Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.14 commit in: /
Date: Wed, 05 Aug 2020 14:58:02
Message-Id: 1596639463.bd6577cda5271fe9e525c3408f74d51aa6be8454.whissi@gentoo
1 commit: bd6577cda5271fe9e525c3408f74d51aa6be8454
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Wed Aug 5 14:57:43 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Wed Aug 5 14:57:43 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=bd6577cd
7
8 Linux patch 4.14.192
9
10 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
11
12 0000_README | 4 +
13 1191_linux-4.14.192.patch | 1244 +++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1248 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index a0f0dc8..c4718ce 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -807,6 +807,10 @@ Patch: 1190_linux-4.14.191.patch
21 From: https://www.kernel.org
22 Desc: Linux 4.14.191
23
24 +Patch: 1191_linux-4.14.192.patch
25 +From: https://www.kernel.org
26 +Desc: Linux 4.14.192
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1191_linux-4.14.192.patch b/1191_linux-4.14.192.patch
33 new file mode 100644
34 index 0000000..87bec01
35 --- /dev/null
36 +++ b/1191_linux-4.14.192.patch
37 @@ -0,0 +1,1244 @@
38 +diff --git a/Makefile b/Makefile
39 +index e31c1ce12895..60570fad811e 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 4
45 + PATCHLEVEL = 14
46 +-SUBLEVEL = 191
47 ++SUBLEVEL = 192
48 + EXTRAVERSION =
49 + NAME = Petit Gorille
50 +
51 +diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
52 +index af2a7f1e3103..a30f656f791f 100644
53 +--- a/arch/arm/kernel/hw_breakpoint.c
54 ++++ b/arch/arm/kernel/hw_breakpoint.c
55 +@@ -688,6 +688,12 @@ static void disable_single_step(struct perf_event *bp)
56 + arch_install_hw_breakpoint(bp);
57 + }
58 +
59 ++static int watchpoint_fault_on_uaccess(struct pt_regs *regs,
60 ++ struct arch_hw_breakpoint *info)
61 ++{
62 ++ return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER;
63 ++}
64 ++
65 + static void watchpoint_handler(unsigned long addr, unsigned int fsr,
66 + struct pt_regs *regs)
67 + {
68 +@@ -747,16 +753,27 @@ static void watchpoint_handler(unsigned long addr, unsigned int fsr,
69 + }
70 +
71 + pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
72 ++
73 ++ /*
74 ++ * If we triggered a user watchpoint from a uaccess routine,
75 ++ * then handle the stepping ourselves since userspace really
76 ++ * can't help us with this.
77 ++ */
78 ++ if (watchpoint_fault_on_uaccess(regs, info))
79 ++ goto step;
80 ++
81 + perf_bp_event(wp, regs);
82 +
83 + /*
84 +- * If no overflow handler is present, insert a temporary
85 +- * mismatch breakpoint so we can single-step over the
86 +- * watchpoint trigger.
87 ++ * Defer stepping to the overflow handler if one is installed.
88 ++ * Otherwise, insert a temporary mismatch breakpoint so that
89 ++ * we can single-step over the watchpoint trigger.
90 + */
91 +- if (is_default_overflow_handler(wp))
92 +- enable_single_step(wp, instruction_pointer(regs));
93 ++ if (!is_default_overflow_handler(wp))
94 ++ goto unlock;
95 +
96 ++step:
97 ++ enable_single_step(wp, instruction_pointer(regs));
98 + unlock:
99 + rcu_read_unlock();
100 + }
101 +diff --git a/arch/arm64/include/asm/alternative.h b/arch/arm64/include/asm/alternative.h
102 +index 1824768fb1ee..3abb2dacb43f 100644
103 +--- a/arch/arm64/include/asm/alternative.h
104 ++++ b/arch/arm64/include/asm/alternative.h
105 +@@ -72,9 +72,9 @@ void apply_alternatives(void *start, size_t length);
106 + "663:\n\t" \
107 + newinstr "\n" \
108 + "664:\n\t" \
109 +- ".previous\n\t" \
110 + ".org . - (664b-663b) + (662b-661b)\n\t" \
111 +- ".org . - (662b-661b) + (664b-663b)\n" \
112 ++ ".org . - (662b-661b) + (664b-663b)\n\t" \
113 ++ ".previous\n" \
114 + ".endif\n"
115 +
116 + #define __ALTERNATIVE_CFG_CB(oldinstr, feature, cfg_enabled, cb) \
117 +diff --git a/arch/arm64/include/asm/checksum.h b/arch/arm64/include/asm/checksum.h
118 +index 0b6f5a7d4027..fd11e0d70e44 100644
119 +--- a/arch/arm64/include/asm/checksum.h
120 ++++ b/arch/arm64/include/asm/checksum.h
121 +@@ -30,16 +30,17 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
122 + {
123 + __uint128_t tmp;
124 + u64 sum;
125 ++ int n = ihl; /* we want it signed */
126 +
127 + tmp = *(const __uint128_t *)iph;
128 + iph += 16;
129 +- ihl -= 4;
130 ++ n -= 4;
131 + tmp += ((tmp >> 64) | (tmp << 64));
132 + sum = tmp >> 64;
133 + do {
134 + sum += *(const u32 *)iph;
135 + iph += 4;
136 +- } while (--ihl);
137 ++ } while (--n > 0);
138 +
139 + sum += ((sum >> 32) | (sum << 32));
140 + return csum_fold((__force u32)(sum >> 32));
141 +diff --git a/arch/parisc/include/asm/cmpxchg.h b/arch/parisc/include/asm/cmpxchg.h
142 +index ab5c215cf46c..068958575871 100644
143 +--- a/arch/parisc/include/asm/cmpxchg.h
144 ++++ b/arch/parisc/include/asm/cmpxchg.h
145 +@@ -60,6 +60,7 @@ extern void __cmpxchg_called_with_bad_pointer(void);
146 + extern unsigned long __cmpxchg_u32(volatile unsigned int *m, unsigned int old,
147 + unsigned int new_);
148 + extern u64 __cmpxchg_u64(volatile u64 *ptr, u64 old, u64 new_);
149 ++extern u8 __cmpxchg_u8(volatile u8 *ptr, u8 old, u8 new_);
150 +
151 + /* don't worry...optimizer will get rid of most of this */
152 + static inline unsigned long
153 +@@ -71,6 +72,7 @@ __cmpxchg(volatile void *ptr, unsigned long old, unsigned long new_, int size)
154 + #endif
155 + case 4: return __cmpxchg_u32((unsigned int *)ptr,
156 + (unsigned int)old, (unsigned int)new_);
157 ++ case 1: return __cmpxchg_u8((u8 *)ptr, (u8)old, (u8)new_);
158 + }
159 + __cmpxchg_called_with_bad_pointer();
160 + return old;
161 +diff --git a/arch/parisc/lib/bitops.c b/arch/parisc/lib/bitops.c
162 +index 70ffbcf889b8..2e4d1f05a926 100644
163 +--- a/arch/parisc/lib/bitops.c
164 ++++ b/arch/parisc/lib/bitops.c
165 +@@ -79,3 +79,15 @@ unsigned long __cmpxchg_u32(volatile unsigned int *ptr, unsigned int old, unsign
166 + _atomic_spin_unlock_irqrestore(ptr, flags);
167 + return (unsigned long)prev;
168 + }
169 ++
170 ++u8 __cmpxchg_u8(volatile u8 *ptr, u8 old, u8 new)
171 ++{
172 ++ unsigned long flags;
173 ++ u8 prev;
174 ++
175 ++ _atomic_spin_lock_irqsave(ptr, flags);
176 ++ if ((prev = *ptr) == old)
177 ++ *ptr = new;
178 ++ _atomic_spin_unlock_irqrestore(ptr, flags);
179 ++ return prev;
180 ++}
181 +diff --git a/arch/sh/kernel/entry-common.S b/arch/sh/kernel/entry-common.S
182 +index 28cc61216b64..ed5b758c650d 100644
183 +--- a/arch/sh/kernel/entry-common.S
184 ++++ b/arch/sh/kernel/entry-common.S
185 +@@ -203,7 +203,7 @@ syscall_trace_entry:
186 + mov.l @(OFF_R7,r15), r7 ! arg3
187 + mov.l @(OFF_R3,r15), r3 ! syscall_nr
188 + !
