Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:3.10 commit in: /
Date: Fri, 31 Oct 2014 11:21:41
Message-Id: 1414754326.fdca1444333f450d874582ba2ad6532254eb6d4d.mpagano@gentoo
1 commit: fdca1444333f450d874582ba2ad6532254eb6d4d
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Oct 31 11:18:46 2014 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Fri Oct 31 11:18:46 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/linux-patches.git;a=commit;h=fdca1444
7
8 Linux patch 3.10.59
9
10 ---
11 0000_README | 4 +
12 1058_linux-3.10.59.patch | 1369 ++++++++++++++++++++++++++++++++++++++++++++++
13 2 files changed, 1373 insertions(+)
14
15 diff --git a/0000_README b/0000_README
16 index fb459eb..580573b 100644
17 --- a/0000_README
18 +++ b/0000_README
19 @@ -274,6 +274,10 @@ Patch: 1057_linux-3.10.58.patch
20 From: http://www.kernel.org
21 Desc: Linux 3.10.58
22
23 +Patch: 1058_linux-3.10.59.patch
24 +From: http://www.kernel.org
25 +Desc: Linux 3.10.59
26 +
27 Patch: 1500_XATTR_USER_PREFIX.patch
28 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
29 Desc: Support for namespace user.pax.* on tmpfs.
30
31 diff --git a/1058_linux-3.10.59.patch b/1058_linux-3.10.59.patch
32 new file mode 100644
33 index 0000000..8bddbfc
34 --- /dev/null
35 +++ b/1058_linux-3.10.59.patch
36 @@ -0,0 +1,1369 @@
37 +diff --git a/Documentation/lzo.txt b/Documentation/lzo.txt
38 +new file mode 100644
39 +index 000000000000..ea45dd3901e3
40 +--- /dev/null
41 ++++ b/Documentation/lzo.txt
42 +@@ -0,0 +1,164 @@
43 ++
44 ++LZO stream format as understood by Linux's LZO decompressor
45 ++===========================================================
46 ++
47 ++Introduction
48 ++
49 ++ This is not a specification. No specification seems to be publicly available
50 ++ for the LZO stream format. This document describes what input format the LZO
51 ++ decompressor as implemented in the Linux kernel understands. The file subject
52 ++ of this analysis is lib/lzo/lzo1x_decompress_safe.c. No analysis was made on
53 ++ the compressor nor on any other implementations though it seems likely that
54 ++ the format matches the standard one. The purpose of this document is to
55 ++ better understand what the code does in order to propose more efficient fixes
56 ++ for future bug reports.
57 ++
58 ++Description
59 ++
60 ++ The stream is composed of a series of instructions, operands, and data. The
61 ++ instructions consist in a few bits representing an opcode, and bits forming
62 ++ the operands for the instruction, whose size and position depend on the
63 ++ opcode and on the number of literals copied by previous instruction. The
64 ++ operands are used to indicate :
65 ++
66 ++ - a distance when copying data from the dictionary (past output buffer)
67 ++ - a length (number of bytes to copy from dictionary)
68 ++ - the number of literals to copy, which is retained in variable "state"
69 ++ as a piece of information for next instructions.
70 ++
71 ++ Optionally depending on the opcode and operands, extra data may follow. These
72 ++ extra data can be a complement for the operand (eg: a length or a distance
73 ++ encoded on larger values), or a literal to be copied to the output buffer.
74 ++
75 ++ The first byte of the block follows a different encoding from other bytes, it
76 ++ seems to be optimized for literal use only, since there is no dictionary yet
77 ++ prior to that byte.
78 ++
79 ++ Lengths are always encoded on a variable size starting with a small number
80 ++ of bits in the operand. If the number of bits isn't enough to represent the
81 ++ length, up to 255 may be added in increments by consuming more bytes with a
82 ++ rate of at most 255 per extra byte (thus the compression ratio cannot exceed
83 ++ around 255:1). The variable length encoding using #bits is always the same :
84 ++
85 ++ length = byte & ((1 << #bits) - 1)
86 ++ if (!length) {
87 ++ length = ((1 << #bits) - 1)
88 ++ length += 255*(number of zero bytes)
89 ++ length += first-non-zero-byte
90 ++ }
91 ++ length += constant (generally 2 or 3)
92 ++
93 ++ For references to the dictionary, distances are relative to the output
94 ++ pointer. Distances are encoded using very few bits belonging to certain
95 ++ ranges, resulting in multiple copy instructions using different encodings.
96 ++ Certain encodings involve one extra byte, others involve two extra bytes
97 ++ forming a little-endian 16-bit quantity (marked LE16 below).
98 ++
99 ++ After any instruction except the large literal copy, 0, 1, 2 or 3 literals
100 ++ are copied before starting the next instruction. The number of literals that
101 ++ were copied may change the meaning and behaviour of the next instruction. In
102 ++ practice, only one instruction needs to know whether 0, less than 4, or more
103 ++ literals were copied. This is the information stored in the <state> variable
104 ++ in this implementation. This number of immediate literals to be copied is
105 ++ generally encoded in the last two bits of the instruction but may also be
106 ++ taken from the last two bits of an extra operand (eg: distance).
107 ++
108 ++ End of stream is declared when a block copy of distance 0 is seen. Only one
109 ++ instruction may encode this distance (0001HLLL), it takes one LE16 operand
110 ++ for the distance, thus requiring 3 bytes.
111 ++
112 ++ IMPORTANT NOTE : in the code some length checks are missing because certain
113 ++ instructions are called under the assumption that a certain number of bytes
114 ++ follow because it has already been garanteed before parsing the instructions.
115 ++ They just have to "refill" this credit if they consume extra bytes. This is
116 ++ an implementation design choice independant on the algorithm or encoding.
117 ++
118 ++Byte sequences
119 ++
120 ++ First byte encoding :
121 ++
122 ++ 0..17 : follow regular instruction encoding, see below. It is worth
123 ++ noting that codes 16 and 17 will represent a block copy from
124 ++ the dictionary which is empty, and that they will always be
125 ++ invalid at this place.
126 ++
127 ++ 18..21 : copy 0..3 literals
128 ++ state = (byte - 17) = 0..3 [ copy <state> literals ]
129 ++ skip byte
130 ++
131 ++ 22..255 : copy literal string
132 ++ length = (byte - 17) = 4..238
133 ++ state = 4 [ don't copy extra literals ]
134 ++ skip byte
135 ++
136 ++ Instruction encoding :
137 ++
138 ++ 0 0 0 0 X X X X (0..15)
139 ++ Depends on the number of literals copied by the last instruction.
