From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 14079158030 for ; Fri, 3 Mar 2023 12:30:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 57021E07E6; Fri, 3 Mar 2023 12:30:26 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2CD31E07E6 for ; Fri, 3 Mar 2023 12:30:26 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EE37F335DBE for ; Fri, 3 Mar 2023 12:30:24 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 7F44C8C2 for ; Fri, 3 Mar 2023 12:30:22 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1677846610.ea80b3ffdf0cbc13e3d65a4f84ff8af127c33061.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:5.10 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 0000_README 1170_linux-5.10.171.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: ea80b3ffdf0cbc13e3d65a4f84ff8af127c33061 X-VCS-Branch: 5.10 Date: Fri, 3 Mar 2023 12:30:22 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 06f2d116-f7b6-476c-9596-437eacc2d9e7 X-Archives-Hash: e72acce240216663afd7e0f5a59d902d commit: ea80b3ffdf0cbc13e3d65a4f84ff8af127c33061 Author: Mike Pagano gentoo org> AuthorDate: Fri Mar 3 12:30:10 2023 +0000 Commit: Mike Pagano gentoo org> CommitDate: Fri Mar 3 12:30:10 2023 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=ea80b3ff Linux patch 5.10.171 Signed-off-by: Mike Pagano gentoo.org> 0000_README | 4 + 1170_linux-5.10.171.patch | 597 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 601 insertions(+) diff --git a/0000_README b/0000_README index 4e3efaf2..1a198b29 100644 --- a/0000_README +++ b/0000_README @@ -723,6 +723,10 @@ Patch: 1169_linux-5.10.170.patch From: https://www.kernel.org Desc: Linux 5.10.170 +Patch: 1170_linux-5.10.171.patch +From: https://www.kernel.org +Desc: Linux 5.10.171 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1170_linux-5.10.171.patch b/1170_linux-5.10.171.patch new file mode 100644 index 00000000..689d118e --- /dev/null +++ b/1170_linux-5.10.171.patch @@ -0,0 +1,597 @@ +diff --git a/Makefile b/Makefile +index 028fca7ec5cf3..9dde2c2307893 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 10 +-SUBLEVEL = 170 ++SUBLEVEL = 171 + EXTRAVERSION = + NAME = Dare mighty things + +diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi +index 9051fb4a267d4..aab28161b9ae9 100644 +--- a/arch/arm/boot/dts/rk3288.dtsi ++++ b/arch/arm/boot/dts/rk3288.dtsi +@@ -1203,6 +1203,7 @@ + clock-names = "dp", "pclk"; + phys = <&edp_phy>; + phy-names = "dp"; ++ power-domains = <&power RK3288_PD_VIO>; + resets = <&cru SRST_EDP>; + reset-names = "dp"; + rockchip,grf = <&grf>; +diff --git a/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts b/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts +index daa9a0c601a9f..22ab5e1d7319d 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts +@@ -91,7 +91,6 @@ + linux,default-trigger = "heartbeat"; + gpios = <&rk805 1 GPIO_ACTIVE_LOW>; + default-state = "on"; +- mode = <0x23>; + }; + + user_led: led-1 { +@@ -99,7 +98,6 @@ + linux,default-trigger = "mmc1"; + gpios = <&rk805 0 GPIO_ACTIVE_LOW>; + default-state = "off"; +- mode = <0x05>; + }; + }; + }; +diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c +index 99e23a5df0267..2306abb09f7f5 100644 +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -3687,8 +3687,8 @@ void acpi_nfit_shutdown(void *data) + + mutex_lock(&acpi_desc->init_mutex); + set_bit(ARS_CANCEL, &acpi_desc->scrub_flags); +- cancel_delayed_work_sync(&acpi_desc->dwork); + mutex_unlock(&acpi_desc->init_mutex); ++ cancel_delayed_work_sync(&acpi_desc->dwork); + + /* + * Bounce the nvdimm bus lock to make sure any in-flight +diff --git a/drivers/gpu/drm/virtio/virtgpu_object.c