From: Greg Kroah-Hartman Date: Wed, 12 May 2021 09:33:53 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.4.119~77 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=42a8dbd9539f415970059bc06fb16a271ae73c74;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: cfg80211-scan-drop-entry-from-hidden_list-on-overflow.patch ipw2x00-potential-buffer-overflow-in-libipw_wx_set_encodeext.patch md-cluster-fix-use-after-free-issue-when-removing-rdev.patch md-factor-out-a-mddev_find_locked-helper-from-mddev_find.patch md-fix-missing-unused-status-line-of-proc-mdstat.patch md-md_open-returns-ebusy-when-entering-racing-area.patch md-split-mddev_find.patch mips-reinstate-platform-__div64_32-handler.patch --- diff --git a/queue-4.19/cfg80211-scan-drop-entry-from-hidden_list-on-overflow.patch b/queue-4.19/cfg80211-scan-drop-entry-from-hidden_list-on-overflow.patch new file mode 100644 index 00000000000..a7ea52cc1f1 --- /dev/null +++ b/queue-4.19/cfg80211-scan-drop-entry-from-hidden_list-on-overflow.patch @@ -0,0 +1,33 @@ +From 010bfbe768f7ecc876ffba92db30432de4997e2a Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Fri, 16 Apr 2021 09:42:14 +0200 +Subject: cfg80211: scan: drop entry from hidden_list on overflow + +From: Johannes Berg + +commit 010bfbe768f7ecc876ffba92db30432de4997e2a upstream. + +If we overflow the maximum number of BSS entries and free the +new entry, drop it from any hidden_list that it may have been +added to in the code above or in cfg80211_combine_bsses(). + +Reported-by: Dan Carpenter +Link: https://lore.kernel.org/r/20210416094212.5de7d1676ad7.Ied283b0bc5f504845e7d6ab90626bdfa68bb3dc0@changeid +Cc: stable@vger.kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + net/wireless/scan.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/scan.c ++++ b/net/wireless/scan.c +@@ -1036,6 +1036,8 @@ cfg80211_bss_update(struct cfg80211_regi + + if (rdev->bss_entries >= bss_entries_limit && + !cfg80211_bss_expire_oldest(rdev)) { ++ if (!list_empty(&new->hidden_list)) ++ list_del(&new->hidden_list); + kfree(new); + goto drop; + } diff --git a/queue-4.19/ipw2x00-potential-buffer-overflow-in-libipw_wx_set_encodeext.patch b/queue-4.19/ipw2x00-potential-buffer-overflow-in-libipw_wx_set_encodeext.patch new file mode 100644 index 00000000000..89e2f2e01df --- /dev/null +++ b/queue-4.19/ipw2x00-potential-buffer-overflow-in-libipw_wx_set_encodeext.patch @@ -0,0 +1,38 @@ +From 260a9ad9446723d4063ed802989758852809714d Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 14 Apr 2021 11:29:55 +0300 +Subject: ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() + +From: Dan Carpenter + +commit 260a9ad9446723d4063ed802989758852809714d upstream. + +The "ext->key_len" is a u16 that comes from the user. If it's over +SCM_KEY_LEN (32) that could lead to memory corruption. + +Fixes: e0d369d1d969 ("[PATCH] ieee82011: Added WE-18 support to default wireless extension handler") +Cc: stable@vger.kernel.org +Signed-off-by: Dan Carpenter +Acked-by: Stanislav Yakovlev +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/YHaoA1i+8uT4ir4h@mwanda +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/intel/ipw2x00/libipw_wx.