Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Alice Ferrazzi <alicef@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.4 commit in: /
Date: Wed, 10 Feb 2021 10:17:58
Message-Id: 1612952261.346dc70cb8b10bf114f95ed45924706a3f159ffe.alicef@gentoo
1 commit: 346dc70cb8b10bf114f95ed45924706a3f159ffe
2 Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
3 AuthorDate: Wed Feb 10 10:17:29 2021 +0000
4 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
5 CommitDate: Wed Feb 10 10:17:41 2021 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=346dc70c
7
8 Linux patch 4.4.257
9
10 Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org>
11
12 0000_README | 4 +
13 1256_linux-4.4.257.patch | 1682 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1686 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index e5f13f4..269cc08 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -1067,6 +1067,10 @@ Patch: 1255_linux-4.4.256.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.4.256
23
24 +Patch: 1256_linux-4.4.257.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.4.257
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1256_linux-4.4.257.patch b/1256_linux-4.4.257.patch
33 new file mode 100644
34 index 0000000..e42f5ea
35 --- /dev/null
36 +++ b/1256_linux-4.4.257.patch
37 @@ -0,0 +1,1682 @@
38 +diff --git a/Makefile b/Makefile
39 +index 0057587d2cbe2..8de8f9ac32795 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 4
45 +-SUBLEVEL = 256
46 ++SUBLEVEL = 257
47 + EXTRAVERSION =
48 + NAME = Blurry Fish Butt
49 +
50 +@@ -830,12 +830,6 @@ KBUILD_CFLAGS += $(call cc-option,-Werror=strict-prototypes)
51 + # Prohibit date/time macros, which would make the build non-deterministic
52 + KBUILD_CFLAGS += $(call cc-option,-Werror=date-time)
53 +
54 +-# ensure -fcf-protection is disabled when using retpoline as it is
55 +-# incompatible with -mindirect-branch=thunk-extern
56 +-ifdef CONFIG_RETPOLINE
57 +-KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
58 +-endif
59 +-
60 + # use the deterministic mode of AR if available
61 + KBUILD_ARFLAGS := $(call ar-option,D)
62 +
63 +@@ -1068,7 +1062,7 @@ endef
64 +
65 + define filechk_version.h
66 + (echo \#define LINUX_VERSION_CODE $(shell \
67 +- expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 0$(SUBLEVEL)); \
68 ++ expr $(VERSION) \* 65536 + 0$(PATCHLEVEL) \* 256 + 255); \
69 + echo '#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))';)
70 + endef
71 +
72 +diff --git a/arch/arm/mach-footbridge/dc21285.c b/arch/arm/mach-footbridge/dc21285.c
73 +index 96a3d73ef4bf4..fd6c9169fa78e 100644
74 +--- a/arch/arm/mach-footbridge/dc21285.c
75 ++++ b/arch/arm/mach-footbridge/dc21285.c
76 +@@ -69,15 +69,15 @@ dc21285_read_config(struct pci_bus *bus, unsigned int devfn, int where,
77 + if (addr)
78 + switch (size) {
79 + case 1:
80 +- asm("ldrb %0, [%1, %2]"
81 ++ asm volatile("ldrb %0, [%1, %2]"
82 + : "=r" (v) : "r" (addr), "r" (where) : "cc");
83 + break;
84 + case 2:
85 +- asm("ldrh %0, [%1, %2]"
86 ++ asm volatile("ldrh %0, [%1, %2]"
87 + : "=r" (v) : "r" (addr), "r" (where) : "cc");
88 + break;
89 + case 4:
90 +- asm("ldr %0, [%1, %2]"
91 ++ asm volatile("ldr %0, [%1, %2]"
92 + : "=r" (v) : "r" (addr), "r" (where) : "cc");
93 + break;
94 + }
95 +@@ -103,17 +103,17 @@ dc21285_write_config(struct pci_bus *bus, unsigned int devfn, int where,
96 + if (addr)
97 + switch (size) {
98 + case 1:
99 +- asm("strb %0, [%1, %2]"
100 ++ asm volatile("strb %0, [%1, %2]"
101 + : : "r" (value), "r" (addr), "r" (where)
102 + : "cc");
103 + break;
104 + case 2:
105 +- asm("strh %0, [%1, %2]"
106 ++ asm volatile("strh %0, [%1, %2]"
107 + : : "r" (value), "r" (addr), "r" (where)
108 + : "cc");
109 + break;
110 + case 4:
111 +- asm("str %0, [%1, %2]"
112 ++ asm volatile("str %0, [%1, %2]"
113 + : : "r" (value), "r" (addr), "r" (where)
114 + : "cc");
115 + break;
116 +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
117 +index 9d8bc19edc48e..9f1376788820e 100644
118 +--- a/arch/mips/Kconfig
119 ++++ b/arch/mips/Kconfig
120 +@@ -2990,6 +2990,7 @@ config MIPS32_N32
121 + config BINFMT_ELF32
122 + bool
123 + default y if MIPS32_O32 || MIPS32_N32
124 ++ select ELFCORE
125 +
126 + endmenu
127 +
128 +diff --git a/arch/x86/Makefile b/arch/x86/Makefile
129 +index 8b4d022ce0cbc..e59dc138b24ea 100644
130 +--- a/arch/x86/Makefile
131 ++++ b/arch/x86/Makefile
132 +@@ -137,6 +137,9 @@ else
133 + KBUILD_CFLAGS += -mno-red-zone
134 + KBUILD_CFLAGS += -mcmodel=kernel
135 +
136 ++ # Intel CET isn't enabled in the kernel
137 ++ KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
138 ++
139 + # -funit-at-a-time shrinks the kernel .text considerably
140 + # unfortunately it makes reading oopses harder.
141 + KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)
142 +diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
143 +index 3328a37ddc75c..34f11bc42d9b7 100644
144 +--- a/arch/x86/include/asm/apic.h
145 ++++ b/arch/x86/include/asm/apic.h
146 +@@ -168,16 +168,6 @@ static inline void disable_local_APIC(void) { }
147 + #endif /* !CONFIG_X86_LOCAL_APIC */
148 +
149 + #ifdef CONFIG_X86_X2APIC
150 +-/*
151 +- * Make previous memory operations globally visible before
152 +- * sending the IPI through x2apic wrmsr. We need a serializing instruction or
153 +- * mfence for this.
154 +- */
155 +-static inline void x2apic_wrmsr_fence(void)
156 +-{
157 +- asm volatile("mfence" : : : "memory");
158 +-}
159 +-
160 + static inline void native_apic_msr_write(u32 reg, u32 v)
161 + {
162 + if (reg == APIC_DFR || reg == APIC_ID || reg == APIC_LDR ||
163 +diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h
164 +index b2a5bef742822..134d7ffc662e8 100644
165 +--- a/arch/x86/include/asm/barrier.h
166 ++++ b/arch/x86/include/asm/barrier.h
167 +@@ -119,4 +119,22 @@ do { \
168 + #define smp_mb__before_atomic() do { } while (0)
169 + #define smp_mb__after_atomic() do { } while (0)
170 +
171 ++/*
172 ++ * Make previous memory operations globally visible before
173 ++ * a WRMSR.
174 ++ *
175 ++ * MFENCE makes writes visible, but only affects load/store
176 ++ * instructions. WRMSR is unfortunately not a load/store
177 ++ * instruction and is unaffected by MFENCE. The LFENCE ensures
178 ++ * that the WRMSR is not reordered.
179 ++ *
180 ++ * Most WRMSRs are full serializing instructions themselves and
181 ++ * do not require this barrier. This is only required for the
182 ++ * IA32_TSC_DEADLINE and X2APIC MSRs.