189 +- mov.l 2f, r10 ! Number of syscalls
190 ++ mov.l 6f, r10 ! Number of syscalls
191 + cmp/hs r10, r3
192 + bf syscall_call
193 + mov #-ENOSYS, r0
194 +@@ -357,7 +357,7 @@ ENTRY(system_call)
195 + tst r9, r8
196 + bf syscall_trace_entry
197 + !
198 +- mov.l 2f, r8 ! Number of syscalls
199 ++ mov.l 6f, r8 ! Number of syscalls
200 + cmp/hs r8, r3
201 + bt syscall_badsys
202 + !
203 +@@ -396,7 +396,7 @@ syscall_exit:
204 + #if !defined(CONFIG_CPU_SH2)
205 + 1: .long TRA
206 + #endif
207 +-2: .long NR_syscalls
208 ++6: .long NR_syscalls
209 + 3: .long sys_call_table
210 + 7: .long do_syscall_trace_enter
211 + 8: .long do_syscall_trace_leave
212 +diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
213 +index 02abc134367f..f7833ae4e3f1 100644
214 +--- a/arch/x86/kernel/i8259.c
215 ++++ b/arch/x86/kernel/i8259.c
216 +@@ -206,7 +206,7 @@ spurious_8259A_irq:
217 + * lets ACK and report it. [once per IRQ]
218 + */
219 + if (!(spurious_irq_mask & irqmask)) {
220 +- printk(KERN_DEBUG
221 ++ printk_deferred(KERN_DEBUG
222 + "spurious 8259A interrupt: IRQ%d.\n", irq);
223 + spurious_irq_mask |= irqmask;
224 + }
225 +diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
226 +index a9a55e76a43f..a5e2ce931f69 100644
227 +--- a/arch/x86/kernel/unwind_orc.c
228 ++++ b/arch/x86/kernel/unwind_orc.c
229 +@@ -346,8 +346,11 @@ bool unwind_next_frame(struct unwind_state *state)
230 + /*
231 + * Find the orc_entry associated with the text address.
232 + *
233 +- * Decrement call return addresses by one so they work for sibling
234 +- * calls and calls to noreturn functions.
235 ++ * For a call frame (as opposed to a signal frame), state->ip points to
236 ++ * the instruction after the call. That instruction's stack layout
237 ++ * could be different from the call instruction's layout, for example
238 ++ * if the call was to a noreturn function. So get the ORC data for the
239 ++ * call instruction itself.
240 + */
241 + orc = orc_find(state->signal ? state->ip : state->ip - 1);
242 + if (!orc || orc->sp_reg == ORC_REG_UNDEFINED)
243 +@@ -550,6 +553,7 @@ void __unwind_start(struct unwind_state *state, struct task_struct *task,
244 + state->sp = task->thread.sp;
245 + state->bp = READ_ONCE_NOCHECK(frame->bp);
246 + state->ip = READ_ONCE_NOCHECK(frame->ret_addr);
247 ++ state->signal = (void *)state->ip == ret_from_fork;
248 + }
249 +
250 + if (get_stack_info((unsigned long *)state->sp, state->task,
251 +diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
252 +index 8d8e33b720b4..d3dc8bc6b3ad 100644
253 +--- a/arch/x86/kernel/vmlinux.lds.S
254 ++++ b/arch/x86/kernel/vmlinux.lds.S
255 +@@ -352,7 +352,8 @@ SECTIONS
256 + .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
257 + __bss_start = .;
258 + *(.bss..page_aligned)
259 +- *(.bss)
260 ++ . = ALIGN(PAGE_SIZE);
261 ++ *(BSS_MAIN)
262 + . = ALIGN(PAGE_SIZE);
263 + __bss_stop = .;
264 + }
265 +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
266 +index 537c36b55b5d..d4fdf0e52144 100644
267 +--- a/arch/x86/kvm/lapic.c
268 ++++ b/arch/x86/kvm/lapic.c
269 +@@ -1918,7 +1918,7 @@ void kvm_set_lapic_tscdeadline_msr(struct kvm_vcpu *vcpu, u64 data)
270 + {
271 + struct kvm_lapic *apic = vcpu->arch.apic;
272 +
273 +- if (!lapic_in_kernel(vcpu) || apic_lvtt_oneshot(apic) ||
274 ++ if (!kvm_apic_present(vcpu) || apic_lvtt_oneshot(apic) ||
275 + apic_lvtt_period(apic))
276 + return;
277 +
278 +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
279 +index 09f47c837c25..3aed03942d7d 100644
280 +--- a/arch/x86/kvm/x86.c
281 ++++ b/arch/x86/kvm/x86.c
282 +@@ -3075,6 +3075,9 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu)
283 + if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED))
284 + return;
285 +
286 ++ if (vcpu->arch.st.steal.preempted)
287 ++ return;
288 ++
289 + vcpu->arch.st.steal.preempted = 1;
290 +
291 + kvm_write_guest_offset_cached(vcpu->kvm, &vcpu->arch.st.stime,
292 +diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
293 +index 330853a2702f..43b74cf0787e 100644
294 +--- a/drivers/crypto/ccp/ccp-ops.c
295 ++++ b/drivers/crypto/ccp/ccp-ops.c
296 +@@ -1783,8 +1783,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
297 + LSB_ITEM_SIZE);
298 + break;
299 + default:
300 ++ kfree(hmac_buf);
301 + ret = -EINVAL;
302 +- goto e_ctx;
303 ++ goto e_data;
304 + }
305 +
306 + memset(&hmac_cmd, 0, sizeof(hmac_cmd));
307 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
308 +index c93e72d8ac5f..22d9ec80a2ff 100644
309 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
310 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
311 +@@ -527,8 +527,9 @@ static int amdgpu_info_ioctl(struct drm_device *dev, void *data, struct drm_file
312 + return n ? -EFAULT : 0;
313 + }
314 + case AMDGPU_INFO_DEV_INFO: {
315 +- struct drm_amdgpu_info_device dev_info = {};
316 ++ struct drm_amdgpu_info_device dev_info;
317 +
318 ++ memset(&dev_info, 0, sizeof(dev_info));
319 + dev_info.device_id = dev->pdev->device;
320 + dev_info.chip_rev = adev->rev_id;
321 + dev_info.external_rev = adev->external_rev_id;
322 +diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c
323 +index d2c042af36b8..470a79eef254 100644
324 +--- a/drivers/gpu/drm/drm_gem.c
325 ++++ b/drivers/gpu/drm/drm_gem.c
326 +@@ -730,9 +730,6 @@ err:
327 + * @file_priv: drm file-private structure
328 + *
329 + * Open an object using the global name, returning a handle and the size.
330 +- *
331 +- * This handle (of course) holds a reference to the object, so the object
332 +- * will not go away until the handle is deleted.