140 ++ If last instruction did not copy any literal (state == 0), this
141 ++ encoding will be a copy of 4 or more literal, and must be interpreted
142 ++ like this :
143 ++
144 ++ 0 0 0 0 L L L L (0..15) : copy long literal string
145 ++ length = 3 + (L ?: 15 + (zero_bytes * 255) + non_zero_byte)
146 ++ state = 4 (no extra literals are copied)
147 ++
148 ++ If last instruction used to copy between 1 to 3 literals (encoded in
149 ++ the instruction's opcode or distance), the instruction is a copy of a
150 ++ 2-byte block from the dictionary within a 1kB distance. It is worth
151 ++ noting that this instruction provides little savings since it uses 2
152 ++ bytes to encode a copy of 2 other bytes but it encodes the number of
153 ++ following literals for free. It must be interpreted like this :
154 ++
155 ++ 0 0 0 0 D D S S (0..15) : copy 2 bytes from <= 1kB distance
156 ++ length = 2
157 ++ state = S (copy S literals after this block)
158 ++ Always followed by exactly one byte : H H H H H H H H
159 ++ distance = (H << 2) + D + 1
160 ++
161 ++ If last instruction used to copy 4 or more literals (as detected by
162 ++ state == 4), the instruction becomes a copy of a 3-byte block from the
163 ++ dictionary from a 2..3kB distance, and must be interpreted like this :
164 ++
165 ++ 0 0 0 0 D D S S (0..15) : copy 3 bytes from 2..3 kB distance
166 ++ length = 3
167 ++ state = S (copy S literals after this block)
168 ++ Always followed by exactly one byte : H H H H H H H H
169 ++ distance = (H << 2) + D + 2049
170 ++
171 ++ 0 0 0 1 H L L L (16..31)
172 ++ Copy of a block within 16..48kB distance (preferably less than 10B)
173 ++ length = 2 + (L ?: 7 + (zero_bytes * 255) + non_zero_byte)
174 ++ Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
175 ++ distance = 16384 + (H << 14) + D
176 ++ state = S (copy S literals after this block)
177 ++ End of stream is reached if distance == 16384
178 ++
179 ++ 0 0 1 L L L L L (32..63)
180 ++ Copy of small block within 16kB distance (preferably less than 34B)
181 ++ length = 2 + (L ?: 31 + (zero_bytes * 255) + non_zero_byte)
182 ++ Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
183 ++ distance = D + 1
184 ++ state = S (copy S literals after this block)
185 ++
186 ++ 0 1 L D D D S S (64..127)
187 ++ Copy 3-4 bytes from block within 2kB distance
188 ++ state = S (copy S literals after this block)
189 ++ length = 3 + L
190 ++ Always followed by exactly one byte : H H H H H H H H
191 ++ distance = (H << 3) + D + 1
192 ++
193 ++ 1 L L D D D S S (128..255)
194 ++ Copy 5-8 bytes from block within 2kB distance
195 ++ state = S (copy S literals after this block)
196 ++ length = 5 + L
197 ++ Always followed by exactly one byte : H H H H H H H H
198 ++ distance = (H << 3) + D + 1
199 ++
200 ++Authors
201 ++
202 ++ This document was written by Willy Tarreau <w@×××.eu> on 2014/07/19 during an
203 ++ analysis of the decompression code available in Linux 3.16-rc5. The code is
204 ++ tricky, it is possible that this document contains mistakes or that a few
205 ++ corner cases were overlooked. In any case, please report any doubt, fix, or
206 ++ proposed updates to the author(s) so that the document can be updated.
207 +diff --git a/Makefile b/Makefile
208 +index c27454b8ca3e..7baf27f5cf0f 100644
209 +--- a/Makefile
210 ++++ b/Makefile
211 +@@ -1,6 +1,6 @@
212 + VERSION = 3
213 + PATCHLEVEL = 10
214 +-SUBLEVEL = 58
215 ++SUBLEVEL = 59
216 + EXTRAVERSION =
217 + NAME = TOSSUG Baby Fish
218 +
219 +diff --git a/arch/arm/mach-at91/clock.c b/arch/arm/mach-at91/clock.c
220 +index da841885d01c..64f9f1045539 100644
221 +--- a/arch/arm/mach-at91/clock.c
222 ++++ b/arch/arm/mach-at91/clock.c
223 +@@ -947,6 +947,7 @@ static int __init at91_clock_reset(void)
224 + }
225 +
226 + at91_pmc_write(AT91_PMC_SCDR, scdr);
227 ++ at91_pmc_write(AT91_PMC_PCDR, pcdr);
228 + if (cpu_is_sama5d3())
229 + at91_pmc_write(AT91_PMC_PCDR1, pcdr1);
230 +
231 +diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h
232 +index 899af807ef0f..c30a548cee56 100644
233 +--- a/arch/arm64/include/asm/compat.h
234 ++++ b/arch/arm64/include/asm/compat.h
235 +@@ -33,8 +33,8 @@ typedef s32 compat_ssize_t;
236 + typedef s32 compat_time_t;
237 + typedef s32 compat_clock_t;
238 + typedef s32 compat_pid_t;
239 +-typedef u32 __compat_uid_t;
240 +-typedef u32 __compat_gid_t;
241 ++typedef u16 __compat_uid_t;
242 ++typedef u16 __compat_gid_t;
243 + typedef u16 __compat_uid16_t;
244 + typedef u16 __compat_gid16_t;
245 + typedef u32 __compat_uid32_t;
246 +diff --git a/arch/m68k/mm/hwtest.c b/arch/m68k/mm/hwtest.c
247 +index 2c7dde3c6430..2a5259fd23eb 100644
248 +--- a/arch/m68k/mm/hwtest.c
249 ++++ b/arch/m68k/mm/hwtest.c
250 +@@ -28,9 +28,11 @@
251 + int hwreg_present( volatile void *regp )
252 + {
253 + int ret = 0;
254 ++ unsigned long flags;
255 + long save_sp, save_vbr;
256 + long tmp_vectors[3];
257 +
258 ++ local_irq_save(flags);
259 + __asm__ __volatile__
260 + ( "movec %/vbr,%2\n\t"
261 + "movel #Lberr1,%4@(8)\n\t"
262 +@@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
263 + : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
264 + : "a" (regp), "a" (tmp_vectors)
265 + );
266 ++ local_irq_restore(flags);
267 +
268 + return( ret );
269 + }
270 +@@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
271 + int hwreg_write( volatile void *regp, unsigned short val )
272 + {
273 + int ret;
274 ++ unsigned long flags;
275 + long save_sp, save_vbr;
276 + long tmp_vectors[3];
277 +
278 ++ local_irq_save(flags);
279 + __asm__ __volatile__
280 + ( "movec %/vbr,%2\n\t"
281 + "movel #Lberr2,%4@(8)\n\t"
282 +@@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, unsigned short val )
283 + : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
284 + : "a" (regp), "a" (tmp_vectors), "g" (val)
285 + );
286 ++ local_irq_restore(flags);
287 +
288 + return( ret );
289 + }
290 +diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
291 +index 5c948177529e..bc79ab00536f 100644
292 +--- a/arch/s390/kvm/interrupt.c
293 ++++ b/arch/s390/kvm/interrupt.c
294 +@@ -71,6 +71,7 @@ static int __interrupt_is_deliverable(struct kvm_vcpu *vcpu,
295 + return 0;
296 + if (vcpu->arch.sie_block->gcr[0] & 0x2000ul)
297 + return 1;
298 ++ return 0;
299 + case KVM_S390_INT_EMERGENCY:
300 + if (psw_extint_disabled(vcpu))
301 + return 0;
302 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
303 +index f7f20f7fac3c..373058c9b75d 100644
304 +--- a/arch/x86/include/asm/kvm_host.h
305 ++++ b/arch/x86/include/asm/kvm_host.h
306 +@@ -463,6 +463,7 @@ struct kvm_vcpu_arch {
307 + u64 mmio_gva;
308 + unsigned access;
309 + gfn_t mmio_gfn;
310 ++ u64 mmio_gen;
311 +
312 + struct kvm_pmu pmu;
313 +
314 +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
315 +index f187806dfc18..8533e69d2b89 100644
316 +--- a/arch/x86/kernel/cpu/intel.c
317 ++++ b/arch/x86/kernel/cpu/intel.c
318 +@@ -154,6 +154,21 @@ static void __cpuinit early_init_intel(struct cpuinfo_x86 *c)
319 + setup_clear_cpu_cap(X86_FEATURE_ERMS);
320 + }
321 + }
322 ++
323 ++ /*
324 ++ * Intel Quark Core DevMan_001.pdf section 6.4.11
325 ++ * "The operating system also is required to invalidate (i.e., flush)
326 ++ * the TLB when any changes are made to any of the page table entries.
