Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Alice Ferrazzi <alicef@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.15 commit in: /
Date: Wed, 03 Aug 2022 14:24:07
Message-Id: 1659535837.32f90bbf989890abcf7a4d8dbb93f7fe2b0650ed.alicef@gentoo
1 commit: 32f90bbf989890abcf7a4d8dbb93f7fe2b0650ed
2 Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
3 AuthorDate: Wed Aug 3 14:10:31 2022 +0000
4 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
5 CommitDate: Wed Aug 3 14:10:37 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=32f90bbf
7
8 Linux patch 5.15.59
9
10 Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org>
11
12 0000_README | 4 +
13 1058_linux-5.15.59.patch | 2395 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 2399 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 1f73b7a6..71e13cee 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -275,6 +275,10 @@ Patch: 1057_linux-5.15.58.patch
21 From: http://www.kernel.org
22 Desc: Linux 5.15.58
23
24 +Patch: 1058_linux-5.15.59.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 5.15.59
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1058_linux-5.15.59.patch b/1058_linux-5.15.59.patch
33 new file mode 100644
34 index 00000000..4b07e8c5
35 --- /dev/null
36 +++ b/1058_linux-5.15.59.patch
37 @@ -0,0 +1,2395 @@
38 +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
39 +index 2c556a127979e..b47905c4a92fd 100644
40 +--- a/Documentation/admin-guide/kernel-parameters.txt
41 ++++ b/Documentation/admin-guide/kernel-parameters.txt
42 +@@ -3020,6 +3020,7 @@
43 + no_entry_flush [PPC]
44 + no_uaccess_flush [PPC]
45 + mmio_stale_data=off [X86]
46 ++ retbleed=off [X86]
47 +
48 + Exceptions:
49 + This does not have any effect on
50 +@@ -3042,6 +3043,7 @@
51 + mds=full,nosmt [X86]
52 + tsx_async_abort=full,nosmt [X86]
53 + mmio_stale_data=full,nosmt [X86]
54 ++ retbleed=auto,nosmt [X86]
55 +
56 + mminit_loglevel=
57 + [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
58 +diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
59 +index b8b67041f9552..ba0e8e6337c0a 100644
60 +--- a/Documentation/networking/ip-sysctl.rst
61 ++++ b/Documentation/networking/ip-sysctl.rst
62 +@@ -2808,7 +2808,14 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
63 + Default: 4K
64 +
65 + sctp_wmem - vector of 3 INTEGERs: min, default, max
66 +- Currently this tunable has no effect.
67 ++ Only the first value ("min") is used, "default" and "max" are
68 ++ ignored.
69 ++
70 ++ min: Minimum size of send buffer that can be used by SCTP sockets.
71 ++ It is guaranteed to each SCTP socket (but not association) even
72 ++ under moderate memory pressure.
73 ++
74 ++ Default: 4K
75 +
76 + addr_scope_policy - INTEGER
77 + Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
78 +diff --git a/Makefile b/Makefile
79 +index d7ba0de250cbd..22bca3948306b 100644
80 +--- a/Makefile
81 ++++ b/Makefile
82 +@@ -1,7 +1,7 @@
83 + # SPDX-License-Identifier: GPL-2.0
84 + VERSION = 5
85 + PATCHLEVEL = 15
86 +-SUBLEVEL = 58
87 ++SUBLEVEL = 59
88 + EXTRAVERSION =
89 + NAME = Trick or Treat
90 +
91 +diff --git a/arch/arm/include/asm/dma.h b/arch/arm/include/asm/dma.h
92 +index a81dda65c5762..45180a2cc47cb 100644
93 +--- a/arch/arm/include/asm/dma.h
94 ++++ b/arch/arm/include/asm/dma.h
95 +@@ -10,7 +10,7 @@
96 + #else
97 + #define MAX_DMA_ADDRESS ({ \
98 + extern phys_addr_t arm_dma_zone_size; \
99 +- arm_dma_zone_size && arm_dma_zone_size < (0x10000000 - PAGE_OFFSET) ? \
100 ++ arm_dma_zone_size && arm_dma_zone_size < (0x100000000ULL - PAGE_OFFSET) ? \
101 + (PAGE_OFFSET + arm_dma_zone_size) : 0xffffffffUL; })
102 + #endif
103 +
104 +diff --git a/arch/arm/lib/xor-neon.c b/arch/arm/lib/xor-neon.c
105 +index b99dd8e1c93f1..7ba6cf8261626 100644
106 +--- a/arch/arm/lib/xor-neon.c
107 ++++ b/arch/arm/lib/xor-neon.c
108 +@@ -26,8 +26,9 @@ MODULE_LICENSE("GPL");
109 + * While older versions of GCC do not generate incorrect code, they fail to
110 + * recognize the parallel nature of these functions, and emit plain ARM code,
111 + * which is known to be slower than the optimized ARM code in asm-arm/xor.h.
112 ++ *
113 ++ * #warning This code requires at least version 4.6 of GCC
114 + */
115 +-#warning This code requires at least version 4.6 of GCC
116 + #endif
117 +
118 + #pragma GCC diagnostic ignored "-Wunused-variable"
119 +diff --git a/arch/s390/include/asm/archrandom.h b/arch/s390/include/asm/archrandom.h
120 +index 2c6e1c6ecbe78..4120c428dc378 100644
121 +--- a/arch/s390/include/asm/archrandom.h
122 ++++ b/arch/s390/include/asm/archrandom.h
123 +@@ -2,7 +2,7 @@
124 + /*
125 + * Kernel interface for the s390 arch_random_* functions
126 + *
127 +- * Copyright IBM Corp. 2017, 2020
128 ++ * Copyright IBM Corp. 2017, 2022
129 + *
130 + * Author: Harald Freudenberger <freude@××××××.com>
131 + *
132 +@@ -14,6 +14,7 @@
133 + #ifdef CONFIG_ARCH_RANDOM
134 +
135 + #include <linux/static_key.h>
136 ++#include <linux/preempt.h>
137 + #include <linux/atomic.h>
138 + #include <asm/cpacf.h>
139 +
140 +@@ -32,7 +33,8 @@ static inline bool __must_check arch_get_random_int(unsigned int *v)
141 +
142 + static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
143 + {
144 +- if (static_branch_likely(&s390_arch_random_available)) {
145 ++ if (static_branch_likely(&s390_arch_random_available) &&
146 ++ in_task()) {
147 + cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v));
148 + atomic64_add(sizeof(*v), &s390_arch_random_counter);
149 + return true;
150 +@@ -42,7 +44,8 @@ static inline bool __must_check arch_get_random_seed_long(unsigned long *v)
151 +
152 + static inline bool __must_check arch_get_random_seed_int(unsigned int *v)
153 + {
154 +- if (static_branch_likely(&s390_arch_random_available)) {
155 ++ if (static_branch_likely(&s390_arch_random_available) &&
156 ++ in_task()) {
157 + cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v));
158 + atomic64_add(sizeof(*v), &s390_arch_random_counter);
159 + return true;
160 +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
161 +index 18a7ea1cffdac..a37814c8547e4 100644
162 +--- a/arch/x86/kernel/cpu/bugs.c
163 ++++ b/arch/x86/kernel/cpu/bugs.c
164 +@@ -1513,6 +1513,7 @@ static void __init spectre_v2_select_mitigation(void)
165 + * enable IBRS around firmware calls.
166 + */
167 + if (boot_cpu_has_bug(X86_BUG_RETBLEED) &&
168 ++ boot_cpu_has(X86_FEATURE_IBPB) &&
169 + (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
170 + boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)) {
171 +
172 +diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c
173 +index 6d1ddecbf0da3..d0a9ccf640c4b 100644
174 +--- a/drivers/edac/ghes_edac.c
175 ++++ b/drivers/edac/ghes_edac.c
176 +@@ -101,9 +101,14 @@ static void dimm_setup_label(struct dimm_info *dimm, u16 handle)
177 +
178 + dmi_memdev_name(handle, &bank, &device);
179 +
180 +- /* both strings must be non-zero */
181 +- if (bank && *bank && device && *device)
182 +- snprintf(dimm->label, sizeof(dimm->label), "%s %s", bank, device);
183 ++ /*
184 ++ * Set to a NULL string when both bank and device are zero. In this case,
185 ++ * the label assigned by default will be preserved.
186 ++ */
187 ++ snprintf(dimm->label, sizeof(dimm->label), "%s%s%s",
188 ++ (bank && *bank) ? bank : "",
189 ++ (bank && *bank && device && *device) ? " " : "",
190 ++ (device && *device) ? device : "");
191 + }
192 +
193 + static void assign_dmi_dimm_info(struct dimm_info *dimm, struct memdev_dmi_entry *entry)
194 +diff --git a/drivers/gpu/drm/nouveau/nouveau_dmem.c b/drivers/gpu/drm/nouveau/nouveau_dmem.c
195 +index 92987daa5e17d..5e72e6cb2f840 100644
196 +--- a/drivers/gpu/drm/nouveau/nouveau_dmem.c
197 ++++ b/drivers/gpu/drm/nouveau/nouveau_dmem.c
198 +@@ -679,7 +679,11 @@ nouveau_dmem_migrate_vma(struct nouveau_drm *drm,
199 + goto out_free_dma;
200 +
201 + for (i = 0; i < npages; i += max) {
202 +- args.end = start + (max << PAGE_SHIFT);
203 ++ if (args.start + (max << PAGE_SHIFT) > end)
204 ++ args.end = end;
205 ++ else
206 ++ args.end = args.start + (max << PAGE_SHIFT);
207 ++
208 + ret = migrate_vma_setup(&args);
209 + if (ret)
210 + goto out_free_pfns;
211 +diff --git a/drivers/gpu/drm/tiny/simpledrm.c b/drivers/gpu/drm/tiny/simpledrm.c
212 +index 3e3f9ba1e8858..f3c2c173ca4b5 100644
213 +--- a/drivers/gpu/drm/tiny/simpledrm.c
214 ++++ b/drivers/gpu/drm/tiny/simpledrm.c
215 +@@ -614,7 +614,7 @@ static const struct drm_connector_funcs simpledrm_connector_funcs = {
216 + .atomic_destroy_state = drm_atomic_helper_connector_destroy_state,
217 + };
218 +
219 +-static int
220 ++static enum drm_mode_status
221 + simpledrm_simple_display_pipe_mode_valid(struct drm_simple_display_pipe *pipe,
222 + const struct drm_display_mode *mode)
223 + {
224 +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
225 +index c801b128e5b2b..b07d55c99317e 100644
226 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
227 ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
228 +@@ -1908,11 +1908,15 @@ static void i40e_vsi_setup_queue_map(struct i40e_vsi *vsi,
229 + * non-zero req_queue_pairs says that user requested a new
230 + * queue count via ethtool's set_channels, so use this
231 + * value for queues distribution across traffic classes
232 ++ * We need at least one queue pair for the interface
233 ++ * to be usable as we see in else statement.
234 + */
235 + if (vsi->req_queue_pairs > 0)
236 + vsi->num_queue_pairs = vsi->req_queue_pairs;
237 + else if (pf->flags & I40E_FLAG_MSIX_ENABLED)
238 + vsi->num_queue_pairs = pf->num_lan_msix;
239 ++ else
240 ++ vsi->num_queue_pairs = 1;
241 + }
242 +
243 + /* Number of queues per enabled TC */
244 +diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool.c b/drivers/net/ethernet/intel/ice/ice_ethtool.c
245 +index 982db894754f7..9b9c2b8854866 100644
246 +--- a/drivers/net/ethernet/intel/ice/ice_ethtool.c
247 ++++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c
248 +@@ -651,7 +651,8 @@ static int ice_lbtest_receive_frames(struct ice_ring *rx_ring)
249 + rx_desc = ICE_RX_DESC(rx_ring, i);
250 +
251 + if (!(rx_desc->wb.status_error0 &
252 +- cpu_to_le16(ICE_TX_DESC_CMD_EOP | ICE_TX_DESC_CMD_RS)))
253 ++ (cpu_to_le16(BIT(ICE_RX_FLEX_DESC_STATUS0_DD_S)) |
254 ++ cpu_to_le16(BIT(ICE_RX_FLEX_DESC_STATUS0_EOF_S)))))
255 + continue;
256 +
257 + rx_buf = &rx_ring->rx_buf[i];
258 +diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
259 +index 188abf36a5b23..b9d45c7dbef18 100644
260 +--- a/drivers/net/ethernet/intel/ice/ice_main.c
261 ++++ b/drivers/net/ethernet/intel/ice/ice_main.c
262 +@@ -5481,10 +5481,12 @@ int ice_vsi_cfg(struct ice_vsi *vsi)
263 + if (vsi->netdev) {
264 + ice_set_rx_mode(vsi->netdev);
265 +
266 +- err = ice_vsi_vlan_setup(vsi);
267 ++ if (vsi->type != ICE_VSI_LB) {
268 ++ err = ice_vsi_vlan_setup(vsi);
269 +
270 +- if (err)
271 +- return err;
272 ++ if (err)
273 ++ return err;
274 ++ }
275 + }
276 + ice_vsi_cfg_dcb_rings(vsi);
277 +
278 +diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
279 +index 626961a41089d..75388a65f349e 100644
280 +--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
281 ++++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
282 +@@ -28,6 +28,9 @@
283 + #define MAX_RATE_EXPONENT 0x0FULL
284 + #define MAX_RATE_MANTISSA 0xFFULL
285 +
286 ++#define CN10K_MAX_BURST_MANTISSA 0x7FFFULL
287 ++#define CN10K_MAX_BURST_SIZE 8453888ULL
288 ++
289 + /* Bitfields in NIX_TLX_PIR register */
290 + #define TLX_RATE_MANTISSA GENMASK_ULL(8, 1)
291 + #define TLX_RATE_EXPONENT GENMASK_ULL(12, 9)
292 +@@ -35,6 +38,9 @@
293 + #define TLX_BURST_MANTISSA GENMASK_ULL(36, 29)
294 + #define TLX_BURST_EXPONENT GENMASK_ULL(40, 37)
295 +
296 ++#define CN10K_TLX_BURST_MANTISSA GENMASK_ULL(43, 29)
297 ++#define CN10K_TLX_BURST_EXPONENT GENMASK_ULL(47, 44)
298 ++
299 + struct otx2_tc_flow_stats {
300 + u64 bytes;
301 + u64 pkts;
302 +@@ -77,33 +83,42 @@ int otx2_tc_alloc_ent_bitmap(struct otx2_nic *nic)
303 + }
304 + EXPORT_SYMBOL(otx2_tc_alloc_ent_bitmap);
305 +
306 +-static void otx2_get_egress_burst_cfg(u32 burst, u32 *burst_exp,
307 +- u32 *burst_mantissa)
308 ++static void otx2_get_egress_burst_cfg(struct otx2_nic *nic, u32 burst,
309 ++ u32 *burst_exp, u32 *burst_mantissa)
310 + {
311 ++ int max_burst, max_mantissa;
312 + unsigned int tmp;
313 +
314 ++ if (is_dev_otx2(nic->pdev)) {
315 ++ max_burst = MAX_BURST_SIZE;
316 ++ max_mantissa = MAX_BURST_MANTISSA;
317 ++ } else {
318 ++ max_burst = CN10K_MAX_BURST_SIZE;
319 ++ max_mantissa = CN10K_MAX_BURST_MANTISSA;
320 ++ }
321 ++
322 + /* Burst is calculated as
323 + * ((256 + BURST_MANTISSA) << (1 + BURST_EXPONENT)) / 256
324 + * Max supported burst size is 130,816 bytes.
