From 195b8f27069ad40c6ee30eee9cdab36a71049708 Mon Sep 17 00:00:00 2001 From: Alice Ferrazzi Date: Wed, 26 Apr 2023 18:51:07 +0900 Subject: Linux patch 5.4.242 Signed-off-by: Alice Ferrazzi --- 0000_README | 4 + 1241_linux-5.4.242.patch | 1433 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1437 insertions(+) create mode 100644 1241_linux-5.4.242.patch diff --git a/0000_README b/0000_README index c3c10ecc..01be6725 100644 --- a/0000_README +++ b/0000_README @@ -1007,6 +1007,10 @@ Patch: 1240_linux-5.4.241.patch From: https://www.kernel.org Desc: Linux 5.4.241 +Patch: 1241_linux-5.4.242.patch +From: https://www.kernel.org +Desc: Linux 5.4.242 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1241_linux-5.4.242.patch b/1241_linux-5.4.242.patch new file mode 100644 index 00000000..d80525c1 --- /dev/null +++ b/1241_linux-5.4.242.patch @@ -0,0 +1,1433 @@ +diff --git a/Makefile b/Makefile +index d9bbe9524e082..ab3ba43588425 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 4 +-SUBLEVEL = 241 ++SUBLEVEL = 242 + EXTRAVERSION = + NAME = Kleptomaniac Octopus + +diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi +index 3a7d375389d0e..36f943a3f3ad2 100644 +--- a/arch/arm/boot/dts/rk3288.dtsi ++++ b/arch/arm/boot/dts/rk3288.dtsi +@@ -942,7 +942,7 @@ + status = "disabled"; + }; + +- spdif: sound@ff88b0000 { ++ spdif: sound@ff8b0000 { + compatible = "rockchip,rk3288-spdif", "rockchip,rk3066-spdif"; + reg = <0x0 0xff8b0000 0x0 0x10000>; + #sound-dai-cells = <0>; +diff --git a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi +index 937b27549d56d..a31b623fedb75 100644 +--- a/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi ++++ b/arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi +@@ -1376,10 +1376,9 @@ + + dmc: bus@38000 { + compatible = "simple-bus"; +- reg = <0x0 0x38000 0x0 0x400>; + #address-cells = <2>; + #size-cells = <2>; +- ranges = <0x0 0x0 0x0 0x38000 0x0 0x400>; ++ ranges = <0x0 0x0 0x0 0x38000 0x0 0x2000>; + + canvas: video-lut@48 { + compatible = "amlogic,canvas"; +diff --git a/arch/mips/kernel/vmlinux.lds.S b/arch/mips/kernel/vmlinux.lds.S +index faf98f209b3f4..6f62c1a3bcfc9 100644 +--- a/arch/mips/kernel/vmlinux.lds.S ++++ b/arch/mips/kernel/vmlinux.lds.S +@@ -10,6 +10,8 @@ + */ + #define BSS_FIRST_SECTIONS *(.bss..swapper_pg_dir) + ++#define RUNTIME_DISCARD_EXIT ++ + #include + + #undef mips +diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c +index ad74472ce967e..34ca344039bbf 100644 +--- a/arch/s390/kernel/ptrace.c ++++ b/arch/s390/kernel/ptrace.c +@@ -502,9 +502,7 @@ long arch_ptrace(struct task_struct *child, long request, + } + return 0; + case PTRACE_GET_LAST_BREAK: +- put_user(child->thread.last_break, +- (unsigned long __user *) data); +- return 0; ++ return put_user(child->thread.last_break, (unsigned long __user *)data); + case PTRACE_ENABLE_TE: + if (!MACHINE_HAS_TE) + return -EIO; +@@ -856,9 +854,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, + } + return 0; + case PTRACE_GET_LAST_BREAK: +- put_user(child->thread.last_break, +- (unsigned int __user *) data); +- return 0; ++ return put_user(child->thread.last_break, (unsigned int __user *)data); + } + return compat_ptrace_request(child, request, addr, data); + } +diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile +index 9733d1cc791dd..969d2b2eb7d71 100644 +--- a/arch/x86/purgatory/Makefile ++++ b/arch/x86/purgatory/Makefile +@@ -27,7 +27,7 @@ KCOV_INSTRUMENT := n + # make up the standalone purgatory.ro + + PURGATORY_CFLAGS_REMOVE := -mcmodel=kernel +-PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss ++PURGATORY_CFLAGS := -mcmodel=large -ffreestanding -fno-zero-initialized-in-bss -g0 + PURGATORY_CFLAGS += $(DISABLE_STACKLEAK_PLUGIN) -DDISABLE_BRANCH_PROFILING + + # Default KBUILD_CFLAGS can have -pg option set when FTRACE is enabled. That +@@ -58,6 +58,9 @@ CFLAGS_sha256.o += $(PURGATORY_CFLAGS) + CFLAGS_REMOVE_string.o += $(PURGATORY_CFLAGS_REMOVE) + CFLAGS_string.o += $(PURGATORY_CFLAGS) + ++AFLAGS_REMOVE_setup-x86_$(BITS).o += -g -Wa,-gdwarf-2 ++AFLAGS_REMOVE_entry64.o += -g -Wa,-gdwarf-2 ++ + $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE + $(call if_changed,ld) + +diff --git a/drivers/iio/adc/at91-sama5d2_adc.c b/drivers/iio/adc/at91-sama5d2_adc.c +index 7347620849686..e84a4c5150e25 100644 +--- a/drivers/iio/adc/at91-sama5d2_adc.c ++++ b/drivers/iio/adc/at91-sama5d2_adc.c +@@ -983,7 +983,7 @@ static struct iio_trigger *at91_adc_allocate_trigger(struct iio_dev *indio, + trig = devm_iio_trigger_alloc(&indio->dev, "%s-dev%d-%s", indio->name, + indio->id, trigger_name); + if (!trig) +- return NULL; ++ return ERR_PTR(-ENOMEM); + + trig->dev.parent = indio->dev.parent; + iio_trigger_set_drvdata(trig, indio); +diff --git a/drivers/iio/light/tsl2772.c b/drivers/iio/light/tsl2772.c +index be37fcbd4654e..665a24f630440 100644 +--- a/drivers/iio/light/tsl2772.c ++++ b/drivers/iio/light/tsl2772.c +@@ -606,6 +606,7 @@ static int tsl2772_read_prox_diodes(struct tsl2772_chip *chip) + return -EINVAL; + } + } ++ chip->settings.prox_diode = prox_diode_mask; + + return 0; + } +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h +index 6b2e88da30766..92fb2f72511e8 100644 +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -601,6 +601,14 @@ static const struct dmi_system_id i8042_dmi_quirk_table[] __initconst = { + }, + .driver_data = (void *)(SERIO_QUIRK_NOMUX) + }, ++ { ++ /* Fujitsu Lifebook A574/H */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "FMVA0501PZ"), ++ }, ++ .driver_data = (void *)(SERIO_QUIRK_NOMUX) ++ }, + { + /* Gigabyte M912 */ + .matches = { +diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c +index 12bc3f5a6cbbd..1c7a9dcfed658 