327 ++ * The operating system must reload CR3 to cause the TLB to be flushed"
328 ++ *
329 ++ * As a result cpu_has_pge() in arch/x86/include/asm/tlbflush.h should
330 ++ * be false so that __flush_tlb_all() causes CR3 insted of CR4.PGE
331 ++ * to be modified
332 ++ */
333 ++ if (c->x86 == 5 && c->x86_model == 9) {
334 ++ pr_info("Disabling PGE capability bit\n");
335 ++ setup_clear_cpu_cap(X86_FEATURE_PGE);
336 ++ }
337 + }
338 +
339 + #ifdef CONFIG_X86_32
340 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
341 +index 711c649f80b7..e14b1f8667bb 100644
342 +--- a/arch/x86/kvm/mmu.c
343 ++++ b/arch/x86/kvm/mmu.c
344 +@@ -3072,7 +3072,7 @@ static void mmu_sync_roots(struct kvm_vcpu *vcpu)
345 + if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
346 + return;
347 +
348 +- vcpu_clear_mmio_info(vcpu, ~0ul);
349 ++ vcpu_clear_mmio_info(vcpu, MMIO_GVA_ANY);
350 + kvm_mmu_audit(vcpu, AUDIT_PRE_SYNC);
351 + if (vcpu->arch.mmu.root_level == PT64_ROOT_LEVEL) {
352 + hpa_t root = vcpu->arch.mmu.root_hpa;
353 +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
354 +index 3186542f2fa3..7626d3efa064 100644
355 +--- a/arch/x86/kvm/x86.h
356 ++++ b/arch/x86/kvm/x86.h
357 +@@ -78,15 +78,23 @@ static inline void vcpu_cache_mmio_info(struct kvm_vcpu *vcpu,
358 + vcpu->arch.mmio_gva = gva & PAGE_MASK;
359 + vcpu->arch.access = access;
360 + vcpu->arch.mmio_gfn = gfn;
361 ++ vcpu->arch.mmio_gen = kvm_memslots(vcpu->kvm)->generation;
362 ++}
363 ++
364 ++static inline bool vcpu_match_mmio_gen(struct kvm_vcpu *vcpu)
365 ++{
366 ++ return vcpu->arch.mmio_gen == kvm_memslots(vcpu->kvm)->generation;
367 + }
368 +
369 + /*
370 +- * Clear the mmio cache info for the given gva,
371 +- * specially, if gva is ~0ul, we clear all mmio cache info.
372 ++ * Clear the mmio cache info for the given gva. If gva is MMIO_GVA_ANY, we
373 ++ * clear all mmio cache info.
374 + */
375 ++#define MMIO_GVA_ANY (~(gva_t)0)
376 ++
377 + static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
378 + {
379 +- if (gva != (~0ul) && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
380 ++ if (gva != MMIO_GVA_ANY && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
381 + return;
382 +
383 + vcpu->arch.mmio_gva = 0;
384 +@@ -94,7 +102,8 @@ static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
385 +
386 + static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
387 + {
388 +- if (vcpu->arch.mmio_gva && vcpu->arch.mmio_gva == (gva & PAGE_MASK))
389 ++ if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gva &&
390 ++ vcpu->arch.mmio_gva == (gva & PAGE_MASK))
391 + return true;
392 +
393 + return false;
394 +@@ -102,7 +111,8 @@ static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
395 +
396 + static inline bool vcpu_match_mmio_gpa(struct kvm_vcpu *vcpu, gpa_t gpa)
397 + {
398 +- if (vcpu->arch.mmio_gfn && vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
399 ++ if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gfn &&
400 ++ vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
401 + return true;
402 +
403 + return false;
404 +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
405 +index 01e21037d8fe..00a565676583 100644
406 +--- a/drivers/base/firmware_class.c
407 ++++ b/drivers/base/firmware_class.c
408 +@@ -1021,6 +1021,9 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
409 + if (!firmware_p)
410 + return -EINVAL;
411 +
412 ++ if (!name || name[0] == '\0')
413 ++ return -EINVAL;
414 ++
415 + ret = _request_firmware_prepare(&fw, name, device);
416 + if (ret <= 0) /* error or already assigned */
417 + goto out;
418 +diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
419 +index 975719bc3450..b41994fd8460 100644
420 +--- a/drivers/base/regmap/regmap-debugfs.c
421 ++++ b/drivers/base/regmap/regmap-debugfs.c
422 +@@ -460,16 +460,20 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
423 + {
424 + struct rb_node *next;
425 + struct regmap_range_node *range_node;
426 ++ const char *devname = "dummy";
427 +
428 + INIT_LIST_HEAD(&map->debugfs_off_cache);
429 + mutex_init(&map->cache_lock);
430 +
431 ++ if (map->dev)
432 ++ devname = dev_name(map->dev);
433 ++
434 + if (name) {
435 + map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
436 +- dev_name(map->dev), name);
437 ++ devname, name);
438 + name = map->debugfs_name;
439 + } else {
440 +- name = dev_name(map->dev);
441 ++ name = devname;
442 + }
443 +
444 + map->debugfs = debugfs_create_dir(name, regmap_debugfs_root);
445 +diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
446 +index 4b5cf2e34e9a..6a66f0b7d3d4 100644
447 +--- a/drivers/base/regmap/regmap.c
448 ++++ b/drivers/base/regmap/regmap.c
449 +@@ -1177,7 +1177,7 @@ int _regmap_write(struct regmap *map, unsigned int reg,
450 + }
451 +
452 + #ifdef LOG_DEVICE
453 +- if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
454 ++ if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
455 + dev_info(map->dev, "%x <= %x\n", reg, val);
456 + #endif
457 +
458 +@@ -1437,7 +1437,7 @@ static int _regmap_read(struct regmap *map, unsigned int reg,
459 + ret = map->reg_read(context, reg, val);
460 + if (ret == 0) {
461 + #ifdef LOG_DEVICE
462 +- if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
463 ++ if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
464 + dev_info(map->dev, "%x => %x\n", reg, *val);
465 + #endif
466 +
467 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
468 +index 45aa8e760124..61a8ec4e5f4d 100644
469 +--- a/drivers/bluetooth/btusb.c
470 ++++ b/drivers/bluetooth/btusb.c
471 +@@ -302,6 +302,9 @@ static void btusb_intr_complete(struct urb *urb)
472 + BT_ERR("%s corrupted event packet", hdev->name);
473 + hdev->stat.err_rx++;
474 + }
475 ++ } else if (urb->status == -ENOENT) {
476 ++ /* Avoid suspend failed when usb_kill_urb */
477 ++ return;
478 + }
479 +
480 + if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
481 +@@ -390,6 +393,9 @@ static void btusb_bulk_complete(struct urb *urb)
482 + BT_ERR("%s corrupted ACL packet", hdev->name);
483 + hdev->stat.err_rx++;
484 + }
485 ++ } else if (urb->status == -ENOENT) {
486 ++ /* Avoid suspend failed when usb_kill_urb */
487 ++ return;
488 + }
489 +
490 + if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
491 +@@ -484,6 +490,9 @@ static void btusb_isoc_complete(struct urb *urb)
492 + hdev->stat.err_rx++;
493 + }
494 + }
495 ++ } else if (urb->status == -ENOENT) {
496 ++ /* Avoid suspend failed when usb_kill_urb */
497 ++ return;
498 + }
499 +
500 + if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
501 +diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
502 +index db0be2fb05fe..db35c542eb20 100644
503 +--- a/drivers/bluetooth/hci_h5.c
504 ++++ b/drivers/bluetooth/hci_h5.c
505 +@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
506 + break;
507 +
508 + to_remove--;
509 +- seq = (seq - 1) % 8;
510 ++ seq = (seq - 1) & 0x07;
511 + }
512 +
513 + if (seq != h5->rx_ack)
514 +diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
515 +index 0b122f8c7005..92f34de7aee9 100644
516 +--- a/drivers/hv/channel.c
517 ++++ b/drivers/hv/channel.c
518 +@@ -199,8 +199,10 @@ int vmbus_open(struct vmbus_channel *newchannel, u32 send_ringbuffer_size,
