commit: bf597de43119fd724a6de288d471b24546ab1dd1 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Wed Mar 23 11:55:45 2022 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Wed Mar 23 11:55:45 2022 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bf597de4
Linux patch 5.10.108 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1107_linux-5.10.108.patch | 1112 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1116 insertions(+) diff --git a/0000_README b/0000_README index 41173da0..bf9e37df 100644 --- a/0000_README +++ b/0000_README @@ -471,6 +471,10 @@ Patch: 1106_linux-5.10.107.patch From: http://www.kernel.org Desc: Linux 5.10.107 +Patch: 1107_linux-5.10.108.patch +From: http://www.kernel.org +Desc: Linux 5.10.108 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1107_linux-5.10.108.patch b/1107_linux-5.10.108.patch new file mode 100644 index 00000000..5645f1e5 --- /dev/null +++ b/1107_linux-5.10.108.patch @@ -0,0 +1,1112 @@ +diff --git a/Makefile b/Makefile +index c0be463910578..08b3066fe6e53 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 10 +-SUBLEVEL = 107 ++SUBLEVEL = 108 + EXTRAVERSION = + NAME = Dare mighty things + +diff --git a/arch/arm64/include/asm/vectors.h b/arch/arm64/include/asm/vectors.h +index f64613a96d530..bc9a2145f4194 100644 +--- a/arch/arm64/include/asm/vectors.h ++++ b/arch/arm64/include/asm/vectors.h +@@ -56,14 +56,14 @@ enum arm64_bp_harden_el1_vectors { + DECLARE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector); + + #ifndef CONFIG_UNMAP_KERNEL_AT_EL0 +-#define TRAMP_VALIAS 0 ++#define TRAMP_VALIAS 0ul + #endif + + static inline const char * + arm64_get_bp_hardening_vector(enum arm64_bp_harden_el1_vectors slot) + { + if (arm64_kernel_unmapped_at_el0()) +- return (char *)TRAMP_VALIAS + SZ_2K * slot; ++ return (char *)(TRAMP_VALIAS + SZ_2K * slot); + + WARN_ON_ONCE(slot == EL1_VECTOR_KPTI); + +diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c +index b574cce98dc36..9fcc49be499f1 100644 +--- a/drivers/atm/eni.c ++++ b/drivers/atm/eni.c +@@ -1112,6 +1112,8 @@ DPRINTK("iovcnt = %d\n",skb_shinfo(skb)->nr_frags); + skb_data3 = skb->data[3]; + paddr = dma_map_single(&eni_dev->pci_dev->dev,skb->data,skb->len, + DMA_TO_DEVICE); ++ if (dma_mapping_error(&eni_dev->pci_dev->dev, paddr)) ++ return enq_next; + ENI_PRV_PADDR(skb) = paddr; + /* prepare DMA queue entries */ + j = 0; +diff --git a/drivers/crypto/qcom-rng.c b/drivers/crypto/qcom-rng.c +index 99ba8d51d1020..11f30fd48c141 100644 +--- a/drivers/crypto/qcom-rng.c ++++ b/drivers/crypto/qcom-rng.c +@@ -8,6 +8,7 @@ + #include <linux/clk.h> + #include <linux/crypto.h> + #include <linux/io.h> ++#include <linux/iopoll.h> + #include <linux/module.h> + #include <linux/of.h> + #include <linux/platform_device.h> +@@ -43,16 +44,19 @@ static int qcom_rng_read(struct qcom_rng *rng, u8 *data, unsigned int max) + { + unsigned int currsize = 0; + u32 val; ++ int ret; + + /* read random data from hardware */ + do { +- val = readl_relaxed(rng->base + PRNG_STATUS); +- if (!(val & PRNG_STATUS_DATA_AVAIL)) +- break; ++ ret = readl_poll_timeout(rng->base + PRNG_STATUS, val, ++ val & PRNG_STATUS_DATA_AVAIL, ++ 200, 10000); ++ if (ret) ++ return ret; + + val = readl_relaxed(rng->base + PRNG_DATA_OUT); + if (!val) +- break; ++ return -EINVAL; + + if ((max - currsize) >= WORD_SZ) { + memcpy(data, &val, WORD_SZ); +@@ -61,11 +65,10 @@ static int qcom_rng_read(struct qcom_rng *rng, u8 *data, unsigned int max) + } else { + /* copy only remaining bytes */ + memcpy(data, &val, max - currsize); +- break; + } + } while (currsize < max); + +- return currsize; ++ return 0; + } + + static int qcom_rng_generate(struct crypto_rng *tfm, +@@ -87,7 +90,7 @@ static int qcom_rng_generate(struct crypto_rng *tfm, + mutex_unlock(&rng->lock); + clk_disable_unprepare(rng->clk); + +- return 0; ++ return ret; + } + + static int qcom_rng_seed(struct crypto_rng *tfm, const u8 *seed, +diff --git a/drivers/firmware/efi/apple-properties.c b/drivers/firmware/efi/apple-properties.c +index e1926483ae2fd..e51838d749e2e 100644 +--- a/drivers/firmware/efi/apple-properties.c ++++ b/drivers/firmware/efi/apple-properties.c +@@ -24,7 +24,7 @@ static bool dump_properties __initdata; + static int __init dump_properties_enable(char *arg) + { + dump_properties = true; +- return 0; ++ return 1; + } + + __setup("dump_apple_properties", dump_properties_enable); +diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c +index 9fa86288b78a9..e3df82d5d37a8 100644 +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -209,7 +209,7 @@ static int __init efivar_ssdt_setup(char *str) + memcpy(efivar_ssdt, str, strlen(str)); + else + pr_warn("efivar_ssdt: name too long: %s\n", str); +- return 0; ++ return 1; + } + __setup("efivar_ssdt=", efivar_ssdt_setup); + +diff --git a/drivers/gpu/drm/imx/parallel-display.c b/drivers/gpu/drm/imx/parallel-display.c +index 2eb8df4697dfa..605ac8825a591 100644 +--- a/drivers/gpu/drm/imx/parallel-display.c ++++ b/drivers/gpu/drm/imx/parallel-display.c +@@ -212,14 +212,6 @@ static int imx_pd_bridge_atomic_check(struct drm_bridge *bridge, + if (!imx_pd_format_supported(bus_fmt)) + return -EINVAL; + +- if (bus_flags & +- ~(DRM_BUS_FLAG_DE_LOW | DRM_BUS_FLAG_DE_HIGH | +- DRM_BUS_FLAG_PIXDATA_DRIVE_POSEDGE | +- DRM_BUS_FLAG_PIXDATA_DRIVE_NEGEDGE)) { +- dev_warn(imxpd->dev, "invalid bus_flags (%x)\n", bus_flags); +- return -EINVAL; +- } +- + bridge_state->output_bus_cfg.flags = bus_flags; + bridge_state->input_bus_cfg.flags = bus_flags; + imx_crtc_state->bus_flags = bus_flags; +diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c +index 7ffd2a04ab23a..959dcbd8a29c1 100644 +--- a/drivers/gpu/drm/panel/panel-simple.c ++++ b/drivers/gpu/drm/panel/panel-simple.c +@@ -2132,7 +2132,7 @@ static const struct display_timing innolux_g070y2_l01_timing = { + static const struct panel_desc innolux_g070y2_l01 = { + .timings = &innolux_g070y2_l01_timing, + .num_timings = 1, +- .bpc = 6, ++ .bpc = 8, + .size = { + .width = 152, + .height = 91, +diff --git a/drivers/input/tablet/aiptek.c b/drivers/input/tablet/aiptek.c +index e08b0ef078e81..8afeefcea67bb 100644 +--- a/drivers/input/tablet/aiptek.c ++++ b/drivers/input/tablet/aiptek.c +@@ -1801,15 +1801,13 @@ aiptek_probe(struct usb_interface *intf, const struct usb_device_id *id) + input_set_abs_params(inputdev, ABS_TILT_Y, AIPTEK_TILT_MIN, AIPTEK_TILT_MAX, 0, 0); + input_set_abs_params(inputdev, ABS_WHEEL, AIPTEK_WHEEL_MIN, AIPTEK_WHEEL_MAX - 1, 0, 0); + +- /* Verify that a device really has an endpoint */ +- if (intf->cur_altsetting->desc.bNumEndpoints < 1) { ++ err = usb_find_common_endpoints(intf->cur_altsetting, ++ NULL, NULL, &endpoint, NULL); ++ if (err) { + dev_err(&intf->dev, +- "interface has %d endpoints, but must have minimum 1\n", +- intf->cur_altsetting->desc.bNumEndpoints); +- err = -EINVAL; ++ "interface has no int in endpoints, but must have minimum 1\n"); + goto fail3; + } +- endpoint = &intf->cur_altsetting->endpoint[0].desc; + + /* Go set up our URB, which is called when the tablet receives + * input. +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h +index bb3ba614fb174..2a61229d3f976 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x.h +@@ -2534,6 +2534,4 @@ void bnx2x_register_phc(struct bnx2x *bp); + * Meant for implicit re-load flows. + */ + int bnx2x_vlan_reconfigure_vid(struct bnx2x *bp); +-int bnx2x_init_firmware(struct bnx2x *bp); +-void bnx2x_release_firmware(struct bnx2x *bp); + #endif /* bnx2x.h */ +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +index 41ebbb2c7d3ac..198e041d84109 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +@@ -2363,24 +2363,30 @@ int bnx2x_compare_fw_ver(struct bnx2x *bp, u32 load_code, bool print_err) + /* is another pf loaded on this engine? */ + if (load_code != FW_MSG_CODE_DRV_LOAD_COMMON_CHIP && + load_code != FW_MSG_CODE_DRV_LOAD_COMMON) { +- /* build my FW version dword */ +- u32 my_fw = (bp->fw_major) + (bp->fw_minor << 8) + +- (bp->fw_rev << 16) + (bp->fw_eng << 24); ++ u8 loaded_fw_major, loaded_fw_minor, loaded_fw_rev, loaded_fw_eng; ++ u32 loaded_fw; + + /* read loaded FW from chip */ +- u32 loaded_fw = REG_RD(bp, XSEM_REG_PRAM); ++ loaded_fw = REG_RD(bp, XSEM_REG_PRAM); + +- DP(BNX2X_MSG_SP, "loaded fw %x, my fw %x\n", +- loaded_fw, my_fw); ++ loaded_fw_major = loaded_fw & 0xff; ++ loaded_fw_minor = (loaded_fw >> 8) & 0xff; ++ loaded_fw_rev = (loaded_fw >> 16) & 0xff; ++ loaded_fw_eng = (loaded_fw >> 24) & 0xff; ++ ++ DP(BNX2X_MSG_SP, "loaded fw 0x%x major 0x%x minor 0x%x rev 0x%x eng 0x%x\n", ++ loaded_fw, loaded_fw_major, loaded_fw_minor, loaded_fw_rev, loaded_fw_eng); + + /* abort nic load if version mismatch */ +- if (my_fw != loaded_fw) { ++ if (loaded_fw_major != BCM_5710_FW_MAJOR_VERSION || ++ loaded_fw_minor != BCM_5710_FW_MINOR_VERSION || ++ loaded_fw_eng != BCM_5710_FW_ENGINEERING_VERSION || ++ loaded_fw_rev < BCM_5710_FW_REVISION_VERSION_V15) { + if (print_err) +- BNX2X_ERR("bnx2x with FW %x was already loaded which mismatches my %x FW. Aborting\n", +- loaded_fw, my_fw); ++ BNX2X_ERR("loaded FW incompatible. Aborting\n"); + else +- BNX2X_DEV_INFO("bnx2x with FW %x was already loaded which mismatches my %x FW, possibly due to MF UNDI\n", +- loaded_fw, my_fw); ++ BNX2X_DEV_INFO("loaded FW incompatible, possibly due to MF UNDI\n"); ++ + return -EBUSY; + } + } +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +index 7fa271db41b07..6333471916be1 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +@@ -12366,15 +12366,6 @@ static int bnx2x_init_bp(struct bnx2x *bp) + + bnx2x_read_fwinfo(bp); + +- if (IS_PF(bp)) { +- rc = bnx2x_init_firmware(bp); +- +- if (rc) { +- bnx2x_free_mem_bp(bp); +- return rc; +- } +- } +- + func = BP_FUNC(bp); + + /* need to reset chip if undi was active */ +@@ -12387,7 +12378,6 @@ static int bnx2x_init_bp(struct bnx2x *bp) + + rc = bnx2x_prev_unload(bp); + if (rc) { +- bnx2x_release_firmware(bp); + bnx2x_free_mem_bp(bp); + return rc; + } +@@ -13469,7 +13459,7 @@ do { \ + (u8 *)bp->arr, len); \ + } while (0) + +-int bnx2x_init_firmware(struct bnx2x *bp) ++static int bnx2x_init_firmware(struct bnx2x *bp) + { + const char *fw_file_name, *fw_file_name_v15; + struct bnx2x_fw_file_hdr *fw_hdr; +@@ -13569,7 +13559,7 @@ request_firmware_exit: + return rc; + } + +-void bnx2x_release_firmware(struct bnx2x *bp) ++static void bnx2x_release_firmware(struct bnx2x *bp) + { + kfree(bp->init_ops_offsets); + kfree(bp->init_ops); +@@ -14086,7 +14076,6 @@ static int bnx2x_init_one(struct pci_dev *pdev, + return 0; + + init_one_freemem: +- bnx2x_release_firmware(bp); + bnx2x_free_mem_bp(bp); + + init_one_exit: +diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c +index e19cf020e5ae1..a2062144d7ca1 100644 +--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c ++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c +@@ -2239,8 +2239,10 @@ static unsigned int bcmgenet_desc_rx(struct bcmgenet_rx_ring *ring, + dma_length_status = status->length_status; + if (dev->features & NETIF_F_RXCSUM) { + rx_csum = (__force __be16)(status->rx_csum & 0xffff); +- skb->csum = (__force __wsum)ntohs(rx_csum); +- skb->ip_summed = CHECKSUM_COMPLETE; ++ if (rx_csum) { ++ skb->csum = (__force __wsum)ntohs(rx_csum); ++ skb->ip_summed = CHECKSUM_COMPLETE; ++ } + } + + /* DMA flags and length are still valid no matter how +diff --git a/drivers/net/ethernet/mscc/ocelot_flower.c b/drivers/net/ethernet/mscc/ocelot_flower.c +index 217e8333de6c6..c4c4649b2088e 100644 +--- a/drivers/net/ethernet/mscc/ocelot_flower.c ++++ b/drivers/net/ethernet/mscc/ocelot_flower.c +@@ -54,6 +54,12 @@ static int ocelot_chain_to_block(int chain, bool ingress) + */ + static int ocelot_chain_to_lookup(int chain) + { ++ /* Backwards compatibility with older, single-chain tc-flower ++ * offload support in Ocelot ++ */ ++ if (chain == 0) ++ return 0; ++ + return (chain / VCAP_LOOKUP) % 10; + } + +@@ -62,7 +68,15 @@ static int ocelot_chain_to_lookup(int chain) + */ + static int ocelot_chain_to_pag(int chain) + { +- int lookup = ocelot_chain_to_lookup(chain); ++ int lookup; ++ ++ /* Backwards compatibility with older, single-chain tc-flower ++ * offload support in Ocelot ++ */ ++ if (chain == 0) ++ return 0; ++ ++ lookup = ocelot_chain_to_lookup(chain); + + /* calculate PAG value as chain index relative to the first PAG */ + return chain - VCAP_IS2_CHAIN(lookup, 0); +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +index 261e6e55a907b..e3676386d0eeb 100644 +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -1562,6 +1562,9 @@ static void netvsc_get_ethtool_stats(struct net_device *dev, + pcpu_sum = kvmalloc_array(num_possible_cpus(), + sizeof(struct netvsc_ethtool_pcpu_stats), + GFP_KERNEL); ++ if (!pcpu_sum) ++ return; ++ + netvsc_get_pcpu_stats(dev, pcpu_sum); + for_each_present_cpu(cpu) { + struct netvsc_ethtool_pcpu_stats *this_sum = &pcpu_sum[cpu]; +diff --git a/drivers/net/phy/marvell.c b/drivers/net/phy/marvell.c +index cb9d1852a75c8..54786712a9913 100644 +--- a/drivers/net/phy/marvell.c ++++ b/drivers/net/phy/marvell.c +@@ -1536,8 +1536,8 @@ static int marvell_suspend(struct phy_device *phydev) + int err; + + /* Suspend the fiber mode first */ +- if (!linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, +- phydev->supported)) { ++ if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, ++ phydev->supported)) { + err = marvell_set_page(phydev, MII_MARVELL_FIBER_PAGE); + if (err < 0) + goto error; +@@ -1571,8 +1571,8 @@ static int marvell_resume(struct phy_device *phydev) + int err; + + /* Resume the fiber mode first */ +- if (!linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, +- phydev->supported)) { ++ if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, ++ phydev->supported)) { + err = marvell_set_page(phydev, MII_MARVELL_FIBER_PAGE); + if (err < 0) + goto error; +diff --git a/drivers/net/phy/mscc/mscc_main.c b/drivers/net/phy/mscc/mscc_main.c +index 41a410124437d..e14fa72791b0e 100644 +--- a/drivers/net/phy/mscc/mscc_main.c ++++ b/drivers/net/phy/mscc/mscc_main.c +@@ -2584,3 +2584,6 @@ MODULE_DEVICE_TABLE(mdio, vsc85xx_tbl); + MODULE_DESCRIPTION("Microsemi VSC85xx PHY driver"); + MODULE_AUTHOR("Nagaraju Lakkaraju"); + MODULE_LICENSE("Dual MIT/GPL"); ++ ++MODULE_FIRMWARE(MSCC_VSC8584_REVB_INT8051_FW); ++MODULE_FIRMWARE(MSCC_VSC8574_REVB_INT8051_FW); +diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c +index 465e11dcdf129..e5b7448511467 100644 +--- a/drivers/net/usb/smsc95xx.c ++++ b/drivers/net/usb/smsc95xx.c +@@ -84,9 +84,10 @@ static int __must_check __smsc95xx_read_reg(struct usbnet *dev, u32 index, + ret = fn(dev, USB_VENDOR_REQUEST_READ_REGISTER, USB_DIR_IN + | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + 0, index, &buf, 4); +- if (unlikely(ret < 0)) { +- netdev_warn(dev->net, "Failed to read reg index 0x%08x: %d\n", +- index, ret); ++ if (ret < 0) { ++ if (ret != -ENODEV) ++ netdev_warn(dev->net, "Failed to read reg index 0x%08x: %d\n", ++ index, ret); + return ret; + } + +@@ -116,7 +117,7 @@ static int __must_check __smsc95xx_write_reg(struct usbnet *dev, u32 index, + ret = fn(dev, USB_VENDOR_REQUEST_WRITE_REGISTER, USB_DIR_OUT + | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + 0, index, &buf, 4); +- if (unlikely(ret < 0)) ++ if (ret < 0 && ret != -ENODEV) + netdev_warn(dev->net, "Failed to write reg index 0x%08x: %d\n", + index, ret); + +@@ -159,6 +160,9 @@ static int __must_check __smsc95xx_phy_wait_not_busy(struct usbnet *dev, + do { + ret = __smsc95xx_read_reg(dev, MII_ADDR, &val, in_pm); + if (ret < 0) { ++ /* Ignore -ENODEV error during disconnect() */ ++ if (ret == -ENODEV) ++ return 0; + netdev_warn(dev->net, "Error reading MII_ACCESS\n"); + return ret; + } +@@ -194,7 +198,8 @@ static int __smsc95xx_mdio_read(struct usbnet *dev, int phy_id, int idx, + addr = mii_address_cmd(phy_id, idx, MII_READ_ | MII_BUSY_); + ret = __smsc95xx_write_reg(dev, MII_ADDR, addr, in_pm); + if (ret < 0) { +- netdev_warn(dev->net, "Error writing MII_ADDR\n"); ++ if (ret != -ENODEV) ++ netdev_warn(dev->net, "Error writing MII_ADDR\n"); + goto done; + } + +@@ -206,7 +211,8 @@ static int __smsc95xx_mdio_read(struct usbnet *dev, int phy_id, int idx, + + ret = __smsc95xx_read_reg(dev, MII_DATA, &val, in_pm); + if (ret < 0) { +- netdev_warn(dev->net, "Error reading MII_DATA\n"); ++ if (ret != -ENODEV) ++ netdev_warn(dev->net, "Error reading MII_DATA\n"); + goto done; + } + +@@ -214,6 +220,10 @@ static int __smsc95xx_mdio_read(struct usbnet *dev, int phy_id, int idx, + + done: + mutex_unlock(&dev->phy_mutex); ++ ++ /* Ignore -ENODEV error during disconnect() */ ++ if (ret == -ENODEV) ++ return 0; + return ret; + } + +@@ -235,7 +245,8 @@ static void __smsc95xx_mdio_write(struct usbnet *dev, int phy_id, + val = regval; + ret = __smsc95xx_write_reg(dev, MII_DATA, val, in_pm); + if (ret < 0) { +- netdev_warn(dev->net, "Error writing MII_DATA\n"); ++ if (ret != -ENODEV) ++ netdev_warn(dev->net, "Error writing MII_DATA\n"); + goto done; + } + +@@ -243,7 +254,8 @@ static void __smsc95xx_mdio_write(struct usbnet *dev, int phy_id, + addr = mii_address_cmd(phy_id, idx, MII_WRITE_ | MII_BUSY_); + ret = __smsc95xx_write_reg(dev, MII_ADDR, addr, in_pm); + if (ret < 0) { +- netdev_warn(dev->net, "Error writing MII_ADDR\n"); ++ if (ret != -ENODEV) ++ netdev_warn(dev->net, "Error writing MII_ADDR\n"); + goto done; + } + +@@ -1049,6 +1061,14 @@ static const struct net_device_ops smsc95xx_netdev_ops = { + .ndo_set_features = smsc95xx_set_features, + }; + ++static void smsc95xx_handle_link_change(struct net_device *net) ++{ ++ struct usbnet *dev = netdev_priv(net); ++ ++ phy_print_status(net->phydev); ++ usbnet_defer_kevent(dev, EVENT_LINK_CHANGE); ++} ++ + static int smsc95xx_bind(struct usbnet *dev, struct usb_interface *intf) + { + struct smsc95xx_priv *pdata; +@@ -1153,6 +1173,17 @@ static int smsc95xx_bind(struct usbnet *dev, struct usb_interface *intf) + dev->net->min_mtu = ETH_MIN_MTU; + dev->net->max_mtu = ETH_DATA_LEN; + dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len; ++ ++ ret = phy_connect_direct(dev->net, pdata->phydev, ++ &smsc95xx_handle_link_change, ++ PHY_INTERFACE_MODE_MII); ++ if (ret) { ++ netdev_err(dev->net, "can't attach PHY to %s\n", pdata->mdiobus->id); ++ goto unregister_mdio; ++ } ++ ++ phy_attached_info(dev->net->phydev); ++ + return 0; + + unregister_mdio: +@@ -1170,47 +1201,25 @@ static void smsc95xx_unbind(struct usbnet *dev, struct usb_interface *intf) + { + struct smsc95xx_priv *pdata = dev->driver_priv; + ++ phy_disconnect(dev->net->phydev); + mdiobus_unregister(pdata->mdiobus); + mdiobus_free(pdata->mdiobus); + netif_dbg(dev, ifdown, dev->net, "free pdata\n"); + kfree(pdata); + } + +-static void smsc95xx_handle_link_change(struct net_device *net) +-{ +- struct usbnet *dev = netdev_priv(net); +- +- phy_print_status(net->phydev); +- usbnet_defer_kevent(dev, EVENT_LINK_CHANGE); +-} +- + static int smsc95xx_start_phy(struct usbnet *dev) + { +- struct smsc95xx_priv *pdata = dev->driver_priv; +- struct net_device *net = dev->net; +- int ret; +- +- ret = smsc95xx_reset(dev); +- if (ret < 0) +- return ret; ++ phy_start(dev->net->phydev); + +- ret = phy_connect_direct(net, pdata->phydev, +- &smsc95xx_handle_link_change, +- PHY_INTERFACE_MODE_MII); +- if (ret) { +- netdev_err(net, "can't attach PHY to %s\n", pdata->mdiobus->id); +- return ret; +- } +- +- phy_attached_info(net->phydev); +- phy_start(net->phydev); + return 0; + } + +-static int smsc95xx_disconnect_phy(struct usbnet *dev) ++static int smsc95xx_stop(struct usbnet *dev) + { +- phy_stop(dev->net->phydev); +- phy_disconnect(dev->net->phydev); ++ if (dev->net->phydev) ++ phy_stop(dev->net->phydev); ++ + return 0; + } + +@@ -1964,8 +1973,9 @@ static const struct driver_info smsc95xx_info = { + .bind = smsc95xx_bind, + .unbind = smsc95xx_unbind, + .link_reset = smsc95xx_link_reset, +- .reset = smsc95xx_start_phy, +- .stop = smsc95xx_disconnect_phy, ++ .reset = smsc95xx_reset, ++ .check_connect = smsc95xx_start_phy, ++ .stop = smsc95xx_stop, + .rx_fixup = smsc95xx_rx_fixup, + .tx_fixup = smsc95xx_tx_fixup, + .status = smsc95xx_status, +diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c +index 3fbbdf084d67a..3153f164554aa 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_base.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_base.c +@@ -1832,9 +1832,10 @@ mpt3sas_base_sync_reply_irqs(struct MPT3SAS_ADAPTER *ioc, u8 poll) + enable_irq(reply_q->os_irq); + } + } ++ ++ if (poll) ++ _base_process_reply_queue(reply_q); + } +- if (poll) +- _base_process_reply_queue(reply_q); + } + + /** +diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c +index 58274c5073531..49f59d53b4b26 100644 +--- a/drivers/usb/class/usbtmc.c ++++ b/drivers/usb/class/usbtmc.c +@@ -1889,6 +1889,7 @@ static int usbtmc_ioctl_request(struct usbtmc_device_data *data, + struct usbtmc_ctrlrequest request; + u8 *buffer = NULL; + int rv; ++ unsigned int is_in, pipe; + unsigned long res; + + res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest)); +@@ -1898,12 +1899,14 @@ static int usbtmc_ioctl_request(struct usbtmc_device_data *data, + if (request.req.wLength > USBTMC_BUFSIZE) + return -EMSGSIZE; + ++ is_in = request.req.bRequestType & USB_DIR_IN; ++ + if (request.req.wLength) { + buffer = kmalloc(request.req.wLength, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + +- if ((request.req.bRequestType & USB_DIR_IN) == 0) { ++ if (!is_in) { + /* Send control data to device */ + res = copy_from_user(buffer, request.data, + request.req.wLength); +@@ -1914,8 +1917,12 @@ static int usbtmc_ioctl_request(struct usbtmc_device_data *data, + } + } + ++ if (is_in) ++ pipe = usb_rcvctrlpipe(data->usb_dev, 0); ++ else ++ pipe = usb_sndctrlpipe(data->usb_dev, 0); + rv = usb_control_msg(data->usb_dev, +- usb_rcvctrlpipe(data->usb_dev, 0), ++ pipe, + request.req.bRequest, + request.req.bRequestType, + request.req.wValue, +@@ -1927,7 +1934,7 @@ static int usbtmc_ioctl_request(struct usbtmc_device_data *data, + goto exit; + } + +- if (rv && (request.req.bRequestType & USB_DIR_IN)) { ++ if (rv && is_in) { + /* Read control data from device */ + res = copy_to_user(request.data, buffer, rv); + if (res) +diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c +index 0f14c5291af07..4150de96b937a 100644 +--- a/drivers/usb/gadget/function/rndis.c ++++ b/drivers/usb/gadget/function/rndis.c +@@ -640,6 +640,7 @@ static int rndis_set_response(struct rndis_params *params, + BufLength = le32_to_cpu(buf->InformationBufferLength); + BufOffset = le32_to_cpu(buf->InformationBufferOffset); + if ((BufLength > RNDIS_MAX_TOTAL_SIZE) || ++ (BufOffset > RNDIS_MAX_TOTAL_SIZE) || + (BufOffset + 8 >= RNDIS_MAX_TOTAL_SIZE)) + return -EINVAL; + +diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c +index da691a69fec10..3a3b5a03dda75 100644 +--- a/drivers/usb/gadget/udc/core.c ++++ b/drivers/usb/gadget/udc/core.c +@@ -1343,7 +1343,6 @@ static void usb_gadget_remove_driver(struct