Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.19 commit in: /
Date: Sun, 11 Jul 2021 14:45:43
Message-Id: 1626014727.5d6d793f8ed82a72cedf644601ba72883f9ab36f.mpagano@gentoo
1 commit: 5d6d793f8ed82a72cedf644601ba72883f9ab36f
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 11 14:45:27 2021 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 11 14:45:27 2021 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5d6d793f
7
8 Linux patch 4.19.197
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1196_linux-4.19.197.patch | 1701 +++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1705 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 2009bef..dd8ede9 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -823,6 +823,10 @@ Patch: 1195_linux-4.19.196.patch
21 From: https://www.kernel.org
22 Desc: Linux 4.19.196
23
24 +Patch: 1196_linux-4.19.197.patch
25 +From: https://www.kernel.org
26 +Desc: Linux 4.19.197
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1196_linux-4.19.197.patch b/1196_linux-4.19.197.patch
33 new file mode 100644
34 index 0000000..e8a9416
35 --- /dev/null
36 +++ b/1196_linux-4.19.197.patch
37 @@ -0,0 +1,1701 @@
38 +diff --git a/Makefile b/Makefile
39 +index 63b0bc92a0fa6..42073a4c6e2e3 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 4
45 + PATCHLEVEL = 19
46 +-SUBLEVEL = 196
47 ++SUBLEVEL = 197
48 + EXTRAVERSION =
49 + NAME = "People's Front"
50 +
51 +diff --git a/arch/arm/boot/dts/dra7.dtsi b/arch/arm/boot/dts/dra7.dtsi
52 +index 0c0781a37c5a7..7f1fe4a724472 100644
53 +--- a/arch/arm/boot/dts/dra7.dtsi
54 ++++ b/arch/arm/boot/dts/dra7.dtsi
55 +@@ -48,6 +48,7 @@
56 +
57 + timer {
58 + compatible = "arm,armv7-timer";
59 ++ status = "disabled"; /* See ARM architected timer wrap erratum i940 */
60 + interrupts = <GIC_PPI 13 (GIC_CPU_MASK_SIMPLE(2) | IRQ_TYPE_LEVEL_LOW)>,
61 + <GIC_PPI 14 (GIC_CPU_MASK_SIMPLE(2) | IRQ_TYPE_LEVEL_LOW)>,
62 + <GIC_PPI 11 (GIC_CPU_MASK_SIMPLE(2) | IRQ_TYPE_LEVEL_LOW)>,
63 +@@ -910,6 +911,8 @@
64 + reg = <0x48032000 0x80>;
65 + interrupts = <GIC_SPI 33 IRQ_TYPE_LEVEL_HIGH>;
66 + ti,hwmods = "timer2";
67 ++ clock-names = "fck";
68 ++ clocks = <&l4per_clkctrl DRA7_TIMER2_CLKCTRL 24>;
69 + };
70 +
71 + timer3: timer@48034000 {
72 +@@ -917,6 +920,10 @@
73 + reg = <0x48034000 0x80>;
74 + interrupts = <GIC_SPI 34 IRQ_TYPE_LEVEL_HIGH>;
75 + ti,hwmods = "timer3";
76 ++ clock-names = "fck";
77 ++ clocks = <&l4per_clkctrl DRA7_TIMER3_CLKCTRL 24>;
78 ++ assigned-clocks = <&l4per_clkctrl DRA7_TIMER3_CLKCTRL 24>;
79 ++ assigned-clock-parents = <&timer_sys_clk_div>;
80 + };
81 +
82 + timer4: timer@48036000 {
83 +@@ -924,6 +931,10 @@
84 + reg = <0x48036000 0x80>;
85 + interrupts = <GIC_SPI 35 IRQ_TYPE_LEVEL_HIGH>;
86 + ti,hwmods = "timer4";
87 ++ clock-names = "fck";
88 ++ clocks = <&l4per_clkctrl DRA7_TIMER4_CLKCTRL 24>;
89 ++ assigned-clocks = <&l4per_clkctrl DRA7_TIMER4_CLKCTRL 24>;
90 ++ assigned-clock-parents = <&timer_sys_clk_div>;
91 + };
92 +
93 + timer5: timer@48820000 {
94 +diff --git a/arch/arm/boot/dts/imx6qdl-sabresd.dtsi b/arch/arm/boot/dts/imx6qdl-sabresd.dtsi
95 +index 41384bbd2f60c..03357d39870ee 100644
96 +--- a/arch/arm/boot/dts/imx6qdl-sabresd.dtsi
97 ++++ b/arch/arm/boot/dts/imx6qdl-sabresd.dtsi
98 +@@ -675,10 +675,6 @@
99 + vin-supply = <&vgen5_reg>;
100 + };
101 +
102 +-&reg_vdd3p0 {
103 +- vin-supply = <&sw2_reg>;
104 +-};
105 +-
106 + &reg_vdd2p5 {
107 + vin-supply = <&vgen5_reg>;
108 + };
109 +diff --git a/arch/arm/mach-omap1/pm.c b/arch/arm/mach-omap1/pm.c
110 +index 3e1de14805e48..65b91a8379c90 100644
111 +--- a/arch/arm/mach-omap1/pm.c
112 ++++ b/arch/arm/mach-omap1/pm.c
113 +@@ -610,11 +610,6 @@ static irqreturn_t omap_wakeup_interrupt(int irq, void *dev)
114 + return IRQ_HANDLED;
115 + }
116 +
117 +-static struct irqaction omap_wakeup_irq = {
118 +- .name = "peripheral wakeup",
119 +- .handler = omap_wakeup_interrupt
120 +-};
121 +-
122 +
123 +
124 + static const struct platform_suspend_ops omap_pm_ops = {
125 +@@ -627,6 +622,7 @@ static const struct platform_suspend_ops omap_pm_ops = {
126 + static int __init omap_pm_init(void)
127 + {
128 + int error = 0;
129 ++ int irq;
130 +
131 + if (!cpu_class_is_omap1())
132 + return -ENODEV;
133 +@@ -670,9 +666,12 @@ static int __init omap_pm_init(void)
134 + arm_pm_idle = omap1_pm_idle;
135 +
136 + if (cpu_is_omap7xx())
137 +- setup_irq(INT_7XX_WAKE_UP_REQ, &omap_wakeup_irq);
138 ++ irq = INT_7XX_WAKE_UP_REQ;
139 + else if (cpu_is_omap16xx())
140 +- setup_irq(INT_1610_WAKE_UP_REQ, &omap_wakeup_irq);
141 ++ irq = INT_1610_WAKE_UP_REQ;
142 ++ if (request_irq(irq, omap_wakeup_interrupt, 0, "peripheral wakeup",
143 ++ NULL))
144 ++ pr_err("Failed to request irq %d (peripheral wakeup)\n", irq);
145 +
146 + /* Program new power ramp-up time
147 + * (0 for most boards since we don't lower voltage when in deep sleep)
148 +diff --git a/arch/arm/mach-omap1/time.c b/arch/arm/mach-omap1/time.c
149 +index 524977a31a49c..de590a85a42b3 100644
150 +--- a/arch/arm/mach-omap1/time.c
151 ++++ b/arch/arm/mach-omap1/time.c
152 +@@ -155,15 +155,11 @@ static irqreturn_t omap_mpu_timer1_interrupt(int irq, void *dev_id)
153 + return IRQ_HANDLED;
154 + }
155 +
156 +-static struct irqaction omap_mpu_timer1_irq = {
157 +- .name = "mpu_timer1",
158 +- .flags = IRQF_TIMER | IRQF_IRQPOLL,
159 +- .handler = omap_mpu_timer1_interrupt,
160 +-};
161 +-
162 + static __init void omap_init_mpu_timer(unsigned long rate)
163 + {
164 +- setup_irq(INT_TIMER1, &omap_mpu_timer1_irq);
165 ++ if (request_irq(INT_TIMER1, omap_mpu_timer1_interrupt,
166 ++ IRQF_TIMER | IRQF_IRQPOLL, "mpu_timer1", NULL))
167 ++ pr_err("Failed to request irq %d (mpu_timer1)\n", INT_TIMER1);
168 + omap_mpu_timer_start(0, (rate / HZ) - 1, 1);
169 +
170 + clockevent_mpu_timer1.cpumask = cpumask_of(0);
171 +diff --git a/arch/arm/mach-omap1/timer32k.c b/arch/arm/mach-omap1/timer32k.c
172 +index 0ae6c52a7d70b..780fdf03c3cee 100644
173 +--- a/arch/arm/mach-omap1/timer32k.c
174 ++++ b/arch/arm/mach-omap1/timer32k.c
175 +@@ -148,15 +148,11 @@ static irqreturn_t omap_32k_timer_interrupt(int irq, void *dev_id)
176 + return IRQ_HANDLED;
177 + }
178 +
179 +-static struct irqaction omap_32k_timer_irq = {
180 +- .name = "32KHz timer",
181 +- .flags = IRQF_TIMER | IRQF_IRQPOLL,
182 +- .handler = omap_32k_timer_interrupt,
183 +-};
184 +-
185 + static __init void omap_init_32k_timer(void)
186 + {
187 +- setup_irq(INT_OS_TIMER, &omap_32k_timer_irq);
188 ++ if (request_irq(INT_OS_TIMER, omap_32k_timer_interrupt,
189 ++ IRQF_TIMER | IRQF_IRQPOLL, "32KHz timer", NULL))
190 ++ pr_err("Failed to request irq %d(32KHz timer)\n", INT_OS_TIMER);
191 +
192 + clockevent_32k_timer.cpumask = cpumask_of(0);
193 + clockevents_config_and_register(&clockevent_32k_timer,
194 +diff --git a/arch/arm/mach-omap2/board-generic.c b/arch/arm/mach-omap2/board-generic.c
195 +index 6b4f4975cf7a6..6e59c11131c48 100644
196 +--- a/arch/arm/mach-omap2/board-generic.c
197 ++++ b/arch/arm/mach-omap2/board-generic.c
198 +@@ -330,7 +330,7 @@ DT_MACHINE_START(DRA74X_DT, "Generic DRA74X (Flattened Device Tree)")
