aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--MAINTAINERS2
-rw-r--r--arch/arm/include/asm/kprobes.h3
-rw-r--r--arch/arm/kernel/kprobes-decode.c777
-rw-r--r--arch/arm/kernel/kprobes.c3
-rw-r--r--arch/arm/kernel/perf_event.c3
-rw-r--r--arch/arm/kernel/smp.c2
-rw-r--r--arch/arm/kernel/sys_oabi-compat.c2
-rw-r--r--arch/arm/mach-davinci/Kconfig6
-rw-r--r--arch/arm/mach-davinci/board-mityomapl138.c4
-rw-r--r--arch/arm/mach-davinci/devices-da8xx.c12
-rw-r--r--arch/arm/mach-davinci/include/mach/debug-macro.S13
-rw-r--r--arch/arm/mach-davinci/include/mach/serial.h2
-rw-r--r--arch/arm/mach-mx3/mach-vpr200.c11
-rw-r--r--arch/arm/mach-mx5/board-mx53_loco.c2
-rw-r--r--arch/arm/mach-mxs/clock-mx28.c7
-rw-r--r--arch/arm/mach-pxa/hx4700.c2
-rw-r--r--arch/arm/mach-pxa/magician.c2
-rw-r--r--arch/arm/mm/proc-xscale.S2
-rw-r--r--arch/arm/plat-mxc/gpio.c7
-rw-r--r--arch/arm/plat-mxc/ssi-fiq.S2
-rw-r--r--arch/powerpc/include/asm/8xx_immap.h4
-rw-r--r--arch/x86/kernel/cpu/amd.c2
-rw-r--r--arch/x86/kernel/reboot_32.S12
-rw-r--r--arch/x86/mm/numa_64.c2
-rw-r--r--drivers/clk/clkdev.c19
-rw-r--r--drivers/input/touchscreen/wm831x-ts.c75
-rw-r--r--drivers/net/amd8111e.c2
-rw-r--r--drivers/net/atl1c/atl1c.h6
-rw-r--r--drivers/net/atl1c/atl1c_main.c14
-rw-r--r--drivers/net/benet/be_main.c1
-rw-r--r--drivers/net/bnx2.c2
-rw-r--r--drivers/net/bnx2x/bnx2x_cmn.c34
-rw-r--r--drivers/net/bonding/bond_3ad.c7
-rw-r--r--drivers/net/ehea/ehea_main.c9
-rw-r--r--drivers/net/fs_enet/mac-fec.c8
-rw-r--r--drivers/net/ftmac100.c8
-rw-r--r--drivers/net/mii.c4
-rw-r--r--drivers/net/netconsole.c8
-rw-r--r--drivers/net/r8169.c99
-rw-r--r--drivers/net/tg3.c8
-rw-r--r--drivers/net/usb/cdc_ether.c14
-rw-r--r--drivers/net/usb/cdc_ncm.c4
-rw-r--r--drivers/net/usb/smsc95xx.c2
-rw-r--r--drivers/net/usb/usbnet.c8
-rw-r--r--drivers/net/veth.c12
-rw-r--r--drivers/net/wireless/ath/ath9k/recv.c2
-rw-r--r--drivers/net/wireless/b43/main.c1
-rw-r--r--drivers/net/wireless/iwlegacy/iwl-4965-tx.c28
-rw-r--r--drivers/net/wireless/iwlegacy/iwl-led.c20
-rw-r--r--drivers/net/wireless/iwlegacy/iwl4965-base.c8
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-agn-rxon.c7
-rw-r--r--drivers/net/wireless/iwlwifi/iwl-agn-tx.c27
-rw-r--r--fs/ubifs/log.c20
-rw-r--r--fs/ubifs/replay.c18
-rw-r--r--fs/ubifs/super.c15
-rw-r--r--include/linux/mfd/wm831x/pdata.h2
-rw-r--r--include/linux/usb/usbnet.h1
-rw-r--r--net/bluetooth/hci_core.c5
-rw-r--r--net/bluetooth/hci_event.c2
-rw-r--r--net/bluetooth/l2cap_core.c1
-rw-r--r--net/bluetooth/sco.c9
-rw-r--r--net/bridge/br_input.c2
-rw-r--r--net/can/bcm.c7
-rw-r--r--net/can/raw.c7
-rw-r--r--net/core/dev.c6
-rw-r--r--net/dsa/Kconfig4
-rw-r--r--net/dsa/mv88e6131.c26
-rw-r--r--net/ipv4/devinet.c2
-rw-r--r--net/ipv4/fib_trie.c3
-rw-r--r--net/ipv4/route.c7
-rw-r--r--net/ipv6/addrconf.c2
-rw-r--r--net/ipv6/esp6.c2
-rw-r--r--net/ipv6/route.c8
-rw-r--r--net/ipv6/udp.c2
-rw-r--r--net/mac80211/cfg.c2
-rw-r--r--net/mac80211/debugfs_netdev.c4
-rw-r--r--net/unix/af_unix.c16
-rw-r--r--net/xfrm/xfrm_replay.c2
-rw-r--r--net/xfrm/xfrm_user.c3
79 files changed, 956 insertions, 543 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
index 2199ba1323d2..16a5c5f2c6a6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -6556,7 +6556,7 @@ S: Maintained
6556F: drivers/usb/host/uhci* 6556F: drivers/usb/host/uhci*
6557 6557
6558USB "USBNET" DRIVER FRAMEWORK 6558USB "USBNET" DRIVER FRAMEWORK
6559M: David Brownell <dbrownell@users.sourceforge.net> 6559M: Oliver Neukum <oneukum@suse.de>
6560L: netdev@vger.kernel.org 6560L: netdev@vger.kernel.org
6561W: http://www.linux-usb.org/usbnet 6561W: http://www.linux-usb.org/usbnet
6562S: Maintained 6562S: Maintained
diff --git a/arch/arm/include/asm/kprobes.h b/arch/arm/include/asm/kprobes.h
index bb8a19bd5822..e46bdd0097eb 100644
--- a/arch/arm/include/asm/kprobes.h
+++ b/arch/arm/include/asm/kprobes.h
@@ -39,10 +39,13 @@ typedef u32 kprobe_opcode_t;
39struct kprobe; 39struct kprobe;
40typedef void (kprobe_insn_handler_t)(struct kprobe *, struct pt_regs *); 40typedef void (kprobe_insn_handler_t)(struct kprobe *, struct pt_regs *);
41 41
42typedef unsigned long (kprobe_check_cc)(unsigned long);
43
42/* Architecture specific copy of original instruction. */ 44/* Architecture specific copy of original instruction. */
43struct arch_specific_insn { 45struct arch_specific_insn {
44 kprobe_opcode_t *insn; 46 kprobe_opcode_t *insn;
45 kprobe_insn_handler_t *insn_handler; 47 kprobe_insn_handler_t *insn_handler;
48 kprobe_check_cc *insn_check_cc;
46}; 49};
47 50
48struct prev_kprobe { 51struct prev_kprobe {
diff --git a/arch/arm/kernel/kprobes-decode.c b/arch/arm/kernel/kprobes-decode.c
index 23891317dc4b..15eeff6aea0e 100644
--- a/arch/arm/kernel/kprobes-decode.c
+++ b/arch/arm/kernel/kprobes-decode.c
@@ -34,9 +34,6 @@
34 * 34 *
35 * *) If the PC is written to by the instruction, the 35 * *) If the PC is written to by the instruction, the
36 * instruction must be fully simulated in software. 36 * instruction must be fully simulated in software.
37 * If it is a conditional instruction, the handler
38 * will use insn[0] to copy its condition code to
39 * set r0 to 1 and insn[1] to "mov pc, lr" to return.
40 * 37 *
41 * *) Otherwise, a modified form of the instruction is 38 * *) Otherwise, a modified form of the instruction is
42 * directly executed. Its handler calls the 39 * directly executed. Its handler calls the
@@ -68,13 +65,17 @@
68 65
69#define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25) 66#define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25)
70 67
68#define is_r15(insn, bitpos) (((insn) & (0xf << bitpos)) == (0xf << bitpos))
69
70/*
71 * Test if load/store instructions writeback the address register.
72 * if P (bit 24) == 0 or W (bit 21) == 1
73 */
74#define is_writeback(insn) ((insn ^ 0x01000000) & 0x01200000)
75
71#define PSR_fs (PSR_f|PSR_s) 76#define PSR_fs (PSR_f|PSR_s)
72 77
73#define KPROBE_RETURN_INSTRUCTION 0xe1a0f00e /* mov pc, lr */ 78#define KPROBE_RETURN_INSTRUCTION 0xe1a0f00e /* mov pc, lr */
74#define SET_R0_TRUE_INSTRUCTION 0xe3a00001 /* mov r0, #1 */
75
76#define truecc_insn(insn) (((insn) & 0xf0000000) | \
77 (SET_R0_TRUE_INSTRUCTION & 0x0fffffff))
78 79
79typedef long (insn_0arg_fn_t)(void); 80typedef long (insn_0arg_fn_t)(void);
80typedef long (insn_1arg_fn_t)(long); 81typedef long (insn_1arg_fn_t)(long);
@@ -419,14 +420,10 @@ insnslot_llret_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
419 420
420static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs) 421static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs)
421{ 422{
422 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
423 kprobe_opcode_t insn = p->opcode; 423 kprobe_opcode_t insn = p->opcode;
424 long iaddr = (long)p->addr; 424 long iaddr = (long)p->addr;
425 int disp = branch_displacement(insn); 425 int disp = branch_displacement(insn);
426 426
427 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn))
428 return;
429
430 if (insn & (1 << 24)) 427 if (insn & (1 << 24))
431 regs->ARM_lr = iaddr + 4; 428 regs->ARM_lr = iaddr + 4;
432 429
@@ -446,14 +443,10 @@ static void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs)
446 443
447static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs) 444static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs)
448{ 445{
449 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
450 kprobe_opcode_t insn = p->opcode; 446 kprobe_opcode_t insn = p->opcode;
451 int rm = insn & 0xf; 447 int rm = insn & 0xf;
452 long rmv = regs->uregs[rm]; 448 long rmv = regs->uregs[rm];
453 449
454 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn))
455 return;
456
457 if (insn & (1 << 5)) 450 if (insn & (1 << 5))
458 regs->ARM_lr = (long)p->addr + 4; 451 regs->ARM_lr = (long)p->addr + 4;
459 452
@@ -463,9 +456,16 @@ static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs)
463 regs->ARM_cpsr |= PSR_T_BIT; 456 regs->ARM_cpsr |= PSR_T_BIT;
464} 457}
465 458
459static void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs)
460{
461 kprobe_opcode_t insn = p->opcode;
462 int rd = (insn >> 12) & 0xf;
463 unsigned long mask = 0xf8ff03df; /* Mask out execution state */
464 regs->uregs[rd] = regs->ARM_cpsr & mask;
465}
466
466static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs) 467static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs)
467{ 468{
468 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
469 kprobe_opcode_t insn = p->opcode; 469 kprobe_opcode_t insn = p->opcode;
470 int rn = (insn >> 16) & 0xf; 470 int rn = (insn >> 16) & 0xf;
471 int lbit = insn & (1 << 20); 471 int lbit = insn & (1 << 20);
@@ -476,9 +476,6 @@ static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs)
476 int reg_bit_vector; 476 int reg_bit_vector;
477 int reg_count; 477 int reg_count;
478 478
479 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn))
480 return;
481
482 reg_count = 0; 479 reg_count = 0;
483 reg_bit_vector = insn & 0xffff; 480 reg_bit_vector = insn & 0xffff;
484 while (reg_bit_vector) { 481 while (reg_bit_vector) {
@@ -510,11 +507,6 @@ static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs)
510 507
511static void __kprobes simulate_stm1_pc(struct kprobe *p, struct pt_regs *regs) 508static void __kprobes simulate_stm1_pc(struct kprobe *p, struct pt_regs *regs)
512{ 509{
513 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
514
515 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn))
516 return;
517
518 regs->ARM_pc = (long)p->addr + str_pc_offset; 510 regs->ARM_pc = (long)p->addr + str_pc_offset;
519 simulate_ldm1stm1(p, regs); 511 simulate_ldm1stm1(p, regs);
520 regs->ARM_pc = (long)p->addr + 4; 512 regs->ARM_pc = (long)p->addr + 4;
@@ -525,24 +517,16 @@ static void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs)
525 regs->uregs[12] = regs->uregs[13]; 517 regs->uregs[12] = regs->uregs[13];
526} 518}
527 519
528static void __kprobes emulate_ldcstc(struct kprobe *p, struct pt_regs *regs)
529{
530 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
531 kprobe_opcode_t insn = p->opcode;
532 int rn = (insn >> 16) & 0xf;
533 long rnv = regs->uregs[rn];
534
535 /* Save Rn in case of writeback. */
536 regs->uregs[rn] = insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn);
537}
538
539static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs) 520static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs)
540{ 521{
541 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0]; 522 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
542 kprobe_opcode_t insn = p->opcode; 523 kprobe_opcode_t insn = p->opcode;
524 long ppc = (long)p->addr + 8;
543 int rd = (insn >> 12) & 0xf; 525 int rd = (insn >> 12) & 0xf;
544 int rn = (insn >> 16) & 0xf; 526 int rn = (insn >> 16) & 0xf;
545 int rm = insn & 0xf; /* rm may be invalid, don't care. */ 527 int rm = insn & 0xf; /* rm may be invalid, don't care. */
528 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
529 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
546 530
547 /* Not following the C calling convention here, so need asm(). */ 531 /* Not following the C calling convention here, so need asm(). */
548 __asm__ __volatile__ ( 532 __asm__ __volatile__ (
@@ -554,29 +538,36 @@ static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs)
554 "str r0, %[rn] \n\t" /* in case of writeback */ 538 "str r0, %[rn] \n\t" /* in case of writeback */
555 "str r2, %[rd0] \n\t" 539 "str r2, %[rd0] \n\t"
556 "str r3, %[rd1] \n\t" 540 "str r3, %[rd1] \n\t"
557 : [rn] "+m" (regs->uregs[rn]), 541 : [rn] "+m" (rnv),
558 [rd0] "=m" (regs->uregs[rd]), 542 [rd0] "=m" (regs->uregs[rd]),
559 [rd1] "=m" (regs->uregs[rd+1]) 543 [rd1] "=m" (regs->uregs[rd+1])
560 : [rm] "m" (regs->uregs[rm]), 544 : [rm] "m" (rmv),
561 [cpsr] "r" (regs->ARM_cpsr), 545 [cpsr] "r" (regs->ARM_cpsr),
562 [i_fn] "r" (i_fn) 546 [i_fn] "r" (i_fn)
563 : "r0", "r1", "r2", "r3", "lr", "cc" 547 : "r0", "r1", "r2", "r3", "lr", "cc"
564 ); 548 );
549 if (is_writeback(insn))
550 regs->uregs[rn] = rnv;
565} 551}
566 552
567static void __kprobes emulate_strd(struct kprobe *p, struct pt_regs *regs) 553static void __kprobes emulate_strd(struct kprobe *p, struct pt_regs *regs)
568{ 554{
569 insn_4arg_fn_t *i_fn = (insn_4arg_fn_t *)&p->ainsn.insn[0]; 555 insn_4arg_fn_t *i_fn = (insn_4arg_fn_t *)&p->ainsn.insn[0];
570 kprobe_opcode_t insn = p->opcode; 556 kprobe_opcode_t insn = p->opcode;
557 long ppc = (long)p->addr + 8;
571 int rd = (insn >> 12) & 0xf; 558 int rd = (insn >> 12) & 0xf;
572 int rn = (insn >> 16) & 0xf; 559 int rn = (insn >> 16) & 0xf;
573 int rm = insn & 0xf; 560 int rm = insn & 0xf;
574 long rnv = regs->uregs[rn]; 561 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
575 long rmv = regs->uregs[rm]; /* rm/rmv may be invalid, don't care. */ 562 /* rm/rmv may be invalid, don't care. */
563 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
564 long rnv_wb;
576 565
577 regs->uregs[rn] = insnslot_4arg_rflags(rnv, rmv, regs->uregs[rd], 566 rnv_wb = insnslot_4arg_rflags(rnv, rmv, regs->uregs[rd],
578 regs->uregs[rd+1], 567 regs->uregs[rd+1],
579 regs->ARM_cpsr, i_fn); 568 regs->ARM_cpsr, i_fn);
569 if (is_writeback(insn))
570 regs->uregs[rn] = rnv_wb;
580} 571}
581 572
582static void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs) 573static void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs)
@@ -630,31 +621,6 @@ static void __kprobes emulate_str(struct kprobe *p, struct pt_regs *regs)
630 regs->uregs[rn] = rnv_wb; /* Save Rn in case of writeback. */ 621 regs->uregs[rn] = rnv_wb; /* Save Rn in case of writeback. */
631} 622}
632 623
633static void __kprobes emulate_mrrc(struct kprobe *p, struct pt_regs *regs)
634{
635 insn_llret_0arg_fn_t *i_fn = (insn_llret_0arg_fn_t *)&p->ainsn.insn[0];
636 kprobe_opcode_t insn = p->opcode;
637 union reg_pair fnr;
638 int rd = (insn >> 12) & 0xf;
639 int rn = (insn >> 16) & 0xf;
640
641 fnr.dr = insnslot_llret_0arg_rflags(regs->ARM_cpsr, i_fn);
642 regs->uregs[rn] = fnr.r0;
643 regs->uregs[rd] = fnr.r1;
644}
645
646static void __kprobes emulate_mcrr(struct kprobe *p, struct pt_regs *regs)
647{
648 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
649 kprobe_opcode_t insn = p->opcode;
650 int rd = (insn >> 12) & 0xf;
651 int rn = (insn >> 16) & 0xf;
652 long rnv = regs->uregs[rn];
653 long rdv = regs->uregs[rd];
654
655 insnslot_2arg_rflags(rnv, rdv, regs->ARM_cpsr, i_fn);
656}
657
658static void __kprobes emulate_sat(struct kprobe *p, struct pt_regs *regs) 624static void __kprobes emulate_sat(struct kprobe *p, struct pt_regs *regs)
659{ 625{
660 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 626 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
@@ -688,32 +654,32 @@ static void __kprobes emulate_none(struct kprobe *p, struct pt_regs *regs)
688 insnslot_0arg_rflags(regs->ARM_cpsr, i_fn); 654 insnslot_0arg_rflags(regs->ARM_cpsr, i_fn);
689} 655}
690 656
691static void __kprobes emulate_rd12(struct kprobe *p, struct pt_regs *regs) 657static void __kprobes emulate_nop(struct kprobe *p, struct pt_regs *regs)
692{ 658{
693 insn_0arg_fn_t *i_fn = (insn_0arg_fn_t *)&p->ainsn.insn[0];
694 kprobe_opcode_t insn = p->opcode;
695 int rd = (insn >> 12) & 0xf;
696
697 regs->uregs[rd] = insnslot_0arg_rflags(regs->ARM_cpsr, i_fn);
698} 659}
699 660
700static void __kprobes emulate_ird12(struct kprobe *p, struct pt_regs *regs) 661static void __kprobes
662emulate_rd12_modify(struct kprobe *p, struct pt_regs *regs)
701{ 663{
702 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 664 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
703 kprobe_opcode_t insn = p->opcode; 665 kprobe_opcode_t insn = p->opcode;
704 int ird = (insn >> 12) & 0xf; 666 int rd = (insn >> 12) & 0xf;
667 long rdv = regs->uregs[rd];
705 668
706 insnslot_1arg_rflags(regs->uregs[ird], regs->ARM_cpsr, i_fn); 669 regs->uregs[rd] = insnslot_1arg_rflags(rdv, regs->ARM_cpsr, i_fn);
707} 670}
708 671
709static void __kprobes emulate_rn16(struct kprobe *p, struct pt_regs *regs) 672static void __kprobes
673emulate_rd12rn0_modify(struct kprobe *p, struct pt_regs *regs)
710{ 674{
711 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 675 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
712 kprobe_opcode_t insn = p->opcode; 676 kprobe_opcode_t insn = p->opcode;
713 int rn = (insn >> 16) & 0xf; 677 int rd = (insn >> 12) & 0xf;
678 int rn = insn & 0xf;
679 long rdv = regs->uregs[rd];
714 long rnv = regs->uregs[rn]; 680 long rnv = regs->uregs[rn];
715 681
716 insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn); 682 regs->uregs[rd] = insnslot_2arg_rflags(rdv, rnv, regs->ARM_cpsr, i_fn);
717} 683}
718 684
719static void __kprobes emulate_rd12rm0(struct kprobe *p, struct pt_regs *regs) 685static void __kprobes emulate_rd12rm0(struct kprobe *p, struct pt_regs *regs)
@@ -819,6 +785,17 @@ emulate_alu_imm_rwflags(struct kprobe *p, struct pt_regs *regs)
819} 785}
820 786
821static void __kprobes 787static void __kprobes
788emulate_alu_tests_imm(struct kprobe *p, struct pt_regs *regs)
789{
790 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
791 kprobe_opcode_t insn = p->opcode;
792 int rn = (insn >> 16) & 0xf;
793 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
794
795 insnslot_1arg_rwflags(rnv, &regs->ARM_cpsr, i_fn);
796}
797
798static void __kprobes
822emulate_alu_rflags(struct kprobe *p, struct pt_regs *regs) 799emulate_alu_rflags(struct kprobe *p, struct pt_regs *regs)
823{ 800{
824 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0]; 801 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
@@ -854,14 +831,34 @@ emulate_alu_rwflags(struct kprobe *p, struct pt_regs *regs)
854 insnslot_3arg_rwflags(rnv, rmv, rsv, &regs->ARM_cpsr, i_fn); 831 insnslot_3arg_rwflags(rnv, rmv, rsv, &regs->ARM_cpsr, i_fn);
855} 832}
856 833
834static void __kprobes
835emulate_alu_tests(struct kprobe *p, struct pt_regs *regs)
836{
837 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
838 kprobe_opcode_t insn = p->opcode;
839 long ppc = (long)p->addr + 8;
840 int rn = (insn >> 16) & 0xf;
841 int rs = (insn >> 8) & 0xf; /* rs/rsv may be invalid, don't care. */
842 int rm = insn & 0xf;
843 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
844 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
845 long rsv = regs->uregs[rs];
846
847 insnslot_3arg_rwflags(rnv, rmv, rsv, &regs->ARM_cpsr, i_fn);
848}
849
857static enum kprobe_insn __kprobes 850static enum kprobe_insn __kprobes
858prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi) 851prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi)
859{ 852{
860 int ibit = (insn & (1 << 26)) ? 25 : 22; 853 int not_imm = (insn & (1 << 26)) ? (insn & (1 << 25))
854 : (~insn & (1 << 22));
855
856 if (is_writeback(insn) && is_r15(insn, 16))
857 return INSN_REJECTED; /* Writeback to PC */
861 858
862 insn &= 0xfff00fff; 859 insn &= 0xfff00fff;
863 insn |= 0x00001000; /* Rn = r0, Rd = r1 */ 860 insn |= 0x00001000; /* Rn = r0, Rd = r1 */
864 if (insn & (1 << ibit)) { 861 if (not_imm) {
865 insn &= ~0xf; 862 insn &= ~0xf;
866 insn |= 2; /* Rm = r2 */ 863 insn |= 2; /* Rm = r2 */
867 } 864 }
@@ -871,20 +868,40 @@ prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi)
871} 868}
872 869
873static enum kprobe_insn __kprobes 870static enum kprobe_insn __kprobes
874prep_emulate_rd12rm0(kprobe_opcode_t insn, struct arch_specific_insn *asi) 871prep_emulate_rd12_modify(kprobe_opcode_t insn, struct arch_specific_insn *asi)
875{ 872{
876 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */ 873 if (is_r15(insn, 12))
874 return INSN_REJECTED; /* Rd is PC */
875
876 insn &= 0xffff0fff; /* Rd = r0 */
877 asi->insn[0] = insn; 877 asi->insn[0] = insn;
878 asi->insn_handler = emulate_rd12rm0; 878 asi->insn_handler = emulate_rd12_modify;
879 return INSN_GOOD; 879 return INSN_GOOD;
880} 880}
881 881
882static enum kprobe_insn __kprobes 882static enum kprobe_insn __kprobes
883prep_emulate_rd12(kprobe_opcode_t insn, struct arch_specific_insn *asi) 883prep_emulate_rd12rn0_modify(kprobe_opcode_t insn,
884 struct arch_specific_insn *asi)
884{ 885{
885 insn &= 0xffff0fff; /* Rd = r0 */ 886 if (is_r15(insn, 12))
887 return INSN_REJECTED; /* Rd is PC */
888
889 insn &= 0xffff0ff0; /* Rd = r0 */
890 insn |= 0x00000001; /* Rn = r1 */
891 asi->insn[0] = insn;
