commit: 3038f0c1e16b2a5807f83b890d2add421177d9c4 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Mon Mar 28 10:59:27 2022 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Mon Mar 28 10:59:27 2022 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=3038f0c1
Linux patch 4.19.237 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1236_linux-4.19.237.patch | 755 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 759 insertions(+) diff --git a/0000_README b/0000_README index 0e8f7f4a..eccf1864 100644 --- a/0000_README +++ b/0000_README @@ -983,6 +983,10 @@ Patch: 1235_linux-4.19.236.patch From: https://www.kernel.org Desc: Linux 4.19.236 +Patch: 1236_linux-4.19.237.patch +From: https://www.kernel.org +Desc: Linux 4.19.237 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1236_linux-4.19.237.patch b/1236_linux-4.19.237.patch new file mode 100644 index 00000000..38435553 --- /dev/null +++ b/1236_linux-4.19.237.patch @@ -0,0 +1,755 @@ +diff --git a/Makefile b/Makefile +index d83513c135206..834336f971c15 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 4 + PATCHLEVEL = 19 +-SUBLEVEL = 236 ++SUBLEVEL = 237 + EXTRAVERSION = + NAME = "People's Front" + +diff --git a/arch/nds32/include/asm/uaccess.h b/arch/nds32/include/asm/uaccess.h +index 362a32d9bd168..c8b4b8cc65294 100644 +--- a/arch/nds32/include/asm/uaccess.h ++++ b/arch/nds32/include/asm/uaccess.h +@@ -75,9 +75,7 @@ static inline void set_fs(mm_segment_t fs) + * versions are void (ie, don't return a value as such). + */ + +-#define get_user __get_user \ +- +-#define __get_user(x, ptr) \ ++#define get_user(x, ptr) \ + ({ \ + long __gu_err = 0; \ + __get_user_check((x), (ptr), __gu_err); \ +@@ -90,6 +88,14 @@ static inline void set_fs(mm_segment_t fs) + (void)0; \ + }) + ++#define __get_user(x, ptr) \ ++({ \ ++ long __gu_err = 0; \ ++ const __typeof__(*(ptr)) __user *__p = (ptr); \ ++ __get_user_err((x), __p, (__gu_err)); \ ++ __gu_err; \ ++}) ++ + #define __get_user_check(x, ptr, err) \ + ({ \ + const __typeof__(*(ptr)) __user *__p = (ptr); \ +@@ -170,12 +176,18 @@ do { \ + : "r"(addr), "i"(-EFAULT) \ + : "cc") + +-#define put_user __put_user \ ++#define put_user(x, ptr) \ ++({ \ ++ long __pu_err = 0; \ ++ __put_user_check((x), (ptr), __pu_err); \ ++ __pu_err; \ ++}) + + #define __put_user(x, ptr) \ + ({ \ + long __pu_err = 0; \ +- __put_user_err((x), (ptr), __pu_err); \ ++ __typeof__(*(ptr)) __user *__p = (ptr); \ ++ __put_user_err((x), __p, __pu_err); \ + __pu_err; \ + }) + +diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c +index b35c34cfbe522..8b1aa1206d980 100644 +--- a/arch/x86/kernel/acpi/boot.c ++++ b/arch/x86/kernel/acpi/boot.c +@@ -1351,6 +1351,17 @@ static int __init disable_acpi_pci(const struct dmi_system_id *d) + return 0; + } + ++static int __init disable_acpi_xsdt(const struct dmi_system_id *d) ++{ ++ if (!acpi_force) { ++ pr_notice("%s detected: force use of acpi=rsdt\n", d->ident); ++ acpi_gbl_do_not_use_xsdt = TRUE; ++ } else { ++ pr_notice("Warning: DMI blacklist says broken, but acpi XSDT forced\n"); ++ } ++ return 0; ++} ++ + static int __init dmi_disable_acpi(const struct dmi_system_id *d) + { + if (!acpi_force) { +@@ -1475,6 +1486,19 @@ static const struct dmi_system_id acpi_dmi_table[] __initconst = { + DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"), + }, + }, ++ /* ++ * Boxes that need ACPI XSDT use disabled due to corrupted tables ++ */ ++ { ++ .callback = disable_acpi_xsdt, ++ .ident = "Advantech