Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:3.14 commit in: /
Date: Thu, 30 Oct 2014 22:42:22
Message-Id: 1414708926.241880666d4da93a0246edadbe9dcec323c52771.mpagano@gentoo
1 commit: 241880666d4da93a0246edadbe9dcec323c52771
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Thu Oct 30 22:42:06 2014 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Thu Oct 30 22:42:06 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/linux-patches.git;a=commit;h=24188066
7
8 Linux patch 3.14.23
9
10 ---
11 0000_README | 4 +
12 1022_linux-3.14.23 | 5877 ++++++++++++++++++++++++++++++++++++++++++++++++++++
13 2 files changed, 5881 insertions(+)
14
15 diff --git a/0000_README b/0000_README
16 index 8169612..e75cacd 100644
17 --- a/0000_README
18 +++ b/0000_README
19 @@ -130,6 +130,10 @@ Patch: 1021_linux-3.14.22.patch
20 From: http://www.kernel.org
21 Desc: Linux 3.14.22
22
23 +Patch: 1022_linux-3.14.23.patch
24 +From: http://www.kernel.org
25 +Desc: Linux 3.14.23
26 +
27 Patch: 1500_XATTR_USER_PREFIX.patch
28 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
29 Desc: Support for namespace user.pax.* on tmpfs.
30
31 diff --git a/1022_linux-3.14.23 b/1022_linux-3.14.23
32 new file mode 100644
33 index 0000000..62db8b4
34 --- /dev/null
35 +++ b/1022_linux-3.14.23
36 @@ -0,0 +1,5877 @@
37 +diff --git a/Documentation/lzo.txt b/Documentation/lzo.txt
38 +new file mode 100644
39 +index 000000000000..ea45dd3901e3
40 +--- /dev/null
41 ++++ b/Documentation/lzo.txt
42 +@@ -0,0 +1,164 @@
43 ++
44 ++LZO stream format as understood by Linux's LZO decompressor
45 ++===========================================================
46 ++
47 ++Introduction
48 ++
49 ++ This is not a specification. No specification seems to be publicly available
50 ++ for the LZO stream format. This document describes what input format the LZO
51 ++ decompressor as implemented in the Linux kernel understands. The file subject
52 ++ of this analysis is lib/lzo/lzo1x_decompress_safe.c. No analysis was made on
53 ++ the compressor nor on any other implementations though it seems likely that
54 ++ the format matches the standard one. The purpose of this document is to
55 ++ better understand what the code does in order to propose more efficient fixes
56 ++ for future bug reports.
57 ++
58 ++Description
59 ++
60 ++ The stream is composed of a series of instructions, operands, and data. The
61 ++ instructions consist in a few bits representing an opcode, and bits forming
62 ++ the operands for the instruction, whose size and position depend on the
63 ++ opcode and on the number of literals copied by previous instruction. The
64 ++ operands are used to indicate :
65 ++
66 ++ - a distance when copying data from the dictionary (past output buffer)
67 ++ - a length (number of bytes to copy from dictionary)
68 ++ - the number of literals to copy, which is retained in variable "state"
69 ++ as a piece of information for next instructions.
70 ++
71 ++ Optionally depending on the opcode and operands, extra data may follow. These
72 ++ extra data can be a complement for the operand (eg: a length or a distance
73 ++ encoded on larger values), or a literal to be copied to the output buffer.
74 ++
75 ++ The first byte of the block follows a different encoding from other bytes, it
76 ++ seems to be optimized for literal use only, since there is no dictionary yet
77 ++ prior to that byte.
78 ++
79 ++ Lengths are always encoded on a variable size starting with a small number
80 ++ of bits in the operand. If the number of bits isn't enough to represent the
81 ++ length, up to 255 may be added in increments by consuming more bytes with a
82 ++ rate of at most 255 per extra byte (thus the compression ratio cannot exceed
83 ++ around 255:1). The variable length encoding using #bits is always the same :
84 ++
85 ++ length = byte & ((1 << #bits) - 1)
86 ++ if (!length) {
87 ++ length = ((1 << #bits) - 1)
88 ++ length += 255*(number of zero bytes)
89 ++ length += first-non-zero-byte
90 ++ }
91 ++ length += constant (generally 2 or 3)
92 ++
93 ++ For references to the dictionary, distances are relative to the output
94 ++ pointer. Distances are encoded using very few bits belonging to certain
95 ++ ranges, resulting in multiple copy instructions using different encodings.
96 ++ Certain encodings involve one extra byte, others involve two extra bytes
97 ++ forming a little-endian 16-bit quantity (marked LE16 below).
98 ++
99 ++ After any instruction except the large literal copy, 0, 1, 2 or 3 literals
100 ++ are copied before starting the next instruction. The number of literals that
101 ++ were copied may change the meaning and behaviour of the next instruction. In
102 ++ practice, only one instruction needs to know whether 0, less than 4, or more
103 ++ literals were copied. This is the information stored in the <state> variable
104 ++ in this implementation. This number of immediate literals to be copied is
105 ++ generally encoded in the last two bits of the instruction but may also be
106 ++ taken from the last two bits of an extra operand (eg: distance).
107 ++
108 ++ End of stream is declared when a block copy of distance 0 is seen. Only one
109 ++ instruction may encode this distance (0001HLLL), it takes one LE16 operand
110 ++ for the distance, thus requiring 3 bytes.
111 ++
112 ++ IMPORTANT NOTE : in the code some length checks are missing because certain
113 ++ instructions are called under the assumption that a certain number of bytes
114 ++ follow because it has already been garanteed before parsing the instructions.
115 ++ They just have to "refill" this credit if they consume extra bytes. This is
116 ++ an implementation design choice independant on the algorithm or encoding.
117 ++
118 ++Byte sequences
119 ++
120 ++ First byte encoding :
121 ++
122 ++ 0..17 : follow regular instruction encoding, see below. It is worth
123 ++ noting that codes 16 and 17 will represent a block copy from
124 ++ the dictionary which is empty, and that they will always be
125 ++ invalid at this place.
126 ++
127 ++ 18..21 : copy 0..3 literals
128 ++ state = (byte - 17) = 0..3 [ copy <state> literals ]
129 ++ skip byte
130 ++
131 ++ 22..255 : copy literal string
132 ++ length = (byte - 17) = 4..238
133 ++ state = 4 [ don't copy extra literals ]
134 ++ skip byte
135 ++
136 ++ Instruction encoding :
137 ++
138 ++ 0 0 0 0 X X X X (0..15)
139 ++ Depends on the number of literals copied by the last instruction.
140 ++ If last instruction did not copy any literal (state == 0), this
141 ++ encoding will be a copy of 4 or more literal, and must be interpreted
142 ++ like this :
143 ++
144 ++ 0 0 0 0 L L L L (0..15) : copy long literal string
145 ++ length = 3 + (L ?: 15 + (zero_bytes * 255) + non_zero_byte)
146 ++ state = 4 (no extra literals are copied)
147 ++
148 ++ If last instruction used to copy between 1 to 3 literals (encoded in
149 ++ the instruction's opcode or distance), the instruction is a copy of a
150 ++ 2-byte block from the dictionary within a 1kB distance. It is worth
151 ++ noting that this instruction provides little savings since it uses 2
152 ++ bytes to encode a copy of 2 other bytes but it encodes the number of
153 ++ following literals for free. It must be interpreted like this :
154 ++
155 ++ 0 0 0 0 D D S S (0..15) : copy 2 bytes from <= 1kB distance
156 ++ length = 2
157 ++ state = S (copy S literals after this block)
158 ++ Always followed by exactly one byte : H H H H H H H H
159 ++ distance = (H << 2) + D + 1
160 ++
161 ++ If last instruction used to copy 4 or more literals (as detected by
162 ++ state == 4), the instruction becomes a copy of a 3-byte block from the
163 ++ dictionary from a 2..3kB distance, and must be interpreted like this :
164 ++
165 ++ 0 0 0 0 D D S S (0..15) : copy 3 bytes from 2..3 kB distance
166 ++ length = 3
167 ++ state = S (copy S literals after this block)
168 ++ Always followed by exactly one byte : H H H H H H H H
169 ++ distance = (H << 2) + D + 2049
170 ++
171 ++ 0 0 0 1 H L L L (16..31)
172 ++ Copy of a block within 16..48kB distance (preferably less than 10B)
173 ++ length = 2 + (L ?: 7 + (zero_bytes * 255) + non_zero_byte)
174 ++ Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
175 ++ distance = 16384 + (H << 14) + D
176 ++ state = S (copy S literals after this block)
177 ++ End of stream is reached if distance == 16384
178 ++
179 ++ 0 0 1 L L L L L (32..63)
180 ++ Copy of small block within 16kB distance (preferably less than 34B)
181 ++ length = 2 + (L ?: 31 + (zero_bytes * 255) + non_zero_byte)
182 ++ Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
183 ++ distance = D + 1
184 ++ state = S (copy S literals after this block)
185 ++
186 ++ 0 1 L D D D S S (64..127)
187 ++ Copy 3-4 bytes from block within 2kB distance
188 ++ state = S (copy S literals after this block)
189 ++ length = 3 + L
190 ++ Always followed by exactly one byte : H H H H H H H H
191 ++ distance = (H << 3) + D + 1
192 ++
193 ++ 1 L L D D D S S (128..255)
194 ++ Copy 5-8 bytes from block within 2kB distance
195 ++ state = S (copy S literals after this block)
196 ++ length = 5 + L
197 ++ Always followed by exactly one byte : H H H H H H H H
198 ++ distance = (H << 3) + D + 1
199 ++
200 ++Authors
201 ++
202 ++ This document was written by Willy Tarreau <w@×××.eu> on 2014/07/19 during an
203 ++ analysis of the decompression code available in Linux 3.16-rc5. The code is
204 ++ tricky, it is possible that this document contains mistakes or that a few
205 ++ corner cases were overlooked. In any case, please report any doubt, fix, or
206 ++ proposed updates to the author(s) so that the document can be updated.
207 +diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
208 +index 290894176142..53838d9c6295 100644
209 +--- a/Documentation/virtual/kvm/mmu.txt
210 ++++ b/Documentation/virtual/kvm/mmu.txt
211 +@@ -425,6 +425,20 @@ fault through the slow path.
212 + Since only 19 bits are used to store generation-number on mmio spte, all
213 + pages are zapped when there is an overflow.
214 +
215 ++Unfortunately, a single memory access might access kvm_memslots(kvm) multiple
216 ++times, the last one happening when the generation number is retrieved and
217 ++stored into the MMIO spte. Thus, the MMIO spte might be created based on
218 ++out-of-date information, but with an up-to-date generation number.
219 ++
220 ++To avoid this, the generation number is incremented again after synchronize_srcu
221 ++returns; thus, the low bit of kvm_memslots(kvm)->generation is only 1 during a
222 ++memslot update, while some SRCU readers might be using the old copy. We do not
223 ++want to use an MMIO sptes created with an odd generation number, and we can do
224 ++this without losing a bit in the MMIO spte. The low bit of the generation
225 ++is not stored in MMIO spte, and presumed zero when it is extracted out of the
226 ++spte. If KVM is unlucky and creates an MMIO spte while the low bit is 1,
227 ++the next access to the spte will always be a cache miss.
228 ++
229 +
230 + Further reading
231 + ===============
232 +diff --git a/Makefile b/Makefile
233 +index a59980eb4557..135a04a26076 100644
234 +--- a/Makefile
235 ++++ b/Makefile
236 +@@ -1,6 +1,6 @@
237 + VERSION = 3
238 + PATCHLEVEL = 14
239 +-SUBLEVEL = 22
240 ++SUBLEVEL = 23
241 + EXTRAVERSION =
242 + NAME = Remembering Coco
243 +
244 +diff --git a/arch/arm/boot/dts/armada-370-netgear-rn102.dts b/arch/arm/boot/dts/armada-370-netgear-rn102.dts
245 +index 651aeb5ef439..f3188e953de4 100644
246 +--- a/arch/arm/boot/dts/armada-370-netgear-rn102.dts
247 ++++ b/arch/arm/boot/dts/armada-370-netgear-rn102.dts
248 +@@ -144,6 +144,10 @@
249 + marvell,nand-enable-arbiter;
250 + nand-on-flash-bbt;
251 +
252 ++ /* Use Hardware BCH ECC */
253 ++ nand-ecc-strength = <4>;
254 ++ nand-ecc-step-size = <512>;
255 ++
256 + partition@0 {
257 + label = "u-boot";
258 + reg = <0x0000000 0x180000>; /* 1.5MB */
259 +diff --git a/arch/arm/boot/dts/armada-370-netgear-rn104.dts b/arch/arm/boot/dts/armada-370-netgear-rn104.dts
260 +index 4e27587667bf..da406c1c726a 100644
261 +--- a/arch/arm/boot/dts/armada-370-netgear-rn104.dts
262 ++++ b/arch/arm/boot/dts/armada-370-netgear-rn104.dts
263 +@@ -146,6 +146,10 @@
264 + marvell,nand-enable-arbiter;
265 + nand-on-flash-bbt;
266 +
267 ++ /* Use Hardware BCH ECC */
268 ++ nand-ecc-strength = <4>;
269 ++ nand-ecc-step-size = <512>;
270 ++
271 + partition@0 {
272 + label = "u-boot";
273 + reg = <0x0000000 0x180000>; /* 1.5MB */
274 +diff --git a/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts b/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
275 +index ff049ee862eb..b4aba09de911 100644
276 +--- a/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
277 ++++ b/arch/arm/boot/dts/armada-xp-netgear-rn2120.dts
278 +@@ -224,6 +224,10 @@
279 + marvell,nand-enable-arbiter;
280 + nand-on-flash-bbt;
281 +
282 ++ /* Use Hardware BCH ECC */
283 ++ nand-ecc-strength = <4>;
284 ++ nand-ecc-step-size = <512>;
285 ++
286 + partition@0 {
287 + label = "u-boot";
288 + reg = <0x0000000 0x180000>; /* 1.5MB */
289 +diff --git a/arch/arm/boot/dts/at91sam9263.dtsi b/arch/arm/boot/dts/at91sam9263.dtsi
290 +index fece8665fb63..b8f234bf7de8 100644
291 +--- a/arch/arm/boot/dts/at91sam9263.dtsi
292 ++++ b/arch/arm/boot/dts/at91sam9263.dtsi
293 +@@ -535,6 +535,7 @@
294 + compatible = "atmel,hsmci";
295 + reg = <0xfff80000 0x600>;
296 + interrupts = <10 IRQ_TYPE_LEVEL_HIGH 0>;
297 ++ pinctrl-names = "default";
298 + #address-cells = <1>;
299 + #size-cells = <0>;
300 + status = "disabled";
301 +@@ -544,6 +545,7 @@
302 + compatible = "atmel,hsmci";
303 + reg = <0xfff84000 0x600>;
304 + interrupts = <11 IRQ_TYPE_LEVEL_HIGH 0>;
305 ++ pinctrl-names = "default";
306 + #address-cells = <1>;
307 + #size-cells = <0>;
308 + status = "disabled";
309 +diff --git a/arch/arm/boot/dts/sama5d3_can.dtsi b/arch/arm/boot/dts/sama5d3_can.dtsi
310 +index a0775851cce5..eaf41451ad0c 100644
311 +--- a/arch/arm/boot/dts/sama5d3_can.dtsi
312 ++++ b/arch/arm/boot/dts/sama5d3_can.dtsi
313 +@@ -40,7 +40,7 @@
314 + atmel,clk-output-range = <0 66000000>;
315 + };
316 +
317 +- can1_clk: can0_clk {
318 ++ can1_clk: can1_clk {
319 + #clock-cells = <0>;
320 + reg = <41>;
321 + atmel,clk-output-range = <0 66000000>;
322 +diff --git a/arch/arm/mach-at91/clock.c b/arch/arm/mach-at91/clock.c
323 +index 034529d801b2..d66f102c352a 100644
324 +--- a/arch/arm/mach-at91/clock.c
325 ++++ b/arch/arm/mach-at91/clock.c
326 +@@ -962,6 +962,7 @@ static int __init at91_clock_reset(void)
327 + }
328 +
329 + at91_pmc_write(AT91_PMC_SCDR, scdr);
330 ++ at91_pmc_write(AT91_PMC_PCDR, pcdr);
331 + if (cpu_is_sama5d3())
332 + at91_pmc_write(AT91_PMC_PCDR1, pcdr1);
333 +
334 +diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h
335 +index fda2704b3f9f..e72289a97367 100644
336 +--- a/arch/arm64/include/asm/compat.h
337 ++++ b/arch/arm64/include/asm/compat.h
338 +@@ -37,8 +37,8 @@ typedef s32 compat_ssize_t;
339 + typedef s32 compat_time_t;
340 + typedef s32 compat_clock_t;
341 + typedef s32 compat_pid_t;
342 +-typedef u32 __compat_uid_t;
343 +-typedef u32 __compat_gid_t;
344 ++typedef u16 __compat_uid_t;
345 ++typedef u16 __compat_gid_t;
346 + typedef u16 __compat_uid16_t;
347 + typedef u16 __compat_gid16_t;
348 + typedef u32 __compat_uid32_t;
349 +diff --git a/arch/m68k/mm/hwtest.c b/arch/m68k/mm/hwtest.c
350 +index 2c7dde3c6430..2a5259fd23eb 100644
351 +--- a/arch/m68k/mm/hwtest.c
352 ++++ b/arch/m68k/mm/hwtest.c
353 +@@ -28,9 +28,11 @@
354 + int hwreg_present( volatile void *regp )
355 + {
356 + int ret = 0;
357 ++ unsigned long flags;
358 + long save_sp, save_vbr;
359 + long tmp_vectors[3];
360 +
361 ++ local_irq_save(flags);
362 + __asm__ __volatile__
363 + ( "movec %/vbr,%2\n\t"
364 + "movel #Lberr1,%4@(8)\n\t"
365 +@@ -46,6 +48,7 @@ int hwreg_present( volatile void *regp )
366 + : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
367 + : "a" (regp), "a" (tmp_vectors)
368 + );
369 ++ local_irq_restore(flags);
370 +
371 + return( ret );
372 + }
373 +@@ -58,9 +61,11 @@ EXPORT_SYMBOL(hwreg_present);
374 + int hwreg_write( volatile void *regp, unsigned short val )
375 + {
376 + int ret;
377 ++ unsigned long flags;
378 + long save_sp, save_vbr;
379 + long tmp_vectors[3];
380 +
381 ++ local_irq_save(flags);
382 + __asm__ __volatile__
383 + ( "movec %/vbr,%2\n\t"
384 + "movel #Lberr2,%4@(8)\n\t"
385 +@@ -78,6 +83,7 @@ int hwreg_write( volatile void *regp, unsigned short val )
386 + : "=&d" (ret), "=&r" (save_sp), "=&r" (save_vbr)
387 + : "a" (regp), "a" (tmp_vectors), "g" (val)
388 + );
389 ++ local_irq_restore(flags);
390 +
391 + return( ret );
392 + }
393 +diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c
394 +index 4642d6a4d356..de1ec54a2a57 100644
395 +--- a/arch/powerpc/platforms/pseries/iommu.c
396 ++++ b/arch/powerpc/platforms/pseries/iommu.c
397 +@@ -329,16 +329,16 @@ struct direct_window {
398 +
399 + /* Dynamic DMA Window support */
400 + struct ddw_query_response {
401 +- __be32 windows_available;
402 +- __be32 largest_available_block;
403 +- __be32 page_size;
404 +- __be32 migration_capable;
405 ++ u32 windows_available;
406 ++ u32 largest_available_block;
407 ++ u32 page_size;
408 ++ u32 migration_capable;
409 + };
410 +
411 + struct ddw_create_response {
412 +- __be32 liobn;
413 +- __be32 addr_hi;
414 +- __be32 addr_lo;
415 ++ u32 liobn;
416 ++ u32 addr_hi;
417 ++ u32 addr_lo;
418 + };
419 +
420 + static LIST_HEAD(direct_window_list);
421 +@@ -725,16 +725,18 @@ static void remove_ddw(struct device_node *np, bool remove_prop)
422 + {
423 + struct dynamic_dma_window_prop *dwp;
424 + struct property *win64;
425 +- const u32 *ddw_avail;
426 ++ u32 ddw_avail[3];
427 + u64 liobn;
428 +- int len, ret = 0;
429 ++ int ret = 0;
430 ++
431 ++ ret = of_property_read_u32_array(np, "ibm,ddw-applicable",
432 ++ &ddw_avail[0], 3);
433 +
434 +- ddw_avail = of_get_property(np, "ibm,ddw-applicable", &len);
435 + win64 = of_find_property(np, DIRECT64_PROPNAME, NULL);
436 + if (!win64)
437 + return;
438 +
439 +- if (!ddw_avail || len < 3 * sizeof(u32) || win64->length < sizeof(*dwp))
440 ++ if (ret || win64->length < sizeof(*dwp))
441 + goto delprop;
442 +
443 + dwp = win64->value;
444 +@@ -872,8 +874,9 @@ static int create_ddw(struct pci_dev *dev, const u32 *ddw_avail,
445 +
446 + do {
447 + /* extra outputs are LIOBN and dma-addr (hi, lo) */
448 +- ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create, cfg_addr,
449 +- BUID_HI(buid), BUID_LO(buid), page_shift, window_shift);
450 ++ ret = rtas_call(ddw_avail[1], 5, 4, (u32 *)create,
451 ++ cfg_addr, BUID_HI(buid), BUID_LO(buid),
452 ++ page_shift, window_shift);
453 + } while (rtas_busy_delay(ret));
454 + dev_info(&dev->dev,
455 + "ibm,create-pe-dma-window(%x) %x %x %x %x %x returned %d "
456 +@@ -910,7 +913,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
457 + int page_shift;
458 + u64 dma_addr, max_addr;
459 + struct device_node *dn;
460 +- const u32 *uninitialized_var(ddw_avail);
461 ++ u32 ddw_avail[3];
462 + struct direct_window *window;
463 + struct property *win64;
464 + struct dynamic_dma_window_prop *ddwprop;
465 +@@ -942,8 +945,9 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
466 + * for the given node in that order.
467 + * the property is actually in the parent, not the PE
468 + */
469 +- ddw_avail = of_get_property(pdn, "ibm,ddw-applicable", &len);
470 +- if (!ddw_avail || len < 3 * sizeof(u32))
471 ++ ret = of_property_read_u32_array(pdn, "ibm,ddw-applicable",
472 ++ &ddw_avail[0], 3);
473 ++ if (ret)
474 + goto out_failed;
475 +
476 + /*
477 +@@ -966,11 +970,11 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
478 + dev_dbg(&dev->dev, "no free dynamic windows");
479 + goto out_failed;
480 + }
481 +- if (be32_to_cpu(query.page_size) & 4) {
482 ++ if (query.page_size & 4) {
483 + page_shift = 24; /* 16MB */
484 +- } else if (be32_to_cpu(query.page_size) & 2) {
485 ++ } else if (query.page_size & 2) {
486 + page_shift = 16; /* 64kB */
487 +- } else if (be32_to_cpu(query.page_size) & 1) {
488 ++ } else if (query.page_size & 1) {
489 + page_shift = 12; /* 4kB */
490 + } else {
491 + dev_dbg(&dev->dev, "no supported direct page size in mask %x",
492 +@@ -980,7 +984,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
493 + /* verify the window * number of ptes will map the partition */
494 + /* check largest block * page size > max memory hotplug addr */
495 + max_addr = memory_hotplug_max();
496 +- if (be32_to_cpu(query.largest_available_block) < (max_addr >> page_shift)) {
497 ++ if (query.largest_available_block < (max_addr >> page_shift)) {
498 + dev_dbg(&dev->dev, "can't map partiton max 0x%llx with %u "
499 + "%llu-sized pages\n", max_addr, query.largest_available_block,
500 + 1ULL << page_shift);
501 +@@ -1006,8 +1010,9 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
502 + if (ret != 0)
503 + goto out_free_prop;
504 +
505 +- ddwprop->liobn = create.liobn;
506 +- ddwprop->dma_base = cpu_to_be64(of_read_number(&create.addr_hi, 2));
507 ++ ddwprop->liobn = cpu_to_be32(create.liobn);
508 ++ ddwprop->dma_base = cpu_to_be64(((u64)create.addr_hi << 32) |
509 ++ create.addr_lo);
510 + ddwprop->tce_shift = cpu_to_be32(page_shift);
511 + ddwprop->window_shift = cpu_to_be32(len);
512 +
513 +@@ -1039,7 +1044,7 @@ static u64 enable_ddw(struct pci_dev *dev, struct device_node *pdn)
514 + list_add(&window->list, &direct_window_list);
515 + spin_unlock(&direct_window_list_lock);
516 +
517 +- dma_addr = of_read_number(&create.addr_hi, 2);
518 ++ dma_addr = be64_to_cpu(ddwprop->dma_base);
519 + goto out_unlock;
520 +
521 + out_free_window:
522 +diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
523 +index 5f79d2d79ca7..f1ba119878ec 100644
524 +--- a/arch/s390/kvm/interrupt.c
525 ++++ b/arch/s390/kvm/interrupt.c
526 +@@ -71,6 +71,7 @@ static int __interrupt_is_deliverable(struct kvm_vcpu *vcpu,
527 + return 0;
528 + if (vcpu->arch.sie_block->gcr[0] & 0x2000ul)
529 + return 1;
530 ++ return 0;
531 + case KVM_S390_INT_EMERGENCY:
532 + if (psw_extint_disabled(vcpu))
533 + return 0;
534 +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
535 +index b398c68b2713..a38513c33a62 100644
536 +--- a/arch/sparc/Kconfig
537 ++++ b/arch/sparc/Kconfig
538 +@@ -67,6 +67,7 @@ config SPARC64
539 + select HAVE_SYSCALL_TRACEPOINTS
540 + select HAVE_CONTEXT_TRACKING
541 + select HAVE_DEBUG_KMEMLEAK
542 ++ select SPARSE_IRQ
543 + select RTC_DRV_CMOS
544 + select RTC_DRV_BQ4802
545 + select RTC_DRV_SUN4V
546 +diff --git a/arch/sparc/include/asm/hypervisor.h b/arch/sparc/include/asm/hypervisor.h
547 +index ca121f0fa3ec..17be9d618335 100644
548 +--- a/arch/sparc/include/asm/hypervisor.h
549 ++++ b/arch/sparc/include/asm/hypervisor.h
550 +@@ -2944,6 +2944,16 @@ extern unsigned long sun4v_vt_set_perfreg(unsigned long reg_num,
551 + unsigned long reg_val);
552 + #endif
553 +
554 ++#define HV_FAST_T5_GET_PERFREG 0x1a8
555 ++#define HV_FAST_T5_SET_PERFREG 0x1a9
556 ++
557 ++#ifndef __ASSEMBLY__
558 ++unsigned long sun4v_t5_get_perfreg(unsigned long reg_num,
559 ++ unsigned long *reg_val);
560 ++unsigned long sun4v_t5_set_perfreg(unsigned long reg_num,
561 ++ unsigned long reg_val);
562 ++#endif
563 ++
564 + /* Function numbers for HV_CORE_TRAP. */
565 + #define HV_CORE_SET_VER 0x00
566 + #define HV_CORE_PUTCHAR 0x01
567 +@@ -2975,6 +2985,7 @@ extern unsigned long sun4v_vt_set_perfreg(unsigned long reg_num,
568 + #define HV_GRP_VF_CPU 0x0205
569 + #define HV_GRP_KT_CPU 0x0209
570 + #define HV_GRP_VT_CPU 0x020c
571 ++#define HV_GRP_T5_CPU 0x0211
572 + #define HV_GRP_DIAG 0x0300
573 +
574 + #ifndef __ASSEMBLY__
575 +diff --git a/arch/sparc/include/asm/irq_64.h b/arch/sparc/include/asm/irq_64.h
576 +index abf6afe82ca8..3deb07ff1e00 100644
577 +--- a/arch/sparc/include/asm/irq_64.h
578 ++++ b/arch/sparc/include/asm/irq_64.h
579 +@@ -37,7 +37,7 @@
580 + *
581 + * ino_bucket->irq allocation is made during {sun4v_,}build_irq().
582 + */
583 +-#define NR_IRQS 255
584 ++#define NR_IRQS (2048)
585 +
586 + extern void irq_install_pre_handler(int irq,
587 + void (*func)(unsigned int, void *, void *),
588 +@@ -57,11 +57,8 @@ extern unsigned int sun4u_build_msi(u32 portid, unsigned int *irq_p,
589 + unsigned long iclr_base);
590 + extern void sun4u_destroy_msi(unsigned int irq);
591 +
592 +-extern unsigned char irq_alloc(unsigned int dev_handle,
593 +- unsigned int dev_ino);
594 +-#ifdef CONFIG_PCI_MSI
595 +-extern void irq_free(unsigned int irq);
596 +-#endif
597 ++unsigned int irq_alloc(unsigned int dev_handle, unsigned int dev_ino);
598 ++void irq_free(unsigned int irq);
599 +
600 + extern void __init init_IRQ(void);
601 + extern void fixup_irqs(void);
602 +diff --git a/arch/sparc/include/asm/ldc.h b/arch/sparc/include/asm/ldc.h
603 +index bdb524a7b814..8732ed391aff 100644
604 +--- a/arch/sparc/include/asm/ldc.h
605 ++++ b/arch/sparc/include/asm/ldc.h
606 +@@ -53,13 +53,14 @@ struct ldc_channel;
607 + /* Allocate state for a channel. */
608 + extern struct ldc_channel *ldc_alloc(unsigned long id,
609 + const struct ldc_channel_config *cfgp,
610 +- void *event_arg);
611 ++ void *event_arg,
612 ++ const char *name);
613 +
614 + /* Shut down and free state for a channel. */
615 + extern void ldc_free(struct ldc_channel *lp);
616 +
617 + /* Register TX and RX queues of the link with the hypervisor. */
618 +-extern int ldc_bind(struct ldc_channel *lp, const char *name);
619 ++extern int ldc_bind(struct ldc_channel *lp);
620 +
621 + /* For non-RAW protocols we need to complete a handshake before
622 + * communication can proceed. ldc_connect() does that, if the
623 +diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
624 +index a12dbe3b7762..e48fdf4e16ff 100644
625 +--- a/arch/sparc/include/asm/oplib_64.h
626 ++++ b/arch/sparc/include/asm/oplib_64.h
627 +@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
628 + /* You must call prom_init() before using any of the library services,
629 + * preferably as early as possible. Pass it the romvec pointer.
630 + */
631 +-extern void prom_init(void *cif_handler, void *cif_stack);
632 ++extern void prom_init(void *cif_handler);
633 ++extern void prom_init_report(void);
634 +
635 + /* Boot argument acquisition, returns the boot command line string. */
636 + extern char *prom_getbootargs(void);
637 +diff --git a/arch/sparc/include/asm/page_64.h b/arch/sparc/include/asm/page_64.h
638 +index aac53fcea807..b18e602fcac4 100644
639 +--- a/arch/sparc/include/asm/page_64.h
640 ++++ b/arch/sparc/include/asm/page_64.h
641 +@@ -57,18 +57,21 @@ extern void copy_user_page(void *to, void *from, unsigned long vaddr, struct pag
642 + typedef struct { unsigned long pte; } pte_t;
643 + typedef struct { unsigned long iopte; } iopte_t;
644 + typedef struct { unsigned long pmd; } pmd_t;
645 ++typedef struct { unsigned long pud; } pud_t;
646 + typedef struct { unsigned long pgd; } pgd_t;
647 + typedef struct { unsigned long pgprot; } pgprot_t;
648 +
649 + #define pte_val(x) ((x).pte)
650 + #define iopte_val(x) ((x).iopte)
651 + #define pmd_val(x) ((x).pmd)
652 ++#define pud_val(x) ((x).pud)
653 + #define pgd_val(x) ((x).pgd)
654 + #define pgprot_val(x) ((x).pgprot)
655 +
656 + #define __pte(x) ((pte_t) { (x) } )
657 + #define __iopte(x) ((iopte_t) { (x) } )
658 + #define __pmd(x) ((pmd_t) { (x) } )
659 ++#define __pud(x) ((pud_t) { (x) } )
660 + #define __pgd(x) ((pgd_t) { (x) } )
661 + #define __pgprot(x) ((pgprot_t) { (x) } )
662 +
663 +@@ -77,18 +80,21 @@ typedef struct { unsigned long pgprot; } pgprot_t;
664 + typedef unsigned long pte_t;
665 + typedef unsigned long iopte_t;
666 + typedef unsigned long pmd_t;
667 ++typedef unsigned long pud_t;
668 + typedef unsigned long pgd_t;
669 + typedef unsigned long pgprot_t;
670 +
671 + #define pte_val(x) (x)
672 + #define iopte_val(x) (x)
673 + #define pmd_val(x) (x)
674 ++#define pud_val(x) (x)
675 + #define pgd_val(x) (x)
676 + #define pgprot_val(x) (x)
677 +
678 + #define __pte(x) (x)
679 + #define __iopte(x) (x)
680 + #define __pmd(x) (x)
681 ++#define __pud(x) (x)
682 + #define __pgd(x) (x)
683 + #define __pgprot(x) (x)
684 +
685 +@@ -96,21 +102,14 @@ typedef unsigned long pgprot_t;
686 +
687 + typedef pte_t *pgtable_t;
688 +
689 +-/* These two values define the virtual address space range in which we
690 +- * must forbid 64-bit user processes from making mappings. It used to
691 +- * represent precisely the virtual address space hole present in most
692 +- * early sparc64 chips including UltraSPARC-I. But now it also is
693 +- * further constrained by the limits of our page tables, which is
694 +- * 43-bits of virtual address.
695 +- */
696 +-#define SPARC64_VA_HOLE_TOP _AC(0xfffffc0000000000,UL)
697 +-#define SPARC64_VA_HOLE_BOTTOM _AC(0x0000040000000000,UL)
698 ++extern unsigned long sparc64_va_hole_top;
699 ++extern unsigned long sparc64_va_hole_bottom;
700 +
701 + /* The next two defines specify the actual exclusion region we
702 + * enforce, wherein we use a 4GB red zone on each side of the VA hole.
703 + */
704 +-#define VA_EXCLUDE_START (SPARC64_VA_HOLE_BOTTOM - (1UL << 32UL))
705 +-#define VA_EXCLUDE_END (SPARC64_VA_HOLE_TOP + (1UL << 32UL))
706 ++#define VA_EXCLUDE_START (sparc64_va_hole_bottom - (1UL << 32UL))
707 ++#define VA_EXCLUDE_END (sparc64_va_hole_top + (1UL << 32UL))
708 +
709 + #define TASK_UNMAPPED_BASE (test_thread_flag(TIF_32BIT) ? \
710 + _AC(0x0000000070000000,UL) : \
711 +@@ -118,20 +117,16 @@ typedef pte_t *pgtable_t;
712 +
713 + #include <asm-generic/memory_model.h>
714 +
715 +-#define PAGE_OFFSET_BY_BITS(X) (-(_AC(1,UL) << (X)))
716 + extern unsigned long PAGE_OFFSET;
717 +
718 + #endif /* !(__ASSEMBLY__) */
719 +
720 +-/* The maximum number of physical memory address bits we support, this
721 +- * is used to size various tables used to manage kernel TLB misses and
722 +- * also the sparsemem code.