b/drivers/gpu/drm/virtio/virtgpu_object.c +index 0c98978e2e55c..1681486860019 100644 +--- a/drivers/gpu/drm/virtio/virtgpu_object.c ++++ b/drivers/gpu/drm/virtio/virtgpu_object.c +@@ -157,9 +157,10 @@ static int virtio_gpu_object_shmem_init(struct virtio_gpu_device *vgdev, + * since virtio_gpu doesn't support dma-buf import from other devices. + */ + shmem->pages = drm_gem_shmem_get_sg_table(&bo->base.base); +- if (!shmem->pages) { ++ if (IS_ERR(shmem->pages)) { + drm_gem_shmem_unpin(&bo->base.base); +- return -EINVAL; ++ shmem->pages = NULL; ++ return PTR_ERR(shmem->pages); + } + + if (use_dma_api) { +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c +index baadead947c8b..5f9ec1d1464a2 100644 +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -1197,6 +1197,7 @@ int hid_open_report(struct hid_device *device) + __u8 *end; + __u8 *next; + int ret; ++ int i; + static int (*dispatch_type[])(struct hid_parser *parser, + struct hid_item *item) = { + hid_parser_main, +@@ -1247,6 +1248,8 @@ int hid_open_report(struct hid_device *device) + goto err; + } + device->collection_size = HID_DEFAULT_NUM_COLLECTIONS; ++ for (i = 0; i < HID_DEFAULT_NUM_COLLECTIONS; i++) ++ device->collection[i].parent_idx = -1; + + ret = -EINVAL; + while ((next = fetch_item(start, end, &item)) != NULL) { +diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b/drivers/infiniband/hw/hfi1/user_exp_rcv.c +index 897923981855d..0e0be6c62e3d1 100644 +--- a/drivers/infiniband/hw/hfi1/user_exp_rcv.c ++++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.c +@@ -202,16 +202,11 @@ static void unpin_rcv_pages(struct hfi1_filedata *fd, + static int pin_rcv_pages(struct hfi1_filedata *fd, struct tid_user_buf *tidbuf) + { + int pinned; +- unsigned int npages; ++ unsigned int npages = tidbuf->npages; + unsigned long vaddr = tidbuf->vaddr; + struct page **pages = NULL; + struct hfi1_devdata *dd = fd->uctxt->dd; + +- /* Get the number of pages the user buffer spans */ +- npages = num_user_pages(vaddr, tidbuf->length); +- if (!npages) +- return -EINVAL; +- + if (npages > fd->uctxt->expected_count) { + dd_dev_err(dd, "Expected buffer too big\n"); + return -EINVAL; +@@ -238,7 +233,6 @@ static int pin_rcv_pages(struct hfi1_filedata *fd, struct tid_user_buf *tidbuf) + return pinned; + } + tidbuf->pages = pages; +- tidbuf->npages = npages; + fd->tid_n_pinned += pinned; + return pinned; + } +@@ -316,6 +310,7 @@ int hfi1_user_exp_rcv_setup(struct hfi1_filedata *fd, + mutex_init(&tidbuf->cover_mutex); + tidbuf->vaddr = tinfo->vaddr; + tidbuf->length = tinfo->length; ++ tidbuf->npages = num_user_pages(tidbuf->vaddr, tidbuf->length); + tidbuf->psets = kcalloc(uctxt->expected_count, sizeof(*tidbuf->psets), + GFP_KERNEL); + if (!tidbuf->psets) { +diff --git a/drivers/md/md.c b/drivers/md/md.c +index 3038e7ecb7e16..c0b34637bd667 100644 +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -5683,6 +5683,7 @@ static int md_alloc(dev_t dev, char *name) + * completely removed (mddev_delayed_delete). + */ + flush_workqueue(md_misc_wq); ++ flush_workqueue(md_rdev_misc_wq); + + mutex_lock(&disks_mutex); + error = -EEXIST; +diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c +index f566eb1839dc5..71e091f879f0e 100644 +--- a/drivers/tty/vt/vc_screen.c ++++ b/drivers/tty/vt/vc_screen.c +@@ -403,10 +403,11 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) + unsigned int this_round, skip = 0; + int size; + +- ret = -ENXIO; + vc = vcs_vc(inode, &viewed); +- if (!vc) +- goto unlock_out; ++ if (!vc) { ++ ret = -ENXIO; ++ break; ++ } + + /* Check whether we are above size each round, + * as copy_to_user at the end of this