199 + .init_late = dra7xx_init_late,
200 + .init_irq = omap_gic_of_init,
201 + .init_machine = omap_generic_init,
202 +- .init_time = omap5_realtime_timer_init,
203 ++ .init_time = omap3_gptimer_timer_init,
204 + .dt_compat = dra74x_boards_compat,
205 + .restart = omap44xx_restart,
206 + MACHINE_END
207 +@@ -353,7 +353,7 @@ DT_MACHINE_START(DRA72X_DT, "Generic DRA72X (Flattened Device Tree)")
208 + .init_late = dra7xx_init_late,
209 + .init_irq = omap_gic_of_init,
210 + .init_machine = omap_generic_init,
211 +- .init_time = omap5_realtime_timer_init,
212 ++ .init_time = omap3_gptimer_timer_init,
213 + .dt_compat = dra72x_boards_compat,
214 + .restart = omap44xx_restart,
215 + MACHINE_END
216 +diff --git a/arch/arm/mach-omap2/timer.c b/arch/arm/mach-omap2/timer.c
217 +index 98ed5ac073bc1..c4ba848e8af62 100644
218 +--- a/arch/arm/mach-omap2/timer.c
219 ++++ b/arch/arm/mach-omap2/timer.c
220 +@@ -42,6 +42,7 @@
221 + #include <linux/platform_device.h>
222 + #include <linux/platform_data/dmtimer-omap.h>
223 + #include <linux/sched_clock.h>
224 ++#include <linux/cpu.h>
225 +
226 + #include <asm/mach/time.h>
227 + #include <asm/smp_twd.h>
228 +@@ -64,15 +65,28 @@
229 +
230 + /* Clockevent code */
231 +
232 +-static struct omap_dm_timer clkev;
233 +-static struct clock_event_device clockevent_gpt;
234 +-
235 + /* Clockevent hwmod for am335x and am437x suspend */
236 + static struct omap_hwmod *clockevent_gpt_hwmod;
237 +
238 + /* Clockesource hwmod for am437x suspend */
239 + static struct omap_hwmod *clocksource_gpt_hwmod;
240 +
241 ++struct dmtimer_clockevent {
242 ++ struct clock_event_device dev;
243 ++ struct omap_dm_timer timer;
244 ++};
245 ++
246 ++static struct dmtimer_clockevent clockevent;
247 ++
248 ++static struct omap_dm_timer *to_dmtimer(struct clock_event_device *clockevent)
249 ++{
250 ++ struct dmtimer_clockevent *clkevt =
251 ++ container_of(clockevent, struct dmtimer_clockevent, dev);
252 ++ struct omap_dm_timer *timer = &clkevt->timer;
253 ++
254 ++ return timer;
255 ++}
256 ++
257 + #ifdef CONFIG_SOC_HAS_REALTIME_COUNTER
258 + static unsigned long arch_timer_freq;
259 +
260 +@@ -84,24 +98,21 @@ void set_cntfreq(void)
261 +
262 + static irqreturn_t omap2_gp_timer_interrupt(int irq, void *dev_id)
263 + {
264 +- struct clock_event_device *evt = &clockevent_gpt;
265 +-
266 +- __omap_dm_timer_write_status(&clkev, OMAP_TIMER_INT_OVERFLOW);
267 ++ struct dmtimer_clockevent *clkevt = dev_id;
268 ++ struct clock_event_device *evt = &clkevt->dev;
269 ++ struct omap_dm_timer *timer = &clkevt->timer;
270 +
271 ++ __omap_dm_timer_write_status(timer, OMAP_TIMER_INT_OVERFLOW);
272 + evt->event_handler(evt);
273 + return IRQ_HANDLED;
274 + }
275 +
276 +-static struct irqaction omap2_gp_timer_irq = {
277 +- .name = "gp_timer",
278 +- .flags = IRQF_TIMER | IRQF_IRQPOLL,
279 +- .handler = omap2_gp_timer_interrupt,
280 +-};
281 +-
282 + static int omap2_gp_timer_set_next_event(unsigned long cycles,
283 + struct clock_event_device *evt)
284 + {
285 +- __omap_dm_timer_load_start(&clkev, OMAP_TIMER_CTRL_ST,
286 ++ struct omap_dm_timer *timer = to_dmtimer(evt);
287 ++
288 ++ __omap_dm_timer_load_start(timer, OMAP_TIMER_CTRL_ST,
289 + 0xffffffff - cycles, OMAP_TIMER_POSTED);
290 +
291 + return 0;
292 +@@ -109,22 +120,26 @@ static int omap2_gp_timer_set_next_event(unsigned long cycles,
293 +
294 + static int omap2_gp_timer_shutdown(struct clock_event_device *evt)
295 + {
296 +- __omap_dm_timer_stop(&clkev, OMAP_TIMER_POSTED, clkev.rate);
297 ++ struct omap_dm_timer *timer = to_dmtimer(evt);
298 ++
299 ++ __omap_dm_timer_stop(timer, OMAP_TIMER_POSTED, timer->rate);
300 ++
301 + return 0;
302 + }
303 +
304 + static int omap2_gp_timer_set_periodic(struct clock_event_device *evt)
305 + {
306 ++ struct omap_dm_timer *timer = to_dmtimer(evt);
307 + u32 period;
308 +
309 +- __omap_dm_timer_stop(&clkev, OMAP_TIMER_POSTED, clkev.rate);
310 ++ __omap_dm_timer_stop(timer, OMAP_TIMER_POSTED, timer->rate);
311 +
312 +- period = clkev.rate / HZ;
313 ++ period = timer->rate / HZ;
314 + period -= 1;
315 + /* Looks like we need to first set the load value separately */
316 +- __omap_dm_timer_write(&clkev, OMAP_TIMER_LOAD_REG, 0xffffffff - period,
317 ++ __omap_dm_timer_write(timer, OMAP_TIMER_LOAD_REG, 0xffffffff - period,
318 + OMAP_TIMER_POSTED);
319 +- __omap_dm_timer_load_start(&clkev,
320 ++ __omap_dm_timer_load_start(timer,
321 + OMAP_TIMER_CTRL_AR | OMAP_TIMER_CTRL_ST,
322 + 0xffffffff - period, OMAP_TIMER_POSTED);
323 + return 0;
324 +@@ -138,25 +153,16 @@ static void omap_clkevt_idle(struct clock_event_device *unused)
325 + omap_hwmod_idle(clockevent_gpt_hwmod);
326 + }
327 +
328 +-static void omap_clkevt_unidle(struct clock_event_device *unused)
329 ++static void omap_clkevt_unidle(struct clock_event_device *evt)
330 + {
331 ++ struct omap_dm_timer *timer = to_dmtimer(evt);
332 ++
333 + if (!clockevent_gpt_hwmod)
334 + return;
335 +
336 + omap_hwmod_enable(clockevent_gpt_hwmod);
337 +- __omap_dm_timer_int_enable(&clkev, OMAP_TIMER_INT_OVERFLOW);
338 +-}
339 +-
340 +-static struct clock_event_device clockevent_gpt = {
341 +- .features = CLOCK_EVT_FEAT_PERIODIC |
342 +- CLOCK_EVT_FEAT_ONESHOT,
343 +- .rating = 300,
344 +- .set_next_event = omap2_gp_timer_set_next_event,
345 +- .set_state_shutdown = omap2_gp_timer_shutdown,
346 +- .set_state_periodic = omap2_gp_timer_set_periodic,
347 +- .set_state_oneshot = omap2_gp_timer_shutdown,
348 +- .tick_resume = omap2_gp_timer_shutdown,
349 +-};
350 ++ __omap_dm_timer_int_enable(timer, OMAP_TIMER_INT_OVERFLOW);
351 ++}
352 +
353 + static const struct of_device_id omap_timer_match[] __initconst = {
354 + { .compatible = "ti,omap2420-timer", },
355 +@@ -363,47 +369,104 @@ void tick_broadcast(const struct cpumask *mask)
356 + }
357 + #endif
358 +
359 +-static void __init omap2_gp_clockevent_init(int gptimer_id,
360 +- const char *fck_source,
361 +- const char *property)
362 ++static void __init dmtimer_clkevt_init_common(struct dmtimer_clockevent *clkevt,
363 ++ int gptimer_id,
364 ++ const char *fck_source,
365 ++ unsigned int features,
366 ++ const struct cpumask *cpumask,
367 ++ const char *property,
368 ++ int rating, const char *name)
369 + {
370 ++ struct omap_dm_timer *timer = &clkevt->timer;
371 + int res;
372 +
373 +- clkev.id = gptimer_id;
374 +- clkev.errata = omap_dm_timer_get_errata();
375 ++ timer->id = gptimer_id;
376 ++ timer->errata = omap_dm_timer_get_errata();
377 ++ clkevt->dev.features = features;
378 ++ clkevt->dev.rating = rating;
379 ++ clkevt->dev.set_next_event = omap2_gp_timer_set_next_event;
380 ++ clkevt->dev.set_state_shutdown = omap2_gp_timer_shutdown;
381 ++ clkevt->dev.set_state_periodic = omap2_gp_timer_set_periodic;
382 ++ clkevt->dev.set_state_oneshot = omap2_gp_timer_shutdown;
383 ++ clkevt->dev.tick_resume = omap2_gp_timer_shutdown;
384 +
385 + /*
386 + * For clock-event timers we never read the timer counter and
387 + * so we are not impacted by errata i103 and i767. Therefore,
388 + * we can safely ignore this errata for clock-event timers.