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/intel/ipw2x00/libipw_wx.c ++++ b/drivers/net/wireless/intel/ipw2x00/libipw_wx.c +@@ -647,8 +647,10 @@ int libipw_wx_set_encodeext(struct libip + } + + if (ext->alg != IW_ENCODE_ALG_NONE) { +- memcpy(sec.keys[idx], ext->key, ext->key_len); +- sec.key_sizes[idx] = ext->key_len; ++ int key_len = clamp_val(ext->key_len, 0, SCM_KEY_LEN); ++ ++ memcpy(sec.keys[idx], ext->key, key_len); ++ sec.key_sizes[idx] = key_len; + sec.flags |= (1 << idx); + if (ext->alg == IW_ENCODE_ALG_WEP) { + sec.encode_alg[idx] = SEC_ALG_WEP; diff --git a/queue-4.19/md-cluster-fix-use-after-free-issue-when-removing-rdev.patch b/queue-4.19/md-cluster-fix-use-after-free-issue-when-removing-rdev.patch new file mode 100644 index 00000000000..c08a2b63fbd --- /dev/null +++ b/queue-4.19/md-cluster-fix-use-after-free-issue-when-removing-rdev.patch @@ -0,0 +1,115 @@ +From f7c7a2f9a23e5b6e0f5251f29648d0238bb7757e Mon Sep 17 00:00:00 2001 +From: Heming Zhao +Date: Thu, 8 Apr 2021 15:44:15 +0800 +Subject: md-cluster: fix use-after-free issue when removing rdev + +From: Heming Zhao + +commit f7c7a2f9a23e5b6e0f5251f29648d0238bb7757e upstream. + +md_kick_rdev_from_array will remove rdev, so we should +use rdev_for_each_safe to search list. + +How to trigger: + +env: Two nodes on kvm-qemu x86_64 VMs (2C2G with 2 iscsi luns). + +``` +node2=192.168.0.3 + +for i in {1..20}; do + echo ==== $i `date` ====; + + mdadm -Ss && ssh ${node2} "mdadm -Ss" + wipefs -a /dev/sda /dev/sdb + + mdadm -CR /dev/md0 -b clustered -e 1.2 -n 2 -l 1 /dev/sda \ + /dev/sdb --assume-clean + ssh ${node2} "mdadm -A /dev/md0 /dev/sda /dev/sdb" + mdadm --wait /dev/md0 + ssh ${node2} "mdadm --wait /dev/md0" + + mdadm --manage /dev/md0 --fail /dev/sda --remove /dev/sda + sleep 1 +done +``` + +Crash stack: + +``` +stack segment: 0000 [#1] SMP +... ... +RIP: 0010:md_check_recovery+0x1e8/0x570 [md_mod] +... ... +RSP: 0018:ffffb149807a7d68 EFLAGS: 00010207 +RAX: 0000000000000000 RBX: ffff9d494c180800 RCX: ffff9d490fc01e50 +RDX: fffff047c0ed8308 RSI: 0000000000000246 RDI: 0000000000000246 +RBP: 6b6b6b6b6b6b6b6b R08: ffff9d490fc01e40 R09: 0000000000000000 +R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 +R13: ffff9d494c180818 R14: ffff9d493399ef38 R15: ffff9d4933a1d800 +FS: 0000000000000000(0000) GS:ffff9d494f700000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007fe68cab9010 CR3: 000000004c6be001 CR4: 00000000003706e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + raid1d+0x5c/0xd40 [raid1] + ? finish_task_switch+0x75/0x2a0 + ? lock_timer_base+0x67/0x80 + ? try_to_del_timer_sync+0x4d/0x80 + ? del_timer_sync+0x41/0x50 + ? schedule_timeout+0x254/0x2d0 + ? md_start_sync+0xe0/0xe0 [md_mod] + ? md_thread+0x127/0x160 [md_mod] + md_thread+0x127/0x160 [md_mod] + ? wait_woken+0x80/0x80 + kthread+0x10d/0x130 + ? kthread_park+0xa0/0xa0 + ret_from_fork+0x1f/0x40 +``` + +Fixes: dbb64f8635f5d ("md-cluster: Fix adding of new disk with new reload code") +Fixes: 659b254fa7392 ("md-cluster: remove a disk asynchronously from cluster environment") +Cc: stable@vger.kernel.org +Reviewed-by: Gang He +Signed-off-by: Heming Zhao +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/md.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -8883,11 +8883,11 @@ void md_check_recovery(struct mddev *mdd + } + + if (mddev_is_clustered(mddev)) { +- struct md_rdev *rdev; ++ struct md_rdev *rdev, *tmp; + /* kick the device if another node issued a + * remove disk. + */ +- rdev_for_each(rdev, mddev) { ++ rdev_for_each_safe(rdev, tmp, mddev) { + if (test_and_clear_bit(ClusterRemove, &rdev->flags) && + rdev->raid_disk < 0) + md_kick_rdev_from_array(rdev); +@@ -9187,7 +9187,7 @@ err_wq: + static void check_sb_changes(struct mddev *mddev, struct md_rdev *rdev) + { + struct mdp_superblock_1 *sb = page_address(rdev->sb_page); +- struct md_rdev *rdev2; ++ struct md_rdev *rdev2, *tmp; + int role, ret; + char b[BDEVNAME_SIZE]; + +@@ -9204,7 +9204,7 @@ static void check_sb_changes(struct mdde + } + + /* Check for change of roles in the active devices */ +- rdev_for_each(rdev2, mddev) { ++ rdev_for_each_safe(rdev2, tmp, mddev) { + if (test_bit(Faulty, &rdev2->flags)) + continue; + diff --git a/queue-4.19/md-factor-out-a-mddev_find_locked-helper-from-mddev_find.patch b/queue-4.19/md-factor-out-a-mddev_find_locked-helper-from-mddev_find.patch new file mode 100644 index 00000000000..71adf39359d --- /dev/null +++ b/queue-4.19/md-factor-out-a-mddev_find_locked-helper-from-mddev_find.patch @@ -0,0 +1,76 @@ +From 8b57251f9a91f5e5a599de7549915d2d226cc3af Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Sat, 3 Apr 2021 18:15:28 +0200 +Subject: md: factor out a mddev_find_locked helper from mddev_find + +From: Christoph Hellwig + +commit 8b57251f9a91f5e5a599de7549915d2d226cc3af upstream. + +Factor out a self-contained helper to just lookup a mddev by the dev_t +"unit". + +Cc: stable@vger.kernel.org +Reviewed-by: Heming Zhao +Signed-off-by: Christoph Hellwig +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/md.c | 32 +++++++++++++++++++------------- + 1 file changed, 19 insertions(+), 13 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -583,6 +583,17 @@ void mddev_init(struct mddev *mddev) + } + EXPORT_SYMBOL_GPL(mddev_init); + ++static struct mddev *mddev_find_locked(dev_t unit) ++{ ++ struct mddev *mddev; ++ ++ list_for_each_entry(mddev, &all_mddevs, all_mddevs) ++ if (mddev->unit == unit) ++ return mddev; ++ ++ return NULL; ++} ++ + static struct mddev *mddev_find(dev_t unit) + { + struct mddev *mddev; +@@ -610,13 +621,13 @@ static struct mddev *mddev_find_or_alloc + spin_lock(&all_mddevs_lock); + + if (unit) { +- list_for_each_entry(mddev, &all_mddevs, all_mddevs) +- if (mddev->unit == unit) { +- mddev_get(mddev); +- spin_unlock(&all_mddevs_lock); +- kfree(new); +- return mddev; +- } ++ mddev = mddev_find_locked(unit); ++ if (mddev) { ++ mddev_get(mddev); ++ spin_unlock(&all_mddevs_lock); ++ kfree(new); ++ return mddev; ++ } + + if (new) { + list_add(&new->all_mddevs, &all_mddevs); +@@ -642,12 +653,7 @@ static struct mddev *mddev_find_or_alloc + return NULL; + } + +- is_free = 1; +- list_for_each_entry(mddev, &all_mddevs, all_mddevs) +- if (mddev->unit == dev) { +- is_free = 0; +- break; +- } ++ is_free = !mddev_find_locked(dev); + } + new->unit = dev; + new->md_minor = MINOR(dev); diff --git a/queue-4.19/md-fix-missing-unused-status-line-of-proc-mdstat.patch b/queue-4.19/md-fix-missing-unused-status-line-of-proc-mdstat.patch new file mode 100644 index 00000000000..d8c8d70a051 --- /dev/null +++ b/queue-4.19/md-fix-missing-unused-status-line-of-proc-mdstat.patch @@ -0,0 +1,43 @@ +From 7abfabaf5f805f5171d133ce6af9b65ab766e76a Mon Sep 17 00:00:00 2001 +From: Jan Glauber +Date: Wed, 17 Mar 2021 15:04:39 +0100 +Subject: md: Fix missing unused status line of /proc/mdstat + +From: Jan Glauber + +commit 7abfabaf5f805f5171d133ce6af9b65ab766e76a upstream. + +Reading /proc/mdstat with a read buffer size that would not +fit the unused status line in the first read will skip this +line from the output. + +So 'dd if=/proc/mdstat bs=64 2>/dev/null' will not print something +like: unused devices: + +Don't return NULL immediately in start() for v=2 but call +show() once to print the status line also for multiple reads. + +Cc: stable@vger.kernel.org +Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface") +Signed-off-by: Jan Glauber +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/md.