Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Wed, 02 May 2018 16:13:32
Message-Id: 1525277596.0bb485efa0b9355b4481e6bfb740233c5b7cc018.mpagano@gentoo
1 commit: 0bb485efa0b9355b4481e6bfb740233c5b7cc018
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Wed May 2 16:13:16 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed May 2 16:13:16 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=0bb485ef
7
8 Linux patch 4.9.98
9
10 0000_README | 4 +
11 1097_linux-4.9.98.patch | 2311 +++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 2315 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index efef388..61cbdec 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -431,6 +431,10 @@ Patch: 1096_linux-4.9.97.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.9.97
21
22 +Patch: 1097_linux-4.9.98.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.9.98
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1097_linux-4.9.98.patch b/1097_linux-4.9.98.patch
31 new file mode 100644
32 index 0000000..b6c3983
33 --- /dev/null
34 +++ b/1097_linux-4.9.98.patch
35 @@ -0,0 +1,2311 @@
36 +diff --git a/Makefile b/Makefile
37 +index ee3e943c3bd9..96d770488ae6 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,6 +1,6 @@
41 + VERSION = 4
42 + PATCHLEVEL = 9
43 +-SUBLEVEL = 97
44 ++SUBLEVEL = 98
45 + EXTRAVERSION =
46 + NAME = Roaring Lionus
47 +
48 +diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c
49 +index 6ef8f0bceacd..27843665da9e 100644
50 +--- a/arch/powerpc/kernel/eeh_driver.c
51 ++++ b/arch/powerpc/kernel/eeh_driver.c
52 +@@ -207,18 +207,18 @@ static void *eeh_report_error(void *data, void *userdata)
53 +
54 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
55 + return NULL;
56 ++
57 ++ device_lock(&dev->dev);
58 + dev->error_state = pci_channel_io_frozen;
59 +
60 + driver = eeh_pcid_get(dev);
61 +- if (!driver) return NULL;
62 ++ if (!driver) goto out_no_dev;
63 +
64 + eeh_disable_irq(dev);
65 +
66 + if (!driver->err_handler ||
67 +- !driver->err_handler->error_detected) {
68 +- eeh_pcid_put(dev);
69 +- return NULL;
70 +- }
71 ++ !driver->err_handler->error_detected)
72 ++ goto out;
73 +
74 + rc = driver->err_handler->error_detected(dev, pci_channel_io_frozen);
75 +
76 +@@ -227,7 +227,10 @@ static void *eeh_report_error(void *data, void *userdata)
77 + if (*res == PCI_ERS_RESULT_NONE) *res = rc;
78 +
79 + edev->in_error = true;
80 ++out:
81 + eeh_pcid_put(dev);
82 ++out_no_dev:
83 ++ device_unlock(&dev->dev);
84 + return NULL;
85 + }
86 +
87 +@@ -250,15 +253,14 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata)
88 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
89 + return NULL;
90 +
91 ++ device_lock(&dev->dev);
92 + driver = eeh_pcid_get(dev);
93 +- if (!driver) return NULL;
94 ++ if (!driver) goto out_no_dev;
95 +
96 + if (!driver->err_handler ||
97 + !driver->err_handler->mmio_enabled ||
98 +- (edev->mode & EEH_DEV_NO_HANDLER)) {
99 +- eeh_pcid_put(dev);
100 +- return NULL;
101 +- }
102 ++ (edev->mode & EEH_DEV_NO_HANDLER))
103 ++ goto out;
104 +
105 + rc = driver->err_handler->mmio_enabled(dev);
106 +
107 +@@ -266,7 +268,10 @@ static void *eeh_report_mmio_enabled(void *data, void *userdata)
108 + if (rc == PCI_ERS_RESULT_NEED_RESET) *res = rc;
109 + if (*res == PCI_ERS_RESULT_NONE) *res = rc;
110 +
111 ++out:
112 + eeh_pcid_put(dev);
113 ++out_no_dev:
114 ++ device_unlock(&dev->dev);
115 + return NULL;
116 + }
117 +
118 +@@ -289,20 +294,20 @@ static void *eeh_report_reset(void *data, void *userdata)
119 +
120 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
121 + return NULL;
122 ++
123 ++ device_lock(&dev->dev);
124 + dev->error_state = pci_channel_io_normal;
125 +
126 + driver = eeh_pcid_get(dev);
127 +- if (!driver) return NULL;
128 ++ if (!driver) goto out_no_dev;
129 +
130 + eeh_enable_irq(dev);
131 +
132 + if (!driver->err_handler ||
133 + !driver->err_handler->slot_reset ||
134 + (edev->mode & EEH_DEV_NO_HANDLER) ||
135 +- (!edev->in_error)) {
136 +- eeh_pcid_put(dev);
137 +- return NULL;
138 +- }
139 ++ (!edev->in_error))
140 ++ goto out;
141 +
142 + rc = driver->err_handler->slot_reset(dev);
143 + if ((*res == PCI_ERS_RESULT_NONE) ||
144 +@@ -310,7 +315,10 @@ static void *eeh_report_reset(void *data, void *userdata)
145 + if (*res == PCI_ERS_RESULT_DISCONNECT &&
146 + rc == PCI_ERS_RESULT_NEED_RESET) *res = rc;
147 +
148 ++out:
149 + eeh_pcid_put(dev);
150 ++out_no_dev:
151 ++ device_unlock(&dev->dev);
152 + return NULL;
153 + }
154 +
155 +@@ -361,10 +369,12 @@ static void *eeh_report_resume(void *data, void *userdata)
156 +
157 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
158 + return NULL;
159 ++
160 ++ device_lock(&dev->dev);
161 + dev->error_state = pci_channel_io_normal;
162 +
163 + driver = eeh_pcid_get(dev);
164 +- if (!driver) return NULL;
165 ++ if (!driver) goto out_no_dev;
166 +
167 + was_in_error = edev->in_error;
168 + edev->in_error = false;
169 +@@ -374,13 +384,15 @@ static void *eeh_report_resume(void *data, void *userdata)
170 + !driver->err_handler->resume ||
171 + (edev->mode & EEH_DEV_NO_HANDLER) || !was_in_error) {
172 + edev->mode &= ~EEH_DEV_NO_HANDLER;
173 +- eeh_pcid_put(dev);
174 +- return NULL;
175 ++ goto out;
176 + }
177 +
178 + driver->err_handler->resume(dev);
179 +
180 ++out:
181 + eeh_pcid_put(dev);
182 ++out_no_dev:
183 ++ device_unlock(&dev->dev);
184 + return NULL;
185 + }
186 +
187 +@@ -400,22 +412,25 @@ static void *eeh_report_failure(void *data, void *userdata)
188 +
189 + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe))
190 + return NULL;
191 ++
192 ++ device_lock(&dev->dev);
193 + dev->error_state = pci_channel_io_perm_failure;
194 +
195 + driver = eeh_pcid_get(dev);
196 +- if (!driver) return NULL;
197 ++ if (!driver) goto out_no_dev;
198 +
199 + eeh_disable_irq(dev);
200 +
201 + if (!driver->err_handler ||
202 +- !driver->err_handler->error_detected) {
203 +- eeh_pcid_put(dev);
204 +- return NULL;
205 +- }
206 ++ !driver->err_handler->error_detected)
207 ++ goto out;
208 +
209 + driver->err_handler->error_detected(dev, pci_channel_io_perm_failure);
210 +
211 ++out:
212 + eeh_pcid_put(dev);
213 ++out_no_dev:
214 ++ device_unlock(&dev->dev);
215 + return NULL;
216 + }
217 +
218 +diff --git a/arch/powerpc/platforms/powernv/opal-rtc.c b/arch/powerpc/platforms/powernv/opal-rtc.c
219 +index f8868864f373..aa2a5139462e 100644
220 +--- a/arch/powerpc/platforms/powernv/opal-rtc.c
221 ++++ b/arch/powerpc/platforms/powernv/opal-rtc.c
222 +@@ -48,10 +48,12 @@ unsigned long __init opal_get_boot_time(void)
223 +
224 + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) {
225 + rc = opal_rtc_read(&__y_m_d, &__h_m_s_ms);
226 +- if (rc == OPAL_BUSY_EVENT)
227 ++ if (rc == OPAL_BUSY_EVENT) {
228 ++ mdelay(OPAL_BUSY_DELAY_MS);
229 + opal_poll_events(NULL);
230 +- else if (rc == OPAL_BUSY)
231 +- mdelay(10);
232 ++ } else if (rc == OPAL_BUSY) {
233 ++ mdelay(OPAL_BUSY_DELAY_MS);
234 ++ }
235 + }
236 + if (rc != OPAL_SUCCESS)
237 + return 0;
238 +diff --git a/arch/x86/include/uapi/asm/msgbuf.h b/arch/x86/include/uapi/asm/msgbuf.h
239 +index 809134c644a6..90ab9a795b49 100644
240 +--- a/arch/x86/include/uapi/asm/msgbuf.h
241 ++++ b/arch/x86/include/uapi/asm/msgbuf.h
242 +@@ -1 +1,32 @@
243 ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
244 ++#ifndef __ASM_X64_MSGBUF_H
245 ++#define __ASM_X64_MSGBUF_H
246 ++
247 ++#if !defined(__x86_64__) || !defined(__ILP32__)
248 + #include <asm-generic/msgbuf.h>
249 ++#else
250 ++/*
251 ++ * The msqid64_ds structure for x86 architecture with x32 ABI.
252 ++ *
253 ++ * On x86-32 and x86-64 we can just use the generic definition, but
254 ++ * x32 uses the same binary layout as x86_64, which is differnet
255 ++ * from other 32-bit architectures.
256 ++ */
257 ++
258 ++struct msqid64_ds {
259 ++ struct ipc64_perm msg_perm;
260 ++ __kernel_time_t msg_stime; /* last msgsnd time */
261 ++ __kernel_time_t msg_rtime; /* last msgrcv time */
262 ++ __kernel_time_t msg_ctime; /* last change time */
263 ++ __kernel_ulong_t msg_cbytes; /* current number of bytes on queue */
264 ++ __kernel_ulong_t msg_qnum; /* number of messages in queue */
265 ++ __kernel_ulong_t msg_qbytes; /* max number of bytes on queue */
266 ++ __kernel_pid_t msg_lspid; /* pid of last msgsnd */
267 ++ __kernel_pid_t msg_lrpid; /* last receive pid */
268 ++ __kernel_ulong_t __unused4;
269 ++ __kernel_ulong_t __unused5;
270 ++};
271 ++
272 ++#endif
273 ++
274 ++#endif /* __ASM_GENERIC_MSGBUF_H */
275 +diff --git a/arch/x86/include/uapi/asm/shmbuf.h b/arch/x86/include/uapi/asm/shmbuf.h
276 +index 83c05fc2de38..644421f3823b 100644
277 +--- a/arch/x86/include/uapi/asm/shmbuf.h
278 ++++ b/arch/x86/include/uapi/asm/shmbuf.h
279 +@@ -1 +1,43 @@
280 ++/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
281 ++#ifndef __ASM_X86_SHMBUF_H
282 ++#define __ASM_X86_SHMBUF_H
283 ++
284 ++#if !defined(__x86_64__) || !defined(__ILP32__)
285 + #include <asm-generic/shmbuf.h>
286 ++#else
287 ++/*
288 ++ * The shmid64_ds structure for x86 architecture with x32 ABI.
289 ++ *
290 ++ * On x86-32 and x86-64 we can just use the generic definition, but
291 ++ * x32 uses the same binary layout as x86_64, which is differnet
292 ++ * from other 32-bit architectures.
