Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.19 commit in: /
Date: Tue, 25 Jun 2019 10:53:22
Message-Id: 1561459978.f23442a5eb74f5ba43653768abc231a8070ddaee.mpagano@gentoo
1 commit: f23442a5eb74f5ba43653768abc231a8070ddaee
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Tue Jun 25 10:52:58 2019 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Tue Jun 25 10:52:58 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f23442a5
7
8 Linux patch 4.19.56
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1055_linux-4.19.56.patch | 3375 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 3379 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 545a5dd..9ed63b1 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -263,6 +263,10 @@ Patch: 1054_linux-4.19.55.patch
21 From: https://www.kernel.org
22 Desc: Linux 4.19.55
23
24 +Patch: 1055_linux-4.19.56.patch
25 +From: https://www.kernel.org
26 +Desc: Linux 4.19.56
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1055_linux-4.19.56.patch b/1055_linux-4.19.56.patch
33 new file mode 100644
34 index 0000000..fbc387c
35 --- /dev/null
36 +++ b/1055_linux-4.19.56.patch
37 @@ -0,0 +1,3375 @@
38 +diff --git a/Makefile b/Makefile
39 +index 3addd4c286fa..a76c61f77bcd 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 4
45 + PATCHLEVEL = 19
46 +-SUBLEVEL = 55
47 ++SUBLEVEL = 56
48 + EXTRAVERSION =
49 + NAME = "People's Front"
50 +
51 +@@ -652,6 +652,7 @@ KBUILD_CFLAGS += $(call cc-disable-warning,frame-address,)
52 + KBUILD_CFLAGS += $(call cc-disable-warning, format-truncation)
53 + KBUILD_CFLAGS += $(call cc-disable-warning, format-overflow)
54 + KBUILD_CFLAGS += $(call cc-disable-warning, int-in-bool-context)
55 ++KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member)
56 +
57 + ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
58 + KBUILD_CFLAGS += -Os $(call cc-disable-warning,maybe-uninitialized,)
59 +@@ -696,7 +697,6 @@ ifeq ($(cc-name),clang)
60 + KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,)
61 + KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier)
62 + KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
63 +-KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member)
64 + # Quiet clang warning: comparison of unsigned expression < 0 is always false
65 + KBUILD_CFLAGS += $(call cc-disable-warning, tautological-compare)
66 + # CLANG uses a _MergedGlobals as optimization, but this breaks modpost, as the
67 +diff --git a/arch/arc/boot/dts/hsdk.dts b/arch/arc/boot/dts/hsdk.dts
68 +index ef149f59929a..d131c54acd3e 100644
69 +--- a/arch/arc/boot/dts/hsdk.dts
70 ++++ b/arch/arc/boot/dts/hsdk.dts
71 +@@ -175,6 +175,7 @@
72 + interrupt-names = "macirq";
73 + phy-mode = "rgmii";
74 + snps,pbl = <32>;
75 ++ snps,multicast-filter-bins = <256>;
76 + clocks = <&gmacclk>;
77 + clock-names = "stmmaceth";
78 + phy-handle = <&phy0>;
79 +@@ -183,6 +184,9 @@
80 + mac-address = [00 00 00 00 00 00]; /* Filled in by U-Boot */
81 + dma-coherent;
82 +
83 ++ tx-fifo-depth = <4096>;
84 ++ rx-fifo-depth = <4096>;
85 ++
86 + mdio {
87 + #address-cells = <1>;
88 + #size-cells = <0>;
89 +diff --git a/arch/arc/include/asm/cmpxchg.h b/arch/arc/include/asm/cmpxchg.h
90 +index d819de1c5d10..3ea4112c8302 100644
91 +--- a/arch/arc/include/asm/cmpxchg.h
92 ++++ b/arch/arc/include/asm/cmpxchg.h
93 +@@ -92,8 +92,11 @@ __cmpxchg(volatile void *ptr, unsigned long expected, unsigned long new)
94 +
95 + #endif /* CONFIG_ARC_HAS_LLSC */
96 +
97 +-#define cmpxchg(ptr, o, n) ((typeof(*(ptr)))__cmpxchg((ptr), \
98 +- (unsigned long)(o), (unsigned long)(n)))
99 ++#define cmpxchg(ptr, o, n) ({ \
100 ++ (typeof(*(ptr)))__cmpxchg((ptr), \
101 ++ (unsigned long)(o), \
102 ++ (unsigned long)(n)); \
103 ++})
104 +
105 + /*
106 + * atomic_cmpxchg is same as cmpxchg
107 +@@ -198,8 +201,11 @@ static inline unsigned long __xchg(unsigned long val, volatile void *ptr,
108 + return __xchg_bad_pointer();
109 + }
110 +
111 +-#define xchg(ptr, with) ((typeof(*(ptr)))__xchg((unsigned long)(with), (ptr), \
112 +- sizeof(*(ptr))))
113 ++#define xchg(ptr, with) ({ \
114 ++ (typeof(*(ptr)))__xchg((unsigned long)(with), \
115 ++ (ptr), \
116 ++ sizeof(*(ptr))); \
117 ++})
118 +
119 + #endif /* CONFIG_ARC_PLAT_EZNPS */
120 +
121 +diff --git a/arch/arc/mm/tlb.c b/arch/arc/mm/tlb.c
122 +index 4097764fea23..fa18c00b0cfd 100644
123 +--- a/arch/arc/mm/tlb.c
124 ++++ b/arch/arc/mm/tlb.c
125 +@@ -911,9 +911,11 @@ void do_tlb_overlap_fault(unsigned long cause, unsigned long address,
126 + struct pt_regs *regs)
127 + {
128 + struct cpuinfo_arc_mmu *mmu = &cpuinfo_arc700[smp_processor_id()].mmu;
129 +- unsigned int pd0[mmu->ways];
130 + unsigned long flags;
131 +- int set;
132 ++ int set, n_ways = mmu->ways;
133 ++
134 ++ n_ways = min(n_ways, 4);
135 ++ BUG_ON(mmu->ways > 4);
136 +
137 + local_irq_save(flags);
138 +
139 +@@ -921,9 +923,10 @@ void do_tlb_overlap_fault(unsigned long cause, unsigned long address,
140 + for (set = 0; set < mmu->sets; set++) {
141 +
142 + int is_valid, way;
143 ++ unsigned int pd0[4];
144 +
145 + /* read out all the ways of current set */
146 +- for (way = 0, is_valid = 0; way < mmu->ways; way++) {
147 ++ for (way = 0, is_valid = 0; way < n_ways; way++) {
148 + write_aux_reg(ARC_REG_TLBINDEX,
149 + SET_WAY_TO_IDX(mmu, set, way));
150 + write_aux_reg(ARC_REG_TLBCOMMAND, TLBRead);
151 +@@ -937,14 +940,14 @@ void do_tlb_overlap_fault(unsigned long cause, unsigned long address,
152 + continue;
153 +
154 + /* Scan the set for duplicate ways: needs a nested loop */
155 +- for (way = 0; way < mmu->ways - 1; way++) {
156 ++ for (way = 0; way < n_ways - 1; way++) {
157 +
158 + int n;
159 +
160 + if (!pd0[way])
161 + continue;
162 +
163 +- for (n = way + 1; n < mmu->ways; n++) {
164 ++ for (n = way + 1; n < n_ways; n++) {
165 + if (pd0[way] != pd0[n])
166 + continue;
167 +
168 +diff --git a/arch/arm/boot/dts/am57xx-idk-common.dtsi b/arch/arm/boot/dts/am57xx-idk-common.dtsi
169 +index c9063ffca524..3fd9a1676d88 100644
170 +--- a/arch/arm/boot/dts/am57xx-idk-common.dtsi
171 ++++ b/arch/arm/boot/dts/am57xx-idk-common.dtsi
172 +@@ -410,6 +410,7 @@
173 + vqmmc-supply = <&ldo1_reg>;
174 + bus-width = <4>;
175 + cd-gpios = <&gpio6 27 GPIO_ACTIVE_LOW>; /* gpio 219 */
176 ++ no-1-8-v;
177 + };
178 +
179 + &mmc2 {
180 +diff --git a/arch/arm/boot/dts/dra76x-mmc-iodelay.dtsi b/arch/arm/boot/dts/dra76x-mmc-iodelay.dtsi
181 +index baba7b00eca7..fdca48186916 100644
182 +--- a/arch/arm/boot/dts/dra76x-mmc-iodelay.dtsi
183 ++++ b/arch/arm/boot/dts/dra76x-mmc-iodelay.dtsi
184 +@@ -22,7 +22,7 @@
185 + *
186 + * Datamanual Revisions:
187 + *
188 +- * DRA76x Silicon Revision 1.0: SPRS993A, Revised July 2017
189 ++ * DRA76x Silicon Revision 1.0: SPRS993E, Revised December 2018
190 + *
191 + */
192 +
193 +@@ -169,25 +169,25 @@
194 + /* Corresponds to MMC2_HS200_MANUAL1 in datamanual */
195 + mmc2_iodelay_hs200_conf: mmc2_iodelay_hs200_conf {
196 + pinctrl-pin-array = <
197 +- 0x190 A_DELAY_PS(384) G_DELAY_PS(0) /* CFG_GPMC_A19_OEN */
198 +- 0x194 A_DELAY_PS(0) G_DELAY_PS(174) /* CFG_GPMC_A19_OUT */
199 +- 0x1a8 A_DELAY_PS(410) G_DELAY_PS(0) /* CFG_GPMC_A20_OEN */
200 +- 0x1ac A_DELAY_PS(85) G_DELAY_PS(0) /* CFG_GPMC_A20_OUT */
201 +- 0x1b4 A_DELAY_PS(468) G_DELAY_PS(0) /* CFG_GPMC_A21_OEN */
202 +- 0x1b8 A_DELAY_PS(139) G_DELAY_PS(0) /* CFG_GPMC_A21_OUT */
203 +- 0x1c0 A_DELAY_PS(676) G_DELAY_PS(0) /* CFG_GPMC_A22_OEN */
204 +- 0x1c4 A_DELAY_PS(69) G_DELAY_PS(0) /* CFG_GPMC_A22_OUT */
205 +- 0x1d0 A_DELAY_PS(1062) G_DELAY_PS(154) /* CFG_GPMC_A23_OUT */
206 +- 0x1d8 A_DELAY_PS(640) G_DELAY_PS(0) /* CFG_GPMC_A24_OEN */
207 +- 0x1dc A_DELAY_PS(0) G_DELAY_PS(0) /* CFG_GPMC_A24_OUT */
208 +- 0x1e4 A_DELAY_PS(356) G_DELAY_PS(0) /* CFG_GPMC_A25_OEN */
209 +- 0x1e8 A_DELAY_PS(0) G_DELAY_PS(0) /* CFG_GPMC_A25_OUT */
210 +- 0x1f0 A_DELAY_PS(579) G_DELAY_PS(0) /* CFG_GPMC_A26_OEN */
211 +- 0x1f4 A_DELAY_PS(0) G_DELAY_PS(0) /* CFG_GPMC_A26_OUT */
212 +- 0x1fc A_DELAY_PS(435) G_DELAY_PS(0) /* CFG_GPMC_A27_OEN */
213 +- 0x200 A_DELAY_PS(36) G_DELAY_PS(0) /* CFG_GPMC_A27_OUT */
214 +- 0x364 A_DELAY_PS(759) G_DELAY_PS(0) /* CFG_GPMC_CS1_OEN */
215 +- 0x368 A_DELAY_PS(72) G_DELAY_PS(0) /* CFG_GPMC_CS1_OUT */
216 ++ 0x190 A_DELAY_PS(384) G_DELAY_PS(0) /* CFG_GPMC_A19_OEN */
217 ++ 0x194 A_DELAY_PS(350) G_DELAY_PS(174) /* CFG_GPMC_A19_OUT */
218 ++ 0x1a8 A_DELAY_PS(410) G_DELAY_PS(0) /* CFG_GPMC_A20_OEN */
219 ++ 0x1ac A_DELAY_PS(335) G_DELAY_PS(0) /* CFG_GPMC_A20_OUT */
220 ++ 0x1b4 A_DELAY_PS(468) G_DELAY_PS(0) /* CFG_GPMC_A21_OEN */
221 ++ 0x1b8 A_DELAY_PS(339) G_DELAY_PS(0) /* CFG_GPMC_A21_OUT */
222 ++ 0x1c0 A_DELAY_PS(676) G_DELAY_PS(0) /* CFG_GPMC_A22_OEN */
223 ++ 0x1c4 A_DELAY_PS(219) G_DELAY_PS(0) /* CFG_GPMC_A22_OUT */
224 ++ 0x1d0 A_DELAY_PS(1062) G_DELAY_PS(154) /* CFG_GPMC_A23_OUT */
225 ++ 0x1d8 A_DELAY_PS(640) G_DELAY_PS(0) /* CFG_GPMC_A24_OEN */
226 ++ 0x1dc A_DELAY_PS(150) G_DELAY_PS(0) /* CFG_GPMC_A24_OUT */
227 ++ 0x1e4 A_DELAY_PS(356) G_DELAY_PS(0) /* CFG_GPMC_A25_OEN */
228 ++ 0x1e8 A_DELAY_PS(150) G_DELAY_PS(0) /* CFG_GPMC_A25_OUT */
229 ++ 0x1f0 A_DELAY_PS(579) G_DELAY_PS(0) /* CFG_GPMC_A26_OEN */
230 ++ 0x1f4 A_DELAY_PS(200) G_DELAY_PS(0) /* CFG_GPMC_A26_OUT */
231 ++ 0x1fc A_DELAY_PS(435) G_DELAY_PS(0) /* CFG_GPMC_A27_OEN */
232 ++ 0x200 A_DELAY_PS(236) G_DELAY_PS(0) /* CFG_GPMC_A27_OUT */
233 ++ 0x364 A_DELAY_PS(759) G_DELAY_PS(0) /* CFG_GPMC_CS1_OEN */
234 ++ 0x368 A_DELAY_PS(372) G_DELAY_PS(0) /* CFG_GPMC_CS1_OUT */
235 + >;
236 + };
237 +
238 +diff --git a/arch/arm/mach-imx/cpuidle-imx6sx.c b/arch/arm/mach-imx/cpuidle-imx6sx.c
239 +index fd0053e47a15..3708a71f30e6 100644
240 +--- a/arch/arm/mach-imx/cpuidle-imx6sx.c
241 ++++ b/arch/arm/mach-imx/cpuidle-imx6sx.c
242 +@@ -15,6 +15,7 @@
243 +
244 + #include "common.h"
245 + #include "cpuidle.h"
246 ++#include "hardware.h"
247 +
248 + static int imx6sx_idle_finish(unsigned long val)
249 + {
250 +@@ -110,7 +111,7 @@ int __init imx6sx_cpuidle_init(void)
251 + * except for power up sw2iso which need to be
252 + * larger than LDO ramp up time.
253 + */
254 +- imx_gpc_set_arm_power_up_timing(0xf, 1);
255 ++ imx_gpc_set_arm_power_up_timing(cpu_is_imx6sx() ? 0xf : 0x2, 1);
256 + imx_gpc_set_arm_power_down_timing(1, 1);
257 +
258 + return cpuidle_register(&imx6sx_cpuidle_driver, NULL);
259 +diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
260 +index 35649ee8ad56..c12ff63265a9 100644
261 +--- a/arch/arm64/Makefile
262 ++++ b/arch/arm64/Makefile
263 +@@ -51,6 +51,7 @@ endif
264 +
265 + KBUILD_CFLAGS += -mgeneral-regs-only $(lseinstr) $(brokengasinst)
266 + KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
267 ++KBUILD_CFLAGS += -Wno-psabi
268 + KBUILD_AFLAGS += $(lseinstr) $(brokengasinst)
269 +
270 + KBUILD_CFLAGS += $(call cc-option,-mabi=lp64)
271 +diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
272 +index ad64d2c92ef5..5dff8eccd17d 100644
273 +--- a/arch/arm64/include/uapi/asm/ptrace.h
274 ++++ b/arch/arm64/include/uapi/asm/ptrace.h
275 +@@ -64,8 +64,6 @@
276 +
277 + #ifndef __ASSEMBLY__
278 +
279 +-#include <linux/prctl.h>
280 +-
281 + /*
282 + * User structures for general purpose, floating point and debug registers.
283 + */
284 +@@ -112,10 +110,10 @@ struct user_sve_header {
285 +
286 + /*
287 + * Common SVE_PT_* flags:
288 +- * These must be kept in sync with prctl interface in <linux/ptrace.h>
289 ++ * These must be kept in sync with prctl interface in <linux/prctl.h>
290 + */
291 +-#define SVE_PT_VL_INHERIT (PR_SVE_VL_INHERIT >> 16)
292 +-#define SVE_PT_VL_ONEXEC (PR_SVE_SET_VL_ONEXEC >> 16)
293 ++#define SVE_PT_VL_INHERIT ((1 << 17) /* PR_SVE_VL_INHERIT */ >> 16)
294 ++#define SVE_PT_VL_ONEXEC ((1 << 18) /* PR_SVE_SET_VL_ONEXEC */ >> 16)
295 +
296 +
297 + /*
298 +diff --git a/arch/arm64/kernel/ssbd.c b/arch/arm64/kernel/ssbd.c
299 +index 3432e5ef9f41..388f8fc13080 100644
300 +--- a/arch/arm64/kernel/ssbd.c
301 ++++ b/arch/arm64/kernel/ssbd.c
302 +@@ -4,6 +4,7 @@
303 + */
304 +
305 + #include <linux/errno.h>
306 ++#include <linux/prctl.h>
307 + #include <linux/sched.h>
308 + #include <linux/thread_info.h>
309 +
310 +diff --git a/arch/mips/kernel/uprobes.c b/arch/mips/kernel/uprobes.c
311 +index 4aaff3b3175c..6dbe4eab0a0e 100644
312 +--- a/arch/mips/kernel/uprobes.c
313 ++++ b/arch/mips/kernel/uprobes.c
314 +@@ -112,9 +112,6 @@ int arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs)
315 + */
316 + aup->resume_epc = regs->cp0_epc + 4;
317 + if (insn_has_delay_slot((union mips_instruction) aup->insn[0])) {
318 +- unsigned long epc;
319 +-
320 +- epc = regs->cp0_epc;
321 + __compute_return_epc_for_insn(regs,
322 + (union mips_instruction) aup->insn[0]);
323 + aup->resume_epc = regs->cp0_epc;
324 +diff --git a/arch/parisc/math-emu/cnv_float.h b/arch/parisc/math-emu/cnv_float.h
325 +index 933423fa5144..b0db61188a61 100644
326 +--- a/arch/parisc/math-emu/cnv_float.h
327 ++++ b/arch/parisc/math-emu/cnv_float.h
328 +@@ -60,19 +60,19 @@
329 + ((exponent < (SGL_P - 1)) ? \
330 + (Sall(sgl_value) << (SGL_EXP_LENGTH + 1 + exponent)) : FALSE)
331 +
332 +-#define Int_isinexact_to_sgl(int_value) (int_value << 33 - SGL_EXP_LENGTH)
333 ++#define Int_isinexact_to_sgl(int_value) ((int_value << 33 - SGL_EXP_LENGTH) != 0)
334 +
335 + #define Sgl_roundnearest_from_int(int_value,sgl_value) \
336 + if (int_value & 1<<(SGL_EXP_LENGTH - 2)) /* round bit */ \
337 +- if ((int_value << 34 - SGL_EXP_LENGTH) || Slow(sgl_value)) \
338 ++ if (((int_value << 34 - SGL_EXP_LENGTH) != 0) || Slow(sgl_value)) \
339 + Sall(sgl_value)++
340 +
341 + #define Dint_isinexact_to_sgl(dint_valueA,dint_valueB) \
342 +- ((Dintp1(dint_valueA) << 33 - SGL_EXP_LENGTH) || Dintp2(dint_valueB))
343 ++ (((Dintp1(dint_valueA) << 33 - SGL_EXP_LENGTH) != 0) || Dintp2(dint_valueB))
344 +
345 + #define Sgl_roundnearest_from_dint(dint_valueA,dint_valueB,sgl_value) \
346 + if (Dintp1(dint_valueA) & 1<<(SGL_EXP_LENGTH - 2)) \
347 +- if ((Dintp1(dint_valueA) << 34 - SGL_EXP_LENGTH) || \
348 ++ if (((Dintp1(dint_valueA) << 34 - SGL_EXP_LENGTH) != 0) || \
349 + Dintp2(dint_valueB) || Slow(sgl_value)) Sall(sgl_value)++
350 +
351 + #define Dint_isinexact_to_dbl(dint_value) \
352 +diff --git a/arch/powerpc/include/asm/ppc-opcode.h b/arch/powerpc/include/asm/ppc-opcode.h
353 +index 2b7135391231..d9d5391b2af6 100644
354 +--- a/arch/powerpc/include/asm/ppc-opcode.h
355 ++++ b/arch/powerpc/include/asm/ppc-opcode.h
356 +@@ -336,6 +336,7 @@
357 + #define PPC_INST_MULLI 0x1c000000
358 + #define PPC_INST_DIVWU 0x7c000396
359 + #define PPC_INST_DIVD 0x7c0003d2
360 ++#define PPC_INST_DIVDU 0x7c000392
361 + #define PPC_INST_RLWINM 0x54000000
362 + #define PPC_INST_RLWIMI 0x50000000
363 + #define PPC_INST_RLDICL 0x78000000
364 +diff --git a/arch/powerpc/mm/mmu_context_book3s64.c b/arch/powerpc/mm/mmu_context_book3s64.c
365 +index dbd8f762140b..68984d85ad6b 100644
366 +--- a/arch/powerpc/mm/mmu_context_book3s64.c
367 ++++ b/arch/powerpc/mm/mmu_context_book3s64.c
368 +@@ -53,14 +53,48 @@ int hash__alloc_context_id(void)
369 + }
370 + EXPORT_SYMBOL_GPL(hash__alloc_context_id);
371 +
372 ++static int realloc_context_ids(mm_context_t *ctx)
373 ++{
374 ++ int i, id;
375 ++
376 ++ /*
377 ++ * id 0 (aka. ctx->id) is special, we always allocate a new one, even if
378 ++ * there wasn't one allocated previously (which happens in the exec
379 ++ * case where ctx is newly allocated).