usb_udc *udc) + usb_gadget_udc_stop(udc); + + udc->driver = NULL; +- udc->dev.driver = NULL; + udc->gadget->dev.driver = NULL; + } + +@@ -1405,7 +1404,6 @@ static int udc_bind_to_driver(struct usb_udc *udc, struct usb_gadget_driver *dri + driver->function); + + udc->driver = driver; +- udc->dev.driver = &driver->driver; + udc->gadget->dev.driver = &driver->driver; + + usb_gadget_udc_set_speed(udc, driver->max_speed); +@@ -1427,7 +1425,6 @@ err1: + dev_err(&udc->dev, "failed to start %s: %d\n", + udc->driver->function, ret); + udc->driver = NULL; +- udc->dev.driver = NULL; + udc->gadget->dev.driver = NULL; + return ret; + } +diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c +index c282fc0d04bd1..5d2d6ce7ff413 100644 +--- a/drivers/vhost/vsock.c ++++ b/drivers/vhost/vsock.c +@@ -697,7 +697,8 @@ static int vhost_vsock_dev_release(struct inode *inode, struct file *file) + + /* Iterating over all connections for all CIDs to find orphans is + * inefficient. Room for improvement here. */ +- vsock_for_each_connected_socket(vhost_vsock_reset_orphans); ++ vsock_for_each_connected_socket(&vhost_transport.transport, ++ vhost_vsock_reset_orphans); + + /* Don't check the owner, because we are in the release path, so we + * need to stop the vsock device in any case. +diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c +index 435f82892432c..477ad05a34ea2 100644 +--- a/fs/ocfs2/super.c ++++ b/fs/ocfs2/super.c +@@ -1110,17 +1110,6 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent) + goto read_super_error; + } + +- root = d_make_root(inode); +- if (!root) { +- status = -ENOMEM; +- mlog_errno(status); +- goto read_super_error; +- } +- +- sb->s_root = root; +- +- ocfs2_complete_mount_recovery(osb); +- + osb->osb_dev_kset = kset_create_and_add(sb->s_id, NULL, + &ocfs2_kset->kobj); + if (!osb->osb_dev_kset) { +@@ -1138,6 +1127,17 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent) + goto read_super_error; + } + ++ root = d_make_root(inode); ++ if (!root) { ++ status = -ENOMEM; ++ mlog_errno(status); ++ goto read_super_error; ++ } ++ ++ sb->s_root = root; ++ ++ ocfs2_complete_mount_recovery(osb); ++ + if (ocfs2_mount_local(osb)) + snprintf(nodestr, sizeof(nodestr), "local"); + else +diff --git a/include/linux/if_arp.h b/include/linux/if_arp.h +index bf5c5f32c65e4..e147ea6794670 100644 +--- a/include/linux/if_arp.h ++++ b/include/linux/if_arp.h +@@ -51,6 +51,7 @@ static inline bool dev_is_mac_header_xmit(const struct net_device *dev) + case ARPHRD_VOID: + case ARPHRD_NONE: + case ARPHRD_RAWIP: ++ case ARPHRD_PIMREG: + return false; + default: + return true; +diff --git a/include/net/af_vsock.h b/include/net/af_vsock.h +index b1c7172869939..4d8589244dc75 100644 +--- a/include/net/af_vsock.h ++++ b/include/net/af_vsock.h +@@ -197,7 +197,8 @@ struct sock *vsock_find_bound_socket(struct sockaddr_vm *addr); + struct sock *vsock_find_connected_socket(struct sockaddr_vm *src, + struct sockaddr_vm *dst); + void vsock_remove_sock(struct vsock_sock *vsk); +-void vsock_for_each_connected_socket(void (*fn)(struct sock *sk)); ++void vsock_for_each_connected_socket(struct vsock_transport *transport, ++ void (*fn)(struct sock *sk)); + int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk); + bool vsock_find_cid(unsigned int cid); + +diff --git a/include/net/esp.h b/include/net/esp.h +index 9c5637d41d951..90cd02ff77ef6 100644 +--- a/include/net/esp.h ++++ b/include/net/esp.h +@@ -4,6 +4,8 @@ + + #include <linux/skbuff.h> + ++#define ESP_SKB_FRAG_MAXSIZE (PAGE_SIZE << SKB_FRAG_PAGE_ORDER) ++ + struct ip_esp_hdr; + + static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb) +diff --git a/include/net/sock.h b/include/net/sock.h +index bb40d4de545ca..2c11eb4abdd24 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -2670,6 +2670,7 @@ extern int sysctl_optmem_max; + extern __u32 sysctl_wmem_default; + extern __u32 sysctl_rmem_default; + ++#define SKB_FRAG_PAGE_ORDER get_order(32768) + DECLARE_STATIC_KEY_FALSE(net_high_order_alloc_disable_key); + + static inline int sk_get_wmem0(const struct sock *sk, const struct proto *proto) +diff --git a/mm/swap_state.c b/mm/swap_state.c +index ee465827420e6..5c5cb2d67b31f 100644 +--- a/mm/swap_state.c ++++ b/mm/swap_state.c +@@ -512,7 +512,7 @@ struct page *__read_swap_cache_async(swp_entry_t entry, gfp_t gfp_mask, + * __read_swap_cache_async(), which has set SWAP_HAS_CACHE + * in swap_map, but not yet added its page to swap cache. + */ +- cond_resched(); ++ schedule_timeout_uninterruptible(1); + } + + /* +diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c +index 