892 asi->insn_handler = emulate_rd12rn0_modify;
893 return INSN_GOOD;
894}
895
896static enum kprobe_insn __kprobes
897prep_emulate_rd12rm0(kprobe_opcode_t insn, struct arch_specific_insn *asi)
898{
899 if (is_r15(insn, 12))
900 return INSN_REJECTED; /* Rd is PC */
901
902 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
886 asi->insn[0] = insn; 903 asi->insn[0] = insn;
887 asi->insn_handler = emulate_rd12; 904 asi->insn_handler = emulate_rd12rm0;
888 return INSN_GOOD; 905 return INSN_GOOD;
889} 906}
890 907
@@ -892,6 +909,9 @@ static enum kprobe_insn __kprobes
892prep_emulate_rd12rn16rm0_wflags(kprobe_opcode_t insn, 909prep_emulate_rd12rn16rm0_wflags(kprobe_opcode_t insn,
893 struct arch_specific_insn *asi) 910 struct arch_specific_insn *asi)
894{ 911{
912 if (is_r15(insn, 12))
913 return INSN_REJECTED; /* Rd is PC */
914
895 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */ 915 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
896 insn |= 0x00000001; /* Rm = r1 */ 916 insn |= 0x00000001; /* Rm = r1 */
897 asi->insn[0] = insn; 917 asi->insn[0] = insn;
@@ -903,6 +923,9 @@ static enum kprobe_insn __kprobes
903prep_emulate_rd16rs8rm0_wflags(kprobe_opcode_t insn, 923prep_emulate_rd16rs8rm0_wflags(kprobe_opcode_t insn,
904 struct arch_specific_insn *asi) 924 struct arch_specific_insn *asi)
905{ 925{
926 if (is_r15(insn, 16))
927 return INSN_REJECTED; /* Rd is PC */
928
906 insn &= 0xfff0f0f0; /* Rd = r0, Rs = r0 */ 929 insn &= 0xfff0f0f0; /* Rd = r0, Rs = r0 */
907 insn |= 0x00000001; /* Rm = r1 */ 930 insn |= 0x00000001; /* Rm = r1 */
908 asi->insn[0] = insn; 931 asi->insn[0] = insn;
@@ -914,6 +937,9 @@ static enum kprobe_insn __kprobes
914prep_emulate_rd16rn12rs8rm0_wflags(kprobe_opcode_t insn, 937prep_emulate_rd16rn12rs8rm0_wflags(kprobe_opcode_t insn,
915 struct arch_specific_insn *asi) 938 struct arch_specific_insn *asi)
916{ 939{
940 if (is_r15(insn, 16))
941 return INSN_REJECTED; /* Rd is PC */
942
917 insn &= 0xfff000f0; /* Rd = r0, Rn = r0 */ 943 insn &= 0xfff000f0; /* Rd = r0, Rn = r0 */
918 insn |= 0x00000102; /* Rs = r1, Rm = r2 */ 944 insn |= 0x00000102; /* Rs = r1, Rm = r2 */
919 asi->insn[0] = insn; 945 asi->insn[0] = insn;
@@ -925,6 +951,9 @@ static enum kprobe_insn __kprobes
925prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn, 951prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn,
926 struct arch_specific_insn *asi) 952 struct arch_specific_insn *asi)
927{ 953{
954 if (is_r15(insn, 16) || is_r15(insn, 12))
955 return INSN_REJECTED; /* RdHi or RdLo is PC */
956
928 insn &= 0xfff000f0; /* RdHi = r0, RdLo = r1 */ 957 insn &= 0xfff000f0; /* RdHi = r0, RdLo = r1 */
929 insn |= 0x00001203; /* Rs = r2, Rm = r3 */ 958 insn |= 0x00001203; /* Rs = r2, Rm = r3 */
930 asi->insn[0] = insn; 959 asi->insn[0] = insn;
@@ -945,20 +974,13 @@ prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn,
945static enum kprobe_insn __kprobes 974static enum kprobe_insn __kprobes
946space_1111(kprobe_opcode_t insn, struct arch_specific_insn *asi) 975space_1111(kprobe_opcode_t insn, struct arch_specific_insn *asi)
947{ 976{
948 /* CPS mmod == 1 : 1111 0001 0000 xx10 xxxx xxxx xx0x xxxx */ 977 /* memory hint : 1111 0100 x001 xxxx xxxx xxxx xxxx xxxx : */
949 /* RFE : 1111 100x x0x1 xxxx xxxx 1010 xxxx xxxx */ 978 /* PLDI : 1111 0100 x101 xxxx xxxx xxxx xxxx xxxx : */
950 /* SRS : 1111 100x x1x0 1101 xxxx 0101 xxxx xxxx */ 979 /* PLDW : 1111 0101 x001 xxxx xxxx xxxx xxxx xxxx : */
951 if ((insn & 0xfff30020) == 0xf1020000 || 980 /* PLD : 1111 0101 x101 xxxx xxxx xxxx xxxx xxxx : */
952 (insn & 0xfe500f00) == 0xf8100a00 || 981 if ((insn & 0xfe300000) == 0xf4100000) {
953 (insn & 0xfe5f0f00) == 0xf84d0500) 982 asi->insn_handler = emulate_nop;
954 return INSN_REJECTED; 983 return INSN_GOOD_NO_SLOT;
955
956 /* PLD : 1111 01x1 x101 xxxx xxxx xxxx xxxx xxxx : */
957 if ((insn & 0xfd700000) == 0xf4500000) {
958 insn &= 0xfff0ffff; /* Rn = r0 */
959 asi->insn[0] = insn;
960 asi->insn_handler = emulate_rn16;
961 return INSN_GOOD;
962 } 984 }
963 985
964 /* BLX(1) : 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx : */ 986 /* BLX(1) : 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx : */
@@ -967,41 +989,22 @@ space_1111(kprobe_opcode_t insn, struct arch_specific_insn *asi)
967 return INSN_GOOD_NO_SLOT; 989 return INSN_GOOD_NO_SLOT;
968 } 990 }
969 991
970 /* SETEND : 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */ 992 /* CPS : 1111 0001 0000 xxx0 xxxx xxxx xx0x xxxx */
971 /* CDP2 : 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */ 993 /* SETEND: 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */
972 if ((insn & 0xffff00f0) == 0xf1010000 ||
973 (insn & 0xff000010) == 0xfe000000) {
974 asi->insn[0] = insn;
975 asi->insn_handler = emulate_none;
976 return INSN_GOOD;
977 }
978 994
995 /* SRS : 1111 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
996 /* RFE : 1111 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
997
998 /* Coprocessor instructions... */
979 /* MCRR2 : 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd != Rn) */ 999 /* MCRR2 : 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd != Rn) */
980 /* MRRC2 : 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd != Rn) */ 1000 /* MRRC2 : 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd != Rn) */
981 if ((insn & 0xffe00000) == 0xfc400000) { 1001 /* LDC2 : 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
982 insn &= 0xfff00fff; /* Rn = r0 */ 1002 /* STC2 : 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
983 insn |= 0x00001000; /* Rd = r1 */ 1003 /* CDP2 : 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
984 asi->insn[0] = insn; 1004 /* MCR2 : 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
985 asi->insn_handler = 1005 /* MRC2 : 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
986 (insn & (1 << 20)) ? emulate_mrrc : emulate_mcrr;
987 return INSN_GOOD;
988 }
989 1006
990 /* LDC2 : 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */ 1007 return INSN_REJECTED;
991 /* STC2 : 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
992 if ((insn & 0xfe000000) == 0xfc000000) {
993 insn &= 0xfff0ffff; /* Rn = r0 */
994 asi->insn[0] = insn;
995 asi->insn_handler = emulate_ldcstc;
996 return INSN_GOOD;
997 }
998
999 /* MCR2 : 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1000 /* MRC2 : 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1001 insn &= 0xffff0fff; /* Rd = r0 */
1002 asi->insn[0] = insn;
1003 asi->insn_handler = (insn & (1 << 20)) ? emulate_rd12 : emulate_ird12;
1004 return INSN_GOOD;
1005} 1008}
1006 1009
1007static enum kprobe_insn __kprobes 1010static enum kprobe_insn __kprobes
@@ -1010,19 +1013,18 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1010 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx xxx0 xxxx */ 1013 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx xxx0 xxxx */
1011 if ((insn & 0x0f900010) == 0x01000000) { 1014 if ((insn & 0x0f900010) == 0x01000000) {
1012 1015
1013 /* BXJ : cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */ 1016 /* MRS cpsr : cccc 0001 0000 xxxx xxxx xxxx 0000 xxxx */
1014 /* MSR : cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */ 1017 if ((insn & 0x0ff000f0) == 0x01000000) {
1015 if ((insn & 0x0ff000f0) == 0x01200020 || 1018 if (is_r15(insn, 12))
1016 (insn & 0x0fb000f0) == 0x01200000) 1019 return INSN_REJECTED; /* Rd is PC */
1017 return INSN_REJECTED; 1020 asi->insn_handler = simulate_mrs;
1018 1021 return INSN_GOOD_NO_SLOT;
1019 /* MRS : cccc 0001 0x00 xxxx xxxx xxxx 0000 xxxx */ 1022 }
1020 if ((insn & 0x0fb00010) == 0x01000000)
1021 return prep_emulate_rd12(insn, asi);
1022 1023
1023 /* SMLALxy : cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */ 1024 /* SMLALxy : cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */
1024 if ((insn & 0x0ff00090) == 0x01400080) 1025 if ((insn & 0x0ff00090) == 0x01400080)
1025 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi); 1026 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn,
1027 asi);
1026 1028
1027 /* SMULWy : cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */ 1029 /* SMULWy : cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */
1028 /* SMULxy : cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */ 1030 /* SMULxy : cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */
@@ -1031,24 +1033,29 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1031 return prep_emulate_rd16rs8rm0_wflags(insn, asi); 1033 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1032 1034
1033 /* SMLAxy : cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx : Q */ 1035 /* SMLAxy : cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx : Q */
1034 /* SMLAWy : cccc 0001 0010 xxxx xxxx xxxx 0x00 xxxx : Q */ 1036 /* SMLAWy : cccc 0001 0010 xxxx xxxx xxxx 1x00 xxxx : Q */
1035 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1037 if ((insn & 0x0ff00090) == 0x01000080 ||
1038 (insn & 0x0ff000b0) == 0x01200080)
1039 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1040
1041 /* BXJ : cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */
1042 /* MSR : cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */
1043 /* MRS spsr : cccc 0001 0100 xxxx xxxx xxxx 0000 xxxx */
1036 1044
1045 /* Other instruction encodings aren't yet defined */
1046 return INSN_REJECTED;
1037 } 1047 }
1038 1048
1039 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx 0xx1 xxxx */ 1049 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx 0xx1 xxxx */
1040 else if ((insn & 0x0f900090) == 0x01000010) { 1050 else if ((insn & 0x0f900090) == 0x01000010) {
1041 1051
1042 /* BKPT : 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
1043 if ((insn & 0xfff000f0) == 0xe1200070)
1044 return INSN_REJECTED;
1045
1046 /* BLX(2) : cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */ 1052 /* BLX(2) : cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */
1047 /* BX : cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */ 1053 /* BX : cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */
1048 if ((insn & 0x0ff000d0) == 0x01200010) { 1054 if ((insn & 0x0ff000d0) == 0x01200010) {
1049 asi->insn[0] = truecc_insn(insn); 1055 if ((insn & 0x0ff000ff) == 0x0120003f)
1056 return INSN_REJECTED; /* BLX pc */
1050 asi->insn_handler = simulate_blx2bx; 1057 asi->insn_handler = simulate_blx2bx;
1051 return INSN_GOOD; 1058 return INSN_GOOD_NO_SLOT;
1052 } 1059 }
1053 1060
1054 /* CLZ : cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */ 1061 /* CLZ : cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */
@@ -1059,17 +1066,27 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1059 /* QSUB : cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx :Q */ 1066 /* QSUB : cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx :Q */
1060 /* QDADD : cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx :Q */ 1067 /* QDADD : cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx :Q */
1061 /* QDSUB : cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx :Q */ 1068 /* QDSUB : cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx :Q */
1062 return prep_emulate_rd12rn16rm0_wflags(insn, asi); 1069 if ((insn & 0x0f9000f0) == 0x01000050)
1070 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1071
1072 /* BKPT : 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
1073 /* SMC : cccc 0001 0110 xxxx xxxx xxxx 0111 xxxx */
1074
1075 /* Other instruction encodings aren't yet defined */
1076 return INSN_REJECTED;
1063 } 1077 }
1064 1078
1065 /* cccc 0000 xxxx xxxx xxxx xxxx xxxx 1001 xxxx */ 1079 /* cccc 0000 xxxx xxxx xxxx xxxx xxxx 1001 xxxx */
1066 else if ((insn & 0x0f000090) == 0x00000090) { 1080 else if ((insn & 0x0f0000f0) == 0x00000090) {
1067 1081
1068 /* MUL : cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx : */ 1082 /* MUL : cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx : */
1069 /* MULS : cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx :cc */ 1083 /* MULS : cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx :cc */
1070 /* MLA : cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx : */ 1084 /* MLA : cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx : */
1071 /* MLAS : cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx :cc */ 1085 /* MLAS : cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx :cc */
1072 /* UMAAL : cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx : */ 1086 /* UMAAL : cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx : */
1087 /* undef : cccc 0000 0101 xxxx xxxx xxxx 1001 xxxx : */
1088 /* MLS : cccc 0000 0110 xxxx xxxx xxxx 1001 xxxx : */
1089 /* undef : cccc 0000 0111 xxxx xxxx xxxx 1001 xxxx : */
1073 /* UMULL : cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx : */ 1090 /* UMULL : cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx : */
1074 /* UMULLS : cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx :cc */ 1091 /* UMULLS : cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx :cc */
1075 /* UMLAL : cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx : */ 1092 /* UMLAL : cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx : */
@@ -1078,13 +1095,15 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1078 /* SMULLS : cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx :cc */ 1095 /* SMULLS : cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx :cc */
1079 /* SMLAL : cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx : */ 1096 /* SMLAL : cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx : */
1080 /* SMLALS : cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx :cc */ 1097 /* SMLALS : cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx :cc */
1081 if ((insn & 0x0fe000f0) == 0x00000090) { 1098 if ((insn & 0x00d00000) == 0x00500000)
1082 return prep_emulate_rd16rs8rm0_wflags(insn, asi); 1099 return INSN_REJECTED;
1083 } else if ((insn & 0x0fe000f0) == 0x00200090) { 1100 else if ((insn & 0x00e00000) == 0x00000000)
1084 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1101 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1085 } else { 1102 else if ((insn & 0x00a00000) == 0x00200000)
1086 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi); 1103 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1087 } 1104 else
1105 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn,
1106 asi);
1088 } 1107 }
1089 1108
1090 /* cccc 000x xxxx xxxx xxxx xxxx xxxx 1xx1 xxxx */ 1109 /* cccc 000x xxxx xxxx xxxx xxxx xxxx 1xx1 xxxx */
@@ -1092,23 +1111,45 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1092 1111
1093 /* SWP : cccc 0001 0000 xxxx xxxx xxxx 1001 xxxx */ 1112 /* SWP : cccc 0001 0000 xxxx xxxx xxxx 1001 xxxx */
1094 /* SWPB : cccc 0001 0100 xxxx xxxx xxxx 1001 xxxx */ 1113 /* SWPB : cccc 0001 0100 xxxx xxxx xxxx 1001 xxxx */
1095 /* LDRD : cccc 000x xxx0 xxxx xxxx xxxx 1101 xxxx */ 1114 /* ??? : cccc 0001 0x01 xxxx xxxx xxxx 1001 xxxx */
1096 /* STRD : cccc 000x xxx0 xxxx xxxx xxxx 1111 xxxx */ 1115 /* ??? : cccc 0001 0x10 xxxx xxxx xxxx 1001 xxxx */
1116 /* ??? : cccc 0001 0x11 xxxx xxxx xxxx 1001 xxxx */
1097 /* STREX : cccc 0001 1000 xxxx xxxx xxxx 1001 xxxx */ 1117 /* STREX : cccc 0001 1000 xxxx xxxx xxxx 1001 xxxx */
1098 /* LDREX : cccc 0001 1001 xxxx xxxx xxxx 1001 xxxx */ 1118 /* LDREX : cccc 0001 1001 xxxx xxxx xxxx 1001 xxxx */
1119 /* STREXD: cccc 0001 1010 xxxx xxxx xxxx 1001 xxxx */
1120 /* LDREXD: cccc 0001 1011 xxxx xxxx xxxx 1001 xxxx */
1121 /* STREXB: cccc 0001 1100 xxxx xxxx xxxx 1001 xxxx */
1122 /* LDREXB: cccc 0001 1101 xxxx xxxx xxxx 1001 xxxx */
1123 /* STREXH: cccc 0001 1110 xxxx xxxx xxxx 1001 xxxx */
1124 /* LDREXH: cccc 0001 1111 xxxx xxxx xxxx 1001 xxxx */
1125
1126 /* LDRD : cccc 000x xxx0 xxxx xxxx xxxx 1101 xxxx */
1127 /* STRD : cccc 000x xxx0 xxxx xxxx xxxx 1111 xxxx */
1099 /* LDRH : cccc 000x xxx1 xxxx xxxx xxxx 1011 xxxx */ 1128 /* LDRH : cccc 000x xxx1 xxxx xxxx xxxx 1011 xxxx */
1100 /* STRH : cccc 000x xxx0 xxxx xxxx xxxx 1011 xxxx */ 1129 /* STRH : cccc 000x xxx0 xxxx xxxx xxxx 1011 xxxx */
1101 /* LDRSB : cccc 000x xxx1 xxxx xxxx xxxx 1101 xxxx */ 1130 /* LDRSB : cccc 000x xxx1 xxxx xxxx xxxx 1101 xxxx */
1102 /* LDRSH : cccc 000x xxx1 xxxx xxxx xxxx 1111 xxxx */ 1131 /* LDRSH : cccc 000x xxx1 xxxx xxxx xxxx 1111 xxxx */
1103 if ((insn & 0x0fb000f0) == 0x01000090) { 1132 if ((insn & 0x0f0000f0) == 0x01000090) {
1104 /* SWP/SWPB */ 1133 if ((insn & 0x0fb000f0) == 0x01000090) {
1105 return prep_emulate_rd12rn16rm0_wflags(insn, asi); 1134 /* SWP/SWPB */
1135 return prep_emulate_rd12rn16rm0_wflags(insn,
1136 asi);
1137 } else {
1138 /* STREX/LDREX variants and unallocaed space */
1139 return INSN_REJECTED;
1140 }
1141
1106 } else if ((insn & 0x0e1000d0) == 0x00000d0) { 1142 } else if ((insn & 0x0e1000d0) == 0x00000d0) {
1107 /* STRD/LDRD */ 1143 /* STRD/LDRD */
1144 if ((insn & 0x0000e000) == 0x0000e000)
1145 return INSN_REJECTED; /* Rd is LR or PC */
1146 if (is_writeback(insn) && is_r15(insn, 16))
1147 return INSN_REJECTED; /* Writeback to PC */
1148
1108 insn &= 0xfff00fff; 1149 insn &= 0xfff00fff;
1109 insn |= 0x00002000; /* Rn = r0, Rd = r2 */ 1150 insn |= 0x00002000; /* Rn = r0, Rd = r2 */
1110 if (insn & (1 << 22)) { 1151 if (!(insn & (1 << 22))) {
1111 /* I bit */ 1152 /* Register index */
1112 insn &= ~0xf; 1153 insn &= ~0xf;
1113 insn |= 1; /* Rm = r1 */ 1154 insn |= 1; /* Rm = r1 */
1114 } 1155 }
@@ -1118,6 +1159,9 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1118 return INSN_GOOD; 1159 return INSN_GOOD;
1119 } 1160 }
1120 1161
1162 /* LDRH/STRH/LDRSB/LDRSH */
1163 if (is_r15(insn, 12))
1164 return INSN_REJECTED; /* Rd is PC */
1121 return prep_emulate_ldr_str(insn, asi); 1165 return prep_emulate_ldr_str(insn, asi);
1122 } 1166 }
1123 1167
@@ -1125,7 +1169,7 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1125 1169
1126 /* 1170 /*
1127 * ALU op with S bit and Rd == 15 : 1171 * ALU op with S bit and Rd == 15 :
1128 * cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx 1172 * cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx
1129 */ 1173 */
1130 if ((insn & 0x0e10f000) == 0x0010f000) 1174 if ((insn & 0x0e10f000) == 0x0010f000)
1131 return INSN_REJECTED; 1175 return INSN_REJECTED;
@@ -1154,22 +1198,61 @@ space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1154 insn |= 0x00000200; /* Rs = r2 */ 1198 insn |= 0x00000200; /* Rs = r2 */
1155 } 1199 }
1156 asi->insn[0] = insn; 1200 asi->insn[0] = insn;
1157 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */ 1201
1202 if ((insn & 0x0f900000) == 0x01100000) {
1203 /*
1204 * TST : cccc 0001 0001 xxxx xxxx xxxx xxxx xxxx
1205 * TEQ : cccc 0001 0011 xxxx xxxx xxxx xxxx xxxx
1206 * CMP : cccc 0001 0101 xxxx xxxx xxxx xxxx xxxx
1207 * CMN : cccc 0001 0111 xxxx xxxx xxxx xxxx xxxx
1208 */
1209 asi->insn_handler = emulate_alu_tests;
1210 } else {
1211 /* ALU ops which write to Rd */
1212 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */
1158 emulate_alu_rwflags : emulate_alu_rflags; 1213 emulate_alu_rwflags : emulate_alu_rflags;
1214 }
1159 return INSN_GOOD; 1215 return INSN_GOOD;
1160} 1216}
1161 1217
1162static enum kprobe_insn __kprobes 1218static enum kprobe_insn __kprobes
1163space_cccc_001x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1219space_cccc_001x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1164{ 1220{
1221 /* MOVW : cccc 0011 0000 xxxx xxxx xxxx xxxx xxxx */
1222 /* MOVT : cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx */
1223 if ((insn & 0x0fb00000) == 0x03000000)
1224 return prep_emulate_rd12_modify(insn, asi);
1225
1226 /* hints : cccc 0011 0010 0000 xxxx xxxx xxxx xxxx */
1227 if ((insn & 0x0fff0000) == 0x03200000) {
1228 unsigned op2 = insn & 0x000000ff;
1229 if (op2 == 0x01 || op2 == 0x04) {
1230 /* YIELD : cccc 0011 0010 0000 xxxx xxxx 0000 0001 */
1231 /* SEV : cccc 0011 0010 0000 xxxx xxxx 0000 0100 */
1232 asi->insn[0] = insn;
1233 asi->insn_handler = emulate_none;
1234 return INSN_GOOD;
1235 } else if (op2 <= 0x03) {
1236 /* NOP : cccc 0011 0010 0000 xxxx xxxx 0000 0000 */
1237 /* WFE : cccc 0011 0010 0000 xxxx xxxx 0000 0010 */
1238 /* WFI : cccc 0011 0010 0000 xxxx xxxx 0000 0011 */
1239 /*
1240 * We make WFE and WFI true NOPs to avoid stalls due
1241 * to missing events whilst processing the probe.