380 ++ *
381 ++ * We have to be a bit careful here. We must keep the existing ids in
382 ++ * the array, so that we can test if they're non-zero to decide if we
383 ++ * need to allocate a new one. However in case of error we must free the
384 ++ * ids we've allocated but *not* any of the existing ones (or risk a
385 ++ * UAF). That's why we decrement i at the start of the error handling
386 ++ * loop, to skip the id that we just tested but couldn't reallocate.
387 ++ */
388 ++ for (i = 0; i < ARRAY_SIZE(ctx->extended_id); i++) {
389 ++ if (i == 0 || ctx->extended_id[i]) {
390 ++ id = hash__alloc_context_id();
391 ++ if (id < 0)
392 ++ goto error;
393 ++
394 ++ ctx->extended_id[i] = id;
395 ++ }
396 ++ }
397 ++
398 ++ /* The caller expects us to return id */
399 ++ return ctx->id;
400 ++
401 ++error:
402 ++ for (i--; i >= 0; i--) {
403 ++ if (ctx->extended_id[i])
404 ++ ida_free(&mmu_context_ida, ctx->extended_id[i]);
405 ++ }
406 ++
407 ++ return id;
408 ++}
409 ++
410 + static int hash__init_new_context(struct mm_struct *mm)
411 + {
412 + int index;
413 +
414 +- index = hash__alloc_context_id();
415 +- if (index < 0)
416 +- return index;
417 +-
418 + /*
419 + * The old code would re-promote on fork, we don't do that when using
420 + * slices as it could cause problem promoting slices that have been
421 +@@ -78,6 +112,10 @@ static int hash__init_new_context(struct mm_struct *mm)
422 + if (mm->context.id == 0)
423 + slice_init_new_context_exec(mm);
424 +
425 ++ index = realloc_context_ids(&mm->context);
426 ++ if (index < 0)
427 ++ return index;
428 ++
429 + subpage_prot_init_new_context(mm);
430 +
431 + pkey_mm_init(mm);
432 +diff --git a/arch/powerpc/net/bpf_jit.h b/arch/powerpc/net/bpf_jit.h
433 +index 68dece206048..e5c1d30ee968 100644
434 +--- a/arch/powerpc/net/bpf_jit.h
435 ++++ b/arch/powerpc/net/bpf_jit.h
436 +@@ -116,7 +116,7 @@
437 + ___PPC_RA(a) | IMM_L(i))
438 + #define PPC_DIVWU(d, a, b) EMIT(PPC_INST_DIVWU | ___PPC_RT(d) | \
439 + ___PPC_RA(a) | ___PPC_RB(b))
440 +-#define PPC_DIVD(d, a, b) EMIT(PPC_INST_DIVD | ___PPC_RT(d) | \
441 ++#define PPC_DIVDU(d, a, b) EMIT(PPC_INST_DIVDU | ___PPC_RT(d) | \
442 + ___PPC_RA(a) | ___PPC_RB(b))
443 + #define PPC_AND(d, a, b) EMIT(PPC_INST_AND | ___PPC_RA(d) | \
444 + ___PPC_RS(a) | ___PPC_RB(b))
445 +diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c
446 +index 226eec62d125..279a51bf94d0 100644
447 +--- a/arch/powerpc/net/bpf_jit_comp64.c
448 ++++ b/arch/powerpc/net/bpf_jit_comp64.c
449 +@@ -372,12 +372,12 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
450 + case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */
451 + case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */
452 + if (BPF_OP(code) == BPF_MOD) {
453 +- PPC_DIVD(b2p[TMP_REG_1], dst_reg, src_reg);
454 ++ PPC_DIVDU(b2p[TMP_REG_1], dst_reg, src_reg);
455 + PPC_MULD(b2p[TMP_REG_1], src_reg,
456 + b2p[TMP_REG_1]);
457 + PPC_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]);
458 + } else
459 +- PPC_DIVD(dst_reg, dst_reg, src_reg);
460 ++ PPC_DIVDU(dst_reg, dst_reg, src_reg);
461 + break;
462 + case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */
463 + case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */
464 +@@ -405,7 +405,7 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
465 + break;
466 + case BPF_ALU64:
467 + if (BPF_OP(code) == BPF_MOD) {
468 +- PPC_DIVD(b2p[TMP_REG_2], dst_reg,
469 ++ PPC_DIVDU(b2p[TMP_REG_2], dst_reg,
470 + b2p[TMP_REG_1]);
471 + PPC_MULD(b2p[TMP_REG_1],
472 + b2p[TMP_REG_1],
473 +@@ -413,7 +413,7 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
474 + PPC_SUB(dst_reg, dst_reg,
475 + b2p[TMP_REG_1]);
476 + } else
477 +- PPC_DIVD(dst_reg, dst_reg,
478 ++ PPC_DIVDU(dst_reg, dst_reg,
479 + b2p[TMP_REG_1]);
480 + break;
481 + }
482 +diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
483 +index 88401d5125bc..523dbfbac03d 100644
484 +--- a/arch/riscv/mm/fault.c
485 ++++ b/arch/riscv/mm/fault.c
486 +@@ -29,6 +29,7 @@
487 +
488 + #include <asm/pgalloc.h>
489 + #include <asm/ptrace.h>
490 ++#include <asm/tlbflush.h>
491 +
492 + /*
493 + * This routine handles page faults. It determines the address and the
494 +@@ -281,6 +282,18 @@ vmalloc_fault:
495 + pte_k = pte_offset_kernel(pmd_k, addr);
496 + if (!pte_present(*pte_k))
497 + goto no_context;
498 ++
499 ++ /*
500 ++ * The kernel assumes that TLBs don't cache invalid
501 ++ * entries, but in RISC-V, SFENCE.VMA specifies an
502 ++ * ordering constraint, not a cache flush; it is
503 ++ * necessary even after writing invalid entries.
504 ++ * Relying on flush_tlb_fix_spurious_fault would
505 ++ * suffice, but the extra traps reduce
506 ++ * performance. So, eagerly SFENCE.VMA.
507 ++ */
508 ++ local_flush_tlb_page(addr);
509 ++
510 + return;
511 + }
512 + }
513 +diff --git a/arch/s390/include/asm/ap.h b/arch/s390/include/asm/ap.h
514 +index 8c00fd509c45..1a6a7092d942 100644
515 +--- a/arch/s390/include/asm/ap.h
516 ++++ b/arch/s390/include/asm/ap.h
517 +@@ -221,16 +221,22 @@ static inline struct ap_queue_status ap_aqic(ap_qid_t qid,
518 + void *ind)
519 + {
520 + register unsigned long reg0 asm ("0") = qid | (3UL << 24);
521 +- register struct ap_qirq_ctrl reg1_in asm ("1") = qirqctrl;
522 +- register struct ap_queue_status reg1_out asm ("1");
523 ++ register union {
524 ++ unsigned long value;
525 ++ struct ap_qirq_ctrl qirqctrl;
526 ++ struct ap_queue_status status;
527 ++ } reg1 asm ("1");
528 + register void *reg2 asm ("2") = ind;
529 +
530 ++ reg1.qirqctrl = qirqctrl;
531 ++
532 + asm volatile(
533 + ".long 0xb2af0000" /* PQAP(AQIC) */
534 +- : "=d" (reg1_out)
535 +- : "d" (reg0), "d" (reg1_in), "d" (reg2)
536 ++ : "+d" (reg1)
537 ++ : "d" (reg0), "d" (reg2)
538 + : "cc");
539 +- return reg1_out;
540 ++
541 ++ return reg1.status;
542 + }
543 +
544 + /*
545 +@@ -264,17 +270,21 @@ static inline struct ap_queue_status ap_qact(ap_qid_t qid, int ifbit,
546 + {
547 + register unsigned long reg0 asm ("0") = qid | (5UL << 24)
548 + | ((ifbit & 0x01) << 22);
549 +- register unsigned long reg1_in asm ("1") = apinfo->val;
550 +- register struct ap_queue_status reg1_out asm ("1");
551 ++ register union {
552 ++ unsigned long value;
553 ++ struct ap_queue_status status;
554 ++ } reg1 asm ("1");
555 + register unsigned long reg2 asm ("2");
556 +
557 ++ reg1.value = apinfo->val;
558 ++
559 + asm volatile(
560 + ".long 0xb2af0000" /* PQAP(QACT) */
561 +- : "+d" (reg1_in), "=d" (reg1_out), "=d" (reg2)
562 ++ : "+d" (reg1), "=d" (reg2)
563 + : "d" (reg0)
564 + : "cc");
565 + apinfo->val = reg2;
566 +- return reg1_out;
567 ++ return reg1.status;
568 + }
569 +
570 + /**
571 +diff --git a/arch/s390/include/asm/jump_label.h b/arch/s390/include/asm/jump_label.h
572 +index 40f651292aa7..9c7dc970e966 100644
573 +--- a/arch/s390/include/asm/jump_label.h
574 ++++ b/arch/s390/include/asm/jump_label.h
575 +@@ -10,6 +10,12 @@
576 + #define JUMP_LABEL_NOP_SIZE 6
577 + #define JUMP_LABEL_NOP_OFFSET 2
578 +
579 ++#if __GNUC__ < 9
580 ++#define JUMP_LABEL_STATIC_KEY_CONSTRAINT "X"
581 ++#else
582 ++#define JUMP_LABEL_STATIC_KEY_CONSTRAINT "jdd"
583 ++#endif
584 ++
585 + /*
586 + * We use a brcl 0,2 instruction for jump labels at compile time so it
587 + * can be easily distinguished from a hotpatch generated instruction.
588 +@@ -19,9 +25,9 @@ static __always_inline bool arch_static_branch(struct static_key *key, bool bran
589 + asm_volatile_goto("0: brcl 0,"__stringify(JUMP_LABEL_NOP_OFFSET)"\n"
590 + ".pushsection __jump_table, \"aw\"\n"
591 + ".balign 8\n"
592 +- ".quad 0b, %l[label], %0\n"
593 ++ ".quad 0b, %l[label], %0+%1\n"
594 + ".popsection\n"
595 +- : : "X" (&((char *)key)[branch]) : : label);
596 ++ : : JUMP_LABEL_STATIC_KEY_CONSTRAINT (key), "i" (branch) : : label);
597 +
598 + return false;
599 + label:
600 +@@ -33,9 +39,9 @@ static __always_inline bool arch_static_branch_jump(struct static_key *key, bool
601 + asm_volatile_goto("0: brcl 15, %l[label]\n"
602 + ".pushsection __jump_table, \"aw\"\n"
603 + ".balign 8\n"
604 +- ".quad 0b, %l[label], %0\n"
605 ++ ".quad 0b, %l[label], %0+%1\n"
606 + ".popsection\n"
607 +- : : "X" (&((char *)key)[branch]) : : label);
608 ++ : : JUMP_LABEL_STATIC_KEY_CONSTRAINT (key), "i" (branch) : : label);
609 +
610 + return false;
611 + label:
612 +diff --git a/arch/sparc/kernel/mdesc.c b/arch/sparc/kernel/mdesc.c
613 +index 39a2503fa3e1..51028abe5e90 100644
614 +--- a/arch/sparc/kernel/mdesc.c
615 ++++ b/arch/sparc/kernel/mdesc.c
616 +@@ -357,6 +357,8 @@ static int get_vdev_port_node_info(struct mdesc_handle *md, u64 node,
617 +
618 + node_info->vdev_port.id = *idp;
619 + node_info->vdev_port.name = kstrdup_const(name, GFP_KERNEL);
620 ++ if (!node_info->vdev_port.name)
621 ++ return -1;
622 + node_info->vdev_port.parent_cfg_hdl = *parent_cfg_hdlp;
623 +
624 + return 0;
625 +diff --git a/arch/sparc/kernel/perf_event.c b/arch/sparc/kernel/perf_event.c
626 +index 67b3e6b3ce5d..1ad5911f62b4 100644
627 +--- a/arch/sparc/kernel/perf_event.c
628 ++++ b/arch/sparc/kernel/perf_event.c
629 +@@ -891,6 +891,10 @@ static int sparc_perf_event_set_period(struct perf_event *event,
630 + s64 period = hwc->sample_period;
631 + int ret = 0;
632 +
633 ++ /* The period may have been changed by PERF_EVENT_IOC_PERIOD */
634 ++ if (unlikely(period != hwc->last_period))
635 ++ left = period - (hwc->last_period - left);
636 ++
637 + if (unlikely(left <= -period)) {
638 + left = period;
639 + local64_set(&hwc->period_left, left);
640 +diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
641 +index 643670fb8943..274d220d0a83 100644
642 +--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
643 ++++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
644 +@@ -2379,7 +2379,7 @@ static int rdtgroup_init_alloc(struct rdtgroup *rdtgrp)
645 + if (closid_allocated(i) && i != closid) {
646 + mode = rdtgroup_mode_by_closid(i);
647 + if (mode == RDT_MODE_PSEUDO_LOCKSETUP)
648 +- break;
649 ++ continue;
650 + used_b |= *ctrl;
651 + if (mode == RDT_MODE_SHAREABLE)
652 + d->new_ctrl |= *ctrl;
653 +diff --git a/arch/xtensa/kernel/setup.c b/arch/xtensa/kernel/setup.c
654 +index 351283b60df6..a285fbd0fd9b 100644
655 +--- a/arch/xtensa/kernel/setup.c
656 ++++ b/arch/xtensa/kernel/setup.c
657 +@@ -310,7 +310,8 @@ extern char _SecondaryResetVector_text_start;
658 + extern char _SecondaryResetVector_text_end;
659 + #endif
660 +
661 +-static inline int mem_reserve(unsigned long start, unsigned long end)
662 ++static inline int __init_memblock mem_reserve(unsigned long start,
663 ++ unsigned long end)
664 + {
665 + return memblock_reserve(start, end - start);
666 + }
667 +diff --git a/drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c b/drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c
668 +index c4eb55e3011c..c05ef7f1d7b6 100644
669 +--- a/drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c
670 ++++ b/drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c
671 +@@ -512,7 +512,8 @@ dma_chan_prep_dma_memcpy(struct dma_chan *dchan, dma_addr_t dst_adr,
672 + return vchan_tx_prep(&chan->vc, &first->vd, flags);
673 +
674 + err_desc_get:
675 +- axi_desc_put(first);
676 ++ if (first)
677 ++ axi_desc_put(first);
678 + return NULL;
679 + }
680 +
681 +diff --git a/drivers/dma/sprd-dma.c b/drivers/dma/sprd-dma.c
682 +index 55df0d41355b..1ed1c7efa288 100644
683 +--- a/drivers/dma/sprd-dma.c
684 ++++ b/drivers/dma/sprd-dma.c
685 +@@ -663,7 +663,7 @@ static int sprd_dma_fill_desc(struct dma_chan *chan,
686 + temp |= slave_cfg->src_maxburst & SPRD_DMA_FRG_LEN_MASK;
687 + hw->frg_len = temp;
688 +
689 +- hw->blk_len = len & SPRD_DMA_BLK_LEN_MASK;
690 ++ hw->blk_len = slave_cfg->src_maxburst & SPRD_DMA_BLK_LEN_MASK;
691 + hw->trsc_len = len & SPRD_DMA_TRSC_LEN_MASK;
692 +
693 + temp = (dst_step & SPRD_DMA_TRSF_STEP_MASK) << SPRD_DMA_DEST_TRSF_STEP_OFFSET;
694 +diff --git a/drivers/fpga/dfl-afu-dma-region.c b/drivers/fpga/dfl-afu-dma-region.c
695 +index 0e81d33af856..c9a613dc9eb7 100644
696 +--- a/drivers/fpga/dfl-afu-dma-region.c
697 ++++ b/drivers/fpga/dfl-afu-dma-region.c
698 +@@ -399,7 +399,7 @@ int afu_dma_map_region(struct dfl_feature_platform_data *pdata,
699 + region->pages[0], 0,
700 + region->length,
701 + DMA_BIDIRECTIONAL);
702 +- if (dma_mapping_error(&pdata->dev->dev, region->iova)) {
703 ++ if (dma_mapping_error(dfl_fpga_pdata_to_parent(pdata), region->iova)) {
704 + dev_err(&pdata->dev->dev, "failed to map for dma\n");
705 + ret = -EFAULT;
706 + goto unpin_pages;
707 +diff --git a/drivers/fpga/dfl.c b/drivers/fpga/dfl.c
708 +index a9b521bccb06..ab361ec78df4 100644
709 +--- a/drivers/fpga/dfl.c
710 ++++ b/drivers/fpga/dfl.c
711 +@@ -40,6 +40,13 @@ enum dfl_fpga_devt_type {
712 + DFL_FPGA_DEVT_MAX,
713 + };
714 +
715 ++static struct lock_class_key dfl_pdata_keys[DFL_ID_MAX];
716 ++
717 ++static const char *dfl_pdata_key_strings[DFL_ID_MAX] = {
718 ++ "dfl-fme-pdata",
719 ++ "dfl-port-pdata",
720 ++};
721 ++
722 + /**
723 + * dfl_dev_info - dfl feature device information.
724 + * @name: name string of the feature platform device.
725 +@@ -443,11 +450,16 @@ static int build_info_commit_dev(struct build_feature_devs_info *binfo)
726 + struct platform_device *fdev = binfo->feature_dev;
727 + struct dfl_feature_platform_data *pdata;
728 + struct dfl_feature_info *finfo, *p;
729 ++ enum dfl_id_type type;
730 + int ret, index = 0;
731 +
732 + if (!fdev)
733 + return 0;
734 +
735 ++ type = feature_dev_id_type(fdev);
736 ++ if (WARN_ON_ONCE(type >= DFL_ID_MAX))
737 ++ return -EINVAL;
738 ++
739 + /*
740 + * we do not need to care for the memory which is associated with
741 + * the platform device. After calling platform_device_unregister(),
742 +@@ -463,6 +475,8 @@ static int build_info_commit_dev(struct build_feature_devs_info *binfo)
743 + pdata->num = binfo->feature_num;
744 + pdata->dfl_cdev = binfo->cdev;
745 + mutex_init(&pdata->lock);
746 ++ lockdep_set_class_and_name(&pdata->lock, &dfl_pdata_keys[type],
747 ++ dfl_pdata_key_strings[type]);
748 +
749 + /*
750 + * the count should be initialized to 0 to make sure
751 +@@ -497,7 +511,7 @@ static int build_info_commit_dev(struct build_feature_devs_info *binfo)
752 +
753 + ret = platform_device_add(binfo->feature_dev);
754 + if (!ret) {
755 +- if (feature_dev_id_type(binfo->feature_dev) == PORT_ID)
756 ++ if (type == PORT_ID)
757 + dfl_fpga_cdev_add_port_dev(binfo->cdev,
758 + binfo->feature_dev);
759 + else
760 +diff --git a/drivers/gpu/drm/arm/hdlcd_crtc.c b/drivers/gpu/drm/arm/hdlcd_crtc.c
761 +index e4d67b70244d..e69d996eabad 100644
762 +--- a/drivers/gpu/drm/arm/hdlcd_crtc.c
763 ++++ b/drivers/gpu/drm/arm/hdlcd_crtc.c
764 +@@ -186,20 +186,20 @@ static void hdlcd_crtc_atomic_disable(struct drm_crtc *crtc,
765 + clk_disable_unprepare(hdlcd->clk);
766 + }
767 +
768 +-static int hdlcd_crtc_atomic_check(struct drm_crtc *crtc,
769 +- struct drm_crtc_state *state)
770 ++static enum drm_mode_status hdlcd_crtc_mode_valid(struct drm_crtc *crtc,
771 ++ const struct drm_display_mode *mode)
772 + {
773 + struct hdlcd_drm_private *hdlcd = crtc_to_hdlcd_priv(crtc);
774 +- struct drm_display_mode *mode = &state->adjusted_mode;
775 + long rate, clk_rate = mode->clock * 1000;
776 +
777 + rate = clk_round_rate(hdlcd->clk, clk_rate);
778 +- if (rate != clk_rate) {
779 ++ /* 0.1% seems a close enough tolerance for the TDA19988 on Juno */
780 ++ if (abs(rate - clk_rate) * 1000 > clk_rate) {
781 + /* clock required by mode not supported by hardware */
782 +- return -EINVAL;
783 ++ return MODE_NOCLOCK;
784 + }
785 +
786 +- return 0;
787 ++ return MODE_OK;
788 + }
789 +
790 + static void hdlcd_crtc_atomic_begin(struct drm_crtc *crtc,
791 +@@ -220,7 +220,7 @@ static void hdlcd_crtc_atomic_begin(struct drm_crtc *crtc,
792 + }
793 +
794 + static const struct drm_crtc_helper_funcs hdlcd_crtc_helper_funcs = {
795 +- .atomic_check = hdlcd_crtc_atomic_check,
796 ++ .mode_valid = hdlcd_crtc_mode_valid,
797 + .atomic_begin = hdlcd_crtc_atomic_begin,
798 + .atomic_enable = hdlcd_crtc_atomic_enable,
799 + .atomic_disable = hdlcd_crtc_atomic_disable,
800 +diff --git a/drivers/gpu/drm/arm/malidp_drv.c b/drivers/gpu/drm/arm/malidp_drv.c
801 +index 94d6dabec2dc..1ab511e33243 100644
802 +--- a/drivers/gpu/drm/arm/malidp_drv.c
803 ++++ b/drivers/gpu/drm/arm/malidp_drv.c
804 +@@ -190,6 +190,7 @@ static void malidp_atomic_commit_hw_done(struct drm_atomic_state *state)
805 + {
806 + struct drm_device *drm = state->dev;
807 + struct malidp_drm *malidp = drm->dev_private;
808 ++ int loop = 5;
809 +
810 + malidp->event = malidp->crtc.state->event;
811 + malidp->crtc.state->event = NULL;
812 +@@ -204,8 +205,18 @@ static void malidp_atomic_commit_hw_done(struct drm_atomic_state *state)
813 + drm_crtc_vblank_get(&malidp->crtc);
814 +
815 + /* only set config_valid if the CRTC is enabled */
816 +- if (malidp_set_and_wait_config_valid(drm) < 0)
817 ++ if (malidp_set_and_wait_config_valid(drm) < 0) {
818 ++ /*
819 ++ * make a loop around the second CVAL setting and
820 ++ * try 5 times before giving up.