723 ++/* The maximum number of physical memory address bits we support. The
724 ++ * largest value we can support is whatever "KPGD_SHIFT + KPTE_BITS"
725 ++ * evaluates to.
726 + */
727 +-#define MAX_PHYS_ADDRESS_BITS 47
728 ++#define MAX_PHYS_ADDRESS_BITS 53
729 +
730 +-/* These two shift counts are used when indexing sparc64_valid_addr_bitmap
731 +- * and kpte_linear_bitmap.
732 +- */
733 + #define ILOG2_4MB 22
734 + #define ILOG2_256MB 28
735 +
736 +diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
737 +index bcfe063bce23..2c8d41fb13a4 100644
738 +--- a/arch/sparc/include/asm/pgalloc_64.h
739 ++++ b/arch/sparc/include/asm/pgalloc_64.h
740 +@@ -15,6 +15,13 @@
741 +
742 + extern struct kmem_cache *pgtable_cache;
743 +
744 ++static inline void __pgd_populate(pgd_t *pgd, pud_t *pud)
745 ++{
746 ++ pgd_set(pgd, pud);
747 ++}
748 ++
749 ++#define pgd_populate(MM, PGD, PUD) __pgd_populate(PGD, PUD)
750 ++
751 + static inline pgd_t *pgd_alloc(struct mm_struct *mm)
752 + {
753 + return kmem_cache_alloc(pgtable_cache, GFP_KERNEL);
754 +@@ -25,7 +32,23 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
755 + kmem_cache_free(pgtable_cache, pgd);
756 + }
757 +
758 +-#define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD)
759 ++static inline void __pud_populate(pud_t *pud, pmd_t *pmd)
760 ++{
761 ++ pud_set(pud, pmd);
762 ++}
763 ++
764 ++#define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD)
765 ++
766 ++static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
767 ++{
768 ++ return kmem_cache_alloc(pgtable_cache,
769 ++ GFP_KERNEL|__GFP_REPEAT);
770 ++}
771 ++
772 ++static inline void pud_free(struct mm_struct *mm, pud_t *pud)
773 ++{
774 ++ kmem_cache_free(pgtable_cache, pud);
775 ++}
776 +
777 + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
778 + {
779 +@@ -91,4 +114,7 @@ static inline void __pte_free_tlb(struct mmu_gather *tlb, pte_t *pte,
780 + #define __pmd_free_tlb(tlb, pmd, addr) \
781 + pgtable_free_tlb(tlb, pmd, false)
782 +
783 ++#define __pud_free_tlb(tlb, pud, addr) \
784 ++ pgtable_free_tlb(tlb, pud, false)
785 ++
786 + #endif /* _SPARC64_PGALLOC_H */
787 +diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
788 +index 1a49ffdf9da9..e8dfabf156c7 100644
789 +--- a/arch/sparc/include/asm/pgtable_64.h
790 ++++ b/arch/sparc/include/asm/pgtable_64.h
791 +@@ -20,8 +20,6 @@
792 + #include <asm/page.h>
793 + #include <asm/processor.h>
794 +
795 +-#include <asm-generic/pgtable-nopud.h>
796 +-
797 + /* The kernel image occupies 0x4000000 to 0x6000000 (4MB --> 96MB).
798 + * The page copy blockops can use 0x6000000 to 0x8000000.
799 + * The 8K TSB is mapped in the 0x8000000 to 0x8400000 range.
800 +@@ -42,10 +40,7 @@
801 + #define LOW_OBP_ADDRESS _AC(0x00000000f0000000,UL)
802 + #define HI_OBP_ADDRESS _AC(0x0000000100000000,UL)
803 + #define VMALLOC_START _AC(0x0000000100000000,UL)
804 +-#define VMALLOC_END _AC(0x0000010000000000,UL)
805 +-#define VMEMMAP_BASE _AC(0x0000010000000000,UL)
806 +-
807 +-#define vmemmap ((struct page *)VMEMMAP_BASE)
808 ++#define VMEMMAP_BASE VMALLOC_END
809 +
810 + /* PMD_SHIFT determines the size of the area a second-level page
811 + * table can map
812 +@@ -55,13 +50,25 @@
813 + #define PMD_MASK (~(PMD_SIZE-1))
814 + #define PMD_BITS (PAGE_SHIFT - 3)
815 +
816 +-/* PGDIR_SHIFT determines what a third-level page table entry can map */
817 +-#define PGDIR_SHIFT (PAGE_SHIFT + (PAGE_SHIFT-3) + PMD_BITS)
818 ++/* PUD_SHIFT determines the size of the area a third-level page
819 ++ * table can map
820 ++ */
821 ++#define PUD_SHIFT (PMD_SHIFT + PMD_BITS)
822 ++#define PUD_SIZE (_AC(1,UL) << PUD_SHIFT)
823 ++#define PUD_MASK (~(PUD_SIZE-1))
824 ++#define PUD_BITS (PAGE_SHIFT - 3)
825 ++
826 ++/* PGDIR_SHIFT determines what a fourth-level page table entry can map */
827 ++#define PGDIR_SHIFT (PUD_SHIFT + PUD_BITS)
828 + #define PGDIR_SIZE (_AC(1,UL) << PGDIR_SHIFT)
829 + #define PGDIR_MASK (~(PGDIR_SIZE-1))
830 + #define PGDIR_BITS (PAGE_SHIFT - 3)
831 +
832 +-#if (PGDIR_SHIFT + PGDIR_BITS) != 43
833 ++#if (MAX_PHYS_ADDRESS_BITS > PGDIR_SHIFT + PGDIR_BITS)
834 ++#error MAX_PHYS_ADDRESS_BITS exceeds what kernel page tables can support
835 ++#endif
836 ++
837 ++#if (PGDIR_SHIFT + PGDIR_BITS) != 53
838 + #error Page table parameters do not cover virtual address space properly.
839 + #endif
840 +
841 +@@ -71,28 +78,18 @@
842 +
843 + #ifndef __ASSEMBLY__
844 +
845 +-#include <linux/sched.h>
846 +-
847 +-extern unsigned long sparc64_valid_addr_bitmap[];
848 ++extern unsigned long VMALLOC_END;
849 +
850 +-/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
851 +-static inline bool __kern_addr_valid(unsigned long paddr)
852 +-{
853 +- if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
854 +- return false;
855 +- return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
856 +-}
857 ++#define vmemmap ((struct page *)VMEMMAP_BASE)
858 +
859 +-static inline bool kern_addr_valid(unsigned long addr)
860 +-{
861 +- unsigned long paddr = __pa(addr);
862 ++#include <linux/sched.h>
863 +
864 +- return __kern_addr_valid(paddr);
865 +-}
866 ++bool kern_addr_valid(unsigned long addr);
867 +
868 + /* Entries per page directory level. */
869 + #define PTRS_PER_PTE (1UL << (PAGE_SHIFT-3))
870 + #define PTRS_PER_PMD (1UL << PMD_BITS)
871 ++#define PTRS_PER_PUD (1UL << PUD_BITS)
872 + #define PTRS_PER_PGD (1UL << PGDIR_BITS)
873 +
874 + /* Kernel has a separate 44bit address space. */
875 +@@ -101,6 +98,9 @@ static inline bool kern_addr_valid(unsigned long addr)
876 + #define pmd_ERROR(e) \
877 + pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n", \
878 + __FILE__, __LINE__, &(e), pmd_val(e), __builtin_return_address(0))
879 ++#define pud_ERROR(e) \
880 ++ pr_err("%s:%d: bad pud %p(%016lx) seen at (%pS)\n", \
881 ++ __FILE__, __LINE__, &(e), pud_val(e), __builtin_return_address(0))
882 + #define pgd_ERROR(e) \
883 + pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n", \
884 + __FILE__, __LINE__, &(e), pgd_val(e), __builtin_return_address(0))
885 +@@ -112,6 +112,7 @@ static inline bool kern_addr_valid(unsigned long addr)
886 + #define _PAGE_R _AC(0x8000000000000000,UL) /* Keep ref bit uptodate*/
887 + #define _PAGE_SPECIAL _AC(0x0200000000000000,UL) /* Special page */
888 + #define _PAGE_PMD_HUGE _AC(0x0100000000000000,UL) /* Huge page */
889 ++#define _PAGE_PUD_HUGE _PAGE_PMD_HUGE
890 +
891 + /* Advertise support for _PAGE_SPECIAL */
892 + #define __HAVE_ARCH_PTE_SPECIAL
893 +@@ -658,26 +659,26 @@ static inline unsigned long pmd_large(pmd_t pmd)
894 + return pte_val(pte) & _PAGE_PMD_HUGE;
895 + }
896 +
897 +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE
898 +-static inline unsigned long pmd_young(pmd_t pmd)
899 ++static inline unsigned long pmd_pfn(pmd_t pmd)
900 + {
901 + pte_t pte = __pte(pmd_val(pmd));
902 +
903 +- return pte_young(pte);
904 ++ return pte_pfn(pte);
905 + }
906 +
907 +-static inline unsigned long pmd_write(pmd_t pmd)
908 ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE
909 ++static inline unsigned long pmd_young(pmd_t pmd)
910 + {
911 + pte_t pte = __pte(pmd_val(pmd));
912 +
913 +- return pte_write(pte);
914 ++ return pte_young(pte);
915 + }
916 +
917 +-static inline unsigned long pmd_pfn(pmd_t pmd)
918 ++static inline unsigned long pmd_write(pmd_t pmd)
919 + {
920 + pte_t pte = __pte(pmd_val(pmd));
921 +
922 +- return pte_pfn(pte);
923 ++ return pte_write(pte);
924 + }
925 +
926 + static inline unsigned long pmd_trans_huge(pmd_t pmd)
927 +@@ -771,13 +772,15 @@ static inline int pmd_present(pmd_t pmd)
928 + * the top bits outside of the range of any physical address size we
929 + * support are clear as well. We also validate the physical itself.
930 + */
931 +-#define pmd_bad(pmd) ((pmd_val(pmd) & ~PAGE_MASK) || \
932 +- !__kern_addr_valid(pmd_val(pmd)))
933 ++#define pmd_bad(pmd) (pmd_val(pmd) & ~PAGE_MASK)
934 +
935 + #define pud_none(pud) (!pud_val(pud))
936 +
937 +-#define pud_bad(pud) ((pud_val(pud) & ~PAGE_MASK) || \
938 +- !__kern_addr_valid(pud_val(pud)))
939 ++#define pud_bad(pud) (pud_val(pud) & ~PAGE_MASK)
940 ++
941 ++#define pgd_none(pgd) (!pgd_val(pgd))
942 ++
943 ++#define pgd_bad(pgd) (pgd_val(pgd) & ~PAGE_MASK)
944 +
945 + #ifdef CONFIG_TRANSPARENT_HUGEPAGE
946 + extern void set_pmd_at(struct mm_struct *mm, unsigned long addr,
947 +@@ -815,10 +818,31 @@ static inline unsigned long __pmd_page(pmd_t pmd)
948 + #define pmd_clear(pmdp) (pmd_val(*(pmdp)) = 0UL)
949 + #define pud_present(pud) (pud_val(pud) != 0U)
950 + #define pud_clear(pudp) (pud_val(*(pudp)) = 0UL)
951 ++#define pgd_page_vaddr(pgd) \
952 ++ ((unsigned long) __va(pgd_val(pgd)))
953 ++#define pgd_present(pgd) (pgd_val(pgd) != 0U)
954 ++#define pgd_clear(pgdp) (pgd_val(*(pgd)) = 0UL)
955 ++
956 ++static inline unsigned long pud_large(pud_t pud)
957 ++{
958 ++ pte_t pte = __pte(pud_val(pud));
959 ++
960 ++ return pte_val(pte) & _PAGE_PMD_HUGE;
961 ++}
962 ++
963 ++static inline unsigned long pud_pfn(pud_t pud)
964 ++{
965 ++ pte_t pte = __pte(pud_val(pud));
966 ++
967 ++ return pte_pfn(pte);
968 ++}
969 +
970 + /* Same in both SUN4V and SUN4U. */
971 + #define pte_none(pte) (!pte_val(pte))
972 +
973 ++#define pgd_set(pgdp, pudp) \
974 ++ (pgd_val(*(pgdp)) = (__pa((unsigned long) (pudp))))
975 ++
976 + /* to find an entry in a page-table-directory. */
977 + #define pgd_index(address) (((address) >> PGDIR_SHIFT) & (PTRS_PER_PGD - 1))
978 + #define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address))
979 +@@ -826,6 +850,11 @@ static inline unsigned long __pmd_page(pmd_t pmd)
980 + /* to find an entry in a kernel page-table-directory */
981 + #define pgd_offset_k(address) pgd_offset(&init_mm, address)
982 +
983 ++/* Find an entry in the third-level page table.. */
984 ++#define pud_index(address) (((address) >> PUD_SHIFT) & (PTRS_PER_PUD - 1))
985 ++#define pud_offset(pgdp, address) \
986 ++ ((pud_t *) pgd_page_vaddr(*(pgdp)) + pud_index(address))
987 ++
988 + /* Find an entry in the second-level page table.. */
989 + #define pmd_offset(pudp, address) \
990 + ((pmd_t *) pud_page_vaddr(*(pudp)) + \
991 +@@ -898,7 +927,6 @@ static inline void __set_pte_at(struct mm_struct *mm, unsigned long addr,
992 + #endif
993 +
994 + extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
995 +-extern pmd_t swapper_low_pmd_dir[PTRS_PER_PMD];
996 +
997 + extern void paging_init(void);
998 + extern unsigned long find_ecache_flush_span(unsigned long size);
999 +diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
1000 +index 5e35e0517318..acd614668ec1 100644
1001 +--- a/arch/sparc/include/asm/setup.h
1002 ++++ b/arch/sparc/include/asm/setup.h
1003 +@@ -24,6 +24,10 @@ static inline int con_is_present(void)
1004 + }
1005 + #endif
1006 +
1007 ++#ifdef CONFIG_SPARC64
1008 ++extern void __init start_early_boot(void);
1009 ++#endif
1010 ++
1011 + extern void sun_do_break(void);
1012 + extern int stop_a_enabled;
1013 + extern int scons_pwroff;
1014 +diff --git a/arch/sparc/include/asm/spitfire.h b/arch/sparc/include/asm/spitfire.h
1015 +index 6b67e50fb9b4..69424d48cbb7 100644
1016 +--- a/arch/sparc/include/asm/spitfire.h
1017 ++++ b/arch/sparc/include/asm/spitfire.h
1018 +@@ -45,6 +45,8 @@
1019 + #define SUN4V_CHIP_NIAGARA3 0x03
1020 + #define SUN4V_CHIP_NIAGARA4 0x04
1021 + #define SUN4V_CHIP_NIAGARA5 0x05
1022 ++#define SUN4V_CHIP_SPARC_M6 0x06
1023 ++#define SUN4V_CHIP_SPARC_M7 0x07
1024 + #define SUN4V_CHIP_SPARC64X 0x8a
1025 + #define SUN4V_CHIP_UNKNOWN 0xff
1026 +
1027 +diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
1028 +index a5f01ac6d0f1..cc6275c931a5 100644
1029 +--- a/arch/sparc/include/asm/thread_info_64.h
1030 ++++ b/arch/sparc/include/asm/thread_info_64.h
1031 +@@ -63,7 +63,8 @@ struct thread_info {
1032 + struct pt_regs *kern_una_regs;
1033 + unsigned int kern_una_insn;
1034 +
1035 +- unsigned long fpregs[0] __attribute__ ((aligned(64)));
1036 ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
1037 ++ __attribute__ ((aligned(64)));
1038 + };
1039 +
1040 + #endif /* !(__ASSEMBLY__) */
1041 +@@ -102,6 +103,7 @@ struct thread_info {
1042 + #define FAULT_CODE_ITLB 0x04 /* Miss happened in I-TLB */
1043 + #define FAULT_CODE_WINFIXUP 0x08 /* Miss happened during spill/fill */
1044 + #define FAULT_CODE_BLKCOMMIT 0x10 /* Use blk-commit ASI in copy_page */
1045 ++#define FAULT_CODE_BAD_RA 0x20 /* Bad RA for sun4v */
1046 +
1047 + #if PAGE_SHIFT == 13
1048 + #define THREAD_SIZE (2*PAGE_SIZE)
1049 +diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h
1050 +index 90916f955cac..ecb49cfa3be9 100644
1051 +--- a/arch/sparc/include/asm/tsb.h
1052 ++++ b/arch/sparc/include/asm/tsb.h
1053 +@@ -133,9 +133,24 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1054 + sub TSB, 0x8, TSB; \
1055 + TSB_STORE(TSB, TAG);
1056 +
1057 +- /* Do a kernel page table walk. Leaves physical PTE pointer in
1058 +- * REG1. Jumps to FAIL_LABEL on early page table walk termination.
1059 +- * VADDR will not be clobbered, but REG2 will.
1060 ++ /* Do a kernel page table walk. Leaves valid PTE value in
1061 ++ * REG1. Jumps to FAIL_LABEL on early page table walk
1062 ++ * termination. VADDR will not be clobbered, but REG2 will.
1063 ++ *
1064 ++ * There are two masks we must apply to propagate bits from
1065 ++ * the virtual address into the PTE physical address field
1066 ++ * when dealing with huge pages. This is because the page
1067 ++ * table boundaries do not match the huge page size(s) the
1068 ++ * hardware supports.
1069 ++ *
1070 ++ * In these cases we propagate the bits that are below the
1071 ++ * page table level where we saw the huge page mapping, but
1072 ++ * are still within the relevant physical bits for the huge
1073 ++ * page size in question. So for PMD mappings (which fall on
1074 ++ * bit 23, for 8MB per PMD) we must propagate bit 22 for a
1075 ++ * 4MB huge page. For huge PUDs (which fall on bit 33, for
1076 ++ * 8GB per PUD), we have to accomodate 256MB and 2GB huge
1077 ++ * pages. So for those we propagate bits 32 to 28.
1078 + */
1079 + #define KERN_PGTABLE_WALK(VADDR, REG1, REG2, FAIL_LABEL) \
1080 + sethi %hi(swapper_pg_dir), REG1; \
1081 +@@ -145,15 +160,40 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1082 + andn REG2, 0x7, REG2; \
1083 + ldx [REG1 + REG2], REG1; \
1084 + brz,pn REG1, FAIL_LABEL; \
1085 +- sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1086 ++ sllx VADDR, 64 - (PUD_SHIFT + PUD_BITS), REG2; \
1087 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1088 + andn REG2, 0x7, REG2; \
1089 + ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1090 + brz,pn REG1, FAIL_LABEL; \
1091 +- sllx VADDR, 64 - PMD_SHIFT, REG2; \
1092 ++ sethi %uhi(_PAGE_PUD_HUGE), REG2; \
1093 ++ brz,pn REG1, FAIL_LABEL; \
1094 ++ sllx REG2, 32, REG2; \
1095 ++ andcc REG1, REG2, %g0; \
1096 ++ sethi %hi(0xf8000000), REG2; \
1097 ++ bne,pt %xcc, 697f; \
1098 ++ sllx REG2, 1, REG2; \
1099 ++ sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1100 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1101 + andn REG2, 0x7, REG2; \
1102 +- add REG1, REG2, REG1;
1103 ++ ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1104 ++ sethi %uhi(_PAGE_PMD_HUGE), REG2; \
1105 ++ brz,pn REG1, FAIL_LABEL; \
1106 ++ sllx REG2, 32, REG2; \
1107 ++ andcc REG1, REG2, %g0; \
1108 ++ be,pn %xcc, 698f; \
1109 ++ sethi %hi(0x400000), REG2; \
1110 ++697: brgez,pn REG1, FAIL_LABEL; \
1111 ++ andn REG1, REG2, REG1; \
1112 ++ and VADDR, REG2, REG2; \
1113 ++ ba,pt %xcc, 699f; \
1114 ++ or REG1, REG2, REG1; \
1115 ++698: sllx VADDR, 64 - PMD_SHIFT, REG2; \
1116 ++ srlx REG2, 64 - PAGE_SHIFT, REG2; \
1117 ++ andn REG2, 0x7, REG2; \
1118 ++ ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1119 ++ brgez,pn REG1, FAIL_LABEL; \
1120 ++ nop; \
1121 ++699:
1122 +
1123 + /* PMD has been loaded into REG1, interpret the value, seeing
1124 + * if it is a HUGE PMD or a normal one. If it is not valid
1125 +@@ -198,6 +238,11 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1126 + andn REG2, 0x7, REG2; \
1127 + ldxa [PHYS_PGD + REG2] ASI_PHYS_USE_EC, REG1; \
1128 + brz,pn REG1, FAIL_LABEL; \
1129 ++ sllx VADDR, 64 - (PUD_SHIFT + PUD_BITS), REG2; \
1130 ++ srlx REG2, 64 - PAGE_SHIFT, REG2; \
1131 ++ andn REG2, 0x7, REG2; \
1132 ++ ldxa [REG1 + REG2] ASI_PHYS_USE_EC, REG1; \
1133 ++ brz,pn REG1, FAIL_LABEL; \
1134 + sllx VADDR, 64 - (PMD_SHIFT + PMD_BITS), REG2; \
1135 + srlx REG2, 64 - PAGE_SHIFT, REG2; \
1136 + andn REG2, 0x7, REG2; \
1137 +@@ -246,8 +291,6 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1138 + (KERNEL_TSB_SIZE_BYTES / 16)
1139 + #define KERNEL_TSB4M_NENTRIES 4096
1140 +
1141 +-#define KTSB_PHYS_SHIFT 15
1142 +-
1143 + /* Do a kernel TSB lookup at tl>0 on VADDR+TAG, branch to OK_LABEL
1144 + * on TSB hit. REG1, REG2, REG3, and REG4 are used as temporaries
1145 + * and the found TTE will be left in REG1. REG3 and REG4 must
1146 +@@ -256,17 +299,15 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1147 + * VADDR and TAG will be preserved and not clobbered by this macro.
1148 + */
1149 + #define KERN_TSB_LOOKUP_TL1(VADDR, TAG, REG1, REG2, REG3, REG4, OK_LABEL) \
1150 +-661: sethi %hi(swapper_tsb), REG1; \
1151 +- or REG1, %lo(swapper_tsb), REG1; \
1152 ++661: sethi %uhi(swapper_tsb), REG1; \
1153 ++ sethi %hi(swapper_tsb), REG2; \
1154 ++ or REG1, %ulo(swapper_tsb), REG1; \
1155 ++ or REG2, %lo(swapper_tsb), REG2; \
1156 + .section .swapper_tsb_phys_patch, "ax"; \
1157 + .word 661b; \
1158 + .previous; \
1159 +-661: nop; \
1160 +- .section .tsb_ldquad_phys_patch, "ax"; \
1161 +- .word 661b; \
1162 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1163 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1164 +- .previous; \
1165 ++ sllx REG1, 32, REG1; \
1166 ++ or REG1, REG2, REG1; \
1167 + srlx VADDR, PAGE_SHIFT, REG2; \
1168 + and REG2, (KERNEL_TSB_NENTRIES - 1), REG2; \
1169 + sllx REG2, 4, REG2; \
1170 +@@ -281,17 +322,15 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch, __tsb_phys_patch_end;
1171 + * we can make use of that for the index computation.
1172 + */
1173 + #define KERN_TSB4M_LOOKUP_TL1(TAG, REG1, REG2, REG3, REG4, OK_LABEL) \
1174 +-661: sethi %hi(swapper_4m_tsb), REG1; \
1175 +- or REG1, %lo(swapper_4m_tsb), REG1; \
1176 ++661: sethi %uhi(swapper_4m_tsb), REG1; \
1177 ++ sethi %hi(swapper_4m_tsb), REG2; \
1178 ++ or REG1, %ulo(swapper_4m_tsb), REG1; \
1179 ++ or REG2, %lo(swapper_4m_tsb), REG2; \
1180 + .section .swapper_4m_tsb_phys_patch, "ax"; \
1181 + .word 661b; \
1182 + .previous; \
1183 +-661: nop; \
1184 +- .section .tsb_ldquad_phys_patch, "ax"; \
1185 +- .word 661b; \
1186 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1187 +- sllx REG1, KTSB_PHYS_SHIFT, REG1; \
1188 +- .previous; \
1189 ++ sllx REG1, 32, REG1; \
1190 ++ or REG1, REG2, REG1; \
1191 + and TAG, (KERNEL_TSB4M_NENTRIES - 1), REG2; \
1192 + sllx REG2, 4, REG2; \
1193 + add REG1, REG2, REG2; \
1194 +diff --git a/arch/sparc/include/asm/visasm.h b/arch/sparc/include/asm/visasm.h
1195 +index 39ca301920db..11fdf0ef50bb 100644
1196 +--- a/arch/sparc/include/asm/visasm.h
1197 ++++ b/arch/sparc/include/asm/visasm.h
1198 +@@ -39,6 +39,14 @@
1199 + 297: wr %o5, FPRS_FEF, %fprs; \
1200 + 298:
1201 +
1202 ++#define VISEntryHalfFast(fail_label) \
1203 ++ rd %fprs, %o5; \
1204 ++ andcc %o5, FPRS_FEF, %g0; \
1205 ++ be,pt %icc, 297f; \
1206 ++ nop; \
1207 ++ ba,a,pt %xcc, fail_label; \
1208 ++297: wr %o5, FPRS_FEF, %fprs;
1209 ++
1210 + #define VISExitHalf \
1211 + wr %o5, 0, %fprs;
1212 +
1213 +diff --git a/arch/sparc/kernel/cpu.c b/arch/sparc/kernel/cpu.c
1214 +index 5c5125895db8..52e10defedc4 100644
1215 +--- a/arch/sparc/kernel/cpu.c
1216 ++++ b/arch/sparc/kernel/cpu.c
1217 +@@ -493,6 +493,18 @@ static void __init sun4v_cpu_probe(void)
1218 + sparc_pmu_type = "niagara5";
1219 + break;
1220 +
1221 ++ case SUN4V_CHIP_SPARC_M6:
1222 ++ sparc_cpu_type = "SPARC-M6";
1223 ++ sparc_fpu_type = "SPARC-M6 integrated FPU";
1224 ++ sparc_pmu_type = "sparc-m6";
1225 ++ break;
1226 ++
1227 ++ case SUN4V_CHIP_SPARC_M7:
1228 ++ sparc_cpu_type = "SPARC-M7";
1229 ++ sparc_fpu_type = "SPARC-M7 integrated FPU";
1230 ++ sparc_pmu_type = "sparc-m7";
1231 ++ break;
1232 ++
1233 + case SUN4V_CHIP_SPARC64X:
1234 + sparc_cpu_type = "SPARC64-X";
1235 + sparc_fpu_type = "SPARC64-X integrated FPU";
1236 +diff --git a/arch/sparc/kernel/cpumap.c b/arch/sparc/kernel/cpumap.c
1237 +index de1c844dfabc..e69ec0e3f155 100644
1238 +--- a/arch/sparc/kernel/cpumap.c
1239 ++++ b/arch/sparc/kernel/cpumap.c
1240 +@@ -326,6 +326,8 @@ static int iterate_cpu(struct cpuinfo_tree *t, unsigned int root_index)
1241 + case SUN4V_CHIP_NIAGARA3:
1242 + case SUN4V_CHIP_NIAGARA4:
1243 + case SUN4V_CHIP_NIAGARA5:
1244 ++ case SUN4V_CHIP_SPARC_M6:
1245 ++ case SUN4V_CHIP_SPARC_M7:
1246 + case SUN4V_CHIP_SPARC64X:
1247 + rover_inc_table = niagara_iterate_method;
1248 + break;
1249 +diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c
1250 +index dff60abbea01..f87a55d77094 100644
1251 +--- a/arch/sparc/kernel/ds.c
1252 ++++ b/arch/sparc/kernel/ds.c
1253 +@@ -1200,14 +1200,14 @@ static int ds_probe(struct vio_dev *vdev, const struct vio_device_id *id)
1254 + ds_cfg.tx_irq = vdev->tx_irq;
1255 + ds_cfg.rx_irq = vdev->rx_irq;
1256 +
1257 +- lp = ldc_alloc(vdev->channel_id, &ds_cfg, dp);
1258 ++ lp = ldc_alloc(vdev->channel_id, &ds_cfg, dp, "DS");
1259 + if (IS_ERR(lp)) {
1260 + err = PTR_ERR(lp);
1261 + goto out_free_ds_states;
1262 + }
1263 + dp->lp = lp;
1264 +
1265 +- err = ldc_bind(lp, "DS");
1266 ++ err = ldc_bind(lp);
1267 + if (err)
1268 + goto out_free_ldc;
1269 +
1270 +diff --git a/arch/sparc/kernel/dtlb_prot.S b/arch/sparc/kernel/dtlb_prot.S
1271 +index b2c2c5be281c..d668ca149e64 100644
1272 +--- a/arch/sparc/kernel/dtlb_prot.S
1273 ++++ b/arch/sparc/kernel/dtlb_prot.S
1274 +@@ -24,11 +24,11 @@
1275 + mov TLB_TAG_ACCESS, %g4 ! For reload of vaddr
1276 +
1277 + /* PROT ** ICACHE line 2: More real fault processing */
1278 ++ ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
1279 + bgu,pn %xcc, winfix_trampoline ! Yes, perform winfixup
1280 +- ldxa [%g4] ASI_DMMU, %g5 ! Put tagaccess in %g5
1281 +- ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
1282 + mov FAULT_CODE_DTLB | FAULT_CODE_WRITE, %g4
1283 +- nop
1284 ++ ba,pt %xcc, sparc64_realfault_common ! Nope, normal fault
1285 ++ nop
1286 + nop
1287 + nop
1288 + nop
1289 +diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
1290 +index 140966fbd303..c88ffb9ee482 100644
1291 +--- a/arch/sparc/kernel/entry.h
1292 ++++ b/arch/sparc/kernel/entry.h
1293 +@@ -66,13 +66,10 @@ struct pause_patch_entry {
1294 + extern struct pause_patch_entry __pause_3insn_patch,
1295 + __pause_3insn_patch_end;
1296 +
1297 +-extern void __init per_cpu_patch(void);
1298 + extern void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
1299 + struct sun4v_1insn_patch_entry *);
1300 + extern void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
1301 + struct sun4v_2insn_patch_entry *);
1302 +-extern void __init sun4v_patch(void);
1303 +-extern void __init boot_cpu_id_too_large(int cpu);
1304 + extern unsigned int dcache_parity_tl1_occurred;
1305 + extern unsigned int icache_parity_tl1_occurred;
1306 +
1307 +diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
1308 +index 452f04fe8da6..3d61fcae7ee3 100644
1309 +--- a/arch/sparc/kernel/head_64.S
1310 ++++ b/arch/sparc/kernel/head_64.S
1311 +@@ -427,6 +427,12 @@ sun4v_chip_type:
1312 + cmp %g2, '5'
1313 + be,pt %xcc, 5f
1314 + mov SUN4V_CHIP_NIAGARA5, %g4
1315 ++ cmp %g2, '6'
1316 ++ be,pt %xcc, 5f
1317 ++ mov SUN4V_CHIP_SPARC_M6, %g4
1318 ++ cmp %g2, '7'
1319 ++ be,pt %xcc, 5f
1320 ++ mov SUN4V_CHIP_SPARC_M7, %g4
1321 + ba,pt %xcc, 49f
1322 + nop
1323 +
1324 +@@ -585,6 +591,12 @@ niagara_tlb_fixup:
1325 + cmp %g1, SUN4V_CHIP_NIAGARA5
1326 + be,pt %xcc, niagara4_patch
1327 + nop
1328 ++ cmp %g1, SUN4V_CHIP_SPARC_M6
1329 ++ be,pt %xcc, niagara4_patch
1330 ++ nop
1331 ++ cmp %g1, SUN4V_CHIP_SPARC_M7
1332 ++ be,pt %xcc, niagara4_patch
1333 ++ nop
1334 +
1335 + call generic_patch_copyops
1336 + nop
1337 +@@ -660,14 +672,12 @@ tlb_fixup_done:
1338 + sethi %hi(init_thread_union), %g6
1339 + or %g6, %lo(init_thread_union), %g6
1340 + ldx [%g6 + TI_TASK], %g4
1341 +- mov %sp, %l6
1342 +
1343 + wr %g0, ASI_P, %asi
1344 + mov 1, %g1
1345 + sllx %g1, THREAD_SHIFT, %g1
1346 + sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
1347 + add %g6, %g1, %sp
1348 +- mov 0, %fp
1349 +
1350 + /* Set per-cpu pointer initially to zero, this makes
1351 + * the boot-cpu use the in-kernel-image per-cpu areas
1352 +@@ -694,44 +704,14 @@ tlb_fixup_done:
1353 + nop
1354 + #endif
1355 +
1356 +- mov %l6, %o1 ! OpenPROM stack
1357 + call prom_init
1358 + mov %l7, %o0 ! OpenPROM cif handler
1359 +
1360 +- /* Initialize current_thread_info()->cpu as early as possible.
1361 +- * In order to do that accurately we have to patch up the get_cpuid()
1362 +- * assembler sequences. And that, in turn, requires that we know
1363 +- * if we are on a Starfire box or not. While we're here, patch up
1364 +- * the sun4v sequences as well.
1365 ++ /* To create a one-register-window buffer between the kernel's
1366 ++ * initial stack and the last stack frame we use from the firmware,
1367 ++ * do the rest of the boot from a C helper function.