183 ++ */
184 ++static inline void weak_wrmsr_fence(void)
185 ++{
186 ++ asm volatile("mfence; lfence" : : : "memory");
187 ++}
188 ++
189 + #endif /* _ASM_X86_BARRIER_H */
190 +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
191 +index 4dcf71c26d647..f53849f3f7fbf 100644
192 +--- a/arch/x86/kernel/apic/apic.c
193 ++++ b/arch/x86/kernel/apic/apic.c
194 +@@ -41,6 +41,7 @@
195 + #include <asm/x86_init.h>
196 + #include <asm/pgalloc.h>
197 + #include <linux/atomic.h>
198 ++#include <asm/barrier.h>
199 + #include <asm/mpspec.h>
200 + #include <asm/i8259.h>
201 + #include <asm/proto.h>
202 +@@ -464,6 +465,9 @@ static int lapic_next_deadline(unsigned long delta,
203 + {
204 + u64 tsc;
205 +
206 ++ /* This MSR is special and need a special fence: */
207 ++ weak_wrmsr_fence();
208 ++
209 + tsc = rdtsc();
210 + wrmsrl(MSR_IA32_TSC_DEADLINE, tsc + (((u64) delta) * TSC_DIVISOR));
211 + return 0;
212 +diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
213 +index cc8311c4d2985..f474756fc151e 100644
214 +--- a/arch/x86/kernel/apic/x2apic_cluster.c
215 ++++ b/arch/x86/kernel/apic/x2apic_cluster.c
216 +@@ -32,7 +32,8 @@ __x2apic_send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest)
217 + unsigned long flags;
218 + u32 dest;
219 +
220 +- x2apic_wrmsr_fence();
221 ++ /* x2apic MSRs are special and need a special fence: */
222 ++ weak_wrmsr_fence();
223 +
224 + local_irq_save(flags);
225 +
226 +diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c
227 +index 662e9150ea6f2..ad7c3544b07f9 100644
228 +--- a/arch/x86/kernel/apic/x2apic_phys.c
229 ++++ b/arch/x86/kernel/apic/x2apic_phys.c
230 +@@ -43,7 +43,8 @@ __x2apic_send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest)
231 + unsigned long this_cpu;
232 + unsigned long flags;
233 +
234 +- x2apic_wrmsr_fence();
235 ++ /* x2apic MSRs are special and need a special fence: */
236 ++ weak_wrmsr_fence();
237 +
238 + local_irq_save(flags);
239 +
240 +diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c
241 +index 82707f9824cae..b4826335ad0b3 100644
242 +--- a/drivers/acpi/thermal.c
243 ++++ b/drivers/acpi/thermal.c
244 +@@ -188,6 +188,8 @@ struct acpi_thermal {
245 + int tz_enabled;
246 + int kelvin_offset;
247 + struct work_struct thermal_check_work;
248 ++ struct mutex thermal_check_lock;
249 ++ atomic_t thermal_check_count;
250 + };
251 +
252 + /* --------------------------------------------------------------------------
253 +@@ -513,16 +515,6 @@ static int acpi_thermal_get_trip_points(struct acpi_thermal *tz)
254 + return 0;
255 + }
256 +
257 +-static void acpi_thermal_check(void *data)
258 +-{
259 +- struct acpi_thermal *tz = data;
260 +-
261 +- if (!tz->tz_enabled)
262 +- return;
263 +-
264 +- thermal_zone_device_update(tz->thermal_zone);
265 +-}
266 +-
267 + /* sys I/F for generic thermal sysfs support */
268 +
269 + static int thermal_get_temp(struct thermal_zone_device *thermal, int *temp)
270 +@@ -556,6 +548,8 @@ static int thermal_get_mode(struct thermal_zone_device *thermal,
271 + return 0;
272 + }
273 +
274 ++static void acpi_thermal_check_fn(struct work_struct *work);
275 ++
276 + static int thermal_set_mode(struct thermal_zone_device *thermal,
277 + enum thermal_device_mode mode)
278 + {
279 +@@ -581,7 +575,7 @@ static int thermal_set_mode(struct thermal_zone_device *thermal,
280 + ACPI_DEBUG_PRINT((ACPI_DB_INFO,
281 + "%s kernel ACPI thermal control\n",
282 + tz->tz_enabled ? "Enable" : "Disable"));
283 +- acpi_thermal_check(tz);
284 ++ acpi_thermal_check_fn(&tz->thermal_check_work);
285 + }
286 + return 0;
287 + }
288 +@@ -950,6 +944,12 @@ static void acpi_thermal_unregister_thermal_zone(struct acpi_thermal *tz)
289 + Driver Interface
290 + -------------------------------------------------------------------------- */
291 +
292 ++static void acpi_queue_thermal_check(struct acpi_thermal *tz)
293 ++{
294 ++ if (!work_pending(&tz->thermal_check_work))
295 ++ queue_work(acpi_thermal_pm_queue, &tz->thermal_check_work);
296 ++}
297 ++
298 + static void acpi_thermal_notify(struct acpi_device *device, u32 event)
299 + {
300 + struct acpi_thermal *tz = acpi_driver_data(device);
301 +@@ -960,17 +960,17 @@ static void acpi_thermal_notify(struct acpi_device *device, u32 event)
302 +
303 + switch (event) {
304 + case ACPI_THERMAL_NOTIFY_TEMPERATURE:
305 +- acpi_thermal_check(tz);
306 ++ acpi_queue_thermal_check(tz);
307 + break;
308 + case ACPI_THERMAL_NOTIFY_THRESHOLDS:
309 + acpi_thermal_trips_update(tz, ACPI_TRIPS_REFRESH_THRESHOLDS);
310 +- acpi_thermal_check(tz);
311 ++ acpi_queue_thermal_check(tz);
312 + acpi_bus_generate_netlink_event(device->pnp.device_class,
313 + dev_name(&device->dev), event, 0);
314 + break;
315 + case ACPI_THERMAL_NOTIFY_DEVICES:
316 + acpi_thermal_trips_update(tz, ACPI_TRIPS_REFRESH_DEVICES);
317 +- acpi_thermal_check(tz);
318 ++ acpi_queue_thermal_check(tz);
319 + acpi_bus_generate_netlink_event(device->pnp.device_class,
320 + dev_name(&device->dev), event, 0);
321 + break;
322 +@@ -1070,7 +1070,27 @@ static void acpi_thermal_check_fn(struct work_struct *work)
323 + {
324 + struct acpi_thermal *tz = container_of(work, struct acpi_thermal,
325 + thermal_check_work);
326 +- acpi_thermal_check(tz);
327 ++
328 ++ if (!tz->tz_enabled)
329 ++ return;
330 ++ /*
331 ++ * In general, it is not sufficient to check the pending bit, because
332 ++ * subsequent instances of this function may be queued after one of them
333 ++ * has started running (e.g. if _TMP sleeps). Avoid bailing out if just
334 ++ * one of them is running, though, because it may have done the actual
335 ++ * check some time ago, so allow at least one of them to block on the
336 ++ * mutex while another one is running the update.
337 ++ */
338 ++ if (!atomic_add_unless(&tz->thermal_check_count, -1, 1))
339 ++ return;
340 ++
341 ++ mutex_lock(&tz->thermal_check_lock);
342 ++
343 ++ thermal_zone_device_update(tz->thermal_zone);
344 ++
345 ++ atomic_inc(&tz->thermal_check_count);
346 ++
347 ++ mutex_unlock(&tz->thermal_check_lock);
348 + }
349 +
350 + static int acpi_thermal_add(struct acpi_device *device)
351 +@@ -1102,6 +1122,8 @@ static int acpi_thermal_add(struct acpi_device *device)
352 + if (result)
353 + goto free_memory;
354 +
355 ++ atomic_set(&tz->thermal_check_count, 3);
356 ++ mutex_init(&tz->thermal_check_lock);
357 + INIT_WORK(&tz->thermal_check_work, acpi_thermal_check_fn);
358 +
359 + pr_info(PREFIX "%s [%s] (%ld C)\n", acpi_device_name(device),
360 +@@ -1167,7 +1189,7 @@ static int acpi_thermal_resume(struct device *dev)
361 + tz->state.active |= tz->trips.active[i].flags.enabled;
362 + }
363 +
364 +- queue_work(acpi_thermal_pm_queue, &tz->thermal_check_work);
365 ++ acpi_queue_thermal_check(tz);
366 +
367 + return AE_OK;
368 + }
369 +diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
370 +index 637f1347cd13d..815b69d35722c 100644
371 +--- a/drivers/input/joystick/xpad.c
372 ++++ b/drivers/input/joystick/xpad.c
373 +@@ -232,9 +232,17 @@ static const struct xpad_device {
374 + { 0x0e6f, 0x0213, "Afterglow Gamepad for Xbox 360", 0, XTYPE_XBOX360 },
375 + { 0x0e6f, 0x021f, "Rock Candy Gamepad for Xbox 360", 0, XTYPE_XBOX360 },
376 + { 0x0e6f, 0x0246, "Rock Candy Gamepad for Xbox One 2015", 0, XTYPE_XBOXONE },
377 +- { 0x0e6f, 0x02ab, "PDP Controller for Xbox One", 0, XTYPE_XBOXONE },
378 ++ { 0x0e6f, 0x02a0, "PDP Xbox One Controller", 0, XTYPE_XBOXONE },
379 ++ { 0x0e6f, 0x02a1, "PDP Xbox One Controller", 0, XTYPE_XBOXONE },
380 ++ { 0x0e6f, 0x02a2, "PDP Wired Controller for Xbox One - Crimson Red", 0, XTYPE_XBOXONE },
381 + { 0x0e6f, 0x02a4, "PDP Wired Controller for Xbox One - Stealth Series", 0, XTYPE_XBOXONE },
382 + { 0x0e6f, 0x02a6, "PDP Wired Controller for Xbox One - Camo Series", 0, XTYPE_XBOXONE },
383 ++ { 0x0e6f, 0x02a7, "PDP Xbox One Controller", 0, XTYPE_XBOXONE },
384 ++ { 0x0e6f, 0x02a8, "PDP Xbox One Controller", 0, XTYPE_XBOXONE },
385 ++ { 0x0e6f, 0x02ab, "PDP Controller for Xbox One", 0, XTYPE_XBOXONE },
386 ++ { 0x0e6f, 0x02ad, "PDP Wired Controller for Xbox One - Stealth Series", 0, XTYPE_XBOXONE },
387 ++ { 0x0e6f, 0x02b3, "Afterglow Prismatic Wired Controller", 0, XTYPE_XBOXONE },
388 ++ { 0x0e6f, 0x02b8, "Afterglow Prismatic Wired Controller", 0, XTYPE_XBOXONE },
389 + { 0x0e6f, 0x0301, "Logic3 Controller", 0, XTYPE_XBOX360 },
390 + { 0x0e6f, 0x0346, "Rock Candy Gamepad for Xbox One 2016", 0, XTYPE_XBOXONE },
391 + { 0x0e6f, 0x0401, "Logic3 Controller", 0, XTYPE_XBOX360 },
392 +@@ -313,6 +321,9 @@ static const struct xpad_device {
393 + { 0x1bad, 0xfa01, "MadCatz GamePad", 0, XTYPE_XBOX360 },
394 + { 0x1bad, 0xfd00, "Razer Onza TE", 0, XTYPE_XBOX360 },
395 + { 0x1bad, 0xfd01, "Razer Onza", 0, XTYPE_XBOX360 },
396 ++ { 0x20d6, 0x2001, "BDA Xbox Series X Wired Controller", 0, XTYPE_XBOXONE },
397 ++ { 0x20d6, 0x281f, "PowerA Wired Controller For Xbox 360", 0, XTYPE_XBOX360 },
398 ++ { 0x2e24, 0x0652, "Hyperkin Duke X-Box One pad", 0, XTYPE_XBOXONE },
399 + { 0x24c6, 0x5000, "Razer Atrox Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 },
400 + { 0x24c6, 0x5300, "PowerA MINI PROEX Controller", 0, XTYPE_XBOX360 },