821 ++ */
822 ++ while (loop--) {
823 ++ if (!malidp_set_and_wait_config_valid(drm))
824 ++ break;
825 ++ }
826 + DRM_DEBUG_DRIVER("timed out waiting for updated configuration\n");
827 ++ }
828 ++
829 + } else if (malidp->event) {
830 + /* CRTC inactive means vblank IRQ is disabled, send event directly */
831 + spin_lock_irq(&drm->event_lock);
832 +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
833 +index 8b9270f31409..e4e09d47c5c0 100644
834 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
835 ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
836 +@@ -136,6 +136,114 @@ static int vmw_close_channel(struct rpc_channel *channel)
837 + return 0;
838 + }
839 +
840 ++/**
841 ++ * vmw_port_hb_out - Send the message payload either through the
842 ++ * high-bandwidth port if available, or through the backdoor otherwise.
843 ++ * @channel: The rpc channel.
844 ++ * @msg: NULL-terminated message.
845 ++ * @hb: Whether the high-bandwidth port is available.
846 ++ *
847 ++ * Return: The port status.
848 ++ */
849 ++static unsigned long vmw_port_hb_out(struct rpc_channel *channel,
850 ++ const char *msg, bool hb)
851 ++{
852 ++ unsigned long si, di, eax, ebx, ecx, edx;
853 ++ unsigned long msg_len = strlen(msg);
854 ++
855 ++ if (hb) {
856 ++ unsigned long bp = channel->cookie_high;
857 ++
858 ++ si = (uintptr_t) msg;
859 ++ di = channel->cookie_low;
860 ++
861 ++ VMW_PORT_HB_OUT(
862 ++ (MESSAGE_STATUS_SUCCESS << 16) | VMW_PORT_CMD_HB_MSG,
863 ++ msg_len, si, di,
864 ++ VMW_HYPERVISOR_HB_PORT | (channel->channel_id << 16),
865 ++ VMW_HYPERVISOR_MAGIC, bp,
866 ++ eax, ebx, ecx, edx, si, di);
867 ++
868 ++ return ebx;
869 ++ }
870 ++
871 ++ /* HB port not available. Send the message 4 bytes at a time. */
872 ++ ecx = MESSAGE_STATUS_SUCCESS << 16;
873 ++ while (msg_len && (HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS)) {
874 ++ unsigned int bytes = min_t(size_t, msg_len, 4);
875 ++ unsigned long word = 0;
876 ++
877 ++ memcpy(&word, msg, bytes);
878 ++ msg_len -= bytes;
879 ++ msg += bytes;
880 ++ si = channel->cookie_high;
881 ++ di = channel->cookie_low;
882 ++
883 ++ VMW_PORT(VMW_PORT_CMD_MSG | (MSG_TYPE_SENDPAYLOAD << 16),
884 ++ word, si, di,
885 ++ VMW_HYPERVISOR_PORT | (channel->channel_id << 16),
886 ++ VMW_HYPERVISOR_MAGIC,
887 ++ eax, ebx, ecx, edx, si, di);
888 ++ }
889 ++
890 ++ return ecx;
891 ++}
892 ++
893 ++/**
894 ++ * vmw_port_hb_in - Receive the message payload either through the
895 ++ * high-bandwidth port if available, or through the backdoor otherwise.
896 ++ * @channel: The rpc channel.
897 ++ * @reply: Pointer to buffer holding reply.
898 ++ * @reply_len: Length of the reply.
899 ++ * @hb: Whether the high-bandwidth port is available.
900 ++ *
901 ++ * Return: The port status.
902 ++ */
903 ++static unsigned long vmw_port_hb_in(struct rpc_channel *channel, char *reply,
904 ++ unsigned long reply_len, bool hb)
905 ++{
906 ++ unsigned long si, di, eax, ebx, ecx, edx;
907 ++
908 ++ if (hb) {
909 ++ unsigned long bp = channel->cookie_low;
910 ++
911 ++ si = channel->cookie_high;
912 ++ di = (uintptr_t) reply;
913 ++
914 ++ VMW_PORT_HB_IN(
915 ++ (MESSAGE_STATUS_SUCCESS << 16) | VMW_PORT_CMD_HB_MSG,
916 ++ reply_len, si, di,
917 ++ VMW_HYPERVISOR_HB_PORT | (channel->channel_id << 16),
918 ++ VMW_HYPERVISOR_MAGIC, bp,
919 ++ eax, ebx, ecx, edx, si, di);
920 ++
921 ++ return ebx;
922 ++ }
923 ++
924 ++ /* HB port not available. Retrieve the message 4 bytes at a time. */
925 ++ ecx = MESSAGE_STATUS_SUCCESS << 16;
926 ++ while (reply_len) {
927 ++ unsigned int bytes = min_t(unsigned long, reply_len, 4);
928 ++
929 ++ si = channel->cookie_high;
930 ++ di = channel->cookie_low;
931 ++
932 ++ VMW_PORT(VMW_PORT_CMD_MSG | (MSG_TYPE_RECVPAYLOAD << 16),
933 ++ MESSAGE_STATUS_SUCCESS, si, di,
934 ++ VMW_HYPERVISOR_PORT | (channel->channel_id << 16),
935 ++ VMW_HYPERVISOR_MAGIC,
936 ++ eax, ebx, ecx, edx, si, di);
937 ++
938 ++ if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0)
939 ++ break;
940 ++
941 ++ memcpy(reply, &ebx, bytes);
942 ++ reply_len -= bytes;
943 ++ reply += bytes;
944 ++ }
945 ++
946 ++ return ecx;
947 ++}
948 +
949 +
950 + /**
951 +@@ -148,11 +256,10 @@ static int vmw_close_channel(struct rpc_channel *channel)
952 + */
953 + static int vmw_send_msg(struct rpc_channel *channel, const char *msg)
954 + {
955 +- unsigned long eax, ebx, ecx, edx, si, di, bp;
956 ++ unsigned long eax, ebx, ecx, edx, si, di;
957 + size_t msg_len = strlen(msg);
958 + int retries = 0;
959 +
960 +-
961 + while (retries < RETRIES) {
962 + retries++;
963 +
964 +@@ -166,23 +273,14 @@ static int vmw_send_msg(struct rpc_channel *channel, const char *msg)
965 + VMW_HYPERVISOR_MAGIC,
966 + eax, ebx, ecx, edx, si, di);
967 +
968 +- if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0 ||
969 +- (HIGH_WORD(ecx) & MESSAGE_STATUS_HB) == 0) {
970 +- /* Expected success + high-bandwidth. Give up. */
971 ++ if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0) {
972 ++ /* Expected success. Give up. */
973 + return -EINVAL;
974 + }
975 +
976 + /* Send msg */
977 +- si = (uintptr_t) msg;
978 +- di = channel->cookie_low;
979 +- bp = channel->cookie_high;
980 +-
981 +- VMW_PORT_HB_OUT(
982 +- (MESSAGE_STATUS_SUCCESS << 16) | VMW_PORT_CMD_HB_MSG,
983 +- msg_len, si, di,
984 +- VMW_HYPERVISOR_HB_PORT | (channel->channel_id << 16),
985 +- VMW_HYPERVISOR_MAGIC, bp,
986 +- eax, ebx, ecx, edx, si, di);
987 ++ ebx = vmw_port_hb_out(channel, msg,
988 ++ !!(HIGH_WORD(ecx) & MESSAGE_STATUS_HB));
989 +
990 + if ((HIGH_WORD(ebx) & MESSAGE_STATUS_SUCCESS) != 0) {
991 + return 0;
992 +@@ -211,7 +309,7 @@ STACK_FRAME_NON_STANDARD(vmw_send_msg);
993 + static int vmw_recv_msg(struct rpc_channel *channel, void **msg,
994 + size_t *msg_len)
995 + {
996 +- unsigned long eax, ebx, ecx, edx, si, di, bp;
997 ++ unsigned long eax, ebx, ecx, edx, si, di;
998 + char *reply;
999 + size_t reply_len;
1000 + int retries = 0;
1001 +@@ -233,8 +331,7 @@ static int vmw_recv_msg(struct rpc_channel *channel, void **msg,
1002 + VMW_HYPERVISOR_MAGIC,
1003 + eax, ebx, ecx, edx, si, di);
1004 +
1005 +- if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0 ||
1006 +- (HIGH_WORD(ecx) & MESSAGE_STATUS_HB) == 0) {
1007 ++ if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0) {
1008 + DRM_ERROR("Failed to get reply size for host message.\n");
1009 + return -EINVAL;
1010 + }
1011 +@@ -252,17 +349,8 @@ static int vmw_recv_msg(struct rpc_channel *channel, void **msg,
1012 +
1013 +
1014 + /* Receive buffer */
1015 +- si = channel->cookie_high;
1016 +- di = (uintptr_t) reply;
1017 +- bp = channel->cookie_low;
1018 +-
1019 +- VMW_PORT_HB_IN(
1020 +- (MESSAGE_STATUS_SUCCESS << 16) | VMW_PORT_CMD_HB_MSG,
1021 +- reply_len, si, di,
1022 +- VMW_HYPERVISOR_HB_PORT | (channel->channel_id << 16),
1023 +- VMW_HYPERVISOR_MAGIC, bp,
1024 +- eax, ebx, ecx, edx, si, di);
1025 +-
1026 ++ ebx = vmw_port_hb_in(channel, reply, reply_len,
1027 ++ !!(HIGH_WORD(ecx) & MESSAGE_STATUS_HB));
1028 + if ((HIGH_WORD(ebx) & MESSAGE_STATUS_SUCCESS) == 0) {
1029 + kfree(reply);
1030 +
1031 +diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c
1032 +index fcdbac4a56e3..6b3559f58b67 100644
1033 +--- a/drivers/hwmon/hwmon.c
1034 ++++ b/drivers/hwmon/hwmon.c
1035 +@@ -619,7 +619,7 @@ __hwmon_device_register(struct device *dev, const char *name, void *drvdata,
1036 + if (err)
1037 + goto free_hwmon;
1038 +
1039 +- if (dev && chip && chip->ops->read &&
1040 ++ if (dev && dev->of_node && chip && chip->ops->read &&
1041 + chip->info[0]->type == hwmon_chip &&
1042 + (chip->info[0]->config[0] & HWMON_C_REGISTER_TZ)) {
1043 + const struct hwmon_channel_info **info = chip->info;
1044 +diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
1045 +index 2e2b5851139c..cd24b375df1e 100644
1046 +--- a/drivers/hwmon/pmbus/pmbus_core.c
1047 ++++ b/drivers/hwmon/pmbus/pmbus_core.c
1048 +@@ -1230,7 +1230,8 @@ static int pmbus_add_sensor_attrs_one(struct i2c_client *client,
1049 + const struct pmbus_driver_info *info,
1050 + const char *name,
1051 + int index, int page,
1052 +- const struct pmbus_sensor_attr *attr)
1053 ++ const struct pmbus_sensor_attr *attr,
1054 ++ bool paged)
1055 + {
1056 + struct pmbus_sensor *base;
1057 + bool upper = !!(attr->gbit & 0xff00); /* need to check STATUS_WORD */
1058 +@@ -1238,7 +1239,7 @@ static int pmbus_add_sensor_attrs_one(struct i2c_client *client,
1059 +
1060 + if (attr->label) {
1061 + ret = pmbus_add_label(data, name, index, attr->label,
1062 +- attr->paged ? page + 1 : 0);
1063 ++ paged ? page + 1 : 0);
1064 + if (ret)
1065 + return ret;
1066 + }
1067 +@@ -1271,6 +1272,30 @@ static int pmbus_add_sensor_attrs_one(struct i2c_client *client,
1068 + return 0;
1069 + }
1070 +
1071 ++static bool pmbus_sensor_is_paged(const struct pmbus_driver_info *info,
1072 ++ const struct pmbus_sensor_attr *attr)
1073 ++{
1074 ++ int p;
1075 ++
1076 ++ if (attr->paged)
1077 ++ return true;
1078 ++
1079 ++ /*
1080 ++ * Some attributes may be present on more than one page despite
1081 ++ * not being marked with the paged attribute. If that is the case,
1082 ++ * then treat the sensor as being paged and add the page suffix to the
1083 ++ * attribute name.
1084 ++ * We don't just add the paged attribute to all such attributes, in
1085 ++ * order to maintain the un-suffixed labels in the case where the
1086 ++ * attribute is only on page 0.
1087 ++ */
1088 ++ for (p = 1; p < info->pages; p++) {
1089 ++ if (info->func[p] & attr->func)
1090 ++ return true;
1091 ++ }
1092 ++ return false;
1093 ++}
1094 ++
1095 + static int pmbus_add_sensor_attrs(struct i2c_client *client,
1096 + struct pmbus_data *data,
1097 + const char *name,
1098 +@@ -1284,14 +1309,15 @@ static int pmbus_add_sensor_attrs(struct i2c_client *client,
1099 + index = 1;
1100 + for (i = 0; i < nattrs; i++) {
1101 + int page, pages;
1102 ++ bool paged = pmbus_sensor_is_paged(info, attrs);
1103 +
1104 +- pages = attrs->paged ? info->pages : 1;
1105 ++ pages = paged ? info->pages : 1;
1106 + for (page = 0; page < pages; page++) {
1107 + if (!(info->func[page] & attrs->func))
1108 + continue;
1109 + ret = pmbus_add_sensor_attrs_one(client, data, info,
1110 + name, index, page,
1111 +- attrs);
1112 ++ attrs, paged);
1113 + if (ret)
1114 + return ret;
1115 + index++;
1116 +diff --git a/drivers/iio/temperature/mlx90632.c b/drivers/iio/temperature/mlx90632.c
1117 +index 9851311aa3fd..2d54d9cac61d 100644
1118 +--- a/drivers/iio/temperature/mlx90632.c
1119 ++++ b/drivers/iio/temperature/mlx90632.c
1120 +@@ -81,6 +81,8 @@
1121 + /* Magic constants */
1122 + #define MLX90632_ID_MEDICAL 0x0105 /* EEPROM DSPv5 Medical device id */
1123 + #define MLX90632_ID_CONSUMER 0x0205 /* EEPROM DSPv5 Consumer device id */
1124 ++#define MLX90632_DSP_VERSION 5 /* DSP version */
1125 ++#define MLX90632_DSP_MASK GENMASK(7, 0) /* DSP version in EE_VERSION */
1126 + #define MLX90632_RESET_CMD 0x0006 /* Reset sensor (address or global) */
1127 + #define MLX90632_REF_12 12LL /**< ResCtrlRef value of Ch 1 or Ch 2 */
1128 + #define MLX90632_REF_3 12LL /**< ResCtrlRef value of Channel 3 */
1129 +@@ -666,10 +668,13 @@ static int mlx90632_probe(struct i2c_client *client,
1130 + } else if (read == MLX90632_ID_CONSUMER) {
1131 + dev_dbg(&client->dev,
1132 + "Detected Consumer EEPROM calibration %x\n", read);
1133 ++ } else if ((read & MLX90632_DSP_MASK) == MLX90632_DSP_VERSION) {
1134 ++ dev_dbg(&client->dev,
1135 ++ "Detected Unknown EEPROM calibration %x\n", read);
1136 + } else {
1137 + dev_err(&client->dev,
1138 +- "EEPROM version mismatch %x (expected %x or %x)\n",
1139 +- read, MLX90632_ID_CONSUMER, MLX90632_ID_MEDICAL);
1140 ++ "Wrong DSP version %x (expected %x)\n",
1141 ++ read, MLX90632_DSP_VERSION);
1142 + return -EPROTONOSUPPORT;
1143 + }
1144 +
1145 +diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c
1146 +index b12c8ff8ed66..d8eb4dc04d69 100644
1147 +--- a/drivers/infiniband/hw/hfi1/chip.c
1148 ++++ b/drivers/infiniband/hw/hfi1/chip.c
1149 +@@ -9849,6 +9849,7 @@ void hfi1_quiet_serdes(struct hfi1_pportdata *ppd)
1150 +
1151 + /* disable the port */
1152 + clear_rcvctrl(dd, RCV_CTRL_RCV_PORT_ENABLE_SMASK);
1153 ++ cancel_work_sync(&ppd->freeze_work);
1154 + }
1155 +
1156 + static inline int init_cpu_counters(struct hfi1_devdata *dd)
1157 +diff --git a/drivers/infiniband/hw/hfi1/fault.c b/drivers/infiniband/hw/hfi1/fault.c
1158 +index e2290f32c8d9..7eaff4dcbfd7 100644
1159 +--- a/drivers/infiniband/hw/hfi1/fault.c
1160 ++++ b/drivers/infiniband/hw/hfi1/fault.c
1161 +@@ -153,6 +153,7 @@ static ssize_t fault_opcodes_write(struct file *file, const char __user *buf,
1162 + char *dash;
1163 + unsigned long range_start, range_end, i;
1164 + bool remove = false;
1165 ++ unsigned long bound = 1U << BITS_PER_BYTE;
1166 +
1167 + end = strchr(ptr, ',');
1168 + if (end)
1169 +@@ -178,6 +179,10 @@ static ssize_t fault_opcodes_write(struct file *file, const char __user *buf,
1170 + BITS_PER_BYTE);
1171 + break;
1172 + }
1173 ++ /* Check the inputs */
1174 ++ if (range_start >= bound || range_end >= bound)
1175 ++ break;
1176 ++
1177 + for (i = range_start; i <= range_end; i++) {
1178 + if (remove)
1179 + clear_bit(i, fault->opcodes);
1180 +diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b/drivers/infiniband/hw/hfi1/user_exp_rcv.c
1181 +index dbe7d14a5c76..4e986ca4dd35 100644
1182 +--- a/drivers/infiniband/hw/hfi1/user_exp_rcv.c
1183 ++++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.c
1184 +@@ -324,6 +324,9 @@ int hfi1_user_exp_rcv_setup(struct hfi1_filedata *fd,
1185 + u32 *tidlist = NULL;
1186 + struct tid_user_buf *tidbuf;
1187 +
1188 ++ if (!PAGE_ALIGNED(tinfo->vaddr))
1189 ++ return -EINVAL;
1190 ++
1191 + tidbuf = kzalloc(sizeof(*tidbuf), GFP_KERNEL);
1192 + if (!tidbuf)
1193 + return -ENOMEM;
1194 +diff --git a/drivers/infiniband/hw/hfi1/verbs.c b/drivers/infiniband/hw/hfi1/verbs.c
1195 +index 48692adbe811..27d9c4cefdc7 100644
1196 +--- a/drivers/infiniband/hw/hfi1/verbs.c
1197 ++++ b/drivers/infiniband/hw/hfi1/verbs.c
1198 +@@ -1418,8 +1418,6 @@ static void hfi1_fill_device_attr(struct hfi1_devdata *dd)
1199 + rdi->dparms.props.max_cq = hfi1_max_cqs;
1200 + rdi->dparms.props.max_ah = hfi1_max_ahs;
1201 + rdi->dparms.props.max_cqe = hfi1_max_cqes;
1202 +- rdi->dparms.props.max_mr = rdi->lkey_table.max;
1203 +- rdi->dparms.props.max_fmr = rdi->lkey_table.max;
1204 + rdi->dparms.props.max_map_per_fmr = 32767;
1205 + rdi->dparms.props.max_pd = hfi1_max_pds;
1206 + rdi->dparms.props.max_qp_rd_atom = HFI1_MAX_RDMA_ATOMIC;
1207 +diff --git a/drivers/infiniband/hw/hfi1/verbs_txreq.c b/drivers/infiniband/hw/hfi1/verbs_txreq.c
1208 +index c4ab2d5b4502..8f766dd3f61c 100644
1209 +--- a/drivers/infiniband/hw/hfi1/verbs_txreq.c
1210 ++++ b/drivers/infiniband/hw/hfi1/verbs_txreq.c
1211 +@@ -100,7 +100,7 @@ struct verbs_txreq *__get_txreq(struct hfi1_ibdev *dev,
1212 + if (ib_rvt_state_ops[qp->state] & RVT_PROCESS_RECV_OK) {
1213 + struct hfi1_qp_priv *priv;
1214 +
1215 +- tx = kmem_cache_alloc(dev->verbs_txreq_cache, GFP_ATOMIC);
1216 ++ tx = kmem_cache_alloc(dev->verbs_txreq_cache, VERBS_TXREQ_GFP);
1217 + if (tx)
1218 + goto out;
1219 + priv = qp->priv;
1220 +diff --git a/drivers/infiniband/hw/hfi1/verbs_txreq.h b/drivers/infiniband/hw/hfi1/verbs_txreq.h
1221 +index 1c19bbc764b2..b1a78985b4ec 100644
1222 +--- a/drivers/infiniband/hw/hfi1/verbs_txreq.h
1223 ++++ b/drivers/infiniband/hw/hfi1/verbs_txreq.h
1224 +@@ -72,6 +72,7 @@ struct hfi1_ibdev;
1225 + struct verbs_txreq *__get_txreq(struct hfi1_ibdev *dev,
1226 + struct rvt_qp *qp);
1227 +
1228 ++#define VERBS_TXREQ_GFP (GFP_ATOMIC | __GFP_NOWARN)
1229 + static inline struct verbs_txreq *get_txreq(struct hfi1_ibdev *dev,
1230 + struct rvt_qp *qp)
1231 + __must_hold(&qp->slock)
1232 +@@ -79,7 +80,7 @@ static inline struct verbs_txreq *get_txreq(struct hfi1_ibdev *dev,
1233 + struct verbs_txreq *tx;
1234 + struct hfi1_qp_priv *priv = qp->priv;
1235 +
1236 +- tx = kmem_cache_alloc(dev->verbs_txreq_cache, GFP_ATOMIC);
1237 ++ tx = kmem_cache_alloc(dev->verbs_txreq_cache, VERBS_TXREQ_GFP);
1238 + if (unlikely(!tx)) {
1239 + /* call slow path to get the lock */
1240 + tx = __get_txreq(dev, qp);
1241 +diff --git a/drivers/infiniband/hw/qib/qib_verbs.c b/drivers/infiniband/hw/qib/qib_verbs.c
1242 +index 41babbc0db58..803c3544c75b 100644
1243 +--- a/drivers/infiniband/hw/qib/qib_verbs.c
1244 ++++ b/drivers/infiniband/hw/qib/qib_verbs.c
1245 +@@ -1495,8 +1495,6 @@ static void qib_fill_device_attr(struct qib_devdata *dd)
1246 + rdi->dparms.props.max_cq = ib_qib_max_cqs;
1247 + rdi->dparms.props.max_cqe = ib_qib_max_cqes;
1248 + rdi->dparms.props.max_ah = ib_qib_max_ahs;
1249 +- rdi->dparms.props.max_mr = rdi->lkey_table.max;
1250 +- rdi->dparms.props.max_fmr = rdi->lkey_table.max;
1251 + rdi->dparms.props.max_map_per_fmr = 32767;
1252 + rdi->dparms.props.max_qp_rd_atom = QIB_MAX_RDMA_ATOMIC;
1253 + rdi->dparms.props.max_qp_init_rd_atom = 255;
1254 +diff --git a/drivers/infiniband/sw/rdmavt/mr.c b/drivers/infiniband/sw/rdmavt/mr.c
1255 +index 5819c9d6ffdc..39d101df229d 100644
1256 +--- a/drivers/infiniband/sw/rdmavt/mr.c
1257 ++++ b/drivers/infiniband/sw/rdmavt/mr.c
1258 +@@ -96,6 +96,8 @@ int rvt_driver_mr_init(struct rvt_dev_info *rdi)
1259 + for (i = 0; i < rdi->lkey_table.max; i++)
1260 + RCU_INIT_POINTER(rdi->lkey_table.table[i], NULL);
1261 +
1262 ++ rdi->dparms.props.max_mr = rdi->lkey_table.max;
1263 ++ rdi->dparms.props.max_fmr = rdi->lkey_table.max;
1264 + return 0;
1265 + }
1266 +
1267 +diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c
1268 +index 5ce403c6cddb..7d03680afd91 100644
1269 +--- a/drivers/infiniband/sw/rdmavt/qp.c
1270 ++++ b/drivers/infiniband/sw/rdmavt/qp.c
1271 +@@ -412,7 +412,8 @@ static int alloc_qpn(struct rvt_dev_info *rdi, struct rvt_qpn_table *qpt,
1272 + offset = qpt->incr | ((offset & 1) ^ 1);
1273 + }
1274 + /* there can be no set bits in low-order QoS bits */
1275 +- WARN_ON(offset & (BIT(rdi->dparms.qos_shift) - 1));
1276 ++ WARN_ON(rdi->dparms.qos_shift > 1 &&
1277 ++ offset & ((BIT(rdi->dparms.qos_shift - 1) - 1) << 1));
1278 + qpn = mk_qpn(qpt, map, offset);
1279 + }
1280 +
1281 +diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
1282 +index 26ec603fe220..83d1499fe021 100644
1283 +--- a/drivers/input/misc/uinput.c
1284 ++++ b/drivers/input/misc/uinput.c
1285 +@@ -1051,13 +1051,31 @@ static long uinput_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1286 +
1287 + #ifdef CONFIG_COMPAT
1288 +
1289 +-#define UI_SET_PHYS_COMPAT _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
1290 ++/*
1291 ++ * These IOCTLs change their size and thus their numbers between
1292 ++ * 32 and 64 bits.