loop +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 5925b8eb9ee38..7af2def631a24 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -2380,9 +2380,8 @@ static int usb_enumerate_device_otg(struct usb_device *udev) + * usb_enumerate_device - Read device configs/intfs/otg (usbcore-internal) + * @udev: newly addressed device (in ADDRESS state) + * +- * This is only called by usb_new_device() and usb_authorize_device() +- * and FIXME -- all comments that apply to them apply here wrt to +- * environment. ++ * This is only called by usb_new_device() -- all comments that apply there ++ * apply here wrt to environment. + * + * If the device is WUSB and not authorized, we don't attempt to read + * the string descriptors, as they will be errored out by the device +diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c +index 8d134193fa0cf..a2ca38e25e0c3 100644 +--- a/drivers/usb/core/sysfs.c ++++ b/drivers/usb/core/sysfs.c +@@ -889,11 +889,7 @@ read_descriptors(struct file *filp, struct kobject *kobj, + size_t srclen, n; + int cfgno; + void *src; +- int retval; + +- retval = usb_lock_device_interruptible(udev); +- if (retval < 0) +- return -EINTR; + /* The binary attribute begins with the device descriptor. + * Following that are the raw descriptor entries for all the + * configurations (config plus subsidiary descriptors). +@@ -918,7 +914,6 @@ read_descriptors(struct file *filp, struct kobject *kobj, + off -= srclen; + } + } +- usb_unlock_device(udev); + return count - nleft; + } + +diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c +index 2caccbb6e0140..7b54e814aefb1 100644 +--- a/drivers/usb/gadget/function/u_serial.c ++++ b/drivers/usb/gadget/function/u_serial.c +@@ -81,6 +81,9 @@ + #define WRITE_BUF_SIZE 8192 /* TX only */ + #define GS_CONSOLE_BUF_SIZE 8192 + ++/* Prevents race conditions while accessing gser->ioport */ ++static DEFINE_SPINLOCK(serial_port_lock); ++ + /* console info */ + struct gs_console { + struct console console; +@@ -1376,8 +1379,10 @@ void gserial_disconnect(struct gserial *gser) + if (!port) + return; + ++ spin_lock_irqsave(&serial_port_lock, flags); ++ + /* tell the TTY glue not to do I/O here any more */ +- spin_lock_irqsave(&port->port_lock, flags); ++ spin_lock(&port->port_lock); + + gs_console_disconnect(port); + +@@ -1392,7 +1397,8 @@ void gserial_disconnect(struct gserial *gser) + tty_hangup(port->port.tty); + } + port->suspended = false; +- spin_unlock_irqrestore(&port->port_lock, flags); ++ spin_unlock(&port->port_lock); ++ spin_unlock_irqrestore(&serial_port_lock, flags); + + /* disable endpoints, aborting down any active I/O */ + usb_ep_disable(gser->out); +@@ -1426,10 +1432,19 @@ EXPORT_SYMBOL_GPL(gserial_suspend); + + void gserial_resume(struct gserial *gser) + { +- struct gs_port *port = gser->ioport; ++ struct gs_port *port; + unsigned long flags; + +- spin_lock_irqsave(&port->port_lock, flags); ++ spin_lock_irqsave(&serial_port_lock, flags); ++ port = gser->ioport; ++ ++ if (!port) { ++ spin_unlock_irqrestore(&serial_port_lock, flags); ++ return; ++ } ++ ++ spin_lock(&port->port_lock); ++ spin_unlock(&serial_port_lock); + port->suspended = false; + if (!port->start_delayed) { + spin_unlock_irqrestore(&port->port_lock, flags); +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 2fc65cbbfea95..14a7af7f3bcd7 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -402,6 +402,8 @@ static void option_instat_callback(struct urb *urb); + #define LONGCHEER_VENDOR_ID 0x1c9e + + /* 4G Systems products */ ++/* This one was sold as the VW and Skoda "Carstick LTE" */ ++#define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 + /* This is the 4G XS Stick W14 a.k.a. Mobilcom Debitel Surf-Stick * + * It seems to contain a Qualcomm QSC6240/6290 chipset */ + #define FOUR_G_SYSTEMS_PRODUCT_W14 0x9603 +@@ -1976,6 +1978,8 @@ static const struct usb_device_id option_ids[] = { + .driver_info = RSVD(2) }, + { USB_DEVICE(AIRPLUS_VENDOR_ID, AIRPLUS_PRODUCT_MCD650) }, + { USB_DEVICE(TLAYTECH_VENDOR_ID, TLAYTECH_PRODUCT_TEU800) }, ++ { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE), ++ .driver_info = RSVD(0) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W14), + .driver_info = NCTRL(0) | NCTRL(1) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W100), +diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c +index 4a6ba0997e399..b081b61e97c8d 100644 +--- a/fs/btrfs/send.c ++++ b/fs/btrfs/send.c +@@ -7276,10 +7276,10 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) + /* + * Check that we don't overflow at later allocations, we request + * clone_sources_count + 1 items, and compare to unsigned long inside +- * access_ok. ++ * access_ok. Also set an upper limit for allocation size so this can't ++ * easily exhaust memory. Max number of clone sources is about 200K. + */ +- if (arg->clone_sources_count > +- ULONG_MAX / sizeof(struct clone_root) - 1) { ++ if (arg->clone_sources_count > SZ_8M / sizeof(struct clone_root)) { + ret = -EINVAL; + goto out; + } +diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c +index 642e1a0560c6d..0c27b81ee1eb7 100644 +--- a/io_uring/io_uring.c ++++ b/io_uring/io_uring.c +@@ -1092,7 +1092,8 @@ static int __io_register_rsrc_update(struct io_ring_ctx *ctx, unsigned type, + unsigned nr_args); + static void io_clean_op(struct io_kiocb *req); + static struct file *io_file_get(struct io_ring_ctx *ctx, +- struct io_kiocb *req, int fd, bool fixed); ++ struct io_kiocb *req, int fd, bool fixed, ++ unsigned int issue_flags); + static void __io_queue_sqe(struct io_kiocb *req); + static void io_rsrc_put_work(struct work_struct *work); + +@@ -3975,7 +3976,7 @@ static int io_tee(struct io_kiocb *req, unsigned int issue_flags) + return -EAGAIN; + + in = io_file_get(req->ctx, req, sp->splice_fd_in, +- (sp->flags & SPLICE_F_FD_IN_FIXED)); ++ (sp->flags & SPLICE_F_FD_IN_FIXED), issue_flags); + if (!in) { + ret = -EBADF; + goto done; +@@ -4015,7 +4016,7 @@ static int io_splice(struct io_kiocb *req, unsigned int issue_flags) + return -EAGAIN; + + in = io_file_get(req->ctx, req, sp->splice_fd_in, +- (sp->flags & SPLICE_F_FD_IN_FIXED)); ++ (sp->flags & SPLICE_F_FD_IN_FIXED), issue_flags); + if (!in) { + ret = -EBADF; + goto done; +@@ -6876,13 +6877,16 @@ static void io_fixed_file_set(struct io_fixed_file *file_slot, struct file *file + } + + static inline struct file *io_file_get_fixed(struct io_ring_ctx *ctx, +- struct io_kiocb *req, int fd) ++ struct io_kiocb *req, int fd, ++ unsigned int issue_flags) + { +- struct file *file; ++ struct file *file = NULL; + unsigned long file_ptr; + ++ io_ring_submit_lock(ctx, !(issue_flags & IO_URING_F_NONBLOCK)); ++ + if (unlikely((unsigned int)fd >= ctx->nr_user_files)) +- return NULL; ++ goto out; + fd = array_index_nospec(fd, ctx->nr_user_files); + file_ptr = io_fixed_file_slot(&ctx->file_table, fd)->file_ptr; + file = (struct file *) (file_ptr & FFS_MASK); +@@ -6890,6 +6894,8 @@ static inline struct file *io_file_get_fixed(struct io_ring_ctx *ctx, + /* mask in overlapping REQ_F and FFS bits */ + req->flags |= (file_ptr << REQ_F_NOWAIT_READ_BIT); + io_req_set_rsrc_node(req); ++out: ++ io_ring_submit_unlock(ctx, !