325 + */
326 +- burst = min_t(u32, burst, MAX_BURST_SIZE);
327 ++ burst = min_t(u32, burst, max_burst);
328 + if (burst) {
329 + *burst_exp = ilog2(burst) ? ilog2(burst) - 1 : 0;
330 + tmp = burst - rounddown_pow_of_two(burst);
331 +- if (burst < MAX_BURST_MANTISSA)
332 ++ if (burst < max_mantissa)
333 + *burst_mantissa = tmp * 2;
334 + else
335 + *burst_mantissa = tmp / (1ULL << (*burst_exp - 7));
336 + } else {
337 + *burst_exp = MAX_BURST_EXPONENT;
338 +- *burst_mantissa = MAX_BURST_MANTISSA;
339 ++ *burst_mantissa = max_mantissa;
340 + }
341 + }
342 +
343 +-static void otx2_get_egress_rate_cfg(u32 maxrate, u32 *exp,
344 ++static void otx2_get_egress_rate_cfg(u64 maxrate, u32 *exp,
345 + u32 *mantissa, u32 *div_exp)
346 + {
347 +- unsigned int tmp;
348 ++ u64 tmp;
349 +
350 + /* Rate calculation by hardware
351 + *
352 +@@ -132,21 +147,44 @@ static void otx2_get_egress_rate_cfg(u32 maxrate, u32 *exp,
353 + }
354 + }
355 +
356 +-static int otx2_set_matchall_egress_rate(struct otx2_nic *nic, u32 burst, u32 maxrate)
357 ++static u64 otx2_get_txschq_rate_regval(struct otx2_nic *nic,
358 ++ u64 maxrate, u32 burst)
359 + {
360 +- struct otx2_hw *hw = &nic->hw;
361 +- struct nix_txschq_config *req;
362 + u32 burst_exp, burst_mantissa;
363 + u32 exp, mantissa, div_exp;
364 ++ u64 regval = 0;
365 ++
366 ++ /* Get exponent and mantissa values from the desired rate */
367 ++ otx2_get_egress_burst_cfg(nic, burst, &burst_exp, &burst_mantissa);
368 ++ otx2_get_egress_rate_cfg(maxrate, &exp, &mantissa, &div_exp);
369 ++
370 ++ if (is_dev_otx2(nic->pdev)) {
371 ++ regval = FIELD_PREP(TLX_BURST_EXPONENT, (u64)burst_exp) |
372 ++ FIELD_PREP(TLX_BURST_MANTISSA, (u64)burst_mantissa) |
373 ++ FIELD_PREP(TLX_RATE_DIVIDER_EXPONENT, div_exp) |
374 ++ FIELD_PREP(TLX_RATE_EXPONENT, exp) |
375 ++ FIELD_PREP(TLX_RATE_MANTISSA, mantissa) | BIT_ULL(0);
376 ++ } else {
377 ++ regval = FIELD_PREP(CN10K_TLX_BURST_EXPONENT, (u64)burst_exp) |
378 ++ FIELD_PREP(CN10K_TLX_BURST_MANTISSA, (u64)burst_mantissa) |
379 ++ FIELD_PREP(TLX_RATE_DIVIDER_EXPONENT, div_exp) |
380 ++ FIELD_PREP(TLX_RATE_EXPONENT, exp) |
381 ++ FIELD_PREP(TLX_RATE_MANTISSA, mantissa) | BIT_ULL(0);
382 ++ }
383 ++
384 ++ return regval;
385 ++}
386 ++
387 ++static int otx2_set_matchall_egress_rate(struct otx2_nic *nic,
388 ++ u32 burst, u64 maxrate)
389 ++{
390 ++ struct otx2_hw *hw = &nic->hw;
391 ++ struct nix_txschq_config *req;
392 + int txschq, err;
393 +
394 + /* All SQs share the same TL4, so pick the first scheduler */
395 + txschq = hw->txschq_list[NIX_TXSCH_LVL_TL4][0];
396 +
397 +- /* Get exponent and mantissa values from the desired rate */
398 +- otx2_get_egress_burst_cfg(burst, &burst_exp, &burst_mantissa);
399 +- otx2_get_egress_rate_cfg(maxrate, &exp, &mantissa, &div_exp);
400 +-
401 + mutex_lock(&nic->mbox.lock);
402 + req = otx2_mbox_alloc_msg_nix_txschq_cfg(&nic->mbox);
403 + if (!req) {
404 +@@ -157,11 +195,7 @@ static int otx2_set_matchall_egress_rate(struct otx2_nic *nic, u32 burst, u32 ma
405 + req->lvl = NIX_TXSCH_LVL_TL4;
406 + req->num_regs = 1;
407 + req->reg[0] = NIX_AF_TL4X_PIR(txschq);
408 +- req->regval[0] = FIELD_PREP(TLX_BURST_EXPONENT, burst_exp) |
409 +- FIELD_PREP(TLX_BURST_MANTISSA, burst_mantissa) |
410 +- FIELD_PREP(TLX_RATE_DIVIDER_EXPONENT, div_exp) |
411 +- FIELD_PREP(TLX_RATE_EXPONENT, exp) |
412 +- FIELD_PREP(TLX_RATE_MANTISSA, mantissa) | BIT_ULL(0);
413 ++ req->regval[0] = otx2_get_txschq_rate_regval(nic, maxrate, burst);
414 +
415 + err = otx2_sync_mbox_msg(&nic->mbox);
416 + mutex_unlock(&nic->mbox.lock);
417 +@@ -196,7 +230,7 @@ static int otx2_tc_egress_matchall_install(struct otx2_nic *nic,
418 + struct netlink_ext_ack *extack = cls->common.extack;
419 + struct flow_action *actions = &cls->rule->action;
420 + struct flow_action_entry *entry;
421 +- u32 rate;
422 ++ u64 rate;
423 + int err;
424 +
425 + err = otx2_tc_validate_flow(nic, actions, extack);
426 +@@ -218,7 +252,7 @@ static int otx2_tc_egress_matchall_install(struct otx2_nic *nic,
427 + }
428 + /* Convert bytes per second to Mbps */
429 + rate = entry->police.rate_bytes_ps * 8;
430 +- rate = max_t(u32, rate / 1000000, 1);
431 ++ rate = max_t(u64, rate / 1000000, 1);
432 + err = otx2_set_matchall_egress_rate(nic, entry->police.burst, rate);
433 + if (err)
434 + return err;
435 +@@ -571,21 +605,27 @@ static int otx2_tc_prepare_flow(struct otx2_nic *nic, struct otx2_tc_flow *node,
436 +
437 + flow_spec->dport = match.key->dst;
438 + flow_mask->dport = match.mask->dst;
439 +- if (ip_proto == IPPROTO_UDP)
440 +- req->features |= BIT_ULL(NPC_DPORT_UDP);
441 +- else if (ip_proto == IPPROTO_TCP)
442 +- req->features |= BIT_ULL(NPC_DPORT_TCP);
443 +- else if (ip_proto == IPPROTO_SCTP)
444 +- req->features |= BIT_ULL(NPC_DPORT_SCTP);
445 ++
446 ++ if (flow_mask->dport) {
447 ++ if (ip_proto == IPPROTO_UDP)
448 ++ req->features |= BIT_ULL(NPC_DPORT_UDP);
449 ++ else if (ip_proto == IPPROTO_TCP)
450 ++ req->features |= BIT_ULL(NPC_DPORT_TCP);
451 ++ else if (ip_proto == IPPROTO_SCTP)
452 ++ req->features |= BIT_ULL(NPC_DPORT_SCTP);
453 ++ }
454 +
455 + flow_spec->sport = match.key->src;
456 + flow_mask->sport = match.mask->src;
457 +- if (ip_proto == IPPROTO_UDP)
458 +- req->features |= BIT_ULL(NPC_SPORT_UDP);
459 +- else if (ip_proto == IPPROTO_TCP)
460 +- req->features |= BIT_ULL(NPC_SPORT_TCP);
461 +- else if (ip_proto == IPPROTO_SCTP)
462 +- req->features |= BIT_ULL(NPC_SPORT_SCTP);
463 ++
464 ++ if (flow_mask->sport) {
465 ++ if (ip_proto == IPPROTO_UDP)
466 ++ req->features |= BIT_ULL(NPC_SPORT_UDP);
467 ++ else if (ip_proto == IPPROTO_TCP)
468 ++ req->features |= BIT_ULL(NPC_SPORT_TCP);
469 ++ else if (ip_proto == IPPROTO_SCTP)
470 ++ req->features |= BIT_ULL(NPC_SPORT_SCTP);
471 ++ }
472 + }
473 +
474 + return otx2_tc_parse_actions(nic, &rule->action, req, f, node);
475 +diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
476 +index 725b0f38813a9..a2b4e3befa591 100644
477 +--- a/drivers/net/ethernet/sfc/ptp.c
478 ++++ b/drivers/net/ethernet/sfc/ptp.c
479 +@@ -1100,7 +1100,29 @@ static void efx_ptp_xmit_skb_queue(struct efx_nic *efx, struct sk_buff *skb)
480 +
481 + tx_queue = efx_channel_get_tx_queue(ptp_data->channel, type);
482 + if (tx_queue && tx_queue->timestamping) {
483 ++ /* This code invokes normal driver TX code which is always
484 ++ * protected from softirqs when called from generic TX code,
485 ++ * which in turn disables preemption. Look at __dev_queue_xmit
486 ++ * which uses rcu_read_lock_bh disabling preemption for RCU
487 ++ * plus disabling softirqs. We do not need RCU reader
488 ++ * protection here.
489 ++ *
490 ++ * Although it is theoretically safe for current PTP TX/RX code
491 ++ * running without disabling softirqs, there are three good
492 ++ * reasond for doing so:
493 ++ *
494 ++ * 1) The code invoked is mainly implemented for non-PTP
495 ++ * packets and it is always executed with softirqs
496 ++ * disabled.
497 ++ * 2) This being a single PTP packet, better to not
498 ++ * interrupt its processing by softirqs which can lead
499 ++ * to high latencies.
500 ++ * 3) netdev_xmit_more checks preemption is disabled and
501 ++ * triggers a BUG_ON if not.