333 + */
334 + int
335 + drm_gem_open_ioctl(struct drm_device *dev, void *data,
336 +@@ -757,14 +754,15 @@ drm_gem_open_ioctl(struct drm_device *dev, void *data,
337 +
338 + /* drm_gem_handle_create_tail unlocks dev->object_name_lock. */
339 + ret = drm_gem_handle_create_tail(file_priv, obj, &handle);
340 +- drm_gem_object_put_unlocked(obj);
341 + if (ret)
342 +- return ret;
343 ++ goto err;
344 +
345 + args->handle = handle;
346 + args->size = obj->size;
347 +
348 +- return 0;
349 ++err:
350 ++ drm_gem_object_put_unlocked(obj);
351 ++ return ret;
352 + }
353 +
354 + /**
355 +diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c
356 +index d917cefc5a19..b13605718291 100644
357 +--- a/drivers/i2c/busses/i2c-cadence.c
358 ++++ b/drivers/i2c/busses/i2c-cadence.c
359 +@@ -382,10 +382,8 @@ static void cdns_i2c_mrecv(struct cdns_i2c *id)
360 + * Check for the message size against FIFO depth and set the
361 + * 'hold bus' bit if it is greater than FIFO depth.
362 + */
363 +- if ((id->recv_count > CDNS_I2C_FIFO_DEPTH) || id->bus_hold_flag)
364 ++ if (id->recv_count > CDNS_I2C_FIFO_DEPTH)
365 + ctrl_reg |= CDNS_I2C_CR_HOLD;
366 +- else
367 +- ctrl_reg = ctrl_reg & ~CDNS_I2C_CR_HOLD;
368 +
369 + cdns_i2c_writereg(ctrl_reg, CDNS_I2C_CR_OFFSET);
370 +
371 +@@ -442,11 +440,8 @@ static void cdns_i2c_msend(struct cdns_i2c *id)
372 + * Check for the message size against FIFO depth and set the
373 + * 'hold bus' bit if it is greater than FIFO depth.
374 + */
375 +- if ((id->send_count > CDNS_I2C_FIFO_DEPTH) || id->bus_hold_flag)
376 ++ if (id->send_count > CDNS_I2C_FIFO_DEPTH)
377 + ctrl_reg |= CDNS_I2C_CR_HOLD;
378 +- else
379 +- ctrl_reg = ctrl_reg & ~CDNS_I2C_CR_HOLD;
380 +-
381 + cdns_i2c_writereg(ctrl_reg, CDNS_I2C_CR_OFFSET);
382 +
383 + /* Clear the interrupts in interrupt status register. */
384 +diff --git a/drivers/iio/imu/adis16400_buffer.c b/drivers/iio/imu/adis16400_buffer.c
385 +index e70a5339acb1..3fc11aec98b9 100644
386 +--- a/drivers/iio/imu/adis16400_buffer.c
387 ++++ b/drivers/iio/imu/adis16400_buffer.c
388 +@@ -38,8 +38,11 @@ int adis16400_update_scan_mode(struct iio_dev *indio_dev,
389 + return -ENOMEM;
390 +
391 + adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL);
392 +- if (!adis->buffer)
393 ++ if (!adis->buffer) {
394 ++ kfree(adis->xfer);
395 ++ adis->xfer = NULL;
396 + return -ENOMEM;
397 ++ }
398 +
399 + tx = adis->buffer + burst_length;
400 + tx[0] = ADIS_READ_REG(ADIS16400_GLOB_CMD);
401 +diff --git a/drivers/media/pci/cx23885/cx23888-ir.c b/drivers/media/pci/cx23885/cx23888-ir.c
402 +index 040323b0f945..f63a7e6f272c 100644
403 +--- a/drivers/media/pci/cx23885/cx23888-ir.c
404 ++++ b/drivers/media/pci/cx23885/cx23888-ir.c
405 +@@ -1178,8 +1178,11 @@ int cx23888_ir_probe(struct cx23885_dev *dev)
406 + return -ENOMEM;
407 +
408 + spin_lock_init(&state->rx_kfifo_lock);
409 +- if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE, GFP_KERNEL))
410 ++ if (kfifo_alloc(&state->rx_kfifo, CX23888_IR_RX_KFIFO_SIZE,
411 ++ GFP_KERNEL)) {
412 ++ kfree(state);
413 + return -ENOMEM;
414 ++ }
415 +
416 + state->dev = dev;
417 + sd = &state->sd;
418 +diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c
419 +index 0a5c4c7da505..006f8b8aaa7d 100644
420 +--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
421 ++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
422 +@@ -1812,6 +1812,7 @@ static inline int uld_send(struct adapter *adap, struct sk_buff *skb,
423 + txq_info = adap->sge.uld_txq_info[tx_uld_type];
424 + if (unlikely(!txq_info)) {
425 + WARN_ON(true);
426 ++ kfree_skb(skb);
427 + return NET_XMIT_DROP;
428 + }
429 +
430 +diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c
431 +index 85c11dafb4cd..8b8a0c4fbc99 100644
432 +--- a/drivers/net/ethernet/ibm/ibmvnic.c
433 ++++ b/drivers/net/ethernet/ibm/ibmvnic.c
434 +@@ -2324,7 +2324,7 @@ req_rx_irq_failed:
435 + req_tx_irq_failed:
436 + for (j = 0; j < i; j++) {
437 + free_irq(adapter->tx_scrq[j]->irq, adapter->tx_scrq[j]);
438 +- irq_dispose_mapping(adapter->rx_scrq[j]->irq);
439 ++ irq_dispose_mapping(adapter->tx_scrq[j]->irq);
440 + }
441 + release_sub_crqs(adapter);
442 + return rc;
443 +diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
444 +index cf9011bb6e0f..c6660b61e836 100644
445 +--- a/drivers/net/ethernet/mellanox/mlx4/main.c
446 ++++ b/drivers/net/ethernet/mellanox/mlx4/main.c
447 +@@ -4190,12 +4190,14 @@ end:
448 + static void mlx4_shutdown(struct pci_dev *pdev)
449 + {
450 + struct mlx4_dev_persistent *persist = pci_get_drvdata(pdev);
451 ++ struct mlx4_dev *dev = persist->dev;
452 +
453 + mlx4_info(persist->dev, "mlx4_shutdown was called\n");
454 + mutex_lock(&persist->interface_state_mutex);
455 + if (persist->interface_state & MLX4_INTERFACE_STATE_UP)
456 + mlx4_unload_one(pdev);
457 + mutex_unlock(&persist->interface_state_mutex);
458 ++ mlx4_pci_disable_device(dev);
459 + }
460 +
461 + static const struct pci_error_handlers mlx4_err_handler = {
462 +diff --git a/drivers/net/ethernet/mellanox/mlxsw/core.c b/drivers/net/ethernet/mellanox/mlxsw/core.c
463 +index 96f9f267d16d..dc12ab33afff 100644
464 +--- a/drivers/net/ethernet/mellanox/mlxsw/core.c
465 ++++ b/drivers/net/ethernet/mellanox/mlxsw/core.c
466 +@@ -1361,7 +1361,7 @@ static int mlxsw_core_reg_access_emad(struct mlxsw_core *mlxsw_core,
467 + err = mlxsw_emad_reg_access(mlxsw_core, reg, payload, type, trans,
468 + bulk_list, cb, cb_priv, tid);
469 + if (err) {
470 +- kfree(trans);
471 ++ kfree_rcu(trans, rcu);
472 + return err;
473 + }
474 + return 0;
475 +@@ -1574,11 +1574,13 @@ void mlxsw_core_skb_receive(struct mlxsw_core *mlxsw_core, struct sk_buff *skb,
476 + break;
477 + }
478 + }
479 +- rcu_read_unlock();
480 +- if (!found)
481 ++ if (!found) {
482 ++ rcu_read_unlock();
483 + goto drop;
484 ++ }
485 +
486 + rxl->func(skb, local_port, rxl_item->priv);
487 ++ rcu_read_unlock();
488 + return;
489 +
490 + drop:
491 +diff --git a/drivers/net/ethernet/qlogic/qed/qed_int.c b/drivers/net/ethernet/qlogic/qed/qed_int.c
492 +index c5d9f290ec4c..f8d1d02a3cd4 100644
493 +--- a/drivers/net/ethernet/qlogic/qed/qed_int.c
494 ++++ b/drivers/net/ethernet/qlogic/qed/qed_int.c
495 +@@ -1015,7 +1015,8 @@ static int qed_int_attentions(struct qed_hwfn *p_hwfn)
496 + index, attn_bits, attn_acks, asserted_bits,
497 + deasserted_bits, p_sb_attn_sw->known_attn);
498 + } else if (asserted_bits == 0x100) {
499 +- DP_INFO(p_hwfn, "MFW indication via attention\n");
500 ++ DP_VERBOSE(p_hwfn, NETIF_MSG_INTR,
501 ++ "MFW indication via attention\n");
502 + } else {
503 + DP_VERBOSE(p_hwfn, NETIF_MSG_INTR,
504 + "MFW indication [deassertion]\n");
505 +diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c
506 +index d73617cc3b15..9f4d93a16b7e 100644
507 +--- a/drivers/net/ethernet/renesas/ravb_main.c
508 ++++ b/drivers/net/ethernet/renesas/ravb_main.c
509 +@@ -1482,6 +1482,7 @@ static void ravb_tx_timeout_work(struct work_struct *work)
510 + struct ravb_private *priv = container_of(work, struct ravb_private,
511 + work);
512 + struct net_device *ndev = priv->ndev;
513 ++ int error;
514 +
515 + netif_tx_stop_all_queues(ndev);
516 +
517 +@@ -1490,15 +1491,36 @@ static void ravb_tx_timeout_work(struct work_struct *work)
518 + ravb_ptp_stop(ndev);
519 +
520 + /* Wait for DMA stopping */
521 +- ravb_stop_dma(ndev);
522 ++ if (ravb_stop_dma(ndev)) {
523 ++ /* If ravb_stop_dma() fails, the hardware is still operating
524 ++ * for TX and/or RX. So, this should not call the following
525 ++ * functions because ravb_dmac_init() is possible to fail too.