DAC-BJ01", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "NEC"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Bearlake CRB Board"), ++ DMI_MATCH(DMI_BIOS_VERSION, "V1.12"), ++ DMI_MATCH(DMI_BIOS_DATE, "02/01/2011"), ++ }, ++ }, + {} + }; + +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c +index d4e42a578e186..c0c533206e02d 100644 +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -90,6 +90,10 @@ extern void *acpi_unlock_battery_dir(struct proc_dir_entry *acpi_battery_dir); + + static const struct acpi_device_id battery_device_ids[] = { + {"PNP0C0A", 0}, ++ ++ /* Microsoft Surface Go 3 */ ++ {"MSHW0146", 0}, ++ + {"", 0}, + }; + +@@ -1416,6 +1420,14 @@ static const struct dmi_system_id bat_dmi_table[] __initconst = { + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad"), + }, + }, ++ { ++ /* Microsoft Surface Go 3 */ ++ .callback = battery_notification_delay_quirk, ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Microsoft Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Surface Go 3"), ++ }, ++ }, + {}, + }; + +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c +index 86ffb4af4afca..298d9c65e0848 100644 +--- a/drivers/acpi/video_detect.c ++++ b/drivers/acpi/video_detect.c +@@ -356,6 +356,81 @@ static const struct dmi_system_id video_detect_dmi_table[] = { + DMI_MATCH(DMI_BOARD_NAME, "BA51_MV"), + }, + }, ++ /* ++ * Clevo NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2 have both a ++ * working native and video interface. However the default detection ++ * mechanism first registers the video interface before unregistering ++ * it again and switching to the native interface during boot. This ++ * results in a dangling SBIOS request for backlight change for some ++ * reason, causing the backlight to switch to ~2% once per boot on the ++ * first power cord connect or disconnect event. Setting the native ++ * interface explicitly circumvents this buggy behaviour, by avoiding ++ * the unregistering process. ++ */ ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xRU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xRU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xRU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xRU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), ++ DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xRU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), ++ DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xNU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xNU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), ++ }, ++ }, ++ { ++ .callback = video_detect_force_native, ++ .ident = "Clevo NL5xNU", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), ++ }, ++ }, + + /* + * Desktops which falsely report a backlight and which our heuristics +diff --git a/drivers/crypto/qat/qat_common/qat_crypto.c b/drivers/crypto/qat/qat_common/qat_crypto.c +index 3852d31ce0a4b..37a9f969c59cd 100644 +--- a/drivers/crypto/qat/qat_common/qat_crypto.c ++++ b/drivers/crypto/qat/qat_common/qat_crypto.c +@@ -170,6 +170,14 @@ int qat_crypto_dev_config(struct adf_accel_dev *accel_dev) + goto err; + if (adf_cfg_section_add(accel_dev, "Accelerator0")) + goto err; ++ ++ /* Temporarily set the number of crypto instances to zero to avoid ++ * registering the crypto algorithms. ++ * This will be removed when the algorithms will support the ++ * CRYPTO_TFM_REQ_MAY_BACKLOG flag ++ */ ++ instances = 0; ++ + for (i = 0; i < instances; i++) { + val = i; + snprintf(key, sizeof(key), ADF_CY "%d" ADF_RING_BANK_NUM, i); +diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c +index 3a489b2b99c99..86811de191edb 100644 +--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c ++++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c +@@ -707,6 +707,12 @@ static int xgene_enet_rx_frame(struct xgene_enet_desc_ring *rx_ring, + buf_pool->rx_skb[skb_index] = NULL; + + datalen = xgene_enet_get_data_len(le64_to_cpu(raw_desc->m1)); ++ ++ /* strip off CRC as HW isn't doing this */ ++ nv = GET_VAL(NV, le64_to_cpu(raw_desc->m0)); ++ if (!nv) ++ datalen -= 4; ++ + skb_put(skb, datalen); + prefetch(skb->data - NET_IP_ALIGN); + skb->protocol = eth_type_trans(skb, ndev); +@@ -728,12 +734,8 @@ static int xgene_enet_rx_frame(struct xgene_enet_desc_ring *rx_ring, + } + } + +- nv = GET_VAL(NV, le64_to_cpu(raw_desc->m0)); +- if (!nv) { +- /* strip off CRC as HW isn't doing this */ +- datalen -= 4; ++ if (!nv) + goto skip_jumbo; +- } + + slots = page_pool->slots - 1; + head = page_pool->head; +diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c +index fd967a38a94a5..ced3c20d64539 100644 +--- a/drivers/nfc/st21nfca/se.c ++++ b/drivers/nfc/st21nfca/se.c +@@ -332,6 +332,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host, + return -ENOMEM; + + transaction->aid_len = skb->data[1]; ++ ++ /* Checking if the length of the AID is valid */ ++ if (transaction->aid_len > sizeof(transaction->aid)) ++ return -EINVAL; ++ + memcpy(transaction->aid, &skb->data[2], + transaction->aid_len); + +@@ -341,6 +346,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host, + return -EPROTO; + + transaction->params_len = skb->data[transaction->aid_len + 3]; ++ ++ /* Total size is allocated (skb->len - 2) minus fixed array members */ ++ if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction))) ++ return -EINVAL; ++ + memcpy(transaction->params, skb->data + + transaction->aid_len + 4, transaction->params_len); + +diff --git a/drivers/staging/fbtft/fb_st7789v.c b/drivers/staging/fbtft/fb_st7789v.c +index 3c3f387936e80..30086ae03605f 100644 +--- a/drivers/staging/fbtft/fb_st7789v.c ++++ b/drivers/staging/fbtft/fb_st7789v.c +@@ -76,6 +76,8 @@ enum st7789v_command { + */ + static int init_display(struct fbtft_par *par) + { ++ par->fbtftops.reset(par); ++ + /* turn off sleep mode */ + write_reg(par, MIPI_DCS_EXIT_SLEEP_MODE); + mdelay(120); +diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c +index e9d58de8b5da6..77967da5d4061 100644 +--- a/drivers/thermal/int340x_thermal/int3400_thermal.c ++++ b/drivers/thermal/int340x_thermal/int3400_thermal.c +@@ -223,6 +223,10 @@ static void int3400_notify(acpi_handle handle, + thermal_prop[4] = NULL; + kobject_uevent_env(&priv->thermal->device.kobj, KOBJ_CHANGE, + thermal_prop); ++ kfree(thermal_prop[0]); ++ kfree(thermal_prop[1]); ++ kfree(thermal_prop[2]); ++ kfree(thermal_prop[3]); + break; + default: + /* Ignore unknown notification codes sent to INT3400 device */ +diff --git a/include/net/esp.h b/include/net/esp.h +index 117652eb6ea32..465e38890ee98 100644 +--- a/include/net/esp.h ++++ b/include/net/esp.h +@@ -4,6 +4,8 @@ + + #include <linux/skbuff.h> + ++#define ESP_SKB_FRAG_MAXSIZE (PAGE_SIZE << SKB_FRAG_PAGE_ORDER) ++ + struct ip_esp_hdr; + + static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb) +diff --git a/include/net/sock.h b/include/net/sock.h +index 75677050c82ed..2bf8dcf863f2c 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -2518,6 +2518,9 @@ extern int