502 ++ */
503 ++ local_bh_disable();
504 + efx_enqueue_skb(tx_queue, skb);
505 ++ local_bh_enable();
506 + } else {
507 + WARN_ONCE(1, "PTP channel has no timestamped tx queue\n");
508 + dev_kfree_skb_any(skb);
509 +diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
510 +index e53b40359fd10..354890948f8a1 100644
511 +--- a/drivers/net/macsec.c
512 ++++ b/drivers/net/macsec.c
513 +@@ -241,6 +241,7 @@ static struct macsec_cb *macsec_skb_cb(struct sk_buff *skb)
514 + #define DEFAULT_SEND_SCI true
515 + #define DEFAULT_ENCRYPT false
516 + #define DEFAULT_ENCODING_SA 0
517 ++#define MACSEC_XPN_MAX_REPLAY_WINDOW (((1 << 30) - 1))
518 +
519 + static bool send_sci(const struct macsec_secy *secy)
520 + {
521 +@@ -1695,7 +1696,7 @@ static bool validate_add_rxsa(struct nlattr **attrs)
522 + return false;
523 +
524 + if (attrs[MACSEC_SA_ATTR_PN] &&
525 +- *(u64 *)nla_data(attrs[MACSEC_SA_ATTR_PN]) == 0)
526 ++ nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
527 + return false;
528 +
529 + if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
530 +@@ -1751,7 +1752,8 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
531 + }
532 +
533 + pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
534 +- if (nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
535 ++ if (tb_sa[MACSEC_SA_ATTR_PN] &&
536 ++ nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
537 + pr_notice("macsec: nl: add_rxsa: bad pn length: %d != %d\n",
538 + nla_len(tb_sa[MACSEC_SA_ATTR_PN]), pn_len);
539 + rtnl_unlock();
540 +@@ -1767,7 +1769,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
541 + if (nla_len(tb_sa[MACSEC_SA_ATTR_SALT]) != MACSEC_SALT_LEN) {
542 + pr_notice("macsec: nl: add_rxsa: bad salt length: %d != %d\n",
543 + nla_len(tb_sa[MACSEC_SA_ATTR_SALT]),
544 +- MACSEC_SA_ATTR_SALT);
545 ++ MACSEC_SALT_LEN);
546 + rtnl_unlock();
547 + return -EINVAL;
548 + }
549 +@@ -1840,7 +1842,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
550 + return 0;
551 +
552 + cleanup:
553 +- kfree(rx_sa);
554 ++ macsec_rxsa_put(rx_sa);
555 + rtnl_unlock();
556 + return err;
557 + }
558 +@@ -1937,7 +1939,7 @@ static bool validate_add_txsa(struct nlattr **attrs)
559 + if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
560 + return false;
561 +
562 +- if (nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
563 ++ if (nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
564 + return false;
565 +
566 + if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
567 +@@ -2009,7 +2011,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
568 + if (nla_len(tb_sa[MACSEC_SA_ATTR_SALT]) != MACSEC_SALT_LEN) {
569 + pr_notice("macsec: nl: add_txsa: bad salt length: %d != %d\n",
570 + nla_len(tb_sa[MACSEC_SA_ATTR_SALT]),
571 +- MACSEC_SA_ATTR_SALT);
572 ++ MACSEC_SALT_LEN);
573 + rtnl_unlock();
574 + return -EINVAL;
575 + }
576 +@@ -2083,7 +2085,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
577 +
578 + cleanup:
579 + secy->operational = was_operational;
580 +- kfree(tx_sa);
581 ++ macsec_txsa_put(tx_sa);
582 + rtnl_unlock();
583 + return err;
584 + }
585 +@@ -2291,7 +2293,7 @@ static bool validate_upd_sa(struct nlattr **attrs)
586 + if (nla_get_u8(attrs[MACSEC_SA_ATTR_AN]) >= MACSEC_NUM_AN)
587 + return false;
588 +
589 +- if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u32(attrs[MACSEC_SA_ATTR_PN]) == 0)
590 ++ if (attrs[MACSEC_SA_ATTR_PN] && nla_get_u64(attrs[MACSEC_SA_ATTR_PN]) == 0)
591 + return false;
592 +
593 + if (attrs[MACSEC_SA_ATTR_ACTIVE]) {
594 +@@ -3738,9 +3740,6 @@ static int macsec_changelink_common(struct net_device *dev,
595 + secy->operational = tx_sa && tx_sa->active;
596 + }
597 +
598 +- if (data[IFLA_MACSEC_WINDOW])
599 +- secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]);
600 +-
601 + if (data[IFLA_MACSEC_ENCRYPT])
602 + tx_sc->encrypt = !!nla_get_u8(data[IFLA_MACSEC_ENCRYPT]);
603 +
604 +@@ -3786,6 +3785,16 @@ static int macsec_changelink_common(struct net_device *dev,
605 + }
606 + }
607 +
608 ++ if (data[IFLA_MACSEC_WINDOW]) {
609 ++ secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]);
610 ++
611 ++ /* IEEE 802.1AEbw-2013 10.7.8 - maximum replay window
612 ++ * for XPN cipher suites */
613 ++ if (secy->xpn &&
614 ++ secy->replay_window > MACSEC_XPN_MAX_REPLAY_WINDOW)
615 ++ return -EINVAL;
616 ++ }
617 ++
618 + return 0;
619 + }
620 +
621 +@@ -3815,7 +3824,7 @@ static int macsec_changelink(struct net_device *dev, struct nlattr *tb[],
622 +
623 + ret = macsec_changelink_common(dev, data);
624 + if (ret)
625 +- return ret;
626 ++ goto cleanup;
627 +
628 + /* If h/w offloading is available, propagate to the device */
629 + if (macsec_is_offloaded(macsec)) {
630 +diff --git a/drivers/net/pcs/pcs-xpcs.c b/drivers/net/pcs/pcs-xpcs.c
631 +index 7de631f5356fc..fd4cbf8a55ad7 100644
632 +--- a/drivers/net/pcs/pcs-xpcs.c
633 ++++ b/drivers/net/pcs/pcs-xpcs.c
634 +@@ -890,7 +890,7 @@ static int xpcs_get_state_c37_sgmii(struct dw_xpcs *xpcs,
635 + */
636 + ret = xpcs_read(xpcs, MDIO_MMD_VEND2, DW_VR_MII_AN_INTR_STS);
637 + if (ret < 0)
638 +- return false;
639 ++ return ret;
640 +
641 + if (ret & DW_VR_MII_C37_ANSGM_SP_LNKSTS) {
642 + int speed_value;
643 +diff --git a/drivers/net/sungem_phy.c b/drivers/net/sungem_phy.c
644 +index 291fa449993fb..45f295403cb55 100644
645 +--- a/drivers/net/sungem_phy.c
646 ++++ b/drivers/net/sungem_phy.c
647 +@@ -454,6 +454,7 @@ static int bcm5421_init(struct mii_phy* phy)
648 + int can_low_power = 1;
649 + if (np == NULL || of_get_property(np, "no-autolowpower", NULL))
650 + can_low_power = 0;
651 ++ of_node_put(np);
652 + if (can_low_power) {
653 + /* Enable automatic low-power */
654 + sungem_phy_write(phy, 0x1c, 0x9002);
655 +diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
656 +index 318c681ad63ee..53cefad2a79d2 100644
657 +--- a/drivers/net/virtio_net.c
658 ++++ b/drivers/net/virtio_net.c
659 +@@ -213,9 +213,15 @@ struct virtnet_info {
660 + /* Packet virtio header size */
661 + u8 hdr_len;
662 +
663 +- /* Work struct for refilling if we run low on memory. */
664 ++ /* Work struct for delayed refilling if we run low on memory. */
665 + struct delayed_work refill;
666 +
667 ++ /* Is delayed refill enabled? */
668 ++ bool refill_enabled;
669 ++
670 ++ /* The lock to synchronize the access to refill_enabled */
671 ++ spinlock_t refill_lock;
672 ++
673 + /* Work struct for config space updates */
674 + struct work_struct config_work;
675 +
676 +@@ -319,6 +325,20 @@ static struct page *get_a_page(struct receive_queue *rq, gfp_t gfp_mask)
677 + return p;
678 + }
679 +
680 ++static void enable_delayed_refill(struct virtnet_info *vi)
681 ++{
682 ++ spin_lock_bh(&vi->refill_lock);
683 ++ vi->refill_enabled = true;
684 ++ spin_unlock_bh(&vi->refill_lock);
685 ++}
686 ++
687 ++static void disable_delayed_refill(struct virtnet_info *vi)
688 ++{
689 ++ spin_lock_bh(&vi->refill_lock);
690 ++ vi->refill_enabled = false;
691 ++ spin_unlock_bh(&vi->refill_lock);
692 ++}
693 ++
694 + static void virtqueue_napi_schedule(struct napi_struct *napi,
695 + struct virtqueue *vq)
696 + {
697 +@@ -1454,8 +1474,12 @@ static int virtnet_receive(struct receive_queue *rq, int budget,
698 + }
699 +
700 + if (rq->vq->num_free > min((unsigned int)budget, virtqueue_get_vring_size(rq->vq)) / 2) {
701 +- if (!try_fill_recv(vi, rq, GFP_ATOMIC))
702 +- schedule_delayed_work(&vi->refill, 0);
703 ++ if (!try_fill_recv(vi, rq, GFP_ATOMIC)) {
704 ++ spin_lock(&vi->refill_lock);
705 ++ if (vi->refill_enabled)
706 ++ schedule_delayed_work(&vi->refill, 0);
707 ++ spin_unlock(&vi->refill_lock);
708 ++ }
709 + }
710 +
711 + u64_stats_update_begin(&rq->stats.syncp);
712 +@@ -1578,6 +1602,8 @@ static int virtnet_open(struct net_device *dev)
713 + struct virtnet_info *vi = netdev_priv(dev);
714 + int i, err;
715 +
716 ++ enable_delayed_refill(vi);
717 ++
718 + for (i = 0; i < vi->max_queue_pairs; i++) {
719 + if (i < vi->curr_queue_pairs)
720 + /* Make sure we have some buffers: if oom use wq. */
721 +@@ -1958,6 +1984,8 @@ static int virtnet_close(struct net_device *dev)
722 + struct virtnet_info *vi = netdev_priv(dev);
723 + int i;
724 +
725 ++ /* Make sure NAPI doesn't schedule refill work */
726 ++ disable_delayed_refill(vi);
727 + /* Make sure refill_work doesn't re-enable napi! */
728 + cancel_delayed_work_sync(&vi->refill);
729 +
730 +@@ -2455,6 +2483,8 @@ static int virtnet_restore_up(struct virtio_device *vdev)
731 +
732 + virtio_device_ready(vdev);
733 +
734 ++ enable_delayed_refill(vi);
735 ++
736 + if (netif_running(vi->dev)) {
737 + err = virtnet_open(vi->dev);
738 + if (err)
739 +@@ -3162,6 +3192,7 @@ static int virtnet_probe(struct virtio_device *vdev)
740 + vdev->priv = vi;
741 +
742 + INIT_WORK(&vi->config_work, virtnet_config_changed_work);
743 ++ spin_lock_init(&vi->refill_lock);
744 +
745 + /* If we can receive ANY GSO packets, we must allocate large ones. */
746 + if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) ||
747 +diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
748 +index af275ac427954..5351959fbaba3 100644
749 +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
750 ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
751 +@@ -11386,6 +11386,7 @@ scsih_shutdown(struct pci_dev *pdev)
752 + _scsih_ir_shutdown(ioc);
753 + _scsih_nvme_shutdown(ioc);
754 + mpt3sas_base_mask_interrupts(ioc);
755 ++ mpt3sas_base_stop_watchdog(ioc);
756 + ioc->shost_recovery = 1;
757 + mpt3sas_base_make_ioc_ready(ioc, SOFT_RESET);
758 + ioc->shost_recovery = 0;
759 +diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
760 +index a06c61f22742e..6e2f82152b4a1 100644
761 +--- a/drivers/scsi/scsi_ioctl.c
762 ++++ b/drivers/scsi/scsi_ioctl.c
763 +@@ -457,7 +457,7 @@ static int sg_io(struct scsi_device *sdev, struct gendisk *disk,
764 + goto out_free_cdb;
765 +
766 + ret = 0;
767 +- if (hdr->iovec_count) {
768 ++ if (hdr->iovec_count && hdr->dxfer_len) {
769 + struct iov_iter i;
770 + struct iovec *iov = NULL;
771 +
772 +diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c
773 +index 87975d1a21c8b..adc302b1a57ae 100644
774 +--- a/drivers/scsi/ufs/ufshcd-pltfrm.c
775 ++++ b/drivers/scsi/ufs/ufshcd-pltfrm.c
776 +@@ -107,9 +107,20 @@ out:
777 + return ret;
778 + }
779 +
780 ++static bool phandle_exists(const struct device_node *np,
781 ++ const char *phandle_name, int index)
782 ++{
783 ++ struct device_node *parse_np = of_parse_phandle(np, phandle_name, index);
784 ++
785 ++ if (parse_np)
786 ++ of_node_put(parse_np);
787 ++
788 ++ return parse_np != NULL;
789 ++}
790 ++
791 + #define MAX_PROP_SIZE 32
792 + static int ufshcd_populate_vreg(struct device *dev, const char *name,
793 +- struct ufs_vreg **out_vreg)
794 ++ struct ufs_vreg **out_vreg)
795 + {
796 + char prop_name[MAX_PROP_SIZE];
797 + struct ufs_vreg *vreg = NULL;
798 +@@ -121,7 +132,7 @@ static int ufshcd_populate_vreg(struct device *dev, const char *name,
799 + }
800 +
801 + snprintf(prop_name, MAX_PROP_SIZE, "%s-supply", name);
802 +- if (!of_parse_phandle(np, prop_name, 0)) {
803 ++ if (!phandle_exists(np, prop_name, 0)) {
804 + dev_info(dev, "%s: Unable to find %s regulator, assuming enabled\n",
805 + __func__, prop_name);
806 + goto out;
807 +diff --git a/fs/ntfs/attrib.c b/fs/ntfs/attrib.c
808 +index d563abc3e1364..914e991731300 100644
809 +--- a/fs/ntfs/attrib.c
810 ++++ b/fs/ntfs/attrib.c
811 +@@ -592,8 +592,12 @@ static int ntfs_attr_find(const ATTR_TYPE type, const ntfschar *name,
812 + a = (ATTR_RECORD*)((u8*)ctx->attr +
813 + le32_to_cpu(ctx->attr->length));
814 + for (;; a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) {
815 +- if ((u8*)a < (u8*)ctx->mrec || (u8*)a > (u8*)ctx->mrec +
816 +- le32_to_cpu(ctx->mrec->bytes_allocated))
817 ++ u8 *mrec_end = (u8 *)ctx->mrec +
818 ++ le32_to_cpu(ctx->mrec->bytes_allocated);
819 ++ u8 *name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
820 ++ a->name_length * sizeof(ntfschar);
821 ++ if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end ||
822 ++ name_end > mrec_end)
823 + break;
824 + ctx->attr = a;
825 + if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) ||
826 +diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
827 +index bb62cc2e0211b..cf21aecdf5476 100644
828 +--- a/fs/ocfs2/ocfs2.h
829 ++++ b/fs/ocfs2/ocfs2.h
830 +@@ -277,7 +277,6 @@ enum ocfs2_mount_options
831 + OCFS2_MOUNT_JOURNAL_ASYNC_COMMIT = 1 << 15, /* Journal Async Commit */
832 + OCFS2_MOUNT_ERRORS_CONT = 1 << 16, /* Return EIO to the calling process on error */
833 + OCFS2_MOUNT_ERRORS_ROFS = 1 << 17, /* Change filesystem to read-only on error */
834 +- OCFS2_MOUNT_NOCLUSTER = 1 << 18, /* No cluster aware filesystem mount */
835 + };
836 +
837 + #define OCFS2_OSB_SOFT_RO 0x0001
838 +@@ -673,8 +672,7 @@ static inline int ocfs2_cluster_o2cb_global_heartbeat(struct ocfs2_super *osb)