1242 */
1243 asi->insn_handler = emulate_nop;
1244 return INSN_GOOD_NO_SLOT;
1245 }
1246 /* For DBG and unallocated hints it's safest to reject them */
1247 return INSN_REJECTED;
1248 }
1249
1165 /* 1250 /*
1166 * MSR : cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx 1251 * MSR : cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx
1167 * Undef : cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx
1168 * ALU op with S bit and Rd == 15 : 1252 * ALU op with S bit and Rd == 15 :
1169 * cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx 1253 * cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx
1170 */ 1254 */
1171 if ((insn & 0x0fb00000) == 0x03200000 || /* MSR */ 1255 if ((insn & 0x0fb00000) == 0x03200000 || /* MSR */
1172 (insn & 0x0ff00000) == 0x03400000 || /* Undef */
1173 (insn & 0x0e10f000) == 0x0210f000) /* ALU s-bit, R15 */ 1256 (insn & 0x0e10f000) == 0x0210f000) /* ALU s-bit, R15 */
1174 return INSN_REJECTED; 1257 return INSN_REJECTED;
1175 1258
@@ -1180,10 +1263,22 @@ space_cccc_001x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1180 * *S (bit 20) updates condition codes 1263 * *S (bit 20) updates condition codes
1181 * ADC/SBC/RSC reads the C flag 1264 * ADC/SBC/RSC reads the C flag
1182 */ 1265 */
1183 insn &= 0xffff0fff; /* Rd = r0 */ 1266 insn &= 0xfff00fff; /* Rn = r0 and Rd = r0 */
1184 asi->insn[0] = insn; 1267 asi->insn[0] = insn;
1185 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */ 1268
1269 if ((insn & 0x0f900000) == 0x03100000) {
1270 /*
1271 * TST : cccc 0011 0001 xxxx xxxx xxxx xxxx xxxx
1272 * TEQ : cccc 0011 0011 xxxx xxxx xxxx xxxx xxxx
1273 * CMP : cccc 0011 0101 xxxx xxxx xxxx xxxx xxxx
1274 * CMN : cccc 0011 0111 xxxx xxxx xxxx xxxx xxxx
1275 */
1276 asi->insn_handler = emulate_alu_tests_imm;
1277 } else {
1278 /* ALU ops which write to Rd */
1279 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */
1186 emulate_alu_imm_rwflags : emulate_alu_imm_rflags; 1280 emulate_alu_imm_rwflags : emulate_alu_imm_rflags;
1281 }
1187 return INSN_GOOD; 1282 return INSN_GOOD;
1188} 1283}
1189 1284
@@ -1192,6 +1287,8 @@ space_cccc_0110__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1192{ 1287{
1193 /* SEL : cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx GE: !!! */ 1288 /* SEL : cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx GE: !!! */
1194 if ((insn & 0x0ff000f0) == 0x068000b0) { 1289 if ((insn & 0x0ff000f0) == 0x068000b0) {
1290 if (is_r15(insn, 12))
1291 return INSN_REJECTED; /* Rd is PC */
1195 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */ 1292 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
1196 insn |= 0x00000001; /* Rm = r1 */ 1293 insn |= 0x00000001; /* Rm = r1 */
1197 asi->insn[0] = insn; 1294 asi->insn[0] = insn;
@@ -1205,6 +1302,8 @@ space_cccc_0110__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1205 /* USAT16 : cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx :Q */ 1302 /* USAT16 : cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx :Q */
1206 if ((insn & 0x0fa00030) == 0x06a00010 || 1303 if ((insn & 0x0fa00030) == 0x06a00010 ||
1207 (insn & 0x0fb000f0) == 0x06a00030) { 1304 (insn & 0x0fb000f0) == 0x06a00030) {
1305 if (is_r15(insn, 12))
1306 return INSN_REJECTED; /* Rd is PC */
1208 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */ 1307 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
1209 asi->insn[0] = insn; 1308 asi->insn[0] = insn;
1210 asi->insn_handler = emulate_sat; 1309 asi->insn_handler = emulate_sat;
@@ -1213,57 +1312,101 @@ space_cccc_0110__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1213 1312
1214 /* REV : cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */ 1313 /* REV : cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */
1215 /* REV16 : cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */ 1314 /* REV16 : cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */
1315 /* RBIT : cccc 0110 1111 xxxx xxxx xxxx 0011 xxxx */
1216 /* REVSH : cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */ 1316 /* REVSH : cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */
1217 if ((insn & 0x0ff00070) == 0x06b00030 || 1317 if ((insn & 0x0ff00070) == 0x06b00030 ||
1218 (insn & 0x0ff000f0) == 0x06f000b0) 1318 (insn & 0x0ff00070) == 0x06f00030)
1219 return prep_emulate_rd12rm0(insn, asi); 1319 return prep_emulate_rd12rm0(insn, asi);
1220 1320
1321 /* ??? : cccc 0110 0000 xxxx xxxx xxxx xxx1 xxxx : */
1221 /* SADD16 : cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx :GE */ 1322 /* SADD16 : cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx :GE */
1222 /* SADDSUBX : cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx :GE */ 1323 /* SADDSUBX : cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx :GE */
1223 /* SSUBADDX : cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx :GE */ 1324 /* SSUBADDX : cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx :GE */
1224 /* SSUB16 : cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx :GE */ 1325 /* SSUB16 : cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx :GE */
1225 /* SADD8 : cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx :GE */ 1326 /* SADD8 : cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx :GE */
1327 /* ??? : cccc 0110 0001 xxxx xxxx xxxx 1011 xxxx : */
1328 /* ??? : cccc 0110 0001 xxxx xxxx xxxx 1101 xxxx : */
1226 /* SSUB8 : cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx :GE */ 1329 /* SSUB8 : cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx :GE */
1227 /* QADD16 : cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx : */ 1330 /* QADD16 : cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx : */
1228 /* QADDSUBX : cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx : */ 1331 /* QADDSUBX : cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx : */
1229 /* QSUBADDX : cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx : */ 1332 /* QSUBADDX : cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx : */
1230 /* QSUB16 : cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx : */ 1333 /* QSUB16 : cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx : */
1231 /* QADD8 : cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx : */ 1334 /* QADD8 : cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx : */
1335 /* ??? : cccc 0110 0010 xxxx xxxx xxxx 1011 xxxx : */
1336 /* ??? : cccc 0110 0010 xxxx xxxx xxxx 1101 xxxx : */
1232 /* QSUB8 : cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx : */ 1337 /* QSUB8 : cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx : */
1233 /* SHADD16 : cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx : */ 1338 /* SHADD16 : cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx : */
1234 /* SHADDSUBX : cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx : */ 1339 /* SHADDSUBX : cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx : */
1235 /* SHSUBADDX : cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx : */ 1340 /* SHSUBADDX : cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx : */
1236 /* SHSUB16 : cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx : */ 1341 /* SHSUB16 : cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx : */
1237 /* SHADD8 : cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx : */ 1342 /* SHADD8 : cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx : */
1343 /* ??? : cccc 0110 0011 xxxx xxxx xxxx 1011 xxxx : */
1344 /* ??? : cccc 0110 0011 xxxx xxxx xxxx 1101 xxxx : */
1238 /* SHSUB8 : cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx : */ 1345 /* SHSUB8 : cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx : */
1346 /* ??? : cccc 0110 0100 xxxx xxxx xxxx xxx1 xxxx : */
1239 /* UADD16 : cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx :GE */ 1347 /* UADD16 : cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx :GE */
1240 /* UADDSUBX : cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx :GE */ 1348 /* UADDSUBX : cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx :GE */
1241 /* USUBADDX : cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx :GE */ 1349 /* USUBADDX : cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx :GE */
1242 /* USUB16 : cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx :GE */ 1350 /* USUB16 : cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx :GE */
1243 /* UADD8 : cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx :GE */ 1351 /* UADD8 : cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx :GE */
1352 /* ??? : cccc 0110 0101 xxxx xxxx xxxx 1011 xxxx : */
1353 /* ??? : cccc 0110 0101 xxxx xxxx xxxx 1101 xxxx : */
1244 /* USUB8 : cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx :GE */ 1354 /* USUB8 : cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx :GE */
1245 /* UQADD16 : cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx : */ 1355 /* UQADD16 : cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx : */
1246 /* UQADDSUBX : cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx : */ 1356 /* UQADDSUBX : cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx : */
1247 /* UQSUBADDX : cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx : */ 1357 /* UQSUBADDX : cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx : */
1248 /* UQSUB16 : cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx : */ 1358 /* UQSUB16 : cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx : */
1249 /* UQADD8 : cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx : */ 1359 /* UQADD8 : cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx : */
1360 /* ??? : cccc 0110 0110 xxxx xxxx xxxx 1011 xxxx : */
1361 /* ??? : cccc 0110 0110 xxxx xxxx xxxx 1101 xxxx : */
1250 /* UQSUB8 : cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx : */ 1362 /* UQSUB8 : cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx : */
1251 /* UHADD16 : cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx : */ 1363 /* UHADD16 : cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx : */
1252 /* UHADDSUBX : cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx : */ 1364 /* UHADDSUBX : cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx : */
1253 /* UHSUBADDX : cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx : */ 1365 /* UHSUBADDX : cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx : */
1254 /* UHSUB16 : cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx : */ 1366 /* UHSUB16 : cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx : */
1255 /* UHADD8 : cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx : */ 1367 /* UHADD8 : cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx : */
1368 /* ??? : cccc 0110 0111 xxxx xxxx xxxx 1011 xxxx : */
1369 /* ??? : cccc 0110 0111 xxxx xxxx xxxx 1101 xxxx : */
1256 /* UHSUB8 : cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx : */ 1370 /* UHSUB8 : cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx : */
1371 if ((insn & 0x0f800010) == 0x06000010) {
1372 if ((insn & 0x00300000) == 0x00000000 ||
1373 (insn & 0x000000e0) == 0x000000a0 ||
1374 (insn & 0x000000e0) == 0x000000c0)
1375 return INSN_REJECTED; /* Unallocated space */
1376 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1377 }
1378
1257 /* PKHBT : cccc 0110 1000 xxxx xxxx xxxx x001 xxxx : */ 1379 /* PKHBT : cccc 0110 1000 xxxx xxxx xxxx x001 xxxx : */
1258 /* PKHTB : cccc 0110 1000 xxxx xxxx xxxx x101 xxxx : */ 1380 /* PKHTB : cccc 0110 1000 xxxx xxxx xxxx x101 xxxx : */
1381 if ((insn & 0x0ff00030) == 0x06800010)
1382 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1383
1259 /* SXTAB16 : cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx : */ 1384 /* SXTAB16 : cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx : */
1260 /* SXTB : cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx : */ 1385 /* SXTB16 : cccc 0110 1000 1111 xxxx xxxx 0111 xxxx : */
1386 /* ??? : cccc 0110 1001 xxxx xxxx xxxx 0111 xxxx : */
1261 /* SXTAB : cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx : */ 1387 /* SXTAB : cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx : */
1388 /* SXTB : cccc 0110 1010 1111 xxxx xxxx 0111 xxxx : */
1262 /* SXTAH : cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx : */ 1389 /* SXTAH : cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx : */
1390 /* SXTH : cccc 0110 1011 1111 xxxx xxxx 0111 xxxx : */
1263 /* UXTAB16 : cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx : */ 1391 /* UXTAB16 : cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx : */
1392 /* UXTB16 : cccc 0110 1100 1111 xxxx xxxx 0111 xxxx : */
1393 /* ??? : cccc 0110 1101 xxxx xxxx xxxx 0111 xxxx : */
1264 /* UXTAB : cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx : */ 1394 /* UXTAB : cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx : */
1395 /* UXTB : cccc 0110 1110 1111 xxxx xxxx 0111 xxxx : */
1265 /* UXTAH : cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx : */ 1396 /* UXTAH : cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx : */
1266 return prep_emulate_rd12rn16rm0_wflags(insn, asi); 1397 /* UXTH : cccc 0110 1111 1111 xxxx xxxx 0111 xxxx : */
1398 if ((insn & 0x0f8000f0) == 0x06800070) {
1399 if ((insn & 0x00300000) == 0x00100000)
1400 return INSN_REJECTED; /* Unallocated space */
1401
1402 if ((insn & 0x000f0000) == 0x000f0000)
1403 return prep_emulate_rd12rm0(insn, asi);
1404 else
1405 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1406 }
1407
1408 /* Other instruction encodings aren't yet defined */
1409 return INSN_REJECTED;
1267} 1410}
1268 1411
1269static enum kprobe_insn __kprobes 1412static enum kprobe_insn __kprobes
@@ -1273,29 +1416,49 @@ space_cccc_0111__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1273 if ((insn & 0x0ff000f0) == 0x03f000f0) 1416 if ((insn & 0x0ff000f0) == 0x03f000f0)
1274 return INSN_REJECTED; 1417 return INSN_REJECTED;
1275 1418
1276 /* USADA8 : cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx */
1277 /* USAD8 : cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx */
1278 if ((insn & 0x0ff000f0) == 0x07800010)
1279 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1280
1281 /* SMLALD : cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */ 1419 /* SMLALD : cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */
1282 /* SMLSLD : cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */ 1420 /* SMLSLD : cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */
1283 if ((insn & 0x0ff00090) == 0x07400010) 1421 if ((insn & 0x0ff00090) == 0x07400010)
1284 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi); 1422 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi);
1285 1423
1286 /* SMLAD : cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx :Q */ 1424 /* SMLAD : cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx :Q */
1425 /* SMUAD : cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx :Q */
1287 /* SMLSD : cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx :Q */ 1426 /* SMLSD : cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx :Q */
1427 /* SMUSD : cccc 0111 0000 xxxx 1111 xxxx 01x1 xxxx : */
1288 /* SMMLA : cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx : */ 1428 /* SMMLA : cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx : */
1289 /* SMMLS : cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx : */ 1429 /* SMMUL : cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx : */
1430 /* USADA8 : cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx : */
1431 /* USAD8 : cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx : */
1290 if ((insn & 0x0ff00090) == 0x07000010 || 1432 if ((insn & 0x0ff00090) == 0x07000010 ||
1291 (insn & 0x0ff000d0) == 0x07500010 || 1433 (insn & 0x0ff000d0) == 0x07500010 ||
1292 (insn & 0x0ff000d0) == 0x075000d0) 1434 (insn & 0x0ff000f0) == 0x07800010) {
1435
1436 if ((insn & 0x0000f000) == 0x0000f000)
1437 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1438 else
1439 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1440 }
1441
1442 /* SMMLS : cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx : */
1443 if ((insn & 0x0ff000d0) == 0x075000d0)
1293 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1444 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1294 1445
1295 /* SMUSD : cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx : */ 1446 /* SBFX : cccc 0111 101x xxxx xxxx xxxx x101 xxxx : */
1296 /* SMUAD : cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx :Q */ 1447 /* UBFX : cccc 0111 111x xxxx xxxx xxxx x101 xxxx : */
1297 /* SMMUL : cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx : */ 1448 if ((insn & 0x0fa00070) == 0x07a00050)
1298 return prep_emulate_rd16rs8rm0_wflags(insn, asi); 1449 return prep_emulate_rd12rm0(insn, asi);
1450
1451 /* BFI : cccc 0111 110x xxxx xxxx xxxx x001 xxxx : */
1452 /* BFC : cccc 0111 110x xxxx xxxx xxxx x001 1111 : */
1453 if ((insn & 0x0fe00070) == 0x07c00010) {
1454
1455 if ((insn & 0x0000000f) == 0x0000000f)
1456 return prep_emulate_rd12_modify(insn, asi);
1457 else
1458 return prep_emulate_rd12rn0_modify(insn, asi);
1459 }
1460
1461 return INSN_REJECTED;
1299} 1462}
1300 1463
1301static enum kprobe_insn __kprobes 1464static enum kprobe_insn __kprobes
@@ -1309,6 +1472,10 @@ space_cccc_01xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1309 /* STRB : cccc 01xx x1x0 xxxx xxxx xxxx xxxx xxxx */ 1472 /* STRB : cccc 01xx x1x0 xxxx xxxx xxxx xxxx xxxx */
1310 /* STRBT : cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */ 1473 /* STRBT : cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */
1311 /* STRT : cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */ 1474 /* STRT : cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */
1475
1476 if ((insn & 0x00500000) == 0x00500000 && is_r15(insn, 12))
1477 return INSN_REJECTED; /* LDRB into PC */
1478
1312 return prep_emulate_ldr_str(insn, asi); 1479 return prep_emulate_ldr_str(insn, asi);
1313} 1480}
1314 1481
@@ -1323,10 +1490,9 @@ space_cccc_100x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1323 1490
1324 /* LDM(1) : cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */ 1491 /* LDM(1) : cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
1325 /* STM(1) : cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */ 1492 /* STM(1) : cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */
1326 asi->insn[0] = truecc_insn(insn);
1327 asi->insn_handler = ((insn & 0x108000) == 0x008000) ? /* STM & R15 */ 1493 asi->insn_handler = ((insn & 0x108000) == 0x008000) ? /* STM & R15 */
1328 simulate_stm1_pc : simulate_ldm1stm1; 1494 simulate_stm1_pc : simulate_ldm1stm1;
1329 return INSN_GOOD; 1495 return INSN_GOOD_NO_SLOT;
1330} 1496}
1331 1497
1332static enum kprobe_insn __kprobes 1498static enum kprobe_insn __kprobes
@@ -1334,58 +1500,117 @@ space_cccc_101x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1334{ 1500{
1335 /* B : cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */ 1501 /* B : cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */
1336 /* BL : cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */ 1502 /* BL : cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */
1337 asi->insn[0] = truecc_insn(insn);
1338 asi->insn_handler = simulate_bbl; 1503 asi->insn_handler = simulate_bbl;
1339 return INSN_GOOD; 1504 return INSN_GOOD_NO_SLOT;
1340} 1505}
1341 1506
1342static enum kprobe_insn __kprobes 1507static enum kprobe_insn __kprobes
1343space_cccc_1100_010x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1508space_cccc_11xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1344{ 1509{
1510 /* Coprocessor instructions... */
1345 /* MCRR : cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */ 1511 /* MCRR : cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1346 /* MRRC : cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */ 1512 /* MRRC : cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1347 insn &= 0xfff00fff; 1513 /* LDC : cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
1348 insn |= 0x00001000; /* Rn = r0, Rd = r1 */ 1514 /* STC : cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1349 asi->insn[0] = insn; 1515 /* CDP : cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
1350 asi->insn_handler = (insn & (1 << 20)) ? emulate_mrrc : emulate_mcrr; 1516 /* MCR : cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1351 return INSN_GOOD; 1517 /* MRC : cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1518
1519 /* SVC : cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */
1520
1521 return INSN_REJECTED;
1352} 1522}
1353 1523
1354static enum kprobe_insn __kprobes 1524static unsigned long __kprobes __check_eq(unsigned long cpsr)
1355space_cccc_110x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1356{ 1525{
1357 /* LDC : cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */ 1526 return cpsr & PSR_Z_BIT;
1358 /* STC : cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1359 insn &= 0xfff0ffff; /* Rn = r0 */
1360 asi->insn[0] = insn;
1361 asi->insn_handler = emulate_ldcstc;
1362 return INSN_GOOD;
1363} 1527}
1364 1528
1365static enum kprobe_insn __kprobes 1529static unsigned long __kprobes __check_ne(unsigned long cpsr)
1366space_cccc_111x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1367{ 1530{
1368 /* BKPT : 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */ 1531 return (~cpsr) & PSR_Z_BIT;
1369 /* SWI : cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */ 1532}
1370 if ((insn & 0xfff000f0) == 0xe1200070 ||
1371 (insn & 0x0f000000) == 0x0f000000)
1372 return INSN_REJECTED;
1373 1533
1374 /* CDP : cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */ 1534static unsigned long __kprobes __check_cs(unsigned long cpsr)
1375 if ((insn & 0x0f000010) == 0x0e000000) { 1535{
1376 asi->insn[0] = insn; 1536 return cpsr & PSR_C_BIT;
1377 asi->insn_handler = emulate_none; 1537}
1378 return INSN_GOOD;
1379 }
1380 1538
1381 /* MCR : cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */ 1539static unsigned long __kprobes __check_cc(unsigned long cpsr)
1382 /* MRC : cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */ 1540{
1383 insn &= 0xffff0fff; /* Rd = r0 */ 1541 return (~cpsr) & PSR_C_BIT;
1384 asi->insn[0] = insn; 1542}
1385 asi->insn_handler = (insn & (1 << 20)) ? emulate_rd12 : emulate_ird12; 1543
1386 return INSN_GOOD; 1544static unsigned long __kprobes __check_mi(unsigned long cpsr)
1545{
1546 return cpsr & PSR_N_BIT;
1547}
1548
1549static unsigned long __kprobes __check_pl(unsigned long cpsr)
1550{
1551 return (~cpsr) & PSR_N_BIT;
1552}
1553
1554static unsigned long __kprobes __check_vs(unsigned long cpsr)
1555{
1556 return cpsr & PSR_V_BIT;
1557}
1558
1559static unsigned long __kprobes __check_vc(unsigned long cpsr)
1560{
1561 return (~cpsr) & PSR_V_BIT;
1562}
1563
1564static unsigned long __kprobes __check_hi(unsigned long cpsr)
1565{
1566 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
1567 return cpsr & PSR_C_BIT;
1387} 1568}
1388 1569
1570static unsigned long __kprobes __check_ls(unsigned long cpsr)
1571{
1572 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
1573 return (~cpsr) & PSR_C_BIT;
1574}
1575
1576static unsigned long __kprobes __check_ge(unsigned long cpsr)
1577{
1578 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1579 return (~cpsr) & PSR_N_BIT;
1580}
1581
1582static unsigned long __kprobes __check_lt(unsigned long cpsr)
1583{
1584 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1585 return cpsr & PSR_N_BIT;
1586}
1587
1588static unsigned long __kprobes __check_gt(unsigned long cpsr)
1589{
1590 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1591 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
1592 return (~temp) & PSR_N_BIT;
1593}
1594
1595static unsigned long __kprobes __check_le(unsigned long cpsr)
1596{
1597 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1598 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
1599 return temp & PSR_N_BIT;
1600}
1601
1602static unsigned long __kprobes __check_al(unsigned long cpsr)
1603{
1604 return true;
1605}
1606
1607static kprobe_check_cc * const condition_checks[16] = {
1608 &__check_eq, &__check_ne, &__check_cs, &__check_cc,
1609 &__check_mi, &__check_pl, &__check_vs, &__check_vc,
1610 &__check_hi, &__check_ls, &__check_ge, &__check_lt,
1611 &__check_gt, &__check_le, &__check_al, &__check_al
1612};
1613
1389/* Return: 1614/* Return:
1390 * INSN_REJECTED If instruction is one not allowed to kprobe, 1615 * INSN_REJECTED If instruction is one not allowed to kprobe,
1391 * INSN_GOOD If instruction is supported and uses instruction slot, 1616 * INSN_GOOD If instruction is supported and uses instruction slot,
@@ -1401,133 +1626,45 @@ space_cccc_111x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1401enum kprobe_insn __kprobes 1626enum kprobe_insn __kprobes
1402arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1627arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1403{ 1628{
1629 asi->insn_check_cc = condition_checks[insn>>28];
1404 asi->insn[1] = KPROBE_RETURN_INSTRUCTION; 1630 asi->insn[1] = KPROBE_RETURN_INSTRUCTION;
1405 1631
1406 if ((insn & 0xf0000000) == 0xf0000000) { 1632 if ((insn & 0xf0000000) == 0xf0000000)
1407 1633
1408 return space_1111(insn, asi); 1634 return space_1111(insn, asi);
1409 1635
1410 } else if ((insn & 0x0e000000) == 0x00000000) { 1636 else if ((insn & 0x0e000000) == 0x00000000)
1411 1637
1412 return space_cccc_000x(insn, asi); 1638 return space_cccc_000x(insn, asi);
1413 1639
1414 } else if ((insn & 0x0e000000) == 0x02000000) { 1640 else if ((insn & 0x0e000000) == 0x02000000)
1415 1641
1416 return space_cccc_001x(insn, asi); 1642 return space_cccc_001x(insn, asi);
1417 1643
1418 } else if ((insn & 0x0f000010) == 0x06000010) { 1644 else if ((insn & 0x0f000010) == 0x06000010)
1419 1645
1420 return space_cccc_0110__1(insn, asi); 1646 return space_cccc_0110__1(insn, asi);
1421 1647
1422 } else if ((insn & 0x0f000010) == 0x07000010) { 1648 else if ((insn & 0x0f000010) == 0x07000010)
1423 1649
1424 return space_cccc_0111__1(insn, asi); 1650 return space_cccc_0111__1(insn, asi);
1425 1651
1426 } else if ((insn & 0x0c000000) == 0x04000000) { 1652 else if ((insn & 0x0c000000) == 0x04000000)
1427 1653
1428 return space_cccc_01xx(insn, asi); 1654 return space_cccc_01xx(insn, asi);
1429 1655
1430 } else if ((insn & 0x0e000000) == 0x08000000) { 1656 else if ((insn & 0x0e000000) == 0x08000000)
1431 1657
1432 return space_cccc_100x(insn, asi); 1658 return space_cccc_100x(insn, asi);
1433 1659
1434 } else if ((insn & 0x0e000000) == 0x0a000000) { 1660 else if ((insn & 0x0e000000) == 0x0a000000)
1435 1661
1436 return space_cccc_101x(insn, asi); 1662 return space_cccc_101x(insn, asi);
1437 1663
1438 } else if ((insn & 0x0fe00000) == 0x0c400000) { 1664 return space_cccc_11xx(insn, asi);
1439
1440 return space_cccc_1100_010x(insn, asi);
1441
1442 } else if ((insn & 0x0e000000) == 0x0c000000) {
1443
1444 return space_cccc_110x(insn, asi);
1445
1446 }
1447
1448 return space_cccc_111x(insn, asi);
1449} 1665}
1450 1666
1451void __init arm_kprobe_decode_init(void) 1667void __init arm_kprobe_decode_init(void)
1452{ 1668{
1453 find_str_pc_offset(); 1669 find_str_pc_offset();
1454} 1670}
1455
1456
1457/*
1458 * All ARM instructions listed below.
1459 *
1460 * Instructions and their general purpose registers are given.
1461 * If a particular register may not use R15, it is prefixed with a "!".
1462 * If marked with a "*" means the value returned by reading R15
1463 * is implementation defined.