(issue_flags & IO_URING_F_NONBLOCK)); + return file; + } + +@@ -6907,10 +6913,11 @@ static struct file *io_file_get_normal(struct io_ring_ctx *ctx, + } + + static inline struct file *io_file_get(struct io_ring_ctx *ctx, +- struct io_kiocb *req, int fd, bool fixed) ++ struct io_kiocb *req, int fd, bool fixed, ++ unsigned int issue_flags) + { + if (fixed) +- return io_file_get_fixed(ctx, req, fd); ++ return io_file_get_fixed(ctx, req, fd, issue_flags); + else + return io_file_get_normal(ctx, req, fd); + } +@@ -7132,7 +7139,7 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req, + + if (io_op_defs[req->opcode].needs_file) { + req->file = io_file_get(ctx, req, READ_ONCE(sqe->fd), +- (sqe_flags & IOSQE_FIXED_FILE)); ++ (sqe_flags & IOSQE_FIXED_FILE), 0); + if (unlikely(!req->file)) + ret = -EBADF; + } +diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c +index 9d26c5e9da058..d35ea927ca8af 100644 +--- a/net/caif/caif_socket.c ++++ b/net/caif/caif_socket.c +@@ -1020,6 +1020,7 @@ static void caif_sock_destructor(struct sock *sk) + return; + } + sk_stream_kill_queues(&cf_sk->sk); ++ WARN_ON(sk->sk_forward_alloc); + caif_free_client(&cf_sk->layer); + } + +diff --git a/net/core/filter.c b/net/core/filter.c +index a5df0cf46bbf8..b9c954182b375 100644 +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -5401,7 +5401,7 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, + neigh = __ipv6_neigh_lookup_noref_stub(dev, dst); + } + +- if (!neigh) ++ if (!neigh || !(neigh->nud_state & NUD_VALID)) + return BPF_FIB_LKUP_RET_NO_NEIGH; + + return bpf_fib_set_fwd_params(params, neigh, dev); +@@ -5514,7 +5514,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params, + * not needed here. + */ + neigh = __ipv6_neigh_lookup_noref_stub(dev, dst); +- if (!neigh) ++ if (!neigh || !(neigh->nud_state & NUD_VALID)) + return BPF_FIB_LKUP_RET_NO_NEIGH; + + return bpf_fib_set_fwd_params(params, neigh, dev); +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index f6f580e9d2820..82ccc3eebe71d 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -242,7 +242,7 @@ static int neigh_forced_gc(struct neigh_table *tbl) + (n->nud_state == NUD_NOARP) || + (tbl->is_multicast && + tbl->is_multicast(n->primary_key)) || +- time_after(tref, n->updated)) ++ !time_in_range(n->updated, tref, jiffies)) + remove = true; + write_unlock(&n->lock); + +@@ -262,7 +262,17 @@ static int neigh_forced_gc(struct neigh_table *tbl) + + static void neigh_add_timer(struct neighbour *n, unsigned long when) + { ++ /* Use safe distance from the jiffies - LONG_MAX point while timer ++ * is running in DELAY/PROBE state but still show to user space ++ * large times in the past. ++ */ ++ unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); ++ + neigh_hold(n); ++ if (!time_in_range(n->confirmed, mint, jiffies)) ++ n->confirmed = mint; ++ if (time_before(n->used, n->confirmed)) ++ n->used = n->confirmed; + if (unlikely(mod_timer(&n->timer, when))) { + printk("NEIGH: BUG, double timer add, state is %x\n", + n->nud_state); +@@ -948,12 +958,14 @@ static void neigh_periodic_work(struct work_struct *work) + goto next_elt; + } + +- if (time_before(n->used, n->confirmed)) ++ if (time_before(n->used, n->confirmed) && ++ time_is_before_eq_jiffies(n->confirmed)) + n->used = n->confirmed; + + if (refcount_read(&n->refcnt) == 1 && + (state == NUD_FAILED || +- time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { ++ !time_in_range_open(jiffies, n->used, ++ n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { + *np = n->next; + neigh_mark_dead(n); + write_unlock(&n->lock); +diff --git a/net/core/stream.c b/net/core/stream.c +index d7c5413d16d57..cd60746877b1e 100644 +--- a/net/core/stream.c ++++ b/net/core/stream.c +@@ -209,7 +209,6 @@ void sk_stream_kill_queues(struct