diff --git a/android/GKI_VERSION b/android/GKI_VERSION
index bd9b804cabb4..7e78336305f9 100644
--- a/android/GKI_VERSION
+++ b/android/GKI_VERSION
@@ -1 +1 @@
-LTS_5.4.180_459ed28f1a6a
+LTS_5.4.180_e7792e2790f3
diff --git a/android/abi_gki_aarch64.xml b/android/abi_gki_aarch64.xml
index 01cb47c74fef..418e0aa0fdcb 100644
--- a/android/abi_gki_aarch64.xml
+++ b/android/abi_gki_aarch64.xml
@@ -64,6 +64,7 @@
+
@@ -488,6 +489,7 @@
+
@@ -1018,12 +1020,14 @@
+
+
@@ -1694,6 +1698,7 @@
+
@@ -1808,6 +1813,7 @@
+
@@ -2384,6 +2390,7 @@
+
@@ -2764,6 +2771,7 @@
+
@@ -4337,6 +4345,7 @@
+
@@ -4857,7 +4866,9 @@
+
+
@@ -4928,6 +4939,7 @@
+
@@ -28343,7 +28355,7 @@
-
+
@@ -28631,7 +28643,7 @@
-
+
@@ -55580,6 +55592,8 @@
+
+
@@ -56128,6 +56142,12 @@
+
+
+
+
+
+
@@ -67807,6 +67827,11 @@
+
+
+
+
+
@@ -108155,7 +108180,7 @@
-
+
@@ -145183,6 +145208,13 @@
+
+
+
+
+
+
+
@@ -146812,6 +146844,10 @@
+
+
+
+
@@ -147183,6 +147219,13 @@
+
+
+
+
+
+
+
@@ -147366,7 +147409,7 @@
-
+
@@ -149785,6 +149828,9 @@
+
+
+
@@ -150558,6 +150604,10 @@
+
+
+
+
@@ -150913,6 +150963,10 @@
+
+
+
+
@@ -151104,6 +151158,9 @@
+
+
+
@@ -151112,6 +151169,11 @@
+
+
+
+
+
@@ -151154,6 +151216,7 @@
+
@@ -165057,6 +165120,13 @@
+
+
+
+
+
+
+
@@ -168808,7 +168878,7 @@
-
+
@@ -168816,7 +168886,7 @@
-
+
@@ -168824,7 +168894,7 @@
-
+
@@ -173561,7 +173631,7 @@
-
+
@@ -173725,7 +173795,7 @@
-
+
diff --git a/android/abi_gki_aarch64_459ed28f1a6a.xml b/android/abi_gki_aarch64_e7792e2790f3.xml
similarity index 99%
rename from android/abi_gki_aarch64_459ed28f1a6a.xml
rename to android/abi_gki_aarch64_e7792e2790f3.xml
index 57d5da86f939..2e502f618dbd 100644
--- a/android/abi_gki_aarch64_459ed28f1a6a.xml
+++ b/android/abi_gki_aarch64_e7792e2790f3.xml
@@ -7344,18 +7344,18 @@
-
+
-
+
-
+
-
+
-
+
@@ -8062,204 +8062,204 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -9632,84 +9632,84 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -10204,7 +10204,7 @@
-
+
@@ -11025,99 +11025,99 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -11497,13 +11497,13 @@
-
+
-
+
@@ -11641,7 +11641,7 @@
-
+
@@ -13019,7 +13019,7 @@
-
+
@@ -13045,20 +13045,20 @@
-
+
-
+
-
+
-
+
-
+
-
+
@@ -13088,26 +13088,26 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -14293,12 +14293,12 @@
-
+
-
+
-
+
@@ -14335,15 +14335,15 @@
-
+
-
+
-
+
-
+
@@ -14375,7 +14375,7 @@
-
+
@@ -16675,48 +16675,48 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -21018,24 +21018,24 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -22015,7 +22015,7 @@
-
+
@@ -22390,7 +22390,7 @@
-
+
@@ -80767,7 +80767,7 @@
-
+
@@ -80899,7 +80899,7 @@
-
+
@@ -80907,7 +80907,7 @@
-
+
@@ -93206,7 +93206,7 @@
-
+
@@ -93537,11 +93537,11 @@
-
+
-
+
@@ -104146,48 +104146,48 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -104273,322 +104273,322 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
-
+
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -106023,20 +106023,20 @@
-
+
-
+
-
+
-
+
-
+
-
+