1368 + */
1369 +- call check_if_starfire
1370 +- nop
1371 +- call per_cpu_patch
1372 +- nop
1373 +- call sun4v_patch
1374 +- nop
1375 +-
1376 +-#ifdef CONFIG_SMP
1377 +- call hard_smp_processor_id
1378 +- nop
1379 +- cmp %o0, NR_CPUS
1380 +- blu,pt %xcc, 1f
1381 +- nop
1382 +- call boot_cpu_id_too_large
1383 +- nop
1384 +- /* Not reached... */
1385 +-
1386 +-1:
1387 +-#else
1388 +- mov 0, %o0
1389 +-#endif
1390 +- sth %o0, [%g6 + TI_CPU]
1391 +-
1392 +- call prom_init_report
1393 +- nop
1394 +-
1395 +- /* Off we go.... */
1396 +- call start_kernel
1397 ++ call start_early_boot
1398 + nop
1399 + /* Not reached... */
1400 +
1401 +diff --git a/arch/sparc/kernel/hvapi.c b/arch/sparc/kernel/hvapi.c
1402 +index c0a2de0fd624..5c55145bfbf0 100644
1403 +--- a/arch/sparc/kernel/hvapi.c
1404 ++++ b/arch/sparc/kernel/hvapi.c
1405 +@@ -46,6 +46,7 @@ static struct api_info api_table[] = {
1406 + { .group = HV_GRP_VF_CPU, },
1407 + { .group = HV_GRP_KT_CPU, },
1408 + { .group = HV_GRP_VT_CPU, },
1409 ++ { .group = HV_GRP_T5_CPU, },
1410 + { .group = HV_GRP_DIAG, .flags = FLAG_PRE_API },
1411 + };
1412 +
1413 +diff --git a/arch/sparc/kernel/hvcalls.S b/arch/sparc/kernel/hvcalls.S
1414 +index f3ab509b76a8..caedf8320416 100644
1415 +--- a/arch/sparc/kernel/hvcalls.S
1416 ++++ b/arch/sparc/kernel/hvcalls.S
1417 +@@ -821,3 +821,19 @@ ENTRY(sun4v_vt_set_perfreg)
1418 + retl
1419 + nop
1420 + ENDPROC(sun4v_vt_set_perfreg)
1421 ++
1422 ++ENTRY(sun4v_t5_get_perfreg)
1423 ++ mov %o1, %o4
1424 ++ mov HV_FAST_T5_GET_PERFREG, %o5
1425 ++ ta HV_FAST_TRAP
1426 ++ stx %o1, [%o4]
1427 ++ retl
1428 ++ nop
1429 ++ENDPROC(sun4v_t5_get_perfreg)
1430 ++
1431 ++ENTRY(sun4v_t5_set_perfreg)
1432 ++ mov HV_FAST_T5_SET_PERFREG, %o5
1433 ++ ta HV_FAST_TRAP
1434 ++ retl
1435 ++ nop
1436 ++ENDPROC(sun4v_t5_set_perfreg)
1437 +diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
1438 +index b7ddcdd1dea9..cdbfec299f2f 100644
1439 +--- a/arch/sparc/kernel/hvtramp.S
1440 ++++ b/arch/sparc/kernel/hvtramp.S
1441 +@@ -109,7 +109,6 @@ hv_cpu_startup:
1442 + sllx %g5, THREAD_SHIFT, %g5
1443 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
1444 + add %g6, %g5, %sp
1445 +- mov 0, %fp
1446 +
1447 + call init_irqwork_curcpu
1448 + nop
1449 +diff --git a/arch/sparc/kernel/ioport.c b/arch/sparc/kernel/ioport.c
1450 +index e7e215dfa866..c2d81ad62e78 100644
1451 +--- a/arch/sparc/kernel/ioport.c
1452 ++++ b/arch/sparc/kernel/ioport.c
1453 +@@ -278,7 +278,8 @@ static void *sbus_alloc_coherent(struct device *dev, size_t len,
1454 + }
1455 +
1456 + order = get_order(len_total);
1457 +- if ((va = __get_free_pages(GFP_KERNEL|__GFP_COMP, order)) == 0)
1458 ++ va = __get_free_pages(gfp, order);
1459 ++ if (va == 0)
1460 + goto err_nopages;
1461 +
1462 + if ((res = kzalloc(sizeof(struct resource), GFP_KERNEL)) == NULL)
1463 +@@ -443,7 +444,7 @@ static void *pci32_alloc_coherent(struct device *dev, size_t len,
1464 + }
1465 +
1466 + order = get_order(len_total);
1467 +- va = (void *) __get_free_pages(GFP_KERNEL, order);
1468 ++ va = (void *) __get_free_pages(gfp, order);
1469 + if (va == NULL) {
1470 + printk("pci_alloc_consistent: no %ld pages\n", len_total>>PAGE_SHIFT);
1471 + goto err_nopages;
1472 +diff --git a/arch/sparc/kernel/irq_64.c b/arch/sparc/kernel/irq_64.c
1473 +index 666193f4e8bb..4033c23bdfa6 100644
1474 +--- a/arch/sparc/kernel/irq_64.c
1475 ++++ b/arch/sparc/kernel/irq_64.c
1476 +@@ -47,8 +47,6 @@
1477 + #include "cpumap.h"
1478 + #include "kstack.h"
1479 +
1480 +-#define NUM_IVECS (IMAP_INR + 1)
1481 +-
1482 + struct ino_bucket *ivector_table;
1483 + unsigned long ivector_table_pa;
1484 +
1485 +@@ -107,55 +105,196 @@ static void bucket_set_irq(unsigned long bucket_pa, unsigned int irq)
1486 +
1487 + #define irq_work_pa(__cpu) &(trap_block[(__cpu)].irq_worklist_pa)
1488 +
1489 +-static struct {
1490 +- unsigned int dev_handle;
1491 +- unsigned int dev_ino;
1492 +- unsigned int in_use;
1493 +-} irq_table[NR_IRQS];
1494 +-static DEFINE_SPINLOCK(irq_alloc_lock);
1495 ++static unsigned long hvirq_major __initdata;
1496 ++static int __init early_hvirq_major(char *p)
1497 ++{
1498 ++ int rc = kstrtoul(p, 10, &hvirq_major);
1499 ++
1500 ++ return rc;
1501 ++}
1502 ++early_param("hvirq", early_hvirq_major);
1503 ++
1504 ++static int hv_irq_version;
1505 ++
1506 ++/* Major version 2.0 of HV_GRP_INTR added support for the VIRQ cookie
1507 ++ * based interfaces, but:
1508 ++ *
1509 ++ * 1) Several OSs, Solaris and Linux included, use them even when only
1510 ++ * negotiating version 1.0 (or failing to negotiate at all). So the
1511 ++ * hypervisor has a workaround that provides the VIRQ interfaces even
1512 ++ * when only verion 1.0 of the API is in use.
1513 ++ *
1514 ++ * 2) Second, and more importantly, with major version 2.0 these VIRQ
1515 ++ * interfaces only were actually hooked up for LDC interrupts, even
1516 ++ * though the Hypervisor specification clearly stated:
1517 ++ *
1518 ++ * The new interrupt API functions will be available to a guest
1519 ++ * when it negotiates version 2.0 in the interrupt API group 0x2. When
1520 ++ * a guest negotiates version 2.0, all interrupt sources will only
1521 ++ * support using the cookie interface, and any attempt to use the
1522 ++ * version 1.0 interrupt APIs numbered 0xa0 to 0xa6 will result in the
1523 ++ * ENOTSUPPORTED error being returned.
1524 ++ *
1525 ++ * with an emphasis on "all interrupt sources".
1526 ++ *
1527 ++ * To correct this, major version 3.0 was created which does actually
1528 ++ * support VIRQs for all interrupt sources (not just LDC devices). So
1529 ++ * if we want to move completely over the cookie based VIRQs we must
1530 ++ * negotiate major version 3.0 or later of HV_GRP_INTR.
1531 ++ */
1532 ++static bool sun4v_cookie_only_virqs(void)
1533 ++{
1534 ++ if (hv_irq_version >= 3)
1535 ++ return true;
1536 ++ return false;
1537 ++}
1538 +
1539 +-unsigned char irq_alloc(unsigned int dev_handle, unsigned int dev_ino)
1540 ++static void __init irq_init_hv(void)
1541 + {
1542 +- unsigned long flags;
1543 +- unsigned char ent;
1544 ++ unsigned long hv_error, major, minor = 0;
1545 ++
1546 ++ if (tlb_type != hypervisor)
1547 ++ return;
1548 +
1549 +- BUILD_BUG_ON(NR_IRQS >= 256);
1550 ++ if (hvirq_major)
1551 ++ major = hvirq_major;
1552 ++ else
1553 ++ major = 3;
1554 +
1555 +- spin_lock_irqsave(&irq_alloc_lock, flags);
1556 ++ hv_error = sun4v_hvapi_register(HV_GRP_INTR, major, &minor);
1557 ++ if (!hv_error)
1558 ++ hv_irq_version = major;
1559 ++ else
1560 ++ hv_irq_version = 1;
1561 +
1562 +- for (ent = 1; ent < NR_IRQS; ent++) {
1563 +- if (!irq_table[ent].in_use)
1564 ++ pr_info("SUN4V: Using IRQ API major %d, cookie only virqs %s\n",
1565 ++ hv_irq_version,
1566 ++ sun4v_cookie_only_virqs() ? "enabled" : "disabled");
1567 ++}
1568 ++
1569 ++/* This function is for the timer interrupt.*/
1570 ++int __init arch_probe_nr_irqs(void)
1571 ++{
1572 ++ return 1;
1573 ++}
1574 ++
1575 ++#define DEFAULT_NUM_IVECS (0xfffU)
1576 ++static unsigned int nr_ivec = DEFAULT_NUM_IVECS;
1577 ++#define NUM_IVECS (nr_ivec)
1578 ++
1579 ++static unsigned int __init size_nr_ivec(void)
1580 ++{
1581 ++ if (tlb_type == hypervisor) {
1582 ++ switch (sun4v_chip_type) {
1583 ++ /* Athena's devhandle|devino is large.*/
1584 ++ case SUN4V_CHIP_SPARC64X:
1585 ++ nr_ivec = 0xffff;
1586 + break;
1587 ++ }
1588 + }
1589 +- if (ent >= NR_IRQS) {
1590 +- printk(KERN_ERR "IRQ: Out of virtual IRQs.\n");
1591 +- ent = 0;
1592 +- } else {
1593 +- irq_table[ent].dev_handle = dev_handle;
1594 +- irq_table[ent].dev_ino = dev_ino;
1595 +- irq_table[ent].in_use = 1;
1596 +- }
1597 ++ return nr_ivec;
1598 ++}
1599 ++
1600 ++struct irq_handler_data {
1601 ++ union {
1602 ++ struct {
1603 ++ unsigned int dev_handle;
1604 ++ unsigned int dev_ino;
1605 ++ };
1606 ++ unsigned long sysino;
1607 ++ };
1608 ++ struct ino_bucket bucket;
1609 ++ unsigned long iclr;
1610 ++ unsigned long imap;
1611 ++};
1612 ++
1613 ++static inline unsigned int irq_data_to_handle(struct irq_data *data)
1614 ++{
1615 ++ struct irq_handler_data *ihd = data->handler_data;
1616 ++
1617 ++ return ihd->dev_handle;
1618 ++}
1619 ++
1620 ++static inline unsigned int irq_data_to_ino(struct irq_data *data)
1621 ++{
1622 ++ struct irq_handler_data *ihd = data->handler_data;
1623 +
1624 +- spin_unlock_irqrestore(&irq_alloc_lock, flags);
1625 ++ return ihd->dev_ino;
1626 ++}
1627 ++
1628 ++static inline unsigned long irq_data_to_sysino(struct irq_data *data)
1629 ++{
1630 ++ struct irq_handler_data *ihd = data->handler_data;
1631 +
1632 +- return ent;
1633 ++ return ihd->sysino;
1634 + }
1635 +
1636 +-#ifdef CONFIG_PCI_MSI
1637 + void irq_free(unsigned int irq)
1638 + {
1639 +- unsigned long flags;
1640 ++ void *data = irq_get_handler_data(irq);
1641 +
1642 +- if (irq >= NR_IRQS)
1643 +- return;
1644 ++ kfree(data);
1645 ++ irq_set_handler_data(irq, NULL);
1646 ++ irq_free_descs(irq, 1);
1647 ++}
1648 +
1649 +- spin_lock_irqsave(&irq_alloc_lock, flags);
1650 ++unsigned int irq_alloc(unsigned int dev_handle, unsigned int dev_ino)
1651 ++{
1652 ++ int irq;
1653 +
1654 +- irq_table[irq].in_use = 0;
1655 ++ irq = __irq_alloc_descs(-1, 1, 1, numa_node_id(), NULL);
1656 ++ if (irq <= 0)
1657 ++ goto out;
1658 +
1659 +- spin_unlock_irqrestore(&irq_alloc_lock, flags);
1660 ++ return irq;
1661 ++out:
1662 ++ return 0;
1663 ++}
1664 ++
1665 ++static unsigned int cookie_exists(u32 devhandle, unsigned int devino)
1666 ++{
1667 ++ unsigned long hv_err, cookie;
1668 ++ struct ino_bucket *bucket;
1669 ++ unsigned int irq = 0U;
1670 ++
1671 ++ hv_err = sun4v_vintr_get_cookie(devhandle, devino, &cookie);
1672 ++ if (hv_err) {
1673 ++ pr_err("HV get cookie failed hv_err = %ld\n", hv_err);
1674 ++ goto out;
1675 ++ }
1676 ++
1677 ++ if (cookie & ((1UL << 63UL))) {
1678 ++ cookie = ~cookie;
1679 ++ bucket = (struct ino_bucket *) __va(cookie);
1680 ++ irq = bucket->__irq;
1681 ++ }
1682 ++out:
1683 ++ return irq;
1684 ++}
1685 ++
1686 ++static unsigned int sysino_exists(u32 devhandle, unsigned int devino)
1687 ++{
1688 ++ unsigned long sysino = sun4v_devino_to_sysino(devhandle, devino);
1689 ++ struct ino_bucket *bucket;
1690 ++ unsigned int irq;
1691 ++
1692 ++ bucket = &ivector_table[sysino];
1693 ++ irq = bucket_get_irq(__pa(bucket));
1694 ++
1695 ++ return irq;
1696 ++}
1697 ++
1698 ++void ack_bad_irq(unsigned int irq)
1699 ++{
1700 ++ pr_crit("BAD IRQ ack %d\n", irq);
1701 ++}
1702 ++
1703 ++void irq_install_pre_handler(int irq,
1704 ++ void (*func)(unsigned int, void *, void *),
1705 ++ void *arg1, void *arg2)
1706 ++{
1707 ++ pr_warn("IRQ pre handler NOT supported.\n");
1708 + }
1709 +-#endif
1710 +
1711 + /*
1712 + * /proc/interrupts printing:
1713 +@@ -206,15 +345,6 @@ static unsigned int sun4u_compute_tid(unsigned long imap, unsigned long cpuid)
1714 + return tid;
1715 + }
1716 +
1717 +-struct irq_handler_data {
1718 +- unsigned long iclr;
1719 +- unsigned long imap;
1720 +-
1721 +- void (*pre_handler)(unsigned int, void *, void *);
1722 +- void *arg1;
1723 +- void *arg2;
1724 +-};
1725 +-
1726 + #ifdef CONFIG_SMP
1727 + static int irq_choose_cpu(unsigned int irq, const struct cpumask *affinity)
1728 + {
1729 +@@ -316,8 +446,8 @@ static void sun4u_irq_eoi(struct irq_data *data)
1730 +
1731 + static void sun4v_irq_enable(struct irq_data *data)
1732 + {
1733 +- unsigned int ino = irq_table[data->irq].dev_ino;
1734 + unsigned long cpuid = irq_choose_cpu(data->irq, data->affinity);
1735 ++ unsigned int ino = irq_data_to_sysino(data);
1736 + int err;
1737 +
1738 + err = sun4v_intr_settarget(ino, cpuid);
1739 +@@ -337,8 +467,8 @@ static void sun4v_irq_enable(struct irq_data *data)
1740 + static int sun4v_set_affinity(struct irq_data *data,
1741 + const struct cpumask *mask, bool force)
1742 + {
1743 +- unsigned int ino = irq_table[data->irq].dev_ino;
1744 + unsigned long cpuid = irq_choose_cpu(data->irq, mask);
1745 ++ unsigned int ino = irq_data_to_sysino(data);
1746 + int err;
1747 +
1748 + err = sun4v_intr_settarget(ino, cpuid);
1749 +@@ -351,7 +481,7 @@ static int sun4v_set_affinity(struct irq_data *data,
1750 +
1751 + static void sun4v_irq_disable(struct irq_data *data)
1752 + {
1753 +- unsigned int ino = irq_table[data->irq].dev_ino;
1754 ++ unsigned int ino = irq_data_to_sysino(data);
1755 + int err;
1756 +
1757 + err = sun4v_intr_setenabled(ino, HV_INTR_DISABLED);
1758 +@@ -362,7 +492,7 @@ static void sun4v_irq_disable(struct irq_data *data)
1759 +
1760 + static void sun4v_irq_eoi(struct irq_data *data)
1761 + {
1762 +- unsigned int ino = irq_table[data->irq].dev_ino;
1763 ++ unsigned int ino = irq_data_to_sysino(data);
1764 + int err;
1765 +
1766 + err = sun4v_intr_setstate(ino, HV_INTR_STATE_IDLE);
1767 +@@ -373,14 +503,13 @@ static void sun4v_irq_eoi(struct irq_data *data)
1768 +
1769 + static void sun4v_virq_enable(struct irq_data *data)
1770 + {
1771 +- unsigned long cpuid, dev_handle, dev_ino;
1772 ++ unsigned long dev_handle = irq_data_to_handle(data);
1773 ++ unsigned long dev_ino = irq_data_to_ino(data);
1774 ++ unsigned long cpuid;
1775 + int err;
1776 +
1777 + cpuid = irq_choose_cpu(data->irq, data->affinity);
1778 +
1779 +- dev_handle = irq_table[data->irq].dev_handle;
1780 +- dev_ino = irq_table[data->irq].dev_ino;
1781 +-
1782 + err = sun4v_vintr_set_target(dev_handle, dev_ino, cpuid);
1783 + if (err != HV_EOK)
1784 + printk(KERN_ERR "sun4v_vintr_set_target(%lx,%lx,%lu): "
1785 +@@ -403,14 +532,13 @@ static void sun4v_virq_enable(struct irq_data *data)
1786 + static int sun4v_virt_set_affinity(struct irq_data *data,
1787 + const struct cpumask *mask, bool force)
1788 + {
1789 +- unsigned long cpuid, dev_handle, dev_ino;
1790 ++ unsigned long dev_handle = irq_data_to_handle(data);
1791 ++ unsigned long dev_ino = irq_data_to_ino(data);
1792 ++ unsigned long cpuid;
1793 + int err;
1794 +
1795 + cpuid = irq_choose_cpu(data->irq, mask);
1796 +
1797 +- dev_handle = irq_table[data->irq].dev_handle;
1798 +- dev_ino = irq_table[data->irq].dev_ino;
1799 +-
1800 + err = sun4v_vintr_set_target(dev_handle, dev_ino, cpuid);
1801 + if (err != HV_EOK)
1802 + printk(KERN_ERR "sun4v_vintr_set_target(%lx,%lx,%lu): "
1803 +@@ -422,11 +550,10 @@ static int sun4v_virt_set_affinity(struct irq_data *data,
1804 +
1805 + static void sun4v_virq_disable(struct irq_data *data)
1806 + {
1807 +- unsigned long dev_handle, dev_ino;
1808 ++ unsigned long dev_handle = irq_data_to_handle(data);
1809 ++ unsigned long dev_ino = irq_data_to_ino(data);
1810 + int err;
1811 +
1812 +- dev_handle = irq_table[data->irq].dev_handle;
1813 +- dev_ino = irq_table[data->irq].dev_ino;
1814 +
1815 + err = sun4v_vintr_set_valid(dev_handle, dev_ino,
1816 + HV_INTR_DISABLED);
1817 +@@ -438,12 +565,10 @@ static void sun4v_virq_disable(struct irq_data *data)
1818 +
1819 + static void sun4v_virq_eoi(struct irq_data *data)
1820 + {
1821 +- unsigned long dev_handle, dev_ino;
1822 ++ unsigned long dev_handle = irq_data_to_handle(data);
1823 ++ unsigned long dev_ino = irq_data_to_ino(data);
1824 + int err;
1825 +
1826 +- dev_handle = irq_table[data->irq].dev_handle;
1827 +- dev_ino = irq_table[data->irq].dev_ino;
1828 +-
1829 + err = sun4v_vintr_set_state(dev_handle, dev_ino,
1830 + HV_INTR_STATE_IDLE);
1831 + if (err != HV_EOK)
1832 +@@ -479,31 +604,10 @@ static struct irq_chip sun4v_virq = {
1833 + .flags = IRQCHIP_EOI_IF_HANDLED,
1834 + };
1835 +
1836 +-static void pre_flow_handler(struct irq_data *d)
1837 +-{
1838 +- struct irq_handler_data *handler_data = irq_data_get_irq_handler_data(d);
1839 +- unsigned int ino = irq_table[d->irq].dev_ino;
1840 +-
1841 +- handler_data->pre_handler(ino, handler_data->arg1, handler_data->arg2);
1842 +-}
1843 +-
1844 +-void irq_install_pre_handler(int irq,
1845 +- void (*func)(unsigned int, void *, void *),
1846 +- void *arg1, void *arg2)
1847 +-{
1848 +- struct irq_handler_data *handler_data = irq_get_handler_data(irq);
1849 +-
1850 +- handler_data->pre_handler = func;
1851 +- handler_data->arg1 = arg1;
1852 +- handler_data->arg2 = arg2;
1853 +-
1854 +- __irq_set_preflow_handler(irq, pre_flow_handler);
1855 +-}
1856 +-
1857 + unsigned int build_irq(int inofixup, unsigned long iclr, unsigned long imap)
1858 + {
1859 +- struct ino_bucket *bucket;
1860 + struct irq_handler_data *handler_data;
1861 ++ struct ino_bucket *bucket;
1862 + unsigned int irq;
1863 + int ino;
1864 +
1865 +@@ -537,119 +641,166 @@ out:
1866 + return irq;
1867 + }
1868 +
1869 +-static unsigned int sun4v_build_common(unsigned long sysino,
1870 +- struct irq_chip *chip)
1871 ++static unsigned int sun4v_build_common(u32 devhandle, unsigned int devino,
1872 ++ void (*handler_data_init)(struct irq_handler_data *data,
1873 ++ u32 devhandle, unsigned int devino),
1874 ++ struct irq_chip *chip)
1875 + {
1876 +- struct ino_bucket *bucket;
1877 +- struct irq_handler_data *handler_data;
1878 ++ struct irq_handler_data *data;
1879 + unsigned int irq;
1880 +
1881 +- BUG_ON(tlb_type != hypervisor);
1882 ++ irq = irq_alloc(devhandle, devino);
1883 ++ if (!irq)
1884 ++ goto out;
1885 +
1886 +- bucket = &ivector_table[sysino];
1887 +- irq = bucket_get_irq(__pa(bucket));
1888 +- if (!irq) {
1889 +- irq = irq_alloc(0, sysino);
1890 +- bucket_set_irq(__pa(bucket), irq);
1891 +- irq_set_chip_and_handler_name(irq, chip, handle_fasteoi_irq,
1892 +- "IVEC");
1893 ++ data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
1894 ++ if (unlikely(!data)) {
1895 ++ pr_err("IRQ handler data allocation failed.\n");
1896 ++ irq_free(irq);
1897 ++ irq = 0;
1898 ++ goto out;
1899 + }
1900 +
1901 +- handler_data = irq_get_handler_data(irq);
1902 +- if (unlikely(handler_data))
1903 +- goto out;
1904 ++ irq_set_handler_data(irq, data);
1905 ++ handler_data_init(data, devhandle, devino);
1906 ++ irq_set_chip_and_handler_name(irq, chip, handle_fasteoi_irq, "IVEC");
1907 ++ data->imap = ~0UL;
1908 ++ data->iclr = ~0UL;
1909 ++out:
1910 ++ return irq;
1911 ++}
1912 +
1913 +- handler_data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
1914 +- if (unlikely(!handler_data)) {
1915 +- prom_printf("IRQ: kzalloc(irq_handler_data) failed.\n");
1916 +- prom_halt();
1917 +- }
1918 +- irq_set_handler_data(irq, handler_data);
1919 ++static unsigned long cookie_assign(unsigned int irq, u32 devhandle,
1920 ++ unsigned int devino)
1921 ++{
1922 ++ struct irq_handler_data *ihd = irq_get_handler_data(irq);
1923 ++ unsigned long hv_error, cookie;
1924 +
1925 +- /* Catch accidental accesses to these things. IMAP/ICLR handling
1926 +- * is done by hypervisor calls on sun4v platforms, not by direct
1927 +- * register accesses.
1928 ++ /* handler_irq needs to find the irq. cookie is seen signed in
1929 ++ * sun4v_dev_mondo and treated as a non ivector_table delivery.
1930 + */
1931 +- handler_data->imap = ~0UL;
1932 +- handler_data->iclr = ~0UL;
1933 ++ ihd->bucket.__irq = irq;
1934 ++ cookie = ~__pa(&ihd->bucket);
1935 +
1936 +-out:
1937 +- return irq;
1938 ++ hv_error = sun4v_vintr_set_cookie(devhandle, devino, cookie);
1939 ++ if (hv_error)
1940 ++ pr_err("HV vintr set cookie failed = %ld\n", hv_error);
1941 ++
1942 ++ return hv_error;
1943 + }
1944 +
1945 +-unsigned int sun4v_build_irq(u32 devhandle, unsigned int devino)
1946 ++static void cookie_handler_data(struct irq_handler_data *data,
1947 ++ u32 devhandle, unsigned int devino)
1948 + {
1949 +- unsigned long sysino = sun4v_devino_to_sysino(devhandle, devino);
1950 ++ data->dev_handle = devhandle;
1951 ++ data->dev_ino = devino;
1952 ++}
1953 +
1954 +- return sun4v_build_common(sysino, &sun4v_irq);
1955 ++static unsigned int cookie_build_irq(u32 devhandle, unsigned int devino,
1956 ++ struct irq_chip *chip)
1957 ++{
1958 ++ unsigned long hv_error;
1959 ++ unsigned int irq;
1960 ++
1961 ++ irq = sun4v_build_common(devhandle, devino, cookie_handler_data, chip);
1962 ++
1963 ++ hv_error = cookie_assign(irq, devhandle, devino);
1964 ++ if (hv_error) {
1965 ++ irq_free(irq);
1966 ++ irq = 0;
1967 ++ }
1968 ++
1969 ++ return irq;
1970 + }
1971 +
1972 +-unsigned int sun4v_build_virq(u32 devhandle, unsigned int devino)
1973 ++static unsigned int sun4v_build_cookie(u32 devhandle, unsigned int devino)
1974 + {
1975 +- struct irq_handler_data *handler_data;
1976 +- unsigned long hv_err, cookie;
1977 +- struct ino_bucket *bucket;
1978 + unsigned int irq;
1979 +
1980 +- bucket = kzalloc(sizeof(struct ino_bucket), GFP_ATOMIC);
1981 +- if (unlikely(!bucket))
1982 +- return 0;
1983 ++ irq = cookie_exists(devhandle, devino);
1984 ++ if (irq)
1985 ++ goto out;
1986 +
1987 +- /* The only reference we store to the IRQ bucket is
1988 +- * by physical address which kmemleak can't see, tell
1989 +- * it that this object explicitly is not a leak and
1990 +- * should be scanned.
1991 +- */
1992 +- kmemleak_not_leak(bucket);
1993 ++ irq = cookie_build_irq(devhandle, devino, &sun4v_virq);
1994 +
1995 +- __flush_dcache_range((unsigned long) bucket,
1996 +- ((unsigned long) bucket +
1997 +- sizeof(struct ino_bucket)));
1998 ++out:
1999 ++ return irq;
2000 ++}
2001 +
2002 +- irq = irq_alloc(devhandle, devino);
2003 ++static void sysino_set_bucket(unsigned int irq)
2004 ++{
2005 ++ struct irq_handler_data *ihd = irq_get_handler_data(irq);
2006 ++ struct ino_bucket *bucket;
2007 ++ unsigned long sysino;
2008 ++
2009 ++ sysino = sun4v_devino_to_sysino(ihd->dev_handle, ihd->dev_ino);
2010 ++ BUG_ON(sysino >= nr_ivec);
2011 ++ bucket = &ivector_table[sysino];
2012 + bucket_set_irq(__pa(bucket), irq);
2013 ++}
2014 +
2015 +- irq_set_chip_and_handler_name(irq, &sun4v_virq, handle_fasteoi_irq,
2016 +- "IVEC");
2017 ++static void sysino_handler_data(struct irq_handler_data *data,
2018 ++ u32 devhandle, unsigned int devino)
2019 ++{
2020 ++ unsigned long sysino;
2021 +
2022 +- handler_data = kzalloc(sizeof(struct irq_handler_data), GFP_ATOMIC);
2023 +- if (unlikely(!handler_data))
2024 +- return 0;
2025 ++ sysino = sun4v_devino_to_sysino(devhandle, devino);
2026 ++ data->sysino = sysino;
2027 ++}
2028 +
2029 +- /* In order to make the LDC channel startup sequence easier,
2030 +- * especially wrt. locking, we do not let request_irq() enable
2031 +- * the interrupt.
2032 +- */
2033 +- irq_set_status_flags(irq, IRQ_NOAUTOEN);
2034 +- irq_set_handler_data(irq, handler_data);
2035 ++static unsigned int sysino_build_irq(u32 devhandle, unsigned int devino,
2036 ++ struct irq_chip *chip)
2037 ++{
2038 ++ unsigned int irq;
2039 +
2040 +- /* Catch accidental accesses to these things. IMAP/ICLR handling
2041 +- * is done by hypervisor calls on sun4v platforms, not by direct
2042 +- * register accesses.
2043 +- */
2044 +- handler_data->imap = ~0UL;
2045 +- handler_data->iclr = ~0UL;
2046 ++ irq = sun4v_build_common(devhandle, devino, sysino_handler_data, chip);
2047 ++ if (!irq)
2048 ++ goto out;
2049 +
2050 +- cookie = ~__pa(bucket);
2051 +- hv_err = sun4v_vintr_set_cookie(devhandle, devino, cookie);
2052 +- if (hv_err) {
2053 +- prom_printf("IRQ: Fatal, cannot set cookie for [%x:%x] "
2054 +- "err=%lu\n", devhandle, devino, hv_err);
2055 +- prom_halt();
2056 +- }
2057 ++ sysino_set_bucket(irq);
2058 ++out:
2059 ++ return irq;
2060 ++}
2061 +
2062 ++static int sun4v_build_sysino(u32 devhandle, unsigned int devino)
2063 ++{
2064 ++ int irq;
2065 ++
2066 ++ irq = sysino_exists(devhandle, devino);
2067 ++ if (irq)
2068 ++ goto out;
2069 ++
2070 ++ irq = sysino_build_irq(devhandle, devino, &sun4v_irq);
2071 ++out:
2072 + return irq;
2073 + }
2074 +
2075 +-void ack_bad_irq(unsigned int irq)
2076 ++unsigned int sun4v_build_irq(u32 devhandle, unsigned int devino)
2077 + {
2078 +- unsigned int ino = irq_table[irq].dev_ino;
2079 ++ unsigned int irq;
2080 +
2081 +- if (!ino)
2082 +- ino = 0xdeadbeef;
2083 ++ if (sun4v_cookie_only_virqs())
2084 ++ irq = sun4v_build_cookie(devhandle, devino);
2085 ++ else
2086 ++ irq = sun4v_build_sysino(devhandle, devino);
2087 +
2088 +- printk(KERN_CRIT "Unexpected IRQ from ino[%x] irq[%u]\n",
2089 +- ino, irq);
2090 ++ return irq;
2091 ++}
2092 ++
2093 ++unsigned int sun4v_build_virq(u32 devhandle, unsigned int devino)
2094 ++{
2095 ++ int irq;
2096 ++
2097 ++ irq = cookie_build_irq(devhandle, devino, &sun4v_virq);
2098 ++ if (!irq)
2099 ++ goto out;
2100 ++
2101 ++ /* This is borrowed from the original function.
2102 ++ */
2103 ++ irq_set_status_flags(irq, IRQ_NOAUTOEN);
2104 ++
2105 ++out:
2106 ++ return irq;
2107 + }
2108 +
2109 + void *hardirq_stack[NR_CPUS];
2110 +@@ -720,9 +871,12 @@ void fixup_irqs(void)
2111 +
2112 + for (irq = 0; irq < NR_IRQS; irq++) {
2113 + struct irq_desc *desc = irq_to_desc(irq);
2114 +- struct irq_data *data = irq_desc_get_irq_data(desc);
2115 ++ struct irq_data *data;
2116 + unsigned long flags;
2117 +
2118 ++ if (!desc)
2119 ++ continue;
2120 ++ data = irq_desc_get_irq_data(desc);
2121 + raw_spin_lock_irqsave(&desc->lock, flags);
2122 + if (desc->action && !irqd_is_per_cpu(data)) {
2123 + if (data->chip->irq_set_affinity)
2124 +@@ -922,16 +1076,22 @@ static struct irqaction timer_irq_action = {
2125 + .name = "timer",
2126 + };
2127 +
2128 +-/* Only invoked on boot processor. */
2129 +-void __init init_IRQ(void)
2130 ++static void __init irq_ivector_init(void)
2131 + {
2132 +- unsigned long size;
2133 ++ unsigned long size, order;
2134 ++ unsigned int ivecs;
2135 +
2136 +- map_prom_timers();
2137 +- kill_prom_timer();
2138 ++ /* If we are doing cookie only VIRQs then we do not need the ivector
2139 ++ * table to process interrupts.
