commit: 64881833b8854f3c3a82270811c619b49e013da7 Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> AuthorDate: Fri Nov 24 09:40:53 2017 +0000 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> CommitDate: Fri Nov 24 09:40:53 2017 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=64881833
linux kernel 4.13.16 0000_README | 4 + 1015_linux-4.13.16.patch | 946 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 950 insertions(+) diff --git a/0000_README b/0000_README index 7f93bc3..846eb5a 100644 --- a/0000_README +++ b/0000_README @@ -103,6 +103,10 @@ Patch: 1014_linux-4.13.15.patch From: http://www.kernel.org Desc: Linux 4.13.15 +Patch: 1015_linux-4.13.16.patch +From: http://www.kernel.org +Desc: Linux 4.13.16 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1015_linux-4.13.16.patch b/1015_linux-4.13.16.patch new file mode 100644 index 0000000..4f9c8c1 --- /dev/null +++ b/1015_linux-4.13.16.patch @@ -0,0 +1,946 @@ +diff --git a/Makefile b/Makefile +index 3bd5d9d148d3..bc9a897e0431 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 13 +-SUBLEVEL = 15 ++SUBLEVEL = 16 + EXTRAVERSION = + NAME = Fearless Coyote + +diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c +index c55fb2cb2acc..24f749324c0f 100644 +--- a/arch/x86/kernel/cpu/intel_cacheinfo.c ++++ b/arch/x86/kernel/cpu/intel_cacheinfo.c +@@ -811,7 +811,24 @@ static int __cache_amd_cpumap_setup(unsigned int cpu, int index, + struct cacheinfo *this_leaf; + int i, sibling; + +- if (boot_cpu_has(X86_FEATURE_TOPOEXT)) { ++ /* ++ * For L3, always use the pre-calculated cpu_llc_shared_mask ++ * to derive shared_cpu_map. ++ */ ++ if (index == 3) { ++ for_each_cpu(i, cpu_llc_shared_mask(cpu)) { ++ this_cpu_ci = get_cpu_cacheinfo(i); ++ if (!this_cpu_ci->info_list) ++ continue; ++ this_leaf = this_cpu_ci->info_list + index; ++ for_each_cpu(sibling, cpu_llc_shared_mask(cpu)) { ++ if (!cpu_online(sibling)) ++ continue; ++ cpumask_set_cpu(sibling, ++ &this_leaf->shared_cpu_map); ++ } ++ } ++ } else if (boot_cpu_has(X86_FEATURE_TOPOEXT)) { + unsigned int apicid, nshared, first, last; + + this_leaf = this_cpu_ci->info_list + index; +@@ -839,19 +856,6 @@ static int __cache_amd_cpumap_setup(unsigned int cpu, int index, + &this_leaf->shared_cpu_map); + } + } +- } else if (index == 3) { +- for_each_cpu(i, cpu_llc_shared_mask(cpu)) { +- this_cpu_ci = get_cpu_cacheinfo(i); +- if (!this_cpu_ci->info_list) +- continue; +- this_leaf = this_cpu_ci->info_list + index; +- for_each_cpu(sibling, cpu_llc_shared_mask(cpu)) { +- if (!cpu_online(sibling)) +- continue; +- cpumask_set_cpu(sibling, +- &this_leaf->shared_cpu_map); +- } +- } + } else + return 0; + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index 810b138f5897..c82d9fd2f05a 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -4030,7 +4030,8 @@ smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg, + } + + static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, +- struct list_head *timeouts, long timeout_period, ++ struct list_head *timeouts, ++ unsigned long timeout_period, + int slot, unsigned long *flags, + unsigned int *waiting_msgs) + { +@@ -4043,8 +4044,8 @@ static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, + if (!ent->inuse) + return; + +- ent->timeout -= timeout_period; +- if (ent->timeout > 0) { ++ if (timeout_period < ent->timeout) { ++ ent->timeout -= timeout_period; + (*waiting_msgs)++; + return; + } +@@ -4110,7 +4111,8 @@ static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, + } + } + +-static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, long timeout_period) ++static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, ++ unsigned long timeout_period) + { + struct list_head timeouts; + struct ipmi_recv_msg *msg, *msg2; +diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c +index 610638a80383..461bf0b8a094 100644 +--- a/drivers/char/tpm/tpm-dev-common.c ++++ b/drivers/char/tpm/tpm-dev-common.c +@@ -110,6 +110,12 @@ ssize_t tpm_common_write(struct file *file, const char __user *buf, + return -EFAULT; + } + ++ if (in_size < 6 || ++ in_size < be32_to_cpu(*((__be32 *) (priv->data_buffer + 2)))) { ++ mutex_unlock(&priv->buffer_mutex); ++ return -EINVAL; ++ } ++ + /* atomic tpm command send and result receive. We only hold the ops + * lock during this period so that the tpm can be unregistered even if + * the char dev is held open. +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index c99dc59d729b..76e8054bfc4e 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -3253,7 +3253,7 @@ u32 bond_xmit_hash(struct bonding *bond, struct sk_buff *skb) + hash ^= (hash >> 16); + hash ^= (hash >> 8); + +- return hash; ++ return hash >> 1; + } + + /*-------------------------- Device entry points ----------------------------*/ +diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c +index c28fa5a8734c..ba15eeadfe21 100644 +--- a/drivers/net/ethernet/broadcom/bcmsysport.c ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c +@@ -1743,15 +1743,17 @@ static inline void bcm_sysport_mask_all_intrs(struct bcm_sysport_priv *priv) + + static inline void gib_set_pad_extension(struct bcm_sysport_priv *priv) + { +- u32 __maybe_unused reg; ++ u32 reg; + +- /* Include Broadcom tag in pad extension */ ++ reg = gib_readl(priv, GIB_CONTROL); ++ /* Include Broadcom tag in pad extension and fix up IPG_LENGTH */ + if (netdev_uses_dsa(priv->netdev)) { +- reg = gib_readl(priv, GIB_CONTROL); + reg &= ~(GIB_PAD_EXTENSION_MASK << GIB_PAD_EXTENSION_SHIFT); + reg |= ENET_BRCM_TAG_LEN << GIB_PAD_EXTENSION_SHIFT; +- gib_writel(priv, reg, GIB_CONTROL); + } ++ reg &= ~(GIB_IPG_LEN_MASK << GIB_IPG_LEN_SHIFT); ++ reg |= 12 << GIB_IPG_LEN_SHIFT; ++ gib_writel(priv, reg, GIB_CONTROL); + } + + static int bcm_sysport_open(struct net_device *dev) +diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c +index e92859dab7ae..e191c4ebeaf4 100644 +--- a/drivers/net/ethernet/fealnx.c ++++ b/drivers/net/ethernet/fealnx.c +@@ -257,8 +257,8 @@ enum rx_desc_status_bits { + RXFSD = 0x00000800, /* first descriptor */ + RXLSD = 0x00000400, /* last descriptor */ + ErrorSummary = 0x80, /* error summary */ +- RUNT = 0x40, /* runt packet received */ +- LONG = 0x20, /* long packet received */ ++ RUNTPKT = 0x40, /* runt packet received */ ++ LONGPKT = 0x20, /* long packet received */ + FAE = 0x10, /* frame align error */ + CRC = 0x08, /* crc error */ + RXER = 0x04, /* receive error */ +@@ -1632,7 +1632,7 @@ static int netdev_rx(struct net_device *dev) + dev->name, rx_status); + + dev->stats.rx_errors++; /* end of a packet. */ +- if (rx_status & (LONG | RUNT)) ++ if (rx_status & (LONGPKT | RUNTPKT)) + dev->stats.rx_length_errors++; + if (rx_status & RXER) + dev->stats.rx_frame_errors++; +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c +index 7344433259fc..1c513dc0105e 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rx.c +@@ -213,22 +213,20 @@ static inline bool mlx5e_rx_cache_get(struct mlx5e_rq *rq, + static inline int mlx5e_page_alloc_mapped(struct mlx5e_rq *rq, + struct mlx5e_dma_info *dma_info) + { +- struct page *page; +- + if (mlx5e_rx_cache_get(rq, dma_info)) + return 0; + +- page = dev_alloc_pages(rq->buff.page_order); +- if (unlikely(!page)) ++ dma_info->page = dev_alloc_pages(rq->buff.page_order); ++ if (unlikely(!dma_info->page)) + return -ENOMEM; + +- dma_info->addr = dma_map_page(rq->pdev, page, 0, ++ dma_info->addr = dma_map_page(rq->pdev, dma_info->page, 0, + RQ_PAGE_SIZE(rq), rq->buff.map_dir); + if (unlikely(dma_mapping_error(rq->pdev, dma_info->addr))) { +- put_page(page); ++ put_page(dma_info->page); ++ dma_info->page = NULL; + return -ENOMEM; + } +- dma_info->page = page; + + return 0; + } +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c +index 16885827367b..553bc230d70d 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c +@@ -1545,9 +1545,16 @@ static int mlx5_try_fast_unload(struct mlx5_core_dev *dev) + return -EAGAIN; + } + ++ /* Panic tear down fw command will stop the PCI bus communication ++ * with the HCA, so the health polll is no