diff options
Diffstat (limited to '1046_linux-4.9.47.patch')
-rw-r--r-- | 1046_linux-4.9.47.patch | 504 |
1 files changed, 504 insertions, 0 deletions
diff --git a/1046_linux-4.9.47.patch b/1046_linux-4.9.47.patch new file mode 100644 index 00000000..f1c88c80 --- /dev/null +++ b/1046_linux-4.9.47.patch @@ -0,0 +1,504 @@ +diff --git a/Makefile b/Makefile +index 846ef1b57a02..a0abbfc15a49 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 9 +-SUBLEVEL = 46 ++SUBLEVEL = 47 + EXTRAVERSION = + NAME = Roaring Lionus + +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c +index 710511cadd50..0c060c5e844a 100644 +--- a/arch/arm/kvm/mmu.c ++++ b/arch/arm/kvm/mmu.c +@@ -829,22 +829,22 @@ void stage2_unmap_vm(struct kvm *kvm) + * Walks the level-1 page table pointed to by kvm->arch.pgd and frees all + * underlying level-2 and level-3 tables before freeing the actual level-1 table + * and setting the struct pointer to NULL. +- * +- * Note we don't need locking here as this is only called when the VM is +- * destroyed, which can only be done once. + */ + void kvm_free_stage2_pgd(struct kvm *kvm) + { +- if (kvm->arch.pgd == NULL) +- return; ++ void *pgd = NULL; + + spin_lock(&kvm->mmu_lock); +- unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE); ++ if (kvm->arch.pgd) { ++ unmap_stage2_range(kvm, 0, KVM_PHYS_SIZE); ++ pgd = kvm->arch.pgd; ++ kvm->arch.pgd = NULL; ++ } + spin_unlock(&kvm->mmu_lock); + + /* Free the HW pgd, one page at a time */ +- free_pages_exact(kvm->arch.pgd, S2_PGD_SIZE); +- kvm->arch.pgd = NULL; ++ if (pgd) ++ free_pages_exact(pgd, S2_PGD_SIZE); + } + + static pud_t *stage2_get_pud(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, +diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c +index 394c61db5566..1d5890f19ca3 100644 +--- a/arch/arm64/kernel/fpsimd.c ++++ b/arch/arm64/kernel/fpsimd.c +@@ -157,9 +157,11 @@ void fpsimd_thread_switch(struct task_struct *next) + + void fpsimd_flush_thread(void) + { ++ preempt_disable(); + memset(¤t->thread.fpsimd_state, 0, sizeof(struct fpsimd_state)); + fpsimd_flush_task_state(current); + set_thread_flag(TIF_FOREIGN_FPSTATE); ++ preempt_enable(); + } + + /* +diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c +index 0e90c7e0279c..fec5b1ce97f8 100644 +--- a/arch/arm64/mm/fault.c ++++ b/arch/arm64/mm/fault.c +@@ -373,8 +373,11 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr, + * signal first. We do not need to release the mmap_sem because it + * would already be released in __lock_page_or_retry in mm/filemap.c. + */ +- if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) ++ if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) { ++ if (!user_mode(regs)) ++ goto no_context; + return 0; ++ } + + /* + * Major/minor page fault accounting is only done on the initial +diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h +index d34bd370074b..6c5020163db0 100644 +--- a/arch/x86/include/asm/io.h ++++ b/arch/x86/include/asm/io.h +@@ -304,13 +304,13 @@ static inline unsigned type in##bwl##_p(int port) \ + static inline void outs##bwl(int port, const void *addr, unsigned long count) \ + { \ + asm volatile("rep; outs" #bwl \ +- : "+S"(addr), "+c"(count) : "d"(port)); \ ++ : "+S"(addr), "+c"(count) : "d"(port) : "memory"); \ + } \ + \ + static inline void ins##bwl(int port, void *addr, unsigned long count) \ + { \ + asm volatile("rep; ins" #bwl \ +- : "+D"(addr), "+c"(count) : "d"(port)); \ ++ : "+D"(addr), "+c"(count) : "d"(port) : "memory"); \ + } + + BUILDIO(b, b, char) +diff --git a/drivers/net/wireless/intersil/p54/fwio.c b/drivers/net/wireless/intersil/p54/fwio.c +index 257a9eadd595..4ac6764f4897 100644 +--- a/drivers/net/wireless/intersil/p54/fwio.c ++++ b/drivers/net/wireless/intersil/p54/fwio.c +@@ -488,7 +488,7 @@ int p54_scan(struct p54_common *priv, u16 mode, u16 dwell) + + entry += sizeof(__le16); + chan->pa_points_per_curve = 8; +- memset(chan->curve_data, 0, sizeof(*chan->curve_data)); ++ memset(chan->curve_data, 0, sizeof(chan->curve_data)); + memcpy(chan->curve_data, entry, + sizeof(struct p54_pa_curve_data_sample) * + min((u8)8, curve_data->points_per_channel)); +diff --git a/drivers/scsi/isci/remote_node_context.c b/drivers/scsi/isci/remote_node_context.c +index 1910100638a2..00602abec0ea 100644 +--- a/drivers/scsi/isci/remote_node_context.c ++++ b/drivers/scsi/isci/remote_node_context.c +@@ -66,6 +66,9 @@ const char *rnc_state_name(enum scis_sds_remote_node_context_states state) + { + static const char * const strings[] = RNC_STATES; + ++ if (state >= ARRAY_SIZE(strings)) ++ return "UNKNOWN"; ++ + return strings[state]; + } + #undef C +diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c +index f753df25ba34..fed37aabf828 100644 +--- a/drivers/scsi/sg.c ++++ b/drivers/scsi/sg.c +@@ -142,6 +142,7 @@ typedef struct sg_fd { /* holds the state of a file descriptor */ + struct sg_device *parentdp; /* owning device */ + wait_queue_head_t read_wait; /* queue read until command done */ + rwlock_t rq_list_lock; /* protect access to list in req_arr */ ++ struct mutex f_mutex; /* protect against changes in this fd */ + int timeout; /* defaults to SG_DEFAULT_TIMEOUT */ + int timeout_user; /* defaults to SG_DEFAULT_TIMEOUT_USER */ + Sg_scatter_hold reserve; /* buffer held for this file descriptor */ +@@ -155,6 +156,7 @@ typedef struct sg_fd { /* holds the state of a file descriptor */ + unsigned char next_cmd_len; /* 0: automatic, >0: use on next write() */ + char keep_orphan; /* 0 -> drop orphan (def), 1 -> keep for read() */ + char mmap_called; /* 0 -> mmap() never called on this fd */ ++ char res_in_use; /* 1 -> 'reserve' array in use */ + struct kref f_ref; + struct execute_work ew; + } Sg_fd; +@@ -198,7 +200,6 @@ static void sg_remove_sfp(struct kref *); + static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id); + static Sg_request *sg_add_request(Sg_fd * sfp); + static int sg_remove_request(Sg_fd * sfp, Sg_request * srp); +-static int sg_res_in_use(Sg_fd * sfp); + static Sg_device *sg_get_dev(int dev); + static void sg_device_destroy(struct kref *kref); + +@@ -614,6 +615,7 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) + } + buf += SZ_SG_HEADER; + __get_user(opcode, buf); ++ mutex_lock(&sfp->f_mutex); + if (sfp->next_cmd_len > 0) { + cmd_size = sfp->next_cmd_len; + sfp->next_cmd_len = 0; /* reset so only this write() effected */ +@@ -622,6 +624,7 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) + if ((opcode >= 0xc0) && old_hdr.twelve_byte) + cmd_size = 