1293 ++ */
1294 ++#define UI_SET_PHYS_COMPAT \
1295 ++ _IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
1296 ++#define UI_BEGIN_FF_UPLOAD_COMPAT \
1297 ++ _IOWR(UINPUT_IOCTL_BASE, 200, struct uinput_ff_upload_compat)
1298 ++#define UI_END_FF_UPLOAD_COMPAT \
1299 ++ _IOW(UINPUT_IOCTL_BASE, 201, struct uinput_ff_upload_compat)
1300 +
1301 + static long uinput_compat_ioctl(struct file *file,
1302 + unsigned int cmd, unsigned long arg)
1303 + {
1304 +- if (cmd == UI_SET_PHYS_COMPAT)
1305 ++ switch (cmd) {
1306 ++ case UI_SET_PHYS_COMPAT:
1307 + cmd = UI_SET_PHYS;
1308 ++ break;
1309 ++ case UI_BEGIN_FF_UPLOAD_COMPAT:
1310 ++ cmd = UI_BEGIN_FF_UPLOAD;
1311 ++ break;
1312 ++ case UI_END_FF_UPLOAD_COMPAT:
1313 ++ cmd = UI_END_FF_UPLOAD;
1314 ++ break;
1315 ++ }
1316 +
1317 + return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
1318 + }
1319 +diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
1320 +index b6da0c1267e3..8e6077d8e434 100644
1321 +--- a/drivers/input/mouse/synaptics.c
1322 ++++ b/drivers/input/mouse/synaptics.c
1323 +@@ -179,6 +179,8 @@ static const char * const smbus_pnp_ids[] = {
1324 + "LEN0096", /* X280 */
1325 + "LEN0097", /* X280 -> ALPS trackpoint */
1326 + "LEN200f", /* T450s */
1327 ++ "LEN2054", /* E480 */
1328 ++ "LEN2055", /* E580 */
1329 + "SYN3052", /* HP EliteBook 840 G4 */
1330 + "SYN3221", /* HP 15-ay000 */
1331 + NULL
1332 +diff --git a/drivers/input/touchscreen/silead.c b/drivers/input/touchscreen/silead.c
1333 +index d196ac3d8b8c..e5c3b066bd2a 100644
1334 +--- a/drivers/input/touchscreen/silead.c
1335 ++++ b/drivers/input/touchscreen/silead.c
1336 +@@ -604,6 +604,7 @@ static const struct acpi_device_id silead_ts_acpi_match[] = {
1337 + { "MSSL1680", 0 },
1338 + { "MSSL0001", 0 },
1339 + { "MSSL0002", 0 },
1340 ++ { "MSSL0017", 0 },
1341 + { }
1342 + };
1343 + MODULE_DEVICE_TABLE(acpi, silead_ts_acpi_match);
1344 +diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
1345 +index 6600b3466dfb..0a74785e575b 100644
1346 +--- a/drivers/mmc/core/core.c
1347 ++++ b/drivers/mmc/core/core.c
1348 +@@ -144,8 +144,9 @@ void mmc_request_done(struct mmc_host *host, struct mmc_request *mrq)
1349 + int err = cmd->error;
1350 +
1351 + /* Flag re-tuning needed on CRC errors */
1352 +- if ((cmd->opcode != MMC_SEND_TUNING_BLOCK &&
1353 +- cmd->opcode != MMC_SEND_TUNING_BLOCK_HS200) &&
1354 ++ if (cmd->opcode != MMC_SEND_TUNING_BLOCK &&
1355 ++ cmd->opcode != MMC_SEND_TUNING_BLOCK_HS200 &&
1356 ++ !host->retune_crc_disable &&
1357 + (err == -EILSEQ || (mrq->sbc && mrq->sbc->error == -EILSEQ) ||
1358 + (mrq->data && mrq->data->error == -EILSEQ) ||
1359 + (mrq->stop && mrq->stop->error == -EILSEQ)))
1360 +diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c
1361 +index d8e17ea6126d..0aa99694b937 100644
1362 +--- a/drivers/mmc/core/sdio.c
1363 ++++ b/drivers/mmc/core/sdio.c
1364 +@@ -934,6 +934,10 @@ static int mmc_sdio_pre_suspend(struct mmc_host *host)
1365 + */
1366 + static int mmc_sdio_suspend(struct mmc_host *host)
1367 + {
1368 ++ /* Prevent processing of SDIO IRQs in suspended state. */
1369 ++ mmc_card_set_suspended(host->card);
1370 ++ cancel_delayed_work_sync(&host->sdio_irq_work);
1371 ++
1372 + mmc_claim_host(host);
1373 +
1374 + if (mmc_card_keep_power(host) && mmc_card_wake_sdio_irq(host))
1375 +@@ -982,13 +986,20 @@ static int mmc_sdio_resume(struct mmc_host *host)
1376 + err = sdio_enable_4bit_bus(host->card);
1377 + }
1378 +
1379 +- if (!err && host->sdio_irqs) {
1380 ++ if (err)
1381 ++ goto out;
1382 ++
1383 ++ /* Allow SDIO IRQs to be processed again. */
1384 ++ mmc_card_clr_suspended(host->card);
1385 ++
1386 ++ if (host->sdio_irqs) {
1387 + if (!(host->caps2 & MMC_CAP2_SDIO_IRQ_NOTHREAD))
1388 + wake_up_process(host->sdio_irq_thread);
1389 + else if (host->caps & MMC_CAP_SDIO_IRQ)
1390 + host->ops->enable_sdio_irq(host, 1);
1391 + }
1392 +
1393 ++out:
1394 + mmc_release_host(host);
1395 +
1396 + host->pm_flags &= ~MMC_PM_KEEP_POWER;
1397 +diff --git a/drivers/mmc/core/sdio_io.c b/drivers/mmc/core/sdio_io.c
1398 +index d40744bbafa9..ed2d8c48ea17 100644
1399 +--- a/drivers/mmc/core/sdio_io.c
1400 ++++ b/drivers/mmc/core/sdio_io.c
1401 +@@ -18,6 +18,7 @@
1402 + #include "sdio_ops.h"
1403 + #include "core.h"
1404 + #include "card.h"
1405 ++#include "host.h"
1406 +
1407 + /**
1408 + * sdio_claim_host - exclusively claim a bus for a certain SDIO function
1409 +@@ -725,3 +726,79 @@ int sdio_set_host_pm_flags(struct sdio_func *func, mmc_pm_flag_t flags)
1410 + return 0;
1411 + }
1412 + EXPORT_SYMBOL_GPL(sdio_set_host_pm_flags);
1413 ++
1414 ++/**
1415 ++ * sdio_retune_crc_disable - temporarily disable retuning on CRC errors
1416 ++ * @func: SDIO function attached to host
1417 ++ *
1418 ++ * If the SDIO card is known to be in a state where it might produce
1419 ++ * CRC errors on the bus in response to commands (like if we know it is
1420 ++ * transitioning between power states), an SDIO function driver can
1421 ++ * call this function to temporarily disable the SD/MMC core behavior of
1422 ++ * triggering an automatic retuning.
1423 ++ *
1424 ++ * This function should be called while the host is claimed and the host
1425 ++ * should remain claimed until sdio_retune_crc_enable() is called.
1426 ++ * Specifically, the expected sequence of calls is:
1427 ++ * - sdio_claim_host()
1428 ++ * - sdio_retune_crc_disable()
1429 ++ * - some number of calls like sdio_writeb() and sdio_readb()
1430 ++ * - sdio_retune_crc_enable()
1431 ++ * - sdio_release_host()
1432 ++ */
1433 ++void sdio_retune_crc_disable(struct sdio_func *func)
1434 ++{
1435 ++ func->card->host->retune_crc_disable = true;
1436 ++}
1437 ++EXPORT_SYMBOL_GPL(sdio_retune_crc_disable);
1438 ++
1439 ++/**
1440 ++ * sdio_retune_crc_enable - re-enable retuning on CRC errors
1441 ++ * @func: SDIO function attached to host
1442 ++ *
1443 ++ * This is the compement to sdio_retune_crc_disable().
1444 ++ */
1445 ++void sdio_retune_crc_enable(struct sdio_func *func)
1446 ++{
1447 ++ func->card->host->retune_crc_disable = false;
1448 ++}
1449 ++EXPORT_SYMBOL_GPL(sdio_retune_crc_enable);
1450 ++
1451 ++/**
1452 ++ * sdio_retune_hold_now - start deferring retuning requests till release
1453 ++ * @func: SDIO function attached to host
1454 ++ *
1455 ++ * This function can be called if it's currently a bad time to do
1456 ++ * a retune of the SDIO card. Retune requests made during this time
1457 ++ * will be held and we'll actually do the retune sometime after the
1458 ++ * release.
1459 ++ *
1460 ++ * This function could be useful if an SDIO card is in a power state
1461 ++ * where it can respond to a small subset of commands that doesn't
1462 ++ * include the retuning command. Care should be taken when using
1463 ++ * this function since (presumably) the retuning request we might be
1464 ++ * deferring was made for a good reason.
1465 ++ *
1466 ++ * This function should be called while the host is claimed.
1467 ++ */
1468 ++void sdio_retune_hold_now(struct sdio_func *func)
1469 ++{
1470 ++ mmc_retune_hold_now(func->card->host);
1471 ++}
1472 ++EXPORT_SYMBOL_GPL(sdio_retune_hold_now);
1473 ++
1474 ++/**
1475 ++ * sdio_retune_release - signal that it's OK to retune now
1476 ++ * @func: SDIO function attached to host
1477 ++ *
1478 ++ * This is the complement to sdio_retune_hold_now(). Calling this
1479 ++ * function won't make a retune happen right away but will allow
1480 ++ * them to be scheduled normally.
1481 ++ *
1482 ++ * This function should be called while the host is claimed.
1483 ++ */
1484 ++void sdio_retune_release(struct sdio_func *func)
1485 ++{
1486 ++ mmc_retune_release(func->card->host);
1487 ++}
1488 ++EXPORT_SYMBOL_GPL(sdio_retune_release);
1489 +diff --git a/drivers/mmc/core/sdio_irq.c b/drivers/mmc/core/sdio_irq.c
1490 +index 7ca7b99413f0..b299a24d33f9 100644
1491 +--- a/drivers/mmc/core/sdio_irq.c
1492 ++++ b/drivers/mmc/core/sdio_irq.c
1493 +@@ -38,6 +38,10 @@ static int process_sdio_pending_irqs(struct mmc_host *host)
1494 + unsigned char pending;
1495 + struct sdio_func *func;
1496 +
1497 ++ /* Don't process SDIO IRQs if the card is suspended. */
1498 ++ if (mmc_card_suspended(card))
1499 ++ return 0;
1500 ++
1501 + /*
1502 + * Optimization, if there is only 1 function interrupt registered
1503 + * and we know an IRQ was signaled then call irq handler directly.