100644 +--- a/drivers/memstick/core/memstick.c ++++ b/drivers/memstick/core/memstick.c +@@ -412,6 +412,7 @@ static struct memstick_dev *memstick_alloc_card(struct memstick_host *host) + return card; + err_out: + host->card = old_card; ++ kfree_const(card->dev.kobj.name); + kfree(card); + return NULL; + } +@@ -470,8 +471,10 @@ static void memstick_check(struct work_struct *work) + put_device(&card->dev); + host->card = NULL; + } +- } else ++ } else { ++ kfree_const(card->dev.kobj.name); + kfree(card); ++ } + } + + out_power_off: +diff --git a/drivers/mmc/host/sdhci_am654.c b/drivers/mmc/host/sdhci_am654.c +index 4cbb764c9822b..987626ffdb6f9 100644 +--- a/drivers/mmc/host/sdhci_am654.c ++++ b/drivers/mmc/host/sdhci_am654.c +@@ -227,8 +227,6 @@ static void sdhci_am654_write_b(struct sdhci_host *host, u8 val, int reg) + */ + case MMC_TIMING_SD_HS: + case MMC_TIMING_MMC_HS: +- case MMC_TIMING_UHS_SDR12: +- case MMC_TIMING_UHS_SDR25: + val &= ~SDHCI_CTRL_HISPD; + } + } +diff --git a/drivers/net/dsa/b53/b53_mmap.c b/drivers/net/dsa/b53/b53_mmap.c +index c628d0980c0b1..1d52cb3e46d52 100644 +--- a/drivers/net/dsa/b53/b53_mmap.c ++++ b/drivers/net/dsa/b53/b53_mmap.c +@@ -215,6 +215,18 @@ static int b53_mmap_write64(struct b53_device *dev, u8 page, u8 reg, + return 0; + } + ++static int b53_mmap_phy_read16(struct b53_device *dev, int addr, int reg, ++ u16 *value) ++{ ++ return -EIO; ++} ++ ++static int b53_mmap_phy_write16(struct b53_device *dev, int addr, int reg, ++ u16 value) ++{ ++ return -EIO; ++} ++ + static const struct b53_io_ops b53_mmap_ops = { + .read8 = b53_mmap_read8, + .read16 = b53_mmap_read16, +@@ -226,6 +238,8 @@ static const struct b53_io_ops b53_mmap_ops = { + .write32 = b53_mmap_write32, + .write48 = b53_mmap_write48, + .write64 = b53_mmap_write64, ++ .phy_read16 = b53_mmap_phy_read16, ++ .phy_write16 = b53_mmap_phy_write16, + }; + + static int b53_mmap_probe(struct platform_device *pdev) +diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c +index b0d43985724d8..2c34d45354fe9 100644 +--- a/drivers/net/ethernet/intel/e1000e/netdev.c ++++ b/drivers/net/ethernet/intel/e1000e/netdev.c +@@ -5270,31 +5270,6 @@ static void e1000_watchdog_task(struct work_struct *work) + ew32(TARC(0), tarc0); + } + +- /* disable TSO for pcie and 10/100 speeds, to avoid +- * some hardware issues +- */ +- if (!(adapter->flags & FLAG_TSO_FORCE)) { +- switch (adapter->link_speed) { +- case SPEED_10: +- case SPEED_100: +- e_info("10/100 speed: disabling TSO\n"); +- netdev->features &= ~NETIF_F_TSO; +- netdev->features &= ~NETIF_F_TSO6; +- break; +- case SPEED_1000: +- netdev->features |= NETIF_F_TSO; +- netdev->features |= NETIF_F_TSO6; +- break; +- default: +- /* oops */ +- break; +- } +- if (hw->mac.type == e1000_pch_spt) { +- netdev->features &= ~NETIF_F_TSO; +- netdev->features &= ~NETIF_F_TSO6; +- } +- } +- + /* enable transmits in the hardware, need to do this + * after setting TARC(0) + */ +@@ -7223,6 +7198,32 @@ static int e1000_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + NETIF_F_RXCSUM | + NETIF_F_HW_CSUM); + ++ /* disable TSO for pcie and 10/100 speeds to avoid ++ * some hardware issues and for i219 to fix transfer ++ * speed being capped at 60% ++ */ ++ if (!(adapter->flags & FLAG_TSO_FORCE)) { ++ switch (adapter->link_speed) { ++ case SPEED_10: ++ case SPEED_100: ++ e_info("10/100 speed: disabling TSO\n"); ++ netdev->features &= ~NETIF_F_TSO; ++ netdev->features &= ~NETIF_F_TSO6; ++ break; ++ case SPEED_1000: ++ netdev->features |= NETIF_F_TSO; ++ netdev->features |= NETIF_F_TSO6; ++ break; ++ default: ++ /* oops */ ++ break; ++ } ++ if (hw->mac.type == e1000_pch_spt) { ++ netdev->features &= ~NETIF_F_TSO; ++ netdev->features &= ~NETIF_F_TSO6; ++ } ++ } ++ + /* Set user-changeable features (subset of all device features) */ + netdev->hw_features = netdev->features; + netdev->hw_features |= NETIF_F_RXFCS; +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 05f2f5637d3df..351d4c53297f5 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -10336,8 +10336,11 @@ static void i40e_rebuild(struct i40e_pf *pf, bool reinit, bool lock_acquired) + pf->hw.aq.asq_last_status)); + } + /* reinit the misc interrupt */ +- if (pf->flags & I40E_FLAG_MSIX_ENABLED) ++ if (pf->flags & I40E_FLAG_MSIX_ENABLED) { + ret = i40e_setup_misc_vector(pf); ++ if (ret) ++ goto end_unlock; ++ } + + /* Add a filter to drop all Flow control frames from any VSI from being + * transmitted. By doing so we stop a malicious VF from sending out +@@ -13463,15 +13466,15 @@ static int i40e_add_vsi(struct i40e_vsi *vsi) + vsi->id = ctxt.vsi_number; + } + +- vsi->active_filters = 0; +- clear_bit(__I40E_VSI_OVERFLOW_PROMISC, vsi->state); + spin_lock_bh(&vsi->mac_filter_hash_lock); ++ vsi->active_filters = 0; + /* If macvlan filters already exist, force them to get loaded */ + hash_for_each_safe(vsi->mac_filter_hash, bkt, h, f, hlist) { + f->state = I40E_FILTER_NEW; + f_count++; + } + spin_unlock_bh(&vsi->mac_filter_hash_lock); ++ clear_bit(__I40E_VSI_OVERFLOW_PROMISC, vsi->state); + + if (f_count) { + vsi->flags |= I40E_VSI_FLAG_FILTER_CHANGED; +diff --git a/drivers/net/ethernet/mellanox/mlxfw/mlxfw_mfa2_tlv_multi.c b/drivers/net/ethernet/mellanox/mlxfw/mlxfw_mfa2_tlv_multi.c +index 017d68f1e1232..972c571b41587 100644 +--- a/drivers/net/ethernet/mellanox/mlxfw/mlxfw_mfa2_tlv_multi.c ++++ b/drivers/net/ethernet/mellanox/mlxfw/mlxfw_mfa2_tlv_multi.c +@@ -31,6 +31,8 @@ mlxfw_mfa2_tlv_next(const struct mlxfw_mfa2_file *mfa2_file, + + if (tlv->type == MLXFW_MFA2_TLV_MULTI_PART) { + multi = mlxfw_mfa2_tlv_multi_get(mfa2_file, tlv); ++ if (!multi) ++ return NULL; + tlv_len = NLA_ALIGN(tlv_len + be16_to_cpu(multi->total_len)); + } + +diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c +index 5212d9cb03728..59d4449450ee8 100644 +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -646,8 +646,13 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, + int page_off, + unsigned int *len) + { +- struct page *page = alloc_page(GFP_ATOMIC); ++ int tailroom = SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); ++ struct page *page; + ++ if (page_off + *len + tailroom > PAGE_SIZE) ++ return NULL; ++ ++ page = alloc_page(GFP_ATOMIC); + if (!page) + return NULL; + +@@ -655,7 +660,6 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, + page_off += *len; + + while (--*num_buf) { +- int tailroom = SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); + unsigned int buflen; + void *buf; + int off; +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 3dfc5c66f1408..a3078755939e3 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -989,10 +989,8 @@ static void xenvif_tx_build_gops(struct xenvif_queue *queue, + + /* No crossing a page as the payload mustn't fragment. */ + if (unlikely((txreq.offset + txreq.size) > XEN_PAGE_SIZE)) { +- netdev_err(queue->vif->dev, +- "txreq.offset: %u, size: %u, end: %lu\n", +- txreq.offset, txreq.size, +- (unsigned long)(txreq.offset&~XEN_PAGE_MASK) + txreq.size); ++ netdev_err(queue->vif->dev, "Cross page boundary, txreq.offset: %u, size: %u\n", ++ txreq.offset, txreq.size); + xenvif_fatal_tx_err(queue->vif); + break; + } +diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c +index 3169859cd3906..4250081595c14 100644 +--- a/drivers/nvme/host/tcp.c ++++ b/drivers/nvme/host/tcp.c +@@ -1387,22 +1387,7 @@ static int nvme_tcp_alloc_queue(struct nvme_ctrl *nctrl, + if (ret) + goto err_init_connect; + +- queue->rd_enabled = true; + set_bit(NVME_TCP_Q_ALLOCATED, &queue->flags); +- nvme_tcp_init_recv_ctx(queue); +- +- write_lock_bh(&queue->sock->sk->sk_callback_lock); +- queue->sock->sk->sk_user_data = queue; +- queue->state_change = queue->sock->sk->sk_state_change; +- queue->data_ready = queue->sock->sk->sk_data_ready; +- queue->write_space = queue->sock->sk->sk_write_space; +- queue->sock->sk->sk_data_ready = nvme_tcp_data_ready; +- queue->sock->sk->sk_state_change = nvme_tcp_state_change; +- queue->sock->sk->sk_write_space = nvme_tcp_write_space; +-#ifdef CONFIG_NET_RX_BUSY_POLL +- queue->sock->sk->sk_ll_usec = 1; +-#endif +- write_unlock_bh(&queue->sock->sk->sk_callback_lock); + + return 0; + +@@ -1419,7 +1404,7 @@ err_sock: + return ret; + } + +-static void nvme_tcp_restore_sock_calls(struct nvme_tcp_queue *queue) ++static void nvme_tcp_restore_sock_ops(struct nvme_tcp_queue *queue) + { + struct socket *sock = queue->sock; + +@@ -1434,7 +1419,7 @@ static void nvme_tcp_restore_sock_calls(struct nvme_tcp_queue *queue) + static void __nvme_tcp_stop_queue(struct nvme_tcp_queue *queue) + { + kernel_sock_shutdown(queue->sock, SHUT_RDWR); +- nvme_tcp_restore_sock_calls(queue); ++ nvme_tcp_restore_sock_ops(queue); + cancel_work_sync(&queue->io_work); + } + +@@ -1448,21 +1433,42 @@ static void nvme_tcp_stop_queue(struct nvme_ctrl *nctrl, int qid) + __nvme_tcp_stop_queue(queue); + } + ++static void nvme_tcp_setup_sock_ops(struct nvme_tcp_queue *queue) ++{ ++ write_lock_bh(&queue->sock->sk->sk_callback_lock); ++ queue->sock->sk->sk_user_data = queue; ++ queue->state_change = queue->sock->sk->sk_state_change; ++ queue->data_ready = queue->sock->sk->sk_data_ready; ++ queue->write_space = queue->sock->sk->sk_write_space; ++ queue->sock->sk->sk_data_ready = nvme_tcp_data_ready; ++ queue->sock->sk->sk_state_change = nvme_tcp_state_change; ++ queue->sock->sk->sk_write_space = nvme_tcp_write_space; ++#ifdef CONFIG_NET_RX_BUSY_POLL ++ queue->sock->sk->sk_ll_usec = 1; ++#endif ++ write_unlock_bh(&queue->sock->sk->sk_callback_lock); ++} ++ + static int nvme_tcp_start_queue(struct nvme_ctrl *nctrl, int idx) + { + struct nvme_tcp_ctrl *ctrl = to_tcp_ctrl(nctrl); ++ struct nvme_tcp_queue *queue = &ctrl->queues[idx]; + int ret; + ++ queue->rd_enabled = true; ++ nvme_tcp_init_recv_ctx(queue); ++ nvme_tcp_setup_sock_ops(queue); ++ + if (idx) + ret = nvmf_connect_io_queue(nctrl, idx, false); + else + ret = nvmf_connect_admin_queue(nctrl); + + if (!ret) { +- set_bit(NVME_TCP_Q_LIVE, &ctrl->queues[idx].flags); ++ set_bit(NVME_TCP_Q_LIVE, &queue->flags); + } else { +- if (test_bit(NVME_TCP_Q_ALLOCATED, &ctrl->queues[idx].flags)) +- __nvme_tcp_stop_queue(&ctrl->queues[idx]); ++ if (test_bit(NVME_TCP_Q_ALLOCATED, &queue->flags)) ++ __nvme_tcp_stop_queue(queue); + dev_err(nctrl->device, + "failed to connect queue: %d ret=%d\n", idx, ret); + } +diff --git a/drivers/pwm/pwm-meson.c b/drivers/pwm/pwm-meson.c +index 6245bbdb6e6c1..3c81858a8261c 100644 +--- a/drivers/pwm/pwm-meson.c ++++ b/drivers/pwm/pwm-meson.c +@@ -168,6 +168,12 @@ static int meson_pwm_calc(struct meson_pwm *meson, struct pwm_device *pwm, + duty = state->duty_cycle; + period = state->period; + ++ /* ++ * Note this is wrong. The result is an output wave that isn't really ++ * inverted and so is wrongly identified by .get_state as normal. ++ * Fixing this needs some care however as some machines might rely on ++ * this. ++ */ + if (state->polarity == PWM_POLARITY_INVERSED) + duty = period - duty; + +@@ -366,6 +372,7 @@ static void meson_pwm_get_state(struct pwm_chip *chip, struct pwm_device *pwm, + state->period = 0; + state->duty_cycle = 0; + } ++ state->polarity = PWM_POLARITY_NORMAL; + } + + static const struct pwm_ops meson_pwm_ops = { +diff --git a/drivers/regulator/fan53555.c b/drivers/regulator/fan53555.c +index dbe477da4e559..99a1b2dc30933 100644 +--- a/drivers/regulator/fan53555.c ++++ b/drivers/regulator/fan53555.c +@@ -8,18 +8,19 @@ + // Copyright (c) 2012 Marvell Technology Ltd. + // Yunfan Zhang + ++#include ++#include ++#include + #include ++#include + #include +-#include + #include ++#include + #include ++#include + #include + #include +-#include +-#include + #include +-#include +-#include + + /* Voltage setting */ + #define FAN53555_VSEL0 0x00 +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c +index a261ce511e9ed..617148567d8d7 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -3235,7 +3235,7 @@ fw_crash_buffer_show(struct device *cdev, + + spin_lock_irqsave(&instance->crashdump_lock, flags); + buff_offset = instance->fw_crash_buffer_offset; +- if (!instance->crash_dump_buf && ++ if (!instance->crash_dump_buf || + !