519 + ret = vmbus_post_msg(open_msg,
520 + sizeof(struct vmbus_channel_open_channel));
521 +
522 +- if (ret != 0)
523 ++ if (ret != 0) {
524 ++ err = ret;
525 + goto error1;
526 ++ }
527 +
528 + t = wait_for_completion_timeout(&open_info->waitevent, 5*HZ);
529 + if (t == 0) {
530 +@@ -392,7 +394,6 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
531 + u32 next_gpadl_handle;
532 + unsigned long flags;
533 + int ret = 0;
534 +- int t;
535 +
536 + next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
537 + atomic_inc(&vmbus_connection.next_gpadl_handle);
538 +@@ -439,9 +440,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
539 +
540 + }
541 + }
542 +- t = wait_for_completion_timeout(&msginfo->waitevent, 5*HZ);
543 +- BUG_ON(t == 0);
544 +-
545 ++ wait_for_completion(&msginfo->waitevent);
546 +
547 + /* At this point, we received the gpadl created msg */
548 + *gpadl_handle = gpadlmsg->gpadl;
549 +@@ -464,7 +463,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
550 + struct vmbus_channel_gpadl_teardown *msg;
551 + struct vmbus_channel_msginfo *info;
552 + unsigned long flags;
553 +- int ret, t;
554 ++ int ret;
555 +
556 + info = kmalloc(sizeof(*info) +
557 + sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL);
558 +@@ -486,11 +485,12 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
559 + ret = vmbus_post_msg(msg,
560 + sizeof(struct vmbus_channel_gpadl_teardown));
561 +
562 +- BUG_ON(ret != 0);
563 +- t = wait_for_completion_timeout(&info->waitevent, 5*HZ);
564 +- BUG_ON(t == 0);
565 ++ if (ret)
566 ++ goto post_msg_err;
567 ++
568 ++ wait_for_completion(&info->waitevent);
569 +
570 +- /* Received a torndown response */
571 ++post_msg_err:
572 + spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
573 + list_del(&info->msglistentry);
574 + spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
575 +diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
576 +index b9f5d295cbec..a3b555808768 100644
577 +--- a/drivers/hv/connection.c
578 ++++ b/drivers/hv/connection.c
579 +@@ -393,10 +393,21 @@ int vmbus_post_msg(void *buffer, size_t buflen)
580 + * insufficient resources. Retry the operation a couple of
581 + * times before giving up.
582 + */
583 +- while (retries < 3) {
584 +- ret = hv_post_message(conn_id, 1, buffer, buflen);
585 +- if (ret != HV_STATUS_INSUFFICIENT_BUFFERS)
586 ++ while (retries < 10) {
587 ++ ret = hv_post_message(conn_id, 1, buffer, buflen);
588 ++
589 ++ switch (ret) {
590 ++ case HV_STATUS_INSUFFICIENT_BUFFERS:
591 ++ ret = -ENOMEM;
592 ++ case -ENOMEM:
593 ++ break;
594 ++ case HV_STATUS_SUCCESS:
595 + return ret;
596 ++ default:
597 ++ pr_err("hv_post_msg() failed; error code:%d\n", ret);
598 ++ return -EINVAL;
599 ++ }
600 ++
601 + retries++;
602 + msleep(100);
603 + }
604 +diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c
605 +index 5653e505f91f..424f51d1e2ce 100644
606 +--- a/drivers/message/fusion/mptspi.c
607 ++++ b/drivers/message/fusion/mptspi.c
608 +@@ -1422,6 +1422,11 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id)
609 + goto out_mptspi_probe;
610 + }
611 +
612 ++ /* VMWare emulation doesn't properly implement WRITE_SAME
613 ++ */
614 ++ if (pdev->subsystem_vendor == 0x15AD)
615 ++ sh->no_write_same = 1;
616 ++
617 + spin_lock_irqsave(&ioc->FreeQlock, flags);
618 +
619 + /* Attach the SCSI Host to the IOC structure
620 +diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
621 +index b53e5c3f403b..bb020ad3f76c 100644
622 +--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
623 ++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
624 +@@ -269,6 +269,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
625 + {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)},
626 + {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)},
627 + {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)},
628 ++ {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)},
629 ++ {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)},
630 + {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)},
631 + {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)},
632 + {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)},
633 +@@ -306,6 +308,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
634 + {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)},
635 + {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)},
636 + {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)},
637 ++ {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)},
638 ++ {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)},
639 + {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)},
640 + {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)},
641 + {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)},
642 +diff --git a/drivers/net/wireless/rt2x00/rt2800.h b/drivers/net/wireless/rt2x00/rt2800.h
643 +index a7630d5ec892..a629313dd98a 100644
644 +--- a/drivers/net/wireless/rt2x00/rt2800.h
645 ++++ b/drivers/net/wireless/rt2x00/rt2800.h
646 +@@ -1920,7 +1920,7 @@ struct mac_iveiv_entry {
647 + * 2 - drop tx power by 12dBm,
648 + * 3 - increase tx power by 6dBm
649 + */
650 +-#define BBP1_TX_POWER_CTRL FIELD8(0x07)
651 ++#define BBP1_TX_POWER_CTRL FIELD8(0x03)
652 + #define BBP1_TX_ANTENNA FIELD8(0x18)
653 +
654 + /*
655 +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
656 +index 5b4a9d9cd200..689f3c87ee5c 100644
657 +--- a/drivers/pci/pci-sysfs.c
658 ++++ b/drivers/pci/pci-sysfs.c
659 +@@ -175,7 +175,7 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
660 + {
661 + struct pci_dev *pci_dev = to_pci_dev(dev);
662 +
663 +- return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n",
664 ++ return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n",
665 + pci_dev->vendor, pci_dev->device,
666 + pci_dev->subsystem_vendor, pci_dev->subsystem_device,
667 + (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8),
668 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
669 +index 4510279e28dc..910339c0791f 100644
670 +--- a/drivers/pci/quirks.c
671 ++++ b/drivers/pci/quirks.c
672 +@@ -28,6 +28,7 @@
673 + #include <linux/ioport.h>
674 + #include <linux/sched.h>
675 + #include <linux/ktime.h>
676 ++#include <linux/mm.h>
677 + #include <asm/dma.h> /* isa_dma_bridge_buggy */
678 + #include "pci.h"
679 +
680 +@@ -291,6 +292,25 @@ static void quirk_citrine(struct pci_dev *dev)
681 + }
682 + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine);
683 +
684 ++/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */
685 ++static void quirk_extend_bar_to_page(struct pci_dev *dev)
686 ++{
687 ++ int i;
688 ++
689 ++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) {
690 ++ struct resource *r = &dev->resource[i];
691 ++
692 ++ if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) {
693 ++ r->end = PAGE_SIZE - 1;
694 ++ r->start = 0;
695 ++ r->flags |= IORESOURCE_UNSET;
696 ++ dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n",
697 ++ i, r);
698 ++ }
699 ++ }
700 ++}
701 ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page);
702 ++
703 + /*
704 + * S3 868 and 968 chips report region size equal to 32M, but they decode 64M.