2140 ++ */
2141 ++ if (sun4v_cookie_only_virqs())
2142 ++ return;
2143 +
2144 +- size = sizeof(struct ino_bucket) * NUM_IVECS;
2145 +- ivector_table = kzalloc(size, GFP_KERNEL);
2146 ++ ivecs = size_nr_ivec();
2147 ++ size = sizeof(struct ino_bucket) * ivecs;
2148 ++ order = get_order(size);
2149 ++ ivector_table = (struct ino_bucket *)
2150 ++ __get_free_pages(GFP_KERNEL | __GFP_ZERO, order);
2151 + if (!ivector_table) {
2152 + prom_printf("Fatal error, cannot allocate ivector_table\n");
2153 + prom_halt();
2154 +@@ -940,6 +1100,15 @@ void __init init_IRQ(void)
2155 + ((unsigned long) ivector_table) + size);
2156 +
2157 + ivector_table_pa = __pa(ivector_table);
2158 ++}
2159 ++
2160 ++/* Only invoked on boot processor.*/
2161 ++void __init init_IRQ(void)
2162 ++{
2163 ++ irq_init_hv();
2164 ++ irq_ivector_init();
2165 ++ map_prom_timers();
2166 ++ kill_prom_timer();
2167 +
2168 + if (tlb_type == hypervisor)
2169 + sun4v_init_mondo_queues();
2170 +diff --git a/arch/sparc/kernel/ktlb.S b/arch/sparc/kernel/ktlb.S
2171 +index 605d49204580..ef0d8e9e1210 100644
2172 +--- a/arch/sparc/kernel/ktlb.S
2173 ++++ b/arch/sparc/kernel/ktlb.S
2174 +@@ -47,14 +47,6 @@ kvmap_itlb_vmalloc_addr:
2175 + KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_itlb_longpath)
2176 +
2177 + TSB_LOCK_TAG(%g1, %g2, %g7)
2178 +-
2179 +- /* Load and check PTE. */
2180 +- ldxa [%g5] ASI_PHYS_USE_EC, %g5
2181 +- mov 1, %g7
2182 +- sllx %g7, TSB_TAG_INVALID_BIT, %g7
2183 +- brgez,a,pn %g5, kvmap_itlb_longpath
2184 +- TSB_STORE(%g1, %g7)
2185 +-
2186 + TSB_WRITE(%g1, %g5, %g6)
2187 +
2188 + /* fallthrough to TLB load */
2189 +@@ -118,6 +110,12 @@ kvmap_dtlb_obp:
2190 + ba,pt %xcc, kvmap_dtlb_load
2191 + nop
2192 +
2193 ++kvmap_linear_early:
2194 ++ sethi %hi(kern_linear_pte_xor), %g7
2195 ++ ldx [%g7 + %lo(kern_linear_pte_xor)], %g2
2196 ++ ba,pt %xcc, kvmap_dtlb_tsb4m_load
2197 ++ xor %g2, %g4, %g5
2198 ++
2199 + .align 32
2200 + kvmap_dtlb_tsb4m_load:
2201 + TSB_LOCK_TAG(%g1, %g2, %g7)
2202 +@@ -146,105 +144,17 @@ kvmap_dtlb_4v:
2203 + /* Correct TAG_TARGET is already in %g6, check 4mb TSB. */
2204 + KERN_TSB4M_LOOKUP_TL1(%g6, %g5, %g1, %g2, %g3, kvmap_dtlb_load)
2205 + #endif
2206 +- /* TSB entry address left in %g1, lookup linear PTE.
2207 +- * Must preserve %g1 and %g6 (TAG).
2208 +- */
2209 +-kvmap_dtlb_tsb4m_miss:
2210 +- /* Clear the PAGE_OFFSET top virtual bits, shift
2211 +- * down to get PFN, and make sure PFN is in range.
2212 +- */
2213 +-661: sllx %g4, 0, %g5
2214 +- .section .page_offset_shift_patch, "ax"
2215 +- .word 661b
2216 +- .previous
2217 +-
2218 +- /* Check to see if we know about valid memory at the 4MB
2219 +- * chunk this physical address will reside within.
2220 ++ /* Linear mapping TSB lookup failed. Fallthrough to kernel
2221 ++ * page table based lookup.
2222 + */
2223 +-661: srlx %g5, MAX_PHYS_ADDRESS_BITS, %g2
2224 +- .section .page_offset_shift_patch, "ax"
2225 +- .word 661b
2226 +- .previous
2227 +-
2228 +- brnz,pn %g2, kvmap_dtlb_longpath
2229 +- nop
2230 +-
2231 +- /* This unconditional branch and delay-slot nop gets patched
2232 +- * by the sethi sequence once the bitmap is properly setup.
2233 +- */
2234 +- .globl valid_addr_bitmap_insn
2235 +-valid_addr_bitmap_insn:
2236 +- ba,pt %xcc, 2f
2237 +- nop
2238 +- .subsection 2
2239 +- .globl valid_addr_bitmap_patch
2240 +-valid_addr_bitmap_patch:
2241 +- sethi %hi(sparc64_valid_addr_bitmap), %g7
2242 +- or %g7, %lo(sparc64_valid_addr_bitmap), %g7
2243 +- .previous
2244 +-
2245 +-661: srlx %g5, ILOG2_4MB, %g2
2246 +- .section .page_offset_shift_patch, "ax"
2247 +- .word 661b
2248 +- .previous
2249 +-
2250 +- srlx %g2, 6, %g5
2251 +- and %g2, 63, %g2
2252 +- sllx %g5, 3, %g5
2253 +- ldx [%g7 + %g5], %g5
2254 +- mov 1, %g7
2255 +- sllx %g7, %g2, %g7
2256 +- andcc %g5, %g7, %g0
2257 +- be,pn %xcc, kvmap_dtlb_longpath
2258 +-
2259 +-2: sethi %hi(kpte_linear_bitmap), %g2
2260 +-
2261 +- /* Get the 256MB physical address index. */
2262 +-661: sllx %g4, 0, %g5
2263 +- .section .page_offset_shift_patch, "ax"
2264 +- .word 661b
2265 +- .previous
2266 +-
2267 +- or %g2, %lo(kpte_linear_bitmap), %g2
2268 +-
2269 +-661: srlx %g5, ILOG2_256MB, %g5
2270 +- .section .page_offset_shift_patch, "ax"
2271 +- .word 661b
2272 +- .previous
2273 +-
2274 +- and %g5, (32 - 1), %g7
2275 +-
2276 +- /* Divide by 32 to get the offset into the bitmask. */
2277 +- srlx %g5, 5, %g5
2278 +- add %g7, %g7, %g7
2279 +- sllx %g5, 3, %g5
2280 +-
2281 +- /* kern_linear_pte_xor[(mask >> shift) & 3)] */
2282 +- ldx [%g2 + %g5], %g2
2283 +- srlx %g2, %g7, %g7
2284 +- sethi %hi(kern_linear_pte_xor), %g5
2285 +- and %g7, 3, %g7
2286 +- or %g5, %lo(kern_linear_pte_xor), %g5
2287 +- sllx %g7, 3, %g7
2288 +- ldx [%g5 + %g7], %g2
2289 +-
2290 + .globl kvmap_linear_patch
2291 + kvmap_linear_patch:
2292 +- ba,pt %xcc, kvmap_dtlb_tsb4m_load
2293 +- xor %g2, %g4, %g5
2294 ++ ba,a,pt %xcc, kvmap_linear_early
2295 +
2296 + kvmap_dtlb_vmalloc_addr:
2297 + KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_dtlb_longpath)
2298 +
2299 + TSB_LOCK_TAG(%g1, %g2, %g7)
2300 +-
2301 +- /* Load and check PTE. */
2302 +- ldxa [%g5] ASI_PHYS_USE_EC, %g5
2303 +- mov 1, %g7
2304 +- sllx %g7, TSB_TAG_INVALID_BIT, %g7
2305 +- brgez,a,pn %g5, kvmap_dtlb_longpath
2306 +- TSB_STORE(%g1, %g7)
2307 +-
2308 + TSB_WRITE(%g1, %g5, %g6)
2309 +
2310 + /* fallthrough to TLB load */
2311 +@@ -276,13 +186,8 @@ kvmap_dtlb_load:
2312 +
2313 + #ifdef CONFIG_SPARSEMEM_VMEMMAP
2314 + kvmap_vmemmap:
2315 +- sub %g4, %g5, %g5
2316 +- srlx %g5, ILOG2_4MB, %g5
2317 +- sethi %hi(vmemmap_table), %g1
2318 +- sllx %g5, 3, %g5
2319 +- or %g1, %lo(vmemmap_table), %g1
2320 +- ba,pt %xcc, kvmap_dtlb_load
2321 +- ldx [%g1 + %g5], %g5
2322 ++ KERN_PGTABLE_WALK(%g4, %g5, %g2, kvmap_dtlb_longpath)
2323 ++ ba,a,pt %xcc, kvmap_dtlb_load
2324 + #endif
2325 +
2326 + kvmap_dtlb_nonlinear:
2327 +@@ -294,8 +199,8 @@ kvmap_dtlb_nonlinear:
2328 +
2329 + #ifdef CONFIG_SPARSEMEM_VMEMMAP
2330 + /* Do not use the TSB for vmemmap. */
2331 +- mov (VMEMMAP_BASE >> 40), %g5
2332 +- sllx %g5, 40, %g5
2333 ++ sethi %hi(VMEMMAP_BASE), %g5
2334 ++ ldx [%g5 + %lo(VMEMMAP_BASE)], %g5
2335 + cmp %g4,%g5
2336 + bgeu,pn %xcc, kvmap_vmemmap
2337 + nop
2338 +@@ -307,8 +212,8 @@ kvmap_dtlb_tsbmiss:
2339 + sethi %hi(MODULES_VADDR), %g5
2340 + cmp %g4, %g5
2341 + blu,pn %xcc, kvmap_dtlb_longpath
2342 +- mov (VMALLOC_END >> 40), %g5
2343 +- sllx %g5, 40, %g5
2344 ++ sethi %hi(VMALLOC_END), %g5
2345 ++ ldx [%g5 + %lo(VMALLOC_END)], %g5
2346 + cmp %g4, %g5
2347 + bgeu,pn %xcc, kvmap_dtlb_longpath
2348 + nop
2349 +diff --git a/arch/sparc/kernel/ldc.c b/arch/sparc/kernel/ldc.c
2350 +index 66dacd56bb10..27bb55485472 100644
2351 +--- a/arch/sparc/kernel/ldc.c
2352 ++++ b/arch/sparc/kernel/ldc.c
2353 +@@ -1078,7 +1078,8 @@ static void ldc_iommu_release(struct ldc_channel *lp)
2354 +
2355 + struct ldc_channel *ldc_alloc(unsigned long id,
2356 + const struct ldc_channel_config *cfgp,
2357 +- void *event_arg)
2358 ++ void *event_arg,
2359 ++ const char *name)
2360 + {
2361 + struct ldc_channel *lp;
2362 + const struct ldc_mode_ops *mops;
2363 +@@ -1093,6 +1094,8 @@ struct ldc_channel *ldc_alloc(unsigned long id,
2364 + err = -EINVAL;
2365 + if (!cfgp)
2366 + goto out_err;
2367 ++ if (!name)
2368 ++ goto out_err;
2369 +
2370 + switch (cfgp->mode) {
2371 + case LDC_MODE_RAW:
2372 +@@ -1185,6 +1188,21 @@ struct ldc_channel *ldc_alloc(unsigned long id,
2373 +
2374 + INIT_HLIST_HEAD(&lp->mh_list);
2375 +
2376 ++ snprintf(lp->rx_irq_name, LDC_IRQ_NAME_MAX, "%s RX", name);
2377 ++ snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name);
2378 ++
2379 ++ err = request_irq(lp->cfg.rx_irq, ldc_rx, 0,
2380 ++ lp->rx_irq_name, lp);
2381 ++ if (err)
2382 ++ goto out_free_txq;
2383 ++
2384 ++ err = request_irq(lp->cfg.tx_irq, ldc_tx, 0,
2385 ++ lp->tx_irq_name, lp);
2386 ++ if (err) {
2387 ++ free_irq(lp->cfg.rx_irq, lp);
2388 ++ goto out_free_txq;
2389 ++ }
2390 ++
2391 + return lp;
2392 +
2393 + out_free_txq:
2394 +@@ -1237,31 +1255,14 @@ EXPORT_SYMBOL(ldc_free);
2395 + * state. This does not initiate a handshake, ldc_connect() does
2396 + * that.
2397 + */
2398 +-int ldc_bind(struct ldc_channel *lp, const char *name)
2399 ++int ldc_bind(struct ldc_channel *lp)
2400 + {
2401 + unsigned long hv_err, flags;
2402 + int err = -EINVAL;
2403 +
2404 +- if (!name ||
2405 +- (lp->state != LDC_STATE_INIT))
2406 ++ if (lp->state != LDC_STATE_INIT)
2407 + return -EINVAL;
2408 +
2409 +- snprintf(lp->rx_irq_name, LDC_IRQ_NAME_MAX, "%s RX", name);
2410 +- snprintf(lp->tx_irq_name, LDC_IRQ_NAME_MAX, "%s TX", name);
2411 +-
2412 +- err = request_irq(lp->cfg.rx_irq, ldc_rx, 0,
2413 +- lp->rx_irq_name, lp);
2414 +- if (err)
2415 +- return err;
2416 +-
2417 +- err = request_irq(lp->cfg.tx_irq, ldc_tx, 0,
2418 +- lp->tx_irq_name, lp);
2419 +- if (err) {
2420 +- free_irq(lp->cfg.rx_irq, lp);
2421 +- return err;
2422 +- }
2423 +-
2424 +-
2425 + spin_lock_irqsave(&lp->lock, flags);
2426 +
2427 + enable_irq(lp->cfg.rx_irq);
2428 +diff --git a/arch/sparc/kernel/nmi.c b/arch/sparc/kernel/nmi.c
2429 +index 6479256fd5a4..fce8ab17bcbb 100644
2430 +--- a/arch/sparc/kernel/nmi.c
2431 ++++ b/arch/sparc/kernel/nmi.c
2432 +@@ -141,7 +141,6 @@ static inline unsigned int get_nmi_count(int cpu)
2433 +
2434 + static __init void nmi_cpu_busy(void *data)
2435 + {
2436 +- local_irq_enable_in_hardirq();
2437 + while (endflag == 0)
2438 + mb();
2439 + }
2440 +diff --git a/arch/sparc/kernel/pcr.c b/arch/sparc/kernel/pcr.c
2441 +index 269af58497aa..7e967c8018c8 100644
2442 +--- a/arch/sparc/kernel/pcr.c
2443 ++++ b/arch/sparc/kernel/pcr.c
2444 +@@ -191,12 +191,41 @@ static const struct pcr_ops n4_pcr_ops = {
2445 + .pcr_nmi_disable = PCR_N4_PICNPT,
2446 + };
2447 +
2448 ++static u64 n5_pcr_read(unsigned long reg_num)
2449 ++{
2450 ++ unsigned long val;
2451 ++
2452 ++ (void) sun4v_t5_get_perfreg(reg_num, &val);
2453 ++
2454 ++ return val;
2455 ++}
2456 ++
2457 ++static void n5_pcr_write(unsigned long reg_num, u64 val)
2458 ++{
2459 ++ (void) sun4v_t5_set_perfreg(reg_num, val);
2460 ++}
2461 ++
2462 ++static const struct pcr_ops n5_pcr_ops = {
2463 ++ .read_pcr = n5_pcr_read,
2464 ++ .write_pcr = n5_pcr_write,
2465 ++ .read_pic = n4_pic_read,
2466 ++ .write_pic = n4_pic_write,
2467 ++ .nmi_picl_value = n4_picl_value,
2468 ++ .pcr_nmi_enable = (PCR_N4_PICNPT | PCR_N4_STRACE |
2469 ++ PCR_N4_UTRACE | PCR_N4_TOE |
2470 ++ (26 << PCR_N4_SL_SHIFT)),
2471 ++ .pcr_nmi_disable = PCR_N4_PICNPT,
2472 ++};
2473 ++
2474 ++
2475 + static unsigned long perf_hsvc_group;
2476 + static unsigned long perf_hsvc_major;
2477 + static unsigned long perf_hsvc_minor;
2478 +
2479 + static int __init register_perf_hsvc(void)
2480 + {
2481 ++ unsigned long hverror;
2482 ++
2483 + if (tlb_type == hypervisor) {
2484 + switch (sun4v_chip_type) {
2485 + case SUN4V_CHIP_NIAGARA1:
2486 +@@ -215,6 +244,10 @@ static int __init register_perf_hsvc(void)
2487 + perf_hsvc_group = HV_GRP_VT_CPU;
2488 + break;
2489 +
2490 ++ case SUN4V_CHIP_NIAGARA5:
2491 ++ perf_hsvc_group = HV_GRP_T5_CPU;
2492 ++ break;
2493 ++
2494 + default:
2495 + return -ENODEV;
2496 + }
2497 +@@ -222,10 +255,12 @@ static int __init register_perf_hsvc(void)
2498 +
2499 + perf_hsvc_major = 1;
2500 + perf_hsvc_minor = 0;
2501 +- if (sun4v_hvapi_register(perf_hsvc_group,
2502 +- perf_hsvc_major,
2503 +- &perf_hsvc_minor)) {
2504 +- printk("perfmon: Could not register hvapi.\n");
2505 ++ hverror = sun4v_hvapi_register(perf_hsvc_group,
2506 ++ perf_hsvc_major,
2507 ++ &perf_hsvc_minor);
2508 ++ if (hverror) {
2509 ++ pr_err("perfmon: Could not register hvapi(0x%lx).\n",
2510 ++ hverror);
2511 + return -ENODEV;
2512 + }
2513 + }
2514 +@@ -254,6 +289,10 @@ static int __init setup_sun4v_pcr_ops(void)
2515 + pcr_ops = &n4_pcr_ops;
2516 + break;
2517 +
2518 ++ case SUN4V_CHIP_NIAGARA5:
2519 ++ pcr_ops = &n5_pcr_ops;
2520 ++ break;
2521 ++
2522 + default:
2523 + ret = -ENODEV;
2524 + break;
2525 +diff --git a/arch/sparc/kernel/perf_event.c b/arch/sparc/kernel/perf_event.c
2526 +index b5c38faa4ead..617b9fe33771 100644
2527 +--- a/arch/sparc/kernel/perf_event.c
2528 ++++ b/arch/sparc/kernel/perf_event.c
2529 +@@ -1662,7 +1662,8 @@ static bool __init supported_pmu(void)
2530 + sparc_pmu = &niagara2_pmu;
2531 + return true;
2532 + }
2533 +- if (!strcmp(sparc_pmu_type, "niagara4")) {
2534 ++ if (!strcmp(sparc_pmu_type, "niagara4") ||
2535 ++ !strcmp(sparc_pmu_type, "niagara5")) {
2536 + sparc_pmu = &niagara4_pmu;
2537 + return true;
2538 + }
2539 +@@ -1671,9 +1672,12 @@ static bool __init supported_pmu(void)
2540 +
2541 + int __init init_hw_perf_events(void)
2542 + {
2543 ++ int err;
2544 ++
2545 + pr_info("Performance events: ");
2546 +
2547 +- if (!supported_pmu()) {
2548 ++ err = pcr_arch_init();
2549 ++ if (err || !supported_pmu()) {
2550 + pr_cont("No support for PMU type '%s'\n", sparc_pmu_type);
2551 + return 0;
2552 + }
2553 +@@ -1685,7 +1689,7 @@ int __init init_hw_perf_events(void)
2554 +
2555 + return 0;
2556 + }
2557 +-early_initcall(init_hw_perf_events);
2558 ++pure_initcall(init_hw_perf_events);
2559 +
2560 + void perf_callchain_kernel(struct perf_callchain_entry *entry,
2561 + struct pt_regs *regs)
2562 +diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
2563 +index d7b4967f8fa6..c6f7113b6e2f 100644
2564 +--- a/arch/sparc/kernel/process_64.c
2565 ++++ b/arch/sparc/kernel/process_64.c
2566 +@@ -306,6 +306,9 @@ static void __global_pmu_self(int this_cpu)
2567 + struct global_pmu_snapshot *pp;
2568 + int i, num;
2569 +
2570 ++ if (!pcr_ops)
2571 ++ return;
2572 ++
2573 + pp = &global_cpu_snapshot[this_cpu].pmu;
2574 +
2575 + num = 1;
2576 +diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
2577 +index 3fdb455e3318..61a519808cb7 100644
2578 +--- a/arch/sparc/kernel/setup_64.c
2579 ++++ b/arch/sparc/kernel/setup_64.c
2580 +@@ -30,6 +30,7 @@
2581 + #include <linux/cpu.h>
2582 + #include <linux/initrd.h>
2583 + #include <linux/module.h>
2584 ++#include <linux/start_kernel.h>
2585 +
2586 + #include <asm/io.h>
2587 + #include <asm/processor.h>
2588 +@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
2589 +
2590 + static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
2591 +
2592 +-void __init per_cpu_patch(void)
2593 ++static void __init per_cpu_patch(void)
2594 + {
2595 + struct cpuid_patch_entry *p;
2596 + unsigned long ver;
2597 +@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
2598 + }
2599 + }
2600 +
2601 +-void __init sun4v_patch(void)
2602 ++static void __init sun4v_patch(void)
2603 + {
2604 + extern void sun4v_hvapi_init(void);
2605 +
2606 +@@ -335,14 +336,25 @@ static void __init pause_patch(void)
2607 + }
2608 + }
2609 +
2610 +-#ifdef CONFIG_SMP
2611 +-void __init boot_cpu_id_too_large(int cpu)
2612 ++void __init start_early_boot(void)
2613 + {
2614 +- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
2615 +- cpu, NR_CPUS);
2616 +- prom_halt();
2617 ++ int cpu;
2618 ++
2619 ++ check_if_starfire();
2620 ++ per_cpu_patch();
2621 ++ sun4v_patch();
2622 ++
2623 ++ cpu = hard_smp_processor_id();
2624 ++ if (cpu >= NR_CPUS) {
2625 ++ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
2626 ++ cpu, NR_CPUS);
2627 ++ prom_halt();
2628 ++ }
2629 ++ current_thread_info()->cpu = cpu;
2630 ++
2631 ++ prom_init_report();
2632 ++ start_kernel();
2633 + }
2634 +-#endif
2635 +
2636 + /* On Ultra, we support all of the v8 capabilities. */
2637 + unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
2638 +@@ -500,12 +512,16 @@ static void __init init_sparc64_elf_hwcap(void)
2639 + sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
2640 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
2641 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
2642 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
2643 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
2644 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
2645 + cap |= HWCAP_SPARC_BLKINIT;
2646 + if (sun4v_chip_type == SUN4V_CHIP_NIAGARA2 ||
2647 + sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
2648 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
2649 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
2650 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
2651 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
2652 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
2653 + cap |= HWCAP_SPARC_N2;
2654 + }
2655 +@@ -533,6 +549,8 @@ static void __init init_sparc64_elf_hwcap(void)
2656 + sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
2657 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
2658 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
2659 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
2660 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
2661 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
2662 + cap |= (AV_SPARC_VIS | AV_SPARC_VIS2 |
2663 + AV_SPARC_ASI_BLK_INIT |
2664 +@@ -540,6 +558,8 @@ static void __init init_sparc64_elf_hwcap(void)
2665 + if (sun4v_chip_type == SUN4V_CHIP_NIAGARA3 ||
2666 + sun4v_chip_type == SUN4V_CHIP_NIAGARA4 ||
2667 + sun4v_chip_type == SUN4V_CHIP_NIAGARA5 ||
2668 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M6 ||
2669 ++ sun4v_chip_type == SUN4V_CHIP_SPARC_M7 ||
2670 + sun4v_chip_type == SUN4V_CHIP_SPARC64X)
2671 + cap |= (AV_SPARC_VIS3 | AV_SPARC_HPC |
2672 + AV_SPARC_FMAF);
2673 +diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
2674 +index 8416d7fadcce..50c3dd03be31 100644
2675 +--- a/arch/sparc/kernel/smp_64.c
2676 ++++ b/arch/sparc/kernel/smp_64.c
2677 +@@ -1395,7 +1395,6 @@ void __cpu_die(unsigned int cpu)
2678 +
2679 + void __init smp_cpus_done(unsigned int max_cpus)
2680 + {
2681 +- pcr_arch_init();
2682 + }
2683 +
2684 + void smp_send_reschedule(int cpu)
2685 +@@ -1480,6 +1479,13 @@ static void __init pcpu_populate_pte(unsigned long addr)
2686 + pud_t *pud;
2687 + pmd_t *pmd;
2688 +
2689 ++ if (pgd_none(*pgd)) {
2690 ++ pud_t *new;
2691 ++
2692 ++ new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
2693 ++ pgd_populate(&init_mm, pgd, new);
2694 ++ }
2695 ++
2696 + pud = pud_offset(pgd, addr);
2697 + if (pud_none(*pud)) {
2698 + pmd_t *new;
2699 +diff --git a/arch/sparc/kernel/sun4v_tlb_miss.S b/arch/sparc/kernel/sun4v_tlb_miss.S
2700 +index e0c09bf85610..6179e19bc9b9 100644
2701 +--- a/arch/sparc/kernel/sun4v_tlb_miss.S
2702 ++++ b/arch/sparc/kernel/sun4v_tlb_miss.S
2703 +@@ -195,6 +195,11 @@ sun4v_tsb_miss_common:
2704 + ldx [%g2 + TRAP_PER_CPU_PGD_PADDR], %g7
2705 +
2706 + sun4v_itlb_error:
2707 ++ rdpr %tl, %g1
2708 ++ cmp %g1, 1
2709 ++ ble,pt %icc, sun4v_bad_ra
2710 ++ or %g0, FAULT_CODE_BAD_RA | FAULT_CODE_ITLB, %g1
2711 ++
2712 + sethi %hi(sun4v_err_itlb_vaddr), %g1
2713 + stx %g4, [%g1 + %lo(sun4v_err_itlb_vaddr)]
2714 + sethi %hi(sun4v_err_itlb_ctx), %g1
2715 +@@ -206,15 +211,10 @@ sun4v_itlb_error:
2716 + sethi %hi(sun4v_err_itlb_error), %g1
2717 + stx %o0, [%g1 + %lo(sun4v_err_itlb_error)]
2718 +
2719 ++ sethi %hi(1f), %g7
2720 + rdpr %tl, %g4
2721 +- cmp %g4, 1
2722 +- ble,pt %icc, 1f
2723 +- sethi %hi(2f), %g7
2724 + ba,pt %xcc, etraptl1
2725 +- or %g7, %lo(2f), %g7
2726 +-
2727 +-1: ba,pt %xcc, etrap
2728 +-2: or %g7, %lo(2b), %g7
2729 ++1: or %g7, %lo(1f), %g7
2730 + mov %l4, %o1
2731 + call sun4v_itlb_error_report
2732 + add %sp, PTREGS_OFF, %o0
2733 +@@ -222,6 +222,11 @@ sun4v_itlb_error:
2734 + /* NOTREACHED */
2735 +
2736 + sun4v_dtlb_error:
2737 ++ rdpr %tl, %g1
2738 ++ cmp %g1, 1
2739 ++ ble,pt %icc, sun4v_bad_ra
2740 ++ or %g0, FAULT_CODE_BAD_RA | FAULT_CODE_DTLB, %g1
2741 ++
2742 + sethi %hi(sun4v_err_dtlb_vaddr), %g1
2743 + stx %g4, [%g1 + %lo(sun4v_err_dtlb_vaddr)]
2744 + sethi %hi(sun4v_err_dtlb_ctx), %g1
2745 +@@ -233,21 +238,23 @@ sun4v_dtlb_error:
2746 + sethi %hi(sun4v_err_dtlb_error), %g1
2747 + stx %o0, [%g1 + %lo(sun4v_err_dtlb_error)]
2748 +
2749 ++ sethi %hi(1f), %g7
2750 + rdpr %tl, %g4
2751 +- cmp %g4, 1
2752 +- ble,pt %icc, 1f
2753 +- sethi %hi(2f), %g7
2754 + ba,pt %xcc, etraptl1
2755 +- or %g7, %lo(2f), %g7
2756 +-
2757 +-1: ba,pt %xcc, etrap
2758 +-2: or %g7, %lo(2b), %g7
2759 ++1: or %g7, %lo(1f), %g7
2760 + mov %l4, %o1
2761 + call sun4v_dtlb_error_report
2762 + add %sp, PTREGS_OFF, %o0
2763 +
2764 + /* NOTREACHED */
2765 +
2766 ++sun4v_bad_ra:
2767 ++ or %g0, %g4, %g5
2768 ++ ba,pt %xcc, sparc64_realfault_common
2769 ++ or %g1, %g0, %g4
2770 ++
2771 ++ /* NOTREACHED */
2772 ++
2773 + /* Instruction Access Exception, tl0. */
2774 + sun4v_iacc:
2775 + ldxa [%g0] ASI_SCRATCHPAD, %g2
2776 +diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
2777 +index 737f8cbc7d56..88ede1d53b4c 100644
2778 +--- a/arch/sparc/kernel/trampoline_64.S
2779 ++++ b/arch/sparc/kernel/trampoline_64.S
2780 +@@ -109,10 +109,13 @@ startup_continue:
2781 + brnz,pn %g1, 1b
2782 + nop
2783 +
2784 +- sethi %hi(p1275buf), %g2
2785 +- or %g2, %lo(p1275buf), %g2
2786 +- ldx [%g2 + 0x10], %l2
2787 +- add %l2, -(192 + 128), %sp
2788 ++ /* Get onto temporary stack which will be in the locked
2789 ++ * kernel image.
2790 ++ */
2791 ++ sethi %hi(tramp_stack), %g1
2792 ++ or %g1, %lo(tramp_stack), %g1
2793 ++ add %g1, TRAMP_STACK_SIZE, %g1
2794 ++ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
2795 + flushw
2796 +
2797 + /* Setup the loop variables:
2798 +@@ -394,7 +397,6 @@ after_lock_tlb:
2799 + sllx %g5, THREAD_SHIFT, %g5
2800 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
2801 + add %g6, %g5, %sp
2802 +- mov 0, %fp
2803 +
2804 + rdpr %pstate, %o1
2805 + or %o1, PSTATE_IE, %o1
2806 +diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
2807 +index 4ced92f05358..25d0c7ece9cc 100644
2808 +--- a/arch/sparc/kernel/traps_64.c
2809 ++++ b/arch/sparc/kernel/traps_64.c
2810 +@@ -2102,6 +2102,11 @@ void sun4v_nonresum_overflow(struct pt_regs *regs)
2811 + atomic_inc(&sun4v_nonresum_oflow_cnt);
2812 + }
2813 +
2814 ++static void sun4v_tlb_error(struct pt_regs *regs)
2815 ++{
2816 ++ die_if_kernel("TLB/TSB error", regs);
2817 ++}
2818 ++
2819 + unsigned long sun4v_err_itlb_vaddr;
2820 + unsigned long sun4v_err_itlb_ctx;
2821 + unsigned long sun4v_err_itlb_pte;
2822 +@@ -2109,8 +2114,7 @@ unsigned long sun4v_err_itlb_error;
2823 +
2824 + void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
2825 + {
2826 +- if (tl > 1)
2827 +- dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
2828 ++ dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
2829 +
2830 + printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
2831 + regs->tpc, tl);
2832 +@@ -2123,7 +2127,7 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
2833 + sun4v_err_itlb_vaddr, sun4v_err_itlb_ctx,
2834 + sun4v_err_itlb_pte, sun4v_err_itlb_error);
2835 +
2836 +- prom_halt();
2837 ++ sun4v_tlb_error(regs);
2838 + }
2839 +
2840 + unsigned long sun4v_err_dtlb_vaddr;
2841 +@@ -2133,8 +2137,7 @@ unsigned long sun4v_err_dtlb_error;
2842 +
2843 + void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
2844 + {
2845 +- if (tl > 1)
2846 +- dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
2847 ++ dump_tl1_traplog((struct tl1_traplog *)(regs + 1));
2848 +
2849 + printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
2850 + regs->tpc, tl);
2851 +@@ -2147,7 +2150,7 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
2852 + sun4v_err_dtlb_vaddr, sun4v_err_dtlb_ctx,
2853 + sun4v_err_dtlb_pte, sun4v_err_dtlb_error);
2854 +
2855 +- prom_halt();
2856 ++ sun4v_tlb_error(regs);
2857 + }
2858 +
2859 + void hypervisor_tlbop_error(unsigned long err, unsigned long op)
2860 +diff --git a/arch/sparc/kernel/tsb.S b/arch/sparc/kernel/tsb.S
2861 +index 14158d40ba76..be98685c14c6 100644
2862 +--- a/arch/sparc/kernel/tsb.S
2863 ++++ b/arch/sparc/kernel/tsb.S
2864 +@@ -162,10 +162,10 @@ tsb_miss_page_table_walk_sun4v_fastpath:
2865 + nop
2866 + .previous
2867 +
2868 +- rdpr %tl, %g3
2869 +- cmp %g3, 1
2870 ++ rdpr %tl, %g7
2871 ++ cmp %g7, 1
2872 + bne,pn %xcc, winfix_trampoline
2873 +- nop
2874 ++ mov %g3, %g4
2875 + ba,pt %xcc, etrap
2876 + rd %pc, %g7
2877 + call hugetlb_setup
2878 +diff --git a/arch/sparc/kernel/viohs.c b/arch/sparc/kernel/viohs.c
2879 +index f8e7dd53e1c7..9c5fbd0b8a04 100644
2880 +--- a/arch/sparc/kernel/viohs.c
2881 ++++ b/arch/sparc/kernel/viohs.c
2882 +@@ -714,7 +714,7 @@ int vio_ldc_alloc(struct vio_driver_state *vio,
2883 + cfg.tx_irq = vio->vdev->tx_irq;
2884 + cfg.rx_irq = vio->vdev->rx_irq;
2885 +
2886 +- lp = ldc_alloc(vio->vdev->channel_id, &cfg, event_arg);
2887 ++ lp = ldc_alloc(vio->vdev->channel_id, &cfg, event_arg, vio->name);
2888 + if (IS_ERR(lp))
2889 + return PTR_ERR(lp);
2890 +
2891 +@@ -746,7 +746,7 @@ void vio_port_up(struct vio_driver_state *vio)
2892 +
2893 + err = 0;
2894 + if (state == LDC_STATE_INIT) {
2895 +- err = ldc_bind(vio->lp, vio->name);
2896 ++ err = ldc_bind(vio->lp);
2897 + if (err)
2898 + printk(KERN_WARNING "%s: Port %lu bind failed, "
2899 + "err=%d\n",
2900 +diff --git a/arch/sparc/kernel/vmlinux.lds.S b/arch/sparc/kernel/vmlinux.lds.S
2901 +index 932ff90fd760..09243057cb0b 100644
2902 +--- a/arch/sparc/kernel/vmlinux.lds.S
2903 ++++ b/arch/sparc/kernel/vmlinux.lds.S
2904 +@@ -35,8 +35,9 @@ jiffies = jiffies_64;
2905 +
2906 + SECTIONS
2907 + {
2908 +- /* swapper_low_pmd_dir is sparc64 only */
2909 +- swapper_low_pmd_dir = 0x0000000000402000;
2910 ++#ifdef CONFIG_SPARC64
2911 ++ swapper_pg_dir = 0x0000000000402000;
2912 ++#endif
2913 + . = INITIAL_ADDRESS;
2914 + .text TEXTSTART :
2915 + {
2916 +@@ -122,11 +123,6 @@ SECTIONS
2917 + *(.swapper_4m_tsb_phys_patch)
2918 + __swapper_4m_tsb_phys_patch_end = .;
2919 + }
2920 +- .page_offset_shift_patch : {
2921 +- __page_offset_shift_patch = .;
2922 +- *(.page_offset_shift_patch)
2923 +- __page_offset_shift_patch_end = .;
2924 +- }
2925 + .popc_3insn_patch : {
2926 + __popc_3insn_patch = .;
2927 + *(.popc_3insn_patch)
2928 +diff --git a/arch/sparc/lib/NG4memcpy.S b/arch/sparc/lib/NG4memcpy.S
2929 +index 9cf2ee01cee3..140527a20e7d 100644
2930 +--- a/arch/sparc/lib/NG4memcpy.S
2931 ++++ b/arch/sparc/lib/NG4memcpy.S
2932 +@@ -41,6 +41,10 @@
2933 + #endif
2934 + #endif
2935 +
2936 ++#if !defined(EX_LD) && !defined(EX_ST)
2937 ++#define NON_USER_COPY
2938 ++#endif
2939 ++
2940 + #ifndef EX_LD
2941 + #define EX_LD(x) x
2942 + #endif
2943 +@@ -197,9 +201,13 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
2944 + mov EX_RETVAL(%o3), %o0
2945 +
2946 + .Llarge_src_unaligned:
2947 ++#ifdef NON_USER_COPY
2948 ++ VISEntryHalfFast(.Lmedium_vis_entry_fail)
2949 ++#else
2950 ++ VISEntryHalf
2951 ++#endif
2952 + andn %o2, 0x3f, %o4
2953 + sub %o2, %o4, %o2
2954 +- VISEntryHalf
2955 + alignaddr %o1, %g0, %g1
2956 + add %o1, %o4, %o1
2957 + EX_LD(LOAD(ldd, %g1 + 0x00, %f0))
2958 +@@ -240,6 +248,10 @@ FUNC_NAME: /* %o0=dst, %o1=src, %o2=len */
2959 + nop
2960 + ba,a,pt %icc, .Lmedium_unaligned
2961 +
2962 ++#ifdef NON_USER_COPY
2963 ++.Lmedium_vis_entry_fail:
2964 ++ or %o0, %o1, %g2
2965 ++#endif
2966 + .Lmedium:
2967 + LOAD(prefetch, %o1 + 0x40, #n_reads_strong)
2968 + andcc %g2, 0x7, %g0
2969 +diff --git a/arch/sparc/lib/memset.S b/arch/sparc/lib/memset.S
2970 +index 99c017be8719..f75e6906df14 100644
2971 +--- a/arch/sparc/lib/memset.S
2972 ++++ b/arch/sparc/lib/memset.S
2973 +@@ -3,8 +3,9 @@
2974 + * Copyright (C) 1996,1997 Jakub Jelinek (jj@××××××××××××××××.cz)
2975 + * Copyright (C) 1996 David S. Miller (davem@××××××××××××.edu)
2976 + *
2977 +- * Returns 0, if ok, and number of bytes not yet set if exception
2978 +- * occurs and we were called as clear_user.