@@ -106107,31 +106107,31 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -106308,9 +106308,9 @@
-
+
-
+
@@ -106443,87 +106443,87 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -106726,7 +106726,7 @@
-
+
@@ -106820,18 +106820,18 @@
-
+
-
+
-
+
-
+
-
+
@@ -133422,62 +133422,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -133664,6 +133608,62 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -134755,11 +134755,11 @@
-
-
-
-
-
+
+
+
+
+
@@ -136497,6 +136497,282 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -136550,6 +136826,91 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -136564,24 +136925,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -136684,29 +137027,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -136977,326 +137297,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -138620,7 +138620,7 @@
-
+
@@ -138892,7 +138892,7 @@
-
+
@@ -139670,6 +139670,7 @@
+
@@ -139696,7 +139697,7 @@
-
+
@@ -140195,70 +140196,70 @@
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -140266,13 +140267,13 @@
-
+
-
+
@@ -140281,13 +140282,13 @@
-
+
-
+
@@ -140324,25 +140325,25 @@
-
+
-
+
-
+
-
+
@@ -140352,7 +140353,7 @@
-
+
@@ -140381,7 +140382,6 @@
-
@@ -141630,7 +141630,6 @@
-
diff --git a/android/abi_gki_aarch64_galaxy b/android/abi_gki_aarch64_galaxy
index db6e276ab3a6..5e5ddaccee68 100644
--- a/android/abi_gki_aarch64_galaxy
+++ b/android/abi_gki_aarch64_galaxy
@@ -1,4 +1,6 @@
[abi_symbol_list]
+ LZ4_decompress_safe
+ PDE_DATA
___ratelimit
__alloc_disk_node
__alloc_pages_nodemask
@@ -40,6 +42,7 @@
__cpuhp_setup_state_cpuslocked
__dev_kfree_skb_any
__dev_kfree_skb_irq
+ __devm_alloc_percpu
__devm_iio_device_register
__devm_irq_alloc_descs
__devm_of_phy_provider_register
@@ -150,9 +153,9 @@
__srcu_read_unlock
__stack_chk_fail
__stack_chk_guard
- __sw_hweight8
__sw_hweight32
__sw_hweight64
+ __sw_hweight8
__sync_dirty_buffer
__task_pid_nr_ns
__tasklet_hi_schedule
@@ -162,7 +165,9 @@
__tracepoint_android_vh_ipi_stop
__tracepoint_android_vh_is_fpsimd_save
__tracepoint_android_vh_kfree_skb
+ __tracepoint_android_vh_printk_store
__tracepoint_android_vh_ptype_head
+ __tracepoint_android_vh_show_regs
__tracepoint_android_vh_wq_lockup_pool
__tracepoint_device_pm_callback_end
__tracepoint_device_pm_callback_start
@@ -286,6 +291,7 @@
blk_rq_unmap_user
blk_stat_enable_accounting
blk_verify_command
+ blkdev_fsync
blkdev_get_by_dev
blkdev_get_by_path
blkdev_put
@@ -590,6 +596,7 @@
devm_extcon_register_notifier
devm_free_irq
devm_fwnode_get_index_gpiod_from_child
+ devm_gen_pool_create
devm_gpio_request
devm_gpio_request_one
devm_gpiochip_add_data
@@ -609,6 +616,7 @@
devm_kmalloc
devm_kmemdup
devm_kstrdup
+ devm_kstrdup_const
devm_led_classdev_register_ext
devm_nvmem_cell_get
devm_nvmem_device_get
@@ -727,8 +735,8 @@
dmaengine_unmap_put
dmam_alloc_attrs
dmam_free_coherent
- do_exit
do_SAK
+ do_exit
do_wait_intr
down
down_interruptible
@@ -1011,6 +1019,7 @@
find_vpid
finish_wait
firmware_request_nowarn
+ fixed_size_llseek
flush_dcache_page