705 + * If it's needed, re-allocate the region.
706 +diff --git a/drivers/scsi/be2iscsi/be_mgmt.c b/drivers/scsi/be2iscsi/be_mgmt.c
707 +index 245a9595a93a..ef0a78b0d730 100644
708 +--- a/drivers/scsi/be2iscsi/be_mgmt.c
709 ++++ b/drivers/scsi/be2iscsi/be_mgmt.c
710 +@@ -812,17 +812,20 @@ mgmt_static_ip_modify(struct beiscsi_hba *phba,
711 +
712 + if (ip_action == IP_ACTION_ADD) {
713 + memcpy(req->ip_params.ip_record.ip_addr.addr, ip_param->value,
714 +- ip_param->len);
715 ++ sizeof(req->ip_params.ip_record.ip_addr.addr));
716 +
717 + if (subnet_param)
718 + memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
719 +- subnet_param->value, subnet_param->len);
720 ++ subnet_param->value,
721 ++ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
722 + } else {
723 + memcpy(req->ip_params.ip_record.ip_addr.addr,
724 +- if_info->ip_addr.addr, ip_param->len);
725 ++ if_info->ip_addr.addr,
726 ++ sizeof(req->ip_params.ip_record.ip_addr.addr));
727 +
728 + memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
729 +- if_info->ip_addr.subnet_mask, ip_param->len);
730 ++ if_info->ip_addr.subnet_mask,
731 ++ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
732 + }
733 +
734 + rc = mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
735 +@@ -850,7 +853,7 @@ static int mgmt_modify_gateway(struct beiscsi_hba *phba, uint8_t *gt_addr,
736 + req->action = gtway_action;
737 + req->ip_addr.ip_type = BE2_IPV4;
738 +
739 +- memcpy(req->ip_addr.addr, gt_addr, param_len);
740 ++ memcpy(req->ip_addr.addr, gt_addr, sizeof(req->ip_addr.addr));
741 +
742 + return mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
743 + }
744 +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
745 +index f033b191a022..e6884940d107 100644
746 +--- a/drivers/scsi/qla2xxx/qla_target.c
747 ++++ b/drivers/scsi/qla2xxx/qla_target.c
748 +@@ -1514,12 +1514,10 @@ static inline void qlt_unmap_sg(struct scsi_qla_host *vha,
749 + static int qlt_check_reserve_free_req(struct scsi_qla_host *vha,
750 + uint32_t req_cnt)
751 + {
752 +- struct qla_hw_data *ha = vha->hw;
753 +- device_reg_t __iomem *reg = ha->iobase;
754 + uint32_t cnt;
755 +
756 + if (vha->req->cnt < (req_cnt + 2)) {
757 +- cnt = (uint16_t)RD_REG_DWORD(&reg->isp24.req_q_out);
758 ++ cnt = (uint16_t)RD_REG_DWORD(vha->req->req_q_out);
759 +
760 + ql_dbg(ql_dbg_tgt, vha, 0xe00a,
761 + "Request ring circled: cnt=%d, vha->->ring_index=%d, "
762 +diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
763 +index b9f0192758d6..0791c92e8c50 100644
764 +--- a/drivers/spi/spi-dw-mid.c
765 ++++ b/drivers/spi/spi-dw-mid.c
766 +@@ -89,7 +89,13 @@ err_exit:
767 +
768 + static void mid_spi_dma_exit(struct dw_spi *dws)
769 + {
770 ++ if (!dws->dma_inited)
771 ++ return;
772 ++
773 ++ dmaengine_terminate_all(dws->txchan);
774 + dma_release_channel(dws->txchan);
775 ++
776 ++ dmaengine_terminate_all(dws->rxchan);
777 + dma_release_channel(dws->rxchan);
778 + }
779 +
780 +@@ -136,7 +142,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
781 + txconf.dst_addr = dws->dma_addr;
782 + txconf.dst_maxburst = LNW_DMA_MSIZE_16;
783 + txconf.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
784 +- txconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
785 ++ txconf.dst_addr_width = dws->dma_width;
786 + txconf.device_fc = false;
787 +
788 + txchan->device->device_control(txchan, DMA_SLAVE_CONFIG,
789 +@@ -159,7 +165,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
790 + rxconf.src_addr = dws->dma_addr;
791 + rxconf.src_maxburst = LNW_DMA_MSIZE_16;
792 + rxconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
793 +- rxconf.src_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
794 ++ rxconf.src_addr_width = dws->dma_width;
795 + rxconf.device_fc = false;
796 +
797 + rxchan->device->device_control(rxchan, DMA_SLAVE_CONFIG,
798 +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
799 +index 8fcd2424e7f9..187911fbabce 100644
800 +--- a/fs/btrfs/inode.c
801 ++++ b/fs/btrfs/inode.c
802 +@@ -3545,7 +3545,8 @@ noinline int btrfs_update_inode(struct btrfs_trans_handle *trans,
803 + * without delay
804 + */
805 + if (!btrfs_is_free_space_inode(inode)
806 +- && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID) {
807 ++ && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID
808 ++ && !root->fs_info->log_root_recovering) {
809 + btrfs_update_root_times(trans, root);
810 +
811 + ret = btrfs_delayed_update_inode(trans, root, inode);
812 +diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
813 +index b3896d5f233a..0e7f7765b3bb 100644
814 +--- a/fs/btrfs/relocation.c
815 ++++ b/fs/btrfs/relocation.c
816 +@@ -967,8 +967,11 @@ again:
817 + need_check = false;
818 + list_add_tail(&edge->list[UPPER],
819 + &list);
820 +- } else
821 ++ } else {
822 ++ if (upper->checked)
823 ++ need_check = true;
824 + INIT_LIST_HEAD(&edge->list[UPPER]);
825 ++ }
826 + } else {
827 + upper = rb_entry(rb_node, struct backref_node,
828 + rb_node);
829 +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
830 +index 0544587d74f4..1f214689fa5e 100644
831 +--- a/fs/btrfs/transaction.c
832 ++++ b/fs/btrfs/transaction.c
833 +@@ -524,7 +524,6 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
834 + if (transid <= root->fs_info->last_trans_committed)
835 + goto out;
836 +
837 +- ret = -EINVAL;
838 + /* find specified transaction */
839 + spin_lock(&root->fs_info->trans_lock);
840 + list_for_each_entry(t, &root->fs_info->trans_list, list) {
841 +@@ -540,9 +539,16 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
842 + }
843 + }
844 + spin_unlock(&root->fs_info->trans_lock);
845 +- /* The specified transaction doesn't exist */
846 +- if (!cur_trans)
847 ++
848 ++ /*
849 ++ * The specified transaction doesn't exist, or we
850 ++ * raced with btrfs_commit_transaction
851 ++ */
852 ++ if (!cur_trans) {
853 ++ if (transid > root->fs_info->last_trans_committed)
854 ++ ret = -EINVAL;
855 + goto out;
856 ++ }
857 + } else {
858 + /* find newest transaction that is committing | committed */
859 + spin_lock(&root->fs_info->trans_lock);
860 +diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
861 +index 5eab400e2590..41baf8b5e0eb 100644
862 +--- a/fs/ecryptfs/inode.c
863 ++++ b/fs/ecryptfs/inode.c
864 +@@ -1051,7 +1051,7 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
865 + }
866 +
867 + rc = vfs_setxattr(lower_dentry, name, value, size, flags);
868 +- if (!rc)
869 ++ if (!rc && dentry->d_inode)
870 + fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode);
871 + out:
872 + return rc;
873 +diff --git a/fs/namespace.c b/fs/namespace.c
874 +index 00409add4d96..7f6a9348c589 100644
875 +--- a/fs/namespace.c
876 ++++ b/fs/namespace.c
877 +@@ -1274,6 +1274,8 @@ static int do_umount(struct mount *mnt, int flags)
878 + * Special case for "unmounting" root ...