526 ++ * Also, this should not retry ravb_stop_dma() again and again
527 ++ * here because it's possible to wait forever. So, this just
528 ++ * re-enables the TX and RX and skip the following
529 ++ * re-initialization procedure.
530 ++ */
531 ++ ravb_rcv_snd_enable(ndev);
532 ++ goto out;
533 ++ }
534 +
535 + ravb_ring_free(ndev, RAVB_BE);
536 + ravb_ring_free(ndev, RAVB_NC);
537 +
538 + /* Device init */
539 +- ravb_dmac_init(ndev);
540 ++ error = ravb_dmac_init(ndev);
541 ++ if (error) {
542 ++ /* If ravb_dmac_init() fails, descriptors are freed. So, this
543 ++ * should return here to avoid re-enabling the TX and RX in
544 ++ * ravb_emac_init().
545 ++ */
546 ++ netdev_err(ndev, "%s: ravb_dmac_init() failed, error %d\n",
547 ++ __func__, error);
548 ++ return;
549 ++ }
550 + ravb_emac_init(ndev);
551 +
552 ++out:
553 + /* Initialise PTP Clock driver */
554 + if (priv->chip_id == RCAR_GEN2)
555 + ravb_ptp_init(ndev, priv->pdev);
556 +diff --git a/drivers/net/phy/mdio-bcm-unimac.c b/drivers/net/phy/mdio-bcm-unimac.c
557 +index 52703bbd4d66..df75efa96a7d 100644
558 +--- a/drivers/net/phy/mdio-bcm-unimac.c
559 ++++ b/drivers/net/phy/mdio-bcm-unimac.c
560 +@@ -237,6 +237,8 @@ static int unimac_mdio_probe(struct platform_device *pdev)
561 + return -ENOMEM;
562 +
563 + r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
564 ++ if (!r)
565 ++ return -EINVAL;
566 +
567 + /* Just ioremap, as this MDIO block is usually integrated into an
568 + * Ethernet MAC controller register range
569 +diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
570 +index 6597d1f8d68c..7988c41bff1d 100644
571 +--- a/drivers/net/usb/hso.c
572 ++++ b/drivers/net/usb/hso.c
573 +@@ -1402,8 +1402,9 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old)
574 + unsigned long flags;
575 +
576 + if (old)
577 +- hso_dbg(0x16, "Termios called with: cflags new[%d] - old[%d]\n",
578 +- tty->termios.c_cflag, old->c_cflag);
579 ++ hso_dbg(0x16, "Termios called with: cflags new[%u] - old[%u]\n",
580 ++ (unsigned int)tty->termios.c_cflag,
581 ++ (unsigned int)old->c_cflag);
582 +
583 + /* the actual setup */
584 + spin_lock_irqsave(&serial->serial_lock, flags);
585 +diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c
586 +index b179a96ea08c..895f307979c8 100644
587 +--- a/drivers/net/usb/lan78xx.c
588 ++++ b/drivers/net/usb/lan78xx.c
589 +@@ -3629,6 +3629,11 @@ static int lan78xx_probe(struct usb_interface *intf,
590 + netdev->max_mtu = MAX_SINGLE_PACKET_SIZE;
591 + netif_set_gso_max_size(netdev, MAX_SINGLE_PACKET_SIZE - MAX_HEADER);
592 +
593 ++ if (intf->cur_altsetting->desc.bNumEndpoints < 3) {
594 ++ ret = -ENODEV;
595 ++ goto out3;
596 ++ }
597 ++
598 + dev->ep_blkin = (intf->cur_altsetting)->endpoint + 0;
599 + dev->ep_blkout = (intf->cur_altsetting)->endpoint + 1;
600 + dev->ep_intr = (intf->cur_altsetting)->endpoint + 2;
601 +@@ -3653,6 +3658,7 @@ static int lan78xx_probe(struct usb_interface *intf,
602 + usb_fill_int_urb(dev->urb_intr, dev->udev,
603 + dev->pipe_intr, buf, maxp,
604 + intr_complete, dev, period);
605 ++ dev->urb_intr->transfer_flags |= URB_FREE_BUFFER;
606 + }
607 + }
608 +
609 +diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
610 +index d2e062eaf561..f705f0e1cb5b 100644
611 +--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
612 ++++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
613 +@@ -173,6 +173,7 @@ static int htc_config_pipe_credits(struct htc_target *target)
614 + time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
615 + if (!time_left) {
616 + dev_err(target->dev, "HTC credit config timeout\n");
617 ++ kfree_skb(skb);
618 + return -ETIMEDOUT;
619 + }
620 +
621 +@@ -208,6 +209,7 @@ static int htc_setup_complete(struct htc_target *target)
622 + time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
623 + if (!time_left) {
624 + dev_err(target->dev, "HTC start timeout\n");
625 ++ kfree_skb(skb);
626 + return -ETIMEDOUT;
627 + }
628 +
629 +@@ -280,6 +282,7 @@ int htc_connect_service(struct htc_target *target,
630 + if (!time_left) {
631 + dev_err(target->dev, "Service connection timeout for: %d\n",
632 + service_connreq->service_id);
633 ++ kfree_skb(skb);
634 + return -ETIMEDOUT;
635 + }
636 +
637 +diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c
638 +index f57f48e4d7a0..4b68804f3742 100644
639 +--- a/drivers/net/wireless/ath/ath9k/wmi.c
640 ++++ b/drivers/net/wireless/ath/ath9k/wmi.c
641 +@@ -338,6 +338,7 @@ int ath9k_wmi_cmd(struct wmi *wmi, enum wmi_cmd_id cmd_id,
642 + ath_dbg(common, WMI, "Timeout waiting for WMI command: %s\n",
643 + wmi_cmd_to_name(cmd_id));
644 + mutex_unlock(&wmi->op_mutex);
645 ++ kfree_skb(skb);
646 + return -ETIMEDOUT;
647 + }
648 +
649 +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
650 +index 91bf86cee273..1131397454bd 100644
651 +--- a/drivers/net/xen-netfront.c
652 ++++ b/drivers/net/xen-netfront.c
653 +@@ -63,6 +63,8 @@ module_param_named(max_queues, xennet_max_queues, uint, 0644);
654 + MODULE_PARM_DESC(max_queues,
655 + "Maximum number of queues per virtual interface");
656 +
657 ++#define XENNET_TIMEOUT (5 * HZ)
658 ++
659 + static const struct ethtool_ops xennet_ethtool_ops;
660 +
661 + struct netfront_cb {
662 +@@ -1336,12 +1338,15 @@ static struct net_device *xennet_create_dev(struct xenbus_device *dev)
663 +
664 + netif_carrier_off(netdev);
665 +
666 +- xenbus_switch_state(dev, XenbusStateInitialising);
667 +- wait_event(module_wq,
668 +- xenbus_read_driver_state(dev->otherend) !=
669 +- XenbusStateClosed &&
670 +- xenbus_read_driver_state(dev->otherend) !=
671 +- XenbusStateUnknown);
672 ++ do {
673 ++ xenbus_switch_state(dev, XenbusStateInitialising);
674 ++ err = wait_event_timeout(module_wq,
675 ++ xenbus_read_driver_state(dev->otherend) !=
676 ++ XenbusStateClosed &&
677 ++ xenbus_read_driver_state(dev->otherend) !=
678 ++ XenbusStateUnknown, XENNET_TIMEOUT);
679 ++ } while (!err);
680 ++
681 + return netdev;
682 +
683 + exit:
684 +@@ -2142,28 +2147,43 @@ static const struct attribute_group xennet_dev_group = {
685 + };
686 + #endif /* CONFIG_SYSFS */
687 +
688 +-static int xennet_remove(struct xenbus_device *dev)
689 ++static void xennet_bus_close(struct xenbus_device *dev)
690 + {
691 +- struct netfront_info *info = dev_get_drvdata(&dev->dev);
692 +-
693 +- dev_dbg(&dev->dev, "%s\n", dev->nodename);
694 ++ int ret;
695 +
696 +- if (xenbus_read_driver_state(dev->otherend) != XenbusStateClosed) {
697 ++ if (xenbus_read_driver_state(dev->otherend) == XenbusStateClosed)
698 ++ return;
699 ++ do {
700 + xenbus_switch_state(dev, XenbusStateClosing);
701 +- wait_event(module_wq,
702 +- xenbus_read_driver_state(dev->otherend) ==
703 +- XenbusStateClosing ||
704 +- xenbus_read_driver_state(dev->otherend) ==
705 +- XenbusStateUnknown);
706 ++ ret = wait_event_timeout(module_wq,
707 ++ xenbus_read_driver_state(dev->otherend) ==
708 ++ XenbusStateClosing ||
709 ++ xenbus_read_driver_state(dev->otherend) ==
710 ++ XenbusStateClosed ||
711 ++ xenbus_read_driver_state(dev->otherend) ==
712 ++ XenbusStateUnknown,
713 ++ XENNET_TIMEOUT);
714 ++ } while (!ret);
715 ++
716 ++ if (xenbus_read_driver_state(dev->otherend) == XenbusStateClosed)
717 ++ return;
718 +
719 ++ do {
720 + xenbus_switch_state(dev, XenbusStateClosed);
721 +- wait_event(module_wq,
722 +- xenbus_read_driver_state(dev->otherend) ==
723 +- XenbusStateClosed ||
724 +- xenbus_read_driver_state(dev->otherend) ==
725 +- XenbusStateUnknown);
726 +- }
727 ++ ret = wait_event_timeout(module_wq,
728 ++ xenbus_read_driver_state(dev->otherend) ==
729 ++ XenbusStateClosed ||
730 ++ xenbus_read_driver_state(dev->otherend) ==
731 ++ XenbusStateUnknown,
732 ++ XENNET_TIMEOUT);
733 ++ } while (!ret);
734 ++}
735 ++
736 ++static int xennet_remove(struct xenbus_device *dev)
737 ++{
738 ++ struct netfront_info *info = dev_get_drvdata(&dev->dev);
739 +
740 ++ xennet_bus_close(dev);
741 + xennet_disconnect_backend(info);
742 +
743 + if (info->netdev->reg_state == NETREG_REGISTERED)
744 +diff --git a/drivers/nfc/s3fwrn5/core.c b/drivers/nfc/s3fwrn5/core.c
745 +index 9d9c8d57a042..64b58455e620 100644
746 +--- a/drivers/nfc/s3fwrn5/core.c
747 ++++ b/drivers/nfc/s3fwrn5/core.c
748 +@@ -209,6 +209,7 @@ int s3fwrn5_recv_frame(struct nci_dev *ndev, struct sk_buff *skb,
749 + case S3FWRN5_MODE_FW:
750 + return s3fwrn5_fw_recv_frame(ndev, skb);
751 + default:
752 ++ kfree_skb(skb);
753 + return -ENODEV;
754 + }
755 + }
756 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
757 +index 5f26c170315c..243b16ce0c8e 100644
758 +--- a/drivers/pci/quirks.c
759 ++++ b/drivers/pci/quirks.c
760 +@@ -2086,6 +2086,19 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x10f1, quirk_disable_aspm_l0s);
761 + DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x10f4, quirk_disable_aspm_l0s);
762 + DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1508, quirk_disable_aspm_l0s);
763 +
764 ++static void quirk_disable_aspm_l0s_l1(struct pci_dev *dev)
765 ++{
766 ++ pci_info(dev, "Disabling ASPM L0s/L1\n");
767 ++ pci_disable_link_state(dev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1);
768 ++}
769 ++
770 ++/*
771 ++ * ASM1083/1085 PCIe-PCI bridge devices cause AER timeout errors on the
772 ++ * upstream PCIe root port when ASPM is enabled. At least L0s mode is affected;
773 ++ * disable both L0s and L1 for now to be safe.