flush_delayed_work
flush_work
@@ -1055,8 +1064,10 @@
generic_file_splice_read
generic_handle_irq
generic_mii_ioctl
+ generic_perform_write
generic_read_dir
generic_shutdown_super
+ generic_write_checks
genl_register_family
genl_unregister_family
genlmsg_put
@@ -1068,6 +1079,7 @@
get_pid_task
get_random_bytes
get_random_u32
+ get_random_u64
get_task_exe_file
get_task_mm
get_task_pid
@@ -1101,6 +1113,7 @@
gpio_to_desc
gpiochip_add_data_with_key
gpiochip_add_pin_range
+ gpiochip_find
gpiochip_generic_free
gpiochip_generic_request
gpiochip_get_data
@@ -1110,10 +1123,10 @@
gpiochip_remove
gpiochip_set_nested_irqchip
gpiochip_unlock_as_irq
+ gpiod_cansleep
gpiod_direction_input
gpiod_direction_output
gpiod_direction_output_raw
- gpiod_cansleep
gpiod_get_optional
gpiod_get_raw_value
gpiod_get_raw_value_cansleep
@@ -1223,9 +1236,9 @@
iio_read_channel_processed
iio_read_channel_raw
import_iovec
+ in6_pton
in_aton
in_egroup_p
- in6_pton
init_dummy_netdev
init_net
init_srcu_struct
@@ -1309,6 +1322,7 @@
ion_heap_unmap_kernel
ion_query_heaps_kernel
iounmap
+ iov_iter_kvec
iput
ipv6_stub
irq_chip_ack_parent
@@ -1362,14 +1376,15 @@
iterate_dir
iterate_fd
jiffies
+ jiffies64_to_msecs
jiffies_64_to_clock_t
jiffies_to_msecs
jiffies_to_usecs
- jiffies64_to_msecs
kasprintf
kern_path
kernel_bind
kernel_connect
+ kernel_cpustat
kernel_getsockname
kernel_kobj
kernel_read
@@ -1401,6 +1416,8 @@
kmem_cache_free
kmemdup
kmemdup_nul
+ kmsg_dump_get_line
+ kmsg_dump_rewind
kobject_add
kobject_create_and_add
kobject_del
@@ -1478,7 +1495,6 @@
lockref_get
lookup_one_len
loops_per_jiffy
- LZ4_decompress_safe
map_vm_area
match_int
match_token
@@ -1593,6 +1609,7 @@
ns_to_timespec
ns_to_timespec64
ns_to_timeval
+ nsec_to_clock_t
nsecs_to_jiffies
nvmem_cell_get
nvmem_cell_put
@@ -1770,7 +1787,6 @@
pci_write_config_dword
pcie_capability_read_word
pcim_enable_device
- PDE_DATA
perf_trace_buf_alloc
perf_trace_run_bpf_submit
pfn_valid
@@ -1940,6 +1956,7 @@
regmap_bulk_write
regmap_field_read
regmap_field_update_bits_base
+ regmap_mmio_detach_clk
regmap_multi_reg_write
regmap_multi_reg_write_bypassed
regmap_raw_read
@@ -1979,7 +1996,6 @@
regulatory_set_wiphy_regd_sync_rtnl
release_firmware
release_sock
- regmap_mmio_detach_clk
remap_pfn_range
remap_vmalloc_range
remove_proc_entry
@@ -2023,6 +2039,8 @@
rpmsg_trysend
rpmsg_unregister_device
rps_needed
+ rt_mutex_lock
+ rt_mutex_unlock
rtc_class_close
rtc_class_open
rtc_read_time
@@ -2033,8 +2051,6 @@
rtnl_is_locked
rtnl_lock
rtnl_unlock
- rt_mutex_lock
- rt_mutex_unlock
runqueues
save_stack_trace
save_stack_trace_tsk
@@ -2532,6 +2548,8 @@
unlock_rename
unmap_mapping_range
unregister_chrdev_region
+ unregister_console
+ unregister_die_notifier
unregister_filesystem
unregister_inet6addr_notifier
unregister_inetaddr_notifier
@@ -2722,7 +2740,6 @@
usbnet_write_cmd_nopm
user_path_at_empty
usleep_range
- v4l_bound_align_image
v4l2_ctrl_find
v4l2_ctrl_g_ctrl
v4l2_ctrl_get_name
@@ -2764,6 +2781,7 @@