2979 ++ * Calls to memset returns initial %o0. Calls to bzero returns 0, if ok, and
2980 ++ * number of bytes not yet set if exception occurs and we were called as
2981 ++ * clear_user.
2982 + */
2983 +
2984 + #include <asm/ptrace.h>
2985 +@@ -65,6 +66,8 @@ __bzero_begin:
2986 + .globl __memset_start, __memset_end
2987 + __memset_start:
2988 + memset:
2989 ++ mov %o0, %g1
2990 ++ mov 1, %g4
2991 + and %o1, 0xff, %g3
2992 + sll %g3, 8, %g2
2993 + or %g3, %g2, %g3
2994 +@@ -89,6 +92,7 @@ memset:
2995 + sub %o0, %o2, %o0
2996 +
2997 + __bzero:
2998 ++ clr %g4
2999 + mov %g0, %g3
3000 + 1:
3001 + cmp %o1, 7
3002 +@@ -151,8 +155,8 @@ __bzero:
3003 + bne,a 8f
3004 + EX(stb %g3, [%o0], and %o1, 1)
3005 + 8:
3006 +- retl
3007 +- clr %o0
3008 ++ b 0f
3009 ++ nop
3010 + 7:
3011 + be 13b
3012 + orcc %o1, 0, %g0
3013 +@@ -164,6 +168,12 @@ __bzero:
3014 + bne 8b
3015 + EX(stb %g3, [%o0 - 1], add %o1, 1)
3016 + 0:
3017 ++ andcc %g4, 1, %g0
3018 ++ be 5f
3019 ++ nop
3020 ++ retl
3021 ++ mov %g1, %o0
3022 ++5:
3023 + retl
3024 + clr %o0
3025 + __memset_end:
3026 +diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
3027 +index 4ced3fc66130..45a413e4380a 100644
3028 +--- a/arch/sparc/mm/fault_64.c
3029 ++++ b/arch/sparc/mm/fault_64.c
3030 +@@ -348,6 +348,9 @@ retry:
3031 + down_read(&mm->mmap_sem);
3032 + }
3033 +
3034 ++ if (fault_code & FAULT_CODE_BAD_RA)
3035 ++ goto do_sigbus;
3036 ++
3037 + vma = find_vma(mm, address);
3038 + if (!vma)
3039 + goto bad_area;
3040 +diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
3041 +index 1aed0432c64b..ae6ce383d4df 100644
3042 +--- a/arch/sparc/mm/gup.c
3043 ++++ b/arch/sparc/mm/gup.c
3044 +@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
3045 + return 1;
3046 + }
3047 +
3048 ++int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
3049 ++ struct page **pages)
3050 ++{
3051 ++ struct mm_struct *mm = current->mm;
3052 ++ unsigned long addr, len, end;
3053 ++ unsigned long next, flags;
3054 ++ pgd_t *pgdp;
3055 ++ int nr = 0;
3056 ++
3057 ++ start &= PAGE_MASK;
3058 ++ addr = start;
3059 ++ len = (unsigned long) nr_pages << PAGE_SHIFT;
3060 ++ end = start + len;
3061 ++
3062 ++ local_irq_save(flags);
3063 ++ pgdp = pgd_offset(mm, addr);
3064 ++ do {
3065 ++ pgd_t pgd = *pgdp;
3066 ++
3067 ++ next = pgd_addr_end(addr, end);
3068 ++ if (pgd_none(pgd))
3069 ++ break;
3070 ++ if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
3071 ++ break;
3072 ++ } while (pgdp++, addr = next, addr != end);
3073 ++ local_irq_restore(flags);
3074 ++
3075 ++ return nr;
3076 ++}
3077 ++
3078 + int get_user_pages_fast(unsigned long start, int nr_pages, int write,
3079 + struct page **pages)
3080 + {
3081 +diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
3082 +index 96862241b342..34506f292533 100644
3083 +--- a/arch/sparc/mm/init_64.c
3084 ++++ b/arch/sparc/mm/init_64.c
3085 +@@ -73,7 +73,6 @@ unsigned long kern_linear_pte_xor[4] __read_mostly;
3086 + * 'cpu' properties, but we need to have this table setup before the
3087 + * MDESC is initialized.
3088 + */
3089 +-unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3090 +
3091 + #ifndef CONFIG_DEBUG_PAGEALLOC
3092 + /* A special kernel TSB for 4MB, 256MB, 2GB and 16GB linear mappings.
3093 +@@ -82,10 +81,11 @@ unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3094 + */
3095 + extern struct tsb swapper_4m_tsb[KERNEL_TSB4M_NENTRIES];
3096 + #endif
3097 ++extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
3098 +
3099 + static unsigned long cpu_pgsz_mask;
3100 +
3101 +-#define MAX_BANKS 32
3102 ++#define MAX_BANKS 1024
3103 +
3104 + static struct linux_prom64_registers pavail[MAX_BANKS];
3105 + static int pavail_ents;
3106 +@@ -163,10 +163,6 @@ static void __init read_obp_memory(const char *property,
3107 + cmp_p64, NULL);
3108 + }
3109 +
3110 +-unsigned long sparc64_valid_addr_bitmap[VALID_ADDR_BITMAP_BYTES /
3111 +- sizeof(unsigned long)];
3112 +-EXPORT_SYMBOL(sparc64_valid_addr_bitmap);
3113 +-
3114 + /* Kernel physical address base and size in bytes. */
3115 + unsigned long kern_base __read_mostly;
3116 + unsigned long kern_size __read_mostly;
3117 +@@ -838,7 +834,10 @@ static int find_node(unsigned long addr)
3118 + if ((addr & p->mask) == p->val)
3119 + return i;
3120 + }
3121 +- return -1;
3122 ++ /* The following condition has been observed on LDOM guests.*/
3123 ++ WARN_ONCE(1, "find_node: A physical address doesn't match a NUMA node"
3124 ++ " rule. Some physical memory will be owned by node 0.");
3125 ++ return 0;
3126 + }
3127 +
3128 + static u64 memblock_nid_range(u64 start, u64 end, int *nid)
3129 +@@ -1360,9 +1359,144 @@ static unsigned long __init bootmem_init(unsigned long phys_base)
3130 + static struct linux_prom64_registers pall[MAX_BANKS] __initdata;
3131 + static int pall_ents __initdata;
3132 +
3133 +-#ifdef CONFIG_DEBUG_PAGEALLOC
3134 ++static unsigned long max_phys_bits = 40;
3135 ++
3136 ++bool kern_addr_valid(unsigned long addr)
3137 ++{
3138 ++ pgd_t *pgd;
3139 ++ pud_t *pud;
3140 ++ pmd_t *pmd;
3141 ++ pte_t *pte;
3142 ++
3143 ++ if ((long)addr < 0L) {
3144 ++ unsigned long pa = __pa(addr);
3145 ++
3146 ++ if ((addr >> max_phys_bits) != 0UL)
3147 ++ return false;
3148 ++
3149 ++ return pfn_valid(pa >> PAGE_SHIFT);
3150 ++ }
3151 ++
3152 ++ if (addr >= (unsigned long) KERNBASE &&
3153 ++ addr < (unsigned long)&_end)
3154 ++ return true;
3155 ++
3156 ++ pgd = pgd_offset_k(addr);
3157 ++ if (pgd_none(*pgd))
3158 ++ return 0;
3159 ++
3160 ++ pud = pud_offset(pgd, addr);
3161 ++ if (pud_none(*pud))
3162 ++ return 0;
3163 ++
3164 ++ if (pud_large(*pud))
3165 ++ return pfn_valid(pud_pfn(*pud));
3166 ++
3167 ++ pmd = pmd_offset(pud, addr);
3168 ++ if (pmd_none(*pmd))
3169 ++ return 0;
3170 ++
3171 ++ if (pmd_large(*pmd))
3172 ++ return pfn_valid(pmd_pfn(*pmd));
3173 ++
3174 ++ pte = pte_offset_kernel(pmd, addr);
3175 ++ if (pte_none(*pte))
3176 ++ return 0;
3177 ++
3178 ++ return pfn_valid(pte_pfn(*pte));
3179 ++}
3180 ++EXPORT_SYMBOL(kern_addr_valid);
3181 ++
3182 ++static unsigned long __ref kernel_map_hugepud(unsigned long vstart,
3183 ++ unsigned long vend,
3184 ++ pud_t *pud)
3185 ++{
3186 ++ const unsigned long mask16gb = (1UL << 34) - 1UL;
3187 ++ u64 pte_val = vstart;
3188 ++
3189 ++ /* Each PUD is 8GB */
3190 ++ if ((vstart & mask16gb) ||
3191 ++ (vend - vstart <= mask16gb)) {
3192 ++ pte_val ^= kern_linear_pte_xor[2];
3193 ++ pud_val(*pud) = pte_val | _PAGE_PUD_HUGE;
3194 ++
3195 ++ return vstart + PUD_SIZE;
3196 ++ }
3197 ++
3198 ++ pte_val ^= kern_linear_pte_xor[3];
3199 ++ pte_val |= _PAGE_PUD_HUGE;
3200 ++
3201 ++ vend = vstart + mask16gb + 1UL;
3202 ++ while (vstart < vend) {
3203 ++ pud_val(*pud) = pte_val;
3204 ++
3205 ++ pte_val += PUD_SIZE;
3206 ++ vstart += PUD_SIZE;
3207 ++ pud++;
3208 ++ }
3209 ++ return vstart;
3210 ++}
3211 ++
3212 ++static bool kernel_can_map_hugepud(unsigned long vstart, unsigned long vend,
3213 ++ bool guard)
3214 ++{
3215 ++ if (guard && !(vstart & ~PUD_MASK) && (vend - vstart) >= PUD_SIZE)
3216 ++ return true;
3217 ++
3218 ++ return false;
3219 ++}
3220 ++
3221 ++static unsigned long __ref kernel_map_hugepmd(unsigned long vstart,
3222 ++ unsigned long vend,
3223 ++ pmd_t *pmd)
3224 ++{
3225 ++ const unsigned long mask256mb = (1UL << 28) - 1UL;
3226 ++ const unsigned long mask2gb = (1UL << 31) - 1UL;
3227 ++ u64 pte_val = vstart;
3228 ++
3229 ++ /* Each PMD is 8MB */
3230 ++ if ((vstart & mask256mb) ||
3231 ++ (vend - vstart <= mask256mb)) {
3232 ++ pte_val ^= kern_linear_pte_xor[0];
3233 ++ pmd_val(*pmd) = pte_val | _PAGE_PMD_HUGE;
3234 ++
3235 ++ return vstart + PMD_SIZE;
3236 ++ }
3237 ++
3238 ++ if ((vstart & mask2gb) ||
3239 ++ (vend - vstart <= mask2gb)) {
3240 ++ pte_val ^= kern_linear_pte_xor[1];
3241 ++ pte_val |= _PAGE_PMD_HUGE;
3242 ++ vend = vstart + mask256mb + 1UL;
3243 ++ } else {
3244 ++ pte_val ^= kern_linear_pte_xor[2];
3245 ++ pte_val |= _PAGE_PMD_HUGE;
3246 ++ vend = vstart + mask2gb + 1UL;
3247 ++ }
3248 ++
3249 ++ while (vstart < vend) {
3250 ++ pmd_val(*pmd) = pte_val;
3251 ++
3252 ++ pte_val += PMD_SIZE;
3253 ++ vstart += PMD_SIZE;
3254 ++ pmd++;
3255 ++ }
3256 ++
3257 ++ return vstart;
3258 ++}
3259 ++
3260 ++static bool kernel_can_map_hugepmd(unsigned long vstart, unsigned long vend,
3261 ++ bool guard)
3262 ++{
3263 ++ if (guard && !(vstart & ~PMD_MASK) && (vend - vstart) >= PMD_SIZE)
3264 ++ return true;
3265 ++
3266 ++ return false;
3267 ++}
3268 ++
3269 + static unsigned long __ref kernel_map_range(unsigned long pstart,
3270 +- unsigned long pend, pgprot_t prot)
3271 ++ unsigned long pend, pgprot_t prot,
3272 ++ bool use_huge)
3273 + {
3274 + unsigned long vstart = PAGE_OFFSET + pstart;
3275 + unsigned long vend = PAGE_OFFSET + pend;
3276 +@@ -1381,19 +1515,34 @@ static unsigned long __ref kernel_map_range(unsigned long pstart,
3277 + pmd_t *pmd;
3278 + pte_t *pte;
3279 +
3280 ++ if (pgd_none(*pgd)) {
3281 ++ pud_t *new;
3282 ++
3283 ++ new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3284 ++ alloc_bytes += PAGE_SIZE;
3285 ++ pgd_populate(&init_mm, pgd, new);
3286 ++ }
3287 + pud = pud_offset(pgd, vstart);
3288 + if (pud_none(*pud)) {
3289 + pmd_t *new;
3290 +
3291 ++ if (kernel_can_map_hugepud(vstart, vend, use_huge)) {
3292 ++ vstart = kernel_map_hugepud(vstart, vend, pud);
3293 ++ continue;
3294 ++ }
3295 + new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3296 + alloc_bytes += PAGE_SIZE;
3297 + pud_populate(&init_mm, pud, new);
3298 + }
3299 +
3300 + pmd = pmd_offset(pud, vstart);
3301 +- if (!pmd_present(*pmd)) {
3302 ++ if (pmd_none(*pmd)) {
3303 + pte_t *new;
3304 +
3305 ++ if (kernel_can_map_hugepmd(vstart, vend, use_huge)) {
3306 ++ vstart = kernel_map_hugepmd(vstart, vend, pmd);
3307 ++ continue;
3308 ++ }
3309 + new = __alloc_bootmem(PAGE_SIZE, PAGE_SIZE, PAGE_SIZE);
3310 + alloc_bytes += PAGE_SIZE;
3311 + pmd_populate_kernel(&init_mm, pmd, new);
3312 +@@ -1416,100 +1565,34 @@ static unsigned long __ref kernel_map_range(unsigned long pstart,
3313 + return alloc_bytes;
3314 + }
3315 +
3316 +-extern unsigned int kvmap_linear_patch[1];
3317 +-#endif /* CONFIG_DEBUG_PAGEALLOC */
3318 +-
3319 +-static void __init kpte_set_val(unsigned long index, unsigned long val)
3320 ++static void __init flush_all_kernel_tsbs(void)
3321 + {
3322 +- unsigned long *ptr = kpte_linear_bitmap;
3323 +-
3324 +- val <<= ((index % (BITS_PER_LONG / 2)) * 2);
3325 +- ptr += (index / (BITS_PER_LONG / 2));
3326 +-
3327 +- *ptr |= val;
3328 +-}
3329 +-
3330 +-static const unsigned long kpte_shift_min = 28; /* 256MB */
3331 +-static const unsigned long kpte_shift_max = 34; /* 16GB */
3332 +-static const unsigned long kpte_shift_incr = 3;
3333 +-
3334 +-static unsigned long kpte_mark_using_shift(unsigned long start, unsigned long end,
3335 +- unsigned long shift)
3336 +-{
3337 +- unsigned long size = (1UL << shift);
3338 +- unsigned long mask = (size - 1UL);
3339 +- unsigned long remains = end - start;
3340 +- unsigned long val;
3341 +-
3342 +- if (remains < size || (start & mask))
3343 +- return start;
3344 +-
3345 +- /* VAL maps:
3346 +- *
3347 +- * shift 28 --> kern_linear_pte_xor index 1
3348 +- * shift 31 --> kern_linear_pte_xor index 2
3349 +- * shift 34 --> kern_linear_pte_xor index 3
3350 +- */
3351 +- val = ((shift - kpte_shift_min) / kpte_shift_incr) + 1;
3352 +-
3353 +- remains &= ~mask;
3354 +- if (shift != kpte_shift_max)
3355 +- remains = size;
3356 +-
3357 +- while (remains) {
3358 +- unsigned long index = start >> kpte_shift_min;
3359 ++ int i;
3360 +
3361 +- kpte_set_val(index, val);
3362 ++ for (i = 0; i < KERNEL_TSB_NENTRIES; i++) {
3363 ++ struct tsb *ent = &swapper_tsb[i];
3364 +
3365 +- start += 1UL << kpte_shift_min;
3366 +- remains -= 1UL << kpte_shift_min;
3367 ++ ent->tag = (1UL << TSB_TAG_INVALID_BIT);
3368 + }
3369 ++#ifndef CONFIG_DEBUG_PAGEALLOC
3370 ++ for (i = 0; i < KERNEL_TSB4M_NENTRIES; i++) {
3371 ++ struct tsb *ent = &swapper_4m_tsb[i];
3372 +
3373 +- return start;
3374 +-}
3375 +-
3376 +-static void __init mark_kpte_bitmap(unsigned long start, unsigned long end)
3377 +-{
3378 +- unsigned long smallest_size, smallest_mask;
3379 +- unsigned long s;
3380 +-
3381 +- smallest_size = (1UL << kpte_shift_min);
3382 +- smallest_mask = (smallest_size - 1UL);
3383 +-
3384 +- while (start < end) {
3385 +- unsigned long orig_start = start;
3386 +-
3387 +- for (s = kpte_shift_max; s >= kpte_shift_min; s -= kpte_shift_incr) {
3388 +- start = kpte_mark_using_shift(start, end, s);
3389 +-
3390 +- if (start != orig_start)
3391 +- break;
3392 +- }
3393 +-
3394 +- if (start == orig_start)
3395 +- start = (start + smallest_size) & ~smallest_mask;
3396 ++ ent->tag = (1UL << TSB_TAG_INVALID_BIT);
3397 + }
3398 ++#endif
3399 + }
3400 +
3401 +-static void __init init_kpte_bitmap(void)
3402 +-{
3403 +- unsigned long i;
3404 +-
3405 +- for (i = 0; i < pall_ents; i++) {
3406 +- unsigned long phys_start, phys_end;
3407 +-
3408 +- phys_start = pall[i].phys_addr;
3409 +- phys_end = phys_start + pall[i].reg_size;
3410 +-
3411 +- mark_kpte_bitmap(phys_start, phys_end);
3412 +- }
3413 +-}
3414 ++extern unsigned int kvmap_linear_patch[1];
3415 +
3416 + static void __init kernel_physical_mapping_init(void)
3417 + {
3418 +-#ifdef CONFIG_DEBUG_PAGEALLOC
3419 + unsigned long i, mem_alloced = 0UL;
3420 ++ bool use_huge = true;
3421 +
3422 ++#ifdef CONFIG_DEBUG_PAGEALLOC
3423 ++ use_huge = false;
3424 ++#endif
3425 + for (i = 0; i < pall_ents; i++) {
3426 + unsigned long phys_start, phys_end;
3427 +
3428 +@@ -1517,7 +1600,7 @@ static void __init kernel_physical_mapping_init(void)
3429 + phys_end = phys_start + pall[i].reg_size;
3430 +
3431 + mem_alloced += kernel_map_range(phys_start, phys_end,
3432 +- PAGE_KERNEL);
3433 ++ PAGE_KERNEL, use_huge);
3434 + }
3435 +
3436 + printk("Allocated %ld bytes for kernel page tables.\n",
3437 +@@ -1526,8 +1609,9 @@ static void __init kernel_physical_mapping_init(void)
3438 + kvmap_linear_patch[0] = 0x01000000; /* nop */
3439 + flushi(&kvmap_linear_patch[0]);
3440 +
3441 ++ flush_all_kernel_tsbs();
3442 ++
3443 + __flush_tlb_all();
3444 +-#endif
3445 + }
3446 +
3447 + #ifdef CONFIG_DEBUG_PAGEALLOC
3448 +@@ -1537,7 +1621,7 @@ void kernel_map_pages(struct page *page, int numpages, int enable)
3449 + unsigned long phys_end = phys_start + (numpages * PAGE_SIZE);
3450 +
3451 + kernel_map_range(phys_start, phys_end,
3452 +- (enable ? PAGE_KERNEL : __pgprot(0)));
3453 ++ (enable ? PAGE_KERNEL : __pgprot(0)), false);
3454 +
3455 + flush_tsb_kernel_range(PAGE_OFFSET + phys_start,
3456 + PAGE_OFFSET + phys_end);
3457 +@@ -1565,76 +1649,56 @@ unsigned long __init find_ecache_flush_span(unsigned long size)
3458 + unsigned long PAGE_OFFSET;
3459 + EXPORT_SYMBOL(PAGE_OFFSET);
3460 +
3461 +-static void __init page_offset_shift_patch_one(unsigned int *insn, unsigned long phys_bits)
3462 +-{
3463 +- unsigned long final_shift;
3464 +- unsigned int val = *insn;
3465 +- unsigned int cnt;
3466 +-
3467 +- /* We are patching in ilog2(max_supported_phys_address), and
3468 +- * we are doing so in a manner similar to a relocation addend.
3469 +- * That is, we are adding the shift value to whatever value
3470 +- * is in the shift instruction count field already.
3471 +- */
3472 +- cnt = (val & 0x3f);
3473 +- val &= ~0x3f;
3474 +-
3475 +- /* If we are trying to shift >= 64 bits, clear the destination
3476 +- * register. This can happen when phys_bits ends up being equal
3477 +- * to MAX_PHYS_ADDRESS_BITS.
3478 +- */
3479 +- final_shift = (cnt + (64 - phys_bits));
3480 +- if (final_shift >= 64) {
3481 +- unsigned int rd = (val >> 25) & 0x1f;
3482 +-
3483 +- val = 0x80100000 | (rd << 25);
3484 +- } else {
3485 +- val |= final_shift;
3486 +- }
3487 +- *insn = val;
3488 +-
3489 +- __asm__ __volatile__("flush %0"
3490 +- : /* no outputs */
3491 +- : "r" (insn));
3492 +-}
3493 +-
3494 +-static void __init page_offset_shift_patch(unsigned long phys_bits)
3495 +-{
3496 +- extern unsigned int __page_offset_shift_patch;
3497 +- extern unsigned int __page_offset_shift_patch_end;
3498 +- unsigned int *p;
3499 +-
3500 +- p = &__page_offset_shift_patch;
3501 +- while (p < &__page_offset_shift_patch_end) {
3502 +- unsigned int *insn = (unsigned int *)(unsigned long)*p;
3503 ++unsigned long VMALLOC_END = 0x0000010000000000UL;
3504 ++EXPORT_SYMBOL(VMALLOC_END);
3505 +
3506 +- page_offset_shift_patch_one(insn, phys_bits);
3507 +-
3508 +- p++;
3509 +- }
3510 +-}
3511 ++unsigned long sparc64_va_hole_top = 0xfffff80000000000UL;
3512 ++unsigned long sparc64_va_hole_bottom = 0x0000080000000000UL;
3513 +
3514 + static void __init setup_page_offset(void)
3515 + {
3516 +- unsigned long max_phys_bits = 40;
3517 +-
3518 + if (tlb_type == cheetah || tlb_type == cheetah_plus) {
3519 ++ /* Cheetah/Panther support a full 64-bit virtual
3520 ++ * address, so we can use all that our page tables
3521 ++ * support.
3522 ++ */
3523 ++ sparc64_va_hole_top = 0xfff0000000000000UL;
3524 ++ sparc64_va_hole_bottom = 0x0010000000000000UL;
3525 ++
3526 + max_phys_bits = 42;
3527 + } else if (tlb_type == hypervisor) {
3528 + switch (sun4v_chip_type) {
3529 + case SUN4V_CHIP_NIAGARA1:
3530 + case SUN4V_CHIP_NIAGARA2:
3531 ++ /* T1 and T2 support 48-bit virtual addresses. */
3532 ++ sparc64_va_hole_top = 0xffff800000000000UL;
3533 ++ sparc64_va_hole_bottom = 0x0000800000000000UL;
3534 ++
3535 + max_phys_bits = 39;
3536 + break;
3537 + case SUN4V_CHIP_NIAGARA3:
3538 ++ /* T3 supports 48-bit virtual addresses. */
3539 ++ sparc64_va_hole_top = 0xffff800000000000UL;
3540 ++ sparc64_va_hole_bottom = 0x0000800000000000UL;
3541 ++
3542 + max_phys_bits = 43;
3543 + break;
3544 + case SUN4V_CHIP_NIAGARA4:
3545 + case SUN4V_CHIP_NIAGARA5:
3546 + case SUN4V_CHIP_SPARC64X:
3547 +- default:
3548 ++ case SUN4V_CHIP_SPARC_M6:
3549 ++ /* T4 and later support 52-bit virtual addresses. */
3550 ++ sparc64_va_hole_top = 0xfff8000000000000UL;
3551 ++ sparc64_va_hole_bottom = 0x0008000000000000UL;
3552 + max_phys_bits = 47;
3553 + break;
3554 ++ case SUN4V_CHIP_SPARC_M7:
3555 ++ default:
3556 ++ /* M7 and later support 52-bit virtual addresses. */
3557 ++ sparc64_va_hole_top = 0xfff8000000000000UL;
3558 ++ sparc64_va_hole_bottom = 0x0008000000000000UL;
3559 ++ max_phys_bits = 49;
3560 ++ break;
3561 + }
3562 + }
3563 +
3564 +@@ -1644,12 +1708,16 @@ static void __init setup_page_offset(void)
3565 + prom_halt();
3566 + }
3567 +
3568 +- PAGE_OFFSET = PAGE_OFFSET_BY_BITS(max_phys_bits);
3569 ++ PAGE_OFFSET = sparc64_va_hole_top;
3570 ++ VMALLOC_END = ((sparc64_va_hole_bottom >> 1) +
3571 ++ (sparc64_va_hole_bottom >> 2));
3572 +
3573 +- pr_info("PAGE_OFFSET is 0x%016lx (max_phys_bits == %lu)\n",
3574 ++ pr_info("MM: PAGE_OFFSET is 0x%016lx (max_phys_bits == %lu)\n",
3575 + PAGE_OFFSET, max_phys_bits);
3576 +-
3577 +- page_offset_shift_patch(max_phys_bits);
3578 ++ pr_info("MM: VMALLOC [0x%016lx --> 0x%016lx]\n",
3579 ++ VMALLOC_START, VMALLOC_END);
3580 ++ pr_info("MM: VMEMMAP [0x%016lx --> 0x%016lx]\n",
3581 ++ VMEMMAP_BASE, VMEMMAP_BASE << 1);
3582 + }
3583 +
3584 + static void __init tsb_phys_patch(void)
3585 +@@ -1694,21 +1762,42 @@ static void __init tsb_phys_patch(void)
3586 + #define NUM_KTSB_DESCR 1
3587 + #endif
3588 + static struct hv_tsb_descr ktsb_descr[NUM_KTSB_DESCR];
3589 +-extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
3590 ++
3591 ++/* The swapper TSBs are loaded with a base sequence of:
3592 ++ *
3593 ++ * sethi %uhi(SYMBOL), REG1
3594 ++ * sethi %hi(SYMBOL), REG2
3595 ++ * or REG1, %ulo(SYMBOL), REG1
3596 ++ * or REG2, %lo(SYMBOL), REG2
3597 ++ * sllx REG1, 32, REG1
3598 ++ * or REG1, REG2, REG1
3599 ++ *
3600 ++ * When we use physical addressing for the TSB accesses, we patch the
3601 ++ * first four instructions in the above sequence.
3602 ++ */
3603 +
3604 + static void patch_one_ktsb_phys(unsigned int *start, unsigned int *end, unsigned long pa)
3605 + {
3606 +- pa >>= KTSB_PHYS_SHIFT;
3607 ++ unsigned long high_bits, low_bits;
3608 ++
3609 ++ high_bits = (pa >> 32) & 0xffffffff;
3610 ++ low_bits = (pa >> 0) & 0xffffffff;
3611 +
3612 + while (start < end) {
3613 + unsigned int *ia = (unsigned int *)(unsigned long)*start;
3614 +
3615 +- ia[0] = (ia[0] & ~0x3fffff) | (pa >> 10);
3616 ++ ia[0] = (ia[0] & ~0x3fffff) | (high_bits >> 10);
3617 + __asm__ __volatile__("flush %0" : : "r" (ia));
3618 +
3619 +- ia[1] = (ia[1] & ~0x3ff) | (pa & 0x3ff);
3620 ++ ia[1] = (ia[1] & ~0x3fffff) | (low_bits >> 10);
3621 + __asm__ __volatile__("flush %0" : : "r" (ia + 1));
3622 +
3623 ++ ia[2] = (ia[2] & ~0x1fff) | (high_bits & 0x3ff);
3624 ++ __asm__ __volatile__("flush %0" : : "r" (ia + 2));
3625 ++
3626 ++ ia[3] = (ia[3] & ~0x1fff) | (low_bits & 0x3ff);
3627 ++ __asm__ __volatile__("flush %0" : : "r" (ia + 3));
3628 ++
3629 + start++;
3630 + }
3631 + }
3632 +@@ -1847,7 +1936,6 @@ static void __init sun4v_linear_pte_xor_finalize(void)
3633 + /* paging_init() sets up the page tables */
3634 +
3635 + static unsigned long last_valid_pfn;
3636 +-pgd_t swapper_pg_dir[PTRS_PER_PGD];
3637 +
3638 + static void sun4u_pgprot_init(void);
3639 + static void sun4v_pgprot_init(void);
3640 +@@ -1950,16 +2038,10 @@ void __init paging_init(void)
3641 + */
3642 + init_mm.pgd += ((shift) / (sizeof(pgd_t)));
3643 +
3644 +- memset(swapper_low_pmd_dir, 0, sizeof(swapper_low_pmd_dir));
3645 ++ memset(swapper_pg_dir, 0, sizeof(swapper_pg_dir));
3646 +
3647 +- /* Now can init the kernel/bad page tables. */
3648 +- pud_set(pud_offset(&swapper_pg_dir[0], 0),
3649 +- swapper_low_pmd_dir + (shift / sizeof(pgd_t)));
3650 +-
3651 + inherit_prom_mappings();
3652 +
3653 +- init_kpte_bitmap();
3654 +-
3655 + /* Ok, we can use our TLB miss and window trap handlers safely. */
3656 + setup_tba();
3657 +
3658 +@@ -2066,70 +2148,6 @@ int page_in_phys_avail(unsigned long paddr)
3659 + return 0;
3660 + }
3661 +
3662 +-static struct linux_prom64_registers pavail_rescan[MAX_BANKS] __initdata;
3663 +-static int pavail_rescan_ents __initdata;
3664 +-
3665 +-/* Certain OBP calls, such as fetching "available" properties, can
3666 +- * claim physical memory. So, along with initializing the valid
3667 +- * address bitmap, what we do here is refetch the physical available
3668 +- * memory list again, and make sure it provides at least as much
3669 +- * memory as 'pavail' does.