879 + * we just try to remount it readonly.
880 + */
881 ++ if (!capable(CAP_SYS_ADMIN))
882 ++ return -EPERM;
883 + down_write(&sb->s_umount);
884 + if (!(sb->s_flags & MS_RDONLY))
885 + retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
886 +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
887 +index 3fc87b6f9def..69fc437be661 100644
888 +--- a/fs/nfs/nfs4proc.c
889 ++++ b/fs/nfs/nfs4proc.c
890 +@@ -6067,7 +6067,7 @@ static int nfs41_proc_async_sequence(struct nfs_client *clp, struct rpc_cred *cr
891 + int ret = 0;
892 +
893 + if ((renew_flags & NFS4_RENEW_TIMEOUT) == 0)
894 +- return 0;
895 ++ return -EAGAIN;
896 + task = _nfs41_proc_sequence(clp, cred, false);
897 + if (IS_ERR(task))
898 + ret = PTR_ERR(task);
899 +diff --git a/fs/nfs/nfs4renewd.c b/fs/nfs/nfs4renewd.c
900 +index 1720d32ffa54..e1ba58c3d1ad 100644
901 +--- a/fs/nfs/nfs4renewd.c
902 ++++ b/fs/nfs/nfs4renewd.c
903 +@@ -88,10 +88,18 @@ nfs4_renew_state(struct work_struct *work)
904 + }
905 + nfs_expire_all_delegations(clp);
906 + } else {
907 ++ int ret;
908 ++
909 + /* Queue an asynchronous RENEW. */
910 +- ops->sched_state_renewal(clp, cred, renew_flags);
911 ++ ret = ops->sched_state_renewal(clp, cred, renew_flags);
912 + put_rpccred(cred);
913 +- goto out_exp;
914 ++ switch (ret) {
915 ++ default:
916 ++ goto out_exp;
917 ++ case -EAGAIN:
918 ++ case -ENOMEM:
919 ++ break;
920 ++ }
921 + }
922 + } else {
923 + dprintk("%s: failed to call renewd. Reason: lease not expired \n",
924 +diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
925 +index 2c37442ed936..d482b86d0e0b 100644
926 +--- a/fs/nfs/nfs4state.c
927 ++++ b/fs/nfs/nfs4state.c
928 +@@ -1699,7 +1699,8 @@ restart:
929 + if (status < 0) {
930 + set_bit(ops->owner_flag_bit, &sp->so_flags);
931 + nfs4_put_state_owner(sp);
932 +- return nfs4_recovery_handle_error(clp, status);
933 ++ status = nfs4_recovery_handle_error(clp, status);
934 ++ return (status != 0) ? status : -EAGAIN;
935 + }
936 +
937 + nfs4_put_state_owner(sp);
938 +@@ -1708,7 +1709,7 @@ restart:
939 + spin_unlock(&clp->cl_lock);
940 + }
941 + rcu_read_unlock();
942 +- return status;
943 ++ return 0;
944 + }
945 +
946 + static int nfs4_check_lease(struct nfs_client *clp)
947 +@@ -1755,7 +1756,6 @@ static int nfs4_handle_reclaim_lease_error(struct nfs_client *clp, int status)
948 + break;
949 + case -NFS4ERR_STALE_CLIENTID:
950 + clear_bit(NFS4CLNT_LEASE_CONFIRM, &clp->cl_state);
951 +- nfs4_state_clear_reclaim_reboot(clp);
952 + nfs4_state_start_reclaim_reboot(clp);
953 + break;
954 + case -NFS4ERR_CLID_INUSE:
955 +@@ -2174,14 +2174,11 @@ static void nfs4_state_manager(struct nfs_client *clp)
956 + section = "reclaim reboot";
957 + status = nfs4_do_reclaim(clp,
958 + clp->cl_mvops->reboot_recovery_ops);
959 +- if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
960 +- test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state))
961 +- continue;
962 +- nfs4_state_end_reclaim_reboot(clp);
963 +- if (test_bit(NFS4CLNT_RECLAIM_NOGRACE, &clp->cl_state))
964 ++ if (status == -EAGAIN)
965 + continue;
966 + if (status < 0)
967 + goto out_error;
968 ++ nfs4_state_end_reclaim_reboot(clp);
969 + }
970 +
971 + /* Now recover expired state... */
972 +@@ -2189,9 +2186,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
973 + section = "reclaim nograce";
974 + status = nfs4_do_reclaim(clp,
975 + clp->cl_mvops->nograce_recovery_ops);
976 +- if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
977 +- test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state) ||
978 +- test_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state))
979 ++ if (status == -EAGAIN)
980 + continue;
981 + if (status < 0)
982 + goto out_error;
983 +diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
984 +index f1680cdbd88b..9be6b4163406 100644
985 +--- a/fs/notify/fanotify/fanotify_user.c
986 ++++ b/fs/notify/fanotify/fanotify_user.c
987 +@@ -69,7 +69,7 @@ static int create_fd(struct fsnotify_group *group,
988 +
989 + pr_debug("%s: group=%p event=%p\n", __func__, group, event);
990 +
991 +- client_fd = get_unused_fd();
992 ++ client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
993 + if (client_fd < 0)
994 + return client_fd;
995 +
996 +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
997 +new file mode 100644
998 +index 000000000000..cdd1cc202d51
999 +--- /dev/null
1000 ++++ b/include/linux/compiler-gcc5.h
1001 +@@ -0,0 +1,66 @@
1002 ++#ifndef __LINUX_COMPILER_H
1003 ++#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
1004 ++#endif
1005 ++
1006 ++#define __used __attribute__((__used__))
1007 ++#define __must_check __attribute__((warn_unused_result))
1008 ++#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
1009 ++
1010 ++/* Mark functions as cold. gcc will assume any path leading to a call
1011 ++ to them will be unlikely. This means a lot of manual unlikely()s
1012 ++ are unnecessary now for any paths leading to the usual suspects
1013 ++ like BUG(), printk(), panic() etc. [but let's keep them for now for
1014 ++ older compilers]
1015 ++
1016 ++ Early snapshots of gcc 4.3 don't support this and we can't detect this
1017 ++ in the preprocessor, but we can live with this because they're unreleased.
1018 ++ Maketime probing would be overkill here.
1019 ++
1020 ++ gcc also has a __attribute__((__hot__)) to move hot functions into
1021 ++ a special section, but I don't see any sense in this right now in
1022 ++ the kernel context */
1023 ++#define __cold __attribute__((__cold__))
1024 ++
1025 ++#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
1026 ++
1027 ++#ifndef __CHECKER__
1028 ++# define __compiletime_warning(message) __attribute__((warning(message)))
1029 ++# define __compiletime_error(message) __attribute__((error(message)))
1030 ++#endif /* __CHECKER__ */
1031 ++
1032 ++/*
1033 ++ * Mark a position in code as unreachable. This can be used to
1034 ++ * suppress control flow warnings after asm blocks that transfer
1035 ++ * control elsewhere.
1036 ++ *
1037 ++ * Early snapshots of gcc 4.5 don't support this and we can't detect
1038 ++ * this in the preprocessor, but we can live with this because they're
1039 ++ * unreleased. Really, we need to have autoconf for the kernel.
