!348 Backport CVEs and fs bugfixes

	if ((cb & (GRU_HANDLE_STRIDE - 1)) || ucbnum >= GRU_NUM_CB)

		return -EINVAL;

again:

	gts = gru_find_lock_gts(cb);

	if (!gts)

		return -EINVAL;

	if (ucbnum >= gts->ts_cbr_au_count * GRU_CBR_AU_SIZE)

		goto exit;

	gru_check_context_placement(gts);

	if (gru_check_context_placement(gts)) {

		gru_unlock_gts(gts);

		gru_unload_context(gts, 1);

		goto again;

	}

	/*

	 * CCH may contain stale data if ts_force_cch_reload is set.

		} else {

			gts->ts_user_blade_id = req.val1;

			gts->ts_user_chiplet_id = req.val0;

			gru_check_context_placement(gts);

			if (gru_check_context_placement(gts)) {

				gru_unlock_gts(gts);

				gru_unload_context(gts, 1);

				return ret;

			}

		}

		break;

	case sco_gseg_owner:

 * chiplet. Misassignment can occur if the process migrates to a different

 * blade or if the user changes the selected blade/chiplet.

 */

void gru_check_context_placement(struct gru_thread_state *gts)

int gru_check_context_placement(struct gru_thread_state *gts)

{

	struct gru_state *gru;

	int ret = 0;

	/*

	 * If the current task is the context owner, verify that the

	 * references. Pthread apps use non-owner references to the CBRs.

	 */

	gru = gts->ts_gru;

	/*

	 * If gru or gts->ts_tgid_owner isn't initialized properly, return

	 * success to indicate that the caller does not need to unload the

	 * gru context.The caller is responsible for their inspection and

	 * reinitialization if needed.

	 */

	if (!gru || gts->ts_tgid_owner != current->tgid)

		return;

		return ret;

	if (!gru_check_chiplet_assignment(gru, gts)) {

		STAT(check_context_unload);

		gru_unload_context(gts, 1);

		ret = -EINVAL;

	} else if (gru_retarget_intr(gts)) {

		STAT(check_context_retarget_intr);

	}

	return ret;

}

	mutex_lock(&gts->ts_ctxlock);

	preempt_disable();

	gru_check_context_placement(gts);

	if (gru_check_context_placement(gts)) {

		preempt_enable();

		mutex_unlock(&gts->ts_ctxlock);

		gru_unload_context(gts, 1);

		return VM_FAULT_NOPAGE;

	}

	if (!gts->ts_gru) {

		STAT(load_user_context);

extern int gru_user_unload_context(unsigned long arg);

extern int gru_get_exception_detail(unsigned long arg);

extern int gru_set_context_option(unsigned long address);

extern void gru_check_context_placement(struct gru_thread_state *gts);

extern int gru_check_context_placement(struct gru_thread_state *gts);

extern int gru_cpu_fault_map_id(void);

extern struct vm_area_struct *gru_find_vma(unsigned long vaddr);

extern void gru_flush_all_tlb(struct gru_state *gru);

 * the reset is over (using their post_reset method).

 *

 * Return: The same as for usb_reset_and_verify_device().

 * However, if a reset is already in progress (for instance, if a

 * driver doesn't have pre_reset() or post_reset() callbacks, and while

 * being unbound or re-bound during the ongoing reset its disconnect()

 * or probe() routine tries to perform a second, nested reset), the

 * routine returns -EINPROGRESS.

 *

 * Note:

 * The caller must own the device lock.  For example, it's safe to use

		return -EISDIR;

	}

	if (udev->reset_in_progress)

		return -EINPROGRESS;

	udev->reset_in_progress = 1;

	port_dev = hub->ports[udev->portnum - 1];

	/*

	usb_autosuspend_device(udev);

	memalloc_noio_restore(noio_flag);

	udev->reset_in_progress = 0;

	return ret;

}

EXPORT_SYMBOL_GPL(usb_reset_device);

	 * active. */

	ext4_r_blocks_count_set(es, ext4_r_blocks_count(es) +

				reserved_blocks);

	ext4_superblock_csum_set(sb);

	unlock_buffer(sbi->s_sbh);

	/* Update the free space counts */

	percpu_counter_add(&sbi->s_freeclusters_counter,

	ext4_calculate_overhead(sb);

	es->s_overhead_clusters = cpu_to_le32(sbi->s_overhead);

	ext4_superblock_csum_set(sb);

	unlock_buffer(sbi->s_sbh);

	if (test_opt(sb, DEBUG))

		printk(KERN_DEBUG "EXT4-fs: added group %u:"

		       "%llu blocks(%llu free %llu reserved)\n", flex_gd->count,