839 +
840 + static inline int ocfs2_mount_local(struct ocfs2_super *osb)
841 + {
842 +- return ((osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_LOCAL_MOUNT)
843 +- || (osb->s_mount_opt & OCFS2_MOUNT_NOCLUSTER));
844 ++ return (osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_LOCAL_MOUNT);
845 + }
846 +
847 + static inline int ocfs2_uses_extended_slot_map(struct ocfs2_super *osb)
848 +diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c
849 +index 0b0ae3ebb0cf5..da7718cef735e 100644
850 +--- a/fs/ocfs2/slot_map.c
851 ++++ b/fs/ocfs2/slot_map.c
852 +@@ -252,16 +252,14 @@ static int __ocfs2_find_empty_slot(struct ocfs2_slot_info *si,
853 + int i, ret = -ENOSPC;
854 +
855 + if ((preferred >= 0) && (preferred < si->si_num_slots)) {
856 +- if (!si->si_slots[preferred].sl_valid ||
857 +- !si->si_slots[preferred].sl_node_num) {
858 ++ if (!si->si_slots[preferred].sl_valid) {
859 + ret = preferred;
860 + goto out;
861 + }
862 + }
863 +
864 + for(i = 0; i < si->si_num_slots; i++) {
865 +- if (!si->si_slots[i].sl_valid ||
866 +- !si->si_slots[i].sl_node_num) {
867 ++ if (!si->si_slots[i].sl_valid) {
868 + ret = i;
869 + break;
870 + }
871 +@@ -456,30 +454,24 @@ int ocfs2_find_slot(struct ocfs2_super *osb)
872 + spin_lock(&osb->osb_lock);
873 + ocfs2_update_slot_info(si);
874 +
875 +- if (ocfs2_mount_local(osb))
876 +- /* use slot 0 directly in local mode */
877 +- slot = 0;
878 +- else {
879 +- /* search for ourselves first and take the slot if it already
880 +- * exists. Perhaps we need to mark this in a variable for our
881 +- * own journal recovery? Possibly not, though we certainly
882 +- * need to warn to the user */
883 +- slot = __ocfs2_node_num_to_slot(si, osb->node_num);
884 ++ /* search for ourselves first and take the slot if it already
885 ++ * exists. Perhaps we need to mark this in a variable for our
886 ++ * own journal recovery? Possibly not, though we certainly
887 ++ * need to warn to the user */
888 ++ slot = __ocfs2_node_num_to_slot(si, osb->node_num);
889 ++ if (slot < 0) {
890 ++ /* if no slot yet, then just take 1st available
891 ++ * one. */
892 ++ slot = __ocfs2_find_empty_slot(si, osb->preferred_slot);
893 + if (slot < 0) {
894 +- /* if no slot yet, then just take 1st available
895 +- * one. */
896 +- slot = __ocfs2_find_empty_slot(si, osb->preferred_slot);
897 +- if (slot < 0) {
898 +- spin_unlock(&osb->osb_lock);
899 +- mlog(ML_ERROR, "no free slots available!\n");
900 +- status = -EINVAL;
901 +- goto bail;
902 +- }
903 +- } else
904 +- printk(KERN_INFO "ocfs2: Slot %d on device (%s) was "
905 +- "already allocated to this node!\n",
906 +- slot, osb->dev_str);
907 +- }
908 ++ spin_unlock(&osb->osb_lock);
909 ++ mlog(ML_ERROR, "no free slots available!\n");
910 ++ status = -EINVAL;
911 ++ goto bail;
912 ++ }
913 ++ } else
914 ++ printk(KERN_INFO "ocfs2: Slot %d on device (%s) was already "
915 ++ "allocated to this node!\n", slot, osb->dev_str);
916 +
917 + ocfs2_set_slot(si, slot, osb->node_num);
918 + osb->slot_num = slot;
919 +diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
920 +index 7ba3dabe16f09..a03f0cabff0bf 100644
921 +--- a/fs/ocfs2/super.c
922 ++++ b/fs/ocfs2/super.c
923 +@@ -173,7 +173,6 @@ enum {
924 + Opt_dir_resv_level,
925 + Opt_journal_async_commit,
926 + Opt_err_cont,
927 +- Opt_nocluster,
928 + Opt_err,
929 + };
930 +
931 +@@ -207,7 +206,6 @@ static const match_table_t tokens = {
932 + {Opt_dir_resv_level, "dir_resv_level=%u"},
933 + {Opt_journal_async_commit, "journal_async_commit"},
934 + {Opt_err_cont, "errors=continue"},
935 +- {Opt_nocluster, "nocluster"},
936 + {Opt_err, NULL}
937 + };
938 +
939 +@@ -619,13 +617,6 @@ static int ocfs2_remount(struct super_block *sb, int *flags, char *data)
940 + goto out;
941 + }
942 +
943 +- tmp = OCFS2_MOUNT_NOCLUSTER;
944 +- if ((osb->s_mount_opt & tmp) != (parsed_options.mount_opt & tmp)) {
945 +- ret = -EINVAL;
946 +- mlog(ML_ERROR, "Cannot change nocluster option on remount\n");
947 +- goto out;
948 +- }
949 +-
950 + tmp = OCFS2_MOUNT_HB_LOCAL | OCFS2_MOUNT_HB_GLOBAL |
951 + OCFS2_MOUNT_HB_NONE;
952 + if ((osb->s_mount_opt & tmp) != (parsed_options.mount_opt & tmp)) {
953 +@@ -866,7 +857,6 @@ static int ocfs2_verify_userspace_stack(struct ocfs2_super *osb,
954 + }
955 +
956 + if (ocfs2_userspace_stack(osb) &&
957 +- !(osb->s_mount_opt & OCFS2_MOUNT_NOCLUSTER) &&
958 + strncmp(osb->osb_cluster_stack, mopt->cluster_stack,
959 + OCFS2_STACK_LABEL_LEN)) {
960 + mlog(ML_ERROR,
961 +@@ -1145,11 +1135,6 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent)
962 + osb->s_mount_opt & OCFS2_MOUNT_DATA_WRITEBACK ? "writeback" :
963 + "ordered");
964 +
965 +- if ((osb->s_mount_opt & OCFS2_MOUNT_NOCLUSTER) &&
966 +- !(osb->s_feature_incompat & OCFS2_FEATURE_INCOMPAT_LOCAL_MOUNT))
967 +- printk(KERN_NOTICE "ocfs2: The shared device (%s) is mounted "
968 +- "without cluster aware mode.\n", osb->dev_str);
969 +-
970 + atomic_set(&osb->vol_state, VOLUME_MOUNTED);
971 + wake_up(&osb->osb_mount_event);
972 +
973 +@@ -1456,9 +1441,6 @@ static int ocfs2_parse_options(struct super_block *sb,
974 + case Opt_journal_async_commit:
975 + mopt->mount_opt |= OCFS2_MOUNT_JOURNAL_ASYNC_COMMIT;
976 + break;
977 +- case Opt_nocluster:
978 +- mopt->mount_opt |= OCFS2_MOUNT_NOCLUSTER;
979 +- break;
980 + default:
981 + mlog(ML_ERROR,
982 + "Unrecognized mount option \"%s\" "
983 +@@ -1570,9 +1552,6 @@ static int ocfs2_show_options(struct seq_file *s, struct dentry *root)
984 + if (opts & OCFS2_MOUNT_JOURNAL_ASYNC_COMMIT)
985 + seq_printf(s, ",journal_async_commit");
986 +
987 +- if (opts & OCFS2_MOUNT_NOCLUSTER)
988 +- seq_printf(s, ",nocluster");
989 +-
990 + return 0;
991 + }
992 +
993 +diff --git a/fs/read_write.c b/fs/read_write.c
994 +index c6db1a0762fab..8d3ec975514d0 100644
995 +--- a/fs/read_write.c
996 ++++ b/fs/read_write.c
997 +@@ -1250,6 +1250,9 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
998 + count, fl);
999 + file_end_write(out.file);
1000 + } else {
1001 ++ if (out.file->f_flags & O_NONBLOCK)
1002 ++ fl |= SPLICE_F_NONBLOCK;
1003 ++
1004 + retval = splice_file_to_pipe(in.file, opipe, &pos, count, fl);
1005 + }
1006 +
1007 +diff --git a/include/asm-generic/io.h b/include/asm-generic/io.h
1008 +index 7ce93aaf69f8d..98954dda57344 100644
1009 +--- a/include/asm-generic/io.h
1010 ++++ b/include/asm-generic/io.h
1011 +@@ -1125,9 +1125,7 @@ static inline void memcpy_toio(volatile void __iomem *addr, const void *buffer,
1012 + }
1013 + #endif
1014 +
1015 +-#ifndef CONFIG_GENERIC_DEVMEM_IS_ALLOWED
1016 + extern int devmem_is_allowed(unsigned long pfn);
1017 +-#endif
1018 +
1019 + #endif /* __KERNEL__ */
1020 +
1021 +diff --git a/include/net/addrconf.h b/include/net/addrconf.h
1022 +index 59940e230b782..53627afab1044 100644
1023 +--- a/include/net/addrconf.h
1024 ++++ b/include/net/addrconf.h
1025 +@@ -403,6 +403,9 @@ static inline bool ip6_ignore_linkdown(const struct net_device *dev)
1026 + {
1027 + const struct inet6_dev *idev = __in6_dev_get(dev);
1028 +
1029 ++ if (unlikely(!idev))
1030 ++ return true;
1031 ++
1032 + return !!idev->cnf.ignore_routes_with_linkdown;
1033 + }
1034 +
1035 +diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
1036 +index 3c4f550e5a8b7..2f766e3437ce2 100644
1037 +--- a/include/net/bluetooth/l2cap.h
1038 ++++ b/include/net/bluetooth/l2cap.h
1039 +@@ -847,6 +847,7 @@ enum {
1040 + };
1041 +
1042 + void l2cap_chan_hold(struct l2cap_chan *c);
1043 ++struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c);
1044 + void l2cap_chan_put(struct l2cap_chan *c);
1045 +
1046 + static inline void l2cap_chan_lock(struct l2cap_chan *chan)
1047 +diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
1048 +index fa6a87246a7b8..695ed45841f06 100644
1049 +--- a/include/net/inet_connection_sock.h
1050 ++++ b/include/net/inet_connection_sock.h
1051 +@@ -315,7 +315,7 @@ void inet_csk_update_fastreuse(struct inet_bind_bucket *tb,
1052 +
1053 + struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu);
1054 +
1055 +-#define TCP_PINGPONG_THRESH 3
1056 ++#define TCP_PINGPONG_THRESH 1
1057 +
1058 + static inline void inet_csk_enter_pingpong_mode(struct sock *sk)
1059 + {
1060 +@@ -332,14 +332,6 @@ static inline bool inet_csk_in_pingpong_mode(struct sock *sk)
1061 + return inet_csk(sk)->icsk_ack.pingpong >= TCP_PINGPONG_THRESH;
1062 + }
1063 +
1064 +-static inline void inet_csk_inc_pingpong_cnt(struct sock *sk)
1065 +-{
1066 +- struct inet_connection_sock *icsk = inet_csk(sk);
1067 +-
1068 +- if (icsk->icsk_ack.pingpong < U8_MAX)
1069 +- icsk->icsk_ack.pingpong++;
1070 +-}
1071 +-
1072 + static inline bool inet_csk_has_ulp(struct sock *sk)
1073 + {
1074 + return inet_sk(sk)->is_icsk && !!inet_csk(sk)->icsk_ulp_ops;
1075 +diff --git a/include/net/sock.h b/include/net/sock.h
1076 +index 96f51d4b16499..819c53965ef35 100644
1077 +--- a/include/net/sock.h
1078 ++++ b/include/net/sock.h
1079 +@@ -2765,18 +2765,18 @@ static inline int sk_get_wmem0(const struct sock *sk, const struct proto *proto)
1080 + {
1081 + /* Does this proto have per netns sysctl_wmem ? */
1082 + if (proto->sysctl_wmem_offset)
1083 +- return *(int *)((void *)sock_net(sk) + proto->sysctl_wmem_offset);
1084 ++ return READ_ONCE(*(int *)((void *)sock_net(sk) + proto->sysctl_wmem_offset));
1085 +
1086 +- return *proto->sysctl_wmem;
1087 ++ return READ_ONCE(*proto->sysctl_wmem);
1088 + }
1089 +
1090 + static inline int sk_get_rmem0(const struct sock *sk, const struct proto *proto)
1091 + {
1092 + /* Does this proto have per netns sysctl_rmem ? */
1093 + if (proto->sysctl_rmem_offset)
1094 +- return *(int *)((void *)sock_net(sk) + proto->sysctl_rmem_offset);
1095 ++ return READ_ONCE(*(int *)((void *)sock_net(sk) + proto->sysctl_rmem_offset));
1096 +
1097 +- return *proto->sysctl_rmem;
1098 ++ return READ_ONCE(*proto->sysctl_rmem);
1099 + }
1100 +
1101 + /* Default TCP Small queue budget is ~1 ms of data (1sec >> 10)
1102 +diff --git a/include/net/tcp.h b/include/net/tcp.h
1103 +index 8ce8aafeef0f5..76b0d7f2b967f 100644
1104 +--- a/include/net/tcp.h
1105 ++++ b/include/net/tcp.h
1106 +@@ -1406,7 +1406,7 @@ void tcp_select_initial_window(const struct sock *sk, int __space,
1107 +
1108 + static inline int tcp_win_from_space(const struct sock *sk, int space)
1109 + {
1110 +- int tcp_adv_win_scale = sock_net(sk)->ipv4.sysctl_tcp_adv_win_scale;
1111 ++ int tcp_adv_win_scale = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_adv_win_scale);
1112 +
1113 + return tcp_adv_win_scale <= 0 ?
1114 + (space>>(-tcp_adv_win_scale)) :
1115 +diff --git a/kernel/locking/rwsem.c b/kernel/locking/rwsem.c
1116 +index e63f740c2cc84..4cc73e6f8974b 100644
1117 +--- a/kernel/locking/rwsem.c
1118 ++++ b/kernel/locking/rwsem.c
1119 +@@ -335,8 +335,6 @@ struct rwsem_waiter {
1120 + struct task_struct *task;
1121 + enum rwsem_waiter_type type;
1122 + unsigned long timeout;
1123 +-
1124 +- /* Writer only, not initialized in reader */
1125 + bool handoff_set;
1126 + };
1127 + #define rwsem_first_waiter(sem) \
1128 +@@ -456,10 +454,12 @@ static void rwsem_mark_wake(struct rw_semaphore *sem,
1129 + * to give up the lock), request a HANDOFF to
1130 + * force the issue.
1131 + */
1132 +- if (!(oldcount & RWSEM_FLAG_HANDOFF) &&
1133 +- time_after(jiffies, waiter->timeout)) {
1134 +- adjustment -= RWSEM_FLAG_HANDOFF;
1135 +- lockevent_inc(rwsem_rlock_handoff);
1136 ++ if (time_after(jiffies, waiter->timeout)) {
1137 ++ if (!(oldcount & RWSEM_FLAG_HANDOFF)) {
1138 ++ adjustment -= RWSEM_FLAG_HANDOFF;
1139 ++ lockevent_inc(rwsem_rlock_handoff);
1140 ++ }
1141 ++ waiter->handoff_set = true;
1142 + }
1143 +
1144 + atomic_long_add(-adjustment, &sem->count);
1145 +@@ -569,7 +569,7 @@ static void rwsem_mark_wake(struct rw_semaphore *sem,
1146 + static inline bool rwsem_try_write_lock(struct rw_semaphore *sem,
1147 + struct rwsem_waiter *waiter)
1148 + {
1149 +- bool first = rwsem_first_waiter(sem) == waiter;
1150 ++ struct rwsem_waiter *first = rwsem_first_waiter(sem);
1151 + long count, new;
1152 +
1153 + lockdep_assert_held(&sem->wait_lock);
1154 +@@ -579,11 +579,20 @@ static inline bool rwsem_try_write_lock(struct rw_semaphore *sem,
1155 + bool has_handoff = !!(count & RWSEM_FLAG_HANDOFF);
1156 +
1157 + if (has_handoff) {
1158 +- if (!first)
1159 ++ /*
1160 ++ * Honor handoff bit and yield only when the first
1161 ++ * waiter is the one that set it. Otherwisee, we
1162 ++ * still try to acquire the rwsem.
1163 ++ */
1164 ++ if (first->handoff_set && (waiter != first))
1165 + return false;
1166 +
1167 +- /* First waiter inherits a previously set handoff bit */
1168 +- waiter->handoff_set = true;
1169 ++ /*
1170 ++ * First waiter can inherit a previously set handoff
1171 ++ * bit and spin on rwsem if lock acquisition fails.