293 ++ */
294 ++
295 ++struct shmid64_ds {
296 ++ struct ipc64_perm shm_perm; /* operation perms */
297 ++ size_t shm_segsz; /* size of segment (bytes) */
298 ++ __kernel_time_t shm_atime; /* last attach time */
299 ++ __kernel_time_t shm_dtime; /* last detach time */
300 ++ __kernel_time_t shm_ctime; /* last change time */
301 ++ __kernel_pid_t shm_cpid; /* pid of creator */
302 ++ __kernel_pid_t shm_lpid; /* pid of last operator */
303 ++ __kernel_ulong_t shm_nattch; /* no. of current attaches */
304 ++ __kernel_ulong_t __unused4;
305 ++ __kernel_ulong_t __unused5;
306 ++};
307 ++
308 ++struct shminfo64 {
309 ++ __kernel_ulong_t shmmax;
310 ++ __kernel_ulong_t shmmin;
311 ++ __kernel_ulong_t shmmni;
312 ++ __kernel_ulong_t shmseg;
313 ++ __kernel_ulong_t shmall;
314 ++ __kernel_ulong_t __unused1;
315 ++ __kernel_ulong_t __unused2;
316 ++ __kernel_ulong_t __unused3;
317 ++ __kernel_ulong_t __unused4;
318 ++};
319 ++
320 ++#endif
321 ++
322 ++#endif /* __ASM_X86_SHMBUF_H */
323 +diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
324 +index 4bcd30c87531..79291d6fb301 100644
325 +--- a/arch/x86/kernel/cpu/microcode/intel.c
326 ++++ b/arch/x86/kernel/cpu/microcode/intel.c
327 +@@ -474,7 +474,6 @@ static void show_saved_mc(void)
328 + */
329 + static void save_mc_for_early(u8 *mc)
330 + {
331 +-#ifdef CONFIG_HOTPLUG_CPU
332 + /* Synchronization during CPU hotplug. */
333 + static DEFINE_MUTEX(x86_cpu_microcode_mutex);
334 +
335 +@@ -521,7 +520,6 @@ static void save_mc_for_early(u8 *mc)
336 +
337 + out:
338 + mutex_unlock(&x86_cpu_microcode_mutex);
339 +-#endif
340 + }
341 +
342 + static bool __init load_builtin_intel_microcode(struct cpio_data *cp)
343 +diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
344 +index e803d72ef525..83929cc47a4b 100644
345 +--- a/arch/x86/kernel/smpboot.c
346 ++++ b/arch/x86/kernel/smpboot.c
347 +@@ -1591,6 +1591,8 @@ static inline void mwait_play_dead(void)
348 + void *mwait_ptr;
349 + int i;
350 +
351 ++ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
352 ++ return;
353 + if (!this_cpu_has(X86_FEATURE_MWAIT))
354 + return;
355 + if (!this_cpu_has(X86_FEATURE_CLFLUSH))
356 +diff --git a/crypto/drbg.c b/crypto/drbg.c
357 +index 942ddff68408..4bb5f93c94cd 100644
358 +--- a/crypto/drbg.c
359 ++++ b/crypto/drbg.c
360 +@@ -1134,8 +1134,10 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
361 + if (!drbg)
362 + return;
363 + kzfree(drbg->Vbuf);
364 ++ drbg->Vbuf = NULL;
365 + drbg->V = NULL;
366 + kzfree(drbg->Cbuf);
367 ++ drbg->Cbuf = NULL;
368 + drbg->C = NULL;
369 + kzfree(drbg->scratchpadbuf);
370 + drbg->scratchpadbuf = NULL;
371 +diff --git a/drivers/amba/bus.c b/drivers/amba/bus.c
372 +index a56fa2a1e9aa..93888ccb4e26 100644
373 +--- a/drivers/amba/bus.c
374 ++++ b/drivers/amba/bus.c
375 +@@ -69,11 +69,12 @@ static ssize_t driver_override_show(struct device *_dev,
376 + struct device_attribute *attr, char *buf)
377 + {
378 + struct amba_device *dev = to_amba_device(_dev);
379 ++ ssize_t len;
380 +
381 +- if (!dev->driver_override)
382 +- return 0;
383 +-
384 +- return sprintf(buf, "%s\n", dev->driver_override);
385 ++ device_lock(_dev);
386 ++ len = sprintf(buf, "%s\n", dev->driver_override);
387 ++ device_unlock(_dev);
388 ++ return len;
389 + }
390 +
391 + static ssize_t driver_override_store(struct device *_dev,
392 +@@ -81,9 +82,10 @@ static ssize_t driver_override_store(struct device *_dev,
393 + const char *buf, size_t count)
394 + {
395 + struct amba_device *dev = to_amba_device(_dev);
396 +- char *driver_override, *old = dev->driver_override, *cp;
397 ++ char *driver_override, *old, *cp;
398 +
399 +- if (count > PATH_MAX)
400 ++ /* We need to keep extra room for a newline */
401 ++ if (count >= (PAGE_SIZE - 1))
402 + return -EINVAL;
403 +
404 + driver_override = kstrndup(buf, count, GFP_KERNEL);
405 +@@ -94,12 +96,15 @@ static ssize_t driver_override_store(struct device *_dev,
406 + if (cp)
407 + *cp = '\0';
408 +
409 ++ device_lock(_dev);
410 ++ old = dev->driver_override;
411 + if (strlen(driver_override)) {
412 + dev->driver_override = driver_override;
413 + } else {
414 + kfree(driver_override);
415 + dev->driver_override = NULL;
416 + }
417 ++ device_unlock(_dev);
418 +
419 + kfree(old);
420 +
421 +diff --git a/drivers/char/random.c b/drivers/char/random.c
422 +index 8d08a8062904..ddeac4eefd0a 100644
423 +--- a/drivers/char/random.c
424 ++++ b/drivers/char/random.c
425 +@@ -259,6 +259,7 @@
426 + #include <linux/kmemcheck.h>
427 + #include <linux/workqueue.h>
428 + #include <linux/irq.h>
429 ++#include <linux/ratelimit.h>
430 + #include <linux/syscalls.h>
431 + #include <linux/completion.h>
432 + #include <linux/uuid.h>
433 +@@ -444,6 +445,16 @@ static void _crng_backtrack_protect(struct crng_state *crng,
434 + __u8 tmp[CHACHA20_BLOCK_SIZE], int used);
435 + static void process_random_ready_list(void);
436 +
437 ++static struct ratelimit_state unseeded_warning =
438 ++ RATELIMIT_STATE_INIT("warn_unseeded_randomness", HZ, 3);
439 ++static struct ratelimit_state urandom_warning =
440 ++ RATELIMIT_STATE_INIT("warn_urandom_randomness", HZ, 3);
441 ++
442 ++static int ratelimit_disable __read_mostly;
443 ++
444 ++module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
445 ++MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
446 ++
447 + /**********************************************************************
448 + *
449 + * OS independent entropy store. Here are the functions which handle
450 +@@ -819,6 +830,39 @@ static int crng_fast_load(const char *cp, size_t len)
451 + return 1;
452 + }
453 +
454 ++#ifdef CONFIG_NUMA
455 ++static void do_numa_crng_init(struct work_struct *work)
456 ++{
457 ++ int i;
458 ++ struct crng_state *crng;
459 ++ struct crng_state **pool;
460 ++
461 ++ pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
462 ++ for_each_online_node(i) {
463 ++ crng = kmalloc_node(sizeof(struct crng_state),
464 ++ GFP_KERNEL | __GFP_NOFAIL, i);
465 ++ spin_lock_init(&crng->lock);
466 ++ crng_initialize(crng);
467 ++ pool[i] = crng;
468 ++ }
469 ++ mb();
470 ++ if (cmpxchg(&crng_node_pool, NULL, pool)) {
471 ++ for_each_node(i)
472 ++ kfree(pool[i]);
473 ++ kfree(pool);
474 ++ }
475 ++}
476 ++
477 ++static DECLARE_WORK(numa_crng_init_work, do_numa_crng_init);
478 ++
479 ++static void numa_crng_init(void)
480 ++{
481 ++ schedule_work(&numa_crng_init_work);
482 ++}
483 ++#else
484 ++static void numa_crng_init(void) {}
485 ++#endif
486 ++
487 + static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
488 + {
489 + unsigned long flags;
490 +@@ -848,10 +892,23 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
491 + memzero_explicit(&buf, sizeof(buf));
492 + crng->init_time = jiffies;
493 + if (crng == &primary_crng && crng_init < 2) {
494 ++ numa_crng_init();
495 + crng_init = 2;
496 + process_random_ready_list();
497 + wake_up_interruptible(&crng_init_wait);
498 + pr_notice("random: crng init done\n");
499 ++ if (unseeded_warning.missed) {
500 ++ pr_notice("random: %d get_random_xx warning(s) missed "
501 ++ "due to ratelimiting\n",
502 ++ unseeded_warning.missed);
503 ++ unseeded_warning.missed = 0;
504 ++ }
505 ++ if (urandom_warning.missed) {
506 ++ pr_notice("random: %d urandom warning(s) missed "
507 ++ "due to ratelimiting\n",
508 ++ urandom_warning.missed);
509 ++ urandom_warning.missed = 0;
510 ++ }
511 + }
512 + spin_unlock_irqrestore(&crng->lock, flags);
513 + }
514 +@@ -1661,29 +1718,14 @@ static void init_std_data(struct entropy_store *r)
515 + */
516 + static int rand_initialize(void)
517 + {
518 +-#ifdef CONFIG_NUMA
519 +- int i;
520 +- struct crng_state *crng;
521 +- struct crng_state **pool;
522 +-#endif
523 +-
524 + init_std_data(&input_pool);
525 + init_std_data(&blocking_pool);
526 + crng_initialize(&primary_crng);
527 + crng_global_init_time = jiffies;
528 +-
529 +-#ifdef CONFIG_NUMA
530 +- pool = kcalloc(nr_node_ids, sizeof(*pool), GFP_KERNEL|__GFP_NOFAIL);
531 +- for_each_online_node(i) {
532 +- crng = kmalloc_node(sizeof(struct crng_state),
533 +- GFP_KERNEL | __GFP_NOFAIL, i);
534 +- spin_lock_init(&crng->lock);
535 +- crng_initialize(crng);
536 +- pool[i] = crng;
537 ++ if (ratelimit_disable) {
538 ++ urandom_warning.interval = 0;
539 ++ unseeded_warning.interval = 0;
540 + }
541 +- mb();
542 +- crng_node_pool = pool;
543 +-#endif
544 + return 0;
545 + }
546 + early_initcall(rand_initialize);
547 +@@ -1751,9 +1793,10 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
548 +
549 + if (!crng_ready() && maxwarn > 0) {
550 + maxwarn--;
551 +- printk(KERN_NOTICE "random: %s: uninitialized urandom read "
552 +- "(%zd bytes read)\n",
553 +- current->comm, nbytes);
554 ++ if (__ratelimit(&urandom_warning))
555 ++ printk(KERN_NOTICE "random: %s: uninitialized "
556 ++ "urandom read (%zd bytes read)\n",
557 ++ current->comm, nbytes);
558 + spin_lock_irqsave(&primary_crng.lock, flags);
559 + crng_init_cnt = 0;
560 + spin_unlock_irqrestore(&primary_crng.lock, flags);
561 +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
562 +index 8f890c1aca57..8c0017d48571 100644
563 +--- a/drivers/char/virtio_console.c
564 ++++ b/drivers/char/virtio_console.c
565 +@@ -1405,7 +1405,6 @@ static int add_port(struct ports_device *portdev, u32 id)
566 + {
567 + char debugfs_name[16];
568 + struct port *port;
569 +- struct port_buffer *buf;
570 + dev_t devt;
571 + unsigned int nr_added_bufs;
572 + int err;
573 +@@ -1516,8 +1515,6 @@ static int add_port(struct ports_device *portdev, u32 id)
574 + return 0;
575 +
576 + free_inbufs:
577 +- while ((buf = virtqueue_detach_unused_buf(port->in_vq)))
578 +- free_buf(buf, true);
579 + free_device:
580 + device_destroy(pdrvdata.class, port->dev->devt);
581 + free_cdev:
582 +@@ -1542,34 +1539,14 @@ static void remove_port(struct kref *kref)
583 +
584 + static void remove_port_data(struct port *port)
585 + {
586 +- struct port_buffer *buf;
587 +-
588 + spin_lock_irq(&port->inbuf_lock);
589 + /* Remove unused data this port might have received. */
590 + discard_port_data(port);
591 + spin_unlock_irq(&port->inbuf_lock);
592 +
593 +- /* Remove buffers we queued up for the Host to send us data in. */
594 +- do {
595 +- spin_lock_irq(&port->inbuf_lock);
596 +- buf = virtqueue_detach_unused_buf(port->in_vq);
597 +- spin_unlock_irq(&port->inbuf_lock);
598 +- if (buf)
599 +- free_buf(buf, true);
600 +- } while (buf);
601 +-
602 + spin_lock_irq(&port->outvq_lock);
603 + reclaim_consumed_buffers(port);
604 + spin_unlock_irq(&port->outvq_lock);
605 +-
606 +- /* Free pending buffers from the out-queue. */
607 +- do {
608 +- spin_lock_irq(&port->outvq_lock);
609 +- buf = virtqueue_detach_unused_buf(port->out_vq);
610 +- spin_unlock_irq(&port->outvq_lock);
611 +- if (buf)
612 +- free_buf(buf, true);
613 +- } while (buf);
614 + }
615 +
616 + /*
617 +@@ -1794,13 +1771,24 @@ static void control_work_handler(struct work_struct *work)
618 + spin_unlock(&portdev->c_ivq_lock);
619 + }
620 +
621 ++static void flush_bufs(struct virtqueue *vq, bool can_sleep)
622 ++{
623 ++ struct port_buffer *buf;
624 ++ unsigned int len;
625 ++
626 ++ while ((buf = virtqueue_get_buf(vq, &len)))
627 ++ free_buf(buf, can_sleep);
628 ++}
629 ++
630 + static void out_intr(struct virtqueue *vq)
631 + {
632 + struct port *port;
633 +
634 + port = find_port_by_vq(vq->vdev->priv, vq);
635 +- if (!port)
636 ++ if (!port) {
637 ++ flush_bufs(vq, false);
638 + return;
639 ++ }
640 +
641 + wake_up_interruptible(&port->waitqueue);
642 + }
643 +@@ -1811,8 +1799,10 @@ static void in_intr(struct virtqueue *vq)
644 + unsigned long flags;
645 +
646 + port = find_port_by_vq(vq->vdev->priv, vq);
647 +- if (!port)
648 ++ if (!port) {
649 ++ flush_bufs(vq, false);
650 + return;
651 ++ }
652 +
653 + spin_lock_irqsave(&port->inbuf_lock, flags);
654 + port->inbuf = get_inbuf(port);