1504 +diff --git a/drivers/mmc/host/sdhci-pci-o2micro.c b/drivers/mmc/host/sdhci-pci-o2micro.c
1505 +index cc3ffeffd7a2..fa8d9da2ab7f 100644
1506 +--- a/drivers/mmc/host/sdhci-pci-o2micro.c
1507 ++++ b/drivers/mmc/host/sdhci-pci-o2micro.c
1508 +@@ -117,6 +117,7 @@ static int sdhci_o2_execute_tuning(struct mmc_host *mmc, u32 opcode)
1509 + */
1510 + if (mmc->ios.bus_width == MMC_BUS_WIDTH_8) {
1511 + current_bus_width = mmc->ios.bus_width;
1512 ++ mmc->ios.bus_width = MMC_BUS_WIDTH_4;
1513 + sdhci_set_bus_width(host, MMC_BUS_WIDTH_4);
1514 + }
1515 +
1516 +@@ -128,8 +129,10 @@ static int sdhci_o2_execute_tuning(struct mmc_host *mmc, u32 opcode)
1517 +
1518 + sdhci_end_tuning(host);
1519 +
1520 +- if (current_bus_width == MMC_BUS_WIDTH_8)
1521 ++ if (current_bus_width == MMC_BUS_WIDTH_8) {
1522 ++ mmc->ios.bus_width = MMC_BUS_WIDTH_8;
1523 + sdhci_set_bus_width(host, current_bus_width);
1524 ++ }
1525 +
1526 + host->flags &= ~SDHCI_HS400_TUNING;
1527 + return 0;
1528 +diff --git a/drivers/net/can/flexcan.c b/drivers/net/can/flexcan.c
1529 +index 2646faffd36e..6f265d2e647b 100644
1530 +--- a/drivers/net/can/flexcan.c
1531 ++++ b/drivers/net/can/flexcan.c
1532 +@@ -165,7 +165,7 @@
1533 + #define FLEXCAN_MB_CNT_LENGTH(x) (((x) & 0xf) << 16)
1534 + #define FLEXCAN_MB_CNT_TIMESTAMP(x) ((x) & 0xffff)
1535 +
1536 +-#define FLEXCAN_TIMEOUT_US (50)
1537 ++#define FLEXCAN_TIMEOUT_US (250)
1538 +
1539 + /* FLEXCAN hardware feature flags
1540 + *
1541 +diff --git a/drivers/net/can/xilinx_can.c b/drivers/net/can/xilinx_can.c
1542 +index 045f0845e665..3df23487487f 100644
1543 +--- a/drivers/net/can/xilinx_can.c
1544 ++++ b/drivers/net/can/xilinx_can.c
1545 +@@ -1424,7 +1424,7 @@ static const struct xcan_devtype_data xcan_canfd_data = {
1546 + XCAN_FLAG_RXMNF |
1547 + XCAN_FLAG_TX_MAILBOXES |
1548 + XCAN_FLAG_RX_FIFO_MULTI,
1549 +- .bittiming_const = &xcan_bittiming_const,
1550 ++ .bittiming_const = &xcan_bittiming_const_canfd,
1551 + .btr_ts2_shift = XCAN_BTR_TS2_SHIFT_CANFD,
1552 + .btr_sjw_shift = XCAN_BTR_SJW_SHIFT_CANFD,
1553 + .bus_clk_name = "s_axi_aclk",
1554 +diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
1555 +index dfaad1c2c2b8..411cfb806459 100644
1556 +--- a/drivers/net/dsa/mv88e6xxx/chip.c
1557 ++++ b/drivers/net/dsa/mv88e6xxx/chip.c
1558 +@@ -1484,7 +1484,7 @@ static int mv88e6xxx_vtu_get(struct mv88e6xxx_chip *chip, u16 vid,
1559 + int err;
1560 +
1561 + if (!vid)
1562 +- return -EINVAL;
1563 ++ return -EOPNOTSUPP;
1564 +
1565 + entry->vid = vid - 1;
1566 + entry->valid = false;
1567 +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
1568 +index e2710ff48fb0..1fa0cd527ead 100644
1569 +--- a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
1570 ++++ b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
1571 +@@ -339,6 +339,7 @@ static int __lb_setup(struct net_device *ndev,
1572 + static int __lb_up(struct net_device *ndev,
1573 + enum hnae_loop loop_mode)
1574 + {
1575 ++#define NIC_LB_TEST_WAIT_PHY_LINK_TIME 300
1576 + struct hns_nic_priv *priv = netdev_priv(ndev);
1577 + struct hnae_handle *h = priv->ae_handle;
1578 + int speed, duplex;
1579 +@@ -365,6 +366,9 @@ static int __lb_up(struct net_device *ndev,
1580 +
1581 + h->dev->ops->adjust_link(h, speed, duplex);
1582 +
1583 ++ /* wait adjust link done and phy ready */
1584 ++ msleep(NIC_LB_TEST_WAIT_PHY_LINK_TIME);
1585 ++
1586 + return 0;
1587 + }
1588 +
1589 +diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
1590 +index 6e6abdc399de..1d55f014725e 100644
1591 +--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
1592 ++++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
1593 +@@ -1784,6 +1784,7 @@ static void mtk_poll_controller(struct net_device *dev)
1594 +
1595 + static int mtk_start_dma(struct mtk_eth *eth)
1596 + {
1597 ++ u32 rx_2b_offset = (NET_IP_ALIGN == 2) ? MTK_RX_2B_OFFSET : 0;
1598 + int err;
1599 +
1600 + err = mtk_dma_init(eth);
1601 +@@ -1800,7 +1801,7 @@ static int mtk_start_dma(struct mtk_eth *eth)
1602 + MTK_QDMA_GLO_CFG);
1603 +
1604 + mtk_w32(eth,
1605 +- MTK_RX_DMA_EN | MTK_RX_2B_OFFSET |
1606 ++ MTK_RX_DMA_EN | rx_2b_offset |
1607 + MTK_RX_BT_32DWORDS | MTK_MULTI_EN,
1608 + MTK_PDMA_GLO_CFG);
1609 +
1610 +@@ -2304,13 +2305,13 @@ static int mtk_get_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd,
1611 +
1612 + switch (cmd->cmd) {
1613 + case ETHTOOL_GRXRINGS:
1614 +- if (dev->features & NETIF_F_LRO) {
1615 ++ if (dev->hw_features & NETIF_F_LRO) {
1616 + cmd->data = MTK_MAX_RX_RING_NUM;
1617 + ret = 0;
1618 + }
1619 + break;
1620 + case ETHTOOL_GRXCLSRLCNT:
1621 +- if (dev->features & NETIF_F_LRO) {
1622 ++ if (dev->hw_features & NETIF_F_LRO) {
1623 + struct mtk_mac *mac = netdev_priv(dev);
1624 +
1625 + cmd->rule_cnt = mac->hwlro_ip_cnt;
1626 +@@ -2318,11 +2319,11 @@ static int mtk_get_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd,
1627 + }
1628 + break;
1629 + case ETHTOOL_GRXCLSRULE:
1630 +- if (dev->features & NETIF_F_LRO)
1631 ++ if (dev->hw_features & NETIF_F_LRO)
1632 + ret = mtk_hwlro_get_fdir_entry(dev, cmd);
1633 + break;
1634 + case ETHTOOL_GRXCLSRLALL:
1635 +- if (dev->features & NETIF_F_LRO)
1636 ++ if (dev->hw_features & NETIF_F_LRO)
1637 + ret = mtk_hwlro_get_fdir_all(dev, cmd,
1638 + rule_locs);
1639 + break;
1640 +@@ -2339,11 +2340,11 @@ static int mtk_set_rxnfc(struct net_device *dev, struct ethtool_rxnfc *cmd)
1641 +
1642 + switch (cmd->cmd) {
1643 + case ETHTOOL_SRXCLSRLINS:
1644 +- if (dev->features & NETIF_F_LRO)
1645 ++ if (dev->hw_features & NETIF_F_LRO)
1646 + ret = mtk_hwlro_add_ipaddr(dev, cmd);
1647 + break;
1648 + case ETHTOOL_SRXCLSRLDEL:
1649 +- if (dev->features & NETIF_F_LRO)
1650 ++ if (dev->hw_features & NETIF_F_LRO)
1651 + ret = mtk_hwlro_del_ipaddr(dev, cmd);
1652 + break;
1653 + default:
1654 +diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
1655 +index 68b8007da82b..0115a2868933 100644
1656 +--- a/drivers/net/ipvlan/ipvlan_main.c
1657 ++++ b/drivers/net/ipvlan/ipvlan_main.c
1658 +@@ -178,7 +178,7 @@ static void ipvlan_port_destroy(struct net_device *dev)
1659 + }
1660 +
1661 + #define IPVLAN_FEATURES \
1662 +- (NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST | \
1663 ++ (NETIF_F_SG | NETIF_F_CSUM_MASK | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST | \
1664 + NETIF_F_GSO | NETIF_F_TSO | NETIF_F_GSO_ROBUST | \
1665 + NETIF_F_TSO_ECN | NETIF_F_TSO6 | NETIF_F_GRO | NETIF_F_RXCSUM | \
1666 + NETIF_F_HW_VLAN_CTAG_FILTER | NETIF_F_HW_VLAN_STAG_FILTER)
1667 +diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
1668 +index a907d7b065fa..53e4962ceb8a 100644
1669 +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
1670 ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
1671 +@@ -667,6 +667,12 @@ brcmf_sdio_kso_control(struct brcmf_sdio *bus, bool on)
1672 +
1673 + brcmf_dbg(TRACE, "Enter: on=%d\n", on);
1674 +
1675 ++ sdio_retune_crc_disable(bus->sdiodev->func1);
1676 ++
1677 ++ /* Cannot re-tune if device is asleep; defer till we're awake */
1678 ++ if (on)
1679 ++ sdio_retune_hold_now(bus->sdiodev->func1);
1680 ++
1681 + wr_val = (on << SBSDIO_FUNC1_SLEEPCSR_KSO_SHIFT);
1682 + /* 1st KSO write goes to AOS wake up core if device is asleep */
1683 + brcmf_sdiod_writeb(bus->sdiodev, SBSDIO_FUNC1_SLEEPCSR, wr_val, &err);
1684 +@@ -719,6 +725,11 @@ brcmf_sdio_kso_control(struct brcmf_sdio *bus, bool on)
1685 + if (try_cnt > MAX_KSO_ATTEMPTS)
1686 + brcmf_err("max tries: rd_val=0x%x err=%d\n", rd_val, err);
1687 +
1688 ++ if (on)
1689 ++ sdio_retune_release(bus->sdiodev->func1);
1690 ++
1691 ++ sdio_retune_crc_enable(bus->sdiodev->func1);
1692 ++
1693 + return err;
1694 + }
1695 +
1696 +diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
1697 +index a867a139bb35..d8869d978c34 100644
1698 +--- a/drivers/nvme/host/core.c
1699 ++++ b/drivers/nvme/host/core.c
1700 +@@ -3228,7 +3228,8 @@ static int nvme_scan_ns_list(struct nvme_ctrl *ctrl, unsigned nn)
1701 + {
1702 + struct nvme_ns *ns;
1703 + __le32 *ns_list;
1704 +- unsigned i, j, nsid, prev = 0, num_lists = DIV_ROUND_UP(nn, 1024);
1705 ++ unsigned i, j, nsid, prev = 0;
1706 ++ unsigned num_lists = DIV_ROUND_UP_ULL((u64)nn, 1024);
1707 + int ret = 0;
1708 +
1709 + ns_list = kzalloc(NVME_IDENTIFY_DATA_SIZE, GFP_KERNEL);
1710 +diff --git a/drivers/nvme/target/io-cmd-bdev.c b/drivers/nvme/target/io-cmd-bdev.c
1711 +index 7bc9f6240432..1096dd01ca22 100644
1712 +--- a/drivers/nvme/target/io-cmd-bdev.c
1713 ++++ b/drivers/nvme/target/io-cmd-bdev.c
1714 +@@ -239,6 +239,7 @@ u16 nvmet_bdev_parse_io_cmd(struct nvmet_req *req)
1715 + return 0;
1716 + case nvme_cmd_write_zeroes:
1717 + req->execute = nvmet_bdev_execute_write_zeroes;
1718 ++ req->data_len = 0;
1719 + return 0;
1720 + default:
1721 + pr_err("unhandled cmd %d on qid %d\n", cmd->common.opcode,
1722 +diff --git a/drivers/parport/share.c b/drivers/parport/share.c
1723 +index 5dc53d420ca8..7b4ee33c1935 100644
1724 +--- a/drivers/parport/share.c
1725 ++++ b/drivers/parport/share.c
1726 +@@ -895,6 +895,7 @@ parport_register_dev_model(struct parport *port, const char *name,
1727 + par_dev->devmodel = true;
1728 + ret = device_register(&par_dev->dev);
1729 + if (ret) {
1730 ++ kfree(par_dev->state);
1731 + put_device(&par_dev->dev);
1732 + goto err_put_port;
1733 + }
1734 +@@ -912,6 +913,7 @@ parport_register_dev_model(struct parport *port, const char *name,
1735 + spin_unlock(&port->physport->pardevice_lock);
1736 + pr_debug("%s: cannot grant exclusive access for device %s\n",
1737 + port->name, name);
1738 ++ kfree(par_dev->state);
1739 + device_unregister(&par_dev->dev);
1740 + goto err_put_port;
1741 + }
1742 +diff --git a/drivers/s390/net/qeth_l2_main.c b/drivers/s390/net/qeth_l2_main.c
1743 +index b7513c5848cf..c1c35eccd5b6 100644
1744 +--- a/drivers/s390/net/qeth_l2_main.c
1745 ++++ b/drivers/s390/net/qeth_l2_main.c
1746 +@@ -1901,7 +1901,7 @@ static void qeth_bridgeport_an_set_cb(void *priv,
1747 +
1748 + l2entry = (struct qdio_brinfo_entry_l2 *)entry;
1749 + code = IPA_ADDR_CHANGE_CODE_MACADDR;
1750 +- if (l2entry->addr_lnid.lnid)
1751 ++ if (l2entry->addr_lnid.lnid < VLAN_N_VID)
1752 + code |= IPA_ADDR_CHANGE_CODE_VLANID;
1753 + qeth_bridge_emit_host_event(card, anev_reg_unreg, code,
1754 + (struct net_if_token *)&l2entry->nit,
1755 +diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
1756 +index 411d656f2530..98f2d076f938 100644
1757 +--- a/drivers/scsi/smartpqi/smartpqi_init.c
1758 ++++ b/drivers/scsi/smartpqi/smartpqi_init.c
1759 +@@ -3697,8 +3697,10 @@ static int pqi_submit_raid_request_synchronous(struct pqi_ctrl_info *ctrl_info,
1760 + return -ETIMEDOUT;
1761 + msecs_blocked =
1762 + jiffies_to_msecs(jiffies - start_jiffies);
1763 +- if (msecs_blocked >= timeout_msecs)
1764 +- return -ETIMEDOUT;
1765 ++ if (msecs_blocked >= timeout_msecs) {
1766 ++ rc = -ETIMEDOUT;
1767 ++ goto out;
1768 ++ }
1769 + timeout_msecs -= msecs_blocked;
1770 + }
1771 + }
1772 +diff --git a/drivers/scsi/ufs/ufshcd-pltfrm.c b/drivers/scsi/ufs/ufshcd-pltfrm.c
1773 +index 895a9b5ac989..30c22e16b1e3 100644
1774 +--- a/drivers/scsi/ufs/ufshcd-pltfrm.c
1775 ++++ b/drivers/scsi/ufs/ufshcd-pltfrm.c
1776 +@@ -340,24 +340,21 @@ int ufshcd_pltfrm_init(struct platform_device *pdev,
1777 + goto dealloc_host;
1778 + }
1779 +
1780 +- pm_runtime_set_active(&pdev->dev);
1781 +- pm_runtime_enable(&pdev->dev);
1782 +-
1783 + ufshcd_init_lanes_per_dir(hba);
1784 +
1785 + err = ufshcd_init(hba, mmio_base, irq);
1786 + if (err) {
1787 + dev_err(dev, "Initialization failed\n");
1788 +- goto out_disable_rpm;
1789 ++ goto dealloc_host;
1790 + }
1791 +
1792 + platform_set_drvdata(pdev, hba);
1793 +
1794 ++ pm_runtime_set_active(&pdev->dev);
1795 ++ pm_runtime_enable(&pdev->dev);
1796 ++
1797 + return 0;
1798 +
1799 +-out_disable_rpm:
1800 +- pm_runtime_disable(&pdev->dev);
1801 +- pm_runtime_set_suspended(&pdev->dev);
1802 + dealloc_host:
1803 + ufshcd_dealloc_host(hba);
1804 + out:
1805 +diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
1806 +index 3183fa8c5857..b8b59cfeacd1 100644
1807 +--- a/drivers/scsi/ufs/ufshcd.c
1808 ++++ b/drivers/scsi/ufs/ufshcd.c
1809 +@@ -1914,7 +1914,8 @@ int ufshcd_copy_query_response(struct ufs_hba *hba, struct ufshcd_lrb *lrbp)
1810 + memcpy(&query_res->upiu_res, &lrbp->ucd_rsp_ptr->qr, QUERY_OSF_SIZE);
1811 +
1812 + /* Get the descriptor */
1813 +- if (lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) {
1814 ++ if (hba->dev_cmd.query.descriptor &&
1815 ++ lrbp->ucd_rsp_ptr->qr.opcode == UPIU_QUERY_OPCODE_READ_DESC) {
1816 + u8 *descp = (u8 *)lrbp->ucd_rsp_ptr +
1817 + GENERAL_UPIU_REQUEST_SIZE;
1818 + u16 resp_len;
1819 +diff --git a/drivers/staging/erofs/erofs_fs.h b/drivers/staging/erofs/erofs_fs.h
1820 +index 2f8e2bf70941..7677da889f12 100644
1821 +--- a/drivers/staging/erofs/erofs_fs.h
1822 ++++ b/drivers/staging/erofs/erofs_fs.h
1823 +@@ -17,10 +17,16 @@
1824 + #define EROFS_SUPER_MAGIC_V1 0xE0F5E1E2
1825 + #define EROFS_SUPER_OFFSET 1024
1826 +
1827 ++/*
1828 ++ * Any bits that aren't in EROFS_ALL_REQUIREMENTS should be
1829 ++ * incompatible with this kernel version.
1830 ++ */
1831 ++#define EROFS_ALL_REQUIREMENTS 0
1832 ++
1833 + struct erofs_super_block {
1834 + /* 0 */__le32 magic; /* in the little endian */
1835 + /* 4 */__le32 checksum; /* crc32c(super_block) */
1836 +-/* 8 */__le32 features;
1837 ++/* 8 */__le32 features; /* (aka. feature_compat) */
1838 + /* 12 */__u8 blkszbits; /* support block_size == PAGE_SIZE only */
1839 + /* 13 */__u8 reserved;
1840 +
1841 +@@ -34,9 +40,10 @@ struct erofs_super_block {
1842 + /* 44 */__le32 xattr_blkaddr;
1843 + /* 48 */__u8 uuid[16]; /* 128-bit uuid for volume */
1844 + /* 64 */__u8 volume_name[16]; /* volume name */
1845 ++/* 80 */__le32 requirements; /* (aka. feature_incompat) */
1846 +
1847 +-/* 80 */__u8 reserved2[48]; /* 128 bytes */
1848 +-} __packed;
1849 ++/* 84 */__u8 reserved2[44];
1850 ++} __packed; /* 128 bytes */
1851 +
1852 + #define __EROFS_BIT(_prefix, _cur, _pre) enum { \
1853 + _prefix ## _cur ## _BIT = _prefix ## _pre ## _BIT + \
1854 +diff --git a/drivers/staging/erofs/internal.h b/drivers/staging/erofs/internal.h
1855 +index 58d8cbc3f921..8ce37091db20 100644
1856 +--- a/drivers/staging/erofs/internal.h
1857 ++++ b/drivers/staging/erofs/internal.h
1858 +@@ -111,6 +111,8 @@ struct erofs_sb_info {
1859 +
1860 + u8 uuid[16]; /* 128-bit uuid for volume */
1861 + u8 volume_name[16]; /* volume name */
1862 ++ u32 requirements;
1863 ++
1864 + char *dev_name;
1865 +
1866 + unsigned int mount_opt;
1867 +diff --git a/drivers/staging/erofs/super.c b/drivers/staging/erofs/super.c
1868 +index b0583cdb079a..b49ebdf6ebda 100644
1869 +--- a/drivers/staging/erofs/super.c
1870 ++++ b/drivers/staging/erofs/super.c
1871 +@@ -75,6 +75,22 @@ static void destroy_inode(struct inode *inode)
1872 + call_rcu(&inode->i_rcu, i_callback);
1873 + }
1874 +
1875 ++static bool check_layout_compatibility(struct super_block *sb,
1876 ++ struct erofs_super_block *layout)
1877 ++{
1878 ++ const unsigned int requirements = le32_to_cpu(layout->requirements);
1879 ++
1880 ++ EROFS_SB(sb)->requirements = requirements;
1881 ++
1882 ++ /* check if current kernel meets all mandatory requirements */
1883 ++ if (requirements & (~EROFS_ALL_REQUIREMENTS)) {
1884 ++ errln("unidentified requirements %x, please upgrade kernel version",
1885 ++ requirements & ~EROFS_ALL_REQUIREMENTS);
1886 ++ return false;
1887 ++ }
1888 ++ return true;
1889 ++}
1890 ++
1891 + static int superblock_read(struct super_block *sb)
1892 + {
1893 + struct erofs_sb_info *sbi;
1894 +@@ -108,6 +124,9 @@ static int superblock_read(struct super_block *sb)
1895 + goto out;
1896 + }
1897 +
1898 ++ if (!check_layout_compatibility(sb, layout))
1899 ++ goto out;
1900 ++
1901 + sbi->blocks = le32_to_cpu(layout->blocks);
1902 + sbi->meta_blkaddr = le32_to_cpu(layout->meta_blkaddr);
1903 + #ifdef CONFIG_EROFS_FS_XATTR
1904 +diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
1905 +index 9852ec5e6e01..cc7c856126df 100644
1906 +--- a/drivers/usb/chipidea/udc.c
1907 ++++ b/drivers/usb/chipidea/udc.c
1908 +@@ -1621,6 +1621,25 @@ static int ci_udc_pullup(struct usb_gadget *_gadget, int is_on)
1909 + static int ci_udc_start(struct usb_gadget *gadget,
1910 + struct usb_gadget_driver *driver);
1911 + static int ci_udc_stop(struct usb_gadget *gadget);
1912 ++
1913 ++/* Match ISOC IN from the highest endpoint */
1914 ++static struct usb_ep *ci_udc_match_ep(struct usb_gadget *gadget,
1915 ++ struct usb_endpoint_descriptor *desc,
1916 ++ struct usb_ss_ep_comp_descriptor *comp_desc)
1917 ++{
1918 ++ struct ci_hdrc *ci = container_of(gadget, struct ci_hdrc, gadget);
1919 ++ struct usb_ep *ep;
1920 ++
1921 ++ if (usb_endpoint_xfer_isoc(desc) && usb_endpoint_dir_in(desc)) {
1922 ++ list_for_each_entry_reverse(ep, &ci->gadget.ep_list, ep_list) {
1923 ++ if (ep->caps.dir_in && !ep->claimed)
1924 ++ return ep;
1925 ++ }
1926 ++ }
1927 ++
1928 ++ return NULL;
1929 ++}
1930 ++
1931 + /**
1932 + * Device operations part of the API to the USB controller hardware,
1933 + * which don't involve endpoints (or i/o)
1934 +@@ -1634,6 +1653,7 @@ static const struct usb_gadget_ops usb_gadget_ops = {
1935 + .vbus_draw = ci_udc_vbus_draw,
1936 + .udc_start = ci_udc_start,
1937 + .udc_stop = ci_udc_stop,
1938 ++ .match_ep = ci_udc_match_ep,
1939 + };
1940 +
1941 + static int init_eps(struct ci_hdrc *ci)
1942 +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
1943 +index b62953ee0fc6..f896a00662ef 100644
1944 +--- a/drivers/usb/host/xhci-ring.c
1945 ++++ b/drivers/usb/host/xhci-ring.c
1946 +@@ -1604,8 +1604,13 @@ static void handle_port_status(struct xhci_hcd *xhci,
1947 + usb_hcd_resume_root_hub(hcd);
1948 + }
1949 +
1950 +- if (hcd->speed >= HCD_USB3 && (portsc & PORT_PLS_MASK) == XDEV_INACTIVE)
1951 ++ if (hcd->speed >= HCD_USB3 &&
1952 ++ (portsc & PORT_PLS_MASK) == XDEV_INACTIVE) {
1953 ++ slot_id = xhci_find_slot_id_by_port(hcd, xhci, hcd_portnum + 1);
1954 ++ if (slot_id && xhci->devs[slot_id])
1955 ++ xhci->devs[slot_id]->flags |= VDEV_PORT_ERROR;
1956 + bus_state->port_remote_wakeup &= ~(1 << hcd_portnum);
1957 ++ }
1958 +
1959 + if ((portsc & PORT_PLC) && (portsc & PORT_PLS_MASK) == XDEV_RESUME) {
1960 + xhci_dbg(xhci, "port resume event for port %d\n", port_id);
1961 +@@ -1793,6 +1798,14 @@ static void xhci_cleanup_halted_endpoint(struct xhci_hcd *xhci,
1962 + {
1963 + struct xhci_virt_ep *ep = &xhci->devs[slot_id]->eps[ep_index];
1964 + struct xhci_command *command;
1965 ++
1966 ++ /*
1967 ++ * Avoid resetting endpoint if link is inactive. Can cause host hang.
1968 ++ * Device will be reset soon to recover the link so don't do anything
1969 ++ */
1970 ++ if (xhci->devs[slot_id]->flags & VDEV_PORT_ERROR)
1971 ++ return;
1972 ++
1973 + command = xhci_alloc_command(xhci, false, GFP_ATOMIC);
1974 + if (!command)
1975 + return;
1976 +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
1977 +index f30b065095fa..4ffadca2c71a 100644
1978 +--- a/drivers/usb/host/xhci.c
1979 ++++ b/drivers/usb/host/xhci.c
1980 +@@ -1441,6 +1441,10 @@ static int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag
1981 + xhci_dbg(xhci, "urb submitted during PCI suspend\n");
1982 + return -ESHUTDOWN;
1983 + }
1984 ++ if (xhci->devs[slot_id]->flags & VDEV_PORT_ERROR) {
1985 ++ xhci_dbg(xhci, "Can't queue urb, port error, link inactive\n");
1986 ++ return -ENODEV;
1987 ++ }
1988 +
1989 + if (usb_endpoint_xfer_isoc(&urb->ep->desc))
1990 + num_tds = urb->number_of_packets;
1991 +@@ -3724,6 +3728,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd,
1992 + }
1993 + /* If necessary, update the number of active TTs on this root port */
1994 + xhci_update_tt_active_eps(xhci, virt_dev, old_active_eps);
1995 ++ virt_dev->flags = 0;
1996 + ret = 0;
1997 +
1998 + command_cleanup:
1999 +@@ -5030,16 +5035,26 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks)
2000 + } else {
2001 + /*
2002 + * Some 3.1 hosts return sbrn 0x30, use xhci supported protocol
2003 +- * minor revision instead of sbrn
2004 ++ * minor revision instead of sbrn. Minor revision is a two digit
2005 ++ * BCD containing minor and sub-minor numbers, only show minor.