1172 ++ */
1173 ++ if (waiter == first)
1174 ++ waiter->handoff_set = true;
1175 + }
1176 +
1177 + new = count;
1178 +@@ -978,6 +987,7 @@ queue:
1179 + waiter.task = current;
1180 + waiter.type = RWSEM_WAITING_FOR_READ;
1181 + waiter.timeout = jiffies + RWSEM_WAIT_TIMEOUT;
1182 ++ waiter.handoff_set = false;
1183 +
1184 + raw_spin_lock_irq(&sem->wait_lock);
1185 + if (list_empty(&sem->wait_list)) {
1186 +diff --git a/kernel/watch_queue.c b/kernel/watch_queue.c
1187 +index debebcd2664ef..1059ef6c3711a 100644
1188 +--- a/kernel/watch_queue.c
1189 ++++ b/kernel/watch_queue.c
1190 +@@ -457,6 +457,33 @@ void init_watch(struct watch *watch, struct watch_queue *wqueue)
1191 + rcu_assign_pointer(watch->queue, wqueue);
1192 + }
1193 +
1194 ++static int add_one_watch(struct watch *watch, struct watch_list *wlist, struct watch_queue *wqueue)
1195 ++{
1196 ++ const struct cred *cred;
1197 ++ struct watch *w;
1198 ++
1199 ++ hlist_for_each_entry(w, &wlist->watchers, list_node) {
1200 ++ struct watch_queue *wq = rcu_access_pointer(w->queue);
1201 ++ if (wqueue == wq && watch->id == w->id)
1202 ++ return -EBUSY;
1203 ++ }
1204 ++
1205 ++ cred = current_cred();
1206 ++ if (atomic_inc_return(&cred->user->nr_watches) > task_rlimit(current, RLIMIT_NOFILE)) {
1207 ++ atomic_dec(&cred->user->nr_watches);
1208 ++ return -EAGAIN;
1209 ++ }
1210 ++
1211 ++ watch->cred = get_cred(cred);
1212 ++ rcu_assign_pointer(watch->watch_list, wlist);
1213 ++
1214 ++ kref_get(&wqueue->usage);
1215 ++ kref_get(&watch->usage);
1216 ++ hlist_add_head(&watch->queue_node, &wqueue->watches);
1217 ++ hlist_add_head_rcu(&watch->list_node, &wlist->watchers);
1218 ++ return 0;
1219 ++}
1220 ++
1221 + /**
1222 + * add_watch_to_object - Add a watch on an object to a watch list
1223 + * @watch: The watch to add
1224 +@@ -471,34 +498,21 @@ void init_watch(struct watch *watch, struct watch_queue *wqueue)
1225 + */
1226 + int add_watch_to_object(struct watch *watch, struct watch_list *wlist)
1227 + {
1228 +- struct watch_queue *wqueue = rcu_access_pointer(watch->queue);
1229 +- struct watch *w;
1230 +-
1231 +- hlist_for_each_entry(w, &wlist->watchers, list_node) {
1232 +- struct watch_queue *wq = rcu_access_pointer(w->queue);
1233 +- if (wqueue == wq && watch->id == w->id)
1234 +- return -EBUSY;
1235 +- }
1236 +-
1237 +- watch->cred = get_current_cred();
1238 +- rcu_assign_pointer(watch->watch_list, wlist);
1239 ++ struct watch_queue *wqueue;
1240 ++ int ret = -ENOENT;
1241 +
1242 +- if (atomic_inc_return(&watch->cred->user->nr_watches) >
1243 +- task_rlimit(current, RLIMIT_NOFILE)) {
1244 +- atomic_dec(&watch->cred->user->nr_watches);
1245 +- put_cred(watch->cred);
1246 +- return -EAGAIN;
1247 +- }
1248 ++ rcu_read_lock();
1249 +
1250 ++ wqueue = rcu_access_pointer(watch->queue);
1251 + if (lock_wqueue(wqueue)) {
1252 +- kref_get(&wqueue->usage);
1253 +- kref_get(&watch->usage);
1254 +- hlist_add_head(&watch->queue_node, &wqueue->watches);
1255 ++ spin_lock(&wlist->lock);
1256 ++ ret = add_one_watch(watch, wlist, wqueue);
1257 ++ spin_unlock(&wlist->lock);
1258 + unlock_wqueue(wqueue);
1259 + }
1260 +
1261 +- hlist_add_head(&watch->list_node, &wlist->watchers);
1262 +- return 0;
1263 ++ rcu_read_unlock();
1264 ++ return ret;
1265 + }
1266 + EXPORT_SYMBOL(add_watch_to_object);
1267 +
1268 +diff --git a/mm/hmm.c b/mm/hmm.c
1269 +index bd56641c79d4e..3af995c814a66 100644
1270 +--- a/mm/hmm.c
1271 ++++ b/mm/hmm.c
1272 +@@ -212,14 +212,6 @@ int hmm_vma_handle_pmd(struct mm_walk *walk, unsigned long addr,
1273 + unsigned long end, unsigned long hmm_pfns[], pmd_t pmd);
1274 + #endif /* CONFIG_TRANSPARENT_HUGEPAGE */
1275 +
1276 +-static inline bool hmm_is_device_private_entry(struct hmm_range *range,
1277 +- swp_entry_t entry)
1278 +-{
1279 +- return is_device_private_entry(entry) &&
1280 +- pfn_swap_entry_to_page(entry)->pgmap->owner ==
1281 +- range->dev_private_owner;
1282 +-}
1283 +-
1284 + static inline unsigned long pte_to_hmm_pfn_flags(struct hmm_range *range,
1285 + pte_t pte)
1286 + {
1287 +@@ -252,10 +244,12 @@ static int hmm_vma_handle_pte(struct mm_walk *walk, unsigned long addr,
1288 + swp_entry_t entry = pte_to_swp_entry(pte);
1289 +
1290 + /*
1291 +- * Never fault in device private pages, but just report
1292 +- * the PFN even if not present.
1293 ++ * Don't fault in device private pages owned by the caller,
1294 ++ * just report the PFN.
1295 + */
1296 +- if (hmm_is_device_private_entry(range, entry)) {
1297 ++ if (is_device_private_entry(entry) &&
1298 ++ pfn_swap_entry_to_page(entry)->pgmap->owner ==
1299 ++ range->dev_private_owner) {
1300 + cpu_flags = HMM_PFN_VALID;
1301 + if (is_writable_device_private_entry(entry))
1302 + cpu_flags |= HMM_PFN_WRITE;
1303 +@@ -273,6 +267,9 @@ static int hmm_vma_handle_pte(struct mm_walk *walk, unsigned long addr,
1304 + if (!non_swap_entry(entry))
1305 + goto fault;
1306 +
1307 ++ if (is_device_private_entry(entry))
1308 ++ goto fault;
1309 ++
1310 + if (is_device_exclusive_entry(entry))
1311 + goto fault;
1312 +
1313 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1314 +index eed96302897ae..405793b8cf0d2 100644
1315 +--- a/mm/hugetlb.c
1316 ++++ b/mm/hugetlb.c
1317 +@@ -5314,6 +5314,7 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm,
1318 +
1319 + page = alloc_huge_page(dst_vma, dst_addr, 0);
1320 + if (IS_ERR(page)) {
1321 ++ put_page(*pagep);
1322 + ret = -ENOMEM;
1323 + *pagep = NULL;
1324 + goto out;
1325 +diff --git a/mm/memory.c b/mm/memory.c
1326 +index 036eb765c4e80..a4d0f744a458d 100644
1327 +--- a/mm/memory.c
1328 ++++ b/mm/memory.c
1329 +@@ -4071,9 +4071,12 @@ vm_fault_t finish_fault(struct vm_fault *vmf)
1330 + }
1331 + }
1332 +
1333 +- /* See comment in handle_pte_fault() */
1334 ++ /*
1335 ++ * See comment in handle_pte_fault() for how this scenario happens, we
1336 ++ * need to return NOPAGE so that we drop this page.
1337 ++ */
1338 + if (pmd_devmap_trans_unstable(vmf->pmd))
1339 +- return 0;
1340 ++ return VM_FAULT_NOPAGE;
1341 +
1342 + vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd,
1343 + vmf->address, &vmf->ptl);
1344 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c
1345 +index a0b7afae59e9c..61d7967897ced 100644
1346 +--- a/mm/page_alloc.c
1347 ++++ b/mm/page_alloc.c
1348 +@@ -3928,11 +3928,15 @@ static inline bool zone_watermark_fast(struct zone *z, unsigned int order,
1349 + * need to be calculated.
1350 + */
1351 + if (!order) {
1352 +- long fast_free;
1353 ++ long usable_free;
1354 ++ long reserved;
1355 +
1356 +- fast_free = free_pages;
1357 +- fast_free -= __zone_watermark_unusable_free(z, 0, alloc_flags);
1358 +- if (fast_free > mark + z->lowmem_reserve[highest_zoneidx])
1359 ++ usable_free = free_pages;
1360 ++ reserved = __zone_watermark_unusable_free(z, 0, alloc_flags);
1361 ++
1362 ++ /* reserved may over estimate high-atomic reserves. */
1363 ++ usable_free -= min(usable_free, reserved);
1364 ++ if (usable_free > mark + z->lowmem_reserve[highest_zoneidx])
1365 + return true;
1366 + }
1367 +
1368 +diff --git a/mm/secretmem.c b/mm/secretmem.c
1369 +index 5a62ef3bcfcff..14f49c0aa66e2 100644
1370 +--- a/mm/secretmem.c
1371 ++++ b/mm/secretmem.c
1372 +@@ -55,22 +55,28 @@ static vm_fault_t secretmem_fault(struct vm_fault *vmf)
1373 + gfp_t gfp = vmf->gfp_mask;
1374 + unsigned long addr;
1375 + struct page *page;
1376 ++ vm_fault_t ret;
1377 + int err;
1378 +
1379 + if (((loff_t)vmf->pgoff << PAGE_SHIFT) >= i_size_read(inode))
1380 + return vmf_error(-EINVAL);
1381 +
1382 ++ filemap_invalidate_lock_shared(mapping);
1383 ++
1384 + retry:
1385 + page = find_lock_page(mapping, offset);
1386 + if (!page) {
1387 + page = alloc_page(gfp | __GFP_ZERO);
1388 +- if (!page)
1389 +- return VM_FAULT_OOM;
1390 ++ if (!page) {
1391 ++ ret = VM_FAULT_OOM;
1392 ++ goto out;
1393 ++ }
1394 +
1395 + err = set_direct_map_invalid_noflush(page);
1396 + if (err) {
1397 + put_page(page);
1398 +- return vmf_error(err);
1399 ++ ret = vmf_error(err);
1400 ++ goto out;
1401 + }
1402 +
1403 + __SetPageUptodate(page);
1404 +@@ -86,7 +92,8 @@ retry:
1405 + if (err == -EEXIST)
1406 + goto retry;
1407 +
1408 +- return vmf_error(err);
1409 ++ ret = vmf_error(err);
1410 ++ goto out;
1411 + }
1412 +
1413 + addr = (unsigned long)page_address(page);
1414 +@@ -94,7 +101,11 @@ retry:
1415 + }
1416 +
1417 + vmf->page = page;
1418 +- return VM_FAULT_LOCKED;
1419 ++ ret = VM_FAULT_LOCKED;
1420 ++
1421 ++out:
1422 ++ filemap_invalidate_unlock_shared(mapping);
1423 ++ return ret;
1424 + }
1425 +
1426 + static const struct vm_operations_struct secretmem_vm_ops = {
1427 +@@ -162,12 +173,20 @@ static int secretmem_setattr(struct user_namespace *mnt_userns,
1428 + struct dentry *dentry, struct iattr *iattr)
1429 + {
1430 + struct inode *inode = d_inode(dentry);
1431 ++ struct address_space *mapping = inode->i_mapping;
1432 + unsigned int ia_valid = iattr->ia_valid;
1433 ++ int ret;
1434 ++
1435 ++ filemap_invalidate_lock(mapping);
1436 +
1437 + if ((ia_valid & ATTR_SIZE) && inode->i_size)
1438 +- return -EINVAL;
1439 ++ ret = -EINVAL;
1440 ++ else
1441 ++ ret = simple_setattr(mnt_userns, dentry, iattr);
1442 +
1443 +- return simple_setattr(mnt_userns, dentry, iattr);
1444 ++ filemap_invalidate_unlock(mapping);
1445 ++
1446 ++ return ret;
1447 + }
1448 +
1449 + static const struct inode_operations secretmem_iops = {
1450 +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
1451 +index c57a45df7a267..780073f6affcb 100644
1452 +--- a/net/bluetooth/l2cap_core.c
1453 ++++ b/net/bluetooth/l2cap_core.c
1454 +@@ -111,7 +111,8 @@ static struct l2cap_chan *__l2cap_get_chan_by_scid(struct l2cap_conn *conn,
1455 + }
1456 +
1457 + /* Find channel with given SCID.
1458 +- * Returns locked channel. */
1459 ++ * Returns a reference locked channel.
1460 ++ */
1461 + static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn,
1462 + u16 cid)
1463 + {
1464 +@@ -119,15 +120,19 @@ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn,
1465 +
1466 + mutex_lock(&conn->chan_lock);
1467 + c = __l2cap_get_chan_by_scid(conn, cid);
1468 +- if (c)
1469 +- l2cap_chan_lock(c);
1470 ++ if (c) {
1471 ++ /* Only lock if chan reference is not 0 */
1472 ++ c = l2cap_chan_hold_unless_zero(c);
1473 ++ if (c)
1474 ++ l2cap_chan_lock(c);
1475 ++ }
1476 + mutex_unlock(&conn->chan_lock);
1477 +
1478 + return c;
1479 + }
1480 +
1481 + /* Find channel with given DCID.
1482 +- * Returns locked channel.
1483 ++ * Returns a reference locked channel.
1484 + */
1485 + static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
1486 + u16 cid)
1487 +@@ -136,8 +141,12 @@ static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn,
1488 +
1489 + mutex_lock(&conn->chan_lock);
1490 + c = __l2cap_get_chan_by_dcid(conn, cid);
1491 +- if (c)
1492 +- l2cap_chan_lock(c);
1493 ++ if (c) {
1494 ++ /* Only lock if chan reference is not 0 */
1495 ++ c = l2cap_chan_hold_unless_zero(c);
1496 ++ if (c)
1497 ++ l2cap_chan_lock(c);
1498 ++ }
1499 + mutex_unlock(&conn->chan_lock);
1500 +
1501 + return c;
1502 +@@ -162,8 +171,12 @@ static struct l2cap_chan *l2cap_get_chan_by_ident(struct l2cap_conn *conn,
1503 +
1504 + mutex_lock(&conn->chan_lock);
1505 + c = __l2cap_get_chan_by_ident(conn, ident);
1506 +- if (c)
1507 +- l2cap_chan_lock(c);
1508 ++ if (c) {
1509 ++ /* Only lock if chan reference is not 0 */
1510 ++ c = l2cap_chan_hold_unless_zero(c);
1511 ++ if (c)
1512 ++ l2cap_chan_lock(c);
1513 ++ }
1514 + mutex_unlock(&conn->chan_lock);
1515 +
1516 + return c;
1517 +@@ -497,6 +510,16 @@ void l2cap_chan_hold(struct l2cap_chan *c)
1518 + kref_get(&c->kref);
1519 + }
1520 +
1521 ++struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c)
1522 ++{
1523 ++ BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref));
1524 ++
1525 ++ if (!kref_get_unless_zero(&c->kref))
1526 ++ return NULL;
1527 ++
1528 ++ return c;
1529 ++}
1530 ++
1531 + void l2cap_chan_put(struct l2cap_chan *c)
1532 + {
1533 + BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref));
1534 +@@ -1969,7 +1992,10 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1535 + src_match = !bacmp(&c->src, src);
1536 + dst_match = !bacmp(&c->dst, dst);
1537 + if (src_match && dst_match) {
1538 +- l2cap_chan_hold(c);
1539 ++ c = l2cap_chan_hold_unless_zero(c);
1540 ++ if (!c)
1541 ++ continue;
1542 ++
1543 + read_unlock(&chan_list_lock);
1544 + return c;
1545 + }
1546 +@@ -1984,7 +2010,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
1547 + }
1548 +
1549 + if (c1)
1550 +- l2cap_chan_hold(c1);
1551 ++ c1 = l2cap_chan_hold_unless_zero(c1);
1552 +
1553 + read_unlock(&chan_list_lock);
1554 +
1555 +@@ -4464,6 +4490,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
1556 +
1557 + unlock:
1558 + l2cap_chan_unlock(chan);
1559 ++ l2cap_chan_put(chan);
1560 + return err;
1561 + }
1562 +
1563 +@@ -4578,6 +4605,7 @@ static inline int l2cap_config_rsp(struct l2cap_conn *conn,
1564 +
1565 + done:
1566 + l2cap_chan_unlock(chan);
1567 ++ l2cap_chan_put(chan);
1568 + return err;
1569 + }
1570 +
1571 +@@ -5305,6 +5333,7 @@ send_move_response:
1572 + l2cap_send_move_chan_rsp(chan, result);
1573 +
1574 + l2cap_chan_unlock(chan);
1575 ++ l2cap_chan_put(chan);
1576 +
1577 + return 0;
1578 + }
1579 +@@ -5397,6 +5426,7 @@ static void l2cap_move_continue(struct l2cap_conn *conn, u16 icid, u16 result)
1580 + }
1581 +
1582 + l2cap_chan_unlock(chan);
1583 ++ l2cap_chan_put(chan);
1584 + }
1585 +
1586 + static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid,
1587 +@@ -5426,6 +5456,7 @@ static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid,
1588 + l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED);
1589 +
1590 + l2cap_chan_unlock(chan);
1591 ++ l2cap_chan_put(chan);
1592 + }
1593 +
1594 + static int l2cap_move_channel_rsp(struct l2cap_conn *conn,
1595 +@@ -5489,6 +5520,7 @@ static int l2cap_move_channel_confirm(struct l2cap_conn *conn,
1596 + l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid);
1597 +
1598 + l2cap_chan_unlock(chan);
1599 ++ l2cap_chan_put(chan);
1600 +
1601 + return 0;
1602 + }
1603 +@@ -5524,6 +5556,7 @@ static inline int l2cap_move_channel_confirm_rsp(struct l2cap_conn *conn,
1604 + }
1605 +
1606 + l2cap_chan_unlock(chan);
1607 ++ l2cap_chan_put(chan);
1608 +
1609 + return 0;
1610 + }
1611 +@@ -5896,12 +5929,11 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn,
1612 + if (credits > max_credits) {
1613 + BT_ERR("LE credits overflow");
1614 + l2cap_send_disconn_req(chan, ECONNRESET);
1615 +- l2cap_chan_unlock(chan);
1616 +
1617 + /* Return 0 so that we don't trigger an unnecessary
1618 + * command reject packet.