401 + { 0x24c6, 0x5303, "Xbox Airflo wired controller", 0, XTYPE_XBOX360 },
402 +@@ -446,8 +457,12 @@ static const struct usb_device_id xpad_table[] = {
403 + XPAD_XBOX360_VENDOR(0x162e), /* Joytech X-Box 360 controllers */
404 + XPAD_XBOX360_VENDOR(0x1689), /* Razer Onza */
405 + XPAD_XBOX360_VENDOR(0x1bad), /* Harminix Rock Band Guitar and Drums */
406 ++ XPAD_XBOX360_VENDOR(0x20d6), /* PowerA Controllers */
407 ++ XPAD_XBOXONE_VENDOR(0x20d6), /* PowerA Controllers */
408 + XPAD_XBOX360_VENDOR(0x24c6), /* PowerA Controllers */
409 + XPAD_XBOXONE_VENDOR(0x24c6), /* PowerA Controllers */
410 ++ XPAD_XBOXONE_VENDOR(0x2e24), /* Hyperkin Duke X-Box One pad */
411 ++ XPAD_XBOX360_VENDOR(0x2f24), /* GameSir Controllers */
412 + { }
413 + };
414 +
415 +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
416 +index fa07be0b4500e..2317f8d3fef6f 100644
417 +--- a/drivers/input/serio/i8042-x86ia64io.h
418 ++++ b/drivers/input/serio/i8042-x86ia64io.h
419 +@@ -223,6 +223,8 @@ static const struct dmi_system_id __initconst i8042_dmi_noloop_table[] = {
420 + DMI_MATCH(DMI_SYS_VENDOR, "PEGATRON CORPORATION"),
421 + DMI_MATCH(DMI_PRODUCT_NAME, "C15B"),
422 + },
423 ++ },
424 ++ {
425 + .matches = {
426 + DMI_MATCH(DMI_SYS_VENDOR, "ByteSpeed LLC"),
427 + DMI_MATCH(DMI_PRODUCT_NAME, "ByteSpeed Laptop C15B"),
428 +diff --git a/drivers/mmc/core/sdio_cis.c b/drivers/mmc/core/sdio_cis.c
429 +index 8651bd30863d4..f9416535f79d8 100644
430 +--- a/drivers/mmc/core/sdio_cis.c
431 ++++ b/drivers/mmc/core/sdio_cis.c
432 +@@ -24,6 +24,8 @@
433 + #include "sdio_cis.h"
434 + #include "sdio_ops.h"
435 +
436 ++#define SDIO_READ_CIS_TIMEOUT_MS (10 * 1000) /* 10s */
437 ++
438 + static int cistpl_vers_1(struct mmc_card *card, struct sdio_func *func,
439 + const unsigned char *buf, unsigned size)
440 + {
441 +@@ -263,6 +265,8 @@ static int sdio_read_cis(struct mmc_card *card, struct sdio_func *func)
442 +
443 + do {
444 + unsigned char tpl_code, tpl_link;
445 ++ unsigned long timeout = jiffies +
446 ++ msecs_to_jiffies(SDIO_READ_CIS_TIMEOUT_MS);
447 +
448 + ret = mmc_io_rw_direct(card, 0, 0, ptr++, 0, &tpl_code);
449 + if (ret)
450 +@@ -315,6 +319,8 @@ static int sdio_read_cis(struct mmc_card *card, struct sdio_func *func)
451 + prev = &this->next;
452 +
453 + if (ret == -ENOENT) {
454 ++ if (time_after(jiffies, timeout))
455 ++ break;
456 + /* warn about unknown tuples */
457 + pr_warn_ratelimited("%s: queuing unknown"
458 + " CIS tuple 0x%02x (%u bytes)\n",
459 +diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c
460 +index db80ab8335dfb..aa74f72e582ab 100644
461 +--- a/drivers/scsi/ibmvscsi/ibmvfc.c
462 ++++ b/drivers/scsi/ibmvscsi/ibmvfc.c
463 +@@ -2883,8 +2883,10 @@ static int ibmvfc_slave_configure(struct scsi_device *sdev)
464 + unsigned long flags = 0;
465 +
466 + spin_lock_irqsave(shost->host_lock, flags);
467 +- if (sdev->type == TYPE_DISK)
468 ++ if (sdev->type == TYPE_DISK) {
469 + sdev->allow_restart = 1;
470 ++ blk_queue_rq_timeout(sdev->request_queue, 120 * HZ);
471 ++ }
472 + spin_unlock_irqrestore(shost->host_lock, flags);
473 + return 0;
474 + }
475 +diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
476 +index b20c575564e43..a088f74a157c7 100644
477 +--- a/drivers/scsi/libfc/fc_exch.c
478 ++++ b/drivers/scsi/libfc/fc_exch.c
479 +@@ -1577,8 +1577,13 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
480 + rc = fc_exch_done_locked(ep);
481 + WARN_ON(fc_seq_exch(sp) != ep);
482 + spin_unlock_bh(&ep->ex_lock);
483 +- if (!rc)
484 ++ if (!rc) {
485 + fc_exch_delete(ep);
486 ++ } else {
487 ++ FC_EXCH_DBG(ep, "ep is completed already,"
488 ++ "hence skip calling the resp\n");
489 ++ goto skip_resp;
490 ++ }
491 + }
492 +
493 + /*
494 +@@ -1597,6 +1602,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
495 + if (!fc_invoke_resp(ep, sp, fp))
496 + fc_frame_free(fp);
497 +
498 ++skip_resp:
499 + fc_exch_release(ep);
500 + return;
501 + rel:
502 +@@ -1841,10 +1847,16 @@ static void fc_exch_reset(struct fc_exch *ep)
503 +
504 + fc_exch_hold(ep);
505 +
506 +- if (!rc)
507 ++ if (!rc) {
508 + fc_exch_delete(ep);
509 ++ } else {
510 ++ FC_EXCH_DBG(ep, "ep is completed already,"
511 ++ "hence skip calling the resp\n");
512 ++ goto skip_resp;
513 ++ }
514 +
515 + fc_invoke_resp(ep, sp, ERR_PTR(-FC_EX_CLOSED));
516 ++skip_resp:
517 + fc_seq_set_resp(sp, NULL, ep->arg);
518 + fc_exch_release(ep);
519 + }
520 +diff --git a/drivers/usb/class/usblp.c b/drivers/usb/class/usblp.c
521 +index 76701d6ce92c3..582099f4f449f 100644
522 +--- a/drivers/usb/class/usblp.c
523 ++++ b/drivers/usb/class/usblp.c
524 +@@ -1349,14 +1349,17 @@ static int usblp_set_protocol(struct usblp *usblp, int protocol)
525 + if (protocol < USBLP_FIRST_PROTOCOL || protocol > USBLP_LAST_PROTOCOL)
526 + return -EINVAL;
527 +
528 +- alts = usblp->protocol[protocol].alt_setting;
529 +- if (alts < 0)
530 +- return -EINVAL;
531 +- r = usb_set_interface(usblp->dev, usblp->ifnum, alts);
532 +- if (r < 0) {
533 +- printk(KERN_ERR "usblp: can't set desired altsetting %d on interface %d\n",
534 +- alts, usblp->ifnum);
535 +- return r;
536 ++ /* Don't unnecessarily set the interface if there's a single alt. */
537 ++ if (usblp->intf->num_altsetting > 1) {
538 ++ alts = usblp->protocol[protocol].alt_setting;
539 ++ if (alts < 0)
540 ++ return -EINVAL;
541 ++ r = usb_set_interface(usblp->dev, usblp->ifnum, alts);
542 ++ if (r < 0) {
543 ++ printk(KERN_ERR "usblp: can't set desired altsetting %d on interface %d\n",
544 ++ alts, usblp->ifnum);
545 ++ return r;
546 ++ }
547 + }
548 +
549 + usblp->bidir = (usblp->protocol[protocol].epread != NULL);
550 +diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c
551 +index e5ad717cba22f..135e97310f118 100644
552 +--- a/drivers/usb/dwc2/gadget.c
553 ++++ b/drivers/usb/dwc2/gadget.c
554 +@@ -871,7 +871,6 @@ static void dwc2_hsotg_complete_oursetup(struct usb_ep *ep,
555 + static struct dwc2_hsotg_ep *ep_from_windex(struct dwc2_hsotg *hsotg,
556 + u32 windex)
557 + {
558 +- struct dwc2_hsotg_ep *ep;
559 + int dir = (windex & USB_DIR_IN) ? 1 : 0;
560 + int idx = windex & 0x7F;
561 +
562 +@@ -881,12 +880,7 @@ static struct dwc2_hsotg_ep *ep_from_windex(struct dwc2_hsotg *hsotg,
563 + if (idx > hsotg->num_of_eps)
564 + return NULL;
565 +
566 +- ep = index_to_ep(hsotg, idx, dir);
567 +-
568 +- if (idx && ep->dir_in != dir)
569 +- return NULL;
570 +-
571 +- return ep;
572 ++ return index_to_ep(hsotg, idx, dir);
573 + }
574 +
575 + /**
576 +diff --git a/drivers/usb/gadget/legacy/ether.c b/drivers/usb/gadget/legacy/ether.c
577 +index 31e9160223e9a..0b7229678b530 100644
578 +--- a/drivers/usb/gadget/legacy/ether.c
579 ++++ b/drivers/usb/gadget/legacy/ether.c
580 +@@ -407,8 +407,10 @@ static int eth_bind(struct usb_composite_dev *cdev)
581 + struct usb_descriptor_header *usb_desc;
582 +
583 + usb_desc = usb_otg_descriptor_alloc(gadget);
584 +- if (!usb_desc)
585 ++ if (!usb_desc) {
586 ++ status = -ENOMEM;
587 + goto fail1;
588 ++ }
589 + usb_otg_descriptor_init(gadget, usb_desc);
590 + otg_desc[0] = usb_desc;
591 + otg_desc[1] = NULL;
592 +diff --git a/drivers/usb/gadget/udc/udc-core.c b/drivers/usb/gadget/udc/udc-core.c
593 +index a6a1678cb9276..c6859fdd74bc2 100644
594 +--- a/drivers/usb/gadget/udc/udc-core.c
595 ++++ b/drivers/usb/gadget/udc/udc-core.c
596 +@@ -612,10 +612,13 @@ static ssize_t usb_udc_softconn_store(struct device *dev,
597 + struct device_attribute *attr, const char *buf, size_t n)
598 + {
599 + struct usb_udc *udc = container_of(dev, struct usb_udc, dev);
600 ++ ssize_t ret;
601 +
602 ++ mutex_lock(&udc_lock);
603 + if (!udc->driver) {
604 + dev_err(dev, "soft-connect without a gadget driver\n");
605 +- return -EOPNOTSUPP;
606 ++ ret = -EOPNOTSUPP;
607 ++ goto out;
608 + }
609 +
610 + if (sysfs_streq(buf, "connect")) {
611 +@@ -627,10 +630,14 @@ static ssize_t usb_udc_softconn_store(struct device *dev,
612 + usb_gadget_udc_stop(udc);
613 + } else {
614 + dev_err(dev, "unsupported command '%s'\n", buf);
615 +- return -EINVAL;
616 ++ ret = -EINVAL;
617 ++ goto out;
618 + }
619 +
620 +- return n;
621 ++ ret = n;
622 ++out:
623 ++ mutex_unlock(&udc_lock);
624 ++ return ret;
625 + }
626 + static DEVICE_ATTR(soft_connect, S_IWUSR, NULL, usb_udc_softconn_store);
627 +
628 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
629 +index 13c718ebaee5b..ded4c8f2bba4e 100644
630 +--- a/drivers/usb/serial/cp210x.c
631 ++++ b/drivers/usb/serial/cp210x.c
632 +@@ -57,6 +57,7 @@ static const struct usb_device_id id_table[] = {
633 + { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
634 + { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */
635 + { USB_DEVICE(0x0908, 0x01FF) }, /* Siemens RUGGEDCOM USB Serial Console */
636 ++ { USB_DEVICE(0x0988, 0x0578) }, /* Teraoka AD2000 */
637 + { USB_DEVICE(0x0B00, 0x3070) }, /* Ingenico 3070 */
638 + { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */
639 + { USB_DEVICE(0x0BED, 0x1101) }, /* MEI series 2000 Combo Acceptor */
640 +@@ -197,6 +198,7 @@ static const struct usb_device_id id_table[] = {
641 + { USB_DEVICE(0x1901, 0x0194) }, /* GE Healthcare Remote Alarm Box */