longer needed. ++ */ ++ mlx5_drain_health_wq(dev); ++ mlx5_stop_health_poll(dev); ++ + ret = mlx5_cmd_force_teardown_hca(dev); + if (ret) { + mlx5_core_dbg(dev, "Firmware couldn't do fast unload error: %d\n", ret); ++ mlx5_start_health_poll(dev); + return ret; + } + +diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c +index b2ff88e69a81..3d4f7959dabb 100644 +--- a/drivers/net/usb/asix_devices.c ++++ b/drivers/net/usb/asix_devices.c +@@ -626,7 +626,7 @@ static int asix_suspend(struct usb_interface *intf, pm_message_t message) + struct usbnet *dev = usb_get_intfdata(intf); + struct asix_common_private *priv = dev->driver_priv; + +- if (priv->suspend) ++ if (priv && priv->suspend) + priv->suspend(dev); + + return usbnet_suspend(intf, message); +@@ -678,7 +678,7 @@ static int asix_resume(struct usb_interface *intf) + struct usbnet *dev = usb_get_intfdata(intf); + struct asix_common_private *priv = dev->driver_priv; + +- if (priv->resume) ++ if (priv && priv->resume) + priv->resume(dev); + + return usbnet_resume(intf); +diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c +index 8ab281b478f2..4f88f64cccb4 100644 +--- a/drivers/net/usb/cdc_ether.c ++++ b/drivers/net/usb/cdc_ether.c +@@ -221,7 +221,7 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf) + goto bad_desc; + } + +- if (header.usb_cdc_ether_desc) { ++ if (header.usb_cdc_ether_desc && info->ether->wMaxSegmentSize) { + dev->hard_mtu = le16_to_cpu(info->ether->wMaxSegmentSize); + /* because of Zaurus, we may be ignoring the host + * side link address we were given. +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index 9c80e80c5493..8d5e97251efe 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -771,7 +771,7 @@ int cdc_ncm_bind_common(struct usbnet *dev, struct usb_interface *intf, u8 data_ + int err; + u8 iface_no; + struct usb_cdc_parsed_header hdr; +- u16 curr_ntb_format; ++ __le16 curr_ntb_format; + + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + if (!ctx) +@@ -889,7 +889,7 @@ int cdc_ncm_bind_common(struct usbnet *dev, struct usb_interface *intf, u8 data_ + goto error2; + } + +- if (curr_ntb_format == USB_CDC_NCM_NTB32_FORMAT) { ++ if (curr_ntb_format == cpu_to_le16(USB_CDC_NCM_NTB32_FORMAT)) { + dev_info(&intf->dev, "resetting NTB format to 16-bit"); + err = usbnet_write_cmd(dev, USB_CDC_SET_NTB_FORMAT, + USB_TYPE_CLASS | USB_DIR_OUT +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index 8c3733608271..8d4a6f7cba61 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -499,6 +499,7 @@ static int qmi_wwan_rx_fixup(struct usbnet *dev, struct sk_buff *skb) + return 1; + } + if (rawip) { ++ skb_reset_mac_header(skb); + skb->dev = dev->net; /* normally set by eth_type_trans */ + skb->protocol = proto; + return 1; +@@ -681,7 +682,7 @@ static int qmi_wwan_bind(struct usbnet *dev, struct usb_interface *intf) + } + + /* errors aren't fatal - we can live with the dynamic address */ +- if (cdc_ether) { ++ if (cdc_ether && cdc_ether->wMaxSegmentSize) { + dev->hard_mtu = le16_to_cpu(cdc_ether->wMaxSegmentSize); + usbnet_get_ethernet_addr(dev, cdc_ether->iMACAddress); + } +diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c +index 8a1eaf3c302a..e91ef5e236cc 100644 +--- a/drivers/net/vrf.c ++++ b/drivers/net/vrf.c +@@ -1271,7 +1271,7 @@ static int vrf_fib_rule(const struct net_device *dev, __u8 family, bool add_it) + frh->family = family; + frh->action = FR_ACT_TO_TBL; + +- if (nla_put_u32(skb, FRA_L3MDEV, 1)) ++ if (nla_put_u8(skb, FRA_L3MDEV, 1)) + goto nla_put_failure; + + if (nla_put_u32(skb, FRA_PRIORITY, FIB_RULE_PREF)) +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c +index e17baac70f43..436154720bf8 100644 +--- a/drivers/net/vxlan.c ++++ b/drivers/net/vxlan.c +@@ -1632,26 +1632,19 @@ static struct sk_buff *vxlan_na_create(struct sk_buff *request, + static int neigh_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni) + { + struct vxlan_dev *vxlan = netdev_priv(dev); +- struct nd_msg *msg; +- const struct ipv6hdr *iphdr; + const struct in6_addr *daddr; +- struct neighbour *n; ++ const struct ipv6hdr *iphdr; + struct inet6_dev *in6_dev; ++ struct neighbour *n; ++ struct nd_msg *msg; + + in6_dev = __in6_dev_get(dev); + if (!in6_dev) + goto out; + +- if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + sizeof(struct nd_msg))) +- goto out; +- + iphdr = ipv6_hdr(skb); + daddr = &iphdr->daddr; +- + msg = (struct nd_msg *)(iphdr + 1); +- if (msg->icmph.icmp6_code != 0 || +- msg->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION) +- goto out; + + if (ipv6_addr_loopback(daddr) || + ipv6_addr_is_multicast(&msg->target)) +@@ -2258,11 +2251,11 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, + static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) + { + struct vxlan_dev *vxlan = netdev_priv(dev); ++ struct vxlan_rdst *rdst, *fdst = NULL; + const struct ip_tunnel_info *info; +- struct ethhdr *eth; + bool did_rsc = false; +- struct vxlan_rdst *rdst, *fdst = NULL; + struct vxlan_fdb *f; ++ struct ethhdr *eth; + __be32 vni = 0; + + info = skb_tunnel_info(skb); +@@ -2287,12 +2280,14 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) + if (ntohs(eth->h_proto) == ETH_P_ARP) + return arp_reduce(dev, skb, vni); + #if IS_ENABLED(CONFIG_IPV6) +- else if (ntohs(eth->h_proto) == ETH_P_IPV6) { +- struct ipv6hdr *hdr, _hdr; +- if ((hdr = skb_header_pointer(skb, +- skb_network_offset(skb), +- sizeof(_hdr), &_hdr)) && +- hdr->nexthdr == IPPROTO_ICMPV6) ++ else if (ntohs(eth->h_proto) == ETH_P_IPV6 && ++ pskb_may_pull(skb, sizeof(struct ipv6hdr) + ++ sizeof(struct nd_msg)) && ++ ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { ++ struct nd_msg *m = (struct nd_msg *)(ipv6_hdr(skb) + 1); ++ ++ if (m->icmph.icmp6_code == 0 && ++ m->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) + return neigh_reduce(dev, skb, vni); + } + #endif +diff --git a/drivers/tty/serial/8250/8250_fintek.c b/drivers/tty/serial/8250/8250_fintek.c +index e500f7dd2470..4bd376c08b59 100644 +--- a/drivers/tty/serial/8250/8250_fintek.c ++++ b/drivers/tty/serial/8250/8250_fintek.c +@@ -118,6 +118,9 @@ static int fintek_8250_enter_key(u16 base_port, u8 key) + if (!request_muxed_region(base_port, 2, "8250_fintek")) + return -EBUSY; + ++ /* Force to deactive all SuperIO in this base_port */ ++ outb(EXIT_KEY, base_port + ADDR_PORT); ++ + outb(key, base_port + ADDR_PORT); + outb(key, base_port + ADDR_PORT); + return 0; +diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c +index 1ea05ac57aa7..670f7e334f93 100644 +--- a/drivers/tty/serial/omap-serial.c ++++ b/drivers/tty/serial/omap-serial.c +@@ -693,7 +693,7 @@ static void serial_omap_set_mctrl(struct uart_port *port, unsigned int mctrl) + if ((mctrl & TIOCM_RTS) && (port->status & UPSTAT_AUTORTS)) + up->efr |= UART_EFR_RTS; + else +- up->efr &= UART_EFR_RTS; ++ up->efr &= ~UART_EFR_RTS; + serial_out(up, UART_EFR, up->efr); + serial_out(up, UART_LCR, lcr); + +diff --git a/fs/coda/upcall.c b/fs/coda/upcall.c +index e82357c89979..8cf16d8c5261 100644 +--- a/fs/coda/upcall.c ++++ b/fs/coda/upcall.c +@@ -446,8 +446,7 @@ int venus_fsync(struct super_block *sb, struct CodaFid *fid) + UPARG(CODA_FSYNC); + + inp->coda_fsync.VFid = *fid; +- error = coda_upcall(coda_vcp(sb), sizeof(union inputArgs), +- &outsize, inp); ++ error = coda_upcall(coda_vcp(sb), insize, &outsize, inp); + + CODA_FREE(inp, insize); + return error; +diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c +index 74407c6dd592..ec8f75813beb 100644 +--- a/fs/ocfs2/dlm/dlmrecovery.c ++++ b/fs/ocfs2/dlm/dlmrecovery.c +@@ -2419,6 +2419,7 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node) + dlm_lockres_put(res); + continue; + } ++ dlm_move_lockres_to_recovery_list(dlm, res); + } else if (res->owner == dlm->node_num) { + dlm_free_dead_locks(dlm, res, dead_node); + __dlm_lockres_calc_usage(dlm, res); +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c +index bfeb647459d9..2fc8e65c07c5 100644 +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -1168,6 +1168,13 