12; + } ++ mutex_unlock(&sfp->f_mutex); + SCSI_LOG_TIMEOUT(4, sg_printk(KERN_INFO, sdp, + "sg_write: scsi opcode=0x%02x, cmd_size=%d\n", (int) opcode, cmd_size)); + /* Determine buffer size. */ +@@ -721,7 +724,7 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, + sg_remove_request(sfp, srp); + return -EINVAL; /* either MMAP_IO or DIRECT_IO (not both) */ + } +- if (sg_res_in_use(sfp)) { ++ if (sfp->res_in_use) { + sg_remove_request(sfp, srp); + return -EBUSY; /* reserve buffer already being used */ + } +@@ -892,7 +895,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) + return result; + if (val) { + sfp->low_dma = 1; +- if ((0 == sfp->low_dma) && (0 == sg_res_in_use(sfp))) { ++ if ((0 == sfp->low_dma) && !sfp->res_in_use) { + val = (int) sfp->reserve.bufflen; + sg_remove_scat(sfp, &sfp->reserve); + sg_build_reserve(sfp, val); +@@ -967,12 +970,18 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) + return -EINVAL; + val = min_t(int, val, + max_sectors_bytes(sdp->device->request_queue)); ++ mutex_lock(&sfp->f_mutex); + if (val != sfp->reserve.bufflen) { +- if (sg_res_in_use(sfp) || sfp->mmap_called) ++ if (sfp->mmap_called || ++ sfp->res_in_use) { ++ mutex_unlock(&sfp->f_mutex); + return -EBUSY; ++ } ++ + sg_remove_scat(sfp, &sfp->reserve); + sg_build_reserve(sfp, val); + } ++ mutex_unlock(&sfp->f_mutex); + return 0; + case SG_GET_RESERVED_SIZE: + val = min_t(int, sfp->reserve.bufflen, +@@ -1727,13 +1736,22 @@ sg_start_req(Sg_request *srp, unsigned char *cmd) + md = &map_data; + + if (md) { +- if (!sg_res_in_use(sfp) && dxfer_len <= rsv_schp->bufflen) ++ mutex_lock(&sfp->f_mutex); ++ if (dxfer_len <= rsv_schp->bufflen && ++ !sfp->res_in_use) { ++ sfp->res_in_use = 1; + sg_link_reserve(sfp, srp, dxfer_len); +- else { ++ } else if ((hp->flags & SG_FLAG_MMAP_IO) && sfp->res_in_use) { ++ mutex_unlock(&sfp->f_mutex); ++ return -EBUSY; ++ } else { + res = sg_build_indirect(req_schp, sfp, dxfer_len); +- if (res) ++ if (res) { ++ mutex_unlock(&sfp->f_mutex); + return res; ++ } + } ++ mutex_unlock(&sfp->f_mutex); + + md->pages = req_schp->pages; + md->page_order = req_schp->page_order; +@@ -2024,6 +2042,8 @@ sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp) + req_schp->sglist_len = 0; + sfp->save_scat_len = 0; + srp->res_used = 0; ++ /* Called without mutex lock to avoid deadlock */ ++ sfp->res_in_use = 0; + } + + static Sg_request * +@@ -2135,6 +2155,7 @@ sg_add_sfp(Sg_device * sdp) + rwlock_init(&sfp->rq_list_lock); + + kref_init(&sfp->f_ref); ++ mutex_init(&sfp->f_mutex); + sfp->timeout = SG_DEFAULT_TIMEOUT; + sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER; + sfp->force_packid = SG_DEF_FORCE_PACK_ID; +@@ -2210,20 +2231,6 @@ sg_remove_sfp(struct kref *kref) + schedule_work(&sfp->ew.work); + } + +-static int +-sg_res_in_use(Sg_fd * sfp) +-{ +- const Sg_request *srp; +- unsigned long iflags; +- +- read_lock_irqsave(&sfp->rq_list_lock, iflags); +- for (srp = sfp->headrp; srp; srp = srp->nextrp) +- if (srp->res_used) +- break; +- read_unlock_irqrestore(&sfp->rq_list_lock, iflags); +- return srp ? 