1040 ++ */
1041 ++#define unreachable() __builtin_unreachable()
1042 ++
1043 ++/* Mark a function definition as prohibited from being cloned. */
1044 ++#define __noclone __attribute__((__noclone__))
1045 ++
1046 ++/*
1047 ++ * Tell the optimizer that something else uses this function or variable.
1048 ++ */
1049 ++#define __visible __attribute__((externally_visible))
1050 ++
1051 ++/*
1052 ++ * GCC 'asm goto' miscompiles certain code sequences:
1053 ++ *
1054 ++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
1055 ++ *
1056 ++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
1057 ++ * Fixed in GCC 4.8.2 and later versions.
1058 ++ *
1059 ++ * (asm goto is automatically volatile - the naming reflects this.)
1060 ++ */
1061 ++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
1062 ++
1063 ++#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
1064 ++#define __HAVE_BUILTIN_BSWAP32__
1065 ++#define __HAVE_BUILTIN_BSWAP64__
1066 ++#define __HAVE_BUILTIN_BSWAP16__
1067 ++#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
1068 +diff --git a/include/linux/sched.h b/include/linux/sched.h
1069 +index 8293545ac9b7..f87e9a8d364f 100644
1070 +--- a/include/linux/sched.h
1071 ++++ b/include/linux/sched.h
1072 +@@ -1670,11 +1670,13 @@ extern void thread_group_cputime_adjusted(struct task_struct *p, cputime_t *ut,
1073 + #define tsk_used_math(p) ((p)->flags & PF_USED_MATH)
1074 + #define used_math() tsk_used_math(current)
1075 +
1076 +-/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */
1077 ++/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags
1078 ++ * __GFP_FS is also cleared as it implies __GFP_IO.
1079 ++ */
1080 + static inline gfp_t memalloc_noio_flags(gfp_t flags)
1081 + {
1082 + if (unlikely(current->flags & PF_MEMALLOC_NOIO))
1083 +- flags &= ~__GFP_IO;
1084 ++ flags &= ~(__GFP_IO | __GFP_FS);
1085 + return flags;
1086 + }
1087 +
1088 +diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
1089 +index 8563081e8da3..a1c387f6afba 100644
1090 +--- a/lib/lzo/lzo1x_decompress_safe.c
1091 ++++ b/lib/lzo/lzo1x_decompress_safe.c
1092 +@@ -19,31 +19,21 @@
1093 + #include <linux/lzo.h>
1094 + #include "lzodefs.h"
1095 +
1096 +-#define HAVE_IP(t, x) \
1097 +- (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
1098 +- (((t + x) >= t) && ((t + x) >= x)))
1099 ++#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
1100 ++#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
1101 ++#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
1102 ++#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
1103 ++#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
1104 +
1105 +-#define HAVE_OP(t, x) \
1106 +- (((size_t)(op_end - op) >= (size_t)(t + x)) && \
1107 +- (((t + x) >= t) && ((t + x) >= x)))
1108 +-
1109 +-#define NEED_IP(t, x) \
1110 +- do { \
1111 +- if (!HAVE_IP(t, x)) \
1112 +- goto input_overrun; \
1113 +- } while (0)
1114 +-
1115 +-#define NEED_OP(t, x) \
1116 +- do { \
1117 +- if (!HAVE_OP(t, x)) \
1118 +- goto output_overrun; \
1119 +- } while (0)
1120 +-
1121 +-#define TEST_LB(m_pos) \
1122 +- do { \
1123 +- if ((m_pos) < out) \
1124 +- goto lookbehind_overrun; \
1125 +- } while (0)
1126 ++/* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
1127 ++ * count without overflowing an integer. The multiply will overflow when
1128 ++ * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
1129 ++ * depending on the base count. Since the base count is taken from a u8
1130 ++ * and a few bits, it is safe to assume that it will always be lower than
1131 ++ * or equal to 2*255, thus we can always prevent any overflow by accepting
1132 ++ * two less 255 steps. See Documentation/lzo.txt for more information.
1133 ++ */
1134 ++#define MAX_255_COUNT ((((size_t)~0) / 255) - 2)
1135 +
1136 + int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
1137 + unsigned char *out, size_t *out_len)
1138 +@@ -75,17 +65,24 @@ int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
1139 + if (t < 16) {
1140 + if (likely(state == 0)) {
1141 + if (unlikely(t == 0)) {
1142 ++ size_t offset;
1143 ++ const unsigned char *ip_last = ip;
1144 ++
1145 + while (unlikely(*ip == 0)) {
1146 +- t += 255;
1147 + ip++;
1148 +- NEED_IP(1, 0);
1149 ++ NEED_IP(1);
1150 + }
1151 +- t += 15 + *ip++;
1152 ++ offset = ip - ip_last;
1153 ++ if (unlikely(offset > MAX_255_COUNT))
1154 ++ return LZO_E_ERROR;
1155 ++
1156 ++ offset = (offset << 8) - offset;
1157 ++ t += offset + 15 + *ip++;
1158 + }
1159 + t += 3;
1160 + copy_literal_run:
1161 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
1162 +- if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
1163 ++ if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
1164 + const unsigned char *ie = ip + t;
1165 + unsigned char *oe = op + t;
1166 + do {
1167 +@@ -101,8 +98,8 @@ copy_literal_run:
1168 + } else
1169 + #endif
1170 + {
1171 +- NEED_OP(t, 0);
1172 +- NEED_IP(t, 3);
1173 ++ NEED_OP(t);
1174 ++ NEED_IP(t + 3);
1175 + do {
1176 + *op++ = *ip++;
1177 + } while (--t > 0);
1178 +@@ -115,7 +112,7 @@ copy_literal_run:
1179 + m_pos -= t >> 2;
1180 + m_pos -= *ip++ << 2;
1181 + TEST_LB(m_pos);
1182 +- NEED_OP(2, 0);
1183 ++ NEED_OP(2);
1184 + op[0] = m_pos[0];
1185 + op[1] = m_pos[1];
1186 + op += 2;
1187 +@@ -136,13 +133,20 @@ copy_literal_run:
1188 + } else if (t >= 32) {
1189 + t = (t & 31) + (3 - 1);
1190 + if (unlikely(t == 2)) {
1191 ++ size_t offset;
1192 ++ const unsigned char *ip_last = ip;
1193 ++
1194 + while (unlikely(*ip == 0)) {
1195 +- t += 255;
1196 + ip++;
1197 +- NEED_IP(1, 0);
1198 ++ NEED_IP(1);
1199 + }
1200 +- t += 31 + *ip++;
1201 +- NEED_IP(2, 0);
1202 ++ offset = ip - ip_last;
1203 ++ if (unlikely(offset > MAX_255_COUNT))
1204 ++ return LZO_E_ERROR;
1205 ++
1206 ++ offset = (offset << 8) - offset;
1207 ++ t += offset + 31 + *ip++;
1208 ++ NEED_IP(2);
1209 + }
1210 + m_pos = op - 1;
1211 + next = get_unaligned_le16(ip);