655 +@@ -1987,6 +1977,15 @@ static const struct file_operations portdev_fops = {
656 +
657 + static void remove_vqs(struct ports_device *portdev)
658 + {
659 ++ struct virtqueue *vq;
660 ++
661 ++ virtio_device_for_each_vq(portdev->vdev, vq) {
662 ++ struct port_buffer *buf;
663 ++
664 ++ flush_bufs(vq, true);
665 ++ while ((buf = virtqueue_detach_unused_buf(vq)))
666 ++ free_buf(buf, true);
667 ++ }
668 + portdev->vdev->config->del_vqs(portdev->vdev);
669 + kfree(portdev->in_vqs);
670 + kfree(portdev->out_vqs);
671 +diff --git a/drivers/cpufreq/powernv-cpufreq.c b/drivers/cpufreq/powernv-cpufreq.c
672 +index 6fb3cd24c1b6..a1d7fa48229d 100644
673 +--- a/drivers/cpufreq/powernv-cpufreq.c
674 ++++ b/drivers/cpufreq/powernv-cpufreq.c
675 +@@ -599,6 +599,16 @@ void gpstate_timer_handler(unsigned long data)
676 +
677 + if (!spin_trylock(&gpstates->gpstate_lock))
678 + return;
679 ++ /*
680 ++ * If the timer has migrated to the different cpu then bring
681 ++ * it back to one of the policy->cpus
682 ++ */
683 ++ if (!cpumask_test_cpu(raw_smp_processor_id(), policy->cpus)) {
684 ++ gpstates->timer.expires = jiffies + msecs_to_jiffies(1);
685 ++ add_timer_on(&gpstates->timer, cpumask_first(policy->cpus));
686 ++ spin_unlock(&gpstates->gpstate_lock);
687 ++ return;
688 ++ }
689 +
690 + gpstates->last_sampled_time += time_diff;
691 + gpstates->elapsed_time += time_diff;
692 +@@ -626,10 +636,8 @@ void gpstate_timer_handler(unsigned long data)
693 + gpstates->last_gpstate_idx = pstate_to_idx(freq_data.gpstate_id);
694 + gpstates->last_lpstate_idx = pstate_to_idx(freq_data.pstate_id);
695 +
696 ++ set_pstate(&freq_data);
697 + spin_unlock(&gpstates->gpstate_lock);
698 +-
699 +- /* Timer may get migrated to a different cpu on cpu hot unplug */
700 +- smp_call_function_any(policy->cpus, set_pstate, &freq_data, 1);
701 + }
702 +
703 + /*
704 +diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
705 +index a88d365be4c5..564362e8b486 100644
706 +--- a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
707 ++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
708 +@@ -1484,10 +1484,11 @@ static const u32 sgpr_init_compute_shader[] =
709 + static const u32 vgpr_init_regs[] =
710 + {
711 + mmCOMPUTE_STATIC_THREAD_MGMT_SE0, 0xffffffff,
712 +- mmCOMPUTE_RESOURCE_LIMITS, 0,
713 ++ mmCOMPUTE_RESOURCE_LIMITS, 0x1000000, /* CU_GROUP_COUNT=1 */
714 + mmCOMPUTE_NUM_THREAD_X, 256*4,
715 + mmCOMPUTE_NUM_THREAD_Y, 1,
716 + mmCOMPUTE_NUM_THREAD_Z, 1,
717 ++ mmCOMPUTE_PGM_RSRC1, 0x100004f, /* VGPRS=15 (64 logical VGPRs), SGPRS=1 (16 SGPRs), BULKY=1 */
718 + mmCOMPUTE_PGM_RSRC2, 20,
719 + mmCOMPUTE_USER_DATA_0, 0xedcedc00,
720 + mmCOMPUTE_USER_DATA_1, 0xedcedc01,
721 +@@ -1504,10 +1505,11 @@ static const u32 vgpr_init_regs[] =
722 + static const u32 sgpr1_init_regs[] =
723 + {
724 + mmCOMPUTE_STATIC_THREAD_MGMT_SE0, 0x0f,
725 +- mmCOMPUTE_RESOURCE_LIMITS, 0x1000000,
726 ++ mmCOMPUTE_RESOURCE_LIMITS, 0x1000000, /* CU_GROUP_COUNT=1 */
727 + mmCOMPUTE_NUM_THREAD_X, 256*5,
728 + mmCOMPUTE_NUM_THREAD_Y, 1,
729 + mmCOMPUTE_NUM_THREAD_Z, 1,
730 ++ mmCOMPUTE_PGM_RSRC1, 0x240, /* SGPRS=9 (80 GPRS) */
731 + mmCOMPUTE_PGM_RSRC2, 20,
732 + mmCOMPUTE_USER_DATA_0, 0xedcedc00,
733 + mmCOMPUTE_USER_DATA_1, 0xedcedc01,
734 +@@ -1528,6 +1530,7 @@ static const u32 sgpr2_init_regs[] =
735 + mmCOMPUTE_NUM_THREAD_X, 256*5,
736 + mmCOMPUTE_NUM_THREAD_Y, 1,
737 + mmCOMPUTE_NUM_THREAD_Z, 1,
738 ++ mmCOMPUTE_PGM_RSRC1, 0x240, /* SGPRS=9 (80 GPRS) */
739 + mmCOMPUTE_PGM_RSRC2, 20,
740 + mmCOMPUTE_USER_DATA_0, 0xedcedc00,
741 + mmCOMPUTE_USER_DATA_1, 0xedcedc01,
742 +diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c
743 +index 5a0f8a745b9d..52436b3c01bb 100644
744 +--- a/drivers/gpu/drm/virtio/virtgpu_vq.c
745 ++++ b/drivers/gpu/drm/virtio/virtgpu_vq.c
746 +@@ -324,7 +324,7 @@ static int virtio_gpu_queue_ctrl_buffer_locked(struct virtio_gpu_device *vgdev,
747 + ret = virtqueue_add_sgs(vq, sgs, outcnt, incnt, vbuf, GFP_ATOMIC);
748 + if (ret == -ENOSPC) {
749 + spin_unlock(&vgdev->ctrlq.qlock);
750 +- wait_event(vgdev->ctrlq.ack_queue, vq->num_free);
751 ++ wait_event(vgdev->ctrlq.ack_queue, vq->num_free >= outcnt + incnt);
752 + spin_lock(&vgdev->ctrlq.qlock);
753 + goto retry;
754 + } else {
755 +@@ -399,7 +399,7 @@ static int virtio_gpu_queue_cursor(struct virtio_gpu_device *vgdev,
756 + ret = virtqueue_add_sgs(vq, sgs, outcnt, 0, vbuf, GFP_ATOMIC);
757 + if (ret == -ENOSPC) {
758 + spin_unlock(&vgdev->cursorq.qlock);
759 +- wait_event(vgdev->cursorq.ack_queue, vq->num_free);
760 ++ wait_event(vgdev->cursorq.ack_queue, vq->num_free >= outcnt);
761 + spin_lock(&vgdev->cursorq.qlock);
762 + goto retry;
763 + } else {
764 +diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c
765 +index 5e1b68cbcd0a..e1b603ca0170 100644
766 +--- a/drivers/mtd/chips/cfi_cmdset_0001.c
767 ++++ b/drivers/mtd/chips/cfi_cmdset_0001.c
768 +@@ -45,6 +45,7 @@
769 + #define I82802AB 0x00ad
770 + #define I82802AC 0x00ac
771 + #define PF38F4476 0x881c
772 ++#define M28F00AP30 0x8963
773 + /* STMicroelectronics chips */
774 + #define M50LPW080 0x002F
775 + #define M50FLW080A 0x0080
776 +@@ -375,6 +376,17 @@ static void cfi_fixup_major_minor(struct cfi_private *cfi,
777 + extp->MinorVersion = '1';
778 + }
779 +
780 ++static int cfi_is_micron_28F00AP30(struct cfi_private *cfi, struct flchip *chip)
781 ++{
782 ++ /*
783 ++ * Micron(was Numonyx) 1Gbit bottom boot are buggy w.r.t
784 ++ * Erase Supend for their small Erase Blocks(0x8000)
785 ++ */
786 ++ if (cfi->mfr == CFI_MFR_INTEL && cfi->id == M28F00AP30)
787 ++ return 1;
788 ++ return 0;
789 ++}
790 ++
791 + static inline struct cfi_pri_intelext *
792 + read_pri_intelext(struct map_info *map, __u16 adr)
793 + {
794 +@@ -831,21 +843,30 @@ static int chip_ready (struct map_info *map, struct flchip *chip, unsigned long
795 + (mode == FL_WRITING && (cfip->SuspendCmdSupport & 1))))
796 + goto sleep;
797 +
798 ++ /* Do not allow suspend iff read/write to EB address */
799 ++ if ((adr & chip->in_progress_block_mask) ==
800 ++ chip->in_progress_block_addr)
801 ++ goto sleep;
802 ++
803 ++ /* do not suspend small EBs, buggy Micron Chips */
804 ++ if (cfi_is_micron_28F00AP30(cfi, chip) &&
805 ++ (chip->in_progress_block_mask == ~(0x8000-1)))
806 ++ goto sleep;
807 +
808 + /* Erase suspend */
809 +- map_write(map, CMD(0xB0), adr);
810 ++ map_write(map, CMD(0xB0), chip->in_progress_block_addr);
811 +
812 + /* If the flash has finished erasing, then 'erase suspend'
813 + * appears to make some (28F320) flash devices switch to
814 + * 'read' mode. Make sure that we switch to 'read status'
815 + * mode so we get the right data. --rmk
816 + */
817 +- map_write(map, CMD(0x70), adr);
818 ++ map_write(map, CMD(0x70), chip->in_progress_block_addr);
819 + chip->oldstate = FL_ERASING;
820 + chip->state = FL_ERASE_SUSPENDING;
821 + chip->erase_suspended = 1;
822 + for (;;) {
823 +- status = map_read(map, adr);
824 ++ status = map_read(map, chip->in_progress_block_addr);
825 + if (map_word_andequal(map, status, status_OK, status_OK))
826 + break;
827 +
828 +@@ -1041,8 +1062,8 @@ static void put_chip(struct map_info *map, struct flchip *chip, unsigned long ad
829 + sending the 0x70 (Read Status) command to an erasing
830 + chip and expecting it to be ignored, that's what we
831 + do. */
832 +- map_write(map, CMD(0xd0), adr);
833 +- map_write(map, CMD(0x70), adr);
834 ++ map_write(map, CMD(0xd0), chip->in_progress_block_addr);
835 ++ map_write(map, CMD(0x70), chip->in_progress_block_addr);
836 + chip->oldstate = FL_READY;
837 + chip->state = FL_ERASING;
838 + break;
839 +@@ -1933,6 +1954,8 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip,
840 + map_write(map, CMD(0xD0), adr);
841 + chip->state = FL_ERASING;
842 + chip->erase_suspended = 0;
843 ++ chip->in_progress_block_addr = adr;
844 ++ chip->in_progress_block_mask = ~(len - 1);
845 +
846 + ret = INVAL_CACHE_AND_WAIT(map, chip, adr,
847 + adr, len,
848 +diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
849 +index 9dca881bb378..107c05b3ddbb 100644
850 +--- a/drivers/mtd/chips/cfi_cmdset_0002.c
851 ++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
852 +@@ -812,9 +812,10 @@ static int get_chip(struct map_info *map, struct flchip *chip, unsigned long adr
853 + (mode == FL_WRITING && (cfip->EraseSuspend & 0x2))))
854 + goto sleep;
855 +
856 +- /* We could check to see if we're trying to access the sector
857 +- * that is currently being erased. However, no user will try
858 +- * anything like that so we just wait for the timeout. */
859 ++ /* Do not allow suspend iff read/write to EB address */
860 ++ if ((adr & chip->in_progress_block_mask) ==
861 ++ chip->in_progress_block_addr)
862 ++ goto sleep;
863 +
864 + /* Erase suspend */
865 + /* It's harmless to issue the Erase-Suspend and Erase-Resume
866 +@@ -2263,6 +2264,7 @@ static int __xipram do_erase_chip(struct map_info *map, struct flchip *chip)
867 + chip->state = FL_ERASING;
868 + chip->erase_suspended = 0;
869 + chip->in_progress_block_addr = adr;
870 ++ chip->in_progress_block_mask = ~(map->size - 1);
871 +
872 + INVALIDATE_CACHE_UDELAY(map, chip,
873 + adr, map->size,
874 +@@ -2352,6 +2354,7 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip,
875 + chip->state = FL_ERASING;
876 + chip->erase_suspended = 0;
877 + chip->in_progress_block_addr = adr;
878 ++ chip->in_progress_block_mask = ~(len - 1);
879 +
880 + INVALIDATE_CACHE_UDELAY(map, chip,
881 + adr, len,
882 +diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
883 +index 502f5547a1f2..e9360d5cbcba 100644
884 +--- a/drivers/of/fdt.c
885 ++++ b/drivers/of/fdt.c
886 +@@ -935,7 +935,7 @@ int __init early_init_dt_scan_chosen_stdout(void)
887 + int offset;
888 + const char *p, *q, *options = NULL;
889 + int l;
890 +- const struct earlycon_id *match;
891 ++ const struct earlycon_id **p_match;
892 + const void *fdt = initial_boot_params;
893 +
894 + offset = fdt_path_offset(fdt, "/chosen");
895 +@@ -962,7 +962,10 @@ int __init early_init_dt_scan_chosen_stdout(void)
896 + return 0;
897 + }
898 +
899 +- for (match = __earlycon_table; match < __earlycon_table_end; match++) {
900 ++ for (p_match = __earlycon_table; p_match < __earlycon_table_end;
901 ++ p_match++) {
902 ++ const struct earlycon_id *match = *p_match;
903 ++
904 + if (!match->compatible[0])
905 + continue;
906 +
907 +diff --git a/drivers/pci/host/pci-aardvark.c b/drivers/pci/host/pci-aardvark.c
908 +index 4fce494271cc..11bad826683e 100644
909 +--- a/drivers/pci/host/pci-aardvark.c
910 ++++ b/drivers/pci/host/pci-aardvark.c
911 +@@ -32,6 +32,7 @@
912 + #define PCIE_CORE_DEV_CTRL_STATS_MAX_PAYLOAD_SZ_SHIFT 5
913 + #define PCIE_CORE_DEV_CTRL_STATS_SNOOP_DISABLE (0 << 11)
914 + #define PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT 12
915 ++#define PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SZ 0x2
916 + #define PCIE_CORE_LINK_CTRL_STAT_REG 0xd0
917 + #define PCIE_CORE_LINK_L0S_ENTRY BIT(0)
918 + #define PCIE_CORE_LINK_TRAINING BIT(5)
919 +@@ -175,8 +176,6 @@
920 + #define PCIE_CONFIG_WR_TYPE0 0xa
921 + #define PCIE_CONFIG_WR_TYPE1 0xb
922 +
923 +-/* PCI_BDF shifts 8bit, so we need extra 4bit shift */
924 +-#define PCIE_BDF(dev) (dev << 4)
925 + #define PCIE_CONF_BUS(bus) (((bus) & 0xff) << 20)
926 + #define PCIE_CONF_DEV(dev) (((dev) & 0x1f) << 15)
927 + #define PCIE_CONF_FUNC(fun) (((fun) & 0x7) << 12)
928 +@@ -298,7 +297,8 @@ static void advk_pcie_setup_hw(struct advk_pcie *pcie)
929 + reg = PCIE_CORE_DEV_CTRL_STATS_RELAX_ORDER_DISABLE |
930 + (7 << PCIE_CORE_DEV_CTRL_STATS_MAX_PAYLOAD_SZ_SHIFT) |
931 + PCIE_CORE_DEV_CTRL_STATS_SNOOP_DISABLE |
932 +- PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT;
933 ++ (PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SZ <<