1464 *
1465 * ADC/ADD/AND/BIC/CMN/CMP/EOR/MOV/MVN/ORR/RSB/RSC/SBC/SUB/TEQ
1466 * TST: Rd, Rn, Rm, !Rs
1467 * BX: Rm
1468 * BLX(2): !Rm
1469 * BX: Rm (R15 legal, but discouraged)
1470 * BXJ: !Rm,
1471 * CLZ: !Rd, !Rm
1472 * CPY: Rd, Rm
1473 * LDC/2,STC/2 immediate offset & unindex: Rn
1474 * LDC/2,STC/2 immediate pre/post-indexed: !Rn
1475 * LDM(1/3): !Rn, register_list
1476 * LDM(2): !Rn, !register_list
1477 * LDR,STR,PLD immediate offset: Rd, Rn
1478 * LDR,STR,PLD register offset: Rd, Rn, !Rm
1479 * LDR,STR,PLD scaled register offset: Rd, !Rn, !Rm
1480 * LDR,STR immediate pre/post-indexed: Rd, !Rn
1481 * LDR,STR register pre/post-indexed: Rd, !Rn, !Rm
1482 * LDR,STR scaled register pre/post-indexed: Rd, !Rn, !Rm
1483 * LDRB,STRB immediate offset: !Rd, Rn
1484 * LDRB,STRB register offset: !Rd, Rn, !Rm
1485 * LDRB,STRB scaled register offset: !Rd, !Rn, !Rm
1486 * LDRB,STRB immediate pre/post-indexed: !Rd, !Rn
1487 * LDRB,STRB register pre/post-indexed: !Rd, !Rn, !Rm
1488 * LDRB,STRB scaled register pre/post-indexed: !Rd, !Rn, !Rm
1489 * LDRT,LDRBT,STRBT immediate pre/post-indexed: !Rd, !Rn
1490 * LDRT,LDRBT,STRBT register pre/post-indexed: !Rd, !Rn, !Rm
1491 * LDRT,LDRBT,STRBT scaled register pre/post-indexed: !Rd, !Rn, !Rm
1492 * LDRH/SH/SB/D,STRH/SH/SB/D immediate offset: !Rd, Rn
1493 * LDRH/SH/SB/D,STRH/SH/SB/D register offset: !Rd, Rn, !Rm
1494 * LDRH/SH/SB/D,STRH/SH/SB/D immediate pre/post-indexed: !Rd, !Rn
1495 * LDRH/SH/SB/D,STRH/SH/SB/D register pre/post-indexed: !Rd, !Rn, !Rm
1496 * LDREX: !Rd, !Rn
1497 * MCR/2: !Rd
1498 * MCRR/2,MRRC/2: !Rd, !Rn
1499 * MLA: !Rd, !Rn, !Rm, !Rs
1500 * MOV: Rd
1501 * MRC/2: !Rd (if Rd==15, only changes cond codes, not the register)
1502 * MRS,MSR: !Rd
1503 * MUL: !Rd, !Rm, !Rs
1504 * PKH{BT,TB}: !Rd, !Rn, !Rm
1505 * QDADD,[U]QADD/16/8/SUBX: !Rd, !Rm, !Rn
1506 * QDSUB,[U]QSUB/16/8/ADDX: !Rd, !Rm, !Rn
1507 * REV/16/SH: !Rd, !Rm
1508 * RFE: !Rn
1509 * {S,U}[H]ADD{16,8,SUBX},{S,U}[H]SUB{16,8,ADDX}: !Rd, !Rn, !Rm
1510 * SEL: !Rd, !Rn, !Rm
1511 * SMLA<x><y>,SMLA{D,W<y>},SMLSD,SMML{A,S}: !Rd, !Rn, !Rm, !Rs
1512 * SMLAL<x><y>,SMLA{D,LD},SMLSLD,SMMULL,SMULW<y>: !RdHi, !RdLo, !Rm, !Rs
1513 * SMMUL,SMUAD,SMUL<x><y>,SMUSD: !Rd, !Rm, !Rs
1514 * SSAT/16: !Rd, !Rm
1515 * STM(1/2): !Rn, register_list* (R15 in reg list not recommended)
1516 * STRT immediate pre/post-indexed: Rd*, !Rn
1517 * STRT register pre/post-indexed: Rd*, !Rn, !Rm
1518 * STRT scaled register pre/post-indexed: Rd*, !Rn, !Rm
1519 * STREX: !Rd, !Rn, !Rm
1520 * SWP/B: !Rd, !Rn, !Rm
1521 * {S,U}XTA{B,B16,H}: !Rd, !Rn, !Rm
1522 * {S,U}XT{B,B16,H}: !Rd, !Rm
1523 * UM{AA,LA,UL}L: !RdHi, !RdLo, !Rm, !Rs
1524 * USA{D8,A8,T,T16}: !Rd, !Rm, !Rs
1525 *
1526 * May transfer control by writing R15 (possible mode changes or alternate
1527 * mode accesses marked by "*"):
1528 * ALU op (* with s-bit), B, BL, BKPT, BLX(1/2), BX, BXJ, CPS*, CPY,
1529 * LDM(1), LDM(2/3)*, LDR, MOV, RFE*, SWI*
1530 *
1531 * Instructions that do not take general registers, nor transfer control:
1532 * CDP/2, SETEND, SRS*
1533 */
diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c
index 2ba7deb3072e..1656c87501c0 100644
--- a/arch/arm/kernel/kprobes.c
+++ b/arch/arm/kernel/kprobes.c
@@ -134,7 +134,8 @@ static void __kprobes singlestep(struct kprobe *p, struct pt_regs *regs,
134 struct kprobe_ctlblk *kcb) 134 struct kprobe_ctlblk *kcb)
135{ 135{
136 regs->ARM_pc += 4; 136 regs->ARM_pc += 4;
137 p->ainsn.insn_handler(p, regs); 137 if (p->ainsn.insn_check_cc(regs->ARM_cpsr))
138 p->ainsn.insn_handler(p, regs);
138} 139}
139 140
140/* 141/*
diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
index 979da3947f42..139e3c827369 100644
--- a/arch/arm/kernel/perf_event.c
+++ b/arch/arm/kernel/perf_event.c
@@ -746,7 +746,8 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
746 746
747 tail = (struct frame_tail __user *)regs->ARM_fp - 1; 747 tail = (struct frame_tail __user *)regs->ARM_fp - 1;
748 748
749 while (tail && !((unsigned long)tail & 0x3)) 749 while ((entry->nr < PERF_MAX_STACK_DEPTH) &&
750 tail && !((unsigned long)tail & 0x3))
750 tail = user_backtrace(tail, entry); 751 tail = user_backtrace(tail, entry);
751} 752}
752 753
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
index 8fe05ad932e4..f29b8a29b174 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -479,7 +479,7 @@ static void broadcast_timer_set_mode(enum clock_event_mode mode,
479{ 479{
480} 480}
481 481
482static void broadcast_timer_setup(struct clock_event_device *evt) 482static void __cpuinit broadcast_timer_setup(struct clock_event_device *evt)
483{ 483{
484 evt->name = "dummy_timer"; 484 evt->name = "dummy_timer";
485 evt->features = CLOCK_EVT_FEAT_ONESHOT | 485 evt->features = CLOCK_EVT_FEAT_ONESHOT |
diff --git a/arch/arm/kernel/sys_oabi-compat.c b/arch/arm/kernel/sys_oabi-compat.c
index 4ad8da15ef2b..af0aaebf4de6 100644
--- a/arch/arm/kernel/sys_oabi-compat.c
+++ b/arch/arm/kernel/sys_oabi-compat.c
@@ -311,7 +311,7 @@ asmlinkage long sys_oabi_semtimedop(int semid,
311 long err; 311 long err;
312 int i; 312 int i;
313 313
314 if (nsops < 1) 314 if (nsops < 1 || nsops > SEMOPM)
315 return -EINVAL; 315 return -EINVAL;
316 sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL); 316 sops = kmalloc(sizeof(*sops) * nsops, GFP_KERNEL);
317 if (!sops) 317 if (!sops)
diff --git a/arch/arm/mach-davinci/Kconfig b/arch/arm/mach-davinci/Kconfig
index 32f147998cd9..c0deacae778d 100644
--- a/arch/arm/mach-davinci/Kconfig
+++ b/arch/arm/mach-davinci/Kconfig
@@ -63,6 +63,7 @@ config MACH_DAVINCI_EVM
63 depends on ARCH_DAVINCI_DM644x 63 depends on ARCH_DAVINCI_DM644x
64 select MISC_DEVICES 64 select MISC_DEVICES
65 select EEPROM_AT24 65 select EEPROM_AT24
66 select I2C
66 help 67 help
67 Configure this option to specify the whether the board used 68 Configure this option to specify the whether the board used
68 for development is a DM644x EVM 69 for development is a DM644x EVM
@@ -72,6 +73,7 @@ config MACH_SFFSDR
72 depends on ARCH_DAVINCI_DM644x 73 depends on ARCH_DAVINCI_DM644x
73 select MISC_DEVICES 74 select MISC_DEVICES
74 select EEPROM_AT24 75 select EEPROM_AT24
76 select I2C
75 help 77 help
76 Say Y here to select the Lyrtech Small Form Factor 78 Say Y here to select the Lyrtech Small Form Factor
77 Software Defined Radio (SFFSDR) board. 79 Software Defined Radio (SFFSDR) board.
@@ -105,6 +107,7 @@ config MACH_DAVINCI_DM6467_EVM
105 select MACH_DAVINCI_DM6467TEVM 107 select MACH_DAVINCI_DM6467TEVM
106 select MISC_DEVICES 108 select MISC_DEVICES
107 select EEPROM_AT24 109 select EEPROM_AT24
110 select I2C
108 help 111 help
109 Configure this option to specify the whether the board used 112 Configure this option to specify the whether the board used
110 for development is a DM6467 EVM 113 for development is a DM6467 EVM
@@ -118,6 +121,7 @@ config MACH_DAVINCI_DM365_EVM
118 depends on ARCH_DAVINCI_DM365 121 depends on ARCH_DAVINCI_DM365
119 select MISC_DEVICES 122 select MISC_DEVICES
120 select EEPROM_AT24 123 select EEPROM_AT24
124 select I2C
121 help 125 help
122 Configure this option to specify whether the board used 126 Configure this option to specify whether the board used
123 for development is a DM365 EVM 127 for development is a DM365 EVM
@@ -129,6 +133,7 @@ config MACH_DAVINCI_DA830_EVM
129 select GPIO_PCF857X 133 select GPIO_PCF857X
130 select MISC_DEVICES 134 select MISC_DEVICES
131 select EEPROM_AT24 135 select EEPROM_AT24
136 select I2C
132 help 137 help
133 Say Y here to select the TI DA830/OMAP-L137/AM17x Evaluation Module. 138 Say Y here to select the TI DA830/OMAP-L137/AM17x Evaluation Module.
134 139
@@ -205,6 +210,7 @@ config MACH_MITYOMAPL138
205 depends on ARCH_DAVINCI_DA850 210 depends on ARCH_DAVINCI_DA850
206 select MISC_DEVICES 211 select MISC_DEVICES
207 select EEPROM_AT24 212 select EEPROM_AT24
213 select I2C
208 help 214 help
209 Say Y here to select the Critical Link MityDSP-L138/MityARM-1808 215 Say Y here to select the Critical Link MityDSP-L138/MityARM-1808
210 System on Module. Information on this SoM may be found at 216 System on Module. Information on this SoM may be found at
diff --git a/arch/arm/mach-davinci/board-mityomapl138.c b/arch/arm/mach-davinci/board-mityomapl138.c
index 2aa79c54f98e..606a6f27ed6c 100644
--- a/arch/arm/mach-davinci/board-mityomapl138.c
+++ b/arch/arm/mach-davinci/board-mityomapl138.c
@@ -29,7 +29,7 @@
29#include <mach/mux.h> 29#include <mach/mux.h>
30#include <mach/spi.h> 30#include <mach/spi.h>
31 31
32#define MITYOMAPL138_PHY_ID "0:03" 32#define MITYOMAPL138_PHY_ID ""
33 33
34#define FACTORY_CONFIG_MAGIC 0x012C0138 34#define FACTORY_CONFIG_MAGIC 0x012C0138
35#define FACTORY_CONFIG_VERSION 0x00010001 35#define FACTORY_CONFIG_VERSION 0x00010001
@@ -414,7 +414,7 @@ static struct resource mityomapl138_nandflash_resource[] = {
414 414
415static struct platform_device mityomapl138_nandflash_device = { 415static struct platform_device mityomapl138_nandflash_device = {
416 .name = "davinci_nand", 416 .name = "davinci_nand",
417 .id = 0, 417 .id = 1,
418 .dev = { 418 .dev = {
419 .platform_data = &mityomapl138_nandflash_data, 419 .platform_data = &mityomapl138_nandflash_data,
420 }, 420 },
diff --git a/arch/arm/mach-davinci/devices-da8xx.c b/arch/arm/mach-davinci/devices-da8xx.c
index 625d4b66718b..58a02dc7b15a 100644
--- a/arch/arm/mach-davinci/devices-da8xx.c
+++ b/arch/arm/mach-davinci/devices-da8xx.c
@@ -39,7 +39,8 @@
39#define DA8XX_GPIO_BASE 0x01e26000 39#define DA8XX_GPIO_BASE 0x01e26000
40#define DA8XX_I2C1_BASE 0x01e28000 40#define DA8XX_I2C1_BASE 0x01e28000
41#define DA8XX_SPI0_BASE 0x01c41000 41#define DA8XX_SPI0_BASE 0x01c41000
42#define DA8XX_SPI1_BASE 0x01f0e000 42#define DA830_SPI1_BASE 0x01e12000
43#define DA850_SPI1_BASE 0x01f0e000
43 44
44#define DA8XX_EMAC_CTRL_REG_OFFSET 0x3000 45#define DA8XX_EMAC_CTRL_REG_OFFSET 0x3000
45#define DA8XX_EMAC_MOD_REG_OFFSET 0x2000 46#define DA8XX_EMAC_MOD_REG_OFFSET 0x2000
@@ -762,8 +763,8 @@ static struct resource da8xx_spi0_resources[] = {
762 763
763static struct resource da8xx_spi1_resources[] = { 764static struct resource da8xx_spi1_resources[] = {
764 [0] = { 765 [0] = {
765 .start = DA8XX_SPI1_BASE, 766 .start = DA830_SPI1_BASE,
766 .end = DA8XX_SPI1_BASE + SZ_4K - 1, 767 .end = DA830_SPI1_BASE + SZ_4K - 1,
767 .flags = IORESOURCE_MEM, 768 .flags = IORESOURCE_MEM,
768 }, 769 },
769 [1] = { 770 [1] = {
@@ -832,5 +833,10 @@ int __init da8xx_register_spi(int instance, struct spi_board_info *info,
832 833
833 da8xx_spi_pdata[instance].num_chipselect = len; 834 da8xx_spi_pdata[instance].num_chipselect = len;
834 835
836 if (instance == 1 && cpu_is_davinci_da850()) {
837 da8xx_spi1_resources[0].start = DA850_SPI1_BASE;
838 da8xx_spi1_resources[0].end = DA850_SPI1_BASE + SZ_4K - 1;
839 }
840
835 return platform_device_register(&da8xx_spi_device[instance]); 841 return platform_device_register(&da8xx_spi_device[instance]);
836} 842}
diff --git a/arch/arm/mach-davinci/include/mach/debug-macro.S b/arch/arm/mach-davinci/include/mach/debug-macro.S
index 9f1befc5ac38..f8b7ea4f6235 100644
--- a/arch/arm/mach-davinci/include/mach/debug-macro.S
+++ b/arch/arm/mach-davinci/include/mach/debug-macro.S
@@ -24,6 +24,9 @@
24 24
25#define UART_SHIFT 2 25#define UART_SHIFT 2
26 26
27#define davinci_uart_v2p(x) ((x) - PAGE_OFFSET + PLAT_PHYS_OFFSET)
28#define davinci_uart_p2v(x) ((x) - PLAT_PHYS_OFFSET + PAGE_OFFSET)
29
27 .pushsection .data 30 .pushsection .data
28davinci_uart_phys: .word 0 31davinci_uart_phys: .word 0
29davinci_uart_virt: .word 0 32davinci_uart_virt: .word 0
@@ -34,7 +37,7 @@ davinci_uart_virt: .word 0
34 /* Use davinci_uart_phys/virt if already configured */ 37 /* Use davinci_uart_phys/virt if already configured */
3510: mrc p15, 0, \rp, c1, c0 3810: mrc p15, 0, \rp, c1, c0
36 tst \rp, #1 @ MMU enabled? 39 tst \rp, #1 @ MMU enabled?
37 ldreq \rp, =__virt_to_phys(davinci_uart_phys) 40 ldreq \rp, =davinci_uart_v2p(davinci_uart_phys)
38 ldrne \rp, =davinci_uart_phys 41 ldrne \rp, =davinci_uart_phys
39 add \rv, \rp, #4 @ davinci_uart_virt 42 add \rv, \rp, #4 @ davinci_uart_virt
40 ldr \rp, [\rp, #0] 43 ldr \rp, [\rp, #0]
@@ -48,18 +51,18 @@ davinci_uart_virt: .word 0
48 tst \rp, #1 @ MMU enabled? 51 tst \rp, #1 @ MMU enabled?
49 52
50 /* Copy uart phys address from decompressor uart info */ 53 /* Copy uart phys address from decompressor uart info */
51 ldreq \rv, =__virt_to_phys(davinci_uart_phys) 54 ldreq \rv, =davinci_uart_v2p(davinci_uart_phys)
52 ldrne \rv, =davinci_uart_phys 55 ldrne \rv, =davinci_uart_phys
53 ldreq \rp, =DAVINCI_UART_INFO 56 ldreq \rp, =DAVINCI_UART_INFO
54 ldrne \rp, =__phys_to_virt(DAVINCI_UART_INFO) 57 ldrne \rp, =davinci_uart_p2v(DAVINCI_UART_INFO)
55 ldr \rp, [\rp, #0] 58 ldr \rp, [\rp, #0]
56 str \rp, [\rv] 59 str \rp, [\rv]
57 60
58 /* Copy uart virt address from decompressor uart info */ 61 /* Copy uart virt address from decompressor uart info */
59 ldreq \rv, =__virt_to_phys(davinci_uart_virt) 62 ldreq \rv, =davinci_uart_v2p(davinci_uart_virt)
60 ldrne \rv, =davinci_uart_virt 63 ldrne \rv, =davinci_uart_virt
61 ldreq \rp, =DAVINCI_UART_INFO 64 ldreq \rp, =DAVINCI_UART_INFO
62 ldrne \rp, =__phys_to_virt(DAVINCI_UART_INFO) 65 ldrne \rp, =davinci_uart_p2v(DAVINCI_UART_INFO)
63 ldr \rp, [\rp, #4] 66 ldr \rp, [\rp, #4]
64 str \rp, [\rv] 67 str \rp, [\rv]
65 68
diff --git a/arch/arm/mach-davinci/include/mach/serial.h b/arch/arm/mach-davinci/include/mach/serial.h
index 8051110b8ac3..c9e6ce185a66 100644
--- a/arch/arm/mach-davinci/include/mach/serial.h
+++ b/arch/arm/mach-davinci/include/mach/serial.h
@@ -22,7 +22,7 @@
22 * 22 *
23 * This area sits just below the page tables (see arch/arm/kernel/head.S). 23 * This area sits just below the page tables (see arch/arm/kernel/head.S).
24 */ 24 */
25#define DAVINCI_UART_INFO (PHYS_OFFSET + 0x3ff8) 25#define DAVINCI_UART_INFO (PLAT_PHYS_OFFSET + 0x3ff8)
26 26
27#define DAVINCI_UART0_BASE (IO_PHYS + 0x20000) 27#define DAVINCI_UART0_BASE (IO_PHYS + 0x20000)
28#define DAVINCI_UART1_BASE (IO_PHYS + 0x20400) 28#define DAVINCI_UART1_BASE (IO_PHYS + 0x20400)
diff --git a/arch/arm/mach-mx3/mach-vpr200.c b/arch/arm/mach-mx3/mach-vpr200.c
index 2cf390fbd980..47a69cbc31a8 100644
--- a/arch/arm/mach-mx3/mach-vpr200.c
+++ b/arch/arm/mach-mx3/mach-vpr200.c
@@ -257,11 +257,16 @@ static const struct fsl_usb2_platform_data otg_device_pdata __initconst = {
257 .workaround = FLS_USB2_WORKAROUND_ENGCM09152, 257 .workaround = FLS_USB2_WORKAROUND_ENGCM09152,
258}; 258};
259 259
260static int vpr200_usbh_init(struct platform_device *pdev)
261{
262 return mx35_initialize_usb_hw(pdev->id,
263 MXC_EHCI_INTERFACE_SINGLE_UNI | MXC_EHCI_INTERNAL_PHY);
264}
265
260/* USB HOST config */ 266/* USB HOST config */
261static const struct mxc_usbh_platform_data usb_host_pdata __initconst = { 267static const struct mxc_usbh_platform_data usb_host_pdata __initconst = {
262 .portsc = MXC_EHCI_MODE_SERIAL, 268 .init = vpr200_usbh_init,
263 .flags = MXC_EHCI_INTERFACE_SINGLE_UNI | 269 .portsc = MXC_EHCI_MODE_SERIAL,
264 MXC_EHCI_INTERNAL_PHY,
265}; 270};
266 271
267static struct platform_device *devices[] __initdata = { 272static struct platform_device *devices[] __initdata = {
diff --git a/arch/arm/mach-mx5/board-mx53_loco.c b/arch/arm/mach-mx5/board-mx53_loco.c
index 10a1bea10548..6206b1191fe8 100644
--- a/arch/arm/mach-mx5/board-mx53_loco.c
+++ b/arch/arm/mach-mx5/board-mx53_loco.c
@@ -193,7 +193,7 @@ static iomux_v3_cfg_t mx53_loco_pads[] = {
193 .wakeup = wake, \ 193 .wakeup = wake, \
194} 194}
195 195
196static const struct gpio_keys_button loco_buttons[] __initconst = { 196static struct gpio_keys_button loco_buttons[] = {
197 GPIO_BUTTON(MX53_LOCO_POWER, KEY_POWER, 1, "power", 0), 197 GPIO_BUTTON(MX53_LOCO_POWER, KEY_POWER, 1, "power", 0),
198 GPIO_BUTTON(MX53_LOCO_UI1, KEY_VOLUMEUP, 1, "volume-up", 0), 198 GPIO_BUTTON(MX53_LOCO_UI1, KEY_VOLUMEUP, 1, "volume-up", 0),
199 GPIO_BUTTON(MX53_LOCO_UI2, KEY_VOLUMEDOWN, 1, "volume-down", 0), 199 GPIO_BUTTON(MX53_LOCO_UI2, KEY_VOLUMEDOWN, 1, "volume-down", 0),
diff --git a/arch/arm/mach-mxs/clock-mx28.c b/arch/arm/mach-mxs/clock-mx28.c
index 1ad97fed1e94..5dcc59d5b9ec 100644
--- a/arch/arm/mach-mxs/clock-mx28.c
+++ b/arch/arm/mach-mxs/clock-mx28.c
@@ -295,11 +295,11 @@ static int name##_set_rate(struct clk *clk, unsigned long rate) \
295 unsigned long diff, parent_rate, calc_rate; \ 295 unsigned long diff, parent_rate, calc_rate; \
296 int i; \ 296 int i; \
297 \ 297 \
298 parent_rate = clk_get_rate(clk->parent); \
299 div_max = BM_CLKCTRL_##dr##_DIV >> BP_CLKCTRL_##dr##_DIV; \ 298 div_max = BM_CLKCTRL_##dr##_DIV >> BP_CLKCTRL_##dr##_DIV; \
300 bm_busy = BM_CLKCTRL_##dr##_BUSY; \ 299 bm_busy = BM_CLKCTRL_##dr##_BUSY; \
301 \ 300 \
302 if (clk->parent == &ref_xtal_clk) { \ 301 if (clk->parent == &ref_xtal_clk) { \
302 parent_rate = clk_get_rate(clk->parent); \
303 div = DIV_ROUND_UP(parent_rate, rate); \ 303 div = DIV_ROUND_UP(parent_rate, rate); \
304 if (clk == &cpu_clk) { \ 304 if (clk == &cpu_clk) { \
305 div_max = BM_CLKCTRL_CPU_DIV_XTAL >> \ 305 div_max = BM_CLKCTRL_CPU_DIV_XTAL >> \
@@ -309,6 +309,11 @@ static int name##_set_rate(struct clk *clk, unsigned long rate) \
309 if (div == 0 || div > div_max) \ 309 if (div == 0 || div > div_max) \
310 return -EINVAL; \ 310 return -EINVAL; \
311 } else { \ 311 } else { \
312 /* \
313 * hack alert: this block modifies clk->parent, too, \
314 * so the base to use it the grand parent. \
315 */ \
316 parent_rate = clk_get_rate(clk->parent->parent); \
312 rate >>= PARENT_RATE_SHIFT; \ 317 rate >>= PARENT_RATE_SHIFT; \
313 parent_rate >>= PARENT_RATE_SHIFT; \ 318 parent_rate >>= PARENT_RATE_SHIFT; \
314 diff = parent_rate; \ 319 diff = parent_rate; \
diff --git a/arch/arm/mach-pxa/hx4700.c b/arch/arm/mach-pxa/hx4700.c
index 6de0ad0eea65..9cdcca597924 100644
--- a/arch/arm/mach-pxa/hx4700.c
+++ b/arch/arm/mach-pxa/hx4700.c
@@ -711,7 +711,7 @@ static struct regulator_consumer_supply bq24022_consumers[] = {
711static struct regulator_init_data bq24022_init_data = { 711static struct regulator_init_data bq24022_init_data = {
712 .constraints = { 712 .constraints = {
713 .max_uA = 500000, 713 .max_uA = 500000,
714 .valid_ops_mask = REGULATOR_CHANGE_CURRENT, 714 .valid_ops_mask = REGULATOR_CHANGE_CURRENT|REGULATOR_CHANGE_STATUS,
715 }, 715 },
716 .num_consumer_supplies = ARRAY_SIZE(bq24022_consumers), 716 .num_consumer_supplies = ARRAY_SIZE(bq24022_consumers),
717 .consumer_supplies = bq24022_consumers, 717 .consumer_supplies = bq24022_consumers,
diff --git a/arch/arm/mach-pxa/magician.c b/arch/arm/mach-pxa/magician.c
index a72993dde2b3..9984ef70bd79 100644
--- a/arch/arm/mach-pxa/magician.c
+++ b/arch/arm/mach-pxa/magician.c
@@ -599,7 +599,7 @@ static struct regulator_consumer_supply bq24022_consumers[] = {
599static struct regulator_init_data bq24022_init_data = { 599static struct regulator_init_data bq24022_init_data = {
600 .constraints = { 600 .constraints = {
601 .max_uA = 500000, 601 .max_uA = 500000,
602 .valid_ops_mask = REGULATOR_CHANGE_CURRENT, 602 .valid_ops_mask = REGULATOR_CHANGE_CURRENT | REGULATOR_CHANGE_STATUS,
603 }, 603 },
604 .num_consumer_supplies = ARRAY_SIZE(bq24022_consumers), 604 .num_consumer_supplies = ARRAY_SIZE(bq24022_consumers),
605 .consumer_supplies = bq24022_consumers, 605 .consumer_supplies = bq24022_consumers,
diff --git a/arch/arm/mm/proc-xscale.S b/arch/arm/mm/proc-xscale.S
index ce233bcbf506..42af97664c9d 100644
--- a/arch/arm/mm/proc-xscale.S
+++ b/arch/arm/mm/proc-xscale.S
@@ -395,7 +395,7 @@ ENTRY(xscale_dma_a0_map_area)
395 teq r2, #DMA_TO_DEVICE 395 teq r2, #DMA_TO_DEVICE
396 beq xscale_dma_clean_range 396 beq xscale_dma_clean_range
397 b xscale_dma_flush_range 397 b xscale_dma_flush_range
398ENDPROC(xscsale_dma_a0_map_area) 398ENDPROC(xscale_dma_a0_map_area)
399 399
400/* 400/*
401 * dma_unmap_area(start, size, dir) 401 * dma_unmap_area(start, size, dir)
diff --git a/arch/arm/plat-mxc/gpio.c b/arch/arm/plat-mxc/gpio.c
index 7a107246fd98..6cd6d7f686f6 100644
--- a/arch/arm/plat-mxc/gpio.c
+++ b/arch/arm/plat-mxc/gpio.c
@@ -295,6 +295,12 @@ static int mxc_gpio_direction_output(struct gpio_chip *chip,
295 return 0; 295 return 0;
296} 296}
297 297
298/*
299 * This lock class tells lockdep that GPIO irqs are in a different
300 * category than their parents, so it won't report false recursion.