v4l2_subdev_call_wrappers
v4l2_subdev_init
v4l2_type_names
+ v4l_bound_align_image
vabits_actual
vb2_buffer_done
vb2_common_vm_ops
@@ -2810,6 +2828,7 @@
vfs_create
vfs_fallocate
vfs_fsync
+ vfs_fsync_range
vfs_getattr
vfs_getxattr
vfs_link
diff --git a/android/abi_gki_aarch64_sunxi b/android/abi_gki_aarch64_sunxi
index 890759b51caf..c79db94302e6 100644
--- a/android/abi_gki_aarch64_sunxi
+++ b/android/abi_gki_aarch64_sunxi
@@ -308,3 +308,6 @@
dev_pm_opp_put_prop_name
dev_pm_opp_put_supported_hw
dev_pm_opp_set_prop_name
+
+# required by disp.ko
+ devm_extcon_dev_free
diff --git a/build.config.common b/build.config.common
index cadb2c7acfa2..b2a3b7dbd4c4 100644
--- a/build.config.common
+++ b/build.config.common
@@ -9,6 +9,7 @@ CLANG_PREBUILT_BIN=prebuilts-master/clang/host/linux-x86/clang-r416183b/bin
DEPMOD=depmod
BUILDTOOLS_PREBUILT_BIN=build/build-tools/path/linux-x86
+KCFLAGS="${KCFLAGS} -D__ANDROID_COMMON_KERNEL__"
STOP_SHIP_TRACEPRINTK=1
IN_KERNEL_MODULES=1
DO_NOT_STRIP_MODULES=1
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index d47ff34678d3..3fcfb4e41c65 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -989,9 +989,17 @@ static int virtblk_probe(struct virtio_device *vdev)
err = virtio_cread_feature(vdev, VIRTIO_BLK_F_BLK_SIZE,
struct virtio_blk_config, blk_size,
&blk_size);
- if (!err)
+ if (!err) {
+ err = blk_validate_block_size(blk_size);
+ if (err) {
+ dev_err(&vdev->dev,
+ "virtio_blk: invalid block size: 0x%x\n",
+ blk_size);
+ goto out_cleanup_disk;
+ }
+
blk_queue_logical_block_size(q, blk_size);
- else
+ } else
blk_size = queue_logical_block_size(q);
/* Use topology information if available */
@@ -1061,6 +1069,8 @@ static int virtblk_probe(struct virtio_device *vdev)
device_add_disk(&vdev->dev, vblk->disk, virtblk_attr_groups);
return 0;
+out_cleanup_disk:
+ blk_cleanup_queue(vblk->disk->queue);
out_free_tags:
blk_mq_free_tag_set(&vblk->tag_set);
out_put_disk:
diff --git a/drivers/md/dm-bow.c b/drivers/md/dm-bow.c
index 62a1203589b2..ee4359fe6bfa 100644
--- a/drivers/md/dm-bow.c
+++ b/drivers/md/dm-bow.c
@@ -599,6 +599,7 @@ static void dm_bow_dtr(struct dm_target *ti)
struct bow_context *bc = (struct bow_context *) ti->private;
struct kobject *kobj;
+ mutex_lock(&bc->ranges_lock);
while (rb_first(&bc->ranges)) {
struct bow_range *br = container_of(rb_first(&bc->ranges),
struct bow_range, node);
@@ -606,6 +607,8 @@ static void dm_bow_dtr(struct dm_target *ti)
rb_erase(&br->node, &bc->ranges);
kfree(br);
}
+ mutex_unlock(&bc->ranges_lock);
+
if (bc->workqueue)
destroy_workqueue(bc->workqueue);
if (bc->bufio)
@@ -1182,6 +1185,7 @@ static void dm_bow_tablestatus(struct dm_target *ti, char *result,
return;
}
+ mutex_lock(&bc->ranges_lock);
for (i = rb_first(&bc->ranges); i; i = rb_next(i)) {
struct bow_range *br = container_of(i, struct bow_range, node);
@@ -1189,11 +1193,11 @@ static void dm_bow_tablestatus(struct dm_target *ti, char *result,
readable_type[br->type],
(unsigned long long)br->sector);