389 + */
390 +- __omap_dm_timer_override_errata(&clkev, OMAP_TIMER_ERRATA_I103_I767);
391 ++ __omap_dm_timer_override_errata(timer, OMAP_TIMER_ERRATA_I103_I767);
392 +
393 +- res = omap_dm_timer_init_one(&clkev, fck_source, property,
394 +- &clockevent_gpt.name, OMAP_TIMER_POSTED);
395 ++ res = omap_dm_timer_init_one(timer, fck_source, property,
396 ++ &clkevt->dev.name, OMAP_TIMER_POSTED);
397 + BUG_ON(res);
398 +
399 +- omap2_gp_timer_irq.dev_id = &clkev;
400 +- setup_irq(clkev.irq, &omap2_gp_timer_irq);
401 ++ clkevt->dev.cpumask = cpumask;
402 ++ clkevt->dev.irq = omap_dm_timer_get_irq(timer);
403 +
404 +- __omap_dm_timer_int_enable(&clkev, OMAP_TIMER_INT_OVERFLOW);
405 ++ if (request_irq(clkevt->dev.irq, omap2_gp_timer_interrupt,
406 ++ IRQF_TIMER | IRQF_IRQPOLL, name, clkevt))
407 ++ pr_err("Failed to request irq %d (gp_timer)\n", clkevt->dev.irq);
408 +
409 +- clockevent_gpt.cpumask = cpu_possible_mask;
410 +- clockevent_gpt.irq = omap_dm_timer_get_irq(&clkev);
411 +- clockevents_config_and_register(&clockevent_gpt, clkev.rate,
412 +- 3, /* Timer internal resynch latency */
413 +- 0xffffffff);
414 ++ __omap_dm_timer_int_enable(timer, OMAP_TIMER_INT_OVERFLOW);
415 +
416 + if (soc_is_am33xx() || soc_is_am43xx()) {
417 +- clockevent_gpt.suspend = omap_clkevt_idle;
418 +- clockevent_gpt.resume = omap_clkevt_unidle;
419 ++ clkevt->dev.suspend = omap_clkevt_idle;
420 ++ clkevt->dev.resume = omap_clkevt_unidle;
421 +
422 + clockevent_gpt_hwmod =
423 +- omap_hwmod_lookup(clockevent_gpt.name);
424 ++ omap_hwmod_lookup(clkevt->dev.name);
425 ++ }
426 ++
427 ++ pr_info("OMAP clockevent source: %s at %lu Hz\n", clkevt->dev.name,
428 ++ timer->rate);
429 ++}
430 ++
431 ++static DEFINE_PER_CPU(struct dmtimer_clockevent, dmtimer_percpu_timer);
432 ++
433 ++static int omap_gptimer_starting_cpu(unsigned int cpu)
434 ++{
435 ++ struct dmtimer_clockevent *clkevt = per_cpu_ptr(&dmtimer_percpu_timer, cpu);
436 ++ struct clock_event_device *dev = &clkevt->dev;
437 ++ struct omap_dm_timer *timer = &clkevt->timer;
438 ++
439 ++ clockevents_config_and_register(dev, timer->rate, 3, ULONG_MAX);
440 ++ irq_force_affinity(dev->irq, cpumask_of(cpu));
441 ++
442 ++ return 0;
443 ++}
444 ++
445 ++static int __init dmtimer_percpu_quirk_init(void)
446 ++{
447 ++ struct dmtimer_clockevent *clkevt;
448 ++ struct clock_event_device *dev;
449 ++ struct device_node *arm_timer;
450 ++ struct omap_dm_timer *timer;
451 ++ int cpu = 0;
452 ++
453 ++ arm_timer = of_find_compatible_node(NULL, NULL, "arm,armv7-timer");
454 ++ if (of_device_is_available(arm_timer)) {
455 ++ pr_warn_once("ARM architected timer wrap issue i940 detected\n");
456 ++ return 0;
457 ++ }
458 ++
459 ++ for_each_possible_cpu(cpu) {
460 ++ clkevt = per_cpu_ptr(&dmtimer_percpu_timer, cpu);
461 ++ dev = &clkevt->dev;
462 ++ timer = &clkevt->timer;
463 ++
464 ++ dmtimer_clkevt_init_common(clkevt, 0, "timer_sys_ck",
465 ++ CLOCK_EVT_FEAT_ONESHOT,
466 ++ cpumask_of(cpu),
467 ++ "assigned-clock-parents",
468 ++ 500, "percpu timer");
469 + }
470 +
471 +- pr_info("OMAP clockevent source: %s at %lu Hz\n", clockevent_gpt.name,
472 +- clkev.rate);
473 ++ cpuhp_setup_state(CPUHP_AP_OMAP_DM_TIMER_STARTING,
474 ++ "clockevents/omap/gptimer:starting",
475 ++ omap_gptimer_starting_cpu, NULL);
476 ++
477 ++ return 0;
478 + }
479 +
480 + /* Clocksource code */
481 +@@ -543,7 +606,15 @@ static void __init __omap_sync32k_timer_init(int clkev_nr, const char *clkev_src
482 + {
483 + omap_clk_init();
484 + omap_dmtimer_init();
485 +- omap2_gp_clockevent_init(clkev_nr, clkev_src, clkev_prop);
486 ++ dmtimer_clkevt_init_common(&clockevent, clkev_nr, clkev_src,
487 ++ CLOCK_EVT_FEAT_PERIODIC | CLOCK_EVT_FEAT_ONESHOT,
488 ++ cpu_possible_mask, clkev_prop, 300, "clockevent");
489 ++ clockevents_config_and_register(&clockevent.dev, clockevent.timer.rate,
490 ++ 3, /* Timer internal resynch latency */
491 ++ 0xffffffff);
492 ++
493 ++ if (soc_is_dra7xx())
494 ++ dmtimer_percpu_quirk_init();
495 +
496 + /* Enable the use of clocksource="gp_timer" kernel parameter */
497 + if (use_gptimer_clksrc || gptimer)
498 +@@ -572,7 +643,7 @@ void __init omap3_secure_sync32k_timer_init(void)
499 + #endif /* CONFIG_ARCH_OMAP3 */
500 +
501 + #if defined(CONFIG_ARCH_OMAP3) || defined(CONFIG_SOC_AM33XX) || \
502 +- defined(CONFIG_SOC_AM43XX)
503 ++ defined(CONFIG_SOC_AM43XX) || defined(CONFIG_SOC_DRA7XX)
504 + void __init omap3_gptimer_timer_init(void)
505 + {
506 + __omap_sync32k_timer_init(2, "timer_sys_ck", NULL,
507 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
508 +index ad24e67772778..bd463d6842370 100644
509 +--- a/arch/x86/kvm/svm.c
510 ++++ b/arch/x86/kvm/svm.c
511 +@@ -1791,9 +1791,25 @@ static void sev_asid_free(struct kvm *kvm)
512 + __sev_asid_free(sev->asid);
513 + }
514 +
515 +-static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
516 ++static void sev_decommission(unsigned int handle)
517 + {
518 + struct sev_data_decommission *decommission;
519 ++
520 ++ if (!handle)
521 ++ return;
522 ++
523 ++ decommission = kzalloc(sizeof(*decommission), GFP_KERNEL);
524 ++ if (!decommission)
525 ++ return;
526 ++
527 ++ decommission->handle = handle;
528 ++ sev_guest_decommission(decommission, NULL);
529 ++
530 ++ kfree(decommission);
531 ++}
532 ++
533 ++static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
534 ++{
535 + struct sev_data_deactivate *data;
536 +
537 + if (!handle)
538 +@@ -1811,15 +1827,7 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
539 + sev_guest_df_flush(NULL);
540 + kfree(data);
541 +
542 +- decommission = kzalloc(sizeof(*decommission), GFP_KERNEL);
543 +- if (!decommission)
544 +- return;
545 +-
546 +- /* decommission handle */
547 +- decommission->handle = handle;
548 +- sev_guest_decommission(decommission, NULL);
549 +-
550 +- kfree(decommission);
551 ++ sev_decommission(handle);
552 + }
553 +
554 + static struct page **sev_pin_memory(struct kvm *kvm, unsigned long uaddr,
555 +@@ -1954,6 +1962,7 @@ static void sev_vm_destroy(struct kvm *kvm)
556 + list_for_each_safe(pos, q, head) {
557 + __unregister_enc_region_locked(kvm,
558 + list_entry(pos, struct enc_region, list));
559 ++ cond_resched();
560 + }
561 + }
562 +
563 +@@ -6468,8 +6477,10 @@ static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
564 +
565 + /* Bind ASID to this guest */
566 + ret = sev_bind_asid(kvm, start->handle, error);
567 +- if (ret)
568 ++ if (ret) {
569 ++ sev_decommission(start->handle);
570 + goto e_free_session;
571 ++ }
572 +
573 + /* return handle to userspace */
574 + params.handle = start->handle;
575 +diff --git a/drivers/clk/ti/clk-7xx.c b/drivers/clk/ti/clk-7xx.c
576 +index 71a122b2dc67e..b6d1ec49fa01a 100644
577 +--- a/drivers/clk/ti/clk-7xx.c
578 ++++ b/drivers/clk/ti/clk-7xx.c
579 +@@ -733,6 +733,7 @@ const struct omap_clkctrl_data dra7_clkctrl_data[] __initconst = {
580 + static struct ti_dt_clk dra7xx_clks[] = {
581 + DT_CLK(NULL, "timer_32k_ck", "sys_32k_ck"),
582 + DT_CLK(NULL, "sys_clkin_ck", "timer_sys_clk_div"),
583 ++ DT_CLK(NULL, "timer_sys_ck", "timer_sys_clk_div"),
584 + DT_CLK(NULL, "sys_clkin", "sys_clkin1"),
585 + DT_CLK(NULL, "atl_dpll_clk_mux", "atl_cm:0000:24"),
586 + DT_CLK(NULL, "atl_gfclk_mux", "atl_cm:0000:26"),
587 +diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
588 +index 7214022dfb911..d230536e7086d 100644
589 +--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
590 ++++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
591 +@@ -512,7 +512,7 @@ nouveau_bo_sync_for_device(struct nouveau_bo *nvbo)
592 + struct ttm_dma_tt *ttm_dma = (struct ttm_dma_tt *)nvbo->bo.ttm;
593 + int i;
594 +
595 +- if (!ttm_dma)
596 ++ if (!ttm_dma || !ttm_dma->dma_address)
597 + return;
598 +
599 + /* Don't waste time looping if the object is coherent */
600 +@@ -532,7 +532,7 @@ nouveau_bo_sync_for_cpu(struct nouveau_bo *nvbo)
601 + struct ttm_dma_tt *ttm_dma = (struct ttm_dma_tt *)nvbo->bo.ttm;
602 + int i;
603 +
604 +- if (!ttm_dma)
605 ++ if (!ttm_dma || !ttm_dma->dma_address)
606 + return;
607 +
608 + /* Don't waste time looping if the object is coherent */
609 +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
610 +index 45c8bf39ad238..acf0c244141f4 100644
611 +--- a/drivers/scsi/sr.c
612 ++++ b/drivers/scsi/sr.c
613 +@@ -216,6 +216,8 @@ static unsigned int sr_get_events(struct scsi_device *sdev)
614 + return DISK_EVENT_EJECT_REQUEST;
615 + else if (med->media_event_code == 2)
616 + return DISK_EVENT_MEDIA_CHANGE;