sysctl_optmem_max; + extern __u32 sysctl_wmem_default; + extern __u32 sysctl_rmem_default; + ++/* On 32bit arches, an skb frag is limited to 2^15 */ ++#define SKB_FRAG_PAGE_ORDER get_order(32768) ++ + static inline int sk_get_wmem0(const struct sock *sk, const struct proto *proto) + { + /* Does this proto have per netns sysctl_wmem ? */ +diff --git a/net/core/sock.c b/net/core/sock.c +index 41a77027a549b..79f085df52cef 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -2207,9 +2207,6 @@ static void sk_leave_memory_pressure(struct sock *sk) + } + } + +-/* On 32bit arches, an skb frag is limited to 2^15 */ +-#define SKB_FRAG_PAGE_ORDER get_order(32768) +- + /** + * skb_page_frag_refill - check that a page_frag contains enough room + * @sz: minimum size of the fragment we want to get +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index 0792a9e2a555f..45bb5b60b9940 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -275,6 +275,7 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * + struct page *page; + struct sk_buff *trailer; + int tailen = esp->tailen; ++ unsigned int allocsz; + + /* this is non-NULL only with UDP Encapsulation */ + if (x->encap) { +@@ -284,6 +285,10 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * + return err; + } + ++ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES); ++ if (allocsz > ESP_SKB_FRAG_MAXSIZE) ++ goto cow; ++ + if (!skb_cloned(skb)) { + if (tailen <= skb_tailroom(skb)) { + nfrags = 1; +diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c +index 25317d5ccf2cc..e3abfc97fde7f 100644 +--- a/net/ipv6/esp6.c ++++ b/net/ipv6/esp6.c +@@ -241,6 +241,11 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info + struct page *page; + struct sk_buff *trailer; + int tailen = esp->tailen; ++ unsigned int allocsz; ++ ++ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES); ++ if (allocsz > ESP_SKB_FRAG_MAXSIZE) ++ goto cow; + + if (!skb_cloned(skb)) { + if (tailen <= skb_tailroom(skb)) { +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index fd496bda7ec78..373df391dc93c 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1325,8 +1325,8 @@ static int __ip6_append_data(struct sock *sk, + sizeof(struct frag_hdr) : 0) + + rt->rt6i_nfheader_len; + +- if (mtu < fragheaderlen || +- ((mtu - fragheaderlen) & ~7) + fragheaderlen < sizeof(struct frag_hdr)) ++ if (mtu <= fragheaderlen || ++ ((mtu - fragheaderlen) & ~7) + fragheaderlen <= sizeof(struct frag_hdr)) + goto emsgsize; + + maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c +index 89a3dc7d5d400..5cba9199c3c91 100644 +--- a/net/llc/af_llc.c ++++ b/net/llc/af_llc.c +@@ -276,6 +276,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) + { + struct sock *sk = sock->sk; + struct llc_sock *llc = llc_sk(sk); ++ struct net_device *dev = NULL; + struct llc_sap *sap; + int rc = -EINVAL; + +@@ -287,14 +288,14 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) + goto out; + rc = -ENODEV; + if (sk->sk_bound_dev_if) { +- llc->dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if); +- if (llc->dev && addr->sllc_arphrd != llc->dev->type) { +- dev_put(llc->dev); +- llc->dev = NULL; ++ dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if); ++ if (dev && addr->sllc_arphrd != dev->type) { ++ dev_put(dev); ++ dev = NULL; + } + } else +- llc->dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd); +- if (!llc->dev) ++ dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd); ++ if (!dev) + goto out; + rc = -EUSERS; + llc->laddr.lsap = llc_ui_autoport(); +@@ -304,6 +305,11 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) + sap = llc_sap_open(llc->laddr.lsap, NULL); + if (!sap) + goto out; ++ ++ /* Note: We do not expect errors from this point. */ ++ llc->dev = dev; ++ dev = NULL; ++ + memcpy(llc->laddr.mac, llc->dev->dev_addr, IFHWADDRLEN); + memcpy(&llc->addr, addr, sizeof(llc->addr)); + /* assign new connection to its SAP */ +@@ -311,6 +317,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr) + sock_reset_flag(sk, SOCK_ZAPPED); + rc = 0; + out: ++ dev_put(dev); + return rc; + } + +@@ -333,6 +340,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) + struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr; + struct sock *sk = sock->sk; + struct llc_sock *llc = llc_sk(sk); ++ struct net_device *dev = NULL; + struct llc_sap *sap; + int rc = -EINVAL; + +@@ -349,25 +357,26 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) + rc = -ENODEV; + rcu_read_lock(); + if (sk->sk_bound_dev_if) { +- llc->dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if); +- if (llc->dev) { ++ dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if); ++ if (dev) { + if (is_zero_ether_addr(addr->sllc_mac)) +- memcpy(addr->sllc_mac, llc->dev->dev_addr, ++ memcpy(addr->sllc_mac, dev->dev_addr, + IFHWADDRLEN); +- if (addr->sllc_arphrd != llc->dev->type || ++ if (addr->sllc_arphrd != dev->type || + !ether_addr_equal(addr->sllc_mac, +- llc->dev->dev_addr)) { ++ dev->dev_addr)) { + rc = -EINVAL; +- llc->dev = NULL; ++ dev = NULL; + } + } +- } else +- llc->dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd, ++ } else { ++ dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd, + addr->sllc_mac); +- if (llc->dev) +- dev_hold(llc->dev); ++ } ++ if (dev) ++ dev_hold(dev); + rcu_read_unlock(); +- if (!llc->dev) ++ if (!dev) + goto out; + if (!addr->sllc_sap) { + rc = -EUSERS; +@@ -400,6 +409,11 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) + goto out_put; + } + } ++ ++ /* Note: We do not expect errors from this point. */ ++ llc->dev = dev; ++ dev = NULL; ++ + llc->laddr.lsap = addr->sllc_sap; + memcpy(llc->laddr.mac, addr->sllc_mac, IFHWADDRLEN); + memcpy(&llc->addr, addr, sizeof(llc->addr)); +@@ -410,6 +424,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen) + out_put: + llc_sap_put(sap); + out: ++ dev_put(dev); + release_sock(sk); + return rc; + } +diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c +index 6804cdd43befc..9348caf1c611d 100644 +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -1823,13 +1823,11 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh, + const struct mesh_setup *setup) + { + u8 *new_ie; +- const u8 *old_ie; + struct ieee80211_sub_if_data *sdata = container_of(ifmsh, + struct ieee80211_sub_if_data, u.mesh); + + /* allocate information elements */ + new_ie = NULL; +- old_ie = ifmsh->ie; + + if (setup->ie_len) { + new_ie = kmemdup(setup->ie, setup->ie_len, +@@ -1839,7 +1837,6 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh, + } + ifmsh->ie_len = setup->ie_len; + ifmsh->ie = new_ie; +- kfree(old_ie); + + /* now copy the rest of the setup parameters */ + ifmsh->mesh_id_len = setup->mesh_id_len; +diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c +index a3850414dba2d..7dfaad783cd55 100644 +--- a/net/netfilter/nf_tables_core.c ++++ b/net/netfilter/nf_tables_core.c +@@ -144,7 +144,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv) + struct nft_rule *const *rules; + const struct nft_rule *rule; + const struct