if (result >= end)
- return;
+ goto unlock;
result += scnprintf(result, end - result, "\n");
if (result >= end)
- return;
+ goto unlock;
if (br->type == TRIMMED)
++trimmed_range_count;
@@ -1215,19 +1219,22 @@ static void dm_bow_tablestatus(struct dm_target *ti, char *result,
if (!rb_next(i)) {
scnprintf(result, end - result,
"\nERROR: Last range not of type TOP");
- return;
+ goto unlock;
}
if (br->sector > range_top(br)) {
scnprintf(result, end - result,
"\nERROR: sectors out of order");
- return;
+ goto unlock;
}
}
if (trimmed_range_count != trimmed_list_length)
scnprintf(result, end - result,
"\nERROR: not all trimmed ranges in trimmed list");
+
+unlock:
+ mutex_unlock(&bc->ranges_lock);
}
static void dm_bow_status(struct dm_target *ti, status_type_t type,
diff --git a/drivers/net/can/usb/ems_usb.c b/drivers/net/can/usb/ems_usb.c
index 249d2fba28c7..6458da9c13b9 100644
--- a/drivers/net/can/usb/ems_usb.c
+++ b/drivers/net/can/usb/ems_usb.c
@@ -823,7 +823,6 @@ static netdev_tx_t ems_usb_start_xmit(struct sk_buff *skb, struct net_device *ne
usb_unanchor_urb(urb);
usb_free_coherent(dev->udev, size, buf, urb->transfer_dma);
- dev_kfree_skb(skb);
atomic_dec(&dev->active_tx_urbs);
diff --git a/drivers/net/can/usb/usb_8dev.c b/drivers/net/can/usb/usb_8dev.c
index c43e98bb6e2d..b514b2eaa318 100644
--- a/drivers/net/can/usb/usb_8dev.c
+++ b/drivers/net/can/usb/usb_8dev.c
@@ -670,9 +670,20 @@ static netdev_tx_t usb_8dev_start_xmit(struct sk_buff *skb,
atomic_inc(&priv->active_tx_urbs);
err = usb_submit_urb(urb, GFP_ATOMIC);
- if (unlikely(err))
- goto failed;
- else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS)
+ if (unlikely(err)) {
+ can_free_echo_skb(netdev, context->echo_index);
+
+ usb_unanchor_urb(urb);
+ usb_free_coherent(priv->udev, size, buf, urb->transfer_dma);
+
+ atomic_dec(&priv->active_tx_urbs);
+
+ if (err == -ENODEV)
+ netif_device_detach(netdev);
+ else
+ netdev_warn(netdev, "failed tx_urb %d\n", err);
+ stats->tx_dropped++;
+ } else if (atomic_read(&priv->active_tx_urbs) >= MAX_TX_URBS)
/* Slow down tx path */
netif_stop_queue(netdev);
@@ -691,19 +702,6 @@ nofreecontext:
return NETDEV_TX_BUSY;
-failed:
- can_free_echo_skb(netdev, context->echo_index);
-
- usb_unanchor_urb(urb);
- usb_free_coherent(priv->udev, size, buf, urb->transfer_dma);
-
- atomic_dec(&priv->active_tx_urbs);
-
- if (err == -ENODEV)
- netif_device_detach(netdev);
- else
- netdev_warn(netdev, "failed tx_urb %d\n", err);
-
nomembuf:
usb_free_urb(urb);
diff --git a/drivers/scsi/ufs/ufs-sysfs.c b/drivers/scsi/ufs/ufs-sysfs.c
index d9d7ccdace24..1d10866df1f6 100644
--- a/drivers/scsi/ufs/ufs-sysfs.c
+++ b/drivers/scsi/ufs/ufs-sysfs.c
@@ -846,7 +846,7 @@ static ssize_t dyn_cap_needed_attribute_show(struct device *dev,
pm_runtime_get_sync(hba->dev);
ret = ufshcd_query_attr(hba, UPIU_QUERY_OPCODE_READ_ATTR,
- QUERY_ATTR_IDN_DYN_CAP_NEEDED, lun, 0, &value);
+ QUERY_ATTR_IDN_DYN_CAP_NEEDED, lun, 0, &value);
pm_runtime_put_sync(hba->dev);