1619 + */
1620 +- return 0;
1621 ++ goto unlock;
1622 + }
1623 +
1624 + chan->tx_credits += credits;
1625 +@@ -5912,7 +5944,9 @@ static inline int l2cap_le_credits(struct l2cap_conn *conn,
1626 + if (chan->tx_credits)
1627 + chan->ops->resume(chan);
1628 +
1629 ++unlock:
1630 + l2cap_chan_unlock(chan);
1631 ++ l2cap_chan_put(chan);
1632 +
1633 + return 0;
1634 + }
1635 +@@ -7598,6 +7632,7 @@ drop:
1636 +
1637 + done:
1638 + l2cap_chan_unlock(chan);
1639 ++ l2cap_chan_put(chan);
1640 + }
1641 +
1642 + static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm,
1643 +@@ -8086,7 +8121,7 @@ static struct l2cap_chan *l2cap_global_fixed_chan(struct l2cap_chan *c,
1644 + if (src_type != c->src_type)
1645 + continue;
1646 +
1647 +- l2cap_chan_hold(c);
1648 ++ c = l2cap_chan_hold_unless_zero(c);
1649 + read_unlock(&chan_list_lock);
1650 + return c;
1651 + }
1652 +diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
1653 +index dc92a67baea39..7d542eb461729 100644
1654 +--- a/net/decnet/af_decnet.c
1655 ++++ b/net/decnet/af_decnet.c
1656 +@@ -480,8 +480,8 @@ static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gf
1657 + sk->sk_family = PF_DECnet;
1658 + sk->sk_protocol = 0;
1659 + sk->sk_allocation = gfp;
1660 +- sk->sk_sndbuf = sysctl_decnet_wmem[1];
1661 +- sk->sk_rcvbuf = sysctl_decnet_rmem[1];
1662 ++ sk->sk_sndbuf = READ_ONCE(sysctl_decnet_wmem[1]);
1663 ++ sk->sk_rcvbuf = READ_ONCE(sysctl_decnet_rmem[1]);
1664 +
1665 + /* Initialization of DECnet Session Control Port */
1666 + scp = DN_SK(sk);
1667 +diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
1668 +index a9cd9c2bd84eb..19c6e7b93d3d8 100644
1669 +--- a/net/ipv4/fib_trie.c
1670 ++++ b/net/ipv4/fib_trie.c
1671 +@@ -1037,6 +1037,7 @@ fib_find_matching_alias(struct net *net, const struct fib_rt_info *fri)
1672 +
1673 + void fib_alias_hw_flags_set(struct net *net, const struct fib_rt_info *fri)
1674 + {
1675 ++ u8 fib_notify_on_flag_change;
1676 + struct fib_alias *fa_match;
1677 + struct sk_buff *skb;
1678 + int err;
1679 +@@ -1058,14 +1059,16 @@ void fib_alias_hw_flags_set(struct net *net, const struct fib_rt_info *fri)
1680 + WRITE_ONCE(fa_match->offload, fri->offload);
1681 + WRITE_ONCE(fa_match->trap, fri->trap);
1682 +
1683 ++ fib_notify_on_flag_change = READ_ONCE(net->ipv4.sysctl_fib_notify_on_flag_change);
1684 ++
1685 + /* 2 means send notifications only if offload_failed was changed. */
1686 +- if (net->ipv4.sysctl_fib_notify_on_flag_change == 2 &&
1687 ++ if (fib_notify_on_flag_change == 2 &&
1688 + READ_ONCE(fa_match->offload_failed) == fri->offload_failed)
1689 + goto out;
1690 +
1691 + WRITE_ONCE(fa_match->offload_failed, fri->offload_failed);
1692 +
1693 +- if (!net->ipv4.sysctl_fib_notify_on_flag_change)
1694 ++ if (!fib_notify_on_flag_change)
1695 + goto out;
1696 +
1697 + skb = nlmsg_new(fib_nlmsg_size(fa_match->fa_info), GFP_ATOMIC);
1698 +diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
1699 +index 9f4674244aff3..e07d10b2c4868 100644
1700 +--- a/net/ipv4/igmp.c
1701 ++++ b/net/ipv4/igmp.c
1702 +@@ -827,7 +827,7 @@ static void igmp_ifc_event(struct in_device *in_dev)
1703 + struct net *net = dev_net(in_dev->dev);
1704 + if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
1705 + return;
1706 +- WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv);
1707 ++ WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv));
1708 + igmp_ifc_start_timer(in_dev, 1);
1709 + }
1710 +
1711 +@@ -1009,7 +1009,7 @@ static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
1712 + * received value was zero, use the default or statically
1713 + * configured value.
1714 + */
1715 +- in_dev->mr_qrv = ih3->qrv ?: net->ipv4.sysctl_igmp_qrv;
1716 ++ in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1717 + in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL;
1718 +
1719 + /* RFC3376, 8.3. Query Response Interval:
1720 +@@ -1189,7 +1189,7 @@ static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im,
1721 + pmc->interface = im->interface;
1722 + in_dev_hold(in_dev);
1723 + pmc->multiaddr = im->multiaddr;
1724 +- pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1725 ++ pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1726 + pmc->sfmode = im->sfmode;
1727 + if (pmc->sfmode == MCAST_INCLUDE) {
1728 + struct ip_sf_list *psf;
1729 +@@ -1240,9 +1240,11 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
1730 + swap(im->tomb, pmc->tomb);
1731 + swap(im->sources, pmc->sources);
1732 + for (psf = im->sources; psf; psf = psf->sf_next)
1733 +- psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1734 ++ psf->sf_crcount = in_dev->mr_qrv ?:
1735 ++ READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1736 + } else {
1737 +- im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1738 ++ im->crcount = in_dev->mr_qrv ?:
1739 ++ READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1740 + }
1741 + in_dev_put(pmc->interface);
1742 + kfree_pmc(pmc);
1743 +@@ -1349,7 +1351,7 @@ static void igmp_group_added(struct ip_mc_list *im)
1744 + if (in_dev->dead)
1745 + return;
1746 +
1747 +- im->unsolicit_count = net->ipv4.sysctl_igmp_qrv;
1748 ++ im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1749 + if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) {
1750 + spin_lock_bh(&im->lock);
1751 + igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
1752 +@@ -1363,7 +1365,7 @@ static void igmp_group_added(struct ip_mc_list *im)
1753 + * IN() to IN(A).
1754 + */
1755 + if (im->sfmode == MCAST_EXCLUDE)
1756 +- im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1757 ++ im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1758 +
1759 + igmp_ifc_event(in_dev);
1760 + #endif
1761 +@@ -1754,7 +1756,7 @@ static void ip_mc_reset(struct in_device *in_dev)
1762 +
1763 + in_dev->mr_qi = IGMP_QUERY_INTERVAL;
1764 + in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL;
1765 +- in_dev->mr_qrv = net->ipv4.sysctl_igmp_qrv;
1766 ++ in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1767 + }
1768 + #else
1769 + static void ip_mc_reset(struct in_device *in_dev)
1770 +@@ -1888,7 +1890,7 @@ static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
1771 + #ifdef CONFIG_IP_MULTICAST
1772 + if (psf->sf_oldin &&
1773 + !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
1774 +- psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1775 ++ psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1776 + psf->sf_next = pmc->tomb;
1777 + pmc->tomb = psf;
1778 + rv = 1;
1779 +@@ -1952,7 +1954,7 @@ static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1780 + /* filter mode change */
1781 + pmc->sfmode = MCAST_INCLUDE;
1782 + #ifdef CONFIG_IP_MULTICAST
1783 +- pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1784 ++ pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1785 + WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
1786 + for (psf = pmc->sources; psf; psf = psf->sf_next)
1787 + psf->sf_crcount = 0;
1788 +@@ -2131,7 +2133,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1789 + #ifdef CONFIG_IP_MULTICAST
1790 + /* else no filters; keep old mode for reports */
1791 +
1792 +- pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv;
1793 ++ pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1794 + WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
1795 + for (psf = pmc->sources; psf; psf = psf->sf_next)
1796 + psf->sf_crcount = 0;
1797 +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
1798 +index 1abdb87126559..2097eeaf30a67 100644
1799 +--- a/net/ipv4/tcp.c
1800 ++++ b/net/ipv4/tcp.c
1801 +@@ -458,8 +458,8 @@ void tcp_init_sock(struct sock *sk)
1802 +
1803 + icsk->icsk_sync_mss = tcp_sync_mss;
1804 +
1805 +- WRITE_ONCE(sk->sk_sndbuf, sock_net(sk)->ipv4.sysctl_tcp_wmem[1]);
1806 +- WRITE_ONCE(sk->sk_rcvbuf, sock_net(sk)->ipv4.sysctl_tcp_rmem[1]);
1807 ++ WRITE_ONCE(sk->sk_sndbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1]));
1808 ++ WRITE_ONCE(sk->sk_rcvbuf, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1]));
1809 +
1810 + sk_sockets_allocated_inc(sk);
1811 + sk->sk_route_forced_caps = NETIF_F_GSO;
1812 +@@ -694,7 +694,7 @@ static bool tcp_should_autocork(struct sock *sk, struct sk_buff *skb,
1813 + int size_goal)
1814 + {
1815 + return skb->len < size_goal &&
1816 +- sock_net(sk)->ipv4.sysctl_tcp_autocorking &&
1817 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_autocorking) &&
1818 + !tcp_rtx_queue_empty(sk) &&
1819 + refcount_read(&sk->sk_wmem_alloc) > skb->truesize;
1820 + }
1821 +@@ -1722,7 +1722,7 @@ int tcp_set_rcvlowat(struct sock *sk, int val)
1822 + if (sk->sk_userlocks & SOCK_RCVBUF_LOCK)
1823 + cap = sk->sk_rcvbuf >> 1;
1824 + else
1825 +- cap = sock_net(sk)->ipv4.sysctl_tcp_rmem[2] >> 1;
1826 ++ cap = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]) >> 1;
1827 + val = min(val, cap);
1828 + WRITE_ONCE(sk->sk_rcvlowat, val ? : 1);
1829 +
1830 +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1831 +index 2d21d8bf3b8cc..a33e6aa42a4c5 100644
1832 +--- a/net/ipv4/tcp_input.c
1833 ++++ b/net/ipv4/tcp_input.c
1834 +@@ -426,7 +426,7 @@ static void tcp_sndbuf_expand(struct sock *sk)
1835 +
1836 + if (sk->sk_sndbuf < sndmem)
1837 + WRITE_ONCE(sk->sk_sndbuf,
1838 +- min(sndmem, sock_net(sk)->ipv4.sysctl_tcp_wmem[2]));
1839 ++ min(sndmem, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[2])));
1840 + }
1841 +
1842 + /* 2. Tuning advertised window (window_clamp, rcv_ssthresh)
1843 +@@ -461,7 +461,7 @@ static int __tcp_grow_window(const struct sock *sk, const struct sk_buff *skb,
1844 + struct tcp_sock *tp = tcp_sk(sk);
1845 + /* Optimize this! */
1846 + int truesize = tcp_win_from_space(sk, skbtruesize) >> 1;
1847 +- int window = tcp_win_from_space(sk, sock_net(sk)->ipv4.sysctl_tcp_rmem[2]) >> 1;
1848 ++ int window = tcp_win_from_space(sk, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2])) >> 1;
1849 +
1850 + while (tp->rcv_ssthresh <= window) {
1851 + if (truesize <= skb->len)
1852 +@@ -526,7 +526,7 @@ static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb,
1853 + */
1854 + static void tcp_init_buffer_space(struct sock *sk)
1855 + {
1856 +- int tcp_app_win = sock_net(sk)->ipv4.sysctl_tcp_app_win;
1857 ++ int tcp_app_win = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_app_win);
1858 + struct tcp_sock *tp = tcp_sk(sk);
1859 + int maxwin;
1860 +
1861 +@@ -566,16 +566,17 @@ static void tcp_clamp_window(struct sock *sk)
1862 + struct tcp_sock *tp = tcp_sk(sk);
1863 + struct inet_connection_sock *icsk = inet_csk(sk);
1864 + struct net *net = sock_net(sk);
1865 ++ int rmem2;
1866 +
1867 + icsk->icsk_ack.quick = 0;
1868 ++ rmem2 = READ_ONCE(net->ipv4.sysctl_tcp_rmem[2]);
1869 +
1870 +- if (sk->sk_rcvbuf < net->ipv4.sysctl_tcp_rmem[2] &&
1871 ++ if (sk->sk_rcvbuf < rmem2 &&
1872 + !(sk->sk_userlocks & SOCK_RCVBUF_LOCK) &&
1873 + !tcp_under_memory_pressure(sk) &&
1874 + sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)) {
1875 + WRITE_ONCE(sk->sk_rcvbuf,
1876 +- min(atomic_read(&sk->sk_rmem_alloc),
1877 +- net->ipv4.sysctl_tcp_rmem[2]));
1878 ++ min(atomic_read(&sk->sk_rmem_alloc), rmem2));
1879 + }
1880 + if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
1881 + tp->rcv_ssthresh = min(tp->window_clamp, 2U * tp->advmss);
1882 +@@ -716,7 +717,7 @@ void tcp_rcv_space_adjust(struct sock *sk)
1883 + * <prev RTT . ><current RTT .. ><next RTT .... >
1884 + */
1885 +
1886 +- if (sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf &&
1887 ++ if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf) &&
1888 + !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
1889 + int rcvmem, rcvbuf;
1890 + u64 rcvwin, grow;
1891 +@@ -737,7 +738,7 @@ void tcp_rcv_space_adjust(struct sock *sk)
1892 +
1893 + do_div(rcvwin, tp->advmss);
1894 + rcvbuf = min_t(u64, rcvwin * rcvmem,
1895 +- sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
1896 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]));
1897 + if (rcvbuf > sk->sk_rcvbuf) {
1898 + WRITE_ONCE(sk->sk_rcvbuf, rcvbuf);
1899 +
1900 +@@ -902,9 +903,9 @@ static void tcp_update_pacing_rate(struct sock *sk)
1901 + * end of slow start and should slow down.