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) + } + size_change = S_ISREG(inode->i_mode) && attr->ia_valid & ATTR_SIZE; + if (size_change) { ++ /* ++ * Here we should wait dio to finish before inode lock ++ * to avoid a deadlock between ocfs2_setattr() and ++ * ocfs2_dio_end_io_write() ++ */ ++ inode_dio_wait(inode); ++ + status = ocfs2_rw_lock(inode, 1); + if (status < 0) { + mlog_errno(status); +@@ -1207,8 +1214,6 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr) + if (status) + goto bail_unlock; + +- inode_dio_wait(inode); +- + if (i_size_read(inode) >= attr->ia_size) { + if (ocfs2_should_order_data(inode)) { + status = ocfs2_begin_ordered_truncate(inode, +diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h +index fc14b8b3f6ce..1d86e09f17c1 100644 +--- a/include/linux/mmzone.h ++++ b/include/linux/mmzone.h +@@ -691,7 +691,8 @@ typedef struct pglist_data { + * is the first PFN that needs to be initialised. + */ + unsigned long first_deferred_pfn; +- unsigned long static_init_size; ++ /* Number of non-deferred pages */ ++ unsigned long static_init_pgcnt; + #endif /* CONFIG_DEFERRED_STRUCT_PAGE_INIT */ + + #ifdef CONFIG_TRANSPARENT_HUGEPAGE +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index 63df75ae70ee..baf2dd102686 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -3655,6 +3655,13 @@ static inline void nf_reset_trace(struct sk_buff *skb) + #endif + } + ++static inline void ipvs_reset(struct sk_buff *skb) ++{ ++#if IS_ENABLED(CONFIG_IP_VS) ++ skb->ipvs_property = 0; ++#endif ++} ++ + /* Note: This doesn't put any conntrack and bridge info in dst. */ + static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, + bool copy) +diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h +index 908b309d60d7..b8f51dffeae9 100644 +--- a/kernel/rcu/tree_plugin.h ++++ b/kernel/rcu/tree_plugin.h +@@ -1493,7 +1493,7 @@ static void rcu_prepare_for_idle(void) + rdtp->last_accelerate = jiffies; + for_each_rcu_flavor(rsp) { + rdp = this_cpu_ptr(rsp->rda); +- if (rcu_segcblist_pend_cbs(&rdp->cblist)) ++ if (!rcu_segcblist_pend_cbs(&rdp->cblist)) + continue; + rnp = rdp->mynode; + raw_spin_lock_rcu_node(rnp); /* irqs already disabled. */ +diff --git a/mm/page_alloc.c b/mm/page_alloc.c +index 1423da8dd16f..3bd0999c266f 100644 +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -289,28 +289,37 @@ EXPORT_SYMBOL(nr_online_nodes); + int page_group_by_mobility_disabled __read_mostly; + + #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT ++ ++/* ++ * Determine how many pages need to be initialized durig early boot ++ * (non-deferred initialization). ++ * The value of first_deferred_pfn will be set later, once non-deferred pages ++ * are initialized, but for now set it ULONG_MAX. ++ */ + static inline void reset_deferred_meminit(pg_data_t *pgdat) + { +- unsigned long max_initialise; +- unsigned long reserved_lowmem; ++ phys_addr_t start_addr, end_addr; ++ unsigned long max_pgcnt; ++ unsigned long reserved; + + /* + * Initialise at least 2G of a node but also take into account that + * two large system hashes that can take up 1GB for 0.25TB/node. + */ +- max_initialise = max(2UL << (30 - PAGE_SHIFT), +- (pgdat->node_spanned_pages >> 8)); ++ max_pgcnt = max(2UL << (30 - PAGE_SHIFT), ++ (pgdat->node_spanned_pages >> 8)); + + /* + * Compensate the all the memblock reservations (e.g. crash kernel) + * from the initial estimation to make sure we will initialize enough + * memory to boot. + */ +- reserved_lowmem = memblock_reserved_memory_within(pgdat->node_start_pfn, +- pgdat->node_start_pfn + max_initialise); +- max_initialise += reserved_lowmem; ++ start_addr = PFN_PHYS(pgdat->node_start_pfn); ++ end_addr = PFN_PHYS(pgdat->node_start_pfn + max_pgcnt); ++ reserved = memblock_reserved_memory_within(start_addr, end_addr); ++ max_pgcnt += PHYS_PFN(reserved); + +- pgdat->static_init_size = min(max_initialise, pgdat->node_spanned_pages); ++ pgdat->static_init_pgcnt = min(max_pgcnt, pgdat->node_spanned_pages); + pgdat->first_deferred_pfn = ULONG_MAX; + } + +@@ -337,7 +346,7 @@ static inline bool update_defer_init(pg_data_t *pgdat, + if (zone_end < pgdat_end_pfn(pgdat)) + return true; + (*nr_initialised)++; +- if ((*nr_initialised > pgdat->static_init_size) && ++ if ((*nr_initialised > pgdat->static_init_pgcnt) && + (pfn & (PAGES_PER_SECTION - 1)) == 0) { + pgdat->first_deferred_pfn = pfn; + return false; +diff --git a/mm/page_ext.c b/mm/page_ext.c +index 88ccc044b09a..9dbabbfc4557 100644 +--- a/mm/page_ext.c ++++ b/mm/page_ext.c +@@ -124,7 +124,6 @@ struct page_ext *lookup_page_ext(struct page *page) + struct page_ext *base; + + base = NODE_DATA(page_to_nid(page))->node_page_ext; +-#if defined(CONFIG_DEBUG_VM) + /* + * The sanity checks the page allocator does upon freeing a + * page can reach here before the page_ext arrays are +@@ -133,7 +132,6 @@ struct page_ext *lookup_page_ext(struct page *page) + */ + if (unlikely(!base)) + return NULL; +-#endif + index = pfn - round_down(node_start_pfn(page_to_nid(page)), + MAX_ORDER_NR_PAGES); + return get_entry(base, index); +@@ -198,7 +196,6 @@ struct page_ext *lookup_page_ext(struct page *page) + { + unsigned long pfn = page_to_pfn(page); + struct mem_section *section = __pfn_to_section(pfn); +-#if defined(CONFIG_DEBUG_VM) + /* + * The sanity checks the page allocator does upon freeing a + * page can reach here before the page_ext arrays are +@@ -207,7 +204,6 @@ struct page_ext *lookup_page_ext(struct page *page) + */ + if (!section->page_ext) + return NULL; +-#endif + return get_entry(section->page_ext, pfn); + } + +diff --git a/mm/pagewalk.c b/mm/pagewalk.c +index 1a4197965415..7d973f63088c 100644 +--- a/mm/pagewalk.c ++++ b/mm/pagewalk.c +@@ -187,8 +187,12 @@ static int walk_hugetlb_range(unsigned long addr, unsigned long end, + do { + next = hugetlb_entry_end(h, addr, end); + pte = huge_pte_offset(walk->mm, addr & hmask, sz); +- if (pte && walk->hugetlb_entry) ++ ++ if (pte) + err = walk->hugetlb_entry(pte, hmask, addr, next, walk); ++ else if (walk->pte_hole) ++ err = walk->pte_hole(addr, next, walk); ++ + if (err) + break; + } while (addr = next, addr != end); +diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c +index 9649579b5b9f..4a72ee4e2ae9 100644 +--- a/net/8021q/vlan.c ++++ b/net/8021q/vlan.c +@@ -376,6 +376,9 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event, + dev->name); + vlan_vid_add(dev, htons(ETH_P_8021Q), 0); + } ++ if (event == NETDEV_DOWN && ++ (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER)) ++ vlan_vid_del(dev, htons(ETH_P_8021Q), 0); + + vlan_info = rtnl_dereference(dev->vlan_info); + if (!vlan_info) +@@ -423,9 +426,6 @@ static int vlan_device_event(struct notifier_block *unused, unsigned long event, + struct net_device *tmp; + LIST_HEAD(close_list); + +- if (dev->features & NETIF_F_HW_VLAN_CTAG_FILTER) +- vlan_vid_del(dev, htons(ETH_P_8021Q), 0); +- + /* Put all VLANs for this dev in the down state too. */ + vlan_group_for_each_dev(grp, i, vlandev) { + flgs = vlandev->flags; +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index 72eb23d2426f..a0155578e951 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -4476,6 +4476,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) + if (!xnet) + return; + ++ ipvs_reset(skb); + skb_orphan(skb); + skb->mark = 0; + } +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index e92e5dbcb3d6..ffe96de8a079 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -2613,7 +2613,6 @@ void tcp_simple_retransmit(struct sock *sk) + struct tcp_sock *tp = tcp_sk(sk); + struct sk_buff *skb; + unsigned int mss = tcp_current_mss(sk); +- u32 prior_lost = tp->lost_out; + + tcp_for_write_queue(skb, sk) { + if (skb == tcp_send_head(sk)) +@@ -2630,7 +2629,7 @@ void tcp_simple_retransmit(struct sock *sk) + + tcp_clear_retrans_hints_partial(tp); + +- if (prior_lost == tp->lost_out) ++ if (!tp->lost_out) + return; + + if (tcp_is_reno(tp)) +diff --git a/net/ipv4/tcp_nv.c b/net/ipv4/tcp_nv.c +index 6d650ed3cb59..5c871666c561 100644 +--- a/net/ipv4/tcp_nv.c ++++ b/net/ipv4/tcp_nv.c +@@ -263,7 +263,7 @@ static void tcpnv_acked(struct sock *sk, const struct ack_sample *sample) + + /* rate in 100's bits per second */ + rate64 = ((u64)sample->in_flight) * 8000000; +- rate = (u32)div64_u64(rate64, (u64)(avg_rtt * 100)); ++ rate = (u32)div64_u64(rate64, (u64)(avg_rtt ?: 1) * 100); + + /* Remember the maximum rate seen during this RTT + * Note: It may be more than one RTT. This function should be +diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c +index 11f69bbf9307..b6a2aa1dcf56 100644 +--- a/net/ipv4/tcp_offload.c ++++ b/net/ipv4/tcp_offload.c +@@ -149,11 +149,19 @@ struct sk_buff *tcp_gso_segment(struct sk_buff *skb, + * is freed by GSO engine + */ + if (copy_destructor) { ++ int delta; ++ + swap(gso_skb->sk, skb->sk); + swap(gso_skb->destructor, skb->destructor); + sum_truesize += skb->truesize; +- refcount_add(sum_truesize - gso_skb->truesize, +- &skb->sk->sk_wmem_alloc); ++ delta = sum_truesize - gso_skb->truesize; ++ /* In some pathological cases, delta can be negative. ++ * We need to either use refcount_add() or refcount_sub_and_test() ++ */ ++ if (likely(delta >= 0)) ++ refcount_add(delta, &skb->sk->sk_wmem_alloc); ++ else ++ WARN_ON_ONCE(refcount_sub_and_test(-delta, &skb->sk->sk_wmem_alloc)); + } + + delta = htonl(oldlen + (skb_tail_pointer(skb) - +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c +index 58587b0e2b5d..e359840f46c0 100644 +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -3207,13 +3207,8 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, + th->source = htons(ireq->ir_num); + th->dest = ireq->ir_rmt_port; + skb->mark = ireq->ir_mark; +- /* Setting of flags are superfluous here for callers (and ECE is +- * not even correctly set) +- */ +- tcp_init_nondata_skb(skb, tcp_rsk(req)->snt_isn, +- TCPHDR_SYN | TCPHDR_ACK); +- +- th->seq = htonl(TCP_SKB_CB(skb)->seq); ++ skb->ip_summed = CHECKSUM_PARTIAL; ++ th->seq = htonl(tcp_rsk(req)->snt_isn); + /* XXX data is queued and acked as is. No buffer/window check */ + th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt); + +diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c +index 4d322c1b7233..e4280b6568b4 100644 +--- a/net/l2tp/l2tp_ip.c ++++ b/net/l2tp/l2tp_ip.c +@@ -123,6 +123,7 @@ static int l2tp_ip_recv(struct sk_buff *skb) + unsigned char *ptr, *optr; + struct l2tp_session *session; + struct l2tp_tunnel *tunnel = NULL; ++ struct iphdr *iph; + int length; + + if (!pskb_may_pull(skb, 4)) +@@ -178,24 +179,17 @@ static int l2tp_ip_recv(struct sk_buff *skb) + goto discard; + + tunnel_id = ntohl(*(__be32 *) &skb->data[4]); +- tunnel = l2tp_tunnel_find(net, tunnel_id); +- if (tunnel) { +- sk = tunnel->sock; +- sock_hold(sk); +- } else { +- struct iphdr *iph = (struct iphdr *) skb_network_header(skb); +- +- read_lock_bh(&l2tp_ip_lock); +- sk = __l2tp_ip_bind_lookup(net, iph->daddr, iph->saddr, +- inet_iif(skb), tunnel_id); +- if (!sk) { +- read_unlock_bh(&l2tp_ip_lock); +- goto discard; +- } ++ iph = (struct iphdr *)skb_network_header(skb); + +- sock_hold(sk); ++ read_lock_bh(&l2tp_ip_lock); ++ sk = __l2tp_ip_bind_lookup(net, iph->daddr, iph->saddr, inet_iif(skb), ++ tunnel_id); ++ if (!sk) { + read_unlock_bh(&l2tp_ip_lock); ++ goto discard; + } ++ sock_hold(sk); ++ read_unlock_bh(&l2tp_ip_lock); + + if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) + goto discard_put; +diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c +index 88b397c30d86..8bcaa975b432 100644 +--- a/net/l2tp/l2tp_ip6.c ++++ b/net/l2tp/l2tp_ip6.c +@@ -136,6 +136,7 @@ static int l2tp_ip6_recv(struct sk_buff *skb) + unsigned char *ptr, *optr; + struct l2tp_session *session; + struct l2tp_tunnel *tunnel = NULL; ++ struct ipv6hdr *iph; + int length; + + if (!pskb_may_pull(skb, 4)) +@@ -192,24 +193,17 @@ static int l2tp_ip6_recv(struct sk_buff *skb) + goto discard; + + tunnel_id = ntohl(*(__be32 *) &skb->data[4]); +- tunnel = l2tp_tunnel_find(net, tunnel_id); +- if (tunnel) { +- sk = tunnel->sock; +- sock_hold(sk); +- } else { +- struct ipv6hdr *iph = ipv6_hdr(skb); +- +- read_lock_bh(&l2tp_ip6_lock); +- sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, &iph->saddr, +- inet6_iif(skb), tunnel_id); +- if (!sk) { +- read_unlock_bh(&l2tp_ip6_lock); +- goto discard; +- } ++ iph = ipv6_hdr(skb); + +- sock_hold(sk); ++ read_lock_bh(&l2tp_ip6_lock); ++ sk = __l2tp_ip6_bind_lookup(net, &iph->daddr, &iph->saddr, ++ inet6_iif(skb), tunnel_id); ++ if (!sk) { + read_unlock_bh(&l2tp_ip6_lock); ++ goto discard; + } ++ sock_hold(sk); ++ read_unlock_bh(&l2tp_ip6_lock); + + if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) + goto discard_put; +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c +index 09c8dbbd2d70..2939a6b87c27 100644 +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -2128,7 +2128,7 @@ static int netlink_dump(struct sock *sk) + struct sk_buff *skb = NULL; + struct nlmsghdr *nlh; + struct module *module; +- int len, err = -ENOBUFS; ++ int err = -ENOBUFS; + int alloc_min_size; + int alloc_size; + +@@ -2175,9 +2175,11 @@ static int netlink_dump(struct sock *sk) + skb_reserve(skb, skb_tailroom(skb) - alloc_size); + netlink_skb_set_owner_r(skb, sk); + +- len = cb->dump(skb, cb); ++ if (nlk->dump_done_errno > 0) ++ nlk->dump_done_errno = cb->dump(skb, cb); + +- if (len > 0) { ++ if (nlk->dump_done_errno > 0 || ++ skb_tailroom(skb) < nlmsg_total_size(sizeof(nlk->dump_done_errno))) { + mutex_unlock(nlk->cb_mutex); + + if (sk_filter(sk, skb)) +@@ -2187,13 +2189,15 @@ static int netlink_dump(struct sock *sk) + return 0; + } + +- nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI); +- if (!nlh) ++ nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, ++ sizeof(nlk->dump_done_errno), NLM_F_MULTI); ++ if (WARN_ON(!nlh)) + goto errout_skb; + + nl_dump_check_consistent(cb, nlh); + +- memcpy(nlmsg_data(nlh), &len, sizeof(len)); ++ memcpy(nlmsg_data(nlh), &nlk->dump_done_errno, ++ sizeof(nlk->dump_done_errno)); + + if (sk_filter(sk, skb)) + kfree_skb(skb); +@@ -2265,6 +2269,7 @@ int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, + } + + nlk->cb_running = true; ++ nlk->dump_done_errno = INT_MAX; + + mutex_unlock(nlk->cb_mutex); + +diff --git a/net/netlink/af_netlink.h b/net/netlink/af_netlink.h +index 3490f2430532..8908fc2d3de0 100644 +--- a/net/netlink/af_netlink.h ++++ b/net/netlink/af_netlink.h +@@ -33,6 +33,7 @@ struct netlink_sock { + wait_queue_head_t wait; + bool bound; + bool cb_running; ++ int dump_done_errno; + struct netlink_callback cb; + struct mutex *cb_mutex; + struct mutex cb_def_mutex; +diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c +index 1344e3a411ae..edb462b0b73b 100644 +--- a/net/sctp/ipv6.c ++++ b/net/sctp/ipv6.c +@@ -807,9 +807,10 @@ static void sctp_inet6_skb_msgname(struct sk_buff *skb, char *msgname, + addr->v6.sin6_flowinfo = 0; + addr->v6.sin6_port = sh->source; + addr->v6.sin6_addr = ipv6_hdr(skb)->saddr; +- if (ipv6_addr_type(&addr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL) { ++ if (ipv6_addr_type(&addr->v6.sin6_addr) & IPV6_ADDR_LINKLOCAL) + addr->v6.sin6_scope_id = sctp_v6_skb_iif(skb); +- } ++ else ++ addr->v6.sin6_scope_id = 0; + } + + *addr_len = sctp_v6_addr_to_user(sctp_sk(skb->sk), addr); +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index 3d79085eb4e0..083da13e1af4 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -4924,6 +4924,10 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) + struct socket *sock; + int err = 0; + ++ /* Do not peel off from one netns to another one. */ ++ if (!net_eq(current->nsproxy->net_ns, sock_net(sk))) ++ return -EINVAL; ++ + if (!asoc) + return -EINVAL; + +diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c +index 809ba70fbbbf..7d769b948de8 100644 +--- a/security/integrity/ima/ima_appraise.c ++++ b/security/integrity/ima/ima_appraise.c +@@ -320,6 +320,9 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) + if (iint->flags & IMA_DIGSIG) + return; + ++ if (iint->ima_file_status != INTEGRITY_PASS) ++ return; ++ + rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo); + if (rc < 0) + return;