nft_expr *expr, *last; +- struct nft_regs regs; ++ struct nft_regs regs = {}; + unsigned int stackptr = 0; + struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; + bool genbit = READ_ONCE(net->nft.gencursor); +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c +index cd68a0ae82d31..c85fa85285d93 100644 +--- a/sound/core/oss/pcm_oss.c ++++ b/sound/core/oss/pcm_oss.c +@@ -789,6 +789,11 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream, + + if (oss_period_size < 16) + return -EINVAL; ++ ++ /* don't allocate too large period; 1MB period must be enough */ ++ if (oss_period_size > 1024 * 1024) ++ return -ENOMEM; ++ + runtime->oss.period_bytes = oss_period_size; + runtime->oss.period_frames = 1; + runtime->oss.periods = oss_periods; +@@ -1060,10 +1065,9 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream) + goto failure; + } + #endif +- oss_period_size *= oss_frame_size; +- +- oss_buffer_size = oss_period_size * runtime->oss.periods; +- if (oss_buffer_size < 0) { ++ oss_period_size = array_size(oss_period_size, oss_frame_size); ++ oss_buffer_size = array_size(oss_period_size, runtime->oss.periods); ++ if (oss_buffer_size <= 0) { + err = -EINVAL; + goto failure; + } +diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c +index da400da1fafe6..8b7bbabeea24b 100644 +--- a/sound/core/oss/pcm_plugin.c ++++ b/sound/core/oss/pcm_plugin.c +@@ -61,7 +61,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t + } + if ((width = snd_pcm_format_physical_width(format->format)) < 0) + return width; +- size = frames * format->channels * width; ++ size = array3_size(frames, format->channels, width); ++ /* check for too large period size once again */ ++ if (size > 1024 * 1024) ++ return -ENOMEM; + if (snd_BUG_ON(size % 8)) + return -ENXIO; + size /= 8; +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c +index db62dbe7eaa8a..c92eca6278407 100644 +--- a/sound/core/pcm_native.c ++++ b/sound/core/pcm_native.c +@@ -1648,21 +1648,25 @@ static int snd_pcm_do_reset(struct snd_pcm_substream *substream, int state) + int err = substream->ops->ioctl(substream, SNDRV_PCM_IOCTL1_RESET, NULL); + if (err < 0) + return err; ++ snd_pcm_stream_lock_irq(substream); + runtime->hw_ptr_base = 0; + runtime->hw_ptr_interrupt = runtime->status->hw_ptr - + runtime->status->hw_ptr % runtime->period_size; + runtime->silence_start = runtime->status->hw_ptr; + runtime->silence_filled = 0; ++ snd_pcm_stream_unlock_irq(substream); + return 0; + } + + static void snd_pcm_post_reset(struct snd_pcm_substream *substream, int state) + { + struct snd_pcm_runtime *runtime = substream->runtime; ++ snd_pcm_stream_lock_irq(substream); + runtime->control->appl_ptr = runtime->status->hw_ptr; + if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK && + runtime->silence_size > 0) + snd_pcm_playback_silence(substream, ULONG_MAX); ++ snd_pcm_stream_unlock_irq(substream); + } + + static const struct action_ops snd_pcm_action_reset = { +diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c +index 27b468f057dd4..34d75d4fb93f6 100644 +--- a/sound/pci/ac97/ac97_codec.c ++++ b/sound/pci/ac97/ac97_codec.c +@@ -958,8 +958,8 @@ static int snd_ac97_ad18xx_pcm_get_volume(struct snd_kcontrol *kcontrol, struct + int codec = kcontrol->private_value & 3; + + mutex_lock(&ac97->page_mutex); +- ucontrol->value.integer.value[0] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 0) & 31); +- ucontrol->value.integer.value[1] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 