934 ++ PCIE_CORE_DEV_CTRL_STATS_MAX_RD_REQ_SIZE_SHIFT);
935 + advk_writel(pcie, reg, PCIE_CORE_DEV_CTRL_STATS_REG);
936 +
937 + /* Program PCIe Control 2 to disable strict ordering */
938 +@@ -439,7 +439,7 @@ static int advk_pcie_rd_conf(struct pci_bus *bus, u32 devfn,
939 + u32 reg;
940 + int ret;
941 +
942 +- if (PCI_SLOT(devfn) != 0) {
943 ++ if ((bus->number == pcie->root_bus_nr) && PCI_SLOT(devfn) != 0) {
944 + *val = 0xffffffff;
945 + return PCIBIOS_DEVICE_NOT_FOUND;
946 + }
947 +@@ -458,7 +458,7 @@ static int advk_pcie_rd_conf(struct pci_bus *bus, u32 devfn,
948 + advk_writel(pcie, reg, PIO_CTRL);
949 +
950 + /* Program the address registers */
951 +- reg = PCIE_BDF(devfn) | PCIE_CONF_REG(where);
952 ++ reg = PCIE_CONF_ADDR(bus->number, devfn, where);
953 + advk_writel(pcie, reg, PIO_ADDR_LS);
954 + advk_writel(pcie, 0, PIO_ADDR_MS);
955 +
956 +@@ -493,7 +493,7 @@ static int advk_pcie_wr_conf(struct pci_bus *bus, u32 devfn,
957 + int offset;
958 + int ret;
959 +
960 +- if (PCI_SLOT(devfn) != 0)
961 ++ if ((bus->number == pcie->root_bus_nr) && PCI_SLOT(devfn) != 0)
962 + return PCIBIOS_DEVICE_NOT_FOUND;
963 +
964 + if (where % size)
965 +diff --git a/drivers/rtc/rtc-opal.c b/drivers/rtc/rtc-opal.c
966 +index aa53fceaa5e0..180ec1f8c917 100644
967 +--- a/drivers/rtc/rtc-opal.c
968 ++++ b/drivers/rtc/rtc-opal.c
969 +@@ -57,7 +57,7 @@ static void tm_to_opal(struct rtc_time *tm, u32 *y_m_d, u64 *h_m_s_ms)
970 +
971 + static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm)
972 + {
973 +- long rc = OPAL_BUSY;
974 ++ s64 rc = OPAL_BUSY;
975 + int retries = 10;
976 + u32 y_m_d;
977 + u64 h_m_s_ms;
978 +@@ -66,13 +66,17 @@ static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm)
979 +
980 + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) {
981 + rc = opal_rtc_read(&__y_m_d, &__h_m_s_ms);
982 +- if (rc == OPAL_BUSY_EVENT)
983 ++ if (rc == OPAL_BUSY_EVENT) {
984 ++ msleep(OPAL_BUSY_DELAY_MS);
985 + opal_poll_events(NULL);
986 +- else if (retries-- && (rc == OPAL_HARDWARE
987 +- || rc == OPAL_INTERNAL_ERROR))
988 +- msleep(10);
989 +- else if (rc != OPAL_BUSY && rc != OPAL_BUSY_EVENT)
990 +- break;
991 ++ } else if (rc == OPAL_BUSY) {
992 ++ msleep(OPAL_BUSY_DELAY_MS);
993 ++ } else if (rc == OPAL_HARDWARE || rc == OPAL_INTERNAL_ERROR) {
994 ++ if (retries--) {
995 ++ msleep(10); /* Wait 10ms before retry */
996 ++ rc = OPAL_BUSY; /* go around again */
997 ++ }
998 ++ }
999 + }
1000 +
1001 + if (rc != OPAL_SUCCESS)
1002 +@@ -87,21 +91,26 @@ static int opal_get_rtc_time(struct device *dev, struct rtc_time *tm)
1003 +
1004 + static int opal_set_rtc_time(struct device *dev, struct rtc_time *tm)
1005 + {
1006 +- long rc = OPAL_BUSY;
1007 ++ s64 rc = OPAL_BUSY;
1008 + int retries = 10;
1009 + u32 y_m_d = 0;
1010 + u64 h_m_s_ms = 0;
1011 +
1012 + tm_to_opal(tm, &y_m_d, &h_m_s_ms);
1013 ++
1014 + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) {
1015 + rc = opal_rtc_write(y_m_d, h_m_s_ms);
1016 +- if (rc == OPAL_BUSY_EVENT)
1017 ++ if (rc == OPAL_BUSY_EVENT) {
1018 ++ msleep(OPAL_BUSY_DELAY_MS);
1019 + opal_poll_events(NULL);
1020 +- else if (retries-- && (rc == OPAL_HARDWARE
1021 +- || rc == OPAL_INTERNAL_ERROR))
1022 +- msleep(10);
1023 +- else if (rc != OPAL_BUSY && rc != OPAL_BUSY_EVENT)
1024 +- break;
1025 ++ } else if (rc == OPAL_BUSY) {
1026 ++ msleep(OPAL_BUSY_DELAY_MS);
1027 ++ } else if (rc == OPAL_HARDWARE || rc == OPAL_INTERNAL_ERROR) {
1028 ++ if (retries--) {
1029 ++ msleep(10); /* Wait 10ms before retry */
1030 ++ rc = OPAL_BUSY; /* go around again */
1031 ++ }
1032 ++ }
1033 + }
1034 +
1035 + return rc == OPAL_SUCCESS ? 0 : -EIO;
1036 +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
1037 +index ace56c5e61e1..14ba1a2c0b7c 100644
1038 +--- a/drivers/scsi/sd.c
1039 ++++ b/drivers/scsi/sd.c
1040 +@@ -1935,6 +1935,8 @@ sd_spinup_disk(struct scsi_disk *sdkp)
1041 + break; /* standby */
1042 + if (sshdr.asc == 4 && sshdr.ascq == 0xc)
1043 + break; /* unavailable */
1044 ++ if (sshdr.asc == 4 && sshdr.ascq == 0x1b)
1045 ++ break; /* sanitize in progress */
1046 + /*
1047 + * Issue command to spin up drive when not ready
1048 + */
1049 +diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
1050 +index fe2291795d2f..9e9016e67843 100644
1051 +--- a/drivers/tty/n_gsm.c
1052 ++++ b/drivers/tty/n_gsm.c
1053 +@@ -137,6 +137,9 @@ struct gsm_dlci {
1054 + struct mutex mutex;
1055 +
1056 + /* Link layer */
1057 ++ int mode;
1058 ++#define DLCI_MODE_ABM 0 /* Normal Asynchronous Balanced Mode */
1059 ++#define DLCI_MODE_ADM 1 /* Asynchronous Disconnected Mode */
1060 + spinlock_t lock; /* Protects the internal state */
1061 + struct timer_list t1; /* Retransmit timer for SABM and UA */
1062 + int retries;
1063 +@@ -1380,7 +1383,13 @@ static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
1064 + ctrl->data = data;
1065 + ctrl->len = clen;
1066 + gsm->pending_cmd = ctrl;
1067 +- gsm->cretries = gsm->n2;
1068 ++
1069 ++ /* If DLCI0 is in ADM mode skip retries, it won't respond */
1070 ++ if (gsm->dlci[0]->mode == DLCI_MODE_ADM)
1071 ++ gsm->cretries = 1;
1072 ++ else
1073 ++ gsm->cretries = gsm->n2;
1074 ++
1075 + mod_timer(&gsm->t2_timer, jiffies + gsm->t2 * HZ / 100);
1076 + gsm_control_transmit(gsm, ctrl);
1077 + spin_unlock_irqrestore(&gsm->control_lock, flags);
1078 +@@ -1488,6 +1497,7 @@ static void gsm_dlci_t1(unsigned long data)
1079 + if (debug & 8)
1080 + pr_info("DLCI %d opening in ADM mode.\n",
1081 + dlci->addr);
1082 ++ dlci->mode = DLCI_MODE_ADM;
1083 + gsm_dlci_open(dlci);
1084 + } else {
1085 + gsm_dlci_close(dlci);
1086 +@@ -2865,11 +2875,22 @@ static int gsmtty_modem_update(struct gsm_dlci *dlci, u8 brk)
1087 + static int gsm_carrier_raised(struct tty_port *port)
1088 + {
1089 + struct gsm_dlci *dlci = container_of(port, struct gsm_dlci, port);
1090 ++ struct gsm_mux *gsm = dlci->gsm;
1091 ++
1092 + /* Not yet open so no carrier info */
1093 + if (dlci->state != DLCI_OPEN)
1094 + return 0;
1095 + if (debug & 2)
1096 + return 1;
1097 ++
1098 ++ /*
1099 ++ * Basic mode with control channel in ADM mode may not respond
1100 ++ * to CMD_MSC at all and modem_rx is empty.
1101 ++ */
1102 ++ if (gsm->encoding == 0 && gsm->dlci[0]->mode == DLCI_MODE_ADM &&
1103 ++ !dlci->modem_rx)
1104 ++ return 1;
1105 ++
1106 + return dlci->modem_rx & TIOCM_CD;
1107 + }
1108 +
1109 +diff --git a/drivers/tty/serial/earlycon.c b/drivers/tty/serial/earlycon.c
1110 +index 3b31fd8863eb..b9a4625b8690 100644
1111 +--- a/drivers/tty/serial/earlycon.c
1112 ++++ b/drivers/tty/serial/earlycon.c
1113 +@@ -172,7 +172,7 @@ static int __init register_earlycon(char *buf, const struct earlycon_id *match)
1114 + */
1115 + int __init setup_earlycon(char *buf)
1116 + {
1117 +- const struct earlycon_id *match;
1118 ++ const struct earlycon_id **p_match;
1119 +
1120 + if (!buf || !buf[0])
1121 + return -EINVAL;
1122 +@@ -180,7 +180,9 @@ int __init setup_earlycon(char *buf)
1123 + if (early_con.flags & CON_ENABLED)
1124 + return -EALREADY;
1125 +
1126 +- for (match = __earlycon_table; match < __earlycon_table_end; match++) {
1127 ++ for (p_match = __earlycon_table; p_match < __earlycon_table_end;
1128 ++ p_match++) {
1129 ++ const struct earlycon_id *match = *p_match;
1130 + size_t len = strlen(match->name);
1131 +
1132 + if (strncmp(buf, match->name, len))
1133 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
1134 +index 4ee0a9de7556..789c81482542 100644
1135 +--- a/drivers/tty/tty_io.c
1136 ++++ b/drivers/tty/tty_io.c
1137 +@@ -3170,7 +3170,10 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
1138 +
1139 + kref_init(&tty->kref);
1140 + tty->magic = TTY_MAGIC;
1141 +- tty_ldisc_init(tty);
1142 ++ if (tty_ldisc_init(tty)) {
1143 ++ kfree(tty);
1144 ++ return NULL;
1145 ++ }
1146 + tty->session = NULL;
1147 + tty->pgrp = NULL;
1148 + mutex_init(&tty->legacy_mutex);
1149 +diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
1150 +index 3a9e2a2fd4c6..4ab518d43758 100644
1151 +--- a/drivers/tty/tty_ldisc.c
1152 ++++ b/drivers/tty/tty_ldisc.c
1153 +@@ -175,12 +175,11 @@ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc)
1154 + return ERR_CAST(ldops);
1155 + }
1156 +
1157 +- ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL);
1158 +- if (ld == NULL) {
1159 +- put_ldops(ldops);
1160 +- return ERR_PTR(-ENOMEM);
1161 +- }
1162 +-
1163 ++ /*
1164 ++ * There is no way to handle allocation failure of only 16 bytes.
1165 ++ * Let's simplify error handling and save more memory.
1166 ++ */
1167 ++ ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL | __GFP_NOFAIL);
1168 + ld->ops = ldops;
1169 + ld->tty = tty;
1170 +
1171 +@@ -753,12 +752,13 @@ void tty_ldisc_release(struct tty_struct *tty)
1172 + * the tty structure is not completely set up when this call is made.
1173 + */
1174 +
1175 +-void tty_ldisc_init(struct tty_struct *tty)
1176 ++int tty_ldisc_init(struct tty_struct *tty)
1177 + {
1178 + struct tty_ldisc *ld = tty_ldisc_get(tty, N_TTY);
1179 + if (IS_ERR(ld))
1180 +- panic("n_tty: init_tty");
1181 ++ return PTR_ERR(ld);
1182 + tty->ldisc = ld;
1183 ++ return 0;
1184 + }
1185 +
1186 + /**
1187 +diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
1188 +index fcc7aa248ce7..bdb0d7a08ff9 100644
1189 +--- a/drivers/usb/core/hcd.c
1190 ++++ b/drivers/usb/core/hcd.c
1191 +@@ -2365,6 +2365,7 @@ void usb_hcd_resume_root_hub (struct usb_hcd *hcd)
1192 +
1193 + spin_lock_irqsave (&hcd_root_hub_lock, flags);
1194 + if (hcd->rh_registered) {
1195 ++ pm_wakeup_event(&hcd->self.root_hub->dev, 0);
1196 + set_bit(HCD_FLAG_WAKEUP_PENDING, &hcd->flags);
1197 + queue_work(pm_wq, &hcd->wakeup_work);
1198 + }
1199 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
1200 +index d0d3f9ef9f10..d8d992b73e88 100644
1201 +--- a/drivers/usb/core/hub.c
1202 ++++ b/drivers/usb/core/hub.c
1203 +@@ -648,12 +648,17 @@ void usb_wakeup_notification(struct usb_device *hdev,
1204 + unsigned int portnum)
1205 + {
1206 + struct usb_hub *hub;
1207 ++ struct usb_port *port_dev;
1208 +
1209 + if (!hdev)
1210 + return;
1211 +
1212 + hub = usb_hub_to_struct_hub(hdev);
1213 + if (hub) {
1214 ++ port_dev = hub->ports[portnum - 1];
1215 ++ if (port_dev && port_dev->child)
1216 ++ pm_wakeup_event(&port_dev->child->dev, 0);
1217 ++
1218 + set_bit(portnum, hub->wakeup_bits);
1219 + kick_hub_wq(hub);
1220 + }
1221 +@@ -3417,8 +3422,11 @@ int usb_port_resume(struct usb_device *udev, pm_message_t msg)
1222 +
1223 + /* Skip the initial Clear-Suspend step for a remote wakeup */
1224 + status = hub_port_status(hub, port1, &portstatus, &portchange);
1225 +- if (status == 0 && !port_is_suspended(hub, portstatus))
1226 ++ if (status == 0 && !port_is_suspended(hub, portstatus)) {
1227 ++ if (portchange & USB_PORT_STAT_C_SUSPEND)
1228 ++ pm_wakeup_event(&udev->dev, 0);
1229 + goto SuspendCleared;
1230 ++ }
1231 +
1232 + /* see 7.1.7.7; affects power usage, but not budgeting */
1233 + if (hub_is_superspeed(hub->hdev))
1234 +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
1235 +index 4f1c6f8d4352..40ce175655e6 100644
1236 +--- a/drivers/usb/core/quirks.c
1237 ++++ b/drivers/usb/core/quirks.c
1238 +@@ -45,6 +45,9 @@ static const struct usb_device_id usb_quirk_list[] = {
1239 + { USB_DEVICE(0x03f0, 0x0701), .driver_info =
1240 + USB_QUIRK_STRING_FETCH_255 },
1241 +
1242 ++ /* HP v222w 16GB Mini USB Drive */
1243 ++ { USB_DEVICE(0x03f0, 0x3f40), .driver_info = USB_QUIRK_DELAY_INIT },
1244 ++
1245 + /* Creative SB Audigy 2 NX */
1246 + { USB_DEVICE(0x041e, 0x3020), .driver_info = USB_QUIRK_RESET_RESUME },
1247 +
1248 +diff --git a/drivers/usb/serial/Kconfig b/drivers/usb/serial/Kconfig
1249 +index 584ae8cbaf1c..77c3ebe860c5 100644
1250 +--- a/drivers/usb/serial/Kconfig
1251 ++++ b/drivers/usb/serial/Kconfig
1252 +@@ -62,6 +62,7 @@ config USB_SERIAL_SIMPLE
1253 + - Fundamental Software dongle.