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -7814,7 +7814,11 @@ static void *md_seq_start(struct seq_fil + loff_t l = *pos; + struct mddev *mddev; + +- if (l >= 0x10000) ++ if (l == 0x10000) { ++ ++*pos; ++ return (void *)2; ++ } ++ if (l > 0x10000) + return NULL; + if (!l--) + /* header */ diff --git a/queue-4.19/md-md_open-returns-ebusy-when-entering-racing-area.patch b/queue-4.19/md-md_open-returns-ebusy-when-entering-racing-area.patch new file mode 100644 index 00000000000..7019f26b65b --- /dev/null +++ b/queue-4.19/md-md_open-returns-ebusy-when-entering-racing-area.patch @@ -0,0 +1,41 @@ +From 6a4db2a60306eb65bfb14ccc9fde035b74a4b4e7 Mon Sep 17 00:00:00 2001 +From: Zhao Heming +Date: Sat, 3 Apr 2021 11:01:25 +0800 +Subject: md: md_open returns -EBUSY when entering racing area + +From: Zhao Heming + +commit 6a4db2a60306eb65bfb14ccc9fde035b74a4b4e7 upstream. + +commit d3374825ce57 ("md: make devices disappear when they are no longer +needed.") introduced protection between mddev creating & removing. The +md_open shouldn't create mddev when all_mddevs list doesn't contain +mddev. With currently code logic, there will be very easy to trigger +soft lockup in non-preempt env. + +This patch changes md_open returning from -ERESTARTSYS to -EBUSY, which +will break the infinitely retry when md_open enter racing area. + +This patch is partly fix soft lockup issue, full fix needs mddev_find +is split into two functions: mddev_find & mddev_find_or_alloc. And +md_open should call new mddev_find (it only does searching job). + +For more detail, please refer with Christoph's "split mddev_find" patch +in later commits. + +--- + drivers/md/md.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -7481,8 +7481,7 @@ static int md_open(struct block_device * + /* Wait until bdev->bd_disk is definitely gone */ + if (work_pending(&mddev->del_work)) + flush_workqueue(md_misc_wq); +- /* Then retry the open from the top */ +- return -ERESTARTSYS; ++ return -EBUSY; + } + BUG_ON(mddev != bdev->bd_disk->private_data); + diff --git a/queue-4.19/md-split-mddev_find.patch b/queue-4.19/md-split-mddev_find.patch new file mode 100644 index 00000000000..c941b763a6e --- /dev/null +++ b/queue-4.19/md-split-mddev_find.patch @@ -0,0 +1,74 @@ +From 65aa97c4d2bfd76677c211b9d03ef05a98c6d68e Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Sat, 3 Apr 2021 18:15:29 +0200 +Subject: md: split mddev_find + +From: Christoph Hellwig + +commit 65aa97c4d2bfd76677c211b9d03ef05a98c6d68e upstream. + +Split mddev_find into a simple mddev_find that just finds an existing +mddev by the unit number, and a more complicated mddev_find that deals +with find or allocating a mddev. + +This turns out to fix this bug reported by Zhao Heming. + +----------------------------- snip ------------------------------ +commit d3374825ce57 ("md: make devices disappear when they are no longer +needed.") introduced protection between mddev creating & removing. The +md_open shouldn't create mddev when all_mddevs list doesn't contain +mddev. With currently code logic, there will be very easy to trigger +soft lockup in non-preempt env. + +--- + drivers/md/md.c | 24 +++++++++++++++++++----- + 1 file changed, 19 insertions(+), 5 deletions(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -585,6 +585,22 @@ EXPORT_SYMBOL_GPL(mddev_init); + + static struct mddev *mddev_find(dev_t unit) + { ++ struct mddev *mddev; ++ ++ if (MAJOR(unit) != MD_MAJOR) ++ unit &= ~((1 << MdpMinorShift) - 1); ++ ++ spin_lock(&all_mddevs_lock); ++ mddev = mddev_find_locked(unit); ++ if (mddev) ++ mddev_get(mddev); ++ spin_unlock(&all_mddevs_lock); ++ ++ return mddev; ++} ++ ++static struct mddev *mddev_find_or_alloc(dev_t unit) ++{ + struct mddev *mddev, *new = NULL; + + if (unit && MAJOR(unit) != MD_MAJOR) +@@ -5302,7 +5318,7 @@ static int md_alloc(dev_t dev, char *nam + * writing to /sys/module/md_mod/parameters/new_array. + */ + static DEFINE_MUTEX(disks_mutex); +- struct mddev *mddev = mddev_find(dev); ++ struct mddev *mddev = mddev_find_or_alloc(dev); + struct gendisk *disk; + int partitioned; + int shift; +@@ -6155,11 +6171,9 @@ static void autorun_devices(int part) + + md_probe(dev, NULL, NULL); + mddev = mddev_find(dev); +- if (!mddev || !mddev->gendisk) { +- if (mddev) +- mddev_put(mddev); ++ if (!mddev) + break; +- } ++ + if (mddev_lock(mddev)) + pr_warn("md: %s locked, cannot run\n", mdname(mddev)); + else if (mddev->raid_disks || mddev->major_version diff --git a/queue-4.19/mips-reinstate-platform-__div64_32-handler.patch b/queue-4.19/mips-reinstate-platform-__div64_32-handler.patch new file mode 100644 index 00000000000..3a0267d6f28 --- /dev/null +++ b/queue-4.19/mips-reinstate-platform-__div64_32-handler.patch @@ -0,0 +1,161 @@ +From c49f71f60754acbff37505e1d16ca796bf8a8140 Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Tue, 20 Apr 2021 04:50:40 +0200 +Subject: MIPS: Reinstate platform `__div64_32' handler + +From: Maciej W. Rozycki + +commit c49f71f60754acbff37505e1d16ca796bf8a8140 upstream. + +Our current MIPS platform `__div64_32' handler is inactive, because it +is incorrectly only enabled for 64-bit configurations, for which generic +`do_div' code does not call it anyway. + +The handler is not suitable for being called from there though as it +only calculates 32 bits of the quotient under the assumption the 64-bit +divident has been suitably reduced. Code for such reduction used to be +there, however it has been incorrectly removed with commit c21004cd5b4c +("MIPS: Rewrite to work with gcc 4.4.0."), which should +have only updated an obsoleted constraint for an inline asm involving +$hi and $lo register outputs, while possibly wiring the original MIPS +variant of the `do_div' macro as `__div64_32' handler for the generic +`do_div' implementation + +Correct the handler as follows then: + +- Revert most of the commit referred, however retaining the current + formatting, except for the final two instructions of the inline asm + sequence, which the original commit missed. Omit the original 64-bit + parts though. + +- Rename the original `do_div' macro to `__div64_32'. Use the combined + `x' constraint referring to the MD accumulator as a whole, replacing + the original individual `h' and `l' constraints used for $hi and $lo + registers respectively, of which `h' has been obsoleted with GCC 4.4. + Update surrounding code accordingly. + + We have since removed support for GCC versions before 4.9, so no need + for a special arrangement here; GCC has supported the `x' constraint + since forever anyway, or at least going back to 1991. + +- Rename the `__base' local variable in `__div64_32' to `__radix' to + avoid a conflict with a local variable in `do_div'. + +- Actually enable this code for 32-bit rather than 64-bit configurations + by qualifying it with BITS_PER_LONG being 32 instead of 64. Include + for this macro rather than as we + don't need anything else. + +- Finally include last rather than first. + +This has passed correctness verification with test_div64 and reduced the +module's average execution time down to 1.0668s and 0.2629s from 2.1529s +and 0.5647s respectively for an R3400 CPU @40MHz and a 5Kc CPU @160MHz. +For