301 */
302static struct lock_class_key gpio_lock_class;
303
298int __init mxc_gpio_init(struct mxc_gpio_port *port, int cnt) 304int __init mxc_gpio_init(struct mxc_gpio_port *port, int cnt)
299{ 305{
300 int i, j; 306 int i, j;
@@ -311,6 +317,7 @@ int __init mxc_gpio_init(struct mxc_gpio_port *port, int cnt)
311 __raw_writel(~0, port[i].base + GPIO_ISR); 317 __raw_writel(~0, port[i].base + GPIO_ISR);
312 for (j = port[i].virtual_irq_start; 318 for (j = port[i].virtual_irq_start;
313 j < port[i].virtual_irq_start + 32; j++) { 319 j < port[i].virtual_irq_start + 32; j++) {
320 irq_set_lockdep_class(j, &gpio_lock_class);
314 irq_set_chip_and_handler(j, &gpio_irq_chip, 321 irq_set_chip_and_handler(j, &gpio_irq_chip,
315 handle_level_irq); 322 handle_level_irq);
316 set_irq_flags(j, IRQF_VALID); 323 set_irq_flags(j, IRQF_VALID);
diff --git a/arch/arm/plat-mxc/ssi-fiq.S b/arch/arm/plat-mxc/ssi-fiq.S
index 4ddce565b353..8397a2dd19f2 100644
--- a/arch/arm/plat-mxc/ssi-fiq.S
+++ b/arch/arm/plat-mxc/ssi-fiq.S
@@ -124,6 +124,8 @@ imx_ssi_fiq_start:
1241: 1241:
125 @ return from FIQ 125 @ return from FIQ
126 subs pc, lr, #4 126 subs pc, lr, #4
127
128 .align
127imx_ssi_fiq_base: 129imx_ssi_fiq_base:
128 .word 0x0 130 .word 0x0
129imx_ssi_fiq_rx_buffer: 131imx_ssi_fiq_rx_buffer:
diff --git a/arch/powerpc/include/asm/8xx_immap.h b/arch/powerpc/include/asm/8xx_immap.h
index 6b6dc20b0beb..bdf0563ba423 100644
--- a/arch/powerpc/include/asm/8xx_immap.h
+++ b/arch/powerpc/include/asm/8xx_immap.h
@@ -393,8 +393,8 @@ typedef struct fec {
393 uint fec_addr_low; /* lower 32 bits of station address */ 393 uint fec_addr_low; /* lower 32 bits of station address */
394 ushort fec_addr_high; /* upper 16 bits of station address */ 394 ushort fec_addr_high; /* upper 16 bits of station address */
395 ushort res1; /* reserved */ 395 ushort res1; /* reserved */
396 uint fec_hash_table_high; /* upper 32-bits of hash table */ 396 uint fec_grp_hash_table_high; /* upper 32-bits of hash table */
397 uint fec_hash_table_low; /* lower 32-bits of hash table */ 397 uint fec_grp_hash_table_low; /* lower 32-bits of hash table */
398 uint fec_r_des_start; /* beginning of Rx descriptor ring */ 398 uint fec_r_des_start; /* beginning of Rx descriptor ring */
399 uint fec_x_des_start; /* beginning of Tx descriptor ring */ 399 uint fec_x_des_start; /* beginning of Tx descriptor ring */
400 uint fec_r_buff_size; /* Rx buffer size */ 400 uint fec_r_buff_size; /* Rx buffer size */
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 3532d3bf8105..bb9eb29a52dd 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -698,7 +698,7 @@ cpu_dev_register(amd_cpu_dev);
698 */ 698 */
699 699
700const int amd_erratum_400[] = 700const int amd_erratum_400[] =
701 AMD_OSVW_ERRATUM(1, AMD_MODEL_RANGE(0xf, 0x41, 0x2, 0xff, 0xf), 701 AMD_OSVW_ERRATUM(1, AMD_MODEL_RANGE(0x0f, 0x4, 0x2, 0xff, 0xf),
702 AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0xff, 0xf)); 702 AMD_MODEL_RANGE(0x10, 0x2, 0x1, 0xff, 0xf));
703EXPORT_SYMBOL_GPL(amd_erratum_400); 703EXPORT_SYMBOL_GPL(amd_erratum_400);
704 704
diff --git a/arch/x86/kernel/reboot_32.S b/arch/x86/kernel/reboot_32.S
index 29092b38d816..1d5c46df0d78 100644
--- a/arch/x86/kernel/reboot_32.S
+++ b/arch/x86/kernel/reboot_32.S
@@ -21,26 +21,26 @@ r_base = .
21 /* Get our own relocated address */ 21 /* Get our own relocated address */
22 call 1f 22 call 1f
231: popl %ebx 231: popl %ebx
24 subl $1b, %ebx 24 subl $(1b - r_base), %ebx
25 25
26 /* Compute the equivalent real-mode segment */ 26 /* Compute the equivalent real-mode segment */
27 movl %ebx, %ecx 27 movl %ebx, %ecx
28 shrl $4, %ecx 28 shrl $4, %ecx
29 29
30 /* Patch post-real-mode segment jump */ 30 /* Patch post-real-mode segment jump */
31 movw dispatch_table(%ebx,%eax,2),%ax 31 movw (dispatch_table - r_base)(%ebx,%eax,2),%ax
32 movw %ax, 101f(%ebx) 32 movw %ax, (101f - r_base)(%ebx)
33 movw %cx, 102f(%ebx) 33 movw %cx, (102f - r_base)(%ebx)
34 34
35 /* Set up the IDT for real mode. */ 35 /* Set up the IDT for real mode. */
36 lidtl machine_real_restart_idt(%ebx) 36 lidtl (machine_real_restart_idt - r_base)(%ebx)
37 37
38 /* 38 /*
39 * Set up a GDT from which we can load segment descriptors for real 39 * Set up a GDT from which we can load segment descriptors for real
40 * mode. The GDT is not used in real mode; it is just needed here to 40 * mode. The GDT is not used in real mode; it is just needed here to
41 * prepare the descriptors. 41 * prepare the descriptors.
42 */ 42 */
43 lgdtl machine_real_restart_gdt(%ebx) 43 lgdtl (machine_real_restart_gdt - r_base)(%ebx)
44 44
45 /* 45 /*
46 * Load the data segment registers with 16-bit compatible values 46 * Load the data segment registers with 16-bit compatible values
diff --git a/arch/x86/mm/numa_64.c b/arch/x86/mm/numa_64.c
index e8c00cc72033..85b52fc03084 100644
--- a/arch/x86/mm/numa_64.c
+++ b/arch/x86/mm/numa_64.c
@@ -306,7 +306,7 @@ int __init numa_cleanup_meminfo(struct numa_meminfo *mi)
306 bi->end = min(bi->end, high); 306 bi->end = min(bi->end, high);
307 307
308 /* and there's no empty block */ 308 /* and there's no empty block */
309 if (bi->start == bi->end) { 309 if (bi->start >= bi->end) {
310 numa_remove_memblk_from(i--, mi); 310 numa_remove_memblk_from(i--, mi);
311 continue; 311 continue;
312 } 312 }
diff --git a/drivers/clk/clkdev.c b/drivers/clk/clkdev.c
index 0fc0a79852de..6db161f64ae0 100644
--- a/drivers/clk/clkdev.c
+++ b/drivers/clk/clkdev.c
@@ -32,10 +32,9 @@ static DEFINE_MUTEX(clocks_mutex);
32 * Then we take the most specific entry - with the following 32 * Then we take the most specific entry - with the following
33 * order of precedence: dev+con > dev only > con only. 33 * order of precedence: dev+con > dev only > con only.
34 */ 34 */
35static struct clk *clk_find(const char *dev_id, const char *con_id) 35static struct clk_lookup *clk_find(const char *dev_id, const char *con_id)
36{ 36{
37 struct clk_lookup *p; 37 struct clk_lookup *p, *cl = NULL;
38 struct clk *clk = NULL;
39 int match, best = 0; 38 int match, best = 0;
40 39
41 list_for_each_entry(p, &clocks, node) { 40 list_for_each_entry(p, &clocks, node) {
@@ -52,27 +51,27 @@ static struct clk *clk_find(const char *dev_id, const char *con_id)
52 } 51 }
53 52
54 if (match > best) { 53 if (match > best) {
55 clk = p->clk; 54 cl = p;
56 if (match != 3) 55 if (match != 3)
57 best = match; 56 best = match;
58 else 57 else
59 break; 58 break;
60 } 59 }
61 } 60 }
62 return clk; 61 return cl;
63} 62}
64 63
65struct clk *clk_get_sys(const char *dev_id, const char *con_id) 64struct clk *clk_get_sys(const char *dev_id, const char *con_id)
66{ 65{
67 struct clk *clk; 66 struct clk_lookup *cl;
68 67
69 mutex_lock(&clocks_mutex); 68 mutex_lock(&clocks_mutex);
70 clk = clk_find(dev_id, con_id); 69 cl = clk_find(dev_id, con_id);
71 if (clk && !__clk_get(clk)) 70 if (cl && !__clk_get(cl->clk))
72 clk = NULL; 71 cl = NULL;
73 mutex_unlock(&clocks_mutex); 72 mutex_unlock(&clocks_mutex);
74 73
75 return clk ? clk : ERR_PTR(-ENOENT); 74 return cl ? cl->clk : ERR_PTR(-ENOENT);
76} 75}
77EXPORT_SYMBOL(clk_get_sys); 76EXPORT_SYMBOL(clk_get_sys);
78 77
diff --git a/drivers/input/touchscreen/wm831x-ts.c b/drivers/input/touchscreen/wm831x-ts.c
index 6ae054f8e0aa..9175d49d2546 100644
--- a/drivers/input/touchscreen/wm831x-ts.c
+++ b/drivers/input/touchscreen/wm831x-ts.c
@@ -68,8 +68,23 @@ struct wm831x_ts {
68 unsigned int pd_irq; 68 unsigned int pd_irq;
69 bool pressure; 69 bool pressure;
70 bool pen_down; 70 bool pen_down;
71 struct work_struct pd_data_work;
71}; 72};
72 73
74static void wm831x_pd_data_work(struct work_struct *work)
75{
76 struct wm831x_ts *wm831x_ts =
77 container_of(work, struct wm831x_ts, pd_data_work);
78
79 if (wm831x_ts->pen_down) {
80 enable_irq(wm831x_ts->data_irq);
81 dev_dbg(wm831x_ts->wm831x->dev, "IRQ PD->DATA done\n");
82 } else {
83 enable_irq(wm831x_ts->pd_irq);
84 dev_dbg(wm831x_ts->wm831x->dev, "IRQ DATA->PD done\n");
85 }
86}
87
73static irqreturn_t wm831x_ts_data_irq(int irq, void *irq_data) 88static irqreturn_t wm831x_ts_data_irq(int irq, void *irq_data)
74{ 89{
75 struct wm831x_ts *wm831x_ts = irq_data; 90 struct wm831x_ts *wm831x_ts = irq_data;
@@ -110,6 +125,9 @@ static irqreturn_t wm831x_ts_data_irq(int irq, void *irq_data)
110 } 125 }
111 126
112 if (!wm831x_ts->pen_down) { 127 if (!wm831x_ts->pen_down) {
128 /* Switch from data to pen down */
129 dev_dbg(wm831x->dev, "IRQ DATA->PD\n");
130
113 disable_irq_nosync(wm831x_ts->data_irq); 131 disable_irq_nosync(wm831x_ts->data_irq);
114 132
115 /* Don't need data any more */ 133 /* Don't need data any more */
@@ -128,6 +146,10 @@ static irqreturn_t wm831x_ts_data_irq(int irq, void *irq_data)
128 ABS_PRESSURE, 0); 146 ABS_PRESSURE, 0);
129 147
130 input_report_key(wm831x_ts->input_dev, BTN_TOUCH, 0); 148 input_report_key(wm831x_ts->input_dev, BTN_TOUCH, 0);
149
150 schedule_work(&wm831x_ts->pd_data_work);
151 } else {
152 input_report_key(wm831x_ts->input_dev, BTN_TOUCH, 1);
131 } 153 }
132 154
133 input_sync(wm831x_ts->input_dev); 155 input_sync(wm831x_ts->input_dev);
@@ -141,6 +163,11 @@ static irqreturn_t wm831x_ts_pen_down_irq(int irq, void *irq_data)
141 struct wm831x *wm831x = wm831x_ts->wm831x; 163 struct wm831x *wm831x = wm831x_ts->wm831x;
142 int ena = 0; 164 int ena = 0;
143 165
166 if (wm831x_ts->pen_down)
167 return IRQ_HANDLED;
168
169 disable_irq_nosync(wm831x_ts->pd_irq);
170
144 /* Start collecting data */ 171 /* Start collecting data */
145 if (wm831x_ts->pressure) 172 if (wm831x_ts->pressure)
146 ena |= WM831X_TCH_Z_ENA; 173 ena |= WM831X_TCH_Z_ENA;
@@ -149,14 +176,14 @@ static irqreturn_t wm831x_ts_pen_down_irq(int irq, void *irq_data)
149 WM831X_TCH_X_ENA | WM831X_TCH_Y_ENA | WM831X_TCH_Z_ENA, 176 WM831X_TCH_X_ENA | WM831X_TCH_Y_ENA | WM831X_TCH_Z_ENA,
150 WM831X_TCH_X_ENA | WM831X_TCH_Y_ENA | ena); 177 WM831X_TCH_X_ENA | WM831X_TCH_Y_ENA | ena);
151 178
152 input_report_key(wm831x_ts->input_dev, BTN_TOUCH, 1);
153 input_sync(wm831x_ts->input_dev);
154
155 wm831x_set_bits(wm831x, WM831X_INTERRUPT_STATUS_1, 179 wm831x_set_bits(wm831x, WM831X_INTERRUPT_STATUS_1,
156 WM831X_TCHPD_EINT, WM831X_TCHPD_EINT); 180 WM831X_TCHPD_EINT, WM831X_TCHPD_EINT);
157 181
158 wm831x_ts->pen_down = true; 182 wm831x_ts->pen_down = true;
159 enable_irq(wm831x_ts->data_irq); 183
184 /* Switch from pen down to data */
185 dev_dbg(wm831x->dev, "IRQ PD->DATA\n");
186 schedule_work(&wm831x_ts->pd_data_work);
160 187
161 return IRQ_HANDLED; 188 return IRQ_HANDLED;
162} 189}
@@ -182,13 +209,28 @@ static void wm831x_ts_input_close(struct input_dev *idev)
182 struct wm831x_ts *wm831x_ts = input_get_drvdata(idev); 209 struct wm831x_ts *wm831x_ts = input_get_drvdata(idev);
183 struct wm831x *wm831x = wm831x_ts->wm831x; 210 struct wm831x *wm831x = wm831x_ts->wm831x;
184 211
212 /* Shut the controller down, disabling all other functionality too */
185 wm831x_set_bits(wm831x, WM831X_TOUCH_CONTROL_1, 213 wm831x_set_bits(wm831x, WM831X_TOUCH_CONTROL_1,
186 WM831X_TCH_ENA | WM831X_TCH_CVT_ENA | 214 WM831X_TCH_ENA | WM831X_TCH_X_ENA |
187 WM831X_TCH_X_ENA | WM831X_TCH_Y_ENA | 215 WM831X_TCH_Y_ENA | WM831X_TCH_Z_ENA, 0);
188 WM831X_TCH_Z_ENA, 0);
189 216
190 if (wm831x_ts->pen_down) 217 /* Make sure any pending IRQs are done, the above will prevent
218 * new ones firing.
219 */
220 synchronize_irq(wm831x_ts->data_irq);
221 synchronize_irq(wm831x_ts->pd_irq);
222
223 /* Make sure the IRQ completion work is quiesced */
224 flush_work_sync(&wm831x_ts->pd_data_work);
225
226 /* If we ended up with the pen down then make sure we revert back
227 * to pen detection state for the next time we start up.
228 */
229 if (wm831x_ts->pen_down) {
191 disable_irq(wm831x_ts->data_irq); 230 disable_irq(wm831x_ts->data_irq);
231 enable_irq(wm831x_ts->pd_irq);
232 wm831x_ts->pen_down = false;
233 }
192} 234}
193 235
194static __devinit int wm831x_ts_probe(struct platform_device *pdev) 236static __devinit int wm831x_ts_probe(struct platform_device *pdev)
@@ -198,7 +240,7 @@ static __devinit int wm831x_ts_probe(struct platform_device *pdev)
198 struct wm831x_pdata *core_pdata = dev_get_platdata(pdev->dev.parent); 240 struct wm831x_pdata *core_pdata = dev_get_platdata(pdev->dev.parent);
199 struct wm831x_touch_pdata *pdata = NULL; 241 struct wm831x_touch_pdata *pdata = NULL;
200 struct input_dev *input_dev; 242 struct input_dev *input_dev;
201 int error; 243 int error, irqf;
202 244
203 if (core_pdata) 245 if (core_pdata)
204 pdata = core_pdata->touch; 246 pdata = core_pdata->touch;
@@ -212,6 +254,7 @@ static __devinit int wm831x_ts_probe(struct platform_device *pdev)
212 254
213 wm831x_ts->wm831x = wm831x; 255 wm831x_ts->wm831x = wm831x;
214 wm831x_ts->input_dev = input_dev; 256 wm831x_ts->input_dev = input_dev;
257 INIT_WORK(&wm831x_ts->pd_data_work, wm831x_pd_data_work);
215 258
216 /* 259 /*
217 * If we have a direct IRQ use it, otherwise use the interrupt 260 * If we have a direct IRQ use it, otherwise use the interrupt
@@ -270,9 +313,14 @@ static __devinit int wm831x_ts_probe(struct platform_device *pdev)
270 wm831x_set_bits(wm831x, WM831X_TOUCH_CONTROL_1, 313 wm831x_set_bits(wm831x, WM831X_TOUCH_CONTROL_1,
271 WM831X_TCH_RATE_MASK, 6); 314 WM831X_TCH_RATE_MASK, 6);
272 315
316 if (pdata && pdata->data_irqf)
317 irqf = pdata->data_irqf;
318 else
319 irqf = IRQF_TRIGGER_HIGH;
320
273 error = request_threaded_irq(wm831x_ts->data_irq, 321 error = request_threaded_irq(wm831x_ts->data_irq,
274 NULL, wm831x_ts_data_irq, 322 NULL, wm831x_ts_data_irq,
275 IRQF_ONESHOT, 323 irqf | IRQF_ONESHOT,
276 "Touchscreen data", wm831x_ts); 324 "Touchscreen data", wm831x_ts);
277 if (error) { 325 if (error) {
278 dev_err(&pdev->dev, "Failed to request data IRQ %d: %d\n", 326 dev_err(&pdev->dev, "Failed to request data IRQ %d: %d\n",
@@ -281,9 +329,14 @@ static __devinit int wm831x_ts_probe(struct platform_device *pdev)
281 } 329 }
282 disable_irq(wm831x_ts->data_irq); 330 disable_irq(wm831x_ts->data_irq);
283 331
332 if (pdata && pdata->pd_irqf)
333 irqf = pdata->pd_irqf;
334 else
335 irqf = IRQF_TRIGGER_HIGH;
336
284 error = request_threaded_irq(wm831x_ts->pd_irq, 337 error = request_threaded_irq(wm831x_ts->pd_irq,
285 NULL, wm831x_ts_pen_down_irq, 338 NULL, wm831x_ts_pen_down_irq,
286 IRQF_ONESHOT, 339 irqf | IRQF_ONESHOT,
287 "Touchscreen pen down", wm831x_ts); 340 "Touchscreen pen down", wm831x_ts);
288 if (error) { 341 if (error) {
289 dev_err(&pdev->dev, "Failed to request pen down IRQ %d: %d\n", 342 dev_err(&pdev->dev, "Failed to request pen down IRQ %d: %d\n",
diff --git a/drivers/net/amd8111e.c b/drivers/net/amd8111e.c
index 88495c48a81d..241b185e6569 100644
--- a/drivers/net/amd8111e.c
+++ b/drivers/net/amd8111e.c
@@ -106,7 +106,7 @@ MODULE_DESCRIPTION ("AMD8111 based 10/100 Ethernet Controller. Driver Version "M
106MODULE_LICENSE("GPL"); 106MODULE_LICENSE("GPL");
107MODULE_DEVICE_TABLE(pci, amd8111e_pci_tbl); 107MODULE_DEVICE_TABLE(pci, amd8111e_pci_tbl);
108module_param_array(speed_duplex, int, NULL, 0); 108module_param_array(speed_duplex, int, NULL, 0);
109MODULE_PARM_DESC(speed_duplex, "Set device speed and duplex modes, 0: Auto Negotitate, 1: 10Mbps Half Duplex, 2: 10Mbps Full Duplex, 3: 100Mbps Half Duplex, 4: 100Mbps Full Duplex"); 109MODULE_PARM_DESC(speed_duplex, "Set device speed and duplex modes, 0: Auto Negotiate, 1: 10Mbps Half Duplex, 2: 10Mbps Full Duplex, 3: 100Mbps Half Duplex, 4: 100Mbps Full Duplex");
110module_param_array(coalesce, bool, NULL, 0); 110module_param_array(coalesce, bool, NULL, 0);
111MODULE_PARM_DESC(coalesce, "Enable or Disable interrupt coalescing, 1: Enable, 0: Disable"); 111MODULE_PARM_DESC(coalesce, "Enable or Disable interrupt coalescing, 1: Enable, 0: Disable");
112module_param_array(dynamic_ipg, bool, NULL, 0); 112module_param_array(dynamic_ipg, bool, NULL, 0);
diff --git a/drivers/net/atl1c/atl1c.h b/drivers/net/atl1c/atl1c.h
index 7cb375e0e29c..925929d764ca 100644
--- a/drivers/net/atl1c/atl1c.h
+++ b/drivers/net/atl1c/atl1c.h
@@ -566,9 +566,9 @@ struct atl1c_adapter {
566#define __AT_TESTING 0x0001 566#define __AT_TESTING 0x0001
567#define __AT_RESETTING 0x0002 567#define __AT_RESETTING 0x0002
568#define __AT_DOWN 0x0003 568#define __AT_DOWN 0x0003
569 u8 work_event; 569 unsigned long work_event;
570#define ATL1C_WORK_EVENT_RESET 0x01 570#define ATL1C_WORK_EVENT_RESET 0
571#define ATL1C_WORK_EVENT_LINK_CHANGE 0x02 571#define ATL1C_WORK_EVENT_LINK_CHANGE 1
572 u32 msg_enable; 572 u32 msg_enable;
573 573
574 bool have_msi; 574 bool have_msi;
diff --git a/drivers/net/atl1c/atl1c_main.c b/drivers/net/atl1c/atl1c_main.c
index 7d9d5067a65c..a6e1c36e48e6 100644
--- a/drivers/net/atl1c/atl1c_main.c
+++ b/drivers/net/atl1c/atl1c_main.c
@@ -325,7 +325,7 @@ static void atl1c_link_chg_event(struct atl1c_adapter *adapter)
325 } 325 }
326 } 326 }
327 327
328 adapter->work_event |= ATL1C_WORK_EVENT_LINK_CHANGE; 328 set_bit(ATL1C_WORK_EVENT_LINK_CHANGE, &adapter->work_event);
329 schedule_work(&adapter->common_task); 329 schedule_work(&adapter->common_task);
330} 330}
331 331
@@ -337,20 +337,16 @@ static void atl1c_common_task(struct work_struct *work)
337 adapter = container_of(work, struct atl1c_adapter, common_task); 337 adapter = container_of(work, struct atl1c_adapter, common_task);
338 netdev = adapter->netdev; 338 netdev = adapter->netdev;
339 339
340 if (adapter->work_event & ATL1C_WORK_EVENT_RESET) { 340 if (test_and_clear_bit(ATL1C_WORK_EVENT_RESET, &adapter->work_event)) {
341 adapter->work_event &= ~ATL1C_WORK_EVENT_RESET;
342 netif_device_detach(netdev); 341 netif_device_detach(netdev);
343 atl1c_down(adapter); 342 atl1c_down(adapter);
344 atl1c_up(adapter); 343 atl1c_up(adapter);
345 netif_device_attach(netdev); 344 netif_device_attach(netdev);
346 return;
347 } 345 }
348 346
349 if (adapter->work_event & ATL1C_WORK_EVENT_LINK_CHANGE) { 347 if (test_and_clear_bit(ATL1C_WORK_EVENT_LINK_CHANGE,
350 adapter->work_event &= ~ATL1C_WORK_EVENT_LINK_CHANGE; 348 &adapter->work_event))
351 atl1c_check_link_status(adapter); 349 atl1c_check_link_status(adapter);
352 }
353 return;
354} 350}
355 351
356 352
@@ -369,7 +365,7 @@ static void atl1c_tx_timeout(struct net_device *netdev)
369 struct atl1c_adapter *adapter = netdev_priv(netdev); 365 struct atl1c_adapter *adapter = netdev_priv(netdev);
370 366
371 /* Do the reset outside of interrupt context */ 367 /* Do the reset outside of interrupt context */
372 adapter->work_event |= ATL1C_WORK_EVENT_RESET; 368 set_bit(ATL1C_WORK_EVENT_RESET, &adapter->work_event);
373 schedule_work(&adapter->common_task); 369 schedule_work(&adapter->common_task);
374} 370}
375 371
diff --git a/drivers/net/benet/be_main.c b/drivers/net/benet/be_main.c
index 7cb5a114c733..02a0443d1821 100644
--- a/drivers/net/benet/be_main.c
+++ b/drivers/net/benet/be_main.c
@@ -1873,6 +1873,7 @@ static void be_worker(struct work_struct *work)
1873 be_detect_dump_ue(adapter); 1873 be_detect_dump_ue(adapter);
1874 1874
1875reschedule: 1875reschedule:
1876 adapter->work_counter++;
1876 schedule_delayed_work(&adapter->work, msecs_to_jiffies(1000)); 1877 schedule_delayed_work(&adapter->work, msecs_to_jiffies(1000));
1877} 1878}
1878 1879
diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c
index 8e6d618b5305..d8383a9af9ad 100644
--- a/drivers/net/bnx2.c
+++ b/drivers/net/bnx2.c
@@ -8413,6 +8413,8 @@ bnx2_remove_one(struct pci_dev *pdev)
8413 8413
8414 unregister_netdev(dev); 8414 unregister_netdev(dev);
8415 8415
8416 del_timer_sync(&bp->timer);
8417
8416 if (bp->mips_firmware) 8418 if (bp->mips_firmware)
8417 release_firmware(bp->mips_firmware); 8419 release_firmware(bp->mips_firmware);
8418 if (bp->rv2p_firmware) 8420 if (bp->rv2p_firmware)
diff --git a/drivers/net/bnx2x/bnx2x_cmn.c b/drivers/net/bnx2x/bnx2x_cmn.c
index e83ac6dd6fc0..16581df5ee4e 100644
--- a/drivers/net/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/bnx2x/bnx2x_cmn.c
@@ -2019,15 +2019,23 @@ static inline void bnx2x_set_pbd_gso(struct sk_buff *skb,
2019static inline u8 bnx2x_set_pbd_csum_e2(struct bnx2x *bp, struct sk_buff *skb, 2019static inline u8 bnx2x_set_pbd_csum_e2(struct bnx2x *bp, struct sk_buff *skb,
2020 u32 *parsing_data, u32 xmit_type) 2020 u32 *parsing_data, u32 xmit_type)
2021{ 2021{
2022 *parsing_data |= ((tcp_hdrlen(skb)/4) << 2022 *parsing_data |=
2023 ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW_SHIFT) & 2023 ((((u8 *)skb_transport_header(skb) - skb->data) >> 1) <<
2024 ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW; 2024 ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W_SHIFT) &
2025 ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W;
2025 2026
2026 *parsing_data |= ((((u8 *)tcp_hdr(skb) - skb->data) / 2) << 2027 if (xmit_type & XMIT_CSUM_TCP) {
2027 ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W_SHIFT) & 2028 *parsing_data |= ((tcp_hdrlen(skb) / 4) <<
2028 ETH_TX_PARSE_BD_E2_TCP_HDR_START_OFFSET_W; 2029 ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW_SHIFT) &
2030 ETH_TX_PARSE_BD_E2_TCP_HDR_LENGTH_DW;
2029 2031
2030 return skb_transport_header(skb) + tcp_hdrlen(skb) - skb->data; 2032 return skb_transport_header(skb) + tcp_hdrlen(skb) - skb->data;
2033 } else
2034 /* We support checksum offload for TCP and UDP only.