774 ++ */
775 ++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ASMEDIA, 0x1080, quirk_disable_aspm_l0s_l1);
776 ++
777 + /*
778 + * Some Pericom PCIe-to-PCI bridges in reverse mode need the PCIe Retrain
779 + * Link bit cleared after starting the link retrain process to allow this
780 +diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
781 +index 70be4425ae0b..2b3637b40dde 100644
782 +--- a/drivers/scsi/libsas/sas_ata.c
783 ++++ b/drivers/scsi/libsas/sas_ata.c
784 +@@ -730,7 +730,6 @@ int sas_discover_sata(struct domain_device *dev)
785 + if (res)
786 + return res;
787 +
788 +- sas_discover_event(dev->port, DISCE_PROBE);
789 + return 0;
790 + }
791 +
792 +diff --git a/drivers/scsi/libsas/sas_discover.c b/drivers/scsi/libsas/sas_discover.c
793 +index b200edc665a5..d6365e2fcc60 100644
794 +--- a/drivers/scsi/libsas/sas_discover.c
795 ++++ b/drivers/scsi/libsas/sas_discover.c
796 +@@ -221,13 +221,9 @@ void sas_notify_lldd_dev_gone(struct domain_device *dev)
797 + }
798 + }
799 +
800 +-static void sas_probe_devices(struct work_struct *work)
801 ++static void sas_probe_devices(struct asd_sas_port *port)
802 + {
803 + struct domain_device *dev, *n;
804 +- struct sas_discovery_event *ev = to_sas_discovery_event(work);
805 +- struct asd_sas_port *port = ev->port;
806 +-
807 +- clear_bit(DISCE_PROBE, &port->disc.pending);
808 +
809 + /* devices must be domain members before link recovery and probe */
810 + list_for_each_entry(dev, &port->disco_list, disco_list_node) {
811 +@@ -303,7 +299,6 @@ int sas_discover_end_dev(struct domain_device *dev)
812 + res = sas_notify_lldd_dev_found(dev);
813 + if (res)
814 + return res;
815 +- sas_discover_event(dev->port, DISCE_PROBE);
816 +
817 + return 0;
818 + }
819 +@@ -362,13 +357,9 @@ static void sas_unregister_common_dev(struct asd_sas_port *port, struct domain_d
820 + sas_put_device(dev);
821 + }
822 +
823 +-static void sas_destruct_devices(struct work_struct *work)
824 ++void sas_destruct_devices(struct asd_sas_port *port)
825 + {
826 + struct domain_device *dev, *n;
827 +- struct sas_discovery_event *ev = to_sas_discovery_event(work);
828 +- struct asd_sas_port *port = ev->port;
829 +-
830 +- clear_bit(DISCE_DESTRUCT, &port->disc.pending);
831 +
832 + list_for_each_entry_safe(dev, n, &port->destroy_list, disco_list_node) {
833 + list_del_init(&dev->disco_list_node);
834 +@@ -379,6 +370,16 @@ static void sas_destruct_devices(struct work_struct *work)
835 + }
836 + }
837 +
838 ++static void sas_destruct_ports(struct asd_sas_port *port)
839 ++{
840 ++ struct sas_port *sas_port, *p;
841 ++
842 ++ list_for_each_entry_safe(sas_port, p, &port->sas_port_del_list, del_list) {
843 ++ list_del_init(&sas_port->del_list);
844 ++ sas_port_delete(sas_port);
845 ++ }
846 ++}
847 ++
848 + void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev)
849 + {
850 + if (!test_bit(SAS_DEV_DESTROY, &dev->state) &&
851 +@@ -393,7 +394,6 @@ void sas_unregister_dev(struct asd_sas_port *port, struct domain_device *dev)
852 + if (!test_and_set_bit(SAS_DEV_DESTROY, &dev->state)) {
853 + sas_rphy_unlink(dev->rphy);
854 + list_move_tail(&dev->disco_list_node, &port->destroy_list);
855 +- sas_discover_event(dev->port, DISCE_DESTRUCT);
856 + }
857 + }
858 +
859 +@@ -499,6 +499,8 @@ static void sas_discover_domain(struct work_struct *work)
860 + port->port_dev = NULL;
861 + }
862 +
863 ++ sas_probe_devices(port);
864 ++
865 + SAS_DPRINTK("DONE DISCOVERY on port %d, pid:%d, result:%d\n", port->id,
866 + task_pid_nr(current), error);
867 + }
868 +@@ -532,6 +534,10 @@ static void sas_revalidate_domain(struct work_struct *work)
869 + port->id, task_pid_nr(current), res);
870 + out:
871 + mutex_unlock(&ha->disco_mutex);
872 ++
873 ++ sas_destruct_devices(port);
874 ++ sas_destruct_ports(port);
875 ++ sas_probe_devices(port);
876 + }
877 +
878 + /* ---------- Events ---------- */
879 +@@ -587,10 +593,8 @@ void sas_init_disc(struct sas_discovery *disc, struct asd_sas_port *port)
880 + static const work_func_t sas_event_fns[DISC_NUM_EVENTS] = {
881 + [DISCE_DISCOVER_DOMAIN] = sas_discover_domain,
882 + [DISCE_REVALIDATE_DOMAIN] = sas_revalidate_domain,
883 +- [DISCE_PROBE] = sas_probe_devices,
884 + [DISCE_SUSPEND] = sas_suspend_devices,
885 + [DISCE_RESUME] = sas_resume_devices,
886 +- [DISCE_DESTRUCT] = sas_destruct_devices,
887 + };
888 +
889 + disc->pending = 0;
890 +diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c
891 +index f77d72f01da9..84df6cf46760 100644
892 +--- a/drivers/scsi/libsas/sas_expander.c
893 ++++ b/drivers/scsi/libsas/sas_expander.c
894 +@@ -1946,7 +1946,8 @@ static void sas_unregister_devs_sas_addr(struct domain_device *parent,
895 + sas_port_delete_phy(phy->port, phy->phy);
