+                       goto out;
+@@ -1864,39 +1860,38 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
+       } else {
+               array = kzalloc(count * sizeof(struct task_struct *),
+                               GFP_KERNEL);
++              result = -ENOMEM;
+               if (!array)
+                       goto out;
+       }
+ 
+-      tinfo = NULL;
+       for (id = 0; id < count; id++) {
+-              if (state == IP_VS_STATE_MASTER)
+-                      sock = make_send_sock(ipvs, id);
+-              else
+-                      sock = make_receive_sock(ipvs, id, dev->ifindex);
+-              if (IS_ERR(sock)) {
+-                      result = PTR_ERR(sock);
+-                      goto outtinfo;
+-              }
++              result = -ENOMEM;
+               tinfo = kmalloc(sizeof(*tinfo), GFP_KERNEL);
+               if (!tinfo)
+-                      goto outsocket;
++                      goto out;
+               tinfo->ipvs = ipvs;
+-              tinfo->sock = sock;
++              tinfo->sock = NULL;
+               if (state == IP_VS_STATE_BACKUP) {
+                       tinfo->buf = kmalloc(ipvs->bcfg.sync_maxlen,
+                                            GFP_KERNEL);
+                       if (!tinfo->buf)
+-                              goto outtinfo;
++                              goto out;
+               } else {
+                       tinfo->buf = NULL;
+               }
+               tinfo->id = id;
++              if (state == IP_VS_STATE_MASTER)
++                      result = make_send_sock(ipvs, id, dev, &tinfo->sock);
++              else
++                      result = make_receive_sock(ipvs, id, dev, &tinfo->sock);
++              if (result < 0)
++                      goto out;
+ 
+               task = kthread_run(threadfn, tinfo, name, ipvs->gen, id);
+               if (IS_ERR(task)) {
+                       result = PTR_ERR(task);
+-                      goto outtinfo;
++                      goto out;
+               }
+               tinfo = NULL;
+               if (state == IP_VS_STATE_MASTER)
+@@ -1913,20 +1908,20 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
+       ipvs->sync_state |= state;
+       spin_unlock_bh(&ipvs->sync_buff_lock);
+ 
++      mutex_unlock(&ipvs->sync_mutex);
++      rtnl_unlock();
++
+       /* increase the module use count */
+       ip_vs_use_count_inc();
+ 
+       return 0;
+ 
+-outsocket:
+-      sock_release(sock);
+-
+-outtinfo:
+-      if (tinfo) {
+-              sock_release(tinfo->sock);
+-              kfree(tinfo->buf);
+-              kfree(tinfo);
+-      }
++out:
++      /* We do not need RTNL lock anymore, release it here so that
++       * sock_release below and in the kthreads can use rtnl_lock
++       * to leave the mcast group.
++       */
++      rtnl_unlock();
+       count = id;
+       while (count-- > 0) {
+               if (state == IP_VS_STATE_MASTER)
+@@ -1934,13 +1929,23 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
+               else
+                       kthread_stop(array[count]);
+       }
+-      kfree(array);
+-
+-out:
+       if (!(ipvs->sync_state & IP_VS_STATE_MASTER)) {
+               kfree(ipvs->ms);
+               ipvs->ms = NULL;
+       }
++      mutex_unlock(&ipvs->sync_mutex);
++      if (tinfo) {
++              if (tinfo->sock)
++                      sock_release(tinfo->sock);
++              kfree(tinfo->buf);
++              kfree(tinfo);
++      }
++      kfree(array);
++      return result;
++
++out_early:
++      mutex_unlock(&ipvs->sync_mutex);
++      rtnl_unlock();
+       return result;
+ }
+ 
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
+index 1e97b8d9a159..15e6e7b9fd2b 100644
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -1795,6 +1795,8 @@ static int netlink_sendmsg(struct socket *sock, struct 
msghdr *msg, size_t len)
+ 
+       if (msg->msg_namelen) {
+               err = -EINVAL;
++              if (msg->msg_namelen < sizeof(struct sockaddr_nl))
++                      goto out;
+               if (addr->nl_family != AF_NETLINK)
+                       goto out;
+               dst_portid = addr->nl_pid;
+diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
+index 76c01cbd56e3..d6d8b34c5f22 100644
+--- a/net/rfkill/rfkill-gpio.c
++++ b/net/rfkill/rfkill-gpio.c
+@@ -138,13 +138,18 @@ static int rfkill_gpio_probe(struct platform_device 
*pdev)
+ 
+       ret = rfkill_register(rfkill->rfkill_dev);
+       if (ret < 0)
+-              return ret;
++              goto err_destroy;
+ 
+       platform_set_drvdata(pdev, rfkill);
+ 
+       dev_info(&pdev->dev, "%s device registered.\n", rfkill->name);
+ 
+       return 0;
++
++err_destroy:
++      rfkill_destroy(rfkill->rfkill_dev);
++
++      return ret;
+ }
+ 
+ static int rfkill_gpio_remove(struct platform_device *pdev)

[gentoo-commits] proj/linux-patches:4.9 commit in: /

Reply via email to