a reference 64-bit `do_div' code where we have the DDIVU instruction +available to do the whole calculation right away averages at 0.0660s for +the latter CPU. + +Fixes: c21004cd5b4c ("MIPS: Rewrite to work with gcc 4.4.0.") +Reported-by: Huacai Chen +Signed-off-by: Maciej W. Rozycki +Cc: stable@vger.kernel.org # v2.6.30+ +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/include/asm/div64.h | 57 ++++++++++++++++++++++++++++++------------ + 1 file changed, 41 insertions(+), 16 deletions(-) + +--- a/arch/mips/include/asm/div64.h ++++ b/arch/mips/include/asm/div64.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (C) 2000, 2004 Maciej W. Rozycki ++ * Copyright (C) 2000, 2004, 2021 Maciej W. Rozycki + * Copyright (C) 2003, 07 Ralf Baechle (ralf@linux-mips.org) + * + * This file is subject to the terms and conditions of the GNU General Public +@@ -9,25 +9,18 @@ + #ifndef __ASM_DIV64_H + #define __ASM_DIV64_H + +-#include +- +-#if BITS_PER_LONG == 64 ++#include + +-#include ++#if BITS_PER_LONG == 32 + + /* + * No traps on overflows for any of these... + */ + +-#define __div64_32(n, base) \ +-({ \ ++#define do_div64_32(res, high, low, base) ({ \ + unsigned long __cf, __tmp, __tmp2, __i; \ + unsigned long __quot32, __mod32; \ +- unsigned long __high, __low; \ +- unsigned long long __n; \ + \ +- __high = *__n >> 32; \ +- __low = __n; \ + __asm__( \ + " .set push \n" \ + " .set noat \n" \ +@@ -51,18 +44,50 @@ + " subu %0, %0, %z6 \n" \ + " addiu %2, %2, 1 \n" \ + "3: \n" \ +- " bnez %4, 0b\n\t" \ +- " srl %5, %1, 0x1f\n\t" \ ++ " bnez %4, 0b \n" \ ++ " srl %5, %1, 0x1f \n" \ + " .set pop" \ + : "=&r" (__mod32), "=&r" (__tmp), \ + "=&r" (__quot32), "=&r" (__cf), \ + "=&r" (__i), "=&r" (__tmp2) \ +- : "Jr" (base), "0" (__high), "1" (__low)); \ ++ : "Jr" (base), "0" (high), "1" (low)); \ + \ +- (__n) = __quot32; \ ++ (res) = __quot32; \ + __mod32; \ + }) + +-#endif /* BITS_PER_LONG == 64 */ ++#define __div64_32(n, base) ({ \ ++ unsigned long __upper, __low, __high, __radix; \ ++ unsigned long long __modquot; \ ++ unsigned long long __quot; \ ++ unsigned long long __div; \ ++ unsigned long __mod; \ ++ \ ++ __div = (*n); \ ++ __radix = (base); \ ++ \ ++ __high = __div >> 32; \ ++ __low = __div; \ ++ __upper = __high; \ ++ \ ++ if (__high) { \ ++ __asm__("divu $0, %z1, %z2" \ ++ : "=x" (__modquot) \ ++ : "Jr" (__high), "Jr" (__radix)); \ ++ __upper = __modquot >> 32; \ ++ __high = __modquot; \ ++ } \ ++ \ ++ __mod = do_div64_32(__low, __upper, __low, __radix); \ ++ \ ++ __quot = __high; \ ++ __quot = __quot << 32 | __low; \ ++ (*n) = __quot; \ ++ __mod; \ ++}) ++ ++#endif /* BITS_PER_LONG == 32 */ ++ ++#include + + #endif /* __ASM_DIV64_H */ diff --git a/queue-4.19/series b/queue-4.19/series index d208c85d309..5f4f7ca03c6 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -138,3 +138,11 @@ misc-lis3lv02d-fix-false-positive-warn-on-various-hp-models.patch misc-vmw_vmci-explicitly-initialize-vmci_notify_bm_set_msg-struct.patch misc-vmw_vmci-explicitly-initialize-vmci_datagram-payload.patch md-bitmap-wait-for-external-bitmap-writes-to-complete-during-tear-down.patch +md-cluster-fix-use-after-free-issue-when-removing-rdev.patch +md-split-mddev_find.patch +md-factor-out-a-mddev_find_locked-helper-from-mddev_find.patch +md-md_open-returns-ebusy-when-entering-racing-area.patch +md-fix-missing-unused-status-line-of-proc-mdstat.patch +mips-reinstate-platform-__div64_32-handler.patch +ipw2x00-potential-buffer-overflow-in-libipw_wx_set_encodeext.patch +cfg80211-scan-drop-entry-from-hidden_list-on-overflow.patch