896 + sas_device_set_phy(found, phy->port);
897 + if (phy->port->num_phys == 0)
898 +- sas_port_delete(phy->port);
899 ++ list_add_tail(&phy->port->del_list,
900 ++ &parent->port->sas_port_del_list);
901 + phy->port = NULL;
902 + }
903 + }
904 +@@ -2156,7 +2157,7 @@ int sas_ex_revalidate_domain(struct domain_device *port_dev)
905 + struct domain_device *dev = NULL;
906 +
907 + res = sas_find_bcast_dev(port_dev, &dev);
908 +- while (res == 0 && dev) {
909 ++ if (res == 0 && dev) {
910 + struct expander_device *ex = &dev->ex_dev;
911 + int i = 0, phy_id;
912 +
913 +@@ -2168,9 +2169,6 @@ int sas_ex_revalidate_domain(struct domain_device *port_dev)
914 + res = sas_rediscover(dev, phy_id);
915 + i = phy_id + 1;
916 + } while (i < ex->num_phys);
917 +-
918 +- dev = NULL;
919 +- res = sas_find_bcast_dev(port_dev, &dev);
920 + }
921 + return res;
922 + }
923 +diff --git a/drivers/scsi/libsas/sas_internal.h b/drivers/scsi/libsas/sas_internal.h
924 +index c07e08136491..f3449fde9c5f 100644
925 +--- a/drivers/scsi/libsas/sas_internal.h
926 ++++ b/drivers/scsi/libsas/sas_internal.h
927 +@@ -98,6 +98,7 @@ int sas_try_ata_reset(struct asd_sas_phy *phy);
928 + void sas_hae_reset(struct work_struct *work);
929 +
930 + void sas_free_device(struct kref *kref);
931 ++void sas_destruct_devices(struct asd_sas_port *port);
932 +
933 + #ifdef CONFIG_SCSI_SAS_HOST_SMP
934 + extern void sas_smp_host_handler(struct bsg_job *job, struct Scsi_Host *shost);
935 +diff --git a/drivers/scsi/libsas/sas_port.c b/drivers/scsi/libsas/sas_port.c
936 +index d3c5297c6c89..5d3244c8f280 100644
937 +--- a/drivers/scsi/libsas/sas_port.c
938 ++++ b/drivers/scsi/libsas/sas_port.c
939 +@@ -66,6 +66,7 @@ static void sas_resume_port(struct asd_sas_phy *phy)
940 + rc = sas_notify_lldd_dev_found(dev);
941 + if (rc) {
942 + sas_unregister_dev(port, dev);
943 ++ sas_destruct_devices(port);
944 + continue;
945 + }
946 +
947 +@@ -219,6 +220,7 @@ void sas_deform_port(struct asd_sas_phy *phy, int gone)
948 +
949 + if (port->num_phys == 1) {
950 + sas_unregister_domain_devices(port, gone);
951 ++ sas_destruct_devices(port);
952 + sas_port_delete(port->port);
953 + port->port = NULL;
954 + } else {
955 +@@ -323,6 +325,7 @@ static void sas_init_port(struct asd_sas_port *port,
956 + INIT_LIST_HEAD(&port->dev_list);
957 + INIT_LIST_HEAD(&port->disco_list);
958 + INIT_LIST_HEAD(&port->destroy_list);
959 ++ INIT_LIST_HEAD(&port->sas_port_del_list);
960 + spin_lock_init(&port->phy_list_lock);
961 + INIT_LIST_HEAD(&port->phy_list);
962 + port->ha = sas_ha;
963 +diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
964 +index 4abefd841b6c..ff519f7a8784 100644
965 +--- a/fs/f2fs/dir.c
966 ++++ b/fs/f2fs/dir.c
967 +@@ -817,6 +817,17 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
968 + de_name.name = d->filename[bit_pos];
969 + de_name.len = le16_to_cpu(de->name_len);
970 +
971 ++ /* check memory boundary before moving forward */
972 ++ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len));
973 ++ if (unlikely(bit_pos > d->max ||
974 ++ le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) {
975 ++ f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING,
976 ++ "%s: corrupted namelen=%d, run fsck to fix.",
977 ++ __func__, le16_to_cpu(de->name_len));
978 ++ set_sbi_flag(F2FS_I_SB(d->inode)->sb->s_fs_info, SBI_NEED_FSCK);
979 ++ return -EINVAL;
980 ++ }
981 ++
982 + if (f2fs_encrypted_inode(d->inode)) {
983 + int save_len = fstr->len;
984 + int err;
985 +@@ -835,7 +846,6 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
986 + le32_to_cpu(de->ino), d_type))
987 + return 1;
988 +
989 +- bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len));
990 + ctx->pos = start_pos + bit_pos;
991 + }
992 + return 0;
993 +diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c
994 +index 360e32220f93..0c0f70e6c7d9 100644
995 +--- a/fs/xfs/xfs_log.c
996 ++++ b/fs/xfs/xfs_log.c
997 +@@ -2684,7 +2684,6 @@ xlog_state_do_callback(
998 + int funcdidcallbacks; /* flag: function did callbacks */
999 + int repeats; /* for issuing console warnings if
1000 + * looping too many times */
1001 +- int wake = 0;
1002 +
1003 + spin_lock(&log->l_icloglock);
1004 + first_iclog = iclog = log->l_iclog;
1005 +@@ -2886,11 +2885,9 @@ xlog_state_do_callback(
1006 + #endif
1007 +
1008 + if (log->l_iclog->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_IOERROR))
1009 +- wake = 1;
1010 +- spin_unlock(&log->l_icloglock);
1011 +-
1012 +- if (wake)
1013 + wake_up_all(&log->l_flush_wait);
1014 ++
1015 ++ spin_unlock(&log->l_icloglock);
1016 + }
1017 +
1018 +
1019 +@@ -4052,7 +4049,9 @@ xfs_log_force_umount(
1020 + * item committed callback functions will do this again under lock to
1021 + * avoid races.