617 ++ else if (med->media_event_code == 3)
618 ++ return DISK_EVENT_EJECT_REQUEST;
619 + return 0;
620 + }
621 +
622 +diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
623 +index b370144682ed5..a2f8130e18fec 100644
624 +--- a/drivers/xen/events/events_base.c
625 ++++ b/drivers/xen/events/events_base.c
626 +@@ -524,6 +524,9 @@ static void xen_irq_lateeoi_locked(struct irq_info *info, bool spurious)
627 + }
628 +
629 + info->eoi_time = 0;
630 ++
631 ++ /* is_active hasn't been reset yet, do it now. */
632 ++ smp_store_release(&info->is_active, 0);
633 + do_unmask(info, EVT_MASK_REASON_EOI_PENDING);
634 + }
635 +
636 +@@ -1780,10 +1783,22 @@ static void lateeoi_ack_dynirq(struct irq_data *data)
637 + struct irq_info *info = info_for_irq(data->irq);
638 + evtchn_port_t evtchn = info ? info->evtchn : 0;
639 +
640 +- if (VALID_EVTCHN(evtchn)) {
641 +- do_mask(info, EVT_MASK_REASON_EOI_PENDING);
642 +- ack_dynirq(data);
643 +- }
644 ++ if (!VALID_EVTCHN(evtchn))
645 ++ return;
646 ++
647 ++ do_mask(info, EVT_MASK_REASON_EOI_PENDING);
648 ++
649 ++ if (unlikely(irqd_is_setaffinity_pending(data)) &&
650 ++ likely(!irqd_irq_disabled(data))) {
651 ++ do_mask(info, EVT_MASK_REASON_TEMPORARY);
652 ++
653 ++ clear_evtchn(evtchn);
654 ++
655 ++ irq_move_masked_irq(data);
656 ++
657 ++ do_unmask(info, EVT_MASK_REASON_TEMPORARY);
658 ++ } else
659 ++ clear_evtchn(evtchn);
660 + }
661 +
662 + static void lateeoi_mask_ack_dynirq(struct irq_data *data)
663 +diff --git a/fs/ext4/block_validity.c b/fs/ext4/block_validity.c
664 +index 1ea8fc9ff048f..1bc65ecd4bd6d 100644
665 +--- a/fs/ext4/block_validity.c
666 ++++ b/fs/ext4/block_validity.c
667 +@@ -171,8 +171,10 @@ static int ext4_data_block_valid_rcu(struct ext4_sb_info *sbi,
668 + else if (start_blk >= (entry->start_blk + entry->count))
669 + n = n->rb_right;
670 + else {
671 ++ if (entry->ino == ino)
672 ++ return 1;
673 + sbi->s_es->s_last_error_block = cpu_to_le64(start_blk);
674 +- return entry->ino == ino;
675 ++ return 0;
676 + }
677 + }
678 + return 1;
679 +diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h
680 +index d67c0035165c2..3d323c6c85260 100644
681 +--- a/include/linux/cpuhotplug.h
682 ++++ b/include/linux/cpuhotplug.h
683 +@@ -118,6 +118,7 @@ enum cpuhp_state {
684 + CPUHP_AP_ARM_L2X0_STARTING,
685 + CPUHP_AP_EXYNOS4_MCT_TIMER_STARTING,
686 + CPUHP_AP_ARM_ARCH_TIMER_STARTING,
687 ++ CPUHP_AP_OMAP_DM_TIMER_STARTING,
688 + CPUHP_AP_ARM_GLOBAL_TIMER_STARTING,
689 + CPUHP_AP_JCORE_TIMER_STARTING,
690 + CPUHP_AP_ARM_TWD_STARTING,
691 +diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h
692 +index e375f2249f520..becf9b1eae5a1 100644
693 +--- a/include/linux/huge_mm.h
694 ++++ b/include/linux/huge_mm.h
695 +@@ -224,6 +224,7 @@ struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr,
696 + extern vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf, pmd_t orig_pmd);
697 +
698 + extern struct page *huge_zero_page;
699 ++extern unsigned long huge_zero_pfn;
700 +
701 + static inline bool is_huge_zero_page(struct page *page)
702 + {
703 +@@ -232,7 +233,7 @@ static inline bool is_huge_zero_page(struct page *page)
704 +
705 + static inline bool is_huge_zero_pmd(pmd_t pmd)
706 + {
707 +- return is_huge_zero_page(pmd_page(pmd));
708 ++ return READ_ONCE(huge_zero_pfn) == pmd_pfn(pmd) && pmd_present(pmd);
709 + }
710 +
711 + static inline bool is_huge_zero_pud(pud_t pud)
712 +@@ -342,6 +343,11 @@ static inline bool is_huge_zero_page(struct page *page)
713 + return false;
714 + }
715 +
716 ++static inline bool is_huge_zero_pmd(pmd_t pmd)
717 ++{
718 ++ return false;
719 ++}
720 ++
721 + static inline bool is_huge_zero_pud(pud_t pud)
722 + {
723 + return false;
724 +diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
725 +index c129c1c14c5f2..2df83a6598182 100644
726 +--- a/include/linux/hugetlb.h
727 ++++ b/include/linux/hugetlb.h
728 +@@ -477,17 +477,6 @@ static inline int hstate_index(struct hstate *h)
729 + return h - hstates;
730 + }
731 +
732 +-pgoff_t __basepage_index(struct page *page);
733 +-
734 +-/* Return page->index in PAGE_SIZE units */
735 +-static inline pgoff_t basepage_index(struct page *page)
736 +-{
737 +- if (!PageCompound(page))
738 +- return page->index;
739 +-
740 +- return __basepage_index(page);
741 +-}
742 +-
743 + extern int dissolve_free_huge_page(struct page *page);
744 + extern int dissolve_free_huge_pages(unsigned long start_pfn,
745 + unsigned long end_pfn);
746 +@@ -582,11 +571,6 @@ static inline int hstate_index(struct hstate *h)
747 + return 0;
748 + }
749 +
750 +-static inline pgoff_t basepage_index(struct page *page)
751 +-{
752 +- return page->index;
753 +-}
754 +-
755 + static inline int dissolve_free_huge_page(struct page *page)
756 + {
757 + return 0;
758 +diff --git a/include/linux/mm.h b/include/linux/mm.h
759 +index f6ecf41aea83d..c736c677b876d 100644
760 +--- a/include/linux/mm.h
761 ++++ b/include/linux/mm.h
762 +@@ -1338,6 +1338,7 @@ struct zap_details {
763 + struct address_space *check_mapping; /* Check page->mapping if set */
764 + pgoff_t first_index; /* Lowest page->index to unmap */
765 + pgoff_t last_index; /* Highest page->index to unmap */
766 ++ struct page *single_page; /* Locked page to be unmapped */
767 + };
768 +
769 + struct page *_vm_normal_page(struct vm_area_struct *vma, unsigned long addr,
770 +@@ -1428,6 +1429,7 @@ extern vm_fault_t handle_mm_fault(struct vm_area_struct *vma,
771 + extern int fixup_user_fault(struct task_struct *tsk, struct mm_struct *mm,
772 + unsigned long address, unsigned int fault_flags,
773 + bool *unlocked);
774 ++void unmap_mapping_page(struct page *page);
775 + void unmap_mapping_pages(struct address_space *mapping,
776 + pgoff_t start, pgoff_t nr, bool even_cows);
777 + void unmap_mapping_range(struct address_space *mapping,
778 +@@ -1448,6 +1450,7 @@ static inline int fixup_user_fault(struct task_struct *tsk,
779 + BUG();
780 + return -EFAULT;
781 + }
782 ++static inline void unmap_mapping_page(struct page *page) { }
783 + static inline void unmap_mapping_pages(struct address_space *mapping,
784 + pgoff_t start, pgoff_t nr, bool even_cows) { }
785 + static inline void unmap_mapping_range(struct address_space *mapping,
786 +diff --git a/include/linux/mmdebug.h b/include/linux/mmdebug.h
787 +index 2ad72d2c8cc52..5d0767cb424aa 100644
788 +--- a/include/linux/mmdebug.h
789 ++++ b/include/linux/mmdebug.h
790 +@@ -37,6 +37,18 @@ void dump_mm(const struct mm_struct *mm);
791 + BUG(); \
792 + } \
793 + } while (0)
794 ++#define VM_WARN_ON_ONCE_PAGE(cond, page) ({ \
795 ++ static bool __section(".data.once") __warned; \
796 ++ int __ret_warn_once = !!(cond); \
797 ++ \
798 ++ if (unlikely(__ret_warn_once && !__warned)) { \
799 ++ dump_page(page, "VM_WARN_ON_ONCE_PAGE(" __stringify(cond)")");\
800 ++ __warned = true; \
801 ++ WARN_ON(1); \
802 ++ } \
803 ++ unlikely(__ret_warn_once); \
804 ++})
805 ++
806 + #define VM_WARN_ON(cond) (void)WARN_ON(cond)
807 + #define VM_WARN_ON_ONCE(cond) (void)WARN_ON_ONCE(cond)
808 + #define VM_WARN_ONCE(cond, format...) (void)WARN_ONCE(cond, format)
809 +@@ -48,6 +60,7 @@ void dump_mm(const struct mm_struct *mm);
810 + #define VM_BUG_ON_MM(cond, mm) VM_BUG_ON(cond)
811 + #define VM_WARN_ON(cond) BUILD_BUG_ON_INVALID(cond)
812 + #define VM_WARN_ON_ONCE(cond) BUILD_BUG_ON_INVALID(cond)
813 ++#define VM_WARN_ON_ONCE_PAGE(cond, page) BUILD_BUG_ON_INVALID(cond)
814 + #define VM_WARN_ONCE(cond, format...) BUILD_BUG_ON_INVALID(cond)
815 + #define VM_WARN(cond, format...) BUILD_BUG_ON_INVALID(cond)
816 + #endif
817 +diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
818 +index b1bd2186e6d2b..33b63b2a163f9 100644
819 +--- a/include/linux/pagemap.h
820 ++++ b/include/linux/pagemap.h
821 +@@ -403,7 +403,7 @@ static inline struct page *read_mapping_page(struct address_space *mapping,
822 + }
823 +
824 + /*
825 +- * Get index of the page with in radix-tree
826 ++ * Get index of the page within radix-tree (but not for hugetlb pages).
827 + * (TODO: remove once hugetlb pages will have ->index in PAGE_SIZE)
828 + */
829 + static inline pgoff_t page_to_index(struct page *page)
830 +@@ -422,15 +422,16 @@ static inline pgoff_t page_to_index(struct page *page)
831 + return pgoff;
832 + }
833 +
834 ++extern pgoff_t hugetlb_basepage_index(struct page *page);
835 ++
836 + /*
837 +- * Get the offset in PAGE_SIZE.
838 +- * (TODO: hugepage should have ->index in PAGE_SIZE)
839 ++ * Get the offset in PAGE_SIZE (even for hugetlb pages).