2035 * No need to pass the UDP header length - it's a constant.
2036 */
2037 return skb_transport_header(skb) +
2038 sizeof(struct udphdr) - skb->data;
2031} 2039}
2032 2040
2033/** 2041/**
@@ -2043,7 +2051,7 @@ static inline u8 bnx2x_set_pbd_csum(struct bnx2x *bp, struct sk_buff *skb,
2043 struct eth_tx_parse_bd_e1x *pbd, 2051 struct eth_tx_parse_bd_e1x *pbd,
2044 u32 xmit_type) 2052 u32 xmit_type)
2045{ 2053{
2046 u8 hlen = (skb_network_header(skb) - skb->data) / 2; 2054 u8 hlen = (skb_network_header(skb) - skb->data) >> 1;
2047 2055
2048 /* for now NS flag is not used in Linux */ 2056 /* for now NS flag is not used in Linux */
2049 pbd->global_data = 2057 pbd->global_data =
@@ -2051,9 +2059,15 @@ static inline u8 bnx2x_set_pbd_csum(struct bnx2x *bp, struct sk_buff *skb,
2051 ETH_TX_PARSE_BD_E1X_LLC_SNAP_EN_SHIFT)); 2059 ETH_TX_PARSE_BD_E1X_LLC_SNAP_EN_SHIFT));
2052 2060
2053 pbd->ip_hlen_w = (skb_transport_header(skb) - 2061 pbd->ip_hlen_w = (skb_transport_header(skb) -
2054 skb_network_header(skb)) / 2; 2062 skb_network_header(skb)) >> 1;
2055 2063
2056 hlen += pbd->ip_hlen_w + tcp_hdrlen(skb) / 2; 2064 hlen += pbd->ip_hlen_w;
2065
2066 /* We support checksum offload for TCP and UDP only */
2067 if (xmit_type & XMIT_CSUM_TCP)
2068 hlen += tcp_hdrlen(skb) / 2;
2069 else
2070 hlen += sizeof(struct udphdr) / 2;
2057 2071
2058 pbd->total_hlen_w = cpu_to_le16(hlen); 2072 pbd->total_hlen_w = cpu_to_le16(hlen);
2059 hlen = hlen*2; 2073 hlen = hlen*2;
diff --git a/drivers/net/bonding/bond_3ad.c b/drivers/net/bonding/bond_3ad.c
index 494bf960442d..31912f17653f 100644
--- a/drivers/net/bonding/bond_3ad.c
+++ b/drivers/net/bonding/bond_3ad.c
@@ -1482,8 +1482,11 @@ static struct aggregator *ad_agg_selection_test(struct aggregator *best,
1482 1482
1483static int agg_device_up(const struct aggregator *agg) 1483static int agg_device_up(const struct aggregator *agg)
1484{ 1484{
1485 return (netif_running(agg->slave->dev) && 1485 struct port *port = agg->lag_ports;
1486 netif_carrier_ok(agg->slave->dev)); 1486 if (!port)
1487 return 0;
1488 return (netif_running(port->slave->dev) &&
1489 netif_carrier_ok(port->slave->dev));
1487} 1490}
1488 1491
1489/** 1492/**
diff --git a/drivers/net/ehea/ehea_main.c b/drivers/net/ehea/ehea_main.c
index f75d3144b8a5..53c0f04b1b23 100644
--- a/drivers/net/ehea/ehea_main.c
+++ b/drivers/net/ehea/ehea_main.c
@@ -3040,11 +3040,14 @@ static void ehea_rereg_mrs(void)
3040 3040
3041 if (dev->flags & IFF_UP) { 3041 if (dev->flags & IFF_UP) {
3042 mutex_lock(&port->port_lock); 3042 mutex_lock(&port->port_lock);
3043 port_napi_enable(port);
3044 ret = ehea_restart_qps(dev); 3043 ret = ehea_restart_qps(dev);
3045 check_sqs(port); 3044 if (!ret) {
3046 if (!ret) 3045 check_sqs(port);
3046 port_napi_enable(port);
3047 netif_wake_queue(dev); 3047 netif_wake_queue(dev);
3048 } else {
3049 netdev_err(dev, "Unable to restart QPS\n");
3050 }
3048 mutex_unlock(&port->port_lock); 3051 mutex_unlock(&port->port_lock);
3049 } 3052 }
3050 } 3053 }
diff --git a/drivers/net/fs_enet/mac-fec.c b/drivers/net/fs_enet/mac-fec.c
index 61035fc5599b..b9fbc83d64a7 100644
--- a/drivers/net/fs_enet/mac-fec.c
+++ b/drivers/net/fs_enet/mac-fec.c
@@ -226,8 +226,8 @@ static void set_multicast_finish(struct net_device *dev)
226 } 226 }
227 227
228 FC(fecp, r_cntrl, FEC_RCNTRL_PROM); 228 FC(fecp, r_cntrl, FEC_RCNTRL_PROM);
229 FW(fecp, hash_table_high, fep->fec.hthi); 229 FW(fecp, grp_hash_table_high, fep->fec.hthi);
230 FW(fecp, hash_table_low, fep->fec.htlo); 230 FW(fecp, grp_hash_table_low, fep->fec.htlo);
231} 231}
232 232
233static void set_multicast_list(struct net_device *dev) 233static void set_multicast_list(struct net_device *dev)
@@ -273,8 +273,8 @@ static void restart(struct net_device *dev)
273 /* 273 /*
274 * Reset all multicast. 274 * Reset all multicast.
275 */ 275 */
276 FW(fecp, hash_table_high, fep->fec.hthi); 276 FW(fecp, grp_hash_table_high, fep->fec.hthi);
277 FW(fecp, hash_table_low, fep->fec.htlo); 277 FW(fecp, grp_hash_table_low, fep->fec.htlo);
278 278
279 /* 279 /*
280 * Set maximum receive buffer size. 280 * Set maximum receive buffer size.
diff --git a/drivers/net/ftmac100.c b/drivers/net/ftmac100.c
index a31661948c42..9bd7746cbfcf 100644
--- a/drivers/net/ftmac100.c
+++ b/drivers/net/ftmac100.c
@@ -139,11 +139,11 @@ static int ftmac100_reset(struct ftmac100 *priv)
139 * that hardware reset completed (what the f*ck). 139 * that hardware reset completed (what the f*ck).
140 * We still need to wait for a while. 140 * We still need to wait for a while.
141 */ 141 */
142 usleep_range(500, 1000); 142 udelay(500);
143 return 0; 143 return 0;
144 } 144 }
145 145
146 usleep_range(1000, 10000); 146 udelay(1000);
147 } 147 }
148 148
149 netdev_err(netdev, "software reset failed\n"); 149 netdev_err(netdev, "software reset failed\n");
@@ -772,7 +772,7 @@ static int ftmac100_mdio_read(struct net_device *netdev, int phy_id, int reg)
772 if ((phycr & FTMAC100_PHYCR_MIIRD) == 0) 772 if ((phycr & FTMAC100_PHYCR_MIIRD) == 0)
773 return phycr & FTMAC100_PHYCR_MIIRDATA; 773 return phycr & FTMAC100_PHYCR_MIIRDATA;
774 774
775 usleep_range(100, 1000); 775 udelay(100);
776 } 776 }
777 777
778 netdev_err(netdev, "mdio read timed out\n"); 778 netdev_err(netdev, "mdio read timed out\n");
@@ -801,7 +801,7 @@ static void ftmac100_mdio_write(struct net_device *netdev, int phy_id, int reg,
801 if ((phycr & FTMAC100_PHYCR_MIIWR) == 0) 801 if ((phycr & FTMAC100_PHYCR_MIIWR) == 0)
802 return; 802 return;
803 803
804 usleep_range(100, 1000); 804 udelay(100);
805 } 805 }
806 806
807 netdev_err(netdev, "mdio write timed out\n"); 807 netdev_err(netdev, "mdio write timed out\n");
diff --git a/drivers/net/mii.c b/drivers/net/mii.c
index 0a6c6a2e7550..d4fc00b1ff93 100644
--- a/drivers/net/mii.c
+++ b/drivers/net/mii.c
@@ -49,6 +49,10 @@ static u32 mii_get_an(struct mii_if_info *mii, u16 addr)
49 result |= ADVERTISED_100baseT_Half; 49 result |= ADVERTISED_100baseT_Half;
50 if (advert & ADVERTISE_100FULL) 50 if (advert & ADVERTISE_100FULL)
51 result |= ADVERTISED_100baseT_Full; 51 result |= ADVERTISED_100baseT_Full;
52 if (advert & ADVERTISE_PAUSE_CAP)
53 result |= ADVERTISED_Pause;
54 if (advert & ADVERTISE_PAUSE_ASYM)
55 result |= ADVERTISED_Asym_Pause;
52 56
53 return result; 57 return result;
54} 58}
diff --git a/drivers/net/netconsole.c b/drivers/net/netconsole.c
index dfb67eb2a94b..eb41e44921e6 100644
--- a/drivers/net/netconsole.c
+++ b/drivers/net/netconsole.c
@@ -671,6 +671,7 @@ static int netconsole_netdev_event(struct notifier_block *this,
671 goto done; 671 goto done;
672 672
673 spin_lock_irqsave(&target_list_lock, flags); 673 spin_lock_irqsave(&target_list_lock, flags);
674restart:
674 list_for_each_entry(nt, &target_list, list) { 675 list_for_each_entry(nt, &target_list, list) {
675 netconsole_target_get(nt); 676 netconsole_target_get(nt);
676 if (nt->np.dev == dev) { 677 if (nt->np.dev == dev) {
@@ -683,9 +684,16 @@ static int netconsole_netdev_event(struct notifier_block *this,
683 * rtnl_lock already held 684 * rtnl_lock already held
684 */ 685 */
685 if (nt->np.dev) { 686 if (nt->np.dev) {
687 spin_unlock_irqrestore(
688 &target_list_lock,
689 flags);
686 __netpoll_cleanup(&nt->np); 690 __netpoll_cleanup(&nt->np);
691 spin_lock_irqsave(&target_list_lock,
692 flags);
687 dev_put(nt->np.dev); 693 dev_put(nt->np.dev);
688 nt->np.dev = NULL; 694 nt->np.dev = NULL;
695 netconsole_target_put(nt);
696 goto restart;
689 } 697 }
690 /* Fall through */ 698 /* Fall through */
691 case NETDEV_GOING_DOWN: 699 case NETDEV_GOING_DOWN:
diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c
index 493b0de3848b..397c36810a15 100644
--- a/drivers/net/r8169.c
+++ b/drivers/net/r8169.c
@@ -170,6 +170,16 @@ static const struct {
170}; 170};
171#undef _R 171#undef _R
172 172
173static const struct rtl_firmware_info {
174 int mac_version;
175 const char *fw_name;
176} rtl_firmware_infos[] = {
177 { .mac_version = RTL_GIGA_MAC_VER_25, .fw_name = FIRMWARE_8168D_1 },
178 { .mac_version = RTL_GIGA_MAC_VER_26, .fw_name = FIRMWARE_8168D_2 },
179 { .mac_version = RTL_GIGA_MAC_VER_29, .fw_name = FIRMWARE_8105E_1 },
180 { .mac_version = RTL_GIGA_MAC_VER_30, .fw_name = FIRMWARE_8105E_1 }
181};
182
173enum cfg_version { 183enum cfg_version {
174 RTL_CFG_0 = 0x00, 184 RTL_CFG_0 = 0x00,
175 RTL_CFG_1, 185 RTL_CFG_1,
@@ -565,6 +575,7 @@ struct rtl8169_private {
565 u32 saved_wolopts; 575 u32 saved_wolopts;
566 576
567 const struct firmware *fw; 577 const struct firmware *fw;
578#define RTL_FIRMWARE_UNKNOWN ERR_PTR(-EAGAIN);
568}; 579};
569 580
570MODULE_AUTHOR("Realtek and the Linux r8169 crew <netdev@vger.kernel.org>"); 581MODULE_AUTHOR("Realtek and the Linux r8169 crew <netdev@vger.kernel.org>");
@@ -1789,25 +1800,26 @@ rtl_phy_write_fw(struct rtl8169_private *tp, const struct firmware *fw)
1789 1800
1790static void rtl_release_firmware(struct rtl8169_private *tp) 1801static void rtl_release_firmware(struct rtl8169_private *tp)
1791{ 1802{
1792 release_firmware(tp->fw); 1803 if (!IS_ERR_OR_NULL(tp->fw))
1793 tp->fw = NULL; 1804 release_firmware(tp->fw);
1805 tp->fw = RTL_FIRMWARE_UNKNOWN;
1794} 1806}
1795 1807
1796static int rtl_apply_firmware(struct rtl8169_private *tp, const char *fw_name) 1808static void rtl_apply_firmware(struct rtl8169_private *tp)
1797{ 1809{
1798 const struct firmware **fw = &tp->fw; 1810 const struct firmware *fw = tp->fw;
1799 int rc = !*fw;
1800
1801 if (rc) {
1802 rc = request_firmware(fw, fw_name, &tp->pci_dev->dev);
1803 if (rc < 0)
1804 goto out;
1805 }
1806 1811
1807 /* TODO: release firmware once rtl_phy_write_fw signals failures. */ 1812 /* TODO: release firmware once rtl_phy_write_fw signals failures. */
1808 rtl_phy_write_fw(tp, *fw); 1813 if (!IS_ERR_OR_NULL(fw))
1809out: 1814 rtl_phy_write_fw(tp, fw);
1810 return rc; 1815}
1816
1817static void rtl_apply_firmware_cond(struct rtl8169_private *tp, u8 reg, u16 val)
1818{
1819 if (rtl_readphy(tp, reg) != val)
1820 netif_warn(tp, hw, tp->dev, "chipset not ready for firmware\n");
1821 else
1822 rtl_apply_firmware(tp);
1811} 1823}
1812 1824
1813static void rtl8169s_hw_phy_config(struct rtl8169_private *tp) 1825static void rtl8169s_hw_phy_config(struct rtl8169_private *tp)
@@ -2246,10 +2258,8 @@ static void rtl8168d_1_hw_phy_config(struct rtl8169_private *tp)
2246 2258
2247 rtl_writephy(tp, 0x1f, 0x0005); 2259 rtl_writephy(tp, 0x1f, 0x0005);
2248 rtl_writephy(tp, 0x05, 0x001b); 2260 rtl_writephy(tp, 0x05, 0x001b);
2249 if ((rtl_readphy(tp, 0x06) != 0xbf00) || 2261
2250 (rtl_apply_firmware(tp, FIRMWARE_8168D_1) < 0)) { 2262 rtl_apply_firmware_cond(tp, MII_EXPANSION, 0xbf00);
2251 netif_warn(tp, probe, tp->dev, "unable to apply firmware patch\n");
2252 }
2253 2263
2254 rtl_writephy(tp, 0x1f, 0x0000); 2264 rtl_writephy(tp, 0x1f, 0x0000);
2255} 2265}
@@ -2351,10 +2361,8 @@ static void rtl8168d_2_hw_phy_config(struct rtl8169_private *tp)
2351 2361
2352 rtl_writephy(tp, 0x1f, 0x0005); 2362 rtl_writephy(tp, 0x1f, 0x0005);
2353 rtl_writephy(tp, 0x05, 0x001b); 2363 rtl_writephy(tp, 0x05, 0x001b);
2354 if ((rtl_readphy(tp, 0x06) != 0xb300) || 2364
2355 (rtl_apply_firmware(tp, FIRMWARE_8168D_2) < 0)) { 2365 rtl_apply_firmware_cond(tp, MII_EXPANSION, 0xb300);
2356 netif_warn(tp, probe, tp->dev, "unable to apply firmware patch\n");
2357 }
2358 2366
2359 rtl_writephy(tp, 0x1f, 0x0000); 2367 rtl_writephy(tp, 0x1f, 0x0000);
2360} 2368}
@@ -2474,8 +2482,7 @@ static void rtl8105e_hw_phy_config(struct rtl8169_private *tp)
2474 rtl_writephy(tp, 0x18, 0x0310); 2482 rtl_writephy(tp, 0x18, 0x0310);
2475 msleep(100); 2483 msleep(100);
2476 2484
2477 if (rtl_apply_firmware(tp, FIRMWARE_8105E_1) < 0) 2485 rtl_apply_firmware(tp);
2478 netif_warn(tp, probe, tp->dev, "unable to apply firmware patch\n");
2479 2486
2480 rtl_writephy_batch(tp, phy_reg_init, ARRAY_SIZE(phy_reg_init)); 2487 rtl_writephy_batch(tp, phy_reg_init, ARRAY_SIZE(phy_reg_init));
2481} 2488}
@@ -3237,6 +3244,8 @@ rtl8169_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
3237 tp->timer.data = (unsigned long) dev; 3244 tp->timer.data = (unsigned long) dev;
3238 tp->timer.function = rtl8169_phy_timer; 3245 tp->timer.function = rtl8169_phy_timer;
3239 3246
3247 tp->fw = RTL_FIRMWARE_UNKNOWN;
3248
3240 rc = register_netdev(dev); 3249 rc = register_netdev(dev);
3241 if (rc < 0) 3250 if (rc < 0)
3242 goto err_out_msi_4; 3251 goto err_out_msi_4;
@@ -3288,10 +3297,10 @@ static void __devexit rtl8169_remove_one(struct pci_dev *pdev)
3288 3297
3289 cancel_delayed_work_sync(&tp->task); 3298 cancel_delayed_work_sync(&tp->task);
3290 3299
3291 rtl_release_firmware(tp);
3292
3293 unregister_netdev(dev); 3300 unregister_netdev(dev);
3294 3301
3302 rtl_release_firmware(tp);
3303
3295 if (pci_dev_run_wake(pdev)) 3304 if (pci_dev_run_wake(pdev))
3296 pm_runtime_get_noresume(&pdev->dev); 3305 pm_runtime_get_noresume(&pdev->dev);
3297 3306
@@ -3303,6 +3312,37 @@ static void __devexit rtl8169_remove_one(struct pci_dev *pdev)
3303 pci_set_drvdata(pdev, NULL); 3312 pci_set_drvdata(pdev, NULL);
3304} 3313}
3305 3314
3315static void rtl_request_firmware(struct rtl8169_private *tp)
3316{
3317 int i;
3318
3319 /* Return early if the firmware is already loaded / cached. */
3320 if (!IS_ERR(tp->fw))
3321 goto out;
3322
3323 for (i = 0; i < ARRAY_SIZE(rtl_firmware_infos); i++) {
3324 const struct rtl_firmware_info *info = rtl_firmware_infos + i;
3325
3326 if (info->mac_version == tp->mac_version) {
3327 const char *name = info->fw_name;
3328 int rc;
3329
3330 rc = request_firmware(&tp->fw, name, &tp->pci_dev->dev);
3331 if (rc < 0) {
3332 netif_warn(tp, ifup, tp->dev, "unable to load "
3333 "firmware patch %s (%d)\n", name, rc);
3334 goto out_disable_request_firmware;
3335 }
3336 goto out;
3337 }
3338 }
3339
3340out_disable_request_firmware:
3341 tp->fw = NULL;
3342out:
3343 return;
3344}
3345
3306static int rtl8169_open(struct net_device *dev) 3346static int rtl8169_open(struct net_device *dev)
3307{ 3347{
3308 struct rtl8169_private *tp = netdev_priv(dev); 3348 struct rtl8169_private *tp = netdev_priv(dev);
@@ -3334,11 +3374,13 @@ static int rtl8169_open(struct net_device *dev)
3334 3374
3335 smp_mb(); 3375 smp_mb();
3336 3376
3377 rtl_request_firmware(tp);
3378
3337 retval = request_irq(dev->irq, rtl8169_interrupt, 3379 retval = request_irq(dev->irq, rtl8169_interrupt,
3338 (tp->features & RTL_FEATURE_MSI) ? 0 : IRQF_SHARED, 3380 (tp->features & RTL_FEATURE_MSI) ? 0 : IRQF_SHARED,
3339 dev->name, dev); 3381 dev->name, dev);
3340 if (retval < 0) 3382 if (retval < 0)
3341 goto err_release_ring_2; 3383 goto err_release_fw_2;
3342 3384
3343 napi_enable(&tp->napi); 3385 napi_enable(&tp->napi);
3344 3386
@@ -3359,7 +3401,8 @@ static int rtl8169_open(struct net_device *dev)
3359out: 3401out:
3360 return retval; 3402 return retval;
3361 3403
3362err_release_ring_2: 3404err_release_fw_2:
3405 rtl_release_firmware(tp);
3363 rtl8169_rx_clear(tp); 3406 rtl8169_rx_clear(tp);
3364err_free_rx_1: 3407err_free_rx_1:
3365 dma_free_coherent(&pdev->dev, R8169_RX_RING_BYTES, tp->RxDescArray, 3408 dma_free_coherent(&pdev->dev, R8169_RX_RING_BYTES, tp->RxDescArray,
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c
index b8c5f35577e4..7a5daefb6f33 100644
--- a/drivers/net/tg3.c
+++ b/drivers/net/tg3.c
@@ -12327,8 +12327,10 @@ static void __devinit tg3_get_eeprom_hw_cfg(struct tg3 *tp)
12327 if (val & VCPU_CFGSHDW_ASPM_DBNC) 12327 if (val & VCPU_CFGSHDW_ASPM_DBNC)
12328 tp->tg3_flags |= TG3_FLAG_ASPM_WORKAROUND; 12328 tp->tg3_flags |= TG3_FLAG_ASPM_WORKAROUND;
12329 if ((val & VCPU_CFGSHDW_WOL_ENABLE) && 12329 if ((val & VCPU_CFGSHDW_WOL_ENABLE) &&
12330 (val & VCPU_CFGSHDW_WOL_MAGPKT)) 12330 (val & VCPU_CFGSHDW_WOL_MAGPKT)) {
12331 tp->tg3_flags |= TG3_FLAG_WOL_ENABLE; 12331 tp->tg3_flags |= TG3_FLAG_WOL_ENABLE;
12332 device_set_wakeup_enable(&tp->pdev->dev, true);
12333 }
12332 goto done; 12334 goto done;
12333 } 12335 }
12334 12336
@@ -12461,8 +12463,10 @@ static void __devinit tg3_get_eeprom_hw_cfg(struct tg3 *tp)
12461 tp->tg3_flags &= ~TG3_FLAG_WOL_CAP; 12463 tp->tg3_flags &= ~TG3_FLAG_WOL_CAP;
12462 12464
12463 if ((tp->tg3_flags & TG3_FLAG_WOL_CAP) && 12465 if ((tp->tg3_flags & TG3_FLAG_WOL_CAP) &&
12464 (nic_cfg & NIC_SRAM_DATA_CFG_WOL_ENABLE)) 12466 (nic_cfg & NIC_SRAM_DATA_CFG_WOL_ENABLE)) {
12465 tp->tg3_flags |= TG3_FLAG_WOL_ENABLE; 12467 tp->tg3_flags |= TG3_FLAG_WOL_ENABLE;
12468 device_set_wakeup_enable(&tp->pdev->dev, true);
12469 }
12466 12470
12467 if (cfg2 & (1 << 17)) 12471 if (cfg2 & (1 << 17))
12468 tp->phy_flags |= TG3_PHYFLG_CAPACITIVE_COUPLING; 12472 tp->phy_flags |= TG3_PHYFLG_CAPACITIVE_COUPLING;
diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c
index 341f7056a800..a301479ecc60 100644
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -460,7 +460,7 @@ static const struct driver_info cdc_info = {
460 .manage_power = cdc_manage_power, 460 .manage_power = cdc_manage_power,
461}; 461};
462 462
463static const struct driver_info mbm_info = { 463static const struct driver_info wwan_info = {
464 .description = "Mobile Broadband Network Device", 464 .description = "Mobile Broadband Network Device",
465 .flags = FLAG_WWAN, 465 .flags = FLAG_WWAN,
466 .bind = usbnet_cdc_bind, 466 .bind = usbnet_cdc_bind,
@@ -471,6 +471,7 @@ static const struct driver_info mbm_info = {
471 471
472/*-------------------------------------------------------------------------*/ 472/*-------------------------------------------------------------------------*/
473 473
474#define HUAWEI_VENDOR_ID 0x12D1
474 475
475static const struct usb_device_id products [] = { 476static const struct usb_device_id products [] = {
476/* 477/*
@@ -587,8 +588,17 @@ static const struct usb_device_id products [] = {
587}, { 588}, {
588 USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MDLM, 589 USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MDLM,
589 USB_CDC_PROTO_NONE), 590 USB_CDC_PROTO_NONE),
590 .driver_info = (unsigned long)&mbm_info, 591 .driver_info = (unsigned long)&wwan_info,
591 592
593}, {
594 /* Various Huawei modems with a network port like the UMG1831 */
595 .match_flags = USB_DEVICE_ID_MATCH_VENDOR
596 | USB_DEVICE_ID_MATCH_INT_INFO,
597 .idVendor = HUAWEI_VENDOR_ID,
598 .bInterfaceClass = USB_CLASS_COMM,
599 .bInterfaceSubClass = USB_CDC_SUBCLASS_ETHERNET,
600 .bInterfaceProtocol = 255,
601 .driver_info = (unsigned long)&wwan_info,
592}, 602},
593 { }, // END 603 { }, // END
594}; 604};
diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
index 967371f04454..1033ef6476a4 100644
--- a/drivers/net/usb/cdc_ncm.c
+++ b/drivers/net/usb/cdc_ncm.c
@@ -54,13 +54,13 @@
54#include <linux/usb/usbnet.h> 54#include <linux/usb/usbnet.h>
55#include <linux/usb/cdc.h> 55#include <linux/usb/cdc.h>
56 56
57#define DRIVER_VERSION "7-Feb-2011" 57#define DRIVER_VERSION "23-Apr-2011"
58 58
59/* CDC NCM subclass 3.2.1 */ 59/* CDC NCM subclass 3.2.1 */
60#define USB_CDC_NCM_NDP16_LENGTH_MIN 0x10 60#define USB_CDC_NCM_NDP16_LENGTH_MIN 0x10
61 61
62/* Maximum NTB length */ 62/* Maximum NTB length */