((instance->fw_crash_state == AVAILABLE) || + (instance->fw_crash_state == COPYING))) { + dev_err(&instance->pdev->dev, +diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c +index 1ce3f90f782fd..2921256b59a0e 100644 +--- a/drivers/scsi/scsi.c ++++ b/drivers/scsi/scsi.c +@@ -331,11 +331,18 @@ static int scsi_vpd_inquiry(struct scsi_device *sdev, unsigned char *buffer, + if (result) + return -EIO; + +- /* Sanity check that we got the page back that we asked for */ ++ /* ++ * Sanity check that we got the page back that we asked for and that ++ * the page size is not 0. ++ */ + if (buffer[1] != page) + return -EIO; + +- return get_unaligned_be16(&buffer[2]) + 4; ++ result = get_unaligned_be16(&buffer[2]); ++ if (!result) ++ return -EIO; ++ ++ return result + 4; + } + + /** +diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c +index 4eb4c23b04b93..8b8f7f00b835d 100644 +--- a/fs/ext4/inline.c ++++ b/fs/ext4/inline.c +@@ -206,7 +206,7 @@ out: + /* + * write the buffer to the inline inode. + * If 'create' is set, we don't need to do the extra copy in the xattr +- * value since it is already handled by ext4_xattr_ibody_inline_set. ++ * value since it is already handled by ext4_xattr_ibody_set. + * That saves us one memcpy. + */ + static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc, +@@ -288,7 +288,7 @@ static int ext4_create_inline_data(handle_t *handle, + + BUG_ON(!is.s.not_found); + +- error = ext4_xattr_ibody_inline_set(handle, inode, &i, &is); ++ error = ext4_xattr_ibody_set(handle, inode, &i, &is); + if (error) { + if (error == -ENOSPC) + ext4_clear_inode_state(inode, +@@ -360,7 +360,7 @@ static int ext4_update_inline_data(handle_t *handle, struct inode *inode, + i.value = value; + i.value_len = len; + +- error = ext4_xattr_ibody_inline_set(handle, inode, &i, &is); ++ error = ext4_xattr_ibody_set(handle, inode, &i, &is); + if (error) + goto out; + +@@ -433,7 +433,7 @@ static int ext4_destroy_inline_data_nolock(handle_t *handle, + if (error) + goto out; + +- error = ext4_xattr_ibody_inline_set(handle, inode, &i, &is); ++ error = ext4_xattr_ibody_set(handle, inode, &i, &is); + if (error) + goto out; + +@@ -1969,8 +1969,7 @@ int ext4_inline_data_truncate(struct inode *inode, int *has_inline) + i.value = value; + i.value_len = i_size > EXT4_MIN_INLINE_DATA_SIZE ? + i_size - EXT4_MIN_INLINE_DATA_SIZE : 0; +- err = ext4_xattr_ibody_inline_set(handle, inode, +- &i, &is); ++ err = ext4_xattr_ibody_set(handle, inode, &i, &is); + if (err) + goto out_error; + } +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c +index db19261cd5096..008d9b8979878 100644 +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -2232,7 +2232,7 @@ int ext4_xattr_ibody_find(struct inode *inode, struct ext4_xattr_info *i, + return 0; + } + +-int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, ++int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, + struct ext4_xattr_info *i, + struct ext4_xattr_ibody_find *is) + { +@@ -2257,30 +2257,6 @@ int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, + return 0; + } + +-static int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, +- struct ext4_xattr_info *i, +- struct ext4_xattr_ibody_find *is) +-{ +- struct ext4_xattr_ibody_header *header; +- struct ext4_xattr_search *s = &is->s; +- int error; +- +- if (EXT4_I(inode)->i_extra_isize == 0) +- return -ENOSPC; +- error = ext4_xattr_set_entry(i, s, handle, inode, false /* is_block */); +- if (error) +- return error; +- header = IHDR(inode, ext4_raw_inode(&is->iloc)); +- if (!IS_LAST_ENTRY(s->first)) { +- header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC); +- ext4_set_inode_state(inode, EXT4_STATE_XATTR); +- } else { +- header->h_magic = cpu_to_le32(0); +- ext4_clear_inode_state(inode, EXT4_STATE_XATTR); +- } +- return 0; +-} +- + static int ext4_xattr_value_same(struct ext4_xattr_search *s, + struct ext4_xattr_info *i) + { +diff --git a/fs/ext4/xattr.h b/fs/ext4/xattr.h +index 231ef308d10cb..66911f8a11f84 100644 +--- a/fs/ext4/xattr.h ++++ b/fs/ext4/xattr.h +@@ -199,9 +199,9 @@ extern int ext4_xattr_ibody_find(struct inode *inode, struct ext4_xattr_info *i, + extern int ext4_xattr_ibody_get(struct inode *inode, int name_index, + const char *name, + void *buffer, size_t buffer_size); +-extern int ext4_xattr_ibody_inline_set(handle_t *handle, struct inode *inode, +- struct ext4_xattr_info *i, +- struct ext4_xattr_ibody_find *is); ++extern int ext4_xattr_ibody_set(handle_t *handle, struct inode *inode, ++ struct ext4_xattr_info *i, ++ struct ext4_xattr_ibody_find *is); + + extern struct mb_cache *ext4_xattr_create_cache(void); + extern void ext4_xattr_destroy_cache(struct mb_cache *); +diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c +index 7765a7f9963ce..b23ed9a35e5e4 100644 +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -435,6 +435,23 @@ static int nilfs_segctor_reset_segment_buffer(struct nilfs_sc_info *sci) + return 0; + } + ++/** ++ * nilfs_segctor_zeropad_segsum - zero pad the rest of the segment summary area ++ * @sci: segment constructor object ++ * ++ * nilfs_segctor_zeropad_segsum() zero-fills unallocated space at the end of ++ * the current segment summary block. ++ */ ++static void nilfs_segctor_zeropad_segsum(struct nilfs_sc_info *sci) ++{ ++ struct nilfs_segsum_pointer *ssp; ++ ++ ssp = sci->sc_blk_cnt > 0 ? &sci->sc_binfo_ptr : &sci->sc_finfo_ptr; ++ if (ssp->offset < ssp->bh->b_size) ++ memset(ssp->bh->b_data + ssp->offset, 0, ++ ssp->bh->b_size - ssp->offset); ++} ++ + static int nilfs_segctor_feed_segment(struct nilfs_sc_info *sci) + { + sci->sc_nblk_this_inc += sci->sc_curseg->sb_sum.nblocks; +@@ -443,6 +460,7 @@ static int nilfs_segctor_feed_segment(struct nilfs_sc_info *sci) + * The current segment is filled up + * (internal code) + */ ++ nilfs_segctor_zeropad_segsum(sci); + sci->sc_curseg = NILFS_NEXT_SEGBUF(sci->sc_curseg); + return nilfs_segctor_reset_segment_buffer(sci); + } +@@ -547,6 +565,7 @@ static int nilfs_segctor_add_file_block(struct nilfs_sc_info *sci, + goto retry; + } + if (unlikely(required)) { ++ nilfs_segctor_zeropad_segsum(sci); + err = nilfs_segbuf_extend_segsum(segbuf); + if (unlikely(err)) + goto failed; +@@ -1531,6 +1550,7 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci, + nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA); + sci->sc_stage = prev_stage; + } ++ nilfs_segctor_zeropad_segsum(sci); + nilfs_segctor_truncate_segments(sci, sci->sc_curseg, nilfs->ns_sufile); + return 0; + +diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c +index f5b16120c64db..2b74b6e9a354e 100644 +--- a/fs/xfs/libxfs/xfs_attr_leaf.c ++++ b/fs/xfs/libxfs/xfs_attr_leaf.c +@@ -435,7 +435,7 @@ xfs_attr_copy_value( + *========================================================================*/ + + /* +- * Query whether the requested number of additional bytes of extended ++ * Query whether the total requested number of attr fork bytes of extended + * attribute space will be able to fit inline. + * + * Returns zero if not, else the di_forkoff fork offset to be used in the +@@ -455,6 +455,12 @@ xfs_attr_shortform_bytesfit( + int maxforkoff; + int offset; + ++ /* ++ * Check if the new size could fit at all first: ++ */ ++ if (bytes > XFS_LITINO(mp)) ++ return 0; ++ + /* rounded down */ + offset = (XFS_LITINO(mp) - bytes) >> 3; + +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index eab3a4d02f325..302a2ad679809 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -257,6 +257,7 @@ struct nf_bridge_info { + u8 pkt_otherhost:1; + u8 in_prerouting:1; + u8 bridged_dnat:1; ++ u8 sabotage_in_done:1; + __u16 frag_max_size; + struct net_device *physindev; + +@@ -4226,7 +4227,7 @@ static inline void nf_reset_ct(struct sk_buff *skb) + + static inline void nf_reset_trace(struct sk_buff *skb) + { +-#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) ++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || IS_ENABLED(CONFIG_NF_TABLES) + skb->nf_trace = 0; + #endif + } +@@ -4246,7 +4247,7 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, + dst->_nfct = src->_nfct; + nf_conntrack_get(skb_nfct(src)); + #endif +-#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES) ++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || IS_ENABLED(CONFIG_NF_TABLES) + if (copy) + dst->nf_trace = src->nf_trace; + #endif +diff --git a/include/net/ipv6.h b/include/net/ipv6.h +index b59b3dae0f71b..0e031a4fef408 100644 +--- a/include/net/ipv6.h ++++ b/include/net/ipv6.h +@@ -1100,6 +1100,8 @@ void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, __be16 port, + void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info); + void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu); + ++void inet6_cleanup_sock(struct sock *sk); ++void inet6_sock_destruct(struct sock *sk); + int inet6_release(struct socket *sock); + int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len); + int inet6_getname(struct socket *sock, struct sockaddr *uaddr, +diff --git a/include/net/udp.h b/include/net/udp.h +index bbd607fb939a6..7323f72fed70b 100644 +--- a/include/net/udp.h ++++ b/include/net/udp.h +@@ -261,7 +261,7 @@ static inline bool udp_sk_bound_dev_eq(struct net *net, int bound_dev_if, + } + + /* net/ipv4/udp.c */ +-void udp_destruct_sock(struct sock *sk); ++void udp_destruct_common(struct sock *sk); + void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len); + int __udp_enqueue_schedule_skb(struct sock *sk, struct sk_buff *skb); + void udp_skb_destructor(struct sock *sk, struct sk_buff *skb); +diff --git a/include/net/udplite.h b/include/net/udplite.h +index 9185e45b997ff..c59ba86668af0 100644 +--- a/include/net/udplite.h ++++ b/include/net/udplite.h +@@ -24,14 +24,6 @@ static __inline__ int udplite_getfrag(void *from, char *to, int offset, + return copy_from_iter_full(to, len, &msg->msg_iter) ? 0 : -EFAULT; + } + +-/* Designate sk as UDP-Lite socket */ +-static inline int udplite_sk_init(struct sock *sk) +-{ +- udp_init_sock(sk); +- udp_sk(sk)->pcflag = UDPLITE_BIT; +- return 0; +-} +- + /* + * Checksumming routines + */ +diff --git a/include/trace/events/f2fs.h b/include/trace/events/f2fs.h +index a7613efc271ab..88266a7fbad26 100644 +--- a/include/trace/events/f2fs.h ++++ b/include/trace/events/f2fs.h +@@ -499,7 +499,7 @@ TRACE_EVENT(f2fs_truncate_partial_nodes, + TP_STRUCT__entry( + __field(dev_t, dev) + __field(ino_t, ino) +- __field(nid_t, nid[3]) ++ __array(nid_t, nid, 3) + __field(int, depth) + __field(int, err) + ), +diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c +index ca7e05ddbb46e..5476f61bad232 100644 +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -1563,6 +1563,21 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, + } + } else if (opcode == BPF_EXIT) { + return -ENOTSUPP; ++ } else if (BPF_SRC(insn->code) == BPF_X) { ++ if (!