1212 +@@ -154,13 +158,20 @@ copy_literal_run:
1213 + m_pos -= (t & 8) << 11;
1214 + t = (t & 7) + (3 - 1);
1215 + if (unlikely(t == 2)) {
1216 ++ size_t offset;
1217 ++ const unsigned char *ip_last = ip;
1218 ++
1219 + while (unlikely(*ip == 0)) {
1220 +- t += 255;
1221 + ip++;
1222 +- NEED_IP(1, 0);
1223 ++ NEED_IP(1);
1224 + }
1225 +- t += 7 + *ip++;
1226 +- NEED_IP(2, 0);
1227 ++ offset = ip - ip_last;
1228 ++ if (unlikely(offset > MAX_255_COUNT))
1229 ++ return LZO_E_ERROR;
1230 ++
1231 ++ offset = (offset << 8) - offset;
1232 ++ t += offset + 7 + *ip++;
1233 ++ NEED_IP(2);
1234 + }
1235 + next = get_unaligned_le16(ip);
1236 + ip += 2;
1237 +@@ -174,7 +185,7 @@ copy_literal_run:
1238 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
1239 + if (op - m_pos >= 8) {
1240 + unsigned char *oe = op + t;
1241 +- if (likely(HAVE_OP(t, 15))) {
1242 ++ if (likely(HAVE_OP(t + 15))) {
1243 + do {
1244 + COPY8(op, m_pos);
1245 + op += 8;
1246 +@@ -184,7 +195,7 @@ copy_literal_run:
1247 + m_pos += 8;
1248 + } while (op < oe);
1249 + op = oe;
1250 +- if (HAVE_IP(6, 0)) {
1251 ++ if (HAVE_IP(6)) {
1252 + state = next;
1253 + COPY4(op, ip);
1254 + op += next;
1255 +@@ -192,7 +203,7 @@ copy_literal_run:
1256 + continue;
1257 + }
1258 + } else {
1259 +- NEED_OP(t, 0);
1260 ++ NEED_OP(t);
1261 + do {
1262 + *op++ = *m_pos++;
1263 + } while (op < oe);
1264 +@@ -201,7 +212,7 @@ copy_literal_run:
1265 + #endif
1266 + {
1267 + unsigned char *oe = op + t;
1268 +- NEED_OP(t, 0);
1269 ++ NEED_OP(t);
1270 + op[0] = m_pos[0];
1271 + op[1] = m_pos[1];
1272 + op += 2;
1273 +@@ -214,15 +225,15 @@ match_next:
1274 + state = next;
1275 + t = next;
1276 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
1277 +- if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
1278 ++ if (likely(HAVE_IP(6) && HAVE_OP(4))) {
1279 + COPY4(op, ip);
1280 + op += t;
1281 + ip += t;
1282 + } else
1283 + #endif
1284 + {
1285 +- NEED_IP(t, 3);
1286 +- NEED_OP(t, 0);
1287 ++ NEED_IP(t + 3);
1288 ++ NEED_OP(t);
1289 + while (t > 0) {
1290 + *op++ = *ip++;
1291 + t--;
1292 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
1293 +index f92818155958..175dca44c97e 100644
1294 +--- a/sound/core/pcm_native.c
1295 ++++ b/sound/core/pcm_native.c
1296 +@@ -3197,7 +3197,7 @@ static const struct vm_operations_struct snd_pcm_vm_ops_data_fault = {
1297 +
1298 + #ifndef ARCH_HAS_DMA_MMAP_COHERENT
1299 + /* This should be defined / handled globally! */
1300 +-#ifdef CONFIG_ARM
1301 ++#if defined(CONFIG_ARM) || defined(CONFIG_ARM64)
1302 + #define ARCH_HAS_DMA_MMAP_COHERENT
1303 + #endif
1304 + #endif
1305 +diff --git a/sound/pci/emu10k1/emu10k1_callback.c b/sound/pci/emu10k1/emu10k1_callback.c
1306 +index cae36597aa71..0a34b5f1c475 100644
1307 +--- a/sound/pci/emu10k1/emu10k1_callback.c
1308 ++++ b/sound/pci/emu10k1/emu10k1_callback.c
1309 +@@ -85,6 +85,8 @@ snd_emu10k1_ops_setup(struct snd_emux *emux)
1310 + * get more voice for pcm
1311 + *
1312 + * terminate most inactive voice and give it as a pcm voice.
1313 ++ *
1314 ++ * voice_lock is already held.
1315 + */
1316 + int
1317 + snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
1318 +@@ -92,12 +94,10 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
1319 + struct snd_emux *emu;
1320 + struct snd_emux_voice *vp;
1321 + struct best_voice best[V_END];
1322 +- unsigned long flags;
1323 + int i;
1324 +
1325 + emu = hw->synth;
1326 +
1327 +- spin_lock_irqsave(&emu->voice_lock, flags);
1328 + lookup_voices(emu, hw, best, 1); /* no OFF voices */
1329 + for (i = 0; i < V_END; i++) {
1330 + if (best[i].voice >= 0) {
1331 +@@ -113,11 +113,9 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
1332 + vp->emu->num_voices--;
1333 + vp->ch = -1;
1334 + vp->state = SNDRV_EMUX_ST_OFF;
1335 +- spin_unlock_irqrestore(&emu->voice_lock, flags);
1336 + return ch;
1337 + }
1338 + }
1339 +- spin_unlock_irqrestore(&emu->voice_lock, flags);
1340 +
1341 + /* not found */
1342 + return -ENOMEM;
1343 +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
1344 +index 8b75bcf136f6..d5bed1d25713 100644
1345 +--- a/sound/usb/quirks-table.h
1346 ++++ b/sound/usb/quirks-table.h
1347 +@@ -386,6 +386,36 @@ YAMAHA_DEVICE(0x105d, NULL),
1348 + }
1349 + },
1350 + {
1351 ++ USB_DEVICE(0x0499, 0x1509),
1352 ++ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
1353 ++ /* .vendor_name = "Yamaha", */
1354 ++ /* .product_name = "Steinberg UR22", */
1355 ++ .ifnum = QUIRK_ANY_INTERFACE,
1356 ++ .type = QUIRK_COMPOSITE,
1357 ++ .data = (const struct snd_usb_audio_quirk[]) {
1358 ++ {
1359 ++ .ifnum = 1,
1360 ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE
1361 ++ },
1362 ++ {
1363 ++ .ifnum = 2,
1364 ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE
1365 ++ },
1366 ++ {
1367 ++ .ifnum = 3,
1368 ++ .type = QUIRK_MIDI_YAMAHA
1369 ++ },
1370 ++ {
1371 ++ .ifnum = 4,
1372 ++ .type = QUIRK_IGNORE_INTERFACE
1373 ++ },
1374 ++ {
1375 ++ .ifnum = -1
1376 ++ }
1377 ++ }
1378 ++ }
1379 ++},
1380 ++{
1381 + USB_DEVICE(0x0499, 0x150a),
1382 + .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
1383 + /* .vendor_name = "Yamaha", */
1384 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
1385 +index 8cf1cd2fadaa..a17f190be58e 100644
1386 +--- a/virt/kvm/kvm_main.c
1387 ++++ b/virt/kvm/kvm_main.c
1388 +@@ -52,6 +52,7 @@
1389 +
1390 + #include <asm/processor.h>
1391 + #include <asm/io.h>
1392 ++#include <asm/ioctl.h>
1393 + #include <asm/uaccess.h>
1394 + #include <asm/pgtable.h>
1395 +
1396 +@@ -1981,6 +1982,9 @@ static long kvm_vcpu_ioctl(struct file *filp,
1397 + if (vcpu->kvm->mm != current->mm)
1398 + return -EIO;
1399 +
1400 ++ if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
1401 ++ return -EINVAL;
1402 ++
1403 + #if defined(CONFIG_S390) || defined(CONFIG_PPC) || defined(CONFIG_MIPS)
1404 + /*
1405 + * Special cases: vcpu ioctls that are asynchronous to vcpu execution,
Report Message
Find on MARC Find on Google Groups