1 : 0; +-} +- + #ifdef CONFIG_SCSI_PROC_FS + static int + sg_idr_max_id(int id, void *p, void *data) +diff --git a/drivers/staging/wilc1000/linux_wlan.c b/drivers/staging/wilc1000/linux_wlan.c +index 6370a5efe343..defffa75ae1c 100644 +--- a/drivers/staging/wilc1000/linux_wlan.c ++++ b/drivers/staging/wilc1000/linux_wlan.c +@@ -269,23 +269,12 @@ static struct net_device *get_if_handler(struct wilc *wilc, u8 *mac_header) + + int wilc_wlan_set_bssid(struct net_device *wilc_netdev, u8 *bssid, u8 mode) + { +- int i = 0; +- int ret = -1; +- struct wilc_vif *vif; +- struct wilc *wilc; +- +- vif = netdev_priv(wilc_netdev); +- wilc = vif->wilc; ++ struct wilc_vif *vif = netdev_priv(wilc_netdev); + +- for (i = 0; i < wilc->vif_num; i++) +- if (wilc->vif[i]->ndev == wilc_netdev) { +- memcpy(wilc->vif[i]->bssid, bssid, 6); +- wilc->vif[i]->mode = mode; +- ret = 0; +- break; +- } ++ memcpy(vif->bssid, bssid, 6); ++ vif->mode = mode; + +- return ret; ++ return 0; + } + + int wilc_wlan_get_num_conn_ifcs(struct wilc *wilc) +@@ -1212,16 +1201,11 @@ void WILC_WFI_mgmt_rx(struct wilc *wilc, u8 *buff, u32 size) + + void wilc_netdev_cleanup(struct wilc *wilc) + { +- int i = 0; +- struct wilc_vif *vif[NUM_CONCURRENT_IFC]; ++ int i; + +- if (wilc && (wilc->vif[0]->ndev || wilc->vif[1]->ndev)) { ++ if (wilc && (wilc->vif[0]->ndev || wilc->vif[1]->ndev)) + unregister_inetaddr_notifier(&g_dev_notifier); + +- for (i = 0; i < NUM_CONCURRENT_IFC; i++) +- vif[i] = netdev_priv(wilc->vif[i]->ndev); +- } +- + if (wilc && wilc->firmware) { + release_firmware(wilc->firmware); + wilc->firmware = NULL; +@@ -1230,7 +1214,7 @@ void wilc_netdev_cleanup(struct wilc *wilc) + if (wilc && (wilc->vif[0]->ndev || wilc->vif[1]->ndev)) { + for (i = 0; i < NUM_CONCURRENT_IFC; i++) + if (wilc->vif[i]->ndev) +- if (vif[i]->mac_opened) ++ if (wilc->vif[i]->mac_opened) + wilc_mac_close(wilc->vif[i]->ndev); + + for (i = 0; i < NUM_CONCURRENT_IFC; i++) { +@@ -1278,9 +1262,9 @@ int wilc_netdev_init(struct wilc **wilc, struct device *dev, int io_type, + + vif->idx = wl->vif_num; + vif->wilc = *wilc; ++ vif->ndev = ndev; + wl->vif[i] = vif; +- wl->vif[wl->vif_num]->ndev = ndev; +- wl->vif_num++; ++ wl->vif_num = i; + ndev->netdev_ops = &wilc_netdev_ops; + + { +diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c +index 2f9df37940a0..c51a49c9be70 100644 +--- a/kernel/gcov/base.c ++++ b/kernel/gcov/base.c +@@ -98,6 +98,12 @@ void __gcov_merge_icall_topn(gcov_type *counters, unsigned int n_counters) + } + EXPORT_SYMBOL(__gcov_merge_icall_topn); + ++void __gcov_exit(void) ++{ ++ /* Unused. */ ++} ++EXPORT_SYMBOL(__gcov_exit); ++ + /** + * gcov_enable_events - enable event reporting through gcov_event() + * +diff --git a/kernel/gcov/gcc_4_7.c b/kernel/gcov/gcc_4_7.c +index 6a5c239c7669..46a18e72bce6 100644 +--- a/kernel/gcov/gcc_4_7.c ++++ b/kernel/gcov/gcc_4_7.c +@@ -18,7 +18,9 @@ + #include <linux/vmalloc.h> + #include "gcov.h" + +-#if (__GNUC__ > 5) || (__GNUC__ == 5 && __GNUC_MINOR__ >= 1) ++#if (__GNUC__ >= 7) ++#define GCOV_COUNTERS 9 ++#elif (__GNUC__ > 5) || (__GNUC__ == 5 && __GNUC_MINOR__ >= 1) + #define GCOV_COUNTERS 10 + #elif __GNUC__ == 4 && __GNUC_MINOR__ >= 9 + #define GCOV_COUNTERS 9 +diff --git a/kernel/locking/spinlock_debug.c b/kernel/locking/spinlock_debug.c +index 0374a596cffa..9aa0fccd5d43 100644 +--- a/kernel/locking/spinlock_debug.c ++++ b/kernel/locking/spinlock_debug.c +@@ -103,38 +103,14 @@ static inline void debug_spin_unlock(raw_spinlock_t *lock) + lock->owner_cpu = -1; + } + +-static void __spin_lock_debug(raw_spinlock_t *lock) +-{ +- u64 i; +- u64 loops = loops_per_jiffy * HZ; +- +- for (i = 0; i < loops; i++) { +- if (arch_spin_trylock(&lock->raw_lock)) +- return; +- __delay(1); +- } +- /* lockup suspected: */ +- spin_dump(lock, "lockup suspected"); +-#ifdef CONFIG_SMP +- trigger_all_cpu_backtrace(); +-#endif +- +- /* +- * The trylock above was causing a livelock. Give the lower level arch +- * specific lock code a chance to acquire the lock. We have already +- * printed a warning/backtrace at this point. The non-debug arch +- * specific code might actually succeed in acquiring the lock. If it is +- * not successful, the end-result is the same - there is no forward +- * progress. +- */ +- arch_spin_lock(&lock->raw_lock); +-} +- ++/* ++ * We are now relying on the NMI watchdog to detect lockup instead of doing ++ * the detection here with an unfair lock which can cause problem of its own. ++ */ + void do_raw_spin_lock(raw_spinlock_t *lock) + { + debug_spin_lock_before(lock); +- if (unlikely(!arch_spin_trylock(&lock->raw_lock))) +- __spin_lock_debug(lock); ++ arch_spin_lock(&lock->raw_lock); + debug_spin_lock_after(lock); + } + +@@ -172,32 +148,6 @@ static void rwlock_bug(rwlock_t *lock, const char *msg) + + #define RWLOCK_BUG_ON(cond, lock, msg) if (unlikely(cond)) rwlock_bug(lock, msg) + +-#if 0 /* __write_lock_debug() can lock up - maybe this can too? */ +-static void __read_lock_debug(rwlock_t *lock) +-{ +- u64 i; +- u64 loops = loops_per_jiffy * HZ; +- int print_once = 1; +- +- for (;;) { +- for (i = 0; i < loops; i++) { +- if (arch_read_trylock(&lock->raw_lock)) +- return; +- __delay(1); +- } +- /* lockup suspected: */ +- if (print_once) { +- print_once = 0; +- printk(KERN_EMERG "BUG: read-lock lockup on CPU#%d, " +- "%s/%d, %p\n", +- raw_smp_processor_id(), current->comm, +- current->pid, lock); +- dump_stack(); +- } +- } +-} +-#endif +- + void do_raw_read_lock(rwlock_t *lock) + { + RWLOCK_BUG_ON(lock->magic != RWLOCK_MAGIC, lock, "bad magic"); +@@ -247,32 +197,6 @@ static inline void debug_write_unlock(rwlock_t *lock) + lock->owner_cpu = -1; + } + +-#if 0 /* This can cause lockups */ +-static void __write_lock_debug(rwlock_t *lock) +-{ +- u64 i; +- u64 loops = loops_per_jiffy * HZ; +- int print_once = 1; +- +- for (;;) { +- for (i = 0; i < loops; i++) { +- if (arch_write_trylock(&lock->raw_lock)) +- return; +- __delay(1); +- } +- /* lockup suspected: */ +- if (print_once) { +- print_once = 0; +- printk(KERN_EMERG "BUG: write-lock lockup on CPU#%d, " +- "%s/%d, %p\n", +- raw_smp_processor_id(), current->comm, +- current->pid, lock); +- dump_stack(); +- } +- } +-} +-#endif +- + void do_raw_write_lock(rwlock_t *lock) + { + debug_write_lock_before(lock); +diff --git a/lib/lz4/lz4hc_compress.c b/lib/lz4/lz4hc_compress.c +index f344f76b6559..6b2e046a9c61 100644 +--- a/lib/lz4/lz4hc_compress.c ++++ b/lib/lz4/lz4hc_compress.c +@@ -131,7 +131,7 @@ static inline int lz4hc_insertandfindbestmatch(struct lz4hc_data *hc4, + #endif + int nbattempts = MAX_NB_ATTEMPTS; + size_t repl = 0, ml = 0; +- u16 delta; ++ u16 delta = 0; + + /* HC4 match finder */ + lz4hc_insert(hc4, ip); |