(*reg_mask & (dreg | sreg))) ++ return 0; ++ /* dreg sreg ++ * Both dreg and sreg need precision before ++ * this insn. If only sreg was marked precise ++ * before it would be equally necessary to ++ * propagate it to dreg. ++ */ ++ *reg_mask |= (sreg | dreg); ++ /* else dreg K ++ * Only dreg still needs precision before ++ * this insn, so for the K-based conditional ++ * there is nothing new to be marked. ++ */ + } + } else if (class == BPF_LD) { + if (!(*reg_mask & dreg)) +diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c +index 43cb7aab4eed6..277b6fb92ac5f 100644 +--- a/net/bridge/br_netfilter_hooks.c ++++ b/net/bridge/br_netfilter_hooks.c +@@ -868,12 +868,17 @@ static unsigned int ip_sabotage_in(void *priv, + { + struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); + +- if (nf_bridge && !nf_bridge->in_prerouting && +- !netif_is_l3_master(skb->dev) && +- !netif_is_l3_slave(skb->dev)) { +- nf_bridge_info_free(skb); +- state->okfn(state->net, state->sk, skb); +- return NF_STOLEN; ++ if (nf_bridge) { ++ if (nf_bridge->sabotage_in_done) ++ return NF_ACCEPT; ++ ++ if (!nf_bridge->in_prerouting && ++ !netif_is_l3_master(skb->dev) && ++ !netif_is_l3_slave(skb->dev)) { ++ nf_bridge->sabotage_in_done = 1; ++ state->okfn(state->net, state->sk, skb); ++ return NF_STOLEN; ++ } + } + + return NF_ACCEPT; +diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h +index cb818617699c3..8c9a63ef7585a 100644 +--- a/net/dccp/dccp.h ++++ b/net/dccp/dccp.h +@@ -288,6 +288,7 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + int dccp_rcv_established(struct sock *sk, struct sk_buff *skb, + const struct dccp_hdr *dh, const unsigned int len); + ++void dccp_destruct_common(struct sock *sk); + int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized); + void dccp_destroy_sock(struct sock *sk); + +diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c +index c2844fb442c4f..77cb4315b9669 100644 +--- a/net/dccp/ipv6.c ++++ b/net/dccp/ipv6.c +@@ -1000,6 +1000,12 @@ static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = { + #endif + }; + ++static void dccp_v6_sk_destruct(struct sock *sk) ++{ ++ dccp_destruct_common(sk); ++ inet6_sock_destruct(sk); ++} ++ + /* NOTE: A lot of things set to zero explicitly by call to + * sk_alloc() so need not be done here. + */ +@@ -1012,17 +1018,12 @@ static int dccp_v6_init_sock(struct sock *sk) + if (unlikely(!dccp_v6_ctl_sock_initialized)) + dccp_v6_ctl_sock_initialized = 1; + inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops; ++ sk->sk_destruct = dccp_v6_sk_destruct; + } + + return err; + } + +-static void dccp_v6_destroy_sock(struct sock *sk) +-{ +- dccp_destroy_sock(sk); +- inet6_destroy_sock(sk); +-} +- + static struct timewait_sock_ops dccp6_timewait_sock_ops = { + .twsk_obj_size = sizeof(struct dccp6_timewait_sock), + }; +@@ -1045,7 +1046,7 @@ static struct proto dccp_v6_prot = { + .accept = inet_csk_accept, + .get_port = inet_csk_get_port, + .shutdown = dccp_shutdown, +- .destroy = dccp_v6_destroy_sock, ++ .destroy = dccp_destroy_sock, + .orphan_count = &dccp_orphan_count, + .max_header = MAX_DCCP_HEADER, + .obj_size = sizeof(struct dccp6_sock), +diff --git a/net/dccp/proto.c b/net/dccp/proto.c +index 951cbdf05ffe9..3a3a2e1800be7 100644 +--- a/net/dccp/proto.c ++++ b/net/dccp/proto.c +@@ -171,12 +171,18 @@ const char *dccp_packet_name(const int type) + + EXPORT_SYMBOL_GPL(dccp_packet_name); + +-static void dccp_sk_destruct(struct sock *sk) ++void dccp_destruct_common(struct sock *sk) + { + struct dccp_sock *dp = dccp_sk(sk); + + ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); + dp->dccps_hc_tx_ccid = NULL; ++} ++EXPORT_SYMBOL_GPL(dccp_destruct_common); ++ ++static void dccp_sk_destruct(struct sock *sk) ++{ ++ dccp_destruct_common(sk); + inet_sock_destruct(sk); + } + +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c +index 3c8a54fb8d330..a6f982b2d32af 100644 +--- a/net/ipv4/udp.c ++++ b/net/ipv4/udp.c +@@ -1528,7 +1528,7 @@ drop: + } + EXPORT_SYMBOL_GPL(__udp_enqueue_schedule_skb); + +-void udp_destruct_sock(struct sock *sk) ++void udp_destruct_common(struct sock *sk) + { + /* reclaim completely the forward allocated memory */ + struct udp_sock *up = udp_sk(sk); +@@ -1541,10 +1541,14 @@ void udp_destruct_sock(struct sock *sk) + kfree_skb(skb); + } + udp_rmem_release(sk, total, 0, true); ++} ++EXPORT_SYMBOL_GPL(udp_destruct_common); + ++static void udp_destruct_sock(struct sock *sk) ++{ ++ udp_destruct_common(sk); + inet_sock_destruct(sk); + } +-EXPORT_SYMBOL_GPL(udp_destruct_sock); + + int udp_init_sock(struct sock *sk) + { +@@ -1552,7 +1556,6 @@ int udp_init_sock(struct sock *sk) + sk->sk_destruct = udp_destruct_sock; + return 0; + } +-EXPORT_SYMBOL_GPL(udp_init_sock); + + void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len) + { +diff --git a/net/ipv4/udplite.c b/net/ipv4/udplite.c +index 5936d66d1ce2f..f4fad9100749f 100644 +--- a/net/ipv4/udplite.c ++++ b/net/ipv4/udplite.c +@@ -17,6 +17,14 @@ + struct udp_table udplite_table __read_mostly; + EXPORT_SYMBOL(udplite_table); + ++/* Designate sk as UDP-Lite socket */ ++static int udplite_sk_init(struct sock *sk) ++{ ++ udp_init_sock(sk); ++ udp_sk(sk)->pcflag = UDPLITE_BIT; ++ return 0; ++} ++ + static int udplite_rcv(struct sk_buff *skb) + { + return __udp4_lib_rcv(skb, &udplite_table, IPPROTO_UDPLITE); +diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c +index 56f396ecc26b7..a5fc9444c7286 100644 +--- a/net/ipv6/af_inet6.c ++++ b/net/ipv6/af_inet6.c +@@ -104,6 +104,13 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) + return (struct ipv6_pinfo *)(((u8 *)sk) + offset); + } + ++void inet6_sock_destruct(struct sock *sk) ++{ ++ inet6_cleanup_sock(sk); ++ inet_sock_destruct(sk); ++} ++EXPORT_SYMBOL_GPL(inet6_sock_destruct); ++ + static int inet6_create(struct net *net, struct socket *sock, int protocol, + int kern) + { +@@ -196,7 +203,7 @@ lookup_protocol: + inet->hdrincl = 1; + } + +- sk->sk_destruct = inet_sock_destruct; ++ sk->sk_destruct = inet6_sock_destruct; + sk->sk_family = PF_INET6; + sk->sk_protocol = protocol; + +@@ -498,6 +505,12 @@ void inet6_destroy_sock(struct sock *sk) + } + EXPORT_SYMBOL_GPL(inet6_destroy_sock); + ++void inet6_cleanup_sock(struct sock *sk) ++{ ++ inet6_destroy_sock(sk); ++} ++EXPORT_SYMBOL_GPL(inet6_cleanup_sock); ++ + /* + * This does both peername and sockname. + */ +diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c +index 1d7fad8269e60..86c550d63543f 100644 +--- a/net/ipv6/ipv6_sockglue.c ++++ b/net/ipv6/ipv6_sockglue.c +@@ -176,9 +176,6 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, + if (optlen < sizeof(int)) + goto e_inval; + if (val == PF_INET) { +- struct ipv6_txoptions *opt; +- struct sk_buff *pktopt; +- + if (sk->sk_type == SOCK_RAW) + break; + +@@ -209,7 +206,6 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, + break; + } + +- fl6_free_socklist(sk); + __ipv6_sock_mc_close(sk); + __ipv6_sock_ac_close(sk); + +@@ -244,14 +240,14 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, + sk->sk_socket->ops = &inet_dgram_ops; + sk->sk_family = PF_INET; + } +- opt = xchg((__force struct ipv6_txoptions **)&np->opt, +- NULL); +- if (opt) { +- atomic_sub(opt->tot_len, &sk->sk_omem_alloc); +- txopt_put(opt); +- } +- pktopt = xchg(&np->pktoptions, NULL); +- kfree_skb(pktopt); ++ ++ /* Disable all options not to allocate memory anymore, ++ * but there is still a race. See the lockless path ++ * in udpv6_sendmsg() and ipv6_local_rxpmtu(). ++ */ ++ np->rxopt.all = 0; ++ ++ inet6_cleanup_sock(sk); + + /* + * ... and add it to the refcnt debug socks count +diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c +index 051bbd0726dff..98ac32b49d8c9 100644 +--- a/net/ipv6/ping.c ++++ b/net/ipv6/ping.c +@@ -22,11 +22,6 @@ + #include + #include + +-static void ping_v6_destroy(struct sock *sk) +-{ +- inet6_destroy_sock(sk); +-} +- + /* Compatibility glue so we can support IPv6 when it's compiled as a module */ + static int dummy_ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, + int *addr_len) +@@ -170,7 +165,6 @@ struct proto pingv6_prot = { + .owner = THIS_MODULE, + .init = ping_init_sock, + .close = ping_close, +- .destroy = ping_v6_destroy, + .connect = ip6_datagram_connect_v6_only, + .disconnect = __udp_disconnect, + .setsockopt = ipv6_setsockopt, +diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c +index 3d5be1c2fafda..bf052d68e1f5a 100644 +--- a/net/ipv6/raw.c ++++ b/net/ipv6/raw.c +@@ -1256,8 +1256,6 @@ static void raw6_destroy(struct sock *sk) + lock_sock(sk); + ip6_flush_pending_frames(sk); + release_sock(sk); +- +- inet6_destroy_sock(sk); + } + + static int rawv6_init_sk(struct sock *sk) +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c +index da8611a75d2aa..7cb622d300aa2 100644 +--- a/net/ipv6/tcp_ipv6.c ++++ b/net/ipv6/tcp_ipv6.c +@@ -1848,12 +1848,6 @@ static int tcp_v6_init_sock(struct sock *sk) + return 0; + } + +-static void tcp_v6_destroy_sock(struct sock *sk) +-{ +- tcp_v4_destroy_sock(sk); +- inet6_destroy_sock(sk); +-} +- + #ifdef CONFIG_PROC_FS + /* Proc filesystem TCPv6 sock list dumping. */ + static void get_openreq6(struct seq_file *seq, +@@ -2046,7 +2040,7 @@ struct proto tcpv6_prot = { + .accept = inet_csk_accept, + .ioctl = tcp_ioctl, + .init = tcp_v6_init_sock, +- .destroy = tcp_v6_destroy_sock, ++ .destroy = tcp_v4_destroy_sock, + .shutdown = tcp_shutdown, + .setsockopt = tcp_setsockopt, + .getsockopt = tcp_getsockopt, +diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c +index 3777ab1273f5a..797d45ceb2c74 100644 +--- a/net/ipv6/udp.c ++++ b/net/ipv6/udp.c +@@ -54,6 +54,19 @@ + #include + #include "udp_impl.h" + ++static void udpv6_destruct_sock(struct sock *sk) ++{ ++ udp_destruct_common(sk); ++ inet6_sock_destruct(sk); ++} ++ ++int udpv6_init_sock(struct sock *sk) ++{ ++ skb_queue_head_init(&udp_sk(sk)->reader_queue); ++ sk->sk_destruct = udpv6_destruct_sock; ++ return 0; ++} ++ + static u32 udp6_ehashfn(const struct net *net, + const struct in6_addr *laddr, + const u16 lport, +@@ -1560,8 +1573,6 @@ void udpv6_destroy_sock(struct sock *sk) + udp_encap_disable(); + } + } +- +- inet6_destroy_sock(sk); + } + + /* +@@ -1665,7 +1676,7 @@ struct proto udpv6_prot = { + .connect = ip6_datagram_connect, + .disconnect = udp_disconnect, + .ioctl = udp_ioctl, +- .init = udp_init_sock, ++ .init = udpv6_init_sock, + .destroy = udpv6_destroy_sock, + .setsockopt = udpv6_setsockopt, + .getsockopt = udpv6_getsockopt, +diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h +index 20e324b6f3584..16516bd692506 100644 +--- a/net/ipv6/udp_impl.h ++++ b/net/ipv6/udp_impl.h +@@ -12,6 +12,7 @@ int __udp6_lib_rcv(struct sk_buff *, struct udp_table *, int); + int __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, u8, u8, int, + __be32, struct udp_table *); + ++int udpv6_init_sock(struct sock *sk); + int udp_v6_get_port(struct sock *sk, unsigned short snum); + void udp_v6_rehash(struct sock *sk); + +diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c +index bf7a7acd39b1d..3466b8868331e 100644 +--- a/net/ipv6/udplite.c ++++ b/net/ipv6/udplite.c +@@ -12,6 +12,13 @@ + #include + #include "udp_impl.h" + ++static int