if (ret)
return -EINVAL;
diff --git a/drivers/staging/android/ion/ion_buffer.c b/drivers/staging/android/ion/ion_buffer.c
index 39caa04554a6..eb0e4d285a57 100644
--- a/drivers/staging/android/ion/ion_buffer.c
+++ b/drivers/staging/android/ion/ion_buffer.c
@@ -256,6 +256,9 @@ void *ion_buffer_kmap_get(struct ion_buffer *buffer)
void *vaddr;
if (buffer->kmap_cnt) {
+ if (buffer->kmap_cnt == INT_MAX)
+ return ERR_PTR(-EOVERFLOW);
+
buffer->kmap_cnt++;
return buffer->vaddr;
}
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 89e1a1115a8c..4b95c83ef54a 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -937,7 +937,17 @@ static int fuse_copy_page(struct fuse_copy_state *cs, struct page **pagep,
while (count) {
if (cs->write && cs->pipebufs && page) {
- return fuse_ref_page(cs, page, offset, count);
+ /*
+ * Can't control lifetime of pipe buffers, so always
+ * copy user pages.
+ */
+ if (cs->req->args->user_pages) {
+ err = fuse_copy_fill(cs);
+ if (err)
+ return err;
+ } else {
+ return fuse_ref_page(cs, page, offset, count);
+ }
} else if (!cs->len) {
if (cs->move_pages && page &&
offset == 0 && count == PAGE_SIZE) {
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 5cf13196ce69..efb2a4871291 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1433,6 +1433,7 @@ static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii,
(PAGE_SIZE - ret) & (PAGE_SIZE - 1);
}
+ ap->args.user_pages = true;
if (write)
ap->args.in_pages = 1;
else
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 689b60d86e60..2d9aaf31e01f 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -248,6 +248,7 @@ struct fuse_args {
bool nocreds:1;
bool in_pages:1;
bool out_pages:1;
+ bool user_pages:1;
bool out_argvar:1;
bool page_zeroing:1;
bool page_replace:1;
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index e5ee34f292b4..56998391eaa2 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -60,6 +60,14 @@ struct keyslot_manager;
*/
#define BLKCG_MAX_POLS 5
+static inline int blk_validate_block_size(unsigned int bsize)
+{
+ if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize))
+ return -EINVAL;
+
+ return 0;
+}
+
typedef void (rq_end_io_fn)(struct request *, blk_status_t);
/*
diff --git a/include/net/esp.h b/include/net/esp.h
index 117652eb6ea3..465e38890ee9 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -4,6 +4,8 @@
#include
+#define ESP_SKB_FRAG_MAXSIZE (PAGE_SIZE << SKB_FRAG_PAGE_ORDER)
+
struct ip_esp_hdr;
static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb)
diff --git a/include/net/sock.h b/include/net/sock.h
index 6614449474ab..281c766129ad 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2604,6 +2604,7 @@ extern int sysctl_optmem_max;
extern __u32 sysctl_wmem_default;
extern __u32 sysctl_rmem_default;
+#define SKB_FRAG_PAGE_ORDER get_order(32768)
DECLARE_STATIC_KEY_FALSE(net_high_order_alloc_disable_key);