840 ++ * (TODO: hugetlb pages should have ->index in PAGE_SIZE)
841 + */
842 + static inline pgoff_t page_to_pgoff(struct page *page)
843 + {
844 +- if (unlikely(PageHeadHuge(page)))
845 +- return page->index << compound_order(page);
846 +-
847 ++ if (unlikely(PageHuge(page)))
848 ++ return hugetlb_basepage_index(page);
849 + return page_to_index(page);
850 + }
851 +
852 +diff --git a/include/linux/rmap.h b/include/linux/rmap.h
853 +index d7d6d4eb17949..91ccae9467164 100644
854 +--- a/include/linux/rmap.h
855 ++++ b/include/linux/rmap.h
856 +@@ -98,7 +98,8 @@ enum ttu_flags {
857 + * do a final flush if necessary */
858 + TTU_RMAP_LOCKED = 0x80, /* do not grab rmap lock:
859 + * caller holds it */
860 +- TTU_SPLIT_FREEZE = 0x100, /* freeze pte under splitting thp */
861 ++ TTU_SPLIT_FREEZE = 0x100, /* freeze pte under splitting thp */
862 ++ TTU_SYNC = 0x200, /* avoid racy checks with PVMW_SYNC */
863 + };
864 +
865 + #ifdef CONFIG_MMU
866 +diff --git a/kernel/futex.c b/kernel/futex.c
867 +index 526ebcff5a0a9..3c67da9b84086 100644
868 +--- a/kernel/futex.c
869 ++++ b/kernel/futex.c
870 +@@ -719,7 +719,7 @@ again:
871 +
872 + key->both.offset |= FUT_OFF_INODE; /* inode-based key */
873 + key->shared.i_seq = get_inode_sequence_number(inode);
874 +- key->shared.pgoff = basepage_index(tail);
875 ++ key->shared.pgoff = page_to_pgoff(tail);
876 + rcu_read_unlock();
877 + }
878 +
879 +diff --git a/kernel/kthread.c b/kernel/kthread.c
880 +index 81abfac351272..9750f4f7f9010 100644
881 +--- a/kernel/kthread.c
882 ++++ b/kernel/kthread.c
883 +@@ -1010,8 +1010,38 @@ void kthread_flush_work(struct kthread_work *work)
884 + EXPORT_SYMBOL_GPL(kthread_flush_work);
885 +
886 + /*
887 +- * This function removes the work from the worker queue. Also it makes sure
888 +- * that it won't get queued later via the delayed work's timer.
889 ++ * Make sure that the timer is neither set nor running and could
890 ++ * not manipulate the work list_head any longer.
891 ++ *
892 ++ * The function is called under worker->lock. The lock is temporary
893 ++ * released but the timer can't be set again in the meantime.
894 ++ */
895 ++static void kthread_cancel_delayed_work_timer(struct kthread_work *work,
896 ++ unsigned long *flags)
897 ++{
898 ++ struct kthread_delayed_work *dwork =
899 ++ container_of(work, struct kthread_delayed_work, work);
900 ++ struct kthread_worker *worker = work->worker;
901 ++
902 ++ /*
903 ++ * del_timer_sync() must be called to make sure that the timer
904 ++ * callback is not running. The lock must be temporary released
905 ++ * to avoid a deadlock with the callback. In the meantime,
906 ++ * any queuing is blocked by setting the canceling counter.
907 ++ */
908 ++ work->canceling++;
909 ++ spin_unlock_irqrestore(&worker->lock, *flags);
910 ++ del_timer_sync(&dwork->timer);
911 ++ spin_lock_irqsave(&worker->lock, *flags);
912 ++ work->canceling--;
913 ++}
914 ++
915 ++/*
916 ++ * This function removes the work from the worker queue.
917 ++ *
918 ++ * It is called under worker->lock. The caller must make sure that
919 ++ * the timer used by delayed work is not running, e.g. by calling
920 ++ * kthread_cancel_delayed_work_timer().
921 + *
922 + * The work might still be in use when this function finishes. See the
923 + * current_work proceed by the worker.
924 +@@ -1019,28 +1049,8 @@ EXPORT_SYMBOL_GPL(kthread_flush_work);
925 + * Return: %true if @work was pending and successfully canceled,
926 + * %false if @work was not pending
927 + */
928 +-static bool __kthread_cancel_work(struct kthread_work *work, bool is_dwork,
929 +- unsigned long *flags)
930 ++static bool __kthread_cancel_work(struct kthread_work *work)
931 + {
932 +- /* Try to cancel the timer if exists. */
933 +- if (is_dwork) {
934 +- struct kthread_delayed_work *dwork =
935 +- container_of(work, struct kthread_delayed_work, work);
936 +- struct kthread_worker *worker = work->worker;
937 +-
938 +- /*
939 +- * del_timer_sync() must be called to make sure that the timer
940 +- * callback is not running. The lock must be temporary released
941 +- * to avoid a deadlock with the callback. In the meantime,
942 +- * any queuing is blocked by setting the canceling counter.
943 +- */
944 +- work->canceling++;
945 +- spin_unlock_irqrestore(&worker->lock, *flags);
946 +- del_timer_sync(&dwork->timer);
947 +- spin_lock_irqsave(&worker->lock, *flags);
948 +- work->canceling--;
949 +- }
950 +-
951 + /*
952 + * Try to remove the work from a worker list. It might either
953 + * be from worker->work_list or from worker->delayed_work_list.
954 +@@ -1093,11 +1103,23 @@ bool kthread_mod_delayed_work(struct kthread_worker *worker,
955 + /* Work must not be used with >1 worker, see kthread_queue_work() */
956 + WARN_ON_ONCE(work->worker != worker);
957 +
958 +- /* Do not fight with another command that is canceling this work. */
959 ++ /*
960 ++ * Temporary cancel the work but do not fight with another command
961 ++ * that is canceling the work as well.
962 ++ *
963 ++ * It is a bit tricky because of possible races with another
964 ++ * mod_delayed_work() and cancel_delayed_work() callers.
965 ++ *
966 ++ * The timer must be canceled first because worker->lock is released
967 ++ * when doing so. But the work can be removed from the queue (list)
968 ++ * only when it can be queued again so that the return value can
969 ++ * be used for reference counting.
970 ++ */
971 ++ kthread_cancel_delayed_work_timer(work, &flags);
972 + if (work->canceling)
973 + goto out;
974 ++ ret = __kthread_cancel_work(work);
975 +
976 +- ret = __kthread_cancel_work(work, true, &flags);
977 + fast_queue:
978 + __kthread_queue_delayed_work(worker, dwork, delay);
979 + out:
980 +@@ -1119,7 +1141,10 @@ static bool __kthread_cancel_work_sync(struct kthread_work *work, bool is_dwork)
981 + /* Work must not be used with >1 worker, see kthread_queue_work(). */
982 + WARN_ON_ONCE(work->worker != worker);
983 +
984 +- ret = __kthread_cancel_work(work, is_dwork, &flags);
985 ++ if (is_dwork)
986 ++ kthread_cancel_delayed_work_timer(work, &flags);
987 ++
988 ++ ret = __kthread_cancel_work(work);
989 +
990 + if (worker->current_work != work)
991 + goto out_fast;
992 +diff --git a/mm/huge_memory.c b/mm/huge_memory.c
993 +index 7c374c0fcf0c7..4400957d8e4e2 100644
994 +--- a/mm/huge_memory.c
995 ++++ b/mm/huge_memory.c
996 +@@ -62,6 +62,7 @@ static struct shrinker deferred_split_shrinker;
997 +
998 + static atomic_t huge_zero_refcount;
999 + struct page *huge_zero_page __read_mostly;
1000 ++unsigned long huge_zero_pfn __read_mostly = ~0UL;
1001 +
1002 + bool transparent_hugepage_enabled(struct vm_area_struct *vma)
1003 + {
1004 +@@ -93,6 +94,7 @@ retry:
1005 + __free_pages(zero_page, compound_order(zero_page));
1006 + goto retry;
1007 + }
1008 ++ WRITE_ONCE(huge_zero_pfn, page_to_pfn(zero_page));
1009 +
1010 + /* We take additional reference here. It will be put back by shrinker */
1011 + atomic_set(&huge_zero_refcount, 2);
1012 +@@ -142,6 +144,7 @@ static unsigned long shrink_huge_zero_page_scan(struct shrinker *shrink,
1013 + if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) {
1014 + struct page *zero_page = xchg(&huge_zero_page, NULL);
1015 + BUG_ON(zero_page == NULL);
1016 ++ WRITE_ONCE(huge_zero_pfn, ~0UL);
1017 + __free_pages(zero_page, compound_order(zero_page));
1018 + return HPAGE_PMD_NR;
1019 + }
1020 +@@ -2125,7 +2128,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
1021 + count_vm_event(THP_SPLIT_PMD);
1022 +
1023 + if (!vma_is_anonymous(vma)) {
1024 +- _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1025 ++ old_pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd);
1026 + /*
1027 + * We are going to unmap this huge page. So
1028 + * just go ahead and zap it
1029 +@@ -2134,16 +2137,25 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
1030 + zap_deposited_table(mm, pmd);
1031 + if (vma_is_dax(vma))
1032 + return;
1033 +- page = pmd_page(_pmd);
1034 +- if (!PageDirty(page) && pmd_dirty(_pmd))
1035 +- set_page_dirty(page);
1036 +- if (!PageReferenced(page) && pmd_young(_pmd))
1037 +- SetPageReferenced(page);
1038 +- page_remove_rmap(page, true);
1039 +- put_page(page);
1040 ++ if (unlikely(is_pmd_migration_entry(old_pmd))) {
1041 ++ swp_entry_t entry;
1042 ++
1043 ++ entry = pmd_to_swp_entry(old_pmd);
1044 ++ page = migration_entry_to_page(entry);
1045 ++ } else {
1046 ++ page = pmd_page(old_pmd);
1047 ++ if (!PageDirty(page) && pmd_dirty(old_pmd))
1048 ++ set_page_dirty(page);
1049 ++ if (!PageReferenced(page) && pmd_young(old_pmd))
1050 ++ SetPageReferenced(page);
1051 ++ page_remove_rmap(page, true);
1052 ++ put_page(page);
1053 ++ }
1054 + add_mm_counter(mm, mm_counter_file(page), -HPAGE_PMD_NR);
1055 + return;
1056 +- } else if (pmd_trans_huge(*pmd) && is_huge_zero_pmd(*pmd)) {
1057 ++ }
1058 ++
1059 ++ if (is_huge_zero_pmd(*pmd)) {
1060 + /*
1061 + * FIXME: Do we want to invalidate secondary mmu by calling