642 + { USB_DEVICE(0x1901, 0x0195) }, /* GE B850/B650/B450 CP2104 DP UART interface */
643 + { USB_DEVICE(0x1901, 0x0196) }, /* GE B850 CP2105 DP UART interface */
644 ++ { USB_DEVICE(0x199B, 0xBA30) }, /* LORD WSDA-200-USB */
645 + { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
646 + { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
647 + { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
648 +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
649 +index 1998b314368e0..3c536eed07541 100644
650 +--- a/drivers/usb/serial/option.c
651 ++++ b/drivers/usb/serial/option.c
652 +@@ -425,6 +425,8 @@ static void option_instat_callback(struct urb *urb);
653 + #define CINTERION_PRODUCT_AHXX_2RMNET 0x0084
654 + #define CINTERION_PRODUCT_AHXX_AUDIO 0x0085
655 + #define CINTERION_PRODUCT_CLS8 0x00b0
656 ++#define CINTERION_PRODUCT_MV31_MBIM 0x00b3
657 ++#define CINTERION_PRODUCT_MV31_RMNET 0x00b7
658 +
659 + /* Olivetti products */
660 + #define OLIVETTI_VENDOR_ID 0x0b3c
661 +@@ -1896,6 +1898,10 @@ static const struct usb_device_id option_ids[] = {
662 + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC25_MDMNET) },
663 + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) }, /* HC28 enumerates with Siemens or Cinterion VID depending on FW revision */
664 + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) },
665 ++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_MBIM, 0xff),
666 ++ .driver_info = RSVD(3)},
667 ++ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_MV31_RMNET, 0xff),
668 ++ .driver_info = RSVD(0)},
669 + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100),
670 + .driver_info = RSVD(4) },
671 + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD120),
672 +diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
673 +index 2d0cbbd14cfc8..72c03354c14bf 100644
674 +--- a/fs/Kconfig.binfmt
675 ++++ b/fs/Kconfig.binfmt
676 +@@ -1,6 +1,7 @@
677 + config BINFMT_ELF
678 + bool "Kernel support for ELF binaries"
679 + depends on MMU && (BROKEN || !FRV)
680 ++ select ELFCORE
681 + default y
682 + ---help---
683 + ELF (Executable and Linkable Format) is a format for libraries and
684 +@@ -26,6 +27,7 @@ config BINFMT_ELF
685 + config COMPAT_BINFMT_ELF
686 + bool
687 + depends on COMPAT && BINFMT_ELF
688 ++ select ELFCORE
689 +
690 + config ARCH_BINFMT_ELF_STATE
691 + bool
692 +@@ -34,6 +36,7 @@ config BINFMT_ELF_FDPIC
693 + bool "Kernel support for FDPIC ELF binaries"
694 + default y
695 + depends on (FRV || BLACKFIN || (SUPERH32 && !MMU) || C6X)
696 ++ select ELFCORE
697 + help
698 + ELF FDPIC binaries are based on ELF, but allow the individual load
699 + segments of a binary to be located in memory independently of each
700 +@@ -43,6 +46,11 @@ config BINFMT_ELF_FDPIC
701 +
702 + It is also possible to run FDPIC ELF binaries on MMU linux also.
703 +
704 ++config ELFCORE
705 ++ bool
706 ++ help
707 ++ This option enables kernel/elfcore.o.
708 ++
709 + config CORE_DUMP_DEFAULT_ELF_HEADERS
710 + bool "Write ELF core dumps with partial segments"
711 + default y
712 +diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
713 +index be16da31cbccf..9f1641324a811 100644
714 +--- a/fs/cifs/dir.c
715 ++++ b/fs/cifs/dir.c
716 +@@ -831,6 +831,7 @@ static int
717 + cifs_d_revalidate(struct dentry *direntry, unsigned int flags)
718 + {
719 + struct inode *inode;
720 ++ int rc;
721 +
722 + if (flags & LOOKUP_RCU)
723 + return -ECHILD;
724 +@@ -840,8 +841,25 @@ cifs_d_revalidate(struct dentry *direntry, unsigned int flags)
725 + if ((flags & LOOKUP_REVAL) && !CIFS_CACHE_READ(CIFS_I(inode)))
726 + CIFS_I(inode)->time = 0; /* force reval */
727 +
728 +- if (cifs_revalidate_dentry(direntry))
729 +- return 0;
730 ++ rc = cifs_revalidate_dentry(direntry);
731 ++ if (rc) {
732 ++ cifs_dbg(FYI, "cifs_revalidate_dentry failed with rc=%d", rc);
733 ++ switch (rc) {
734 ++ case -ENOENT:
735 ++ case -ESTALE:
736 ++ /*
737 ++ * Those errors mean the dentry is invalid
738 ++ * (file was deleted or recreated)
739 ++ */
740 ++ return 0;
741 ++ default:
742 ++ /*
743 ++ * Otherwise some unexpected error happened
744 ++ * report it as-is to VFS layer
745 ++ */
746 ++ return rc;
747 ++ }
748 ++ }
749 + else {
750 + /*
751 + * If the inode wasn't known to be a dfs entry when
752 +diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
753 +index 937c6ee1786f9..b743aa5bce0d2 100644
754 +--- a/fs/hugetlbfs/inode.c
755 ++++ b/fs/hugetlbfs/inode.c
756 +@@ -661,8 +661,9 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset,
757 +
758 + mutex_unlock(&hugetlb_fault_mutex_table[hash]);
759 +
760 ++ set_page_huge_active(page);
761 + /*
762 +- * page_put due to reference from alloc_huge_page()
763 ++ * put_page() due to reference from alloc_huge_page()
764 + * unlock_page because locked by add_to_page_cache()
765 + */
766 + put_page(page);
767 +diff --git a/include/linux/elfcore.h b/include/linux/elfcore.h
768 +index 698d51a0eea3f..4adf7faeaeb59 100644
769 +--- a/include/linux/elfcore.h
770 ++++ b/include/linux/elfcore.h
771 +@@ -55,6 +55,7 @@ static inline int elf_core_copy_task_xfpregs(struct task_struct *t, elf_fpxregse
772 + }
773 + #endif
774 +
775 ++#if defined(CONFIG_UM) || defined(CONFIG_IA64)
776 + /*
777 + * These functions parameterize elf_core_dump in fs/binfmt_elf.c to write out
778 + * extra segments containing the gate DSO contents. Dumping its
779 +@@ -69,5 +70,26 @@ elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset);
780 + extern int
781 + elf_core_write_extra_data(struct coredump_params *cprm);
782 + extern size_t elf_core_extra_data_size(void);
783 ++#else
784 ++static inline Elf_Half elf_core_extra_phdrs(void)
785 ++{
786 ++ return 0;
787 ++}
788 ++
789 ++static inline int elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset)
790 ++{
791 ++ return 1;
792 ++}
793 ++
794 ++static inline int elf_core_write_extra_data(struct coredump_params *cprm)
795 ++{
796 ++ return 1;
797 ++}
798 ++
799 ++static inline size_t elf_core_extra_data_size(void)
800 ++{
801 ++ return 0;
802 ++}
803 ++#endif
804 +
805 + #endif /* _LINUX_ELFCORE_H */
806 +diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
807 +index cc185525a94ba..c4a4a39a458dc 100644
808 +--- a/include/linux/hugetlb.h
809 ++++ b/include/linux/hugetlb.h
810 +@@ -506,6 +506,9 @@ static inline void hugetlb_count_sub(long l, struct mm_struct *mm)
811 + {
812 + atomic_long_sub(l, &mm->hugetlb_usage);
813 + }
814 ++
815 ++void set_page_huge_active(struct page *page);
816 ++
817 + #else /* CONFIG_HUGETLB_PAGE */
818 + struct hstate {};
819 + #define alloc_huge_page(v, a, r) NULL
820 +diff --git a/kernel/Makefile b/kernel/Makefile
821 +index a672bece1f499..8b73d57804f23 100644
822 +--- a/kernel/Makefile
823 ++++ b/kernel/Makefile
824 +@@ -77,9 +77,6 @@ obj-$(CONFIG_TASK_DELAY_ACCT) += delayacct.o
825 + obj-$(CONFIG_TASKSTATS) += taskstats.o tsacct.o
826 + obj-$(CONFIG_TRACEPOINTS) += tracepoint.o
827 + obj-$(CONFIG_LATENCYTOP) += latencytop.o
828 +-obj-$(CONFIG_BINFMT_ELF) += elfcore.o
829 +-obj-$(CONFIG_COMPAT_BINFMT_ELF) += elfcore.o
830 +-obj-$(CONFIG_BINFMT_ELF_FDPIC) += elfcore.o
831 + obj-$(CONFIG_FUNCTION_TRACER) += trace/
832 + obj-$(CONFIG_TRACING) += trace/
833 + obj-$(CONFIG_TRACE_CLOCK) += trace/
834 +diff --git a/kernel/elfcore.c b/kernel/elfcore.c
835 +deleted file mode 100644
836 +index a2b29b9bdfcb2..0000000000000
837 +--- a/kernel/elfcore.c
838 ++++ /dev/null
839 +@@ -1,25 +0,0 @@
840 +-#include <linux/elf.h>
841 +-#include <linux/fs.h>
842 +-#include <linux/mm.h>
843 +-#include <linux/binfmts.h>
844 +-#include <linux/elfcore.h>
845 +-
846 +-Elf_Half __weak elf_core_extra_phdrs(void)
847 +-{
848 +- return 0;
849 +-}
850 +-
851 +-int __weak elf_core_write_extra_phdrs(struct coredump_params *cprm, loff_t offset)
852 +-{
853 +- return 1;
854 +-}
855 +-
856 +-int __weak elf_core_write_extra_data(struct coredump_params *cprm)
857 +-{
858 +- return 1;
859 +-}
860 +-
861 +-size_t __weak elf_core_extra_data_size(void)
862 +-{
863 +- return 0;
864 +-}
865 +diff --git a/kernel/futex.c b/kernel/futex.c
866 +index f1990e2a51e5a..199e63c5b6120 100644
867 +--- a/kernel/futex.c
868 ++++ b/kernel/futex.c
869 +@@ -835,6 +835,29 @@ static struct futex_pi_state * alloc_pi_state(void)
870 + return pi_state;
871 + }
872 +
873 ++static void pi_state_update_owner(struct futex_pi_state *pi_state,
874 ++ struct task_struct *new_owner)
875 ++{
876 ++ struct task_struct *old_owner = pi_state->owner;
877 ++
878 ++ lockdep_assert_held(&pi_state->pi_mutex.wait_lock);
879 ++
880 ++ if (old_owner) {
881 ++ raw_spin_lock(&old_owner->pi_lock);
882 ++ WARN_ON(list_empty(&pi_state->list));
883 ++ list_del_init(&pi_state->list);
884 ++ raw_spin_unlock(&old_owner->pi_lock);
885 ++ }
886 ++
887 ++ if (new_owner) {
888 ++ raw_spin_lock(&new_owner->pi_lock);
889 ++ WARN_ON(!list_empty(&pi_state->list));
890 ++ list_add(&pi_state->list, &new_owner->pi_state_list);
891 ++ pi_state->owner = new_owner;
892 ++ raw_spin_unlock(&new_owner->pi_lock);
893 ++ }
894 ++}
895 ++
896 + /*
897 + * Must be called with the hb lock held.