udplitev6_sk_init(struct sock *sk) ++{ ++ udpv6_init_sock(sk); ++ udp_sk(sk)->pcflag = UDPLITE_BIT; ++ return 0; ++} ++ + static int udplitev6_rcv(struct sk_buff *skb) + { + return __udp6_lib_rcv(skb, &udplite_table, IPPROTO_UDPLITE); +@@ -38,7 +45,7 @@ struct proto udplitev6_prot = { + .connect = ip6_datagram_connect, + .disconnect = udp_disconnect, + .ioctl = udp_ioctl, +- .init = udplite_sk_init, ++ .init = udplitev6_sk_init, + .destroy = udpv6_destroy_sock, + .setsockopt = udpv6_setsockopt, + .getsockopt = udpv6_getsockopt, +diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c +index 23e9ce985ed6a..307cf20b66491 100644 +--- a/net/l2tp/l2tp_ip6.c ++++ b/net/l2tp/l2tp_ip6.c +@@ -268,8 +268,6 @@ static void l2tp_ip6_destroy_sock(struct sock *sk) + + if (tunnel) + l2tp_tunnel_delete(tunnel); +- +- inet6_destroy_sock(sk); + } + + static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) +diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c +index 1eb339d224ae5..603bd3097bd84 100644 +--- a/net/sched/sch_qfq.c ++++ b/net/sched/sch_qfq.c +@@ -421,15 +421,16 @@ static int qfq_change_class(struct Qdisc *sch, u32 classid, u32 parentid, + } else + weight = 1; + +- if (tb[TCA_QFQ_LMAX]) { ++ if (tb[TCA_QFQ_LMAX]) + lmax = nla_get_u32(tb[TCA_QFQ_LMAX]); +- if (lmax < QFQ_MIN_LMAX || lmax > (1UL << QFQ_MTU_SHIFT)) { +- pr_notice("qfq: invalid max length %u\n", lmax); +- return -EINVAL; +- } +- } else ++ else + lmax = psched_mtu(qdisc_dev(sch)); + ++ if (lmax < QFQ_MIN_LMAX || lmax > (1UL << QFQ_MTU_SHIFT)) { ++ pr_notice("qfq: invalid max length %u\n", lmax); ++ return -EINVAL; ++ } ++ + inv_w = ONE_FP / weight; + weight = ONE_FP / inv_w; + +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index 36db659a0f7f4..bf3fed5b91d2b 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -5167,13 +5167,17 @@ static void sctp_destroy_sock(struct sock *sk) + } + + /* Triggered when there are no references on the socket anymore */ +-static void sctp_destruct_sock(struct sock *sk) ++static void sctp_destruct_common(struct sock *sk) + { + struct sctp_sock *sp = sctp_sk(sk); + + /* Free up the HMAC transform. */ + crypto_free_shash(sp->hmac); ++} + ++static void sctp_destruct_sock(struct sock *sk) ++{ ++ sctp_destruct_common(sk); + inet_sock_destruct(sk); + } + +@@ -9308,7 +9312,7 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk, + sctp_sk(newsk)->reuse = sp->reuse; + + newsk->sk_shutdown = sk->sk_shutdown; +- newsk->sk_destruct = sctp_destruct_sock; ++ newsk->sk_destruct = sk->sk_destruct; + newsk->sk_family = sk->sk_family; + newsk->sk_protocol = IPPROTO_SCTP; + newsk->sk_backlog_rcv = sk->sk_prot->backlog_rcv; +@@ -9539,11 +9543,20 @@ struct proto sctp_prot = { + + #if IS_ENABLED(CONFIG_IPV6) + +-#include +-static void sctp_v6_destroy_sock(struct sock *sk) ++static void sctp_v6_destruct_sock(struct sock *sk) ++{ ++ sctp_destruct_common(sk); ++ inet6_sock_destruct(sk); ++} ++ ++static int sctp_v6_init_sock(struct sock *sk) + { +- sctp_destroy_sock(sk); +- inet6_destroy_sock(sk); ++ int ret = sctp_init_sock(sk); ++ ++ if (!ret) ++ sk->sk_destruct = sctp_v6_destruct_sock; ++ ++ return ret; + } + + struct proto sctpv6_prot = { +@@ -9553,8 +9566,8 @@ struct proto sctpv6_prot = { + .disconnect = sctp_disconnect, + .accept = sctp_accept, + .ioctl = sctp_ioctl, +- .init = sctp_init_sock, +- .destroy = sctp_v6_destroy_sock, ++ .init = sctp_v6_init_sock, ++ .destroy = sctp_destroy_sock, + .shutdown = sctp_shutdown, + .setsockopt = sctp_setsockopt, + .getsockopt = sctp_getsockopt, +diff --git a/scripts/asn1_compiler.c b/scripts/asn1_compiler.c +index adabd41452640..985fb81cae79b 100644 +--- a/scripts/asn1_compiler.c ++++ b/scripts/asn1_compiler.c +@@ -625,7 +625,7 @@ int main(int argc, char **argv) + p = strrchr(argv[1], '/'); + p = p ? p + 1 : argv[1]; + grammar_name = strdup(p); +- if (!p) { ++ if (!grammar_name) { + perror(NULL); + exit(1); + } +diff --git a/tools/testing/selftests/sigaltstack/current_stack_pointer.h b/tools/testing/selftests/sigaltstack/current_stack_pointer.h +new file mode 100644 +index 0000000000000..ea9bdf3a90b16 +--- /dev/null ++++ b/tools/testing/selftests/sigaltstack/current_stack_pointer.h +@@ -0,0 +1,23 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++ ++#if __alpha__ ++register unsigned long sp asm("$30"); ++#elif __arm__ || __aarch64__ || __csky__ || __m68k__ || __mips__ || __riscv ++register unsigned long sp asm("sp"); ++#elif __i386__ ++register unsigned long sp asm("esp"); ++#elif __loongarch64 ++register unsigned long sp asm("$sp"); ++#elif __ppc__ ++register unsigned long sp asm("r1"); ++#elif __s390x__ ++register unsigned long sp asm("%15"); ++#elif __sh__ ++register unsigned long sp asm("r15"); ++#elif __x86_64__ ++register unsigned long sp asm("rsp"); ++#elif __XTENSA__ ++register unsigned long sp asm("a1"); ++#else ++#error "implement current_stack_pointer equivalent" ++#endif +diff --git a/tools/testing/selftests/sigaltstack/sas.c b/tools/testing/selftests/sigaltstack/sas.c +index ad0f8df2ca0af..6e60545994916 100644 +--- a/tools/testing/selftests/sigaltstack/sas.c ++++ b/tools/testing/selftests/sigaltstack/sas.c +@@ -19,6 +19,7 @@ + #include + + #include "../kselftest.h" ++#include "current_stack_pointer.h" + + #ifndef SS_AUTODISARM + #define SS_AUTODISARM (1U << 31) +@@ -40,12 +41,6 @@ void my_usr1(int sig, siginfo_t *si, void *u) + stack_t stk; + struct stk_data *p; + +-#if __s390x__ +- register unsigned long sp asm("%15"); +-#else +- register unsigned long sp asm("sp"); +-#endif +- + if (sp < (unsigned long)sstack || + sp >= (unsigned long)sstack + SIGSTKSZ) { + ksft_exit_fail_msg("SP is not on sigaltstack\n"); -- cgit v1.2.3-65-gdbad