1062 + * mmu_notifier_invalidate_range() see comments below inside
1063 +@@ -2418,16 +2430,16 @@ void vma_adjust_trans_huge(struct vm_area_struct *vma,
1064 + static void unmap_page(struct page *page)
1065 + {
1066 + enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS |
1067 +- TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD;
1068 +- bool unmap_success;
1069 ++ TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD | TTU_SYNC;
1070 +
1071 + VM_BUG_ON_PAGE(!PageHead(page), page);
1072 +
1073 + if (PageAnon(page))
1074 + ttu_flags |= TTU_SPLIT_FREEZE;
1075 +
1076 +- unmap_success = try_to_unmap(page, ttu_flags);
1077 +- VM_BUG_ON_PAGE(!unmap_success, page);
1078 ++ try_to_unmap(page, ttu_flags);
1079 ++
1080 ++ VM_WARN_ON_ONCE_PAGE(page_mapped(page), page);
1081 + }
1082 +
1083 + static void remap_page(struct page *page)
1084 +@@ -2686,7 +2698,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)
1085 + struct pglist_data *pgdata = NODE_DATA(page_to_nid(head));
1086 + struct anon_vma *anon_vma = NULL;
1087 + struct address_space *mapping = NULL;
1088 +- int count, mapcount, extra_pins, ret;
1089 ++ int extra_pins, ret;
1090 + bool mlocked;
1091 + unsigned long flags;
1092 + pgoff_t end;
1093 +@@ -2748,7 +2760,6 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)
1094 +
1095 + mlocked = PageMlocked(page);
1096 + unmap_page(head);
1097 +- VM_BUG_ON_PAGE(compound_mapcount(head), head);
1098 +
1099 + /* Make sure the page is not on per-CPU pagevec as it takes pin */
1100 + if (mlocked)
1101 +@@ -2774,9 +2785,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)
1102 +
1103 + /* Prevent deferred_split_scan() touching ->_refcount */
1104 + spin_lock(&pgdata->split_queue_lock);
1105 +- count = page_count(head);
1106 +- mapcount = total_mapcount(head);
1107 +- if (!mapcount && page_ref_freeze(head, 1 + extra_pins)) {
1108 ++ if (page_ref_freeze(head, 1 + extra_pins)) {
1109 + if (!list_empty(page_deferred_list(head))) {
1110 + pgdata->split_queue_len--;
1111 + list_del(page_deferred_list(head));
1112 +@@ -2792,16 +2801,9 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)
1113 + } else
1114 + ret = 0;
1115 + } else {
1116 +- if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount) {
1117 +- pr_alert("total_mapcount: %u, page_count(): %u\n",
1118 +- mapcount, count);
1119 +- if (PageTail(page))
1120 +- dump_page(head, NULL);
1121 +- dump_page(page, "total_mapcount(head) > 0");
1122 +- BUG();
1123 +- }
1124 + spin_unlock(&pgdata->split_queue_lock);
1125 +-fail: if (mapping)
1126 ++fail:
1127 ++ if (mapping)
1128 + xa_unlock(&mapping->i_pages);
1129 + spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags);
1130 + remap_page(head);
1131 +diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1132 +index c69f12e4c1499..ebcf26bc4cd4b 100644
1133 +--- a/mm/hugetlb.c
1134 ++++ b/mm/hugetlb.c
1135 +@@ -1391,15 +1391,12 @@ int PageHeadHuge(struct page *page_head)
1136 + return get_compound_page_dtor(page_head) == free_huge_page;
1137 + }
1138 +
1139 +-pgoff_t __basepage_index(struct page *page)
1140 ++pgoff_t hugetlb_basepage_index(struct page *page)
1141 + {
1142 + struct page *page_head = compound_head(page);
1143 + pgoff_t index = page_index(page_head);
1144 + unsigned long compound_idx;
1145 +
1146 +- if (!PageHuge(page_head))
1147 +- return page_index(page);
1148 +-
1149 + if (compound_order(page_head) >= MAX_ORDER)
1150 + compound_idx = page_to_pfn(page) - page_to_pfn(page_head);
1151 + else
1152 +diff --git a/mm/internal.h b/mm/internal.h
1153 +index 397183c8fe47b..3a2e973138d36 100644
1154 +--- a/mm/internal.h
1155 ++++ b/mm/internal.h
1156 +@@ -331,27 +331,52 @@ static inline void mlock_migrate_page(struct page *newpage, struct page *page)
1157 + extern pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma);
1158 +
1159 + /*
1160 +- * At what user virtual address is page expected in @vma?
1161 ++ * At what user virtual address is page expected in vma?
1162 ++ * Returns -EFAULT if all of the page is outside the range of vma.
1163 ++ * If page is a compound head, the entire compound page is considered.
1164 + */
1165 + static inline unsigned long
1166 +-__vma_address(struct page *page, struct vm_area_struct *vma)
1167 ++vma_address(struct page *page, struct vm_area_struct *vma)
1168 + {
1169 +- pgoff_t pgoff = page_to_pgoff(page);
1170 +- return vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
1171 ++ pgoff_t pgoff;
1172 ++ unsigned long address;
1173 ++
1174 ++ VM_BUG_ON_PAGE(PageKsm(page), page); /* KSM page->index unusable */
1175 ++ pgoff = page_to_pgoff(page);
1176 ++ if (pgoff >= vma->vm_pgoff) {
1177 ++ address = vma->vm_start +
1178 ++ ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
1179 ++ /* Check for address beyond vma (or wrapped through 0?) */
1180 ++ if (address < vma->vm_start || address >= vma->vm_end)
1181 ++ address = -EFAULT;
1182 ++ } else if (PageHead(page) &&
1183 ++ pgoff + (1UL << compound_order(page)) - 1 >= vma->vm_pgoff) {
1184 ++ /* Test above avoids possibility of wrap to 0 on 32-bit */
1185 ++ address = vma->vm_start;
1186 ++ } else {
1187 ++ address = -EFAULT;
1188 ++ }
1189 ++ return address;
1190 + }
1191 +
1192 ++/*
1193 ++ * Then at what user virtual address will none of the page be found in vma?
1194 ++ * Assumes that vma_address() already returned a good starting address.
1195 ++ * If page is a compound head, the entire compound page is considered.
1196 ++ */
1197 + static inline unsigned long
1198 +-vma_address(struct page *page, struct vm_area_struct *vma)
1199 ++vma_address_end(struct page *page, struct vm_area_struct *vma)
1200 + {
1201 +- unsigned long start, end;
1202 +-
1203 +- start = __vma_address(page, vma);
1204 +- end = start + PAGE_SIZE * (hpage_nr_pages(page) - 1);
1205 +-
1206 +- /* page should be within @vma mapping range */
1207 +- VM_BUG_ON_VMA(end < vma->vm_start || start >= vma->vm_end, vma);
1208 +-
1209 +- return max(start, vma->vm_start);
1210 ++ pgoff_t pgoff;
1211 ++ unsigned long address;
1212 ++
1213 ++ VM_BUG_ON_PAGE(PageKsm(page), page); /* KSM page->index unusable */
1214 ++ pgoff = page_to_pgoff(page) + (1UL << compound_order(page));
1215 ++ address = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
1216 ++ /* Check for address beyond vma (or wrapped through 0?) */
1217 ++ if (address < vma->vm_start || address > vma->vm_end)
1218 ++ address = vma->vm_end;
1219 ++ return address;
1220 + }
1221 +
1222 + #else /* !CONFIG_MMU */
1223 +diff --git a/mm/memory.c b/mm/memory.c
1224 +index c2011c51f15de..49b546cdce0d2 100644
1225 +--- a/mm/memory.c
1226 ++++ b/mm/memory.c
1227 +@@ -1439,7 +1439,18 @@ static inline unsigned long zap_pmd_range(struct mmu_gather *tlb,
1228 + else if (zap_huge_pmd(tlb, vma, pmd, addr))
1229 + goto next;
1230 + /* fall through */
1231 ++ } else if (details && details->single_page &&
1232 ++ PageTransCompound(details->single_page) &&
1233 ++ next - addr == HPAGE_PMD_SIZE && pmd_none(*pmd)) {
1234 ++ spinlock_t *ptl = pmd_lock(tlb->mm, pmd);
1235 ++ /*
1236 ++ * Take and drop THP pmd lock so that we cannot return
1237 ++ * prematurely, while zap_huge_pmd() has cleared *pmd,
1238 ++ * but not yet decremented compound_mapcount().
1239 ++ */
1240 ++ spin_unlock(ptl);
1241 + }
1242 ++
1243 + /*
1244 + * Here there can be other concurrent MADV_DONTNEED or
1245 + * trans huge page faults running, and if the pmd is
1246 +@@ -2924,6 +2935,36 @@ static inline void unmap_mapping_range_tree(struct rb_root_cached *root,
1247 + }
1248 + }
1249 +
1250 ++/**
1251 ++ * unmap_mapping_page() - Unmap single page from processes.
1252 ++ * @page: The locked page to be unmapped.
1253 ++ *
1254 ++ * Unmap this page from any userspace process which still has it mmaped.
1255 ++ * Typically, for efficiency, the range of nearby pages has already been
1256 ++ * unmapped by unmap_mapping_pages() or unmap_mapping_range(). But once
1257 ++ * truncation or invalidation holds the lock on a page, it may find that
1258 ++ * the page has been remapped again: and then uses unmap_mapping_page()
1259 ++ * to unmap it finally.
1260 ++ */
1261 ++void unmap_mapping_page(struct page *page)
1262 ++{
1263 ++ struct address_space *mapping = page->mapping;
1264 ++ struct zap_details details = { };
1265 ++
1266 ++ VM_BUG_ON(!PageLocked(page));
1267 ++ VM_BUG_ON(PageTail(page));
1268 ++
1269 ++ details.check_mapping = mapping;
1270 ++ details.first_index = page->index;
1271 ++ details.last_index = page->index + hpage_nr_pages(page) - 1;
1272 ++ details.single_page = page;
1273 ++
1274 ++ i_mmap_lock_write(mapping);
1275 ++ if (unlikely(!RB_EMPTY_ROOT(&mapping->i_mmap.rb_root)))
1276 ++ unmap_mapping_range_tree(&mapping->i_mmap, &details);
1277 ++ i_mmap_unlock_write(mapping);
1278 ++}
1279 ++
1280 + /**
1281 + * unmap_mapping_pages() - Unmap pages from processes.
1282 + * @mapping: The address space containing pages to be unmapped.