sock *sk) + sk_mem_reclaim(sk); + + WARN_ON(sk->sk_wmem_queued); +- WARN_ON(sk->sk_forward_alloc); + + /* It is _impossible_ for the backlog to contain anything + * when we get here. All user references to this socket +diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c +index da518b4ca84c6..e4f21a6924153 100644 +--- a/net/xfrm/xfrm_interface.c ++++ b/net/xfrm/xfrm_interface.c +@@ -207,6 +207,52 @@ static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet) + skb->mark = 0; + } + ++static int xfrmi_input(struct sk_buff *skb, int nexthdr, __be32 spi, ++ int encap_type, unsigned short family) ++{ ++ struct sec_path *sp; ++ ++ sp = skb_sec_path(skb); ++ if (sp && (sp->len || sp->olen) && ++ !xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family)) ++ goto discard; ++ ++ XFRM_SPI_SKB_CB(skb)->family = family; ++ if (family == AF_INET) { ++ XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); ++ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; ++ } else { ++ XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr); ++ XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL; ++ } ++ ++ return xfrm_input(skb, nexthdr, spi, encap_type); ++discard: ++ kfree_skb(skb); ++ return 0; ++} ++ ++static int xfrmi4_rcv(struct sk_buff *skb) ++{ ++ return xfrmi_input(skb, ip_hdr(skb)->protocol, 0, 0, AF_INET); ++} ++ ++static int xfrmi6_rcv(struct sk_buff *skb) ++{ ++ return xfrmi_input(skb, skb_network_header(skb)[IP6CB(skb)->nhoff], ++ 0, 0, AF_INET6); ++} ++ ++static int xfrmi4_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ++{ ++ return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET); ++} ++ ++static int xfrmi6_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) ++{ ++ return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET6); ++} ++ + static int xfrmi_rcv_cb(struct sk_buff *skb, int err) + { + const struct xfrm_mode *inner_mode; +@@ -780,8 +826,8 @@ static struct pernet_operations xfrmi_net_ops = { + }; + + static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = { +- .handler = xfrm6_rcv, +- .input_handler = xfrm_input, ++ .handler = xfrmi6_rcv, ++ .input_handler = xfrmi6_input, + .cb_handler = xfrmi_rcv_cb, + .err_handler = xfrmi6_err, + .priority = 10, +@@ -831,8 +877,8 @@ static struct xfrm6_tunnel xfrmi_ip6ip_handler __read_mostly = { + #endif + + static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = { +- .handler = xfrm4_rcv, +- .input_handler = xfrm_input, ++ .handler = xfrmi4_rcv, ++ .input_handler = xfrmi4_input, + .cb_handler = xfrmi_rcv_cb, + .err_handler = xfrmi4_err, + .priority = 10, +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 0d12bdf59d4cc..d15aa62887de0 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -3710,6 +3710,9 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, + goto reject; + } + ++ if (if_id) ++ secpath_reset(skb); ++ + xfrm_pols_put(pols, npols); + return 1; + } +diff --git a/scripts/tags.sh b/scripts/tags.sh +index fd96734deff13..b82aebb0c995e 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -95,10 +95,13 @@ all_sources() + + all_compiled_sources() + { +- realpath -es $([ -z "$KBUILD_ABS_SRCTREE" ] && echo --relative-to=.) \ +- include/generated/autoconf.h $(find $ignore -name "*.cmd" -exec \ +- grep -Poh '(?(?=^source_.* \K).*|(?=^ \K\S).*(?= \\))' {} \+ | +- awk '!a[$0]++') | sort -u ++ { ++ echo include/generated/autoconf.h ++ find $ignore -name "*.cmd" -exec \ ++ sed -n -E 's/^source_.* (.*)/\1/p; s/^ (\S.*) \\/\1/p' {} \+ | ++ awk '!a[$0]++' ++ } | xargs realpath -es $([ -z "$KBUILD_ABS_SRCTREE" ] && echo --relative-to=.) | ++ sort -u + } + + all_target_sources()