1022 + */
1023 ++ spin_lock(&log->l_cilp->xc_push_lock);
1024 + wake_up_all(&log->l_cilp->xc_commit_wait);
1025 ++ spin_unlock(&log->l_cilp->xc_push_lock);
1026 + xlog_state_do_callback(log, XFS_LI_ABORTED, NULL);
1027 +
1028 + #ifdef XFSERRORDEBUG
1029 +diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
1030 +index c229ffbed6d4..48e618b20d34 100644
1031 +--- a/include/asm-generic/vmlinux.lds.h
1032 ++++ b/include/asm-generic/vmlinux.lds.h
1033 +@@ -251,7 +251,8 @@
1034 +
1035 + #define PAGE_ALIGNED_DATA(page_align) \
1036 + . = ALIGN(page_align); \
1037 +- *(.data..page_aligned)
1038 ++ *(.data..page_aligned) \
1039 ++ . = ALIGN(page_align);
1040 +
1041 + #define READ_MOSTLY_DATA(align) \
1042 + . = ALIGN(align); \
1043 +@@ -619,7 +620,9 @@
1044 + . = ALIGN(bss_align); \
1045 + .bss : AT(ADDR(.bss) - LOAD_OFFSET) { \
1046 + BSS_FIRST_SECTIONS \
1047 ++ . = ALIGN(PAGE_SIZE); \
1048 + *(.bss..page_aligned) \
1049 ++ . = ALIGN(PAGE_SIZE); \
1050 + *(.dynbss) \
1051 + *(BSS_MAIN) \
1052 + *(COMMON) \
1053 +diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h
1054 +index a966d281dedc..1b1cf9eff3b5 100644
1055 +--- a/include/scsi/libsas.h
1056 ++++ b/include/scsi/libsas.h
1057 +@@ -87,10 +87,8 @@ enum discover_event {
1058 + DISCE_DISCOVER_DOMAIN = 0U,
1059 + DISCE_REVALIDATE_DOMAIN = 1,
1060 + DISCE_PORT_GONE = 2,
1061 +- DISCE_PROBE = 3,
1062 + DISCE_SUSPEND = 4,
1063 + DISCE_RESUME = 5,
1064 +- DISCE_DESTRUCT = 6,
1065 + DISC_NUM_EVENTS = 7,
1066 + };
1067 +
1068 +@@ -269,6 +267,7 @@ struct asd_sas_port {
1069 + struct list_head dev_list;
1070 + struct list_head disco_list;
1071 + struct list_head destroy_list;
1072 ++ struct list_head sas_port_del_list;
1073 + enum sas_linkrate linkrate;
1074 +
1075 + struct sas_work work;
1076 +diff --git a/include/scsi/scsi_transport_sas.h b/include/scsi/scsi_transport_sas.h
1077 +index 62895b405933..05ec927a3c72 100644
1078 +--- a/include/scsi/scsi_transport_sas.h
1079 ++++ b/include/scsi/scsi_transport_sas.h
1080 +@@ -156,6 +156,7 @@ struct sas_port {
1081 +
1082 + struct mutex phy_list_mutex;
1083 + struct list_head phy_list;
1084 ++ struct list_head del_list; /* libsas only */
1085 + };
1086 +
1087 + #define dev_to_sas_port(d) \
1088 +diff --git a/include/uapi/linux/wireless.h b/include/uapi/linux/wireless.h
1089 +index 86eca3208b6b..a2c006a364e0 100644
1090 +--- a/include/uapi/linux/wireless.h
1091 ++++ b/include/uapi/linux/wireless.h
1092 +@@ -74,6 +74,8 @@
1093 + #include <linux/socket.h> /* for "struct sockaddr" et al */
1094 + #include <linux/if.h> /* for IFNAMSIZ and co... */
1095 +
1096 ++#include <stddef.h> /* for offsetof */
1097 ++
1098 + /***************************** VERSION *****************************/
1099 + /*
1100 + * This constant is used to know the availability of the wireless
1101 +@@ -1090,8 +1092,7 @@ struct iw_event {
1102 + /* iw_point events are special. First, the payload (extra data) come at
1103 + * the end of the event, so they are bigger than IW_EV_POINT_LEN. Second,
1104 + * we omit the pointer, so start at an offset. */
1105 +-#define IW_EV_POINT_OFF (((char *) &(((struct iw_point *) NULL)->length)) - \
1106 +- (char *) NULL)
1107 ++#define IW_EV_POINT_OFF offsetof(struct iw_point, length)
1108 + #define IW_EV_POINT_LEN (IW_EV_LCP_LEN + sizeof(struct iw_point) - \
1109 + IW_EV_POINT_OFF)
1110 +
1111 +diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
1112 +index 505e69854eb8..6cc090d015f6 100644
1113 +--- a/kernel/bpf/hashtab.c
1114 ++++ b/kernel/bpf/hashtab.c
1115 +@@ -656,15 +656,20 @@ static void htab_elem_free_rcu(struct rcu_head *head)
1116 + preempt_enable();
1117 + }
1118 +
1119 +-static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l)
1120 ++static void htab_put_fd_value(struct bpf_htab *htab, struct htab_elem *l)
1121 + {
1122 + struct bpf_map *map = &htab->map;
1123 ++ void *ptr;
1124 +
1125 + if (map->ops->map_fd_put_ptr) {
1126 +- void *ptr = fd_htab_map_get_ptr(map, l);
1127 +-
1128 ++ ptr = fd_htab_map_get_ptr(map, l);
1129 + map->ops->map_fd_put_ptr(ptr);
1130 + }
1131 ++}
1132 ++
1133 ++static void free_htab_elem(struct bpf_htab *htab, struct htab_elem *l)
1134 ++{
1135 ++ htab_put_fd_value(htab, l);
1136 +
1137 + if (htab_is_prealloc(htab)) {
1138 + __pcpu_freelist_push(&htab->freelist, &l->fnode);
1139 +@@ -725,6 +730,7 @@ static struct htab_elem *alloc_htab_elem(struct bpf_htab *htab, void *key,
1140 + */
1141 + pl_new = this_cpu_ptr(htab->extra_elems);
1142 + l_new = *pl_new;
1143 ++ htab_put_fd_value(htab, old_elem);
1144 + *pl_new = old_elem;
1145 + } else {
1146 + struct pcpu_freelist_node *l;
1147 +diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
1148 +index a9c65f13b7f5..32de8afbfbf8 100644
1149 +--- a/net/9p/trans_fd.c
1150 ++++ b/net/9p/trans_fd.c
1151 +@@ -301,7 +301,6 @@ static void p9_read_work(struct work_struct *work)
1152 + {
1153 + int n, err;
1154 + struct p9_conn *m;
1155 +- int status = REQ_STATUS_ERROR;