1283 +diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c
1284 +index 11df03e71288c..edca786093187 100644
1285 +--- a/mm/page_vma_mapped.c
1286 ++++ b/mm/page_vma_mapped.c
1287 +@@ -111,6 +111,13 @@ static bool check_pte(struct page_vma_mapped_walk *pvmw)
1288 + return pfn_in_hpage(pvmw->page, pfn);
1289 + }
1290 +
1291 ++static void step_forward(struct page_vma_mapped_walk *pvmw, unsigned long size)
1292 ++{
1293 ++ pvmw->address = (pvmw->address + size) & ~(size - 1);
1294 ++ if (!pvmw->address)
1295 ++ pvmw->address = ULONG_MAX;
1296 ++}
1297 ++
1298 + /**
1299 + * page_vma_mapped_walk - check if @pvmw->page is mapped in @pvmw->vma at
1300 + * @pvmw->address
1301 +@@ -139,6 +146,7 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
1302 + {
1303 + struct mm_struct *mm = pvmw->vma->vm_mm;
1304 + struct page *page = pvmw->page;
1305 ++ unsigned long end;
1306 + pgd_t *pgd;
1307 + p4d_t *p4d;
1308 + pud_t *pud;
1309 +@@ -148,10 +156,11 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
1310 + if (pvmw->pmd && !pvmw->pte)
1311 + return not_found(pvmw);
1312 +
1313 +- if (pvmw->pte)
1314 +- goto next_pte;
1315 ++ if (unlikely(PageHuge(page))) {
1316 ++ /* The only possible mapping was handled on last iteration */
1317 ++ if (pvmw->pte)
1318 ++ return not_found(pvmw);
1319 +
1320 +- if (unlikely(PageHuge(pvmw->page))) {
1321 + /* when pud is not present, pte will be NULL */
1322 + pvmw->pte = huge_pte_offset(mm, pvmw->address,
1323 + PAGE_SIZE << compound_order(page));
1324 +@@ -164,78 +173,108 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
1325 + return not_found(pvmw);
1326 + return true;
1327 + }
1328 +-restart:
1329 +- pgd = pgd_offset(mm, pvmw->address);
1330 +- if (!pgd_present(*pgd))
1331 +- return false;
1332 +- p4d = p4d_offset(pgd, pvmw->address);
1333 +- if (!p4d_present(*p4d))
1334 +- return false;
1335 +- pud = pud_offset(p4d, pvmw->address);
1336 +- if (!pud_present(*pud))
1337 +- return false;
1338 +- pvmw->pmd = pmd_offset(pud, pvmw->address);
1339 ++
1340 + /*
1341 +- * Make sure the pmd value isn't cached in a register by the
1342 +- * compiler and used as a stale value after we've observed a
1343 +- * subsequent update.
1344 ++ * Seek to next pte only makes sense for THP.
1345 ++ * But more important than that optimization, is to filter out
1346 ++ * any PageKsm page: whose page->index misleads vma_address()
1347 ++ * and vma_address_end() to disaster.
1348 + */
1349 +- pmde = READ_ONCE(*pvmw->pmd);
1350 +- if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) {
1351 +- pvmw->ptl = pmd_lock(mm, pvmw->pmd);
1352 +- if (likely(pmd_trans_huge(*pvmw->pmd))) {
1353 +- if (pvmw->flags & PVMW_MIGRATION)
1354 +- return not_found(pvmw);
1355 +- if (pmd_page(*pvmw->pmd) != page)
1356 +- return not_found(pvmw);
1357 +- return true;
1358 +- } else if (!pmd_present(*pvmw->pmd)) {
1359 +- if (thp_migration_supported()) {
1360 +- if (!(pvmw->flags & PVMW_MIGRATION))
1361 ++ end = PageTransCompound(page) ?
1362 ++ vma_address_end(page, pvmw->vma) :
1363 ++ pvmw->address + PAGE_SIZE;
1364 ++ if (pvmw->pte)
1365 ++ goto next_pte;
1366 ++restart:
1367 ++ do {
1368 ++ pgd = pgd_offset(mm, pvmw->address);
1369 ++ if (!pgd_present(*pgd)) {
1370 ++ step_forward(pvmw, PGDIR_SIZE);
1371 ++ continue;
1372 ++ }
1373 ++ p4d = p4d_offset(pgd, pvmw->address);
1374 ++ if (!p4d_present(*p4d)) {
1375 ++ step_forward(pvmw, P4D_SIZE);
1376 ++ continue;
1377 ++ }
1378 ++ pud = pud_offset(p4d, pvmw->address);
1379 ++ if (!pud_present(*pud)) {
1380 ++ step_forward(pvmw, PUD_SIZE);
1381 ++ continue;
1382 ++ }
1383 ++
1384 ++ pvmw->pmd = pmd_offset(pud, pvmw->address);
1385 ++ /*
1386 ++ * Make sure the pmd value isn't cached in a register by the
1387 ++ * compiler and used as a stale value after we've observed a
1388 ++ * subsequent update.
1389 ++ */
1390 ++ pmde = READ_ONCE(*pvmw->pmd);
1391 ++
1392 ++ if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) {
1393 ++ pvmw->ptl = pmd_lock(mm, pvmw->pmd);
1394 ++ pmde = *pvmw->pmd;
1395 ++ if (likely(pmd_trans_huge(pmde))) {
1396 ++ if (pvmw->flags & PVMW_MIGRATION)
1397 + return not_found(pvmw);
1398 +- if (is_migration_entry(pmd_to_swp_entry(*pvmw->pmd))) {
1399 +- swp_entry_t entry = pmd_to_swp_entry(*pvmw->pmd);
1400 ++ if (pmd_page(pmde) != page)
1401 ++ return not_found(pvmw);
1402 ++ return true;
1403 ++ }
1404 ++ if (!pmd_present(pmde)) {
1405 ++ swp_entry_t entry;
1406 +
1407 +- if (migration_entry_to_page(entry) != page)
1408 +- return not_found(pvmw);
1409 +- return true;
1410 +- }
1411 ++ if (!thp_migration_supported() ||
1412 ++ !(pvmw->flags & PVMW_MIGRATION))
1413 ++ return not_found(pvmw);
1414 ++ entry = pmd_to_swp_entry(pmde);
1415 ++ if (!is_migration_entry(entry) ||
1416 ++ migration_entry_to_page(entry) != page)
1417 ++ return not_found(pvmw);
1418 ++ return true;
1419 + }
1420 +- return not_found(pvmw);
1421 +- } else {
1422 + /* THP pmd was split under us: handle on pte level */
1423 + spin_unlock(pvmw->ptl);
1424 + pvmw->ptl = NULL;
1425 ++ } else if (!pmd_present(pmde)) {
1426 ++ /*
1427 ++ * If PVMW_SYNC, take and drop THP pmd lock so that we
1428 ++ * cannot return prematurely, while zap_huge_pmd() has
1429 ++ * cleared *pmd but not decremented compound_mapcount().
1430 ++ */
1431 ++ if ((pvmw->flags & PVMW_SYNC) &&
1432 ++ PageTransCompound(page)) {
1433 ++ spinlock_t *ptl = pmd_lock(mm, pvmw->pmd);
1434 ++
1435 ++ spin_unlock(ptl);
1436 ++ }
1437 ++ step_forward(pvmw, PMD_SIZE);
1438 ++ continue;
1439 + }
1440 +- } else if (!pmd_present(pmde)) {
1441 +- return false;
1442 +- }
1443 +- if (!map_pte(pvmw))
1444 +- goto next_pte;
1445 +- while (1) {
1446 ++ if (!map_pte(pvmw))
1447 ++ goto next_pte;
1448 ++this_pte:
1449 + if (check_pte(pvmw))
1450 + return true;
1451 + next_pte:
1452 +- /* Seek to next pte only makes sense for THP */
1453 +- if (!PageTransHuge(pvmw->page) || PageHuge(pvmw->page))
1454 +- return not_found(pvmw);
1455 + do {
1456 + pvmw->address += PAGE_SIZE;
1457 +- if (pvmw->address >= pvmw->vma->vm_end ||
1458 +- pvmw->address >=
1459 +- __vma_address(pvmw->page, pvmw->vma) +
1460 +- hpage_nr_pages(pvmw->page) * PAGE_SIZE)
1461 ++ if (pvmw->address >= end)
1462 + return not_found(pvmw);
1463 + /* Did we cross page table boundary? */
1464 +- if (pvmw->address % PMD_SIZE == 0) {
1465 +- pte_unmap(pvmw->pte);
1466 ++ if ((pvmw->address & (PMD_SIZE - PAGE_SIZE)) == 0) {
1467 + if (pvmw->ptl) {
1468 + spin_unlock(pvmw->ptl);
1469 + pvmw->ptl = NULL;
1470 + }
1471 ++ pte_unmap(pvmw->pte);
1472 ++ pvmw->pte = NULL;
1473 + goto restart;
1474 +- } else {
1475 +- pvmw->pte++;
1476 ++ }
1477 ++ pvmw->pte++;
1478 ++ if ((pvmw->flags & PVMW_SYNC) && !pvmw->ptl) {
1479 ++ pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
1480 ++ spin_lock(pvmw->ptl);
1481 + }
1482 + } while (pte_none(*pvmw->pte));
1483 +
1484 +@@ -243,7 +282,10 @@ next_pte:
1485 + pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
1486 + spin_lock(pvmw->ptl);
1487 + }
1488 +- }
1489 ++ goto this_pte;
1490 ++ } while (pvmw->address < end);
1491 ++
1492 ++ return false;
1493 + }
1494 +
1495 + /**
1496 +@@ -262,14 +304,10 @@ int page_mapped_in_vma(struct page *page, struct vm_area_struct *vma)
1497 + .vma = vma,
1498 + .flags = PVMW_SYNC,
1499 + };
1500 +- unsigned long start, end;
1501 +-
1502 +- start = __vma_address(page, vma);
1503 +- end = start + PAGE_SIZE * (hpage_nr_pages(page) - 1);
1504 +
1505 +- if (unlikely(end < vma->vm_start || start >= vma->vm_end))
1506 ++ pvmw.address = vma_address(page, vma);
1507 ++ if (pvmw.address == -EFAULT)
1508 + return 0;
1509 +- pvmw.address = max(start, vma->vm_start);
1510 + if (!page_vma_mapped_walk(&pvmw))
1511 + return 0;
1512 + page_vma_mapped_walk_done(&pvmw);
1513 +diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c
1514 +index cf2af04b34b97..36770fcdc3582 100644
1515 +--- a/mm/pgtable-generic.c
1516 ++++ b/mm/pgtable-generic.c
1517 +@@ -125,8 +125,8 @@ pmd_t pmdp_huge_clear_flush(struct vm_area_struct *vma, unsigned long address,
1518 + {
1519 + pmd_t pmd;
1520 + VM_BUG_ON(address & ~HPAGE_PMD_MASK);
1521 +- VM_BUG_ON((pmd_present(*pmdp) && !pmd_trans_huge(*pmdp) &&
1522 +- !pmd_devmap(*pmdp)) || !pmd_present(*pmdp));
1523 ++ VM_BUG_ON(pmd_present(*pmdp) && !pmd_trans_huge(*pmdp) &&
1524 ++ !pmd_devmap(*pmdp));
1525 + pmd = pmdp_huge_get_and_clear(vma->vm_mm, address, pmdp);
1526 + flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
1527 + return pmd;
1528 +diff --git a/mm/rmap.c b/mm/rmap.c
1529 +index 1bd94ea62f7f1..699f445e3e78c 100644
1530 +--- a/mm/rmap.c
1531 ++++ b/mm/rmap.c
1532 +@@ -686,7 +686,6 @@ static bool should_defer_flush(struct mm_struct *mm, enum ttu_flags flags)
1533 + */
1534 + unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma)
1535 + {
1536 +- unsigned long address;
1537 + if (PageAnon(page)) {
1538 + struct anon_vma *page__anon_vma = page_anon_vma(page);
1539 + /*
1540 +@@ -696,15 +695,13 @@ unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma)
1541 + if (!vma->anon_vma || !page__anon_vma ||
1542 + vma->anon_vma->root != page__anon_vma->root)
1543 + return -EFAULT;
1544 +- } else if (page->mapping) {
1545 +- if (!vma->vm_file || vma->vm_file->f_mapping != page->mapping)
1546 +- return -EFAULT;
1547 +- } else
1548 ++ } else if (!vma->vm_file) {
1549 + return -EFAULT;
1550 +- address = __vma_address(page, vma);
1551 +- if (unlikely(address < vma->vm_start || address >= vma->vm_end))
1552 ++ } else if (vma->vm_file->f_mapping != compound_head(page)->mapping) {
1553 + return -EFAULT;
1554 +- return address;
1555 ++ }
1556 ++
1557 ++ return vma_address(page, vma);
1558 + }
1559 +
1560 + pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address)
1561 +@@ -896,7 +893,7 @@ static bool page_mkclean_one(struct page *page, struct vm_area_struct *vma,
1562 + * We have to assume the worse case ie pmd for invalidation. Note that
1563 + * the page can not be free from this function.