898 + */
899 +@@ -851,11 +874,8 @@ static void free_pi_state(struct futex_pi_state *pi_state)
900 + * and has cleaned up the pi_state already
901 + */
902 + if (pi_state->owner) {
903 +- raw_spin_lock_irq(&pi_state->owner->pi_lock);
904 +- list_del_init(&pi_state->list);
905 +- raw_spin_unlock_irq(&pi_state->owner->pi_lock);
906 +-
907 +- rt_mutex_proxy_unlock(&pi_state->pi_mutex, pi_state->owner);
908 ++ pi_state_update_owner(pi_state, NULL);
909 ++ rt_mutex_proxy_unlock(&pi_state->pi_mutex);
910 + }
911 +
912 + if (current->pi_state_cache)
913 +@@ -936,7 +956,7 @@ static void exit_pi_state_list(struct task_struct *curr)
914 + pi_state->owner = NULL;
915 + raw_spin_unlock_irq(&curr->pi_lock);
916 +
917 +- rt_mutex_unlock(&pi_state->pi_mutex);
918 ++ rt_mutex_futex_unlock(&pi_state->pi_mutex);
919 +
920 + spin_unlock(&hb->lock);
921 +
922 +@@ -992,7 +1012,8 @@ static void exit_pi_state_list(struct task_struct *curr)
923 + * FUTEX_OWNER_DIED bit. See [4]
924 + *
925 + * [10] There is no transient state which leaves owner and user space
926 +- * TID out of sync.
927 ++ * TID out of sync. Except one error case where the kernel is denied
928 ++ * write access to the user address, see fixup_pi_state_owner().
929 + */
930 +
931 + /*
932 +@@ -1389,12 +1410,19 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this,
933 + new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
934 +
935 + /*
936 +- * It is possible that the next waiter (the one that brought
937 +- * this owner to the kernel) timed out and is no longer
938 +- * waiting on the lock.
939 ++ * When we interleave with futex_lock_pi() where it does
940 ++ * rt_mutex_timed_futex_lock(), we might observe @this futex_q waiter,
941 ++ * but the rt_mutex's wait_list can be empty (either still, or again,
942 ++ * depending on which side we land).
943 ++ *
944 ++ * When this happens, give up our locks and try again, giving the
945 ++ * futex_lock_pi() instance time to complete, either by waiting on the
946 ++ * rtmutex or removing itself from the futex queue.
947 + */
948 +- if (!new_owner)
949 +- new_owner = this->task;
950 ++ if (!new_owner) {
951 ++ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
952 ++ return -EAGAIN;
953 ++ }
954 +
955 + /*
956 + * We pass it to the next owner. The WAITERS bit is always
957 +@@ -1420,36 +1448,24 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this,
958 + else
959 + ret = -EINVAL;
960 + }
961 +- if (ret) {
962 +- raw_spin_unlock(&pi_state->pi_mutex.wait_lock);
963 +- return ret;
964 +- }
965 +-
966 +- raw_spin_lock_irq(&pi_state->owner->pi_lock);
967 +- WARN_ON(list_empty(&pi_state->list));
968 +- list_del_init(&pi_state->list);
969 +- raw_spin_unlock_irq(&pi_state->owner->pi_lock);
970 +-
971 +- raw_spin_lock_irq(&new_owner->pi_lock);
972 +- WARN_ON(!list_empty(&pi_state->list));
973 +- list_add(&pi_state->list, &new_owner->pi_state_list);
974 +- pi_state->owner = new_owner;
975 +- raw_spin_unlock_irq(&new_owner->pi_lock);
976 +-
977 +- raw_spin_unlock(&pi_state->pi_mutex.wait_lock);
978 +
979 +- deboost = rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
980 ++ if (!ret) {
981 ++ /*
982 ++ * This is a point of no return; once we modified the uval
983 ++ * there is no going back and subsequent operations must
984 ++ * not fail.
985 ++ */
986 ++ pi_state_update_owner(pi_state, new_owner);
987 ++ deboost = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
988 ++ }
989 +
990 +- /*
991 +- * First unlock HB so the waiter does not spin on it once he got woken
992 +- * up. Second wake up the waiter before the priority is adjusted. If we
993 +- * deboost first (and lose our higher priority), then the task might get
994 +- * scheduled away before the wake up can take place.
995 +- */
996 ++ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
997 + spin_unlock(&hb->lock);
998 +- wake_up_q(&wake_q);
999 +- if (deboost)
1000 ++
1001 ++ if (deboost) {
1002 ++ wake_up_q(&wake_q);
1003 + rt_mutex_adjust_prio(current);
1004 ++ }
1005 +
1006 + return 0;
1007 + }
1008 +@@ -2222,30 +2238,32 @@ static void unqueue_me_pi(struct futex_q *q)
1009 + spin_unlock(q->lock_ptr);
1010 + }
1011 +
1012 +-/*
1013 +- * Fixup the pi_state owner with the new owner.
1014 +- *
1015 +- * Must be called with hash bucket lock held and mm->sem held for non
1016 +- * private futexes.
1017 +- */
1018 +-static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
1019 +- struct task_struct *newowner)
1020 ++static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
1021 ++ struct task_struct *argowner)
1022 + {
1023 +- u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
1024 + struct futex_pi_state *pi_state = q->pi_state;
1025 +- struct task_struct *oldowner = pi_state->owner;
1026 +- u32 uval, uninitialized_var(curval), newval;
1027 +- int ret;
1028 ++ struct task_struct *oldowner, *newowner;
1029 ++ u32 uval, curval, newval, newtid;
1030 ++ int err = 0;
1031 ++
1032 ++ oldowner = pi_state->owner;
1033 +
1034 + /* Owner died? */
1035 + if (!pi_state->owner)
1036 + newtid |= FUTEX_OWNER_DIED;
1037 +
1038 + /*
1039 +- * We are here either because we stole the rtmutex from the
1040 +- * previous highest priority waiter or we are the highest priority
1041 +- * waiter but failed to get the rtmutex the first time.
1042 +- * We have to replace the newowner TID in the user space variable.
1043 ++ * We are here because either:
1044 ++ *
1045 ++ * - we stole the lock and pi_state->owner needs updating to reflect
1046 ++ * that (@argowner == current),
1047 ++ *
1048 ++ * or:
1049 ++ *
1050 ++ * - someone stole our lock and we need to fix things to point to the
1051 ++ * new owner (@argowner == NULL).
1052 ++ *
1053 ++ * Either way, we have to replace the TID in the user space variable.
1054 + * This must be atomic as we have to preserve the owner died bit here.
1055 + *
1056 + * Note: We write the user space value _before_ changing the pi_state
1057 +@@ -2259,6 +2277,39 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
1058 + * in lookup_pi_state.
1059 + */
1060 + retry:
1061 ++ if (!argowner) {
1062 ++ if (oldowner != current) {
1063 ++ /*
1064 ++ * We raced against a concurrent self; things are
1065 ++ * already fixed up. Nothing to do.
1066 ++ */
1067 ++ return 0;
1068 ++ }
1069 ++
1070 ++ if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) {
1071 ++ /* We got the lock after all, nothing to fix. */
1072 ++ return 1;
1073 ++ }
1074 ++
1075 ++ /*
1076 ++ * Since we just failed the trylock; there must be an owner.