1902 + */
1903 + if (tcp_snd_cwnd(tp) < tp->snd_ssthresh / 2)
1904 +- rate *= sock_net(sk)->ipv4.sysctl_tcp_pacing_ss_ratio;
1905 ++ rate *= READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_pacing_ss_ratio);
1906 + else
1907 +- rate *= sock_net(sk)->ipv4.sysctl_tcp_pacing_ca_ratio;
1908 ++ rate *= READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_pacing_ca_ratio);
1909 +
1910 + rate *= max(tcp_snd_cwnd(tp), tp->packets_out);
1911 +
1912 +@@ -2167,7 +2168,7 @@ void tcp_enter_loss(struct sock *sk)
1913 + * loss recovery is underway except recurring timeout(s) on
1914 + * the same SND.UNA (sec 3.2). Disable F-RTO on path MTU probing
1915 + */
1916 +- tp->frto = net->ipv4.sysctl_tcp_frto &&
1917 ++ tp->frto = READ_ONCE(net->ipv4.sysctl_tcp_frto) &&
1918 + (new_recovery || icsk->icsk_retransmits) &&
1919 + !inet_csk(sk)->icsk_mtup.probe_size;
1920 + }
1921 +@@ -3050,7 +3051,7 @@ static void tcp_fastretrans_alert(struct sock *sk, const u32 prior_snd_una,
1922 +
1923 + static void tcp_update_rtt_min(struct sock *sk, u32 rtt_us, const int flag)
1924 + {
1925 +- u32 wlen = sock_net(sk)->ipv4.sysctl_tcp_min_rtt_wlen * HZ;
1926 ++ u32 wlen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_rtt_wlen) * HZ;
1927 + struct tcp_sock *tp = tcp_sk(sk);
1928 +
1929 + if ((flag & FLAG_ACK_MAYBE_DELAYED) && rtt_us > tcp_min_rtt(tp)) {
1930 +@@ -3574,7 +3575,8 @@ static bool __tcp_oow_rate_limited(struct net *net, int mib_idx,
1931 + if (*last_oow_ack_time) {
1932 + s32 elapsed = (s32)(tcp_jiffies32 - *last_oow_ack_time);
1933 +
1934 +- if (0 <= elapsed && elapsed < net->ipv4.sysctl_tcp_invalid_ratelimit) {
1935 ++ if (0 <= elapsed &&
1936 ++ elapsed < READ_ONCE(net->ipv4.sysctl_tcp_invalid_ratelimit)) {
1937 + NET_INC_STATS(net, mib_idx);
1938 + return true; /* rate-limited: don't send yet! */
1939 + }
1940 +@@ -3622,7 +3624,7 @@ static void tcp_send_challenge_ack(struct sock *sk, const struct sk_buff *skb)
1941 + /* Then check host-wide RFC 5961 rate limit. */
1942 + now = jiffies / HZ;
1943 + if (now != challenge_timestamp) {
1944 +- u32 ack_limit = net->ipv4.sysctl_tcp_challenge_ack_limit;
1945 ++ u32 ack_limit = READ_ONCE(net->ipv4.sysctl_tcp_challenge_ack_limit);
1946 + u32 half = (ack_limit + 1) >> 1;
1947 +
1948 + challenge_timestamp = now;
1949 +@@ -4419,7 +4421,7 @@ static void tcp_dsack_set(struct sock *sk, u32 seq, u32 end_seq)
1950 + {
1951 + struct tcp_sock *tp = tcp_sk(sk);
1952 +
1953 +- if (tcp_is_sack(tp) && sock_net(sk)->ipv4.sysctl_tcp_dsack) {
1954 ++ if (tcp_is_sack(tp) && READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_dsack)) {
1955 + int mib_idx;
1956 +
1957 + if (before(seq, tp->rcv_nxt))
1958 +@@ -4466,7 +4468,7 @@ static void tcp_send_dupack(struct sock *sk, const struct sk_buff *skb)
1959 + NET_INC_STATS(sock_net(sk), LINUX_MIB_DELAYEDACKLOST);
1960 + tcp_enter_quickack_mode(sk, TCP_MAX_QUICKACKS);
1961 +
1962 +- if (tcp_is_sack(tp) && sock_net(sk)->ipv4.sysctl_tcp_dsack) {
1963 ++ if (tcp_is_sack(tp) && READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_dsack)) {
1964 + u32 end_seq = TCP_SKB_CB(skb)->end_seq;
1965 +
1966 + tcp_rcv_spurious_retrans(sk, skb);
1967 +@@ -5489,7 +5491,7 @@ send_now:
1968 + }
1969 +
1970 + if (!tcp_is_sack(tp) ||
1971 +- tp->compressed_ack >= sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr)
1972 ++ tp->compressed_ack >= READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr))
1973 + goto send_now;
1974 +
1975 + if (tp->compressed_ack_rcv_nxt != tp->rcv_nxt) {
1976 +@@ -5510,11 +5512,12 @@ send_now:
1977 + if (tp->srtt_us && tp->srtt_us < rtt)
1978 + rtt = tp->srtt_us;
1979 +
1980 +- delay = min_t(unsigned long, sock_net(sk)->ipv4.sysctl_tcp_comp_sack_delay_ns,
1981 ++ delay = min_t(unsigned long,
1982 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_sack_delay_ns),
1983 + rtt * (NSEC_PER_USEC >> 3)/20);
1984 + sock_hold(sk);
1985 + hrtimer_start_range_ns(&tp->compressed_ack_timer, ns_to_ktime(delay),
1986 +- sock_net(sk)->ipv4.sysctl_tcp_comp_sack_slack_ns,
1987 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_sack_slack_ns),
1988 + HRTIMER_MODE_REL_PINNED_SOFT);
1989 + }
1990 +
1991 +diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
1992 +index fba02cf6b4686..dae0776c49487 100644
1993 +--- a/net/ipv4/tcp_ipv4.c
1994 ++++ b/net/ipv4/tcp_ipv4.c
1995 +@@ -1004,7 +1004,7 @@ static int tcp_v4_send_synack(const struct sock *sk, struct dst_entry *dst,
1996 + if (skb) {
1997 + __tcp_v4_send_check(skb, ireq->ir_loc_addr, ireq->ir_rmt_addr);
1998 +
1999 +- tos = sock_net(sk)->ipv4.sysctl_tcp_reflect_tos ?
2000 ++ tos = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ?
2001 + (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
2002 + (inet_sk(sk)->tos & INET_ECN_MASK) :
2003 + inet_sk(sk)->tos;
2004 +@@ -1590,7 +1590,7 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
2005 + /* Set ToS of the new socket based upon the value of incoming SYN.
2006 + * ECT bits are set later in tcp_init_transfer().
2007 + */
2008 +- if (sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)
2009 ++ if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos))
2010 + newinet->tos = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
2011 +
2012 + if (!dst) {
2013 +diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
2014 +index a501150deaa3b..d58e672be31c7 100644
2015 +--- a/net/ipv4/tcp_metrics.c
2016 ++++ b/net/ipv4/tcp_metrics.c
2017 +@@ -329,7 +329,7 @@ void tcp_update_metrics(struct sock *sk)
2018 + int m;
2019 +
2020 + sk_dst_confirm(sk);
2021 +- if (net->ipv4.sysctl_tcp_nometrics_save || !dst)
2022 ++ if (READ_ONCE(net->ipv4.sysctl_tcp_nometrics_save) || !dst)
2023 + return;
2024 +
2025 + rcu_read_lock();
2026 +@@ -385,7 +385,7 @@ void tcp_update_metrics(struct sock *sk)
2027 +
2028 + if (tcp_in_initial_slowstart(tp)) {
2029 + /* Slow start still did not finish. */
2030 +- if (!net->ipv4.sysctl_tcp_no_ssthresh_metrics_save &&
2031 ++ if (!READ_ONCE(net->ipv4.sysctl_tcp_no_ssthresh_metrics_save) &&
2032 + !tcp_metric_locked(tm, TCP_METRIC_SSTHRESH)) {
2033 + val = tcp_metric_get(tm, TCP_METRIC_SSTHRESH);
2034 + if (val && (tcp_snd_cwnd(tp) >> 1) > val)
2035 +@@ -401,7 +401,7 @@ void tcp_update_metrics(struct sock *sk)
2036 + } else if (!tcp_in_slow_start(tp) &&
2037 + icsk->icsk_ca_state == TCP_CA_Open) {
2038 + /* Cong. avoidance phase, cwnd is reliable. */
2039 +- if (!net->ipv4.sysctl_tcp_no_ssthresh_metrics_save &&
2040 ++ if (!READ_ONCE(net->ipv4.sysctl_tcp_no_ssthresh_metrics_save) &&
2041 + !tcp_metric_locked(tm, TCP_METRIC_SSTHRESH))
2042 + tcp_metric_set(tm, TCP_METRIC_SSTHRESH,
2043 + max(tcp_snd_cwnd(tp) >> 1, tp->snd_ssthresh));
2044 +@@ -418,7 +418,7 @@ void tcp_update_metrics(struct sock *sk)
2045 + tcp_metric_set(tm, TCP_METRIC_CWND,
2046 + (val + tp->snd_ssthresh) >> 1);
2047 + }
2048 +- if (!net->ipv4.sysctl_tcp_no_ssthresh_metrics_save &&
2049 ++ if (!READ_ONCE(net->ipv4.sysctl_tcp_no_ssthresh_metrics_save) &&
2050 + !tcp_metric_locked(tm, TCP_METRIC_SSTHRESH)) {
2051 + val = tcp_metric_get(tm, TCP_METRIC_SSTHRESH);
2052 + if (val && tp->snd_ssthresh > val)
2053 +@@ -463,7 +463,7 @@ void tcp_init_metrics(struct sock *sk)
2054 + if (tcp_metric_locked(tm, TCP_METRIC_CWND))
2055 + tp->snd_cwnd_clamp = tcp_metric_get(tm, TCP_METRIC_CWND);
2056 +
2057 +- val = net->ipv4.sysctl_tcp_no_ssthresh_metrics_save ?
2058 ++ val = READ_ONCE(net->ipv4.sysctl_tcp_no_ssthresh_metrics_save) ?
2059 + 0 : tcp_metric_get(tm, TCP_METRIC_SSTHRESH);
2060 + if (val) {
2061 + tp->snd_ssthresh = val;
2062 +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
2063 +index caf9283f9b0f9..9c9a0f7a3deea 100644
2064 +--- a/net/ipv4/tcp_output.c
2065 ++++ b/net/ipv4/tcp_output.c
2066 +@@ -167,16 +167,13 @@ static void tcp_event_data_sent(struct tcp_sock *tp,
2067 + if (tcp_packets_in_flight(tp) == 0)
2068 + tcp_ca_event(sk, CA_EVENT_TX_START);
2069 +
2070 +- /* If this is the first data packet sent in response to the
2071 +- * previous received data,
2072 +- * and it is a reply for ato after last received packet,
2073 +- * increase pingpong count.
2074 +- */
2075 +- if (before(tp->lsndtime, icsk->icsk_ack.lrcvtime) &&
2076 +- (u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato)
2077 +- inet_csk_inc_pingpong_cnt(sk);
2078 +-
2079 + tp->lsndtime = now;
2080 ++
2081 ++ /* If it is a reply for ato after last received
2082 ++ * packet, enter pingpong mode.
2083 ++ */
2084 ++ if ((u32)(now - icsk->icsk_ack.lrcvtime) < icsk->icsk_ack.ato)
2085 ++ inet_csk_enter_pingpong_mode(sk);
2086 + }
2087 +
2088 + /* Account for an ACK we sent. */
2089 +@@ -241,7 +238,7 @@ void tcp_select_initial_window(const struct sock *sk, int __space, __u32 mss,
2090 + *rcv_wscale = 0;
2091 + if (wscale_ok) {
2092 + /* Set window scaling on max possible window */
2093 +- space = max_t(u32, space, sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
2094 ++ space = max_t(u32, space, READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]));
2095 + space = max_t(u32, space, sysctl_rmem_max);
2096 + space = min_t(u32, space, *window_clamp);
2097 + *rcv_wscale = clamp_t(int, ilog2(space) - 15,
2098 +@@ -1989,7 +1986,7 @@ static u32 tcp_tso_segs(struct sock *sk, unsigned int mss_now)
2099 +
2100 + min_tso = ca_ops->min_tso_segs ?