1254 + - Google USB serial devices
1255 + - HP4x calculators
1256 ++ - Libtransistor USB console
1257 + - a number of Motorola phones
1258 + - Motorola Tetra devices
1259 + - Novatel Wireless GPS receivers
1260 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
1261 +index cab80acace4e..d98531823998 100644
1262 +--- a/drivers/usb/serial/cp210x.c
1263 ++++ b/drivers/usb/serial/cp210x.c
1264 +@@ -211,6 +211,7 @@ static const struct usb_device_id id_table[] = {
1265 + { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */
1266 + { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */
1267 + { USB_DEVICE(0x3195, 0xF281) }, /* Link Instruments MSO-28 */
1268 ++ { USB_DEVICE(0x3923, 0x7A0B) }, /* National Instruments USB Serial Console */
1269 + { USB_DEVICE(0x413C, 0x9500) }, /* DW700 GPS USB interface */
1270 + { } /* Terminating Entry */
1271 + };
1272 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
1273 +index 71cbc6890ac4..2e2f736384ab 100644
1274 +--- a/drivers/usb/serial/ftdi_sio.c
1275 ++++ b/drivers/usb/serial/ftdi_sio.c
1276 +@@ -1911,7 +1911,8 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial)
1277 + return ftdi_jtag_probe(serial);
1278 +
1279 + if (udev->product &&
1280 +- (!strcmp(udev->product, "BeagleBone/XDS100V2") ||
1281 ++ (!strcmp(udev->product, "Arrow USB Blaster") ||
1282 ++ !strcmp(udev->product, "BeagleBone/XDS100V2") ||
1283 + !strcmp(udev->product, "SNAP Connect E10")))
1284 + return ftdi_jtag_probe(serial);
1285 +
1286 +diff --git a/drivers/usb/serial/usb-serial-simple.c b/drivers/usb/serial/usb-serial-simple.c
1287 +index 6aa7ff2c1cf7..2674da40d9cd 100644
1288 +--- a/drivers/usb/serial/usb-serial-simple.c
1289 ++++ b/drivers/usb/serial/usb-serial-simple.c
1290 +@@ -66,6 +66,11 @@ DEVICE(flashloader, FLASHLOADER_IDS);
1291 + 0x01) }
1292 + DEVICE(google, GOOGLE_IDS);
1293 +
1294 ++/* Libtransistor USB console */
1295 ++#define LIBTRANSISTOR_IDS() \
1296 ++ { USB_DEVICE(0x1209, 0x8b00) }
1297 ++DEVICE(libtransistor, LIBTRANSISTOR_IDS);
1298 ++
1299 + /* ViVOpay USB Serial Driver */
1300 + #define VIVOPAY_IDS() \
1301 + { USB_DEVICE(0x1d5f, 0x1004) } /* ViVOpay 8800 */
1302 +@@ -113,6 +118,7 @@ static struct usb_serial_driver * const serial_drivers[] = {
1303 + &funsoft_device,
1304 + &flashloader_device,
1305 + &google_device,
1306 ++ &libtransistor_device,
1307 + &vivopay_device,
1308 + &moto_modem_device,
1309 + &motorola_tetra_device,
1310 +@@ -129,6 +135,7 @@ static const struct usb_device_id id_table[] = {
1311 + FUNSOFT_IDS(),
1312 + FLASHLOADER_IDS(),
1313 + GOOGLE_IDS(),
1314 ++ LIBTRANSISTOR_IDS(),
1315 + VIVOPAY_IDS(),
1316 + MOTO_IDS(),
1317 + MOTOROLA_TETRA_IDS(),
1318 +diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c
1319 +index 325b4c05acdd..f761e02e75c9 100644
1320 +--- a/drivers/usb/usbip/stub_main.c
1321 ++++ b/drivers/usb/usbip/stub_main.c
1322 +@@ -201,7 +201,12 @@ static ssize_t rebind_store(struct device_driver *dev, const char *buf,
1323 + if (!bid)
1324 + return -ENODEV;
1325 +
1326 ++ /* device_attach() callers should hold parent lock for USB */
1327 ++ if (bid->udev->dev.parent)
1328 ++ device_lock(bid->udev->dev.parent);
1329 + ret = device_attach(&bid->udev->dev);
1330 ++ if (bid->udev->dev.parent)
1331 ++ device_unlock(bid->udev->dev.parent);
1332 + if (ret < 0) {
1333 + dev_err(&bid->udev->dev, "rebind failed\n");
1334 + return ret;
1335 +diff --git a/drivers/usb/usbip/usbip_common.h b/drivers/usb/usbip/usbip_common.h
1336 +index f0b955f8504e..109e65ba01a0 100644
1337 +--- a/drivers/usb/usbip/usbip_common.h
1338 ++++ b/drivers/usb/usbip/usbip_common.h
1339 +@@ -258,7 +258,7 @@ enum usbip_side {
1340 + #define VUDC_EVENT_ERROR_USB (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE)
1341 + #define VUDC_EVENT_ERROR_MALLOC (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE)
1342 +
1343 +-#define VDEV_EVENT_REMOVED (USBIP_EH_SHUTDOWN | USBIP_EH_BYE)
1344 ++#define VDEV_EVENT_REMOVED (USBIP_EH_SHUTDOWN | USBIP_EH_RESET | USBIP_EH_BYE)
1345 + #define VDEV_EVENT_DOWN (USBIP_EH_SHUTDOWN | USBIP_EH_RESET)
1346 + #define VDEV_EVENT_ERROR_TCP (USBIP_EH_SHUTDOWN | USBIP_EH_RESET)
1347 + #define VDEV_EVENT_ERROR_MALLOC (USBIP_EH_SHUTDOWN | USBIP_EH_UNUSABLE)
1348 +diff --git a/drivers/usb/usbip/usbip_event.c b/drivers/usb/usbip/usbip_event.c
1349 +index f1635662c299..f8f7f3803a99 100644
1350 +--- a/drivers/usb/usbip/usbip_event.c
1351 ++++ b/drivers/usb/usbip/usbip_event.c
1352 +@@ -105,10 +105,6 @@ static void event_handler(struct work_struct *work)
1353 + unset_event(ud, USBIP_EH_UNUSABLE);
1354 + }
1355 +
1356 +- /* Stop the error handler. */
1357 +- if (ud->event & USBIP_EH_BYE)
1358 +- usbip_dbg_eh("removed %p\n", ud);
1359 +-
1360 + wake_up(&ud->eh_waitq);
1361 + }
1362 + }
1363 +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
1364 +index 176b4b27a27a..6776f4aa3d12 100644
1365 +--- a/fs/ext4/balloc.c
1366 ++++ b/fs/ext4/balloc.c
1367 +@@ -320,6 +320,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
1368 + struct ext4_sb_info *sbi = EXT4_SB(sb);
1369 + ext4_grpblk_t offset;
1370 + ext4_grpblk_t next_zero_bit;
1371 ++ ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb);
1372 + ext4_fsblk_t blk;
1373 + ext4_fsblk_t group_first_block;
1374 +
1375 +@@ -337,20 +338,25 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
1376 + /* check whether block bitmap block number is set */
1377 + blk = ext4_block_bitmap(sb, desc);
1378 + offset = blk - group_first_block;
1379 +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
1380 ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
1381 ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
1382 + /* bad block bitmap */
1383 + return blk;
1384 +
1385 + /* check whether the inode bitmap block number is set */
1386 + blk = ext4_inode_bitmap(sb, desc);
1387 + offset = blk - group_first_block;
1388 +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
1389 ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
1390 ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
1391 + /* bad block bitmap */
1392 + return blk;
1393 +
1394 + /* check whether the inode table block number is set */
1395 + blk = ext4_inode_table(sb, desc);
1396 + offset = blk - group_first_block;
1397 ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
1398 ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit)
1399 ++ return blk;
1400 + next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
1401 + EXT4_B2C(sbi, offset + EXT4_SB(sb)->s_itb_per_group),
1402 + EXT4_B2C(sbi, offset));
1403 +@@ -416,6 +422,7 @@ struct buffer_head *
1404 + ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group)
1405 + {
1406 + struct ext4_group_desc *desc;
1407 ++ struct ext4_sb_info *sbi = EXT4_SB(sb);
1408 + struct buffer_head *bh;
1409 + ext4_fsblk_t bitmap_blk;
1410 + int err;
1411 +@@ -424,6 +431,12 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group)
1412 + if (!desc)
1413 + return ERR_PTR(-EFSCORRUPTED);
1414 + bitmap_blk = ext4_block_bitmap(sb, desc);
1415 ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
1416 ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) {
1417 ++ ext4_error(sb, "Invalid block bitmap block %llu in "
1418 ++ "block_group %u", bitmap_blk, block_group);
1419 ++ return ERR_PTR(-EFSCORRUPTED);
1420 ++ }
1421 + bh = sb_getblk(sb, bitmap_blk);
1422 + if (unlikely(!bh)) {
1423 + ext4_error(sb, "Cannot get buffer for block bitmap - "
1424 +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
1425 +index 1a0c57100f28..63c702b4b24c 100644
1426 +--- a/fs/ext4/extents.c
1427 ++++ b/fs/ext4/extents.c
1428 +@@ -5356,8 +5356,9 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
1429 + stop = le32_to_cpu(extent->ee_block);
1430 +
1431 + /*
1432 +- * In case of left shift, Don't start shifting extents until we make
1433 +- * sure the hole is big enough to accommodate the shift.
1434 ++ * For left shifts, make sure the hole on the left is big enough to
1435 ++ * accommodate the shift. For right shifts, make sure the last extent
1436 ++ * won't be shifted beyond EXT_MAX_BLOCKS.