63#define CDC_NCM_NTB_MAX_SIZE_TX 16384 /* bytes */ 63#define CDC_NCM_NTB_MAX_SIZE_TX (16384 + 4) /* bytes, must be short terminated */
64#define CDC_NCM_NTB_MAX_SIZE_RX 16384 /* bytes */ 64#define CDC_NCM_NTB_MAX_SIZE_RX 16384 /* bytes */
65 65
66/* Minimum value for MaxDatagramSize, ch. 6.2.9 */ 66/* Minimum value for MaxDatagramSize, ch. 6.2.9 */
diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c
index 47a6c870b51f..48d4efdb4959 100644
--- a/drivers/net/usb/smsc95xx.c
+++ b/drivers/net/usb/smsc95xx.c
@@ -730,7 +730,7 @@ static int smsc95xx_phy_initialize(struct usbnet *dev)
730 msleep(10); 730 msleep(10);
731 bmcr = smsc95xx_mdio_read(dev->net, dev->mii.phy_id, MII_BMCR); 731 bmcr = smsc95xx_mdio_read(dev->net, dev->mii.phy_id, MII_BMCR);
732 timeout++; 732 timeout++;
733 } while ((bmcr & MII_BMCR) && (timeout < 100)); 733 } while ((bmcr & BMCR_RESET) && (timeout < 100));
734 734
735 if (timeout >= 100) { 735 if (timeout >= 100) {
736 netdev_warn(dev->net, "timeout on PHY Reset"); 736 netdev_warn(dev->net, "timeout on PHY Reset");
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 069c1cf0fdf7..009bba3d753e 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -736,6 +736,7 @@ int usbnet_open (struct net_device *net)
736 } 736 }
737 } 737 }
738 738
739 set_bit(EVENT_DEV_OPEN, &dev->flags);
739 netif_start_queue (net); 740 netif_start_queue (net);
740 netif_info(dev, ifup, dev->net, 741 netif_info(dev, ifup, dev->net,
741 "open: enable queueing (rx %d, tx %d) mtu %d %s framing\n", 742 "open: enable queueing (rx %d, tx %d) mtu %d %s framing\n",
@@ -1259,6 +1260,9 @@ void usbnet_disconnect (struct usb_interface *intf)
1259 if (dev->driver_info->unbind) 1260 if (dev->driver_info->unbind)
1260 dev->driver_info->unbind (dev, intf); 1261 dev->driver_info->unbind (dev, intf);
1261 1262
1263 usb_kill_urb(dev->interrupt);
1264 usb_free_urb(dev->interrupt);
1265
1262 free_netdev(net); 1266 free_netdev(net);
1263 usb_put_dev (xdev); 1267 usb_put_dev (xdev);
1264} 1268}
@@ -1498,6 +1502,10 @@ int usbnet_resume (struct usb_interface *intf)
1498 int retval; 1502 int retval;
1499 1503
1500 if (!--dev->suspend_count) { 1504 if (!--dev->suspend_count) {
1505 /* resume interrupt URBs */
1506 if (dev->interrupt && test_bit(EVENT_DEV_OPEN, &dev->flags))
1507 usb_submit_urb(dev->interrupt, GFP_NOIO);
1508
1501 spin_lock_irq(&dev->txq.lock); 1509 spin_lock_irq(&dev->txq.lock);
1502 while ((res = usb_get_from_anchor(&dev->deferred))) { 1510 while ((res = usb_get_from_anchor(&dev->deferred))) {
1503 1511
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 2de9b90c5f8f..3b99f64104fd 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -403,6 +403,17 @@ static int veth_newlink(struct net *src_net, struct net_device *dev,
403 if (tb[IFLA_ADDRESS] == NULL) 403 if (tb[IFLA_ADDRESS] == NULL)
404 random_ether_addr(dev->dev_addr); 404 random_ether_addr(dev->dev_addr);
405 405
406 if (tb[IFLA_IFNAME])
407 nla_strlcpy(dev->name, tb[IFLA_IFNAME], IFNAMSIZ);
408 else
409 snprintf(dev->name, IFNAMSIZ, DRV_NAME "%%d");
410
411 if (strchr(dev->name, '%')) {
412 err = dev_alloc_name(dev, dev->name);
413 if (err < 0)
414 goto err_alloc_name;
415 }
416
406 err = register_netdevice(dev); 417 err = register_netdevice(dev);
407 if (err < 0) 418 if (err < 0)
408 goto err_register_dev; 419 goto err_register_dev;
@@ -422,6 +433,7 @@ static int veth_newlink(struct net *src_net, struct net_device *dev,
422 433
423err_register_dev: 434err_register_dev:
424 /* nothing to do */ 435 /* nothing to do */
436err_alloc_name:
425err_configure_peer: 437err_configure_peer:
426 unregister_netdevice(peer); 438 unregister_netdevice(peer);
427 return err; 439 return err;
diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c
index dcd19bc337d1..b29c80def35e 100644
--- a/drivers/net/wireless/ath/ath9k/recv.c
+++ b/drivers/net/wireless/ath/ath9k/recv.c
@@ -506,7 +506,7 @@ bool ath_stoprecv(struct ath_softc *sc)
506 "confusing the DMA engine when we start RX up\n"); 506 "confusing the DMA engine when we start RX up\n");
507 ATH_DBG_WARN_ON_ONCE(!stopped); 507 ATH_DBG_WARN_ON_ONCE(!stopped);
508 } 508 }
509 return stopped || reset; 509 return stopped && !reset;
510} 510}
511 511
512void ath_flushrecv(struct ath_softc *sc) 512void ath_flushrecv(struct ath_softc *sc)
diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
index d59b0168c14a..5af40d9170a0 100644
--- a/drivers/net/wireless/b43/main.c
+++ b/drivers/net/wireless/b43/main.c
@@ -72,6 +72,7 @@ MODULE_FIRMWARE("b43/ucode11.fw");
72MODULE_FIRMWARE("b43/ucode13.fw"); 72MODULE_FIRMWARE("b43/ucode13.fw");
73MODULE_FIRMWARE("b43/ucode14.fw"); 73MODULE_FIRMWARE("b43/ucode14.fw");
74MODULE_FIRMWARE("b43/ucode15.fw"); 74MODULE_FIRMWARE("b43/ucode15.fw");
75MODULE_FIRMWARE("b43/ucode16_mimo.fw");
75MODULE_FIRMWARE("b43/ucode5.fw"); 76MODULE_FIRMWARE("b43/ucode5.fw");
76MODULE_FIRMWARE("b43/ucode9.fw"); 77MODULE_FIRMWARE("b43/ucode9.fw");
77 78
diff --git a/drivers/net/wireless/iwlegacy/iwl-4965-tx.c b/drivers/net/wireless/iwlegacy/iwl-4965-tx.c
index 5c40502f869a..79ac081832fb 100644
--- a/drivers/net/wireless/iwlegacy/iwl-4965-tx.c
+++ b/drivers/net/wireless/iwlegacy/iwl-4965-tx.c
@@ -316,12 +316,18 @@ int iwl4965_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
316 316
317 hdr_len = ieee80211_hdrlen(fc); 317 hdr_len = ieee80211_hdrlen(fc);
318 318
319 /* Find index into station table for destination station */ 319 /* For management frames use broadcast id to do not break aggregation */
320 sta_id = iwl_legacy_sta_id_or_broadcast(priv, ctx, info->control.sta); 320 if (!ieee80211_is_data(fc))
321 if (sta_id == IWL_INVALID_STATION) { 321 sta_id = ctx->bcast_sta_id;
322 IWL_DEBUG_DROP(priv, "Dropping - INVALID STATION: %pM\n", 322 else {
323 hdr->addr1); 323 /* Find index into station table for destination station */
324 goto drop_unlock; 324 sta_id = iwl_legacy_sta_id_or_broadcast(priv, ctx, info->control.sta);
325
326 if (sta_id == IWL_INVALID_STATION) {
327 IWL_DEBUG_DROP(priv, "Dropping - INVALID STATION: %pM\n",
328 hdr->addr1);
329 goto drop_unlock;
330 }
325 } 331 }
326 332
327 IWL_DEBUG_TX(priv, "station Id %d\n", sta_id); 333 IWL_DEBUG_TX(priv, "station Id %d\n", sta_id);
@@ -1127,12 +1133,16 @@ int iwl4965_tx_queue_reclaim(struct iwl_priv *priv, int txq_id, int index)
1127 q->read_ptr = iwl_legacy_queue_inc_wrap(q->read_ptr, q->n_bd)) { 1133 q->read_ptr = iwl_legacy_queue_inc_wrap(q->read_ptr, q->n_bd)) {
1128 1134
1129 tx_info = &txq->txb[txq->q.read_ptr]; 1135 tx_info = &txq->txb[txq->q.read_ptr];
1130 iwl4965_tx_status(priv, tx_info, 1136
1131 txq_id >= IWL4965_FIRST_AMPDU_QUEUE); 1137 if (WARN_ON_ONCE(tx_info->skb == NULL))
1138 continue;
1132 1139
1133 hdr = (struct ieee80211_hdr *)tx_info->skb->data; 1140 hdr = (struct ieee80211_hdr *)tx_info->skb->data;
1134 if (hdr && ieee80211_is_data_qos(hdr->frame_control)) 1141 if (ieee80211_is_data_qos(hdr->frame_control))
1135 nfreed++; 1142 nfreed++;
1143
1144 iwl4965_tx_status(priv, tx_info,
1145 txq_id >= IWL4965_FIRST_AMPDU_QUEUE);
1136 tx_info->skb = NULL; 1146 tx_info->skb = NULL;
1137 1147
1138 priv->cfg->ops->lib->txq_free_tfd(priv, txq); 1148 priv->cfg->ops->lib->txq_free_tfd(priv, txq);
diff --git a/drivers/net/wireless/iwlegacy/iwl-led.c b/drivers/net/wireless/iwlegacy/iwl-led.c
index 15eb8b707157..bda0d61b2c0d 100644
--- a/drivers/net/wireless/iwlegacy/iwl-led.c
+++ b/drivers/net/wireless/iwlegacy/iwl-led.c
@@ -48,8 +48,21 @@ module_param(led_mode, int, S_IRUGO);
48MODULE_PARM_DESC(led_mode, "0=system default, " 48MODULE_PARM_DESC(led_mode, "0=system default, "
49 "1=On(RF On)/Off(RF Off), 2=blinking"); 49 "1=On(RF On)/Off(RF Off), 2=blinking");
50 50
51/* Throughput OFF time(ms) ON time (ms)
52 * >300 25 25
53 * >200 to 300 40 40
54 * >100 to 200 55 55
55 * >70 to 100 65 65
56 * >50 to 70 75 75
57 * >20 to 50 85 85
58 * >10 to 20 95 95
59 * >5 to 10 110 110
60 * >1 to 5 130 130
61 * >0 to 1 167 167
62 * <=0 SOLID ON
63 */
51static const struct ieee80211_tpt_blink iwl_blink[] = { 64static const struct ieee80211_tpt_blink iwl_blink[] = {
52 { .throughput = 0 * 1024 - 1, .blink_time = 334 }, 65 { .throughput = 0, .blink_time = 334 },
53 { .throughput = 1 * 1024 - 1, .blink_time = 260 }, 66 { .throughput = 1 * 1024 - 1, .blink_time = 260 },
54 { .throughput = 5 * 1024 - 1, .blink_time = 220 }, 67 { .throughput = 5 * 1024 - 1, .blink_time = 220 },
55 { .throughput = 10 * 1024 - 1, .blink_time = 190 }, 68 { .throughput = 10 * 1024 - 1, .blink_time = 190 },
@@ -101,6 +114,11 @@ static int iwl_legacy_led_cmd(struct iwl_priv *priv,
101 if (priv->blink_on == on && priv->blink_off == off) 114 if (priv->blink_on == on && priv->blink_off == off)
102 return 0; 115 return 0;
103 116
117 if (off == 0) {
118 /* led is SOLID_ON */
119 on = IWL_LED_SOLID;
120 }
121
104 IWL_DEBUG_LED(priv, "Led blink time compensation=%u\n", 122 IWL_DEBUG_LED(priv, "Led blink time compensation=%u\n",
105 priv->cfg->base_params->led_compensation); 123 priv->cfg->base_params->led_compensation);
106 led_cmd.on = iwl_legacy_blink_compensation(priv, on, 124 led_cmd.on = iwl_legacy_blink_compensation(priv, on,
diff --git a/drivers/net/wireless/iwlegacy/iwl4965-base.c b/drivers/net/wireless/iwlegacy/iwl4965-base.c
index d484c3678163..a62fe24ee594 100644
--- a/drivers/net/wireless/iwlegacy/iwl4965-base.c
+++ b/drivers/net/wireless/iwlegacy/iwl4965-base.c
@@ -2984,15 +2984,15 @@ static void iwl4965_bg_txpower_work(struct work_struct *work)
2984 struct iwl_priv *priv = container_of(work, struct iwl_priv, 2984 struct iwl_priv *priv = container_of(work, struct iwl_priv,
2985 txpower_work); 2985 txpower_work);
2986 2986
2987 mutex_lock(&priv->mutex);
2988
2987 /* If a scan happened to start before we got here 2989 /* If a scan happened to start before we got here
2988 * then just return; the statistics notification will 2990 * then just return; the statistics notification will
2989 * kick off another scheduled work to compensate for 2991 * kick off another scheduled work to compensate for
2990 * any temperature delta we missed here. */ 2992 * any temperature delta we missed here. */
2991 if (test_bit(STATUS_EXIT_PENDING, &priv->status) || 2993 if (test_bit(STATUS_EXIT_PENDING, &priv->status) ||
2992 test_bit(STATUS_SCANNING, &priv->status)) 2994 test_bit(STATUS_SCANNING, &priv->status))
2993 return; 2995 goto out;
2994
2995 mutex_lock(&priv->mutex);
2996 2996
2997 /* Regardless of if we are associated, we must reconfigure the 2997 /* Regardless of if we are associated, we must reconfigure the
2998 * TX power since frames can be sent on non-radar channels while 2998 * TX power since frames can be sent on non-radar channels while
@@ -3002,7 +3002,7 @@ static void iwl4965_bg_txpower_work(struct work_struct *work)
3002 /* Update last_temperature to keep is_calib_needed from running 3002 /* Update last_temperature to keep is_calib_needed from running
3003 * when it isn't needed... */ 3003 * when it isn't needed... */
3004 priv->last_temperature = priv->temperature; 3004 priv->last_temperature = priv->temperature;
3005 3005out:
3006 mutex_unlock(&priv->mutex); 3006 mutex_unlock(&priv->mutex);
3007} 3007}
3008 3008
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
index dfdbea6e8f99..fbbde0712fa5 100644
--- a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
+++ b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
@@ -335,7 +335,6 @@ int iwlagn_mac_config(struct ieee80211_hw *hw, u32 changed)
335 struct ieee80211_channel *channel = conf->channel; 335 struct ieee80211_channel *channel = conf->channel;
336 const struct iwl_channel_info *ch_info; 336 const struct iwl_channel_info *ch_info;
337 int ret = 0; 337 int ret = 0;
338 bool ht_changed[NUM_IWL_RXON_CTX] = {};
339 338
340 IWL_DEBUG_MAC80211(priv, "changed %#x", changed); 339 IWL_DEBUG_MAC80211(priv, "changed %#x", changed);
341 340
@@ -383,10 +382,8 @@ int iwlagn_mac_config(struct ieee80211_hw *hw, u32 changed)
383 382
384 for_each_context(priv, ctx) { 383 for_each_context(priv, ctx) {
385 /* Configure HT40 channels */ 384 /* Configure HT40 channels */
386 if (ctx->ht.enabled != conf_is_ht(conf)) { 385 if (ctx->ht.enabled != conf_is_ht(conf))
387 ctx->ht.enabled = conf_is_ht(conf); 386 ctx->ht.enabled = conf_is_ht(conf);
388 ht_changed[ctx->ctxid] = true;
389 }
390 387
391 if (ctx->ht.enabled) { 388 if (ctx->ht.enabled) {
392 if (conf_is_ht40_minus(conf)) { 389 if (conf_is_ht40_minus(conf)) {
@@ -455,8 +452,6 @@ int iwlagn_mac_config(struct ieee80211_hw *hw, u32 changed)
455 if (!memcmp(&ctx->staging, &ctx->active, sizeof(ctx->staging))) 452 if (!memcmp(&ctx->staging, &ctx->active, sizeof(ctx->staging)))
456 continue; 453 continue;
457 iwlagn_commit_rxon(priv, ctx); 454 iwlagn_commit_rxon(priv, ctx);
458 if (ht_changed[ctx->ctxid])
459 iwlagn_update_qos(priv, ctx);
460 } 455 }
461 out: 456 out:
462 mutex_unlock(&priv->mutex); 457 mutex_unlock(&priv->mutex);
diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-tx.c b/drivers/net/wireless/iwlwifi/iwl-agn-tx.c
index a709d05c5868..0712b67283a4 100644
--- a/drivers/net/wireless/iwlwifi/iwl-agn-tx.c
+++ b/drivers/net/wireless/iwlwifi/iwl-agn-tx.c
@@ -568,12 +568,17 @@ int iwlagn_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
568 568
569 hdr_len = ieee80211_hdrlen(fc); 569 hdr_len = ieee80211_hdrlen(fc);
570 570
571 /* Find index into station table for destination station */ 571 /* For management frames use broadcast id to do not break aggregation */
572 sta_id = iwl_sta_id_or_broadcast(priv, ctx, info->control.sta); 572 if (!ieee80211_is_data(fc))
573 if (sta_id == IWL_INVALID_STATION) { 573 sta_id = ctx->bcast_sta_id;
574 IWL_DEBUG_DROP(priv, "Dropping - INVALID STATION: %pM\n", 574 else {
575 hdr->addr1); 575 /* Find index into station table for destination station */
576 goto drop_unlock; 576 sta_id = iwl_sta_id_or_broadcast(priv, ctx, info->control.sta);
577 if (sta_id == IWL_INVALID_STATION) {
578 IWL_DEBUG_DROP(priv, "Dropping - INVALID STATION: %pM\n",
579 hdr->addr1);
580 goto drop_unlock;
581 }
577 } 582 }
578 583
579 IWL_DEBUG_TX(priv, "station Id %d\n", sta_id); 584 IWL_DEBUG_TX(priv, "station Id %d\n", sta_id);
@@ -1224,12 +1229,16 @@ int iwlagn_tx_queue_reclaim(struct iwl_priv *priv, int txq_id, int index)
1224 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd)) { 1229 q->read_ptr = iwl_queue_inc_wrap(q->read_ptr, q->n_bd)) {
1225 1230
1226 tx_info = &txq->txb[txq->q.read_ptr]; 1231 tx_info = &txq->txb[txq->q.read_ptr];
1227 iwlagn_tx_status(priv, tx_info, 1232
1228 txq_id >= IWLAGN_FIRST_AMPDU_QUEUE); 1233 if (WARN_ON_ONCE(tx_info->skb == NULL))
1234 continue;
1229 1235
1230 hdr = (struct ieee80211_hdr *)tx_info->skb->data; 1236 hdr = (struct ieee80211_hdr *)tx_info->skb->data;
1231 if (hdr && ieee80211_is_data_qos(hdr->frame_control)) 1237 if (ieee80211_is_data_qos(hdr->frame_control))
1232 nfreed++; 1238 nfreed++;
1239
1240 iwlagn_tx_status(priv, tx_info,
1241 txq_id >= IWLAGN_FIRST_AMPDU_QUEUE);
1233 tx_info->skb = NULL; 1242 tx_info->skb = NULL;
1234 1243
1235 if (priv->cfg->ops->lib->txq_inval_byte_cnt_tbl) 1244 if (priv->cfg->ops->lib->txq_inval_byte_cnt_tbl)
diff --git a/fs/ubifs/log.c b/fs/ubifs/log.c
index 4d0cb1241460..40fa780ebea7 100644
--- a/fs/ubifs/log.c
+++ b/fs/ubifs/log.c
@@ -175,26 +175,6 @@ void ubifs_add_bud(struct ubifs_info *c, struct ubifs_bud *bud)
175} 175}
176 176
177/** 177/**
178 * ubifs_create_buds_lists - create journal head buds lists for remount rw.
179 * @c: UBIFS file-system description object
180 */
181void ubifs_create_buds_lists(struct ubifs_info *c)
182{
183 struct rb_node *p;
184
185 spin_lock(&c->buds_lock);
186 p = rb_first(&c->buds);
187 while (p) {
188 struct ubifs_bud *bud = rb_entry(p, struct ubifs_bud, rb);
189 struct ubifs_jhead *jhead = &c->jheads[bud->jhead];
190
191 list_add_tail(&bud->list, &jhead->buds_list);
192 p = rb_next(p);
193 }
194 spin_unlock(&c->buds_lock);
195}
196
197/**
198 * ubifs_add_bud_to_log - add a new bud to the log. 178 * ubifs_add_bud_to_log - add a new bud to the log.
199 * @c: UBIFS file-system description object 179 * @c: UBIFS file-system description object
200 * @jhead: journal head the bud belongs to 180 * @jhead: journal head the bud belongs to
diff --git a/fs/ubifs/replay.c b/fs/ubifs/replay.c
index eed0fcff8d73..d3d6d365bfc1 100644
--- a/fs/ubifs/replay.c
+++ b/fs/ubifs/replay.c
@@ -59,6 +59,7 @@ enum {
59 * @new_size: truncation new size 59 * @new_size: truncation new size
60 * @free: amount of free space in a bud 60 * @free: amount of free space in a bud
61 * @dirty: amount of dirty space in a bud from padding and deletion nodes 61 * @dirty: amount of dirty space in a bud from padding and deletion nodes
62 * @jhead: journal head number of the bud
62 * 63 *
63 * UBIFS journal replay must compare node sequence numbers, which means it must 64 * UBIFS journal replay must compare node sequence numbers, which means it must
64 * build a tree of node information to insert into the TNC. 65 * build a tree of node information to insert into the TNC.
@@ -80,6 +81,7 @@ struct replay_entry {
80 struct { 81 struct {
81 int free; 82 int free;
82 int dirty; 83 int dirty;
84 int jhead;
83 }; 85 };
84 }; 86 };
85}; 87};
@@ -159,6 +161,11 @@ static int set_bud_lprops(struct ubifs_info *c, struct replay_entry *r)
159 err = PTR_ERR(lp); 161 err = PTR_ERR(lp);
160 goto out; 162 goto out;
161 } 163 }
164
165 /* Make sure the journal head points to the latest bud */
166 err = ubifs_wbuf_seek_nolock(&c->jheads[r->jhead].wbuf, r->lnum,
167 c->leb_size - r->free, UBI_SHORTTERM);
168
162out: 169out:
163 ubifs_release_lprops(c); 170 ubifs_release_lprops(c);
164 return err; 171 return err;
@@ -627,10 +634,6 @@ static int replay_bud(struct ubifs_info *c, int lnum, int offs, int jhead,
627 ubifs_assert(sleb->endpt - offs >= used); 634 ubifs_assert(sleb->endpt - offs >= used);
628 ubifs_assert(sleb->endpt % c->min_io_size == 0); 635 ubifs_assert(sleb->endpt % c->min_io_size == 0);
629 636
630 if (sleb->endpt + c->min_io_size <= c->leb_size && !c->ro_mount)
631 err = ubifs_wbuf_seek_nolock(&c->jheads[jhead].wbuf, lnum,
632 sleb->endpt, UBI_SHORTTERM);
633
634 *dirty = sleb->endpt - offs - used; 637 *dirty = sleb->endpt - offs - used;
635 *free = c->leb_size - sleb->endpt; 638 *free = c->leb_size - sleb->endpt;
636 639
@@ -653,12 +656,14 @@ out_dump:
653 * @sqnum: sequence number 656 * @sqnum: sequence number
654 * @free: amount of free space in bud 657 * @free: amount of free space in bud
655 * @dirty: amount of dirty space from padding and deletion nodes 658 * @dirty: amount of dirty space from padding and deletion nodes
659 * @jhead: journal head number for the bud
656 * 660 *
657 * This function inserts a reference node to the replay tree and returns zero 661 * This function inserts a reference node to the replay tree and returns zero
658 * in case of success or a negative error code in case of failure. 662 * in case of success or a negative error code in case of failure.