2006 + */
2007 +- minor_rev = xhci->usb3_rhub.min_rev;
2008 +- if (minor_rev) {
2009 ++ minor_rev = xhci->usb3_rhub.min_rev / 0x10;
2010 ++
2011 ++ switch (minor_rev) {
2012 ++ case 2:
2013 ++ hcd->speed = HCD_USB32;
2014 ++ hcd->self.root_hub->speed = USB_SPEED_SUPER_PLUS;
2015 ++ hcd->self.root_hub->rx_lanes = 2;
2016 ++ hcd->self.root_hub->tx_lanes = 2;
2017 ++ break;
2018 ++ case 1:
2019 + hcd->speed = HCD_USB31;
2020 + hcd->self.root_hub->speed = USB_SPEED_SUPER_PLUS;
2021 ++ break;
2022 + }
2023 +- xhci_info(xhci, "Host supports USB 3.%x %s SuperSpeed\n",
2024 ++ xhci_info(xhci, "Host supports USB 3.%x %sSuperSpeed\n",
2025 + minor_rev,
2026 +- minor_rev ? "Enhanced" : "");
2027 ++ minor_rev ? "Enhanced " : "");
2028 +
2029 + xhci->usb3_rhub.hcd = hcd;
2030 + /* xHCI private pointer was set in xhci_pci_probe for the second
2031 +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
2032 +index dc00f59c8e69..761b341d27b0 100644
2033 +--- a/drivers/usb/host/xhci.h
2034 ++++ b/drivers/usb/host/xhci.h
2035 +@@ -1010,6 +1010,15 @@ struct xhci_virt_device {
2036 + u8 real_port;
2037 + struct xhci_interval_bw_table *bw_table;
2038 + struct xhci_tt_bw_info *tt_info;
2039 ++ /*
2040 ++ * flags for state tracking based on events and issued commands.
2041 ++ * Software can not rely on states from output contexts because of
2042 ++ * latency between events and xHC updating output context values.
2043 ++ * See xhci 1.1 section 4.8.3 for more details
2044 ++ */
2045 ++ unsigned long flags;
2046 ++#define VDEV_PORT_ERROR BIT(0) /* Port error, link inactive */
2047 ++
2048 + /* The current max exit latency for the enabled USB3 link states. */
2049 + u16 current_mel;
2050 + /* Used for the debugfs interfaces. */
2051 +diff --git a/fs/btrfs/reada.c b/fs/btrfs/reada.c
2052 +index dec14b739b10..859274e38417 100644
2053 +--- a/fs/btrfs/reada.c
2054 ++++ b/fs/btrfs/reada.c
2055 +@@ -745,6 +745,7 @@ static void __reada_start_machine(struct btrfs_fs_info *fs_info)
2056 + u64 total = 0;
2057 + int i;
2058 +
2059 ++again:
2060 + do {
2061 + enqueued = 0;
2062 + mutex_lock(&fs_devices->device_list_mutex);
2063 +@@ -756,6 +757,10 @@ static void __reada_start_machine(struct btrfs_fs_info *fs_info)
2064 + mutex_unlock(&fs_devices->device_list_mutex);
2065 + total += enqueued;
2066 + } while (enqueued && total < 10000);
2067 ++ if (fs_devices->seed) {
2068 ++ fs_devices = fs_devices->seed;
2069 ++ goto again;
2070 ++ }
2071 +
2072 + if (enqueued == 0)
2073 + return;
2074 +diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c
2075 +index 18814f1d67d9..3c0bad577859 100644
2076 +--- a/fs/cifs/smb2maperror.c
2077 ++++ b/fs/cifs/smb2maperror.c
2078 +@@ -457,7 +457,7 @@ static const struct status_to_posix_error smb2_error_map_table[] = {
2079 + {STATUS_FILE_INVALID, -EIO, "STATUS_FILE_INVALID"},
2080 + {STATUS_ALLOTTED_SPACE_EXCEEDED, -EIO,
2081 + "STATUS_ALLOTTED_SPACE_EXCEEDED"},
2082 +- {STATUS_INSUFFICIENT_RESOURCES, -EREMOTEIO,
2083 ++ {STATUS_INSUFFICIENT_RESOURCES, -EAGAIN,
2084 + "STATUS_INSUFFICIENT_RESOURCES"},
2085 + {STATUS_DFS_EXIT_PATH_FOUND, -EIO, "STATUS_DFS_EXIT_PATH_FOUND"},
2086 + {STATUS_DEVICE_DATA_ERROR, -EIO, "STATUS_DEVICE_DATA_ERROR"},
2087 +diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
2088 +index 00338b828f76..0bd276e4ccbe 100644
2089 +--- a/fs/overlayfs/file.c
2090 ++++ b/fs/overlayfs/file.c
2091 +@@ -409,36 +409,16 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd,
2092 + return ret;
2093 + }
2094 +
2095 +-static unsigned int ovl_get_inode_flags(struct inode *inode)
2096 +-{
2097 +- unsigned int flags = READ_ONCE(inode->i_flags);
2098 +- unsigned int ovl_iflags = 0;
2099 +-
2100 +- if (flags & S_SYNC)
2101 +- ovl_iflags |= FS_SYNC_FL;
2102 +- if (flags & S_APPEND)
2103 +- ovl_iflags |= FS_APPEND_FL;
2104 +- if (flags & S_IMMUTABLE)
2105 +- ovl_iflags |= FS_IMMUTABLE_FL;
2106 +- if (flags & S_NOATIME)
2107 +- ovl_iflags |= FS_NOATIME_FL;
2108 +-
2109 +- return ovl_iflags;
2110 +-}
2111 +-
2112 +-static long ovl_ioctl_set_flags(struct file *file, unsigned long arg)
2113 ++static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
2114 ++ unsigned long arg, unsigned int iflags)
2115 + {
2116 + long ret;
2117 + struct inode *inode = file_inode(file);
2118 +- unsigned int flags;
2119 +- unsigned int old_flags;
2120 ++ unsigned int old_iflags;
2121 +
2122 + if (!inode_owner_or_capable(inode))
2123 + return -EACCES;
2124 +
2125 +- if (get_user(flags, (int __user *) arg))
2126 +- return -EFAULT;
2127 +-
2128 + ret = mnt_want_write_file(file);
2129 + if (ret)
2130 + return ret;
2131 +@@ -447,8 +427,8 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned long arg)
2132 +
2133 + /* Check the capability before cred override */
2134 + ret = -EPERM;
2135 +- old_flags = ovl_get_inode_flags(inode);
2136 +- if (((flags ^ old_flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL)) &&
2137 ++ old_iflags = READ_ONCE(inode->i_flags);
2138 ++ if (((iflags ^ old_iflags) & (S_APPEND | S_IMMUTABLE)) &&
2139 + !capable(CAP_LINUX_IMMUTABLE))
2140 + goto unlock;
2141 +
2142 +@@ -456,7 +436,7 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned long arg)
2143 + if (ret)
2144 + goto unlock;
2145 +
2146 +- ret = ovl_real_ioctl(file, FS_IOC_SETFLAGS, arg);
2147 ++ ret = ovl_real_ioctl(file, cmd, arg);
2148 +
2149 + ovl_copyflags(ovl_inode_real(inode), inode);
2150 + unlock:
2151 +@@ -468,17 +448,79 @@ unlock:
2152 +
2153 + }
2154 +
2155 ++static unsigned int ovl_fsflags_to_iflags(unsigned int flags)
2156 ++{
2157 ++ unsigned int iflags = 0;
2158 ++
2159 ++ if (flags & FS_SYNC_FL)
2160 ++ iflags |= S_SYNC;
2161 ++ if (flags & FS_APPEND_FL)
2162 ++ iflags |= S_APPEND;
2163 ++ if (flags & FS_IMMUTABLE_FL)
2164 ++ iflags |= S_IMMUTABLE;
2165 ++ if (flags & FS_NOATIME_FL)
2166 ++ iflags |= S_NOATIME;
2167 ++
2168 ++ return iflags;
2169 ++}
2170 ++
2171 ++static long ovl_ioctl_set_fsflags(struct file *file, unsigned int cmd,
2172 ++ unsigned long arg)
2173 ++{
2174 ++ unsigned int flags;
2175 ++
2176 ++ if (get_user(flags, (int __user *) arg))
2177 ++ return -EFAULT;
2178 ++
2179 ++ return ovl_ioctl_set_flags(file, cmd, arg,
2180 ++ ovl_fsflags_to_iflags(flags));
2181 ++}
2182 ++
2183 ++static unsigned int ovl_fsxflags_to_iflags(unsigned int xflags)
2184 ++{
2185 ++ unsigned int iflags = 0;
2186 ++
2187 ++ if (xflags & FS_XFLAG_SYNC)
2188 ++ iflags |= S_SYNC;
2189 ++ if (xflags & FS_XFLAG_APPEND)
2190 ++ iflags |= S_APPEND;
2191 ++ if (xflags & FS_XFLAG_IMMUTABLE)
2192 ++ iflags |= S_IMMUTABLE;
2193 ++ if (xflags & FS_XFLAG_NOATIME)
2194 ++ iflags |= S_NOATIME;
2195 ++
2196 ++ return iflags;
2197 ++}
2198 ++
2199 ++static long ovl_ioctl_set_fsxflags(struct file *file, unsigned int cmd,
2200 ++ unsigned long arg)
2201 ++{
2202 ++ struct fsxattr fa;
2203 ++
2204 ++ memset(&fa, 0, sizeof(fa));
2205 ++ if (copy_from_user(&fa, (void __user *) arg, sizeof(fa)))
2206 ++ return -EFAULT;
2207 ++
2208 ++ return ovl_ioctl_set_flags(file, cmd, arg,
2209 ++ ovl_fsxflags_to_iflags(fa.fsx_xflags));
2210 ++}
2211 ++
2212 + static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2213 + {
2214 + long ret;
2215 +
2216 + switch (cmd) {
2217 + case FS_IOC_GETFLAGS:
2218 ++ case FS_IOC_FSGETXATTR:
2219 + ret = ovl_real_ioctl(file, cmd, arg);
2220 + break;
2221 +
2222 + case FS_IOC_SETFLAGS:
2223 +- ret = ovl_ioctl_set_flags(file, arg);
2224 ++ ret = ovl_ioctl_set_fsflags(file, cmd, arg);
2225 ++ break;
2226 ++
2227 ++ case FS_IOC_FSSETXATTR:
2228 ++ ret = ovl_ioctl_set_fsxflags(file, cmd, arg);
2229 + break;
2230 +
2231 + default:
2232 +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
2233 +index b48273e846ad..f0389849fd80 100644
2234 +--- a/fs/overlayfs/inode.c
2235 ++++ b/fs/overlayfs/inode.c
2236 +@@ -553,15 +553,15 @@ static void ovl_fill_inode(struct inode *inode, umode_t mode, dev_t rdev,
2237 + int xinobits = ovl_xino_bits(inode->i_sb);
2238 +
2239 + /*
2240 +- * When NFS export is enabled and d_ino is consistent with st_ino
2241 +- * (samefs or i_ino has enough bits to encode layer), set the same
2242 +- * value used for d_ino to i_ino, because nfsd readdirplus compares
2243 +- * d_ino values to i_ino values of child entries. When called from
2244 ++ * When d_ino is consistent with st_ino (samefs or i_ino has enough
2245 ++ * bits to encode layer), set the same value used for st_ino to i_ino,
2246 ++ * so inode number exposed via /proc/locks and a like will be
2247 ++ * consistent with d_ino and st_ino values. An i_ino value inconsistent
2248 ++ * with d_ino also causes nfsd readdirplus to fail. When called from
2249 + * ovl_new_inode(), ino arg is 0, so i_ino will be updated to real
2250 + * upper inode i_ino on ovl_inode_init() or ovl_inode_update().
2251 + */
2252 +- if (inode->i_sb->s_export_op &&
2253 +- (ovl_same_sb(inode->i_sb) || xinobits)) {
2254 ++ if (ovl_same_sb(inode->i_sb) || xinobits) {
2255 + inode->i_ino = ino;
2256 + if (xinobits && fsid && !(ino >> (64 - xinobits)))
2257 + inode->i_ino |= (unsigned long)fsid << (64 - xinobits);
2258 +@@ -777,6 +777,54 @@ struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real,
2259 + return inode;
2260 + }
2261 +
2262 ++bool ovl_lookup_trap_inode(struct super_block *sb, struct dentry *dir)
2263 ++{
2264 ++ struct inode *key = d_inode(dir);
2265 ++ struct inode *trap;
2266 ++ bool res;
2267 ++
2268 ++ trap = ilookup5(sb, (unsigned long) key, ovl_inode_test, key);
2269 ++ if (!trap)
2270 ++ return false;
2271 ++
2272 ++ res = IS_DEADDIR(trap) && !ovl_inode_upper(trap) &&
2273 ++ !ovl_inode_lower(trap);
2274 ++
2275 ++ iput(trap);
2276 ++ return res;
2277 ++}
2278 ++
2279 ++/*
2280 ++ * Create an inode cache entry for layer root dir, that will intentionally
2281 ++ * fail ovl_verify_inode(), so any lookup that will find some layer root
2282 ++ * will fail.
2283 ++ */
2284 ++struct inode *ovl_get_trap_inode(struct super_block *sb, struct dentry *dir)
2285 ++{
2286 ++ struct inode *key = d_inode(dir);
2287 ++ struct inode *trap;
2288 ++
2289 ++ if (!d_is_dir(dir))
2290 ++ return ERR_PTR(-ENOTDIR);
2291 ++
2292 ++ trap = iget5_locked(sb, (unsigned long) key, ovl_inode_test,
2293 ++ ovl_inode_set, key);
2294 ++ if (!trap)
2295 ++ return ERR_PTR(-ENOMEM);
2296 ++
2297 ++ if (!(trap->i_state & I_NEW)) {
2298 ++ /* Conflicting layer roots? */
2299 ++ iput(trap);
2300 ++ return ERR_PTR(-ELOOP);
2301 ++ }
2302 ++
2303 ++ trap->i_mode = S_IFDIR;
2304 ++ trap->i_flags = S_DEAD;
2305 ++ unlock_new_inode(trap);
2306 ++
2307 ++ return trap;
2308 ++}
2309 ++
2310 + /*
2311 + * Does overlay inode need to be hashed by lower inode?
2312 + */
2313 +diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
2314 +index efd372312ef1..badf039267a2 100644
2315 +--- a/fs/overlayfs/namei.c
2316 ++++ b/fs/overlayfs/namei.c
2317 +@@ -18,6 +18,7 @@
2318 + #include "overlayfs.h"
2319 +
2320 + struct ovl_lookup_data {
2321 ++ struct super_block *sb;
2322 + struct qstr name;
2323 + bool is_dir;
2324 + bool opaque;
2325 +@@ -244,6 +245,12 @@ static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
2326 + if (!d->metacopy || d->last)
2327 + goto out;
2328 + } else {
2329 ++ if (ovl_lookup_trap_inode(d->sb, this)) {
2330 ++ /* Caught in a trap of overlapping layers */
2331 ++ err = -ELOOP;
2332 ++ goto out_err;
2333 ++ }
2334 ++
2335 + if (last_element)
2336 + d->is_dir = true;
2337 + if (d->last)
2338 +@@ -819,6 +826,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
2339 + int err;
2340 + bool metacopy = false;
2341 + struct ovl_lookup_data d = {
2342 ++ .sb = dentry->d_sb,
2343 + .name = dentry->d_name,
2344 + .is_dir = false,
2345 + .opaque = false,
2346 +diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h
2347 +index 80fb66426760..265bf9cfde08 100644
2348 +--- a/fs/overlayfs/overlayfs.h
2349 ++++ b/fs/overlayfs/overlayfs.h
2350 +@@ -270,6 +270,7 @@ void ovl_clear_flag(unsigned long flag, struct inode *inode);
2351 + bool ovl_test_flag(unsigned long flag, struct inode *inode);
2352 + bool ovl_inuse_trylock(struct dentry *dentry);
2353 + void ovl_inuse_unlock(struct dentry *dentry);
2354 ++bool ovl_is_inuse(struct dentry *dentry);
2355 + bool ovl_need_index(struct dentry *dentry);
2356 + int ovl_nlink_start(struct dentry *dentry, bool *locked);
2357 + void ovl_nlink_end(struct dentry *dentry, bool locked);
2358 +@@ -366,6 +367,8 @@ struct ovl_inode_params {
2359 + struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev);
2360 + struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real,
2361 + bool is_upper);
2362 ++bool ovl_lookup_trap_inode(struct super_block *sb, struct dentry *dir);
2363 ++struct inode *ovl_get_trap_inode(struct super_block *sb, struct dentry *dir);
2364 + struct inode *ovl_get_inode(struct super_block *sb,
2365 + struct ovl_inode_params *oip);
2366 + static inline void ovl_copyattr(struct inode *from, struct inode *to)
2367 +diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h
2368 +index ec237035333a..6ed1ace8f8b3 100644
2369 +--- a/fs/overlayfs/ovl_entry.h
2370 ++++ b/fs/overlayfs/ovl_entry.h
2371 +@@ -29,6 +29,8 @@ struct ovl_sb {
2372 +
2373 + struct ovl_layer {
2374 + struct vfsmount *mnt;
2375 ++ /* Trap in ovl inode cache */
2376 ++ struct inode *trap;
2377 + struct ovl_sb *fs;
2378 + /* Index of this layer in fs root (upper idx == 0) */
2379 + int idx;
2380 +@@ -65,6 +67,10 @@ struct ovl_fs {
2381 + /* Did we take the inuse lock? */
2382 + bool upperdir_locked;
2383 + bool workdir_locked;
2384 ++ /* Traps in ovl inode cache */
2385 ++ struct inode *upperdir_trap;
2386 ++ struct inode *workdir_trap;
2387 ++ struct inode *indexdir_trap;
2388 + /* Inode numbers in all layers do not use the high xino_bits */
2389 + unsigned int xino_bits;
2390 + };
2391 +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
2392 +index 0fb0a59a5e5c..2d028c02621f 100644
2393 +--- a/fs/overlayfs/super.c
2394 ++++ b/fs/overlayfs/super.c
2395 +@@ -217,6 +217,9 @@ static void ovl_free_fs(struct ovl_fs *ofs)
2396 + {
2397 + unsigned i;
2398 +
2399 ++ iput(ofs->indexdir_trap);
2400 ++ iput(ofs->workdir_trap);
2401 ++ iput(ofs->upperdir_trap);
2402 + dput(ofs->indexdir);
2403 + dput(ofs->workdir);
2404 + if (ofs->workdir_locked)
2405 +@@ -225,8 +228,10 @@ static void ovl_free_fs(struct ovl_fs *ofs)
2406 + if (ofs->upperdir_locked)
2407 + ovl_inuse_unlock(ofs->upper_mnt->mnt_root);
2408 + mntput(ofs->upper_mnt);
2409 +- for (i = 0; i < ofs->numlower; i++)
2410 ++ for (i = 0; i < ofs->numlower; i++) {
2411 ++ iput(ofs->lower_layers[i].trap);
2412 + mntput(ofs->lower_layers[i].mnt);
2413 ++ }
2414 + for (i = 0; i < ofs->numlowerfs; i++)
2415 + free_anon_bdev(ofs->lower_fs[i].pseudo_dev);
2416 + kfree(ofs->lower_layers);
2417 +@@ -984,7 +989,26 @@ static const struct xattr_handler *ovl_xattr_handlers[] = {
2418 + NULL
2419 + };
2420 +
2421 +-static int ovl_get_upper(struct ovl_fs *ofs, struct path *upperpath)
2422 ++static int ovl_setup_trap(struct super_block *sb, struct dentry *dir,
2423 ++ struct inode **ptrap, const char *name)
2424 ++{
2425 ++ struct inode *trap;
2426 ++ int err;
2427 ++
2428 ++ trap = ovl_get_trap_inode(sb, dir);
2429 ++ err = PTR_ERR_OR_ZERO(trap);
2430 ++ if (err) {
2431 ++ if (err == -ELOOP)
2432 ++ pr_err("overlayfs: conflicting %s path\n", name);
2433 ++ return err;
2434 ++ }
2435 ++
2436 ++ *ptrap = trap;
2437 ++ return 0;
2438 ++}
2439 ++
2440 ++static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs,
2441 ++ struct path *upperpath)
2442 + {
2443 + struct vfsmount *upper_mnt;
2444 + int err;
2445 +@@ -1004,6 +1028,11 @@ static int ovl_get_upper(struct ovl_fs *ofs, struct path *upperpath)
2446 + if (err)
2447 + goto out;
2448 +
2449 ++ err = ovl_setup_trap(sb, upperpath->dentry, &ofs->upperdir_trap,
2450 ++ "upperdir");
2451 ++ if (err)
2452 ++ goto out;
2453 ++
2454 + upper_mnt = clone_private_mount(upperpath);
2455 + err = PTR_ERR(upper_mnt);
2456 + if (IS_ERR(upper_mnt)) {
2457 +@@ -1030,7 +1059,8 @@ out:
2458 + return err;
2459 + }
2460 +
2461 +-static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath)
2462 ++static int ovl_make_workdir(struct super_block *sb, struct ovl_fs *ofs,
2463 ++ struct path *workpath)
2464 + {
2465 + struct vfsmount *mnt = ofs->upper_mnt;
2466 + struct dentry *temp;
2467 +@@ -1045,6 +1075,10 @@ static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath)
2468 + if (!ofs->workdir)
2469 + goto out;
2470 +
2471 ++ err = ovl_setup_trap(sb, ofs->workdir, &ofs->workdir_trap, "workdir");
2472 ++ if (err)
2473 ++ goto out;
2474 ++
2475 + /*
2476 + * Upper should support d_type, else whiteouts are visible. Given
2477 + * workdir and upper are on same fs, we can do iterate_dir() on
2478 +@@ -1105,7 +1139,8 @@ out:
2479 + return err;
2480 + }
2481 +
2482 +-static int ovl_get_workdir(struct ovl_fs *ofs, struct path *upperpath)
2483 ++static int ovl_get_workdir(struct super_block *sb, struct ovl_fs *ofs,
2484 ++ struct path *upperpath)
2485 + {
2486 + int err;
2487 + struct path workpath = { };
2488 +@@ -1136,19 +1171,16 @@ static int ovl_get_workdir(struct ovl_fs *ofs, struct path *upperpath)
2489 + pr_warn("overlayfs: workdir is in-use by another mount, accessing files from both mounts will result in undefined behavior.\n");
2490 + }
2491 +
2492 +- err = ovl_make_workdir(ofs, &workpath);
2493 +- if (err)
2494 +- goto out;
2495 ++ err = ovl_make_workdir(sb, ofs, &workpath);
2496 +
2497 +- err = 0;
2498 + out:
2499 + path_put(&workpath);
2500 +
2501 + return err;
2502 + }
2503 +
2504 +-static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
2505 +- struct path *upperpath)
2506 ++static int ovl_get_indexdir(struct super_block *sb, struct ovl_fs *ofs,
2507 ++ struct ovl_entry *oe, struct path *upperpath)
2508 + {
2509 + struct vfsmount *mnt = ofs->upper_mnt;
2510 + int err;
2511 +@@ -1167,6 +1199,11 @@ static int ovl_get_indexdir(struct ovl_fs *ofs, struct ovl_entry *oe,
2512 +
2513 + ofs->indexdir = ovl_workdir_create(ofs, OVL_INDEXDIR_NAME, true);
2514 + if (ofs->indexdir) {
2515 ++ err = ovl_setup_trap(sb, ofs->indexdir, &ofs->indexdir_trap,
2516 ++ "indexdir");
2517 ++ if (err)
2518 ++ goto out;
2519 ++
2520 + /*
2521 + * Verify upper root is exclusively associated with index dir.