2101 + ca_ops->min_tso_segs(sk) :
2102 +- sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs;
2103 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs);
2104 +
2105 + tso_segs = tcp_tso_autosize(sk, mss_now, min_tso);
2106 + return min_t(u32, tso_segs, sk->sk_gso_max_segs);
2107 +@@ -2506,7 +2503,7 @@ static bool tcp_small_queue_check(struct sock *sk, const struct sk_buff *skb,
2108 + sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift));
2109 + if (sk->sk_pacing_status == SK_PACING_NONE)
2110 + limit = min_t(unsigned long, limit,
2111 +- sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes);
2112 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes));
2113 + limit <<= factor;
2114 +
2115 + if (static_branch_unlikely(&tcp_tx_delay_enabled) &&
2116 +diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
2117 +index 7f695c39d9a8c..87c699d57b366 100644
2118 +--- a/net/ipv6/mcast.c
2119 ++++ b/net/ipv6/mcast.c
2120 +@@ -1522,7 +1522,6 @@ static void mld_query_work(struct work_struct *work)
2121 +
2122 + if (++cnt >= MLD_MAX_QUEUE) {
2123 + rework = true;
2124 +- schedule_delayed_work(&idev->mc_query_work, 0);
2125 + break;
2126 + }
2127 + }
2128 +@@ -1533,8 +1532,10 @@ static void mld_query_work(struct work_struct *work)
2129 + __mld_query_work(skb);
2130 + mutex_unlock(&idev->mc_lock);
2131 +
2132 +- if (!rework)
2133 +- in6_dev_put(idev);
2134 ++ if (rework && queue_delayed_work(mld_wq, &idev->mc_query_work, 0))
2135 ++ return;
2136 ++
2137 ++ in6_dev_put(idev);
2138 + }
2139 +
2140 + /* called with rcu_read_lock() */
2141 +@@ -1624,7 +1625,6 @@ static void mld_report_work(struct work_struct *work)
2142 +
2143 + if (++cnt >= MLD_MAX_QUEUE) {
2144 + rework = true;
2145 +- schedule_delayed_work(&idev->mc_report_work, 0);
2146 + break;
2147 + }
2148 + }
2149 +@@ -1635,8 +1635,10 @@ static void mld_report_work(struct work_struct *work)
2150 + __mld_report_work(skb);
2151 + mutex_unlock(&idev->mc_lock);
2152 +
2153 +- if (!rework)
2154 +- in6_dev_put(idev);
2155 ++ if (rework && queue_delayed_work(mld_wq, &idev->mc_report_work, 0))
2156 ++ return;
2157 ++
2158 ++ in6_dev_put(idev);
2159 + }
2160 +
2161 + static bool is_in(struct ifmcaddr6 *pmc, struct ip6_sf_list *psf, int type,
2162 +diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
2163 +index 6ac88fe24a8e0..135e3a060caa8 100644
2164 +--- a/net/ipv6/ping.c
2165 ++++ b/net/ipv6/ping.c
2166 +@@ -22,6 +22,11 @@
2167 + #include <linux/proc_fs.h>
2168 + #include <net/ping.h>
2169 +
2170 ++static void ping_v6_destroy(struct sock *sk)
2171 ++{
2172 ++ inet6_destroy_sock(sk);
2173 ++}
2174 ++
2175 + /* Compatibility glue so we can support IPv6 when it's compiled as a module */
2176 + static int dummy_ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len,
2177 + int *addr_len)
2178 +@@ -166,6 +171,7 @@ struct proto pingv6_prot = {
2179 + .owner = THIS_MODULE,
2180 + .init = ping_init_sock,
2181 + .close = ping_close,
2182 ++ .destroy = ping_v6_destroy,
2183 + .connect = ip6_datagram_connect_v6_only,
2184 + .disconnect = __udp_disconnect,
2185 + .setsockopt = ipv6_setsockopt,
2186 +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
2187 +index beaa0c2ada235..8ab39cf57d435 100644
2188 +--- a/net/ipv6/tcp_ipv6.c
2189 ++++ b/net/ipv6/tcp_ipv6.c
2190 +@@ -542,7 +542,7 @@ static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
2191 + if (np->repflow && ireq->pktopts)
2192 + fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
2193 +
2194 +- tclass = sock_net(sk)->ipv4.sysctl_tcp_reflect_tos ?
2195 ++ tclass = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos) ?
2196 + (tcp_rsk(req)->syn_tos & ~INET_ECN_MASK) |
2197 + (np->tclass & INET_ECN_MASK) :
2198 + np->tclass;
2199 +@@ -1364,7 +1364,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
2200 + /* Set ToS of the new socket based upon the value of incoming SYN.
2201 + * ECT bits are set later in tcp_init_transfer().
2202 + */
2203 +- if (sock_net(sk)->ipv4.sysctl_tcp_reflect_tos)
2204 ++ if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_reflect_tos))
2205 + newnp->tclass = tcp_rsk(req)->syn_tos & ~INET_ECN_MASK;
2206 +
2207 + /* Clone native IPv6 options from listening socket (if any)
2208 +diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
2209 +index d6def23b8cba0..7f96e0c42a090 100644
2210 +--- a/net/mptcp/protocol.c
2211 ++++ b/net/mptcp/protocol.c
2212 +@@ -1881,7 +1881,7 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
2213 + if (msk->rcvq_space.copied <= msk->rcvq_space.space)
2214 + goto new_measure;
2215 +
2216 +- if (sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf &&
2217 ++ if (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_moderate_rcvbuf) &&
2218 + !(sk->sk_userlocks & SOCK_RCVBUF_LOCK)) {
2219 + int rcvmem, rcvbuf;
2220 + u64 rcvwin, grow;
2221 +@@ -1899,7 +1899,7 @@ static void mptcp_rcv_space_adjust(struct mptcp_sock *msk, int copied)
2222 +
2223 + do_div(rcvwin, advmss);
2224 + rcvbuf = min_t(u64, rcvwin * rcvmem,
2225 +- sock_net(sk)->ipv4.sysctl_tcp_rmem[2]);
2226 ++ READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[2]));
2227 +
2228 + if (rcvbuf > sk->sk_rcvbuf) {
2229 + u32 window_clamp;
2230 +@@ -2532,8 +2532,8 @@ static int mptcp_init_sock(struct sock *sk)
2231 + icsk->icsk_ca_ops = NULL;
2232 +
2233 + sk_sockets_allocated_inc(sk);
2234 +- sk->sk_rcvbuf = sock_net(sk)->ipv4.sysctl_tcp_rmem[1];
2235 +- sk->sk_sndbuf = sock_net(sk)->ipv4.sysctl_tcp_wmem[1];
2236 ++ sk->sk_rcvbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_rmem[1]);
2237 ++ sk->sk_sndbuf = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_wmem[1]);
2238 +
2239 + return 0;
2240 + }
2241 +diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
2242 +index 8787d0613ad83..5329ebf19a18b 100644
2243 +--- a/net/netfilter/nfnetlink_queue.c
2244 ++++ b/net/netfilter/nfnetlink_queue.c
2245 +@@ -836,11 +836,16 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
2246 + }
2247 +
2248 + static int
2249 +-nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e, int diff)
2250 ++nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, int diff)
2251 + {
2252 + struct sk_buff *nskb;
2253 +
2254 + if (diff < 0) {
2255 ++ unsigned int min_len = skb_transport_offset(e->skb);
2256 ++
2257 ++ if (data_len < min_len)
2258 ++ return -EINVAL;
2259 ++
2260 + if (pskb_trim(e->skb, data_len))
2261 + return -ENOMEM;
2262 + } else if (diff > 0) {
2263 +diff --git a/net/sctp/associola.c b/net/sctp/associola.c
2264 +index be29da09cc7ab..3460abceba443 100644
2265 +--- a/net/sctp/associola.c
2266 ++++ b/net/sctp/associola.c
2267 +@@ -229,9 +229,8 @@ static struct sctp_association *sctp_association_init(
2268 + if (!sctp_ulpq_init(&asoc->ulpq, asoc))
2269 + goto fail_init;
2270 +
2271 +- if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams,
2272 +- 0, gfp))
2273 +- goto fail_init;
2274 ++ if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 0, gfp))
2275 ++ goto stream_free;
2276 +
2277 + /* Initialize default path MTU. */
2278 + asoc->pathmtu = sp->pathmtu;
2279 +diff --git a/net/sctp/stream.c b/net/sctp/stream.c
2280 +index 6dc95dcc0ff4f..ef9fceadef8d5 100644
2281 +--- a/net/sctp/stream.c
2282 ++++ b/net/sctp/stream.c
2283 +@@ -137,7 +137,7 @@ int sctp_stream_init(struct sctp_stream *stream, __u16 outcnt, __u16 incnt,
2284 +
2285 + ret = sctp_stream_alloc_out(stream, outcnt, gfp);
2286 + if (ret)
2287 +- goto out_err;
2288 ++ return ret;
2289 +
2290 + for (i = 0; i < stream->outcnt; i++)
2291 + SCTP_SO(stream, i)->state = SCTP_STREAM_OPEN;
2292 +@@ -145,22 +145,9 @@ int sctp_stream_init(struct sctp_stream *stream, __u16 outcnt, __u16 incnt,
2293 + handle_in:
2294 + sctp_stream_interleave_init(stream);
2295 + if (!incnt)
2296 +- goto out;
2297 +-
2298 +- ret = sctp_stream_alloc_in(stream, incnt, gfp);
2299 +- if (ret)
2300 +- goto in_err;
2301 +-
2302 +- goto out;
2303 ++ return 0;
2304 +
2305 +-in_err:
2306 +- sched->free(stream);
2307 +- genradix_free(&stream->in);
2308 +-out_err:
2309 +- genradix_free(&stream->out);
2310 +- stream->outcnt = 0;
2311 +-out:
2312 +- return ret;
2313 ++ return sctp_stream_alloc_in(stream, incnt, gfp);
2314 + }
2315 +
2316 + int sctp_stream_init_ext(struct sctp_stream *stream, __u16 sid)
2317 +diff --git a/net/sctp/stream_sched.c b/net/sctp/stream_sched.c
2318 +index 99e5f69fbb742..a2e1d34f52c5b 100644
2319 +--- a/net/sctp/stream_sched.c
2320 ++++ b/net/sctp/stream_sched.c
2321 +@@ -163,7 +163,7 @@ int sctp_sched_set_sched(struct sctp_association *asoc,
2322 + if (!SCTP_SO(&asoc->stream, i)->ext)
2323 + continue;
2324 +
2325 +- ret = n->init_sid(&asoc->stream, i, GFP_KERNEL);
2326 ++ ret = n->init_sid(&asoc->stream, i, GFP_ATOMIC);
2327 + if (ret)
2328 + goto err;
2329 + }
2330 +diff --git a/net/tipc/socket.c b/net/tipc/socket.c
2331 +index 43509c7e90fc2..f1c3b8eb4b3d3 100644
2332 +--- a/net/tipc/socket.c
2333 ++++ b/net/tipc/socket.c
2334 +@@ -517,7 +517,7 @@ static int tipc_sk_create(struct net *net, struct socket *sock,
2335 + timer_setup(&sk->sk_timer, tipc_sk_timeout, 0);
2336 + sk->sk_shutdown = 0;
2337 + sk->sk_backlog_rcv = tipc_sk_backlog_rcv;
2338 +- sk->sk_rcvbuf = sysctl_tipc_rmem[1];
2339 ++ sk->sk_rcvbuf = READ_ONCE(sysctl_tipc_rmem[1]);
2340 + sk->sk_data_ready = tipc_data_ready;
2341 + sk->sk_write_space = tipc_write_space;
2342 + sk->sk_destruct = tipc_sock_destruct;
2343 +diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
2344 +index 4e33150cfb9e1..cf75969375cfa 100644
2345 +--- a/net/tls/tls_device.c
2346 ++++ b/net/tls/tls_device.c
2347 +@@ -1351,8 +1351,13 @@ static int tls_device_down(struct net_device *netdev)
2348 + * by tls_device_free_ctx. rx_conf and tx_conf stay in TLS_HW.
2349 + * Now release the ref taken above.
2350 + */
2351 +- if (refcount_dec_and_test(&ctx->refcount))
2352 ++ if (refcount_dec_and_test(&ctx->refcount)) {
2353 ++ /* sk_destruct ran after tls_device_down took a ref, and
2354 ++ * it returned early. Complete the destruction here.
2355 ++ */
2356 ++ list_del(&ctx->list);
2357 + tls_device_free_ctx(ctx);
2358 ++ }
2359 + }
2360 +
2361 + up_write(&device_offload_lock);
2362 +diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
2363 +index ecd377938eea8..ef6ced5c5746a 100644
2364 +--- a/tools/perf/util/symbol-elf.c
2365 ++++ b/tools/perf/util/symbol-elf.c
2366 +@@ -233,6 +233,33 @@ Elf_Scn *elf_section_by_name(Elf *elf, GElf_Ehdr *ep,
2367 + return NULL;
2368 + }
2369 +
2370 ++static int elf_read_program_header(Elf *elf, u64 vaddr, GElf_Phdr *phdr)
2371 ++{
2372 ++ size_t i, phdrnum;
2373 ++ u64 sz;
2374 ++
2375 ++ if (elf_getphdrnum(elf, &phdrnum))
2376 ++ return -1;
2377 ++
2378 ++ for (i = 0; i < phdrnum; i++) {
2379 ++ if (gelf_getphdr(elf, i, phdr) == NULL)
2380 ++ return -1;
2381 ++
2382 ++ if (phdr->p_type != PT_LOAD)
2383 ++ continue;
2384 ++
2385 ++ sz = max(phdr->p_memsz, phdr->p_filesz);
2386 ++ if (!sz)
2387 ++ continue;
2388 ++
2389 ++ if (vaddr >= phdr->p_vaddr && (vaddr < phdr->p_vaddr + sz))
2390 ++ return 0;
2391 ++ }
2392 ++
2393 ++ /* Not found any valid program header */
2394 ++ return -1;
2395 ++}
2396 ++
2397 + static bool want_demangle(bool is_kernel_sym)
2398 + {
2399 + return is_kernel_sym ? symbol_conf.demangle_kernel : symbol_conf.demangle;
2400 +@@ -1209,6 +1236,7 @@ dso__load_sym_internal(struct dso *dso, struct map *map, struct symsrc *syms_ss,
2401 + sym.st_value);
2402 + used_opd = true;
2403 + }
2404 ++
2405 + /*
2406 + * When loading symbols in a data mapping, ABS symbols (which
2407 + * has a value of SHN_ABS in its st_shndx) failed at
2408 +@@ -1262,11 +1290,20 @@ dso__load_sym_internal(struct dso *dso, struct map *map, struct symsrc *syms_ss,
2409 + goto out_elf_end;
2410 + } else if ((used_opd && runtime_ss->adjust_symbols) ||
2411 + (!used_opd && syms_ss->adjust_symbols)) {
2412 ++ GElf_Phdr phdr;
2413 ++
2414 ++ if (elf_read_program_header(syms_ss->elf,
2415 ++ (u64)sym.st_value, &phdr)) {
2416 ++ pr_warning("%s: failed to find program header for "
2417 ++ "symbol: %s st_value: %#" PRIx64 "\n",
2418 ++ __func__, elf_name, (u64)sym.st_value);
2419 ++ continue;
2420 ++ }
2421 + pr_debug4("%s: adjusting symbol: st_value: %#" PRIx64 " "
2422 +- "sh_addr: %#" PRIx64 " sh_offset: %#" PRIx64 "\n", __func__,
2423 +- (u64)sym.st_value, (u64)shdr.sh_addr,
2424 +- (u64)shdr.sh_offset);
2425 +- sym.st_value -= shdr.sh_addr - shdr.sh_offset;
2426 ++ "p_vaddr: %#" PRIx64 " p_offset: %#" PRIx64 "\n",
2427 ++ __func__, (u64)sym.st_value, (u64)phdr.p_vaddr,
2428 ++ (u64)phdr.p_offset);
2429 ++ sym.st_value -= phdr.p_vaddr - phdr.p_offset;
2430 + }
2431 +
2432 + demangled = demangle_sym(dso, kmodule, elf_name);
Report Message
Find on MARC Find on Google Groups