3670 +- */
3671 +-static void __init setup_valid_addr_bitmap_from_pavail(unsigned long *bitmap)
3672 +-{
3673 +- int i;
3674 +-
3675 +- read_obp_memory("available", &pavail_rescan[0], &pavail_rescan_ents);
3676 +-
3677 +- for (i = 0; i < pavail_ents; i++) {
3678 +- unsigned long old_start, old_end;
3679 +-
3680 +- old_start = pavail[i].phys_addr;
3681 +- old_end = old_start + pavail[i].reg_size;
3682 +- while (old_start < old_end) {
3683 +- int n;
3684 +-
3685 +- for (n = 0; n < pavail_rescan_ents; n++) {
3686 +- unsigned long new_start, new_end;
3687 +-
3688 +- new_start = pavail_rescan[n].phys_addr;
3689 +- new_end = new_start +
3690 +- pavail_rescan[n].reg_size;
3691 +-
3692 +- if (new_start <= old_start &&
3693 +- new_end >= (old_start + PAGE_SIZE)) {
3694 +- set_bit(old_start >> ILOG2_4MB, bitmap);
3695 +- goto do_next_page;
3696 +- }
3697 +- }
3698 +-
3699 +- prom_printf("mem_init: Lost memory in pavail\n");
3700 +- prom_printf("mem_init: OLD start[%lx] size[%lx]\n",
3701 +- pavail[i].phys_addr,
3702 +- pavail[i].reg_size);
3703 +- prom_printf("mem_init: NEW start[%lx] size[%lx]\n",
3704 +- pavail_rescan[i].phys_addr,
3705 +- pavail_rescan[i].reg_size);
3706 +- prom_printf("mem_init: Cannot continue, aborting.\n");
3707 +- prom_halt();
3708 +-
3709 +- do_next_page:
3710 +- old_start += PAGE_SIZE;
3711 +- }
3712 +- }
3713 +-}
3714 +-
3715 +-static void __init patch_tlb_miss_handler_bitmap(void)
3716 +-{
3717 +- extern unsigned int valid_addr_bitmap_insn[];
3718 +- extern unsigned int valid_addr_bitmap_patch[];
3719 +-
3720 +- valid_addr_bitmap_insn[1] = valid_addr_bitmap_patch[1];
3721 +- mb();
3722 +- valid_addr_bitmap_insn[0] = valid_addr_bitmap_patch[0];
3723 +- flushi(&valid_addr_bitmap_insn[0]);
3724 +-}
3725 +-
3726 + static void __init register_page_bootmem_info(void)
3727 + {
3728 + #ifdef CONFIG_NEED_MULTIPLE_NODES
3729 +@@ -2142,18 +2160,6 @@ static void __init register_page_bootmem_info(void)
3730 + }
3731 + void __init mem_init(void)
3732 + {
3733 +- unsigned long addr, last;
3734 +-
3735 +- addr = PAGE_OFFSET + kern_base;
3736 +- last = PAGE_ALIGN(kern_size) + addr;
3737 +- while (addr < last) {
3738 +- set_bit(__pa(addr) >> ILOG2_4MB, sparc64_valid_addr_bitmap);
3739 +- addr += PAGE_SIZE;
3740 +- }
3741 +-
3742 +- setup_valid_addr_bitmap_from_pavail(sparc64_valid_addr_bitmap);
3743 +- patch_tlb_miss_handler_bitmap();
3744 +-
3745 + high_memory = __va(last_valid_pfn << PAGE_SHIFT);
3746 +
3747 + register_page_bootmem_info();
3748 +@@ -2243,18 +2249,9 @@ unsigned long _PAGE_CACHE __read_mostly;
3749 + EXPORT_SYMBOL(_PAGE_CACHE);
3750 +
3751 + #ifdef CONFIG_SPARSEMEM_VMEMMAP
3752 +-unsigned long vmemmap_table[VMEMMAP_SIZE];
3753 +-
3754 +-static long __meminitdata addr_start, addr_end;
3755 +-static int __meminitdata node_start;
3756 +-
3757 + int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
3758 + int node)
3759 + {
3760 +- unsigned long phys_start = (vstart - VMEMMAP_BASE);
3761 +- unsigned long phys_end = (vend - VMEMMAP_BASE);
3762 +- unsigned long addr = phys_start & VMEMMAP_CHUNK_MASK;
3763 +- unsigned long end = VMEMMAP_ALIGN(phys_end);
3764 + unsigned long pte_base;
3765 +
3766 + pte_base = (_PAGE_VALID | _PAGE_SZ4MB_4U |
3767 +@@ -2265,47 +2262,52 @@ int __meminit vmemmap_populate(unsigned long vstart, unsigned long vend,
3768 + _PAGE_CP_4V | _PAGE_CV_4V |
3769 + _PAGE_P_4V | _PAGE_W_4V);
3770 +
3771 +- for (; addr < end; addr += VMEMMAP_CHUNK) {
3772 +- unsigned long *vmem_pp =
3773 +- vmemmap_table + (addr >> VMEMMAP_CHUNK_SHIFT);
3774 +- void *block;
3775 ++ pte_base |= _PAGE_PMD_HUGE;
3776 +
3777 +- if (!(*vmem_pp & _PAGE_VALID)) {
3778 +- block = vmemmap_alloc_block(1UL << ILOG2_4MB, node);
3779 +- if (!block)
3780 ++ vstart = vstart & PMD_MASK;
3781 ++ vend = ALIGN(vend, PMD_SIZE);
3782 ++ for (; vstart < vend; vstart += PMD_SIZE) {
3783 ++ pgd_t *pgd = pgd_offset_k(vstart);
3784 ++ unsigned long pte;
3785 ++ pud_t *pud;
3786 ++ pmd_t *pmd;
3787 ++
3788 ++ if (pgd_none(*pgd)) {
3789 ++ pud_t *new = vmemmap_alloc_block(PAGE_SIZE, node);
3790 ++
3791 ++ if (!new)
3792 + return -ENOMEM;
3793 ++ pgd_populate(&init_mm, pgd, new);
3794 ++ }
3795 +
3796 +- *vmem_pp = pte_base | __pa(block);
3797 ++ pud = pud_offset(pgd, vstart);
3798 ++ if (pud_none(*pud)) {
3799 ++ pmd_t *new = vmemmap_alloc_block(PAGE_SIZE, node);
3800 +
3801 +- /* check to see if we have contiguous blocks */
3802 +- if (addr_end != addr || node_start != node) {
3803 +- if (addr_start)
3804 +- printk(KERN_DEBUG " [%lx-%lx] on node %d\n",
3805 +- addr_start, addr_end-1, node_start);
3806 +- addr_start = addr;
3807 +- node_start = node;
3808 +- }
3809 +- addr_end = addr + VMEMMAP_CHUNK;
3810 ++ if (!new)
3811 ++ return -ENOMEM;
3812 ++ pud_populate(&init_mm, pud, new);
3813 + }
3814 +- }
3815 +- return 0;
3816 +-}
3817 +
3818 +-void __meminit vmemmap_populate_print_last(void)
3819 +-{
3820 +- if (addr_start) {
3821 +- printk(KERN_DEBUG " [%lx-%lx] on node %d\n",
3822 +- addr_start, addr_end-1, node_start);
3823 +- addr_start = 0;
3824 +- addr_end = 0;
3825 +- node_start = 0;
3826 ++ pmd = pmd_offset(pud, vstart);
3827 ++
3828 ++ pte = pmd_val(*pmd);
3829 ++ if (!(pte & _PAGE_VALID)) {
3830 ++ void *block = vmemmap_alloc_block(PMD_SIZE, node);
3831 ++
3832 ++ if (!block)
3833 ++ return -ENOMEM;
3834 ++
3835 ++ pmd_val(*pmd) = pte_base | __pa(block);
3836 ++ }
3837 + }
3838 ++
3839 ++ return 0;
3840 + }
3841 +
3842 + void vmemmap_free(unsigned long start, unsigned long end)
3843 + {
3844 + }
3845 +-
3846 + #endif /* CONFIG_SPARSEMEM_VMEMMAP */
3847 +
3848 + static void prot_init_common(unsigned long page_none,
3849 +@@ -2717,8 +2719,8 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end)
3850 + do_flush_tlb_kernel_range(start, LOW_OBP_ADDRESS);
3851 + }
3852 + if (end > HI_OBP_ADDRESS) {
3853 +- flush_tsb_kernel_range(end, HI_OBP_ADDRESS);
3854 +- do_flush_tlb_kernel_range(end, HI_OBP_ADDRESS);
3855 ++ flush_tsb_kernel_range(HI_OBP_ADDRESS, end);
3856 ++ do_flush_tlb_kernel_range(HI_OBP_ADDRESS, end);
3857 + }
3858 + } else {
3859 + flush_tsb_kernel_range(start, end);
3860 +diff --git a/arch/sparc/mm/init_64.h b/arch/sparc/mm/init_64.h
3861 +index 5d3782deb403..ac491193cb54 100644
3862 +--- a/arch/sparc/mm/init_64.h
3863 ++++ b/arch/sparc/mm/init_64.h
3864 +@@ -8,15 +8,8 @@
3865 + */
3866 +
3867 + #define MAX_PHYS_ADDRESS (1UL << MAX_PHYS_ADDRESS_BITS)
3868 +-#define KPTE_BITMAP_CHUNK_SZ (256UL * 1024UL * 1024UL)
3869 +-#define KPTE_BITMAP_BYTES \
3870 +- ((MAX_PHYS_ADDRESS / KPTE_BITMAP_CHUNK_SZ) / 4)
3871 +-#define VALID_ADDR_BITMAP_CHUNK_SZ (4UL * 1024UL * 1024UL)
3872 +-#define VALID_ADDR_BITMAP_BYTES \
3873 +- ((MAX_PHYS_ADDRESS / VALID_ADDR_BITMAP_CHUNK_SZ) / 8)
3874 +
3875 + extern unsigned long kern_linear_pte_xor[4];
3876 +-extern unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
3877 + extern unsigned int sparc64_highest_unlocked_tlb_ent;
3878 + extern unsigned long sparc64_kern_pri_context;
3879 + extern unsigned long sparc64_kern_pri_nuc_bits;
3880 +@@ -38,15 +31,4 @@ extern unsigned long kern_locked_tte_data;
3881 +
3882 + extern void prom_world(int enter);
3883 +
3884 +-#ifdef CONFIG_SPARSEMEM_VMEMMAP
3885 +-#define VMEMMAP_CHUNK_SHIFT 22
3886 +-#define VMEMMAP_CHUNK (1UL << VMEMMAP_CHUNK_SHIFT)
3887 +-#define VMEMMAP_CHUNK_MASK ~(VMEMMAP_CHUNK - 1UL)
3888 +-#define VMEMMAP_ALIGN(x) (((x)+VMEMMAP_CHUNK-1UL)&VMEMMAP_CHUNK_MASK)
3889 +-
3890 +-#define VMEMMAP_SIZE ((((1UL << MAX_PHYSADDR_BITS) >> PAGE_SHIFT) * \
3891 +- sizeof(struct page)) >> VMEMMAP_CHUNK_SHIFT)
3892 +-extern unsigned long vmemmap_table[VMEMMAP_SIZE];
3893 +-#endif
3894 +-
3895 + #endif /* _SPARC64_MM_INIT_H */
3896 +diff --git a/arch/sparc/power/hibernate_asm.S b/arch/sparc/power/hibernate_asm.S
3897 +index 79942166df84..d7d9017dcb15 100644
3898 +--- a/arch/sparc/power/hibernate_asm.S
3899 ++++ b/arch/sparc/power/hibernate_asm.S
3900 +@@ -54,8 +54,8 @@ ENTRY(swsusp_arch_resume)
3901 + nop
3902 +
3903 + /* Write PAGE_OFFSET to %g7 */
3904 +- sethi %uhi(PAGE_OFFSET), %g7
3905 +- sllx %g7, 32, %g7
3906 ++ sethi %hi(PAGE_OFFSET), %g7
3907 ++ ldx [%g7 + %lo(PAGE_OFFSET)], %g7
3908 +
3909 + setuw (PAGE_SIZE-8), %g3
3910 +
3911 +diff --git a/arch/sparc/prom/bootstr_64.c b/arch/sparc/prom/bootstr_64.c
3912 +index ab9ccc63b388..7149e77714a4 100644
3913 +--- a/arch/sparc/prom/bootstr_64.c
3914 ++++ b/arch/sparc/prom/bootstr_64.c
3915 +@@ -14,7 +14,10 @@
3916 + * the .bss section or it will break things.
3917 + */
3918 +
3919 +-#define BARG_LEN 256
3920 ++/* We limit BARG_LEN to 1024 because this is the size of the
3921 ++ * 'barg_out' command line buffer in the SILO bootloader.
3922 ++ */
3923 ++#define BARG_LEN 1024
3924 + struct {
3925 + int bootstr_len;
3926 + int bootstr_valid;
3927 +diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
3928 +index 9c86b4b7d429..8050f381f518 100644
3929 +--- a/arch/sparc/prom/cif.S
3930 ++++ b/arch/sparc/prom/cif.S
3931 +@@ -11,11 +11,10 @@
3932 + .text
3933 + .globl prom_cif_direct
3934 + prom_cif_direct:
3935 ++ save %sp, -192, %sp
3936 + sethi %hi(p1275buf), %o1
3937 + or %o1, %lo(p1275buf), %o1
3938 +- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
3939 +- save %o2, -192, %sp
3940 +- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
3941 ++ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
3942 + mov %g4, %l0
3943 + mov %g5, %l1
3944 + mov %g6, %l3
3945 +diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
3946 +index d95db755828f..110b0d78b864 100644
3947 +--- a/arch/sparc/prom/init_64.c
3948 ++++ b/arch/sparc/prom/init_64.c
3949 +@@ -26,13 +26,13 @@ phandle prom_chosen_node;
3950 + * It gets passed the pointer to the PROM vector.
3951 + */
3952 +
3953 +-extern void prom_cif_init(void *, void *);
3954 ++extern void prom_cif_init(void *);
3955 +
3956 +-void __init prom_init(void *cif_handler, void *cif_stack)
3957 ++void __init prom_init(void *cif_handler)
3958 + {
3959 + phandle node;
3960 +
3961 +- prom_cif_init(cif_handler, cif_stack);
3962 ++ prom_cif_init(cif_handler);
3963 +
3964 + prom_chosen_node = prom_finddevice(prom_chosen_path);
3965 + if (!prom_chosen_node || (s32)prom_chosen_node == -1)
3966 +diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
3967 +index e58b81726319..545d8bb79b65 100644
3968 +--- a/arch/sparc/prom/p1275.c
3969 ++++ b/arch/sparc/prom/p1275.c
3970 +@@ -9,6 +9,7 @@
3971 + #include <linux/smp.h>
3972 + #include <linux/string.h>
3973 + #include <linux/spinlock.h>
3974 ++#include <linux/irqflags.h>
3975 +
3976 + #include <asm/openprom.h>
3977 + #include <asm/oplib.h>
3978 +@@ -19,7 +20,6 @@
3979 + struct {
3980 + long prom_callback; /* 0x00 */
3981 + void (*prom_cif_handler)(long *); /* 0x08 */
3982 +- unsigned long prom_cif_stack; /* 0x10 */
3983 + } p1275buf;
3984 +
3985 + extern void prom_world(int);
3986 +@@ -36,8 +36,8 @@ void p1275_cmd_direct(unsigned long *args)
3987 + {
3988 + unsigned long flags;
3989 +
3990 +- raw_local_save_flags(flags);
3991 +- raw_local_irq_restore((unsigned long)PIL_NMI);
3992 ++ local_save_flags(flags);
3993 ++ local_irq_restore((unsigned long)PIL_NMI);
3994 + raw_spin_lock(&prom_entry_lock);
3995 +
3996 + prom_world(1);
3997 +@@ -45,11 +45,10 @@ void p1275_cmd_direct(unsigned long *args)
3998 + prom_world(0);
3999 +
4000 + raw_spin_unlock(&prom_entry_lock);
4001 +- raw_local_irq_restore(flags);
4002 ++ local_irq_restore(flags);
4003 + }
4004 +
4005 + void prom_cif_init(void *cif_handler, void *cif_stack)
4006 + {
4007 + p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
4008 +- p1275buf.prom_cif_stack = (unsigned long)cif_stack;
4009 + }
4010 +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
4011 +index d71d5ac78e42..ac63ea4af5b0 100644
4012 +--- a/arch/x86/include/asm/kvm_host.h
4013 ++++ b/arch/x86/include/asm/kvm_host.h
4014 +@@ -480,6 +480,7 @@ struct kvm_vcpu_arch {
4015 + u64 mmio_gva;
4016 + unsigned access;
4017 + gfn_t mmio_gfn;
4018 ++ u64 mmio_gen;
4019 +
4020 + struct kvm_pmu pmu;
4021 +
4022 +diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
4023 +index 5cd9bfabd645..c1a07d33e67e 100644
4024 +--- a/arch/x86/kernel/cpu/intel.c
4025 ++++ b/arch/x86/kernel/cpu/intel.c
4026 +@@ -153,6 +153,21 @@ static void early_init_intel(struct cpuinfo_x86 *c)
4027 + setup_clear_cpu_cap(X86_FEATURE_ERMS);
4028 + }
4029 + }
4030 ++
4031 ++ /*
4032 ++ * Intel Quark Core DevMan_001.pdf section 6.4.11
4033 ++ * "The operating system also is required to invalidate (i.e., flush)
4034 ++ * the TLB when any changes are made to any of the page table entries.
4035 ++ * The operating system must reload CR3 to cause the TLB to be flushed"
4036 ++ *
4037 ++ * As a result cpu_has_pge() in arch/x86/include/asm/tlbflush.h should
4038 ++ * be false so that __flush_tlb_all() causes CR3 insted of CR4.PGE
4039 ++ * to be modified
4040 ++ */
4041 ++ if (c->x86 == 5 && c->x86_model == 9) {
4042 ++ pr_info("Disabling PGE capability bit\n");
4043 ++ setup_clear_cpu_cap(X86_FEATURE_PGE);
4044 ++ }
4045 + }
4046 +
4047 + #ifdef CONFIG_X86_32
4048 +diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
4049 +index 9b531351a587..49088b8a3ee3 100644
4050 +--- a/arch/x86/kvm/mmu.c
4051 ++++ b/arch/x86/kvm/mmu.c
4052 +@@ -198,16 +198,20 @@ void kvm_mmu_set_mmio_spte_mask(u64 mmio_mask)
4053 + EXPORT_SYMBOL_GPL(kvm_mmu_set_mmio_spte_mask);
4054 +
4055 + /*
4056 +- * spte bits of bit 3 ~ bit 11 are used as low 9 bits of generation number,
4057 +- * the bits of bits 52 ~ bit 61 are used as high 10 bits of generation
4058 +- * number.
4059 ++ * the low bit of the generation number is always presumed to be zero.
4060 ++ * This disables mmio caching during memslot updates. The concept is
4061 ++ * similar to a seqcount but instead of retrying the access we just punt
4062 ++ * and ignore the cache.
4063 ++ *
4064 ++ * spte bits 3-11 are used as bits 1-9 of the generation number,
4065 ++ * the bits 52-61 are used as bits 10-19 of the generation number.
4066 + */
4067 +-#define MMIO_SPTE_GEN_LOW_SHIFT 3
4068 ++#define MMIO_SPTE_GEN_LOW_SHIFT 2
4069 + #define MMIO_SPTE_GEN_HIGH_SHIFT 52
4070 +
4071 +-#define MMIO_GEN_SHIFT 19
4072 +-#define MMIO_GEN_LOW_SHIFT 9
4073 +-#define MMIO_GEN_LOW_MASK ((1 << MMIO_GEN_LOW_SHIFT) - 1)
4074 ++#define MMIO_GEN_SHIFT 20
4075 ++#define MMIO_GEN_LOW_SHIFT 10
4076 ++#define MMIO_GEN_LOW_MASK ((1 << MMIO_GEN_LOW_SHIFT) - 2)
4077 + #define MMIO_GEN_MASK ((1 << MMIO_GEN_SHIFT) - 1)
4078 + #define MMIO_MAX_GEN ((1 << MMIO_GEN_SHIFT) - 1)
4079 +
4080 +@@ -3157,7 +3161,7 @@ static void mmu_sync_roots(struct kvm_vcpu *vcpu)
4081 + if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
4082 + return;
4083 +
4084 +- vcpu_clear_mmio_info(vcpu, ~0ul);
4085 ++ vcpu_clear_mmio_info(vcpu, MMIO_GVA_ANY);
4086 + kvm_mmu_audit(vcpu, AUDIT_PRE_SYNC);
4087 + if (vcpu->arch.mmu.root_level == PT64_ROOT_LEVEL) {
4088 + hpa_t root = vcpu->arch.mmu.root_hpa;
4089 +@@ -4379,7 +4383,7 @@ void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm)
4090 + * The very rare case: if the generation-number is round,
4091 + * zap all shadow pages.
4092 + */
4093 +- if (unlikely(kvm_current_mmio_generation(kvm) >= MMIO_MAX_GEN)) {
4094 ++ if (unlikely(kvm_current_mmio_generation(kvm) == 0)) {
4095 + printk_ratelimited(KERN_INFO "kvm: zapping shadow pages for mmio generation wraparound\n");
4096 + kvm_mmu_invalidate_zap_all_pages(kvm);
4097 + }
4098 +diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
4099 +index 8da5823bcde6..21ea4fc91b5b 100644
4100 +--- a/arch/x86/kvm/x86.h
4101 ++++ b/arch/x86/kvm/x86.h
4102 +@@ -78,15 +78,23 @@ static inline void vcpu_cache_mmio_info(struct kvm_vcpu *vcpu,
4103 + vcpu->arch.mmio_gva = gva & PAGE_MASK;
4104 + vcpu->arch.access = access;
4105 + vcpu->arch.mmio_gfn = gfn;
4106 ++ vcpu->arch.mmio_gen = kvm_memslots(vcpu->kvm)->generation;
4107 ++}
4108 ++
4109 ++static inline bool vcpu_match_mmio_gen(struct kvm_vcpu *vcpu)
4110 ++{
4111 ++ return vcpu->arch.mmio_gen == kvm_memslots(vcpu->kvm)->generation;
4112 + }
4113 +
4114 + /*
4115 +- * Clear the mmio cache info for the given gva,
4116 +- * specially, if gva is ~0ul, we clear all mmio cache info.
4117 ++ * Clear the mmio cache info for the given gva. If gva is MMIO_GVA_ANY, we
4118 ++ * clear all mmio cache info.
4119 + */
4120 ++#define MMIO_GVA_ANY (~(gva_t)0)
4121 ++
4122 + static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
4123 + {
4124 +- if (gva != (~0ul) && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
4125 ++ if (gva != MMIO_GVA_ANY && vcpu->arch.mmio_gva != (gva & PAGE_MASK))
4126 + return;
4127 +
4128 + vcpu->arch.mmio_gva = 0;
4129 +@@ -94,7 +102,8 @@ static inline void vcpu_clear_mmio_info(struct kvm_vcpu *vcpu, gva_t gva)
4130 +
4131 + static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
4132 + {
4133 +- if (vcpu->arch.mmio_gva && vcpu->arch.mmio_gva == (gva & PAGE_MASK))
4134 ++ if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gva &&
4135 ++ vcpu->arch.mmio_gva == (gva & PAGE_MASK))
4136 + return true;
4137 +
4138 + return false;
4139 +@@ -102,7 +111,8 @@ static inline bool vcpu_match_mmio_gva(struct kvm_vcpu *vcpu, unsigned long gva)
4140 +
4141 + static inline bool vcpu_match_mmio_gpa(struct kvm_vcpu *vcpu, gpa_t gpa)
4142 + {
4143 +- if (vcpu->arch.mmio_gfn && vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
4144 ++ if (vcpu_match_mmio_gen(vcpu) && vcpu->arch.mmio_gfn &&
4145 ++ vcpu->arch.mmio_gfn == gpa >> PAGE_SHIFT)
4146 + return true;
4147 +
4148 + return false;
4149 +diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
4150 +index 3c562f5a60bb..e1bce26cd4f9 100644
4151 +--- a/crypto/async_tx/async_xor.c
4152 ++++ b/crypto/async_tx/async_xor.c
4153 +@@ -78,8 +78,6 @@ do_async_xor(struct dma_chan *chan, struct dmaengine_unmap_data *unmap,
4154 + tx = dma->device_prep_dma_xor(chan, dma_dest, src_list,
4155 + xor_src_cnt, unmap->len,
4156 + dma_flags);
4157 +- src_list[0] = tmp;
4158 +-
4159 +
4160 + if (unlikely(!tx))
4161 + async_tx_quiesce(&submit->depend_tx);
4162 +@@ -92,6 +90,7 @@ do_async_xor(struct dma_chan *chan, struct dmaengine_unmap_data *unmap,
4163 + xor_src_cnt, unmap->len,
4164 + dma_flags);
4165 + }
4166 ++ src_list[0] = tmp;
4167 +
4168 + dma_set_unmap(tx, unmap);
4169 + async_tx_submit(chan, tx, submit);
4170 +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
4171 +index c30df50e4440..2495ee577a64 100644
4172 +--- a/drivers/base/firmware_class.c
4173 ++++ b/drivers/base/firmware_class.c
4174 +@@ -1081,6 +1081,9 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
4175 + if (!firmware_p)
4176 + return -EINVAL;
4177 +
4178 ++ if (!name || name[0] == '\0')
4179 ++ return -EINVAL;
4180 ++
4181 + ret = _request_firmware_prepare(&fw, name, device);
4182 + if (ret <= 0) /* error or already assigned */
4183 + goto out;
4184 +diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
4185 +index c5471cd6ebb7..d39fd610aa3b 100644
4186 +--- a/drivers/base/regmap/regmap-debugfs.c
4187 ++++ b/drivers/base/regmap/regmap-debugfs.c
4188 +@@ -473,6 +473,7 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
4189 + {
4190 + struct rb_node *next;
4191 + struct regmap_range_node *range_node;
4192 ++ const char *devname = "dummy";
4193 +
4194 + /* If we don't have the debugfs root yet, postpone init */
4195 + if (!regmap_debugfs_root) {
4196 +@@ -491,12 +492,15 @@ void regmap_debugfs_init(struct regmap *map, const char *name)
4197 + INIT_LIST_HEAD(&map->debugfs_off_cache);
4198 + mutex_init(&map->cache_lock);
4199 +
4200 ++ if (map->dev)
4201 ++ devname = dev_name(map->dev);
4202 ++
4203 + if (name) {
4204 + map->debugfs_name = kasprintf(GFP_KERNEL, "%s-%s",
4205 +- dev_name(map->dev), name);
4206 ++ devname, name);
4207 + name = map->debugfs_name;
4208 + } else {
4209 +- name = dev_name(map->dev);
4210 ++ name = devname;
4211 + }
4212 +
4213 + map->debugfs = debugfs_create_dir(name, regmap_debugfs_root);
4214 +diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
4215 +index 2ea056c09aeb..f6cff3be0ed7 100644
4216 +--- a/drivers/base/regmap/regmap.c
4217 ++++ b/drivers/base/regmap/regmap.c
4218 +@@ -1308,7 +1308,7 @@ int _regmap_write(struct regmap *map, unsigned int reg,
4219 + }
4220 +
4221 + #ifdef LOG_DEVICE
4222 +- if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4223 ++ if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4224 + dev_info(map->dev, "%x <= %x\n", reg, val);
4225 + #endif
4226 +
4227 +@@ -1557,6 +1557,9 @@ int regmap_bulk_write(struct regmap *map, unsigned int reg, const void *val,
4228 + } else {
4229 + void *wval;
4230 +
4231 ++ if (!val_count)
4232 ++ return -EINVAL;
4233 ++
4234 + wval = kmemdup(val, val_count * val_bytes, GFP_KERNEL);
4235 + if (!wval) {
4236 + ret = -ENOMEM;
4237 +@@ -1739,7 +1742,7 @@ static int _regmap_read(struct regmap *map, unsigned int reg,
4238 + ret = map->reg_read(context, reg, val);
4239 + if (ret == 0) {
4240 + #ifdef LOG_DEVICE
4241 +- if (strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4242 ++ if (map->dev && strcmp(dev_name(map->dev), LOG_DEVICE) == 0)
4243 + dev_info(map->dev, "%x => %x\n", reg, *val);
4244 + #endif
4245 +
4246 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
4247 +index 1c7b5040d921..e00c3f84a4cf 100644
4248 +--- a/drivers/bluetooth/btusb.c
4249 ++++ b/drivers/bluetooth/btusb.c
4250 +@@ -309,6 +309,9 @@ static void btusb_intr_complete(struct urb *urb)
4251 + BT_ERR("%s corrupted event packet", hdev->name);
4252 + hdev->stat.err_rx++;
4253 + }
4254 ++ } else if (urb->status == -ENOENT) {
4255 ++ /* Avoid suspend failed when usb_kill_urb */
4256 ++ return;
4257 + }
4258 +
4259 + if (!test_bit(BTUSB_INTR_RUNNING, &data->flags))
4260 +@@ -397,6 +400,9 @@ static void btusb_bulk_complete(struct urb *urb)
4261 + BT_ERR("%s corrupted ACL packet", hdev->name);
4262 + hdev->stat.err_rx++;
4263 + }
4264 ++ } else if (urb->status == -ENOENT) {
4265 ++ /* Avoid suspend failed when usb_kill_urb */
4266 ++ return;
4267 + }
4268 +
4269 + if (!test_bit(BTUSB_BULK_RUNNING, &data->flags))
4270 +@@ -491,6 +497,9 @@ static void btusb_isoc_complete(struct urb *urb)
4271 + hdev->stat.err_rx++;
4272 + }
4273 + }
4274 ++ } else if (urb->status == -ENOENT) {
4275 ++ /* Avoid suspend failed when usb_kill_urb */
4276 ++ return;
4277 + }
4278 +
4279 + if (!test_bit(BTUSB_ISOC_RUNNING, &data->flags))
4280 +diff --git a/drivers/bluetooth/hci_h5.c b/drivers/bluetooth/hci_h5.c
4281 +index e36a0245f2c1..56519927479f 100644
4282 +--- a/drivers/bluetooth/hci_h5.c
4283 ++++ b/drivers/bluetooth/hci_h5.c
4284 +@@ -237,7 +237,7 @@ static void h5_pkt_cull(struct h5 *h5)
4285 + break;
4286 +
4287 + to_remove--;
4288 +- seq = (seq - 1) % 8;
4289 ++ seq = (seq - 1) & 0x07;
4290 + }
4291 +
4292 + if (seq != h5->rx_ack)
4293 +diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
4294 +index 69ea36f07b4d..e99e71a6ea59 100644
4295 +--- a/drivers/hv/channel.c
4296 ++++ b/drivers/hv/channel.c
4297 +@@ -164,8 +164,10 @@ int vmbus_open(struct vmbus_channel *newchannel, u32 send_ringbuffer_size,
4298 + ret = vmbus_post_msg(open_msg,
4299 + sizeof(struct vmbus_channel_open_channel));
4300 +
4301 +- if (ret != 0)
4302 ++ if (ret != 0) {
4303 ++ err = ret;
4304 + goto error1;
4305 ++ }
4306 +
4307 + t = wait_for_completion_timeout(&open_info->waitevent, 5*HZ);
4308 + if (t == 0) {
4309 +@@ -362,7 +364,6 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
4310 + u32 next_gpadl_handle;
4311 + unsigned long flags;
4312 + int ret = 0;
4313 +- int t;
4314 +
4315 + next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
4316 + atomic_inc(&vmbus_connection.next_gpadl_handle);
4317 +@@ -409,9 +410,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
4318 +
4319 + }
4320 + }
4321 +- t = wait_for_completion_timeout(&msginfo->waitevent, 5*HZ);
4322 +- BUG_ON(t == 0);
4323 +-
4324 ++ wait_for_completion(&msginfo->waitevent);
4325 +
4326 + /* At this point, we received the gpadl created msg */
4327 + *gpadl_handle = gpadlmsg->gpadl;
4328 +@@ -434,7 +433,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4329 + struct vmbus_channel_gpadl_teardown *msg;
4330 + struct vmbus_channel_msginfo *info;
4331 + unsigned long flags;
4332 +- int ret, t;
4333 ++ int ret;
4334 +
4335 + info = kmalloc(sizeof(*info) +
4336 + sizeof(struct vmbus_channel_gpadl_teardown), GFP_KERNEL);
4337 +@@ -456,11 +455,12 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4338 + ret = vmbus_post_msg(msg,
4339 + sizeof(struct vmbus_channel_gpadl_teardown));
4340 +
4341 +- BUG_ON(ret != 0);
4342 +- t = wait_for_completion_timeout(&info->waitevent, 5*HZ);
4343 +- BUG_ON(t == 0);
4344 ++ if (ret)
4345 ++ goto post_msg_err;
4346 ++
4347 ++ wait_for_completion(&info->waitevent);
4348 +
4349 +- /* Received a torndown response */
4350 ++post_msg_err:
4351 + spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
4352 + list_del(&info->msglistentry);
4353 + spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
4354 +@@ -470,7 +470,7 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, u32 gpadl_handle)
4355 + }
4356 + EXPORT_SYMBOL_GPL(vmbus_teardown_gpadl);
4357 +
4358 +-static void vmbus_close_internal(struct vmbus_channel *channel)
4359 ++static int vmbus_close_internal(struct vmbus_channel *channel)
4360 + {
4361 + struct vmbus_channel_close_channel *msg;
4362 + int ret;
4363 +@@ -492,11 +492,28 @@ static void vmbus_close_internal(struct vmbus_channel *channel)
4364 +
4365 + ret = vmbus_post_msg(msg, sizeof(struct vmbus_channel_close_channel));
4366 +
4367 +- BUG_ON(ret != 0);
4368 ++ if (ret) {
4369 ++ pr_err("Close failed: close post msg return is %d\n", ret);
4370 ++ /*
4371 ++ * If we failed to post the close msg,
4372 ++ * it is perhaps better to leak memory.
4373 ++ */
4374 ++ return ret;
4375 ++ }
4376 ++
4377 + /* Tear down the gpadl for the channel's ring buffer */
4378 +- if (channel->ringbuffer_gpadlhandle)
4379 +- vmbus_teardown_gpadl(channel,
4380 +- channel->ringbuffer_gpadlhandle);
4381 ++ if (channel->ringbuffer_gpadlhandle) {
4382 ++ ret = vmbus_teardown_gpadl(channel,
4383 ++ channel->ringbuffer_gpadlhandle);
4384 ++ if (ret) {
4385 ++ pr_err("Close failed: teardown gpadl return %d\n", ret);
4386 ++ /*
4387 ++ * If we failed to teardown gpadl,
4388 ++ * it is perhaps better to leak memory.
4389 ++ */
4390 ++ return ret;
4391 ++ }
4392 ++ }
4393 +
4394 + /* Cleanup the ring buffers for this channel */
4395 + hv_ringbuffer_cleanup(&channel->outbound);
4396 +@@ -505,7 +522,7 @@ static void vmbus_close_internal(struct vmbus_channel *channel)
4397 + free_pages((unsigned long)channel->ringbuffer_pages,
4398 + get_order(channel->ringbuffer_pagecount * PAGE_SIZE));
4399 +
4400 +-
4401 ++ return ret;
4402 + }
4403 +
4404 + /*
4405 +diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
4406 +index ce5a9f2584f3..d8fd95cb0456 100644
4407 +--- a/drivers/hv/connection.c
4408 ++++ b/drivers/hv/connection.c
4409 +@@ -408,10 +408,21 @@ int vmbus_post_msg(void *buffer, size_t buflen)
4410 + * insufficient resources. Retry the operation a couple of
4411 + * times before giving up.