static inline int sk_get_wmem0(const struct sock *sk, const struct proto *proto)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 8f515391a4ae..bd51b795f7b1 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3680,7 +3680,7 @@ struct sk_buff *skb_segment_list(struct sk_buff *skb,
unsigned int delta_len = 0;
struct sk_buff *tail = NULL;
struct sk_buff *nskb, *tmp;
- int err;
+ int len_diff, err;
skb_push(skb, -skb_network_offset(skb) + offset);
@@ -3720,9 +3720,11 @@ struct sk_buff *skb_segment_list(struct sk_buff *skb,
skb_push(nskb, -skb_network_offset(nskb) + offset);
skb_release_head_state(nskb);
+ len_diff = skb_network_header_len(nskb) - skb_network_header_len(skb);
__copy_skb_header(nskb, skb);
skb_headers_offset_update(nskb, skb_headroom(nskb) - skb_headroom(skb));
+ nskb->transport_header += len_diff;
skb_copy_from_linear_data_offset(skb, -tnl_hlen,
nskb->data - tnl_hlen,
offset + tnl_hlen);
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 00210e55b4cd..ef20f550d2f8 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -277,6 +277,7 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
struct page *page;
struct sk_buff *trailer;
int tailen = esp->tailen;
+ unsigned int allocsz;
/* this is non-NULL only with UDP Encapsulation */
if (x->encap) {
@@ -286,6 +287,10 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
return err;
}
+ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES);
+ if (allocsz > ESP_SKB_FRAG_MAXSIZE)
+ goto cow;
+
if (!skb_cloned(skb)) {
if (tailen <= skb_tailroom(skb)) {
nfrags = 1;
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 7a739f16d82b..79f117e33b80 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -230,6 +230,11 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
struct page *page;
struct sk_buff *trailer;
int tailen = esp->tailen;
+ unsigned int allocsz;
+
+ allocsz = ALIGN(skb->data_len + tailen, L1_CACHE_BYTES);
+ if (allocsz > ESP_SKB_FRAG_MAXSIZE)
+ goto cow;
if (!skb_cloned(skb)) {
if (tailen <= skb_tailroom(skb)) {
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 852bbbbe341f..1a7857d5e10a 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2256,8 +2256,11 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
copy_skb = skb_get(skb);
skb_head = skb->data;
}
- if (copy_skb)
+ if (copy_skb) {
+ memset(&PACKET_SKB_CB(copy_skb)->sa.ll, 0,
+ sizeof(PACKET_SKB_CB(copy_skb)->sa.ll));
skb_set_owner_r(copy_skb, sk);
+ }
}
snaplen = po->rx_ring.frame_size - macoff;
if ((int)snaplen < 0) {
@@ -3403,6 +3406,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
sock_recv_ts_and_drops(msg, sk, skb);
if (msg->msg_name) {
+ const size_t max_len = min(sizeof(skb->cb),
+ sizeof(struct sockaddr_storage));
int copy_len;
/* If the address length field is there to be filled
@@ -3425,6 +3430,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
msg->msg_namelen = sizeof(struct sockaddr_ll);
}
}
+ if (WARN_ON_ONCE(copy_len > max_len)) {
+ copy_len = max_len;
+ msg->msg_namelen = copy_len;
+ }
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len);
}