659 */ 663 */
660static int insert_ref_node(struct ubifs_info *c, int lnum, int offs, 664static int insert_ref_node(struct ubifs_info *c, int lnum, int offs,
661 unsigned long long sqnum, int free, int dirty) 665 unsigned long long sqnum, int free, int dirty,
666 int jhead)
662{ 667{
663 struct rb_node **p = &c->replay_tree.rb_node, *parent = NULL; 668 struct rb_node **p = &c->replay_tree.rb_node, *parent = NULL;
664 struct replay_entry *r; 669 struct replay_entry *r;
@@ -688,6 +693,7 @@ static int insert_ref_node(struct ubifs_info *c, int lnum, int offs,
688 r->flags = REPLAY_REF; 693 r->flags = REPLAY_REF;
689 r->free = free; 694 r->free = free;
690 r->dirty = dirty; 695 r->dirty = dirty;
696 r->jhead = jhead;
691 697
692 rb_link_node(&r->rb, parent, p); 698 rb_link_node(&r->rb, parent, p);
693 rb_insert_color(&r->rb, &c->replay_tree); 699 rb_insert_color(&r->rb, &c->replay_tree);
@@ -712,7 +718,7 @@ static int replay_buds(struct ubifs_info *c)
712 if (err) 718 if (err)
713 return err; 719 return err;
714 err = insert_ref_node(c, b->bud->lnum, b->bud->start, b->sqnum, 720 err = insert_ref_node(c, b->bud->lnum, b->bud->start, b->sqnum,
715 free, dirty); 721 free, dirty, b->bud->jhead);
716 if (err) 722 if (err)
717 return err; 723 return err;
718 } 724 }
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index be6c7b008f38..04ad07f4fcc3 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1257,12 +1257,12 @@ static int mount_ubifs(struct ubifs_info *c)
1257 goto out_free; 1257 goto out_free;
1258 } 1258 }
1259 1259
1260 err = alloc_wbufs(c);
1261 if (err)
1262 goto out_cbuf;
1263
1260 sprintf(c->bgt_name, BGT_NAME_PATTERN, c->vi.ubi_num, c->vi.vol_id); 1264 sprintf(c->bgt_name, BGT_NAME_PATTERN, c->vi.ubi_num, c->vi.vol_id);
1261 if (!c->ro_mount) { 1265 if (!c->ro_mount) {
1262 err = alloc_wbufs(c);
1263 if (err)
1264 goto out_cbuf;
1265
1266 /* Create background thread */ 1266 /* Create background thread */
1267 c->bgt = kthread_create(ubifs_bg_thread, c, "%s", c->bgt_name); 1267 c->bgt = kthread_create(ubifs_bg_thread, c, "%s", c->bgt_name);
1268 if (IS_ERR(c->bgt)) { 1268 if (IS_ERR(c->bgt)) {
@@ -1631,12 +1631,6 @@ static int ubifs_remount_rw(struct ubifs_info *c)
1631 if (err) 1631 if (err)
1632 goto out; 1632 goto out;
1633 1633
1634 err = alloc_wbufs(c);
1635 if (err)
1636 goto out;
1637
1638 ubifs_create_buds_lists(c);
1639
1640 /* Create background thread */ 1634 /* Create background thread */
1641 c->bgt = kthread_create(ubifs_bg_thread, c, "%s", c->bgt_name); 1635 c->bgt = kthread_create(ubifs_bg_thread, c, "%s", c->bgt_name);
1642 if (IS_ERR(c->bgt)) { 1636 if (IS_ERR(c->bgt)) {
@@ -1744,7 +1738,6 @@ static void ubifs_remount_ro(struct ubifs_info *c)
1744 if (err) 1738 if (err)
1745 ubifs_ro_mode(c, err); 1739 ubifs_ro_mode(c, err);
1746 1740
1747 free_wbufs(c);
1748 vfree(c->orph_buf); 1741 vfree(c->orph_buf);
1749 c->orph_buf = NULL; 1742 c->orph_buf = NULL;
1750 kfree(c->write_reserve_buf); 1743 kfree(c->write_reserve_buf);
diff --git a/include/linux/mfd/wm831x/pdata.h b/include/linux/mfd/wm831x/pdata.h
index afe4db49402d..632d1567a1b6 100644
--- a/include/linux/mfd/wm831x/pdata.h
+++ b/include/linux/mfd/wm831x/pdata.h
@@ -81,7 +81,9 @@ struct wm831x_touch_pdata {
81 int rpu; /** Pen down sensitivity resistor divider */ 81 int rpu; /** Pen down sensitivity resistor divider */
82 int pressure; /** Report pressure (boolean) */ 82 int pressure; /** Report pressure (boolean) */
83 unsigned int data_irq; /** Touch data ready IRQ */ 83 unsigned int data_irq; /** Touch data ready IRQ */
84 int data_irqf; /** IRQ flags for data ready IRQ */
84 unsigned int pd_irq; /** Touch pendown detect IRQ */ 85 unsigned int pd_irq; /** Touch pendown detect IRQ */
86 int pd_irqf; /** IRQ flags for pen down IRQ */
85}; 87};
86 88
87enum wm831x_watchdog_action { 89enum wm831x_watchdog_action {
diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h
index 0e1855079fbb..605b0aa8d852 100644
--- a/include/linux/usb/usbnet.h
+++ b/include/linux/usb/usbnet.h
@@ -68,6 +68,7 @@ struct usbnet {
68# define EVENT_RX_PAUSED 5 68# define EVENT_RX_PAUSED 5
69# define EVENT_DEV_WAKING 6 69# define EVENT_DEV_WAKING 6
70# define EVENT_DEV_ASLEEP 7 70# define EVENT_DEV_ASLEEP 7
71# define EVENT_DEV_OPEN 8
71}; 72};
72 73
73static inline struct usb_driver *driver_of(struct usb_interface *intf) 74static inline struct usb_driver *driver_of(struct usb_interface *intf)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c83f618282f7..b5a8afc2be33 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -587,10 +587,8 @@ static int hci_dev_do_close(struct hci_dev *hdev)
587 hci_req_cancel(hdev, ENODEV); 587 hci_req_cancel(hdev, ENODEV);
588 hci_req_lock(hdev); 588 hci_req_lock(hdev);
589 589
590 /* Stop timer, it might be running */
591 del_timer_sync(&hdev->cmd_timer);
592
593 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) { 590 if (!test_and_clear_bit(HCI_UP, &hdev->flags)) {
591 del_timer_sync(&hdev->cmd_timer);
594 hci_req_unlock(hdev); 592 hci_req_unlock(hdev);
595 return 0; 593 return 0;
596 } 594 }
@@ -629,6 +627,7 @@ static int hci_dev_do_close(struct hci_dev *hdev)
629 627
630 /* Drop last sent command */ 628 /* Drop last sent command */
631 if (hdev->sent_cmd) { 629 if (hdev->sent_cmd) {
630 del_timer_sync(&hdev->cmd_timer);
632 kfree_skb(hdev->sent_cmd); 631 kfree_skb(hdev->sent_cmd);
633 hdev->sent_cmd = NULL; 632 hdev->sent_cmd = NULL;
634 } 633 }
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index cebe7588469f..b2570159a044 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2387,8 +2387,6 @@ static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *s
2387 if (!conn) 2387 if (!conn)
2388 goto unlock; 2388 goto unlock;
2389 2389
2390 hci_conn_hold(conn);
2391
2392 conn->remote_cap = ev->capability; 2390 conn->remote_cap = ev->capability;
2393 conn->remote_oob = ev->oob_data; 2391 conn->remote_oob = ev->oob_data;
2394 conn->remote_auth = ev->authentication; 2392 conn->remote_auth = ev->authentication;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index ca27f3a41536..2c8dd4494c63 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1051,6 +1051,7 @@ static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1051 tx_skb = skb_clone(skb, GFP_ATOMIC); 1051 tx_skb = skb_clone(skb, GFP_ATOMIC);
1052 bt_cb(skb)->retries++; 1052 bt_cb(skb)->retries++;
1053 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE); 1053 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1054 control &= L2CAP_CTRL_SAR;
1054 1055
1055 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) { 1056 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1056 control |= L2CAP_CTRL_FINAL; 1057 control |= L2CAP_CTRL_FINAL;
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 42fdffd1d76c..94954c74f6ae 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -369,6 +369,15 @@ static void __sco_sock_close(struct sock *sk)
369 369
370 case BT_CONNECTED: 370 case BT_CONNECTED:
371 case BT_CONFIG: 371 case BT_CONFIG:
372 if (sco_pi(sk)->conn) {
373 sk->sk_state = BT_DISCONN;
374 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
375 hci_conn_put(sco_pi(sk)->conn->hcon);
376 sco_pi(sk)->conn = NULL;
377 } else
378 sco_chan_del(sk, ECONNRESET);
379 break;
380
372 case BT_CONNECT: 381 case BT_CONNECT:
373 case BT_DISCONN: 382 case BT_DISCONN:
374 sco_chan_del(sk, ECONNRESET); 383 sco_chan_del(sk, ECONNRESET);
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index e2160792e1bc..0c7badad62af 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -164,7 +164,7 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
164 goto drop; 164 goto drop;
165 165
166 /* If STP is turned off, then forward */ 166 /* If STP is turned off, then forward */
167 if (p->br->stp_enabled == BR_NO_STP) 167 if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0)
168 goto forward; 168 goto forward;
169 169
170 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 170 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 57b1aed79014..8a6a05e7c3c8 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1427,9 +1427,14 @@ static int bcm_init(struct sock *sk)
1427static int bcm_release(struct socket *sock) 1427static int bcm_release(struct socket *sock)
1428{ 1428{
1429 struct sock *sk = sock->sk; 1429 struct sock *sk = sock->sk;
1430 struct bcm_sock *bo = bcm_sk(sk); 1430 struct bcm_sock *bo;
1431 struct bcm_op *op, *next; 1431 struct bcm_op *op, *next;
1432 1432
1433 if (sk == NULL)
1434 return 0;
1435
1436 bo = bcm_sk(sk);
1437
1433 /* remove bcm_ops, timer, rx_unregister(), etc. */ 1438 /* remove bcm_ops, timer, rx_unregister(), etc. */
1434 1439
1435 unregister_netdevice_notifier(&bo->notifier); 1440 unregister_netdevice_notifier(&bo->notifier);
diff --git a/net/can/raw.c b/net/can/raw.c
index 649acfa7c70a..0eb39a7fdf64 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -305,7 +305,12 @@ static int raw_init(struct sock *sk)
305static int raw_release(struct socket *sock) 305static int raw_release(struct socket *sock)
306{ 306{
307 struct sock *sk = sock->sk; 307 struct sock *sk = sock->sk;
308 struct raw_sock *ro = raw_sk(sk); 308 struct raw_sock *ro;
309
310 if (!sk)
311 return 0;
312
313 ro = raw_sk(sk);
309 314
310 unregister_netdevice_notifier(&ro->notifier); 315 unregister_netdevice_notifier(&ro->notifier);
311 316
diff --git a/net/core/dev.c b/net/core/dev.c
index c2ac599fa0f6..856b6ee9a1d5 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4773,7 +4773,7 @@ static int dev_ifsioc_locked(struct net *net, struct ifreq *ifr, unsigned int cm
4773 * is never reached 4773 * is never reached
4774 */ 4774 */
4775 WARN_ON(1); 4775 WARN_ON(1);
4776 err = -EINVAL; 4776 err = -ENOTTY;
4777 break; 4777 break;
4778 4778
4779 } 4779 }
@@ -5041,7 +5041,7 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
5041 /* Set the per device memory buffer space. 5041 /* Set the per device memory buffer space.
5042 * Not applicable in our case */ 5042 * Not applicable in our case */
5043 case SIOCSIFLINK: 5043 case SIOCSIFLINK:
5044 return -EINVAL; 5044 return -ENOTTY;
5045 5045
5046 /* 5046 /*
5047 * Unknown or private ioctl. 5047 * Unknown or private ioctl.
@@ -5062,7 +5062,7 @@ int dev_ioctl(struct net *net, unsigned int cmd, void __user *arg)
5062 /* Take care of Wireless Extensions */ 5062 /* Take care of Wireless Extensions */
5063 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) 5063 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST)
5064 return wext_handle_ioctl(net, &ifr, cmd, arg); 5064 return wext_handle_ioctl(net, &ifr, cmd, arg);
5065 return -EINVAL; 5065 return -ENOTTY;
5066 } 5066 }
5067} 5067}
5068 5068
diff --git a/net/dsa/Kconfig b/net/dsa/Kconfig
index 87bb5f4de0e8..c53ded2a98df 100644
--- a/net/dsa/Kconfig
+++ b/net/dsa/Kconfig
@@ -41,12 +41,12 @@ config NET_DSA_MV88E6XXX_NEED_PPU
41 default n 41 default n
42 42
43config NET_DSA_MV88E6131 43config NET_DSA_MV88E6131
44 bool "Marvell 88E6095/6095F/6131 ethernet switch chip support" 44 bool "Marvell 88E6085/6095/6095F/6131 ethernet switch chip support"
45 select NET_DSA_MV88E6XXX 45 select NET_DSA_MV88E6XXX
46 select NET_DSA_MV88E6XXX_NEED_PPU 46 select NET_DSA_MV88E6XXX_NEED_PPU
47 select NET_DSA_TAG_DSA 47 select NET_DSA_TAG_DSA
48 ---help--- 48 ---help---
49 This enables support for the Marvell 88E6095/6095F/6131 49 This enables support for the Marvell 88E6085/6095/6095F/6131
50 ethernet switch chips. 50 ethernet switch chips.
51 51
52config NET_DSA_MV88E6123_61_65 52config NET_DSA_MV88E6123_61_65
diff --git a/net/dsa/mv88e6131.c b/net/dsa/mv88e6131.c
index 3da418894efc..45f7411e90ba 100644
--- a/net/dsa/mv88e6131.c
+++ b/net/dsa/mv88e6131.c
@@ -207,8 +207,15 @@ static int mv88e6131_setup_port(struct dsa_switch *ds, int p)
207 * mode, but do not enable forwarding of unknown unicasts. 207 * mode, but do not enable forwarding of unknown unicasts.
208 */ 208 */
209 val = 0x0433; 209 val = 0x0433;
210 if (p == dsa_upstream_port(ds)) 210 if (p == dsa_upstream_port(ds)) {
211 val |= 0x0104; 211 val |= 0x0104;
212 /*
213 * On 6085, unknown multicast forward is controlled
214 * here rather than in Port Control 2 register.
215 */
216 if (ps->id == ID_6085)
217 val |= 0x0008;
218 }
212 if (ds->dsa_port_mask & (1 << p)) 219 if (ds->dsa_port_mask & (1 << p))
213 val |= 0x0100; 220 val |= 0x0100;
214 REG_WRITE(addr, 0x04, val); 221 REG_WRITE(addr, 0x04, val);
@@ -251,10 +258,19 @@ static int mv88e6131_setup_port(struct dsa_switch *ds, int p)
251 * If this is the upstream port for this switch, enable 258 * If this is the upstream port for this switch, enable
252 * forwarding of unknown multicast addresses. 259 * forwarding of unknown multicast addresses.
253 */ 260 */
254 val = 0x0080 | dsa_upstream_port(ds); 261 if (ps->id == ID_6085)
255 if (p == dsa_upstream_port(ds)) 262 /*
256 val |= 0x0040; 263 * on 6085, bits 3:0 are reserved, bit 6 control ARP
257 REG_WRITE(addr, 0x08, val); 264 * mirroring, and multicast forward is handled in
265 * Port Control register.
266 */
267 REG_WRITE(addr, 0x08, 0x0080);
268 else {
269 val = 0x0080 | dsa_upstream_port(ds);
270 if (p == dsa_upstream_port(ds))
271 val |= 0x0040;
272 REG_WRITE(addr, 0x08, val);
273 }
258 274
259 /* 275 /*
260 * Rate Control: disable ingress rate limiting. 276 * Rate Control: disable ingress rate limiting.
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5345b0bee6df..cd9ca0811cfa 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1680,7 +1680,7 @@ static void __devinet_sysctl_unregister(struct ipv4_devconf *cnf)
1680 return; 1680 return;
1681 1681
1682 cnf->sysctl = NULL; 1682 cnf->sysctl = NULL;
1683 unregister_sysctl_table(t->sysctl_header); 1683 unregister_net_sysctl_table(t->sysctl_header);
1684 kfree(t->dev_name); 1684 kfree(t->dev_name);
1685 kfree(t); 1685 kfree(t);
1686} 1686}
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index e9013d6c1f51..5fe9b8b41df3 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1978,9 +1978,6 @@ struct fib_table *fib_trie_table(u32 id)
1978 t = (struct trie *) tb->tb_data; 1978 t = (struct trie *) tb->tb_data;
1979 memset(t, 0, sizeof(*t)); 1979 memset(t, 0, sizeof(*t));
1980 1980
1981 if (id == RT_TABLE_LOCAL)
1982 pr_info("IPv4 FIB: Using LC-trie version %s\n", VERSION);
1983
1984 return tb; 1981 return tb;
1985} 1982}
1986 1983
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index c1acf69858fd..99e6e4bb1c72 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2690,6 +2690,12 @@ static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
2690{ 2690{
2691} 2691}
2692 2692
2693static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
2694 unsigned long old)
2695{
2696 return NULL;
2697}
2698
2693static struct dst_ops ipv4_dst_blackhole_ops = { 2699static struct dst_ops ipv4_dst_blackhole_ops = {
2694 .family = AF_INET, 2700 .family = AF_INET,
2695 .protocol = cpu_to_be16(ETH_P_IP), 2701 .protocol = cpu_to_be16(ETH_P_IP),
@@ -2698,6 +2704,7 @@ static struct dst_ops ipv4_dst_blackhole_ops = {
2698 .default_mtu = ipv4_blackhole_default_mtu, 2704 .default_mtu = ipv4_blackhole_default_mtu,
2699 .default_advmss = ipv4_default_advmss, 2705 .default_advmss = ipv4_default_advmss,
2700 .update_pmtu = ipv4_rt_blackhole_update_pmtu, 2706 .update_pmtu = ipv4_rt_blackhole_update_pmtu,
2707 .cow_metrics = ipv4_rt_blackhole_cow_metrics,
2701}; 2708};
2702 2709
2703struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig) 2710struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 1493534116df..a7bda0757053 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4537,7 +4537,7 @@ static void __addrconf_sysctl_unregister(struct ipv6_devconf *p)
4537 4537
4538 t = p->sysctl; 4538 t = p->sysctl;
4539 p->sysctl = NULL; 4539 p->sysctl = NULL;
4540 unregister_sysctl_table(t->sysctl_header); 4540 unregister_net_sysctl_table(t->sysctl_header);
4541 kfree(t->dev_name); 4541 kfree(t->dev_name);
4542 kfree(t); 4542 kfree(t);
4543} 4543}
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 5aa8ec88f194..59dccfbb5b11 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -371,7 +371,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
371 iv = esp_tmp_iv(aead, tmp, seqhilen); 371 iv = esp_tmp_iv(aead, tmp, seqhilen);
372 req = esp_tmp_req(aead, iv); 372 req = esp_tmp_req(aead, iv);
373 asg = esp_req_sg(aead, req); 373 asg = esp_req_sg(aead, req);
374 sg = asg + 1; 374 sg = asg + sglists;
375 375
376 skb->ip_summed = CHECKSUM_NONE; 376 skb->ip_summed = CHECKSUM_NONE;
377 377
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 843406f14d7b..fd0eec6f88c6 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -153,6 +153,12 @@ static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, u32 mtu)
153{ 153{
154} 154}
155 155
156static u32 *ip6_rt_blackhole_cow_metrics(struct dst_entry *dst,
157 unsigned long old)
158{
159 return NULL;
160}
161
156static struct dst_ops ip6_dst_blackhole_ops = { 162static struct dst_ops ip6_dst_blackhole_ops = {
157 .family = AF_INET6, 163 .family = AF_INET6,
158 .protocol = cpu_to_be16(ETH_P_IPV6), 164 .protocol = cpu_to_be16(ETH_P_IPV6),
@@ -161,6 +167,7 @@ static struct dst_ops ip6_dst_blackhole_ops = {
161 .default_mtu = ip6_blackhole_default_mtu, 167 .default_mtu = ip6_blackhole_default_mtu,
162 .default_advmss = ip6_default_advmss, 168 .default_advmss = ip6_default_advmss,
163 .update_pmtu = ip6_rt_blackhole_update_pmtu, 169 .update_pmtu = ip6_rt_blackhole_update_pmtu,
170 .cow_metrics = ip6_rt_blackhole_cow_metrics,
164}; 171};
165 172
166static const u32 ip6_template_metrics[RTAX_MAX] = { 173static const u32 ip6_template_metrics[RTAX_MAX] = {
@@ -2012,7 +2019,6 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
2012 rt->dst.output = ip6_output; 2019 rt->dst.output = ip6_output;
2013 rt->rt6i_dev = net->loopback_dev; 2020 rt->rt6i_dev = net->loopback_dev;
2014 rt->rt6i_idev = idev; 2021 rt->rt6i_idev = idev;
2015 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, -1);
2016 rt->dst.obsolete = -1; 2022 rt->dst.obsolete = -1;
2017 2023
2018 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP; 2024 rt->rt6i_flags = RTF_UP | RTF_NONEXTHOP;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 15c37746845e..9e305d74b3d4 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1335,7 +1335,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, u32 features)
1335 skb->ip_summed = CHECKSUM_NONE; 1335 skb->ip_summed = CHECKSUM_NONE;
1336 1336
1337 /* Check if there is enough headroom to insert fragment header. */ 1337 /* Check if there is enough headroom to insert fragment header. */
1338 if ((skb_headroom(skb) < frag_hdr_sz) && 1338 if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) &&
1339 pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) 1339 pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC))
1340 goto out; 1340 goto out;
1341 1341
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 334213571ad0..44049733c4ea 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1504,6 +1504,8 @@ int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1504 enum ieee80211_smps_mode old_req; 1504 enum ieee80211_smps_mode old_req;
1505 int err; 1505 int err;
1506 1506
1507 lockdep_assert_held(&sdata->u.mgd.mtx);
1508
1507 old_req = sdata->u.mgd.req_smps; 1509 old_req = sdata->u.mgd.req_smps;
1508 sdata->u.mgd.req_smps = smps_mode; 1510 sdata->u.mgd.req_smps = smps_mode;
1509 1511
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index dacace6b1393..9ea7c0d0103f 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -177,9 +177,9 @@ static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
177 if (sdata->vif.type != NL80211_IFTYPE_STATION) 177 if (sdata->vif.type != NL80211_IFTYPE_STATION)
178 return -EOPNOTSUPP; 178 return -EOPNOTSUPP;
179 179
180 mutex_lock(&local->iflist_mtx); 180 mutex_lock(&sdata->u.mgd.mtx);
181 err = __ieee80211_request_smps(sdata, smps_mode); 181 err = __ieee80211_request_smps(sdata, smps_mode);
182 mutex_unlock(&local->iflist_mtx); 182 mutex_unlock(&sdata->u.mgd.mtx);
183 183
184 return err; 184 return err;
185} 185}
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 3a43a8304768..b1d75beb7e20 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -524,6 +524,8 @@ static int unix_dgram_connect(struct socket *, struct sockaddr *,
524 int, int); 524 int, int);
525static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, 525static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
526 struct msghdr *, size_t); 526 struct msghdr *, size_t);
527static int unix_seqpacket_recvmsg(struct kiocb *, struct socket *,
528 struct msghdr *, size_t, int);
527 529
528static const struct proto_ops unix_stream_ops = { 530static const struct proto_ops unix_stream_ops = {
529 .family = PF_UNIX, 531 .family = PF_UNIX,
@@ -583,7 +585,7 @@ static const struct proto_ops unix_seqpacket_ops = {
583 .setsockopt = sock_no_setsockopt, 585 .setsockopt = sock_no_setsockopt,
584 .getsockopt = sock_no_getsockopt, 586 .getsockopt = sock_no_getsockopt,
585 .sendmsg = unix_seqpacket_sendmsg, 587 .sendmsg = unix_seqpacket_sendmsg,
586 .recvmsg = unix_dgram_recvmsg, 588 .recvmsg = unix_seqpacket_recvmsg,
587 .mmap = sock_no_mmap, 589 .mmap = sock_no_mmap,
588 .sendpage = sock_no_sendpage, 590 .sendpage = sock_no_sendpage,
589}; 591};
@@ -1699,6 +1701,18 @@ static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
1699 return unix_dgram_sendmsg(kiocb, sock, msg, len); 1701 return unix_dgram_sendmsg(kiocb, sock, msg, len);
1700} 1702}
1701 1703
1704static int unix_seqpacket_recvmsg(struct kiocb *iocb, struct socket *sock,
1705 struct msghdr *msg, size_t size,
1706 int flags)
1707{
1708 struct sock *sk = sock->sk;
1709
1710 if (sk->sk_state != TCP_ESTABLISHED)
1711 return -ENOTCONN;
1712
1713 return unix_dgram_recvmsg(iocb, sock, msg, size, flags);
1714}
1715
1702static void unix_copy_addr(struct msghdr *msg, struct sock *sk) 1716static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1703{ 1717{
1704 struct unix_sock *u = unix_sk(sk); 1718 struct unix_sock *u = unix_sk(sk);
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index f218385950ca..e8a781422feb 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -532,7 +532,7 @@ int xfrm_init_replay(struct xfrm_state *x)
532 532
533 if (replay_esn) { 533 if (replay_esn) {
534 if (replay_esn->replay_window > 534 if (replay_esn->replay_window >
535 replay_esn->bmp_len * sizeof(__u32)) 535 replay_esn->bmp_len * sizeof(__u32) * 8)
536 return -EINVAL; 536 return -EINVAL;
537 537
538 if ((x->props.flags & XFRM_STATE_ESN) && x->replay_esn) 538 if ((x->props.flags & XFRM_STATE_ESN) && x->replay_esn)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d1d60d3ca83..c658cb3bc7c3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -124,6 +124,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
124{ 124{
125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; 125 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
126 126
127 if ((p->flags & XFRM_STATE_ESN) && !rt)
128 return -EINVAL;
129
127 if (!rt) 130 if (!rt)
128 return 0; 131 return 0;
129 132
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-02 03:28:01 -0400