8) & 31); ++ ucontrol->value.integer.value[0] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 8) & 31); ++ ucontrol->value.integer.value[1] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 0) & 31); + mutex_unlock(&ac97->page_mutex); + return 0; + } +diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c +index 452cc79b44af3..79df78a7ec56e 100644 +--- a/sound/pci/cmipci.c ++++ b/sound/pci/cmipci.c +@@ -315,7 +315,6 @@ MODULE_PARM_DESC(joystick_port, "Joystick port address."); + #define CM_MICGAINZ 0x01 /* mic boost */ + #define CM_MICGAINZ_SHIFT 0 + +-#define CM_REG_MIXER3 0x24 + #define CM_REG_AUX_VOL 0x26 + #define CM_VAUXL_MASK 0xf0 + #define CM_VAUXR_MASK 0x0f +@@ -3326,7 +3325,7 @@ static void snd_cmipci_remove(struct pci_dev *pci) + */ + static unsigned char saved_regs[] = { + CM_REG_FUNCTRL1, CM_REG_CHFORMAT, CM_REG_LEGACY_CTRL, CM_REG_MISC_CTRL, +- CM_REG_MIXER0, CM_REG_MIXER1, CM_REG_MIXER2, CM_REG_MIXER3, CM_REG_PLL, ++ CM_REG_MIXER0, CM_REG_MIXER1, CM_REG_MIXER2, CM_REG_AUX_VOL, CM_REG_PLL, + CM_REG_CH0_FRAME1, CM_REG_CH0_FRAME2, + CM_REG_CH1_FRAME1, CM_REG_CH1_FRAME2, CM_REG_EXT_MISC, + CM_REG_INT_STATUS, CM_REG_INT_HLDCLR, CM_REG_FUNCTRL0, +diff --git a/sound/soc/sti/uniperif_player.c b/sound/soc/sti/uniperif_player.c +index 4b0beb372cd94..908f13623f8cd 100644 +--- a/sound/soc/sti/uniperif_player.c ++++ b/sound/soc/sti/uniperif_player.c +@@ -91,7 +91,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id) + SET_UNIPERIF_ITM_BCLR_FIFO_ERROR(player); + + /* Stop the player */ +- snd_pcm_stop_xrun(player->substream); ++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN); + } + + ret = IRQ_HANDLED; +@@ -105,7 +105,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id) + SET_UNIPERIF_ITM_BCLR_DMA_ERROR(player); + + /* Stop the player */ +- snd_pcm_stop_xrun(player->substream); ++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN); + + ret = IRQ_HANDLED; + } +@@ -138,7 +138,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id) + dev_err(player->dev, "Underflow recovery failed\n"); + + /* Stop the player */ +- snd_pcm_stop_xrun(player->substream); ++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN); + + ret = IRQ_HANDLED; + } +diff --git a/sound/soc/sti/uniperif_reader.c b/sound/soc/sti/uniperif_reader.c +index 7b63d35ef428b..ee0055e608529 100644 +--- a/sound/soc/sti/uniperif_reader.c ++++ b/sound/soc/sti/uniperif_reader.c +@@ -65,7 +65,7 @@ static irqreturn_t uni_reader_irq_handler(int irq, void *dev_id) + if (unlikely(status & UNIPERIF_ITS_FIFO_ERROR_MASK(reader))) { + dev_err(reader->dev, "FIFO error detected\n"); + +- snd_pcm_stop_xrun(reader->substream); ++ snd_pcm_stop(reader->substream, SNDRV_PCM_STATE_XRUN); + + ret = IRQ_HANDLED; + } +diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c +index a74e07eff60c3..3bb89fcaa2f5c 100644 +--- a/sound/usb/mixer_quirks.c ++++ b/sound/usb/mixer_quirks.c +@@ -1997,9 +1997,10 @@ void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer, + if (unitid == 7 && cval->control == UAC_FU_VOLUME) + snd_dragonfly_quirk_db_scale(mixer, cval, kctl); + break; +- /* lowest playback value is muted on C-Media devices */ +- case USB_ID(0x0d8c, 0x000c): +- case USB_ID(0x0d8c, 0x0014): ++ /* lowest playback value is muted on some devices */ ++ case USB_ID(0x0d8c, 0x000c): /* C-Media */ ++ case USB_ID(0x0d8c, 0x0014): /* C-Media */ ++ case USB_ID(0x19f7, 0x0003): /* RODE NT-USB */ + if (strstr(kctl->id.name, "Playback")) + cval->min_mute = 1; + break;