2522 + * Older kernels stored upper fh in "trusted.overlay.origin"
2523 +@@ -1226,8 +1263,8 @@ static int ovl_get_fsid(struct ovl_fs *ofs, struct super_block *sb)
2524 + return ofs->numlowerfs;
2525 + }
2526 +
2527 +-static int ovl_get_lower_layers(struct ovl_fs *ofs, struct path *stack,
2528 +- unsigned int numlower)
2529 ++static int ovl_get_lower_layers(struct super_block *sb, struct ovl_fs *ofs,
2530 ++ struct path *stack, unsigned int numlower)
2531 + {
2532 + int err;
2533 + unsigned int i;
2534 +@@ -1245,16 +1282,28 @@ static int ovl_get_lower_layers(struct ovl_fs *ofs, struct path *stack,
2535 +
2536 + for (i = 0; i < numlower; i++) {
2537 + struct vfsmount *mnt;
2538 ++ struct inode *trap;
2539 + int fsid;
2540 +
2541 + err = fsid = ovl_get_fsid(ofs, stack[i].mnt->mnt_sb);
2542 + if (err < 0)
2543 + goto out;
2544 +
2545 ++ err = -EBUSY;
2546 ++ if (ovl_is_inuse(stack[i].dentry)) {
2547 ++ pr_err("overlayfs: lowerdir is in-use as upperdir/workdir\n");
2548 ++ goto out;
2549 ++ }
2550 ++
2551 ++ err = ovl_setup_trap(sb, stack[i].dentry, &trap, "lowerdir");
2552 ++ if (err)
2553 ++ goto out;
2554 ++
2555 + mnt = clone_private_mount(&stack[i]);
2556 + err = PTR_ERR(mnt);
2557 + if (IS_ERR(mnt)) {
2558 + pr_err("overlayfs: failed to clone lowerpath\n");
2559 ++ iput(trap);
2560 + goto out;
2561 + }
2562 +
2563 +@@ -1264,6 +1313,7 @@ static int ovl_get_lower_layers(struct ovl_fs *ofs, struct path *stack,
2564 + */
2565 + mnt->mnt_flags |= MNT_READONLY | MNT_NOATIME;
2566 +
2567 ++ ofs->lower_layers[ofs->numlower].trap = trap;
2568 + ofs->lower_layers[ofs->numlower].mnt = mnt;
2569 + ofs->lower_layers[ofs->numlower].idx = i + 1;
2570 + ofs->lower_layers[ofs->numlower].fsid = fsid;
2571 +@@ -1358,7 +1408,7 @@ static struct ovl_entry *ovl_get_lowerstack(struct super_block *sb,
2572 + goto out_err;
2573 + }
2574 +
2575 +- err = ovl_get_lower_layers(ofs, stack, numlower);
2576 ++ err = ovl_get_lower_layers(sb, ofs, stack, numlower);
2577 + if (err)
2578 + goto out_err;
2579 +
2580 +@@ -1390,6 +1440,77 @@ out_err:
2581 + goto out;
2582 + }
2583 +
2584 ++/*
2585 ++ * Check if this layer root is a descendant of:
2586 ++ * - another layer of this overlayfs instance
2587 ++ * - upper/work dir of any overlayfs instance
2588 ++ */
2589 ++static int ovl_check_layer(struct super_block *sb, struct dentry *dentry,
2590 ++ const char *name)
2591 ++{
2592 ++ struct dentry *next = dentry, *parent;
2593 ++ int err = 0;
2594 ++
2595 ++ if (!dentry)
2596 ++ return 0;
2597 ++
2598 ++ parent = dget_parent(next);
2599 ++
2600 ++ /* Walk back ancestors to root (inclusive) looking for traps */
2601 ++ while (!err && parent != next) {
2602 ++ if (ovl_is_inuse(parent)) {
2603 ++ err = -EBUSY;
2604 ++ pr_err("overlayfs: %s path overlapping in-use upperdir/workdir\n",
2605 ++ name);
2606 ++ } else if (ovl_lookup_trap_inode(sb, parent)) {
2607 ++ err = -ELOOP;
2608 ++ pr_err("overlayfs: overlapping %s path\n", name);
2609 ++ }
2610 ++ next = parent;
2611 ++ parent = dget_parent(next);
2612 ++ dput(next);
2613 ++ }
2614 ++
2615 ++ dput(parent);
2616 ++
2617 ++ return err;
2618 ++}
2619 ++
2620 ++/*
2621 ++ * Check if any of the layers or work dirs overlap.
2622 ++ */
2623 ++static int ovl_check_overlapping_layers(struct super_block *sb,
2624 ++ struct ovl_fs *ofs)
2625 ++{
2626 ++ int i, err;
2627 ++
2628 ++ if (ofs->upper_mnt) {
2629 ++ err = ovl_check_layer(sb, ofs->upper_mnt->mnt_root, "upperdir");
2630 ++ if (err)
2631 ++ return err;
2632 ++
2633 ++ /*
2634 ++ * Checking workbasedir avoids hitting ovl_is_inuse(parent) of
2635 ++ * this instance and covers overlapping work and index dirs,
2636 ++ * unless work or index dir have been moved since created inside
2637 ++ * workbasedir. In that case, we already have their traps in
2638 ++ * inode cache and we will catch that case on lookup.
2639 ++ */
2640 ++ err = ovl_check_layer(sb, ofs->workbasedir, "workdir");
2641 ++ if (err)
2642 ++ return err;
2643 ++ }
2644 ++
2645 ++ for (i = 0; i < ofs->numlower; i++) {
2646 ++ err = ovl_check_layer(sb, ofs->lower_layers[i].mnt->mnt_root,
2647 ++ "lowerdir");
2648 ++ if (err)
2649 ++ return err;
2650 ++ }
2651 ++
2652 ++ return 0;
2653 ++}
2654 ++
2655 + static int ovl_fill_super(struct super_block *sb, void *data, int silent)
2656 + {
2657 + struct path upperpath = { };
2658 +@@ -1429,17 +1550,20 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
2659 + if (ofs->config.xino != OVL_XINO_OFF)
2660 + ofs->xino_bits = BITS_PER_LONG - 32;
2661 +
2662 ++ /* alloc/destroy_inode needed for setting up traps in inode cache */
2663 ++ sb->s_op = &ovl_super_operations;
2664 ++
2665 + if (ofs->config.upperdir) {
2666 + if (!ofs->config.workdir) {
2667 + pr_err("overlayfs: missing 'workdir'\n");
2668 + goto out_err;
2669 + }
2670 +
2671 +- err = ovl_get_upper(ofs, &upperpath);
2672 ++ err = ovl_get_upper(sb, ofs, &upperpath);
2673 + if (err)
2674 + goto out_err;
2675 +
2676 +- err = ovl_get_workdir(ofs, &upperpath);
2677 ++ err = ovl_get_workdir(sb, ofs, &upperpath);
2678 + if (err)
2679 + goto out_err;
2680 +
2681 +@@ -1460,7 +1584,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
2682 + sb->s_flags |= SB_RDONLY;
2683 +
2684 + if (!(ovl_force_readonly(ofs)) && ofs->config.index) {
2685 +- err = ovl_get_indexdir(ofs, oe, &upperpath);
2686 ++ err = ovl_get_indexdir(sb, ofs, oe, &upperpath);
2687 + if (err)
2688 + goto out_free_oe;
2689 +
2690 +@@ -1473,6 +1597,10 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
2691 +
2692 + }
2693 +
2694 ++ err = ovl_check_overlapping_layers(sb, ofs);
2695 ++ if (err)
2696 ++ goto out_free_oe;
2697 ++
2698 + /* Show index=off in /proc/mounts for forced r/o mount */
2699 + if (!ofs->indexdir) {
2700 + ofs->config.index = false;
2701 +@@ -1494,7 +1622,6 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
2702 + cap_lower(cred->cap_effective, CAP_SYS_RESOURCE);
2703 +
2704 + sb->s_magic = OVERLAYFS_SUPER_MAGIC;
2705 +- sb->s_op = &ovl_super_operations;
2706 + sb->s_xattr = ovl_xattr_handlers;
2707 + sb->s_fs_info = ofs;
2708 + sb->s_flags |= SB_POSIXACL;
2709 +diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c
2710 +index c9a2e3c6d537..db8bdb29b320 100644
2711 +--- a/fs/overlayfs/util.c
2712 ++++ b/fs/overlayfs/util.c
2713 +@@ -653,6 +653,18 @@ void ovl_inuse_unlock(struct dentry *dentry)
2714 + }
2715 + }
2716 +
2717 ++bool ovl_is_inuse(struct dentry *dentry)
2718 ++{
2719 ++ struct inode *inode = d_inode(dentry);
2720 ++ bool inuse;
2721 ++
2722 ++ spin_lock(&inode->i_lock);
2723 ++ inuse = (inode->i_state & I_OVL_INUSE);
2724 ++ spin_unlock(&inode->i_lock);
2725 ++
2726 ++ return inuse;
2727 ++}
2728 ++
2729 + /*
2730 + * Does this overlay dentry need to be indexed on copy up?
2731 + */
2732 +diff --git a/include/linux/mmc/host.h b/include/linux/mmc/host.h
2733 +index beed7121c781..2ff52de1c2b8 100644
2734 +--- a/include/linux/mmc/host.h
2735 ++++ b/include/linux/mmc/host.h
2736 +@@ -395,6 +395,7 @@ struct mmc_host {
2737 + unsigned int retune_now:1; /* do re-tuning at next req */
2738 + unsigned int retune_paused:1; /* re-tuning is temporarily disabled */
2739 + unsigned int use_blk_mq:1; /* use blk-mq */
2740 ++ unsigned int retune_crc_disable:1; /* don't trigger retune upon crc */
2741 +
2742 + int rescan_disable; /* disable card detection */
2743 + int rescan_entered; /* used with nonremovable devices */
2744 +diff --git a/include/linux/mmc/sdio_func.h b/include/linux/mmc/sdio_func.h
2745 +index 97ca105347a6..6905f3f641cc 100644
2746 +--- a/include/linux/mmc/sdio_func.h
2747 ++++ b/include/linux/mmc/sdio_func.h
2748 +@@ -159,4 +159,10 @@ extern void sdio_f0_writeb(struct sdio_func *func, unsigned char b,
2749 + extern mmc_pm_flag_t sdio_get_host_pm_caps(struct sdio_func *func);
2750 + extern int sdio_set_host_pm_flags(struct sdio_func *func, mmc_pm_flag_t flags);
2751 +
2752 ++extern void sdio_retune_crc_disable(struct sdio_func *func);
2753 ++extern void sdio_retune_crc_enable(struct sdio_func *func);
2754 ++
2755 ++extern void sdio_retune_hold_now(struct sdio_func *func);
2756 ++extern void sdio_retune_release(struct sdio_func *func);
2757 ++
2758 + #endif /* LINUX_MMC_SDIO_FUNC_H */
2759 +diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
2760 +index 1dfb75057580..cc2d0c3b475b 100644
2761 +--- a/include/net/bluetooth/hci_core.h
2762 ++++ b/include/net/bluetooth/hci_core.h
2763 +@@ -182,6 +182,9 @@ struct adv_info {
2764 +
2765 + #define HCI_MAX_SHORT_NAME_LENGTH 10
2766 +
2767 ++/* Min encryption key size to match with SMP */
2768 ++#define HCI_MIN_ENC_KEY_SIZE 7
2769 ++
2770 + /* Default LE RPA expiry time, 15 minutes */
2771 + #define HCI_DEFAULT_RPA_TIMEOUT (15 * 60)
2772 +
2773 +diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
2774 +index 4de121e24ce5..67e0a990144a 100644
2775 +--- a/include/net/cfg80211.h
2776 ++++ b/include/net/cfg80211.h
2777 +@@ -3448,7 +3448,8 @@ struct cfg80211_ops {
2778 + * on wiphy_new(), but can be changed by the driver if it has a good
2779 + * reason to override the default
2780 + * @WIPHY_FLAG_4ADDR_AP: supports 4addr mode even on AP (with a single station
2781 +- * on a VLAN interface)
2782 ++ * on a VLAN interface). This flag also serves an extra purpose of
2783 ++ * supporting 4ADDR AP mode on devices which do not support AP/VLAN iftype.
2784 + * @WIPHY_FLAG_4ADDR_STATION: supports 4addr mode even as a station
2785 + * @WIPHY_FLAG_CONTROL_PORT_PROTOCOL: This device supports setting the
2786 + * control port protocol ethertype. The device also honours the
2787 +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
2788 +index 1bd7a758583b..181dba75a203 100644
2789 +--- a/kernel/trace/trace.c
2790 ++++ b/kernel/trace/trace.c
2791 +@@ -8351,12 +8351,8 @@ void ftrace_dump(enum ftrace_dump_mode oops_dump_mode)
2792 +
2793 + cnt++;
2794 +
2795 +- /* reset all but tr, trace, and overruns */
2796 +- memset(&iter.seq, 0,
2797 +- sizeof(struct trace_iterator) -
2798 +- offsetof(struct trace_iterator, seq));
2799 ++ trace_iterator_reset(&iter);
2800 + iter.iter_flags |= TRACE_FILE_LAT_FMT;
2801 +- iter.pos = -1;
2802 +
2803 + if (trace_find_next_entry_inc(&iter) != NULL) {
2804 + int ret;
2805 +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
2806 +index 447bd96ee658..d11d7bfc3fa5 100644
2807 +--- a/kernel/trace/trace.h
2808 ++++ b/kernel/trace/trace.h
2809 +@@ -1895,4 +1895,22 @@ static inline void tracer_hardirqs_off(unsigned long a0, unsigned long a1) { }
2810 +
2811 + extern struct trace_iterator *tracepoint_print_iter;
2812 +
2813 ++/*
2814 ++ * Reset the state of the trace_iterator so that it can read consumed data.
2815 ++ * Normally, the trace_iterator is used for reading the data when it is not
2816 ++ * consumed, and must retain state.
2817 ++ */
2818 ++static __always_inline void trace_iterator_reset(struct trace_iterator *iter)
2819 ++{
2820 ++ const size_t offset = offsetof(struct trace_iterator, seq);
2821 ++
2822 ++ /*
2823 ++ * Keep gcc from complaining about overwriting more than just one
2824 ++ * member in the structure.
2825 ++ */
2826 ++ memset((char *)iter + offset, 0, sizeof(struct trace_iterator) - offset);
2827 ++
2828 ++ iter->pos = -1;
2829 ++}
2830 ++
2831 + #endif /* _LINUX_KERNEL_TRACE_H */
2832 +diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c
2833 +index 810d78a8d14c..2905a3dd94c1 100644
2834 +--- a/kernel/trace/trace_kdb.c
2835 ++++ b/kernel/trace/trace_kdb.c
2836 +@@ -41,12 +41,8 @@ static void ftrace_dump_buf(int skip_lines, long cpu_file)
2837 +
2838 + kdb_printf("Dumping ftrace buffer:\n");
2839 +
2840 +- /* reset all but tr, trace, and overruns */
2841 +- memset(&iter.seq, 0,
2842 +- sizeof(struct trace_iterator) -
2843 +- offsetof(struct trace_iterator, seq));
2844 ++ trace_iterator_reset(&iter);
2845 + iter.iter_flags |= TRACE_FILE_LAT_FMT;
2846 +- iter.pos = -1;
2847 +
2848 + if (cpu_file == RING_BUFFER_ALL_CPUS) {
2849 + for_each_tracing_cpu(cpu) {
2850 +diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
2851 +index bd4978ce8c45..15d1cb5aee18 100644
2852 +--- a/net/bluetooth/hci_conn.c
2853 ++++ b/net/bluetooth/hci_conn.c
2854 +@@ -1392,8 +1392,16 @@ auth:
2855 + return 0;
2856 +
2857 + encrypt:
2858 +- if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
2859 ++ if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
2860 ++ /* Ensure that the encryption key size has been read,
2861 ++ * otherwise stall the upper layer responses.
2862 ++ */
2863 ++ if (!conn->enc_key_size)
2864 ++ return 0;
2865 ++
2866 ++ /* Nothing else needed, all requirements are met */
2867 + return 1;
2868 ++ }
2869 +
2870 + hci_conn_encrypt(conn);
2871 + return 0;
2872 +diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
2873 +index 2c6eabf294b3..69e3be51a2c3 100644
2874 +--- a/net/bluetooth/l2cap_core.c
2875 ++++ b/net/bluetooth/l2cap_core.c
2876 +@@ -1340,6 +1340,21 @@ static void l2cap_request_info(struct l2cap_conn *conn)
2877 + sizeof(req), &req);
2878 + }
2879 +
2880 ++static bool l2cap_check_enc_key_size(struct hci_conn *hcon)
2881 ++{
2882 ++ /* The minimum encryption key size needs to be enforced by the
2883 ++ * host stack before establishing any L2CAP connections. The
2884 ++ * specification in theory allows a minimum of 1, but to align
2885 ++ * BR/EDR and LE transports, a minimum of 7 is chosen.
2886 ++ *
2887 ++ * This check might also be called for unencrypted connections
2888 ++ * that have no key size requirements. Ensure that the link is
2889 ++ * actually encrypted before enforcing a key size.