4412 + */
4413 +- while (retries < 3) {
4414 +- ret = hv_post_message(conn_id, 1, buffer, buflen);
4415 +- if (ret != HV_STATUS_INSUFFICIENT_BUFFERS)
4416 ++ while (retries < 10) {
4417 ++ ret = hv_post_message(conn_id, 1, buffer, buflen);
4418 ++
4419 ++ switch (ret) {
4420 ++ case HV_STATUS_INSUFFICIENT_BUFFERS:
4421 ++ ret = -ENOMEM;
4422 ++ case -ENOMEM:
4423 ++ break;
4424 ++ case HV_STATUS_SUCCESS:
4425 + return ret;
4426 ++ default:
4427 ++ pr_err("hv_post_msg() failed; error code:%d\n", ret);
4428 ++ return -EINVAL;
4429 ++ }
4430 ++
4431 + retries++;
4432 + msleep(100);
4433 + }
4434 +diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c
4435 +index 5653e505f91f..424f51d1e2ce 100644
4436 +--- a/drivers/message/fusion/mptspi.c
4437 ++++ b/drivers/message/fusion/mptspi.c
4438 +@@ -1422,6 +1422,11 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id)
4439 + goto out_mptspi_probe;
4440 + }
4441 +
4442 ++ /* VMWare emulation doesn't properly implement WRITE_SAME
4443 ++ */
4444 ++ if (pdev->subsystem_vendor == 0x15AD)
4445 ++ sh->no_write_same = 1;
4446 ++
4447 + spin_lock_irqsave(&ioc->FreeQlock, flags);
4448 +
4449 + /* Attach the SCSI Host to the IOC structure
4450 +diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c
4451 +index 4bc7d620d695..9a07bba3ade4 100644
4452 +--- a/drivers/misc/mei/bus.c
4453 ++++ b/drivers/misc/mei/bus.c
4454 +@@ -71,7 +71,7 @@ static int mei_cl_device_probe(struct device *dev)
4455 +
4456 + dev_dbg(dev, "Device probe\n");
4457 +
4458 +- strncpy(id.name, dev_name(dev), sizeof(id.name));
4459 ++ strlcpy(id.name, dev_name(dev), sizeof(id.name));
4460 +
4461 + return driver->probe(device, &id);
4462 + }
4463 +diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
4464 +index df1f5e732ab5..1ac33d9cd396 100644
4465 +--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
4466 ++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
4467 +@@ -272,6 +272,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
4468 + {IWL_PCI_DEVICE(0x08B1, 0x4070, iwl7260_2ac_cfg)},
4469 + {IWL_PCI_DEVICE(0x08B1, 0x4072, iwl7260_2ac_cfg)},
4470 + {IWL_PCI_DEVICE(0x08B1, 0x4170, iwl7260_2ac_cfg)},
4471 ++ {IWL_PCI_DEVICE(0x08B1, 0x4C60, iwl7260_2ac_cfg)},
4472 ++ {IWL_PCI_DEVICE(0x08B1, 0x4C70, iwl7260_2ac_cfg)},
4473 + {IWL_PCI_DEVICE(0x08B1, 0x4060, iwl7260_2n_cfg)},
4474 + {IWL_PCI_DEVICE(0x08B1, 0x406A, iwl7260_2n_cfg)},
4475 + {IWL_PCI_DEVICE(0x08B1, 0x4160, iwl7260_2n_cfg)},
4476 +@@ -315,6 +317,8 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
4477 + {IWL_PCI_DEVICE(0x08B1, 0xC770, iwl7260_2ac_cfg)},
4478 + {IWL_PCI_DEVICE(0x08B1, 0xC760, iwl7260_2n_cfg)},
4479 + {IWL_PCI_DEVICE(0x08B2, 0xC270, iwl7260_2ac_cfg)},
4480 ++ {IWL_PCI_DEVICE(0x08B1, 0xCC70, iwl7260_2ac_cfg)},
4481 ++ {IWL_PCI_DEVICE(0x08B1, 0xCC60, iwl7260_2ac_cfg)},
4482 + {IWL_PCI_DEVICE(0x08B2, 0xC272, iwl7260_2ac_cfg)},
4483 + {IWL_PCI_DEVICE(0x08B2, 0xC260, iwl7260_2n_cfg)},
4484 + {IWL_PCI_DEVICE(0x08B2, 0xC26A, iwl7260_n_cfg)},
4485 +diff --git a/drivers/net/wireless/rt2x00/rt2800.h b/drivers/net/wireless/rt2x00/rt2800.h
4486 +index a394a9a95919..7cf6081a05a1 100644
4487 +--- a/drivers/net/wireless/rt2x00/rt2800.h
4488 ++++ b/drivers/net/wireless/rt2x00/rt2800.h
4489 +@@ -2039,7 +2039,7 @@ struct mac_iveiv_entry {
4490 + * 2 - drop tx power by 12dBm,
4491 + * 3 - increase tx power by 6dBm
4492 + */
4493 +-#define BBP1_TX_POWER_CTRL FIELD8(0x07)
4494 ++#define BBP1_TX_POWER_CTRL FIELD8(0x03)
4495 + #define BBP1_TX_ANTENNA FIELD8(0x18)
4496 +
4497 + /*
4498 +diff --git a/drivers/pci/host/pci-mvebu.c b/drivers/pci/host/pci-mvebu.c
4499 +index 483d9ad89705..97736674ddcd 100644
4500 +--- a/drivers/pci/host/pci-mvebu.c
4501 ++++ b/drivers/pci/host/pci-mvebu.c
4502 +@@ -855,7 +855,7 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
4503 + rangesz = pna + na + ns;
4504 + nranges = rlen / sizeof(__be32) / rangesz;
4505 +
4506 +- for (i = 0; i < nranges; i++) {
4507 ++ for (i = 0; i < nranges; i++, range += rangesz) {
4508 + u32 flags = of_read_number(range, 1);
4509 + u32 slot = of_read_number(range + 1, 1);
4510 + u64 cpuaddr = of_read_number(range + na, pna);
4511 +@@ -865,14 +865,14 @@ static int mvebu_get_tgt_attr(struct device_node *np, int devfn,
4512 + rtype = IORESOURCE_IO;
4513 + else if (DT_FLAGS_TO_TYPE(flags) == DT_TYPE_MEM32)
4514 + rtype = IORESOURCE_MEM;
4515 ++ else
4516 ++ continue;
4517 +
4518 + if (slot == PCI_SLOT(devfn) && type == rtype) {
4519 + *tgt = DT_CPUADDR_TO_TARGET(cpuaddr);
4520 + *attr = DT_CPUADDR_TO_ATTR(cpuaddr);
4521 + return 0;
4522 + }
4523 +-
4524 +- range += rangesz;
4525 + }
4526 +
4527 + return -ENOENT;
4528 +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
4529 +index 276ef9c18802..39a207abaa10 100644
4530 +--- a/drivers/pci/pci-sysfs.c
4531 ++++ b/drivers/pci/pci-sysfs.c
4532 +@@ -178,7 +178,7 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
4533 + {
4534 + struct pci_dev *pci_dev = to_pci_dev(dev);
4535 +
4536 +- return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02x\n",
4537 ++ return sprintf(buf, "pci:v%08Xd%08Xsv%08Xsd%08Xbc%02Xsc%02Xi%02X\n",
4538 + pci_dev->vendor, pci_dev->device,
4539 + pci_dev->subsystem_vendor, pci_dev->subsystem_device,
4540 + (u8)(pci_dev->class >> 16), (u8)(pci_dev->class >> 8),
4541 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
4542 +index 813f437f3ee8..6e8776b59a2c 100644
4543 +--- a/drivers/pci/quirks.c
4544 ++++ b/drivers/pci/quirks.c
4545 +@@ -24,6 +24,7 @@
4546 + #include <linux/ioport.h>
4547 + #include <linux/sched.h>
4548 + #include <linux/ktime.h>
4549 ++#include <linux/mm.h>
4550 + #include <asm/dma.h> /* isa_dma_bridge_buggy */
4551 + #include "pci.h"
4552 +
4553 +@@ -287,6 +288,25 @@ static void quirk_citrine(struct pci_dev *dev)
4554 + }
4555 + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, PCI_DEVICE_ID_IBM_CITRINE, quirk_citrine);
4556 +
4557 ++/* On IBM Crocodile ipr SAS adapters, expand BAR to system page size */
4558 ++static void quirk_extend_bar_to_page(struct pci_dev *dev)
4559 ++{
4560 ++ int i;
4561 ++
4562 ++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) {
4563 ++ struct resource *r = &dev->resource[i];
4564 ++
4565 ++ if (r->flags & IORESOURCE_MEM && resource_size(r) < PAGE_SIZE) {
4566 ++ r->end = PAGE_SIZE - 1;
4567 ++ r->start = 0;
4568 ++ r->flags |= IORESOURCE_UNSET;
4569 ++ dev_info(&dev->dev, "expanded BAR %d to page size: %pR\n",
4570 ++ i, r);
4571 ++ }
4572 ++ }
4573 ++}
4574 ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_IBM, 0x034a, quirk_extend_bar_to_page);
4575 ++
4576 + /*
4577 + * S3 868 and 968 chips report region size equal to 32M, but they decode 64M.
4578 + * If it's needed, re-allocate the region.
4579 +diff --git a/drivers/scsi/be2iscsi/be_mgmt.c b/drivers/scsi/be2iscsi/be_mgmt.c
4580 +index b2fcac78feaa..5bb9406688c9 100644
4581 +--- a/drivers/scsi/be2iscsi/be_mgmt.c
4582 ++++ b/drivers/scsi/be2iscsi/be_mgmt.c
4583 +@@ -897,17 +897,20 @@ mgmt_static_ip_modify(struct beiscsi_hba *phba,
4584 +
4585 + if (ip_action == IP_ACTION_ADD) {
4586 + memcpy(req->ip_params.ip_record.ip_addr.addr, ip_param->value,
4587 +- ip_param->len);
4588 ++ sizeof(req->ip_params.ip_record.ip_addr.addr));
4589 +
4590 + if (subnet_param)
4591 + memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
4592 +- subnet_param->value, subnet_param->len);
4593 ++ subnet_param->value,
4594 ++ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
4595 + } else {
4596 + memcpy(req->ip_params.ip_record.ip_addr.addr,
4597 +- if_info->ip_addr.addr, ip_param->len);
4598 ++ if_info->ip_addr.addr,
4599 ++ sizeof(req->ip_params.ip_record.ip_addr.addr));
4600 +
4601 + memcpy(req->ip_params.ip_record.ip_addr.subnet_mask,
4602 +- if_info->ip_addr.subnet_mask, ip_param->len);
4603 ++ if_info->ip_addr.subnet_mask,
4604 ++ sizeof(req->ip_params.ip_record.ip_addr.subnet_mask));
4605 + }
4606 +
4607 + rc = mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
4608 +@@ -935,7 +938,7 @@ static int mgmt_modify_gateway(struct beiscsi_hba *phba, uint8_t *gt_addr,
4609 + req->action = gtway_action;
4610 + req->ip_addr.ip_type = BE2_IPV4;
4611 +
4612 +- memcpy(req->ip_addr.addr, gt_addr, param_len);
4613 ++ memcpy(req->ip_addr.addr, gt_addr, sizeof(req->ip_addr.addr));
4614 +
4615 + return mgmt_exec_nonemb_cmd(phba, &nonemb_cmd, NULL, 0);
4616 + }
4617 +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
4618 +index 83cb61266979..23c1b0cd3074 100644
4619 +--- a/drivers/scsi/qla2xxx/qla_os.c
4620 ++++ b/drivers/scsi/qla2xxx/qla_os.c
4621 +@@ -3039,10 +3039,8 @@ qla2x00_unmap_iobases(struct qla_hw_data *ha)
4622 + }
4623 +
4624 + static void
4625 +-qla2x00_clear_drv_active(scsi_qla_host_t *vha)
4626 ++qla2x00_clear_drv_active(struct qla_hw_data *ha)
4627 + {
4628 +- struct qla_hw_data *ha = vha->hw;
4629 +-
4630 + if (IS_QLA8044(ha)) {
4631 + qla8044_idc_lock(ha);
4632 + qla8044_clear_drv_active(ha);
4633 +@@ -3111,7 +3109,7 @@ qla2x00_remove_one(struct pci_dev *pdev)
4634 +
4635 + scsi_host_put(base_vha->host);
4636 +
4637 +- qla2x00_clear_drv_active(base_vha);
4638 ++ qla2x00_clear_drv_active(ha);
4639 +
4640 + qla2x00_unmap_iobases(ha);
4641 +
4642 +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
4643 +index 0cb73074c199..2f264ac79546 100644
4644 +--- a/drivers/scsi/qla2xxx/qla_target.c
4645 ++++ b/drivers/scsi/qla2xxx/qla_target.c
4646 +@@ -1382,12 +1382,10 @@ static inline void qlt_unmap_sg(struct scsi_qla_host *vha,
4647 + static int qlt_check_reserve_free_req(struct scsi_qla_host *vha,
4648 + uint32_t req_cnt)
4649 + {
4650 +- struct qla_hw_data *ha = vha->hw;
4651 +- device_reg_t __iomem *reg = ha->iobase;
4652 + uint32_t cnt;
4653 +
4654 + if (vha->req->cnt < (req_cnt + 2)) {
4655 +- cnt = (uint16_t)RD_REG_DWORD(&reg->isp24.req_q_out);
4656 ++ cnt = (uint16_t)RD_REG_DWORD(vha->req->req_q_out);
4657 +
4658 + ql_dbg(ql_dbg_tgt, vha, 0xe00a,
4659 + "Request ring circled: cnt=%d, vha->->ring_index=%d, "
4660 +diff --git a/drivers/spi/spi-dw-mid.c b/drivers/spi/spi-dw-mid.c
4661 +index 6d207afec8cb..a4c45ea8f688 100644
4662 +--- a/drivers/spi/spi-dw-mid.c
4663 ++++ b/drivers/spi/spi-dw-mid.c
4664 +@@ -89,7 +89,13 @@ err_exit:
4665 +
4666 + static void mid_spi_dma_exit(struct dw_spi *dws)
4667 + {
4668 ++ if (!dws->dma_inited)
4669 ++ return;
4670 ++
4671 ++ dmaengine_terminate_all(dws->txchan);
4672 + dma_release_channel(dws->txchan);
4673 ++
4674 ++ dmaengine_terminate_all(dws->rxchan);
4675 + dma_release_channel(dws->rxchan);
4676 + }
4677 +
4678 +@@ -136,7 +142,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
4679 + txconf.dst_addr = dws->dma_addr;
4680 + txconf.dst_maxburst = LNW_DMA_MSIZE_16;
4681 + txconf.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
4682 +- txconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
4683 ++ txconf.dst_addr_width = dws->dma_width;
4684 + txconf.device_fc = false;
4685 +
4686 + txchan->device->device_control(txchan, DMA_SLAVE_CONFIG,
4687 +@@ -159,7 +165,7 @@ static int mid_spi_dma_transfer(struct dw_spi *dws, int cs_change)
4688 + rxconf.src_addr = dws->dma_addr;
4689 + rxconf.src_maxburst = LNW_DMA_MSIZE_16;
4690 + rxconf.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
4691 +- rxconf.src_addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
4692 ++ rxconf.src_addr_width = dws->dma_width;
4693 + rxconf.device_fc = false;
4694 +
4695 + rxchan->device->device_control(rxchan, DMA_SLAVE_CONFIG,
4696 +diff --git a/drivers/tty/serial/omap-serial.c b/drivers/tty/serial/omap-serial.c
4697 +index db8434d3def9..f4e68b3fc39d 100644
4698 +--- a/drivers/tty/serial/omap-serial.c
4699 ++++ b/drivers/tty/serial/omap-serial.c
4700 +@@ -260,8 +260,16 @@ serial_omap_baud_is_mode16(struct uart_port *port, unsigned int baud)
4701 + {
4702 + unsigned int n13 = port->uartclk / (13 * baud);
4703 + unsigned int n16 = port->uartclk / (16 * baud);
4704 +- int baudAbsDiff13 = baud - (port->uartclk / (13 * n13));
4705 +- int baudAbsDiff16 = baud - (port->uartclk / (16 * n16));
4706 ++ int baudAbsDiff13;
4707 ++ int baudAbsDiff16;
4708 ++
4709 ++ if (n13 == 0)
4710 ++ n13 = 1;
4711 ++ if (n16 == 0)
4712 ++ n16 = 1;
4713 ++
4714 ++ baudAbsDiff13 = baud - (port->uartclk / (13 * n13));
4715 ++ baudAbsDiff16 = baud - (port->uartclk / (16 * n16));
4716 + if (baudAbsDiff13 < 0)
4717 + baudAbsDiff13 = -baudAbsDiff13;
4718 + if (baudAbsDiff16 < 0)
4719 +diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig
4720 +index 8154165aa601..fd13ef0a96c9 100644
4721 +--- a/drivers/usb/gadget/Kconfig
4722 ++++ b/drivers/usb/gadget/Kconfig
4723 +@@ -445,7 +445,7 @@ config USB_GOKU
4724 + gadget drivers to also be dynamically linked.
4725 +
4726 + config USB_EG20T
4727 +- tristate "Intel EG20T PCH/LAPIS Semiconductor IOH(ML7213/ML7831) UDC"
4728 ++ tristate "Intel QUARK X1000/EG20T PCH/LAPIS Semiconductor IOH(ML7213/ML7831) UDC"
4729 + depends on PCI
4730 + help
4731 + This is a USB device driver for EG20T PCH.
4732 +@@ -466,6 +466,7 @@ config USB_EG20T
4733 + ML7213/ML7831 is companion chip for Intel Atom E6xx series.
4734 + ML7213/ML7831 is completely compatible for Intel EG20T PCH.
4735 +
4736 ++ This driver can be used with Intel's Quark X1000 SOC platform
4737 + #
4738 + # LAST -- dummy/emulated controller
4739 + #
4740 +diff --git a/drivers/usb/gadget/pch_udc.c b/drivers/usb/gadget/pch_udc.c
4741 +index eb8c3bedb57a..460d953c91b6 100644
4742 +--- a/drivers/usb/gadget/pch_udc.c
4743 ++++ b/drivers/usb/gadget/pch_udc.c
4744 +@@ -343,6 +343,7 @@ struct pch_vbus_gpio_data {
4745 + * @setup_data: Received setup data
4746 + * @phys_addr: of device memory
4747 + * @base_addr: for mapped device memory
4748 ++ * @bar: Indicates which PCI BAR for USB regs
4749 + * @irq: IRQ line for the device
4750 + * @cfg_data: current cfg, intf, and alt in use
4751 + * @vbus_gpio: GPIO informaton for detecting VBUS
4752 +@@ -370,14 +371,17 @@ struct pch_udc_dev {
4753 + struct usb_ctrlrequest setup_data;
4754 + unsigned long phys_addr;
4755 + void __iomem *base_addr;
4756 ++ unsigned bar;
4757 + unsigned irq;
4758 + struct pch_udc_cfg_data cfg_data;
4759 + struct pch_vbus_gpio_data vbus_gpio;
4760 + };
4761 + #define to_pch_udc(g) (container_of((g), struct pch_udc_dev, gadget))
4762 +
4763 ++#define PCH_UDC_PCI_BAR_QUARK_X1000 0
4764 + #define PCH_UDC_PCI_BAR 1
4765 + #define PCI_DEVICE_ID_INTEL_EG20T_UDC 0x8808
4766 ++#define PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC 0x0939
4767 + #define PCI_VENDOR_ID_ROHM 0x10DB
4768 + #define PCI_DEVICE_ID_ML7213_IOH_UDC 0x801D
4769 + #define PCI_DEVICE_ID_ML7831_IOH_UDC 0x8808
4770 +@@ -3076,7 +3080,7 @@ static void pch_udc_remove(struct pci_dev *pdev)
4771 + iounmap(dev->base_addr);
4772 + if (dev->mem_region)
4773 + release_mem_region(dev->phys_addr,
4774 +- pci_resource_len(pdev, PCH_UDC_PCI_BAR));
4775 ++ pci_resource_len(pdev, dev->bar));
4776 + if (dev->active)
4777 + pci_disable_device(pdev);
4778 + kfree(dev);
4779 +@@ -3144,9 +3148,15 @@ static int pch_udc_probe(struct pci_dev *pdev,
4780 + dev->active = 1;
4781 + pci_set_drvdata(pdev, dev);
4782 +
4783 ++ /* Determine BAR based on PCI ID */
4784 ++ if (id->device == PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC)
4785 ++ dev->bar = PCH_UDC_PCI_BAR_QUARK_X1000;
4786 ++ else
4787 ++ dev->bar = PCH_UDC_PCI_BAR;
4788 ++
4789 + /* PCI resource allocation */
4790 +- resource = pci_resource_start(pdev, 1);
4791 +- len = pci_resource_len(pdev, 1);
4792 ++ resource = pci_resource_start(pdev, dev->bar);
4793 ++ len = pci_resource_len(pdev, dev->bar);
4794 +
4795 + if (!request_mem_region(resource, len, KBUILD_MODNAME)) {
4796 + dev_err(&pdev->dev, "%s: pci device used already\n", __func__);
4797 +@@ -3212,6 +3222,12 @@ finished:
4798 +
4799 + static const struct pci_device_id pch_udc_pcidev_id[] = {
4800 + {
4801 ++ PCI_DEVICE(PCI_VENDOR_ID_INTEL,
4802 ++ PCI_DEVICE_ID_INTEL_QUARK_X1000_UDC),
4803 ++ .class = (PCI_CLASS_SERIAL_USB << 8) | 0xfe,
4804 ++ .class_mask = 0xffffffff,
4805 ++ },
4806 ++ {
4807 + PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_EG20T_UDC),
4808 + .class = (PCI_CLASS_SERIAL_USB << 8) | 0xfe,
4809 + .class_mask = 0xffffffff,
4810 +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
4811 +index 0165b8672f09..a9a881ed8cbe 100644
4812 +--- a/fs/btrfs/file.c
4813 ++++ b/fs/btrfs/file.c
4814 +@@ -2510,23 +2510,28 @@ static int find_desired_extent(struct inode *inode, loff_t *offset, int whence)
4815 + struct btrfs_root *root = BTRFS_I(inode)->root;
4816 + struct extent_map *em = NULL;
4817 + struct extent_state *cached_state = NULL;
4818 +- u64 lockstart = *offset;
4819 +- u64 lockend = i_size_read(inode);
4820 +- u64 start = *offset;
4821 +- u64 len = i_size_read(inode);
4822 ++ u64 lockstart;
4823 ++ u64 lockend;
4824 ++ u64 start;
4825 ++ u64 len;
4826 + int ret = 0;
4827 +
4828 +- lockend = max_t(u64, root->sectorsize, lockend);
4829 ++ if (inode->i_size == 0)
4830 ++ return -ENXIO;
4831 ++
4832 ++ /*
4833 ++ * *offset can be negative, in this case we start finding DATA/HOLE from
4834 ++ * the very start of the file.
4835 ++ */
4836 ++ start = max_t(loff_t, 0, *offset);
4837 ++
4838 ++ lockstart = round_down(start, root->sectorsize);
4839 ++ lockend = round_up(i_size_read(inode), root->sectorsize);
4840 + if (lockend <= lockstart)
4841 + lockend = lockstart + root->sectorsize;
4842 +-
4843 + lockend--;
4844 + len = lockend - lockstart + 1;
4845 +
4846 +- len = max_t(u64, len, root->sectorsize);
4847 +- if (inode->i_size == 0)
4848 +- return -ENXIO;
4849 +-
4850 + lock_extent_bits(&BTRFS_I(inode)->io_tree, lockstart, lockend, 0,
4851 + &cached_state);
4852 +
4853 +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
4854 +index c69c76351f12..d68a7250f00b 100644
4855 +--- a/fs/btrfs/inode.c
4856 ++++ b/fs/btrfs/inode.c
4857 +@@ -3596,7 +3596,8 @@ noinline int btrfs_update_inode(struct btrfs_trans_handle *trans,
4858 + * without delay
4859 + */
4860 + if (!btrfs_is_free_space_inode(inode)
4861 +- && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID) {
4862 ++ && root->root_key.objectid != BTRFS_DATA_RELOC_TREE_OBJECTID
4863 ++ && !root->fs_info->log_root_recovering) {
4864 + btrfs_update_root_times(trans, root);
4865 +
4866 + ret = btrfs_delayed_update_inode(trans, root, inode);
4867 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
4868 +index a6d8efa46bfe..0b72006aecbe 100644
4869 +--- a/fs/btrfs/ioctl.c
4870 ++++ b/fs/btrfs/ioctl.c
4871 +@@ -302,6 +302,9 @@ static int btrfs_ioctl_setflags(struct file *file, void __user *arg)
4872 + goto out_drop;
4873 +
4874 + } else {
4875 ++ ret = btrfs_set_prop(inode, "btrfs.compression", NULL, 0, 0);
4876 ++ if (ret && ret != -ENODATA)
4877 ++ goto out_drop;
4878 + ip->flags &= ~(BTRFS_INODE_COMPRESS | BTRFS_INODE_NOCOMPRESS);
4879 + }
4880 +
4881 +@@ -4750,6 +4753,12 @@ long btrfs_ioctl(struct file *file, unsigned int
4882 + if (ret)
4883 + return ret;
4884 + ret = btrfs_sync_fs(file->f_dentry->d_sb, 1);
4885 ++ /*
4886 ++ * The transaction thread may want to do more work,
4887 ++ * namely it pokes the cleaner ktread that will start
4888 ++ * processing uncleaned subvols.
4889 ++ */
4890 ++ wake_up_process(root->fs_info->transaction_kthread);
4891 + return ret;
4892 + }
4893 + case BTRFS_IOC_START_SYNC:
4894 +diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
4895 +index 07b3b36f40ee..01f977e3ce09 100644
4896 +--- a/fs/btrfs/relocation.c
4897 ++++ b/fs/btrfs/relocation.c
4898 +@@ -736,7 +736,8 @@ again:
4899 + err = ret;
4900 + goto out;
4901 + }
4902 +- BUG_ON(!ret || !path1->slots[0]);
4903 ++ ASSERT(ret);
4904 ++ ASSERT(path1->slots[0]);
4905 +
4906 + path1->slots[0]--;
4907 +
4908 +@@ -746,10 +747,10 @@ again:
4909 + * the backref was added previously when processing
4910 + * backref of type BTRFS_TREE_BLOCK_REF_KEY
4911 + */
4912 +- BUG_ON(!list_is_singular(&cur->upper));
4913 ++ ASSERT(list_is_singular(&cur->upper));
4914 + edge = list_entry(cur->upper.next, struct backref_edge,
4915 + list[LOWER]);
4916 +- BUG_ON(!list_empty(&edge->list[UPPER]));
4917 ++ ASSERT(list_empty(&edge->list[UPPER]));
4918 + exist = edge->node[UPPER];
4919 + /*
4920 + * add the upper level block to pending list if we need
4921 +@@ -831,7 +832,7 @@ again:
4922 + cur->cowonly = 1;
4923 + }
4924 + #else
4925 +- BUG_ON(key.type == BTRFS_EXTENT_REF_V0_KEY);
4926 ++ ASSERT(key.type != BTRFS_EXTENT_REF_V0_KEY);
4927 + if (key.type == BTRFS_SHARED_BLOCK_REF_KEY) {
4928 + #endif
4929 + if (key.objectid == key.offset) {
4930 +@@ -840,7 +841,7 @@ again:
4931 + * backref of this type.
4932 + */
4933 + root = find_reloc_root(rc, cur->bytenr);
4934 +- BUG_ON(!root);
4935 ++ ASSERT(root);
4936 + cur->root = root;
4937 + break;
4938 + }
4939 +@@ -868,7 +869,7 @@ again:
4940 + } else {
4941 + upper = rb_entry(rb_node, struct backref_node,
4942 + rb_node);
4943 +- BUG_ON(!upper->checked);
4944 ++ ASSERT(upper->checked);
4945 + INIT_LIST_HEAD(&edge->list[UPPER]);
4946 + }
4947 + list_add_tail(&edge->list[LOWER], &cur->upper);
4948 +@@ -892,7 +893,7 @@ again:
4949 +
4950 + if (btrfs_root_level(&root->root_item) == cur->level) {
4951 + /* tree root */
4952 +- BUG_ON(btrfs_root_bytenr(&root->root_item) !=
4953 ++ ASSERT(btrfs_root_bytenr(&root->root_item) ==
4954 + cur->bytenr);
4955 + if (should_ignore_root(root))
4956 + list_add(&cur->list, &useless);
4957 +@@ -927,7 +928,7 @@ again:
4958 + need_check = true;
4959 + for (; level < BTRFS_MAX_LEVEL; level++) {
4960 + if (!path2->nodes[level]) {
4961 +- BUG_ON(btrfs_root_bytenr(&root->root_item) !=
4962 ++ ASSERT(btrfs_root_bytenr(&root->root_item) ==
4963 + lower->bytenr);
4964 + if (should_ignore_root(root))
4965 + list_add(&lower->list, &useless);
4966 +@@ -976,12 +977,15 @@ again:
4967 + need_check = false;
4968 + list_add_tail(&edge->list[UPPER],
4969 + &list);
4970 +- } else
4971 ++ } else {
4972 ++ if (upper->checked)
4973 ++ need_check = true;
4974 + INIT_LIST_HEAD(&edge->list[UPPER]);
4975 ++ }
4976 + } else {
4977 + upper = rb_entry(rb_node, struct backref_node,
4978 + rb_node);
4979 +- BUG_ON(!upper->checked);
4980 ++ ASSERT(upper->checked);
4981 + INIT_LIST_HEAD(&edge->list[UPPER]);
4982 + if (!upper->owner)
4983 + upper->owner = btrfs_header_owner(eb);
4984 +@@ -1025,7 +1029,7 @@ next:
4985 + * everything goes well, connect backref nodes and insert backref nodes
4986 + * into the cache.
4987 + */
4988 +- BUG_ON(!node->checked);
4989 ++ ASSERT(node->checked);
4990 + cowonly = node->cowonly;
4991 + if (!cowonly) {
4992 + rb_node = tree_insert(&cache->rb_root, node->bytenr,
4993 +@@ -1061,8 +1065,21 @@ next:
4994 + continue;
4995 + }
4996 +
4997 +- BUG_ON(!upper->checked);
4998 +- BUG_ON(cowonly != upper->cowonly);
4999 ++ if (!upper->checked) {
5000 ++ /*
5001 ++ * Still want to blow up for developers since this is a
5002 ++ * logic bug.
5003 ++ */
5004 ++ ASSERT(0);
5005 ++ err = -EINVAL;
5006 ++ goto out;
5007 ++ }
5008 ++ if (cowonly != upper->cowonly) {
5009 ++ ASSERT(0);
5010 ++ err = -EINVAL;
5011 ++ goto out;
5012 ++ }
5013 ++
5014 + if (!cowonly) {
5015 + rb_node = tree_insert(&cache->rb_root, upper->bytenr,
5016 + &upper->rb_node);
5017 +@@ -1085,7 +1102,7 @@ next:
5018 + while (!list_empty(&useless)) {
5019 + upper = list_entry(useless.next, struct backref_node, list);
5020 + list_del_init(&upper->list);
5021 +- BUG_ON(!list_empty(&upper->upper));
5022 ++ ASSERT(list_empty(&upper->upper));
5023 + if (upper == node)
5024 + node = NULL;
5025 + if (upper->lowest) {
5026 +@@ -1118,29 +1135,45 @@ out:
5027 + if (err) {
5028 + while (!list_empty(&useless)) {
5029 + lower = list_entry(useless.next,
5030 +- struct backref_node, upper);
5031 +- list_del_init(&lower->upper);
5032 ++ struct backref_node, list);
5033 ++ list_del_init(&lower->list);
5034 + }
5035 +- upper = node;
5036 +- INIT_LIST_HEAD(&list);
5037 +- while (upper) {
5038 +- if (RB_EMPTY_NODE(&upper->rb_node)) {
5039 +- list_splice_tail(&upper->upper, &list);
5040 +- free_backref_node(cache, upper);
5041 +- }
5042 +-
5043 +- if (list_empty(&list))
5044 +- break;
5045 +-
5046 +- edge = list_entry(list.next, struct backref_edge,
5047 +- list[LOWER]);
5048 ++ while (!list_empty(&list)) {
5049 ++ edge = list_first_entry(&list, struct backref_edge,
5050 ++ list[UPPER]);
5051 ++ list_del(&edge->list[UPPER]);
5052 + list_del(&edge->list[LOWER]);
5053 ++ lower = edge->node[LOWER];
5054 + upper = edge->node[UPPER];
5055 + free_backref_edge(cache, edge);
5056 ++
5057 ++ /*
5058 ++ * Lower is no longer linked to any upper backref nodes
5059 ++ * and isn't in the cache, we can free it ourselves.
5060 ++ */
5061 ++ if (list_empty(&lower->upper) &&
5062 ++ RB_EMPTY_NODE(&lower->rb_node))
5063 ++ list_add(&lower->list, &useless);
5064 ++
5065 ++ if (!RB_EMPTY_NODE(&upper->rb_node))
5066 ++ continue;
5067 ++
5068 ++ /* Add this guy's upper edges to the list to proces */
5069 ++ list_for_each_entry(edge, &upper->upper, list[LOWER])
5070 ++ list_add_tail(&edge->list[UPPER], &list);
5071 ++ if (list_empty(&upper->upper))
5072 ++ list_add(&upper->list, &useless);
5073 ++ }
5074 ++
5075 ++ while (!list_empty(&useless)) {
5076 ++ lower = list_entry(useless.next,
5077 ++ struct backref_node, list);
5078 ++ list_del_init(&lower->list);
5079 ++ free_backref_node(cache, lower);
5080 + }
5081 + return ERR_PTR(err);
5082 + }
5083 +- BUG_ON(node && node->detached);
5084 ++ ASSERT(!node || !node->detached);
5085 + return node;
5086 + }
5087 +
5088 +diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
5089 +index a65ed4cb436b..20d793542096 100644
5090 +--- a/fs/btrfs/send.c
5091 ++++ b/fs/btrfs/send.c
5092 +@@ -4728,7 +4728,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end)
5093 +
5094 + if (S_ISREG(sctx->cur_inode_mode)) {
5095 + if (need_send_hole(sctx)) {
5096 +- if (sctx->cur_inode_last_extent == (u64)-1) {
5097 ++ if (sctx->cur_inode_last_extent == (u64)-1 ||
5098 ++ sctx->cur_inode_last_extent <
5099 ++ sctx->cur_inode_size) {
5100 + ret = get_last_extent(sctx, (u64)-1);
5101 + if (ret)
5102 + goto out;
5103 +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
5104 +index b05bf58b9395..a0b65a01fed7 100644
5105 +--- a/fs/btrfs/transaction.c
5106 ++++ b/fs/btrfs/transaction.c
5107 +@@ -592,7 +592,6 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
5108 + if (transid <= root->fs_info->last_trans_committed)
5109 + goto out;
5110 +
5111 +- ret = -EINVAL;
5112 + /* find specified transaction */
5113 + spin_lock(&root->fs_info->trans_lock);
5114 + list_for_each_entry(t, &root->fs_info->trans_list, list) {
5115 +@@ -608,9 +607,16 @@ int btrfs_wait_for_commit(struct btrfs_root *root, u64 transid)
5116 + }
5117 + }
5118 + spin_unlock(&root->fs_info->trans_lock);
5119 +- /* The specified transaction doesn't exist */
5120 +- if (!cur_trans)
5121 ++
5122 ++ /*
5123 ++ * The specified transaction doesn't exist, or we
5124 ++ * raced with btrfs_commit_transaction
5125 ++ */
5126 ++ if (!cur_trans) {
5127 ++ if (transid > root->fs_info->last_trans_committed)
5128 ++ ret = -EINVAL;
5129 + goto out;
5130 ++ }
5131 + } else {
5132 + /* find newest transaction that is committing | committed */
5133 + spin_lock(&root->fs_info->trans_lock);
5134 +diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
5135 +index b167ca48b8ee..a85ceb7c91bc 100644
5136 +--- a/fs/ecryptfs/inode.c
5137 ++++ b/fs/ecryptfs/inode.c
5138 +@@ -1039,7 +1039,7 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
5139 + }
5140 +
5141 + rc = vfs_setxattr(lower_dentry, name, value, size, flags);
5142 +- if (!rc)
5143 ++ if (!rc && dentry->d_inode)
5144 + fsstack_copy_attr_all(dentry->d_inode, lower_dentry->d_inode);
5145 + out:
5146 + return rc;
5147 +diff --git a/fs/namespace.c b/fs/namespace.c
5148 +index 75536db4b69b..c7d4a0ae2c65 100644
5149 +--- a/fs/namespace.c
5150 ++++ b/fs/namespace.c
5151 +@@ -1365,6 +1365,8 @@ static int do_umount(struct mount *mnt, int flags)
5152 + * Special case for "unmounting" root ...