1437 + */
1438 + if (SHIFT == SHIFT_LEFT) {
1439 + path = ext4_find_extent(inode, start - 1, &path,
1440 +@@ -5377,9 +5378,14 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
1441 +
1442 + if ((start == ex_start && shift > ex_start) ||
1443 + (shift > start - ex_end)) {
1444 +- ext4_ext_drop_refs(path);
1445 +- kfree(path);
1446 +- return -EINVAL;
1447 ++ ret = -EINVAL;
1448 ++ goto out;
1449 ++ }
1450 ++ } else {
1451 ++ if (shift > EXT_MAX_BLOCKS -
1452 ++ (stop + ext4_ext_get_actual_len(extent))) {
1453 ++ ret = -EINVAL;
1454 ++ goto out;
1455 + }
1456 + }
1457 +
1458 +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
1459 +index 79a9a1bddafc..dcf63daefee0 100644
1460 +--- a/fs/ext4/ialloc.c
1461 ++++ b/fs/ext4/ialloc.c
1462 +@@ -119,6 +119,7 @@ static struct buffer_head *
1463 + ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group)
1464 + {
1465 + struct ext4_group_desc *desc;
1466 ++ struct ext4_sb_info *sbi = EXT4_SB(sb);
1467 + struct buffer_head *bh = NULL;
1468 + ext4_fsblk_t bitmap_blk;
1469 + int err;
1470 +@@ -128,6 +129,12 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group)
1471 + return ERR_PTR(-EFSCORRUPTED);
1472 +
1473 + bitmap_blk = ext4_inode_bitmap(sb, desc);
1474 ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
1475 ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) {
1476 ++ ext4_error(sb, "Invalid inode bitmap blk %llu in "
1477 ++ "block_group %u", bitmap_blk, block_group);
1478 ++ return ERR_PTR(-EFSCORRUPTED);
1479 ++ }
1480 + bh = sb_getblk(sb, bitmap_blk);
1481 + if (unlikely(!bh)) {
1482 + ext4_error(sb, "Cannot read inode bitmap - "
1483 +diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
1484 +index 4e5c6103b76c..9e9e0936138b 100644
1485 +--- a/fs/jbd2/transaction.c
1486 ++++ b/fs/jbd2/transaction.c
1487 +@@ -528,6 +528,7 @@ int jbd2_journal_start_reserved(handle_t *handle, unsigned int type,
1488 + */
1489 + ret = start_this_handle(journal, handle, GFP_NOFS);
1490 + if (ret < 0) {
1491 ++ handle->h_journal = journal;
1492 + jbd2_journal_free_reserved(handle);
1493 + return ret;
1494 + }
1495 +diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
1496 +index 2e6000a4eb2c..1462071a19bf 100644
1497 +--- a/include/asm-generic/vmlinux.lds.h
1498 ++++ b/include/asm-generic/vmlinux.lds.h
1499 +@@ -170,7 +170,7 @@
1500 + #endif
1501 +
1502 + #ifdef CONFIG_SERIAL_EARLYCON
1503 +-#define EARLYCON_TABLE() STRUCT_ALIGN(); \
1504 ++#define EARLYCON_TABLE() . = ALIGN(8); \
1505 + VMLINUX_SYMBOL(__earlycon_table) = .; \
1506 + *(__earlycon_table) \
1507 + VMLINUX_SYMBOL(__earlycon_table_end) = .;
1508 +diff --git a/include/linux/mtd/flashchip.h b/include/linux/mtd/flashchip.h
1509 +index b63fa457febd..3529683f691e 100644
1510 +--- a/include/linux/mtd/flashchip.h
1511 ++++ b/include/linux/mtd/flashchip.h
1512 +@@ -85,6 +85,7 @@ struct flchip {
1513 + unsigned int write_suspended:1;
1514 + unsigned int erase_suspended:1;
1515 + unsigned long in_progress_block_addr;
1516 ++ unsigned long in_progress_block_mask;
1517 +
1518 + struct mutex mutex;
1519 + wait_queue_head_t wq; /* Wait on here when we're waiting for the chip
1520 +diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h
1521 +index 344201437017..7b16c5322673 100644
1522 +--- a/include/linux/serial_core.h
1523 ++++ b/include/linux/serial_core.h
1524 +@@ -347,10 +347,10 @@ struct earlycon_id {
1525 + char name[16];
1526 + char compatible[128];
1527 + int (*setup)(struct earlycon_device *, const char *options);
1528 +-} __aligned(32);
1529 ++};
1530 +
1531 +-extern const struct earlycon_id __earlycon_table[];
1532 +-extern const struct earlycon_id __earlycon_table_end[];
1533 ++extern const struct earlycon_id *__earlycon_table[];
1534 ++extern const struct earlycon_id *__earlycon_table_end[];
1535 +
1536 + #if defined(CONFIG_SERIAL_EARLYCON) && !defined(MODULE)
1537 + #define EARLYCON_USED_OR_UNUSED __used
1538 +@@ -358,12 +358,19 @@ extern const struct earlycon_id __earlycon_table_end[];
1539 + #define EARLYCON_USED_OR_UNUSED __maybe_unused
1540 + #endif
1541 +
1542 +-#define OF_EARLYCON_DECLARE(_name, compat, fn) \
1543 +- static const struct earlycon_id __UNIQUE_ID(__earlycon_##_name) \
1544 +- EARLYCON_USED_OR_UNUSED __section(__earlycon_table) \
1545 ++#define _OF_EARLYCON_DECLARE(_name, compat, fn, unique_id) \
1546 ++ static const struct earlycon_id unique_id \
1547 ++ EARLYCON_USED_OR_UNUSED __initconst \
1548 + = { .name = __stringify(_name), \
1549 + .compatible = compat, \
1550 +- .setup = fn }
1551 ++ .setup = fn }; \
1552 ++ static const struct earlycon_id EARLYCON_USED_OR_UNUSED \
1553 ++ __section(__earlycon_table) \
1554 ++ * const __PASTE(__p, unique_id) = &unique_id
1555 ++
1556 ++#define OF_EARLYCON_DECLARE(_name, compat, fn) \
1557 ++ _OF_EARLYCON_DECLARE(_name, compat, fn, \
1558 ++ __UNIQUE_ID(__earlycon_##_name))
1559 +
1560 + #define EARLYCON_DECLARE(_name, fn) OF_EARLYCON_DECLARE(_name, "", fn)
1561 +
1562 +diff --git a/include/linux/tty.h b/include/linux/tty.h
1563 +index 6f1ee8528210..fe1b8623a3a1 100644
1564 +--- a/include/linux/tty.h
1565 ++++ b/include/linux/tty.h
1566 +@@ -657,7 +657,7 @@ extern int tty_unregister_ldisc(int disc);
1567 + extern int tty_set_ldisc(struct tty_struct *tty, int disc);
1568 + extern int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty);
1569 + extern void tty_ldisc_release(struct tty_struct *tty);
1570 +-extern void tty_ldisc_init(struct tty_struct *tty);
1571 ++extern int __must_check tty_ldisc_init(struct tty_struct *tty);
1572 + extern void tty_ldisc_deinit(struct tty_struct *tty);
1573 + extern int tty_ldisc_receive_buf(struct tty_ldisc *ld, unsigned char *p,
1574 + char *f, int count);
1575 +diff --git a/include/linux/virtio.h b/include/linux/virtio.h
1576 +index d5eb5479a425..3f8f35053260 100644
1577 +--- a/include/linux/virtio.h
1578 ++++ b/include/linux/virtio.h
1579 +@@ -143,6 +143,9 @@ int virtio_device_freeze(struct virtio_device *dev);
1580 + int virtio_device_restore(struct virtio_device *dev);
1581 + #endif
1582 +
1583 ++#define virtio_device_for_each_vq(vdev, vq) \
1584 ++ list_for_each_entry(vq, &vdev->vqs, list)
1585 ++
1586 + /**
1587 + * virtio_driver - operations for a virtio I/O driver
1588 + * @driver: underlying device driver (populate name and owner).
1589 +diff --git a/include/sound/control.h b/include/sound/control.h
1590 +index 21d047f229a1..4142757080f8 100644
1591 +--- a/include/sound/control.h
1592 ++++ b/include/sound/control.h
1593 +@@ -22,6 +22,7 @@
1594 + *
1595 + */
1596 +
1597 ++#include <linux/nospec.h>
1598 + #include <sound/asound.h>
1599 +
1600 + #define snd_kcontrol_chip(kcontrol) ((kcontrol)->private_data)
1601 +@@ -147,12 +148,14 @@ int snd_ctl_get_preferred_subdevice(struct snd_card *card, int type);
1602 +
1603 + static inline unsigned int snd_ctl_get_ioffnum(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id)
1604 + {
1605 +- return id->numid - kctl->id.numid;
1606 ++ unsigned int ioff = id->numid - kctl->id.numid;
1607 ++ return array_index_nospec(ioff, kctl->count);
1608 + }
1609 +
1610 + static inline unsigned int snd_ctl_get_ioffidx(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id)
1611 + {
1612 +- return id->index - kctl->id.index;
1613 ++ unsigned int ioff = id->index - kctl->id.index;
1614 ++ return array_index_nospec(ioff, kctl->count);
1615 + }
1616 +
1617 + static inline unsigned int snd_ctl_get_ioff(struct snd_kcontrol *kctl, struct snd_ctl_elem_id *id)
1618 +diff --git a/lib/kobject.c b/lib/kobject.c
1619 +index 445dcaeb0f56..b733a83e5294 100644
1620 +--- a/lib/kobject.c
1621 ++++ b/lib/kobject.c
1622 +@@ -234,14 +234,12 @@ static int kobject_add_internal(struct kobject *kobj)
1623 +
1624 + /* be noisy on error issues */
1625 + if (error == -EEXIST)
1626 +- WARN(1, "%s failed for %s with "
1627 +- "-EEXIST, don't try to register things with "
1628 +- "the same name in the same directory.\n",
1629 +- __func__, kobject_name(kobj));
1630 ++ pr_err("%s failed for %s with -EEXIST, don't try to register things with the same name in the same directory.\n",
1631 ++ __func__, kobject_name(kobj));
1632 + else
1633 +- WARN(1, "%s failed for %s (error: %d parent: %s)\n",
1634 +- __func__, kobject_name(kobj), error,
1635 +- parent ? kobject_name(parent) : "'none'");
1636 ++ pr_err("%s failed for %s (error: %d parent: %s)\n",
1637 ++ __func__, kobject_name(kobj), error,
1638 ++ parent ? kobject_name(parent) : "'none'");
1639 + } else
1640 + kobj->state_in_sysfs = 1;
1641 +
1642 +diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
1643 +index 25a30be862e9..98ea28dc03f9 100644
1644 +--- a/net/ceph/messenger.c
1645 ++++ b/net/ceph/messenger.c
1646 +@@ -2512,6 +2512,11 @@ static int try_write(struct ceph_connection *con)
1647 + int ret = 1;
1648 +
1649 + dout("try_write start %p state %lu\n", con, con->state);
1650 ++ if (con->state != CON_STATE_PREOPEN &&
1651 ++ con->state != CON_STATE_CONNECTING &&
1652 ++ con->state != CON_STATE_NEGOTIATING &&
1653 ++ con->state != CON_STATE_OPEN)
1654 ++ return 0;
1655 +
1656 + more:
1657 + dout("try_write out_kvec_bytes %d\n", con->out_kvec_bytes);
1658 +@@ -2537,6 +2542,8 @@ static int try_write(struct ceph_connection *con)
1659 + }
1660 +
1661 + more_kvec:
1662 ++ BUG_ON(!con->sock);
1663 ++
1664 + /* kvec data queued? */
1665 + if (con->out_kvec_left) {
1666 + ret = write_partial_kvec(con);
1667 +diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
1668 +index a8effc8b7280..500481003de4 100644
1669 +--- a/net/ceph/mon_client.c
1670 ++++ b/net/ceph/mon_client.c
1671 +@@ -209,6 +209,14 @@ static void reopen_session(struct ceph_mon_client *monc)
1672 + __open_session(monc);
1673 + }
1674 +
1675 ++static void un_backoff(struct ceph_mon_client *monc)
1676 ++{
1677 ++ monc->hunt_mult /= 2; /* reduce by 50% */
1678 ++ if (monc->hunt_mult < 1)
1679 ++ monc->hunt_mult = 1;
1680 ++ dout("%s hunt_mult now %d\n", __func__, monc->hunt_mult);
1681 ++}
1682 ++
1683 + /*
1684 + * Reschedule delayed work timer.
1685 + */
1686 +@@ -955,6 +963,7 @@ static void delayed_work(struct work_struct *work)
1687 + if (!monc->hunting) {
1688 + ceph_con_keepalive(&monc->con);
1689 + __validate_auth(monc);
1690 ++ un_backoff(monc);
1691 + }
1692 +
1693 + if (is_auth) {
1694 +@@ -1114,9 +1123,8 @@ static void finish_hunting(struct ceph_mon_client *monc)
1695 + dout("%s found mon%d\n", __func__, monc->cur_mon);
1696 + monc->hunting = false;
1697 + monc->had_a_connection = true;
1698 +- monc->hunt_mult /= 2; /* reduce by 50% */
1699 +- if (monc->hunt_mult < 1)
1700 +- monc->hunt_mult = 1;
1701 ++ un_backoff(monc);
1702 ++ __schedule_delayed(monc);
1703 + }
1704 + }
1705 +
1706 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
1707 +index d503285867e7..79018697b477 100644
1708 +--- a/sound/core/pcm_native.c
1709 ++++ b/sound/core/pcm_native.c
1710 +@@ -2729,6 +2729,7 @@ static int snd_pcm_sync_ptr(struct snd_pcm_substream *substream,
1711 + sync_ptr.s.status.hw_ptr = status->hw_ptr;
1712 + sync_ptr.s.status.tstamp = status->tstamp;
1713 + sync_ptr.s.status.suspended_state = status->suspended_state;
1714 ++ sync_ptr.s.status.audio_tstamp = status->audio_tstamp;
1715 + snd_pcm_stream_unlock_irq(substream);
1716 + if (copy_to_user(_sync_ptr, &sync_ptr, sizeof(sync_ptr)))
1717 + return -EFAULT;
1718 +diff --git a/sound/core/seq/oss/seq_oss_event.c b/sound/core/seq/oss/seq_oss_event.c
1719 +index c3908862bc8b..86ca584c27b2 100644
1720 +--- a/sound/core/seq/oss/seq_oss_event.c
1721 ++++ b/sound/core/seq/oss/seq_oss_event.c
1722 +@@ -26,6 +26,7 @@