1077 ++ */
1078 ++ newowner = rt_mutex_owner(&pi_state->pi_mutex);
1079 ++ BUG_ON(!newowner);
1080 ++ } else {
1081 ++ WARN_ON_ONCE(argowner != current);
1082 ++ if (oldowner == current) {
1083 ++ /*
1084 ++ * We raced against a concurrent self; things are
1085 ++ * already fixed up. Nothing to do.
1086 ++ */
1087 ++ return 1;
1088 ++ }
1089 ++ newowner = argowner;
1090 ++ }
1091 ++
1092 ++ newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
1093 ++
1094 + if (get_futex_value_locked(&uval, uaddr))
1095 + goto handle_fault;
1096 +
1097 +@@ -2276,19 +2327,8 @@ retry:
1098 + * We fixed up user space. Now we need to fix the pi_state
1099 + * itself.
1100 + */
1101 +- if (pi_state->owner != NULL) {
1102 +- raw_spin_lock_irq(&pi_state->owner->pi_lock);
1103 +- WARN_ON(list_empty(&pi_state->list));
1104 +- list_del_init(&pi_state->list);
1105 +- raw_spin_unlock_irq(&pi_state->owner->pi_lock);
1106 +- }
1107 +-
1108 +- pi_state->owner = newowner;
1109 ++ pi_state_update_owner(pi_state, newowner);
1110 +
1111 +- raw_spin_lock_irq(&newowner->pi_lock);
1112 +- WARN_ON(!list_empty(&pi_state->list));
1113 +- list_add(&pi_state->list, &newowner->pi_state_list);
1114 +- raw_spin_unlock_irq(&newowner->pi_lock);
1115 + return 0;
1116 +
1117 + /*
1118 +@@ -2304,7 +2344,7 @@ retry:
1119 + handle_fault:
1120 + spin_unlock(q->lock_ptr);
1121 +
1122 +- ret = fault_in_user_writeable(uaddr);
1123 ++ err = fault_in_user_writeable(uaddr);
1124 +
1125 + spin_lock(q->lock_ptr);
1126 +
1127 +@@ -2312,12 +2352,45 @@ handle_fault:
1128 + * Check if someone else fixed it for us:
1129 + */
1130 + if (pi_state->owner != oldowner)
1131 +- return 0;
1132 ++ return argowner == current;
1133 +
1134 +- if (ret)
1135 +- return ret;
1136 ++ /* Retry if err was -EAGAIN or the fault in succeeded */
1137 ++ if (!err)
1138 ++ goto retry;
1139 +
1140 +- goto retry;
1141 ++ /*
1142 ++ * fault_in_user_writeable() failed so user state is immutable. At
1143 ++ * best we can make the kernel state consistent but user state will
1144 ++ * be most likely hosed and any subsequent unlock operation will be
1145 ++ * rejected due to PI futex rule [10].
1146 ++ *
1147 ++ * Ensure that the rtmutex owner is also the pi_state owner despite
1148 ++ * the user space value claiming something different. There is no
1149 ++ * point in unlocking the rtmutex if current is the owner as it
1150 ++ * would need to wait until the next waiter has taken the rtmutex
1151 ++ * to guarantee consistent state. Keep it simple. Userspace asked
1152 ++ * for this wreckaged state.
1153 ++ *
1154 ++ * The rtmutex has an owner - either current or some other
1155 ++ * task. See the EAGAIN loop above.
1156 ++ */
1157 ++ pi_state_update_owner(pi_state, rt_mutex_owner(&pi_state->pi_mutex));
1158 ++
1159 ++ return err;
1160 ++}
1161 ++
1162 ++static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
1163 ++ struct task_struct *argowner)
1164 ++{
1165 ++ struct futex_pi_state *pi_state = q->pi_state;
1166 ++ int ret;
1167 ++
1168 ++ lockdep_assert_held(q->lock_ptr);
1169 ++
1170 ++ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
1171 ++ ret = __fixup_pi_state_owner(uaddr, q, argowner);
1172 ++ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
1173 ++ return ret;
1174 + }
1175 +
1176 + static long futex_wait_restart(struct restart_block *restart);
1177 +@@ -2339,13 +2412,16 @@ static long futex_wait_restart(struct restart_block *restart);
1178 + */
1179 + static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
1180 + {
1181 +- struct task_struct *owner;
1182 + int ret = 0;
1183 +
1184 + if (locked) {
1185 + /*
1186 + * Got the lock. We might not be the anticipated owner if we
1187 + * did a lock-steal - fix up the PI-state in that case:
1188 ++ *
1189 ++ * Speculative pi_state->owner read (we don't hold wait_lock);
1190 ++ * since we own the lock pi_state->owner == current is the
1191 ++ * stable state, anything else needs more attention.
1192 + */
1193 + if (q->pi_state->owner != current)
1194 + ret = fixup_pi_state_owner(uaddr, q, current);
1195 +@@ -2353,43 +2429,24 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
1196 + }
1197 +
1198 + /*
1199 +- * Catch the rare case, where the lock was released when we were on the
1200 +- * way back before we locked the hash bucket.
1201 ++ * If we didn't get the lock; check if anybody stole it from us. In
1202 ++ * that case, we need to fix up the uval to point to them instead of
1203 ++ * us, otherwise bad things happen. [10]
1204 ++ *
1205 ++ * Another speculative read; pi_state->owner == current is unstable
1206 ++ * but needs our attention.
1207 + */
1208 + if (q->pi_state->owner == current) {
1209 +- /*
1210 +- * Try to get the rt_mutex now. This might fail as some other
1211 +- * task acquired the rt_mutex after we removed ourself from the
1212 +- * rt_mutex waiters list.
1213 +- */
1214 +- if (rt_mutex_trylock(&q->pi_state->pi_mutex)) {
1215 +- locked = 1;
1216 +- goto out;
1217 +- }
1218 +-
1219 +- /*
1220 +- * pi_state is incorrect, some other task did a lock steal and
1221 +- * we returned due to timeout or signal without taking the
1222 +- * rt_mutex. Too late.
1223 +- */
1224 +- raw_spin_lock(&q->pi_state->pi_mutex.wait_lock);
1225 +- owner = rt_mutex_owner(&q->pi_state->pi_mutex);
1226 +- if (!owner)
1227 +- owner = rt_mutex_next_owner(&q->pi_state->pi_mutex);
1228 +- raw_spin_unlock(&q->pi_state->pi_mutex.wait_lock);
1229 +- ret = fixup_pi_state_owner(uaddr, q, owner);
1230 ++ ret = fixup_pi_state_owner(uaddr, q, NULL);
1231 + goto out;
1232 + }
1233 +
1234 + /*
1235 + * Paranoia check. If we did not take the lock, then we should not be
1236 +- * the owner of the rt_mutex.
1237 ++ * the owner of the rt_mutex. Warn and establish consistent state.
1238 + */
1239 +- if (rt_mutex_owner(&q->pi_state->pi_mutex) == current)
1240 +- printk(KERN_ERR "fixup_owner: ret = %d pi-mutex: %p "
1241 +- "pi-state %p\n", ret,
1242 +- q->pi_state->pi_mutex.owner,
1243 +- q->pi_state->owner);
1244 ++ if (WARN_ON_ONCE(rt_mutex_owner(&q->pi_state->pi_mutex) == current))
1245 ++ return fixup_pi_state_owner(uaddr, q, current);
1246 +
1247 + out:
1248 + return ret ? ret : locked;
1249 +@@ -2686,7 +2743,7 @@ retry_private:
1250 + if (!trylock) {
1251 + ret = rt_mutex_timed_futex_lock(&q.pi_state->pi_mutex, to);
1252 + } else {
1253 +- ret = rt_mutex_trylock(&q.pi_state->pi_mutex);
1254 ++ ret = rt_mutex_futex_trylock(&q.pi_state->pi_mutex);
1255 + /* Fixup the trylock return value: */
1256 + ret = ret ? 0 : -EWOULDBLOCK;
1257 + }
1258 +@@ -2704,13 +2761,6 @@ retry_private:
1259 + if (res)
1260 + ret = (res < 0) ? res : 0;
1261 +
1262 +- /*
1263 +- * If fixup_owner() faulted and was unable to handle the fault, unlock
1264 +- * it and return the fault to userspace.
1265 +- */
1266 +- if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current))
1267 +- rt_mutex_unlock(&q.pi_state->pi_mutex);
1268 +-
1269 + /* Unqueue and drop the lock */
1270 + unqueue_me_pi(&q);
1271 +
1272 +@@ -3015,8 +3065,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
1273 + if (q.pi_state && (q.pi_state->owner != current)) {
1274 + spin_lock(q.lock_ptr);
1275 + ret = fixup_pi_state_owner(uaddr2, &q, current);
1276 +- if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current)
1277 +- rt_mutex_unlock(&q.pi_state->pi_mutex);
1278 + /*
1279 + * Drop the reference to the pi state which
1280 + * the requeue_pi() code acquired for us.
1281 +@@ -3053,14 +3101,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
1282 + if (res)
1283 + ret = (res < 0) ? res : 0;
1284 +
1285 +- /*
1286 +- * If fixup_pi_state_owner() faulted and was unable to handle
1287 +- * the fault, unlock the rt_mutex and return the fault to
1288 +- * userspace.