2890 ++ */
2891 ++ return (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags) ||
2892 ++ hcon->enc_key_size > HCI_MIN_ENC_KEY_SIZE);
2893 ++}
2894 ++
2895 + static void l2cap_do_start(struct l2cap_chan *chan)
2896 + {
2897 + struct l2cap_conn *conn = chan->conn;
2898 +@@ -1357,9 +1372,14 @@ static void l2cap_do_start(struct l2cap_chan *chan)
2899 + if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
2900 + return;
2901 +
2902 +- if (l2cap_chan_check_security(chan, true) &&
2903 +- __l2cap_no_conn_pending(chan))
2904 ++ if (!l2cap_chan_check_security(chan, true) ||
2905 ++ !__l2cap_no_conn_pending(chan))
2906 ++ return;
2907 ++
2908 ++ if (l2cap_check_enc_key_size(conn->hcon))
2909 + l2cap_start_connection(chan);
2910 ++ else
2911 ++ __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2912 + }
2913 +
2914 + static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2915 +@@ -1438,7 +1458,10 @@ static void l2cap_conn_start(struct l2cap_conn *conn)
2916 + continue;
2917 + }
2918 +
2919 +- l2cap_start_connection(chan);
2920 ++ if (l2cap_check_enc_key_size(conn->hcon))
2921 ++ l2cap_start_connection(chan);
2922 ++ else
2923 ++ l2cap_chan_close(chan, ECONNREFUSED);
2924 +
2925 + } else if (chan->state == BT_CONNECT2) {
2926 + struct l2cap_conn_rsp rsp;
2927 +@@ -7455,7 +7478,7 @@ static void l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2928 + }
2929 +
2930 + if (chan->state == BT_CONNECT) {
2931 +- if (!status)
2932 ++ if (!status && l2cap_check_enc_key_size(hcon))
2933 + l2cap_start_connection(chan);
2934 + else
2935 + __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
2936 +@@ -7464,7 +7487,7 @@ static void l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
2937 + struct l2cap_conn_rsp rsp;
2938 + __u16 res, stat;
2939 +
2940 +- if (!status) {
2941 ++ if (!status && l2cap_check_enc_key_size(hcon)) {
2942 + if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
2943 + res = L2CAP_CR_PEND;
2944 + stat = L2CAP_CS_AUTHOR_PEND;
2945 +diff --git a/net/can/af_can.c b/net/can/af_can.c
2946 +index 1684ba5b51eb..e386d654116d 100644
2947 +--- a/net/can/af_can.c
2948 ++++ b/net/can/af_can.c
2949 +@@ -105,6 +105,7 @@ EXPORT_SYMBOL(can_ioctl);
2950 + static void can_sock_destruct(struct sock *sk)
2951 + {
2952 + skb_queue_purge(&sk->sk_receive_queue);
2953 ++ skb_queue_purge(&sk->sk_error_queue);
2954 + }
2955 +
2956 + static const struct can_proto *can_get_proto(int protocol)
2957 +diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
2958 +index 172aeae21ae9..35c6dfa13fa8 100644
2959 +--- a/net/mac80211/ieee80211_i.h
2960 ++++ b/net/mac80211/ieee80211_i.h
2961 +@@ -2183,6 +2183,9 @@ void ieee80211_tdls_cancel_channel_switch(struct wiphy *wiphy,
2962 + const u8 *addr);
2963 + void ieee80211_teardown_tdls_peers(struct ieee80211_sub_if_data *sdata);
2964 + void ieee80211_tdls_chsw_work(struct work_struct *wk);
2965 ++void ieee80211_tdls_handle_disconnect(struct ieee80211_sub_if_data *sdata,
2966 ++ const u8 *peer, u16 reason);
2967 ++const char *ieee80211_get_reason_code_string(u16 reason_code);
2968 +
2969 + extern const struct ethtool_ops ieee80211_ethtool_ops;
2970 +
2971 +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
2972 +index 2ac749c4a6b2..1aaa73fa308e 100644
2973 +--- a/net/mac80211/mlme.c
2974 ++++ b/net/mac80211/mlme.c
2975 +@@ -2868,7 +2868,7 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2976 + #define case_WLAN(type) \
2977 + case WLAN_REASON_##type: return #type
2978 +
2979 +-static const char *ieee80211_get_reason_code_string(u16 reason_code)
2980 ++const char *ieee80211_get_reason_code_string(u16 reason_code)
2981 + {
2982 + switch (reason_code) {
2983 + case_WLAN(UNSPECIFIED);
2984 +@@ -2933,6 +2933,11 @@ static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2985 + if (len < 24 + 2)
2986 + return;
2987 +
2988 ++ if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
2989 ++ ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
2990 ++ return;
2991 ++ }
2992 ++
2993 + if (ifmgd->associated &&
2994 + ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid)) {
2995 + const u8 *bssid = ifmgd->associated->bssid;
2996 +@@ -2982,6 +2987,11 @@ static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2997 +
2998 + reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2999 +
3000 ++ if (!ether_addr_equal(mgmt->bssid, mgmt->sa)) {
3001 ++ ieee80211_tdls_handle_disconnect(sdata, mgmt->sa, reason_code);
3002 ++ return;
3003 ++ }
3004 ++
3005 + sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
3006 + mgmt->sa, reason_code,
3007 + ieee80211_get_reason_code_string(reason_code));
3008 +diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
3009 +index e946ee4f335b..7523d995ea8a 100644
3010 +--- a/net/mac80211/rx.c
3011 ++++ b/net/mac80211/rx.c
3012 +@@ -3752,6 +3752,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
3013 + case NL80211_IFTYPE_STATION:
3014 + if (!bssid && !sdata->u.mgd.use_4addr)
3015 + return false;
3016 ++ if (ieee80211_is_robust_mgmt_frame(skb) && !rx->sta)
3017 ++ return false;
3018 + if (multicast)
3019 + return true;
3020 + return ether_addr_equal(sdata->vif.addr, hdr->addr1);
3021 +diff --git a/net/mac80211/tdls.c b/net/mac80211/tdls.c
3022 +index 6c647f425e05..67745d1d4c5d 100644
3023 +--- a/net/mac80211/tdls.c
3024 ++++ b/net/mac80211/tdls.c
3025 +@@ -1992,3 +1992,26 @@ void ieee80211_tdls_chsw_work(struct work_struct *wk)
3026 + }
3027 + rtnl_unlock();
3028 + }
3029 ++
3030 ++void ieee80211_tdls_handle_disconnect(struct ieee80211_sub_if_data *sdata,
3031 ++ const u8 *peer, u16 reason)
3032 ++{
3033 ++ struct ieee80211_sta *sta;
3034 ++
3035 ++ rcu_read_lock();
3036 ++ sta = ieee80211_find_sta(&sdata->vif, peer);
3037 ++ if (!sta || !sta->tdls) {
3038 ++ rcu_read_unlock();
3039 ++ return;
3040 ++ }
3041 ++ rcu_read_unlock();
3042 ++
3043 ++ tdls_dbg(sdata, "disconnected from TDLS peer %pM (Reason: %u=%s)\n",
3044 ++ peer, reason,
3045 ++ ieee80211_get_reason_code_string(reason));
3046 ++
3047 ++ ieee80211_tdls_oper_request(&sdata->vif, peer,
3048 ++ NL80211_TDLS_TEARDOWN,
3049 ++ WLAN_REASON_TDLS_TEARDOWN_UNREACHABLE,
3050 ++ GFP_ATOMIC);
3051 ++}
3052 +diff --git a/net/mac80211/util.c b/net/mac80211/util.c
3053 +index 3deaa01ebee4..2558a34c9df1 100644
3054 +--- a/net/mac80211/util.c
3055 ++++ b/net/mac80211/util.c
3056 +@@ -3523,7 +3523,9 @@ int ieee80211_check_combinations(struct ieee80211_sub_if_data *sdata,
3057 + }
3058 +
3059 + /* Always allow software iftypes */
3060 +- if (local->hw.wiphy->software_iftypes & BIT(iftype)) {
3061 ++ if (local->hw.wiphy->software_iftypes & BIT(iftype) ||
3062 ++ (iftype == NL80211_IFTYPE_AP_VLAN &&
3063 ++ local->hw.wiphy->flags & WIPHY_FLAG_4ADDR_AP)) {
3064 + if (radar_detect)
3065 + return -EINVAL;
3066 + return 0;
3067 +diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
3068 +index 58d0b258b684..5dd48f0a4b1b 100644
3069 +--- a/net/mac80211/wpa.c
3070 ++++ b/net/mac80211/wpa.c
3071 +@@ -1175,7 +1175,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
3072 + struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
3073 + struct ieee80211_key *key = rx->key;
3074 + struct ieee80211_mmie_16 *mmie;
3075 +- u8 aad[GMAC_AAD_LEN], mic[GMAC_MIC_LEN], ipn[6], nonce[GMAC_NONCE_LEN];
3076 ++ u8 aad[GMAC_AAD_LEN], *mic, ipn[6], nonce[GMAC_NONCE_LEN];
3077 + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3078 +
3079 + if (!ieee80211_is_mgmt(hdr->frame_control))
3080 +@@ -1206,13 +1206,18 @@ ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
3081 + memcpy(nonce, hdr->addr2, ETH_ALEN);
3082 + memcpy(nonce + ETH_ALEN, ipn, 6);
3083 +
3084 ++ mic = kmalloc(GMAC_MIC_LEN, GFP_ATOMIC);
3085 ++ if (!mic)
3086 ++ return RX_DROP_UNUSABLE;
3087 + if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
3088 + skb->data + 24, skb->len - 24,
3089 + mic) < 0 ||
3090 + crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
3091 + key->u.aes_gmac.icverrors++;
3092 ++ kfree(mic);
3093 + return RX_DROP_UNUSABLE;
3094 + }
3095 ++ kfree(mic);
3096 + }
3097 +
3098 + memcpy(key->u.aes_gmac.rx_pn, ipn, 6);
3099 +diff --git a/net/wireless/core.c b/net/wireless/core.c
3100 +index a88551f3bc43..2a46ec3cb72c 100644
3101 +--- a/net/wireless/core.c
3102 ++++ b/net/wireless/core.c
3103 +@@ -498,7 +498,7 @@ use_default_name:
3104 + &rdev->rfkill_ops, rdev);
3105 +
3106 + if (!rdev->rfkill) {
3107 +- kfree(rdev);
3108 ++ wiphy_free(&rdev->wiphy);
3109 + return NULL;
3110 + }
3111 +
3112 +@@ -1335,8 +1335,12 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
3113 + }
3114 + break;
3115 + case NETDEV_PRE_UP:
3116 +- if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)))
3117 ++ if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)) &&
3118 ++ !(wdev->iftype == NL80211_IFTYPE_AP_VLAN &&
3119 ++ rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP &&
3120 ++ wdev->use_4addr))
3121 + return notifier_from_errno(-EOPNOTSUPP);
3122 ++
3123 + if (rfkill_blocked(rdev->rfkill))
3124 + return notifier_from_errno(-ERFKILL);
3125 + break;
3126 +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
3127 +index c6711ead5e59..8e2f03ab4cc9 100644
3128 +--- a/net/wireless/nl80211.c
3129 ++++ b/net/wireless/nl80211.c
3130 +@@ -3191,8 +3191,7 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3131 + return -EINVAL;
3132 + }
3133 +
3134 +- if (!rdev->ops->add_virtual_intf ||
3135 +- !(rdev->wiphy.interface_modes & (1 << type)))
3136 ++ if (!rdev->ops->add_virtual_intf)
3137 + return -EOPNOTSUPP;
3138 +
3139 + if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3140 +@@ -3211,6 +3210,11 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3141 + return err;
3142 + }
3143 +
3144 ++ if (!(rdev->wiphy.interface_modes & (1 << type)) &&
3145 ++ !(type == NL80211_IFTYPE_AP_VLAN && params.use_4addr &&
3146 ++ rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP))
3147 ++ return -EOPNOTSUPP;
3148 ++
3149 + err = nl80211_parse_mon_options(rdev, type, info, &params);
3150 + if (err < 0)
3151 + return err;
3152 +@@ -4607,8 +4611,10 @@ static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3153 + struct nlattr *sinfoattr, *bss_param;
3154 +
3155 + hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3156 +- if (!hdr)
3157 ++ if (!hdr) {
3158 ++ cfg80211_sinfo_release_content(sinfo);
3159 + return -1;
3160 ++ }
3161 +
3162 + if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3163 + nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3164 +diff --git a/scripts/checkstack.pl b/scripts/checkstack.pl
3165 +index 34414c6efad6..a2c9e7f98e06 100755
3166 +--- a/scripts/checkstack.pl
3167 ++++ b/scripts/checkstack.pl
3168 +@@ -46,7 +46,7 @@ my (@stack, $re, $dre, $x, $xs, $funcre);
3169 + $x = "[0-9a-f]"; # hex character
3170 + $xs = "[0-9a-f ]"; # hex character or space
3171 + $funcre = qr/^$x* <(.*)>:$/;
3172 +- if ($arch eq 'aarch64') {
3173 ++ if ($arch =~ '^(aarch|arm)64$') {
3174 + #ffffffc0006325cc: a9bb7bfd stp x29, x30, [sp, #-80]!
3175 + $re = qr/^.*stp.*sp, \#-([0-9]{1,8})\]\!/o;
3176 + } elsif ($arch eq 'arm') {
3177 +diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
3178 +index ab64c6b5db5a..28c098fb6208 100644
3179 +--- a/security/apparmor/include/policy.h
3180 ++++ b/security/apparmor/include/policy.h
3181 +@@ -214,7 +214,16 @@ static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p)
3182 + return labels_profile(aa_get_newest_label(&p->label));
3183 + }
3184 +
3185 +-#define PROFILE_MEDIATES(P, T) ((P)->policy.start[(unsigned char) (T)])
3186 ++static inline unsigned int PROFILE_MEDIATES(struct aa_profile *profile,
3187 ++ unsigned char class)
3188 ++{
3189 ++ if (class <= AA_CLASS_LAST)
3190 ++ return profile->policy.start[class];
3191 ++ else
3192 ++ return aa_dfa_match_len(profile->policy.dfa,
3193 ++ profile->policy.start[0], &class, 1);
3194 ++}
3195 ++
3196 + static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile,
3197 + u16 AF) {
3198 + unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET);
3199 +diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
3200 +index 21cb384d712a..088ea2ac8570 100644
3201 +--- a/security/apparmor/policy_unpack.c
3202 ++++ b/security/apparmor/policy_unpack.c
3203 +@@ -276,7 +276,7 @@ static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
3204 + char *tag = NULL;
3205 + size_t size = unpack_u16_chunk(e, &tag);
3206 + /* if a name is specified it must match. otherwise skip tag */
3207 +- if (name && (!size || strcmp(name, tag)))
3208 ++ if (name && (!size || tag[size-1] != '\0' || strcmp(name, tag)))
3209 + goto fail;
3210 + } else if (name) {
3211 + /* if a name is specified and there is no name tag fail */
3212 +diff --git a/tools/objtool/check.c b/tools/objtool/check.c
3213 +index 02a47e365e52..ecf5fc77f50b 100644
3214 +--- a/tools/objtool/check.c
3215 ++++ b/tools/objtool/check.c
3216 +@@ -839,7 +839,7 @@ static int add_switch_table(struct objtool_file *file, struct instruction *insn,
3217 + struct symbol *pfunc = insn->func->pfunc;
3218 + unsigned int prev_offset = 0;
3219 +
3220 +- list_for_each_entry_from(rela, &file->rodata->rela->rela_list, list) {
3221 ++ list_for_each_entry_from(rela, &table->rela_sec->rela_list, list) {
3222 + if (rela == next_table)
3223 + break;
3224 +
3225 +@@ -929,6 +929,7 @@ static struct rela *find_switch_table(struct objtool_file *file,
3226 + {
3227 + struct rela *text_rela, *rodata_rela;
3228 + struct instruction *orig_insn = insn;
3229 ++ struct section *rodata_sec;
3230 + unsigned long table_offset;
3231 +
3232 + /*
3233 +@@ -956,10 +957,13 @@ static struct rela *find_switch_table(struct objtool_file *file,
3234 + /* look for a relocation which references .rodata */
3235 + text_rela = find_rela_by_dest_range(insn->sec, insn->offset,
3236 + insn->len);
3237 +- if (!text_rela || text_rela->sym != file->rodata->sym)
3238 ++ if (!text_rela || text_rela->sym->type != STT_SECTION ||
3239 ++ !text_rela->sym->sec->rodata)
3240 + continue;
3241 +
3242 + table_offset = text_rela->addend;
3243 ++ rodata_sec = text_rela->sym->sec;
3244 ++
3245 + if (text_rela->type == R_X86_64_PC32)
3246 + table_offset += 4;
3247 +
3248 +@@ -967,10 +971,10 @@ static struct rela *find_switch_table(struct objtool_file *file,
3249 + * Make sure the .rodata address isn't associated with a
3250 + * symbol. gcc jump tables are anonymous data.
3251 + */
3252 +- if (find_symbol_containing(file->rodata, table_offset))
3253 ++ if (find_symbol_containing(rodata_sec, table_offset))
3254 + continue;
3255 +
3256 +- rodata_rela = find_rela_by_dest(file->rodata, table_offset);
3257 ++ rodata_rela = find_rela_by_dest(rodata_sec, table_offset);
3258 + if (rodata_rela) {
3259 + /*
3260 + * Use of RIP-relative switch jumps is quite rare, and
3261 +@@ -1055,7 +1059,7 @@ static int add_switch_table_alts(struct objtool_file *file)
3262 + struct symbol *func;
3263 + int ret;
3264 +
3265 +- if (!file->rodata || !file->rodata->rela)
3266 ++ if (!file->rodata)
3267 + return 0;
3268 +
3269 + for_each_sec(file, sec) {
3270 +@@ -1201,10 +1205,33 @@ static int read_retpoline_hints(struct objtool_file *file)
3271 + return 0;
3272 + }
3273 +
3274 ++static void mark_rodata(struct objtool_file *file)
3275 ++{
3276 ++ struct section *sec;
3277 ++ bool found = false;
3278 ++
3279 ++ /*
3280 ++ * This searches for the .rodata section or multiple .rodata.func_name
3281 ++ * sections if -fdata-sections is being used. The .str.1.1 and .str.1.8
3282 ++ * rodata sections are ignored as they don't contain jump tables.
3283 ++ */
3284 ++ for_each_sec(file, sec) {
3285 ++ if (!strncmp(sec->name, ".rodata", 7) &&
3286 ++ !strstr(sec->name, ".str1.")) {
3287 ++ sec->rodata = true;
3288 ++ found = true;
3289 ++ }
3290 ++ }
3291 ++
3292 ++ file->rodata = found;
3293 ++}
3294 ++
3295 + static int decode_sections(struct objtool_file *file)
3296 + {
3297 + int ret;
3298 +
3299 ++ mark_rodata(file);
3300 ++
3301 + ret = decode_instructions(file);
3302 + if (ret)
3303 + return ret;
3304 +@@ -2176,7 +2203,6 @@ int check(const char *_objname, bool orc)
3305 + INIT_LIST_HEAD(&file.insn_list);
3306 + hash_init(file.insn_hash);
3307 + file.whitelist = find_section_by_name(file.elf, ".discard.func_stack_frame_non_standard");
3308 +- file.rodata = find_section_by_name(file.elf, ".rodata");
3309 + file.c_file = find_section_by_name(file.elf, ".comment");
3310 + file.ignore_unreachables = no_unreachable;
3311 + file.hints = false;
3312 +diff --git a/tools/objtool/check.h b/tools/objtool/check.h
3313 +index 95700a2bcb7c..e6e8a655b556 100644
3314 +--- a/tools/objtool/check.h
3315 ++++ b/tools/objtool/check.h
3316 +@@ -60,8 +60,8 @@ struct objtool_file {
3317 + struct elf *elf;
3318 + struct list_head insn_list;
3319 + DECLARE_HASHTABLE(insn_hash, 16);
3320 +- struct section *rodata, *whitelist;
3321 +- bool ignore_unreachables, c_file, hints;
3322 ++ struct section *whitelist;
3323 ++ bool ignore_unreachables, c_file, hints, rodata;
3324 + };
3325 +
3326 + int check(const char *objname, bool orc);
3327 +diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
3328 +index b75d004f6482..abed594a9653 100644
3329 +--- a/tools/objtool/elf.c
3330 ++++ b/tools/objtool/elf.c
3331 +@@ -390,6 +390,7 @@ static int read_relas(struct elf *elf)
3332 + rela->offset = rela->rela.r_offset;
3333 + symndx = GELF_R_SYM(rela->rela.r_info);
3334 + rela->sym = find_symbol_by_index(elf, symndx);
3335 ++ rela->rela_sec = sec;
3336 + if (!rela->sym) {
3337 + WARN("can't find rela entry symbol %d for %s",
3338 + symndx, sec->name);
3339 +diff --git a/tools/objtool/elf.h b/tools/objtool/elf.h
3340 +index de5cd2ddded9..bc97ed86b9cd 100644
3341 +--- a/tools/objtool/elf.h
3342 ++++ b/tools/objtool/elf.h
3343 +@@ -48,7 +48,7 @@ struct section {
3344 + char *name;
3345 + int idx;
3346 + unsigned int len;
3347 +- bool changed, text;
3348 ++ bool changed, text, rodata;
3349 + };
3350 +
3351 + struct symbol {
3352 +@@ -68,6 +68,7 @@ struct rela {
3353 + struct list_head list;
3354 + struct hlist_node hash;
3355 + GElf_Rela rela;
3356 ++ struct section *rela_sec;
3357 + struct symbol *sym;
3358 + unsigned int type;
3359 + unsigned long offset;
3360 +diff --git a/tools/testing/selftests/cgroup/test_core.c b/tools/testing/selftests/cgroup/test_core.c
3361 +index be59f9c34ea2..79053a4f4783 100644
3362 +--- a/tools/testing/selftests/cgroup/test_core.c
3363 ++++ b/tools/testing/selftests/cgroup/test_core.c
3364 +@@ -198,7 +198,7 @@ static int test_cgcore_no_internal_process_constraint_on_threads(const char *roo
3365 + char *parent = NULL, *child = NULL;
3366 +
3367 + if (cg_read_strstr(root, "cgroup.controllers", "cpu") ||
3368 +- cg_read_strstr(root, "cgroup.subtree_control", "cpu")) {
3369 ++ cg_write(root, "cgroup.subtree_control", "+cpu")) {
3370 + ret = KSFT_SKIP;
3371 + goto cleanup;
3372 + }
3373 +@@ -376,6 +376,11 @@ int main(int argc, char *argv[])
3374 +
3375 + if (cg_find_unified_root(root, sizeof(root)))
3376 + ksft_exit_skip("cgroup v2 isn't mounted\n");
3377 ++
3378 ++ if (cg_read_strstr(root, "cgroup.subtree_control", "memory"))
3379 ++ if (cg_write(root, "cgroup.subtree_control", "+memory"))
3380 ++ ksft_exit_skip("Failed to set memory controller\n");
3381 ++
3382 + for (i = 0; i < ARRAY_SIZE(tests); i++) {
3383 + switch (tests[i].fn(root)) {
3384 + case KSFT_PASS:
3385 +diff --git a/tools/testing/selftests/cgroup/test_memcontrol.c b/tools/testing/selftests/cgroup/test_memcontrol.c
3386 +index 6f339882a6ca..c19a97dd02d4 100644
3387 +--- a/tools/testing/selftests/cgroup/test_memcontrol.c
3388 ++++ b/tools/testing/selftests/cgroup/test_memcontrol.c
3389 +@@ -1205,6 +1205,10 @@ int main(int argc, char **argv)
3390 + if (cg_read_strstr(root, "cgroup.controllers", "memory"))
3391 + ksft_exit_skip("memory controller isn't available\n");
3392 +
3393 ++ if (cg_read_strstr(root, "cgroup.subtree_control", "memory"))
3394 ++ if (cg_write(root, "cgroup.subtree_control", "+memory"))
3395 ++ ksft_exit_skip("Failed to set memory controller\n");
3396 ++
3397 + for (i = 0; i < ARRAY_SIZE(tests); i++) {
3398 + switch (tests[i].fn(root)) {
3399 + case KSFT_PASS:
3400 +diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile
3401 +index dc68340a6a96..2cf3dc49bd03 100644
3402 +--- a/tools/testing/selftests/vm/Makefile
3403 ++++ b/tools/testing/selftests/vm/Makefile
3404 +@@ -24,6 +24,8 @@ TEST_GEN_FILES += virtual_address_range
3405 +
3406 + TEST_PROGS := run_vmtests
3407 +
3408 ++TEST_FILES := test_vmalloc.sh
3409 ++
3410 + KSFT_KHDR_INSTALL := 1
3411 + include ../lib.mk
3412 +
Report Message
Find on MARC Find on Google Groups