71c8ef7d40870..f543fca6dfcbf 100644 +--- a/net/dsa/dsa2.c ++++ b/net/dsa/dsa2.c +@@ -766,6 +766,7 @@ static int dsa_port_parse_of(struct dsa_port *dp, struct device_node *dn) + struct net_device *master; + + master = of_find_net_device_by_node(ethernet); ++ of_node_put(ethernet); + if (!master) + return -EPROBE_DEFER; + +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index 4b834bbf95e07..9aae82145bc16 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -448,6 +448,7 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * + struct page *page; + struct sk_buff *trailer; + int tailen = esp->tailen; ++ unsigned int allocsz; + + /* this is non-NULL only with TCP/UDP Encapsulation */ + if (x->encap) { +@@ -457,6 +458,10 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * + return err; + } + ++ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES); ++ if (allocsz > ESP_SKB_FRAG_MAXSIZE) ++ goto cow; ++ + if (!skb_cloned(skb)) { + if (tailen <= skb_tailroom(skb)) { + nfrags = 1; +diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c +index fc8acb15dcfbb..20c7bef6829e1 100644 +--- a/net/ipv6/esp6.c ++++ b/net/ipv6/esp6.c +@@ -483,6 +483,7 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info + struct page *page; + struct sk_buff *trailer; + int tailen = esp->tailen; ++ unsigned int allocsz; + + if (x->encap) { + int err = esp6_output_encap(x, skb, esp); +@@ -491,6 +492,10 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info + return err; + } + ++ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES); ++ if (allocsz > ESP_SKB_FRAG_MAXSIZE) ++ goto cow; ++ + if (!skb_cloned(skb)) { + if (tailen <= skb_tailroom(skb)) { + nfrags = 1; +@@ -808,8 +813,7 @@ int esp6_input_done2(struct sk_buff *skb, int err) + struct tcphdr *th; + + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); +- +- if (offset < 0) { ++ if (offset == -1) { + err = -EINVAL; + goto out; + } +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index a31334b92be7e..d0c95d7dd292d 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -2278,8 +2278,11 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, + copy_skb = skb_get(skb); + skb_head = skb->data; + } +- if (copy_skb) ++ if (copy_skb) { ++ memset(&PACKET_SKB_CB(copy_skb)->sa.ll, 0, ++ sizeof(PACKET_SKB_CB(copy_skb)->sa.ll)); + skb_set_owner_r(copy_skb, sk); ++ } + } + snaplen = po->rx_ring.frame_size - macoff; + if ((int)snaplen < 0) { +@@ -3434,6 +3437,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, + sock_recv_ts_and_drops(msg, sk, skb); + + if (msg->msg_name) { ++ const size_t max_len = min(sizeof(skb->cb), ++ sizeof(struct sockaddr_storage)); + int copy_len; + + /* If the address length field is there to be filled +@@ -3456,6 +3461,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, + msg->msg_namelen = sizeof(struct sockaddr_ll); + } + } ++ if (WARN_ON_ONCE(copy_len > max_len)) { ++ copy_len = max_len; ++ msg->msg_namelen = copy_len; ++ } + memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len); + } + +diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c +index 005aa701f4d52..c59806253a65a 100644 +--- a/net/vmw_vsock/af_vsock.c ++++ b/net/vmw_vsock/af_vsock.c +@@ -333,7 +333,8 @@ void vsock_remove_sock(struct vsock_sock *vsk) + } + EXPORT_SYMBOL_GPL(vsock_remove_sock); + +-void vsock_for_each_connected_socket(void (*fn)(struct sock *sk)) ++void vsock_for_each_connected_socket(struct vsock_transport *transport, ++ void (*fn)(struct sock *sk)) + { + int i; + +@@ -342,8 +343,12 @@ void vsock_for_each_connected_socket(void (*fn)(struct sock *sk)) + for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) { + struct vsock_sock *vsk; + list_for_each_entry(vsk, &vsock_connected_table[i], +- connected_table) ++ connected_table) { ++ if (vsk->transport != transport) ++ continue; ++ + fn(sk_vsock(vsk)); ++ } + } + + spin_unlock_bh(&vsock_table_lock); +diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c +index 3a056f8affd1d..e131121533ad9 100644 +--- a/net/vmw_vsock/virtio_transport.c ++++ b/net/vmw_vsock/virtio_transport.c +@@ -24,6 +24,7 @@ + static struct workqueue_struct *virtio_vsock_workqueue; + static struct virtio_vsock __rcu *the_virtio_vsock; + static DEFINE_MUTEX(the_virtio_vsock_mutex); /* protects the_virtio_vsock */ ++static struct virtio_transport virtio_transport; /* forward declaration */ + + struct virtio_vsock { + struct virtio_device *vdev; +@@ -383,7 +384,8 @@ static void virtio_vsock_event_handle(struct virtio_vsock *vsock, + switch (le32_to_cpu(event->id)) { + case VIRTIO_VSOCK_EVENT_TRANSPORT_RESET: + virtio_vsock_update_guest_cid(vsock); +- vsock_for_each_connected_socket(virtio_vsock_reset_sock); ++ vsock_for_each_connected_socket(&virtio_transport.transport, ++ virtio_vsock_reset_sock); + break; + } + } +@@ -635,7 +637,8 @@ static void virtio_vsock_remove(struct virtio_device *vdev) + synchronize_rcu(); + + /* Reset all connected sockets when the device disappear */ +- vsock_for_each_connected_socket(virtio_vsock_reset_sock); ++ vsock_for_each_connected_socket(&virtio_transport.transport, ++ virtio_vsock_reset_sock); + + /* Stop all work handlers to make sure no one is accessing the device, + * so we can safely call vdev->config->reset(). +diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c +index 1c9ecb18b8e64..a9ca95a0fcdda 100644 +--- a/net/vmw_vsock/vmci_transport.c ++++ b/net/vmw_vsock/vmci_transport.c +@@ -75,6 +75,8 @@ static u32 vmci_transport_qp_resumed_sub_id = VMCI_INVALID_ID; + + static int PROTOCOL_OVERRIDE = -1; + ++static struct vsock_transport vmci_transport; /* forward declaration */ ++ + /* Helper function to convert from a VMCI error code to a VSock error code. */ + + static s32 vmci_transport_error_to_vsock_error(s32 vmci_error) +@@ -882,7 +884,8 @@ static void vmci_transport_qp_resumed_cb(u32 sub_id, + const struct vmci_event_data *e_data, + void *client_data) + { +- vsock_for_each_connected_socket(vmci_transport_handle_detach); ++ vsock_for_each_connected_socket(&vmci_transport, ++ vmci_transport_handle_detach); + } + + static void vmci_transport_recv_pkt_work(struct work_struct *work) +diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c +index 4d569ad7db02d..3609da7cce0ab 100644 +--- a/tools/perf/util/symbol.c ++++ b/tools/perf/util/symbol.c +@@ -231,7 +231,7 @@ void symbols__fixup_end(struct rb_root_cached *symbols) + prev = curr; + curr = rb_entry(nd, struct symbol, rb_node); + +- if (prev->end == prev->start && prev->end != curr->start) ++ if (prev->end == prev->start || prev->end != curr->start) + arch__symbols__fixup_end(prev, curr); + } + +diff --git a/tools/testing/selftests/bpf/prog_tests/timer_crash.c b/tools/testing/selftests/bpf/prog_tests/timer_crash.c +deleted file mode 100644 +index f74b82305da8c..0000000000000 +--- a/tools/testing/selftests/bpf/prog_tests/timer_crash.c ++++ /dev/null +@@ -1,32 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-#include <test_progs.h> +-#include "timer_crash.skel.h" +- +-enum { +- MODE_ARRAY, +- MODE_HASH, +-}; +- +-static void test_timer_crash_mode(int mode) +-{ +- struct timer_crash *skel; +- +- skel = timer_crash__open_and_load(); +- if (!ASSERT_OK_PTR(skel, "timer_crash__open_and_load")) +- return; +- skel->bss->pid = getpid(); +- skel->bss->crash_map = mode; +- if (!ASSERT_OK(timer_crash__attach(skel), "timer_crash__attach")) +- goto end; +- usleep(1); +-end: +- timer_crash__destroy(skel); +-} +- +-void test_timer_crash(void) +-{ +- if (test__start_subtest("array")) +- test_timer_crash_mode(MODE_ARRAY); +- if (test__start_subtest("hash")) +- test_timer_crash_mode(MODE_HASH); +-} +diff --git a/tools/testing/selftests/bpf/progs/timer_crash.c b/tools/testing/selftests/bpf/progs/timer_crash.c +deleted file mode 100644 +index f8f7944e70dae..0000000000000 +--- a/tools/testing/selftests/bpf/progs/timer_crash.c ++++ /dev/null +@@ -1,54 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +- +-#include <vmlinux.h> +-#include <bpf/bpf_tracing.h> +-#include <bpf/bpf_helpers.h> +- +-struct map_elem { +- struct bpf_timer timer; +- struct bpf_spin_lock lock; +-}; +- +-struct { +- __uint(type, BPF_MAP_TYPE_ARRAY); +- __uint(max_entries, 1); +- __type(key, int); +- __type(value, struct map_elem); +-} amap SEC(".maps"); +- +-struct { +- __uint(type, BPF_MAP_TYPE_HASH); +- __uint(max_entries, 1); +- __type(key, int); +- __type(value, struct map_elem); +-} hmap SEC(".maps"); +- +-int pid = 0; +-int crash_map = 0; /* 0 for amap, 1 for hmap */ +- +-SEC("fentry/do_nanosleep") +-int sys_enter(void *ctx) +-{ +- struct map_elem *e, value = {}; +- void *map = crash_map ? (void *)&hmap : (void *)&amap; +- +- if (bpf_get_current_task_btf()->tgid != pid) +- return 0; +- +- *(void **)&value = (void *)0xdeadcaf3; +- +- bpf_map_update_elem(map, &(int){0}, &value, 0); +- /* For array map, doing bpf_map_update_elem will do a +- * check_and_free_timer_in_array, which will trigger the crash if timer +- * pointer was overwritten, for hmap we need to use bpf_timer_cancel. +- */ +- if (crash_map == 1) { +- e = bpf_map_lookup_elem(map, &(int){0}); +- if (!e) +- return 0; +- bpf_timer_cancel(&e->timer); +- } +- return 0; +-} +- +-char _license[] SEC("license") = "GPL";