1289 +- */
1290 +- if (ret && rt_mutex_owner(pi_mutex) == current)
1291 +- rt_mutex_unlock(pi_mutex);
1292 +-
1293 + /* Unqueue and drop the lock. */
1294 + unqueue_me_pi(&q);
1295 + }
1296 +diff --git a/kernel/kprobes.c b/kernel/kprobes.c
1297 +index 33c37dbc56a05..90f46c8aa9007 100644
1298 +--- a/kernel/kprobes.c
1299 ++++ b/kernel/kprobes.c
1300 +@@ -1884,6 +1884,10 @@ int register_kretprobe(struct kretprobe *rp)
1301 + int i;
1302 + void *addr;
1303 +
1304 ++ /* If only rp->kp.addr is specified, check reregistering kprobes */
1305 ++ if (rp->kp.addr && check_kprobe_rereg(&rp->kp))
1306 ++ return -EINVAL;
1307 ++
1308 + if (kretprobe_blacklist_size) {
1309 + addr = kprobe_addr(&rp->kp);
1310 + if (IS_ERR(addr))
1311 +diff --git a/kernel/locking/rtmutex-debug.c b/kernel/locking/rtmutex-debug.c
1312 +index 62b6cee8ea7f9..0613c4b1d0596 100644
1313 +--- a/kernel/locking/rtmutex-debug.c
1314 ++++ b/kernel/locking/rtmutex-debug.c
1315 +@@ -173,12 +173,3 @@ void debug_rt_mutex_init(struct rt_mutex *lock, const char *name)
1316 + lock->name = name;
1317 + }
1318 +
1319 +-void
1320 +-rt_mutex_deadlock_account_lock(struct rt_mutex *lock, struct task_struct *task)
1321 +-{
1322 +-}
1323 +-
1324 +-void rt_mutex_deadlock_account_unlock(struct task_struct *task)
1325 +-{
1326 +-}
1327 +-
1328 +diff --git a/kernel/locking/rtmutex-debug.h b/kernel/locking/rtmutex-debug.h
1329 +index d0519c3432b67..b585af9a1b508 100644
1330 +--- a/kernel/locking/rtmutex-debug.h
1331 ++++ b/kernel/locking/rtmutex-debug.h
1332 +@@ -9,9 +9,6 @@
1333 + * This file contains macros used solely by rtmutex.c. Debug version.
1334 + */
1335 +
1336 +-extern void
1337 +-rt_mutex_deadlock_account_lock(struct rt_mutex *lock, struct task_struct *task);
1338 +-extern void rt_mutex_deadlock_account_unlock(struct task_struct *task);
1339 + extern void debug_rt_mutex_init_waiter(struct rt_mutex_waiter *waiter);
1340 + extern void debug_rt_mutex_free_waiter(struct rt_mutex_waiter *waiter);
1341 + extern void debug_rt_mutex_init(struct rt_mutex *lock, const char *name);
1342 +diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c
1343 +index dd173df9ee5e5..1c0cb5c3c6ad6 100644
1344 +--- a/kernel/locking/rtmutex.c
1345 ++++ b/kernel/locking/rtmutex.c
1346 +@@ -937,8 +937,6 @@ takeit:
1347 + */
1348 + rt_mutex_set_owner(lock, task);
1349 +
1350 +- rt_mutex_deadlock_account_lock(lock, task);
1351 +-
1352 + return 1;
1353 + }
1354 +
1355 +@@ -1286,6 +1284,19 @@ rt_mutex_slowlock(struct rt_mutex *lock, int state,
1356 + return ret;
1357 + }
1358 +
1359 ++static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock)
1360 ++{
1361 ++ int ret = try_to_take_rt_mutex(lock, current, NULL);
1362 ++
1363 ++ /*
1364 ++ * try_to_take_rt_mutex() sets the lock waiters bit
1365 ++ * unconditionally. Clean this up.
1366 ++ */
1367 ++ fixup_rt_mutex_waiters(lock);
1368 ++
1369 ++ return ret;
1370 ++}
1371 ++
1372 + /*
1373 + * Slow path try-lock function:
1374 + */
1375 +@@ -1307,13 +1318,7 @@ static inline int rt_mutex_slowtrylock(struct rt_mutex *lock)
1376 + */
1377 + raw_spin_lock(&lock->wait_lock);
1378 +
1379 +- ret = try_to_take_rt_mutex(lock, current, NULL);
1380 +-
1381 +- /*
1382 +- * try_to_take_rt_mutex() sets the lock waiters bit
1383 +- * unconditionally. Clean this up.
1384 +- */
1385 +- fixup_rt_mutex_waiters(lock);
1386 ++ ret = __rt_mutex_slowtrylock(lock);
1387 +
1388 + raw_spin_unlock(&lock->wait_lock);
1389 +
1390 +@@ -1331,8 +1336,6 @@ static bool __sched rt_mutex_slowunlock(struct rt_mutex *lock,
1391 +
1392 + debug_rt_mutex_unlock(lock);
1393 +
1394 +- rt_mutex_deadlock_account_unlock(current);
1395 +-
1396 + /*
1397 + * We must be careful here if the fast path is enabled. If we
1398 + * have no waiters queued we cannot set owner to NULL here
1399 +@@ -1398,11 +1401,10 @@ rt_mutex_fastlock(struct rt_mutex *lock, int state,
1400 + struct hrtimer_sleeper *timeout,
1401 + enum rtmutex_chainwalk chwalk))
1402 + {
1403 +- if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) {
1404 +- rt_mutex_deadlock_account_lock(lock, current);
1405 ++ if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current)))
1406 + return 0;
1407 +- } else
1408 +- return slowfn(lock, state, NULL, RT_MUTEX_MIN_CHAINWALK);
1409 ++
1410 ++ return slowfn(lock, state, NULL, RT_MUTEX_MIN_CHAINWALK);
1411 + }
1412 +
1413 + static inline int
1414 +@@ -1414,21 +1416,19 @@ rt_mutex_timed_fastlock(struct rt_mutex *lock, int state,
1415 + enum rtmutex_chainwalk chwalk))
1416 + {
1417 + if (chwalk == RT_MUTEX_MIN_CHAINWALK &&
1418 +- likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) {
1419 +- rt_mutex_deadlock_account_lock(lock, current);
1420 ++ likely(rt_mutex_cmpxchg_acquire(lock, NULL, current)))
1421 + return 0;
1422 +- } else
1423 +- return slowfn(lock, state, timeout, chwalk);
1424 ++
1425 ++ return slowfn(lock, state, timeout, chwalk);
1426 + }
1427 +
1428 + static inline int
1429 + rt_mutex_fasttrylock(struct rt_mutex *lock,
1430 + int (*slowfn)(struct rt_mutex *lock))
1431 + {
1432 +- if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) {
1433 +- rt_mutex_deadlock_account_lock(lock, current);
1434 ++ if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current)))
1435 + return 1;
1436 +- }
1437 ++
1438 + return slowfn(lock);
1439 + }
1440 +
1441 +@@ -1438,19 +1438,18 @@ rt_mutex_fastunlock(struct rt_mutex *lock,
1442 + struct wake_q_head *wqh))
1443 + {
1444 + WAKE_Q(wake_q);
1445 ++ bool deboost;
1446 +
1447 +- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) {
1448 +- rt_mutex_deadlock_account_unlock(current);
1449 ++ if (likely(rt_mutex_cmpxchg_release(lock, current, NULL)))
1450 ++ return;
1451 +
1452 +- } else {
1453 +- bool deboost = slowfn(lock, &wake_q);
1454 ++ deboost = slowfn(lock, &wake_q);
1455 +
1456 +- wake_up_q(&wake_q);
1457 ++ wake_up_q(&wake_q);
1458 +
1459 +- /* Undo pi boosting if necessary: */
1460 +- if (deboost)
1461 +- rt_mutex_adjust_prio(current);
1462 +- }
1463 ++ /* Undo pi boosting if necessary: */
1464 ++ if (deboost)
1465 ++ rt_mutex_adjust_prio(current);
1466 + }
1467 +
1468 + /**
1469 +@@ -1485,15 +1484,28 @@ EXPORT_SYMBOL_GPL(rt_mutex_lock_interruptible);
1470 +
1471 + /*
1472 + * Futex variant with full deadlock detection.
1473 ++ * Futex variants must not use the fast-path, see __rt_mutex_futex_unlock().
1474 + */
1475 +-int rt_mutex_timed_futex_lock(struct rt_mutex *lock,
1476 ++int __sched rt_mutex_timed_futex_lock(struct rt_mutex *lock,
1477 + struct hrtimer_sleeper *timeout)
1478 + {
1479 + might_sleep();
1480 +
1481 +- return rt_mutex_timed_fastlock(lock, TASK_INTERRUPTIBLE, timeout,
1482 +- RT_MUTEX_FULL_CHAINWALK,
1483 +- rt_mutex_slowlock);
1484 ++ return rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE,
1485 ++ timeout, RT_MUTEX_FULL_CHAINWALK);
1486 ++}
1487 ++
1488 ++/*
1489 ++ * Futex variant, must not use fastpath.
1490 ++ */
1491 ++int __sched rt_mutex_futex_trylock(struct rt_mutex *lock)
1492 ++{
1493 ++ return rt_mutex_slowtrylock(lock);
1494 ++}
1495 ++
1496 ++int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock)
1497 ++{
1498 ++ return __rt_mutex_slowtrylock(lock);
1499 + }
1500 +
1501 + /**
1502 +@@ -1552,20 +1564,38 @@ void __sched rt_mutex_unlock(struct rt_mutex *lock)
1503 + EXPORT_SYMBOL_GPL(rt_mutex_unlock);
1504 +
1505 + /**
1506 +- * rt_mutex_futex_unlock - Futex variant of rt_mutex_unlock
1507 +- * @lock: the rt_mutex to be unlocked
1508 +- *
1509 +- * Returns: true/false indicating whether priority adjustment is
1510 +- * required or not.
1511 ++ * Futex variant, that since futex variants do not use the fast-path, can be
1512 ++ * simple and will not need to retry.