1723 + #include <sound/seq_oss_legacy.h>
1724 + #include "seq_oss_readq.h"
1725 + #include "seq_oss_writeq.h"
1726 ++#include <linux/nospec.h>
1727 +
1728 +
1729 + /*
1730 +@@ -287,10 +288,10 @@ note_on_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, st
1731 + {
1732 + struct seq_oss_synthinfo *info;
1733 +
1734 +- if (!snd_seq_oss_synth_is_valid(dp, dev))
1735 ++ info = snd_seq_oss_synth_info(dp, dev);
1736 ++ if (!info)
1737 + return -ENXIO;
1738 +
1739 +- info = &dp->synths[dev];
1740 + switch (info->arg.event_passing) {
1741 + case SNDRV_SEQ_OSS_PROCESS_EVENTS:
1742 + if (! info->ch || ch < 0 || ch >= info->nr_voices) {
1743 +@@ -298,6 +299,7 @@ note_on_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, st
1744 + return set_note_event(dp, dev, SNDRV_SEQ_EVENT_NOTEON, ch, note, vel, ev);
1745 + }
1746 +
1747 ++ ch = array_index_nospec(ch, info->nr_voices);
1748 + if (note == 255 && info->ch[ch].note >= 0) {
1749 + /* volume control */
1750 + int type;
1751 +@@ -347,10 +349,10 @@ note_off_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, s
1752 + {
1753 + struct seq_oss_synthinfo *info;
1754 +
1755 +- if (!snd_seq_oss_synth_is_valid(dp, dev))
1756 ++ info = snd_seq_oss_synth_info(dp, dev);
1757 ++ if (!info)
1758 + return -ENXIO;
1759 +
1760 +- info = &dp->synths[dev];
1761 + switch (info->arg.event_passing) {
1762 + case SNDRV_SEQ_OSS_PROCESS_EVENTS:
1763 + if (! info->ch || ch < 0 || ch >= info->nr_voices) {
1764 +@@ -358,6 +360,7 @@ note_off_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, s
1765 + return set_note_event(dp, dev, SNDRV_SEQ_EVENT_NOTEON, ch, note, vel, ev);
1766 + }
1767 +
1768 ++ ch = array_index_nospec(ch, info->nr_voices);
1769 + if (info->ch[ch].note >= 0) {
1770 + note = info->ch[ch].note;
1771 + info->ch[ch].vel = 0;
1772 +@@ -381,7 +384,7 @@ note_off_event(struct seq_oss_devinfo *dp, int dev, int ch, int note, int vel, s
1773 + static int
1774 + set_note_event(struct seq_oss_devinfo *dp, int dev, int type, int ch, int note, int vel, struct snd_seq_event *ev)
1775 + {
1776 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
1777 ++ if (!snd_seq_oss_synth_info(dp, dev))
1778 + return -ENXIO;
1779 +
1780 + ev->type = type;
1781 +@@ -399,7 +402,7 @@ set_note_event(struct seq_oss_devinfo *dp, int dev, int type, int ch, int note,
1782 + static int
1783 + set_control_event(struct seq_oss_devinfo *dp, int dev, int type, int ch, int param, int val, struct snd_seq_event *ev)
1784 + {
1785 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
1786 ++ if (!snd_seq_oss_synth_info(dp, dev))
1787 + return -ENXIO;
1788 +
1789 + ev->type = type;
1790 +diff --git a/sound/core/seq/oss/seq_oss_midi.c b/sound/core/seq/oss/seq_oss_midi.c
1791 +index b30b2139e3f0..9debd1b8fd28 100644
1792 +--- a/sound/core/seq/oss/seq_oss_midi.c
1793 ++++ b/sound/core/seq/oss/seq_oss_midi.c
1794 +@@ -29,6 +29,7 @@
1795 + #include "../seq_lock.h"
1796 + #include <linux/init.h>
1797 + #include <linux/slab.h>
1798 ++#include <linux/nospec.h>
1799 +
1800 +
1801 + /*
1802 +@@ -315,6 +316,7 @@ get_mididev(struct seq_oss_devinfo *dp, int dev)
1803 + {
1804 + if (dev < 0 || dev >= dp->max_mididev)
1805 + return NULL;
1806 ++ dev = array_index_nospec(dev, dp->max_mididev);
1807 + return get_mdev(dev);
1808 + }
1809 +
1810 +diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
1811 +index cd0e0ebbfdb1..278ebb993122 100644
1812 +--- a/sound/core/seq/oss/seq_oss_synth.c
1813 ++++ b/sound/core/seq/oss/seq_oss_synth.c
1814 +@@ -26,6 +26,7 @@
1815 + #include <linux/init.h>
1816 + #include <linux/module.h>
1817 + #include <linux/slab.h>
1818 ++#include <linux/nospec.h>
1819 +
1820 + /*
1821 + * constants
1822 +@@ -339,17 +340,13 @@ snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp)
1823 + dp->max_synthdev = 0;
1824 + }
1825 +
1826 +-/*
1827 +- * check if the specified device is MIDI mapped device
1828 +- */
1829 +-static int
1830 +-is_midi_dev(struct seq_oss_devinfo *dp, int dev)
1831 ++static struct seq_oss_synthinfo *
1832 ++get_synthinfo_nospec(struct seq_oss_devinfo *dp, int dev)
1833 + {
1834 + if (dev < 0 || dev >= dp->max_synthdev)
1835 +- return 0;
1836 +- if (dp->synths[dev].is_midi)
1837 +- return 1;
1838 +- return 0;
1839 ++ return NULL;
1840 ++ dev = array_index_nospec(dev, SNDRV_SEQ_OSS_MAX_SYNTH_DEVS);
1841 ++ return &dp->synths[dev];
1842 + }
1843 +
1844 + /*
1845 +@@ -359,14 +356,20 @@ static struct seq_oss_synth *
1846 + get_synthdev(struct seq_oss_devinfo *dp, int dev)
1847 + {
1848 + struct seq_oss_synth *rec;
1849 +- if (dev < 0 || dev >= dp->max_synthdev)
1850 +- return NULL;
1851 +- if (! dp->synths[dev].opened)
1852 ++ struct seq_oss_synthinfo *info = get_synthinfo_nospec(dp, dev);
1853 ++
1854 ++ if (!info)
1855 + return NULL;
1856 +- if (dp->synths[dev].is_midi)
1857 +- return &midi_synth_dev;
1858 +- if ((rec = get_sdev(dev)) == NULL)
1859 ++ if (!info->opened)
1860 + return NULL;
1861 ++ if (info->is_midi) {
1862 ++ rec = &midi_synth_dev;
1863 ++ snd_use_lock_use(&rec->use_lock);
1864 ++ } else {
1865 ++ rec = get_sdev(dev);
1866 ++ if (!rec)
1867 ++ return NULL;
1868 ++ }
1869 + if (! rec->opened) {
1870 + snd_use_lock_free(&rec->use_lock);
1871 + return NULL;
1872 +@@ -402,10 +405,8 @@ snd_seq_oss_synth_reset(struct seq_oss_devinfo *dp, int dev)
1873 + struct seq_oss_synth *rec;
1874 + struct seq_oss_synthinfo *info;
1875 +
1876 +- if (snd_BUG_ON(dev < 0 || dev >= dp->max_synthdev))
1877 +- return;
1878 +- info = &dp->synths[dev];
1879 +- if (! info->opened)
1880 ++ info = get_synthinfo_nospec(dp, dev);
1881 ++ if (!info || !info->opened)
1882 + return;
1883 + if (info->sysex)
1884 + info->sysex->len = 0; /* reset sysex */
1885 +@@ -454,12 +455,14 @@ snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt,
1886 + const char __user *buf, int p, int c)
1887 + {
1888 + struct seq_oss_synth *rec;
1889 ++ struct seq_oss_synthinfo *info;
1890 + int rc;
1891 +
1892 +- if (dev < 0 || dev >= dp->max_synthdev)
1893 ++ info = get_synthinfo_nospec(dp, dev);
1894 ++ if (!info)
1895 + return -ENXIO;
1896 +
1897 +- if (is_midi_dev(dp, dev))
1898 ++ if (info->is_midi)
1899 + return 0;
1900 + if ((rec = get_synthdev(dp, dev)) == NULL)
1901 + return -ENXIO;
1902 +@@ -467,24 +470,25 @@ snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt,
1903 + if (rec->oper.load_patch == NULL)
1904 + rc = -ENXIO;
1905 + else
1906 +- rc = rec->oper.load_patch(&dp->synths[dev].arg, fmt, buf, p, c);
1907 ++ rc = rec->oper.load_patch(&info->arg, fmt, buf, p, c);
1908 + snd_use_lock_free(&rec->use_lock);
1909 + return rc;
1910 + }
1911 +
1912 + /*
1913 +- * check if the device is valid synth device
1914 ++ * check if the device is valid synth device and return the synth info
1915 + */
1916 +-int
1917 +-snd_seq_oss_synth_is_valid(struct seq_oss_devinfo *dp, int dev)
1918 ++struct seq_oss_synthinfo *
1919 ++snd_seq_oss_synth_info(struct seq_oss_devinfo *dp, int dev)
1920 + {
1921 + struct seq_oss_synth *rec;
1922 ++
1923 + rec = get_synthdev(dp, dev);
1924 + if (rec) {
1925 + snd_use_lock_free(&rec->use_lock);
1926 +- return 1;
1927 ++ return get_synthinfo_nospec(dp, dev);
1928 + }
1929 +- return 0;
1930 ++ return NULL;
1931 + }
1932 +
1933 +
1934 +@@ -499,16 +503,18 @@ snd_seq_oss_synth_sysex(struct seq_oss_devinfo *dp, int dev, unsigned char *buf,
1935 + int i, send;
1936 + unsigned char *dest;
1937 + struct seq_oss_synth_sysex *sysex;
1938 ++ struct seq_oss_synthinfo *info;
1939 +
1940 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
1941 ++ info = snd_seq_oss_synth_info(dp, dev);
1942 ++ if (!info)
1943 + return -ENXIO;
1944 +
1945 +- sysex = dp->synths[dev].sysex;
1946 ++ sysex = info->sysex;
1947 + if (sysex == NULL) {
1948 + sysex = kzalloc(sizeof(*sysex), GFP_KERNEL);
1949 + if (sysex == NULL)
1950 + return -ENOMEM;
1951 +- dp->synths[dev].sysex = sysex;
1952 ++ info->sysex = sysex;
1953 + }
1954 +
1955 + send = 0;
1956 +@@ -553,10 +559,12 @@ snd_seq_oss_synth_sysex(struct seq_oss_devinfo *dp, int dev, unsigned char *buf,
1957 + int
1958 + snd_seq_oss_synth_addr(struct seq_oss_devinfo *dp, int dev, struct snd_seq_event *ev)
1959 + {
1960 +- if (! snd_seq_oss_synth_is_valid(dp, dev))
1961 ++ struct seq_oss_synthinfo *info = snd_seq_oss_synth_info(dp, dev);
1962 ++
1963 ++ if (!info)
1964 + return -EINVAL;
1965 +- snd_seq_oss_fill_addr(dp, ev, dp->synths[dev].arg.addr.client,
1966 +- dp->synths[dev].arg.addr.port);
1967 ++ snd_seq_oss_fill_addr(dp, ev, info->arg.addr.client,
1968 ++ info->arg.addr.port);
1969 + return 0;
1970 + }
1971 +
1972 +@@ -568,16 +576,18 @@ int
1973 + snd_seq_oss_synth_ioctl(struct seq_oss_devinfo *dp, int dev, unsigned int cmd, unsigned long addr)
1974 + {
1975 + struct seq_oss_synth *rec;
1976 ++ struct seq_oss_synthinfo *info;
1977 + int rc;
1978 +
1979 +- if (is_midi_dev(dp, dev))
1980 ++ info = get_synthinfo_nospec(dp, dev);
1981 ++ if (!info || info->is_midi)
1982 + return -ENXIO;
1983 + if ((rec = get_synthdev(dp, dev)) == NULL)
1984 + return -ENXIO;
1985 + if (rec->oper.ioctl == NULL)
1986 + rc = -ENXIO;
1987 + else
1988 +- rc = rec->oper.ioctl(&dp->synths[dev].arg, cmd, addr);
1989 ++ rc = rec->oper.ioctl(&info->arg, cmd, addr);
1990 + snd_use_lock_free(&rec->use_lock);
1991 + return rc;
1992 + }
1993 +@@ -589,7 +599,10 @@ snd_seq_oss_synth_ioctl(struct seq_oss_devinfo *dp, int dev, unsigned int cmd, u
1994 + int
1995 + snd_seq_oss_synth_raw_event(struct seq_oss_devinfo *dp, int dev, unsigned char *data, struct snd_seq_event *ev)
1996 + {
1997 +- if (! snd_seq_oss_synth_is_valid(dp, dev) || is_midi_dev(dp, dev))
1998 ++ struct seq_oss_synthinfo *info;
1999 ++
2000 ++ info = snd_seq_oss_synth_info(dp, dev);
2001 ++ if (!info || info->is_midi)
2002 + return -ENXIO;
2003 + ev->type = SNDRV_SEQ_EVENT_OSS;
2004 + memcpy(ev->data.raw8.d, data, 8);
2005 +diff --git a/sound/core/seq/oss/seq_oss_synth.h b/sound/core/seq/oss/seq_oss_synth.h
2006 +index 74ac55f166b6..a63f9e22974d 100644
2007 +--- a/sound/core/seq/oss/seq_oss_synth.h
2008 ++++ b/sound/core/seq/oss/seq_oss_synth.h
2009 +@@ -37,7 +37,8 @@ void snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp);
2010 + void snd_seq_oss_synth_reset(struct seq_oss_devinfo *dp, int dev);
2011 + int snd_seq_oss_synth_load_patch(struct seq_oss_devinfo *dp, int dev, int fmt,
2012 + const char __user *buf, int p, int c);
2013 +-int snd_seq_oss_synth_is_valid(struct seq_oss_devinfo *dp, int dev);
2014 ++struct seq_oss_synthinfo *snd_seq_oss_synth_info(struct seq_oss_devinfo *dp,
2015 ++ int dev);
2016 + int snd_seq_oss_synth_sysex(struct seq_oss_devinfo *dp, int dev, unsigned char *buf,
2017 + struct snd_seq_event *ev);
2018 + int snd_seq_oss_synth_addr(struct seq_oss_devinfo *dp, int dev, struct snd_seq_event *ev);
2019 +diff --git a/sound/drivers/opl3/opl3_synth.c b/sound/drivers/opl3/opl3_synth.c
2020 +index ddcc1a325a61..42920a243328 100644
2021 +--- a/sound/drivers/opl3/opl3_synth.c
2022 ++++ b/sound/drivers/opl3/opl3_synth.c
2023 +@@ -21,6 +21,7 @@
2024 +
2025 + #include <linux/slab.h>
2026 + #include <linux/export.h>
2027 ++#include <linux/nospec.h>
2028 + #include <sound/opl3.h>
2029 + #include <sound/asound_fm.h>
2030 +
2031 +@@ -448,7 +449,7 @@ static int snd_opl3_set_voice(struct snd_opl3 * opl3, struct snd_dm_fm_voice * v
2032 + {
2033 + unsigned short reg_side;
2034 + unsigned char op_offset;
2035 +- unsigned char voice_offset;
2036 ++ unsigned char voice_offset, voice_op;
2037 +
2038 + unsigned short opl3_reg;
2039 + unsigned char reg_val;
2040 +@@ -473,7 +474,9 @@ static int snd_opl3_set_voice(struct snd_opl3 * opl3, struct snd_dm_fm_voice * v