1564 + */
1565 +- end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page)));
1566 ++ end = vma_address_end(page, vma);
1567 + mmu_notifier_invalidate_range_start(vma->vm_mm, start, end);
1568 +
1569 + while (page_vma_mapped_walk(&pvmw)) {
1570 +@@ -1348,6 +1345,15 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
1571 + unsigned long start = address, end;
1572 + enum ttu_flags flags = (enum ttu_flags)arg;
1573 +
1574 ++ /*
1575 ++ * When racing against e.g. zap_pte_range() on another cpu,
1576 ++ * in between its ptep_get_and_clear_full() and page_remove_rmap(),
1577 ++ * try_to_unmap() may return false when it is about to become true,
1578 ++ * if page table locking is skipped: use TTU_SYNC to wait for that.
1579 ++ */
1580 ++ if (flags & TTU_SYNC)
1581 ++ pvmw.flags = PVMW_SYNC;
1582 ++
1583 + /* munlock has nothing to gain from examining un-locked vmas */
1584 + if ((flags & TTU_MUNLOCK) && !(vma->vm_flags & VM_LOCKED))
1585 + return true;
1586 +@@ -1369,7 +1375,8 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
1587 + * Note that the page can not be free in this function as call of
1588 + * try_to_unmap() must hold a reference on the page.
1589 + */
1590 +- end = min(vma->vm_end, start + (PAGE_SIZE << compound_order(page)));
1591 ++ end = PageKsm(page) ?
1592 ++ address + PAGE_SIZE : vma_address_end(page, vma);
1593 + if (PageHuge(page)) {
1594 + /*
1595 + * If sharing is possible, start and end will be adjusted
1596 +@@ -1682,9 +1689,9 @@ static bool invalid_migration_vma(struct vm_area_struct *vma, void *arg)
1597 + return is_vma_temporary_stack(vma);
1598 + }
1599 +
1600 +-static int page_mapcount_is_zero(struct page *page)
1601 ++static int page_not_mapped(struct page *page)
1602 + {
1603 +- return !total_mapcount(page);
1604 ++ return !page_mapped(page);
1605 + }
1606 +
1607 + /**
1608 +@@ -1702,7 +1709,7 @@ bool try_to_unmap(struct page *page, enum ttu_flags flags)
1609 + struct rmap_walk_control rwc = {
1610 + .rmap_one = try_to_unmap_one,
1611 + .arg = (void *)flags,
1612 +- .done = page_mapcount_is_zero,
1613 ++ .done = page_not_mapped,
1614 + .anon_lock = page_lock_anon_vma_read,
1615 + };
1616 +
1617 +@@ -1723,14 +1730,15 @@ bool try_to_unmap(struct page *page, enum ttu_flags flags)
1618 + else
1619 + rmap_walk(page, &rwc);
1620 +
1621 +- return !page_mapcount(page) ? true : false;
1622 ++ /*
1623 ++ * When racing against e.g. zap_pte_range() on another cpu,
1624 ++ * in between its ptep_get_and_clear_full() and page_remove_rmap(),
1625 ++ * try_to_unmap() may return false when it is about to become true,
1626 ++ * if page table locking is skipped: use TTU_SYNC to wait for that.
1627 ++ */
1628 ++ return !page_mapcount(page);
1629 + }
1630 +
1631 +-static int page_not_mapped(struct page *page)
1632 +-{
1633 +- return !page_mapped(page);
1634 +-};
1635 +-
1636 + /**
1637 + * try_to_munlock - try to munlock a page
1638 + * @page: the page to be munlocked
1639 +@@ -1825,6 +1833,7 @@ static void rmap_walk_anon(struct page *page, struct rmap_walk_control *rwc,
1640 + struct vm_area_struct *vma = avc->vma;
1641 + unsigned long address = vma_address(page, vma);
1642 +
1643 ++ VM_BUG_ON_VMA(address == -EFAULT, vma);
1644 + cond_resched();
1645 +
1646 + if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg))
1647 +@@ -1879,6 +1888,7 @@ static void rmap_walk_file(struct page *page, struct rmap_walk_control *rwc,
1648 + pgoff_start, pgoff_end) {
1649 + unsigned long address = vma_address(page, vma);
1650 +
1651 ++ VM_BUG_ON_VMA(address == -EFAULT, vma);
1652 + cond_resched();
1653 +
1654 + if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg))
1655 +diff --git a/mm/truncate.c b/mm/truncate.c
1656 +index 71b65aab80775..43c73db17a0a6 100644
1657 +--- a/mm/truncate.c
1658 ++++ b/mm/truncate.c
1659 +@@ -175,13 +175,10 @@ void do_invalidatepage(struct page *page, unsigned int offset,
1660 + * its lock, b) when a concurrent invalidate_mapping_pages got there first and
1661 + * c) when tmpfs swizzles a page between a tmpfs inode and swapper_space.
1662 + */
1663 +-static void
1664 +-truncate_cleanup_page(struct address_space *mapping, struct page *page)
1665 ++static void truncate_cleanup_page(struct page *page)
1666 + {
1667 +- if (page_mapped(page)) {
1668 +- pgoff_t nr = PageTransHuge(page) ? HPAGE_PMD_NR : 1;
1669 +- unmap_mapping_pages(mapping, page->index, nr, false);
1670 +- }
1671 ++ if (page_mapped(page))
1672 ++ unmap_mapping_page(page);
1673 +
1674 + if (page_has_private(page))
1675 + do_invalidatepage(page, 0, PAGE_SIZE);
1676 +@@ -226,7 +223,7 @@ int truncate_inode_page(struct address_space *mapping, struct page *page)
1677 + if (page->mapping != mapping)
1678 + return -EIO;
1679 +
1680 +- truncate_cleanup_page(mapping, page);
1681 ++ truncate_cleanup_page(page);
1682 + delete_from_page_cache(page);
1683 + return 0;
1684 + }
1685 +@@ -364,7 +361,7 @@ void truncate_inode_pages_range(struct address_space *mapping,
1686 + pagevec_add(&locked_pvec, page);
1687 + }
1688 + for (i = 0; i < pagevec_count(&locked_pvec); i++)
1689 +- truncate_cleanup_page(mapping, locked_pvec.pages[i]);
1690 ++ truncate_cleanup_page(locked_pvec.pages[i]);
1691 + delete_from_page_cache_batch(mapping, &locked_pvec);
1692 + for (i = 0; i < pagevec_count(&locked_pvec); i++)
1693 + unlock_page(locked_pvec.pages[i]);
1694 +@@ -703,6 +700,16 @@ int invalidate_inode_pages2_range(struct address_space *mapping,
1695 + continue;
1696 + }
1697 +
1698 ++ if (!did_range_unmap && page_mapped(page)) {
1699 ++ /*
1700 ++ * If page is mapped, before taking its lock,
1701 ++ * zap the rest of the file in one hit.
1702 ++ */
1703 ++ unmap_mapping_pages(mapping, index,
1704 ++ (1 + end - index), false);
1705 ++ did_range_unmap = 1;
1706 ++ }
1707 ++
1708 + lock_page(page);
1709 + WARN_ON(page_to_index(page) != index);
1710 + if (page->mapping != mapping) {
1711 +@@ -710,23 +717,11 @@ int invalidate_inode_pages2_range(struct address_space *mapping,
1712 + continue;
1713 + }
1714 + wait_on_page_writeback(page);
1715 +- if (page_mapped(page)) {
1716 +- if (!did_range_unmap) {
1717 +- /*
1718 +- * Zap the rest of the file in one hit.
1719 +- */
1720 +- unmap_mapping_pages(mapping, index,
1721 +- (1 + end - index), false);
1722 +- did_range_unmap = 1;
1723 +- } else {
1724 +- /*
1725 +- * Just zap this page
1726 +- */
1727 +- unmap_mapping_pages(mapping, index,
1728 +- 1, false);
1729 +- }
1730 +- }
1731 ++
1732 ++ if (page_mapped(page))
1733 ++ unmap_mapping_page(page);
1734 + BUG_ON(page_mapped(page));
1735 ++
1736 + ret2 = do_launder_page(mapping, page);
1737 + if (ret2 == 0) {
1738 + if (!invalidate_complete_page2(mapping, page))
Report Message
Find on MARC Find on Google Groups