1513 + */
1514 +-bool __sched rt_mutex_futex_unlock(struct rt_mutex *lock,
1515 +- struct wake_q_head *wqh)
1516 ++bool __sched __rt_mutex_futex_unlock(struct rt_mutex *lock,
1517 ++ struct wake_q_head *wake_q)
1518 + {
1519 +- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) {
1520 +- rt_mutex_deadlock_account_unlock(current);
1521 +- return false;
1522 ++ lockdep_assert_held(&lock->wait_lock);
1523 ++
1524 ++ debug_rt_mutex_unlock(lock);
1525 ++
1526 ++ if (!rt_mutex_has_waiters(lock)) {
1527 ++ lock->owner = NULL;
1528 ++ return false; /* done */
1529 ++ }
1530 ++
1531 ++ mark_wakeup_next_waiter(wake_q, lock);
1532 ++ return true; /* deboost and wakeups */
1533 ++}
1534 ++
1535 ++void __sched rt_mutex_futex_unlock(struct rt_mutex *lock)
1536 ++{
1537 ++ WAKE_Q(wake_q);
1538 ++ bool deboost;
1539 ++
1540 ++ raw_spin_lock_irq(&lock->wait_lock);
1541 ++ deboost = __rt_mutex_futex_unlock(lock, &wake_q);
1542 ++ raw_spin_unlock_irq(&lock->wait_lock);
1543 ++
1544 ++ if (deboost) {
1545 ++ wake_up_q(&wake_q);
1546 ++ rt_mutex_adjust_prio(current);
1547 + }
1548 +- return rt_mutex_slowunlock(lock, wqh);
1549 + }
1550 +
1551 + /**
1552 +@@ -1622,7 +1652,6 @@ void rt_mutex_init_proxy_locked(struct rt_mutex *lock,
1553 + __rt_mutex_init(lock, NULL);
1554 + debug_rt_mutex_proxy_lock(lock, proxy_owner);
1555 + rt_mutex_set_owner(lock, proxy_owner);
1556 +- rt_mutex_deadlock_account_lock(lock, proxy_owner);
1557 + }
1558 +
1559 + /**
1560 +@@ -1633,12 +1662,10 @@ void rt_mutex_init_proxy_locked(struct rt_mutex *lock,
1561 + * No locking. Caller has to do serializing itself
1562 + * Special API call for PI-futex support
1563 + */
1564 +-void rt_mutex_proxy_unlock(struct rt_mutex *lock,
1565 +- struct task_struct *proxy_owner)
1566 ++void rt_mutex_proxy_unlock(struct rt_mutex *lock)
1567 + {
1568 + debug_rt_mutex_proxy_unlock(lock);
1569 + rt_mutex_set_owner(lock, NULL);
1570 +- rt_mutex_deadlock_account_unlock(proxy_owner);
1571 + }
1572 +
1573 + /**
1574 +diff --git a/kernel/locking/rtmutex.h b/kernel/locking/rtmutex.h
1575 +index c4060584c4076..6607802efa8bd 100644
1576 +--- a/kernel/locking/rtmutex.h
1577 ++++ b/kernel/locking/rtmutex.h
1578 +@@ -11,8 +11,6 @@
1579 + */
1580 +
1581 + #define rt_mutex_deadlock_check(l) (0)
1582 +-#define rt_mutex_deadlock_account_lock(m, t) do { } while (0)
1583 +-#define rt_mutex_deadlock_account_unlock(l) do { } while (0)
1584 + #define debug_rt_mutex_init_waiter(w) do { } while (0)
1585 + #define debug_rt_mutex_free_waiter(w) do { } while (0)
1586 + #define debug_rt_mutex_lock(l) do { } while (0)
1587 +diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h
1588 +index 6f8f68edb700c..4584db96265d4 100644
1589 +--- a/kernel/locking/rtmutex_common.h
1590 ++++ b/kernel/locking/rtmutex_common.h
1591 +@@ -101,8 +101,7 @@ enum rtmutex_chainwalk {
1592 + extern struct task_struct *rt_mutex_next_owner(struct rt_mutex *lock);
1593 + extern void rt_mutex_init_proxy_locked(struct rt_mutex *lock,
1594 + struct task_struct *proxy_owner);
1595 +-extern void rt_mutex_proxy_unlock(struct rt_mutex *lock,
1596 +- struct task_struct *proxy_owner);
1597 ++extern void rt_mutex_proxy_unlock(struct rt_mutex *lock);
1598 + extern int rt_mutex_start_proxy_lock(struct rt_mutex *lock,
1599 + struct rt_mutex_waiter *waiter,
1600 + struct task_struct *task);
1601 +@@ -112,8 +111,13 @@ extern int rt_mutex_wait_proxy_lock(struct rt_mutex *lock,
1602 + extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock,
1603 + struct rt_mutex_waiter *waiter);
1604 + extern int rt_mutex_timed_futex_lock(struct rt_mutex *l, struct hrtimer_sleeper *to);
1605 +-extern bool rt_mutex_futex_unlock(struct rt_mutex *lock,
1606 +- struct wake_q_head *wqh);
1607 ++extern int rt_mutex_futex_trylock(struct rt_mutex *l);
1608 ++extern int __rt_mutex_futex_trylock(struct rt_mutex *l);
1609 ++
1610 ++extern void rt_mutex_futex_unlock(struct rt_mutex *lock);
1611 ++extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock,
1612 ++ struct wake_q_head *wqh);
1613 ++
1614 + extern void rt_mutex_adjust_prio(struct task_struct *task);
1615 +
1616 + #ifdef CONFIG_DEBUG_RT_MUTEXES
1617 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1618 +index 7a23792230854..dc877712ef1f3 100644
1619 +--- a/mm/hugetlb.c
1620 ++++ b/mm/hugetlb.c
1621 +@@ -1184,12 +1184,11 @@ struct hstate *size_to_hstate(unsigned long size)
1622 + */
1623 + bool page_huge_active(struct page *page)
1624 + {
1625 +- VM_BUG_ON_PAGE(!PageHuge(page), page);
1626 +- return PageHead(page) && PagePrivate(&page[1]);
1627 ++ return PageHeadHuge(page) && PagePrivate(&page[1]);
1628 + }
1629 +
1630 + /* never called for tail page */
1631 +-static void set_page_huge_active(struct page *page)
1632 ++void set_page_huge_active(struct page *page)
1633 + {
1634 + VM_BUG_ON_PAGE(!PageHeadHuge(page), page);
1635 + SetPagePrivate(&page[1]);
1636 +@@ -4544,9 +4543,9 @@ bool isolate_huge_page(struct page *page, struct list_head *list)
1637 + {
1638 + bool ret = true;
1639 +
1640 +- VM_BUG_ON_PAGE(!PageHead(page), page);
1641 + spin_lock(&hugetlb_lock);
1642 +- if (!page_huge_active(page) || !get_page_unless_zero(page)) {
1643 ++ if (!PageHeadHuge(page) || !page_huge_active(page) ||
1644 ++ !get_page_unless_zero(page)) {
1645 + ret = false;
1646 + goto unlock;
1647 + }
1648 +diff --git a/net/lapb/lapb_out.c b/net/lapb/lapb_out.c
1649 +index ba4d015bd1a67..7cbb77b7479a6 100644
1650 +--- a/net/lapb/lapb_out.c
1651 ++++ b/net/lapb/lapb_out.c
1652 +@@ -87,7 +87,8 @@ void lapb_kick(struct lapb_cb *lapb)
1653 + skb = skb_dequeue(&lapb->write_queue);
1654 +
1655 + do {
1656 +- if ((skbn = skb_clone(skb, GFP_ATOMIC)) == NULL) {
1657 ++ skbn = skb_copy(skb, GFP_ATOMIC);
1658 ++ if (!skbn) {
1659 + skb_queue_head(&lapb->write_queue, skb);
1660 + break;
1661 + }
1662 +diff --git a/net/mac80211/driver-ops.c b/net/mac80211/driver-ops.c
1663 +index df2e4e3112177..5d097ae26b70e 100644
1664 +--- a/net/mac80211/driver-ops.c
1665 ++++ b/net/mac80211/driver-ops.c
1666 +@@ -128,8 +128,11 @@ int drv_sta_state(struct ieee80211_local *local,
1667 + } else if (old_state == IEEE80211_STA_AUTH &&
1668 + new_state == IEEE80211_STA_ASSOC) {
1669 + ret = drv_sta_add(local, sdata, &sta->sta);
1670 +- if (ret == 0)
1671 ++ if (ret == 0) {
1672 + sta->uploaded = true;
1673 ++ if (rcu_access_pointer(sta->sta.rates))
1674 ++ drv_sta_rate_tbl_update(local, sdata, &sta->sta);
1675 ++ }
1676 + } else if (old_state == IEEE80211_STA_ASSOC &&
1677 + new_state == IEEE80211_STA_AUTH) {
1678 + drv_sta_remove(local, sdata, &sta->sta);
1679 +diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
1680 +index a4e2f4e67f941..a4d9e9ee06bee 100644
1681 +--- a/net/mac80211/rate.c
1682 ++++ b/net/mac80211/rate.c
1683 +@@ -888,7 +888,8 @@ int rate_control_set_rates(struct ieee80211_hw *hw,
1684 + if (old)
1685 + kfree_rcu(old, rcu_head);
1686 +
1687 +- drv_sta_rate_tbl_update(hw_to_local(hw), sta->sdata, pubsta);
1688 ++ if (sta->uploaded)
1689 ++ drv_sta_rate_tbl_update(hw_to_local(hw), sta->sdata, pubsta);
1690 +
1691 + return 0;
1692 + }
1693 +diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
1694 +index b379c330a3388..5e9ab343c062b 100644
1695 +--- a/net/sched/sch_api.c
1696 ++++ b/net/sched/sch_api.c
1697 +@@ -391,7 +391,8 @@ struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, struct nlattr *ta
1698 + {
1699 + struct qdisc_rate_table *rtab;
1700 +
1701 +- if (tab == NULL || r->rate == 0 || r->cell_log == 0 ||
1702 ++ if (tab == NULL || r->rate == 0 ||
1703 ++ r->cell_log == 0 || r->cell_log >= 32 ||
1704 + nla_len(tab) != TC_RTAB_SIZE)
1705 + return NULL;
1706 +
1707 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
1708 +index 854d2da02cc98..c7061a5dd809a 100644
1709 +--- a/sound/pci/hda/patch_realtek.c
1710 ++++ b/sound/pci/hda/patch_realtek.c
1711 +@@ -6211,7 +6211,7 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
1712 + SND_HDA_PIN_QUIRK(0x10ec0299, 0x1028, "Dell", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE,
1713 + ALC225_STANDARD_PINS,
1714 + {0x12, 0xb7a60130},
1715 +- {0x13, 0xb8a60140},
1716 ++ {0x13, 0xb8a61140},
1717 + {0x17, 0x90170110}),
1718 + {}
1719 + };
Report Message
Find on MARC Find on Google Groups