1156 +
1157 + m = container_of(work, struct p9_conn, rq);
1158 +
1159 +@@ -381,11 +380,21 @@ static void p9_read_work(struct work_struct *work)
1160 + if ((m->req) && (m->rc.offset == m->rc.capacity)) {
1161 + p9_debug(P9_DEBUG_TRANS, "got new packet\n");
1162 + spin_lock(&m->client->lock);
1163 +- if (m->req->status != REQ_STATUS_ERROR)
1164 +- status = REQ_STATUS_RCVD;
1165 +- list_del(&m->req->req_list);
1166 +- /* update req->status while holding client->lock */
1167 +- p9_client_cb(m->client, m->req, status);
1168 ++ if (m->req->status == REQ_STATUS_SENT) {
1169 ++ list_del(&m->req->req_list);
1170 ++ p9_client_cb(m->client, m->req, REQ_STATUS_RCVD);
1171 ++ } else if (m->req->status == REQ_STATUS_FLSHD) {
1172 ++ /* Ignore replies associated with a cancelled request. */
1173 ++ p9_debug(P9_DEBUG_TRANS,
1174 ++ "Ignore replies associated with a cancelled request\n");
1175 ++ } else {
1176 ++ spin_unlock(&m->client->lock);
1177 ++ p9_debug(P9_DEBUG_ERROR,
1178 ++ "Request tag %d errored out while we were reading the reply\n",
1179 ++ m->rc.tag);
1180 ++ err = -EIO;
1181 ++ goto error;
1182 ++ }
1183 + spin_unlock(&m->client->lock);
1184 + m->rc.sdata = NULL;
1185 + m->rc.offset = 0;
1186 +@@ -712,11 +721,20 @@ static int p9_fd_cancelled(struct p9_client *client, struct p9_req_t *req)
1187 + {
1188 + p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
1189 +
1190 ++ spin_lock(&client->lock);
1191 ++ /* Ignore cancelled request if message has been received
1192 ++ * before lock.
1193 ++ */
1194 ++ if (req->status == REQ_STATUS_RCVD) {
1195 ++ spin_unlock(&client->lock);
1196 ++ return 0;
1197 ++ }
1198 ++
1199 + /* we haven't received a response for oldreq,
1200 + * remove it from the list.
1201 + */
1202 +- spin_lock(&client->lock);
1203 + list_del(&req->req_list);
1204 ++ req->status = REQ_STATUS_FLSHD;
1205 + spin_unlock(&client->lock);
1206 +
1207 + return 0;
1208 +diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
1209 +index b1484b8316e8..c883cb67b731 100644
1210 +--- a/net/mac80211/cfg.c
1211 ++++ b/net/mac80211/cfg.c
1212 +@@ -1997,6 +1997,7 @@ static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev)
1213 + ieee80211_stop_mesh(sdata);
1214 + mutex_lock(&sdata->local->mtx);
1215 + ieee80211_vif_release_channel(sdata);
1216 ++ kfree(sdata->u.mesh.ie);
1217 + mutex_unlock(&sdata->local->mtx);
1218 +
1219 + return 0;
1220 +diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
1221 +index 130022091205..933f26e2ff8b 100644
1222 +--- a/net/mac80211/mesh_pathtbl.c
1223 ++++ b/net/mac80211/mesh_pathtbl.c
1224 +@@ -554,6 +554,7 @@ static void mesh_path_free_rcu(struct mesh_table *tbl,
1225 + del_timer_sync(&mpath->timer);
1226 + atomic_dec(&sdata->u.mesh.mpaths);
1227 + atomic_dec(&tbl->entries);
1228 ++ mesh_path_flush_pending(mpath);
1229 + kfree_rcu(mpath, rcu);
1230 + }
1231 +
1232 +diff --git a/net/rds/recv.c b/net/rds/recv.c
1233 +index c27cceae52e1..ef022d24f87a 100644
1234 +--- a/net/rds/recv.c
1235 ++++ b/net/rds/recv.c
1236 +@@ -453,12 +453,13 @@ static int rds_still_queued(struct rds_sock *rs, struct rds_incoming *inc,
1237 + int rds_notify_queue_get(struct rds_sock *rs, struct msghdr *msghdr)
1238 + {
1239 + struct rds_notifier *notifier;
1240 +- struct rds_rdma_notify cmsg = { 0 }; /* fill holes with zero */
1241 ++ struct rds_rdma_notify cmsg;
1242 + unsigned int count = 0, max_messages = ~0U;
1243 + unsigned long flags;
1244 + LIST_HEAD(copy);
1245 + int err = 0;
1246 +
1247 ++ memset(&cmsg, 0, sizeof(cmsg)); /* fill holes with zero */
1248 +
1249 + /* put_cmsg copies to user space and thus may sleep. We can't do this
1250 + * with rs_lock held, so first grab as many notifications as we can stuff
1251 +diff --git a/net/x25/x25_subr.c b/net/x25/x25_subr.c
1252 +index db0b1315d577..a946c1cfb5a2 100644
1253 +--- a/net/x25/x25_subr.c
1254 ++++ b/net/x25/x25_subr.c
1255 +@@ -363,6 +363,12 @@ void x25_disconnect(struct sock *sk, int reason, unsigned char cause,
1256 + sk->sk_state_change(sk);
1257 + sock_set_flag(sk, SOCK_DEAD);
1258 + }
1259 ++ if (x25->neighbour) {
1260 ++ read_lock_bh(&x25_list_lock);
1261 ++ x25_neigh_put(x25->neighbour);
1262 ++ x25->neighbour = NULL;
1263 ++ read_unlock_bh(&x25_list_lock);
1264 ++ }
1265 + }
1266 +
1267 + /*
1268 +diff --git a/tools/testing/selftests/networking/timestamping/rxtimestamp.c b/tools/testing/selftests/networking/timestamping/rxtimestamp.c
1269 +index 7a573fb4c1c4..c6428f1ac22f 100644
1270 +--- a/tools/testing/selftests/networking/timestamping/rxtimestamp.c
1271 ++++ b/tools/testing/selftests/networking/timestamping/rxtimestamp.c
1272 +@@ -328,8 +328,7 @@ int main(int argc, char **argv)
1273 + bool all_tests = true;
1274 + int arg_index = 0;
1275 + int failures = 0;
1276 +- int s, t;
1277 +- char opt;
1278 ++ int s, t, opt;
1279 +
1280 + while ((opt = getopt_long(argc, argv, "", long_options,
1281 + &arg_index)) != -1) {
Report Message
Find on MARC Find on Google Groups