2041 + voice_offset = voice->voice - MAX_OPL2_VOICES;
2042 + }
2043 + /* Get register offset of operator */
2044 +- op_offset = snd_opl3_regmap[voice_offset][voice->op];
2045 ++ voice_offset = array_index_nospec(voice_offset, MAX_OPL2_VOICES);
2046 ++ voice_op = array_index_nospec(voice->op, 4);
2047 ++ op_offset = snd_opl3_regmap[voice_offset][voice_op];
2048 +
2049 + reg_val = 0x00;
2050 + /* Set amplitude modulation (tremolo) effect */
2051 +diff --git a/sound/firewire/dice/dice-stream.c b/sound/firewire/dice/dice-stream.c
2052 +index ec4db3a514fc..257cfbfadb4a 100644
2053 +--- a/sound/firewire/dice/dice-stream.c
2054 ++++ b/sound/firewire/dice/dice-stream.c
2055 +@@ -425,7 +425,7 @@ int snd_dice_stream_init_duplex(struct snd_dice *dice)
2056 + err = init_stream(dice, AMDTP_IN_STREAM, i);
2057 + if (err < 0) {
2058 + for (; i >= 0; i--)
2059 +- destroy_stream(dice, AMDTP_OUT_STREAM, i);
2060 ++ destroy_stream(dice, AMDTP_IN_STREAM, i);
2061 + goto end;
2062 + }
2063 + }
2064 +diff --git a/sound/firewire/dice/dice.c b/sound/firewire/dice/dice.c
2065 +index 25e9f77275c4..0d3d36fb1540 100644
2066 +--- a/sound/firewire/dice/dice.c
2067 ++++ b/sound/firewire/dice/dice.c
2068 +@@ -14,7 +14,7 @@ MODULE_LICENSE("GPL v2");
2069 + #define OUI_WEISS 0x001c6a
2070 + #define OUI_LOUD 0x000ff2
2071 + #define OUI_FOCUSRITE 0x00130e
2072 +-#define OUI_TCELECTRONIC 0x001486
2073 ++#define OUI_TCELECTRONIC 0x000166
2074 +
2075 + #define DICE_CATEGORY_ID 0x04
2076 + #define WEISS_CATEGORY_ID 0x00
2077 +diff --git a/sound/pci/asihpi/hpimsginit.c b/sound/pci/asihpi/hpimsginit.c
2078 +index 7eb617175fde..a31a70dccecf 100644
2079 +--- a/sound/pci/asihpi/hpimsginit.c
2080 ++++ b/sound/pci/asihpi/hpimsginit.c
2081 +@@ -23,6 +23,7 @@
2082 +
2083 + #include "hpi_internal.h"
2084 + #include "hpimsginit.h"
2085 ++#include <linux/nospec.h>
2086 +
2087 + /* The actual message size for each object type */
2088 + static u16 msg_size[HPI_OBJ_MAXINDEX + 1] = HPI_MESSAGE_SIZE_BY_OBJECT;
2089 +@@ -39,10 +40,12 @@ static void hpi_init_message(struct hpi_message *phm, u16 object,
2090 + {
2091 + u16 size;
2092 +
2093 +- if ((object > 0) && (object <= HPI_OBJ_MAXINDEX))
2094 ++ if ((object > 0) && (object <= HPI_OBJ_MAXINDEX)) {
2095 ++ object = array_index_nospec(object, HPI_OBJ_MAXINDEX + 1);
2096 + size = msg_size[object];
2097 +- else
2098 ++ } else {
2099 + size = sizeof(*phm);
2100 ++ }
2101 +
2102 + memset(phm, 0, size);
2103 + phm->size = size;
2104 +@@ -66,10 +69,12 @@ void hpi_init_response(struct hpi_response *phr, u16 object, u16 function,
2105 + {
2106 + u16 size;
2107 +
2108 +- if ((object > 0) && (object <= HPI_OBJ_MAXINDEX))
2109 ++ if ((object > 0) && (object <= HPI_OBJ_MAXINDEX)) {
2110 ++ object = array_index_nospec(object, HPI_OBJ_MAXINDEX + 1);
2111 + size = res_size[object];
2112 +- else
2113 ++ } else {
2114 + size = sizeof(*phr);
2115 ++ }
2116 +
2117 + memset(phr, 0, sizeof(*phr));
2118 + phr->size = size;
2119 +diff --git a/sound/pci/asihpi/hpioctl.c b/sound/pci/asihpi/hpioctl.c
2120 +index 7e3aa50b21f9..3ef9af53ef49 100644
2121 +--- a/sound/pci/asihpi/hpioctl.c
2122 ++++ b/sound/pci/asihpi/hpioctl.c
2123 +@@ -33,6 +33,7 @@
2124 + #include <linux/stringify.h>
2125 + #include <linux/module.h>
2126 + #include <linux/vmalloc.h>
2127 ++#include <linux/nospec.h>
2128 +
2129 + #ifdef MODULE_FIRMWARE
2130 + MODULE_FIRMWARE("asihpi/dsp5000.bin");
2131 +@@ -182,7 +183,8 @@ long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2132 + struct hpi_adapter *pa = NULL;
2133 +
2134 + if (hm->h.adapter_index < ARRAY_SIZE(adapters))
2135 +- pa = &adapters[hm->h.adapter_index];
2136 ++ pa = &adapters[array_index_nospec(hm->h.adapter_index,
2137 ++ ARRAY_SIZE(adapters))];
2138 +
2139 + if (!pa || !pa->adapter || !pa->adapter->type) {
2140 + hpi_init_response(&hr->r0, hm->h.object,
2141 +diff --git a/sound/pci/hda/hda_hwdep.c b/sound/pci/hda/hda_hwdep.c
2142 +index 57df06e76968..cc009a4a3d1d 100644
2143 +--- a/sound/pci/hda/hda_hwdep.c
2144 ++++ b/sound/pci/hda/hda_hwdep.c
2145 +@@ -21,6 +21,7 @@
2146 + #include <linux/init.h>
2147 + #include <linux/slab.h>
2148 + #include <linux/compat.h>
2149 ++#include <linux/nospec.h>
2150 + #include <sound/core.h>
2151 + #include "hda_codec.h"
2152 + #include "hda_local.h"
2153 +@@ -51,7 +52,16 @@ static int get_wcap_ioctl(struct hda_codec *codec,
2154 +
2155 + if (get_user(verb, &arg->verb))
2156 + return -EFAULT;
2157 +- res = get_wcaps(codec, verb >> 24);
2158 ++ /* open-code get_wcaps(verb>>24) with nospec */
2159 ++ verb >>= 24;
2160 ++ if (verb < codec->core.start_nid ||
2161 ++ verb >= codec->core.start_nid + codec->core.num_nodes) {
2162 ++ res = 0;
2163 ++ } else {
2164 ++ verb -= codec->core.start_nid;
2165 ++ verb = array_index_nospec(verb, codec->core.num_nodes);
2166 ++ res = codec->wcaps[verb];
2167 ++ }
2168 + if (put_user(res, &arg->res))
2169 + return -EFAULT;
2170 + return 0;
2171 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
2172 +index e2230bed7409..7ece1ab57eef 100644
2173 +--- a/sound/pci/hda/patch_realtek.c
2174 ++++ b/sound/pci/hda/patch_realtek.c
2175 +@@ -329,6 +329,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
2176 + break;
2177 + case 0x10ec0225:
2178 + case 0x10ec0233:
2179 ++ case 0x10ec0235:
2180 + case 0x10ec0236:
2181 + case 0x10ec0255:
2182 + case 0x10ec0256:
2183 +@@ -6359,6 +6360,7 @@ static int patch_alc269(struct hda_codec *codec)
2184 + case 0x10ec0298:
2185 + spec->codec_variant = ALC269_TYPE_ALC298;
2186 + break;
2187 ++ case 0x10ec0235:
2188 + case 0x10ec0255:
2189 + spec->codec_variant = ALC269_TYPE_ALC255;
2190 + break;
2191 +diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
2192 +index 14bbf55c1ef9..9899ef4c7efa 100644
2193 +--- a/sound/pci/rme9652/hdspm.c
2194 ++++ b/sound/pci/rme9652/hdspm.c
2195 +@@ -137,6 +137,7 @@
2196 + #include <linux/pci.h>
2197 + #include <linux/math64.h>
2198 + #include <linux/io.h>
2199 ++#include <linux/nospec.h>
2200 +
2201 + #include <sound/core.h>
2202 + #include <sound/control.h>
2203 +@@ -5692,40 +5693,43 @@ static int snd_hdspm_channel_info(struct snd_pcm_substream *substream,
2204 + struct snd_pcm_channel_info *info)
2205 + {
2206 + struct hdspm *hdspm = snd_pcm_substream_chip(substream);
2207 ++ unsigned int channel = info->channel;
2208 +
2209 + if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
2210 +- if (snd_BUG_ON(info->channel >= hdspm->max_channels_out)) {
2211 ++ if (snd_BUG_ON(channel >= hdspm->max_channels_out)) {
2212 + dev_info(hdspm->card->dev,
2213 + "snd_hdspm_channel_info: output channel out of range (%d)\n",
2214 +- info->channel);
2215 ++ channel);
2216 + return -EINVAL;
2217 + }
2218 +
2219 +- if (hdspm->channel_map_out[info->channel] < 0) {
2220 ++ channel = array_index_nospec(channel, hdspm->max_channels_out);
2221 ++ if (hdspm->channel_map_out[channel] < 0) {
2222 + dev_info(hdspm->card->dev,
2223 + "snd_hdspm_channel_info: output channel %d mapped out\n",
2224 +- info->channel);
2225 ++ channel);
2226 + return -EINVAL;
2227 + }
2228 +
2229 +- info->offset = hdspm->channel_map_out[info->channel] *
2230 ++ info->offset = hdspm->channel_map_out[channel] *
2231 + HDSPM_CHANNEL_BUFFER_BYTES;
2232 + } else {
2233 +- if (snd_BUG_ON(info->channel >= hdspm->max_channels_in)) {
2234 ++ if (snd_BUG_ON(channel >= hdspm->max_channels_in)) {
2235 + dev_info(hdspm->card->dev,
2236 + "snd_hdspm_channel_info: input channel out of range (%d)\n",
2237 +- info->channel);
2238 ++ channel);
2239 + return -EINVAL;
2240 + }
2241 +
2242 +- if (hdspm->channel_map_in[info->channel] < 0) {
2243 ++ channel = array_index_nospec(channel, hdspm->max_channels_in);
2244 ++ if (hdspm->channel_map_in[channel] < 0) {
2245 + dev_info(hdspm->card->dev,
2246 + "snd_hdspm_channel_info: input channel %d mapped out\n",
2247 +- info->channel);
2248 ++ channel);
2249 + return -EINVAL;
2250 + }
2251 +
2252 +- info->offset = hdspm->channel_map_in[info->channel] *
2253 ++ info->offset = hdspm->channel_map_in[channel] *
2254 + HDSPM_CHANNEL_BUFFER_BYTES;
2255 + }
2256 +
2257 +diff --git a/sound/pci/rme9652/rme9652.c b/sound/pci/rme9652/rme9652.c
2258 +index 55172c689991..a76b1f147660 100644
2259 +--- a/sound/pci/rme9652/rme9652.c
2260 ++++ b/sound/pci/rme9652/rme9652.c
2261 +@@ -26,6 +26,7 @@
2262 + #include <linux/pci.h>
2263 + #include <linux/module.h>
2264 + #include <linux/io.h>
2265 ++#include <linux/nospec.h>
2266 +
2267 + #include <sound/core.h>
2268 + #include <sound/control.h>
2269 +@@ -2036,9 +2037,10 @@ static int snd_rme9652_channel_info(struct snd_pcm_substream *substream,
2270 + if (snd_BUG_ON(info->channel >= RME9652_NCHANNELS))
2271 + return -EINVAL;
2272 +
2273 +- if ((chn = rme9652->channel_map[info->channel]) < 0) {
2274 ++ chn = rme9652->channel_map[array_index_nospec(info->channel,
2275 ++ RME9652_NCHANNELS)];
2276 ++ if (chn < 0)
2277 + return -EINVAL;
2278 +- }
2279 +
2280 + info->offset = chn * RME9652_CHANNEL_BUFFER_BYTES;
2281 + info->first = 0;
2282 +diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
2283 +index 38bfd46f4ad8..3ef174531344 100644
2284 +--- a/sound/soc/fsl/fsl_esai.c
2285 ++++ b/sound/soc/fsl/fsl_esai.c
2286 +@@ -145,6 +145,13 @@ static int fsl_esai_divisor_cal(struct snd_soc_dai *dai, bool tx, u32 ratio,
2287 +
2288 + psr = ratio <= 256 * maxfp ? ESAI_xCCR_xPSR_BYPASS : ESAI_xCCR_xPSR_DIV8;
2289 +
2290 ++ /* Do not loop-search if PM (1 ~ 256) alone can serve the ratio */
2291 ++ if (ratio <= 256) {
2292 ++ pm = ratio;
2293 ++ fp = 1;
2294 ++ goto out;
2295 ++ }
2296 ++
2297 + /* Set the max fluctuation -- 0.1% of the max devisor */
2298 + savesub = (psr ? 1 : 8) * 256 * maxfp / 1000;
2299 +
2300 +diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
2301 +index 9038b2e7df73..eaa03acd4686 100644
2302 +--- a/sound/usb/mixer_maps.c
2303 ++++ b/sound/usb/mixer_maps.c
2304 +@@ -353,8 +353,11 @@ static struct usbmix_name_map bose_companion5_map[] = {
2305 + /*
2306 + * Dell usb dock with ALC4020 codec had a firmware problem where it got
2307 + * screwed up when zero volume is passed; just skip it as a workaround
2308 ++ *
2309 ++ * Also the extension unit gives an access error, so skip it as well.
2310 + */
2311 + static const struct usbmix_name_map dell_alc4020_map[] = {
2312 ++ { 4, NULL }, /* extension unit */
2313 + { 16, NULL },
2314 + { 19, NULL },
2315 + { 0 }
2316 +diff --git a/tools/lib/str_error_r.c b/tools/lib/str_error_r.c
2317 +index 503ae072244c..9ab2d0ad22d5 100644
2318 +--- a/tools/lib/str_error_r.c
2319 ++++ b/tools/lib/str_error_r.c
2320 +@@ -21,6 +21,6 @@ char *str_error_r(int errnum, char *buf, size_t buflen)
2321 + {
2322 + int err = strerror_r(errnum, buf, buflen);
2323 + if (err)
2324 +- snprintf(buf, buflen, "INTERNAL ERROR: strerror_r(%d, %p, %zd)=%d", errnum, buf, buflen, err);
2325 ++ snprintf(buf, buflen, "INTERNAL ERROR: strerror_r(%d, [buf], %zd)=%d", errnum, buflen, err);
2326 + return buf;
2327 + }
2328 +diff --git a/tools/lib/subcmd/pager.c b/tools/lib/subcmd/pager.c
2329 +index 6518bea926d6..68af60fdf0b9 100644
2330 +--- a/tools/lib/subcmd/pager.c
2331 ++++ b/tools/lib/subcmd/pager.c
2332 +@@ -29,10 +29,13 @@ static void pager_preexec(void)
2333 + * have real input
2334 + */
2335 + fd_set in;
2336 ++ fd_set exception;
2337 +
2338 + FD_ZERO(&in);
2339 ++ FD_ZERO(&exception);
2340 + FD_SET(0, &in);
2341 +- select(1, &in, NULL, &in, NULL);
2342 ++ FD_SET(0, &exception);
2343 ++ select(1, &in, NULL, &exception, NULL);
2344 +
2345 + setenv("LESS", "FRSX", 0);
2346 + }
Report Message
Find on MARC Find on Google Groups