5153 + * we just try to remount it readonly.
5154 + */
5155 ++ if (!capable(CAP_SYS_ADMIN))
5156 ++ return -EPERM;
5157 + down_write(&sb->s_umount);
5158 + if (!(sb->s_flags & MS_RDONLY))
5159 + retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
5160 +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
5161 +index 2e9662ea5451..da657b7804a5 100644
5162 +--- a/fs/nfs/nfs4proc.c
5163 ++++ b/fs/nfs/nfs4proc.c
5164 +@@ -7242,7 +7242,7 @@ static int nfs41_proc_async_sequence(struct nfs_client *clp, struct rpc_cred *cr
5165 + int ret = 0;
5166 +
5167 + if ((renew_flags & NFS4_RENEW_TIMEOUT) == 0)
5168 +- return 0;
5169 ++ return -EAGAIN;
5170 + task = _nfs41_proc_sequence(clp, cred, false);
5171 + if (IS_ERR(task))
5172 + ret = PTR_ERR(task);
5173 +diff --git a/fs/nfs/nfs4renewd.c b/fs/nfs/nfs4renewd.c
5174 +index 1720d32ffa54..e1ba58c3d1ad 100644
5175 +--- a/fs/nfs/nfs4renewd.c
5176 ++++ b/fs/nfs/nfs4renewd.c
5177 +@@ -88,10 +88,18 @@ nfs4_renew_state(struct work_struct *work)
5178 + }
5179 + nfs_expire_all_delegations(clp);
5180 + } else {
5181 ++ int ret;
5182 ++
5183 + /* Queue an asynchronous RENEW. */
5184 +- ops->sched_state_renewal(clp, cred, renew_flags);
5185 ++ ret = ops->sched_state_renewal(clp, cred, renew_flags);
5186 + put_rpccred(cred);
5187 +- goto out_exp;
5188 ++ switch (ret) {
5189 ++ default:
5190 ++ goto out_exp;
5191 ++ case -EAGAIN:
5192 ++ case -ENOMEM:
5193 ++ break;
5194 ++ }
5195 + }
5196 + } else {
5197 + dprintk("%s: failed to call renewd. Reason: lease not expired \n",
5198 +diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
5199 +index 27f5f858502b..b4f177f1d405 100644
5200 +--- a/fs/nfs/nfs4state.c
5201 ++++ b/fs/nfs/nfs4state.c
5202 +@@ -1732,7 +1732,8 @@ restart:
5203 + if (status < 0) {
5204 + set_bit(ops->owner_flag_bit, &sp->so_flags);
5205 + nfs4_put_state_owner(sp);
5206 +- return nfs4_recovery_handle_error(clp, status);
5207 ++ status = nfs4_recovery_handle_error(clp, status);
5208 ++ return (status != 0) ? status : -EAGAIN;
5209 + }
5210 +
5211 + nfs4_put_state_owner(sp);
5212 +@@ -1741,7 +1742,7 @@ restart:
5213 + spin_unlock(&clp->cl_lock);
5214 + }
5215 + rcu_read_unlock();
5216 +- return status;
5217 ++ return 0;
5218 + }
5219 +
5220 + static int nfs4_check_lease(struct nfs_client *clp)
5221 +@@ -1788,7 +1789,6 @@ static int nfs4_handle_reclaim_lease_error(struct nfs_client *clp, int status)
5222 + break;
5223 + case -NFS4ERR_STALE_CLIENTID:
5224 + clear_bit(NFS4CLNT_LEASE_CONFIRM, &clp->cl_state);
5225 +- nfs4_state_clear_reclaim_reboot(clp);
5226 + nfs4_state_start_reclaim_reboot(clp);
5227 + break;
5228 + case -NFS4ERR_CLID_INUSE:
5229 +@@ -2370,6 +2370,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
5230 + status = nfs4_check_lease(clp);
5231 + if (status < 0)
5232 + goto out_error;
5233 ++ continue;
5234 + }
5235 +
5236 + if (test_and_clear_bit(NFS4CLNT_MOVED, &clp->cl_state)) {
5237 +@@ -2391,14 +2392,11 @@ static void nfs4_state_manager(struct nfs_client *clp)
5238 + section = "reclaim reboot";
5239 + status = nfs4_do_reclaim(clp,
5240 + clp->cl_mvops->reboot_recovery_ops);
5241 +- if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
5242 +- test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state))
5243 +- continue;
5244 +- nfs4_state_end_reclaim_reboot(clp);
5245 +- if (test_bit(NFS4CLNT_RECLAIM_NOGRACE, &clp->cl_state))
5246 ++ if (status == -EAGAIN)
5247 + continue;
5248 + if (status < 0)
5249 + goto out_error;
5250 ++ nfs4_state_end_reclaim_reboot(clp);
5251 + }
5252 +
5253 + /* Now recover expired state... */
5254 +@@ -2406,9 +2404,7 @@ static void nfs4_state_manager(struct nfs_client *clp)
5255 + section = "reclaim nograce";
5256 + status = nfs4_do_reclaim(clp,
5257 + clp->cl_mvops->nograce_recovery_ops);
5258 +- if (test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) ||
5259 +- test_bit(NFS4CLNT_SESSION_RESET, &clp->cl_state) ||
5260 +- test_bit(NFS4CLNT_RECLAIM_REBOOT, &clp->cl_state))
5261 ++ if (status == -EAGAIN)
5262 + continue;
5263 + if (status < 0)
5264 + goto out_error;
5265 +diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
5266 +index 287a22c04149..de6323eb0113 100644
5267 +--- a/fs/notify/fanotify/fanotify_user.c
5268 ++++ b/fs/notify/fanotify/fanotify_user.c
5269 +@@ -71,7 +71,7 @@ static int create_fd(struct fsnotify_group *group,
5270 +
5271 + pr_debug("%s: group=%p event=%p\n", __func__, group, event);
5272 +
5273 +- client_fd = get_unused_fd();
5274 ++ client_fd = get_unused_fd_flags(group->fanotify_data.f_flags);
5275 + if (client_fd < 0)
5276 + return client_fd;
5277 +
5278 +diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
5279 +index 5d2518b24cea..0461fbe405b7 100644
5280 +--- a/fs/xfs/xfs_aops.c
5281 ++++ b/fs/xfs/xfs_aops.c
5282 +@@ -434,10 +434,22 @@ xfs_start_page_writeback(
5283 + {
5284 + ASSERT(PageLocked(page));
5285 + ASSERT(!PageWriteback(page));
5286 +- if (clear_dirty)
5287 ++
5288 ++ /*
5289 ++ * if the page was not fully cleaned, we need to ensure that the higher
5290 ++ * layers come back to it correctly. That means we need to keep the page
5291 ++ * dirty, and for WB_SYNC_ALL writeback we need to ensure the
5292 ++ * PAGECACHE_TAG_TOWRITE index mark is not removed so another attempt to
5293 ++ * write this page in this writeback sweep will be made.
5294 ++ */
5295 ++ if (clear_dirty) {
5296 + clear_page_dirty_for_io(page);
5297 +- set_page_writeback(page);
5298 ++ set_page_writeback(page);
5299 ++ } else
5300 ++ set_page_writeback_keepwrite(page);
5301 ++
5302 + unlock_page(page);
5303 ++
5304 + /* If no buffers on the page are to be written, finish it here */
5305 + if (!buffers)
5306 + end_page_writeback(page);
5307 +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h
5308 +new file mode 100644
5309 +index 000000000000..cdd1cc202d51
5310 +--- /dev/null
5311 ++++ b/include/linux/compiler-gcc5.h
5312 +@@ -0,0 +1,66 @@
5313 ++#ifndef __LINUX_COMPILER_H
5314 ++#error "Please don't include <linux/compiler-gcc5.h> directly, include <linux/compiler.h> instead."
5315 ++#endif
5316 ++
5317 ++#define __used __attribute__((__used__))
5318 ++#define __must_check __attribute__((warn_unused_result))
5319 ++#define __compiler_offsetof(a, b) __builtin_offsetof(a, b)
5320 ++
5321 ++/* Mark functions as cold. gcc will assume any path leading to a call
5322 ++ to them will be unlikely. This means a lot of manual unlikely()s
5323 ++ are unnecessary now for any paths leading to the usual suspects
5324 ++ like BUG(), printk(), panic() etc. [but let's keep them for now for
5325 ++ older compilers]
5326 ++
5327 ++ Early snapshots of gcc 4.3 don't support this and we can't detect this
5328 ++ in the preprocessor, but we can live with this because they're unreleased.
5329 ++ Maketime probing would be overkill here.
5330 ++
5331 ++ gcc also has a __attribute__((__hot__)) to move hot functions into
5332 ++ a special section, but I don't see any sense in this right now in
5333 ++ the kernel context */
5334 ++#define __cold __attribute__((__cold__))
5335 ++
5336 ++#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
5337 ++
5338 ++#ifndef __CHECKER__
5339 ++# define __compiletime_warning(message) __attribute__((warning(message)))
5340 ++# define __compiletime_error(message) __attribute__((error(message)))
5341 ++#endif /* __CHECKER__ */
5342 ++
5343 ++/*
5344 ++ * Mark a position in code as unreachable. This can be used to
5345 ++ * suppress control flow warnings after asm blocks that transfer
5346 ++ * control elsewhere.
5347 ++ *
5348 ++ * Early snapshots of gcc 4.5 don't support this and we can't detect
5349 ++ * this in the preprocessor, but we can live with this because they're
5350 ++ * unreleased. Really, we need to have autoconf for the kernel.
5351 ++ */
5352 ++#define unreachable() __builtin_unreachable()
5353 ++
5354 ++/* Mark a function definition as prohibited from being cloned. */
5355 ++#define __noclone __attribute__((__noclone__))
5356 ++
5357 ++/*
5358 ++ * Tell the optimizer that something else uses this function or variable.
5359 ++ */
5360 ++#define __visible __attribute__((externally_visible))
5361 ++
5362 ++/*
5363 ++ * GCC 'asm goto' miscompiles certain code sequences:
5364 ++ *
5365 ++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
5366 ++ *
5367 ++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
5368 ++ * Fixed in GCC 4.8.2 and later versions.
5369 ++ *
5370 ++ * (asm goto is automatically volatile - the naming reflects this.)
5371 ++ */
5372 ++#define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
5373 ++
5374 ++#ifdef CONFIG_ARCH_USE_BUILTIN_BSWAP
5375 ++#define __HAVE_BUILTIN_BSWAP32__
5376 ++#define __HAVE_BUILTIN_BSWAP64__
5377 ++#define __HAVE_BUILTIN_BSWAP16__
5378 ++#endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP */
5379 +diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
5380 +index 97fbecdd7a40..057c1d8c77e5 100644
5381 +--- a/include/linux/pci_ids.h
5382 ++++ b/include/linux/pci_ids.h
5383 +@@ -2551,6 +2551,7 @@
5384 + #define PCI_DEVICE_ID_INTEL_MFD_EMMC0 0x0823
5385 + #define PCI_DEVICE_ID_INTEL_MFD_EMMC1 0x0824
5386 + #define PCI_DEVICE_ID_INTEL_MRST_SD2 0x084F
5387 ++#define PCI_DEVICE_ID_INTEL_QUARK_X1000_ILB 0x095E
5388 + #define PCI_DEVICE_ID_INTEL_I960 0x0960
5389 + #define PCI_DEVICE_ID_INTEL_I960RM 0x0962
5390 + #define PCI_DEVICE_ID_INTEL_CENTERTON_ILB 0x0c60
5391 +diff --git a/include/linux/sched.h b/include/linux/sched.h
5392 +index d7ca410ace93..218b058060f1 100644
5393 +--- a/include/linux/sched.h
5394 ++++ b/include/linux/sched.h
5395 +@@ -1876,11 +1876,13 @@ extern void thread_group_cputime_adjusted(struct task_struct *p, cputime_t *ut,
5396 + #define tsk_used_math(p) ((p)->flags & PF_USED_MATH)
5397 + #define used_math() tsk_used_math(current)
5398 +
5399 +-/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags */
5400 ++/* __GFP_IO isn't allowed if PF_MEMALLOC_NOIO is set in current->flags
5401 ++ * __GFP_FS is also cleared as it implies __GFP_IO.
5402 ++ */
5403 + static inline gfp_t memalloc_noio_flags(gfp_t flags)
5404 + {
5405 + if (unlikely(current->flags & PF_MEMALLOC_NOIO))
5406 +- flags &= ~__GFP_IO;
5407 ++ flags &= ~(__GFP_IO | __GFP_FS);
5408 + return flags;
5409 + }
5410 +
5411 +diff --git a/kernel/futex.c b/kernel/futex.c
5412 +index 0b0dc02aabce..fda2950f2ce4 100644
5413 +--- a/kernel/futex.c
5414 ++++ b/kernel/futex.c
5415 +@@ -329,6 +329,8 @@ static void get_futex_key_refs(union futex_key *key)
5416 + case FUT_OFF_MMSHARED:
5417 + futex_get_mm(key); /* implies MB (B) */
5418 + break;
5419 ++ default:
5420 ++ smp_mb(); /* explicit MB (B) */
5421 + }
5422 + }
5423 +
5424 +diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
5425 +index 8563081e8da3..a1c387f6afba 100644
5426 +--- a/lib/lzo/lzo1x_decompress_safe.c
5427 ++++ b/lib/lzo/lzo1x_decompress_safe.c
5428 +@@ -19,31 +19,21 @@
5429 + #include <linux/lzo.h>
5430 + #include "lzodefs.h"
5431 +
5432 +-#define HAVE_IP(t, x) \
5433 +- (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
5434 +- (((t + x) >= t) && ((t + x) >= x)))
5435 ++#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
5436 ++#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
5437 ++#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
5438 ++#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
5439 ++#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
5440 +
5441 +-#define HAVE_OP(t, x) \
5442 +- (((size_t)(op_end - op) >= (size_t)(t + x)) && \
5443 +- (((t + x) >= t) && ((t + x) >= x)))
5444 +-
5445 +-#define NEED_IP(t, x) \
5446 +- do { \
5447 +- if (!HAVE_IP(t, x)) \
5448 +- goto input_overrun; \
5449 +- } while (0)
5450 +-
5451 +-#define NEED_OP(t, x) \
5452 +- do { \
5453 +- if (!HAVE_OP(t, x)) \
5454 +- goto output_overrun; \
5455 +- } while (0)
5456 +-
5457 +-#define TEST_LB(m_pos) \
5458 +- do { \
5459 +- if ((m_pos) < out) \
5460 +- goto lookbehind_overrun; \
5461 +- } while (0)
5462 ++/* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
5463 ++ * count without overflowing an integer. The multiply will overflow when
5464 ++ * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
5465 ++ * depending on the base count. Since the base count is taken from a u8
5466 ++ * and a few bits, it is safe to assume that it will always be lower than
5467 ++ * or equal to 2*255, thus we can always prevent any overflow by accepting
5468 ++ * two less 255 steps. See Documentation/lzo.txt for more information.
5469 ++ */
5470 ++#define MAX_255_COUNT ((((size_t)~0) / 255) - 2)
5471 +
5472 + int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
5473 + unsigned char *out, size_t *out_len)
5474 +@@ -75,17 +65,24 @@ int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
5475 + if (t < 16) {
5476 + if (likely(state == 0)) {
5477 + if (unlikely(t == 0)) {
5478 ++ size_t offset;
5479 ++ const unsigned char *ip_last = ip;
5480 ++
5481 + while (unlikely(*ip == 0)) {
5482 +- t += 255;
5483 + ip++;
5484 +- NEED_IP(1, 0);
5485 ++ NEED_IP(1);
5486 + }
5487 +- t += 15 + *ip++;
5488 ++ offset = ip - ip_last;
5489 ++ if (unlikely(offset > MAX_255_COUNT))
5490 ++ return LZO_E_ERROR;
5491 ++
5492 ++ offset = (offset << 8) - offset;
5493 ++ t += offset + 15 + *ip++;
5494 + }
5495 + t += 3;
5496 + copy_literal_run:
5497 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
5498 +- if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
5499 ++ if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
5500 + const unsigned char *ie = ip + t;
5501 + unsigned char *oe = op + t;
5502 + do {
5503 +@@ -101,8 +98,8 @@ copy_literal_run:
5504 + } else
5505 + #endif
5506 + {
5507 +- NEED_OP(t, 0);
5508 +- NEED_IP(t, 3);
5509 ++ NEED_OP(t);
5510 ++ NEED_IP(t + 3);
5511 + do {
5512 + *op++ = *ip++;
5513 + } while (--t > 0);
5514 +@@ -115,7 +112,7 @@ copy_literal_run:
5515 + m_pos -= t >> 2;
5516 + m_pos -= *ip++ << 2;
5517 + TEST_LB(m_pos);
5518 +- NEED_OP(2, 0);
5519 ++ NEED_OP(2);
5520 + op[0] = m_pos[0];
5521 + op[1] = m_pos[1];
5522 + op += 2;
5523 +@@ -136,13 +133,20 @@ copy_literal_run:
5524 + } else if (t >= 32) {
5525 + t = (t & 31) + (3 - 1);
5526 + if (unlikely(t == 2)) {
5527 ++ size_t offset;
5528 ++ const unsigned char *ip_last = ip;
5529 ++
5530 + while (unlikely(*ip == 0)) {
5531 +- t += 255;
5532 + ip++;
5533 +- NEED_IP(1, 0);
5534 ++ NEED_IP(1);
5535 + }
5536 +- t += 31 + *ip++;
5537 +- NEED_IP(2, 0);
5538 ++ offset = ip - ip_last;
5539 ++ if (unlikely(offset > MAX_255_COUNT))
5540 ++ return LZO_E_ERROR;
5541 ++
5542 ++ offset = (offset << 8) - offset;
5543 ++ t += offset + 31 + *ip++;
5544 ++ NEED_IP(2);
5545 + }
5546 + m_pos = op - 1;
5547 + next = get_unaligned_le16(ip);
5548 +@@ -154,13 +158,20 @@ copy_literal_run:
5549 + m_pos -= (t & 8) << 11;
5550 + t = (t & 7) + (3 - 1);
5551 + if (unlikely(t == 2)) {
5552 ++ size_t offset;
5553 ++ const unsigned char *ip_last = ip;
5554 ++
5555 + while (unlikely(*ip == 0)) {
5556 +- t += 255;
5557 + ip++;
5558 +- NEED_IP(1, 0);
5559 ++ NEED_IP(1);
5560 + }
5561 +- t += 7 + *ip++;
5562 +- NEED_IP(2, 0);
5563 ++ offset = ip - ip_last;
5564 ++ if (unlikely(offset > MAX_255_COUNT))
5565 ++ return LZO_E_ERROR;
5566 ++
5567 ++ offset = (offset << 8) - offset;
5568 ++ t += offset + 7 + *ip++;
5569 ++ NEED_IP(2);
5570 + }
5571 + next = get_unaligned_le16(ip);
5572 + ip += 2;
5573 +@@ -174,7 +185,7 @@ copy_literal_run:
5574 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
5575 + if (op - m_pos >= 8) {
5576 + unsigned char *oe = op + t;
5577 +- if (likely(HAVE_OP(t, 15))) {
5578 ++ if (likely(HAVE_OP(t + 15))) {
5579 + do {
5580 + COPY8(op, m_pos);
5581 + op += 8;
5582 +@@ -184,7 +195,7 @@ copy_literal_run:
5583 + m_pos += 8;
5584 + } while (op < oe);
5585 + op = oe;
5586 +- if (HAVE_IP(6, 0)) {
5587 ++ if (HAVE_IP(6)) {
5588 + state = next;
5589 + COPY4(op, ip);
5590 + op += next;
5591 +@@ -192,7 +203,7 @@ copy_literal_run:
5592 + continue;
5593 + }
5594 + } else {
5595 +- NEED_OP(t, 0);
5596 ++ NEED_OP(t);
5597 + do {
5598 + *op++ = *m_pos++;
5599 + } while (op < oe);
5600 +@@ -201,7 +212,7 @@ copy_literal_run:
5601 + #endif
5602 + {
5603 + unsigned char *oe = op + t;
5604 +- NEED_OP(t, 0);
5605 ++ NEED_OP(t);
5606 + op[0] = m_pos[0];
5607 + op[1] = m_pos[1];
5608 + op += 2;
5609 +@@ -214,15 +225,15 @@ match_next:
5610 + state = next;
5611 + t = next;
5612 + #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
5613 +- if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
5614 ++ if (likely(HAVE_IP(6) && HAVE_OP(4))) {
5615 + COPY4(op, ip);
5616 + op += t;
5617 + ip += t;
5618 + } else
5619 + #endif
5620 + {
5621 +- NEED_IP(t, 3);
5622 +- NEED_OP(t, 0);
5623 ++ NEED_IP(t + 3);
5624 ++ NEED_OP(t);
5625 + while (t > 0) {
5626 + *op++ = *ip++;
5627 + t--;
5628 +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
5629 +index 6afa3b45f25a..0007c9e9853a 100644
5630 +--- a/net/bluetooth/l2cap_core.c
5631 ++++ b/net/bluetooth/l2cap_core.c
5632 +@@ -2608,12 +2608,8 @@ static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
5633 +
5634 + BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
5635 +
5636 +- pdu_len = chan->conn->mtu - L2CAP_HDR_SIZE;
5637 +-
5638 +- pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
5639 +-
5640 + sdu_len = len;
5641 +- pdu_len -= L2CAP_SDULEN_SIZE;
5642 ++ pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
5643 +
5644 + while (len > 0) {
5645 + if (len <= pdu_len)
5646 +diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
5647 +index 734e9468aca0..6df1b2527d02 100644
5648 +--- a/security/integrity/ima/ima_appraise.c
5649 ++++ b/security/integrity/ima/ima_appraise.c
5650 +@@ -194,8 +194,11 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
5651 + goto out;
5652 +
5653 + cause = "missing-hash";
5654 +- status =
5655 +- (inode->i_size == 0) ? INTEGRITY_PASS : INTEGRITY_NOLABEL;
5656 ++ status = INTEGRITY_NOLABEL;
5657 ++ if (inode->i_size == 0) {
5658 ++ iint->flags |= IMA_NEW_FILE;
5659 ++ status = INTEGRITY_PASS;
5660 ++ }
5661 + goto out;
5662 + }
5663 +
5664 +diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
5665 +index 76d8aad146a8..9f70efd08058 100644
5666 +--- a/security/integrity/ima/ima_main.c
5667 ++++ b/security/integrity/ima/ima_main.c
5668 +@@ -131,11 +131,13 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint,
5669 + return;
5670 +
5671 + mutex_lock(&inode->i_mutex);
5672 +- if (atomic_read(&inode->i_writecount) == 1 &&
5673 +- iint->version != inode->i_version) {
5674 +- iint->flags &= ~IMA_DONE_MASK;
5675 +- if (iint->flags & IMA_APPRAISE)
5676 +- ima_update_xattr(iint, file);
5677 ++ if (atomic_read(&inode->i_writecount) == 1) {
5678 ++ if ((iint->version != inode->i_version) ||
5679 ++ (iint->flags & IMA_NEW_FILE)) {
5680 ++ iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE);
5681 ++ if (iint->flags & IMA_APPRAISE)
5682 ++ ima_update_xattr(iint, file);
5683 ++ }
5684 + }
5685 + mutex_unlock(&inode->i_mutex);
5686 + }
5687 +diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
5688 +index 33c0a70f6b15..2f8715d77a5a 100644
5689 +--- a/security/integrity/integrity.h
5690 ++++ b/security/integrity/integrity.h
5691 +@@ -31,6 +31,7 @@
5692 + #define IMA_DIGSIG 0x01000000
5693 + #define IMA_DIGSIG_REQUIRED 0x02000000
5694 + #define IMA_PERMIT_DIRECTIO 0x04000000
5695 ++#define IMA_NEW_FILE 0x08000000
5696 +
5697 + #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
5698 + IMA_APPRAISE_SUBMASK)
5699 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
5700 +index 01a5e05ede95..566b0f69d628 100644
5701 +--- a/sound/core/pcm_native.c
5702 ++++ b/sound/core/pcm_native.c
5703 +@@ -3189,7 +3189,7 @@ static const struct vm_operations_struct snd_pcm_vm_ops_data_fault = {
5704 +
5705 + #ifndef ARCH_HAS_DMA_MMAP_COHERENT
5706 + /* This should be defined / handled globally! */
5707 +-#ifdef CONFIG_ARM
5708 ++#if defined(CONFIG_ARM) || defined(CONFIG_ARM64)
5709 + #define ARCH_HAS_DMA_MMAP_COHERENT
5710 + #endif
5711 + #endif
5712 +diff --git a/sound/pci/emu10k1/emu10k1_callback.c b/sound/pci/emu10k1/emu10k1_callback.c
5713 +index cae36597aa71..0a34b5f1c475 100644
5714 +--- a/sound/pci/emu10k1/emu10k1_callback.c
5715 ++++ b/sound/pci/emu10k1/emu10k1_callback.c
5716 +@@ -85,6 +85,8 @@ snd_emu10k1_ops_setup(struct snd_emux *emux)
5717 + * get more voice for pcm
5718 + *
5719 + * terminate most inactive voice and give it as a pcm voice.
5720 ++ *
5721 ++ * voice_lock is already held.
5722 + */
5723 + int
5724 + snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
5725 +@@ -92,12 +94,10 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
5726 + struct snd_emux *emu;
5727 + struct snd_emux_voice *vp;
5728 + struct best_voice best[V_END];
5729 +- unsigned long flags;
5730 + int i;
5731 +
5732 + emu = hw->synth;
5733 +
5734 +- spin_lock_irqsave(&emu->voice_lock, flags);
5735 + lookup_voices(emu, hw, best, 1); /* no OFF voices */
5736 + for (i = 0; i < V_END; i++) {
5737 + if (best[i].voice >= 0) {
5738 +@@ -113,11 +113,9 @@ snd_emu10k1_synth_get_voice(struct snd_emu10k1 *hw)
5739 + vp->emu->num_voices--;
5740 + vp->ch = -1;
5741 + vp->state = SNDRV_EMUX_ST_OFF;
5742 +- spin_unlock_irqrestore(&emu->voice_lock, flags);
5743 + return ch;
5744 + }
5745 + }
5746 +- spin_unlock_irqrestore(&emu->voice_lock, flags);
5747 +
5748 + /* not found */
5749 + return -ENOMEM;
5750 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
5751 +index d135c906caff..8253b48a435b 100644
5752 +--- a/sound/pci/hda/patch_hdmi.c
5753 ++++ b/sound/pci/hda/patch_hdmi.c
5754 +@@ -1557,19 +1557,22 @@ static bool hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll)
5755 + }
5756 + }
5757 +
5758 +- if (pin_eld->eld_valid && !eld->eld_valid) {
5759 +- update_eld = true;
5760 ++ if (pin_eld->eld_valid != eld->eld_valid)
5761 + eld_changed = true;
5762 +- }
5763 ++
5764 ++ if (pin_eld->eld_valid && !eld->eld_valid)
5765 ++ update_eld = true;
5766 ++
5767 + if (update_eld) {
5768 + bool old_eld_valid = pin_eld->eld_valid;
5769 + pin_eld->eld_valid = eld->eld_valid;
5770 +- eld_changed = pin_eld->eld_size != eld->eld_size ||
5771 ++ if (pin_eld->eld_size != eld->eld_size ||
5772 + memcmp(pin_eld->eld_buffer, eld->eld_buffer,
5773 +- eld->eld_size) != 0;
5774 +- if (eld_changed)
5775 ++ eld->eld_size) != 0) {
5776 + memcpy(pin_eld->eld_buffer, eld->eld_buffer,
5777 + eld->eld_size);
5778 ++ eld_changed = true;
5779 ++ }
5780 + pin_eld->eld_size = eld->eld_size;
5781 + pin_eld->info = eld->info;
5782 +
5783 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
5784 +index 5d0058bd6259..4c826a40705c 100644
5785 +--- a/sound/pci/hda/patch_realtek.c
5786 ++++ b/sound/pci/hda/patch_realtek.c
5787 +@@ -2926,6 +2926,9 @@ static void alc283_shutup(struct hda_codec *codec)
5788 +
5789 + alc_write_coef_idx(codec, 0x43, 0x9004);
5790 +
5791 ++ /*depop hp during suspend*/
5792 ++ alc_write_coef_idx(codec, 0x06, 0x2100);
5793 ++
5794 + snd_hda_codec_write(codec, hp_pin, 0,
5795 + AC_VERB_SET_AMP_GAIN_MUTE, AMP_OUT_MUTE);
5796 +
5797 +diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
5798 +index 223c47b33ba3..c657752a420c 100644
5799 +--- a/sound/usb/quirks-table.h
5800 ++++ b/sound/usb/quirks-table.h
5801 +@@ -385,6 +385,36 @@ YAMAHA_DEVICE(0x105d, NULL),
5802 + }
5803 + },
5804 + {
5805 ++ USB_DEVICE(0x0499, 0x1509),
5806 ++ .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
5807 ++ /* .vendor_name = "Yamaha", */
5808 ++ /* .product_name = "Steinberg UR22", */
5809 ++ .ifnum = QUIRK_ANY_INTERFACE,
5810 ++ .type = QUIRK_COMPOSITE,
5811 ++ .data = (const struct snd_usb_audio_quirk[]) {
5812 ++ {
5813 ++ .ifnum = 1,
5814 ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE
5815 ++ },
5816 ++ {
5817 ++ .ifnum = 2,
5818 ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE
5819 ++ },
5820 ++ {
5821 ++ .ifnum = 3,
5822 ++ .type = QUIRK_MIDI_YAMAHA
5823 ++ },
5824 ++ {
5825 ++ .ifnum = 4,
5826 ++ .type = QUIRK_IGNORE_INTERFACE
5827 ++ },
5828 ++ {
5829 ++ .ifnum = -1
5830 ++ }
5831 ++ }
5832 ++ }
5833 ++},
5834 ++{
5835 + USB_DEVICE(0x0499, 0x150a),
5836 + .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) {
5837 + /* .vendor_name = "Yamaha", */
5838 +diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
5839 +index 03a0381b1cb7..66112533b1e9 100644
5840 +--- a/virt/kvm/kvm_main.c
5841 ++++ b/virt/kvm/kvm_main.c
5842 +@@ -52,6 +52,7 @@
5843 +
5844 + #include <asm/processor.h>
5845 + #include <asm/io.h>
5846 ++#include <asm/ioctl.h>
5847 + #include <asm/uaccess.h>
5848 + #include <asm/pgtable.h>
5849 +
5850 +@@ -95,8 +96,6 @@ static int hardware_enable_all(void);
5851 + static void hardware_disable_all(void);
5852 +
5853 + static void kvm_io_bus_destroy(struct kvm_io_bus *bus);
5854 +-static void update_memslots(struct kvm_memslots *slots,
5855 +- struct kvm_memory_slot *new, u64 last_generation);
5856 +
5857 + static void kvm_release_pfn_dirty(pfn_t pfn);
5858 + static void mark_page_dirty_in_slot(struct kvm *kvm,
5859 +@@ -682,8 +681,7 @@ static void sort_memslots(struct kvm_memslots *slots)
5860 + }
5861 +
5862 + static void update_memslots(struct kvm_memslots *slots,
5863 +- struct kvm_memory_slot *new,
5864 +- u64 last_generation)
5865 ++ struct kvm_memory_slot *new)
5866 + {
5867 + if (new) {
5868 + int id = new->id;
5869 +@@ -694,8 +692,6 @@ static void update_memslots(struct kvm_memslots *slots,
5870 + if (new->npages != npages)
5871 + sort_memslots(slots);
5872 + }
5873 +-
5874 +- slots->generation = last_generation + 1;
5875 + }
5876 +
5877 + static int check_memory_region_flags(struct kvm_userspace_memory_region *mem)
5878 +@@ -717,10 +713,24 @@ static struct kvm_memslots *install_new_memslots(struct kvm *kvm,
5879 + {
5880 + struct kvm_memslots *old_memslots = kvm->memslots;
5881 +
5882 +- update_memslots(slots, new, kvm->memslots->generation);
5883 ++ /*
5884 ++ * Set the low bit in the generation, which disables SPTE caching
5885 ++ * until the end of synchronize_srcu_expedited.
5886 ++ */
5887 ++ WARN_ON(old_memslots->generation & 1);
5888 ++ slots->generation = old_memslots->generation + 1;
5889 ++
5890 ++ update_memslots(slots, new);
5891 + rcu_assign_pointer(kvm->memslots, slots);
5892 + synchronize_srcu_expedited(&kvm->srcu);
5893 +
5894 ++ /*
5895 ++ * Increment the new memslot generation a second time. This prevents
5896 ++ * vm exits that race with memslot updates from caching a memslot
5897 ++ * generation that will (potentially) be valid forever.
5898 ++ */
5899 ++ slots->generation++;
5900 ++
5901 + kvm_arch_memslots_updated(kvm);
5902 +
5903 + return old_memslots;
5904 +@@ -1970,6 +1980,9 @@ static long kvm_vcpu_ioctl(struct file *filp,
5905 + if (vcpu->kvm->mm != current->mm)
5906 + return -EIO;
5907 +
5908 ++ if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
5909 ++ return -EINVAL;
5910 ++
5911 + #if defined(CONFIG_S390) || defined(CONFIG_PPC) || defined(CONFIG_MIPS)
5912 + /*
5913 + * Special cases: vcpu ioctls that are asynchronous to vcpu execution,
Report Message
Find on MARC Find on Google Groups